From: Lennart Poettering <lennart@poettering.net>
Date: Thu, 15 May 2025 07:30:37 +0000 (+0200)
Subject: bus-polkit: add a generic vtable for methods with no params, but with polkit
X-Git-Tag: v258-rc1~600^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8d7d2edcbbec9d996c1c5e4eb20844e257534e38;p=thirdparty%2Fsystemd.git

bus-polkit: add a generic vtable for methods with no params, but with polkit
---

diff --git a/src/hostname/hostnamed.c b/src/hostname/hostnamed.c
index 5f95e52f7f8..72467704790 100644
--- a/src/hostname/hostnamed.c
+++ b/src/hostname/hostnamed.c
@@ -1797,11 +1797,6 @@ static int connect_bus(Context *c) {
 }
 
 static int vl_method_describe(sd_varlink *link, sd_json_variant *parameters, sd_varlink_method_flags_t flags, void *userdata) {
-        static const sd_json_dispatch_field dispatch_table[] = {
-                VARLINK_DISPATCH_POLKIT_FIELD,
-                {}
-        };
-
         Context *c = ASSERT_PTR(userdata);
         bool privileged;
         int r;
@@ -1809,7 +1804,7 @@ static int vl_method_describe(sd_varlink *link, sd_json_variant *parameters, sd_
         assert(link);
         assert(parameters);
 
-        r = sd_varlink_dispatch(link, parameters, dispatch_table, /* userdata= */ NULL);
+        r = sd_varlink_dispatch(link, parameters, dispatch_table_polkit_only, /* userdata= */ NULL);
         if (r != 0)
                 return r;
 
diff --git a/src/resolve/resolved-varlink.c b/src/resolve/resolved-varlink.c
index cf9569e6679..5b534b1d937 100644
--- a/src/resolve/resolved-varlink.c
+++ b/src/resolve/resolved-varlink.c
@@ -1189,17 +1189,12 @@ static int vl_method_resolve_record(sd_varlink *link, sd_json_variant *parameter
 }
 
 static int verify_polkit(sd_varlink *link, sd_json_variant *parameters, const char *action) {
-        static const sd_json_dispatch_field dispatch_table[] = {
-                VARLINK_DISPATCH_POLKIT_FIELD,
-                {}
-        };
-
         int r;
         Manager *m = ASSERT_PTR(sd_varlink_get_userdata(ASSERT_PTR(link)));
 
         assert(action);
 
-        r = sd_varlink_dispatch(link, parameters, dispatch_table, /* userdata = */ NULL);
+        r = sd_varlink_dispatch(link, parameters, dispatch_table_polkit_only, /* userdata= */ NULL);
         if (r != 0)
                 return r;
 
diff --git a/src/shared/bus-polkit.c b/src/shared/bus-polkit.c
index 97d81e743c3..99d99a5bbb7 100644
--- a/src/shared/bus-polkit.c
+++ b/src/shared/bus-polkit.c
@@ -886,3 +886,8 @@ bool varlink_has_polkit_action(sd_varlink *link, const char *action, const char
         return false;
 #endif
 }
+
+const sd_json_dispatch_field dispatch_table_polkit_only[] = {
+        VARLINK_DISPATCH_POLKIT_FIELD,
+        {}
+};
diff --git a/src/shared/bus-polkit.h b/src/shared/bus-polkit.h
index 284583f2a1a..7f6f21b51e6 100644
--- a/src/shared/bus-polkit.h
+++ b/src/shared/bus-polkit.h
@@ -35,6 +35,10 @@ static inline int varlink_verify_polkit_async(sd_varlink *link, sd_bus *bus, con
                 .type = SD_JSON_VARIANT_BOOLEAN,                 \
         }
 
+/* A dispatch table that only accepts (but ignores) the Polkit field, and refuses everything else. This can
+ * be used wherever methods do not accept any parameters but shall be access controlled via Polkit. */
+extern const sd_json_dispatch_field dispatch_table_polkit_only[];
+
 /* Generates the right Varlink introspection field for the allowInteractiveAuthentication field above. To be used in Varlink IDL definitions. */
 #define VARLINK_DEFINE_POLKIT_INPUT                                     \
         SD_VARLINK_FIELD_COMMENT("Controls whether interactive authentication (via polkit) shall be allowed. If unspecified defaults to false."), \