45#include <sys/socket.h>
56#if defined(SO_PEERCRED) || defined(LOCAL_PEERCRED)
58#include <polkit/polkit.h>
64typedef struct xucred platform_cred;
65#define CRED_PID(uc) (uc).cr_pid
66#define CRED_UID(uc) (uc).cr_uid
70typedef struct ucred platform_cred;
71#define CRED_PID(uc) (uc).pid
72#define CRED_UID(uc) (uc).uid
76extern bool disable_polkit;
79unsigned IsClientAuthorized(
int socket,
const char* action,
const char* reader)
84 PolkitSubject *subject;
85 PolkitAuthority *authority;
86 PolkitAuthorizationResult *result;
87 PolkitDetails *details;
89 char action_name[128];
94 snprintf(action_name,
sizeof(action_name),
"org.debian.pcsc-lite.%s", action);
98 ret = getsockopt(socket, SOL_LOCAL, LOCAL_PEERCRED, &cr, &cr_len);
100 ret = getsockopt(socket, SOL_SOCKET, SO_PEERCRED, &cr, &cr_len);
106 Log2(PCSC_LOG_CRITICAL,
107 "Error obtaining client process credentials: %s", strerror(e));
112 authority = polkit_authority_get_sync(NULL, &error);
113 if (authority == NULL)
115 Log2(PCSC_LOG_CRITICAL,
"polkit_authority_get_sync failed: %s",
121 subject = polkit_unix_process_new_for_owner(CRED_PID(cr), 0, CRED_UID(cr));
124 Log1(PCSC_LOG_CRITICAL,
"polkit_unix_process_new_for_owner failed");
129 details = polkit_details_new();
132 Log1(PCSC_LOG_CRITICAL,
"polkit_details_new failed");
138 polkit_details_insert(details,
"reader", reader);
140 result = polkit_authority_check_authorization_sync(authority, subject,
141 action_name, details,
142 POLKIT_CHECK_AUTHORIZATION_FLAGS_ALLOW_USER_INTERACTION,
148 Log2(PCSC_LOG_CRITICAL,
"Error in authorization: %s", error->message);
154 if (polkit_authorization_result_get_is_authorized(result))
166 Log4(PCSC_LOG_CRITICAL,
167 "Process %u (user: %u) is NOT authorized for action: %s",
168 (
unsigned)CRED_PID(cr), (
unsigned)CRED_UID(cr), action);
172 g_object_unref(result);
174 g_object_unref(subject);
176 g_object_unref(details);
178 g_object_unref(authority);
187#error polkit is enabled, but no socket cred implementation for this platform
193unsigned IsClientAuthorized(
int socket,
const char* action,
const char* reader)