[yast-commit] r48698 - in /branches/tmp/lslezak/workshop/core/polkit-check: ./ polkit.c polkit.h

Author: jreidinger Date: Tue Jul 1 11:06:51 2008 New Revision: 48698 URL: http://svn.opensuse.org/viewcvs/yast?rev=48698&view=rev Log: add polkit check routine Added: branches/tmp/lslezak/workshop/core/polkit-check/ branches/tmp/lslezak/workshop/core/polkit-check/polkit.c branches/tmp/lslezak/workshop/core/polkit-check/polkit.h Added: branches/tmp/lslezak/workshop/core/polkit-check/polkit.c URL: http://svn.opensuse.org/viewcvs/yast/branches/tmp/lslezak/workshop/core/polkit-check/polkit.c?rev=48698&view=auto ============================================================================== --- branches/tmp/lslezak/workshop/core/polkit-check/polkit.c (added) +++ branches/tmp/lslezak/workshop/core/polkit-check/polkit.c Tue Jul 1 11:06:51 2008 @@ -0,0 +1,125 @@ + +/* + check function +*/ + +#include +#include + +#include +#include + +#include "polkit.h" + +int polkit_check(const char *action_id) { + int ret = -1; + DBusError dbus_error; + DBusConnection *bus = NULL; + PolKitCaller *caller = NULL; + PolKitAction *action = NULL; + PolKitContext *context = NULL; + PolKitError *polkit_error = NULL; + PolKitSession *session = NULL; + PolKitResult polkit_result; + + dbus_error_init(&dbus_error); + + if (!(bus = dbus_bus_get(DBUS_BUS_SYSTEM, &dbus_error))) { + goto finish; + } + + if (!(caller = polkit_caller_new_from_pid(bus, getpid(), &dbus_error))) { + goto finish; + } + + /* This function is called when PulseAudio is called SUID root. We + * want to authenticate the real user that called us and not the + * effective user we gained through being SUID root. Hence we + * overwrite the UID caller data here explicitly, just for + * paranoia. In fact PolicyKit should fill in the UID here anyway + * -- an not the EUID or any other user id. */ + + if (!(polkit_caller_set_uid(caller, getuid()))) { + goto finish; + } + + if (!(polkit_caller_get_ck_session(caller, &session))) { + goto finish; + } + + /* We need to overwrite the UID in both the caller and the session + * object */ + + if (!(polkit_session_set_uid(session, getuid()))) { + goto finish; + } + + if (!(action = polkit_action_new())) { + goto finish; + } + + if (!polkit_action_set_action_id(action, action_id)) { + goto finish; + } + + if (!(context = polkit_context_new())) { + goto finish; + } + + if (!polkit_context_init(context, &polkit_error)) { + goto finish; + } + + polkit_result = polkit_context_is_caller_authorized(context, action, caller, FALSE, &polkit_error); + + if (polkit_error_is_set(polkit_error)) { + goto finish; + } + + printf("Action: %s Result: %s\n", action_id, polkit_result_to_string_representation(polkit_result)); + + switch (polkit_result) + { + case POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH: + case POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_KEEP_SESSION: + case POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_KEEP_ALWAYS: + case POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_ONE_SHOT: + case POLKIT_RESULT_ONLY_VIA_SELF_AUTH: + case POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_SESSION: + case POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_ALWAYS: + case POLKIT_RESULT_ONLY_VIA_SELF_AUTH_ONE_SHOT: + ret = -2; + break; + case POLKIT_RESULT_YES: + ret = 0; + break; + case POLKIT_RESULT_NO: + ret = -3; + break; + default: + ; //handle new value in polkit + break; + } + +finish: + + if (caller) + polkit_caller_unref(caller); + + if (action) + polkit_action_unref(action); + + if (context) + polkit_context_unref(context); + + if (bus) + dbus_connection_unref(bus); + + dbus_error_free(&dbus_error); + + if (polkit_error) + polkit_error_free(polkit_error); + + return ret; +} + Added: branches/tmp/lslezak/workshop/core/polkit-check/polkit.h URL: http://svn.opensuse.org/viewcvs/yast/branches/tmp/lslezak/workshop/core/polkit-check/polkit.h?rev=48698&view=auto ============================================================================== --- branches/tmp/lslezak/workshop/core/polkit-check/polkit.h (added) +++ branches/tmp/lslezak/workshop/core/polkit-check/polkit.h Tue Jul 1 11:06:51 2008 @@ -0,0 +1,13 @@ +/* $Id$ */ + +#ifndef polkith +#define polkith + +/** + * checks if user can provide action + * \param action action which user want do + * \return 0 if user have permision, -1 if error occured, -2 if authorization required and -3 if permision denied + */ +int polkit_check(const char *action); + +#endif -- To unsubscribe, e-mail: yast-commit+unsubscribe@opensuse.org For additional commands, e-mail: yast-commit+help@opensuse.org