Authorization Entry

Authorization Entry — An entry in the autothorization database

Synopsis

                    PolKitAuthorization;
PolKitAuthorization* polkit_authorization_ref           (PolKitAuthorization *auth);
void                polkit_authorization_unref          (PolKitAuthorization *auth);
void                polkit_authorization_debug          (PolKitAuthorization *auth);
polkit_bool_t       polkit_authorization_validate       (PolKitAuthorization *auth);
enum                PolKitAuthorizationScope;
enum                PolKitAuthorizationType;
PolKitAuthorizationType polkit_authorization_type       (PolKitAuthorization *auth);
const char*         polkit_authorization_get_action_id  (PolKitAuthorization *auth);
uid_t               polkit_authorization_get_uid        (PolKitAuthorization *auth);
time_t              polkit_authorization_get_time_of_grant
                                                        (PolKitAuthorization *auth);
PolKitAuthorizationScope polkit_authorization_get_scope (PolKitAuthorization *auth);
polkit_bool_t       polkit_authorization_scope_process_get_pid
                                                        (PolKitAuthorization *auth,
                                                         pid_t *out_pid,
                                                         polkit_uint64_t *out_pid_start_time);
const char*         polkit_authorization_scope_session_get_ck_objref
                                                        (PolKitAuthorization *auth);
polkit_bool_t       polkit_authorization_was_granted_via_defaults
                                                        (PolKitAuthorization *auth,
                                                         uid_t *out_user_authenticated_as);
polkit_bool_t       polkit_authorization_was_granted_explicitly
                                                        (PolKitAuthorization *auth,
                                                         uid_t *out_by_whom,
                                                         polkit_bool_t *out_is_negative);
polkit_bool_t       (*PolKitAuthorizationConstraintsForeachFunc)
                                                        (PolKitAuthorization *auth,
                                                         PolKitAuthorizationConstraint *authc,
                                                         void *user_data);
polkit_bool_t       polkit_authorization_constraints_foreach
                                                        (PolKitAuthorization *auth,
                                                         PolKitAuthorizationConstraintsForeachFunc cb,
                                                         void *user_data);

Description

This class is used to represent entries in the authorization database.

Details

PolKitAuthorization

typedef struct _PolKitAuthorization PolKitAuthorization;

Objects of this class are used to represent entries in the authorization database.

Since 0.7


polkit_authorization_ref ()

PolKitAuthorization* polkit_authorization_ref           (PolKitAuthorization *auth);

Increase reference count.

auth : the authorization object
Returns : the object

Since 0.7


polkit_authorization_unref ()

void                polkit_authorization_unref          (PolKitAuthorization *auth);

Decreases the reference count of the object. If it becomes zero, the object is freed. Before freeing, reference counts on embedded objects are decresed by one.

auth : the authorization object

Since 0.7


polkit_authorization_debug ()

void                polkit_authorization_debug          (PolKitAuthorization *auth);

Print debug details

auth : the object

Since 0.7


polkit_authorization_validate ()

polkit_bool_t       polkit_authorization_validate       (PolKitAuthorization *auth);

Validate the object

auth : the object
Returns : TRUE iff the object is valid.

Since 0.7


enum PolKitAuthorizationScope

typedef enum {
        POLKIT_AUTHORIZATION_SCOPE_PROCESS_ONE_SHOT,
        POLKIT_AUTHORIZATION_SCOPE_PROCESS,
        POLKIT_AUTHORIZATION_SCOPE_SESSION,
        POLKIT_AUTHORIZATION_SCOPE_ALWAYS,
} PolKitAuthorizationScope;

The scope of an authorization; e.g. whether it's limited to a process, a session or unlimited.

POLKIT_AUTHORIZATION_SCOPE_PROCESS_ONE_SHOT The authorization is limited for a single shot for a single process on the system
POLKIT_AUTHORIZATION_SCOPE_PROCESS The authorization is limited for a single process on the system
POLKIT_AUTHORIZATION_SCOPE_SESSION The authorization is limited for processes originating from a given session
POLKIT_AUTHORIZATION_SCOPE_ALWAYS The authorization is retained indefinitely.

Since 0.7


enum PolKitAuthorizationType

typedef enum {
        POLKIT_AUTHORIZATION_TYPE_UID,
} PolKitAuthorizationType;

The type of authorization; e.g. whether it applies to a user, group, security context and so on (right now only users are supported).

POLKIT_AUTHORIZATION_TYPE_UID The authorization is for a UNIX user

Since 0.7


polkit_authorization_type ()

PolKitAuthorizationType polkit_authorization_type       (PolKitAuthorization *auth);

Determine the type of authorization.

auth : the authorization object
Returns : the authorization type

Since 0.7


polkit_authorization_get_action_id ()

const char*         polkit_authorization_get_action_id  (PolKitAuthorization *auth);

Get the action this authorization is for

auth : the object
Returns : the action id. Caller should not free this string.

Since 0.7


polkit_authorization_get_uid ()

uid_t               polkit_authorization_get_uid        (PolKitAuthorization *auth);

Gets the UNIX user id for the user the authorization is confined to.

auth : the object
Returns : The UNIX user id for whom the authorization is confied to

Since 0.7


polkit_authorization_get_time_of_grant ()

time_t              polkit_authorization_get_time_of_grant
                                                        (PolKitAuthorization *auth);

Returns the point in time the authorization was granted. The value is UNIX time, e.g. number of seconds since the Epoch Jan 1, 1970 0:00 UTC.

auth : the object
Returns : When authorization was granted

Since 0.7


polkit_authorization_get_scope ()

PolKitAuthorizationScope polkit_authorization_get_scope (PolKitAuthorization *auth);

Get the scope of the authorization; e.g. whether it's confined to a single process, a single session or can be retained indefinitely. Also keep in mind that an authorization is subject to constraints, see polkit_authorization_constraints_foreach() for details.

auth : the object
Returns : the scope

Since 0.7


polkit_authorization_scope_process_get_pid ()

polkit_bool_t       polkit_authorization_scope_process_get_pid
                                                        (PolKitAuthorization *auth,
                                                         pid_t *out_pid,
                                                         polkit_uint64_t *out_pid_start_time);

If scope is POLKIT_AUTHORIZATION_SCOPE_PROCESS_ONE_SHOT or POLKIT_AUTHORIZATION_SCOPE_PROCESS, get information about what process the authorization is confined to.

As process identifiers can be recycled, the start time of the process (the unit is not well-defined; on Linux it's the number of milliseconds since the system was started) is also returned.

auth : the object
out_pid : return location
out_pid_start_time : return location
Returns : TRUE if information was returned

Since 0.7


polkit_authorization_scope_session_get_ck_objref ()

const char*         polkit_authorization_scope_session_get_ck_objref
                                                        (PolKitAuthorization *auth);

Gets the ConsoleKit object path for the session the authorization is confined to.

auth : the object
Returns : NULL if scope wasn't session

Since 0.7


polkit_authorization_was_granted_via_defaults ()

polkit_bool_t       polkit_authorization_was_granted_via_defaults
                                                        (PolKitAuthorization *auth,
                                                         uid_t *out_user_authenticated_as);

Determine if the authorization was obtained by the user by authenticating as himself or an administrator via the the "defaults" section in the .policy file for the action (e.g. "allow_any", "allow_inactive", "allow_active").

Compare with polkit_authorization_was_granted_explicitly() - only one of these functions can return TRUE.

auth : the object
out_user_authenticated_as : return location
Returns : TRUE if the authorization was obtained by the user himself authenticating.

Since 0.7


polkit_authorization_was_granted_explicitly ()

polkit_bool_t       polkit_authorization_was_granted_explicitly
                                                        (PolKitAuthorization *auth,
                                                         uid_t *out_by_whom,
                                                         polkit_bool_t *out_is_negative);

Determine if the authorization was explicitly granted by a sufficiently privileged user.

Compare with polkit_authorization_was_granted_via_defaults() - only one of these functions can return TRUE.

auth : the object
out_by_whom : return location
out_is_negative : return location
Returns : TRUE if the authorization was explicitly granted by a sufficiently privileger user. If TRUE, the user who granted the authorization is returned in out_by_whom. If the authorization is negative, TRUE is returned in out_is_negative.

Since 0.7


PolKitAuthorizationConstraintsForeachFunc ()

polkit_bool_t       (*PolKitAuthorizationConstraintsForeachFunc)
                                                        (PolKitAuthorization *auth,
                                                         PolKitAuthorizationConstraint *authc,
                                                         void *user_data);

Callback function for polkit_authorization_constraints_foreach().

auth : authorization
authc : authorization constraint
user_data : user data
Returns : Pass TRUE to short-circuit, e.g. stop the iteration

polkit_authorization_constraints_foreach ()

polkit_bool_t       polkit_authorization_constraints_foreach
                                                        (PolKitAuthorization *auth,
                                                         PolKitAuthorizationConstraintsForeachFunc cb,
                                                         void *user_data);

Iterate over all constraints associated with an authorization.

auth : the object
cb : callback function
user_data : user data
Returns : TRUE if the caller short-circuited the iteration.

Since 0.7