Interactive authorization should only happen asynchronously, hence
disallow it in synchronous bus_verify_polkit(), and rename it to
bus_test_polkit(). This way even if the bus message header asks for
interactive authorization, we'll ask for non-interactive authorization
which is actually the desired behaviour if CanSuspend, CanHibernate and
friends, which call this function.
return sender_uid == good_user;
}
return sender_uid == good_user;
}
sd_bus_message *call,
int capability,
const char *action,
sd_bus_message *call,
int capability,
const char *action,
uid_t good_user,
bool *_challenge,
sd_bus_error *e) {
uid_t good_user,
bool *_challenge,
sd_bus_error *e) {
assert(call);
assert(action);
assert(call);
assert(action);
+ /* Tests non-interactively! */
+
r = check_good_user(call, good_user);
if (r != 0)
return r;
r = check_good_user(call, good_user);
if (r != 0)
return r;
#ifdef ENABLE_POLKIT
else {
_cleanup_bus_message_unref_ sd_bus_message *reply = NULL;
#ifdef ENABLE_POLKIT
else {
_cleanup_bus_message_unref_ sd_bus_message *reply = NULL;
- int authorized = false, challenge = false, c;
+ int authorized = false, challenge = false;
const char *sender;
sender = sd_bus_message_get_sender(call);
if (!sender)
return -EBADMSG;
const char *sender;
sender = sd_bus_message_get_sender(call);
if (!sender)
return -EBADMSG;
- c = sd_bus_message_get_allow_interactive_authorization(call);
- if (c < 0)
- return c;
- if (c > 0)
- interactive = true;
-
r = sd_bus_call_method(
call->bus,
"org.freedesktop.PolicyKit1",
r = sd_bus_call_method(
call->bus,
"org.freedesktop.PolicyKit1",
"system-bus-name", 1, "name", "s", sender,
action,
0,
"system-bus-name", 1, "name", "s", sender,
action,
0,
int bus_check_peercred(sd_bus *c);
int bus_check_peercred(sd_bus *c);
-int bus_verify_polkit(sd_bus_message *call, int capability, const char *action, bool interactive, uid_t good_user, bool *_challenge, sd_bus_error *e);
+int bus_test_polkit(sd_bus_message *call, int capability, const char *action, uid_t good_user, bool *_challenge, sd_bus_error *e);
int bus_verify_polkit_async(sd_bus_message *call, int capability, const char *action, bool interactive, uid_t good_user, Hashmap **registry, sd_bus_error *error);
void bus_verify_polkit_async_registry_free(Hashmap *registry);
int bus_verify_polkit_async(sd_bus_message *call, int capability, const char *action, bool interactive, uid_t good_user, Hashmap **registry, sd_bus_error *error);
void bus_verify_polkit_async_registry_free(Hashmap *registry);
blocked = manager_is_inhibited(m, w, INHIBIT_BLOCK, NULL, false, true, uid, NULL);
if (multiple_sessions) {
blocked = manager_is_inhibited(m, w, INHIBIT_BLOCK, NULL, false, true, uid, NULL);
if (multiple_sessions) {
- r = bus_verify_polkit(message, CAP_SYS_BOOT, action_multiple_sessions, false, UID_INVALID, &challenge, error);
+ r = bus_test_polkit(message, CAP_SYS_BOOT, action_multiple_sessions, UID_INVALID, &challenge, error);
- r = bus_verify_polkit(message, CAP_SYS_BOOT, action_ignore_inhibit, false, UID_INVALID, &challenge, error);
+ r = bus_test_polkit(message, CAP_SYS_BOOT, action_ignore_inhibit, UID_INVALID, &challenge, error);
/* If neither inhibit nor multiple sessions
* apply then just check the normal policy */
/* If neither inhibit nor multiple sessions
* apply then just check the normal policy */
- r = bus_verify_polkit(message, CAP_SYS_BOOT, action, false, UID_INVALID, &challenge, error);
+ r = bus_test_polkit(message, CAP_SYS_BOOT, action, UID_INVALID, &challenge, error);
~ianmdlvl / elogind.git / commitdiff