chiark / gitweb /
polkit: rename bus_verify_polkit() to bus_test_polkit() and make it strictly non...
authorLennart Poettering <lennart@poettering.net>
Mon, 6 Apr 2015 18:25:56 +0000 (20:25 +0200)
committerSven Eden <yamakuzure@gmx.net>
Tue, 14 Mar 2017 06:51:14 +0000 (07:51 +0100)
Interactive authorization should only happen asynchronously, hence
disallow it in synchronous bus_verify_polkit(), and rename it to
bus_test_polkit(). This way even if the bus message header asks for
interactive authorization, we'll ask for non-interactive authorization
which is actually the desired behaviour if CanSuspend, CanHibernate and
friends, which call this function.

src/libelogind/sd-bus/bus-util.c
src/libelogind/sd-bus/bus-util.h
src/login/logind-dbus.c

index 164fbf8..4bc16aa 100644 (file)
@@ -211,11 +211,10 @@ static int check_good_user(sd_bus_message *m, uid_t good_user) {
         return sender_uid == good_user;
 }
 
         return sender_uid == good_user;
 }
 
-int bus_verify_polkit(
+int bus_test_polkit(
                 sd_bus_message *call,
                 int capability,
                 const char *action,
                 sd_bus_message *call,
                 int capability,
                 const char *action,
-                bool interactive,
                 uid_t good_user,
                 bool *_challenge,
                 sd_bus_error *e) {
                 uid_t good_user,
                 bool *_challenge,
                 sd_bus_error *e) {
@@ -225,6 +224,8 @@ int bus_verify_polkit(
         assert(call);
         assert(action);
 
         assert(call);
         assert(action);
 
+        /* Tests non-interactively! */
+
         r = check_good_user(call, good_user);
         if (r != 0)
                 return r;
         r = check_good_user(call, good_user);
         if (r != 0)
                 return r;
@@ -237,19 +238,13 @@ int bus_verify_polkit(
 #ifdef ENABLE_POLKIT
         else {
                 _cleanup_bus_message_unref_ sd_bus_message *reply = NULL;
 #ifdef ENABLE_POLKIT
         else {
                 _cleanup_bus_message_unref_ sd_bus_message *reply = NULL;
-                int authorized = false, challenge = false, c;
+                int authorized = false, challenge = false;
                 const char *sender;
 
                 sender = sd_bus_message_get_sender(call);
                 if (!sender)
                         return -EBADMSG;
 
                 const char *sender;
 
                 sender = sd_bus_message_get_sender(call);
                 if (!sender)
                         return -EBADMSG;
 
-                c = sd_bus_message_get_allow_interactive_authorization(call);
-                if (c < 0)
-                        return c;
-                if (c > 0)
-                        interactive = true;
-
                 r = sd_bus_call_method(
                                 call->bus,
                                 "org.freedesktop.PolicyKit1",
                 r = sd_bus_call_method(
                                 call->bus,
                                 "org.freedesktop.PolicyKit1",
@@ -262,7 +257,7 @@ int bus_verify_polkit(
                                 "system-bus-name", 1, "name", "s", sender,
                                 action,
                                 0,
                                 "system-bus-name", 1, "name", "s", sender,
                                 action,
                                 0,
-                                !!interactive,
+                                0,
                                 "");
 
                 if (r < 0) {
                                 "");
 
                 if (r < 0) {
index 9f04871..cc16a9d 100644 (file)
@@ -69,7 +69,7 @@ int bus_name_has_owner(sd_bus *c, const char *name, sd_bus_error *error);
 
 int bus_check_peercred(sd_bus *c);
 
 
 int bus_check_peercred(sd_bus *c);
 
-int bus_verify_polkit(sd_bus_message *call, int capability, const char *action, bool interactive, uid_t good_user, bool *_challenge, sd_bus_error *e);
+int bus_test_polkit(sd_bus_message *call, int capability, const char *action, uid_t good_user, bool *_challenge, sd_bus_error *e);
 
 int bus_verify_polkit_async(sd_bus_message *call, int capability, const char *action, bool interactive, uid_t good_user, Hashmap **registry, sd_bus_error *error);
 void bus_verify_polkit_async_registry_free(Hashmap *registry);
 
 int bus_verify_polkit_async(sd_bus_message *call, int capability, const char *action, bool interactive, uid_t good_user, Hashmap **registry, sd_bus_error *error);
 void bus_verify_polkit_async_registry_free(Hashmap *registry);
index e929e22..8bdb245 100644 (file)
@@ -1729,7 +1729,7 @@ static int method_can_shutdown_or_sleep(
         blocked = manager_is_inhibited(m, w, INHIBIT_BLOCK, NULL, false, true, uid, NULL);
 
         if (multiple_sessions) {
         blocked = manager_is_inhibited(m, w, INHIBIT_BLOCK, NULL, false, true, uid, NULL);
 
         if (multiple_sessions) {
-                r = bus_verify_polkit(message, CAP_SYS_BOOT, action_multiple_sessions, false, UID_INVALID, &challenge, error);
+                r = bus_test_polkit(message, CAP_SYS_BOOT, action_multiple_sessions, UID_INVALID, &challenge, error);
                 if (r < 0)
                         return r;
 
                 if (r < 0)
                         return r;
 
@@ -1742,7 +1742,7 @@ static int method_can_shutdown_or_sleep(
         }
 
         if (blocked) {
         }
 
         if (blocked) {
-                r = bus_verify_polkit(message, CAP_SYS_BOOT, action_ignore_inhibit, false, UID_INVALID, &challenge, error);
+                r = bus_test_polkit(message, CAP_SYS_BOOT, action_ignore_inhibit, UID_INVALID, &challenge, error);
                 if (r < 0)
                         return r;
 
                 if (r < 0)
                         return r;
 
@@ -1758,7 +1758,7 @@ static int method_can_shutdown_or_sleep(
                 /* If neither inhibit nor multiple sessions
                  * apply then just check the normal policy */
 
                 /* If neither inhibit nor multiple sessions
                  * apply then just check the normal policy */
 
-                r = bus_verify_polkit(message, CAP_SYS_BOOT, action, false, UID_INVALID, &challenge, error);
+                r = bus_test_polkit(message, CAP_SYS_BOOT, action, UID_INVALID, &challenge, error);
                 if (r < 0)
                         return r;
 
                 if (r < 0)
                         return r;