bus-polkit: don't propagate error from polkit

An error reply from polkit is a valid case and should not be propagated
as failure of async_polkit_callback(). It should only be saved here.
It'll be returned by bus_verify_polkit_async() later, when it's called
for the same method again.

Follow-up for #26365.

diff --git a/src/shared/bus-polkit.c b/src/shared/bus-polkit.c
index 2d9e521fc50f1fa02f1c88001ca163e270b34831..b9ea8aa7da143bff7ccc85e169f9ff755b62ddce 100644 (file)
--- a/src/shared/bus-polkit.c
+++ b/src/shared/bus-polkit.c
@@ -266,15 +266,18 @@ static int async_polkit_read_reply(sd_bus_message *reply, AsyncPolkitQuery *q) {
 
                 e = sd_bus_message_get_error(reply);
 
-                /* Save error from polkit reply, so it can be returned when the same authorization is
-                 * attempted for second time */
-                if (!bus_error_is_unknown_service(e)) {
+                if (bus_error_is_unknown_service(e))
+                        /* Treat no PK available as access denied */
+                        q->denied_action = TAKE_PTR(a);
+                else {
+                        /* Save error from polkit reply, so it can be returned when the same authorization
+                         * is attempted for second time */
                         q->error_action = TAKE_PTR(a);
-                        return sd_bus_error_copy(&q->error, e);
+                        r = sd_bus_error_copy(&q->error, e);
+                        if (r == -ENOMEM)
+                                return r;
                 }
 
-                /* Treat no PK available as access denied */
-                q->denied_action = TAKE_PTR(a);
                 return 0;
         }
 
@@ -288,7 +291,7 @@ static int async_polkit_read_reply(sd_bus_message *reply, AsyncPolkitQuery *q) {
                 LIST_PREPEND(authorized, q->authorized_actions, TAKE_PTR(a));
         else if (challenge) {
                 q->error_action = TAKE_PTR(a);
-                return sd_bus_error_set(&q->error, SD_BUS_ERROR_INTERACTIVE_AUTHORIZATION_REQUIRED, "Interactive authentication required.");
+                sd_bus_error_set_const(&q->error, SD_BUS_ERROR_INTERACTIVE_AUTHORIZATION_REQUIRED, "Interactive authentication required.");
         } else
                 q->denied_action = TAKE_PTR(a);