diff --git a/README.md b/README.md index c174078..2e5cd72 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,4 @@ # polkit +PolicyKit is a framework for defining policy for system-wide components and for desktop pieces to configure it. + diff --git a/polkit-0.101.0-Clarify_that_the_real_uid_is_returned_not_the_effective_one.patch b/polkit-0.101.0-Clarify_that_the_real_uid_is_returned_not_the_effective_one.patch new file mode 100644 index 0000000..cf9da00 --- /dev/null +++ b/polkit-0.101.0-Clarify_that_the_real_uid_is_returned_not_the_effective_one.patch @@ -0,0 +1,134 @@ +From dd848a42a64a3b22a0cc60f6657b56ce9b6010ae Mon Sep 17 00:00:00 2001 +From: David Zeuthen +Date: Thu, 31 Mar 2011 16:59:09 +0000 +Subject: PolkitUnixProcess: Clarify that the real uid is returned, not the effective one + +On Linux, also switch to parsing /proc//status instead of relying +on the st_uid returned by stat(2) to be the uid we want. + +This was pointed out by Neel Mehta . Thanks! + +Signed-off-by: David Zeuthen +--- +diff --git a/src/polkit/polkitunixprocess.c b/src/polkit/polkitunixprocess.c +index d95a1d4..876da69 100644 +--- a/src/polkit/polkitunixprocess.c ++++ b/src/polkit/polkitunixprocess.c +@@ -24,9 +24,7 @@ + #endif + + #include +-#ifndef HAVE_FREEBSD +-#include +-#else ++#ifdef HAVE_FREEBSD + #include + #include + #include +@@ -34,6 +32,7 @@ + #include + #include + #include ++#include + + #include "polkitunixprocess.h" + #include "polkitsubject.h" +@@ -208,6 +207,8 @@ polkit_unix_process_get_pid (PolkitUnixProcess *process) + * + * Gets the uid of the owner of @process. + * ++ * Note that this returns the real user-id (not the effective user-id) of @process. ++ * + * Returns: The UNIX user id of the owner for @process or 0 if @error is set. + **/ + gint +@@ -215,17 +216,21 @@ polkit_unix_process_get_owner (PolkitUnixProcess *process, + GError **error) + { + gint result; ++ gchar *contents; ++ gchar **lines; + #ifdef HAVE_FREEBSD + struct kinfo_proc p; + #else +- struct stat statbuf; +- char procbuf[32]; ++ gchar filename[64]; ++ guint n; + #endif + + g_return_val_if_fail (POLKIT_IS_UNIX_PROCESS (process), 0); + g_return_val_if_fail (error == NULL || *error == NULL, 0); + + result = 0; ++ lines = NULL; ++ contents = NULL; + + #ifdef HAVE_FREEBSD + if (get_kinfo_proc (process->pid, &p) == 0) +@@ -241,23 +246,52 @@ polkit_unix_process_get_owner (PolkitUnixProcess *process, + + result = p.ki_uid; + #else +- g_snprintf (procbuf, sizeof procbuf, "/proc/%d", process->pid); +- if (stat (procbuf, &statbuf) != 0) ++ ++ /* see 'man proc' for layout of the status file ++ * ++ * Uid, Gid: Real, effective, saved set, and file system UIDs (GIDs). ++ */ ++ g_snprintf (filename, sizeof filename, "/proc/%d/status", process->pid); ++ if (!g_file_get_contents (filename, ++ &contents, ++ NULL, ++ error)) + { +- g_set_error (error, +- POLKIT_ERROR, +- POLKIT_ERROR_FAILED, +- "stat() failed for /proc/%d: %s", +- process->pid, +- g_strerror (errno)); + goto out; + } ++ lines = g_strsplit (contents, "\n", -1); ++ for (n = 0; lines != NULL && lines[n] != NULL; n++) ++ { ++ gint real_uid, effective_uid; ++ if (!g_str_has_prefix (lines[n], "Uid:")) ++ continue; ++ if (sscanf (lines[n] + 4, "%d %d", &real_uid, &effective_uid) != 2) ++ { ++ g_set_error (error, ++ POLKIT_ERROR, ++ POLKIT_ERROR_FAILED, ++ "Unexpected line `%s' in file %s", ++ lines[n], ++ filename); ++ goto out; ++ } ++ else ++ { ++ result = real_uid; ++ goto out; ++ } ++ } + +- result = statbuf.st_uid; ++ g_set_error (error, ++ POLKIT_ERROR, ++ POLKIT_ERROR_FAILED, ++ "Didn't find any line starting with `Uid:' in file %s", ++ filename); + #endif + +- out: +- ++out: ++ g_strfreev (lines); ++ g_free (contents); + return result; + } + +-- +cgit v0.8.3-6-g21f6 diff --git a/polkit-0.101.0-Make-PolkitUnixProcess-also-record-the-uid-of-the-pr.patch b/polkit-0.101.0-Make-PolkitUnixProcess-also-record-the-uid-of-the-pr.patch new file mode 100644 index 0000000..a29fb73 --- /dev/null +++ b/polkit-0.101.0-Make-PolkitUnixProcess-also-record-the-uid-of-the-pr.patch @@ -0,0 +1,615 @@ +From 129b6223a19e7fb2753f8cad7957ac5402394076 Mon Sep 17 00:00:00 2001 +From: David Zeuthen +Date: Fri, 01 Apr 2011 16:09:45 +0000 +Subject: Make PolkitUnixProcess also record the uid of the process + +This is needed to avoid possible TOCTTOU issues since a process can +change both its real uid and effective uid. + +Signed-off-by: David Zeuthen +--- +diff --git a/docs/polkit/polkit-1-sections.txt b/docs/polkit/polkit-1-sections.txt +index 12141e3..9f4fcf8 100644 +--- a/docs/polkit/polkit-1-sections.txt ++++ b/docs/polkit/polkit-1-sections.txt +@@ -145,10 +145,13 @@ POLKIT_UNIX_SESSION_GET_CLASS + PolkitUnixProcess + polkit_unix_process_new + polkit_unix_process_new_full ++polkit_unix_process_new_for_owner ++polkit_unix_process_set_pid + polkit_unix_process_get_pid ++polkit_unix_process_set_start_time + polkit_unix_process_get_start_time +-polkit_unix_process_set_pid +-polkit_unix_process_get_owner ++polkit_unix_process_set_uid ++polkit_unix_process_get_uid + + PolkitUnixProcessClass + POLKIT_UNIX_PROCESS +diff --git a/src/polkit/polkitsubject.c b/src/polkit/polkitsubject.c +index 577afec..d2c4c20 100644 +--- a/src/polkit/polkitsubject.c ++++ b/src/polkit/polkitsubject.c +@@ -238,13 +238,18 @@ polkit_subject_from_string (const gchar *str, + { + gint scanned_pid; + guint64 scanned_starttime; +- if (sscanf (str, "unix-process:%d:%" G_GUINT64_FORMAT, &scanned_pid, &scanned_starttime) == 2) ++ gint scanned_uid; ++ if (sscanf (str, "unix-process:%d:%" G_GUINT64_FORMAT ":%d", &scanned_pid, &scanned_starttime, &scanned_uid) == 3) ++ { ++ subject = polkit_unix_process_new_for_owner (scanned_pid, scanned_starttime, scanned_uid); ++ } ++ else if (sscanf (str, "unix-process:%d:%" G_GUINT64_FORMAT, &scanned_pid, &scanned_starttime) == 2) + { + subject = polkit_unix_process_new_full (scanned_pid, scanned_starttime); + } + else if (sscanf (str, "unix-process:%d", &scanned_pid) == 1) + { +- subject = polkit_unix_process_new_full (scanned_pid, 0); ++ subject = polkit_unix_process_new (scanned_pid); + if (polkit_unix_process_get_start_time (POLKIT_UNIX_PROCESS (subject)) == 0) + { + g_object_unref (subject); +@@ -297,6 +302,8 @@ polkit_subject_to_gvariant (PolkitSubject *subject) + g_variant_new_uint32 (polkit_unix_process_get_pid (POLKIT_UNIX_PROCESS (subject)))); + g_variant_builder_add (&builder, "{sv}", "start-time", + g_variant_new_uint64 (polkit_unix_process_get_start_time (POLKIT_UNIX_PROCESS (subject)))); ++ g_variant_builder_add (&builder, "{sv}", "uid", ++ g_variant_new_int32 (polkit_unix_process_get_uid (POLKIT_UNIX_PROCESS (subject)))); + } + else if (POLKIT_IS_UNIX_SESSION (subject)) + { +@@ -395,6 +402,7 @@ polkit_subject_new_for_gvariant (GVariant *variant, + GVariant *v; + guint32 pid; + guint64 start_time; ++ gint32 uid; + + v = lookup_asv (details_gvariant, "pid", G_VARIANT_TYPE_UINT32, error); + if (v == NULL) +@@ -414,7 +422,18 @@ polkit_subject_new_for_gvariant (GVariant *variant, + start_time = g_variant_get_uint64 (v); + g_variant_unref (v); + +- ret = polkit_unix_process_new_full (pid, start_time); ++ v = lookup_asv (details_gvariant, "uid", G_VARIANT_TYPE_INT32, error); ++ if (v != NULL) ++ { ++ uid = g_variant_get_int32 (v); ++ g_variant_unref (v); ++ } ++ else ++ { ++ uid = -1; ++ } ++ ++ ret = polkit_unix_process_new_for_owner (pid, start_time, uid); + } + else if (g_strcmp0 (kind, "unix-session") == 0) + { +diff --git a/src/polkit/polkitunixprocess.c b/src/polkit/polkitunixprocess.c +index 876da69..913be3a 100644 +--- a/src/polkit/polkitunixprocess.c ++++ b/src/polkit/polkitunixprocess.c +@@ -62,6 +62,7 @@ struct _PolkitUnixProcess + + gint pid; + guint64 start_time; ++ gint uid; + }; + + struct _PolkitUnixProcessClass +@@ -74,6 +75,7 @@ enum + PROP_0, + PROP_PID, + PROP_START_TIME, ++ PROP_UID + }; + + static void subject_iface_init (PolkitSubjectIface *subject_iface); +@@ -81,6 +83,9 @@ static void subject_iface_init (PolkitSubjectIface *subject_iface); + static guint64 get_start_time_for_pid (gint pid, + GError **error); + ++static gint _polkit_unix_process_get_owner (PolkitUnixProcess *process, ++ GError **error); ++ + #ifdef HAVE_FREEBSD + static gboolean get_kinfo_proc (gint pid, struct kinfo_proc *p); + #endif +@@ -92,6 +97,7 @@ G_DEFINE_TYPE_WITH_CODE (PolkitUnixProcess, polkit_unix_process, G_TYPE_OBJECT, + static void + polkit_unix_process_init (PolkitUnixProcess *unix_process) + { ++ unix_process->uid = -1; + } + + static void +@@ -108,6 +114,10 @@ polkit_unix_process_get_property (GObject *object, + g_value_set_int (value, unix_process->pid); + break; + ++ case PROP_UID: ++ g_value_set_int (value, unix_process->uid); ++ break; ++ + case PROP_START_TIME: + g_value_set_uint64 (value, unix_process->start_time); + break; +@@ -132,6 +142,14 @@ polkit_unix_process_set_property (GObject *object, + polkit_unix_process_set_pid (unix_process, g_value_get_int (value)); + break; + ++ case PROP_UID: ++ polkit_unix_process_set_uid (unix_process, g_value_get_int (value)); ++ break; ++ ++ case PROP_START_TIME: ++ polkit_unix_process_set_start_time (unix_process, g_value_get_uint64 (value)); ++ break; ++ + default: + G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); + break; +@@ -139,12 +157,39 @@ polkit_unix_process_set_property (GObject *object, + } + + static void ++polkit_unix_process_constructed (GObject *object) ++{ ++ PolkitUnixProcess *process = POLKIT_UNIX_PROCESS (object); ++ ++ /* sets start_time and uid in case they are unset */ ++ ++ if (process->start_time == 0) ++ process->start_time = get_start_time_for_pid (process->pid, NULL); ++ ++ if (process->uid == -1) ++ { ++ GError *error; ++ error = NULL; ++ process->uid = _polkit_unix_process_get_owner (process, &error); ++ if (error != NULL) ++ { ++ process->uid = -1; ++ g_error_free (error); ++ } ++ } ++ ++ if (G_OBJECT_CLASS (polkit_unix_process_parent_class)->constructed != NULL) ++ G_OBJECT_CLASS (polkit_unix_process_parent_class)->constructed (object); ++} ++ ++static void + polkit_unix_process_class_init (PolkitUnixProcessClass *klass) + { + GObjectClass *gobject_class = G_OBJECT_CLASS (klass); + + gobject_class->get_property = polkit_unix_process_get_property; + gobject_class->set_property = polkit_unix_process_set_property; ++ gobject_class->constructed = polkit_unix_process_constructed; + + /** + * PolkitUnixProcess:pid: +@@ -156,7 +201,7 @@ polkit_unix_process_class_init (PolkitUnixProcessClass *klass) + g_param_spec_int ("pid", + "Process ID", + "The UNIX process ID", +- -1, ++ 0, + G_MAXINT, + 0, + G_PARAM_CONSTRUCT | +@@ -166,6 +211,27 @@ polkit_unix_process_class_init (PolkitUnixProcessClass *klass) + G_PARAM_STATIC_NICK)); + + /** ++ * PolkitUnixProcess:uid: ++ * ++ * The UNIX user id of the process or -1 if unknown. ++ * ++ * Note that this is the real user-id, not the effective user-id. ++ */ ++ g_object_class_install_property (gobject_class, ++ PROP_UID, ++ g_param_spec_int ("uid", ++ "User ID", ++ "The UNIX user ID", ++ -1, ++ G_MAXINT, ++ -1, ++ G_PARAM_CONSTRUCT | ++ G_PARAM_READWRITE | ++ G_PARAM_STATIC_NAME | ++ G_PARAM_STATIC_BLURB | ++ G_PARAM_STATIC_NICK)); ++ ++ /** + * PolkitUnixProcess:start-time: + * + * The start time of the process. +@@ -178,7 +244,8 @@ polkit_unix_process_class_init (PolkitUnixProcessClass *klass) + 0, + G_MAXUINT64, + 0, +- G_PARAM_READABLE | ++ G_PARAM_CONSTRUCT | ++ G_PARAM_READWRITE | + G_PARAM_STATIC_NAME | + G_PARAM_STATIC_BLURB | + G_PARAM_STATIC_NICK)); +@@ -186,113 +253,50 @@ polkit_unix_process_class_init (PolkitUnixProcessClass *klass) + } + + /** +- * polkit_unix_process_get_pid: ++ * polkit_unix_process_get_uid: + * @process: A #PolkitUnixProcess. + * +- * Gets the process id for @process. ++ * Gets the user id for @process. Note that this is the real user-id, ++ * not the effective user-id. + * +- * Returns: The process id for @process. ++ * Returns: The user id for @process or -1 if unknown. + */ + gint +-polkit_unix_process_get_pid (PolkitUnixProcess *process) ++polkit_unix_process_get_uid (PolkitUnixProcess *process) + { +- g_return_val_if_fail (POLKIT_IS_UNIX_PROCESS (process), 0); +- return process->pid; ++ g_return_val_if_fail (POLKIT_IS_UNIX_PROCESS (process), -1); ++ return process->uid; + } + + /** +- * polkit_unix_process_get_owner: ++ * polkit_unix_process_set_uid: + * @process: A #PolkitUnixProcess. +- * @error: (allow-none): Return location for error or %NULL. ++ * @uid: The user id to set for @process or -1 to unset it. + * +- * Gets the uid of the owner of @process. ++ * Sets the (real, not effective) user id for @process. ++ */ ++void ++polkit_unix_process_set_uid (PolkitUnixProcess *process, ++ gint uid) ++{ ++ g_return_if_fail (POLKIT_IS_UNIX_PROCESS (process)); ++ g_return_if_fail (uid >= -1); ++ process->uid = uid; ++} ++ ++/** ++ * polkit_unix_process_get_pid: ++ * @process: A #PolkitUnixProcess. + * +- * Note that this returns the real user-id (not the effective user-id) of @process. ++ * Gets the process id for @process. + * +- * Returns: The UNIX user id of the owner for @process or 0 if @error is set. +- **/ ++ * Returns: The process id for @process. ++ */ + gint +-polkit_unix_process_get_owner (PolkitUnixProcess *process, +- GError **error) ++polkit_unix_process_get_pid (PolkitUnixProcess *process) + { +- gint result; +- gchar *contents; +- gchar **lines; +-#ifdef HAVE_FREEBSD +- struct kinfo_proc p; +-#else +- gchar filename[64]; +- guint n; +-#endif +- + g_return_val_if_fail (POLKIT_IS_UNIX_PROCESS (process), 0); +- g_return_val_if_fail (error == NULL || *error == NULL, 0); +- +- result = 0; +- lines = NULL; +- contents = NULL; +- +-#ifdef HAVE_FREEBSD +- if (get_kinfo_proc (process->pid, &p) == 0) +- { +- g_set_error (error, +- POLKIT_ERROR, +- POLKIT_ERROR_FAILED, +- "get_kinfo_proc() failed for pid %d: %s", +- process->pid, +- g_strerror (errno)); +- goto out; +- } +- +- result = p.ki_uid; +-#else +- +- /* see 'man proc' for layout of the status file +- * +- * Uid, Gid: Real, effective, saved set, and file system UIDs (GIDs). +- */ +- g_snprintf (filename, sizeof filename, "/proc/%d/status", process->pid); +- if (!g_file_get_contents (filename, +- &contents, +- NULL, +- error)) +- { +- goto out; +- } +- lines = g_strsplit (contents, "\n", -1); +- for (n = 0; lines != NULL && lines[n] != NULL; n++) +- { +- gint real_uid, effective_uid; +- if (!g_str_has_prefix (lines[n], "Uid:")) +- continue; +- if (sscanf (lines[n] + 4, "%d %d", &real_uid, &effective_uid) != 2) +- { +- g_set_error (error, +- POLKIT_ERROR, +- POLKIT_ERROR_FAILED, +- "Unexpected line `%s' in file %s", +- lines[n], +- filename); +- goto out; +- } +- else +- { +- result = real_uid; +- goto out; +- } +- } +- +- g_set_error (error, +- POLKIT_ERROR, +- POLKIT_ERROR_FAILED, +- "Didn't find any line starting with `Uid:' in file %s", +- filename); +-#endif +- +-out: +- g_strfreev (lines); +- g_free (contents); +- return result; ++ return process->pid; + } + + /** +@@ -311,6 +315,21 @@ polkit_unix_process_get_start_time (PolkitUnixProcess *process) + } + + /** ++ * polkit_unix_process_set_start_time: ++ * @process: A #PolkitUnixProcess. ++ * @start_time: The start time for @pid. ++ * ++ * Set the start time of @process. ++ */ ++void ++polkit_unix_process_set_start_time (PolkitUnixProcess *process, ++ guint64 start_time) ++{ ++ g_return_if_fail (POLKIT_IS_UNIX_PROCESS (process)); ++ process->start_time = start_time; ++} ++ ++/** + * polkit_unix_process_set_pid: + * @process: A #PolkitUnixProcess. + * @pid: A process id. +@@ -323,18 +342,17 @@ polkit_unix_process_set_pid (PolkitUnixProcess *process, + { + g_return_if_fail (POLKIT_IS_UNIX_PROCESS (process)); + process->pid = pid; +- if (pid != (gint) -1) +- process->start_time = get_start_time_for_pid (pid, NULL); + } + + /** + * polkit_unix_process_new: + * @pid: The process id. + * +- * Creates a new #PolkitUnixProcess for @pid. The start time of the +- * process will be looked up in using e.g. the +- * /proc filesystem depending on the platform in +- * use. ++ * Creates a new #PolkitUnixProcess for @pid. ++ * ++ * The uid and start time of the process will be looked up in using ++ * e.g. the /proc filesystem depending on the ++ * platform in use. + * + * Returns: (transfer full): A #PolkitSubject. Free with g_object_unref(). + */ +@@ -353,22 +371,42 @@ polkit_unix_process_new (gint pid) + * + * Creates a new #PolkitUnixProcess object for @pid and @start_time. + * ++ * The uid of the process will be looked up in using e.g. the ++ * /proc filesystem depending on the platform in ++ * use. ++ * + * Returns: (transfer full): A #PolkitSubject. Free with g_object_unref(). + */ + PolkitSubject * + polkit_unix_process_new_full (gint pid, + guint64 start_time) + { +- PolkitUnixProcess *process; +- +- process = POLKIT_UNIX_PROCESS (polkit_unix_process_new ((gint) -1)); +- process->pid = pid; +- if (start_time != 0) +- process->start_time = start_time; +- else +- process->start_time = get_start_time_for_pid (pid, NULL); ++ return POLKIT_SUBJECT (g_object_new (POLKIT_TYPE_UNIX_PROCESS, ++ "pid", pid, ++ "start_time", start_time, ++ NULL)); ++} + +- return POLKIT_SUBJECT (process); ++/** ++ * polkit_unix_process_new_for_owner: ++ * @pid: The process id. ++ * @start_time: The start time for @pid or 0 to look it up in e.g. /proc. ++ * @uid: The (real, not effective) uid of the owner of @pid or -1 to look it up in e.g. /proc. ++ * ++ * Creates a new #PolkitUnixProcess object for @pid, @start_time and @uid. ++ * ++ * Returns: (transfer full): A #PolkitSubject. Free with g_object_unref(). ++ */ ++PolkitSubject * ++polkit_unix_process_new_for_owner (gint pid, ++ guint64 start_time, ++ gint uid) ++{ ++ return POLKIT_SUBJECT (g_object_new (POLKIT_TYPE_UNIX_PROCESS, ++ "pid", pid, ++ "start_time", start_time, ++ "uid", uid, ++ NULL)); + } + + static guint +@@ -616,3 +654,95 @@ out: + + return start_time; + } ++ ++static gint ++_polkit_unix_process_get_owner (PolkitUnixProcess *process, ++ GError **error) ++{ ++ gint result; ++ gchar *contents; ++ gchar **lines; ++#ifdef HAVE_FREEBSD ++ struct kinfo_proc p; ++#else ++ gchar filename[64]; ++ guint n; ++#endif ++ ++ g_return_val_if_fail (POLKIT_IS_UNIX_PROCESS (process), 0); ++ g_return_val_if_fail (error == NULL || *error == NULL, 0); ++ ++ result = 0; ++ lines = NULL; ++ contents = NULL; ++ ++#ifdef HAVE_FREEBSD ++ if (get_kinfo_proc (process->pid, &p) == 0) ++ { ++ g_set_error (error, ++ POLKIT_ERROR, ++ POLKIT_ERROR_FAILED, ++ "get_kinfo_proc() failed for pid %d: %s", ++ process->pid, ++ g_strerror (errno)); ++ goto out; ++ } ++ ++ result = p.ki_uid; ++#else ++ ++ /* see 'man proc' for layout of the status file ++ * ++ * Uid, Gid: Real, effective, saved set, and file system UIDs (GIDs). ++ */ ++ g_snprintf (filename, sizeof filename, "/proc/%d/status", process->pid); ++ if (!g_file_get_contents (filename, ++ &contents, ++ NULL, ++ error)) ++ { ++ goto out; ++ } ++ lines = g_strsplit (contents, "\n", -1); ++ for (n = 0; lines != NULL && lines[n] != NULL; n++) ++ { ++ gint real_uid, effective_uid; ++ if (!g_str_has_prefix (lines[n], "Uid:")) ++ continue; ++ if (sscanf (lines[n] + 4, "%d %d", &real_uid, &effective_uid) != 2) ++ { ++ g_set_error (error, ++ POLKIT_ERROR, ++ POLKIT_ERROR_FAILED, ++ "Unexpected line `%s' in file %s", ++ lines[n], ++ filename); ++ goto out; ++ } ++ else ++ { ++ result = real_uid; ++ goto out; ++ } ++ } ++ ++ g_set_error (error, ++ POLKIT_ERROR, ++ POLKIT_ERROR_FAILED, ++ "Didn't find any line starting with `Uid:' in file %s", ++ filename); ++#endif ++ ++out: ++ g_strfreev (lines); ++ g_free (contents); ++ return result; ++} ++ ++/* deprecated public method */ ++gint ++polkit_unix_process_get_owner (PolkitUnixProcess *process, ++ GError **error) ++{ ++ return _polkit_unix_process_get_owner (process, error); ++} +diff --git a/src/polkit/polkitunixprocess.h b/src/polkit/polkitunixprocess.h +index b88cd03..531a57d 100644 +--- a/src/polkit/polkitunixprocess.h ++++ b/src/polkit/polkitunixprocess.h +@@ -47,16 +47,24 @@ typedef struct _PolkitUnixProcess PolkitUnixProcess; + typedef struct _PolkitUnixProcessClass PolkitUnixProcessClass; + + GType polkit_unix_process_get_type (void) G_GNUC_CONST; +-PolkitSubject *polkit_unix_process_new (gint pid); +-PolkitSubject *polkit_unix_process_new_full (gint pid, +- guint64 start_time); +- ++PolkitSubject *polkit_unix_process_new (gint pid); ++PolkitSubject *polkit_unix_process_new_full (gint pid, ++ guint64 start_time); ++PolkitSubject *polkit_unix_process_new_for_owner (gint pid, ++ guint64 start_time, ++ gint uid); + gint polkit_unix_process_get_pid (PolkitUnixProcess *process); + guint64 polkit_unix_process_get_start_time (PolkitUnixProcess *process); ++gint polkit_unix_process_get_uid (PolkitUnixProcess *process); + void polkit_unix_process_set_pid (PolkitUnixProcess *process, + gint pid); ++void polkit_unix_process_set_uid (PolkitUnixProcess *process, ++ gint uid); ++void polkit_unix_process_set_start_time (PolkitUnixProcess *process, ++ guint64 start_time); ++ + gint polkit_unix_process_get_owner (PolkitUnixProcess *process, +- GError **error); ++ GError **error) G_GNUC_DEPRECATED_FOR (polkit_unix_process_get_uid); + + G_END_DECLS + +-- +cgit v0.8.3-6-g21f6 diff --git a/polkit-0.104-translation_it.patch b/polkit-0.104-translation_it.patch new file mode 100644 index 0000000..f3371ec --- /dev/null +++ b/polkit-0.104-translation_it.patch @@ -0,0 +1,77 @@ +diff -Nru polkit-0.104.orig/po/it.po polkit-0.104/po/it.po +--- polkit-0.104.orig/po/it.po 1970-01-01 01:00:00.000000000 +0100 ++++ polkit-0.104/po/it.po 2012-02-19 18:58:58.543160669 +0100 +@@ -0,0 +1,65 @@ ++# Italian translations for PolicyKit. ++# Copyright (C) 2009 Red Hat, Inc. ++# This file is distributed under the same license as the PolicyKit package. ++# Silvan Calarco , 2012. ++# ++#, fuzzy ++msgid "" ++msgstr "" ++"Project-Id-Version: DeviceKit-disks\n" ++"Report-Msgid-Bugs-To: \n" ++"POT-Creation-Date: 2011-03-03 13:03-0500\n" ++"PO-Revision-Date: 2011-03-03 13:05-0500\n" ++"Last-Translator: Silvan Calarco \n" ++"Language-Team: Danish \n" ++"Language: it\n" ++"MIME-Version: 1.0\n" ++"Content-Type: text/plain; charset=UTF-8\n" ++"Content-Transfer-Encoding: 8bit\n" ++"Plural-Forms: nplurals=2; plural=(n != 1);\n" ++ ++#: ../actions/org.freedesktop.policykit.policy.in.h:1 ++msgid "Authentication is required to configure lock down policy" ++msgstr "Bisogna autenticarsi per configurare la politica di blocco" ++ ++#: ../actions/org.freedesktop.policykit.policy.in.h:2 ++msgid "Authentication is required to run a program as another user" ++msgstr "Bisogna autenticarsi per eseguire un programma come un altro utente" ++ ++#: ../actions/org.freedesktop.policykit.policy.in.h:3 ++msgid "Configure lock down for an action" ++msgstr "Configura il blocco per un'azione" ++ ++#: ../actions/org.freedesktop.policykit.policy.in.h:4 ++msgid "Run programs as another user" ++msgstr "Esegui programmi come un altro utente" ++ ++#: ../src/examples/org.freedesktop.policykit.examples.pkexec.policy.in.h:1 ++msgid "" ++"Authentication is required to run the PolicyKit example program Frobnicate " ++"(user=$(user), program=$(program), command_line=$(command_line))" ++msgstr "" ++"Bisogna autenticarsi per eseguire il programma di esempio Frobnicate di PolicyKit " ++"$(user), program=$(program), command_line=$(command_line))" ++ ++#: ../src/examples/org.freedesktop.policykit.examples.pkexec.policy.in.h:2 ++msgid "Run the PolicyKit example program Frobnicate" ++msgstr "Esegui il programma di esempio Frobnicate di PolicyKit" ++ ++#. Translators: message shown when trying to run a program as root. Do not ++#. * translate the $(program) fragment - it will be expanded to the path ++#. * of the program e.g. /bin/bash. ++#. ++#: ../src/programs/pkexec.c:666 ++msgid "Authentication is needed to run `$(program)' as the super user" ++msgstr "Bisogna autenticarsi per eseguire `$(program)' come super utente" ++ ++#. Translators: message shown when trying to run a program as another user. ++#. * Do not translate the $(program) or $(user) fragments - the former will ++#. * be expanded to the path of the program e.g. "/bin/bash" and the latter ++#. * to the user e.g. "John Doe (johndoe)" or "johndoe". ++#. ++#: ../src/programs/pkexec.c:676 ++msgid "Authentication is needed to run `$(program)' as user $(user)" ++msgstr "" ++"Bisogna autenticarsi per eseguire `$(program)' come utente $(user)" +diff -Nru polkit-0.104.orig/po/LINGUAS polkit-0.104/po/LINGUAS +--- polkit-0.104.orig/po/LINGUAS 2011-10-18 19:02:27.000000000 +0200 ++++ polkit-0.104/po/LINGUAS 2012-02-19 18:59:21.927903728 +0100 +@@ -1,3 +1,4 @@ + # please keep this list sorted alphabetically + # + da ++it diff --git a/polkit-0.111-sysadmin.patch b/polkit-0.111-sysadmin.patch new file mode 100644 index 0000000..d0e4372 --- /dev/null +++ b/polkit-0.111-sysadmin.patch @@ -0,0 +1,10 @@ +diff -Nru polkit-0.111.orig/src/polkitbackend/50-default.rules polkit-0.111/src/polkitbackend/50-default.rules +--- polkit-0.111.orig/src/polkitbackend/50-default.rules 2013-08-13 14:37:42.707270448 +0200 ++++ polkit-0.111/src/polkitbackend/50-default.rules 2013-08-13 14:37:58.900121151 +0200 +@@ -8,5 +8,5 @@ + // about configuring polkit. + + polkit.addAdminRule(function(action, subject) { +- return ["unix-group:wheel"]; ++ return ["unix-group:sysadmin"]; + }); diff --git a/polkit-60-admin.conf b/polkit-60-admin.conf new file mode 100644 index 0000000..a47dcd1 --- /dev/null +++ b/polkit-60-admin.conf @@ -0,0 +1,10 @@ +# Configuration file for the PolicyKit Local Authority. +# +# DO NOT EDIT THIS FILE, it will be overwritten on update. +# +# See the pklocalauthority(8) man page for more information +# about configuring the Local Authority. +# + +[Configuration] +AdminIdentities=unix-group:sysadmin diff --git a/polkit.spec b/polkit.spec new file mode 100644 index 0000000..d503c53 --- /dev/null +++ b/polkit.spec @@ -0,0 +1,262 @@ +%define polkitd_groupid 54 +%define polkitd_userid 54 +%define polkit_groupid 65054 +%define polkit_userid 65054 +Name: polkit +Version: 0.112 +Release: 2mamba +Summary: A framework for defining policy for system-wide components +Group: Applications/Security +Vendor: openmamba +Distribution: openmamba +Packager: Silvan Calarco +URL: http://www.freedesktop.org/software/polkit +Source: http://www.freedesktop.org/software/polkit/releases/polkit-%{version}.tar.gz +Source1: polkit-60-admin.conf +Patch0: %{name}-0.101.0-Clarify_that_the_real_uid_is_returned_not_the_effective_one.patch +Patch1: %{name}-0.101.0-Make-PolkitUnixProcess-also-record-the-uid-of-the-pr.patch +Patch2: %{name}-0.104-translation_it.patch +Patch3: polkit-0.111-sysadmin.patch +License: GPL +## AUTOBUILDREQ-BEGIN +BuildRequires: glibc-devel +BuildRequires: libexpat-devel +BuildRequires: libffi-devel +BuildRequires: libgcrypt-devel +BuildRequires: libglib-devel +BuildRequires: libgpg-error-devel +BuildRequires: liblzma-devel +BuildRequires: libmozjs185-devel +BuildRequires: libselinux-devel +BuildRequires: libsystemd-devel +BuildRequires: libz-devel +BuildRequires: pam-devel +## AUTOBUILDREQ-END +BuildRequires: pam-devel >= 0.81 +BuildRequires: dbus-devel >= 0.93 +BuildRequires: libmozjs185-devel +Requires: libmozjs185 +Requires: polkit-pkla-compat +Provides: PolicyKit +Obsoletes: PolicyKit +Requires(post): libpolkit = %{?epoch:%epoch:}%{version}-%{release} +BuildRoot: %{_tmppath}/%{name}-%{version}-root + +# Got from git: +# git clone git://anongit.freedesktop.org/git/PolicyKit + +%description +PolicyKit is a framework for defining policy for system-wide components and for desktop pieces to configure it. + +%package -n lib%{name} +Group: System/Libraries +Summary: Shared libraries for %{name} + +%description -n lib%{name} +PolicyKit is a framework for defining policy for system-wide components and for desktop pieces to configure it. +This package contains shared libraries for %{name}. + +%package -n libpolkit-devel +Summary: Devel package for %{name} +Group: Development/Libraries +Requires: libpolkit = %{?epoch:%epoch:}%{version}-%{release} +Provides: PolicyKit-devel +Obsoletes: PolicyKit-devel +Provides: polkit-devel +Obsoletes: polkit-devel + +%description -n libpolkit-devel +PolicyKit is a framework for defining policy for system-wide components and for desktop pieces to configure it. +This package contains static libraries and header files need for development. + +%prep +%setup -q +#%patch0 -p1 +#%patch1 -p1 +%patch2 -p1 +%patch3 -p1 + +%build +%configure \ + --enable-libsystemd-login=yes + +%make + +%install +[ "%{buildroot}" != / ] && rm -rf "%{buildroot}" +%makeinstall +install -d %{buildroot}/var/run/PolicyKit-public + +%find_lang polkit-1 + +%clean +[ "%{buildroot}" != / ] && rm -rf "%{buildroot}" + +%pre +if [ $1 -ge 1 ]; then + /usr/sbin/groupadd polkitd -g %{polkitd_groupid} 2>/dev/null + /usr/sbin/useradd -u %{polkitd_userid} -c 'PolicyKit daemon' -d / -g polkitd \ + -s /bin/false polkitd 2>/dev/null +fi +: + +%preun +if [ $1 -eq 0 ]; then + /usr/sbin/groupdel polkitd 2>/dev/null + /usr/sbin/userdel polkitd 2>/dev/null +fi +: + +%post +if [ $1 -gt 1 ]; then + /usr/sbin/groupdel polkituser 2>/dev/null + /usr/sbin/userdel polkituser 2>/dev/null +fi +: + +%post -n libpolkit +/sbin/ldconfig +: + +%postun -n libpolkit +/sbin/ldconfig +: + +%files -f polkit-1.lang +%defattr(-,root,root) +%{_sysconfdir}/dbus-1/system.d/org.freedesktop.PolicyKit1.conf +%{_sysconfdir}/pam.d/polkit-1 +%dir %{_sysconfdir}/polkit-1 +%attr(0700,polkitd,polkitd) %dir %{_sysconfdir}/polkit-1/rules.d +%{_sysconfdir}/polkit-1/rules.d/50-default.rules +%{_bindir}/pkaction +%{_bindir}/pkcheck +%attr(4755,root,polkitd) %{_bindir}/pkexec +%{_bindir}/pkttyagent +%{_mandir}/man1/pkttyagent.1.gz +%dir %{_prefix}/lib/polkit-1 +%attr(4755,root,polkitd) %{_prefix}/lib/polkit-1/polkit-agent-helper-1 +%{_prefix}/lib/polkit-1/polkitd +/lib/systemd/system/polkit.service +%dir %{_datadir}/polkit-1 +%dir %{_datadir}/polkit-1/actions +%{_datadir}/polkit-1/actions/org.freedesktop.policykit.examples.pkexec.policy +%{_datadir}/polkit-1/actions/org.freedesktop.policykit.policy +%attr(0700,polkitd,polkitd) %dir %{_datadir}/polkit-1/rules.d +%{_datadir}/dbus-1/system-services/org.freedesktop.PolicyKit1.service +%{_mandir}/man1/pkaction.1* +%{_mandir}/man1/pkcheck.1* +%{_mandir}/man1/pkexec.1* +%{_mandir}/man8/polkit.8* +%{_mandir}/man8/polkitd.8* + +%files -n libpolkit +%defattr(-,root,root) +%{_libdir}/girepository-1.0/PolkitAgent-1.0.typelib +%{_libdir}/girepository-1.0/Polkit-1.0.typelib +%{_libdir}/libpolkit-agent-1.so.* +%{_libdir}/libpolkit-gobject-1.so.* +%doc AUTHORS COPYING + +%files -n libpolkit-devel +%defattr(-,root,root) +%{_bindir}/pk-example-frobnicate +%dir %{_includedir}/polkit-1 +%dir %{_includedir}/polkit-1/polkit +%{_includedir}/polkit-1/polkit/*.h +%{_includedir}/polkit-1/polkitagent/*.h +%{_libdir}/libpolkit-agent-1.a +%{_libdir}/libpolkit-agent-1.la +%{_libdir}/libpolkit-agent-1.so +%{_libdir}/libpolkit-gobject-1.a +%{_libdir}/libpolkit-gobject-1.la +%{_libdir}/libpolkit-gobject-1.so +%{_datadir}/gir-1.0/Polkit-1.0.gir +%{_datadir}/gir-1.0/PolkitAgent-1.0.gir +%{_libdir}/pkgconfig/polkit-agent-1.pc +%{_libdir}/pkgconfig/polkit-gobject-1.pc +%doc ChangeLog NEWS README + +%changelog +* Fri Apr 11 2014 Silvan Calarco 0.112-2mamba +- library moved to libpolkit and polkit-devel renamed to libpolkit-devel + +* Thu Sep 19 2013 Automatic Build System 0.112-1mamba +- automatic update by autodist + +* Tue Aug 13 2013 Silvan Calarco 0.111-2mamba +- require polkit-pkla-compat for .pkla files compatibility (localauthority) +- configure with --enable-libsystemd-login=yes +- patch 50-default.rules to use sysadmin group instead of wheel + +* Fri May 17 2013 Automatic Build System 0.111-1mamba +- automatic version update by autodist + +* Tue Mar 19 2013 Silvan Calarco 0.110-4mamba +- require libmozjs185 and buildrequire libmozjs185-devel + +* Sun Mar 17 2013 Silvan Calarco 0.110-3mamba +- fixed permission of rules directories; more default rule from localauthority.conf.d to rules.d + +* Sun Mar 17 2013 Silvan Calarco 0.110-2mamba +- replace polkituser with more standard polkitd user and group names + +* Sun Jan 20 2013 Automatic Build System 0.110-1mamba +- automatic version update by autodist + +* Mon Jan 07 2013 Automatic Build System 0.109-1mamba +- automatic version update by autodist + +* Fri Dec 07 2012 Automatic Build System 0.108-1mamba +- update to 0.108 + +* Sat Sep 15 2012 Silvan Calarco 0.104-2mamba +- .typelib file moved from -devel to runtime library package + +* Sun Feb 19 2012 Silvan Calarco 0.104-1mamba +- update to 0.104 + +* Mon Nov 21 2011 Silvan Calarco 0.102-3mamba +- rebuilt with correct glib version + +* Mon Nov 21 2011 Silvan Calarco 0.102-2mamba +- install localauthority configuration file for group sysadmin (moved from system-base-openmamba) + +* Mon Oct 03 2011 Automatic Build System 0.102-1mamba +- automatic version update by autodist + +* Thu Jul 28 2011 Silvan Calarco 0.101-2mamba +- added two upstream patches to have polkit_unix_process_get_uid required by accountsservice + +* Sun Jul 24 2011 Automatic Build System 0.101-1mamba +- automatic version update by autodist + +* Fri Oct 29 2010 Silvan Calarco 0.99-2mamba +- add installed empty directories + +* Sat Oct 02 2010 Automatic Build System 0.99-1mamba +- automatic update by autodist + +* Thu Jun 10 2010 Silvan Calarco 0.96-3mamba +- obsolete PolicyKit + +* Sun Apr 04 2010 Silvan Calarco 0.96-2mamba +- fixed some files permissions according to configure hints + +* Sat Feb 20 2010 Automatic Build System 0.96-1mamba +- automatic update by autodist + +* Wed Oct 14 2009 Silvan Calarco 0.94-2mamba +- don't obsolete PolicyKit + +* Tue Sep 29 2009 Silvan Calarco 0.94-1mamba +- update to 0.94 + +* Fri Jun 13 2008 Silvan Calarco 0.8-1mamba +- update to 0.8 + +* Wed Apr 11 2007 Silvan Calarco 0.3-1mamba +- update to version 0.3 by autospec + +* Tue Oct 24 2006 Silvan Calarco 0.2cvs20061024-1qilnx +- package created by autospec