bus-polkit: don't propagate error from polkit

An error reply from polkit is a valid case and should not be propagated as failure of async_polkit_callback(). It should only be saved here. It'll be returned by bus_verify_polkit_async() later, when it's called for the same method again. Follow-up for systemd#26365.
peckato1 · Aug 17, 2023 · 45b1c01 · 45b1c01
1 parent fab0eeb
commit 45b1c01
Showing 1 changed file with 10 additions and 7 deletions.
diff --git a/src/shared/bus-polkit.c b/src/shared/bus-polkit.c
@@ -266,15 +266,18 @@ static int async_polkit_read_reply(sd_bus_message *reply, AsyncPolkitQuery *q) {
 
                 e = sd_bus_message_get_error(reply);
 
-                /* Save error from polkit reply, so it can be returned when the same authorization is
-                 * attempted for second time */
-                if (!bus_error_is_unknown_service(e)) {
+                if (bus_error_is_unknown_service(e))
+                        /* Treat no PK available as access denied */
+                        q->denied_action = TAKE_PTR(a);
+                else {
+                        /* Save error from polkit reply, so it can be returned when the same authorization
+                         * is attempted for second time */
                         q->error_action = TAKE_PTR(a);
-                        return sd_bus_error_copy(&q->error, e);
+                        r = sd_bus_error_copy(&q->error, e);
+                        if (r == -ENOMEM)
+                                return r;
                 }
 
-                /* Treat no PK available as access denied */
-                q->denied_action = TAKE_PTR(a);
                 return 0;
         }
 
@@ -288,7 +291,7 @@ static int async_polkit_read_reply(sd_bus_message *reply, AsyncPolkitQuery *q) {
                 LIST_PREPEND(authorized, q->authorized_actions, TAKE_PTR(a));
         else if (challenge) {
                 q->error_action = TAKE_PTR(a);
-                return sd_bus_error_set(&q->error, SD_BUS_ERROR_INTERACTIVE_AUTHORIZATION_REQUIRED, "Interactive authentication required.");
+                sd_bus_error_set_const(&q->error, SD_BUS_ERROR_INTERACTIVE_AUTHORIZATION_REQUIRED, "Interactive authentication required.");
         } else
                 q->denied_action = TAKE_PTR(a);