diff options
| author | Lennart Poettering <lennart@poettering.net> | 2015-02-18 12:55:25 +0100 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2015-02-18 12:55:25 +0100 |
| commit | c529695e7a30b300fdaa61ace4a8a4ed0e94ad1c (patch) | |
| tree | b8613d0df12627f161c4be274378329bea2e72fc /src/login/logind-seat-dbus.c | |
| parent | 2723b3b51d409340558e46e37e90525d4f880fe1 (diff) | |
logind: open up most bus calls for unpriviliged processes, using PolicyKit
Also, allow clients to alter their own objects without any further
priviliges. i.e. this allows clients to kill and lock their own sessions
without involving PK.
Diffstat (limited to 'src/login/logind-seat-dbus.c')
| -rw-r--r-- | src/login/logind-seat-dbus.c | 17 |
1 files changed, 15 insertions, 2 deletions
diff --git a/src/login/logind-seat-dbus.c b/src/login/logind-seat-dbus.c index 50b0b8842f..f50ee8d759 100644 --- a/src/login/logind-seat-dbus.c +++ b/src/login/logind-seat-dbus.c @@ -193,7 +193,7 @@ static int property_get_idle_since_hint( return sd_bus_message_append(reply, "t", u); } -static int method_terminate(sd_bus *bus, sd_bus_message *message, void *userdata, sd_bus_error *error) { +int bus_seat_method_terminate(sd_bus *bus, sd_bus_message *message, void *userdata, sd_bus_error *error) { Seat *s = userdata; int r; @@ -201,6 +201,19 @@ static int method_terminate(sd_bus *bus, sd_bus_message *message, void *userdata assert(message); assert(s); + r = bus_verify_polkit_async( + message, + CAP_KILL, + "org.freedesktop.login1.manage", + false, + UID_INVALID, + &s->manager->polkit_registry, + error); + if (r < 0) + return r; + if (r == 0) + return 1; /* Will call us back */ + r = seat_stop_sessions(s, true); if (r < 0) return r; @@ -302,7 +315,7 @@ const sd_bus_vtable seat_vtable[] = { SD_BUS_PROPERTY("IdleSinceHint", "t", property_get_idle_since_hint, 0, SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE), SD_BUS_PROPERTY("IdleSinceHintMonotonic", "t", property_get_idle_since_hint, 0, SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE), - SD_BUS_METHOD("Terminate", NULL, NULL, method_terminate, SD_BUS_VTABLE_CAPABILITY(CAP_KILL)), + SD_BUS_METHOD("Terminate", NULL, NULL, bus_seat_method_terminate, SD_BUS_VTABLE_UNPRIVILEGED), SD_BUS_METHOD("ActivateSession", "s", NULL, method_activate_session, SD_BUS_VTABLE_UNPRIVILEGED), SD_BUS_METHOD("SwitchTo", "u", NULL, method_switch_to, SD_BUS_VTABLE_UNPRIVILEGED), SD_BUS_METHOD("SwitchToNext", NULL, NULL, method_switch_to_next, SD_BUS_VTABLE_UNPRIVILEGED), |