From 608e8745e32a95b21475a0077b7db03d7a44fd8b Mon Sep 17 00:00:00 2001 From: David Zeuthen Date: Thu, 12 Jul 2007 13:49:08 -0400 Subject: [PATCH] remove the notion of modules --- Makefile.am | 2 +- configure.in | 6 - doc/man/Makefile.am | 5 +- doc/man/polkit-module-allow-all.8.in | 51 -- doc/man/polkit-module-builtins.8.in | 55 -- doc/man/polkit-module-default.8.in | 39 -- doc/man/polkit-module-deny-all.8.in | 50 -- doc/man/polkit-module-run-program.8.in | 197 ------- doc/man/polkit-policy-file-validate.1.in | 2 +- modules/Makefile.am | 5 - modules/PolicyKit.conf | 6 - modules/allow-all/Makefile.am | 25 - modules/allow-all/polkit-module-allow-all.c | 82 --- modules/default/Makefile.am | 25 - modules/default/polkit-module-default.c | 102 ---- modules/deny-all/Makefile.am | 25 - modules/deny-all/polkit-module-deny-all.c | 82 --- modules/grant/Makefile.am | 25 - modules/grant/polkit-module-grant.c | 208 -------- modules/run-program/Makefile.am | 25 - modules/run-program/polkit-module-run-program.c | 329 ------------ policy/Makefile.am | 2 +- polkit/Makefile.am | 6 +- polkit/polkit-context.c | 160 +----- polkit/polkit-module.c | 683 ------------------------ polkit/polkit-module.h | 163 ------ polkit/polkit.h | 1 - 27 files changed, 17 insertions(+), 2344 deletions(-) delete mode 100644 doc/man/polkit-module-allow-all.8.in delete mode 100644 doc/man/polkit-module-builtins.8.in delete mode 100644 doc/man/polkit-module-default.8.in delete mode 100644 doc/man/polkit-module-deny-all.8.in delete mode 100644 doc/man/polkit-module-run-program.8.in delete mode 100644 modules/Makefile.am delete mode 100644 modules/PolicyKit.conf delete mode 100644 modules/allow-all/Makefile.am delete mode 100644 modules/allow-all/polkit-module-allow-all.c delete mode 100644 modules/default/Makefile.am delete mode 100644 modules/default/polkit-module-default.c delete mode 100644 modules/deny-all/Makefile.am delete mode 100644 modules/deny-all/polkit-module-deny-all.c delete mode 100644 modules/grant/Makefile.am delete mode 100644 modules/grant/polkit-module-grant.c delete mode 100644 modules/run-program/Makefile.am delete mode 100644 modules/run-program/polkit-module-run-program.c delete mode 100644 polkit/polkit-module.c delete mode 100644 polkit/polkit-module.h diff --git a/Makefile.am b/Makefile.am index 2214028..8a062fa 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1,6 +1,6 @@ ## Process this file with automake to produce Makefile.in -SUBDIRS = data polkit polkit-dbus polkit-grant modules doc tools policy +SUBDIRS = data polkit polkit-dbus polkit-grant doc tools policy # Creating ChangeLog from git log (taken from cairo/Makefile.am): ChangeLog: $(srcdir)/ChangeLog diff --git a/configure.in b/configure.in index c71a4bf..f28d502 100644 --- a/configure.in +++ b/configure.in @@ -361,12 +361,6 @@ doc/spec/Makefile doc/spec/polkit-spec.xml.in doc/man/Makefile policy/Makefile -modules/Makefile -modules/default/Makefile -modules/allow-all/Makefile -modules/deny-all/Makefile -modules/run-program/Makefile -modules/grant/Makefile ]) dnl ========================================================================== diff --git a/doc/man/Makefile.am b/doc/man/Makefile.am index f56c6b3..8ed9175 100644 --- a/doc/man/Makefile.am +++ b/doc/man/Makefile.am @@ -1,7 +1,7 @@ if MAN_PAGES_ENABLED -MAN_IN_FILES = polkit-check-caller.1.in polkit-check-session.1.in polkit-policy-file-validate.1.in PolicyKit.8.in polkit-module-default.8.in polkit-module-allow-all.8.in polkit-module-deny-all.8.in polkit-module-run-program.8.in polkit-module-builtins.8.in +MAN_IN_FILES = polkit-check-caller.1.in polkit-check-session.1.in polkit-policy-file-validate.1.in PolicyKit.8.in man_MANS = $(MAN_IN_FILES:.in=) @@ -18,4 +18,5 @@ clean-local: edit = sed \ -e 's|@docdir[@]|$(docdir)|g' \ -e 's|@sbindir[@]|$(sbindir)|g' \ - -e 's|@sysconfdir[@]|$(sysconfdir)|g' + -e 's|@sysconfdir[@]|$(sysconfdir)|g' \ + -e 's|@datadir[@]|$(datadir)|g' diff --git a/doc/man/polkit-module-allow-all.8.in b/doc/man/polkit-module-allow-all.8.in deleted file mode 100644 index 8b03b8e..0000000 --- a/doc/man/polkit-module-allow-all.8.in +++ /dev/null @@ -1,51 +0,0 @@ -.\" -.\" polkit-module-allow-all manual page. -.\" Copyright (C) 2007 David Zeuthen -.\" -.TH POLKIT-MODULE-ALLOW-ALL 8 -.SH NAME -polkit-module-allow-all \- permit any action -.SH SYNOPSIS -.PP -.B polkit-module-allow-all.so -.SH DESCRIPTION -.PP -This PolicyKit module will permit any action regardless of the entity -requesting it, what the requested action is and what resource is -involved. - -For more information about the big picture refer to the \fIPolicyKit -spec\fP which can be found in -.I "@docdir@/spec/polkit-spec.html" -depending on the distribution. - -.SH OPTIONS -This module does not require nor recognize any options. - -.SH NOTES -.PP -Never use this module unless you -.B COMPLETELY -trust anyone with either remote or local access to the system, or you -have confined the module using built-in options. - -.SH BUGS -.PP -Please send bug reports to either the distribution or the HAL -mailing list, see -.I "http://lists.freedesktop.org/mailman/listinfo/hal" -on how to subscribe. - -.SH SEE ALSO -.PP -\&\fIPolicyKit\fR\|(8), -\&\fIpolkit-module-builtins\fR\|(8), -\&\fIpolkit-module-default\fR\|(8), -\&\fIpolkit-module-deny-all\fR\|(8), -\&\fIpolkit-module-run-program\fR\|(8), -\&\fI@sysconfdir@/PolicyKit/policy\fR\|, -\&\fI@sysconfdir@/PolicyKit/PolicyKit.conf\fR\| - -.SH AUTHOR -Written by David Zeuthen with a lot of help from many -others. diff --git a/doc/man/polkit-module-builtins.8.in b/doc/man/polkit-module-builtins.8.in deleted file mode 100644 index c34a44b..0000000 --- a/doc/man/polkit-module-builtins.8.in +++ /dev/null @@ -1,55 +0,0 @@ -.\" -.\" polkit-module-builtins manual page. -.\" Copyright (C) 2007 David Zeuthen -.\" -.TH POLKIT-MODULE-BUILTINS 8 -.SH NAME -polkit-module-builtins \- options that apply to any PolicyKit module -.SH SYNOPSIS -.PP -.B any-module.so [action=] [user= ...] -.SH DESCRIPTION -.PP -This manual page describes options that can be used for any PolicyKit -module to confine what requests it should deal with. - -For more information about the big picture refer to the \fIPolicyKit -spec\fP which can be found in -.I "@docdir@/spec/polkit-spec.html" -depending on the distribution. - -.SH OPTIONS - -.TP 3n -.B action= -Only consider requests where the action name matches the given -regular expression. Example: -.B action=hal-storage-mount* - -.TP 3n -.B user= -Only consider requests matching the given username. May be both a -numerical -.B uid -value or a username. This option can be used multiple times to specify -multiple users. Example: -.B user=davidz user=bateman - -.SH BUGS -.PP -Please send bug reports to either the distribution or the HAL -mailing list, see -.I "http://lists.freedesktop.org/mailman/listinfo/hal" -on how to subscribe. - -.SH SEE ALSO -.PP -\&\fIPolicyKit\fR\|(8), -\&\fIpolkit-module-default\fR\|(8), -\&\fIpolkit-module-deny-all\fR\|(8), -\&\fI@sysconfdir@/PolicyKit/policy\fR\|, -\&\fI@sysconfdir@/PolicyKit/PolicyKit.conf\fR\| - -.SH AUTHOR -Written by David Zeuthen with a lot of help from many -others. diff --git a/doc/man/polkit-module-default.8.in b/doc/man/polkit-module-default.8.in deleted file mode 100644 index c0aaba3..0000000 --- a/doc/man/polkit-module-default.8.in +++ /dev/null @@ -1,39 +0,0 @@ -.\" -.\" polkit-module-default manual page. -.\" Copyright (C) 2007 David Zeuthen -.\" -.TH POLKIT-MODULE-DEFAULT 8 -.SH NAME -polkit-module-default \- use default policy for actions -.SH SYNOPSIS -.PP -.B standard polkit-module-default.so -.SH DESCRIPTION -.PP -This PolicyKit module uses the default policy as specified (and -required) for by the policy definition file for a given action. - -For more information about the big picture refer to the \fIPolicyKit -spec\fP which can be found in -.I "@docdir@/spec/polkit-spec.html" -depending on the distribution. - -.SH BUGS -.PP -Please send bug reports to either the distribution or the HAL -mailing list, see -.I "http://lists.freedesktop.org/mailman/listinfo/hal" -on how to subscribe. - -.SH SEE ALSO -.PP -\&\fIPolicyKit\fR\|(8), -\&\fIpolkit-module-allow-all\fR\|(8), -\&\fIpolkit-module-deny-all\fR\|(8), -\&\fI@sysconfdir@/PolicyKit/policy\fR\|, -\&\fI@sysconfdir@/PolicyKit/PolicyKit.conf\fR\| - -.SH AUTHOR -Written by David Zeuthen with a lot of help from many -others. - diff --git a/doc/man/polkit-module-deny-all.8.in b/doc/man/polkit-module-deny-all.8.in deleted file mode 100644 index 3015f25..0000000 --- a/doc/man/polkit-module-deny-all.8.in +++ /dev/null @@ -1,50 +0,0 @@ -.\" -.\" polkit-module-deny-all manual page. -.\" Copyright (C) 2007 David Zeuthen -.\" -.TH POLKIT-MODULE-DENY-ALL 8 -.SH NAME -polkit-module-deny-all \- deny any action -.SH SYNOPSIS -.PP -.B polkit-module-deny-all.so -.SH DESCRIPTION -.PP -This PolicyKit module will deny any action regardless of the entity -requesting it, what the requested action is and what resource is -involved. - -For more information about the big picture refer to the \fIPolicyKit -spec\fP which can be found in -.I "@docdir@/spec/polkit-spec.html" -depending on the distribution. - -.SH OPTIONS -This module does not require nor recognize any options. - -.SH NOTES -.PP -Unless confined using built-in options, this module is only useful -in situations where it's desirable to lock down the system so it's -unusable by normal unprivileged users. - -.SH BUGS -.PP -Please send bug reports to either the distribution or the HAL -mailing list, see -.I "http://lists.freedesktop.org/mailman/listinfo/hal" -on how to subscribe. - -.SH SEE ALSO -.PP -\&\fIPolicyKit\fR\|(8), -\&\fIpolkit-module-builtins\fR\|(8), -\&\fIpolkit-module-default\fR\|(8), -\&\fIpolkit-module-allow-all\fR\|(8), -\&\fIpolkit-module-run-program\fR\|(8), -\&\fI@sysconfdir@/PolicyKit/policy\fR\|, -\&\fI@sysconfdir@/PolicyKit/PolicyKit.conf\fR\| - -.SH AUTHOR -Written by David Zeuthen with a lot of help from many -others. diff --git a/doc/man/polkit-module-run-program.8.in b/doc/man/polkit-module-run-program.8.in deleted file mode 100644 index 1824452..0000000 --- a/doc/man/polkit-module-run-program.8.in +++ /dev/null @@ -1,197 +0,0 @@ -.\" -.\" polkit-module-run-program manual page. -.\" Copyright (C) 2007 David Zeuthen -.\" -.TH POLKIT-MODULE-RUN-PROGRAM 8 -.SH NAME -polkit-module-run-program \- determine policy by running a program -.SH SYNOPSIS -.PP -.HP 31 -\fBpolkit-module-run-program.so\fR program=\fI\fR -.SH DESCRIPTION -.PP -This PolicyKit module will run a program every time an action is -requested. For more information about the big picture refer to the -\fIPolicyKit spec\fP which can be found in -.I "@docdir@/spec/polkit-spec.html" -depending on the distribution. - -.SH OPTIONS - -.TP 3n -.B program= -Absolute path to program to run; this is a mandatory option. Examples: -.B program=/usr/bin/my-program -or -.B program="/path/to/program --foo --bar" - -.SH DESCRIPTION -This module will invoke the given program and will export a minimal -environment with values identifying the request. The program -.B SHOULD NOT -have any side effects; it is only invoked to make a decision - not to -alter state on the system. Further, the program is not guaranteed to -run as -.B uid 0 -(e.g. root); it is effectively invoked by a mechanism (such as -\fBhald\fR(7)) that may run as an unprivileged system user. - -.PP -If the program fails to run or exits with a non-zero exit code, it -means that the request is denied (same as returning -.B no -- see below). If the program exits with exit code 0, -.I stdout -of the program is examined to determine the result of the decision -(these values map directly to the possible values in the -.I PolKitResult -enumeration): - -.I -.TP -.B unknown -The passed action is unknown. -.TP -.B not_authorized -The mechanism / caller (e.g. the program using -.I libpolkit -that loads this module) is not sufficiently privileged to know the -answer. -.TP -.B no -Access denied. -.TP -.B auth_root -Access denied, but authentication of the caller as root will grant -access to only that caller. -.TP -.B auth_root_keep_session -Access denied, but authentication of the caller as root will grant -access for the remainder of the session the caller stems from. -.TP -.B auth_root_keep_always -Access denied, but authentication of the caller as root will grant -access to the user of the caller in the future. -.TP -.B auth_self -Access denied, but authentication of the caller as himself will grant -access to only that caller. -.TP -.B auth_self_keep_session -Access denied, but authentication of the caller as himself will grant -access for the remainder of the session the caller stems from. -.TP -.B auth_self_keep_always -Access denied, but authentication of the caller as himself will grant -access to the user of the caller in the future. -.TP -.B yes -Access granted. - -.PP -For a request concerning decisions for calls via the system message -bus daemon, the environment will contain: - -.TP -.B POLKIT_REQUEST_CALLER=1 -To identify the request to be concerning a decision about a caller on -the system message bus. -.TP -.B POLKIT_ACTION_ID -An identifier for the action -.TP -.B POLKIT_RESOURCE_ID -Resource identifier -.TP -.B POLKIT_RESOURCE_TYPE -Resource type -.TP -.B POLKIT_CALLER_UID -UNIX user id of the caller -.TP -.B POLKIT_CALLER_DBUS_NAME -Unique name of the caller on the system message bus -.TP -.B POLKIT_CALLER_PID -UNIX process id of the caller -.TP -.B POLKIT_CALLER_SELINUX_CONTEXT -SELinux security context of the caller (only set if SELinux is enabled) -.TP -.B POLKIT_SESSION_CK_IS_ACTIVE -Whether ConsoleKit regards the session as active (only set if the caller belong to a session) -.TP -.B POLKIT_SESSION_CK_IS_LOCAL -Whether ConsoleKit regards the session as local (only set if the caller belong to a session) -.TP -.B POLKIT_SESSION_CK_OBJREF -ConsoleKit session D-Bus object reference (only set if the caller belong to a session) -.TP -.B POLKIT_SESSION_UID -UNIX user ID of the user owning the session (only set if the caller belong to a session) -.TP -.B POLKIT_SEAT_CK_OBJREF -ConsoleKit seat D-Bus object reference of the seat that the session belongs to (only set if the caller belong to a session) - -.PP -For a request concerning session-wide decisions the environment will -contain: - -.TP -.B POLKIT_REQUEST_SESSION=1 -To identify the request to be session-wide. -.TP -.B POLKIT_ACTION_ID -An identifier for the action -.TP -.B POLKIT_RESOURCE_ID -Resource identifier -.TP -.B POLKIT_RESOURCE_TYPE -Resource type -.TP -.B POLKIT_SESSION_CK_IS_ACTIVE -Whether ConsoleKit regards the session as active -.TP -.B POLKIT_SESSION_CK_IS_LOCAL -Whether ConsoleKit regards the session as local -.TP -.B POLKIT_SESSION_CK_OBJREF -ConsoleKit session D-Bus object reference -.TP -.B POLKIT_SESSION_UID -UNIX user ID of the user owning the session -.TP -.B POLKIT_SEAT_CK_OBJREF -ConsoleKit seat D-Bus object reference of the seat that the session belongs to - -.SH NOTES -.PP -As PolicyKit modules are heavily used to enforce policy, running a -program on every request may put unneccessary load on the system -unless judicious use of built-in options to confine the module are -employed. - -.SH BUGS -.PP -Please send bug reports to either the distribution or the HAL -mailing list, see -.I "http://lists.freedesktop.org/mailman/listinfo/hal" -on how to subscribe. - -.SH SEE ALSO -.PP -\&\fIPolicyKit\fR\|(8), -\&\fIhald\fR\|(8), -\&\fIdbus-daemon\fR\|(1), -\&\fIpolkit-module-builtins\fR\|(8), -\&\fIpolkit-module-default\fR\|(8), -\&\fIpolkit-module-allow-all\fR\|(8), -\&\fIpolkit-module-deny-all\fR\|(8), -\&\fI@sysconfdir@/PolicyKit/policy\fR\|, -\&\fI@sysconfdir@/PolicyKit/PolicyKit.conf\fR\| - -.SH AUTHOR -Written by David Zeuthen with a lot of help from many -others. diff --git a/doc/man/polkit-policy-file-validate.1.in b/doc/man/polkit-policy-file-validate.1.in index 87f9bb0..d82de93 100644 --- a/doc/man/polkit-policy-file-validate.1.in +++ b/doc/man/polkit-policy-file-validate.1.in @@ -14,7 +14,7 @@ polkit-policy-file-validate \- check access \fIpolkit-policy-file-validate\fP is used to validate PolicyKit policy definition files. These are normally stored in the -.I "@sysconfdir@/PolicyKit/policy" +.I "@datadir@/PolicyKit/policy" directory. For more information about the big picture refer to the \fIPolicyKit spec\fP which can be found in .I "@docdir@/spec/polkit-spec.html" diff --git a/modules/Makefile.am b/modules/Makefile.am deleted file mode 100644 index 010ed66..0000000 --- a/modules/Makefile.am +++ /dev/null @@ -1,5 +0,0 @@ - -SUBDIRS = default allow-all deny-all run-program grant - -polkitconfdir = $(sysconfdir)/PolicyKit -dist_polkitconf_DATA = PolicyKit.conf diff --git a/modules/PolicyKit.conf b/modules/PolicyKit.conf deleted file mode 100644 index c3c6dd9..0000000 --- a/modules/PolicyKit.conf +++ /dev/null @@ -1,6 +0,0 @@ -# PolicyKit modules - see PolicyKit(8) -# -# NOTE: Changes made to this file may be applied instantly - -advise polkit-module-default.so -advise polkit-module-grant.so diff --git a/modules/allow-all/Makefile.am b/modules/allow-all/Makefile.am deleted file mode 100644 index 316f3a6..0000000 --- a/modules/allow-all/Makefile.am +++ /dev/null @@ -1,25 +0,0 @@ -## Process this file with automake to produce Makefile.in - -INCLUDES = \ - -I$(top_builddir) -I$(top_srcdir) \ - -DPACKAGE_LIBEXEC_DIR=\""$(libexecdir)"\" \ - -DPACKAGE_SYSCONF_DIR=\""$(sysconfdir)"\" \ - -DPACKAGE_DATA_DIR=\""$(datadir)"\" \ - -DPACKAGE_BIN_DIR=\""$(bindir)"\" \ - -DPACKAGE_LOCALSTATEDIR=\""$(localstatedir)"\" \ - -DPACKAGE_LOCALE_DIR=\""$(localedir)"\" \ - -D_POSIX_PTHREAD_SEMANTICS -D_REENTRANT \ - @DBUS_CFLAGS@ - -polkitmoduledir = $(libdir)/PolicyKit/modules -polkitmodule_LTLIBRARIES = \ - polkit-module-allow-all.la \ - $(NULL) - - -polkit_module_allow_all_la_SOURCES = polkit-module-allow-all.c -polkit_module_allow_all_la_LDFLAGS = -no-undefined -module -avoid-version -polkit_module_allow_all_la_LIBADD = $(top_builddir)/polkit/libpolkit.la - -clean-local : - rm -f *~ diff --git a/modules/allow-all/polkit-module-allow-all.c b/modules/allow-all/polkit-module-allow-all.c deleted file mode 100644 index 06a15d2..0000000 --- a/modules/allow-all/polkit-module-allow-all.c +++ /dev/null @@ -1,82 +0,0 @@ -/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */ -/*************************************************************************** - * - * polkit-module-allow-all.c : PolicyKit module that says YES to everything - * - * Copyright (C) 2007 David Zeuthen, - * - * Licensed under the Academic Free License version 2.1 - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * - **************************************************************************/ - -#ifdef HAVE_CONFIG_H -# include -#endif - -#include -#include - -/* The symbol that polkit looks up when loading this module */ -polkit_bool_t polkit_module_set_functions (PolKitModuleInterface *module_interface); - -static polkit_bool_t -_module_init (PolKitModuleInterface *module_interface, int argc, char *argv[]) -{ - return TRUE; -} - -static void -_module_shutdown (PolKitModuleInterface *module_interface) -{ -} - -static PolKitResult -_module_can_session_do_action (PolKitModuleInterface *module_interface, - PolKitContext *pk_context, - PolKitAction *action, - PolKitSession *session) -{ - return POLKIT_RESULT_YES; -} - -static PolKitResult -_module_can_caller_do_action (PolKitModuleInterface *module_interface, - PolKitContext *pk_context, - PolKitAction *action, - PolKitCaller *caller) -{ - return POLKIT_RESULT_YES; -} - -polkit_bool_t -polkit_module_set_functions (PolKitModuleInterface *module_interface) -{ - polkit_bool_t ret; - - ret = FALSE; - if (module_interface == NULL) - goto out; - - polkit_module_set_func_initialize (module_interface, _module_init); - polkit_module_set_func_shutdown (module_interface, _module_shutdown); - polkit_module_set_func_can_session_do_action (module_interface, _module_can_session_do_action); - polkit_module_set_func_can_caller_do_action (module_interface, _module_can_caller_do_action); - - ret = TRUE; -out: - return ret; -} diff --git a/modules/default/Makefile.am b/modules/default/Makefile.am deleted file mode 100644 index ec20eed..0000000 --- a/modules/default/Makefile.am +++ /dev/null @@ -1,25 +0,0 @@ -## Process this file with automake to produce Makefile.in - -INCLUDES = \ - -I$(top_builddir) -I$(top_srcdir) \ - -DPACKAGE_LIBEXEC_DIR=\""$(libexecdir)"\" \ - -DPACKAGE_SYSCONF_DIR=\""$(sysconfdir)"\" \ - -DPACKAGE_DATA_DIR=\""$(datadir)"\" \ - -DPACKAGE_BIN_DIR=\""$(bindir)"\" \ - -DPACKAGE_LOCALSTATEDIR=\""$(localstatedir)"\" \ - -DPACKAGE_LOCALE_DIR=\""$(localedir)"\" \ - -D_POSIX_PTHREAD_SEMANTICS -D_REENTRANT \ - @DBUS_CFLAGS@ - -polkitmoduledir = $(libdir)/PolicyKit/modules -polkitmodule_LTLIBRARIES = \ - polkit-module-default.la \ - $(NULL) - - -polkit_module_default_la_SOURCES = polkit-module-default.c -polkit_module_default_la_LDFLAGS = -no-undefined -module -avoid-version -polkit_module_default_la_LIBADD = $(top_builddir)/polkit/libpolkit.la - -clean-local : - rm -f *~ diff --git a/modules/default/polkit-module-default.c b/modules/default/polkit-module-default.c deleted file mode 100644 index 8ef02f8..0000000 --- a/modules/default/polkit-module-default.c +++ /dev/null @@ -1,102 +0,0 @@ -/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */ -/*************************************************************************** - * - * polkit-module-default.c : PolicyKit module for default policy - * - * Copyright (C) 2007 David Zeuthen, - * - * Licensed under the Academic Free License version 2.1 - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * - **************************************************************************/ - -#ifdef HAVE_CONFIG_H -# include -#endif - -#include -#include - -/* The symbol that polkit looks up when loading this module */ -polkit_bool_t polkit_module_set_functions (PolKitModuleInterface *module_interface); - -static polkit_bool_t -_module_init (PolKitModuleInterface *module_interface, - int argc, - char *argv[]) -{ - return TRUE; -} - -static void -_module_shutdown (PolKitModuleInterface *module_interface) -{ -} - -static PolKitResult -_module_can_session_do_action (PolKitModuleInterface *module_interface, - PolKitContext *pk_context, - PolKitAction *action, - PolKitSession *session) -{ - PolKitResult result; - PolKitPolicyCache *cache; - PolKitPolicyFileEntry *pfe; - - result = POLKIT_RESULT_NO; - cache = polkit_context_get_policy_cache (pk_context); - pfe = polkit_policy_cache_get_entry (cache, action); - return polkit_policy_default_can_session_do_action (polkit_policy_file_entry_get_default (pfe), - action, - session); -} - -static PolKitResult -_module_can_caller_do_action (PolKitModuleInterface *module_interface, - PolKitContext *pk_context, - PolKitAction *action, - PolKitCaller *caller) -{ - PolKitResult result; - PolKitPolicyCache *cache; - PolKitPolicyFileEntry *pfe; - - result = POLKIT_RESULT_NO; - cache = polkit_context_get_policy_cache (pk_context); - pfe = polkit_policy_cache_get_entry (cache, action); - return polkit_policy_default_can_caller_do_action (polkit_policy_file_entry_get_default (pfe), - action, - caller); -} - -polkit_bool_t -polkit_module_set_functions (PolKitModuleInterface *module_interface) -{ - polkit_bool_t ret; - - ret = FALSE; - if (module_interface == NULL) - goto out; - - polkit_module_set_func_initialize (module_interface, _module_init); - polkit_module_set_func_shutdown (module_interface, _module_shutdown); - polkit_module_set_func_can_session_do_action (module_interface, _module_can_session_do_action); - polkit_module_set_func_can_caller_do_action (module_interface, _module_can_caller_do_action); - - ret = TRUE; -out: - return ret; -} diff --git a/modules/deny-all/Makefile.am b/modules/deny-all/Makefile.am deleted file mode 100644 index 732d929..0000000 --- a/modules/deny-all/Makefile.am +++ /dev/null @@ -1,25 +0,0 @@ -## Process this file with automake to produce Makefile.in - -INCLUDES = \ - -I$(top_builddir) -I$(top_srcdir) \ - -DPACKAGE_LIBEXEC_DIR=\""$(libexecdir)"\" \ - -DPACKAGE_SYSCONF_DIR=\""$(sysconfdir)"\" \ - -DPACKAGE_DATA_DIR=\""$(datadir)"\" \ - -DPACKAGE_BIN_DIR=\""$(bindir)"\" \ - -DPACKAGE_LOCALSTATEDIR=\""$(localstatedir)"\" \ - -DPACKAGE_LOCALE_DIR=\""$(localedir)"\" \ - -D_POSIX_PTHREAD_SEMANTICS -D_REENTRANT \ - @DBUS_CFLAGS@ - -polkitmoduledir = $(libdir)/PolicyKit/modules -polkitmodule_LTLIBRARIES = \ - polkit-module-deny-all.la \ - $(NULL) - - -polkit_module_deny_all_la_SOURCES = polkit-module-deny-all.c -polkit_module_deny_all_la_LDFLAGS = -no-undefined -module -avoid-version -polkit_module_deny_all_la_LIBADD = $(top_builddir)/polkit/libpolkit.la - -clean-local : - rm -f *~ diff --git a/modules/deny-all/polkit-module-deny-all.c b/modules/deny-all/polkit-module-deny-all.c deleted file mode 100644 index 829c570..0000000 --- a/modules/deny-all/polkit-module-deny-all.c +++ /dev/null @@ -1,82 +0,0 @@ -/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */ -/*************************************************************************** - * - * polkit-module-allow-all.c : PolicyKit module that says NO to everything - * - * Copyright (C) 2007 David Zeuthen, - * - * Licensed under the Academic Free License version 2.1 - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * - **************************************************************************/ - -#ifdef HAVE_CONFIG_H -# include -#endif - -#include -#include - -/* The symbol that polkit looks up when loading this module */ -polkit_bool_t polkit_module_set_functions (PolKitModuleInterface *module_interface); - -static polkit_bool_t -_module_init (PolKitModuleInterface *module_interface, int argc, char *argv[]) -{ - return TRUE; -} - -static void -_module_shutdown (PolKitModuleInterface *module_interface) -{ -} - -static PolKitResult -_module_can_session_do_action (PolKitModuleInterface *module_interface, - PolKitContext *pk_context, - PolKitAction *action, - PolKitSession *session) -{ - return POLKIT_RESULT_NO; -} - -static PolKitResult -_module_can_caller_do_action (PolKitModuleInterface *module_interface, - PolKitContext *pk_context, - PolKitAction *action, - PolKitCaller *caller) -{ - return POLKIT_RESULT_NO; -} - -polkit_bool_t -polkit_module_set_functions (PolKitModuleInterface *module_interface) -{ - polkit_bool_t ret; - - ret = FALSE; - if (module_interface == NULL) - goto out; - - polkit_module_set_func_initialize (module_interface, _module_init); - polkit_module_set_func_shutdown (module_interface, _module_shutdown); - polkit_module_set_func_can_session_do_action (module_interface, _module_can_session_do_action); - polkit_module_set_func_can_caller_do_action (module_interface, _module_can_caller_do_action); - - ret = TRUE; -out: - return ret; -} diff --git a/modules/grant/Makefile.am b/modules/grant/Makefile.am deleted file mode 100644 index 52ff52a..0000000 --- a/modules/grant/Makefile.am +++ /dev/null @@ -1,25 +0,0 @@ -## Process this file with automake to produce Makefile.in - -INCLUDES = \ - -I$(top_builddir) -I$(top_srcdir) \ - -DPACKAGE_LIBEXEC_DIR=\""$(libexecdir)"\" \ - -DPACKAGE_SYSCONF_DIR=\""$(sysconfdir)"\" \ - -DPACKAGE_DATA_DIR=\""$(datadir)"\" \ - -DPACKAGE_BIN_DIR=\""$(bindir)"\" \ - -DPACKAGE_LOCALSTATE_DIR=\""$(localstatedir)"\" \ - -DPACKAGE_LOCALE_DIR=\""$(localedir)"\" \ - -D_POSIX_PTHREAD_SEMANTICS -D_REENTRANT \ - @GLIB_CFLAGS@ @DBUS_CFLAGS@ - -polkitmoduledir = $(libdir)/PolicyKit/modules -polkitmodule_LTLIBRARIES = \ - polkit-module-grant.la \ - $(NULL) - - -polkit_module_grant_la_SOURCES = polkit-module-grant.c -polkit_module_grant_la_LDFLAGS = -no-undefined -module -avoid-version -polkit_module_grant_la_LIBADD = $(top_builddir)/polkit/libpolkit.la @GLIB_LIBS@ $(top_builddir)/polkit-grant/libpolkit-grant-private.la - -clean-local : - rm -f *~ diff --git a/modules/grant/polkit-module-grant.c b/modules/grant/polkit-module-grant.c deleted file mode 100644 index c0ea67b..0000000 --- a/modules/grant/polkit-module-grant.c +++ /dev/null @@ -1,208 +0,0 @@ -/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */ -/*************************************************************************** - * - * polkit-module-grant.c : determine policy by looking at grants - * - * Copyright (C) 2007 David Zeuthen, - * - * Licensed under the Academic Free License version 2.1 - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * - **************************************************************************/ - -#ifdef HAVE_CONFIG_H -# include -#endif - -#define _GNU_SOURCE -#include -#include -#include -#include -#include - -/* The symbol that polkit looks up when loading this module */ -polkit_bool_t polkit_module_set_functions (PolKitModuleInterface *module_interface); - -static polkit_bool_t -_module_init (PolKitModuleInterface *module_interface, int argc, char *argv[]) -{ - return TRUE; -} - -static void -_module_shutdown (PolKitModuleInterface *module_interface) -{ -} - - - -static PolKitResult -_module_can_session_do_action (PolKitModuleInterface *module_interface, - PolKitContext *pk_context, - PolKitAction *action, - PolKitSession *session) -{ - return POLKIT_RESULT_UNKNOWN_ACTION; -} - -static PolKitResult -_module_can_caller_do_action (PolKitModuleInterface *module_interface, - PolKitContext *pk_context, - PolKitAction *action, - PolKitCaller *caller) -{ - return _polkit_grantdb_check_can_caller_do_action (pk_context, action, caller); - -#if 0 - char *grant_file; - PolKitSession *session; - PolKitResult result; - - result = POLKIT_RESULT_UNKNOWN_ACTION; - - /* file format: - * - * file: /var/[lib,run]/PolicyKit/grant/.grant - * - * contents: - * [ ]\n # only makes sense for run - * \n - * ... - * - * - run is used for temporarily granted privileges - * - lib is used for permanently granted privileges - * - * FHS guarantees that the files /var/run/PolicyKit are - * deleted upon reboots so we just need to ensure that - * ConsoleKit session id's are unique per system (TODO: Ask Jon - * to make ConsoleKit guarantee this). - */ - - uid_t invoking_user_id; - char *action_name; - char *session_objpath; - const char *session_name; - char *resource_type; - char *resource_id; - char *resource_str_to_hash; - char *dbus_name; - guint resource_hash; - - if (!polkit_action_get_action_id (action, &action_name)) - goto out; - if (!polkit_caller_get_uid (caller, &invoking_user_id)) - goto out; - - if (resource == NULL) { - resource_type = ""; - resource_id = ""; - } else { - if (!polkit_resource_get_resource_type (resource, &resource_type)) - goto out; - if (!polkit_resource_get_resource_id (resource, &resource_id)) - goto out; - } - - session_name = NULL; - if (!polkit_caller_get_ck_session (caller, &session)) - goto out; - if (!polkit_caller_get_dbus_name (caller, &dbus_name)) - goto out; - if (session == NULL) { - session_objpath = NULL; - session_name = NULL; - } else { - if (!polkit_session_get_ck_objref (session, &session_objpath)) - goto out; - session_name = g_basename (session_objpath); - } - - resource_str_to_hash = g_strdup_printf ("%s:%s", resource_type, resource_id); - resource_hash = g_str_hash (resource_str_to_hash); - g_free (resource_str_to_hash); - - /* TODO: FIXME: XXX: this format of storing granted privileges needs be redone - * - * this concerns these two files - * - polkit-grant/polkit-grant-helper.c - * - modules/grant/polkit-module-grant.c - */ - - /* - * /var/lib/PolicyKit/uid___.grant - * uid__.grant - * - * /var/run/PolicyKit/session____.grant - * session___.grant - * dbus____.grant - */ - - if (dbus_name == NULL) - dbus_name = ""; - - grant_file = g_strdup_printf (PACKAGE_LOCALSTATE_DIR "/run/PolicyKit/dbus_%s_%d_%s_%u.grant", - dbus_name, invoking_user_id, action_name, resource_hash); - - fprintf (stdout, "testing for file '%s'\n", grant_file); - - if (g_file_test (grant_file, G_FILE_TEST_EXISTS)) { - result = POLKIT_RESULT_YES; - g_free (grant_file); - goto out; - } - g_free (grant_file); - - if (session_name != NULL) { - grant_file = g_strdup_printf (PACKAGE_LOCALSTATE_DIR "/run/PolicyKit/session_%s_%d_%s_%u.grant", - session_name, invoking_user_id, action_name, resource_hash); - if (g_file_test (grant_file, G_FILE_TEST_EXISTS)) { - result = POLKIT_RESULT_YES; - g_free (grant_file); - goto out; - } - g_free (grant_file); - } - - grant_file = g_strdup_printf (PACKAGE_LOCALSTATE_DIR "/lib/PolicyKit/uid_%d_%s_%u.grant", - invoking_user_id, action_name, resource_hash); - if (g_file_test (grant_file, G_FILE_TEST_EXISTS)) { - result = POLKIT_RESULT_YES; - g_free (grant_file); - goto out; - } - g_free (grant_file); -#endif -} - -polkit_bool_t -polkit_module_set_functions (PolKitModuleInterface *module_interface) -{ - polkit_bool_t ret; - - ret = FALSE; - if (module_interface == NULL) - goto out; - - polkit_module_set_func_initialize (module_interface, _module_init); - polkit_module_set_func_shutdown (module_interface, _module_shutdown); - polkit_module_set_func_can_session_do_action (module_interface, _module_can_session_do_action); - polkit_module_set_func_can_caller_do_action (module_interface, _module_can_caller_do_action); - - ret = TRUE; -out: - return ret; -} diff --git a/modules/run-program/Makefile.am b/modules/run-program/Makefile.am deleted file mode 100644 index 61d1ad5..0000000 --- a/modules/run-program/Makefile.am +++ /dev/null @@ -1,25 +0,0 @@ -## Process this file with automake to produce Makefile.in - -INCLUDES = \ - -I$(top_builddir) -I$(top_srcdir) \ - -DPACKAGE_LIBEXEC_DIR=\""$(libexecdir)"\" \ - -DPACKAGE_SYSCONF_DIR=\""$(sysconfdir)"\" \ - -DPACKAGE_DATA_DIR=\""$(datadir)"\" \ - -DPACKAGE_BIN_DIR=\""$(bindir)"\" \ - -DPACKAGE_LOCALSTATEDIR=\""$(localstatedir)"\" \ - -DPACKAGE_LOCALE_DIR=\""$(localedir)"\" \ - -D_POSIX_PTHREAD_SEMANTICS -D_REENTRANT \ - @GLIB_CFLAGS@ @DBUS_CFLAGS@ - -polkitmoduledir = $(libdir)/PolicyKit/modules -polkitmodule_LTLIBRARIES = \ - polkit-module-run-program.la \ - $(NULL) - - -polkit_module_run_program_la_SOURCES = polkit-module-run-program.c -polkit_module_run_program_la_LDFLAGS = -no-undefined -module -avoid-version -polkit_module_run_program_la_LIBADD = $(top_builddir)/polkit/libpolkit.la @GLIB_LIBS@ - -clean-local : - rm -f *~ diff --git a/modules/run-program/polkit-module-run-program.c b/modules/run-program/polkit-module-run-program.c deleted file mode 100644 index e5c00dc..0000000 --- a/modules/run-program/polkit-module-run-program.c +++ /dev/null @@ -1,329 +0,0 @@ -/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */ -/*************************************************************************** - * - * polkit-module-run-program.c : determine policy by running a program - * - * Copyright (C) 2007 David Zeuthen, - * - * Licensed under the Academic Free License version 2.1 - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * - **************************************************************************/ - -#ifdef HAVE_CONFIG_H -# include -#endif - -#include -#include - -/* The symbol that polkit looks up when loading this module */ -polkit_bool_t polkit_module_set_functions (PolKitModuleInterface *module_interface); - -typedef struct { - int program_argc; - char **program_argv; -} UserData; - -static polkit_bool_t -_module_init (PolKitModuleInterface *module_interface, int argc, char *argv[]) -{ - int n; - UserData *user_data; - - user_data = g_new0 (UserData, 1); - for (n = 1; n < argc; n++) { - if (g_str_has_prefix (argv[n], "program=")) { - const char *program; - program = argv[n] + 8; - - if (!g_shell_parse_argv (program, - &user_data->program_argc, - &user_data->program_argv, NULL)) { - g_warning ("Cannot parse '%s' - skipping", program); - goto error; - } - - if (!g_file_test (user_data->program_argv[0], - G_FILE_TEST_IS_EXECUTABLE|G_FILE_TEST_IS_REGULAR)) { - g_warning ("Program '%s' is not an executable file - skipping", - user_data->program_argv[0]); - goto error; - } - - g_debug ("program = '%s'", user_data->program_argv[0]); - - /* TODO: - * O_o o_O... we could monitor the executable file :-) and trigger config changes! - */ - } - } - - if (user_data->program_argv == NULL) - goto error; - - polkit_module_set_user_data (module_interface, user_data); - - return TRUE; -error: - if (user_data->program_argv != NULL) - g_strfreev (user_data->program_argv); - g_free (user_data); - return FALSE; -} - -static void -_module_shutdown (PolKitModuleInterface *module_interface) -{ - UserData *user_data; - user_data = polkit_module_get_user_data (module_interface); - if (user_data != NULL) { - if (user_data->program_argv != NULL) - g_strfreev (user_data->program_argv); - g_free (user_data); - } -} - -static polkit_bool_t -_add_action_to_env (PolKitAction *action, GPtrArray *envp) -{ - char *p_id; - if (!polkit_action_get_action_id (action, &p_id)) - goto error; - g_ptr_array_add (envp, g_strdup_printf ("POLKIT_ACTION_ID=%s", p_id)); - return TRUE; -error: - return FALSE; -} - -static polkit_bool_t -_add_seat_to_env (PolKitSeat *seat, GPtrArray *envp) -{ - char *s_ck_objref; - if (!polkit_seat_get_ck_objref (seat, &s_ck_objref)) - goto error; - g_ptr_array_add (envp, g_strdup_printf ("POLKIT_SEAT_CK_OBJREF=%s", s_ck_objref)); - return TRUE; -error: - return FALSE; -} - -static polkit_bool_t -_add_session_to_env (PolKitSession *session, GPtrArray *envp) -{ - uid_t s_uid; - char *s_ck_objref; - polkit_bool_t s_ck_is_active; - polkit_bool_t s_ck_is_local; - char *s_ck_remote_host; - PolKitSeat *s_seat; - - if (!polkit_session_get_uid (session, &s_uid)) - goto error; - if (!polkit_session_get_ck_objref (session, &s_ck_objref)) - goto error; - if (!polkit_session_get_ck_is_active (session, &s_ck_is_active)) - goto error; - if (!polkit_session_get_ck_is_local (session, &s_ck_is_local)) - goto error; - if (!s_ck_is_local) - if (!polkit_session_get_ck_remote_host (session, &s_ck_remote_host)) - goto error; - if (!polkit_session_get_seat (session, &s_seat)) - goto error; - - if (!_add_seat_to_env (s_seat, envp)) - goto error; - g_ptr_array_add (envp, g_strdup_printf ("POLKIT_SESSION_UID=%d", (int) s_uid)); - g_ptr_array_add (envp, g_strdup_printf ("POLKIT_SESSION_CK_OBJREF=%s", s_ck_objref)); - g_ptr_array_add (envp, g_strdup_printf ("POLKIT_SESSION_CK_IS_ACTIVE=%d", s_ck_is_active)); - g_ptr_array_add (envp, g_strdup_printf ("POLKIT_SESSION_CK_IS_LOCAL=%d", s_ck_is_local)); - if (!s_ck_is_local) - g_ptr_array_add (envp, g_strdup_printf ("POLKIT_SESSION_CK_REMOTE_HOST=%s", s_ck_remote_host)); - return TRUE; -error: - return FALSE; -} - -static polkit_bool_t -_add_caller_to_env (PolKitCaller *caller, GPtrArray *envp) -{ - uid_t c_uid; - pid_t c_pid; - char *c_selinux_context; - char *c_dbus_name; - PolKitSession *c_session; - - if (!polkit_caller_get_uid (caller, &c_uid)) - goto error; - if (!polkit_caller_get_pid (caller, &c_pid)) - goto error; - if (!polkit_caller_get_dbus_name (caller, &c_dbus_name)) - goto error; - if (!polkit_caller_get_selinux_context (caller, &c_selinux_context)) /* SELinux may not be available */ - c_selinux_context = NULL; - if (!polkit_caller_get_ck_session (caller, &c_session)) /* Caller may not originate from a session */ - c_session = NULL; - - if (c_session != NULL) - if (!_add_session_to_env (c_session, envp)) - goto error; - g_ptr_array_add (envp, g_strdup_printf ("POLKIT_CALLER_UID=%d", (int) c_uid)); - g_ptr_array_add (envp, g_strdup_printf ("POLKIT_CALLER_PID=%d", (int) c_pid)); - g_ptr_array_add (envp, g_strdup_printf ("POLKIT_CALLER_DBUS_NAME=%s", c_dbus_name)); - if (c_selinux_context != NULL) - g_ptr_array_add (envp, g_strdup_printf ("POLKIT_CALLER_SELINUX_CONTEXT=%s", c_selinux_context)); - return TRUE; -error: - return FALSE; -} - -static polkit_bool_t -_run_program (UserData *user_data, char **envp, PolKitResult *result) -{ - int n; - int exit_status; - GError *g_error; - char *prog_stdout; - polkit_bool_t ret; - - g_error = NULL; - prog_stdout = NULL; - ret = FALSE; - - if (!g_spawn_sync ("/", - user_data->program_argv, - envp, - 0, - NULL, - NULL, - &prog_stdout, - NULL, - &exit_status, - &g_error)) { - g_warning ("error spawning '%s': %s", user_data->program_argv[0], g_error->message); - g_error_free (g_error); - goto error; - } - - /* only care if the program returned 0 */ - if (exit_status != 0) - goto error; - - /* only care about the first line */ - for (n = 0; prog_stdout[n] != '\n' && prog_stdout[n] != '\0'; n++) - ; - prog_stdout[n] = '\0'; - - if (!polkit_result_from_string_representation (prog_stdout, result)) { - g_warning ("malformed result '%s' from program", prog_stdout); - goto error; - } - - ret = TRUE; -error: - g_free (prog_stdout); - return ret; -} - - -static PolKitResult -_module_can_session_do_action (PolKitModuleInterface *module_interface, - PolKitContext *pk_context, - PolKitAction *action, - PolKitSession *session) -{ - PolKitResult result; - UserData *user_data; - GPtrArray *envp; - - envp = NULL; - result = POLKIT_RESULT_UNKNOWN_ACTION; - - user_data = polkit_module_get_user_data (module_interface); - - envp = g_ptr_array_new (); - - if (!_add_action_to_env (action, envp)) - goto error; - if (!_add_session_to_env (session, envp)) - goto error; - g_ptr_array_add (envp, g_strdup ("PATH=/usr/bin:/bin")); - g_ptr_array_add (envp, g_strdup ("POLKIT_REQUEST_SESSION=1")); - g_ptr_array_add (envp, NULL); - - if (!_run_program (user_data, (char **) envp->pdata, &result)) - goto error; - -error: - if (envp != NULL) { - g_ptr_array_foreach (envp, (GFunc) g_free, NULL); - g_ptr_array_free (envp, TRUE); - } - return result; -} - -static PolKitResult -_module_can_caller_do_action (PolKitModuleInterface *module_interface, - PolKitContext *pk_context, - PolKitAction *action, - PolKitCaller *caller) -{ - PolKitResult result; - UserData *user_data; - GPtrArray *envp; - - envp = NULL; - result = POLKIT_RESULT_NO; - user_data = polkit_module_get_user_data (module_interface); - - envp = g_ptr_array_new (); - if (!_add_action_to_env (action, envp)) - goto error; - if (!_add_caller_to_env (caller, envp)) - goto error; - g_ptr_array_add (envp, g_strdup ("PATH=/usr/bin:/bin")); - g_ptr_array_add (envp, g_strdup ("POLKIT_REQUEST_CALLER=1")); - g_ptr_array_add (envp, NULL); - if(!_run_program (user_data, (char **) envp->pdata, &result)) - goto error; - -error: - if (envp != NULL) { - g_ptr_array_foreach (envp, (GFunc) g_free, NULL); - g_ptr_array_free (envp, TRUE); - } - return result; -} - -polkit_bool_t -polkit_module_set_functions (PolKitModuleInterface *module_interface) -{ - polkit_bool_t ret; - - ret = FALSE; - if (module_interface == NULL) - goto out; - - polkit_module_set_func_initialize (module_interface, _module_init); - polkit_module_set_func_shutdown (module_interface, _module_shutdown); - polkit_module_set_func_can_session_do_action (module_interface, _module_can_session_do_action); - polkit_module_set_func_can_caller_do_action (module_interface, _module_can_caller_do_action); - - ret = TRUE; -out: - return ret; -} diff --git a/policy/Makefile.am b/policy/Makefile.am index 6cb4a86..5a6ff76 100644 --- a/policy/Makefile.am +++ b/policy/Makefile.am @@ -1,5 +1,5 @@ -polkit_privilegedir = $(sysconfdir)/PolicyKit/policy +polkit_privilegedir = $(datadir)/PolicyKit/policy dist_polkit_privilege_DATA = diff --git a/polkit/Makefile.am b/polkit/Makefile.am index c3968b4..8dfc805 100644 --- a/polkit/Makefile.am +++ b/polkit/Makefile.am @@ -30,8 +30,7 @@ libpolkitinclude_HEADERS = \ polkit-policy-file-entry.h \ polkit-policy-file.h \ polkit-policy-cache.h \ - polkit-policy-default.h \ - polkit-module.h + polkit-policy-default.h libpolkit_la_SOURCES = \ polkit.h \ @@ -48,8 +47,7 @@ libpolkit_la_SOURCES = \ polkit-policy-cache.h polkit-policy-cache.c \ polkit-policy-default.h polkit-policy-default.c \ polkit-debug.h polkit-debug.c \ - polkit-utils.h polkit-utils.c \ - polkit-module.h polkit-module.c + polkit-utils.h polkit-utils.c libpolkit_la_LIBADD = @GLIB_LIBS@ @EXPAT_LIBS@ -ldl diff --git a/polkit/polkit-context.c b/polkit/polkit-context.c index a1bb1d0..b099bd0 100644 --- a/polkit/polkit-context.c +++ b/polkit/polkit-context.c @@ -40,7 +40,6 @@ #include "polkit-debug.h" #include "polkit-context.h" #include "polkit-policy-cache.h" -#include "polkit-module.h" /** * SECTION:polkit @@ -75,8 +74,6 @@ struct PolKitContext PolKitPolicyCache *priv_cache; - GSList *modules; - polkit_bool_t load_descriptions; }; @@ -96,138 +93,6 @@ polkit_context_new (void) return pk_context; } -static polkit_bool_t -unload_modules (PolKitContext *pk_context) -{ - GSList *i; - for (i = pk_context->modules; i != NULL; i = g_slist_next (i)) { - PolKitModuleInterface *module_interface = i->data; - polkit_module_interface_unref (module_interface); - } - g_slist_free (pk_context->modules); - pk_context->modules = NULL; - _pk_debug ("Unloaded modules"); - - return TRUE; -} - -static polkit_bool_t -load_modules (PolKitContext *pk_context, PolKitError **error) -{ - const char *config_file; - polkit_bool_t ret; - char *buf; - char *end; - char line[256]; - char *p; - char *q; - gsize len; - int line_number; - int mod_number; - GError *g_error; - - ret = FALSE; - buf = NULL; - mod_number = 0; - - config_file = PACKAGE_SYSCONF_DIR "/PolicyKit/PolicyKit.conf"; - g_error = NULL; - if (!g_file_get_contents (config_file, - &buf, - &len, - &g_error)) { - _pk_debug ("Cannot load PolicyKit configuration file at '%s'", config_file); - polkit_error_set_error (error, POLKIT_ERROR_POLICY_FILE_INVALID, - "Cannot load PolicyKit configuration file at '%s': %s", - config_file, - g_error->message); - g_error_free (g_error); - goto out; - } - - end = buf + len; - - /* parse the config file; one line at a time (yes, this is super ugly code) */ - p = buf; - line_number = -1; - while (TRUE) { - int argc; - char **tokens; - char *module_name; - char *module_path; - PolKitModuleControl module_control; - PolKitModuleInterface *module_interface; - - line_number++; - - q = p; - while (*q != '\n' && q != '\0' && q < end) - q++; - if (*q == '\0' || q >= end) { - /* skip last line if it's not terminated by whitespace */ - break; - } - if ((unsigned int) (q - p) > sizeof(line) - 1) { - _pk_debug ("Line is too long; skipping it"); - continue; - } - strncpy (line, p, q - p); - line[q - p] = '\0'; - p = q + 1; - - /* remove leading and trailing white space */ - g_strstrip (line); - - /* comments, blank lines are fine; just skip them */ - if (line[0] == '#' || strlen (line) == 0) { - continue; - } - - /*_pk_debug ("Looking at line: '%s'", line);*/ - - if (!g_shell_parse_argv (line, &argc, &tokens, NULL)) { - _pk_debug ("Cannot parse line %d - skipping", line_number); - continue; - } - if (argc < 2) { - _pk_debug ("Line %d is malformed - skipping line", line_number); - g_strfreev (tokens); - continue; - } - if (!polkit_module_control_from_string_representation (tokens[0], &module_control)) { - _pk_debug ("Unknown module_control '%s' at line %d - skipping line", tokens[0], line_number); - g_strfreev (tokens); - continue; - } - module_name = tokens[1]; - - module_path = g_strdup_printf (PACKAGE_LIB_DIR "/PolicyKit/modules/%s", module_name); - _pk_debug ("MODULE: number=%d control=%d name=%s argc=%d", - mod_number, module_control, module_name, argc - 1); - module_interface = polkit_module_interface_load_module (module_path, - module_control, - argc - 1, - tokens + 1); - g_free (module_path); - - if (module_interface != NULL) { - pk_context->modules = g_slist_append (pk_context->modules, module_interface); - mod_number++; - } - g_strfreev (tokens); - - } - - ret = TRUE; - -out: - if (buf != NULL) - g_free (buf); - - _pk_debug ("Loaded %d modules in total", mod_number); - return ret; -} - static void _config_file_events (PolKitContext *pk_context, PolKitContextFileMonitorEvent event_mask, @@ -235,8 +100,6 @@ _config_file_events (PolKitContext *pk_context, void *user_data) { _pk_debug ("Config file changed"); - unload_modules (pk_context); - load_modules (pk_context, NULL); /* signal that our configuration (may have) changed */ if (pk_context->config_changed_cb) { @@ -269,8 +132,8 @@ _policy_dir_events (PolKitContext *pk_context, * @error: return location for error * * Initializes a new context; loads PolicyKit files from - * /etc/PolicyKit/policy unless the environment variable - * $POLKIT_POLICY_DIR points to a location. + * /usr/share/PolicyKit/policy unless the environment variable + * $POLKIT_POLICY_DIR points to another location. * * Returns: #FALSE if @error was set, otherwise #TRUE **/ @@ -287,10 +150,6 @@ polkit_context_init (PolKitContext *pk_context, PolKitError **error) } _pk_debug ("Using policy files from directory %s", pk_context->policy_dir); - /* Load modules */ - if (!load_modules (pk_context, error)) - goto error; - /* don't populate the cache until it's needed.. */ if (pk_context->file_monitor_add_watch_func == NULL) { @@ -316,11 +175,14 @@ polkit_context_init (PolKitContext *pk_context, PolKitError **error) } return TRUE; + +#if 0 error: if (pk_context != NULL) polkit_context_unref (pk_context); return FALSE; +#endif } /** @@ -356,8 +218,6 @@ polkit_context_unref (PolKitContext *pk_context) if (pk_context->refcount > 0) return; - unload_modules (pk_context); - g_free (pk_context); } @@ -484,8 +344,6 @@ polkit_context_can_session_do_action (PolKitContext *pk_context, PolKitPolicyCache *cache; PolKitPolicyFileEntry *pfe; PolKitResult current_result; - PolKitModuleControl current_control; - GSList *i; current_result = POLKIT_RESULT_NO; g_return_val_if_fail (pk_context != NULL, current_result); @@ -522,8 +380,8 @@ polkit_context_can_session_do_action (PolKitContext *pk_context, polkit_policy_file_entry_debug (pfe); current_result = POLKIT_RESULT_UNKNOWN_ACTION; - current_control = POLKIT_MODULE_CONTROL_ADVISE; /* start with advise */ +#if 0 /* visit modules */ for (i = pk_context->modules; i != NULL; i = g_slist_next (i)) { PolKitModuleInterface *module_interface = i->data; @@ -581,6 +439,7 @@ polkit_context_can_session_do_action (PolKitContext *pk_context, } } } +#endif /* Never return UNKNOWN_ACTION to user */ if (current_result == POLKIT_RESULT_UNKNOWN_ACTION) @@ -610,8 +469,6 @@ polkit_context_can_caller_do_action (PolKitContext *pk_context, PolKitPolicyCache *cache; PolKitPolicyFileEntry *pfe; PolKitResult current_result; - PolKitModuleControl current_control; - GSList *i; current_result = POLKIT_RESULT_NO; g_return_val_if_fail (pk_context != NULL, current_result); @@ -648,8 +505,8 @@ polkit_context_can_caller_do_action (PolKitContext *pk_context, polkit_policy_file_entry_debug (pfe); current_result = POLKIT_RESULT_UNKNOWN_ACTION; - current_control = POLKIT_MODULE_CONTROL_ADVISE; /* start with advise */ +#if 0 /* visit modules */ for (i = pk_context->modules; i != NULL; i = g_slist_next (i)) { PolKitModuleInterface *module_interface = i->data; @@ -707,6 +564,7 @@ polkit_context_can_caller_do_action (PolKitContext *pk_context, } } } +#endif /* Never return UNKNOWN_ACTION to user */ if (current_result == POLKIT_RESULT_UNKNOWN_ACTION) diff --git a/polkit/polkit-module.c b/polkit/polkit-module.c deleted file mode 100644 index 833cc22..0000000 --- a/polkit/polkit-module.c +++ /dev/null @@ -1,683 +0,0 @@ -/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */ -/*************************************************************************** - * - * polkit-module.c : PolicyKit loadable module interface - * - * Copyright (C) 2007 David Zeuthen, - * - * Licensed under the Academic Free License version 2.1 - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * - **************************************************************************/ - -/** - * SECTION:polkit-module - * @short_description: PolicyKit loadable module interface - * - * These functions are used by loadable PolicyKit modules. - **/ - -#ifdef HAVE_CONFIG_H -# include -#endif -#include -#include -#include -#include -#include -#include - -#include "polkit-debug.h" -#include "polkit-module.h" - -/** - * PolKitModuleInterface: - * - * Objects of this class are used to interface with PolicyKit modules - **/ -struct PolKitModuleInterface -{ - int refcount; - void *dlopen_handle; - char *name; - - void *module_user_data; - PolKitModuleControl module_control; - - PolKitModuleInitialize func_initialize; - PolKitModuleShutdown func_shutdown; - PolKitModuleCanSessionDoAction func_can_session_do_action; - PolKitModuleCanCallerDoAction func_can_caller_do_action; - - polkit_bool_t builtin_have_action_regex; - regex_t builtin_action_regex_compiled; - - GSList *builtin_users; -}; - -static uid_t -_util_name_to_uid (const char *username, gid_t *default_gid) -{ - int rc; - uid_t res; - char *buf = NULL; - unsigned int bufsize; - struct passwd pwd; - struct passwd *pwdp; - - res = (uid_t) -1; - - bufsize = sysconf (_SC_GETPW_R_SIZE_MAX); - buf = g_new0 (char, bufsize); - - rc = getpwnam_r (username, &pwd, buf, bufsize, &pwdp); - if (rc != 0 || pwdp == NULL) { - /*g_warning ("getpwnam_r() returned %d", rc);*/ - goto out; - } - - res = pwdp->pw_uid; - if (default_gid != NULL) - *default_gid = pwdp->pw_gid; - -out: - g_free (buf); - return res; -} - -static void -_parse_builtin_remove_option (int *argc, char *argv[], int position) -{ - int n; - for (n = position; n < *argc; n++) - argv[n] = argv[n+1]; - (*argc)--; -} - -static polkit_bool_t -_parse_builtin (PolKitModuleInterface *mi, int *argc, char *argv[]) -{ - int n; - polkit_bool_t ret; - - ret = FALSE; - - for (n = 1; n < *argc; ) { - if (g_str_has_prefix (argv[n], "action=")) { - const char *regex; - - if (mi->builtin_have_action_regex) { - _pk_debug ("Already have option 'action='"); - goto error; - } - - regex = argv[n] + 10; - if (regcomp (&(mi->builtin_action_regex_compiled), regex, REG_EXTENDED) != 0) { - _pk_debug ("Regex '%s' didn't compile", regex); - goto error; - } - mi->builtin_have_action_regex = TRUE; - - _pk_debug ("Compiled regex '%s' for option 'action=' OK", regex); - - _parse_builtin_remove_option (argc, argv, n); - } else if (g_str_has_prefix (argv[n], "user=")) { - const char *user; - uid_t uid; - GSList *i; - - user = argv[n] + 5; - uid = _util_name_to_uid (user, NULL); - if ((int) uid == -1) { - _pk_debug ("Unknown user name '%s'", user); - goto error; - } - - for (i = mi->builtin_users; i != NULL; i = g_slist_next (i)) { - uid_t uid_in_list = GPOINTER_TO_INT (i->data); - if (uid_in_list == uid) { - _pk_debug ("Already have user '%s'", user); - goto error; - } - } - - _pk_debug ("adding uid %d", uid); - mi->builtin_users = g_slist_prepend (mi->builtin_users, GINT_TO_POINTER (uid)); - - _parse_builtin_remove_option (argc, argv, n); - } else { - n++; - } - } - - ret = TRUE; - -error: - return ret; -} - -/** - * polkit_module_interface_load_module: - * @name: name of module, e.g. "polkit-module-default.so" - * @module_control: the module control; from the configuration file - * @argc: number arguments to pass - * @argv: argument vector, the first argument must be the filename/path to the module - * - * Load and initialize a PolicyKit module - * - * Returns: A #PolKitModuleInterface object on success; #NULL on failure. - **/ -PolKitModuleInterface * -polkit_module_interface_load_module (const char *name, PolKitModuleControl module_control, int argc, char *argv[]) -{ - void *handle; - PolKitModuleInterface *mi; - polkit_bool_t (*func) (PolKitModuleInterface *); - - mi = NULL; - - _pk_debug ("loading %s", name); - - handle = dlopen (name, RTLD_NOW | RTLD_LOCAL); - if (handle == NULL) { - _pk_debug ("Cannot load module '%s'", name); - goto error; - } - - func = dlsym (handle, "polkit_module_set_functions"); - if (func == NULL) { - _pk_debug ("Cannot get symbol 'polkit_module_set_functions' in module '%s'", name); - goto error; - } - - _pk_debug ("func = %p", func); - - mi = polkit_module_interface_new (); - if (!func (mi)) { - _pk_debug ("Module '%s' returned FALSE when asked to set functions", name); - goto error; - } - - if (mi->func_initialize == NULL) { - _pk_debug ("Module '%s' didn't set initialize function", name); - goto error; - } - - if (mi->func_shutdown == NULL) { - _pk_debug ("Module '%s' didn't set shutdown function", name); - goto error; - } - - if (!_parse_builtin (mi, &argc, argv)) { - _pk_debug ("Error parsing built-in module options for '%s'", name); - goto error; - } - - if (!mi->func_initialize (mi, argc, argv)) { - _pk_debug ("Module '%s' returned FALSE in initialization function", name); - goto error; - } - - mi->dlopen_handle = handle; - mi->name = g_strdup (name); - mi->module_control = module_control; - return mi; -error: - if (mi != NULL) - polkit_module_interface_unref (mi); - if (handle != NULL) - dlclose (handle); - return NULL; -} - -/** - * polkit_module_get_name: - * @module_interface: the module interface - * - * Get the name of the module - * - * Returns: name or #NULL if an error occured - **/ -const char * -polkit_module_get_name (PolKitModuleInterface *module_interface) -{ - g_return_val_if_fail (module_interface != NULL, NULL); - return module_interface->name; -} - - -/** - * polkit_module_interface_new: - * - * Create a new #PolKitModuleInterface object. - * - * Returns: the new object - **/ -PolKitModuleInterface * -polkit_module_interface_new (void) -{ - PolKitModuleInterface *module_interface; - module_interface = g_new0 (PolKitModuleInterface, 1); - module_interface->refcount = 1; - return module_interface; -} - -/** - * polkit_module_interface_ref: - * @module_interface: the module_interface object - * - * Increase reference count. - * - * Returns: the object - **/ -PolKitModuleInterface * -polkit_module_interface_ref (PolKitModuleInterface *module_interface) -{ - g_return_val_if_fail (module_interface != NULL, module_interface); - module_interface->refcount++; - return module_interface; -} - -/** - * polkit_module_interface_unref: - * @module_interface: the module_interface object - * - * Decreases the reference count of the object. If it becomes zero, - * the object is freed. Before freeing, reference counts on embedded - * objects are decresed by one. - **/ -void -polkit_module_interface_unref (PolKitModuleInterface *module_interface) -{ - g_return_if_fail (module_interface != NULL); - module_interface->refcount--; - if (module_interface->refcount > 0) - return; - - /* builtins */ - if (module_interface->builtin_have_action_regex) - regfree (&module_interface->builtin_action_regex_compiled); - g_slist_free (module_interface->builtin_users); - - /* shutdown the module and unload it */ - if (module_interface->func_shutdown != NULL) - module_interface->func_shutdown (module_interface); - if (module_interface->dlopen_handle != NULL) - dlclose (module_interface->dlopen_handle); - - g_free (module_interface->name); - g_free (module_interface); -} - -/** - * polkit_module_set_func_initialize: - * @module_interface: the module interface - * @func: the function pointer - * - * Set the function pointer. - **/ -void -polkit_module_set_func_initialize (PolKitModuleInterface *module_interface, - PolKitModuleInitialize func) -{ - g_return_if_fail (module_interface != NULL); - module_interface->func_initialize = func; -} - -/** - * polkit_module_set_func_shutdown: - * @module_interface: the module interface - * @func: the function pointer - * - * Set the function pointer. - **/ -void -polkit_module_set_func_shutdown (PolKitModuleInterface *module_interface, - PolKitModuleShutdown func) -{ - g_return_if_fail (module_interface != NULL); - module_interface->func_shutdown = func; -} - -/** - * polkit_module_set_func_can_session_do_action: - * @module_interface: the module interface - * @func: the function pointer - * - * Set the function pointer. - **/ -void polkit_module_set_func_can_session_do_action (PolKitModuleInterface *module_interface, - PolKitModuleCanSessionDoAction func) -{ - g_return_if_fail (module_interface != NULL); - module_interface->func_can_session_do_action = func; -} - -/** - * polkit_module_set_func_can_caller_do_action: - * @module_interface: the module interface - * @func: the function pointer - * - * Set the function pointer. - **/ -void polkit_module_set_func_can_caller_do_action (PolKitModuleInterface *module_interface, - PolKitModuleCanCallerDoAction func) -{ - g_return_if_fail (module_interface != NULL); - module_interface->func_can_caller_do_action = func; -} - -/** - * polkit_module_get_func_initialize: - * @module_interface: the module interface - * - * Get the function pointer. - * - * Returns: Function pointer or #NULL if it's unavailable or an error occured - **/ -PolKitModuleInitialize -polkit_module_get_func_initialize (PolKitModuleInterface *module_interface) -{ - g_return_val_if_fail (module_interface != NULL, NULL); - return module_interface->func_initialize; -} - -/** - * polkit_module_get_func_shutdown: - * @module_interface: the module interface - * - * Get the function pointer. - * - * Returns: Function pointer or #NULL if it's unavailable or an error occured - **/ -PolKitModuleShutdown -polkit_module_get_func_shutdown (PolKitModuleInterface *module_interface) -{ - g_return_val_if_fail (module_interface != NULL, NULL); - return module_interface->func_shutdown; -} - -/** - * polkit_module_get_func_can_session_do_action: - * @module_interface: the module interface - * - * Get the function pointer. - * - * Returns: Function pointer or #NULL if it's unavailable or an error occured - **/ -PolKitModuleCanSessionDoAction -polkit_module_get_func_can_session_do_action (PolKitModuleInterface *module_interface) -{ - g_return_val_if_fail (module_interface != NULL, NULL); - return module_interface->func_can_session_do_action; -} - -/** - * polkit_module_get_func_can_caller_do_action: - * @module_interface: the module interface - * - * Get the function pointer. - * - * Returns: Function pointer or #NULL if it's unavailable or an error occured - **/ -PolKitModuleCanCallerDoAction -polkit_module_get_func_can_caller_do_action (PolKitModuleInterface *module_interface) -{ - g_return_val_if_fail (module_interface != NULL, NULL); - return module_interface->func_can_caller_do_action; -} - - -/** - * polkit_module_interface_get_control: - * @module_interface: the module interface - * - * Get the control for this module. - * - * Returns: A #PolKitModuleControl value. - **/ -PolKitModuleControl -polkit_module_interface_get_control (PolKitModuleInterface *module_interface) -{ - /* hmm, should we have UNKNOWN? */ - g_return_val_if_fail (module_interface != NULL, POLKIT_MODULE_CONTROL_MANDATORY); - return module_interface->module_control; -} - -static const struct { - PolKitModuleControl module_control; - const char *str; -} mapping[] = -{ - {POLKIT_MODULE_CONTROL_ADVISE, "advise"}, - {POLKIT_MODULE_CONTROL_MANDATORY, "mandatory"}, - {0, NULL} -}; - -/** - * polkit_module_control_to_string_representation: - * @module_control: the given value - * - * Gives a textual representation of a #PolKitModuleControl object. - * - * Returns: The textual representation or #NULL if the value passed is invalid - **/ -const char * -polkit_module_control_to_string_representation (PolKitModuleControl module_control) -{ - if (module_control < 0 || module_control >= POLKIT_MODULE_CONTROL_N_CONTROLS) { - g_warning ("The passed module control identifier, %d, is not valid", module_control); - return NULL; - } - - return mapping[module_control].str; -} - -/** - * polkit_module_control_from_string_representation: - * @string: the textual representation - * @out_module_control: return location for the value - * - * Given a textual representation of a #PolKitModuleControl object, find the #PolKitModuleControl value. - * - * Returns: TRUE if the textual representation was valid, otherwise FALSE - **/ -polkit_bool_t -polkit_module_control_from_string_representation (const char *string, PolKitModuleControl *out_module_control) -{ - int n; - - g_return_val_if_fail (out_module_control != NULL, FALSE); - - for (n = 0; n < POLKIT_MODULE_CONTROL_N_CONTROLS; n++) { - if (mapping[n].str == NULL) - break; - if (g_ascii_strcasecmp (mapping[n].str, string) == 0) { - *out_module_control = mapping[n].module_control; - goto found; - } - } - - return FALSE; -found: - return TRUE; -} - - -/** - * polkit_module_set_user_data: - * @module_interface: module interface - * @user_data: user data to set - * - * Set user data. A PolicyKit module should use these instead of - * global variables as multiple instances of the module may be - * instantiated at the same time. - **/ -void -polkit_module_set_user_data (PolKitModuleInterface *module_interface, void *user_data) -{ - g_return_if_fail (module_interface != NULL); - module_interface->module_user_data = user_data; -} - -/** - * polkit_module_get_user_data: - * @module_interface: module interface - * - * Get user data. - * - * Returns: The user data set with polkit_module_set_user_data() - **/ -void * -polkit_module_get_user_data (PolKitModuleInterface *module_interface) -{ - g_return_val_if_fail (module_interface != NULL, NULL); - return module_interface->module_user_data; -} - -static polkit_bool_t -_check_action (PolKitModuleInterface *module_interface, PolKitAction *action) -{ - polkit_bool_t ret; - - ret = FALSE; - - if (module_interface->builtin_have_action_regex) { - char *action_name; - if (polkit_action_get_action_id (action, &action_name)) { - if (regexec (&module_interface->builtin_action_regex_compiled, - action_name, 0, NULL, 0) == 0) { - ret = TRUE; - } - } - } else { - ret = TRUE; - } - - return ret; -} - -/*----*/ - -static polkit_bool_t -_check_uid_in_list (GSList *list, uid_t given_uid) -{ - GSList *i; - - for (i = list; i != NULL; i = g_slist_next (i)) { - uid_t uid = GPOINTER_TO_INT (i->data); - if (given_uid == uid) - return TRUE; - } - return FALSE; -} - -static polkit_bool_t -_check_users_for_session (PolKitModuleInterface *module_interface, PolKitSession *session) -{ - uid_t uid; - GSList *list; - if ((list = module_interface->builtin_users) == NULL) - return TRUE; - if (session == NULL) - return FALSE; - if (!polkit_session_get_uid (session, &uid)) - return FALSE; - return _check_uid_in_list (list, uid); -} - -static polkit_bool_t -_check_users_for_caller (PolKitModuleInterface *module_interface, PolKitCaller *caller) -{ - uid_t uid; - GSList *list; - if ((list = module_interface->builtin_users) == NULL) - return TRUE; - if (caller == NULL) - return FALSE; - if (!polkit_caller_get_uid (caller, &uid)) - return FALSE; - return _check_uid_in_list (list, uid); -} - - -/** - * polkit_module_interface_check_builtin_confinement_for_session: - * @module_interface: the given module - * @pk_context: the PolicyKit context - * @action: the type of access to check for - * @session: the session in question - * - * Check whether some of the built-in module options (e.g. action="hal-storage-*", - * user=davidz) confines the given module, e.g. whether it should be skipped. - * - * Returns: TRUE if, and only if, the module is confined from handling the request - **/ -polkit_bool_t -polkit_module_interface_check_builtin_confinement_for_session (PolKitModuleInterface *module_interface, - PolKitContext *pk_context, - PolKitAction *action, - PolKitSession *session) -{ - polkit_bool_t ret; - ret = TRUE; - - g_return_val_if_fail (module_interface != NULL, ret); - - if (!_check_action (module_interface, action)) - goto out; - if (!_check_users_for_session (module_interface, session)) - goto out; - - /* not confined */ - ret = FALSE; -out: - return ret; -} - -/** - * polkit_module_interface_check_builtin_confinement_for_caller: - * @module_interface: the given module - * @pk_context: the PolicyKit context - * @action: the type of access to check for - * @caller: the caller in question - * - * Check whether some of the built-in module options (e.g. action="hal-storage-*", - * user=davidz) confines the given module, e.g. whether it should be skipped. - * - * Returns: TRUE if, and only if, the module is confined from handling the request - **/ -polkit_bool_t -polkit_module_interface_check_builtin_confinement_for_caller (PolKitModuleInterface *module_interface, - PolKitContext *pk_context, - PolKitAction *action, - PolKitCaller *caller) -{ - polkit_bool_t ret; - ret = TRUE; - - g_return_val_if_fail (module_interface != NULL, ret); - - if (!_check_action (module_interface, action)) - goto out; - if (!_check_users_for_caller (module_interface, caller)) - goto out; - - /* not confined */ - ret = FALSE; -out: - return ret; -} diff --git a/polkit/polkit-module.h b/polkit/polkit-module.h deleted file mode 100644 index 02dd9ca..0000000 --- a/polkit/polkit-module.h +++ /dev/null @@ -1,163 +0,0 @@ -/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */ -/*************************************************************************** - * - * polkit-module.h : PolicyKit loadable module interface - * - * Copyright (C) 2007 David Zeuthen, - * - * Licensed under the Academic Free License version 2.1 - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA - * - **************************************************************************/ - -#if !defined (POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H) -#error "Only can be included directly, this file may disappear or change contents." -#endif - -#ifndef POLKIT_MODULE_H -#define POLKIT_MODULE_H - -#include -#include - -struct PolKitModuleInterface; -typedef struct PolKitModuleInterface PolKitModuleInterface; - -/** - * PolKitModuleInitialize: - * @module_interface: the module interface - * @argc: number of arguments to pass to module - * @argv: arguments passed to module; the first argument is the filename/path to the module - * - * Type of PolicyKit module function to initialize the module. - * - * Returns: Whether the module was initialized. - **/ -typedef polkit_bool_t (*PolKitModuleInitialize) (PolKitModuleInterface *module_interface, - int argc, - char *argv[]); - -/** - * PolKitModuleShutdown: - * @module_interface: the module interface - * - * Type of PolicyKit module function to shutdown the module. - **/ -typedef void (*PolKitModuleShutdown) (PolKitModuleInterface *module_interface); - -/** - * PolKitModuleCanSessionAccessDoAction: - * @module_interface: the module interface - * @pk_context: the PolicyKit context - * @action: the type of access to check for - * @session: the session in question - * - * Type of PolicyKit module function to implement polkit_can_session_access_do_action(). - * - * Returns: the #PolKitResult - **/ -typedef PolKitResult (*PolKitModuleCanSessionDoAction) (PolKitModuleInterface *module_interface, - PolKitContext *pk_context, - PolKitAction *action, - PolKitSession *session); - -/** - * PolKitModuleCanCallerAccessDoAction: - * @module_interface: the module interface - * @pk_context: the PolicyKit context - * @action: the type of access to check for - * @caller: the caller in question - * - * Type of PolicyKit module function to implement polkit_can_caller_do_action(). - * - * Returns: the #PolKitResult - **/ -typedef PolKitResult (*PolKitModuleCanCallerDoAction) (PolKitModuleInterface *module_interface, - PolKitContext *pk_context, - PolKitAction *action, - PolKitCaller *caller); - -PolKitModuleInterface *polkit_module_interface_new (void); -PolKitModuleInterface *polkit_module_interface_ref (PolKitModuleInterface *module_interface); -void polkit_module_interface_unref (PolKitModuleInterface *module_interface); -const char *polkit_module_get_name (PolKitModuleInterface *module_interface); - -void polkit_module_set_user_data (PolKitModuleInterface *module_interface, void *user_data); -void *polkit_module_get_user_data (PolKitModuleInterface *module_interface); - -void polkit_module_set_func_initialize (PolKitModuleInterface *module_interface, - PolKitModuleInitialize func); -void polkit_module_set_func_shutdown (PolKitModuleInterface *module_interface, - PolKitModuleShutdown func); -void polkit_module_set_func_can_session_do_action (PolKitModuleInterface *module_interface, - PolKitModuleCanSessionDoAction func); -void polkit_module_set_func_can_caller_do_action (PolKitModuleInterface *module_interface, - PolKitModuleCanCallerDoAction func); - -PolKitModuleInitialize polkit_module_get_func_initialize (PolKitModuleInterface *module_interface); -PolKitModuleShutdown polkit_module_get_func_shutdown (PolKitModuleInterface *module_interface); -PolKitModuleCanSessionDoAction polkit_module_get_func_can_session_do_action (PolKitModuleInterface *module_interface); -PolKitModuleCanCallerDoAction polkit_module_get_func_can_caller_do_action (PolKitModuleInterface *module_interface); - -/** - * PolKitModuleControl: - * @POLKIT_MODULE_CONTROL_ADVISE: Allow modules, marked with #POLKIT_MODULE_CONTROL_MANDATORY, down the - * stack to override results from this module. Modules down the stack that are also marked with - * the #POLKIT_MODULE_CONTROL_ADVISE control will only take effect it they change the result to be "less strict". - * @POLKIT_MODULE_CONTROL_MANDATORY: Always use results (unless it returns - * #POLKIT_RESULT_UNKNOWN_ACTION for a given request) from this module, even if it changes whether the - * result to be "more strict". . If a later module also uses this control, results from that module will override it. - * @POLKIT_MODULE_CONTROL_N_CONTROLS: Number of control stanzas - * - * The control stanza for a PolicyKit module. This is read from the - * PolicyKit configuration file (/etc/PolicyKit/PolicyKit.conf) that - * defines the stacked order of the modules and is chosen by the - * system administrator. See the definition of #PolKitResult for - * the definition of "strict" with respect to result values. - **/ -typedef enum -{ - POLKIT_MODULE_CONTROL_ADVISE, - POLKIT_MODULE_CONTROL_MANDATORY, - POLKIT_MODULE_CONTROL_N_CONTROLS -} PolKitModuleControl; - -const char * -polkit_module_control_to_string_representation (PolKitModuleControl module_control); - -polkit_bool_t -polkit_module_control_from_string_representation (const char *string, PolKitModuleControl *out_module_control); - -PolKitModuleInterface *polkit_module_interface_load_module (const char *name, - PolKitModuleControl module_control, - int argc, char *argv[]); - -PolKitModuleControl polkit_module_interface_get_control (PolKitModuleInterface *module_interface); - - -polkit_bool_t -polkit_module_interface_check_builtin_confinement_for_session (PolKitModuleInterface *module_interface, - PolKitContext *pk_context, - PolKitAction *action, - PolKitSession *session); - -polkit_bool_t -polkit_module_interface_check_builtin_confinement_for_caller (PolKitModuleInterface *module_interface, - PolKitContext *pk_context, - PolKitAction *action, - PolKitCaller *caller); - -#endif /* POLKIT_MODULE_H */ diff --git a/polkit/polkit.h b/polkit/polkit.h index 148ee25..581fbe3 100644 --- a/polkit/polkit.h +++ b/polkit/polkit.h @@ -39,7 +39,6 @@ #include #include #include -#include #undef _POLKIT_INSIDE_POLKIT_H #endif /* POLKIT_H */ -- 2.7.4