static gboolean check_polkit_for_action (GConfDefaults *mechanism, DBusGMethodInvocation *context, const char *action) { const char *sender; GError *error; DBusError dbus_error; PolKitCaller *pk_caller; PolKitAction *pk_action; PolKitResult pk_result; error = NULL; /* Check that caller is privileged */ sender = dbus_g_method_get_sender (context); dbus_error_init (&dbus_error); pk_caller = polkit_caller_new_from_dbus_name ( dbus_g_connection_get_connection (mechanism->priv->system_bus_connection), sender, &dbus_error); if (pk_caller == NULL) { error = g_error_new (GCONF_DEFAULTS_ERROR, GCONF_DEFAULTS_ERROR_GENERAL, "Error getting information about caller: %s: %s", dbus_error.name, dbus_error.message); dbus_error_free (&dbus_error); dbus_g_method_return_error (context, error); g_error_free (error); return FALSE; } pk_action = polkit_action_new (); polkit_action_set_action_id (pk_action, action); pk_result = polkit_context_is_caller_authorized (mechanism->priv->pol_ctx, pk_action, pk_caller, TRUE, NULL); polkit_caller_unref (pk_caller); if (pk_result != POLKIT_RESULT_YES) { dbus_error_init (&dbus_error); polkit_dbus_error_generate (pk_action, pk_result, &dbus_error); dbus_set_g_error (&error, &dbus_error); dbus_g_method_return_error (context, error); dbus_error_free (&dbus_error); g_error_free (error); polkit_action_unref (pk_action); return FALSE; } polkit_action_unref (pk_action); return TRUE; }
static gboolean _check_polkit_for_action (GnomeClockAppletMechanism *mechanism, DBusGMethodInvocation *context, const char *action) { const char *sender; GError *error; DBusError dbus_error; PolKitCaller *pk_caller; PolKitAction *pk_action; PolKitResult pk_result; error = NULL; /* Check that caller is privileged */ sender = dbus_g_method_get_sender (context); dbus_error_init (&dbus_error); pk_caller = polkit_caller_new_from_dbus_name ( dbus_g_connection_get_connection (mechanism->priv->system_bus_connection), sender, &dbus_error); if (pk_caller == NULL) { error = g_error_new (GNOME_CLOCK_APPLET_MECHANISM_ERROR, GNOME_CLOCK_APPLET_MECHANISM_ERROR_GENERAL, "Error getting information about caller: %s: %s", dbus_error.name, dbus_error.message); dbus_error_free (&dbus_error); dbus_g_method_return_error (context, error); g_error_free (error); return FALSE; } pk_action = polkit_action_new (); polkit_action_set_action_id (pk_action, action); pk_result = polkit_context_can_caller_do_action (mechanism->priv->pol_ctx, pk_action, pk_caller); polkit_caller_unref (pk_caller); polkit_action_unref (pk_action); if (pk_result != POLKIT_RESULT_YES) { error = g_error_new (GNOME_CLOCK_APPLET_MECHANISM_ERROR, GNOME_CLOCK_APPLET_MECHANISM_ERROR_NOT_PRIVILEGED, "%s %s <-- (action, result)", action, polkit_result_to_string_representation (pk_result)); dbus_error_free (&dbus_error); dbus_g_method_return_error (context, error); g_error_free (error); return FALSE; } return TRUE; }
//! Check if sender is allowed to call method int policy_check(const char *sender, const char *action, PolKitResult *result) { /*! * * @sender Bus name of the sender * @result PK result * @return 0 on success, 1 on error */ DBusConnection *conn; DBusError err; PolKitContext *polkit_ctx; PolKitCaller *polkit_clr; PolKitAction *polkit_act; PolKitError *perr; int uid = -1; *result = (PolKitResult) POLKIT_RESULT_NO; dbus_error_init(&err); conn = dbus_bus_get_private(DBUS_BUS_SYSTEM, &err); if (dbus_error_is_set(&err)) { log_error("Unable to open connection to query PolicyKit: %s\n", err.message); dbus_error_free(&err); return -1; } // If UID is 0, don't query PolicyKit uid = dbus_bus_get_unix_user(conn, sender, &err); if (dbus_error_is_set(&err)) { log_error("Unable to get caller UID: %s\n", err.message); dbus_error_free(&err); return -1; } if (uid == 0) { *result = (PolKitResult) POLKIT_RESULT_YES; return 0; } polkit_ctx = polkit_context_new(); if (!polkit_context_init(polkit_ctx, &perr)) { log_error("Unable to initialize PK context: %s\n", polkit_error_get_error_message(perr)); polkit_error_free(perr); return -1; } polkit_clr = polkit_caller_new_from_dbus_name(conn, sender, &err); if (dbus_error_is_set(&err)) { log_error("Unable to get caller info: %s\n", err.message); dbus_error_free(&err); return -1; } if (!polkit_action_validate_id(action)) { log_error("Unable to query PolicyKit, action is not valid: %s\n", action); return -1; } polkit_act = polkit_action_new(); polkit_action_set_action_id(polkit_act, action); *result = polkit_context_is_caller_authorized(polkit_ctx, polkit_act, polkit_clr, FALSE, &perr); return 0; }