|
Packit |
8ea169 |
/*
|
|
Packit |
8ea169 |
Copyright (C) 2012 ABRT team
|
|
Packit |
8ea169 |
|
|
Packit |
8ea169 |
This program is free software; you can redistribute it and/or modify
|
|
Packit |
8ea169 |
it under the terms of the GNU General Public License as published by
|
|
Packit |
8ea169 |
the Free Software Foundation; either version 2 of the License, or
|
|
Packit |
8ea169 |
(at your option) any later version.
|
|
Packit |
8ea169 |
|
|
Packit |
8ea169 |
This program is distributed in the hope that it will be useful,
|
|
Packit |
8ea169 |
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
Packit |
8ea169 |
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
Packit |
8ea169 |
GNU General Public License for more details.
|
|
Packit |
8ea169 |
|
|
Packit |
8ea169 |
You should have received a copy of the GNU General Public License along
|
|
Packit |
8ea169 |
with this program; if not, write to the Free Software Foundation, Inc.,
|
|
Packit |
8ea169 |
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
|
|
Packit |
8ea169 |
*/
|
|
Packit |
8ea169 |
|
|
Packit |
8ea169 |
#include <glib-object.h>
|
|
Packit |
8ea169 |
#include <sys/types.h>
|
|
Packit |
8ea169 |
#include <unistd.h>
|
|
Packit |
8ea169 |
|
|
Packit |
8ea169 |
#include "libabrt.h"
|
|
Packit |
8ea169 |
#include "abrt-polkit.h"
|
|
Packit |
8ea169 |
|
|
Packit |
8ea169 |
#ifdef HAVE_POLKIT
|
|
Packit |
8ea169 |
#include <polkit/polkit.h>
|
|
Packit |
8ea169 |
#endif
|
|
Packit |
8ea169 |
|
|
Packit |
8ea169 |
/*number of seconds: timeout for the authorization*/
|
|
Packit |
8ea169 |
#define POLKIT_TIMEOUT 20
|
|
Packit |
8ea169 |
|
|
Packit |
8ea169 |
#ifdef HAVE_POLKIT
|
|
Packit |
8ea169 |
static gboolean do_cancel(GCancellable* cancellable)
|
|
Packit |
8ea169 |
{
|
|
Packit |
8ea169 |
log_warning("Timer has expired; cancelling authorization check\n");
|
|
Packit |
8ea169 |
g_cancellable_cancel(cancellable);
|
|
Packit |
8ea169 |
return FALSE;
|
|
Packit |
8ea169 |
}
|
|
Packit |
8ea169 |
#endif
|
|
Packit |
8ea169 |
|
|
Packit |
8ea169 |
#ifdef HAVE_POLKIT
|
|
Packit |
8ea169 |
static PolkitResult do_check(PolkitSubject *subject, const char *action_id)
|
|
Packit |
8ea169 |
{
|
|
Packit |
8ea169 |
PolkitAuthority *authority;
|
|
Packit |
8ea169 |
PolkitAuthorizationResult *auth_result;
|
|
Packit |
8ea169 |
PolkitResult result = PolkitNo;
|
|
Packit |
8ea169 |
GError *error = NULL;
|
|
Packit |
8ea169 |
GCancellable * cancellable;
|
|
Packit |
8ea169 |
|
|
Packit |
8ea169 |
cancellable = g_cancellable_new();
|
|
Packit |
8ea169 |
|
|
Packit |
8ea169 |
/* we ignore the error for now .. */
|
|
Packit |
8ea169 |
authority = polkit_authority_get_sync(cancellable, NULL);
|
|
Packit |
8ea169 |
|
|
Packit |
8ea169 |
guint cancel_timeout = g_timeout_add(POLKIT_TIMEOUT * 1000,
|
|
Packit |
8ea169 |
(GSourceFunc) do_cancel,
|
|
Packit |
8ea169 |
cancellable);
|
|
Packit |
8ea169 |
|
|
Packit |
8ea169 |
auth_result = polkit_authority_check_authorization_sync(authority,
|
|
Packit |
8ea169 |
subject,
|
|
Packit |
8ea169 |
action_id,
|
|
Packit |
8ea169 |
NULL,
|
|
Packit |
8ea169 |
POLKIT_CHECK_AUTHORIZATION_FLAGS_ALLOW_USER_INTERACTION,
|
|
Packit |
8ea169 |
cancellable,
|
|
Packit |
8ea169 |
&error);
|
|
Packit |
8ea169 |
g_object_unref(cancellable);
|
|
Packit |
8ea169 |
g_object_unref(authority);
|
|
Packit |
8ea169 |
g_source_remove(cancel_timeout);
|
|
Packit |
8ea169 |
g_object_unref(subject);
|
|
Packit |
8ea169 |
if (error)
|
|
Packit |
8ea169 |
{
|
|
Packit |
8ea169 |
g_error_free(error);
|
|
Packit |
8ea169 |
return PolkitUnknown;
|
|
Packit |
8ea169 |
}
|
|
Packit |
8ea169 |
|
|
Packit |
8ea169 |
if (!auth_result)
|
|
Packit |
8ea169 |
return PolkitUnknown;
|
|
Packit |
8ea169 |
|
|
Packit |
8ea169 |
if (polkit_authorization_result_get_is_challenge(auth_result))
|
|
Packit |
8ea169 |
{
|
|
Packit |
8ea169 |
/* Can't happen (happens only with
|
|
Packit |
8ea169 |
* POLKIT_CHECK_AUTHORIZATION_FLAGS_NONE flag) */
|
|
Packit |
8ea169 |
result = PolkitChallenge;
|
|
Packit |
8ea169 |
goto out;
|
|
Packit |
8ea169 |
}
|
|
Packit |
8ea169 |
|
|
Packit |
8ea169 |
if (polkit_authorization_result_get_is_authorized(auth_result))
|
|
Packit |
8ea169 |
{
|
|
Packit |
8ea169 |
result = PolkitYes;
|
|
Packit |
8ea169 |
goto out;
|
|
Packit |
8ea169 |
}
|
|
Packit |
8ea169 |
|
|
Packit |
8ea169 |
out:
|
|
Packit |
8ea169 |
g_object_unref(auth_result);
|
|
Packit |
8ea169 |
return result;
|
|
Packit |
8ea169 |
}
|
|
Packit |
8ea169 |
#endif
|
|
Packit |
8ea169 |
|
|
Packit |
8ea169 |
PolkitResult polkit_check_authorization_dname(const char *dbus_name, const char *action_id)
|
|
Packit |
8ea169 |
{
|
|
Packit |
8ea169 |
#ifdef HAVE_POLKIT
|
|
Packit |
8ea169 |
glib_init();
|
|
Packit |
8ea169 |
|
|
Packit |
8ea169 |
PolkitSubject *subject = polkit_system_bus_name_new(dbus_name);
|
|
Packit |
8ea169 |
return do_check(subject, action_id);
|
|
Packit |
8ea169 |
#else
|
|
Packit |
8ea169 |
log_warning("Polkit disabled. Everyone has access to private data");
|
|
Packit |
8ea169 |
return PolkitYes;
|
|
Packit |
8ea169 |
#endif
|
|
Packit |
8ea169 |
}
|
|
Packit |
8ea169 |
|
|
Packit |
8ea169 |
PolkitResult polkit_check_authorization_pid(pid_t pid, const char *action_id)
|
|
Packit |
8ea169 |
{
|
|
Packit |
8ea169 |
#ifdef HAVE_POLKIT
|
|
Packit |
8ea169 |
glib_init();
|
|
Packit |
8ea169 |
|
|
Packit |
8ea169 |
PolkitSubject *subject = polkit_unix_process_new_for_owner(pid,
|
|
Packit |
8ea169 |
/*use start_time from /proc*/0,
|
|
Packit |
8ea169 |
/*use uid from /proc*/ -1);
|
|
Packit |
8ea169 |
|
|
Packit |
8ea169 |
return do_check(subject, action_id);
|
|
Packit |
8ea169 |
#else
|
|
Packit |
8ea169 |
log_warning("Polkit disabled. Everyone has access to private data");
|
|
Packit |
8ea169 |
return PolkitYes;
|
|
Packit |
8ea169 |
#endif
|
|
Packit |
8ea169 |
}
|