Commit 956d4e81 authored by David Zeuthen's avatar David Zeuthen
Browse files

Pass expanded identity list to the AuthenticationSession



... otherwise it things like admin-identities being set to
["unix-group:session"] won't work.
Signed-off-by: default avatarDavid Zeuthen <davidz@redhat.com>
parent 9b06da6b
......@@ -2211,13 +2211,36 @@ authentication_agent_initiate_challenge (AuthenticationAgent *agent,
identities = g_list_prepend (identities, g_object_ref (user_of_subject));
}
/* expand groups/netgroups to users */
user_identities = NULL;
for (l = identities; l != NULL; l = l->next)
{
PolkitIdentity *identity = POLKIT_IDENTITY (l->data);
if (POLKIT_IS_UNIX_USER (identity))
{
user_identities = g_list_append (user_identities, g_object_ref (identity));
}
else if (POLKIT_IS_UNIX_GROUP (identity))
{
user_identities = g_list_concat (user_identities, get_users_in_group (identity, FALSE));
}
else if (POLKIT_IS_UNIX_NETGROUP (identity))
{
user_identities = g_list_concat (user_identities, get_users_in_net_group (identity, FALSE));
}
else
{
g_warning ("Unsupported identity");
}
}
session = authentication_session_new (agent,
cookie,
subject,
user_of_subject,
caller,
authority,
identities,
user_identities,
action_id,
details,
polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (caller)),
......@@ -2236,29 +2259,6 @@ authentication_agent_initiate_challenge (AuthenticationAgent *agent,
details_gvariant = polkit_details_to_gvariant (localized_details);
g_variant_ref_sink (details_gvariant);
/* expand groups/netgroups to users */
user_identities = NULL;
for (l = identities; l != NULL; l = l->next)
{
PolkitIdentity *identity = POLKIT_IDENTITY (l->data);
if (POLKIT_IS_UNIX_USER (identity))
{
user_identities = g_list_append (user_identities, g_object_ref (identity));
}
else if (POLKIT_IS_UNIX_GROUP (identity))
{
user_identities = g_list_concat (user_identities, get_users_in_group (identity, FALSE));
}
else if (POLKIT_IS_UNIX_NETGROUP (identity))
{
user_identities = g_list_concat (user_identities, get_users_in_net_group (identity, FALSE));
}
else
{
g_warning ("Unsupported identity");
}
}
g_variant_builder_init (&identities_builder, G_VARIANT_TYPE ("a(sa{sv})"));
for (l = user_identities; l != NULL; l = l->next)
{
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment