diff options
| author | David Zeuthen <davidz@redhat.com> | 2012-05-23 16:39:25 -0400 |
|---|---|---|
| committer | David Zeuthen <davidz@redhat.com> | 2012-05-23 16:39:25 -0400 |
| commit | 0f830c76048229895164837f8ce01869d88a2616 (patch) | |
| tree | 015f0ac20dce8f204553aa93fb2ff353abe60ce5 /src | |
| parent | 29950854f6b9e9b8ea2d96d67c79eeec1046a4f1 (diff) | |
Nuke polkitbackend library, localauthority backend and extension system
Any backend can now be implemented in JavaScript (if so desired) so we
don't need any of this any more.
Note that the libpolkitbackend library was never declared stable (the
preprocessor symbol POLKIT_BACKEND_I_KNOW_API_IS_SUBJECT_TO_CHANGE had
to be defined) so removing it is not an API/ABI break.
Signed-off-by: David Zeuthen <davidz@redhat.com>
Diffstat (limited to 'src')
| -rw-r--r-- | src/Makefile.am | 2 | ||||
| -rw-r--r-- | src/nullbackend/50-nullbackend.conf | 16 | ||||
| -rw-r--r-- | src/nullbackend/Makefile.am | 50 | ||||
| -rw-r--r-- | src/nullbackend/nullbackend.c | 34 | ||||
| -rw-r--r-- | src/nullbackend/polkitbackendnullauthority.c | 195 | ||||
| -rw-r--r-- | src/nullbackend/polkitbackendnullauthority.h | 59 | ||||
| -rw-r--r-- | src/polkitbackend/Makefile.am | 29 | ||||
| -rw-r--r-- | src/polkitbackend/polkitbackend.h | 1 | ||||
| -rw-r--r-- | src/polkitbackend/polkitbackendauthority.c | 66 | ||||
| -rw-r--r-- | src/polkitbackend/polkitbackendauthority.h | 7 | ||||
| -rw-r--r-- | src/polkitbackend/polkitbackendjsauthority.c | 8 | ||||
| -rw-r--r-- | src/polkitbackend/polkitbackendlocalauthority.c | 783 | ||||
| -rw-r--r-- | src/polkitbackend/polkitbackendlocalauthority.h | 107 | ||||
| -rw-r--r-- | src/polkitbackend/polkitbackendlocalauthorizationstore.c | 776 | ||||
| -rw-r--r-- | src/polkitbackend/polkitbackendlocalauthorizationstore.h | 86 | ||||
| -rw-r--r-- | src/polkitbackend/polkitbackendtypes.h | 3 |
16 files changed, 15 insertions, 2207 deletions
diff --git a/src/Makefile.am b/src/Makefile.am index 28c7bfa..3380fb2 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -1,5 +1,5 @@ -SUBDIRS = polkit polkitbackend polkitagent polkitd nullbackend programs +SUBDIRS = polkit polkitbackend polkitagent polkitd programs if BUILD_EXAMPLES SUBDIRS += examples diff --git a/src/nullbackend/50-nullbackend.conf b/src/nullbackend/50-nullbackend.conf deleted file mode 100644 index 3497677..0000000 --- a/src/nullbackend/50-nullbackend.conf +++ /dev/null @@ -1,16 +0,0 @@ -# -# Configuration file for the PolicyKit null backend. -# -# DO NOT EDIT THIS FILE, it will be overwritten on update. -# -# To change configuration, create another file in this directory with -# a filename that is sorted after the 50-nullback.conf and make -# sure it has the .conf extension. -# -# Only a single configuration item, Priority, is supported. -# -# See the PolicyKit documentation for more information about PolicyKit. -# - -[Configuration] -Priority=-10 diff --git a/src/nullbackend/Makefile.am b/src/nullbackend/Makefile.am deleted file mode 100644 index c683818..0000000 --- a/src/nullbackend/Makefile.am +++ /dev/null @@ -1,50 +0,0 @@ - -NULL = - -module_flags = -export_dynamic -avoid-version -module -no-undefined -export-symbols-regex '^g_io_module_(load|unload)' - -INCLUDES = \ - -I$(top_builddir)/src \ - -I$(top_srcdir)/src \ - -DPACKAGE_LIBEXEC_DIR=\""$(libexecdir)"\" \ - -DPACKAGE_SYSCONF_DIR=\""$(sysconfdir)"\" \ - -DPACKAGE_DATA_DIR=\""$(datadir)"\" \ - -DPACKAGE_BIN_DIR=\""$(bindir)"\" \ - -DPACKAGE_LOCALSTATE_DIR=\""$(localstatedir)"\" \ - -DPACKAGE_LOCALE_DIR=\""$(localedir)"\" \ - -DPACKAGE_LIB_DIR=\""$(libdir)"\" \ - -D_POSIX_PTHREAD_SEMANTICS \ - -D_REENTRANT \ - -D_POLKIT_BACKEND_COMPILATION \ - $(NULL) - -polkitmodulesdir = $(libdir)/polkit-1/extensions -polkitmodules_LTLIBRARIES = libnullbackend.la - -libnullbackend_la_SOURCES = \ - nullbackend.c \ - polkitbackendnullauthority.c polkitbackendnullauthority.h \ - $(NULL) - -libnullbackend_la_CFLAGS = \ - -DPOLKIT_BACKEND_I_KNOW_API_IS_SUBJECT_TO_CHANGE \ - -DG_LOG_DOMAIN=\"PolkitNullBackend\" \ - $(GLIB_CFLAGS) \ - $(NULL) - -libnullbackend_la_LDFLAGS = \ - $(module_flags) \ - $(GLIB_LIBS) \ - $(top_builddir)/src/polkitbackend/libpolkit-backend-1.la \ - $(NULL) - -libnullbackend_la_LIBADD = \ - $(NULL) - -nullconfigdir = $(sysconfdir)/polkit-1/nullbackend.conf.d -nullconfig_DATA = 50-nullbackend.conf - -EXTRA_DIST = $(nullconfig_DATA) - -clean-local : - rm -f *~ diff --git a/src/nullbackend/nullbackend.c b/src/nullbackend/nullbackend.c deleted file mode 100644 index 0436cf0..0000000 --- a/src/nullbackend/nullbackend.c +++ /dev/null @@ -1,34 +0,0 @@ -/* - * Copyright (C) 2009 Red Hat, Inc. - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General - * Public License along with this library; if not, write to the - * Free Software Foundation, Inc., 59 Temple Place, Suite 330, - * Boston, MA 02111-1307, USA. - * - * Author: David Zeuthen <davidz@redhat.com> - */ - -#include "polkitbackendnullauthority.h" - -void -g_io_module_load (GIOModule *module) -{ - polkit_backend_null_authority_register (module); -} - -void -g_io_module_unload (GIOModule *module) -{ -} - diff --git a/src/nullbackend/polkitbackendnullauthority.c b/src/nullbackend/polkitbackendnullauthority.c deleted file mode 100644 index 7491540..0000000 --- a/src/nullbackend/polkitbackendnullauthority.c +++ /dev/null @@ -1,195 +0,0 @@ -/* - * Copyright (C) 2008 Red Hat, Inc. - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General - * Public License along with this library; if not, write to the - * Free Software Foundation, Inc., 59 Temple Place, Suite 330, - * Boston, MA 02111-1307, USA. - * - * Author: David Zeuthen <davidz@redhat.com> - */ - -#include "config.h" -#include <errno.h> -#include <pwd.h> -#include <grp.h> -#include <string.h> -#include <glib/gstdio.h> - -#include "polkitbackend/polkitbackendconfigsource.h" -#include "polkitbackendnullauthority.h" - -struct _PolkitBackendNullAuthorityPrivate -{ - gint foo; -}; - -static GList *authority_enumerate_actions (PolkitBackendAuthority *authority, - PolkitSubject *caller, - const gchar *locale, - GError **error); - -static void authority_check_authorization (PolkitBackendAuthority *authority, - PolkitSubject *caller, - PolkitSubject *subject, - const gchar *action_id, - PolkitDetails *details, - PolkitCheckAuthorizationFlags flags, - GCancellable *cancellable, - GAsyncReadyCallback callback, - gpointer user_data); - -static PolkitAuthorizationResult *authority_check_authorization_finish (PolkitBackendAuthority *authority, - GAsyncResult *res, - GError **error); - -G_DEFINE_DYNAMIC_TYPE (PolkitBackendNullAuthority, polkit_backend_null_authority,POLKIT_BACKEND_TYPE_AUTHORITY); - -static void -polkit_backend_null_authority_init (PolkitBackendNullAuthority *authority) -{ - authority->priv = G_TYPE_INSTANCE_GET_PRIVATE (authority, - POLKIT_BACKEND_TYPE_NULL_AUTHORITY, - PolkitBackendNullAuthorityPrivate); -} - -static void -polkit_backend_null_authority_finalize (GObject *object) -{ - G_OBJECT_CLASS (polkit_backend_null_authority_parent_class)->finalize (object); -} - -static const gchar * -authority_get_name (PolkitBackendAuthority *authority) -{ - return "null"; -} - -static const gchar * -authority_get_version (PolkitBackendAuthority *authority) -{ - return PACKAGE_VERSION; -} - -static PolkitAuthorityFeatures -authority_get_features (PolkitBackendAuthority *authority) -{ - return POLKIT_AUTHORITY_FEATURES_NONE; -} - -static void -polkit_backend_null_authority_class_init (PolkitBackendNullAuthorityClass *klass) -{ - GObjectClass *gobject_class; - PolkitBackendAuthorityClass *authority_class; - - gobject_class = G_OBJECT_CLASS (klass); - authority_class = POLKIT_BACKEND_AUTHORITY_CLASS (klass); - - gobject_class->finalize = polkit_backend_null_authority_finalize; - - authority_class->get_name = authority_get_name; - authority_class->get_version = authority_get_version; - authority_class->get_features = authority_get_features; - authority_class->enumerate_actions = authority_enumerate_actions; - authority_class->check_authorization = authority_check_authorization; - authority_class->check_authorization_finish = authority_check_authorization_finish; - - g_type_class_add_private (klass, sizeof (PolkitBackendNullAuthorityPrivate)); -} - -static void -polkit_backend_null_authority_class_finalize (PolkitBackendNullAuthorityClass *klass) -{ -} - -void -polkit_backend_null_authority_register (GIOModule *module) -{ - gint priority; - GFile *directory; - PolkitBackendConfigSource *source; - - directory = g_file_new_for_path (PACKAGE_SYSCONF_DIR "/polkit-1/nullbackend.conf.d"); - source = polkit_backend_config_source_new (directory); - - priority = polkit_backend_config_source_get_integer (source, "Configuration", "Priority", NULL); - - polkit_backend_null_authority_register_type (G_TYPE_MODULE (module)); - - g_print ("Registering null backend at priority %d\n", priority); - - g_io_extension_point_implement (POLKIT_BACKEND_AUTHORITY_EXTENSION_POINT_NAME, - POLKIT_BACKEND_TYPE_NULL_AUTHORITY, - "null backend " PACKAGE_VERSION, - priority); - - g_object_unref (directory); - g_object_unref (source); -} - -/* ---------------------------------------------------------------------------------------------------- */ - -static GList * -authority_enumerate_actions (PolkitBackendAuthority *authority, - PolkitSubject *caller, - const gchar *locale, - GError **error) -{ - /* We don't know any actions */ - return NULL; -} - -static void -authority_check_authorization (PolkitBackendAuthority *authority, - PolkitSubject *caller, - PolkitSubject *subject, - const gchar *action_id, - PolkitDetails *details, - PolkitCheckAuthorizationFlags flags, - GCancellable *cancellable, - GAsyncReadyCallback callback, - gpointer user_data) -{ - GSimpleAsyncResult *simple; - - /* complete immediately */ - simple = g_simple_async_result_new (G_OBJECT (authority), - callback, - user_data, - authority_check_authorization); - g_simple_async_result_complete (simple); - g_object_unref (simple); -} - -static PolkitAuthorizationResult * -authority_check_authorization_finish (PolkitBackendAuthority *authority, - GAsyncResult *res, - GError **error) -{ - GSimpleAsyncResult *simple; - PolkitAuthorizationResult *result; - - simple = G_SIMPLE_ASYNC_RESULT (res); - - g_warn_if_fail (g_simple_async_result_get_source_tag (simple) == authority_check_authorization); - - /* we always return NOT_AUTHORIZED, never an error */ - result = polkit_authorization_result_new (FALSE, FALSE, NULL); - - if (g_simple_async_result_propagate_error (simple, error)) - goto out; - - out: - return result; -} diff --git a/src/nullbackend/polkitbackendnullauthority.h b/src/nullbackend/polkitbackendnullauthority.h deleted file mode 100644 index 318e482..0000000 --- a/src/nullbackend/polkitbackendnullauthority.h +++ /dev/null @@ -1,59 +0,0 @@ -/* - * Copyright (C) 2009 Red Hat, Inc. - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General - * Public License along with this library; if not, write to the - * Free Software Foundation, Inc., 59 Temple Place, Suite 330, - * Boston, MA 02111-1307, USA. - * - * Author: David Zeuthen <davidz@redhat.com> - */ - -#ifndef __POLKIT_BACKEND_NULL_AUTHORITY_H -#define __POLKIT_BACKEND_NULL_AUTHORITY_H - -#include <polkitbackend/polkitbackend.h> - -G_BEGIN_DECLS - -#define POLKIT_BACKEND_TYPE_NULL_AUTHORITY (polkit_backend_null_authority_get_type ()) -#define POLKIT_BACKEND_NULL_AUTHORITY(o) (G_TYPE_CHECK_INSTANCE_CAST ((o), POLKIT_BACKEND_TYPE_NULL_AUTHORITY, PolkitBackendNullAuthority)) -#define POLKIT_BACKEND_NULL_AUTHORITY_CLASS(k) (G_TYPE_CHECK_CLASS_CAST ((k), POLKIT_BACKEND_TYPE_NULL_AUTHORITY, PolkitBackendNullAuthorityClass)) -#define POLKIT_BACKEND_NULL_AUTHORITY_GET_CLASS(o) (G_TYPE_INSTANCE_GET_CLASS ((o), POLKIT_BACKEND_TYPE_NULL_AUTHORITY,PolkitBackendNullAuthorityClass)) -#define POLKIT_BACKEND_IS_NULL_AUTHORITY(o) (G_TYPE_CHECK_INSTANCE_TYPE ((o), POLKIT_BACKEND_TYPE_NULL_AUTHORITY)) -#define POLKIT_BACKEND_IS_NULL_AUTHORITY_CLASS(k) (G_TYPE_CHECK_CLASS_TYPE ((k), POLKIT_BACKEND_TYPE_NULL_AUTHORITY)) - -typedef struct _PolkitBackendNullAuthority PolkitBackendNullAuthority; -typedef struct _PolkitBackendNullAuthorityClass PolkitBackendNullAuthorityClass; -typedef struct _PolkitBackendNullAuthorityPrivate PolkitBackendNullAuthorityPrivate; - -struct _PolkitBackendNullAuthority -{ - PolkitBackendAuthority parent_instance; - PolkitBackendNullAuthorityPrivate *priv; -}; - -struct _PolkitBackendNullAuthorityClass -{ - PolkitBackendAuthorityClass parent_class; - -}; - -GType polkit_backend_null_authority_get_type (void) G_GNUC_CONST; - -void polkit_backend_null_authority_register (GIOModule *module); - -G_END_DECLS - -#endif /* __POLKIT_BACKEND_NULL_AUTHORITY_H */ - diff --git a/src/polkitbackend/Makefile.am b/src/polkitbackend/Makefile.am index 17d8310..c5b8d8a 100644 --- a/src/polkitbackend/Makefile.am +++ b/src/polkitbackend/Makefile.am @@ -18,25 +18,13 @@ INCLUDES = \ -D_REENTRANT \ $(NULL) -lib_LTLIBRARIES=libpolkit-backend-1.la - -libpolkit_backend_1includedir=$(includedir)/polkit-1/polkitbackend - +noinst_LTLIBRARIES=libpolkit-backend-1.la initjs.h : init.js $(PERL) $(srcdir)/toarray.pl $(srcdir)/init.js init_js > $@ BUILT_SOURCES += initjs.h -libpolkit_backend_1include_HEADERS = \ - polkitbackend.h \ - polkitbackendtypes.h \ - polkitbackendauthority.h \ - polkitbackendinteractiveauthority.h \ - polkitbackendlocalauthority.h \ - polkitbackendactionlookup.h \ - $(NULL) - libpolkit_backend_1_la_SOURCES = \ $(BUILT_SOURCES) \ polkitbackend.h \ @@ -44,12 +32,10 @@ libpolkit_backend_1_la_SOURCES = \ polkitbackendprivate.h \ polkitbackendauthority.h polkitbackendauthority.c \ polkitbackendinteractiveauthority.h polkitbackendinteractiveauthority.c \ - polkitbackendlocalauthority.h polkitbackendlocalauthority.c \ polkitbackendjsauthority.h polkitbackendjsauthority.c \ polkitbackendactionpool.h polkitbackendactionpool.c \ polkitbackendconfigsource.h polkitbackendconfigsource.c \ polkitbackendactionlookup.h polkitbackendactionlookup.c \ - polkitbackendlocalauthorizationstore.h polkitbackendlocalauthorizationstore.c \ $(NULL) if HAVE_LIBSYSTEMD_LOGIN @@ -76,15 +62,9 @@ libpolkit_backend_1_la_LIBADD = \ $(LIBJS_LIBS) \ $(NULL) -libpolkit_backend_1_la_LDFLAGS = -export-symbols-regex '(^polkit_.*)' - CLEANFILES = $(BUILT_SOURCES) -localauthorityconfigdir = $(sysconfdir)/polkit-1/localauthority.conf.d -localauthorityconfig_DATA = 50-localauthority.conf - EXTRA_DIST = \ - $(localauthorityconfig_DATA) \ init.js \ toarray.pl \ $(NULL) @@ -96,13 +76,6 @@ clean-local : rm -f *~ $(BUILT_SOURCES) install-exec-hook: - mkdir -p $(DESTDIR)$(localstatedir)/lib/polkit-1 - mkdir -p $(DESTDIR)$(localstatedir)/lib/polkit-1/localauthority/{10-vendor.d,20-org.d,30-site.d,50-local.d,90-mandatory.d} - -chmod 700 $(DESTDIR)$(localstatedir)/lib/polkit-1 - mkdir -p $(DESTDIR)$(sysconfdir)/polkit-1 - mkdir -p $(DESTDIR)$(sysconfdir)/polkit-1/localauthority/{10-vendor.d,20-org.d,30-site.d,50-local.d,90-mandatory.d} - -chmod 700 $(DESTDIR)$(sysconfdir)/polkit-1/localauthority - mkdir -p $(DESTDIR)$(libdir)/polkit-1/extensions mkdir -p $(DESTDIR)$(sysconfdir)/polkit-1/rules.d -chmod 700 $(DESTDIR)$(sysconfdir)/polkit-1/rules.d mkdir -p $(DESTDIR)$(datadir)/polkit-1/rules.d diff --git a/src/polkitbackend/polkitbackend.h b/src/polkitbackend/polkitbackend.h index 9b79d14..afa4be3 100644 --- a/src/polkitbackend/polkitbackend.h +++ b/src/polkitbackend/polkitbackend.h @@ -32,7 +32,6 @@ #include <polkitbackend/polkitbackendtypes.h> #include <polkitbackend/polkitbackendauthority.h> #include <polkitbackend/polkitbackendinteractiveauthority.h> -#include <polkitbackend/polkitbackendlocalauthority.h> #include <polkitbackend/polkitbackendactionlookup.h> #undef _POLKIT_BACKEND_INSIDE_POLKIT_BACKEND_H diff --git a/src/polkitbackend/polkitbackendauthority.c b/src/polkitbackend/polkitbackendauthority.c index e127247..91ece26 100644 --- a/src/polkitbackend/polkitbackendauthority.c +++ b/src/polkitbackend/polkitbackendauthority.c @@ -30,7 +30,6 @@ #include <polkit/polkitprivate.h> #include "polkitbackendauthority.h" -#include "polkitbackendlocalauthority.h" #include "polkitbackendjsauthority.h" #include "polkitbackendprivate.h" @@ -40,7 +39,7 @@ * @title: PolkitBackendAuthority * @short_description: Abstract base class for authority backends * @stability: Unstable - * @see_also: PolkitBackendLocalAuthority + * @see_also: PolkitBackendJsAuthority * * To implement an authority backend, simply subclass #PolkitBackendAuthority * and implement the required VFuncs. @@ -57,7 +56,7 @@ static guint signals[LAST_SIGNAL] = {0}; G_DEFINE_ABSTRACT_TYPE (PolkitBackendAuthority, polkit_backend_authority, G_TYPE_OBJECT); static void -polkit_backend_authority_init (PolkitBackendAuthority *local_authority) +polkit_backend_authority_init (PolkitBackendAuthority *authority) { } @@ -1349,71 +1348,30 @@ polkit_backend_authority_register (PolkitBackendAuthority *authority, /** * polkit_backend_authority_get: * - * Loads all #GIOModule<!-- -->s from <filename>$(libdir)/polkit-1/extensions</filename> to determine - * what implementation of #PolkitBackendAuthority to use. Then instantiates an object of the - * implementation with the highest priority and unloads all other modules. + * Gets the #PolkitBackendAuthority to use. * * Returns: A #PolkitBackendAuthority. Free with g_object_unref(). - **/ + */ PolkitBackendAuthority * polkit_backend_authority_get (void) { - static GIOExtensionPoint *ep = NULL; - static volatile GType local_authority_type = G_TYPE_INVALID; - static volatile GType js_authority_type = G_TYPE_INVALID; - GList *modules; - GList *authority_implementations; - GType authority_type; PolkitBackendAuthority *authority; - gchar *s; - - /* define extension points */ - if (ep == NULL) - { - ep = g_io_extension_point_register (POLKIT_BACKEND_AUTHORITY_EXTENSION_POINT_NAME); - g_io_extension_point_set_required_type (ep, POLKIT_BACKEND_TYPE_AUTHORITY); - } - - /* make sure local types are registered */ - if (local_authority_type == G_TYPE_INVALID) - local_authority_type = POLKIT_BACKEND_TYPE_LOCAL_AUTHORITY; - if (js_authority_type == G_TYPE_INVALID) - js_authority_type = POLKIT_BACKEND_TYPE_JS_AUTHORITY; - - /* load all modules */ - modules = g_io_modules_load_all_in_directory (PACKAGE_LIB_DIR "/polkit-1/extensions"); - /* find all extensions; we have at least one here since we've registered the local backend */ - authority_implementations = g_io_extension_point_get_extensions (ep); + /* TODO: move to polkitd/main.c */ - /* the returned list is sorted according to priority so just take the highest one */ - authority_type = g_io_extension_get_type ((GIOExtension*) authority_implementations->data); - authority = POLKIT_BACKEND_AUTHORITY (g_object_new (authority_type, NULL)); - - /* unload all modules; the module our instantiated authority is in won't be unloaded because - * we've instantiated a reference to a type in this module - */ - g_list_foreach (modules, (GFunc) g_type_module_unuse, NULL); - g_list_free (modules); - - /* First announce that we've started in the generic log */ + /* Announce that we've started in the generic log */ openlog ("polkitd", LOG_PID, LOG_DAEMON); /* system daemons without separate facility value */ - syslog (LOG_INFO, - "started daemon version %s using authority implementation `%s' version `%s'", - VERSION, - polkit_backend_authority_get_name (authority), - polkit_backend_authority_get_version (authority)); + syslog (LOG_INFO, "Started polkitd version %s", VERSION); closelog (); - /* and then log to the secure log */ - s = g_strdup_printf ("polkitd(authority=%s)", polkit_backend_authority_get_name (authority)); - openlog (s, - 0, + /* then start logging to the secure log */ + openlog ("polkitd", + LOG_PID, LOG_AUTHPRIV); /* security/authorization messages (private) */ - /* Ugh, can't free the string - gah, thanks openlog(3) */ - /*g_free (s);*/ + + authority = POLKIT_BACKEND_AUTHORITY (g_object_new (POLKIT_BACKEND_TYPE_JS_AUTHORITY, NULL)); return authority; } diff --git a/src/polkitbackend/polkitbackendauthority.h b/src/polkitbackend/polkitbackendauthority.h index a564054..f9f7385 100644 --- a/src/polkitbackend/polkitbackendauthority.h +++ b/src/polkitbackend/polkitbackendauthority.h @@ -43,13 +43,6 @@ G_BEGIN_DECLS typedef struct _PolkitBackendAuthorityClass PolkitBackendAuthorityClass; /** - * POLKIT_BACKEND_AUTHORITY_EXTENSION_POINT_NAME: - * - * Extension point name for authority backend implementations. - */ -#define POLKIT_BACKEND_AUTHORITY_EXTENSION_POINT_NAME "polkit-backend-authority-1" - -/** * PolkitBackendAuthority: * * The #PolkitBackendAuthority struct should not be accessed directly. diff --git a/src/polkitbackend/polkitbackendjsauthority.c b/src/polkitbackend/polkitbackendjsauthority.c index a7bf50b..39a6376 100644 --- a/src/polkitbackend/polkitbackendjsauthority.c +++ b/src/polkitbackend/polkitbackendjsauthority.c @@ -114,13 +114,7 @@ static PolkitImplicitAuthorization polkit_backend_js_authority_check_authorizati PolkitDetails *details, PolkitImplicitAuthorization implicit); -G_DEFINE_TYPE_WITH_CODE (PolkitBackendJsAuthority, - polkit_backend_js_authority, - POLKIT_BACKEND_TYPE_INTERACTIVE_AUTHORITY, - g_io_extension_point_implement (POLKIT_BACKEND_AUTHORITY_EXTENSION_POINT_NAME, - g_define_type_id, - "js-authority" PACKAGE_VERSION, - 10)); +G_DEFINE_TYPE (PolkitBackendJsAuthority, polkit_backend_js_authority, POLKIT_BACKEND_TYPE_INTERACTIVE_AUTHORITY); /* ---------------------------------------------------------------------------------------------------- */ diff --git a/src/polkitbackend/polkitbackendlocalauthority.c b/src/polkitbackend/polkitbackendlocalauthority.c deleted file mode 100644 index 2e5e8fe..0000000 --- a/src/polkitbackend/polkitbackendlocalauthority.c +++ /dev/null @@ -1,783 +0,0 @@ -/* - * Copyright (C) 2008 Red Hat, Inc. - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General - * Public License along with this library; if not, write to the - * Free Software Foundation, Inc., 59 Temple Place, Suite 330, - * Boston, MA 02111-1307, USA. - * - * Author: David Zeuthen <davidz@redhat.com> - */ - -#include "config.h" -#include <errno.h> -#include <pwd.h> -#include <grp.h> -#include <netdb.h> -#include <string.h> -#include <glib/gstdio.h> -#include <locale.h> -#include <glib/gi18n-lib.h> - -#include <polkit/polkit.h> -#include "polkitbackendconfigsource.h" -#include "polkitbackendlocalauthority.h" -#include "polkitbackendlocalauthorizationstore.h" - -#include <polkit/polkitprivate.h> - -/** - * SECTION:polkitbackendlocalauthority - * @title: PolkitBackendLocalAuthority - * @short_description: Local Authority - * @stability: Unstable - * - * An implementation of #PolkitBackendAuthority that stores - * authorizations on the local file system, supports interaction with - * authentication agents (virtue of being based on - * #PolkitBackendInteractiveAuthority). - */ - -/* ---------------------------------------------------------------------------------------------------- */ - -static GList *get_users_in_group (PolkitIdentity *group, - gboolean include_root); - -static GList *get_users_in_net_group (PolkitIdentity *group, - gboolean include_root); - -static GList *get_groups_for_user (PolkitIdentity *user); - -/* ---------------------------------------------------------------------------------------------------- */ - -typedef struct -{ - gchar *config_path; - PolkitBackendConfigSource *config_source; - - gchar **authorization_store_paths; - GList *authorization_stores; - GList *authorization_store_monitors; - -} PolkitBackendLocalAuthorityPrivate; - -/* ---------------------------------------------------------------------------------------------------- */ - -enum -{ - PROP_0, - - // Path overrides used for unit testing - PROP_CONFIG_PATH, - PROP_AUTH_STORE_PATHS, -}; - -/* ---------------------------------------------------------------------------------------------------- */ - -static GList *polkit_backend_local_authority_get_admin_auth_identities (PolkitBackendInteractiveAuthority *authority, - PolkitSubject *caller, - PolkitSubject *subject, - PolkitIdentity *user_for_subject, - const gchar *action_id, - PolkitDetails *details); - -static PolkitImplicitAuthorization polkit_backend_local_authority_check_authorization_sync ( - PolkitBackendInteractiveAuthority *authority, - PolkitSubject *caller, - PolkitSubject *subject, - PolkitIdentity *user_for_subject, - gboolean subject_is_local, - gboolean subject_is_active, - const gchar *action_id, - PolkitDetails *details, - PolkitImplicitAuthorization implicit); - -G_DEFINE_TYPE_WITH_CODE (PolkitBackendLocalAuthority, - polkit_backend_local_authority, - POLKIT_BACKEND_TYPE_INTERACTIVE_AUTHORITY, - g_io_extension_point_implement (POLKIT_BACKEND_AUTHORITY_EXTENSION_POINT_NAME, - g_define_type_id, - "local-authority" PACKAGE_VERSION, - 0)); - -#define POLKIT_BACKEND_LOCAL_AUTHORITY_GET_PRIVATE(o) (G_TYPE_INSTANCE_GET_PRIVATE ((o), POLKIT_BACKEND_TYPE_LOCAL_AUTHORITY, PolkitBackendLocalAuthorityPrivate)) - -/* ---------------------------------------------------------------------------------------------------- */ - -static void -on_store_changed (PolkitBackendLocalAuthorizationStore *store, - gpointer user_data) -{ - PolkitBackendLocalAuthority *authority = POLKIT_BACKEND_LOCAL_AUTHORITY (user_data); - - g_signal_emit_by_name (authority, "changed"); -} - -/* ---------------------------------------------------------------------------------------------------- */ - -static void -purge_all_authorization_stores (PolkitBackendLocalAuthority *authority) -{ - PolkitBackendLocalAuthorityPrivate *priv; - GList *l; - - priv = POLKIT_BACKEND_LOCAL_AUTHORITY_GET_PRIVATE (authority); - - for (l = priv->authorization_stores; l != NULL; l = l->next) - { - PolkitBackendLocalAuthorizationStore *store = POLKIT_BACKEND_LOCAL_AUTHORIZATION_STORE (l->data); - g_signal_handlers_disconnect_by_func (store, - G_CALLBACK (on_store_changed), - authority); - g_object_unref (store); - } - g_list_free (priv->authorization_stores); - priv->authorization_stores = NULL; - - g_debug ("Purged all local authorization stores"); -} - -/* ---------------------------------------------------------------------------------------------------- */ - -static void -add_one_authorization_store (PolkitBackendLocalAuthority *authority, - GFile *directory) -{ - PolkitBackendLocalAuthorizationStore *store; - PolkitBackendLocalAuthorityPrivate *priv; - - priv = POLKIT_BACKEND_LOCAL_AUTHORITY_GET_PRIVATE (authority); - - store = polkit_backend_local_authorization_store_new (directory, ".pkla"); - priv->authorization_stores = g_list_append (priv->authorization_stores, store); - - g_signal_connect (store, - "changed", - G_CALLBACK (on_store_changed), - authority); -} - -static gint -authorization_store_path_compare_func (GFile *file_a, - GFile *file_b) -{ - const gchar *a; - const gchar *b; - - a = g_object_get_data (G_OBJECT (file_a), "sort-key"); - b = g_object_get_data (G_OBJECT (file_b), "sort-key"); - - return g_strcmp0 (a, b); -} - -static void -add_all_authorization_stores (PolkitBackendLocalAuthority *authority) -{ - PolkitBackendLocalAuthorityPrivate *priv; - guint n; - GList *directories; - GList *l; - - priv = POLKIT_BACKEND_LOCAL_AUTHORITY_GET_PRIVATE (authority); - directories = NULL; - - for (n = 0; priv->authorization_store_paths && priv->authorization_store_paths[n]; n++) - { - const gchar *toplevel_path; - GFile *toplevel_directory; - GFileEnumerator *directory_enumerator; - GFileInfo *file_info; - GError *error; - - error = NULL; - - toplevel_path = priv->authorization_store_paths[n]; - toplevel_directory = g_file_new_for_path (toplevel_path); - directory_enumerator = g_file_enumerate_children (toplevel_directory, - "standard::name,standard::type", - G_FILE_QUERY_INFO_NONE, - NULL, - &error); - if (directory_enumerator == NULL) - { - g_warning ("Error getting enumerator for %s: %s", toplevel_path, error->message); - g_error_free (error); - g_object_unref (toplevel_directory); - continue; - } - - while ((file_info = g_file_enumerator_next_file (directory_enumerator, NULL, &error)) != NULL) - { - /* only consider directories */ - if (g_file_info_get_file_type (file_info) == G_FILE_TYPE_DIRECTORY) - { - const gchar *name; - GFile *directory; - gchar *sort_key; - - name = g_file_info_get_name (file_info); - - /* This makes entries in directories in /etc take precedence to entries in directories in /var */ - sort_key = g_strdup_printf ("%s-%d", name, n); - - directory = g_file_get_child (toplevel_directory, name); - g_object_set_data_full (G_OBJECT (directory), "sort-key", sort_key, g_free); - - directories = g_list_prepend (directories, directory); - } - g_object_unref (file_info); - } - if (error != NULL) - { - g_warning ("Error enumerating files in %s: %s", toplevel_path, error->message); - g_error_free (error); - g_object_unref (toplevel_directory); - g_object_unref (directory_enumerator); - continue; - } - g_object_unref (directory_enumerator); - g_object_unref (toplevel_directory); - } - - /* Sort directories */ - directories = g_list_sort (directories, (GCompareFunc) authorization_store_path_compare_func); - - /* And now add an authorization store for each one */ - for (l = directories; l != NULL; l = l->next) - { - GFile *directory = G_FILE (l->data); - gchar *name; - - name = g_file_get_path (directory); - g_debug ("Added `%s' as a local authorization store", name); - g_free (name); - - add_one_authorization_store (authority, directory); - } - - g_list_foreach (directories, (GFunc) g_object_unref, NULL); - g_list_free (directories); -} - -/* ---------------------------------------------------------------------------------------------------- */ - -static void -on_toplevel_authority_store_monitor_changed (GFileMonitor *monitor, - GFile *file, - GFile *other_file, - GFileMonitorEvent event_type, - gpointer user_data) -{ - PolkitBackendLocalAuthority *authority = POLKIT_BACKEND_LOCAL_AUTHORITY (user_data); - - purge_all_authorization_stores (authority); - add_all_authorization_stores (authority); -} - -static void -polkit_backend_local_authority_init (PolkitBackendLocalAuthority *authority) -{ - PolkitBackendLocalAuthorityPrivate *priv; - - priv = POLKIT_BACKEND_LOCAL_AUTHORITY_GET_PRIVATE (authority); - - priv->config_path = NULL; - priv->authorization_store_paths = NULL; -} - -static void -polkit_backend_local_authority_constructed (GObject *object) -{ - PolkitBackendLocalAuthority *authority; - PolkitBackendLocalAuthorityPrivate *priv; - GFile *config_directory; - guint n; - - authority = POLKIT_BACKEND_LOCAL_AUTHORITY (object); - priv = POLKIT_BACKEND_LOCAL_AUTHORITY_GET_PRIVATE (authority); - - g_debug ("Using config directory `%s'", priv->config_path); - config_directory = g_file_new_for_path (priv->config_path); - priv->config_source = polkit_backend_config_source_new (config_directory); - g_object_unref (config_directory); - - add_all_authorization_stores (authority); - - /* Monitor the toplevels */ - priv->authorization_store_monitors = NULL; - for (n = 0; priv->authorization_store_paths && priv->authorization_store_paths[n]; n++) - { - const gchar *toplevel_path; - GFile *toplevel_directory; - GFileMonitor *monitor; - GError *error; - - toplevel_path = priv->authorization_store_paths[n]; - toplevel_directory = g_file_new_for_path (toplevel_path); - - error = NULL; - monitor = g_file_monitor_directory (toplevel_directory, - G_FILE_MONITOR_NONE, - NULL, - &error); - if (monitor == NULL) - { - g_warning ("Error creating file monitor for %s: %s", toplevel_path, error->message); - g_error_free (error); - g_object_unref (toplevel_directory); - continue; - } - - g_debug ("Monitoring `%s' for changes", toplevel_path); - - g_signal_connect (monitor, - "changed", - G_CALLBACK (on_toplevel_authority_store_monitor_changed), - authority); - - priv->authorization_store_monitors = g_list_append (priv->authorization_store_monitors, monitor); - - g_object_unref (toplevel_directory); - } - - G_OBJECT_CLASS (polkit_backend_local_authority_parent_class)->constructed (object); -} - -static void -polkit_backend_local_authority_finalize (GObject *object) -{ - PolkitBackendLocalAuthority *local_authority; - PolkitBackendLocalAuthorityPrivate *priv; - - local_authority = POLKIT_BACKEND_LOCAL_AUTHORITY (object); - priv = POLKIT_BACKEND_LOCAL_AUTHORITY_GET_PRIVATE (local_authority); - - purge_all_authorization_stores (local_authority); - - g_list_free_full (priv->authorization_store_monitors, g_object_unref); - - if (priv->config_source != NULL) - g_object_unref (priv->config_source); - - g_free (priv->config_path); - g_strfreev (priv->authorization_store_paths); - - G_OBJECT_CLASS (polkit_backend_local_authority_parent_class)->finalize (object); -} - -static const gchar * -polkit_backend_local_authority_get_name (PolkitBackendAuthority *authority) -{ - return "local"; -} - -static const gchar * -polkit_backend_local_authority_get_version (PolkitBackendAuthority *authority) -{ - return PACKAGE_VERSION; -} - -static PolkitAuthorityFeatures -polkit_backend_local_authority_get_features (PolkitBackendAuthority *authority) -{ - return POLKIT_AUTHORITY_FEATURES_TEMPORARY_AUTHORIZATION; -} - -static void -polkit_backend_local_authority_set_property (GObject *object, guint property_id, const GValue *value, GParamSpec *pspec) -{ - PolkitBackendLocalAuthority *local_authority; - PolkitBackendLocalAuthorityPrivate *priv; - - local_authority = POLKIT_BACKEND_LOCAL_AUTHORITY (object); - priv = POLKIT_BACKEND_LOCAL_AUTHORITY_GET_PRIVATE (local_authority); - - switch (property_id) - { - case PROP_CONFIG_PATH: - g_free (priv->config_path); - priv->config_path = g_value_dup_string (value); - break; - case PROP_AUTH_STORE_PATHS: - g_strfreev (priv->authorization_store_paths); - priv->authorization_store_paths = g_strsplit (g_value_get_string (value), ";", 0); - break; - default: - G_OBJECT_WARN_INVALID_PROPERTY_ID (object, property_id, pspec); - break; - } -} - -static void -polkit_backend_local_authority_class_init (PolkitBackendLocalAuthorityClass *klass) -{ - GObjectClass *gobject_class; - PolkitBackendAuthorityClass *authority_class; - PolkitBackendInteractiveAuthorityClass *interactive_authority_class; - GParamSpec *pspec; - - gobject_class = G_OBJECT_CLASS (klass); - authority_class = POLKIT_BACKEND_AUTHORITY_CLASS (klass); - interactive_authority_class = POLKIT_BACKEND_INTERACTIVE_AUTHORITY_CLASS (klass); - - gobject_class->set_property = polkit_backend_local_authority_set_property; - gobject_class->finalize = polkit_backend_local_authority_finalize; - gobject_class->constructed = polkit_backend_local_authority_constructed; - authority_class->get_name = polkit_backend_local_authority_get_name; - authority_class->get_version = polkit_backend_local_authority_get_version; - authority_class->get_features = polkit_backend_local_authority_get_features; - interactive_authority_class->get_admin_identities = polkit_backend_local_authority_get_admin_auth_identities; - interactive_authority_class->check_authorization_sync = polkit_backend_local_authority_check_authorization_sync; - - pspec = g_param_spec_string ("config-path", - "Local Authority Configuration Path", - "Path to directory of LocalAuthority config files.", - PACKAGE_SYSCONF_DIR "/polkit-1/localauthority.conf.d", - G_PARAM_CONSTRUCT_ONLY | G_PARAM_WRITABLE); - g_object_class_install_property (gobject_class, PROP_CONFIG_PATH, pspec); - - pspec = g_param_spec_string ("auth-store-paths", - "Local Authorization Store Paths", - "Semi-colon separated list of Authorization Store 'top' directories.", - PACKAGE_LOCALSTATE_DIR "/lib/polkit-1/localauthority;" - PACKAGE_SYSCONF_DIR "/polkit-1/localauthority", - G_PARAM_CONSTRUCT_ONLY | G_PARAM_WRITABLE); - g_object_class_install_property (gobject_class, PROP_AUTH_STORE_PATHS, pspec); - - g_type_class_add_private (klass, sizeof (PolkitBackendLocalAuthorityPrivate)); -} - -static GList * -polkit_backend_local_authority_get_admin_auth_identities (PolkitBackendInteractiveAuthority *authority, - PolkitSubject *caller, - PolkitSubject *subject, - PolkitIdentity *user_for_subject, - const gchar *action_id, - PolkitDetails *details) -{ - PolkitBackendLocalAuthority *local_authority; - PolkitBackendLocalAuthorityPrivate *priv; - GList *ret; - guint n; - gchar **admin_identities; - GError *error; - - local_authority = POLKIT_BACKEND_LOCAL_AUTHORITY (authority); - priv = POLKIT_BACKEND_LOCAL_AUTHORITY_GET_PRIVATE (local_authority); - - ret = NULL; - - error = NULL; - admin_identities = polkit_backend_config_source_get_string_list (priv->config_source, - "Configuration", - "AdminIdentities", - &error); - if (admin_identities == NULL) - { - g_warning ("Error getting admin_identities configuration item: %s", error->message); - g_error_free (error); - goto out; - } - - for (n = 0; admin_identities[n] != NULL; n++) - { - PolkitIdentity *identity; - - error = NULL; - identity = polkit_identity_from_string (admin_identities[n], &error); - if (identity == NULL) - { - g_warning ("Error parsing identity %s: %s", admin_identities[n], error->message); - g_error_free (error); - continue; - } - - if (POLKIT_IS_UNIX_USER (identity)) - { - ret = g_list_append (ret, identity); - } - else if (POLKIT_IS_UNIX_GROUP (identity)) - { - ret = g_list_concat (ret, get_users_in_group (identity, FALSE)); - } - else if (POLKIT_IS_UNIX_NETGROUP (identity)) - { - ret = g_list_concat (ret, get_users_in_net_group (identity, FALSE)); - } - else - { - g_warning ("Unsupported identity %s", admin_identities[n]); - } - } - - g_strfreev (admin_identities); - - out: - - /* default to uid 0 if no admin identities has been found */ - if (ret == NULL) - ret = g_list_prepend (ret, polkit_unix_user_new (0)); - - return ret; -} - -/* ---------------------------------------------------------------------------------------------------- */ - -static PolkitImplicitAuthorization -polkit_backend_local_authority_check_authorization_sync (PolkitBackendInteractiveAuthority *authority, - PolkitSubject *caller, - PolkitSubject *subject, - PolkitIdentity *user_for_subject, - gboolean subject_is_local, - gboolean subject_is_active, - const gchar *action_id, - PolkitDetails *details, - PolkitImplicitAuthorization implicit) -{ - PolkitBackendLocalAuthority *local_authority; - PolkitBackendLocalAuthorityPrivate *priv; - PolkitImplicitAuthorization ret; - PolkitImplicitAuthorization ret_any; - PolkitImplicitAuthorization ret_inactive; - PolkitImplicitAuthorization ret_active; - GList *groups; - GList *l, *ll; - - ret = implicit; - - local_authority = POLKIT_BACKEND_LOCAL_AUTHORITY (authority); - priv = POLKIT_BACKEND_LOCAL_AUTHORITY_GET_PRIVATE (local_authority); - -#if 0 - g_debug ("local: checking `%s' for subject `%s' (user `%s')", - action_id, - polkit_subject_to_string (subject), - polkit_identity_to_string (user_for_subject)); -#endif - - /* First lookup for all groups the user belong to */ - groups = get_groups_for_user (user_for_subject); - for (ll = groups; ll != NULL; ll = ll->next) - { - PolkitIdentity *group = POLKIT_IDENTITY (ll->data); - - for (l = priv->authorization_stores; l != NULL; l = l->next) - { - PolkitBackendLocalAuthorizationStore *store = POLKIT_BACKEND_LOCAL_AUTHORIZATION_STORE (l->data); - - if (polkit_backend_local_authorization_store_lookup (store, - group, - action_id, - details, - &ret_any, - &ret_inactive, - &ret_active)) - { - if (subject_is_local && subject_is_active) - { - if (ret_active != POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN) - ret = ret_active; - } - else if (subject_is_local) - { - if (ret_inactive != POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN) - ret = ret_inactive; - } - else - { - if (ret_any != POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN) - ret = ret_any; - } - } - } - } - g_list_foreach (groups, (GFunc) g_object_unref, NULL); - g_list_free (groups); - - /* Then do it for the user */ - for (l = priv->authorization_stores; l != NULL; l = l->next) - { - PolkitBackendLocalAuthorizationStore *store = POLKIT_BACKEND_LOCAL_AUTHORIZATION_STORE (l->data); - - if (polkit_backend_local_authorization_store_lookup (store, - user_for_subject, - action_id, - details, - &ret_any, - &ret_inactive, - &ret_active)) - { - if (subject_is_local && subject_is_active) - { - if (ret_active != POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN) - ret = ret_active; - } - else if (subject_is_local) - { - if (ret_inactive != POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN) - ret = ret_inactive; - } - else - { - if (ret_any != POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN) - ret = ret_any; - } - } - } - - return ret; -} - -/* ---------------------------------------------------------------------------------------------------- */ - -static GList * -get_users_in_group (PolkitIdentity *group, - gboolean include_root) -{ - gid_t gid; - struct group *grp; - GList *ret; - guint n; - - ret = NULL; - - gid = polkit_unix_group_get_gid (POLKIT_UNIX_GROUP (group)); - grp = getgrgid (gid); - if (grp == NULL) - { - g_warning ("Error looking up group with gid %d: %s", gid, g_strerror (errno)); - goto out; - } - - for (n = 0; grp->gr_mem != NULL && grp->gr_mem[n] != NULL; n++) - { - PolkitIdentity *user; - GError *error; - - if (!include_root && g_strcmp0 (grp->gr_mem[n], "root") == 0) - continue; - - error = NULL; - user = polkit_unix_user_new_for_name (grp->gr_mem[n], &error); - if (user == NULL) - { - g_warning ("Unknown username '%s' in group: %s", grp->gr_mem[n], error->message); - g_error_free (error); - } - else - { - ret = g_list_prepend (ret, user); - } - } - - ret = g_list_reverse (ret); - - out: - return ret; -} - -static GList * -get_users_in_net_group (PolkitIdentity *group, - gboolean include_root) -{ - const gchar *name; - GList *ret; - - ret = NULL; - name = polkit_unix_netgroup_get_name (POLKIT_UNIX_NETGROUP (group)); - - if (setnetgrent (name) == 0) - { - g_warning ("Error looking up net group with name %s: %s", name, g_strerror (errno)); - goto out; - } - - for (;;) - { - char *hostname, *username, *domainname; - PolkitIdentity *user; - GError *error = NULL; - - if (getnetgrent (&hostname, &username, &domainname) == 0) - break; - - /* Skip NULL entries since we never want to make everyone an admin - * Skip "-" entries which mean "no match ever" in netgroup land */ - if (username == NULL || g_strcmp0 (username, "-") == 0) - continue; - - /* TODO: Should we match on hostname? Maybe only allow "-" as a hostname - * for safety. */ - - user = polkit_unix_user_new_for_name (username, &error); - if (user == NULL) - { - g_warning ("Unknown username '%s' in unix-netgroup: %s", username, error->message); - g_error_free (error); - } - else - { - ret = g_list_prepend (ret, user); - } - } - - ret = g_list_reverse (ret); - - out: - endnetgrent (); - return ret; -} - - -static GList * -get_groups_for_user (PolkitIdentity *user) -{ - uid_t uid; - struct passwd *passwd; - GList *result; - gid_t groups[512]; - int num_groups = 512; - int n; - - result = NULL; - - /* TODO: it would be, uhm, good to cache this information */ - - uid = polkit_unix_user_get_uid (POLKIT_UNIX_USER (user)); - passwd = getpwuid (uid); - if (passwd == NULL) - { - g_warning ("No user with uid %d", uid); - goto out; - } - - /* TODO: should resize etc etc etc */ - - if (getgrouplist (passwd->pw_name, - passwd->pw_gid, - groups, - &num_groups) < 0) - { - g_warning ("Error looking up groups for uid %d: %s", uid, g_strerror (errno)); - goto out; - } - - for (n = 0; n < num_groups; n++) - result = g_list_prepend (result, polkit_unix_group_new (groups[n])); - - out: - - return result; -} - -/* ---------------------------------------------------------------------------------------------------- */ diff --git a/src/polkitbackend/polkitbackendlocalauthority.h b/src/polkitbackend/polkitbackendlocalauthority.h deleted file mode 100644 index 553da3b..0000000 --- a/src/polkitbackend/polkitbackendlocalauthority.h +++ /dev/null @@ -1,107 +0,0 @@ -/* - * Copyright (C) 2008 Red Hat, Inc. - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General - * Public License along with this library; if not, write to the - * Free Software Foundation, Inc., 59 Temple Place, Suite 330, - * Boston, MA 02111-1307, USA. - * - * Author: David Zeuthen <davidz@redhat.com> - */ - -#if !defined (_POLKIT_BACKEND_COMPILATION) && !defined(_POLKIT_BACKEND_INSIDE_POLKIT_BACKEND_H) -#error "Only <polkitbackend/polkitbackend.h> can be included directly, this file may disappear or change contents." -#endif - -#ifndef __POLKIT_BACKEND_LOCAL_AUTHORITY_H -#define __POLKIT_BACKEND_LOCAL_AUTHORITY_H - -#include <glib-object.h> -#include <polkitbackend/polkitbackendtypes.h> -#include <polkitbackend/polkitbackendinteractiveauthority.h> - -G_BEGIN_DECLS - -#define POLKIT_BACKEND_TYPE_LOCAL_AUTHORITY (polkit_backend_local_authority_get_type ()) -#define POLKIT_BACKEND_LOCAL_AUTHORITY(o) (G_TYPE_CHECK_INSTANCE_CAST ((o), POLKIT_BACKEND_TYPE_LOCAL_AUTHORITY, PolkitBackendLocalAuthority)) -#define POLKIT_BACKEND_LOCAL_AUTHORITY_CLASS(k) (G_TYPE_CHECK_CLASS_CAST ((k), POLKIT_BACKEND_TYPE_LOCAL_AUTHORITY, PolkitBackendLocalAuthorityClass)) -#define POLKIT_BACKEND_LOCAL_AUTHORITY_GET_CLASS(o) (G_TYPE_INSTANCE_GET_CLASS ((o), POLKIT_BACKEND_TYPE_LOCAL_AUTHORITY,PolkitBackendLocalAuthorityClass)) -#define POLKIT_BACKEND_IS_LOCAL_AUTHORITY(o) (G_TYPE_CHECK_INSTANCE_TYPE ((o), POLKIT_BACKEND_TYPE_LOCAL_AUTHORITY)) -#define POLKIT_BACKEND_IS_LOCAL_AUTHORITY_CLASS(k) (G_TYPE_CHECK_CLASS_TYPE ((k), POLKIT_BACKEND_TYPE_LOCAL_AUTHORITY)) - -typedef struct _PolkitBackendLocalAuthorityClass PolkitBackendLocalAuthorityClass; - -/** - * PolkitBackendLocalAuthority: - * - * The #PolkitBackendLocalAuthority struct should not be accessed directly. - */ -struct _PolkitBackendLocalAuthority -{ - /*< private >*/ - PolkitBackendInteractiveAuthority parent_instance; -}; - -/** - * PolkitBackendLocalAuthorityClass: - * @parent_class: The parent class. - * - * Class structure for #PolkitBackendLocalAuthority. - */ -struct _PolkitBackendLocalAuthorityClass -{ - /*< public >*/ - PolkitBackendInteractiveAuthorityClass parent_class; - - /*< private >*/ - /* Padding for future expansion */ - void (*_polkit_reserved1) (void); - void (*_polkit_reserved2) (void); - void (*_polkit_reserved3) (void); - void (*_polkit_reserved4) (void); - void (*_polkit_reserved5) (void); - void (*_polkit_reserved6) (void); - void (*_polkit_reserved7) (void); - void (*_polkit_reserved8) (void); - void (*_polkit_reserved9) (void); - void (*_polkit_reserved10) (void); - void (*_polkit_reserved11) (void); - void (*_polkit_reserved12) (void); - void (*_polkit_reserved13) (void); - void (*_polkit_reserved14) (void); - void (*_polkit_reserved15) (void); - void (*_polkit_reserved16) (void); - void (*_polkit_reserved17) (void); - void (*_polkit_reserved18) (void); - void (*_polkit_reserved19) (void); - void (*_polkit_reserved20) (void); - void (*_polkit_reserved21) (void); - void (*_polkit_reserved22) (void); - void (*_polkit_reserved23) (void); - void (*_polkit_reserved24) (void); - void (*_polkit_reserved25) (void); - void (*_polkit_reserved26) (void); - void (*_polkit_reserved27) (void); - void (*_polkit_reserved28) (void); - void (*_polkit_reserved29) (void); - void (*_polkit_reserved30) (void); - void (*_polkit_reserved31) (void); - void (*_polkit_reserved32) (void); -}; - -GType polkit_backend_local_authority_get_type (void) G_GNUC_CONST; - -G_END_DECLS - -#endif /* __POLKIT_BACKEND_LOCAL_AUTHORITY_H */ - diff --git a/src/polkitbackend/polkitbackendlocalauthorizationstore.c b/src/polkitbackend/polkitbackendlocalauthorizationstore.c deleted file mode 100644 index f40a943..0000000 --- a/src/polkitbackend/polkitbackendlocalauthorizationstore.c +++ /dev/null @@ -1,776 +0,0 @@ -/* - * Copyright (C) 2008 Red Hat, Inc. - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General - * Public License along with this library; if not, write to the - * Free Software Foundation, Inc., 59 Temple Place, Suite 330, - * Boston, MA 02111-1307, USA. - * - * Author: David Zeuthen <davidz@redhat.com> - */ - -#include "config.h" - -#include <netdb.h> -#include <string.h> -#include <polkit/polkit.h> -#include "polkitbackendlocalauthorizationstore.h" - -/* <internal> - * SECTION:polkitbackendlocalauthorizationstore - * @title: PolkitBackendLocalAuthorizationStore - * @short_description: Watches a directory for authorization files - * - * #PolkitBackendLocalAuthorizationStore is a utility class to watch - * and read authorization files from a directory. - */ - -struct _PolkitBackendLocalAuthorizationStorePrivate -{ - GFile *directory; - gchar *extension; - - GFileMonitor *directory_monitor; - - /* List of LocalAuthorization objects */ - GList *authorizations; - - gboolean has_data; -}; - -enum -{ - PROP_0, - PROP_DIRECTORY, - PROP_EXTENSION, -}; - -enum -{ - CHANGED_SIGNAL, - LAST_SIGNAL, -}; - -static guint signals[LAST_SIGNAL] = {0}; - -static void polkit_backend_local_authorization_store_purge (PolkitBackendLocalAuthorizationStore *store); - -static void polkit_backend_local_authorization_store_ensure (PolkitBackendLocalAuthorizationStore *store); - -G_DEFINE_TYPE (PolkitBackendLocalAuthorizationStore, polkit_backend_local_authorization_store, G_TYPE_OBJECT); - -/* ---------------------------------------------------------------------------------------------------- */ - -typedef struct -{ - gchar *id; - - /* Identities with glob support */ - GList *identity_specs; - - /* Netgroup identity strings, which can not support glob syntax */ - GList *netgroup_identities; - - GList *action_specs; - - PolkitImplicitAuthorization result_any; - PolkitImplicitAuthorization result_inactive; - PolkitImplicitAuthorization result_active; - - GHashTable *return_value; -} LocalAuthorization; - -static void -local_authorization_free (LocalAuthorization *authorization) -{ - g_free (authorization->id); - g_list_foreach (authorization->identity_specs, (GFunc) g_pattern_spec_free, NULL); - g_list_free (authorization->identity_specs); - g_list_free_full (authorization->netgroup_identities, g_free); - g_list_foreach (authorization->action_specs, (GFunc) g_pattern_spec_free, NULL); - g_list_free (authorization->action_specs); - if (authorization->return_value != NULL) - g_hash_table_unref (authorization->return_value); - g_free (authorization); -} - - -static LocalAuthorization * -local_authorization_new (GKeyFile *key_file, - const gchar *filename, - const gchar *group, - GError **error) -{ - LocalAuthorization *authorization; - gchar **identity_strings; - gchar **action_strings; - gchar *result_any_string; - gchar *result_inactive_string; - gchar *result_active_string; - gchar **return_value_strings; - guint n; - - identity_strings = NULL; - action_strings = NULL; - result_any_string = NULL; - result_inactive_string = NULL; - result_active_string = NULL; - return_value_strings = NULL; - - authorization = g_new0 (LocalAuthorization, 1); - - identity_strings = g_key_file_get_string_list (key_file, - group, - "Identity", - NULL, - error); - if (identity_strings == NULL) - { - local_authorization_free (authorization); - authorization = NULL; - goto out; - } - for (n = 0; identity_strings[n] != NULL; n++) - { - /* Put netgroup entries in a seperate list from other identities who support glob syntax */ - if (g_str_has_prefix (identity_strings[n], "unix-netgroup:")) - authorization->netgroup_identities = g_list_prepend (authorization->netgroup_identities, - g_strdup (identity_strings[n] + sizeof "unix-netgroup:" - 1)); - else - authorization->identity_specs = g_list_prepend (authorization->identity_specs, - g_pattern_spec_new (identity_strings[n])); - } - - action_strings = g_key_file_get_string_list (key_file, - group, - "Action", - NULL, - error); - if (action_strings == NULL) - { - local_authorization_free (authorization); - authorization = NULL; - goto out; - } - for (n = 0; action_strings[n] != NULL; n++) - { - authorization->action_specs = g_list_prepend (authorization->action_specs, - g_pattern_spec_new (action_strings[n])); - } - - authorization->result_any = POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN; - authorization->result_inactive = POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN; - authorization->result_active = POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN; - - result_any_string = g_key_file_get_string (key_file, - group, - "ResultAny", - NULL); - if (result_any_string != NULL) - { - if (!polkit_implicit_authorization_from_string (result_any_string, - &authorization->result_any)) - { - g_set_error (error, - POLKIT_ERROR, - POLKIT_ERROR_FAILED, - "Cannot parse ResultAny string `%s'", result_any_string); - local_authorization_free (authorization); - authorization = NULL; - goto out; - } - } - - result_inactive_string = g_key_file_get_string (key_file, - group, - "ResultInactive", - NULL); - if (result_inactive_string != NULL) - { - if (!polkit_implicit_authorization_from_string (result_inactive_string, - &authorization->result_inactive)) - { - g_set_error (error, - POLKIT_ERROR, - POLKIT_ERROR_FAILED, - "Cannot parse ResultInactive string `%s'", result_inactive_string); - local_authorization_free (authorization); - authorization = NULL; - goto out; - } - } - - result_active_string = g_key_file_get_string (key_file, - group, - "ResultActive", - NULL); - if (result_active_string != NULL) - { - if (!polkit_implicit_authorization_from_string (result_active_string, - &authorization->result_active)) - { - g_set_error (error, - POLKIT_ERROR, - POLKIT_ERROR_FAILED, - "Cannot parse ResultActive string `%s'", result_active_string); - local_authorization_free (authorization); - authorization = NULL; - goto out; - } - } - - if (result_any_string == NULL && result_inactive_string == NULL && result_active_string == NULL) - { - g_set_error (error, - POLKIT_ERROR, - POLKIT_ERROR_FAILED, - "Must have at least one of ResultAny, ResultInactive and ResultActive"); - local_authorization_free (authorization); - authorization = NULL; - goto out; - } - - return_value_strings = g_key_file_get_string_list (key_file, - group, - "ReturnValue", - NULL, - error); - if (return_value_strings != NULL) - { - for (n = 0; return_value_strings[n] != NULL; n++) - { - gchar *p; - const gchar *key; - const gchar *value; - - p = strchr (return_value_strings[n], '='); - if (p == NULL) - { - g_warning ("Item `%s' in ReturnValue is malformed. Ignoring.", - return_value_strings[n]); - continue; - } - - *p = '\0'; - key = return_value_strings[n]; - value = p + 1; - - if (authorization->return_value == NULL) - { - authorization->return_value = g_hash_table_new_full (g_str_hash, - g_str_equal, - g_free, - g_free); - } - g_hash_table_insert (authorization->return_value, g_strdup (key), g_strdup (value)); - } - } - - authorization->id = g_strdup_printf ("%s::%s", filename, group); - - out: - g_strfreev (identity_strings); - g_free (action_strings); - g_free (result_any_string); - g_free (result_inactive_string); - g_free (result_active_string); - g_strfreev (return_value_strings); - return authorization; -} - -/* ---------------------------------------------------------------------------------------------------- */ - -static void -polkit_backend_local_authorization_store_init (PolkitBackendLocalAuthorizationStore *store) -{ - store->priv = G_TYPE_INSTANCE_GET_PRIVATE (store, - POLKIT_BACKEND_TYPE_LOCAL_AUTHORIZATION_STORE, - PolkitBackendLocalAuthorizationStorePrivate); -} - -static void -polkit_backend_local_authorization_store_finalize (GObject *object) -{ - PolkitBackendLocalAuthorizationStore *store = POLKIT_BACKEND_LOCAL_AUTHORIZATION_STORE (object); - - if (store->priv->directory != NULL) - g_object_unref (store->priv->directory); - g_free (store->priv->extension); - - if (store->priv->directory_monitor != NULL) - g_object_unref (store->priv->directory_monitor); - - g_list_foreach (store->priv->authorizations, (GFunc) local_authorization_free, NULL); - g_list_free (store->priv->authorizations); - - if (G_OBJECT_CLASS (polkit_backend_local_authorization_store_parent_class)->finalize != NULL) - G_OBJECT_CLASS (polkit_backend_local_authorization_store_parent_class)->finalize (object); -} - - -static void -polkit_backend_local_authorization_store_get_property (GObject *object, - guint prop_id, - GValue *value, - GParamSpec *pspec) -{ - PolkitBackendLocalAuthorizationStore *store = POLKIT_BACKEND_LOCAL_AUTHORIZATION_STORE (object); - - switch (prop_id) - { - case PROP_DIRECTORY: - g_value_set_object (value, store->priv->directory); - break; - - case PROP_EXTENSION: - g_value_set_string (value, store->priv->extension); - break; - - default: - G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); - break; - } -} - -static void -polkit_backend_local_authorization_store_set_property (GObject *object, - guint prop_id, - const GValue *value, - GParamSpec *pspec) -{ - PolkitBackendLocalAuthorizationStore *store = POLKIT_BACKEND_LOCAL_AUTHORIZATION_STORE (object); - - switch (prop_id) - { - case PROP_DIRECTORY: - store->priv->directory = g_value_dup_object (value); - break; - - case PROP_EXTENSION: - store->priv->extension = g_value_dup_string (value); - break; - - default: - G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); - break; - } -} - -static void -directory_monitor_changed (GFileMonitor *monitor, - GFile *file, - GFile *other_file, - GFileMonitorEvent event_type, - gpointer user_data) -{ - PolkitBackendLocalAuthorizationStore *store; - - store = POLKIT_BACKEND_LOCAL_AUTHORIZATION_STORE (user_data); - - if (file != NULL) - { - gchar *name; - - name = g_file_get_basename (file); - - //g_debug ("event_type=%d file=%p name=%s", event_type, file, name); - - if (!g_str_has_prefix (name, ".") && - !g_str_has_prefix (name, "#") && - g_str_has_suffix (name, store->priv->extension) && - (event_type == G_FILE_MONITOR_EVENT_CREATED || - event_type == G_FILE_MONITOR_EVENT_DELETED || - event_type == G_FILE_MONITOR_EVENT_CHANGES_DONE_HINT)) - { - - //g_debug ("match"); - - /* now throw away all caches */ - polkit_backend_local_authorization_store_purge (store); - g_signal_emit_by_name (store, "changed"); - } - - g_free (name); - } -} - -static void -polkit_backend_local_authorization_store_constructed (GObject *object) -{ - PolkitBackendLocalAuthorizationStore *store = POLKIT_BACKEND_LOCAL_AUTHORIZATION_STORE (object); - GError *error; - - error = NULL; - store->priv->directory_monitor = g_file_monitor_directory (store->priv->directory, - G_FILE_MONITOR_NONE, - NULL, - &error); - if (store->priv->directory_monitor == NULL) - { - gchar *dir_name; - dir_name = g_file_get_uri (store->priv->directory); - g_warning ("Error monitoring directory %s: %s", dir_name, error->message); - g_free (dir_name); - g_error_free (error); - } - else - { - g_signal_connect (store->priv->directory_monitor, - "changed", - (GCallback) directory_monitor_changed, - store); - } - - if (G_OBJECT_CLASS (polkit_backend_local_authorization_store_parent_class)->constructed != NULL) - G_OBJECT_CLASS (polkit_backend_local_authorization_store_parent_class)->constructed (object); -} - -static void -polkit_backend_local_authorization_store_class_init (PolkitBackendLocalAuthorizationStoreClass *klass) -{ - GObjectClass *gobject_class; - - gobject_class = G_OBJECT_CLASS (klass); - - gobject_class->get_property = polkit_backend_local_authorization_store_get_property; - gobject_class->set_property = polkit_backend_local_authorization_store_set_property; - gobject_class->constructed = polkit_backend_local_authorization_store_constructed; - gobject_class->finalize = polkit_backend_local_authorization_store_finalize; - - g_type_class_add_private (klass, sizeof (PolkitBackendLocalAuthorizationStorePrivate)); - - /** - * PolkitBackendLocalAuthorizationStore:directory: - * - * The directory to watch for authorization files. - */ - g_object_class_install_property (gobject_class, - PROP_DIRECTORY, - g_param_spec_object ("directory", - "Directory", - "The directory to watch for configuration files", - G_TYPE_FILE, - G_PARAM_CONSTRUCT_ONLY | - G_PARAM_READWRITE | - G_PARAM_STATIC_NAME | - G_PARAM_STATIC_BLURB | - G_PARAM_STATIC_NICK)); - - /** - * PolkitBackendLocalAuthorizationStore:extension: - * - * The file extension for files to consider, e.g. <quote>.pkla</quote>. - */ - g_object_class_install_property (gobject_class, - PROP_EXTENSION, - g_param_spec_string ("extension", - "Extension", - "The extension of files to consider", - NULL, - G_PARAM_CONSTRUCT_ONLY | - G_PARAM_READWRITE | - G_PARAM_STATIC_NAME | - G_PARAM_STATIC_BLURB | - G_PARAM_STATIC_NICK)); - - /** - * PolkitBackendConfiguStore::changed: - * @store: A #PolkitBackendLocalAuthorizationStore. - * - * Emitted when configuration files in #PolkitBackendConfiguStore:directory changes. - */ - signals[CHANGED_SIGNAL] = g_signal_new ("changed", - POLKIT_BACKEND_TYPE_LOCAL_AUTHORIZATION_STORE, - G_SIGNAL_RUN_LAST, - G_STRUCT_OFFSET (PolkitBackendLocalAuthorizationStoreClass, changed), - NULL, - NULL, - g_cclosure_marshal_VOID__VOID, - G_TYPE_NONE, - 0); -} - -/** - * polkit_backend_local_authorization_store_new: - * @directory: The directory to watch. - * @extension: The extension of files to consider e.g. <quote>.pkla</quote>. - * - * Creates a new #PolkitBackendLocalAuthorizationStore object that - * reads authorizations from @directory with file extension - * @extension. To watch for configuration changes, connect to the - * #PolkitBackendLocalAuthorizationStore::changed signal. - * - * Returns: A #PolkitBackendLocalAuthorizationStore. Free with - * g_object_unref(). - **/ -PolkitBackendLocalAuthorizationStore * -polkit_backend_local_authorization_store_new (GFile *directory, - const gchar *extension) -{ - PolkitBackendLocalAuthorizationStore *store; - - store = POLKIT_BACKEND_LOCAL_AUTHORIZATION_STORE (g_object_new (POLKIT_BACKEND_TYPE_LOCAL_AUTHORIZATION_STORE, - "directory", directory, - "extension", extension, - NULL)); - - return store; -} - -static void -polkit_backend_local_authorization_store_purge (PolkitBackendLocalAuthorizationStore *store) -{ - gchar *path; - - path = g_file_get_path (store->priv->directory); - g_debug ("Dropping all .pkla caches for directory `%s'", path); - g_free (path); - - g_list_foreach (store->priv->authorizations, (GFunc) local_authorization_free, NULL); - g_list_free (store->priv->authorizations); - store->priv->authorizations = NULL; - - store->priv->has_data = FALSE; -} - -static void -polkit_backend_local_authorization_store_ensure (PolkitBackendLocalAuthorizationStore *store) -{ - GFileEnumerator *enumerator; - GFileInfo *file_info; - GError *error; - GList *files; - GList *l; - - files = NULL; - - if (store->priv->has_data) - goto out; - - polkit_backend_local_authorization_store_purge (store); - - error = NULL; - enumerator = g_file_enumerate_children (store->priv->directory, - "standard::name", - G_FILE_QUERY_INFO_NONE, - NULL, - &error); - if (enumerator == NULL) - { - gchar *dir_name; - dir_name = g_file_get_uri (store->priv->directory); - g_warning ("Error enumerating files in %s: %s", dir_name, error->message); - g_free (dir_name); - g_error_free (error); - goto out; - } - - while ((file_info = g_file_enumerator_next_file (enumerator, NULL, &error)) != NULL) - { - const gchar *name; - - name = g_file_info_get_name (file_info); - - /* only consider files with the appropriate extension */ - if (g_str_has_suffix (name, store->priv->extension) && name[0] != '.') - files = g_list_prepend (files, g_file_get_child (store->priv->directory, name)); - - g_object_unref (file_info); - } - g_object_unref (enumerator); - if (error != NULL) - { - g_warning ("Error enumerating files: %s", error->message); - g_error_free (error); - goto out; - } - - /* process files; highest priority comes first */ - for (l = files; l != NULL; l = l->next) - { - GFile *file = G_FILE (l->data); - gchar *filename; - GKeyFile *key_file; - - filename = g_file_get_path (file); - - key_file = g_key_file_new (); - - error = NULL; - if (!g_key_file_load_from_file (key_file, - filename, - G_KEY_FILE_NONE, - &error)) - { - g_warning ("Error loading key-file %s: %s", filename, error->message); - g_error_free (error); - error = NULL; - g_key_file_free (key_file); - } - else - { - gchar **groups; - guint n; - - groups = g_key_file_get_groups (key_file, NULL); - for (n = 0; groups[n] != NULL; n++) - { - LocalAuthorization *authorization; - - error = NULL; - authorization = local_authorization_new (key_file, filename, groups[n], &error); - if (authorization == NULL) - { - g_warning ("Error parsing group `%s' in file `%s': %s", - groups[n], - filename, - error->message); - g_error_free (error); - } - else - { - store->priv->authorizations = g_list_prepend (store->priv->authorizations, - authorization); - } - } - g_strfreev (groups); - - store->priv->authorizations = g_list_reverse (store->priv->authorizations); - - g_key_file_free (key_file); - } - - g_free (filename); - } - - store->priv->has_data = TRUE; - - out: - g_list_foreach (files, (GFunc) g_object_unref, NULL); - g_list_free (files); -} - -/** - * polkit_backend_local_authorization_store_lookup: - * @store: A #PolkitBackendLocalAuthorizationStore. - * @identity: The identity to check for. - * @action_id: The action id to check for. - * @details: Details for @action. - * @out_result_any: Return location for the result for any subjects if the look up matched. - * @out_result_inactive: Return location for the result for subjects in local inactive sessions if the look up matched. - * @out_result_active: Return location for the result for subjects in local active sessions if the look up matched. - * - * Checks if an authorization entry from @store matches @identity, - * @action_id and @details. May append information to @details if - * found. - * - * Returns: %TRUE if @store has an authorization entry that matches - * @identity, @action_id and @details. Otherwise %FALSE. - */ -gboolean -polkit_backend_local_authorization_store_lookup (PolkitBackendLocalAuthorizationStore *store, - PolkitIdentity *identity, - const gchar *action_id, - PolkitDetails *details, - PolkitImplicitAuthorization *out_result_any, - PolkitImplicitAuthorization *out_result_inactive, - PolkitImplicitAuthorization *out_result_active) -{ - GList *l, *ll; - gboolean ret; - gchar *identity_string; - - g_return_val_if_fail (POLKIT_BACKEND_IS_LOCAL_AUTHORIZATION_STORE (store), FALSE); - g_return_val_if_fail (POLKIT_IS_IDENTITY (identity), FALSE); - g_return_val_if_fail (action_id != NULL, FALSE); - g_return_val_if_fail (POLKIT_IS_DETAILS (details), FALSE); - g_return_val_if_fail (out_result_any != NULL, FALSE); - g_return_val_if_fail (out_result_inactive != NULL, FALSE); - g_return_val_if_fail (out_result_active != NULL, FALSE); - - ret = FALSE; - identity_string = NULL; - - polkit_backend_local_authorization_store_ensure (store); - - for (l = store->priv->authorizations; l != NULL; l = l->next) - { - LocalAuthorization *authorization = l->data; - - /* first match the action */ - for (ll = authorization->action_specs; ll != NULL; ll = ll->next) - { - if (g_pattern_match_string ((GPatternSpec *) ll->data, action_id)) - break; - } - if (ll == NULL) - continue; - - /* then match the identity against identity specs */ - if (identity_string == NULL) - identity_string = polkit_identity_to_string (identity); - for (ll = authorization->identity_specs; ll != NULL; ll = ll->next) - { - if (g_pattern_match_string ((GPatternSpec *) ll->data, identity_string)) - break; - } - - /* if no identity specs matched and identity is a user, match against netgroups */ - if (ll == NULL && POLKIT_IS_UNIX_USER (identity)) - { - PolkitUnixUser *user_identity = POLKIT_UNIX_USER (identity); - const gchar *user_name = polkit_unix_user_get_name (user_identity); - if (!user_name) - continue; - - for (ll = authorization->netgroup_identities; ll != NULL; ll = ll->next) - { - if (innetgr ((const gchar *) ll->data, NULL, user_name, NULL)) - break; - } - } - - if (ll == NULL) - continue; - - /* Yay, a match! However, keep going since subsequent authorization entries may modify the result */ - *out_result_any = authorization->result_any; - *out_result_inactive = authorization->result_inactive; - *out_result_active = authorization->result_active; - ret = TRUE; - - if (details != NULL && authorization->return_value != NULL) - { - GHashTableIter iter; - const gchar *key; - const gchar *value; - - g_hash_table_iter_init (&iter, authorization->return_value); - while (g_hash_table_iter_next (&iter, (gpointer *) &key, (gpointer *) &value)) - { - polkit_details_insert (details, key, value); - } - } - -#if 0 - g_debug ("authorization with id `%s' matched action_id `%s' for identity `%s'", - authorization->id, - action_id, - polkit_identity_to_string (identity)); -#endif - } - - g_free (identity_string); - - return ret; -} diff --git a/src/polkitbackend/polkitbackendlocalauthorizationstore.h b/src/polkitbackend/polkitbackendlocalauthorizationstore.h deleted file mode 100644 index 4f198e9..0000000 --- a/src/polkitbackend/polkitbackendlocalauthorizationstore.h +++ /dev/null @@ -1,86 +0,0 @@ -/* - * Copyright (C) 2008 Red Hat, Inc. - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General - * Public License along with this library; if not, write to the - * Free Software Foundation, Inc., 59 Temple Place, Suite 330, - * Boston, MA 02111-1307, USA. - * - * Author: David Zeuthen <davidz@redhat.com> - */ - -#if !defined (_POLKIT_BACKEND_COMPILATION) || defined(_POLKIT_BACKEND_INSIDE_POLKIT_BACKEND_H) -#error "This is a private header file." -#endif - -#ifndef __POLKIT_BACKEND_LOCAL_AUTHORIZATION_STORE_H -#define __POLKIT_BACKEND_LOCAL_AUTHORIZATION_STORE_H - -#include <glib-object.h> -#include <gio/gio.h> -#include <polkitbackend/polkitbackendtypes.h> - -G_BEGIN_DECLS - -#define POLKIT_BACKEND_TYPE_LOCAL_AUTHORIZATION_STORE (polkit_backend_local_authorization_store_get_type ()) -#define POLKIT_BACKEND_LOCAL_AUTHORIZATION_STORE(o) (G_TYPE_CHECK_INSTANCE_CAST ((o), POLKIT_BACKEND_TYPE_LOCAL_AUTHORIZATION_STORE, PolkitBackendLocalAuthorizationStore)) -#define POLKIT_BACKEND_LOCAL_AUTHORIZATION_STORE_CLASS(k) (G_TYPE_CHECK_CLASS_CAST ((k), POLKIT_BACKEND_TYPE_LOCAL_AUTHORIZATION_STORE, PolkitBackendLocalAuthorizationStoreClass)) -#define POLKIT_BACKEND_LOCAL_AUTHORIZATION_STORE_GET_CLASS(o) (G_TYPE_INSTANCE_GET_CLASS ((o), POLKIT_BACKEND_TYPE_LOCAL_AUTHORIZATION_STORE,PolkitBackendLocalAuthorizationStoreClass)) -#define POLKIT_BACKEND_IS_LOCAL_AUTHORIZATION_STORE(o) (G_TYPE_CHECK_INSTANCE_TYPE ((o), POLKIT_BACKEND_TYPE_LOCAL_AUTHORIZATION_STORE)) -#define POLKIT_BACKEND_IS_LOCAL_AUTHORIZATION_STORE_CLASS(k) (G_TYPE_CHECK_CLASS_TYPE ((k), POLKIT_BACKEND_TYPE_LOCAL_AUTHORIZATION_STORE)) - -typedef struct _PolkitBackendLocalAuthorizationStore PolkitBackendLocalAuthorizationStore; -typedef struct _PolkitBackendLocalAuthorizationStoreClass PolkitBackendLocalAuthorizationStoreClass; -typedef struct _PolkitBackendLocalAuthorizationStorePrivate PolkitBackendLocalAuthorizationStorePrivate; - -struct _PolkitBackendLocalAuthorizationStore -{ - GObject parent_instance; - PolkitBackendLocalAuthorizationStorePrivate *priv; -}; - -struct _PolkitBackendLocalAuthorizationStoreClass -{ - /*< public >*/ - GObjectClass parent_class; - - /* Signals */ - void (*changed) (PolkitBackendLocalAuthorizationStore *store); - - /*< private >*/ - /* Padding for future expansion */ - void (*_polkit_reserved1) (void); - void (*_polkit_reserved2) (void); - void (*_polkit_reserved3) (void); - void (*_polkit_reserved4) (void); - void (*_polkit_reserved5) (void); - void (*_polkit_reserved6) (void); - void (*_polkit_reserved7) (void); - void (*_polkit_reserved8) (void); -}; - -GType polkit_backend_local_authorization_store_get_type (void) G_GNUC_CONST; -PolkitBackendLocalAuthorizationStore *polkit_backend_local_authorization_store_new (GFile *directory, - const gchar *extension); -gboolean polkit_backend_local_authorization_store_lookup (PolkitBackendLocalAuthorizationStore *store, - PolkitIdentity *identity, - const gchar *action_id, - PolkitDetails *details, - PolkitImplicitAuthorization *out_result_any, - PolkitImplicitAuthorization *out_result_inactive, - PolkitImplicitAuthorization *out_result_active); - -G_END_DECLS - -#endif /* __POLKIT_BACKEND_LOCAL_AUTHORIZATION_STORE_H */ - diff --git a/src/polkitbackend/polkitbackendtypes.h b/src/polkitbackend/polkitbackendtypes.h index 2fe36ac..3777991 100644 --- a/src/polkitbackend/polkitbackendtypes.h +++ b/src/polkitbackend/polkitbackendtypes.h @@ -33,9 +33,6 @@ typedef struct _PolkitBackendAuthority PolkitBackendAuthority; struct _PolkitBackendInteractiveAuthority; typedef struct _PolkitBackendInteractiveAuthority PolkitBackendInteractiveAuthority; -struct _PolkitBackendLocalAuthority; -typedef struct _PolkitBackendLocalAuthority PolkitBackendLocalAuthority; - struct _PolkitBackendJsAuthority; typedef struct _PolkitBackendJsAuthority PolkitBackendJsAuthority; |