]>
Commit | Line | Data |
---|---|---|
40ca29a1 LP |
1 | /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/ |
2 | ||
3 | /*** | |
4 | This file is part of systemd. | |
5 | ||
6 | Copyright 2013 Lennart Poettering | |
7 | ||
8 | systemd is free software; you can redistribute it and/or modify it | |
9 | under the terms of the GNU Lesser General Public License as published by | |
10 | the Free Software Foundation; either version 2.1 of the License, or | |
11 | (at your option) any later version. | |
12 | ||
13 | systemd is distributed in the hope that it will be useful, but | |
14 | WITHOUT ANY WARRANTY; without even the implied warranty of | |
15 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
16 | Lesser General Public License for more details. | |
17 | ||
18 | You should have received a copy of the GNU Lesser General Public License | |
19 | along with systemd; If not, see <http://www.gnu.org/licenses/>. | |
20 | ***/ | |
21 | ||
22 | #include "sd-event.h" | |
23 | #include "sd-bus.h" | |
24 | ||
25 | #include "util.h" | |
26 | #include "macro.h" | |
27 | #include "def.h" | |
28 | ||
29 | #include "bus-util.h" | |
30 | ||
31 | static int quit_callback(sd_bus *bus, sd_bus_message *m, void *userdata) { | |
32 | sd_event *e = userdata; | |
33 | ||
34 | assert(bus); | |
35 | assert(m); | |
36 | assert(e); | |
37 | ||
38 | sd_event_request_quit(e); | |
39 | return 1; | |
40 | } | |
41 | ||
42 | int bus_async_unregister_and_quit(sd_event *e, sd_bus *bus, const char *name) { | |
43 | _cleanup_free_ char *match = NULL; | |
44 | int r; | |
45 | ||
46 | assert(e); | |
47 | assert(bus); | |
48 | assert(name); | |
49 | ||
50 | r = asprintf(&match, "type='signal',sender='org.freedesktop.DBus',interface='org.freedesktop.DBus',member='NameLost',arg0='%s'", name); | |
51 | if (r < 0) | |
52 | return r; | |
53 | ||
54 | r = sd_bus_add_match(bus, match, quit_callback, e); | |
55 | if (r < 0) | |
56 | return r; | |
57 | ||
58 | r = sd_bus_release_name(bus, name); | |
59 | if (r < 0) | |
60 | return r; | |
61 | ||
62 | if (r != SD_BUS_NAME_RELEASED) | |
63 | return -EIO; | |
64 | ||
65 | return 0; | |
66 | } | |
67 | ||
68 | int bus_event_loop_with_idle(sd_event *e, sd_bus *bus, const char *name, usec_t timeout) { | |
69 | bool exiting = false; | |
70 | int r; | |
71 | ||
72 | assert(e); | |
73 | assert(bus); | |
74 | assert(name); | |
75 | ||
76 | for (;;) { | |
77 | r = sd_event_get_state(e); | |
78 | if (r < 0) | |
79 | return r; | |
80 | ||
81 | if (r == SD_EVENT_FINISHED) | |
82 | break; | |
83 | ||
84 | r = sd_event_run(e, exiting ? (uint64_t) -1 : 5 * USEC_PER_SEC /* DEFAULT_EXIT_USEC */); | |
85 | if (r < 0) | |
86 | return r; | |
87 | ||
88 | if (r == 0 && !exiting) { | |
89 | r = bus_async_unregister_and_quit(e, bus, name); | |
90 | if (r < 0) | |
91 | return r; | |
92 | ||
93 | exiting = true; | |
94 | } | |
95 | } | |
96 | ||
97 | return 0; | |
98 | } | |
99 | ||
100 | int bus_property_get_tristate( | |
101 | sd_bus *bus, | |
102 | const char *path, | |
103 | const char *interface, | |
104 | const char *property, | |
105 | sd_bus_message *reply, | |
106 | sd_bus_error *error, | |
107 | void *userdata) { | |
108 | ||
109 | int *tristate = userdata; | |
110 | int r; | |
111 | ||
112 | r = sd_bus_message_append(reply, "b", *tristate > 0); | |
113 | if (r < 0) | |
114 | return r; | |
115 | ||
116 | return 1; | |
117 | } | |
118 | ||
119 | int bus_verify_polkit( | |
120 | sd_bus *bus, | |
121 | sd_bus_message *m, | |
122 | const char *action, | |
123 | bool interactive, | |
124 | bool *_challenge, | |
125 | sd_bus_error *e) { | |
126 | ||
127 | const char *sender; | |
128 | uid_t uid; | |
129 | int r; | |
130 | ||
131 | assert(bus); | |
132 | assert(m); | |
133 | assert(action); | |
134 | ||
135 | sender = sd_bus_message_get_sender(m); | |
136 | if (!sender) | |
137 | return -EBADMSG; | |
138 | ||
139 | r = sd_bus_get_owner_uid(bus, sender, &uid); | |
140 | if (r < 0) | |
141 | return r; | |
142 | ||
143 | if (uid == 0) | |
144 | return 1; | |
145 | ||
146 | #ifdef ENABLE_POLKIT | |
147 | else { | |
148 | _cleanup_bus_message_unref_ sd_bus_message *reply = NULL; | |
149 | bool authorized = false, challenge = false; | |
150 | ||
151 | r = sd_bus_call_method( | |
152 | bus, | |
153 | "org.freedesktop.PolicyKit1", | |
154 | "/org/freedesktop/PolicyKit1/Authority", | |
155 | "org.freedesktop.PolicyKit1.Authority", | |
156 | "CheckAuthorization", | |
157 | e, | |
158 | &reply, | |
159 | "(sa{sv})sa{ss}us", | |
160 | "system-bus-name", 1, "name", "s", sender, | |
161 | action, | |
162 | 0, | |
163 | interactive ? 1 : 0, | |
164 | ""); | |
165 | ||
166 | if (r < 0) { | |
167 | /* Treat no PK available as access denied */ | |
168 | if (sd_bus_error_has_name(e, SD_BUS_ERROR_SERVICE_UNKNOWN)) { | |
169 | sd_bus_error_free(e); | |
170 | return -EACCES; | |
171 | } | |
172 | ||
173 | return r; | |
174 | } | |
175 | ||
176 | r = sd_bus_message_read(reply, "(bb)", &authorized, &challenge); | |
177 | if (r < 0) | |
178 | return r; | |
179 | ||
180 | if (authorized) | |
181 | return 1; | |
182 | ||
183 | if (_challenge) { | |
184 | *_challenge = challenge; | |
185 | return 0; | |
186 | } | |
187 | } | |
188 | #endif | |
189 | ||
190 | return -EACCES; | |
191 | } | |
192 | ||
193 | #ifdef ENABLE_POLKIT | |
194 | ||
195 | typedef struct AsyncPolkitQuery { | |
196 | sd_bus_message *request, *reply; | |
197 | sd_bus_message_handler_t callback; | |
198 | void *userdata; | |
199 | uint64_t serial; | |
200 | } AsyncPolkitQuery; | |
201 | ||
202 | static int async_polkit_callback(sd_bus *bus, sd_bus_message *reply, void *userdata) { | |
203 | AsyncPolkitQuery *q = userdata; | |
204 | _cleanup_bus_message_unref_ sd_bus_message *m = NULL; | |
205 | int r; | |
206 | ||
207 | assert(bus); | |
208 | assert(reply); | |
209 | assert(q); | |
210 | ||
211 | q->reply = sd_bus_message_ref(reply); | |
212 | q->serial = 0; | |
213 | ||
214 | m = sd_bus_message_ref(q->request); | |
215 | ||
216 | r = sd_bus_message_rewind(m, true); | |
217 | if (r < 0) | |
218 | return r; | |
219 | ||
220 | r = q->callback(bus, m, q->userdata); | |
221 | if (r < 0) | |
222 | return r; | |
223 | ||
224 | return 1; | |
225 | } | |
226 | ||
227 | static void async_polkit_query_free(sd_bus *b, AsyncPolkitQuery *q) { | |
228 | ||
229 | if (!q) | |
230 | return; | |
231 | ||
232 | if (q->serial > 0 && b) | |
233 | sd_bus_send_with_reply_cancel(b, q->serial); | |
234 | ||
235 | sd_bus_message_unref(q->request); | |
236 | sd_bus_message_unref(q->reply); | |
237 | free(q); | |
238 | } | |
239 | ||
240 | #endif | |
241 | ||
242 | int bus_verify_polkit_async( | |
243 | sd_bus *bus, | |
244 | Hashmap **registry, | |
245 | sd_bus_message *m, | |
246 | const char *action, | |
247 | bool interactive, | |
248 | sd_bus_error *error, | |
249 | sd_bus_message_handler_t callback, | |
250 | void *userdata) { | |
251 | ||
252 | #ifdef ENABLE_POLKIT | |
253 | _cleanup_bus_message_unref_ sd_bus_message *pk = NULL; | |
254 | AsyncPolkitQuery *q; | |
255 | #endif | |
256 | const char *sender; | |
257 | uid_t uid; | |
258 | int r; | |
259 | ||
260 | assert(bus); | |
261 | assert(registry); | |
262 | assert(m); | |
263 | assert(action); | |
264 | ||
265 | #ifdef ENABLE_POLKIT | |
266 | q = hashmap_remove(*registry, m); | |
267 | if (q) { | |
268 | bool authorized, challenge; | |
269 | ||
270 | /* This is the second invocation of this function, and | |
271 | * there's already a response from polkit, let's | |
272 | * process it */ | |
273 | assert(q->reply); | |
274 | ||
275 | if (sd_bus_message_is_method_error(q->reply, NULL)) { | |
276 | const sd_bus_error *e; | |
277 | ||
278 | /* Treat no PK available as access denied */ | |
279 | if (sd_bus_message_is_method_error(q->reply, SD_BUS_ERROR_SERVICE_UNKNOWN)) { | |
280 | async_polkit_query_free(bus, q); | |
281 | return -EACCES; | |
282 | } | |
283 | ||
284 | e = sd_bus_message_get_error(q->reply); | |
285 | sd_bus_error_copy(error, e); | |
286 | r = sd_bus_error_get_errno(e); | |
287 | ||
288 | async_polkit_query_free(bus, q); | |
289 | return r; | |
290 | } | |
291 | ||
292 | r = sd_bus_message_enter_container(q->reply, 'r', "bba{ss}"); | |
293 | if (r >= 0) | |
294 | r = sd_bus_message_read(q->reply, "bb", &authorized, &challenge); | |
295 | ||
296 | async_polkit_query_free(bus, q); | |
297 | ||
298 | if (r < 0) | |
299 | return r; | |
300 | ||
301 | if (authorized) | |
302 | return 1; | |
303 | ||
304 | return -EACCES; | |
305 | } | |
306 | #endif | |
307 | ||
308 | sender = sd_bus_message_get_sender(m); | |
309 | if (!sender) | |
310 | return -EBADMSG; | |
311 | ||
312 | r = sd_bus_get_owner_uid(bus, sender, &uid); | |
313 | if (r < 0) | |
314 | return r; | |
315 | ||
316 | if (uid == 0) | |
317 | return 1; | |
318 | #ifdef ENABLE_POLKIT | |
319 | ||
320 | r = hashmap_ensure_allocated(registry, trivial_hash_func, trivial_compare_func); | |
321 | if (r < 0) | |
322 | return r; | |
323 | ||
324 | r = sd_bus_message_new_method_call( | |
325 | bus, | |
326 | "org.freedesktop.PolicyKit1", | |
327 | "/org/freedesktop/PolicyKit1/Authority", | |
328 | "org.freedesktop.PolicyKit1.Authority", | |
329 | "CheckAuthorization", | |
330 | &pk); | |
331 | if (r < 0) | |
332 | return r; | |
333 | ||
334 | r = sd_bus_message_append( | |
335 | pk, | |
336 | "(sa{sv})sa{ss}us", | |
337 | "system-bus-name", 1, "name", "s", sender, | |
338 | action, | |
339 | 0, | |
340 | interactive ? 1 : 0, | |
341 | ""); | |
342 | if (r < 0) | |
343 | return r; | |
344 | ||
345 | q = new0(AsyncPolkitQuery, 1); | |
346 | if (!q) | |
347 | return -ENOMEM; | |
348 | ||
349 | q->request = sd_bus_message_ref(m); | |
350 | q->callback = callback; | |
351 | q->userdata = userdata; | |
352 | ||
353 | r = hashmap_put(*registry, m, q); | |
354 | if (r < 0) { | |
355 | async_polkit_query_free(bus, q); | |
356 | return r; | |
357 | } | |
358 | ||
359 | r = sd_bus_send_with_reply(bus, pk, async_polkit_callback, q, 0, &q->serial); | |
360 | if (r < 0) | |
361 | return r; | |
362 | ||
363 | return 0; | |
364 | #endif | |
365 | ||
366 | return -EACCES; | |
367 | } | |
368 | ||
369 | void bus_verify_polkit_async_registry_free(sd_bus *bus, Hashmap *registry) { | |
370 | #ifdef ENABLE_POLKIT | |
371 | AsyncPolkitQuery *q; | |
372 | ||
373 | while ((q = hashmap_steal_first(registry))) | |
374 | async_polkit_query_free(bus, q); | |
375 | ||
376 | hashmap_free(registry); | |
377 | #endif | |
378 | } |