diff options
author | dnovotny <danny@rawhide.localdomain> | 2009-09-09 07:54:28 -0400 |
---|---|---|
committer | dnovotny <danny@rawhide.localdomain> | 2009-09-09 07:54:28 -0400 |
commit | d04a619443303243a649f3f1baa20ad2f3ae1d89 (patch) | |
tree | 3f49b750a397a1ceb2ab860611b908c907a8bac3 /src | |
parent | 173490efd5daeefa4622d353ca3b1587c56f64ca (diff) | |
download | abrt-d04a619443303243a649f3f1baa20ad2f3ae1d89.tar.gz abrt-d04a619443303243a649f3f1baa20ad2f3ae1d89.tar.xz abrt-d04a619443303243a649f3f1baa20ad2f3ae1d89.zip |
added polkit security check in SetSettings
Diffstat (limited to 'src')
-rw-r--r-- | src/Daemon/CommLayerServerDBus.cpp | 3 | ||||
-rw-r--r-- | src/Daemon/Settings.cpp | 16 | ||||
-rw-r--r-- | src/Daemon/Settings.h | 2 | ||||
-rw-r--r-- | src/Daemon/org.fedoraproject.abrt.policy | 2 |
4 files changed, 20 insertions, 3 deletions
diff --git a/src/Daemon/CommLayerServerDBus.cpp b/src/Daemon/CommLayerServerDBus.cpp index eb1d133..726c37a 100644 --- a/src/Daemon/CommLayerServerDBus.cpp +++ b/src/Daemon/CommLayerServerDBus.cpp @@ -729,7 +729,8 @@ static int handle_SetSettings(DBusMessage* call, DBusMessage* reply) return -1; } - SetSettings(param1); + const char * sender = dbus_message_get_sender(call); + SetSettings(param1, sender); send_flush_and_unref(reply); return 0; diff --git a/src/Daemon/Settings.cpp b/src/Daemon/Settings.cpp index 086c18a..0eea2bd 100644 --- a/src/Daemon/Settings.cpp +++ b/src/Daemon/Settings.cpp @@ -1,6 +1,7 @@ #include "Settings.h" #include "abrtlib.h" #include "abrt_types.h" +#include "Polkit.h" #include <fstream> #define SECTION_COMMON "Common" @@ -424,9 +425,22 @@ void SaveSettings() } /* dbus call to change some .conf file data */ -void SetSettings(const map_abrt_settings_t& pSettings) +void SetSettings(const map_abrt_settings_t& pSettings, const char * dbus_sender) { bool dirty = false; + int polkit_result; + + if(( polkit_result = polkit_check_authorization(dbus_sender, + "org.fedoraproject.abrt.save-settings")) != PolkitYes) + { + log("user %s not authorized, returned %d", dbus_sender, + polkit_result ); + return; + } else + { + log("user %s succesfully authorized", dbus_sender); + } + map_abrt_settings_t::const_iterator it = pSettings.find(SECTION_COMMON); map_abrt_settings_t::const_iterator end = pSettings.end(); if (it != end) diff --git a/src/Daemon/Settings.h b/src/Daemon/Settings.h index 0ce19fc..9ee9370 100644 --- a/src/Daemon/Settings.h +++ b/src/Daemon/Settings.h @@ -19,7 +19,7 @@ extern map_analyzer_actions_and_reporters_t g_settings_mapAnalyzerActionsAndRepo void LoadSettings(); void SaveSettings(); -void SetSettings(const map_abrt_settings_t& pSettings); +void SetSettings(const map_abrt_settings_t& pSettings, const char * dbus_sender); map_abrt_settings_t GetSettings(); #endif diff --git a/src/Daemon/org.fedoraproject.abrt.policy b/src/Daemon/org.fedoraproject.abrt.policy index 27b2127..9cf16a6 100644 --- a/src/Daemon/org.fedoraproject.abrt.policy +++ b/src/Daemon/org.fedoraproject.abrt.policy @@ -18,6 +18,8 @@ Copyright (c) 2009 Red Hat inc. <message>Saving global settings requires authentication</message> <defaults> <allow_any>auth_admin</allow_any> + <allow_active>auth_admin</allow_active> + <allow_inactive>auth_admin</allow_inactive> </defaults> </action> |