summaryrefslogtreecommitdiff
path: root/src/libsystemd/sd-bus/bus-util.c
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2014-08-15 20:08:51 +0200
committerLennart Poettering <lennart@poettering.net>2014-08-15 20:08:51 +0200
commitdef9a7aa0182e5ecca3ac61b26f75136a5c4f103 (patch)
treecb9da3fa3ad63f8c9e62c883cf821f23295c74d3 /src/libsystemd/sd-bus/bus-util.c
parent4311fa08fe7f3e702a2adb569fe20fb023a4b746 (diff)
sd-bus: add API to check if a client has privileges
This is a generalization of the vtable privilege check we already have, but exported, and hence useful when preparing for a polkit change. This will deal with the complexity that on dbus1 one cannot trust the capability field we retrieve via the bus, since it is read via /proc/$$/stat (and thus might be out-of-date) rather than directly from the message (like on kdbus) or bus connection (as for uid creds on dbus1). Also, port over all code to this new API.
Diffstat (limited to 'src/libsystemd/sd-bus/bus-util.c')
-rw-r--r--src/libsystemd/sd-bus/bus-util.c24
1 files changed, 6 insertions, 18 deletions
diff --git a/src/libsystemd/sd-bus/bus-util.c b/src/libsystemd/sd-bus/bus-util.c
index 32c536813d..0ab11c3905 100644
--- a/src/libsystemd/sd-bus/bus-util.c
+++ b/src/libsystemd/sd-bus/bus-util.c
@@ -186,28 +186,22 @@ int bus_name_has_owner(sd_bus *c, const char *name, sd_bus_error *error) {
int bus_verify_polkit(
sd_bus *bus,
sd_bus_message *m,
+ int capability,
const char *action,
bool interactive,
bool *_challenge,
sd_bus_error *e) {
- _cleanup_bus_creds_unref_ sd_bus_creds *creds = NULL;
- uid_t uid;
int r;
assert(bus);
assert(m);
assert(action);
- r = sd_bus_query_sender_creds(m, SD_BUS_CREDS_UID, &creds);
+ r = sd_bus_query_sender_privilege(m, capability);
if (r < 0)
return r;
-
- r = sd_bus_creds_get_uid(creds, &uid);
- if (r < 0)
- return r;
-
- if (uid == 0)
+ if (r > 0)
return 1;
#ifdef ENABLE_POLKIT
@@ -325,6 +319,7 @@ int bus_verify_polkit_async(
sd_bus *bus,
Hashmap **registry,
sd_bus_message *m,
+ int capability,
const char *action,
bool interactive,
sd_bus_error *error,
@@ -336,8 +331,6 @@ int bus_verify_polkit_async(
AsyncPolkitQuery *q;
const char *sender;
#endif
- _cleanup_bus_creds_unref_ sd_bus_creds *creds = NULL;
- uid_t uid;
int r;
assert(bus);
@@ -383,15 +376,10 @@ int bus_verify_polkit_async(
}
#endif
- r = sd_bus_query_sender_creds(m, SD_BUS_CREDS_UID, &creds);
+ r = sd_bus_query_sender_privilege(m, capability);
if (r < 0)
return r;
-
- r = sd_bus_creds_get_uid(creds, &uid);
- if (r < 0)
- return r;
-
- if (uid == 0)
+ if (r > 0)
return 1;
#ifdef ENABLE_POLKIT