summaryrefslogtreecommitdiff
path: root/src/shared/bus-util.c
diff options
context:
space:
mode:
authorMichael Chapman <mike@very.puzzling.org>2015-09-06 00:07:16 +1000
committerMichael Chapman <mike@very.puzzling.org>2015-09-06 00:07:16 +1000
commit403ed0e5c914f2a0a683403d8ba7eaf96e3ffcdf (patch)
tree1522b7c2adc228dda7bc9fd3d94c0d1bac9d504c /src/shared/bus-util.c
parent17258f5f27dd3dd57c36f2805e0a0c27a1aeabba (diff)
bus-util: support details in CheckAuthorization calls
Extra details for an action can be supplied when calling polkit's CheckAuthorization method. Details are a list of key/value string pairs. Custom policy can use these details when making authorization decisions.
Diffstat (limited to 'src/shared/bus-util.c')
-rw-r--r--src/shared/bus-util.c72
1 files changed, 56 insertions, 16 deletions
diff --git a/src/shared/bus-util.c b/src/shared/bus-util.c
index 1369a61458..d9cc19700e 100644
--- a/src/shared/bus-util.c
+++ b/src/shared/bus-util.c
@@ -220,6 +220,7 @@ int bus_test_polkit(
sd_bus_message *call,
int capability,
const char *action,
+ const char **details,
uid_t good_user,
bool *_challenge,
sd_bus_error *e) {
@@ -242,29 +243,52 @@ int bus_test_polkit(
return 1;
#ifdef ENABLE_POLKIT
else {
+ _cleanup_bus_message_unref_ sd_bus_message *request = NULL;
_cleanup_bus_message_unref_ sd_bus_message *reply = NULL;
int authorized = false, challenge = false;
- const char *sender;
+ const char *sender, **k, **v;
sender = sd_bus_message_get_sender(call);
if (!sender)
return -EBADMSG;
- r = sd_bus_call_method(
+ r = sd_bus_message_new_method_call(
call->bus,
+ &request,
"org.freedesktop.PolicyKit1",
"/org/freedesktop/PolicyKit1/Authority",
"org.freedesktop.PolicyKit1.Authority",
- "CheckAuthorization",
- e,
- &reply,
- "(sa{sv})sa{ss}us",
+ "CheckAuthorization");
+ if (r < 0)
+ return r;
+
+ r = sd_bus_message_append(
+ request,
+ "(sa{sv})s",
"system-bus-name", 1, "name", "s", sender,
- action,
- 0,
- 0,
- "");
+ action);
+ if (r < 0)
+ return r;
+
+ r = sd_bus_message_open_container(request, 'a', "{ss}");
+ if (r < 0)
+ return r;
+ STRV_FOREACH_PAIR(k, v, details) {
+ r = sd_bus_message_append(request, "{ss}", *k, *v);
+ if (r < 0)
+ return r;
+ }
+
+ r = sd_bus_message_close_container(request);
+ if (r < 0)
+ return r;
+
+ r = sd_bus_message_append(request, "us", 0, NULL);
+ if (r < 0)
+ return r;
+
+ r = sd_bus_call(call->bus, request, 0, e, &reply);
if (r < 0) {
/* Treat no PK available as access denied */
if (sd_bus_error_has_name(e, SD_BUS_ERROR_SERVICE_UNKNOWN)) {
@@ -354,6 +378,7 @@ int bus_verify_polkit_async(
sd_bus_message *call,
int capability,
const char *action,
+ const char **details,
bool interactive,
uid_t good_user,
Hashmap **registry,
@@ -362,7 +387,7 @@ int bus_verify_polkit_async(
#ifdef ENABLE_POLKIT
_cleanup_bus_message_unref_ sd_bus_message *pk = NULL;
AsyncPolkitQuery *q;
- const char *sender;
+ const char *sender, **k, **v;
sd_bus_message_handler_t callback;
void *userdata;
int c;
@@ -460,12 +485,27 @@ int bus_verify_polkit_async(
r = sd_bus_message_append(
pk,
- "(sa{sv})sa{ss}us",
+ "(sa{sv})s",
"system-bus-name", 1, "name", "s", sender,
- action,
- 0,
- !!interactive,
- NULL);
+ action);
+ if (r < 0)
+ return r;
+
+ r = sd_bus_message_open_container(pk, 'a', "{ss}");
+ if (r < 0)
+ return r;
+
+ STRV_FOREACH_PAIR(k, v, details) {
+ r = sd_bus_message_append(pk, "{ss}", *k, *v);
+ if (r < 0)
+ return r;
+ }
+
+ r = sd_bus_message_close_container(pk);
+ if (r < 0)
+ return r;
+
+ r = sd_bus_message_append(pk, "us", !!interactive, NULL);
if (r < 0)
return r;