mirror of
https://gitlab.freedesktop.org/NetworkManager/NetworkManager
synced 2024-07-22 02:35:25 +00:00
auth-manager: always compile D-Bus calls to polkit
Supporting PolicyKit required no additional library, just extra code to handle the D-Bus calls. For that, there was a compile time option to even stip out that code. Note, that you could (and still can) configure the system not to use policy-kit. The point was to reduce the binary size in case you don't need it. Remove this. I guess, we we aim for such aggressive optimization of the binary size, we should instead make all device types disablable at configuration time. We don't do that either and other low hanging fruits, because it's better to always enable features, unless they require external dependencies. Also, the next commit will make more use of NMAuthManager. So, having it disabled at compile time, makes even less sense.
This commit is contained in:
parent
2ea2df3184
commit
41abf9f8e8
|
@ -214,9 +214,6 @@
|
|||
/* Define if you have oFono support (experimental) */
|
||||
#mesondefine WITH_OFONO
|
||||
|
||||
/* whether to compile polkit support */
|
||||
#mesondefine WITH_POLKIT
|
||||
|
||||
/* Define if you have polkit agent */
|
||||
#mesondefine WITH_POLKIT_AGENT
|
||||
|
||||
|
|
26
configure.ac
26
configure.ac
|
@ -629,26 +629,20 @@ AM_CONDITIONAL(WITH_JSON_VALIDATION, test "${enable_json_validation}" != "no")
|
|||
|
||||
# we usually compile with polkit support. --enable-polkit=yes|no only sets the
|
||||
# default configuration for main.auth-polkit. User can always enable/disable polkit
|
||||
# autorization via config. Only when specifying --enable-polkit=disabled, we do
|
||||
# not compile support. In this case, the user cannot enable polkit authorization via
|
||||
# configuration.
|
||||
# autorization via config.
|
||||
AC_ARG_ENABLE(polkit,
|
||||
AS_HELP_STRING([--enable-polkit=yes|no|disabled],
|
||||
[set default value for auth-polkit configuration option. This value can be overwritten by NM configuration. 'disabled' compiles NM without any support]),
|
||||
AS_HELP_STRING([--enable-polkit=yes|no],
|
||||
[set default value for auth-polkit configuration option. This value can be overwritten by NM configuration. 'disabled' is an alias for 'no']),
|
||||
[enable_polkit=${enableval}], [enable_polkit=yes])
|
||||
if (test "${enable_polkit}" != "no" -a "${enable_polkit}" != "disabled"); then
|
||||
enable_polkit=yes
|
||||
enable_polkit=true
|
||||
AC_DEFINE(NM_CONFIG_DEFAULT_MAIN_AUTH_POLKIT, "true", [The default value of the auth-polkit configuration option])
|
||||
AC_SUBST(NM_CONFIG_DEFAULT_MAIN_AUTH_POLKIT_TEXT, true)
|
||||
else
|
||||
enable_polkit=false
|
||||
AC_DEFINE(NM_CONFIG_DEFAULT_MAIN_AUTH_POLKIT, "false", [The default value of the auth-polkit configuration option])
|
||||
AC_SUBST(NM_CONFIG_DEFAULT_MAIN_AUTH_POLKIT_TEXT, false)
|
||||
fi
|
||||
if (test "${enable_polkit}" != "disabled"); then
|
||||
AC_DEFINE(WITH_POLKIT, 1, [whether to compile polkit support])
|
||||
else
|
||||
AC_DEFINE(WITH_POLKIT, 0, [whether to compile polkit support])
|
||||
fi
|
||||
|
||||
PKG_CHECK_MODULES(POLKIT, [polkit-agent-1 >= 0.97], [have_pk_agent=yes],[have_pk_agent=no])
|
||||
AC_ARG_ENABLE(polkit-agent,
|
||||
|
@ -1341,14 +1335,10 @@ echo
|
|||
echo "Platform:"
|
||||
echo " session tracking: $session_tracking"
|
||||
echo " suspend/resume: $with_suspend_resume"
|
||||
if test "${enable_polkit}" = "yes"; then
|
||||
if test "${enable_modify_system}" = "yes"; then
|
||||
echo " policykit: yes (permissive modify.system) (default: main.auth-polkit=${enable_polkit})"
|
||||
else
|
||||
echo " policykit: yes (restrictive modify.system) (default: main.auth-polkit=${enable_polkit})"
|
||||
fi
|
||||
if test "${enable_modify_system}" = "yes"; then
|
||||
echo " policykit: main.auth-polkit=${enable_polkit} (permissive modify.system)"
|
||||
else
|
||||
echo " policykit: no"
|
||||
echo " policykit: main.auth-polkit=${enable_polkit} (restrictive modify.system)"
|
||||
fi
|
||||
echo " polkit agent: ${enable_polkit_agent}"
|
||||
echo " selinux: $have_selinux"
|
||||
|
|
|
@ -448,7 +448,6 @@ endif
|
|||
|
||||
config_default_main_auth_polkit = (polkit == 'yes').to_string()
|
||||
config_h.set_quoted('NM_CONFIG_DEFAULT_MAIN_AUTH_POLKIT', config_default_main_auth_polkit)
|
||||
config_h.set10('WITH_POLKIT', enable_polkit)
|
||||
|
||||
enable_modify_system = get_option('modify_system')
|
||||
|
||||
|
|
|
@ -48,13 +48,11 @@ enum {
|
|||
static guint signals[LAST_SIGNAL] = {0};
|
||||
|
||||
typedef struct {
|
||||
#if WITH_POLKIT
|
||||
CList calls_lst_head;
|
||||
GDBusProxy *proxy;
|
||||
GCancellable *new_proxy_cancellable;
|
||||
GCancellable *cancel_cancellable;
|
||||
guint64 call_numid_counter;
|
||||
#endif
|
||||
bool polkit_enabled:1;
|
||||
bool disposing:1;
|
||||
bool shutting_down:1;
|
||||
|
@ -120,8 +118,6 @@ nm_auth_manager_get_polkit_enabled (NMAuthManager *self)
|
|||
|
||||
/*****************************************************************************/
|
||||
|
||||
#if WITH_POLKIT
|
||||
|
||||
typedef enum {
|
||||
POLKIT_CHECK_AUTHORIZATION_FLAGS_NONE = 0,
|
||||
POLKIT_CHECK_AUTHORIZATION_FLAGS_ALLOW_USER_INTERACTION = (1<<0),
|
||||
|
@ -514,7 +510,6 @@ _dbus_new_proxy_cb (GObject *source_object,
|
|||
|
||||
_emit_changed_signal (self);
|
||||
}
|
||||
#endif
|
||||
|
||||
/*****************************************************************************/
|
||||
|
||||
|
@ -529,7 +524,6 @@ nm_auth_manager_get ()
|
|||
void
|
||||
nm_auth_manager_force_shutdown (NMAuthManager *self)
|
||||
{
|
||||
#if WITH_POLKIT
|
||||
NMAuthManagerPrivate *priv;
|
||||
|
||||
g_return_if_fail (NM_IS_AUTH_MANAGER (self));
|
||||
|
@ -559,9 +553,6 @@ nm_auth_manager_force_shutdown (NMAuthManager *self)
|
|||
|
||||
priv->shutting_down = TRUE;
|
||||
nm_clear_g_cancellable (&priv->cancel_cancellable);
|
||||
#else
|
||||
g_return_if_fail (NM_IS_AUTH_MANAGER (self));
|
||||
#endif
|
||||
}
|
||||
|
||||
/*****************************************************************************/
|
||||
|
@ -587,11 +578,9 @@ set_property (GObject *object, guint prop_id, const GValue *value, GParamSpec *p
|
|||
static void
|
||||
nm_auth_manager_init (NMAuthManager *self)
|
||||
{
|
||||
#if WITH_POLKIT
|
||||
NMAuthManagerPrivate *priv = NM_AUTH_MANAGER_GET_PRIVATE (self);
|
||||
|
||||
c_list_init (&priv->calls_lst_head);
|
||||
#endif
|
||||
}
|
||||
|
||||
static void
|
||||
|
@ -602,7 +591,6 @@ constructed (GObject *object)
|
|||
|
||||
G_OBJECT_CLASS (nm_auth_manager_parent_class)->constructed (object);
|
||||
|
||||
#if WITH_POLKIT
|
||||
_LOGD ("create auth-manager: polkit %s", priv->polkit_enabled ? "enabled" : "disabled");
|
||||
|
||||
if (priv->polkit_enabled) {
|
||||
|
@ -617,12 +605,6 @@ constructed (GObject *object)
|
|||
_dbus_new_proxy_cb,
|
||||
self);
|
||||
}
|
||||
#else
|
||||
if (priv->polkit_enabled)
|
||||
_LOGW ("create auth-manager: polkit disabled at compile time. All authentication requests will fail");
|
||||
else
|
||||
_LOGD ("create auth-manager: polkit disabled at compile time");
|
||||
#endif
|
||||
}
|
||||
|
||||
NMAuthManager *
|
||||
|
@ -649,14 +631,11 @@ static void
|
|||
dispose (GObject *object)
|
||||
{
|
||||
NMAuthManager* self = NM_AUTH_MANAGER (object);
|
||||
#if WITH_POLKIT
|
||||
NMAuthManagerPrivate *priv = NM_AUTH_MANAGER_GET_PRIVATE (self);
|
||||
gs_free_error GError *error_disposing = NULL;
|
||||
#endif
|
||||
|
||||
_LOGD ("dispose");
|
||||
|
||||
#if WITH_POLKIT
|
||||
nm_assert (!c_list_is_empty (&priv->calls_lst_head));
|
||||
|
||||
priv->disposing = TRUE;
|
||||
|
@ -668,7 +647,6 @@ dispose (GObject *object)
|
|||
g_signal_handlers_disconnect_by_data (priv->proxy, self);
|
||||
g_clear_object (&priv->proxy);
|
||||
}
|
||||
#endif
|
||||
|
||||
G_OBJECT_CLASS (nm_auth_manager_parent_class)->dispose (object);
|
||||
}
|
||||
|
|
|
@ -72,10 +72,8 @@ _ASSERT_call (AuthCall *call)
|
|||
static void
|
||||
auth_call_free (AuthCall *call)
|
||||
{
|
||||
#if WITH_POLKIT
|
||||
if (call->call_id)
|
||||
nm_auth_manager_check_authorization_cancel (call->call_id);
|
||||
#endif
|
||||
|
||||
nm_clear_g_source (&call->call_idle_id);
|
||||
c_list_unlink_stale (&call->auth_call_lst);
|
||||
|
@ -255,7 +253,6 @@ auth_call_complete_idle_cb (gpointer user_data)
|
|||
return G_SOURCE_REMOVE;
|
||||
}
|
||||
|
||||
#if WITH_POLKIT
|
||||
static void
|
||||
pk_call_cb (NMAuthManager *auth_manager,
|
||||
NMAuthManagerCallId *call_id,
|
||||
|
@ -295,7 +292,6 @@ pk_call_cb (NMAuthManager *auth_manager,
|
|||
|
||||
auth_call_complete (call);
|
||||
}
|
||||
#endif
|
||||
|
||||
void
|
||||
nm_auth_chain_add_call (NMAuthChain *self,
|
||||
|
@ -324,21 +320,12 @@ nm_auth_chain_add_call (NMAuthChain *self,
|
|||
call->call_idle_id = g_idle_add (auth_call_complete_idle_cb, call);
|
||||
} else {
|
||||
/* Non-root always gets authenticated when using polkit */
|
||||
#if WITH_POLKIT
|
||||
call->call_id = nm_auth_manager_check_authorization (auth_manager,
|
||||
self->subject,
|
||||
permission,
|
||||
allow_interaction,
|
||||
pk_call_cb,
|
||||
call);
|
||||
#else
|
||||
if (!call->chain->error) {
|
||||
call->chain->error = g_error_new_literal (NM_MANAGER_ERROR,
|
||||
NM_MANAGER_ERROR_FAILED,
|
||||
"Polkit support is disabled at compile time");
|
||||
}
|
||||
call->call_idle_id = g_idle_add (auth_call_complete_idle_cb, call);
|
||||
#endif
|
||||
}
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in a new issue