From: Luca Boccassi <luca.boccassi@gmail.com>
Date: Tue, 17 Feb 2026 14:37:43 +0000 (+0000)
Subject: dbus/varlink: do not skip privilege check when polkit support is disabled
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=74961630807b8b1188016a2313b42cf8546fd70e;p=thirdparty%2Fsystemd.git

dbus/varlink: do not skip privilege check when polkit support is disabled

There's not going to be any query if polkit support is
disabled at build time, so always check the peer's privileges
in that case

Follow-up for f5a12ceaedf4d490a9dc82e9460dd6fd97acc942
---

diff --git a/src/shared/bus-polkit.c b/src/shared/bus-polkit.c
index c000b758695..f19db2a6eb0 100644
--- a/src/shared/bus-polkit.c
+++ b/src/shared/bus-polkit.c
@@ -571,18 +571,18 @@ int bus_verify_polkit_async_full(
                         return r;
                 }
         }
-#endif
 
         if (!FLAGS_SET(flags, POLKIT_ALWAYS_QUERY)) {
+#endif
                 /* Don't query PK if client is privileged */
                 r = sd_bus_query_sender_privilege(call, /* capability= */ -1);
                 if (r < 0)
                         return r;
                 if (r > 0)
                         return 1;
+#if ENABLE_POLKIT
         }
 
-#if ENABLE_POLKIT
         int c = sd_bus_message_get_allow_interactive_authorization(call);
         if (c < 0)
                 return c;
@@ -781,13 +781,15 @@ int varlink_verify_polkit_async_full(
         if (r != 0)
                 return r;
 
+#if ENABLE_POLKIT
         if (!FLAGS_SET(flags, POLKIT_ALWAYS_QUERY)) {
+#endif
                 r = varlink_check_peer_privilege(link);
                 if (r != 0)
                         return r;
+#if ENABLE_POLKIT
         }
 
-#if ENABLE_POLKIT
         _cleanup_(async_polkit_query_unrefp) AsyncPolkitQuery *q = NULL;
 
         q = async_polkit_query_ref(hashmap_get(*registry, link));