Commit 3638c6c1 authored by David Zeuthen's avatar David Zeuthen

add module loading to PolicyKit

This paves the way for writing

 1. A module that tracks temporary (look in /var/run) and permanent (look
    in /var/lib) privilege grants
 2. A D-Bus service to authenticate a client to obtain to a privilege
    grant and then writing the grant in temporary or permanent storage

Also, this feature lets people very easily lock down the system; just
edit /etc/PolicyKit/PolicyKit.conf; add pam-module-deny-all / -allow-all
stanzas with various privilege=<regexp> and user=<username> options.
parent a1b5a12b
## Process this file with automake to produce Makefile.in
SUBDIRS = libpolkit doc tools privileges
SUBDIRS = libpolkit modules doc tools privileges
pkgconfigdir = $(libdir)/pkgconfig
pkgconfig_DATA = libpolkit.pc
......
......@@ -174,6 +174,10 @@ doc/spec/Makefile
doc/spec/polkit-spec.xml.in
doc/man/Makefile
privileges/Makefile
modules/Makefile
modules/default/Makefile
modules/allow-all/Makefile
modules/deny-all/Makefile
])
dnl ==========================================================================
......
......@@ -64,7 +64,6 @@
PolicyKit library.
</para>
</partintro>
<xi:include href="xml/libpolkit.xml"/>
<xi:include href="xml/libpolkit-error.xml"/>
<xi:include href="xml/libpolkit-result.xml"/>
<xi:include href="xml/libpolkit-context.xml"/>
......@@ -77,6 +76,7 @@
<xi:include href="xml/libpolkit-seat.xml"/>
<xi:include href="xml/libpolkit-session.xml"/>
<xi:include href="xml/libpolkit-caller.xml"/>
<xi:include href="xml/libpolkit-module.xml"/>
</reference>
<index>
......
if MAN_PAGES_ENABLED
MAN_IN_FILES = polkit-check-caller.1.in polkit-check-session.1.in polkit-privilege-file-validate.1.in
MAN_IN_FILES = polkit-check-caller.1.in polkit-check-session.1.in polkit-privilege-file-validate.1.in PolicyKit.8.in polkit-module-default.8.in polkit-module-allow-all.8.in polkit-module-deny-all.8.in
man_MANS = $(MAN_IN_FILES:.in=)
......@@ -10,7 +10,7 @@ endif # MAN_PAGES_ENABLED
EXTRA_DIST=$(man_MANS) $(MAN_IN_FILES)
clean-local:
rm -f *~ *.1
rm -f *~ *.1 *.8
%: %.in Makefile
$(edit) $< >$@
......
.\"
.\" PolicyKit manual page.
.\" Copyright (C) 2007 David Zeuthen <david@fubar.dk>
.\"
.TH POLICYKIT 8
.SH NAME
PolicyKit \- centralized policy management
.SH DESCRIPTION
.PP
For more information about the big picture refer to the \fIPolicyKit
spec\fP which can be found in
.I "@docdir@/spec/polkit-spec.html"
depending on the distribution.
.SH BUGS
.PP
Please send bug reports to either the distribution or the HAL
mailing list, see
.I "http://lists.freedesktop.org/mailman/listinfo/hal"
on how to subscribe.
.SH SEE ALSO
.PP
\&\fIpolkit-module-default\fR\|(8),
\&\fIpolkit-module-allow-all\fR\|(8),
\&\fIpolkit-module-deny-all\fR\|(8),
\&\fIpolkit-check-caller\fR\|(1),
\&\fIpolkit-check-session\fR\|(1),
\&\fIpolkit-privilege-file-validate\fR\|(1),
\&\fIdbus-daemon\fR\|(1),
\&\fIhald\fR\|(8)
.SH AUTHOR
Written by David Zeuthen <david@fubar.dk> with a lot of help from many
others.
......@@ -56,6 +56,7 @@ on how to subscribe.
.SH SEE ALSO
.PP
\&\fIPolicyKit\fR\|(8),
\&\fIdbus-daemon\fR\|(1),
\&\fIpolkit-check-session\fR\|(1)
......
......@@ -56,6 +56,7 @@ on how to subscribe.
.SH SEE ALSO
.PP
\&\fIPolicyKit\fR\|(8),
\&\fIdbus-daemon\fR\|(1),
\&\fIpolkit-check-caller\fR\|(1)
......
.\"
.\" polkit-module-allow-all manual page.
.\" Copyright (C) 2007 David Zeuthen <david@fubar.dk>
.\"
.TH POLKIT-MODULE-ALLOW-ALL 8
.SH NAME
polkit-module-allow-all \- grant access to all privileges
.SH SYNOPSIS
.PP
.B polkit-module-allow-all.so [privilege=<regexp>] [user=<username>]
.SH DESCRIPTION
.PP
This PolicyKit module will allow access to any privilege regardless of
the entity requesting it, what the requested privilege is and what
resource is involved.
For more information about the big picture refer to the \fIPolicyKit
spec\fP which can be found in
.I "@docdir@/spec/polkit-spec.html"
depending on the distribution.
.SH OPTIONS
.TP 3n
.B privilege=<regexp>
Only consider requests where the privilege name matches the given
regular expression. Example:
.B privilege=hal-storage-mount*
.TP 3n
.B user=<username>
Only consider requests matching the given username. May be both a
numerical
.B uid
value or a username. Example:
.B user=davidz
.SH NOTES
.PP
Never use this module unless you
.B COMPLETELY
trust anyone with either remote or local access to the system.
.SH BUGS
.PP
Please send bug reports to either the distribution or the HAL
mailing list, see
.I "http://lists.freedesktop.org/mailman/listinfo/hal"
on how to subscribe.
.SH SEE ALSO
.PP
\&\fIPolicyKit\fR\|(8),
\&\fIpolkit-module-default\fR\|(8),
\&\fIpolkit-module-deny-all\fR\|(8),
\&\fI@sysconfdir@/PolicyKit/privileges\fR\|,
\&\fI@sysconfdir@/PolicyKit/PolicyKit.conf\fR\|
.SH AUTHOR
Written by David Zeuthen <david@fubar.dk> with a lot of help from many
others.
.\"
.\" polkit-module-default manual page.
.\" Copyright (C) 2007 David Zeuthen <david@fubar.dk>
.\"
.TH POLKIT-MODULE-DEFAULT 8
.SH NAME
polkit-module-default \- use default policy for privileges
.SH SYNOPSIS
.PP
.B standard polkit-module-default.so
.SH DESCRIPTION
.PP
This PolicyKit module uses the default policy as specified (and
required) for by the privilege definition file for a given privilege.
For more information about the big picture refer to the \fIPolicyKit
spec\fP which can be found in
.I "@docdir@/spec/polkit-spec.html"
depending on the distribution.
.SH BUGS
.PP
Please send bug reports to either the distribution or the HAL
mailing list, see
.I "http://lists.freedesktop.org/mailman/listinfo/hal"
on how to subscribe.
.SH SEE ALSO
.PP
\&\fIPolicyKit\fR\|(8),
\&\fIpolkit-module-allow-all\fR\|(8),
\&\fIpolkit-module-deny-all\fR\|(8),
\&\fI@sysconfdir@/PolicyKit/privileges\fR\|,
\&\fI@sysconfdir@/PolicyKit/PolicyKit.conf\fR\|
.SH AUTHOR
Written by David Zeuthen <david@fubar.dk> with a lot of help from many
others.
.\"
.\" polkit-module-deny-all manual page.
.\" Copyright (C) 2007 David Zeuthen <david@fubar.dk>
.\"
.TH POLKIT-MODULE-DENY-ALL 8
.SH NAME
polkit-module-deny-all \- grant access to all privileges
.SH SYNOPSIS
.PP
.B polkit-module-deny-all.so [privilege=<regexp>] [user=<username>]
.SH DESCRIPTION
.PP
This PolicyKit module will deny access to any privilege regardless of
the entity requesting it, what the requested privilege is and what
resource is involved.
For more information about the big picture refer to the \fIPolicyKit
spec\fP which can be found in
.I "@docdir@/spec/polkit-spec.html"
depending on the distribution.
.SH OPTIONS
.TP 3n
.B privilege=<regexp>
Only consider requests where the privilege name matches the given
regular expression. Example:
.B privilege=hal-storage-mount*
.TP 3n
.B user=<username>
Only consider requests matching the given username. May be both a
numerical
.B uid
value or a username. Example:
.B user=davidz
.SH NOTES
.PP
This module is mostly useful in situations where it's desirable to
lock down the system so it's unusable by normal unprivileged users.
.SH BUGS
.PP
Please send bug reports to either the distribution or the HAL
mailing list, see
.I "http://lists.freedesktop.org/mailman/listinfo/hal"
on how to subscribe.
.SH SEE ALSO
.PP
\&\fIPolicyKit\fR\|(8),
\&\fIpolkit-module-default\fR\|(8),
\&\fIpolkit-module-allow-all\fR\|(8),
\&\fI@sysconfdir@/PolicyKit/privileges\fR\|,
\&\fI@sysconfdir@/PolicyKit/PolicyKit.conf\fR\|
.SH AUTHOR
Written by David Zeuthen <david@fubar.dk> with a lot of help from many
others.
......@@ -43,6 +43,7 @@ on how to subscribe.
.SH SEE ALSO
.PP
\&\fIPolicyKit\fR\|(8),
\&\fIpolkit-check-caller\fR\|(1),
\&\fIpolkit-check-session\fR\|(1)
......
......@@ -8,6 +8,7 @@ INCLUDES = \
-DPACKAGE_BIN_DIR=\""$(bindir)"\" \
-DPACKAGE_LOCALSTATEDIR=\""$(localstatedir)"\" \
-DPACKAGE_LOCALE_DIR=\""$(localedir)"\" \
-DPACKAGE_LIB_DIR=\""$(libdir)"\" \
-D_POSIX_PTHREAD_SEMANTICS -D_REENTRANT \
@GLIB_CFLAGS@ @DBUS_CFLAGS@
......@@ -28,10 +29,11 @@ libpolkitinclude_HEADERS = \
libpolkit-privilege-file-entry.h \
libpolkit-privilege-file.h \
libpolkit-privilege-cache.h \
libpolkit-privilege-default.h
libpolkit-privilege-default.h \
libpolkit-module.h
libpolkit_la_SOURCES = \
libpolkit.h libpolkit.c \
libpolkit.h \
libpolkit-error.h libpolkit-error.c \
libpolkit-result.h libpolkit-result.c \
libpolkit-context.h libpolkit-context.c \
......@@ -44,9 +46,10 @@ libpolkit_la_SOURCES = \
libpolkit-privilege-file.h libpolkit-privilege-file.c \
libpolkit-privilege-cache.h libpolkit-privilege-cache.c \
libpolkit-privilege-default.h libpolkit-privilege-default.c \
libpolkit-debug.h libpolkit-debug.c
libpolkit-debug.h libpolkit-debug.c \
libpolkit-module.h libpolkit-module.c
libpolkit_la_LIBADD = @GLIB_LIBS@ @DBUS_LIBS@
libpolkit_la_LIBADD = @GLIB_LIBS@ @DBUS_LIBS@ -ldl
libpolkit_la_LDFLAGS = -version-info $(LT_CURRENT):$(LT_REVISION):$(LT_AGE)
......
This diff is collapsed.
......@@ -31,6 +31,14 @@
#include <sys/types.h>
#include <glib.h>
#include <libpolkit/libpolkit-error.h>
#include <libpolkit/libpolkit-result.h>
#include <libpolkit/libpolkit-context.h>
#include <libpolkit/libpolkit-privilege.h>
#include <libpolkit/libpolkit-resource.h>
#include <libpolkit/libpolkit-seat.h>
#include <libpolkit/libpolkit-session.h>
#include <libpolkit/libpolkit-caller.h>
#include <libpolkit/libpolkit-privilege-cache.h>
struct PolKitContext;
......@@ -126,19 +134,53 @@ typedef void (*PolKitContextFileMonitorRemoveWatch) (PolKitContext
PolKitContext *libpolkit_context_new (void);
gboolean libpolkit_context_init (PolKitContext *pk_context,
GError **error);
PolKitContext *libpolkit_context_ref (PolKitContext *pk_context);
void libpolkit_context_unref (PolKitContext *pk_context);
void libpolkit_context_set_config_changed (PolKitContext *pk_context,
PolKitContextConfigChangedCB cb,
gpointer user_data);
void libpolkit_context_set_file_monitor (PolKitContext *pk_context,
PolKitContextFileMonitorAddWatch add_watch_func,
PolKitContextFileMonitorRemoveWatch remove_watch_func);
gboolean libpolkit_context_init (PolKitContext *pk_context,
GError **error);
PolKitContext *libpolkit_context_ref (PolKitContext *pk_context);
void libpolkit_context_unref (PolKitContext *pk_context);
PolKitPrivilegeCache *libpolkit_context_get_privilege_cache (PolKitContext *pk_context);
/**
* PolKitSeatVisitorCB:
* @seat: the seat
* @resources_associated_with_seat: A NULL terminated array of resources associated with the seat
* @user_data: user data
*
* Visitor function for libpolkit_get_seat_resource_association(). The caller should _not_ unref the passed objects.
*/
typedef void (*PolKitSeatVisitorCB) (PolKitSeat *seat,
PolKitResource **resources_associated_with_seat,
gpointer user_data);
PolKitResult
libpolkit_context_get_seat_resource_association (PolKitContext *pk_context,
PolKitSeatVisitorCB visitor,
gpointer *user_data);
PolKitResult
libpolkit_context_is_resource_associated_with_seat (PolKitContext *pk_context,
PolKitResource *resource,
PolKitSeat *seat);
PolKitResult
libpolkit_context_can_session_access_resource (PolKitContext *pk_context,
PolKitPrivilege *privilege,
PolKitResource *resource,
PolKitSession *session);
PolKitResult
libpolkit_context_can_caller_access_resource (PolKitContext *pk_context,
PolKitPrivilege *privilege,
PolKitResource *resource,
PolKitCaller *caller);
#endif /* LIBPOLKIT_CONTEXT_H */
......@@ -37,6 +37,7 @@
#include <stdio.h>
#include <stdarg.h>
#include <stdlib.h>
#include <sys/time.h>
#include "libpolkit-debug.h"
......@@ -61,6 +62,15 @@ _pk_debug (const char *format, ...)
}
if (show_debug) {
struct timeval tnow;
struct tm *tlocaltime;
struct timezone tzone;
char tbuf[256];
gettimeofday (&tnow, &tzone);
tlocaltime = localtime ((time_t *) &tnow.tv_sec);
strftime (tbuf, sizeof (tbuf), "%H:%M:%S", tlocaltime);
fprintf (stdout, "%s.%03d: ", tbuf, (int)(tnow.tv_usec/1000));
va_start (args, format);
vfprintf (stdout, format, args);
va_end (args);
......
/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
/***************************************************************************
*
* libpolkit-module.c : PolicyKit loadable module interface
*
* Copyright (C) 2007 David Zeuthen, <david@fubar.dk>
*
* Licensed under the Academic Free License version 2.1
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*
**************************************************************************/
/**
* SECTION:libpolkit-module
* @short_description: PolicyKit loadable module interface
*
* These functions are used by loadable PolicyKit modules.
**/
#ifdef HAVE_CONFIG_H
# include <config.h>
#endif
#include <dlfcn.h>
#include "libpolkit-debug.h"
#include "libpolkit-module.h"
/**
* PolKitModuleInterface:
*
* Objects of this class are used to interface with PolicyKit modules
**/
struct PolKitModuleInterface
{
int refcount;
void *dlopen_handle;
char *name;
gpointer module_user_data;
PolKitModuleControl module_control;
PolKitModuleInitialize func_initialize;
PolKitModuleShutdown func_shutdown;
PolKitModuleGetSeatResourceAssociation func_get_seat_resource_association;
PolKitModuleIsResourceAssociatedWithSeat func_is_resource_associated_with_seat;
PolKitModuleCanSessionAccessResource func_can_session_access_resource;
PolKitModuleCanCallerAccessResource func_can_caller_access_resource;
};
/**
* libpolkit_module_interface_load_module:
* @name: name of module, e.g. "polkit-module-default.so"
* @module_control: the module control; from the configuration file
* @argc: number arguments to pass
* @argv: argument vector, the first argument must be the filename/path to the module
*
* Load and initialize a PolicyKit module
*
* Returns: A #PolKitModuleInterface object on success; #NULL on failure.
**/
PolKitModuleInterface *
libpolkit_module_interface_load_module (const char *name, PolKitModuleControl module_control, int argc, char *argv[])
{
void *handle;
PolKitModuleInterface *mi;
gboolean (*func) (PolKitModuleInterface *);
mi = NULL;
_pk_debug ("loading %s", name);
handle = dlopen (name, RTLD_NOW | RTLD_LOCAL);
if (handle == NULL) {
_pk_debug ("Cannot load module '%s'", name);
goto error;
}
func = dlsym (handle, "libpolkit_module_set_functions");
if (func == NULL) {
_pk_debug ("Cannot get symbol 'libpolkit_module_set_functions' in module '%s'", name);
goto error;
}
_pk_debug ("func = %p", func);
mi = libpolkit_module_interface_new ();
if (!func (mi)) {
_pk_debug ("Module '%s' returned FALSE when asked to set functions", name);
goto error;
}
if (mi->func_initialize == NULL) {
_pk_debug ("Module '%s' didn't set initialize function", name);
goto error;
}
if (mi->func_shutdown == NULL) {
_pk_debug ("Module '%s' didn't set shutdown function", name);
goto error;
}
if (!mi->func_initialize (mi, argc, argv)) {
_pk_debug ("Module '%s' returned FALSE in initialization function", name);
goto error;
}
mi->dlopen_handle = handle;
mi->name = g_strdup (name);
mi->module_control = module_control;
return mi;
error:
if (mi != NULL)
libpolkit_module_interface_unref (mi);
if (handle != NULL)
dlclose (handle);
return NULL;
}
/**
* libpolkit_module_get_name:
* @module_interface: the module interface
*
* Get the name of the module
*
* Returns: name or #NULL if an error occured
**/
const char *
libpolkit_module_get_name (PolKitModuleInterface *module_interface)
{
g_return_val_if_fail (module_interface != NULL, NULL);
return module_interface->name;
}
/**
* libpolkit_module_interface_new:
*
* Create a new #PolKitModuleInterface object.
*
* Returns: the new object
**/
PolKitModuleInterface *
libpolkit_module_interface_new (void)
{
PolKitModuleInterface *module_interface;
module_interface = g_new0 (PolKitModuleInterface, 1);
module_interface->refcount = 1;
return module_interface;
}
/**
* libpolkit_module_interface_ref:
* @module_interface: the module_interface object
*
* Increase reference count.
*
* Returns: the object
**/
PolKitModuleInterface *
libpolkit_module_interface_ref (PolKitModuleInterface *module_interface)
{
g_return_val_if_fail (module_interface != NULL, module_interface);
module_interface->refcount++;
return module_interface;
}
/**
* libpolkit_module_interface_unref:
* @module_interface: the module_interface object
*
* Decreases the reference count of the object. If it becomes zero,
* the object is freed. Before freeing, reference counts on embedded
* objects are decresed by one.
**/
void
libpolkit_module_interface_unref (PolKitModuleInterface *module_interface)
{
g_return_if_fail (module_interface != NULL);
module_interface->refcount--;
if (module_interface->refcount > 0)
return;
/* shutdown the module and unload it */
if (module_interface->func_shutdown != NULL)
module_interface->func_shutdown (module_interface);
if (module_interface->dlopen_handle != NULL)
dlclose (module_interface->dlopen_handle);
g_free (module_interface->name);
g_free (module_interface);
}
/**
* libpolkit_module_set_func_initialize:
* @module_interface: the module interface
* @func: the function pointer
*
* Set the function pointer.
**/