Add Permission checking and session information code.

1 files changed, 139 insertions, 0 deletions

diff --git a/src/input/pvsCheckPrivileges.h b/src/input/pvsCheckPrivileges.h
new file mode 100644
index 0000000..e5cc9a4
--- /dev/null
+++ b/src/input/pvsCheckPrivileges.h
@@ -0,0 +1,139 @@
+/*
+ # Copyright (c) 2009,2010 - OpenSLX Project, Computer Center University of
+ # Freiburg
+ #
+ # This program is free software distributed under the GPL version 2.
+ # See http://openslx.org/COPYING
+ #
+ # If you have any feedback please consult http://openslx.org/feedback and
+ # send your suggestions, praise, or complaints to feedback@openslx.org
+ #
+ # General information about OpenSLX can be found at http://openslx.org/
+ # -----------------------------------------------------------------------------
+ # src/net/pvsCheckPrivileges_linux.h
+ #    - Linux implementation of privilege checking
+ # -----------------------------------------------------------------------------
+ */
+
+#ifndef PVSCHECKPRIVILEGES_H_
+#define PVSCHECKPRIVILEGES_H_
+
+#include <sys/types.h>
+#include <QString>
+#include <QHash>
+#include "inputEventHandler.h"
+
+struct CachedInputContext
+{
+	CachedInputContext(InputEventContext const* source)
+	{
+		if(source)
+		{
+			pid = source->getSenderPid();
+			uid = source->getSenderUid();
+			gid = source->getSenderGid();
+		}
+		else
+		{
+			pid = (pid_t)-1;
+			uid = (uid_t)-1;
+			gid = (gid_t)-1;
+		}
+	}
+
+	CachedInputContext()
+	{
+		pid = (pid_t)-1;
+		uid = (uid_t)-1;
+		gid = (gid_t)-1;
+	}
+
+	pid_t pid;
+	uid_t uid;
+	gid_t gid;
+
+	bool isValid() const
+	{
+		return (pid != (pid_t)-1) && (uid != (uid_t)-1) && (gid != (gid_t)-1);
+	}
+
+	bool operator==(CachedInputContext const& other) const
+	{
+		return (other.pid == pid) && (other.uid == uid) && (other.gid == gid);
+	}
+};
+uint qHash(CachedInputContext const& p);
+
+class PVSCheckPrivileges
+{
+public:
+	typedef enum {
+		SESSION_LOOKUP_FAILURE, // Comes first because we default to assume
+								// the session is local if we cannot look it
+								// up.
+		SESSION_LOCAL,
+		SESSION_NONLOCAL,
+		SESSION_UNKNOWN
+	} SessionKind;
+	static QString toString(SessionKind k)
+	{
+		switch(k)
+		{
+		case SESSION_LOOKUP_FAILURE: return "SESSION_LOOKUP_FAILURE";
+		case SESSION_LOCAL: return "SESSION_LOCAL";
+		case SESSION_NONLOCAL: return "SESSION_NONLOCAL";
+		case SESSION_UNKNOWN: return "SESSION_UNKNOWN";
+		default: return QString("unknown value (%1)").arg(k);
+		}
+	}
+
+	typedef enum {
+		USER_PRIVILEGED,
+		USER_UNPRIVILEGED,
+		USER_LOOKUP_FAILURE,	// Comes last because we default to assume
+								// the user is unprivileged if we cannot get
+								// permission from PolicyKit.
+		USER_UNKNOWN
+	} UserPrivilege;
+	static QString toString(UserPrivilege k)
+	{
+		switch(k)
+		{
+		case USER_PRIVILEGED: return "USER_PRIVILEGED";
+		case USER_UNPRIVILEGED: return "USER_UNPRIVILEGED";
+		case USER_LOOKUP_FAILURE: return "USER_LOOKUP_FAILURE";
+		case USER_UNKNOWN: return "USER_UNKNOWN";
+		default: return QString("unknown value (%1)").arg(k);
+		}
+	}
+
+	static PVSCheckPrivileges* instance();
+
+	bool require(SessionKind sessionKind, CachedInputContext const& sender);
+	bool require(UserPrivilege userPrivilege, CachedInputContext const& sender);
+	bool require(SessionKind sessionKind, UserPrivilege userPrivilege, CachedInputContext const& sender);
+	QString getX11SessionName(CachedInputContext const& sender);
+	QString getX11DisplayDevice(CachedInputContext const& sender);
+
+private:
+	PVSCheckPrivileges();
+	virtual ~PVSCheckPrivileges();
+
+	typedef QPair<pid_t, QPair<uid_t, gid_t> > piduidgid;
+	piduidgid makePidUidGid(pid_t pid, uid_t uid, gid_t gid)
+	{
+		return qMakePair(pid, qMakePair(uid, gid));
+	}
+
+	QString getSessionReference(CachedInputContext const& sender);
+	SessionKind getSessionKind(CachedInputContext const& sender);
+	UserPrivilege getUserPrivilege(CachedInputContext const& sender);
+
+	static PVSCheckPrivileges* _instance;
+
+	QHash<CachedInputContext, UserPrivilege> _savedUserPrivilege;
+	QHash<CachedInputContext, SessionKind> _savedSessionKind;
+	QHash<CachedInputContext, QString> _savedConsoleKitSession;
+};
+
+#endif /* PVSCHECKPRIVILEGES_H_ */