summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMatthias Clasen <mclasen@redhat.com>2009-07-20 17:08:23 -0400
committerRay Strode <rstrode@redhat.com>2009-07-20 17:22:49 -0400
commit89b9256ad86ddc2a9fd12d3359bc431df45c6b25 (patch)
tree5b03752d369af57bbc92593c623006f4a177bbc9
parent282c47eb102f839cbf3bee646ba2841362284760 (diff)
Port to PolicyKit 1.0 apis
-rw-r--r--configure.ac5
-rw-r--r--data/Makefile.am2
-rw-r--r--data/org.freedesktop.consolekit.policy4
-rw-r--r--src/ck-manager.c673
-rw-r--r--src/ck-manager.h5
-rw-r--r--src/org.freedesktop.ConsoleKit.Manager.xml10
6 files changed, 226 insertions, 473 deletions
diff --git a/configure.ac b/configure.ac
index f7b62fc..100887f 100644
--- a/configure.ac
+++ b/configure.ac
@@ -38,7 +38,7 @@ AM_GLIB_GNU_GETTEXT
DBUS_REQUIRED_VERSION=0.30
GLIB_REQUIRED_VERSION=2.7.0
X11_REQUIRED_VERSION=1.0.0
-POLKIT_REQUIRED_VERSION=0.7
+POLKIT_REQUIRED_VERSION=0.92
AC_CHECK_HEADERS(unistd.h)
AC_CHECK_HEADERS(paths.h)
@@ -56,7 +56,7 @@ PKG_CHECK_MODULES(CONSOLE_KIT,
)
PKG_CHECK_MODULES(POLKIT,
- polkit >= $POLKIT_REQUIRED_VERSION,
+ polkit-gobject-1 >= $POLKIT_REQUIRED_VERSION,
have_polkit=yes,
have_polkit=no)
if test "x$have_polkit" = "xyes" ; then
@@ -448,3 +448,4 @@ if test x${have_polkit} = xno -a x${msg_rbac_shutdown} = xno; then
echo " ConsoleKit.conf to match your distro/site to avoid NASTY SECURITY HOLES."
echo ""
fi
+
diff --git a/data/Makefile.am b/data/Makefile.am
index fb245b7..041b431 100644
--- a/data/Makefile.am
+++ b/data/Makefile.am
@@ -7,7 +7,7 @@ seatdir = $(sysconfdir)/ConsoleKit/seats.d
seat_DATA = 00-primary.seat
if HAVE_POLKIT
-polkit_policydir = $(datadir)/PolicyKit/policy
+polkit_policydir = $(datadir)/polkit-1/actions
dist_polkit_policy_DATA = \
org.freedesktop.consolekit.policy \
$(NULL)
diff --git a/data/org.freedesktop.consolekit.policy b/data/org.freedesktop.consolekit.policy
index a5953f4..a709b39 100644
--- a/data/org.freedesktop.consolekit.policy
+++ b/data/org.freedesktop.consolekit.policy
@@ -23,7 +23,7 @@ Policy definitions for ConsoleKit
<message>System policy prevents stopping the system when other users are logged in</message>
<defaults>
<allow_inactive>no</allow_inactive>
- <allow_active>auth_admin_keep_always</allow_active>
+ <allow_active>auth_admin_keep</allow_active>
</defaults>
</action>
@@ -41,7 +41,7 @@ Policy definitions for ConsoleKit
<message>System policy prevents restarting the system when other users are logged in</message>
<defaults>
<allow_inactive>no</allow_inactive>
- <allow_active>auth_admin_keep_always</allow_active>
+ <allow_active>auth_admin_keep</allow_active>
</defaults>
</action>
diff --git a/src/ck-manager.c b/src/ck-manager.c
index 12a69cb..bb65d73 100644
--- a/src/ck-manager.c
+++ b/src/ck-manager.c
@@ -67,7 +67,7 @@
struct CkManagerPrivate
{
#ifdef HAVE_POLKIT
- PolKitContext *pol_ctx;
+ PolkitAuthority *pol_ctx;
#endif
GHashTable *seats;
@@ -740,397 +740,157 @@ get_cookie_for_pid (CkManager *manager,
return cookie;
}
-static CkSession *
-get_session_for_unix_process (CkManager *manager,
- guint pid)
-{
- CkSessionLeader *leader;
- CkSession *session;
- char *cookie;
-
- session = NULL;
- leader = NULL;
-
- cookie = get_cookie_for_pid (manager, pid);
- if (cookie == NULL) {
- goto out;
- }
+typedef void (*AuthorizedCallback) (CkManager *manager,
+ DBusGMethodInvocation *context);
- leader = g_hash_table_lookup (manager->priv->leaders, cookie);
- if (leader == NULL) {
- goto out;
- }
-
- session = g_hash_table_lookup (manager->priv->sessions, ck_session_leader_peek_session_id (leader));
-
- out:
- g_free (cookie);
+typedef struct
+{
+ CkManager *manager;
+ DBusGMethodInvocation *context;
+ AuthorizedCallback callback;
+} AuthorizedCallbackData;
- return session;
+static void
+data_free (AuthorizedCallbackData *data)
+{
+ g_object_unref (data->manager);
+ g_free (data);
}
#ifdef HAVE_POLKIT
-static PolKitSession *
-new_polkit_session_from_session (CkManager *manager,
- CkSession *ck_session)
-{
- PolKitSession *pk_session;
- PolKitSeat *pk_seat;
- uid_t uid;
- gboolean is_active;
- gboolean is_local;
- char *sid;
- char *ssid;
- char *remote_host;
-
- sid = NULL;
- ssid = NULL;
- remote_host = NULL;
-
- ck_session_get_seat_id (ck_session, &sid, NULL);
-
- g_object_get (ck_session,
- "active", &is_active,
- "is-local", &is_local,
- "id", &ssid,
- "unix-user", &uid,
- "remote-host-name", &remote_host,
- NULL);
-
- pk_session = polkit_session_new ();
- if (pk_session == NULL) {
- goto out;
- }
- if (!polkit_session_set_uid (pk_session, uid)) {
- polkit_session_unref (pk_session);
- pk_session = NULL;
- goto out;
- }
- if (!polkit_session_set_ck_objref (pk_session, ssid)) {
- polkit_session_unref (pk_session);
- pk_session = NULL;
- goto out;
- }
- if (!polkit_session_set_ck_is_active (pk_session, is_active)) {
- polkit_session_unref (pk_session);
- pk_session = NULL;
- goto out;
- }
- if (!polkit_session_set_ck_is_local (pk_session, is_local)) {
- polkit_session_unref (pk_session);
- pk_session = NULL;
- goto out;
- }
- if (!is_local) {
- if (!polkit_session_set_ck_remote_host (pk_session, remote_host)) {
- polkit_session_unref (pk_session);
- pk_session = NULL;
- goto out;
- }
-
- }
+static void
+auth_ready_callback (PolkitAuthority *authority,
+ GAsyncResult *res,
+ AuthorizedCallbackData *data)
+{
+ GError *error;
+ GError *error2;
+ PolkitAuthorizationResult *result;
+ error = NULL;
- pk_seat = polkit_seat_new ();
- if (pk_seat == NULL) {
- polkit_session_unref (pk_session);
- pk_session = NULL;
- goto out;
+ result = polkit_authority_check_authorization_finish (authority,
+ res,
+ &error);
+ if (error != NULL) {
+ error2 = g_error_new (CK_MANAGER_ERROR,
+ CK_MANAGER_ERROR_NOT_PRIVILEGED,
+ "Not Authorized: %s", error->message);
+ dbus_g_method_return_error (data->context, error2);
+ g_error_free (error2);
+ g_error_free (error);
}
- if (!polkit_seat_set_ck_objref (pk_seat, sid)) {
- polkit_seat_unref (pk_seat);
- pk_seat = NULL;
- polkit_session_unref (pk_session);
- pk_session = NULL;
- goto out;
+ else if (polkit_authorization_result_get_is_authorized (result)) {
+ data->callback (data->manager, data->context);
}
- if (!polkit_seat_validate (pk_seat)) {
- polkit_seat_unref (pk_seat);
- pk_seat = NULL;
- polkit_session_unref (pk_session);
- pk_session = NULL;
- goto out;
- }
-
- if (!polkit_session_set_seat (pk_session, pk_seat)) {
- polkit_seat_unref (pk_seat);
- pk_seat = NULL;
- polkit_session_unref (pk_session);
- pk_session = NULL;
- goto out;
+ else if (polkit_authorization_result_get_is_challenge (result)) {
+ error = g_error_new (CK_MANAGER_ERROR,
+ CK_MANAGER_ERROR_NOT_PRIVILEGED,
+ "Authorization is required");
+ dbus_g_method_return_error (data->context, error);
+ g_error_free (error);
}
- polkit_seat_unref (pk_seat); /* session object now owns this object */
- pk_seat = NULL;
-
- if (!polkit_session_validate (pk_session)) {
- polkit_session_unref (pk_session);
- pk_session = NULL;
- goto out;
+ else {
+ error = g_error_new (CK_MANAGER_ERROR,
+ CK_MANAGER_ERROR_NOT_PRIVILEGED,
+ "Not Authorized");
+ dbus_g_method_return_error (data->context, error);
+ g_error_free (error);
}
-out:
- g_free (ssid);
- g_free (sid);
- g_free (remote_host);
+ g_object_unref (result);
- return pk_session;
+ data_free (data);
}
-static PolKitCaller *
-new_polkit_caller_from_dbus_name (CkManager *manager,
- const char *dbus_name)
+static void
+check_polkit_permissions (CkManager *manager,
+ DBusGMethodInvocation *context,
+ const char *action,
+ AuthorizedCallback callback)
{
- PolKitCaller *caller;
- pid_t pid;
- uid_t uid;
- char *selinux_context;
- PolKitSession *pk_session;
- DBusMessage *message;
- DBusMessage *reply;
- DBusMessageIter iter;
- DBusMessageIter sub_iter;
- char *str;
- int num_elems;
- DBusConnection *con;
- DBusError error;
- CkSession *ck_session;
-
- dbus_error_init (&error);
-
- con = dbus_g_connection_get_connection (manager->priv->connection);
+ const char *sender;
+ GError *error;
+ PolkitSubject *subject;
+ AuthorizedCallbackData *data;
- g_return_val_if_fail (con != NULL, NULL);
- g_return_val_if_fail (dbus_name != NULL, NULL);
-
- selinux_context = NULL;
-
- caller = NULL;
- ck_session = NULL;
- pk_session = NULL;
+ error = NULL;
- uid = dbus_bus_get_unix_user (con, dbus_name, &error);
- if (dbus_error_is_set (&error)) {
- g_warning ("Could not get uid for connection: %s %s",
- error.name,
- error.message);
- dbus_error_free (&error);
- goto out;
- }
+ g_debug ("constructing polkit data");
- message = dbus_message_new_method_call ("org.freedesktop.DBus",
- "/org/freedesktop/DBus/Bus",
- "org.freedesktop.DBus",
- "GetConnectionUnixProcessID");
- dbus_message_iter_init_append (message, &iter);
- dbus_message_iter_append_basic (&iter, DBUS_TYPE_STRING, &dbus_name);
- reply = dbus_connection_send_with_reply_and_block (con, message, -1, &error);
-
- if (reply == NULL || dbus_error_is_set (&error)) {
- g_warning ("Error doing GetConnectionUnixProcessID on Bus: %s: %s",
- error.name,
- error.message);
- dbus_message_unref (message);
- if (reply != NULL) {
- dbus_message_unref (reply);
- }
- dbus_error_free (&error);
- goto out;
- }
- dbus_message_iter_init (reply, &iter);
- dbus_message_iter_get_basic (&iter, &pid);
- dbus_message_unref (message);
- dbus_message_unref (reply);
-
- message = dbus_message_new_method_call ("org.freedesktop.DBus",
- "/org/freedesktop/DBus/Bus",
- "org.freedesktop.DBus",
- "GetConnectionSELinuxSecurityContext");
- dbus_message_iter_init_append (message, &iter);
- dbus_message_iter_append_basic (&iter, DBUS_TYPE_STRING, &dbus_name);
- reply = dbus_connection_send_with_reply_and_block (con, message, -1, &error);
- /* SELinux might not be enabled */
- if (dbus_error_is_set (&error) &&
- strcmp (error.name, "org.freedesktop.DBus.Error.SELinuxSecurityContextUnknown") == 0) {
- dbus_message_unref (message);
- if (reply != NULL) {
- dbus_message_unref (reply);
- }
- dbus_error_init (&error);
- } else if (reply == NULL || dbus_error_is_set (&error)) {
- g_warning ("Error doing GetConnectionSELinuxSecurityContext on Bus: %s: %s", error.name, error.message);
- dbus_message_unref (message);
- if (reply != NULL) {
- dbus_message_unref (reply);
- }
- goto out;
- } else {
- /* TODO: verify signature */
- dbus_message_iter_init (reply, &iter);
- dbus_message_iter_recurse (&iter, &sub_iter);
- dbus_message_iter_get_fixed_array (&sub_iter, (void *) &str, &num_elems);
- if (str != NULL && num_elems > 0) {
- selinux_context = g_strndup (str, num_elems);
- }
- dbus_message_unref (message);
- dbus_message_unref (reply);
- }
+ /* Check that caller is privileged */
+ sender = dbus_g_method_get_sender (context);
+ subject = polkit_system_bus_name_new (sender);
- ck_session = get_session_for_unix_process (manager, pid);
- if (ck_session == NULL) {
- /* OK, this is not a catastrophe; just means the caller is not a
- * member of any session or that ConsoleKit is not available..
- */
- goto not_in_session;
- }
+ g_debug ("checking if caller %s is authorized", sender);
- pk_session = new_polkit_session_from_session (manager, ck_session);
- if (pk_session == NULL) {
- g_warning ("Got a session but couldn't construct polkit session object!");
- goto out;
- }
- if (!polkit_session_validate (pk_session)) {
- polkit_session_unref (pk_session);
- pk_session = NULL;
- goto out;
- }
+ data = g_new0 (AuthorizedCallbackData, 1);
+ data->manager = g_object_ref (manager);
+ data->context = context;
+ data->callback = callback;
-not_in_session:
+ polkit_authority_check_authorization (manager->priv->pol_ctx,
+ subject,
+ action,
+ NULL,
+ POLKIT_CHECK_AUTHORIZATION_FLAGS_ALLOW_USER_INTERACTION,
+ NULL,
+ (GAsyncReadyCallback)auth_ready_callback,
+ data);
+}
- caller = polkit_caller_new ();
- if (caller == NULL) {
- if (pk_session != NULL) {
- polkit_session_unref (pk_session);
- pk_session = NULL;
- }
- goto out;
- }
+static void
+ready_cb (PolkitAuthority *authority,
+ GAsyncResult *res,
+ DBusGMethodInvocation *context)
+{
+ PolkitAuthorizationResult *ret;
+ GError *error;
- if (!polkit_caller_set_dbus_name (caller, dbus_name)) {
- if (pk_session != NULL) {
- polkit_session_unref (pk_session);
- pk_session = NULL;
- }
- polkit_caller_unref (caller);
- caller = NULL;
- goto out;
- }
- if (!polkit_caller_set_uid (caller, uid)) {
- if (pk_session != NULL) {
- polkit_session_unref (pk_session);
- pk_session = NULL;
- }
- polkit_caller_unref (caller);
- caller = NULL;
- goto out;
- }
- if (!polkit_caller_set_pid (caller, pid)) {
- if (pk_session != NULL) {
- polkit_session_unref (pk_session);
- pk_session = NULL;
- }
- polkit_caller_unref (caller);
- caller = NULL;
- goto out;
+ error = NULL;
+ ret = polkit_authority_check_authorization_finish (authority, res, &error);
+ if (error != NULL) {
+ dbus_g_method_return_error (context, error);
+ g_error_free (error);
}
- if (selinux_context != NULL) {
- if (!polkit_caller_set_selinux_context (caller, selinux_context)) {
- if (pk_session != NULL) {
- polkit_session_unref (pk_session);
- pk_session = NULL;
- }
- polkit_caller_unref (caller);
- caller = NULL;
- goto out;
- }
+ else if (polkit_authorization_result_get_is_authorized (ret)) {
+ dbus_g_method_return (context, TRUE);
}
- if (pk_session != NULL) {
- if (!polkit_caller_set_ck_session (caller, pk_session)) {
- if (pk_session != NULL) {
- polkit_session_unref (pk_session);
- pk_session = NULL;
- }
- polkit_caller_unref (caller);
- caller = NULL;
- goto out;
- }
- polkit_session_unref (pk_session); /* caller object now own this object */
- pk_session = NULL;
+ else if (polkit_authorization_result_get_is_challenge (ret)) {
+ dbus_g_method_return (context, TRUE);
}
-
- if (!polkit_caller_validate (caller)) {
- polkit_caller_unref (caller);
- caller = NULL;
- goto out;
+ else {
+ dbus_g_method_return (context, FALSE);
}
-out:
- g_free (selinux_context);
-
- return caller;
+ g_object_unref (ret);
}
-static gboolean
-_check_polkit_for_action (CkManager *manager,
- DBusGMethodInvocation *context,
- const char *action)
+static void
+get_polkit_permissions (CkManager *manager,
+ const char *action,
+ DBusGMethodInvocation *context)
{
- const char *sender;
- GError *error;
- DBusError dbus_error;
- PolKitCaller *pk_caller;
- PolKitAction *pk_action;
- PolKitResult pk_result;
+ const char *sender;
+ PolkitSubject *subject;
+ GError *error;
- error = NULL;
+ g_debug ("get permissions for action %s", action);
- g_debug ("constructing polkit data");
-
- /* Check that caller is privileged */
sender = dbus_g_method_get_sender (context);
- dbus_error_init (&dbus_error);
-
- pk_caller = new_polkit_caller_from_dbus_name (manager, sender);
- if (pk_caller == NULL) {
- error = g_error_new (CK_MANAGER_ERROR,
- CK_MANAGER_ERROR_GENERAL,
- "Error getting information about caller: %s: %s",
- dbus_error.name,
- dbus_error.message);
- dbus_error_free (&dbus_error);
- dbus_g_method_return_error (context, error);
- g_error_free (error);
- return FALSE;
- }
-
- pk_action = polkit_action_new ();
- polkit_action_set_action_id (pk_action, action);
-
- g_debug ("checking if caller %s is authorized", sender);
-
- /* this version crashes if error is used */
- pk_result = polkit_context_is_caller_authorized (manager->priv->pol_ctx,
- pk_action,
- pk_caller,
- TRUE,
- NULL);
- g_debug ("answer is: %s", (pk_result == POLKIT_RESULT_YES) ? "yes" : "no");
+ subject = polkit_system_bus_name_new (sender);
- polkit_caller_unref (pk_caller);
- polkit_action_unref (pk_action);
-
- if (pk_result != POLKIT_RESULT_YES) {
- error = g_error_new (CK_MANAGER_ERROR,
- CK_MANAGER_ERROR_NOT_PRIVILEGED,
- "Not privileged for action: %s %s",
- action,
- polkit_result_to_string_representation (pk_result));
- dbus_error_free (&dbus_error);
- dbus_g_method_return_error (context, error);
- g_error_free (error);
- return FALSE;
- }
+ error = NULL;
+ polkit_authority_check_authorization (manager->priv->pol_ctx,
+ subject,
+ action,
+ NULL,
+ 0,
+ NULL,
+ (GAsyncReadyCallback) ready_cb,
+ context);
+ g_object_unref (subject);
- return TRUE;
}
#endif
@@ -1271,9 +1031,10 @@ get_system_num_users (CkManager *manager)
}
#ifdef ENABLE_RBAC_SHUTDOWN
-static gboolean
+static void
check_rbac_permissions (CkManager *manager,
- DBusGMethodInvocation *context)
+ DBusGMethodInvocation *context,
+ AuthorizedCallback callback)
{
const char *sender;
char *username;
@@ -1308,10 +1069,44 @@ out:
}
g_free (username);
- return res;
+
+ if (res) {
+ callback (manager, context);
+ }
}
#endif
+static void
+do_restart (CkManager *manager,
+ DBusGMethodInvocation *context)
+{
+ GError *error;
+ gboolean res;
+
+ g_debug ("ConsoleKit preforming Restart");
+
+ log_system_restart_event (manager);
+
+ error = NULL;
+ res = g_spawn_command_line_async (PREFIX "/lib/ConsoleKit/scripts/ck-system-restart",
+ &error);
+ if (! res) {
+ GError *new_error;
+
+ g_warning ("Unable to restart system: %s", error->message);
+
+ new_error = g_error_new (CK_MANAGER_ERROR,
+ CK_MANAGER_ERROR_GENERAL,
+ "Unable to restart system: %s", error->message);
+ dbus_g_method_return_error (context, new_error);
+ g_error_free (new_error);
+
+ g_error_free (error);
+ } else {
+ dbus_g_method_return (context);
+ }
+}
+
/*
Example:
dbus-send --system --dest=org.freedesktop.ConsoleKit \
@@ -1323,12 +1118,7 @@ gboolean
ck_manager_restart (CkManager *manager,
DBusGMethodInvocation *context)
{
- gboolean ret;
- gboolean res;
const char *action;
- GError *error;
-
- ret = FALSE;
if (get_system_num_users (manager) > 1) {
action = "org.freedesktop.consolekit.system.restart-multiple-users";
@@ -1339,58 +1129,69 @@ ck_manager_restart (CkManager *manager,
g_debug ("ConsoleKit Restart: %s", action);
#if defined HAVE_POLKIT
- res = _check_polkit_for_action (manager, context, action);
- if (! res) {
- goto out;
- }
+ check_polkit_permissions (manager, context, action, do_restart);
#elif defined ENABLE_RBAC_SHUTDOWN
- if (! check_rbac_permissions (manager, context)) {
- goto out;
- }
+ check_rbac_permissions (manager, context, do_restart);
#else
g_warning ("Compiled without PolicyKit or RBAC support!");
- goto out;
#endif
- g_debug ("ConsoleKit preforming Restart: %s", action);
+ return TRUE;
+}
- log_system_restart_event (manager);
+gboolean
+ck_manager_can_restart (CkManager *manager,
+ DBusGMethodInvocation *context)
+
+{
+ const char *action;
+
+ action = "org.freedesktop.consolekit.system.restart";
+
+#if defined HAVE_POLKIT
+ get_polkit_permissions (manager, action, context);
+#else
+ dbus_g_method_return (context, TRUE);
+#endif
+
+ return TRUE;
+}
+
+static void
+do_stop (CkManager *manager,
+ DBusGMethodInvocation *context)
+{
+ GError *error;
+ gboolean res;
+
+ g_debug ("Stopping system");
+
+ log_system_stop_event (manager);
error = NULL;
- res = g_spawn_command_line_async (PREFIX "/lib/ConsoleKit/scripts/ck-system-restart",
+ res = g_spawn_command_line_async (PREFIX "/lib/ConsoleKit/scripts/ck-system-stop",
&error);
if (! res) {
GError *new_error;
- g_warning ("Unable to restart system: %s", error->message);
+ g_warning ("Unable to stop system: %s", error->message);
new_error = g_error_new (CK_MANAGER_ERROR,
CK_MANAGER_ERROR_GENERAL,
- "Unable to restart system: %s", error->message);
+ "Unable to stop system: %s", error->message);
dbus_g_method_return_error (context, new_error);
g_error_free (new_error);
-
g_error_free (error);
} else {
- ret = TRUE;
dbus_g_method_return (context);
}
-
- out:
-
- return ret;
}
gboolean
ck_manager_stop (CkManager *manager,
DBusGMethodInvocation *context)
{
- gboolean ret;
- gboolean res;
const char *action;
- GError *error;
-
- ret = TRUE;
if (get_system_num_users (manager) > 1) {
action = "org.freedesktop.consolekit.system.stop-multiple-users";
@@ -1399,45 +1200,31 @@ ck_manager_stop (CkManager *manager,
}
#if defined HAVE_POLKIT
- res = _check_polkit_for_action (manager, context, action);
- if (! res) {
- goto out;
- }
+ check_polkit_permissions (manager, context, action, do_stop);
#elif defined ENABLE_RBAC_SHUTDOWN
- if (!check_rbac_permissions (manager, context)) {
- goto out;
- }
+ check_rbac_permissions (manager, context, do_stop);
#else
g_warning ("Compiled without PolicyKit or RBAC support!");
- goto out;
#endif
- g_debug ("Stopping system");
-
- log_system_stop_event (manager);
-
- error = NULL;
- res = g_spawn_command_line_async (PREFIX "/lib/ConsoleKit/scripts/ck-system-stop",
- &error);
- if (! res) {
- GError *new_error;
+ return TRUE;
+}
- g_warning ("Unable to stop system: %s", error->message);
+gboolean
+ck_manager_can_stop (CkManager *manager,
+ DBusGMethodInvocation *context)
+{
+ const char *action;
- new_error = g_error_new (CK_MANAGER_ERROR,
- CK_MANAGER_ERROR_GENERAL,
- "Unable to stop system: %s", error->message);
- dbus_g_method_return_error (context, new_error);
- g_error_free (new_error);
+ action = "org.freedesktop.consolekit.system.stop";
- g_error_free (error);
- } else {
- ret = TRUE;
- dbus_g_method_return (context);
- }
+#if defined HAVE_POLKIT
+ get_polkit_permissions (manager, action, context);
+#else
+ dbus_g_method_return (context, TRUE);
+#endif
- out:
- return ret;
+ return TRUE;
}
static void
@@ -2423,63 +2210,13 @@ bus_name_owner_changed (DBusGProxy *bus_proxy,
service_name, old_service_name, new_service_name);
}
-#ifdef HAVE_POLKIT
-static gboolean
-pk_io_watch_have_data (GIOChannel *channel,
- GIOCondition condition,
- gpointer user_data)
-{
- int fd;
- PolKitContext *pk_context = user_data;
-
- fd = g_io_channel_unix_get_fd (channel);
- polkit_context_io_func (pk_context, fd);
- return TRUE;
-}
-
-static int
-pk_io_add_watch (PolKitContext *pk_context,
- int fd)
-{
- guint id = 0;
- GIOChannel *channel;
-
- channel = g_io_channel_unix_new (fd);
- if (channel == NULL) {
- goto out;
- }
-
- id = g_io_add_watch (channel, G_IO_IN, pk_io_watch_have_data, pk_context);
- if (id == 0) {
- g_io_channel_unref (channel);
- goto out;
- }
- g_io_channel_unref (channel);
-
-out:
- return id;
-}
-
-static void
-pk_io_remove_watch (PolKitContext *pk_context,
- int watch_id)
-{
- g_source_remove (watch_id);
-}
-#endif
-
static gboolean
register_manager (CkManager *manager)
{
GError *error = NULL;
#ifdef HAVE_POLKIT
- manager->priv->pol_ctx = polkit_context_new ();
- polkit_context_set_io_watch_functions (manager->priv->pol_ctx, pk_io_add_watch, pk_io_remove_watch);
- if (! polkit_context_init (manager->priv->pol_ctx, NULL)) {
- g_critical ("cannot initialize libpolkit");
- return FALSE;
- }
+ manager->priv->pol_ctx = polkit_authority_get ();
#endif
error = NULL;
diff --git a/src/ck-manager.h b/src/ck-manager.h
index 45910b7..4bd56e8 100644
--- a/src/ck-manager.h
+++ b/src/ck-manager.h
@@ -79,9 +79,14 @@ CkManager * ck_manager_new (void);
/* System actions */
gboolean ck_manager_stop (CkManager *manager,
DBusGMethodInvocation *context);
+
gboolean ck_manager_restart (CkManager *manager,
DBusGMethodInvocation *context);
+gboolean ck_manager_can_stop (CkManager *manager,
+ DBusGMethodInvocation *context);
+gboolean ck_manager_can_restart (CkManager *manager,
+ DBusGMethodInvocation *context);
/* Authoritative properties */
gboolean ck_manager_open_session (CkManager *manager,
DBusGMethodInvocation *context);
diff --git a/src/org.freedesktop.ConsoleKit.Manager.xml b/src/org.freedesktop.ConsoleKit.Manager.xml
index c4d3dd5..f903b55 100644
--- a/src/org.freedesktop.ConsoleKit.Manager.xml
+++ b/src/org.freedesktop.ConsoleKit.Manager.xml
@@ -13,6 +13,11 @@
</doc:doc>
</method>
+ <method name="CanRestart">
+ <annotation name="org.freedesktop.DBus.GLib.Async" value=""/>
+ <arg name="can_restart" type="b" direction="out"/>
+ </method>
+
<method name="Stop">
<annotation name="org.freedesktop.DBus.GLib.Async" value=""/>
<doc:doc>
@@ -22,6 +27,11 @@
</doc:doc>
</method>
+ <method name="CanStop">
+ <annotation name="org.freedesktop.DBus.GLib.Async" value=""/>
+ <arg name="can_stop" type="b" direction="out"/>
+ </method>
+
<method name="OpenSession">
<annotation name="org.freedesktop.DBus.GLib.Async" value=""/>
<arg name="cookie" direction="out" type="s">