summaryrefslogtreecommitdiff
path: root/src/login
diff options
context:
space:
mode:
authorMichael Chapman <mike@very.puzzling.org>2015-09-06 00:07:16 +1000
committerMichael Chapman <mike@very.puzzling.org>2015-09-06 00:07:16 +1000
commit403ed0e5c914f2a0a683403d8ba7eaf96e3ffcdf (patch)
tree1522b7c2adc228dda7bc9fd3d94c0d1bac9d504c /src/login
parent17258f5f27dd3dd57c36f2805e0a0c27a1aeabba (diff)
bus-util: support details in CheckAuthorization calls
Extra details for an action can be supplied when calling polkit's CheckAuthorization method. Details are a list of key/value string pairs. Custom policy can use these details when making authorization decisions.
Diffstat (limited to 'src/login')
-rw-r--r--src/login/logind-dbus.c20
-rw-r--r--src/login/logind-seat-dbus.c1
-rw-r--r--src/login/logind-session-dbus.c3
-rw-r--r--src/login/logind-user-dbus.c2
4 files changed, 20 insertions, 6 deletions
diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c
index e433549cb9..14b6e0ddad 100644
--- a/src/login/logind-dbus.c
+++ b/src/login/logind-dbus.c
@@ -942,6 +942,7 @@ static int method_lock_sessions(sd_bus_message *message, void *userdata, sd_bus_
message,
CAP_SYS_ADMIN,
"org.freedesktop.login1.lock-sessions",
+ NULL,
false,
UID_INVALID,
&m->polkit_registry,
@@ -1096,6 +1097,7 @@ static int method_set_user_linger(sd_bus_message *message, void *userdata, sd_bu
message,
CAP_SYS_ADMIN,
"org.freedesktop.login1.set-user-linger",
+ NULL,
interactive,
UID_INVALID,
&m->polkit_registry,
@@ -1268,6 +1270,7 @@ static int method_attach_device(sd_bus_message *message, void *userdata, sd_bus_
message,
CAP_SYS_ADMIN,
"org.freedesktop.login1.attach-device",
+ NULL,
interactive,
UID_INVALID,
&m->polkit_registry,
@@ -1299,6 +1302,7 @@ static int method_flush_devices(sd_bus_message *message, void *userdata, sd_bus_
message,
CAP_SYS_ADMIN,
"org.freedesktop.login1.flush-devices",
+ NULL,
interactive,
UID_INVALID,
&m->polkit_registry,
@@ -1649,7 +1653,7 @@ static int verify_shutdown_creds(
blocked = manager_is_inhibited(m, w, INHIBIT_BLOCK, NULL, false, true, uid, NULL);
if (multiple_sessions && action_multiple_sessions) {
- r = bus_verify_polkit_async(message, CAP_SYS_BOOT, action_multiple_sessions, interactive, UID_INVALID, &m->polkit_registry, error);
+ r = bus_verify_polkit_async(message, CAP_SYS_BOOT, action_multiple_sessions, NULL, interactive, UID_INVALID, &m->polkit_registry, error);
if (r < 0)
return r;
if (r == 0)
@@ -1657,7 +1661,7 @@ static int verify_shutdown_creds(
}
if (blocked && action_ignore_inhibit) {
- r = bus_verify_polkit_async(message, CAP_SYS_BOOT, action_ignore_inhibit, interactive, UID_INVALID, &m->polkit_registry, error);
+ r = bus_verify_polkit_async(message, CAP_SYS_BOOT, action_ignore_inhibit, NULL, interactive, UID_INVALID, &m->polkit_registry, error);
if (r < 0)
return r;
if (r == 0)
@@ -1665,7 +1669,7 @@ static int verify_shutdown_creds(
}
if (!multiple_sessions && !blocked && action) {
- r = bus_verify_polkit_async(message, CAP_SYS_BOOT, action, interactive, UID_INVALID, &m->polkit_registry, error);
+ r = bus_verify_polkit_async(message, CAP_SYS_BOOT, action, NULL, interactive, UID_INVALID, &m->polkit_registry, error);
if (r < 0)
return r;
if (r == 0)
@@ -2085,7 +2089,7 @@ static int method_can_shutdown_or_sleep(
blocked = manager_is_inhibited(m, w, INHIBIT_BLOCK, NULL, false, true, uid, NULL);
if (multiple_sessions) {
- r = bus_test_polkit(message, CAP_SYS_BOOT, action_multiple_sessions, UID_INVALID, &challenge, error);
+ r = bus_test_polkit(message, CAP_SYS_BOOT, action_multiple_sessions, NULL, UID_INVALID, &challenge, error);
if (r < 0)
return r;
@@ -2098,7 +2102,7 @@ static int method_can_shutdown_or_sleep(
}
if (blocked) {
- r = bus_test_polkit(message, CAP_SYS_BOOT, action_ignore_inhibit, UID_INVALID, &challenge, error);
+ r = bus_test_polkit(message, CAP_SYS_BOOT, action_ignore_inhibit, NULL, UID_INVALID, &challenge, error);
if (r < 0)
return r;
@@ -2114,7 +2118,7 @@ static int method_can_shutdown_or_sleep(
/* If neither inhibit nor multiple sessions
* apply then just check the normal policy */
- r = bus_test_polkit(message, CAP_SYS_BOOT, action, UID_INVALID, &challenge, error);
+ r = bus_test_polkit(message, CAP_SYS_BOOT, action, NULL, UID_INVALID, &challenge, error);
if (r < 0)
return r;
@@ -2233,6 +2237,7 @@ static int method_set_reboot_to_firmware_setup(
r = bus_verify_polkit_async(message,
CAP_SYS_ADMIN,
"org.freedesktop.login1.set-reboot-to-firmware-setup",
+ NULL,
false,
UID_INVALID,
&m->polkit_registry,
@@ -2271,6 +2276,7 @@ static int method_can_reboot_to_firmware_setup(
r = bus_test_polkit(message,
CAP_SYS_ADMIN,
"org.freedesktop.login1.set-reboot-to-firmware-setup",
+ NULL,
UID_INVALID,
&challenge,
error);
@@ -2307,6 +2313,7 @@ static int method_set_wall_message(
r = bus_verify_polkit_async(message,
CAP_SYS_ADMIN,
"org.freedesktop.login1.set-wall-message",
+ NULL,
false,
UID_INVALID,
&m->polkit_registry,
@@ -2378,6 +2385,7 @@ static int method_inhibit(sd_bus_message *message, void *userdata, sd_bus_error
w == INHIBIT_HANDLE_SUSPEND_KEY ? "org.freedesktop.login1.inhibit-handle-suspend-key" :
w == INHIBIT_HANDLE_HIBERNATE_KEY ? "org.freedesktop.login1.inhibit-handle-hibernate-key" :
"org.freedesktop.login1.inhibit-handle-lid-switch",
+ NULL,
false,
UID_INVALID,
&m->polkit_registry,
diff --git a/src/login/logind-seat-dbus.c b/src/login/logind-seat-dbus.c
index ce67ffde37..346e1d2cec 100644
--- a/src/login/logind-seat-dbus.c
+++ b/src/login/logind-seat-dbus.c
@@ -204,6 +204,7 @@ int bus_seat_method_terminate(sd_bus_message *message, void *userdata, sd_bus_er
message,
CAP_KILL,
"org.freedesktop.login1.manage",
+ NULL,
false,
UID_INVALID,
&s->manager->polkit_registry,
diff --git a/src/login/logind-session-dbus.c b/src/login/logind-session-dbus.c
index 563153e2d9..e6b4ccd7c6 100644
--- a/src/login/logind-session-dbus.c
+++ b/src/login/logind-session-dbus.c
@@ -191,6 +191,7 @@ int bus_session_method_terminate(sd_bus_message *message, void *userdata, sd_bus
message,
CAP_KILL,
"org.freedesktop.login1.manage",
+ NULL,
false,
s->user->uid,
&s->manager->polkit_registry,
@@ -232,6 +233,7 @@ int bus_session_method_lock(sd_bus_message *message, void *userdata, sd_bus_erro
message,
CAP_SYS_ADMIN,
"org.freedesktop.login1.lock-sessions",
+ NULL,
false,
s->user->uid,
&s->manager->polkit_registry,
@@ -306,6 +308,7 @@ int bus_session_method_kill(sd_bus_message *message, void *userdata, sd_bus_erro
message,
CAP_KILL,
"org.freedesktop.login1.manage",
+ NULL,
false,
s->user->uid,
&s->manager->polkit_registry,
diff --git a/src/login/logind-user-dbus.c b/src/login/logind-user-dbus.c
index 36c0e8626d..20ea2fbdc4 100644
--- a/src/login/logind-user-dbus.c
+++ b/src/login/logind-user-dbus.c
@@ -179,6 +179,7 @@ int bus_user_method_terminate(sd_bus_message *message, void *userdata, sd_bus_er
message,
CAP_KILL,
"org.freedesktop.login1.manage",
+ NULL,
false,
u->uid,
&u->manager->polkit_registry,
@@ -207,6 +208,7 @@ int bus_user_method_kill(sd_bus_message *message, void *userdata, sd_bus_error *
message,
CAP_KILL,
"org.freedesktop.login1.manage",
+ NULL,
false,
u->uid,
&u->manager->polkit_registry,