diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-06-12 03:50:40 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-06-12 03:50:40 +0000 |
commit | fc53809803cd2bc2434e312b19a18fa36776da12 (patch) | |
tree | b4b43bd6538f51965ce32856e9c053d0f90919c8 /src/shared/bus-polkit.h | |
parent | Adding upstream version 255.5. (diff) | |
download | systemd-fc53809803cd2bc2434e312b19a18fa36776da12.tar.xz systemd-fc53809803cd2bc2434e312b19a18fa36776da12.zip |
Adding upstream version 256.upstream/256
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'src/shared/bus-polkit.h')
-rw-r--r-- | src/shared/bus-polkit.h | 31 |
1 files changed, 28 insertions, 3 deletions
diff --git a/src/shared/bus-polkit.h b/src/shared/bus-polkit.h index e2a3b7e..f3741b2 100644 --- a/src/shared/bus-polkit.h +++ b/src/shared/bus-polkit.h @@ -4,8 +4,33 @@ #include "sd-bus.h" #include "hashmap.h" +#include "user-util.h" +#include "varlink.h" -int bus_test_polkit(sd_bus_message *call, int capability, const char *action, const char **details, uid_t good_user, bool *_challenge, sd_bus_error *e); +typedef enum PolkitFLags { + POLKIT_ALLOW_INTERACTIVE = 1 << 0, /* Allow interactive auth (typically not required, because can be derived from bus message/link automatically) */ + POLKIT_ALWAYS_QUERY = 1 << 1, /* Query polkit even if client is privileged */ + POLKIT_DEFAULT_ALLOW = 1 << 2, /* If polkit is not around, assume "allow" rather than the usual "deny" */ +} PolkitFlags; -int bus_verify_polkit_async(sd_bus_message *call, int capability, const char *action, const char **details, bool interactive, uid_t good_user, Hashmap **registry, sd_bus_error *error); -Hashmap *bus_verify_polkit_async_registry_free(Hashmap *registry); +int bus_test_polkit(sd_bus_message *call, const char *action, const char **details, uid_t good_user, bool *_challenge, sd_bus_error *e); + +int bus_verify_polkit_async_full(sd_bus_message *call, const char *action, const char **details, uid_t good_user, PolkitFlags flags, Hashmap **registry, sd_bus_error *error); +static inline int bus_verify_polkit_async(sd_bus_message *call, const char *action, const char **details, Hashmap **registry, sd_bus_error *error) { + return bus_verify_polkit_async_full(call, action, details, UID_INVALID, 0, registry, error); +} + +int varlink_verify_polkit_async_full(Varlink *link, sd_bus *bus, const char *action, const char **details, uid_t good_user, PolkitFlags flags, Hashmap **registry); +static inline int varlink_verify_polkit_async(Varlink *link, sd_bus *bus, const char *action, const char **details, Hashmap **registry) { + return varlink_verify_polkit_async_full(link, bus, action, details, UID_INVALID, 0, registry); +} + +/* A JsonDispatch initializer that makes sure the allowInteractiveAuthentication boolean field we want for + * polkit support in Varlink calls is ignored while regular dispatching (and does not result in errors + * regarding unexpected fields) */ +#define VARLINK_DISPATCH_POLKIT_FIELD { \ + .name = "allowInteractiveAuthentication", \ + .type = JSON_VARIANT_BOOLEAN, \ + } + +bool varlink_has_polkit_action(Varlink *link, const char *action, const char **details, Hashmap **registry); |