summaryrefslogtreecommitdiff
path: root/src/core/dbus-unit.c
diff options
context:
space:
mode:
authorStef Walter <stef@thewalter.net>2014-08-06 11:45:36 +0200
committerLennart Poettering <lennart@poettering.net>2014-08-18 18:08:28 +0200
commit283868e1dcd8ea7475850d9c6e7d4722c473dd50 (patch)
tree6334ed9b79e0c3c6242acfc050c00da4284ed7d1 /src/core/dbus-unit.c
parentf38857914ab5c9cc55aac05795e1886963a5fd04 (diff)
core: Verify systemd1 DBus method callers via polkit
DBus methods that retrieve information can be called by anyone. DBus methods that modify state of units are verified via polkit action: org.freedesktop.systemd1.manage-units DBus methods that modify state of unit files are verified via polkit action: org.freedesktop.systemd1.manage-unit-files DBus methods that reload the entire daemon state are verified via polkit action: org.freedesktop.systemd1.reload-daemon DBus methods that modify job state are callable from the clients that started the job. root (ie: CAP_SYS_ADMIN) can continue to perform all calls, property access etc. There are several DBus methods that can only be called by root. Open up the dbus1 policy for the above methods. (Heavily modified by Lennart, making use of the new bus_verify_polkit_async() version that doesn't force us to always pass the original callback around. Also, interactive auhentication must be opt-in, not unconditional, hence I turned this off.)
Diffstat (limited to 'src/core/dbus-unit.c')
-rw-r--r--src/core/dbus-unit.c18
1 files changed, 18 insertions, 0 deletions
diff --git a/src/core/dbus-unit.c b/src/core/dbus-unit.c
index 2132f59faa..8fe83aefec 100644
--- a/src/core/dbus-unit.c
+++ b/src/core/dbus-unit.c
@@ -421,6 +421,12 @@ int bus_unit_method_kill(sd_bus *bus, sd_bus_message *message, void *userdata, s
assert(message);
assert(u);
+ r = bus_verify_manage_unit_async_for_kill(u->manager, message, error);
+ if (r < 0)
+ return r;
+ if (r == 0)
+ return 1; /* No authorization for now, but the async polkit stuff will call us again when it has it */
+
r = sd_bus_message_read(message, "si", &swho, &signo);
if (r < 0)
return r;
@@ -455,6 +461,12 @@ int bus_unit_method_reset_failed(sd_bus *bus, sd_bus_message *message, void *use
assert(message);
assert(u);
+ r = bus_verify_manage_unit_async(u->manager, message, error);
+ if (r < 0)
+ return r;
+ if (r == 0)
+ return 1; /* No authorization for now, but the async polkit stuff will call us again when it has it */
+
r = selinux_unit_access_check(u, message, "reload", error);
if (r < 0)
return r;
@@ -472,6 +484,12 @@ int bus_unit_method_set_properties(sd_bus *bus, sd_bus_message *message, void *u
assert(message);
assert(u);
+ r = bus_verify_manage_unit_async(u->manager, message, error);
+ if (r < 0)
+ return r;
+ if (r == 0)
+ return 1; /* No authorization for now, but the async polkit stuff will call us again when it has it */
+
r = sd_bus_message_read(message, "b", &runtime);
if (r < 0)
return r;