1*18c2aff7Sartem /*************************************************************************** 2*18c2aff7Sartem * CVSID: $Id$ 3*18c2aff7Sartem * 4*18c2aff7Sartem * polkit-is-privileged.c : Determine if a user has privileges 5*18c2aff7Sartem * 6*18c2aff7Sartem * Copyright (C) 2006 David Zeuthen, <david@fubar.dk> 7*18c2aff7Sartem * 8*18c2aff7Sartem * This program is free software; you can redistribute it and/or modify 9*18c2aff7Sartem * it under the terms of the GNU General Public License as published by 10*18c2aff7Sartem * the Free Software Foundation; either version 2 of the License, or 11*18c2aff7Sartem * (at your option) any later version. 12*18c2aff7Sartem * 13*18c2aff7Sartem * This program is distributed in the hope that it will be useful, 14*18c2aff7Sartem * but WITHOUT ANY WARRANTY; without even the implied warranty of 15*18c2aff7Sartem * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16*18c2aff7Sartem * GNU General Public License for more details. 17*18c2aff7Sartem * 18*18c2aff7Sartem * You should have received a copy of the GNU General Public License 19*18c2aff7Sartem * along with this program; if not, write to the Free Software 20*18c2aff7Sartem * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 21*18c2aff7Sartem * 22*18c2aff7Sartem **************************************************************************/ 23*18c2aff7Sartem 24*18c2aff7Sartem 25*18c2aff7Sartem #ifdef HAVE_CONFIG_H 26*18c2aff7Sartem # include <config.h> 27*18c2aff7Sartem #endif 28*18c2aff7Sartem 29*18c2aff7Sartem #include <stdio.h> 30*18c2aff7Sartem #include <stdlib.h> 31*18c2aff7Sartem #include <getopt.h> 32*18c2aff7Sartem #include <dbus/dbus.h> 33*18c2aff7Sartem 34*18c2aff7Sartem #include <libpolkit/libpolkit.h> 35*18c2aff7Sartem 36*18c2aff7Sartem static void 37*18c2aff7Sartem usage (int argc, char *argv[]) 38*18c2aff7Sartem { 39*18c2aff7Sartem fprintf (stderr, "polkit-is-privileged version " PACKAGE_VERSION "\n"); 40*18c2aff7Sartem 41*18c2aff7Sartem fprintf (stderr, 42*18c2aff7Sartem "\n" 43*18c2aff7Sartem "usage : %s -u <uid> -p <privilege> [-r <resource>]\n" 44*18c2aff7Sartem " [-s <system-bus-connection-name>]", argv[0]); 45*18c2aff7Sartem fprintf (stderr, 46*18c2aff7Sartem "\n" 47*18c2aff7Sartem "Options:\n" 48*18c2aff7Sartem " -u, --user Username or user id\n" 49*18c2aff7Sartem " -s, --system-bus-unique-name Unique system bus connection name\n" 50*18c2aff7Sartem " -r, --resource Resource\n" 51*18c2aff7Sartem " -p, --privilege Privilege to test for\n" 52*18c2aff7Sartem " -h, --help Show this information and exit\n" 53*18c2aff7Sartem " -v, --verbose Verbose operation\n" 54*18c2aff7Sartem " -V, --version Print version number\n" 55*18c2aff7Sartem "\n" 56*18c2aff7Sartem "Queries system policy whether a given user is allowed for a given\n" 57*18c2aff7Sartem "privilege for a given resource. The resource may be omitted.\n" 58*18c2aff7Sartem "\n"); 59*18c2aff7Sartem } 60*18c2aff7Sartem 61*18c2aff7Sartem int 62*18c2aff7Sartem main (int argc, char *argv[]) 63*18c2aff7Sartem { 64*18c2aff7Sartem int rc; 65*18c2aff7Sartem char *user = NULL; 66*18c2aff7Sartem char *privilege = NULL; 67*18c2aff7Sartem char *resource = NULL; 68*18c2aff7Sartem char *system_bus_unique_name = NULL; 69*18c2aff7Sartem static const struct option long_options[] = { 70*18c2aff7Sartem {"user", required_argument, NULL, 'u'}, 71*18c2aff7Sartem {"system-bus-unique-name", required_argument, NULL, 's'}, 72*18c2aff7Sartem {"resource", required_argument, NULL, 'r'}, 73*18c2aff7Sartem {"privilege", required_argument, NULL, 'p'}, 74*18c2aff7Sartem {"help", no_argument, NULL, 'h'}, 75*18c2aff7Sartem {"verbose", no_argument, NULL, 'v'}, 76*18c2aff7Sartem {"version", no_argument, NULL, 'V'}, 77*18c2aff7Sartem {NULL, 0, NULL, 0} 78*18c2aff7Sartem }; 79*18c2aff7Sartem LibPolKitContext *ctx = NULL; 80*18c2aff7Sartem gboolean is_allowed; 81*18c2aff7Sartem gboolean is_temporary; 82*18c2aff7Sartem LibPolKitResult result; 83*18c2aff7Sartem gboolean is_verbose = FALSE; 84*18c2aff7Sartem DBusError error; 85*18c2aff7Sartem DBusConnection *connection = NULL; 86*18c2aff7Sartem 87*18c2aff7Sartem rc = 1; 88*18c2aff7Sartem 89*18c2aff7Sartem while (TRUE) { 90*18c2aff7Sartem int c; 91*18c2aff7Sartem 92*18c2aff7Sartem c = getopt_long (argc, argv, "u:r:p:s:hVv", long_options, NULL); 93*18c2aff7Sartem 94*18c2aff7Sartem if (c == -1) 95*18c2aff7Sartem break; 96*18c2aff7Sartem 97*18c2aff7Sartem switch (c) { 98*18c2aff7Sartem case 's': 99*18c2aff7Sartem system_bus_unique_name = g_strdup (optarg); 100*18c2aff7Sartem break; 101*18c2aff7Sartem 102*18c2aff7Sartem case 'u': 103*18c2aff7Sartem user = g_strdup (optarg); 104*18c2aff7Sartem break; 105*18c2aff7Sartem 106*18c2aff7Sartem case 'r': 107*18c2aff7Sartem resource = g_strdup (optarg); 108*18c2aff7Sartem break; 109*18c2aff7Sartem 110*18c2aff7Sartem case 'p': 111*18c2aff7Sartem privilege = g_strdup (optarg); 112*18c2aff7Sartem break; 113*18c2aff7Sartem 114*18c2aff7Sartem case 'v': 115*18c2aff7Sartem is_verbose = TRUE; 116*18c2aff7Sartem break; 117*18c2aff7Sartem 118*18c2aff7Sartem case 'h': 119*18c2aff7Sartem usage (argc, argv); 120*18c2aff7Sartem rc = 0; 121*18c2aff7Sartem goto out; 122*18c2aff7Sartem 123*18c2aff7Sartem case 'V': 124*18c2aff7Sartem printf ("polkit-is-privileged version " PACKAGE_VERSION "\n"); 125*18c2aff7Sartem rc = 0; 126*18c2aff7Sartem goto out; 127*18c2aff7Sartem 128*18c2aff7Sartem default: 129*18c2aff7Sartem usage (argc, argv); 130*18c2aff7Sartem goto out; 131*18c2aff7Sartem } 132*18c2aff7Sartem } 133*18c2aff7Sartem 134*18c2aff7Sartem if (user == NULL || privilege == NULL) { 135*18c2aff7Sartem usage (argc, argv); 136*18c2aff7Sartem return 1; 137*18c2aff7Sartem } 138*18c2aff7Sartem 139*18c2aff7Sartem if (is_verbose) { 140*18c2aff7Sartem printf ("user = '%s'\n", user); 141*18c2aff7Sartem printf ("privilege = '%s'\n", privilege); 142*18c2aff7Sartem if (resource != NULL) 143*18c2aff7Sartem printf ("resource = '%s'\n", resource); 144*18c2aff7Sartem } 145*18c2aff7Sartem 146*18c2aff7Sartem #ifdef POLKITD_ENABLED 147*18c2aff7Sartem dbus_error_init (&error); 148*18c2aff7Sartem connection = dbus_bus_get (DBUS_BUS_SYSTEM, &error); 149*18c2aff7Sartem if (connection == NULL) { 150*18c2aff7Sartem g_warning ("Cannot connect to system message bus"); 151*18c2aff7Sartem return 1; 152*18c2aff7Sartem } 153*18c2aff7Sartem #endif /* POLKITD_ENABLED */ 154*18c2aff7Sartem 155*18c2aff7Sartem ctx = libpolkit_new_context (connection); 156*18c2aff7Sartem if (ctx == NULL) { 157*18c2aff7Sartem g_warning ("Cannot get libpolkit context"); 158*18c2aff7Sartem goto out; 159*18c2aff7Sartem } 160*18c2aff7Sartem 161*18c2aff7Sartem result = libpolkit_is_uid_allowed_for_privilege (ctx, 162*18c2aff7Sartem system_bus_unique_name, 163*18c2aff7Sartem user, 164*18c2aff7Sartem privilege, 165*18c2aff7Sartem resource, 166*18c2aff7Sartem &is_allowed, 167*18c2aff7Sartem &is_temporary, 168*18c2aff7Sartem NULL); 169*18c2aff7Sartem switch (result) { 170*18c2aff7Sartem case LIBPOLKIT_RESULT_OK: 171*18c2aff7Sartem rc = is_allowed ? 0 : 1; 172*18c2aff7Sartem break; 173*18c2aff7Sartem 174*18c2aff7Sartem case LIBPOLKIT_RESULT_ERROR: 175*18c2aff7Sartem g_warning ("Error determing whether user is privileged."); 176*18c2aff7Sartem break; 177*18c2aff7Sartem 178*18c2aff7Sartem case LIBPOLKIT_RESULT_INVALID_CONTEXT: 179*18c2aff7Sartem g_print ("Invalid context.\n"); 180*18c2aff7Sartem goto out; 181*18c2aff7Sartem 182*18c2aff7Sartem case LIBPOLKIT_RESULT_NOT_PRIVILEGED: 183*18c2aff7Sartem g_print ("Not privileged.\n"); 184*18c2aff7Sartem 185*18c2aff7Sartem case LIBPOLKIT_RESULT_NO_SUCH_PRIVILEGE: 186*18c2aff7Sartem g_print ("No such privilege '%s'.\n", privilege); 187*18c2aff7Sartem goto out; 188*18c2aff7Sartem 189*18c2aff7Sartem case LIBPOLKIT_RESULT_NO_SUCH_USER: 190*18c2aff7Sartem g_print ("No such user '%s'.\n", user); 191*18c2aff7Sartem goto out; 192*18c2aff7Sartem } 193*18c2aff7Sartem 194*18c2aff7Sartem if (is_verbose) { 195*18c2aff7Sartem printf ("result %d\n", result); 196*18c2aff7Sartem printf ("is_allowed %d\n", is_allowed); 197*18c2aff7Sartem } 198*18c2aff7Sartem 199*18c2aff7Sartem out: 200*18c2aff7Sartem if (ctx != NULL) 201*18c2aff7Sartem libpolkit_free_context (ctx); 202*18c2aff7Sartem 203*18c2aff7Sartem return rc; 204*18c2aff7Sartem } 205*18c2aff7Sartem 206