code.delx.au - pulseaudio/blob - src/daemon/polkit.c

   1 /***
   2   This file is part of PulseAudio.
   3
   4   Copyright 2004-2006 Lennart Poettering
   5   Copyright 2006 Pierre Ossman <ossman@cendio.se> for Cendio AB
   6
   7   PulseAudio is free software; you can redistribute it and/or modify
   8   it under the terms of the GNU Lesser General Public License as published
   9   by the Free Software Foundation; either version 2 of the License,
  10   or (at your option) any later version.
  11
  12   PulseAudio is distributed in the hope that it will be useful, but
  13   WITHOUT ANY WARRANTY; without even the implied warranty of
  14   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  15   General Public License for more details.
  16
  17   You should have received a copy of the GNU Lesser General Public License
  18   along with PulseAudio; if not, write to the Free Software
  19   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
  20   USA.
  21 ***/
  22
  23 #ifdef HAVE_CONFIG_H
  24 #include <config.h>
  25 #endif
  26
  27 #include <unistd.h>
  28 #include <stdlib.h>
  29 #include <inttypes.h>
  30
  31 #include <dbus/dbus.h>
  32 #include <polkit-dbus/polkit-dbus.h>
  33
  34 #include <pulsecore/log.h>
  35 #include <pulsecore/macro.h>
  36
  37 #include "polkit.h"
  38
  39 int pa_polkit_check(const char *action_id) {
  40     int ret = -1;
  41     DBusError dbus_error;
  42     DBusConnection *bus = NULL;
  43     PolKitCaller *caller = NULL;
  44     PolKitAction *action = NULL;
  45     PolKitContext *context = NULL;
  46     PolKitError *polkit_error = NULL;
  47     PolKitSession *session = NULL;
  48     PolKitResult polkit_result;
  49
  50     dbus_error_init(&dbus_error);
  51
  52     if (!(bus = dbus_bus_get(DBUS_BUS_SYSTEM, &dbus_error))) {
  53         pa_log_error("Cannot connect to system bus: %s", dbus_error.message);
  54         goto finish;
  55     }
  56
  57     if (!(caller = polkit_caller_new_from_pid(bus, getpid(), &dbus_error))) {
  58         pa_log_error("Cannot get caller from PID: %s", dbus_error.message);
  59         goto finish;
  60     }
  61
  62     /* This function is called when PulseAudio is called SUID root. We
  63      * want to authenticate the real user that called us and not the
  64      * effective user we gained through being SUID root. Hence we
  65      * overwrite the UID caller data here explicitly, just for
  66      * paranoia. In fact PolicyKit should fill in the UID here anyway
  67      * -- an not the EUID or any other user id. */
  68
  69     if (!(polkit_caller_set_uid(caller, getuid()))) {
  70         pa_log_error("Cannot set UID on caller object.");
  71         goto finish;
  72     }
  73
  74     if (!(polkit_caller_get_ck_session(caller, &session))) {
  75         pa_log_error("Failed to get CK session.");
  76         goto finish;
  77     }
  78
  79     /* We need to overwrite the UID in both the caller and the session
  80      * object */
  81
  82     if (!(polkit_session_set_uid(session, getuid()))) {
  83         pa_log_error("Cannot set UID on session object.");
  84         goto finish;
  85     }
  86
  87     if (!(action = polkit_action_new())) {
  88         pa_log_error("Cannot allocate PolKitAction.");
  89         goto finish;
  90     }
  91
  92     if (!polkit_action_set_action_id(action, action_id)) {
  93         pa_log_error("Cannot set action_id");
  94         goto finish;
  95     }
  96
  97     if (!(context = polkit_context_new())) {
  98         pa_log_error("Cannot allocate PolKitContext.");
  99         goto finish;
 100     }
 101
 102     if (!polkit_context_init(context, &polkit_error)) {
 103         pa_log_error("Cannot initialize PolKitContext: %s", polkit_error_get_error_message(polkit_error));
 104         goto finish;
 105     }
 106
 107     for (;;) {
 108
 109         polkit_result = polkit_context_is_caller_authorized(context, action, caller, TRUE, &polkit_error);
 110
 111         if (polkit_error_is_set(polkit_error)) {
 112             pa_log_error("Could not determine whether caller is authorized: %s", polkit_error_get_error_message(polkit_error));
 113             goto finish;
 114         }
 115
 116         if (polkit_result == POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH ||
 117             polkit_result == POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_KEEP_SESSION ||
 118             polkit_result == POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_KEEP_ALWAYS ||
 119             polkit_result == POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_ONE_SHOT ||
 120             polkit_result == POLKIT_RESULT_ONLY_VIA_SELF_AUTH ||
 121             polkit_result == POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_SESSION ||
 122             polkit_result == POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_ALWAYS ||
 123             polkit_result == POLKIT_RESULT_ONLY_VIA_SELF_AUTH_ONE_SHOT
 124         ) {
 125
 126             if (polkit_auth_obtain(action_id, 0, getpid(), &dbus_error)) {
 127                 polkit_result = POLKIT_RESULT_YES;
 128                 break;
 129             }
 130
 131             if (dbus_error_is_set(&dbus_error)) {
 132                 pa_log_error("Cannot obtain auth: %s", dbus_error.message);
 133                 goto finish;
 134             }
 135         }
 136
 137         break;
 138     }
 139
 140     if (polkit_result != POLKIT_RESULT_YES && polkit_result != POLKIT_RESULT_NO)
 141         pa_log_warn("PolicyKit responded with '%s'", polkit_result_to_string_representation(polkit_result));
 142
 143     ret = polkit_result == POLKIT_RESULT_YES;
 144
 145 finish:
 146
 147     if (caller)
 148         polkit_caller_unref(caller);
 149
 150     if (action)
 151         polkit_action_unref(action);
 152
 153     if (context)
 154         polkit_context_unref(context);
 155
 156     if (bus)
 157         dbus_connection_unref(bus);
 158
 159     dbus_error_free(&dbus_error);
 160
 161     if (polkit_error)
 162         polkit_error_free(polkit_error);
 163
 164     return ret;
 165 }