static gboolean
check_polkit_for_action (GConfDefaults *mechanism,
DBusGMethodInvocation *context,
const char *action)
{
const char *sender;
GError *error;
DBusError dbus_error;
PolKitCaller *pk_caller;
PolKitAction *pk_action;
PolKitResult pk_result;
error = NULL;
/* Check that caller is privileged */
sender = dbus_g_method_get_sender (context);
dbus_error_init (&dbus_error);
pk_caller = polkit_caller_new_from_dbus_name (
dbus_g_connection_get_connection (mechanism->priv->system_bus_connection),
sender,
&dbus_error);
if (pk_caller == NULL) {
error = g_error_new (GCONF_DEFAULTS_ERROR,
GCONF_DEFAULTS_ERROR_GENERAL,
"Error getting information about caller: %s: %s",
dbus_error.name, dbus_error.message);
dbus_error_free (&dbus_error);
dbus_g_method_return_error (context, error);
g_error_free (error);
return FALSE;
}
pk_action = polkit_action_new ();
polkit_action_set_action_id (pk_action, action);
pk_result = polkit_context_is_caller_authorized (mechanism->priv->pol_ctx, pk_action, pk_caller, TRUE, NULL);
polkit_caller_unref (pk_caller);
if (pk_result != POLKIT_RESULT_YES) {
dbus_error_init (&dbus_error);
polkit_dbus_error_generate (pk_action, pk_result, &dbus_error);
dbus_set_g_error (&error, &dbus_error);
dbus_g_method_return_error (context, error);
dbus_error_free (&dbus_error);
g_error_free (error);
polkit_action_unref (pk_action);
return FALSE;
}
polkit_action_unref (pk_action);
return TRUE;
}
static gboolean
_check_polkit_for_action (GnomeClockAppletMechanism *mechanism, DBusGMethodInvocation *context, const char *action)
{
const char *sender;
GError *error;
DBusError dbus_error;
PolKitCaller *pk_caller;
PolKitAction *pk_action;
PolKitResult pk_result;
error = NULL;
/* Check that caller is privileged */
sender = dbus_g_method_get_sender (context);
dbus_error_init (&dbus_error);
pk_caller = polkit_caller_new_from_dbus_name (
dbus_g_connection_get_connection (mechanism->priv->system_bus_connection),
sender,
&dbus_error);
if (pk_caller == NULL) {
error = g_error_new (GNOME_CLOCK_APPLET_MECHANISM_ERROR,
GNOME_CLOCK_APPLET_MECHANISM_ERROR_GENERAL,
"Error getting information about caller: %s: %s",
dbus_error.name, dbus_error.message);
dbus_error_free (&dbus_error);
dbus_g_method_return_error (context, error);
g_error_free (error);
return FALSE;
}
pk_action = polkit_action_new ();
polkit_action_set_action_id (pk_action, action);
pk_result = polkit_context_can_caller_do_action (mechanism->priv->pol_ctx, pk_action, pk_caller);
polkit_caller_unref (pk_caller);
polkit_action_unref (pk_action);
if (pk_result != POLKIT_RESULT_YES) {
error = g_error_new (GNOME_CLOCK_APPLET_MECHANISM_ERROR,
GNOME_CLOCK_APPLET_MECHANISM_ERROR_NOT_PRIVILEGED,
"%s %s <-- (action, result)",
action,
polkit_result_to_string_representation (pk_result));
dbus_error_free (&dbus_error);
dbus_g_method_return_error (context, error);
g_error_free (error);
return FALSE;
}
return TRUE;
}
//! Check if sender is allowed to call method
int
policy_check(const char *sender, const char *action, PolKitResult *result)
{
/*!
*
* @sender Bus name of the sender
* @result PK result
* @return 0 on success, 1 on error
*/
DBusConnection *conn;
DBusError err;
PolKitContext *polkit_ctx;
PolKitCaller *polkit_clr;
PolKitAction *polkit_act;
PolKitError *perr;
int uid = -1;
*result = (PolKitResult) POLKIT_RESULT_NO;
dbus_error_init(&err);
conn = dbus_bus_get_private(DBUS_BUS_SYSTEM, &err);
if (dbus_error_is_set(&err)) {
log_error("Unable to open connection to query PolicyKit: %s\n", err.message);
dbus_error_free(&err);
return -1;
}
// If UID is 0, don't query PolicyKit
uid = dbus_bus_get_unix_user(conn, sender, &err);
if (dbus_error_is_set(&err)) {
log_error("Unable to get caller UID: %s\n", err.message);
dbus_error_free(&err);
return -1;
}
if (uid == 0) {
*result = (PolKitResult) POLKIT_RESULT_YES;
return 0;
}
polkit_ctx = polkit_context_new();
if (!polkit_context_init(polkit_ctx, &perr)) {
log_error("Unable to initialize PK context: %s\n", polkit_error_get_error_message(perr));
polkit_error_free(perr);
return -1;
}
polkit_clr = polkit_caller_new_from_dbus_name(conn, sender, &err);
if (dbus_error_is_set(&err)) {
log_error("Unable to get caller info: %s\n", err.message);
dbus_error_free(&err);
return -1;
}
if (!polkit_action_validate_id(action)) {
log_error("Unable to query PolicyKit, action is not valid: %s\n", action);
return -1;
}
polkit_act = polkit_action_new();
polkit_action_set_action_id(polkit_act, action);
*result = polkit_context_is_caller_authorized(polkit_ctx, polkit_act, polkit_clr, FALSE, &perr);
return 0;
}
