From: Adrian Vovk Date: Fri, 2 Feb 2024 19:53:01 +0000 (-0500) Subject: homed: Pass in username and uid as Polkit details X-Git-Tag: v256-rc1~851 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=058a84d1136a6a07da6e5ecd6268472961b9566b;p=thirdparty%2Fsystemd.git homed: Pass in username and uid as Polkit details This lets the Javascript polkit policies to decide whether to allow/deny/authenticate based on the user that's being operated on. --- diff --git a/src/home/homed-home-bus.c b/src/home/homed-home-bus.c index b459cadcbfc..81f0df4c956 100644 --- a/src/home/homed-home-bus.c +++ b/src/home/homed-home-bus.c @@ -5,6 +5,7 @@ #include "bus-common-errors.h" #include "bus-polkit.h" #include "fd-util.h" +#include "format-util.h" #include "homed-bus.h" #include "homed-home-bus.h" #include "homed-home.h" @@ -74,6 +75,35 @@ int bus_home_client_is_trusted(Home *h, sd_bus_message *message) { return euid == 0 || h->uid == euid; } +static int home_verify_polkit_async( + Home *h, + sd_bus_message *message, + const char *action, + uid_t good_uid, + sd_bus_error *error) { + + assert(h); + assert(message); + assert(action); + assert(error); + + const char *details[] = { + "uid", FORMAT_UID(h->uid), + "username", h->user_name, + NULL + }; + + return bus_verify_polkit_async_full( + message, + action, + details, + /* interactive= */ false, + good_uid, + &h->manager->polkit_registry, + error); +} + + int bus_home_get_record_json( Home *h, sd_bus_message *message, @@ -217,11 +247,11 @@ int bus_home_method_unregister( assert(message); - r = bus_verify_polkit_async( + r = home_verify_polkit_async( + h, message, "org.freedesktop.home1.remove-home", - /* details= */ NULL, - &h->manager->polkit_registry, + UID_INVALID, error); if (r < 0) return r; @@ -254,11 +284,11 @@ int bus_home_method_realize( if (r < 0) return r; - r = bus_verify_polkit_async( + r = home_verify_polkit_async( + h, message, "org.freedesktop.home1.create-home", - /* details= */ NULL, - &h->manager->polkit_registry, + UID_INVALID, error); if (r < 0) return r; @@ -291,11 +321,11 @@ int bus_home_method_remove( assert(message); - r = bus_verify_polkit_async( + r = home_verify_polkit_async( + h, message, "org.freedesktop.home1.remove-home", - /* details= */ NULL, - &h->manager->polkit_registry, + UID_INVALID, error); if (r < 0) return r; @@ -361,13 +391,11 @@ int bus_home_method_authenticate( if (r < 0) return r; - r = bus_verify_polkit_async_full( + r = home_verify_polkit_async( + h, message, "org.freedesktop.home1.authenticate-home", - /* details= */ NULL, - /* interactive= */ false, h->uid, - &h->manager->polkit_registry, error); if (r < 0) return r; @@ -399,11 +427,11 @@ int bus_home_method_update_record(Home *h, sd_bus_message *message, UserRecord * if (r < 0) return r; - r = bus_verify_polkit_async( + r = home_verify_polkit_async( + h, message, "org.freedesktop.home1.update-home", - /* details= */ NULL, - &h->manager->polkit_registry, + UID_INVALID, error); if (r < 0) return r; @@ -462,11 +490,11 @@ int bus_home_method_resize( if (r < 0) return r; - r = bus_verify_polkit_async( + r = home_verify_polkit_async( + h, message, "org.freedesktop.home1.resize-home", - /* details= */ NULL, - &h->manager->polkit_registry, + UID_INVALID, error); if (r < 0) return r; @@ -506,13 +534,11 @@ int bus_home_method_change_password( if (r < 0) return r; - r = bus_verify_polkit_async_full( + r = home_verify_polkit_async( + h, message, "org.freedesktop.home1.passwd-home", - /* details= */ NULL, - /* interactive= */ false, h->uid, - &h->manager->polkit_registry, error); if (r < 0) return r; @@ -709,13 +735,11 @@ int bus_home_method_inhibit_suspend( HomeState state; int r; - r = bus_verify_polkit_async_full( + r = home_verify_polkit_async( + h, message, "org.freedesktop.home1.inhibit-suspend", - /* details= */ NULL, - /* interactive= */ false, h->uid, - &h->manager->polkit_registry, error); if (r < 0) return r;