plugins/polkit.c - chromiumos/platform/flimflam - Git at Google

 /*
  *
  *  Connection Manager
  *
  *  Copyright (C) 2007-2009  Intel Corporation. All rights reserved.
  *
  *  This program is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU General Public License version 2 as
  *  published by the Free Software Foundation.
  *
  *  This program is distributed in the hope that it will be useful,
  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  *  GNU General Public License for more details.
  *
  *  You should have received a copy of the GNU General Public License
  *  along with this program; if not, write to the Free Software
  *  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
  *
  */

 #ifdef HAVE_CONFIG_H
 #include <config.h>
 #endif

 #include <errno.h>

 #include <glib.h>
 #include <polkit-dbus/polkit-dbus.h>

 #define CONNMAN_API_SUBJECT_TO_CHANGE
 #include <connman/plugin.h>
 #include <connman/security.h>
 #include <connman/dbus.h>
 #include <connman/log.h>

 #define ACTION_MODIFY "org.chromium.flimflam.modify"
 #define ACTION_SECRET "org.chromium.flimflam.secret"

 #define	_DBG_POLKIT(fmt, arg...)	DBG(DBG_SECURITY, fmt, ## arg)

 static DBusConnection *connection;
 static PolKitContext *polkit_context;

 static int polkit_authorize(const char *sender,
 				enum connman_security_privilege privilege)
 {
 	DBusError error;
 	PolKitCaller *caller;
 	PolKitAction *action;
 	PolKitResult result;
 	const char *id = NULL;

 	_DBG_POLKIT("sender %s", sender);

 	switch (privilege) {
 	case CONNMAN_SECURITY_PRIVILEGE_PUBLIC:
 		return 0;
 	case CONNMAN_SECURITY_PRIVILEGE_MODIFY:
 		id = ACTION_MODIFY;
 		break;
 	case CONNMAN_SECURITY_PRIVILEGE_SECRET:
 		id = ACTION_SECRET;
 		break;
 	}

 	dbus_error_init(&error);

 	caller = polkit_caller_new_from_dbus_name(connection, sender, &error);
 	if (caller == NULL) {
 		if (dbus_error_is_set(&error) == TRUE) {
 			connman_error("%s", error.message);
 			dbus_error_free(&error);
 		} else
 			connman_error("Failed to get caller information");
 		return -EIO;
 	}

 	action = polkit_action_new();
 	polkit_action_set_action_id(action, id);

 	result = polkit_context_is_caller_authorized(polkit_context,
 						action, caller, TRUE, NULL);

 	polkit_action_unref(action);
 	polkit_caller_unref(caller);

 	_DBG_POLKIT("result %s", polkit_result_to_string_representation(result));

 	if (result == POLKIT_RESULT_NO)
 		return -EPERM;

 	return 0;
 }

 static struct connman_security polkit_security = {
 	.name			= "polkit",
 	.authorize_sender	= polkit_authorize,
 };

 static gboolean watch_event(GIOChannel *channel, GIOCondition condition,
 							gpointer user_data)
 {
 	PolKitContext *context = user_data;
 	int fd;

 	_DBG_POLKIT("context %p", context);

 	fd = g_io_channel_unix_get_fd(channel);

 	polkit_context_io_func(context, fd);

 	return TRUE;
 }

 static int add_watch(PolKitContext *context, int fd)
 {
 	GIOChannel *channel;
 	guint id = 0;

 	_DBG_POLKIT("context %p", context);

 	channel = g_io_channel_unix_new(fd);
 	if (channel == NULL)
 		return 0;

 	id = g_io_add_watch(channel, G_IO_IN, watch_event, context);

 	g_io_channel_unref(channel);

 	return id;
 }

 static void remove_watch(PolKitContext *context, int id)
 {
 	_DBG_POLKIT("context %p", context);

 	g_source_remove(id);
 }

 static int polkit_init(void)
 {
 	int err;

 	connection = connman_dbus_get_connection();
 	if (connection == NULL)
 		return -EIO;

 	polkit_context = polkit_context_new();

 	polkit_context_set_io_watch_functions(polkit_context,
 						add_watch, remove_watch);

 	if (polkit_context_init(polkit_context, NULL) == FALSE) {
 		connman_error("Can't initialize PolicyKit");
 		polkit_context_unref(polkit_context);
 		dbus_connection_unref(connection);
 		return -EIO;
 	}

 	err = connman_security_register(&polkit_security);
 	if (err < 0) {
 		polkit_context_unref(polkit_context);
 		dbus_connection_unref(connection);
 		return err;
 	}

 	return 0;
 }

 static void polkit_exit(void)
 {
 	connman_security_unregister(&polkit_security);

 	polkit_context_unref(polkit_context);

 	dbus_connection_unref(connection);
 }

 CONNMAN_PLUGIN_DEFINE(polkit, "PolicyKit authorization plugin", VERSION,
 		CONNMAN_PLUGIN_PRIORITY_DEFAULT, polkit_init, polkit_exit)
	/*
	*
	* Connection Manager
	*
	* Copyright (C) 2007-2009 Intel Corporation. All rights reserved.
	*
	* This program is free software; you can redistribute it and/or modify
	* it under the terms of the GNU General Public License version 2 as
	* published by the Free Software Foundation.
	*
	* This program is distributed in the hope that it will be useful,
	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	* GNU General Public License for more details.
	*
	* You should have received a copy of the GNU General Public License
	* along with this program; if not, write to the Free Software
	* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	*
	*/

	#ifdef HAVE_CONFIG_H
	#include <config.h>
	#endif

	#include <errno.h>

	#include <glib.h>
	#include <polkit-dbus/polkit-dbus.h>

	#define CONNMAN_API_SUBJECT_TO_CHANGE
	#include <connman/plugin.h>
	#include <connman/security.h>
	#include <connman/dbus.h>
	#include <connman/log.h>

	#define ACTION_MODIFY "org.chromium.flimflam.modify"
	#define ACTION_SECRET "org.chromium.flimflam.secret"

	#define _DBG_POLKIT(fmt, arg...) DBG(DBG_SECURITY, fmt, ## arg)

	static DBusConnection *connection;
	static PolKitContext *polkit_context;

	static int polkit_authorize(const char *sender,
	enum connman_security_privilege privilege)
	{
	DBusError error;
	PolKitCaller *caller;
	PolKitAction *action;
	PolKitResult result;
	const char *id = NULL;

	_DBG_POLKIT("sender %s", sender);

	switch (privilege) {
	case CONNMAN_SECURITY_PRIVILEGE_PUBLIC:
	return 0;
	case CONNMAN_SECURITY_PRIVILEGE_MODIFY:
	id = ACTION_MODIFY;
	break;
	case CONNMAN_SECURITY_PRIVILEGE_SECRET:
	id = ACTION_SECRET;
	break;
	}

	dbus_error_init(&error);

	caller = polkit_caller_new_from_dbus_name(connection, sender, &error);
	if (caller == NULL) {
	if (dbus_error_is_set(&error) == TRUE) {
	connman_error("%s", error.message);
	dbus_error_free(&error);
	} else
	connman_error("Failed to get caller information");
	return -EIO;
	}

	action = polkit_action_new();
	polkit_action_set_action_id(action, id);

	result = polkit_context_is_caller_authorized(polkit_context,
	action, caller, TRUE, NULL);

	polkit_action_unref(action);
	polkit_caller_unref(caller);

	_DBG_POLKIT("result %s", polkit_result_to_string_representation(result));

	if (result == POLKIT_RESULT_NO)
	return -EPERM;

	return 0;
	}

	static struct connman_security polkit_security = {
	.name = "polkit",
	.authorize_sender = polkit_authorize,
	};

	static gboolean watch_event(GIOChannel *channel, GIOCondition condition,
	gpointer user_data)
	{
	PolKitContext *context = user_data;
	int fd;

	_DBG_POLKIT("context %p", context);

	fd = g_io_channel_unix_get_fd(channel);

	polkit_context_io_func(context, fd);

	return TRUE;
	}

	static int add_watch(PolKitContext *context, int fd)
	{
	GIOChannel *channel;
	guint id = 0;

	_DBG_POLKIT("context %p", context);

	channel = g_io_channel_unix_new(fd);
	if (channel == NULL)
	return 0;

	id = g_io_add_watch(channel, G_IO_IN, watch_event, context);

	g_io_channel_unref(channel);

	return id;
	}

	static void remove_watch(PolKitContext *context, int id)
	{
	_DBG_POLKIT("context %p", context);

	g_source_remove(id);
	}

	static int polkit_init(void)
	{
	int err;

	connection = connman_dbus_get_connection();
	if (connection == NULL)
	return -EIO;

	polkit_context = polkit_context_new();

	polkit_context_set_io_watch_functions(polkit_context,
	add_watch, remove_watch);

	if (polkit_context_init(polkit_context, NULL) == FALSE) {
	connman_error("Can't initialize PolicyKit");
	polkit_context_unref(polkit_context);
	dbus_connection_unref(connection);
	return -EIO;
	}

	err = connman_security_register(&polkit_security);
	if (err < 0) {
	polkit_context_unref(polkit_context);
	dbus_connection_unref(connection);
	return err;
	}

	return 0;
	}

	static void polkit_exit(void)
	{
	connman_security_unregister(&polkit_security);

	polkit_context_unref(polkit_context);

	dbus_connection_unref(connection);
	}

	CONNMAN_PLUGIN_DEFINE(polkit, "PolicyKit authorization plugin", VERSION,
	CONNMAN_PLUGIN_PRIORITY_DEFAULT, polkit_init, polkit_exit)