summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authordnovotny <danny@rawhide.localdomain>2009-09-09 07:54:28 -0400
committerdnovotny <danny@rawhide.localdomain>2009-09-09 07:54:28 -0400
commitd04a619443303243a649f3f1baa20ad2f3ae1d89 (patch)
tree3f49b750a397a1ceb2ab860611b908c907a8bac3 /src
parent173490efd5daeefa4622d353ca3b1587c56f64ca (diff)
downloadabrt-d04a619443303243a649f3f1baa20ad2f3ae1d89.tar.gz
abrt-d04a619443303243a649f3f1baa20ad2f3ae1d89.tar.xz
abrt-d04a619443303243a649f3f1baa20ad2f3ae1d89.zip
added polkit security check in SetSettings
Diffstat (limited to 'src')
-rw-r--r--src/Daemon/CommLayerServerDBus.cpp3
-rw-r--r--src/Daemon/Settings.cpp16
-rw-r--r--src/Daemon/Settings.h2
-rw-r--r--src/Daemon/org.fedoraproject.abrt.policy2
4 files changed, 20 insertions, 3 deletions
diff --git a/src/Daemon/CommLayerServerDBus.cpp b/src/Daemon/CommLayerServerDBus.cpp
index eb1d133..726c37a 100644
--- a/src/Daemon/CommLayerServerDBus.cpp
+++ b/src/Daemon/CommLayerServerDBus.cpp
@@ -729,7 +729,8 @@ static int handle_SetSettings(DBusMessage* call, DBusMessage* reply)
return -1;
}
- SetSettings(param1);
+ const char * sender = dbus_message_get_sender(call);
+ SetSettings(param1, sender);
send_flush_and_unref(reply);
return 0;
diff --git a/src/Daemon/Settings.cpp b/src/Daemon/Settings.cpp
index 086c18a..0eea2bd 100644
--- a/src/Daemon/Settings.cpp
+++ b/src/Daemon/Settings.cpp
@@ -1,6 +1,7 @@
#include "Settings.h"
#include "abrtlib.h"
#include "abrt_types.h"
+#include "Polkit.h"
#include <fstream>
#define SECTION_COMMON "Common"
@@ -424,9 +425,22 @@ void SaveSettings()
}
/* dbus call to change some .conf file data */
-void SetSettings(const map_abrt_settings_t& pSettings)
+void SetSettings(const map_abrt_settings_t& pSettings, const char * dbus_sender)
{
bool dirty = false;
+ int polkit_result;
+
+ if(( polkit_result = polkit_check_authorization(dbus_sender,
+ "org.fedoraproject.abrt.save-settings")) != PolkitYes)
+ {
+ log("user %s not authorized, returned %d", dbus_sender,
+ polkit_result );
+ return;
+ } else
+ {
+ log("user %s succesfully authorized", dbus_sender);
+ }
+
map_abrt_settings_t::const_iterator it = pSettings.find(SECTION_COMMON);
map_abrt_settings_t::const_iterator end = pSettings.end();
if (it != end)
diff --git a/src/Daemon/Settings.h b/src/Daemon/Settings.h
index 0ce19fc..9ee9370 100644
--- a/src/Daemon/Settings.h
+++ b/src/Daemon/Settings.h
@@ -19,7 +19,7 @@ extern map_analyzer_actions_and_reporters_t g_settings_mapAnalyzerActionsAndRepo
void LoadSettings();
void SaveSettings();
-void SetSettings(const map_abrt_settings_t& pSettings);
+void SetSettings(const map_abrt_settings_t& pSettings, const char * dbus_sender);
map_abrt_settings_t GetSettings();
#endif
diff --git a/src/Daemon/org.fedoraproject.abrt.policy b/src/Daemon/org.fedoraproject.abrt.policy
index 27b2127..9cf16a6 100644
--- a/src/Daemon/org.fedoraproject.abrt.policy
+++ b/src/Daemon/org.fedoraproject.abrt.policy
@@ -18,6 +18,8 @@ Copyright (c) 2009 Red Hat inc.
<message>Saving global settings requires authentication</message>
<defaults>
<allow_any>auth_admin</allow_any>
+ <allow_active>auth_admin</allow_active>
+ <allow_inactive>auth_admin</allow_inactive>
</defaults>
</action>