Skip to content

Commit

Permalink
Merge pull request #13457 from keszybz/resolved-issue
Browse files Browse the repository at this point in the history
  • Loading branch information
@keszybz
keszybz committed Sep 3, 2019
2 parents 74e6a78 + fd73184 commit d93d10c
Show file tree
Hide file tree
Showing 7 changed files with 251 additions and 51 deletions.
3 changes: 1 addition & 2 deletions src/libsystemd/sd-bus/sd-bus.c
View file
Expand Up @@ -1354,8 +1354,7 @@ _public_ int sd_bus_open_user_with_description(sd_bus **ret, const char *descrip
b->bus_client = true;
b->is_user = true;

/* We don't do any per-method access control on the user
* bus. */
/* We don't do any per-method access control on the user bus. */
b->trusted = true;
b->is_local = true;

Expand Down
26 changes: 24 additions & 2 deletions src/libsystemd/sd-bus/test-bus-vtable.c
View file
Expand Up @@ -19,9 +19,24 @@

#define DEFAULT_BUS_PATH "unix:path=/run/dbus/system_bus_socket"

static struct context c = {};
static int happy_finder_object = 0;

static int happy_finder(sd_bus *bus, const char *path, const char *interface, void *userdata, void **found, sd_bus_error *error) {
assert(userdata);
assert(userdata == &c);

#ifndef __cplusplus
log_info("%s called", __func__);
#endif

happy_finder_object++;
*found = &happy_finder_object;
return 1; /* found */
}

static void test_vtable(void) {
sd_bus *bus = NULL;
struct context c = {};
int r;

assert(sd_bus_new(&bus) >= 0);
Expand All @@ -32,16 +47,23 @@ static void test_vtable(void) {
assert(sd_bus_add_object_vtable(bus, NULL, "/foo", "org.freedesktop.systemd.testVtable221",
(const sd_bus_vtable *)vtable_format_221, &c) >= 0);

assert(sd_bus_add_fallback_vtable(bus, NULL, "/fallback", "org.freedesktop.systemd.testVtable2", test_vtable_2, happy_finder, &c) >= 0);

assert(sd_bus_set_address(bus, DEFAULT_BUS_PATH) >= 0);
r = sd_bus_start(bus);
assert(r == 0 || /* success */
r == -ENOENT /* dbus is inactive */ );

#ifndef __cplusplus
_cleanup_free_ char *s = NULL;
_cleanup_free_ char *s, *s2;

assert_se(introspect_path(bus, "/foo", NULL, false, true, NULL, &s, NULL) == 1);
fputs(s, stdout);

assert_se(introspect_path(bus, "/fallback", NULL, false, true, NULL, &s2, NULL) == 1);
fputs(s2, stdout);

assert_se(happy_finder_object == 1);
#endif

sd_bus_unref(bus);
Expand Down
2 changes: 1 addition & 1 deletion src/libsystemd/sd-bus/test-vtable-data.h
View file
Expand Up @@ -42,7 +42,7 @@ static const sd_bus_vtable test_vtable_1[] = {

static const sd_bus_vtable test_vtable_2[] = {
SD_BUS_VTABLE_START(0),
SD_BUS_METHOD("AlterSomething", "s", "s", handler, 0),
SD_BUS_METHOD("AlterSomething", "s", "s", handler, SD_BUS_VTABLE_UNPRIVILEGED),
SD_BUS_METHOD("Exit", "", "", handler, 0),
SD_BUS_METHOD_WITH_OFFSET("AlterSomething2", "s", "s", handler, 200, 0),
SD_BUS_METHOD_WITH_OFFSET("Exit2", "", "", handler, 200, 0),
Expand Down
99 changes: 99 additions & 0 deletions src/resolve/org.freedesktop.resolve1.policy
View file
Expand Up @@ -40,4 +40,103 @@
<annotate key="org.freedesktop.policykit.owner">unix-user:systemd-resolve</annotate>
</action>

<action id="org.freedesktop.resolve1.set-dns-servers">
<description gettext-domain="systemd">Set DNS servers</description>
<message gettext-domain="systemd">Authentication is required to set DNS servers.</message>
<defaults>
<allow_any>auth_admin</allow_any>
<allow_inactive>auth_admin</allow_inactive>
<allow_active>auth_admin_keep</allow_active>
</defaults>
<annotate key="org.freedesktop.policykit.owner">unix-user:systemd-resolve</annotate>
</action>

<action id="org.freedesktop.resolve1.set-domains">
<description gettext-domain="systemd">Set domains</description>
<message gettext-domain="systemd">Authentication is required to set domains.</message>
<defaults>
<allow_any>auth_admin</allow_any>
<allow_inactive>auth_admin</allow_inactive>
<allow_active>auth_admin_keep</allow_active>
</defaults>
<annotate key="org.freedesktop.policykit.owner">unix-user:systemd-resolve</annotate>
</action>

<action id="org.freedesktop.resolve1.set-default-route">
<description gettext-domain="systemd">Set default route</description>
<message gettext-domain="systemd">Authentication is required to set default route.</message>
<defaults>
<allow_any>auth_admin</allow_any>
<allow_inactive>auth_admin</allow_inactive>
<allow_active>auth_admin_keep</allow_active>
</defaults>
<annotate key="org.freedesktop.policykit.owner">unix-user:systemd-resolve</annotate>
</action>

<action id="org.freedesktop.resolve1.set-llmnr">
<description gettext-domain="systemd">Enable/disable LLMNR</description>
<message gettext-domain="systemd">Authentication is required to enable or disable LLMNR.</message>
<defaults>
<allow_any>auth_admin</allow_any>
<allow_inactive>auth_admin</allow_inactive>
<allow_active>auth_admin_keep</allow_active>
</defaults>
<annotate key="org.freedesktop.policykit.owner">unix-user:systemd-resolve</annotate>
</action>

<action id="org.freedesktop.resolve1.set-mdns">
<description gettext-domain="systemd">Enable/disable multicast DNS</description>
<message gettext-domain="systemd">Authentication is required to enable or disable multicast DNS.</message>
<defaults>
<allow_any>auth_admin</allow_any>
<allow_inactive>auth_admin</allow_inactive>
<allow_active>auth_admin_keep</allow_active>
</defaults>
<annotate key="org.freedesktop.policykit.owner">unix-user:systemd-resolve</annotate>
</action>

<action id="org.freedesktop.resolve1.set-dns-over-tls">
<description gettext-domain="systemd">Enable/disable DNS over TLS</description>
<message gettext-domain="systemd">Authentication is required to enable or disable DNS over TLS.</message>
<defaults>
<allow_any>auth_admin</allow_any>
<allow_inactive>auth_admin</allow_inactive>
<allow_active>auth_admin_keep</allow_active>
</defaults>
<annotate key="org.freedesktop.policykit.owner">unix-user:systemd-resolve</annotate>
</action>

<action id="org.freedesktop.resolve1.set-dnssec">
<description gettext-domain="systemd">Enable/disable DNSSEC</description>
<message gettext-domain="systemd">Authentication is required to enable or disable DNSSEC.</message>
<defaults>
<allow_any>auth_admin</allow_any>
<allow_inactive>auth_admin</allow_inactive>
<allow_active>auth_admin_keep</allow_active>
</defaults>
<annotate key="org.freedesktop.policykit.owner">unix-user:systemd-resolve</annotate>
</action>

<action id="org.freedesktop.resolve1.set-dnssec-negative-trust-anchors">
<description gettext-domain="systemd">Set DNSSEC Negative Trust Anchors</description>
<message gettext-domain="systemd">Authentication is required to set DNSSEC Negative Trust Anchros.</message>
<defaults>
<allow_any>auth_admin</allow_any>
<allow_inactive>auth_admin</allow_inactive>
<allow_active>auth_admin_keep</allow_active>
</defaults>
<annotate key="org.freedesktop.policykit.owner">unix-user:systemd-resolve</annotate>
</action>

<action id="org.freedesktop.resolve1.revert">
<description gettext-domain="systemd">Revert name resolution settings</description>
<message gettext-domain="systemd">Authentication is required to revert name resolution settings.</message>
<defaults>
<allow_any>auth_admin</allow_any>
<allow_inactive>auth_admin</allow_inactive>
<allow_active>auth_admin_keep</allow_active>
</defaults>
<annotate key="org.freedesktop.policykit.owner">unix-user:systemd-resolve</annotate>
</action>

</policyconfig>
42 changes: 21 additions & 21 deletions src/resolve/resolved-bus.c
View file
Expand Up @@ -1638,15 +1638,6 @@ static int bus_method_register_service(sd_bus_message *message, void *userdata,
if (m->mdns_support != RESOLVE_SUPPORT_YES)
return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, "Support for MulticastDNS is disabled");

r = bus_verify_polkit_async(message, CAP_SYS_ADMIN,
"org.freedesktop.resolve1.register-service",
NULL, false, UID_INVALID,
&m->polkit_registry, error);
if (r < 0)
return r;
if (r == 0)
return 1; /* Polkit will call us back */

service = new0(DnssdService, 1);
if (!service)
return log_oom();
Expand Down Expand Up @@ -1771,6 +1762,15 @@ static int bus_method_register_service(sd_bus_message *message, void *userdata,
if (r < 0)
return r;

r = bus_verify_polkit_async(message, CAP_SYS_ADMIN,
"org.freedesktop.resolve1.register-service",
NULL, false, UID_INVALID,
&m->polkit_registry, error);
if (r < 0)
return r;
if (r == 0)
return 1; /* Polkit will call us back */

r = hashmap_ensure_allocated(&m->dnssd_services, &string_hash_ops);
if (r < 0)
return r;
Expand Down Expand Up @@ -1854,19 +1854,19 @@ static const sd_bus_vtable resolve_vtable[] = {
SD_BUS_METHOD("ResolveAddress", "iiayt", "a(is)t", bus_method_resolve_address, SD_BUS_VTABLE_UNPRIVILEGED),
SD_BUS_METHOD("ResolveRecord", "isqqt", "a(iqqay)t", bus_method_resolve_record, SD_BUS_VTABLE_UNPRIVILEGED),
SD_BUS_METHOD("ResolveService", "isssit", "a(qqqsa(iiay)s)aayssst", bus_method_resolve_service, SD_BUS_VTABLE_UNPRIVILEGED),
SD_BUS_METHOD("ResetStatistics", NULL, NULL, bus_method_reset_statistics, 0),
SD_BUS_METHOD("FlushCaches", NULL, NULL, bus_method_flush_caches, 0),
SD_BUS_METHOD("ResetServerFeatures", NULL, NULL, bus_method_reset_server_features, 0),
SD_BUS_METHOD("ResetStatistics", NULL, NULL, bus_method_reset_statistics, SD_BUS_VTABLE_UNPRIVILEGED),
SD_BUS_METHOD("FlushCaches", NULL, NULL, bus_method_flush_caches, SD_BUS_VTABLE_UNPRIVILEGED),
SD_BUS_METHOD("ResetServerFeatures", NULL, NULL, bus_method_reset_server_features, SD_BUS_VTABLE_UNPRIVILEGED),
SD_BUS_METHOD("GetLink", "i", "o", bus_method_get_link, SD_BUS_VTABLE_UNPRIVILEGED),
SD_BUS_METHOD("SetLinkDNS", "ia(iay)", NULL, bus_method_set_link_dns_servers, 0),
SD_BUS_METHOD("SetLinkDomains", "ia(sb)", NULL, bus_method_set_link_domains, 0),
SD_BUS_METHOD("SetLinkDefaultRoute", "ib", NULL, bus_method_set_link_default_route, 0),
SD_BUS_METHOD("SetLinkLLMNR", "is", NULL, bus_method_set_link_llmnr, 0),
SD_BUS_METHOD("SetLinkMulticastDNS", "is", NULL, bus_method_set_link_mdns, 0),
SD_BUS_METHOD("SetLinkDNSOverTLS", "is", NULL, bus_method_set_link_dns_over_tls, 0),
SD_BUS_METHOD("SetLinkDNSSEC", "is", NULL, bus_method_set_link_dnssec, 0),
SD_BUS_METHOD("SetLinkDNSSECNegativeTrustAnchors", "ias", NULL, bus_method_set_link_dnssec_negative_trust_anchors, 0),
SD_BUS_METHOD("RevertLink", "i", NULL, bus_method_revert_link, 0),
SD_BUS_METHOD("SetLinkDNS", "ia(iay)", NULL, bus_method_set_link_dns_servers, SD_BUS_VTABLE_UNPRIVILEGED),
SD_BUS_METHOD("SetLinkDomains", "ia(sb)", NULL, bus_method_set_link_domains, SD_BUS_VTABLE_UNPRIVILEGED),
SD_BUS_METHOD("SetLinkDefaultRoute", "ib", NULL, bus_method_set_link_default_route, SD_BUS_VTABLE_UNPRIVILEGED),
SD_BUS_METHOD("SetLinkLLMNR", "is", NULL, bus_method_set_link_llmnr, SD_BUS_VTABLE_UNPRIVILEGED),
SD_BUS_METHOD("SetLinkMulticastDNS", "is", NULL, bus_method_set_link_mdns, SD_BUS_VTABLE_UNPRIVILEGED),
SD_BUS_METHOD("SetLinkDNSOverTLS", "is", NULL, bus_method_set_link_dns_over_tls, SD_BUS_VTABLE_UNPRIVILEGED),
SD_BUS_METHOD("SetLinkDNSSEC", "is", NULL, bus_method_set_link_dnssec, SD_BUS_VTABLE_UNPRIVILEGED),
SD_BUS_METHOD("SetLinkDNSSECNegativeTrustAnchors", "ias", NULL, bus_method_set_link_dnssec_negative_trust_anchors, SD_BUS_VTABLE_UNPRIVILEGED),
SD_BUS_METHOD("RevertLink", "i", NULL, bus_method_revert_link, SD_BUS_VTABLE_UNPRIVILEGED),

SD_BUS_METHOD("RegisterService", "sssqqqaa{say}", "o", bus_method_register_service, SD_BUS_VTABLE_UNPRIVILEGED),
SD_BUS_METHOD("UnregisterService", "o", NULL, bus_method_unregister_service, SD_BUS_VTABLE_UNPRIVILEGED),
Expand Down

0 comments on commit d93d10c

Please sign in to comment.