PolicyKit: Branch 'master'
GitLab Mirror
gitlab-mirror at kemper.freedesktop.org
Wed Apr 27 13:15:48 UTC 2022
src/polkitbackend/polkitbackendinteractiveauthority.c | 17 ++++++++++++++++-
1 file changed, 16 insertions(+), 1 deletion(-)
New commits:
commit 74164aaf5a266c3f8a2527e60ecf29afa294b791
Author: Dan Nicholson <dbn at endlessos.org>
Date: Wed Apr 27 13:15:46 2022 +0000
backend: Check for subject's primary group when expanding admin group
diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c
index 056d9a8..21500f9 100644
--- a/src/polkitbackend/polkitbackendinteractiveauthority.c
+++ b/src/polkitbackend/polkitbackendinteractiveauthority.c
@@ -2181,9 +2181,11 @@ add_pid (PolkitDetails *details,
static GList *
get_users_in_group (PolkitIdentity *group,
+ PolkitIdentity *user_of_subject,
gboolean include_root)
{
gid_t gid;
+ uid_t uid_of_subject;
struct group *grp;
GList *ret;
guint n;
@@ -2191,6 +2193,19 @@ get_users_in_group (PolkitIdentity *group,
ret = NULL;
gid = polkit_unix_group_get_gid (POLKIT_UNIX_GROUP (group));
+
+ /* Check if group is subject's primary group. */
+ uid_of_subject = polkit_unix_user_get_uid (POLKIT_UNIX_USER (user_of_subject));
+ if (uid_of_subject != 0 || include_root)
+ {
+ struct passwd *pwd;
+
+ pwd = getpwuid (uid_of_subject);
+ if (pwd != NULL && pwd->pw_gid == gid)
+ ret = g_list_prepend (ret, g_object_ref (user_of_subject));
+ }
+
+ /* Add supplemental group members. */
grp = getgrgid (gid);
if (grp == NULL)
{
@@ -2367,7 +2382,7 @@ authentication_agent_initiate_challenge (AuthenticationAgent *agent,
}
else if (POLKIT_IS_UNIX_GROUP (identity))
{
- user_identities = g_list_concat (user_identities, get_users_in_group (identity, FALSE));
+ user_identities = g_list_concat (user_identities, get_users_in_group (identity, user_of_subject, FALSE));
}
else if (POLKIT_IS_UNIX_NETGROUP (identity))
{
More information about the hal-commit
mailing list