rpms/polkit
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Merge branch 'master' into f21

Browse Source
This commit is contained in:
Miloslav Trmač 2015-07-02 21:05:05 +02:00
commit 88b1a1546d
8 changed files with 45 additions and 454 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.gitignore vendored
View File

@ -1,3 +1,4 @@
/.project
polkit-0.92.tar.gz
polkit-0.93.tar.gz
polkit-0.94.tar.gz
@ -21,3 +22,5 @@ polkit-0.98.tar.gz
/polkit-0.111.tar.gz.sign
/polkit-0.112.tar.gz
/polkit-0.112.tar.gz.sign
/polkit-0.113.tar.gz
/polkit-0.113.tar.gz.sign

30
0018-authority-Fix-memory-leak-in-EnumerateActions-call-r.patch
View File

@ -1,30 +0,0 @@
From f4d71e0de885010494b8b0b8d62ca910011d7544 Mon Sep 17 00:00:00 2001
From: "Max A. Dednev" <dednev@rambler.ru>
Date: Sun, 11 Jan 2015 20:00:44 -0500
Subject: [PATCH 18/18] authority: Fix memory leak in EnumerateActions call
results handler
Policykit-1 doesn't release reference counters of GVariant data for
org.freedesktop.PolicyKit1.Authority.EnumerateActions dbus call. This
patch fixed reference counting and following memory leak.
https://bugs.freedesktop.org/show_bug.cgi?id=88288
---
src/polkit/polkitauthority.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/src/polkit/polkitauthority.c b/src/polkit/polkitauthority.c
index 75619ab..ab6d3cd 100644
--- a/src/polkit/polkitauthority.c
+++ b/src/polkit/polkitauthority.c
@@ -715,7 +715,6 @@ polkit_authority_enumerate_actions_finish (PolkitAuthority *authority,
while ((child = g_variant_iter_next_value (&iter)) != NULL)
{
ret = g_list_prepend (ret, polkit_action_description_new_for_gvariant (child));
- g_variant_ref_sink (child);
g_variant_unref (child);
}
ret = g_list_reverse (ret);
--
2.1.0

120
polkit-0.112-PolkitAgentSession-race.patch
View File

@ -1,120 +0,0 @@
From 7650ad1e08ab13bdb461783c4995d186d9392840 Mon Sep 17 00:00:00 2001
From: Rui Matos <tiagomatos@gmail.com>
Date: Thu, 6 Feb 2014 18:41:18 +0100
Subject: [PATCH] PolkitAgentSession: fix race between child and io watches
The helper flushes and fdatasyncs stdout and stderr before terminating
but this doesn't guarantee that our io watch is called before our
child watch. This means that we can end up with a successful return
from the helper which we still report as a failure.
If we add G_IO_HUP and G_IO_ERR to the conditions we look for in the
io watch and the child terminates we still run the io watch handler
which will complete the session.
This means that the child watch is in fact needless and we can remove
it.
https://bugs.freedesktop.org/show_bug.cgi?id=60847
---
src/polkitagent/polkitagentsession.c | 47 +++++++++---------------------------
1 file changed, 11 insertions(+), 36 deletions(-)
diff --git a/src/polkitagent/polkitagentsession.c b/src/polkitagent/polkitagentsession.c
index 1c7a2dc..f014773 100644
--- a/src/polkitagent/polkitagentsession.c
+++ b/src/polkitagent/polkitagentsession.c
@@ -92,7 +92,6 @@ struct _PolkitAgentSession
int child_stdout;
GPid child_pid;
- GSource *child_watch_source;
GSource *child_stdout_watch_source;
GIOChannel *child_stdout_channel;
@@ -377,13 +376,6 @@ kill_helper (PolkitAgentSession *session)
session->child_pid = 0;
}
- if (session->child_watch_source != NULL)
- {
- g_source_destroy (session->child_watch_source);
- g_source_unref (session->child_watch_source);
- session->child_watch_source = NULL;
- }
-
if (session->child_stdout_watch_source != NULL)
{
g_source_destroy (session->child_stdout_watch_source);
@@ -429,26 +421,6 @@ complete_session (PolkitAgentSession *session,
}
}
-static void
-child_watch_func (GPid pid,
- gint status,
- gpointer user_data)
-{
- PolkitAgentSession *session = POLKIT_AGENT_SESSION (user_data);
-
- if (G_UNLIKELY (_show_debug ()))
- {
- g_print ("PolkitAgentSession: in child_watch_func for pid %d (WIFEXITED=%d WEXITSTATUS=%d)\n",
- (gint) pid,
- WIFEXITED(status),
- WEXITSTATUS(status));
- }
-
- /* kill all the watches we have set up, except for the child since it has exited already */
- session->child_pid = 0;
- complete_session (session, FALSE);
-}
-
static gboolean
io_watch_have_data (GIOChannel *channel,
GIOCondition condition,
@@ -475,10 +447,13 @@ io_watch_have_data (GIOChannel *channel,
NULL,
NULL,
&error);
- if (error != NULL)
+ if (error != NULL || line == NULL)
{
- g_warning ("Error reading line from helper: %s", error->message);
- g_error_free (error);
+ /* In case we get just G_IO_HUP, line is NULL but error is
+ unset.*/
+ g_warning ("Error reading line from helper: %s",
+ error ? error->message : "nothing to read");
+ g_clear_error (&error);
complete_session (session, FALSE);
goto out;
@@ -540,6 +515,9 @@ io_watch_have_data (GIOChannel *channel,
g_free (line);
g_free (unescaped);
+ if (condition & (G_IO_ERR | G_IO_HUP))
+ complete_session (session, FALSE);
+
/* keep the IOChannel around */
return TRUE;
}
@@ -650,12 +628,9 @@ polkit_agent_session_initiate (PolkitAgentSession *session)
if (G_UNLIKELY (_show_debug ()))
g_print ("PolkitAgentSession: spawned helper with pid %d\n", (gint) session->child_pid);
- session->child_watch_source = g_child_watch_source_new (session->child_pid);
- g_source_set_callback (session->child_watch_source, (GSourceFunc) child_watch_func, session, NULL);
- g_source_attach (session->child_watch_source, g_main_context_get_thread_default ());
-
session->child_stdout_channel = g_io_channel_unix_new (session->child_stdout);
- session->child_stdout_watch_source = g_io_create_watch (session->child_stdout_channel, G_IO_IN);
+ session->child_stdout_watch_source = g_io_create_watch (session->child_stdout_channel,
+ G_IO_IN | G_IO_ERR | G_IO_HUP);
g_source_set_callback (session->child_stdout_watch_source, (GSourceFunc) io_watch_have_data, session, NULL);
g_source_attach (session->child_stdout_watch_source, g_main_context_get_thread_default ());
--
1.8.3.1

78
polkit-0.112-XDG_RUNTIME_DIR.patch
View File

@ -1,78 +0,0 @@
From 8635ffc16aeff6a07d675f861fe0dea03ea81d7e Mon Sep 17 00:00:00 2001
From: Colin Walters <walters@verbum.org>
Date: Thu, 21 Nov 2013 17:39:37 -0500
Subject: [PATCH] pkexec: Work around systemd injecting broken XDG_RUNTIME_DIR
This workaround isn't too much code, and it's often better to fix bugs
in two places anyways.
For more information:
See https://bugzilla.redhat.com/show_bug.cgi?id=753882
See http://lists.freedesktop.org/archives/systemd-devel/2013-November/014370.html
---
src/programs/pkexec.c | 33 ++++++++++++++++++++++++++++++---
1 file changed, 30 insertions(+), 3 deletions(-)
diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c
index 005e1fe..a7ca8e0 100644
--- a/src/programs/pkexec.c
+++ b/src/programs/pkexec.c
@@ -143,8 +143,22 @@ pam_conversation_function (int n,
return PAM_CONV_ERR;
}
+/* A work around for:
+ * https://bugzilla.redhat.com/show_bug.cgi?id=753882
+ */
+static gboolean
+xdg_runtime_dir_is_owned_by (const char *path,
+ uid_t target_uid)
+{
+ struct stat stbuf;
+
+ return stat (path, &stbuf) == 0 &&
+ stbuf.st_uid == target_uid;
+}
+
static gboolean
-open_session (const gchar *user_to_auth)
+open_session (const gchar *user_to_auth,
+ uid_t target_uid)
{
gboolean ret;
gint rc;
@@ -186,7 +200,19 @@ open_session (const gchar *user_to_auth)
{
guint n;
for (n = 0; envlist[n]; n++)
- putenv (envlist[n]);
+ {
+ const char *envitem = envlist[n];
+
+ if (g_str_has_prefix (envitem, "XDG_RUNTIME_DIR="))
+ {
+ const char *eq = strchr (envitem, '=');
+ g_assert (eq);
+ if (!xdg_runtime_dir_is_owned_by (eq + 1, target_uid))
+ continue;
+ }
+
+ putenv (envlist[n]);
+ }
free (envlist);
}
@@ -913,7 +939,8 @@ main (int argc, char *argv[])
* As evident above, neither su(1) (and, for that matter, nor sudo(8)) does this.
*/
#ifdef POLKIT_AUTHFW_PAM
- if (!open_session (pw->pw_name))
+ if (!open_session (pw->pw_name,
+ pw->pw_uid))
{
goto out;
}
--
1.8.3.1

107
polkit-0.112-systemd-Deduplicate-code-paths.patch
View File

@ -1,107 +0,0 @@
From 26d0c0578211fb96fc8fe75572aa11ad6ecbf9b8 Mon Sep 17 00:00:00 2001
From: Colin Walters <walters@verbum.org>
Date: Thu, 7 Nov 2013 15:57:50 -0500
Subject: [PATCH] sessionmonitor-systemd: Deduplicate code paths
We had the code to go from pid -> session duplicated. If we have a
PolkitSystemBusName, convert it to a PolkitUnixProcess.
Then we can do PolkitUnixProcess -> pid -> session in one place.
This is just a code cleanup.
https://bugs.freedesktop.org/show_bug.cgi?id=69538
---
.../polkitbackendsessionmonitor-systemd.c | 63 ++++++++--------------
1 file changed, 22 insertions(+), 41 deletions(-)
diff --git a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c
index 0185310..756b728 100644
--- a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c
+++ b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c
@@ -313,61 +313,42 @@ polkit_backend_session_monitor_get_session_for_subject (PolkitBackendSessionMoni
PolkitSubject *subject,
GError **error)
{
- PolkitSubject *session;
-
- session = NULL;
+ PolkitUnixProcess *tmp_process = NULL;
+ PolkitUnixProcess *process = NULL;
+ PolkitSubject *session = NULL;
+ char *session_id = NULL;
+ pid_t pid;
if (POLKIT_IS_UNIX_PROCESS (subject))
- {
- gchar *session_id;
- pid_t pid;
-
- pid = polkit_unix_process_get_pid (POLKIT_UNIX_PROCESS (subject));
- if (sd_pid_get_session (pid, &session_id) < 0)
- goto out;
-
- session = polkit_unix_session_new (session_id);
- free (session_id);
- }
+ process = POLKIT_UNIX_PROCESS (subject); /* We already have a process */
else if (POLKIT_IS_SYSTEM_BUS_NAME (subject))
{
- guint32 pid;
- gchar *session_id;
- GVariant *result;
-
- result = g_dbus_connection_call_sync (monitor->system_bus,
- "org.freedesktop.DBus",
- "/org/freedesktop/DBus",
- "org.freedesktop.DBus",
- "GetConnectionUnixProcessID",
- g_variant_new ("(s)", polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (subject))),
- G_VARIANT_TYPE ("(u)"),
- G_DBUS_CALL_FLAGS_NONE,
- -1, /* timeout_msec */
- NULL, /* GCancellable */
- error);
- if (result == NULL)
- goto out;
- g_variant_get (result, "(u)", &pid);
- g_variant_unref (result);
-
- if (sd_pid_get_session (pid, &session_id) < 0)
- goto out;
-
- session = polkit_unix_session_new (session_id);
- free (session_id);
+ /* Convert bus name to process */
+ tmp_process = (PolkitUnixProcess*)polkit_system_bus_name_get_process_sync (POLKIT_SYSTEM_BUS_NAME (subject), NULL, error);
+ if (!tmp_process)
+ goto out;
+ process = tmp_process;
}
else
{
g_set_error (error,
POLKIT_ERROR,
POLKIT_ERROR_NOT_SUPPORTED,
- "Cannot get user for subject of type %s",
+ "Cannot get session for subject of type %s",
g_type_name (G_TYPE_FROM_INSTANCE (subject)));
}
- out:
+ /* Now do process -> pid -> session */
+ g_assert (process != NULL);
+ pid = polkit_unix_process_get_pid (process);
+ if (sd_pid_get_session (pid, &session_id) < 0)
+ goto out;
+
+ session = polkit_unix_session_new (session_id);
+ free (session_id);
+ out:
+ if (tmp_process) g_object_unref (tmp_process);
return session;
}
--
2.0.0

87
polkit-0.112-systemd-prepare-for-D-Bus-user-bus.patch
View File

@ -1,87 +0,0 @@
From a68f5dfd7662767b7b9822090b70bc5bd145c50c Mon Sep 17 00:00:00 2001
From: Kay Sievers <kay@vrfy.org>
Date: Mon, 19 May 2014 10:19:49 +0900
Subject: [PATCH] sessionmonitor-systemd: prepare for D-Bus "user bus" model
In the D-Bus "user bus" model, all sessions of a user share the same
D-Bus instance, a polkit requesting process might live outside the
login session which registered the user's polkit agent.
In case a polkit requesting process is not part of the user's login
session, we ask systemd-logind for the the user's "display" session
instead.
https://bugs.freedesktop.org/show_bug.cgi?id=78905
---
configure.ac | 4 ++++
.../polkitbackendsessionmonitor-systemd.c | 27 ++++++++++++++++++----
2 files changed, 26 insertions(+), 5 deletions(-)
diff --git a/configure.ac b/configure.ac
index a7b0148..e783ea5 100644
--- a/configure.ac
+++ b/configure.ac
@@ -202,6 +202,10 @@ if test "$enable_libsystemd_login" != "no"; then
if test "$have_libsystemd_login" = "yes"; then
SESSION_TRACKING=libsystemd-login
AC_DEFINE([HAVE_LIBSYSTEMD_LOGIN], 1, [Define to 1 if libsystemd-login is available])
+ save_LIBS=$LIBS
+ LIBS=$LIBSYSTEMD_LOGIN_LIBS
+ AC_CHECK_FUNCS(sd_uid_get_display)
+ LIBS=$save_LIBS
else
if test "$enable_libsystemd_login" = "yes"; then
AC_MSG_ERROR([libsystemd-login support requested but libsystemd-login library not found])
diff --git a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c
index 756b728..9995f87 100644
--- a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c
+++ b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c
@@ -318,6 +318,9 @@ polkit_backend_session_monitor_get_session_for_subject (PolkitBackendSessionMoni
PolkitSubject *session = NULL;
char *session_id = NULL;
pid_t pid;
+#if HAVE_SD_UID_GET_DISPLAY
+ uid_t uid;
+#endif
if (POLKIT_IS_UNIX_PROCESS (subject))
process = POLKIT_UNIX_PROCESS (subject); /* We already have a process */
@@ -338,16 +341,30 @@ polkit_backend_session_monitor_get_session_for_subject (PolkitBackendSessionMoni
g_type_name (G_TYPE_FROM_INSTANCE (subject)));
}
- /* Now do process -> pid -> session */
+ /* Now do process -> pid -> same session */
g_assert (process != NULL);
pid = polkit_unix_process_get_pid (process);
- if (sd_pid_get_session (pid, &session_id) < 0)
+ if (sd_pid_get_session (pid, &session_id) >= 0)
+ {
+ session = polkit_unix_session_new (session_id);
+ goto out;
+ }
+
+#if HAVE_SD_UID_GET_DISPLAY
+ /* Now do process -> uid -> graphical session (systemd version 213)*/
+ if (sd_pid_get_owner_uid (pid, &uid) < 0)
goto out;
-
- session = polkit_unix_session_new (session_id);
- free (session_id);
+
+ if (sd_uid_get_display (uid, &session_id) >= 0)
+ {
+ session = polkit_unix_session_new (session_id);
+ goto out;
+ }
+#endif
+
out:
+ free (session_id);
if (tmp_process) g_object_unref (tmp_process);
return session;
}
--
2.0.0

70
polkit.spec
View File

@ -1,27 +1,16 @@
# Only enable if using patches that touches configure.ac,
# Makefile.am or other build system related files
#
%define enable_autoreconf 1
#define enable_autoreconf 1
Summary: An authorization framework
Name: polkit
Version: 0.112
Release: 7%{?dist}.1
Version: 0.113
Release: 1%{?dist}
License: LGPLv2+
URL: http://www.freedesktop.org/wiki/Software/polkit
Source0: http://www.freedesktop.org/software/polkit/releases/%{name}-%{version}.tar.gz
Source1: http://www.freedesktop.org/software/polkit/releases/%{name}-%{version}.tar.gz.sign
# https://bugs.freedesktop.org/show_bug.cgi?id=71894
Patch0: polkit-0.112-XDG_RUNTIME_DIR.patch
# https://bugs.freedesktop.org/show_bug.cgi?id=60847
Patch1: polkit-0.112-PolkitAgentSession-race.patch
# http://cgit.freedesktop.org/polkit/commit/?id=26d0c0578211fb96fc8fe75572aa11ad6ecbf9b8
Patch2: polkit-0.112-systemd-Deduplicate-code-paths.patch
# http://cgit.freedesktop.org/polkit/commit/?id=a68f5dfd7662767b7b9822090b70bc5bd145c50c
Patch3: polkit-0.112-systemd-prepare-for-D-Bus-user-bus.patch
# https://bugs.freedesktop.org/show_bug.cgi?id=88288
# http://cgit.freedesktop.org/polkit/commit/?id=f4d71e0de885010494b8b0b8d62ca910011d7544
Patch4: 0018-authority-Fix-memory-leak-in-EnumerateActions-call-r.patch
Group: System Environment/Libraries
BuildRequires: glib2-devel >= 2.30.0
BuildRequires: expat-devel
@ -29,7 +18,7 @@ BuildRequires: pam-devel
BuildRequires: gtk-doc
BuildRequires: intltool
BuildRequires: gobject-introspection-devel
BuildRequires: systemd-devel
BuildRequires: systemd, systemd-devel
BuildRequires: mozjs17-devel
%if 0%{?enable_autoreconf}
@ -86,13 +75,16 @@ BuildArch: noarch
%description docs
Development documentation for polkit.
%package libs
Summary: Libraries for polkit
Group: Development/Libraries
%description libs
Libraries files for polkit.
%prep
%setup -q
%patch0 -p1 -b .XDG_RUNTIME_DIR
%patch1 -p1 -b .PolkitAgentSession-race
%patch2 -p1 -b .dbus-user-bus
%patch3 -p1 -b .session-dedup-code
%patch4 -p1 -b .authority-Fix-memory-leak
%build
%if 0%{?enable_autoreconf}
@ -122,7 +114,6 @@ getent passwd polkitd >/dev/null || useradd -r -g polkitd -d / -s /sbin/nologin
exit 0
%post
/sbin/ldconfig
# The implied (systemctl preset) will fail and complain, but the macro hides
# and ignores the fact. This is in fact what we want, polkit.service does not
# have an [Install] section and it is always started on demand.
@ -132,17 +123,11 @@ exit 0
%systemd_preun polkit.service
%postun
/sbin/ldconfig
# Not %%systemd_postun_with_restart - let's err on the side of safety, and keep
# the daemon, with its temporary authorizations and agent registrations, running
# after the upgrade as well; it would be unfortunate if the upgrade tool failed
# because a component can't handle polkitd losing state.
%systemd_postun
%systemd_postun_with_restart polkit.service
%files -f polkit-1.lang
%defattr(-,root,root,-)
%doc COPYING NEWS README
%{_libdir}/lib*.so.*
%{_datadir}/man/man1/*
%{_datadir}/man/man8/*
%{_datadir}/dbus-1/system-services/*
@ -161,7 +146,6 @@ exit 0
%{_bindir}/pkttyagent
%dir %{_prefix}/lib/polkit-1
%{_prefix}/lib/polkit-1/polkitd
%{_libdir}/girepository-1.0/*.typelib
# see upstream docs for why these permissions are necessary
%attr(4755,root,root) %{_bindir}/pkexec
@ -178,9 +162,35 @@ exit 0
%defattr(-,root,root,-)
%{_datadir}/gtk-doc
%post libs -p /sbin/ldconfig
%postun libs -p /sbin/ldconfig
%files libs
%{_libdir}/lib*.so.*
%{_libdir}/girepository-1.0/*.typelib
%changelog
* Tue Jan 27 2015 Rex Dieter <rdieter@fedoraproject.org> 0.112-7.1
* Thu Jul 2 2015 Miloslav Trmač <mitr@redhat.com> - 0.113-1
- Update to polkit-0.113 (CVE-2015-3218, CVE-2015-3255, CVE-2015-3256,
CVE-2015-4625)
Resolves: #910262, #1175061, #1177930, #1194391, #1228739, #1233810
* Fri Jun 19 2015 Miloslav Trmač <mitr@redhat.com> - 0.112-11
- Add BuildRequires: systemd so that %%{_unitdir} is defined, to fix the build.
* Thu Jun 18 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.112-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
* Sun Jan 25 2015 Rex Dieter <rdieter@fedoraproject.org> - 0.112-9
- polkit doesn't release reference counters of GVariant data (#1180886)
- fix ldconfig scriptlets (move to -libs subpkg)
* Sat Nov 08 2014 Colin Walters <walters@redhat.com> - 0.112-8
- Split separate -libs package, so that NetworkManager can just depend on
that, without dragging in the daemon (as well as libmozjs17). This
allows the creation of more minimal systems that want programs like NM,
but do not need the configurability of the daemon; it would be ok if only
root is authorized.
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.112-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild

4
sources
View File

@ -1,2 +1,2 @@
b0f2fa00a55f47c6a5d88e9b73f80127 polkit-0.112.tar.gz
55dae3c2451345f5049693cce99b7f78 polkit-0.112.tar.gz.sign
4b77776c9e4f897dcfe03b2c34198edf polkit-0.113.tar.gz
86b92a63394de618898b43f5722e9fe2 polkit-0.113.tar.gz.sign