dbus: when verifying PK privs, bypass PK if uid=0 of client

This reduces the number of roundtrips when the client is privileged and makes the PK dep optional for root clients.
2012-11-09 15:54:22 +01:00 · 2012-11-09 15:54:22 +01:00 · bece1f5215
parent 43f9cc65c2
commit bece1f5215
1 changed files with 9 additions and 1 deletions
--- a/src/shared/polkit.c
+++ b/src/shared/polkit.c
@ -46,6 +46,7 @@ int verify_polkit(
        DBusMessageIter iter_msg, iter_struct, iter_array, iter_dict, iter_variant;
        int r;
        dbus_bool_t authorized = FALSE, challenge = FALSE;
+        unsigned long ul;

        assert(c);
        assert(request);
@ -54,6 +55,14 @@ int verify_polkit(
        if (!sender)
                return -EINVAL;

+        ul = dbus_bus_get_unix_user(c, sender, error);
+        if (ul == (unsigned) -1)
+                return -EINVAL;
+
+        /* Shortcut things for root, to avoid the PK roundtrip and dependency */
+        if (ul == 0)
+                return 1;
+
        pid_raw = bus_get_unix_process_id(c, sender, error);
        if (pid_raw == 0)
                return -EINVAL;
@ -144,7 +153,6 @@ int verify_polkit(
                r = -EPERM;

 finish:
-
        if (m)
                dbus_message_unref(m);