teknoraver / rpms / systemd

Forked from rpms/systemd 4 months ago
Clone

Blame SOURCES/0247-resolved-allow-access-to-Set-Link-and-Revert-methods.patch

4fbe94
From ddd08e75b1e7fa1f6dfef3d30a0c1ef8c63e4d07 Mon Sep 17 00:00:00 2001
4fbe94
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
4fbe94
Date: Tue, 27 Aug 2019 19:25:05 +0200
4fbe94
Subject: [PATCH] resolved: allow access to Set*Link and Revert methods through
4fbe94
 polkit
4fbe94
4fbe94
This matches what is done in networkd very closely. In fact even the
4fbe94
policy descriptions are all identical (with s/network/resolve), except
4fbe94
for the last one:
4fbe94
resolved has org.freedesktop.resolve1.revert while
4fbe94
networkd has org.freedesktop.network1.revert-ntp and
4fbe94
org.freedesktop.network1.revert-dns so the description is a bit different.
4fbe94
4fbe94
Conflicts:
4fbe94
	src/resolve/resolved-bus.c
4fbe94
	src/resolve/resolved-link-bus.c
4fbe94
4fbe94
Related: #1746857
4fbe94
---
4fbe94
 src/resolve/org.freedesktop.resolve1.policy | 99 +++++++++++++++++++++
4fbe94
 src/resolve/resolved-bus.c                  | 22 ++---
4fbe94
 src/resolve/resolved-link-bus.c             | 97 +++++++++++++++++---
4fbe94
 3 files changed, 197 insertions(+), 21 deletions(-)
4fbe94
4fbe94
diff --git a/src/resolve/org.freedesktop.resolve1.policy b/src/resolve/org.freedesktop.resolve1.policy
4fbe94
index b65ba3e56a..592c4eb8b0 100644
4fbe94
--- a/src/resolve/org.freedesktop.resolve1.policy
4fbe94
+++ b/src/resolve/org.freedesktop.resolve1.policy
4fbe94
@@ -40,4 +40,103 @@
4fbe94
                 <annotate key="org.freedesktop.policykit.owner">unix-user:systemd-resolve</annotate>
4fbe94
         </action>
4fbe94
 
4fbe94
+        <action id="org.freedesktop.resolve1.set-dns-servers">
4fbe94
+                <description gettext-domain="systemd">Set DNS servers</description>
4fbe94
+                <message gettext-domain="systemd">Authentication is required to set DNS servers.</message>
4fbe94
+                <defaults>
4fbe94
+                        <allow_any>auth_admin</allow_any>
4fbe94
+                        <allow_inactive>auth_admin</allow_inactive>
4fbe94
+                        <allow_active>auth_admin_keep</allow_active>
4fbe94
+                </defaults>
4fbe94
+                <annotate key="org.freedesktop.policykit.owner">unix-user:systemd-resolve</annotate>
4fbe94
+        </action>
4fbe94
+
4fbe94
+        <action id="org.freedesktop.resolve1.set-domains">
4fbe94
+                <description gettext-domain="systemd">Set domains</description>
4fbe94
+                <message gettext-domain="systemd">Authentication is required to set domains.</message>
4fbe94
+                <defaults>
4fbe94
+                        <allow_any>auth_admin</allow_any>
4fbe94
+                        <allow_inactive>auth_admin</allow_inactive>
4fbe94
+                        <allow_active>auth_admin_keep</allow_active>
4fbe94
+                </defaults>
4fbe94
+                <annotate key="org.freedesktop.policykit.owner">unix-user:systemd-resolve</annotate>
4fbe94
+        </action>
4fbe94
+
4fbe94
+        <action id="org.freedesktop.resolve1.set-default-route">
4fbe94
+                <description gettext-domain="systemd">Set default route</description>
4fbe94
+                <message gettext-domain="systemd">Authentication is required to set default route.</message>
4fbe94
+                <defaults>
4fbe94
+                        <allow_any>auth_admin</allow_any>
4fbe94
+                        <allow_inactive>auth_admin</allow_inactive>
4fbe94
+                        <allow_active>auth_admin_keep</allow_active>
4fbe94
+                </defaults>
4fbe94
+                <annotate key="org.freedesktop.policykit.owner">unix-user:systemd-resolve</annotate>
4fbe94
+        </action>
4fbe94
+
4fbe94
+        <action id="org.freedesktop.resolve1.set-llmnr">
4fbe94
+                <description gettext-domain="systemd">Enable/disable LLMNR</description>
4fbe94
+                <message gettext-domain="systemd">Authentication is required to enable or disable LLMNR.</message>
4fbe94
+                <defaults>
4fbe94
+                        <allow_any>auth_admin</allow_any>
4fbe94
+                        <allow_inactive>auth_admin</allow_inactive>
4fbe94
+                        <allow_active>auth_admin_keep</allow_active>
4fbe94
+                </defaults>
4fbe94
+                <annotate key="org.freedesktop.policykit.owner">unix-user:systemd-resolve</annotate>
4fbe94
+        </action>
4fbe94
+
4fbe94
+        <action id="org.freedesktop.resolve1.set-mdns">
4fbe94
+                <description gettext-domain="systemd">Enable/disable multicast DNS</description>
4fbe94
+                <message gettext-domain="systemd">Authentication is required to enable or disable multicast DNS.</message>
4fbe94
+                <defaults>
4fbe94
+                        <allow_any>auth_admin</allow_any>
4fbe94
+                        <allow_inactive>auth_admin</allow_inactive>
4fbe94
+                        <allow_active>auth_admin_keep</allow_active>
4fbe94
+                </defaults>
4fbe94
+                <annotate key="org.freedesktop.policykit.owner">unix-user:systemd-resolve</annotate>
4fbe94
+        </action>
4fbe94
+
4fbe94
+        <action id="org.freedesktop.resolve1.set-dns-over-tls">
4fbe94
+                <description gettext-domain="systemd">Enable/disable DNS over TLS</description>
4fbe94
+                <message gettext-domain="systemd">Authentication is required to enable or disable DNS over TLS.</message>
4fbe94
+                <defaults>
4fbe94
+                        <allow_any>auth_admin</allow_any>
4fbe94
+                        <allow_inactive>auth_admin</allow_inactive>
4fbe94
+                        <allow_active>auth_admin_keep</allow_active>
4fbe94
+                </defaults>
4fbe94
+                <annotate key="org.freedesktop.policykit.owner">unix-user:systemd-resolve</annotate>
4fbe94
+        </action>
4fbe94
+
4fbe94
+        <action id="org.freedesktop.resolve1.set-dnssec">
4fbe94
+                <description gettext-domain="systemd">Enable/disable DNSSEC</description>
4fbe94
+                <message gettext-domain="systemd">Authentication is required to enable or disable DNSSEC.</message>
4fbe94
+                <defaults>
4fbe94
+                        <allow_any>auth_admin</allow_any>
4fbe94
+                        <allow_inactive>auth_admin</allow_inactive>
4fbe94
+                        <allow_active>auth_admin_keep</allow_active>
4fbe94
+                </defaults>
4fbe94
+                <annotate key="org.freedesktop.policykit.owner">unix-user:systemd-resolve</annotate>
4fbe94
+        </action>
4fbe94
+
4fbe94
+        <action id="org.freedesktop.resolve1.set-dnssec-negative-trust-anchors">
4fbe94
+                <description gettext-domain="systemd">Set DNSSEC Negative Trust Anchors</description>
4fbe94
+                <message gettext-domain="systemd">Authentication is required to set DNSSEC Negative Trust Anchros.</message>
4fbe94
+                <defaults>
4fbe94
+                        <allow_any>auth_admin</allow_any>
4fbe94
+                        <allow_inactive>auth_admin</allow_inactive>
4fbe94
+                        <allow_active>auth_admin_keep</allow_active>
4fbe94
+                </defaults>
4fbe94
+                <annotate key="org.freedesktop.policykit.owner">unix-user:systemd-resolve</annotate>
4fbe94
+        </action>
4fbe94
+
4fbe94
+        <action id="org.freedesktop.resolve1.revert">
4fbe94
+                <description gettext-domain="systemd">Revert name resolution settings</description>
4fbe94
+                <message gettext-domain="systemd">Authentication is required to revert name resolution settings.</message>
4fbe94
+                <defaults>
4fbe94
+                        <allow_any>auth_admin</allow_any>
4fbe94
+                        <allow_inactive>auth_admin</allow_inactive>
4fbe94
+                        <allow_active>auth_admin_keep</allow_active>
4fbe94
+                </defaults>
4fbe94
+                <annotate key="org.freedesktop.policykit.owner">unix-user:systemd-resolve</annotate>
4fbe94
+        </action>
4fbe94
+
4fbe94
 </policyconfig>
4fbe94
diff --git a/src/resolve/resolved-bus.c b/src/resolve/resolved-bus.c
4fbe94
index da0a909dd6..4d6cc4fd48 100644
4fbe94
--- a/src/resolve/resolved-bus.c
4fbe94
+++ b/src/resolve/resolved-bus.c
4fbe94
@@ -1848,18 +1848,18 @@ static const sd_bus_vtable resolve_vtable[] = {
4fbe94
         SD_BUS_METHOD("ResolveAddress", "iiayt", "a(is)t", bus_method_resolve_address, SD_BUS_VTABLE_UNPRIVILEGED),
4fbe94
         SD_BUS_METHOD("ResolveRecord", "isqqt", "a(iqqay)t", bus_method_resolve_record, SD_BUS_VTABLE_UNPRIVILEGED),
4fbe94
         SD_BUS_METHOD("ResolveService", "isssit", "a(qqqsa(iiay)s)aayssst", bus_method_resolve_service, SD_BUS_VTABLE_UNPRIVILEGED),
4fbe94
-        SD_BUS_METHOD("ResetStatistics", NULL, NULL, bus_method_reset_statistics, 0),
4fbe94
-        SD_BUS_METHOD("FlushCaches", NULL, NULL, bus_method_flush_caches, 0),
4fbe94
-        SD_BUS_METHOD("ResetServerFeatures", NULL, NULL, bus_method_reset_server_features, 0),
4fbe94
+        SD_BUS_METHOD("ResetStatistics", NULL, NULL, bus_method_reset_statistics, SD_BUS_VTABLE_UNPRIVILEGED),
4fbe94
+        SD_BUS_METHOD("FlushCaches", NULL, NULL, bus_method_flush_caches, SD_BUS_VTABLE_UNPRIVILEGED),
4fbe94
+        SD_BUS_METHOD("ResetServerFeatures", NULL, NULL, bus_method_reset_server_features, SD_BUS_VTABLE_UNPRIVILEGED),
4fbe94
         SD_BUS_METHOD("GetLink", "i", "o", bus_method_get_link, SD_BUS_VTABLE_UNPRIVILEGED),
4fbe94
-        SD_BUS_METHOD("SetLinkDNS", "ia(iay)", NULL, bus_method_set_link_dns_servers, 0),
4fbe94
-        SD_BUS_METHOD("SetLinkDomains", "ia(sb)", NULL, bus_method_set_link_domains, 0),
4fbe94
-        SD_BUS_METHOD("SetLinkLLMNR", "is", NULL, bus_method_set_link_llmnr, 0),
4fbe94
-        SD_BUS_METHOD("SetLinkMulticastDNS", "is", NULL, bus_method_set_link_mdns, 0),
4fbe94
-        SD_BUS_METHOD("SetLinkDNSOverTLS", "is", NULL, bus_method_set_link_dns_over_tls, 0),
4fbe94
-        SD_BUS_METHOD("SetLinkDNSSEC", "is", NULL, bus_method_set_link_dnssec, 0),
4fbe94
-        SD_BUS_METHOD("SetLinkDNSSECNegativeTrustAnchors", "ias", NULL, bus_method_set_link_dnssec_negative_trust_anchors, 0),
4fbe94
-        SD_BUS_METHOD("RevertLink", "i", NULL, bus_method_revert_link, 0),
4fbe94
+        SD_BUS_METHOD("SetLinkDNS", "ia(iay)", NULL, bus_method_set_link_dns_servers, SD_BUS_VTABLE_UNPRIVILEGED),
4fbe94
+        SD_BUS_METHOD("SetLinkDomains", "ia(sb)", NULL, bus_method_set_link_domains, SD_BUS_VTABLE_UNPRIVILEGED),
4fbe94
+        SD_BUS_METHOD("SetLinkLLMNR", "is", NULL, bus_method_set_link_llmnr, SD_BUS_VTABLE_UNPRIVILEGED),
4fbe94
+        SD_BUS_METHOD("SetLinkMulticastDNS", "is", NULL, bus_method_set_link_mdns, SD_BUS_VTABLE_UNPRIVILEGED),
4fbe94
+        SD_BUS_METHOD("SetLinkDNSOverTLS", "is", NULL, bus_method_set_link_dns_over_tls, SD_BUS_VTABLE_UNPRIVILEGED),
4fbe94
+        SD_BUS_METHOD("SetLinkDNSSEC", "is", NULL, bus_method_set_link_dnssec, SD_BUS_VTABLE_UNPRIVILEGED),
4fbe94
+        SD_BUS_METHOD("SetLinkDNSSECNegativeTrustAnchors", "ias", NULL, bus_method_set_link_dnssec_negative_trust_anchors, SD_BUS_VTABLE_UNPRIVILEGED),
4fbe94
+        SD_BUS_METHOD("RevertLink", "i", NULL, bus_method_revert_link, SD_BUS_VTABLE_UNPRIVILEGED),
4fbe94
 
4fbe94
         SD_BUS_METHOD("RegisterService", "sssqqqaa{say}", "o", bus_method_register_service, SD_BUS_VTABLE_UNPRIVILEGED),
4fbe94
         SD_BUS_METHOD("UnregisterService", "o", NULL, bus_method_unregister_service, SD_BUS_VTABLE_UNPRIVILEGED),
4fbe94
diff --git a/src/resolve/resolved-link-bus.c b/src/resolve/resolved-link-bus.c
4fbe94
index 46d2b11636..bf3e42264e 100644
4fbe94
--- a/src/resolve/resolved-link-bus.c
4fbe94
+++ b/src/resolve/resolved-link-bus.c
4fbe94
@@ -1,5 +1,9 @@
4fbe94
 /* SPDX-License-Identifier: LGPL-2.1+ */
4fbe94
 
4fbe94
+#include <net/if.h>
4fbe94
+#include <netinet/in.h>
4fbe94
+#include <sys/capability.h>
4fbe94
+
4fbe94
 #include "alloc-util.h"
4fbe94
 #include "bus-common-errors.h"
4fbe94
 #include "bus-util.h"
4fbe94
@@ -9,6 +13,7 @@
4fbe94
 #include "resolved-link-bus.h"
4fbe94
 #include "resolved-resolv-conf.h"
4fbe94
 #include "strv.h"
4fbe94
+#include "user-util.h"
4fbe94
 
4fbe94
 static BUS_DEFINE_PROPERTY_GET(property_get_dnssec_supported, "b", Link, link_dnssec_supported);
4fbe94
 static BUS_DEFINE_PROPERTY_GET2(property_get_dnssec_mode, "s", Link, link_get_dnssec_mode, dnssec_mode_to_string);
4fbe94
@@ -235,6 +240,15 @@ int bus_link_method_set_dns_servers(sd_bus_message *message, void *userdata, sd_
4fbe94
         if (r < 0)
4fbe94
                 return r;
4fbe94
 
4fbe94
+        r = bus_verify_polkit_async(message, CAP_NET_ADMIN,
4fbe94
+                                    "org.freedesktop.resolve1.set-dns-servers",
4fbe94
+                                    NULL, true, UID_INVALID,
4fbe94
+                                    &l->manager->polkit_registry, error);
4fbe94
+        if (r < 0)
4fbe94
+                return r;
4fbe94
+        if (r == 0)
4fbe94
+                return 1; /* Polkit will call us back */
4fbe94
+
4fbe94
         dns_server_mark_all(l->dns_servers);
4fbe94
 
4fbe94
         for (i = 0; i < n; i++) {
4fbe94
@@ -298,12 +312,21 @@ int bus_link_method_set_domains(sd_bus_message *message, void *userdata, sd_bus_
4fbe94
                         return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Root domain is not suitable as search domain");
4fbe94
         }
4fbe94
 
4fbe94
-        dns_search_domain_mark_all(l->search_domains);
4fbe94
-
4fbe94
         r = sd_bus_message_rewind(message, false);
4fbe94
         if (r < 0)
4fbe94
                 return r;
4fbe94
 
4fbe94
+        r = bus_verify_polkit_async(message, CAP_NET_ADMIN,
4fbe94
+                                    "org.freedesktop.resolve1.set-domains",
4fbe94
+                                    NULL, true, UID_INVALID,
4fbe94
+                                    &l->manager->polkit_registry, error);
4fbe94
+        if (r < 0)
4fbe94
+                return r;
4fbe94
+        if (r == 0)
4fbe94
+                return 1; /* Polkit will call us back */
4fbe94
+
4fbe94
+        dns_search_domain_mark_all(l->search_domains);
4fbe94
+
4fbe94
         for (;;) {
4fbe94
                 DnsSearchDomain *d;
4fbe94
                 const char *name;
4fbe94
@@ -371,6 +394,15 @@ int bus_link_method_set_llmnr(sd_bus_message *message, void *userdata, sd_bus_er
4fbe94
                         return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid LLMNR setting: %s", llmnr);
4fbe94
         }
4fbe94
 
4fbe94
+        r = bus_verify_polkit_async(message, CAP_NET_ADMIN,
4fbe94
+                                    "org.freedesktop.resolve1.set-llmnr",
4fbe94
+                                    NULL, true, UID_INVALID,
4fbe94
+                                    &l->manager->polkit_registry, error);
4fbe94
+        if (r < 0)
4fbe94
+                return r;
4fbe94
+        if (r == 0)
4fbe94
+                return 1; /* Polkit will call us back */
4fbe94
+
4fbe94
         l->llmnr_support = mode;
4fbe94
         link_allocate_scopes(l);
4fbe94
         link_add_rrs(l, false);
4fbe94
@@ -405,6 +437,15 @@ int bus_link_method_set_mdns(sd_bus_message *message, void *userdata, sd_bus_err
4fbe94
                         return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid MulticastDNS setting: %s", mdns);
4fbe94
         }
4fbe94
 
4fbe94
+        r = bus_verify_polkit_async(message, CAP_NET_ADMIN,
4fbe94
+                                    "org.freedesktop.resolve1.set-mdns",
4fbe94
+                                    NULL, true, UID_INVALID,
4fbe94
+                                    &l->manager->polkit_registry, error);
4fbe94
+        if (r < 0)
4fbe94
+                return r;
4fbe94
+        if (r == 0)
4fbe94
+                return 1; /* Polkit will call us back */
4fbe94
+
4fbe94
         l->mdns_support = mode;
4fbe94
         link_allocate_scopes(l);
4fbe94
         link_add_rrs(l, false);
4fbe94
@@ -439,6 +480,15 @@ int bus_link_method_set_dns_over_tls(sd_bus_message *message, void *userdata, sd
4fbe94
                         return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid DNSOverTLS setting: %s", dns_over_tls);
4fbe94
         }
4fbe94
 
4fbe94
+        r = bus_verify_polkit_async(message, CAP_NET_ADMIN,
4fbe94
+                                    "org.freedesktop.resolve1.set-dns-over-tls",
4fbe94
+                                    NULL, true, UID_INVALID,
4fbe94
+                                    &l->manager->polkit_registry, error);
4fbe94
+        if (r < 0)
4fbe94
+                return r;
4fbe94
+        if (r == 0)
4fbe94
+                return 1; /* Polkit will call us back */
4fbe94
+
4fbe94
         link_set_dns_over_tls_mode(l, mode);
4fbe94
 
4fbe94
         (void) link_save_user(l);
4fbe94
@@ -471,6 +521,15 @@ int bus_link_method_set_dnssec(sd_bus_message *message, void *userdata, sd_bus_e
4fbe94
                         return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid DNSSEC setting: %s", dnssec);
4fbe94
         }
4fbe94
 
4fbe94
+        r = bus_verify_polkit_async(message, CAP_NET_ADMIN,
4fbe94
+                                    "org.freedesktop.resolve1.set-dnssec",
4fbe94
+                                    NULL, true, UID_INVALID,
4fbe94
+                                    &l->manager->polkit_registry, error);
4fbe94
+        if (r < 0)
4fbe94
+                return r;
4fbe94
+        if (r == 0)
4fbe94
+                return 1; /* Polkit will call us back */
4fbe94
+
4fbe94
         link_set_dnssec_mode(l, mode);
4fbe94
 
4fbe94
         (void) link_save_user(l);
4fbe94
@@ -513,6 +572,15 @@ int bus_link_method_set_dnssec_negative_trust_anchors(sd_bus_message *message, v
4fbe94
                         return r;
4fbe94
         }
4fbe94
 
4fbe94
+        r = bus_verify_polkit_async(message, CAP_NET_ADMIN,
4fbe94
+                                    "org.freedesktop.resolve1.set-dnssec-negative-trust-anchors",
4fbe94
+                                    NULL, true, UID_INVALID,
4fbe94
+                                    &l->manager->polkit_registry, error);
4fbe94
+        if (r < 0)
4fbe94
+                return r;
4fbe94
+        if (r == 0)
4fbe94
+                return 1; /* Polkit will call us back */
4fbe94
+
4fbe94
         set_free_free(l->dnssec_negative_trust_anchors);
4fbe94
         l->dnssec_negative_trust_anchors = TAKE_PTR(ns);
4fbe94
 
4fbe94
@@ -532,6 +600,15 @@ int bus_link_method_revert(sd_bus_message *message, void *userdata, sd_bus_error
4fbe94
         if (r < 0)
4fbe94
                 return r;
4fbe94
 
4fbe94
+        r = bus_verify_polkit_async(message, CAP_NET_ADMIN,
4fbe94
+                                    "org.freedesktop.resolve1.revert",
4fbe94
+                                    NULL, true, UID_INVALID,
4fbe94
+                                    &l->manager->polkit_registry, error);
4fbe94
+        if (r < 0)
4fbe94
+                return r;
4fbe94
+        if (r == 0)
4fbe94
+                return 1; /* Polkit will call us back */
4fbe94
+
4fbe94
         link_flush_settings(l);
4fbe94
         link_allocate_scopes(l);
4fbe94
         link_add_rrs(l, false);
4fbe94
@@ -556,14 +633,14 @@ const sd_bus_vtable link_vtable[] = {
4fbe94
         SD_BUS_PROPERTY("DNSSECNegativeTrustAnchors", "as", property_get_ntas, 0, 0),
4fbe94
         SD_BUS_PROPERTY("DNSSECSupported", "b", property_get_dnssec_supported, 0, 0),
4fbe94
 
4fbe94
-        SD_BUS_METHOD("SetDNS", "a(iay)", NULL, bus_link_method_set_dns_servers, 0),
4fbe94
-        SD_BUS_METHOD("SetDomains", "a(sb)", NULL, bus_link_method_set_domains, 0),
4fbe94
-        SD_BUS_METHOD("SetLLMNR", "s", NULL, bus_link_method_set_llmnr, 0),
4fbe94
-        SD_BUS_METHOD("SetMulticastDNS", "s", NULL, bus_link_method_set_mdns, 0),
4fbe94
-        SD_BUS_METHOD("SetDNSOverTLS", "s", NULL, bus_link_method_set_dns_over_tls, 0),
4fbe94
-        SD_BUS_METHOD("SetDNSSEC", "s", NULL, bus_link_method_set_dnssec, 0),
4fbe94
-        SD_BUS_METHOD("SetDNSSECNegativeTrustAnchors", "as", NULL, bus_link_method_set_dnssec_negative_trust_anchors, 0),
4fbe94
-        SD_BUS_METHOD("Revert", NULL, NULL, bus_link_method_revert, 0),
4fbe94
+        SD_BUS_METHOD("SetDNS", "a(iay)", NULL, bus_link_method_set_dns_servers, SD_BUS_VTABLE_UNPRIVILEGED),
4fbe94
+        SD_BUS_METHOD("SetDomains", "a(sb)", NULL, bus_link_method_set_domains, SD_BUS_VTABLE_UNPRIVILEGED),
4fbe94
+        SD_BUS_METHOD("SetLLMNR", "s", NULL, bus_link_method_set_llmnr, SD_BUS_VTABLE_UNPRIVILEGED),
4fbe94
+        SD_BUS_METHOD("SetMulticastDNS", "s", NULL, bus_link_method_set_mdns, SD_BUS_VTABLE_UNPRIVILEGED),
4fbe94
+        SD_BUS_METHOD("SetDNSOverTLS", "s", NULL, bus_link_method_set_dns_over_tls, SD_BUS_VTABLE_UNPRIVILEGED),
4fbe94
+        SD_BUS_METHOD("SetDNSSEC", "s", NULL, bus_link_method_set_dnssec, SD_BUS_VTABLE_UNPRIVILEGED),
4fbe94
+        SD_BUS_METHOD("SetDNSSECNegativeTrustAnchors", "as", NULL, bus_link_method_set_dnssec_negative_trust_anchors, SD_BUS_VTABLE_UNPRIVILEGED),
4fbe94
+        SD_BUS_METHOD("Revert", NULL, NULL, bus_link_method_revert, SD_BUS_VTABLE_UNPRIVILEGED),
4fbe94
 
4fbe94
         SD_BUS_VTABLE_END
4fbe94
 };