chiark / gitweb /
Merge commit 'b39a2770ba55637da80e2e389222c59dbea73507'
authorLennart Poettering <lennart@poettering.net>
Fri, 15 Aug 2014 18:25:10 +0000 (20:25 +0200)
committerLennart Poettering <lennart@poettering.net>
Fri, 15 Aug 2014 18:25:10 +0000 (20:25 +0200)
1  2 
src/hostname/hostnamed.c
src/libsystemd/sd-bus/bus-util.c
src/libsystemd/sd-bus/bus-util.h
src/locale/localed.c
src/timedate/timedated.c

diff --combined src/hostname/hostnamed.c
@@@ -23,7 -23,6 +23,7 @@@
  #include <string.h>
  #include <unistd.h>
  #include <sys/utsname.h>
 +#include <sys/capability.h>
  
  #include "util.h"
  #include "strv.h"
@@@ -69,11 -68,11 +69,11 @@@ static void context_reset(Context *c) 
          }
  }
  
- static void context_free(Context *c, sd_bus *bus) {
+ static void context_free(Context *c) {
          assert(c);
  
          context_reset(c);
-         bus_verify_polkit_async_registry_free(bus, c->polkit_registry);
+         bus_verify_polkit_async_registry_free(c->polkit_registry);
  }
  
  static int context_read_data(Context *c) {
@@@ -426,7 -425,7 +426,7 @@@ static int method_set_hostname(sd_bus *
          if (streq_ptr(name, c->data[PROP_HOSTNAME]))
                  return sd_bus_reply_method_return(m, NULL);
  
 -        r = bus_verify_polkit_async(bus, &c->polkit_registry, m, "org.freedesktop.hostname1.set-hostname", interactive, error, method_set_hostname, c);
 +        r = bus_verify_polkit_async(bus, &c->polkit_registry, m, CAP_SYS_ADMIN, "org.freedesktop.hostname1.set-hostname", interactive, error, method_set_hostname, c);
          if (r < 0)
                  return r;
          if (r == 0)
@@@ -468,7 -467,7 +468,7 @@@ static int method_set_static_hostname(s
          if (streq_ptr(name, c->data[PROP_STATIC_HOSTNAME]))
                  return sd_bus_reply_method_return(m, NULL);
  
 -        r = bus_verify_polkit_async(bus, &c->polkit_registry, m, "org.freedesktop.hostname1.set-static-hostname", interactive, error, method_set_static_hostname, c);
 +        r = bus_verify_polkit_async(bus, &c->polkit_registry, m, CAP_SYS_ADMIN, "org.freedesktop.hostname1.set-static-hostname", interactive, error, method_set_static_hostname, c);
          if (r < 0)
                  return r;
          if (r == 0)
@@@ -533,10 -532,9 +533,10 @@@ static int set_machine_info(Context *c
           * same time as the static one, use the same policy action for
           * both... */
  
 -        r = bus_verify_polkit_async(bus, &c->polkit_registry, m, prop == PROP_PRETTY_HOSTNAME ?
 -                          "org.freedesktop.hostname1.set-static-hostname" :
 -                          "org.freedesktop.hostname1.set-machine-info", interactive, error, cb, c);
 +        r = bus_verify_polkit_async(bus, &c->polkit_registry, m, CAP_SYS_ADMIN,
 +                                    prop == PROP_PRETTY_HOSTNAME ?
 +                                    "org.freedesktop.hostname1.set-static-hostname" :
 +                                    "org.freedesktop.hostname1.set-machine-info", interactive, error, cb, c);
          if (r < 0)
                  return r;
          if (r == 0)
@@@ -723,7 -721,7 +723,7 @@@ int main(int argc, char *argv[]) 
          }
  
  finish:
-         context_free(&context, bus);
+         context_free(&context);
  
          return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
  }
@@@ -186,22 -186,28 +186,22 @@@ int bus_name_has_owner(sd_bus *c, cons
  int bus_verify_polkit(
                  sd_bus *bus,
                  sd_bus_message *m,
 +                int capability,
                  const char *action,
                  bool interactive,
                  bool *_challenge,
                  sd_bus_error *e) {
  
 -        _cleanup_bus_creds_unref_ sd_bus_creds *creds = NULL;
 -        uid_t uid;
          int r;
  
          assert(bus);
          assert(m);
          assert(action);
  
 -        r = sd_bus_query_sender_creds(m, SD_BUS_CREDS_UID, &creds);
 +        r = sd_bus_query_sender_privilege(m, capability);
          if (r < 0)
                  return r;
 -
 -        r = sd_bus_creds_get_uid(creds, &uid);
 -        if (r < 0)
 -                return r;
 -
 -        if (uid == 0)
 +        if (r > 0)
                  return 1;
  
  #ifdef ENABLE_POLKIT
@@@ -319,7 -325,6 +319,7 @@@ int bus_verify_polkit_async
                  sd_bus *bus,
                  Hashmap **registry,
                  sd_bus_message *m,
 +                int capability,
                  const char *action,
                  bool interactive,
                  sd_bus_error *error,
          AsyncPolkitQuery *q;
          const char *sender;
  #endif
 -        _cleanup_bus_creds_unref_ sd_bus_creds *creds = NULL;
 -        uid_t uid;
          int r;
  
          assert(bus);
          }
  #endif
  
 -        r = sd_bus_query_sender_creds(m, SD_BUS_CREDS_UID, &creds);
 +        r = sd_bus_query_sender_privilege(m, capability);
          if (r < 0)
                  return r;
 -
 -        r = sd_bus_creds_get_uid(creds, &uid);
 -        if (r < 0)
 -                return r;
 -
 -        if (uid == 0)
 +        if (r > 0)
                  return 1;
  
  #ifdef ENABLE_POLKIT
          return -EACCES;
  }
  
- void bus_verify_polkit_async_registry_free(sd_bus *bus, Hashmap *registry) {
+ void bus_verify_polkit_async_registry_free(Hashmap *registry) {
  #ifdef ENABLE_POLKIT
          AsyncPolkitQuery *q;
  
@@@ -62,10 -62,10 +62,10 @@@ int bus_name_has_owner(sd_bus *c, cons
  
  int bus_check_peercred(sd_bus *c);
  
 -int bus_verify_polkit(sd_bus *bus, sd_bus_message *m, const char *action, bool interactive, bool *_challenge, sd_bus_error *e);
 +int bus_verify_polkit(sd_bus *bus, sd_bus_message *m, int capability, const char *action, bool interactive, bool *_challenge, sd_bus_error *e);
  
 -int bus_verify_polkit_async(sd_bus *bus, Hashmap **registry, sd_bus_message *m, const char *action, bool interactive, sd_bus_error *error, sd_bus_message_handler_t callback, void *userdata);
 +int bus_verify_polkit_async(sd_bus *bus, Hashmap **registry, sd_bus_message *m, int capability, const char *action, bool interactive, sd_bus_error *error, sd_bus_message_handler_t callback, void *userdata);
- void bus_verify_polkit_async_registry_free(sd_bus *bus, Hashmap *registry);
+ void bus_verify_polkit_async_registry_free(Hashmap *registry);
  
  int bus_open_system_systemd(sd_bus **_bus);
  int bus_open_user_systemd(sd_bus **_bus);
diff --combined src/locale/localed.c
@@@ -23,7 -23,6 +23,7 @@@
  #include <errno.h>
  #include <string.h>
  #include <unistd.h>
 +#include <sys/capability.h>
  
  #include "sd-bus.h"
  
@@@ -132,12 -131,12 +132,12 @@@ static void context_free_locale(Contex
                  free_and_replace(&c->locale[p], NULL);
  }
  
- static void context_free(Context *c, sd_bus *bus) {
+ static void context_free(Context *c) {
          context_free_locale(c);
          context_free_x11(c);
          context_free_vconsole(c);
  
-         bus_verify_polkit_async_registry_free(bus, c->polkit_registry);
+         bus_verify_polkit_async_registry_free(c->polkit_registry);
  };
  
  static void locale_simplify(Context *c) {
@@@ -877,7 -876,7 +877,7 @@@ static int method_set_locale(sd_bus *bu
          }
  
          if (modified) {
 -                r = bus_verify_polkit_async(bus, &c->polkit_registry, m,
 +                r = bus_verify_polkit_async(bus, &c->polkit_registry, m, CAP_SYS_ADMIN,
                                              "org.freedesktop.locale1.set-locale", interactive,
                                              error, method_set_locale, c);
                  if (r < 0)
@@@ -955,7 -954,7 +955,7 @@@ static int method_set_vc_keyboard(sd_bu
                      (keymap_toggle && (!filename_is_safe(keymap_toggle) || !string_is_safe(keymap_toggle))))
                          return sd_bus_error_set_errnof(error, -EINVAL, "Received invalid keymap data");
  
 -                r = bus_verify_polkit_async(bus, &c->polkit_registry, m,
 +                r = bus_verify_polkit_async(bus, &c->polkit_registry, m, CAP_SYS_ADMIN,
                                  "org.freedesktop.locale1.set-keyboard",
                                  interactive, error, method_set_vc_keyboard, c);
                  if (r < 0)
@@@ -1027,7 -1026,7 +1027,7 @@@ static int method_set_x11_keyboard(sd_b
                      (options && !string_is_safe(options)))
                          return sd_bus_error_set_errnof(error, -EINVAL, "Received invalid keyboard data");
  
 -                r = bus_verify_polkit_async(bus, &c->polkit_registry, m,
 +                r = bus_verify_polkit_async(bus, &c->polkit_registry, m, CAP_SYS_ADMIN,
                                  "org.freedesktop.locale1.set-keyboard",
                                  interactive, error, method_set_x11_keyboard, c);
                  if (r < 0)
@@@ -1161,7 -1160,7 +1161,7 @@@ int main(int argc, char *argv[]) 
          }
  
  finish:
-         context_free(&context, bus);
+         context_free(&context);
  
          return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
  }
diff --combined src/timedate/timedated.c
@@@ -52,11 -52,11 +52,11 @@@ typedef struct Context 
          Hashmap *polkit_registry;
  } Context;
  
- static void context_free(Context *c, sd_bus *bus) {
+ static void context_free(Context *c) {
          assert(c);
  
          free(c->zone);
-         bus_verify_polkit_async_registry_free(bus, c->polkit_registry);
+         bus_verify_polkit_async_registry_free(c->polkit_registry);
  }
  
  static int context_read_data(Context *c) {
@@@ -395,7 -395,7 +395,7 @@@ static int method_set_timezone(sd_bus *
          if (streq_ptr(z, c->zone))
                  return sd_bus_reply_method_return(m, NULL);
  
 -        r = bus_verify_polkit_async(bus, &c->polkit_registry, m, "org.freedesktop.timedate1.set-timezone", interactive, error, method_set_timezone, c);
 +        r = bus_verify_polkit_async(bus, &c->polkit_registry, m, CAP_SYS_TIME, "org.freedesktop.timedate1.set-timezone", interactive, error, method_set_timezone, c);
          if (r < 0)
                  return r;
          if (r == 0)
@@@ -456,7 -456,7 +456,7 @@@ static int method_set_local_rtc(sd_bus 
          if (lrtc == c->local_rtc)
                  return sd_bus_reply_method_return(m, NULL);
  
 -        r = bus_verify_polkit_async(bus, &c->polkit_registry, m, "org.freedesktop.timedate1.set-local-rtc", interactive, error, method_set_local_rtc, c);
 +        r = bus_verify_polkit_async(bus, &c->polkit_registry, m, CAP_SYS_TIME, "org.freedesktop.timedate1.set-local-rtc", interactive, error, method_set_local_rtc, c);
          if (r < 0)
                  return r;
          if (r == 0)
@@@ -561,7 -561,7 +561,7 @@@ static int method_set_time(sd_bus *bus
          } else
                  timespec_store(&ts, (usec_t) utc);
  
 -        r = bus_verify_polkit_async(bus, &c->polkit_registry, m, "org.freedesktop.timedate1.set-time", interactive, error, method_set_time, c);
 +        r = bus_verify_polkit_async(bus, &c->polkit_registry, m, CAP_SYS_TIME, "org.freedesktop.timedate1.set-time", interactive, error, method_set_time, c);
          if (r < 0)
                  return r;
          if (r == 0)
@@@ -601,7 -601,7 +601,7 @@@ static int method_set_ntp(sd_bus *bus, 
          if ((bool)ntp == c->use_ntp)
                  return sd_bus_reply_method_return(m, NULL);
  
 -        r = bus_verify_polkit_async(bus, &c->polkit_registry, m, "org.freedesktop.timedate1.set-ntp", interactive, error, method_set_ntp, c);
 +        r = bus_verify_polkit_async(bus, &c->polkit_registry, m, CAP_SYS_TIME, "org.freedesktop.timedate1.set-ntp", interactive, error, method_set_ntp, c);
          if (r < 0)
                  return r;
          if (r == 0)
@@@ -727,7 -727,7 +727,7 @@@ int main(int argc, char *argv[]) 
          }
  
  finish:
-         context_free(&context, bus);
+         context_free(&context);
  
          return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
  }