varun-r-mallya/sysprof
1
0
Fork 0
mirror of https://github.com/varun-r-mallya/sysprof.git synced 2026-02-11 07:30:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

libsysprof-profile: implement polkit checking with libdex

Browse Source 
Also, I no longer wish to try to maintain support for no-polkit. If there
is truly a system where that is something we want to support, we can bring
back the shims as a compile time alternative.
This commit is contained in:
Christian Hergert
2023-05-26 13:20:24 -07:00
parent d1bcf93922
commit fac12d657a
3 changed files with 217 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/libsysprof-profile/meson.build
View File

@ -6,6 +6,7 @@ libsysprof_profile_public_sources = [
libsysprof_profile_private_sources = [ libsysprof_profile_private_sources = [
'sysprof-controlfd-instrument.c', 'sysprof-controlfd-instrument.c',
'sysprof-polkit.c',
] ]
libsysprof_profile_public_headers = [ libsysprof_profile_public_headers = [
@ -19,6 +20,7 @@ libsysprof_profile_public_headers = [
libsysprof_profile_deps = [ libsysprof_profile_deps = [
dependency('gio-2.0', version: glib_req_version), dependency('gio-2.0', version: glib_req_version),
dependency('libdex-1', version: dex_req_version), dependency('libdex-1', version: dex_req_version),
dependency('polkit-gobject-1', version: polkit_req_version),
libsysprof_capture_dep, libsysprof_capture_dep,
] ]

34
src/libsysprof-profile/sysprof-polkit-private.h Normal file
View File

@ -0,0 +1,34 @@
/* sysprof-polkit-private.h
*
* Copyright 2023 Christian Hergert <chergert@redhat.com>
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* SPDX-License-Identifier: GPL-3.0-or-later
*/
#pragma once
#include <gio/gio.h>
#include <libdex.h>
#include <polkit/polkit.h>
G_BEGIN_DECLS
DexFuture *_sysprof_polkit_authorize (GDBusConnection *connection,
const char *policy,
PolkitDetails *details,
gboolean allow_user_interaction);
G_END_DECLS

181
src/libsysprof-profile/sysprof-polkit.c Normal file
View File

@ -0,0 +1,181 @@
/* sysprof-polkit.c
*
* Copyright 2023 Christian Hergert <chergert@redhat.com>
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* SPDX-License-Identifier: GPL-3.0-or-later
*/
#include "config.h"
#include "sysprof-polkit-private.h"
static void
sysprof_polkit_authority_cb (GObject *object,
GAsyncResult *result,
gpointer user_data)
{
g_autoptr(PolkitAuthority) authority = NULL;
g_autoptr(DexPromise) promise = user_data;
g_autoptr(GError) error = NULL;
g_assert (G_IS_ASYNC_RESULT (result));
g_assert (DEX_IS_PROMISE (promise));
if (!(authority = polkit_authority_get_finish (result, &error)))
dex_promise_reject (promise, g_steal_pointer (&error));
else
dex_promise_resolve_object (promise, g_steal_pointer (&authority));
}
static DexFuture *
_sysprof_polkit_authority (void)
{
DexPromise *promise = dex_promise_new ();
polkit_authority_get_async (dex_promise_get_cancellable (DEX_PROMISE (promise)),
sysprof_polkit_authority_cb,
dex_ref (promise));
return DEX_FUTURE (promise);
}
static void
sysprof_polkit_check_cb (GObject *object,
GAsyncResult *result,
gpointer user_data)
{
PolkitAuthority *authority = (PolkitAuthority *)object;
g_autoptr(PolkitAuthorizationResult) res = NULL;
g_autoptr(DexPromise) promise = user_data;
g_autoptr(GError) error = NULL;
g_assert (POLKIT_IS_AUTHORITY (authority));
g_assert (G_IS_ASYNC_RESULT (result));
g_assert (DEX_IS_PROMISE (promise));
if (!(res = polkit_authority_check_authorization_finish (authority, result, &error)))
dex_promise_reject (promise, g_steal_pointer (&error));
else if (!polkit_authorization_result_get_is_authorized (res))
dex_promise_reject (promise,
g_error_new (G_DBUS_ERROR,
G_DBUS_ERROR_AUTH_FAILED,
"Failed to authorize user credentials"));
else
dex_promise_resolve_boolean (promise, TRUE);
}
static DexFuture *
_sysprof_polkit_check (PolkitAuthority *authority,
PolkitSubject *subject,
const char *policy,
PolkitDetails *details,
PolkitCheckAuthorizationFlags flags)
{
DexPromise *promise = dex_promise_new ();
polkit_authority_check_authorization (authority,
subject,
policy,
details,
flags,
dex_promise_get_cancellable (DEX_PROMISE (promise)),
sysprof_polkit_check_cb,
dex_ref (promise));
return DEX_FUTURE (promise);
}
typedef struct _Authorize
{
GDBusConnection *connection;
char *policy;
PolkitDetails *details;
guint allow_user_interaction : 1;
} Authorize;
static void
authorize_free (gpointer data)
{
Authorize *auth = data;
g_clear_pointer (&auth->policy, g_free);
g_clear_object (&auth->connection);
g_clear_object (&auth->details);
g_free (auth);
}
static Authorize *
authorize_new (GDBusConnection *connection,
const char *policy,
PolkitDetails *details,
gboolean allow_user_interaction)
{
Authorize *auth;
auth = g_new0 (Authorize, 1);
g_set_object (&auth->connection, connection);
g_set_object (&auth->details, details);
auth->policy = g_strdup (policy);
auth->allow_user_interaction = !!allow_user_interaction;
return auth;
}
static DexFuture *
authorize_fiber (gpointer data)
{
g_autoptr(PolkitAuthority) authority = NULL;
g_autoptr(PolkitSubject) subject = NULL;
g_autoptr(GError) error = NULL;
const char *bus_name;
Authorize *auth = data;
guint flags = 0;
g_assert (auth != NULL);
g_assert (G_IS_DBUS_CONNECTION (auth->connection));
g_assert (!auth->details || POLKIT_IS_DETAILS (auth->details));
g_assert (auth->policy != NULL);
bus_name = g_dbus_connection_get_unique_name (auth->connection);
subject = polkit_system_bus_name_new (bus_name);
if (!(authority = dex_await_object (_sysprof_polkit_authority (), &error)))
return dex_future_new_for_error (g_steal_pointer (&error));
if (auth->allow_user_interaction)
flags |= POLKIT_CHECK_AUTHORIZATION_FLAGS_ALLOW_USER_INTERACTION;
if (!dex_await_boolean (_sysprof_polkit_check (authority, subject, auth->policy, auth->details, flags), &error))
return dex_future_new_for_error (g_steal_pointer (&error));
return dex_future_new_for_boolean (TRUE);
}
DexFuture *
_sysprof_polkit_authorize (GDBusConnection *connection,
const char *policy,
PolkitDetails *details,
gboolean allow_user_interaction)
{
g_return_val_if_fail (G_IS_DBUS_CONNECTION (connection), NULL);
g_return_val_if_fail (policy != NULL, NULL);
g_return_val_if_fail (!details || POLKIT_IS_DETAILS (details), NULL);
return dex_scheduler_spawn (NULL, 0,
authorize_fiber,
authorize_new (connection, policy, details, allow_user_interaction),
authorize_free);
}