/**
* nm_polkit_listener_new:
* @for_session: %TRUE for registering the polkit agent for the user session,
* %FALSE for registering it for the running process
* @error: location to store error, or %NULL
*
* Creates a new #NMPolkitListener and registers it as a polkit agent.
*
* Returns: a new #NMPolkitListener
*/
PolkitAgentListener *
nm_polkit_listener_new (gboolean for_session, GError **error)
{
PolkitAgentListener *listener;
PolkitSubject* session;
NMPolkitListenerPrivate *priv;
g_return_val_if_fail (error == NULL || *error == NULL, NULL);
listener = g_object_new (NM_TYPE_POLKIT_LISTENER, NULL);
priv = NM_POLKIT_LISTENER_GET_PRIVATE (listener);
if (for_session) {
session = polkit_unix_session_new_for_process_sync (getpid (), NULL, error);
if (!session)
return NULL;
} else
session = polkit_unix_process_new_for_owner (getpid (), 0, getuid ());
priv->reg_handle = polkit_agent_listener_register (listener, POLKIT_AGENT_REGISTER_FLAGS_NONE,
session, NULL, NULL, error);
if (!priv->reg_handle) {
g_object_unref (listener);
g_object_unref (session);
return NULL;
}
return listener;
}
static void
shell_polkit_authentication_agent_init (ShellPolkitAuthenticationAgent *agent)
{
gpointer handle;
PolkitSubject *subject;
GError *error;
subject = NULL;
error = NULL;
subject = polkit_unix_session_new_for_process_sync (getpid (),
NULL, /* GCancellable* */
&error);
if (subject == NULL)
{
g_warning ("Error getting session for the process we are in: %s (%s %d)",
error->message,
g_quark_to_string (error->domain),
error->code);
g_error_free (error);
goto out;
}
handle = polkit_agent_listener_register (POLKIT_AGENT_LISTENER (agent),
POLKIT_AGENT_REGISTER_FLAGS_NONE,
subject,
NULL, /* use default object path */
NULL, /* GCancellable */
&error);
if (handle == NULL)
{
g_warning ("Error registering polkit authentication agent: %s (%s %d)",
error->message,
g_quark_to_string (error->domain),
error->code);
g_error_free (error);
goto out;
}
/* We don't need to register so skip saving handle */
out:
if (subject != NULL)
g_object_unref (subject);
}
gpointer
cockpit_polkit_agent_register (CockpitTransport *transport,
GCancellable *cancellable)
{
PolkitAgentListener *listener = NULL;
PolkitAuthority *authority = NULL;
PolkitSubject *subject = NULL;
GVariant *options;
GLogLevelFlags fatal;
GError *error = NULL;
gpointer handle = NULL;
guint handler = 0;
gchar *string;
authority = polkit_authority_get_sync (cancellable, &error);
if (authority == NULL)
{
g_message ("couldn't get polkit authority: %s", error->message);
goto out;
}
subject = polkit_unix_session_new_for_process_sync (getpid (), cancellable, &error);
if (subject == NULL)
{
/*
* This can happen if there's a race between the polkit request and closing of
* Cockpit. So it's not unheard of. We can complain, but not too loudly.
*/
g_message ("couldn't create polkit session subject: %s", error->message);
goto out;
}
listener = g_object_new (COCKPIT_TYPE_POLKIT_AGENT,
"transport", transport,
NULL);
options = NULL;
/*
* HACK: Work around polkitagent warning:
*
* https://bugs.freedesktop.org/show_bug.cgi?id=78193
*/
fatal = g_log_set_always_fatal (0);
handler = g_log_set_handler (NULL, G_LOG_LEVEL_WARNING, cockpit_null_log_handler, NULL);
handle = polkit_agent_listener_register_with_options (listener,
POLKIT_AGENT_REGISTER_FLAGS_NONE,
subject, NULL, options, cancellable, &error);
g_log_set_always_fatal (fatal);
g_log_remove_handler (NULL, handler);
if (error != NULL)
{
if ((g_error_matches (error, POLKIT_ERROR, POLKIT_ERROR_FAILED) &&
error->message && strstr (error->message, "already exists")) ||
g_error_matches (error, G_DBUS_ERROR, G_DBUS_ERROR_SERVICE_UNKNOWN))
{
g_debug ("couldn't register polkit agent: %s", error->message);
}
else
{
g_dbus_error_strip_remote_error (error);
g_message ("couldn't register polkit authentication agent: %s", error->message);
}
goto out;
}
string = polkit_subject_to_string (subject);
g_debug ("registered polkit authentication agent for subject: %s", string);
g_free (string);
out:
if (subject)
g_object_unref (subject);
if (authority)
g_object_unref (authority);
if (listener)
g_object_unref (listener);
g_clear_error (&error);
return handle;
}
int
main (int argc, char **argv)
{
gint ret;
GMainLoop *loop;
PolkitAgentListener *listener;
GError *error;
g_type_init ();
gtk_init (&argc, &argv);
loop = NULL;
authority = NULL;
listener = NULL;
session = NULL;
ret = 1;
bindtextdomain (GETTEXT_PACKAGE, MATELOCALEDIR);
#if HAVE_BIND_TEXTDOMAIN_CODESET
bind_textdomain_codeset (GETTEXT_PACKAGE, "UTF-8");
#endif
textdomain (GETTEXT_PACKAGE);
loop = g_main_loop_new (NULL, FALSE);
error = NULL;
authority = polkit_authority_get_sync (NULL /* GCancellable* */, &error);
if (authority == NULL)
{
g_warning ("Error getting authority: %s", error->message);
g_error_free (error);
goto out;
}
g_signal_connect (authority,
"changed",
G_CALLBACK (on_authority_changed),
NULL);
listener = polkit_mate_listener_new ();
error = NULL;
session = polkit_unix_session_new_for_process_sync (getpid (), NULL, &error);
if (error != NULL)
{
g_warning ("Unable to determine the session we are in: %s", error->message);
g_error_free (error);
goto out;
}
error = NULL;
if (!polkit_agent_register_listener (listener,
session,
"/org/mate/PolicyKit1/AuthenticationAgent",
&error))
{
g_printerr ("Cannot register authentication agent: %s\n", error->message);
g_error_free (error);
goto out;
}
update_temporary_authorization_icon (authority);
g_main_loop_run (loop);
ret = 0;
out:
if (authority != NULL)
g_object_unref (authority);
if (session != NULL)
g_object_unref (session);
if (listener != NULL)
g_object_unref (listener);
if (loop != NULL)
g_main_loop_unref (loop);
return ret;
}
