chiark
/
gitweb
/
~ianmdlvl
/
elogind.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
localectl: use automatic cleanup
[elogind.git]
/
src
/
shared
/
polkit.c
diff --git
a/src/shared/polkit.c
b/src/shared/polkit.c
index 14e27cdc608ba3f417a4bd67aa64b1db8ae17654..826944585c18e8c1c13b0eac79701d0eb1b4712e 100644
(file)
--- a/
src/shared/polkit.c
+++ b/
src/shared/polkit.c
@@
-46,6
+46,7
@@
int verify_polkit(
DBusMessageIter iter_msg, iter_struct, iter_array, iter_dict, iter_variant;
int r;
dbus_bool_t authorized = FALSE, challenge = FALSE;
DBusMessageIter iter_msg, iter_struct, iter_array, iter_dict, iter_variant;
int r;
dbus_bool_t authorized = FALSE, challenge = FALSE;
+ unsigned long ul;
assert(c);
assert(request);
assert(c);
assert(request);
@@
-54,6
+55,14
@@
int verify_polkit(
if (!sender)
return -EINVAL;
if (!sender)
return -EINVAL;
+ ul = dbus_bus_get_unix_user(c, sender, error);
+ if (ul == (unsigned long) -1)
+ return -EINVAL;
+
+ /* Shortcut things for root, to avoid the PK roundtrip and dependency */
+ if (ul == 0)
+ return 1;
+
pid_raw = bus_get_unix_process_id(c, sender, error);
if (pid_raw == 0)
return -EINVAL;
pid_raw = bus_get_unix_process_id(c, sender, error);
if (pid_raw == 0)
return -EINVAL;
@@
-103,11
+112,14
@@
int verify_polkit(
reply = dbus_connection_send_with_reply_and_block(c, m, -1, error);
if (!reply) {
reply = dbus_connection_send_with_reply_and_block(c, m, -1, error);
if (!reply) {
- r = -EIO;
- goto finish;
- }
- if (dbus_set_error_from_message(error, reply)) {
+ /* Treat no PK available as access denied */
+ if (dbus_error_has_name(error, DBUS_ERROR_SERVICE_UNKNOWN)) {
+ r = -EACCES;
+ dbus_error_free(error);
+ goto finish;
+ }
+
r = -EIO;
goto finish;
}
r = -EIO;
goto finish;
}
@@
-144,7
+156,6
@@
int verify_polkit(
r = -EPERM;
finish:
r = -EPERM;
finish:
-
if (m)
dbus_message_unref(m);
if (m)
dbus_message_unref(m);