auth: support disabling POLKIT authentication entirely at compile time

Let the user completly disable polkit authentication by building NM with configure option '--enable-polkit=disabled'. In that case, configuring 'main.auth-polkit=yes' will fail all authentication requests (except root-requests, which are always granted). This reduces the size of the NetworkManager binary by some 26KB (16KB stripped). Signed-off-by: Thomas Haller <thaller@redhat.com>
2014-08-19 18:56:23 +02:00
parent eabe7d856c
commit 53e244bef6
6 changed files with 58 additions and 5 deletions
--- a/src/nm-auth-utils.c
+++ b/src/nm-auth-utils.c
@@ -298,6 +298,7 @@ auth_call_cancel (gpointer user_data)
 	}
 }

+#if WITH_POLKIT
 static void
 pk_call_cb (GObject *object, GAsyncResult *result, gpointer user_data)
 {
@@ -345,6 +346,7 @@ pk_call_cb (GObject *object, GAsyncResult *result, gpointer user_data)

 	auth_call_complete (call);
 }
+#endif

 void
 nm_auth_chain_add_call (NMAuthChain *self,
@@ -369,6 +371,7 @@ nm_auth_chain_add_call (NMAuthChain *self,
 		call->call_idle_id = g_idle_add ((GSourceFunc) auth_call_complete, call);
 	} else {
 		/* Non-root always gets authenticated when using polkit */
+#if WITH_POLKIT
 		call->cancellable = g_cancellable_new ();
 		nm_auth_manager_polkit_authority_check_authorization (auth_manager,
 		                                                      self->subject,
@@ -377,6 +380,14 @@ nm_auth_chain_add_call (NMAuthChain *self,
 		                                                      call->cancellable,
 		                                                      pk_call_cb,
 		                                                      call);
+#else
+		if (!call->chain->error) {
+			call->chain->error = g_error_new_literal (DBUS_GERROR,
+			                                          DBUS_GERROR_FAILED,
+			                                          "Polkit support is disabled at compile time");
+		}
+		call->call_idle_id = g_idle_add ((GSourceFunc) auth_call_complete, call);
+#endif
 	}
 }