Ejemplo n.º 1
0
static gboolean
_add_call_polkit (NMAuthChain *self,
                  const char *permission,
                  gboolean allow_interaction)
{
	PolkitSubject *subject;
	PolkitCheckAuthorizationFlags flags = POLKIT_CHECK_AUTHORIZATION_FLAGS_NONE;
	AuthCall *call;

	g_return_val_if_fail (self != NULL, FALSE);
	g_return_val_if_fail (self->owner || self->subject, FALSE);
	g_return_val_if_fail (permission != NULL, FALSE);

	call = auth_call_new (self, permission);

	if (self->authority == NULL) {
		/* No polkit, no authorization */
		auth_call_schedule_complete_with_error (call, "PolicyKit not running");
		return FALSE;
	}

	if (self->subject) {
		subject = g_object_ref (nm_auth_subject_get_polkit_subject (self->subject));
		g_assert (subject);
	} else {
		g_assert (self->owner);
		subject = polkit_system_bus_name_new (self->owner);
		if (!subject) {
			auth_call_schedule_complete_with_error (call, "Failed to create polkit subject");
			return FALSE;
		}
	}

	if (allow_interaction)
		flags = POLKIT_CHECK_AUTHORIZATION_FLAGS_ALLOW_USER_INTERACTION;

	call->cancellable = g_cancellable_new ();
	polkit_authority_check_authorization (self->authority,
	                                      subject,
	                                      permission,
	                                      NULL,
	                                      flags,
	                                      call->cancellable,
	                                      pk_call_cb,
	                                      call);
	g_object_unref (subject);
	return TRUE;
}
Ejemplo n.º 2
0
void
nm_auth_chain_add_call (NMAuthChain *self,
                        const char *permission,
                        gboolean allow_interaction)
{
	AuthCall *call;
	NMAuthManager *auth_manager = nm_auth_manager_get ();

	g_return_if_fail (self != NULL);
	g_return_if_fail (permission && *permission);
	g_return_if_fail (self->subject);
	g_return_if_fail (nm_auth_subject_is_unix_process (self->subject) || nm_auth_subject_is_internal (self->subject));
	g_return_if_fail (!self->idle_id && !self->done);

	call = auth_call_new (self, permission);
	self->calls = g_slist_append (self->calls, call);

	if (   nm_auth_subject_is_internal (self->subject)
	    || nm_auth_subject_get_unix_process_uid (self->subject) == 0
	    || !nm_auth_manager_get_polkit_enabled (auth_manager)) {
		/* Root user or non-polkit always gets the permission */
		nm_auth_chain_set_data (self, permission, GUINT_TO_POINTER (NM_AUTH_CALL_RESULT_YES), NULL);
		call->call_idle_id = g_idle_add ((GSourceFunc) auth_call_complete, call);
	} else {
		/* Non-root always gets authenticated when using polkit */
#if WITH_POLKIT
		call->cancellable = g_cancellable_new ();
		nm_auth_manager_polkit_authority_check_authorization (auth_manager,
		                                                      self->subject,
		                                                      permission,
		                                                      allow_interaction,
		                                                      call->cancellable,
		                                                      pk_call_cb,
		                                                      call);
#else
		if (!call->chain->error) {
			call->chain->error = g_error_new_literal (DBUS_GERROR,
			                                          DBUS_GERROR_FAILED,
			                                          "Polkit support is disabled at compile time");
		}
		call->call_idle_id = g_idle_add ((GSourceFunc) auth_call_complete, call);
#endif
	}
}
Ejemplo n.º 3
0
gboolean
nm_auth_chain_add_call (NMAuthChain *self,
                        const char *permission,
                        gboolean allow_interaction)
{
	AuthCall *call;

	g_return_val_if_fail (self != NULL, FALSE);

#if WITH_POLKIT
	/* Non-root always gets authenticated when using polkit */
	if (self->user_uid > 0)
		return _add_call_polkit (self, permission, allow_interaction);
#endif

	/* Root user or non-polkit always gets the permission */
	call = auth_call_new (self, permission);
	nm_auth_chain_set_data (self, permission, GUINT_TO_POINTER (NM_AUTH_CALL_RESULT_YES), NULL);
	call->call_idle_id = g_idle_add ((GSourceFunc) auth_call_complete, call);
	return TRUE;
}