From 940198e7ba4708c6a737dc2b204e84ef98c74ddf Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Wed, 3 Jun 2015 18:22:15 -0400 Subject: [PATCH] authority: Explicitly operate on UnixUser/uids The session monitor always returns `PolkitUnixUser*` when looking up users. For a future patch, we want to look directly at their UIDs, rather than fighting the `PolkitIdentity` abstraction. Change the code here to cast to `PolkitUnixUser*`, and operate on them that way. --- .../polkitbackendinteractiveauthority.c | 21 ++++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c index c9e10d8..aae8cfb 100644 --- a/src/polkitbackend/polkitbackendinteractiveauthority.c +++ b/src/polkitbackend/polkitbackendinteractiveauthority.c @@ -2373,8 +2373,10 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken PolkitBackendInteractiveAuthority *interactive_authority; PolkitBackendInteractiveAuthorityPrivate *priv; PolkitSubject *session_for_caller; - PolkitIdentity *user_of_caller; - PolkitIdentity *user_of_subject; + PolkitUnixUser *user_of_caller; + gint caller_uid; + PolkitUnixUser *user_of_subject; + gint subject_uid; AuthenticationAgent *agent; gboolean ret; gchar *caller_cmdline; @@ -2427,7 +2429,7 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken goto out; } - user_of_caller = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, caller, NULL); + user_of_caller = (PolkitUnixUser*)polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, caller, NULL); if (user_of_caller == NULL) { g_set_error (error, @@ -2436,7 +2438,9 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken "Cannot determine user of caller"); goto out; } - user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, subject, NULL); + caller_uid = polkit_unix_user_get_uid (user_of_caller); + + user_of_subject = (PolkitUnixUser*)polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, subject, NULL); if (user_of_subject == NULL) { g_set_error (error, @@ -2445,9 +2449,11 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken "Cannot determine user of subject"); goto out; } - if (!polkit_identity_equal (user_of_caller, user_of_subject)) + subject_uid = polkit_unix_user_get_uid (user_of_subject); + + if (caller_uid != subject_uid) { - if (POLKIT_IS_UNIX_USER (user_of_caller) && polkit_unix_user_get_uid (POLKIT_UNIX_USER (user_of_caller)) == 0) + if (caller_uid == 0) { /* explicitly allow uid 0 to register for other users */ } @@ -2456,7 +2462,8 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken g_set_error (error, POLKIT_ERROR, POLKIT_ERROR_FAILED, - "User of caller and user of subject differs."); + "User of caller (%d) and user of subject (%d) differ", + caller_uid, subject_uid); goto out; } } -- 1.8.3.1