From 81401e166e69287f33f568ca06a959662b01d068 Mon Sep 17 00:00:00 2001 From: David Zeuthen Date: Sun, 15 Apr 2007 19:41:00 -0400 Subject: [PATCH] remove misguided action parameters This feature was introduced with commit 02a4c5101ca4751963f76a0e016d3308389dc2a5 http://gitweb.freedesktop.org/?p=PolicyKit.git;a=commit;h=02a4c5101ca4751963f76a0e016d3308389dc2a5 It makes things a lot harder for privilege granting if a feature like action parameters are present. Thinking about it, they're not really necessary; the parameters should just be encoded in the resource name; e.g. with the example given in the commit > This is useful for letting mechanisms convey information which may be > useful in making a decision whether an action is OK. For example, > NetworkManager could use this to provide the phone-number parameter > with a hypothetical "nm-dialup" action. Then a site or vendor can > provide insert > > mandatory polkit-run-program.so \ > program="/usr/lib/check-dialup-number.sh" privilege="nm-dialup" > > into /etc/PolicyKit/PolicyKit.conf and have said program check > > $POLKIT_ACTION_PARAM_PHONE_NUMBER > > in that program. is broken; the right thing here is for a hypothetical NetworkManager to pass the dial up connection details as the resource resource.type = "NetworkManager" resource.id = "/org/freedesktop/NM/DialUpConnection/number=555-HOT-CHICKS" in a well-defined format etc. etc. --- doc/man/polkit-check-caller.1.in | 3 - doc/man/polkit-check-session.1.in | 3 - doc/man/polkit-module-run-program.8.in | 5 -- libpolkit/libpolkit-action.c | 73 ------------------------- libpolkit/libpolkit-action.h | 18 ------ modules/run-program/polkit-module-run-program.c | 25 --------- tools/polkit-check-caller.c | 30 ---------- tools/polkit-check-session.c | 30 ---------- 8 files changed, 187 deletions(-) diff --git a/doc/man/polkit-check-caller.1.in b/doc/man/polkit-check-caller.1.in index a204387..2b30ace 100644 --- a/doc/man/polkit-check-caller.1.in +++ b/doc/man/polkit-check-caller.1.in @@ -25,9 +25,6 @@ The following options are supported: .I "--action" The action to check. .TP -.I "--action-param =" -Append parameters to action. -.TP .I "--caller" The caller to check for. Must be the callers unique name on the D-Bus system message bus. diff --git a/doc/man/polkit-check-session.1.in b/doc/man/polkit-check-session.1.in index bba8f01..019b917 100644 --- a/doc/man/polkit-check-session.1.in +++ b/doc/man/polkit-check-session.1.in @@ -25,9 +25,6 @@ The following options are supported: .I "--action" The action to check. .TP -.I "--action-param =" -Append parameters to action. -.TP .I "--session" The session to check for. Must be a ConsoleKit object path. If ommitted the current session is used. diff --git a/doc/man/polkit-module-run-program.8.in b/doc/man/polkit-module-run-program.8.in index 643f4dd..1824452 100644 --- a/doc/man/polkit-module-run-program.8.in +++ b/doc/man/polkit-module-run-program.8.in @@ -101,11 +101,6 @@ the system message bus. .B POLKIT_ACTION_ID An identifier for the action .TP -.B POLKIT_ACTION_= -All action parameters are put in the environment; the key is -uppercased and hyphen and period characters are replaced with -underscores. -.TP .B POLKIT_RESOURCE_ID Resource identifier .TP diff --git a/libpolkit/libpolkit-action.c b/libpolkit/libpolkit-action.c index 34ef594..f0a0a8c 100644 --- a/libpolkit/libpolkit-action.c +++ b/libpolkit/libpolkit-action.c @@ -170,79 +170,6 @@ libpolkit_action_debug (PolKitAction *action) } /** - * libpolkit_action_set_param: - * @action: the action - * @key: key - * @value: value - * - * Set a parameter (a key/value pair) associated with the action. - **/ -void -libpolkit_action_set_param (PolKitAction *action, const char *key, const char *value) -{ - g_return_if_fail (action != NULL); - g_return_if_fail (key != NULL); - - g_hash_table_insert (action->params, g_strdup (key), g_strdup (value)); -} - -/** - * libpolkit_action_get_param: - * @action: the action - * @key: key - * - * Get a parameter (a key/value pair) associated with the action. - * - * Returns: the value or #NULL if the parameter wasn't set. - **/ -const char * -libpolkit_action_get_param (PolKitAction *action, const char *key) -{ - const char *value; - - g_return_val_if_fail (action != NULL, NULL); - g_return_val_if_fail (key != NULL, NULL); - - value = g_hash_table_lookup (action->params, key); - return value; -} - -typedef struct { - PolKitAction *action; - PolKitActionParamForeachFunc cb; - void *user_data; -} HashClosure; - -static void -_hash_cb (gpointer key, gpointer value, gpointer user_data) -{ - HashClosure *data = user_data; - data->cb (data->action, key, value, data->user_data); -} - -/** - * libpolkit_action_param_foreach: - * @action: the action - * @cb: function to call - * @user_data: user data - * - * Calls the given function for each parameter on the object. - **/ -void -libpolkit_action_param_foreach (PolKitAction *action, PolKitActionParamForeachFunc cb, void *user_data) -{ - HashClosure data; - - g_return_if_fail (action != NULL); - g_return_if_fail (cb != NULL); - - data.action = action; - data.cb = cb; - data.user_data = user_data; - g_hash_table_foreach (action->params, _hash_cb, &data); -} - -/** * libpolkit_action_validate: * @action: the object * diff --git a/libpolkit/libpolkit-action.h b/libpolkit/libpolkit-action.h index df4888f..e266c2d 100644 --- a/libpolkit/libpolkit-action.h +++ b/libpolkit/libpolkit-action.h @@ -35,30 +35,12 @@ struct PolKitAction; typedef struct PolKitAction PolKitAction; -/** - * PolKitActionParamForeachFunc: - * @action: the action - * @key: key of parameter - * @value: value of parameter - * @user_data: user data - * - * Type for function used in libpolkit_action_param_foreach(). - **/ -typedef void (*PolKitActionParamForeachFunc) (PolKitAction *action, - const char *key, - const char *value, - void *user_data); - PolKitAction *libpolkit_action_new (void); PolKitAction *libpolkit_action_ref (PolKitAction *action); void libpolkit_action_unref (PolKitAction *action); polkit_bool_t libpolkit_action_set_action_id (PolKitAction *action, const char *action_id); polkit_bool_t libpolkit_action_get_action_id (PolKitAction *action, char **out_action_id); -void libpolkit_action_set_param (PolKitAction *action, const char *key, const char *value); -const char *libpolkit_action_get_param (PolKitAction *action, const char *key); -void libpolkit_action_param_foreach (PolKitAction *action, PolKitActionParamForeachFunc cb, void *user_data); - void libpolkit_action_debug (PolKitAction *action); polkit_bool_t libpolkit_action_validate (PolKitAction *action); diff --git a/modules/run-program/polkit-module-run-program.c b/modules/run-program/polkit-module-run-program.c index ecbc126..f0189f7 100644 --- a/modules/run-program/polkit-module-run-program.c +++ b/modules/run-program/polkit-module-run-program.c @@ -97,29 +97,6 @@ _module_shutdown (PolKitModuleInterface *module_interface) } } -static void -_add_action_param_to_env (PolKitAction *action, const char *key, const char *value, gpointer user_data) -{ - int n; - char *upper; - GPtrArray *envp = user_data; - - if (key == NULL || value == NULL) - return; - - upper = g_ascii_strup (key, -1); - for (n = 0; upper[n] != '\0'; n++) { - switch (upper[n]) { - case '.': - case '-': - upper[n] = '_'; - break; - } - } - g_ptr_array_add (envp, g_strdup_printf ("POLKIT_ACTION_PARAM_%s=%s", upper, value)); - g_free (upper); -} - static polkit_bool_t _add_action_to_env (PolKitAction *action, GPtrArray *envp) { @@ -127,8 +104,6 @@ _add_action_to_env (PolKitAction *action, GPtrArray *envp) if (!libpolkit_action_get_action_id (action, &p_id)) goto error; g_ptr_array_add (envp, g_strdup_printf ("POLKIT_ACTION_ID=%s", p_id)); - - libpolkit_action_param_foreach (action, _add_action_param_to_env, envp); return TRUE; error: return FALSE; diff --git a/tools/polkit-check-caller.c b/tools/polkit-check-caller.c index 32a2a94..304a282 100644 --- a/tools/polkit-check-caller.c +++ b/tools/polkit-check-caller.c @@ -46,14 +46,12 @@ usage (int argc, char *argv[]) "\n" "usage : polkit-check-caller\n" " --caller --action \n" - " [--action-param =]\n" " --resource-type --resource-id \n" " [--version] [--help]\n"); fprintf (stderr, "\n" " --caller Unique name of caller on the system bus\n" " --action Requested action\n" - " --action-param Action parameters (may occur multiple times)\n" " --resource-type Type of resource\n" " --resource-id Identifier of resource\n" " --version Show version and exit\n" @@ -81,17 +79,12 @@ main (int argc, char *argv[]) PolKitAction *action; gboolean allowed; PolKitError *p_error; - GPtrArray *params; - int n; - char *param_key; - char *param_value; if (argc <= 1) { usage (argc, argv); return 1; } - params = g_ptr_array_new (); while (1) { int c; int option_index = 0; @@ -100,7 +93,6 @@ main (int argc, char *argv[]) {"resource-type", 1, NULL, 0}, {"resource-id", 1, NULL, 0}, {"action", 1, NULL, 0}, - {"action-param", 1, NULL, 0}, {"caller", 1, NULL, 0}, {"version", 0, NULL, 0}, {"help", 0, NULL, 0}, @@ -127,18 +119,6 @@ main (int argc, char *argv[]) resource_id = strdup (optarg); } else if (strcmp (opt, "action") == 0) { action_id = strdup (optarg); - } else if (strcmp (opt, "action-param") == 0) { - param_key = strdup (optarg); - param_value = NULL; - for (n = 0; param_key[n] != '=' && param_key[n] != '\0'; n++) - ; - if (param_key[n] == '\0') - usage (argc, argv); - param_key[n] = '\0'; - param_value = param_key + n + 1; - g_ptr_array_add (params, g_strdup (param_key)); - g_ptr_array_add (params, g_strdup (param_value)); - g_free (param_key); } else if (strcmp (opt, "caller") == 0) { dbus_name = strdup (optarg); } @@ -178,16 +158,6 @@ main (int argc, char *argv[]) action = libpolkit_action_new (); libpolkit_action_set_action_id (action, action_id); - for (n = 0; n < (int) params->len; n += 2) { - char *key; - char *value; - key = params->pdata[n]; - value = params->pdata[n+1]; - libpolkit_action_set_param (action, key, value); - g_free (key); - g_free (value); - } - g_ptr_array_free (params, TRUE); resource = libpolkit_resource_new (); libpolkit_resource_set_resource_type (resource, resource_type); diff --git a/tools/polkit-check-session.c b/tools/polkit-check-session.c index 0b8472c..609e8db 100644 --- a/tools/polkit-check-session.c +++ b/tools/polkit-check-session.c @@ -46,14 +46,12 @@ usage (int argc, char *argv[]) "\n" "usage : polkit-check-session\n" " [--session ] --action \n" - " [--action-param =]" " --resource-type --resource-id \n" " [--version] [--help]\n"); fprintf (stderr, "\n" " --session ConsoleKit object path of session\n" " --action Requested action\n" - " --action-param Action parameters (may occur multiple times)\n" " --resource-type Type of resource\n" " --resource-id Identifier of resource\n" " --version Show version and exit\n" @@ -82,10 +80,6 @@ main (int argc, char *argv[]) PolKitAction *action; gboolean allowed; PolKitError *p_error; - GPtrArray *params; - int n; - char *param_key; - char *param_value; if (argc <= 1) { usage (argc, argv); @@ -94,7 +88,6 @@ main (int argc, char *argv[]) cookie = getenv ("XDG_SESSION_COOKIE"); - params = g_ptr_array_new (); while (1) { int c; int option_index = 0; @@ -103,7 +96,6 @@ main (int argc, char *argv[]) {"resource-type", 1, NULL, 0}, {"resource-id", 1, NULL, 0}, {"action", 1, NULL, 0}, - {"action-param", 1, NULL, 0}, {"session", 1, NULL, 0}, {"version", 0, NULL, 0}, {"help", 0, NULL, 0}, @@ -130,18 +122,6 @@ main (int argc, char *argv[]) resource_id = strdup (optarg); } else if (strcmp (opt, "action") == 0) { action_id = strdup (optarg); - } else if (strcmp (opt, "action-param") == 0) { - param_key = strdup (optarg); - param_value = NULL; - for (n = 0; param_key[n] != '=' && param_key[n] != '\0'; n++) - ; - if (param_key[n] == '\0') - usage (argc, argv); - param_key[n] = '\0'; - param_value = param_key + n + 1; - g_ptr_array_add (params, g_strdup (param_key)); - g_ptr_array_add (params, g_strdup (param_value)); - g_free (param_key); } else if (strcmp (opt, "session") == 0) { session_id = strdup (optarg); } @@ -195,16 +175,6 @@ main (int argc, char *argv[]) action = libpolkit_action_new (); libpolkit_action_set_action_id (action, action_id); - for (n = 0; n < (int) params->len; n += 2) { - char *key; - char *value; - key = params->pdata[n]; - value = params->pdata[n+1]; - libpolkit_action_set_param (action, key, value); - g_free (key); - g_free (value); - } - g_ptr_array_free (params, TRUE); resource = libpolkit_resource_new (); libpolkit_resource_set_resource_type (resource, resource_type); -- 2.7.4