diff options
author | Lennart Poettering <lennart@poettering.net> | 2024-06-27 12:47:46 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-06-27 12:47:46 +0200 |
commit | db2b897a8607edf4fcd2e5472a1f630be549ef5d (patch) | |
tree | b582cfff52bb2b7e2867d29b3e0dc33a0750fc36 /src/shared | |
parent | Merge pull request #32560 from poettering/varlink-double-fd (diff) | |
parent | hostnamed: make sure we can actually properly parse 'allowInteractiveAuthenti... (diff) | |
download | systemd-db2b897a8607edf4fcd2e5472a1f630be549ef5d.tar.xz systemd-db2b897a8607edf4fcd2e5472a1f630be549ef5d.zip |
Merge pull request #33503 from poettering/hostnamed-polkit-fixes
hostnamed: minor corrects to Varlink polkit handling
Diffstat (limited to 'src/shared')
-rw-r--r-- | src/shared/bus-polkit.c | 12 | ||||
-rw-r--r-- | src/shared/bus-polkit.h | 1 | ||||
-rw-r--r-- | src/shared/varlink-io.systemd.Hostname.c | 1 |
3 files changed, 9 insertions, 5 deletions
diff --git a/src/shared/bus-polkit.c b/src/shared/bus-polkit.c index aefc84a00c..00c55463c8 100644 --- a/src/shared/bus-polkit.c +++ b/src/shared/bus-polkit.c @@ -786,11 +786,13 @@ int varlink_verify_polkit_async_full( if (r != 0) log_debug("Found matching previous polkit authentication for '%s'.", action); if (r < 0) { - /* Reply with a nice error */ - if (sd_bus_error_has_name(&error, SD_BUS_ERROR_INTERACTIVE_AUTHORIZATION_REQUIRED)) - (void) varlink_error(link, VARLINK_ERROR_INTERACTIVE_AUTHENTICATION_REQUIRED, NULL); - else if (ERRNO_IS_NEG_PRIVILEGE(r)) - (void) varlink_error(link, VARLINK_ERROR_PERMISSION_DENIED, NULL); + if (!FLAGS_SET(flags, POLKIT_DONT_REPLY)) { + /* Reply with a nice error */ + if (sd_bus_error_has_name(&error, SD_BUS_ERROR_INTERACTIVE_AUTHORIZATION_REQUIRED)) + (void) varlink_error(link, VARLINK_ERROR_INTERACTIVE_AUTHENTICATION_REQUIRED, NULL); + else if (ERRNO_IS_NEG_PRIVILEGE(r)) + (void) varlink_error(link, VARLINK_ERROR_PERMISSION_DENIED, NULL); + } return r; } diff --git a/src/shared/bus-polkit.h b/src/shared/bus-polkit.h index 25616a0a45..ba83cedbe1 100644 --- a/src/shared/bus-polkit.h +++ b/src/shared/bus-polkit.h @@ -11,6 +11,7 @@ typedef enum PolkitFLags { POLKIT_ALLOW_INTERACTIVE = 1 << 0, /* Allow interactive auth (typically not required, because can be derived from bus message/link automatically) */ POLKIT_ALWAYS_QUERY = 1 << 1, /* Query polkit even if client is privileged */ POLKIT_DEFAULT_ALLOW = 1 << 2, /* If polkit is not around, assume "allow" rather than the usual "deny" */ + POLKIT_DONT_REPLY = 1 << 3, /* Varlink: don't immediately propagate polkit error to the Varlink client */ } PolkitFlags; int bus_test_polkit(sd_bus_message *call, const char *action, const char **details, uid_t good_user, bool *_challenge, sd_bus_error *e); diff --git a/src/shared/varlink-io.systemd.Hostname.c b/src/shared/varlink-io.systemd.Hostname.c index a6c6aec2a8..247bca6da3 100644 --- a/src/shared/varlink-io.systemd.Hostname.c +++ b/src/shared/varlink-io.systemd.Hostname.c @@ -4,6 +4,7 @@ static VARLINK_DEFINE_METHOD( Describe, + VARLINK_DEFINE_INPUT(allowInteractiveAuthentication, VARLINK_BOOL, VARLINK_NULLABLE), VARLINK_DEFINE_OUTPUT(Hostname, VARLINK_STRING, 0), VARLINK_DEFINE_OUTPUT(StaticHostname, VARLINK_STRING, VARLINK_NULLABLE), VARLINK_DEFINE_OUTPUT(PrettyHostname, VARLINK_STRING, VARLINK_NULLABLE), |