Make PolicyKit a hard requirement

If this is not used then any user can do anything.

2 files changed, 5 insertions, 34 deletions

diff --git a/configure.ac b/configure.ac
index 64d5474..660aace 100644
--- a/configure.ac
+++ b/configure.ac
@@ -191,20 +191,10 @@ if test "$DOCBOOK2MAN" = "no" ; then
 fi
 AM_CONDITIONAL(HAVE_DOCBOOK2MAN, [test "$DOCBOOK2MAN" != "no"])
 
-dnl ---------------------------------------------------------------------------
-dnl - Build PolicyKit code
-dnl ---------------------------------------------------------------------------
-AC_ARG_ENABLE(polkit, AS_HELP_STRING([--enable-polkit],[enable PolicyKit]),
-	      enable_polkit=$enableval,enable_polkit=yes)
-AM_CONDITIONAL(CD_BUILD_POLKIT, test x$enable_polkit = xyes)
-if test x$enable_polkit = xyes; then
-	PKG_CHECK_MODULES(POLKIT, polkit-gobject-1 >= 0.103)
-	AC_DEFINE(USE_POLKIT, 1, [if we should use PolicyKit])
-
-        PKG_CHECK_EXISTS([polkit-gobject-1 >= 0.114],
-                         [AC_DEFINE(POLKIT_HAS_AUTOPTR_MACROS, 1, [if PolKit has autoptr macros])],
-                         [])
-fi
+PKG_CHECK_MODULES(POLKIT, polkit-gobject-1 >= 0.103)
+PKG_CHECK_EXISTS([polkit-gobject-1 >= 0.114],
+		 [AC_DEFINE(POLKIT_HAS_AUTOPTR_MACROS, 1, [if PolKit has autoptr macros])],
+		 [])
 
 dnl ---------------------------------------------------------------------------
 dnl - Select whether and where to install systemd system service files
@@ -461,7 +451,6 @@ echo "
         cd-it8:                    ${CD_IT8}
         cd-create-profile:         ${CD_CREATE_PROFILE}
         gobject-introspection:     ${found_introspection}
-        PolicyKit support:         ${enable_polkit}
         Reverse engineering tools: ${enable_reverse}
         BASH completion support:   ${enable_bash_completion}
         SANE support:              ${has_sane}
@@ -479,14 +468,6 @@ echo "
         Unix support:              ${enable_unix}
 "
 
-
-# warn that dummy is basically broken
-if test x$enable_polkit = xno; then
-	echo "*******************************************************************"
-	echo "** YOU ARE NOT USING A SECURE DAEMON. ALL USERS CAN DO ANYTHING! **"
-	echo "*******************************************************************"
-fi
-
 # warn that using the default root user isn't always a good idea
 if test x$daemon_user = xroot; then
 	echo "*******************************************************************"
diff --git a/src/cd-common.c b/src/cd-common.c
index 6933db8..1361f23 100644
--- a/src/cd-common.c
+++ b/src/cd-common.c
@@ -22,14 +22,11 @@
 #include "config.h"
 
 #include <string.h>
-
-#ifdef USE_POLKIT
 #include <polkit/polkit.h>
-#endif
 
 #include "cd-common.h"
 
-#if defined(USE_POLKIT) && !defined(POLKIT_HAS_AUTOPTR_MACROS)
+#if !defined(POLKIT_HAS_AUTOPTR_MACROS)
 G_DEFINE_AUTOPTR_CLEANUP_FUNC(PolkitAuthorizationResult, g_object_unref)
 G_DEFINE_AUTOPTR_CLEANUP_FUNC(PolkitSubject, g_object_unref)
 G_DEFINE_AUTOPTR_CLEANUP_FUNC(PolkitAuthority, g_object_unref)
@@ -124,11 +121,9 @@ cd_main_sender_authenticated (GDBusConnection *connection,
 {
 	guint uid;
 	g_autoptr(GError) error_local = NULL;
-#ifdef USE_POLKIT
 	g_autoptr(PolkitAuthority) authority = NULL;
 	g_autoptr(PolkitAuthorizationResult) result = NULL;
 	g_autoptr(PolkitSubject) subject = NULL;
-#endif
 
 	/* uid 0 is allowed to do all actions */
 	uid = cd_main_get_sender_uid (connection, sender, &error_local);
@@ -158,7 +153,6 @@ cd_main_sender_authenticated (GDBusConnection *connection,
 	}
 #endif
 
-#ifdef USE_POLKIT
 	/* get authority */
 	authority = polkit_authority_get_sync (NULL, &error_local);
 	if (authority == NULL) {
@@ -197,10 +191,6 @@ cd_main_sender_authenticated (GDBusConnection *connection,
 			     action_id);
 		return FALSE;
 	}
-#else
-	g_warning ("CdCommon: not checking %s for %s as no PolicyKit support",
-		   action_id, sender);
-#endif
 	return TRUE;
 }