static void
pk_auth_cb (GObject *object, GAsyncResult *result, gpointer user_data)
{
MMAuthRequestPolkit *self = user_data;
MMAuthRequestPolkitPrivate *priv;
PolkitAuthorizationResult *pk_result;
GError *error = NULL;
g_return_if_fail (self != NULL);
g_return_if_fail (MM_IS_AUTH_REQUEST_POLKIT (self));
priv = MM_AUTH_REQUEST_POLKIT_GET_PRIVATE (self);
if (!g_cancellable_is_cancelled (priv->cancellable)) {
pk_result = polkit_authority_check_authorization_finish (priv->authority,
result,
&error);
if (error) {
mm_auth_request_set_result (MM_AUTH_REQUEST (self), MM_AUTH_RESULT_INTERNAL_FAILURE);
g_warning ("%s: PolicyKit authentication error: (%d) %s",
__func__,
error ? error->code : -1,
error && error->message ? error->message : "(unknown)");
} else if (polkit_authorization_result_get_is_authorized (pk_result))
mm_auth_request_set_result (MM_AUTH_REQUEST (self), MM_AUTH_RESULT_AUTHORIZED);
else if (polkit_authorization_result_get_is_challenge (pk_result))
mm_auth_request_set_result (MM_AUTH_REQUEST (self), MM_AUTH_RESULT_CHALLENGE);
else
mm_auth_request_set_result (MM_AUTH_REQUEST (self), MM_AUTH_RESULT_NOT_AUTHORIZED);
g_signal_emit_by_name (self, "result");
}
g_object_unref (self);
}
static void
pk_call_cb (GObject *object, GAsyncResult *result, gpointer user_data)
{
PolkitCall *call = user_data;
BMAuthChain *chain;
PolkitAuthorizationResult *pk_result;
GError *error = NULL;
guint call_result = BM_AUTH_CALL_RESULT_UNKNOWN;
/* If the call is already disposed do nothing */
if (call->disposed) {
polkit_call_free (call);
return;
}
chain = call->chain;
chain->calls = g_slist_remove (chain->calls, call);
pk_result = polkit_authority_check_authorization_finish (chain->authority,
result,
&error);
if (error) {
if (!chain->error)
chain->error = g_error_copy (error);
bm_log_warn (LOGD_CORE, "error requesting auth for %s: (%d) %s",
call->permission,
error ? error->code : -1,
error && error->message ? error->message : "(unknown)");
} else {
if (polkit_authorization_result_get_is_authorized (pk_result)) {
/* Caller has the permission */
call_result = BM_AUTH_CALL_RESULT_YES;
} else if (polkit_authorization_result_get_is_challenge (pk_result)) {
/* Caller could authenticate to get the permission */
call_result = BM_AUTH_CALL_RESULT_AUTH;
} else
call_result = BM_AUTH_CALL_RESULT_NO;
}
chain->call_func (chain, call->permission, error, call_result, chain->user_data);
bm_auth_chain_check_done (chain);
g_clear_error (&error);
polkit_call_free (call);
if (pk_result)
g_object_unref (pk_result);
}
static void check_authorization_cb(PolkitAuthority *authority,
GAsyncResult *res, gpointer data)
{
PolkitAuthorizationResult *result;
GError *err = NULL;
struct stat stat_buf;
g_clear_object(&polkit_cancellable);
result = polkit_authority_check_authorization_finish(authority, res, &err);
if (err) {
FATAL_ERROR("PoliciKit error: %s\n", err->message);
g_error_free(err);
return;
}
if (polkit_authorization_result_get_dismissed(result)) {
ERROR("CANCELED\n");
return;
}
if (!polkit_authorization_result_get_is_authorized(result)) {
ERROR("Not authorized\n");
return;
}
snprintf(path, PATH_MAX, "/dev/bus/usb/%03d/%03d", busnum, devnum);
if (stat(path, &stat_buf) != 0) {
FATAL_ERROR("statting %s: %s\n", path, strerror(errno));
return;
}
if (!S_ISCHR(stat_buf.st_mode)) {
FATAL_ERROR("%s is not a character device\n", path);
return;
}
if (set_facl(path, getuid(), 1)) {
FATAL_ERROR("setting facl: %s\n", strerror(errno));
return;
}
fprintf(stdout, "SUCCESS\n");
fflush(stdout);
state = STATE_WAITING_FOR_STDIN_EOF;
}
static void
check_authorization_ready (PolkitAuthority *authority,
GAsyncResult *res,
AuthorizeContext *ctx)
{
PolkitAuthorizationResult *pk_result;
GError *error = NULL;
if (g_cancellable_is_cancelled (ctx->cancellable)) {
g_simple_async_result_set_error (ctx->result,
MM_CORE_ERROR,
MM_CORE_ERROR_CANCELLED,
"PolicyKit authorization attempt cancelled");
authorize_context_complete_and_free (ctx);
return;
}
pk_result = polkit_authority_check_authorization_finish (authority, res, &error);
if (!pk_result) {
g_simple_async_result_set_error (ctx->result,
MM_CORE_ERROR,
MM_CORE_ERROR_FAILED,
"PolicyKit authorization failed: '%s'",
error->message);
g_error_free (error);
} else {
if (polkit_authorization_result_get_is_authorized (pk_result))
/* Good! */
g_simple_async_result_set_op_res_gboolean (ctx->result, TRUE);
else if (polkit_authorization_result_get_is_challenge (pk_result))
g_simple_async_result_set_error (ctx->result,
MM_CORE_ERROR,
MM_CORE_ERROR_UNAUTHORIZED,
"PolicyKit authorization failed: challenge needed for '%s'",
ctx->authorization);
else
g_simple_async_result_set_error (ctx->result,
MM_CORE_ERROR,
MM_CORE_ERROR_UNAUTHORIZED,
"PolicyKit authorization failed: not authorized for '%s'",
ctx->authorization);
g_object_unref (pk_result);
}
authorize_context_complete_and_free (ctx);
}
static void
pk_call_cb (GObject *object, GAsyncResult *result, gpointer user_data)
{
AuthCall *call = user_data;
PolkitAuthorizationResult *pk_result;
GError *error = NULL;
pk_result = polkit_authority_check_authorization_finish ((PolkitAuthority *) object, result, &error);
/* If the call is already canceled do nothing */
if (!call->cancellable) {
g_clear_error (&error);
g_clear_object (&pk_result);
auth_call_free (call);
return;
}
if (error) {
if (!call->chain->error)
call->chain->error = g_error_copy (error);
nm_log_warn (LOGD_CORE, "error requesting auth for %s: (%d) %s",
call->permission, error->code, error->message);
g_clear_error (&error);
} else {
guint call_result = NM_AUTH_CALL_RESULT_UNKNOWN;
if (polkit_authorization_result_get_is_authorized (pk_result)) {
/* Caller has the permission */
call_result = NM_AUTH_CALL_RESULT_YES;
} else if (polkit_authorization_result_get_is_challenge (pk_result)) {
/* Caller could authenticate to get the permission */
call_result = NM_AUTH_CALL_RESULT_AUTH;
} else
call_result = NM_AUTH_CALL_RESULT_NO;
nm_auth_chain_set_data (call->chain, call->permission, GUINT_TO_POINTER (call_result), NULL);
g_object_unref (pk_result);
}
auth_call_complete (call);
}
static void
check_auth_cb (PolkitAuthority *authority,
GAsyncResult *res,
gpointer data)
{
CheckAuthData *cad = data;
PolkitAuthorizationResult *result;
GError *error;
gboolean is_authorized;
is_authorized = FALSE;
error = NULL;
result = polkit_authority_check_authorization_finish (authority, res, &error);
if (error) {
throw_error (cad->context, ERROR_PERMISSION_DENIED, "Not authorized: %s", error->message);
g_error_free (error);
}
else {
if (polkit_authorization_result_get_is_authorized (result)) {
is_authorized = TRUE;
}
else if (polkit_authorization_result_get_is_challenge (result)) {
throw_error (cad->context, ERROR_PERMISSION_DENIED, "Authentication is required");
}
else {
throw_error (cad->context, ERROR_PERMISSION_DENIED, "Not authorized");
}
g_object_unref (result);
}
if (is_authorized) {
(* cad->authorized_cb) (cad->daemon,
cad->user,
cad->context,
cad->data);
}
check_auth_data_free (data);
}
static void
check_authorization_cb (PolkitAuthority *authority,
GAsyncResult *res,
gpointer user_data)
{
GMainLoop *loop = user_data;
PolkitAuthorizationResult *result;
GError *error;
error = NULL;
result = polkit_authority_check_authorization_finish (authority, res, &error);
if (error != NULL)
{
g_print ("Error checking authorization: %s\n", error->message);
g_error_free (error);
}
else
{
const gchar *result_str;
if (polkit_authorization_result_get_is_authorized (result))
{
result_str = "authorized";
}
else if (polkit_authorization_result_get_is_challenge (result))
{
result_str = "challenge";
}
else
{
result_str = "not authorized";
}
g_print ("Authorization result: %s\n", result_str);
}
g_print ("Authorization check has been cancelled and the dialog should now be hidden.\n"
"This process will exit in ten seconds.\n");
g_timeout_add (10000, on_tensec_timeout, loop);
}
static void
check_authorization_callback (PolkitAuthority *authority,
GAsyncResult *res,
gpointer user_data)
{
CheckAuthData *data = user_data;
PolkitAuthorizationResult *result;
GError *error;
gboolean is_authorized;
is_authorized = FALSE;
error = NULL;
result = polkit_authority_check_authorization_finish (authority,
res,
&error);
if (error != NULL) {
g_debug ("error checking action '%s'\n", error->message);
throw_error (data->context,
GCONF_DEFAULTS_ERROR_NOT_PRIVILEGED,
"Not Authorized: %s", error->message);
g_error_free (error);
}
else {
if (polkit_authorization_result_get_is_authorized (result)) {
g_debug ("result for '%s': authorized\n",
data->actions[data->id]);
is_authorized = TRUE;
}
else if (polkit_authorization_result_get_is_challenge (result)) {
g_debug ("result for '%s': challenge\n",
data->actions[data->id]);
throw_error (data->context,
GCONF_DEFAULTS_ERROR_NOT_PRIVILEGED,
"Authorization is required");
}
else {
g_debug ("result for '%s': not authorized\n",
data->actions[data->id]);
throw_error (data->context,
GCONF_DEFAULTS_ERROR_NOT_PRIVILEGED,
"Not Authorized");
}
}
if (is_authorized) {
data->id++;
if (data->actions[data->id] == NULL)
data->auth_obtained_callback (data->mechanism,
data->context,
data->user_data);
else {
check_next_action (data);
return; /* continue operation */
}
}
check_auth_data_free (data);
g_object_unref (result);
stop_operation ();
}
