src/polkit-auth.c

   1 /*
   2  * Copyright (c) 2014 Ian Sutton <ian@kremlin.cc>
   3  *
   4  * Permission to use, copy, modify, and distribute this software for any
   5  * purpose with or without fee is hereby granted, provided that the above
   6  * copyright notice and this permission notice appear in all copies.
   7  *
   8  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
   9  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
  10  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
  11  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
  12  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
  13  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
  14  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  15  */
  16
  17 #include <unistd.h>
  18 #include <limits.h>
  19 #include <string.h>
  20
  21 #include <glib/gprintf.h>
  22 #include <glib-unix.h>
  23 #include <polkit/polkit.h>
  24
  25 #include "polkit-auth.h"
  26
  27 static gboolean is_valid_action(GList *action_list, const gchar *action) {
  28
  29     PolkitActionDescription *action_descr;
  30     action_descr = (PolkitActionDescription *)g_list_first(action_list);
  31
  32     while((action_descr = (PolkitActionDescription *)g_list_next(action_list)))
  33         if(!g_strcmp0(action, polkit_action_description_get_action_id(action_descr)))
  34             return TRUE;
  35
  36     return FALSE;
  37 }
  38
  39 check_auth_result polkit_try_auth(const gchar *bus, const gchar *action) {
  40
  41     GList           *valid_actions;
  42     PolkitAuthority *auth;
  43     PolkitSubject   *subj;
  44     PolkitAuthorizationResult *result;
  45     gboolean authorized, challenge;
  46
  47     auth  = NULL;
  48     subj  = NULL;
  49     result = NULL;
  50     valid_actions = NULL;
  51     authorized = challenge = FALSE;
  52
  53     auth = polkit_authority_get_sync(NULL, NULL); /* TODO timeout for this */
  54     subj = polkit_system_bus_name_new(bus);
  55     valid_actions = polkit_authority_enumerate_actions_sync(auth, NULL, NULL);
  56
  57    if(!auth || !valid_actions)
  58         return ERROR_GENERIC; /* extremely unlikely */
  59     else if(!subj)
  60         return ERROR_BADBUS;
  61     else if(!is_valid_action(valid_actions, action))
  62         return ERROR_BADACTION;
  63
  64    if(!(result = polkit_authority_check_authorization_sync(auth, subj, action, NULL, POLKIT_CHECK_AUTHORIZATION_FLAGS_ALLOW_USER_INTERACTION, NULL, NULL)))
  65         return ERROR_GENERIC; /* TODO pass, check gerror and return more relevant error */
  66
  67     authorized = polkit_authorization_result_get_is_authorized(result);
  68     challenge = polkit_authorization_result_get_is_challenge(result);
  69
  70     /* free()'s before return */
  71     if(valid_actions)
  72         g_object_unref(valid_actions);
  73     if(auth)
  74         g_object_unref(auth);
  75     if(subj)
  76         g_object_unref(subj);
  77     if(result)
  78         g_object_unref(result);
  79
  80     if(authorized) {
  81
  82         if(challenge)
  83             return AUTHORIZED_BY_PROMPT;
  84
  85         return AUTHORIZED_NATIVELY;
  86
  87     } else if(challenge)
  88         return UNAUTHORIZED_FAILED_PROMPT;
  89
  90     return UNAUTHORIZED_NATIVELY;
  91 }