dbus/varlink: do not skip privilege check when polkit support is disabled

author Luca Boccassi <luca.boccassi@gmail.com>

Tue, 17 Feb 2026 14:37:43 +0000 (14:37 +0000)

committer Luca Boccassi <luca.boccassi@gmail.com>

Fri, 27 Feb 2026 20:05:57 +0000 (20:05 +0000)
author Luca Boccassi <luca.boccassi@gmail.com>
Tue, 17 Feb 2026 14:37:43 +0000 (14:37 +0000)
committer Luca Boccassi <luca.boccassi@gmail.com>
Fri, 27 Feb 2026 20:05:57 +0000 (20:05 +0000)
diff --git a/src/shared/bus-polkit.c b/src/shared/bus-polkit.c

index b6eca624eea99181fd7e6bed1ed52e9f67cefb8d..4cdb607d12d4ee00e7bd83e395f2fa90a30bd707 100644 (file)
--- a/src/shared/bus-polkit.c
+++ b/src/shared/bus-polkit.c
@@ -557,18 +557,18 @@ int bus_verify_polkit_async_full(
                          return r;
                  }
          }
-#endif
  
          if (!FLAGS_SET(flags, POLKIT_ALWAYS_QUERY)) {
+#endif
                  /* Don't query PK if client is privileged */
                  r = sd_bus_query_sender_privilege(call, /* capability= */ -1);
                  if (r < 0)
                          return r;
                  if (r > 0)
                          return 1;
+#if ENABLE_POLKIT
          }
  
-#if ENABLE_POLKIT
          int c = sd_bus_message_get_allow_interactive_authorization(call);
          if (c < 0)
                  return c;
@@ -767,13 +767,15 @@ int varlink_verify_polkit_async_full(
          if (r != 0)
                  return r;
  
+#if ENABLE_POLKIT
          if (!FLAGS_SET(flags, POLKIT_ALWAYS_QUERY)) {
+#endif
                  r = varlink_check_peer_privilege(link);
                  if (r != 0)
                          return r;
+#if ENABLE_POLKIT
          }
  
-#if ENABLE_POLKIT
          _cleanup_(async_polkit_query_unrefp) AsyncPolkitQuery *q = NULL;
  
          q = async_polkit_query_ref(hashmap_get(*registry, link));
author	Luca Boccassi <luca.boccassi@gmail.com>
	Tue, 17 Feb 2026 14:37:43 +0000 (14:37 +0000)
committer	Luca Boccassi <luca.boccassi@gmail.com>
	Fri, 27 Feb 2026 20:05:57 +0000 (20:05 +0000)