From 41abf9f8e81423eff0ef888d17a5454d0b5750bf Mon Sep 17 00:00:00 2001
From: Thomas Haller <thaller@redhat.com>
Date: Mon, 9 Apr 2018 18:13:28 +0200
Subject: auth-manager: always compile D-Bus calls to polkit

Supporting PolicyKit required no additional library, just extra code
to handle the D-Bus calls. For that, there was a compile time option
to even stip out that code. Note, that you could (and still can)
configure the system not to use policy-kit. The point was to reduce
the binary size in case you don't need it.

Remove this. I guess, we we aim for such aggressive optimization of
the binary size, we should instead make all device types disablable
at configuration time. We don't do that either and other low hanging
fruits, because it's better to always enable features, unless they
require external dependencies.

Also, the next commit will make more use of NMAuthManager. So, having
it disabled at compile time, makes even less sense.
---
 config.h.meson        |  3 ---
 configure.ac          | 26 ++++++++------------------
 meson.build           |  1 -
 src/nm-auth-manager.c | 22 ----------------------
 src/nm-auth-utils.c   | 13 -------------
 5 files changed, 8 insertions(+), 57 deletions(-)

diff --git a/config.h.meson b/config.h.meson
index 12b35a66b9..06190aae11 100644
--- a/config.h.meson
+++ b/config.h.meson
@@ -214,9 +214,6 @@
 /* Define if you have oFono support (experimental) */
 #mesondefine WITH_OFONO
 
-/* whether to compile polkit support */
-#mesondefine WITH_POLKIT
-
 /* Define if you have polkit agent */
 #mesondefine WITH_POLKIT_AGENT
 
diff --git a/configure.ac b/configure.ac
index a0600e1ca7..c703890e1c 100644
--- a/configure.ac
+++ b/configure.ac
@@ -629,26 +629,20 @@ AM_CONDITIONAL(WITH_JSON_VALIDATION, test "${enable_json_validation}" != "no")
 
 # we usually compile with polkit support. --enable-polkit=yes|no only sets the
 # default configuration for main.auth-polkit. User can always enable/disable polkit
-# autorization via config. Only when specifying --enable-polkit=disabled, we do
-# not compile support. In this case, the user cannot enable polkit authorization via
-# configuration.
+# autorization via config.
 AC_ARG_ENABLE(polkit,
-              AS_HELP_STRING([--enable-polkit=yes|no|disabled],
-                             [set default value for auth-polkit configuration option. This value can be overwritten by NM configuration. 'disabled' compiles NM without any support]),
+              AS_HELP_STRING([--enable-polkit=yes|no],
+                             [set default value for auth-polkit configuration option. This value can be overwritten by NM configuration. 'disabled' is an alias for 'no']),
               [enable_polkit=${enableval}], [enable_polkit=yes])
 if (test "${enable_polkit}" != "no" -a "${enable_polkit}" != "disabled"); then
-	enable_polkit=yes
+	enable_polkit=true
 	AC_DEFINE(NM_CONFIG_DEFAULT_MAIN_AUTH_POLKIT, "true", [The default value of the auth-polkit configuration option])
 	AC_SUBST(NM_CONFIG_DEFAULT_MAIN_AUTH_POLKIT_TEXT, true)
 else
+	enable_polkit=false
 	AC_DEFINE(NM_CONFIG_DEFAULT_MAIN_AUTH_POLKIT, "false", [The default value of the auth-polkit configuration option])
 	AC_SUBST(NM_CONFIG_DEFAULT_MAIN_AUTH_POLKIT_TEXT, false)
 fi
-if (test "${enable_polkit}" != "disabled"); then
-	AC_DEFINE(WITH_POLKIT, 1, [whether to compile polkit support])
-else
-	AC_DEFINE(WITH_POLKIT, 0, [whether to compile polkit support])
-fi
 
 PKG_CHECK_MODULES(POLKIT, [polkit-agent-1 >= 0.97], [have_pk_agent=yes],[have_pk_agent=no])
 AC_ARG_ENABLE(polkit-agent,
@@ -1341,14 +1335,10 @@ echo
 echo "Platform:"
 echo "  session tracking: $session_tracking"
 echo "  suspend/resume: $with_suspend_resume"
-if test "${enable_polkit}" = "yes"; then
-	if test "${enable_modify_system}" = "yes"; then
-		echo "  policykit: yes (permissive modify.system) (default: main.auth-polkit=${enable_polkit})"
-	else
-		echo "  policykit: yes (restrictive modify.system) (default: main.auth-polkit=${enable_polkit})"
-	fi
+if test "${enable_modify_system}" = "yes"; then
+	echo "  policykit: main.auth-polkit=${enable_polkit} (permissive modify.system)"
 else
-	echo  "  policykit: no"
+	echo "  policykit: main.auth-polkit=${enable_polkit} (restrictive modify.system)"
 fi
 echo "  polkit agent: ${enable_polkit_agent}"
 echo "  selinux: $have_selinux"
diff --git a/meson.build b/meson.build
index 5f29c16a69..17ddbc4a57 100644
--- a/meson.build
+++ b/meson.build
@@ -448,7 +448,6 @@ endif
 
 config_default_main_auth_polkit = (polkit == 'yes').to_string()
 config_h.set_quoted('NM_CONFIG_DEFAULT_MAIN_AUTH_POLKIT', config_default_main_auth_polkit)
-config_h.set10('WITH_POLKIT', enable_polkit)
 
 enable_modify_system = get_option('modify_system')
 
diff --git a/src/nm-auth-manager.c b/src/nm-auth-manager.c
index 784a8f23f1..ee63df6f56 100644
--- a/src/nm-auth-manager.c
+++ b/src/nm-auth-manager.c
@@ -48,13 +48,11 @@ enum {
 static guint signals[LAST_SIGNAL] = {0};
 
 typedef struct {
-#if WITH_POLKIT
 	CList calls_lst_head;
 	GDBusProxy *proxy;
 	GCancellable *new_proxy_cancellable;
 	GCancellable *cancel_cancellable;
 	guint64 call_numid_counter;
-#endif
 	bool polkit_enabled:1;
 	bool disposing:1;
 	bool shutting_down:1;
@@ -120,8 +118,6 @@ nm_auth_manager_get_polkit_enabled (NMAuthManager *self)
 
 /*****************************************************************************/
 
-#if WITH_POLKIT
-
 typedef enum {
 	POLKIT_CHECK_AUTHORIZATION_FLAGS_NONE                   = 0,
 	POLKIT_CHECK_AUTHORIZATION_FLAGS_ALLOW_USER_INTERACTION = (1<<0),
@@ -514,7 +510,6 @@ _dbus_new_proxy_cb (GObject *source_object,
 
 	_emit_changed_signal (self);
 }
-#endif
 
 /*****************************************************************************/
 
@@ -529,7 +524,6 @@ nm_auth_manager_get ()
 void
 nm_auth_manager_force_shutdown (NMAuthManager *self)
 {
-#if WITH_POLKIT
 	NMAuthManagerPrivate *priv;
 
 	g_return_if_fail (NM_IS_AUTH_MANAGER (self));
@@ -559,9 +553,6 @@ nm_auth_manager_force_shutdown (NMAuthManager *self)
 
 	priv->shutting_down = TRUE;
 	nm_clear_g_cancellable (&priv->cancel_cancellable);
-#else
-	g_return_if_fail (NM_IS_AUTH_MANAGER (self));
-#endif
 }
 
 /*****************************************************************************/
@@ -587,11 +578,9 @@ set_property (GObject *object, guint prop_id, const GValue *value, GParamSpec *p
 static void
 nm_auth_manager_init (NMAuthManager *self)
 {
-#if WITH_POLKIT
 	NMAuthManagerPrivate *priv = NM_AUTH_MANAGER_GET_PRIVATE (self);
 
 	c_list_init (&priv->calls_lst_head);
-#endif
 }
 
 static void
@@ -602,7 +591,6 @@ constructed (GObject *object)
 
 	G_OBJECT_CLASS (nm_auth_manager_parent_class)->constructed (object);
 
-#if WITH_POLKIT
 	_LOGD ("create auth-manager: polkit %s", priv->polkit_enabled ? "enabled" : "disabled");
 
 	if (priv->polkit_enabled) {
@@ -617,12 +605,6 @@ constructed (GObject *object)
 		                          _dbus_new_proxy_cb,
 		                          self);
 	}
-#else
-	if (priv->polkit_enabled)
-		_LOGW ("create auth-manager: polkit disabled at compile time. All authentication requests will fail");
-	else
-		_LOGD ("create auth-manager: polkit disabled at compile time");
-#endif
 }
 
 NMAuthManager *
@@ -649,14 +631,11 @@ static void
 dispose (GObject *object)
 {
 	NMAuthManager* self = NM_AUTH_MANAGER (object);
-#if WITH_POLKIT
 	NMAuthManagerPrivate *priv = NM_AUTH_MANAGER_GET_PRIVATE (self);
 	gs_free_error GError *error_disposing = NULL;
-#endif
 
 	_LOGD ("dispose");
 
-#if WITH_POLKIT
 	nm_assert (!c_list_is_empty (&priv->calls_lst_head));
 
 	priv->disposing = TRUE;
@@ -668,7 +647,6 @@ dispose (GObject *object)
 		g_signal_handlers_disconnect_by_data (priv->proxy, self);
 		g_clear_object (&priv->proxy);
 	}
-#endif
 
 	G_OBJECT_CLASS (nm_auth_manager_parent_class)->dispose (object);
 }
diff --git a/src/nm-auth-utils.c b/src/nm-auth-utils.c
index ffb8f39d78..d641621bf2 100644
--- a/src/nm-auth-utils.c
+++ b/src/nm-auth-utils.c
@@ -72,10 +72,8 @@ _ASSERT_call (AuthCall *call)
 static void
 auth_call_free (AuthCall *call)
 {
-#if WITH_POLKIT
 	if (call->call_id)
 		nm_auth_manager_check_authorization_cancel (call->call_id);
-#endif
 
 	nm_clear_g_source (&call->call_idle_id);
 	c_list_unlink_stale (&call->auth_call_lst);
@@ -255,7 +253,6 @@ auth_call_complete_idle_cb (gpointer user_data)
 	return G_SOURCE_REMOVE;
 }
 
-#if WITH_POLKIT
 static void
 pk_call_cb (NMAuthManager *auth_manager,
             NMAuthManagerCallId *call_id,
@@ -295,7 +292,6 @@ pk_call_cb (NMAuthManager *auth_manager,
 
 	auth_call_complete (call);
 }
-#endif
 
 void
 nm_auth_chain_add_call (NMAuthChain *self,
@@ -324,21 +320,12 @@ nm_auth_chain_add_call (NMAuthChain *self,
 		call->call_idle_id = g_idle_add (auth_call_complete_idle_cb, call);
 	} else {
 		/* Non-root always gets authenticated when using polkit */
-#if WITH_POLKIT
 		call->call_id = nm_auth_manager_check_authorization (auth_manager,
 		                                                     self->subject,
 		                                                     permission,
 		                                                     allow_interaction,
 		                                                     pk_call_cb,
 		                                                     call);
-#else
-		if (!call->chain->error) {
-			call->chain->error = g_error_new_literal (NM_MANAGER_ERROR,
-			                                          NM_MANAGER_ERROR_FAILED,
-			                                          "Polkit support is disabled at compile time");
-		}
-		call->call_idle_id = g_idle_add (auth_call_complete_idle_cb, call);
-#endif
 	}
 }
 
-- 
cgit v1.2.3