diff --git a/0001-Sort-by-action-id-in-pkaction-1-output.patch b/0001-Sort-by-action-id-in-pkaction-1-output.patch new file mode 100644 index 0000000..d7cae70 --- /dev/null +++ b/0001-Sort-by-action-id-in-pkaction-1-output.patch @@ -0,0 +1,41 @@ +From f8f132f066a930e296aa327d4c35c6d644774b9c Mon Sep 17 00:00:00 2001 +From: David Zeuthen +Date: Fri, 11 Sep 2009 11:35:58 -0400 +Subject: [PATCH 1/2] Sort by action id in pkaction(1) output + +--- + src/programs/pkaction.c | 11 +++++++++++ + 1 files changed, 11 insertions(+), 0 deletions(-) + +diff --git a/src/programs/pkaction.c b/src/programs/pkaction.c +index 3493bc0..7d8f645 100644 +--- a/src/programs/pkaction.c ++++ b/src/programs/pkaction.c +@@ -93,6 +93,14 @@ print_action (PolkitActionDescription *action, + } + } + ++static gint ++action_desc_compare_by_action_id_func (PolkitActionDescription *a, ++ PolkitActionDescription *b) ++{ ++ return g_strcmp0 (polkit_action_description_get_action_id (a), ++ polkit_action_description_get_action_id (b)); ++} ++ + int + main (int argc, char *argv[]) + { +@@ -196,6 +204,9 @@ main (int argc, char *argv[]) + } + else + { ++ actions = g_list_sort (actions, ++ (GCompareFunc) action_desc_compare_by_action_id_func); ++ + for (l = actions; l != NULL; l = l->next) + { + PolkitActionDescription *action = POLKIT_ACTION_DESCRIPTION (l->data); +-- +1.6.4.2 + diff --git a/0002-Bug-23867-UnixProcess-vs.-SystemBusName-aliasing.patch b/0002-Bug-23867-UnixProcess-vs.-SystemBusName-aliasing.patch new file mode 100644 index 0000000..d99105e --- /dev/null +++ b/0002-Bug-23867-UnixProcess-vs.-SystemBusName-aliasing.patch @@ -0,0 +1,229 @@ +From 2a932ebb20c93d9a81eb89eab25a9cea7b8b388a Mon Sep 17 00:00:00 2001 +From: David Zeuthen +Date: Fri, 11 Sep 2009 15:35:10 -0400 +Subject: [PATCH 2/2] =?UTF-8?q?Bug=2023867=20=E2=80=93=20UnixProcess=20vs.=20SystemBusName=20aliasing?= +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +For now, convert SystemBusName to UnixProcess when storing/checking +temporary authorizations. See + +http://git.gnome.org/cgit/PolicyKit-gnome/commit/?id=ad5fe38a1f7a7a670c3d8e9384b9cd0d037c9222 + +for a test-case for this. +--- + docs/polkit/polkit-1-sections.txt | 1 + + src/polkit/polkitsystembusname.c | 44 ++++++++++++++++ + src/polkit/polkitsystembusname.h | 14 +++-- + .../polkitbackendinteractiveauthority.c | 53 +++++++++++++++++++- + 4 files changed, 105 insertions(+), 7 deletions(-) + +diff --git a/docs/polkit/polkit-1-sections.txt b/docs/polkit/polkit-1-sections.txt +index 9219fb8..333e2c8 100644 +--- a/docs/polkit/polkit-1-sections.txt ++++ b/docs/polkit/polkit-1-sections.txt +@@ -82,6 +82,7 @@ PolkitSystemBusName + polkit_system_bus_name_new + polkit_system_bus_name_get_name + polkit_system_bus_name_set_name ++polkit_system_bus_name_get_process_sync + + PolkitSystemBusNameClass + POLKIT_SYSTEM_BUS_NAME +diff --git a/src/polkit/polkitsystembusname.c b/src/polkit/polkitsystembusname.c +index 180b6b6..4c9b812 100644 +--- a/src/polkit/polkitsystembusname.c ++++ b/src/polkit/polkitsystembusname.c +@@ -28,6 +28,8 @@ + #include "polkitsubject.h" + #include "polkitprivate.h" + ++#include "polkitunixprocess.h" ++ + /** + * SECTION:polkitsystembusname + * @title: PolkitSystemBusName +@@ -379,3 +381,45 @@ subject_iface_init (PolkitSubjectIface *subject_iface) + subject_iface->exists_finish = polkit_system_bus_name_exists_finish; + subject_iface->exists_sync = polkit_system_bus_name_exists_sync; + } ++ ++/* ---------------------------------------------------------------------------------------------------- */ ++ ++/** ++ * polkit_system_bus_name_get_process_sync: ++ * @system_bus_name: A #PolkitSystemBusName. ++ * @cancellable: A #GCancellable or %NULL. ++ * @error: Return location for error or %NULL. ++ * ++ * Synchronously gets a #PolkitUnixProcess object for @system_bus_name. ++ * ++ * Returns: A #PolkitUnixProcess object or %NULL if @error is set. ++ **/ ++PolkitSubject * ++polkit_system_bus_name_get_process_sync (PolkitSystemBusName *system_bus_name, ++ GCancellable *cancellable, ++ GError **error) ++{ ++ EggDBusConnection *connection; ++ PolkitSubject *ret; ++ pid_t pid; ++ ++ ret = NULL; ++ ++ connection = egg_dbus_connection_get_for_bus (EGG_DBUS_BUS_TYPE_SYSTEM); ++ if (!egg_dbus_bus_get_connection_unix_process_id_sync (egg_dbus_connection_get_bus (connection), ++ EGG_DBUS_CALL_FLAGS_NONE, ++ system_bus_name->name, ++ &pid, ++ cancellable, ++ error)) ++ { ++ goto out; ++ } ++ ++ ret = polkit_unix_process_new (pid); ++ ++ out: ++ g_object_unref (connection); ++ return ret; ++} ++ +diff --git a/src/polkit/polkitsystembusname.h b/src/polkit/polkitsystembusname.h +index 4c91ee6..1fc464f 100644 +--- a/src/polkit/polkitsystembusname.h ++++ b/src/polkit/polkitsystembusname.h +@@ -46,11 +46,15 @@ typedef struct _PolkitSystemBusName PolkitSystemBusName; + #endif + typedef struct _PolkitSystemBusNameClass PolkitSystemBusNameClass; + +-GType polkit_system_bus_name_get_type (void) G_GNUC_CONST; +-PolkitSubject *polkit_system_bus_name_new (const gchar *name); +-const gchar *polkit_system_bus_name_get_name (PolkitSystemBusName *system_bus_name); +-void polkit_system_bus_name_set_name (PolkitSystemBusName *system_bus_name, +- const gchar *name); ++GType polkit_system_bus_name_get_type (void) G_GNUC_CONST; ++PolkitSubject *polkit_system_bus_name_new (const gchar *name); ++const gchar *polkit_system_bus_name_get_name (PolkitSystemBusName *system_bus_name); ++void polkit_system_bus_name_set_name (PolkitSystemBusName *system_bus_name, ++ const gchar *name); ++/* TODO: add async version of get_process() method */ ++PolkitSubject *polkit_system_bus_name_get_process_sync (PolkitSystemBusName *system_bus_name, ++ GCancellable *cancellable, ++ GError **error); + + G_END_DECLS + +diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c +index 811d169..bf88c2b 100644 +--- a/src/polkitbackend/polkitbackendinteractiveauthority.c ++++ b/src/polkitbackend/polkitbackendinteractiveauthority.c +@@ -1959,18 +1959,41 @@ temporary_authorization_store_has_authorization (TemporaryAuthorizationStore *st + { + GList *l; + gboolean ret; ++ PolkitSubject *subject_to_use; + + g_return_val_if_fail (store != NULL, FALSE); + g_return_val_if_fail (POLKIT_IS_SUBJECT (subject), FALSE); + g_return_val_if_fail (action_id != NULL, FALSE); + ++ /* XXX: for now, prefer to store the process */ ++ if (POLKIT_IS_SYSTEM_BUS_NAME (subject)) ++ { ++ GError *error; ++ error = NULL; ++ subject_to_use = polkit_system_bus_name_get_process_sync (POLKIT_SYSTEM_BUS_NAME (subject), ++ NULL, ++ &error); ++ if (subject_to_use == NULL) ++ { ++ g_warning ("Error getting process for system bus name `%s': %s", ++ polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (subject)), ++ error->message); ++ g_error_free (error); ++ subject_to_use = g_object_ref (subject); ++ } ++ } ++ else ++ { ++ subject_to_use = g_object_ref (subject); ++ } ++ + ret = FALSE; + + for (l = store->authorizations; l != NULL; l = l->next) { + TemporaryAuthorization *authorization = l->data; + + if (strcmp (action_id, authorization->action_id) == 0 && +- polkit_subject_equal (subject, authorization->subject)) ++ polkit_subject_equal (subject_to_use, authorization->subject)) + { + ret = TRUE; + if (out_tmp_authz_id != NULL) +@@ -1980,6 +2003,7 @@ temporary_authorization_store_has_authorization (TemporaryAuthorizationStore *st + } + + out: ++ g_object_unref (subject_to_use); + return ret; + } + +@@ -2095,12 +2119,35 @@ temporary_authorization_store_add_authorization (TemporaryAuthorizationStore *st + { + TemporaryAuthorization *authorization; + guint expiration_seconds; ++ PolkitSubject *subject_to_use; + + g_return_val_if_fail (store != NULL, NULL); + g_return_val_if_fail (POLKIT_IS_SUBJECT (subject), NULL); + g_return_val_if_fail (action_id != NULL, NULL); + g_return_val_if_fail (!temporary_authorization_store_has_authorization (store, subject, action_id, NULL), NULL); + ++ /* XXX: for now, prefer to store the process */ ++ if (POLKIT_IS_SYSTEM_BUS_NAME (subject)) ++ { ++ GError *error; ++ error = NULL; ++ subject_to_use = polkit_system_bus_name_get_process_sync (POLKIT_SYSTEM_BUS_NAME (subject), ++ NULL, ++ &error); ++ if (subject_to_use == NULL) ++ { ++ g_warning ("Error getting process for system bus name `%s': %s", ++ polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (subject)), ++ error->message); ++ g_error_free (error); ++ subject_to_use = g_object_ref (subject); ++ } ++ } ++ else ++ { ++ subject_to_use = g_object_ref (subject); ++ } ++ + /* TODO: right now the time the temporary authorization is kept is hard-coded - we + * could make it a propery on the PolkitBackendInteractiveAuthority class (so + * the local authority could read it from a config file) or a vfunc +@@ -2111,7 +2158,7 @@ temporary_authorization_store_add_authorization (TemporaryAuthorizationStore *st + authorization = g_new0 (TemporaryAuthorization, 1); + authorization->id = g_strdup_printf ("tmpauthz%" G_GUINT64_FORMAT, store->serial++); + authorization->store = store; +- authorization->subject = g_object_ref (subject); ++ authorization->subject = g_object_ref (subject_to_use); + authorization->session = g_object_ref (session); + authorization->action_id = g_strdup (action_id); + authorization->time_granted = time (NULL); +@@ -2152,6 +2199,8 @@ temporary_authorization_store_add_authorization (TemporaryAuthorizationStore *st + + store->authorizations = g_list_prepend (store->authorizations, authorization); + ++ g_object_unref (subject_to_use); ++ + return authorization->id; + } + +-- +1.6.4.2 + diff --git a/polkit.spec b/polkit.spec index ea37fa6..d71b1c9 100644 --- a/polkit.spec +++ b/polkit.spec @@ -1,7 +1,7 @@ Summary: PolicyKit Authorization Framework Name: polkit Version: 0.94 -Release: 3%{?dist} +Release: 4%{?dist} License: LGPLv2+ URL: http://www.freedesktop.org/wiki/Software/PolicyKit Source0: http://hal.freedesktop.org/releases/%{name}-%{version}.tar.gz @@ -18,6 +18,9 @@ BuildRequires: gobject-introspection-devel Requires: ConsoleKit Requires: dbus +Patch0: 0001-Sort-by-action-id-in-pkaction-1-output.patch +Patch1: 0002-Bug-23867-UnixProcess-vs.-SystemBusName-aliasing.patch + %description PolicyKit is a toolkit for defining and handling authorizations. It is used for allowing unprivileged processes to speak to privileged @@ -56,6 +59,8 @@ Roles and default policy for desktop usage. %prep %setup -q +%patch0 -p1 +%patch1 -p1 %build %configure --enable-gtk-doc --disable-static --libexecdir=%{_libexecdir}/polkit-1 --disable-introspection @@ -182,6 +187,11 @@ rm -rf $RPM_BUILD_ROOT %{_datadir}/gtk-doc/html/* %changelog +* Fri Sep 11 2009 David Zeuthen - 0.94-4 +- Add some patches from git master +- Sort pkaction(1) output +- Bug 23867 – UnixProcess vs. SystemBusName aliasing + * Thu Aug 13 2009 David Zeuthen - 0.94-3 - Add desktop_admin_r and desktop_user_r groups along with a first cut of default authorizations for users in these groups.