diff options
| author | David Zeuthen <davidz@redhat.com> | 2009-06-03 12:36:03 -0400 |
|---|---|---|
| committer | David Zeuthen <davidz@redhat.com> | 2009-06-03 12:38:47 -0400 |
| commit | 5e97355b3aea32555bfc33c473b7363b6b9dc6d3 (patch) | |
| tree | 408da0b907a540aab76a60d233d5a6d7c16f81b8 | |
| parent | 048b42073c096064904148deeaeb2ef7764225de (diff) | |
Add pkaction(1) and nuke polkit-1(1) commands
All the functionality of polkit-1(1), sans managing the local
authority, is now available in pkaction(1) and pkcheck(1). In the
future we might want to add something like pklamanage(1) to manage the
local authority.
| -rw-r--r-- | docs/man/Makefile.am | 12 | ||||
| -rw-r--r-- | docs/man/pkaction.xml | 100 | ||||
| -rw-r--r-- | docs/man/polkit.xml | 393 | ||||
| -rw-r--r-- | docs/polkit/Makefile.am | 4 | ||||
| -rw-r--r-- | docs/polkit/polkit-1-docs.xml | 4 | ||||
| -rw-r--r-- | src/programs/Makefile.am | 28 | ||||
| -rw-r--r-- | src/programs/pkaction.c | 221 | ||||
| -rw-r--r-- | src/programs/polkit.c | 913 |
8 files changed, 342 insertions, 1333 deletions
diff --git a/docs/man/Makefile.am b/docs/man/Makefile.am index 4319d5c..c9f3d34 100644 --- a/docs/man/Makefile.am +++ b/docs/man/Makefile.am @@ -5,27 +5,21 @@ if MAN_PAGES_ENABLED man_MANS = \ PolicyKit-1.8 \ - polkit-1.1 \ pkexec.1 \ pkcheck.1 \ + pkaction.1 \ $(NULL) -%-1.8 %-1.1 : %.xml - $(XSLTPROC) -nonet --xinclude http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl $< - -pkexec.1 : pkexec.xml - $(XSLTPROC) -nonet --xinclude http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl $< - -pkcheck.1 : pkcheck.xml +%-1.8 %.1 : %.xml $(XSLTPROC) -nonet --xinclude http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl $< endif # MAN_PAGES_ENABLED EXTRA_DIST = \ PolicyKit.xml \ - polkit.xml \ pkexec.xml \ pkcheck.xml \ + pkaction.xml \ $(NULL) clean-local: diff --git a/docs/man/pkaction.xml b/docs/man/pkaction.xml new file mode 100644 index 0000000..76da5af --- /dev/null +++ b/docs/man/pkaction.xml @@ -0,0 +1,100 @@ +<?xml version="1.0"?> +<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN" + "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd" [ +<!ENTITY version SYSTEM "../version.xml"> +]> +<refentry id="pkaction.1" xmlns:xi="http://www.w3.org/2003/XInclude"> + <refentryinfo> + <title>pkaction</title> + <date>May 2009</date> + <productname>PolicyKit-1</productname> + </refentryinfo> + + <refmeta> + <refentrytitle>pkaction</refentrytitle> + <manvolnum>1</manvolnum> + <refmiscinfo class="version"></refmiscinfo> + </refmeta> + + <refnamediv> + <refname>pkaction</refname> + <refpurpose>Get details about a registered action</refpurpose> + </refnamediv> + + <refsynopsisdiv> + <cmdsynopsis> + <command>pkaction</command> + <arg><option>--version</option></arg> + <arg><option>--help</option></arg> + </cmdsynopsis> + + <cmdsynopsis> + <command>pkaction</command> + <group> + <arg choice="plain"> + <option>--verbose</option> + </arg> + </group> + </cmdsynopsis> + + <cmdsynopsis> + <command>pkaction</command> + <arg choice="plain"> + <option>--action-id</option> + <replaceable>action</replaceable> + </arg> + <group> + <arg choice="plain"> + <option>--verbose</option> + </arg> + </group> + </cmdsynopsis> + + </refsynopsisdiv> + + <refsect1> + <title>DESCRIPTION</title> + <para> + <command>pkaction</command> is used to obtain information about registered + PolicyKit actions. If called with <option>--action-id</option> then all + actions are displayed. Otherwise the action <replaceable>action</replaceable>. + If called without the <option>--verbose</option> option only the name + of the action is shown. Otherwise details about the actions are shown. + </para> + </refsect1> + + <refsect1> + <title>RETURN VALUE</title> + <para> + On success <command>pkaction</command> returns 0. Otherwise a + non-zero value is returned and a diagnostic message is printed + on standard error. + </para> + </refsect1> + + <refsect1><title>AUTHOR</title> + <para> + Written by David Zeuthen <email>davidz@redhat.com</email> with + a lot of help from many others. + </para> + </refsect1> + + <refsect1> + <title>BUGS</title> + <para> + Please send bug reports to either the distribution or the + polkit-devel mailing list, + see the link <ulink url="http://lists.freedesktop.org/mailman/listinfo/polkit-devel"/> + on how to subscribe. + </para> + </refsect1> + + <refsect1> + <title>SEE ALSO</title> + <para> + <citerefentry> + <refentrytitle>PolicyKit-1</refentrytitle><manvolnum>8</manvolnum> + </citerefentry> + </para> + </refsect1> +</refentry> diff --git a/docs/man/polkit.xml b/docs/man/polkit.xml deleted file mode 100644 index 0525fe6..0000000 --- a/docs/man/polkit.xml +++ /dev/null @@ -1,393 +0,0 @@ -<refentry id="polkit-1.1"> - <refentryinfo> - <title>polkit-1</title> - <date>January 2009</date> - <productname>PolicyKit-1</productname> - </refentryinfo> - - <refmeta> - <refentrytitle>polkit-1</refentrytitle> - <manvolnum>1</manvolnum> - <refmiscinfo class="version"></refmiscinfo> - </refmeta> - - <refnamediv> - <refname>polkit-1</refname> - <refpurpose>PolicyKit Authorization Tool</refpurpose> - </refnamediv> - - <refsynopsisdiv> - <cmdsynopsis> - <command>polkit-1</command> - <arg><option>--version</option></arg> - <arg><option>--help</option></arg> - </cmdsynopsis> - - <cmdsynopsis> - <command>polkit-1 list</command> - <group> - <arg choice="plain"> - actions - <arg><option>--verbose</option></arg> - </arg> - <arg choice="plain"> - <sbr/> - users - <arg><option>--verbose</option></arg> - </arg> - <arg choice="plain"> - <sbr/> - groups - <arg><option>--verbose</option></arg> - </arg> - <arg choice="plain"> - <sbr/> - authorizations - </arg> - <arg choice="plain"> - <sbr/> - explicit-authorizations <replaceable>identity</replaceable> - <arg><option>--verbose</option></arg> - </arg> - </group> - </cmdsynopsis> - - <cmdsynopsis> - <command>polkit-1 check</command> - <arg choice="plain"><replaceable>subject</replaceable></arg> - <arg choice="plain"><replaceable>action-id</replaceable></arg> - </cmdsynopsis> - - <cmdsynopsis> - <command>polkit-1 add</command> - <arg choice="plain"><replaceable>identity</replaceable></arg> - <arg choice="plain"><replaceable>action-id</replaceable></arg> - <arg><option>--subject <replaceable>subject</replaceable></option></arg> - </cmdsynopsis> - - <cmdsynopsis> - <command>polkit-1 remove</command> - <arg choice="plain"><replaceable>identity</replaceable></arg> - <arg choice="plain"><replaceable>action-id</replaceable></arg> - <arg><option>--subject <replaceable>subject</replaceable></option></arg> - </cmdsynopsis> - - <cmdsynopsis> - <command>polkit-1 action</command> - <arg choice="plain"><replaceable>action-id</replaceable></arg> - <sbr/> - <group> - <arg choice="plain"> - set-implicit-any - <replaceable>value</replaceable> - </arg> - <arg choice="plain"> - <sbr/> - set-implicit-inactive - <replaceable>value</replaceable> - </arg> - <arg choice="plain"> - <sbr/> - set-implicit-active - <replaceable>value</replaceable> - </arg> - <arg choice="plain"> - <sbr/> - reset-implicit - </arg> - </group> - </cmdsynopsis> - - <cmdsynopsis> - <command>polkit-1 run</command> - <arg choice="plain"><replaceable>action-id</replaceable></arg> - <arg choice="plain"><replaceable>PROGRAM</replaceable></arg> - <group rep="repeat"> - <arg choice="plain"><replaceable>ARGUMENTS</replaceable></arg> - </group> - </cmdsynopsis> - - </refsynopsisdiv> - - <refsect1><title>DESCRIPTION</title> - <para> - Manage PolicyKit authorizations. - </para> - </refsect1> - - <refsect1> - <title>OPTIONS</title> - <variablelist> - <varlistentry> - <term><option>--version</option></term> - <listitem> - <para> - Show version and exit. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><option>--help</option></term> - <listitem> - <para> - Show this information. - </para> - </listitem> - </varlistentry> - </variablelist> - - <refsect2> - <para> - <command>polkit-1 list actions</command> - <arg><option>--verbose</option></arg> - </para> - <para> - Lists all identifiers for registered PolicyKit actions. The returned identifiers can be - used as <replaceable>action-id</replaceable> parameters. - Prints detailed information about each action if <option>--verbose</option> is given. - </para> - </refsect2> - - <refsect2> - <para> - <command>polkit-1 list users</command> - <arg><option>--verbose</option></arg> - </para> - <para> - Lists all users. - The returned identifiers can be used as <replaceable>identity</replaceable> parameters. - Prints detailed information about each user if <option>--verbose</option> is given. - See <xref linkend="polkit-1-identity"/> for details about <replaceable>identity</replaceable>. - </para> - </refsect2> - - <refsect2> - <para> - <command>polkit-1 list groups</command> - <arg><option>--verbose</option></arg> - </para> - <para> - Lists all groups. - The returned identifiers can be used as <replaceable>identity</replaceable> parameters. - Prints detailed information about each group if <option>--verbose</option> is given. - See <xref linkend="polkit-1-identity"/> for details about <replaceable>identity</replaceable>. - </para> - </refsect2> - - <refsect2> - <para> - <command>polkit-1 list authorizations</command> - </para> - <para> - Lists all <replaceable>action-id</replaceable>s that the calling process is authorized for. - </para> - </refsect2> - - <refsect2> - <para> - <command>polkit-1 list explicit-authorizations <replaceable>identity</replaceable></command> - <arg><option>--verbose</option></arg> - </para> - <para> - Lists all explicit authorizations for <replaceable>identity</replaceable>. - Prints detailed information about each authorization if <option>--verbose</option> is given. - See <xref linkend="polkit-1-identity"/> for details about <replaceable>identity</replaceable>. - </para> - </refsect2> - - <refsect2> - <para> - <command>polkit-1 check</command> - <arg choice="plain"><replaceable>subject</replaceable></arg> - <arg choice="plain"><replaceable>action-id</replaceable></arg> - </para> - <para> - Checks if <replaceable>subject</replaceable> is authorized for <replaceable>action-id</replaceable>. - See <xref linkend="polkit-1-subject"/> for details about <replaceable>subject</replaceable>. - </para> - </refsect2> - - <refsect2> - <para> - <command>polkit-1 add</command> - <arg choice="plain"><replaceable>identity</replaceable></arg> - <arg choice="plain"><replaceable>action-id</replaceable></arg> - <arg><option>--subject <replaceable>subject</replaceable></option></arg> - </para> - <para> - Adds an authorization to <replaceable>identity</replaceable> for <replaceable>action-id</replaceable> - optionally constraining its use for <replaceable>subject</replaceable>. - See <xref linkend="polkit-1-identity"/> for details about <replaceable>identity</replaceable> - and <xref linkend="polkit-1-subject"/> for details about <replaceable>subject</replaceable>. - </para> - </refsect2> - - <refsect2> - <para> - <command>polkit-1 remove</command> - <arg choice="plain"><replaceable>identity</replaceable></arg> - <arg choice="plain"><replaceable>action-id</replaceable></arg> - <arg><option>--subject <replaceable>subject</replaceable></option></arg> - </para> - <para> - Removes an authorization from <replaceable>identity</replaceable> for <replaceable>action-id</replaceable> - which, optionally, is constrained to <replaceable>subject</replaceable>. - See <xref linkend="polkit-1-identity"/> for details about <replaceable>identity</replaceable> - and <xref linkend="polkit-1-subject"/> for details about <replaceable>subject</replaceable>. - </para> - </refsect2> - - <refsect2> - <para> - <command>polkit-1 action</command> - <arg choice="plain"><replaceable>action-id</replaceable></arg> - <arg choice="plain"> - set-implicit-any - <replaceable>value</replaceable> - </arg> - </para> - <para> - Sets the implicit authorizations on - <replaceable>action-id</replaceable> to <replaceable>value</replaceable>. - </para> - </refsect2> - - <refsect2> - <para> - <command>polkit-1 action</command> - <arg choice="plain"><replaceable>action-id</replaceable></arg> - <arg choice="plain"> - set-implicit-inactive - <replaceable>value</replaceable> - </arg> - </para> - <para> - Sets the implicit authorizations for local inactive sessions on - <replaceable>action-id</replaceable> to <replaceable>value</replaceable>. - </para> - </refsect2> - - <refsect2> - <para> - <command>polkit-1 action</command> - <arg choice="plain"><replaceable>action-id</replaceable></arg> - <arg choice="plain"> - set-implicit-active - <replaceable>value</replaceable> - </arg> - </para> - <para> - Sets the implicit authorizations for local active sessions on - <replaceable>action-id</replaceable> to <replaceable>value</replaceable>. - </para> - </refsect2> - - <refsect2> - <para> - <command>polkit-1 action</command> - <arg choice="plain"><replaceable>action-id</replaceable></arg> - <arg choice="plain"> - reset-implicit - </arg> - </para> - <para> - Resets all implicit authorizations on <replaceable>action-id</replaceable> to factory defaults. - </para> - </refsect2> - - <refsect2> - <para> - <command>polkit-1 run</command> - <arg choice="plain"><replaceable>action-id</replaceable></arg> - <arg choice="plain"><replaceable>PROGRAM</replaceable></arg> - <group rep="repeat"> - <arg choice="plain"><replaceable>ARGUMENTS</replaceable></arg> - </group> - </para> - <para> - Attempts to ensure that a PolicyKit authorization for <replaceable>action-id</replaceable> - is available and runs the <replaceable>PROGRAM</replaceable> if an authorization is - in place. This may involve having to make the user obtain the authorization through - authentication. If an authorization cannot be obtained, <replaceable>PROGRAM</replaceable> - will not be runned. - </para> - </refsect2> - - </refsect1> - - <refsect1 id="polkit-1-subject"> - <title>SUBJECTS</title> - <para> - Subjects represent the entities that may initiate requests requiring - authorization: processes, user sessions, or DBus services. To determine - whether a subject has an authorization, PolicyKit determines which - identities the subject matches. - See <xref linkend="polkit-1-identity"/> for details about <replaceable>identities</replaceable>. - </para> - <para> - To specify a Unix process as the subject, use - <literal>unix-process:<replaceable>pid</replaceable></literal>, - where <replaceable>pid</replaceable> is a numerical process id. - </para> - <para> - To specify a user session as the subject, use - <literal>unix-session:<replaceable>session-id</replaceable></literal>, - where <replaceable>session-id</replaceable> is the object path of - the ConsoleKit session object, e.g. /org/freedesktop/ConsoleKit/Session5. - </para> - <para> - To specify a DBus service, use - <literal>system-bus-name:<replaceable>bus-name</replaceable></literal>, - where <replaceable>bus-name</replaceable> is a DBus bus name, either - a well-known name like org.freedesktop.ConsoleKit, or a canonical - name like :1.16. - </para> - </refsect1> - - <refsect1 id="polkit-1-identity"> - <title>IDENTITIES</title> - <para> - Identities represent the entities that authorizations are added to: - individual users or groups of users. - </para> - <para> - To specify an individual user as identity, use - <literal>unix-user:<replaceable>uid-or-name</replaceable></literal>, - where <replaceable>uid-or-name</replaceable> can be either a numeric - id of a Unix user, or the username of a Unix user. - </para> - <para> - To specify a group of users as identity, use - <literal>unix-group:<replaceable>gid-or-name</replaceable></literal>, - where <replaceable>gid-or-name</replaceable> can be either a numeric - id of a Unix group, or the name of a Unix group. - </para> - </refsect1> - - <refsect1><title>AUTHOR</title> - <para> - Written by David Zeuthen <email>davidz@redhat.com</email> with - a lot of help from many others. - </para> - </refsect1> - - <refsect1> - <title>BUGS</title> - <para> - Please send bug reports to either the distribution or the - polkit-devel mailing list, - see the link <ulink url="http://lists.freedesktop.org/mailman/listinfo/polkit-devel"/> - on how to subscribe. - </para> - </refsect1> - - <refsect1> - <title>SEE ALSO</title> - <para> - <citerefentry> - <refentrytitle>PolicyKit-1</refentrytitle><manvolnum>8</manvolnum> - </citerefentry> - </para> - </refsect1> -</refentry> diff --git a/docs/polkit/Makefile.am b/docs/polkit/Makefile.am index 6afa420..21333bf 100644 --- a/docs/polkit/Makefile.am +++ b/docs/polkit/Makefile.am @@ -53,9 +53,9 @@ content_files = \ ../../src/polkit/docbook-interface-org.freedesktop.PolicyKit1.AuthorityManager.xml \ ../../src/polkit/docbook-interface-org.freedesktop.PolicyKit1.AuthenticationAgent.xml \ ../man/PolicyKit.xml \ - ../man/polkit.xml \ - ../man/pkexec.xml \ ../man/pkcheck.xml \ + ../man/pkaction.xml \ + ../man/pkexec.xml \ $(NULL) # Images to copy into HTML directory diff --git a/docs/polkit/polkit-1-docs.xml b/docs/polkit/polkit-1-docs.xml index d3a3624..7cbac4b 100644 --- a/docs/polkit/polkit-1-docs.xml +++ b/docs/polkit/polkit-1-docs.xml @@ -105,9 +105,9 @@ <reference id="manpages"> <title>Manual Pages</title> <xi:include href="../man/PolicyKit.xml"/> - <xi:include href="../man/polkit.xml"/> - <xi:include href="../man/pkexec.xml"/> <xi:include href="../man/pkcheck.xml"/> + <xi:include href="../man/pkaction.xml"/> + <xi:include href="../man/pkexec.xml"/> </reference> <index> diff --git a/src/programs/Makefile.am b/src/programs/Makefile.am index 7a51ade..1765768 100644 --- a/src/programs/Makefile.am +++ b/src/programs/Makefile.am @@ -17,20 +17,7 @@ INCLUDES = \ # ---------------------------------------------------------------------------------------------------- -bin_PROGRAMS = polkit-1 pkexec pkcheck - -# ---------------------------------------------------------------------------------------------------- - -polkit_1_SOURCES = polkit.c - -polkit_1_CFLAGS = \ - $(GLIB_CFLAGS) \ - $(NULL) - -polkit_1_LDADD = \ - $(GLIB_LDADD) \ - $(top_builddir)/src/polkit/libpolkit-gobject-1.la \ - $(NULL) +bin_PROGRAMS = pkexec pkcheck pkaction # ---------------------------------------------------------------------------------------------------- @@ -82,6 +69,19 @@ pkcheck_LDADD = \ # ---------------------------------------------------------------------------------------------------- +pkaction_SOURCES = pkaction.c + +pkaction_CFLAGS = \ + $(GLIB_CFLAGS) \ + $(NULL) + +pkaction_LDADD = \ + $(GLIB_LDADD) \ + $(top_builddir)/src/polkit/libpolkit-gobject-1.la \ + $(NULL) + +# ---------------------------------------------------------------------------------------------------- + clean-local : rm -f *~ diff --git a/src/programs/pkaction.c b/src/programs/pkaction.c new file mode 100644 index 0000000..3493bc0 --- /dev/null +++ b/src/programs/pkaction.c @@ -0,0 +1,221 @@ +/* + * Copyright (C) 2009 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, write to the + * Free Software Foundation, Inc., 59 Temple Place, Suite 330, + * Boston, MA 02111-1307, USA. + * + * Author: David Zeuthen <davidz@redhat.com> + */ + +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + +#include <stdio.h> +#include <polkit/polkit.h> + +static void +usage (int argc, char *argv[]) +{ + GError *error; + + error = NULL; + if (!g_spawn_command_line_sync ("man pkaction", + NULL, + NULL, + NULL, + &error)) + { + g_printerr ("Cannot show manual page: %s\n", error->message); + g_error_free (error); + } +} + +static void +print_action (PolkitActionDescription *action, + gboolean opt_verbose) +{ + + if (!opt_verbose) + { + g_print ("%s\n", polkit_action_description_get_action_id (action)); + } + else + { + const gchar *vendor; + const gchar *vendor_url; + const gchar *icon_name; + const gchar* const *annotation_keys; + guint n; + + vendor = polkit_action_description_get_vendor_name (action); + vendor_url = polkit_action_description_get_vendor_url (action); + icon_name = polkit_action_description_get_icon_name (action); + + g_print ("%s:\n", polkit_action_description_get_action_id (action)); + g_print (" description: %s\n", polkit_action_description_get_description (action)); + g_print (" message: %s\n", polkit_action_description_get_message (action)); + if (vendor != NULL) + g_print (" vendor: %s\n", vendor); + if (vendor_url != NULL) + g_print (" vendor_url: %s\n", vendor_url); + + if (icon_name != NULL) + g_print (" icon: %s\n", icon_name); + + g_print (" implicit any: %s\n", polkit_implicit_authorization_to_string (polkit_action_description_get_implicit_any (action))); + g_print (" implicit inactive: %s\n", polkit_implicit_authorization_to_string (polkit_action_description_get_implicit_inactive (action))); + g_print (" implicit active: %s\n", polkit_implicit_authorization_to_string (polkit_action_description_get_implicit_active (action))); + + annotation_keys = polkit_action_description_get_annotation_keys (action); + for (n = 0; annotation_keys[n] != NULL; n++) + { + const gchar *key; + const gchar *value; + + key = annotation_keys[n]; + value = polkit_action_description_get_annotation (action, key); + g_print (" annotation: %s -> %s\n", key, value); + } + g_print ("\n"); + } +} + +int +main (int argc, char *argv[]) +{ + guint n; + guint ret; + gchar *action_id; + gboolean opt_show_help; + gboolean opt_show_version; + gboolean opt_verbose; + PolkitAuthority *authority; + GList *l; + GList *actions; + PolkitActionDescription *description; + GError *error; + + action_id = NULL; + authority = NULL; + actions = NULL; + description = NULL; + ret = 1; + + g_type_init (); + + opt_show_help = FALSE; + opt_show_version = FALSE; + opt_verbose = FALSE; + for (n = 1; n < (guint) argc; n++) + { + if (g_strcmp0 (argv[n], "--help") == 0) + { + opt_show_help = TRUE; + } + else if (g_strcmp0 (argv[n], "--version") == 0) + { + opt_show_version = TRUE; + } + else if (g_strcmp0 (argv[n], "--action-id") == 0 || g_strcmp0 (argv[n], "-a") == 0) + { + n++; + if (n >= (guint) argc) + { + usage (argc, argv); + goto out; + } + + action_id = g_strdup (argv[n]); + } + else if (g_strcmp0 (argv[n], "--verbose") == 0 || g_strcmp0 (argv[n], "-v") == 0) + { + opt_verbose = TRUE; + } + } + + if (opt_show_help) + { + usage (argc, argv); + ret = 0; + goto out; + } + else if (opt_show_version) + { + g_print ("pkaction version %s\n", PACKAGE_VERSION); + ret = 0; + goto out; + } + + authority = polkit_authority_get (); + + error = NULL; + actions = polkit_authority_enumerate_actions_sync (authority, + NULL, /* GCancellable */ + &error); + if (error != NULL) + { + g_printerr ("Error enumerating actions: %s\n", error->message); + g_error_free (error); + goto out; + } + + if (action_id != NULL) + { + for (l = actions; l != NULL; l = l->next) + { + PolkitActionDescription *action = POLKIT_ACTION_DESCRIPTION (l->data); + const gchar *id; + + id = polkit_action_description_get_action_id (action); + + if (g_strcmp0 (id, action_id) == 0) + { + print_action (action, opt_verbose); + break; + } + } + + if (l == NULL) + { + g_printerr ("No action with action id %s\n", action_id); + goto out; + } + } + else + { + for (l = actions; l != NULL; l = l->next) + { + PolkitActionDescription *action = POLKIT_ACTION_DESCRIPTION (l->data); + + print_action (action, opt_verbose); + } + } + + out: + g_list_foreach (actions, (GFunc) g_object_unref, NULL); + g_list_free (actions); + + if (description != NULL) + g_object_unref (description); + + g_free (action_id); + + if (authority != NULL) + g_object_unref (authority); + + return ret; +} + diff --git a/src/programs/polkit.c b/src/programs/polkit.c deleted file mode 100644 index 88d4c63..0000000 --- a/src/programs/polkit.c +++ /dev/null @@ -1,913 +0,0 @@ -/* - * Copyright (C) 2008 Red Hat, Inc. - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General - * Public License along with this library; if not, write to the - * Free Software Foundation, Inc., 59 Temple Place, Suite 330, - * Boston, MA 02111-1307, USA. - * - * Author: David Zeuthen <davidz@redhat.com> - */ - -#ifdef HAVE_CONFIG_H -# include "config.h" -#endif - -#include <string.h> -#define POLKIT_I_KNOW_AUTHORITY_MANAGER_API_IS_SUBJECT_TO_CHANGE -#include <polkit/polkit.h> - -static PolkitAuthority *authority; -static PolkitAuthorityManager *authority_manager; - -static gboolean opt_list_actions = FALSE; -static gboolean opt_list_users = FALSE; -static gboolean opt_list_groups = FALSE; -static gboolean opt_list_authorizations = FALSE; -static gboolean opt_list_explicit_authorizations = FALSE; -static gboolean opt_check = FALSE; -static gboolean opt_add = FALSE; -static gboolean opt_remove = FALSE; - -static gboolean opt_show_help = FALSE; -static gboolean opt_show_version = FALSE; - -static gboolean opt_verbose = FALSE; - -static PolkitSubject *subject = NULL; -static PolkitIdentity *identity = NULL; - -static gchar *action_id = NULL; - -/* ---------------------------------------------------------------------------------------------------- */ - -static gboolean list_actions (void); -static gboolean list_users (void); -static gboolean list_groups (void); -//static gboolean list_authorizations (void); -static gboolean list_explicit_authorizations (void); - -//static gboolean do_check (void); -static gboolean do_add (void); -static gboolean do_remove (void); - -static gboolean show_action (const gchar *action_id); - -/* ---------------------------------------------------------------------------------------------------- */ - -static void -usage (int argc, char *argv[]) -{ - GError *error; - - error = NULL; - if (!g_spawn_command_line_sync ("man polkit-1", - NULL, - NULL, - NULL, - &error)) - { - g_printerr ("Cannot show manual page: %s\n", error->message); - g_error_free (error); - } -} - -/* ---------------------------------------------------------------------------------------------------- */ - -int -main (int argc, char *argv[]) -{ - gint n; - gboolean ret; - gboolean in_list; - gboolean stop_processing_args; - GError *error; - - ret = FALSE; - error = NULL; - - g_type_init (); - - in_list = FALSE; - stop_processing_args = FALSE; - for (n = 1; n < argc && !stop_processing_args; n++) - { - if (in_list) - { - if (strcmp (argv[n], "actions") == 0) - { - opt_list_actions = TRUE; - } - else if (strcmp (argv[n], "users") == 0) - { - opt_list_users = TRUE; - } - else if (strcmp (argv[n], "groups") == 0) - { - opt_list_groups = TRUE; - } - else if (strcmp (argv[n], "authorizations") == 0) - { - opt_list_authorizations = TRUE; - } - else if (strcmp (argv[n], "explicit-authorizations") == 0) - { - opt_list_explicit_authorizations = TRUE; - - n++; - if (n >= argc) - { - usage (argc, argv); - goto out; - } - - identity = polkit_identity_from_string (argv[n], &error); - if (identity == NULL) - { - g_printerr ("Error parsing identity: %s\n", error->message); - g_error_free (error); - goto out; - } - - } - else - { - usage (argc, argv); - goto out; - } - - in_list = FALSE; - } - else if (strcmp (argv[n], "list") == 0) - { - in_list = TRUE; - continue; - } - else if (strcmp (argv[n], "check") == 0) - { - opt_check = TRUE; - - n++; - if (n >= argc) - { - usage (argc, argv); - goto out; - } - - subject = polkit_subject_from_string (argv[n], &error); - if (subject == NULL) - { - g_printerr ("Error parsing subject: %s\n", error->message); - g_error_free (error); - goto out; - } - - n++; - if (n >= argc) - { - usage (argc, argv); - goto out; - } - - action_id = g_strdup (argv[n]); - } - else if (strcmp (argv[n], "add") == 0) - { - opt_add = TRUE; - - n++; - if (n >= argc) - { - usage (argc, argv); - goto out; - } - - identity = polkit_identity_from_string (argv[n], &error); - if (identity == NULL) - { - g_printerr ("Error parsing identity: %s\n", error->message); - g_error_free (error); - goto out; - } - - n++; - if (n >= argc) - { - usage (argc, argv); - goto out; - } - - action_id = g_strdup (argv[n]); - } - else if (strcmp (argv[n], "remove") == 0) - { - opt_remove = TRUE; - - n++; - if (n >= argc) - { - usage (argc, argv); - goto out; - } - - identity = polkit_identity_from_string (argv[n], &error); - if (identity == NULL) - { - g_printerr ("Error parsing identity: %s\n", error->message); - g_error_free (error); - goto out; - } - - n++; - if (n >= argc) - { - usage (argc, argv); - goto out; - } - - action_id = g_strdup (argv[n]); - } - else if (strcmp (argv[n], "--subject") == 0) - { - n++; - if (n >= argc) - { - usage (argc, argv); - goto out; - } - - subject = polkit_subject_from_string (argv[n], &error); - if (subject == NULL) - { - g_printerr ("Error parsing subject: %s\n", error->message); - g_error_free (error); - goto out; - } - } - else if (strcmp (argv[n], "--help") == 0) - { - opt_show_help = TRUE; - } - else if (strcmp (argv[n], "--version") == 0) - { - opt_show_version = TRUE; - } - else if (strcmp (argv[n], "--verbose") == 0) - { - opt_verbose = TRUE; - } - else - { - usage (argc, argv); - goto out; - } - } - - authority = polkit_authority_get (); - authority_manager = polkit_authority_manager_get (); - - if (opt_show_help) - { - usage (argc, argv); - ret = TRUE; - goto out; - } - else if (opt_show_version) - { - g_print ("PolicyKit version %s\n", PACKAGE_VERSION); - /* TODO: print backend name / version */ - ret = TRUE; - goto out; - } - else if (opt_list_actions) - { - ret = list_actions (); - } - else if (opt_list_users) - { - ret = list_users (); - } - else if (opt_list_groups) - { - ret = list_groups (); - } - else if (opt_list_authorizations) - { - g_assert_not_reached (); - //ret = list_authorizations (); - } - else if (opt_list_explicit_authorizations) - { - ret = list_explicit_authorizations (); - } - else if (opt_check) - { - if (subject == NULL || action_id == NULL) - { - usage (argc, argv); - goto out; - } - - //ret = do_check (); - g_assert_not_reached (); - } - else if (opt_add) - { - if (identity == NULL || action_id == NULL) - { - usage (argc, argv); - goto out; - } - - ret = do_add (); - } - else if (opt_remove) - { - if (identity == NULL || action_id == NULL) - { - usage (argc, argv); - goto out; - } - - ret = do_remove (); - } - else - { - usage (argc, argv); - } - - - out: - if (authority != NULL) - g_object_unref (authority); - - if (authority_manager != NULL) - g_object_unref (authority_manager); - - if (subject != NULL) - g_object_unref (subject); - - if (identity != NULL) - g_object_unref (identity); - - g_free (action_id); - - return ret ? 0 : 1; -} - -/* ---------------------------------------------------------------------------------------------------- */ - -static void -print_action (PolkitActionDescription *action) -{ - const gchar *vendor; - const gchar *vendor_url; - const gchar *icon_name; - const gchar * const *annotation_keys; - guint n; - - vendor = polkit_action_description_get_vendor_name (action); - vendor_url = polkit_action_description_get_vendor_url (action); - icon_name = polkit_action_description_get_icon_name (action); - - g_print ("%s:\n", polkit_action_description_get_action_id (action)); - g_print (" description: %s\n", polkit_action_description_get_description (action)); - g_print (" message: %s\n", polkit_action_description_get_message (action)); - if (vendor != NULL) - g_print (" vendor: %s\n", vendor); - if (vendor_url != NULL) - g_print (" vendor_url: %s\n", vendor_url); - - if (icon_name != NULL) - g_print (" icon: %s\n", icon_name); - - g_print (" implicit any: %s\n", polkit_implicit_authorization_to_string (polkit_action_description_get_implicit_any (action))); - g_print (" implicit inactive: %s\n", polkit_implicit_authorization_to_string (polkit_action_description_get_implicit_inactive (action))); - g_print (" implicit active: %s\n", polkit_implicit_authorization_to_string (polkit_action_description_get_implicit_active (action))); - - annotation_keys = polkit_action_description_get_annotation_keys (action); - for (n = 0; annotation_keys[n] != NULL; n++) - { - const gchar *key; - const gchar *value; - - key = annotation_keys[n]; - value = polkit_action_description_get_annotation (action, key); - g_print (" annotation: %s -> %s\n", key, value); - } -} - -/* ---------------------------------------------------------------------------------------------------- */ - -static gboolean -show_action (const gchar *action_id) -{ - gboolean ret; - GError *error; - GList *actions; - GList *l; - - ret = FALSE; - - error = NULL; - actions = polkit_authority_enumerate_actions_sync (authority, - NULL, - &error); - if (error != NULL) - { - g_printerr ("Error enumerating actions: %s\n", error->message); - g_error_free (error); - goto out; - } - - for (l = actions; l != NULL; l = l->next) - { - PolkitActionDescription *action = POLKIT_ACTION_DESCRIPTION (l->data); - const gchar *id; - - id = polkit_action_description_get_action_id (action); - - if (strcmp (id, action_id) == 0) - { - print_action (action); - break; - } - } - - g_list_foreach (actions, (GFunc) g_object_unref, NULL); - g_list_free (actions); - - if (l != NULL) - { - ret = TRUE; - } - else - { - g_printerr ("Error: No action with action id %s\n", action_id); - } - - out: - return ret; -} - -static gboolean -list_actions (void) -{ - gboolean ret; - GError *error; - GList *actions; - GList *l; - - ret = FALSE; - - error = NULL; - actions = polkit_authority_enumerate_actions_sync (authority, - NULL, - &error); - if (error != NULL) - { - g_printerr ("Error enumerating actions: %s\n", error->message); - g_error_free (error); - goto out; - } - - for (l = actions; l != NULL; l = l->next) - { - PolkitActionDescription *action = POLKIT_ACTION_DESCRIPTION (l->data); - const gchar *action_id; - - action_id = polkit_action_description_get_action_id (action); - - if (opt_verbose) - { - show_action (action_id); - g_print ("\n"); - } - else - { - g_print ("%s\n", action_id); - } - } - - g_list_foreach (actions, (GFunc) g_object_unref, NULL); - g_list_free (actions); - - ret = TRUE; - - out: - return ret; -} - -/* ---------------------------------------------------------------------------------------------------- */ - -static void -print_identities (GList *identities) -{ - GList *l; - - for (l = identities; l != NULL; l = l->next) - { - PolkitIdentity *identity = POLKIT_IDENTITY (l->data); - gchar *s; - - s = polkit_identity_to_string (identity); - g_print ("%s\n", s); - g_free (s); - } -} - -/* ---------------------------------------------------------------------------------------------------- */ - -static gboolean -list_users (void) -{ - gboolean ret; - GError *error; - GList *identities; - - ret = FALSE; - - error = NULL; - identities = polkit_authority_manager_enumerate_users_sync (authority_manager, - NULL, - &error); - if (error != NULL) - { - g_printerr ("Error enumerating users: %s\n", error->message); - g_error_free (error); - goto out; - } - - print_identities (identities); - - g_list_foreach (identities, (GFunc) g_object_unref, NULL); - g_list_free (identities); - - ret = TRUE; - - out: - return ret; -} - -/* ---------------------------------------------------------------------------------------------------- */ - -static gboolean -list_groups (void) -{ - gboolean ret; - GError *error; - GList *identities; - - ret = FALSE; - - error = NULL; - identities = polkit_authority_manager_enumerate_groups_sync (authority_manager, - NULL, - &error); - if (error != NULL) - { - g_printerr ("Error enumerating users: %s\n", error->message); - g_error_free (error); - goto out; - } - - print_identities (identities); - - g_list_foreach (identities, (GFunc) g_object_unref, NULL); - g_list_free (identities); - - ret = TRUE; - - out: - return ret; -} - -/* ---------------------------------------------------------------------------------------------------- */ - -#if 0 -static gboolean -do_check (void) -{ - PolkitAuthorizationResult result; - GError *error; - - error = NULL; - result = POLKIT_AUTHORIZATION_RESULT_NOT_AUTHORIZED; - - result = polkit_authority_check_authorization_sync (authority, - subject, - action_id, - NULL, /* TODO: details */ - POLKIT_CHECK_AUTHORIZATION_FLAGS_NONE, - NULL, - &error); - if (error != NULL) - { - g_printerr ("Error checking authorization: %s\n", error->message); - g_error_free (error); - goto out; - } - - out: - - return result == POLKIT_AUTHORIZATION_RESULT_AUTHORIZED; -} - -/* ---------------------------------------------------------------------------------------------------- */ - - -typedef struct -{ - gchar *action_id; - PolkitAuthorizationResult result; -} AuthzData; - -static GPtrArray *authz_data_array; - -static gint authz_data_num_pending = 0; - -static GMainLoop *authz_data_loop = NULL; - -static void -authz_data_free (AuthzData *data) -{ - g_free (data->action_id); - g_free (data); -} - -static gint -authz_data_sort_func (gconstpointer a, - gconstpointer b) -{ - AuthzData *data_a; - AuthzData *data_b; - - data_a = (AuthzData *) *((gpointer **) a); - data_b = (AuthzData *) *((gpointer **) b); - - return strcmp (data_a->action_id, data_b->action_id); -} - -static void -list_authz_cb (GObject *source_obj, - GAsyncResult *res, - gpointer user_data) -{ - PolkitAuthority *authority; - AuthzData *data; - GError *error; - PolkitAuthorizationResult result; - - authority = POLKIT_AUTHORITY (source_obj); - data = user_data; - error = NULL; - - result = polkit_authority_check_authorization_finish (authority, - res, - &error); - if (error != NULL) - { - g_printerr ("Unable to check authorization: %s\n", error->message); - g_error_free (error); - } - else - { - data->result = result; - } - - authz_data_num_pending -= 1; - - if (authz_data_num_pending == 0) - g_main_loop_quit (authz_data_loop); -} - -static gboolean -list_authorizations (void) -{ - GError *error; - GList *actions; - GList *l; - gboolean ret; - PolkitSubject *calling_process; - guint n; - - ret = FALSE; - - authz_data_array = g_ptr_array_new (); - authz_data_num_pending = 0; - authz_data_loop = g_main_loop_new (NULL, FALSE); - - calling_process = polkit_unix_process_new (getppid ()); - - error = NULL; - actions = polkit_authority_enumerate_actions_sync (authority, - NULL, - &error); - if (error != NULL) - { - g_printerr ("Error enumerating actions: %s\n", error->message); - g_error_free (error); - goto out; - } - - for (l = actions; l != NULL; l = l->next) - { - PolkitActionDescription *action = POLKIT_ACTION_DESCRIPTION (l->data); - const gchar *action_id; - AuthzData *data; - - action_id = polkit_action_description_get_action_id (action); - - data = g_new0 (AuthzData, 1); - data->action_id = g_strdup (action_id); - - g_ptr_array_add (authz_data_array, data); - - authz_data_num_pending += 1; - - polkit_authority_check_authorization (authority, - calling_process, - action_id, - NULL, /* TODO: details */ - POLKIT_CHECK_AUTHORIZATION_FLAGS_NONE, - NULL, - list_authz_cb, - data); - } - - g_main_loop_run (authz_data_loop); - - ret = TRUE; - - /* sort authorizations by name */ - g_ptr_array_sort (authz_data_array, authz_data_sort_func); - - for (n = 0; n < authz_data_array->len; n++) - { - AuthzData *data = authz_data_array->pdata[n]; - - if (data->result == POLKIT_AUTHORIZATION_RESULT_AUTHORIZED) - g_print ("%s\n", data->action_id); - } - - out: - - g_list_foreach (actions, (GFunc) g_object_unref, NULL); - g_list_free (actions); - - g_ptr_array_foreach (authz_data_array, (GFunc) authz_data_free, NULL); - g_ptr_array_free (authz_data_array, TRUE); - - g_object_unref (calling_process); - - g_main_loop_unref (authz_data_loop); - return ret; -} -#endif - -/* ---------------------------------------------------------------------------------------------------- */ - -static gboolean -list_explicit_authorizations (void) -{ - gboolean ret; - GError *error; - GList *authorizations; - GList *l; - - ret = FALSE; - - error = NULL; - authorizations = polkit_authority_manager_enumerate_authorizations_sync (authority_manager, - identity, - NULL, - &error); - if (error != NULL) - { - g_printerr ("Error enumerating authorizations: %s\n", error->message); - g_error_free (error); - goto out; - } - - for (l = authorizations; l != NULL; l = l->next) - { - PolkitAuthorization *authorization = POLKIT_AUTHORIZATION (l->data); - const gchar *action_id; - - action_id = polkit_authorization_get_action_id (authorization); - - if (opt_verbose) - { - gchar *constrain_str; - PolkitSubject *subject; - - subject = polkit_authorization_get_subject (authorization); - if (subject != NULL) - constrain_str = polkit_subject_to_string (subject); - else - constrain_str = g_strdup ("<nothing>"); - - g_print ("%s:\n", action_id); - g_print (" constrained to: %s\n", constrain_str); - g_print ("\n"); - - g_free (constrain_str); - } - else - { - g_print ("%s\n", action_id); - } - } - - g_list_foreach (authorizations, (GFunc) g_object_unref, NULL); - g_list_free (authorizations); - - ret = TRUE; - - out: - return ret; -} - -/* ---------------------------------------------------------------------------------------------------- */ - -static gboolean -do_add (void) -{ - PolkitAuthorization *authorization; - gboolean ret; - GError *error; - - error = NULL; - ret = FALSE; - - authorization = polkit_authorization_new (action_id, - subject, - FALSE); /* TODO: handle negative */ - - if (!polkit_authority_manager_add_authorization_sync (authority_manager, - identity, - authorization, - NULL, - &error)) - { - g_printerr ("Error adding authorization: %s\n", error->message); - g_error_free (error); - goto out; - } - - ret = TRUE; - - out: - - g_object_unref (authorization); - - return ret; -} - -/* ---------------------------------------------------------------------------------------------------- */ - -static gboolean -do_remove (void) -{ - PolkitAuthorization *authorization; - gboolean ret; - GError *error; - - error = NULL; - ret = FALSE; - - authorization = polkit_authorization_new (action_id, - subject, - FALSE); /* TODO: handle negative */ - - if (!polkit_authority_manager_remove_authorization_sync (authority_manager, - identity, - authorization, - NULL, - &error)) - { - g_printerr ("Error removing authorization: %s\n", error->message); - g_error_free (error); - goto out; - } - - ret = TRUE; - - out: - - g_object_unref (authorization); - - return ret; -} - -/* ---------------------------------------------------------------------------------------------------- */ |