/**
* polkit_subject_from_string:
* @str: A string obtained from polkit_subject_to_string().
* @error: (allow-none): Return location for error or %NULL.
*
* Creates an object from @str that implements the #PolkitSubject
* interface.
*
* Returns: (transfer full): A #PolkitSubject or %NULL if @error is
* set. Free with g_object_unref().
*/
PolkitSubject *
polkit_subject_from_string (const gchar *str,
GError **error)
{
PolkitSubject *subject;
g_return_val_if_fail (str != NULL, NULL);
g_return_val_if_fail (error == NULL || *error == NULL, NULL);
/* TODO: we could do something with VFuncs like in g_icon_from_string() */
subject = NULL;
if (g_str_has_prefix (str, "unix-process:"))
{
gint scanned_pid;
guint64 scanned_starttime;
gint scanned_uid;
if (sscanf (str, "unix-process:%d:%" G_GUINT64_FORMAT ":%d", &scanned_pid, &scanned_starttime, &scanned_uid) == 3)
{
subject = polkit_unix_process_new_for_owner (scanned_pid, scanned_starttime, scanned_uid);
}
else if (sscanf (str, "unix-process:%d:%" G_GUINT64_FORMAT, &scanned_pid, &scanned_starttime) == 2)
{
G_GNUC_BEGIN_IGNORE_DEPRECATIONS
subject = polkit_unix_process_new_full (scanned_pid, scanned_starttime);
G_GNUC_END_IGNORE_DEPRECATIONS
}
/**
* nm_polkit_listener_new:
* @for_session: %TRUE for registering the polkit agent for the user session,
* %FALSE for registering it for the running process
* @error: location to store error, or %NULL
*
* Creates a new #NMPolkitListener and registers it as a polkit agent.
*
* Returns: a new #NMPolkitListener
*/
PolkitAgentListener *
nm_polkit_listener_new (gboolean for_session, GError **error)
{
PolkitAgentListener *listener;
PolkitSubject* session;
NMPolkitListenerPrivate *priv;
g_return_val_if_fail (error == NULL || *error == NULL, NULL);
listener = g_object_new (NM_TYPE_POLKIT_LISTENER, NULL);
priv = NM_POLKIT_LISTENER_GET_PRIVATE (listener);
if (for_session) {
session = polkit_unix_session_new_for_process_sync (getpid (), NULL, error);
if (!session)
return NULL;
} else
session = polkit_unix_process_new_for_owner (getpid (), 0, getuid ());
priv->reg_handle = polkit_agent_listener_register (listener, POLKIT_AGENT_REGISTER_FLAGS_NONE,
session, NULL, NULL, error);
if (!priv->reg_handle) {
g_object_unref (listener);
g_object_unref (session);
return NULL;
}
return listener;
}
PolkitResult polkit_check_authorization_pid(pid_t pid, const char *action_id)
{
glib_init();
PolkitSubject *subject = polkit_unix_process_new_for_owner(pid,
/*use start_time from /proc*/0,
/*use uid from /proc*/ -1);
return do_check(subject, action_id);
}
int main(void)
{
pid_t parent_pid;
GInputStream *stdin_unix_stream;
/* Nuke the environment to get a well-known and sanitized
* environment to avoid attacks via e.g. the DBUS_SYSTEM_BUS_ADDRESS
* environment variable and similar.
*/
if (clearenv () != 0) {
FATAL_ERROR("Error clearing environment: %s\n", g_strerror (errno));
return 1;
}
#if !GLIB_CHECK_VERSION(2,36,0)
g_type_init();
#endif
loop = g_main_loop_new(NULL, FALSE);
authority = polkit_authority_get_sync(NULL, NULL);
parent_pid = getppid ();
if (parent_pid == 1) {
FATAL_ERROR("Parent process was reaped by init(1)\n");
return 1;
}
/* Do what pkexec does */
subject = polkit_unix_process_new_for_owner(parent_pid, 0, getuid ());
stdin_unix_stream = g_unix_input_stream_new(STDIN_FILENO, 0);
stdin_stream = g_data_input_stream_new(stdin_unix_stream);
g_data_input_stream_set_newline_type(stdin_stream,
G_DATA_STREAM_NEWLINE_TYPE_LF);
g_clear_object(&stdin_unix_stream);
g_data_input_stream_read_line_async(stdin_stream, G_PRIORITY_DEFAULT, NULL,
stdin_read_complete, NULL);
g_main_loop_run(loop);
if (polkit_cancellable)
g_clear_object(&polkit_cancellable);
g_object_unref(stdin_stream);
g_object_unref(authority);
g_object_unref(subject);
g_main_loop_unref(loop);
return exit_status;
}
/**
* polkit_system_bus_name_get_process_sync:
* @system_bus_name: A #PolkitSystemBusName.
* @cancellable: (allow-none): A #GCancellable or %NULL.
* @error: (allow-none): Return location for error or %NULL.
*
* Synchronously gets a #PolkitUnixProcess object for @system_bus_name
* - the calling thread is blocked until a reply is received.
*
* Returns: (allow-none) (transfer full): A #PolkitUnixProcess object or %NULL if @error is set.
**/
PolkitSubject *
polkit_system_bus_name_get_process_sync (PolkitSystemBusName *system_bus_name,
GCancellable *cancellable,
GError **error)
{
PolkitSubject *ret = NULL;
guint32 pid;
guint32 uid;
g_return_val_if_fail (POLKIT_IS_SYSTEM_BUS_NAME (system_bus_name), NULL);
g_return_val_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable), NULL);
g_return_val_if_fail (error == NULL || *error == NULL, NULL);
if (!polkit_system_bus_name_get_creds_sync (system_bus_name, &uid, &pid,
cancellable, error))
goto out;
ret = polkit_unix_process_new_for_owner (pid, 0, uid);
out:
return ret;
}
