chiark / gitweb /
journald: augment journal entries from the kernel with data from udev
[elogind.git] / src / shared / polkit.c
1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
2
3 /***
4   This file is part of systemd.
5
6   Copyright 2011 Lennart Poettering
7
8   systemd is free software; you can redistribute it and/or modify it
9   under the terms of the GNU Lesser General Public License as published by
10   the Free Software Foundation; either version 2.1 of the License, or
11   (at your option) any later version.
12
13   systemd is distributed in the hope that it will be useful, but
14   WITHOUT ANY WARRANTY; without even the implied warranty of
15   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16   Lesser General Public License for more details.
17
18   You should have received a copy of the GNU Lesser General Public License
19   along with systemd; If not, see <http://www.gnu.org/licenses/>.
20 ***/
21
22 #include <sys/types.h>
23
24 #include <errno.h>
25
26 #include "util.h"
27 #include "dbus-common.h"
28 #include "polkit.h"
29
30 int verify_polkit(
31                 DBusConnection *c,
32                 DBusMessage *request,
33                 const char *action,
34                 bool interactive,
35                 bool *_challenge,
36                 DBusError *error) {
37
38         DBusMessage *m = NULL, *reply = NULL;
39         const char *unix_process = "unix-process", *pid = "pid", *starttime = "start-time", *cancel_id = "";
40         const char *sender;
41         uint32_t flags = interactive ? 1 : 0;
42         pid_t pid_raw;
43         uint32_t pid_u32;
44         unsigned long long starttime_raw;
45         uint64_t starttime_u64;
46         DBusMessageIter iter_msg, iter_struct, iter_array, iter_dict, iter_variant;
47         int r;
48         dbus_bool_t authorized = FALSE, challenge = FALSE;
49
50         assert(c);
51         assert(request);
52
53         sender = dbus_message_get_sender(request);
54         if (!sender)
55                 return -EINVAL;
56
57         pid_raw = bus_get_unix_process_id(c, sender, error);
58         if (pid_raw == 0)
59                 return -EINVAL;
60
61         r = get_starttime_of_pid(pid_raw, &starttime_raw);
62         if (r < 0)
63                 return r;
64
65         m = dbus_message_new_method_call(
66                         "org.freedesktop.PolicyKit1",
67                         "/org/freedesktop/PolicyKit1/Authority",
68                         "org.freedesktop.PolicyKit1.Authority",
69                         "CheckAuthorization");
70         if (!m)
71                 return -ENOMEM;
72
73         dbus_message_iter_init_append(m, &iter_msg);
74
75         pid_u32 = (uint32_t) pid_raw;
76         starttime_u64 = (uint64_t) starttime_raw;
77
78         if (!dbus_message_iter_open_container(&iter_msg, DBUS_TYPE_STRUCT, NULL, &iter_struct) ||
79             !dbus_message_iter_append_basic(&iter_struct, DBUS_TYPE_STRING, &unix_process) ||
80             !dbus_message_iter_open_container(&iter_struct, DBUS_TYPE_ARRAY, "{sv}", &iter_array) ||
81             !dbus_message_iter_open_container(&iter_array, DBUS_TYPE_DICT_ENTRY, NULL, &iter_dict) ||
82             !dbus_message_iter_append_basic(&iter_dict, DBUS_TYPE_STRING, &pid) ||
83             !dbus_message_iter_open_container(&iter_dict, DBUS_TYPE_VARIANT, "u", &iter_variant) ||
84             !dbus_message_iter_append_basic(&iter_variant, DBUS_TYPE_UINT32, &pid_u32) ||
85             !dbus_message_iter_close_container(&iter_dict, &iter_variant) ||
86             !dbus_message_iter_close_container(&iter_array, &iter_dict) ||
87             !dbus_message_iter_open_container(&iter_array, DBUS_TYPE_DICT_ENTRY, NULL, &iter_dict) ||
88             !dbus_message_iter_append_basic(&iter_dict, DBUS_TYPE_STRING, &starttime) ||
89             !dbus_message_iter_open_container(&iter_dict, DBUS_TYPE_VARIANT, "t", &iter_variant) ||
90             !dbus_message_iter_append_basic(&iter_variant, DBUS_TYPE_UINT64, &starttime_u64) ||
91             !dbus_message_iter_close_container(&iter_dict, &iter_variant) ||
92             !dbus_message_iter_close_container(&iter_array, &iter_dict) ||
93             !dbus_message_iter_close_container(&iter_struct, &iter_array) ||
94             !dbus_message_iter_close_container(&iter_msg, &iter_struct) ||
95             !dbus_message_iter_append_basic(&iter_msg, DBUS_TYPE_STRING, &action) ||
96             !dbus_message_iter_open_container(&iter_msg, DBUS_TYPE_ARRAY, "{ss}", &iter_array) ||
97             !dbus_message_iter_close_container(&iter_msg, &iter_array) ||
98             !dbus_message_iter_append_basic(&iter_msg, DBUS_TYPE_UINT32, &flags) ||
99             !dbus_message_iter_append_basic(&iter_msg, DBUS_TYPE_STRING, &cancel_id)) {
100                 r = -ENOMEM;
101                 goto finish;
102         }
103
104         reply = dbus_connection_send_with_reply_and_block(c, m, -1, error);
105         if (!reply) {
106                 r = -EIO;
107                 goto finish;
108         }
109
110         if (dbus_set_error_from_message(error, reply)) {
111                 r = -EIO;
112                 goto finish;
113         }
114
115         if (!dbus_message_iter_init(reply, &iter_msg) ||
116             dbus_message_iter_get_arg_type(&iter_msg) != DBUS_TYPE_STRUCT) {
117                 r = -EIO;
118                 goto finish;
119         }
120
121         dbus_message_iter_recurse(&iter_msg, &iter_struct);
122
123         if (dbus_message_iter_get_arg_type(&iter_struct) != DBUS_TYPE_BOOLEAN) {
124                 r = -EIO;
125                 goto finish;
126         }
127
128         dbus_message_iter_get_basic(&iter_struct, &authorized);
129
130         if (!dbus_message_iter_next(&iter_struct) ||
131             dbus_message_iter_get_arg_type(&iter_struct) != DBUS_TYPE_BOOLEAN) {
132                 r = -EIO;
133                 goto finish;
134         }
135
136         dbus_message_iter_get_basic(&iter_struct, &challenge);
137
138         if (authorized)
139                 r = 1;
140         else if (_challenge) {
141                 *_challenge = !!challenge;
142                 r = 0;
143         } else
144                 r = -EPERM;
145
146 finish:
147
148         if (m)
149                 dbus_message_unref(m);
150
151         if (reply)
152                 dbus_message_unref(reply);
153
154         return r;
155 }