polkit-auth.c

   1 /*
   2  * Copyright (c) 2014 Ian Sutton <ian@kremlin.cc>
   3  *
   4  * Permission to use, copy, modify, and distribute this software for any
   5  * purpose with or without fee is hereby granted, provided that the above
   6  * copyright notice and this permission notice appear in all copies.
   7  *
   8  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
   9  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
  10  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
  11  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
  12  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
  13  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
  14  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  15  */
  16
  17 #include <unistd.h>
  18 #include <limits.h>
  19 #include <string.h>
  20
  21 #include <glib/gprintf.h>
  22 #include <glib-unix.h>
  23 #include <polkit/polkit.h>
  24
  25 #include "polkit-auth.h"
  26
  27 static gboolean is_valid_action(GList *action_list, const gchar *action) {
  28
  29     PolkitActionDescription *action_descr;
  30     const gchar *action_descr_id;
  31     GList *cur;
  32     gboolean ret;
  33
  34     ret = FALSE;
  35     cur = g_list_first(action_list);
  36
  37     while(cur && (action_descr = ((PolkitActionDescription *)(cur->data))) && (action_descr_id = polkit_action_description_get_action_id(action_descr))) {
  38
  39         if(!g_strcmp0(action, action_descr_id)) {
  40             ret = TRUE;
  41             break;
  42         }
  43
  44         cur = cur->next;
  45     }
  46
  47     g_list_free(action_list);
  48
  49     return ret;
  50 }
  51
  52 check_auth_result polkit_try_auth(const gchar *bus, const gchar *action, gboolean prompt) {
  53
  54     GList           *valid_actions;
  55     PolkitAuthority *auth;
  56     PolkitSubject   *subj;
  57     PolkitAuthorizationResult *result;
  58     PolkitCheckAuthorizationFlags prompt_flag;
  59     gboolean authorized, challenge;
  60
  61     auth  = NULL;
  62     subj  = NULL;
  63     result = NULL;
  64     valid_actions = NULL;
  65     authorized = challenge = FALSE;
  66     prompt_flag = prompt ? POLKIT_CHECK_AUTHORIZATION_FLAGS_ALLOW_USER_INTERACTION : POLKIT_CHECK_AUTHORIZATION_FLAGS_NONE;
  67
  68     auth = polkit_authority_get_sync(NULL, NULL); /* TODO timeout for this */
  69     subj = polkit_system_bus_name_new(bus);
  70     valid_actions = polkit_authority_enumerate_actions_sync(auth, NULL, NULL);
  71
  72    if(!auth || !valid_actions)
  73         return ERROR_GENERIC; /* extremely unlikely */
  74     else if(!subj)
  75         return ERROR_BADBUS;
  76     else if(!is_valid_action(valid_actions, action))
  77         return ERROR_BADACTION;
  78
  79    if(!(result = polkit_authority_check_authorization_sync(auth, subj, action, NULL, prompt_flag, NULL, NULL)))
  80         return ERROR_GENERIC; /* TODO pass, check gerror and return more relevant error */
  81
  82     authorized = polkit_authorization_result_get_is_authorized(result);
  83     challenge = polkit_authorization_result_get_is_challenge(result);
  84
  85     /* free()'s before return */
  86     if(auth)
  87         g_object_unref(auth);
  88     if(subj)
  89         g_object_unref(subj);
  90     if(result)
  91         g_object_unref(result);
  92
  93     if(authorized) {
  94
  95         if(challenge)
  96             return AUTHORIZED_BY_PROMPT;
  97
  98         return AUTHORIZED_NATIVELY;
  99
 100     } else if(challenge)
 101         return UNAUTHORIZED_FAILED_PROMPT;
 102
 103     return UNAUTHORIZED_NATIVELY;
 104 }