diff options
author | David Zeuthen <davidz@redhat.com> | 2012-05-23 16:39:25 -0400 |
---|---|---|
committer | David Zeuthen <davidz@redhat.com> | 2012-05-23 16:39:25 -0400 |
commit | 0f830c76048229895164837f8ce01869d88a2616 (patch) | |
tree | 015f0ac20dce8f204553aa93fb2ff353abe60ce5 | |
parent | 29950854f6b9e9b8ea2d96d67c79eeec1046a4f1 (diff) |
Nuke polkitbackend library, localauthority backend and extension system
Any backend can now be implemented in JavaScript (if so desired) so we
don't need any of this any more.
Note that the libpolkitbackend library was never declared stable (the
preprocessor symbol POLKIT_BACKEND_I_KNOW_API_IS_SUBJECT_TO_CHANGE had
to be defined) so removing it is not an API/ABI break.
Signed-off-by: David Zeuthen <davidz@redhat.com>
27 files changed, 16 insertions, 2751 deletions
diff --git a/configure.ac b/configure.ac index 7c7ca7a..f75b8d9 100644 --- a/configure.ac +++ b/configure.ac @@ -461,7 +461,6 @@ src/polkitagent/Makefile src/polkitd/Makefile src/programs/Makefile src/examples/Makefile -src/nullbackend/Makefile docs/version.xml docs/extensiondir.xml docs/Makefile diff --git a/docs/polkit/Makefile.am b/docs/polkit/Makefile.am index 72d2fb8..a9bac88 100644 --- a/docs/polkit/Makefile.am +++ b/docs/polkit/Makefile.am @@ -31,8 +31,6 @@ INCLUDES = \ $(GIO_CFLAGS) \ -I$(top_srcdir)/src/polkit \ -I$(top_builddir)/src/polkit \ - -I$(top_srcdir)/src/polkitbackend \ - -I$(top_builddir)/src/polkitbackend \ -I$(top_srcdir)/src/polkitagent \ -I$(top_builddir)/src/polkitagent \ $(NULL) @@ -42,7 +40,6 @@ GTKDOC_LIBS = \ $(GLIB_LIBS) \ $(GIO_LIBS) \ $(top_builddir)/src/polkit/libpolkit-gobject-1.la \ - $(top_builddir)/src/polkitbackend/libpolkit-backend-1.la \ $(top_builddir)/src/polkitagent/libpolkit-agent-1.la \ $(NULL) diff --git a/docs/polkit/overview.xml b/docs/polkit/overview.xml index 24440d2..9f5a1a9 100644 --- a/docs/polkit/overview.xml +++ b/docs/polkit/overview.xml @@ -90,37 +90,4 @@ </para> </chapter> - <chapter id="polkit-extending"> - <title>Extending polkit</title> - <para> - polkit exports a number of extension points to - replace/customize behavior of the polkit daemon. Note that - all extensions run with super user privileges in the same - process as the polkit daemon. - </para> - <para> - The polkit daemons loads extensions - from the <filename>&extensiondir;</filename> directory. See - the <link linkend="gio-Extension-Points">GIO Extension Point - documentation</link> for more information about the extension - system used by polkit. - </para> - <para> - The following extension points are currently defined by - polkit: - </para> - - <formalpara> - <title>POLKIT_BACKEND_AUTHORITY_EXTENSION_POINT_NAME</title> - <para> - Allows replacing the Authority – the entity responsible for - making authorization decisions. Implementations of this - extension point must be derived from the - PolkitBackendAuthority class. See - the <filename>src/nullbackend/</filename> directory in the - polkit sources for an example. - </para> - </formalpara> - - </chapter> </part> diff --git a/docs/polkit/polkit-1-docs.xml b/docs/polkit/polkit-1-docs.xml index 84158ef..549768c 100644 --- a/docs/polkit/polkit-1-docs.xml +++ b/docs/polkit/polkit-1-docs.xml @@ -23,7 +23,7 @@ </part> <part id="ref-api"> - <title>Client API Reference</title> + <title>Library API Reference</title> <xi:include href="xml/polkitauthority.xml"/> <xi:include href="xml/polkitauthorizationresult.xml"/> <xi:include href="xml/polkitdetails.xml"/> @@ -47,13 +47,6 @@ </chapter> </part> - <part id="ref-backend-api"> - <title>Backend API Reference</title> - <xi:include href="xml/polkitbackendauthority.xml"/> - <xi:include href="xml/polkitbackendinteractiveauthority.xml"/> - <xi:include href="xml/polkitbackendlocalauthority.xml"/> - </part> - <part id="ref-authentication-agent-api"> <title>Authentication Agent API Reference</title> <xi:include href="xml/polkitagentlistener.xml"/> diff --git a/docs/polkit/polkit-1-sections.txt b/docs/polkit/polkit-1-sections.txt index 3881004..41b37e3 100644 --- a/docs/polkit/polkit-1-sections.txt +++ b/docs/polkit/polkit-1-sections.txt @@ -291,86 +291,6 @@ POLKIT_DETAILS_GET_CLASS </SECTION> <SECTION> -<FILE>polkitbackendauthority</FILE> -<TITLE>PolkitBackendAuthority</TITLE> -POLKIT_BACKEND_AUTHORITY_EXTENSION_POINT_NAME -PolkitBackendAuthority -PolkitBackendAuthorityClass -polkit_backend_authority_get_name -polkit_backend_authority_get_version -polkit_backend_authority_get_features -polkit_backend_authority_check_authorization -polkit_backend_authority_check_authorization_finish -polkit_backend_authority_register_authentication_agent -polkit_backend_authority_unregister_authentication_agent -polkit_backend_authority_authentication_agent_response -polkit_backend_authority_enumerate_actions -polkit_backend_authority_enumerate_temporary_authorizations -polkit_backend_authority_revoke_temporary_authorizations -polkit_backend_authority_revoke_temporary_authorization_by_id -polkit_backend_authority_get -polkit_backend_authority_register -polkit_backend_authority_unregister -<SUBSECTION Standard> -POLKIT_BACKEND_AUTHORITY -POLKIT_BACKEND_IS_AUTHORITY -POLKIT_BACKEND_TYPE_AUTHORITY -polkit_backend_authority_get_type -POLKIT_BACKEND_AUTHORITY_CLASS -POLKIT_BACKEND_IS_AUTHORITY_CLASS -POLKIT_BACKEND_AUTHORITY_GET_CLASS -</SECTION> - -<SECTION> -<FILE>polkitbackendactionlookup</FILE> -<TITLE>PolkitBackendActionLookup</TITLE> -POLKIT_BACKEND_ACTION_LOOKUP_EXTENSION_POINT_NAME -PolkitBackendActionLookup -PolkitBackendActionLookupIface -polkit_backend_action_lookup_get_message -polkit_backend_action_lookup_get_icon_name -polkit_backend_action_lookup_get_details -<SUBSECTION Standard> -POLKIT_BACKEND_ACTION_LOOKUP -POLKIT_BACKEND_IS_ACTION_LOOKUP -POLKIT_BACKEND_TYPE_ACTION_LOOKUP -polkit_backend_action_lookup_get_type -POLKIT_BACKEND_ACTION_LOOKUP_GET_IFACE -</SECTION> - -<SECTION> -<FILE>polkitbackendlocalauthority</FILE> -<TITLE>PolkitBackendLocalAuthority</TITLE> -PolkitBackendLocalAuthority -PolkitBackendLocalAuthorityClass -<SUBSECTION Standard> -POLKIT_BACKEND_LOCAL_AUTHORITY -POLKIT_BACKEND_IS_LOCAL_AUTHORITY -POLKIT_BACKEND_TYPE_LOCAL_AUTHORITY -polkit_backend_local_authority_get_type -POLKIT_BACKEND_LOCAL_AUTHORITY_CLASS -POLKIT_BACKEND_IS_LOCAL_AUTHORITY_CLASS -POLKIT_BACKEND_LOCAL_AUTHORITY_GET_CLASS -</SECTION> - -<SECTION> -<FILE>polkitbackendinteractiveauthority</FILE> -<TITLE>PolkitBackendInteractiveAuthority</TITLE> -PolkitBackendInteractiveAuthority -PolkitBackendInteractiveAuthorityClass -polkit_backend_interactive_authority_get_admin_identities -polkit_backend_interactive_authority_check_authorization_sync -<SUBSECTION Standard> -POLKIT_BACKEND_INTERACTIVE_AUTHORITY -POLKIT_BACKEND_IS_INTERACTIVE_AUTHORITY -POLKIT_BACKEND_TYPE_INTERACTIVE_AUTHORITY -polkit_backend_interactive_authority_get_type -POLKIT_BACKEND_INTERACTIVE_AUTHORITY_CLASS -POLKIT_BACKEND_IS_INTERACTIVE_AUTHORITY_CLASS -POLKIT_BACKEND_INTERACTIVE_AUTHORITY_GET_CLASS -</SECTION> - -<SECTION> <FILE>polkitagentsession</FILE> <TITLE>PolkitAgentSession</TITLE> PolkitAgentSession diff --git a/docs/polkit/polkit-1.types b/docs/polkit/polkit-1.types index b1e13cc..6354d12 100644 --- a/docs/polkit/polkit-1.types +++ b/docs/polkit/polkit-1.types @@ -16,15 +16,6 @@ polkit_authorization_result_get_type polkit_temporary_authorization_get_type polkit_permission_get_type -polkit_backend_authority_get_type -polkit_backend_interactive_authority_get_type -polkit_backend_local_authority_get_type -polkit_backend_action_lookup_get_type -polkit_backend_action_pool_get_type -polkit_backend_session_monitor_get_type -polkit_backend_config_source_get_type -polkit_backend_local_authorization_store_get_type - polkit_agent_session_get_type polkit_agent_listener_get_type polkit_agent_text_listener_get_type diff --git a/po/POTFILES.in b/po/POTFILES.in index 02f8255..6e76bdd 100644 --- a/po/POTFILES.in +++ b/po/POTFILES.in @@ -3,5 +3,4 @@ [encoding: UTF-8] actions/org.freedesktop.policykit.policy.in src/examples/org.freedesktop.policykit.examples.pkexec.policy.in -src/polkitbackend/polkitbackendlocalauthority.c src/programs/pkexec.c diff --git a/src/Makefile.am b/src/Makefile.am index 28c7bfa..3380fb2 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -1,5 +1,5 @@ -SUBDIRS = polkit polkitbackend polkitagent polkitd nullbackend programs +SUBDIRS = polkit polkitbackend polkitagent polkitd programs if BUILD_EXAMPLES SUBDIRS += examples diff --git a/src/nullbackend/50-nullbackend.conf b/src/nullbackend/50-nullbackend.conf deleted file mode 100644 index 3497677..0000000 --- a/src/nullbackend/50-nullbackend.conf +++ /dev/null @@ -1,16 +0,0 @@ -# -# Configuration file for the PolicyKit null backend. -# -# DO NOT EDIT THIS FILE, it will be overwritten on update. -# -# To change configuration, create another file in this directory with -# a filename that is sorted after the 50-nullback.conf and make -# sure it has the .conf extension. -# -# Only a single configuration item, Priority, is supported. -# -# See the PolicyKit documentation for more information about PolicyKit. -# - -[Configuration] -Priority=-10 diff --git a/src/nullbackend/Makefile.am b/src/nullbackend/Makefile.am deleted file mode 100644 index c683818..0000000 --- a/src/nullbackend/Makefile.am +++ /dev/null @@ -1,50 +0,0 @@ - -NULL = - -module_flags = -export_dynamic -avoid-version -module -no-undefined -export-symbols-regex '^g_io_module_(load|unload)' - -INCLUDES = \ - -I$(top_builddir)/src \ - -I$(top_srcdir)/src \ - -DPACKAGE_LIBEXEC_DIR=\""$(libexecdir)"\" \ - -DPACKAGE_SYSCONF_DIR=\""$(sysconfdir)"\" \ - -DPACKAGE_DATA_DIR=\""$(datadir)"\" \ - -DPACKAGE_BIN_DIR=\""$(bindir)"\" \ - -DPACKAGE_LOCALSTATE_DIR=\""$(localstatedir)"\" \ - -DPACKAGE_LOCALE_DIR=\""$(localedir)"\" \ - -DPACKAGE_LIB_DIR=\""$(libdir)"\" \ - -D_POSIX_PTHREAD_SEMANTICS \ - -D_REENTRANT \ - -D_POLKIT_BACKEND_COMPILATION \ - $(NULL) - -polkitmodulesdir = $(libdir)/polkit-1/extensions -polkitmodules_LTLIBRARIES = libnullbackend.la - -libnullbackend_la_SOURCES = \ - nullbackend.c \ - polkitbackendnullauthority.c polkitbackendnullauthority.h \ - $(NULL) - -libnullbackend_la_CFLAGS = \ - -DPOLKIT_BACKEND_I_KNOW_API_IS_SUBJECT_TO_CHANGE \ - -DG_LOG_DOMAIN=\"PolkitNullBackend\" \ - $(GLIB_CFLAGS) \ - $(NULL) - -libnullbackend_la_LDFLAGS = \ - $(module_flags) \ - $(GLIB_LIBS) \ - $(top_builddir)/src/polkitbackend/libpolkit-backend-1.la \ - $(NULL) - -libnullbackend_la_LIBADD = \ - $(NULL) - -nullconfigdir = $(sysconfdir)/polkit-1/nullbackend.conf.d -nullconfig_DATA = 50-nullbackend.conf - -EXTRA_DIST = $(nullconfig_DATA) - -clean-local : - rm -f *~ diff --git a/src/nullbackend/nullbackend.c b/src/nullbackend/nullbackend.c deleted file mode 100644 index 0436cf0..0000000 --- a/src/nullbackend/nullbackend.c +++ /dev/null @@ -1,34 +0,0 @@ -/* - * Copyright (C) 2009 Red Hat, Inc. - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General - * Public License along with this library; if not, write to the - * Free Software Foundation, Inc., 59 Temple Place, Suite 330, - * Boston, MA 02111-1307, USA. - * - * Author: David Zeuthen <davidz@redhat.com> - */ - -#include "polkitbackendnullauthority.h" - -void -g_io_module_load (GIOModule *module) -{ - polkit_backend_null_authority_register (module); -} - -void -g_io_module_unload (GIOModule *module) -{ -} - diff --git a/src/nullbackend/polkitbackendnullauthority.c b/src/nullbackend/polkitbackendnullauthority.c deleted file mode 100644 index 7491540..0000000 --- a/src/nullbackend/polkitbackendnullauthority.c +++ /dev/null @@ -1,195 +0,0 @@ -/* - * Copyright (C) 2008 Red Hat, Inc. - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General - * Public License along with this library; if not, write to the - * Free Software Foundation, Inc., 59 Temple Place, Suite 330, - * Boston, MA 02111-1307, USA. - * - * Author: David Zeuthen <davidz@redhat.com> - */ - -#include "config.h" -#include <errno.h> -#include <pwd.h> -#include <grp.h> -#include <string.h> -#include <glib/gstdio.h> - -#include "polkitbackend/polkitbackendconfigsource.h" -#include "polkitbackendnullauthority.h" - -struct _PolkitBackendNullAuthorityPrivate -{ - gint foo; -}; - -static GList *authority_enumerate_actions (PolkitBackendAuthority *authority, - PolkitSubject *caller, - const gchar *locale, - GError **error); - -static void authority_check_authorization (PolkitBackendAuthority *authority, - PolkitSubject *caller, - PolkitSubject *subject, - const gchar *action_id, - PolkitDetails *details, - PolkitCheckAuthorizationFlags flags, - GCancellable *cancellable, - GAsyncReadyCallback callback, - gpointer user_data); - -static PolkitAuthorizationResult *authority_check_authorization_finish (PolkitBackendAuthority *authority, - GAsyncResult *res, - GError **error); - -G_DEFINE_DYNAMIC_TYPE (PolkitBackendNullAuthority, polkit_backend_null_authority,POLKIT_BACKEND_TYPE_AUTHORITY); - -static void -polkit_backend_null_authority_init (PolkitBackendNullAuthority *authority) -{ - authority->priv = G_TYPE_INSTANCE_GET_PRIVATE (authority, - POLKIT_BACKEND_TYPE_NULL_AUTHORITY, - PolkitBackendNullAuthorityPrivate); -} - -static void -polkit_backend_null_authority_finalize (GObject *object) -{ - G_OBJECT_CLASS (polkit_backend_null_authority_parent_class)->finalize (object); -} - -static const gchar * -authority_get_name (PolkitBackendAuthority *authority) -{ - return "null"; -} - -static const gchar * -authority_get_version (PolkitBackendAuthority *authority) -{ - return PACKAGE_VERSION; -} - -static PolkitAuthorityFeatures -authority_get_features (PolkitBackendAuthority *authority) -{ - return POLKIT_AUTHORITY_FEATURES_NONE; -} - -static void -polkit_backend_null_authority_class_init (PolkitBackendNullAuthorityClass *klass) -{ - GObjectClass *gobject_class; - PolkitBackendAuthorityClass *authority_class; - - gobject_class = G_OBJECT_CLASS (klass); - authority_class = POLKIT_BACKEND_AUTHORITY_CLASS (klass); - - gobject_class->finalize = polkit_backend_null_authority_finalize; - - authority_class->get_name = authority_get_name; - authority_class->get_version = authority_get_version; - authority_class->get_features = authority_get_features; - authority_class->enumerate_actions = authority_enumerate_actions; - authority_class->check_authorization = authority_check_authorization; - authority_class->check_authorization_finish = authority_check_authorization_finish; - - g_type_class_add_private (klass, sizeof (PolkitBackendNullAuthorityPrivate)); -} - -static void -polkit_backend_null_authority_class_finalize (PolkitBackendNullAuthorityClass *klass) -{ -} - -void -polkit_backend_null_authority_register (GIOModule *module) -{ - gint priority; - GFile *directory; - PolkitBackendConfigSource *source; - - directory = g_file_new_for_path (PACKAGE_SYSCONF_DIR "/polkit-1/nullbackend.conf.d"); - source = polkit_backend_config_source_new (directory); - - priority = polkit_backend_config_source_get_integer (source, "Configuration", "Priority", NULL); - - polkit_backend_null_authority_register_type (G_TYPE_MODULE (module)); - - g_print ("Registering null backend at priority %d\n", priority); - - g_io_extension_point_implement (POLKIT_BACKEND_AUTHORITY_EXTENSION_POINT_NAME, - POLKIT_BACKEND_TYPE_NULL_AUTHORITY, - "null backend " PACKAGE_VERSION, - priority); - - g_object_unref (directory); - g_object_unref (source); -} - -/* ---------------------------------------------------------------------------------------------------- */ - -static GList * -authority_enumerate_actions (PolkitBackendAuthority *authority, - PolkitSubject *caller, - const gchar *locale, - GError **error) -{ - /* We don't know any actions */ - return NULL; -} - -static void -authority_check_authorization (PolkitBackendAuthority *authority, - PolkitSubject *caller, - PolkitSubject *subject, - const gchar *action_id, - PolkitDetails *details, - PolkitCheckAuthorizationFlags flags, - GCancellable *cancellable, - GAsyncReadyCallback callback, - gpointer user_data) -{ - GSimpleAsyncResult *simple; - - /* complete immediately */ - simple = g_simple_async_result_new (G_OBJECT (authority), - callback, - user_data, - authority_check_authorization); - g_simple_async_result_complete (simple); - g_object_unref (simple); -} - -static PolkitAuthorizationResult * -authority_check_authorization_finish (PolkitBackendAuthority *authority, - GAsyncResult *res, - GError **error) -{ - GSimpleAsyncResult *simple; - PolkitAuthorizationResult *result; - - simple = G_SIMPLE_ASYNC_RESULT (res); - - g_warn_if_fail (g_simple_async_result_get_source_tag (simple) == authority_check_authorization); - - /* we always return NOT_AUTHORIZED, never an error */ - result = polkit_authorization_result_new (FALSE, FALSE, NULL); - - if (g_simple_async_result_propagate_error (simple, error)) - goto out; - - out: - return result; -} diff --git a/src/nullbackend/polkitbackendnullauthority.h b/src/nullbackend/polkitbackendnullauthority.h deleted file mode 100644 index 318e482..0000000 --- a/src/nullbackend/polkitbackendnullauthority.h +++ /dev/null @@ -1,59 +0,0 @@ -/* - * Copyright (C) 2009 Red Hat, Inc. - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General - * Public License along with this library; if not, write to the - * Free Software Foundation, Inc., 59 Temple Place, Suite 330, - * Boston, MA 02111-1307, USA. - * - * Author: David Zeuthen <davidz@redhat.com> - */ - -#ifndef __POLKIT_BACKEND_NULL_AUTHORITY_H -#define __POLKIT_BACKEND_NULL_AUTHORITY_H - -#include <polkitbackend/polkitbackend.h> - -G_BEGIN_DECLS - -#define POLKIT_BACKEND_TYPE_NULL_AUTHORITY (polkit_backend_null_authority_get_type ()) -#define POLKIT_BACKEND_NULL_AUTHORITY(o) (G_TYPE_CHECK_INSTANCE_CAST ((o), POLKIT_BACKEND_TYPE_NULL_AUTHORITY, PolkitBackendNullAuthority)) -#define POLKIT_BACKEND_NULL_AUTHORITY_CLASS(k) (G_TYPE_CHECK_CLASS_CAST ((k), POLKIT_BACKEND_TYPE_NULL_AUTHORITY, PolkitBackendNullAuthorityClass)) -#define POLKIT_BACKEND_NULL_AUTHORITY_GET_CLASS(o) (G_TYPE_INSTANCE_GET_CLASS ((o), POLKIT_BACKEND_TYPE_NULL_AUTHORITY,PolkitBackendNullAuthorityClass)) -#define POLKIT_BACKEND_IS_NULL_AUTHORITY(o) (G_TYPE_CHECK_INSTANCE_TYPE ((o), POLKIT_BACKEND_TYPE_NULL_AUTHORITY)) -#define POLKIT_BACKEND_IS_NULL_AUTHORITY_CLASS(k) (G_TYPE_CHECK_CLASS_TYPE ((k), POLKIT_BACKEND_TYPE_NULL_AUTHORITY)) - -typedef struct _PolkitBackendNullAuthority PolkitBackendNullAuthority; -typedef struct _PolkitBackendNullAuthorityClass PolkitBackendNullAuthorityClass; -typedef struct _PolkitBackendNullAuthorityPrivate PolkitBackendNullAuthorityPrivate; - -struct _PolkitBackendNullAuthority -{ - PolkitBackendAuthority parent_instance; - PolkitBackendNullAuthorityPrivate *priv; -}; - -struct _PolkitBackendNullAuthorityClass -{ - PolkitBackendAuthorityClass parent_class; - -}; - -GType polkit_backend_null_authority_get_type (void) G_GNUC_CONST; - -void polkit_backend_null_authority_register (GIOModule *module); - -G_END_DECLS - -#endif /* __POLKIT_BACKEND_NULL_AUTHORITY_H */ - diff --git a/src/polkitbackend/Makefile.am b/src/polkitbackend/Makefile.am index 17d8310..c5b8d8a 100644 --- a/src/polkitbackend/Makefile.am +++ b/src/polkitbackend/Makefile.am @@ -18,25 +18,13 @@ INCLUDES = \ -D_REENTRANT \ $(NULL) -lib_LTLIBRARIES=libpolkit-backend-1.la - -libpolkit_backend_1includedir=$(includedir)/polkit-1/polkitbackend - +noinst_LTLIBRARIES=libpolkit-backend-1.la initjs.h : init.js $(PERL) $(srcdir)/toarray.pl $(srcdir)/init.js init_js > $@ BUILT_SOURCES += initjs.h -libpolkit_backend_1include_HEADERS = \ - polkitbackend.h \ - polkitbackendtypes.h \ - polkitbackendauthority.h \ - polkitbackendinteractiveauthority.h \ - polkitbackendlocalauthority.h \ - polkitbackendactionlookup.h \ - $(NULL) - libpolkit_backend_1_la_SOURCES = \ $(BUILT_SOURCES) \ polkitbackend.h \ @@ -44,12 +32,10 @@ libpolkit_backend_1_la_SOURCES = \ polkitbackendprivate.h \ polkitbackendauthority.h polkitbackendauthority.c \ polkitbackendinteractiveauthority.h polkitbackendinteractiveauthority.c \ - polkitbackendlocalauthority.h polkitbackendlocalauthority.c \ polkitbackendjsauthority.h polkitbackendjsauthority.c \ polkitbackendactionpool.h polkitbackendactionpool.c \ polkitbackendconfigsource.h polkitbackendconfigsource.c \ polkitbackendactionlookup.h polkitbackendactionlookup.c \ - polkitbackendlocalauthorizationstore.h polkitbackendlocalauthorizationstore.c \ $(NULL) if HAVE_LIBSYSTEMD_LOGIN @@ -76,15 +62,9 @@ libpolkit_backend_1_la_LIBADD = \ $(LIBJS_LIBS) \ $(NULL) -libpolkit_backend_1_la_LDFLAGS = -export-symbols-regex '(^polkit_.*)' - CLEANFILES = $(BUILT_SOURCES) -localauthorityconfigdir = $(sysconfdir)/polkit-1/localauthority.conf.d -localauthorityconfig_DATA = 50-localauthority.conf - EXTRA_DIST = \ - $(localauthorityconfig_DATA) \ init.js \ toarray.pl \ $(NULL) @@ -96,13 +76,6 @@ clean-local : rm -f *~ $(BUILT_SOURCES) install-exec-hook: - mkdir -p $(DESTDIR)$(localstatedir)/lib/polkit-1 - mkdir -p $(DESTDIR)$(localstatedir)/lib/polkit-1/localauthority/{10-vendor.d,20-org.d,30-site.d,50-local.d,90-mandatory.d} - -chmod 700 $(DESTDIR)$(localstatedir)/lib/polkit-1 - mkdir -p $(DESTDIR)$(sysconfdir)/polkit-1 - mkdir -p $(DESTDIR)$(sysconfdir)/polkit-1/localauthority/{10-vendor.d,20-org.d,30-site.d,50-local.d,90-mandatory.d} - -chmod 700 $(DESTDIR)$(sysconfdir)/polkit-1/localauthority - mkdir -p $(DESTDIR)$(libdir)/polkit-1/extensions mkdir -p $(DESTDIR)$(sysconfdir)/polkit-1/rules.d -chmod 700 $(DESTDIR)$(sysconfdir)/polkit-1/rules.d mkdir -p $(DESTDIR)$(datadir)/polkit-1/rules.d diff --git a/src/polkitbackend/polkitbackend.h b/src/polkitbackend/polkitbackend.h index 9b79d14..afa4be3 100644 --- a/src/polkitbackend/polkitbackend.h +++ b/src/polkitbackend/polkitbackend.h @@ -32,7 +32,6 @@ #include <polkitbackend/polkitbackendtypes.h> #include <polkitbackend/polkitbackendauthority.h> #include <polkitbackend/polkitbackendinteractiveauthority.h> -#include <polkitbackend/polkitbackendlocalauthority.h> #include <polkitbackend/polkitbackendactionlookup.h> #undef _POLKIT_BACKEND_INSIDE_POLKIT_BACKEND_H diff --git a/src/polkitbackend/polkitbackendauthority.c b/src/polkitbackend/polkitbackendauthority.c index e127247..91ece26 100644 --- a/src/polkitbackend/polkitbackendauthority.c +++ b/src/polkitbackend/polkitbackendauthority.c @@ -30,7 +30,6 @@ #include <polkit/polkitprivate.h> #include "polkitbackendauthority.h" -#include "polkitbackendlocalauthority.h" #include "polkitbackendjsauthority.h" #include "polkitbackendprivate.h" @@ -40,7 +39,7 @@ * @title: PolkitBackendAuthority * @short_description: Abstract base class for authority backends * @stability: Unstable - * @see_also: PolkitBackendLocalAuthority + * @see_also: PolkitBackendJsAuthority * * To implement an authority backend, simply subclass #PolkitBackendAuthority * and implement the required VFuncs. @@ -57,7 +56,7 @@ static guint signals[LAST_SIGNAL] = {0}; G_DEFINE_ABSTRACT_TYPE (PolkitBackendAuthority, polkit_backend_authority, G_TYPE_OBJECT); static void -polkit_backend_authority_init (PolkitBackendAuthority *local_authority) +polkit_backend_authority_init (PolkitBackendAuthority *authority) { } @@ -1349,71 +1348,30 @@ polkit_backend_authority_register (PolkitBackendAuthority *authority, /** * polkit_backend_authority_get: * - * Loads all #GIOModule<!-- -->s from <filename>$(libdir)/polkit-1/extensions</filename> to determine - * what implementation of #PolkitBackendAuthority to use. Then instantiates an object of the - * implementation with the highest priority and unloads all other modules. + * Gets the #PolkitBackendAuthority to use. * * Returns: A #PolkitBackendAuthority. Free with g_object_unref(). - **/ + */ PolkitBackendAuthority * polkit_backend_authority_get (void) { - static GIOExtensionPoint *ep = NULL; - static volatile GType local_authority_type = G_TYPE_INVALID; - static volatile GType js_authority_type = G_TYPE_INVALID; - GList *modules; - GList *authority_implementations; - GType authority_type; PolkitBackendAuthority *authority; - gchar *s; - - /* define extension points */ - if (ep == NULL) - { - ep = g_io_extension_point_register (POLKIT_BACKEND_AUTHORITY_EXTENSION_POINT_NAME); - g_io_extension_point_set_required_type (ep, POLKIT_BACKEND_TYPE_AUTHORITY); - } - - /* make sure local types are registered */ - if (local_authority_type == G_TYPE_INVALID) - local_authority_type = POLKIT_BACKEND_TYPE_LOCAL_AUTHORITY; - if (js_authority_type == G_TYPE_INVALID) - js_authority_type = POLKIT_BACKEND_TYPE_JS_AUTHORITY; - - /* load all modules */ - modules = g_io_modules_load_all_in_directory (PACKAGE_LIB_DIR "/polkit-1/extensions"); - /* find all extensions; we have at least one here since we've registered the local backend */ - authority_implementations = g_io_extension_point_get_extensions (ep); + /* TODO: move to polkitd/main.c */ - /* the returned list is sorted according to priority so just take the highest one */ - authority_type = g_io_extension_get_type ((GIOExtension*) authority_implementations->data); - authority = POLKIT_BACKEND_AUTHORITY (g_object_new (authority_type, NULL)); - - /* unload all modules; the module our instantiated authority is in won't be unloaded because - * we've instantiated a reference to a type in this module - */ - g_list_foreach (modules, (GFunc) g_type_module_unuse, NULL); - g_list_free (modules); - - /* First announce that we've started in the generic log */ + /* Announce that we've started in the generic log */ openlog ("polkitd", LOG_PID, LOG_DAEMON); /* system daemons without separate facility value */ - syslog (LOG_INFO, - "started daemon version %s using authority implementation `%s' version `%s'", - VERSION, - polkit_backend_authority_get_name (authority), - polkit_backend_authority_get_version (authority)); + syslog (LOG_INFO, "Started polkitd version %s", VERSION); closelog (); - /* and then log to the secure log */ - s = g_strdup_printf ("polkitd(authority=%s)", polkit_backend_authority_get_name (authority)); - openlog (s, - 0, + /* then start logging to the secure log */ + openlog ("polkitd", + LOG_PID, LOG_AUTHPRIV); /* security/authorization messages (private) */ - /* Ugh, can't free the string - gah, thanks openlog(3) */ - /*g_free (s);*/ + + authority = POLKIT_BACKEND_AUTHORITY (g_object_new (POLKIT_BACKEND_TYPE_JS_AUTHORITY, NULL)); return authority; } diff --git a/src/polkitbackend/polkitbackendauthority.h b/src/polkitbackend/polkitbackendauthority.h index a564054..f9f7385 100644 --- a/src/polkitbackend/polkitbackendauthority.h +++ b/src/polkitbackend/polkitbackendauthority.h @@ -43,13 +43,6 @@ G_BEGIN_DECLS typedef struct _PolkitBackendAuthorityClass PolkitBackendAuthorityClass; /** - * POLKIT_BACKEND_AUTHORITY_EXTENSION_POINT_NAME: - * - * Extension point name for authority backend implementations. - */ -#define POLKIT_BACKEND_AUTHORITY_EXTENSION_POINT_NAME "polkit-backend-authority-1" - -/** * PolkitBackendAuthority: * * The #PolkitBackendAuthority struct should not be accessed directly. diff --git a/src/polkitbackend/polkitbackendjsauthority.c b/src/polkitbackend/polkitbackendjsauthority.c index a7bf50b..39a6376 100644 --- a/src/polkitbackend/polkitbackendjsauthority.c +++ b/src/polkitbackend/polkitbackendjsauthority.c @@ -114,13 +114,7 @@ static PolkitImplicitAuthorization polkit_backend_js_authority_check_authorizati PolkitDetails *details, PolkitImplicitAuthorization implicit); -G_DEFINE_TYPE_WITH_CODE (PolkitBackendJsAuthority, - polkit_backend_js_authority, - POLKIT_BACKEND_TYPE_INTERACTIVE_AUTHORITY, - g_io_extension_point_implement (POLKIT_BACKEND_AUTHORITY_EXTENSION_POINT_NAME, - g_define_type_id, - "js-authority" PACKAGE_VERSION, - 10)); +G_DEFINE_TYPE (PolkitBackendJsAuthority, polkit_backend_js_authority, POLKIT_BACKEND_TYPE_INTERACTIVE_AUTHORITY); /* ---------------------------------------------------------------------------------------------------- */ diff --git a/src/polkitbackend/polkitbackendlocalauthority.c b/src/polkitbackend/polkitbackendlocalauthority.c deleted file mode 100644 index 2e5e8fe..0000000 --- a/src/polkitbackend/polkitbackendlocalauthority.c +++ /dev/null @@ -1,783 +0,0 @@ -/* - * Copyright (C) 2008 Red Hat, Inc. - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General - * Public License along with this library; if not, write to the - * Free Software Foundation, Inc., 59 Temple Place, Suite 330, - * Boston, MA 02111-1307, USA. - * - * Author: David Zeuthen <davidz@redhat.com> - */ - -#include "config.h" -#include <errno.h> -#include <pwd.h> -#include <grp.h> -#include <netdb.h> -#include <string.h> -#include <glib/gstdio.h> -#include <locale.h> -#include <glib/gi18n-lib.h> - -#include <polkit/polkit.h> -#include "polkitbackendconfigsource.h" -#include "polkitbackendlocalauthority.h" -#include "polkitbackendlocalauthorizationstore.h" - -#include <polkit/polkitprivate.h> - -/** - * SECTION:polkitbackendlocalauthority - * @title: PolkitBackendLocalAuthority - * @short_description: Local Authority - * @stability: Unstable - * - * An implementation of #PolkitBackendAuthority that stores - * authorizations on the local file system, supports interaction with - * authentication agents (virtue of being based on - * #PolkitBackendInteractiveAuthority). - */ - -/* ---------------------------------------------------------------------------------------------------- */ - -static GList *get_users_in_group (PolkitIdentity *group, - gboolean include_root); - -static GList *get_users_in_net_group (PolkitIdentity *group, - gboolean include_root); - -static GList *get_groups_for_user (PolkitIdentity *user); - -/* ---------------------------------------------------------------------------------------------------- */ - -typedef struct -{ - gchar *config_path; - PolkitBackendConfigSource *config_source; - - gchar **authorization_store_paths; - GList *authorization_stores; - GList *authorization_store_monitors; - -} PolkitBackendLocalAuthorityPrivate; - -/* ---------------------------------------------------------------------------------------------------- */ - -enum -{ - PROP_0, - - // Path overrides used for unit testing - PROP_CONFIG_PATH, - PROP_AUTH_STORE_PATHS, -}; - -/* ---------------------------------------------------------------------------------------------------- */ - -static GList *polkit_backend_local_authority_get_admin_auth_identities (PolkitBackendInteractiveAuthority *authority, - PolkitSubject *caller, - PolkitSubject *subject, - PolkitIdentity *user_for_subject, - const gchar *action_id, - PolkitDetails *details); - -static PolkitImplicitAuthorization polkit_backend_local_authority_check_authorization_sync ( - PolkitBackendInteractiveAuthority *authority, - PolkitSubject *caller, - PolkitSubject *subject, - PolkitIdentity *user_for_subject, - gboolean subject_is_local, - gboolean subject_is_active, - const gchar *action_id, - PolkitDetails *details, - PolkitImplicitAuthorization implicit); - -G_DEFINE_TYPE_WITH_CODE (PolkitBackendLocalAuthority, - polkit_backend_local_authority, - POLKIT_BACKEND_TYPE_INTERACTIVE_AUTHORITY, - g_io_extension_point_implement (POLKIT_BACKEND_AUTHORITY_EXTENSION_POINT_NAME, - g_define_type_id, - "local-authority" PACKAGE_VERSION, - 0)); - -#define POLKIT_BACKEND_LOCAL_AUTHORITY_GET_PRIVATE(o) (G_TYPE_INSTANCE_GET_PRIVATE ((o), POLKIT_BACKEND_TYPE_LOCAL_AUTHORITY, PolkitBackendLocalAuthorityPrivate)) - -/* ---------------------------------------------------------------------------------------------------- */ - -static void -on_store_changed (PolkitBackendLocalAuthorizationStore *store, - gpointer user_data) -{ - PolkitBackendLocalAuthority *authority = POLKIT_BACKEND_LOCAL_AUTHORITY (user_data); - - g_signal_emit_by_name (authority, "changed"); -} - -/* ---------------------------------------------------------------------------------------------------- */ - -static void -purge_all_authorization_stores (PolkitBackendLocalAuthority *authority) -{ - PolkitBackendLocalAuthorityPrivate *priv; - GList *l; - - priv = POLKIT_BACKEND_LOCAL_AUTHORITY_GET_PRIVATE (authority); - - for (l = priv->authorization_stores; l != NULL; l = l->next) - { - PolkitBackendLocalAuthorizationStore *store = POLKIT_BACKEND_LOCAL_AUTHORIZATION_STORE (l->data); - g_signal_handlers_disconnect_by_func (store, - G_CALLBACK (on_store_changed), - authority); - g_object_unref (store); - } - g_list_free (priv->authorization_stores); - priv->authorization_stores = NULL; - - g_debug ("Purged all local authorization stores"); -} - -/* ---------------------------------------------------------------------------------------------------- */ - -static void -add_one_authorization_store (PolkitBackendLocalAuthority *authority, - GFile *directory) -{ - PolkitBackendLocalAuthorizationStore *store; - PolkitBackendLocalAuthorityPrivate *priv; - - priv = POLKIT_BACKEND_LOCAL_AUTHORITY_GET_PRIVATE (authority); - - store = polkit_backend_local_authorization_store_new (directory, ".pkla"); - priv->authorization_stores = g_list_append (priv->authorization_stores, store); - - g_signal_connect (store, - "changed", - G_CALLBACK (on_store_changed), - authority); -} - -static gint -authorization_store_path_compare_func (GFile *file_a, - GFile *file_b) -{ - const gchar *a; - const gchar *b; - - a = g_object_get_data (G_OBJECT (file_a), "sort-key"); - b = g_object_get_data (G_OBJECT (file_b), "sort-key"); - - return g_strcmp0 (a, b); -} - -static void -add_all_authorization_stores (PolkitBackendLocalAuthority *authority) -{ - PolkitBackendLocalAuthorityPrivate *priv; - guint n; - GList *directories; - GList *l; - - priv = POLKIT_BACKEND_LOCAL_AUTHORITY_GET_PRIVATE (authority); - directories = NULL; - - for (n = 0; priv->authorization_store_paths && priv->authorization_store_paths[n]; n++) - { - const gchar *toplevel_path; - GFile *toplevel_directory; - GFileEnumerator *directory_enumerator; - GFileInfo *file_info; - GError *error; - - error = NULL; - - toplevel_path = priv->authorization_store_paths[n]; - toplevel_directory = g_file_new_for_path (toplevel_path); - directory_enumerator = g_file_enumerate_children (toplevel_directory, - "standard::name,standard::type", - G_FILE_QUERY_INFO_NONE, - NULL, - &error); - if (directory_enumerator == NULL) - { - g_warning ("Error getting enumerator for %s: %s", toplevel_path, error->message); - g_error_free (error); - g_object_unref (toplevel_directory); - continue; - } - - while ((file_info = g_file_enumerator_next_file (directory_enumerator, NULL, &error)) != NULL) - { - /* only consider directories */ - if (g_file_info_get_file_type (file_info) == G_FILE_TYPE_DIRECTORY) - { - const gchar *name; - GFile *directory; - gchar *sort_key; - - name = g_file_info_get_name (file_info); - - /* This makes entries in directories in /etc take precedence to entries in directories in /var */ - sort_key = g_strdup_printf ("%s-%d", name, n); - - directory = g_file_get_child (toplevel_directory, name); - g_object_set_data_full (G_OBJECT (directory), "sort-key", sort_key, g_free); - - directories = g_list_prepend (directories, directory); - } - g_object_unref (file_info); - } - if (error != NULL) - { - g_warning ("Error enumerating files in %s: %s", toplevel_path, error->message); - g_error_free (error); - g_object_unref (toplevel_directory); - g_object_unref (directory_enumerator); - continue; - } - g_object_unref (directory_enumerator); - g_object_unref (toplevel_directory); - } - - /* Sort directories */ - directories = g_list_sort (directories, (GCompareFunc) authorization_store_path_compare_func); - - /* And now add an authorization store for each one */ - for (l = directories; l != NULL; l = l->next) - { - GFile *directory = G_FILE (l->data); - gchar *name; - - name = g_file_get_path (directory); - g_debug ("Added `%s' as a local authorization store", name); - g_free (name); - - add_one_authorization_store (authority, directory); - } - - g_list_foreach (directories, (GFunc) g_object_unref, NULL); - g_list_free (directories); -} - -/* ---------------------------------------------------------------------------------------------------- */ - -static void -on_toplevel_authority_store_monitor_changed (GFileMonitor *monitor, - GFile *file, - GFile *other_file, - GFileMonitorEvent event_type, - gpointer user_data) -{ - PolkitBackendLocalAuthority *authority = POLKIT_BACKEND_LOCAL_AUTHORITY (user_data); - - purge_all_authorization_stores (authority); - add_all_authorization_stores (authority); -} - -static void -polkit_backend_local_authority_init (PolkitBackendLocalAuthority *authority) -{ - PolkitBackendLocalAuthorityPrivate *priv; - - priv = POLKIT_BACKEND_LOCAL_AUTHORITY_GET_PRIVATE (authority); - - priv->config_path = NULL; - priv->authorization_store_paths = NULL; -} - -static void -polkit_backend_local_authority_constructed (GObject *object) -{ - PolkitBackendLocalAuthority *authority; - PolkitBackendLocalAuthorityPrivate *priv; - GFile *config_directory; - guint n; - - authority = POLKIT_BACKEND_LOCAL_AUTHORITY (object); - priv = POLKIT_BACKEND_LOCAL_AUTHORITY_GET_PRIVATE (authority); - - g_debug ("Using config directory `%s'", priv->config_path); - config_directory = g_file_new_for_path (priv->config_path); - priv->config_source = polkit_backend_config_source_new (config_directory); - g_object_unref (config_directory); - - add_all_authorization_stores (authority); - - /* Monitor the toplevels */ - priv->authorization_store_monitors = NULL; - for (n = 0; priv->authorization_store_paths && priv->authorization_store_paths[n]; n++) - { - const gchar *toplevel_path; - GFile *toplevel_directory; - GFileMonitor *monitor; - GError *error; - - toplevel_path = priv->authorization_store_paths[n]; - toplevel_directory = g_file_new_for_path (toplevel_path); - - error = NULL; - monitor = g_file_monitor_directory (toplevel_directory, - G_FILE_MONITOR_NONE, - NULL, - &error); - if (monitor == NULL) - { - g_warning ("Error creating file monitor for %s: %s", toplevel_path, error->message); - g_error_free (error); - g_object_unref (toplevel_directory); - continue; - } - - g_debug ("Monitoring `%s' for changes", toplevel_path); - - g_signal_connect (monitor, - "changed", - G_CALLBACK (on_toplevel_authority_store_monitor_changed), - authority); - - priv->authorization_store_monitors = g_list_append (priv->authorization_store_monitors, monitor); - - g_object_unref (toplevel_directory); - } - - G_OBJECT_CLASS (polkit_backend_local_authority_parent_class)->constructed (object); -} - -static void -polkit_backend_local_authority_finalize (GObject *object) -{ - PolkitBackendLocalAuthority *local_authority; - PolkitBackendLocalAuthorityPrivate *priv; - - local_authority = POLKIT_BACKEND_LOCAL_AUTHORITY (object); - priv = POLKIT_BACKEND_LOCAL_AUTHORITY_GET_PRIVATE (local_authority); - - purge_all_authorization_stores (local_authority); - - g_list_free_full (priv->authorization_store_monitors, g_object_unref); - - if (priv->config_source != NULL) - g_object_unref (priv->config_source); - - g_free (priv->config_path); - g_strfreev (priv->authorization_store_paths); - - G_OBJECT_CLASS (polkit_backend_local_authority_parent_class)->finalize (object); -} - -static const gchar * -polkit_backend_local_authority_get_name (PolkitBackendAuthority *authority) -{ - return "local"; -} - -static const gchar * -polkit_backend_local_authority_get_version (PolkitBackendAuthority *authority) -{ - return PACKAGE_VERSION; -} - -static PolkitAuthorityFeatures -polkit_backend_local_authority_get_features (PolkitBackendAuthority *authority) -{ - return POLKIT_AUTHORITY_FEATURES_TEMPORARY_AUTHORIZATION; -} - -static void -polkit_backend_local_authority_set_property (GObject *object, guint property_id, const GValue *value, GParamSpec *pspec) -{ - PolkitBackendLocalAuthority *local_authority; - PolkitBackendLocalAuthorityPrivate *priv; - - local_authority = POLKIT_BACKEND_LOCAL_AUTHORITY (object); - priv = POLKIT_BACKEND_LOCAL_AUTHORITY_GET_PRIVATE (local_authority); - - switch (property_id) - { - case PROP_CONFIG_PATH: - g_free (priv->config_path); - priv->config_path = g_value_dup_string (value); - break; - case PROP_AUTH_STORE_PATHS: - g_strfreev (priv->authorization_store_paths); - priv->authorization_store_paths = g_strsplit (g_value_get_string (value), ";", 0); - break; - default: - G_OBJECT_WARN_INVALID_PROPERTY_ID (object, property_id, pspec); - break; - } -} - -static void -polkit_backend_local_authority_class_init (PolkitBackendLocalAuthorityClass *klass) -{ - GObjectClass *gobject_class; - PolkitBackendAuthorityClass *authority_class; - PolkitBackendInteractiveAuthorityClass *interactive_authority_class; - GParamSpec *pspec; - - gobject_class = G_OBJECT_CLASS (klass); - authority_class = POLKIT_BACKEND_AUTHORITY_CLASS (klass); - interactive_authority_class = POLKIT_BACKEND_INTERACTIVE_AUTHORITY_CLASS (klass); - - gobject_class->set_property = polkit_backend_local_authority_set_property; - gobject_class->finalize = polkit_backend_local_authority_finalize; - gobject_class->constructed = polkit_backend_local_authority_constructed; - authority_class->get_name = polkit_backend_local_authority_get_name; - authority_class->get_version = polkit_backend_local_authority_get_version; - authority_class->get_features = polkit_backend_local_authority_get_features; - interactive_authority_class->get_admin_identities = polkit_backend_local_authority_get_admin_auth_identities; - interactive_authority_class->check_authorization_sync = polkit_backend_local_authority_check_authorization_sync; - - pspec = g_param_spec_string ("config-path", - "Local Authority Configuration Path", - "Path to directory of LocalAuthority config files.", - PACKAGE_SYSCONF_DIR "/polkit-1/localauthority.conf.d", - G_PARAM_CONSTRUCT_ONLY | G_PARAM_WRITABLE); - g_object_class_install_property (gobject_class, PROP_CONFIG_PATH, pspec); - - pspec = g_param_spec_string ("auth-store-paths", - "Local Authorization Store Paths", - "Semi-colon separated list of Authorization Store 'top' directories.", - PACKAGE_LOCALSTATE_DIR "/lib/polkit-1/localauthority;" - PACKAGE_SYSCONF_DIR "/polkit-1/localauthority", - G_PARAM_CONSTRUCT_ONLY | G_PARAM_WRITABLE); - g_object_class_install_property (gobject_class, PROP_AUTH_STORE_PATHS, pspec); - - g_type_class_add_private (klass, sizeof (PolkitBackendLocalAuthorityPrivate)); -} - -static GList * -polkit_backend_local_authority_get_admin_auth_identities (PolkitBackendInteractiveAuthority *authority, - PolkitSubject *caller, - PolkitSubject *subject, - PolkitIdentity *user_for_subject, - const gchar *action_id, - PolkitDetails *details) -{ - PolkitBackendLocalAuthority *local_authority; - PolkitBackendLocalAuthorityPrivate *priv; - GList *ret; - guint n; - gchar **admin_identities; - GError *error; - - local_authority = POLKIT_BACKEND_LOCAL_AUTHORITY (authority); - priv = POLKIT_BACKEND_LOCAL_AUTHORITY_GET_PRIVATE (local_authority); - - ret = NULL; - - error = NULL; - admin_identities = polkit_backend_config_source_get_string_list (priv->config_source, - "Configuration", - "AdminIdentities", - &error); - if (admin_identities == NULL) - { - g_warning ("Error getting admin_identities configuration item: %s", error->message); - g_error_free (error); - goto out; - } - - for (n = 0; admin_identities[n] != NULL; n++) - { - PolkitIdentity *identity; - - error = NULL; - identity = polkit_identity_from_string (admin_identities[n], &error); - if (identity == NULL) - { - g_warning ("Error parsing identity %s: %s", admin_identities[n], error->message); - g_error_free (error); - continue; - } - - if (POLKIT_IS_UNIX_USER (identity)) - { - ret = g_list_append (ret, identity); - } - else if (POLKIT_IS_UNIX_GROUP (identity)) - { - ret = g_list_concat (ret, get_users_in_group (identity, FALSE)); - } - else if (POLKIT_IS_UNIX_NETGROUP (identity)) - { - ret = g_list_concat (ret, get_users_in_net_group (identity, FALSE)); - } - else - { - g_warning ("Unsupported identity %s", admin_identities[n]); - } - } - - g_strfreev (admin_identities); - - out: - - /* default to uid 0 if no admin identities has been found */ - if (ret == NULL) - ret = g_list_prepend (ret, polkit_unix_user_new (0)); - - return ret; -} - -/* ---------------------------------------------------------------------------------------------------- */ - -static PolkitImplicitAuthorization -polkit_backend_local_authority_check_authorization_sync (PolkitBackendInteractiveAuthority *authority, - PolkitSubject *caller, - PolkitSubject *subject, - PolkitIdentity *user_for_subject, - gboolean subject_is_local, - gboolean subject_is_active, - const gchar *action_id, - PolkitDetails *details, - PolkitImplicitAuthorization implicit) -{ - PolkitBackendLocalAuthority *local_authority; - PolkitBackendLocalAuthorityPrivate *priv; - PolkitImplicitAuthorization ret; - PolkitImplicitAuthorization ret_any; - PolkitImplicitAuthorization ret_inactive; - PolkitImplicitAuthorization ret_active; - GList *groups; - GList *l, *ll; - - ret = implicit; - - local_authority = POLKIT_BACKEND_LOCAL_AUTHORITY (authority); - priv = POLKIT_BACKEND_LOCAL_AUTHORITY_GET_PRIVATE (local_authority); - -#if 0 - g_debug ("local: checking `%s' for subject `%s' (user `%s')", - action_id, - polkit_subject_to_string (subject), - polkit_identity_to_string (user_for_subject)); -#endif - - /* First lookup for all groups the user belong to */ - groups = get_groups_for_user (user_for_subject); - for (ll = groups; ll != NULL; ll = ll->next) - { - PolkitIdentity *group = POLKIT_IDENTITY (ll->data); - - for (l = priv->authorization_stores; l != NULL; l = l->next) - { - PolkitBackendLocalAuthorizationStore *store = POLKIT_BACKEND_LOCAL_AUTHORIZATION_STORE (l->data); - - if (polkit_backend_local_authorization_store_lookup (store, - group, - action_id, - details, - &ret_any, - &ret_inactive, - &ret_active)) - { - if (subject_is_local && subject_is_active) - { - if (ret_active != POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN) - ret = ret_active; - } - else if (subject_is_local) - { - if (ret_inactive != POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN) - ret = ret_inactive; - } - else - { - if (ret_any != POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN) - ret = ret_any; - } - } - } - } - g_list_foreach (groups, (GFunc) g_object_unref, NULL); - g_list_free (groups); - - /* Then do it for the user */ - for (l = priv->authorization_stores; l != NULL; l = l->next) - { - PolkitBackendLocalAuthorizationStore *store = POLKIT_BACKEND_LOCAL_AUTHORIZATION_STORE (l->data); - - if (polkit_backend_local_authorization_store_lookup (store, - user_for_subject, - action_id, - details, - &ret_any, - &ret_inactive, - &ret_active)) - { - if (subject_is_local && subject_is_active) - { - if (ret_active != POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN) - ret = ret_active; - } - else if (subject_is_local) - { - if (ret_inactive != POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN) - ret = ret_inactive; - } - else - { - if (ret_any != POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN) - ret = ret_any; - } - } - } - - return ret; -} - -/* ---------------------------------------------------------------------------------------------------- */ - -static GList * -get_users_in_group (PolkitIdentity *group, - gboolean include_root) -{ - gid_t gid; - struct group *grp; - GList *ret; - guint n; - - ret = NULL; - - gid = polkit_unix_group_get_gid (POLKIT_UNIX_GROUP (group)); - grp = getgrgid (gid); - if (grp == NULL) - { - g_warning ("Error looking up group with gid %d: %s", gid, g_strerror (errno)); - goto out; - } - - for (n = 0; grp->gr_mem != NULL && grp->gr_mem[n] != NULL; n++) - { - PolkitIdentity *user; - GError *error; - - if (!include_root && g_strcmp0 (grp->gr_mem[n], "root") == 0) - continue; - - error = NULL; - user = polkit_unix_user_new_for_name (grp->gr_mem[n], &error); - if (user == NULL) - { - g_warning ("Unknown username '%s' in group: %s", grp->gr_mem[n], error->message); - g_error_free (error); - } - else - { - ret = g_list_prepend (ret, user); - } - } - - ret = g_list_reverse (ret); - - out: - return ret; -} - -static GList * -get_users_in_net_group (PolkitIdentity *group, - gboolean include_root) -{ - const gchar *name; - GList *ret; - - ret = NULL; - name = polkit_unix_netgroup_get_name (POLKIT_UNIX_NETGROUP (group)); - - if (setnetgrent (name) == 0) - { - g_warning ("Error looking up net group with name %s: %s", name, g_strerror (errno)); - goto out; - } - - for (;;) - { - char *hostname, *username, *domainname; - PolkitIdentity *user; - GError *error = NULL; - - if (getnetgrent (&hostname, &username, &domainname) == 0) - break; - - /* Skip NULL entries since we never want to make everyone an admin - * Skip "-" entries which mean "no match ever" in netgroup land */ - if (username == NULL || g_strcmp0 (username, "-") == 0) - continue; - - /* TODO: Should we match on hostname? Maybe only allow "-" as a hostname - * for safety. */ - - user = polkit_unix_user_new_for_name (username, &error); - if (user == NULL) - { - g_warning ("Unknown username '%s' in unix-netgroup: %s", username, error->message); - g_error_free (error); - } - else - { - ret = g_list_prepend (ret, user); - } - } - - ret = g_list_reverse (ret); - - out: - endnetgrent (); - return ret; -} - - -static GList * -get_groups_for_user (PolkitIdentity *user) -{ - uid_t uid; - struct passwd *passwd; - GList *result; - gid_t groups[512]; - int num_groups = 512; - int n; - - result = NULL; - - /* TODO: it would be, uhm, good to cache this information */ - - uid = polkit_unix_user_get_uid (POLKIT_UNIX_USER (user)); - passwd = getpwuid (uid); - if (passwd == NULL) - { - g_warning ("No user with uid %d", uid); - goto out; - } - - /* TODO: should resize etc etc etc */ - - if (getgrouplist (passwd->pw_name, - passwd->pw_gid, - groups, - &num_groups) < 0) - { - g_warning ("Error looking up groups for uid %d: %s", uid, g_strerror (errno)); - goto out; - } - - for (n = 0; n < num_groups; n++) - result = g_list_prepend (result, polkit_unix_group_new (groups[n])); - - out: - - return result; -} - -/* ---------------------------------------------------------------------------------------------------- */ diff --git a/src/polkitbackend/polkitbackendlocalauthority.h b/src/polkitbackend/polkitbackendlocalauthority.h deleted file mode 100644 index 553da3b..0000000 --- a/src/polkitbackend/polkitbackendlocalauthority.h +++ /dev/null @@ -1,107 +0,0 @@ -/* - * Copyright (C) 2008 Red Hat, Inc. - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General - * Public License along with this library; if not, write to the - * Free Software Foundation, Inc., 59 Temple Place, Suite 330, - * Boston, MA 02111-1307, USA. - * - * Author: David Zeuthen <davidz@redhat.com> - */ - -#if !defined (_POLKIT_BACKEND_COMPILATION) && !defined(_POLKIT_BACKEND_INSIDE_POLKIT_BACKEND_H) -#error "Only <polkitbackend/polkitbackend.h> can be included directly, this file may disappear or change contents." -#endif - -#ifndef __POLKIT_BACKEND_LOCAL_AUTHORITY_H -#define __POLKIT_BACKEND_LOCAL_AUTHORITY_H - -#include <glib-object.h> -#include <polkitbackend/polkitbackendtypes.h> -#include <polkitbackend/polkitbackendinteractiveauthority.h> - -G_BEGIN_DECLS - -#define POLKIT_BACKEND_TYPE_LOCAL_AUTHORITY (polkit_backend_local_authority_get_type ()) -#define POLKIT_BACKEND_LOCAL_AUTHORITY(o) (G_TYPE_CHECK_INSTANCE_CAST ((o), POLKIT_BACKEND_TYPE_LOCAL_AUTHORITY, PolkitBackendLocalAuthority)) -#define POLKIT_BACKEND_LOCAL_AUTHORITY_CLASS(k) (G_TYPE_CHECK_CLASS_CAST ((k), POLKIT_BACKEND_TYPE_LOCAL_AUTHORITY, PolkitBackendLocalAuthorityClass)) -#define POLKIT_BACKEND_LOCAL_AUTHORITY_GET_CLASS(o) (G_TYPE_INSTANCE_GET_CLASS ((o), POLKIT_BACKEND_TYPE_LOCAL_AUTHORITY,PolkitBackendLocalAuthorityClass)) -#define POLKIT_BACKEND_IS_LOCAL_AUTHORITY(o) (G_TYPE_CHECK_INSTANCE_TYPE ((o), POLKIT_BACKEND_TYPE_LOCAL_AUTHORITY)) -#define POLKIT_BACKEND_IS_LOCAL_AUTHORITY_CLASS(k) (G_TYPE_CHECK_CLASS_TYPE ((k), POLKIT_BACKEND_TYPE_LOCAL_AUTHORITY)) - -typedef struct _PolkitBackendLocalAuthorityClass PolkitBackendLocalAuthorityClass; - -/** - * PolkitBackendLocalAuthority: - * - * The #PolkitBackendLocalAuthority struct should not be accessed directly. - */ -struct _PolkitBackendLocalAuthority -{ - /*< private >*/ - PolkitBackendInteractiveAuthority parent_instance; -}; - -/** - * PolkitBackendLocalAuthorityClass: - * @parent_class: The parent class. - * - * Class structure for #PolkitBackendLocalAuthority. - */ -struct _PolkitBackendLocalAuthorityClass -{ - /*< public >*/ - PolkitBackendInteractiveAuthorityClass parent_class; - - /*< private >*/ - /* Padding for future expansion */ - void (*_polkit_reserved1) (void); - void (*_polkit_reserved2) (void); - void (*_polkit_reserved3) (void); - void (*_polkit_reserved4) (void); - void (*_polkit_reserved5) (void); - void (*_polkit_reserved6) (void); - void (*_polkit_reserved7) (void); - void (*_polkit_reserved8) (void); - void (*_polkit_reserved9) (void); - void (*_polkit_reserved10) (void); - void (*_polkit_reserved11) (void); - void (*_polkit_reserved12) (void); - void (*_polkit_reserved13) (void); - void (*_polkit_reserved14) (void); - void (*_polkit_reserved15) (void); - void (*_polkit_reserved16) (void); - void (*_polkit_reserved17) (void); - void (*_polkit_reserved18) (void); - void (*_polkit_reserved19) (void); - void (*_polkit_reserved20) (void); - void (*_polkit_reserved21) (void); - void (*_polkit_reserved22) (void); - void (*_polkit_reserved23) (void); - void (*_polkit_reserved24) (void); - void (*_polkit_reserved25) (void); - void (*_polkit_reserved26) (void); - void (*_polkit_reserved27) (void); - void (*_polkit_reserved28) (void); - void (*_polkit_reserved29) (void); - void (*_polkit_reserved30) (void); - void (*_polkit_reserved31) (void); - void (*_polkit_reserved32) (void); -}; - -GType polkit_backend_local_authority_get_type (void) G_GNUC_CONST; - -G_END_DECLS - -#endif /* __POLKIT_BACKEND_LOCAL_AUTHORITY_H */ - diff --git a/src/polkitbackend/polkitbackendlocalauthorizationstore.c b/src/polkitbackend/polkitbackendlocalauthorizationstore.c deleted file mode 100644 index f40a943..0000000 --- a/src/polkitbackend/polkitbackendlocalauthorizationstore.c +++ /dev/null @@ -1,776 +0,0 @@ -/* - * Copyright (C) 2008 Red Hat, Inc. - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General - * Public License along with this library; if not, write to the - * Free Software Foundation, Inc., 59 Temple Place, Suite 330, - * Boston, MA 02111-1307, USA. - * - * Author: David Zeuthen <davidz@redhat.com> - */ - -#include "config.h" - -#include <netdb.h> -#include <string.h> -#include <polkit/polkit.h> -#include "polkitbackendlocalauthorizationstore.h" - -/* <internal> - * SECTION:polkitbackendlocalauthorizationstore - * @title: PolkitBackendLocalAuthorizationStore - * @short_description: Watches a directory for authorization files - * - * #PolkitBackendLocalAuthorizationStore is a utility class to watch - * and read authorization files from a directory. - */ - -struct _PolkitBackendLocalAuthorizationStorePrivate -{ - GFile *directory; - gchar *extension; - - GFileMonitor *directory_monitor; - - /* List of LocalAuthorization objects */ - GList *authorizations; - - gboolean has_data; -}; - -enum -{ - PROP_0, - PROP_DIRECTORY, - PROP_EXTENSION, -}; - -enum -{ - CHANGED_SIGNAL, - LAST_SIGNAL, -}; - -static guint signals[LAST_SIGNAL] = {0}; - -static void polkit_backend_local_authorization_store_purge (PolkitBackendLocalAuthorizationStore *store); - -static void polkit_backend_local_authorization_store_ensure (PolkitBackendLocalAuthorizationStore *store); - -G_DEFINE_TYPE (PolkitBackendLocalAuthorizationStore, polkit_backend_local_authorization_store, G_TYPE_OBJECT); - -/* ---------------------------------------------------------------------------------------------------- */ - -typedef struct -{ - gchar *id; - - /* Identities with glob support */ - GList *identity_specs; - - /* Netgroup identity strings, which can not support glob syntax */ - GList *netgroup_identities; - - GList *action_specs; - - PolkitImplicitAuthorization result_any; - PolkitImplicitAuthorization result_inactive; - PolkitImplicitAuthorization result_active; - - GHashTable *return_value; -} LocalAuthorization; - -static void -local_authorization_free (LocalAuthorization *authorization) -{ - g_free (authorization->id); - g_list_foreach (authorization->identity_specs, (GFunc) g_pattern_spec_free, NULL); - g_list_free (authorization->identity_specs); - g_list_free_full (authorization->netgroup_identities, g_free); - g_list_foreach (authorization->action_specs, (GFunc) g_pattern_spec_free, NULL); - g_list_free (authorization->action_specs); - if (authorization->return_value != NULL) - g_hash_table_unref (authorization->return_value); - g_free (authorization); -} - - -static LocalAuthorization * -local_authorization_new (GKeyFile *key_file, - const gchar *filename, - const gchar *group, - GError **error) -{ - LocalAuthorization *authorization; - gchar **identity_strings; - gchar **action_strings; - gchar *result_any_string; - gchar *result_inactive_string; - gchar *result_active_string; - gchar **return_value_strings; - guint n; - - identity_strings = NULL; - action_strings = NULL; - result_any_string = NULL; - result_inactive_string = NULL; - result_active_string = NULL; - return_value_strings = NULL; - - authorization = g_new0 (LocalAuthorization, 1); - - identity_strings = g_key_file_get_string_list (key_file, - group, - "Identity", - NULL, - error); - if (identity_strings == NULL) - { - local_authorization_free (authorization); - authorization = NULL; - goto out; - } - for (n = 0; identity_strings[n] != NULL; n++) - { - /* Put netgroup entries in a seperate list from other identities who support glob syntax */ - if (g_str_has_prefix (identity_strings[n], "unix-netgroup:")) - authorization->netgroup_identities = g_list_prepend (authorization->netgroup_identities, - g_strdup (identity_strings[n] + sizeof "unix-netgroup:" - 1)); - else - authorization->identity_specs = g_list_prepend (authorization->identity_specs, - g_pattern_spec_new (identity_strings[n])); - } - - action_strings = g_key_file_get_string_list (key_file, - group, - "Action", - NULL, - error); - if (action_strings == NULL) - { - local_authorization_free (authorization); - authorization = NULL; - goto out; - } - for (n = 0; action_strings[n] != NULL; n++) - { - authorization->action_specs = g_list_prepend (authorization->action_specs, - g_pattern_spec_new (action_strings[n])); - } - - authorization->result_any = POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN; - authorization->result_inactive = POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN; - authorization->result_active = POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN; - - result_any_string = g_key_file_get_string (key_file, - group, - "ResultAny", - NULL); - if (result_any_string != NULL) - { - if (!polkit_implicit_authorization_from_string (result_any_string, - &authorization->result_any)) - { - g_set_error (error, - POLKIT_ERROR, - POLKIT_ERROR_FAILED, - "Cannot parse ResultAny string `%s'", result_any_string); - local_authorization_free (authorization); - authorization = NULL; - goto out; - } - } - - result_inactive_string = g_key_file_get_string (key_file, - group, - "ResultInactive", - NULL); - if (result_inactive_string != NULL) - { - if (!polkit_implicit_authorization_from_string (result_inactive_string, - &authorization->result_inactive)) - { - g_set_error (error, - POLKIT_ERROR, - POLKIT_ERROR_FAILED, - "Cannot parse ResultInactive string `%s'", result_inactive_string); - local_authorization_free (authorization); - authorization = NULL; - goto out; - } - } - - result_active_string = g_key_file_get_string (key_file, - group, - "ResultActive", - NULL); - if (result_active_string != NULL) - { - if (!polkit_implicit_authorization_from_string (result_active_string, - &authorization->result_active)) - { - g_set_error (error, - POLKIT_ERROR, - POLKIT_ERROR_FAILED, - "Cannot parse ResultActive string `%s'", result_active_string); - local_authorization_free (authorization); - authorization = NULL; - goto out; - } - } - - if (result_any_string == NULL && result_inactive_string == NULL && result_active_string == NULL) - { - g_set_error (error, - POLKIT_ERROR, - POLKIT_ERROR_FAILED, - "Must have at least one of ResultAny, ResultInactive and ResultActive"); - local_authorization_free (authorization); - authorization = NULL; - goto out; - } - - return_value_strings = g_key_file_get_string_list (key_file, - group, - "ReturnValue", - NULL, - error); - if (return_value_strings != NULL) - { - for (n = 0; return_value_strings[n] != NULL; n++) - { - gchar *p; - const gchar *key; - const gchar *value; - - p = strchr (return_value_strings[n], '='); - if (p == NULL) - { - g_warning ("Item `%s' in ReturnValue is malformed. Ignoring.", - return_value_strings[n]); - continue; - } - - *p = '\0'; - key = return_value_strings[n]; - value = p + 1; - - if (authorization->return_value == NULL) - { - authorization->return_value = g_hash_table_new_full (g_str_hash, - g_str_equal, - g_free, - g_free); - } - g_hash_table_insert (authorization->return_value, g_strdup (key), g_strdup (value)); - } - } - - authorization->id = g_strdup_printf ("%s::%s", filename, group); - - out: - g_strfreev (identity_strings); - g_free (action_strings); - g_free (result_any_string); - g_free (result_inactive_string); - g_free (result_active_string); - g_strfreev (return_value_strings); - return authorization; -} - -/* ---------------------------------------------------------------------------------------------------- */ - -static void -polkit_backend_local_authorization_store_init (PolkitBackendLocalAuthorizationStore *store) -{ - store->priv = G_TYPE_INSTANCE_GET_PRIVATE (store, - POLKIT_BACKEND_TYPE_LOCAL_AUTHORIZATION_STORE, - PolkitBackendLocalAuthorizationStorePrivate); -} - -static void -polkit_backend_local_authorization_store_finalize (GObject *object) -{ - PolkitBackendLocalAuthorizationStore *store = POLKIT_BACKEND_LOCAL_AUTHORIZATION_STORE (object); - - if (store->priv->directory != NULL) - g_object_unref (store->priv->directory); - g_free (store->priv->extension); - - if (store->priv->directory_monitor != NULL) - g_object_unref (store->priv->directory_monitor); - - g_list_foreach (store->priv->authorizations, (GFunc) local_authorization_free, NULL); - g_list_free (store->priv->authorizations); - - if (G_OBJECT_CLASS (polkit_backend_local_authorization_store_parent_class)->finalize != NULL) - G_OBJECT_CLASS (polkit_backend_local_authorization_store_parent_class)->finalize (object); -} - - -static void -polkit_backend_local_authorization_store_get_property (GObject *object, - guint prop_id, - GValue *value, - GParamSpec *pspec) -{ - PolkitBackendLocalAuthorizationStore *store = POLKIT_BACKEND_LOCAL_AUTHORIZATION_STORE (object); - - switch (prop_id) - { - case PROP_DIRECTORY: - g_value_set_object (value, store->priv->directory); - break; - - case PROP_EXTENSION: - g_value_set_string (value, store->priv->extension); - break; - - default: - G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); - break; - } -} - -static void -polkit_backend_local_authorization_store_set_property (GObject *object, - guint prop_id, - const GValue *value, - GParamSpec *pspec) -{ - PolkitBackendLocalAuthorizationStore *store = POLKIT_BACKEND_LOCAL_AUTHORIZATION_STORE (object); - - switch (prop_id) - { - case PROP_DIRECTORY: - store->priv->directory = g_value_dup_object (value); - break; - - case PROP_EXTENSION: - store->priv->extension = g_value_dup_string (value); - break; - - default: - G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); - break; - } -} - -static void -directory_monitor_changed (GFileMonitor *monitor, - GFile *file, - GFile *other_file, - GFileMonitorEvent event_type, - gpointer user_data) -{ - PolkitBackendLocalAuthorizationStore *store; - - store = POLKIT_BACKEND_LOCAL_AUTHORIZATION_STORE (user_data); - - if (file != NULL) - { - gchar *name; - - name = g_file_get_basename (file); - - //g_debug ("event_type=%d file=%p name=%s", event_type, file, name); - - if (!g_str_has_prefix (name, ".") && - !g_str_has_prefix (name, "#") && - g_str_has_suffix (name, store->priv->extension) && - (event_type == G_FILE_MONITOR_EVENT_CREATED || - event_type == G_FILE_MONITOR_EVENT_DELETED || - event_type == G_FILE_MONITOR_EVENT_CHANGES_DONE_HINT)) - { - - //g_debug ("match"); - - /* now throw away all caches */ - polkit_backend_local_authorization_store_purge (store); - g_signal_emit_by_name (store, "changed"); - } - - g_free (name); - } -} - -static void -polkit_backend_local_authorization_store_constructed (GObject *object) -{ - PolkitBackendLocalAuthorizationStore *store = POLKIT_BACKEND_LOCAL_AUTHORIZATION_STORE (object); - GError *error; - - error = NULL; - store->priv->directory_monitor = g_file_monitor_directory (store->priv->directory, - G_FILE_MONITOR_NONE, - NULL, - &error); - if (store->priv->directory_monitor == NULL) - { - gchar *dir_name; - dir_name = g_file_get_uri (store->priv->directory); - g_warning ("Error monitoring directory %s: %s", dir_name, error->message); - g_free (dir_name); - g_error_free (error); - } - else - { - g_signal_connect (store->priv->directory_monitor, - "changed", - (GCallback) directory_monitor_changed, - store); - } - - if (G_OBJECT_CLASS (polkit_backend_local_authorization_store_parent_class)->constructed != NULL) - G_OBJECT_CLASS (polkit_backend_local_authorization_store_parent_class)->constructed (object); -} - -static void -polkit_backend_local_authorization_store_class_init (PolkitBackendLocalAuthorizationStoreClass *klass) -{ - GObjectClass *gobject_class; - - gobject_class = G_OBJECT_CLASS (klass); - - gobject_class->get_property = polkit_backend_local_authorization_store_get_property; - gobject_class->set_property = polkit_backend_local_authorization_store_set_property; - gobject_class->constructed = polkit_backend_local_authorization_store_constructed; - gobject_class->finalize = polkit_backend_local_authorization_store_finalize; - - g_type_class_add_private (klass, sizeof (PolkitBackendLocalAuthorizationStorePrivate)); - - /** - * PolkitBackendLocalAuthorizationStore:directory: - * - * The directory to watch for authorization files. - */ - g_object_class_install_property (gobject_class, - PROP_DIRECTORY, - g_param_spec_object ("directory", - "Directory", - "The directory to watch for configuration files", - G_TYPE_FILE, - G_PARAM_CONSTRUCT_ONLY | - G_PARAM_READWRITE | - G_PARAM_STATIC_NAME | - G_PARAM_STATIC_BLURB | - G_PARAM_STATIC_NICK)); - - /** - * PolkitBackendLocalAuthorizationStore:extension: - * - * The file extension for files to consider, e.g. <quote>.pkla</quote>. - */ - g_object_class_install_property (gobject_class, - PROP_EXTENSION, - g_param_spec_string ("extension", - "Extension", - "The extension of files to consider", - NULL, - G_PARAM_CONSTRUCT_ONLY | - G_PARAM_READWRITE | - G_PARAM_STATIC_NAME | - G_PARAM_STATIC_BLURB | - G_PARAM_STATIC_NICK)); - - /** - * PolkitBackendConfiguStore::changed: - * @store: A #PolkitBackendLocalAuthorizationStore. - * - * Emitted when configuration files in #PolkitBackendConfiguStore:directory changes. - */ - signals[CHANGED_SIGNAL] = g_signal_new ("changed", - POLKIT_BACKEND_TYPE_LOCAL_AUTHORIZATION_STORE, - G_SIGNAL_RUN_LAST, - G_STRUCT_OFFSET (PolkitBackendLocalAuthorizationStoreClass, changed), - NULL, - NULL, - g_cclosure_marshal_VOID__VOID, - G_TYPE_NONE, - 0); -} - -/** - * polkit_backend_local_authorization_store_new: - * @directory: The directory to watch. - * @extension: The extension of files to consider e.g. <quote>.pkla</quote>. - * - * Creates a new #PolkitBackendLocalAuthorizationStore object that - * reads authorizations from @directory with file extension - * @extension. To watch for configuration changes, connect to the - * #PolkitBackendLocalAuthorizationStore::changed signal. - * - * Returns: A #PolkitBackendLocalAuthorizationStore. Free with - * g_object_unref(). - **/ -PolkitBackendLocalAuthorizationStore * -polkit_backend_local_authorization_store_new (GFile *directory, - const gchar *extension) -{ - PolkitBackendLocalAuthorizationStore *store; - - store = POLKIT_BACKEND_LOCAL_AUTHORIZATION_STORE (g_object_new (POLKIT_BACKEND_TYPE_LOCAL_AUTHORIZATION_STORE, - "directory", directory, - "extension", extension, - NULL)); - - return store; -} - -static void -polkit_backend_local_authorization_store_purge (PolkitBackendLocalAuthorizationStore *store) -{ - gchar *path; - - path = g_file_get_path (store->priv->directory); - g_debug ("Dropping all .pkla caches for directory `%s'", path); - g_free (path); - - g_list_foreach (store->priv->authorizations, (GFunc) local_authorization_free, NULL); - g_list_free (store->priv->authorizations); - store->priv->authorizations = NULL; - - store->priv->has_data = FALSE; -} - -static void -polkit_backend_local_authorization_store_ensure (PolkitBackendLocalAuthorizationStore *store) -{ - GFileEnumerator *enumerator; - GFileInfo *file_info; - GError *error; - GList *files; - GList *l; - - files = NULL; - - if (store->priv->has_data) - goto out; - - polkit_backend_local_authorization_store_purge (store); - - error = NULL; - enumerator = g_file_enumerate_children (store->priv->directory, - "standard::name", - G_FILE_QUERY_INFO_NONE, - NULL, - &error); - if (enumerator == NULL) - { - gchar *dir_name; - dir_name = g_file_get_uri (store->priv->directory); - g_warning ("Error enumerating files in %s: %s", dir_name, error->message); - g_free (dir_name); - g_error_free (error); - goto out; - } - - while ((file_info = g_file_enumerator_next_file (enumerator, NULL, &error)) != NULL) - { - const gchar *name; - - name = g_file_info_get_name (file_info); - - /* only consider files with the appropriate extension */ - if (g_str_has_suffix (name, store->priv->extension) && name[0] != '.') - files = g_list_prepend (files, g_file_get_child (store->priv->directory, name)); - - g_object_unref (file_info); - } - g_object_unref (enumerator); - if (error != NULL) - { - g_warning ("Error enumerating files: %s", error->message); - g_error_free (error); - goto out; - } - - /* process files; highest priority comes first */ - for (l = files; l != NULL; l = l->next) - { - GFile *file = G_FILE (l->data); - gchar *filename; - GKeyFile *key_file; - - filename = g_file_get_path (file); - - key_file = g_key_file_new (); - - error = NULL; - if (!g_key_file_load_from_file (key_file, - filename, - G_KEY_FILE_NONE, - &error)) - { - g_warning ("Error loading key-file %s: %s", filename, error->message); - g_error_free (error); - error = NULL; - g_key_file_free (key_file); - } - else - { - gchar **groups; - guint n; - - groups = g_key_file_get_groups (key_file, NULL); - for (n = 0; groups[n] != NULL; n++) - { - LocalAuthorization *authorization; - - error = NULL; - authorization = local_authorization_new (key_file, filename, groups[n], &error); - if (authorization == NULL) - { - g_warning ("Error parsing group `%s' in file `%s': %s", - groups[n], - filename, - error->message); - g_error_free (error); - } - else - { - store->priv->authorizations = g_list_prepend (store->priv->authorizations, - authorization); - } - } - g_strfreev (groups); - - store->priv->authorizations = g_list_reverse (store->priv->authorizations); - - g_key_file_free (key_file); - } - - g_free (filename); - } - - store->priv->has_data = TRUE; - - out: - g_list_foreach (files, (GFunc) g_object_unref, NULL); - g_list_free (files); -} - -/** - * polkit_backend_local_authorization_store_lookup: - * @store: A #PolkitBackendLocalAuthorizationStore. - * @identity: The identity to check for. - * @action_id: The action id to check for. - * @details: Details for @action. - * @out_result_any: Return location for the result for any subjects if the look up matched. - * @out_result_inactive: Return location for the result for subjects in local inactive sessions if the look up matched. - * @out_result_active: Return location for the result for subjects in local active sessions if the look up matched. - * - * Checks if an authorization entry from @store matches @identity, - * @action_id and @details. May append information to @details if - * found. - * - * Returns: %TRUE if @store has an authorization entry that matches - * @identity, @action_id and @details. Otherwise %FALSE. - */ -gboolean -polkit_backend_local_authorization_store_lookup (PolkitBackendLocalAuthorizationStore *store, - PolkitIdentity *identity, - const gchar *action_id, - PolkitDetails *details, - PolkitImplicitAuthorization *out_result_any, - PolkitImplicitAuthorization *out_result_inactive, - PolkitImplicitAuthorization *out_result_active) -{ - GList *l, *ll; - gboolean ret; - gchar *identity_string; - - g_return_val_if_fail (POLKIT_BACKEND_IS_LOCAL_AUTHORIZATION_STORE (store), FALSE); - g_return_val_if_fail (POLKIT_IS_IDENTITY (identity), FALSE); - g_return_val_if_fail (action_id != NULL, FALSE); - g_return_val_if_fail (POLKIT_IS_DETAILS (details), FALSE); - g_return_val_if_fail (out_result_any != NULL, FALSE); - g_return_val_if_fail (out_result_inactive != NULL, FALSE); - g_return_val_if_fail (out_result_active != NULL, FALSE); - - ret = FALSE; - identity_string = NULL; - - polkit_backend_local_authorization_store_ensure (store); - - for (l = store->priv->authorizations; l != NULL; l = l->next) - { - LocalAuthorization *authorization = l->data; - - /* first match the action */ - for (ll = authorization->action_specs; ll != NULL; ll = ll->next) - { - if (g_pattern_match_string ((GPatternSpec *) ll->data, action_id)) - break; - } - if (ll == NULL) - continue; - - /* then match the identity against identity specs */ - if (identity_string == NULL) - identity_string = polkit_identity_to_string (identity); - for (ll = authorization->identity_specs; ll != NULL; ll = ll->next) - { - if (g_pattern_match_string ((GPatternSpec *) ll->data, identity_string)) - break; - } - - /* if no identity specs matched and identity is a user, match against netgroups */ - if (ll == NULL && POLKIT_IS_UNIX_USER (identity)) - { - PolkitUnixUser *user_identity = POLKIT_UNIX_USER (identity); - const gchar *user_name = polkit_unix_user_get_name (user_identity); - if (!user_name) - continue; - - for (ll = authorization->netgroup_identities; ll != NULL; ll = ll->next) - { - if (innetgr ((const gchar *) ll->data, NULL, user_name, NULL)) - break; - } - } - - if (ll == NULL) - continue; - - /* Yay, a match! However, keep going since subsequent authorization entries may modify the result */ - *out_result_any = authorization->result_any; - *out_result_inactive = authorization->result_inactive; - *out_result_active = authorization->result_active; - ret = TRUE; - - if (details != NULL && authorization->return_value != NULL) - { - GHashTableIter iter; - const gchar *key; - const gchar *value; - - g_hash_table_iter_init (&iter, authorization->return_value); - while (g_hash_table_iter_next (&iter, (gpointer *) &key, (gpointer *) &value)) - { - polkit_details_insert (details, key, value); - } - } - -#if 0 - g_debug ("authorization with id `%s' matched action_id `%s' for identity `%s'", - authorization->id, - action_id, - polkit_identity_to_string (identity)); -#endif - } - - g_free (identity_string); - - return ret; -} diff --git a/src/polkitbackend/polkitbackendlocalauthorizationstore.h b/src/polkitbackend/polkitbackendlocalauthorizationstore.h deleted file mode 100644 index 4f198e9..0000000 --- a/src/polkitbackend/polkitbackendlocalauthorizationstore.h +++ /dev/null @@ -1,86 +0,0 @@ -/* - * Copyright (C) 2008 Red Hat, Inc. - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General - * Public License along with this library; if not, write to the - * Free Software Foundation, Inc., 59 Temple Place, Suite 330, - * Boston, MA 02111-1307, USA. - * - * Author: David Zeuthen <davidz@redhat.com> - */ - -#if !defined (_POLKIT_BACKEND_COMPILATION) || defined(_POLKIT_BACKEND_INSIDE_POLKIT_BACKEND_H) -#error "This is a private header file." -#endif - -#ifndef __POLKIT_BACKEND_LOCAL_AUTHORIZATION_STORE_H -#define __POLKIT_BACKEND_LOCAL_AUTHORIZATION_STORE_H - -#include <glib-object.h> -#include <gio/gio.h> -#include <polkitbackend/polkitbackendtypes.h> - -G_BEGIN_DECLS - -#define POLKIT_BACKEND_TYPE_LOCAL_AUTHORIZATION_STORE (polkit_backend_local_authorization_store_get_type ()) -#define POLKIT_BACKEND_LOCAL_AUTHORIZATION_STORE(o) (G_TYPE_CHECK_INSTANCE_CAST ((o), POLKIT_BACKEND_TYPE_LOCAL_AUTHORIZATION_STORE, PolkitBackendLocalAuthorizationStore)) -#define POLKIT_BACKEND_LOCAL_AUTHORIZATION_STORE_CLASS(k) (G_TYPE_CHECK_CLASS_CAST ((k), POLKIT_BACKEND_TYPE_LOCAL_AUTHORIZATION_STORE, PolkitBackendLocalAuthorizationStoreClass)) -#define POLKIT_BACKEND_LOCAL_AUTHORIZATION_STORE_GET_CLASS(o) (G_TYPE_INSTANCE_GET_CLASS ((o), POLKIT_BACKEND_TYPE_LOCAL_AUTHORIZATION_STORE,PolkitBackendLocalAuthorizationStoreClass)) -#define POLKIT_BACKEND_IS_LOCAL_AUTHORIZATION_STORE(o) (G_TYPE_CHECK_INSTANCE_TYPE ((o), POLKIT_BACKEND_TYPE_LOCAL_AUTHORIZATION_STORE)) -#define POLKIT_BACKEND_IS_LOCAL_AUTHORIZATION_STORE_CLASS(k) (G_TYPE_CHECK_CLASS_TYPE ((k), POLKIT_BACKEND_TYPE_LOCAL_AUTHORIZATION_STORE)) - -typedef struct _PolkitBackendLocalAuthorizationStore PolkitBackendLocalAuthorizationStore; -typedef struct _PolkitBackendLocalAuthorizationStoreClass PolkitBackendLocalAuthorizationStoreClass; -typedef struct _PolkitBackendLocalAuthorizationStorePrivate PolkitBackendLocalAuthorizationStorePrivate; - -struct _PolkitBackendLocalAuthorizationStore -{ - GObject parent_instance; - PolkitBackendLocalAuthorizationStorePrivate *priv; -}; - -struct _PolkitBackendLocalAuthorizationStoreClass -{ - /*< public >*/ - GObjectClass parent_class; - - /* Signals */ - void (*changed) (PolkitBackendLocalAuthorizationStore *store); - - /*< private >*/ - /* Padding for future expansion */ - void (*_polkit_reserved1) (void); - void (*_polkit_reserved2) (void); - void (*_polkit_reserved3) (void); - void (*_polkit_reserved4) (void); - void (*_polkit_reserved5) (void); - void (*_polkit_reserved6) (void); - void (*_polkit_reserved7) (void); - void (*_polkit_reserved8) (void); -}; - -GType polkit_backend_local_authorization_store_get_type (void) G_GNUC_CONST; -PolkitBackendLocalAuthorizationStore *polkit_backend_local_authorization_store_new (GFile *directory, - const gchar *extension); -gboolean polkit_backend_local_authorization_store_lookup (PolkitBackendLocalAuthorizationStore *store, - PolkitIdentity *identity, - const gchar *action_id, - PolkitDetails *details, - PolkitImplicitAuthorization *out_result_any, - PolkitImplicitAuthorization *out_result_inactive, - PolkitImplicitAuthorization *out_result_active); - -G_END_DECLS - -#endif /* __POLKIT_BACKEND_LOCAL_AUTHORIZATION_STORE_H */ - diff --git a/src/polkitbackend/polkitbackendtypes.h b/src/polkitbackend/polkitbackendtypes.h index 2fe36ac..3777991 100644 --- a/src/polkitbackend/polkitbackendtypes.h +++ b/src/polkitbackend/polkitbackendtypes.h @@ -33,9 +33,6 @@ typedef struct _PolkitBackendAuthority PolkitBackendAuthority; struct _PolkitBackendInteractiveAuthority; typedef struct _PolkitBackendInteractiveAuthority PolkitBackendInteractiveAuthority; -struct _PolkitBackendLocalAuthority; -typedef struct _PolkitBackendLocalAuthority PolkitBackendLocalAuthority; - struct _PolkitBackendJsAuthority; typedef struct _PolkitBackendJsAuthority PolkitBackendJsAuthority; diff --git a/test/polkitbackend/Makefile.am b/test/polkitbackend/Makefile.am index 46706d3..bb82dd4 100644 --- a/test/polkitbackend/Makefile.am +++ b/test/polkitbackend/Makefile.am @@ -33,12 +33,6 @@ TEST_PROGS = # ---------------------------------------------------------------------------------------------------- -TEST_PROGS += polkitbackendlocalauthorizationstoretest -polkitbackendlocalauthorizationstoretest_SOURCES = polkitbackendlocalauthorizationstoretest.c - -TEST_PROGS += polkitbackendlocalauthoritytest -polkitbackendlocalauthoritytest_SOURCES = polkitbackendlocalauthoritytest.c - TEST_PROGS += polkitbackendjsauthoritytest polkitbackendjsauthoritytest_SOURCES = test-polkitbackendjsauthority.c diff --git a/test/polkitbackend/polkitbackendlocalauthoritytest.c b/test/polkitbackend/polkitbackendlocalauthoritytest.c deleted file mode 100644 index 40e9619..0000000 --- a/test/polkitbackend/polkitbackendlocalauthoritytest.c +++ /dev/null @@ -1,259 +0,0 @@ -/* - * Copyright (C) 2011 Google Inc. - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General - * Public License along with this library; if not, write to the - * Free Software Foundation, Inc., 59 Temple Place, Suite 330, - * Boston, MA 02111-1307, USA. - * - * Author: Nikki VonHollen <vonhollen@google.com> - */ - -#include "glib.h" - -#include <polkittesthelper.h> -#include <polkit/polkit.h> -#include <polkitbackend/polkitbackendlocalauthority.h> - -#define TEST_CONFIG_PATH "etc/polkit-1/localauthority.conf.d" -#define TEST_AUTH_PATH1 "etc/polkit-1/localauthority" -#define TEST_AUTH_PATH2 "var/lib/polkit-1/localauthority" - -/* Test helper types */ - -struct auth_context { - const gchar *identity; - gboolean subject_is_local; - gboolean subject_is_active; - const gchar *action_id; - PolkitImplicitAuthorization implicit; - PolkitImplicitAuthorization expect; -}; - -static PolkitBackendLocalAuthority *create_authority (void); - - -/* Test implementations */ - -static void -test_check_authorization_sync (const void *_ctx) -{ - const struct auth_context *ctx = (const struct auth_context *) _ctx; - - PolkitBackendLocalAuthority *authority = create_authority (); - - PolkitSubject *caller = polkit_unix_session_new ("caller-session"); - g_assert (caller); - - PolkitSubject *subject = polkit_unix_session_new ("subject-session");; - g_assert (subject); - - GError *error = NULL; - PolkitIdentity *user_for_subject = polkit_identity_from_string (ctx->identity, &error); - g_assert_no_error (error); - g_assert (user_for_subject); - - PolkitDetails *details = polkit_details_new (); - g_assert (details); - - PolkitImplicitAuthorization auth; - - auth = polkit_backend_interactive_authority_check_authorization_sync ( - POLKIT_BACKEND_INTERACTIVE_AUTHORITY (authority), - caller, - subject, - user_for_subject, - ctx->subject_is_local, - ctx->subject_is_active, - ctx->action_id, - details, - ctx->implicit); - - g_assert_cmpint (auth, ==, ctx->expect); - - g_object_unref (authority); - g_object_unref (caller); - g_object_unref (subject); - g_object_unref (user_for_subject); - g_object_unref (details); -} - -static void -test_get_admin_identities (void) -{ - /* Note: The implementation for get_admin_identities is called - * get_admin_auth_identities in PolkitBackendLocalAuthority */ - - PolkitBackendLocalAuthority *authority = create_authority (); - - /* Setup required arguments, but none of their values matter */ - PolkitSubject *caller = polkit_unix_session_new ("caller-session"); - g_assert (caller); - - PolkitSubject *subject = polkit_unix_session_new ("subject-session");; - g_assert (subject); - - GError *error = NULL; - PolkitIdentity *user_for_subject = polkit_identity_from_string ("unix-user:root", &error); - g_assert_no_error (error); - g_assert (user_for_subject); - - PolkitDetails *details = polkit_details_new (); - g_assert (details); - - /* Get the list of PolkitUnixUser objects who are admins */ - GList *result; - result = polkit_backend_interactive_authority_get_admin_identities ( - POLKIT_BACKEND_INTERACTIVE_AUTHORITY (authority), - caller, - subject, - user_for_subject, - "com.example.doesntmatter", - details); - - guint result_len = g_list_length (result); - g_assert_cmpint (result_len, >, 0); - - /* Test against each of the admins in the following list */ - const gchar *expect_admins [] = { - "unix-user:root", - "unix-user:jane", - "unix-user:sally", - "unix-user:henry", - NULL, - }; - - unsigned int i; - for (i = 0; expect_admins[i] != NULL; i++) - { - g_assert_cmpint (i, <, result_len); - - PolkitIdentity *test_identity = POLKIT_IDENTITY (g_list_nth_data (result, i)); - g_assert (test_identity); - - gchar *test_identity_str = polkit_identity_to_string (test_identity); - g_assert_cmpstr (expect_admins[i], ==, test_identity_str); - } -} - - -/* Factory for mock local authority. */ -static PolkitBackendLocalAuthority * -create_authority (void) -{ - gchar *config_path = polkit_test_get_data_path (TEST_CONFIG_PATH); - gchar *auth_path1 = polkit_test_get_data_path (TEST_AUTH_PATH1); - gchar *auth_path2 = polkit_test_get_data_path (TEST_AUTH_PATH2); - gchar *auth_paths = g_strconcat (auth_path1, ";", auth_path2, NULL); - - g_assert (config_path); - g_assert (auth_path1); - g_assert (auth_path2); - g_assert (auth_paths); - - PolkitBackendLocalAuthority *authority = g_object_new ( - POLKIT_BACKEND_TYPE_LOCAL_AUTHORITY, - "config-path", config_path, - "auth-store-paths", auth_paths, - NULL); - - g_free (config_path); - g_free (auth_path1); - g_free (auth_path2); - g_free (auth_paths); - return authority; -} - - -/* Variations of the check_authorization_sync */ -struct auth_context check_authorization_test_data [] = { - /* Test root, john, and jane on action awesomeproduct.foo (all users are ok) */ - {"unix-user:root", TRUE, TRUE, "com.example.awesomeproduct.foo", - POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, - POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED}, - {"unix-user:root", TRUE, FALSE, "com.example.awesomeproduct.foo", - POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, - POLKIT_IMPLICIT_AUTHORIZATION_AUTHENTICATION_REQUIRED}, - {"unix-user:root", FALSE, FALSE, "com.example.awesomeproduct.foo", - POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, - POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED}, - {"unix-user:john", TRUE, TRUE, "com.example.awesomeproduct.foo", - POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, - POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED}, - {"unix-user:jane", TRUE, TRUE, "com.example.awesomeproduct.foo", - POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, - POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED}, - - /* Test root, john, and jane on action restrictedproduct.foo (only root is ok) */ - {"unix-user:root", TRUE, TRUE, "com.example.restrictedproduct.foo", - POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, - POLKIT_IMPLICIT_AUTHORIZATION_AUTHENTICATION_REQUIRED}, - {"unix-user:john", TRUE, TRUE, "com.example.restrictedproduct.foo", - POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, - POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN}, - {"unix-user:jane", TRUE, TRUE, "com.example.restrictedproduct.foo", - POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, - POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN}, - - /* Test root against some missing actions */ - {"unix-user:root", TRUE, TRUE, "com.example.missingproduct.foo", - POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, - POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN}, - - /* Test root, john, and jane against action awesomeproduct.bar - * which uses "unix-netgroup:baz" for auth (john and jane are OK, root is not) */ - {"unix-user:root", TRUE, TRUE, "com.example.awesomeproduct.bar", - POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, - POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN}, - {"unix-user:john", TRUE, TRUE, "com.example.awesomeproduct.bar", - POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, - POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED}, - {"unix-user:jane", TRUE, TRUE, "com.example.awesomeproduct.bar", - POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, - POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED}, - - {NULL}, -}; - - -/* Automatically create many variations of the check_authorization_sync test */ -static void -add_check_authorization_tests (void) { - unsigned int i; - for (i = 0; check_authorization_test_data[i].identity; i++) { - struct auth_context *ctx = &check_authorization_test_data[i]; - gchar *test_name = g_strdup_printf ( - "/PolkitBackendLocalAuthority/check_authorization_sync_%d", i); - g_test_add_data_func (test_name, ctx, test_check_authorization_sync); - } -}; - - -int -main (int argc, char *argv[]) -{ - g_type_init (); - g_test_init (&argc, &argv, NULL); - polkit_test_redirect_logs (); - - // Register extension point only once. Required to create authority. - GIOExtensionPoint *ep = g_io_extension_point_register ( - POLKIT_BACKEND_AUTHORITY_EXTENSION_POINT_NAME); - g_io_extension_point_set_required_type (ep, - POLKIT_BACKEND_TYPE_AUTHORITY); - - add_check_authorization_tests (); - g_test_add_func ("/PolkitBackendJsAuthority/get_admin_identities", test_get_admin_identities); - - return g_test_run (); -}; diff --git a/test/polkitbackend/polkitbackendlocalauthorizationstoretest.c b/test/polkitbackend/polkitbackendlocalauthorizationstoretest.c deleted file mode 100644 index e787c17..0000000 --- a/test/polkitbackend/polkitbackendlocalauthorizationstoretest.c +++ /dev/null @@ -1,139 +0,0 @@ -/* - * Copyright (C) 2011 Google Inc. - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General - * Public License along with this library; if not, write to the - * Free Software Foundation, Inc., 59 Temple Place, Suite 330, - * Boston, MA 02111-1307, USA. - * - * Author: Nikki VonHollen <vonhollen@google.com> - */ - -#include "glib.h" - -#include <polkittesthelper.h> -#include <polkit/polkit.h> -#include <polkitbackend/polkitbackendlocalauthorizationstore.h> - -#define DATA_DIR "etc/polkit-1/localauthority/10-test" -#define DATA_EXT ".pkla" - -static void -test_new (void) -{ - PolkitBackendLocalAuthorizationStore *store; - gchar *data_dir_path; - GFile *data_dir; - - data_dir_path = polkit_test_get_data_path (DATA_DIR); - g_assert (data_dir_path); - - data_dir = g_file_new_for_path (data_dir_path); - g_assert (data_dir); - - g_free (data_dir_path); - - store = polkit_backend_local_authorization_store_new (data_dir, DATA_EXT); - g_assert (store); -} - - -static void -test_lookup (void) -{ - gchar *data_dir_path; - GFile *data_dir; - PolkitBackendLocalAuthorizationStore *store; - GError *error = NULL; - PolkitIdentity *identity; - gboolean ok; - PolkitImplicitAuthorization ret_any; - PolkitImplicitAuthorization ret_inactive; - PolkitImplicitAuthorization ret_active; - PolkitDetails *details; - - // Get auth store path - data_dir_path = polkit_test_get_data_path (DATA_DIR); - g_assert (data_dir_path); - - data_dir = g_file_new_for_path (data_dir_path); - g_assert (data_dir); - - // Create the auth store - store = polkit_backend_local_authorization_store_new (data_dir, DATA_EXT); - g_assert (store); - - // We don't care about details - details = polkit_details_new (); - - // Create an identity to query with - identity = polkit_identity_from_string ("unix-group:users", &error); - g_assert (identity); - g_assert_no_error (error); - - // Lookup an exisiting record - ok = polkit_backend_local_authorization_store_lookup ( - store, - identity, - "com.example.awesomeproduct.foo", - details, - &ret_any, - &ret_inactive, - &ret_active); - g_assert (ok); - g_assert_cmpstr ("no", ==, polkit_implicit_authorization_to_string (ret_any)); - g_assert_cmpstr ("auth_self", ==, polkit_implicit_authorization_to_string (ret_inactive)); - g_assert_cmpstr ("yes", ==, polkit_implicit_authorization_to_string (ret_active)); - - // Create another identity to query with - identity = polkit_identity_from_string ("unix-user:root", &error); - g_assert (identity); - g_assert_no_error (error); - - // Lookup another exisiting record - ok = polkit_backend_local_authorization_store_lookup ( - store, - identity, - "com.example.awesomeproduct.foo", - details, - &ret_any, - &ret_inactive, - &ret_active); - g_assert (ok); - g_assert_cmpstr ("no", ==, polkit_implicit_authorization_to_string (ret_any)); - g_assert_cmpstr ("auth_self", ==, polkit_implicit_authorization_to_string (ret_inactive)); - g_assert_cmpstr ("yes", ==, polkit_implicit_authorization_to_string (ret_active)); - - // Lookup a missing record - ok = polkit_backend_local_authorization_store_lookup ( - store, - identity, - "com.example.restrictedproduct.dobar", - details, - &ret_any, - &ret_inactive, - &ret_active); - g_assert (!ok); -} - - -int -main (int argc, char *argv[]) -{ - g_type_init (); - g_test_init (&argc, &argv, NULL); - polkit_test_redirect_logs (); - g_test_add_func ("/PolkitBackendLocalAuthorizationStore/new", test_new); - g_test_add_func ("/PolkitBackendLocalAuthorizationStore/lookup", test_lookup); - return g_test_run (); -} diff --git a/test/polkitbackend/test-polkitbackendjsauthority.c b/test/polkitbackend/test-polkitbackendjsauthority.c index 948cbc1..24e599e 100644 --- a/test/polkitbackend/test-polkitbackendjsauthority.c +++ b/test/polkitbackend/test-polkitbackendjsauthority.c @@ -346,17 +346,12 @@ add_rules_tests (void) int main (int argc, char *argv[]) { - GIOExtensionPoint *ep; - setlocale (LC_ALL, ""); g_type_init (); g_test_init (&argc, &argv, NULL); //polkit_test_redirect_logs (); - ep = g_io_extension_point_register (POLKIT_BACKEND_AUTHORITY_EXTENSION_POINT_NAME); - g_io_extension_point_set_required_type (ep, POLKIT_BACKEND_TYPE_AUTHORITY); - g_test_add_func ("/PolkitBackendJsAuthority/get_admin_identities", test_get_admin_identities); add_rules_tests (); |