[packages/polkit] - updated to 0.113 (fixes CVE-2015-3218 CVE-2015-3255 CVE-2015-3256 CVE-2015-4625) - updated systemd
qboosh
qboosh at pld-linux.org
Wed Jul 8 21:26:30 CEST 2015
commit 77f30838c8075b8d217c6522e64b282c2a894237
Author: Jakub Bogusz <qboosh at pld-linux.org>
Date: Wed Jul 8 21:28:35 2015 +0200
- updated to 0.113 (fixes CVE-2015-3218 CVE-2015-3255 CVE-2015-3256 CVE-2015-4625)
- updated systemd-fallback patch
polkit.spec | 6 +-
systemd-fallback.patch | 434 +++++++++++++++++++++++++++----------------------
2 files changed, 245 insertions(+), 195 deletions(-)
---
diff --git a/polkit.spec b/polkit.spec
index 2ecae74..5d7969a 100644
--- a/polkit.spec
+++ b/polkit.spec
@@ -6,12 +6,12 @@
Summary: A framework for defining policy for system-wide components
Summary(pl.UTF-8): Szkielet do definiowania polityki dla komponentów systemowych
Name: polkit
-Version: 0.112
-Release: 3
+Version: 0.113
+Release: 1
License: LGPL v2+
Group: Libraries
Source0: http://www.freedesktop.org/software/polkit/releases/%{name}-%{version}.tar.gz
-# Source0-md5: b0f2fa00a55f47c6a5d88e9b73f80127
+# Source0-md5: 4b77776c9e4f897dcfe03b2c34198edf
Patch0: systemd-fallback.patch
Patch1: js187.patch
URL: http://www.freedesktop.org/wiki/Software/polkit
diff --git a/systemd-fallback.patch b/systemd-fallback.patch
index b38ad67..4898b96 100644
--- a/systemd-fallback.patch
+++ b/systemd-fallback.patch
@@ -1,33 +1,29 @@
-diff -urN polkit-0.107.old/configure.ac polkit-0.107/configure.ac
---- polkit-0.107.old/configure.ac 2012-10-07 21:31:48.402911710 +0200
-+++ polkit-0.107/configure.ac 2012-10-07 22:27:11.041586743 +0200
-@@ -163,7 +163,7 @@
- [enable_libsystemd_login=auto])
- if test "$enable_libsystemd_login" != "no"; then
- PKG_CHECK_MODULES(LIBSYSTEMD_LOGIN,
-- [libsystemd-login],
-+ [libsystemd-login libsystemd-daemon],
- have_libsystemd_login=yes,
- have_libsystemd_login=no)
- if test "$have_libsystemd_login" = "yes"; then
-diff -urN polkit-0.107.old/src/polkit/Makefile.am polkit-0.107/src/polkit/Makefile.am
---- polkit-0.107.old/src/polkit/Makefile.am 2012-10-07 21:31:48.379578504 +0200
-+++ polkit-0.107/src/polkit/Makefile.am 2012-10-07 21:51:14.746593099 +0200
-@@ -79,15 +79,8 @@
+--- polkit-0.113/configure.ac.orig 2015-07-03 21:22:54.764174841 +0200
++++ polkit-0.113/configure.ac 2015-07-03 22:21:19.010694450 +0200
+@@ -200,7 +200,7 @@
+ [have_libsystemd=yes],
+ dnl if libsystemd is not available, fall back to the older libsystemd-login
+ [PKG_CHECK_MODULES([LIBSYSTEMD_LOGIN],
+- [libsystemd-login],
++ [libsystemd-login libsystemd-daemon],
+ [
+ have_libsystemd=yes
+ LIBSYSTEMD_CFLAGS="$LIBSYSTEMD_LOGIN_CFLAGS"
+--- polkit-0.113/src/polkit/Makefile.am.orig 2015-07-03 21:22:54.764174841 +0200
++++ polkit-0.113/src/polkit/Makefile.am 2015-07-03 22:31:00.080670064 +0200
+@@ -79,15 +79,7 @@
polkitimplicitauthorization.c polkitimplicitauthorization.h \
polkittemporaryauthorization.c polkittemporaryauthorization.h \
polkitpermission.c polkitpermission.h \
- $(NULL)
-
--if HAVE_LIBSYSTEMD_LOGIN
+-if HAVE_LIBSYSTEMD
-libpolkit_gobject_1_la_SOURCES += \
- polkitunixsession-systemd.c polkitunixsession.h
-else
-libpolkit_gobject_1_la_SOURCES += \
-- polkitunixsession.c polkitunixsession.h
+ polkitunixsession.c polkitunixsession.h
-endif
-+ polkitunixsession.c polkitunixsession.h \
-+ $(NULL)
libpolkit_gobject_1_la_CFLAGS = \
-D_POLKIT_COMPILATION \
@@ -38,7 +34,7 @@ diff -urN polkit-0.107.old/src/polkit/polkitunixsession.c polkit-0.107/src/polki
#include "polkiterror.h"
#include "polkitprivate.h"
-+#ifdef HAVE_LIBSYSTEMD_LOGIN
++#ifdef HAVE_LIBSYSTEMD
+# include <stdlib.h>
+# include <systemd/sd-daemon.h>
+# include <systemd/sd-login.h>
@@ -61,7 +57,7 @@ diff -urN polkit-0.107.old/src/polkit/polkitunixsession.c polkit-0.107/src/polki
- connection = g_bus_get_sync (G_BUS_TYPE_SYSTEM, cancellable, error);
- if (connection == NULL)
- goto out;
-+#ifdef HAVE_LIBSYSTEMD_LOGIN
++#ifdef HAVE_LIBSYSTEMD
+ uid_t uid;
- result = g_dbus_connection_call_sync (connection,
@@ -83,7 +79,7 @@ diff -urN polkit-0.107.old/src/polkit/polkitunixsession.c polkit-0.107/src/polki
+ ret = TRUE;
+ }
+ else
-+#endif /* HAVE_LIBSYSTEMD_LOGIN */
++#endif /* HAVE_LIBSYSTEMD */
+ {
+ connection = g_bus_get_sync (G_BUS_TYPE_SYSTEM, cancellable, error);
+ if (connection == NULL)
@@ -145,7 +141,7 @@ diff -urN polkit-0.107.old/src/polkit/polkitunixsession.c polkit-0.107/src/polki
- error);
- if (result == NULL)
- goto out;
-+#ifdef HAVE_LIBSYSTEMD_LOGIN
++#ifdef HAVE_LIBSYSTEMD
+ char *s;
+
+ if (sd_booted () > 0)
@@ -165,7 +161,7 @@ diff -urN polkit-0.107.old/src/polkit/polkitunixsession.c polkit-0.107/src/polki
+ (gint) session->pid);
+ }
+ else
-+#endif /* HAVE_LIBSYSTEMD_LOGIN */
++#endif /* HAVE_LIBSYSTEMD */
+ {
+ connection = g_bus_get_sync (G_BUS_TYPE_SYSTEM, cancellable, error);
+ if (connection == NULL)
@@ -690,68 +686,62 @@ diff -urN polkit-0.107.old/src/polkit/polkitunixsession-systemd.c polkit-0.107/s
-{
- /* use default implementation to run GInitable code in a thread */
-}
-diff -urN polkit-0.107.old/src/polkitbackend/Makefile.am polkit-0.107/src/polkitbackend/Makefile.am
---- polkit-0.107.old/src/polkitbackend/Makefile.am 2012-10-07 21:31:48.382911819 +0200
-+++ polkit-0.107/src/polkitbackend/Makefile.am 2012-10-07 21:53:38.455814545 +0200
-@@ -36,15 +36,8 @@
+--- polkit-0.113/src/polkitbackend/Makefile.am.orig 2015-07-03 21:22:54.774174842 +0200
++++ polkit-0.113/src/polkitbackend/Makefile.am 2015-07-04 17:20:31.954492615 +0200
+@@ -36,15 +36,7 @@
polkitbackendactionpool.h polkitbackendactionpool.c \
polkitbackendconfigsource.h polkitbackendconfigsource.c \
polkitbackendactionlookup.h polkitbackendactionlookup.c \
- $(NULL)
-
--if HAVE_LIBSYSTEMD_LOGIN
+-if HAVE_LIBSYSTEMD
-libpolkit_backend_1_la_SOURCES += \
- polkitbackendsessionmonitor.h polkitbackendsessionmonitor-systemd.c
-else
-libpolkit_backend_1_la_SOURCES += \
-- polkitbackendsessionmonitor.h polkitbackendsessionmonitor.c
+ polkitbackendsessionmonitor.h polkitbackendsessionmonitor.c
-endif
-+ polkitbackendsessionmonitor.h polkitbackendsessionmonitor.c \
-+ $(NULL)
libpolkit_backend_1_la_CFLAGS = \
-D_POLKIT_COMPILATION \
-diff -urN polkit-0.107.old/src/polkitbackend/polkitbackendjsauthority.c polkit-0.107/src/polkitbackend/polkitbackendjsauthority.c
---- polkit-0.107.old/src/polkitbackend/polkitbackendjsauthority.c 2012-10-07 21:31:48.382911819 +0200
-+++ polkit-0.107/src/polkitbackend/polkitbackendjsauthority.c 2012-10-07 21:52:58.786029455 +0200
-@@ -35,6 +35,7 @@
+--- polkit-0.113/src/polkitbackend/polkitbackendjsauthority.c.orig 2015-07-04 17:21:23.981157097 +0200
++++ polkit-0.113/src/polkitbackend/polkitbackendjsauthority.c 2015-07-08 20:44:47.206141518 +0200
+@@ -36,6 +36,7 @@
#include <polkit/polkitprivate.h>
- #ifdef HAVE_LIBSYSTEMD_LOGIN
+ #ifdef HAVE_LIBSYSTEMD
+#include <systemd/sd-daemon.h>
#include <systemd/sd-login.h>
- #endif /* HAVE_LIBSYSTEMD_LOGIN */
+ #endif /* HAVE_LIBSYSTEMD */
-@@ -731,11 +732,14 @@
+@@ -794,6 +795,8 @@ subject_to_jsval (PolkitBackendJsAuthori
}
- #ifdef HAVE_LIBSYSTEMD_LOGIN
-- if (sd_pid_get_session (pid, &session_str) == 0)
+ #ifdef HAVE_LIBSYSTEMD
+ if (sd_booted () > 0)
++ {
+ if (sd_pid_get_session (pid, &session_str) == 0)
{
-- if (sd_session_get_seat (session_str, &seat_str) == 0)
-+ if (sd_pid_get_session (pid, &session_str) == 0)
- {
-- /* do nothing */
-+ if (sd_session_get_seat (session_str, &seat_str) == 0)
-+ {
-+ /* do nothing */
-+ }
+ if (sd_session_get_seat (session_str, &seat_str) == 0)
+@@ -801,6 +804,7 @@ subject_to_jsval (PolkitBackendJsAuthori
+ /* do nothing */
}
}
- #endif /* HAVE_LIBSYSTEMD_LOGIN */
-diff -urN polkit-0.107.old/src/polkitbackend/polkitbackendsessionmonitor.c polkit-0.107/src/polkitbackend/polkitbackendsessionmonitor.c
---- polkit-0.107.old/src/polkitbackend/polkitbackendsessionmonitor.c 2012-10-07 21:31:48.379578504 +0200
-+++ polkit-0.107/src/polkitbackend/polkitbackendsessionmonitor.c 2012-10-07 22:25:54.305335789 +0200
++ }
+ #endif /* HAVE_LIBSYSTEMD */
+
+ g_assert (POLKIT_IS_UNIX_USER (user_for_subject));
+--- polkit-0.113/src/polkitbackend/polkitbackendsessionmonitor.c.orig 2015-06-06 01:24:06.000000000 +0200
++++ polkit-0.113/src/polkitbackend/polkitbackendsessionmonitor.c 2015-07-08 20:29:01.079514558 +0200
@@ -26,6 +26,12 @@
#include <string.h>
#include <glib/gstdio.h>
-+#ifdef HAVE_LIBSYSTEMD_LOGIN
++#ifdef HAVE_LIBSYSTEMD
+# include <stdlib.h>
+# include <systemd/sd-daemon.h>
+# include <systemd/sd-login.h>
-+#endif /* HAVE_LIBSYSTEMD_LOGIN */
++#endif /* HAVE_LIBSYSTEMD */
+
#include <polkit/polkit.h>
#include "polkitbackendsessionmonitor.h"
@@ -760,7 +750,7 @@ diff -urN polkit-0.107.old/src/polkitbackend/polkitbackendsessionmonitor.c polki
* The #PolkitBackendSessionMonitor class is a utility class to track and monitor sessions.
*/
-+#ifdef HAVE_LIBSYSTEMD_LOGIN
++#ifdef HAVE_LIBSYSTEMD
+typedef struct
+{
+ GSource source;
@@ -840,27 +830,27 @@ diff -urN polkit-0.107.old/src/polkitbackend/polkitbackendsessionmonitor.c polki
+
+ return source;
+}
-+#endif /* HAVE_LIBSYSTEMD_LOGIN */
++#endif /* HAVE_LIBSYSTEMD */
+
struct _PolkitBackendSessionMonitor
{
GObject parent_instance;
-@@ -48,6 +136,10 @@
+@@ -48,6 +136,10 @@ struct _PolkitBackendSessionMonitor
GKeyFile *database;
GFileMonitor *database_monitor;
time_t database_mtime;
+
-+#ifdef HAVE_LIBSYSTEMD_LOGIN
++#ifdef HAVE_LIBSYSTEMD
+ GSource *sd_source;
-+#endif /* HAVE_LIBSYSTEMD_LOGIN */
++#endif /* HAVE_LIBSYSTEMD */
};
struct _PolkitBackendSessionMonitorClass
-@@ -70,6 +162,18 @@
+@@ -70,6 +162,18 @@ G_DEFINE_TYPE (PolkitBackendSessionMonit
/* ---------------------------------------------------------------------------------------------------- */
-+#ifdef HAVE_LIBSYSTEMD_LOGIN
++#ifdef HAVE_LIBSYSTEMD
+static gboolean
+sessions_changed (gpointer user_data)
+{
@@ -870,18 +860,18 @@ diff -urN polkit-0.107.old/src/polkitbackend/polkitbackendsessionmonitor.c polki
+
+ return TRUE;
+}
-+#endif /* HAVE_LIBSYSTEMD_LOGIN */
++#endif /* HAVE_LIBSYSTEMD */
+
static gboolean
reload_database (PolkitBackendSessionMonitor *monitor,
GError **error)
-@@ -176,31 +280,47 @@
+@@ -176,31 +280,47 @@ polkit_backend_session_monitor_init (Pol
g_error_free (error);
}
- error = NULL;
- if (!ensure_database (monitor, &error))
-+#ifdef HAVE_LIBSYSTEMD_LOGIN
++#ifdef HAVE_LIBSYSTEMD
+ monitor->sd_source = NULL;
+
+ if (sd_booted () > 0)
@@ -896,7 +886,7 @@ diff -urN polkit-0.107.old/src/polkitbackend/polkitbackendsessionmonitor.c polki
+ monitor->database = NULL;
}
+ else
-+#endif /* HAVE_LIBSYSTEMD_LOGIN */
++#endif /* HAVE_LIBSYSTEMD */
+ {
+ error = NULL;
+ if (!ensure_database (monitor, &error))
@@ -942,7 +932,7 @@ diff -urN polkit-0.107.old/src/polkitbackend/polkitbackendsessionmonitor.c polki
}
}
-@@ -218,6 +338,12 @@
+@@ -218,6 +338,12 @@ polkit_backend_session_monitor_finalize
if (monitor->database != NULL)
g_key_file_free (monitor->database);
@@ -955,12 +945,12 @@ diff -urN polkit-0.107.old/src/polkitbackend/polkitbackendsessionmonitor.c polki
if (G_OBJECT_CLASS (polkit_backend_session_monitor_parent_class)->finalize != NULL)
G_OBJECT_CLASS (polkit_backend_session_monitor_parent_class)->finalize (object);
}
-@@ -328,22 +454,38 @@
+@@ -310,22 +436,38 @@ polkit_backend_session_monitor_get_user_
}
else if (POLKIT_IS_UNIX_SESSION (subject))
{
- if (!ensure_database (monitor, error))
-+#ifdef HAVE_LIBSYSTEMD_LOGIN
++#ifdef HAVE_LIBSYSTEMD
+ if (monitor->sd_source != NULL)
{
- g_prefix_error (error, "Error getting user for session: Error ensuring CK database at " CKDB_PATH ": ");
@@ -980,7 +970,7 @@ diff -urN polkit-0.107.old/src/polkitbackend/polkitbackendsessionmonitor.c polki
- uid = g_key_file_get_integer (monitor->database, group, "uid", &local_error);
- if (local_error != NULL)
+ else
-+#endif /* HAVE_LIBSYSTEMD_LOGIN */
++#endif /* HAVE_LIBSYSTEMD */
{
- g_propagate_prefixed_error (error, local_error, "Error getting uid using " CKDB_PATH ": ");
+ if (!ensure_database (monitor, error))
@@ -1005,10 +995,18 @@ diff -urN polkit-0.107.old/src/polkitbackend/polkitbackendsessionmonitor.c polki
ret = polkit_unix_user_new (uid);
}
-@@ -373,29 +515,46 @@
+@@ -349,35 +491,27 @@ polkit_backend_session_monitor_get_sessi
+ PolkitSubject *subject,
+ GError **error)
+ {
+- PolkitSubject *session;
+-
+- session = NULL;
++ PolkitSubject *session = NULL;
++ pid_t pid;
if (POLKIT_IS_UNIX_PROCESS (subject))
- {
+- {
- const gchar *session_id;
- GVariant *result;
- result = g_dbus_connection_call_sync (monitor->system_bus,
@@ -1027,54 +1025,33 @@ diff -urN polkit-0.107.old/src/polkitbackend/polkitbackendsessionmonitor.c polki
- g_variant_get (result, "(&o)", &session_id);
- session = polkit_unix_session_new (session_id);
- g_variant_unref (result);
-+#ifdef HAVE_LIBSYSTEMD_LOGIN
-+ if (monitor->sd_source != NULL)
-+ {
-+ gchar *session_id;
-+ pid_t pid;
-+
-+ pid = polkit_unix_process_get_pid (POLKIT_UNIX_PROCESS (subject));
-+ if (sd_pid_get_session (pid, &session_id) < 0)
-+ goto out;
-+
-+ session = polkit_unix_session_new (session_id);
-+ free (session_id);
-+ }
-+ else
-+#endif /* HAVE_LIBSYSTEMD_LOGIN */
-+ {
-+ const gchar *session_id;
-+ GVariant *result;
-+ result = g_dbus_connection_call_sync (monitor->system_bus,
-+ "org.freedesktop.ConsoleKit",
-+ "/org/freedesktop/ConsoleKit/Manager",
-+ "org.freedesktop.ConsoleKit.Manager",
-+ "GetSessionForUnixProcess",
-+ g_variant_new ("(u)", polkit_unix_process_get_pid (POLKIT_UNIX_PROCESS (subject))),
-+ G_VARIANT_TYPE ("(o)"),
-+ G_DBUS_CALL_FLAGS_NONE,
-+ -1, /* timeout_msec */
-+ NULL, /* GCancellable */
-+ error);
-+ if (result == NULL)
-+ goto out;
-+ g_variant_get (result, "(&o)", &session_id);
-+ session = polkit_unix_session_new (session_id);
-+ g_variant_unref (result);
-+ }
++ { /* We already have a process; now do process -> pid */
++ pid = polkit_unix_process_get_pid (POLKIT_UNIX_PROCESS (subject));
}
else if (POLKIT_IS_SYSTEM_BUS_NAME (subject))
- {
+- {
++ { /* Convert bus name to process / pid */
++#ifdef HAVE_LIBSYSTEMD
++ if (monitor->sd_source != NULL)
++ {
++ PolkitUnixProcess *process = (PolkitUnixProcess*)polkit_system_bus_name_get_process_sync (POLKIT_SYSTEM_BUS_NAME(subject), NULL, error);
++ if (!process)
++ goto out;
++ pid = polkit_unix_process_get_pid (process);
++ g_object_unref (process);
++ } else
++#endif
++ {
guint32 pid;
- const gchar *session_id;
-+ gchar *session_id;
GVariant *result;
result = g_dbus_connection_call_sync (monitor->system_bus,
-@@ -414,22 +573,35 @@
+@@ -395,23 +530,7 @@ polkit_backend_session_monitor_get_sessi
+ goto out;
g_variant_get (result, "(u)", &pid);
g_variant_unref (result);
-
+-
- result = g_dbus_connection_call_sync (monitor->system_bus,
- "org.freedesktop.ConsoleKit",
- "/org/freedesktop/ConsoleKit/Manager",
@@ -1091,18 +1068,47 @@ diff -urN polkit-0.107.old/src/polkitbackend/polkitbackendsessionmonitor.c polki
- g_variant_get (result, "(&o)", &session_id);
- session = polkit_unix_session_new (session_id);
- g_variant_unref (result);
-+#ifdef HAVE_LIBSYSTEMD_LOGIN
++ }
+ }
+ else
+ {
+@@ -420,8 +539,57 @@ polkit_backend_session_monitor_get_sessi
+ POLKIT_ERROR_NOT_SUPPORTED,
+ "Cannot get user for subject of type %s",
+ g_type_name (G_TYPE_FROM_INSTANCE (subject)));
++ goto out;
+ }
+
++ /* Now do pid -> same session */
++#ifdef HAVE_LIBSYSTEMD
+ if (monitor->sd_source != NULL)
+ {
-+ if (sd_pid_get_session (pid, &session_id) < 0)
++ gchar *session_id;
++ if (sd_pid_get_session (pid, &session_id) >= 0)
++ {
++ session = polkit_unix_session_new (session_id);
++ free (session_id);
++ goto out;
++ }
++#if HAVE_SD_UID_GET_DISPLAY
++ uid_t uid;
++ /* Now do pid -> uid -> graphical session (systemd version 213)*/
++ if (sd_pid_get_owner_uid (pid, &uid) < 0)
+ goto out;
+
-+ session = polkit_unix_session_new (session_id);
-+ free (session_id);
++ if (sd_uid_get_display (uid, &session_id) >= 0)
++ {
++ session = polkit_unix_session_new (session_id);
++ free (session_id);
++ goto out;
++ }
++#endif
+ }
+ else
-+#endif /* HAVE_LIBSYSTEMD_LOGIN */
++#endif /* HAVE_LIBSYSTEMD */
+ {
++ gchar *session_id;
++ GVariant *result;
+ result = g_dbus_connection_call_sync (monitor->system_bus,
+ "org.freedesktop.ConsoleKit",
+ "/org/freedesktop/ConsoleKit/Manager",
@@ -1120,15 +1126,16 @@ diff -urN polkit-0.107.old/src/polkitbackend/polkitbackendsessionmonitor.c polki
+ session = polkit_unix_session_new (session_id);
+ g_variant_unref (result);
+ }
- }
- else
- {
-@@ -490,7 +662,22 @@
++
+ out:
+
+ return session;
+@@ -472,7 +639,22 @@ gboolean
polkit_backend_session_monitor_is_session_local (PolkitBackendSessionMonitor *monitor,
PolkitSubject *session)
{
- return get_boolean (monitor, session, "is_local");
-+#ifdef HAVE_LIBSYSTEMD_LOGIN
++#ifdef HAVE_LIBSYSTEMD
+ if (monitor->sd_source != NULL)
+ {
+ char *seat;
@@ -1142,28 +1149,60 @@ diff -urN polkit-0.107.old/src/polkitbackend/polkitbackendsessionmonitor.c polki
+ return FALSE;
+ }
+ else
-+#endif /* HAVE_LIBSYSTEMD_LOGIN */
++#endif /* HAVE_LIBSYSTEMD */
+ return get_boolean (monitor, session, "is_local");
}
-@@ -498,6 +685,11 @@
+@@ -480,6 +662,44 @@ gboolean
polkit_backend_session_monitor_is_session_active (PolkitBackendSessionMonitor *monitor,
PolkitSubject *session)
{
- return get_boolean (monitor, session, "is_active");
-+#ifdef HAVE_LIBSYSTEMD_LOGIN
++#ifdef HAVE_LIBSYSTEMD
+ if (monitor->sd_source != NULL)
-+ return sd_session_is_active (polkit_unix_session_get_session_id (POLKIT_UNIX_SESSION (session)));
++ {
++ const char *session_id;
++ char *state;
++ uid_t uid;
++ gboolean is_active = FALSE;
++
++ session_id = polkit_unix_session_get_session_id (POLKIT_UNIX_SESSION (session));
++
++ g_debug ("Checking whether session %s is active.", session_id);
++
++ /* Check whether *any* of the user's current sessions are active. */
++ if (sd_session_get_uid (session_id, &uid) < 0)
++ goto fallback;
++
++ g_debug ("Session %s has UID %u.", session_id, uid);
++
++ if (sd_uid_get_state (uid, &state) < 0)
++ goto fallback;
++
++ g_debug ("UID %u has state %s.", uid, state);
++
++ is_active = (g_strcmp0 (state, "active") == 0);
++ free (state);
++
++ return is_active;
++
++fallback:
++ /* Fall back to checking the session. This is not ideal, since the user
++ * might have multiple sessions, and we cannot guarantee to have chosen
++ * the active one.
++ *
++ * See: https://bugs.freedesktop.org/show_bug.cgi?id=76358. */
++ return sd_session_is_active (session_id);
++ }
+ else
-+#endif /* HAVE_LIBSYSTEMD_LOGIN */
++#endif /* HAVE_LIBSYSTEMD */
+ return get_boolean (monitor, session, "is_active");
}
-diff -urN polkit-0.107.old/src/polkitbackend/polkitbackendsessionmonitor-systemd.c polkit-0.107/src/polkitbackend/polkitbackendsessionmonitor-systemd.c
---- polkit-0.107.old/src/polkitbackend/polkitbackendsessionmonitor-systemd.c 2012-10-07 21:31:48.382911819 +0200
-+++ polkit-0.107/src/polkitbackend/polkitbackendsessionmonitor-systemd.c 1970-01-01 01:00:00.000000000 +0100
-@@ -1,414 +0,0 @@
+--- polkit-0.113/src/polkitbackend/polkitbackendsessionmonitor-systemd.c.orig 2015-07-04 17:22:07.104488621 +0200
++++ polkit-0.113/src/polkitbackend/polkitbackendsessionmonitor-systemd.c 1970-01-01 01:00:00.000000000 +0100
+@@ -1,425 +0,0 @@
-/*
- * Copyright (C) 2011 Red Hat, Inc.
- *
@@ -1443,25 +1482,7 @@ diff -urN polkit-0.107.old/src/polkitbackend/polkitbackendsessionmonitor-systemd
- }
- else if (POLKIT_IS_SYSTEM_BUS_NAME (subject))
- {
-- GVariant *result;
--
-- result = g_dbus_connection_call_sync (monitor->system_bus,
-- "org.freedesktop.DBus",
-- "/org/freedesktop/DBus",
-- "org.freedesktop.DBus",
-- "GetConnectionUnixUser",
-- g_variant_new ("(s)", polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (subject))),
-- G_VARIANT_TYPE ("(u)"),
-- G_DBUS_CALL_FLAGS_NONE,
-- -1, /* timeout_msec */
-- NULL, /* GCancellable */
-- error);
-- if (result == NULL)
-- goto out;
-- g_variant_get (result, "(u)", &uid);
-- g_variant_unref (result);
--
-- ret = polkit_unix_user_new (uid);
+- ret = (PolkitIdentity*)polkit_system_bus_name_get_user_sync (POLKIT_SYSTEM_BUS_NAME (subject), NULL, error);
- }
- else if (POLKIT_IS_UNIX_SESSION (subject))
- {
@@ -1497,61 +1518,59 @@ diff -urN polkit-0.107.old/src/polkitbackend/polkitbackendsessionmonitor-systemd
- PolkitSubject *subject,
- GError **error)
-{
-- PolkitSubject *session;
--
-- session = NULL;
+- PolkitUnixProcess *tmp_process = NULL;
+- PolkitUnixProcess *process = NULL;
+- PolkitSubject *session = NULL;
+- char *session_id = NULL;
+- pid_t pid;
+-#if HAVE_SD_UID_GET_DISPLAY
+- uid_t uid;
+-#endif
-
- if (POLKIT_IS_UNIX_PROCESS (subject))
-- {
-- gchar *session_id;
-- pid_t pid;
--
-- pid = polkit_unix_process_get_pid (POLKIT_UNIX_PROCESS (subject));
-- if (sd_pid_get_session (pid, &session_id) < 0)
-- goto out;
--
-- session = polkit_unix_session_new (session_id);
-- free (session_id);
-- }
+- process = POLKIT_UNIX_PROCESS (subject); /* We already have a process */
- else if (POLKIT_IS_SYSTEM_BUS_NAME (subject))
- {
-- guint32 pid;
-- gchar *session_id;
-- GVariant *result;
--
-- result = g_dbus_connection_call_sync (monitor->system_bus,
-- "org.freedesktop.DBus",
-- "/org/freedesktop/DBus",
-- "org.freedesktop.DBus",
-- "GetConnectionUnixProcessID",
-- g_variant_new ("(s)", polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (subject))),
-- G_VARIANT_TYPE ("(u)"),
-- G_DBUS_CALL_FLAGS_NONE,
-- -1, /* timeout_msec */
-- NULL, /* GCancellable */
-- error);
-- if (result == NULL)
-- goto out;
-- g_variant_get (result, "(u)", &pid);
-- g_variant_unref (result);
--
-- if (sd_pid_get_session (pid, &session_id) < 0)
-- goto out;
--
-- session = polkit_unix_session_new (session_id);
-- free (session_id);
+- /* Convert bus name to process */
+- tmp_process = (PolkitUnixProcess*)polkit_system_bus_name_get_process_sync (POLKIT_SYSTEM_BUS_NAME (subject), NULL, error);
+- if (!tmp_process)
+- goto out;
+- process = tmp_process;
- }
- else
- {
- g_set_error (error,
- POLKIT_ERROR,
- POLKIT_ERROR_NOT_SUPPORTED,
-- "Cannot get user for subject of type %s",
+- "Cannot get session for subject of type %s",
- g_type_name (G_TYPE_FROM_INSTANCE (subject)));
- }
-
-- out:
+- /* Now do process -> pid -> same session */
+- g_assert (process != NULL);
+- pid = polkit_unix_process_get_pid (process);
-
+- if (sd_pid_get_session (pid, &session_id) >= 0)
+- {
+- session = polkit_unix_session_new (session_id);
+- goto out;
+- }
+-
+-#if HAVE_SD_UID_GET_DISPLAY
+- /* Now do process -> uid -> graphical session (systemd version 213)*/
+- if (sd_pid_get_owner_uid (pid, &uid) < 0)
+- goto out;
+-
+- if (sd_uid_get_display (uid, &session_id) >= 0)
+- {
+- session = polkit_unix_session_new (session_id);
+- goto out;
+- }
+-#endif
+-
+- out:
+- free (session_id);
+- if (tmp_process) g_object_unref (tmp_process);
- return session;
-}
-
@@ -1575,6 +1594,37 @@ diff -urN polkit-0.107.old/src/polkitbackend/polkitbackendsessionmonitor-systemd
-polkit_backend_session_monitor_is_session_active (PolkitBackendSessionMonitor *monitor,
- PolkitSubject *session)
-{
-- return sd_session_is_active (polkit_unix_session_get_session_id (POLKIT_UNIX_SESSION (session)));
+- const char *session_id;
+- char *state;
+- uid_t uid;
+- gboolean is_active = FALSE;
+-
+- session_id = polkit_unix_session_get_session_id (POLKIT_UNIX_SESSION (session));
+-
+- g_debug ("Checking whether session %s is active.", session_id);
+-
+- /* Check whether *any* of the user's current sessions are active. */
+- if (sd_session_get_uid (session_id, &uid) < 0)
+- goto fallback;
+-
+- g_debug ("Session %s has UID %u.", session_id, uid);
+-
+- if (sd_uid_get_state (uid, &state) < 0)
+- goto fallback;
+-
+- g_debug ("UID %u has state %s.", uid, state);
+-
+- is_active = (g_strcmp0 (state, "active") == 0);
+- free (state);
+-
+- return is_active;
+-
+-fallback:
+- /* Fall back to checking the session. This is not ideal, since the user
+- * might have multiple sessions, and we cannot guarantee to have chosen
+- * the active one.
+- *
+- * See: https://bugs.freedesktop.org/show_bug.cgi?id=76358. */
+- return sd_session_is_active (session_id);
-}
-
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/polkit.git/commitdiff/77f30838c8075b8d217c6522e64b282c2a894237
More information about the pld-cvs-commit
mailing list