From 940198e7ba4708c6a737dc2b204e84ef98c74ddf Mon Sep 17 00:00:00 2001
From: Colin Walters <walters@verbum.org>
Date: Wed, 3 Jun 2015 18:22:15 -0400
Subject: [PATCH] authority: Explicitly operate on UnixUser/uids

The session monitor always returns `PolkitUnixUser*` when looking up
users.  For a future patch, we want to look directly at their UIDs,
rather than fighting the `PolkitIdentity` abstraction.

Change the code here to cast to `PolkitUnixUser*`, and operate on them
that way.
---
 .../polkitbackendinteractiveauthority.c             | 21 ++++++++++++++-------
 1 file changed, 14 insertions(+), 7 deletions(-)

diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c
index c9e10d8..aae8cfb 100644
--- a/src/polkitbackend/polkitbackendinteractiveauthority.c
+++ b/src/polkitbackend/polkitbackendinteractiveauthority.c
@@ -2373,8 +2373,10 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken
   PolkitBackendInteractiveAuthority *interactive_authority;
   PolkitBackendInteractiveAuthorityPrivate *priv;
   PolkitSubject *session_for_caller;
-  PolkitIdentity *user_of_caller;
-  PolkitIdentity *user_of_subject;
+  PolkitUnixUser *user_of_caller;
+  gint caller_uid;
+  PolkitUnixUser *user_of_subject;
+  gint subject_uid;
   AuthenticationAgent *agent;
   gboolean ret;
   gchar *caller_cmdline;
@@ -2427,7 +2429,7 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken
       goto out;
     }
 
-  user_of_caller = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, caller, NULL);
+  user_of_caller = (PolkitUnixUser*)polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, caller, NULL);
   if (user_of_caller == NULL)
     {
       g_set_error (error,
@@ -2436,7 +2438,9 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken
                    "Cannot determine user of caller");
       goto out;
     }
-  user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, subject, NULL);
+  caller_uid = polkit_unix_user_get_uid (user_of_caller);
+
+  user_of_subject = (PolkitUnixUser*)polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, subject, NULL);
   if (user_of_subject == NULL)
     {
       g_set_error (error,
@@ -2445,9 +2449,11 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken
                    "Cannot determine user of subject");
       goto out;
     }
-  if (!polkit_identity_equal (user_of_caller, user_of_subject))
+  subject_uid = polkit_unix_user_get_uid (user_of_subject);
+
+  if (caller_uid != subject_uid)
     {
-      if (POLKIT_IS_UNIX_USER (user_of_caller) && polkit_unix_user_get_uid (POLKIT_UNIX_USER (user_of_caller)) == 0)
+      if (caller_uid == 0)
         {
           /* explicitly allow uid 0 to register for other users */
         }
@@ -2456,7 +2462,8 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken
           g_set_error (error,
                        POLKIT_ERROR,
                        POLKIT_ERROR_FAILED,
-                       "User of caller and user of subject differs.");
+                       "User of caller (%d) and user of subject (%d) differ",
+                       caller_uid, subject_uid);
           goto out;
         }
     }
-- 
1.8.3.1