src/shared/bus-polkit.h

   1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
   2 #pragma once
   3
   4 #include "sd-bus.h"
   5
   6 #include "hashmap.h"
   7 #include "user-util.h"
   8 #include "varlink.h"
   9
  10 typedef enum PolkitFLags {
  11         POLKIT_ALLOW_INTERACTIVE = 1 << 0, /* Allow interactive auth (typically not required, because can be derived from bus message/link automatically) */
  12         POLKIT_ALWAYS_QUERY      = 1 << 1, /* Query polkit even if client is privileged */
  13         POLKIT_DEFAULT_ALLOW     = 1 << 2, /* If polkit is not around, assume "allow" rather than the usual "deny" */
  14 } PolkitFlags;
  15
  16 int bus_test_polkit(sd_bus_message *call, const char *action, const char **details, uid_t good_user, bool *_challenge, sd_bus_error *e);
  17
  18 int bus_verify_polkit_async_full(sd_bus_message *call, const char *action, const char **details, uid_t good_user, PolkitFlags flags, Hashmap **registry, sd_bus_error *error);
  19 static inline int bus_verify_polkit_async(sd_bus_message *call, const char *action, const char **details, Hashmap **registry, sd_bus_error *ret_error) {
  20         return bus_verify_polkit_async_full(call, action, details, UID_INVALID, 0, registry, ret_error);
  21 }
  22
  23 int varlink_verify_polkit_async_full(Varlink *link, sd_bus *bus, const char *action, const char **details, uid_t good_user, PolkitFlags flags, Hashmap **registry);
  24 static inline int varlink_verify_polkit_async(Varlink *link, sd_bus *bus, const char *action, const char **details, Hashmap **registry) {
  25         return varlink_verify_polkit_async_full(link, bus, action, details, UID_INVALID, 0, registry);
  26 }
  27
  28 /* A JsonDispatch initializer that makes sure the allowInteractiveAuthentication boolean field we want for
  29  * polkit support in Varlink calls is ignored while regular dispatching (and does not result in errors
  30  * regarding unexpected fields) */
  31 #define VARLINK_DISPATCH_POLKIT_FIELD {                          \
  32                 .name = "allowInteractiveAuthentication",        \
  33                 .type = JSON_VARIANT_BOOLEAN,                    \
  34         }
  35
  36 bool varlink_has_polkit_action(Varlink *link, const char *action, const char **details, Hashmap **registry);