rpms/polkit
7
0
Fork 0
Code Issues Pull Requests Releases Activity

* Fri Aug 20 2010 David Zeuthen <davidz@redhat.com> - 0.98-1

Browse Source 
- Update to upstream release 0.98
This commit is contained in:
David Zeuthen 2010-08-20 13:23:51 -04:00
parent e48a851cc3
commit a98bb71895
5 changed files with 7 additions and 219 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -5,3 +5,4 @@ polkit-0.95.git20090913.tar.gz
polkit-0.95.tar.gz
polkit-0.96.tar.gz
polkit-0.97.tar.gz
polkit-0.98.tar.gz

132
0001-Fix-ConsoleKit-interaction-bug.patch
View File

@ -1,132 +0,0 @@
From 22363658629553e04277259ccac8dbf4e33839ea Mon Sep 17 00:00:00 2001
From: David Zeuthen <davidz@redhat.com>
Date: Wed, 18 Aug 2010 12:24:04 -0400
Subject: [PATCH] Fix ConsoleKit interaction bug
First of all, there was a glaring bug where we forgot to load the
GKeyFile for /var/run/ConsoleKit/database resulting in criticals like
this:
(lt-polkitd:17984): GLib-CRITICAL **: g_key_file_get_boolean: assertion `key_file != NULL' failed
(lt-polkitd:17984): GLib-CRITICAL **: g_key_file_get_boolean: assertion `key_file != NULL' failed
Furthermore, this resulted in the Authority returning "not authorized"
for subjects that should have been authorized. For an example, see
https://bugzilla.redhat.com/show_bug.cgi?id=624125
Fix this bug by calling ensure_database() to make sure the GKeyFile
contains information from /var/run/ConsoleKit/database. Also, since
there is a race (theoretical at least, but see
https://bugzilla.gnome.org/show_bug.cgi?id=627285 ) with file
monitoring, also ensure that we are using the latest and greatest
version of /var/run/ConsoleKit/database.
Signed-off-by: David Zeuthen <davidz@redhat.com>
---
src/polkitbackend/polkitbackendsessionmonitor.c | 52 ++++++++++++++++++++--
1 files changed, 47 insertions(+), 5 deletions(-)
diff --git a/src/polkitbackend/polkitbackendsessionmonitor.c b/src/polkitbackend/polkitbackendsessionmonitor.c
index 2b63f3c..877d69e 100644
--- a/src/polkitbackend/polkitbackendsessionmonitor.c
+++ b/src/polkitbackend/polkitbackendsessionmonitor.c
@@ -47,6 +47,7 @@ struct _PolkitBackendSessionMonitor
GKeyFile *database;
GFileMonitor *database_monitor;
+ time_t database_mtime;
};
struct _PolkitBackendSessionMonitorClass
@@ -74,17 +75,34 @@ reload_database (PolkitBackendSessionMonitor *monitor,
GError **error)
{
gboolean ret;
+ struct stat statbuf;
ret = FALSE;
+ if (monitor->database != NULL)
+ {
+ g_key_file_free (monitor->database);
+ monitor->database = NULL;
+ }
+
+ if (stat (CKDB_PATH, &statbuf) != 0)
+ {
+ g_set_error (error,
+ G_IO_ERROR,
+ g_io_error_from_errno (errno),
+ "Error statting file " CKDB_PATH ": %s",
+ strerror (errno));
+ goto out;
+ }
+
+ monitor->database_mtime = statbuf.st_mtime;
+
monitor->database = g_key_file_new ();
if (!g_key_file_load_from_file (monitor->database,
CKDB_PATH,
G_KEY_FILE_NONE,
error))
{
- g_key_file_free (monitor->database);
- monitor->database = NULL;
goto out;
}
@@ -102,8 +120,22 @@ ensure_database (PolkitBackendSessionMonitor *monitor,
if (monitor->database != NULL)
{
- ret = TRUE;
- goto out;
+ struct stat statbuf;
+
+ if (stat (CKDB_PATH, &statbuf) != 0)
+ {
+ g_set_error (error,
+ G_IO_ERROR,
+ g_io_error_from_errno (errno),
+ "Error statting file " CKDB_PATH " to check timestamp: %s",
+ strerror (errno));
+ goto out;
+ }
+ if (statbuf.st_mtime == monitor->database_mtime)
+ {
+ ret = TRUE;
+ goto out;
+ }
}
ret = reload_database (monitor, error);
@@ -266,7 +298,6 @@ polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor
if (local_error != NULL)
{
g_propagate_prefixed_error (error, local_error, "Error getting user for process: ");
- g_error_free (local_error);
goto out;
}
@@ -427,6 +458,17 @@ get_boolean (PolkitBackendSessionMonitor *monitor,
group = g_strdup_printf ("Session %s", polkit_unix_session_get_session_id (POLKIT_UNIX_SESSION (session)));
error = NULL;
+ if (!ensure_database (monitor, &error))
+ {
+ g_printerr ("Error getting boolean `%s' in group `%s': Error ensuring CK database at " CKDB_PATH ": %s",
+ key_name,
+ group,
+ error->message);
+ g_error_free (error);
+ goto out;
+ }
+
+ error = NULL;
ret = g_key_file_get_boolean (monitor->database, group, key_name, &error);
if (error != NULL)
{
--
1.7.2.1

76
polkit-0.97-subject-scanning.patch
View File

@ -1,76 +0,0 @@
From 17f0600529dc926ae4a0c85dc56c393cc09e4011 Mon Sep 17 00:00:00 2001
From: David Zeuthen <davidz@redhat.com>
Date: Thu, 12 Aug 2010 20:49:25 +0000
Subject: Fix scanning of unix-process subjects
In particular accept both "unix-process:<pid>,<starttime>" and
"unix-process:<pid>". For the latter, return an error if we cannot
lookup the starttime (for example if the given pid references a
non-existing process).
Signed-off-by: David Zeuthen <davidz@redhat.com>
---
diff --git a/src/polkit/polkitsubject.c b/src/polkit/polkitsubject.c
index 19d60b9..51e60e0 100644
--- a/src/polkit/polkitsubject.c
+++ b/src/polkit/polkitsubject.c
@@ -24,6 +24,7 @@
#endif
#include <string.h>
+#include <stdio.h>
#include "polkitsubject.h"
#include "polkitunixprocess.h"
@@ -222,8 +223,6 @@ polkit_subject_from_string (const gchar *str,
GError **error)
{
PolkitSubject *subject;
- guint64 val;
- gchar *endptr;
g_return_val_if_fail (str != NULL, NULL);
g_return_val_if_fail (error == NULL || *error == NULL, NULL);
@@ -234,12 +233,15 @@ polkit_subject_from_string (const gchar *str,
if (g_str_has_prefix (str, "unix-process:"))
{
- val = g_ascii_strtoull (str + sizeof "unix-process:" - 1,
- &endptr,
- 10);
- if (*endptr == '\0')
+ gint scanned_pid;
+ guint64 scanned_starttime;
+ if (sscanf (str, "unix-process:%d:%" G_GUINT64_FORMAT, &scanned_pid, &scanned_starttime) == 2)
{
- subject = polkit_unix_process_new ((gint) val);
+ subject = polkit_unix_process_new_full (scanned_pid, scanned_starttime);
+ }
+ else if (sscanf (str, "unix-process:%d", &scanned_pid) == 1)
+ {
+ subject = polkit_unix_process_new_full (scanned_pid, 0);
if (polkit_unix_process_get_start_time (POLKIT_UNIX_PROCESS (subject)) == 0)
{
g_object_unref (subject);
@@ -247,8 +249,8 @@ polkit_subject_from_string (const gchar *str,
g_set_error (error,
POLKIT_ERROR,
POLKIT_ERROR_FAILED,
- "No process with pid %" G_GUINT64_FORMAT,
- val);
+ "Unable to determine start time for process with pid %d",
+ scanned_pid);
}
}
}
@@ -266,7 +268,7 @@ polkit_subject_from_string (const gchar *str,
g_set_error (error,
POLKIT_ERROR,
POLKIT_ERROR_FAILED,
- "Malformed subject string '%s'",
+ "Malformed subject string `%s'",
str);
}
--
cgit v0.8.3-6-g21f6

15
polkit.spec
View File

@ -1,7 +1,7 @@
Summary: PolicyKit Authorization Framework
Name: polkit
Version: 0.97
Release: 4%{?dist}
Version: 0.98
Release: 1%{?dist}
License: LGPLv2+
URL: http://www.freedesktop.org/wiki/Software/PolicyKit
Source0: http://hal.freedesktop.org/releases/%{name}-%{version}.tar.gz
@ -23,12 +23,6 @@ Provides: PolicyKit = 0.11
# sufficiently new polkit-gnome package
Conflicts: polkit-gnome < 0.97
# upstream
Patch0: polkit-0.97-subject-scanning.patch
# Upstream fix
Patch1: 0001-Fix-ConsoleKit-interaction-bug.patch
%description
PolicyKit is a toolkit for defining and handling authorizations.
It is used for allowing unprivileged processes to speak to privileged
@ -71,8 +65,6 @@ Roles and default policy for desktop usage.
%prep
%setup -q
%patch0 -p1 -b .subject-scanning
%patch1 -p1 -b .ck-interaction
%build
%configure --enable-gtk-doc --disable-static --libexecdir=%{_libexecdir}/polkit-1 --disable-introspection --enable-examples
@ -190,6 +182,9 @@ EOF
%{_datadir}/gtk-doc/html/*
%changelog
* Fri Aug 20 2010 David Zeuthen <davidz@redhat.com> - 0.98-1
- Update to upstream release 0.98
* Wed Aug 18 2010 Matthias Clasen <mclasen@redhat.com> - 0.97-4
- Fix a ConsoleKit interaction bug

2
sources
View File

@ -1 +1 @@
fbe929cccc2abf7a13b735064e0224ea polkit-0.97.tar.gz
96e583a1177ba5436f034a2fee55f5fa polkit-0.98.tar.gz