int bus_test_polkit(
sd_bus_message *call,
- int capability,
const char *action,
const char **details,
uid_t good_user,
if (r != 0)
return r;
- r = sd_bus_query_sender_privilege(call, capability);
+ r = sd_bus_query_sender_privilege(call, -1);
if (r < 0)
return r;
if (r > 0)
} AsyncPolkitQuery;
static AsyncPolkitQuery *async_polkit_query_free(AsyncPolkitQuery *q) {
- AsyncPolkitQueryAction *a;
-
if (!q)
return NULL;
sd_event_source_disable_unref(q->defer_event_source);
- while ((a = q->authorized_actions)) {
- LIST_REMOVE(authorized, q->authorized_actions, a);
- async_polkit_query_action_free(a);
- }
+ LIST_CLEAR(authorized, q->authorized_actions, async_polkit_query_action_free);
async_polkit_query_action_free(q->denied_action);
async_polkit_query_action_free(q->error_action);
assert(reply);
assert(q);
+ /* Processing of a PolicyKit checks is canceled on the first auth. error. */
+ assert(!q->denied_action);
+ assert(!q->error_action);
+ assert(!sd_bus_error_is_set(&q->error));
+
assert(q->action);
a = TAKE_PTR(q->action);
e = sd_bus_message_get_error(reply);
- /* Save error from polkit reply, so it can be returned when the same authorization is
- * attempted for second time */
- if (!bus_error_is_unknown_service(e)) {
+ if (bus_error_is_unknown_service(e))
+ /* Treat no PK available as access denied */
+ q->denied_action = TAKE_PTR(a);
+ else {
+ /* Save error from polkit reply, so it can be returned when the same authorization
+ * is attempted for second time */
q->error_action = TAKE_PTR(a);
- return sd_bus_error_copy(&q->error, e);
+ r = sd_bus_error_copy(&q->error, e);
+ if (r == -ENOMEM)
+ return r;
}
- /* Treat no PK available as access denied */
- q->denied_action = TAKE_PTR(a);
-
return 0;
}
if (r < 0)
return r;
- /* It's currently expected that processing of a DBus message shall be interrupted on the first
- * auth. error */
- assert(!q->denied_action);
- assert(!q->error_action);
- assert(!sd_bus_error_is_set(&q->error));
-
if (authorized)
LIST_PREPEND(authorized, q->authorized_actions, TAKE_PTR(a));
else if (challenge) {
q->error_action = TAKE_PTR(a);
- return sd_bus_error_set(&q->error, SD_BUS_ERROR_INTERACTIVE_AUTHORIZATION_REQUIRED, "Interactive authentication required.");
+ sd_bus_error_set_const(&q->error, SD_BUS_ERROR_INTERACTIVE_AUTHORIZATION_REQUIRED, "Interactive authentication required.");
} else
q->denied_action = TAKE_PTR(a);
* <- async_polkit_defer(q)
*/
-int bus_verify_polkit_async(
+int bus_verify_polkit_async_full(
sd_bus_message *call,
- int capability,
const char *action,
const char **details,
- bool interactive,
+ bool interactive, /* Use only for legacy method calls that have a separate "allow_interactive_authentication" field */
uid_t good_user,
Hashmap **registry,
sd_bus_error *ret_error) {
assert(call);
assert(action);
assert(registry);
+ assert(ret_error);
r = check_good_user(call, good_user);
if (r != 0)
}
#endif
- r = sd_bus_query_sender_privilege(call, capability);
+ r = sd_bus_query_sender_privilege(call, -1);
if (r < 0)
return r;
if (r > 0)