X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=src%2Fshared%2Fpolkit.c;h=826944585c18e8c1c13b0eac79701d0eb1b4712e;hb=a96215285a9566668a5d92c1342888da7596144b;hp=14e27cdc608ba3f417a4bd67aa64b1db8ae17654;hpb=f8e2fb7b14e53f5a4bcfd66d26910af1dee185c6;p=elogind.git

diff --git a/src/shared/polkit.c b/src/shared/polkit.c
index 14e27cdc6..826944585 100644
--- a/src/shared/polkit.c
+++ b/src/shared/polkit.c
@@ -46,6 +46,7 @@ int verify_polkit(
         DBusMessageIter iter_msg, iter_struct, iter_array, iter_dict, iter_variant;
         int r;
         dbus_bool_t authorized = FALSE, challenge = FALSE;
+        unsigned long ul;
 
         assert(c);
         assert(request);
@@ -54,6 +55,14 @@ int verify_polkit(
         if (!sender)
                 return -EINVAL;
 
+        ul = dbus_bus_get_unix_user(c, sender, error);
+        if (ul == (unsigned long) -1)
+                return -EINVAL;
+
+        /* Shortcut things for root, to avoid the PK roundtrip and dependency */
+        if (ul == 0)
+                return 1;
+
         pid_raw = bus_get_unix_process_id(c, sender, error);
         if (pid_raw == 0)
                 return -EINVAL;
@@ -103,11 +112,14 @@ int verify_polkit(
 
         reply = dbus_connection_send_with_reply_and_block(c, m, -1, error);
         if (!reply) {
-                r = -EIO;
-                goto finish;
-        }
 
-        if (dbus_set_error_from_message(error, reply)) {
+                /* Treat no PK available as access denied */
+                if (dbus_error_has_name(error, DBUS_ERROR_SERVICE_UNKNOWN)) {
+                        r = -EACCES;
+                        dbus_error_free(error);
+                        goto finish;
+                }
+
                 r = -EIO;
                 goto finish;
         }
@@ -144,7 +156,6 @@ int verify_polkit(
                 r = -EPERM;
 
 finish:
-
         if (m)
                 dbus_message_unref(m);