From def9a7aa0182e5ecca3ac61b26f75136a5c4f103 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Fri, 15 Aug 2014 20:08:51 +0200
Subject: sd-bus: add API to check if a client has privileges

This is a generalization of the vtable privilege check we already have,
but exported, and hence useful when preparing for a polkit change.

This will deal with the complexity that on dbus1 one cannot trust the
capability field we retrieve via the bus, since it is read via
/proc/$$/stat (and thus might be out-of-date) rather than directly from
the message (like on kdbus) or bus connection (as for uid creds on
dbus1).

Also, port over all code to this new API.
---
 src/locale/localed.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

(limited to 'src/locale')

diff --git a/src/locale/localed.c b/src/locale/localed.c
index 3cfc2ea4d3..087066786e 100644
--- a/src/locale/localed.c
+++ b/src/locale/localed.c
@@ -23,6 +23,7 @@
 #include <errno.h>
 #include <string.h>
 #include <unistd.h>
+#include <sys/capability.h>
 
 #include "sd-bus.h"
 
@@ -876,7 +877,7 @@ static int method_set_locale(sd_bus *bus, sd_bus_message *m, void *userdata, sd_
         }
 
         if (modified) {
-                r = bus_verify_polkit_async(bus, &c->polkit_registry, m,
+                r = bus_verify_polkit_async(bus, &c->polkit_registry, m, CAP_SYS_ADMIN,
                                             "org.freedesktop.locale1.set-locale", interactive,
                                             error, method_set_locale, c);
                 if (r < 0)
@@ -954,7 +955,7 @@ static int method_set_vc_keyboard(sd_bus *bus, sd_bus_message *m, void *userdata
                     (keymap_toggle && (!filename_is_safe(keymap_toggle) || !string_is_safe(keymap_toggle))))
                         return sd_bus_error_set_errnof(error, -EINVAL, "Received invalid keymap data");
 
-                r = bus_verify_polkit_async(bus, &c->polkit_registry, m,
+                r = bus_verify_polkit_async(bus, &c->polkit_registry, m, CAP_SYS_ADMIN,
                                 "org.freedesktop.locale1.set-keyboard",
                                 interactive, error, method_set_vc_keyboard, c);
                 if (r < 0)
@@ -1026,7 +1027,7 @@ static int method_set_x11_keyboard(sd_bus *bus, sd_bus_message *m, void *userdat
                     (options && !string_is_safe(options)))
                         return sd_bus_error_set_errnof(error, -EINVAL, "Received invalid keyboard data");
 
-                r = bus_verify_polkit_async(bus, &c->polkit_registry, m,
+                r = bus_verify_polkit_async(bus, &c->polkit_registry, m, CAP_SYS_ADMIN,
                                 "org.freedesktop.locale1.set-keyboard",
                                 interactive, error, method_set_x11_keyboard, c);
                 if (r < 0)
-- 
cgit v1.2.3-54-g00ecf