summaryrefslogtreecommitdiffstats
path: root/src/shared
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2024-06-27 12:47:46 +0200
committerGitHub <noreply@github.com>2024-06-27 12:47:46 +0200
commitdb2b897a8607edf4fcd2e5472a1f630be549ef5d (patch)
treeb582cfff52bb2b7e2867d29b3e0dc33a0750fc36 /src/shared
parentMerge pull request #32560 from poettering/varlink-double-fd (diff)
parenthostnamed: make sure we can actually properly parse 'allowInteractiveAuthenti... (diff)
downloadsystemd-db2b897a8607edf4fcd2e5472a1f630be549ef5d.tar.xz
systemd-db2b897a8607edf4fcd2e5472a1f630be549ef5d.zip
Merge pull request #33503 from poettering/hostnamed-polkit-fixes
hostnamed: minor corrects to Varlink polkit handling
Diffstat (limited to 'src/shared')
-rw-r--r--src/shared/bus-polkit.c12
-rw-r--r--src/shared/bus-polkit.h1
-rw-r--r--src/shared/varlink-io.systemd.Hostname.c1
3 files changed, 9 insertions, 5 deletions
diff --git a/src/shared/bus-polkit.c b/src/shared/bus-polkit.c
index aefc84a00c..00c55463c8 100644
--- a/src/shared/bus-polkit.c
+++ b/src/shared/bus-polkit.c
@@ -786,11 +786,13 @@ int varlink_verify_polkit_async_full(
if (r != 0)
log_debug("Found matching previous polkit authentication for '%s'.", action);
if (r < 0) {
- /* Reply with a nice error */
- if (sd_bus_error_has_name(&error, SD_BUS_ERROR_INTERACTIVE_AUTHORIZATION_REQUIRED))
- (void) varlink_error(link, VARLINK_ERROR_INTERACTIVE_AUTHENTICATION_REQUIRED, NULL);
- else if (ERRNO_IS_NEG_PRIVILEGE(r))
- (void) varlink_error(link, VARLINK_ERROR_PERMISSION_DENIED, NULL);
+ if (!FLAGS_SET(flags, POLKIT_DONT_REPLY)) {
+ /* Reply with a nice error */
+ if (sd_bus_error_has_name(&error, SD_BUS_ERROR_INTERACTIVE_AUTHORIZATION_REQUIRED))
+ (void) varlink_error(link, VARLINK_ERROR_INTERACTIVE_AUTHENTICATION_REQUIRED, NULL);
+ else if (ERRNO_IS_NEG_PRIVILEGE(r))
+ (void) varlink_error(link, VARLINK_ERROR_PERMISSION_DENIED, NULL);
+ }
return r;
}
diff --git a/src/shared/bus-polkit.h b/src/shared/bus-polkit.h
index 25616a0a45..ba83cedbe1 100644
--- a/src/shared/bus-polkit.h
+++ b/src/shared/bus-polkit.h
@@ -11,6 +11,7 @@ typedef enum PolkitFLags {
POLKIT_ALLOW_INTERACTIVE = 1 << 0, /* Allow interactive auth (typically not required, because can be derived from bus message/link automatically) */
POLKIT_ALWAYS_QUERY = 1 << 1, /* Query polkit even if client is privileged */
POLKIT_DEFAULT_ALLOW = 1 << 2, /* If polkit is not around, assume "allow" rather than the usual "deny" */
+ POLKIT_DONT_REPLY = 1 << 3, /* Varlink: don't immediately propagate polkit error to the Varlink client */
} PolkitFlags;
int bus_test_polkit(sd_bus_message *call, const char *action, const char **details, uid_t good_user, bool *_challenge, sd_bus_error *e);
diff --git a/src/shared/varlink-io.systemd.Hostname.c b/src/shared/varlink-io.systemd.Hostname.c
index a6c6aec2a8..247bca6da3 100644
--- a/src/shared/varlink-io.systemd.Hostname.c
+++ b/src/shared/varlink-io.systemd.Hostname.c
@@ -4,6 +4,7 @@
static VARLINK_DEFINE_METHOD(
Describe,
+ VARLINK_DEFINE_INPUT(allowInteractiveAuthentication, VARLINK_BOOL, VARLINK_NULLABLE),
VARLINK_DEFINE_OUTPUT(Hostname, VARLINK_STRING, 0),
VARLINK_DEFINE_OUTPUT(StaticHostname, VARLINK_STRING, VARLINK_NULLABLE),
VARLINK_DEFINE_OUTPUT(PrettyHostname, VARLINK_STRING, VARLINK_NULLABLE),