void sys_log (GDBusMethodInvocation *context, const gchar *format, ...) { va_list args; gchar *msg; va_start (args, format); msg = g_strdup_vprintf (format, args); va_end (args); if (context) { PolkitSubject *subject; gchar *cmdline = NULL; gchar *id; GPid pid = 0; gint uid = -1; gchar *tmp; subject = polkit_system_bus_name_new (g_dbus_method_invocation_get_sender (context)); id = polkit_subject_to_string (subject); if (get_caller_pid (context, &pid)) { cmdline = get_cmdline_of_pid (pid); } else { pid = 0; cmdline = NULL; } if (cmdline != NULL) { if (get_caller_uid (context, &uid)) { tmp = g_strdup_printf ("request by %s [%s pid:%d uid:%d]: %s", id, cmdline, (int) pid, uid, msg); } else { tmp = g_strdup_printf ("request by %s [%s pid:%d]: %s", id, cmdline, (int) pid, msg); } } else { if (get_caller_uid (context, &uid) && pid != 0) { tmp = g_strdup_printf ("request by %s [pid:%d uid:%d]: %s", id, (int) pid, uid, msg); } else if (pid != 0) { tmp = g_strdup_printf ("request by %s [pid:%d]: %s", id, (int) pid, msg); } else { tmp = g_strdup_printf ("request by %s: %s", id, msg); } } g_free (msg); msg = tmp; g_free (id); g_free (cmdline); g_object_unref (subject); } syslog (LOG_NOTICE, "%s", msg); g_free (msg); }
TemporaryAuthorization::TemporaryAuthorization(PolkitTemporaryAuthorization *pkTemporaryAuthorization) : d(new Data) { g_type_init(); d->id = QString::fromUtf8(polkit_temporary_authorization_get_id(pkTemporaryAuthorization)); d->actionId = QString::fromUtf8(polkit_temporary_authorization_get_action_id(pkTemporaryAuthorization)); d->subject = Subject::fromString(polkit_subject_to_string(polkit_temporary_authorization_get_subject(pkTemporaryAuthorization))); d->timeObtained = QDateTime::fromTime_t(polkit_temporary_authorization_get_time_obtained(pkTemporaryAuthorization)); d->timeExpires = QDateTime::fromTime_t(polkit_temporary_authorization_get_time_expires(pkTemporaryAuthorization)); g_object_unref(pkTemporaryAuthorization); }
gpointer cockpit_polkit_agent_register (CockpitTransport *transport, GCancellable *cancellable) { PolkitAgentListener *listener = NULL; PolkitAuthority *authority = NULL; PolkitSubject *subject = NULL; GVariant *options; GLogLevelFlags fatal; GError *error = NULL; gpointer handle = NULL; guint handler = 0; gchar *string; authority = polkit_authority_get_sync (cancellable, &error); if (authority == NULL) { g_message ("couldn't get polkit authority: %s", error->message); goto out; } subject = polkit_unix_session_new_for_process_sync (getpid (), cancellable, &error); if (subject == NULL) { /* * This can happen if there's a race between the polkit request and closing of * Cockpit. So it's not unheard of. We can complain, but not too loudly. */ g_message ("couldn't create polkit session subject: %s", error->message); goto out; } listener = g_object_new (COCKPIT_TYPE_POLKIT_AGENT, "transport", transport, NULL); options = NULL; /* * HACK: Work around polkitagent warning: * * https://bugs.freedesktop.org/show_bug.cgi?id=78193 */ fatal = g_log_set_always_fatal (0); handler = g_log_set_handler (NULL, G_LOG_LEVEL_WARNING, cockpit_null_log_handler, NULL); handle = polkit_agent_listener_register_with_options (listener, POLKIT_AGENT_REGISTER_FLAGS_NONE, subject, NULL, options, cancellable, &error); g_log_set_always_fatal (fatal); g_log_remove_handler (NULL, handler); if (error != NULL) { if ((g_error_matches (error, POLKIT_ERROR, POLKIT_ERROR_FAILED) && error->message && strstr (error->message, "already exists")) || g_error_matches (error, G_DBUS_ERROR, G_DBUS_ERROR_SERVICE_UNKNOWN)) { g_debug ("couldn't register polkit agent: %s", error->message); } else { g_dbus_error_strip_remote_error (error); g_message ("couldn't register polkit authentication agent: %s", error->message); } goto out; } string = polkit_subject_to_string (subject); g_debug ("registered polkit authentication agent for subject: %s", string); g_free (string); out: if (subject) g_object_unref (subject); if (authority) g_object_unref (authority); if (listener) g_object_unref (listener); g_clear_error (&error); return handle; }
static void update_temporary_authorization_icon_real (void) { #if 0 GList *l; g_debug ("have %d tmp authorizations", g_list_length (current_temporary_authorizations)); for (l = current_temporary_authorizations; l != NULL; l = l->next) { PolkitTemporaryAuthorization *authz = POLKIT_TEMPORARY_AUTHORIZATION (l->data); g_debug ("have tmp authz for action %s (subject %s) with id %s (obtained %d, expires %d)", polkit_temporary_authorization_get_action_id (authz), polkit_subject_to_string (polkit_temporary_authorization_get_subject (authz)), polkit_temporary_authorization_get_id (authz), (gint) polkit_temporary_authorization_get_time_obtained (authz), (gint) polkit_temporary_authorization_get_time_expires (authz)); } #endif /* TODO: * * - we could do something fancy like displaying a window with the tmp authz * when the icon is clicked... * * - we could do some work using polkit_subject_exists() to ignore tmp authz * for subjects that no longer exists.. this is because temporary authorizations * are only valid for the subject that trigger the authentication dialog. * * Maybe the authority could do this, would probably involve some polling, but * it seems cleaner to do this server side. */ if (current_temporary_authorizations != NULL) { /* show icon */ if (status_icon == NULL) { status_icon = gtk_status_icon_new_from_stock (GTK_STOCK_DIALOG_AUTHENTICATION); gtk_status_icon_set_tooltip_text (status_icon, _("Click the icon to drop all elevated privileges")); g_signal_connect (status_icon, "activate", G_CALLBACK (on_status_icon_activate), NULL); g_signal_connect (status_icon, "popup-menu", G_CALLBACK (on_status_icon_popup_menu), NULL); } } else { /* hide icon */ if (status_icon != NULL) { gtk_status_icon_set_visible (status_icon, FALSE); g_object_unref (status_icon); status_icon = NULL; } } }