/* # Copyright (c) 2009,2010 - OpenSLX Project, Computer Center University of # Freiburg # # This program is free software distributed under the GPL version 2. # See http://openslx.org/COPYING # # If you have any feedback please consult http://openslx.org/feedback and # send your suggestions, praise, or complaints to feedback@openslx.org # # General information about OpenSLX can be found at http://openslx.org/ # ----------------------------------------------------------------------------- # src/net/pvsCheckPrivileges_linux.h # - Linux implementation of privilege checking # ----------------------------------------------------------------------------- */ #ifndef PVSCHECKPRIVILEGES_H_ #define PVSCHECKPRIVILEGES_H_ #include #include #include #include "inputEventHandler.h" struct CachedInputContext { CachedInputContext(InputEventContext const* source) { if(source) { pid = source->getSenderPid(); uid = source->getSenderUid(); gid = source->getSenderGid(); } else { pid = (pid_t)-1; uid = (uid_t)-1; gid = (gid_t)-1; } } CachedInputContext() { pid = (pid_t)-1; uid = (uid_t)-1; gid = (gid_t)-1; } pid_t pid; uid_t uid; gid_t gid; bool isValid() const { return (pid != (pid_t)-1) && (uid != (uid_t)-1) && (gid != (gid_t)-1); } bool operator==(CachedInputContext const& other) const { return (other.pid == pid) && (other.uid == uid) && (other.gid == gid); } }; uint qHash(CachedInputContext const& p); class PVSCheckPrivileges { public: typedef enum { SESSION_LOOKUP_FAILURE, // Comes first because we default to assume // the session is local if we cannot look it // up. SESSION_LOCAL, SESSION_NONLOCAL, SESSION_UNKNOWN } SessionKind; static QString toString(SessionKind k) { switch(k) { case SESSION_LOOKUP_FAILURE: return "SESSION_LOOKUP_FAILURE"; case SESSION_LOCAL: return "SESSION_LOCAL"; case SESSION_NONLOCAL: return "SESSION_NONLOCAL"; case SESSION_UNKNOWN: return "SESSION_UNKNOWN"; default: return QString("unknown value (%1)").arg(k); } } typedef enum { USER_PRIVILEGED, USER_UNPRIVILEGED, USER_LOOKUP_FAILURE, // Comes last because we default to assume // the user is unprivileged if we cannot get // permission from PolicyKit. USER_UNKNOWN } UserPrivilege; static QString toString(UserPrivilege k) { switch(k) { case USER_PRIVILEGED: return "USER_PRIVILEGED"; case USER_UNPRIVILEGED: return "USER_UNPRIVILEGED"; case USER_LOOKUP_FAILURE: return "USER_LOOKUP_FAILURE"; case USER_UNKNOWN: return "USER_UNKNOWN"; default: return QString("unknown value (%1)").arg(k); } } static PVSCheckPrivileges* instance(); bool require(SessionKind sessionKind, CachedInputContext const& sender); bool require(UserPrivilege userPrivilege, CachedInputContext const& sender); bool require(SessionKind sessionKind, UserPrivilege userPrivilege, CachedInputContext const& sender); QString getX11SessionName(CachedInputContext const& sender); QString getX11DisplayDevice(CachedInputContext const& sender); private: PVSCheckPrivileges(); virtual ~PVSCheckPrivileges(); typedef QPair > piduidgid; piduidgid makePidUidGid(pid_t pid, uid_t uid, gid_t gid) { return qMakePair(pid, qMakePair(uid, gid)); } QString getSessionReference(CachedInputContext const& sender); SessionKind getSessionKind(CachedInputContext const& sender); UserPrivilege getUserPrivilege(CachedInputContext const& sender); static PVSCheckPrivileges* _instance; QHash _savedUserPrivilege; QHash _savedSessionKind; QHash _savedConsoleKitSession; }; #endif /* PVSCHECKPRIVILEGES_H_ */