1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
3 #include "bus-internal.h"
4 #include "bus-message.h"
5 #include "bus-polkit.h"
10 static int check_good_user(sd_bus_message
*m
, uid_t good_user
) {
11 _cleanup_(sd_bus_creds_unrefp
) sd_bus_creds
*creds
= NULL
;
17 if (good_user
== UID_INVALID
)
20 r
= sd_bus_query_sender_creds(m
, SD_BUS_CREDS_EUID
, &creds
);
24 /* Don't trust augmented credentials for authorization */
25 assert_return((sd_bus_creds_get_augmented_mask(creds
) & SD_BUS_CREDS_EUID
) == 0, -EPERM
);
27 r
= sd_bus_creds_get_euid(creds
, &sender_uid
);
31 return sender_uid
== good_user
;
35 static int bus_message_append_strv_key_value(
43 r
= sd_bus_message_open_container(m
, 'a', "{ss}");
47 STRV_FOREACH_PAIR(k
, v
, l
) {
48 r
= sd_bus_message_append(m
, "{ss}", *k
, *v
);
53 r
= sd_bus_message_close_container(m
);
68 sd_bus_error
*ret_error
) {
75 /* Tests non-interactively! */
77 r
= check_good_user(call
, good_user
);
81 r
= sd_bus_query_sender_privilege(call
, capability
);
88 _cleanup_(sd_bus_message_unrefp
) sd_bus_message
*request
= NULL
;
89 _cleanup_(sd_bus_message_unrefp
) sd_bus_message
*reply
= NULL
;
90 int authorized
= false, challenge
= false;
93 sender
= sd_bus_message_get_sender(call
);
97 r
= sd_bus_message_new_method_call(
100 "org.freedesktop.PolicyKit1",
101 "/org/freedesktop/PolicyKit1/Authority",
102 "org.freedesktop.PolicyKit1.Authority",
103 "CheckAuthorization");
107 r
= sd_bus_message_append(
110 "system-bus-name", 1, "name", "s", sender
,
115 r
= bus_message_append_strv_key_value(request
, details
);
119 r
= sd_bus_message_append(request
, "us", 0, NULL
);
123 r
= sd_bus_call(call
->bus
, request
, 0, ret_error
, &reply
);
125 /* Treat no PK available as access denied */
126 if (bus_error_is_unknown_service(ret_error
)) {
127 sd_bus_error_free(ret_error
);
134 r
= sd_bus_message_enter_container(reply
, 'r', "bba{ss}");
138 r
= sd_bus_message_read(reply
, "bb", &authorized
, &challenge
);
146 *_challenge
= challenge
;
157 typedef struct AsyncPolkitQuery
{
161 sd_bus_message
*request
, *reply
;
165 sd_event_source
*defer_event_source
;
168 static void async_polkit_query_free(AsyncPolkitQuery
*q
) {
172 sd_bus_slot_unref(q
->slot
);
174 if (q
->registry
&& q
->request
)
175 hashmap_remove(q
->registry
, q
->request
);
177 sd_bus_message_unref(q
->request
);
178 sd_bus_message_unref(q
->reply
);
181 strv_free(q
->details
);
183 sd_event_source_disable_unref(q
->defer_event_source
);
187 static int async_polkit_defer(sd_event_source
*s
, void *userdata
) {
188 AsyncPolkitQuery
*q
= userdata
;
192 /* This is called as idle event source after we processed the async polkit reply, hopefully after the
193 * method call we re-enqueued has been properly processed. */
195 async_polkit_query_free(q
);
199 static int async_polkit_callback(sd_bus_message
*reply
, void *userdata
, sd_bus_error
*error
) {
200 AsyncPolkitQuery
*q
= ASSERT_PTR(userdata
);
206 q
->slot
= sd_bus_slot_unref(q
->slot
);
209 q
->reply
= sd_bus_message_ref(reply
);
211 /* Now, let's dispatch the original message a second time be re-enqueing. This will then traverse the
212 * whole message processing again, and thus re-validating and re-retrieving the "userdata" field
215 * We install an idle event loop event to clean-up the PolicyKit request data when we are idle again,
216 * i.e. after the second time the message is processed is complete. */
218 assert(!q
->defer_event_source
);
219 r
= sd_event_add_defer(sd_bus_get_event(sd_bus_message_get_bus(reply
)), &q
->defer_event_source
, async_polkit_defer
, q
);
223 r
= sd_event_source_set_priority(q
->defer_event_source
, SD_EVENT_PRIORITY_IDLE
);
227 r
= sd_event_source_set_enabled(q
->defer_event_source
, SD_EVENT_ONESHOT
);
231 r
= sd_bus_message_rewind(q
->request
, true);
235 r
= sd_bus_enqueue_for_read(sd_bus_message_get_bus(q
->request
), q
->request
);
242 log_debug_errno(r
, "Processing asynchronous PolicyKit reply failed, ignoring: %m");
243 (void) sd_bus_reply_method_errno(q
->request
, r
, NULL
);
244 async_polkit_query_free(q
);
250 int bus_verify_polkit_async(
251 sd_bus_message
*call
,
254 const char **details
,
258 sd_bus_error
*ret_error
) {
267 r
= check_good_user(call
, good_user
);
272 AsyncPolkitQuery
*q
= hashmap_get(*registry
, call
);
274 int authorized
, challenge
;
276 /* This is the second invocation of this function, and there's already a response from
277 * polkit, let's process it */
280 /* If the operation we want to authenticate changed between the first and the second time,
281 * let's not use this authentication, it might be out of date as the object and context we
282 * operate on might have changed. */
283 if (!streq(q
->action
, action
) ||
284 !strv_equal(q
->details
, (char**) details
))
287 if (sd_bus_message_is_method_error(q
->reply
, NULL
)) {
288 const sd_bus_error
*e
;
290 e
= sd_bus_message_get_error(q
->reply
);
292 /* Treat no PK available as access denied */
293 if (bus_error_is_unknown_service(e
))
296 /* Copy error from polkit reply */
297 sd_bus_error_copy(ret_error
, e
);
298 return -sd_bus_error_get_errno(e
);
301 r
= sd_bus_message_enter_container(q
->reply
, 'r', "bba{ss}");
303 r
= sd_bus_message_read(q
->reply
, "bb", &authorized
, &challenge
);
311 return sd_bus_error_set(ret_error
, SD_BUS_ERROR_INTERACTIVE_AUTHORIZATION_REQUIRED
, "Interactive authentication required.");
317 r
= sd_bus_query_sender_privilege(call
, capability
);
323 sender
= sd_bus_message_get_sender(call
);
328 _cleanup_(sd_bus_message_unrefp
) sd_bus_message
*pk
= NULL
;
330 int c
= sd_bus_message_get_allow_interactive_authorization(call
);
336 r
= hashmap_ensure_allocated(registry
, NULL
);
340 r
= sd_bus_message_new_method_call(
343 "org.freedesktop.PolicyKit1",
344 "/org/freedesktop/PolicyKit1/Authority",
345 "org.freedesktop.PolicyKit1.Authority",
346 "CheckAuthorization");
350 r
= sd_bus_message_append(
353 "system-bus-name", 1, "name", "s", sender
,
358 r
= bus_message_append_strv_key_value(pk
, details
);
362 r
= sd_bus_message_append(pk
, "us", interactive
, NULL
);
366 q
= new(AsyncPolkitQuery
, 1);
370 *q
= (AsyncPolkitQuery
) {
371 .request
= sd_bus_message_ref(call
),
374 q
->action
= strdup(action
);
376 async_polkit_query_free(q
);
380 q
->details
= strv_copy((char**) details
);
382 async_polkit_query_free(q
);
386 r
= hashmap_put(*registry
, call
, q
);
388 async_polkit_query_free(q
);
392 q
->registry
= *registry
;
394 r
= sd_bus_call_async(call
->bus
, &q
->slot
, pk
, async_polkit_callback
, q
, 0);
396 async_polkit_query_free(q
);
406 Hashmap
*bus_verify_polkit_async_registry_free(Hashmap
*registry
) {
408 return hashmap_free_with_destructor(registry
, async_polkit_query_free
);
410 assert(hashmap_isempty(registry
));
411 return hashmap_free(registry
);