diff options
-rw-r--r-- | avahi-daemon/avahi-dbus.conf.in | 16 | ||||
-rw-r--r-- | configure.ac | 66 |
2 files changed, 47 insertions, 35 deletions
diff --git a/avahi-daemon/avahi-dbus.conf.in b/avahi-daemon/avahi-dbus.conf.in index 416c8dc..c570754 100644 --- a/avahi-daemon/avahi-dbus.conf.in +++ b/avahi-daemon/avahi-dbus.conf.in @@ -11,15 +11,17 @@ <allow own="org.freedesktop.Avahi"/> </policy> - <!-- Allow anyone to invoke methods on the Manager and Device interfaces --> + <!-- Allow anyone to invoke methods on Avahi server, except SetHostName --> <policy context="default"> - <allow send_interface="org.freedesktop.Avahi"/> + <allow send_destination="org.freedesktop.Avahi"/> + <allow receive_sender="org.freedesktop.Avahi"/> - <allow receive_interface="org.freedesktop.Avahi" - receive_sender="org.freedesktop.Avahi"/> + <deny send_interface="org.freedesktop.Avahi.Server" send_member="SetHostName"/> </policy> - <limit name="max_match_rules_per_connection">512</limit> - <limit name="max_connections_per_user">20</limit> - + <!-- Allow everything, including access to SetHostName to users of the group "netdev" --> + <policy group="@AVAHI_PRIV_ACCESS_GROUP@"> + <allow send_destination="org.freedesktop.Avahi"/> + <allow receive_sender="org.freedesktop.Avahi"/> + </policy> </busconfig> diff --git a/configure.ac b/configure.ac index deac981..ca6d431 100644 --- a/configure.ac +++ b/configure.ac @@ -21,7 +21,7 @@ # USA. AC_PREREQ(2.57) -AC_INIT([avahi],[0.6.12],[avahi (at) lists (dot) freedesktop (dot) org]) +AC_INIT([avahi],[0.6.13],[avahi (at) lists (dot) freedesktop (dot) org]) AC_CONFIG_SRCDIR([avahi-core/server.c]) AC_CONFIG_HEADERS([config.h]) AM_INIT_AUTOMAKE([foreign 1.9 -Wall]) @@ -680,6 +680,15 @@ fi AC_SUBST(AVAHI_GROUP) AC_DEFINE_UNQUOTED(AVAHI_GROUP,"$AVAHI_GROUP", [Group for Avahi]) +AC_ARG_WITH(avahi_priv_access_group,AS_HELP_STRING([--with-avahi-priv-access-group=<group>],[Priviliged access group for Avahi clients (netdev)])) +if test -z "$with_priv_access_group" ; then + AVAHI_PRIV_ACCESS_GROUP=netdev +else + AVAHI_PRIV_ACCESS_GROUP=$with_priv_access_group +fi +AC_SUBST(AVAHI_PRIV_ACCESS_GROUP) +AC_DEFINE_UNQUOTED(AVAHI_PRIV_ACCESS_GROUP,"$AVAHI_PRIV_ACCESS_GROUP", [Privileged access group for Avahi clients]) + # # Avahi runtime dir # @@ -842,33 +851,34 @@ AC_OUTPUT echo " ---{ $PACKAGE_NAME $VERSION }--- - prefix: ${prefix} - sysconfdir: ${sysconfdir} - localstatedir: ${localstatedir} - avahi socket: ${avahi_socket} - dbus-1 system.d dir: ${DBUS_SYS_DIR} - dbus-1 version: ${DBUS_VERSION} - dbus-1 system socket ${DBUS_SYSTEM_BUS_DEFAULT_ADDRESS} - compiler: ${CC} - cflags: ${CFLAGS} - Enable GLIB: ${HAVE_GLIB} - Enable GTK: ${HAVE_GTK} - Enable D-BUS: ${HAVE_DBUS} - Enable Expat: ${HAVE_EXPAT} - Enable GDBM: ${HAVE_GDBM} - Enable DBM: ${HAVE_DBM} - Enable libdaemon: ${HAVE_LIBDAEMON} - Enable Python: ${HAVE_PYTHON} - Enable pygtk: ${HAVE_PYGTK} - Enable python-dbus: ${HAVE_PYTHON_DBUS} - Enable QT3: ${HAVE_QT3} - Enable QT4: ${HAVE_QT4} - Enable Mono: ${HAVE_MONO} - Enable Monodoc: ${HAVE_MONODOC} - Distribution/OS: ${with_distro} - User for Avahi: ${AVAHI_USER} - Group for Avahi: ${AVAHI_GROUP} - Enable chroot(): ${enable_chroot} + prefix: ${prefix} + sysconfdir: ${sysconfdir} + localstatedir: ${localstatedir} + avahi socket: ${avahi_socket} + dbus-1 system.d dir: ${DBUS_SYS_DIR} + dbus-1 version: ${DBUS_VERSION} + dbus-1 system socket: ${DBUS_SYSTEM_BUS_DEFAULT_ADDRESS} + C Compiler: ${CC} + CFLAGS: ${CFLAGS} + Enable GLIB: ${HAVE_GLIB} + Enable GTK: ${HAVE_GTK} + Enable D-BUS: ${HAVE_DBUS} + Enable Expat: ${HAVE_EXPAT} + Enable GDBM: ${HAVE_GDBM} + Enable DBM: ${HAVE_DBM} + Enable libdaemon: ${HAVE_LIBDAEMON} + Enable Python: ${HAVE_PYTHON} + Enable pygtk: ${HAVE_PYGTK} + Enable python-dbus: ${HAVE_PYTHON_DBUS} + Enable QT3: ${HAVE_QT3} + Enable QT4: ${HAVE_QT4} + Enable Mono: ${HAVE_MONO} + Enable Monodoc: ${HAVE_MONODOC} + Distribution/OS: ${with_distro} + User for Avahi daemon: ${AVAHI_USER} + Group for Avahi daemon: ${AVAHI_GROUP} + Priviliged Access Group for Avahi Clients: ${AVAHI_PRIV_ACCESS_GROUP} + Enable chroot(): ${enable_chroot} " BUILD_DAEMON="no (You need libdaemon and expat!)" |