gboolean
get_caller_uid (GDBusMethodInvocation *context,
gint *uid)
{
GVariant *reply;
GError *error;
error = NULL;
reply = g_dbus_connection_call_sync (g_dbus_method_invocation_get_connection (context),
"org.freedesktop.DBus",
"/org/freedesktop/DBus",
"org.freedesktop.DBus",
"GetConnectionUnixUser",
g_variant_new ("(s)",
g_dbus_method_invocation_get_sender (context)),
G_VARIANT_TYPE ("(u)"),
G_DBUS_CALL_FLAGS_NONE,
-1,
NULL,
&error);
if (reply == NULL) {
g_warning ("Could not talk to message bus to find uid of sender %s: %s",
g_dbus_method_invocation_get_sender (context),
error->message);
g_error_free (error);
return FALSE;
}
g_variant_get (reply, "(u)", uid);
g_variant_unref (reply);
return TRUE;
}
bool cpc_tasks_apply(cpc_task_t *task, cpc_pm_manager_t *pm_manager,
cpc_cb_t finished, void *finished_data,
cpc_tasks_handle_t *handle)
{
CPC_ERR_MANAGE;
cpc_task_data_t *callback_data;
const gchar *client_name =
g_dbus_method_invocation_get_sender(task->invocation);
callback_data = g_new(cpc_task_data_t, 1);
callback_data->finished = finished;
callback_data->finished_data = finished_data;
callback_data->invocation = task->invocation;
CPC_FAIL(cpc_pm_manager_apply(pm_manager, task->path, client_name,
task->pin, prv_task_finished,
callback_data, handle));
task->invocation = NULL;
syslog(LOG_INFO, "Starting Apply task");
CPC_LOGF("Starting Apply task");
return true;
CPC_ON_ERR:
g_free(callback_data);
g_dbus_method_invocation_return_dbus_error(
task->invocation, cpc_dbus_error_map(CPC_ERR), "");
task->invocation = NULL;
return false;
}
gboolean
daemon_get_sender_uid (Daemon *daemon,
GDBusMethodInvocation *invocation,
uid_t *uid)
{
GError *error = NULL;
const char *sender = g_dbus_method_invocation_get_sender (invocation);
gs_unref_variant GVariant *reply = NULL;
reply = g_dbus_proxy_call_sync (daemon->system_bus_proxy, "org.freedesktop.DBus.GetConnectionUnixUser",
g_variant_new ("(s)", sender), 0, -1,
NULL, &error);
if (reply == NULL)
{
g_dbus_method_invocation_take_error (invocation, error);
return FALSE;
}
if (g_variant_is_of_type (reply, G_VARIANT_TYPE("(u)")))
g_variant_get (reply, "(u)", uid);
else
{
g_dbus_method_invocation_return_error (invocation,
COCKPIT_ERROR, COCKPIT_ERROR_FAILED,
"DBus is broken");
return FALSE;
}
return TRUE;
}
void cpc_tasks_create_pm(cpc_task_t *task, cpc_pm_manager_t *pm_manager)
{
CPC_ERR_MANAGE;
gchar *path;
GDBusConnection *connection =
g_dbus_method_invocation_get_connection(task->invocation);
const gchar *client_name =
g_dbus_method_invocation_get_sender(task->invocation);
CPC_FAIL(cpc_pm_manager_new_message(pm_manager,
client_name,
connection,
task->wp_message,
task->wp_message_len,
&path));
CPC_LOGF("New Push Message object created %s", path);
syslog(LOG_INFO, "New Push Message object created %s", path);
g_dbus_method_invocation_return_value(
task->invocation, g_variant_new("(o)", path));
g_free(path);
task->invocation = NULL;
return;
CPC_ON_ERR:
CPC_LOGF("Failed to create Push Message object");
syslog(LOG_INFO, "Failed to create Push Message object");
g_dbus_method_invocation_return_dbus_error(
task->invocation, cpc_dbus_error_map(CPC_ERR), "");
task->invocation = NULL;
}
static gboolean
sysroot_transform_transaction_to_attrs (GBinding *binding,
const GValue *src_value,
GValue *dst_value,
gpointer user_data)
{
RpmostreedTransaction *transaction;
GVariant *variant;
const char *method_name = "";
const char *path = "";
const char *sender_name = "";
transaction = g_value_get_object (src_value);
if (transaction != NULL)
{
GDBusMethodInvocation *invocation;
invocation = rpmostreed_transaction_get_invocation (transaction);
method_name = g_dbus_method_invocation_get_method_name (invocation);
path = g_dbus_method_invocation_get_object_path (invocation);
sender_name = g_dbus_method_invocation_get_sender (invocation);
}
variant = g_variant_new ("(sss)", method_name, sender_name, path);
g_value_set_variant (dst_value, variant);
return TRUE;
}
static gboolean
service_method_lock (GkdExportedService *skeleton,
GDBusMethodInvocation *invocation,
gchar **objpaths,
GkdSecretService *self)
{
const char *caller;
GckObject *collection;
int i;
char **locked;
GPtrArray *array;
caller = g_dbus_method_invocation_get_sender (invocation);
array = g_ptr_array_new ();
for (i = 0; objpaths[i] != NULL; ++i) {
collection = gkd_secret_objects_lookup_collection (self->objects, caller, objpaths[i]);
if (collection != NULL) {
if (gkd_secret_lock (collection, NULL)) {
g_ptr_array_add (array, objpaths[i]);
gkd_secret_objects_emit_collection_locked (self->objects,
collection);
}
g_object_unref (collection);
}
}
g_ptr_array_add (array, NULL);
locked = (gchar **) g_ptr_array_free (array, FALSE);
gkd_exported_service_complete_lock (skeleton, invocation,
(const gchar **) locked, "/");
return TRUE;
}
static gboolean
method_change_lock_internal (GkdSecretService *self,
GDBusMethodInvocation *invocation,
const gchar *collection_path)
{
GkdSecretChange *change;
const char *caller;
const gchar *path;
GckObject *collection;
caller = g_dbus_method_invocation_get_sender (invocation);
/* Make sure it exists */
collection = gkd_secret_objects_lookup_collection (self->objects, caller, collection_path);
if (!collection) {
g_dbus_method_invocation_return_error_literal (invocation, GKD_SECRET_ERROR,
GKD_SECRET_ERROR_NO_SUCH_OBJECT,
"The collection does not exist");
return TRUE;
}
g_object_unref (collection);
change = gkd_secret_change_new (self, caller, collection_path);
path = gkd_secret_dispatch_get_object_path (GKD_SECRET_DISPATCH (change));
gkd_secret_service_publish_dispatch (self, caller,
GKD_SECRET_DISPATCH (change));
g_dbus_method_invocation_return_value (invocation, g_variant_new ("(o)", path));
g_object_unref (change);
return TRUE;
}
static gboolean
service_method_read_alias (GkdExportedService *skeleton,
GDBusMethodInvocation *invocation,
gchar *alias,
GkdSecretService *self)
{
gchar *path = NULL;
const gchar *identifier;
GckObject *collection = NULL;
identifier = gkd_secret_service_get_alias (self, alias);
if (identifier)
path = gkd_secret_util_build_path (SECRET_COLLECTION_PREFIX, identifier, -1);
/* Make sure it actually exists */
if (path)
collection = gkd_secret_objects_lookup_collection (self->objects,
g_dbus_method_invocation_get_sender (invocation),
path);
if (collection == NULL) {
g_free (path);
path = NULL;
} else {
g_object_unref (collection);
}
if (path == NULL)
path = g_strdup ("/");
gkd_exported_service_complete_read_alias (skeleton, invocation, path);
g_free (path);
return TRUE;
}
static gboolean
handle_set_policy_cb (TcmmdManagedConnections *iface,
GDBusMethodInvocation *invocation,
const gchar *src_ip,
guint src_port,
const gchar *dest_ip,
guint dest_port,
guint bitrate,
gdouble buffer_fill,
gpointer user_data)
{
TcmmdDbus *self = user_data;
g_print ("SetPolicy: src=%s:%d, dest=%s:%d, bitrate=%d, buffer=%d%%\n",
src_ip, src_port, dest_ip, dest_port, bitrate, (gint) (buffer_fill * 100.0));
watch_name (self, g_dbus_method_invocation_get_sender (invocation));
tcmmd_managed_connections_set_bitrate (self->priv->iface, bitrate);
tcmmd_managed_connections_set_buffer_fill (self->priv->iface, buffer_fill);
g_signal_emit (self, signals[SET_POLICY], 0,
src_ip, src_port, dest_ip, dest_port, bitrate, buffer_fill);
return TRUE;
}
static gboolean
service_method_change_with_master_password (GkdExportedInternal *skeleton,
GDBusMethodInvocation *invocation,
gchar *path,
GVariant *original_variant,
GVariant *master_variant,
GkdSecretService *self)
{
GkdSecretSecret *original, *master;
GckObject *collection;
GError *error = NULL;
const gchar *sender;
sender = g_dbus_method_invocation_get_sender (invocation);
/* Parse the incoming message */
original = gkd_secret_secret_parse (self, sender,
original_variant, &error);
if (original == NULL) {
g_dbus_method_invocation_take_error (invocation, error);
return TRUE;
}
master = gkd_secret_secret_parse (self, sender,
master_variant, &error);
if (master == NULL) {
g_dbus_method_invocation_take_error (invocation, error);
return TRUE;
}
/* Make sure we have such a collection */
collection = gkd_secret_objects_lookup_collection (self->objects, sender,
path);
/* No such collection */
if (collection == NULL) {
g_dbus_method_invocation_return_error_literal (invocation, GKD_SECRET_ERROR,
GKD_SECRET_ERROR_NO_SUCH_OBJECT,
"The collection does not exist");
}
/* Success */
else if (gkd_secret_change_with_secrets (collection, NULL, original, master, &error))
gkd_exported_internal_complete_change_with_master_password
(skeleton, invocation);
/* Failure */
else
gkd_secret_propagate_error (invocation, "Couldn't change collection password", error);
gkd_secret_secret_free (original);
gkd_secret_secret_free (master);
if (collection)
g_object_unref (collection);
return TRUE;
}
void
sys_log (GDBusMethodInvocation *context,
const gchar *format,
...)
{
va_list args;
gchar *msg;
va_start (args, format);
msg = g_strdup_vprintf (format, args);
va_end (args);
if (context) {
PolkitSubject *subject;
gchar *cmdline = NULL;
gchar *id;
GPid pid = 0;
gint uid = -1;
gchar *tmp;
subject = polkit_system_bus_name_new (g_dbus_method_invocation_get_sender (context));
id = polkit_subject_to_string (subject);
if (get_caller_pid (context, &pid)) {
cmdline = get_cmdline_of_pid (pid);
} else {
pid = 0;
cmdline = NULL;
}
if (cmdline != NULL) {
if (get_caller_uid (context, &uid)) {
tmp = g_strdup_printf ("request by %s [%s pid:%d uid:%d]: %s", id, cmdline, (int) pid, uid, msg);
} else {
tmp = g_strdup_printf ("request by %s [%s pid:%d]: %s", id, cmdline, (int) pid, msg);
}
} else {
if (get_caller_uid (context, &uid) && pid != 0) {
tmp = g_strdup_printf ("request by %s [pid:%d uid:%d]: %s", id, (int) pid, uid, msg);
} else if (pid != 0) {
tmp = g_strdup_printf ("request by %s [pid:%d]: %s", id, (int) pid, msg);
} else {
tmp = g_strdup_printf ("request by %s: %s", id, msg);
}
}
g_free (msg);
msg = tmp;
g_free (id);
g_free (cmdline);
g_object_unref (subject);
}
syslog (LOG_NOTICE, "%s", msg);
g_free (msg);
}
/**
* udisks_daemon_util_get_caller_pid_sync:
* @daemon: A #UDisksDaemon.
* @invocation: A #GDBusMethodInvocation.
* @cancellable: (allow-none): A #GCancellable or %NULL.
* @out_pid: (out): Return location for resolved pid or %NULL.
* @error: Return location for error.
*
* Gets the UNIX process id of the peer represented by @invocation.
*
* Returns: %TRUE if the process id was obtained, %FALSE otherwise
*/
gboolean
udisks_daemon_util_get_caller_pid_sync (UDisksDaemon *daemon,
GDBusMethodInvocation *invocation,
GCancellable *cancellable,
pid_t *out_pid,
GError **error)
{
gboolean ret;
const gchar *caller;
GVariant *value;
GError *local_error;
pid_t pid;
/* TODO: cache this on @daemon */
ret = FALSE;
caller = g_dbus_method_invocation_get_sender (invocation);
local_error = NULL;
value = g_dbus_connection_call_sync (g_dbus_method_invocation_get_connection (invocation),
"org.freedesktop.DBus", /* bus name */
"/org/freedesktop/DBus", /* object path */
"org.freedesktop.DBus", /* interface */
"GetConnectionUnixProcessID", /* method */
g_variant_new ("(s)", caller),
G_VARIANT_TYPE ("(u)"),
G_DBUS_CALL_FLAGS_NONE,
-1, /* timeout_msec */
cancellable,
&local_error);
if (value == NULL)
{
g_set_error (error,
UDISKS_ERROR,
UDISKS_ERROR_FAILED,
"Error determining uid of caller %s: %s (%s, %d)",
caller,
local_error->message,
g_quark_to_string (local_error->domain),
local_error->code);
g_error_free (local_error);
goto out;
}
{
G_STATIC_ASSERT (sizeof (uid_t) == sizeof (guint32));
}
g_variant_get (value, "(u)", &pid);
if (out_pid != NULL)
*out_pid = pid;
ret = TRUE;
out:
return ret;
}
gboolean
gkd_secret_objects_handle_get_secrets (GkdSecretObjects *self,
GDBusMethodInvocation *invocation,
const gchar **paths,
const gchar *session_path)
{
GkdSecretSession *session;
GkdSecretSecret *secret;
GckObject *item;
const char *caller;
int i;
GVariantBuilder builder;
GError *error = NULL;
caller = g_dbus_method_invocation_get_sender (invocation);
session = gkd_secret_service_lookup_session (self->service, session_path, caller);
if (session == NULL) {
g_dbus_method_invocation_return_error_literal (invocation, GKD_SECRET_ERROR,
GKD_SECRET_ERROR_NO_SESSION,
"The session does not exist");
return TRUE;
}
g_variant_builder_init (&builder, G_VARIANT_TYPE ("a{o(oayays)}"));
for (i = 0; paths[i] != NULL; ++i) {
/* Try to find the item, if it doesn't exist, just ignore */
item = gkd_secret_objects_lookup_item (self, caller, paths[i]);
if (!item)
continue;
secret = gkd_secret_session_get_item_secret (session, item, &error);
g_object_unref (item);
if (secret == NULL) {
/* We ignore is locked, and just leave out from response */
if (g_error_matches (error, GKD_SECRET_ERROR, GKD_SECRET_ERROR_IS_LOCKED)) {
g_clear_error (&error);
continue;
/* All other errors stop the operation */
} else {
g_dbus_method_invocation_take_error (invocation, error);
return TRUE;
}
}
g_variant_builder_add (&builder, "{o@(oayays)}", paths[i], gkd_secret_secret_append (secret));
gkd_secret_secret_free (secret);
}
g_dbus_method_invocation_return_value (invocation,
g_variant_new ("(@a{o(oayays)})", g_variant_builder_end (&builder)));
return TRUE;
}
char *
xdp_invocation_lookup_app_id_sync (GDBusMethodInvocation *invocation,
GCancellable *cancellable,
GError **error)
{
GDBusConnection *connection = g_dbus_method_invocation_get_connection (invocation);
const gchar *sender = g_dbus_method_invocation_get_sender (invocation);
return xdp_connection_lookup_app_id_sync (connection, sender, cancellable, error);
}
/*
* This handler is run in a separate thread, so all operations can be
* synchronous.
*/
static gboolean
on_authorize_method_check (GDBusInterfaceSkeleton *interface,
GDBusMethodInvocation *invocation,
EmerDaemon *daemon)
{
const gchar *method_name =
g_dbus_method_invocation_get_method_name (invocation);
const AuthorizedMethod *authorized_method = lookup_authorized_method (method_name);
if (authorized_method == NULL)
return TRUE;
GError *error = NULL;
PolkitAuthority *authority =
polkit_authority_get_sync (NULL /*GCancellable*/, &error);
if (authority == NULL)
{
g_critical ("Could not get PolicyKit authority: %s.", error->message);
g_dbus_method_invocation_return_gerror (invocation, error);
g_error_free (error);
return FALSE;
}
const gchar *sender_name = g_dbus_method_invocation_get_sender (invocation);
PolkitSubject *subject = polkit_system_bus_name_new (sender_name);
PolkitAuthorizationResult *result =
polkit_authority_check_authorization_sync (authority,
subject,
authorized_method->method_full_name,
NULL /*PolkitDetails*/,
POLKIT_CHECK_AUTHORIZATION_FLAGS_NONE,
NULL /*GCancellable*/,
&error);
g_object_unref (authority);
g_object_unref (subject);
if (result == NULL)
{
g_critical ("Could not get PolicyKit authorization result: %s.",
error->message);
g_dbus_method_invocation_return_gerror (invocation, error);
g_error_free (error);
return FALSE;
}
gboolean authorized = polkit_authorization_result_get_is_authorized (result);
if (!authorized)
g_dbus_method_invocation_return_error_literal (invocation,
G_DBUS_ERROR,
G_DBUS_ERROR_AUTH_FAILED,
authorized_method->error_message);
g_object_unref (result);
return authorized;
}
static gboolean
service_method_create_with_master_password (GkdExportedInternal *skeleton,
GDBusMethodInvocation *invocation,
GVariant *attributes,
GVariant *master,
GkdSecretService *self)
{
GckBuilder builder = GCK_BUILDER_INIT;
GkdSecretSecret *secret = NULL;
GckAttributes *attrs = NULL;
GError *error = NULL;
gchar *path;
const gchar *caller;
if (!gkd_secret_property_parse_all (attributes, SECRET_COLLECTION_INTERFACE, &builder)) {
gck_builder_clear (&builder);
g_dbus_method_invocation_return_error_literal (invocation, G_DBUS_ERROR,
G_DBUS_ERROR_INVALID_ARGS,
"Invalid properties argument");
return TRUE;
}
caller = g_dbus_method_invocation_get_sender (invocation);
secret = gkd_secret_secret_parse (self,
caller,
master, &error);
if (secret == NULL) {
gck_builder_clear (&builder);
g_dbus_method_invocation_take_error (invocation, error);
return TRUE;
}
gck_builder_add_boolean (&builder, CKA_TOKEN, TRUE);
attrs = gck_attributes_ref_sink (gck_builder_end (&builder));
path = gkd_secret_create_with_secret (attrs, secret, &error);
gck_attributes_unref (attrs);
gkd_secret_secret_free (secret);
if (path == NULL) {
gkd_secret_propagate_error (invocation, "Couldn't create collection", error);
return TRUE;
}
/* Notify the callers that a collection was created */
g_message ("emit collection_Created");
gkd_secret_service_emit_collection_created (self, path);
gkd_exported_internal_complete_create_with_master_password
(skeleton, invocation, path);
g_free (path);
return TRUE;
}
static gboolean
service_method_set_alias (GkdExportedService *skeleton,
GDBusMethodInvocation *invocation,
gchar *alias,
gchar *path,
GkdSecretService *self)
{
GckObject *collection;
gchar *identifier;
if (!g_str_equal (alias, "default")) {
g_dbus_method_invocation_return_error_literal (invocation, G_DBUS_ERROR,
G_DBUS_ERROR_NOT_SUPPORTED,
"Only the 'default' alias is supported");
return TRUE;
}
/* No default collection */
if (g_str_equal (path, "/")) {
identifier = g_strdup ("");
/* Find a collection with that path */
} else {
if (!object_path_has_prefix (path, SECRET_COLLECTION_PREFIX) ||
!gkd_secret_util_parse_path (path, &identifier, NULL)) {
g_dbus_method_invocation_return_error_literal (invocation, G_DBUS_ERROR,
G_DBUS_ERROR_INVALID_ARGS,
"Invalid collection object path");
return TRUE;
}
collection = gkd_secret_objects_lookup_collection (self->objects,
g_dbus_method_invocation_get_sender (invocation),
path);
if (collection == NULL) {
g_free (identifier);
g_dbus_method_invocation_return_error_literal (invocation, GKD_SECRET_ERROR,
GKD_SECRET_ERROR_NO_SUCH_OBJECT,
"The collection does not exist");
return TRUE;
}
g_object_unref (collection);
}
gkd_secret_service_set_alias (self, alias, identifier);
g_free (identifier);
gkd_exported_service_complete_set_alias (skeleton, invocation);
return TRUE;
}
/**
* bus_installer_install_local_cb:
*/
static gboolean
bus_installer_install_local_cb (LiProxyManager *mgr_bus, GDBusMethodInvocation *context, const gchar *fname, LiHelperDaemon *helper)
{
GError *error = NULL;
LiInstaller *inst = NULL;
PolkitAuthorizationResult *pres = NULL;
PolkitSubject *subject;
const gchar *sender;
sender = g_dbus_method_invocation_get_sender (context);
subject = polkit_system_bus_name_new (sender);
pres = polkit_authority_check_authorization_sync (helper->authority,
subject,
"org.freedesktop.limba.install-package-local",
NULL,
POLKIT_CHECK_AUTHORIZATION_FLAGS_ALLOW_USER_INTERACTION,
NULL,
&error);
g_object_unref (subject);
if (error != NULL) {
g_dbus_method_invocation_take_error (context, error);
goto out;
}
if (!polkit_authorization_result_get_is_authorized (pres)) {
g_dbus_method_invocation_return_dbus_error (context, "org.freedesktop.Limba.Installer.Error.NotAuthorized",
"Authorization failed.");
goto out;
}
/* initialize our job, in case it is idling */
if (!li_daemon_init_job (helper, mgr_bus, context))
goto out;
/* do the thing */
li_daemon_job_run_install_local (helper->job, fname);
li_proxy_manager_complete_install_local (mgr_bus, context);
out:
if (inst != NULL)
g_object_unref (inst);
if (pres != NULL)
g_object_unref (pres);
li_daemon_reset_timer (helper);
return TRUE;
}
static gboolean
service_method_create_collection (GkdExportedService *skeleton,
GDBusMethodInvocation *invocation,
GVariant *properties,
gchar *alias,
GkdSecretService *self)
{
GckBuilder builder = GCK_BUILDER_INIT;
GckAttributes *attrs;
GkdSecretCreate *create;
const gchar *path;
const char *caller;
if (!gkd_secret_property_parse_all (properties, SECRET_COLLECTION_INTERFACE, &builder)) {
gck_builder_clear (&builder);
g_dbus_method_invocation_return_error_literal (invocation, G_DBUS_ERROR,
G_DBUS_ERROR_INVALID_ARGS,
"Invalid properties");
return TRUE;
}
/* Empty alias is no alias */
if (alias) {
if (!alias[0]) {
alias = NULL;
} else if (!g_str_equal (alias, "default")) {
gck_builder_clear (&builder);
g_dbus_method_invocation_return_error_literal (invocation, G_DBUS_ERROR,
G_DBUS_ERROR_NOT_SUPPORTED,
"Only the 'default' alias is supported");
return TRUE;
}
}
gck_builder_add_boolean (&builder, CKA_TOKEN, TRUE);
attrs = gck_attributes_ref_sink (gck_builder_end (&builder));
/* Create the prompt object, for the password */
caller = g_dbus_method_invocation_get_sender (invocation);
create = gkd_secret_create_new (self, caller, attrs, alias);
gck_attributes_unref (attrs);
path = gkd_secret_dispatch_get_object_path (GKD_SECRET_DISPATCH (create));
gkd_secret_service_publish_dispatch (self, caller,
GKD_SECRET_DISPATCH (create));
gkd_exported_service_complete_create_collection (skeleton, invocation,
"/", path);
return TRUE;
}
static InvocationClient *
invocation_client_lookup (GDBusMethodInvocation *invocation,
uid_t *uid_of_client,
GError **error)
{
InvocationClient *client;
const gchar *sender;
sender = g_dbus_method_invocation_get_sender (invocation);
g_return_val_if_fail (sender != NULL, NULL);
g_mutex_lock (&inv.mutex);
client = g_hash_table_lookup (inv.clients, sender);
if (client)
{
invocation_client_ref (client);
if (uid_of_client)
{
*uid_of_client = G_MAXUINT;
while (client->uid_state == UID_LOADING)
g_cond_wait (&inv.wait_cond, &inv.mutex);
switch (client->uid_state)
{
case UID_VALID:
*uid_of_client = client->uid_peer;
break;
case UID_FAILED:
g_set_error (error, UDISKS_ERROR, UDISKS_ERROR_FAILED,
"Cannot determine the unix credentials of the calling process");
break;
default:
g_assert_not_reached ();
break;
}
}
}
else
{
g_critical ("Invocation from invalid caller: %s", sender);
g_set_error (error, G_DBUS_ERROR, G_DBUS_ERROR_FAILED,
"Method call from unknown caller (internal error)");
}
g_mutex_unlock (&inv.mutex);
return client;
}
void cpc_tasks_get_props(cpc_task_t *task, cpc_pm_manager_t *pm_manager)
{
CPC_ERR_MANAGE;
GVariantBuilder *vb;
const gchar *pin_required_str;
cpc_props_t props;
const gchar *client_name =
g_dbus_method_invocation_get_sender(task->invocation);
CPC_FAIL(cpc_pm_manager_get_properties(pm_manager, task->path,
client_name, &props));
pin_required_str = props.pin_required ? "Yes" : "No";
CPC_LOGF("Pin Required %s", pin_required_str);
CPC_LOGF("Settings %s", props.settings);
CPC_LOGF("Sec Type %s", props.sec_type);
CPC_LOGF("Start Sessions with %s", props.start_sessions);
syslog(LOG_INFO, "GetProps (%s, %s, %s %s) succeeded.",
pin_required_str, props.settings, props.sec_type,
props.start_sessions);
vb = g_variant_builder_new(G_VARIANT_TYPE("a{ss}"));
g_variant_builder_add(vb, "{ss}", "PinRequired", pin_required_str);
g_variant_builder_add(vb, "{ss}", "Settings", props.settings);
g_variant_builder_add(vb, "{ss}", "SecType", props.sec_type);
g_variant_builder_add(vb, "{ss}", "StartSessionsWith",
props.start_sessions);
cpc_props_free(&props);
g_dbus_method_invocation_return_value(
task->invocation, g_variant_new("(@a{ss})",
g_variant_builder_end(vb)));
g_variant_builder_unref(vb);
task->invocation = NULL;
return;
CPC_ON_ERR:
CPC_LOGF("Failed to retrieve properties for %s err %u", task->path,
CPC_ERR);
syslog(LOG_INFO, "Failed to retrieve properties for %s err %u",
task->path, CPC_ERR);
g_dbus_method_invocation_return_dbus_error(
task->invocation, cpc_dbus_error_map(CPC_ERR), "");
task->invocation = NULL;
}
rsu_task_t *rsu_task_remove_uri_new(GDBusMethodInvocation *invocation,
const gchar *path,
GVariant *parameters)
{
rsu_task_t *task;
task = prv_device_task_new(RSU_TASK_REMOVE_URI, invocation, path, NULL);
g_variant_get(parameters, "(s)", &task->host_uri.uri);
g_strstrip(task->host_uri.uri);
task->host_uri.client = g_strdup(
g_dbus_method_invocation_get_sender(invocation));
return task;
}
gboolean
gkd_dbus_invocation_matches_caller (GDBusMethodInvocation *invocation,
const char *caller)
{
const char *invocation_caller;
invocation_caller = g_dbus_method_invocation_get_sender (invocation);
if (!g_str_equal (invocation_caller, caller)) {
g_dbus_method_invocation_return_error_literal (invocation, G_DBUS_ERROR,
G_DBUS_ERROR_ACCESS_DENIED,
"Invalid caller");
return FALSE;
}
return TRUE;
}
static gboolean
check_authorization_no_polkit (UDisksDaemon *daemon,
UDisksObject *object,
const gchar *action_id,
GVariant *options,
const gchar *message,
GDBusMethodInvocation *invocation)
{
gboolean ret = FALSE;
uid_t caller_uid = -1;
GError *error = NULL;
if (!udisks_daemon_util_get_caller_uid_sync (daemon,
invocation,
NULL, /* GCancellable* */
&caller_uid,
NULL, /* gid_t *out_gid */
NULL, /* gchar **out_user_name */
&error))
{
g_dbus_method_invocation_return_error (invocation,
UDISKS_ERROR,
UDISKS_ERROR_FAILED,
"Error getting uid for caller with bus name %s: %s (%s, %d)",
g_dbus_method_invocation_get_sender (invocation),
error->message, g_quark_to_string (error->domain), error->code);
g_clear_error (&error);
goto out;
}
/* only allow root */
if (caller_uid == 0)
{
ret = TRUE;
}
else
{
g_dbus_method_invocation_return_error_literal (invocation,
UDISKS_ERROR,
UDISKS_ERROR_NOT_AUTHORIZED,
"Not authorized to perform operation (polkit authority not available and caller is not uid 0)");
}
out:
return ret;
}
static GckObject *
secret_objects_lookup_gck_object_for_invocation (GkdSecretObjects *self,
GDBusMethodInvocation *invocation)
{
GError *error = NULL;
GckObject *object;
object = secret_objects_lookup_gck_object_for_path (self,
g_dbus_method_invocation_get_sender (invocation),
g_dbus_method_invocation_get_object_path (invocation),
&error);
if (!object)
g_dbus_method_invocation_take_error (invocation, error);
return object;
}
static void
authorize (MMAuthProvider *self,
GDBusMethodInvocation *invocation,
const gchar *authorization,
GCancellable *cancellable,
GAsyncReadyCallback callback,
gpointer user_data)
{
MMAuthProviderPolkit *polkit = MM_AUTH_PROVIDER_POLKIT (self);
AuthorizeContext *ctx;
/* When creating the object, we actually allowed errors when looking for the
* authority. If that is the case, we'll just forbid any incoming
* authentication request */
if (!polkit->priv->authority) {
g_simple_async_report_error_in_idle (G_OBJECT (self),
callback,
user_data,
MM_CORE_ERROR,
MM_CORE_ERROR_FAILED,
"PolicyKit authorization error: "
"'authority not found'");
return;
}
ctx = g_new (AuthorizeContext, 1);
ctx->self = g_object_ref (self);
ctx->invocation = g_object_ref (invocation);
ctx->authorization = g_strdup (authorization);
ctx->cancellable = cancellable ? g_object_ref (cancellable) : NULL;
ctx->result = g_simple_async_result_new (G_OBJECT (self),
callback,
user_data,
authorize);
ctx->subject = polkit_system_bus_name_new (g_dbus_method_invocation_get_sender (ctx->invocation));
polkit_authority_check_authorization (polkit->priv->authority,
ctx->subject,
authorization,
NULL, /* details */
POLKIT_CHECK_AUTHORIZATION_FLAGS_ALLOW_USER_INTERACTION,
ctx->cancellable,
(GAsyncReadyCallback)check_authorization_ready,
ctx);
}
static gboolean
service_method_lock_service (GkdExportedService *skeleton,
GDBusMethodInvocation *invocation,
GkdSecretService *self)
{
GError *error = NULL;
GckSession *session;
const char *caller;
caller = g_dbus_method_invocation_get_sender (invocation);
session = gkd_secret_service_get_pkcs11_session (self, caller);
g_return_val_if_fail (session != NULL, FALSE);
if (!gkd_secret_lock_all (session, &error))
g_dbus_method_invocation_take_error (invocation, error);
else
gkd_exported_service_complete_lock_service (skeleton, invocation);
return TRUE;
}
static DBusWatch *
make_dbus_watch (MetaDBusIdleMonitor *skeleton,
GDBusMethodInvocation *invocation,
MetaIdleMonitor *monitor)
{
DBusWatch *watch;
watch = g_slice_new (DBusWatch);
watch->dbus_monitor = g_object_ref (skeleton);
watch->monitor = g_object_ref (monitor);
watch->dbus_name = g_strdup (g_dbus_method_invocation_get_sender (invocation));
watch->name_watcher_id = g_bus_watch_name_on_connection (g_dbus_method_invocation_get_connection (invocation),
watch->dbus_name,
G_BUS_NAME_WATCHER_FLAGS_NONE,
NULL, /* appeared */
name_vanished_callback,
watch, NULL);
return watch;
}
static gboolean
handle_save_file (XdpFileChooser *object,
GDBusMethodInvocation *invocation,
const gchar *arg_parent_window,
const gchar *arg_title,
GVariant *arg_options)
{
Request *request = request_from_invocation (invocation);
const char *app_id = request->app_id;
const gchar *sender = g_dbus_method_invocation_get_sender (invocation);
g_autoptr(GError) error = NULL;
g_autofree char *impl_handle = NULL;
GVariantBuilder options;
g_variant_builder_init (&options, G_VARIANT_TYPE_VARDICT);
copy_options (arg_options, &options, save_file_options, G_N_ELEMENTS (save_file_options));
if (!xdp_impl_file_chooser_call_save_file_sync (impl,
sender, app_id,
arg_parent_window,
arg_title,
g_variant_builder_end (&options),
&impl_handle,
NULL, &error))
{
g_dbus_method_invocation_return_gerror (invocation, error);
return TRUE;
}
g_object_set_data_full (G_OBJECT (request), "impl-handle", g_strdup (impl_handle), g_free);
register_handle (impl_handle, request);
g_signal_connect (request, "handle-close", (GCallback)handle_close, request);
REQUEST_AUTOLOCK (request);
request_export (request, g_dbus_method_invocation_get_connection (invocation));
xdp_file_chooser_complete_open_file (object, invocation, request->id);
return TRUE;
}
static gboolean
authorize_method (Daemon *daemon,
GDBusMethodInvocation *invocation,
gboolean *out_is_authorized,
GCancellable *cancellable,
GError **error)
{
const char *sender = g_dbus_method_invocation_get_sender (invocation);
gs_unref_variant GVariant *reply = NULL;
guint32 uid = 42;
reply = g_dbus_proxy_call_sync (daemon->system_bus_proxy, "org.freedesktop.DBus.GetConnectionUnixUser",
g_variant_new ("(s)", sender), 0, -1,
cancellable, error);
if (reply == NULL)
return FALSE;
g_variant_get (reply, "(u)", &uid);
*out_is_authorized = (uid == 0 || auth_uid_is_wheel (uid));
return TRUE;
}
