From: David Tardon Date: Thu, 17 Aug 2023 05:49:35 +0000 (+0200) Subject: bus-polkit: don't propagate error from polkit X-Git-Tag: v255-rc1~702 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=45b1c015b0eaff65b1f34e0ba8d072939eaa3926;p=thirdparty%2Fsystemd.git bus-polkit: don't propagate error from polkit An error reply from polkit is a valid case and should not be propagated as failure of async_polkit_callback(). It should only be saved here. It'll be returned by bus_verify_polkit_async() later, when it's called for the same method again. Follow-up for #26365. --- diff --git a/src/shared/bus-polkit.c b/src/shared/bus-polkit.c index 2d9e521fc50..b9ea8aa7da1 100644 --- a/src/shared/bus-polkit.c +++ b/src/shared/bus-polkit.c @@ -266,15 +266,18 @@ static int async_polkit_read_reply(sd_bus_message *reply, AsyncPolkitQuery *q) { e = sd_bus_message_get_error(reply); - /* Save error from polkit reply, so it can be returned when the same authorization is - * attempted for second time */ - if (!bus_error_is_unknown_service(e)) { + if (bus_error_is_unknown_service(e)) + /* Treat no PK available as access denied */ + q->denied_action = TAKE_PTR(a); + else { + /* Save error from polkit reply, so it can be returned when the same authorization + * is attempted for second time */ q->error_action = TAKE_PTR(a); - return sd_bus_error_copy(&q->error, e); + r = sd_bus_error_copy(&q->error, e); + if (r == -ENOMEM) + return r; } - /* Treat no PK available as access denied */ - q->denied_action = TAKE_PTR(a); return 0; } @@ -288,7 +291,7 @@ static int async_polkit_read_reply(sd_bus_message *reply, AsyncPolkitQuery *q) { LIST_PREPEND(authorized, q->authorized_actions, TAKE_PTR(a)); else if (challenge) { q->error_action = TAKE_PTR(a); - return sd_bus_error_set(&q->error, SD_BUS_ERROR_INTERACTIVE_AUTHORIZATION_REQUIRED, "Interactive authentication required."); + sd_bus_error_set_const(&q->error, SD_BUS_ERROR_INTERACTIVE_AUTHORIZATION_REQUIRED, "Interactive authentication required."); } else q->denied_action = TAKE_PTR(a);