From cd5d5655bab8d66e63782e57e2c99b57602417c6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pavel=20=C5=A0imerda?= Date: Fri, 2 Jan 2015 18:19:07 +0100 Subject: [PATCH] auth: don't enforce user session Access to connection configuration should not be blocked by absence of a user session tracked using logind or consolekit. Access control based on UID is sufficient. This patch ensures that the user can always access connections even if he doesn't have a session tracked by logind or consolekit and even when NetworkManager is not built with logind or consolekit support. Please note that presence or absence of a session tracked by logind or consolekit doesn't carry any security information. Acked-By: Thomas Haller Acked-By: Dan Williams --- src/nm-auth-utils.c | 7 ------- 1 file changed, 7 deletions(-) diff --git a/src/nm-auth-utils.c b/src/nm-auth-utils.c index fa50a7bd7..12924e789 100644 --- a/src/nm-auth-utils.c +++ b/src/nm-auth-utils.c @@ -439,13 +439,6 @@ nm_auth_is_subject_in_acl (NMConnection *connection, if (0 == uid) return TRUE; - /* Reject the request if the request comes from no session at all */ - if (!nm_session_monitor_session_exists (uid, FALSE)) { - if (out_error_desc) - *out_error_desc = g_strdup_printf ("No session found for uid %lu", uid); - return FALSE; - } - if (!nm_session_monitor_uid_to_user (uid, &user)) { if (out_error_desc) *out_error_desc = g_strdup_printf ("Could not determine username for uid %lu", uid);