UDisksLinuxProvider *linux_provider;
+ /* may be NULL if polkit is masked */
PolkitAuthority *authority;
UDisksCleanup *cleanup;
udisks_cleanup_stop (daemon->cleanup);
g_object_unref (daemon->cleanup);
- g_object_unref (daemon->authority);
+ g_clear_object (&daemon->authority);
g_object_unref (daemon->persistent_store);
g_object_unref (daemon->object_manager);
g_object_unref (daemon->linux_provider);
daemon->authority = polkit_authority_get_sync (NULL, &error);
if (daemon->authority == NULL)
{
- udisks_error ("Error initializing PolicyKit authority: %s (%s, %d)",
+ udisks_error ("Error initializing polkit authority: %s (%s, %d)",
error->message, g_quark_to_string (error->domain), error->code);
g_error_free (error);
}
*
* Gets the PolicyKit authority used by @daemon.
*
- * Returns: A #PolkitAuthority instance. Do not free, the object is owned by @daemon.
+ * Returns: A #PolkitAuthority instance or %NULL if the polkit
+ * authority is not available. Do not free, the object is owned by
+ * @daemon.
*/
PolkitAuthority *
udisks_daemon_get_authority (UDisksDaemon *daemon)
polkit_details_insert (details, key, buf);
}
+static gboolean
+check_authorization_no_polkit (UDisksDaemon *daemon,
+ UDisksObject *object,
+ const gchar *action_id,
+ GVariant *options,
+ const gchar *message,
+ GDBusMethodInvocation *invocation)
+{
+ gboolean ret = FALSE;
+ uid_t caller_uid = -1;
+ GError *error = NULL;
+
+ if (!udisks_daemon_util_get_caller_uid_sync (daemon,
+ invocation,
+ NULL, /* GCancellable* */
+ &caller_uid,
+ NULL, /* gid_t *out_gid */
+ NULL, /* gchar **out_user_name */
+ &error))
+ {
+ g_dbus_method_invocation_return_error (invocation,
+ UDISKS_ERROR,
+ UDISKS_ERROR_FAILED,
+ "Error getting uid for caller with bus name %s: %s (%s, %d)",
+ g_dbus_method_invocation_get_sender (invocation),
+ error->message, g_quark_to_string (error->domain), error->code);
+ g_clear_error (&error);
+ goto out;
+ }
+
+ /* only allow root */
+ if (caller_uid == 0)
+ {
+ ret = TRUE;
+ }
+ else
+ {
+ g_dbus_method_invocation_return_error_literal (invocation,
+ UDISKS_ERROR,
+ UDISKS_ERROR_NOT_AUTHORIZED,
+ "Not authorized to perform operation (polkit authority not available and caller is not uid 0)");
+ }
+
+ out:
+ return ret;
+}
+
/**
* udisks_daemon_util_check_authorization_sync:
* @daemon: A #UDisksDaemon.
const gchar *message,
GDBusMethodInvocation *invocation)
{
+ PolkitAuthority *authority = NULL;
PolkitSubject *subject = NULL;
PolkitDetails *details = NULL;
PolkitCheckAuthorizationFlags flags = POLKIT_CHECK_AUTHORIZATION_FLAGS_NONE;
const gchar *details_device = NULL;
gchar *details_drive = NULL;
+ authority = udisks_daemon_get_authority (daemon);
+ if (authority == NULL)
+ {
+ ret = check_authorization_no_polkit (daemon, object, action_id, options, message, invocation);
+ goto out;
+ }
+
subject = polkit_system_bus_name_new (g_dbus_method_invocation_get_sender (invocation));
if (options != NULL)
{
polkit_details_insert (details, "drive", details_drive);
error = NULL;
- result = polkit_authority_check_authorization_sync (udisks_daemon_get_authority (daemon),
+ result = polkit_authority_check_authorization_sync (authority,
subject,
action_id,
details,