From d2dcaeddfe015d3fee3817737e1bae72f1ad3316 Mon Sep 17 00:00:00 2001
From: Jakub Filak <jfilak@redhat.com>
Date: Wed, 1 Jul 2015 13:38:57 +0200
Subject: [PATCH] cli: enable polkit authentication on command line

This patch will allow users to work with all problems without the need
to run abrt-cli under root account.

The polkit aget will run in a separate thread and will interact with a
user via STDOUT and STDIN, so we should not introduce new threads using
STDIN or STDOUT and all D-Bus calls should be synchronous.

http://www.freedesktop.org/software/polkit/docs/latest/ref-authentication-agent-api.html

Related: #1224984

Signed-off-by: Jakub Filak <jfilak@redhat.com>

Conflicts:
	src/cli/Makefile.am
---
 configure.ac            |  1 +
 doc/abrt-cli.txt        | 11 +++++++++--
 src/cli/Makefile.am     |  2 ++
 src/cli/abrt-cli-core.c | 50 +++++++++++++++++++++++++++++++++++++++++++++++--
 src/cli/abrt-cli-core.h |  9 ++++++++-
 src/cli/abrt-cli.c      | 15 ++++++++++++++-
 6 files changed, 82 insertions(+), 6 deletions(-)

diff --git a/configure.ac b/configure.ac
index d65bf54..56b8ad8 100644
--- a/configure.ac
+++ b/configure.ac
@@ -104,6 +104,7 @@ PKG_CHECK_MODULES([NSS], [nss])
 PKG_CHECK_MODULES([LIBREPORT], [libreport])
 PKG_CHECK_MODULES([LIBREPORT_GTK], [libreport-gtk])
 PKG_CHECK_MODULES([POLKIT], [polkit-gobject-1])
+PKG_CHECK_MODULES([POLKIT_AGENT], [polkit-agent-1])
 PKG_CHECK_MODULES([GIO], [gio-2.0])
 PKG_CHECK_MODULES([SATYR], [satyr])
 PKG_CHECK_MODULES([LIBSELINUX], [libselinux])
diff --git a/doc/abrt-cli.txt b/doc/abrt-cli.txt
index 399b5fd..0f18784 100644
--- a/doc/abrt-cli.txt
+++ b/doc/abrt-cli.txt
@@ -7,6 +7,8 @@ abrt-cli - List, remove, print, analyze, report problems
 
 SYNOPSIS
 --------
+'abrt-cli' [--authenticate] COMMAND [COMMAND OPTIONS]
+
 'abrt-cli' list    [-vn] [--detailed] [--since NUM] [--until NUM] [DIR]...
 
 'abrt-cli' remove  [-v]  DIR...
@@ -19,8 +21,13 @@ SYNOPSIS
 
 'abrt-cli' process [-v]  [--since NUM] DIR...
 
-OPTIONS
--------
+GLOBAL OPTIONS
+--------------
+-a,--authenticate::
+   Enable PolicyKit authentication to be able to work with the system problems
+
+COMMAND OPTIONS
+---------------
 -v,--verbose::
    Be more verbose. Can be given multiple times.
 
diff --git a/src/cli/Makefile.am b/src/cli/Makefile.am
index 9fff5b3..a7c76ef 100644
--- a/src/cli/Makefile.am
+++ b/src/cli/Makefile.am
@@ -17,6 +17,7 @@ abrt_cli_CFLAGS = \
 	-I$(srcdir)/../include \
 	-I$(srcdir)/../lib \
 	$(LIBREPORT_CFLAGS) \
+	$(POLKIT_AGENT_CFLAGS) \
 	-DWORKFLOWS_DIR=\"${WORKFLOWS_DIR}\"
 
 if SUGGEST_AUTOREPORTING
@@ -24,6 +25,7 @@ abrt_cli_CFLAGS += -DSUGGEST_AUTOREPORTING=1
 endif
 
 abrt_cli_LDADD = \
+    $(POLKIT_AGENT_LIBS) \
     $(LIBREPORT_LIBS) \
     ../lib/libabrt.la
 
diff --git a/src/cli/abrt-cli-core.c b/src/cli/abrt-cli-core.c
index 46acd01..ca49dbd 100644
--- a/src/cli/abrt-cli-core.c
+++ b/src/cli/abrt-cli-core.c
@@ -20,6 +20,17 @@
 #include "libabrt.h"
 #include "abrt-cli-core.h"
 
+/* It is not possible to include polkitagent.h without the following define.
+ * Check out the included header file.
+ */
+#define POLKIT_AGENT_I_KNOW_API_IS_SUBJECT_TO_CHANGE
+#include <polkitagent/polkitagent.h>
+
+int g_cli_authenticate;
+
+static PolkitAgentListener *s_local_polkit_agent = NULL;
+static gpointer s_local_agent_handle = NULL;
+
 /* Vector of problems: */
 /* problem_data_vector[i] = { "name" = { "content", CD_FLAG_foo_bits } } */
 
@@ -41,7 +52,7 @@ vector_of_problem_data_t *new_vector_of_problem_data(void)
 
 vector_of_problem_data_t *fetch_crash_infos(void)
 {
-    GList *problems = get_problems_over_dbus(/*don't authorize*/false);
+    GList *problems = get_problems_over_dbus(g_cli_authenticate);
     if (problems == ERR_PTR)
         return NULL;
 
@@ -97,7 +108,7 @@ char *find_problem_by_hash(const char *hash, GList *problems)
 char *hash2dirname(const char *hash)
 {
     /* Try loading by dirname hash */
-    GList *problems = get_problems_over_dbus(/*don't authorize*/false);
+    GList *problems = get_problems_over_dbus(g_cli_authenticate);
     if (problems == ERR_PTR)
         return NULL;
 
@@ -112,3 +123,38 @@ char *hash2dirname_if_necessary(const char *input)
 {
     return isxdigit_str(input) ? hash2dirname(input) : xstrdup(input);
 }
+
+void initialize_polkit_agent(void)
+{
+    GError *error = NULL;
+    PolkitSubject *subject = polkit_unix_process_new_for_owner(
+                                getpid(),
+                                /*start time from /proc*/0,
+                                getuid());
+
+    s_local_polkit_agent = polkit_agent_text_listener_new(NULL, &error);
+    if (s_local_polkit_agent == NULL)
+    {
+        error_msg_and_die("polkit_agent_text_listener_new: %s (%s, %d)\n",
+                error->message, g_quark_to_string (error->domain), error->code);
+    }
+
+    s_local_agent_handle = polkit_agent_listener_register(s_local_polkit_agent,
+            POLKIT_AGENT_REGISTER_FLAGS_RUN_IN_THREAD, subject, NULL, NULL, &error);
+    if (s_local_agent_handle == NULL)
+    {
+        error_msg_and_die("polkit_agent_listener_register: %s (%s, %d)\n",
+                error->message, g_quark_to_string (error->domain), error->code);
+    }
+
+    g_object_unref(subject);
+}
+
+void uninitialize_polkit_agent(void)
+{
+    if (s_local_agent_handle != NULL)
+        polkit_agent_listener_unregister(s_local_agent_handle);
+
+    if (s_local_polkit_agent != NULL)
+        g_object_unref(s_local_polkit_agent);
+}
diff --git a/src/cli/abrt-cli-core.h b/src/cli/abrt-cli-core.h
index d69d463..e2456e6 100644
--- a/src/cli/abrt-cli-core.h
+++ b/src/cli/abrt-cli-core.h
@@ -22,6 +22,10 @@
 
 #include "problem_api.h"
 
+/* Use authenticate D-Bus methods. The authentication requires a polkit agent
+ * to finish an authenticated method successfully. */
+extern int g_cli_authenticate;
+
 typedef GPtrArray vector_of_problem_data_t;
 
 problem_data_t *get_problem_data(vector_of_problem_data_t *vector, unsigned i);
@@ -37,6 +41,9 @@ char *hash2dirname(const char *hash);
 /* If input looks like a hash, returns malloced string, or NULL if not found.
  * Otherwise returns a copy of the input. */
 char *hash2dirname_if_necessary(const char *input);
-
+/* Initialize a new polkit text agent in a new thread */
+void initialize_polkit_agent(void);
+/* Uninitialize the polkit text agent */
+void uninitialize_polkit_agent(void);
 
 #endif /* ABRT_CLI_CORE_H_ */
diff --git a/src/cli/abrt-cli.c b/src/cli/abrt-cli.c
index 8e19081..f45523e 100644
--- a/src/cli/abrt-cli.c
+++ b/src/cli/abrt-cli.c
@@ -19,6 +19,7 @@
 
 #include "libabrt.h"
 #include "builtin-cmd.h"
+#include "abrt-cli-core.h"
 
 #define USAGE_OPTS_WIDTH 16
 #define USAGE_GAP         2
@@ -75,6 +76,10 @@ static unsigned handle_internal_options(int argc, const char **argv, const char
         {
             return skip + argc;
         }
+        else if (strcmp(cmd, "-a") == 0 || strcmp(cmd, "--authenticate") == 0)
+        {
+            g_cli_authenticate = 1;
+        }
         else
             error_msg_and_die("%s", usage);
 
@@ -122,7 +127,7 @@ int main(int argc, const char **argv)
     argc--;
 
     const char *abrt_cli_usage_string = _(
-        "Usage: abrt-cli [--version] COMMAND [DIR]..."
+        "Usage: abrt-cli [--authenticate] [--version] COMMAND [DIR]..."
         );
 
     const struct cmd_struct commands[] = {
@@ -141,8 +146,16 @@ int main(int argc, const char **argv)
     argc -= skip;
     argv += skip;
     if (argc > 0)
+    {
+        if (g_cli_authenticate)
+            initialize_polkit_agent();
+
         handle_internal_command(argc, argv, commands);
 
+        if (g_cli_authenticate)
+            uninitialize_polkit_agent();
+    }
+
     /* user didn't specify command; print out help */
     printf("%s\n\n", abrt_cli_usage_string);
     list_cmds_help(commands);
-- 
2.4.3