f967cd07026257267297eb21a2311830118e23d1
[systembsd.git] / polkit-auth.c
1 /*
2 * Copyright (c) 2014 Ian Sutton <ian@kremlin.cc>
3 *
4 * Permission to use, copy, modify, and distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice appear in all copies.
7 *
8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15 */
16
17 #include <unistd.h>
18 #include <limits.h>
19 #include <string.h>
20
21 #include <glib/gprintf.h>
22 #include <glib-unix.h>
23 #include <polkit/polkit.h>
24
25 #include "polkit-auth.h"
26
27 static gboolean is_valid_action(GList *action_list, const gchar *action) {
28
29 PolkitActionDescription *action_descr;
30 const gchar *action_descr_id;
31 GList *cur;
32 gboolean ret;
33
34 ret = FALSE;
35 cur = g_list_first(action_list);
36
37 while(cur && (action_descr = ((PolkitActionDescription *)(cur->data))) && (action_descr_id = polkit_action_description_get_action_id(action_descr))) {
38
39 if(!g_strcmp0(action, action_descr_id)) {
40 ret = TRUE;
41 break;
42 }
43
44 cur = cur->next;
45 }
46
47 g_list_free(action_list);
48
49 return ret;
50 }
51
52 check_auth_result polkit_try_auth(const gchar *bus, const gchar *action, gboolean prompt) {
53
54 GList *valid_actions;
55 PolkitAuthority *auth;
56 PolkitSubject *subj;
57 PolkitAuthorizationResult *result;
58 PolkitCheckAuthorizationFlags prompt_flag;
59 gboolean authorized, challenge;
60
61 auth = NULL;
62 subj = NULL;
63 result = NULL;
64 valid_actions = NULL;
65 authorized = challenge = FALSE;
66 prompt_flag = prompt ? POLKIT_CHECK_AUTHORIZATION_FLAGS_ALLOW_USER_INTERACTION : POLKIT_CHECK_AUTHORIZATION_FLAGS_NONE;
67
68 auth = polkit_authority_get_sync(NULL, NULL); /* TODO timeout for this */
69 subj = polkit_system_bus_name_new(bus);
70 valid_actions = polkit_authority_enumerate_actions_sync(auth, NULL, NULL);
71
72 if(!auth || !valid_actions)
73 return ERROR_GENERIC; /* extremely unlikely */
74 else if(!subj)
75 return ERROR_BADBUS;
76 else if(!is_valid_action(valid_actions, action))
77 return ERROR_BADACTION;
78
79 if(!(result = polkit_authority_check_authorization_sync(auth, subj, action, NULL, prompt_flag, NULL, NULL)))
80 return ERROR_GENERIC; /* TODO pass, check gerror and return more relevant error */
81
82 authorized = polkit_authorization_result_get_is_authorized(result);
83 challenge = polkit_authorization_result_get_is_challenge(result);
84
85 /* free()'s before return */
86 if(auth)
87 g_object_unref(auth);
88 if(subj)
89 g_object_unref(subj);
90 if(result)
91 g_object_unref(result);
92
93 if(authorized) {
94
95 if(challenge)
96 return AUTHORIZED_BY_PROMPT;
97
98 return AUTHORIZED_NATIVELY;
99
100 } else if(challenge)
101 return UNAUTHORIZED_FAILED_PROMPT;
102
103 return UNAUTHORIZED_NATIVELY;
104 }