From: Lennart Poettering Date: Fri, 15 Aug 2014 18:25:10 +0000 (+0200) Subject: Merge commit 'b39a2770ba55637da80e2e389222c59dbea73507' X-Git-Tag: v216~65 X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=commitdiff_plain;h=b5af2aca120f1bf13cffc270803c2232918dd967;hp=-c Merge commit 'b39a2770ba55637da80e2e389222c59dbea73507' --- b5af2aca120f1bf13cffc270803c2232918dd967 diff --combined src/hostname/hostnamed.c index dae73b390,a6f440f4e..c7f738a62 --- a/src/hostname/hostnamed.c +++ b/src/hostname/hostnamed.c @@@ -23,7 -23,6 +23,7 @@@ #include #include #include +#include #include "util.h" #include "strv.h" @@@ -69,11 -68,11 +69,11 @@@ static void context_reset(Context *c) } } - static void context_free(Context *c, sd_bus *bus) { + static void context_free(Context *c) { assert(c); context_reset(c); - bus_verify_polkit_async_registry_free(bus, c->polkit_registry); + bus_verify_polkit_async_registry_free(c->polkit_registry); } static int context_read_data(Context *c) { @@@ -426,7 -425,7 +426,7 @@@ static int method_set_hostname(sd_bus * if (streq_ptr(name, c->data[PROP_HOSTNAME])) return sd_bus_reply_method_return(m, NULL); - r = bus_verify_polkit_async(bus, &c->polkit_registry, m, "org.freedesktop.hostname1.set-hostname", interactive, error, method_set_hostname, c); + r = bus_verify_polkit_async(bus, &c->polkit_registry, m, CAP_SYS_ADMIN, "org.freedesktop.hostname1.set-hostname", interactive, error, method_set_hostname, c); if (r < 0) return r; if (r == 0) @@@ -468,7 -467,7 +468,7 @@@ static int method_set_static_hostname(s if (streq_ptr(name, c->data[PROP_STATIC_HOSTNAME])) return sd_bus_reply_method_return(m, NULL); - r = bus_verify_polkit_async(bus, &c->polkit_registry, m, "org.freedesktop.hostname1.set-static-hostname", interactive, error, method_set_static_hostname, c); + r = bus_verify_polkit_async(bus, &c->polkit_registry, m, CAP_SYS_ADMIN, "org.freedesktop.hostname1.set-static-hostname", interactive, error, method_set_static_hostname, c); if (r < 0) return r; if (r == 0) @@@ -533,10 -532,9 +533,10 @@@ static int set_machine_info(Context *c * same time as the static one, use the same policy action for * both... */ - r = bus_verify_polkit_async(bus, &c->polkit_registry, m, prop == PROP_PRETTY_HOSTNAME ? - "org.freedesktop.hostname1.set-static-hostname" : - "org.freedesktop.hostname1.set-machine-info", interactive, error, cb, c); + r = bus_verify_polkit_async(bus, &c->polkit_registry, m, CAP_SYS_ADMIN, + prop == PROP_PRETTY_HOSTNAME ? + "org.freedesktop.hostname1.set-static-hostname" : + "org.freedesktop.hostname1.set-machine-info", interactive, error, cb, c); if (r < 0) return r; if (r == 0) @@@ -723,7 -721,7 +723,7 @@@ int main(int argc, char *argv[]) } finish: - context_free(&context, bus); + context_free(&context); return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS; } diff --combined src/libsystemd/sd-bus/bus-util.c index 0ab11c390,37f5c4620..65f1d17c9 --- a/src/libsystemd/sd-bus/bus-util.c +++ b/src/libsystemd/sd-bus/bus-util.c @@@ -186,22 -186,28 +186,22 @@@ int bus_name_has_owner(sd_bus *c, cons int bus_verify_polkit( sd_bus *bus, sd_bus_message *m, + int capability, const char *action, bool interactive, bool *_challenge, sd_bus_error *e) { - _cleanup_bus_creds_unref_ sd_bus_creds *creds = NULL; - uid_t uid; int r; assert(bus); assert(m); assert(action); - r = sd_bus_query_sender_creds(m, SD_BUS_CREDS_UID, &creds); + r = sd_bus_query_sender_privilege(m, capability); if (r < 0) return r; - - r = sd_bus_creds_get_uid(creds, &uid); - if (r < 0) - return r; - - if (uid == 0) + if (r > 0) return 1; #ifdef ENABLE_POLKIT @@@ -319,7 -325,6 +319,7 @@@ int bus_verify_polkit_async sd_bus *bus, Hashmap **registry, sd_bus_message *m, + int capability, const char *action, bool interactive, sd_bus_error *error, @@@ -331,6 -336,8 +331,6 @@@ AsyncPolkitQuery *q; const char *sender; #endif - _cleanup_bus_creds_unref_ sd_bus_creds *creds = NULL; - uid_t uid; int r; assert(bus); @@@ -376,10 -383,15 +376,10 @@@ } #endif - r = sd_bus_query_sender_creds(m, SD_BUS_CREDS_UID, &creds); + r = sd_bus_query_sender_privilege(m, capability); if (r < 0) return r; - - r = sd_bus_creds_get_uid(creds, &uid); - if (r < 0) - return r; - - if (uid == 0) + if (r > 0) return 1; #ifdef ENABLE_POLKIT @@@ -440,7 -452,7 +440,7 @@@ return -EACCES; } - void bus_verify_polkit_async_registry_free(sd_bus *bus, Hashmap *registry) { + void bus_verify_polkit_async_registry_free(Hashmap *registry) { #ifdef ENABLE_POLKIT AsyncPolkitQuery *q; diff --combined src/libsystemd/sd-bus/bus-util.h index f760a1e80,b3b52af24..1ac46875b --- a/src/libsystemd/sd-bus/bus-util.h +++ b/src/libsystemd/sd-bus/bus-util.h @@@ -62,10 -62,10 +62,10 @@@ int bus_name_has_owner(sd_bus *c, cons int bus_check_peercred(sd_bus *c); -int bus_verify_polkit(sd_bus *bus, sd_bus_message *m, const char *action, bool interactive, bool *_challenge, sd_bus_error *e); +int bus_verify_polkit(sd_bus *bus, sd_bus_message *m, int capability, const char *action, bool interactive, bool *_challenge, sd_bus_error *e); -int bus_verify_polkit_async(sd_bus *bus, Hashmap **registry, sd_bus_message *m, const char *action, bool interactive, sd_bus_error *error, sd_bus_message_handler_t callback, void *userdata); +int bus_verify_polkit_async(sd_bus *bus, Hashmap **registry, sd_bus_message *m, int capability, const char *action, bool interactive, sd_bus_error *error, sd_bus_message_handler_t callback, void *userdata); - void bus_verify_polkit_async_registry_free(sd_bus *bus, Hashmap *registry); + void bus_verify_polkit_async_registry_free(Hashmap *registry); int bus_open_system_systemd(sd_bus **_bus); int bus_open_user_systemd(sd_bus **_bus); diff --combined src/locale/localed.c index 087066786,4d7d02b9a..5c0bc2c84 --- a/src/locale/localed.c +++ b/src/locale/localed.c @@@ -23,7 -23,6 +23,7 @@@ #include #include #include +#include #include "sd-bus.h" @@@ -132,12 -131,12 +132,12 @@@ static void context_free_locale(Contex free_and_replace(&c->locale[p], NULL); } - static void context_free(Context *c, sd_bus *bus) { + static void context_free(Context *c) { context_free_locale(c); context_free_x11(c); context_free_vconsole(c); - bus_verify_polkit_async_registry_free(bus, c->polkit_registry); + bus_verify_polkit_async_registry_free(c->polkit_registry); }; static void locale_simplify(Context *c) { @@@ -877,7 -876,7 +877,7 @@@ static int method_set_locale(sd_bus *bu } if (modified) { - r = bus_verify_polkit_async(bus, &c->polkit_registry, m, + r = bus_verify_polkit_async(bus, &c->polkit_registry, m, CAP_SYS_ADMIN, "org.freedesktop.locale1.set-locale", interactive, error, method_set_locale, c); if (r < 0) @@@ -955,7 -954,7 +955,7 @@@ static int method_set_vc_keyboard(sd_bu (keymap_toggle && (!filename_is_safe(keymap_toggle) || !string_is_safe(keymap_toggle)))) return sd_bus_error_set_errnof(error, -EINVAL, "Received invalid keymap data"); - r = bus_verify_polkit_async(bus, &c->polkit_registry, m, + r = bus_verify_polkit_async(bus, &c->polkit_registry, m, CAP_SYS_ADMIN, "org.freedesktop.locale1.set-keyboard", interactive, error, method_set_vc_keyboard, c); if (r < 0) @@@ -1027,7 -1026,7 +1027,7 @@@ static int method_set_x11_keyboard(sd_b (options && !string_is_safe(options))) return sd_bus_error_set_errnof(error, -EINVAL, "Received invalid keyboard data"); - r = bus_verify_polkit_async(bus, &c->polkit_registry, m, + r = bus_verify_polkit_async(bus, &c->polkit_registry, m, CAP_SYS_ADMIN, "org.freedesktop.locale1.set-keyboard", interactive, error, method_set_x11_keyboard, c); if (r < 0) @@@ -1161,7 -1160,7 +1161,7 @@@ int main(int argc, char *argv[]) } finish: - context_free(&context, bus); + context_free(&context); return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS; } diff --combined src/timedate/timedated.c index f0371759a,1efbf3386..16036953f --- a/src/timedate/timedated.c +++ b/src/timedate/timedated.c @@@ -52,11 -52,11 +52,11 @@@ typedef struct Context Hashmap *polkit_registry; } Context; - static void context_free(Context *c, sd_bus *bus) { + static void context_free(Context *c) { assert(c); free(c->zone); - bus_verify_polkit_async_registry_free(bus, c->polkit_registry); + bus_verify_polkit_async_registry_free(c->polkit_registry); } static int context_read_data(Context *c) { @@@ -395,7 -395,7 +395,7 @@@ static int method_set_timezone(sd_bus * if (streq_ptr(z, c->zone)) return sd_bus_reply_method_return(m, NULL); - r = bus_verify_polkit_async(bus, &c->polkit_registry, m, "org.freedesktop.timedate1.set-timezone", interactive, error, method_set_timezone, c); + r = bus_verify_polkit_async(bus, &c->polkit_registry, m, CAP_SYS_TIME, "org.freedesktop.timedate1.set-timezone", interactive, error, method_set_timezone, c); if (r < 0) return r; if (r == 0) @@@ -456,7 -456,7 +456,7 @@@ static int method_set_local_rtc(sd_bus if (lrtc == c->local_rtc) return sd_bus_reply_method_return(m, NULL); - r = bus_verify_polkit_async(bus, &c->polkit_registry, m, "org.freedesktop.timedate1.set-local-rtc", interactive, error, method_set_local_rtc, c); + r = bus_verify_polkit_async(bus, &c->polkit_registry, m, CAP_SYS_TIME, "org.freedesktop.timedate1.set-local-rtc", interactive, error, method_set_local_rtc, c); if (r < 0) return r; if (r == 0) @@@ -561,7 -561,7 +561,7 @@@ static int method_set_time(sd_bus *bus } else timespec_store(&ts, (usec_t) utc); - r = bus_verify_polkit_async(bus, &c->polkit_registry, m, "org.freedesktop.timedate1.set-time", interactive, error, method_set_time, c); + r = bus_verify_polkit_async(bus, &c->polkit_registry, m, CAP_SYS_TIME, "org.freedesktop.timedate1.set-time", interactive, error, method_set_time, c); if (r < 0) return r; if (r == 0) @@@ -601,7 -601,7 +601,7 @@@ static int method_set_ntp(sd_bus *bus, if ((bool)ntp == c->use_ntp) return sd_bus_reply_method_return(m, NULL); - r = bus_verify_polkit_async(bus, &c->polkit_registry, m, "org.freedesktop.timedate1.set-ntp", interactive, error, method_set_ntp, c); + r = bus_verify_polkit_async(bus, &c->polkit_registry, m, CAP_SYS_TIME, "org.freedesktop.timedate1.set-ntp", interactive, error, method_set_ntp, c); if (r < 0) return r; if (r == 0) @@@ -727,7 -727,7 +727,7 @@@ int main(int argc, char *argv[]) } finish: - context_free(&context, bus); + context_free(&context); return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS; }