rpms/polkit
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

library moved to libpolkit and polkit-devel renamed to libpolkit-devel [release 0.112-2mamba;Fri Apr 11 2014]

Browse Source
This commit is contained in:
Silvan Calarco 2024-01-06 10:24:14 +01:00
parent 3b440ff0b7
commit 170846e031
7 changed files with 1110 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@ -1,2 +1,4 @@
# polkit # polkit
PolicyKit is a framework for defining policy for system-wide components and for desktop pieces to configure it.

134
polkit-0.101.0-Clarify_that_the_real_uid_is_returned_not_the_effective_one.patch Normal file
View File

@ -0,0 +1,134 @@
From dd848a42a64a3b22a0cc60f6657b56ce9b6010ae Mon Sep 17 00:00:00 2001
From: David Zeuthen <davidz@redhat.com>
Date: Thu, 31 Mar 2011 16:59:09 +0000
Subject: PolkitUnixProcess: Clarify that the real uid is returned, not the effective one
On Linux, also switch to parsing /proc/<pid>/status instead of relying
on the st_uid returned by stat(2) to be the uid we want.
This was pointed out by Neel Mehta <nmehta@google.com>. Thanks!
Signed-off-by: David Zeuthen <davidz@redhat.com>
---
diff --git a/src/polkit/polkitunixprocess.c b/src/polkit/polkitunixprocess.c
index d95a1d4..876da69 100644
--- a/src/polkit/polkitunixprocess.c
+++ b/src/polkit/polkitunixprocess.c
@@ -24,9 +24,7 @@
#endif
#include <sys/types.h>
-#ifndef HAVE_FREEBSD
-#include <sys/stat.h>
-#else
+#ifdef HAVE_FREEBSD
#include <sys/param.h>
#include <sys/sysctl.h>
#include <sys/user.h>
@@ -34,6 +32,7 @@
#include <stdlib.h>
#include <string.h>
#include <errno.h>
+#include <stdio.h>
#include "polkitunixprocess.h"
#include "polkitsubject.h"
@@ -208,6 +207,8 @@ polkit_unix_process_get_pid (PolkitUnixProcess *process)
*
* Gets the uid of the owner of @process.
*
+ * Note that this returns the real user-id (not the effective user-id) of @process.
+ *
* Returns: The UNIX user id of the owner for @process or 0 if @error is set.
**/
gint
@@ -215,17 +216,21 @@ polkit_unix_process_get_owner (PolkitUnixProcess *process,
GError **error)
{
gint result;
+ gchar *contents;
+ gchar **lines;
#ifdef HAVE_FREEBSD
struct kinfo_proc p;
#else
- struct stat statbuf;
- char procbuf[32];
+ gchar filename[64];
+ guint n;
#endif
g_return_val_if_fail (POLKIT_IS_UNIX_PROCESS (process), 0);
g_return_val_if_fail (error == NULL || *error == NULL, 0);
result = 0;
+ lines = NULL;
+ contents = NULL;
#ifdef HAVE_FREEBSD
if (get_kinfo_proc (process->pid, &p) == 0)
@@ -241,23 +246,52 @@ polkit_unix_process_get_owner (PolkitUnixProcess *process,
result = p.ki_uid;
#else
- g_snprintf (procbuf, sizeof procbuf, "/proc/%d", process->pid);
- if (stat (procbuf, &statbuf) != 0)
+
+ /* see 'man proc' for layout of the status file
+ *
+ * Uid, Gid: Real, effective, saved set, and file system UIDs (GIDs).
+ */
+ g_snprintf (filename, sizeof filename, "/proc/%d/status", process->pid);
+ if (!g_file_get_contents (filename,
+ &contents,
+ NULL,
+ error))
{
- g_set_error (error,
- POLKIT_ERROR,
- POLKIT_ERROR_FAILED,
- "stat() failed for /proc/%d: %s",
- process->pid,
- g_strerror (errno));
goto out;
}
+ lines = g_strsplit (contents, "\n", -1);
+ for (n = 0; lines != NULL && lines[n] != NULL; n++)
+ {
+ gint real_uid, effective_uid;
+ if (!g_str_has_prefix (lines[n], "Uid:"))
+ continue;
+ if (sscanf (lines[n] + 4, "%d %d", &real_uid, &effective_uid) != 2)
+ {
+ g_set_error (error,
+ POLKIT_ERROR,
+ POLKIT_ERROR_FAILED,
+ "Unexpected line `%s' in file %s",
+ lines[n],
+ filename);
+ goto out;
+ }
+ else
+ {
+ result = real_uid;
+ goto out;
+ }
+ }
- result = statbuf.st_uid;
+ g_set_error (error,
+ POLKIT_ERROR,
+ POLKIT_ERROR_FAILED,
+ "Didn't find any line starting with `Uid:' in file %s",
+ filename);
#endif
- out:
-
+out:
+ g_strfreev (lines);
+ g_free (contents);
return result;
}
--
cgit v0.8.3-6-g21f6

615
polkit-0.101.0-Make-PolkitUnixProcess-also-record-the-uid-of-the-pr.patch Normal file
View File

@ -0,0 +1,615 @@
From 129b6223a19e7fb2753f8cad7957ac5402394076 Mon Sep 17 00:00:00 2001
From: David Zeuthen <davidz@redhat.com>
Date: Fri, 01 Apr 2011 16:09:45 +0000
Subject: Make PolkitUnixProcess also record the uid of the process
This is needed to avoid possible TOCTTOU issues since a process can
change both its real uid and effective uid.
Signed-off-by: David Zeuthen <davidz@redhat.com>
---
diff --git a/docs/polkit/polkit-1-sections.txt b/docs/polkit/polkit-1-sections.txt
index 12141e3..9f4fcf8 100644
--- a/docs/polkit/polkit-1-sections.txt
+++ b/docs/polkit/polkit-1-sections.txt
@@ -145,10 +145,13 @@ POLKIT_UNIX_SESSION_GET_CLASS
PolkitUnixProcess
polkit_unix_process_new
polkit_unix_process_new_full
+polkit_unix_process_new_for_owner
+polkit_unix_process_set_pid
polkit_unix_process_get_pid
+polkit_unix_process_set_start_time
polkit_unix_process_get_start_time
-polkit_unix_process_set_pid
-polkit_unix_process_get_owner
+polkit_unix_process_set_uid
+polkit_unix_process_get_uid
<SUBSECTION Standard>
PolkitUnixProcessClass
POLKIT_UNIX_PROCESS
diff --git a/src/polkit/polkitsubject.c b/src/polkit/polkitsubject.c
index 577afec..d2c4c20 100644
--- a/src/polkit/polkitsubject.c
+++ b/src/polkit/polkitsubject.c
@@ -238,13 +238,18 @@ polkit_subject_from_string (const gchar *str,
{
gint scanned_pid;
guint64 scanned_starttime;
- if (sscanf (str, "unix-process:%d:%" G_GUINT64_FORMAT, &scanned_pid, &scanned_starttime) == 2)
+ gint scanned_uid;
+ if (sscanf (str, "unix-process:%d:%" G_GUINT64_FORMAT ":%d", &scanned_pid, &scanned_starttime, &scanned_uid) == 3)
+ {
+ subject = polkit_unix_process_new_for_owner (scanned_pid, scanned_starttime, scanned_uid);
+ }
+ else if (sscanf (str, "unix-process:%d:%" G_GUINT64_FORMAT, &scanned_pid, &scanned_starttime) == 2)
{
subject = polkit_unix_process_new_full (scanned_pid, scanned_starttime);
}
else if (sscanf (str, "unix-process:%d", &scanned_pid) == 1)
{
- subject = polkit_unix_process_new_full (scanned_pid, 0);
+ subject = polkit_unix_process_new (scanned_pid);
if (polkit_unix_process_get_start_time (POLKIT_UNIX_PROCESS (subject)) == 0)
{
g_object_unref (subject);
@@ -297,6 +302,8 @@ polkit_subject_to_gvariant (PolkitSubject *subject)
g_variant_new_uint32 (polkit_unix_process_get_pid (POLKIT_UNIX_PROCESS (subject))));
g_variant_builder_add (&builder, "{sv}", "start-time",
g_variant_new_uint64 (polkit_unix_process_get_start_time (POLKIT_UNIX_PROCESS (subject))));
+ g_variant_builder_add (&builder, "{sv}", "uid",
+ g_variant_new_int32 (polkit_unix_process_get_uid (POLKIT_UNIX_PROCESS (subject))));
}
else if (POLKIT_IS_UNIX_SESSION (subject))
{
@@ -395,6 +402,7 @@ polkit_subject_new_for_gvariant (GVariant *variant,
GVariant *v;
guint32 pid;
guint64 start_time;
+ gint32 uid;
v = lookup_asv (details_gvariant, "pid", G_VARIANT_TYPE_UINT32, error);
if (v == NULL)
@@ -414,7 +422,18 @@ polkit_subject_new_for_gvariant (GVariant *variant,
start_time = g_variant_get_uint64 (v);
g_variant_unref (v);
- ret = polkit_unix_process_new_full (pid, start_time);
+ v = lookup_asv (details_gvariant, "uid", G_VARIANT_TYPE_INT32, error);
+ if (v != NULL)
+ {
+ uid = g_variant_get_int32 (v);
+ g_variant_unref (v);
+ }
+ else
+ {
+ uid = -1;
+ }
+
+ ret = polkit_unix_process_new_for_owner (pid, start_time, uid);
}
else if (g_strcmp0 (kind, "unix-session") == 0)
{
diff --git a/src/polkit/polkitunixprocess.c b/src/polkit/polkitunixprocess.c
index 876da69..913be3a 100644
--- a/src/polkit/polkitunixprocess.c
+++ b/src/polkit/polkitunixprocess.c
@@ -62,6 +62,7 @@ struct _PolkitUnixProcess
gint pid;
guint64 start_time;
+ gint uid;
};
struct _PolkitUnixProcessClass
@@ -74,6 +75,7 @@ enum
PROP_0,
PROP_PID,
PROP_START_TIME,
+ PROP_UID
};
static void subject_iface_init (PolkitSubjectIface *subject_iface);
@@ -81,6 +83,9 @@ static void subject_iface_init (PolkitSubjectIface *subject_iface);
static guint64 get_start_time_for_pid (gint pid,
GError **error);
+static gint _polkit_unix_process_get_owner (PolkitUnixProcess *process,
+ GError **error);
+
#ifdef HAVE_FREEBSD
static gboolean get_kinfo_proc (gint pid, struct kinfo_proc *p);
#endif
@@ -92,6 +97,7 @@ G_DEFINE_TYPE_WITH_CODE (PolkitUnixProcess, polkit_unix_process, G_TYPE_OBJECT,
static void
polkit_unix_process_init (PolkitUnixProcess *unix_process)
{
+ unix_process->uid = -1;
}
static void
@@ -108,6 +114,10 @@ polkit_unix_process_get_property (GObject *object,
g_value_set_int (value, unix_process->pid);
break;
+ case PROP_UID:
+ g_value_set_int (value, unix_process->uid);
+ break;
+
case PROP_START_TIME:
g_value_set_uint64 (value, unix_process->start_time);
break;
@@ -132,6 +142,14 @@ polkit_unix_process_set_property (GObject *object,
polkit_unix_process_set_pid (unix_process, g_value_get_int (value));
break;
+ case PROP_UID:
+ polkit_unix_process_set_uid (unix_process, g_value_get_int (value));
+ break;
+
+ case PROP_START_TIME:
+ polkit_unix_process_set_start_time (unix_process, g_value_get_uint64 (value));
+ break;
+
default:
G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
break;
@@ -139,12 +157,39 @@ polkit_unix_process_set_property (GObject *object,
}
static void
+polkit_unix_process_constructed (GObject *object)
+{
+ PolkitUnixProcess *process = POLKIT_UNIX_PROCESS (object);
+
+ /* sets start_time and uid in case they are unset */
+
+ if (process->start_time == 0)
+ process->start_time = get_start_time_for_pid (process->pid, NULL);
+
+ if (process->uid == -1)
+ {
+ GError *error;
+ error = NULL;
+ process->uid = _polkit_unix_process_get_owner (process, &error);
+ if (error != NULL)
+ {
+ process->uid = -1;
+ g_error_free (error);
+ }
+ }
+
+ if (G_OBJECT_CLASS (polkit_unix_process_parent_class)->constructed != NULL)
+ G_OBJECT_CLASS (polkit_unix_process_parent_class)->constructed (object);
+}
+
+static void
polkit_unix_process_class_init (PolkitUnixProcessClass *klass)
{
GObjectClass *gobject_class = G_OBJECT_CLASS (klass);
gobject_class->get_property = polkit_unix_process_get_property;
gobject_class->set_property = polkit_unix_process_set_property;
+ gobject_class->constructed = polkit_unix_process_constructed;
/**
* PolkitUnixProcess:pid:
@@ -156,7 +201,7 @@ polkit_unix_process_class_init (PolkitUnixProcessClass *klass)
g_param_spec_int ("pid",
"Process ID",
"The UNIX process ID",
- -1,
+ 0,
G_MAXINT,
0,
G_PARAM_CONSTRUCT |
@@ -166,6 +211,27 @@ polkit_unix_process_class_init (PolkitUnixProcessClass *klass)
G_PARAM_STATIC_NICK));
/**
+ * PolkitUnixProcess:uid:
+ *
+ * The UNIX user id of the process or -1 if unknown.
+ *
+ * Note that this is the real user-id, not the effective user-id.
+ */
+ g_object_class_install_property (gobject_class,
+ PROP_UID,
+ g_param_spec_int ("uid",
+ "User ID",
+ "The UNIX user ID",
+ -1,
+ G_MAXINT,
+ -1,
+ G_PARAM_CONSTRUCT |
+ G_PARAM_READWRITE |
+ G_PARAM_STATIC_NAME |
+ G_PARAM_STATIC_BLURB |
+ G_PARAM_STATIC_NICK));
+
+ /**
* PolkitUnixProcess:start-time:
*
* The start time of the process.
@@ -178,7 +244,8 @@ polkit_unix_process_class_init (PolkitUnixProcessClass *klass)
0,
G_MAXUINT64,
0,
- G_PARAM_READABLE |
+ G_PARAM_CONSTRUCT |
+ G_PARAM_READWRITE |
G_PARAM_STATIC_NAME |
G_PARAM_STATIC_BLURB |
G_PARAM_STATIC_NICK));
@@ -186,113 +253,50 @@ polkit_unix_process_class_init (PolkitUnixProcessClass *klass)
}
/**
- * polkit_unix_process_get_pid:
+ * polkit_unix_process_get_uid:
* @process: A #PolkitUnixProcess.
*
- * Gets the process id for @process.
+ * Gets the user id for @process. Note that this is the real user-id,
+ * not the effective user-id.
*
- * Returns: The process id for @process.
+ * Returns: The user id for @process or -1 if unknown.
*/
gint
-polkit_unix_process_get_pid (PolkitUnixProcess *process)
+polkit_unix_process_get_uid (PolkitUnixProcess *process)
{
- g_return_val_if_fail (POLKIT_IS_UNIX_PROCESS (process), 0);
- return process->pid;
+ g_return_val_if_fail (POLKIT_IS_UNIX_PROCESS (process), -1);
+ return process->uid;
}
/**
- * polkit_unix_process_get_owner:
+ * polkit_unix_process_set_uid:
* @process: A #PolkitUnixProcess.
- * @error: (allow-none): Return location for error or %NULL.
+ * @uid: The user id to set for @process or -1 to unset it.
*
- * Gets the uid of the owner of @process.
+ * Sets the (real, not effective) user id for @process.
+ */
+void
+polkit_unix_process_set_uid (PolkitUnixProcess *process,
+ gint uid)
+{
+ g_return_if_fail (POLKIT_IS_UNIX_PROCESS (process));
+ g_return_if_fail (uid >= -1);
+ process->uid = uid;
+}
+
+/**
+ * polkit_unix_process_get_pid:
+ * @process: A #PolkitUnixProcess.
*
- * Note that this returns the real user-id (not the effective user-id) of @process.
+ * Gets the process id for @process.
*
- * Returns: The UNIX user id of the owner for @process or 0 if @error is set.
- **/
+ * Returns: The process id for @process.
+ */
gint
-polkit_unix_process_get_owner (PolkitUnixProcess *process,
- GError **error)
+polkit_unix_process_get_pid (PolkitUnixProcess *process)
{
- gint result;
- gchar *contents;
- gchar **lines;
-#ifdef HAVE_FREEBSD
- struct kinfo_proc p;
-#else
- gchar filename[64];
- guint n;
-#endif
-
g_return_val_if_fail (POLKIT_IS_UNIX_PROCESS (process), 0);
- g_return_val_if_fail (error == NULL || *error == NULL, 0);
-
- result = 0;
- lines = NULL;
- contents = NULL;
-
-#ifdef HAVE_FREEBSD
- if (get_kinfo_proc (process->pid, &p) == 0)
- {
- g_set_error (error,
- POLKIT_ERROR,
- POLKIT_ERROR_FAILED,
- "get_kinfo_proc() failed for pid %d: %s",
- process->pid,
- g_strerror (errno));
- goto out;
- }
-
- result = p.ki_uid;
-#else
-
- /* see 'man proc' for layout of the status file
- *
- * Uid, Gid: Real, effective, saved set, and file system UIDs (GIDs).
- */
- g_snprintf (filename, sizeof filename, "/proc/%d/status", process->pid);
- if (!g_file_get_contents (filename,
- &contents,
- NULL,
- error))
- {
- goto out;
- }
- lines = g_strsplit (contents, "\n", -1);
- for (n = 0; lines != NULL && lines[n] != NULL; n++)
- {
- gint real_uid, effective_uid;
- if (!g_str_has_prefix (lines[n], "Uid:"))
- continue;
- if (sscanf (lines[n] + 4, "%d %d", &real_uid, &effective_uid) != 2)
- {
- g_set_error (error,
- POLKIT_ERROR,
- POLKIT_ERROR_FAILED,
- "Unexpected line `%s' in file %s",
- lines[n],
- filename);
- goto out;
- }
- else
- {
- result = real_uid;
- goto out;
- }
- }
-
- g_set_error (error,
- POLKIT_ERROR,
- POLKIT_ERROR_FAILED,
- "Didn't find any line starting with `Uid:' in file %s",
- filename);
-#endif
-
-out:
- g_strfreev (lines);
- g_free (contents);
- return result;
+ return process->pid;
}
/**
@@ -311,6 +315,21 @@ polkit_unix_process_get_start_time (PolkitUnixProcess *process)
}
/**
+ * polkit_unix_process_set_start_time:
+ * @process: A #PolkitUnixProcess.
+ * @start_time: The start time for @pid.
+ *
+ * Set the start time of @process.
+ */
+void
+polkit_unix_process_set_start_time (PolkitUnixProcess *process,
+ guint64 start_time)
+{
+ g_return_if_fail (POLKIT_IS_UNIX_PROCESS (process));
+ process->start_time = start_time;
+}
+
+/**
* polkit_unix_process_set_pid:
* @process: A #PolkitUnixProcess.
* @pid: A process id.
@@ -323,18 +342,17 @@ polkit_unix_process_set_pid (PolkitUnixProcess *process,
{
g_return_if_fail (POLKIT_IS_UNIX_PROCESS (process));
process->pid = pid;
- if (pid != (gint) -1)
- process->start_time = get_start_time_for_pid (pid, NULL);
}
/**
* polkit_unix_process_new:
* @pid: The process id.
*
- * Creates a new #PolkitUnixProcess for @pid. The start time of the
- * process will be looked up in using e.g. the
- * <filename>/proc</filename> filesystem depending on the platform in
- * use.
+ * Creates a new #PolkitUnixProcess for @pid.
+ *
+ * The uid and start time of the process will be looked up in using
+ * e.g. the <filename>/proc</filename> filesystem depending on the
+ * platform in use.
*
* Returns: (transfer full): A #PolkitSubject. Free with g_object_unref().
*/
@@ -353,22 +371,42 @@ polkit_unix_process_new (gint pid)
*
* Creates a new #PolkitUnixProcess object for @pid and @start_time.
*
+ * The uid of the process will be looked up in using e.g. the
+ * <filename>/proc</filename> filesystem depending on the platform in
+ * use.
+ *
* Returns: (transfer full): A #PolkitSubject. Free with g_object_unref().
*/
PolkitSubject *
polkit_unix_process_new_full (gint pid,
guint64 start_time)
{
- PolkitUnixProcess *process;
-
- process = POLKIT_UNIX_PROCESS (polkit_unix_process_new ((gint) -1));
- process->pid = pid;
- if (start_time != 0)
- process->start_time = start_time;
- else
- process->start_time = get_start_time_for_pid (pid, NULL);
+ return POLKIT_SUBJECT (g_object_new (POLKIT_TYPE_UNIX_PROCESS,
+ "pid", pid,
+ "start_time", start_time,
+ NULL));
+}
- return POLKIT_SUBJECT (process);
+/**
+ * polkit_unix_process_new_for_owner:
+ * @pid: The process id.
+ * @start_time: The start time for @pid or 0 to look it up in e.g. <filename>/proc</filename>.
+ * @uid: The (real, not effective) uid of the owner of @pid or -1 to look it up in e.g. <filename>/proc</filename>.
+ *
+ * Creates a new #PolkitUnixProcess object for @pid, @start_time and @uid.
+ *
+ * Returns: (transfer full): A #PolkitSubject. Free with g_object_unref().
+ */
+PolkitSubject *
+polkit_unix_process_new_for_owner (gint pid,
+ guint64 start_time,
+ gint uid)
+{
+ return POLKIT_SUBJECT (g_object_new (POLKIT_TYPE_UNIX_PROCESS,
+ "pid", pid,
+ "start_time", start_time,
+ "uid", uid,
+ NULL));
}
static guint
@@ -616,3 +654,95 @@ out:
return start_time;
}
+
+static gint
+_polkit_unix_process_get_owner (PolkitUnixProcess *process,
+ GError **error)
+{
+ gint result;
+ gchar *contents;
+ gchar **lines;
+#ifdef HAVE_FREEBSD
+ struct kinfo_proc p;
+#else
+ gchar filename[64];
+ guint n;
+#endif
+
+ g_return_val_if_fail (POLKIT_IS_UNIX_PROCESS (process), 0);
+ g_return_val_if_fail (error == NULL || *error == NULL, 0);
+
+ result = 0;
+ lines = NULL;
+ contents = NULL;
+
+#ifdef HAVE_FREEBSD
+ if (get_kinfo_proc (process->pid, &p) == 0)
+ {
+ g_set_error (error,
+ POLKIT_ERROR,
+ POLKIT_ERROR_FAILED,
+ "get_kinfo_proc() failed for pid %d: %s",
+ process->pid,
+ g_strerror (errno));
+ goto out;
+ }
+
+ result = p.ki_uid;
+#else
+
+ /* see 'man proc' for layout of the status file
+ *
+ * Uid, Gid: Real, effective, saved set, and file system UIDs (GIDs).
+ */
+ g_snprintf (filename, sizeof filename, "/proc/%d/status", process->pid);
+ if (!g_file_get_contents (filename,
+ &contents,
+ NULL,
+ error))
+ {
+ goto out;
+ }
+ lines = g_strsplit (contents, "\n", -1);
+ for (n = 0; lines != NULL && lines[n] != NULL; n++)
+ {
+ gint real_uid, effective_uid;
+ if (!g_str_has_prefix (lines[n], "Uid:"))
+ continue;
+ if (sscanf (lines[n] + 4, "%d %d", &real_uid, &effective_uid) != 2)
+ {
+ g_set_error (error,
+ POLKIT_ERROR,
+ POLKIT_ERROR_FAILED,
+ "Unexpected line `%s' in file %s",
+ lines[n],
+ filename);
+ goto out;
+ }
+ else
+ {
+ result = real_uid;
+ goto out;
+ }
+ }
+
+ g_set_error (error,
+ POLKIT_ERROR,
+ POLKIT_ERROR_FAILED,
+ "Didn't find any line starting with `Uid:' in file %s",
+ filename);
+#endif
+
+out:
+ g_strfreev (lines);
+ g_free (contents);
+ return result;
+}
+
+/* deprecated public method */
+gint
+polkit_unix_process_get_owner (PolkitUnixProcess *process,
+ GError **error)
+{
+ return _polkit_unix_process_get_owner (process, error);
+}
diff --git a/src/polkit/polkitunixprocess.h b/src/polkit/polkitunixprocess.h
index b88cd03..531a57d 100644
--- a/src/polkit/polkitunixprocess.h
+++ b/src/polkit/polkitunixprocess.h
@@ -47,16 +47,24 @@ typedef struct _PolkitUnixProcess PolkitUnixProcess;
typedef struct _PolkitUnixProcessClass PolkitUnixProcessClass;
GType polkit_unix_process_get_type (void) G_GNUC_CONST;
-PolkitSubject *polkit_unix_process_new (gint pid);
-PolkitSubject *polkit_unix_process_new_full (gint pid,
- guint64 start_time);
-
+PolkitSubject *polkit_unix_process_new (gint pid);
+PolkitSubject *polkit_unix_process_new_full (gint pid,
+ guint64 start_time);
+PolkitSubject *polkit_unix_process_new_for_owner (gint pid,
+ guint64 start_time,
+ gint uid);
gint polkit_unix_process_get_pid (PolkitUnixProcess *process);
guint64 polkit_unix_process_get_start_time (PolkitUnixProcess *process);
+gint polkit_unix_process_get_uid (PolkitUnixProcess *process);
void polkit_unix_process_set_pid (PolkitUnixProcess *process,
gint pid);
+void polkit_unix_process_set_uid (PolkitUnixProcess *process,
+ gint uid);
+void polkit_unix_process_set_start_time (PolkitUnixProcess *process,
+ guint64 start_time);
+
gint polkit_unix_process_get_owner (PolkitUnixProcess *process,
- GError **error);
+ GError **error) G_GNUC_DEPRECATED_FOR (polkit_unix_process_get_uid);
G_END_DECLS
--
cgit v0.8.3-6-g21f6

77
polkit-0.104-translation_it.patch Normal file
View File

@ -0,0 +1,77 @@
diff -Nru polkit-0.104.orig/po/it.po polkit-0.104/po/it.po
--- polkit-0.104.orig/po/it.po 1970-01-01 01:00:00.000000000 +0100
+++ polkit-0.104/po/it.po 2012-02-19 18:58:58.543160669 +0100
@@ -0,0 +1,65 @@
+# Italian translations for PolicyKit.
+# Copyright (C) 2009 Red Hat, Inc.
+# This file is distributed under the same license as the PolicyKit package.
+# Silvan Calarco <silvan.calarco@mambasoft.it>, 2012.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: DeviceKit-disks\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2011-03-03 13:03-0500\n"
+"PO-Revision-Date: 2011-03-03 13:05-0500\n"
+"Last-Translator: Silvan Calarco <silvan.calarco@mambasoft.it>\n"
+"Language-Team: Danish <dansk@dansk-gruppen.dk>\n"
+"Language: it\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
+
+#: ../actions/org.freedesktop.policykit.policy.in.h:1
+msgid "Authentication is required to configure lock down policy"
+msgstr "Bisogna autenticarsi per configurare la politica di blocco"
+
+#: ../actions/org.freedesktop.policykit.policy.in.h:2
+msgid "Authentication is required to run a program as another user"
+msgstr "Bisogna autenticarsi per eseguire un programma come un altro utente"
+
+#: ../actions/org.freedesktop.policykit.policy.in.h:3
+msgid "Configure lock down for an action"
+msgstr "Configura il blocco per un'azione"
+
+#: ../actions/org.freedesktop.policykit.policy.in.h:4
+msgid "Run programs as another user"
+msgstr "Esegui programmi come un altro utente"
+
+#: ../src/examples/org.freedesktop.policykit.examples.pkexec.policy.in.h:1
+msgid ""
+"Authentication is required to run the PolicyKit example program Frobnicate "
+"(user=$(user), program=$(program), command_line=$(command_line))"
+msgstr ""
+"Bisogna autenticarsi per eseguire il programma di esempio Frobnicate di PolicyKit "
+"$(user), program=$(program), command_line=$(command_line))"
+
+#: ../src/examples/org.freedesktop.policykit.examples.pkexec.policy.in.h:2
+msgid "Run the PolicyKit example program Frobnicate"
+msgstr "Esegui il programma di esempio Frobnicate di PolicyKit"
+
+#. Translators: message shown when trying to run a program as root. Do not
+#. * translate the $(program) fragment - it will be expanded to the path
+#. * of the program e.g. /bin/bash.
+#.
+#: ../src/programs/pkexec.c:666
+msgid "Authentication is needed to run `$(program)' as the super user"
+msgstr "Bisogna autenticarsi per eseguire `$(program)' come super utente"
+
+#. Translators: message shown when trying to run a program as another user.
+#. * Do not translate the $(program) or $(user) fragments - the former will
+#. * be expanded to the path of the program e.g. "/bin/bash" and the latter
+#. * to the user e.g. "John Doe (johndoe)" or "johndoe".
+#.
+#: ../src/programs/pkexec.c:676
+msgid "Authentication is needed to run `$(program)' as user $(user)"
+msgstr ""
+"Bisogna autenticarsi per eseguire `$(program)' come utente $(user)"
diff -Nru polkit-0.104.orig/po/LINGUAS polkit-0.104/po/LINGUAS
--- polkit-0.104.orig/po/LINGUAS 2011-10-18 19:02:27.000000000 +0200
+++ polkit-0.104/po/LINGUAS 2012-02-19 18:59:21.927903728 +0100
@@ -1,3 +1,4 @@
# please keep this list sorted alphabetically
#
da
+it

10
polkit-0.111-sysadmin.patch Normal file
View File

@ -0,0 +1,10 @@
diff -Nru polkit-0.111.orig/src/polkitbackend/50-default.rules polkit-0.111/src/polkitbackend/50-default.rules
--- polkit-0.111.orig/src/polkitbackend/50-default.rules 2013-08-13 14:37:42.707270448 +0200
+++ polkit-0.111/src/polkitbackend/50-default.rules 2013-08-13 14:37:58.900121151 +0200
@@ -8,5 +8,5 @@
// about configuring polkit.
polkit.addAdminRule(function(action, subject) {
- return ["unix-group:wheel"];
+ return ["unix-group:sysadmin"];
});

10
polkit-60-admin.conf Normal file
View File

@ -0,0 +1,10 @@
# Configuration file for the PolicyKit Local Authority.
#
# DO NOT EDIT THIS FILE, it will be overwritten on update.
#
# See the pklocalauthority(8) man page for more information
# about configuring the Local Authority.
#
[Configuration]
AdminIdentities=unix-group:sysadmin

262
polkit.spec Normal file
View File

@ -0,0 +1,262 @@
%define polkitd_groupid 54
%define polkitd_userid 54
%define polkit_groupid 65054
%define polkit_userid 65054
Name: polkit
Version: 0.112
Release: 2mamba
Summary: A framework for defining policy for system-wide components
Group: Applications/Security
Vendor: openmamba
Distribution: openmamba
Packager: Silvan Calarco <silvan.calarco@mambasoft.it>
URL: http://www.freedesktop.org/software/polkit
Source: http://www.freedesktop.org/software/polkit/releases/polkit-%{version}.tar.gz
Source1: polkit-60-admin.conf
Patch0: %{name}-0.101.0-Clarify_that_the_real_uid_is_returned_not_the_effective_one.patch
Patch1: %{name}-0.101.0-Make-PolkitUnixProcess-also-record-the-uid-of-the-pr.patch
Patch2: %{name}-0.104-translation_it.patch
Patch3: polkit-0.111-sysadmin.patch
License: GPL
## AUTOBUILDREQ-BEGIN
BuildRequires: glibc-devel
BuildRequires: libexpat-devel
BuildRequires: libffi-devel
BuildRequires: libgcrypt-devel
BuildRequires: libglib-devel
BuildRequires: libgpg-error-devel
BuildRequires: liblzma-devel
BuildRequires: libmozjs185-devel
BuildRequires: libselinux-devel
BuildRequires: libsystemd-devel
BuildRequires: libz-devel
BuildRequires: pam-devel
## AUTOBUILDREQ-END
BuildRequires: pam-devel >= 0.81
BuildRequires: dbus-devel >= 0.93
BuildRequires: libmozjs185-devel
Requires: libmozjs185
Requires: polkit-pkla-compat
Provides: PolicyKit
Obsoletes: PolicyKit
Requires(post): libpolkit = %{?epoch:%epoch:}%{version}-%{release}
BuildRoot: %{_tmppath}/%{name}-%{version}-root
# Got from git:
# git clone git://anongit.freedesktop.org/git/PolicyKit
%description
PolicyKit is a framework for defining policy for system-wide components and for desktop pieces to configure it.
%package -n lib%{name}
Group: System/Libraries
Summary: Shared libraries for %{name}
%description -n lib%{name}
PolicyKit is a framework for defining policy for system-wide components and for desktop pieces to configure it.
This package contains shared libraries for %{name}.
%package -n libpolkit-devel
Summary: Devel package for %{name}
Group: Development/Libraries
Requires: libpolkit = %{?epoch:%epoch:}%{version}-%{release}
Provides: PolicyKit-devel
Obsoletes: PolicyKit-devel
Provides: polkit-devel
Obsoletes: polkit-devel
%description -n libpolkit-devel
PolicyKit is a framework for defining policy for system-wide components and for desktop pieces to configure it.
This package contains static libraries and header files need for development.
%prep
%setup -q
#%patch0 -p1
#%patch1 -p1
%patch2 -p1
%patch3 -p1
%build
%configure \
--enable-libsystemd-login=yes
%make
%install
[ "%{buildroot}" != / ] && rm -rf "%{buildroot}"
%makeinstall
install -d %{buildroot}/var/run/PolicyKit-public
%find_lang polkit-1
%clean
[ "%{buildroot}" != / ] && rm -rf "%{buildroot}"
%pre
if [ $1 -ge 1 ]; then
/usr/sbin/groupadd polkitd -g %{polkitd_groupid} 2>/dev/null
/usr/sbin/useradd -u %{polkitd_userid} -c 'PolicyKit daemon' -d / -g polkitd \
-s /bin/false polkitd 2>/dev/null
fi
:
%preun
if [ $1 -eq 0 ]; then
/usr/sbin/groupdel polkitd 2>/dev/null
/usr/sbin/userdel polkitd 2>/dev/null
fi
:
%post
if [ $1 -gt 1 ]; then
/usr/sbin/groupdel polkituser 2>/dev/null
/usr/sbin/userdel polkituser 2>/dev/null
fi
:
%post -n libpolkit
/sbin/ldconfig
:
%postun -n libpolkit
/sbin/ldconfig
:
%files -f polkit-1.lang
%defattr(-,root,root)
%{_sysconfdir}/dbus-1/system.d/org.freedesktop.PolicyKit1.conf
%{_sysconfdir}/pam.d/polkit-1
%dir %{_sysconfdir}/polkit-1
%attr(0700,polkitd,polkitd) %dir %{_sysconfdir}/polkit-1/rules.d
%{_sysconfdir}/polkit-1/rules.d/50-default.rules
%{_bindir}/pkaction
%{_bindir}/pkcheck
%attr(4755,root,polkitd) %{_bindir}/pkexec
%{_bindir}/pkttyagent
%{_mandir}/man1/pkttyagent.1.gz
%dir %{_prefix}/lib/polkit-1
%attr(4755,root,polkitd) %{_prefix}/lib/polkit-1/polkit-agent-helper-1
%{_prefix}/lib/polkit-1/polkitd
/lib/systemd/system/polkit.service
%dir %{_datadir}/polkit-1
%dir %{_datadir}/polkit-1/actions
%{_datadir}/polkit-1/actions/org.freedesktop.policykit.examples.pkexec.policy
%{_datadir}/polkit-1/actions/org.freedesktop.policykit.policy
%attr(0700,polkitd,polkitd) %dir %{_datadir}/polkit-1/rules.d
%{_datadir}/dbus-1/system-services/org.freedesktop.PolicyKit1.service
%{_mandir}/man1/pkaction.1*
%{_mandir}/man1/pkcheck.1*
%{_mandir}/man1/pkexec.1*
%{_mandir}/man8/polkit.8*
%{_mandir}/man8/polkitd.8*
%files -n libpolkit
%defattr(-,root,root)
%{_libdir}/girepository-1.0/PolkitAgent-1.0.typelib
%{_libdir}/girepository-1.0/Polkit-1.0.typelib
%{_libdir}/libpolkit-agent-1.so.*
%{_libdir}/libpolkit-gobject-1.so.*
%doc AUTHORS COPYING
%files -n libpolkit-devel
%defattr(-,root,root)
%{_bindir}/pk-example-frobnicate
%dir %{_includedir}/polkit-1
%dir %{_includedir}/polkit-1/polkit
%{_includedir}/polkit-1/polkit/*.h
%{_includedir}/polkit-1/polkitagent/*.h
%{_libdir}/libpolkit-agent-1.a
%{_libdir}/libpolkit-agent-1.la
%{_libdir}/libpolkit-agent-1.so
%{_libdir}/libpolkit-gobject-1.a
%{_libdir}/libpolkit-gobject-1.la
%{_libdir}/libpolkit-gobject-1.so
%{_datadir}/gir-1.0/Polkit-1.0.gir
%{_datadir}/gir-1.0/PolkitAgent-1.0.gir
%{_libdir}/pkgconfig/polkit-agent-1.pc
%{_libdir}/pkgconfig/polkit-gobject-1.pc
%doc ChangeLog NEWS README
%changelog
* Fri Apr 11 2014 Silvan Calarco <silvan.calarco@mambasoft.it> 0.112-2mamba
- library moved to libpolkit and polkit-devel renamed to libpolkit-devel
* Thu Sep 19 2013 Automatic Build System <autodist@mambasoft.it> 0.112-1mamba
- automatic update by autodist
* Tue Aug 13 2013 Silvan Calarco <silvan.calarco@mambasoft.it> 0.111-2mamba
- require polkit-pkla-compat for .pkla files compatibility (localauthority)
- configure with --enable-libsystemd-login=yes
- patch 50-default.rules to use sysadmin group instead of wheel
* Fri May 17 2013 Automatic Build System <autodist@mambasoft.it> 0.111-1mamba
- automatic version update by autodist
* Tue Mar 19 2013 Silvan Calarco <silvan.calarco@mambasoft.it> 0.110-4mamba
- require libmozjs185 and buildrequire libmozjs185-devel
* Sun Mar 17 2013 Silvan Calarco <silvan.calarco@mambasoft.it> 0.110-3mamba
- fixed permission of rules directories; more default rule from localauthority.conf.d to rules.d
* Sun Mar 17 2013 Silvan Calarco <silvan.calarco@mambasoft.it> 0.110-2mamba
- replace polkituser with more standard polkitd user and group names
* Sun Jan 20 2013 Automatic Build System <autodist@mambasoft.it> 0.110-1mamba
- automatic version update by autodist
* Mon Jan 07 2013 Automatic Build System <autodist@mambasoft.it> 0.109-1mamba
- automatic version update by autodist
* Fri Dec 07 2012 Automatic Build System <autodist@mambasoft.it> 0.108-1mamba
- update to 0.108
* Sat Sep 15 2012 Silvan Calarco <silvan.calarco@mambasoft.it> 0.104-2mamba
- .typelib file moved from -devel to runtime library package
* Sun Feb 19 2012 Silvan Calarco <silvan.calarco@mambasoft.it> 0.104-1mamba
- update to 0.104
* Mon Nov 21 2011 Silvan Calarco <silvan.calarco@mambasoft.it> 0.102-3mamba
- rebuilt with correct glib version
* Mon Nov 21 2011 Silvan Calarco <silvan.calarco@mambasoft.it> 0.102-2mamba
- install localauthority configuration file for group sysadmin (moved from system-base-openmamba)
* Mon Oct 03 2011 Automatic Build System <autodist@mambasoft.it> 0.102-1mamba
- automatic version update by autodist
* Thu Jul 28 2011 Silvan Calarco <silvan.calarco@mambasoft.it> 0.101-2mamba
- added two upstream patches to have polkit_unix_process_get_uid required by accountsservice
* Sun Jul 24 2011 Automatic Build System <autodist@mambasoft.it> 0.101-1mamba
- automatic version update by autodist
* Fri Oct 29 2010 Silvan Calarco <silvan.calarco@mambasoft.it> 0.99-2mamba
- add installed empty directories
* Sat Oct 02 2010 Automatic Build System <autodist@mambasoft.it> 0.99-1mamba
- automatic update by autodist
* Thu Jun 10 2010 Silvan Calarco <silvan.calarco@mambasoft.it> 0.96-3mamba
- obsolete PolicyKit
* Sun Apr 04 2010 Silvan Calarco <silvan.calarco@mambasoft.it> 0.96-2mamba
- fixed some files permissions according to configure hints
* Sat Feb 20 2010 Automatic Build System <autodist@mambasoft.it> 0.96-1mamba
- automatic update by autodist
* Wed Oct 14 2009 Silvan Calarco <silvan.calarco@mambasoft.it> 0.94-2mamba
- don't obsolete PolicyKit
* Tue Sep 29 2009 Silvan Calarco <silvan.calarco@mambasoft.it> 0.94-1mamba
- update to 0.94
* Fri Jun 13 2008 Silvan Calarco <silvan.calarco@mambasoft.it> 0.8-1mamba
- update to 0.8
* Wed Apr 11 2007 Silvan Calarco <silvan.calarco@mambasoft.it> 0.3-1mamba
- update to version 0.3 by autospec
* Tue Oct 24 2006 Silvan Calarco <silvan.calarco@mambasoft.it> 0.2cvs20061024-1qilnx
- package created by autospec