From 956d4e81d0dbb5182a7070f6367c391d69924270 Mon Sep 17 00:00:00 2001
From: David Zeuthen <davidz@redhat.com>
Date: Wed, 23 May 2012 17:44:43 -0400
Subject: Pass expanded identity list to the AuthenticationSession

... otherwise it things like admin-identities being set to
["unix-group:session"] won't work.

Signed-off-by: David Zeuthen <davidz@redhat.com>
---
 .../polkitbackendinteractiveauthority.c            | 48 +++++++++++-----------
 1 file changed, 24 insertions(+), 24 deletions(-)

(limited to 'src')

diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c
index 171e686..86e7134 100644
--- a/src/polkitbackend/polkitbackendinteractiveauthority.c
+++ b/src/polkitbackend/polkitbackendinteractiveauthority.c
@@ -2211,13 +2211,36 @@ authentication_agent_initiate_challenge (AuthenticationAgent         *agent,
       identities = g_list_prepend (identities, g_object_ref (user_of_subject));
     }
 
+  /* expand groups/netgroups to users */
+  user_identities = NULL;
+  for (l = identities; l != NULL; l = l->next)
+    {
+      PolkitIdentity *identity = POLKIT_IDENTITY (l->data);
+      if (POLKIT_IS_UNIX_USER (identity))
+        {
+          user_identities = g_list_append (user_identities, g_object_ref (identity));
+        }
+      else if (POLKIT_IS_UNIX_GROUP (identity))
+        {
+          user_identities = g_list_concat (user_identities, get_users_in_group (identity, FALSE));
+        }
+      else if (POLKIT_IS_UNIX_NETGROUP (identity))
+        {
+          user_identities =  g_list_concat (user_identities, get_users_in_net_group (identity, FALSE));
+        }
+      else
+        {
+          g_warning ("Unsupported identity");
+        }
+    }
+
   session = authentication_session_new (agent,
                                         cookie,
                                         subject,
                                         user_of_subject,
                                         caller,
                                         authority,
-                                        identities,
+                                        user_identities,
                                         action_id,
                                         details,
                                         polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (caller)),
@@ -2236,29 +2259,6 @@ authentication_agent_initiate_challenge (AuthenticationAgent         *agent,
   details_gvariant = polkit_details_to_gvariant (localized_details);
   g_variant_ref_sink (details_gvariant);
 
-  /* expand groups/netgroups to users */
-  user_identities = NULL;
-  for (l = identities; l != NULL; l = l->next)
-    {
-      PolkitIdentity *identity = POLKIT_IDENTITY (l->data);
-      if (POLKIT_IS_UNIX_USER (identity))
-        {
-          user_identities = g_list_append (user_identities, g_object_ref (identity));
-        }
-      else if (POLKIT_IS_UNIX_GROUP (identity))
-        {
-          user_identities = g_list_concat (user_identities, get_users_in_group (identity, FALSE));
-        }
-      else if (POLKIT_IS_UNIX_NETGROUP (identity))
-        {
-          user_identities =  g_list_concat (user_identities, get_users_in_net_group (identity, FALSE));
-        }
-      else
-        {
-          g_warning ("Unsupported identity");
-        }
-    }
-
   g_variant_builder_init (&identities_builder, G_VARIANT_TYPE ("a(sa{sv})"));
   for (l = user_identities; l != NULL; l = l->next)
     {
-- 
cgit v1.2.3