diff options
| author | Lennart Poettering <lennart@poettering.net> | 2015-04-06 20:25:56 +0200 | 
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2015-04-07 15:42:25 +0200 | 
| commit | ceb242292630b4633aa707b565585a1e8bcbfeb8 (patch) | |
| tree | b46791f8fb0f05668140c3a16bd3f8e450b9bb4c /src/libsystemd/sd-bus/bus-util.c | |
| parent | 527b7a421ff3927d4f3f170b1b143452e88ae1dc (diff) | |
polkit: rename bus_verify_polkit() to bus_test_polkit() and make it strictly non-interactive
Interactive authorization should only happen asynchronously, hence
disallow it in synchronous bus_verify_polkit(), and rename it to
bus_test_polkit(). This way even if the bus message header asks for
interactive authorization, we'll ask for non-interactive authorization
which is actually the desired behaviour if CanSuspend, CanHibernate and
friends, which call this function.
Diffstat (limited to 'src/libsystemd/sd-bus/bus-util.c')
| -rw-r--r-- | src/libsystemd/sd-bus/bus-util.c | 15 | 
1 files changed, 5 insertions, 10 deletions
| diff --git a/src/libsystemd/sd-bus/bus-util.c b/src/libsystemd/sd-bus/bus-util.c index dcad701980..6498769260 100644 --- a/src/libsystemd/sd-bus/bus-util.c +++ b/src/libsystemd/sd-bus/bus-util.c @@ -211,11 +211,10 @@ static int check_good_user(sd_bus_message *m, uid_t good_user) {          return sender_uid == good_user;  } -int bus_verify_polkit( +int bus_test_polkit(                  sd_bus_message *call,                  int capability,                  const char *action, -                bool interactive,                  uid_t good_user,                  bool *_challenge,                  sd_bus_error *e) { @@ -225,6 +224,8 @@ int bus_verify_polkit(          assert(call);          assert(action); +        /* Tests non-interactively! */ +          r = check_good_user(call, good_user);          if (r != 0)                  return r; @@ -237,19 +238,13 @@ int bus_verify_polkit(  #ifdef ENABLE_POLKIT          else {                  _cleanup_bus_message_unref_ sd_bus_message *reply = NULL; -                int authorized = false, challenge = false, c; +                int authorized = false, challenge = false;                  const char *sender;                  sender = sd_bus_message_get_sender(call);                  if (!sender)                          return -EBADMSG; -                c = sd_bus_message_get_allow_interactive_authorization(call); -                if (c < 0) -                        return c; -                if (c > 0) -                        interactive = true; -                  r = sd_bus_call_method(                                  call->bus,                                  "org.freedesktop.PolicyKit1", @@ -262,7 +257,7 @@ int bus_verify_polkit(                                  "system-bus-name", 1, "name", "s", sender,                                  action,                                  0, -                                !!interactive, +                                0,                                  "");                  if (r < 0) { | 
