Author: jreidinger
Date: Tue Jul 1 11:06:51 2008
New Revision: 48698
URL: http://svn.opensuse.org/viewcvs/yast?rev=48698&view=rev
Log:
add polkit check routine
Added:
branches/tmp/lslezak/workshop/core/polkit-check/
branches/tmp/lslezak/workshop/core/polkit-check/polkit.c
branches/tmp/lslezak/workshop/core/polkit-check/polkit.h
Added: branches/tmp/lslezak/workshop/core/polkit-check/polkit.c
URL: http://svn.opensuse.org/viewcvs/yast/branches/tmp/lslezak/workshop/core/polkit-check/polkit.c?rev=48698&view=auto
==============================================================================
--- branches/tmp/lslezak/workshop/core/polkit-check/polkit.c (added)
+++ branches/tmp/lslezak/workshop/core/polkit-check/polkit.c Tue Jul 1 11:06:51 2008
@@ -0,0 +1,125 @@
+
+/*
+ check function
+*/
+
+#include
+#include
+
+#include
+#include
+
+#include "polkit.h"
+
+int polkit_check(const char *action_id) {
+ int ret = -1;
+ DBusError dbus_error;
+ DBusConnection *bus = NULL;
+ PolKitCaller *caller = NULL;
+ PolKitAction *action = NULL;
+ PolKitContext *context = NULL;
+ PolKitError *polkit_error = NULL;
+ PolKitSession *session = NULL;
+ PolKitResult polkit_result;
+
+ dbus_error_init(&dbus_error);
+
+ if (!(bus = dbus_bus_get(DBUS_BUS_SYSTEM, &dbus_error))) {
+ goto finish;
+ }
+
+ if (!(caller = polkit_caller_new_from_pid(bus, getpid(), &dbus_error))) {
+ goto finish;
+ }
+
+ /* This function is called when PulseAudio is called SUID root. We
+ * want to authenticate the real user that called us and not the
+ * effective user we gained through being SUID root. Hence we
+ * overwrite the UID caller data here explicitly, just for
+ * paranoia. In fact PolicyKit should fill in the UID here anyway
+ * -- an not the EUID or any other user id. */
+
+ if (!(polkit_caller_set_uid(caller, getuid()))) {
+ goto finish;
+ }
+
+ if (!(polkit_caller_get_ck_session(caller, &session))) {
+ goto finish;
+ }
+
+ /* We need to overwrite the UID in both the caller and the session
+ * object */
+
+ if (!(polkit_session_set_uid(session, getuid()))) {
+ goto finish;
+ }
+
+ if (!(action = polkit_action_new())) {
+ goto finish;
+ }
+
+ if (!polkit_action_set_action_id(action, action_id)) {
+ goto finish;
+ }
+
+ if (!(context = polkit_context_new())) {
+ goto finish;
+ }
+
+ if (!polkit_context_init(context, &polkit_error)) {
+ goto finish;
+ }
+
+ polkit_result = polkit_context_is_caller_authorized(context, action, caller, FALSE, &polkit_error);
+
+ if (polkit_error_is_set(polkit_error)) {
+ goto finish;
+ }
+
+ printf("Action: %s Result: %s\n", action_id, polkit_result_to_string_representation(polkit_result));
+
+ switch (polkit_result)
+ {
+ case POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH:
+ case POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_KEEP_SESSION:
+ case POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_KEEP_ALWAYS:
+ case POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_ONE_SHOT:
+ case POLKIT_RESULT_ONLY_VIA_SELF_AUTH:
+ case POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_SESSION:
+ case POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_ALWAYS:
+ case POLKIT_RESULT_ONLY_VIA_SELF_AUTH_ONE_SHOT:
+ ret = -2;
+ break;
+ case POLKIT_RESULT_YES:
+ ret = 0;
+ break;
+ case POLKIT_RESULT_NO:
+ ret = -3;
+ break;
+ default:
+ ; //handle new value in polkit
+ break;
+ }
+
+finish:
+
+ if (caller)
+ polkit_caller_unref(caller);
+
+ if (action)
+ polkit_action_unref(action);
+
+ if (context)
+ polkit_context_unref(context);
+
+ if (bus)
+ dbus_connection_unref(bus);
+
+ dbus_error_free(&dbus_error);
+
+ if (polkit_error)
+ polkit_error_free(polkit_error);
+
+ return ret;
+}
+
Added: branches/tmp/lslezak/workshop/core/polkit-check/polkit.h
URL: http://svn.opensuse.org/viewcvs/yast/branches/tmp/lslezak/workshop/core/polkit-check/polkit.h?rev=48698&view=auto
==============================================================================
--- branches/tmp/lslezak/workshop/core/polkit-check/polkit.h (added)
+++ branches/tmp/lslezak/workshop/core/polkit-check/polkit.h Tue Jul 1 11:06:51 2008
@@ -0,0 +1,13 @@
+/* $Id$ */
+
+#ifndef polkith
+#define polkith
+
+/**
+ * checks if user can provide action
+ * \param action action which user want do
+ * \return 0 if user have permision, -1 if error occured, -2 if authorization required and -3 if permision denied
+ */
+int polkit_check(const char *action);
+
+#endif
--
To unsubscribe, e-mail: yast-commit+unsubscribe@opensuse.org
For additional commands, e-mail: yast-commit+help@opensuse.org