diff options
author | Dan Nicholson <dbn@endlessos.org> | 2022-04-27 13:15:46 +0000 |
---|---|---|
committer | Jan Rybar <jrybar@redhat.com> | 2022-04-27 13:15:46 +0000 |
commit | 74164aaf5a266c3f8a2527e60ecf29afa294b791 (patch) | |
tree | 89ccb4f4a43cf60d2dd098b3254639f98a81403d /src/polkitbackend | |
parent | 63c02dc9e80e99e38c04514917a49a574e344e36 (diff) | |
download | polkit-74164aaf5a266c3f8a2527e60ecf29afa294b791.tar.gz |
backend: Check for subject's primary group when expanding admin group
Diffstat (limited to 'src/polkitbackend')
-rw-r--r-- | src/polkitbackend/polkitbackendinteractiveauthority.c | 17 |
1 files changed, 16 insertions, 1 deletions
diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c index 056d9a8..21500f9 100644 --- a/src/polkitbackend/polkitbackendinteractiveauthority.c +++ b/src/polkitbackend/polkitbackendinteractiveauthority.c @@ -2181,9 +2181,11 @@ add_pid (PolkitDetails *details, static GList * get_users_in_group (PolkitIdentity *group, + PolkitIdentity *user_of_subject, gboolean include_root) { gid_t gid; + uid_t uid_of_subject; struct group *grp; GList *ret; guint n; @@ -2191,6 +2193,19 @@ get_users_in_group (PolkitIdentity *group, ret = NULL; gid = polkit_unix_group_get_gid (POLKIT_UNIX_GROUP (group)); + + /* Check if group is subject's primary group. */ + uid_of_subject = polkit_unix_user_get_uid (POLKIT_UNIX_USER (user_of_subject)); + if (uid_of_subject != 0 || include_root) + { + struct passwd *pwd; + + pwd = getpwuid (uid_of_subject); + if (pwd != NULL && pwd->pw_gid == gid) + ret = g_list_prepend (ret, g_object_ref (user_of_subject)); + } + + /* Add supplemental group members. */ grp = getgrgid (gid); if (grp == NULL) { @@ -2367,7 +2382,7 @@ authentication_agent_initiate_challenge (AuthenticationAgent *agent, } else if (POLKIT_IS_UNIX_GROUP (identity)) { - user_identities = g_list_concat (user_identities, get_users_in_group (identity, FALSE)); + user_identities = g_list_concat (user_identities, get_users_in_group (identity, user_of_subject, FALSE)); } else if (POLKIT_IS_UNIX_NETGROUP (identity)) { |