projects / thirdparty / systemd.git / blame
| Commit | Line | Data |
|---|---|---|
| db9ecf05 | 1 | /* SPDX-License-Identifier: LGPL-2.1-or-later */ |
| 269e4d2d LP |
2 | #pragma once |
| 3 | ||
| 4 | #include "sd-bus.h" | |
| 5 | ||
| 6 | #include "hashmap.h" | |
| 7b36fb9f | 7 | #include "user-util.h" |
| d04c1a1c | 8 | #include "varlink.h" |
| 269e4d2d | 9 | |
| 29556b75 LP |
10 | typedef enum PolkitFLags { |
| 11 | POLKIT_ALLOW_INTERACTIVE = 1 << 0, /* Allow interactive auth (typically not required, because can be derived from bus message/link automatically) */ | |
| f5a12cea | 12 | POLKIT_ALWAYS_QUERY = 1 << 1, /* Query polkit even if client is privileged */ |
| 91180a1e | 13 | POLKIT_DEFAULT_ALLOW = 1 << 2, /* If polkit is not around, assume "allow" rather than the usual "deny" */ |
| 29556b75 LP |
14 | } PolkitFlags; |
| 15 | ||
| 7b36fb9f LP |
16 | int bus_test_polkit(sd_bus_message *call, const char *action, const char **details, uid_t good_user, bool *_challenge, sd_bus_error *e); |
| 17 | ||
| 29556b75 | 18 | int bus_verify_polkit_async_full(sd_bus_message *call, const char *action, const char **details, uid_t good_user, PolkitFlags flags, Hashmap **registry, sd_bus_error *error); |
| ba4c69a0 DDM |
19 | static inline int bus_verify_polkit_async(sd_bus_message *call, const char *action, const char **details, Hashmap **registry, sd_bus_error *error) { |
| 20 | return bus_verify_polkit_async_full(call, action, details, UID_INVALID, 0, registry, error); | |
| 7b36fb9f | 21 | } |
| 269e4d2d | 22 | |
| 29556b75 LP |
23 | int varlink_verify_polkit_async_full(Varlink *link, sd_bus *bus, const char *action, const char **details, uid_t good_user, PolkitFlags flags, Hashmap **registry); |
| 24 | static inline int varlink_verify_polkit_async(Varlink *link, sd_bus *bus, const char *action, const char **details, Hashmap **registry) { | |
| 25 | return varlink_verify_polkit_async_full(link, bus, action, details, UID_INVALID, 0, registry); | |
| 26 | } | |
| d04c1a1c LP |
27 | |
| 28 | /* A JsonDispatch initializer that makes sure the allowInteractiveAuthentication boolean field we want for | |
| 29 | * polkit support in Varlink calls is ignored while regular dispatching (and does not result in errors | |
| 30 | * regarding unexpected fields) */ | |
| 31 | #define VARLINK_DISPATCH_POLKIT_FIELD { \ | |
| 32 | .name = "allowInteractiveAuthentication", \ | |
| 33 | .type = JSON_VARIANT_BOOLEAN, \ | |
| 34 | } | |
| b9632ec4 LP |
35 | |
| 36 | bool varlink_has_polkit_action(Varlink *link, const char *action, const char **details, Hashmap **registry); |