fix a CK interaction bug
This commit is contained in:
parent
2e07d21218
commit
c1967a3fdd
132
0001-Fix-ConsoleKit-interaction-bug.patch
Normal file
132
0001-Fix-ConsoleKit-interaction-bug.patch
Normal file
@ -0,0 +1,132 @@
|
|||||||
|
From 22363658629553e04277259ccac8dbf4e33839ea Mon Sep 17 00:00:00 2001
|
||||||
|
From: David Zeuthen <davidz@redhat.com>
|
||||||
|
Date: Wed, 18 Aug 2010 12:24:04 -0400
|
||||||
|
Subject: [PATCH] Fix ConsoleKit interaction bug
|
||||||
|
|
||||||
|
First of all, there was a glaring bug where we forgot to load the
|
||||||
|
GKeyFile for /var/run/ConsoleKit/database resulting in criticals like
|
||||||
|
this:
|
||||||
|
|
||||||
|
(lt-polkitd:17984): GLib-CRITICAL **: g_key_file_get_boolean: assertion `key_file != NULL' failed
|
||||||
|
(lt-polkitd:17984): GLib-CRITICAL **: g_key_file_get_boolean: assertion `key_file != NULL' failed
|
||||||
|
|
||||||
|
Furthermore, this resulted in the Authority returning "not authorized"
|
||||||
|
for subjects that should have been authorized. For an example, see
|
||||||
|
|
||||||
|
https://bugzilla.redhat.com/show_bug.cgi?id=624125
|
||||||
|
|
||||||
|
Fix this bug by calling ensure_database() to make sure the GKeyFile
|
||||||
|
contains information from /var/run/ConsoleKit/database. Also, since
|
||||||
|
there is a race (theoretical at least, but see
|
||||||
|
https://bugzilla.gnome.org/show_bug.cgi?id=627285 ) with file
|
||||||
|
monitoring, also ensure that we are using the latest and greatest
|
||||||
|
version of /var/run/ConsoleKit/database.
|
||||||
|
|
||||||
|
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
||||||
|
---
|
||||||
|
src/polkitbackend/polkitbackendsessionmonitor.c | 52 ++++++++++++++++++++--
|
||||||
|
1 files changed, 47 insertions(+), 5 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/polkitbackend/polkitbackendsessionmonitor.c b/src/polkitbackend/polkitbackendsessionmonitor.c
|
||||||
|
index 2b63f3c..877d69e 100644
|
||||||
|
--- a/src/polkitbackend/polkitbackendsessionmonitor.c
|
||||||
|
+++ b/src/polkitbackend/polkitbackendsessionmonitor.c
|
||||||
|
@@ -47,6 +47,7 @@ struct _PolkitBackendSessionMonitor
|
||||||
|
|
||||||
|
GKeyFile *database;
|
||||||
|
GFileMonitor *database_monitor;
|
||||||
|
+ time_t database_mtime;
|
||||||
|
};
|
||||||
|
|
||||||
|
struct _PolkitBackendSessionMonitorClass
|
||||||
|
@@ -74,17 +75,34 @@ reload_database (PolkitBackendSessionMonitor *monitor,
|
||||||
|
GError **error)
|
||||||
|
{
|
||||||
|
gboolean ret;
|
||||||
|
+ struct stat statbuf;
|
||||||
|
|
||||||
|
ret = FALSE;
|
||||||
|
|
||||||
|
+ if (monitor->database != NULL)
|
||||||
|
+ {
|
||||||
|
+ g_key_file_free (monitor->database);
|
||||||
|
+ monitor->database = NULL;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (stat (CKDB_PATH, &statbuf) != 0)
|
||||||
|
+ {
|
||||||
|
+ g_set_error (error,
|
||||||
|
+ G_IO_ERROR,
|
||||||
|
+ g_io_error_from_errno (errno),
|
||||||
|
+ "Error statting file " CKDB_PATH ": %s",
|
||||||
|
+ strerror (errno));
|
||||||
|
+ goto out;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ monitor->database_mtime = statbuf.st_mtime;
|
||||||
|
+
|
||||||
|
monitor->database = g_key_file_new ();
|
||||||
|
if (!g_key_file_load_from_file (monitor->database,
|
||||||
|
CKDB_PATH,
|
||||||
|
G_KEY_FILE_NONE,
|
||||||
|
error))
|
||||||
|
{
|
||||||
|
- g_key_file_free (monitor->database);
|
||||||
|
- monitor->database = NULL;
|
||||||
|
goto out;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -102,8 +120,22 @@ ensure_database (PolkitBackendSessionMonitor *monitor,
|
||||||
|
|
||||||
|
if (monitor->database != NULL)
|
||||||
|
{
|
||||||
|
- ret = TRUE;
|
||||||
|
- goto out;
|
||||||
|
+ struct stat statbuf;
|
||||||
|
+
|
||||||
|
+ if (stat (CKDB_PATH, &statbuf) != 0)
|
||||||
|
+ {
|
||||||
|
+ g_set_error (error,
|
||||||
|
+ G_IO_ERROR,
|
||||||
|
+ g_io_error_from_errno (errno),
|
||||||
|
+ "Error statting file " CKDB_PATH " to check timestamp: %s",
|
||||||
|
+ strerror (errno));
|
||||||
|
+ goto out;
|
||||||
|
+ }
|
||||||
|
+ if (statbuf.st_mtime == monitor->database_mtime)
|
||||||
|
+ {
|
||||||
|
+ ret = TRUE;
|
||||||
|
+ goto out;
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
|
||||||
|
ret = reload_database (monitor, error);
|
||||||
|
@@ -266,7 +298,6 @@ polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor
|
||||||
|
if (local_error != NULL)
|
||||||
|
{
|
||||||
|
g_propagate_prefixed_error (error, local_error, "Error getting user for process: ");
|
||||||
|
- g_error_free (local_error);
|
||||||
|
goto out;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -427,6 +458,17 @@ get_boolean (PolkitBackendSessionMonitor *monitor,
|
||||||
|
group = g_strdup_printf ("Session %s", polkit_unix_session_get_session_id (POLKIT_UNIX_SESSION (session)));
|
||||||
|
|
||||||
|
error = NULL;
|
||||||
|
+ if (!ensure_database (monitor, &error))
|
||||||
|
+ {
|
||||||
|
+ g_printerr ("Error getting boolean `%s' in group `%s': Error ensuring CK database at " CKDB_PATH ": %s",
|
||||||
|
+ key_name,
|
||||||
|
+ group,
|
||||||
|
+ error->message);
|
||||||
|
+ g_error_free (error);
|
||||||
|
+ goto out;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ error = NULL;
|
||||||
|
ret = g_key_file_get_boolean (monitor->database, group, key_name, &error);
|
||||||
|
if (error != NULL)
|
||||||
|
{
|
||||||
|
--
|
||||||
|
1.7.2.1
|
||||||
|
|
15
polkit.spec
15
polkit.spec
@ -1,11 +1,10 @@
|
|||||||
Summary: PolicyKit Authorization Framework
|
Summary: PolicyKit Authorization Framework
|
||||||
Name: polkit
|
Name: polkit
|
||||||
Version: 0.97
|
Version: 0.97
|
||||||
Release: 3%{?dist}
|
Release: 4%{?dist}
|
||||||
License: LGPLv2+
|
License: LGPLv2+
|
||||||
URL: http://www.freedesktop.org/wiki/Software/PolicyKit
|
URL: http://www.freedesktop.org/wiki/Software/PolicyKit
|
||||||
Source0: http://hal.freedesktop.org/releases/%{name}-%{version}.tar.gz
|
Source0: http://hal.freedesktop.org/releases/%{name}-%{version}.tar.gz
|
||||||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
|
|
||||||
Group: System Environment/Libraries
|
Group: System Environment/Libraries
|
||||||
BuildRequires: glib2-devel >= 2.25.12
|
BuildRequires: glib2-devel >= 2.25.12
|
||||||
BuildRequires: expat-devel
|
BuildRequires: expat-devel
|
||||||
@ -27,6 +26,10 @@ Conflicts: polkit-gnome < 0.97
|
|||||||
# upstream
|
# upstream
|
||||||
Patch0: polkit-0.97-subject-scanning.patch
|
Patch0: polkit-0.97-subject-scanning.patch
|
||||||
|
|
||||||
|
# Upstream fix
|
||||||
|
Patch1: 0001-Fix-ConsoleKit-interaction-bug.patch
|
||||||
|
|
||||||
|
|
||||||
%description
|
%description
|
||||||
PolicyKit is a toolkit for defining and handling authorizations.
|
PolicyKit is a toolkit for defining and handling authorizations.
|
||||||
It is used for allowing unprivileged processes to speak to privileged
|
It is used for allowing unprivileged processes to speak to privileged
|
||||||
@ -70,13 +73,13 @@ Roles and default policy for desktop usage.
|
|||||||
%prep
|
%prep
|
||||||
%setup -q
|
%setup -q
|
||||||
%patch0 -p1 -b .subject-scanning
|
%patch0 -p1 -b .subject-scanning
|
||||||
|
%patch1 -p1 -b .ck-interaction
|
||||||
|
|
||||||
%build
|
%build
|
||||||
%configure --enable-gtk-doc --disable-static --libexecdir=%{_libexecdir}/polkit-1 --disable-introspection --enable-examples
|
%configure --enable-gtk-doc --disable-static --libexecdir=%{_libexecdir}/polkit-1 --disable-introspection --enable-examples
|
||||||
make
|
make
|
||||||
|
|
||||||
%install
|
%install
|
||||||
rm -rf $RPM_BUILD_ROOT
|
|
||||||
make install DESTDIR=$RPM_BUILD_ROOT
|
make install DESTDIR=$RPM_BUILD_ROOT
|
||||||
|
|
||||||
rm -f $RPM_BUILD_ROOT%{_libdir}/*.la
|
rm -f $RPM_BUILD_ROOT%{_libdir}/*.la
|
||||||
@ -129,9 +132,6 @@ EOF
|
|||||||
### END DESKTOP POLICY CONFIGURATION
|
### END DESKTOP POLICY CONFIGURATION
|
||||||
###
|
###
|
||||||
|
|
||||||
%clean
|
|
||||||
rm -rf $RPM_BUILD_ROOT
|
|
||||||
|
|
||||||
%post -p /sbin/ldconfig
|
%post -p /sbin/ldconfig
|
||||||
|
|
||||||
%postun -p /sbin/ldconfig
|
%postun -p /sbin/ldconfig
|
||||||
@ -191,6 +191,9 @@ rm -rf $RPM_BUILD_ROOT
|
|||||||
%{_datadir}/gtk-doc/html/*
|
%{_datadir}/gtk-doc/html/*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Aug 18 2010 Matthias Clasen <mclasen@redhat.com> - 0.97-4
|
||||||
|
- Fix a ConsoleKit interaction bug
|
||||||
|
|
||||||
* Fri Aug 13 2010 David Zeuthen <davidz@redhat.com> - 0.97-3
|
* Fri Aug 13 2010 David Zeuthen <davidz@redhat.com> - 0.97-3
|
||||||
- Add a patch to make pkcheck(1) work the way libvirtd uses it (#623257)
|
- Add a patch to make pkcheck(1) work the way libvirtd uses it (#623257)
|
||||||
- Require GLib >= 2.25.12 instead of 2.25.11
|
- Require GLib >= 2.25.12 instead of 2.25.11
|
||||||
|
Loading…
Reference in New Issue
Block a user