diff options
author | William Jon McCann <jmccann@redhat.com> | 2008-07-30 18:06:31 -0400 |
---|---|---|
committer | William Jon McCann <jmccann@redhat.com> | 2008-07-30 18:06:31 -0400 |
commit | 456065f3f8d9ba785b0d2d9dc247fc9fb4fe9ba0 (patch) | |
tree | bd519444b3c23557d4c6c2c03d09f6c8c9a8bdf4 | |
parent | 53d7c964bcdd29d6d22c4e78afe1ee5a2937bf95 (diff) |
don't allow reboot if PolicyKit and RBAC are disabled
-rw-r--r-- | configure.ac | 11 | ||||
-rw-r--r-- | src/ck-manager.c | 27 |
2 files changed, 24 insertions, 14 deletions
diff --git a/configure.ac b/configure.ac index e0b7e98..b540f24 100644 --- a/configure.ac +++ b/configure.ac @@ -431,5 +431,14 @@ echo " PAM module dir: ${PAM_MODULE_DIR} Build PAM module: ${msg_pam_module} Build docs: ${enable_docbook_docs} - Build with RBAC: ${msg_rbac_shutdown} + + PolicyKit support ${have_polkit} + RBAC (Solaris) support: ${msg_rbac_shutdown} " +if test x${have_polkit} = xno -a x${msg_rbac_shutdown} = xno; then + echo "WARNING: PolicyKit and RBAC are disabled. You need to manually edit the ConsoleKit.conf" + echo " file to lock down the service. Failure to do so may be" + echo " a huge SECURITY HOLE. I repeat: YOU NEED TO EDIT THE FILE" + echo " ConsoleKit.conf to match your distro/site to avoid NASTY SECURITY HOLES." + echo "" +fi
\ No newline at end of file diff --git a/src/ck-manager.c b/src/ck-manager.c index a9fa6bd..bcb9350 100644 --- a/src/ck-manager.c +++ b/src/ck-manager.c @@ -39,11 +39,9 @@ #include <dbus/dbus-glib.h> #include <dbus/dbus-glib-lowlevel.h> -#ifdef HAVE_POLKIT +#if defined HAVE_POLKIT #include <polkit/polkit.h> -#endif - -#ifdef ENABLE_RBAC_SHUTDOWN +#elif defined ENABLE_RBAC_SHUTDOWN #include <auth_attr.h> #include <secdb.h> #endif @@ -1340,17 +1338,18 @@ ck_manager_restart (CkManager *manager, g_debug ("ConsoleKit Restart: %s", action); -#ifdef HAVE_POLKIT +#if defined HAVE_POLKIT res = _check_polkit_for_action (manager, context, action); if (! res) { goto out; } -#endif - -#ifdef ENABLE_RBAC_SHUTDOWN +#elif defined ENABLE_RBAC_SHUTDOWN if (! check_rbac_permissions (manager, context)) { goto out; } +#else + g_warning ("Compiled without PolicyKit or RBAC support!"); + goto out; #endif g_debug ("ConsoleKit preforming Restart: %s", action); @@ -1399,16 +1398,18 @@ ck_manager_stop (CkManager *manager, action = "org.freedesktop.consolekit.system.stop"; } -#ifdef HAVE_POLKIT +#if defined HAVE_POLKIT res = _check_polkit_for_action (manager, context, action); if (! res) { goto out; } -#endif - -#ifdef ENABLE_RBAC_SHUTDOWN - if (!check_rbac_permissions (manager, context)) +#elif defined ENABLE_RBAC_SHUTDOWN + if (!check_rbac_permissions (manager, context)) { goto out; + } +#else + g_warning ("Compiled without PolicyKit or RBAC support!"); + goto out; #endif g_debug ("Stopping system"); |