/* bus= */ NULL,
"io.systemd.credentials.encrypt",
/* details= */ NULL,
- /* good_user= */ UID_INVALID,
polkit_registry);
if (r <= 0)
return r;
/* bus= */ NULL,
"io.systemd.credentials.decrypt",
/* details= */ NULL,
- /* good_user= */ UID_INVALID,
polkit_registry);
if (r <= 0)
return r;
message,
action,
details,
- /* interactive= */ false,
good_uid,
+ /* flags= */ 0,
&h->manager->polkit_registry,
error);
}
-
int bus_home_get_record_json(
Home *h,
sd_bus_message *message,
message,
"org.freedesktop.home1.activate-home",
/* details= */ NULL,
- /* interctive= */ false,
h->uid,
+ /* flags= */ 0,
&h->manager->polkit_registry,
error);
if (r < 0)
m,
"org.freedesktop.hostname1.set-hostname",
/* details= */ NULL,
- interactive,
/* good_user= */ UID_INVALID,
+ interactive ? POLKIT_ALLOW_INTERACTIVE : 0,
&c->polkit_registry,
error);
if (r < 0)
m,
"org.freedesktop.hostname1.set-static-hostname",
/* details= */ NULL,
- interactive,
/* good_user= */ UID_INVALID,
+ interactive ? POLKIT_ALLOW_INTERACTIVE : 0,
&c->polkit_registry,
error);
if (r < 0)
m,
prop == PROP_PRETTY_HOSTNAME ? "org.freedesktop.hostname1.set-static-hostname" : "org.freedesktop.hostname1.set-machine-info",
/* details= */ NULL,
- interactive,
/* good_user= */ UID_INVALID,
+ interactive ? POLKIT_ALLOW_INTERACTIVE : 0,
&c->polkit_registry,
error);
if (r < 0)
m,
"org.freedesktop.hostname1.get-product-uuid",
/* details= */ NULL,
- interactive,
/* good_user= */ UID_INVALID,
+ interactive ? POLKIT_ALLOW_INTERACTIVE : 0,
&c->polkit_registry,
error);
if (r < 0)
c->bus,
"org.freedesktop.hostname1.get-hardware-serial",
/* details= */ NULL,
- /* good_user= */ UID_INVALID,
&c->polkit_registry);
if (r == 0)
return 0; /* No authorization for now, but the async polkit stuff will call us again when it has it */
m,
"org.freedesktop.locale1.set-locale",
/* details= */ NULL,
- interactive,
/* good_user= */ UID_INVALID,
+ interactive ? POLKIT_ALLOW_INTERACTIVE : 0,
&c->polkit_registry,
error);
if (r < 0)
m,
"org.freedesktop.locale1.set-keyboard",
/* details= */ NULL,
- interactive,
/* good_user= */ UID_INVALID,
+ interactive ? POLKIT_ALLOW_INTERACTIVE : 0,
&c->polkit_registry,
error);
if (r < 0)
m,
"org.freedesktop.locale1.set-keyboard",
/* details= */ NULL,
- interactive,
/* good_user= */ UID_INVALID,
+ interactive ? POLKIT_ALLOW_INTERACTIVE : 0,
&c->polkit_registry,
error);
if (r < 0)
uid == auth_uid ? "org.freedesktop.login1.set-self-linger" :
"org.freedesktop.login1.set-user-linger",
/* details= */ NULL,
- interactive,
/* good_user= */ UID_INVALID,
+ interactive ? POLKIT_ALLOW_INTERACTIVE : 0,
&m->polkit_registry,
error);
if (r < 0)
message,
"org.freedesktop.login1.attach-device",
/* details= */ NULL,
- interactive,
/* good_user= */ UID_INVALID,
+ interactive ? POLKIT_ALLOW_INTERACTIVE : 0,
&m->polkit_registry,
error);
if (r < 0)
message,
"org.freedesktop.login1.manage",
/* details= */ NULL,
- /* interactive= */ false,
s->user->user_record->uid,
+ /* flags= */ 0,
&s->manager->polkit_registry,
error);
if (r < 0)
message,
"org.freedesktop.login1.lock-sessions",
/* details= */ NULL,
- /* interactive= */ false,
s->user->user_record->uid,
+ /* flags= */ 0,
&s->manager->polkit_registry,
error);
if (r < 0)
message,
"org.freedesktop.login1.manage",
/* details= */ NULL,
- /* interactive= */ false,
s->user->user_record->uid,
+ /* flags= */ 0,
&s->manager->polkit_registry,
error);
if (r < 0)
message,
"org.freedesktop.login1.manage",
/* details= */ NULL,
- /* interactive= */ false,
u->user_record->uid,
+ /* flags= */ 0,
&u->manager->polkit_registry,
error);
if (r < 0)
message,
"org.freedesktop.login1.manage",
/* details= */ NULL,
- /* interactive= */ false,
u->user_record->uid,
+ /* flags= */ 0,
&u->manager->polkit_registry,
error);
if (r < 0)
sd_bus_message *call,
const char *action,
const char **details,
- bool interactive, /* Use only for legacy method calls that have a separate "allow_interactive_authentication" field */
uid_t good_user,
+ PolkitFlags flags,
Hashmap **registry,
sd_bus_error *ret_error) {
return 1;
#if ENABLE_POLKIT
- _cleanup_(sd_bus_message_unrefp) sd_bus_message *pk = NULL;
+ bool interactive = FLAGS_SET(flags, POLKIT_ALLOW_INTERACTIVE);
int c = sd_bus_message_get_allow_interactive_authorization(call);
if (c < 0)
if (c > 0)
interactive = true;
+ _cleanup_(sd_bus_message_unrefp) sd_bus_message *pk = NULL;
r = bus_message_new_polkit_auth_call_for_bus(call, action, details, interactive, &pk);
if (r < 0)
return r;
}
#endif
-int varlink_verify_polkit_async(
+int varlink_verify_polkit_async_full(
Varlink *link,
sd_bus *bus,
const char *action,
const char **details,
uid_t good_user,
+ PolkitFlags flags,
Hashmap **registry) {
int r;
bus = mybus;
}
- bool interactive = varlink_allow_interactive_authentication(link);
+ bool interactive =
+ FLAGS_SET(flags, POLKIT_ALLOW_INTERACTIVE) ||
+ varlink_allow_interactive_authentication(link);
_cleanup_(sd_bus_message_unrefp) sd_bus_message *pk = NULL;
r = bus_message_new_polkit_auth_call_for_varlink(bus, link, action, details, interactive, &pk);
#include "user-util.h"
#include "varlink.h"
+typedef enum PolkitFLags {
+ POLKIT_ALLOW_INTERACTIVE = 1 << 0, /* Allow interactive auth (typically not required, because can be derived from bus message/link automatically) */
+} PolkitFlags;
+
int bus_test_polkit(sd_bus_message *call, const char *action, const char **details, uid_t good_user, bool *_challenge, sd_bus_error *e);
-int bus_verify_polkit_async_full(sd_bus_message *call, const char *action, const char **details, bool interactive, uid_t good_user, Hashmap **registry, sd_bus_error *error);
+int bus_verify_polkit_async_full(sd_bus_message *call, const char *action, const char **details, uid_t good_user, PolkitFlags flags, Hashmap **registry, sd_bus_error *error);
static inline int bus_verify_polkit_async(sd_bus_message *call, const char *action, const char **details, Hashmap **registry, sd_bus_error *ret_error) {
- return bus_verify_polkit_async_full(call, action, details, false, UID_INVALID, registry, ret_error);
+ return bus_verify_polkit_async_full(call, action, details, UID_INVALID, 0, registry, ret_error);
}
-int varlink_verify_polkit_async(Varlink *link, sd_bus *bus, const char *action, const char **details, uid_t good_user, Hashmap **registry);
+int varlink_verify_polkit_async_full(Varlink *link, sd_bus *bus, const char *action, const char **details, uid_t good_user, PolkitFlags flags, Hashmap **registry);
+static inline int varlink_verify_polkit_async(Varlink *link, sd_bus *bus, const char *action, const char **details, Hashmap **registry) {
+ return varlink_verify_polkit_async_full(link, bus, action, details, UID_INVALID, 0, registry);
+}
/* A JsonDispatch initializer that makes sure the allowInteractiveAuthentication boolean field we want for
* polkit support in Varlink calls is ignored while regular dispatching (and does not result in errors
projects / thirdparty / systemd.git / commitdiff
