SulinOS
/
scom


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100
							/*
 *
 * Copyright (c) 2016-2018, Suleyman POYRAZ (AquilaNipalensis)
 *
 * Permission is hereby granted, free of charge, to any person
 * obtaining a copy of this software and associated documentation
 * files (the "Software"), to deal in the Software without
 * restriction, including without limitation the rights to use, copy,
 * modify, merge, publish, distribute, sublicense, and/or sell copies
 * of the Software, and to permit persons to whom the Software is
 * furnished to do so, subject to the following conditions:
 *
 * The above copyright notice and this permission notice shall be
 * included in all copies or substantial portions of the Software.
 *
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
 * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
 * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
 * DEALINGS IN THE SOFTWARE.
 *
 */

#include "log.h"
#include "bus.h"
#include "script.h"
#include "policy.h"

//! Check if sender is allowed to call method
int
policy_check(const char *sender, const char *action, int *result)
{
    /*!
     *
     * @sender Bus name of the sender
     * @result PK result
     * @return 0 on success, 1 on error
     */

    DBusConnection *conn;
    DBusError err;
    int uid = -1;

    *result = POLICY_NO;

    dbus_error_init(&err);

    conn = dbus_bus_get_private(DBUS_BUS_SYSTEM, &err);
    if (dbus_error_is_set(&err)) {
        log_error("Unable to open DBus connection to query PolicyKit: %s\n", err.message);
        dbus_error_free(&err);
        return -1;
    }

    // If UID is 0, don't query PolicyKit
    uid = dbus_bus_get_unix_user(conn, sender, &err);
    if (dbus_error_is_set(&err)) {
        log_error("Unable to get caller UID: %s\n", err.message);
        dbus_error_free(&err);
        return -1;
    }
    if (uid == 0) {
        *result = POLICY_YES;
        return 0;
    }

    PyObject *subject = PyTuple_New(2);
    PyTuple_SetItem(subject, 0, PyBytes_FromString("system-bus-name"));
    PyObject *details = PyDict_New();
    PyDict_SetItemString(details, "name", PyBytes_FromString(sender));
    PyTuple_SetItem(subject, 1, details);

    PyObject *details2 = PyDict_New();

    PyObject *obj = PyTuple_New(5);
    PyTuple_SetItem(obj, 0, subject);
    PyTuple_SetItem(obj, 1, PyBytes_FromString(action));
    PyTuple_SetItem(obj, 2, details2);
    PyTuple_SetItem(obj, 3, PyLong_FromLong((long) 1));
    PyTuple_SetItem(obj, 4, PyBytes_FromString("abc"));

    PyObject *ret = bus_execute2(conn, "org.freedesktop.PolicyKit1", "/org/freedesktop/PolicyKit1/Authority", "org.freedesktop.PolicyKit1.Authority", "CheckAuthorization", obj, -1, "(sa{sv})sa{ss}us");

    if (!ret) {
        char *eStr, *vStr;
        py_catch(&eStr, &vStr, 1);
        *result = POLICY_NO;
        return 0;
    }

    if (PyTuple_GetItem(ret, 0) == Py_True) {
        *result = POLICY_YES;
    }

    return 0;
}