From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 28 Feb 2024 16:06:11 +0000 (+0100)
Subject: polkit: allow checking if we already acquired some action
X-Git-Tag: v256-rc1~555^2~2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b9632ec42f58366efe629683c4c351865272c2df;p=thirdparty%2Fsystemd.git

polkit: allow checking if we already acquired some action

This adds a new helper that basically just wraps
async_polkit_query_have_action() and allows calling this without
actually triggering a PK authentication operation: it just checks if we
aleady have acquired an action or not.
---

diff --git a/src/shared/bus-polkit.c b/src/shared/bus-polkit.c
index 707f33acae1..865f895d39d 100644
--- a/src/shared/bus-polkit.c
+++ b/src/shared/bus-polkit.c
@@ -388,6 +388,21 @@ static int async_polkit_callback(sd_bus_message *reply, void *userdata, sd_bus_e
         return r;
 }
 
+static bool async_polkit_query_have_action(
+                AsyncPolkitQuery *q,
+                const char *action,
+                const char **details) {
+
+        assert(q);
+        assert(action);
+
+        LIST_FOREACH(authorized, a, q->authorized_actions)
+                if (streq(a->action, action) && strv_equal(a->details, (char**) details))
+                        return true;
+
+        return false;
+}
+
 static int async_polkit_query_check_action(
                 AsyncPolkitQuery *q,
                 const char *action,
@@ -397,9 +412,8 @@ static int async_polkit_query_check_action(
         assert(q);
         assert(action);
 
-        LIST_FOREACH(authorized, a, q->authorized_actions)
-                if (streq(a->action, action) && strv_equal(a->details, (char**) details))
-                        return 1; /* Allow! */
+        if (async_polkit_query_have_action(q, action, details))
+                return 1; /* Allow! */
 
         if (q->error_action && streq(q->error_action->action, action))
                 return sd_bus_error_copy(ret_error, &q->error);
@@ -409,7 +423,6 @@ static int async_polkit_query_check_action(
 
         return 0;
 }
-
 #endif
 
 /* bus_verify_polkit_async() handles verification of D-Bus calls with polkit. Because the polkit API
@@ -820,3 +833,21 @@ int varlink_verify_polkit_async_full(
 
         return -EACCES;
 }
+
+bool varlink_has_polkit_action(Varlink *link, const char *action, const char **details, Hashmap **registry) {
+        assert(link);
+        assert(action);
+        assert(registry);
+
+        /* Checks if we already have acquired some action previously */
+
+#if ENABLE_POLKIT
+        AsyncPolkitQuery *q = hashmap_get(*registry, link);
+        if (!q)
+                return false;
+
+        return async_polkit_query_have_action(q, action, details);
+#else
+        return false;
+#endif
+}
diff --git a/src/shared/bus-polkit.h b/src/shared/bus-polkit.h
index 4e2c1d35511..3394c23a2b2 100644
--- a/src/shared/bus-polkit.h
+++ b/src/shared/bus-polkit.h
@@ -30,3 +30,5 @@ static inline int varlink_verify_polkit_async(Varlink *link, sd_bus *bus, const
                 .name = "allowInteractiveAuthentication",        \
                 .type = JSON_VARIANT_BOOLEAN,                    \
         }
+
+bool varlink_has_polkit_action(Varlink *link, const char *action, const char **details, Hashmap **registry);