Commit dea6b10f authored by David Zeuthen's avatar David Zeuthen

split Subject into Subject and Identity and revise API

... also remove EnumerateSessions
parent 1dd82a14
......@@ -17,6 +17,21 @@
</annotation>
<!-- Identity struct -->
<annotation name="org.gtk.EggDBus.DeclareStruct" value="Identity">
<annotation name="org.gtk.EggDBus.Struct.Member" value="s:identity_kind">
<annotation name="org.gtk.EggDBus.DocString" value="Kind of identity"/>
</annotation>
<annotation name="org.gtk.EggDBus.Struct.Member" value="a{sv}:identity_details">
<annotation name="org.gtk.EggDBus.DocString" value="Details about the identity"/>
</annotation>
<!-- TODO: document values in hash map for each identity type-->
</annotation>
<!-- ActionDescription struct -->
<annotation name="org.gtk.EggDBus.DeclareStruct" value="ActionDescription">
......@@ -99,19 +114,13 @@
<method name="EnumerateUsers">
<arg name="users" direction="out" type="a(sa{sv})">
<annotation name="org.gtk.EggDBus.StructType" value="Subject"/>
<annotation name="org.gtk.EggDBus.StructType" value="Identity"/>
</arg>
</method>
<method name="EnumerateGroups">
<arg name="groups" direction="out" type="a(sa{sv})">
<annotation name="org.gtk.EggDBus.StructType" value="Subject"/>
</arg>
</method>
<method name="EnumerateSessions">
<arg name="sessions" direction="out" type="a(sa{sv})">
<annotation name="org.gtk.EggDBus.StructType" value="Subject"/>
<annotation name="org.gtk.EggDBus.StructType" value="Identity"/>
</arg>
</method>
......@@ -137,26 +146,37 @@
</method>
<method name="AddAuthorization">
<arg name="identity" direction="in" type="(sa{sv})">
<annotation name="org.gtk.EggDBus.StructType" value="Identity"/>
<annotation name="org.gtk.EggDBus.DocString" value="The identity to add @authorization to"/>
</arg>
<arg name="authorization" direction="in" type="(s(sa{sv})b)">
<annotation name="org.gtk.EggDBus.StructType" value="Authorization"/>
<annotation name="org.gtk.EggDBus.DocString" value="The authorization to add for @identity"/>
</arg>
</method>
<method name="RemoveAuthorization">
<arg name="identity" direction="in" type="(sa{sv})">
<annotation name="org.gtk.EggDBus.StructType" value="Identity"/>
<annotation name="org.gtk.EggDBus.DocString" value="The identity to remove @authorization from"/>
</arg>
<arg name="authorization" direction="in" type="(s(sa{sv})b)">
<annotation name="org.gtk.EggDBus.StructType" value="Authorization"/>
<annotation name="org.gtk.EggDBus.DocString" value="The authorization to remove from @identity"/>
</arg>
</method>
<method name="EnumerateAuthorizations">
<arg name="subject" direction="in" type="(sa{sv})">
<annotation name="org.gtk.EggDBus.StructType" value="Subject"/>
<arg name="identity" direction="in" type="(sa{sv})">
<annotation name="org.gtk.EggDBus.StructType" value="Identity"/>
<annotation name="org.gtk.EggDBus.DocString" value="The identity to enumerate authorizations for"/>
</arg>
<arg name="authorizations" direction="out" type="a(s(sa{sv})b)">
<annotation name="org.gtk.EggDBus.StructType" value="Authorization"/>
<annotation name="org.gtk.EggDBus.DocString" value="An array of authorizations for @identity"/>
</arg>
</method>
</interface>
</node>
......@@ -40,18 +40,13 @@
groups
<arg><option>--verbose</option></arg>
</arg>
<arg choice="plain">
<sbr/>
sessions
<arg><option>--verbose</option></arg>
</arg>
<arg choice="plain">
<sbr/>
authorizations
</arg>
<arg choice="plain">
<sbr/>
explicit-authorizations <replaceable>subject</replaceable>
explicit-authorizations <replaceable>identity</replaceable>
<arg><option>--verbose</option></arg>
</arg>
</group>
......@@ -65,13 +60,13 @@
<cmdsynopsis>
<command>polkit-1 grant</command>
<arg choice="plain"><replaceable>subject</replaceable></arg>
<arg choice="plain"><replaceable>identity</replaceable></arg>
<arg choice="plain"><replaceable>action-id</replaceable></arg>
</cmdsynopsis>
<cmdsynopsis>
<command>polkit-1 revoke</command>
<arg choice="plain"><replaceable>subject</replaceable></arg>
<arg choice="plain"><replaceable>identity</replaceable></arg>
<arg choice="plain"><replaceable>action-id</replaceable></arg>
</cmdsynopsis>
......@@ -159,8 +154,9 @@
</para>
<para>
Lists all users.
The returned identifiers can be used as <replaceable>subject</replaceable> parameters.
The returned identifiers can be used as <replaceable>identity</replaceable> parameters.
Prints detailed information about each user if <option>--verbose</option> is given.
See <xref linkend="polkit-1-identity"/> for details about <replaceable>identity</replaceable>.
</para>
</refsect2>
......@@ -171,20 +167,9 @@
</para>
<para>
Lists all groups.
The returned identifiers can be used as <replaceable>subject</replaceable> parameters.
The returned identifiers can be used as <replaceable>identity</replaceable> parameters.
Prints detailed information about each group if <option>--verbose</option> is given.
</para>
</refsect2>
<refsect2>
<para>
<command>polkit-1 list sessions</command>
<arg><option>--verbose</option></arg>
</para>
<para>
Lists all sessions.
The returned identifiers can be used as <replaceable>subject</replaceable> parameters.
Prints detailed information about each session if <option>--verbose</option> is given.
See <xref linkend="polkit-1-identity"/> for details about <replaceable>identity</replaceable>.
</para>
</refsect2>
......@@ -199,12 +184,13 @@
<refsect2>
<para>
<command>polkit-1 list explicit-authorizations <replaceable>subject</replaceable></command>
<command>polkit-1 list explicit-authorizations <replaceable>identity</replaceable></command>
<arg><option>--verbose</option></arg>
</para>
<para>
Lists all explicit authorizations for <replaceable>subject</replaceable>.
Lists all explicit authorizations for <replaceable>identity</replaceable>.
Prints detailed information about each authorization if <option>--verbose</option> is given.
See <xref linkend="polkit-1-identity"/> for details about <replaceable>identity</replaceable>.
</para>
</refsect2>
......@@ -216,28 +202,31 @@
</para>
<para>
Checks if <replaceable>subject</replaceable> is authorized for <replaceable>action-id</replaceable>.
See <xref linkend="polkit-1-subject"/> for details about <replaceable>subject</replaceable>.
</para>
</refsect2>
<refsect2>
<para>
<command>polkit-1 grant</command>
<arg choice="plain"><replaceable>subject</replaceable></arg>
<arg choice="plain"><replaceable>identity</replaceable></arg>
<arg choice="plain"><replaceable>action-id</replaceable></arg>
</para>
<para>
Grants an authorization to <replaceable>subject</replaceable> for <replaceable>action-id</replaceable>.
Grants an authorization to <replaceable>identity</replaceable> for <replaceable>action-id</replaceable>.
See <xref linkend="polkit-1-identity"/> for details about <replaceable>identity</replaceable>.
</para>
</refsect2>
<refsect2>
<para>
<command>polkit-1 revoke</command>
<arg choice="plain"><replaceable>subject</replaceable></arg>
<arg choice="plain"><replaceable>identity</replaceable></arg>
<arg choice="plain"><replaceable>action-id</replaceable></arg>
</para>
<para>
Revokes an authorization from <replaceable>subject</replaceable> for <replaceable>action-id</replaceable>.
Revokes an authorization from <replaceable>identity</replaceable> for <replaceable>action-id</replaceable>.
See <xref linkend="polkit-1-identity"/> for details about <replaceable>identity</replaceable>.
</para>
</refsect2>
......@@ -319,6 +308,20 @@
</refsect1>
<refsect1 id="polkit-1-subject">
<title>SUBJECTS</title>
<para>
TODO: Write me.
</para>
</refsect1>
<refsect1 id="polkit-1-identity">
<title>IDENTITIES</title>
<para>
TODO: Write me.
</para>
</refsect1>
<refsect1><title>AUTHOR</title>
<para>
Written by David Zeuthen <email>davidz@redhat.com</email> with
......
......@@ -69,14 +69,18 @@
<xi:include href="xml/polkitactiondescription.xml"/>
<xi:include href="xml/polkiterror.xml"/>
<chapter id="subjects">
<title>Subjects and Identities</title>
<title>Subjects</title>
<xi:include href="xml/polkitsubject.xml"/>
<xi:include href="xml/polkitunixuser.xml"/>
<xi:include href="xml/polkitunixgroup.xml"/>
<xi:include href="xml/polkitunixprocess.xml"/>
<xi:include href="xml/polkitunixsession.xml"/>
<xi:include href="xml/polkitsystembusname.xml"/>
</chapter>
<chapter id="Identities">
<title>Identities</title>
<xi:include href="xml/polkitidentity.xml"/>
<xi:include href="xml/polkitunixuser.xml"/>
<xi:include href="xml/polkitunixgroup.xml"/>
</chapter>
<chapter id="extending">
<title>Extending PolicyKit</title>
<xi:include href="../polkitbackend/xml/polkitbackendauthority.xml"/>
......
......@@ -26,6 +26,7 @@ BUILT_SOURCES = \
_polkitbindingstypes.h \
_polkiterror.c _polkiterror.h \
_polkitsubject.c _polkitsubject.h \
_polkitidentity.c _polkitidentity.h \
$(NULL)
$(BUILT_SOURCES) : Makefile.am $(top_srcdir)/data/org.freedesktop.PolicyKit1.Authority.xml
......@@ -45,11 +46,12 @@ libpolkit_gobject_1include_HEADERS = \
polkitauthority.h \
polkiterror.h \
polkitsubject.h \
polkitunixuser.h \
polkitunixgroup.h \
polkitunixprocess.h \
polkitunixsession.h \
polkitsystembusname.h \
polkitidentity.h \
polkitunixuser.h \
polkitunixgroup.h \
polkitauthorizationresult.h \
polkitcheckauthorizationflags.h \
polkitauthorization.h \
......@@ -62,11 +64,12 @@ libpolkit_gobject_1_la_SOURCES = \
polkitauthority.c polkitauthority.h \
polkiterror.c polkiterror.h \
polkitsubject.c polkitsubject.h \
polkitunixuser.c polkitunixuser.h \
polkitunixgroup.c polkitunixgroup.h \
polkitunixprocess.c polkitunixprocess.h \
polkitunixsession.c polkitunixsession.h \
polkitsystembusname.c polkitsystembusname.h \
polkitidentity.c polkitidentity.h \
polkitunixuser.c polkitunixuser.h \
polkitunixgroup.c polkitunixgroup.h \
polkitauthorizationresult.c polkitauthorizationresult.h \
polkitcheckauthorizationflags.c polkitcheckauthorizationflags.h \
polkitauthorization.c polkitauthorization.h \
......
......@@ -26,9 +26,10 @@
#include <polkit/polkitactiondescription.h>
#include <polkit/polkiterror.h>
#include <polkit/polkitsubject.h>
#include <polkit/polkitidentity.h>
#include <polkit/polkitunixuser.h>
#include <polkit/polkitunixgroup.h>
#include <polkit/polkitsubject.h>
#include <polkit/polkitunixprocess.h>
#include <polkit/polkitunixsession.h>
#include <polkit/polkitsystembusname.h>
......
This diff is collapsed.
......@@ -59,10 +59,6 @@ GList *polkit_authority_enumerate_groups_sync (PolkitAuthori
GCancellable *cancellable,
GError **error);
GList *polkit_authority_enumerate_sessions_sync (PolkitAuthority *authority,
GCancellable *cancellable,
GError **error);
PolkitAuthorizationResult polkit_authority_check_authorization_sync (PolkitAuthority *authority,
PolkitSubject *subject,
const gchar *action_id,
......@@ -71,16 +67,18 @@ PolkitAuthorizationResult polkit_authority_check_authorization_sync (PolkitAuth
GError **error);
GList *polkit_authority_enumerate_authorizations_sync (PolkitAuthority *authority,
PolkitSubject *subject,
PolkitIdentity *identity,
GCancellable *cancellable,
GError **error);
gboolean polkit_authority_add_authorization_sync (PolkitAuthority *authority,
PolkitIdentity *identity,
PolkitAuthorization *authorization,
GCancellable *cancellable,
GError **error);
gboolean polkit_authority_remove_authorization_sync (PolkitAuthority *authority,
PolkitIdentity *identity,
PolkitAuthorization *authorization,
GCancellable *cancellable,
GError **error);
......@@ -115,15 +113,6 @@ GList * polkit_authority_enumerate_groups_finish (PolkitAutho
GAsyncResult *res,
GError **error);
void polkit_authority_enumerate_sessions (PolkitAuthority *authority,
GCancellable *cancellable,
GAsyncReadyCallback callback,
gpointer user_data);
GList * polkit_authority_enumerate_sessions_finish (PolkitAuthority *authority,
GAsyncResult *res,
GError **error);
void polkit_authority_check_authorization (PolkitAuthority *authority,
PolkitSubject *subject,
const gchar *action_id,
......@@ -137,7 +126,7 @@ PolkitAuthorizationResult polkit_authority_check_authorization_finish (PolkitAu
GError **error);
void polkit_authority_enumerate_authorizations (PolkitAuthority *authority,
PolkitSubject *subject,
PolkitIdentity *identity,
GCancellable *cancellable,
GAsyncReadyCallback callback,
gpointer user_data);
......@@ -147,6 +136,7 @@ GList * polkit_authority_enumerate_authorizations_finish (Pol
GError **error);
void polkit_authority_add_authorization (PolkitAuthority *authority,
PolkitIdentity *identity,
PolkitAuthorization *authorization,
GCancellable *cancellable,
GAsyncReadyCallback callback,
......@@ -157,6 +147,7 @@ gboolean polkit_authority_add_authorization_finish (PolkitAuth
GError **error);
void polkit_authority_remove_authorization (PolkitAuthority *authority,
PolkitIdentity *identity,
PolkitAuthorization *authorization,
GCancellable *cancellable,
GAsyncReadyCallback callback,
......
......@@ -39,6 +39,9 @@ _PolkitActionDescription *polkit_action_description_get_real (PolkitActionDe
PolkitSubject *polkit_subject_new_for_real (_PolkitSubject *real);
_PolkitSubject *polkit_subject_get_real (PolkitSubject *subject);
PolkitIdentity *polkit_identity_new_for_real (_PolkitIdentity *real);
_PolkitIdentity *polkit_identity_get_real (PolkitIdentity *identity);
PolkitAuthorization *polkit_authorization_new_for_real (_PolkitAuthorization *real);
_PolkitAuthorization *polkit_authorization_get_real (PolkitAuthorization *authorization);
......
......@@ -26,8 +26,6 @@
#include <string.h>
#include "polkitsubject.h"
#include "polkitunixuser.h"
#include "polkitunixgroup.h"
#include "polkitunixprocess.h"
#include "polkitunixsession.h"
#include "polkitsystembusname.h"
......@@ -98,29 +96,7 @@ polkit_subject_from_string (const gchar *str,
subject = NULL;
if (g_str_has_prefix (str, "unix-user:"))
{
val = g_ascii_strtoull (str + sizeof "unix-user:" - 1,
&endptr,
10);
if (*endptr == '\0')
subject = polkit_unix_user_new ((uid_t) val);
else
subject = polkit_unix_user_new_for_name (str + sizeof "unix-user:" - 1,
error);
}
else if (g_str_has_prefix (str, "unix-group:"))
{
val = g_ascii_strtoull (str + sizeof "unix-group:" - 1,
&endptr,
10);
if (*endptr == '\0')
subject = polkit_unix_group_new ((gid_t) val);
else
subject = polkit_unix_group_new_for_name (str + sizeof "unix-group:" - 1,
error);
}
else if (g_str_has_prefix (str, "unix-process:"))
if (g_str_has_prefix (str, "unix-process:"))
{
val = g_ascii_strtoull (str + sizeof "unix-process:" - 1,
&endptr,
......@@ -176,15 +152,9 @@ polkit_subject_new_for_real (_PolkitSubject *real)
kind = _polkit_subject_get_subject_kind (real);
details = _polkit_subject_get_subject_details (real);
if (strcmp (kind, "unix-user") == 0)
{
variant = egg_dbus_hash_map_lookup (details, "uid");
s = polkit_unix_user_new (egg_dbus_variant_get_uint (variant));
}
else if (strcmp (kind, "unix-group") == 0)
if (strcmp (kind, "") == 0)
{
variant = egg_dbus_hash_map_lookup (details, "gid");
s = polkit_unix_group_new (egg_dbus_variant_get_uint (variant));
/* explicitly left blank (for subjects that are NULL) */
}
else if (strcmp (kind, "unix-process") == 0)
{
......@@ -222,19 +192,9 @@ polkit_subject_get_real (PolkitSubject *subject)
kind = NULL;
details = egg_dbus_hash_map_new (G_TYPE_STRING, NULL, EGG_DBUS_TYPE_VARIANT, (GDestroyNotify) g_object_unref);
if (POLKIT_IS_UNIX_USER (subject))
if (subject == NULL)
{
kind = "unix-user";
egg_dbus_hash_map_insert (details,
"uid",
egg_dbus_variant_new_for_uint (polkit_unix_user_get_uid (POLKIT_UNIX_USER (subject))));
}
else if (POLKIT_IS_UNIX_GROUP (subject))
{
kind = "unix-group";
egg_dbus_hash_map_insert (details,
"gid",
egg_dbus_variant_new_for_uint (polkit_unix_group_get_gid (POLKIT_UNIX_GROUP (subject))));
kind = "";
}
else if (POLKIT_IS_UNIX_PROCESS (subject))
{
......
......@@ -32,12 +32,6 @@ typedef struct _PolkitActionDescription PolkitActionDescription;
typedef struct _PolkitSubject PolkitSubject; /* Dummy typedef */
struct _PolkitUnixUser;
typedef struct _PolkitUnixUser PolkitUnixUser;
struct _PolkitUnixGroup;
typedef struct _PolkitUnixGroup PolkitUnixGroup;
struct _PolkitUnixProcess;
typedef struct _PolkitUnixProcess PolkitUnixProcess;
......@@ -47,6 +41,14 @@ typedef struct _PolkitUnixSession PolkitUnixSession;
struct _PolkitSystemBusName;
typedef struct _PolkitSystemBusName PolkitSystemBusName;
typedef struct _PolkitIdentity PolkitIdentity; /* Dummy typedef */
struct _PolkitUnixUser;
typedef struct _PolkitUnixUser PolkitUnixUser;
struct _PolkitUnixGroup;
typedef struct _PolkitUnixGroup PolkitUnixGroup;
struct _PolkitAuthorization;
typedef struct _PolkitAuthorization PolkitAuthorization;
......
......@@ -26,7 +26,7 @@
#include <string.h>
#include <grp.h>
#include "polkitunixgroup.h"
#include "polkitsubject.h"
#include "polkitidentity.h"
#include "polkiterror.h"
#include "polkitprivate.h"
......@@ -56,10 +56,10 @@ enum
PROP_GID,
};
static void subject_iface_init (PolkitSubjectIface *subject_iface);
static void identity_iface_init (PolkitIdentityIface *identity_iface);
G_DEFINE_TYPE_WITH_CODE (PolkitUnixGroup, polkit_unix_group, G_TYPE_OBJECT,
G_IMPLEMENT_INTERFACE (POLKIT_TYPE_SUBJECT, subject_iface_init)
G_IMPLEMENT_INTERFACE (POLKIT_TYPE_IDENTITY, identity_iface_init)
);
static void
......@@ -149,22 +149,22 @@ polkit_unix_group_set_gid (PolkitUnixGroup *group,
group->gid = gid;
}
PolkitSubject *
PolkitIdentity *
polkit_unix_group_new (gid_t gid)
{
return POLKIT_SUBJECT (g_object_new (POLKIT_TYPE_UNIX_GROUP,
return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_GROUP,
"gid", gid,
NULL));
}
PolkitSubject *
PolkitIdentity *
polkit_unix_group_new_for_name (const gchar *name,
GError **error)
{
struct group *group;
PolkitSubject *subject;
PolkitIdentity *identity;
subject = NULL;
identity = NULL;
group = getgrnam (name);
if (group == NULL)
......@@ -177,15 +177,15 @@ polkit_unix_group_new_for_name (const gchar *name,
goto out;
}
subject = polkit_unix_group_new (group->gr_gid);
identity = polkit_unix_group_new (group->gr_gid);
out:
return subject;
return identity;
}
static gboolean
polkit_unix_group_equal (PolkitSubject *a,
PolkitSubject *b)
polkit_unix_group_equal (PolkitIdentity *a,
PolkitIdentity *b)
{
PolkitUnixGroup *group_a;
PolkitUnixGroup *group_b;
......@@ -197,9 +197,9 @@ polkit_unix_group_equal (PolkitSubject *a,
}
static gchar *
polkit_unix_group_to_string (PolkitSubject *subject)
polkit_unix_group_to_string (PolkitIdentity *identity)
{
PolkitUnixGroup *group = POLKIT_UNIX_GROUP (subject);
PolkitUnixGroup *group = POLKIT_UNIX_GROUP (identity);
struct group *gr;
gr = getgrgid (group->gid);
......@@ -211,8 +211,8 @@ polkit_unix_group_to_string (PolkitSubject *subject)
}
static void
subject_iface_init (PolkitSubjectIface *subject_iface)
identity_iface_init (PolkitIdentityIface *identity_iface)
{
subject_iface->equal = polkit_unix_group_equal;
subject_iface->to_string = polkit_unix_group_to_string;
identity_iface->equal = polkit_unix_group_equal;
identity_iface->to_string = polkit_unix_group_to_string;
}
......@@ -43,8 +43,8 @@ typedef struct _PolkitUnixGroup PolkitUnixGroup;
typedef struct _PolkitUnixGroupClass PolkitUnixGroupClass;
GType polkit_unix_group_get_type (void) G_GNUC_CONST;
PolkitSubject *polkit_unix_group_new (gid_t gid);
PolkitSubject *polkit_unix_group_new_for_name (const gchar *name,
PolkitIdentity *polkit_unix_group_new (gid_t gid);
PolkitIdentity *polkit_unix_group_new_for_name (const gchar *name,
GError **error);
gid_t polkit_unix_group_get_gid (PolkitUnixGroup *group);
void polkit_unix_group_set_gid (PolkitUnixGroup *group,
......
......@@ -26,7 +26,7 @@
#include <string.h>
#include <pwd.h>
#include "polkitunixuser.h"
#include "polkitsubject.h"
#include "polkitidentity.h"
#include "polkiterror.h"
#include "polkitprivate.h"
......@@ -56,10 +56,10 @@ enum
PROP_UID,
};
static void subject_iface_init (PolkitSubjectIface *subject_iface);
static void identity_iface_init (PolkitIdentityIface *identity_iface);
G_DEFINE_TYPE_WITH_CODE (PolkitUnixUser, polkit_unix_user, G_TYPE_OBJECT,
G_IMPLEMENT_INTERFACE (POLKIT_TYPE_SUBJECT, subject_iface_init)
G_IMPLEMENT_INTERFACE (POLKIT_TYPE_IDENTITY, identity_iface_init)
);
static void
......@@ -149,22 +149,22 @@ polkit_unix_user_set_uid (PolkitUnixUser *user,
user->uid = uid;
}
PolkitSubject *
PolkitIdentity *
polkit_unix_user_new (uid_t uid)
{
return POLKIT_SUBJECT (g_object_new (POLKIT_TYPE_UNIX_USER,
"uid", uid,
NULL));
return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_USER,
"uid", uid,
NULL));
}
PolkitSubject *
PolkitIdentity *
polkit_unix_user_new_for_name (const gchar *name,
GError **error)
{
struct passwd *passwd;
PolkitSubject *subject;
PolkitIdentity *identity;
subject = NULL;
identity = NULL;
passwd = getpwnam (name);
if (passwd == NULL)
......@@ -177,15 +177,15 @@ polkit_unix_user_new_for_name (const gchar *name,
goto out;
}
subject = polkit_unix_user_new (passwd->pw_uid);
identity = polkit_unix_user_new (passwd->pw_uid);
out:
return subject;
return identity;
}