core: consolidate PolicyKit code

Use one global PolkitAuthority object; we only really need to use it
in one place anyway.  So consolidate the code that uses polkit into
nm-manager-auth.c.

src/nm-manager-auth.c

@@ -20,8 +20,9 @@
 
 #include <string.h>
 #include <dbus/dbus-glib-lowlevel.h>
+#include <polkit/polkit.h>
 
-#include <nm-setting-connection.h>
+#include "nm-setting-connection.h"
 #include "nm-manager-auth.h"
 #include "nm-logging.h"
 #include "nm-dbus-manager.h"
@@ -37,7 +38,6 @@ struct NMAuthChain {
 	GError *error;
 
 	NMAuthChainResultFunc done_func;
-	NMAuthChainCallFunc call_func;
 	gpointer user_data;
 };
 
@@ -45,6 +45,7 @@ typedef struct {
 	NMAuthChain *chain;
 	GCancellable *cancellable;
 	char *permission;
+	guint idle_id;
 	gboolean disposed;
 } PolkitCall;
 
@@ -64,20 +65,29 @@ free_data (gpointer data)
 	g_free (tmp);
 }
 
-static void
-default_call_func (NMAuthChain *chain,
-                   const char *permission,
-                   GError *error,
-                   NMAuthCallResult result,
-                   gpointer user_data)
+static PolkitAuthority *
+pk_authority_get (void)
 {
-	if (!error)
-		nm_auth_chain_set_data (chain, permission, GUINT_TO_POINTER (result), NULL);
+	static PolkitAuthority *authority = NULL;
+	GError *error = NULL;
+
+	if (authority == NULL) {
+		authority = polkit_authority_get_sync (NULL, &error);
+		if (authority == NULL) {
+			nm_log_err (LOGD_CORE, "Failed to initialize PolicyKit: (%d) %s",
+			            error ? error->code : -1,
+			            (error && error->message) ? error->message : "(unknown)");
+			g_clear_error (&error);
+			return NULL;
+		}
+	}
+
+	/* Yes, ref every time; we want to keep the object alive */
+	return g_object_ref (authority);
 }
 
 static NMAuthChain *
-_auth_chain_new (PolkitAuthority *authority,
-                 DBusGMethodInvocation *context,
+_auth_chain_new (DBusGMethodInvocation *context,
                  DBusGProxy *proxy,
                  DBusMessage *message,
                  const char *dbus_sender,
@@ -90,10 +100,9 @@ _auth_chain_new (PolkitAuthority *authority,
 
 	self = g_malloc0 (sizeof (NMAuthChain));
 	self->refcount = 1;
-	self->authority = g_object_ref (authority);
+	self->authority = pk_authority_get ();
 	self->data = g_hash_table_new_full (g_str_hash, g_str_equal, g_free, free_data);
 	self->done_func = done_func;
-	self->call_func = /* call_func ? call_func : */ default_call_func;
 	self->user_data = user_data;
 	self->context = context;
 
@@ -117,31 +126,28 @@ _auth_chain_new (PolkitAuthority *authority,
 }
 
 NMAuthChain *
-nm_auth_chain_new (PolkitAuthority *authority,
-                   DBusGMethodInvocation *context,
+nm_auth_chain_new (DBusGMethodInvocation *context,
                    DBusGProxy *proxy,
                    NMAuthChainResultFunc done_func,
                    gpointer user_data)
 {
-	return _auth_chain_new (authority, context, proxy, NULL, NULL, done_func, user_data);
+	return _auth_chain_new (context, proxy, NULL, NULL, done_func, user_data);
 }
 
 NMAuthChain *
-nm_auth_chain_new_raw_message (PolkitAuthority *authority,
-                               DBusMessage *message,
+nm_auth_chain_new_raw_message (DBusMessage *message,
                                NMAuthChainResultFunc done_func,
                                gpointer user_data)
 {
-	return _auth_chain_new (authority, NULL, NULL, message, NULL, done_func, user_data);
+	return _auth_chain_new (NULL, NULL, message, NULL, done_func, user_data);
 }
 
 NMAuthChain *
-nm_auth_chain_new_dbus_sender (PolkitAuthority *authority,
-                               const char *dbus_sender,
+nm_auth_chain_new_dbus_sender (const char *dbus_sender,
                                NMAuthChainResultFunc done_func,
                                gpointer user_data)
 {
-	return _auth_chain_new (authority, NULL, NULL, NULL, dbus_sender, done_func, user_data);
+	return _auth_chain_new (NULL, NULL, NULL, dbus_sender, done_func, user_data);
 }
 
 gpointer
@@ -228,6 +234,15 @@ nm_auth_chain_check_done (NMAuthChain *self)
 	}
 }
 
+static void
+nm_auth_chain_remove_call (NMAuthChain *self, PolkitCall *call)
+{
+	g_return_if_fail (self != NULL);
+	g_return_if_fail (call != NULL);
+
+	self->calls = g_slist_remove (self->calls, call);
+}
+
 static void
 polkit_call_cancel (PolkitCall *call)
 {
@@ -246,6 +261,9 @@ polkit_call_free (PolkitCall *call)
 	call->chain = NULL;
 	g_object_unref (call->cancellable);
 	call->cancellable = NULL;
+	if (call->idle_id)
+		g_source_remove (call->idle_id);
+	memset (call, 0, sizeof (*call));
 	g_free (call);
 }
 
@@ -265,7 +283,7 @@ pk_call_cb (GObject *object, GAsyncResult *result, gpointer user_data)
 	}
 
 	chain = call->chain;
-	chain->calls = g_slist_remove (chain->calls, call);
+	nm_auth_chain_remove_call (chain, call);
 
 	pk_result = polkit_authority_check_authorization_finish (chain->authority,
 	                                                         result,
@@ -287,9 +305,11 @@ pk_call_cb (GObject *object, GAsyncResult *result, gpointer user_data)
 			call_result = NM_AUTH_CALL_RESULT_AUTH;
 		} else
 			call_result = NM_AUTH_CALL_RESULT_NO;
+
+		nm_auth_chain_set_data (chain, call->permission, GUINT_TO_POINTER (call_result), NULL);
 	}
 
-	chain->call_func (chain, call->permission, error, call_result, chain->user_data);
+	/* Check if all calls in the chain are complete */
 	nm_auth_chain_check_done (chain);
 
 	g_clear_error (&error);
@@ -298,6 +318,26 @@ pk_call_cb (GObject *object, GAsyncResult *result, gpointer user_data)
 		g_object_unref (pk_result);
 }
 
+static gboolean
+polkit_call_error_idle_cb (gpointer user_data)
+{
+	PolkitCall *call = user_data;
+
+	call->idle_id = 0;
+	nm_auth_chain_remove_call (call->chain, call);
+	nm_auth_chain_check_done (call->chain);
+	polkit_call_free (call);
+	return FALSE;
+}
+
+static void
+polkit_call_schedule_error (PolkitCall *call)
+{
+	if (!call->chain->error)
+		call->chain->error = g_error_new_literal (0, 0, "PolicyKit unavailable");
+	call->idle_id = g_idle_add (polkit_call_error_idle_cb, call);
+}
+
 gboolean
 nm_auth_chain_add_call (NMAuthChain *self,
                         const char *permission,
@@ -322,6 +362,13 @@ nm_auth_chain_add_call (NMAuthChain *self,
 
 	self->calls = g_slist_append (self->calls, call);
 
+	if (self->authority == NULL) {
+		/* No polkit, no authorization */
+		polkit_call_schedule_error (call);
+		g_object_unref (subject);
+		return FALSE;
+	}
+
 	if (allow_interaction)
 		flags = POLKIT_CHECK_AUTHORIZATION_FLAGS_ALLOW_USER_INTERACTION;
 
@@ -348,7 +395,8 @@ nm_auth_chain_unref (NMAuthChain *self)
 	if (self->refcount > 0)
 		return;
 
-	g_object_unref (self->authority);
+	if (self->authority)
+		g_object_unref (self->authority);
 	g_free (self->owner);
 
 	for (iter = self->calls; iter; iter = g_slist_next (iter))
@@ -460,3 +508,46 @@ nm_auth_uid_in_acl (NMConnection *connection,
 	return TRUE;
 }
 
+typedef struct {
+	GDestroyNotify changed_callback;
+	gpointer changed_data;
+} PkChangedInfo;
+
+static void
+pk_authority_changed_cb (GObject *object, PkChangedInfo *info)
+{
+	info->changed_callback (info->changed_data);
+}
+
+void
+nm_auth_set_changed_func (GDestroyNotify callback, gpointer callback_data)
+{
+	static PkChangedInfo info = { NULL, NULL };
+	static guint32 changed_id = 0;
+	PolkitAuthority *authority;
+
+	authority = pk_authority_get ();
+	if (!authority)
+		return;
+
+	if (callback == NULL) {
+		/* Clearing the callback */
+		info.changed_callback = NULL;
+		info.changed_data = NULL;
+		g_signal_handler_disconnect (authority, changed_id);
+		changed_id = 0;
+	} else {
+		info.changed_callback = callback;
+		info.changed_data= callback_data;
+
+		if (changed_id == 0) {
+			changed_id = g_signal_connect (authority,
+			                               "changed",
+			                               G_CALLBACK (pk_authority_changed_cb),
+			                               &info);
+		}
+	}
+
+	g_object_unref (authority);
+}
+