diff --git a/src/shared/bus-polkit.c b/src/shared/bus-polkit.c index ed884c30018..03870df2b4a 100644 --- a/src/shared/bus-polkit.c +++ b/src/shared/bus-polkit.c @@ -56,7 +56,7 @@ static int bus_message_new_polkit_auth_call_for_bus( sd_bus_message *m, const char *action, const char **details, - bool interactive, + PolkitFlags flags, sd_bus_message **ret) { _cleanup_(sd_bus_message_unrefp) sd_bus_message *c = NULL; @@ -89,7 +89,7 @@ static int bus_message_new_polkit_auth_call_for_bus( if (r < 0) return r; - r = sd_bus_message_append(c, "us", interactive, NULL); + r = sd_bus_message_append(c, "us", (uint32_t) (flags & _POLKIT_MASK_PUBLIC), NULL); if (r < 0) return r; @@ -569,16 +569,14 @@ int bus_verify_polkit_async_full( } #if ENABLE_POLKIT - bool interactive = FLAGS_SET(flags, POLKIT_ALLOW_INTERACTIVE); - int c = sd_bus_message_get_allow_interactive_authorization(call); if (c < 0) return c; if (c > 0) - interactive = true; + flags |= POLKIT_ALLOW_INTERACTIVE; _cleanup_(sd_bus_message_unrefp) sd_bus_message *pk = NULL; - r = bus_message_new_polkit_auth_call_for_bus(call, action, details, interactive, &pk); + r = bus_message_new_polkit_auth_call_for_bus(call, action, details, flags, &pk); if (r < 0) return r; @@ -663,7 +661,7 @@ static int bus_message_new_polkit_auth_call_for_varlink( sd_varlink *link, const char *action, const char **details, - bool interactive, + PolkitFlags flags, sd_bus_message **ret) { _cleanup_(sd_bus_message_unrefp) sd_bus_message *c = NULL; @@ -710,7 +708,7 @@ static int bus_message_new_polkit_auth_call_for_varlink( if (r < 0) return r; - r = sd_bus_message_append(c, "us", interactive, NULL); + r = sd_bus_message_append(c, "us", (uint32_t) (flags & _POLKIT_MASK_PUBLIC), NULL); if (r < 0) return r; @@ -814,12 +812,11 @@ int varlink_verify_polkit_async_full( bus = mybus; } - bool interactive = - FLAGS_SET(flags, POLKIT_ALLOW_INTERACTIVE) || - varlink_allow_interactive_authentication(link); + if (varlink_allow_interactive_authentication(link)) + flags |= POLKIT_ALLOW_INTERACTIVE; _cleanup_(sd_bus_message_unrefp) sd_bus_message *pk = NULL; - r = bus_message_new_polkit_auth_call_for_varlink(bus, link, action, details, interactive, &pk); + r = bus_message_new_polkit_auth_call_for_varlink(bus, link, action, details, flags, &pk); if (r < 0) return r; diff --git a/src/shared/bus-polkit.h b/src/shared/bus-polkit.h index 3ee9a41d398..64340dc338f 100644 --- a/src/shared/bus-polkit.h +++ b/src/shared/bus-polkit.h @@ -12,6 +12,7 @@ typedef enum PolkitFLags { POLKIT_ALWAYS_QUERY = 1 << 1, /* Query polkit even if client is privileged */ POLKIT_DEFAULT_ALLOW = 1 << 2, /* If polkit is not around, assume "allow" rather than the usual "deny" */ POLKIT_DONT_REPLY = 1 << 3, /* Varlink: don't immediately propagate polkit error to the Varlink client */ + _POLKIT_MASK_PUBLIC = POLKIT_ALLOW_INTERACTIVE | POLKIT_ALWAYS_QUERY, /* polkit accepts these flags verbatim */ } PolkitFlags; int bus_test_polkit(sd_bus_message *call, const char *action, const char **details, uid_t good_user, bool *_challenge, sd_bus_error *e);