diff options
Diffstat (limited to 'src/shared/polkit.c')
-rw-r--r-- | src/shared/polkit.c | 21 |
1 files changed, 16 insertions, 5 deletions
diff --git a/src/shared/polkit.c b/src/shared/polkit.c index 14e27cdc60..826944585c 100644 --- a/src/shared/polkit.c +++ b/src/shared/polkit.c @@ -46,6 +46,7 @@ int verify_polkit( DBusMessageIter iter_msg, iter_struct, iter_array, iter_dict, iter_variant; int r; dbus_bool_t authorized = FALSE, challenge = FALSE; + unsigned long ul; assert(c); assert(request); @@ -54,6 +55,14 @@ int verify_polkit( if (!sender) return -EINVAL; + ul = dbus_bus_get_unix_user(c, sender, error); + if (ul == (unsigned long) -1) + return -EINVAL; + + /* Shortcut things for root, to avoid the PK roundtrip and dependency */ + if (ul == 0) + return 1; + pid_raw = bus_get_unix_process_id(c, sender, error); if (pid_raw == 0) return -EINVAL; @@ -103,11 +112,14 @@ int verify_polkit( reply = dbus_connection_send_with_reply_and_block(c, m, -1, error); if (!reply) { - r = -EIO; - goto finish; - } - if (dbus_set_error_from_message(error, reply)) { + /* Treat no PK available as access denied */ + if (dbus_error_has_name(error, DBUS_ERROR_SERVICE_UNKNOWN)) { + r = -EACCES; + dbus_error_free(error); + goto finish; + } + r = -EIO; goto finish; } @@ -144,7 +156,6 @@ int verify_polkit( r = -EPERM; finish: - if (m) dbus_message_unref(m); |