diff options
27 files changed, 16 insertions, 2751 deletions
diff --git a/configure.ac b/configure.ac index 7c7ca7a..f75b8d9 100644 --- a/configure.ac +++ b/configure.ac @@ -461,7 +461,6 @@ src/polkitagent/Makefile src/polkitd/Makefile src/programs/Makefile src/examples/Makefile -src/nullbackend/Makefile docs/version.xml docs/extensiondir.xml docs/Makefile diff --git a/docs/polkit/Makefile.am b/docs/polkit/Makefile.am index 72d2fb8..a9bac88 100644 --- a/docs/polkit/Makefile.am +++ b/docs/polkit/Makefile.am @@ -31,8 +31,6 @@ INCLUDES = \ $(GIO_CFLAGS) \ -I$(top_srcdir)/src/polkit \ -I$(top_builddir)/src/polkit \ - -I$(top_srcdir)/src/polkitbackend \ - -I$(top_builddir)/src/polkitbackend \ -I$(top_srcdir)/src/polkitagent \ -I$(top_builddir)/src/polkitagent \ $(NULL) @@ -42,7 +40,6 @@ GTKDOC_LIBS = \ $(GLIB_LIBS) \ $(GIO_LIBS) \ $(top_builddir)/src/polkit/libpolkit-gobject-1.la \ - $(top_builddir)/src/polkitbackend/libpolkit-backend-1.la \ $(top_builddir)/src/polkitagent/libpolkit-agent-1.la \ $(NULL) diff --git a/docs/polkit/overview.xml b/docs/polkit/overview.xml index 24440d2..9f5a1a9 100644 --- a/docs/polkit/overview.xml +++ b/docs/polkit/overview.xml @@ -90,37 +90,4 @@ </para> </chapter> - <chapter id="polkit-extending"> - <title>Extending polkit</title> - <para> - polkit exports a number of extension points to - replace/customize behavior of the polkit daemon. Note that - all extensions run with super user privileges in the same - process as the polkit daemon. - </para> - <para> - The polkit daemons loads extensions - from the <filename>&extensiondir;</filename> directory. See - the <link linkend="gio-Extension-Points">GIO Extension Point - documentation</link> for more information about the extension - system used by polkit. - </para> - <para> - The following extension points are currently defined by - polkit: - </para> - - <formalpara> - <title>POLKIT_BACKEND_AUTHORITY_EXTENSION_POINT_NAME</title> - <para> - Allows replacing the Authority – the entity responsible for - making authorization decisions. Implementations of this - extension point must be derived from the - PolkitBackendAuthority class. See - the <filename>src/nullbackend/</filename> directory in the - polkit sources for an example. - </para> - </formalpara> - - </chapter> </part> diff --git a/docs/polkit/polkit-1-docs.xml b/docs/polkit/polkit-1-docs.xml index 84158ef..549768c 100644 --- a/docs/polkit/polkit-1-docs.xml +++ b/docs/polkit/polkit-1-docs.xml @@ -23,7 +23,7 @@ </part> <part id="ref-api"> - <title>Client API Reference</title> + <title>Library API Reference</title> <xi:include href="xml/polkitauthority.xml"/> <xi:include href="xml/polkitauthorizationresult.xml"/> <xi:include href="xml/polkitdetails.xml"/> @@ -47,13 +47,6 @@ </chapter> </part> - <part id="ref-backend-api"> - <title>Backend API Reference</title> - <xi:include href="xml/polkitbackendauthority.xml"/> - <xi:include href="xml/polkitbackendinteractiveauthority.xml"/> - <xi:include href="xml/polkitbackendlocalauthority.xml"/> - </part> - <part id="ref-authentication-agent-api"> <title>Authentication Agent API Reference</title> <xi:include href="xml/polkitagentlistener.xml"/> diff --git a/docs/polkit/polkit-1-sections.txt b/docs/polkit/polkit-1-sections.txt index 3881004..41b37e3 100644 --- a/docs/polkit/polkit-1-sections.txt +++ b/docs/polkit/polkit-1-sections.txt @@ -291,86 +291,6 @@ POLKIT_DETAILS_GET_CLASS </SECTION> <SECTION> -<FILE>polkitbackendauthority</FILE> -<TITLE>PolkitBackendAuthority</TITLE> -POLKIT_BACKEND_AUTHORITY_EXTENSION_POINT_NAME -PolkitBackendAuthority -PolkitBackendAuthorityClass -polkit_backend_authority_get_name -polkit_backend_authority_get_version -polkit_backend_authority_get_features -polkit_backend_authority_check_authorization -polkit_backend_authority_check_authorization_finish -polkit_backend_authority_register_authentication_agent -polkit_backend_authority_unregister_authentication_agent -polkit_backend_authority_authentication_agent_response -polkit_backend_authority_enumerate_actions -polkit_backend_authority_enumerate_temporary_authorizations -polkit_backend_authority_revoke_temporary_authorizations -polkit_backend_authority_revoke_temporary_authorization_by_id -polkit_backend_authority_get -polkit_backend_authority_register -polkit_backend_authority_unregister -<SUBSECTION Standard> -POLKIT_BACKEND_AUTHORITY -POLKIT_BACKEND_IS_AUTHORITY -POLKIT_BACKEND_TYPE_AUTHORITY -polkit_backend_authority_get_type -POLKIT_BACKEND_AUTHORITY_CLASS -POLKIT_BACKEND_IS_AUTHORITY_CLASS -POLKIT_BACKEND_AUTHORITY_GET_CLASS -</SECTION> - -<SECTION> -<FILE>polkitbackendactionlookup</FILE> -<TITLE>PolkitBackendActionLookup</TITLE> -POLKIT_BACKEND_ACTION_LOOKUP_EXTENSION_POINT_NAME -PolkitBackendActionLookup -PolkitBackendActionLookupIface -polkit_backend_action_lookup_get_message -polkit_backend_action_lookup_get_icon_name -polkit_backend_action_lookup_get_details -<SUBSECTION Standard> -POLKIT_BACKEND_ACTION_LOOKUP -POLKIT_BACKEND_IS_ACTION_LOOKUP -POLKIT_BACKEND_TYPE_ACTION_LOOKUP -polkit_backend_action_lookup_get_type -POLKIT_BACKEND_ACTION_LOOKUP_GET_IFACE -</SECTION> - -<SECTION> -<FILE>polkitbackendlocalauthority</FILE> -<TITLE>PolkitBackendLocalAuthority</TITLE> -PolkitBackendLocalAuthority -PolkitBackendLocalAuthorityClass -<SUBSECTION Standard> -POLKIT_BACKEND_LOCAL_AUTHORITY -POLKIT_BACKEND_IS_LOCAL_AUTHORITY -POLKIT_BACKEND_TYPE_LOCAL_AUTHORITY -polkit_backend_local_authority_get_type -POLKIT_BACKEND_LOCAL_AUTHORITY_CLASS -POLKIT_BACKEND_IS_LOCAL_AUTHORITY_CLASS -POLKIT_BACKEND_LOCAL_AUTHORITY_GET_CLASS -</SECTION> - -<SECTION> -<FILE>polkitbackendinteractiveauthority</FILE> -<TITLE>PolkitBackendInteractiveAuthority</TITLE> -PolkitBackendInteractiveAuthority -PolkitBackendInteractiveAuthorityClass -polkit_backend_interactive_authority_get_admin_identities -polkit_backend_interactive_authority_check_authorization_sync -<SUBSECTION Standard> -POLKIT_BACKEND_INTERACTIVE_AUTHORITY -POLKIT_BACKEND_IS_INTERACTIVE_AUTHORITY -POLKIT_BACKEND_TYPE_INTERACTIVE_AUTHORITY -polkit_backend_interactive_authority_get_type -POLKIT_BACKEND_INTERACTIVE_AUTHORITY_CLASS -POLKIT_BACKEND_IS_INTERACTIVE_AUTHORITY_CLASS -POLKIT_BACKEND_INTERACTIVE_AUTHORITY_GET_CLASS -</SECTION> - -<SECTION> <FILE>polkitagentsession</FILE> <TITLE>PolkitAgentSession</TITLE> PolkitAgentSession diff --git a/docs/polkit/polkit-1.types b/docs/polkit/polkit-1.types index b1e13cc..6354d12 100644 --- a/docs/polkit/polkit-1.types +++ b/docs/polkit/polkit-1.types @@ -16,15 +16,6 @@ polkit_authorization_result_get_type polkit_temporary_authorization_get_type polkit_permission_get_type -polkit_backend_authority_get_type -polkit_backend_interactive_authority_get_type -polkit_backend_local_authority_get_type -polkit_backend_action_lookup_get_type -polkit_backend_action_pool_get_type -polkit_backend_session_monitor_get_type -polkit_backend_config_source_get_type -polkit_backend_local_authorization_store_get_type - polkit_agent_session_get_type polkit_agent_listener_get_type polkit_agent_text_listener_get_type diff --git a/po/POTFILES.in b/po/POTFILES.in index 02f8255..6e76bdd 100644 --- a/po/POTFILES.in +++ b/po/POTFILES.in @@ -3,5 +3,4 @@ [encoding: UTF-8] actions/org.freedesktop.policykit.policy.in src/examples/org.freedesktop.policykit.examples.pkexec.policy.in -src/polkitbackend/polkitbackendlocalauthority.c src/programs/pkexec.c diff --git a/src/Makefile.am b/src/Makefile.am index 28c7bfa..3380fb2 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -1,5 +1,5 @@ -SUBDIRS = polkit polkitbackend polkitagent polkitd nullbackend programs +SUBDIRS = polkit polkitbackend polkitagent polkitd programs if BUILD_EXAMPLES SUBDIRS += examples diff --git a/src/nullbackend/50-nullbackend.conf b/src/nullbackend/50-nullbackend.conf deleted file mode 100644 index 3497677..0000000 --- a/src/nullbackend/50-nullbackend.conf +++ /dev/null @@ -1,16 +0,0 @@ -# -# Configuration file for the PolicyKit null backend. -# -# DO NOT EDIT THIS FILE, it will be overwritten on update. -# -# To change configuration, create another file in this directory with -# a filename that is sorted after the 50-nullback.conf and make -# sure it has the .conf extension. -# -# Only a single configuration item, Priority, is supported. -# -# See the PolicyKit documentation for more information about PolicyKit. -# - -[Configuration] -Priority=-10 diff --git a/src/nullbackend/Makefile.am b/src/nullbackend/Makefile.am deleted file mode 100644 index c683818..0000000 --- a/src/nullbackend/Makefile.am +++ /dev/null @@ -1,50 +0,0 @@ - -NULL = - -module_flags = -export_dynamic -avoid-version -module -no-undefined -export-symbols-regex '^g_io_module_(load|unload)' - -INCLUDES = \ - -I$(top_builddir)/src \ - -I$(top_srcdir)/src \ - -DPACKAGE_LIBEXEC_DIR=\""$(libexecdir)"\" \ - -DPACKAGE_SYSCONF_DIR=\""$(sysconfdir)"\" \ - -DPACKAGE_DATA_DIR=\""$(datadir)"\" \ - -DPACKAGE_BIN_DIR=\""$(bindir)"\" \ - -DPACKAGE_LOCALSTATE_DIR=\""$(localstatedir)"\" \ - -DPACKAGE_LOCALE_DIR=\""$(localedir)"\" \ - -DPACKAGE_LIB_DIR=\""$(libdir)"\" \ - -D_POSIX_PTHREAD_SEMANTICS \ - -D_REENTRANT \ - -D_POLKIT_BACKEND_COMPILATION \ - $(NULL) - -polkitmodulesdir = $(libdir)/polkit-1/extensions -polkitmodules_LTLIBRARIES = libnullbackend.la - -libnullbackend_la_SOURCES = \ - nullbackend.c \ - polkitbackendnullauthority.c polkitbackendnullauthority.h \ - $(NULL) - -libnullbackend_la_CFLAGS = \ - -DPOLKIT_BACKEND_I_KNOW_API_IS_SUBJECT_TO_CHANGE \ - -DG_LOG_DOMAIN=\"PolkitNullBackend\" \ - $(GLIB_CFLAGS) \ - $(NULL) - -libnullbackend_la_LDFLAGS = \ - $(module_flags) \ - $(GLIB_LIBS) \ - $(top_builddir)/src/polkitbackend/libpolkit-backend-1.la \ - $(NULL) - -libnullbackend_la_LIBADD = \ - $(NULL) - -nullconfigdir = $(sysconfdir)/polkit-1/nullbackend.conf.d -nullconfig_DATA = 50-nullbackend.conf - -EXTRA_DIST = $(nullconfig_DATA) - -clean-local : - rm -f *~ diff --git a/src/nullbackend/nullbackend.c b/src/nullbackend/nullbackend.c deleted file mode 100644 index 0436cf0..0000000 --- a/src/nullbackend/nullbackend.c +++ /dev/null @@ -1,34 +0,0 @@ -/* - * Copyright (C) 2009 Red Hat, Inc. - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General - * Public License along with this library; if not, write to the - * Free Software Foundation, Inc., 59 Temple Place, Suite 330, - * Boston, MA 02111-1307, USA. - * - * Author: David Zeuthen <davidz@redhat.com> - */ - -#include "polkitbackendnullauthority.h" - -void -g_io_module_load (GIOModule *module) -{ - polkit_backend_null_authority_register (module); -} - -void -g_io_module_unload (GIOModule *module) -{ -} - diff --git a/src/nullbackend/polkitbackendnullauthority.c b/src/nullbackend/polkitbackendnullauthority.c deleted file mode 100644 index 7491540..0000000 --- a/src/nullbackend/polkitbackendnullauthority.c +++ /dev/null @@ -1,195 +0,0 @@ -/* - * Copyright (C) 2008 Red Hat, Inc. - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General - * Public License along with this library; if not, write to the - * Free Software Foundation, Inc., 59 Temple Place, Suite 330, - * Boston, MA 02111-1307, USA. - * - * Author: David Zeuthen <davidz@redhat.com> - */ - -#include "config.h" -#include <errno.h> -#include <pwd.h> -#include <grp.h> -#include <string.h> -#include <glib/gstdio.h> - -#include "polkitbackend/polkitbackendconfigsource.h" -#include "polkitbackendnullauthority.h" - -struct _PolkitBackendNullAuthorityPrivate -{ - gint foo; -}; - -static GList *authority_enumerate_actions (PolkitBackendAuthority *authority, - PolkitSubject *caller, - const gchar *locale, - GError **error); - -static void authority_check_authorization (PolkitBackendAuthority *authority, - PolkitSubject *caller, - PolkitSubject *subject, - const gchar *action_id, - PolkitDetails *details, - PolkitCheckAuthorizationFlags flags, - GCancellable *cancellable, - GAsyncReadyCallback callback, - gpointer user_data); - -static PolkitAuthorizationResult *authority_check_authorization_finish (PolkitBackendAuthority *authority, - GAsyncResult *res, - GError **error); - -G_DEFINE_DYNAMIC_TYPE (PolkitBackendNullAuthority, polkit_backend_null_authority,POLKIT_BACKEND_TYPE_AUTHORITY); - -static void -polkit_backend_null_authority_init (PolkitBackendNullAuthority *authority) -{ - authority->priv = G_TYPE_INSTANCE_GET_PRIVATE (authority, - POLKIT_BACKEND_TYPE_NULL_AUTHORITY, - PolkitBackendNullAuthorityPrivate); -} - -static void -polkit_backend_null_authority_finalize (GObject *object) -{ - G_OBJECT_CLASS (polkit_backend_null_authority_parent_class)->finalize (object); -} - -static const gchar * -authority_get_name (PolkitBackendAuthority *authority) -{ - return "null"; -} - -static const gchar * -authority_get_version (PolkitBackendAuthority *authority) -{ - return PACKAGE_VERSION; -} - -static PolkitAuthorityFeatures -authority_get_features (PolkitBackendAuthority *authority) -{ - return POLKIT_AUTHORITY_FEATURES_NONE; -} - -static void -polkit_backend_null_authority_class_init (PolkitBackendNullAuthorityClass *klass) -{ - GObjectClass *gobject_class; - PolkitBackendAuthorityClass *authority_class; - - gobject_class = G_OBJECT_CLASS (klass); - authority_class = POLKIT_BACKEND_AUTHORITY_CLASS (klass); - - gobject_class->finalize = polkit_backend_null_authority_finalize; - - authority_class->get_name = authority_get_name; - authority_class->get_version = authority_get_version; - authority_class->get_features = authority_get_features; - authority_class->enumerate_actions = authority_enumerate_actions; - authority_class->check_authorization = authority_check_authorization; - authority_class->check_authorization_finish = authority_check_authorization_finish; - - g_type_class_add_private (klass, sizeof (PolkitBackendNullAuthorityPrivate)); -} - -static void -polkit_backend_null_authority_class_finalize (PolkitBackendNullAuthorityClass *klass) -{ -} - -void -polkit_backend_null_authority_register (GIOModule *module) -{ - gint priority; - GFile *directory; - PolkitBackendConfigSource *source; - - directory = g_file_new_for_path (PACKAGE_SYSCONF_DIR "/polkit-1/nullbackend.conf.d"); - source = polkit_backend_config_source_new (directory); - - priority = polkit_backend_config_source_get_integer (source, "Configuration", "Priority", NULL); - - polkit_backend_null_authority_register_type (G_TYPE_MODULE (module)); - - g_print ("Registering null backend at priority %d\n", priority); - - g_io_extension_point_implement (POLKIT_BACKEND_AUTHORITY_EXTENSION_POINT_NAME, - POLKIT_BACKEND_TYPE_NULL_AUTHORITY, - "null backend " PACKAGE_VERSION, - priority); - - g_object_unref (directory); - g_object_unref (source); -} - -/* ---------------------------------------------------------------------------------------------------- */ - -static GList * -authority_enumerate_actions (PolkitBackendAuthority *authority, - PolkitSubject *caller, - const gchar *locale, - GError **error) -{ - /* We don't know any actions */ - return NULL; -} - -static void -authority_check_authorization (PolkitBackendAuthority *authority, - PolkitSubject *caller, - PolkitSubject *subject, - const gchar *action_id, - PolkitDetails *details, - PolkitCheckAuthorizationFlags flags, - GCancellable *cancellable, - GAsyncReadyCallback callback, - gpointer user_data) -{ - GSimpleAsyncResult *simple; - - /* complete immediately */ - simple = g_simple_async_result_new (G_OBJECT (authority), - callback, - user_data, - authority_check_authorization); - g_simple_async_result_complete (simple); - g_object_unref (simple); -} - -static PolkitAuthorizationResult * -authority_check_authorization_finish (PolkitBackendAuthority *authority, - GAsyncResult *res, - GError **error) -{ - GSimpleAsyncResult *simple; - PolkitAuthorizationResult *result; - - simple = G_SIMPLE_ASYNC_RESULT (res); - - g_warn_if_fail (g_simple_async_result_get_source_tag (simple) == authority_check_authorization); - - /* we always return NOT_AUTHORIZED, never an error */ - result = polkit_authorization_result_new (FALSE, FALSE, NULL); - - if (g_simple_async_result_propagate_error (simple, error)) - goto out; - - out: - return result; -} diff --git a/src/nullbackend/polkitbackendnullauthority.h b/src/nullbackend/polkitbackendnullauthority.h deleted file mode 100644 index 318e482..0000000 --- a/src/nullbackend/polkitbackendnullauthority.h +++ /dev/null @@ -1,59 +0,0 @@ -/* - * Copyright (C) 2009 Red Hat, Inc. - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General - * Public License along with this library; if not, write to the - * Free Software Foundation, Inc., 59 Temple Place, Suite 330, - * Boston, MA 02111-1307, USA. - * - * Author: David Zeuthen <davidz@redhat.com> - */ - -#ifndef __POLKIT_BACKEND_NULL_AUTHORITY_H -#define __POLKIT_BACKEND_NULL_AUTHORITY_H - -#include <polkitbackend/polkitbackend.h> - -G_BEGIN_DECLS - -#define POLKIT_BACKEND_TYPE_NULL_AUTHORITY (polkit_backend_null_authority_get_type ()) -#define POLKIT_BACKEND_NULL_AUTHORITY(o) (G_TYPE_CHECK_INSTANCE_CAST ((o), POLKIT_BACKEND_TYPE_NULL_AUTHORITY, PolkitBackendNullAuthority)) -#define POLKIT_BACKEND_NULL_AUTHORITY_CLASS(k) (G_TYPE_CHECK_CLASS_CAST ((k), POLKIT_BACKEND_TYPE_NULL_AUTHORITY, PolkitBackendNullAuthorityClass)) -#define POLKIT_BACKEND_NULL_AUTHORITY_GET_CLASS(o) (G_TYPE_INSTANCE_GET_CLASS ((o), POLKIT_BACKEND_TYPE_NULL_AUTHORITY,PolkitBackendNullAuthorityClass)) -#define POLKIT_BACKEND_IS_NULL_AUTHORITY(o) (G_TYPE_CHECK_INSTANCE_TYPE ((o), POLKIT_BACKEND_TYPE_NULL_AUTHORITY)) -#define POLKIT_BACKEND_IS_NULL_AUTHORITY_CLASS(k) (G_TYPE_CHECK_CLASS_TYPE ((k), POLKIT_BACKEND_TYPE_NULL_AUTHORITY)) - -typedef struct _PolkitBackendNullAuthority PolkitBackendNullAuthority; -typedef struct _PolkitBackendNullAuthorityClass PolkitBackendNullAuthorityClass; -typedef struct _PolkitBackendNullAuthorityPrivate PolkitBackendNullAuthorityPrivate; - -struct _PolkitBackendNullAuthority -{ - PolkitBackendAuthority parent_instance; - PolkitBackendNullAuthorityPrivate *priv; -}; - -struct _PolkitBackendNullAuthorityClass -{ - PolkitBackendAuthorityClass parent_class; - -}; - -GType polkit_backend_null_authority_get_type (void) G_GNUC_CONST; - -void polkit_backend_null_authority_register (GIOModule *module); - -G_END_DECLS - -#endif /* __POLKIT_BACKEND_NULL_AUTHORITY_H */ - diff --git a/src/polkitbackend/Makefile.am b/src/polkitbackend/Makefile.am index 17d8310..c5b8d8a 100644 --- a/src/polkitbackend/Makefile.am +++ b/src/polkitbackend/Makefile.am @@ -18,25 +18,13 @@ INCLUDES = \ -D_REENTRANT \ $(NULL) -lib_LTLIBRARIES=libpolkit-backend-1.la - -libpolkit_backend_1includedir=$(includedir)/polkit-1/polkitbackend - +noinst_LTLIBRARIES=libpolkit-backend-1.la initjs.h : init.js $(PERL) $(srcdir)/toarray.pl $(srcdir)/init.js init_js > $@ BUILT_SOURCES += initjs.h -libpolkit_backend_1include_HEADERS = \ - polkitbackend.h \ - polkitbackendtypes.h \ - polkitbackendauthority.h \ - polkitbackendinteractiveauthority.h \ - polkitbackendlocalauthority.h \ - polkitbackendactionlookup.h \ - $(NULL) - libpolkit_backend_1_la_SOURCES = \ $(BUILT_SOURCES) \ polkitbackend.h \ @@ -44,12 +32,10 @@ libpolkit_backend_1_la_SOURCES = \ polkitbackendprivate.h \ polkitbackendauthority.h polkitbackendauthority.c \ polkitbackendinteractiveauthority.h polkitbackendinteractiveauthority.c \ - polkitbackendlocalauthority.h polkitbackendlocalauthority.c \ polkitbackendjsauthority.h polkitbackendjsauthority.c \ polkitbackendactionpool.h polkitbackendactionpool.c \ polkitbackendconfigsource.h polkitbackendconfigsource.c \ polkitbackendactionlookup.h polkitbackendactionlookup.c \ - polkitbackendlocalauthorizationstore.h polkitbackendlocalauthorizationstore.c \ $(NULL) if HAVE_LIBSYSTEMD_LOGIN @@ -76,15 +62,9 @@ libpolkit_backend_1_la_LIBADD = \ $(LIBJS_LIBS) \ $(NULL) -libpolkit_backend_1_la_LDFLAGS = -export-symbols-regex '(^polkit_.*)' - CLEANFILES = $(BUILT_SOURCES) -localauthorityconfigdir = $(sysconfdir)/polkit-1/localauthority.conf.d -localauthorityconfig_DATA = 50-localauthority.conf - EXTRA_DIST = \ - $(localauthorityconfig_DATA) \ init.js \ toarray.pl \ $(NULL) @@ -96,13 +76,6 @@ clean-local : rm -f *~ $(BUILT_SOURCES) install-exec-hook: - mkdir -p $(DESTDIR)$(localstatedir)/lib/polkit-1 - mkdir -p $(DESTDIR)$(localstatedir)/lib/polkit-1/localauthority/{10-vendor.d,20-org.d,30-site.d,50-local.d,90-mandatory.d} - -chmod 700 $(DESTDIR)$(localstatedir)/lib/polkit-1 - mkdir -p $(DESTDIR)$(sysconfdir)/polkit-1 - mkdir -p $(DESTDIR)$(sysconfdir)/polkit-1/localauthority/{10-vendor.d,20-org.d,30-site.d,50-local.d,90-mandatory.d} - -chmod 700 $(DESTDIR)$(sysconfdir)/polkit-1/localauthority - mkdir -p $(DESTDIR)$(libdir)/polkit-1/extensions mkdir -p $(DESTDIR)$(sysconfdir)/polkit-1/rules.d -chmod 700 $(DESTDIR)$(sysconfdir)/polkit-1/rules.d mkdir -p $(DESTDIR)$(datadir)/polkit-1/rules.d diff --git a/src/polkitbackend/polkitbackend.h b/src/polkitbackend/polkitbackend.h index 9b79d14..afa4be3 100644 --- a/src/polkitbackend/polkitbackend.h +++ b/src/polkitbackend/polkitbackend.h @@ -32,7 +32,6 @@ #include <polkitbackend/polkitbackendtypes.h> #include <polkitbackend/polkitbackendauthority.h> #include <polkitbackend/polkitbackendinteractiveauthority.h> -#include <polkitbackend/polkitbackendlocalauthority.h> #include <polkitbackend/polkitbackendactionlookup.h> #undef _POLKIT_BACKEND_INSIDE_POLKIT_BACKEND_H diff --git a/src/polkitbackend/polkitbackendauthority.c b/src/polkitbackend/polkitbackendauthority.c index e127247..91ece26 100644 --- a/src/polkitbackend/polkitbackendauthority.c +++ b/src/polkitbackend/polkitbackendauthority.c @@ -30,7 +30,6 @@ #include <polkit/polkitprivate.h> #include "polkitbackendauthority.h" -#include "polkitbackendlocalauthority.h" #include "polkitbackendjsauthority.h" #include "polkitbackendprivate.h" @@ -40,7 +39,7 @@ * @title: PolkitBackendAuthority * @short_description: Abstract base class for authority backends * @stability: Unstable - * @see_also: PolkitBackendLocalAuthority + * @see_also: PolkitBackendJsAuthority * * To implement an authority backend, simply subclass #PolkitBackendAuthority * and implement the required VFuncs. @@ -57,7 +56,7 @@ static guint signals[LAST_SIGNAL] = {0}; G_DEFINE_ABSTRACT_TYPE (PolkitBackendAuthority, polkit_backend_authority, G_TYPE_OBJECT); static void -polkit_backend_authority_init (PolkitBackendAuthority *local_authority) +polkit_backend_authority_init (PolkitBackendAuthority *authority) { } @@ -1349,71 +1348,30 @@ polkit_backend_authority_register (PolkitBackendAuthority *authority, /** * polkit_backend_authority_get: * - * Loads all #GIOModule<!-- -->s from <filename>$(libdir)/polkit-1/extensions</filename> to determine - * what implementation of #PolkitBackendAuthority to use. Then instantiates an object of the - * implementation with the highest priority and unloads all other modules. + * Gets the #PolkitBackendAuthority to use. * * Returns: A #PolkitBackendAuthority. Free with g_object_unref(). - **/ + */ PolkitBackendAuthority * polkit_backend_authority_get (void) { - static GIOExtensionPoint *ep = NULL; - static volatile GType local_authority_type = G_TYPE_INVALID; - static volatile GType js_authority_type = G_TYPE_INVALID; - GList *modules; - GList *authority_implementations; - GType authority_type; PolkitBackendAuthority *authority; - gchar *s; - - /* define extension points */ - if (ep == NULL) - { - ep = g_io_extension_point_register (POLKIT_BACKEND_AUTHORITY_EXTENSION_POINT_NAME); - g_io_extension_point_set_required_type (ep, POLKIT_BACKEND_TYPE_AUTHORITY); - } - - /* make sure local types are registered */ - if (local_authority_type == G_TYPE_INVALID) - local_authority_type = POLKIT_BACKEND_TYPE_LOCAL_AUTHORITY; - if (js_authority_type == G_TYPE_INVALID) - js_authority_type = POLKIT_BACKEND_TYPE_JS_AUTHORITY; - - /* load all modules */ - modules = g_io_modules_load_all_in_directory (PACKAGE_LIB_DIR "/polkit-1/extensions"); - /* find all extensions; we have at least one here since we've registered the local backend */ - authority_implementations = g_io_extension_point_get_extensions (ep); + /* TODO: move to polkitd/main.c */ - /* the returned list is sorted according to priority so just take the highest one */ - authority_type = g_io_extension_get_type ((GIOExtension*) authority_implementations->data); - authority = POLKIT_BACKEND_AUTHORITY (g_object_new (authority_type, NULL)); - - /* unload all modules; the module our instantiated authority is in won't be unloaded because - * we've instantiated a reference to a type in this module - */ - g_list_foreach (modules, (GFunc) g_type_module_unuse, NULL); - g_list_free (modules); - - /* First announce that we've started in the generic log */ + /* Announce that we've started in the generic log */ openlog ("polkitd", LOG_PID, LOG_DAEMON); /* system daemons without separate facility value */ - syslog (LOG_INFO, - "started daemon version %s using authority implementation `%s' version `%s'", - VERSION, - polkit_backend_authority_get_name (authority), - polkit_backend_authority_get_version (authority)); + syslog (LOG_INFO, "Started polkitd version %s", VERSION); closelog (); - /* and then log to the secure log */ - s = g_strdup_printf ("polkitd(authority=%s)", polkit_backend_authority_get_name (authority)); - openlog (s, - 0, + /* then start logging to the secure log */ + openlog ("polkitd", + LOG_PID, LOG_AUTHPRIV); /* security/authorization messages (private) */ - /* Ugh, can't free the string - gah, thanks openlog(3) */ - /*g_free (s);*/ + + authority = POLKIT_BACKEND_AUTHORITY (g_object_new (POLKIT_BACKEND_TYPE_JS_AUTHORITY, NULL)); return authority; } diff --git a/src/polkitbackend/polkitbackendauthority.h b/src/polkitbackend/polkitbackendauthority.h index a564054..f9f7385 100644 --- a/src/polkitbackend/polkitbackendauthority.h +++ b/src/polkitbackend/polkitbackendauthority.h @@ -43,13 +43,6 @@ G_BEGIN_DECLS typedef struct _PolkitBackendAuthorityClass PolkitBackendAuthorityClass; /** - * POLKIT_BACKEND_AUTHORITY_EXTENSION_POINT_NAME: - * - * Extension point name for authority backend implementations. - */ -#define POLKIT_BACKEND_AUTHORITY_EXTENSION_POINT_NAME "polkit-backend-authority-1" - -/** * PolkitBackendAuthority: * * The #PolkitBackendAuthority struct should not be accessed directly. diff --git a/src/polkitbackend/polkitbackendjsauthority.c b/src/polkitbackend/polkitbackendjsauthority.c index a7bf50b..39a6376 100644 --- a/src/polkitbackend/polkitbackendjsauthority.c +++ b/src/polkitbackend/polkitbackendjsauthority.c @@ -114,13 +114,7 @@ static PolkitImplicitAuthorization polkit_backend_js_authority_check_authorizati PolkitDetails *details, PolkitImplicitAuthorization implicit); -G_DEFINE_TYPE_WITH_CODE (PolkitBackendJsAuthority, - polkit_backend_js_authority, - POLKIT_BACKEND_TYPE_INTERACTIVE_AUTHORITY, - g_io_extension_point_implement (POLKIT_BACKEND_AUTHORITY_EXTENSION_POINT_NAME, - g_define_type_id, - "js-authority" PACKAGE_VERSION, - 10)); +G_DEFINE_TYPE (PolkitBackendJsAuthority, polkit_backend_js_authority, POLKIT_BACKEND_TYPE_INTERACTIVE_AUTHORITY); /* ---------------------------------------------------------------------------------------------------- */ diff --git a/src/polkitbackend/polkitbackendlocalauthority.c b/src/polkitbackend/polkitbackendlocalauthority.c deleted file mode 100644 index 2e5e8fe..0000000 --- a/src/polkitbackend/polkitbackendlocalauthority.c +++ /dev/null @@ -1,783 +0,0 @@ -/* - * Copyright (C) 2008 Red Hat, Inc. - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General - * Public License along with this library; if not, write to the - * Free Software Foundation, Inc., 59 Temple Place, Suite 330, - * Boston, MA 02111-1307, USA. - * - * Author: David Zeuthen <davidz@redhat.com> - */ - -#include "config.h" -#include <errno.h> -#include <pwd.h> -#include <grp.h> -#include <netdb.h> -#include <string.h> -#include <glib/gstdio.h> -#include <locale.h> -#include <glib/gi18n-lib.h> - -#include <polkit/polkit.h> -#include "polkitbackendconfigsource.h" -#include "polkitbackendlocalauthority.h" -#include "polkitbackendlocalauthorizationstore.h" - -#include <polkit/polkitprivate.h> - -/** - * SECTION:polkitbackendlocalauthority - * @title: PolkitBackendLocalAuthority - * @short_description: Local Authority - * @stability: Unstable - * - * An implementation of #PolkitBackendAuthority that stores - * authorizations on the local file system, supports interaction with - * authentication agents (virtue of being based on - * #PolkitBackendInteractiveAuthority). - */ - -/* ---------------------------------------------------------------------------------------------------- */ - -static GList *get_users_in_group (PolkitIdentity *group, - gboolean include_root); - -static GList *get_users_in_net_group (PolkitIdentity *group, - gboolean include_root); - -static GList *get_groups_for_user (PolkitIdentity *user); - -/* ---------------------------------------------------------------------------------------------------- */ - -typedef struct -{ - gchar *config_path; - PolkitBackendConfigSource *config_source; - - gchar **authorization_store_paths; - GList *authorization_stores; - GList *authorization_store_monitors; - -} PolkitBackendLocalAuthorityPrivate; - -/* ---------------------------------------------------------------------------------------------------- */ - -enum -{ - PROP_0, - - // Path overrides used for unit testing - PROP_CONFIG_PATH, - PROP_AUTH_STORE_PATHS, -}; - -/* ---------------------------------------------------------------------------------------------------- */ - -static GList *polkit_backend_local_authority_get_admin_auth_identities (PolkitBackendInteractiveAuthority *authority, - PolkitSubject *caller, - PolkitSubject *subject, - PolkitIdentity *user_for_subject, - const gchar *action_id, - PolkitDetails *details); - -static PolkitImplicitAuthorization polkit_backend_local_authority_check_authorization_sync ( - PolkitBackendInteractiveAuthority *authority, - PolkitSubject *caller, - PolkitSubject *subject, - PolkitIdentity *user_for_subject, - gboolean subject_is_local, - gboolean subject_is_active, - const gchar *action_id, - PolkitDetails *details, - PolkitImplicitAuthorization implicit); - -G_DEFINE_TYPE_WITH_CODE (PolkitBackendLocalAuthority, - polkit_backend_local_authority, - POLKIT_BACKEND_TYPE_INTERACTIVE_AUTHORITY, - g_io_extension_point_implement (POLKIT_BACKEND_AUTHORITY_EXTENSION_POINT_NAME, - g_define_type_id, - "local-authority" PACKAGE_VERSION, - 0)); - -#define POLKIT_BACKEND_LOCAL_AUTHORITY_GET_PRIVATE(o) (G_TYPE_INSTANCE_GET_PRIVATE ((o), POLKIT_BACKEND_TYPE_LOCAL_AUTHORITY, PolkitBackendLocalAuthorityPrivate)) - -/* ---------------------------------------------------------------------------------------------------- */ - -static void -on_store_changed (PolkitBackendLocalAuthorizationStore *store, - gpointer user_data) -{ - PolkitBackendLocalAuthority *authority = POLKIT_BACKEND_LOCAL_AUTHORITY (user_data); - - g_signal_emit_by_name (authority, "changed"); -} - -/* ---------------------------------------------------------------------------------------------------- */ - -static void -purge_all_authorization_stores (PolkitBackendLocalAuthority *authority) -{ - PolkitBackendLocalAuthorityPrivate *priv; - GList *l; - - priv = POLKIT_BACKEND_LOCAL_AUTHORITY_GET_PRIVATE (authority); - - for (l = priv->authorization_stores; l != NULL; l = l->next) - { - PolkitBackendLocalAuthorizationStore *store = POLKIT_BACKEND_LOCAL_AUTHORIZATION_STORE (l->data); - g_signal_handlers_disconnect_by_func (store, - G_CALLBACK (on_store_changed), - authority); - g_object_unref (store); - } - g_list_free (priv->authorization_stores); - priv->authorization_stores = NULL; - - g_debug ("Purged all local authorization stores"); -} - -/* ---------------------------------------------------------------------------------------------------- */ - -static void -add_one_authorization_store (PolkitBackendLocalAuthority *authority, - GFile *directory) -{ - PolkitBackendLocalAuthorizationStore *store; - PolkitBackendLocalAuthorityPrivate *priv; - - priv = POLKIT_BACKEND_LOCAL_AUTHORITY_GET_PRIVATE (authority); - - store = polkit_backend_local_authorization_store_new (directory, ".pkla"); - priv->authorization_stores = g_list_append (priv->authorization_stores, store); - - g_signal_connect (store, - "changed", - G_CALLBACK (on_store_changed), - authority); -} - -static gint -authorization_store_path_compare_func (GFile *file_a, - GFile *file_b) -{ - const gchar *a; - const gchar *b; - - a = g_object_get_data (G_OBJECT (file_a), "sort-key"); - b = g_object_get_data (G_OBJECT (file_b), "sort-key"); - - return g_strcmp0 (a, b); -} - -static void -add_all_authorization_stores (PolkitBackendLocalAuthority *authority) -{ - PolkitBackendLocalAuthorityPrivate *priv; - guint n; - GList *directories; - GList *l; - - priv = POLKIT_BACKEND_LOCAL_AUTHORITY_GET_PRIVATE (authority); - directories = NULL; - - for (n = 0; priv->authorization_store_paths && priv->authorization_store_paths[n]; n++) - { - const gchar *toplevel_path; - GFile *toplevel_directory; - GFileEnumerator *directory_enumerator; - GFileInfo *file_info; - GError *error; - - error = NULL; - - toplevel_path = priv->authorization_store_paths[n]; - toplevel_directory = g_file_new_for_path (toplevel_path); - directory_enumerator = g_file_enumerate_children (toplevel_directory, - "standard::name,standard::type", - G_FILE_QUERY_INFO_NONE, - NULL, - &error); - if (directory_enumerator == NULL) - { - g_warning ("Error getting enumerator for %s: %s", toplevel_path, error->message); - g_error_free (error); - g_object_unref (toplevel_directory); - continue; - } - - while ((file_info = g_file_enumerator_next_file (directory_enumerator, NULL, &error)) != NULL) - { - /* only consider directories */ - if (g_file_info_get_file_type (file_info) == G_FILE_TYPE_DIRECTORY) - { - const gchar *name; - GFile *directory; - gchar *sort_key; - - name = g_file_info_get_name (file_info); - - /* This makes entries in directories in /etc take precedence to entries in directories in /var */ - sort_key = g_strdup_printf ("%s-%d", name, n); - - directory = g_file_get_child (toplevel_directory, name); - g_object_set_data_full (G_OBJECT (directory), "sort-key", sort_key, g_free); - - directories = g_list_prepend (directories, directory); - } - g_object_unref (file_info); - } - if (error != NULL) - { - g_warning ("Error enumerating files in %s: %s", toplevel_path, error->message); - g_error_free (error); - g_object_unref (toplevel_directory); - g_object_unref (directory_enumerator); - continue; - } - g_object_unref (directory_enumerator); - g_object_unref (toplevel_directory); - } - - /* Sort directories */ - directories = g_list_sort (directories, (GCompareFunc) authorization_store_path_compare_func); - - /* And now add an authorization store for each one */ - for (l = directories; l != NULL; l = l->next) - { - GFile *directory = G_FILE (l->data); - gchar *name; - - name = g_file_get_path (directory); - g_debug ("Added `%s' as a local authorization store", name); - g_free (name); - - add_one_authorization_store (authority, directory); - } - - g_list_foreach (directories, (GFunc) g_object_unref, NULL); - g_list_free (directories); -} - -/* ---------------------------------------------------------------------------------------------------- */ - -static void -on_toplevel_authority_store_monitor_changed (GFileMonitor *monitor, - GFile *file, - GFile *other_file, - GFileMonitorEvent event_type, - gpointer user_data) -{ - PolkitBackendLocalAuthority *authority = POLKIT_BACKEND_LOCAL_AUTHORITY (user_data); - - purge_all_authorization_stores (authority); - add_all_authorization_stores (authority); -} - -static void -polkit_backend_local_authority_init (PolkitBackendLocalAuthority *authority) -{ - PolkitBackendLocalAuthorityPrivate *priv; - - priv = POLKIT_BACKEND_LOCAL_AUTHORITY_GET_PRIVATE (authority); - - priv->config_path = NULL; - priv->authorization_store_paths = NULL; -} - -static void -polkit_backend_local_authority_constructed (GObject *object) -{ - PolkitBackendLocalAuthority *authority; - PolkitBackendLocalAuthorityPrivate *priv; - GFile *config_directory; - guint n; - - authority = POLKIT_BACKEND_LOCAL_AUTHORITY (object); - priv = POLKIT_BACKEND_LOCAL_AUTHORITY_GET_PRIVATE (authority); - - g_debug ("Using config directory `%s'", priv->config_path); - config_directory = g_file_new_for_path (priv->config_path); - priv->config_source = polkit_backend_config_source_new (config_directory); - g_object_unref (config_directory); - - add_all_authorization_stores (authority); - - /* Monitor the toplevels */ - priv->authorization_store_monitors = NULL; - for (n = 0; priv->authorization_store_paths && priv->authorization_store_paths[n]; n++) - { - const gchar *toplevel_path; - GFile *toplevel_directory; - GFileMonitor *monitor; - GError *error; - - toplevel_path = priv->authorization_store_paths[n]; - toplevel_directory = g_file_new_for_path (toplevel_path); - - error = NULL; - monitor = g_file_monitor_directory (toplevel_directory, - G_FILE_MONITOR_NONE, - NULL, - &error); - if (monitor == NULL) - { - g_warning ("Error creating file monitor for %s: %s", toplevel_path, error->message); - g_error_free (error); - g_object_unref (toplevel_directory); - continue; - } - - g_debug ("Monitoring `%s' for changes", toplevel_path); - - g_signal_connect (monitor, - "changed", - G_CALLBACK (on_toplevel_authority_store_monitor_changed), - authority); - - priv->authorization_store_monitors = g_list_append (priv->authorization_store_monitors, monitor); - - g_object_unref (toplevel_directory); - } - - G_OBJECT_CLASS (polkit_backend_local_authority_parent_class)->constructed (object); -} - -static void -polkit_backend_local_authority_finalize (GObject *object) -{ - PolkitBackendLocalAuthority *local_authority; - PolkitBackendLocalAuthorityPrivate *priv; - - local_authority = POLKIT_BACKEND_LOCAL_AUTHORITY (object); - priv = POLKIT_BACKEND_LOCAL_AUTHORITY_GET_PRIVATE (local_authority); - - purge_all_authorization_stores (local_authority); - - g_list_free_full (priv->authorization_store_monitors, g_object_unref); - - if (priv->config_source != NULL) - g_object_unref (priv->config_source); - - g_free (priv->config_path); - g_strfreev (priv->authorization_store_paths); - - G_OBJECT_CLASS (polkit_backend_local_authority_parent_class)->finalize (object); -} - -static const gchar * -polkit_backend_local_authority_get_name (PolkitBackendAuthority *authority) -{ - return "local"; -} - -static const gchar * -polkit_backend_local_authority_get_version (PolkitBackendAuthority *authority) -{ - return PACKAGE_VERSION; -} - -static PolkitAuthorityFeatures -polkit_backend_local_authority_get_features (PolkitBackendAuthority *authority) -{ - return POLKIT_AUTHORITY_FEATURES_TEMPORARY_AUTHORIZATION; -} - -static void -polkit_backend_local_authority_set_property (GObject *object, guint property_id, const GValue *value, GParamSpec *pspec) -{ - PolkitBackendLocalAuthority *local_authority; - PolkitBackendLocalAuthorityPrivate *priv; - - local_authority = POLKIT_BACKEND_LOCAL_AUTHORITY (object); - priv = POLKIT_BACKEND_LOCAL_AUTHORITY_GET_PRIVATE (local_authority); - - switch (property_id) - { - case PROP_CONFIG_PATH: - g_free (priv->config_path); - priv->config_path = g_value_dup_string (value); - break; - case PROP_AUTH_STORE_PATHS: - g_strfreev (priv->authorization_store_paths); - priv->authorization_store_paths = g_strsplit (g_value_get_string (value), ";", 0); - break; - default: - G_OBJECT_WARN_INVALID_PROPERTY_ID (object, property_id, pspec); - break; - } -} - -static void -polkit_backend_local_authority_class_init (PolkitBackendLocalAuthorityClass *klass) -{ - GObjectClass *gobject_class; - PolkitBackendAuthorityClass *authority_class; - PolkitBackendInteractiveAuthorityClass *interactive_authority_class; - GParamSpec *pspec; - - gobject_class = G_OBJECT_CLASS (klass); - authority_class = POLKIT_BACKEND_AUTHORITY_CLASS (klass); - interactive_authority_class = POLKIT_BACKEND_INTERACTIVE_AUTHORITY_CLASS (klass); - - gobject_class->set_property = polkit_backend_local_authority_set_property; - gobject_class->finalize = polkit_backend_local_authority_finalize; - gobject_class->constructed = polkit_backend_local_authority_constructed; - authority_class->get_name = polkit_backend_local_authority_get_name; - authority_class->get_version = polkit_backend_local_authority_get_version; - authority_class->get_features = polkit_backend_local_authority_get_features; - interactive_authority_class->get_admin_identities = polkit_backend_local_authority_get_admin_auth_identities; - interactive_authority_class->check_authorization_sync = polkit_backend_local_authority_check_authorization_sync; - - pspec = g_param_spec_string ("config-path", - "Local Authority Configuration Path", - "Path to directory of LocalAuthority config files.", - PACKAGE_SYSCONF_DIR "/polkit-1/localauthority.conf.d", - G_PARAM_CONSTRUCT_ONLY | G_PARAM_WRITABLE); - g_object_class_install_property (gobject_class, PROP_CONFIG_PATH, pspec); - - pspec = g_param_spec_string ("auth-store-paths", - "Local Authorization Store Paths", - "Semi-colon separated list of Authorization Store 'top' directories.", - PACKAGE_LOCALSTATE_DIR "/lib/polkit-1/localauthority;" - PACKAGE_SYSCONF_DIR "/polkit-1/localauthority", - G_PARAM_CONSTRUCT_ONLY | G_PARAM_WRITABLE); - g_object_class_install_property (gobject_class, PROP_AUTH_STORE_PATHS, pspec); - - g_type_class_add_private (klass, sizeof (PolkitBackendLocalAuthorityPrivate)); -} - -static GList * -polkit_backend_local_authority_get_admin_auth_identities (PolkitBackendInteractiveAuthority *authority, - PolkitSubject *caller, - PolkitSubject *subject, - PolkitIdentity *user_for_subject, - const gchar *action_id, - PolkitDetails *details) -{ - PolkitBackendLocalAuthority *local_authority; - PolkitBackendLocalAuthorityPrivate *priv; - GList *ret; - guint n; - gchar **admin_identities; - GError *error; - - local_authority = POLKIT_BACKEND_LOCAL_AUTHORITY (authority); - priv = POLKIT_BACKEND_LOCAL_AUTHORITY_GET_PRIVATE (local_authority); - - ret = NULL; - - error = NULL; - admin_identities = polkit_backend_config_source_get_string_list (priv->config_source, - "Configuration", - "AdminIdentities", - &error); - if (admin_identities == NULL) - { - g_warning ("Error getting admin_identities configuration item: %s", error->message); - g_error_free (error); - goto out; - } - - for (n = 0; admin_identities[n] != NULL; n++) - { - PolkitIdentity *identity; - - error = NULL; - identity = polkit_identity_from_string (admin_identities[n], &error); - if (identity == NULL) - { - g_warning ("Error parsing identity %s: %s", admin_identities[n], error->message); - g_error_free (error); - continue; - } - - if (POLKIT_IS_UNIX_USER (identity)) - { - ret = g_list_append (ret, identity); - } - else if (POLKIT_IS_UNIX_GROUP (identity)) - { - ret = g_list_concat (ret, get_users_in_group (identity, FALSE)); - } - else if (POLKIT_IS_UNIX_NETGROUP (identity)) - { - ret = g_list_concat (ret, get_users_in_net_group (identity, FALSE)); - } - else - { - g_warning ("Unsupported identity %s", admin_identities[n]); - } - } - - g_strfreev (admin_identities); - - out: - - /* default to uid 0 if no admin identities has been found */ - if (ret == NULL) - ret = g_list_prepend (ret, polkit_unix_user_new (0)); - - return ret; -} - -/* ---------------------------------------------------------------------------------------------------- */ - -static PolkitImplicitAuthorization -polkit_backend_local_authority_check_authorization_sync (PolkitBackendInteractiveAuthority *authority, - PolkitSubject *caller, - PolkitSubject *subject, - PolkitIdentity *user_for_subject, - gboolean subject_is_local, - gboolean subject_is_active, - const gchar *action_id, - PolkitDetails *details, - PolkitImplicitAuthorization implicit) -{ - PolkitBackendLocalAuthority *local_authority; - PolkitBackendLocalAuthorityPrivate *priv; - PolkitImplicitAuthorization ret; - PolkitImplicitAuthorization ret_any; - PolkitImplicitAuthorization ret_inactive; - PolkitImplicitAuthorization ret_active; - GList *groups; - GList *l, *ll; - - ret = implicit; - - local_authority = POLKIT_BACKEND_LOCAL_AUTHORITY (authority); - priv = POLKIT_BACKEND_LOCAL_AUTHORITY_GET_PRIVATE (local_authority); - -#if 0 - g_debug ("local: checking `%s' for subject `%s' (user `%s')", - action_id, - polkit_subject_to_string (subject), - polkit_identity_to_string (user_for_subject)); -#endif - - /* First lookup for all groups the user belong to */ - groups = get_groups_for_user (user_for_subject); - for (ll = groups; ll != NULL; ll = ll->next) - { - PolkitIdentity *group = POLKIT_IDENTITY (ll->data); - - for (l = priv->authorization_stores; l != NULL; l = l->next) - { - PolkitBackendLocalAuthorizationStore *store = POLKIT_BACKEND_LOCAL_AUTHORIZATION_STORE (l->data); - - if (polkit_backend_local_authorization_store_lookup (store, - group, - action_id, - details, - &ret_any, - &ret_inactive, - &ret_active)) - { - if (subject_is_local && subject_is_active) - { - if (ret_active != POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN) - ret = ret_active; - } - else if (subject_is_local) - { - if (ret_inactive != POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN) - ret = ret_inactive; - } - else - { - if (ret_any != POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN) - ret = ret_any; - } - } - } - } - g_list_foreach (groups, (GFunc) g_object_unref, NULL); - g_list_free (groups); - - /* Then do it for the user */ - for (l = priv->authorization_stores; l != NULL; l = l->next) - { - PolkitBackendLocalAuthorizationStore *store = POLKIT_BACKEND_LOCAL_AUTHORIZATION_STORE (l->data); - - if (polkit_backend_local_authorization_store_lookup (store, - user_for_subject, - action_id, - details, - &ret_any, - &ret_inactive, - &ret_active)) - { - if (subject_is_local && subject_is_active) - { - if (ret_active != POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN) - ret = ret_active; - } - else if (subject_is_local) - { - if (ret_inactive != POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN) - ret = ret_inactive; - } - else - { - if (ret_any != POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN) - ret = ret_any; - } - } - } - - return ret; -} - -/* ---------------------------------------------------------------------------------------------------- */ - -static GList * -get_users_in_group (PolkitIdentity *group, - gboolean include_root) -{ - gid_t gid; - struct group *grp; - GList *ret; - guint n; - - ret = NULL; - - gid = polkit_unix_group_get_gid (POLKIT_UNIX_GROUP (group)); - grp = getgrgid (gid); - if (grp == NULL) - { - g_warning ("Error looking up group with gid %d: %s", gid, g_strerror (errno)); - goto out; - } - - for (n = 0; grp->gr_mem != NULL && grp->gr_mem[n] != NULL; n++) - { - PolkitIdentity *user; - GError *error; - - if (!include_root && g_strcmp0 (grp->gr_mem[n], "root") == 0) - continue; - - error = NULL; - user = polkit_unix_user_new_for_name (grp->gr_mem[n], &error); - if (user == NULL) - { - g_warning ("Unknown username '%s' in group: %s", grp->gr_mem[n], error->message); - g_error_free (error); - } - else - { - ret = g_list_prepend (ret, user); - } - } - - ret = g_list_reverse (ret); - - out: - return ret; -} - -static GList * -get_users_in_net_group (PolkitIdentity *group, - gboolean include_root) -{ - const gchar *name; - GList *ret; - - ret = NULL; - name = polkit_unix_netgroup_get_name (POLKIT_UNIX_NETGROUP (group)); - - if (setnetgrent (name) == 0) - { - g_warning ("Error looking up net group with name %s: %s", name, g_strerror (errno)); - goto out; - } - - for (;;) - { - char *hostname, *username, *domainname; - PolkitIdentity *user; - GError *error = NULL; - - if (getnetgrent (&hostname, &username, &domainname) == 0) - break; - - /* Skip NULL entries since we never want to make everyone an admin - * Skip "-" entries which mean "no match ever" in netgroup land */ - if (username == NULL || g_strcmp0 (username, "-") == 0) - continue; - - /* TODO: Should we match on hostname? Maybe only allow "-" as a hostname - * for safety. */ - - user = polkit_unix_user_new_for_name (username, &error); - if (user == NULL) - { - g_warning ("Unknown username '%s' in unix-netgroup: %s", username, error->message); - g_error_free (error); - } - else - { - ret = g_list_prepend (ret, user); - } - } - - ret = g_list_reverse (ret); - - out: - endnetgrent (); - return ret; -} - - -static GList * -get_groups_for_user (PolkitIdentity *user) -{ - uid_t uid; - struct passwd *passwd; - GList *result; - gid_t groups[512]; - int num_groups = 512; - int n; - - result = NULL; - - /* TODO: it would be, uhm, good to cache this information */ - - uid = polkit_unix_user_get_uid (POLKIT_UNIX_USER (user)); - passwd = getpwuid (uid); - if (passwd == NULL) - { - g_warning ("No user with uid %d", uid); - goto out; - } - - /* TODO: should resize etc etc etc */ - - if (getgrouplist (passwd->pw_name, - passwd->pw_gid, - groups, - &num_groups) < 0) - { - g_warning ("Error looking up groups for uid %d: %s", uid, g_strerror (errno)); - goto out; - } - - for (n = 0; n < num_groups; n++) - result = g_list_prepend (result, polkit_unix_group_new (groups[n])); - - out: - - return result; -} - -/* ---------------------------------------------------------------------------------------------------- */ diff --git a/src/polkitbackend/polkitbackendlocalauthority.h b/src/polkitbackend/polkitbackendlocalauthority.h deleted file mode 100644 index 553da3b..0000000 --- a/src/polkitbackend/polkitbackendlocalauthority.h +++ /dev/null @@ -1,107 +0,0 @@ -/* - * Copyright (C) 2008 Red Hat, Inc. - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General - * Public License along with this library; if not, write to the - * Free Software Foundation, Inc., 59 Temple Place, Suite 330, - * Boston, MA 02111-1307, USA. - * - * Author: David Zeuthen <davidz@redhat.com> - */ - -#if !defined (_POLKIT_BACKEND_COMPILATION) && !defined(_POLKIT_BACKEND_INSIDE_POLKIT_BACKEND_H) -#error "Only <polkitbackend/polkitbackend.h> can be included directly, this file may disappear or change contents." -#endif - -#ifndef __POLKIT_BACKEND_LOCAL_AUTHORITY_H -#define __POLKIT_BACKEND_LOCAL_AUTHORITY_H - -#include <glib-object.h> -#include <polkitbackend/polkitbackendtypes.h> -#include <polkitbackend/polkitbackendinteractiveauthority.h> - -G_BEGIN_DECLS - -#define POLKIT_BACKEND_TYPE_LOCAL_AUTHORITY (polkit_backend_local_authority_get_type ()) -#define POLKIT_BACKEND_LOCAL_AUTHORITY(o) (G_TYPE_CHECK_INSTANCE_CAST ((o), POLKIT_BACKEND_TYPE_LOCAL_AUTHORITY, PolkitBackendLocalAuthority)) -#define POLKIT_BACKEND_LOCAL_AUTHORITY_CLASS(k) (G_TYPE_CHECK_CLASS_CAST ((k), POLKIT_BACKEND_TYPE_LOCAL_AUTHORITY, PolkitBackendLocalAuthorityClass)) -#define POLKIT_BACKEND_LOCAL_AUTHORITY_GET_CLASS(o) (G_TYPE_INSTANCE_GET_CLASS ((o), POLKIT_BACKEND_TYPE_LOCAL_AUTHORITY,PolkitBackendLocalAuthorityClass)) -#define POLKIT_BACKEND_IS_LOCAL_AUTHORITY(o) (G_TYPE_CHECK_INSTANCE_TYPE ((o), POLKIT_BACKEND_TYPE_LOCAL_AUTHORITY)) -#define POLKIT_BACKEND_IS_LOCAL_AUTHORITY_CLASS(k) (G_TYPE_CHECK_CLASS_TYPE ((k), POLKIT_BACKEND_TYPE_LOCAL_AUTHORITY)) - -typedef struct _PolkitBackendLocalAuthorityClass PolkitBackendLocalAuthorityClass; - -/** - * PolkitBackendLocalAuthority: - * - * The #PolkitBackendLocalAuthority struct should not be accessed directly. - */ -struct _PolkitBackendLocalAuthority -{ - /*< private >*/ - PolkitBackendInteractiveAuthority parent_instance; -}; - -/** - * PolkitBackendLocalAuthorityClass: - * @parent_class: The parent class. - * - * Class structure for #PolkitBackendLocalAuthority. - */ -struct _PolkitBackendLocalAuthorityClass -{ - /*< public >*/ - PolkitBackendInteractiveAuthorityClass parent_class; - - /*< private >*/ - /* Padding for future expansion */ - void (*_polkit_reserved1) (void); - void (*_polkit_reserved2) (void); - void (*_polkit_reserved3) (void); - void (*_polkit_reserved4) (void); - void (*_polkit_reserved5) (void); - void (*_polkit_reserved6) (void); - void (*_polkit_reserved7) (void); - void (*_polkit_reserved8) (void); - void (*_polkit_reserved9) (void); - void (*_polkit_reserved10) (void); - void (*_polkit_reserved11) (void); - void (*_polkit_reserved12) (void); - void (*_polkit_reserved13) (void); - void (*_polkit_reserved14) (void); - void (*_polkit_reserved15) (void); - void (*_polkit_reserved16) (void); - void (*_polkit_reserved17) (void); - void (*_polkit_reserved18) (void); - void (*_polkit_reserved19) (void); - void (*_polkit_reserved20) (void); - void (*_polkit_reserved21) (void); - void (*_polkit_reserved22) (void); - void (*_polkit_reserved23) (void); - void (*_polkit_reserved24) (void); - void (*_polkit_reserved25) (void); - void (*_polkit_reserved26) (void); - void (*_polkit_reserved27) (void); - void (*_polkit_reserved28) (void); - void (*_polkit_reserved29) (void); - void (*_polkit_reserved30) (void); - void (*_polkit_reserved31) (void); - void (*_polkit_reserved32) (void); -}; - -GType polkit_backend_local_authority_get_type (void) G_GNUC_CONST; - -G_END_DECLS - -#endif /* __POLKIT_BACKEND_LOCAL_AUTHORITY_H */ - diff --git a/src/polkitbackend/polkitbackendlocalauthorizationstore.c b/src/polkitbackend/polkitbackendlocalauthorizationstore.c deleted file mode 100644 index f40a943..0000000 --- a/src/polkitbackend/polkitbackendlocalauthorizationstore.c +++ /dev/null @@ -1,776 +0,0 @@ -/* - * Copyright (C) 2008 Red Hat, Inc. - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General - * Public License along with this library; if not, write to the - * Free Software Foundation, Inc., 59 Temple Place, Suite 330, - * Boston, MA 02111-1307, USA. - * - * Author: David Zeuthen <davidz@redhat.com> - */ - -#include "config.h" - -#include <netdb.h> -#include <string.h> -#include <polkit/polkit.h> -#include "polkitbackendlocalauthorizationstore.h" - -/* <internal> - * SECTION:polkitbackendlocalauthorizationstore - * @title: PolkitBackendLocalAuthorizationStore - * @short_description: Watches a directory for authorization files - * - * #PolkitBackendLocalAuthorizationStore is a utility class to watch - * and read authorization files from a directory. - */ - -struct _PolkitBackendLocalAuthorizationStorePrivate -{ - GFile *directory; - gchar *extension; - - GFileMonitor *directory_monitor; - - /* List of LocalAuthorization objects */ - GList *authorizations; - - gboolean has_data; -}; - -enum -{ - PROP_0, - PROP_DIRECTORY, - PROP_EXTENSION, -}; - -enum -{ - CHANGED_SIGNAL, - LAST_SIGNAL, -}; - -static guint signals[LAST_SIGNAL] = {0}; - -static void polkit_backend_local_authorization_store_purge (PolkitBackendLocalAuthorizationStore *store); - -static void polkit_backend_local_authorization_store_ensure (PolkitBackendLocalAuthorizationStore *store); - -G_DEFINE_TYPE (PolkitBackendLocalAuthorizationStore, polkit_backend_local_authorization_store, G_TYPE_OBJECT); - -/* ---------------------------------------------------------------------------------------------------- */ - -typedef struct -{ - gchar *id; - - /* Identities with glob support */ - GList *identity_specs; - - /* Netgroup identity strings, which can not support glob syntax */ - GList *netgroup_identities; - - GList *action_specs; - - PolkitImplicitAuthorization result_any; - PolkitImplicitAuthorization result_inactive; - PolkitImplicitAuthorization result_active; - - GHashTable *return_value; -} LocalAuthorization; - -static void -local_authorization_free (LocalAuthorization *authorization) -{ - g_free (authorization->id); - g_list_foreach (authorization->identity_specs, (GFunc) g_pattern_spec_free, NULL); - g_list_free (authorization->identity_specs); - g_list_free_full (authorization->netgroup_identities, g_free); - g_list_foreach (authorization->action_specs, (GFunc) g_pattern_spec_free, NULL); - g_list_free (authorization->action_specs); - if (authorization->return_value != NULL) - g_hash_table_unref (authorization->return_value); - g_free (authorization); -} - - -static LocalAuthorization * -local_authorization_new (GKeyFile *key_file, - const gchar *filename, - const gchar *group, - GError **error) -{ - LocalAuthorization *authorization; - gchar **identity_strings; - gchar **action_strings; - gchar *result_any_string; - gchar *result_inactive_string; - gchar *result_active_string; - gchar **return_value_strings; - guint n; - - identity_strings = NULL; - action_strings = NULL; - result_any_string = NULL; - result_inactive_string = NULL; - result_active_string = NULL; - return_value_strings = NULL; - - authorization = g_new0 (LocalAuthorization, 1); - - identity_strings = g_key_file_get_string_list (key_file, - group, - "Identity", - NULL, - error); - if (identity_strings == NULL) - { - local_authorization_free (authorization); - authorization = NULL; - goto out; - } - for (n = 0; identity_strings[n] != NULL; n++) - { - /* Put netgroup entries in a seperate list from other identities who support glob syntax */ - if (g_str_has_prefix (identity_strings[n], "unix-netgroup:")) - authorization->netgroup_identities = g_list_prepend (authorization->netgroup_identities, - g_strdup (identity_strings[n] + sizeof "unix-netgroup:" - 1)); - else - authorization->identity_specs = g_list_prepend (authorization->identity_specs, - g_pattern_spec_new (identity_strings[n])); - } - - action_strings = g_key_file_get_string_list (key_file, - group, - "Action", - NULL, - error); - if (action_strings == NULL) - { - local_authorization_free (authorization); - authorization = NULL; - goto out; - } - for (n = 0; action_strings[n] != NULL; n++) - { - authorization->action_specs = g_list_prepend (authorization->action_specs, - g_pattern_spec_new (action_strings[n])); - } - - authorization->result_any = POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN; - authorization->result_inactive = POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN; - authorization->result_active = POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN; - - result_any_string = g_key_file_get_string (key_file, - group, - "ResultAny", - NULL); - if (result_any_string != NULL) - { - if (!polkit_implicit_authorization_from_string (result_any_string, - &authorization->result_any)) - { - g_set_error (error, - POLKIT_ERROR, - POLKIT_ERROR_FAILED, - "Cannot parse ResultAny string `%s'", result_any_string); - local_authorization_free (authorization); - authorization = NULL; - goto out; - } - } - - result_inactive_string = g_key_file_get_string (key_file, - group, - "ResultInactive", - NULL); - if (result_inactive_string != NULL) - { - if (!polkit_implicit_authorization_from_string (result_inactive_string, - &authorization->result_inactive)) - { - g_set_error (error, - POLKIT_ERROR, - POLKIT_ERROR_FAILED, - "Cannot parse ResultInactive string `%s'", result_inactive_string); - local_authorization_free (authorization); - authorization = NULL; - goto out; - } - } - - result_active_string = g_key_file_get_string (key_file, - group, - "ResultActive", - NULL); - if (result_active_string != NULL) - { - if (!polkit_implicit_authorization_from_string (result_active_string, - &authorization->result_active)) - { - g_set_error (error, - POLKIT_ERROR, - POLKIT_ERROR_FAILED, - "Cannot parse ResultActive string `%s'", result_active_string); - local_authorization_free (authorization); - authorization = NULL; - goto out; - } - } - - if (result_any_string == NULL && result_inactive_string == NULL && result_active_string == NULL) - { - g_set_error (error, - POLKIT_ERROR, - POLKIT_ERROR_FAILED, - "Must have at least one of ResultAny, ResultInactive and ResultActive"); - local_authorization_free (authorization); - authorization = NULL; - goto out; - } - - return_value_strings = g_key_file_get_string_list (key_file, - group, - "ReturnValue", - NULL, - error); - if (return_value_strings != NULL) - { - for (n = 0; return_value_strings[n] != NULL; n++) - { - gchar *p; - const gchar *key; - const gchar *value; - - p = strchr (return_value_strings[n], '='); - if (p == NULL) - { - g_warning ("Item `%s' in ReturnValue is malformed. Ignoring.", - return_value_strings[n]); - continue; - } - - *p = '\0'; - key = return_value_strings[n]; - value = p + 1; - - if (authorization->return_value == NULL) - { - authorization->return_value = g_hash_table_new_full (g_str_hash, - g_str_equal, - g_free, - g_free); - } - g_hash_table_insert (authorization->return_value, g_strdup (key), g_strdup (value)); - } - } - - authorization->id = g_strdup_printf ("%s::%s", filename, group); - - out: - g_strfreev (identity_strings); - g_free (action_strings); - g_free (result_any_string); - g_free (result_inactive_string); - g_free (result_active_string); - g_strfreev (return_value_strings); - return authorization; -} - -/* ---------------------------------------------------------------------------------------------------- */ - -static void -polkit_backend_local_authorization_store_init (PolkitBackendLocalAuthorizationStore *store) -{ - store->priv = G_TYPE_INSTANCE_GET_PRIVATE (store, - POLKIT_BACKEND_TYPE_LOCAL_AUTHORIZATION_STORE, - PolkitBackendLocalAuthorizationStorePrivate); -} - -static void -polkit_backend_local_authorization_store_finalize (GObject *object) -{ - PolkitBackendLocalAuthorizationStore *store = POLKIT_BACKEND_LOCAL_AUTHORIZATION_STORE (object); - - if (store->priv->directory != NULL) - g_object_unref (store->priv->directory); - g_free (store->priv->extension); - - if (store->priv->directory_monitor != NULL) - g_object_unref (store->priv->directory_monitor); - - g_list_foreach (store->priv->authorizations, (GFunc) local_authorization_free, NULL); - g_list_free (store->priv->authorizations); - - if (G_OBJECT_CLASS (polkit_backend_local_authorization_store_parent_class)->finalize != NULL) - G_OBJECT_CLASS (polkit_backend_local_authorization_store_parent_class)->finalize (object); -} - - -static void -polkit_backend_local_authorization_store_get_property (GObject *object, - guint prop_id, - GValue *value, - GParamSpec *pspec) -{ - PolkitBackendLocalAuthorizationStore *store = POLKIT_BACKEND_LOCAL_AUTHORIZATION_STORE (object); - - switch (prop_id) - { - case PROP_DIRECTORY: - g_value_set_object (value, store->priv->directory); - break; - - case PROP_EXTENSION: - g_value_set_string (value, store->priv->extension); - break; - - default: - G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); - break; - } -} - -static void -polkit_backend_local_authorization_store_set_property (GObject *object, - guint prop_id, - const GValue *value, - GParamSpec *pspec) -{ - PolkitBackendLocalAuthorizationStore *store = POLKIT_BACKEND_LOCAL_AUTHORIZATION_STORE (object); - - switch (prop_id) - { - case PROP_DIRECTORY: - store->priv->directory = g_value_dup_object (value); - break; - - case PROP_EXTENSION: - store->priv->extension = g_value_dup_string (value); - break; - - default: - G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); - break; - } -} - -static void -directory_monitor_changed (GFileMonitor *monitor, - GFile *file, - GFile *other_file, - GFileMonitorEvent event_type, - gpointer user_data) -{ - PolkitBackendLocalAuthorizationStore *store; - - store = POLKIT_BACKEND_LOCAL_AUTHORIZATION_STORE (user_data); - - if (file != NULL) - { - gchar *name; - - name = g_file_get_basename (file); - - //g_debug ("event_type=%d file=%p name=%s", event_type, file, name); - - if (!g_str_has_prefix (name, ".") && - !g_str_has_prefix (name, "#") && - g_str_has_suffix (name, store->priv->extension) && - (event_type == G_FILE_MONITOR_EVENT_CREATED || - event_type == G_FILE_MONITOR_EVENT_DELETED || - event_type == G_FILE_MONITOR_EVENT_CHANGES_DONE_HINT)) - { - - //g_debug ("match"); - - /* now throw away all caches */ - polkit_backend_local_authorization_store_purge (store); - g_signal_emit_by_name (store, "changed"); - } - - g_free (name); - } -} - -static void -polkit_backend_local_authorization_store_constructed (GObject *object) -{ - PolkitBackendLocalAuthorizationStore *store = POLKIT_BACKEND_LOCAL_AUTHORIZATION_STORE (object); - GError *error; - - error = NULL; - store->priv->directory_monitor = g_file_monitor_directory (store->priv->directory, - G_FILE_MONITOR_NONE, - NULL, - &error); - if (store->priv->directory_monitor == NULL) - { - gchar *dir_name; - dir_name = g_file_get_uri (store->priv->directory); - g_warning ("Error monitoring directory %s: %s", dir_name, error->message); - g_free (dir_name); - g_error_free (error); - } - else - { - g_signal_connect (store->priv->directory_monitor, - "changed", - (GCallback) directory_monitor_changed, - store); - } - - if (G_OBJECT_CLASS (polkit_backend_local_authorization_store_parent_class)->constructed != NULL) - G_OBJECT_CLASS (polkit_backend_local_authorization_store_parent_class)->constructed (object); -} - -static void -polkit_backend_local_authorization_store_class_init (PolkitBackendLocalAuthorizationStoreClass *klass) -{ - GObjectClass *gobject_class; - - gobject_class = G_OBJECT_CLASS (klass); - - gobject_class->get_property = polkit_backend_local_authorization_store_get_property; - gobject_class->set_property = polkit_backend_local_authorization_store_set_property; - gobject_class->constructed = polkit_backend_local_authorization_store_constructed; - gobject_class->finalize = polkit_backend_local_authorization_store_finalize; - - g_type_class_add_private (klass, sizeof (PolkitBackendLocalAuthorizationStorePrivate)); - - /** - * PolkitBackendLocalAuthorizationStore:directory: - * - * The directory to watch for authorization files. - */ - g_object_class_install_property (gobject_class, - PROP_DIRECTORY, - g_param_spec_object ("directory", - "Directory", - "The directory to watch for configuration files", - G_TYPE_FILE, - G_PARAM_CONSTRUCT_ONLY | - G_PARAM_READWRITE | - G_PARAM_STATIC_NAME | - G_PARAM_STATIC_BLURB | - G_PARAM_STATIC_NICK)); - - /** - * PolkitBackendLocalAuthorizationStore:extension: - * - * The file extension for files to consider, e.g. <quote>.pkla</quote>. - */ - g_object_class_install_property (gobject_class, - PROP_EXTENSION, - g_param_spec_string ("extension", - "Extension", - "The extension of files to consider", - NULL, - G_PARAM_CONSTRUCT_ONLY | - G_PARAM_READWRITE | - G_PARAM_STATIC_NAME | - G_PARAM_STATIC_BLURB | - G_PARAM_STATIC_NICK)); - - /** - * PolkitBackendConfiguStore::changed: - * @store: A #PolkitBackendLocalAuthorizationStore. - * - * Emitted when configuration files in #PolkitBackendConfiguStore:directory changes. - */ - signals[CHANGED_SIGNAL] = g_signal_new ("changed", - POLKIT_BACKEND_TYPE_LOCAL_AUTHORIZATION_STORE, - G_SIGNAL_RUN_LAST, - G_STRUCT_OFFSET (PolkitBackendLocalAuthorizationStoreClass, changed), - NULL, - NULL, - g_cclosure_marshal_VOID__VOID, - G_TYPE_NONE, - 0); -} - -/** - * polkit_backend_local_authorization_store_new: - * @directory: The directory to watch. - * @extension: The extension of files to consider e.g. <quote>.pkla</quote>. - * - * Creates a new #PolkitBackendLocalAuthorizationStore object that - * reads authorizations from @directory with file extension - * @extension. To watch for configuration changes, connect to the - * #PolkitBackendLocalAuthorizationStore::changed signal. - * - * Returns: A #PolkitBackendLocalAuthorizationStore. Free with - * g_object_unref(). - **/ -PolkitBackendLocalAuthorizationStore * -polkit_backend_local_authorization_store_new (GFile *directory, - const gchar *extension) -{ - PolkitBackendLocalAuthorizationStore *store; - - store = POLKIT_BACKEND_LOCAL_AUTHORIZATION_STORE (g_object_new (POLKIT_BACKEND_TYPE_LOCAL_AUTHORIZATION_STORE, - "directory", directory, - "extension", extension, - NULL)); - - return store; -} - -static void -polkit_backend_local_authorization_store_purge (PolkitBackendLocalAuthorizationStore *store) -{ - gchar *path; - - path = g_file_get_path (store->priv->directory); - g_debug ("Dropping all .pkla caches for directory `%s'", path); - g_free (path); - - g_list_foreach (store->priv->authorizations, (GFunc) local_authorization_free, NULL); - g_list_free (store->priv->authorizations); - store->priv->authorizations = NULL; - - store->priv->has_data = FALSE; -} - -static void -polkit_backend_local_authorization_store_ensure (PolkitBackendLocalAuthorizationStore *store) -{ - GFileEnumerator *enumerator; - GFileInfo *file_info; - GError *error; - GList *files; - GList *l; - - files = NULL; - - if (store->priv->has_data) - goto out; - - polkit_backend_local_authorization_store_purge (store); - - error = NULL; - enumerator = g_file_enumerate_children (store->priv->directory, - "standard::name", - G_FILE_QUERY_INFO_NONE, - NULL, - &error); - if (enumerator == NULL) - { - gchar *dir_name; - dir_name = g_file_get_uri (store->priv->directory); - g_warning ("Error enumerating files in %s: %s", dir_name, error->message); - g_free (dir_name); - g_error_free (error); - goto out; - } - - while ((file_info = g_file_enumerator_next_file (enumerator, NULL, &error)) != NULL) - { - const gchar *name; - - name = g_file_info_get_name (file_info); - - /* only consider files with the appropriate extension */ - if (g_str_has_suffix (name, store->priv->extension) && name[0] != '.') - files = g_list_prepend (files, g_file_get_child (store->priv->directory, name)); - - g_object_unref (file_info); - } - g_object_unref (enumerator); - if (error != NULL) - { - g_warning ("Error enumerating files: %s", error->message); - g_error_free (error); - goto out; - } - - /* process files; highest priority comes first */ - for (l = files; l != NULL; l = l->next) - { - GFile *file = G_FILE (l->data); - gchar *filename; - GKeyFile *key_file; - - filename = g_file_get_path (file); - - key_file = g_key_file_new (); - - error = NULL; - if (!g_key_file_load_from_file (key_file, - filename, - G_KEY_FILE_NONE, - &error)) - { - g_warning ("Error loading key-file %s: %s", filename, error->message); - g_error_free (error); - error = NULL; - g_key_file_free (key_file); - } - else - { - gchar **groups; - guint n; - - groups = g_key_file_get_groups (key_file, NULL); - for (n = 0; groups[n] != NULL; n++) - { - LocalAuthorization *authorization; - - error = NULL; - authorization = local_authorization_new (key_file, filename, groups[n], &error); - if (authorization == NULL) - { - g_warning ("Error parsing group `%s' in file `%s': %s", - groups[n], - filename, - error->message); - g_error_free (error); - } - else - { - store->priv->authorizations = g_list_prepend (store->priv->authorizations, - authorization); - } - } - g_strfreev (groups); - - store->priv->authorizations = g_list_reverse (store->priv->authorizations); - - g_key_file_free (key_file); - } - - g_free (filename); - } - - store->priv->has_data = TRUE; - - out: - g_list_foreach (files, (GFunc) g_object_unref, NULL); - g_list_free (files); -} - -/** - * polkit_backend_local_authorization_store_lookup: - * @store: A #PolkitBackendLocalAuthorizationStore. - * @identity: The identity to check for. - * @action_id: The action id to check for. - * @details: Details for @action. - * @out_result_any: Return location for the result for any subjects if the look up matched. - * @out_result_inactive: Return location for the result for subjects in local inactive sessions if the look up matched. - * @out_result_active: Return location for the result for subjects in local active sessions if the look up matched. - * - * Checks if an authorization entry from @store matches @identity, - * @action_id and @details. May append information to @details if - * found. - * - * Returns: %TRUE if @store has an authorization entry that matches - * @identity, @action_id and @details. Otherwise %FALSE. - */ -gboolean -polkit_backend_local_authorization_store_lookup (PolkitBackendLocalAuthorizationStore *store, - PolkitIdentity *identity, - const gchar *action_id, - PolkitDetails *details, - PolkitImplicitAuthorization *out_result_any, - PolkitImplicitAuthorization *out_result_inactive, - PolkitImplicitAuthorization *out_result_active) -{ - GList *l, *ll; - gboolean ret; - gchar *identity_string; - - g_return_val_if_fail (POLKIT_BACKEND_IS_LOCAL_AUTHORIZATION_STORE (store), FALSE); - g_return_val_if_fail (POLKIT_IS_IDENTITY (identity), FALSE); - g_return_val_if_fail (action_id != NULL, FALSE); - g_return_val_if_fail (POLKIT_IS_DETAILS (details), FALSE); - g_return_val_if_fail (out_result_any != NULL, FALSE); - g_return_val_if_fail (out_result_inactive != NULL, FALSE); - g_return_val_if_fail (out_result_active != NULL, FALSE); - - ret = FALSE; - identity_string = NULL; - - polkit_backend_local_authorization_store_ensure (store); - - for (l = store->priv->authorizations; l != NULL; l = l->next) - { - LocalAuthorization *authorization = l->data; - - /* first match the action */ - for (ll = authorization->action_specs; ll != NULL; ll = ll->next) - { - if (g_pattern_match_string ((GPatternSpec *) ll->data, action_id)) - break; - } - if (ll == NULL) - continue; - - /* then match the identity against identity specs */ - if (identity_string == NULL) - identity_string = polkit_identity_to_string (identity); - for (ll = authorization->identity_specs; ll != NULL; ll = ll->next) - { - if (g_pattern_match_string ((GPatternSpec *) ll->data, identity_string)) - break; - } - - /* if no identity specs matched and identity is a user, match against netgroups */ - if (ll == NULL && POLKIT_IS_UNIX_USER (identity)) - { - PolkitUnixUser *user_identity = POLKIT_UNIX_USER (identity); - const gchar *user_name = polkit_unix_user_get_name (user_identity); - if (!user_name) - continue; - - for (ll = authorization->netgroup_identities; ll != NULL; ll = ll->next) - { - if (innetgr ((const gchar *) ll->data, NULL, user_name, NULL)) - break; - } - } - - if (ll == NULL) - continue; - - /* Yay, a match! However, keep going since subsequent authorization entries may modify the result */ - *out_result_any = authorization->result_any; - *out_result_inactive = authorization->result_inactive; - *out_result_active = authorization->result_active; - ret = TRUE; - - if (details != NULL && authorization->return_value != NULL) - { - GHashTableIter iter; - const gchar *key; - const gchar *value; - - g_hash_table_iter_init (&iter, authorization->return_value); - while (g_hash_table_iter_next (&iter, (gpointer *) &key, (gpointer *) &value)) - { - polkit_details_insert (details, key, value); - } - } - -#if 0 - g_debug ("authorization with id `%s' matched action_id `%s' for identity `%s'", - authorization->id, - action_id, - polkit_identity_to_string (identity)); -#endif - } - - g_free (identity_string); - - return ret; -} diff --git a/src/polkitbackend/polkitbackendlocalauthorizationstore.h b/src/polkitbackend/polkitbackendlocalauthorizationstore.h deleted file mode 100644 index 4f198e9..0000000 --- a/src/polkitbackend/polkitbackendlocalauthorizationstore.h +++ /dev/null @@ -1,86 +0,0 @@ -/* - * Copyright (C) 2008 Red Hat, Inc. - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General - * Public License along with this library; if not, write to the - * Free Software Foundation, Inc., 59 Temple Place, Suite 330, - * Boston, MA 02111-1307, USA. - * - * Author: David Zeuthen <davidz@redhat.com> - */ - -#if !defined (_POLKIT_BACKEND_COMPILATION) || defined(_POLKIT_BACKEND_INSIDE_POLKIT_BACKEND_H) -#error "This is a private header file." -#endif - -#ifndef __POLKIT_BACKEND_LOCAL_AUTHORIZATION_STORE_H -#define __POLKIT_BACKEND_LOCAL_AUTHORIZATION_STORE_H - -#include <glib-object.h> -#include <gio/gio.h> -#include <polkitbackend/polkitbackendtypes.h> - -G_BEGIN_DECLS - -#define POLKIT_BACKEND_TYPE_LOCAL_AUTHORIZATION_STORE (polkit_backend_local_authorization_store_get_type ()) -#define POLKIT_BACKEND_LOCAL_AUTHORIZATION_STORE(o) (G_TYPE_CHECK_INSTANCE_CAST ((o), POLKIT_BACKEND_TYPE_LOCAL_AUTHORIZATION_STORE, PolkitBackendLocalAuthorizationStore)) -#define POLKIT_BACKEND_LOCAL_AUTHORIZATION_STORE_CLASS(k) (G_TYPE_CHECK_CLASS_CAST ((k), POLKIT_BACKEND_TYPE_LOCAL_AUTHORIZATION_STORE, PolkitBackendLocalAuthorizationStoreClass)) -#define POLKIT_BACKEND_LOCAL_AUTHORIZATION_STORE_GET_CLASS(o) (G_TYPE_INSTANCE_GET_CLASS ((o), POLKIT_BACKEND_TYPE_LOCAL_AUTHORIZATION_STORE,PolkitBackendLocalAuthorizationStoreClass)) -#define POLKIT_BACKEND_IS_LOCAL_AUTHORIZATION_STORE(o) (G_TYPE_CHECK_INSTANCE_TYPE ((o), POLKIT_BACKEND_TYPE_LOCAL_AUTHORIZATION_STORE)) -#define POLKIT_BACKEND_IS_LOCAL_AUTHORIZATION_STORE_CLASS(k) (G_TYPE_CHECK_CLASS_TYPE ((k), POLKIT_BACKEND_TYPE_LOCAL_AUTHORIZATION_STORE)) - -typedef struct _PolkitBackendLocalAuthorizationStore PolkitBackendLocalAuthorizationStore; -typedef struct _PolkitBackendLocalAuthorizationStoreClass PolkitBackendLocalAuthorizationStoreClass; -typedef struct _PolkitBackendLocalAuthorizationStorePrivate PolkitBackendLocalAuthorizationStorePrivate; - -struct _PolkitBackendLocalAuthorizationStore -{ - GObject parent_instance; - PolkitBackendLocalAuthorizationStorePrivate *priv; -}; - -struct _PolkitBackendLocalAuthorizationStoreClass -{ - /*< public >*/ - GObjectClass parent_class; - - /* Signals */ - void (*changed) (PolkitBackendLocalAuthorizationStore *store); - - /*< private >*/ - /* Padding for future expansion */ - void (*_polkit_reserved1) (void); - void (*_polkit_reserved2) (void); - void (*_polkit_reserved3) (void); - void (*_polkit_reserved4) (void); - void (*_polkit_reserved5) (void); - void (*_polkit_reserved6) (void); - void (*_polkit_reserved7) (void); - void (*_polkit_reserved8) (void); -}; - -GType polkit_backend_local_authorization_store_get_type (void) G_GNUC_CONST; -PolkitBackendLocalAuthorizationStore *polkit_backend_local_authorization_store_new (GFile *directory, - const gchar *extension); -gboolean polkit_backend_local_authorization_store_lookup (PolkitBackendLocalAuthorizationStore *store, - PolkitIdentity *identity, - const gchar *action_id, - PolkitDetails *details, - PolkitImplicitAuthorization *out_result_any, - PolkitImplicitAuthorization *out_result_inactive, - PolkitImplicitAuthorization *out_result_active); - -G_END_DECLS - -#endif /* __POLKIT_BACKEND_LOCAL_AUTHORIZATION_STORE_H */ - diff --git a/src/polkitbackend/polkitbackendtypes.h b/src/polkitbackend/polkitbackendtypes.h index 2fe36ac..3777991 100644 --- a/src/polkitbackend/polkitbackendtypes.h +++ b/src/polkitbackend/polkitbackendtypes.h @@ -33,9 +33,6 @@ typedef struct _PolkitBackendAuthority PolkitBackendAuthority; struct _PolkitBackendInteractiveAuthority; typedef struct _PolkitBackendInteractiveAuthority PolkitBackendInteractiveAuthority; -struct _PolkitBackendLocalAuthority; -typedef struct _PolkitBackendLocalAuthority PolkitBackendLocalAuthority; - struct _PolkitBackendJsAuthority; typedef struct _PolkitBackendJsAuthority PolkitBackendJsAuthority; diff --git a/test/polkitbackend/Makefile.am b/test/polkitbackend/Makefile.am index 46706d3..bb82dd4 100644 --- a/test/polkitbackend/Makefile.am +++ b/test/polkitbackend/Makefile.am @@ -33,12 +33,6 @@ TEST_PROGS = # ---------------------------------------------------------------------------------------------------- -TEST_PROGS += polkitbackendlocalauthorizationstoretest -polkitbackendlocalauthorizationstoretest_SOURCES = polkitbackendlocalauthorizationstoretest.c - -TEST_PROGS += polkitbackendlocalauthoritytest -polkitbackendlocalauthoritytest_SOURCES = polkitbackendlocalauthoritytest.c - TEST_PROGS += polkitbackendjsauthoritytest polkitbackendjsauthoritytest_SOURCES = test-polkitbackendjsauthority.c diff --git a/test/polkitbackend/polkitbackendlocalauthoritytest.c b/test/polkitbackend/polkitbackendlocalauthoritytest.c deleted file mode 100644 index 40e9619..0000000 --- a/test/polkitbackend/polkitbackendlocalauthoritytest.c +++ /dev/null @@ -1,259 +0,0 @@ -/* - * Copyright (C) 2011 Google Inc. - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General - * Public License along with this library; if not, write to the - * Free Software Foundation, Inc., 59 Temple Place, Suite 330, - * Boston, MA 02111-1307, USA. - * - * Author: Nikki VonHollen <vonhollen@google.com> - */ - -#include "glib.h" - -#include <polkittesthelper.h> -#include <polkit/polkit.h> -#include <polkitbackend/polkitbackendlocalauthority.h> - -#define TEST_CONFIG_PATH "etc/polkit-1/localauthority.conf.d" -#define TEST_AUTH_PATH1 "etc/polkit-1/localauthority" -#define TEST_AUTH_PATH2 "var/lib/polkit-1/localauthority" - -/* Test helper types */ - -struct auth_context { - const gchar *identity; - gboolean subject_is_local; - gboolean subject_is_active; - const gchar *action_id; - PolkitImplicitAuthorization implicit; - PolkitImplicitAuthorization expect; -}; - -static PolkitBackendLocalAuthority *create_authority (void); - - -/* Test implementations */ - -static void -test_check_authorization_sync (const void *_ctx) -{ - const struct auth_context *ctx = (const struct auth_context *) _ctx; - - PolkitBackendLocalAuthority *authority = create_authority (); - - PolkitSubject *caller = polkit_unix_session_new ("caller-session"); - g_assert (caller); - - PolkitSubject *subject = polkit_unix_session_new ("subject-session");; - g_assert (subject); - - GError *error = NULL; - PolkitIdentity *user_for_subject = polkit_identity_from_string (ctx->identity, &error); - g_assert_no_error (error); - g_assert (user_for_subject); - - PolkitDetails *details = polkit_details_new (); - g_assert (details); - - PolkitImplicitAuthorization auth; - - auth = polkit_backend_interactive_authority_check_authorization_sync ( - POLKIT_BACKEND_INTERACTIVE_AUTHORITY (authority), - caller, - subject, - user_for_subject, - ctx->subject_is_local, - ctx->subject_is_active, - ctx->action_id, - details, - ctx->implicit); - - g_assert_cmpint (auth, ==, ctx->expect); - - g_object_unref (authority); - g_object_unref (caller); - g_object_unref (subject); - g_object_unref (user_for_subject); - g_object_unref (details); -} - -static void -test_get_admin_identities (void) -{ - /* Note: The implementation for get_admin_identities is called - * get_admin_auth_identities in PolkitBackendLocalAuthority */ - - PolkitBackendLocalAuthority *authority = create_authority (); - - /* Setup required arguments, but none of their values matter */ - PolkitSubject *caller = polkit_unix_session_new ("caller-session"); - g_assert (caller); - - PolkitSubject *subject = polkit_unix_session_new ("subject-session");; - g_assert (subject); - - GError *error = NULL; - PolkitIdentity *user_for_subject = polkit_identity_from_string ("unix-user:root", &error); - g_assert_no_error (error); - g_assert (user_for_subject); - - PolkitDetails *details = polkit_details_new (); - g_assert (details); - - /* Get the list of PolkitUnixUser objects who are admins */ - GList *result; - result = polkit_backend_interactive_authority_get_admin_identities ( - POLKIT_BACKEND_INTERACTIVE_AUTHORITY (authority), - caller, - subject, - user_for_subject, - "com.example.doesntmatter", - details); - - guint result_len = g_list_length (result); - g_assert_cmpint (result_len, >, 0); - - /* Test against each of the admins in the following list */ - const gchar *expect_admins [] = { - "unix-user:root", - "unix-user:jane", - "unix-user:sally", - "unix-user:henry", - NULL, - }; - - unsigned int i; - for (i = 0; expect_admins[i] != NULL; i++) - { - g_assert_cmpint (i, <, result_len); - - PolkitIdentity *test_identity = POLKIT_IDENTITY (g_list_nth_data (result, i)); - g_assert (test_identity); - - gchar *test_identity_str = polkit_identity_to_string (test_identity); - g_assert_cmpstr (expect_admins[i], ==, test_identity_str); - } -} - - -/* Factory for mock local authority. */ -static PolkitBackendLocalAuthority * -create_authority (void) -{ - gchar *config_path = polkit_test_get_data_path (TEST_CONFIG_PATH); - gchar *auth_path1 = polkit_test_get_data_path (TEST_AUTH_PATH1); - gchar *auth_path2 = polkit_test_get_data_path (TEST_AUTH_PATH2); - gchar *auth_paths = g_strconcat (auth_path1, ";", auth_path2, NULL); - - g_assert (config_path); - g_assert (auth_path1); - g_assert (auth_path2); - g_assert (auth_paths); - - PolkitBackendLocalAuthority *authority = g_object_new ( - POLKIT_BACKEND_TYPE_LOCAL_AUTHORITY, - "config-path", config_path, - "auth-store-paths", auth_paths, - NULL); - - g_free (config_path); - g_free (auth_path1); - g_free (auth_path2); - g_free (auth_paths); - return authority; -} - - -/* Variations of the check_authorization_sync */ -struct auth_context check_authorization_test_data [] = { - /* Test root, john, and jane on action awesomeproduct.foo (all users are ok) */ - {"unix-user:root", TRUE, TRUE, "com.example.awesomeproduct.foo", - POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, - POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED}, - {"unix-user:root", TRUE, FALSE, "com.example.awesomeproduct.foo", - POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, - POLKIT_IMPLICIT_AUTHORIZATION_AUTHENTICATION_REQUIRED}, - {"unix-user:root", FALSE, FALSE, "com.example.awesomeproduct.foo", - POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, - POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED}, - {"unix-user:john", TRUE, TRUE, "com.example.awesomeproduct.foo", - POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, - POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED}, - {"unix-user:jane", TRUE, TRUE, "com.example.awesomeproduct.foo", - POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, - POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED}, - - /* Test root, john, and jane on action restrictedproduct.foo (only root is ok) */ - {"unix-user:root", TRUE, TRUE, "com.example.restrictedproduct.foo", - POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, - POLKIT_IMPLICIT_AUTHORIZATION_AUTHENTICATION_REQUIRED}, - {"unix-user:john", TRUE, TRUE, "com.example.restrictedproduct.foo", - POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, - POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN}, - {"unix-user:jane", TRUE, TRUE, "com.example.restrictedproduct.foo", - POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, - POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN}, - - /* Test root against some missing actions */ - {"unix-user:root", TRUE, TRUE, "com.example.missingproduct.foo", - POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, - POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN}, - - /* Test root, john, and jane against action awesomeproduct.bar - * which uses "unix-netgroup:baz" for auth (john and jane are OK, root is not) */ - {"unix-user:root", TRUE, TRUE, "com.example.awesomeproduct.bar", - POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, - POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN}, - {"unix-user:john", TRUE, TRUE, "com.example.awesomeproduct.bar", - POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, - POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED}, - {"unix-user:jane", TRUE, TRUE, "com.example.awesomeproduct.bar", - POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, - POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED}, - - {NULL}, -}; - - -/* Automatically create many variations of the check_authorization_sync test */ -static void -add_check_authorization_tests (void) { - unsigned int i; - for (i = 0; check_authorization_test_data[i].identity; i++) { - struct auth_context *ctx = &check_authorization_test_data[i]; - gchar *test_name = g_strdup_printf ( - "/PolkitBackendLocalAuthority/check_authorization_sync_%d", i); - g_test_add_data_func (test_name, ctx, test_check_authorization_sync); - } -}; - - -int -main (int argc, char *argv[]) -{ - g_type_init (); - g_test_init (&argc, &argv, NULL); - polkit_test_redirect_logs (); - - // Register extension point only once. Required to create authority. - GIOExtensionPoint *ep = g_io_extension_point_register ( - POLKIT_BACKEND_AUTHORITY_EXTENSION_POINT_NAME); - g_io_extension_point_set_required_type (ep, - POLKIT_BACKEND_TYPE_AUTHORITY); - - add_check_authorization_tests (); - g_test_add_func ("/PolkitBackendJsAuthority/get_admin_identities", test_get_admin_identities); - - return g_test_run (); -}; diff --git a/test/polkitbackend/polkitbackendlocalauthorizationstoretest.c b/test/polkitbackend/polkitbackendlocalauthorizationstoretest.c deleted file mode 100644 index e787c17..0000000 --- a/test/polkitbackend/polkitbackendlocalauthorizationstoretest.c +++ /dev/null @@ -1,139 +0,0 @@ -/* - * Copyright (C) 2011 Google Inc. - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General - * Public License along with this library; if not, write to the - * Free Software Foundation, Inc., 59 Temple Place, Suite 330, - * Boston, MA 02111-1307, USA. - * - * Author: Nikki VonHollen <vonhollen@google.com> - */ - -#include "glib.h" - -#include <polkittesthelper.h> -#include <polkit/polkit.h> -#include <polkitbackend/polkitbackendlocalauthorizationstore.h> - -#define DATA_DIR "etc/polkit-1/localauthority/10-test" -#define DATA_EXT ".pkla" - -static void -test_new (void) -{ - PolkitBackendLocalAuthorizationStore *store; - gchar *data_dir_path; - GFile *data_dir; - - data_dir_path = polkit_test_get_data_path (DATA_DIR); - g_assert (data_dir_path); - - data_dir = g_file_new_for_path (data_dir_path); - g_assert (data_dir); - - g_free (data_dir_path); - - store = polkit_backend_local_authorization_store_new (data_dir, DATA_EXT); - g_assert (store); -} - - -static void -test_lookup (void) -{ - gchar *data_dir_path; - GFile *data_dir; - PolkitBackendLocalAuthorizationStore *store; - GError *error = NULL; - PolkitIdentity *identity; - gboolean ok; - PolkitImplicitAuthorization ret_any; - PolkitImplicitAuthorization ret_inactive; - PolkitImplicitAuthorization ret_active; - PolkitDetails *details; - - // Get auth store path - data_dir_path = polkit_test_get_data_path (DATA_DIR); - g_assert (data_dir_path); - - data_dir = g_file_new_for_path (data_dir_path); - g_assert (data_dir); - - // Create the auth store - store = polkit_backend_local_authorization_store_new (data_dir, DATA_EXT); - g_assert (store); - - // We don't care about details - details = polkit_details_new (); - - // Create an identity to query with - identity = polkit_identity_from_string ("unix-group:users", &error); - g_assert (identity); - g_assert_no_error (error); - - // Lookup an exisiting record - ok = polkit_backend_local_authorization_store_lookup ( - store, - identity, - "com.example.awesomeproduct.foo", - details, - &ret_any, - &ret_inactive, - &ret_active); - g_assert (ok); - g_assert_cmpstr ("no", ==, polkit_implicit_authorization_to_string (ret_any)); - g_assert_cmpstr ("auth_self", ==, polkit_implicit_authorization_to_string (ret_inactive)); - g_assert_cmpstr ("yes", ==, polkit_implicit_authorization_to_string (ret_active)); - - // Create another identity to query with - identity = polkit_identity_from_string ("unix-user:root", &error); - g_assert (identity); - g_assert_no_error (error); - - // Lookup another exisiting record - ok = polkit_backend_local_authorization_store_lookup ( - store, - identity, - "com.example.awesomeproduct.foo", - details, - &ret_any, - &ret_inactive, - &ret_active); - g_assert (ok); - g_assert_cmpstr ("no", ==, polkit_implicit_authorization_to_string (ret_any)); - g_assert_cmpstr ("auth_self", ==, polkit_implicit_authorization_to_string (ret_inactive)); - g_assert_cmpstr ("yes", ==, polkit_implicit_authorization_to_string (ret_active)); - - // Lookup a missing record - ok = polkit_backend_local_authorization_store_lookup ( - store, - identity, - "com.example.restrictedproduct.dobar", - details, - &ret_any, - &ret_inactive, - &ret_active); - g_assert (!ok); -} - - -int -main (int argc, char *argv[]) -{ - g_type_init (); - g_test_init (&argc, &argv, NULL); - polkit_test_redirect_logs (); - g_test_add_func ("/PolkitBackendLocalAuthorizationStore/new", test_new); - g_test_add_func ("/PolkitBackendLocalAuthorizationStore/lookup", test_lookup); - return g_test_run (); -} diff --git a/test/polkitbackend/test-polkitbackendjsauthority.c b/test/polkitbackend/test-polkitbackendjsauthority.c index 948cbc1..24e599e 100644 --- a/test/polkitbackend/test-polkitbackendjsauthority.c +++ b/test/polkitbackend/test-polkitbackendjsauthority.c @@ -346,17 +346,12 @@ add_rules_tests (void) int main (int argc, char *argv[]) { - GIOExtensionPoint *ep; - setlocale (LC_ALL, ""); g_type_init (); g_test_init (&argc, &argv, NULL); //polkit_test_redirect_logs (); - ep = g_io_extension_point_register (POLKIT_BACKEND_AUTHORITY_EXTENSION_POINT_NAME); - g_io_extension_point_set_required_type (ep, POLKIT_BACKEND_TYPE_AUTHORITY); - g_test_add_func ("/PolkitBackendJsAuthority/get_admin_identities", test_get_admin_identities); add_rules_tests (); |