code.delx.au - pulseaudio/blob - src/daemon/polkit.c

   1 /* $Id$ */
   2
   3 /***
   4   This file is part of PulseAudio.
   5
   6   Copyright 2004-2006 Lennart Poettering
   7   Copyright 2006 Pierre Ossman <ossman@cendio.se> for Cendio AB
   8
   9   PulseAudio is free software; you can redistribute it and/or modify
  10   it under the terms of the GNU Lesser General Public License as published
  11   by the Free Software Foundation; either version 2 of the License,
  12   or (at your option) any later version.
  13
  14   PulseAudio is distributed in the hope that it will be useful, but
  15   WITHOUT ANY WARRANTY; without even the implied warranty of
  16   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  17   General Public License for more details.
  18
  19   You should have received a copy of the GNU Lesser General Public License
  20   along with PulseAudio; if not, write to the Free Software
  21   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
  22   USA.
  23 ***/
  24
  25 #ifdef HAVE_CONFIG_H
  26 #include <config.h>
  27 #endif
  28
  29 #include <unistd.h>
  30 #include <stdlib.h>
  31 #include <inttypes.h>
  32
  33 #include <dbus/dbus.h>
  34 #include <polkit-dbus/polkit-dbus.h>
  35
  36 #include <pulsecore/log.h>
  37 #include <pulsecore/macro.h>
  38
  39 #include "polkit.h"
  40
  41 int pa_polkit_check(const char *action_id) {
  42     int ret = -1;
  43     DBusError dbus_error;
  44     DBusConnection *bus = NULL;
  45     PolKitCaller *caller = NULL;
  46     PolKitAction *action = NULL;
  47     PolKitContext *context = NULL;
  48     PolKitError *polkit_error = NULL;
  49     PolKitSession *session = NULL;
  50     PolKitResult polkit_result;
  51
  52     dbus_error_init(&dbus_error);
  53
  54     if (!(bus = dbus_bus_get(DBUS_BUS_SYSTEM, &dbus_error))) {
  55         pa_log_error("Cannot connect to system bus: %s", dbus_error.message);
  56         goto finish;
  57     }
  58
  59     if (!(caller = polkit_caller_new_from_pid(bus, getpid(), &dbus_error))) {
  60         pa_log_error("Cannot get caller from PID: %s", dbus_error.message);
  61         goto finish;
  62     }
  63
  64     /* This function is called when PulseAudio is called SUID root. We
  65      * want to authenticate the real user that called us and not the
  66      * effective user we gained through being SUID root. Hence we
  67      * overwrite the UID caller data here explicitly, just for
  68      * paranoia. In fact PolicyKit should fill in the UID here anyway
  69      * -- an not the EUID or any other user id. */
  70
  71     if (!(polkit_caller_set_uid(caller, getuid()))) {
  72         pa_log_error("Cannot set UID on caller object.");
  73         goto finish;
  74     }
  75
  76     if (!(polkit_caller_get_ck_session(caller, &session))) {
  77         pa_log_error("Failed to get CK session.");
  78         goto finish;
  79     }
  80
  81     /* We need to overwrite the UID in both the caller and the session
  82      * object */
  83
  84     if (!(polkit_session_set_uid(session, getuid()))) {
  85         pa_log_error("Cannot set UID on session object.");
  86         goto finish;
  87     }
  88
  89     if (!(action = polkit_action_new())) {
  90         pa_log_error("Cannot allocate PolKitAction.");
  91         goto finish;
  92     }
  93
  94     if (!polkit_action_set_action_id(action, action_id)) {
  95         pa_log_error("Cannot set action_id");
  96         goto finish;
  97     }
  98
  99     if (!(context = polkit_context_new())) {
 100         pa_log_error("Cannot allocate PolKitContext.");
 101         goto finish;
 102     }
 103
 104     if (!polkit_context_init(context, &polkit_error)) {
 105         pa_log_error("Cannot initialize PolKitContext: %s", polkit_error_get_error_message(polkit_error));
 106         goto finish;
 107     }
 108
 109     for (;;) {
 110
 111         polkit_result = polkit_context_is_caller_authorized(context, action, caller, TRUE, &polkit_error);
 112
 113         if (polkit_error_is_set(polkit_error)) {
 114             pa_log_error("Could not determine whether caller is authorized: %s", polkit_error_get_error_message(polkit_error));
 115             goto finish;
 116         }
 117
 118         if (polkit_result == POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH ||
 119             polkit_result == POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_KEEP_SESSION ||
 120             polkit_result == POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_KEEP_ALWAYS ||
 121             polkit_result == POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_ONE_SHOT ||
 122             polkit_result == POLKIT_RESULT_ONLY_VIA_SELF_AUTH ||
 123             polkit_result == POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_SESSION ||
 124             polkit_result == POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_ALWAYS ||
 125             polkit_result == POLKIT_RESULT_ONLY_VIA_SELF_AUTH_ONE_SHOT
 126         ) {
 127
 128             if (polkit_auth_obtain(action_id, 0, getpid(), &dbus_error)) {
 129                 polkit_result = POLKIT_RESULT_YES;
 130                 break;
 131             }
 132
 133             if (dbus_error_is_set(&dbus_error)) {
 134                 pa_log_error("Cannot obtain auth: %s", dbus_error.message);
 135                 goto finish;
 136             }
 137         }
 138
 139         break;
 140     }
 141
 142     if (polkit_result != POLKIT_RESULT_YES && polkit_result != POLKIT_RESULT_NO)
 143         pa_log_warn("PolicyKit responded with '%s'", polkit_result_to_string_representation(polkit_result));
 144
 145     ret = polkit_result == POLKIT_RESULT_YES;
 146
 147 finish:
 148
 149     if (caller)
 150         polkit_caller_unref(caller);
 151
 152     if (action)
 153         polkit_action_unref(action);
 154
 155     if (context)
 156         polkit_context_unref(context);
 157
 158     if (bus)
 159         dbus_connection_unref(bus);
 160
 161     dbus_error_free(&dbus_error);
 162
 163     if (polkit_error)
 164         polkit_error_free(polkit_error);
 165
 166     return ret;
 167 }