From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 28 Feb 2024 20:31:53 +0000 (+0100)
Subject: polkit: add new POLKIT_ALWAYS_QUERY flag
X-Git-Tag: v256-rc1~555^2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f5a12ceaedf4d490a9dc82e9460dd6fd97acc942;p=thirdparty%2Fsystemd.git

polkit: add new POLKIT_ALWAYS_QUERY flag

When this flag is set we'll disable the local shortcut that skips polkit
checks for clients that are privileged, and assumes they are
authenticated.

Or in other words: if this flag is set, we'll query PK not matter what,
regardless if it's root we talk about or any other user.
---

diff --git a/src/shared/bus-polkit.c b/src/shared/bus-polkit.c
index 865f895d39d..2255ef128e4 100644
--- a/src/shared/bus-polkit.c
+++ b/src/shared/bus-polkit.c
@@ -539,11 +539,14 @@ int bus_verify_polkit_async_full(
         }
 #endif
 
-        r = sd_bus_query_sender_privilege(call, -1);
-        if (r < 0)
-                return r;
-        if (r > 0)
-                return 1;
+        if (!FLAGS_SET(flags, POLKIT_ALWAYS_QUERY)) {
+                /* Don't query PK if client is privileged */
+                r = sd_bus_query_sender_privilege(call, /* capability= */ -1);
+                if (r < 0)
+                        return r;
+                if (r > 0)
+                        return 1;
+        }
 
 #if ENABLE_POLKIT
         bool interactive = FLAGS_SET(flags, POLKIT_ALLOW_INTERACTIVE);
@@ -742,9 +745,11 @@ int varlink_verify_polkit_async_full(
         if (r != 0)
                 return r;
 
-        r = varlink_check_peer_privilege(link);
-        if (r != 0)
-                return r;
+        if (!FLAGS_SET(flags, POLKIT_ALWAYS_QUERY)) {
+                r = varlink_check_peer_privilege(link);
+                if (r != 0)
+                        return r;
+        }
 
 #if ENABLE_POLKIT
         _cleanup_(async_polkit_query_unrefp) AsyncPolkitQuery *q = NULL;
diff --git a/src/shared/bus-polkit.h b/src/shared/bus-polkit.h
index 3394c23a2b2..9fb5d83f0c1 100644
--- a/src/shared/bus-polkit.h
+++ b/src/shared/bus-polkit.h
@@ -9,6 +9,7 @@
 
 typedef enum PolkitFLags {
         POLKIT_ALLOW_INTERACTIVE = 1 << 0, /* Allow interactive auth (typically not required, because can be derived from bus message/link automatically) */
+        POLKIT_ALWAYS_QUERY      = 1 << 1, /* Query polkit even if client is privileged */
 } PolkitFlags;
 
 int bus_test_polkit(sd_bus_message *call, const char *action, const char **details, uid_t good_user, bool *_challenge, sd_bus_error *e);