From 8cd12d7d7f2af69079f357cc23d64be96e06cd87 Mon Sep 17 00:00:00 2001
From: Wes Lindauer <wesley.lindauer@gmail.com>
Date: Wed, 21 Jun 2017 11:55:59 -0400
Subject: [PATCH 14/27] cli,dbus: Allow polkit to be optional at build time
---
configure.ac | 13 +++++++++++--
src/cli/abrt-cli-core.c | 10 ++++++++++
src/dbus/abrt-polkit.c | 20 ++++++++++++++++++--
3 files changed, 39 insertions(+), 4 deletions(-)
diff --git a/configure.ac b/configure.ac
index 01a29e1..d277ea4 100644
--- a/configure.ac
+++ b/configure.ac
@@ -189,8 +189,6 @@ PKG_CHECK_MODULES([LIBNOTIFY], [libnotify >= 0.7.0])
PKG_CHECK_MODULES([NSS], [nss])
PKG_CHECK_MODULES([LIBREPORT], [libreport])
PKG_CHECK_MODULES([LIBREPORT_GTK], [libreport-gtk])
-PKG_CHECK_MODULES([POLKIT], [polkit-gobject-1])
-PKG_CHECK_MODULES([POLKIT_AGENT], [polkit-agent-1])
PKG_CHECK_MODULES([GIO], [gio-2.0])
PKG_CHECK_MODULES([GIO_UNIX], [gio-unix-2.0])
PKG_CHECK_MODULES([SATYR], [satyr])
@@ -433,6 +431,17 @@ ABRT_PARSE_WITH([rpm]))
AC_DEFINE(HAVE_LIBRPM, [], [Have rpm support.])
[fi]
+AC_ARG_WITH(polkit,
+AS_HELP_STRING([--with-polkit],[build polkit support (default is YES)]),
+ABRT_PARSE_WITH([polkit]))
+
+[if test -z "$NO_POLKIT"]
+[then]
+ PKG_CHECK_MODULES([POLKIT], [polkit-gobject-1])
+ PKG_CHECK_MODULES([POLKIT_AGENT], [polkit-agent-1])
+ AC_DEFINE(HAVE_POLKIT, [], [Have polkit support.])
+[fi]
+
# Initialize the test suite.
AC_CONFIG_TESTDIR(tests)
AC_CONFIG_FILES([tests/Makefile tests/atlocal])
diff --git a/src/cli/abrt-cli-core.c b/src/cli/abrt-cli-core.c
index ca49dbd..fdd936c 100644
--- a/src/cli/abrt-cli-core.c
+++ b/src/cli/abrt-cli-core.c
@@ -23,13 +23,17 @@
/* It is not possible to include polkitagent.h without the following define.
* Check out the included header file.
*/
+#ifdef HAVE_POLKIT
#define POLKIT_AGENT_I_KNOW_API_IS_SUBJECT_TO_CHANGE
#include <polkitagent/polkitagent.h>
+#endif
int g_cli_authenticate;
+#ifdef HAVE_POLKIT
static PolkitAgentListener *s_local_polkit_agent = NULL;
static gpointer s_local_agent_handle = NULL;
+#endif
/* Vector of problems: */
/* problem_data_vector[i] = { "name" = { "content", CD_FLAG_foo_bits } } */
@@ -126,6 +130,7 @@ char *hash2dirname_if_necessary(const char *input)
void initialize_polkit_agent(void)
{
+#ifdef HAVE_POLKIT
GError *error = NULL;
PolkitSubject *subject = polkit_unix_process_new_for_owner(
getpid(),
@@ -148,13 +153,18 @@ void initialize_polkit_agent(void)
}
g_object_unref(subject);
+#else
+ log_info("Polkit support is currently disabled");
+#endif
}
void uninitialize_polkit_agent(void)
{
+#ifdef HAVE_POLKIT
if (s_local_agent_handle != NULL)
polkit_agent_listener_unregister(s_local_agent_handle);
if (s_local_polkit_agent != NULL)
g_object_unref(s_local_polkit_agent);
+#endif
}
diff --git a/src/dbus/abrt-polkit.c b/src/dbus/abrt-polkit.c
index 7ce9132..e376be1 100644
--- a/src/dbus/abrt-polkit.c
+++ b/src/dbus/abrt-polkit.c
@@ -16,7 +16,6 @@
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/
-#include <polkit/polkit.h>
#include <glib-object.h>
#include <sys/types.h>
#include <unistd.h>
@@ -24,17 +23,23 @@
#include "libabrt.h"
#include "abrt-polkit.h"
+#ifdef HAVE_POLKIT
+#include <polkit/polkit.h>
+#endif
+
/*number of seconds: timeout for the authorization*/
#define POLKIT_TIMEOUT 20
+#ifdef HAVE_POLKIT
static gboolean do_cancel(GCancellable* cancellable)
{
log("Timer has expired; cancelling authorization check\n");
g_cancellable_cancel(cancellable);
return FALSE;
}
+#endif
-
+#ifdef HAVE_POLKIT
static PolkitResult do_check(PolkitSubject *subject, const char *action_id)
{
PolkitAuthority *authority;
@@ -90,17 +95,24 @@ out:
g_object_unref(auth_result);
return result;
}
+#endif
PolkitResult polkit_check_authorization_dname(const char *dbus_name, const char *action_id)
{
+#ifdef HAVE_POLKIT
glib_init();
PolkitSubject *subject = polkit_system_bus_name_new(dbus_name);
return do_check(subject, action_id);
+#else
+ log_warning("Polkit disabled. Everyone has access to private data");
+ return PolkitYes;
+#endif
}
PolkitResult polkit_check_authorization_pid(pid_t pid, const char *action_id)
{
+#ifdef HAVE_POLKIT
glib_init();
PolkitSubject *subject = polkit_unix_process_new_for_owner(pid,
@@ -108,4 +120,8 @@ PolkitResult polkit_check_authorization_pid(pid_t pid, const char *action_id)
/*use uid from /proc*/ -1);
return do_check(subject, action_id);
+#else
+ log_warning("Polkit disabled. Everyone has access to private data");
+ return PolkitYes;
+#endif
}
--
2.9.5