/src/systemd/src/shared/bus-polkit.h
Line | Count | Source (jump to first uncovered line) |
1 | | /* SPDX-License-Identifier: LGPL-2.1-or-later */ |
2 | | #pragma once |
3 | | |
4 | | #include "sd-json.h" |
5 | | #include "sd-varlink.h" |
6 | | |
7 | | #include "forward.h" |
8 | | |
9 | | typedef enum PolkitFlags { |
10 | | POLKIT_ALLOW_INTERACTIVE = 1 << 0, /* Allow interactive auth (typically not required, because can be derived from bus message/link automatically) */ |
11 | | POLKIT_ALWAYS_QUERY = 1 << 1, /* Query polkit even if client is privileged */ |
12 | | POLKIT_DEFAULT_ALLOW = 1 << 2, /* If polkit is not around, assume "allow" rather than the usual "deny" */ |
13 | | POLKIT_DONT_REPLY = 1 << 3, /* Varlink: don't immediately propagate polkit error to the Varlink client */ |
14 | | _POLKIT_MASK_PUBLIC = POLKIT_ALLOW_INTERACTIVE | POLKIT_ALWAYS_QUERY, /* polkit accepts these flags verbatim */ |
15 | | } PolkitFlags; |
16 | | |
17 | | int bus_test_polkit(sd_bus_message *call, const char *action, const char **details, uid_t good_user, bool *_challenge, sd_bus_error *e); |
18 | | |
19 | | int bus_verify_polkit_async_full(sd_bus_message *call, const char *action, const char **details, uid_t good_user, PolkitFlags flags, Hashmap **registry, sd_bus_error *error); |
20 | 0 | static inline int bus_verify_polkit_async(sd_bus_message *call, const char *action, const char **details, Hashmap **registry, sd_bus_error *error) { |
21 | 0 | return bus_verify_polkit_async_full(call, action, details, UID_INVALID, 0, registry, error); |
22 | 0 | } Unexecuted instantiation: networkd-link-bus.c:bus_verify_polkit_async Unexecuted instantiation: networkd-manager-bus.c:bus_verify_polkit_async Unexecuted instantiation: networkd-manager-varlink.c:bus_verify_polkit_async |
23 | | |
24 | | int varlink_verify_polkit_async_full(sd_varlink *link, sd_bus *bus, const char *action, const char **details, uid_t good_user, PolkitFlags flags, Hashmap **registry); |
25 | 0 | static inline int varlink_verify_polkit_async(sd_varlink *link, sd_bus *bus, const char *action, const char **details, Hashmap **registry) { |
26 | 0 | return varlink_verify_polkit_async_full(link, bus, action, details, UID_INVALID, 0, registry); |
27 | 0 | } Unexecuted instantiation: networkd-link-bus.c:varlink_verify_polkit_async Unexecuted instantiation: networkd-manager-bus.c:varlink_verify_polkit_async Unexecuted instantiation: networkd-manager-varlink.c:varlink_verify_polkit_async |
28 | | |
29 | | /* A sd_json_dispatch_field initializer that makes sure the allowInteractiveAuthentication boolean field we want for |
30 | | * polkit support in Varlink calls is ignored while regular dispatching (and does not result in errors |
31 | | * regarding unexpected fields) */ |
32 | | #define VARLINK_DISPATCH_POLKIT_FIELD { \ |
33 | | .name = "allowInteractiveAuthentication", \ |
34 | | .type = SD_JSON_VARIANT_BOOLEAN, \ |
35 | | } |
36 | | |
37 | | /* A dispatch table that only accepts (but ignores) the Polkit field, and refuses everything else. This can |
38 | | * be used wherever methods do not accept any parameters but shall be access controlled via Polkit. */ |
39 | | extern const sd_json_dispatch_field dispatch_table_polkit_only[]; |
40 | | |
41 | | /* Generates the right Varlink introspection field for the allowInteractiveAuthentication field above. To be used in Varlink IDL definitions. */ |
42 | | #define VARLINK_DEFINE_POLKIT_INPUT \ |
43 | | SD_VARLINK_FIELD_COMMENT("Controls whether interactive authentication (via polkit) shall be allowed. If unspecified defaults to false."), \ |
44 | | SD_VARLINK_DEFINE_INPUT(allowInteractiveAuthentication, SD_VARLINK_BOOL, SD_VARLINK_NULLABLE) |
45 | | |
46 | | bool varlink_has_polkit_action(sd_varlink *link, const char *action, const char **details, Hashmap **registry); |