diff options
author | Richard Hughes <richard@hughsie.com> | 2017-07-24 16:19:17 +0100 |
---|---|---|
committer | Richard Hughes <richard@hughsie.com> | 2017-07-24 16:25:10 +0100 |
commit | 27bcd57dd02a99d28ade55b71a19ada3d7ba2014 (patch) | |
tree | ae565c0b595dfe7129b79285a1ba4a6ca6d88b3b | |
parent | c104d369fc0145fc125d96521f0aefb2b01f8af0 (diff) | |
download | colord-27bcd57dd02a99d28ade55b71a19ada3d7ba2014.tar.gz |
Make PolicyKit a hard requirement
If this is not used then any user can do anything.
-rw-r--r-- | configure.ac | 27 | ||||
-rw-r--r-- | src/cd-common.c | 12 |
2 files changed, 5 insertions, 34 deletions
diff --git a/configure.ac b/configure.ac index 64d5474..660aace 100644 --- a/configure.ac +++ b/configure.ac @@ -191,20 +191,10 @@ if test "$DOCBOOK2MAN" = "no" ; then fi AM_CONDITIONAL(HAVE_DOCBOOK2MAN, [test "$DOCBOOK2MAN" != "no"]) -dnl --------------------------------------------------------------------------- -dnl - Build PolicyKit code -dnl --------------------------------------------------------------------------- -AC_ARG_ENABLE(polkit, AS_HELP_STRING([--enable-polkit],[enable PolicyKit]), - enable_polkit=$enableval,enable_polkit=yes) -AM_CONDITIONAL(CD_BUILD_POLKIT, test x$enable_polkit = xyes) -if test x$enable_polkit = xyes; then - PKG_CHECK_MODULES(POLKIT, polkit-gobject-1 >= 0.103) - AC_DEFINE(USE_POLKIT, 1, [if we should use PolicyKit]) - - PKG_CHECK_EXISTS([polkit-gobject-1 >= 0.114], - [AC_DEFINE(POLKIT_HAS_AUTOPTR_MACROS, 1, [if PolKit has autoptr macros])], - []) -fi +PKG_CHECK_MODULES(POLKIT, polkit-gobject-1 >= 0.103) +PKG_CHECK_EXISTS([polkit-gobject-1 >= 0.114], + [AC_DEFINE(POLKIT_HAS_AUTOPTR_MACROS, 1, [if PolKit has autoptr macros])], + []) dnl --------------------------------------------------------------------------- dnl - Select whether and where to install systemd system service files @@ -461,7 +451,6 @@ echo " cd-it8: ${CD_IT8} cd-create-profile: ${CD_CREATE_PROFILE} gobject-introspection: ${found_introspection} - PolicyKit support: ${enable_polkit} Reverse engineering tools: ${enable_reverse} BASH completion support: ${enable_bash_completion} SANE support: ${has_sane} @@ -479,14 +468,6 @@ echo " Unix support: ${enable_unix} " - -# warn that dummy is basically broken -if test x$enable_polkit = xno; then - echo "*******************************************************************" - echo "** YOU ARE NOT USING A SECURE DAEMON. ALL USERS CAN DO ANYTHING! **" - echo "*******************************************************************" -fi - # warn that using the default root user isn't always a good idea if test x$daemon_user = xroot; then echo "*******************************************************************" diff --git a/src/cd-common.c b/src/cd-common.c index 6933db8..1361f23 100644 --- a/src/cd-common.c +++ b/src/cd-common.c @@ -22,14 +22,11 @@ #include "config.h" #include <string.h> - -#ifdef USE_POLKIT #include <polkit/polkit.h> -#endif #include "cd-common.h" -#if defined(USE_POLKIT) && !defined(POLKIT_HAS_AUTOPTR_MACROS) +#if !defined(POLKIT_HAS_AUTOPTR_MACROS) G_DEFINE_AUTOPTR_CLEANUP_FUNC(PolkitAuthorizationResult, g_object_unref) G_DEFINE_AUTOPTR_CLEANUP_FUNC(PolkitSubject, g_object_unref) G_DEFINE_AUTOPTR_CLEANUP_FUNC(PolkitAuthority, g_object_unref) @@ -124,11 +121,9 @@ cd_main_sender_authenticated (GDBusConnection *connection, { guint uid; g_autoptr(GError) error_local = NULL; -#ifdef USE_POLKIT g_autoptr(PolkitAuthority) authority = NULL; g_autoptr(PolkitAuthorizationResult) result = NULL; g_autoptr(PolkitSubject) subject = NULL; -#endif /* uid 0 is allowed to do all actions */ uid = cd_main_get_sender_uid (connection, sender, &error_local); @@ -158,7 +153,6 @@ cd_main_sender_authenticated (GDBusConnection *connection, } #endif -#ifdef USE_POLKIT /* get authority */ authority = polkit_authority_get_sync (NULL, &error_local); if (authority == NULL) { @@ -197,10 +191,6 @@ cd_main_sender_authenticated (GDBusConnection *connection, action_id); return FALSE; } -#else - g_warning ("CdCommon: not checking %s for %s as no PolicyKit support", - action_id, sender); -#endif return TRUE; } |