bus-polkit: shortcut auth. after first denial

A D-Bus/Varlink method can issue PolicyKit auth. requests for multiple actions; in this case the method is expected to fail on the first one that is not allowed. This is enforced by asserts in async_polkit_read_reply(), but that's a wrong place for the check for two reasons: 1. it doesn't allow to get a meaningful stack trace; 2. sending the query to polkit is already a pointless exercise. Let's do the check in *_verify_polkit_async_full() and don't send anything to PolicyKit in that case. Inspired by https://bugzilla.redhat.com/show_bug.cgi?id=2349594 .
2025-03-31 14:50:15 +03:00 · 2025-03-07 16:22:00 +01:00 · 2025-03-07 16:22:00 +01:00 · 536c18e5c3
commit 536c18e5c3
parent cd20d48c69
1 changed files with 4 additions and 0 deletions
--- a/src/shared/bus-polkit.c
+++ b/src/shared/bus-polkit.c
@ -438,6 +438,10 @@ static int async_polkit_query_check_action(
        if (q->absent_action)
                return FLAGS_SET(flags, POLKIT_DEFAULT_ALLOW) ? 1 /* Allow! */ : -EACCES /* Deny! */;

+        /* Also deny if we've got an auth. failure for a previous action */
+        if (q->denied_action || q->error_action)
+                return -EALREADY;
+
        return 0; /* no reply yet */
 }
 #endif