Merge branch 'pam-module' into 'master'
Add session limits support and PAM module See merge request pwithnall/malcontent!19
This commit is contained in:
commit
83d2fdb838
|
@ -5,7 +5,7 @@ before_script:
|
||||||
libxml2-devel dbus-daemon
|
libxml2-devel dbus-daemon
|
||||||
glib2-devel dbus-devel gobject-introspection-devel
|
glib2-devel dbus-devel gobject-introspection-devel
|
||||||
gettext-devel polkit-devel polkit-gnome git
|
gettext-devel polkit-devel polkit-gnome git
|
||||||
lcov
|
lcov pam-devel
|
||||||
- export LANG=C.UTF-8
|
- export LANG=C.UTF-8
|
||||||
|
|
||||||
stages:
|
stages:
|
||||||
|
|
|
@ -0,0 +1,50 @@
|
||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
<!DOCTYPE node PUBLIC "-//freedesktop//DTD D-BUS Object Introspection 1.0//EN"
|
||||||
|
"http://www.freedesktop.org/standards/dbus/1.0/introspect.dtd">
|
||||||
|
<node>
|
||||||
|
<interface name="com.endlessm.ParentalControls.SessionLimits">
|
||||||
|
|
||||||
|
<annotation name="org.freedesktop.Accounts.VendorExtension" value="true"/>
|
||||||
|
|
||||||
|
<annotation name="org.freedesktop.Accounts.Authentication.ChangeOwn"
|
||||||
|
value="com.endlessm.ParentalControls.SessionLimits.ChangeOwn"/>
|
||||||
|
<annotation name="org.freedesktop.Accounts.Authentication.ReadOwn"
|
||||||
|
value="com.endlessm.ParentalControls.SessionLimits.ReadOwn"/>
|
||||||
|
<annotation name="org.freedesktop.Accounts.Authentication.ChangeAny"
|
||||||
|
value="com.endlessm.ParentalControls.SessionLimits.ChangeAny"/>
|
||||||
|
<annotation name="org.freedesktop.Accounts.Authentication.ReadAny"
|
||||||
|
value="com.endlessm.ParentalControls.SessionLimits.ReadAny"/>
|
||||||
|
|
||||||
|
<!--
|
||||||
|
LimitType:
|
||||||
|
|
||||||
|
The type of session limit applied to the user, as an enumerated type.
|
||||||
|
Currently, the following values are supported, but more values may be
|
||||||
|
added in future.
|
||||||
|
- `0`: No filter enabled. The user is not limited in the times or
|
||||||
|
durations of their sessions.
|
||||||
|
- `1`: Daily schedule. The user is limited to using the computer between
|
||||||
|
a fixed start and end time each day, as set in the `DailySchedule`
|
||||||
|
property.
|
||||||
|
-->
|
||||||
|
<property name="LimitType" type="u" access="readwrite">
|
||||||
|
<annotation name="org.freedesktop.Accounts.DefaultValue" value="0"/>
|
||||||
|
</property>
|
||||||
|
|
||||||
|
<!--
|
||||||
|
DailySchedule:
|
||||||
|
|
||||||
|
A daily schedule to limit the user’s computer use. This is a two-tuple of
|
||||||
|
a start time and an end time, both given as the number of seconds since
|
||||||
|
midnight. The end time must be greater than the start time, and must be
|
||||||
|
≤ 86400 (the number of seconds in a day). There is no handling of leap
|
||||||
|
seconds.
|
||||||
|
|
||||||
|
This property will be used if `LimitType` is set to `1`, but it must be
|
||||||
|
set to a valid value regardless.
|
||||||
|
-->
|
||||||
|
<property name="DailySchedule" type="(uu)" access="readwrite">
|
||||||
|
<annotation name="org.freedesktop.Accounts.DefaultValue" value="(0, 86400)"/>
|
||||||
|
</property>
|
||||||
|
</interface>
|
||||||
|
</node>
|
|
@ -39,4 +39,44 @@
|
||||||
<allow_active>auth_admin_keep</allow_active>
|
<allow_active>auth_admin_keep</allow_active>
|
||||||
</defaults>
|
</defaults>
|
||||||
</action>
|
</action>
|
||||||
</policyconfig>
|
|
||||||
|
<action id="com.endlessm.ParentalControls.SessionLimits.ChangeOwn">
|
||||||
|
<description>Change your own session limits</description>
|
||||||
|
<message>Authentication is required to change your session limits.</message>
|
||||||
|
<defaults>
|
||||||
|
<allow_any>auth_admin_keep</allow_any>
|
||||||
|
<allow_inactive>auth_admin_keep</allow_inactive>
|
||||||
|
<allow_active>auth_admin_keep</allow_active>
|
||||||
|
</defaults>
|
||||||
|
</action>
|
||||||
|
|
||||||
|
<action id="com.endlessm.ParentalControls.SessionLimits.ReadOwn">
|
||||||
|
<description>Read your own session limits</description>
|
||||||
|
<message>Authentication is required to read your session limits.</message>
|
||||||
|
<defaults>
|
||||||
|
<allow_any>yes</allow_any>
|
||||||
|
<allow_inactive>yes</allow_inactive>
|
||||||
|
<allow_active>yes</allow_active>
|
||||||
|
</defaults>
|
||||||
|
</action>
|
||||||
|
|
||||||
|
<action id="com.endlessm.ParentalControls.SessionLimits.ChangeAny">
|
||||||
|
<description>Change another user’s session limits</description>
|
||||||
|
<message>Authentication is required to change another user’s session limits.</message>
|
||||||
|
<defaults>
|
||||||
|
<allow_any>auth_admin_keep</allow_any>
|
||||||
|
<allow_inactive>auth_admin_keep</allow_inactive>
|
||||||
|
<allow_active>auth_admin_keep</allow_active>
|
||||||
|
</defaults>
|
||||||
|
</action>
|
||||||
|
|
||||||
|
<action id="com.endlessm.ParentalControls.SessionLimits.ReadAny">
|
||||||
|
<description>Read another user’s session limits</description>
|
||||||
|
<message>Authentication is required to read another user’s session limits.</message>
|
||||||
|
<defaults>
|
||||||
|
<allow_any>auth_admin_keep</allow_any>
|
||||||
|
<allow_inactive>auth_admin_keep</allow_inactive>
|
||||||
|
<allow_active>auth_admin_keep</allow_active>
|
||||||
|
</defaults>
|
||||||
|
</action>
|
||||||
|
</policyconfig>
|
||||||
|
|
|
@ -23,7 +23,9 @@ polkit.addRule(function(action, subject) {
|
||||||
/* Allow administrators to read parental controls (for any account) without
|
/* Allow administrators to read parental controls (for any account) without
|
||||||
* needing an additional polkit authorisation dialogue. */
|
* needing an additional polkit authorisation dialogue. */
|
||||||
if ((action.id == "com.endlessm.ParentalControls.AppFilter.ReadOwn" ||
|
if ((action.id == "com.endlessm.ParentalControls.AppFilter.ReadOwn" ||
|
||||||
action.id == "com.endlessm.ParentalControls.AppFilter.ReadAny") &&
|
action.id == "com.endlessm.ParentalControls.AppFilter.ReadAny" ||
|
||||||
|
action.id == "com.endlessm.ParentalControls.SessionLimits.ReadOwn" ||
|
||||||
|
action.id == "com.endlessm.ParentalControls.SessionLimits.ReadAny") &&
|
||||||
subject.active && subject.local &&
|
subject.active && subject.local &&
|
||||||
subject.isInGroup("sudo")) {
|
subject.isInGroup("sudo")) {
|
||||||
return polkit.Result.YES;
|
return polkit.Result.YES;
|
||||||
|
|
|
@ -6,11 +6,19 @@ i18n.merge_file('com.endlessm.ParentalControls.policy',
|
||||||
install_dir: polkitpolicydir,
|
install_dir: polkitpolicydir,
|
||||||
)
|
)
|
||||||
|
|
||||||
install_data('com.endlessm.ParentalControls.AppFilter.xml',
|
dbus_interfaces = [
|
||||||
install_dir: dbusinterfacesdir)
|
'com.endlessm.ParentalControls.AppFilter',
|
||||||
meson.add_install_script(meson_make_symlink,
|
'com.endlessm.ParentalControls.SessionLimits',
|
||||||
join_paths(dbusinterfacesdir, 'com.endlessm.ParentalControls.AppFilter.xml'),
|
]
|
||||||
join_paths(accountsserviceinterfacesdir, 'com.endlessm.ParentalControls.AppFilter.xml'))
|
|
||||||
|
foreach dbus_interface: dbus_interfaces
|
||||||
|
filename = dbus_interface + '.xml'
|
||||||
|
install_data(filename,
|
||||||
|
install_dir: dbusinterfacesdir)
|
||||||
|
meson.add_install_script(meson_make_symlink,
|
||||||
|
join_paths(dbusinterfacesdir, filename),
|
||||||
|
join_paths(accountsserviceinterfacesdir, filename))
|
||||||
|
endforeach
|
||||||
|
|
||||||
install_data('com.endlessm.ParentalControls.rules',
|
install_data('com.endlessm.ParentalControls.rules',
|
||||||
install_dir: join_paths(get_option('datadir'), 'polkit-1', 'rules.d'))
|
install_dir: join_paths(get_option('datadir'), 'polkit-1', 'rules.d'))
|
||||||
|
|
|
@ -33,7 +33,12 @@
|
||||||
#include "libmalcontent/app-filter-private.h"
|
#include "libmalcontent/app-filter-private.h"
|
||||||
|
|
||||||
|
|
||||||
G_DEFINE_QUARK (MctAppFilterError, mct_app_filter_error)
|
/* FIXME: Eventually deprecate these compatibility fallbacks. */
|
||||||
|
GQuark
|
||||||
|
mct_app_filter_error_quark (void)
|
||||||
|
{
|
||||||
|
return mct_manager_error_quark ();
|
||||||
|
}
|
||||||
|
|
||||||
/* struct _MctAppFilter is defined in app-filter-private.h */
|
/* struct _MctAppFilter is defined in app-filter-private.h */
|
||||||
|
|
||||||
|
|
|
@ -29,31 +29,6 @@
|
||||||
|
|
||||||
G_BEGIN_DECLS
|
G_BEGIN_DECLS
|
||||||
|
|
||||||
/**
|
|
||||||
* MctAppFilterError:
|
|
||||||
* @MCT_APP_FILTER_ERROR_INVALID_USER: Given user ID doesn’t exist
|
|
||||||
* @MCT_APP_FILTER_ERROR_PERMISSION_DENIED: Not authorized to query the app
|
|
||||||
* filter for the given user
|
|
||||||
* @MCT_APP_FILTER_ERROR_INVALID_DATA: The data stored in the app filter for
|
|
||||||
* a user is inconsistent or invalid
|
|
||||||
* @MCT_APP_FILTER_ERROR_DISABLED: App filtering is disabled for all users (Since: 0.3.0)
|
|
||||||
*
|
|
||||||
* Errors relating to #MctAppFilter instances, which can be returned by
|
|
||||||
* mct_manager_get_app_filter_async() (for example).
|
|
||||||
*
|
|
||||||
* Since: 0.2.0
|
|
||||||
*/
|
|
||||||
typedef enum
|
|
||||||
{
|
|
||||||
MCT_APP_FILTER_ERROR_INVALID_USER,
|
|
||||||
MCT_APP_FILTER_ERROR_PERMISSION_DENIED,
|
|
||||||
MCT_APP_FILTER_ERROR_INVALID_DATA,
|
|
||||||
MCT_APP_FILTER_ERROR_DISABLED,
|
|
||||||
} MctAppFilterError;
|
|
||||||
|
|
||||||
GQuark mct_app_filter_error_quark (void);
|
|
||||||
#define MCT_APP_FILTER_ERROR mct_app_filter_error_quark ()
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* MctAppFilterOarsValue:
|
* MctAppFilterOarsValue:
|
||||||
* @MCT_APP_FILTER_OARS_VALUE_UNKNOWN: Unknown value for the given
|
* @MCT_APP_FILTER_OARS_VALUE_UNKNOWN: Unknown value for the given
|
||||||
|
@ -197,4 +172,16 @@ void mct_app_filter_builder_set_allow_user_installation (MctAppFilterBuilder *
|
||||||
void mct_app_filter_builder_set_allow_system_installation (MctAppFilterBuilder *builder,
|
void mct_app_filter_builder_set_allow_system_installation (MctAppFilterBuilder *builder,
|
||||||
gboolean allow_system_installation);
|
gboolean allow_system_installation);
|
||||||
|
|
||||||
|
#include <libmalcontent/manager.h>
|
||||||
|
|
||||||
|
/* FIXME: Eventually deprecate these compatibility fallbacks. */
|
||||||
|
typedef MctManagerError MctAppFilterError;
|
||||||
|
#define MCT_APP_FILTER_ERROR_INVALID_USER MCT_MANAGER_ERROR_INVALID_USER
|
||||||
|
#define MCT_APP_FILTER_ERROR_PERMISSION_DENIED MCT_MANAGER_ERROR_PERMISSION_DENIED
|
||||||
|
#define MCT_APP_FILTER_ERROR_INVALID_DATA MCT_MANAGER_ERROR_INVALID_DATA
|
||||||
|
#define MCT_APP_FILTER_ERROR_DISABLED MCT_MANAGER_ERROR_DISABLED
|
||||||
|
|
||||||
|
GQuark mct_app_filter_error_quark (void);
|
||||||
|
#define MCT_APP_FILTER_ERROR mct_app_filter_error_quark ()
|
||||||
|
|
||||||
G_END_DECLS
|
G_END_DECLS
|
||||||
|
|
|
@ -24,3 +24,4 @@
|
||||||
|
|
||||||
#include <libmalcontent/app-filter.h>
|
#include <libmalcontent/app-filter.h>
|
||||||
#include <libmalcontent/manager.h>
|
#include <libmalcontent/manager.h>
|
||||||
|
#include <libmalcontent/session-limits.h>
|
||||||
|
|
|
@ -28,8 +28,13 @@
|
||||||
#include <gio/gio.h>
|
#include <gio/gio.h>
|
||||||
#include <libmalcontent/app-filter.h>
|
#include <libmalcontent/app-filter.h>
|
||||||
#include <libmalcontent/manager.h>
|
#include <libmalcontent/manager.h>
|
||||||
|
#include <libmalcontent/session-limits.h>
|
||||||
|
|
||||||
#include "libmalcontent/app-filter-private.h"
|
#include "libmalcontent/app-filter-private.h"
|
||||||
|
#include "libmalcontent/session-limits-private.h"
|
||||||
|
|
||||||
|
|
||||||
|
G_DEFINE_QUARK (MctManagerError, mct_manager_error)
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* MctManager:
|
* MctManager:
|
||||||
|
@ -298,19 +303,19 @@ bus_remote_error_matches (const GError *error,
|
||||||
return g_str_equal (error_name, expected_error_name);
|
return g_str_equal (error_name, expected_error_name);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Convert a #GDBusError into a #MctAppFilter error. */
|
/* Convert a #GDBusError into a #MctManagerError. */
|
||||||
static GError *
|
static GError *
|
||||||
bus_error_to_app_filter_error (const GError *bus_error,
|
bus_error_to_manager_error (const GError *bus_error,
|
||||||
uid_t user_id)
|
uid_t user_id)
|
||||||
{
|
{
|
||||||
if (g_error_matches (bus_error, G_DBUS_ERROR, G_DBUS_ERROR_ACCESS_DENIED) ||
|
if (g_error_matches (bus_error, G_DBUS_ERROR, G_DBUS_ERROR_ACCESS_DENIED) ||
|
||||||
bus_remote_error_matches (bus_error, "org.freedesktop.Accounts.Error.PermissionDenied"))
|
bus_remote_error_matches (bus_error, "org.freedesktop.Accounts.Error.PermissionDenied"))
|
||||||
return g_error_new (MCT_APP_FILTER_ERROR, MCT_APP_FILTER_ERROR_PERMISSION_DENIED,
|
return g_error_new (MCT_MANAGER_ERROR, MCT_MANAGER_ERROR_PERMISSION_DENIED,
|
||||||
_("Not allowed to query app filter data for user %u"),
|
_("Not allowed to query app filter data for user %u"),
|
||||||
(guint) user_id);
|
(guint) user_id);
|
||||||
else if (g_error_matches (bus_error, G_DBUS_ERROR, G_DBUS_ERROR_UNKNOWN_METHOD) ||
|
else if (g_error_matches (bus_error, G_DBUS_ERROR, G_DBUS_ERROR_UNKNOWN_METHOD) ||
|
||||||
bus_remote_error_matches (bus_error, "org.freedesktop.Accounts.Error.Failed"))
|
bus_remote_error_matches (bus_error, "org.freedesktop.Accounts.Error.Failed"))
|
||||||
return g_error_new (MCT_APP_FILTER_ERROR, MCT_APP_FILTER_ERROR_INVALID_USER,
|
return g_error_new (MCT_MANAGER_ERROR, MCT_MANAGER_ERROR_INVALID_USER,
|
||||||
_("User %u does not exist"), (guint) user_id);
|
_("User %u does not exist"), (guint) user_id);
|
||||||
else
|
else
|
||||||
return g_error_copy (bus_error);
|
return g_error_copy (bus_error);
|
||||||
|
@ -346,8 +351,8 @@ accounts_find_user_by_id (GDBusConnection *connection,
|
||||||
&local_error);
|
&local_error);
|
||||||
if (local_error != NULL)
|
if (local_error != NULL)
|
||||||
{
|
{
|
||||||
g_autoptr(GError) app_filter_error = bus_error_to_app_filter_error (local_error,
|
g_autoptr(GError) app_filter_error = bus_error_to_manager_error (local_error,
|
||||||
user_id);
|
user_id);
|
||||||
g_propagate_error (error, g_steal_pointer (&app_filter_error));
|
g_propagate_error (error, g_steal_pointer (&app_filter_error));
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
@ -373,7 +378,7 @@ accounts_find_user_by_id (GDBusConnection *connection,
|
||||||
MctAppFilter *
|
MctAppFilter *
|
||||||
mct_manager_get_app_filter (MctManager *self,
|
mct_manager_get_app_filter (MctManager *self,
|
||||||
uid_t user_id,
|
uid_t user_id,
|
||||||
MctGetAppFilterFlags flags,
|
MctManagerGetValueFlags flags,
|
||||||
GCancellable *cancellable,
|
GCancellable *cancellable,
|
||||||
GError **error)
|
GError **error)
|
||||||
{
|
{
|
||||||
|
@ -394,7 +399,7 @@ mct_manager_get_app_filter (MctManager *self,
|
||||||
g_return_val_if_fail (error == NULL || *error == NULL, NULL);
|
g_return_val_if_fail (error == NULL || *error == NULL, NULL);
|
||||||
|
|
||||||
object_path = accounts_find_user_by_id (self->connection, user_id,
|
object_path = accounts_find_user_by_id (self->connection, user_id,
|
||||||
(flags & MCT_GET_APP_FILTER_FLAGS_INTERACTIVE),
|
(flags & MCT_MANAGER_GET_VALUE_FLAGS_INTERACTIVE),
|
||||||
cancellable, error);
|
cancellable, error);
|
||||||
if (object_path == NULL)
|
if (object_path == NULL)
|
||||||
return NULL;
|
return NULL;
|
||||||
|
@ -407,7 +412,7 @@ mct_manager_get_app_filter (MctManager *self,
|
||||||
"GetAll",
|
"GetAll",
|
||||||
g_variant_new ("(s)", "com.endlessm.ParentalControls.AppFilter"),
|
g_variant_new ("(s)", "com.endlessm.ParentalControls.AppFilter"),
|
||||||
G_VARIANT_TYPE ("(a{sv})"),
|
G_VARIANT_TYPE ("(a{sv})"),
|
||||||
(flags & MCT_GET_APP_FILTER_FLAGS_INTERACTIVE)
|
(flags & MCT_MANAGER_GET_VALUE_FLAGS_INTERACTIVE)
|
||||||
? G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION
|
? G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION
|
||||||
: G_DBUS_CALL_FLAGS_NONE,
|
: G_DBUS_CALL_FLAGS_NONE,
|
||||||
-1, /* timeout, ms */
|
-1, /* timeout, ms */
|
||||||
|
@ -415,24 +420,23 @@ mct_manager_get_app_filter (MctManager *self,
|
||||||
&local_error);
|
&local_error);
|
||||||
if (local_error != NULL)
|
if (local_error != NULL)
|
||||||
{
|
{
|
||||||
g_autoptr(GError) app_filter_error = NULL;
|
g_autoptr(GError) manager_error = NULL;
|
||||||
|
|
||||||
if (g_error_matches (local_error, G_DBUS_ERROR, G_DBUS_ERROR_INVALID_ARGS))
|
if (g_error_matches (local_error, G_DBUS_ERROR, G_DBUS_ERROR_INVALID_ARGS))
|
||||||
{
|
{
|
||||||
/* o.fd.D.GetAll() will return InvalidArgs errors if
|
/* o.fd.D.GetAll() will return InvalidArgs errors if
|
||||||
* accountsservice doesn’t have the com.endlessm.ParentalControls.AppFilter
|
* accountsservice doesn’t have the com.endlessm.ParentalControls.AppFilter
|
||||||
* extension interface installed. */
|
* extension interface installed. */
|
||||||
app_filter_error = g_error_new_literal (MCT_APP_FILTER_ERROR,
|
manager_error = g_error_new_literal (MCT_MANAGER_ERROR,
|
||||||
MCT_APP_FILTER_ERROR_DISABLED,
|
MCT_MANAGER_ERROR_DISABLED,
|
||||||
_("App filtering is globally disabled"));
|
_("App filtering is globally disabled"));
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
app_filter_error = bus_error_to_app_filter_error (local_error,
|
manager_error = bus_error_to_manager_error (local_error, user_id);
|
||||||
user_id);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
g_propagate_error (error, g_steal_pointer (&app_filter_error));
|
g_propagate_error (error, g_steal_pointer (&manager_error));
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -442,8 +446,8 @@ mct_manager_get_app_filter (MctManager *self,
|
||||||
if (!g_variant_lookup (properties, "AppFilter", "(b^as)",
|
if (!g_variant_lookup (properties, "AppFilter", "(b^as)",
|
||||||
&is_whitelist, &app_list))
|
&is_whitelist, &app_list))
|
||||||
{
|
{
|
||||||
g_set_error (error, MCT_APP_FILTER_ERROR,
|
g_set_error (error, MCT_MANAGER_ERROR,
|
||||||
MCT_APP_FILTER_ERROR_PERMISSION_DENIED,
|
MCT_MANAGER_ERROR_PERMISSION_DENIED,
|
||||||
_("Not allowed to query app filter data for user %u"),
|
_("Not allowed to query app filter data for user %u"),
|
||||||
(guint) user_id);
|
(guint) user_id);
|
||||||
return NULL;
|
return NULL;
|
||||||
|
@ -462,8 +466,8 @@ mct_manager_get_app_filter (MctManager *self,
|
||||||
if (!g_str_equal (content_rating_kind, "oars-1.0") &&
|
if (!g_str_equal (content_rating_kind, "oars-1.0") &&
|
||||||
!g_str_equal (content_rating_kind, "oars-1.1"))
|
!g_str_equal (content_rating_kind, "oars-1.1"))
|
||||||
{
|
{
|
||||||
g_set_error (error, MCT_APP_FILTER_ERROR,
|
g_set_error (error, MCT_MANAGER_ERROR,
|
||||||
MCT_APP_FILTER_ERROR_INVALID_DATA,
|
MCT_MANAGER_ERROR_INVALID_DATA,
|
||||||
_("OARS filter for user %u has an unrecognized kind ‘%s’"),
|
_("OARS filter for user %u has an unrecognized kind ‘%s’"),
|
||||||
(guint) user_id, content_rating_kind);
|
(guint) user_id, content_rating_kind);
|
||||||
return NULL;
|
return NULL;
|
||||||
|
@ -505,7 +509,7 @@ static void get_app_filter_thread_cb (GTask *task,
|
||||||
typedef struct
|
typedef struct
|
||||||
{
|
{
|
||||||
uid_t user_id;
|
uid_t user_id;
|
||||||
MctGetAppFilterFlags flags;
|
MctManagerGetValueFlags flags;
|
||||||
} GetAppFilterData;
|
} GetAppFilterData;
|
||||||
|
|
||||||
static void
|
static void
|
||||||
|
@ -528,7 +532,7 @@ G_DEFINE_AUTOPTR_CLEANUP_FUNC (GetAppFilterData, get_app_filter_data_free)
|
||||||
* Asynchronously get a snapshot of the app filter settings for the given
|
* Asynchronously get a snapshot of the app filter settings for the given
|
||||||
* @user_id.
|
* @user_id.
|
||||||
*
|
*
|
||||||
* On failure, an #MctAppFilterError, a #GDBusError or a #GIOError will be
|
* On failure, an #MctManagerError, a #GDBusError or a #GIOError will be
|
||||||
* returned.
|
* returned.
|
||||||
*
|
*
|
||||||
* Since: 0.3.0
|
* Since: 0.3.0
|
||||||
|
@ -536,7 +540,7 @@ G_DEFINE_AUTOPTR_CLEANUP_FUNC (GetAppFilterData, get_app_filter_data_free)
|
||||||
void
|
void
|
||||||
mct_manager_get_app_filter_async (MctManager *self,
|
mct_manager_get_app_filter_async (MctManager *self,
|
||||||
uid_t user_id,
|
uid_t user_id,
|
||||||
MctGetAppFilterFlags flags,
|
MctManagerGetValueFlags flags,
|
||||||
GCancellable *cancellable,
|
GCancellable *cancellable,
|
||||||
GAsyncReadyCallback callback,
|
GAsyncReadyCallback callback,
|
||||||
gpointer user_data)
|
gpointer user_data)
|
||||||
|
@ -623,7 +627,7 @@ gboolean
|
||||||
mct_manager_set_app_filter (MctManager *self,
|
mct_manager_set_app_filter (MctManager *self,
|
||||||
uid_t user_id,
|
uid_t user_id,
|
||||||
MctAppFilter *app_filter,
|
MctAppFilter *app_filter,
|
||||||
MctSetAppFilterFlags flags,
|
MctManagerSetValueFlags flags,
|
||||||
GCancellable *cancellable,
|
GCancellable *cancellable,
|
||||||
GError **error)
|
GError **error)
|
||||||
{
|
{
|
||||||
|
@ -637,7 +641,6 @@ mct_manager_set_app_filter (MctManager *self,
|
||||||
g_autoptr(GVariant) allow_user_installation_result_variant = NULL;
|
g_autoptr(GVariant) allow_user_installation_result_variant = NULL;
|
||||||
g_autoptr(GVariant) allow_system_installation_result_variant = NULL;
|
g_autoptr(GVariant) allow_system_installation_result_variant = NULL;
|
||||||
g_autoptr(GError) local_error = NULL;
|
g_autoptr(GError) local_error = NULL;
|
||||||
g_autoptr(GDBusConnection) connection = NULL;
|
|
||||||
|
|
||||||
g_return_val_if_fail (MCT_IS_MANAGER (self), FALSE);
|
g_return_val_if_fail (MCT_IS_MANAGER (self), FALSE);
|
||||||
g_return_val_if_fail (app_filter != NULL, FALSE);
|
g_return_val_if_fail (app_filter != NULL, FALSE);
|
||||||
|
@ -646,7 +649,7 @@ mct_manager_set_app_filter (MctManager *self,
|
||||||
g_return_val_if_fail (error == NULL || *error == NULL, FALSE);
|
g_return_val_if_fail (error == NULL || *error == NULL, FALSE);
|
||||||
|
|
||||||
object_path = accounts_find_user_by_id (self->connection, user_id,
|
object_path = accounts_find_user_by_id (self->connection, user_id,
|
||||||
(flags & MCT_SET_APP_FILTER_FLAGS_INTERACTIVE),
|
(flags & MCT_MANAGER_SET_VALUE_FLAGS_INTERACTIVE),
|
||||||
cancellable, error);
|
cancellable, error);
|
||||||
if (object_path == NULL)
|
if (object_path == NULL)
|
||||||
return FALSE;
|
return FALSE;
|
||||||
|
@ -668,7 +671,7 @@ mct_manager_set_app_filter (MctManager *self,
|
||||||
"AppFilter",
|
"AppFilter",
|
||||||
g_steal_pointer (&app_filter_variant)),
|
g_steal_pointer (&app_filter_variant)),
|
||||||
G_VARIANT_TYPE ("()"),
|
G_VARIANT_TYPE ("()"),
|
||||||
(flags & MCT_SET_APP_FILTER_FLAGS_INTERACTIVE)
|
(flags & MCT_MANAGER_SET_VALUE_FLAGS_INTERACTIVE)
|
||||||
? G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION
|
? G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION
|
||||||
: G_DBUS_CALL_FLAGS_NONE,
|
: G_DBUS_CALL_FLAGS_NONE,
|
||||||
-1, /* timeout, ms */
|
-1, /* timeout, ms */
|
||||||
|
@ -676,7 +679,7 @@ mct_manager_set_app_filter (MctManager *self,
|
||||||
&local_error);
|
&local_error);
|
||||||
if (local_error != NULL)
|
if (local_error != NULL)
|
||||||
{
|
{
|
||||||
g_propagate_error (error, bus_error_to_app_filter_error (local_error, user_id));
|
g_propagate_error (error, bus_error_to_manager_error (local_error, user_id));
|
||||||
return FALSE;
|
return FALSE;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -691,7 +694,7 @@ mct_manager_set_app_filter (MctManager *self,
|
||||||
"OarsFilter",
|
"OarsFilter",
|
||||||
g_steal_pointer (&oars_filter_variant)),
|
g_steal_pointer (&oars_filter_variant)),
|
||||||
G_VARIANT_TYPE ("()"),
|
G_VARIANT_TYPE ("()"),
|
||||||
(flags & MCT_SET_APP_FILTER_FLAGS_INTERACTIVE)
|
(flags & MCT_MANAGER_SET_VALUE_FLAGS_INTERACTIVE)
|
||||||
? G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION
|
? G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION
|
||||||
: G_DBUS_CALL_FLAGS_NONE,
|
: G_DBUS_CALL_FLAGS_NONE,
|
||||||
-1, /* timeout, ms */
|
-1, /* timeout, ms */
|
||||||
|
@ -699,7 +702,7 @@ mct_manager_set_app_filter (MctManager *self,
|
||||||
&local_error);
|
&local_error);
|
||||||
if (local_error != NULL)
|
if (local_error != NULL)
|
||||||
{
|
{
|
||||||
g_propagate_error (error, bus_error_to_app_filter_error (local_error, user_id));
|
g_propagate_error (error, bus_error_to_manager_error (local_error, user_id));
|
||||||
return FALSE;
|
return FALSE;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -714,7 +717,7 @@ mct_manager_set_app_filter (MctManager *self,
|
||||||
"AllowUserInstallation",
|
"AllowUserInstallation",
|
||||||
g_steal_pointer (&allow_user_installation_variant)),
|
g_steal_pointer (&allow_user_installation_variant)),
|
||||||
G_VARIANT_TYPE ("()"),
|
G_VARIANT_TYPE ("()"),
|
||||||
(flags & MCT_SET_APP_FILTER_FLAGS_INTERACTIVE)
|
(flags & MCT_MANAGER_SET_VALUE_FLAGS_INTERACTIVE)
|
||||||
? G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION
|
? G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION
|
||||||
: G_DBUS_CALL_FLAGS_NONE,
|
: G_DBUS_CALL_FLAGS_NONE,
|
||||||
-1, /* timeout, ms */
|
-1, /* timeout, ms */
|
||||||
|
@ -722,7 +725,7 @@ mct_manager_set_app_filter (MctManager *self,
|
||||||
&local_error);
|
&local_error);
|
||||||
if (local_error != NULL)
|
if (local_error != NULL)
|
||||||
{
|
{
|
||||||
g_propagate_error (error, bus_error_to_app_filter_error (local_error, user_id));
|
g_propagate_error (error, bus_error_to_manager_error (local_error, user_id));
|
||||||
return FALSE;
|
return FALSE;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -737,7 +740,7 @@ mct_manager_set_app_filter (MctManager *self,
|
||||||
"AllowSystemInstallation",
|
"AllowSystemInstallation",
|
||||||
g_steal_pointer (&allow_system_installation_variant)),
|
g_steal_pointer (&allow_system_installation_variant)),
|
||||||
G_VARIANT_TYPE ("()"),
|
G_VARIANT_TYPE ("()"),
|
||||||
(flags & MCT_SET_APP_FILTER_FLAGS_INTERACTIVE)
|
(flags & MCT_MANAGER_SET_VALUE_FLAGS_INTERACTIVE)
|
||||||
? G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION
|
? G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION
|
||||||
: G_DBUS_CALL_FLAGS_NONE,
|
: G_DBUS_CALL_FLAGS_NONE,
|
||||||
-1, /* timeout, ms */
|
-1, /* timeout, ms */
|
||||||
|
@ -745,7 +748,7 @@ mct_manager_set_app_filter (MctManager *self,
|
||||||
&local_error);
|
&local_error);
|
||||||
if (local_error != NULL)
|
if (local_error != NULL)
|
||||||
{
|
{
|
||||||
g_propagate_error (error, bus_error_to_app_filter_error (local_error, user_id));
|
g_propagate_error (error, bus_error_to_manager_error (local_error, user_id));
|
||||||
return FALSE;
|
return FALSE;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -761,7 +764,7 @@ typedef struct
|
||||||
{
|
{
|
||||||
uid_t user_id;
|
uid_t user_id;
|
||||||
MctAppFilter *app_filter; /* (owned) */
|
MctAppFilter *app_filter; /* (owned) */
|
||||||
MctSetAppFilterFlags flags;
|
MctManagerSetValueFlags flags;
|
||||||
} SetAppFilterData;
|
} SetAppFilterData;
|
||||||
|
|
||||||
static void
|
static void
|
||||||
|
@ -786,7 +789,7 @@ G_DEFINE_AUTOPTR_CLEANUP_FUNC (SetAppFilterData, set_app_filter_data_free)
|
||||||
* Asynchronously set the app filter settings for the given @user_id to the
|
* Asynchronously set the app filter settings for the given @user_id to the
|
||||||
* given @app_filter instance. This will set all fields of the app filter.
|
* given @app_filter instance. This will set all fields of the app filter.
|
||||||
*
|
*
|
||||||
* On failure, an #MctAppFilterError, a #GDBusError or a #GIOError will be
|
* On failure, an #MctManagerError, a #GDBusError or a #GIOError will be
|
||||||
* returned. The user’s app filter settings will be left in an undefined state.
|
* returned. The user’s app filter settings will be left in an undefined state.
|
||||||
*
|
*
|
||||||
* Since: 0.3.0
|
* Since: 0.3.0
|
||||||
|
@ -795,7 +798,7 @@ void
|
||||||
mct_manager_set_app_filter_async (MctManager *self,
|
mct_manager_set_app_filter_async (MctManager *self,
|
||||||
uid_t user_id,
|
uid_t user_id,
|
||||||
MctAppFilter *app_filter,
|
MctAppFilter *app_filter,
|
||||||
MctSetAppFilterFlags flags,
|
MctManagerSetValueFlags flags,
|
||||||
GCancellable *cancellable,
|
GCancellable *cancellable,
|
||||||
GAsyncReadyCallback callback,
|
GAsyncReadyCallback callback,
|
||||||
gpointer user_data)
|
gpointer user_data)
|
||||||
|
@ -864,4 +867,469 @@ mct_manager_set_app_filter_finish (MctManager *self,
|
||||||
g_return_val_if_fail (error == NULL || *error == NULL, FALSE);
|
g_return_val_if_fail (error == NULL || *error == NULL, FALSE);
|
||||||
|
|
||||||
return g_task_propagate_boolean (G_TASK (result), error);
|
return g_task_propagate_boolean (G_TASK (result), error);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* mct_manager_get_session_limits:
|
||||||
|
* @self: a #MctManager
|
||||||
|
* @user_id: ID of the user to query, typically coming from getuid()
|
||||||
|
* @flags: flags to affect the behaviour of the call
|
||||||
|
* @cancellable: (nullable): a #GCancellable, or %NULL
|
||||||
|
* @error: return location for a #GError, or %NULL
|
||||||
|
*
|
||||||
|
* Synchronous version of mct_manager_get_session_limits_async().
|
||||||
|
*
|
||||||
|
* Returns: (transfer full): session limits for the queried user
|
||||||
|
* Since: 0.5.0
|
||||||
|
*/
|
||||||
|
MctSessionLimits *
|
||||||
|
mct_manager_get_session_limits (MctManager *self,
|
||||||
|
uid_t user_id,
|
||||||
|
MctManagerGetValueFlags flags,
|
||||||
|
GCancellable *cancellable,
|
||||||
|
GError **error)
|
||||||
|
{
|
||||||
|
g_autofree gchar *object_path = NULL;
|
||||||
|
g_autoptr(GVariant) result_variant = NULL;
|
||||||
|
g_autoptr(GVariant) properties = NULL;
|
||||||
|
g_autoptr(GError) local_error = NULL;
|
||||||
|
g_autoptr(MctSessionLimits) session_limits = NULL;
|
||||||
|
guint32 limit_type;
|
||||||
|
guint32 daily_start_time, daily_end_time;
|
||||||
|
|
||||||
|
g_return_val_if_fail (MCT_IS_MANAGER (self), NULL);
|
||||||
|
g_return_val_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable), NULL);
|
||||||
|
g_return_val_if_fail (error == NULL || *error == NULL, NULL);
|
||||||
|
|
||||||
|
object_path = accounts_find_user_by_id (self->connection, user_id,
|
||||||
|
(flags & MCT_MANAGER_GET_VALUE_FLAGS_INTERACTIVE),
|
||||||
|
cancellable, error);
|
||||||
|
if (object_path == NULL)
|
||||||
|
return NULL;
|
||||||
|
|
||||||
|
result_variant =
|
||||||
|
g_dbus_connection_call_sync (self->connection,
|
||||||
|
"org.freedesktop.Accounts",
|
||||||
|
object_path,
|
||||||
|
"org.freedesktop.DBus.Properties",
|
||||||
|
"GetAll",
|
||||||
|
g_variant_new ("(s)", "com.endlessm.ParentalControls.SessionLimits"),
|
||||||
|
G_VARIANT_TYPE ("(a{sv})"),
|
||||||
|
(flags & MCT_MANAGER_GET_VALUE_FLAGS_INTERACTIVE)
|
||||||
|
? G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION
|
||||||
|
: G_DBUS_CALL_FLAGS_NONE,
|
||||||
|
-1, /* timeout, ms */
|
||||||
|
cancellable,
|
||||||
|
&local_error);
|
||||||
|
if (local_error != NULL)
|
||||||
|
{
|
||||||
|
g_autoptr(GError) manager_error = NULL;
|
||||||
|
|
||||||
|
if (g_error_matches (local_error, G_DBUS_ERROR, G_DBUS_ERROR_INVALID_ARGS))
|
||||||
|
{
|
||||||
|
/* o.fd.D.GetAll() will return InvalidArgs errors if
|
||||||
|
* accountsservice doesn’t have the com.endlessm.ParentalControls.SessionLimits
|
||||||
|
* extension interface installed. */
|
||||||
|
manager_error = g_error_new_literal (MCT_MANAGER_ERROR,
|
||||||
|
MCT_MANAGER_ERROR_DISABLED,
|
||||||
|
_("Session limits are globally disabled"));
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
manager_error = bus_error_to_manager_error (local_error, user_id);
|
||||||
|
}
|
||||||
|
|
||||||
|
g_propagate_error (error, g_steal_pointer (&manager_error));
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Extract the properties we care about. They may be silently omitted from the
|
||||||
|
* results if we don’t have permission to access them. */
|
||||||
|
properties = g_variant_get_child_value (result_variant, 0);
|
||||||
|
if (!g_variant_lookup (properties, "LimitType", "u",
|
||||||
|
&limit_type))
|
||||||
|
{
|
||||||
|
g_set_error (error, MCT_MANAGER_ERROR,
|
||||||
|
MCT_MANAGER_ERROR_PERMISSION_DENIED,
|
||||||
|
_("Not allowed to query session limits data for user %u"),
|
||||||
|
(guint) user_id);
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Check that the limit type is something we support. */
|
||||||
|
G_STATIC_ASSERT (sizeof (limit_type) >= sizeof (MctSessionLimitsType));
|
||||||
|
|
||||||
|
if ((guint) limit_type > MCT_SESSION_LIMITS_TYPE_DAILY_SCHEDULE)
|
||||||
|
{
|
||||||
|
g_set_error (error, MCT_MANAGER_ERROR,
|
||||||
|
MCT_MANAGER_ERROR_INVALID_DATA,
|
||||||
|
_("Session limit for user %u has an unrecognized type ‘%u’"),
|
||||||
|
(guint) user_id, limit_type);
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!g_variant_lookup (properties, "DailySchedule", "(uu)",
|
||||||
|
&daily_start_time, &daily_end_time))
|
||||||
|
{
|
||||||
|
/* Default value. */
|
||||||
|
daily_start_time = 0;
|
||||||
|
daily_end_time = 24 * 60 * 60;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (daily_start_time >= daily_end_time ||
|
||||||
|
daily_end_time > 24 * 60 * 60)
|
||||||
|
{
|
||||||
|
g_set_error (error, MCT_MANAGER_ERROR,
|
||||||
|
MCT_MANAGER_ERROR_INVALID_DATA,
|
||||||
|
_("Session limit for user %u has invalid daily schedule %u–%u"),
|
||||||
|
(guint) user_id, daily_start_time, daily_end_time);
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Success. Create an #MctSessionLimits object to contain the results. */
|
||||||
|
session_limits = g_new0 (MctSessionLimits, 1);
|
||||||
|
session_limits->ref_count = 1;
|
||||||
|
session_limits->user_id = user_id;
|
||||||
|
session_limits->limit_type = limit_type;
|
||||||
|
session_limits->daily_start_time = daily_start_time;
|
||||||
|
session_limits->daily_end_time = daily_end_time;
|
||||||
|
|
||||||
|
return g_steal_pointer (&session_limits);
|
||||||
|
}
|
||||||
|
|
||||||
|
static void get_session_limits_thread_cb (GTask *task,
|
||||||
|
gpointer source_object,
|
||||||
|
gpointer task_data,
|
||||||
|
GCancellable *cancellable);
|
||||||
|
|
||||||
|
typedef struct
|
||||||
|
{
|
||||||
|
uid_t user_id;
|
||||||
|
MctManagerGetValueFlags flags;
|
||||||
|
} GetSessionLimitsData;
|
||||||
|
|
||||||
|
static void
|
||||||
|
get_session_limits_data_free (GetSessionLimitsData *data)
|
||||||
|
{
|
||||||
|
g_free (data);
|
||||||
|
}
|
||||||
|
|
||||||
|
G_DEFINE_AUTOPTR_CLEANUP_FUNC (GetSessionLimitsData, get_session_limits_data_free)
|
||||||
|
|
||||||
|
/**
|
||||||
|
* mct_manager_get_session_limits_async:
|
||||||
|
* @self: a #MctManager
|
||||||
|
* @user_id: ID of the user to query, typically coming from getuid()
|
||||||
|
* @flags: flags to affect the behaviour of the call
|
||||||
|
* @cancellable: (nullable): a #GCancellable, or %NULL
|
||||||
|
* @callback: a #GAsyncReadyCallback
|
||||||
|
* @user_data: user data to pass to @callback
|
||||||
|
*
|
||||||
|
* Asynchronously get a snapshot of the session limit settings for the given
|
||||||
|
* @user_id.
|
||||||
|
*
|
||||||
|
* On failure, an #MctManagerError, a #GDBusError or a #GIOError will be
|
||||||
|
* returned via mct_manager_get_session_limits_finish().
|
||||||
|
*
|
||||||
|
* Since: 0.5.0
|
||||||
|
*/
|
||||||
|
void
|
||||||
|
mct_manager_get_session_limits_async (MctManager *self,
|
||||||
|
uid_t user_id,
|
||||||
|
MctManagerGetValueFlags flags,
|
||||||
|
GCancellable *cancellable,
|
||||||
|
GAsyncReadyCallback callback,
|
||||||
|
gpointer user_data)
|
||||||
|
{
|
||||||
|
g_autoptr(GTask) task = NULL;
|
||||||
|
g_autoptr(GetSessionLimitsData) data = NULL;
|
||||||
|
|
||||||
|
g_return_if_fail (MCT_IS_MANAGER (self));
|
||||||
|
g_return_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable));
|
||||||
|
|
||||||
|
task = g_task_new (self, cancellable, callback, user_data);
|
||||||
|
g_task_set_source_tag (task, mct_manager_get_session_limits_async);
|
||||||
|
|
||||||
|
data = g_new0 (GetSessionLimitsData, 1);
|
||||||
|
data->user_id = user_id;
|
||||||
|
data->flags = flags;
|
||||||
|
g_task_set_task_data (task, g_steal_pointer (&data),
|
||||||
|
(GDestroyNotify) get_session_limits_data_free);
|
||||||
|
|
||||||
|
g_task_run_in_thread (task, get_session_limits_thread_cb);
|
||||||
|
}
|
||||||
|
|
||||||
|
static void
|
||||||
|
get_session_limits_thread_cb (GTask *task,
|
||||||
|
gpointer source_object,
|
||||||
|
gpointer task_data,
|
||||||
|
GCancellable *cancellable)
|
||||||
|
{
|
||||||
|
g_autoptr(MctSessionLimits) limits = NULL;
|
||||||
|
MctManager *manager = MCT_MANAGER (source_object);
|
||||||
|
GetSessionLimitsData *data = task_data;
|
||||||
|
g_autoptr(GError) local_error = NULL;
|
||||||
|
|
||||||
|
limits = mct_manager_get_session_limits (manager, data->user_id,
|
||||||
|
data->flags,
|
||||||
|
cancellable, &local_error);
|
||||||
|
|
||||||
|
if (local_error != NULL)
|
||||||
|
g_task_return_error (task, g_steal_pointer (&local_error));
|
||||||
|
else
|
||||||
|
g_task_return_pointer (task, g_steal_pointer (&limits),
|
||||||
|
(GDestroyNotify) mct_session_limits_unref);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* mct_manager_get_session_limits_finish:
|
||||||
|
* @self: a #MctManager
|
||||||
|
* @result: a #GAsyncResult
|
||||||
|
* @error: return location for a #GError, or %NULL
|
||||||
|
*
|
||||||
|
* Finish an asynchronous operation to get the session limits for a user,
|
||||||
|
* started with mct_manager_get_session_limits_async().
|
||||||
|
*
|
||||||
|
* Returns: (transfer full): session limits for the queried user
|
||||||
|
* Since: 0.5.0
|
||||||
|
*/
|
||||||
|
MctSessionLimits *
|
||||||
|
mct_manager_get_session_limits_finish (MctManager *self,
|
||||||
|
GAsyncResult *result,
|
||||||
|
GError **error)
|
||||||
|
{
|
||||||
|
g_return_val_if_fail (MCT_IS_MANAGER (self), NULL);
|
||||||
|
g_return_val_if_fail (g_task_is_valid (result, self), NULL);
|
||||||
|
g_return_val_if_fail (error == NULL || *error == NULL, NULL);
|
||||||
|
|
||||||
|
return g_task_propagate_pointer (G_TASK (result), error);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* mct_manager_set_session_limits:
|
||||||
|
* @self: a #MctManager
|
||||||
|
* @user_id: ID of the user to set the limits for, typically coming from getuid()
|
||||||
|
* @session_limits: (transfer none): the session limits to set for the user
|
||||||
|
* @flags: flags to affect the behaviour of the call
|
||||||
|
* @cancellable: (nullable): a #GCancellable, or %NULL
|
||||||
|
* @error: return location for a #GError, or %NULL
|
||||||
|
*
|
||||||
|
* Synchronous version of mct_manager_set_session_limits_async().
|
||||||
|
*
|
||||||
|
* Returns: %TRUE on success, %FALSE otherwise
|
||||||
|
* Since: 0.5.0
|
||||||
|
*/
|
||||||
|
gboolean
|
||||||
|
mct_manager_set_session_limits (MctManager *self,
|
||||||
|
uid_t user_id,
|
||||||
|
MctSessionLimits *session_limits,
|
||||||
|
MctManagerSetValueFlags flags,
|
||||||
|
GCancellable *cancellable,
|
||||||
|
GError **error)
|
||||||
|
{
|
||||||
|
g_autofree gchar *object_path = NULL;
|
||||||
|
g_autoptr(GVariant) limit_variant = NULL;
|
||||||
|
const gchar *limit_property_name = NULL;
|
||||||
|
g_autoptr(GVariant) limit_type_variant = NULL;
|
||||||
|
g_autoptr(GVariant) limit_result_variant = NULL;
|
||||||
|
g_autoptr(GVariant) limit_type_result_variant = NULL;
|
||||||
|
g_autoptr(GError) local_error = NULL;
|
||||||
|
|
||||||
|
g_return_val_if_fail (MCT_IS_MANAGER (self), FALSE);
|
||||||
|
g_return_val_if_fail (session_limits != NULL, FALSE);
|
||||||
|
g_return_val_if_fail (session_limits->ref_count >= 1, FALSE);
|
||||||
|
g_return_val_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable), FALSE);
|
||||||
|
g_return_val_if_fail (error == NULL || *error == NULL, FALSE);
|
||||||
|
|
||||||
|
object_path = accounts_find_user_by_id (self->connection, user_id,
|
||||||
|
(flags & MCT_MANAGER_SET_VALUE_FLAGS_INTERACTIVE),
|
||||||
|
cancellable, error);
|
||||||
|
if (object_path == NULL)
|
||||||
|
return FALSE;
|
||||||
|
|
||||||
|
switch (session_limits->limit_type)
|
||||||
|
{
|
||||||
|
case MCT_SESSION_LIMITS_TYPE_DAILY_SCHEDULE:
|
||||||
|
limit_variant = g_variant_new ("(uu)",
|
||||||
|
session_limits->daily_start_time,
|
||||||
|
session_limits->daily_end_time);
|
||||||
|
limit_property_name = "DailySchedule";
|
||||||
|
break;
|
||||||
|
case MCT_SESSION_LIMITS_TYPE_NONE:
|
||||||
|
limit_variant = NULL;
|
||||||
|
limit_property_name = NULL;
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
g_assert_not_reached ();
|
||||||
|
}
|
||||||
|
|
||||||
|
limit_type_variant = g_variant_new_uint32 (session_limits->limit_type);
|
||||||
|
|
||||||
|
if (limit_property_name != NULL)
|
||||||
|
{
|
||||||
|
/* Change the details of the new limit first, so that all the properties are
|
||||||
|
* correct by the time the limit type is changed over. */
|
||||||
|
limit_result_variant =
|
||||||
|
g_dbus_connection_call_sync (self->connection,
|
||||||
|
"org.freedesktop.Accounts",
|
||||||
|
object_path,
|
||||||
|
"org.freedesktop.DBus.Properties",
|
||||||
|
"Set",
|
||||||
|
g_variant_new ("(ssv)",
|
||||||
|
"com.endlessm.ParentalControls.SessionLimits",
|
||||||
|
limit_property_name,
|
||||||
|
g_steal_pointer (&limit_variant)),
|
||||||
|
G_VARIANT_TYPE ("()"),
|
||||||
|
(flags & MCT_MANAGER_SET_VALUE_FLAGS_INTERACTIVE)
|
||||||
|
? G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION
|
||||||
|
: G_DBUS_CALL_FLAGS_NONE,
|
||||||
|
-1, /* timeout, ms */
|
||||||
|
cancellable,
|
||||||
|
&local_error);
|
||||||
|
if (local_error != NULL)
|
||||||
|
{
|
||||||
|
g_propagate_error (error, bus_error_to_manager_error (local_error, user_id));
|
||||||
|
return FALSE;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
limit_type_result_variant =
|
||||||
|
g_dbus_connection_call_sync (self->connection,
|
||||||
|
"org.freedesktop.Accounts",
|
||||||
|
object_path,
|
||||||
|
"org.freedesktop.DBus.Properties",
|
||||||
|
"Set",
|
||||||
|
g_variant_new ("(ssv)",
|
||||||
|
"com.endlessm.ParentalControls.SessionLimits",
|
||||||
|
"LimitType",
|
||||||
|
g_steal_pointer (&limit_type_variant)),
|
||||||
|
G_VARIANT_TYPE ("()"),
|
||||||
|
(flags & MCT_MANAGER_SET_VALUE_FLAGS_INTERACTIVE)
|
||||||
|
? G_DBUS_CALL_FLAGS_ALLOW_INTERACTIVE_AUTHORIZATION
|
||||||
|
: G_DBUS_CALL_FLAGS_NONE,
|
||||||
|
-1, /* timeout, ms */
|
||||||
|
cancellable,
|
||||||
|
&local_error);
|
||||||
|
if (local_error != NULL)
|
||||||
|
{
|
||||||
|
g_propagate_error (error, bus_error_to_manager_error (local_error, user_id));
|
||||||
|
return FALSE;
|
||||||
|
}
|
||||||
|
|
||||||
|
return TRUE;
|
||||||
|
}
|
||||||
|
|
||||||
|
static void set_session_limits_thread_cb (GTask *task,
|
||||||
|
gpointer source_object,
|
||||||
|
gpointer task_data,
|
||||||
|
GCancellable *cancellable);
|
||||||
|
|
||||||
|
typedef struct
|
||||||
|
{
|
||||||
|
uid_t user_id;
|
||||||
|
MctSessionLimits *session_limits; /* (owned) */
|
||||||
|
MctManagerSetValueFlags flags;
|
||||||
|
} SetSessionLimitsData;
|
||||||
|
|
||||||
|
static void
|
||||||
|
set_session_limits_data_free (SetSessionLimitsData *data)
|
||||||
|
{
|
||||||
|
mct_session_limits_unref (data->session_limits);
|
||||||
|
g_free (data);
|
||||||
|
}
|
||||||
|
|
||||||
|
G_DEFINE_AUTOPTR_CLEANUP_FUNC (SetSessionLimitsData, set_session_limits_data_free)
|
||||||
|
|
||||||
|
/**
|
||||||
|
* mct_manager_set_session_limits_async:
|
||||||
|
* @self: a #MctManager
|
||||||
|
* @user_id: ID of the user to set the limits for, typically coming from getuid()
|
||||||
|
* @session_limits: (transfer none): the session limits to set for the user
|
||||||
|
* @flags: flags to affect the behaviour of the call
|
||||||
|
* @cancellable: (nullable): a #GCancellable, or %NULL
|
||||||
|
* @callback: a #GAsyncReadyCallback
|
||||||
|
* @user_data: user data to pass to @callback
|
||||||
|
*
|
||||||
|
* Asynchronously set the session limits settings for the given @user_id to the
|
||||||
|
* given @session_limits instance.
|
||||||
|
*
|
||||||
|
* On failure, an #MctManagerError, a #GDBusError or a #GIOError will be
|
||||||
|
* returned via mct_manager_set_session_limits_finish(). The user’s session
|
||||||
|
* limits settings will be left in an undefined state.
|
||||||
|
*
|
||||||
|
* Since: 0.5.0
|
||||||
|
*/
|
||||||
|
void
|
||||||
|
mct_manager_set_session_limits_async (MctManager *self,
|
||||||
|
uid_t user_id,
|
||||||
|
MctSessionLimits *session_limits,
|
||||||
|
MctManagerSetValueFlags flags,
|
||||||
|
GCancellable *cancellable,
|
||||||
|
GAsyncReadyCallback callback,
|
||||||
|
gpointer user_data)
|
||||||
|
{
|
||||||
|
g_autoptr(GTask) task = NULL;
|
||||||
|
g_autoptr(SetSessionLimitsData) data = NULL;
|
||||||
|
|
||||||
|
g_return_if_fail (MCT_IS_MANAGER (self));
|
||||||
|
g_return_if_fail (session_limits != NULL);
|
||||||
|
g_return_if_fail (session_limits->ref_count >= 1);
|
||||||
|
g_return_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable));
|
||||||
|
|
||||||
|
task = g_task_new (self, cancellable, callback, user_data);
|
||||||
|
g_task_set_source_tag (task, mct_manager_set_session_limits_async);
|
||||||
|
|
||||||
|
data = g_new0 (SetSessionLimitsData, 1);
|
||||||
|
data->user_id = user_id;
|
||||||
|
data->session_limits = mct_session_limits_ref (session_limits);
|
||||||
|
data->flags = flags;
|
||||||
|
g_task_set_task_data (task, g_steal_pointer (&data),
|
||||||
|
(GDestroyNotify) set_session_limits_data_free);
|
||||||
|
|
||||||
|
g_task_run_in_thread (task, set_session_limits_thread_cb);
|
||||||
|
}
|
||||||
|
|
||||||
|
static void
|
||||||
|
set_session_limits_thread_cb (GTask *task,
|
||||||
|
gpointer source_object,
|
||||||
|
gpointer task_data,
|
||||||
|
GCancellable *cancellable)
|
||||||
|
{
|
||||||
|
gboolean success;
|
||||||
|
MctManager *manager = MCT_MANAGER (source_object);
|
||||||
|
SetSessionLimitsData *data = task_data;
|
||||||
|
g_autoptr(GError) local_error = NULL;
|
||||||
|
|
||||||
|
success = mct_manager_set_session_limits (manager, data->user_id,
|
||||||
|
data->session_limits, data->flags,
|
||||||
|
cancellable, &local_error);
|
||||||
|
|
||||||
|
if (local_error != NULL)
|
||||||
|
g_task_return_error (task, g_steal_pointer (&local_error));
|
||||||
|
else
|
||||||
|
g_task_return_boolean (task, success);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* mct_manager_set_session_limits_finish:
|
||||||
|
* @self: a #MctManager
|
||||||
|
* @result: a #GAsyncResult
|
||||||
|
* @error: return location for a #GError, or %NULL
|
||||||
|
*
|
||||||
|
* Finish an asynchronous operation to set the session limits for a user,
|
||||||
|
* started with mct_manager_set_session_limits_async().
|
||||||
|
*
|
||||||
|
* Returns: %TRUE on success, %FALSE otherwise
|
||||||
|
* Since: 0.5.0
|
||||||
|
*/
|
||||||
|
gboolean
|
||||||
|
mct_manager_set_session_limits_finish (MctManager *self,
|
||||||
|
GAsyncResult *result,
|
||||||
|
GError **error)
|
||||||
|
{
|
||||||
|
g_return_val_if_fail (MCT_IS_MANAGER (self), FALSE);
|
||||||
|
g_return_val_if_fail (g_task_is_valid (result, self), FALSE);
|
||||||
|
g_return_val_if_fail (error == NULL || *error == NULL, FALSE);
|
||||||
|
|
||||||
|
return g_task_propagate_boolean (G_TASK (result), error);
|
||||||
|
}
|
||||||
|
|
|
@ -25,43 +25,79 @@
|
||||||
#include <gio/gio.h>
|
#include <gio/gio.h>
|
||||||
#include <glib.h>
|
#include <glib.h>
|
||||||
#include <glib-object.h>
|
#include <glib-object.h>
|
||||||
#include <libmalcontent/app-filter.h>
|
|
||||||
|
|
||||||
G_BEGIN_DECLS
|
G_BEGIN_DECLS
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* MctGetAppFilterFlags:
|
* MctManagerGetValueFlags:
|
||||||
* @MCT_GET_APP_FILTER_FLAGS_NONE: No flags set.
|
* @MCT_MANAGER_GET_VALUE_FLAGS_NONE: No flags set.
|
||||||
* @MCT_GET_APP_FILTER_FLAGS_INTERACTIVE: Allow interactive polkit dialogs when
|
* @MCT_MANAGER_GET_VALUE_FLAGS_INTERACTIVE: Allow interactive polkit dialogs
|
||||||
* requesting authorization.
|
* when requesting authorization.
|
||||||
*
|
*
|
||||||
* Flags to control the behaviour of mct_manager_get_app_filter() and
|
* Flags to control the behaviour of getter functions like
|
||||||
* mct_manager_get_app_filter_async().
|
* mct_manager_get_app_filter() and mct_manager_get_app_filter_async().
|
||||||
*
|
*
|
||||||
* Since: 0.3.0
|
* Since: 0.5.0
|
||||||
*/
|
*/
|
||||||
typedef enum
|
typedef enum
|
||||||
{
|
{
|
||||||
MCT_GET_APP_FILTER_FLAGS_NONE = 0,
|
MCT_MANAGER_GET_VALUE_FLAGS_NONE = 0,
|
||||||
MCT_GET_APP_FILTER_FLAGS_INTERACTIVE,
|
MCT_MANAGER_GET_VALUE_FLAGS_INTERACTIVE = (1 << 0),
|
||||||
} MctGetAppFilterFlags;
|
} MctManagerGetValueFlags;
|
||||||
|
|
||||||
|
/* FIXME: Eventually deprecate these compatibility fallbacks. */
|
||||||
|
typedef MctManagerGetValueFlags MctGetAppFilterFlags;
|
||||||
|
#define MCT_GET_APP_FILTER_FLAGS_NONE MCT_MANAGER_GET_VALUE_FLAGS_NONE
|
||||||
|
#define MCT_GET_APP_FILTER_FLAGS_INTERACTIVE MCT_MANAGER_GET_VALUE_FLAGS_INTERACTIVE
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* MctSetAppFilterFlags:
|
* MctManagerSetValueFlags:
|
||||||
* @MCT_SET_APP_FILTER_FLAGS_NONE: No flags set.
|
* @MCT_MANAGER_SET_VALUE_FLAGS_NONE: No flags set.
|
||||||
* @MCT_SET_APP_FILTER_FLAGS_INTERACTIVE: Allow interactive polkit dialogs when
|
* @MCT_MANAGER_SET_VALUE_FLAGS_INTERACTIVE: Allow interactive polkit dialogs
|
||||||
* requesting authorization.
|
* when requesting authorization.
|
||||||
*
|
*
|
||||||
* Flags to control the behaviour of mct_manager_set_app_filter() and
|
* Flags to control the behaviour of setter functions like
|
||||||
* mct_manager_set_app_filter_async().
|
* mct_manager_set_app_filter() and mct_manager_set_app_filter_async().
|
||||||
*
|
*
|
||||||
* Since: 0.3.0
|
* Since: 0.5.0
|
||||||
*/
|
*/
|
||||||
typedef enum
|
typedef enum
|
||||||
{
|
{
|
||||||
MCT_SET_APP_FILTER_FLAGS_NONE = 0,
|
MCT_MANAGER_SET_VALUE_FLAGS_NONE = 0,
|
||||||
MCT_SET_APP_FILTER_FLAGS_INTERACTIVE,
|
MCT_MANAGER_SET_VALUE_FLAGS_INTERACTIVE = (1 << 0),
|
||||||
} MctSetAppFilterFlags;
|
} MctManagerSetValueFlags;
|
||||||
|
|
||||||
|
/* FIXME: Eventually deprecate these compatibility fallbacks. */
|
||||||
|
typedef MctManagerSetValueFlags MctSetAppFilterFlags;
|
||||||
|
#define MCT_SET_APP_FILTER_FLAGS_NONE MCT_MANAGER_SET_VALUE_FLAGS_NONE
|
||||||
|
#define MCT_SET_APP_FILTER_FLAGS_INTERACTIVE MCT_MANAGER_SET_VALUE_FLAGS_INTERACTIVE
|
||||||
|
|
||||||
|
/**
|
||||||
|
* MctManagerError:
|
||||||
|
* @MCT_MANAGER_ERROR_INVALID_USER: Given user ID doesn’t exist
|
||||||
|
* @MCT_MANAGER_ERROR_PERMISSION_DENIED: Not authorized to query properties of
|
||||||
|
* the given user
|
||||||
|
* @MCT_MANAGER_ERROR_INVALID_DATA: The data stored in a property of the given
|
||||||
|
* user is inconsistent or invalid
|
||||||
|
* @MCT_MANAGER_ERROR_DISABLED: Parental controls are disabled for all users
|
||||||
|
*
|
||||||
|
* Errors relating to get/set operations on an #MctManager instance.
|
||||||
|
*
|
||||||
|
* Since: 0.5.0
|
||||||
|
*/
|
||||||
|
typedef enum
|
||||||
|
{
|
||||||
|
MCT_MANAGER_ERROR_INVALID_USER,
|
||||||
|
MCT_MANAGER_ERROR_PERMISSION_DENIED,
|
||||||
|
MCT_MANAGER_ERROR_INVALID_DATA,
|
||||||
|
MCT_MANAGER_ERROR_DISABLED,
|
||||||
|
} MctManagerError;
|
||||||
|
|
||||||
|
GQuark mct_manager_error_quark (void);
|
||||||
|
#define MCT_MANAGER_ERROR mct_manager_error_quark ()
|
||||||
|
|
||||||
|
#include <libmalcontent/app-filter.h>
|
||||||
|
#include <libmalcontent/session-limits.h>
|
||||||
|
|
||||||
#define MCT_TYPE_MANAGER mct_manager_get_type ()
|
#define MCT_TYPE_MANAGER mct_manager_get_type ()
|
||||||
G_DECLARE_FINAL_TYPE (MctManager, mct_manager, MCT, MANAGER, GObject)
|
G_DECLARE_FINAL_TYPE (MctManager, mct_manager, MCT, MANAGER, GObject)
|
||||||
|
@ -70,12 +106,12 @@ MctManager *mct_manager_new (GDBusConnection *connection);
|
||||||
|
|
||||||
MctAppFilter *mct_manager_get_app_filter (MctManager *self,
|
MctAppFilter *mct_manager_get_app_filter (MctManager *self,
|
||||||
uid_t user_id,
|
uid_t user_id,
|
||||||
MctGetAppFilterFlags flags,
|
MctManagerGetValueFlags flags,
|
||||||
GCancellable *cancellable,
|
GCancellable *cancellable,
|
||||||
GError **error);
|
GError **error);
|
||||||
void mct_manager_get_app_filter_async (MctManager *self,
|
void mct_manager_get_app_filter_async (MctManager *self,
|
||||||
uid_t user_id,
|
uid_t user_id,
|
||||||
MctGetAppFilterFlags flags,
|
MctManagerGetValueFlags flags,
|
||||||
GCancellable *cancellable,
|
GCancellable *cancellable,
|
||||||
GAsyncReadyCallback callback,
|
GAsyncReadyCallback callback,
|
||||||
gpointer user_data);
|
gpointer user_data);
|
||||||
|
@ -86,13 +122,13 @@ MctAppFilter *mct_manager_get_app_filter_finish (MctManager *self,
|
||||||
gboolean mct_manager_set_app_filter (MctManager *self,
|
gboolean mct_manager_set_app_filter (MctManager *self,
|
||||||
uid_t user_id,
|
uid_t user_id,
|
||||||
MctAppFilter *app_filter,
|
MctAppFilter *app_filter,
|
||||||
MctSetAppFilterFlags flags,
|
MctManagerSetValueFlags flags,
|
||||||
GCancellable *cancellable,
|
GCancellable *cancellable,
|
||||||
GError **error);
|
GError **error);
|
||||||
void mct_manager_set_app_filter_async (MctManager *self,
|
void mct_manager_set_app_filter_async (MctManager *self,
|
||||||
uid_t user_id,
|
uid_t user_id,
|
||||||
MctAppFilter *app_filter,
|
MctAppFilter *app_filter,
|
||||||
MctSetAppFilterFlags flags,
|
MctManagerSetValueFlags flags,
|
||||||
GCancellable *cancellable,
|
GCancellable *cancellable,
|
||||||
GAsyncReadyCallback callback,
|
GAsyncReadyCallback callback,
|
||||||
gpointer user_data);
|
gpointer user_data);
|
||||||
|
@ -100,4 +136,36 @@ gboolean mct_manager_set_app_filter_finish (MctManager *self,
|
||||||
GAsyncResult *result,
|
GAsyncResult *result,
|
||||||
GError **error);
|
GError **error);
|
||||||
|
|
||||||
|
MctSessionLimits *mct_manager_get_session_limits (MctManager *self,
|
||||||
|
uid_t user_id,
|
||||||
|
MctManagerGetValueFlags flags,
|
||||||
|
GCancellable *cancellable,
|
||||||
|
GError **error);
|
||||||
|
void mct_manager_get_session_limits_async (MctManager *self,
|
||||||
|
uid_t user_id,
|
||||||
|
MctManagerGetValueFlags flags,
|
||||||
|
GCancellable *cancellable,
|
||||||
|
GAsyncReadyCallback callback,
|
||||||
|
gpointer user_data);
|
||||||
|
MctSessionLimits *mct_manager_get_session_limits_finish (MctManager *self,
|
||||||
|
GAsyncResult *result,
|
||||||
|
GError **error);
|
||||||
|
|
||||||
|
gboolean mct_manager_set_session_limits (MctManager *self,
|
||||||
|
uid_t user_id,
|
||||||
|
MctSessionLimits *session_limits,
|
||||||
|
MctManagerSetValueFlags flags,
|
||||||
|
GCancellable *cancellable,
|
||||||
|
GError **error);
|
||||||
|
void mct_manager_set_session_limits_async (MctManager *self,
|
||||||
|
uid_t user_id,
|
||||||
|
MctSessionLimits *session_limits,
|
||||||
|
MctManagerSetValueFlags flags,
|
||||||
|
GCancellable *cancellable,
|
||||||
|
GAsyncReadyCallback callback,
|
||||||
|
gpointer user_data);
|
||||||
|
gboolean mct_manager_set_session_limits_finish (MctManager *self,
|
||||||
|
GAsyncResult *result,
|
||||||
|
GError **error);
|
||||||
|
|
||||||
G_END_DECLS
|
G_END_DECLS
|
||||||
|
|
|
@ -3,14 +3,17 @@ libmalcontent_api_name = 'malcontent-' + libmalcontent_api_version
|
||||||
libmalcontent_sources = [
|
libmalcontent_sources = [
|
||||||
'app-filter.c',
|
'app-filter.c',
|
||||||
'manager.c',
|
'manager.c',
|
||||||
|
'session-limits.c',
|
||||||
]
|
]
|
||||||
libmalcontent_headers = [
|
libmalcontent_headers = [
|
||||||
'app-filter.h',
|
'app-filter.h',
|
||||||
'malcontent.h',
|
'malcontent.h',
|
||||||
'manager.h',
|
'manager.h',
|
||||||
|
'session-limits.h',
|
||||||
]
|
]
|
||||||
libmalcontent_private_headers = [
|
libmalcontent_private_headers = [
|
||||||
'app-filter-private.h',
|
'app-filter-private.h',
|
||||||
|
'session-limits-private.h',
|
||||||
]
|
]
|
||||||
|
|
||||||
libmalcontent_public_deps = [
|
libmalcontent_public_deps = [
|
||||||
|
|
|
@ -0,0 +1,62 @@
|
||||||
|
/* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*-
|
||||||
|
*
|
||||||
|
* Copyright © 2019 Endless Mobile, Inc.
|
||||||
|
*
|
||||||
|
* This library is free software; you can redistribute it and/or
|
||||||
|
* modify it under the terms of the GNU Lesser General Public
|
||||||
|
* License as published by the Free Software Foundation; either
|
||||||
|
* version 2.1 of the License, or (at your option) any later version.
|
||||||
|
*
|
||||||
|
* This library is distributed in the hope that it will be useful,
|
||||||
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||||
|
* Lesser General Public License for more details.
|
||||||
|
*
|
||||||
|
* You should have received a copy of the GNU Lesser General Public
|
||||||
|
* License along with this library; if not, write to the Free Software
|
||||||
|
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
|
||||||
|
*
|
||||||
|
* Authors:
|
||||||
|
* - Philip Withnall <withnall@endlessm.com>
|
||||||
|
*/
|
||||||
|
|
||||||
|
#pragma once
|
||||||
|
|
||||||
|
#include <gio/gio.h>
|
||||||
|
#include <glib.h>
|
||||||
|
#include <glib-object.h>
|
||||||
|
#include <libmalcontent/session-limits.h>
|
||||||
|
|
||||||
|
G_BEGIN_DECLS
|
||||||
|
|
||||||
|
/**
|
||||||
|
* MctSessionLimitsType:
|
||||||
|
* @MCT_SESSION_LIMITS_TYPE_NONE: No session limits are imposed.
|
||||||
|
* @MCT_SESSION_LIMITS_TYPE_DAILY_SCHEDULE: Sessions are limited to between a
|
||||||
|
* pair of given times each day.
|
||||||
|
*
|
||||||
|
* Types of session limit which can be imposed on an account. Additional types
|
||||||
|
* may be added in future.
|
||||||
|
*
|
||||||
|
* Since: 0.5.0
|
||||||
|
*/
|
||||||
|
typedef enum
|
||||||
|
{
|
||||||
|
/* these values are used in the com.endlessm.ParentalControls.SessionLimits
|
||||||
|
* D-Bus interface, so must not be changed */
|
||||||
|
MCT_SESSION_LIMITS_TYPE_NONE = 0,
|
||||||
|
MCT_SESSION_LIMITS_TYPE_DAILY_SCHEDULE = 1,
|
||||||
|
} MctSessionLimitsType;
|
||||||
|
|
||||||
|
struct _MctSessionLimits
|
||||||
|
{
|
||||||
|
gint ref_count;
|
||||||
|
|
||||||
|
uid_t user_id;
|
||||||
|
|
||||||
|
MctSessionLimitsType limit_type;
|
||||||
|
guint daily_start_time; /* seconds since midnight */
|
||||||
|
guint daily_end_time; /* seconds since midnight */
|
||||||
|
};
|
||||||
|
|
||||||
|
G_END_DECLS
|
|
@ -0,0 +1,451 @@
|
||||||
|
/* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*-
|
||||||
|
*
|
||||||
|
* Copyright © 2019 Endless Mobile, Inc.
|
||||||
|
*
|
||||||
|
* This library is free software; you can redistribute it and/or
|
||||||
|
* modify it under the terms of the GNU Lesser General Public
|
||||||
|
* License as published by the Free Software Foundation; either
|
||||||
|
* version 2.1 of the License, or (at your option) any later version.
|
||||||
|
*
|
||||||
|
* This library is distributed in the hope that it will be useful,
|
||||||
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||||
|
* Lesser General Public License for more details.
|
||||||
|
*
|
||||||
|
* You should have received a copy of the GNU Lesser General Public
|
||||||
|
* License along with this library; if not, write to the Free Software
|
||||||
|
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
|
||||||
|
*
|
||||||
|
* Authors:
|
||||||
|
* - Philip Withnall <withnall@endlessm.com>
|
||||||
|
*/
|
||||||
|
|
||||||
|
#include "config.h"
|
||||||
|
|
||||||
|
#include <glib.h>
|
||||||
|
#include <glib-object.h>
|
||||||
|
#include <glib/gi18n-lib.h>
|
||||||
|
#include <gio/gio.h>
|
||||||
|
#include <libmalcontent/session-limits.h>
|
||||||
|
|
||||||
|
#include "libmalcontent/session-limits-private.h"
|
||||||
|
|
||||||
|
|
||||||
|
/* struct _MctSessionLimits is defined in session-limits-private.h */
|
||||||
|
|
||||||
|
G_DEFINE_BOXED_TYPE (MctSessionLimits, mct_session_limits,
|
||||||
|
mct_session_limits_ref, mct_session_limits_unref)
|
||||||
|
|
||||||
|
/**
|
||||||
|
* mct_session_limits_ref:
|
||||||
|
* @limits: (transfer none): an #MctSessionLimits
|
||||||
|
*
|
||||||
|
* Increment the reference count of @limits, and return the same pointer to it.
|
||||||
|
*
|
||||||
|
* Returns: (transfer full): the same pointer as @limits
|
||||||
|
* Since: 0.5.0
|
||||||
|
*/
|
||||||
|
MctSessionLimits *
|
||||||
|
mct_session_limits_ref (MctSessionLimits *limits)
|
||||||
|
{
|
||||||
|
g_return_val_if_fail (limits != NULL, NULL);
|
||||||
|
g_return_val_if_fail (limits->ref_count >= 1, NULL);
|
||||||
|
g_return_val_if_fail (limits->ref_count <= G_MAXINT - 1, NULL);
|
||||||
|
|
||||||
|
limits->ref_count++;
|
||||||
|
return limits;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* mct_session_limits_unref:
|
||||||
|
* @limits: (transfer full): an #MctSessionLimits
|
||||||
|
*
|
||||||
|
* Decrement the reference count of @limits. If the reference count reaches
|
||||||
|
* zero, free the @limits and all its resources.
|
||||||
|
*
|
||||||
|
* Since: 0.5.0
|
||||||
|
*/
|
||||||
|
void
|
||||||
|
mct_session_limits_unref (MctSessionLimits *limits)
|
||||||
|
{
|
||||||
|
g_return_if_fail (limits != NULL);
|
||||||
|
g_return_if_fail (limits->ref_count >= 1);
|
||||||
|
|
||||||
|
limits->ref_count--;
|
||||||
|
|
||||||
|
if (limits->ref_count <= 0)
|
||||||
|
{
|
||||||
|
g_free (limits);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* mct_session_limits_get_user_id:
|
||||||
|
* @limits: an #MctSessionLimits
|
||||||
|
*
|
||||||
|
* Get the user ID of the user this #MctSessionLimits is for.
|
||||||
|
*
|
||||||
|
* Returns: user ID of the relevant user
|
||||||
|
* Since: 0.5.0
|
||||||
|
*/
|
||||||
|
uid_t
|
||||||
|
mct_session_limits_get_user_id (MctSessionLimits *limits)
|
||||||
|
{
|
||||||
|
g_return_val_if_fail (limits != NULL, (uid_t) -1);
|
||||||
|
g_return_val_if_fail (limits->ref_count >= 1, (uid_t) -1);
|
||||||
|
|
||||||
|
return limits->user_id;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* mct_session_limits_check_time_remaining:
|
||||||
|
* @limits: an #MctSessionLimits
|
||||||
|
* @now_usecs: current time as microseconds since the Unix epoch (UTC),
|
||||||
|
* typically queried using g_get_real_time()
|
||||||
|
* @time_remaining_secs_out: (out) (optional): return location for the number
|
||||||
|
* of seconds remaining before the user’s session has to end, if limits are
|
||||||
|
* in force
|
||||||
|
* @time_limit_enabled_out: (out) (optional): return location for whether time
|
||||||
|
* limits are enabled for this user
|
||||||
|
*
|
||||||
|
* Check whether the user has time remaining in which they are allowed to use
|
||||||
|
* the computer, assuming that @now_usecs is the current time, and applying the
|
||||||
|
* session limit policy from @limits to it.
|
||||||
|
*
|
||||||
|
* This will return whether the user is allowed to use the computer now; further
|
||||||
|
* information about the policy and remaining time is provided in
|
||||||
|
* @time_remaining_secs_out and @time_limit_enabled_out.
|
||||||
|
*
|
||||||
|
* Returns: %TRUE if the user this @limits corresponds to is allowed to be in
|
||||||
|
* an active session at the given time; %FALSE otherwise
|
||||||
|
* Since: 0.5.0
|
||||||
|
*/
|
||||||
|
gboolean
|
||||||
|
mct_session_limits_check_time_remaining (MctSessionLimits *limits,
|
||||||
|
guint64 now_usecs,
|
||||||
|
guint64 *time_remaining_secs_out,
|
||||||
|
gboolean *time_limit_enabled_out)
|
||||||
|
{
|
||||||
|
guint64 time_remaining_secs;
|
||||||
|
gboolean time_limit_enabled;
|
||||||
|
gboolean user_allowed_now;
|
||||||
|
g_autoptr(GDateTime) now_dt = NULL;
|
||||||
|
guint64 now_time_of_day_secs;
|
||||||
|
|
||||||
|
g_return_val_if_fail (limits != NULL, FALSE);
|
||||||
|
g_return_val_if_fail (limits->ref_count >= 1, FALSE);
|
||||||
|
|
||||||
|
/* Helper calculations. */
|
||||||
|
now_dt = g_date_time_new_from_unix_utc (now_usecs / G_USEC_PER_SEC);
|
||||||
|
if (now_dt == NULL)
|
||||||
|
{
|
||||||
|
time_remaining_secs = 0;
|
||||||
|
time_limit_enabled = TRUE;
|
||||||
|
user_allowed_now = FALSE;
|
||||||
|
goto out;
|
||||||
|
}
|
||||||
|
|
||||||
|
now_time_of_day_secs = ((g_date_time_get_hour (now_dt) * 60 +
|
||||||
|
g_date_time_get_minute (now_dt)) * 60 +
|
||||||
|
g_date_time_get_second (now_dt));
|
||||||
|
|
||||||
|
/* Work out the limits. */
|
||||||
|
switch (limits->limit_type)
|
||||||
|
{
|
||||||
|
case MCT_SESSION_LIMITS_TYPE_DAILY_SCHEDULE:
|
||||||
|
user_allowed_now = (now_time_of_day_secs >= limits->daily_start_time &&
|
||||||
|
now_time_of_day_secs < limits->daily_end_time);
|
||||||
|
time_remaining_secs = user_allowed_now ? (limits->daily_end_time - now_time_of_day_secs) : 0;
|
||||||
|
time_limit_enabled = TRUE;
|
||||||
|
|
||||||
|
g_debug ("%s: Daily schedule limit allowed in %u–%u (now is %"
|
||||||
|
G_GUINT64_FORMAT "); %" G_GUINT64_FORMAT " seconds remaining",
|
||||||
|
G_STRFUNC, limits->daily_start_time, limits->daily_end_time,
|
||||||
|
now_time_of_day_secs, time_remaining_secs);
|
||||||
|
|
||||||
|
break;
|
||||||
|
case MCT_SESSION_LIMITS_TYPE_NONE:
|
||||||
|
default:
|
||||||
|
user_allowed_now = TRUE;
|
||||||
|
time_remaining_secs = G_MAXUINT64;
|
||||||
|
time_limit_enabled = FALSE;
|
||||||
|
|
||||||
|
g_debug ("%s: No limit enabled", G_STRFUNC);
|
||||||
|
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
|
out:
|
||||||
|
/* Postconditions. */
|
||||||
|
g_assert (!user_allowed_now || time_remaining_secs > 0);
|
||||||
|
g_assert (user_allowed_now || time_remaining_secs == 0);
|
||||||
|
g_assert (time_limit_enabled || time_remaining_secs == G_MAXUINT64);
|
||||||
|
|
||||||
|
/* Output. */
|
||||||
|
if (time_remaining_secs_out != NULL)
|
||||||
|
*time_remaining_secs_out = time_remaining_secs;
|
||||||
|
if (time_limit_enabled_out != NULL)
|
||||||
|
*time_limit_enabled_out = time_limit_enabled;
|
||||||
|
|
||||||
|
return user_allowed_now;
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Actual implementation of #MctSessionLimitsBuilder.
|
||||||
|
*
|
||||||
|
* All members are %NULL if un-initialised, cleared, or ended.
|
||||||
|
*/
|
||||||
|
typedef struct
|
||||||
|
{
|
||||||
|
MctSessionLimitsType limit_type;
|
||||||
|
|
||||||
|
/* Which member is used is determined by @limit_type: */
|
||||||
|
union
|
||||||
|
{
|
||||||
|
struct
|
||||||
|
{
|
||||||
|
guint start_time; /* seconds since midnight */
|
||||||
|
guint end_time; /* seconds since midnight */
|
||||||
|
} daily_schedule;
|
||||||
|
};
|
||||||
|
|
||||||
|
/*< private >*/
|
||||||
|
gpointer padding[10];
|
||||||
|
} MctSessionLimitsBuilderReal;
|
||||||
|
|
||||||
|
G_STATIC_ASSERT (sizeof (MctSessionLimitsBuilderReal) ==
|
||||||
|
sizeof (MctSessionLimitsBuilder));
|
||||||
|
G_STATIC_ASSERT (__alignof__ (MctSessionLimitsBuilderReal) ==
|
||||||
|
__alignof__ (MctSessionLimitsBuilder));
|
||||||
|
|
||||||
|
G_DEFINE_BOXED_TYPE (MctSessionLimitsBuilder, mct_session_limits_builder,
|
||||||
|
mct_session_limits_builder_copy, mct_session_limits_builder_free)
|
||||||
|
|
||||||
|
/**
|
||||||
|
* mct_session_limits_builder_init:
|
||||||
|
* @builder: an uninitialised #MctSessionLimitsBuilder
|
||||||
|
*
|
||||||
|
* Initialise the given @builder so it can be used to construct a new
|
||||||
|
* #MctSessionLimits. @builder must have been allocated on the stack, and must
|
||||||
|
* not already be initialised.
|
||||||
|
*
|
||||||
|
* Construct the #MctSessionLimits by calling methods on @builder, followed by
|
||||||
|
* mct_session_limits_builder_end(). To abort construction, use
|
||||||
|
* mct_session_limits_builder_clear().
|
||||||
|
*
|
||||||
|
* Since: 0.5.0
|
||||||
|
*/
|
||||||
|
void
|
||||||
|
mct_session_limits_builder_init (MctSessionLimitsBuilder *builder)
|
||||||
|
{
|
||||||
|
MctSessionLimitsBuilder local_builder = MCT_SESSION_LIMITS_BUILDER_INIT ();
|
||||||
|
MctSessionLimitsBuilderReal *_builder = (MctSessionLimitsBuilderReal *) builder;
|
||||||
|
|
||||||
|
g_return_if_fail (_builder != NULL);
|
||||||
|
g_return_if_fail (_builder->limit_type == MCT_SESSION_LIMITS_TYPE_NONE);
|
||||||
|
|
||||||
|
memcpy (builder, &local_builder, sizeof (local_builder));
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* mct_session_limits_builder_clear:
|
||||||
|
* @builder: an #MctSessionLimitsBuilder
|
||||||
|
*
|
||||||
|
* Clear @builder, freeing any internal state in it. This will not free the
|
||||||
|
* top-level storage for @builder itself, which is assumed to be allocated on
|
||||||
|
* the stack.
|
||||||
|
*
|
||||||
|
* If called on an already-cleared #MctSessionLimitsBuilder, this function is
|
||||||
|
* idempotent.
|
||||||
|
*
|
||||||
|
* Since: 0.5.0
|
||||||
|
*/
|
||||||
|
void
|
||||||
|
mct_session_limits_builder_clear (MctSessionLimitsBuilder *builder)
|
||||||
|
{
|
||||||
|
MctSessionLimitsBuilderReal *_builder = (MctSessionLimitsBuilderReal *) builder;
|
||||||
|
|
||||||
|
g_return_if_fail (_builder != NULL);
|
||||||
|
|
||||||
|
/* Nothing to free here for now. */
|
||||||
|
_builder->limit_type = MCT_SESSION_LIMITS_TYPE_NONE;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* mct_session_limits_builder_new:
|
||||||
|
*
|
||||||
|
* Construct a new #MctSessionLimitsBuilder on the heap. This is intended for
|
||||||
|
* language bindings. The returned builder must eventually be freed with
|
||||||
|
* mct_session_limits_builder_free(), but can be cleared zero or more times with
|
||||||
|
* mct_session_limits_builder_clear() first.
|
||||||
|
*
|
||||||
|
* Returns: (transfer full): a new heap-allocated #MctSessionLimitsBuilder
|
||||||
|
* Since: 0.5.0
|
||||||
|
*/
|
||||||
|
MctSessionLimitsBuilder *
|
||||||
|
mct_session_limits_builder_new (void)
|
||||||
|
{
|
||||||
|
g_autoptr(MctSessionLimitsBuilder) builder = NULL;
|
||||||
|
|
||||||
|
builder = g_new0 (MctSessionLimitsBuilder, 1);
|
||||||
|
mct_session_limits_builder_init (builder);
|
||||||
|
|
||||||
|
return g_steal_pointer (&builder);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* mct_session_limits_builder_copy:
|
||||||
|
* @builder: an #MctSessionLimitsBuilder
|
||||||
|
*
|
||||||
|
* Copy the given @builder to a newly-allocated #MctSessionLimitsBuilder on the
|
||||||
|
* heap. This is safe to use with cleared, stack-allocated
|
||||||
|
* #MctSessionLimitsBuilders.
|
||||||
|
*
|
||||||
|
* Returns: (transfer full): a copy of @builder
|
||||||
|
* Since: 0.5.0
|
||||||
|
*/
|
||||||
|
MctSessionLimitsBuilder *
|
||||||
|
mct_session_limits_builder_copy (MctSessionLimitsBuilder *builder)
|
||||||
|
{
|
||||||
|
MctSessionLimitsBuilderReal *_builder = (MctSessionLimitsBuilderReal *) builder;
|
||||||
|
g_autoptr(MctSessionLimitsBuilder) copy = NULL;
|
||||||
|
MctSessionLimitsBuilderReal *_copy;
|
||||||
|
|
||||||
|
g_return_val_if_fail (builder != NULL, NULL);
|
||||||
|
|
||||||
|
copy = mct_session_limits_builder_new ();
|
||||||
|
_copy = (MctSessionLimitsBuilderReal *) copy;
|
||||||
|
|
||||||
|
mct_session_limits_builder_clear (copy);
|
||||||
|
_copy->limit_type = _builder->limit_type;
|
||||||
|
|
||||||
|
switch (_builder->limit_type)
|
||||||
|
{
|
||||||
|
case MCT_SESSION_LIMITS_TYPE_DAILY_SCHEDULE:
|
||||||
|
_copy->daily_schedule.start_time = _builder->daily_schedule.start_time;
|
||||||
|
_copy->daily_schedule.end_time = _builder->daily_schedule.end_time;
|
||||||
|
break;
|
||||||
|
case MCT_SESSION_LIMITS_TYPE_NONE:
|
||||||
|
default:
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
|
return g_steal_pointer (©);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* mct_session_limits_builder_free:
|
||||||
|
* @builder: a heap-allocated #MctSessionLimitsBuilder
|
||||||
|
*
|
||||||
|
* Free an #MctSessionLimitsBuilder originally allocated using
|
||||||
|
* mct_session_limits_builder_new(). This must not be called on stack-allocated
|
||||||
|
* builders initialised using mct_session_limits_builder_init().
|
||||||
|
*
|
||||||
|
* Since: 0.5.0
|
||||||
|
*/
|
||||||
|
void
|
||||||
|
mct_session_limits_builder_free (MctSessionLimitsBuilder *builder)
|
||||||
|
{
|
||||||
|
g_return_if_fail (builder != NULL);
|
||||||
|
|
||||||
|
mct_session_limits_builder_clear (builder);
|
||||||
|
g_free (builder);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* mct_session_limits_builder_end:
|
||||||
|
* @builder: an initialised #MctSessionLimitsBuilder
|
||||||
|
*
|
||||||
|
* Finish constructing an #MctSessionLimits with the given @builder, and return
|
||||||
|
* it. The #MctSessionLimitsBuilder will be cleared as if
|
||||||
|
* mct_session_limits_builder_clear() had been called.
|
||||||
|
*
|
||||||
|
* Returns: (transfer full): a newly constructed #MctSessionLimits
|
||||||
|
* Since: 0.5.0
|
||||||
|
*/
|
||||||
|
MctSessionLimits *
|
||||||
|
mct_session_limits_builder_end (MctSessionLimitsBuilder *builder)
|
||||||
|
{
|
||||||
|
MctSessionLimitsBuilderReal *_builder = (MctSessionLimitsBuilderReal *) builder;
|
||||||
|
g_autoptr(MctSessionLimits) session_limits = NULL;
|
||||||
|
|
||||||
|
g_return_val_if_fail (_builder != NULL, NULL);
|
||||||
|
|
||||||
|
/* Build the #MctSessionLimits. */
|
||||||
|
session_limits = g_new0 (MctSessionLimits, 1);
|
||||||
|
session_limits->ref_count = 1;
|
||||||
|
session_limits->user_id = -1;
|
||||||
|
session_limits->limit_type = _builder->limit_type;
|
||||||
|
|
||||||
|
switch (_builder->limit_type)
|
||||||
|
{
|
||||||
|
case MCT_SESSION_LIMITS_TYPE_DAILY_SCHEDULE:
|
||||||
|
session_limits->daily_start_time = _builder->daily_schedule.start_time;
|
||||||
|
session_limits->daily_end_time = _builder->daily_schedule.end_time;
|
||||||
|
break;
|
||||||
|
case MCT_SESSION_LIMITS_TYPE_NONE:
|
||||||
|
default:
|
||||||
|
/* Defaults: */
|
||||||
|
session_limits->daily_start_time = 0;
|
||||||
|
session_limits->daily_end_time = 24 * 60 * 60;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
|
mct_session_limits_builder_clear (builder);
|
||||||
|
|
||||||
|
return g_steal_pointer (&session_limits);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* mct_session_limits_builder_set_none:
|
||||||
|
* @builder: an initialised #MctSessionLimitsBuilder
|
||||||
|
*
|
||||||
|
* Unset any session limits currently set in the @builder.
|
||||||
|
*
|
||||||
|
* Since: 0.5.0
|
||||||
|
*/
|
||||||
|
void
|
||||||
|
mct_session_limits_builder_set_none (MctSessionLimitsBuilder *builder)
|
||||||
|
{
|
||||||
|
MctSessionLimitsBuilderReal *_builder = (MctSessionLimitsBuilderReal *) builder;
|
||||||
|
|
||||||
|
g_return_if_fail (_builder != NULL);
|
||||||
|
|
||||||
|
/* This will need to free other limit types’ data first in future. */
|
||||||
|
_builder->limit_type = MCT_SESSION_LIMITS_TYPE_NONE;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* mct_session_limits_builder_set_daily_schedule:
|
||||||
|
* @builder: an initialised #MctSessionLimitsBuilder
|
||||||
|
* @start_time_secs: number of seconds since midnight when the user’s session
|
||||||
|
* can first start
|
||||||
|
* @end_time_secs: number of seconds since midnight when the user’s session can
|
||||||
|
* last end
|
||||||
|
*
|
||||||
|
* Set the session limits in @builder to be a daily schedule, where sessions are
|
||||||
|
* allowed between @start_time_secs and @end_time_secs every day.
|
||||||
|
* @start_time_secs and @end_time_secs are given as offsets from the start of
|
||||||
|
* the day, in seconds. @end_time_secs must be greater than @start_time_secs.
|
||||||
|
* @end_time_secs must be at most `24 * 60 * 60`.
|
||||||
|
*
|
||||||
|
* This will overwrite any other session limits.
|
||||||
|
*
|
||||||
|
* Since: 0.5.0
|
||||||
|
*/
|
||||||
|
void
|
||||||
|
mct_session_limits_builder_set_daily_schedule (MctSessionLimitsBuilder *builder,
|
||||||
|
guint start_time_secs,
|
||||||
|
guint end_time_secs)
|
||||||
|
{
|
||||||
|
MctSessionLimitsBuilderReal *_builder = (MctSessionLimitsBuilderReal *) builder;
|
||||||
|
|
||||||
|
g_return_if_fail (_builder != NULL);
|
||||||
|
g_return_if_fail (start_time_secs < end_time_secs);
|
||||||
|
g_return_if_fail (end_time_secs <= 24 * 60 * 60);
|
||||||
|
|
||||||
|
/* This will need to free other limit types’ data first in future. */
|
||||||
|
_builder->limit_type = MCT_SESSION_LIMITS_TYPE_DAILY_SCHEDULE;
|
||||||
|
_builder->daily_schedule.start_time = start_time_secs;
|
||||||
|
_builder->daily_schedule.end_time = end_time_secs;
|
||||||
|
}
|
|
@ -0,0 +1,122 @@
|
||||||
|
/* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*-
|
||||||
|
*
|
||||||
|
* Copyright © 2019 Endless Mobile, Inc.
|
||||||
|
*
|
||||||
|
* This library is free software; you can redistribute it and/or
|
||||||
|
* modify it under the terms of the GNU Lesser General Public
|
||||||
|
* License as published by the Free Software Foundation; either
|
||||||
|
* version 2.1 of the License, or (at your option) any later version.
|
||||||
|
*
|
||||||
|
* This library is distributed in the hope that it will be useful,
|
||||||
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||||
|
* Lesser General Public License for more details.
|
||||||
|
*
|
||||||
|
* You should have received a copy of the GNU Lesser General Public
|
||||||
|
* License along with this library; if not, write to the Free Software
|
||||||
|
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
|
||||||
|
*
|
||||||
|
* Authors:
|
||||||
|
* - Philip Withnall <withnall@endlessm.com>
|
||||||
|
*/
|
||||||
|
|
||||||
|
#pragma once
|
||||||
|
|
||||||
|
#include <gio/gio.h>
|
||||||
|
#include <glib.h>
|
||||||
|
#include <glib-object.h>
|
||||||
|
|
||||||
|
G_BEGIN_DECLS
|
||||||
|
|
||||||
|
/**
|
||||||
|
* MctSessionLimits:
|
||||||
|
*
|
||||||
|
* #MctSessionLimits is an opaque, immutable structure which contains a snapshot
|
||||||
|
* of the session limits settings for a user at a given time. This includes
|
||||||
|
* whether session limits are being enforced, and the limit policy — for
|
||||||
|
* example, the times of day when a user is allowed to use the computer.
|
||||||
|
*
|
||||||
|
* Typically, session limits settings can only be changed by the administrator,
|
||||||
|
* and are read-only for non-administrative users. The precise policy is set
|
||||||
|
* using polkit.
|
||||||
|
*
|
||||||
|
* Since: 0.5.0
|
||||||
|
*/
|
||||||
|
typedef struct _MctSessionLimits MctSessionLimits;
|
||||||
|
GType mct_session_limits_get_type (void);
|
||||||
|
|
||||||
|
MctSessionLimits *mct_session_limits_ref (MctSessionLimits *limits);
|
||||||
|
void mct_session_limits_unref (MctSessionLimits *limits);
|
||||||
|
|
||||||
|
G_DEFINE_AUTOPTR_CLEANUP_FUNC (MctSessionLimits, mct_session_limits_unref)
|
||||||
|
|
||||||
|
uid_t mct_session_limits_get_user_id (MctSessionLimits *limits);
|
||||||
|
gboolean mct_session_limits_check_time_remaining (MctSessionLimits *limits,
|
||||||
|
guint64 now_usecs,
|
||||||
|
guint64 *time_remaining_secs_out,
|
||||||
|
gboolean *time_limit_enabled_out);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* MctSessionLimitsBuilder:
|
||||||
|
*
|
||||||
|
* #MctSessionLimitsBuilder is a stack-allocated mutable structure used to build
|
||||||
|
* an #MctSessionLimits instance. Use mct_session_limits_builder_init(), various
|
||||||
|
* method calls to set properties of the session limits, and then
|
||||||
|
* mct_session_limits_builder_end(), to construct an #MctSessionLimits.
|
||||||
|
*
|
||||||
|
* Since: 0.5.0
|
||||||
|
*/
|
||||||
|
typedef struct
|
||||||
|
{
|
||||||
|
/*< private >*/
|
||||||
|
guint u0;
|
||||||
|
guint u1;
|
||||||
|
guint u2;
|
||||||
|
gpointer p0[10];
|
||||||
|
} MctSessionLimitsBuilder;
|
||||||
|
|
||||||
|
GType mct_session_limits_builder_get_type (void);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* MCT_SESSION_LIMITS_BUILDER_INIT:
|
||||||
|
*
|
||||||
|
* Initialise a stack-allocated #MctSessionLimitsBuilder instance at declaration
|
||||||
|
* time.
|
||||||
|
*
|
||||||
|
* This is typically used with g_auto():
|
||||||
|
* |[
|
||||||
|
* g_auto(MctSessionLimitsBuilder) builder = MCT_SESSION_LIMITS_BUILDER_INIT ();
|
||||||
|
* ]|
|
||||||
|
*
|
||||||
|
* Since: 0.5.0
|
||||||
|
*/
|
||||||
|
#define MCT_SESSION_LIMITS_BUILDER_INIT() \
|
||||||
|
{ \
|
||||||
|
0, /* MCT_SESSION_LIMITS_TYPE_NONE */ \
|
||||||
|
0, \
|
||||||
|
0, \
|
||||||
|
/* padding: */ \
|
||||||
|
{ NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL } \
|
||||||
|
}
|
||||||
|
|
||||||
|
void mct_session_limits_builder_init (MctSessionLimitsBuilder *builder);
|
||||||
|
void mct_session_limits_builder_clear (MctSessionLimitsBuilder *builder);
|
||||||
|
|
||||||
|
G_DEFINE_AUTO_CLEANUP_CLEAR_FUNC (MctSessionLimitsBuilder,
|
||||||
|
mct_session_limits_builder_clear)
|
||||||
|
|
||||||
|
MctSessionLimitsBuilder *mct_session_limits_builder_new (void);
|
||||||
|
MctSessionLimitsBuilder *mct_session_limits_builder_copy (MctSessionLimitsBuilder *builder);
|
||||||
|
void mct_session_limits_builder_free (MctSessionLimitsBuilder *builder);
|
||||||
|
|
||||||
|
G_DEFINE_AUTOPTR_CLEANUP_FUNC (MctSessionLimitsBuilder, mct_session_limits_builder_free)
|
||||||
|
|
||||||
|
MctSessionLimits *mct_session_limits_builder_end (MctSessionLimitsBuilder *builder);
|
||||||
|
|
||||||
|
void mct_session_limits_builder_set_none (MctSessionLimitsBuilder *builder);
|
||||||
|
|
||||||
|
void mct_session_limits_builder_set_daily_schedule (MctSessionLimitsBuilder *builder,
|
||||||
|
guint start_time_secs,
|
||||||
|
guint end_time_secs);
|
||||||
|
|
||||||
|
G_END_DECLS
|
|
@ -594,7 +594,7 @@ test_app_filter_bus_get (BusFixture *fixture,
|
||||||
|
|
||||||
mct_manager_get_app_filter_async (fixture->manager,
|
mct_manager_get_app_filter_async (fixture->manager,
|
||||||
fixture->valid_uid,
|
fixture->valid_uid,
|
||||||
MCT_GET_APP_FILTER_FLAGS_NONE, NULL,
|
MCT_MANAGER_GET_VALUE_FLAGS_NONE, NULL,
|
||||||
async_result_cb, &result);
|
async_result_cb, &result);
|
||||||
|
|
||||||
while (result == NULL)
|
while (result == NULL)
|
||||||
|
@ -605,7 +605,7 @@ test_app_filter_bus_get (BusFixture *fixture,
|
||||||
{
|
{
|
||||||
app_filter = mct_manager_get_app_filter (fixture->manager,
|
app_filter = mct_manager_get_app_filter (fixture->manager,
|
||||||
fixture->valid_uid,
|
fixture->valid_uid,
|
||||||
MCT_GET_APP_FILTER_FLAGS_NONE, NULL,
|
MCT_MANAGER_GET_VALUE_FLAGS_NONE, NULL,
|
||||||
&local_error);
|
&local_error);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -650,7 +650,7 @@ test_app_filter_bus_get_whitelist (BusFixture *fixture,
|
||||||
|
|
||||||
app_filter = mct_manager_get_app_filter (fixture->manager,
|
app_filter = mct_manager_get_app_filter (fixture->manager,
|
||||||
fixture->valid_uid,
|
fixture->valid_uid,
|
||||||
MCT_GET_APP_FILTER_FLAGS_NONE, NULL,
|
MCT_MANAGER_GET_VALUE_FLAGS_NONE, NULL,
|
||||||
&local_error);
|
&local_error);
|
||||||
|
|
||||||
g_assert_no_error (local_error);
|
g_assert_no_error (local_error);
|
||||||
|
@ -705,7 +705,7 @@ test_app_filter_bus_get_all_oars_values (BusFixture *fixture,
|
||||||
|
|
||||||
app_filter = mct_manager_get_app_filter (fixture->manager,
|
app_filter = mct_manager_get_app_filter (fixture->manager,
|
||||||
fixture->valid_uid,
|
fixture->valid_uid,
|
||||||
MCT_GET_APP_FILTER_FLAGS_NONE, NULL,
|
MCT_MANAGER_GET_VALUE_FLAGS_NONE, NULL,
|
||||||
&local_error);
|
&local_error);
|
||||||
|
|
||||||
g_assert_no_error (local_error);
|
g_assert_no_error (local_error);
|
||||||
|
@ -753,7 +753,7 @@ test_app_filter_bus_get_defaults (BusFixture *fixture,
|
||||||
|
|
||||||
app_filter = mct_manager_get_app_filter (fixture->manager,
|
app_filter = mct_manager_get_app_filter (fixture->manager,
|
||||||
fixture->valid_uid,
|
fixture->valid_uid,
|
||||||
MCT_GET_APP_FILTER_FLAGS_NONE, NULL,
|
MCT_MANAGER_GET_VALUE_FLAGS_NONE, NULL,
|
||||||
&local_error);
|
&local_error);
|
||||||
|
|
||||||
g_assert_no_error (local_error);
|
g_assert_no_error (local_error);
|
||||||
|
@ -785,7 +785,7 @@ test_app_filter_bus_get_error_invalid_user (BusFixture *fixture,
|
||||||
|
|
||||||
mct_manager_get_app_filter_async (fixture->manager,
|
mct_manager_get_app_filter_async (fixture->manager,
|
||||||
fixture->missing_uid,
|
fixture->missing_uid,
|
||||||
MCT_GET_APP_FILTER_FLAGS_NONE, NULL,
|
MCT_MANAGER_GET_VALUE_FLAGS_NONE, NULL,
|
||||||
async_result_cb, &result);
|
async_result_cb, &result);
|
||||||
|
|
||||||
/* Handle the FindUserById() call and claim the user doesn’t exist. */
|
/* Handle the FindUserById() call and claim the user doesn’t exist. */
|
||||||
|
@ -809,7 +809,7 @@ test_app_filter_bus_get_error_invalid_user (BusFixture *fixture,
|
||||||
&local_error);
|
&local_error);
|
||||||
|
|
||||||
g_assert_error (local_error,
|
g_assert_error (local_error,
|
||||||
MCT_APP_FILTER_ERROR, MCT_APP_FILTER_ERROR_INVALID_USER);
|
MCT_MANAGER_ERROR, MCT_MANAGER_ERROR_INVALID_USER);
|
||||||
g_assert_null (app_filter);
|
g_assert_null (app_filter);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -831,7 +831,7 @@ test_app_filter_bus_get_error_permission_denied (BusFixture *fixture,
|
||||||
|
|
||||||
mct_manager_get_app_filter_async (fixture->manager,
|
mct_manager_get_app_filter_async (fixture->manager,
|
||||||
fixture->valid_uid,
|
fixture->valid_uid,
|
||||||
MCT_GET_APP_FILTER_FLAGS_NONE, NULL,
|
MCT_MANAGER_GET_VALUE_FLAGS_NONE, NULL,
|
||||||
async_result_cb, &result);
|
async_result_cb, &result);
|
||||||
|
|
||||||
/* Handle the FindUserById() call. */
|
/* Handle the FindUserById() call. */
|
||||||
|
@ -866,7 +866,7 @@ test_app_filter_bus_get_error_permission_denied (BusFixture *fixture,
|
||||||
&local_error);
|
&local_error);
|
||||||
|
|
||||||
g_assert_error (local_error,
|
g_assert_error (local_error,
|
||||||
MCT_APP_FILTER_ERROR, MCT_APP_FILTER_ERROR_PERMISSION_DENIED);
|
MCT_MANAGER_ERROR, MCT_MANAGER_ERROR_PERMISSION_DENIED);
|
||||||
g_assert_null (app_filter);
|
g_assert_null (app_filter);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -888,7 +888,7 @@ test_app_filter_bus_get_error_permission_denied_missing (BusFixture *fixture,
|
||||||
|
|
||||||
mct_manager_get_app_filter_async (fixture->manager,
|
mct_manager_get_app_filter_async (fixture->manager,
|
||||||
fixture->valid_uid,
|
fixture->valid_uid,
|
||||||
MCT_GET_APP_FILTER_FLAGS_NONE, NULL,
|
MCT_MANAGER_GET_VALUE_FLAGS_NONE, NULL,
|
||||||
async_result_cb, &result);
|
async_result_cb, &result);
|
||||||
|
|
||||||
/* Handle the FindUserById() call. */
|
/* Handle the FindUserById() call. */
|
||||||
|
@ -924,7 +924,7 @@ test_app_filter_bus_get_error_permission_denied_missing (BusFixture *fixture,
|
||||||
&local_error);
|
&local_error);
|
||||||
|
|
||||||
g_assert_error (local_error,
|
g_assert_error (local_error,
|
||||||
MCT_APP_FILTER_ERROR, MCT_APP_FILTER_ERROR_PERMISSION_DENIED);
|
MCT_MANAGER_ERROR, MCT_MANAGER_ERROR_PERMISSION_DENIED);
|
||||||
g_assert_null (app_filter);
|
g_assert_null (app_filter);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -943,7 +943,7 @@ test_app_filter_bus_get_error_unknown (BusFixture *fixture,
|
||||||
|
|
||||||
mct_manager_get_app_filter_async (fixture->manager,
|
mct_manager_get_app_filter_async (fixture->manager,
|
||||||
fixture->valid_uid,
|
fixture->valid_uid,
|
||||||
MCT_GET_APP_FILTER_FLAGS_NONE, NULL,
|
MCT_MANAGER_GET_VALUE_FLAGS_NONE, NULL,
|
||||||
async_result_cb, &result);
|
async_result_cb, &result);
|
||||||
|
|
||||||
/* Handle the FindUserById() call and return a bogus error. */
|
/* Handle the FindUserById() call and return a bogus error. */
|
||||||
|
@ -991,7 +991,7 @@ test_app_filter_bus_get_error_disabled (BusFixture *fixture,
|
||||||
|
|
||||||
mct_manager_get_app_filter_async (fixture->manager,
|
mct_manager_get_app_filter_async (fixture->manager,
|
||||||
fixture->valid_uid,
|
fixture->valid_uid,
|
||||||
MCT_GET_APP_FILTER_FLAGS_NONE, NULL,
|
MCT_MANAGER_GET_VALUE_FLAGS_NONE, NULL,
|
||||||
async_result_cb, &result);
|
async_result_cb, &result);
|
||||||
|
|
||||||
/* Handle the FindUserById() call. */
|
/* Handle the FindUserById() call. */
|
||||||
|
@ -1027,7 +1027,7 @@ test_app_filter_bus_get_error_disabled (BusFixture *fixture,
|
||||||
&local_error);
|
&local_error);
|
||||||
|
|
||||||
g_assert_error (local_error,
|
g_assert_error (local_error,
|
||||||
MCT_APP_FILTER_ERROR, MCT_APP_FILTER_ERROR_DISABLED);
|
MCT_MANAGER_ERROR, MCT_MANAGER_ERROR_DISABLED);
|
||||||
g_assert_null (app_filter);
|
g_assert_null (app_filter);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1184,7 +1184,7 @@ test_app_filter_bus_set (BusFixture *fixture,
|
||||||
|
|
||||||
mct_manager_set_app_filter_async (fixture->manager,
|
mct_manager_set_app_filter_async (fixture->manager,
|
||||||
fixture->valid_uid, app_filter,
|
fixture->valid_uid, app_filter,
|
||||||
MCT_SET_APP_FILTER_FLAGS_NONE, NULL,
|
MCT_MANAGER_SET_VALUE_FLAGS_NONE, NULL,
|
||||||
async_result_cb, &result);
|
async_result_cb, &result);
|
||||||
|
|
||||||
while (result == NULL)
|
while (result == NULL)
|
||||||
|
@ -1196,7 +1196,7 @@ test_app_filter_bus_set (BusFixture *fixture,
|
||||||
{
|
{
|
||||||
success = mct_manager_set_app_filter (fixture->manager,
|
success = mct_manager_set_app_filter (fixture->manager,
|
||||||
fixture->valid_uid, app_filter,
|
fixture->valid_uid, app_filter,
|
||||||
MCT_SET_APP_FILTER_FLAGS_NONE, NULL,
|
MCT_MANAGER_SET_VALUE_FLAGS_NONE, NULL,
|
||||||
&local_error);
|
&local_error);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1225,7 +1225,7 @@ test_app_filter_bus_set_error_invalid_user (BusFixture *fixture,
|
||||||
|
|
||||||
mct_manager_set_app_filter_async (fixture->manager,
|
mct_manager_set_app_filter_async (fixture->manager,
|
||||||
fixture->missing_uid, app_filter,
|
fixture->missing_uid, app_filter,
|
||||||
MCT_SET_APP_FILTER_FLAGS_NONE, NULL,
|
MCT_MANAGER_SET_VALUE_FLAGS_NONE, NULL,
|
||||||
async_result_cb, &result);
|
async_result_cb, &result);
|
||||||
|
|
||||||
/* Handle the FindUserById() call and claim the user doesn’t exist. */
|
/* Handle the FindUserById() call and claim the user doesn’t exist. */
|
||||||
|
@ -1249,7 +1249,7 @@ test_app_filter_bus_set_error_invalid_user (BusFixture *fixture,
|
||||||
&local_error);
|
&local_error);
|
||||||
|
|
||||||
g_assert_error (local_error,
|
g_assert_error (local_error,
|
||||||
MCT_APP_FILTER_ERROR, MCT_APP_FILTER_ERROR_INVALID_USER);
|
MCT_MANAGER_ERROR, MCT_MANAGER_ERROR_INVALID_USER);
|
||||||
g_assert_false (success);
|
g_assert_false (success);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1282,11 +1282,11 @@ test_app_filter_bus_set_error_permission_denied (BusFixture *fixture,
|
||||||
|
|
||||||
success = mct_manager_set_app_filter (fixture->manager,
|
success = mct_manager_set_app_filter (fixture->manager,
|
||||||
fixture->valid_uid, app_filter,
|
fixture->valid_uid, app_filter,
|
||||||
MCT_SET_APP_FILTER_FLAGS_NONE, NULL,
|
MCT_MANAGER_SET_VALUE_FLAGS_NONE, NULL,
|
||||||
&local_error);
|
&local_error);
|
||||||
|
|
||||||
g_assert_error (local_error,
|
g_assert_error (local_error,
|
||||||
MCT_APP_FILTER_ERROR, MCT_APP_FILTER_ERROR_PERMISSION_DENIED);
|
MCT_MANAGER_ERROR, MCT_MANAGER_ERROR_PERMISSION_DENIED);
|
||||||
g_assert_false (success);
|
g_assert_false (success);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1320,7 +1320,7 @@ test_app_filter_bus_set_error_unknown (BusFixture *fixture,
|
||||||
|
|
||||||
success = mct_manager_set_app_filter (fixture->manager,
|
success = mct_manager_set_app_filter (fixture->manager,
|
||||||
fixture->valid_uid, app_filter,
|
fixture->valid_uid, app_filter,
|
||||||
MCT_SET_APP_FILTER_FLAGS_NONE, NULL,
|
MCT_MANAGER_SET_VALUE_FLAGS_NONE, NULL,
|
||||||
&local_error);
|
&local_error);
|
||||||
|
|
||||||
g_assert_error (local_error, G_IO_ERROR, G_IO_ERROR_DBUS_ERROR);
|
g_assert_error (local_error, G_IO_ERROR, G_IO_ERROR_DBUS_ERROR);
|
||||||
|
@ -1363,7 +1363,7 @@ test_app_filter_bus_set_error_invalid_property (BusFixture *fixture,
|
||||||
|
|
||||||
success = mct_manager_set_app_filter (fixture->manager,
|
success = mct_manager_set_app_filter (fixture->manager,
|
||||||
fixture->valid_uid, app_filter,
|
fixture->valid_uid, app_filter,
|
||||||
MCT_SET_APP_FILTER_FLAGS_NONE, NULL,
|
MCT_MANAGER_SET_VALUE_FLAGS_NONE, NULL,
|
||||||
&local_error);
|
&local_error);
|
||||||
|
|
||||||
g_assert_error (local_error, G_DBUS_ERROR, G_DBUS_ERROR_INVALID_ARGS);
|
g_assert_error (local_error, G_DBUS_ERROR, G_DBUS_ERROR_INVALID_ARGS);
|
||||||
|
|
|
@ -33,9 +33,14 @@ accounts_service_iface_c = custom_target(
|
||||||
'@INPUT@'],
|
'@INPUT@'],
|
||||||
)
|
)
|
||||||
|
|
||||||
|
accounts_service_extension_ifaces = [
|
||||||
|
join_paths(meson.source_root(), 'accounts-service', 'com.endlessm.ParentalControls.AppFilter.xml'),
|
||||||
|
join_paths(meson.source_root(), 'accounts-service', 'com.endlessm.ParentalControls.SessionLimits.xml'),
|
||||||
|
]
|
||||||
|
|
||||||
accounts_service_extension_iface_h = custom_target(
|
accounts_service_extension_iface_h = custom_target(
|
||||||
'accounts-service-extension-iface.h',
|
'accounts-service-extension-iface.h',
|
||||||
input: ['com.endlessm.ParentalControls.AppFilter.xml'],
|
input: accounts_service_extension_ifaces,
|
||||||
output: ['accounts-service-extension-iface.h'],
|
output: ['accounts-service-extension-iface.h'],
|
||||||
command: [gdbus_codegen,
|
command: [gdbus_codegen,
|
||||||
'--interface-info-header',
|
'--interface-info-header',
|
||||||
|
@ -44,7 +49,7 @@ accounts_service_extension_iface_h = custom_target(
|
||||||
)
|
)
|
||||||
accounts_service_extension_iface_c = custom_target(
|
accounts_service_extension_iface_c = custom_target(
|
||||||
'accounts-service-extension-iface.c',
|
'accounts-service-extension-iface.c',
|
||||||
input: ['com.endlessm.ParentalControls.AppFilter.xml'],
|
input: accounts_service_extension_ifaces,
|
||||||
output: ['accounts-service-extension-iface.c'],
|
output: ['accounts-service-extension-iface.c'],
|
||||||
command: [gdbus_codegen,
|
command: [gdbus_codegen,
|
||||||
'--interface-info-body',
|
'--interface-info-body',
|
||||||
|
@ -59,6 +64,12 @@ test_programs = [
|
||||||
accounts_service_extension_iface_h,
|
accounts_service_extension_iface_h,
|
||||||
accounts_service_extension_iface_c,
|
accounts_service_extension_iface_c,
|
||||||
], deps],
|
], deps],
|
||||||
|
['session-limits', [
|
||||||
|
accounts_service_iface_h,
|
||||||
|
accounts_service_iface_c,
|
||||||
|
accounts_service_extension_iface_h,
|
||||||
|
accounts_service_extension_iface_c,
|
||||||
|
], deps],
|
||||||
]
|
]
|
||||||
|
|
||||||
installed_tests_metadir = join_paths(datadir, 'installed-tests',
|
installed_tests_metadir = join_paths(datadir, 'installed-tests',
|
||||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -10,9 +10,9 @@ malcontent\-client — Parental Controls Access Utility
|
||||||
.SH SYNOPSIS
|
.SH SYNOPSIS
|
||||||
.IX Header "SYNOPSIS"
|
.IX Header "SYNOPSIS"
|
||||||
.\"
|
.\"
|
||||||
\fBmalcontent\-client get [\-q] [\-n] [\fPUSER\fB]
|
\fBmalcontent\-client get\-app\-filter [\-q] [\-n] [\fPUSER\fB]
|
||||||
.PP
|
.PP
|
||||||
\fBmalcontent\-client check [\-q] [\-n] [\fPUSER\fB] \fPARG\fB
|
\fBmalcontent\-client check\-app\-filter [\-q] [\-n] [\fPUSER\fB] \fPARG\fB
|
||||||
.\"
|
.\"
|
||||||
.SH DESCRIPTION
|
.SH DESCRIPTION
|
||||||
.IX Header "DESCRIPTION"
|
.IX Header "DESCRIPTION"
|
||||||
|
@ -25,10 +25,13 @@ controls.
|
||||||
It communicates with accounts-service, which stores parental controls data.
|
It communicates with accounts-service, which stores parental controls data.
|
||||||
.PP
|
.PP
|
||||||
Its first argument is a command to run. Currently, the only supported commands
|
Its first argument is a command to run. Currently, the only supported commands
|
||||||
are \fBget\fP and \fBcheck\fP.
|
are \fBget\-app\-filter\fP and \fBcheck\-app\-filter\fP.
|
||||||
|
.PP
|
||||||
|
The command line API and output format are unstable and likely to change in
|
||||||
|
future versions of \fBmalcontent\-client\fP.
|
||||||
.\"
|
.\"
|
||||||
.SH \fBget\fP OPTIONS
|
.SH \fBget\-app\-filter\fP OPTIONS
|
||||||
.IX Header "get OPTIONS"
|
.IX Header "get\-app\-filter OPTIONS"
|
||||||
.\"
|
.\"
|
||||||
.IP "\fBUSER\fP"
|
.IP "\fBUSER\fP"
|
||||||
Username or ID of the user to get the app filter for. If not specified, the
|
Username or ID of the user to get the app filter for. If not specified, the
|
||||||
|
@ -43,8 +46,8 @@ Do not allow interactive authorization with polkit. If this is needed to
|
||||||
complete the operation, the operation will fail. (Default: Allow interactive
|
complete the operation, the operation will fail. (Default: Allow interactive
|
||||||
authorization.)
|
authorization.)
|
||||||
.\"
|
.\"
|
||||||
.SH \fBcheck\fP OPTIONS
|
.SH \fBcheck\-app\-filter\fP OPTIONS
|
||||||
.IX Header "check OPTIONS"
|
.IX Header "check\-app\-filter OPTIONS"
|
||||||
.\"
|
.\"
|
||||||
.IP "\fBUSER\fP"
|
.IP "\fBUSER\fP"
|
||||||
Username or ID of the user to get the app filter for. If not specified, the
|
Username or ID of the user to get the app filter for. If not specified, the
|
||||||
|
@ -85,8 +88,8 @@ encounters problems.
|
||||||
.IP "0" 4
|
.IP "0" 4
|
||||||
.IX Item "0"
|
.IX Item "0"
|
||||||
No problems occurred. The utility ran and successfully queried the app filter.
|
No problems occurred. The utility ran and successfully queried the app filter.
|
||||||
If running the \fBcheck\fP command, the given path, content type or flatpak ref
|
If running the \fBcheck\-app\-filter\fP command, the given path, content type or
|
||||||
was allowed for the given user.
|
flatpak ref was allowed for the given user.
|
||||||
.\"
|
.\"
|
||||||
.IP "1" 4
|
.IP "1" 4
|
||||||
.IX Item "1"
|
.IX Item "1"
|
||||||
|
@ -99,8 +102,17 @@ The current user was not authorized to query the app filter for the given user.
|
||||||
.\"
|
.\"
|
||||||
.IP "3" 4
|
.IP "3" 4
|
||||||
.IX Item "3"
|
.IX Item "3"
|
||||||
If running the \fBcheck\fP command, the given path, content type or flatpak ref
|
If running the \fBcheck\-app\-filter\fP command, the given path, content type or
|
||||||
was \fInot\fP allowed for the given user.
|
flatpak ref was \fInot\fP allowed for the given user.
|
||||||
|
.\"
|
||||||
|
.IP "4" 4
|
||||||
|
.IX Item "4"
|
||||||
|
Malcontent is disabled at the system level, and hence parental controls are
|
||||||
|
not enabled or enforced.
|
||||||
|
.\"
|
||||||
|
.IP "5" 4
|
||||||
|
.IX Item "5"
|
||||||
|
An operation failed and no more specific error information is available.
|
||||||
.\"
|
.\"
|
||||||
.SH BUGS
|
.SH BUGS
|
||||||
.IX Header "BUGS"
|
.IX Header "BUGS"
|
||||||
|
|
|
@ -17,6 +17,7 @@
|
||||||
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
|
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
|
||||||
|
|
||||||
import argparse
|
import argparse
|
||||||
|
import datetime
|
||||||
import os
|
import os
|
||||||
import pwd
|
import pwd
|
||||||
import sys
|
import sys
|
||||||
|
@ -30,6 +31,25 @@ EXIT_SUCCESS = 0
|
||||||
EXIT_INVALID_OPTION = 1
|
EXIT_INVALID_OPTION = 1
|
||||||
EXIT_PERMISSION_DENIED = 2
|
EXIT_PERMISSION_DENIED = 2
|
||||||
EXIT_PATH_NOT_ALLOWED = 3
|
EXIT_PATH_NOT_ALLOWED = 3
|
||||||
|
EXIT_DISABLED = 4
|
||||||
|
EXIT_FAILED = 5
|
||||||
|
|
||||||
|
|
||||||
|
def __manager_error_to_exit_code(error):
|
||||||
|
if error.matches(Malcontent.manager_error_quark(),
|
||||||
|
Malcontent.ManagerError.INVALID_USER):
|
||||||
|
return EXIT_INVALID_OPTION
|
||||||
|
elif error.matches(Malcontent.manager_error_quark(),
|
||||||
|
Malcontent.ManagerError.PERMISSION_DENIED):
|
||||||
|
return EXIT_PERMISSION_DENIED
|
||||||
|
elif error.matches(Malcontent.manager_error_quark(),
|
||||||
|
Malcontent.ManagerError.INVALID_DATA):
|
||||||
|
return EXIT_INVALID_OPTION
|
||||||
|
elif error.matches(Malcontent.manager_error_quark(),
|
||||||
|
Malcontent.ManagerError.DISABLED):
|
||||||
|
return EXIT_DISABLED
|
||||||
|
|
||||||
|
return EXIT_FAILED
|
||||||
|
|
||||||
|
|
||||||
def __get_app_filter(user_id, interactive):
|
def __get_app_filter(user_id, interactive):
|
||||||
|
@ -38,9 +58,9 @@ def __get_app_filter(user_id, interactive):
|
||||||
If `interactive` is `True`, interactive polkit authorisation dialogues will
|
If `interactive` is `True`, interactive polkit authorisation dialogues will
|
||||||
be allowed. An exception will be raised on failure."""
|
be allowed. An exception will be raised on failure."""
|
||||||
if interactive:
|
if interactive:
|
||||||
flags = Malcontent.GetAppFilterFlags.INTERACTIVE
|
flags = Malcontent.ManagerGetValueFlags.INTERACTIVE
|
||||||
else:
|
else:
|
||||||
flags = Malcontent.GetAppFilterFlags.NONE
|
flags = Malcontent.ManagerGetValueFlags.NONE
|
||||||
|
|
||||||
connection = Gio.bus_get_sync(Gio.BusType.SYSTEM)
|
connection = Gio.bus_get_sync(Gio.BusType.SYSTEM)
|
||||||
manager = Malcontent.Manager.new(connection)
|
manager = Malcontent.Manager.new(connection)
|
||||||
|
@ -57,7 +77,35 @@ def __get_app_filter_or_error(user_id, interactive):
|
||||||
except GLib.Error as e:
|
except GLib.Error as e:
|
||||||
print('Error getting app filter for user {}: {}'.format(
|
print('Error getting app filter for user {}: {}'.format(
|
||||||
user_id, e.message), file=sys.stderr)
|
user_id, e.message), file=sys.stderr)
|
||||||
raise SystemExit(EXIT_PERMISSION_DENIED)
|
raise SystemExit(__manager_error_to_exit_code(e))
|
||||||
|
|
||||||
|
|
||||||
|
def __get_session_limits(user_id, interactive):
|
||||||
|
"""Get the session limits for `user_id` off the bus.
|
||||||
|
|
||||||
|
If `interactive` is `True`, interactive polkit authorisation dialogues will
|
||||||
|
be allowed. An exception will be raised on failure."""
|
||||||
|
if interactive:
|
||||||
|
flags = Malcontent.ManagerGetValueFlags.INTERACTIVE
|
||||||
|
else:
|
||||||
|
flags = Malcontent.ManagerGetValueFlags.NONE
|
||||||
|
|
||||||
|
connection = Gio.bus_get_sync(Gio.BusType.SYSTEM)
|
||||||
|
manager = Malcontent.Manager.new(connection)
|
||||||
|
return manager.get_session_limits(
|
||||||
|
user_id=user_id,
|
||||||
|
flags=flags, cancellable=None)
|
||||||
|
|
||||||
|
|
||||||
|
def __get_session_limits_or_error(user_id, interactive):
|
||||||
|
"""Wrapper around __get_session_limits() which prints an error and raises
|
||||||
|
SystemExit, rather than an internal exception."""
|
||||||
|
try:
|
||||||
|
return __get_session_limits(user_id, interactive)
|
||||||
|
except GLib.Error as e:
|
||||||
|
print('Error getting session limits for user {}: {}'.format(
|
||||||
|
user_id, e.message), file=sys.stderr)
|
||||||
|
raise SystemExit(__manager_error_to_exit_code(e))
|
||||||
|
|
||||||
|
|
||||||
def __set_app_filter(user_id, app_filter, interactive):
|
def __set_app_filter(user_id, app_filter, interactive):
|
||||||
|
@ -66,9 +114,9 @@ def __set_app_filter(user_id, app_filter, interactive):
|
||||||
If `interactive` is `True`, interactive polkit authorisation dialogues will
|
If `interactive` is `True`, interactive polkit authorisation dialogues will
|
||||||
be allowed. An exception will be raised on failure."""
|
be allowed. An exception will be raised on failure."""
|
||||||
if interactive:
|
if interactive:
|
||||||
flags = Malcontent.GetAppFilterFlags.INTERACTIVE
|
flags = Malcontent.ManagerSetValueFlags.INTERACTIVE
|
||||||
else:
|
else:
|
||||||
flags = Malcontent.GetAppFilterFlags.NONE
|
flags = Malcontent.ManagerSetValueFlags.NONE
|
||||||
|
|
||||||
connection = Gio.bus_get_sync(Gio.BusType.SYSTEM)
|
connection = Gio.bus_get_sync(Gio.BusType.SYSTEM)
|
||||||
manager = Malcontent.Manager.new(connection)
|
manager = Malcontent.Manager.new(connection)
|
||||||
|
@ -85,29 +133,34 @@ def __set_app_filter_or_error(user_id, app_filter, interactive):
|
||||||
except GLib.Error as e:
|
except GLib.Error as e:
|
||||||
print('Error setting app filter for user {}: {}'.format(
|
print('Error setting app filter for user {}: {}'.format(
|
||||||
user_id, e.message), file=sys.stderr)
|
user_id, e.message), file=sys.stderr)
|
||||||
raise SystemExit(EXIT_PERMISSION_DENIED)
|
raise SystemExit(__manager_error_to_exit_code(e))
|
||||||
|
|
||||||
|
|
||||||
def __lookup_user_id(user):
|
def __lookup_user_id(user_id_or_username):
|
||||||
"""Convert a command-line specified username or ID into a user ID. If
|
"""Convert a command-line specified username or ID into a
|
||||||
`user` is empty, use the current user ID.
|
(user ID, username) tuple, looking up the component which isn’t specified.
|
||||||
|
If `user_id_or_username` is empty, use the current user ID.
|
||||||
|
|
||||||
Raise KeyError if lookup fails."""
|
Raise KeyError if lookup fails."""
|
||||||
if user == '':
|
if user_id_or_username == '':
|
||||||
return os.getuid()
|
user_id = os.getuid()
|
||||||
elif user.isdigit():
|
return (user_id, pwd.getpwuid(user_id).pw_name)
|
||||||
return int(user)
|
elif user_id_or_username.isdigit():
|
||||||
|
user_id = int(user_id_or_username)
|
||||||
|
return (user_id, pwd.getpwuid(user_id).pw_name)
|
||||||
else:
|
else:
|
||||||
return pwd.getpwnam(user).pw_uid
|
username = user_id_or_username
|
||||||
|
return (pwd.getpwnam(username).pw_uid, username)
|
||||||
|
|
||||||
|
|
||||||
def __lookup_user_id_or_error(user):
|
def __lookup_user_id_or_error(user_id_or_username):
|
||||||
"""Wrapper around __lookup_user_id() which prints an error and raises
|
"""Wrapper around __lookup_user_id() which prints an error and raises
|
||||||
SystemExit, rather than an internal exception."""
|
SystemExit, rather than an internal exception."""
|
||||||
try:
|
try:
|
||||||
return __lookup_user_id(user)
|
return __lookup_user_id(user_id_or_username)
|
||||||
except KeyError:
|
except KeyError:
|
||||||
print('Error getting ID for username {}'.format(user), file=sys.stderr)
|
print('Error getting ID for username {}'.format(user_id_or_username),
|
||||||
|
file=sys.stderr)
|
||||||
raise SystemExit(EXIT_INVALID_OPTION)
|
raise SystemExit(EXIT_INVALID_OPTION)
|
||||||
|
|
||||||
|
|
||||||
|
@ -138,12 +191,12 @@ def __oars_value_from_string(value_str):
|
||||||
raise KeyError('Unknown OARS value ‘{}’'.format(value_str))
|
raise KeyError('Unknown OARS value ‘{}’'.format(value_str))
|
||||||
|
|
||||||
|
|
||||||
def command_get(user, quiet=False, interactive=True):
|
def command_get_app_filter(user, quiet=False, interactive=True):
|
||||||
"""Get the app filter for the given user."""
|
"""Get the app filter for the given user."""
|
||||||
user_id = __lookup_user_id_or_error(user)
|
(user_id, username) = __lookup_user_id_or_error(user)
|
||||||
app_filter = __get_app_filter_or_error(user_id, interactive)
|
app_filter = __get_app_filter_or_error(user_id, interactive)
|
||||||
|
|
||||||
print('App filter for user {} retrieved:'.format(user_id))
|
print('App filter for user {} retrieved:'.format(username))
|
||||||
|
|
||||||
sections = app_filter.get_oars_sections()
|
sections = app_filter.get_oars_sections()
|
||||||
for section in sections:
|
for section in sections:
|
||||||
|
@ -163,12 +216,30 @@ def command_get(user, quiet=False, interactive=True):
|
||||||
print('App installation is disallowed to system repository')
|
print('App installation is disallowed to system repository')
|
||||||
|
|
||||||
|
|
||||||
|
def command_get_session_limits(user, now=None, quiet=False, interactive=True):
|
||||||
|
"""Get the session limits for the given user."""
|
||||||
|
(user_id, username) = __lookup_user_id_or_error(user)
|
||||||
|
session_limits = __get_session_limits_or_error(user_id, interactive)
|
||||||
|
|
||||||
|
(user_allowed_now, time_remaining_secs, time_limit_enabled) = \
|
||||||
|
session_limits.check_time_remaining(now.timestamp() * GLib.USEC_PER_SEC)
|
||||||
|
|
||||||
|
if not time_limit_enabled:
|
||||||
|
print('Session limits are not enabled for user {}'.format(username))
|
||||||
|
elif user_allowed_now:
|
||||||
|
print('Session limits are enabled for user {}, and they have {} '
|
||||||
|
'seconds remaining'.format(username, time_remaining_secs))
|
||||||
|
else:
|
||||||
|
print('Session limits are enabled for user {}, and they have no time '
|
||||||
|
'remaining'.format(username))
|
||||||
|
|
||||||
|
|
||||||
def command_monitor(user, quiet=False, interactive=True):
|
def command_monitor(user, quiet=False, interactive=True):
|
||||||
"""Monitor app filter changes for the given user."""
|
"""Monitor app filter changes for the given user."""
|
||||||
if user == '':
|
if user == '':
|
||||||
filter_user_id = 0
|
(filter_user_id, filter_username) = (0, '')
|
||||||
else:
|
else:
|
||||||
filter_user_id = __lookup_user_id_or_error(user)
|
(filter_user_id, filter_username) = __lookup_user_id_or_error(user)
|
||||||
apply_filter = (user != '')
|
apply_filter = (user != '')
|
||||||
|
|
||||||
def _on_app_filter_changed(manager, changed_user_id):
|
def _on_app_filter_changed(manager, changed_user_id):
|
||||||
|
@ -181,7 +252,7 @@ def command_monitor(user, quiet=False, interactive=True):
|
||||||
|
|
||||||
if apply_filter:
|
if apply_filter:
|
||||||
print('Monitoring app filter changes for '
|
print('Monitoring app filter changes for '
|
||||||
'user ID {}'.format(filter_user_id))
|
'user {}'.format(filter_username))
|
||||||
else:
|
else:
|
||||||
print('Monitoring app filter changes for all users')
|
print('Monitoring app filter changes for all users')
|
||||||
|
|
||||||
|
@ -213,10 +284,10 @@ def is_valid_content_type(arg):
|
||||||
parts[0] != '' and parts[1] != '')
|
parts[0] != '' and parts[1] != '')
|
||||||
|
|
||||||
|
|
||||||
def command_check(user, arg, quiet=False, interactive=True):
|
def command_check_app_filter(user, arg, quiet=False, interactive=True):
|
||||||
"""Check the given path, content type or flatpak ref is runnable by the
|
"""Check the given path, content type or flatpak ref is runnable by the
|
||||||
given user, according to their app filter."""
|
given user, according to their app filter."""
|
||||||
user_id = __lookup_user_id_or_error(user)
|
(user_id, username) = __lookup_user_id_or_error(user)
|
||||||
app_filter = __get_app_filter_or_error(user_id, interactive)
|
app_filter = __get_app_filter_or_error(user_id, interactive)
|
||||||
|
|
||||||
is_maybe_flatpak_id = arg.startswith('app/') and arg.count('/') < 3
|
is_maybe_flatpak_id = arg.startswith('app/') and arg.count('/') < 3
|
||||||
|
@ -259,31 +330,32 @@ def command_check(user, arg, quiet=False, interactive=True):
|
||||||
if is_allowed:
|
if is_allowed:
|
||||||
if not quiet:
|
if not quiet:
|
||||||
print('{} {} is allowed by app filter for user {}'.format(
|
print('{} {} is allowed by app filter for user {}'.format(
|
||||||
noun, arg, user_id))
|
noun, arg, username))
|
||||||
return
|
return
|
||||||
else:
|
else:
|
||||||
if not quiet:
|
if not quiet:
|
||||||
print('{} {} is not allowed by app filter for user {}'.format(
|
print('{} {} is not allowed by app filter for user {}'.format(
|
||||||
noun, arg, user_id))
|
noun, arg, username))
|
||||||
raise SystemExit(EXIT_PATH_NOT_ALLOWED)
|
raise SystemExit(EXIT_PATH_NOT_ALLOWED)
|
||||||
|
|
||||||
|
|
||||||
def command_oars_section(user, section, quiet=False, interactive=True):
|
def command_oars_section(user, section, quiet=False, interactive=True):
|
||||||
"""Get the value of the given OARS section for the given user, according
|
"""Get the value of the given OARS section for the given user, according
|
||||||
to their OARS filter."""
|
to their OARS filter."""
|
||||||
user_id = __lookup_user_id_or_error(user)
|
(user_id, username) = __lookup_user_id_or_error(user)
|
||||||
app_filter = __get_app_filter_or_error(user_id, interactive)
|
app_filter = __get_app_filter_or_error(user_id, interactive)
|
||||||
|
|
||||||
value = app_filter.get_oars_value(section)
|
value = app_filter.get_oars_value(section)
|
||||||
print('OARS section ‘{}’ for user {} has value ‘{}’'.format(
|
print('OARS section ‘{}’ for user {} has value ‘{}’'.format(
|
||||||
section, user_id, __oars_value_to_string(value)))
|
section, username, __oars_value_to_string(value)))
|
||||||
|
|
||||||
|
|
||||||
def command_set(user, allow_user_installation=True,
|
def command_set_app_filter(user, allow_user_installation=True,
|
||||||
allow_system_installation=False, app_filter_args=None,
|
allow_system_installation=False,
|
||||||
quiet=False, interactive=True):
|
app_filter_args=None, quiet=False,
|
||||||
|
interactive=True):
|
||||||
"""Set the app filter for the given user."""
|
"""Set the app filter for the given user."""
|
||||||
user_id = __lookup_user_id_or_error(user)
|
(user_id, username) = __lookup_user_id_or_error(user)
|
||||||
builder = Malcontent.AppFilterBuilder.new()
|
builder = Malcontent.AppFilterBuilder.new()
|
||||||
builder.set_allow_user_installation(allow_user_installation)
|
builder.set_allow_user_installation(allow_user_installation)
|
||||||
builder.set_allow_system_installation(allow_system_installation)
|
builder.set_allow_system_installation(allow_system_installation)
|
||||||
|
@ -327,7 +399,7 @@ def command_set(user, allow_user_installation=True,
|
||||||
__set_app_filter_or_error(user_id, app_filter, interactive)
|
__set_app_filter_or_error(user_id, app_filter, interactive)
|
||||||
|
|
||||||
if not quiet:
|
if not quiet:
|
||||||
print('App filter for user {} set'.format(user_id))
|
print('App filter for user {} set'.format(username))
|
||||||
|
|
||||||
|
|
||||||
def main():
|
def main():
|
||||||
|
@ -335,8 +407,9 @@ def main():
|
||||||
parser = argparse.ArgumentParser(
|
parser = argparse.ArgumentParser(
|
||||||
description='Query and update parental controls.')
|
description='Query and update parental controls.')
|
||||||
subparsers = parser.add_subparsers(metavar='command',
|
subparsers = parser.add_subparsers(metavar='command',
|
||||||
help='command to run (default: ‘get’)')
|
help='command to run (default: '
|
||||||
parser.set_defaults(function=command_get)
|
'‘get-app-filter’)')
|
||||||
|
parser.set_defaults(function=command_get_app_filter, user='')
|
||||||
parser.add_argument('-q', '--quiet', action='store_true',
|
parser.add_argument('-q', '--quiet', action='store_true',
|
||||||
help='output no informational messages')
|
help='output no informational messages')
|
||||||
parser.set_defaults(quiet=False)
|
parser.set_defaults(quiet=False)
|
||||||
|
@ -353,14 +426,34 @@ def main():
|
||||||
help='opposite of --no-interactive')
|
help='opposite of --no-interactive')
|
||||||
common_parser.set_defaults(interactive=True)
|
common_parser.set_defaults(interactive=True)
|
||||||
|
|
||||||
# ‘get’ command
|
# ‘get-app-filter’ command
|
||||||
parser_get = subparsers.add_parser('get', parents=[common_parser],
|
parser_get_app_filter = \
|
||||||
help='get current parental controls '
|
subparsers.add_parser('get-app-filter',
|
||||||
'settings')
|
parents=[common_parser],
|
||||||
parser_get.set_defaults(function=command_get)
|
help='get current app filter settings')
|
||||||
parser_get.add_argument('user', default='', nargs='?',
|
parser_get_app_filter.set_defaults(function=command_get_app_filter)
|
||||||
help='user ID or username to get the app filter '
|
parser_get_app_filter.add_argument('user', default='', nargs='?',
|
||||||
'for (default: current user)')
|
help='user ID or username to get the '
|
||||||
|
'app filter for (default: current '
|
||||||
|
'user)')
|
||||||
|
|
||||||
|
# ‘get-session-limits’ command
|
||||||
|
parser_get_session_limits = \
|
||||||
|
subparsers.add_parser('get-session-limits',
|
||||||
|
parents=[common_parser],
|
||||||
|
help='get current session limit settings')
|
||||||
|
parser_get_session_limits.set_defaults(function=command_get_session_limits)
|
||||||
|
parser_get_session_limits.add_argument('user', default='', nargs='?',
|
||||||
|
help='user ID or username to get '
|
||||||
|
'the session limits for (default: '
|
||||||
|
'current user)')
|
||||||
|
parser_get_session_limits.add_argument(
|
||||||
|
'--now',
|
||||||
|
metavar='yyyy-mm-ddThh:mm:ssZ',
|
||||||
|
type=lambda d: datetime.datetime.strptime(d, '%Y-%m-%dT%H:%M:%S%z'),
|
||||||
|
default=datetime.datetime.now(),
|
||||||
|
help='date/time to use as the value for ‘now’ (default: wall clock '
|
||||||
|
'time)')
|
||||||
|
|
||||||
# ‘monitor’ command
|
# ‘monitor’ command
|
||||||
parser_monitor = subparsers.add_parser('monitor',
|
parser_monitor = subparsers.add_parser('monitor',
|
||||||
|
@ -371,18 +464,19 @@ def main():
|
||||||
help='user ID or username to monitor the app '
|
help='user ID or username to monitor the app '
|
||||||
'filter for (default: all users)')
|
'filter for (default: all users)')
|
||||||
|
|
||||||
# ‘check’ command
|
# ‘check-app-filter’ command
|
||||||
parser_check = subparsers.add_parser('check', parents=[common_parser],
|
parser_check_app_filter = \
|
||||||
help='check whether a path, content '
|
subparsers.add_parser('check-app-filter', parents=[common_parser],
|
||||||
'type or flatpak ref is '
|
help='check whether a path, content type or '
|
||||||
'allowed by app filter')
|
'flatpak ref is allowed by app filter')
|
||||||
parser_check.set_defaults(function=command_check)
|
parser_check_app_filter.set_defaults(function=command_check_app_filter)
|
||||||
parser_check.add_argument('user', default='', nargs='?',
|
parser_check_app_filter.add_argument('user', default='', nargs='?',
|
||||||
help='user ID or username to get the app filter '
|
help='user ID or username to get the '
|
||||||
'for (default: current user)')
|
'app filter for (default: '
|
||||||
parser_check.add_argument('arg',
|
'current user)')
|
||||||
help='path to a program, content type or '
|
parser_check_app_filter.add_argument('arg',
|
||||||
'flatpak ref to check')
|
help='path to a program, content '
|
||||||
|
'type or flatpak ref to check')
|
||||||
|
|
||||||
# ‘oars-section’ command
|
# ‘oars-section’ command
|
||||||
parser_oars_section = subparsers.add_parser('oars-section',
|
parser_oars_section = subparsers.add_parser('oars-section',
|
||||||
|
@ -396,40 +490,43 @@ def main():
|
||||||
'user)')
|
'user)')
|
||||||
parser_oars_section.add_argument('section', help='OARS section to get')
|
parser_oars_section.add_argument('section', help='OARS section to get')
|
||||||
|
|
||||||
# ‘set’ command
|
# ‘set-app-filter’ command
|
||||||
parser_set = subparsers.add_parser('set', parents=[common_parser],
|
parser_set_app_filter = \
|
||||||
help='set current parental controls '
|
subparsers.add_parser('set-app-filter', parents=[common_parser],
|
||||||
'settings')
|
help='set current app filter settings')
|
||||||
parser_set.set_defaults(function=command_set)
|
parser_set_app_filter.set_defaults(function=command_set_app_filter)
|
||||||
parser_set.add_argument('user', default='', nargs='?',
|
parser_set_app_filter.add_argument('user', default='', nargs='?',
|
||||||
help='user ID or username to get the app filter '
|
help='user ID or username to set the '
|
||||||
'for (default: current user)')
|
'app filter for (default: current '
|
||||||
parser_set.add_argument('--allow-user-installation',
|
'user)')
|
||||||
dest='allow_user_installation',
|
parser_set_app_filter.add_argument('--allow-user-installation',
|
||||||
action='store_true',
|
dest='allow_user_installation',
|
||||||
help='allow installation to the user flatpak '
|
action='store_true',
|
||||||
'repo in general')
|
help='allow installation to the user '
|
||||||
parser_set.add_argument('--disallow-user-installation',
|
'flatpak repo in general')
|
||||||
dest='allow_user_installation',
|
parser_set_app_filter.add_argument('--disallow-user-installation',
|
||||||
action='store_false',
|
dest='allow_user_installation',
|
||||||
help='unconditionally disallow installation to '
|
action='store_false',
|
||||||
'the user flatpak repo')
|
help='unconditionally disallow '
|
||||||
parser_set.add_argument('--allow-system-installation',
|
'installation to the user flatpak '
|
||||||
dest='allow_system_installation',
|
'repo')
|
||||||
action='store_true',
|
parser_set_app_filter.add_argument('--allow-system-installation',
|
||||||
help='allow installation to the system flatpak '
|
dest='allow_system_installation',
|
||||||
'repo in general')
|
action='store_true',
|
||||||
parser_set.add_argument('--disallow-system-installation',
|
help='allow installation to the system '
|
||||||
dest='allow_system_installation',
|
'flatpak repo in general')
|
||||||
action='store_false',
|
parser_set_app_filter.add_argument('--disallow-system-installation',
|
||||||
help='unconditionally disallow installation to '
|
dest='allow_system_installation',
|
||||||
'the system flatpak repo')
|
action='store_false',
|
||||||
parser_set.add_argument('app_filter_args', nargs='*',
|
help='unconditionally disallow '
|
||||||
help='paths, content types or flatpak refs to '
|
'installation to the system '
|
||||||
'blacklist and OARS section=value '
|
'flatpak repo')
|
||||||
'pairs to store')
|
parser_set_app_filter.add_argument('app_filter_args', nargs='*',
|
||||||
parser_set.set_defaults(allow_user_installation=True,
|
help='paths, content types or flatpak '
|
||||||
allow_system_installation=False)
|
'refs to blacklist and OARS '
|
||||||
|
'section=value pairs to store')
|
||||||
|
parser_set_app_filter.set_defaults(allow_user_installation=True,
|
||||||
|
allow_system_installation=False)
|
||||||
|
|
||||||
# Parse the command line arguments and run the subcommand.
|
# Parse the command line arguments and run the subcommand.
|
||||||
args = parser.parse_args()
|
args = parser.parse_args()
|
||||||
|
|
10
meson.build
10
meson.build
|
@ -19,12 +19,19 @@ po_dir = join_paths(meson.source_root(), 'po')
|
||||||
prefix = get_option('prefix')
|
prefix = get_option('prefix')
|
||||||
bindir = join_paths(prefix, get_option('bindir'))
|
bindir = join_paths(prefix, get_option('bindir'))
|
||||||
datadir = join_paths(prefix, get_option('datadir'))
|
datadir = join_paths(prefix, get_option('datadir'))
|
||||||
|
libdir = join_paths(prefix, get_option('libdir'))
|
||||||
libexecdir = join_paths(prefix, get_option('libexecdir'))
|
libexecdir = join_paths(prefix, get_option('libexecdir'))
|
||||||
|
|
||||||
# FIXME: This isn’t exposed in accountsservice.pc
|
# FIXME: This isn’t exposed in accountsservice.pc
|
||||||
# See https://gitlab.freedesktop.org/accountsservice/accountsservice/merge_requests/16
|
# See https://gitlab.freedesktop.org/accountsservice/accountsservice/merge_requests/16
|
||||||
accountsserviceinterfacesdir = join_paths(datadir, 'accountsservice', 'interfaces')
|
accountsserviceinterfacesdir = join_paths(datadir, 'accountsservice', 'interfaces')
|
||||||
|
|
||||||
|
# FIXME: pam.pc doesn’t exist
|
||||||
|
pamlibdir = get_option('pamlibdir')
|
||||||
|
if pamlibdir == ''
|
||||||
|
pamlibdir = join_paths(prefix, libdir.split('/')[-1], 'security')
|
||||||
|
endif
|
||||||
|
|
||||||
dbus = dependency('dbus-1')
|
dbus = dependency('dbus-1')
|
||||||
dbusinterfacesdir = dbus.get_pkgconfig_variable('interfaces_dir',
|
dbusinterfacesdir = dbus.get_pkgconfig_variable('interfaces_dir',
|
||||||
define_variable: ['datadir', datadir])
|
define_variable: ['datadir', datadir])
|
||||||
|
@ -120,4 +127,5 @@ test_env = [
|
||||||
|
|
||||||
subdir('accounts-service')
|
subdir('accounts-service')
|
||||||
subdir('malcontent-client')
|
subdir('malcontent-client')
|
||||||
subdir('libmalcontent')
|
subdir('libmalcontent')
|
||||||
|
subdir('pam')
|
||||||
|
|
|
@ -3,4 +3,9 @@ option(
|
||||||
type: 'boolean',
|
type: 'boolean',
|
||||||
value: false,
|
value: false,
|
||||||
description: 'enable installed tests'
|
description: 'enable installed tests'
|
||||||
)
|
)
|
||||||
|
option(
|
||||||
|
'pamlibdir',
|
||||||
|
type: 'string',
|
||||||
|
description: 'directory for PAM modules'
|
||||||
|
)
|
||||||
|
|
|
@ -0,0 +1,24 @@
|
||||||
|
libpam = cc.find_library('pam', required: true)
|
||||||
|
libpam_misc = cc.find_library('pam_misc', required: true)
|
||||||
|
|
||||||
|
pam_malcontent = shared_library('pam_malcontent',
|
||||||
|
files('pam_malcontent.c'),
|
||||||
|
name_prefix: '',
|
||||||
|
link_args: [
|
||||||
|
'-shared',
|
||||||
|
'-Wl,--version-script=' + join_paths(meson.current_source_dir(), 'pam_malcontent.sym'),
|
||||||
|
],
|
||||||
|
dependencies: [
|
||||||
|
dependency('gio-2.0', version: '>= 2.44'),
|
||||||
|
dependency('glib-2.0', version: '>= 2.54.2'),
|
||||||
|
dependency('gobject-2.0', version: '>= 2.54'),
|
||||||
|
libmalcontent_dep,
|
||||||
|
libpam,
|
||||||
|
libpam_misc,
|
||||||
|
],
|
||||||
|
link_depends: files('pam_malcontent.sym'),
|
||||||
|
include_directories: root_inc,
|
||||||
|
install: true,
|
||||||
|
install_dir: pamlibdir)
|
||||||
|
|
||||||
|
subdir('tests')
|
|
@ -0,0 +1,206 @@
|
||||||
|
/* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*-
|
||||||
|
*
|
||||||
|
* Copyright © 2019 Endless Mobile, Inc.
|
||||||
|
*
|
||||||
|
* This library is free software; you can redistribute it and/or
|
||||||
|
* modify it under the terms of the GNU Lesser General Public
|
||||||
|
* License as published by the Free Software Foundation; either
|
||||||
|
* version 2.1 of the License, or (at your option) any later version.
|
||||||
|
*
|
||||||
|
* This library is distributed in the hope that it will be useful,
|
||||||
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||||
|
* Lesser General Public License for more details.
|
||||||
|
*
|
||||||
|
* You should have received a copy of the GNU Lesser General Public
|
||||||
|
* License along with this library; if not, write to the Free Software
|
||||||
|
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
|
||||||
|
*
|
||||||
|
* Authors:
|
||||||
|
* - Philip Withnall <withnall@endlessm.com>
|
||||||
|
*/
|
||||||
|
|
||||||
|
#include "config.h"
|
||||||
|
|
||||||
|
#define PAM_SM_ACCOUNT
|
||||||
|
|
||||||
|
#include <glib.h>
|
||||||
|
#include <glib/gi18n-lib.h>
|
||||||
|
#include <libmalcontent/malcontent.h>
|
||||||
|
#include <pwd.h>
|
||||||
|
#include <security/pam_ext.h>
|
||||||
|
#include <security/pam_modules.h>
|
||||||
|
#include <security/pam_modutil.h>
|
||||||
|
#include <syslog.h>
|
||||||
|
|
||||||
|
|
||||||
|
/* Example usage:
|
||||||
|
*
|
||||||
|
* Here’s an example of a PAM file which uses `pam_malcontent.so`. Note
|
||||||
|
* that `pam_malcontent.so` must be listed before `pam_systemd.so`, and it must
|
||||||
|
* have type `account`.
|
||||||
|
*
|
||||||
|
* ```
|
||||||
|
* auth sufficient pam_unix.so nullok try_first_pass
|
||||||
|
* auth required pam_deny.so
|
||||||
|
*
|
||||||
|
* account required pam_nologin.so
|
||||||
|
* account sufficient pam_unix.so
|
||||||
|
* account required pam_permit.so
|
||||||
|
* -account required pam_malcontent.so
|
||||||
|
*
|
||||||
|
* password sufficient pam_unix.so nullok sha512 shadow try_first_pass try_authtok
|
||||||
|
* password required pam_deny.so
|
||||||
|
*
|
||||||
|
* -session optional pam_keyinit.so revoke
|
||||||
|
* -session optional pam_loginuid.so
|
||||||
|
* -session optional pam_systemd.so
|
||||||
|
* session sufficient pam_unix.so
|
||||||
|
* ```
|
||||||
|
*/
|
||||||
|
|
||||||
|
/* @pw_out is (transfer none) (out) (not optional) */
|
||||||
|
static int
|
||||||
|
get_user_data (pam_handle_t *handle,
|
||||||
|
const char **username_out,
|
||||||
|
const struct passwd **pw_out)
|
||||||
|
{
|
||||||
|
const char *username = NULL;
|
||||||
|
struct passwd *pw = NULL;
|
||||||
|
int r;
|
||||||
|
|
||||||
|
g_return_val_if_fail (handle != NULL, PAM_AUTH_ERR);
|
||||||
|
g_return_val_if_fail (username_out != NULL, PAM_AUTH_ERR);
|
||||||
|
g_return_val_if_fail (pw_out != NULL, PAM_AUTH_ERR);
|
||||||
|
|
||||||
|
r = pam_get_user (handle, &username, NULL);
|
||||||
|
if (r != PAM_SUCCESS)
|
||||||
|
{
|
||||||
|
pam_syslog (handle, LOG_ERR, "Failed to get user name.");
|
||||||
|
return r;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (username == NULL || *username == '\0')
|
||||||
|
{
|
||||||
|
pam_syslog (handle, LOG_ERR, "User name not valid.");
|
||||||
|
return PAM_AUTH_ERR;
|
||||||
|
}
|
||||||
|
|
||||||
|
pw = pam_modutil_getpwnam (handle, username);
|
||||||
|
if (pw == NULL)
|
||||||
|
{
|
||||||
|
pam_syslog (handle, LOG_ERR, "Failed to get user data.");
|
||||||
|
return PAM_USER_UNKNOWN;
|
||||||
|
}
|
||||||
|
|
||||||
|
*pw_out = pw;
|
||||||
|
*username_out = username;
|
||||||
|
|
||||||
|
return PAM_SUCCESS;
|
||||||
|
}
|
||||||
|
|
||||||
|
static void
|
||||||
|
runtime_max_sec_free (pam_handle_t *handle,
|
||||||
|
void *data,
|
||||||
|
int error_status)
|
||||||
|
{
|
||||||
|
g_return_if_fail (data != NULL);
|
||||||
|
|
||||||
|
g_free (data);
|
||||||
|
}
|
||||||
|
|
||||||
|
PAM_EXTERN int
|
||||||
|
pam_sm_acct_mgmt (pam_handle_t *handle,
|
||||||
|
int flags,
|
||||||
|
int argc,
|
||||||
|
const char **argv)
|
||||||
|
{
|
||||||
|
int retval;
|
||||||
|
const char *username = NULL;
|
||||||
|
const struct passwd *pw = NULL;
|
||||||
|
g_autoptr(GDBusConnection) connection = NULL;
|
||||||
|
g_autoptr(MctManager) manager = NULL;
|
||||||
|
g_autoptr(MctSessionLimits) limits = NULL;
|
||||||
|
g_autoptr(GError) local_error = NULL;
|
||||||
|
g_autofree gchar *runtime_max_sec_str = NULL;
|
||||||
|
guint64 now = g_get_real_time ();
|
||||||
|
guint64 time_remaining_secs = 0;
|
||||||
|
gboolean time_limit_enabled = FALSE;
|
||||||
|
|
||||||
|
/* Look up the user data from the handle. */
|
||||||
|
retval = get_user_data (handle, &username, &pw);
|
||||||
|
if (retval != PAM_SUCCESS)
|
||||||
|
{
|
||||||
|
/* The error has already been logged. */
|
||||||
|
return retval;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (pw->pw_uid == 0)
|
||||||
|
{
|
||||||
|
/* Always allow root, to avoid a situation where this PAM module prevents
|
||||||
|
* all users logging in with no way of recovery. */
|
||||||
|
pam_info (handle, _("User ‘%s’ has no time limits enabled"), "root");
|
||||||
|
return PAM_SUCCESS;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Connect to the system bus. */
|
||||||
|
connection = g_bus_get_sync (G_BUS_TYPE_SYSTEM, NULL, &local_error);
|
||||||
|
if (connection == NULL)
|
||||||
|
{
|
||||||
|
pam_error (handle,
|
||||||
|
_("Error getting session limits for user ‘%s’: %s"),
|
||||||
|
username, local_error->message);
|
||||||
|
return PAM_SERVICE_ERR;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Get the time limits on this user’s session usage. */
|
||||||
|
manager = mct_manager_new (connection);
|
||||||
|
limits = mct_manager_get_session_limits (manager, pw->pw_uid,
|
||||||
|
MCT_MANAGER_GET_VALUE_FLAGS_NONE,
|
||||||
|
NULL, &local_error);
|
||||||
|
|
||||||
|
if (limits == NULL)
|
||||||
|
{
|
||||||
|
if (g_error_matches (local_error, MCT_MANAGER_ERROR,
|
||||||
|
MCT_MANAGER_ERROR_DISABLED))
|
||||||
|
{
|
||||||
|
return PAM_SUCCESS;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
pam_error (handle,
|
||||||
|
_("Error getting session limits for user ‘%s’: %s"),
|
||||||
|
username, local_error->message);
|
||||||
|
return PAM_SERVICE_ERR;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Check if there’s time left. */
|
||||||
|
if (!mct_session_limits_check_time_remaining (limits, now, &time_remaining_secs,
|
||||||
|
&time_limit_enabled))
|
||||||
|
{
|
||||||
|
pam_error (handle, _("User ‘%s’ has no time remaining"), username);
|
||||||
|
return PAM_AUTH_ERR;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!time_limit_enabled)
|
||||||
|
{
|
||||||
|
pam_info (handle, _("User ‘%s’ has no time limits enabled"), username);
|
||||||
|
return PAM_SUCCESS;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Propagate the remaining time to the `pam_systemd.so` module, which will
|
||||||
|
* end the user’s session when it runs out. */
|
||||||
|
runtime_max_sec_str = g_strdup_printf ("%" G_GUINT64_FORMAT, time_remaining_secs);
|
||||||
|
retval = pam_set_data (handle, "systemd.runtime_max_sec",
|
||||||
|
g_steal_pointer (&runtime_max_sec_str), runtime_max_sec_free);
|
||||||
|
|
||||||
|
if (retval != PAM_SUCCESS)
|
||||||
|
{
|
||||||
|
pam_error (handle, _("Error setting time limit on login session: %s"),
|
||||||
|
pam_strerror (handle, retval));
|
||||||
|
return retval;
|
||||||
|
}
|
||||||
|
|
||||||
|
return PAM_SUCCESS;
|
||||||
|
}
|
|
@ -0,0 +1,26 @@
|
||||||
|
/*
|
||||||
|
* Copyright © 2019 Endless Mobile, Inc.
|
||||||
|
*
|
||||||
|
* This library is free software; you can redistribute it and/or
|
||||||
|
* modify it under the terms of the GNU Lesser General Public
|
||||||
|
* License as published by the Free Software Foundation; either
|
||||||
|
* version 2.1 of the License, or (at your option) any later version.
|
||||||
|
*
|
||||||
|
* This library is distributed in the hope that it will be useful,
|
||||||
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||||
|
* Lesser General Public License for more details.
|
||||||
|
*
|
||||||
|
* You should have received a copy of the GNU Lesser General Public
|
||||||
|
* License along with this library; if not, write to the Free Software
|
||||||
|
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
|
||||||
|
*
|
||||||
|
* Authors:
|
||||||
|
* - Philip Withnall <withnall@endlessm.com>
|
||||||
|
*/
|
||||||
|
|
||||||
|
{
|
||||||
|
global:
|
||||||
|
pam_sm_acct_mgmt;
|
||||||
|
local: *;
|
||||||
|
};
|
|
@ -0,0 +1,48 @@
|
||||||
|
deps = [
|
||||||
|
dependency('glib-2.0', version: '>= 2.60.0'),
|
||||||
|
cc.find_library('dl'),
|
||||||
|
]
|
||||||
|
|
||||||
|
envs = test_env + [
|
||||||
|
'G_TEST_SRCDIR=' + meson.current_source_dir(),
|
||||||
|
'G_TEST_BUILDDIR=' + meson.current_build_dir(),
|
||||||
|
]
|
||||||
|
|
||||||
|
test_programs = [
|
||||||
|
['pam_malcontent', [], deps],
|
||||||
|
]
|
||||||
|
|
||||||
|
installed_tests_metadir = join_paths(datadir, 'installed-tests',
|
||||||
|
'libmalcontent-' + libmalcontent_api_version)
|
||||||
|
installed_tests_execdir = join_paths(libexecdir, 'installed-tests',
|
||||||
|
'libmalcontent-' + libmalcontent_api_version)
|
||||||
|
|
||||||
|
foreach program: test_programs
|
||||||
|
test_conf = configuration_data()
|
||||||
|
test_conf.set('installed_tests_dir', installed_tests_execdir)
|
||||||
|
test_conf.set('program', program[0])
|
||||||
|
|
||||||
|
configure_file(
|
||||||
|
input: test_template,
|
||||||
|
output: program[0] + '.test',
|
||||||
|
install: enable_installed_tests,
|
||||||
|
install_dir: installed_tests_metadir,
|
||||||
|
configuration: test_conf,
|
||||||
|
)
|
||||||
|
|
||||||
|
exe = executable(
|
||||||
|
program[0],
|
||||||
|
[program[0] + '.c'] + program[1],
|
||||||
|
dependencies: program[2],
|
||||||
|
include_directories: root_inc,
|
||||||
|
install: enable_installed_tests,
|
||||||
|
install_dir: installed_tests_execdir,
|
||||||
|
)
|
||||||
|
|
||||||
|
test(
|
||||||
|
program[0],
|
||||||
|
exe,
|
||||||
|
env: envs,
|
||||||
|
args: ['--tap'],
|
||||||
|
)
|
||||||
|
endforeach
|
|
@ -0,0 +1,62 @@
|
||||||
|
/* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*-
|
||||||
|
*
|
||||||
|
* Copyright © 2019 Endless Mobile, Inc.
|
||||||
|
*
|
||||||
|
* This library is free software; you can redistribute it and/or
|
||||||
|
* modify it under the terms of the GNU Lesser General Public
|
||||||
|
* License as published by the Free Software Foundation; either
|
||||||
|
* version 2.1 of the License, or (at your option) any later version.
|
||||||
|
*
|
||||||
|
* This library is distributed in the hope that it will be useful,
|
||||||
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||||
|
* Lesser General Public License for more details.
|
||||||
|
*
|
||||||
|
* You should have received a copy of the GNU Lesser General Public
|
||||||
|
* License along with this library; if not, write to the Free Software
|
||||||
|
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
|
||||||
|
*
|
||||||
|
* Authors:
|
||||||
|
* - Philip Withnall <withnall@endlessm.com>
|
||||||
|
*/
|
||||||
|
|
||||||
|
#include <dlfcn.h>
|
||||||
|
#include <glib.h>
|
||||||
|
#include <locale.h>
|
||||||
|
#include <stdlib.h>
|
||||||
|
|
||||||
|
/* Test that the `pam_malcontent.so` module can be loaded using dlopen() and
|
||||||
|
* that it exports the appropriate symbols for PAM to be able to use it. */
|
||||||
|
static void
|
||||||
|
test_pam_malcontent_dlopen (void)
|
||||||
|
{
|
||||||
|
g_autofree gchar *module_path = NULL;
|
||||||
|
void *handle;
|
||||||
|
int retval;
|
||||||
|
void *fn;
|
||||||
|
|
||||||
|
module_path = g_test_build_filename (G_TEST_BUILT, "..", "pam_malcontent.so", NULL);
|
||||||
|
|
||||||
|
/* Check the module can be loaded. */
|
||||||
|
handle = dlopen (module_path, RTLD_NOW);
|
||||||
|
g_assert_nonnull (handle);
|
||||||
|
|
||||||
|
/* Check the appropriate symbols exist. */
|
||||||
|
fn = dlsym (handle, "pam_sm_acct_mgmt");
|
||||||
|
g_assert_nonnull (fn);
|
||||||
|
|
||||||
|
retval = dlclose (handle);
|
||||||
|
g_assert_cmpint (retval, ==, 0);
|
||||||
|
}
|
||||||
|
|
||||||
|
int
|
||||||
|
main (int argc,
|
||||||
|
char **argv)
|
||||||
|
{
|
||||||
|
setlocale (LC_ALL, "");
|
||||||
|
g_test_init (&argc, &argv, NULL);
|
||||||
|
|
||||||
|
g_test_add_func ("/pam_malcontent/dlopen", test_pam_malcontent_dlopen);
|
||||||
|
|
||||||
|
return g_test_run ();
|
||||||
|
}
|
|
@ -1,3 +1,5 @@
|
||||||
# List of source files containing translatable strings.
|
# List of source files containing translatable strings.
|
||||||
# Please keep this file sorted alphabetically.
|
# Please keep this file sorted alphabetically.
|
||||||
accounts-service/com.endlessm.ParentalControls.policy
|
accounts-service/com.endlessm.ParentalControls.policy
|
||||||
|
libmalcontent/manager.c
|
||||||
|
pam/pam_malcontent.c
|
||||||
|
|
Loading…
Reference in New Issue