summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorThomas Haller <thaller@redhat.com>2018-04-09 18:13:28 +0200
committerThomas Haller <thaller@redhat.com>2018-04-13 09:09:46 +0200
commit41abf9f8e81423eff0ef888d17a5454d0b5750bf (patch)
treeffbd8d6caf494d640c7a21e928251be51b9ba79f
parent2ea2df3184d45567fa9c44f5ef90634a779bfb75 (diff)
auth-manager: always compile D-Bus calls to polkit
Supporting PolicyKit required no additional library, just extra code to handle the D-Bus calls. For that, there was a compile time option to even stip out that code. Note, that you could (and still can) configure the system not to use policy-kit. The point was to reduce the binary size in case you don't need it. Remove this. I guess, we we aim for such aggressive optimization of the binary size, we should instead make all device types disablable at configuration time. We don't do that either and other low hanging fruits, because it's better to always enable features, unless they require external dependencies. Also, the next commit will make more use of NMAuthManager. So, having it disabled at compile time, makes even less sense.
-rw-r--r--config.h.meson3
-rw-r--r--configure.ac26
-rw-r--r--meson.build1
-rw-r--r--src/nm-auth-manager.c22
-rw-r--r--src/nm-auth-utils.c13
5 files changed, 8 insertions, 57 deletions
diff --git a/config.h.meson b/config.h.meson
index 12b35a66b9..06190aae11 100644
--- a/config.h.meson
+++ b/config.h.meson
@@ -214,9 +214,6 @@
/* Define if you have oFono support (experimental) */
#mesondefine WITH_OFONO
-/* whether to compile polkit support */
-#mesondefine WITH_POLKIT
-
/* Define if you have polkit agent */
#mesondefine WITH_POLKIT_AGENT
diff --git a/configure.ac b/configure.ac
index a0600e1ca7..c703890e1c 100644
--- a/configure.ac
+++ b/configure.ac
@@ -629,26 +629,20 @@ AM_CONDITIONAL(WITH_JSON_VALIDATION, test "${enable_json_validation}" != "no")
# we usually compile with polkit support. --enable-polkit=yes|no only sets the
# default configuration for main.auth-polkit. User can always enable/disable polkit
-# autorization via config. Only when specifying --enable-polkit=disabled, we do
-# not compile support. In this case, the user cannot enable polkit authorization via
-# configuration.
+# autorization via config.
AC_ARG_ENABLE(polkit,
- AS_HELP_STRING([--enable-polkit=yes|no|disabled],
- [set default value for auth-polkit configuration option. This value can be overwritten by NM configuration. 'disabled' compiles NM without any support]),
+ AS_HELP_STRING([--enable-polkit=yes|no],
+ [set default value for auth-polkit configuration option. This value can be overwritten by NM configuration. 'disabled' is an alias for 'no']),
[enable_polkit=${enableval}], [enable_polkit=yes])
if (test "${enable_polkit}" != "no" -a "${enable_polkit}" != "disabled"); then
- enable_polkit=yes
+ enable_polkit=true
AC_DEFINE(NM_CONFIG_DEFAULT_MAIN_AUTH_POLKIT, "true", [The default value of the auth-polkit configuration option])
AC_SUBST(NM_CONFIG_DEFAULT_MAIN_AUTH_POLKIT_TEXT, true)
else
+ enable_polkit=false
AC_DEFINE(NM_CONFIG_DEFAULT_MAIN_AUTH_POLKIT, "false", [The default value of the auth-polkit configuration option])
AC_SUBST(NM_CONFIG_DEFAULT_MAIN_AUTH_POLKIT_TEXT, false)
fi
-if (test "${enable_polkit}" != "disabled"); then
- AC_DEFINE(WITH_POLKIT, 1, [whether to compile polkit support])
-else
- AC_DEFINE(WITH_POLKIT, 0, [whether to compile polkit support])
-fi
PKG_CHECK_MODULES(POLKIT, [polkit-agent-1 >= 0.97], [have_pk_agent=yes],[have_pk_agent=no])
AC_ARG_ENABLE(polkit-agent,
@@ -1341,14 +1335,10 @@ echo
echo "Platform:"
echo " session tracking: $session_tracking"
echo " suspend/resume: $with_suspend_resume"
-if test "${enable_polkit}" = "yes"; then
- if test "${enable_modify_system}" = "yes"; then
- echo " policykit: yes (permissive modify.system) (default: main.auth-polkit=${enable_polkit})"
- else
- echo " policykit: yes (restrictive modify.system) (default: main.auth-polkit=${enable_polkit})"
- fi
+if test "${enable_modify_system}" = "yes"; then
+ echo " policykit: main.auth-polkit=${enable_polkit} (permissive modify.system)"
else
- echo " policykit: no"
+ echo " policykit: main.auth-polkit=${enable_polkit} (restrictive modify.system)"
fi
echo " polkit agent: ${enable_polkit_agent}"
echo " selinux: $have_selinux"
diff --git a/meson.build b/meson.build
index 5f29c16a69..17ddbc4a57 100644
--- a/meson.build
+++ b/meson.build
@@ -448,7 +448,6 @@ endif
config_default_main_auth_polkit = (polkit == 'yes').to_string()
config_h.set_quoted('NM_CONFIG_DEFAULT_MAIN_AUTH_POLKIT', config_default_main_auth_polkit)
-config_h.set10('WITH_POLKIT', enable_polkit)
enable_modify_system = get_option('modify_system')
diff --git a/src/nm-auth-manager.c b/src/nm-auth-manager.c
index 784a8f23f1..ee63df6f56 100644
--- a/src/nm-auth-manager.c
+++ b/src/nm-auth-manager.c
@@ -48,13 +48,11 @@ enum {
static guint signals[LAST_SIGNAL] = {0};
typedef struct {
-#if WITH_POLKIT
CList calls_lst_head;
GDBusProxy *proxy;
GCancellable *new_proxy_cancellable;
GCancellable *cancel_cancellable;
guint64 call_numid_counter;
-#endif
bool polkit_enabled:1;
bool disposing:1;
bool shutting_down:1;
@@ -120,8 +118,6 @@ nm_auth_manager_get_polkit_enabled (NMAuthManager *self)
/*****************************************************************************/
-#if WITH_POLKIT
-
typedef enum {
POLKIT_CHECK_AUTHORIZATION_FLAGS_NONE = 0,
POLKIT_CHECK_AUTHORIZATION_FLAGS_ALLOW_USER_INTERACTION = (1<<0),
@@ -514,7 +510,6 @@ _dbus_new_proxy_cb (GObject *source_object,
_emit_changed_signal (self);
}
-#endif
/*****************************************************************************/
@@ -529,7 +524,6 @@ nm_auth_manager_get ()
void
nm_auth_manager_force_shutdown (NMAuthManager *self)
{
-#if WITH_POLKIT
NMAuthManagerPrivate *priv;
g_return_if_fail (NM_IS_AUTH_MANAGER (self));
@@ -559,9 +553,6 @@ nm_auth_manager_force_shutdown (NMAuthManager *self)
priv->shutting_down = TRUE;
nm_clear_g_cancellable (&priv->cancel_cancellable);
-#else
- g_return_if_fail (NM_IS_AUTH_MANAGER (self));
-#endif
}
/*****************************************************************************/
@@ -587,11 +578,9 @@ set_property (GObject *object, guint prop_id, const GValue *value, GParamSpec *p
static void
nm_auth_manager_init (NMAuthManager *self)
{
-#if WITH_POLKIT
NMAuthManagerPrivate *priv = NM_AUTH_MANAGER_GET_PRIVATE (self);
c_list_init (&priv->calls_lst_head);
-#endif
}
static void
@@ -602,7 +591,6 @@ constructed (GObject *object)
G_OBJECT_CLASS (nm_auth_manager_parent_class)->constructed (object);
-#if WITH_POLKIT
_LOGD ("create auth-manager: polkit %s", priv->polkit_enabled ? "enabled" : "disabled");
if (priv->polkit_enabled) {
@@ -617,12 +605,6 @@ constructed (GObject *object)
_dbus_new_proxy_cb,
self);
}
-#else
- if (priv->polkit_enabled)
- _LOGW ("create auth-manager: polkit disabled at compile time. All authentication requests will fail");
- else
- _LOGD ("create auth-manager: polkit disabled at compile time");
-#endif
}
NMAuthManager *
@@ -649,14 +631,11 @@ static void
dispose (GObject *object)
{
NMAuthManager* self = NM_AUTH_MANAGER (object);
-#if WITH_POLKIT
NMAuthManagerPrivate *priv = NM_AUTH_MANAGER_GET_PRIVATE (self);
gs_free_error GError *error_disposing = NULL;
-#endif
_LOGD ("dispose");
-#if WITH_POLKIT
nm_assert (!c_list_is_empty (&priv->calls_lst_head));
priv->disposing = TRUE;
@@ -668,7 +647,6 @@ dispose (GObject *object)
g_signal_handlers_disconnect_by_data (priv->proxy, self);
g_clear_object (&priv->proxy);
}
-#endif
G_OBJECT_CLASS (nm_auth_manager_parent_class)->dispose (object);
}
diff --git a/src/nm-auth-utils.c b/src/nm-auth-utils.c
index ffb8f39d78..d641621bf2 100644
--- a/src/nm-auth-utils.c
+++ b/src/nm-auth-utils.c
@@ -72,10 +72,8 @@ _ASSERT_call (AuthCall *call)
static void
auth_call_free (AuthCall *call)
{
-#if WITH_POLKIT
if (call->call_id)
nm_auth_manager_check_authorization_cancel (call->call_id);
-#endif
nm_clear_g_source (&call->call_idle_id);
c_list_unlink_stale (&call->auth_call_lst);
@@ -255,7 +253,6 @@ auth_call_complete_idle_cb (gpointer user_data)
return G_SOURCE_REMOVE;
}
-#if WITH_POLKIT
static void
pk_call_cb (NMAuthManager *auth_manager,
NMAuthManagerCallId *call_id,
@@ -295,7 +292,6 @@ pk_call_cb (NMAuthManager *auth_manager,
auth_call_complete (call);
}
-#endif
void
nm_auth_chain_add_call (NMAuthChain *self,
@@ -324,21 +320,12 @@ nm_auth_chain_add_call (NMAuthChain *self,
call->call_idle_id = g_idle_add (auth_call_complete_idle_cb, call);
} else {
/* Non-root always gets authenticated when using polkit */
-#if WITH_POLKIT
call->call_id = nm_auth_manager_check_authorization (auth_manager,
self->subject,
permission,
allow_interaction,
pk_call_cb,
call);
-#else
- if (!call->chain->error) {
- call->chain->error = g_error_new_literal (NM_MANAGER_ERROR,
- NM_MANAGER_ERROR_FAILED,
- "Polkit support is disabled at compile time");
- }
- call->call_idle_id = g_idle_add (auth_call_complete_idle_cb, call);
-#endif
}
}