summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2012-11-09 15:54:22 +0100
committerLennart Poettering <lennart@poettering.net>2012-11-09 15:55:36 +0100
commitbece1f5215b4ff147e000255d07f6b3cc777f15b (patch)
tree886b5677a76aa4e78d981c603d1281ced3d94547
parent43f9cc65c2caa679019c3cfbd1aff66c6c59d410 (diff)
dbus: when verifying PK privs, bypass PK if uid=0 of client
This reduces the number of roundtrips when the client is privileged and makes the PK dep optional for root clients.
-rw-r--r--src/shared/polkit.c10
1 files changed, 9 insertions, 1 deletions
diff --git a/src/shared/polkit.c b/src/shared/polkit.c
index 14e27cdc60..9ed6ff2717 100644
--- a/src/shared/polkit.c
+++ b/src/shared/polkit.c
@@ -46,6 +46,7 @@ int verify_polkit(
DBusMessageIter iter_msg, iter_struct, iter_array, iter_dict, iter_variant;
int r;
dbus_bool_t authorized = FALSE, challenge = FALSE;
+ unsigned long ul;
assert(c);
assert(request);
@@ -54,6 +55,14 @@ int verify_polkit(
if (!sender)
return -EINVAL;
+ ul = dbus_bus_get_unix_user(c, sender, error);
+ if (ul == (unsigned) -1)
+ return -EINVAL;
+
+ /* Shortcut things for root, to avoid the PK roundtrip and dependency */
+ if (ul == 0)
+ return 1;
+
pid_raw = bus_get_unix_process_id(c, sender, error);
if (pid_raw == 0)
return -EINVAL;
@@ -144,7 +153,6 @@ int verify_polkit(
r = -EPERM;
finish:
-
if (m)
dbus_message_unref(m);