X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=src%2Fshared%2Fpolkit.c;h=1c5e9e3e0fdc4c22ef6989734be6ff41a97831b3;hb=fb15be839500c39f6c2f006f45306d439e1a7add;hp=07d18e7d5fafbe932ee56814cf7457e3784706e6;hpb=3bdf9c1d0a241eff2d17591854172725682b27cd;p=elogind.git diff --git a/src/shared/polkit.c b/src/shared/polkit.c index 07d18e7d5..1c5e9e3e0 100644 --- a/src/shared/polkit.c +++ b/src/shared/polkit.c @@ -27,56 +27,6 @@ #include "dbus-common.h" #include "polkit.h" -/* This mimics dbus_bus_get_unix_user() */ -static pid_t get_unix_process_id( - DBusConnection *connection, - const char *name, - DBusError *error) { - - DBusMessage *m = NULL, *reply = NULL; - uint32_t pid = 0; - - m = dbus_message_new_method_call( - DBUS_SERVICE_DBUS, - DBUS_PATH_DBUS, - DBUS_INTERFACE_DBUS, - "GetConnectionUnixProcessID"); - if (!m) { - dbus_set_error_const(error, DBUS_ERROR_NO_MEMORY, NULL); - goto finish; - } - - if (!dbus_message_append_args( - m, - DBUS_TYPE_STRING, &name, - DBUS_TYPE_INVALID)) { - dbus_set_error_const(error, DBUS_ERROR_NO_MEMORY, NULL); - goto finish; - } - - reply = dbus_connection_send_with_reply_and_block(connection, m, -1, error); - if (!reply) - goto finish; - - if (dbus_set_error_from_message(error, reply)) - goto finish; - - if (!dbus_message_get_args( - reply, error, - DBUS_TYPE_UINT32, &pid, - DBUS_TYPE_INVALID)) - goto finish; - -finish: - if (m) - dbus_message_unref(m); - - if (reply) - dbus_message_unref(reply); - - return (pid_t) pid; -} - int verify_polkit( DBusConnection *c, DBusMessage *request, @@ -85,17 +35,17 @@ int verify_polkit( bool *_challenge, DBusError *error) { + +#ifdef ENABLE_POLKIT DBusMessage *m = NULL, *reply = NULL; - const char *unix_process = "unix-process", *pid = "pid", *starttime = "start-time", *cancel_id = ""; - const char *sender; + const char *system_bus_name = "system-bus-name", *name = "name", *cancel_id = ""; uint32_t flags = interactive ? 1 : 0; - pid_t pid_raw; - uint32_t pid_u32; - unsigned long long starttime_raw; - uint64_t starttime_u64; DBusMessageIter iter_msg, iter_struct, iter_array, iter_dict, iter_variant; int r; dbus_bool_t authorized = FALSE, challenge = FALSE; +#endif + const char *sender; + unsigned long ul; assert(c); assert(request); @@ -104,13 +54,15 @@ int verify_polkit( if (!sender) return -EINVAL; - pid_raw = get_unix_process_id(c, sender, error); - if (pid_raw == 0) + ul = dbus_bus_get_unix_user(c, sender, error); + if (ul == (unsigned long) -1) return -EINVAL; - r = get_starttime_of_pid(pid_raw, &starttime_raw); - if (r < 0) - return r; + /* Shortcut things for root, to avoid the PK roundtrip and dependency */ + if (ul == 0) + return 1; + +#ifdef ENABLE_POLKIT m = dbus_message_new_method_call( "org.freedesktop.PolicyKit1", @@ -122,22 +74,13 @@ int verify_polkit( dbus_message_iter_init_append(m, &iter_msg); - pid_u32 = (uint32_t) pid_raw; - starttime_u64 = (uint64_t) starttime_raw; - if (!dbus_message_iter_open_container(&iter_msg, DBUS_TYPE_STRUCT, NULL, &iter_struct) || - !dbus_message_iter_append_basic(&iter_struct, DBUS_TYPE_STRING, &unix_process) || + !dbus_message_iter_append_basic(&iter_struct, DBUS_TYPE_STRING, &system_bus_name) || !dbus_message_iter_open_container(&iter_struct, DBUS_TYPE_ARRAY, "{sv}", &iter_array) || !dbus_message_iter_open_container(&iter_array, DBUS_TYPE_DICT_ENTRY, NULL, &iter_dict) || - !dbus_message_iter_append_basic(&iter_dict, DBUS_TYPE_STRING, &pid) || - !dbus_message_iter_open_container(&iter_dict, DBUS_TYPE_VARIANT, "u", &iter_variant) || - !dbus_message_iter_append_basic(&iter_variant, DBUS_TYPE_UINT32, &pid_u32) || - !dbus_message_iter_close_container(&iter_dict, &iter_variant) || - !dbus_message_iter_close_container(&iter_array, &iter_dict) || - !dbus_message_iter_open_container(&iter_array, DBUS_TYPE_DICT_ENTRY, NULL, &iter_dict) || - !dbus_message_iter_append_basic(&iter_dict, DBUS_TYPE_STRING, &starttime) || - !dbus_message_iter_open_container(&iter_dict, DBUS_TYPE_VARIANT, "t", &iter_variant) || - !dbus_message_iter_append_basic(&iter_variant, DBUS_TYPE_UINT64, &starttime_u64) || + !dbus_message_iter_append_basic(&iter_dict, DBUS_TYPE_STRING, &name) || + !dbus_message_iter_open_container(&iter_dict, DBUS_TYPE_VARIANT, "s", &iter_variant) || + !dbus_message_iter_append_basic(&iter_variant, DBUS_TYPE_STRING, &sender) || !dbus_message_iter_close_container(&iter_dict, &iter_variant) || !dbus_message_iter_close_container(&iter_array, &iter_dict) || !dbus_message_iter_close_container(&iter_struct, &iter_array) || @@ -153,11 +96,14 @@ int verify_polkit( reply = dbus_connection_send_with_reply_and_block(c, m, -1, error); if (!reply) { - r = -EIO; - goto finish; - } - if (dbus_set_error_from_message(error, reply)) { + /* Treat no PK available as access denied */ + if (dbus_error_has_name(error, DBUS_ERROR_SERVICE_UNKNOWN)) { + r = -EACCES; + dbus_error_free(error); + goto finish; + } + r = -EIO; goto finish; } @@ -194,7 +140,6 @@ int verify_polkit( r = -EPERM; finish: - if (m) dbus_message_unref(m); @@ -202,4 +147,7 @@ finish: dbus_message_unref(reply); return r; +#else + return -EPERM; +#endif }