static char *
_fprint_device_check_for_username (FprintDevice *rdev,
DBusGMethodInvocation *context,
const char *username,
char **ret_sender,
GError **error)
{
DBusConnection *conn;
DBusError dbus_error;
char *sender;
unsigned long uid;
struct passwd *user;
char *client_username;
/* Get details about the current sender, and username/uid */
conn = dbus_g_connection_get_connection (fprintd_dbus_conn);
sender = dbus_g_method_get_sender (context);
dbus_error_init (&dbus_error);
uid = dbus_bus_get_unix_user (conn, sender, &dbus_error);
if (dbus_error_is_set(&dbus_error)) {
g_free (sender);
dbus_set_g_error (error, &dbus_error);
return NULL;
}
user = getpwuid (uid);
if (user == NULL) {
g_free (sender);
g_set_error(error, FPRINT_ERROR, FPRINT_ERROR_INTERNAL,
"Failed to get information about user UID %lu", uid);
return NULL;
}
client_username = g_strdup (user->pw_name);
/* The current user is usually allowed to access their
* own data, this should be followed by PolicyKit checks
* anyway */
if (username == NULL || *username == '\0' || g_str_equal (username, client_username)) {
if (ret_sender != NULL)
*ret_sender = sender;
else
g_free (sender);
return client_username;
}
/* If we're not allowed to set a different username,
* then fail */
if (_fprint_device_check_polkit_for_action (rdev, context, "net.reactivated.fprint.device.setusername", error) == FALSE) {
g_free (sender);
return NULL;
}
if (ret_sender != NULL)
*ret_sender = sender;
else
g_free (sender);
return g_strdup (username);
}
static char *
gconf_address_for_caller (GConfDefaults *mechanism,
DBusGMethodInvocation *context,
GError **gerror)
{
char *sender;
DBusConnection *conn;
uid_t uid;
struct passwd *pwd;
char *result;
DBusError error;
conn = dbus_g_connection_get_connection (mechanism->priv->system_bus_connection);
sender = dbus_g_method_get_sender (context);
dbus_error_init (&error);
uid = dbus_bus_get_unix_user (conn, sender, &error);
g_free (sender);
if (uid == (unsigned)-1) {
dbus_set_g_error (gerror, &error);
dbus_error_free (&error);
return NULL;
}
pwd = getpwuid (uid);
if (pwd == NULL) {
g_set_error (gerror,
0, 0,
"Failed to get passwd information for uid %d", uid);
return NULL;
}
result = g_strconcat ("xml:merged:", pwd->pw_dir, "/.gconf", NULL);
return result;
}
static long get_remote_uid(DBusMessage* call, const char** ppSender)
{
DBusError err;
dbus_error_init(&err);
const char* sender = dbus_message_get_sender(call);
if (ppSender)
*ppSender = sender;
long uid = dbus_bus_get_unix_user(g_dbus_conn, sender, &err);
if (dbus_error_is_set(&err))
{
dbus_error_free(&err);
error_msg("Can't determine remote uid, assuming 0");
return 0;
}
return uid;
}
gboolean
bm_auth_get_caller_uid (DBusGMethodInvocation *context,
BMDBusManager *dbus_mgr,
gulong *out_uid,
const char **out_error_desc)
{
DBusConnection *connection;
char *sender = NULL;
gboolean success = FALSE;
DBusError dbus_error;
g_return_val_if_fail (context != NULL, FALSE);
g_return_val_if_fail (dbus_mgr != NULL, FALSE);
g_return_val_if_fail (out_uid != NULL, FALSE);
*out_uid = G_MAXULONG;
sender = dbus_g_method_get_sender (context);
if (!sender) {
if (out_error_desc)
*out_error_desc = "Could not determine D-Bus requestor";
goto out;
}
connection = bm_dbus_manager_get_dbus_connection (dbus_mgr);
if (!connection) {
if (out_error_desc)
*out_error_desc = "Could not get the D-Bus system bus";
goto out;
}
dbus_error_init (&dbus_error);
/* FIXME: do this async */
*out_uid = dbus_bus_get_unix_user (connection, sender, &dbus_error);
if (dbus_error_is_set (&dbus_error)) {
if (out_error_desc)
*out_error_desc = "Could not determine the user ID of the requestor";
dbus_error_free (&dbus_error);
*out_uid = G_MAXULONG;
} else
success = TRUE;
out:
g_free (sender);
return success;
}
gboolean
bm_auth_uid_authorized (gulong uid,
BMDBusManager *dbus_mgr,
DBusGProxy *user_proxy,
const char **out_error_desc)
{
DBusConnection *connection;
DBusError dbus_error;
char *service_owner = NULL;
const char *service_name;
gulong service_uid = G_MAXULONG;
g_return_val_if_fail (dbus_mgr != NULL, FALSE);
g_return_val_if_fail (out_error_desc != NULL, FALSE);
/* Ensure the request to activate the user connection came from the
* same session as the user settings service. FIXME: use ConsoleKit
* too.
*/
if (!user_proxy) {
*out_error_desc = "No user settings service available";
return FALSE;
}
service_name = dbus_g_proxy_get_bus_name (user_proxy);
if (!service_name) {
*out_error_desc = "Could not determine user settings service name";
return FALSE;
}
connection = bm_dbus_manager_get_dbus_connection (dbus_mgr);
if (!connection) {
*out_error_desc = "Could not get the D-Bus system bus";
return FALSE;
}
service_owner = bm_dbus_manager_get_name_owner (dbus_mgr, service_name, NULL);
if (!service_owner) {
*out_error_desc = "Could not determine D-Bus owner of the user settings service";
return FALSE;
}
dbus_error_init (&dbus_error);
service_uid = dbus_bus_get_unix_user (connection, service_owner, &dbus_error);
g_free (service_owner);
if (dbus_error_is_set (&dbus_error)) {
dbus_error_free (&dbus_error);
*out_error_desc = "Could not determine the Unix UID of the sender of the request";
return FALSE;
}
/* And finally, the actual UID check */
if (uid != service_uid) {
*out_error_desc = "Requestor UID does not match the UID of the user settings service";
return FALSE;
}
return TRUE;
}
//! Check if sender is allowed to call method
int
policy_check(const char *sender, const char *action, PolKitResult *result)
{
/*!
*
* @sender Bus name of the sender
* @result PK result
* @return 0 on success, 1 on error
*/
DBusConnection *conn;
DBusError err;
PolKitContext *polkit_ctx;
PolKitCaller *polkit_clr;
PolKitAction *polkit_act;
PolKitError *perr;
int uid = -1;
*result = (PolKitResult) POLKIT_RESULT_NO;
dbus_error_init(&err);
conn = dbus_bus_get_private(DBUS_BUS_SYSTEM, &err);
if (dbus_error_is_set(&err)) {
log_error("Unable to open connection to query PolicyKit: %s\n", err.message);
dbus_error_free(&err);
return -1;
}
// If UID is 0, don't query PolicyKit
uid = dbus_bus_get_unix_user(conn, sender, &err);
if (dbus_error_is_set(&err)) {
log_error("Unable to get caller UID: %s\n", err.message);
dbus_error_free(&err);
return -1;
}
if (uid == 0) {
*result = (PolKitResult) POLKIT_RESULT_YES;
return 0;
}
polkit_ctx = polkit_context_new();
if (!polkit_context_init(polkit_ctx, &perr)) {
log_error("Unable to initialize PK context: %s\n", polkit_error_get_error_message(perr));
polkit_error_free(perr);
return -1;
}
polkit_clr = polkit_caller_new_from_dbus_name(conn, sender, &err);
if (dbus_error_is_set(&err)) {
log_error("Unable to get caller info: %s\n", err.message);
dbus_error_free(&err);
return -1;
}
if (!polkit_action_validate_id(action)) {
log_error("Unable to query PolicyKit, action is not valid: %s\n", action);
return -1;
}
polkit_act = polkit_action_new();
polkit_action_set_action_id(polkit_act, action);
*result = polkit_context_is_caller_authorized(polkit_ctx, polkit_act, polkit_clr, FALSE, &perr);
return 0;
}
static DBusHandlerResult session_message_dispatch(
Session *s,
DBusConnection *connection,
DBusMessage *message) {
const BusProperty properties[] = {
{ "org.freedesktop.login1.Session", "Id", bus_property_append_string, "s", s->id },
{ "org.freedesktop.login1.Session", "User", bus_session_append_user, "(uo)", s },
{ "org.freedesktop.login1.Session", "Name", bus_property_append_string, "s", s->user->name },
{ "org.freedesktop.login1.Session", "Timestamp", bus_property_append_usec, "t", &s->timestamp.realtime },
{ "org.freedesktop.login1.Session", "TimestampMonotonic", bus_property_append_usec, "t", &s->timestamp.monotonic },
{ "org.freedesktop.login1.Session", "ControlGroupPath", bus_property_append_string, "s", s->cgroup_path },
{ "org.freedesktop.login1.Session", "VTNr", bus_property_append_uint32, "u", &s->vtnr },
{ "org.freedesktop.login1.Session", "Seat", bus_session_append_seat, "(so)", s },
{ "org.freedesktop.login1.Session", "TTY", bus_property_append_string, "s", s->tty },
{ "org.freedesktop.login1.Session", "Display", bus_property_append_string, "s", s->display },
{ "org.freedesktop.login1.Session", "Remote", bus_property_append_bool, "b", &s->remote },
{ "org.freedesktop.login1.Session", "RemoteUser", bus_property_append_string, "s", s->remote_user },
{ "org.freedesktop.login1.Session", "RemoteHost", bus_property_append_string, "s", s->remote_host },
{ "org.freedesktop.login1.Session", "Service", bus_property_append_string, "s", s->service },
{ "org.freedesktop.login1.Session", "Leader", bus_property_append_pid, "u", &s->leader },
{ "org.freedesktop.login1.Session", "Audit", bus_property_append_uint32, "u", &s->audit_id },
{ "org.freedesktop.login1.Session", "Type", bus_session_append_type, "s", &s->type },
{ "org.freedesktop.login1.Session", "Active", bus_session_append_active, "b", s },
{ "org.freedesktop.login1.Session", "Controllers", bus_property_append_strv, "as", s->controllers },
{ "org.freedesktop.login1.Session", "ResetControllers", bus_property_append_strv, "as", s->reset_controllers },
{ "org.freedesktop.login1.Session", "KillProcesses", bus_property_append_bool, "b", &s->kill_processes },
{ "org.freedesktop.login1.Session", "IdleHint", bus_session_append_idle_hint, "b", s },
{ "org.freedesktop.login1.Session", "IdleSinceHint", bus_session_append_idle_hint_since, "t", s },
{ "org.freedesktop.login1.Session", "IdleSinceHintMonotonic", bus_session_append_idle_hint_since, "t", s },
{ NULL, NULL, NULL, NULL, NULL }
};
DBusError error;
DBusMessage *reply = NULL;
int r;
assert(s);
assert(connection);
assert(message);
dbus_error_init(&error);
if (dbus_message_is_method_call(message, "org.freedesktop.login1.Session", "Terminate")) {
r = session_stop(s);
if (r < 0)
return bus_send_error_reply(connection, message, NULL, r);
reply = dbus_message_new_method_return(message);
if (!reply)
goto oom;
} else if (dbus_message_is_method_call(message, "org.freedesktop.login1.Session", "Activate")) {
r = session_activate(s);
if (r < 0)
return bus_send_error_reply(connection, message, NULL, r);
reply = dbus_message_new_method_return(message);
if (!reply)
goto oom;
} else if (dbus_message_is_method_call(message, "org.freedesktop.login1.Session", "Lock") ||
dbus_message_is_method_call(message, "org.freedesktop.login1.Session", "Unlock")) {
if (session_send_signal(s, streq(dbus_message_get_member(message), "Lock")) < 0)
goto oom;
reply = dbus_message_new_method_return(message);
if (!reply)
goto oom;
} else if (dbus_message_is_method_call(message, "org.freedesktop.login1.Session", "SetIdleHint")) {
dbus_bool_t b;
unsigned long ul;
if (!dbus_message_get_args(
message,
&error,
DBUS_TYPE_BOOLEAN, &b,
DBUS_TYPE_INVALID))
return bus_send_error_reply(connection, message, &error, -EINVAL);
ul = dbus_bus_get_unix_user(connection, dbus_message_get_sender(message), &error);
if (ul == (unsigned long) -1)
return bus_send_error_reply(connection, message, &error, -EIO);
if (ul != 0 && ul != s->user->uid)
return bus_send_error_reply(connection, message, NULL, -EPERM);
session_set_idle_hint(s, b);
reply = dbus_message_new_method_return(message);
if (!reply)
goto oom;
} else if (dbus_message_is_method_call(message, "org.freedesktop.login1.Session", "Kill")) {
const char *swho;
int32_t signo;
KillWho who;
if (!dbus_message_get_args(
message,
&error,
DBUS_TYPE_STRING, &swho,
DBUS_TYPE_INT32, &signo,
DBUS_TYPE_INVALID))
return bus_send_error_reply(connection, message, &error, -EINVAL);
if (isempty(swho))
who = KILL_ALL;
else {
who = kill_who_from_string(swho);
if (who < 0)
return bus_send_error_reply(connection, message, &error, -EINVAL);
}
if (signo <= 0 || signo >= _NSIG)
return bus_send_error_reply(connection, message, &error, -EINVAL);
r = session_kill(s, who, signo);
if (r < 0)
return bus_send_error_reply(connection, message, NULL, r);
reply = dbus_message_new_method_return(message);
if (!reply)
goto oom;
} else
return bus_default_message_handler(connection, message, INTROSPECTION, INTERFACES_LIST, properties);
if (reply) {
if (!dbus_connection_send(connection, reply, NULL))
goto oom;
dbus_message_unref(reply);
}
return DBUS_HANDLER_RESULT_HANDLED;
oom:
if (reply)
dbus_message_unref(reply);
dbus_error_free(&error);
return DBUS_HANDLER_RESULT_NEED_MEMORY;
}
int verify_polkit(
DBusConnection *c,
DBusMessage *request,
const char *action,
bool interactive,
bool *_challenge,
DBusError *error) {
#ifdef ENABLE_POLKIT
DBusMessage *m = NULL, *reply = NULL;
const char *unix_process = "unix-process", *pid = "pid", *starttime = "start-time", *cancel_id = "";
uint32_t flags = interactive ? 1 : 0;
pid_t pid_raw;
uint32_t pid_u32;
unsigned long long starttime_raw;
uint64_t starttime_u64;
DBusMessageIter iter_msg, iter_struct, iter_array, iter_dict, iter_variant;
int r;
dbus_bool_t authorized = FALSE, challenge = FALSE;
#endif
const char *sender;
unsigned long ul;
assert(c);
assert(request);
sender = dbus_message_get_sender(request);
if (!sender)
return -EINVAL;
ul = dbus_bus_get_unix_user(c, sender, error);
if (ul == (unsigned long) -1)
return -EINVAL;
/* Shortcut things for root, to avoid the PK roundtrip and dependency */
if (ul == 0)
return 1;
#ifdef ENABLE_POLKIT
pid_raw = bus_get_unix_process_id(c, sender, error);
if (pid_raw == 0)
return -EINVAL;
r = get_starttime_of_pid(pid_raw, &starttime_raw);
if (r < 0)
return r;
m = dbus_message_new_method_call(
"org.freedesktop.PolicyKit1",
"/org/freedesktop/PolicyKit1/Authority",
"org.freedesktop.PolicyKit1.Authority",
"CheckAuthorization");
if (!m)
return -ENOMEM;
dbus_message_iter_init_append(m, &iter_msg);
pid_u32 = (uint32_t) pid_raw;
starttime_u64 = (uint64_t) starttime_raw;
if (!dbus_message_iter_open_container(&iter_msg, DBUS_TYPE_STRUCT, NULL, &iter_struct) ||
!dbus_message_iter_append_basic(&iter_struct, DBUS_TYPE_STRING, &unix_process) ||
!dbus_message_iter_open_container(&iter_struct, DBUS_TYPE_ARRAY, "{sv}", &iter_array) ||
!dbus_message_iter_open_container(&iter_array, DBUS_TYPE_DICT_ENTRY, NULL, &iter_dict) ||
!dbus_message_iter_append_basic(&iter_dict, DBUS_TYPE_STRING, &pid) ||
!dbus_message_iter_open_container(&iter_dict, DBUS_TYPE_VARIANT, "u", &iter_variant) ||
!dbus_message_iter_append_basic(&iter_variant, DBUS_TYPE_UINT32, &pid_u32) ||
!dbus_message_iter_close_container(&iter_dict, &iter_variant) ||
!dbus_message_iter_close_container(&iter_array, &iter_dict) ||
!dbus_message_iter_open_container(&iter_array, DBUS_TYPE_DICT_ENTRY, NULL, &iter_dict) ||
!dbus_message_iter_append_basic(&iter_dict, DBUS_TYPE_STRING, &starttime) ||
!dbus_message_iter_open_container(&iter_dict, DBUS_TYPE_VARIANT, "t", &iter_variant) ||
!dbus_message_iter_append_basic(&iter_variant, DBUS_TYPE_UINT64, &starttime_u64) ||
!dbus_message_iter_close_container(&iter_dict, &iter_variant) ||
!dbus_message_iter_close_container(&iter_array, &iter_dict) ||
!dbus_message_iter_close_container(&iter_struct, &iter_array) ||
!dbus_message_iter_close_container(&iter_msg, &iter_struct) ||
!dbus_message_iter_append_basic(&iter_msg, DBUS_TYPE_STRING, &action) ||
!dbus_message_iter_open_container(&iter_msg, DBUS_TYPE_ARRAY, "{ss}", &iter_array) ||
!dbus_message_iter_close_container(&iter_msg, &iter_array) ||
!dbus_message_iter_append_basic(&iter_msg, DBUS_TYPE_UINT32, &flags) ||
!dbus_message_iter_append_basic(&iter_msg, DBUS_TYPE_STRING, &cancel_id)) {
r = -ENOMEM;
goto finish;
}
reply = dbus_connection_send_with_reply_and_block(c, m, -1, error);
if (!reply) {
/* Treat no PK available as access denied */
if (dbus_error_has_name(error, DBUS_ERROR_SERVICE_UNKNOWN)) {
r = -EACCES;
dbus_error_free(error);
goto finish;
}
r = -EIO;
goto finish;
}
if (!dbus_message_iter_init(reply, &iter_msg) ||
dbus_message_iter_get_arg_type(&iter_msg) != DBUS_TYPE_STRUCT) {
r = -EIO;
goto finish;
}
dbus_message_iter_recurse(&iter_msg, &iter_struct);
if (dbus_message_iter_get_arg_type(&iter_struct) != DBUS_TYPE_BOOLEAN) {
r = -EIO;
goto finish;
}
dbus_message_iter_get_basic(&iter_struct, &authorized);
if (!dbus_message_iter_next(&iter_struct) ||
dbus_message_iter_get_arg_type(&iter_struct) != DBUS_TYPE_BOOLEAN) {
r = -EIO;
goto finish;
}
dbus_message_iter_get_basic(&iter_struct, &challenge);
if (authorized)
r = 1;
else if (_challenge) {
*_challenge = !!challenge;
r = 0;
} else
r = -EPERM;
finish:
if (m)
dbus_message_unref(m);
if (reply)
dbus_message_unref(reply);
return r;
#else
return -EPERM;
#endif
}
/**
* session_from_dbus:
* @parent: parent,
* @message: D-Bus message.
*
* Create a new session, based on the specified D-Bus message.
*
* Return new Session, or NULL on error.
**/
Session *
session_from_dbus (const void *parent,
NihDBusMessage *message)
{
const char *sender;
DBusError dbus_error;
unsigned long unix_user;
unsigned long unix_process_id;
char root[PATH_MAX];
Session *session;
struct passwd *pwd;
nih_local char *conf_path = NULL;
nih_assert (message != NULL);
/* Handle explicit command-line request and alternative request
* method (primarily for test framework) to disable session support.
*/
if (disable_sessions || getenv ("UPSTART_NO_SESSIONS"))
return NULL;
session_init ();
/* Ask D-Bus nicely for the origin uid and/or pid of the caller;
* sadly we can't ask the bus daemon for the origin pid, so that
* one will just have to stay user-session only.
*/
dbus_error_init (&dbus_error);
sender = dbus_message_get_sender (message->message);
if (sender) {
unix_user = dbus_bus_get_unix_user (message->connection, sender,
&dbus_error);
if (unix_user == (unsigned long)-1) {
dbus_error_free (&dbus_error);
unix_user = 0;
}
unix_process_id = 0;
} else {
if (! dbus_connection_get_unix_user (message->connection,
&unix_user))
unix_process_id = 0;
if (! dbus_connection_get_unix_process_id (message->connection,
&unix_process_id))
unix_process_id = 0;
}
/* If we retrieved a process id, look up the root path for it;
* if it's just '/' don't worry so much about it.
*/
if (unix_process_id) {
nih_local char *symlink = NULL;
ssize_t len;
symlink = NIH_MUST (nih_sprintf (NULL, "/proc/%lu/root",
unix_process_id));
len = readlink (symlink, root, sizeof root);
if (len < 0)
return NULL;
root[len] = '\0';
if (! strcmp (root, "/")) {
unix_process_id = 0;
if (! unix_user)
return NULL;
}
} else if (! unix_user) {
/* No process id or user id found, return the NULL session */
return NULL;
}
if (unix_user) {
pwd = getpwuid (unix_user);
if (! pwd || ! pwd->pw_dir) {
nih_error ("%lu: %s: %s", unix_user,
_("Unable to lookup home directory"),
strerror (errno));
return NULL;
}
NIH_MUST (nih_strcat_sprintf (&conf_path, NULL, "%s/%s",
pwd->pw_dir, USERCONFDIR));
}
/* Now find in the existing Sessions list */
NIH_LIST_FOREACH_SAFE (sessions, iter) {
Session *session = (Session *)iter;
if (unix_process_id) {
if (! session->chroot)
continue;
/* ignore sessions relating to other chroots */
if (strcmp (session->chroot, root))
continue;
}
/* ignore sessions relating to other users */
if (unix_user != session->user)
continue;
/* Found a user with the same uid but different
* conf_dir to the existing session user. Either the
* original user has been deleted and a new user created
* with the same uid, or the original users home
* directory has changed since they first started
* running jobs. Whatever the reason, we (can only) honour
* the new value.
*
* Since multiple users with the same uid are considered
* to be "the same user", invalidate the old path,
* allowing the correct new path to be set below.
*
* Note that there may be a possibility of trouble if
* the scenario relates to a deleted user and that original
* user still has jobs running. However, if that were the
* case, those jobs would likely fail anyway since they
* would have no working directory due to the original
* users home directory being deleted/changed/made inaccessible.
*/
if (unix_user && conf_path && session->conf_path &&
strcmp (conf_path, session->conf_path)) {
nih_free (session->conf_path);
session->conf_path = NULL;
}
if (! session->conf_path)
session_create_conf_source (session);
return session;
}
CICallerInfo *
ci_tracker_get_info (CITracker *cit, const char *system_bus_unique_name)
{
CICallerInfo *ci;
DBusError error;
#ifdef HAVE_CONKIT
DBusMessage *message;
DBusMessage *reply;
DBusMessageIter iter;
DBusMessageIter sub_iter;
char *dbus_session_name;
char *str;
int num_elems;
#endif /* HAVE_CONKIT */
ci = NULL;
if (system_bus_unique_name == NULL)
goto error;
if (!validate_bus_name (system_bus_unique_name))
goto error;
/*HAL_INFO (("========================="));
HAL_INFO (("Looking up CICallerInfo for system_bus_unique_name = %s", system_bus_unique_name));*/
ci = g_hash_table_lookup (cit->connection_name_to_caller_info,
system_bus_unique_name);
if (ci != NULL) {
/*HAL_INFO (("(using cached information)"));*/
goto got_caller_info;
}
/*HAL_INFO (("(retrieving info from system bus and ConsoleKit)"));*/
ci = caller_info_new ();
ci->system_bus_unique_name = g_strdup (system_bus_unique_name);
dbus_error_init (&error);
ci->uid = dbus_bus_get_unix_user (cit->dbus_connection, system_bus_unique_name, &error);
if (ci->uid == ((unsigned long) -1) || dbus_error_is_set (&error)) {
HAL_WARNING (("Could not get uid for connection: %s %s", error.name, error.message));
dbus_error_free (&error);
goto error;
}
#ifdef HAVE_CONKIT
message = dbus_message_new_method_call ("org.freedesktop.DBus",
"/org/freedesktop/DBus/Bus",
"org.freedesktop.DBus",
"GetConnectionUnixProcessID");
dbus_message_iter_init_append (message, &iter);
dbus_message_iter_append_basic (&iter, DBUS_TYPE_STRING, &system_bus_unique_name);
dbus_error_init (&error);
reply = dbus_connection_send_with_reply_and_block (cit->dbus_connection, message, -1, &error);
if (reply == NULL || dbus_error_is_set (&error)) {
HAL_WARNING (("Error doing GetConnectionUnixProcessID on Bus: %s: %s", error.name, error.message));
dbus_message_unref (message);
if (reply != NULL)
dbus_message_unref (reply);
dbus_error_free (&error);
goto error;
}
dbus_message_iter_init (reply, &iter);
dbus_message_iter_get_basic (&iter, &ci->pid);
dbus_message_unref (message);
dbus_message_unref (reply);
message = dbus_message_new_method_call ("org.freedesktop.DBus",
"/org/freedesktop/DBus/Bus",
"org.freedesktop.DBus",
"GetConnectionSELinuxSecurityContext");
dbus_message_iter_init_append (message, &iter);
dbus_message_iter_append_basic (&iter, DBUS_TYPE_STRING, &system_bus_unique_name);
reply = dbus_connection_send_with_reply_and_block (cit->dbus_connection, message, -1, &error);
/* SELinux might not be enabled */
if (dbus_error_is_set (&error) &&
strcmp (error.name, "org.freedesktop.DBus.Error.SELinuxSecurityContextUnknown") == 0) {
dbus_message_unref (message);
if (reply != NULL)
dbus_message_unref (reply);
dbus_error_init (&error);
} else if (reply == NULL || dbus_error_is_set (&error)) {
g_warning ("Error doing GetConnectionSELinuxSecurityContext on Bus: %s: %s", error.name, error.message);
dbus_message_unref (message);
if (reply != NULL)
dbus_message_unref (reply);
dbus_error_free (&error);
goto error;
} else {
/* TODO: verify signature */
dbus_message_iter_init (reply, &iter);
dbus_message_iter_recurse (&iter, &sub_iter);
dbus_message_iter_get_fixed_array (&sub_iter, (void *) &str, &num_elems);
if (str != NULL && num_elems > 0)
ci->selinux_context = g_strndup (str, num_elems);
dbus_message_unref (message);
dbus_message_unref (reply);
}
message = dbus_message_new_method_call ("org.freedesktop.ConsoleKit",
"/org/freedesktop/ConsoleKit/Manager",
"org.freedesktop.ConsoleKit.Manager",
"GetSessionForUnixProcess");
dbus_message_iter_init_append (message, &iter);
dbus_message_iter_append_basic (&iter, DBUS_TYPE_UINT32, &ci->pid);
dbus_error_init (&error);
reply = dbus_connection_send_with_reply_and_block (cit->dbus_connection, message, -1, &error);
if (reply == NULL || dbus_error_is_set (&error)) {
HAL_WARNING (("Error doing GetSessionForUnixProcess on ConsoleKit: %s: %s", error.name, error.message));
dbus_message_unref (message);
if (reply != NULL)
dbus_message_unref (reply);
/* OK, this is not a catastrophe; just means the caller is not a member of any session.. */
dbus_error_free (&error);
goto store_caller_info;
}
dbus_message_iter_init (reply, &iter);
dbus_message_iter_get_basic (&iter, &dbus_session_name);
ci->session_objpath = g_strdup (dbus_session_name);
dbus_message_unref (message);
dbus_message_unref (reply);
message = dbus_message_new_method_call ("org.freedesktop.ConsoleKit",
ci->session_objpath,
"org.freedesktop.ConsoleKit.Session",
"IsActive");
dbus_error_init (&error);
reply = dbus_connection_send_with_reply_and_block (cit->dbus_connection, message, -1, &error);
if (reply == NULL || dbus_error_is_set (&error)) {
HAL_WARNING (("Error doing IsActive on ConsoleKit: %s: %s", error.name, error.message));
dbus_message_unref (message);
if (reply != NULL)
dbus_message_unref (reply);
dbus_error_free (&error);
goto error;
}
dbus_message_iter_init (reply, &iter);
dbus_message_iter_get_basic (&iter, &ci->in_active_session);
dbus_message_unref (message);
dbus_message_unref (reply);
message = dbus_message_new_method_call ("org.freedesktop.ConsoleKit",
ci->session_objpath,
"org.freedesktop.ConsoleKit.Session",
"IsLocal");
dbus_error_init (&error);
reply = dbus_connection_send_with_reply_and_block (cit->dbus_connection, message, -1, &error);
if (reply == NULL || dbus_error_is_set (&error)) {
HAL_WARNING (("Error doing IsLocal on ConsoleKit: %s: %s", error.name, error.message));
dbus_message_unref (message);
if (reply != NULL)
dbus_message_unref (reply);
dbus_error_free (&error);
goto error;
}
dbus_message_iter_init (reply, &iter);
dbus_message_iter_get_basic (&iter, &ci->is_local);
dbus_message_unref (message);
dbus_message_unref (reply);
store_caller_info:
#endif /* HAVE_CONKIT */
g_hash_table_insert (cit->connection_name_to_caller_info,
ci->system_bus_unique_name,
ci);
got_caller_info:
/*HAL_INFO (("system_bus_unique_name = %s", ci->system_bus_unique_name));
HAL_INFO (("uid = %d", ci->uid));
HAL_INFO (("pid = %d", ci->pid));
if (ci->session_objpath != NULL) {
HAL_INFO (("session_objpath = %s", ci->session_objpath));
HAL_INFO (("in_active_session = %d", ci->in_active_session));
} else {
HAL_INFO ((" (Caller is not in any session)"));
}
HAL_INFO ((" (keeping CICallerInfo for %d connections)",
g_hash_table_size (cit->connection_name_to_caller_info)));
HAL_INFO (("========================="));*/
return ci;
error:
/*HAL_INFO (("========================="));*/
if (ci != NULL)
caller_info_free (ci);
return NULL;
}
