polkit: don't start polkit agent when running as root

[elogind.git] / src / shared / spawn-polkit-agent.c

diff --git a/src/shared/spawn-polkit-agent.c b/src/shared/spawn-polkit-agent.c
index fcb3722ddf90e4f99aaaa49a7db3287e185b15ff..7dae4d14fe22648a64fcfb3f3ef2fdd84cc0b135 100644 (file)
--- a/src/shared/spawn-polkit-agent.c
+++ b/src/shared/spawn-polkit-agent.c
@@ -1,5 +1,3 @@
-/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
-
 /***
   This file is part of systemd.
 
@@ -19,30 +17,37 @@
   along with systemd; If not, see <http://www.gnu.org/licenses/>.
 ***/
 
-#include <sys/types.h>
+#include <errno.h>
+#include <poll.h>
+#include <signal.h>
 #include <stdlib.h>
 #include <unistd.h>
-#include <string.h>
-#include <sys/prctl.h>
-#include <signal.h>
-#include <fcntl.h>
-#include <errno.h>
-#include <sys/poll.h>
 
+#include "fd-util.h"
+#include "io-util.h"
 #include "log.h"
-#include "util.h"
+#include "macro.h"
+#include "process-util.h"
 #include "spawn-polkit-agent.h"
+#include "stdio-util.h"
+#include "time-util.h"
+#include "util.h"
 
+#ifdef ENABLE_POLKIT
 static pid_t agent_pid = 0;
 
 int polkit_agent_open(void) {
         int r;
         int pipe_fd[2];
-        char notify_fd[10 + 1];
+        char notify_fd[DECIMAL_STR_MAX(int) + 1];
 
         if (agent_pid > 0)
                 return 0;
 
+        /* Clients that run as root don't need to activate/query polkit */
+        if (geteuid() == 0)
+                return 0;
+
         /* We check STDIN here, not STDOUT, since this is about input,
          * not output */
         if (!isatty(STDIN_FILENO))
@@ -51,8 +56,7 @@ int polkit_agent_open(void) {
         if (pipe2(pipe_fd, 0) < 0)
                 return -errno;
 
-        snprintf(notify_fd, sizeof(notify_fd), "%i", pipe_fd[1]);
-        char_array_0(notify_fd);
+        xsprintf(notify_fd, "%i", pipe_fd[1]);
 
         r = fork_agent(&agent_pid,
                        &pipe_fd[1], 1,
@@ -60,15 +64,15 @@ int polkit_agent_open(void) {
                        POLKIT_AGENT_BINARY_PATH, "--notify-fd", notify_fd, "--fallback", NULL);
 
         /* Close the writing side, because that's the one for the agent */
-        close_nointr_nofail(pipe_fd[1]);
+        safe_close(pipe_fd[1]);
 
         if (r < 0)
-                log_error("Failed to fork TTY ask password agent: %s", strerror(-r));
+                log_error_errno(r, "Failed to fork TTY ask password agent: %m");
         else
                 /* Wait until the agent closes the fd */
-                fd_wait_for_event(pipe_fd[0], POLLHUP, (usec_t) -1);
+                fd_wait_for_event(pipe_fd[0], POLLHUP, USEC_INFINITY);
 
-        close_nointr_nofail(pipe_fd[0]);
+        safe_close(pipe_fd[0]);
 
         return r;
 }
@@ -79,8 +83,20 @@ void polkit_agent_close(void) {
                 return;
 
         /* Inform agent that we are done */
-        kill(agent_pid, SIGTERM);
-        kill(agent_pid, SIGCONT);
-        wait_for_terminate(agent_pid, NULL);
+        (void) kill(agent_pid, SIGTERM);
+        (void) kill(agent_pid, SIGCONT);
+
+        (void) wait_for_terminate(agent_pid, NULL);
         agent_pid = 0;
 }
+
+#else
+
+int polkit_agent_open(void) {
+        return 0;
+}
+
+void polkit_agent_close(void) {
+}
+
+#endif