diff --git a/Makefile.am b/Makefile.am index bcc35c54a1951f5c4f32b4a75b5dedd5d9560761..915d689c056102bb9951c72b198e1bbcbf3a1fab 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1,6 +1,6 @@ ## Process this file with automake to produce Makefile.in -SUBDIRS = data src polkitd doc tools policy po test +SUBDIRS = data src doc tools policy po test # Creating ChangeLog from git log (taken from cairo/Makefile.am): ChangeLog: $(srcdir)/ChangeLog diff --git a/README b/README index 0e471d0c8a5692ea93e8dde27869b3a98dd83fac..307df96aecc089d2c055d703334b4a21b9796ddc 100644 --- a/README +++ b/README @@ -12,15 +12,15 @@ documentation, mailing lists, etc. Rationale for permissions/modes for the default backend ------------------------------------------------------- -0770 root:polkituser /var/run/PolicyKit -0770 root:polkituser /var/lib/PolicyKit +0770 root:polkituser /var/run/polkit-1 +0770 root:polkituser /var/lib/polkit-1 We store authorizations for each user here. Since we don't want users to know what authorizations other users has, no one can read these files. However, when checking authorizations we need to be able to read from here; we use this helper -2755 root:polkituser /usr/libexec/polkit-read-auth-helper +2755 root:polkituser /usr/libexec/polkit-read-auth-helper-1 which can read from here since it's setgid 'polkituser'. This helper will refuse to return authorizations for other users than the calling @@ -29,16 +29,16 @@ user except if the calling user is authorized for org.fd.pk.read. We also want to be able to grant authorizations through authentication. That happens with this helper -2755 root:polkituser /usr/libexec/polkit-grant-helper +2755 root:polkituser /usr/libexec/polkit-grant-helper-1 This program is setgid 'polkituser' so it can write files in -/var/{run,lib}/PolicyKit. Note that these files are created with mode +/var/{run,lib}/polkit-1. Note that these files are created with mode 464. To do the actual authentication check when granting authorizations -through authentication, polkit-grant-helper uses another helper +through authentication, polkit-grant-helper-1 uses another helper -4754 root:polkituser /usr/libexec/polkit-grant-helper-pam +4754 root:polkituser /usr/libexec/polkit-grant-helper-pam-1 This one is setuid root because checking authentications might need require that (you may be checking the root password). The reason @@ -48,33 +48,33 @@ can do this. Which polkit-grant-helper is. On to -2755 root:polkituser /libexec/polkit-revoke-helper +2755 root:polkituser /libexec/polkit-revoke-helper-1 This one is used to revoke authorizations. It will only allow uid 0 and users with the org.fd.pk.revoke authorization to do so. It needs to be setgid polkituser to be able to modify authorization files -in /var/{run,lib}/PolicyKit. +in /var/{run,lib}/polkit-1. -2755 root:polkituser /usr/libexec/polkit-explicit-grant-helper +2755 root:polkituser /usr/libexec/polkit-explicit-grant-helper-1 Same story as for polkit-revoke-helper only this grants authorizations. Only allowed for uid 0 and users with the org.fd.pk.grant authorization. On to -0755 polkituser:root /var/lib/PolicyKit-public +0755 polkituser:root /var/lib/polkit-public-1 This is where we store modifications to the defaults. Anyone should be able to read these files. They are created with mode 644. These files are written / modified by this helper -4755 polkituser:root /usr/libexec/polkit-set-default-helper +4755 polkituser:root /usr/libexec/polkit-set-default-helper-1 which is setuid polkituser to be able to write/modify files. On to -4755 root:root /usr/libexec/polkit-resolve-exe-helper +4755 root:root /usr/libexec/polkit-resolve-exe-helper-1 This is used to find the executable name for a process. On Linux this is the /proc//exe symlink and you can only do this for processes you @@ -83,7 +83,7 @@ you but only if you have the org.fd.pk.read authorization. This is important to let e.g. user 'haldaemon' check authorizations for a user requesting service. -0664 polkituser:polkituser /var/lib/misc/PolicyKit.reload +0664 polkituser:polkituser /var/lib/misc/polkit-1.reload This file is used by libpolkit to detect when something has changed (authorizations granted/revoked, defaults changed etc.). It is diff --git a/configure.in b/configure.in index 9876f5c0f60f89c036c70ffad4318fbacaa97a01..128289ccac89c213afd5c333ab5fd8ac46f66fc3 100644 --- a/configure.in +++ b/configure.in @@ -1,8 +1,8 @@ dnl Process this file with autoconf to produce a configure script. AC_PREREQ(2.59c) -AC_INIT(PolicyKit, 0.9, http://lists.freedesktop.org/mailman/listinfo/polkit-devel) -AM_INIT_AUTOMAKE(PolicyKit, 0.9) +AC_INIT(PolicyKit, 0.90, http://lists.freedesktop.org/mailman/listinfo/polkit-devel) +AM_INIT_AUTOMAKE(PolicyKit, 0.90) AM_CONFIG_HEADER(config.h) AM_MAINTAINER_MODE @@ -10,7 +10,7 @@ AM_MAINTAINER_MODE # # See http://sources.redhat.com/autobook/autobook/autobook_91.html#SEC91 for details # -LT_CURRENT=2 +LT_CURRENT=1 LT_REVISION=0 LT_AGE=0 AC_SUBST(LT_CURRENT) @@ -560,16 +560,13 @@ AC_DEFINE_UNQUOTED([GETTEXT_PACKAGE],["$GETTEXT_PACKAGE"],[gettext domain]) AC_OUTPUT([ Makefile data/Makefile -data/polkit -data/polkit.pc -data/polkit-dbus.pc -data/polkit-grant.pc +data/polkit-grant-1 +data/polkit-1.pc +data/polkit-grant-1.pc src/Makefile src/kit/Makefile src/polkit/Makefile -src/polkit-dbus/Makefile src/polkit-grant/Makefile -polkitd/Makefile tools/Makefile doc/Makefile doc/version.xml @@ -641,36 +638,36 @@ if test "${POLKIT_AUTHDB}" = default ; then echo "NOTE: Remember to create user ${POLKIT_USER} and group ${POLKIT_GROUP}" echo " before 'make install'" echo - echo "NOTE: The directories ${localstatedir}/run/PolicyKit and ${localstatedir}/lib/PolicyKit will be" + echo "NOTE: The directories ${localstatedir}/run/polkit-1 and ${localstatedir}/lib/polkit-1 will be" echo " owned by group ${POLKIT_GROUP} and will be mode 770." echo - echo "NOTE: The directory ${localstatedir}/lib/PolicyKit-public will be" + echo "NOTE: The directory ${localstatedir}/lib/polkit-public-1 will be" echo " owned by user ${POLKIT_USER} and will be mode 755." echo - echo "NOTE: The file ${localstatedir}/lib/misc/PolicyKit.reload will be" + echo "NOTE: The file ${localstatedir}/lib/misc/polkit-1.reload will be" echo " owned by user ${POLKIT_USER} and group ${POLKIT_GROUP} and will be mode 664." echo - echo "NOTE: ${libexecdir}/polkit-set-default-helper will be owned by" + echo "NOTE: ${libexecdir}/polkit-set-default-helper-1 will be owned by" echo " user ${POLKIT_USER} and installed with mode 4755 (setuid binary)." echo - echo "NOTE: ${libexecdir}/polkit-read-auth-helper will be owned by" + echo "NOTE: ${libexecdir}/polkit-read-auth-helper-1 will be owned by" echo " group ${POLKIT_GROUP} and installed with mode 2755 (setgid binary)." echo - echo "NOTE: ${libexecdir}/polkit-revoke-helper will be owned by" + echo "NOTE: ${libexecdir}/polkit-revoke-helper-1 will be owned by" echo " group '${POLKIT_GROUP} and installed with mode 2755 (setgid binary)." echo - echo "NOTE: ${libexecdir}/polkit-grant-helper will be owned by" + echo "NOTE: ${libexecdir}/polkit-grant-helper-1 will be owned by" echo " group ${POLKIT_GROUP} and installed with mode 2755 (setgid binary)." echo - echo "NOTE: ${libexecdir}/polkit-explicit-grant-helper will be owned by" + echo "NOTE: ${libexecdir}/polkit-explicit-grant-helper-1 will be owned by" echo " group ${POLKIT_GROUP} and installed with mode 2755 (setgid binary)." echo - echo "NOTE: ${libexecdir}/polkit-grant-helper-pam will be owned by group" + echo "NOTE: ${libexecdir}/polkit-grant-helper-pam-1 will be owned by group" echo " ${POLKIT_GROUP} and installed with mode 4754 (setuid root binary)." fi echo -echo "NOTE: ${libexecdir}/polkit-resolve-exe-helper will be installed with" +echo "NOTE: ${libexecdir}/polkit-resolve-exe-helper-1 will be installed with" echo " mode 4755 (setuid root binary)." echo echo "NOTE: For packaging, remember to retain the modes and ownership." diff --git a/data/Makefile.am b/data/Makefile.am index 8b91bc3bd3fa2d9f86b5c747f5c3d2bdaace38bf..36256099c0151415802eac3911033d0c61df10cc 100644 --- a/data/Makefile.am +++ b/data/Makefile.am @@ -4,33 +4,18 @@ # if POLKIT_AUTHFW_PAM pamdir = $(sysconfdir)/pam.d -pam_DATA = polkit +pam_DATA = polkit-grant-1 endif pkgconfigdir = $(libdir)/pkgconfig -pkgconfig_DATA = polkit.pc polkit-dbus.pc polkit-grant.pc - -confdir = $(sysconfdir)/PolicyKit -conf_DATA = PolicyKit.conf - -dtddir = $(datadir)/PolicyKit -dtd_DATA = config.dtd +pkgconfig_DATA = polkit-1.pc polkit-grant-1.pc dbusifdir = $(datadir)/dbus-1/interfaces -dbusif_DATA = org.freedesktop.PolicyKit.AuthenticationAgent.xml +dbusif_DATA = org.freedesktop.PolicyKit.AuthenticationAgent1.xml -DISTCLEANFILES = polkit.pc polkit-dbus.pc polkit-grant.pc PolicyKit.conf +DISTCLEANFILES = polkit-1.pc polkit-grant-1.pc -EXTRA_DIST = polkit.in polkit.pc.in polkit-dbus.pc.in polkit-grant.pc.in PolicyKit.conf.in config.dtd org.freedesktop.PolicyKit.AuthenticationAgent.xml +EXTRA_DIST = polkit-grant-1.in polkit-1.pc.in polkit-grant-1.pc.in org.freedesktop.PolicyKit.AuthenticationAgent1.xml clean-local : rm -f *~ - -PolicyKit.conf: PolicyKit.conf.in Makefile - $(edit) $< >$@ - -edit = sed \ - -e 's|@docdir[@]|$(docdir)|g' \ - -e 's|@sbindir[@]|$(sbindir)|g' \ - -e 's|@sysconfdir[@]|$(sysconfdir)|g' \ - -e 's|@datadir[@]|$(datadir)|g' diff --git a/data/PolicyKit.conf.in b/data/PolicyKit.conf.in deleted file mode 100644 index 581dd9c28e7f92bea74389bf2fb931c0d4f053a4..0000000000000000000000000000000000000000 --- a/data/PolicyKit.conf.in +++ /dev/null @@ -1,9 +0,0 @@ - - - - - - - - diff --git a/data/config.dtd b/data/config.dtd deleted file mode 100644 index 64358e997c7a8eb258e6b330bd8f343e2be511d0..0000000000000000000000000000000000000000 --- a/data/config.dtd +++ /dev/null @@ -1,18 +0,0 @@ - - - - - - - - - - - diff --git a/data/org.freedesktop.PolicyKit.AuthenticationAgent.xml b/data/org.freedesktop.PolicyKit.AuthenticationAgent1.xml similarity index 99% rename from data/org.freedesktop.PolicyKit.AuthenticationAgent.xml rename to data/org.freedesktop.PolicyKit.AuthenticationAgent1.xml index 9101d199dbaa394f72be86f5108420561ab904cd..bf692aa2585ed2e3ea3e0577a56e89ca1d78bd35 100644 --- a/data/org.freedesktop.PolicyKit.AuthenticationAgent.xml +++ b/data/org.freedesktop.PolicyKit.AuthenticationAgent1.xml @@ -4,7 +4,7 @@ - + diff --git a/data/polkit-1.pc.in b/data/polkit-1.pc.in new file mode 100644 index 0000000000000000000000000000000000000000..5bc073cb4a2a31e46f1615b804152848c76f3579 --- /dev/null +++ b/data/polkit-1.pc.in @@ -0,0 +1,12 @@ +prefix=@prefix@ +exec_prefix=@exec_prefix@ +libdir=@libdir@ +includedir=@includedir@ +policydir=@datarootdir@/polkit-1/policy/ +actiondir=@datarootdir@/polkit-1/policy/ + +Name: polkit +Description: Authorization API +Version: @VERSION@ +Libs: -L${libdir} -lpolkit-1 +Cflags: -I${includedir}/polkit-1 diff --git a/data/polkit-dbus.pc.in b/data/polkit-dbus.pc.in deleted file mode 100644 index db8b554aed58a8186cf959ab9c967da5a64ca3d8..0000000000000000000000000000000000000000 --- a/data/polkit-dbus.pc.in +++ /dev/null @@ -1,11 +0,0 @@ -prefix=@prefix@ -exec_prefix=@exec_prefix@ -libdir=@libdir@ -includedir=@includedir@ - -Name: polkit-dbus -Description: helper library for obtaining seat, session and caller information via D-Bus and ConsoleKit -Version: @VERSION@ -Requires: polkit dbus-1 -Libs: -L${libdir} -lpolkit-dbus -Cflags: -I${includedir}/PolicyKit diff --git a/data/polkit.in b/data/polkit-grant-1.in similarity index 100% rename from data/polkit.in rename to data/polkit-grant-1.in diff --git a/data/polkit-grant-1.pc.in b/data/polkit-grant-1.pc.in new file mode 100644 index 0000000000000000000000000000000000000000..5d753822ccc425efb32fa3cfe5b11cda1975df83 --- /dev/null +++ b/data/polkit-grant-1.pc.in @@ -0,0 +1,11 @@ +prefix=@prefix@ +exec_prefix=@exec_prefix@ +libdir=@libdir@ +includedir=@includedir@ + +Name: polkit-grant-1 +Description: Library for obtaining authorizations through authentication +Version: @VERSION@ +Requires: polkit-1 +Libs: -L${libdir} -lpolkit-grant-1 +Cflags: -I${includedir}/polkit-1 diff --git a/data/polkit-grant.pc.in b/data/polkit-grant.pc.in deleted file mode 100644 index 6055f7261c4c79cd8cc7ca941d35abd50439ba35..0000000000000000000000000000000000000000 --- a/data/polkit-grant.pc.in +++ /dev/null @@ -1,11 +0,0 @@ -prefix=@prefix@ -exec_prefix=@exec_prefix@ -libdir=@libdir@ -includedir=@includedir@ - -Name: polkit-grant -Description: library for obtaining privileges via PolicyKit -Version: @VERSION@ -Requires: glib-2.0 polkit -Libs: -L${libdir} -lpolkit-grant -Cflags: -I${includedir}/PolicyKit diff --git a/data/polkit.pc.in b/data/polkit.pc.in deleted file mode 100644 index cf94447efd876bee03d1d1c15311255d42260c0e..0000000000000000000000000000000000000000 --- a/data/polkit.pc.in +++ /dev/null @@ -1,11 +0,0 @@ -prefix=@prefix@ -exec_prefix=@exec_prefix@ -libdir=@libdir@ -includedir=@includedir@ -policydir=@datarootdir@/PolicyKit/policy/ - -Name: polkit -Description: library for querying system-wide policy -Version: @VERSION@ -Libs: -L${libdir} -lpolkit -Cflags: -I${includedir}/PolicyKit diff --git a/doc/Makefile.am b/doc/Makefile.am index d395b71870aef9f15b75bade1e0e70e5cfa90872..4064815b8f3301169ad2871b966bd83264573210 100644 --- a/doc/Makefile.am +++ b/doc/Makefile.am @@ -7,7 +7,7 @@ NULL = AUTOMAKE_OPTIONS = 1.7 # The name of the module. -DOC_MODULE=polkit +DOC_MODULE=polkit-1 # The top-level SGML file. DOC_MAIN_SGML_FILE=polkit-docs.xml @@ -51,17 +51,15 @@ MKDB_OPTIONS=--sgml-mode --output-format=xml MKTMPL_OPTIONS= # Non-autogenerated SGML files to be included in $(DOC_MAIN_SGML_FILE) -content_files = \ - version.xml \ - man/PolicyKit.xml \ - man/PolicyKit.conf.xml \ - man/polkit-auth.xml \ - man/polkit-action.xml \ - man/polkit-policy-file-validate.xml \ - man/polkit-config-file-validate.xml \ - spec/polkit-spec-configuration.xml \ - spec/polkit-spec-introduction.xml \ - spec/polkit-spec-model.xml \ +content_files = \ + version.xml \ + man/PolicyKit.xml \ + man/polkit-auth.xml \ + man/polkit-action.xml \ + man/polkit-policy-file-validate.xml \ + spec/polkit-spec-configuration.xml \ + spec/polkit-spec-introduction.xml \ + spec/polkit-spec-model.xml \ $(NULL) # Images to copy into HTML directory diff --git a/doc/man/Makefile.am b/doc/man/Makefile.am index 51db9b610398f2f2ef53d9868c71153a159f6d6c..76c53f3018f674795063c0f7782c04b4eb40aeba 100644 --- a/doc/man/Makefile.am +++ b/doc/man/Makefile.am @@ -1,23 +1,19 @@ if MAN_PAGES_ENABLED -man_MANS = polkit-auth.1 \ - polkit-action.1 \ - polkit-config-file-validate.1 \ - polkit-policy-file-validate.1 \ - PolicyKit.conf.5 \ - PolicyKit.8 +man_MANS = polkit-auth-1.1 \ + polkit-action-1.1 \ + polkit-policy-file-validate-1.1 \ + PolicyKit-1.8 -%.1 %.5 %.8 : %.xml +%-1.1 %-1.8 : %.xml $(XSLTPROC) -nonet http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl $< endif # MAN_PAGES_ENABLED -EXTRA_DIST= PolicyKit.conf.xml \ - PolicyKit.xml \ - polkit-config-file-validate.xml \ - polkit-auth.xml \ - polkit-action.xml \ +EXTRA_DIST= PolicyKit.xml \ + polkit-auth.xml \ + polkit-action.xml \ polkit-policy-file-validate.xml clean-local: diff --git a/doc/man/PolicyKit.conf.xml b/doc/man/PolicyKit.conf.xml deleted file mode 100644 index 52ddbdd398ecce9cdccdf476265abdcf147aab27..0000000000000000000000000000000000000000 --- a/doc/man/PolicyKit.conf.xml +++ /dev/null @@ -1,388 +0,0 @@ - - - PolicyKit.conf - August 2007 - PolicyKit - - - - PolicyKit.conf - 5 - - - - - PolicyKit.conf - PolicyKit configuration file - - - DESCRIPTION - - The /etc/PolicyKit/PolicyKit.conf - configuration file provides a way for system administrators to - override policy for mechanisms that use the PolicyKit library to - determine whether a caller is allowed to use the mechanism. - - - - Changes to this configuration file are immediately propagated to - running processes using the PolicyKit library. If the - configuration file is invalid, processes using this library will - log this fact to the system logger and the library will only - only return no as the answer to processes - using it. - - - - The polkit-config-file-validate1 - tool can be used to verify that the configuration file is - valid. - - - - - FILE FORMAT - - The configuration file is an XML document. It must have the - following doctype declaration: - - - - -]]> - - - - The following elements may be present in the configuration file: - - - - config - - This is the root element. A single - attribute version must be present and - must be set to "0.1" at this point. There can only be one - config element in the configuration file. - - - - - match - - This element is for matching information related to the - decision making process and includes values describing both - the caller and the action. This element can be embedded in - both config and - other match elements (hence allowing for - nested matching). - - - There can only be a single attribute in - each match element and POSIX Extended - Regular Expression syntax are supported in the value part. The - following attributes are supported: - - - - - user - - - This matches on the users login name. - - - - - - action - - - For matching on the given action being queried for, for - example - action="org.foo.*" will match - on all actions whose action identifier begins with - the string "org.foo.". - - - - - - - - - return - - This element is for used to specify what result the PolicyKit - library will return. It can only be embedded in - config and match - elements and can embed no elements - itself. The return element is - typically used deeply inside a number - of match elements. A single attribute, - result is supported and it can assume - the following values: - - - - - no - - - Access denied. - - - - - - auth_self - - - Access denied, but authentication of the caller as - himself will grant access to only that caller. - - - - - - auth_self_keep_session - - - Access denied, but authentication of the caller as - himself will grant access to any caller in the - session of the caller belongs to. - - - - - - auth_self_keep_always - - - Access denied, but authentication of the caller as - himself will grant access any caller with the given - uid in the future. - - - - - - auth_admin - - - Access denied, but authentication of the caller as - an administrative user will grant access to only - that caller. - - - - - - auth_admin_keep_session - - - Access denied, but authentication of the caller as - an administrative user will grant access to any caller - in the session of the caller belongs to. - - - - - - auth_admin_keep_always - - - Access denied, but authentication of the caller as - an administrative user will grant access any caller - with the given uid in the future. - - - - - - yes - - - Access granted. - - - - - - - - - define_admin_auth - - This element is used to specify the meaning of - "authenticate as administrator". It - is normally used at the top-level but can also be used - deep inside a number of - match elements for conditional - behavior. - - - - There can only be a single attribute in - each define_admin_auth element. POSIX - Extended Regular Expression syntax - is not supported in the value part, - however multiple values to match on can be separated with - the bar (|) character. The following attributes are - supported: - - - - - user - - - Administrator authentication means authenticate as - the given user(s). If - no define_admin_auth element is - given, the default is to - use user="root" - e.g. administrator authentication mean authenticate - as the super user. - - - - - - group - - - Administrator authentication means that any user in - the groups matching the given value can be used to - authenticate. Typically, on a system with the root - account disabled one wants to use something like - group="wheel" to e.g. enable - all UNIX users in the UNIX group - wheel to be able to - authentication whenever administrator authentication - is required. - - - - - - - - - - - EXAMPLES - - For brevity, the standard XML and DOCTYPE headers as well as - the top-level config are omitted in the - following configuration file examples. The actions used may - also be fictional, - use polkit-action1, - to learn about the actions available on your system. - - - - ALLOW EVERYTHING - - The users "davidz" and "bateman" are allowed to do any - action: - - - - - -]]> - - - - - MOUNTING FIXED DRIVES - - Suppose the - action org.freedesktop.hal.storage.mount-fixed - is used to determine whether mounting internal hard drives - are allowed. Then this configuration file - - - - - - - - - - - -]]> - - - specifies that user "davidz" is always allowed to do the - action, while user "freddy" is never allowed to do the - action. Other users will be subject to the defaults - results specified in the .policy file - describing the action. - - - - - AVOIDING THE ROOT PASSWORD - - Suppose the group wheel contains the - users on a system who are allowed to carry out administrative - tasks (ie. tasks that would usually require the root password) - on a system where the root account is disabled. Then - - - -]]> - - - can be used to specify that users in said group can - authenticate using their own password in instances where the - system would normally prompt for the root password. - - - - - - - AUTHOR - - Written by David Zeuthen david@fubar.dk with - a lot of help from many others. - - - - - BUGS - - Please send bug reports to either the distribution or the - hal mailing list, - see . - to subscribe. - - - - - SEE ALSO - - - PolicyKit8 - , - - polkit-config-file-validate1 - , - - polkit-action1 - , - - polkit-auth1 - - - - diff --git a/doc/man/PolicyKit.xml b/doc/man/PolicyKit.xml index 23b11d6466d171cc58e1b307edf0357bd6d1bb48..071f0b38acf4d9aeb9bfc638237a1af8c9791330 100644 --- a/doc/man/PolicyKit.xml +++ b/doc/man/PolicyKit.xml @@ -1,19 +1,19 @@ - + - PolicyKit + PolicyKit-1 August 2007 - PolicyKit + PolicyKit-1 - PolicyKit + PolicyKit-1 8 - PolicyKit - Centralized policy management + PolicyKit-1 + Authorization API DESCRIPTION @@ -42,8 +42,8 @@ BUGS Please send bug reports to either the distribution or the - hal mailing list, - see . + polkit-devel mailing list, + see . to subscribe. @@ -52,13 +52,10 @@ SEE ALSO - PolicyKit.conf5 + polkit-action-11 , - polkit-action1 - , - - polkit-auth1 + polkit-auth-11 diff --git a/doc/man/polkit-action.xml b/doc/man/polkit-action.xml index 3d1cc290a8c54d4b455adfde1e941f0563bdc6bf..629d7ea578e65ab47658fcc1b0d1f2ee48d34c14 100644 --- a/doc/man/polkit-action.xml +++ b/doc/man/polkit-action.xml @@ -1,24 +1,24 @@ - + - polkit-action + polkit-action-1 August 2007 - PolicyKit + PolicyKit-1 - polkit-action + polkit-action-1 1 - polkit-action + polkit-action-1 List and modify registered PolicyKit actions - polkit-action + polkit-action-1 @@ -33,7 +33,7 @@ DESCRIPTION - polkit-action is used to list and modify the PolicyKit actions + polkit-action-1 is used to list and modify the PolicyKit actions that are registered on the system. @@ -174,8 +174,8 @@ BUGS Please send bug reports to either the distribution or the - hal mailing list, - see . + polkit-devel mailing list, + see . to subscribe. @@ -187,10 +187,7 @@ PolicyKit8 , - PolicyKit.conf5 - , - - polkit-auth1 + polkit-auth-11 diff --git a/doc/man/polkit-auth.xml b/doc/man/polkit-auth.xml index 8a4735f7bb1acbd8102907cbadad39705fc3dcd8..bea49f5e5414ce32c2f447610e375e3a9eb5f50c 100644 --- a/doc/man/polkit-auth.xml +++ b/doc/man/polkit-auth.xml @@ -1,24 +1,24 @@ - + - polkit-auth + polkit-auth-1 August 2007 - PolicyKit + PolicyKit-1 - polkit-auth + polkit-auth-1 1 - polkit-auth + polkit-auth-1 Manage authorizations - polkit-auth + polkit-auth-1 @@ -34,7 +34,7 @@ DESCRIPTION - polkit-auth is used to inspect, obtain, grant and revoke + polkit-auth-1 is used to inspect, obtain, grant and revoke PolicyKit authorizations. If invoked without any options, the authorizations of the calling process will be printed. @@ -73,7 +73,7 @@ POLKIT_AUTH_FORCE_TEXT is set. If the environment variable POLKIT_AUTH_GRANT_TO_PID is set, the authorization will be granted to that process id instead of the invoking process - (e.g. the shell from which polkit-auth is launched). + (e.g. the shell from which polkit-auth-1 is launched). @@ -308,7 +308,7 @@ bash1 - shell. For completion to properly work for polkit-auth, + shell. For completion to properly work for polkit-auth-1, arguments should be entered in the order specified in this manual page; for example. should be specified before to complete only on @@ -323,8 +323,8 @@ BUGS Please send bug reports to either the distribution or the - hal mailing list, - see . + polkit-devel mailing list, + see . to subscribe. @@ -333,13 +333,10 @@ SEE ALSO - PolicyKit8 + PolicyKit-18 , - PolicyKit.conf5 - , - - polkit-action1 + polkit-action-11 diff --git a/doc/man/polkit-config-file-validate.xml b/doc/man/polkit-config-file-validate.xml deleted file mode 100644 index a9bbb80ad40646c7f3b4983447b7a5498c994269..0000000000000000000000000000000000000000 --- a/doc/man/polkit-config-file-validate.xml +++ /dev/null @@ -1,96 +0,0 @@ - - - polkit-config-file-validate - August 2007 - PolicyKit - - - - polkit-config-file-validate - 1 - - - - - polkit-config-file-validate - Validate a PolicyKit configuration file - - - - - polkit-config-file-validate [/path/to/config/file] - - - - - - - DESCRIPTION - - polkit-config-file-validate is used to verify that a given - PolicyKit configuration file is valid. If no path to a - config file is given, the default - /etc/PolicyKit/PolicyKit.conf file - will be verified. - - - - The typical role of this tool is to verify a configuration - file before deploying it on one or more machines. - - - - This program exit with exit code 0 if the configuration file - is valid. If not, the program exits with a non-zero exit - code. - - - - - OPTIONS - - - - - - Show version and exit. - - - - - - - - - Show usage information and exit. - - - - - - - - BUGS - - Please send bug reports to either the distribution or the - hal mailing list, - see . - to subscribe. - - - - - SEE ALSO - - - PolicyKit8 - , - - PolicyKit.conf5 - , - - polkit-policy-file-validate1 - - - - diff --git a/doc/man/polkit-policy-file-validate.xml b/doc/man/polkit-policy-file-validate.xml index 7fb55f0bc70d5445bf12dd557f07d68a98a2a8e3..61a17e2d78b055798a45e4f2e74bdc03bb46f1c3 100644 --- a/doc/man/polkit-policy-file-validate.xml +++ b/doc/man/polkit-policy-file-validate.xml @@ -1,24 +1,24 @@ - + - polkit-policy-file-validate + polkit-policy-file-validate-1 August 2007 - PolicyKit + PolicyKit-1 - polkit-policy-file-validate + polkit-policy-file-validate-1 1 - polkit-policy-file-validate + polkit-policy-file-validate-1 Validate a PolicyKit policy file - polkit-policy-file-validate policy-files + polkit-policy-file-validate-1 policy-files @@ -27,7 +27,7 @@ DESCRIPTION - polkit-policy-file-validate is used to verify that one or + polkit-policy-file-validate-1 is used to verify that one or more PolicyKit .policy files are valid. @@ -72,8 +72,8 @@ BUGS Please send bug reports to either the distribution or the - hal mailing list, - see . + polkit-devel mailing list, + see . to subscribe. @@ -82,14 +82,8 @@ SEE ALSO - PolicyKit8 + PolicyKit-18 , - - PolicyKit.conf5 - , - - polkit-config-file-validate1 - diff --git a/doc/polkit-docs.xml b/doc/polkit-docs.xml index 5673bb343e050ba71cb4cc4d8ced203f69956a58..91e0becc3541bfdf0e1fc3056280fe415342045c 100644 --- a/doc/polkit-docs.xml +++ b/doc/polkit-docs.xml @@ -91,7 +91,7 @@ - + diff --git a/policy/Makefile.am b/policy/Makefile.am index 96941d0b5bd27c5329891d9f2c8401e5b1f8693c..d062a8e66c55f906b5fdb32b882e10e786bdb6d4 100644 --- a/policy/Makefile.am +++ b/policy/Makefile.am @@ -1,12 +1,12 @@ -polkit_policydir = $(datadir)/PolicyKit/policy +polkit_actiondir = $(datadir)/polkit-1/actions -dist_polkit_policy_DATA = org.freedesktop.policykit.policy +dist_polkit_action_DATA = org.freedesktop.policykit.policy @INTLTOOL_POLICY_RULE@ check: - $(top_builddir)/tools/polkit-policy-file-validate $(top_srcdir)/policy/$(dist_polkit_policy_DATA) + $(top_builddir)/tools/polkit-policy-file-validate-1 $(top_srcdir)/policy/$(dist_polkit_action_DATA) clean-local : rm -f *~ diff --git a/src/Makefile.am b/src/Makefile.am index 02554f1503e2e4c831cb6afca41beb5889cdce6c..5e2267f1070e9d38dbe6da3f8301bb29ecb08c4b 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -1,5 +1,5 @@ -SUBDIRS = kit polkit polkit-dbus polkit-grant +SUBDIRS = kit polkit polkit-grant clean-local : rm -f *~ diff --git a/src/polkit-dbus/Makefile.am b/src/polkit-dbus/Makefile.am deleted file mode 100644 index 4166f989bb17c52b767fe21c738259c73946427b..0000000000000000000000000000000000000000 --- a/src/polkit-dbus/Makefile.am +++ /dev/null @@ -1,125 +0,0 @@ -## Process this file with automake to produce Makefile.in - -INCLUDES = \ - -I$(top_builddir)/src -I$(top_srcdir)/src \ - -DPACKAGE_LIBEXEC_DIR=\""$(libexecdir)"\" \ - -DPACKAGE_SYSCONF_DIR=\""$(sysconfdir)"\" \ - -DPACKAGE_DATA_DIR=\""$(datadir)"\" \ - -DPACKAGE_BIN_DIR=\""$(bindir)"\" \ - -DPACKAGE_LOCALSTATE_DIR=\""$(localstatedir)"\" \ - -DPACKAGE_LOCALE_DIR=\""$(localedir)"\" \ - -DPACKAGE_LIB_DIR=\""$(libdir)"\" \ - -D_POSIX_PTHREAD_SEMANTICS -D_REENTRANT \ - -DPOLKIT_COMPILATION \ - @DBUS_CFLAGS@ - -lib_LTLIBRARIES=libpolkit-dbus.la - -libpolkit_dbusincludedir=$(includedir)/PolicyKit/polkit-dbus - -libpolkit_dbusinclude_HEADERS = \ - polkit-dbus.h \ - polkit-simple.h - -libpolkit_dbus_la_SOURCES = \ - polkit-dbus.h polkit-dbus.c \ - polkit-simple.h polkit-simple.c - -libpolkit_dbus_la_LIBADD = @DBUS_LIBS@ $(top_builddir)/src/kit/libkit.la $(top_builddir)/src/polkit/libpolkit.la $(SELINUX_LIBS) - -if POLKIT_BUILD_TESTS -libpolkit_dbus_la_LDFLAGS = -version-info $(LT_CURRENT):$(LT_REVISION):$(LT_AGE) @R_DYNAMIC_LDFLAG@ -else -libpolkit_dbus_la_LDFLAGS = -version-info $(LT_CURRENT):$(LT_REVISION):$(LT_AGE) @R_DYNAMIC_LDFLAG@ \ - -export-dynamic -no-undefined -export-symbols-regex '^polkit_.*' -endif - -libexec_PROGRAMS = polkit-resolve-exe-helper - -polkit_resolve_exe_helper_SOURCES = polkit-resolve-exe-helper.c -polkit_resolve_exe_helper_CFLAGS = @DBUS_CFLAGS@ -polkit_resolve_exe_helper_LDADD = $(top_builddir)/src/kit/libkit.la $(top_builddir)/src/polkit/libpolkit.la libpolkit-dbus.la - -if POLKIT_AUTHDB_DEFAULT -libexec_PROGRAMS += polkit-read-auth-helper polkit-set-default-helper - -polkit_read_auth_helper_SOURCES = polkit-read-auth-helper.c -polkit_read_auth_helper_CFLAGS = @DBUS_CFLAGS@ -polkit_read_auth_helper_LDADD = $(top_builddir)/src/kit/libkit.la $(top_builddir)/src/polkit/libpolkit.la libpolkit-dbus.la - -polkit_set_default_helper_SOURCES = polkit-set-default-helper.c -polkit_set_default_helper_CFLAGS = @DBUS_CFLAGS@ -polkit_set_default_helper_LDADD = $(top_builddir)/src/kit/libkit.la $(top_builddir)/src/polkit/libpolkit.la libpolkit-dbus.la - -# polkit-read-auth-helper needs to be setgid $POLKIT_GROUP to be able -# to read authorization files in /var/lib/PolicyKit and -# /var/run/PolicyKit -# -# polkit-set-default-helper needs to be setuid $POLKIT_USER to be able -# to write .defaults-override files in /var/lib/PolicyKit-public -# -# polkit-resolve-exe-helper needs to be setuid root to be able to resolve -# /proc/$pid/exe symlinks. -# -install-exec-hook: - -chgrp $(POLKIT_GROUP) $(DESTDIR)$(libexecdir)/polkit-read-auth-helper - -chmod 2755 $(DESTDIR)$(libexecdir)/polkit-read-auth-helper - -chown $(POLKIT_USER) $(DESTDIR)$(libexecdir)/polkit-set-default-helper - -chmod 4755 $(DESTDIR)$(libexecdir)/polkit-set-default-helper - -chmod 4755 $(DESTDIR)$(libexecdir)/polkit-resolve-exe-helper -else -install-exec-hook: - -chmod 4755 $(DESTDIR)$(libexecdir)/polkit-resolve-exe-helper -endif - - -## note that TESTS has special meaning (stuff to use in make check) -## so if adding tests not to be run in make check, don't add them to -## TESTS -if KIT_BUILD_TESTS -TESTS_ENVIRONMENT= -TESTS=polkit-dbus-test - -check_PROGRAMS=$(TESTS) - -polkit_dbus_test_SOURCES= \ - polkit-dbus-test.h polkit-dbus-test.c - -polkit_dbus_test_LDADD=$(top_builddir)/src/polkit-dbus/libpolkit-dbus.la -polkit_dbus_test_LDFLAGS= - -if KIT_GCOV_ENABLED -clean-gcov: - rm -f *.gcov .libs/*.gcda *.gcda - -.PHONY: coverage-report.txt covered-files.txt - -covered-files.txt : - echo $(addprefix src/polkit-dbus/,$(filter %.c,$(libpolkit_dbus_la_SOURCES))) > covered-files.txt -if POLKIT_AUTHDB_DEFAULT - echo src/polkit-dbus/polkit-read-auth-helper.c >> covered-files.txt -endif - -coverage-report.txt : covered-files.txt clean-gcov all check - gcov $(filter %.c,$(libpolkit_dbus_la_SOURCES)) -o .libs/ > /dev/null -if POLKIT_AUTHDB_DEFAULT - gcov polkit-read-auth-helper.c -o .libs/ > /dev/null -endif - $(top_srcdir)/test/create-coverage-report.sh "module polkit-dbus" `cat covered-files.txt` > coverage-report.txt - -check-coverage : coverage-report.txt - cat coverage-report.txt -else -coverage-report.txt: - @echo "Need to reconfigure with --enable-gcov" - -check-coverage: - @echo "Need to reconfigure with --enable-gcov" -endif - -else -TESTS= -endif - -clean-local : - rm -f *~ *.bb *.bbg *.da *.gcov .libs/*.da .libs/*.bbg diff --git a/src/polkit-dbus/polkit-dbus-test.c b/src/polkit-dbus/polkit-dbus-test.c deleted file mode 100644 index e5bde67aa434e2e5fade212a9eed31180cec950d..0000000000000000000000000000000000000000 --- a/src/polkit-dbus/polkit-dbus-test.c +++ /dev/null @@ -1,63 +0,0 @@ -/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */ -/*************************************************************************** - * - * polkit-dbus-test.c : polkit-dbus tests - * - * Copyright (C) 2007 David Zeuthen, - * - * Permission is hereby granted, free of charge, to any person - * obtaining a copy of this software and associated documentation - * files (the "Software"), to deal in the Software without - * restriction, including without limitation the rights to use, copy, - * modify, merge, publish, distribute, sublicense, and/or sell copies - * of the Software, and to permit persons to whom the Software is - * furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be - * included in all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, - * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF - * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND - * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT - * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, - * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, - * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER - * DEALINGS IN THE SOFTWARE. - * - **************************************************************************/ - -#include -#include -#include -#include -#include - -#define MAX_TESTS 64 - -/** - * SECTION:polkit-dbus-test - * @short_description: Testing code for libpolkit-dbus - * - * Testing code for libpolkit-dbus - */ - -static KitTest *tests[] = { - &_test_polkit_dbus, -}; - -int -main (int argc, char *argv[]) -{ - /* Some of the code will log to syslog because .policy files - * etc. may be malformed. Since this will open a socket to the - * system logger preempt this so the fd-leak checking don't - * freak out. - */ - syslog (LOG_INFO, "libpolkit-dbus: initiating test; bogus alerts may be written to syslog"); - - if (kit_test_run (tests, sizeof (tests) / sizeof (KitTest*))) - return 0; - else - return 1; -} diff --git a/src/polkit-dbus/polkit-dbus-test.h b/src/polkit-dbus/polkit-dbus-test.h deleted file mode 100644 index 59e482d2426d6272f6145de96a4c53ef3da869da..0000000000000000000000000000000000000000 --- a/src/polkit-dbus/polkit-dbus-test.h +++ /dev/null @@ -1,47 +0,0 @@ -/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */ -/*************************************************************************** - * - * polkit-dbus-test.h : polkit-dbus tests - * - * Copyright (C) 2007 David Zeuthen, - * - * Permission is hereby granted, free of charge, to any person - * obtaining a copy of this software and associated documentation - * files (the "Software"), to deal in the Software without - * restriction, including without limitation the rights to use, copy, - * modify, merge, publish, distribute, sublicense, and/or sell copies - * of the Software, and to permit persons to whom the Software is - * furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be - * included in all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, - * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF - * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND - * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT - * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, - * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, - * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER - * DEALINGS IN THE SOFTWARE. - * - **************************************************************************/ - -#if !defined (POLKIT_COMPILATION) -#error "polkit-dbus-test.h is a private file" -#endif - -#ifndef POLKIT_DBUS_TEST_H -#define POLKIT_DBUS_TEST_H - -#include - -POLKIT_BEGIN_DECLS - -extern KitTest _test_polkit_dbus; - -POLKIT_END_DECLS - -#endif /* POLKIT_DBUS_TEST_H */ - - diff --git a/src/polkit-grant/Makefile.am b/src/polkit-grant/Makefile.am index 18f9b6e6442163739f6f5d87dcad49b1152d7aa2..87c821bfdd494a906913565c67eea1203aa991b8 100644 --- a/src/polkit-grant/Makefile.am +++ b/src/polkit-grant/Makefile.am @@ -13,32 +13,32 @@ INCLUDES = \ -DPOLKIT_COMPILATION \ @GLIB_CFLAGS@ @DBUS_CFLAGS@ -lib_LTLIBRARIES=libpolkit-grant.la +lib_LTLIBRARIES=libpolkit-grant-1.la -libpolkit_grantincludedir=$(includedir)/PolicyKit/polkit-grant +libpolkit_grant_1includedir=$(includedir)/polkit-1/polkit-grant -libpolkit_grantinclude_HEADERS = \ +libpolkit_grant_1include_HEADERS = \ polkit-grant.h -libpolkit_grant_la_SOURCES = \ +libpolkit_grant_1_la_SOURCES = \ polkit-grant.h polkit-grant.c if POLKIT_AUTHDB_DUMMY -libpolkit_grant_la_SOURCES += polkit-authorization-db-dummy-write.c +libpolkit_grant_1_la_SOURCES += polkit-authorization-db-dummy-write.c endif if POLKIT_AUTHDB_DEFAULT -libpolkit_grant_la_SOURCES += polkit-authorization-db-write.c +libpolkit_grant_1_la_SOURCES += polkit-authorization-db-write.c endif -libpolkit_grant_la_LIBADD = @GLIB_LIBS@ @DBUS_LIBS@ $(top_builddir)/src/kit/libkit.la $(top_builddir)/src/polkit/libpolkit.la +libpolkit_grant_1_la_LIBADD = @GLIB_LIBS@ @DBUS_LIBS@ $(top_builddir)/src/kit/libkit.la $(top_builddir)/src/polkit/libpolkit-1.la if POLKIT_BUILD_TESTS -libpolkit_grant_la_LDFLAGS = -version-info $(LT_CURRENT):$(LT_REVISION):$(LT_AGE) @R_DYNAMIC_LDFLAG@ +libpolkit_grant_1_la_LDFLAGS = -version-info $(LT_CURRENT):$(LT_REVISION):$(LT_AGE) @R_DYNAMIC_LDFLAG@ else -libpolkit_grant_la_LDFLAGS = -version-info $(LT_CURRENT):$(LT_REVISION):$(LT_AGE) @R_DYNAMIC_LDFLAG@ \ +libpolkit_grant_1_la_LDFLAGS = -version-info $(LT_CURRENT):$(LT_REVISION):$(LT_AGE) @R_DYNAMIC_LDFLAG@ \ -export-dynamic -no-undefined -export-symbols-regex '(^polkit_.*|_polkit_authorization_db_auth_file_add)' endif @@ -48,38 +48,38 @@ endif # adjust the PAM stuff in data/Makefile.am # if POLKIT_AUTHDB_DEFAULT -libexec_PROGRAMS = polkit-grant-helper +libexec_PROGRAMS = polkit-grant-helper-1 if POLKIT_AUTHFW_PAM -libexec_PROGRAMS += polkit-grant-helper-pam +libexec_PROGRAMS += polkit-grant-helper-pam-1 endif if POLKIT_AUTHFW_SHADOW -libexec_PROGRAMS += polkit-grant-helper-shadow +libexec_PROGRAMS += polkit-grant-helper-shadow-1 endif -libexec_PROGRAMS += polkit-explicit-grant-helper polkit-revoke-helper +libexec_PROGRAMS += polkit-explicit-grant-helper-1 polkit-revoke-helper-1 -polkit_grant_helper_SOURCES = polkit-grant-helper.c -polkit_grant_helper_LDADD = @GLIB_LIBS@ @DBUS_LIBS@ $(top_builddir)/src/kit/libkit.la $(top_builddir)/src/polkit/libpolkit.la $(top_builddir)/src/polkit-dbus/libpolkit-dbus.la libpolkit-grant.la +polkit_grant_helper_1_SOURCES = polkit-grant-helper.c +polkit_grant_helper_1_LDADD = @GLIB_LIBS@ @DBUS_LIBS@ $(top_builddir)/src/kit/libkit.la $(top_builddir)/src/polkit/libpolkit-1.la libpolkit-grant-1.la if POLKIT_AUTHFW_PAM -polkit_grant_helper_pam_SOURCES = polkit-grant-helper-pam.c -polkit_grant_helper_pam_LDADD = @AUTH_LIBS@ $(top_builddir)/src/kit/libkit.la $(top_builddir)/src/polkit/libpolkit.la +polkit_grant_helper_pam_1_SOURCES = polkit-grant-helper-pam.c +polkit_grant_helper_pam_1_LDADD = @AUTH_LIBS@ $(top_builddir)/src/kit/libkit.la $(top_builddir)/src/polkit/libpolkit-1.la endif if POLKIT_AUTHFW_SHADOW -polkit_grant_helper_shadow_SOURCES = polkit-grant-helper-shadow.c -polkit_grant_helper_shadow_LDADD = @AUTH_LIBS@ +polkit_grant_helper_shadow_1_SOURCES = polkit-grant-helper-shadow.c +polkit_grant_helper_shadow_1_LDADD = @AUTH_LIBS@ endif -polkit_explicit_grant_helper_SOURCES = polkit-explicit-grant-helper.c -polkit_explicit_grant_helper_CFLAGS = @DBUS_CFLAGS@ -polkit_explicit_grant_helper_LDADD = $(top_builddir)/src/kit/libkit.la $(top_builddir)/src/polkit/libpolkit.la $(top_builddir)/src/polkit-dbus/libpolkit-dbus.la libpolkit-grant.la +polkit_explicit_grant_helper_1_SOURCES = polkit-explicit-grant-helper.c +polkit_explicit_grant_helper_1_CFLAGS = @DBUS_CFLAGS@ +polkit_explicit_grant_helper_1_LDADD = $(top_builddir)/src/kit/libkit.la $(top_builddir)/src/polkit/libpolkit-1.la libpolkit-grant-1.la -polkit_revoke_helper_SOURCES = polkit-revoke-helper.c -polkit_revoke_helper_CFLAGS = @DBUS_CFLAGS@ -polkit_revoke_helper_LDADD = $(top_builddir)/src/kit/libkit.la $(top_builddir)/src/polkit/libpolkit.la $(top_builddir)/src/polkit-dbus/libpolkit-dbus.la +polkit_revoke_helper_1_SOURCES = polkit-revoke-helper.c +polkit_revoke_helper_1_CFLAGS = @DBUS_CFLAGS@ +polkit_revoke_helper_1_LDADD = $(top_builddir)/src/kit/libkit.la $(top_builddir)/src/polkit/libpolkit-1.la # polkit-grant-helper needs to be setgid polkituser to be able to # write cookies to /var/lib/PolicyKit and /var/run/PolicyKit @@ -99,20 +99,20 @@ polkit_revoke_helper_LDADD = $(top_builddir)/src/kit/libkit.la $(top_builddir)/s # /var/run/PolicyKit # install-exec-hook: - -chgrp $(POLKIT_GROUP) $(DESTDIR)$(libexecdir)/polkit-grant-helper - -chmod 2755 $(DESTDIR)$(libexecdir)/polkit-grant-helper + -chgrp $(POLKIT_GROUP) $(DESTDIR)$(libexecdir)/polkit-grant-helper-1 + -chmod 2755 $(DESTDIR)$(libexecdir)/polkit-grant-helper-1 if POLKIT_AUTHFW_PAM - -chgrp $(POLKIT_GROUP) $(DESTDIR)$(libexecdir)/polkit-grant-helper-pam - -chmod 4754 $(DESTDIR)$(libexecdir)/polkit-grant-helper-pam + -chgrp $(POLKIT_GROUP) $(DESTDIR)$(libexecdir)/polkit-grant-helper-pam-1 + -chmod 4754 $(DESTDIR)$(libexecdir)/polkit-grant-helper-pam-1 endif if POLKIT_AUTHFW_SHADOW - -chgrp $(POLKIT_GROUP) $(DESTDIR)$(libexecdir)/polkit-grant-helper-shadow - -chmod 4750 $(DESTDIR)$(libexecdir)/polkit-grant-helper-shadow + -chgrp $(POLKIT_GROUP) $(DESTDIR)$(libexecdir)/polkit-grant-helper-shadow-1 + -chmod 4750 $(DESTDIR)$(libexecdir)/polkit-grant-helper-shadow-1 endif - -chgrp $(POLKIT_GROUP) $(DESTDIR)$(libexecdir)/polkit-explicit-grant-helper - -chmod 2755 $(DESTDIR)$(libexecdir)/polkit-explicit-grant-helper - -chgrp $(POLKIT_GROUP) $(DESTDIR)$(libexecdir)/polkit-revoke-helper - -chmod 2755 $(DESTDIR)$(libexecdir)/polkit-revoke-helper + -chgrp $(POLKIT_GROUP) $(DESTDIR)$(libexecdir)/polkit-explicit-grant-helper-1 + -chmod 2755 $(DESTDIR)$(libexecdir)/polkit-explicit-grant-helper-1 + -chgrp $(POLKIT_GROUP) $(DESTDIR)$(libexecdir)/polkit-revoke-helper-1 + -chmod 2755 $(DESTDIR)$(libexecdir)/polkit-revoke-helper-1 endif ## note that TESTS has special meaning (stuff to use in make check) @@ -127,7 +127,7 @@ check_PROGRAMS=$(TESTS) polkit_grant_test_SOURCES= \ polkit-grant-test.h polkit-grant-test.c -polkit_grant_test_LDADD=$(top_builddir)/src/polkit-grant/libpolkit-grant.la +polkit_grant_test_LDADD=$(top_builddir)/src/polkit-grant/libpolkit-grant-1.la polkit_grant_test_LDFLAGS= if KIT_GCOV_ENABLED @@ -137,7 +137,7 @@ clean-gcov: .PHONY: coverage-report.txt covered-files.txt covered-files.txt : - echo $(addprefix src/polkit-grant/,$(filter %.c,$(libpolkit_grant_la_SOURCES))) > covered-files.txt + echo $(addprefix src/polkit-grant/,$(filter %.c,$(libpolkit_grant_1_la_SOURCES))) > covered-files.txt if POLKIT_AUTHDB_DEFAULT echo src/polkit-grant/polkit-explicit-grant-helper.c >> covered-files.txt echo src/polkit-grant/polkit-grant-helper.c >> covered-files.txt @@ -151,7 +151,7 @@ endif endif coverage-report.txt : covered-files.txt clean-gcov all check - gcov $(filter %.c,$(libpolkit_grant_la_SOURCES)) -o .libs/ > /dev/null + gcov $(filter %.c,$(libpolkit_grant_1_la_SOURCES)) -o .libs/ > /dev/null if POLKIT_AUTHDB_DEFAULT gcov polkit-explicit-grant-helper.c -o .libs/ > /dev/null gcov polkit-grant-helper.c -o .libs/ > /dev/null diff --git a/src/polkit-grant/polkit-authorization-db-write.c b/src/polkit-grant/polkit-authorization-db-write.c index 6aa8ce2416fef1c55cb9e60e66e0a8d52440b199..fec91a15be61d8b1111048093f1307a59ff1bb7d 100644 --- a/src/polkit-grant/polkit-authorization-db-write.c +++ b/src/polkit-grant/polkit-authorization-db-write.c @@ -99,9 +99,9 @@ _polkit_authorization_db_auth_file_add (polkit_bool_t transient, uid_t uid, char char *newline = "\n"; if (transient) - root = PACKAGE_LOCALSTATE_DIR "/run/PolicyKit"; + root = PACKAGE_LOCALSTATE_DIR "/run/polkit-1"; else - root = PACKAGE_LOCALSTATE_DIR "/lib/PolicyKit"; + root = PACKAGE_LOCALSTATE_DIR "/lib/polkit-1"; ret = FALSE; path = NULL; @@ -202,9 +202,9 @@ _polkit_authorization_db_auth_file_add (polkit_bool_t transient, uid_t uid, char } /* trigger a reload */ - if (utimes (PACKAGE_LOCALSTATE_DIR "/lib/misc/PolicyKit.reload", NULL) != 0) { + if (utimes (PACKAGE_LOCALSTATE_DIR "/lib/misc/polkit-1.reload", NULL) != 0) { g_warning ("Error updating access+modification time on file '%s': %m\n", - PACKAGE_LOCALSTATE_DIR "/lib/misc/PolicyKit.reload"); + PACKAGE_LOCALSTATE_DIR "/lib/misc/polkit-1.reload"); } ret = TRUE; @@ -738,7 +738,7 @@ _grant_internal (PolKitAuthorizationDB *authdb, polkit_bool_t is_negative) { GError *g_error; - char *helper_argv[6] = {PACKAGE_LIBEXEC_DIR "/polkit-explicit-grant-helper", NULL, NULL, NULL, NULL, NULL}; + char *helper_argv[6] = {PACKAGE_LIBEXEC_DIR "/polkit-explicit-grant-helper-1", NULL, NULL, NULL, NULL, NULL}; gboolean ret; gint exit_status; char cbuf[1024]; diff --git a/src/polkit-grant/polkit-explicit-grant-helper.c b/src/polkit-grant/polkit-explicit-grant-helper.c index 2e83bdefc40b818ecf57f239e05e4292f47f857f..56099122d9325277ce986e8ce8fd7f853826c70d 100644 --- a/src/polkit-grant/polkit-explicit-grant-helper.c +++ b/src/polkit-grant/polkit-explicit-grant-helper.c @@ -49,7 +49,7 @@ #include #include -#include +#include #include #ifdef HAVE_SOLARIS @@ -75,7 +75,7 @@ main (int argc, char *argv[]) /* set a minimal environment */ setenv ("PATH", "/usr/sbin:/usr/bin:/sbin:/bin", 1); - openlog ("polkit-explicit-grant-helper", LOG_CONS | LOG_PID, LOG_AUTHPRIV); + openlog ("polkit-explicit-grant-helper-1", LOG_CONS | LOG_PID, LOG_AUTHPRIV); /* check for correct invocation */ if (argc != 5) { diff --git a/src/polkit-grant/polkit-grant-helper-pam.c b/src/polkit-grant/polkit-grant-helper-pam.c index d6f46775fb84b35b7217239ba6927545c6bfefd5..259659570d087d156bd1a513f03799dad8b7b1b5 100644 --- a/src/polkit-grant/polkit-grant-helper-pam.c +++ b/src/polkit-grant/polkit-grant-helper-pam.c @@ -80,7 +80,7 @@ main (int argc, char *argv[]) goto error; } - openlog ("polkit-grant-helper-pam", LOG_CONS | LOG_PID, LOG_AUTHPRIV); + openlog ("polkit-grant-helper-pam-1", LOG_CONS | LOG_PID, LOG_AUTHPRIV); /* check for correct invocation */ if (argc != 1) { diff --git a/src/polkit-grant/polkit-grant-helper.c b/src/polkit-grant/polkit-grant-helper.c index cdfa71060330c04f3e198c6b9f65390749710a08..ff4b03f242733620609841ed0b7a89354525b8c3 100644 --- a/src/polkit-grant/polkit-grant-helper.c +++ b/src/polkit-grant/polkit-grant-helper.c @@ -59,7 +59,7 @@ #include -#include +#include // #include #ifdef HAVE_SOLARIS @@ -151,7 +151,7 @@ * FAILURE on stdin. If FAILURE * is received, then die with exit * code 1. If SUCCESS, leave a cookie - * in /var/{lib,run}/PolicyKit indicating + * in /var/{lib,run}/polkit-1 indicating * the grant was successful and die with * exit code 0 * @@ -178,10 +178,10 @@ do_auth (const char *user_to_auth, gboolean *empty_conversation) int helper_stdout; GError *g_error; #ifdef POLKIT_AUTHFW_PAM - char *helper_argv[2] = {PACKAGE_LIBEXEC_DIR "/polkit-grant-helper-pam", NULL}; + char *helper_argv[2] = {PACKAGE_LIBEXEC_DIR "/polkit-grant-helper-pam-1", NULL}; #endif #ifdef POLKIT_AUTHFW_SHADOW - char *helper_argv[2] = {PACKAGE_LIBEXEC_DIR "/polkit-grant-helper-shadow", NULL}; + char *helper_argv[2] = {PACKAGE_LIBEXEC_DIR "/polkit-grant-helper-shadow-1", NULL}; #endif char buf[256]; FILE *child_stdin; @@ -330,98 +330,9 @@ verify_with_polkit (PolKitContext *pol_ctx, *out_result == POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH || *out_result == POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_KEEP_SESSION || *out_result == POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_KEEP_ALWAYS) { - PolKitConfig *pk_config; - PolKitConfigAdminAuthType admin_auth_type; - const char *admin_auth_data; - - pk_config = polkit_context_get_config (pol_ctx, NULL); - /* if the configuration file is malformed, bail out */ - if (pk_config == NULL) - goto error; - - if (polkit_config_determine_admin_auth_type (pk_config, - action, - caller, - &admin_auth_type, - &admin_auth_data)) { -#ifdef PGH_DEBUG - fprintf (stderr, "polkit-grant-helper: admin_auth_type=%d data='%s'\n", admin_auth_type, admin_auth_data); -#endif /* PGH_DEBUG */ - switch (admin_auth_type) { - case POLKIT_CONFIG_ADMIN_AUTH_TYPE_USER: - if (admin_auth_data != NULL) - *out_admin_users = g_strsplit (admin_auth_data, "|", 0); - break; - case POLKIT_CONFIG_ADMIN_AUTH_TYPE_GROUP: - if (admin_auth_data != NULL) { - int n; - char **groups; - GSList *i; - GSList *users; - - - users = NULL; - groups = g_strsplit (admin_auth_data, "|", 0); - for (n = 0; groups[n] != NULL; n++) { - int m; - struct group *group; - - /* This is fine; we're a single-threaded app */ - if ((group = getgrnam (groups[n])) == NULL) - continue; - - for (m = 0; group->gr_mem[m] != NULL; m++) { - const char *user; - gboolean found; - - user = group->gr_mem[m]; - found = FALSE; - -#ifdef PGH_DEBUG - fprintf (stderr, "polkit-grant-helper: examining member '%s' of group '%s'\n", user, groups[n]); -#endif /* PGH_DEBUG */ - - /* skip user 'root' since he is often member of 'wheel' etc. */ - if (strcmp (user, "root") == 0) - continue; - /* TODO: we should probably only consider users with an uid - * in a given "safe" range, e.g. between 500 and 32000 or - * something like that... - */ - - for (i = users; i != NULL; i = g_slist_next (i)) { - if (strcmp (user, (const char *) i->data) == 0) { - found = TRUE; - break; - } - } - if (found) - continue; - -#ifdef PGH_DEBUG - fprintf (stderr, "polkit-grant-helper: added user '%s'\n", user); -#endif /* PGH_DEBUG */ - - users = g_slist_prepend (users, g_strdup (user)); - } - - } - g_strfreev (groups); - - users = g_slist_sort (users, (GCompareFunc) strcmp); - - *out_admin_users = g_new0 (char *, g_slist_length (users) + 1); - for (i = users, n = 0; i != NULL; i = g_slist_next (i)) { - (*out_admin_users)[n++] = i->data; - } - - g_slist_free (users); - } - break; - } - } + /* TODO: need to revisit this and return list of users that can auth */ + *out_admin_users = NULL; } - /* TODO: we should probably clean up */ @@ -571,7 +482,7 @@ main (int argc, char *argv[]) /* set a minimal environment */ setenv ("PATH", "/usr/sbin:/usr/bin:/sbin:/bin", 1); - openlog ("polkit-grant-helper", LOG_CONS | LOG_PID, LOG_AUTHPRIV); + openlog ("polkit-grant-helper-1", LOG_CONS | LOG_PID, LOG_AUTHPRIV); /* check for correct invocation */ if (argc != 3) { diff --git a/src/polkit-grant/polkit-grant.c b/src/polkit-grant/polkit-grant.c index c491b53a8ba66c6507b0423bc6f8df36e427a003..ad4c98f9c4322616f76a2601614ceee868b43c37 100644 --- a/src/polkit-grant/polkit-grant.c +++ b/src/polkit-grant/polkit-grant.c @@ -495,8 +495,8 @@ polkit_grant_initiate_auth (PolKitGrant *polkit_grant, /* TODO: verify incoming args */ - /* helper_argv[0] = "/home/davidz/Hacking/PolicyKit/polkit-grant/.libs/polkit-grant-helper"; */ - helper_argv[0] = PACKAGE_LIBEXEC_DIR "/polkit-grant-helper"; + /* helper_argv[0] = "/home/davidz/Hacking/PolicyKit/polkit-grant/.libs/polkit-grant-helper-1"; */ + helper_argv[0] = PACKAGE_LIBEXEC_DIR "/polkit-grant-helper-1"; helper_argv[1] = g_strdup_printf ("%d", pid); helper_argv[2] = action_id; helper_argv[3] = NULL; diff --git a/src/polkit-grant/polkit-revoke-helper.c b/src/polkit-grant/polkit-revoke-helper.c index 5f5985643cda5c389b5b4c9f1da66feec762b726..3b79813b15d90ce02cc83d1f2eae44858739b95e 100644 --- a/src/polkit-grant/polkit-revoke-helper.c +++ b/src/polkit-grant/polkit-revoke-helper.c @@ -48,7 +48,7 @@ #include #include -#include +#include #include #ifdef HAVE_SOLARIS @@ -118,7 +118,7 @@ main (int argc, char *argv[]) setenv ("PATH", "/usr/sbin:/usr/bin:/sbin:/bin", 1); #endif - openlog ("polkit-revoke-helper", LOG_CONS | LOG_PID, LOG_AUTHPRIV); + openlog ("polkit-revoke-helper-1", LOG_CONS | LOG_PID, LOG_AUTHPRIV); /* check for correct invocation */ if (argc != 4) { @@ -204,12 +204,12 @@ skip_check: if ((test_dir = getenv ("POLKIT_TEST_LOCALSTATE_DIR")) == NULL) { test_dir = PACKAGE_LOCALSTATE_DIR; } - kit_assert ((size_t) snprintf (dir_run, sizeof (dir_run), "%s/run/PolicyKit", test_dir) < sizeof (dir_run)); - kit_assert ((size_t) snprintf (dir_lib, sizeof (dir_lib), "%s/lib/PolicyKit", test_dir) < sizeof (dir_lib)); + kit_assert ((size_t) snprintf (dir_run, sizeof (dir_run), "%s/run/polkit-1", test_dir) < sizeof (dir_run)); + kit_assert ((size_t) snprintf (dir_lib, sizeof (dir_lib), "%s/lib/polkit-1", test_dir) < sizeof (dir_lib)); #else - char *dir_run = PACKAGE_LOCALSTATE_DIR "/run/PolicyKit"; - char *dir_lib = PACKAGE_LOCALSTATE_DIR "/lib/PolicyKit"; + char *dir_run = PACKAGE_LOCALSTATE_DIR "/run/polkit-1"; + char *dir_lib = PACKAGE_LOCALSTATE_DIR "/lib/polkit-1"; #endif @@ -347,9 +347,9 @@ skip_check: goto no_reload; #endif /* trigger a reload */ - if (utimes (PACKAGE_LOCALSTATE_DIR "/lib/misc/PolicyKit.reload", NULL) != 0) { + if (utimes (PACKAGE_LOCALSTATE_DIR "/lib/misc/polkit-1.reload", NULL) != 0) { fprintf (stderr, "Error updating access+modification time on file '%s': %m\n", - PACKAGE_LOCALSTATE_DIR "/lib/misc/PolicyKit.reload"); + PACKAGE_LOCALSTATE_DIR "/lib/misc/polkit-1.reload"); } #ifdef POLKIT_BUILD_TESTS no_reload: diff --git a/src/polkit/Makefile.am b/src/polkit/Makefile.am index 4c3d3131c0d8c2bd561b54108d9761841de3d1fe..9c200a125767ee5418dd7b8856d6c2160475c40d 100644 --- a/src/polkit/Makefile.am +++ b/src/polkit/Makefile.am @@ -12,13 +12,15 @@ INCLUDES = \ -D_POSIX_PTHREAD_SEMANTICS -D_REENTRANT \ -DPOLKIT_COMPILATION \ -DTEST_DATA_DIR=\"$(top_srcdir)/test/\" \ - -DTEST_BUILD_DIR=\"$(top_builddir)\" + -DTEST_BUILD_DIR=\"$(top_builddir)\" \ + @DBUS_CFLAGS@ -lib_LTLIBRARIES=libpolkit.la -libpolkitincludedir=$(includedir)/PolicyKit/polkit +lib_LTLIBRARIES=libpolkit-1.la -libpolkitinclude_HEADERS = \ +libpolkit_1includedir=$(includedir)/polkit-1/polkit + +libpolkit_1include_HEADERS = \ polkit.h \ polkit-sysdeps.h \ polkit-types.h \ @@ -33,12 +35,13 @@ libpolkitinclude_HEADERS = \ polkit-policy-file.h \ polkit-policy-cache.h \ polkit-policy-default.h \ - polkit-config.h \ polkit-authorization.h \ polkit-authorization-constraint.h \ - polkit-authorization-db.h + polkit-authorization-db.h \ + polkit-tracker.h \ + polkit-simple.h -libpolkit_la_SOURCES = \ +libpolkit_1_la_SOURCES = \ polkit.h \ polkit-private.h \ polkit-types.h \ @@ -56,27 +59,28 @@ libpolkit_la_SOURCES = \ polkit-policy-default.h polkit-policy-default.c \ polkit-debug.h polkit-debug.c \ polkit-utils.h polkit-utils.c \ - polkit-config.h polkit-config.c \ polkit-authorization.h polkit-authorization.c \ polkit-authorization-constraint.h polkit-authorization-constraint.c \ - polkit-authorization-db.h + polkit-authorization-db.h \ + polkit-tracker.h polkit-tracker.c \ + polkit-simple.h polkit-simple.c if POLKIT_AUTHDB_DUMMY -libpolkit_la_SOURCES += \ +libpolkit_1_la_SOURCES += \ polkit-authorization-db-dummy.c endif if POLKIT_AUTHDB_DEFAULT -libpolkit_la_SOURCES += \ +libpolkit_1_la_SOURCES += \ polkit-authorization-db.c endif -libpolkit_la_LIBADD = @EXPAT_LIBS@ $(top_builddir)/src/kit/libkit.la +libpolkit_1_la_LIBADD = @DBUS_LIBS@ @EXPAT_LIBS@ $(top_builddir)/src/kit/libkit.la $(SELINUX_LIBS) if POLKIT_BUILD_TESTS -libpolkit_la_LDFLAGS = -version-info $(LT_CURRENT):$(LT_REVISION):$(LT_AGE) @R_DYNAMIC_LDFLAG@ +libpolkit_1_la_LDFLAGS = -version-info $(LT_CURRENT):$(LT_REVISION):$(LT_AGE) @R_DYNAMIC_LDFLAG@ else -libpolkit_la_LDFLAGS = -version-info $(LT_CURRENT):$(LT_REVISION):$(LT_AGE) @R_DYNAMIC_LDFLAG@ \ +libpolkit_1_la_LDFLAGS = -version-info $(LT_CURRENT):$(LT_REVISION):$(LT_AGE) @R_DYNAMIC_LDFLAG@ \ -export-dynamic -no-undefined -export-symbols-regex '(^polkit_.*|_pk_validate_unique_bus_name)' endif @@ -92,7 +96,7 @@ check_PROGRAMS=$(TESTS) polkit_test_SOURCES= \ polkit-test.h polkit-test.c -polkit_test_LDADD=$(top_builddir)/src/kit/libkit.la $(top_builddir)/src/polkit/libpolkit.la +polkit_test_LDADD=$(top_builddir)/src/kit/libkit.la $(top_builddir)/src/polkit/libpolkit-1.la polkit_test_LDFLAGS= if POLKIT_GCOV_ENABLED @@ -102,10 +106,10 @@ clean-gcov: .PHONY: coverage-report.txt covered-files.txt covered-files.txt : - echo $(addprefix src/polkit/,$(filter %.c,$(libpolkit_la_SOURCES))) > covered-files.txt + echo $(addprefix src/polkit/,$(filter %.c,$(libpolkit_1_la_SOURCES))) > covered-files.txt coverage-report.txt : covered-files.txt clean-gcov all check - gcov $(filter %.c,$(libpolkit_la_SOURCES)) -o .libs/ > /dev/null + gcov $(filter %.c,$(libpolkit_1_la_SOURCES)) -o .libs/ > /dev/null $(top_srcdir)/test/create-coverage-report.sh "module polkit" `cat covered-files.txt` > coverage-report.txt check-coverage : coverage-report.txt @@ -125,32 +129,66 @@ endif clean-local : rm -f *~ $(BUILT_SOURCES) *.bb *.bbg *.da *.gcov .libs/*.da .libs/*.bbg +libexec_PROGRAMS = polkit-resolve-exe-helper-1 + +polkit_resolve_exe_helper_1_SOURCES = polkit-resolve-exe-helper.c +polkit_resolve_exe_helper_1_CFLAGS = @DBUS_CFLAGS@ +polkit_resolve_exe_helper_1_LDADD = $(top_builddir)/src/kit/libkit.la libpolkit-1.la + if POLKIT_AUTHDB_DEFAULT -# The directories /var/lib/PolicyKit and /var/run/PolicyKit is where +libexec_PROGRAMS += polkit-read-auth-helper-1 polkit-set-default-helper-1 + +polkit_read_auth_helper_1_SOURCES = polkit-read-auth-helper.c +polkit_read_auth_helper_1_CFLAGS = @DBUS_CFLAGS@ +polkit_read_auth_helper_1_LDADD = $(top_builddir)/src/kit/libkit.la libpolkit-1.la + +polkit_set_default_helper_1_SOURCES = polkit-set-default-helper.c +polkit_set_default_helper_1_CFLAGS = @DBUS_CFLAGS@ +polkit_set_default_helper_1_LDADD = $(top_builddir)/src/kit/libkit.la libpolkit-1.la + +# The directories /var/lib/polkit-1 and /var/run/polkit-1 is where # authorizations are stored. They must not be world readable (the # polkit-auth-read-helper is used to read it) and the $POLKIT_GROUP # group needs to be able to write files there. # -# The directory /var/lib/PolicyKit-public is used for storing world-readable +# The directory /var/lib/polkit-public-1 is used for storing world-readable # information. Only $POLKIT_USER may write to it. # -# The /var/lib/misc/PolicyKit.reload file is used for triggering that +# The /var/lib/misc/polkit-1.reload file is used for triggering that # authorizations have changed; it needs to be world readable and # writeable for user $POLKIT_USER and group $POLKIT_GROUP (FHS 2.3 suggests # that location) # -install-data-local: +# polkit-read-auth-helper needs to be setgid $POLKIT_GROUP to be able +# to read authorization files in /var/lib/polkit-1 and +# /var/run/polkit-1 +# +# polkit-set-default-helper needs to be setuid $POLKIT_USER to be able +# to write .defaults-override files in /var/lib/polkit-public-1 +# +# polkit-resolve-exe-helper needs to be setuid root to be able to resolve +# /proc/$pid/exe symlinks. +# +install-exec-hook: mkdir -p $(DESTDIR)$(localstatedir)/lib/misc - touch $(DESTDIR)$(localstatedir)/lib/misc/PolicyKit.reload - -chown $(POLKIT_USER):$(POLKIT_GROUP) $(DESTDIR)$(localstatedir)/lib/misc/PolicyKit.reload - -chmod 664 $(DESTDIR)$(localstatedir)/lib/misc/PolicyKit.reload - mkdir -p $(DESTDIR)$(localstatedir)/lib/PolicyKit-public - mkdir -p $(DESTDIR)$(localstatedir)/lib/PolicyKit - mkdir -p $(DESTDIR)$(localstatedir)/run/PolicyKit - -chown $(POLKIT_USER) $(DESTDIR)$(localstatedir)/lib/PolicyKit-public - -chgrp $(POLKIT_GROUP) $(DESTDIR)$(localstatedir)/lib/PolicyKit - -chgrp $(POLKIT_GROUP) $(DESTDIR)$(localstatedir)/run/PolicyKit - -chmod 755 $(DESTDIR)$(localstatedir)/lib/PolicyKit-public - -chmod 770 $(DESTDIR)$(localstatedir)/lib/PolicyKit - -chmod 770 $(DESTDIR)$(localstatedir)/run/PolicyKit + touch $(DESTDIR)$(localstatedir)/lib/misc/polkit-1.reload + -chown $(POLKIT_USER):$(POLKIT_GROUP) $(DESTDIR)$(localstatedir)/lib/misc/polkit-1.reload + -chmod 664 $(DESTDIR)$(localstatedir)/lib/misc/polkit-1.reload + mkdir -p $(DESTDIR)$(localstatedir)/lib/polkit-public-1 + mkdir -p $(DESTDIR)$(localstatedir)/lib/polkit-1 + mkdir -p $(DESTDIR)$(localstatedir)/run/polkit-1 + -chown $(POLKIT_USER) $(DESTDIR)$(localstatedir)/lib/polkit-public-1 + -chgrp $(POLKIT_GROUP) $(DESTDIR)$(localstatedir)/lib/polkit-1 + -chgrp $(POLKIT_GROUP) $(DESTDIR)$(localstatedir)/run/polkit-1 + -chmod 755 $(DESTDIR)$(localstatedir)/lib/polkit-public-1 + -chmod 770 $(DESTDIR)$(localstatedir)/lib/polkit-1 + -chmod 770 $(DESTDIR)$(localstatedir)/run/polkit-1 + -chgrp $(POLKIT_GROUP) $(DESTDIR)$(libexecdir)/polkit-read-auth-helper-1 + -chmod 2755 $(DESTDIR)$(libexecdir)/polkit-read-auth-helper-1 + -chown $(POLKIT_USER) $(DESTDIR)$(libexecdir)/polkit-set-default-helper-1 + -chmod 4755 $(DESTDIR)$(libexecdir)/polkit-set-default-helper-1 + -chmod 4755 $(DESTDIR)$(libexecdir)/polkit-resolve-exe-helper-1 +else +install-exec-hook: + -chmod 4755 $(DESTDIR)$(libexecdir)/polkit-resolve-exe-helper endif diff --git a/src/polkit/polkit-authorization-db.c b/src/polkit/polkit-authorization-db.c index 1e339b613b9e461e47631d76285767749375076d..37529a39e0546e9d9df94de80f5559b4234e3abd 100644 --- a/src/polkit/polkit-authorization-db.c +++ b/src/polkit/polkit-authorization-db.c @@ -278,13 +278,13 @@ _authdb_get_auths_for_uid (PolKitAuthorizationDB *authdb, char helper_buf[256]; char *helper_bin_dir; if ((helper_bin_dir = getenv ("POLKIT_TEST_BUILD_DIR")) != NULL) { - kit_assert ((size_t) snprintf (helper_buf, sizeof (helper_buf), "%s/src/polkit-dbus/polkit-read-auth-helper", helper_bin_dir) < sizeof (helper_buf)); + kit_assert ((size_t) snprintf (helper_buf, sizeof (helper_buf), "%s/src/polkit/polkit-read-auth-helper-1", helper_bin_dir) < sizeof (helper_buf)); helper_argv[0] = helper_buf; } else { - helper_argv[0] = PACKAGE_LIBEXEC_DIR "/polkit-read-auth-helper"; + helper_argv[0] = PACKAGE_LIBEXEC_DIR "/polkit-read-auth-helper-1"; } #else - helper_argv[0] = PACKAGE_LIBEXEC_DIR "/polkit-read-auth-helper"; + helper_argv[0] = PACKAGE_LIBEXEC_DIR "/polkit-read-auth-helper-1"; #endif /* first, see if this is in the cache */ @@ -1042,13 +1042,13 @@ polkit_authorization_db_revoke_entry (PolKitAuthorizationDB *authdb, char helper_buf[256]; char *helper_bin_dir; if ((helper_bin_dir = getenv ("POLKIT_TEST_BUILD_DIR")) != NULL) { - kit_assert ((size_t) snprintf (helper_buf, sizeof (helper_buf), "%s/src/polkit-grant/polkit-revoke-helper", helper_bin_dir) < sizeof (helper_buf)); + kit_assert ((size_t) snprintf (helper_buf, sizeof (helper_buf), "%s/src/polkit-grant/polkit-revoke-helper-1", helper_bin_dir) < sizeof (helper_buf)); helper_argv[0] = helper_buf; } else { - helper_argv[0] = PACKAGE_LIBEXEC_DIR "/polkit-revoke-helper"; + helper_argv[0] = PACKAGE_LIBEXEC_DIR "/polkit-revoke-helper-1"; } #else - helper_argv[0] = PACKAGE_LIBEXEC_DIR "/polkit-revoke-helper"; + helper_argv[0] = PACKAGE_LIBEXEC_DIR "/polkit-revoke-helper-1"; #endif helper_argv[1] = (char *) auth_file_entry; @@ -1236,22 +1236,22 @@ _run_test (void) goto out; /* seed the authdb with known defaults */ - if (!kit_file_set_contents (TEST_DATA_DIR "authdb-test/run/PolicyKit/user-pu1.auths", 0644, + if (!kit_file_set_contents (TEST_DATA_DIR "authdb-test/run/polkit-1/user-pu1.auths", 0644, test_pu1_run, sizeof (test_pu1_run) - 1)) goto out; - if (!kit_file_set_contents (TEST_DATA_DIR "authdb-test/lib/PolicyKit/user-pu1.auths", 0644, + if (!kit_file_set_contents (TEST_DATA_DIR "authdb-test/lib/polkit-1/user-pu1.auths", 0644, test_pu1_lib, sizeof (test_pu1_lib) - 1)) goto out; - if (!kit_file_set_contents (TEST_DATA_DIR "authdb-test/run/PolicyKit/user-pu2.auths", 0644, + if (!kit_file_set_contents (TEST_DATA_DIR "authdb-test/run/polkit-1/user-pu2.auths", 0644, test_pu2_run, sizeof (test_pu2_run) - 1)) goto out; - if (!kit_file_set_contents (TEST_DATA_DIR "authdb-test/lib/PolicyKit/user-pu2.auths", 0644, + if (!kit_file_set_contents (TEST_DATA_DIR "authdb-test/lib/polkit-1/user-pu2.auths", 0644, test_pu2_lib, sizeof (test_pu2_lib) - 1)) goto out; - if (!kit_file_set_contents (TEST_DATA_DIR "authdb-test/run/PolicyKit/user-pu3.auths", 0644, + if (!kit_file_set_contents (TEST_DATA_DIR "authdb-test/run/polkit-1/user-pu3.auths", 0644, test_pu3_run, strlen (test_pu3_run))) goto out; - if (!kit_file_set_contents (TEST_DATA_DIR "authdb-test/lib/PolicyKit/user-pu3.auths", 0644, + if (!kit_file_set_contents (TEST_DATA_DIR "authdb-test/lib/polkit-1/user-pu3.auths", 0644, test_pu3_lib, sizeof (test_pu3_lib) - 1)) goto out; @@ -1320,6 +1320,11 @@ _run_test (void) if (polkit_authorization_db_is_caller_authorized (adb, action, caller, FALSE, &is_auth, &is_neg, &error)) { kit_assert (! polkit_error_is_set (error) && !is_auth && !is_neg); } else { + kit_warning ("%p: %d: %s: %s", + error, + polkit_error_get_error_code (error), + polkit_error_get_error_name (error), + polkit_error_get_error_message (error)); kit_assert (polkit_error_is_set (error) && polkit_error_get_error_code (error) == POLKIT_ERROR_OUT_OF_MEMORY); polkit_error_free (error); diff --git a/src/polkit/polkit-config.c b/src/polkit/polkit-config.c deleted file mode 100644 index 375615ecc652bdff2149357e57ed64c6cbd34261..0000000000000000000000000000000000000000 --- a/src/polkit/polkit-config.c +++ /dev/null @@ -1,786 +0,0 @@ -/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */ -/*************************************************************************** - * - * polkit-config.h : Configuration file - * - * Copyright (C) 2007 David Zeuthen, - * - * Permission is hereby granted, free of charge, to any person - * obtaining a copy of this software and associated documentation - * files (the "Software"), to deal in the Software without - * restriction, including without limitation the rights to use, copy, - * modify, merge, publish, distribute, sublicense, and/or sell copies - * of the Software, and to permit persons to whom the Software is - * furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be - * included in all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, - * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF - * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND - * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT - * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, - * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, - * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER - * DEALINGS IN THE SOFTWARE. - * - **************************************************************************/ - -#ifdef HAVE_CONFIG_H -# include -#endif - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include - -#include "polkit-config.h" -#include "polkit-debug.h" -#include "polkit-error.h" -#include "polkit-private.h" -#include "polkit-test.h" - -/** - * SECTION:polkit-config - * @title: Configuration - * @short_description: Represents the system-wide /etc/PolicyKit/PolicyKit.conf file. - * - * This class is used to represent the /etc/PolicyKit/PolicyKit.conf - * configuration file. Applications using PolicyKit should never use - * this class; it's only here for integration with other PolicyKit - * components. - **/ - -enum { - STATE_NONE, - STATE_UNKNOWN_TAG, - STATE_IN_CONFIG, - STATE_IN_MATCH, - STATE_IN_RETURN, - STATE_IN_DEFINE_ADMIN_AUTH, -}; - -struct ConfigNode; -typedef struct ConfigNode ConfigNode; - -/** - * PolKitConfig: - * - * This class represents the system-wide configuration file for - * PolicyKit. Applications using PolicyKit should never use this - * class; it's only here for integration with other PolicyKit - * components. - **/ -struct _PolKitConfig -{ - int refcount; - ConfigNode *top_config_node; -}; - -#define PARSER_MAX_DEPTH 32 - -typedef struct { - XML_Parser parser; - int state; - PolKitConfig *pk_config; - const char *path; - - int state_stack[PARSER_MAX_DEPTH]; - ConfigNode *node_stack[PARSER_MAX_DEPTH]; - - int stack_depth; -} ParserData; - -enum { - NODE_TYPE_NOP, - NODE_TYPE_TOP, - NODE_TYPE_MATCH, - NODE_TYPE_RETURN, - NODE_TYPE_DEFINE_ADMIN_AUTH, -}; - -enum { - MATCH_TYPE_ACTION, - MATCH_TYPE_USER, -}; - -static const char * const match_names[] = -{ - "action", - "user", -}; - -static const char * const define_admin_auth_names[] = -{ - "user", - "group", -}; - -struct ConfigNode -{ - int node_type; - - union { - - struct { - int match_type; - char *data; - regex_t preq; - } node_match; - - struct { - PolKitResult result; - } node_return; - - struct { - PolKitConfigAdminAuthType admin_type; - char *data; - } node_define_admin_auth; - - } data; - - KitList *children; -}; - - -static ConfigNode * -config_node_new (void) -{ - ConfigNode *node; - node = kit_new0 (ConfigNode, 1); - return node; -} - -static void -config_node_dump_real (ConfigNode *node, unsigned int indent) -{ - KitList *i; - unsigned int n; - char buf[128]; - - for (n = 0; n < indent && n < sizeof (buf) - 1; n++) - buf[n] = ' '; - buf[n] = '\0'; - - switch (node->node_type) { - case NODE_TYPE_NOP: - polkit_debug ("%sNOP", buf); - break; - case NODE_TYPE_TOP: - polkit_debug ("%sTOP", buf); - break; - case NODE_TYPE_MATCH: - polkit_debug ("%sMATCH %s (%d) with '%s'", - buf, - match_names[node->data.node_match.match_type], - node->data.node_match.match_type, - node->data.node_match.data); - break; - case NODE_TYPE_RETURN: - polkit_debug ("%sRETURN %s (%d)", - buf, - polkit_result_to_string_representation (node->data.node_return.result), - node->data.node_return.result); - break; - case NODE_TYPE_DEFINE_ADMIN_AUTH: - polkit_debug ("%sDEFINE_ADMIN_AUTH %s (%d) with '%s'", - buf, - define_admin_auth_names[node->data.node_define_admin_auth.admin_type], - node->data.node_define_admin_auth.admin_type, - node->data.node_define_admin_auth.data); - break; - break; - } - - for (i = node->children; i != NULL; i = i->next) { - ConfigNode *child = i->data; - config_node_dump_real (child, indent + 2); - } -} - -static void -config_node_dump (ConfigNode *node) -{ - - config_node_dump_real (node, 0); -} - -static void -config_node_unref (ConfigNode *node) -{ - KitList *i; - - switch (node->node_type) { - case NODE_TYPE_NOP: - break; - case NODE_TYPE_TOP: - break; - case NODE_TYPE_MATCH: - kit_free (node->data.node_match.data); - regfree (&(node->data.node_match.preq)); - break; - case NODE_TYPE_RETURN: - break; - case NODE_TYPE_DEFINE_ADMIN_AUTH: - kit_free (node->data.node_define_admin_auth.data); - break; - } - - for (i = node->children; i != NULL; i = i->next) { - ConfigNode *child = i->data; - config_node_unref (child); - } - kit_list_free (node->children); - kit_free (node); -} - -static void -_start (void *data, const char *el, const char **attr) -{ - int state; - int num_attr; - ParserData *pd = data; - ConfigNode *node; - - polkit_debug ("_start for node '%s' (at depth=%d)", el, pd->stack_depth); - - for (num_attr = 0; attr[num_attr] != NULL; num_attr++) - ; - - state = STATE_NONE; - node = config_node_new (); - node->node_type = NODE_TYPE_NOP; - - switch (pd->state) { - case STATE_NONE: - if (strcmp (el, "config") == 0) { - state = STATE_IN_CONFIG; - polkit_debug ("parsed config node"); - - if (pd->pk_config->top_config_node != NULL) { - polkit_debug ("Multiple config nodes?"); - goto error; - } - - node->node_type = NODE_TYPE_TOP; - pd->pk_config->top_config_node = node; - } - break; - case STATE_IN_CONFIG: /* explicit fallthrough */ - case STATE_IN_MATCH: - if ((strcmp (el, "match") == 0) && (num_attr == 2)) { - - node->node_type = NODE_TYPE_MATCH; - if (strcmp (attr[0], "action") == 0) { - node->data.node_match.match_type = MATCH_TYPE_ACTION; - } else if (strcmp (attr[0], "user") == 0) { - node->data.node_match.match_type = MATCH_TYPE_USER; - } else { - polkit_debug ("Unknown match rule '%s'", attr[0]); - goto error; - } - - node->data.node_match.data = kit_strdup (attr[1]); - if (regcomp (&(node->data.node_match.preq), node->data.node_match.data, REG_NOSUB|REG_EXTENDED) != 0) { - polkit_debug ("Invalid expression '%s'", node->data.node_match.data); - goto error; - } - - state = STATE_IN_MATCH; - polkit_debug ("parsed match node ('%s' (%d) -> '%s')", - attr[0], - node->data.node_match.match_type, - node->data.node_match.data); - - } else if ((strcmp (el, "return") == 0) && (num_attr == 2)) { - - node->node_type = NODE_TYPE_RETURN; - - if (strcmp (attr[0], "result") == 0) { - PolKitResult r; - if (!polkit_result_from_string_representation (attr[1], &r)) { - polkit_debug ("Unknown return result '%s'", attr[1]); - goto error; - } - node->data.node_return.result = r; - } else { - polkit_debug ("Unknown return rule '%s'", attr[0]); - goto error; - } - - state = STATE_IN_RETURN; - polkit_debug ("parsed return node ('%s' (%d))", - attr[1], - node->data.node_return.result); - } else if ((strcmp (el, "define_admin_auth") == 0) && (num_attr == 2)) { - - node->node_type = NODE_TYPE_DEFINE_ADMIN_AUTH; - if (strcmp (attr[0], "user") == 0) { - node->data.node_define_admin_auth.admin_type = POLKIT_CONFIG_ADMIN_AUTH_TYPE_USER; - } else if (strcmp (attr[0], "group") == 0) { - node->data.node_define_admin_auth.admin_type = POLKIT_CONFIG_ADMIN_AUTH_TYPE_GROUP; - } else { - polkit_debug ("Unknown define_admin_auth rule '%s'", attr[0]); - goto error; - } - - node->data.node_define_admin_auth.data = kit_strdup (attr[1]); - - state = STATE_IN_DEFINE_ADMIN_AUTH; - polkit_debug ("parsed define_admin_auth node ('%s' (%d) -> '%s')", - attr[0], - node->data.node_define_admin_auth.admin_type, - node->data.node_define_admin_auth.data); - - - } - break; - } - - if (state == STATE_NONE || node == NULL) { - kit_warning ("skipping unknown tag <%s> at line %d of %s", - el, (int) XML_GetCurrentLineNumber (pd->parser), pd->path); - state = STATE_UNKNOWN_TAG; - } - - if (pd->stack_depth < 0 || pd->stack_depth >= PARSER_MAX_DEPTH) { - polkit_debug ("reached max depth?"); - goto error; - } - pd->state = state; - pd->state_stack[pd->stack_depth] = pd->state; - pd->node_stack[pd->stack_depth] = node; - - if (pd->stack_depth > 0) { - pd->node_stack[pd->stack_depth - 1]->children = - kit_list_append (pd->node_stack[pd->stack_depth - 1]->children, node); - } - - pd->stack_depth++; - polkit_debug ("now in state=%d (after _start, depth=%d)", pd->state, pd->stack_depth); - return; - -error: - if (node != NULL) { - config_node_unref (node); - } - XML_StopParser (pd->parser, FALSE); -} - -static void -_cdata (void *data, const char *s, int len) -{ -} - -static void -_end (void *data, const char *el) -{ - ParserData *pd = data; - - polkit_debug ("_end for node '%s' (at depth=%d)", el, pd->stack_depth); - - --pd->stack_depth; - if (pd->stack_depth < 0 || pd->stack_depth >= PARSER_MAX_DEPTH) { - polkit_debug ("reached max depth?"); - goto error; - } - if (pd->stack_depth > 0) - pd->state = pd->state_stack[pd->stack_depth - 1]; - else - pd->state = STATE_NONE; - polkit_debug ("now in state=%d (after _end, depth=%d)", pd->state, pd->stack_depth); - return; -error: - XML_StopParser (pd->parser, FALSE); -} - -/** - * polkit_config_new: - * @path: Path to configuration, typically /etc/PolicyKit/PolicyKit.conf is passed. - * @error: return location for error - * - * Load and parse a PolicyKit configuration file. - * - * Returns: the configuration file object - **/ -PolKitConfig * -polkit_config_new (const char *path, PolKitError **error) -{ - ParserData pd; - int xml_res; - PolKitConfig *pk_config; - char *buf; - size_t buflen; - - /* load and parse the configuration file */ - pk_config = NULL; - - if (!kit_file_get_contents (path, &buf, &buflen)) { - polkit_error_set_error (error, POLKIT_ERROR_POLICY_FILE_INVALID, - "Cannot load PolicyKit policy file at '%s': %m", - path); - goto error; - } - - pd.parser = XML_ParserCreate (NULL); - if (pd.parser == NULL) { - polkit_error_set_error (error, POLKIT_ERROR_OUT_OF_MEMORY, - "Cannot load PolicyKit policy file at '%s': %s", - path, - "No memory for parser"); - goto error; - } - XML_SetUserData (pd.parser, &pd); - XML_SetElementHandler (pd.parser, _start, _end); - XML_SetCharacterDataHandler (pd.parser, _cdata); - - pk_config = kit_new0 (PolKitConfig, 1); - pk_config->refcount = 1; - - pd.state = STATE_NONE; - pd.pk_config = pk_config; - pd.node_stack[0] = NULL; - pd.stack_depth = 0; - pd.path = path; - - xml_res = XML_Parse (pd.parser, buf, buflen, 1); - - if (xml_res == 0) { - polkit_error_set_error (error, POLKIT_ERROR_POLICY_FILE_INVALID, - "%s:%d: parse error: %s", - path, - (int) XML_GetCurrentLineNumber (pd.parser), - XML_ErrorString (XML_GetErrorCode (pd.parser))); - - XML_ParserFree (pd.parser); - kit_free (buf); - goto error; - } - XML_ParserFree (pd.parser); - kit_free (buf); - - polkit_debug ("Loaded configuration file %s", path); - - if (pk_config->top_config_node != NULL) - config_node_dump (pk_config->top_config_node); - - return pk_config; - -error: - if (pk_config != NULL) - polkit_config_unref (pk_config); - return NULL; -} - -/** - * polkit_config_ref: - * @pk_config: the object - * - * Increase reference count. - * - * Returns: the object - **/ -PolKitConfig * -polkit_config_ref (PolKitConfig *pk_config) -{ - kit_return_val_if_fail (pk_config != NULL, pk_config); - pk_config->refcount++; - return pk_config; -} - -/** - * polkit_config_unref: - * @pk_config: the object - * - * Decreases the reference count of the object. If it becomes zero, - * the object is freed. Before freeing, reference counts on embedded - * objects are decresed by one. - **/ -void -polkit_config_unref (PolKitConfig *pk_config) -{ - kit_return_if_fail (pk_config != NULL); - pk_config->refcount--; - if (pk_config->refcount > 0) - return; - - if (pk_config->top_config_node != NULL) - config_node_unref (pk_config->top_config_node); - - kit_free (pk_config); -} - -static polkit_bool_t -config_node_match (ConfigNode *node, - PolKitAction *action, - PolKitCaller *caller, - PolKitSession *session) -{ - char *str; - char *str1; - char *str2; - uid_t uid; - polkit_bool_t match; - - match = FALSE; - str1 = NULL; - str2 = NULL; - switch (node->data.node_match.match_type) { - - case MATCH_TYPE_ACTION: - if (!polkit_action_get_action_id (action, &str)) - goto out; - str1 = kit_strdup (str); - break; - - case MATCH_TYPE_USER: - if (caller != NULL) { - if (!polkit_caller_get_uid (caller, &uid)) - goto out; - } else if (session != NULL) { - if (!polkit_session_get_uid (session, &uid)) - goto out; - } else - goto out; - - str1 = kit_strdup_printf ("%d", uid); - { - struct passwd pd; - struct passwd* pwdptr=&pd; - struct passwd* tempPwdPtr; - char pwdbuffer[256]; - int pwdlinelen = sizeof(pwdbuffer); - - if ((getpwuid_r (uid, pwdptr, pwdbuffer, pwdlinelen, &tempPwdPtr)) !=0 ) - goto out; - str2 = kit_strdup (pd.pw_name); - } - break; - } - - if (str1 != NULL) { - if (regexec (&(node->data.node_match.preq), str1, 0, NULL, 0) == 0) - match = TRUE; - } - if (!match && str2 != NULL) { - if (regexec (&(node->data.node_match.preq), str2, 0, NULL, 0) == 0) - match = TRUE; - } - -out: - kit_free (str1); - kit_free (str2); - return match; -} - - -/* exactly one of the parameters caller and session must be NULL */ -static PolKitResult -config_node_test (ConfigNode *node, - PolKitAction *action, - PolKitCaller *caller, - PolKitSession *session) -{ - polkit_bool_t recurse; - PolKitResult result; - - recurse = FALSE; - result = POLKIT_RESULT_UNKNOWN; - - switch (node->node_type) { - case NODE_TYPE_NOP: - recurse = FALSE; - break; - case NODE_TYPE_TOP: - recurse = TRUE; - break; - case NODE_TYPE_MATCH: - if (config_node_match (node, action, caller, session)) - recurse = TRUE; - break; - case NODE_TYPE_RETURN: - result = node->data.node_return.result; - break; - default: - break; - } - - if (recurse) { - KitList *i; - for (i = node->children; i != NULL; i = i->next) { - ConfigNode *child_node = i->data; - result = config_node_test (child_node, action, caller, session); - if (result != POLKIT_RESULT_UNKNOWN) { - goto out; - } - } - } - -out: - return result; -} - -/** - * polkit_config_can_session_do_action: - * @pk_config: the PolicyKit context - * @action: the type of access to check for - * @session: the session in question - * - * Determine if the /etc/PolicyKit/PolicyKit.conf configuration file - * says that a given session can do a given action. - * - * Returns: A #PolKitResult - returns #POLKIT_RESULT_UNKNOWN if there - * was no match in the configuration file. - */ -PolKitResult -polkit_config_can_session_do_action (PolKitConfig *pk_config, - PolKitAction *action, - PolKitSession *session) -{ - PolKitResult result; - if (pk_config->top_config_node != NULL) - result = config_node_test (pk_config->top_config_node, action, NULL, session); - else - result = POLKIT_RESULT_UNKNOWN; - return result; -} - -/** - * polkit_config_can_caller_do_action: - * @pk_config: the PolicyKit context - * @action: the type of access to check for - * @caller: the caller in question - * - * Determine if the /etc/PolicyKit/PolicyKit.conf configuration file - * says that a given caller can do a given action. - * - * Returns: A #PolKitResult - returns #POLKIT_RESULT_UNKNOWN if there - * was no match in the configuration file. - */ -PolKitResult -polkit_config_can_caller_do_action (PolKitConfig *pk_config, - PolKitAction *action, - PolKitCaller *caller) -{ - PolKitResult result; - if (pk_config->top_config_node != NULL) - result = config_node_test (pk_config->top_config_node, action, caller, NULL); - else - result = POLKIT_RESULT_UNKNOWN; - return result; -} - - -static polkit_bool_t -config_node_determine_admin_auth (ConfigNode *node, - PolKitAction *action, - PolKitCaller *caller, - PolKitConfigAdminAuthType *out_admin_auth_type, - const char **out_data) -{ - polkit_bool_t recurse; - polkit_bool_t result_set; - - recurse = FALSE; - result_set = FALSE; - - switch (node->node_type) { - case NODE_TYPE_NOP: - recurse = FALSE; - break; - case NODE_TYPE_TOP: - recurse = TRUE; - break; - case NODE_TYPE_MATCH: - if (config_node_match (node, action, caller, NULL)) - recurse = TRUE; - break; - case NODE_TYPE_DEFINE_ADMIN_AUTH: - if (out_admin_auth_type != NULL) - *out_admin_auth_type = node->data.node_define_admin_auth.admin_type; - if (out_data != NULL) - *out_data = node->data.node_define_admin_auth.data; - result_set = TRUE; - break; - default: - break; - } - - if (recurse) { - KitList *i; - for (i = node->children; i != NULL; i = i->next) { - ConfigNode *child_node = i->data; - - result_set = config_node_determine_admin_auth (child_node, - action, - caller, - out_admin_auth_type, - out_data) || result_set; - } - } - - return result_set; -} - -/** - * polkit_config_determine_admin_auth_type: - * @pk_config: the PolicyKit context - * @action: the type of access to check for - * @caller: the caller in question - * @out_admin_auth_type: return location for the authentication type - * @out_data: return location for the match value of the given - * authentication type. Caller shall not manipulate or free this - * string. - * - * Determine what "Authenticate as admin" means for a given caller and - * a given action. This basically returns the result of the - * "define_admin_auth" in the configuration file when drilling down - * for a specific caller / action. - * - * Returns: TRUE if value was returned - */ -polkit_bool_t -polkit_config_determine_admin_auth_type (PolKitConfig *pk_config, - PolKitAction *action, - PolKitCaller *caller, - PolKitConfigAdminAuthType *out_admin_auth_type, - const char **out_data) -{ - if (pk_config->top_config_node != NULL) { - return config_node_determine_admin_auth (pk_config->top_config_node, - action, - caller, - out_admin_auth_type, - out_data); - } else { - return FALSE; - } -} - -#ifdef POLKIT_BUILD_TESTS - -static polkit_bool_t -_run_test (void) -{ - return TRUE; -} - -KitTest _test_config = { - "polkit_config", - NULL, - NULL, - _run_test -}; - -#endif /* POLKIT_BUILD_TESTS */ diff --git a/src/polkit/polkit-config.h b/src/polkit/polkit-config.h deleted file mode 100644 index 6aa38624663674fa57dd127fe3eaa9f88506b75a..0000000000000000000000000000000000000000 --- a/src/polkit/polkit-config.h +++ /dev/null @@ -1,91 +0,0 @@ -/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */ -/*************************************************************************** - * - * polkit-config.h : Configuration file - * - * Copyright (C) 2007 David Zeuthen, - * - * Permission is hereby granted, free of charge, to any person - * obtaining a copy of this software and associated documentation - * files (the "Software"), to deal in the Software without - * restriction, including without limitation the rights to use, copy, - * modify, merge, publish, distribute, sublicense, and/or sell copies - * of the Software, and to permit persons to whom the Software is - * furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be - * included in all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, - * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF - * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND - * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT - * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, - * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, - * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER - * DEALINGS IN THE SOFTWARE. - * - **************************************************************************/ - -#if !defined (POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H) -#error "Only can be included directly, this file may disappear or change contents." -#endif - -#ifndef POLKIT_CONFIG_H -#define POLKIT_CONFIG_H - -#include -#include -#include -#include -#include -#include -#include -#include - -POLKIT_BEGIN_DECLS - -struct _PolKitConfig; -typedef struct _PolKitConfig PolKitConfig; - -PolKitConfig *polkit_config_new (const char *path, PolKitError **error); -PolKitConfig *polkit_config_ref (PolKitConfig *pk_config); -void polkit_config_unref (PolKitConfig *pk_config); - -PolKitResult -polkit_config_can_session_do_action (PolKitConfig *pk_config, - PolKitAction *action, - PolKitSession *session); - -PolKitResult -polkit_config_can_caller_do_action (PolKitConfig *pk_config, - PolKitAction *action, - PolKitCaller *caller); - -/** - * PolKitConfigAdminAuthType: - * @POLKIT_CONFIG_ADMIN_AUTH_TYPE_USER: Authentication as - * administrator matches one or more users - * @POLKIT_CONFIG_ADMIN_AUTH_TYPE_GROUP: Authentication as - * administrator matches users from one or more groups - * - * This enumeration reflects results defined in the - * "define_admin_auth" configuration element. - */ -typedef enum -{ - POLKIT_CONFIG_ADMIN_AUTH_TYPE_USER, - POLKIT_CONFIG_ADMIN_AUTH_TYPE_GROUP -} PolKitConfigAdminAuthType; - -polkit_bool_t polkit_config_determine_admin_auth_type (PolKitConfig *pk_config, - PolKitAction *action, - PolKitCaller *caller, - PolKitConfigAdminAuthType *out_admin_auth_type, - const char **out_data); - -POLKIT_END_DECLS - -#endif /* POLKIT_CONFIG_H */ - - diff --git a/src/polkit/polkit-context.c b/src/polkit/polkit-context.c index 14d08f049ac5d4b611917989e4b9640e40d42341..1417b77040c4f87445e165e2f77fcb10830b39c4 100644 --- a/src/polkit/polkit-context.c +++ b/src/polkit/polkit-context.c @@ -53,7 +53,6 @@ #endif #include -#include "polkit-config.h" #include "polkit-debug.h" #include "polkit-context.h" #include "polkit-policy-cache.h" @@ -77,9 +76,9 @@ * decisions. Typically, it's used as a singleton: * * - * First, the Mechanism need to declare one or more PolicyKit Actions by dropping a .policy file into /usr/share/PolicyKit/policy. This is described in the PolicyKit specification. + * First, the Mechanism need to declare one or more PolicyKit Actions by dropping a .policy file into /usr/share/polkit-1/actions. This is described in the PolicyKit specification. * The mechanism starts up and uses polkit_context_new() to create a new context - * If the mechanism is a long running daemon, it should use polkit_context_set_config_changed() to register a callback when configuration changes. This is useful if, for example, the mechanism needs to revise decisions based on earlier answers from libpolkit. For example, a daemon that manages permissions on /dev may want to add/remove ACL's when configuration changes; for example, the system administrator could have changed the PolicyKit configuration file /etc/PolicyKit/PolicyKit.conf such that some user is now privileged to access a specific device. + * If the mechanism is a long running daemon, it should use polkit_context_set_config_changed() to register a callback when configuration changes. This is useful if, for example, the mechanism needs to revise decisions based on earlier answers from libpolkit. For example, a daemon that manages permissions on /dev may want to add/remove ACL's when configuration changes. * If polkit_context_set_config_changed() is used, the mechanism must also use polkit_context_set_io_watch_functions() to integrate libpolkit into the mainloop. * The mechanism needs to call polkit_context_init() such that libpolkit can load configuration files and properly initialize. * Whenever the mechanism needs to make a decision whether a caller is allowed to make a perform some action, the mechanism prepares a #PolKitAction and #PolKitCaller object (or #PolKitSession if applicable) and calls polkit_context_can_caller_do_action() (or polkit_context_can_session_do_action() if applicable). The mechanism may use the libpolkit-dbus library (specifically the polkit_caller_new_from_dbus_name() or polkit_caller_new_from_pid() functions) but may opt, for performance reasons, to construct #PolKitCaller (or #PolKitSession if applicable) from it's own cache of information. @@ -111,8 +110,6 @@ struct _PolKitContext PolKitPolicyCache *priv_cache; - PolKitConfig *config; - PolKitAuthorizationDB *authdb; polkit_bool_t load_descriptions; @@ -120,13 +117,11 @@ struct _PolKitContext #ifdef HAVE_INOTIFY int inotify_fd; int inotify_fd_watch_id; - int inotify_config_wd; int inotify_policy_wd; int inotify_grant_perm_wd; #elif HAVE_KQUEUE int kqueue_fd; int kqueue_fd_watch_id; - int kqueue_config_fd; int kqueue_policy_fd; int kqueue_grant_perm_fd; #endif @@ -156,7 +151,7 @@ polkit_context_new (void) * @error: return location for error * * Initializes a new context; loads PolicyKit files from - * /usr/share/PolicyKit/policy. + * /usr/share/polkit-1/actions. * * Returns: #FALSE if @error was set, otherwise #TRUE **/ @@ -169,7 +164,7 @@ polkit_context_init (PolKitContext *pk_context, PolKitError **error) kit_return_val_if_fail (pk_context != NULL, FALSE); - pk_context->policy_dir = kit_strdup (PACKAGE_DATA_DIR "/PolicyKit/policy"); + pk_context->policy_dir = kit_strdup (PACKAGE_DATA_DIR "/polkit-1/actions"); polkit_debug ("Using policy files from directory %s", pk_context->policy_dir); /* NOTE: we don't populate the cache until it's needed.. */ @@ -185,35 +180,24 @@ polkit_context_init (PolKitContext *pk_context, PolKitError **error) goto error; } - /* Watch the /etc/PolicyKit/PolicyKit.conf file */ - pk_context->inotify_config_wd = port_add_watch (pk_context->inotify_fd, - PACKAGE_SYSCONF_DIR "/PolicyKit/PolicyKit.conf", - FILE_MODIFIED | FILE_ATTRIB); - if (pk_context->inotify_config_wd < 0) { - polkit_debug ("failed to add watch on file '" PACKAGE_SYSCONF_DIR "/PolicyKit/PolicyKit.conf': %s", - strerror (errno)); - /* TODO: set error */ - goto error; - } - - /* Watch the /usr/share/PolicyKit/policy directory */ + /* Watch the /usr/share/polkit-1/actions directory */ pk_context->inotify_policy_wd = port_add_watch (pk_context->inotify_fd, - PACKAGE_DATA_DIR "/PolicyKit/policy", + PACKAGE_DATA_DIR "/polkit-1/actions", FILE_MODIFIED | FILE_ATTRIB); if (pk_context->inotify_policy_wd < 0) { - polkit_debug ("failed to add watch on directory '" PACKAGE_DATA_DIR "/PolicyKit/policy': %s", + polkit_debug ("failed to add watch on directory '" PACKAGE_DATA_DIR "/polkit-1/actions': %s", strerror (errno)); /* TODO: set error */ goto error; } #ifdef POLKIT_AUTHDB_DEFAULT - /* Watch the /var/lib/misc/PolicyKit.reload file */ + /* Watch the /var/lib/misc/polkit-1.reload file */ pk_context->inotify_grant_perm_wd = port_add_watch (pk_context->inotify_fd, - PACKAGE_LOCALSTATE_DIR "/lib/misc/PolicyKit.reload", + PACKAGE_LOCALSTATE_DIR "/lib/misc/polkit-1.reload", FILE_MODIFIED | FILE_ATTRIB); if (pk_context->inotify_grant_perm_wd < 0) { - polkit_debug ("failed to add watch on file '" PACKAGE_LOCALSTATE_DIR "/lib/misc/PolicyKit.reload': %s", + polkit_debug ("failed to add watch on file '" PACKAGE_LOCALSTATE_DIR "/lib/misc/polkit-1.reload': %s", strerror (errno)); /* TODO: set error */ goto error; @@ -236,31 +220,10 @@ polkit_context_init (PolKitContext *pk_context, PolKitError **error) goto error; } - /* Watch the /etc/PolicyKit/PolicyKit.conf file */ - pk_context->kqueue_config_fd = open (PACKAGE_SYSCONF_DIR "/PolicyKit/PolicyKit.conf", O_RDONLY); - if (pk_context->kqueue_config_fd < 0) { - polkit_debug ("failed '" PACKAGE_SYSCONF_DIR "/PolicyKit/PolicyKit.conf' for reading: %s", - strerror (errno)); - /* TODO: set error */ - goto error; - } - - EV_SET (&ev, pk_context->kqueue_config_fd, EVFILT_VNODE, - EV_ADD | EV_ENABLE | EV_CLEAR, - NOTE_DELETE | NOTE_EXTEND | NOTE_WRITE | NOTE_RENAME, - 0, 0); - if (kevent (pk_context->kqueue_fd, &ev, 1, NULL, 0, NULL) == -1) { - polkit_debug ("failed to add watch on file '" PACKAGE_SYSCONF_DIR "/PolicyKit/PolicyKit.conf': %s", - strerror (errno)); - close (pk_context->kqueue_config_fd); - /* TODO: set error */ - goto error; - } - - /* Watch the /usr/share/PolicyKit/policy directory */ - pk_context->kqueue_policy_fd = open (PACKAGE_DATA_DIR "/PolicyKit/policy", O_RDONLY); + /* Watch the /usr/share/polkit-1/actions directory */ + pk_context->kqueue_policy_fd = open (PACKAGE_DATA_DIR "/polkit-1/actions", O_RDONLY); if (pk_context->kqueue_policy_fd < 0) { - polkit_debug ("failed to open '" PACKAGE_DATA_DIR "/PolicyKit/policy for reading: %s", + polkit_debug ("failed to open '" PACKAGE_DATA_DIR "/polkit-1/actions for reading: %s", strerror (errno)); /* TODO: set error */ goto error; @@ -271,7 +234,7 @@ polkit_context_init (PolKitContext *pk_context, PolKitError **error) NOTE_DELETE | NOTE_EXTEND | NOTE_WRITE | NOTE_RENAME, 0, 0); if (kevent (pk_context->kqueue_fd, &ev, 1, NULL, 0, NULL) == -1) { - polkit_debug ("failed to add watch on directory '" PACKAGE_DATA_DIR "/PolicyKit/policy': %s", + polkit_debug ("failed to add watch on directory '" PACKAGE_DATA_DIR "/polkit-1/actions': %s", strerror (errno)); close (pk_context->kqueue_policy_fd); /* TODO: set error */ @@ -279,10 +242,10 @@ polkit_context_init (PolKitContext *pk_context, PolKitError **error) } #ifdef POLKIT_AUTHDB_DEFAULT - /* Watch the /var/lib/misc/PolicyKit.reload file */ - pk_context->kqueue_grant_perm_fd = open (PACKAGE_LOCALSTATE_DIR "/lib/misc/PolicyKit.reload", O_RDONLY); + /* Watch the /var/lib/misc/polkit-1.reload file */ + pk_context->kqueue_grant_perm_fd = open (PACKAGE_LOCALSTATE_DIR "/lib/misc/polkit-1.reload", O_RDONLY); if (pk_context->kqueue_grant_perm_fd < 0) { - polkit_debug ("failed to open '" PACKAGE_LOCALSTATE_DIR "/lib/misc/PolicyKit.reload' for reading: %s", + polkit_debug ("failed to open '" PACKAGE_LOCALSTATE_DIR "/lib/misc/polkit-1.reload' for reading: %s", strerror (errno)); /* TODO: set error */ goto error; @@ -293,7 +256,7 @@ polkit_context_init (PolKitContext *pk_context, PolKitError **error) NOTE_DELETE | NOTE_EXTEND | NOTE_WRITE | NOTE_RENAME | NOTE_ATTRIB, 0, 0); if (kevent (pk_context->kqueue_fd, &ev, 1, NULL, 0, NULL) == -1) { - polkit_debug ("failed to add watch on file '" PACKAGE_LOCALSTATE_DIR "/lib/misc/PolicyKit.reload': %s", + polkit_debug ("failed to add watch on file '" PACKAGE_LOCALSTATE_DIR "/lib/misc/polkit-1.reload': %s", strerror (errno)); close (pk_context->kqueue_grant_perm_fd); /* TODO: set error */ @@ -317,35 +280,24 @@ polkit_context_init (PolKitContext *pk_context, PolKitError **error) goto error; } - /* Watch the /etc/PolicyKit/PolicyKit.conf file */ - pk_context->inotify_config_wd = inotify_add_watch (pk_context->inotify_fd, - PACKAGE_SYSCONF_DIR "/PolicyKit/PolicyKit.conf", - IN_MODIFY | IN_CREATE | IN_ATTRIB); - if (pk_context->inotify_config_wd < 0) { - polkit_debug ("failed to add watch on file '" PACKAGE_SYSCONF_DIR "/PolicyKit/PolicyKit.conf': %s", - strerror (errno)); - /* TODO: set error */ - goto error; - } - - /* Watch the /usr/share/PolicyKit/policy directory */ + /* Watch the /usr/share/polkit-1/actions directory */ pk_context->inotify_policy_wd = inotify_add_watch (pk_context->inotify_fd, - PACKAGE_DATA_DIR "/PolicyKit/policy", + PACKAGE_DATA_DIR "/polkit-1/actions", IN_MODIFY | IN_CREATE | IN_DELETE | IN_ATTRIB); if (pk_context->inotify_policy_wd < 0) { - polkit_debug ("failed to add watch on directory '" PACKAGE_DATA_DIR "/PolicyKit/policy': %s", + polkit_debug ("failed to add watch on directory '" PACKAGE_DATA_DIR "/polkit-1/actions': %s", strerror (errno)); /* TODO: set error */ goto error; } #ifdef POLKIT_AUTHDB_DEFAULT - /* Watch the /var/lib/misc/PolicyKit.reload file */ + /* Watch the /var/lib/misc/polkit-1.reload file */ pk_context->inotify_grant_perm_wd = inotify_add_watch (pk_context->inotify_fd, - PACKAGE_LOCALSTATE_DIR "/lib/misc/PolicyKit.reload", + PACKAGE_LOCALSTATE_DIR "/lib/misc/polkit-1.reload", IN_MODIFY | IN_CREATE | IN_ATTRIB); if (pk_context->inotify_grant_perm_wd < 0) { - polkit_debug ("failed to add watch on file '" PACKAGE_LOCALSTATE_DIR "/lib/misc/PolicyKit.reload': %s", + polkit_debug ("failed to add watch on file '" PACKAGE_LOCALSTATE_DIR "/lib/misc/polkit-1.reload': %s", strerror (errno)); /* TODO: set error */ goto error; @@ -637,13 +589,7 @@ polkit_context_force_reload (PolKitContext *pk_context) polkit_policy_cache_unref (pk_context->priv_cache); pk_context->priv_cache = NULL; } - - /* Purge existing old config file */ - polkit_debug ("purging configuration file"); - if (pk_context->config != NULL) { - polkit_config_unref (pk_context->config); - pk_context->config = NULL; - } + /* Purge authorization entries from the cache */ _polkit_authorization_db_invalidate_cache (pk_context->authdb); @@ -744,21 +690,14 @@ polkit_context_is_session_authorized (PolKitContext *pk_context, PolKitError **error) { PolKitPolicyCache *cache; - PolKitResult result_from_config; PolKitResult result_from_grantdb; polkit_bool_t from_authdb; polkit_bool_t from_authdb_negative; PolKitResult result; - PolKitConfig *config; result = POLKIT_RESULT_NO; kit_return_val_if_fail (pk_context != NULL, result); - config = polkit_context_get_config (pk_context, NULL); - /* if the configuration file is malformed, always say no */ - if (config == NULL) - goto out; - if (action == NULL || session == NULL) goto out; @@ -772,8 +711,6 @@ polkit_context_is_session_authorized (PolKitContext *pk_context, if (cache == NULL) goto out; - result_from_config = polkit_config_can_session_do_action (config, action, session); - result_from_grantdb = POLKIT_RESULT_UNKNOWN; from_authdb_negative = FALSE; if (polkit_authorization_db_is_session_authorized (pk_context->authdb, @@ -786,28 +723,6 @@ polkit_context_is_session_authorized (PolKitContext *pk_context, result_from_grantdb = POLKIT_RESULT_YES; } - /* Fist, the config file is authoritative.. so only use the - * value from the authdb if the config file allows to gain via - * authentication - */ - if (result_from_config != POLKIT_RESULT_UNKNOWN) { - /* it does.. use it.. although try to use an existing grant if there is one */ - if ((result_from_config == POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_ONE_SHOT || - result_from_config == POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH || - result_from_config == POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_KEEP_SESSION || - result_from_config == POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_KEEP_ALWAYS || - result_from_config == POLKIT_RESULT_ONLY_VIA_SELF_AUTH_ONE_SHOT || - result_from_config == POLKIT_RESULT_ONLY_VIA_SELF_AUTH || - result_from_config == POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_SESSION || - result_from_config == POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_ALWAYS) && - result_from_grantdb == POLKIT_RESULT_YES) { - result = POLKIT_RESULT_YES; - } else { - result = result_from_config; - } - goto found; - } - /* If we have a positive answer from the authdb, use it */ if (result_from_grantdb == POLKIT_RESULT_YES) { result = POLKIT_RESULT_YES; @@ -884,20 +799,13 @@ polkit_context_is_caller_authorized (PolKitContext *pk_context, { PolKitPolicyCache *cache; PolKitResult result; - PolKitResult result_from_config; PolKitResult result_from_grantdb; - PolKitConfig *config; polkit_bool_t from_authdb; polkit_bool_t from_authdb_negative; result = POLKIT_RESULT_NO; kit_return_val_if_fail (pk_context != NULL, result); - /* if the configuration file is malformed, always say no */ - config = polkit_context_get_config (pk_context, NULL); - if (config == NULL) - goto out; - if (action == NULL || caller == NULL) goto out; @@ -911,8 +819,6 @@ polkit_context_is_caller_authorized (PolKitContext *pk_context, if (!polkit_caller_validate (caller)) goto out; - result_from_config = polkit_config_can_caller_do_action (config, action, caller); - result_from_grantdb = POLKIT_RESULT_UNKNOWN; from_authdb_negative = FALSE; if (polkit_authorization_db_is_caller_authorized (pk_context->authdb, @@ -926,28 +832,6 @@ polkit_context_is_caller_authorized (PolKitContext *pk_context, result_from_grantdb = POLKIT_RESULT_YES; } - /* Fist, the config file is authoritative.. so only use the - * value from the authdb if the config file allows to gain via - * authentication - */ - if (result_from_config != POLKIT_RESULT_UNKNOWN) { - /* it does.. use it.. although try to use an existing grant if there is one */ - if ((result_from_config == POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_ONE_SHOT || - result_from_config == POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH || - result_from_config == POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_KEEP_SESSION || - result_from_config == POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_KEEP_ALWAYS || - result_from_config == POLKIT_RESULT_ONLY_VIA_SELF_AUTH_ONE_SHOT || - result_from_config == POLKIT_RESULT_ONLY_VIA_SELF_AUTH || - result_from_config == POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_SESSION || - result_from_config == POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_ALWAYS) && - result_from_grantdb == POLKIT_RESULT_YES) { - result = POLKIT_RESULT_YES; - } else { - result = result_from_config; - } - goto found; - } - /* If we have a positive answer from the authdb, use it */ if (result_from_grantdb == POLKIT_RESULT_YES) { result = POLKIT_RESULT_YES; @@ -1024,45 +908,6 @@ polkit_context_can_caller_do_action (PolKitContext *pk_context, return polkit_context_is_caller_authorized (pk_context, action, caller, FALSE, NULL); } -/** - * polkit_context_get_config: - * @pk_context: the PolicyKit context - * @error: Return location for error - * - * Returns an object that provides access to the - * /etc/PolicyKit/PolicyKit.conf configuration files. Applications - * using PolicyKit should never use this method; it's only here for - * integration with other PolicyKit components. - * - * Returns: A #PolKitConfig object or NULL if the configuration file - * is malformed. Caller should not unref this object. - */ -PolKitConfig * -polkit_context_get_config (PolKitContext *pk_context, PolKitError **error) -{ - if (pk_context->config == NULL) { - PolKitError **pk_error; - PolKitError *pk_error2; - - pk_error2 = NULL; - if (error != NULL) - pk_error = error; - else - pk_error = &pk_error2; - - polkit_debug ("loading configuration file"); - pk_context->config = polkit_config_new (PACKAGE_SYSCONF_DIR "/PolicyKit/PolicyKit.conf", pk_error); - /* if configuration file was bad, log it */ - if (pk_context->config == NULL) { - kit_warning ("failed to load configuration file: %s", - polkit_error_get_error_message (*pk_error)); - if (pk_error == &pk_error2) - polkit_error_free (*pk_error); - } - } - return pk_context->config; -} - /** * polkit_context_get_authorization_db: * @pk_context: the PolicyKit context diff --git a/src/polkit/polkit-context.h b/src/polkit/polkit-context.h index 7f85db3e10a046b421c261e9a4baa49b0d0b5c61..9c90a9cd1cb8268cc9292dcc276bb258cc6832e0 100644 --- a/src/polkit/polkit-context.h +++ b/src/polkit/polkit-context.h @@ -43,7 +43,6 @@ #include #include #include -#include #include POLKIT_BEGIN_DECLS @@ -174,8 +173,6 @@ PolKitResult polkit_context_can_caller_do_action (PolKitContext *pk_contex PolKitAction *action, PolKitCaller *caller); -PolKitConfig *polkit_context_get_config (PolKitContext *pk_context, PolKitError **error); - PolKitResult polkit_context_is_caller_authorized (PolKitContext *pk_context, PolKitAction *action, PolKitCaller *caller, diff --git a/src/polkit/polkit-policy-cache.c b/src/polkit/polkit-policy-cache.c index d5e32189ab1a1d13954d5064e64fd09ed0906963..137875914ce33ebbdeb2223674b8fe1c8efb82f9 100644 --- a/src/polkit/polkit-policy-cache.c +++ b/src/polkit/polkit-policy-cache.c @@ -277,7 +277,7 @@ polkit_policy_cache_debug (PolKitPolicyCache *policy_cache) * * Given a action identifier, find the object describing the * definition of the policy; e.g. data stemming from files in - * /usr/share/PolicyKit/policy. + * /usr/share/polkit-1/actions. * * Returns: A #PolKitPolicyFileEntry entry on sucess; otherwise * #NULL if the action wasn't identified. Caller shall not unref @@ -318,7 +318,7 @@ out: * * Given a action, find the object describing the definition of the * policy; e.g. data stemming from files in - * /usr/share/PolicyKit/policy. + * /usr/share/polkit-1/actions. * * Returns: A #PolKitPolicyFileEntry entry on sucess; otherwise * #NULL if the action wasn't identified. Caller shall not unref diff --git a/src/polkit/polkit-policy-file-entry.c b/src/polkit/polkit-policy-file-entry.c index a9be4f615fb0d012a1bf8cfb8114409f0f081778..0432d481bab90d98bf059f2a36d92578209a7774 100644 --- a/src/polkit/polkit-policy-file-entry.c +++ b/src/polkit/polkit-policy-file-entry.c @@ -140,7 +140,7 @@ _polkit_policy_file_entry_new (const char *action_id, #ifdef POLKIT_AUTHDB_DEFAULT /* read override file */ - path = kit_strdup_printf (PACKAGE_LOCALSTATE_DIR "/lib/PolicyKit-public/%s.defaults-override", action_id); + path = kit_strdup_printf (PACKAGE_LOCALSTATE_DIR "/lib/polkit-public-1/%s.defaults-override", action_id); if (path == NULL) goto error; if (!kit_file_get_contents (path, &contents, &contents_size)) { @@ -482,7 +482,7 @@ polkit_policy_file_entry_set_default (PolKitPolicyFileEntry *policy_file_entry, #ifndef POLKIT_AUTHDB_DEFAULT polkit_error_set_error (error, POLKIT_ERROR_NOT_SUPPORTED, "Not supported"); #else - char *helper_argv[7] = {PACKAGE_LIBEXEC_DIR "/polkit-set-default-helper", + char *helper_argv[7] = {PACKAGE_LIBEXEC_DIR "/polkit-set-default-helper-1", NULL, /* arg1: action_id */ NULL, /* arg2: "clear" or "set" */ NULL, /* arg3: result_any */ diff --git a/src/polkit-dbus/polkit-read-auth-helper.c b/src/polkit/polkit-read-auth-helper.c similarity index 97% rename from src/polkit-dbus/polkit-read-auth-helper.c rename to src/polkit/polkit-read-auth-helper.c index cdcc7f3c0f849388fbf9dfed806a2bd294b78849..65ca8b775f2da03aea92e916d52706e58025b586 100644 --- a/src/polkit-dbus/polkit-read-auth-helper.c +++ b/src/polkit/polkit-read-auth-helper.c @@ -54,7 +54,7 @@ #define LOG_AUTHPRIV (10<<3) #endif -#include +#include #include static polkit_bool_t @@ -306,7 +306,7 @@ main (int argc, char *argv[]) setenv ("PATH", "/usr/sbin:/usr/bin:/sbin:/bin", 1); #endif - openlog ("polkit-read-auth-helper", LOG_CONS | LOG_PID, LOG_AUTHPRIV); + openlog ("polkit-read-auth-helper-1", LOG_CONS | LOG_PID, LOG_AUTHPRIV); /* check for correct invocation */ if (argc != 2) { @@ -391,12 +391,12 @@ skip_check: if ((test_dir = getenv ("POLKIT_TEST_LOCALSTATE_DIR")) == NULL) { test_dir = PACKAGE_LOCALSTATE_DIR; } - kit_assert ((size_t) snprintf (dir_run, sizeof (dir_run), "%s/run/PolicyKit", test_dir) < sizeof (dir_run)); - kit_assert ((size_t) snprintf (dir_lib, sizeof (dir_lib), "%s/lib/PolicyKit", test_dir) < sizeof (dir_lib)); + kit_assert ((size_t) snprintf (dir_run, sizeof (dir_run), "%s/run/polkit-1", test_dir) < sizeof (dir_run)); + kit_assert ((size_t) snprintf (dir_lib, sizeof (dir_lib), "%s/lib/polkit-1", test_dir) < sizeof (dir_lib)); #else - char *dir_run = PACKAGE_LOCALSTATE_DIR "/run/PolicyKit"; - char *dir_lib = PACKAGE_LOCALSTATE_DIR "/lib/PolicyKit"; + char *dir_run = PACKAGE_LOCALSTATE_DIR "/run/polkit-1"; + char *dir_lib = PACKAGE_LOCALSTATE_DIR "/lib/polkit-1"; #endif if (requesting_info_for_uid == (uid_t) -1) { diff --git a/src/polkit-dbus/polkit-resolve-exe-helper.c b/src/polkit/polkit-resolve-exe-helper.c similarity index 98% rename from src/polkit-dbus/polkit-resolve-exe-helper.c rename to src/polkit/polkit-resolve-exe-helper.c index c56b2f50fe5f2a60b56748aa1a420219e4caafd8..36dc0181dfccb6ee1fbd271d771924a373472629 100644 --- a/src/polkit-dbus/polkit-resolve-exe-helper.c +++ b/src/polkit/polkit-resolve-exe-helper.c @@ -53,7 +53,7 @@ #include #include -#include +#include #include #ifdef HAVE_SOLARIS @@ -84,7 +84,7 @@ main (int argc, char *argv[]) /* set a minimal environment */ setenv ("PATH", "/usr/sbin:/usr/bin:/sbin:/bin", 1); - openlog ("polkit-resolve-exe-helper", LOG_CONS | LOG_PID, LOG_AUTHPRIV); + openlog ("polkit-resolve-exe-helper-1", LOG_CONS | LOG_PID, LOG_AUTHPRIV); /* check for correct invocation */ if (argc != 2) { diff --git a/src/polkit-dbus/polkit-set-default-helper.c b/src/polkit/polkit-set-default-helper.c similarity index 92% rename from src/polkit-dbus/polkit-set-default-helper.c rename to src/polkit/polkit-set-default-helper.c index c903dbd17316959869457ec2a45a18cde7089de1..eb1fb9df04b95dbcc868e00d21b43ca10310844e 100644 --- a/src/polkit-dbus/polkit-set-default-helper.c +++ b/src/polkit/polkit-set-default-helper.c @@ -51,8 +51,8 @@ #include #include +#include #include -#include #ifdef HAVE_SOLARIS #define LOG_AUTHPRIV (10<<3) @@ -69,7 +69,7 @@ set_default (const char *action_id, const char *any, const char *inactive, const contents = NULL; ret = FALSE; - path = kit_strdup_printf (PACKAGE_LOCALSTATE_DIR "/lib/PolicyKit-public/%s.defaults-override", action_id); + path = kit_strdup_printf (PACKAGE_LOCALSTATE_DIR "/lib/polkit-public-1/%s.defaults-override", action_id); if (path == NULL) goto out; @@ -101,7 +101,7 @@ clear_default (const char *action_id) ret = FALSE; - path = kit_strdup_printf (PACKAGE_LOCALSTATE_DIR "/lib/PolicyKit-public/%s.defaults-override", action_id); + path = kit_strdup_printf (PACKAGE_LOCALSTATE_DIR "/lib/polkit-public-1/%s.defaults-override", action_id); if (path == NULL) goto out; @@ -133,7 +133,7 @@ main (int argc, char *argv[]) /* set a minimal environment */ setenv ("PATH", "/usr/sbin:/usr/bin:/sbin:/bin", 1); - openlog ("polkit-set-default-helper", LOG_CONS | LOG_PID, LOG_AUTHPRIV); + openlog ("polkit-set-default-helper-1", LOG_CONS | LOG_PID, LOG_AUTHPRIV); /* check for correct invocation */ if (! (argc == 3 || argc == 6)) { @@ -214,9 +214,9 @@ main (int argc, char *argv[]) } /* trigger a reload */ - if (utimes (PACKAGE_LOCALSTATE_DIR "/lib/misc/PolicyKit.reload", NULL) != 0) { + if (utimes (PACKAGE_LOCALSTATE_DIR "/lib/misc/polkit-1.reload", NULL) != 0) { kit_warning ("Error updating access+modification time on file '%s': %m\n", - PACKAGE_LOCALSTATE_DIR "/lib/misc/PolicyKit.reload"); + PACKAGE_LOCALSTATE_DIR "/lib/misc/polkit-1.reload"); } ret = 0; diff --git a/src/polkit-dbus/polkit-simple.c b/src/polkit/polkit-simple.c similarity index 99% rename from src/polkit-dbus/polkit-simple.c rename to src/polkit/polkit-simple.c index 8365b93c2153002e51d2f9fb336482217c2ead1c..abdcdfef4d19e77ab2c6a177d54597157732ac25 100644 --- a/src/polkit-dbus/polkit-simple.c +++ b/src/polkit/polkit-simple.c @@ -53,8 +53,6 @@ #include #include "polkit-simple.h" -#include "polkit-dbus.h" - /** * polkit_check_auth: diff --git a/src/polkit-dbus/polkit-simple.h b/src/polkit/polkit-simple.h similarity index 93% rename from src/polkit-dbus/polkit-simple.h rename to src/polkit/polkit-simple.h index 3c59314a5c9e16eae16d12ca11bcfeb579e6fcb9..1cf97538ffc1f6fd035d9fe5ce9ecb357588b736 100644 --- a/src/polkit-dbus/polkit-simple.h +++ b/src/polkit/polkit-simple.h @@ -27,14 +27,14 @@ * **************************************************************************/ -#if !defined (POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_DBUS_H) -#error "Only can be included directly, this file may disappear or change contents." +#if !defined (POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H) +#error "Only can be included directly, this file may disappear or change contents." #endif #ifndef POLKIT_SIMPLE_H #define POLKIT_SIMPLE_H -#include +#include POLKIT_BEGIN_DECLS diff --git a/src/polkit/polkit-sysdeps.c b/src/polkit/polkit-sysdeps.c index fe0fc6f44a3ace3a403aedf057423e81604fbef2..ad8b7a05bd636e055342e0894d5c5f23186e0ada 100644 --- a/src/polkit/polkit-sysdeps.c +++ b/src/polkit/polkit-sysdeps.c @@ -320,7 +320,7 @@ polkit_sysdeps_get_exe_for_pid_with_helper (pid_t pid, char *out_buf, size_t buf ret = polkit_sysdeps_get_exe_for_pid (pid, out_buf, buf_size); if (ret == -1) { char buf[32]; - char *helper_argv[3] = {PACKAGE_LIBEXEC_DIR "/polkit-resolve-exe-helper", buf, NULL}; + char *helper_argv[3] = {PACKAGE_LIBEXEC_DIR "/polkit-resolve-exe-helper-1", buf, NULL}; char *standard_output; int exit_status; diff --git a/src/polkit/polkit-test.c b/src/polkit/polkit-test.c index 10ae84b6e5c690024c0ca24afb14e55f25d60cd7..927339cd38d7004cdbe6d657cc8a02b946c96ba6 100644 --- a/src/polkit/polkit-test.c +++ b/src/polkit/polkit-test.c @@ -57,7 +57,6 @@ static KitTest *tests[] = { &_test_authorization_constraint, &_test_authorization, &_test_authorization_db, - &_test_config, &_test_sysdeps, &_test_utils, &_test_context, diff --git a/src/polkit/polkit-test.h b/src/polkit/polkit-test.h index c1656cdabb384854db61efae8520025ba0cdc552..056b3dcb1d87fe058563b6c3c9370c52ec1953d3 100644 --- a/src/polkit/polkit-test.h +++ b/src/polkit/polkit-test.h @@ -52,7 +52,6 @@ extern KitTest _test_policy_cache; extern KitTest _test_authorization_constraint; extern KitTest _test_authorization; extern KitTest _test_authorization_db; -extern KitTest _test_config; extern KitTest _test_sysdeps; extern KitTest _test_utils; extern KitTest _test_context; diff --git a/src/polkit-dbus/polkit-dbus.c b/src/polkit/polkit-tracker.c similarity index 99% rename from src/polkit-dbus/polkit-dbus.c rename to src/polkit/polkit-tracker.c index f7be03f5d81f1f77ee8b83aed80f6009c5fd8c17..0dad442f02b245064a475268d00cd59c55321b16 100644 --- a/src/polkit-dbus/polkit-dbus.c +++ b/src/polkit/polkit-tracker.c @@ -1,8 +1,7 @@ /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */ /*************************************************************************** * - * polkit-dbus.h : helper library for obtaining seat, session and - * caller information via D-Bus and ConsoleKit + * polkit-tracker.c : track callers * * Copyright (C) 2007 David Zeuthen, * @@ -28,15 +27,32 @@ * **************************************************************************/ +#ifdef HAVE_CONFIG_H +# include +#endif + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "polkit-debug.h" +#include "polkit-tracker.h" + /** - * SECTION:polkit-dbus - * @title: Caller Determination + * SECTION:polkit-tracker + * @title: Track callers * @short_description: Obtaining seat, session and caller information * via D-Bus and ConsoleKit. * - * Helper library for obtaining seat, session and caller information + * Helper class for obtaining seat, session and caller information * via D-Bus and ConsoleKit. This library is only useful when writing - * a mechanism. + * a mechanism. * * If the mechanism itself is a daemon exposing a remote services via * the system message bus it's often a better idea, to reduce @@ -44,7 +60,6 @@ * the low-level functions polkit_caller_new_from_dbus_name() and * polkit_caller_new_from_pid(). * - * These functions are in libpolkit-dbus. **/ #ifdef HAVE_CONFIG_H @@ -66,10 +81,10 @@ #include #endif -#include "polkit-dbus.h" #include #include #include +#include "polkit-tracker.h" /** * polkit_session_new_from_objpath: @@ -1523,7 +1538,7 @@ polkit_tracker_get_caller_from_pid (PolKitTracker *pk_tracker, pid_t pid, DBusEr * * Since: 0.7 */ -polkit_bool_t +polkit_bool_t polkit_tracker_is_authorization_relevant (PolKitTracker *pk_tracker, PolKitAuthorization *auth, DBusError *error) { @@ -1539,20 +1554,3 @@ polkit_tracker_is_authorization_relevant (PolKitTracker *pk_tracker, PolKitAutho */ return _polkit_is_authorization_relevant_internal (pk_tracker->con, auth, NULL, error); } - -#ifdef POLKIT_BUILD_TESTS - -static polkit_bool_t -_run_test (void) -{ - return TRUE; -} - -KitTest _test_polkit_dbus = { - "polkit_dbus", - NULL, - NULL, - _run_test -}; - -#endif /* POLKIT_BUILD_TESTS */ diff --git a/src/polkit-dbus/polkit-dbus.h b/src/polkit/polkit-tracker.h similarity index 85% rename from src/polkit-dbus/polkit-dbus.h rename to src/polkit/polkit-tracker.h index 75879fa4f8a291d0c62c078b609e9be0a424ed95..f994129e98c2607f54691fea46abc285922ec014 100644 --- a/src/polkit-dbus/polkit-dbus.h +++ b/src/polkit/polkit-tracker.h @@ -1,8 +1,7 @@ /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */ /*************************************************************************** * - * polkit-dbus.h : helper library for obtaining seat, session and - * caller information via D-Bus and ConsoleKit + * polkit-tracker.h : track callers * * Copyright (C) 2007 David Zeuthen, * @@ -28,15 +27,16 @@ * **************************************************************************/ -#ifndef POLKIT_DBUS_H -#define POLKIT_DBUS_H +#if !defined (POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H) +#error "Only can be included directly, this file may disappear or change contents." +#endif -#include -#include +#ifndef POLKIT_TRACKER_H +#define POLKIT_TRACKER_H -#define _POLKIT_INSIDE_POLKIT_DBUS_H 1 -#include -#undef _POLKIT_INSIDE_POLKIT_DBUS_H +#include +#include +#include POLKIT_BEGIN_DECLS @@ -49,7 +49,6 @@ PolKitCaller *polkit_caller_new_from_pid (DBusConnection *con, pid_t pid, DBus polkit_bool_t polkit_is_authorization_relevant (DBusConnection *con, PolKitAuthorization *auth, DBusError *error); - struct _PolKitTracker; typedef struct _PolKitTracker PolKitTracker; @@ -58,15 +57,14 @@ PolKitTracker *polkit_tracker_ref (PolKitTracker *pk_trac void polkit_tracker_unref (PolKitTracker *pk_tracker); void polkit_tracker_set_system_bus_connection (PolKitTracker *pk_tracker, DBusConnection *con); void polkit_tracker_init (PolKitTracker *pk_tracker); - polkit_bool_t polkit_tracker_dbus_func (PolKitTracker *pk_tracker, DBusMessage *message); - PolKitCaller *polkit_tracker_get_caller_from_dbus_name (PolKitTracker *pk_tracker, const char *dbus_name, DBusError *error); - PolKitCaller *polkit_tracker_get_caller_from_pid (PolKitTracker *pk_tracker, pid_t pid, DBusError *error); - -polkit_bool_t polkit_tracker_is_authorization_relevant (PolKitTracker *pk_tracker, PolKitAuthorization *auth, DBusError *error); +polkit_bool_t +polkit_tracker_is_authorization_relevant (PolKitTracker *pk_tracker, PolKitAuthorization *auth, DBusError *error); POLKIT_END_DECLS -#endif /* POLKIT_DBUS_H */ +#endif /* POLKIT_ACTION_H */ + + diff --git a/src/polkit/polkit.h b/src/polkit/polkit.h index aa0ab8f724c04761377a4d38e0e0300103840755..884fc41ec026fc1eb54c2e5a126b9dcee23e66c7 100644 --- a/src/polkit/polkit.h +++ b/src/polkit/polkit.h @@ -44,9 +44,10 @@ #include #include #include -#include #include #include +#include +#include #undef _POLKIT_INSIDE_POLKIT_H #endif /* POLKIT_H */ diff --git a/test/authdb-test/lib/PolicyKit/.gitignore b/test/authdb-test/lib/polkit-1/.gitignore similarity index 100% rename from test/authdb-test/lib/PolicyKit/.gitignore rename to test/authdb-test/lib/polkit-1/.gitignore diff --git a/test/authdb-test/run/PolicyKit/.gitignore b/test/authdb-test/run/polkit-1/.gitignore similarity index 100% rename from test/authdb-test/run/PolicyKit/.gitignore rename to test/authdb-test/run/polkit-1/.gitignore diff --git a/tools/Makefile.am b/tools/Makefile.am index 3f0a2000489c21e87778903149cb4b882c49f662..195f8329d8d1cc78b13dc9f6d94181db14c129ba 100644 --- a/tools/Makefile.am +++ b/tools/Makefile.am @@ -11,22 +11,19 @@ INCLUDES = \ @GLIB_CFLAGS@ \ @DBUS_CFLAGS@ -bin_PROGRAMS = polkit-config-file-validate polkit-policy-file-validate polkit-action polkit-auth +bin_PROGRAMS = polkit-policy-file-validate-1 polkit-action-1 polkit-auth-1 -polkit_config_file_validate_SOURCES = polkit-config-file-validate.c -polkit_config_file_validate_LDADD = $(top_builddir)/src/kit/libkit.la $(top_builddir)/src/polkit/libpolkit.la +polkit_policy_file_validate_1_SOURCES = polkit-policy-file-validate.c +polkit_policy_file_validate_1_LDADD = $(top_builddir)/src/kit/libkit.la $(top_builddir)/src/polkit/libpolkit-1.la -polkit_policy_file_validate_SOURCES = polkit-policy-file-validate.c -polkit_policy_file_validate_LDADD = $(top_builddir)/src/kit/libkit.la $(top_builddir)/src/polkit/libpolkit.la +polkit_auth_1_SOURCES = polkit-auth.c +polkit_auth_1_LDADD = @GLIB_LIBS@ @DBUS_LIBS@ $(top_builddir)/src/polkit/libpolkit-1.la $(top_builddir)/src/polkit-grant/libpolkit-grant-1.la -polkit_auth_SOURCES = polkit-auth.c -polkit_auth_LDADD = @GLIB_LIBS@ @DBUS_LIBS@ $(top_builddir)/src/polkit/libpolkit.la $(top_builddir)/src/polkit-grant/libpolkit-grant.la $(top_builddir)/src/polkit-dbus/libpolkit-dbus.la - -polkit_action_SOURCES = polkit-action.c -polkit_action_LDADD = $(top_builddir)/src/polkit/libpolkit.la +polkit_action_1_SOURCES = polkit-action.c +polkit_action_1_LDADD = $(top_builddir)/src/polkit/libpolkit-1.la profiledir = $(sysconfdir)/profile.d -profile_SCRIPTS = polkit-bash-completion.sh +profile_SCRIPTS = polkit-bash-completion-1.sh EXTRA_DIST = $(profile_SCRIPTS) diff --git a/tools/polkit-auth.c b/tools/polkit-auth.c index 001298e0fcb3812394efb9b70fa144ec96ac5901..a22f418b3487c15fd9b0416cd753418c5d3aa1f3 100644 --- a/tools/polkit-auth.c +++ b/tools/polkit-auth.c @@ -46,7 +46,7 @@ #include #include -#include +#include #include #include diff --git a/tools/polkit-bash-completion.sh b/tools/polkit-bash-completion-1.sh similarity index 83% rename from tools/polkit-bash-completion.sh rename to tools/polkit-bash-completion-1.sh index 37e5ee18f47a4514d31eaf29b447510360e60460..4d67fe3f9f41497c68a92852efb34b759f1dd135 100644 --- a/tools/polkit-bash-completion.sh +++ b/tools/polkit-bash-completion-1.sh @@ -4,7 +4,7 @@ #################################################################################################### -__polkit_auth() { +__polkit_auth_1() { local IFS=$'\n' local cur="${COMP_WORDS[COMP_CWORD]}" @@ -15,13 +15,13 @@ __polkit_auth() { 2) case "${COMP_WORDS[1]}" in --obtain) - COMPREPLY=($(compgen -W "$(polkit-auth --show-obtainable)" -- $cur)) + COMPREPLY=($(compgen -W "$(polkit-auth-1 --show-obtainable)" -- $cur)) ;; --revoke) - COMPREPLY=($(compgen -W "$(polkit-auth --explicit)" -- $cur)) + COMPREPLY=($(compgen -W "$(polkit-auth-1 --explicit)" -- $cur)) ;; --grant|--block) - COMPREPLY=($(compgen -W "$(polkit-action)" -- $cur)) + COMPREPLY=($(compgen -W "$(polkit-action-1)" -- $cur)) ;; --user) COMPREPLY=($(compgen -u -- $cur)) @@ -45,20 +45,20 @@ __polkit_auth() { --user) local afou # we may not be authorized to read the explicit auths for the given user.. - afou=$(polkit-auth --user ${COMP_WORDS[2]} --explicit 2> /dev/null) + afou=$(polkit-auth-1 --user ${COMP_WORDS[2]} --explicit 2> /dev/null) if [ $? != 0 ] ; then # .. so if that fails, fall back to showing all actions - afou=$(polkit-action) + afou=$(polkit-action-1) fi COMPREPLY=($(compgen -W "$afou" -- $cur)) ;; *) - COMPREPLY=($(compgen -W "$(polkit-action)" -- $cur)) + COMPREPLY=($(compgen -W "$(polkit-action-1)" -- $cur)) ;; esac ;; --grant|--block) - COMPREPLY=($(compgen -W "$(polkit-action)" -- $cur)) + COMPREPLY=($(compgen -W "$(polkit-action-1)" -- $cur)) ;; --constraint) COMPREPLY=($(IFS=: compgen -S' ' -W "local:active:exe\::selinux_context\:" -- $cur)) @@ -92,7 +92,7 @@ __polkit_auth() { #################################################################################################### -__polkit_action() { +__polkit_action_1() { local IFS=$'\n' local cur="${COMP_WORDS[COMP_CWORD]}" @@ -103,10 +103,10 @@ __polkit_action() { 2) case "${COMP_WORDS[1]}" in --action|--set-defaults-any|--set-defaults-inactive|--set-defaults-active) - COMPREPLY=($(compgen -W "$(polkit-action)" -- $cur)) + COMPREPLY=($(compgen -W "$(polkit-action-1)" -- $cur)) ;; --reset-defaults) - COMPREPLY=($(compgen -W "$(polkit-action --show-overrides)" -- $cur)) + COMPREPLY=($(compgen -W "$(polkit-action-1 --show-overrides)" -- $cur)) ;; esac ;; @@ -121,5 +121,5 @@ __polkit_action() { #################################################################################################### -complete -o nospace -F __polkit_auth polkit-auth -complete -o nospace -F __polkit_action polkit-action +complete -o nospace -F __polkit_auth_1 polkit-auth-1 +complete -o nospace -F __polkit_action_1 polkit-action-1 diff --git a/tools/polkit-config-file-validate.c b/tools/polkit-config-file-validate.c deleted file mode 100644 index 70f7f4bf6e54bfdf6a3bd481183d8bc349a12bdf..0000000000000000000000000000000000000000 --- a/tools/polkit-config-file-validate.c +++ /dev/null @@ -1,100 +0,0 @@ -/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */ -/*************************************************************************** - * - * polkit-config-file-validate.c : validate configuration file - * - * Copyright (C) 2007 David Zeuthen, - * - * Permission is hereby granted, free of charge, to any person - * obtaining a copy of this software and associated documentation - * files (the "Software"), to deal in the Software without - * restriction, including without limitation the rights to use, copy, - * modify, merge, publish, distribute, sublicense, and/or sell copies - * of the Software, and to permit persons to whom the Software is - * furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be - * included in all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, - * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF - * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND - * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT - * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, - * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, - * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER - * DEALINGS IN THE SOFTWARE. - * - **************************************************************************/ - -#ifdef HAVE_CONFIG_H -# include -#endif - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include - -static void -usage (int argc, char *argv[]) -{ - execlp ("man", "man", "polkit-config-file-validate", NULL); - fprintf (stderr, "Cannot show man page: %m\n"); - exit (1); -} - -int -main (int argc, char *argv[]) -{ - int n; - int ret; - char *path; - PolKitConfig *config; - PolKitError *pk_error; - - ret = 1; - - path = NULL; - for (n = 1; n < argc; n++) { - if (strcmp (argv[n], "--help") == 0) { - usage (argc, argv); - ret = 0; - goto out; - } else if (strcmp (argv[n], "--version") == 0) { - printf ("polkit-config-file-validate " PACKAGE_VERSION "\n"); - ret = 0; - goto out; - } else { - if (path != NULL) { - usage (argc, argv); - goto out; - } - path = argv[n]; - } - } - - if (path == NULL) - path = PACKAGE_SYSCONF_DIR "/PolicyKit/PolicyKit.conf"; - - pk_error = NULL; - config = polkit_config_new (path, &pk_error); - if (config == NULL) { - printf ("Configuration file is malformed: %s\n", polkit_error_get_error_message (pk_error)); - polkit_error_free (pk_error); - goto out; - } - - ret = 0; - -out: - return ret; -}