core: allow build-time enable/disable of PolicyKit
When PK is turned off, everything is authorized.
This commit is contained in:
Dan Williams
22
configure.ac
22
configure.ac
@@ -337,8 +337,20 @@ else
|
|||||||
fi
|
fi
|
||||||
AM_CONDITIONAL(WITH_WIMAX, test "${enable_wimax}" = "yes")
|
AM_CONDITIONAL(WITH_WIMAX, test "${enable_wimax}" = "yes")
|
||||||
|
|
||||||
PKG_CHECK_MODULES(POLKIT, polkit-gobject-1 >= 0.97)
|
PKG_CHECK_MODULES(POLKIT, [polkit-gobject-1 >= 0.97], [have_polkit=yes],[have_polkit=no])
|
||||||
AC_SUBST(POLKIT_CFLAGS)
|
AC_ARG_ENABLE(polkit, AS_HELP_STRING([--enable-polkit], [enable PolicyKit support]),
|
||||||
|
[enable_polkit=${enableval}], [enable_polkit=${have_polkit}])
|
||||||
|
if (test "${enable_polkit}" = "yes"); then
|
||||||
|
if test x"$have_polkit" = x"no"; then
|
||||||
|
AC_MSG_ERROR(PolicyKit development headers are required)
|
||||||
|
fi
|
||||||
|
AC_SUBST(POLKIT_CFLAGS)
|
||||||
|
AC_SUBST(POLKIT_LIBS)
|
||||||
|
AC_DEFINE(WITH_POLKIT, 1, [Define if you have PolicyKit support])
|
||||||
|
else
|
||||||
|
AC_DEFINE(WITH_POLKIT, 0, [Define if you have PolicyKit support])
|
||||||
|
fi
|
||||||
|
AM_CONDITIONAL(WITH_POLKIT, test "${enable_polkit}" = "yes")
|
||||||
|
|
||||||
AC_ARG_WITH(crypto, AS_HELP_STRING([--with-crypto=nss | gnutls], [Cryptography library to use for certificate and key operations]),ac_crypto=$withval, ac_crypto=nss)
|
AC_ARG_WITH(crypto, AS_HELP_STRING([--with-crypto=nss | gnutls], [Cryptography library to use for certificate and key operations]),ac_crypto=$withval, ac_crypto=nss)
|
||||||
|
|
||||||
@@ -701,6 +713,12 @@ else
|
|||||||
echo systemd support: no
|
echo systemd support: no
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
if test "${enable_polkit}" = "yes"; then
|
||||||
|
echo PolicyKit support: yes
|
||||||
|
else
|
||||||
|
echo PolicyKit support: no
|
||||||
|
fi
|
||||||
|
|
||||||
if test -n "${with_ck}"; then
|
if test -n "${with_ck}"; then
|
||||||
echo ConsoleKit support: ${with_ck}
|
echo ConsoleKit support: ${with_ck}
|
||||||
else
|
else
|
||||||
|
|||||||
@@ -18,9 +18,16 @@
|
|||||||
* Copyright (C) 2010 Red Hat, Inc.
|
* Copyright (C) 2010 Red Hat, Inc.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
#include <config.h>
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
#include <dbus/dbus-glib-lowlevel.h>
|
#include <dbus/dbus-glib-lowlevel.h>
|
||||||
|
#include <gio/gio.h>
|
||||||
|
|
||||||
|
#if WITH_POLKIT
|
||||||
#include <polkit/polkit.h>
|
#include <polkit/polkit.h>
|
||||||
|
#else
|
||||||
|
typedef guint PolkitAuthority;
|
||||||
|
#endif
|
||||||
|
|
||||||
#include "nm-setting-connection.h"
|
#include "nm-setting-connection.h"
|
||||||
#include "nm-manager-auth.h"
|
#include "nm-manager-auth.h"
|
||||||
@@ -65,6 +72,7 @@ free_data (gpointer data)
|
|||||||
g_free (tmp);
|
g_free (tmp);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#if WITH_POLKIT
|
||||||
static PolkitAuthority *
|
static PolkitAuthority *
|
||||||
pk_authority_get (void)
|
pk_authority_get (void)
|
||||||
{
|
{
|
||||||
@@ -85,6 +93,13 @@ pk_authority_get (void)
|
|||||||
/* Yes, ref every time; we want to keep the object alive */
|
/* Yes, ref every time; we want to keep the object alive */
|
||||||
return g_object_ref (authority);
|
return g_object_ref (authority);
|
||||||
}
|
}
|
||||||
|
#else
|
||||||
|
static PolkitAuthority *
|
||||||
|
pk_authority_get (void)
|
||||||
|
{
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
static NMAuthChain *
|
static NMAuthChain *
|
||||||
_auth_chain_new (DBusGMethodInvocation *context,
|
_auth_chain_new (DBusGMethodInvocation *context,
|
||||||
@@ -267,6 +282,7 @@ polkit_call_free (PolkitCall *call)
|
|||||||
g_free (call);
|
g_free (call);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#if WITH_POLKIT
|
||||||
static void
|
static void
|
||||||
pk_call_cb (GObject *object, GAsyncResult *result, gpointer user_data)
|
pk_call_cb (GObject *object, GAsyncResult *result, gpointer user_data)
|
||||||
{
|
{
|
||||||
@@ -317,9 +333,10 @@ pk_call_cb (GObject *object, GAsyncResult *result, gpointer user_data)
|
|||||||
if (pk_result)
|
if (pk_result)
|
||||||
g_object_unref (pk_result);
|
g_object_unref (pk_result);
|
||||||
}
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
static gboolean
|
static gboolean
|
||||||
polkit_call_error_idle_cb (gpointer user_data)
|
polkit_call_early_finish_idle_cb (gpointer user_data)
|
||||||
{
|
{
|
||||||
PolkitCall *call = user_data;
|
PolkitCall *call = user_data;
|
||||||
|
|
||||||
@@ -331,11 +348,11 @@ polkit_call_error_idle_cb (gpointer user_data)
|
|||||||
}
|
}
|
||||||
|
|
||||||
static void
|
static void
|
||||||
polkit_call_schedule_error (PolkitCall *call)
|
polkit_call_schedule_early_finish (PolkitCall *call, GError *error)
|
||||||
{
|
{
|
||||||
if (!call->chain->error)
|
if (!call->chain->error)
|
||||||
call->chain->error = g_error_new_literal (0, 0, "PolicyKit unavailable");
|
call->chain->error = error;
|
||||||
call->idle_id = g_idle_add (polkit_call_error_idle_cb, call);
|
call->idle_id = g_idle_add (polkit_call_early_finish_idle_cb, call);
|
||||||
}
|
}
|
||||||
|
|
||||||
gboolean
|
gboolean
|
||||||
@@ -344,16 +361,20 @@ nm_auth_chain_add_call (NMAuthChain *self,
|
|||||||
gboolean allow_interaction)
|
gboolean allow_interaction)
|
||||||
{
|
{
|
||||||
PolkitCall *call;
|
PolkitCall *call;
|
||||||
|
#if WITH_POLKIT
|
||||||
PolkitSubject *subject;
|
PolkitSubject *subject;
|
||||||
PolkitCheckAuthorizationFlags flags = POLKIT_CHECK_AUTHORIZATION_FLAGS_NONE;
|
PolkitCheckAuthorizationFlags flags = POLKIT_CHECK_AUTHORIZATION_FLAGS_NONE;
|
||||||
|
#endif
|
||||||
|
|
||||||
g_return_val_if_fail (self != NULL, FALSE);
|
g_return_val_if_fail (self != NULL, FALSE);
|
||||||
g_return_val_if_fail (self->owner != NULL, FALSE);
|
g_return_val_if_fail (self->owner != NULL, FALSE);
|
||||||
g_return_val_if_fail (permission != NULL, FALSE);
|
g_return_val_if_fail (permission != NULL, FALSE);
|
||||||
|
|
||||||
|
#if WITH_POLKIT
|
||||||
subject = polkit_system_bus_name_new (self->owner);
|
subject = polkit_system_bus_name_new (self->owner);
|
||||||
if (!subject)
|
if (!subject)
|
||||||
return FALSE;
|
return FALSE;
|
||||||
|
#endif
|
||||||
|
|
||||||
call = g_malloc0 (sizeof (PolkitCall));
|
call = g_malloc0 (sizeof (PolkitCall));
|
||||||
call->chain = self;
|
call->chain = self;
|
||||||
@@ -362,9 +383,10 @@ nm_auth_chain_add_call (NMAuthChain *self,
|
|||||||
|
|
||||||
self->calls = g_slist_append (self->calls, call);
|
self->calls = g_slist_append (self->calls, call);
|
||||||
|
|
||||||
|
#if WITH_POLKIT
|
||||||
if (self->authority == NULL) {
|
if (self->authority == NULL) {
|
||||||
/* No polkit, no authorization */
|
/* No polkit, no authorization */
|
||||||
polkit_call_schedule_error (call);
|
polkit_call_schedule_early_finish (call, g_error_new_literal (0, 0, "PolicyKit unavailable"));
|
||||||
g_object_unref (subject);
|
g_object_unref (subject);
|
||||||
return FALSE;
|
return FALSE;
|
||||||
}
|
}
|
||||||
@@ -381,6 +403,11 @@ nm_auth_chain_add_call (NMAuthChain *self,
|
|||||||
pk_call_cb,
|
pk_call_cb,
|
||||||
call);
|
call);
|
||||||
g_object_unref (subject);
|
g_object_unref (subject);
|
||||||
|
#else
|
||||||
|
/* When PolicyKit is disabled, everything is authorized */
|
||||||
|
nm_auth_chain_set_data (self, call->permission, GUINT_TO_POINTER (NM_AUTH_CALL_RESULT_YES), NULL);
|
||||||
|
polkit_call_schedule_early_finish (call, NULL);
|
||||||
|
#endif
|
||||||
return TRUE;
|
return TRUE;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user