Blame SOURCES/firewalld-0.4.3.2-CVE-2016-5410_rhbz#1359296.patch

dddd59
diff --git a/src/firewall/server/firewalld.py b/src/firewall/server/firewalld.py
dddd59
index 92da014..fd0b5ce 100644
dddd59
--- a/src/firewall/server/firewalld.py
dddd59
+++ b/src/firewall/server/firewalld.py
dddd59
@@ -60,10 +60,10 @@ class FirewallD(slip.dbus.service.Object):
dddd59
     """FirewallD main class"""
dddd59
 
dddd59
     persistent = True
dddd59
     """ Make FirewallD persistent. """
dddd59
-    default_polkit_auth_required = config.dbus.PK_ACTION_INFO
dddd59
-    """ Use config.dbus.PK_ACTION_INFO as a default """
dddd59
+    default_polkit_auth_required = config.dbus.PK_ACTION_CONFIG
dddd59
+    """ Use config.dbus.PK_ACTION_CONFIG as a default """
dddd59
 
dddd59
     @handle_exceptions
dddd59
     def __init__(self, *args, **kwargs):
dddd59
         super(FirewallD, self).__init__(*args, **kwargs)
dddd59
@@ -2127,8 +2127,9 @@ class FirewallD(slip.dbus.service.Object):
dddd59
             raise
dddd59
 
dddd59
     # DIRECT PASSTHROUGH (tracked)
dddd59
 
dddd59
+    @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_DIRECT)
dddd59
     @dbus_service_method(config.dbus.DBUS_INTERFACE_DIRECT, in_signature='sas',
dddd59
                          out_signature='')
dddd59
     @dbus_handle_exceptions
dddd59
     def addPassthrough(self, ipv, args, sender=None):
dddd59
@@ -2140,8 +2141,9 @@ class FirewallD(slip.dbus.service.Object):
dddd59
         self.accessCheck(sender)
dddd59
         self.fw.direct.add_passthrough(ipv, args)
dddd59
         self.PassthroughAdded(ipv, args)
dddd59
 
dddd59
+    @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_DIRECT)
dddd59
     @dbus_service_method(config.dbus.DBUS_INTERFACE_DIRECT, in_signature='sas',
dddd59
                          out_signature='')
dddd59
     @dbus_handle_exceptions
dddd59
     def removePassthrough(self, ipv, args, sender=None):
dddd59
@@ -2255,8 +2257,9 @@ class FirewallD(slip.dbus.service.Object):
dddd59
         return self.fw.ipset.get_ipset(ipset).export_config()
dddd59
 
dddd59
     # set entries # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
dddd59
 
dddd59
+    @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_CONFIG)
dddd59
     @dbus_service_method(config.dbus.DBUS_INTERFACE_IPSET, in_signature='ss',
dddd59
                          out_signature='')
dddd59
     @dbus_handle_exceptions
dddd59
     def addEntry(self, ipset, entry, sender=None):
dddd59
@@ -2267,8 +2270,9 @@ class FirewallD(slip.dbus.service.Object):
dddd59
         self.accessCheck(sender)
dddd59
         self.fw.ipset.add_entry(ipset, entry)
dddd59
         self.EntryAdded(ipset, entry)
dddd59
 
dddd59
+    @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_CONFIG)
dddd59
     @dbus_service_method(config.dbus.DBUS_INTERFACE_IPSET, in_signature='ss',
dddd59
                          out_signature='')
dddd59
     @dbus_handle_exceptions
dddd59
     def removeEntry(self, ipset, entry, sender=None):
dddd59
@@ -2300,9 +2304,9 @@ class FirewallD(slip.dbus.service.Object):
dddd59
         ipset = dbus_to_python(ipset)
dddd59
         log.debug1("ipset.getEntries('%s')" % ipset)
dddd59
         return self.fw.ipset.get_entries(ipset)
dddd59
 
dddd59
-    @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_INFO)
dddd59
+    @slip.dbus.polkit.require_auth(config.dbus.PK_ACTION_CONFIG)
dddd59
     @dbus_service_method(config.dbus.DBUS_INTERFACE_IPSET, in_signature='sas')
dddd59
     @dbus_handle_exceptions
dddd59
     def setEntries(self, ipset, entries, sender=None): # pylint: disable=W0613
dddd59
         # returns list of added entries for the ipset