From: Lennart Poettering <lennart@poettering.net>
Date: Tue, 16 Jan 2024 11:53:39 +0000 (+0100)
Subject: bus-polkit: treat various well-known PK errors as denied
X-Git-Tag: v256-rc1~1144^2~2
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=956d8aee01c3fed8a7a7105fe019ff2df8454f29;p=thirdparty%2Fsystemd.git

bus-polkit: treat various well-known PK errors as denied

Various recognizable errors from

https://www.freedesktop.org/software/polkit/docs/latest/eggdbus-interface-org.freedesktop.PolicyKit1.Authority.html#eggdbus-errordomain-org.freedesktop.PolicyKit1.Error.

should be considered access failures, hence treat them like that.
---

diff --git a/src/shared/bus-polkit.c b/src/shared/bus-polkit.c
index ff905d147f8..8564eccce17 100644
--- a/src/shared/bus-polkit.c
+++ b/src/shared/bus-polkit.c
@@ -280,8 +280,13 @@ static int async_polkit_read_reply(sd_bus_message *reply, AsyncPolkitQuery *q) {
 
                 e = sd_bus_message_get_error(reply);
 
-                if (bus_error_is_unknown_service(e))
-                        /* Treat no PK available as access denied */
+                if (bus_error_is_unknown_service(e) ||
+                    sd_bus_error_has_names(
+                                    e,
+                                    "org.freedesktop.PolicyKit1.Error.Failed",
+                                    "org.freedesktop.PolicyKit1.Error.Cancelled",
+                                    "org.freedesktop.PolicyKit1.Error.NotAuthorized"))
+                        /* Treat no PK available as access denied. Also treat some of the well-known PK errors as such. */
                         q->denied_action = TAKE_PTR(a);
                 else {
                         /* Save error from polkit reply, so it can be returned when the same authorization