void
sys_log (GDBusMethodInvocation *context,
const gchar *format,
...)
{
va_list args;
gchar *msg;
va_start (args, format);
msg = g_strdup_vprintf (format, args);
va_end (args);
if (context) {
PolkitSubject *subject;
gchar *cmdline = NULL;
gchar *id;
GPid pid = 0;
gint uid = -1;
gchar *tmp;
subject = polkit_system_bus_name_new (g_dbus_method_invocation_get_sender (context));
id = polkit_subject_to_string (subject);
if (get_caller_pid (context, &pid)) {
cmdline = get_cmdline_of_pid (pid);
} else {
pid = 0;
cmdline = NULL;
}
if (cmdline != NULL) {
if (get_caller_uid (context, &uid)) {
tmp = g_strdup_printf ("request by %s [%s pid:%d uid:%d]: %s", id, cmdline, (int) pid, uid, msg);
} else {
tmp = g_strdup_printf ("request by %s [%s pid:%d]: %s", id, cmdline, (int) pid, msg);
}
} else {
if (get_caller_uid (context, &uid) && pid != 0) {
tmp = g_strdup_printf ("request by %s [pid:%d uid:%d]: %s", id, (int) pid, uid, msg);
} else if (pid != 0) {
tmp = g_strdup_printf ("request by %s [pid:%d]: %s", id, (int) pid, msg);
} else {
tmp = g_strdup_printf ("request by %s: %s", id, msg);
}
}
g_free (msg);
msg = tmp;
g_free (id);
g_free (cmdline);
g_object_unref (subject);
}
syslog (LOG_NOTICE, "%s", msg);
g_free (msg);
}
TemporaryAuthorization::TemporaryAuthorization(PolkitTemporaryAuthorization *pkTemporaryAuthorization)
: d(new Data)
{
g_type_init();
d->id = QString::fromUtf8(polkit_temporary_authorization_get_id(pkTemporaryAuthorization));
d->actionId = QString::fromUtf8(polkit_temporary_authorization_get_action_id(pkTemporaryAuthorization));
d->subject = Subject::fromString(polkit_subject_to_string(polkit_temporary_authorization_get_subject(pkTemporaryAuthorization)));
d->timeObtained = QDateTime::fromTime_t(polkit_temporary_authorization_get_time_obtained(pkTemporaryAuthorization));
d->timeExpires = QDateTime::fromTime_t(polkit_temporary_authorization_get_time_expires(pkTemporaryAuthorization));
g_object_unref(pkTemporaryAuthorization);
}
gpointer
cockpit_polkit_agent_register (CockpitTransport *transport,
GCancellable *cancellable)
{
PolkitAgentListener *listener = NULL;
PolkitAuthority *authority = NULL;
PolkitSubject *subject = NULL;
GVariant *options;
GLogLevelFlags fatal;
GError *error = NULL;
gpointer handle = NULL;
guint handler = 0;
gchar *string;
authority = polkit_authority_get_sync (cancellable, &error);
if (authority == NULL)
{
g_message ("couldn't get polkit authority: %s", error->message);
goto out;
}
subject = polkit_unix_session_new_for_process_sync (getpid (), cancellable, &error);
if (subject == NULL)
{
/*
* This can happen if there's a race between the polkit request and closing of
* Cockpit. So it's not unheard of. We can complain, but not too loudly.
*/
g_message ("couldn't create polkit session subject: %s", error->message);
goto out;
}
listener = g_object_new (COCKPIT_TYPE_POLKIT_AGENT,
"transport", transport,
NULL);
options = NULL;
/*
* HACK: Work around polkitagent warning:
*
* https://bugs.freedesktop.org/show_bug.cgi?id=78193
*/
fatal = g_log_set_always_fatal (0);
handler = g_log_set_handler (NULL, G_LOG_LEVEL_WARNING, cockpit_null_log_handler, NULL);
handle = polkit_agent_listener_register_with_options (listener,
POLKIT_AGENT_REGISTER_FLAGS_NONE,
subject, NULL, options, cancellable, &error);
g_log_set_always_fatal (fatal);
g_log_remove_handler (NULL, handler);
if (error != NULL)
{
if ((g_error_matches (error, POLKIT_ERROR, POLKIT_ERROR_FAILED) &&
error->message && strstr (error->message, "already exists")) ||
g_error_matches (error, G_DBUS_ERROR, G_DBUS_ERROR_SERVICE_UNKNOWN))
{
g_debug ("couldn't register polkit agent: %s", error->message);
}
else
{
g_dbus_error_strip_remote_error (error);
g_message ("couldn't register polkit authentication agent: %s", error->message);
}
goto out;
}
string = polkit_subject_to_string (subject);
g_debug ("registered polkit authentication agent for subject: %s", string);
g_free (string);
out:
if (subject)
g_object_unref (subject);
if (authority)
g_object_unref (authority);
if (listener)
g_object_unref (listener);
g_clear_error (&error);
return handle;
}
static void
update_temporary_authorization_icon_real (void)
{
#if 0
GList *l;
g_debug ("have %d tmp authorizations", g_list_length (current_temporary_authorizations));
for (l = current_temporary_authorizations; l != NULL; l = l->next)
{
PolkitTemporaryAuthorization *authz = POLKIT_TEMPORARY_AUTHORIZATION (l->data);
g_debug ("have tmp authz for action %s (subject %s) with id %s (obtained %d, expires %d)",
polkit_temporary_authorization_get_action_id (authz),
polkit_subject_to_string (polkit_temporary_authorization_get_subject (authz)),
polkit_temporary_authorization_get_id (authz),
(gint) polkit_temporary_authorization_get_time_obtained (authz),
(gint) polkit_temporary_authorization_get_time_expires (authz));
}
#endif
/* TODO:
*
* - we could do something fancy like displaying a window with the tmp authz
* when the icon is clicked...
*
* - we could do some work using polkit_subject_exists() to ignore tmp authz
* for subjects that no longer exists.. this is because temporary authorizations
* are only valid for the subject that trigger the authentication dialog.
*
* Maybe the authority could do this, would probably involve some polling, but
* it seems cleaner to do this server side.
*/
if (current_temporary_authorizations != NULL)
{
/* show icon */
if (status_icon == NULL)
{
status_icon = gtk_status_icon_new_from_stock (GTK_STOCK_DIALOG_AUTHENTICATION);
gtk_status_icon_set_tooltip_text (status_icon,
_("Click the icon to drop all elevated privileges"));
g_signal_connect (status_icon,
"activate",
G_CALLBACK (on_status_icon_activate),
NULL);
g_signal_connect (status_icon,
"popup-menu",
G_CALLBACK (on_status_icon_popup_menu),
NULL);
}
}
else
{
/* hide icon */
if (status_icon != NULL)
{
gtk_status_icon_set_visible (status_icon, FALSE);
g_object_unref (status_icon);
status_icon = NULL;
}
}
}
