shaba/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd.git synced 2025-09-13 05:44:40 +03:00
Code Activity

bus-polkit: move verification to a separate function

Browse Source
This commit is contained in:
David Tardon
2023-02-03 14:05:46 +01:00
parent bc8187f75a
commit d2c50a176d
1 changed files with 58 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

60
src/shared/bus-polkit.c
View File

@@ -246,43 +246,29 @@ fail:
return r; return r;
} }
#endif static int process_polkit_response(
AsyncPolkitQuery *q,
int bus_verify_polkit_async(
sd_bus_message *call, sd_bus_message *call,
int capability,
const char *action, const char *action,
const char **details, const char **details,
bool interactive,
uid_t good_user,
Hashmap **registry, Hashmap **registry,
sd_bus_error *ret_error) { sd_bus_error *ret_error) {
const char *sender; int authorized, challenge, r;
int r;
assert(q);
assert(call); assert(call);
assert(action); assert(action);
assert(registry); assert(registry);
assert(ret_error);
r = check_good_user(call, good_user); assert(q->action);
if (r != 0)
return r;
#if ENABLE_POLKIT
AsyncPolkitQuery *q = hashmap_get(*registry, call);
if (q) {
int authorized, challenge;
/* This is the second invocation of this function, and there's already a response from
* polkit, let's process it */
assert(q->reply); assert(q->reply);
/* If the operation we want to authenticate changed between the first and the second time, /* If the operation we want to authenticate changed between the first and the second time,
* let's not use this authentication, it might be out of date as the object and context we * let's not use this authentication, it might be out of date as the object and context we
* operate on might have changed. */ * operate on might have changed. */
if (!streq(q->action, action) || if (!streq(q->action, action) || !strv_equal(q->details, (char**) details))
!strv_equal(q->details, (char**) details))
return -ESTALE; return -ESTALE;
if (sd_bus_message_is_method_error(q->reply, NULL)) { if (sd_bus_message_is_method_error(q->reply, NULL)) {
@@ -312,7 +298,37 @@ int bus_verify_polkit_async(
return sd_bus_error_set(ret_error, SD_BUS_ERROR_INTERACTIVE_AUTHORIZATION_REQUIRED, "Interactive authentication required."); return sd_bus_error_set(ret_error, SD_BUS_ERROR_INTERACTIVE_AUTHORIZATION_REQUIRED, "Interactive authentication required.");
return -EACCES; return -EACCES;
} }
#endif
int bus_verify_polkit_async(
sd_bus_message *call,
int capability,
const char *action,
const char **details,
bool interactive,
uid_t good_user,
Hashmap **registry,
sd_bus_error *ret_error) {
const char *sender;
int r;
assert(call);
assert(action);
assert(registry);
r = check_good_user(call, good_user);
if (r != 0)
return r;
#if ENABLE_POLKIT
AsyncPolkitQuery *q = hashmap_get(*registry, call);
/* This is the second invocation of this function, and there's already a response from
* polkit, let's process it */
if (q)
return process_polkit_response(q, call, action, details, registry, ret_error);
#endif #endif
r = sd_bus_query_sender_privilege(call, capability); r = sd_bus_query_sender_privilege(call, capability);