mirrors/pulseaudio
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/pulseaudio/pulseaudio.git synced 2025-11-03 09:01:50 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
pulseaudio/src/daemon/polkit.c

168 lines
5.1 KiB
C
Raw Normal View History

add interface to PolicyKit git-svn-id: file:///home/lennart/svn/public/pulseaudio/trunk@2060 fefdeb5f-60dc-0310-8127-8f9354f1896f
2007-11-16 23:46:22 +00:00
/* $Id$ */
/***
This file is part of PulseAudio.
Copyright 2004-2006 Lennart Poettering
Copyright 2006 Pierre Ossman <ossman@cendio.se> for Cendio AB
PulseAudio is free software; you can redistribute it and/or modify
it under the terms of the GNU Lesser General Public License as published
by the Free Software Foundation; either version 2 of the License,
or (at your option) any later version.
PulseAudio is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU Lesser General Public License
along with PulseAudio; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
USA.
***/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#include <unistd.h>
#include <stdlib.h>
#include <inttypes.h>
#include <dbus/dbus.h>
#include <polkit-dbus/polkit-dbus.h>
#include <pulsecore/log.h>
#include <pulsecore/macro.h>
#include "polkit.h"
int pa_polkit_check(const char *action_id) {
int ret = -1;
DBusError dbus_error;
DBusConnection *bus = NULL;
PolKitCaller *caller = NULL;
PolKitAction *action = NULL;
PolKitContext *context = NULL;
PolKitError *polkit_error = NULL;
PolKitSession *session = NULL;
PolKitResult polkit_result;
dbus_error_init(&dbus_error);
if (!(bus = dbus_bus_get(DBUS_BUS_SYSTEM, &dbus_error))) {
pa_log_error("Cannot connect to system bus: %s", dbus_error.message);
goto finish;
}
if (!(caller = polkit_caller_new_from_pid(bus, getpid(), &dbus_error))) {
pa_log_error("Cannot get caller from PID: %s", dbus_error.message);
goto finish;
}
/* This function is called when PulseAudio is called SUID root. We
* want to authenticate the real user that called us and not the
* effective user we gained through being SUID root. Hence we
* overwrite the UID caller data here explicitly, just for
* paranoia. In fact PolicyKit should fill in the UID here anyway
* -- an not the EUID or any other user id. */
if (!(polkit_caller_set_uid(caller, getuid()))) {
pa_log_error("Cannot set UID on caller object.");
goto finish;
}
if (!(polkit_caller_get_ck_session(caller, &session))) {
pa_log_error("Failed to get CK session.");
goto finish;
}
/* We need to overwrite the UID in both the caller and the session
* object */
if (!(polkit_session_set_uid(session, getuid()))) {
pa_log_error("Cannot set UID on session object.");
goto finish;
}
if (!(action = polkit_action_new())) {
pa_log_error("Cannot allocate PolKitAction.");
goto finish;
}
if (!polkit_action_set_action_id(action, action_id)) {
pa_log_error("Cannot set action_id");
goto finish;
}
if (!(context = polkit_context_new())) {
pa_log_error("Cannot allocate PolKitContext.");
goto finish;
}
if (!polkit_context_init(context, &polkit_error)) {
pa_log_error("Cannot initialize PolKitContext: %s", polkit_error_get_error_message(polkit_error));
goto finish;
}
for (;;) {
polkit_result = polkit_context_is_caller_authorized(context, action, caller, TRUE, &polkit_error);
if (polkit_error_is_set(polkit_error)) {
pa_log_error("Could not determine whether caller is authorized: %s", polkit_error_get_error_message(polkit_error));
goto finish;
}
if (polkit_result == POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH ||
polkit_result == POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_KEEP_SESSION ||
polkit_result == POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_KEEP_ALWAYS ||
polkit_result == POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_ONE_SHOT ||
polkit_result == POLKIT_RESULT_ONLY_VIA_SELF_AUTH ||
polkit_result == POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_SESSION ||
modernize polkit code a bit, use new functions from pk 0.7 instead of our home-grown ones git-svn-id: file:///home/lennart/svn/public/pulseaudio/trunk@2131 fefdeb5f-60dc-0310-8127-8f9354f1896f
2008-03-27 20:34:04 +00:00
polkit_result == POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_ALWAYS ||
polkit_result == POLKIT_RESULT_ONLY_VIA_SELF_AUTH_ONE_SHOT
add interface to PolicyKit git-svn-id: file:///home/lennart/svn/public/pulseaudio/trunk@2060 fefdeb5f-60dc-0310-8127-8f9354f1896f
2007-11-16 23:46:22 +00:00
) {
modernize polkit code a bit, use new functions from pk 0.7 instead of our home-grown ones git-svn-id: file:///home/lennart/svn/public/pulseaudio/trunk@2131 fefdeb5f-60dc-0310-8127-8f9354f1896f
2008-03-27 20:34:04 +00:00
if (polkit_auth_obtain(action_id, 0, getpid(), &dbus_error)) {
polkit_result = POLKIT_RESULT_YES;
break;
}
if (dbus_error_is_set(&dbus_error)) {
pa_log_error("Cannot obtain auth: %s", dbus_error.message);
goto finish;
}
add interface to PolicyKit git-svn-id: file:///home/lennart/svn/public/pulseaudio/trunk@2060 fefdeb5f-60dc-0310-8127-8f9354f1896f
2007-11-16 23:46:22 +00:00
}
break;
}
if (polkit_result != POLKIT_RESULT_YES && polkit_result != POLKIT_RESULT_NO)
pa_log_warn("PolicyKit responded with '%s'", polkit_result_to_string_representation(polkit_result));
ret = polkit_result == POLKIT_RESULT_YES;
finish:
if (caller)
polkit_caller_unref(caller);
if (action)
polkit_action_unref(action);
if (context)
polkit_context_unref(context);
if (bus)
dbus_connection_unref(bus);
dbus_error_free(&dbus_error);
if (polkit_error)
polkit_error_free(polkit_error);
return ret;
}
Reference in a new issue Copy permalink