Skip to content

Commit

Permalink
auth.c: implement polkit support for FreeBSD
Browse files Browse the repository at this point in the history 
FreeBSD's analog to SO_PEERCRED is LOCAL_PEERCRED, which returns a
(ABI stable) `struct xucred` rather than a `struct cred`.  Paper over the
platform differences with a typedef and a couple macros.
  • Loading branch information
@kevans91 @LudovicRousseau
kevans91 authored and LudovicRousseau committed Sep 6, 2024
1 parent a2a7e07 commit 19d0b26
Showing 1 changed file with 23 additions and 4 deletions.
27 changes: 23 additions & 4 deletions src/auth.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,17 +53,32 @@

#ifdef HAVE_POLKIT

#if defined(SO_PEERCRED)
#if defined(SO_PEERCRED) || defined(LOCAL_PEERCRED)

#include <polkit/polkit.h>
#include <stdbool.h>

#ifdef __FreeBSD__

#include <sys/ucred.h>
typedef struct xucred platform_cred;
#define CRED_PID(uc) (uc).cr_pid
#define CRED_UID(uc) (uc).cr_uid

#else

typedef struct ucred platform_cred;
#define CRED_PID(uc) (uc).pid
#define CRED_UID(uc) (uc).uid

#endif

extern bool disable_polkit;

/* Returns non zero when the client is authorized */
unsigned IsClientAuthorized(int socket, const char* action, const char* reader)
{
struct ucred cr;
platform_cred cr;
socklen_t cr_len;
int ret;
PolkitSubject *subject;
Expand All @@ -79,7 +94,11 @@ unsigned IsClientAuthorized(int socket, const char* action, const char* reader)
snprintf(action_name, sizeof(action_name), "org.debian.pcsc-lite.%s", action);

cr_len = sizeof(cr);
#ifdef LOCAL_PEERCRED
ret = getsockopt(socket, SOL_LOCAL, LOCAL_PEERCRED, &cr, &cr_len);
#else
ret = getsockopt(socket, SOL_SOCKET, SO_PEERCRED, &cr, &cr_len);
#endif
if (ret == -1)
{
#ifndef NO_LOG
Expand All @@ -99,7 +118,7 @@ unsigned IsClientAuthorized(int socket, const char* action, const char* reader)
return 0;
}

subject = polkit_unix_process_new_for_owner(cr.pid, 0, cr.uid);
subject = polkit_unix_process_new_for_owner(CRED_PID(cr), 0, CRED_UID(cr));
if (subject == NULL)
{
Log1(PCSC_LOG_CRITICAL, "polkit_unix_process_new_for_owner failed");
Expand Down Expand Up @@ -146,7 +165,7 @@ unsigned IsClientAuthorized(int socket, const char* action, const char* reader)
{
Log4(PCSC_LOG_CRITICAL,
"Process %u (user: %u) is NOT authorized for action: %s",
(unsigned)cr.pid, (unsigned)cr.uid, action);
(unsigned)CRED_PID(cr), (unsigned)CRED_UID(cr), action);
}

if (result)
Expand Down

0 comments on commit 19d0b26

Please sign in to comment.