]>
Commit | Line | Data |
---|---|---|
db9ecf05 | 1 | /* SPDX-License-Identifier: LGPL-2.1-or-later */ |
269e4d2d LP |
2 | #pragma once |
3 | ||
4 | #include "sd-bus.h" | |
5 | ||
6 | #include "hashmap.h" | |
7b36fb9f | 7 | #include "user-util.h" |
d04c1a1c | 8 | #include "varlink.h" |
269e4d2d | 9 | |
29556b75 LP |
10 | typedef enum PolkitFLags { |
11 | POLKIT_ALLOW_INTERACTIVE = 1 << 0, /* Allow interactive auth (typically not required, because can be derived from bus message/link automatically) */ | |
f5a12cea | 12 | POLKIT_ALWAYS_QUERY = 1 << 1, /* Query polkit even if client is privileged */ |
91180a1e | 13 | POLKIT_DEFAULT_ALLOW = 1 << 2, /* If polkit is not around, assume "allow" rather than the usual "deny" */ |
29556b75 LP |
14 | } PolkitFlags; |
15 | ||
7b36fb9f LP |
16 | int bus_test_polkit(sd_bus_message *call, const char *action, const char **details, uid_t good_user, bool *_challenge, sd_bus_error *e); |
17 | ||
29556b75 | 18 | int bus_verify_polkit_async_full(sd_bus_message *call, const char *action, const char **details, uid_t good_user, PolkitFlags flags, Hashmap **registry, sd_bus_error *error); |
ba4c69a0 DDM |
19 | static inline int bus_verify_polkit_async(sd_bus_message *call, const char *action, const char **details, Hashmap **registry, sd_bus_error *error) { |
20 | return bus_verify_polkit_async_full(call, action, details, UID_INVALID, 0, registry, error); | |
7b36fb9f | 21 | } |
269e4d2d | 22 | |
29556b75 LP |
23 | int varlink_verify_polkit_async_full(Varlink *link, sd_bus *bus, const char *action, const char **details, uid_t good_user, PolkitFlags flags, Hashmap **registry); |
24 | static inline int varlink_verify_polkit_async(Varlink *link, sd_bus *bus, const char *action, const char **details, Hashmap **registry) { | |
25 | return varlink_verify_polkit_async_full(link, bus, action, details, UID_INVALID, 0, registry); | |
26 | } | |
d04c1a1c LP |
27 | |
28 | /* A JsonDispatch initializer that makes sure the allowInteractiveAuthentication boolean field we want for | |
29 | * polkit support in Varlink calls is ignored while regular dispatching (and does not result in errors | |
30 | * regarding unexpected fields) */ | |
31 | #define VARLINK_DISPATCH_POLKIT_FIELD { \ | |
32 | .name = "allowInteractiveAuthentication", \ | |
33 | .type = JSON_VARIANT_BOOLEAN, \ | |
34 | } | |
b9632ec4 LP |
35 | |
36 | bool varlink_has_polkit_action(Varlink *link, const char *action, const char **details, Hashmap **registry); |