bus-polkit: don't propagate error from polkit

An error reply from polkit is a valid case and should not be propagated as failure of async_polkit_callback(). It should only be saved here. It'll be returned by bus_verify_polkit_async() later, when it's called for the same method again. Follow-up for #26365.
author: David Tardon <dtardon@redhat.com> 2023-08-17 07:49:35 +0200
committer: Lennart Poettering <lennart@poettering.net> 2023-08-17 12:08:32 +0200
commit: 45b1c015b0eaff65b1f34e0ba8d072939eaa3926 (patch)
tree: 7e3ba17b8ebd920b61fb5b469e3017cde815a679 /src/shared/bus-polkit.c
parent: systemd-stub: ignore EFI shell unauthenticated kernel command line if we are ... (diff)
download: systemd-45b1c015b0eaff65b1f34e0ba8d072939eaa3926.tar.xz
systemd-45b1c015b0eaff65b1f34e0ba8d072939eaa3926.zip
1 files changed, 10 insertions, 7 deletions
diff --git a/src/shared/bus-polkit.c b/src/shared/bus-polkit.c
index 2d9e521fc5..b9ea8aa7da 100644
--- a/src/shared/bus-polkit.c
+++ b/src/shared/bus-polkit.c
@@ -266,15 +266,18 @@ static int async_polkit_read_reply(sd_bus_message *reply, AsyncPolkitQuery *q) {
 
                 e = sd_bus_message_get_error(reply);
 
-                /* Save error from polkit reply, so it can be returned when the same authorization is
-                 * attempted for second time */
-                if (!bus_error_is_unknown_service(e)) {
+                if (bus_error_is_unknown_service(e))
+                        /* Treat no PK available as access denied */
+                        q->denied_action = TAKE_PTR(a);
+                else {
+                        /* Save error from polkit reply, so it can be returned when the same authorization
+                         * is attempted for second time */
                         q->error_action = TAKE_PTR(a);
-                        return sd_bus_error_copy(&q->error, e);
+                        r = sd_bus_error_copy(&q->error, e);
+                        if (r == -ENOMEM)
+                                return r;
                 }
 
-                /* Treat no PK available as access denied */
-                q->denied_action = TAKE_PTR(a);
                 return 0;
         }
 
@@ -288,7 +291,7 @@ static int async_polkit_read_reply(sd_bus_message *reply, AsyncPolkitQuery *q) {
                 LIST_PREPEND(authorized, q->authorized_actions, TAKE_PTR(a));
         else if (challenge) {
                 q->error_action = TAKE_PTR(a);
-                return sd_bus_error_set(&q->error, SD_BUS_ERROR_INTERACTIVE_AUTHORIZATION_REQUIRED, "Interactive authentication required.");
+                sd_bus_error_set_const(&q->error, SD_BUS_ERROR_INTERACTIVE_AUTHORIZATION_REQUIRED, "Interactive authentication required.");
         } else
                 q->denied_action = TAKE_PTR(a);
author	David Tardon <dtardon@redhat.com>	2023-08-17 07:49:35 +0200
committer	Lennart Poettering <lennart@poettering.net>	2023-08-17 12:08:32 +0200
commit	45b1c015b0eaff65b1f34e0ba8d072939eaa3926 (patch)
tree	7e3ba17b8ebd920b61fb5b469e3017cde815a679 /src/shared/bus-polkit.c
parent	systemd-stub: ignore EFI shell unauthenticated kernel command line if we are ... (diff)
download	systemd-45b1c015b0eaff65b1f34e0ba8d072939eaa3926.tar.xz systemd-45b1c015b0eaff65b1f34e0ba8d072939eaa3926.zip