45#include <sys/socket.h>
54#if defined(HAVE_POLKIT) && defined(SO_PEERCRED)
56#include <polkit/polkit.h>
59extern bool disable_polkit;
62unsigned IsClientAuthorized(
int socket,
const char* action,
const char* reader)
67 PolkitSubject *subject;
68 PolkitAuthority *authority;
69 PolkitAuthorizationResult *result;
70 PolkitDetails *details;
72 char action_name[128];
77 snprintf(action_name,
sizeof(action_name),
"org.debian.pcsc-lite.%s", action);
80 ret = getsockopt(socket, SOL_SOCKET, SO_PEERCRED, &cr, &cr_len);
84 Log2(PCSC_LOG_CRITICAL,
85 "Error obtaining client process credentials: %s", strerror(e));
89 authority = polkit_authority_get_sync(NULL, &error);
90 if (authority == NULL)
92 Log2(PCSC_LOG_CRITICAL,
"polkit_authority_get_sync failed: %s",
98 subject = polkit_unix_process_new_for_owner(cr.pid, 0, cr.uid);
101 Log1(PCSC_LOG_CRITICAL,
"polkit_unix_process_new_for_owner failed");
106 details = polkit_details_new();
109 Log1(PCSC_LOG_CRITICAL,
"polkit_details_new failed");
115 polkit_details_insert(details,
"reader", reader);
117 result = polkit_authority_check_authorization_sync(authority, subject,
118 action_name, details,
119 POLKIT_CHECK_AUTHORIZATION_FLAGS_ALLOW_USER_INTERACTION,
125 Log2(PCSC_LOG_CRITICAL,
"Error in authorization: %s", error->message);
131 if (polkit_authorization_result_get_is_authorized(result))
143 Log4(PCSC_LOG_CRITICAL,
144 "Process %u (user: %u) is NOT authorized for action: %s",
145 (
unsigned)cr.pid, (
unsigned)cr.uid, action);
149 g_object_unref(result);
151 g_object_unref(subject);
153 g_object_unref(details);
155 g_object_unref(authority);
162unsigned IsClientAuthorized(
int socket,
const char* action,
const char* reader)