|
 |
dddd59 |
diff --git a/src/firewall/server/firewalld.py b/src/firewall/server/firewalld.py
|
|
|
dddd59 |
index 92da014..fd0b5ce 100644
|
|
|
dddd59 |
--- a/src/firewall/server/firewalld.py
|
|
|
dddd59 |
+++ b/src/firewall/server/firewalld.py
|
|
|
dddd59 |
@@ -60,10 +60,10 @@ class FirewallD(slip.dbus.service.Object):
|
|
|
dddd59 |
"""FirewallD main class"""
|
|
|
dddd59 |
|
|
|
dddd59 |
persistent = True
|
|
|
dddd59 |
""" Make FirewallD persistent. """
|
|
|
dddd59 |
- default_polkit_auth_required = config.dbus.PK_ACTION_INFO
|
|
|
dddd59 |
- """ Use config.dbus.PK_ACTION_INFO as a default """
|
|
|
dddd59 |
+ default_polkit_auth_required = config.dbus.PK_ACTION_CONFIG
|
|
|
dddd59 |
+ """ Use config.dbus.PK_ACTION_CONFIG as a default """
|
|
|
dddd59 |
|
|
|
dddd59 |
@handle_exceptions
|
|
|
dddd59 |
def __init__(self, *args, **kwargs):
|
|
|
dddd59 |
super(FirewallD, self).__init__(*args, **kwargs)
|
|
|
dddd59 |
@@ -2127,8 +2127,9 @@ class FirewallD(slip.dbus.service.Object):
|
|
|
dddd59 |
raise
|
|
|
dddd59 |
|
|
|
dddd59 |
# DIRECT PASSTHROUGH (tracked)
|
|
|
dddd59 |
|
|
|
dddd59 |
+ @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_DIRECT)
|
|
|
dddd59 |
@dbus_service_method(config.dbus.DBUS_INTERFACE_DIRECT, in_signature='sas',
|
|
|
dddd59 |
out_signature='')
|
|
|
dddd59 |
@dbus_handle_exceptions
|
|
|
dddd59 |
def addPassthrough(self, ipv, args, sender=None):
|
|
|
dddd59 |
@@ -2140,8 +2141,9 @@ class FirewallD(slip.dbus.service.Object):
|
|
|
dddd59 |
self.accessCheck(sender)
|
|
|
dddd59 |
self.fw.direct.add_passthrough(ipv, args)
|
|
|
dddd59 |
self.PassthroughAdded(ipv, args)
|
|
|
dddd59 |
|
|
|
dddd59 |
+ @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_DIRECT)
|
|
|
dddd59 |
@dbus_service_method(config.dbus.DBUS_INTERFACE_DIRECT, in_signature='sas',
|
|
|
dddd59 |
out_signature='')
|
|
|
dddd59 |
@dbus_handle_exceptions
|
|
|
dddd59 |
def removePassthrough(self, ipv, args, sender=None):
|
|
|
dddd59 |
@@ -2255,8 +2257,9 @@ class FirewallD(slip.dbus.service.Object):
|
|
|
dddd59 |
return self.fw.ipset.get_ipset(ipset).export_config()
|
|
|
dddd59 |
|
|
|
dddd59 |
# set entries # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
|
|
|
dddd59 |
|
|
|
dddd59 |
+ @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_CONFIG)
|
|
|
dddd59 |
@dbus_service_method(config.dbus.DBUS_INTERFACE_IPSET, in_signature='ss',
|
|
|
dddd59 |
out_signature='')
|
|
|
dddd59 |
@dbus_handle_exceptions
|
|
|
dddd59 |
def addEntry(self, ipset, entry, sender=None):
|
|
|
dddd59 |
@@ -2267,8 +2270,9 @@ class FirewallD(slip.dbus.service.Object):
|
|
|
dddd59 |
self.accessCheck(sender)
|
|
|
dddd59 |
self.fw.ipset.add_entry(ipset, entry)
|
|
|
dddd59 |
self.EntryAdded(ipset, entry)
|
|
|
dddd59 |
|
|
|
dddd59 |
+ @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_CONFIG)
|
|
|
dddd59 |
@dbus_service_method(config.dbus.DBUS_INTERFACE_IPSET, in_signature='ss',
|
|
|
dddd59 |
out_signature='')
|
|
|
dddd59 |
@dbus_handle_exceptions
|
|
|
dddd59 |
def removeEntry(self, ipset, entry, sender=None):
|
|
|
dddd59 |
@@ -2300,9 +2304,9 @@ class FirewallD(slip.dbus.service.Object):
|
|
|
dddd59 |
ipset = dbus_to_python(ipset)
|
|
|
dddd59 |
log.debug1("ipset.getEntries('%s')" % ipset)
|
|
|
dddd59 |
return self.fw.ipset.get_entries(ipset)
|
|
|
dddd59 |
|
|
|
dddd59 |
- @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_INFO)
|
|
|
dddd59 |
+ @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_CONFIG)
|
|
|
dddd59 |
@dbus_service_method(config.dbus.DBUS_INTERFACE_IPSET, in_signature='sas')
|
|
|
dddd59 |
@dbus_handle_exceptions
|
|
|
dddd59 |
def setEntries(self, ipset, entries, sender=None): # pylint: disable=W0613
|
|
|
dddd59 |
# returns list of added entries for the ipset
|