diff options
author | Thomas Haller <thaller@redhat.com> | 2014-08-19 18:56:23 +0200 |
---|---|---|
committer | Thomas Haller <thaller@redhat.com> | 2014-09-29 13:51:11 +0200 |
commit | 53e244bef637c3e4004961651d4ed23eda7393b5 (patch) | |
tree | fcc07fb0b3fe5ecab3b2b5c00587a9075a3d8ee7 /src | |
parent | eabe7d856c243673bbaba3295ce74d72e188596d (diff) | |
download | NetworkManager-53e244bef637c3e4004961651d4ed23eda7393b5.tar.gz |
auth: support disabling POLKIT authentication entirely at compile time
Let the user completly disable polkit authentication by
building NM with configure option '--enable-polkit=disabled'.
In that case, configuring 'main.auth-polkit=yes' will fail all
authentication requests (except root-requests, which are always granted).
This reduces the size of the NetworkManager binary by some 26KB (16KB
stripped).
Signed-off-by: Thomas Haller <thaller@redhat.com>
Diffstat (limited to 'src')
-rw-r--r-- | src/nm-auth-manager.c | 17 | ||||
-rw-r--r-- | src/nm-auth-manager.h | 3 | ||||
-rw-r--r-- | src/nm-auth-subject.c | 4 | ||||
-rw-r--r-- | src/nm-auth-subject.h | 4 | ||||
-rw-r--r-- | src/nm-auth-utils.c | 11 |
5 files changed, 39 insertions, 0 deletions
diff --git a/src/nm-auth-manager.c b/src/nm-auth-manager.c index 092248fa5f..07996709d5 100644 --- a/src/nm-auth-manager.c +++ b/src/nm-auth-manager.c @@ -66,10 +66,12 @@ static guint signals[LAST_SIGNAL] = {0}; typedef struct { gboolean polkit_enabled; +#if WITH_POLKIT guint call_id_counter; GCancellable *new_proxy_cancellable; GSList *queued_calls; GDBusProxy *proxy; +#endif } NMAuthManagerPrivate; static NMAuthManager *_instance = NULL; @@ -100,6 +102,8 @@ nm_auth_manager_get_polkit_enabled (NMAuthManager *self) /*****************************************************************************/ +#if WITH_POLKIT + typedef enum { POLKIT_CHECK_AUTHORIZATION_FLAGS_NONE = 0, POLKIT_CHECK_AUTHORIZATION_FLAGS_ALLOW_USER_INTERACTION = (1<<0), @@ -477,6 +481,8 @@ _dbus_new_proxy_cb (GObject *source_object, _emit_changed_signal (self); } +#endif + /*****************************************************************************/ NMAuthManager * @@ -548,6 +554,7 @@ constructed (GObject *object) G_OBJECT_CLASS (nm_auth_manager_parent_class)->constructed (object); +#if WITH_POLKIT _LOGD ("create auth-manager: polkit %s", priv->polkit_enabled ? "enabled" : "disabled"); if (priv->polkit_enabled) { @@ -567,6 +574,12 @@ constructed (GObject *object) _dbus_new_proxy_cb, p_self); } +#else + if (priv->polkit_enabled) + _LOGW ("create auth-manager: polkit disabled at compile time. All authentication requests will fail"); + else + _LOGD ("create auth-manager: polkit disabled at compile time"); +#endif } @@ -574,10 +587,13 @@ static void dispose (GObject *object) { NMAuthManager* self = NM_AUTH_MANAGER (object); +#if WITH_POLKIT NMAuthManagerPrivate *priv = NM_AUTH_MANAGER_GET_PRIVATE (self); +#endif _LOGD ("dispose"); +#if WITH_POLKIT /* since we take a reference for each queued call, we don't expect to have any queued calls in dispose() */ g_assert (!priv->queued_calls); @@ -591,6 +607,7 @@ dispose (GObject *object) g_signal_handlers_disconnect_by_func (priv->proxy, _dbus_on_g_signal_cb, self); g_clear_object (&priv->proxy); } +#endif G_OBJECT_CLASS (nm_auth_manager_parent_class)->dispose (object); } diff --git a/src/nm-auth-manager.h b/src/nm-auth-manager.h index 3f5ebc6589..06cd00867d 100644 --- a/src/nm-auth-manager.h +++ b/src/nm-auth-manager.h @@ -62,6 +62,8 @@ NMAuthManager *nm_auth_manager_get (void); gboolean nm_auth_manager_get_polkit_enabled (NMAuthManager *self); +#if WITH_POLKIT + void nm_auth_manager_polkit_authority_check_authorization (NMAuthManager *self, NMAuthSubject *subject, const char *action_id, @@ -75,6 +77,7 @@ gboolean nm_auth_manager_polkit_authority_check_authorization_finish (NMAuthMana gboolean *out_is_challenge, GError **error); +#endif G_END_DECLS diff --git a/src/nm-auth-subject.c b/src/nm-auth-subject.c index f982616677..fa3b5dca47 100644 --- a/src/nm-auth-subject.c +++ b/src/nm-auth-subject.c @@ -150,6 +150,8 @@ nm_auth_subject_to_string (NMAuthSubject *self, char *buf, gsize buf_len) return buf; } +#if WITH_POLKIT + /* returns a floating variant */ GVariant * nm_auth_subject_unix_process_to_polkit_gvariant (NMAuthSubject *self) @@ -171,6 +173,8 @@ nm_auth_subject_unix_process_to_polkit_gvariant (NMAuthSubject *self) return ret; } +#endif + NMAuthSubjectType nm_auth_subject_get_subject_type (NMAuthSubject *subject) { diff --git a/src/nm-auth-subject.h b/src/nm-auth-subject.h index 4e1d83162f..cc004fa90c 100644 --- a/src/nm-auth-subject.h +++ b/src/nm-auth-subject.h @@ -82,6 +82,10 @@ gulong nm_auth_subject_get_unix_process_uid (NMAuthSubject *subject); const char *nm_auth_subject_to_string (NMAuthSubject *self, char *buf, gsize buf_len); +#if WITH_POLKIT + GVariant * nm_auth_subject_unix_process_to_polkit_gvariant (NMAuthSubject *self); +#endif + #endif /* __NETWORKMANAGER_AUTH_SUBJECT_H__ */ diff --git a/src/nm-auth-utils.c b/src/nm-auth-utils.c index 0a652507e9..77b0fd1088 100644 --- a/src/nm-auth-utils.c +++ b/src/nm-auth-utils.c @@ -298,6 +298,7 @@ auth_call_cancel (gpointer user_data) } } +#if WITH_POLKIT static void pk_call_cb (GObject *object, GAsyncResult *result, gpointer user_data) { @@ -345,6 +346,7 @@ pk_call_cb (GObject *object, GAsyncResult *result, gpointer user_data) auth_call_complete (call); } +#endif void nm_auth_chain_add_call (NMAuthChain *self, @@ -369,6 +371,7 @@ nm_auth_chain_add_call (NMAuthChain *self, call->call_idle_id = g_idle_add ((GSourceFunc) auth_call_complete, call); } else { /* Non-root always gets authenticated when using polkit */ +#if WITH_POLKIT call->cancellable = g_cancellable_new (); nm_auth_manager_polkit_authority_check_authorization (auth_manager, self->subject, @@ -377,6 +380,14 @@ nm_auth_chain_add_call (NMAuthChain *self, call->cancellable, pk_call_cb, call); +#else + if (!call->chain->error) { + call->chain->error = g_error_new_literal (DBUS_GERROR, + DBUS_GERROR_FAILED, + "Polkit support is disabled at compile time"); + } + call->call_idle_id = g_idle_add ((GSourceFunc) auth_call_complete, call); +#endif } } |