From 7b36fb9f96fd5c1f63b9f0f9e75194e3e4dd6a8d Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Wed, 22 Nov 2023 18:56:19 +0100 Subject: polkit: simplify bus_verify_polkit_async() + drop auth-by-cap dbus feature This simplifies bus_verify_polkit_async() and related calls quite a bit: 1. This removes any support for authentication-by-Linux-capability. This is ultimately a kdbus leftover: with classic AF_UNIX transports we cannot authenticate by capabilities securely (because we cannot acquire it from the peer without races), hence we never actually did. Since the necessary kernel work didn't materialize in the last 10y, and is unlikely to be added, let's just kill this context. We cannot quite remove the caps stuff from sd-bus for API compat, but for our polkit logic let's kill it. 2. The "good_uid" and "interactive" params are only necessary in very few cases, hence let's move them to a new call bus_verify_polkit_async_full() and make bus_verify_polkit_async() a wrapper around it without those two parameters. This also fixes a bunch of wrong uses of the "interactive" bool. The bool makes no sense today as the ALLOW_INTERACTIVE_AUTHORIZATION field in the D-Bus message header replaces it fully. We only need it to implement method calls we introduced prior to that header field becoming available in D-Bus. And it should only be used on such old method calls, and otherwise always be set to false. This does not change behaviour in any way. Just simplifies stuff. Fixes: #21586 --- src/locale/localed.c | 21 +++++++++------------ 1 file changed, 9 insertions(+), 12 deletions(-) (limited to 'src/locale') diff --git a/src/locale/localed.c b/src/locale/localed.c index 5d96237fae..8ce8c0d08f 100644 --- a/src/locale/localed.c +++ b/src/locale/localed.c @@ -281,13 +281,12 @@ static int method_set_locale(sd_bus_message *m, void *userdata, sd_bus_error *er return sd_bus_reply_method_return(m, NULL); } - r = bus_verify_polkit_async( + r = bus_verify_polkit_async_full( m, - CAP_SYS_ADMIN, "org.freedesktop.locale1.set-locale", - NULL, + /* details= */ NULL, interactive, - UID_INVALID, + /* good_user= */ UID_INVALID, &c->polkit_registry, error); if (r < 0) @@ -386,13 +385,12 @@ static int method_set_vc_keyboard(sd_bus_message *m, void *userdata, sd_bus_erro if (vc_context_equal(&c->vc, &in) && !x_needs_update) return sd_bus_reply_method_return(m, NULL); - r = bus_verify_polkit_async( + r = bus_verify_polkit_async_full( m, - CAP_SYS_ADMIN, "org.freedesktop.locale1.set-keyboard", - NULL, + /* details= */ NULL, interactive, - UID_INVALID, + /* good_user= */ UID_INVALID, &c->polkit_registry, error); if (r < 0) @@ -506,13 +504,12 @@ static int method_set_x11_keyboard(sd_bus_message *m, void *userdata, sd_bus_err if (x11_context_equal(&c->x11_from_vc, &in) && x11_context_equal(&c->x11_from_xorg, &in) && !convert) return sd_bus_reply_method_return(m, NULL); - r = bus_verify_polkit_async( + r = bus_verify_polkit_async_full( m, - CAP_SYS_ADMIN, "org.freedesktop.locale1.set-keyboard", - NULL, + /* details= */ NULL, interactive, - UID_INVALID, + /* good_user= */ UID_INVALID, &c->polkit_registry, error); if (r < 0) -- cgit v1.2.3