Blob Blame Raw
From 8cd12d7d7f2af69079f357cc23d64be96e06cd87 Mon Sep 17 00:00:00 2001
From: Wes Lindauer <wesley.lindauer@gmail.com>
Date: Wed, 21 Jun 2017 11:55:59 -0400
Subject: [PATCH 14/27] cli,dbus: Allow polkit to be optional at build time

---
 configure.ac            | 13 +++++++++++--
 src/cli/abrt-cli-core.c | 10 ++++++++++
 src/dbus/abrt-polkit.c  | 20 ++++++++++++++++++--
 3 files changed, 39 insertions(+), 4 deletions(-)

diff --git a/configure.ac b/configure.ac
index 01a29e1..d277ea4 100644
--- a/configure.ac
+++ b/configure.ac
@@ -189,8 +189,6 @@ PKG_CHECK_MODULES([LIBNOTIFY], [libnotify >= 0.7.0])
 PKG_CHECK_MODULES([NSS], [nss])
 PKG_CHECK_MODULES([LIBREPORT], [libreport])
 PKG_CHECK_MODULES([LIBREPORT_GTK], [libreport-gtk])
-PKG_CHECK_MODULES([POLKIT], [polkit-gobject-1])
-PKG_CHECK_MODULES([POLKIT_AGENT], [polkit-agent-1])
 PKG_CHECK_MODULES([GIO], [gio-2.0])
 PKG_CHECK_MODULES([GIO_UNIX], [gio-unix-2.0])
 PKG_CHECK_MODULES([SATYR], [satyr])
@@ -433,6 +431,17 @@ ABRT_PARSE_WITH([rpm]))
     AC_DEFINE(HAVE_LIBRPM, [], [Have rpm support.])
 [fi]
 
+AC_ARG_WITH(polkit,
+AS_HELP_STRING([--with-polkit],[build polkit support (default is YES)]),
+ABRT_PARSE_WITH([polkit]))
+
+[if test -z "$NO_POLKIT"]
+[then]
+    PKG_CHECK_MODULES([POLKIT], [polkit-gobject-1])
+    PKG_CHECK_MODULES([POLKIT_AGENT], [polkit-agent-1])
+    AC_DEFINE(HAVE_POLKIT, [], [Have polkit support.])
+[fi]
+
 # Initialize the test suite.
 AC_CONFIG_TESTDIR(tests)
 AC_CONFIG_FILES([tests/Makefile tests/atlocal])
diff --git a/src/cli/abrt-cli-core.c b/src/cli/abrt-cli-core.c
index ca49dbd..fdd936c 100644
--- a/src/cli/abrt-cli-core.c
+++ b/src/cli/abrt-cli-core.c
@@ -23,13 +23,17 @@
 /* It is not possible to include polkitagent.h without the following define.
  * Check out the included header file.
  */
+#ifdef HAVE_POLKIT
 #define POLKIT_AGENT_I_KNOW_API_IS_SUBJECT_TO_CHANGE
 #include <polkitagent/polkitagent.h>
+#endif
 
 int g_cli_authenticate;
 
+#ifdef HAVE_POLKIT
 static PolkitAgentListener *s_local_polkit_agent = NULL;
 static gpointer s_local_agent_handle = NULL;
+#endif
 
 /* Vector of problems: */
 /* problem_data_vector[i] = { "name" = { "content", CD_FLAG_foo_bits } } */
@@ -126,6 +130,7 @@ char *hash2dirname_if_necessary(const char *input)
 
 void initialize_polkit_agent(void)
 {
+#ifdef HAVE_POLKIT
     GError *error = NULL;
     PolkitSubject *subject = polkit_unix_process_new_for_owner(
                                 getpid(),
@@ -148,13 +153,18 @@ void initialize_polkit_agent(void)
     }
 
     g_object_unref(subject);
+#else
+    log_info("Polkit support is currently disabled");
+#endif
 }
 
 void uninitialize_polkit_agent(void)
 {
+#ifdef HAVE_POLKIT
     if (s_local_agent_handle != NULL)
         polkit_agent_listener_unregister(s_local_agent_handle);
 
     if (s_local_polkit_agent != NULL)
         g_object_unref(s_local_polkit_agent);
+#endif
 }
diff --git a/src/dbus/abrt-polkit.c b/src/dbus/abrt-polkit.c
index 7ce9132..e376be1 100644
--- a/src/dbus/abrt-polkit.c
+++ b/src/dbus/abrt-polkit.c
@@ -16,7 +16,6 @@
   51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
 */
 
-#include <polkit/polkit.h>
 #include <glib-object.h>
 #include <sys/types.h>
 #include <unistd.h>
@@ -24,17 +23,23 @@
 #include "libabrt.h"
 #include "abrt-polkit.h"
 
+#ifdef HAVE_POLKIT
+#include <polkit/polkit.h>
+#endif
+
 /*number of seconds: timeout for the authorization*/
 #define POLKIT_TIMEOUT 20
 
+#ifdef HAVE_POLKIT
 static gboolean do_cancel(GCancellable* cancellable)
 {
     log("Timer has expired; cancelling authorization check\n");
     g_cancellable_cancel(cancellable);
     return FALSE;
 }
+#endif
 
-
+#ifdef HAVE_POLKIT
 static PolkitResult do_check(PolkitSubject *subject, const char *action_id)
 {
     PolkitAuthority *authority;
@@ -90,17 +95,24 @@ out:
     g_object_unref(auth_result);
     return result;
 }
+#endif
 
 PolkitResult polkit_check_authorization_dname(const char *dbus_name, const char *action_id)
 {
+#ifdef HAVE_POLKIT
     glib_init();
 
     PolkitSubject *subject = polkit_system_bus_name_new(dbus_name);
     return do_check(subject, action_id);
+#else
+    log_warning("Polkit disabled. Everyone has access to private data");
+    return PolkitYes;
+#endif
 }
 
 PolkitResult polkit_check_authorization_pid(pid_t pid, const char *action_id)
 {
+#ifdef HAVE_POLKIT
     glib_init();
 
     PolkitSubject *subject = polkit_unix_process_new_for_owner(pid,
@@ -108,4 +120,8 @@ PolkitResult polkit_check_authorization_pid(pid_t pid, const char *action_id)
             /*use uid from /proc*/ -1);
 
     return do_check(subject, action_id);
+#else
+    log_warning("Polkit disabled. Everyone has access to private data");
+    return PolkitYes;
+#endif
 }
-- 
2.9.5