- Add some patches from git master
- Sort pkaction(1) output - Bug 23867 – UnixProcess vs. SystemBusName aliasing
This commit is contained in:
parent
406ebfe9d7
commit
49848bbfdd
41
0001-Sort-by-action-id-in-pkaction-1-output.patch
Normal file
41
0001-Sort-by-action-id-in-pkaction-1-output.patch
Normal file
@ -0,0 +1,41 @@
|
||||
From f8f132f066a930e296aa327d4c35c6d644774b9c Mon Sep 17 00:00:00 2001
|
||||
From: David Zeuthen <davidz@redhat.com>
|
||||
Date: Fri, 11 Sep 2009 11:35:58 -0400
|
||||
Subject: [PATCH 1/2] Sort by action id in pkaction(1) output
|
||||
|
||||
---
|
||||
src/programs/pkaction.c | 11 +++++++++++
|
||||
1 files changed, 11 insertions(+), 0 deletions(-)
|
||||
|
||||
diff --git a/src/programs/pkaction.c b/src/programs/pkaction.c
|
||||
index 3493bc0..7d8f645 100644
|
||||
--- a/src/programs/pkaction.c
|
||||
+++ b/src/programs/pkaction.c
|
||||
@@ -93,6 +93,14 @@ print_action (PolkitActionDescription *action,
|
||||
}
|
||||
}
|
||||
|
||||
+static gint
|
||||
+action_desc_compare_by_action_id_func (PolkitActionDescription *a,
|
||||
+ PolkitActionDescription *b)
|
||||
+{
|
||||
+ return g_strcmp0 (polkit_action_description_get_action_id (a),
|
||||
+ polkit_action_description_get_action_id (b));
|
||||
+}
|
||||
+
|
||||
int
|
||||
main (int argc, char *argv[])
|
||||
{
|
||||
@@ -196,6 +204,9 @@ main (int argc, char *argv[])
|
||||
}
|
||||
else
|
||||
{
|
||||
+ actions = g_list_sort (actions,
|
||||
+ (GCompareFunc) action_desc_compare_by_action_id_func);
|
||||
+
|
||||
for (l = actions; l != NULL; l = l->next)
|
||||
{
|
||||
PolkitActionDescription *action = POLKIT_ACTION_DESCRIPTION (l->data);
|
||||
--
|
||||
1.6.4.2
|
||||
|
229
0002-Bug-23867-UnixProcess-vs.-SystemBusName-aliasing.patch
Normal file
229
0002-Bug-23867-UnixProcess-vs.-SystemBusName-aliasing.patch
Normal file
@ -0,0 +1,229 @@
|
||||
From 2a932ebb20c93d9a81eb89eab25a9cea7b8b388a Mon Sep 17 00:00:00 2001
|
||||
From: David Zeuthen <davidz@redhat.com>
|
||||
Date: Fri, 11 Sep 2009 15:35:10 -0400
|
||||
Subject: [PATCH 2/2] =?UTF-8?q?Bug=2023867=20=E2=80=93=20UnixProcess=20vs.=20SystemBusName=20aliasing?=
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
For now, convert SystemBusName to UnixProcess when storing/checking
|
||||
temporary authorizations. See
|
||||
|
||||
http://git.gnome.org/cgit/PolicyKit-gnome/commit/?id=ad5fe38a1f7a7a670c3d8e9384b9cd0d037c9222
|
||||
|
||||
for a test-case for this.
|
||||
---
|
||||
docs/polkit/polkit-1-sections.txt | 1 +
|
||||
src/polkit/polkitsystembusname.c | 44 ++++++++++++++++
|
||||
src/polkit/polkitsystembusname.h | 14 +++--
|
||||
.../polkitbackendinteractiveauthority.c | 53 +++++++++++++++++++-
|
||||
4 files changed, 105 insertions(+), 7 deletions(-)
|
||||
|
||||
diff --git a/docs/polkit/polkit-1-sections.txt b/docs/polkit/polkit-1-sections.txt
|
||||
index 9219fb8..333e2c8 100644
|
||||
--- a/docs/polkit/polkit-1-sections.txt
|
||||
+++ b/docs/polkit/polkit-1-sections.txt
|
||||
@@ -82,6 +82,7 @@ PolkitSystemBusName
|
||||
polkit_system_bus_name_new
|
||||
polkit_system_bus_name_get_name
|
||||
polkit_system_bus_name_set_name
|
||||
+polkit_system_bus_name_get_process_sync
|
||||
<SUBSECTION Standard>
|
||||
PolkitSystemBusNameClass
|
||||
POLKIT_SYSTEM_BUS_NAME
|
||||
diff --git a/src/polkit/polkitsystembusname.c b/src/polkit/polkitsystembusname.c
|
||||
index 180b6b6..4c9b812 100644
|
||||
--- a/src/polkit/polkitsystembusname.c
|
||||
+++ b/src/polkit/polkitsystembusname.c
|
||||
@@ -28,6 +28,8 @@
|
||||
#include "polkitsubject.h"
|
||||
#include "polkitprivate.h"
|
||||
|
||||
+#include "polkitunixprocess.h"
|
||||
+
|
||||
/**
|
||||
* SECTION:polkitsystembusname
|
||||
* @title: PolkitSystemBusName
|
||||
@@ -379,3 +381,45 @@ subject_iface_init (PolkitSubjectIface *subject_iface)
|
||||
subject_iface->exists_finish = polkit_system_bus_name_exists_finish;
|
||||
subject_iface->exists_sync = polkit_system_bus_name_exists_sync;
|
||||
}
|
||||
+
|
||||
+/* ---------------------------------------------------------------------------------------------------- */
|
||||
+
|
||||
+/**
|
||||
+ * polkit_system_bus_name_get_process_sync:
|
||||
+ * @system_bus_name: A #PolkitSystemBusName.
|
||||
+ * @cancellable: A #GCancellable or %NULL.
|
||||
+ * @error: Return location for error or %NULL.
|
||||
+ *
|
||||
+ * Synchronously gets a #PolkitUnixProcess object for @system_bus_name.
|
||||
+ *
|
||||
+ * Returns: A #PolkitUnixProcess object or %NULL if @error is set.
|
||||
+ **/
|
||||
+PolkitSubject *
|
||||
+polkit_system_bus_name_get_process_sync (PolkitSystemBusName *system_bus_name,
|
||||
+ GCancellable *cancellable,
|
||||
+ GError **error)
|
||||
+{
|
||||
+ EggDBusConnection *connection;
|
||||
+ PolkitSubject *ret;
|
||||
+ pid_t pid;
|
||||
+
|
||||
+ ret = NULL;
|
||||
+
|
||||
+ connection = egg_dbus_connection_get_for_bus (EGG_DBUS_BUS_TYPE_SYSTEM);
|
||||
+ if (!egg_dbus_bus_get_connection_unix_process_id_sync (egg_dbus_connection_get_bus (connection),
|
||||
+ EGG_DBUS_CALL_FLAGS_NONE,
|
||||
+ system_bus_name->name,
|
||||
+ &pid,
|
||||
+ cancellable,
|
||||
+ error))
|
||||
+ {
|
||||
+ goto out;
|
||||
+ }
|
||||
+
|
||||
+ ret = polkit_unix_process_new (pid);
|
||||
+
|
||||
+ out:
|
||||
+ g_object_unref (connection);
|
||||
+ return ret;
|
||||
+}
|
||||
+
|
||||
diff --git a/src/polkit/polkitsystembusname.h b/src/polkit/polkitsystembusname.h
|
||||
index 4c91ee6..1fc464f 100644
|
||||
--- a/src/polkit/polkitsystembusname.h
|
||||
+++ b/src/polkit/polkitsystembusname.h
|
||||
@@ -46,11 +46,15 @@ typedef struct _PolkitSystemBusName PolkitSystemBusName;
|
||||
#endif
|
||||
typedef struct _PolkitSystemBusNameClass PolkitSystemBusNameClass;
|
||||
|
||||
-GType polkit_system_bus_name_get_type (void) G_GNUC_CONST;
|
||||
-PolkitSubject *polkit_system_bus_name_new (const gchar *name);
|
||||
-const gchar *polkit_system_bus_name_get_name (PolkitSystemBusName *system_bus_name);
|
||||
-void polkit_system_bus_name_set_name (PolkitSystemBusName *system_bus_name,
|
||||
- const gchar *name);
|
||||
+GType polkit_system_bus_name_get_type (void) G_GNUC_CONST;
|
||||
+PolkitSubject *polkit_system_bus_name_new (const gchar *name);
|
||||
+const gchar *polkit_system_bus_name_get_name (PolkitSystemBusName *system_bus_name);
|
||||
+void polkit_system_bus_name_set_name (PolkitSystemBusName *system_bus_name,
|
||||
+ const gchar *name);
|
||||
+/* TODO: add async version of get_process() method */
|
||||
+PolkitSubject *polkit_system_bus_name_get_process_sync (PolkitSystemBusName *system_bus_name,
|
||||
+ GCancellable *cancellable,
|
||||
+ GError **error);
|
||||
|
||||
G_END_DECLS
|
||||
|
||||
diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c
|
||||
index 811d169..bf88c2b 100644
|
||||
--- a/src/polkitbackend/polkitbackendinteractiveauthority.c
|
||||
+++ b/src/polkitbackend/polkitbackendinteractiveauthority.c
|
||||
@@ -1959,18 +1959,41 @@ temporary_authorization_store_has_authorization (TemporaryAuthorizationStore *st
|
||||
{
|
||||
GList *l;
|
||||
gboolean ret;
|
||||
+ PolkitSubject *subject_to_use;
|
||||
|
||||
g_return_val_if_fail (store != NULL, FALSE);
|
||||
g_return_val_if_fail (POLKIT_IS_SUBJECT (subject), FALSE);
|
||||
g_return_val_if_fail (action_id != NULL, FALSE);
|
||||
|
||||
+ /* XXX: for now, prefer to store the process */
|
||||
+ if (POLKIT_IS_SYSTEM_BUS_NAME (subject))
|
||||
+ {
|
||||
+ GError *error;
|
||||
+ error = NULL;
|
||||
+ subject_to_use = polkit_system_bus_name_get_process_sync (POLKIT_SYSTEM_BUS_NAME (subject),
|
||||
+ NULL,
|
||||
+ &error);
|
||||
+ if (subject_to_use == NULL)
|
||||
+ {
|
||||
+ g_warning ("Error getting process for system bus name `%s': %s",
|
||||
+ polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (subject)),
|
||||
+ error->message);
|
||||
+ g_error_free (error);
|
||||
+ subject_to_use = g_object_ref (subject);
|
||||
+ }
|
||||
+ }
|
||||
+ else
|
||||
+ {
|
||||
+ subject_to_use = g_object_ref (subject);
|
||||
+ }
|
||||
+
|
||||
ret = FALSE;
|
||||
|
||||
for (l = store->authorizations; l != NULL; l = l->next) {
|
||||
TemporaryAuthorization *authorization = l->data;
|
||||
|
||||
if (strcmp (action_id, authorization->action_id) == 0 &&
|
||||
- polkit_subject_equal (subject, authorization->subject))
|
||||
+ polkit_subject_equal (subject_to_use, authorization->subject))
|
||||
{
|
||||
ret = TRUE;
|
||||
if (out_tmp_authz_id != NULL)
|
||||
@@ -1980,6 +2003,7 @@ temporary_authorization_store_has_authorization (TemporaryAuthorizationStore *st
|
||||
}
|
||||
|
||||
out:
|
||||
+ g_object_unref (subject_to_use);
|
||||
return ret;
|
||||
}
|
||||
|
||||
@@ -2095,12 +2119,35 @@ temporary_authorization_store_add_authorization (TemporaryAuthorizationStore *st
|
||||
{
|
||||
TemporaryAuthorization *authorization;
|
||||
guint expiration_seconds;
|
||||
+ PolkitSubject *subject_to_use;
|
||||
|
||||
g_return_val_if_fail (store != NULL, NULL);
|
||||
g_return_val_if_fail (POLKIT_IS_SUBJECT (subject), NULL);
|
||||
g_return_val_if_fail (action_id != NULL, NULL);
|
||||
g_return_val_if_fail (!temporary_authorization_store_has_authorization (store, subject, action_id, NULL), NULL);
|
||||
|
||||
+ /* XXX: for now, prefer to store the process */
|
||||
+ if (POLKIT_IS_SYSTEM_BUS_NAME (subject))
|
||||
+ {
|
||||
+ GError *error;
|
||||
+ error = NULL;
|
||||
+ subject_to_use = polkit_system_bus_name_get_process_sync (POLKIT_SYSTEM_BUS_NAME (subject),
|
||||
+ NULL,
|
||||
+ &error);
|
||||
+ if (subject_to_use == NULL)
|
||||
+ {
|
||||
+ g_warning ("Error getting process for system bus name `%s': %s",
|
||||
+ polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (subject)),
|
||||
+ error->message);
|
||||
+ g_error_free (error);
|
||||
+ subject_to_use = g_object_ref (subject);
|
||||
+ }
|
||||
+ }
|
||||
+ else
|
||||
+ {
|
||||
+ subject_to_use = g_object_ref (subject);
|
||||
+ }
|
||||
+
|
||||
/* TODO: right now the time the temporary authorization is kept is hard-coded - we
|
||||
* could make it a propery on the PolkitBackendInteractiveAuthority class (so
|
||||
* the local authority could read it from a config file) or a vfunc
|
||||
@@ -2111,7 +2158,7 @@ temporary_authorization_store_add_authorization (TemporaryAuthorizationStore *st
|
||||
authorization = g_new0 (TemporaryAuthorization, 1);
|
||||
authorization->id = g_strdup_printf ("tmpauthz%" G_GUINT64_FORMAT, store->serial++);
|
||||
authorization->store = store;
|
||||
- authorization->subject = g_object_ref (subject);
|
||||
+ authorization->subject = g_object_ref (subject_to_use);
|
||||
authorization->session = g_object_ref (session);
|
||||
authorization->action_id = g_strdup (action_id);
|
||||
authorization->time_granted = time (NULL);
|
||||
@@ -2152,6 +2199,8 @@ temporary_authorization_store_add_authorization (TemporaryAuthorizationStore *st
|
||||
|
||||
store->authorizations = g_list_prepend (store->authorizations, authorization);
|
||||
|
||||
+ g_object_unref (subject_to_use);
|
||||
+
|
||||
return authorization->id;
|
||||
}
|
||||
|
||||
--
|
||||
1.6.4.2
|
||||
|
12
polkit.spec
12
polkit.spec
@ -1,7 +1,7 @@
|
||||
Summary: PolicyKit Authorization Framework
|
||||
Name: polkit
|
||||
Version: 0.94
|
||||
Release: 3%{?dist}
|
||||
Release: 4%{?dist}
|
||||
License: LGPLv2+
|
||||
URL: http://www.freedesktop.org/wiki/Software/PolicyKit
|
||||
Source0: http://hal.freedesktop.org/releases/%{name}-%{version}.tar.gz
|
||||
@ -18,6 +18,9 @@ BuildRequires: gobject-introspection-devel
|
||||
Requires: ConsoleKit
|
||||
Requires: dbus
|
||||
|
||||
Patch0: 0001-Sort-by-action-id-in-pkaction-1-output.patch
|
||||
Patch1: 0002-Bug-23867-UnixProcess-vs.-SystemBusName-aliasing.patch
|
||||
|
||||
%description
|
||||
PolicyKit is a toolkit for defining and handling authorizations.
|
||||
It is used for allowing unprivileged processes to speak to privileged
|
||||
@ -56,6 +59,8 @@ Roles and default policy for desktop usage.
|
||||
|
||||
%prep
|
||||
%setup -q
|
||||
%patch0 -p1
|
||||
%patch1 -p1
|
||||
|
||||
%build
|
||||
%configure --enable-gtk-doc --disable-static --libexecdir=%{_libexecdir}/polkit-1 --disable-introspection
|
||||
@ -182,6 +187,11 @@ rm -rf $RPM_BUILD_ROOT
|
||||
%{_datadir}/gtk-doc/html/*
|
||||
|
||||
%changelog
|
||||
* Fri Sep 11 2009 David Zeuthen <davidz@redhat.com> - 0.94-4
|
||||
- Add some patches from git master
|
||||
- Sort pkaction(1) output
|
||||
- Bug 23867 – UnixProcess vs. SystemBusName aliasing
|
||||
|
||||
* Thu Aug 13 2009 David Zeuthen <davidz@redhat.com> - 0.94-3
|
||||
- Add desktop_admin_r and desktop_user_r groups along with a first cut
|
||||
of default authorizations for users in these groups.
|
||||
|
Loading…
Reference in New Issue
Block a user