/*
  Copyright (C) 2012  ABRT team

  This program is free software; you can redistribute it and/or modify
  it under the terms of the GNU General Public License as published by
  the Free Software Foundation; either version 2 of the License, or
  (at your option) any later version.

  This program is distributed in the hope that it will be useful,
  but WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  GNU General Public License for more details.

  You should have received a copy of the GNU General Public License along
  with this program; if not, write to the Free Software Foundation, Inc.,
  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/

#include <glib-object.h>
#include <sys/types.h>
#include <unistd.h>

#include "libabrt.h"
#include "abrt-polkit.h"

#ifdef HAVE_POLKIT
#include <polkit/polkit.h>
#endif

/*number of seconds: timeout for the authorization*/
#define POLKIT_TIMEOUT 20

#ifdef HAVE_POLKIT
static gboolean do_cancel(GCancellable* cancellable)
{
    log_warning("Timer has expired; cancelling authorization check\n");
    g_cancellable_cancel(cancellable);
    return FALSE;
}
#endif

#ifdef HAVE_POLKIT
static PolkitResult do_check(PolkitSubject *subject, const char *action_id)
{
    PolkitAuthority *authority;
    PolkitAuthorizationResult *auth_result;
    PolkitResult result = PolkitNo;
    GError *error = NULL;
    GCancellable * cancellable;

    cancellable = g_cancellable_new();

    /* we ignore the error for now .. */
    authority = polkit_authority_get_sync(cancellable, NULL);

    guint cancel_timeout = g_timeout_add(POLKIT_TIMEOUT * 1000,
                   (GSourceFunc) do_cancel,
                   cancellable);

    auth_result = polkit_authority_check_authorization_sync(authority,
                subject,
                action_id,
                NULL,
                POLKIT_CHECK_AUTHORIZATION_FLAGS_ALLOW_USER_INTERACTION,
                cancellable,
                &error);
    g_object_unref(cancellable);
    g_object_unref(authority);
    g_source_remove(cancel_timeout);
    g_object_unref(subject);
    if (error)
    {
        g_error_free(error);
        return PolkitUnknown;
    }

    if (!auth_result)
        return PolkitUnknown;

    if (polkit_authorization_result_get_is_challenge(auth_result))
    {
        /* Can't happen (happens only with
         * POLKIT_CHECK_AUTHORIZATION_FLAGS_NONE flag) */
        result = PolkitChallenge;
        goto out;
    }

    if (polkit_authorization_result_get_is_authorized(auth_result))
    {
        result = PolkitYes;
        goto out;
    }

out:
    g_object_unref(auth_result);
    return result;
}
#endif

PolkitResult polkit_check_authorization_dname(const char *dbus_name, const char *action_id)
{
#ifdef HAVE_POLKIT
    glib_init();

    PolkitSubject *subject = polkit_system_bus_name_new(dbus_name);
    return do_check(subject, action_id);
#else
    log_warning("Polkit disabled. Everyone has access to private data");
    return PolkitYes;
#endif
}

PolkitResult polkit_check_authorization_pid(pid_t pid, const char *action_id)
{
#ifdef HAVE_POLKIT
    glib_init();

    PolkitSubject *subject = polkit_unix_process_new_for_owner(pid,
            /*use start_time from /proc*/0,
            /*use uid from /proc*/ -1);

    return do_check(subject, action_id);
#else
    log_warning("Polkit disabled. Everyone has access to private data");
    return PolkitYes;
#endif
}