From b6a63ff025894b4f6390b31deff145b425d50dc5 Mon Sep 17 00:00:00 2001
From: Dan Williams <dcbw@redhat.com>
Date: Wed, 18 May 2011 22:38:39 -0500
Subject: [PATCH] core: allow build-time enable/disable of PolicyKit

When PK is turned off, everything is authorized.
---
 configure.ac          | 22 ++++++++++++++++++++--
 src/nm-manager-auth.c | 37 ++++++++++++++++++++++++++++++++-----
 2 files changed, 52 insertions(+), 7 deletions(-)

diff --git a/configure.ac b/configure.ac
index e34f3f7964..d4e7408ef0 100644
--- a/configure.ac
+++ b/configure.ac
@@ -337,8 +337,20 @@ else
 fi
 AM_CONDITIONAL(WITH_WIMAX, test "${enable_wimax}" = "yes")
 
-PKG_CHECK_MODULES(POLKIT, polkit-gobject-1 >= 0.97)
-AC_SUBST(POLKIT_CFLAGS)
+PKG_CHECK_MODULES(POLKIT, [polkit-gobject-1 >= 0.97], [have_polkit=yes],[have_polkit=no])
+AC_ARG_ENABLE(polkit, AS_HELP_STRING([--enable-polkit], [enable PolicyKit support]),
+                     [enable_polkit=${enableval}], [enable_polkit=${have_polkit}])
+if (test "${enable_polkit}" = "yes"); then
+	if test x"$have_polkit" = x"no"; then
+		AC_MSG_ERROR(PolicyKit development headers are required)
+	fi
+	AC_SUBST(POLKIT_CFLAGS)
+	AC_SUBST(POLKIT_LIBS)
+	AC_DEFINE(WITH_POLKIT, 1, [Define if you have PolicyKit support])
+else
+	AC_DEFINE(WITH_POLKIT, 0, [Define if you have PolicyKit support])
+fi
+AM_CONDITIONAL(WITH_POLKIT, test "${enable_polkit}" = "yes")
 
 AC_ARG_WITH(crypto, AS_HELP_STRING([--with-crypto=nss | gnutls], [Cryptography library to use for certificate and key operations]),ac_crypto=$withval, ac_crypto=nss)
 
@@ -701,6 +713,12 @@ else
 	echo systemd support: no
 fi
 
+if test "${enable_polkit}" = "yes"; then
+	echo PolicyKit support: yes
+else
+	echo PolicyKit support: no
+fi
+
 if test -n "${with_ck}"; then
 	echo ConsoleKit support: ${with_ck}
 else
diff --git a/src/nm-manager-auth.c b/src/nm-manager-auth.c
index 9b3588cbcb..e41d9c63f6 100644
--- a/src/nm-manager-auth.c
+++ b/src/nm-manager-auth.c
@@ -18,9 +18,16 @@
  * Copyright (C) 2010 Red Hat, Inc.
  */
 
+#include <config.h>
 #include <string.h>
 #include <dbus/dbus-glib-lowlevel.h>
+#include <gio/gio.h>
+
+#if WITH_POLKIT
 #include <polkit/polkit.h>
+#else
+typedef guint PolkitAuthority;
+#endif
 
 #include "nm-setting-connection.h"
 #include "nm-manager-auth.h"
@@ -65,6 +72,7 @@ free_data (gpointer data)
 	g_free (tmp);
 }
 
+#if WITH_POLKIT
 static PolkitAuthority *
 pk_authority_get (void)
 {
@@ -85,6 +93,13 @@ pk_authority_get (void)
 	/* Yes, ref every time; we want to keep the object alive */
 	return g_object_ref (authority);
 }
+#else
+static PolkitAuthority *
+pk_authority_get (void)
+{
+	return NULL;
+}
+#endif
 
 static NMAuthChain *
 _auth_chain_new (DBusGMethodInvocation *context,
@@ -267,6 +282,7 @@ polkit_call_free (PolkitCall *call)
 	g_free (call);
 }
 
+#if WITH_POLKIT
 static void
 pk_call_cb (GObject *object, GAsyncResult *result, gpointer user_data)
 {
@@ -317,9 +333,10 @@ pk_call_cb (GObject *object, GAsyncResult *result, gpointer user_data)
 	if (pk_result)
 		g_object_unref (pk_result);
 }
+#endif
 
 static gboolean
-polkit_call_error_idle_cb (gpointer user_data)
+polkit_call_early_finish_idle_cb (gpointer user_data)
 {
 	PolkitCall *call = user_data;
 
@@ -331,11 +348,11 @@ polkit_call_error_idle_cb (gpointer user_data)
 }
 
 static void
-polkit_call_schedule_error (PolkitCall *call)
+polkit_call_schedule_early_finish (PolkitCall *call, GError *error)
 {
 	if (!call->chain->error)
-		call->chain->error = g_error_new_literal (0, 0, "PolicyKit unavailable");
-	call->idle_id = g_idle_add (polkit_call_error_idle_cb, call);
+		call->chain->error = error;
+	call->idle_id = g_idle_add (polkit_call_early_finish_idle_cb, call);
 }
 
 gboolean
@@ -344,16 +361,20 @@ nm_auth_chain_add_call (NMAuthChain *self,
                         gboolean allow_interaction)
 {
 	PolkitCall *call;
+#if WITH_POLKIT
 	PolkitSubject *subject;
 	PolkitCheckAuthorizationFlags flags = POLKIT_CHECK_AUTHORIZATION_FLAGS_NONE;
+#endif
 
 	g_return_val_if_fail (self != NULL, FALSE);
 	g_return_val_if_fail (self->owner != NULL, FALSE);
 	g_return_val_if_fail (permission != NULL, FALSE);
 
+#if WITH_POLKIT
 	subject = polkit_system_bus_name_new (self->owner);
 	if (!subject)
 		return FALSE;
+#endif
 
 	call = g_malloc0 (sizeof (PolkitCall));
 	call->chain = self;
@@ -362,9 +383,10 @@ nm_auth_chain_add_call (NMAuthChain *self,
 
 	self->calls = g_slist_append (self->calls, call);
 
+#if WITH_POLKIT
 	if (self->authority == NULL) {
 		/* No polkit, no authorization */
-		polkit_call_schedule_error (call);
+		polkit_call_schedule_early_finish (call, g_error_new_literal (0, 0, "PolicyKit unavailable"));
 		g_object_unref (subject);
 		return FALSE;
 	}
@@ -381,6 +403,11 @@ nm_auth_chain_add_call (NMAuthChain *self,
 	                                      pk_call_cb,
 	                                      call);
 	g_object_unref (subject);
+#else
+	/* When PolicyKit is disabled, everything is authorized */
+	nm_auth_chain_set_data (self, call->permission, GUINT_TO_POINTER (NM_AUTH_CALL_RESULT_YES), NULL);
+	polkit_call_schedule_early_finish (call, NULL);
+#endif
 	return TRUE;
 }