mirror of
https://github.com/systemd/systemd-stable.git
synced 2024-12-22 13:33:56 +03:00
Merge pull request #13457 from keszybz/resolved-issue
This commit is contained in:
commit
d93d10c3d1
@ -1354,8 +1354,7 @@ _public_ int sd_bus_open_user_with_description(sd_bus **ret, const char *descrip
|
||||
b->bus_client = true;
|
||||
b->is_user = true;
|
||||
|
||||
/* We don't do any per-method access control on the user
|
||||
* bus. */
|
||||
/* We don't do any per-method access control on the user bus. */
|
||||
b->trusted = true;
|
||||
b->is_local = true;
|
||||
|
||||
|
@ -19,9 +19,24 @@
|
||||
|
||||
#define DEFAULT_BUS_PATH "unix:path=/run/dbus/system_bus_socket"
|
||||
|
||||
static struct context c = {};
|
||||
static int happy_finder_object = 0;
|
||||
|
||||
static int happy_finder(sd_bus *bus, const char *path, const char *interface, void *userdata, void **found, sd_bus_error *error) {
|
||||
assert(userdata);
|
||||
assert(userdata == &c);
|
||||
|
||||
#ifndef __cplusplus
|
||||
log_info("%s called", __func__);
|
||||
#endif
|
||||
|
||||
happy_finder_object++;
|
||||
*found = &happy_finder_object;
|
||||
return 1; /* found */
|
||||
}
|
||||
|
||||
static void test_vtable(void) {
|
||||
sd_bus *bus = NULL;
|
||||
struct context c = {};
|
||||
int r;
|
||||
|
||||
assert(sd_bus_new(&bus) >= 0);
|
||||
@ -32,16 +47,23 @@ static void test_vtable(void) {
|
||||
assert(sd_bus_add_object_vtable(bus, NULL, "/foo", "org.freedesktop.systemd.testVtable221",
|
||||
(const sd_bus_vtable *)vtable_format_221, &c) >= 0);
|
||||
|
||||
assert(sd_bus_add_fallback_vtable(bus, NULL, "/fallback", "org.freedesktop.systemd.testVtable2", test_vtable_2, happy_finder, &c) >= 0);
|
||||
|
||||
assert(sd_bus_set_address(bus, DEFAULT_BUS_PATH) >= 0);
|
||||
r = sd_bus_start(bus);
|
||||
assert(r == 0 || /* success */
|
||||
r == -ENOENT /* dbus is inactive */ );
|
||||
|
||||
#ifndef __cplusplus
|
||||
_cleanup_free_ char *s = NULL;
|
||||
_cleanup_free_ char *s, *s2;
|
||||
|
||||
assert_se(introspect_path(bus, "/foo", NULL, false, true, NULL, &s, NULL) == 1);
|
||||
fputs(s, stdout);
|
||||
|
||||
assert_se(introspect_path(bus, "/fallback", NULL, false, true, NULL, &s2, NULL) == 1);
|
||||
fputs(s2, stdout);
|
||||
|
||||
assert_se(happy_finder_object == 1);
|
||||
#endif
|
||||
|
||||
sd_bus_unref(bus);
|
||||
|
@ -42,7 +42,7 @@ static const sd_bus_vtable test_vtable_1[] = {
|
||||
|
||||
static const sd_bus_vtable test_vtable_2[] = {
|
||||
SD_BUS_VTABLE_START(0),
|
||||
SD_BUS_METHOD("AlterSomething", "s", "s", handler, 0),
|
||||
SD_BUS_METHOD("AlterSomething", "s", "s", handler, SD_BUS_VTABLE_UNPRIVILEGED),
|
||||
SD_BUS_METHOD("Exit", "", "", handler, 0),
|
||||
SD_BUS_METHOD_WITH_OFFSET("AlterSomething2", "s", "s", handler, 200, 0),
|
||||
SD_BUS_METHOD_WITH_OFFSET("Exit2", "", "", handler, 200, 0),
|
||||
|
@ -40,4 +40,103 @@
|
||||
<annotate key="org.freedesktop.policykit.owner">unix-user:systemd-resolve</annotate>
|
||||
</action>
|
||||
|
||||
<action id="org.freedesktop.resolve1.set-dns-servers">
|
||||
<description gettext-domain="systemd">Set DNS servers</description>
|
||||
<message gettext-domain="systemd">Authentication is required to set DNS servers.</message>
|
||||
<defaults>
|
||||
<allow_any>auth_admin</allow_any>
|
||||
<allow_inactive>auth_admin</allow_inactive>
|
||||
<allow_active>auth_admin_keep</allow_active>
|
||||
</defaults>
|
||||
<annotate key="org.freedesktop.policykit.owner">unix-user:systemd-resolve</annotate>
|
||||
</action>
|
||||
|
||||
<action id="org.freedesktop.resolve1.set-domains">
|
||||
<description gettext-domain="systemd">Set domains</description>
|
||||
<message gettext-domain="systemd">Authentication is required to set domains.</message>
|
||||
<defaults>
|
||||
<allow_any>auth_admin</allow_any>
|
||||
<allow_inactive>auth_admin</allow_inactive>
|
||||
<allow_active>auth_admin_keep</allow_active>
|
||||
</defaults>
|
||||
<annotate key="org.freedesktop.policykit.owner">unix-user:systemd-resolve</annotate>
|
||||
</action>
|
||||
|
||||
<action id="org.freedesktop.resolve1.set-default-route">
|
||||
<description gettext-domain="systemd">Set default route</description>
|
||||
<message gettext-domain="systemd">Authentication is required to set default route.</message>
|
||||
<defaults>
|
||||
<allow_any>auth_admin</allow_any>
|
||||
<allow_inactive>auth_admin</allow_inactive>
|
||||
<allow_active>auth_admin_keep</allow_active>
|
||||
</defaults>
|
||||
<annotate key="org.freedesktop.policykit.owner">unix-user:systemd-resolve</annotate>
|
||||
</action>
|
||||
|
||||
<action id="org.freedesktop.resolve1.set-llmnr">
|
||||
<description gettext-domain="systemd">Enable/disable LLMNR</description>
|
||||
<message gettext-domain="systemd">Authentication is required to enable or disable LLMNR.</message>
|
||||
<defaults>
|
||||
<allow_any>auth_admin</allow_any>
|
||||
<allow_inactive>auth_admin</allow_inactive>
|
||||
<allow_active>auth_admin_keep</allow_active>
|
||||
</defaults>
|
||||
<annotate key="org.freedesktop.policykit.owner">unix-user:systemd-resolve</annotate>
|
||||
</action>
|
||||
|
||||
<action id="org.freedesktop.resolve1.set-mdns">
|
||||
<description gettext-domain="systemd">Enable/disable multicast DNS</description>
|
||||
<message gettext-domain="systemd">Authentication is required to enable or disable multicast DNS.</message>
|
||||
<defaults>
|
||||
<allow_any>auth_admin</allow_any>
|
||||
<allow_inactive>auth_admin</allow_inactive>
|
||||
<allow_active>auth_admin_keep</allow_active>
|
||||
</defaults>
|
||||
<annotate key="org.freedesktop.policykit.owner">unix-user:systemd-resolve</annotate>
|
||||
</action>
|
||||
|
||||
<action id="org.freedesktop.resolve1.set-dns-over-tls">
|
||||
<description gettext-domain="systemd">Enable/disable DNS over TLS</description>
|
||||
<message gettext-domain="systemd">Authentication is required to enable or disable DNS over TLS.</message>
|
||||
<defaults>
|
||||
<allow_any>auth_admin</allow_any>
|
||||
<allow_inactive>auth_admin</allow_inactive>
|
||||
<allow_active>auth_admin_keep</allow_active>
|
||||
</defaults>
|
||||
<annotate key="org.freedesktop.policykit.owner">unix-user:systemd-resolve</annotate>
|
||||
</action>
|
||||
|
||||
<action id="org.freedesktop.resolve1.set-dnssec">
|
||||
<description gettext-domain="systemd">Enable/disable DNSSEC</description>
|
||||
<message gettext-domain="systemd">Authentication is required to enable or disable DNSSEC.</message>
|
||||
<defaults>
|
||||
<allow_any>auth_admin</allow_any>
|
||||
<allow_inactive>auth_admin</allow_inactive>
|
||||
<allow_active>auth_admin_keep</allow_active>
|
||||
</defaults>
|
||||
<annotate key="org.freedesktop.policykit.owner">unix-user:systemd-resolve</annotate>
|
||||
</action>
|
||||
|
||||
<action id="org.freedesktop.resolve1.set-dnssec-negative-trust-anchors">
|
||||
<description gettext-domain="systemd">Set DNSSEC Negative Trust Anchors</description>
|
||||
<message gettext-domain="systemd">Authentication is required to set DNSSEC Negative Trust Anchros.</message>
|
||||
<defaults>
|
||||
<allow_any>auth_admin</allow_any>
|
||||
<allow_inactive>auth_admin</allow_inactive>
|
||||
<allow_active>auth_admin_keep</allow_active>
|
||||
</defaults>
|
||||
<annotate key="org.freedesktop.policykit.owner">unix-user:systemd-resolve</annotate>
|
||||
</action>
|
||||
|
||||
<action id="org.freedesktop.resolve1.revert">
|
||||
<description gettext-domain="systemd">Revert name resolution settings</description>
|
||||
<message gettext-domain="systemd">Authentication is required to revert name resolution settings.</message>
|
||||
<defaults>
|
||||
<allow_any>auth_admin</allow_any>
|
||||
<allow_inactive>auth_admin</allow_inactive>
|
||||
<allow_active>auth_admin_keep</allow_active>
|
||||
</defaults>
|
||||
<annotate key="org.freedesktop.policykit.owner">unix-user:systemd-resolve</annotate>
|
||||
</action>
|
||||
|
||||
</policyconfig>
|
||||
|
@ -1638,15 +1638,6 @@ static int bus_method_register_service(sd_bus_message *message, void *userdata,
|
||||
if (m->mdns_support != RESOLVE_SUPPORT_YES)
|
||||
return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, "Support for MulticastDNS is disabled");
|
||||
|
||||
r = bus_verify_polkit_async(message, CAP_SYS_ADMIN,
|
||||
"org.freedesktop.resolve1.register-service",
|
||||
NULL, false, UID_INVALID,
|
||||
&m->polkit_registry, error);
|
||||
if (r < 0)
|
||||
return r;
|
||||
if (r == 0)
|
||||
return 1; /* Polkit will call us back */
|
||||
|
||||
service = new0(DnssdService, 1);
|
||||
if (!service)
|
||||
return log_oom();
|
||||
@ -1771,6 +1762,15 @@ static int bus_method_register_service(sd_bus_message *message, void *userdata,
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
r = bus_verify_polkit_async(message, CAP_SYS_ADMIN,
|
||||
"org.freedesktop.resolve1.register-service",
|
||||
NULL, false, UID_INVALID,
|
||||
&m->polkit_registry, error);
|
||||
if (r < 0)
|
||||
return r;
|
||||
if (r == 0)
|
||||
return 1; /* Polkit will call us back */
|
||||
|
||||
r = hashmap_ensure_allocated(&m->dnssd_services, &string_hash_ops);
|
||||
if (r < 0)
|
||||
return r;
|
||||
@ -1854,19 +1854,19 @@ static const sd_bus_vtable resolve_vtable[] = {
|
||||
SD_BUS_METHOD("ResolveAddress", "iiayt", "a(is)t", bus_method_resolve_address, SD_BUS_VTABLE_UNPRIVILEGED),
|
||||
SD_BUS_METHOD("ResolveRecord", "isqqt", "a(iqqay)t", bus_method_resolve_record, SD_BUS_VTABLE_UNPRIVILEGED),
|
||||
SD_BUS_METHOD("ResolveService", "isssit", "a(qqqsa(iiay)s)aayssst", bus_method_resolve_service, SD_BUS_VTABLE_UNPRIVILEGED),
|
||||
SD_BUS_METHOD("ResetStatistics", NULL, NULL, bus_method_reset_statistics, 0),
|
||||
SD_BUS_METHOD("FlushCaches", NULL, NULL, bus_method_flush_caches, 0),
|
||||
SD_BUS_METHOD("ResetServerFeatures", NULL, NULL, bus_method_reset_server_features, 0),
|
||||
SD_BUS_METHOD("ResetStatistics", NULL, NULL, bus_method_reset_statistics, SD_BUS_VTABLE_UNPRIVILEGED),
|
||||
SD_BUS_METHOD("FlushCaches", NULL, NULL, bus_method_flush_caches, SD_BUS_VTABLE_UNPRIVILEGED),
|
||||
SD_BUS_METHOD("ResetServerFeatures", NULL, NULL, bus_method_reset_server_features, SD_BUS_VTABLE_UNPRIVILEGED),
|
||||
SD_BUS_METHOD("GetLink", "i", "o", bus_method_get_link, SD_BUS_VTABLE_UNPRIVILEGED),
|
||||
SD_BUS_METHOD("SetLinkDNS", "ia(iay)", NULL, bus_method_set_link_dns_servers, 0),
|
||||
SD_BUS_METHOD("SetLinkDomains", "ia(sb)", NULL, bus_method_set_link_domains, 0),
|
||||
SD_BUS_METHOD("SetLinkDefaultRoute", "ib", NULL, bus_method_set_link_default_route, 0),
|
||||
SD_BUS_METHOD("SetLinkLLMNR", "is", NULL, bus_method_set_link_llmnr, 0),
|
||||
SD_BUS_METHOD("SetLinkMulticastDNS", "is", NULL, bus_method_set_link_mdns, 0),
|
||||
SD_BUS_METHOD("SetLinkDNSOverTLS", "is", NULL, bus_method_set_link_dns_over_tls, 0),
|
||||
SD_BUS_METHOD("SetLinkDNSSEC", "is", NULL, bus_method_set_link_dnssec, 0),
|
||||
SD_BUS_METHOD("SetLinkDNSSECNegativeTrustAnchors", "ias", NULL, bus_method_set_link_dnssec_negative_trust_anchors, 0),
|
||||
SD_BUS_METHOD("RevertLink", "i", NULL, bus_method_revert_link, 0),
|
||||
SD_BUS_METHOD("SetLinkDNS", "ia(iay)", NULL, bus_method_set_link_dns_servers, SD_BUS_VTABLE_UNPRIVILEGED),
|
||||
SD_BUS_METHOD("SetLinkDomains", "ia(sb)", NULL, bus_method_set_link_domains, SD_BUS_VTABLE_UNPRIVILEGED),
|
||||
SD_BUS_METHOD("SetLinkDefaultRoute", "ib", NULL, bus_method_set_link_default_route, SD_BUS_VTABLE_UNPRIVILEGED),
|
||||
SD_BUS_METHOD("SetLinkLLMNR", "is", NULL, bus_method_set_link_llmnr, SD_BUS_VTABLE_UNPRIVILEGED),
|
||||
SD_BUS_METHOD("SetLinkMulticastDNS", "is", NULL, bus_method_set_link_mdns, SD_BUS_VTABLE_UNPRIVILEGED),
|
||||
SD_BUS_METHOD("SetLinkDNSOverTLS", "is", NULL, bus_method_set_link_dns_over_tls, SD_BUS_VTABLE_UNPRIVILEGED),
|
||||
SD_BUS_METHOD("SetLinkDNSSEC", "is", NULL, bus_method_set_link_dnssec, SD_BUS_VTABLE_UNPRIVILEGED),
|
||||
SD_BUS_METHOD("SetLinkDNSSECNegativeTrustAnchors", "ias", NULL, bus_method_set_link_dnssec_negative_trust_anchors, SD_BUS_VTABLE_UNPRIVILEGED),
|
||||
SD_BUS_METHOD("RevertLink", "i", NULL, bus_method_revert_link, SD_BUS_VTABLE_UNPRIVILEGED),
|
||||
|
||||
SD_BUS_METHOD("RegisterService", "sssqqqaa{say}", "o", bus_method_register_service, SD_BUS_VTABLE_UNPRIVILEGED),
|
||||
SD_BUS_METHOD("UnregisterService", "o", NULL, bus_method_unregister_service, SD_BUS_VTABLE_UNPRIVILEGED),
|
||||
|
@ -1,6 +1,8 @@
|
||||
/* SPDX-License-Identifier: LGPL-2.1+ */
|
||||
|
||||
#include <net/if.h>
|
||||
#include <netinet/in.h>
|
||||
#include <sys/capability.h>
|
||||
|
||||
#include "alloc-util.h"
|
||||
#include "bus-common-errors.h"
|
||||
@ -11,6 +13,7 @@
|
||||
#include "resolved-link-bus.h"
|
||||
#include "resolved-resolv-conf.h"
|
||||
#include "strv.h"
|
||||
#include "user-util.h"
|
||||
|
||||
static BUS_DEFINE_PROPERTY_GET(property_get_dnssec_supported, "b", Link, link_dnssec_supported);
|
||||
static BUS_DEFINE_PROPERTY_GET2(property_get_dnssec_mode, "s", Link, link_get_dnssec_mode, dnssec_mode_to_string);
|
||||
@ -262,6 +265,15 @@ int bus_link_method_set_dns_servers(sd_bus_message *message, void *userdata, sd_
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
r = bus_verify_polkit_async(message, CAP_NET_ADMIN,
|
||||
"org.freedesktop.resolve1.set-dns-servers",
|
||||
NULL, true, UID_INVALID,
|
||||
&l->manager->polkit_registry, error);
|
||||
if (r < 0)
|
||||
return r;
|
||||
if (r == 0)
|
||||
return 1; /* Polkit will call us back */
|
||||
|
||||
dns_server_mark_all(l->dns_servers);
|
||||
|
||||
for (i = 0; i < n; i++) {
|
||||
@ -325,12 +337,21 @@ int bus_link_method_set_domains(sd_bus_message *message, void *userdata, sd_bus_
|
||||
return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Root domain is not suitable as search domain");
|
||||
}
|
||||
|
||||
dns_search_domain_mark_all(l->search_domains);
|
||||
|
||||
r = sd_bus_message_rewind(message, false);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
r = bus_verify_polkit_async(message, CAP_NET_ADMIN,
|
||||
"org.freedesktop.resolve1.set-domains",
|
||||
NULL, true, UID_INVALID,
|
||||
&l->manager->polkit_registry, error);
|
||||
if (r < 0)
|
||||
return r;
|
||||
if (r == 0)
|
||||
return 1; /* Polkit will call us back */
|
||||
|
||||
dns_search_domain_mark_all(l->search_domains);
|
||||
|
||||
for (;;) {
|
||||
DnsSearchDomain *d;
|
||||
const char *name;
|
||||
@ -388,6 +409,15 @@ int bus_link_method_set_default_route(sd_bus_message *message, void *userdata, s
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
r = bus_verify_polkit_async(message, CAP_NET_ADMIN,
|
||||
"org.freedesktop.resolve1.set-default-route",
|
||||
NULL, true, UID_INVALID,
|
||||
&l->manager->polkit_registry, error);
|
||||
if (r < 0)
|
||||
return r;
|
||||
if (r == 0)
|
||||
return 1; /* Polkit will call us back */
|
||||
|
||||
if (l->default_route != b) {
|
||||
l->default_route = b;
|
||||
|
||||
@ -423,6 +453,15 @@ int bus_link_method_set_llmnr(sd_bus_message *message, void *userdata, sd_bus_er
|
||||
return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid LLMNR setting: %s", llmnr);
|
||||
}
|
||||
|
||||
r = bus_verify_polkit_async(message, CAP_NET_ADMIN,
|
||||
"org.freedesktop.resolve1.set-llmnr",
|
||||
NULL, true, UID_INVALID,
|
||||
&l->manager->polkit_registry, error);
|
||||
if (r < 0)
|
||||
return r;
|
||||
if (r == 0)
|
||||
return 1; /* Polkit will call us back */
|
||||
|
||||
l->llmnr_support = mode;
|
||||
link_allocate_scopes(l);
|
||||
link_add_rrs(l, false);
|
||||
@ -457,6 +496,15 @@ int bus_link_method_set_mdns(sd_bus_message *message, void *userdata, sd_bus_err
|
||||
return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid MulticastDNS setting: %s", mdns);
|
||||
}
|
||||
|
||||
r = bus_verify_polkit_async(message, CAP_NET_ADMIN,
|
||||
"org.freedesktop.resolve1.set-mdns",
|
||||
NULL, true, UID_INVALID,
|
||||
&l->manager->polkit_registry, error);
|
||||
if (r < 0)
|
||||
return r;
|
||||
if (r == 0)
|
||||
return 1; /* Polkit will call us back */
|
||||
|
||||
l->mdns_support = mode;
|
||||
link_allocate_scopes(l);
|
||||
link_add_rrs(l, false);
|
||||
@ -491,6 +539,15 @@ int bus_link_method_set_dns_over_tls(sd_bus_message *message, void *userdata, sd
|
||||
return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid DNSOverTLS setting: %s", dns_over_tls);
|
||||
}
|
||||
|
||||
r = bus_verify_polkit_async(message, CAP_NET_ADMIN,
|
||||
"org.freedesktop.resolve1.set-dns-over-tls",
|
||||
NULL, true, UID_INVALID,
|
||||
&l->manager->polkit_registry, error);
|
||||
if (r < 0)
|
||||
return r;
|
||||
if (r == 0)
|
||||
return 1; /* Polkit will call us back */
|
||||
|
||||
link_set_dns_over_tls_mode(l, mode);
|
||||
|
||||
(void) link_save_user(l);
|
||||
@ -523,6 +580,15 @@ int bus_link_method_set_dnssec(sd_bus_message *message, void *userdata, sd_bus_e
|
||||
return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid DNSSEC setting: %s", dnssec);
|
||||
}
|
||||
|
||||
r = bus_verify_polkit_async(message, CAP_NET_ADMIN,
|
||||
"org.freedesktop.resolve1.set-dnssec",
|
||||
NULL, true, UID_INVALID,
|
||||
&l->manager->polkit_registry, error);
|
||||
if (r < 0)
|
||||
return r;
|
||||
if (r == 0)
|
||||
return 1; /* Polkit will call us back */
|
||||
|
||||
link_set_dnssec_mode(l, mode);
|
||||
|
||||
(void) link_save_user(l);
|
||||
@ -544,6 +610,10 @@ int bus_link_method_set_dnssec_negative_trust_anchors(sd_bus_message *message, v
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
ns = set_new(&dns_name_hash_ops);
|
||||
if (!ns)
|
||||
return -ENOMEM;
|
||||
|
||||
r = sd_bus_message_read_strv(message, &ntas);
|
||||
if (r < 0)
|
||||
return r;
|
||||
@ -553,19 +623,23 @@ int bus_link_method_set_dnssec_negative_trust_anchors(sd_bus_message *message, v
|
||||
if (r < 0)
|
||||
return r;
|
||||
if (r == 0)
|
||||
return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid negative trust anchor domain: %s", *i);
|
||||
}
|
||||
return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS,
|
||||
"Invalid negative trust anchor domain: %s", *i);
|
||||
|
||||
ns = set_new(&dns_name_hash_ops);
|
||||
if (!ns)
|
||||
return -ENOMEM;
|
||||
|
||||
STRV_FOREACH(i, ntas) {
|
||||
r = set_put_strdup(ns, *i);
|
||||
if (r < 0)
|
||||
return r;
|
||||
}
|
||||
|
||||
r = bus_verify_polkit_async(message, CAP_NET_ADMIN,
|
||||
"org.freedesktop.resolve1.set-dnssec-negative-trust-anchors",
|
||||
NULL, true, UID_INVALID,
|
||||
&l->manager->polkit_registry, error);
|
||||
if (r < 0)
|
||||
return r;
|
||||
if (r == 0)
|
||||
return 1; /* Polkit will call us back */
|
||||
|
||||
set_free_free(l->dnssec_negative_trust_anchors);
|
||||
l->dnssec_negative_trust_anchors = TAKE_PTR(ns);
|
||||
|
||||
@ -585,6 +659,15 @@ int bus_link_method_revert(sd_bus_message *message, void *userdata, sd_bus_error
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
r = bus_verify_polkit_async(message, CAP_NET_ADMIN,
|
||||
"org.freedesktop.resolve1.revert",
|
||||
NULL, true, UID_INVALID,
|
||||
&l->manager->polkit_registry, error);
|
||||
if (r < 0)
|
||||
return r;
|
||||
if (r == 0)
|
||||
return 1; /* Polkit will call us back */
|
||||
|
||||
link_flush_settings(l);
|
||||
link_allocate_scopes(l);
|
||||
link_add_rrs(l, false);
|
||||
@ -610,15 +693,15 @@ const sd_bus_vtable link_vtable[] = {
|
||||
SD_BUS_PROPERTY("DNSSECNegativeTrustAnchors", "as", property_get_ntas, 0, 0),
|
||||
SD_BUS_PROPERTY("DNSSECSupported", "b", property_get_dnssec_supported, 0, 0),
|
||||
|
||||
SD_BUS_METHOD("SetDNS", "a(iay)", NULL, bus_link_method_set_dns_servers, 0),
|
||||
SD_BUS_METHOD("SetDomains", "a(sb)", NULL, bus_link_method_set_domains, 0),
|
||||
SD_BUS_METHOD("SetDefaultRoute", "b", NULL, bus_link_method_set_default_route, 0),
|
||||
SD_BUS_METHOD("SetLLMNR", "s", NULL, bus_link_method_set_llmnr, 0),
|
||||
SD_BUS_METHOD("SetMulticastDNS", "s", NULL, bus_link_method_set_mdns, 0),
|
||||
SD_BUS_METHOD("SetDNSOverTLS", "s", NULL, bus_link_method_set_dns_over_tls, 0),
|
||||
SD_BUS_METHOD("SetDNSSEC", "s", NULL, bus_link_method_set_dnssec, 0),
|
||||
SD_BUS_METHOD("SetDNSSECNegativeTrustAnchors", "as", NULL, bus_link_method_set_dnssec_negative_trust_anchors, 0),
|
||||
SD_BUS_METHOD("Revert", NULL, NULL, bus_link_method_revert, 0),
|
||||
SD_BUS_METHOD("SetDNS", "a(iay)", NULL, bus_link_method_set_dns_servers, SD_BUS_VTABLE_UNPRIVILEGED),
|
||||
SD_BUS_METHOD("SetDomains", "a(sb)", NULL, bus_link_method_set_domains, SD_BUS_VTABLE_UNPRIVILEGED),
|
||||
SD_BUS_METHOD("SetDefaultRoute", "b", NULL, bus_link_method_set_default_route, SD_BUS_VTABLE_UNPRIVILEGED),
|
||||
SD_BUS_METHOD("SetLLMNR", "s", NULL, bus_link_method_set_llmnr, SD_BUS_VTABLE_UNPRIVILEGED),
|
||||
SD_BUS_METHOD("SetMulticastDNS", "s", NULL, bus_link_method_set_mdns, SD_BUS_VTABLE_UNPRIVILEGED),
|
||||
SD_BUS_METHOD("SetDNSOverTLS", "s", NULL, bus_link_method_set_dns_over_tls, SD_BUS_VTABLE_UNPRIVILEGED),
|
||||
SD_BUS_METHOD("SetDNSSEC", "s", NULL, bus_link_method_set_dnssec, SD_BUS_VTABLE_UNPRIVILEGED),
|
||||
SD_BUS_METHOD("SetDNSSECNegativeTrustAnchors", "as", NULL, bus_link_method_set_dnssec_negative_trust_anchors, SD_BUS_VTABLE_UNPRIVILEGED),
|
||||
SD_BUS_METHOD("Revert", NULL, NULL, bus_link_method_revert, SD_BUS_VTABLE_UNPRIVILEGED),
|
||||
|
||||
SD_BUS_VTABLE_END
|
||||
};
|
||||
|
@ -1681,7 +1681,8 @@ int bus_open_system_watch_bind_with_description(sd_bus **ret, const char *descri
|
||||
|
||||
assert(ret);
|
||||
|
||||
/* Match like sd_bus_open_system(), but with the "watch_bind" feature and the Connected() signal turned on. */
|
||||
/* Match like sd_bus_open_system(), but with the "watch_bind" feature and the Connected() signal
|
||||
* turned on. */
|
||||
|
||||
r = sd_bus_new(&bus);
|
||||
if (r < 0)
|
||||
@ -1705,10 +1706,6 @@ int bus_open_system_watch_bind_with_description(sd_bus **ret, const char *descri
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
r = sd_bus_set_trusted(bus, true);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
r = sd_bus_negotiate_creds(bus, true, SD_BUS_CREDS_UID|SD_BUS_CREDS_EUID|SD_BUS_CREDS_EFFECTIVE_CAPS);
|
||||
if (r < 0)
|
||||
return r;
|
||||
@ -1737,8 +1734,8 @@ int bus_reply_pair_array(sd_bus_message *m, char **l) {
|
||||
|
||||
assert(m);
|
||||
|
||||
/* Reply to the specified message with a message containing a dictionary put together from the specified
|
||||
* strv */
|
||||
/* Reply to the specified message with a message containing a dictionary put together from the
|
||||
* specified strv */
|
||||
|
||||
r = sd_bus_message_new_method_return(m, &reply);
|
||||
if (r < 0)
|
||||
|
Loading…
Reference in New Issue
Block a user