diff options
author | Lennart Poettering <lennart@poettering.net> | 2015-02-18 12:55:25 +0100 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2015-02-18 12:55:25 +0100 |
commit | c529695e7a30b300fdaa61ace4a8a4ed0e94ad1c (patch) | |
tree | b8613d0df12627f161c4be274378329bea2e72fc /src/login/logind-user-dbus.c | |
parent | 2723b3b51d409340558e46e37e90525d4f880fe1 (diff) |
logind: open up most bus calls for unpriviliged processes, using PolicyKit
Also, allow clients to alter their own objects without any further
priviliges. i.e. this allows clients to kill and lock their own sessions
without involving PK.
Diffstat (limited to 'src/login/logind-user-dbus.c')
-rw-r--r-- | src/login/logind-user-dbus.c | 34 |
1 files changed, 30 insertions, 4 deletions
diff --git a/src/login/logind-user-dbus.c b/src/login/logind-user-dbus.c index 5cfaac0d4f..f7af8ff9b2 100644 --- a/src/login/logind-user-dbus.c +++ b/src/login/logind-user-dbus.c @@ -171,7 +171,7 @@ static int property_get_linger( return sd_bus_message_append(reply, "b", r > 0); } -static int method_terminate(sd_bus *bus, sd_bus_message *message, void *userdata, sd_bus_error *error) { +int bus_user_method_terminate(sd_bus *bus, sd_bus_message *message, void *userdata, sd_bus_error *error) { User *u = userdata; int r; @@ -179,6 +179,19 @@ static int method_terminate(sd_bus *bus, sd_bus_message *message, void *userdata assert(message); assert(u); + r = bus_verify_polkit_async( + message, + CAP_KILL, + "org.freedesktop.login1.manage", + false, + u->uid, + &u->manager->polkit_registry, + error); + if (r < 0) + return r; + if (r == 0) + return 1; /* Will call us back */ + r = user_stop(u, true); if (r < 0) return r; @@ -186,7 +199,7 @@ static int method_terminate(sd_bus *bus, sd_bus_message *message, void *userdata return sd_bus_reply_method_return(message, NULL); } -static int method_kill(sd_bus *bus, sd_bus_message *message, void *userdata, sd_bus_error *error) { +int bus_user_method_kill(sd_bus *bus, sd_bus_message *message, void *userdata, sd_bus_error *error) { User *u = userdata; int32_t signo; int r; @@ -195,6 +208,19 @@ static int method_kill(sd_bus *bus, sd_bus_message *message, void *userdata, sd_ assert(message); assert(u); + r = bus_verify_polkit_async( + message, + CAP_KILL, + "org.freedesktop.login1.manage", + false, + u->uid, + &u->manager->polkit_registry, + error); + if (r < 0) + return r; + if (r == 0) + return 1; /* Will call us back */ + r = sd_bus_message_read(message, "i", &signo); if (r < 0) return r; @@ -227,8 +253,8 @@ const sd_bus_vtable user_vtable[] = { SD_BUS_PROPERTY("IdleSinceHintMonotonic", "t", property_get_idle_since_hint, 0, SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE), SD_BUS_PROPERTY("Linger", "b", property_get_linger, 0, 0), - SD_BUS_METHOD("Terminate", NULL, NULL, method_terminate, SD_BUS_VTABLE_CAPABILITY(CAP_KILL)), - SD_BUS_METHOD("Kill", "i", NULL, method_kill, SD_BUS_VTABLE_CAPABILITY(CAP_KILL)), + SD_BUS_METHOD("Terminate", NULL, NULL, bus_user_method_terminate, SD_BUS_VTABLE_UNPRIVILEGED), + SD_BUS_METHOD("Kill", "i", NULL, bus_user_method_kill, SD_BUS_VTABLE_UNPRIVILEGED), SD_BUS_VTABLE_END }; |