/** * udisks_daemon_util_on_user_seat: * @daemon: A #UDisksDaemon. * @object: The #GDBusObject that the call is on or %NULL. * @user: The user to check for. * * Checks whether the device represented by @object (if any) is plugged into * a seat where the caller represented by @user is logged in and active. * * This works if @object is a drive or a block object. * * Returns: %TRUE if @object is on the same seat as one of @user's * active sessions, %FALSE otherwise. */ gboolean udisks_daemon_util_on_user_seat (UDisksDaemon *daemon, UDisksObject *object, uid_t user) { #if !defined(HAVE_LIBSYSTEMD_LOGIN) /* if we don't have systemd, assume it's always the same seat */ return TRUE; #else gboolean ret = FALSE; char *session = NULL; char *seat = NULL; const gchar *drive_seat; UDisksObject *drive_object = NULL; UDisksDrive *drive = NULL; /* if we don't have logind, assume it's always the same seat */ if (!LOGIND_AVAILABLE()) return TRUE; if (UDISKS_IS_LINUX_BLOCK_OBJECT (object)) { UDisksLinuxBlockObject *linux_block_object; UDisksBlock *block; linux_block_object = UDISKS_LINUX_BLOCK_OBJECT (object); block = udisks_object_get_block (UDISKS_OBJECT (linux_block_object)); if (block != NULL) { drive_object = udisks_daemon_find_object (daemon, udisks_block_get_drive (block)); g_object_unref (block); } } else if (UDISKS_IS_LINUX_DRIVE_OBJECT (object)) { drive_object = g_object_ref (object); } if (drive_object == NULL) goto out; drive = udisks_object_get_drive (UDISKS_OBJECT (drive_object)); if (drive == NULL) goto out; drive_seat = udisks_drive_get_seat (drive); if (drive_seat != NULL && sd_uid_is_on_seat (user, TRUE, drive_seat) > 0) { ret = TRUE; goto out; } out: free (seat); free (session); g_clear_object (&drive_object); g_clear_object (&drive); return ret; #endif /* HAVE_LIBSYSTEMD_LOGIN */ }
static gboolean teardown_logical_volume (UDisksLogicalVolume *volume, UDisksDaemon *daemon, GDBusMethodInvocation *invocation, GVariant *options, GError **error) { GDBusObject *volume_object; UDisksObject *group_object; UDisksVolumeGroup *group; UDisksLogicalVolume *sibling_volume; GList *siblings; GList *l; if (!udisks_linux_logical_volume_teardown_block (volume, daemon, invocation, options, error)) return FALSE; /* Recurse for pool members and snapshots. */ volume_object = g_dbus_interface_get_object (G_DBUS_INTERFACE (volume)); group_object = udisks_daemon_find_object (daemon, udisks_logical_volume_get_volume_group (volume)); if (volume_object && group_object) { group = udisks_object_peek_volume_group (group_object); if (group) { siblings = udisks_linux_volume_group_get_logical_volumes (group, daemon); for (l = siblings; l; l = l->next) { sibling_volume = UDISKS_LOGICAL_VOLUME (l->data); if (g_strcmp0 (udisks_logical_volume_get_thin_pool (sibling_volume), g_dbus_object_get_object_path (volume_object)) == 0 || g_strcmp0 (udisks_logical_volume_get_origin (sibling_volume), g_dbus_object_get_object_path (volume_object)) == 0) { if (!teardown_logical_volume (sibling_volume, daemon, invocation, options, error)) { g_list_free_full (siblings, g_object_unref); return FALSE; } } } g_list_free_full (siblings, g_object_unref); } } return TRUE; }
gchar * udisks_module_track_parent (UDisksDaemon *daemon, const gchar *path, gchar **uuid_ret) { const gchar *parent_path = NULL; const gchar *parent_uuid = NULL; UDisksObject *object; UDisksObject *lvol_object; UDisksBlockLVM2 *block_lvm2; UDisksLogicalVolume *lvol; object = udisks_daemon_find_object (daemon, path); if (object == NULL) goto out; block_lvm2 = udisks_object_peek_block_lvm2 (object); if (block_lvm2) { lvol_object = udisks_daemon_find_object (daemon, udisks_block_lvm2_get_logical_volume (block_lvm2)); if (lvol_object) { lvol = udisks_object_peek_logical_volume (lvol_object); if (lvol) { parent_uuid = udisks_logical_volume_get_uuid (lvol); parent_path = udisks_block_lvm2_get_logical_volume (block_lvm2); goto out; } } } out: g_clear_object (&object); if (uuid_ret) *uuid_ret = g_strdup (parent_uuid); return g_strdup (parent_path); }
static gboolean drive_does_not_detect_media_change (UDisksLinuxBlockObject *object) { gboolean ret = FALSE; UDisksObject *drive_object; drive_object = udisks_daemon_find_object (object->daemon, udisks_block_get_drive (object->iface_block_device)); if (drive_object != NULL) { UDisksDrive *drive = udisks_object_get_drive (drive_object); if (drive != NULL) { ret = ! udisks_drive_get_media_change_detected (drive); g_object_unref (drive); } g_object_unref (drive_object); } return ret; }
/** * udisks_daemon_util_check_authorization_sync: * @daemon: A #UDisksDaemon. * @object: (allow-none): The #GDBusObject that the call is on or %NULL. * @action_id: The action id to check for. * @options: (allow-none): A #GVariant to check for the <quote>auth.no_user_interaction</quote> option or %NULL. * @message: The message to convey (use N_). * @invocation: The invocation to check for. * * Checks if the caller represented by @invocation is authorized for * the action identified by @action_id, optionally displaying @message * if authentication is needed. Additionally, if the caller is not * authorized, the appropriate error is already returned to the caller * via @invocation. * * The calling thread is blocked for the duration of the authorization * check which could be a very long time since it may involve * presenting an authentication dialog and having a human user use * it. If <quote>auth.no_user_interaction</quote> in @options is %TRUE * no authentication dialog will be presented and the check is not * expected to take a long time. * * See <xref linkend="udisks-polkit-details"/> for the variables that * can be used in @message but note that not all variables can be used * in all checks. For example, any check involving a #UDisksDrive or a * #UDisksBlock object can safely include the fragment * <quote>$(drive)</quote> since it will always expand to the name of * the drive, e.g. <quote>INTEL SSDSA2MH080G1GC (/dev/sda1)</quote> or * the block device file e.g. <quote>/dev/vg_lucifer/lv_root</quote> * or <quote>/dev/sda1</quote>. However this won't work for operations * that isn't on a drive or block device, for example calls on the * <link linkend="gdbus-interface-org-freedesktop-UDisks2-Manager.top_of_page">Manager</link> * object. * * Returns: %TRUE if caller is authorized, %FALSE if not. */ gboolean udisks_daemon_util_check_authorization_sync (UDisksDaemon *daemon, UDisksObject *object, const gchar *action_id, GVariant *options, const gchar *message, GDBusMethodInvocation *invocation) { PolkitAuthority *authority = NULL; PolkitSubject *subject = NULL; PolkitDetails *details = NULL; PolkitCheckAuthorizationFlags flags = POLKIT_CHECK_AUTHORIZATION_FLAGS_NONE; PolkitAuthorizationResult *result = NULL; GError *error = NULL; gboolean ret = FALSE; UDisksBlock *block = NULL; UDisksDrive *drive = NULL; UDisksPartition *partition = NULL; UDisksObject *block_object = NULL; UDisksObject *drive_object = NULL; gboolean auth_no_user_interaction = FALSE; const gchar *details_device = NULL; gchar *details_drive = NULL; authority = udisks_daemon_get_authority (daemon); if (authority == NULL) { ret = check_authorization_no_polkit (daemon, object, action_id, options, message, invocation); goto out; } subject = polkit_system_bus_name_new (g_dbus_method_invocation_get_sender (invocation)); if (options != NULL) { g_variant_lookup (options, "auth.no_user_interaction", "b", &auth_no_user_interaction); } if (!auth_no_user_interaction) flags = POLKIT_CHECK_AUTHORIZATION_FLAGS_ALLOW_USER_INTERACTION; details = polkit_details_new (); polkit_details_insert (details, "polkit.message", message); polkit_details_insert (details, "polkit.gettext_domain", "udisks2"); /* Find drive associated with the block device, if any */ if (object != NULL) { block = udisks_object_get_block (object); if (block != NULL) { block_object = g_object_ref (object); drive_object = udisks_daemon_find_object (daemon, udisks_block_get_drive (block)); if (drive_object != NULL) drive = udisks_object_get_drive (drive_object); } partition = udisks_object_get_partition (object); if (drive == NULL) drive = udisks_object_get_drive (object); } if (block != NULL) details_device = udisks_block_get_preferred_device (block); /* If we have a drive, use vendor/model in the message (in addition to Block:preferred-device) */ if (drive != NULL) { gchar *s; const gchar *vendor; const gchar *model; vendor = udisks_drive_get_vendor (drive); model = udisks_drive_get_model (drive); if (vendor == NULL) vendor = ""; if (model == NULL) model = ""; if (strlen (vendor) > 0 && strlen (model) > 0) s = g_strdup_printf ("%s %s", vendor, model); else if (strlen (vendor) > 0) s = g_strdup (vendor); else s = g_strdup (model); if (block != NULL) { details_drive = g_strdup_printf ("%s (%s)", s, udisks_block_get_preferred_device (block)); } else { details_drive = s; s = NULL; } g_free (s); _safe_polkit_details_insert (details, "drive.wwn", udisks_drive_get_wwn (drive)); _safe_polkit_details_insert (details, "drive.serial", udisks_drive_get_serial (drive)); _safe_polkit_details_insert (details, "drive.vendor", udisks_drive_get_vendor (drive)); _safe_polkit_details_insert (details, "drive.model", udisks_drive_get_model (drive)); _safe_polkit_details_insert (details, "drive.revision", udisks_drive_get_revision (drive)); if (udisks_drive_get_removable (drive)) { const gchar *const *media_compat; GString *media_compat_str; const gchar *sep = ","; polkit_details_insert (details, "drive.removable", "true"); _safe_polkit_details_insert (details, "drive.removable.bus", udisks_drive_get_connection_bus (drive)); media_compat_str = g_string_new (NULL); media_compat = udisks_drive_get_media_compatibility (drive); if (media_compat) { guint i; for (i = 0; media_compat[i] && strlen(media_compat[i]); i++) { if (i) g_string_append (media_compat_str, sep); g_string_append (media_compat_str, media_compat[i]); } } _safe_polkit_details_insert (details, "drive.removable.media", media_compat_str->str); g_string_free (media_compat_str, TRUE); } } if (block != NULL) { _safe_polkit_details_insert (details, "id.type", udisks_block_get_id_type (block)); _safe_polkit_details_insert (details, "id.usage", udisks_block_get_id_usage (block)); _safe_polkit_details_insert (details, "id.version", udisks_block_get_id_version (block)); _safe_polkit_details_insert (details, "id.label", udisks_block_get_id_label (block)); _safe_polkit_details_insert (details, "id.uuid", udisks_block_get_id_uuid (block)); } if (partition != NULL) { _safe_polkit_details_insert_int (details, "partition.number", udisks_partition_get_number (partition)); _safe_polkit_details_insert (details, "partition.type", udisks_partition_get_type_ (partition)); _safe_polkit_details_insert_uint64 (details, "partition.flags", udisks_partition_get_flags (partition)); _safe_polkit_details_insert (details, "partition.name", udisks_partition_get_name (partition)); _safe_polkit_details_insert (details, "partition.uuid", udisks_partition_get_uuid (partition)); } /* Fall back to Block:preferred-device */ if (details_drive == NULL && block != NULL) details_drive = udisks_block_dup_preferred_device (block); if (details_device != NULL) polkit_details_insert (details, "device", details_device); if (details_drive != NULL) polkit_details_insert (details, "drive", details_drive); error = NULL; result = polkit_authority_check_authorization_sync (authority, subject, action_id, details, flags, NULL, /* GCancellable* */ &error); if (result == NULL) { if (error->domain != POLKIT_ERROR) { /* assume polkit authority is not available (e.g. could be the service * manager returning org.freedesktop.systemd1.Masked) */ g_error_free (error); ret = check_authorization_no_polkit (daemon, object, action_id, options, message, invocation); } else { g_dbus_method_invocation_return_error (invocation, UDISKS_ERROR, UDISKS_ERROR_FAILED, "Error checking authorization: %s (%s, %d)", error->message, g_quark_to_string (error->domain), error->code); g_error_free (error); } goto out; } if (!polkit_authorization_result_get_is_authorized (result)) { if (polkit_authorization_result_get_dismissed (result)) g_dbus_method_invocation_return_error_literal (invocation, UDISKS_ERROR, UDISKS_ERROR_NOT_AUTHORIZED_DISMISSED, "The authentication dialog was dismissed"); else g_dbus_method_invocation_return_error_literal (invocation, UDISKS_ERROR, polkit_authorization_result_get_is_challenge (result) ? UDISKS_ERROR_NOT_AUTHORIZED_CAN_OBTAIN : UDISKS_ERROR_NOT_AUTHORIZED, "Not authorized to perform operation"); goto out; } ret = TRUE; out: g_free (details_drive); g_clear_object (&block_object); g_clear_object (&drive_object); g_clear_object (&block); g_clear_object (&partition); g_clear_object (&drive); g_clear_object (&subject); g_clear_object (&details); g_clear_object (&result); return ret; }
/** * udisks_daemon_util_setup_by_user: * @daemon: A #UDisksDaemon. * @object: The #GDBusObject that the call is on or %NULL. * @user: The user in question. * * Checks whether the device represented by @object (if any) has been * setup by @user. * * Returns: %TRUE if @object has been set-up by @user, %FALSE if not. */ gboolean udisks_daemon_util_setup_by_user (UDisksDaemon *daemon, UDisksObject *object, uid_t user) { gboolean ret; UDisksBlock *block = NULL; UDisksPartition *partition = NULL; UDisksState *state; uid_t setup_by_user; UDisksObject *crypto_object; ret = FALSE; state = udisks_daemon_get_state (daemon); block = udisks_object_get_block (object); if (block == NULL) goto out; partition = udisks_object_get_partition (object); /* loop devices */ if (udisks_state_has_loop (state, udisks_block_get_device (block), &setup_by_user)) { if (setup_by_user == user) { ret = TRUE; goto out; } } /* partition of a loop device */ if (partition != NULL) { UDisksObject *partition_object = NULL; partition_object = udisks_daemon_find_object (daemon, udisks_partition_get_table (partition)); if (partition_object != NULL) { if (udisks_daemon_util_setup_by_user (daemon, partition_object, user)) { ret = TRUE; g_object_unref (partition_object); goto out; } g_object_unref (partition_object); } } /* LUKS devices */ crypto_object = udisks_daemon_find_object (daemon, udisks_block_get_crypto_backing_device (block)); if (crypto_object != NULL) { UDisksBlock *crypto_block; crypto_block = udisks_object_peek_block (crypto_object); if (udisks_state_find_unlocked_luks (state, udisks_block_get_device_number (crypto_block), &setup_by_user)) { if (setup_by_user == user) { ret = TRUE; g_object_unref (crypto_object); goto out; } } g_object_unref (crypto_object); } /* MDRaid devices */ if (g_strcmp0 (udisks_block_get_mdraid (block), "/") != 0) { uid_t started_by_user; if (udisks_state_has_mdraid (state, udisks_block_get_device_number (block), &started_by_user)) { if (started_by_user == user) { ret = TRUE; goto out; } } } out: g_clear_object (&partition); g_clear_object (&block); return ret; }
/** * udisks_daemon_util_on_same_seat: * @daemon: A #UDisksDaemon. * @object: The #GDBusObject that the call is on or %NULL. * @process: The process to check for. * * Checks whether the device represented by @object (if any) is plugged into * a seat where the caller represented by @process is logged in. * * This works if @object is a drive or a block object. * * Returns: %TRUE if @object and @process is on the same seat, %FALSE otherwise. */ gboolean udisks_daemon_util_on_same_seat (UDisksDaemon *daemon, UDisksObject *object, pid_t process) { #if !defined(HAVE_LIBSYSTEMD_LOGIN) /* if we don't have systemd, assume it's always the same seat */ return TRUE; #else gboolean ret = FALSE; char *session = NULL; char *seat = NULL; const gchar *drive_seat; UDisksObject *drive_object = NULL; UDisksDrive *drive = NULL; /* if we don't have logind, assume it's always the same seat */ if (!LOGIND_AVAILABLE()) return TRUE; if (UDISKS_IS_LINUX_BLOCK_OBJECT (object)) { UDisksLinuxBlockObject *linux_block_object; UDisksBlock *block; linux_block_object = UDISKS_LINUX_BLOCK_OBJECT (object); block = udisks_object_get_block (UDISKS_OBJECT (linux_block_object)); if (block != NULL) { drive_object = udisks_daemon_find_object (daemon, udisks_block_get_drive (block)); g_object_unref (block); } } else if (UDISKS_IS_LINUX_DRIVE_OBJECT (object)) { drive_object = g_object_ref (object); } if (drive_object == NULL) goto out; drive = udisks_object_get_drive (UDISKS_OBJECT (drive_object)); if (drive == NULL) goto out; /* It's not unexpected to not find a session, nor a seat associated with @process */ if (sd_pid_get_session (process, &session) == 0) sd_session_get_seat (session, &seat); /* If we don't know the seat of the caller, we assume the device is always on another seat */ if (seat == NULL) goto out; drive_seat = udisks_drive_get_seat (drive); if (g_strcmp0 (seat, drive_seat) == 0) { ret = TRUE; goto out; } out: free (seat); free (session); g_clear_object (&drive_object); g_clear_object (&drive); return ret; #endif /* HAVE_LIBSYSTEMD_LOGIN */ }