From c2842a198c6a5a6522561f2a43875eb0b68189cc Mon Sep 17 00:00:00 2001 From: Matthias Clasen Date: Wed, 18 Aug 2010 13:23:20 -0400 Subject: [PATCH 1/2] fix a CK interaction bug --- 0001-Fix-ConsoleKit-interaction-bug.patch | 132 ++++++++++++++++++++++ polkit.spec | 14 ++- 2 files changed, 140 insertions(+), 6 deletions(-) create mode 100644 0001-Fix-ConsoleKit-interaction-bug.patch diff --git a/0001-Fix-ConsoleKit-interaction-bug.patch b/0001-Fix-ConsoleKit-interaction-bug.patch new file mode 100644 index 0000000..ab54b49 --- /dev/null +++ b/0001-Fix-ConsoleKit-interaction-bug.patch @@ -0,0 +1,132 @@ +From 22363658629553e04277259ccac8dbf4e33839ea Mon Sep 17 00:00:00 2001 +From: David Zeuthen +Date: Wed, 18 Aug 2010 12:24:04 -0400 +Subject: [PATCH] Fix ConsoleKit interaction bug + +First of all, there was a glaring bug where we forgot to load the +GKeyFile for /var/run/ConsoleKit/database resulting in criticals like +this: + + (lt-polkitd:17984): GLib-CRITICAL **: g_key_file_get_boolean: assertion `key_file != NULL' failed + (lt-polkitd:17984): GLib-CRITICAL **: g_key_file_get_boolean: assertion `key_file != NULL' failed + +Furthermore, this resulted in the Authority returning "not authorized" +for subjects that should have been authorized. For an example, see + + https://bugzilla.redhat.com/show_bug.cgi?id=624125 + +Fix this bug by calling ensure_database() to make sure the GKeyFile +contains information from /var/run/ConsoleKit/database. Also, since +there is a race (theoretical at least, but see +https://bugzilla.gnome.org/show_bug.cgi?id=627285 ) with file +monitoring, also ensure that we are using the latest and greatest +version of /var/run/ConsoleKit/database. + +Signed-off-by: David Zeuthen +--- + src/polkitbackend/polkitbackendsessionmonitor.c | 52 ++++++++++++++++++++-- + 1 files changed, 47 insertions(+), 5 deletions(-) + +diff --git a/src/polkitbackend/polkitbackendsessionmonitor.c b/src/polkitbackend/polkitbackendsessionmonitor.c +index 2b63f3c..877d69e 100644 +--- a/src/polkitbackend/polkitbackendsessionmonitor.c ++++ b/src/polkitbackend/polkitbackendsessionmonitor.c +@@ -47,6 +47,7 @@ struct _PolkitBackendSessionMonitor + + GKeyFile *database; + GFileMonitor *database_monitor; ++ time_t database_mtime; + }; + + struct _PolkitBackendSessionMonitorClass +@@ -74,17 +75,34 @@ reload_database (PolkitBackendSessionMonitor *monitor, + GError **error) + { + gboolean ret; ++ struct stat statbuf; + + ret = FALSE; + ++ if (monitor->database != NULL) ++ { ++ g_key_file_free (monitor->database); ++ monitor->database = NULL; ++ } ++ ++ if (stat (CKDB_PATH, &statbuf) != 0) ++ { ++ g_set_error (error, ++ G_IO_ERROR, ++ g_io_error_from_errno (errno), ++ "Error statting file " CKDB_PATH ": %s", ++ strerror (errno)); ++ goto out; ++ } ++ ++ monitor->database_mtime = statbuf.st_mtime; ++ + monitor->database = g_key_file_new (); + if (!g_key_file_load_from_file (monitor->database, + CKDB_PATH, + G_KEY_FILE_NONE, + error)) + { +- g_key_file_free (monitor->database); +- monitor->database = NULL; + goto out; + } + +@@ -102,8 +120,22 @@ ensure_database (PolkitBackendSessionMonitor *monitor, + + if (monitor->database != NULL) + { +- ret = TRUE; +- goto out; ++ struct stat statbuf; ++ ++ if (stat (CKDB_PATH, &statbuf) != 0) ++ { ++ g_set_error (error, ++ G_IO_ERROR, ++ g_io_error_from_errno (errno), ++ "Error statting file " CKDB_PATH " to check timestamp: %s", ++ strerror (errno)); ++ goto out; ++ } ++ if (statbuf.st_mtime == monitor->database_mtime) ++ { ++ ret = TRUE; ++ goto out; ++ } + } + + ret = reload_database (monitor, error); +@@ -266,7 +298,6 @@ polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor + if (local_error != NULL) + { + g_propagate_prefixed_error (error, local_error, "Error getting user for process: "); +- g_error_free (local_error); + goto out; + } + +@@ -427,6 +458,17 @@ get_boolean (PolkitBackendSessionMonitor *monitor, + group = g_strdup_printf ("Session %s", polkit_unix_session_get_session_id (POLKIT_UNIX_SESSION (session))); + + error = NULL; ++ if (!ensure_database (monitor, &error)) ++ { ++ g_printerr ("Error getting boolean `%s' in group `%s': Error ensuring CK database at " CKDB_PATH ": %s", ++ key_name, ++ group, ++ error->message); ++ g_error_free (error); ++ goto out; ++ } ++ ++ error = NULL; + ret = g_key_file_get_boolean (monitor->database, group, key_name, &error); + if (error != NULL) + { +-- +1.7.2.1 + diff --git a/polkit.spec b/polkit.spec index 04a8024..f26fb2c 100644 --- a/polkit.spec +++ b/polkit.spec @@ -1,11 +1,10 @@ Summary: PolicyKit Authorization Framework Name: polkit Version: 0.97 -Release: 2%{?dist} +Release: 3%{?dist} License: LGPLv2+ URL: http://www.freedesktop.org/wiki/Software/PolicyKit Source0: http://hal.freedesktop.org/releases/%{name}-%{version}.tar.gz -BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root Group: System Environment/Libraries BuildRequires: glib2-devel >= 2.25.11 BuildRequires: expat-devel @@ -14,6 +13,9 @@ BuildRequires: gtk-doc BuildRequires: intltool BuildRequires: gobject-introspection-devel +# Upstream fix +Patch0: 0001-Fix-ConsoleKit-interaction-bug.patch + Requires: ConsoleKit Requires: dbus @@ -62,13 +64,13 @@ Roles and default policy for desktop usage. %prep %setup -q +%patch0 -p1 -b .ck-interaction %build %configure --enable-gtk-doc --disable-static --libexecdir=%{_libexecdir}/polkit-1 --disable-introspection --enable-examples make %install -rm -rf $RPM_BUILD_ROOT make install DESTDIR=$RPM_BUILD_ROOT rm -f $RPM_BUILD_ROOT%{_libdir}/*.la @@ -121,9 +123,6 @@ EOF ### END DESKTOP POLICY CONFIGURATION ### -%clean -rm -rf $RPM_BUILD_ROOT - %post -p /sbin/ldconfig %postun -p /sbin/ldconfig @@ -183,6 +182,9 @@ rm -rf $RPM_BUILD_ROOT %{_datadir}/gtk-doc/html/* %changelog +* Wed Aug 18 2010 Matthias Clasen - 0.97-3 +- Fix a ConsoleKit interaction bug + * Mon Aug 09 2010 David Zeuthen - 0.97-2 - Rebuild From a98bb71895e917d5d8f2f92a733d1e335078b990 Mon Sep 17 00:00:00 2001 From: David Zeuthen Date: Fri, 20 Aug 2010 13:23:51 -0400 Subject: [PATCH 2/2] * Fri Aug 20 2010 David Zeuthen - 0.98-1 - Update to upstream release 0.98 --- .gitignore | 1 + 0001-Fix-ConsoleKit-interaction-bug.patch | 132 ---------------------- polkit-0.97-subject-scanning.patch | 76 ------------- polkit.spec | 15 +-- sources | 2 +- 5 files changed, 7 insertions(+), 219 deletions(-) delete mode 100644 0001-Fix-ConsoleKit-interaction-bug.patch delete mode 100644 polkit-0.97-subject-scanning.patch diff --git a/.gitignore b/.gitignore index b2dd6d4..5fce1a1 100644 --- a/.gitignore +++ b/.gitignore @@ -5,3 +5,4 @@ polkit-0.95.git20090913.tar.gz polkit-0.95.tar.gz polkit-0.96.tar.gz polkit-0.97.tar.gz +polkit-0.98.tar.gz diff --git a/0001-Fix-ConsoleKit-interaction-bug.patch b/0001-Fix-ConsoleKit-interaction-bug.patch deleted file mode 100644 index ab54b49..0000000 --- a/0001-Fix-ConsoleKit-interaction-bug.patch +++ /dev/null @@ -1,132 +0,0 @@ -From 22363658629553e04277259ccac8dbf4e33839ea Mon Sep 17 00:00:00 2001 -From: David Zeuthen -Date: Wed, 18 Aug 2010 12:24:04 -0400 -Subject: [PATCH] Fix ConsoleKit interaction bug - -First of all, there was a glaring bug where we forgot to load the -GKeyFile for /var/run/ConsoleKit/database resulting in criticals like -this: - - (lt-polkitd:17984): GLib-CRITICAL **: g_key_file_get_boolean: assertion `key_file != NULL' failed - (lt-polkitd:17984): GLib-CRITICAL **: g_key_file_get_boolean: assertion `key_file != NULL' failed - -Furthermore, this resulted in the Authority returning "not authorized" -for subjects that should have been authorized. For an example, see - - https://bugzilla.redhat.com/show_bug.cgi?id=624125 - -Fix this bug by calling ensure_database() to make sure the GKeyFile -contains information from /var/run/ConsoleKit/database. Also, since -there is a race (theoretical at least, but see -https://bugzilla.gnome.org/show_bug.cgi?id=627285 ) with file -monitoring, also ensure that we are using the latest and greatest -version of /var/run/ConsoleKit/database. - -Signed-off-by: David Zeuthen ---- - src/polkitbackend/polkitbackendsessionmonitor.c | 52 ++++++++++++++++++++-- - 1 files changed, 47 insertions(+), 5 deletions(-) - -diff --git a/src/polkitbackend/polkitbackendsessionmonitor.c b/src/polkitbackend/polkitbackendsessionmonitor.c -index 2b63f3c..877d69e 100644 ---- a/src/polkitbackend/polkitbackendsessionmonitor.c -+++ b/src/polkitbackend/polkitbackendsessionmonitor.c -@@ -47,6 +47,7 @@ struct _PolkitBackendSessionMonitor - - GKeyFile *database; - GFileMonitor *database_monitor; -+ time_t database_mtime; - }; - - struct _PolkitBackendSessionMonitorClass -@@ -74,17 +75,34 @@ reload_database (PolkitBackendSessionMonitor *monitor, - GError **error) - { - gboolean ret; -+ struct stat statbuf; - - ret = FALSE; - -+ if (monitor->database != NULL) -+ { -+ g_key_file_free (monitor->database); -+ monitor->database = NULL; -+ } -+ -+ if (stat (CKDB_PATH, &statbuf) != 0) -+ { -+ g_set_error (error, -+ G_IO_ERROR, -+ g_io_error_from_errno (errno), -+ "Error statting file " CKDB_PATH ": %s", -+ strerror (errno)); -+ goto out; -+ } -+ -+ monitor->database_mtime = statbuf.st_mtime; -+ - monitor->database = g_key_file_new (); - if (!g_key_file_load_from_file (monitor->database, - CKDB_PATH, - G_KEY_FILE_NONE, - error)) - { -- g_key_file_free (monitor->database); -- monitor->database = NULL; - goto out; - } - -@@ -102,8 +120,22 @@ ensure_database (PolkitBackendSessionMonitor *monitor, - - if (monitor->database != NULL) - { -- ret = TRUE; -- goto out; -+ struct stat statbuf; -+ -+ if (stat (CKDB_PATH, &statbuf) != 0) -+ { -+ g_set_error (error, -+ G_IO_ERROR, -+ g_io_error_from_errno (errno), -+ "Error statting file " CKDB_PATH " to check timestamp: %s", -+ strerror (errno)); -+ goto out; -+ } -+ if (statbuf.st_mtime == monitor->database_mtime) -+ { -+ ret = TRUE; -+ goto out; -+ } - } - - ret = reload_database (monitor, error); -@@ -266,7 +298,6 @@ polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor - if (local_error != NULL) - { - g_propagate_prefixed_error (error, local_error, "Error getting user for process: "); -- g_error_free (local_error); - goto out; - } - -@@ -427,6 +458,17 @@ get_boolean (PolkitBackendSessionMonitor *monitor, - group = g_strdup_printf ("Session %s", polkit_unix_session_get_session_id (POLKIT_UNIX_SESSION (session))); - - error = NULL; -+ if (!ensure_database (monitor, &error)) -+ { -+ g_printerr ("Error getting boolean `%s' in group `%s': Error ensuring CK database at " CKDB_PATH ": %s", -+ key_name, -+ group, -+ error->message); -+ g_error_free (error); -+ goto out; -+ } -+ -+ error = NULL; - ret = g_key_file_get_boolean (monitor->database, group, key_name, &error); - if (error != NULL) - { --- -1.7.2.1 - diff --git a/polkit-0.97-subject-scanning.patch b/polkit-0.97-subject-scanning.patch deleted file mode 100644 index d4ab680..0000000 --- a/polkit-0.97-subject-scanning.patch +++ /dev/null @@ -1,76 +0,0 @@ -From 17f0600529dc926ae4a0c85dc56c393cc09e4011 Mon Sep 17 00:00:00 2001 -From: David Zeuthen -Date: Thu, 12 Aug 2010 20:49:25 +0000 -Subject: Fix scanning of unix-process subjects - -In particular accept both "unix-process:," and -"unix-process:". For the latter, return an error if we cannot -lookup the starttime (for example if the given pid references a -non-existing process). - -Signed-off-by: David Zeuthen ---- -diff --git a/src/polkit/polkitsubject.c b/src/polkit/polkitsubject.c -index 19d60b9..51e60e0 100644 ---- a/src/polkit/polkitsubject.c -+++ b/src/polkit/polkitsubject.c -@@ -24,6 +24,7 @@ - #endif - - #include -+#include - - #include "polkitsubject.h" - #include "polkitunixprocess.h" -@@ -222,8 +223,6 @@ polkit_subject_from_string (const gchar *str, - GError **error) - { - PolkitSubject *subject; -- guint64 val; -- gchar *endptr; - - g_return_val_if_fail (str != NULL, NULL); - g_return_val_if_fail (error == NULL || *error == NULL, NULL); -@@ -234,12 +233,15 @@ polkit_subject_from_string (const gchar *str, - - if (g_str_has_prefix (str, "unix-process:")) - { -- val = g_ascii_strtoull (str + sizeof "unix-process:" - 1, -- &endptr, -- 10); -- if (*endptr == '\0') -+ gint scanned_pid; -+ guint64 scanned_starttime; -+ if (sscanf (str, "unix-process:%d:%" G_GUINT64_FORMAT, &scanned_pid, &scanned_starttime) == 2) - { -- subject = polkit_unix_process_new ((gint) val); -+ subject = polkit_unix_process_new_full (scanned_pid, scanned_starttime); -+ } -+ else if (sscanf (str, "unix-process:%d", &scanned_pid) == 1) -+ { -+ subject = polkit_unix_process_new_full (scanned_pid, 0); - if (polkit_unix_process_get_start_time (POLKIT_UNIX_PROCESS (subject)) == 0) - { - g_object_unref (subject); -@@ -247,8 +249,8 @@ polkit_subject_from_string (const gchar *str, - g_set_error (error, - POLKIT_ERROR, - POLKIT_ERROR_FAILED, -- "No process with pid %" G_GUINT64_FORMAT, -- val); -+ "Unable to determine start time for process with pid %d", -+ scanned_pid); - } - } - } -@@ -266,7 +268,7 @@ polkit_subject_from_string (const gchar *str, - g_set_error (error, - POLKIT_ERROR, - POLKIT_ERROR_FAILED, -- "Malformed subject string '%s'", -+ "Malformed subject string `%s'", - str); - } - --- -cgit v0.8.3-6-g21f6 diff --git a/polkit.spec b/polkit.spec index 4e5d0cf..10cc453 100644 --- a/polkit.spec +++ b/polkit.spec @@ -1,7 +1,7 @@ Summary: PolicyKit Authorization Framework Name: polkit -Version: 0.97 -Release: 4%{?dist} +Version: 0.98 +Release: 1%{?dist} License: LGPLv2+ URL: http://www.freedesktop.org/wiki/Software/PolicyKit Source0: http://hal.freedesktop.org/releases/%{name}-%{version}.tar.gz @@ -23,12 +23,6 @@ Provides: PolicyKit = 0.11 # sufficiently new polkit-gnome package Conflicts: polkit-gnome < 0.97 -# upstream -Patch0: polkit-0.97-subject-scanning.patch -# Upstream fix -Patch1: 0001-Fix-ConsoleKit-interaction-bug.patch - - %description PolicyKit is a toolkit for defining and handling authorizations. It is used for allowing unprivileged processes to speak to privileged @@ -71,8 +65,6 @@ Roles and default policy for desktop usage. %prep %setup -q -%patch0 -p1 -b .subject-scanning -%patch1 -p1 -b .ck-interaction %build %configure --enable-gtk-doc --disable-static --libexecdir=%{_libexecdir}/polkit-1 --disable-introspection --enable-examples @@ -190,6 +182,9 @@ EOF %{_datadir}/gtk-doc/html/* %changelog +* Fri Aug 20 2010 David Zeuthen - 0.98-1 +- Update to upstream release 0.98 + * Wed Aug 18 2010 Matthias Clasen - 0.97-4 - Fix a ConsoleKit interaction bug diff --git a/sources b/sources index b036f4f..9e89e2a 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -fbe929cccc2abf7a13b735064e0224ea polkit-0.97.tar.gz +96e583a1177ba5436f034a2fee55f5fa polkit-0.98.tar.gz