146
143
#ifdef HAVE_POLKIT
148
permission_denied_privilege (const char *privilege, const char *uid)
145
permission_denied_action (const char *action, const char *result)
150
147
fprintf (stderr, "org.freedesktop.Hal.Device.PermissionDeniedByPolicy\n");
151
fprintf (stderr, "%s refused uid %s\n", privilege, uid);
148
fprintf (stderr, "%s %s <-- (action, result)\n", action, result);
445
442
handle_mount (LibHalContext *hal_ctx,
447
LibPolKitContext *pol_ctx,
450
444
LibHalVolume *volume, LibHalDrive *drive, const char *device,
451
445
const char *invoked_by_uid, const char *invoked_by_syscon_name)
728
718
* (since these drives normally use vfat)
730
720
if (volume != NULL) {
731
/* don't consider uid= on vfat, iso9660, udf change-uid for the purpose of policy
721
/* don't consider uid= on vfat, iso9660, hfs and udf change-uid for the purpose of policy
732
722
* (since these doesn't contain uid/gid bits)
734
724
if (strcmp (libhal_volume_get_fstype (volume), "vfat") != 0 &&
735
725
strcmp (libhal_volume_get_fstype (volume), "iso9660") != 0 &&
726
strcmp (libhal_volume_get_fstype (volume), "hfs") != 0 &&
736
727
strcmp (libhal_volume_get_fstype (volume), "udf") != 0) {
737
728
pol_change_uid = wants_to_change_uid;
742
if (pol_change_uid) {
743
privilege = "hal-storage-fixed-mount-all-options";
745
privilege = "hal-storage-fixed-mount";
748
if (pol_change_uid) {
749
privilege = "hal-storage-removable-mount-all-options";
751
privilege = "hal-storage-removable-mount";
756
printf ("using privilege %s for uid %s, system_bus_connection %s\n", privilege, invoked_by_uid,
757
invoked_by_syscon_name);
761
if (invoked_by_syscon_name != NULL) {
762
if (libpolkit_is_uid_allowed_for_privilege (pol_ctx,
763
invoked_by_syscon_name,
767
&allowed_by_privilege,
768
&is_temporary_privilege,
769
NULL) != LIBPOLKIT_RESULT_OK) {
770
printf ("cannot lookup privilege\n");
771
unknown_error ("Cannot lookup privilege from PolicyKit");
774
if (!allowed_by_privilege) {
775
printf ("caller don't possess privilege\n");
776
permission_denied_privilege (privilege, invoked_by_uid);
782
printf ("passed privilege\n");
786
/* create directory */
787
if (g_mkdir (mount_dir, 0700) != 0) {
788
printf ("Cannot create '%s'\n", mount_dir);
789
unknown_error ("Cannot create mount directory");
793
calling_uid = (uid_t) strtol (invoked_by_uid, (char **) NULL, 10);
794
pw = getpwuid (calling_uid);
796
calling_gid = pw->pw_gid;
800
if (chown (mount_dir, calling_uid, calling_gid) != 0) {
801
printf ("Cannot chown '%s' to uid: %d, gid: %d\n", mount_dir,
802
calling_uid, calling_gid);
804
unknown_error ("Failed to chown mount directory");
809
733
char *mount_option_commasep = NULL;
810
734
char *mount_do_fstype = "auto";
839
763
args[na++] = mount_dir;
840
764
args[na++] = NULL;
767
if (pol_change_uid) {
768
action = NULL; /* "hal-storage-mount-fixed-extra-options"; TODO: rethink */
770
action = "org.freedesktop.hal.storage.mount-fixed";
773
if (pol_change_uid) {
774
action = NULL; /* "hal-storage-mount-removable-extra-options"; TODO: rethink "extra-options" */
776
action = "org.freedesktop.hal.storage.mount-removable";
779
if (action == NULL) {
780
unknown_error ("TODO: have to rethink extra options");
784
printf ("using action %s for uid %s, system_bus_connection %s\n", action, invoked_by_uid,
785
invoked_by_syscon_name);
789
if (invoked_by_syscon_name != NULL) {
791
char *action_params[] = {
797
action_params[1] = mount_do_fstype;
798
action_params[3] = mount_dir;
799
action_params[5] = mount_option_commasep;
801
dbus_error_init (&error);
802
polkit_result = libhal_device_is_caller_privileged (hal_ctx,
805
invoked_by_syscon_name,
807
if (polkit_result == NULL){
808
unknown_error ("IsCallerPrivileged() failed");
810
if (strcmp (polkit_result, "yes") != 0) {
811
permission_denied_action (action, polkit_result);
813
libhal_free_string (polkit_result);
818
printf ("passed privilege\n");
822
/* create directory */
823
if (g_mkdir (mount_dir, 0700) != 0) {
824
printf ("Cannot create '%s'\n", mount_dir);
825
unknown_error ("Cannot create mount directory");
829
calling_uid = (uid_t) strtol (invoked_by_uid, (char **) NULL, 10);
830
pw = getpwuid (calling_uid);
832
calling_gid = pw->pw_gid;
836
if (chown (mount_dir, calling_uid, calling_gid) != 0) {
837
printf ("Cannot chown '%s' to uid: %d, gid: %d\n", mount_dir,
838
calling_uid, calling_gid);
840
unknown_error ("Failed to chown mount directory");
842
846
/* TODO FIXME XXX HACK: OK, so we should rewrite the options in /media/.hal-mtab ..
843
847
* but it doesn't really matter much at this point */
844
848
if (!is_remount) {