import less(1)
[unleashed/tickless.git] / usr / src / lib / policykit / libpolkit / common / libpolkit-rbac.c
blob8309ee2c62d50181e2397aae271db29916685ee0
1 /***************************************************************************
3 * libpolkit-rbac.c : RBAC implementation of the libpolkit API
5 * Copyright 2008 Sun Microsystems, Inc. All rights reserved.
6 * Use is subject to license terms.
8 * Licensed under the Academic Free License version 2.1
10 **************************************************************************/
12 #pragma ident "%Z%%M% %I% %E% SMI"
14 #ifdef HAVE_CONFIG_H
15 # include <config.h>
16 #endif
18 #include <stdio.h>
19 #include <stdlib.h>
20 #include <string.h>
21 #include <sys/types.h>
22 #include <pwd.h>
23 #include <grp.h>
24 #include <unistd.h>
25 #include <errno.h>
26 #include <auth_attr.h>
27 #include <secdb.h>
29 #include <glib.h>
30 #include <dbus/dbus-glib.h>
32 #include "libpolkit.h"
34 #define LIBPOLKIT_MAGIC 0x3117beef
37 #define LIBPOLKIT_CHECK_CONTEXT(_ctx_, _ret_) \
38 do { \
39 if (_ctx_ == NULL) { \
40 g_warning ("%s: given LibPolKitContext is NULL", \
41 __FUNCTION__); \
42 return _ret_; \
43 } \
44 if (_ctx_->magic != LIBPOLKIT_MAGIC) { \
45 g_warning ("%s: given LibPolKitContext is invalid (read magic 0x%08x, should be 0x%08x)", \
46 __FUNCTION__, _ctx_->magic, LIBPOLKIT_MAGIC); \
47 return _ret_; \
48 } \
49 } while(0)
52 struct LibPolKitContext_s
54 guint32 magic;
57 /** Get a new context.
59 * @return Pointer to new context or NULL if an error occured
61 LibPolKitContext *
62 libpolkit_new_context (DBusConnection *connection)
64 LibPolKitContext *ctx;
66 ctx = g_new0 (LibPolKitContext, 1);
67 ctx->magic = LIBPOLKIT_MAGIC;
69 return ctx;
72 /** Free a context
74 * @param ctx The context obtained from libpolkit_new_context
75 * @return Pointer to new context or NULL if an error occured
77 gboolean
78 libpolkit_free_context (LibPolKitContext *ctx)
80 LIBPOLKIT_CHECK_CONTEXT (ctx, FALSE);
82 ctx->magic = 0;
83 g_free (ctx);
84 return TRUE;
87 LibPolKitResult
88 libpolkit_get_allowed_resources_for_privilege_for_uid (LibPolKitContext *ctx,
89 const char *user,
90 const char *privilege,
91 GList **resources,
92 GList **restrictions,
93 int *num_non_temporary)
95 LibPolKitResult res;
96 char **resource_list;
97 int num_resources;
98 char **restriction_list;
99 int num_restrictions;
101 LIBPOLKIT_CHECK_CONTEXT (ctx, LIBPOLKIT_RESULT_INVALID_CONTEXT);
103 res = LIBPOLKIT_RESULT_ERROR;
104 *resources = NULL;
105 *restrictions = NULL;
107 res = LIBPOLKIT_RESULT_OK;
109 return res;
112 LibPolKitResult
113 libpolkit_is_uid_allowed_for_privilege (LibPolKitContext *ctx,
114 const char *system_bus_unique_name,
115 const char *user,
116 const char *privilege,
117 const char *resource,
118 gboolean *out_is_allowed,
119 gboolean *out_is_temporary,
120 char **out_is_privileged_but_restricted_to_system_bus_unique_name)
122 LibPolKitResult res;
123 const char *myresource = "";
124 const char *mysystem_bus_unique_name = "";
125 char *but_restricted_to = NULL;
126 uid_t uid;
127 struct passwd *pw;
128 char *authname;
129 int i;
130 gboolean authname_free = FALSE;
132 LIBPOLKIT_CHECK_CONTEXT (ctx, LIBPOLKIT_RESULT_INVALID_CONTEXT);
134 uid = (uid_t)atol (user);
135 if ((pw = getpwuid (uid)) == NULL) {
136 *out_is_allowed = FALSE;
137 *out_is_temporary = FALSE;
138 return LIBPOLKIT_RESULT_NO_SUCH_USER;
141 /* map PolicyKit privilege to RBAC authorization */
142 if (strcmp (privilege, "hal-storage-removable-mount") == 0) {
143 authname = "solaris.device.mount.removable";
144 } else if (strcmp (privilege, "hal-storage-removable-mount-all-options") == 0) {
145 authname = "solaris.device.mount.alloptions.removable";
146 } else if (strcmp (privilege, "hal-storage-fixed-mount") == 0) {
147 authname = "solaris.device.mount.fixed";
148 } else if (strcmp (privilege, "hal-storage-fixed-mount-all-options") == 0) {
149 authname = "solaris.device.mount.alloptions.fixed";
150 } else if (strcmp(privilege, "hal-power-suspend") == 0) {
151 authname = "solaris.system.power.suspend.ram";
152 } else if (strcmp(privilege, "hal-power-hibernate") == 0) {
153 authname = "solaris.system.power.suspend.disk";
154 } else if ((strcmp(privilege, "hal-power-shutdown") == 0) ||
155 (strcmp(privilege, "hal-power-reboot") == 0)) {
156 authname = "solaris.system.shutdown";
157 } else if (strcmp(privilege, "hal-power-cpu") == 0) {
158 authname = "solaris.system.power.cpu";
159 } else if (strcmp(privilege, "hal-power-brightness") == 0) {
160 authname = "solaris.system.power.brightness";
161 } else if (strcmp (privilege, "hal-power-cpu") == 0) {
162 authname = "solaris.system.power.cpu";
163 } else {
164 /* replace '-' with '.' */
165 authname = g_strdup (privilege);
166 authname_free = TRUE;
167 for (i = 0; i < strlen (authname); i++) {
168 if (authname[i] == '-') {
169 authname[i] = '.';
174 *out_is_allowed = (chkauthattr(authname, pw->pw_name) != 0);
175 *out_is_temporary = FALSE;
177 if (authname_free) {
178 g_free(authname);
181 return LIBPOLKIT_RESULT_OK;
184 LibPolKitResult
185 libpolkit_get_privilege_list (LibPolKitContext *ctx,
186 GList **result)
188 LibPolKitResult res;
189 char **privilege_list;
190 int num_privileges = 0;
191 int i;
193 LIBPOLKIT_CHECK_CONTEXT (ctx, LIBPOLKIT_RESULT_INVALID_CONTEXT);
195 *result = NULL;
197 for (i = 0; i < num_privileges; i++) {
198 *result = g_list_append (*result, g_strdup (privilege_list[i]));
201 res = LIBPOLKIT_RESULT_OK;
203 return res;
206 LibPolKitResult
207 libpolkit_revoke_temporary_privilege (LibPolKitContext *ctx,
208 const char *user,
209 const char *privilege,
210 const char *resource,
211 gboolean *result)
213 return LIBPOLKIT_RESULT_OK;