cpet/openbsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update to polkit-0.101.

Browse Source 
Merge several patches from upstream to fix CVE-2011-1485.

ok jasper@
This commit is contained in:
ajacoutot 2011-04-28 13:09:07 +00:00
parent 03b8f5bd01
commit af6b7de546
30 changed files with 975 additions and 822 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
sysutils/polkit/Makefile
View File

@ -1,13 +1,12 @@
# $OpenBSD: Makefile,v 1.16 2011/04/07 11:12:12 ajacoutot Exp $ # $OpenBSD: Makefile,v 1.17 2011/04/28 13:09:07 ajacoutot Exp $
COMMENT= framework for granting privileged operations to users COMMENT= framework for granting privileged operations to users
DISTNAME= polkit-0.97 DISTNAME= polkit-0.101
REVISION= 6
SHARED_LIBS += polkit-gobject-1 0.0 # .0.0 SHARED_LIBS += polkit-gobject-1 1.0 # .0.0
SHARED_LIBS += polkit-backend-1 0.0 # .0.0 SHARED_LIBS += polkit-backend-1 1.0 # .0.0
SHARED_LIBS += polkit-agent-1 0.0 # .0.0 SHARED_LIBS += polkit-agent-1 1.0 # .0.0
CATEGORIES= sysutils CATEGORIES= sysutils
@ -21,11 +20,10 @@ PERMIT_DISTFILES_FTP= Yes
PERMIT_PACKAGE_CDROM= Yes PERMIT_PACKAGE_CDROM= Yes
PERMIT_PACKAGE_FTP= Yes PERMIT_PACKAGE_FTP= Yes
WANTLIB += c dbus-1 dbus-glib-1 expat gio-2.0 glib-2.0 gmodule-2.0 WANTLIB += c expat gio-2.0 glib-2.0 gmodule-2.0 gobject-2.0 gthread-2.0
WANTLIB += gobject-2.0 gthread-2.0 pcre pthread z eggdbus-1 WANTLIB += pcre pthread z
#MASTER_SITES= http://hal.freedesktop.org/releases/ MASTER_SITES= http://hal.freedesktop.org/releases/
MASTER_SITES= http://distfiles.bsdfrog.org/
MODULES= textproc/intltool \ MODULES= textproc/intltool \
devel/gettext devel/gettext
@ -34,7 +32,7 @@ BUILD_DEPENDS= ${MODGNU_AUTOMAKE_DEPENDS} \
${MODGNU_AUTOCONF_DEPENDS} \ ${MODGNU_AUTOCONF_DEPENDS} \
devel/gobject-introspection devel/gobject-introspection
# needs libtoolize # needs AM_PROG_LIBTOOL
BUILD_DEPENDS+= devel/libtool BUILD_DEPENDS+= devel/libtool
# We do no want to depends on gtk-doc as it creates a dependency loop: # We do no want to depends on gtk-doc as it creates a dependency loop:
@ -42,23 +40,22 @@ BUILD_DEPENDS+= devel/libtool
BUILD_DEPENDS+= textproc/libxslt \ BUILD_DEPENDS+= textproc/libxslt \
textproc/docbook-xsl textproc/docbook-xsl
LIB_DEPENDS= devel/eggdbus LIB_DEPENDS= devel/glib2
AUTOCONF_VERSION= 2.62 AUTOCONF_VERSION= 2.64
AUTOMAKE_VERSION=1.9 AUTOMAKE_VERSION=1.10
CONFIGURE_STYLE= gnu CONFIGURE_STYLE= gnu
CONFIGURE_ENV= CPPFLAGS="-I${LOCALBASE}/include" \ CONFIGURE_ENV= CPPFLAGS="-I${LOCALBASE}/include" \
LDFLAGS="-L${LOCALBASE}/lib" \ LDFLAGS="-L${LOCALBASE}/lib"
CC=${CC} CFLAGS="${CFLAGS}"
CONFIGURE_ARGS= ${CONFIGURE_SHARED} \ CONFIGURE_ARGS= ${CONFIGURE_SHARED} \
--disable-gtk-doc \
--localstatedir=/var \ --localstatedir=/var \
--mandir=${PREFIX}/man \ --mandir=${PREFIX}/man \
--enable-introspection \
--enable-man-pages \ --enable-man-pages \
--enable-verbose-mode \ --enable-verbose-mode \
--enable-examples \ --enable-examples \
--disable-gtk-doc \
--enable-introspection \
--with-os-type=openbsd \ --with-os-type=openbsd \
--with-authfw=bsdauth --with-authfw=bsdauth
@ -75,11 +72,10 @@ pre-configure:
${SUBST_CMD} ${WRKSRC}/docs/man/pkexec.xml \ ${SUBST_CMD} ${WRKSRC}/docs/man/pkexec.xml \
${WRKSRC}/actions/org.freedesktop.policykit.policy.in \ ${WRKSRC}/actions/org.freedesktop.policykit.policy.in \
${WRKSRC}/src/examples/org.freedesktop.policykit.examples.pkexec.policy.in ${WRKSRC}/src/examples/org.freedesktop.policykit.examples.pkexec.policy.in
cd ${WRKSRC} && \
do-configure:
cd ${WRKSRC} && env AUTOCONF_VERSION=${AUTOCONF_VERSION} \
AUTOMAKE_VERSION=${AUTOMAKE_VERSION} \ AUTOMAKE_VERSION=${AUTOMAKE_VERSION} \
${CONFIGURE_ENV} ./autogen.sh ${CONFIGURE_ARGS} AUTOCONF_VERSION=${AUTOCONF_VERSION} \
${LOCALBASE}/bin/autoreconf
post-install: post-install:
${INSTALL_DATA_DIR} \ ${INSTALL_DATA_DIR} \

10
sysutils/polkit/distinfo
View File

@ -1,5 +1,5 @@
MD5 (polkit-0.97.tar.gz) = 3Bdpry1AnUcAqPwvm6eunw== MD5 (polkit-0.101.tar.gz) = +SWsk6ujwHKXc3DB4n/rfw==
RMD160 (polkit-0.97.tar.gz) = PojZiPZOvTBCQl9paViDgI4sn/o= RMD160 (polkit-0.101.tar.gz) = aS37zCdcBxGUDym4x9UAFEtrkho=
SHA1 (polkit-0.97.tar.gz) = QJji7cEdA5ceUiqIp0dsq9OCTvg= SHA1 (polkit-0.101.tar.gz) = nR9YqZ1AiJzuu94UL5PDBUcfwVE=
SHA256 (polkit-0.97.tar.gz) = thjuv0wWOYRUB8rzAkgY3+BGA/BtqGX1bAEAIUfQpKk= SHA256 (polkit-0.101.tar.gz) = kn9ldg5PziPXzerpAkXCKYbrCjkzWjRJFTAhWPc/nxs=
SIZE (polkit-0.97.tar.gz) = 340363 SIZE (polkit-0.101.tar.gz) = 1066155

30
sysutils/polkit/patches/patch-autogen_sh
View File

@ -1,30 +0,0 @@
$OpenBSD: patch-autogen_sh,v 1.1 2010/07/08 15:20:45 ajacoutot Exp $
Force disabling gtk-doc.
--- autogen.sh.orig Thu Jul 8 16:47:39 2010
+++ autogen.sh Thu Jul 8 16:47:54 2010
@@ -31,14 +31,6 @@ DIE=0
}
}
-(gtkdocize --flavour no-tmpl) < /dev/null > /dev/null 2>&1 || {
- echo
- echo "You must have gtk-doc installed to compile $PROJECT."
- echo "Install the appropriate package for your distribution,"
- echo "or get the source tarball at http://ftp.gnome.org/pub/GNOME/sources/gtk-doc/"
- DIE=1
-}
-
(automake --version) < /dev/null > /dev/null 2>&1 || {
echo
echo "**Error**: You must have automake installed."
@@ -93,8 +85,6 @@ esac
autoconf
intltoolize --copy --force --automake || exit 1
-
-conf_flags="--enable-maintainer-mode --enable-gtk-doc"
if test x$NOCONFIGURE = x; then
echo "Running $srcdir/configure $conf_flags $@ ..."

14
sysutils/polkit/patches/patch-configure_ac
View File

@ -1,10 +1,10 @@
$OpenBSD: patch-configure_ac,v 1.2 2010/07/08 15:20:45 ajacoutot Exp $ $OpenBSD: patch-configure_ac,v 1.3 2011/04/28 13:09:07 ajacoutot Exp $
Force disabling gtk-doc. Force disabling gtk-doc.
Add bsd_auth(3) support. Add bsd_auth(3) support.
--- configure.ac.orig Wed Mar 10 18:46:19 2010 --- configure.ac.orig Thu Mar 3 19:26:20 2011
+++ configure.ac Thu Jul 8 16:49:51 2010 +++ configure.ac Wed Apr 27 16:07:00 2011
@@ -45,8 +45,6 @@ AC_PATH_PROG([XSLTPROC], [xsltproc]) @@ -45,8 +45,6 @@ AC_PATH_PROG([XSLTPROC], [xsltproc])
fi fi
AM_CONDITIONAL(MAN_PAGES_ENABLED, test x$enable_man_pages = xyes) AM_CONDITIONAL(MAN_PAGES_ENABLED, test x$enable_man_pages = xyes)
@ -14,7 +14,7 @@ Add bsd_auth(3) support.
#### gcc warning flags #### gcc warning flags
if test "x$GCC" = "xyes"; then if test "x$GCC" = "xyes"; then
@@ -145,7 +143,7 @@ AC_SUBST(EXPAT_LIBS) @@ -141,7 +139,7 @@ AC_SUBST(EXPAT_LIBS)
AC_CHECK_FUNCS(clearenv) AC_CHECK_FUNCS(clearenv)
if test "x$GCC" = "xyes"; then if test "x$GCC" = "xyes"; then
@ -23,7 +23,7 @@ Add bsd_auth(3) support.
fi fi
dnl --------------------------------------------------------------------------- dnl ---------------------------------------------------------------------------
@@ -194,6 +192,11 @@ case $POLKIT_AUTHFW in @@ -190,6 +188,11 @@ case $POLKIT_AUTHFW in
AC_DEFINE(POLKIT_AUTHFW_SHADOW, 1, [If using the Shadow authentication framework]) AC_DEFINE(POLKIT_AUTHFW_SHADOW, 1, [If using the Shadow authentication framework])
;; ;;
@ -35,7 +35,7 @@ Add bsd_auth(3) support.
*) *)
AC_MSG_ERROR([Unknown Authentication Framework: $POLKIT_AUTHFW]) AC_MSG_ERROR([Unknown Authentication Framework: $POLKIT_AUTHFW])
;; ;;
@@ -202,6 +205,7 @@ esac @@ -198,6 +201,7 @@ esac
AM_CONDITIONAL(POLKIT_AUTHFW_NONE, [test x$POLKIT_AUTHFW = xnone], [Using no authfw]) AM_CONDITIONAL(POLKIT_AUTHFW_NONE, [test x$POLKIT_AUTHFW = xnone], [Using no authfw])
AM_CONDITIONAL(POLKIT_AUTHFW_PAM, [test x$POLKIT_AUTHFW = xpam], [Using PAM authfw]) AM_CONDITIONAL(POLKIT_AUTHFW_PAM, [test x$POLKIT_AUTHFW = xpam], [Using PAM authfw])
AM_CONDITIONAL(POLKIT_AUTHFW_SHADOW, [test x$POLKIT_AUTHFW = xshadow], [Using Shadow authfw]) AM_CONDITIONAL(POLKIT_AUTHFW_SHADOW, [test x$POLKIT_AUTHFW = xshadow], [Using Shadow authfw])
@ -43,7 +43,7 @@ Add bsd_auth(3) support.
dnl --------------------------------------------------------------------------- dnl ---------------------------------------------------------------------------
@@ -488,7 +492,7 @@ echo "NOTE: The directory ${sysconfdir}/polkit-1/local @@ -467,7 +471,7 @@ echo "NOTE: The directory ${sysconfdir}/polkit-1/local
echo " by root and have mode 700" echo " by root and have mode 700"
echo echo

22
sysutils/polkit/patches/patch-docs_man_pkexec_xml
View File

@ -1,7 +1,7 @@
$OpenBSD: patch-docs_man_pkexec_xml,v 1.1.1.1 2010/07/01 07:46:21 ajacoutot Exp $ $OpenBSD: patch-docs_man_pkexec_xml,v 1.2 2011/04/28 13:09:07 ajacoutot Exp $
--- docs/man/pkexec.xml.orig Sun Jun 27 19:09:16 2010 --- docs/man/pkexec.xml.orig Thu Mar 3 18:22:50 2011
+++ docs/man/pkexec.xml Sun Jun 27 19:12:38 2010 +++ docs/man/pkexec.xml Wed Apr 27 16:10:43 2011
@@ -131,14 +131,14 @@ @@ -146,14 +146,14 @@
<refsect1 id="pkexec-example"><title>EXAMPLE</title> <refsect1 id="pkexec-example"><title>EXAMPLE</title>
<para> <para>
To specify what kind of authorization is needed to execute the To specify what kind of authorization is needed to execute the
@ -12,13 +12,13 @@ $OpenBSD: patch-docs_man_pkexec_xml,v 1.1.1.1 2010/07/01 07:46:21 ajacoutot Exp
<programlisting> <programlisting>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" parse="text" href="../../src/examples/org.freedesktop.policykit.examples.pkexec.policy"><xi:fallback>FIXME: MISSING XINCLUDE CONTENT</xi:fallback></xi:include></programlisting> <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" parse="text" href="../../src/examples/org.freedesktop.policykit.examples.pkexec.policy"><xi:fallback>FIXME: MISSING XINCLUDE CONTENT</xi:fallback></xi:include></programlisting>
<para> <para>
and drop it in and drop it in the
- the <filename>/usr/share/polkit-1/actions</filename> directory - <filename>/usr/share/polkit-1/actions</filename> directory under
+ the <filename>${PREFIX}/share/polkit-1/actions</filename> directory + <filename>${PREFIX}/share/polkit-1/actions</filename> directory under
under a suitable name (e.g. matching the namespace of the a suitable name (e.g. matching the namespace of the action).
action). Note that in addition to specifying the program, the Note that in addition to specifying the program, the
authentication message, description, icon and defaults can be authentication message, description, icon and defaults can be
@@ -165,7 +165,7 @@ @@ -188,7 +188,7 @@
| Password: [__________________________________] | | Password: [__________________________________] |
| | | |
| [V] Details: | | [V] Details: |
@ -27,7 +27,7 @@ $OpenBSD: patch-docs_man_pkexec_xml,v 1.1.1.1 2010/07/01 07:46:21 ajacoutot Exp
| Run As: Super User (root) | | Run As: Super User (root) |
| Action: org.fd.pk.example.pkexec.run-frobnicate | | Action: org.fd.pk.example.pkexec.run-frobnicate |
| Vendor: Examples for the PolicyKit Project | | Vendor: Examples for the PolicyKit Project |
@@ -199,7 +199,7 @@ @@ -222,7 +222,7 @@
| | | |
| [V] Detaljer: | | [V] Detaljer: |
| Bruger: Super User (root) | | Bruger: Super User (root) |

48
sysutils/polkit/patches/patch-docs_polkit_html_pklocalauthority_8_html Normal file
View File

@ -0,0 +1,48 @@
$OpenBSD: patch-docs_polkit_html_pklocalauthority_8_html,v 1.1 2011/04/28 13:09:07 ajacoutot Exp $
--- docs/polkit/html/pklocalauthority.8.html.orig Tue Nov 30 13:30:28 2010
+++ docs/polkit/html/pklocalauthority.8.html Tue Nov 30 13:30:53 2010
@@ -98,7 +98,7 @@
The Local Authority reads files with <code class="filename">.pkla</code>
extension from all directories located inside the
<code class="filename">/etc/polkit-1/localauthority</code>
- and <code class="filename">/var/lib/polkit-1/localauthority</code>
+ and <code class="filename">/var/db/polkit-1/localauthority</code>
directories. By default, the following sub-directories are installed.
</p>
<pre class="programlisting">
@@ -114,7 +114,7 @@
and
</p>
<pre class="programlisting">
-/var/lib/polkit-1/
+/var/db/polkit-1/
`-- localauthority
|-- 10-vendor.d
|-- 20-org.d
@@ -125,7 +125,7 @@
<p>
The <code class="filename">/etc/polkit-1/localauthority</code> hierarchy
is inteded for local configuration and
- the <code class="filename">/var/lib/polkit-1/localauthority</code> is
+ the <code class="filename">/var/db/polkit-1/localauthority</code> is
intended for 3rd party packages.
</p>
<p>
@@ -277,7 +277,7 @@
the following rules. First all the basename of all
sub-directories (e.g. <span class="emphasis"><em>30-site.d</em></span>) from both
the <code class="filename">/etc/polkit-1/localauthority</code>
- and <code class="filename">/var/lib/polkit-1/localauthority</code>
+ and <code class="filename">/var/db/polkit-1/localauthority</code>
directories are enumerated and sorted (using the C locale). If a
name exists in both <code class="filename">/etc</code>
and <code class="filename">/var</code>, the one
@@ -291,7 +291,7 @@
For example, given the following files
</p>
<pre class="programlisting">
-/var/lib/polkit-1
+/var/db/polkit-1
└── localauthority
├── 10-vendor.d
│ └── 10-desktop-policy.pkla

25
sysutils/polkit/patches/patch-docs_polkit_polkit-1-sections_txt Normal file
View File

@ -0,0 +1,25 @@
$OpenBSD: patch-docs_polkit_polkit-1-sections_txt,v 1.1 2011/04/28 13:09:07 ajacoutot Exp $
From 129b6223a19e7fb2753f8cad7957ac5402394076 Mon Sep 17 00:00:00 2001
From: David Zeuthen <davidz@redhat.com>
Date: Fri, 01 Apr 2011 16:09:45 +0000
Subject: Make PolkitUnixProcess also record the uid of the process
--- docs/polkit/polkit-1-sections.txt.orig Thu Mar 3 19:47:45 2011
+++ docs/polkit/polkit-1-sections.txt Wed Apr 27 19:19:15 2011
@@ -145,10 +145,13 @@ POLKIT_UNIX_SESSION_GET_CLASS
PolkitUnixProcess
polkit_unix_process_new
polkit_unix_process_new_full
+polkit_unix_process_new_for_owner
+polkit_unix_process_set_pid
polkit_unix_process_get_pid
+polkit_unix_process_set_start_time
polkit_unix_process_get_start_time
-polkit_unix_process_set_pid
-polkit_unix_process_get_owner
+polkit_unix_process_set_uid
+polkit_unix_process_get_uid
<SUBSECTION Standard>
PolkitUnixProcessClass
POLKIT_UNIX_PROCESS

4
sysutils/polkit/patches/patch-src_nullbackend_50-nullbackend_conf
View File

@ -1,4 +1,4 @@
$OpenBSD: patch-src_nullbackend_50-nullbackend_conf,v 1.1 2010/07/05 15:22:16 ajacoutot Exp $ $OpenBSD: patch-src_nullbackend_50-nullbackend_conf,v 1.2 2011/04/28 13:09:07 ajacoutot Exp $
--- src/nullbackend/50-nullbackend.conf.orig Mon Jul 5 16:51:53 2010 --- src/nullbackend/50-nullbackend.conf.orig Mon Jul 5 16:51:53 2010
+++ src/nullbackend/50-nullbackend.conf Mon Jul 5 16:52:17 2010 +++ src/nullbackend/50-nullbackend.conf Mon Jul 5 16:52:17 2010
@@ -1,10 +1,10 @@ @@ -1,10 +1,10 @@
@ -6,7 +6,7 @@ $OpenBSD: patch-src_nullbackend_50-nullbackend_conf,v 1.1 2010/07/05 15:22:16 aj
# Configuration file for the PolicyKit null backend. # Configuration file for the PolicyKit null backend.
# #
-# DO NOT EDIT THIS FILE, it will be overwritten on update. -# DO NOT EDIT THIS FILE, it will be overwritten on update.
+# DO NOT EDIT THIS FILE +# DO NOT EDIT THIS FILE.
# #
# To change configuration, create another file in this directory with # To change configuration, create another file in this directory with
-# a filename that is sorted after the 50-nullback.conf and make -# a filename that is sorted after the 50-nullback.conf and make

33
sysutils/polkit/patches/patch-src_polkit_Makefile_am
View File

@ -1,12 +1,21 @@
$OpenBSD: patch-src_polkit_Makefile_am,v 1.1 2011/04/07 11:12:12 ajacoutot Exp $ $OpenBSD: patch-src_polkit_Makefile_am,v 1.2 2011/04/28 13:09:07 ajacoutot Exp $
--- src/polkit/Makefile.am.orig Thu Apr 7 11:42:24 2011
+++ src/polkit/Makefile.am Thu Apr 7 11:42:52 2011 src/polkit/tmp-introspect6TgxO1/.libs/Polkit-1.0: can't load library 'libpolkit-gobject-1.so.X.X'
@@ -154,7 +154,7 @@ Polkit-1.0.gir: libpolkit-gobject-1.la $(G_IR_SCANNER)
$(srcdir)/polkitauthorizationresult.h \ From c29a6fd701df08e10e384cce65356af9a5a559f3 Mon Sep 17 00:00:00 2001
$(srcdir)/polkitcheckauthorizationflags.h \ From: Benjamin Otte <otte@redhat.com>
$(srcdir)/polkitdetails.h \ Date: Fri, 11 Mar 2011 13:01:27 +0000
- $(builddir)/polkitenumtypes.h \ Subject: introspection: Add --c-include to the gir files
+ $(srcdir)/polkitenumtypes.h \
$(srcdir)/polkiterror.h \ --- src/polkit/Makefile.am.orig Sat Feb 26 23:23:53 2011
$(srcdir)/polkitidentity.h \ +++ src/polkit/Makefile.am Wed Apr 27 20:29:34 2011
$(srcdir)/polkitimplicitauthorization.h \ @@ -110,7 +110,9 @@ Polkit-1.0.gir: libpolkit-gobject-1.la $(INTROSPECTION
--pkg=gobject-2.0 \
--pkg=gio-2.0 \
--libtool=$(top_builddir)/libtool \
+ --c-include='polkit/polkit.h' \
-I$(top_srcdir)/src \
+ -L$(top_srcdir)/src/polkit/.libs \
-D_POLKIT_COMPILATION \
$(libpolkit_gobject_1_la_SOURCES) \
$(NULL)

20
sysutils/polkit/patches/patch-src_polkit_polkitcheckauthorizationflags_h
View File

@ -1,20 +0,0 @@
$OpenBSD: patch-src_polkit_polkitcheckauthorizationflags_h,v 1.1 2011/04/07 11:12:12 ajacoutot Exp $
From 920c40ef079fd2907f6c08d965d6d87eaf58f52a Mon Sep 17 00:00:00 2001
From: Colin Walters <walters@verbum.org>
Date: Fri, 10 Sep 2010 18:42:51 +0000
Subject: Remove duplicate definitions of enumeration types
--- src/polkit/polkitcheckauthorizationflags.h.orig Wed Mar 10 18:46:19 2010
+++ src/polkit/polkitcheckauthorizationflags.h Thu Apr 7 12:21:48 2011
@@ -30,10 +30,6 @@
G_BEGIN_DECLS
-GType polkit_check_authorization_flags_get_type (void) G_GNUC_CONST;
-
-#define POLKIT_TYPE_CHECK_AUTHORIZATION_FLAGS (polkit_check_authorization_flags_get_type ())
-
/**
* PolkitCheckAuthorizationFlags:
* @POLKIT_CHECK_AUTHORIZATION_FLAGS_NONE: No flags set.

20
sysutils/polkit/patches/patch-src_polkit_polkiterror_h
View File

@ -1,20 +0,0 @@
$OpenBSD: patch-src_polkit_polkiterror_h,v 1.1 2011/04/07 11:12:12 ajacoutot Exp $
From 920c40ef079fd2907f6c08d965d6d87eaf58f52a Mon Sep 17 00:00:00 2001
From: Colin Walters <walters@verbum.org>
Date: Fri, 10 Sep 2010 18:42:51 +0000
Subject: Remove duplicate definitions of enumeration types
--- src/polkit/polkiterror.h.orig Wed Mar 10 18:46:19 2010
+++ src/polkit/polkiterror.h Thu Apr 7 12:21:48 2011
@@ -40,10 +40,6 @@ G_BEGIN_DECLS
GQuark polkit_error_quark (void);
-GType polkit_error_get_type (void) G_GNUC_CONST;
-
-#define POLKIT_TYPE_ERROR (polkit_error_get_type ())
-
/**
* PolkitError:
* @POLKIT_ERROR_FAILED: The operation failed.

20
sysutils/polkit/patches/patch-src_polkit_polkitimplicitauthorization_h
View File

@ -1,20 +0,0 @@
$OpenBSD: patch-src_polkit_polkitimplicitauthorization_h,v 1.1 2011/04/07 11:12:12 ajacoutot Exp $
From 920c40ef079fd2907f6c08d965d6d87eaf58f52a Mon Sep 17 00:00:00 2001
From: Colin Walters <walters@verbum.org>
Date: Fri, 10 Sep 2010 18:42:51 +0000
Subject: Remove duplicate definitions of enumeration types
--- src/polkit/polkitimplicitauthorization.h.orig Wed Mar 10 18:46:19 2010
+++ src/polkit/polkitimplicitauthorization.h Thu Apr 7 12:21:48 2011
@@ -30,10 +30,6 @@
G_BEGIN_DECLS
-GType polkit_implicit_authorization_get_type (void) G_GNUC_CONST;
-
-#define POLKIT_TYPE_IMPLICIT_AUTHORIZATION (polkit_implicit_authorization_get_type ())
-
/**
* PolkitImplicitAuthorization:
* @POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN: Unknown whether the subject is authorized, never returned in any public API.

67
sysutils/polkit/patches/patch-src_polkit_polkitsubject_c Normal file
View File

@ -0,0 +1,67 @@
$OpenBSD: patch-src_polkit_polkitsubject_c,v 1.1 2011/04/28 13:09:07 ajacoutot Exp $
From 129b6223a19e7fb2753f8cad7957ac5402394076 Mon Sep 17 00:00:00 2001
From: David Zeuthen <davidz@redhat.com>
Date: Fri, 01 Apr 2011 16:09:45 +0000
Subject: Make PolkitUnixProcess also record the uid of the process
--- src/polkit/polkitsubject.c.orig Sat Feb 26 23:23:53 2011
+++ src/polkit/polkitsubject.c Wed Apr 27 19:19:15 2011
@@ -238,13 +238,18 @@ polkit_subject_from_string (const gchar *str,
{
gint scanned_pid;
guint64 scanned_starttime;
- if (sscanf (str, "unix-process:%d:%" G_GUINT64_FORMAT, &scanned_pid, &scanned_starttime) == 2)
+ gint scanned_uid;
+ if (sscanf (str, "unix-process:%d:%" G_GUINT64_FORMAT ":%d", &scanned_pid, &scanned_starttime, &scanned_uid) == 3)
{
+ subject = polkit_unix_process_new_for_owner (scanned_pid, scanned_starttime, scanned_uid);
+ }
+ else if (sscanf (str, "unix-process:%d:%" G_GUINT64_FORMAT, &scanned_pid, &scanned_starttime) == 2)
+ {
subject = polkit_unix_process_new_full (scanned_pid, scanned_starttime);
}
else if (sscanf (str, "unix-process:%d", &scanned_pid) == 1)
{
- subject = polkit_unix_process_new_full (scanned_pid, 0);
+ subject = polkit_unix_process_new (scanned_pid);
if (polkit_unix_process_get_start_time (POLKIT_UNIX_PROCESS (subject)) == 0)
{
g_object_unref (subject);
@@ -297,6 +302,8 @@ polkit_subject_to_gvariant (PolkitSubject *subject)
g_variant_new_uint32 (polkit_unix_process_get_pid (POLKIT_UNIX_PROCESS (subject))));
g_variant_builder_add (&builder, "{sv}", "start-time",
g_variant_new_uint64 (polkit_unix_process_get_start_time (POLKIT_UNIX_PROCESS (subject))));
+ g_variant_builder_add (&builder, "{sv}", "uid",
+ g_variant_new_int32 (polkit_unix_process_get_uid (POLKIT_UNIX_PROCESS (subject))));
}
else if (POLKIT_IS_UNIX_SESSION (subject))
{
@@ -395,6 +402,7 @@ polkit_subject_new_for_gvariant (GVariant *variant,
GVariant *v;
guint32 pid;
guint64 start_time;
+ gint32 uid;
v = lookup_asv (details_gvariant, "pid", G_VARIANT_TYPE_UINT32, error);
if (v == NULL)
@@ -414,7 +422,18 @@ polkit_subject_new_for_gvariant (GVariant *variant,
start_time = g_variant_get_uint64 (v);
g_variant_unref (v);
- ret = polkit_unix_process_new_full (pid, start_time);
+ v = lookup_asv (details_gvariant, "uid", G_VARIANT_TYPE_INT32, error);
+ if (v != NULL)
+ {
+ uid = g_variant_get_int32 (v);
+ g_variant_unref (v);
+ }
+ else
+ {
+ uid = -1;
+ }
+
+ ret = polkit_unix_process_new_for_owner (pid, start_time, uid);
}
else if (g_strcmp0 (kind, "unix-session") == 0)
{

549
sysutils/polkit/patches/patch-src_polkit_polkitunixprocess_c
View File

@ -1,73 +1,405 @@
$OpenBSD: patch-src_polkit_polkitunixprocess_c,v 1.1.1.1 2010/07/01 07:46:21 ajacoutot Exp $ $OpenBSD: patch-src_polkit_polkitunixprocess_c,v 1.2 2011/04/28 13:09:07 ajacoutot Exp $
--- src/polkit/polkitunixprocess.c.orig Wed Mar 10 18:46:19 2010
+++ src/polkit/polkitunixprocess.c Thu Jul 1 09:19:56 2010 From 129b6223a19e7fb2753f8cad7957ac5402394076 Mon Sep 17 00:00:00 2001
@@ -24,8 +24,13 @@ From: David Zeuthen <davidz@redhat.com>
Date: Fri, 01 Apr 2011 16:09:45 +0000
Subject: Make PolkitUnixProcess also record the uid of the process
From dd848a42a64a3b22a0cc60f6657b56ce9b6010ae Mon Sep 17 00:00:00 2001
From: David Zeuthen <davidz@redhat.com>
Date: Thu, 31 Mar 2011 16:59:09 +0000
Subject: PolkitUnixProcess: Clarify that the real uid is returned, not the effective one
--- src/polkit/polkitunixprocess.c.orig Sat Feb 26 23:23:53 2011
+++ src/polkit/polkitunixprocess.c Wed Apr 27 19:37:21 2011
@@ -24,16 +24,21 @@
#endif #endif
#include <sys/types.h> #include <sys/types.h>
-#ifndef HAVE_FREEBSD -#ifndef HAVE_FREEBSD
+#if !defined(HAVE_FREEBSD) && !defined(__OpenBSD__) -#include <sys/stat.h>
#include <sys/stat.h> -#else
+#elif defined(__OpenBSD__) +#ifdef HAVE_FREEBSD
#include <sys/param.h>
#include <sys/sysctl.h>
#include <sys/user.h>
#endif
+#ifdef __OpenBSD__
+#include <kvm.h> +#include <kvm.h>
+#include <stdio.h> +#include <stdio.h>
+#include <sys/param.h> +#include <sys/param.h>
+#include <sys/sysctl.h> +#include <sys/sysctl.h>
#else +#endif
#include <sys/param.h> #include <stdlib.h>
#include <sys/sysctl.h> #include <string.h>
@@ -86,6 +91,10 @@ static guint64 get_start_time_for_pid (gint pid, #include <errno.h>
+#include <stdio.h>
#include "polkitunixprocess.h"
#include "polkitsubject.h"
@@ -63,6 +68,7 @@ struct _PolkitUnixProcess
gint pid;
guint64 start_time;
+ gint uid;
};
struct _PolkitUnixProcessClass
@@ -75,6 +81,7 @@ enum
PROP_0,
PROP_PID,
PROP_START_TIME,
+ PROP_UID
};
static void subject_iface_init (PolkitSubjectIface *subject_iface);
@@ -82,7 +89,10 @@ static void subject_iface_init (PolkitSubjectIface *su
static guint64 get_start_time_for_pid (gint pid,
GError **error);
-#ifdef HAVE_FREEBSD
+static gint _polkit_unix_process_get_owner (PolkitUnixProcess *process,
+ GError **error);
+
+#if defined(HAVE_FREEBSD) || defined(__OpenBSD__)
static gboolean get_kinfo_proc (gint pid, struct kinfo_proc *p); static gboolean get_kinfo_proc (gint pid, struct kinfo_proc *p);
#endif #endif
+#ifdef __OpenBSD__ @@ -93,6 +103,7 @@ G_DEFINE_TYPE_WITH_CODE (PolkitUnixProcess, polkit_uni
+static gboolean get_kinfo_proc (pid_t pid, struct kinfo_proc2 *p); static void
+#endif polkit_unix_process_init (PolkitUnixProcess *unix_process)
+
G_DEFINE_TYPE_WITH_CODE (PolkitUnixProcess, polkit_unix_process, G_TYPE_OBJECT,
G_IMPLEMENT_INTERFACE (POLKIT_TYPE_SUBJECT, subject_iface_init)
);
@@ -214,8 +223,10 @@ polkit_unix_process_get_owner (PolkitUnixProcess *pro
GError **error)
{ {
gint result; + unix_process->uid = -1;
}
static void
@@ -109,6 +120,10 @@ polkit_unix_process_get_property (GObject *object,
g_value_set_int (value, unix_process->pid);
break;
+ case PROP_UID:
+ g_value_set_int (value, unix_process->uid);
+ break;
+
case PROP_START_TIME:
g_value_set_uint64 (value, unix_process->start_time);
break;
@@ -133,6 +148,14 @@ polkit_unix_process_set_property (GObject *object
polkit_unix_process_set_pid (unix_process, g_value_get_int (value));
break;
+ case PROP_UID:
+ polkit_unix_process_set_uid (unix_process, g_value_get_int (value));
+ break;
+
+ case PROP_START_TIME:
+ polkit_unix_process_set_start_time (unix_process, g_value_get_uint64 (value));
+ break;
+
default:
G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
break;
@@ -140,12 +163,39 @@ polkit_unix_process_set_property (GObject *object
}
static void
+polkit_unix_process_constructed (GObject *object)
+{
+ PolkitUnixProcess *process = POLKIT_UNIX_PROCESS (object);
+
+ /* sets start_time and uid in case they are unset */
+
+ if (process->start_time == 0)
+ process->start_time = get_start_time_for_pid (process->pid, NULL);
+
+ if (process->uid == -1)
+ {
+ GError *error;
+ error = NULL;
+ process->uid = _polkit_unix_process_get_owner (process, &error);
+ if (error != NULL)
+ {
+ process->uid = -1;
+ g_error_free (error);
+ }
+ }
+
+ if (G_OBJECT_CLASS (polkit_unix_process_parent_class)->constructed != NULL)
+ G_OBJECT_CLASS (polkit_unix_process_parent_class)->constructed (object);
+}
+
+static void
polkit_unix_process_class_init (PolkitUnixProcessClass *klass)
{
GObjectClass *gobject_class = G_OBJECT_CLASS (klass);
gobject_class->get_property = polkit_unix_process_get_property;
gobject_class->set_property = polkit_unix_process_set_property;
+ gobject_class->constructed = polkit_unix_process_constructed;
/**
* PolkitUnixProcess:pid:
@@ -157,7 +207,7 @@ polkit_unix_process_class_init (PolkitUnixProcessClass
g_param_spec_int ("pid",
"Process ID",
"The UNIX process ID",
- -1,
+ 0,
G_MAXINT,
0,
G_PARAM_CONSTRUCT |
@@ -167,6 +217,27 @@ polkit_unix_process_class_init (PolkitUnixProcessClass
G_PARAM_STATIC_NICK));
/**
+ * PolkitUnixProcess:uid:
+ *
+ * The UNIX user id of the process or -1 if unknown.
+ *
+ * Note that this is the real user-id, not the effective user-id.
+ */
+ g_object_class_install_property (gobject_class,
+ PROP_UID,
+ g_param_spec_int ("uid",
+ "User ID",
+ "The UNIX user ID",
+ -1,
+ G_MAXINT,
+ -1,
+ G_PARAM_CONSTRUCT |
+ G_PARAM_READWRITE |
+ G_PARAM_STATIC_NAME |
+ G_PARAM_STATIC_BLURB |
+ G_PARAM_STATIC_NICK));
+
+ /**
* PolkitUnixProcess:start-time:
*
* The start time of the process.
@@ -179,7 +250,8 @@ polkit_unix_process_class_init (PolkitUnixProcessClass
0,
G_MAXUINT64,
0,
- G_PARAM_READABLE |
+ G_PARAM_CONSTRUCT |
+ G_PARAM_READWRITE |
G_PARAM_STATIC_NAME |
G_PARAM_STATIC_BLURB |
G_PARAM_STATIC_NICK));
@@ -187,78 +259,50 @@ polkit_unix_process_class_init (PolkitUnixProcessClass
}
/**
- * polkit_unix_process_get_pid:
+ * polkit_unix_process_get_uid:
* @process: A #PolkitUnixProcess.
*
- * Gets the process id for @process.
+ * Gets the user id for @process. Note that this is the real user-id,
+ * not the effective user-id.
*
- * Returns: The process id for @process.
+ * Returns: The user id for @process or -1 if unknown.
*/
gint
-polkit_unix_process_get_pid (PolkitUnixProcess *process)
+polkit_unix_process_get_uid (PolkitUnixProcess *process)
{
- g_return_val_if_fail (POLKIT_IS_UNIX_PROCESS (process), 0);
- return process->pid;
+ g_return_val_if_fail (POLKIT_IS_UNIX_PROCESS (process), -1);
+ return process->uid;
}
/**
- * polkit_unix_process_get_owner:
+ * polkit_unix_process_set_uid:
* @process: A #PolkitUnixProcess.
- * @error: (allow-none): Return location for error or %NULL.
+ * @uid: The user id to set for @process or -1 to unset it.
*
- * Gets the uid of the owner of @process.
+ * Sets the (real, not effective) user id for @process.
+ */
+void
+polkit_unix_process_set_uid (PolkitUnixProcess *process,
+ gint uid)
+{
+ g_return_if_fail (POLKIT_IS_UNIX_PROCESS (process));
+ g_return_if_fail (uid >= -1);
+ process->uid = uid;
+}
+
+/**
+ * polkit_unix_process_get_pid:
+ * @process: A #PolkitUnixProcess.
*
- * Returns: The UNIX user id of the owner for @process or 0 if @error is set.
- **/
+ * Gets the process id for @process.
+ *
+ * Returns: The process id for @process.
+ */
gint
-polkit_unix_process_get_owner (PolkitUnixProcess *process,
- GError **error)
+polkit_unix_process_get_pid (PolkitUnixProcess *process)
{
- gint result;
-#ifdef HAVE_FREEBSD -#ifdef HAVE_FREEBSD
+#if defined(HAVE_FREEBSD) - struct kinfo_proc p;
struct kinfo_proc p; -#else
+#elif defined(__OpenBSD__) - struct stat statbuf;
+ struct kinfo_proc2 p; - char procbuf[32];
#else -#endif
struct stat statbuf; -
char procbuf[32]; g_return_val_if_fail (POLKIT_IS_UNIX_PROCESS (process), 0);
@@ -223,7 +234,7 @@ polkit_unix_process_get_owner (PolkitUnixProcess *pro - g_return_val_if_fail (error == NULL || *error == NULL, 0);
-
result = 0; - result = 0;
-
-#ifdef HAVE_FREEBSD -#ifdef HAVE_FREEBSD
+#if defined(HAVE_FREEBSD) || defined(__OpenBSD__) - if (get_kinfo_proc (process->pid, &p) == 0)
if (get_kinfo_proc (process->pid, &p) == 0) - {
{ - g_set_error (error,
g_set_error (error, - POLKIT_ERROR,
@@ -235,8 +246,12 @@ polkit_unix_process_get_owner (PolkitUnixProcess *pro - POLKIT_ERROR_FAILED,
goto out; - "get_kinfo_proc() failed for pid %d: %s",
} - process->pid,
- g_strerror (errno));
- goto out;
- }
-
- result = p.ki_uid;
-#else
- g_snprintf (procbuf, sizeof procbuf, "/proc/%d", process->pid);
- if (stat (procbuf, &statbuf) != 0)
- {
- g_set_error (error,
- POLKIT_ERROR,
- POLKIT_ERROR_FAILED,
- "stat() failed for /proc/%d: %s",
- process->pid,
- g_strerror (errno));
- goto out;
- }
-
- result = statbuf.st_uid;
-#endif
-
- out:
-
- return result;
+ return process->pid;
}
+#if defined(HAVE_FREEBSD) /**
result = p.ki_uid; @@ -277,6 +321,21 @@ polkit_unix_process_get_start_time (PolkitUnixProcess
#else }
+ result = p.p_uid;
+#endif /**
+#else + * polkit_unix_process_set_start_time:
g_snprintf (procbuf, sizeof procbuf, "/proc/%d", process->pid); + * @process: A #PolkitUnixProcess.
if (stat (procbuf, &statbuf) != 0) + * @start_time: The start time for @pid.
{ + *
@@ -476,12 +491,38 @@ get_kinfo_proc (pid_t pid, struct kinfo_proc *p) + * Set the start time of @process.
+ */
+void
+polkit_unix_process_set_start_time (PolkitUnixProcess *process,
+ guint64 start_time)
+{
+ g_return_if_fail (POLKIT_IS_UNIX_PROCESS (process));
+ process->start_time = start_time;
+}
+
+/**
* polkit_unix_process_set_pid:
* @process: A #PolkitUnixProcess.
* @pid: A process id.
@@ -289,19 +348,18 @@ polkit_unix_process_set_pid (PolkitUnixProcess *proces
{
g_return_if_fail (POLKIT_IS_UNIX_PROCESS (process));
process->pid = pid;
- if (pid != (gint) -1)
- process->start_time = get_start_time_for_pid (pid, NULL);
}
/**
* polkit_unix_process_new:
* @pid: The process id.
*
- * Creates a new #PolkitUnixProcess for @pid. The start time of the
- * process will be looked up in using e.g. the
- * <filename>/proc</filename> filesystem depending on the platform in
- * use.
+ * Creates a new #PolkitUnixProcess for @pid.
*
+ * The uid and start time of the process will be looked up in using
+ * e.g. the <filename>/proc</filename> filesystem depending on the
+ * platform in use.
+ *
* Returns: (transfer full): A #PolkitSubject. Free with g_object_unref().
*/
PolkitSubject *
@@ -319,22 +377,42 @@ polkit_unix_process_new (gint pid)
*
* Creates a new #PolkitUnixProcess object for @pid and @start_time.
*
+ * The uid of the process will be looked up in using e.g. the
+ * <filename>/proc</filename> filesystem depending on the platform in
+ * use.
+ *
* Returns: (transfer full): A #PolkitSubject. Free with g_object_unref().
*/
PolkitSubject *
polkit_unix_process_new_full (gint pid,
guint64 start_time)
{
- PolkitUnixProcess *process;
+ return POLKIT_SUBJECT (g_object_new (POLKIT_TYPE_UNIX_PROCESS,
+ "pid", pid,
+ "start_time", start_time,
+ NULL));
+}
- process = POLKIT_UNIX_PROCESS (polkit_unix_process_new ((gint) -1));
- process->pid = pid;
- if (start_time != 0)
- process->start_time = start_time;
- else
- process->start_time = get_start_time_for_pid (pid, NULL);
-
- return POLKIT_SUBJECT (process);
+/**
+ * polkit_unix_process_new_for_owner:
+ * @pid: The process id.
+ * @start_time: The start time for @pid or 0 to look it up in e.g. <filename>/proc</filename>.
+ * @uid: The (real, not effective) uid of the owner of @pid or -1 to look it up in e.g. <filename>/proc</filename>.
+ *
+ * Creates a new #PolkitUnixProcess object for @pid, @start_time and @uid.
+ *
+ * Returns: (transfer full): A #PolkitSubject. Free with g_object_unref().
+ */
+PolkitSubject *
+polkit_unix_process_new_for_owner (gint pid,
+ guint64 start_time,
+ gint uid)
+{
+ return POLKIT_SUBJECT (g_object_new (POLKIT_TYPE_UNIX_PROCESS,
+ "pid", pid,
+ "start_time", start_time,
+ "uid", uid,
+ NULL));
}
static guint
@@ -482,12 +560,38 @@ get_kinfo_proc (pid_t pid, struct kinfo_proc *p)
} }
#endif #endif
+#ifdef __OpenBSD__ +#ifdef __OpenBSD__
+get_kinfo_proc (pid_t pid, +get_kinfo_proc (pid_t pid,
+ struct kinfo_proc2 *p) + struct kinfo_proc *p)
+{ +{
+ int name[6]; + int name[6];
+ u_int namelen; + u_int namelen;
@ -76,14 +408,14 @@ $OpenBSD: patch-src_polkit_polkitunixprocess_c,v 1.1.1.1 2010/07/01 07:46:21 aja
+ sz = sizeof(*p); + sz = sizeof(*p);
+ namelen = 0; + namelen = 0;
+ name[namelen++] = CTL_KERN; + name[namelen++] = CTL_KERN;
+ name[namelen++] = KERN_PROC2; + name[namelen++] = KERN_PROC;
+ name[namelen++] = KERN_PROC_PID; + name[namelen++] = KERN_PROC_PID;
+ name[namelen++] = pid; + name[namelen++] = pid;
+ name[namelen++] = sz; + name[namelen++] = sz;
+ name[namelen++] = 1; + name[namelen++] = 1;
+ +
+ if (sysctl (name, namelen, p, &sz, NULL, 0) == -1) { + if (sysctl (name, namelen, p, &sz, NULL, 0) == -1) {
+ perror("sysctl kern.proc2.pid"); + perror("sysctl kern.proc.pid");
+ return FALSE; + return FALSE;
+ } + }
+ +
@ -101,19 +433,7 @@ $OpenBSD: patch-src_polkit_polkitunixprocess_c,v 1.1.1.1 2010/07/01 07:46:21 aja
gchar *filename; gchar *filename;
gchar *contents; gchar *contents;
size_t length; size_t length;
@@ -554,7 +595,11 @@ get_start_time_for_pid (pid_t pid, @@ -575,10 +679,110 @@ get_start_time_for_pid (pid_t pid,
g_free (filename);
g_free (contents);
#else
+#if defined(HAVE_FREEBSD)
struct kinfo_proc p;
+#else
+ struct kinfo_proc2 p;
+#endif
start_time = 0;
@@ -569,7 +614,11 @@ get_start_time_for_pid (pid_t pid,
goto out; goto out;
} }
@ -125,3 +445,102 @@ $OpenBSD: patch-src_polkit_polkitunixprocess_c,v 1.1.1.1 2010/07/01 07:46:21 aja
out: out:
#endif #endif
return start_time;
+}
+
+static gint
+_polkit_unix_process_get_owner (PolkitUnixProcess *process,
+ GError **error)
+{
+ gint result;
+ gchar *contents;
+ gchar **lines;
+#if defined(HAVE_FREEBSD) || defined(__OpenBSD__)
+ struct kinfo_proc p;
+#else
+ gchar filename[64];
+ guint n;
+#endif
+
+ g_return_val_if_fail (POLKIT_IS_UNIX_PROCESS (process), 0);
+ g_return_val_if_fail (error == NULL || *error == NULL, 0);
+
+ result = 0;
+ lines = NULL;
+ contents = NULL;
+
+#if defined(HAVE_FREEBSD) || defined(__OpenBSD__)
+ if (get_kinfo_proc (process->pid, &p) == 0)
+ {
+ g_set_error (error,
+ POLKIT_ERROR,
+ POLKIT_ERROR_FAILED,
+ "get_kinfo_proc() failed for pid %d: %s",
+ process->pid,
+ g_strerror (errno));
+ goto out;
+ }
+
+#if defined(HAVE_FREEBSD)
+ result = p.ki_uid;
+#else
+ result = p.p_uid;
+#endif
+#else
+
+ /* see 'man proc' for layout of the status file
+ *
+ * Uid, Gid: Real, effective, saved set, and file system UIDs (GIDs).
+ */
+ g_snprintf (filename, sizeof filename, "/proc/%d/status", process->pid);
+ if (!g_file_get_contents (filename,
+ &contents,
+ NULL,
+ error))
+ {
+ goto out;
+ }
+ lines = g_strsplit (contents, "\n", -1);
+ for (n = 0; lines != NULL && lines[n] != NULL; n++)
+ {
+ gint real_uid, effective_uid;
+ if (!g_str_has_prefix (lines[n], "Uid:"))
+ continue;
+ if (sscanf (lines[n] + 4, "%d %d", &real_uid, &effective_uid) != 2)
+ {
+ g_set_error (error,
+ POLKIT_ERROR,
+ POLKIT_ERROR_FAILED,
+ "Unexpected line `%s' in file %s",
+ lines[n],
+ filename);
+ goto out;
+ }
+ else
+ {
+ result = real_uid;
+ goto out;
+ }
+ }
+
+ g_set_error (error,
+ POLKIT_ERROR,
+ POLKIT_ERROR_FAILED,
+ "Didn't find any line starting with `Uid:' in file %s",
+ filename);
+#endif
+
+out:
+ g_strfreev (lines);
+ g_free (contents);
+ return result;
+}
+
+/* deprecated public method */
+gint
+polkit_unix_process_get_owner (PolkitUnixProcess *process,
+ GError **error)
+{
+ return _polkit_unix_process_get_owner (process, error);
}

39
sysutils/polkit/patches/patch-src_polkit_polkitunixprocess_h Normal file
View File

@ -0,0 +1,39 @@
$OpenBSD: patch-src_polkit_polkitunixprocess_h,v 1.1 2011/04/28 13:09:07 ajacoutot Exp $
From 129b6223a19e7fb2753f8cad7957ac5402394076 Mon Sep 17 00:00:00 2001
From: David Zeuthen <davidz@redhat.com>
Date: Fri, 01 Apr 2011 16:09:45 +0000
Subject: Make PolkitUnixProcess also record the uid of the process
--- src/polkit/polkitunixprocess.h.orig Sat Feb 26 23:23:53 2011
+++ src/polkit/polkitunixprocess.h Wed Apr 27 19:19:15 2011
@@ -47,16 +47,24 @@ typedef struct _PolkitUnixProcess PolkitUnixProcess;
typedef struct _PolkitUnixProcessClass PolkitUnixProcessClass;
GType polkit_unix_process_get_type (void) G_GNUC_CONST;
-PolkitSubject *polkit_unix_process_new (gint pid);
-PolkitSubject *polkit_unix_process_new_full (gint pid,
- guint64 start_time);
-
+PolkitSubject *polkit_unix_process_new (gint pid);
+PolkitSubject *polkit_unix_process_new_full (gint pid,
+ guint64 start_time);
+PolkitSubject *polkit_unix_process_new_for_owner (gint pid,
+ guint64 start_time,
+ gint uid);
gint polkit_unix_process_get_pid (PolkitUnixProcess *process);
guint64 polkit_unix_process_get_start_time (PolkitUnixProcess *process);
+gint polkit_unix_process_get_uid (PolkitUnixProcess *process);
void polkit_unix_process_set_pid (PolkitUnixProcess *process,
gint pid);
+void polkit_unix_process_set_uid (PolkitUnixProcess *process,
+ gint uid);
+void polkit_unix_process_set_start_time (PolkitUnixProcess *process,
+ guint64 start_time);
+
gint polkit_unix_process_get_owner (PolkitUnixProcess *process,
- GError **error);
+ GError **error) G_GNUC_DEPRECATED_FOR (polkit_unix_process_get_uid);
G_END_DECLS

39
sysutils/polkit/patches/patch-src_polkitagent_Makefile_am
View File

@ -1,24 +1,27 @@
$OpenBSD: patch-src_polkitagent_Makefile_am,v 1.1.1.1 2010/07/01 07:46:21 ajacoutot Exp $ $OpenBSD: patch-src_polkitagent_Makefile_am,v 1.2 2011/04/28 13:09:07 ajacoutot Exp $
--- src/polkitagent/Makefile.am.orig Wed Mar 10 18:46:19 2010
+++ src/polkitagent/Makefile.am Sun Jun 27 17:49:46 2010 From c29a6fd701df08e10e384cce65356af9a5a559f3 Mon Sep 17 00:00:00 2001
@@ -68,8 +68,18 @@ libpolkit_agent_1_la_LDFLAGS = -export-symbols-regex ' From: Benjamin Otte <otte@redhat.com>
libexec_PROGRAMS = polkit-agent-helper-1 Date: Fri, 11 Mar 2011 13:01:27 +0000
Subject: introspection: Add --c-include to the gir files
polkit_agent_helper_1_SOURCES = \
- polkitagenthelper.c \ --- src/polkitagent/Makefile.am.orig Sat Feb 26 23:23:53 2011
- $(NULL) +++ src/polkitagent/Makefile.am Wed Apr 27 19:10:36 2011
+ polkitagenthelperprivate.c polkitagenthelperprivate.h @@ -89,6 +89,9 @@ endif
+ if POLKIT_AUTHFW_SHADOW
+if POLKIT_AUTHFW_PAM polkit_agent_helper_1_SOURCES += polkitagenthelper-shadow.c
+polkit_agent_helper_1_SOURCES += polkitagenthelper-pam.c endif
+endif
+if POLKIT_AUTHFW_SHADOW
+polkit_agent_helper_1_SOURCES += polkitagenthelper-shadow.c
+endif
+if POLKIT_AUTHFW_BSDAUTH +if POLKIT_AUTHFW_BSDAUTH
+polkit_agent_helper_1_SOURCES += polkitagenthelper-bsdauth.c +polkit_agent_helper_1_SOURCES += polkitagenthelper-bsdauth.c
+endif +endif
+polkit_agent_helper_1_SOURCES += $(NULL)
polkit_agent_helper_1_CFLAGS = \ polkit_agent_helper_1_CFLAGS = \
-D_POLKIT_COMPILATION \ -D_POLKIT_COMPILATION \
@@ -120,6 +123,7 @@ PolkitAgent-1.0.gir: libpolkit-agent-1.la $(INTROSPECT
--pkg=glib-2.0 \
--pkg=gobject-2.0 \
--pkg=gio-2.0 \
+ --c-include='polkitagent/polkitagent.h' \
--libtool=$(top_builddir)/libtool \
-I$(top_srcdir)/src \
-D_POLKIT_COMPILATION \

80
sysutils/polkit/patches/patch-src_polkitagent_polkitagenthelper-bsdauth_c
View File

@ -1,10 +1,11 @@
$OpenBSD: patch-src_polkitagent_polkitagenthelper-bsdauth_c,v 1.3 2010/07/16 10:04:10 ajacoutot Exp $ $OpenBSD: patch-src_polkitagent_polkitagenthelper-bsdauth_c,v 1.4 2011/04/28 13:09:07 ajacoutot Exp $
--- src/polkitagent/polkitagenthelper-bsdauth.c.orig Fri Jul 16 11:22:22 2010 --- src/polkitagent/polkitagenthelper-bsdauth.c.orig Sat Dec 4 09:39:18 2010
+++ src/polkitagent/polkitagenthelper-bsdauth.c Fri Jul 16 11:22:10 2010 +++ src/polkitagent/polkitagenthelper-bsdauth.c Sat Dec 4 09:40:52 2010
@@ -0,0 +1,204 @@ @@ -0,0 +1,190 @@
+/* +/*
+ * Copyright (C) 2008 Red Hat, Inc. + * Copyright (C) 2008 Red Hat, Inc.
+ * Copyright (C) 2009-2010 Andrew Psaltis <ampsaltis@gmail.com> + * Copyright (C) 2009-2010 Andrew Psaltis <ampsaltis@gmail.com>
+ * Copyright (C) 2010 Antoine Jacoutot <ajacoutot@openbsd.org>
+ * + *
+ * This library is free software; you can redistribute it and/or + * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public + * modify it under the terms of the GNU Lesser General Public
@ -27,6 +28,8 @@ $OpenBSD: patch-src_polkitagent_polkitagenthelper-bsdauth_c,v 1.3 2010/07/16 10:
+ */ + */
+ +
+#include "config.h" +#include "config.h"
+#include "polkitagenthelperprivate.h"
+
+#include <stdio.h> +#include <stdio.h>
+#include <stdlib.h> +#include <stdlib.h>
+#include <string.h> +#include <string.h>
@ -40,34 +43,20 @@ $OpenBSD: patch-src_polkitagent_polkitagenthelper-bsdauth_c,v 1.3 2010/07/16 10:
+#include <bsd_auth.h> +#include <bsd_auth.h>
+ +
+#include <polkit/polkit.h> +#include <polkit/polkit.h>
+#include "polkitagenthelperprivate.h"
+ +
+ +static gboolean bsdauth_authenticate (const char *user_to_auth);
+static int bsdauth_authenticate(const char *user_to_auth);
+
+#ifndef HAVE_CLEARENV
+extern char **environ;
+
+static int
+clearenv (void)
+{
+ if (environ != NULL)
+ environ[0] = NULL;
+ return 0;
+}
+#endif
+ +
+int +int
+main (int argc, char *argv[]) +main (int argc, char *argv[])
+{ +{
+ struct passwd *shadow; + struct passwd *pw;
+ const char *user_to_auth; + const char *user_to_auth;
+ const char *cookie; + const char *cookie;
+// time_t tm; +// time_t tm;
+ +
+ /* clear the entire environment to avoid attacks with + /* clear the entire environment to avoid attacks with
+ libraries honoring environment variables */ + libraries honoring environment variables */
+ if (clearenv () != 0) + if (_polkit_clearenv () != 0)
+ goto error; + goto error;
+ +
+ /* set a minimal environment */ + /* set a minimal environment */
@ -108,54 +97,50 @@ $OpenBSD: patch-src_polkitagent_polkitagenthelper-bsdauth_c,v 1.3 2010/07/16 10:
+ fprintf (stderr, "polkit-agent-helper-1: user to auth is '%s'.\n", user_to_auth); + fprintf (stderr, "polkit-agent-helper-1: user to auth is '%s'.\n", user_to_auth);
+#endif /* PAH_DEBUG */ +#endif /* PAH_DEBUG */
+ +
+ /* Ask shadow about the user requesting authentication */ + /* Search the password database for the user requesting authentication */
+ if ((shadow = getpwnam (user_to_auth)) == NULL) + if ((pw = getpwnam (user_to_auth)) == NULL)
+ { + {
+ syslog (LOG_NOTICE, "password database information request for user %s [uid=%d] failed", user_to_auth, getuid()); + syslog (LOG_NOTICE, "password database information request for user %s [uid=%d] failed", user_to_auth, getuid());
+ fprintf(stderr, "polkit-agent-helper-1: could not get shadow information for%.100s", user_to_auth); + fprintf(stderr, "polkit-agent-helper-1: could not get user information for '%s'", user_to_auth);
+ goto error; + goto error;
+ } + }
+ +
+ /* Check the user's identity */ + /* Check the user's identity */
+ if(!bsdauth_authenticate (user_to_auth)) + if (!bsdauth_authenticate (user_to_auth))
+ { + {
+ syslog (LOG_NOTICE, "authentication failure [uid=%d] trying to authenticate '%s'", getuid (), user_to_auth); + syslog (LOG_NOTICE, "authentication failure [uid=%d] trying to authenticate '%s'", getuid (), user_to_auth);
+ fprintf (stderr, "polkit-agent-helper-1: authentication failure. This incident has been logged.\n"); + fprintf (stderr, "polkit-agent-helper-1: authentication failure. This incident has been logged.\n");
+ goto error; + goto error;
+ } + }
+ +
+#if 0
+ /* Check whether the user's password has expired */ + /* Check whether the user's password has expired */
+/* + now = time (NULL);
+ time(&tm); + if (shadow->sp_max >= 0 && (shadow->sp_lstchg + shadow->sp_max) * 60 * 60 * 24 <= now)
+ if( shadow->sp_max >= 0 && (shadow->sp_lstchg + shadow->sp_max) * 60 * 60 * 24 <= tm)
+ { + {
+ syslog (LOG_NOTICE, "password expired for user '%s' [uid=%d] trying to authenticate", user_to_auth, getuid () ); + syslog (LOG_NOTICE, "password expired for user '%s' [uid=%d] trying to authenticate", user_to_auth, getuid ());
+ fprintf (stderr, "polkit-agent-helper-1: authorization failure. This incident has been logged.\n"); + fprintf (stderr, "polkit-agent-helper-1: authorization failure. This incident has been logged.\n");
+ goto error; + goto error;
+ } + }
+*/
+ +
+ /* Check whether the user's password has aged (and account expired along + /* Check whether the user's password has aged (and account expired along
+ * with it) + * with it)
+ */ + */
+/* + if (shadow->sp_inact >= 0 && (shadow->sp_lstchg + shadow->sp_max + shadow->sp_inact) * 60 * 60 * 24 <= now)
+ if( shadow->sp_inact >= 0 && (shadow->sp_lstchg + shadow->sp_max + shadow->sp_inact) * 60 * 60 * 24 <= tm)
+ { + {
+ syslog (LOG_NOTICE, "password aged for user '%s' [uid=%d] trying to authenticate", user_to_auth, getuid () ); + syslog (LOG_NOTICE, "password aged for user '%s' [uid=%d] trying to authenticate", user_to_auth, getuid ());
+ fprintf (stderr, "polkit-agent-helper-1: authorization failure. This incident has been logged.\n"); + fprintf (stderr, "polkit-agent-helper-1: authorization failure. This incident has been logged.\n");
+ goto error; + goto error;
+ } + }
+*/
+ +
+ /* Check whether the user's account has expired */ + /* Check whether the user's account has expired */
+/* + if (shadow->sp_expire >= 0 && shadow->sp_expire * 60 * 60 * 24 <= now)
+ if(shadow->sp_expire >= 0 && shadow->sp_expire * 60 * 60 * 24 <= tm)
+ { + {
+ syslog (LOG_NOTICE, "account expired for user '%s' [uid=%d] trying to authenticate", user_to_auth, getuid () ); + syslog (LOG_NOTICE, "account expired for user '%s' [uid=%d] trying to authenticate", user_to_auth, getuid ());
+ fprintf (stderr, "polkit-agent-helper-1: authorization failure. This incident has been logged.\n"); + fprintf (stderr, "polkit-agent-helper-1: authorization failure. This incident has been logged.\n");
+ goto error; + goto error;
+ } + }
+*/ +#endif
+ +
+#ifdef PAH_DEBUG +#ifdef PAH_DEBUG
+ fprintf (stderr, "polkit-agent-helper-1: sending D-Bus message to PolicyKit daemon\n"); + fprintf (stderr, "polkit-agent-helper-1: sending D-Bus message to PolicyKit daemon\n");
@ -177,29 +162,30 @@ $OpenBSD: patch-src_polkitagent_polkitagenthelper-bsdauth_c,v 1.3 2010/07/16 10:
+#endif /* PAH_DEBUG */ +#endif /* PAH_DEBUG */
+ +
+ fprintf (stdout, "SUCCESS\n"); + fprintf (stdout, "SUCCESS\n");
+ flush_and_wait(); + flush_and_wait ();
+ return 0; + return 0;
+ +
+error: +error:
+ fprintf (stdout, "FAILURE\n"); + fprintf (stdout, "FAILURE\n");
+ flush_and_wait(); + flush_and_wait ();
+ return 1; + return 1;
+} +}
+ +
+static int +static gboolean
+bsdauth_authenticate(const char *user_to_auth) +bsdauth_authenticate (const char *user_to_auth)
+{ +{
+ /* Speak PAM to the daemon, thanks to David Zeuthen for the idea. */
+ char passwd[512]; + char passwd[512];
+ fprintf(stdout, "PAM_PROMPT_ECHO_OFF password:\n"); +
+ flush_and_wait(); + fprintf (stdout, "PAM_PROMPT_ECHO_OFF password:\n");
+ fflush (stdout);
+ usleep (10 * 1000); /* since fflush(3) seems buggy */
+ +
+ if (fgets (passwd, sizeof (passwd), stdin) == NULL) + if (fgets (passwd, sizeof (passwd), stdin) == NULL)
+ goto error; + goto error;
+ +
+ if (strlen (passwd) > 0 && passwd[strlen (passwd) - 1] == '\n') + if (strlen (passwd) > 0 && passwd[strlen (passwd) - 1] == '\n')
+ passwd[strlen (passwd) - 1] = '\0'; + passwd[strlen (passwd) - 1] = '\0';
+ +
+ if (auth_userokay((char *)user_to_auth, NULL, "auth-polkit", passwd) == 0) + if (auth_userokay((char *)user_to_auth, NULL, "auth-polkit", passwd) == 0)
+ goto error; + goto error;
+ return 1; + return 1;

268
sysutils/polkit/patches/patch-src_polkitagent_polkitagenthelper-pam_c
View File

@ -1,268 +0,0 @@
$OpenBSD: patch-src_polkitagent_polkitagenthelper-pam_c,v 1.1.1.1 2010/07/01 07:46:21 ajacoutot Exp $
--- src/polkitagent/polkitagenthelper-pam.c.orig Sun Jun 27 17:34:45 2010
+++ src/polkitagent/polkitagenthelper-pam.c Sun Jun 27 17:34:45 2010
@@ -0,0 +1,264 @@
+/*
+ * Copyright (C) 2008, 2010 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General
+ * Public License along with this library; if not, write to the
+ * Free Software Foundation, Inc., 59 Temple Place, Suite 330,
+ * Boston, MA 02111-1307, USA.
+ *
+ * Author: David Zeuthen <davidz@redhat.com>
+ */
+
+#include "config.h"
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <syslog.h>
+#include <security/pam_appl.h>
+
+#include <polkit/polkit.h>
+#include "polkitagenthelperprivate.h"
+
+static int conversation_function (int n, const struct pam_message **msg, struct pam_response **resp, void *data);
+
+int
+main (int argc, char *argv[])
+{
+ int rc;
+ const char *user_to_auth;
+ const char *cookie;
+ struct pam_conv pam_conversation;
+ pam_handle_t *pam_h;
+ const void *authed_user;
+
+ rc = 0;
+ pam_h = NULL;
+
+ /* clear the entire environment to avoid attacks using with libraries honoring environment variables */
+ if (clearenv () != 0)
+ goto error;
+
+ /* set a minimal environment */
+ setenv ("PATH", "/usr/sbin:/usr/bin:/sbin:/bin", 1);
+
+ /* check that we are setuid root */
+ if (geteuid () != 0)
+ {
+ fprintf (stderr, "polkit-agent-helper-1: needs to be setuid root\n");
+ goto error;
+ }
+
+ openlog ("polkit-agent-helper-1", LOG_CONS | LOG_PID, LOG_AUTHPRIV);
+
+ /* check for correct invocation */
+ if (argc != 3)
+ {
+ syslog (LOG_NOTICE, "inappropriate use of helper, wrong number of arguments [uid=%d]", getuid ());
+ fprintf (stderr, "polkit-agent-helper-1: wrong number of arguments. This incident has been logged.\n");
+ goto error;
+ }
+
+ user_to_auth = argv[1];
+ cookie = argv[2];
+
+ if (getuid () != 0)
+ {
+ /* check we're running with a non-tty stdin */
+ if (isatty (STDIN_FILENO) != 0)
+ {
+ syslog (LOG_NOTICE, "inappropriate use of helper, stdin is a tty [uid=%d]", getuid ());
+ fprintf (stderr, "polkit-agent-helper-1: inappropriate use of helper, stdin is a tty. This incident has been logged.\n");
+ goto error;
+ }
+ }
+
+#ifdef PAH_DEBUG
+ fprintf (stderr, "polkit-agent-helper-1: user to auth is '%s'.\n", user_to_auth);
+#endif /* PAH_DEBUG */
+
+ pam_conversation.conv = conversation_function;
+ pam_conversation.appdata_ptr = NULL;
+
+ /* start the pam stack */
+ rc = pam_start ("polkit-1",
+ user_to_auth,
+ &pam_conversation,
+ &pam_h);
+ if (rc != PAM_SUCCESS)
+ {
+ fprintf (stderr, "polkit-agent-helper-1: pam_start failed: %s\n", pam_strerror (pam_h, rc));
+ goto error;
+ }
+
+ /* set the requesting user */
+ rc = pam_set_item (pam_h, PAM_RUSER, user_to_auth);
+ if (rc != PAM_SUCCESS)
+ {
+ fprintf (stderr, "polkit-agent-helper-1: pam_set_item failed: %s\n", pam_strerror (pam_h, rc));
+ goto error;
+ }
+
+ /* is user really user? */
+ rc = pam_authenticate (pam_h, 0);
+ if (rc != PAM_SUCCESS)
+ {
+ fprintf (stderr, "polkit-agent-helper-1: pam_authenticated failed: %s\n", pam_strerror (pam_h, rc));
+ goto error;
+ }
+
+ /* permitted access? */
+ rc = pam_acct_mgmt (pam_h, 0);
+ if (rc != PAM_SUCCESS)
+ {
+ fprintf (stderr, "polkit-agent-helper-1: pam_acct_mgmt failed: %s\n", pam_strerror (pam_h, rc));
+ goto error;
+ }
+
+ /* did we auth the right user? */
+ rc = pam_get_item (pam_h, PAM_USER, &authed_user);
+ if (rc != PAM_SUCCESS)
+ {
+ fprintf (stderr, "polkit-agent-helper-1: pam_get_item failed: %s\n", pam_strerror (pam_h, rc));
+ goto error;
+ }
+
+ if (strcmp (authed_user, user_to_auth) != 0)
+ {
+ fprintf (stderr, "polkit-agent-helper-1: Tried to auth user '%s' but we got auth for user '%s' instead",
+ user_to_auth, (const char *) authed_user);
+ goto error;
+ }
+
+#ifdef PAH_DEBUG
+ fprintf (stderr, "polkit-agent-helper-1: successfully authenticated user '%s'.\n", user_to_auth);
+#endif /* PAH_DEBUG */
+
+ pam_end (pam_h, rc);
+ pam_h = NULL;
+
+#ifdef PAH_DEBUG
+ fprintf (stderr, "polkit-agent-helper-1: sending D-Bus message to PolicyKit daemon\n");
+#endif /* PAH_DEBUG */
+
+ /* now send a D-Bus message to the PolicyKit daemon that
+ * includes a) the cookie; and b) the user we authenticated
+ */
+ if (!send_dbus_message (cookie, user_to_auth))
+ {
+#ifdef PAH_DEBUG
+ fprintf (stderr, "polkit-agent-helper-1: error sending D-Bus message to PolicyKit daemon\n");
+#endif /* PAH_DEBUG */
+ goto error;
+ }
+
+#ifdef PAH_DEBUG
+ fprintf (stderr, "polkit-agent-helper-1: successfully sent D-Bus message to PolicyKit daemon\n");
+#endif /* PAH_DEBUG */
+
+ fprintf (stdout, "SUCCESS\n");
+ flush_and_wait();
+ return 0;
+
+error:
+ if (pam_h != NULL)
+ pam_end (pam_h, rc);
+
+ fprintf (stdout, "FAILURE\n");
+ flush_and_wait();
+ return 1;
+}
+
+static int
+conversation_function (int n, const struct pam_message **msg, struct pam_response **resp, void *data)
+{
+ struct pam_response *aresp;
+ char buf[PAM_MAX_RESP_SIZE];
+ int i;
+
+ data = data;
+ if (n <= 0 || n > PAM_MAX_NUM_MSG)
+ return PAM_CONV_ERR;
+
+ if ((aresp = calloc(n, sizeof *aresp)) == NULL)
+ return PAM_BUF_ERR;
+
+ for (i = 0; i < n; ++i)
+ {
+ aresp[i].resp_retcode = 0;
+ aresp[i].resp = NULL;
+ switch (msg[i]->msg_style)
+ {
+
+ case PAM_PROMPT_ECHO_OFF:
+ fprintf (stdout, "PAM_PROMPT_ECHO_OFF ");
+ goto conv1;
+
+ case PAM_PROMPT_ECHO_ON:
+ fprintf (stdout, "PAM_PROMPT_ECHO_ON ");
+ conv1:
+ fputs (msg[i]->msg, stdout);
+ if (strlen (msg[i]->msg) > 0 && msg[i]->msg[strlen (msg[i]->msg) - 1] != '\n')
+ fputc ('\n', stdout);
+ fflush (stdout);
+
+ if (fgets (buf, sizeof buf, stdin) == NULL)
+ goto error;
+
+ if (strlen (buf) > 0 &&
+ buf[strlen (buf) - 1] == '\n')
+ buf[strlen (buf) - 1] = '\0';
+
+ aresp[i].resp = strdup (buf);
+ if (aresp[i].resp == NULL)
+ goto error;
+ break;
+
+ case PAM_ERROR_MSG:
+ fprintf (stdout, "PAM_ERROR_MSG ");
+ goto conv2;
+
+ case PAM_TEXT_INFO:
+ fprintf (stdout, "PAM_TEXT_INFO ");
+ conv2:
+ fputs (msg[i]->msg, stdout);
+ if (strlen (msg[i]->msg) > 0 &&
+ msg[i]->msg[strlen (msg[i]->msg) - 1] != '\n')
+ fputc ('\n', stdout);
+ fflush (stdout);
+ break;
+
+ default:
+ goto error;
+ }
+ }
+
+ *resp = aresp;
+ return PAM_SUCCESS;
+
+error:
+
+ for (i = 0; i < n; ++i)
+ {
+ if (aresp[i].resp != NULL) {
+ memset (aresp[i].resp, 0, strlen(aresp[i].resp));
+ free (aresp[i].resp);
+ }
+ }
+ memset (aresp, 0, n * sizeof *aresp);
+ *resp = NULL;
+ return PAM_CONV_ERR;
+}
+

114
sysutils/polkit/patches/patch-src_polkitagent_polkitagenthelperprivate_c
View File

@ -1,101 +1,13 @@
$OpenBSD: patch-src_polkitagent_polkitagenthelperprivate_c,v 1.1.1.1 2010/07/01 07:46:21 ajacoutot Exp $ $OpenBSD: patch-src_polkitagent_polkitagenthelperprivate_c,v 1.2 2011/04/28 13:09:07 ajacoutot Exp $
--- src/polkitagent/polkitagenthelperprivate.c.orig Sun Jun 27 17:34:45 2010 --- src/polkitagent/polkitagenthelperprivate.c.orig Wed Apr 27 16:58:05 2011
+++ src/polkitagent/polkitagenthelperprivate.c Sun Jun 27 17:34:45 2010 +++ src/polkitagent/polkitagenthelperprivate.c Wed Apr 27 16:58:18 2011
@@ -0,0 +1,97 @@ @@ -103,7 +103,7 @@ flush_and_wait ()
+/* {
+ * Copyright (C) 2009-2010 Red Hat, Inc. fflush (stdout);
+ * fflush (stderr);
+ * This library is free software; you can redistribute it and/or - fdatasync (fileno(stdout));
+ * modify it under the terms of the GNU Lesser General Public - fdatasync (fileno(stderr));
+ * License as published by the Free Software Foundation; either + fsync (fileno(stdout));
+ * version 2 of the License, or (at your option) any later version. + fsync (fileno(stderr));
+ * usleep (100 * 1000);
+ * This library is distributed in the hope that it will be useful, }
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General
+ * Public License along with this library; if not, write to the
+ * Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA 02110-1301, USA.
+ *
+ * Authors: David Zeuthen <davidz@redhat.com>,
+ * Andrew Psaltis <ampsaltis@gmail.com>
+ */
+
+#include "polkitagenthelperprivate.h"
+#include <stdio.h>
+
+#ifndef HAVE_CLEARENV
+extern char **environ;
+
+static int
+clearenv (void)
+{
+ if (environ != NULL)
+ environ[0] = NULL;
+ return 0;
+}
+#endif
+
+
+gboolean
+send_dbus_message (const char *cookie, const char *user)
+{
+ PolkitAuthority *authority;
+ PolkitIdentity *identity;
+ GError *error;
+ gboolean ret;
+
+ ret = FALSE;
+
+ error = NULL;
+
+ g_type_init ();
+
+ authority = polkit_authority_get ();
+
+ identity = polkit_unix_user_new_for_name (user, &error);
+ if (identity == NULL)
+ {
+ g_printerr ("Error constructing identity: %s\n", error->message);
+ g_error_free (error);
+ goto out;
+ }
+
+ if (!polkit_authority_authentication_agent_response_sync (authority,
+ cookie,
+ identity,
+ NULL,
+ &error))
+ {
+ g_printerr ("polkit-agent-helper-1: error response to PolicyKit daemon: %s\n", error->message);
+ g_error_free (error);
+ goto out;
+ }
+
+ ret = TRUE;
+
+ out:
+
+ if (identity != NULL)
+ g_object_unref (identity);
+
+ if (authority != NULL)
+ g_object_unref (authority);
+
+ return ret;
+}
+
+/* fflush(3) stdin and stdout and wait a little bit.
+ * This replaces the three-line commands at the bottom of
+ * polkit-agent-helper-1's main() function.
+ */
+void
+flush_and_wait ()
+{
+ fflush (stdout);
+ fflush (stderr);
+ usleep (10 * 1000); /* since fflush(3) seems buggy */
+}

46
sysutils/polkit/patches/patch-src_polkitagent_polkitagenthelperprivate_h
View File

@ -1,46 +0,0 @@
$OpenBSD: patch-src_polkitagent_polkitagenthelperprivate_h,v 1.1.1.1 2010/07/01 07:46:21 ajacoutot Exp $
--- src/polkitagent/polkitagenthelperprivate.h.orig Sun Jun 27 17:34:45 2010
+++ src/polkitagent/polkitagenthelperprivate.h Sun Jun 27 17:34:45 2010
@@ -0,0 +1,42 @@
+/*
+ * Copyright (C) 2009-2010 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General
+ * Public License along with this library; if not, write to the
+ * Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA 02110-1301, USA.
+ *
+ * Authors: David Zeuthen <davidz@redhat.com>,
+ * Andrew Psaltis <ampsalits@gmail.com>
+ */
+#ifndef __POLKIT_AGENT_HELPER_PRIVATE_H
+#define __POLKIT_AGENT_HELPER_PRIVATE_H
+
+#include <polkit/polkit.h>
+
+/* Development aid: define PAH_DEBUG to get debugging output. Do _NOT_
+ * enable this in production builds; it may leak passwords and other
+ * sensitive information.
+ */
+#undef PAH_DEBUG
+// #define PAH_DEBUG
+
+#ifdef HAVE_SOLARIS
+# define LOG_AUTHPRIV (10<<3)
+#endif
+
+gboolean send_dbus_message (const char *cookie, const char *user);
+
+void flush_and_wait ();
+
+#endif /* __POLKIT_AGENT_HELPER_PRIVATE_H */

4
sysutils/polkit/patches/patch-src_polkitbackend_50-localauthority_conf
View File

@ -1,11 +1,11 @@
$OpenBSD: patch-src_polkitbackend_50-localauthority_conf,v 1.1 2010/07/05 15:22:16 ajacoutot Exp $ $OpenBSD: patch-src_polkitbackend_50-localauthority_conf,v 1.2 2011/04/28 13:09:07 ajacoutot Exp $
--- src/polkitbackend/50-localauthority.conf.orig Mon Jul 5 16:52:24 2010 --- src/polkitbackend/50-localauthority.conf.orig Mon Jul 5 16:52:24 2010
+++ src/polkitbackend/50-localauthority.conf Mon Jul 5 16:52:30 2010 +++ src/polkitbackend/50-localauthority.conf Mon Jul 5 16:52:30 2010
@@ -1,6 +1,6 @@ @@ -1,6 +1,6 @@
# Configuration file for the PolicyKit Local Authority. # Configuration file for the PolicyKit Local Authority.
# #
-# DO NOT EDIT THIS FILE, it will be overwritten on update. -# DO NOT EDIT THIS FILE, it will be overwritten on update.
+# DO NOT EDIT THIS FILE +# DO NOT EDIT THIS FILE.
# #
# See the pklocalauthority(8) man page for more information # See the pklocalauthority(8) man page for more information
# about configuring the Local Authority. # about configuring the Local Authority.

10
sysutils/polkit/patches/patch-src_polkitbackend_Makefile_am
View File

@ -1,8 +1,8 @@
$OpenBSD: patch-src_polkitbackend_Makefile_am,v 1.1.1.1 2010/07/01 07:46:21 ajacoutot Exp $ $OpenBSD: patch-src_polkitbackend_Makefile_am,v 1.2 2011/04/28 13:09:07 ajacoutot Exp $
--- src/polkitbackend/Makefile.am.orig Sun Jun 27 18:26:49 2010 --- src/polkitbackend/Makefile.am.orig Mon Aug 9 20:49:57 2010
+++ src/polkitbackend/Makefile.am Sun Jun 27 18:27:49 2010 +++ src/polkitbackend/Makefile.am Tue Nov 30 12:31:18 2010
@@ -100,10 +100,4 @@ clean-local : @@ -74,10 +74,4 @@ clean-local :
rm -f *~ $(ck_built_sources) $(BUILT_SOURCES) rm -f *~ $(BUILT_SOURCES)
install-exec-hook: install-exec-hook:
- mkdir -p $(DESTDIR)$(localstatedir)/lib/polkit-1 - mkdir -p $(DESTDIR)$(localstatedir)/lib/polkit-1

17
sysutils/polkit/patches/patch-src_polkitbackend_polkitbackendconfigsource_c
View File

@ -1,17 +0,0 @@
$OpenBSD: patch-src_polkitbackend_polkitbackendconfigsource_c,v 1.1 2010/07/18 15:41:22 ajacoutot Exp $
- Configuration reload on every query
779c0153fc0bd3c2e302dac1979d17638f054229
Set has_data to true after the data is loaded to prevent excessive
reloading of config files.
--- src/polkitbackend/polkitbackendconfigsource.c.orig Wed Mar 10 18:46:19 2010
+++ src/polkitbackend/polkitbackendconfigsource.c Sun Jul 18 17:28:52 2010
@@ -386,6 +386,7 @@ polkit_backend_config_source_ensure (PolkitBackendConf
}
source->priv->key_files = g_list_reverse (source->priv->key_files);
+ source->priv->has_data = TRUE;
out:
g_list_foreach (files, (GFunc) g_object_unref, NULL);

30
sysutils/polkit/patches/patch-src_polkitbackend_polkitbackendlocalauthority_c
View File

@ -1,30 +0,0 @@
$OpenBSD: patch-src_polkitbackend_polkitbackendlocalauthority_c,v 1.1.1.1 2010/07/01 07:46:21 ajacoutot Exp $
--- src/polkitbackend/polkitbackendlocalauthority.c.orig Sun Jun 27 18:27:56 2010
+++ src/polkitbackend/polkitbackendlocalauthority.c Sun Jun 27 18:28:13 2010
@@ -211,7 +211,7 @@ add_all_authorization_stores (PolkitBackendLocalAuthor
error = NULL;
if (n == 0)
- toplevel_path = PACKAGE_LOCALSTATE_DIR "/lib/polkit-1/localauthority";
+ toplevel_path = PACKAGE_LOCALSTATE_DIR "/db/polkit-1/localauthority";
else
toplevel_path = PACKAGE_SYSCONF_DIR "/polkit-1/localauthority";
@@ -321,7 +321,7 @@ polkit_backend_local_authority_init (PolkitBackendLoca
GError *error;
if (n == 0)
- toplevel_path = PACKAGE_LOCALSTATE_DIR "/lib/polkit-1/localauthority";
+ toplevel_path = PACKAGE_LOCALSTATE_DIR "/db/polkit-1/localauthority";
else
toplevel_path = PACKAGE_SYSCONF_DIR "/polkit-1/localauthority";
@@ -698,7 +698,7 @@ static gchar *
lockdown_get_filename (const gchar *action_id)
{
return g_strdup_printf (PACKAGE_LOCALSTATE_DIR
- "/lib/polkit-1/localauthority/90-mandatory.d/"
+ "/db/polkit-1/localauthority/90-mandatory.d/"
"org.freedesktop.policykit.localauthority.lockdown.action-%s.pkla",
action_id);
}

18
sysutils/polkit/patches/patch-src_polkitbackend_polkitbackendlocalauthorizationstore_c
View File

@ -1,18 +0,0 @@
$OpenBSD: patch-src_polkitbackend_polkitbackendlocalauthorizationstore_c,v 1.1 2010/07/18 15:41:22 ajacoutot Exp $
- Configuration reload on every query
779c0153fc0bd3c2e302dac1979d17638f054229
Set has_data to true after the data is loaded to prevent excessive
reloading of config files.
--- src/polkitbackend/polkitbackendlocalauthorizationstore.c.orig Wed Mar 10 18:46:19 2010
+++ src/polkitbackend/polkitbackendlocalauthorizationstore.c Sun Jul 18 17:28:52 2010
@@ -641,6 +641,8 @@ polkit_backend_local_authorization_store_ensure (Polki
g_free (filename);
}
+ store->priv->has_data = TRUE;
+
out:
g_list_foreach (files, (GFunc) g_object_unref, NULL);
g_list_free (files);

30
sysutils/polkit/patches/patch-src_polkitbackend_polkitbackendsessionmonitor_c Normal file
View File

@ -0,0 +1,30 @@
$OpenBSD: patch-src_polkitbackend_polkitbackendsessionmonitor_c,v 1.1 2011/04/28 13:09:07 ajacoutot Exp $
From c23d74447c7615dc74dae259f0fc3688ec988867 Mon Sep 17 00:00:00 2001
From: David Zeuthen <davidz@redhat.com>
Date: Fri, 01 Apr 2011 16:12:27 +0000
Subject: Use polkit_unix_process_get_uid() to get the owner of a process
--- src/polkitbackend/polkitbackendsessionmonitor.c.orig Sat Feb 26 23:23:53 2011
+++ src/polkitbackend/polkitbackendsessionmonitor.c Wed Apr 27 19:07:36 2011
@@ -293,14 +293,15 @@ polkit_backend_session_monitor_get_user_for_subject (P
if (POLKIT_IS_UNIX_PROCESS (subject))
{
- local_error = NULL;
- uid = polkit_unix_process_get_owner (POLKIT_UNIX_PROCESS (subject), &local_error);
- if (local_error != NULL)
+ uid = polkit_unix_process_get_uid (POLKIT_UNIX_PROCESS (subject));
+ if ((gint) uid == -1)
{
- g_propagate_prefixed_error (error, local_error, "Error getting user for process: ");
+ g_set_error (error,
+ POLKIT_ERROR,
+ POLKIT_ERROR_FAILED,
+ "Unix process subject does not have uid set");
goto out;
}
-
ret = polkit_unix_user_new (uid);
}
else if (POLKIT_IS_SYSTEM_BUS_NAME (subject))

41
sysutils/polkit/patches/patch-src_polkitd_gposixsignal_c Normal file
View File

@ -0,0 +1,41 @@
$OpenBSD: patch-src_polkitd_gposixsignal_c,v 1.1 2011/04/28 13:09:07 ajacoutot Exp $
--- src/polkitd/gposixsignal.c.orig Sat Feb 26 23:23:53 2011
+++ src/polkitd/gposixsignal.c Wed Apr 27 16:07:00 2011
@@ -26,7 +26,13 @@
#if defined(__linux__)
#include <unistd.h>
+#if defined(__FreeBSD__) || defined(__OpenBSD__)
+#include <sys/types.h>
+#include <sys/event.h>
+#include <sys/time.h>
+#else
#include <sys/signalfd.h>
+#endif
#include <signal.h>
typedef struct
@@ -84,6 +90,9 @@ _g_posix_signal_source_new (gint signum)
gint fd;
GSource *_source;
_GPosixSignalSource *source;
+#if defined(__FreeBSD__) || defined(__OpenBSD__)
+ struct kevent ev;
+#endif
_source = NULL;
@@ -93,7 +102,13 @@ _g_posix_signal_source_new (gint signum)
if (sigprocmask (SIG_BLOCK, &sigset, NULL) == -1)
g_assert_not_reached ();
+#if defined(__FreeBSD__) || defined(__OpenBSD__)
+ fd = kqueue ();
+ EV_SET (&ev, signum, EVFILT_SIGNAL, EV_ADD, 0, 0, NULL);
+ kevent (fd, &ev, 1, NULL, 0, NULL);
+#else
fd = signalfd (-1, &sigset, SFD_NONBLOCK | SFD_CLOEXEC);
+#endif
_source = g_source_new (&_g_posix_signal_source_funcs, sizeof (_GPosixSignalSource));
source = (_GPosixSignalSource *) _source;

141
sysutils/polkit/patches/patch-src_programs_pkexec_c
View File

@ -1,55 +1,104 @@
$OpenBSD: patch-src_programs_pkexec_c,v 1.1.1.1 2010/07/01 07:46:21 ajacoutot Exp $ $OpenBSD: patch-src_programs_pkexec_c,v 1.2 2011/04/28 13:09:07 ajacoutot Exp $
--- src/programs/pkexec.c.orig Wed Mar 10 18:46:19 2010
+++ src/programs/pkexec.c Thu Jul 1 07:31:27 2010 From 3b12cfac29dddd27f1f166a7574d8374cc1dccf2 Mon Sep 17 00:00:00 2001
@@ -34,7 +34,11 @@ From: David Zeuthen <davidz@redhat.com>
#include <grp.h> Date: Fri, 01 Apr 2011 16:13:15 +0000
Subject: pkexec: Avoid TOCTTOU problems with parent process
--- src/programs/pkexec.c.orig Thu Mar 3 18:04:19 2011
+++ src/programs/pkexec.c Wed Apr 27 19:09:18 2011
@@ -35,6 +35,10 @@
#include <pwd.h> #include <pwd.h>
#include <errno.h> #include <errno.h>
+#ifdef __linux__
+#include <sys/prctl.h>
+#endif
+ +
+#ifdef POLKIT_AUTHFW_PAM #include <glib/gi18n.h>
#include <security/pam_appl.h>
+#endif /* POLKIT_AUTHFW_PAM */
+
#include <syslog.h>
#include <stdarg.h>
@@ -115,6 +119,7 @@ log_message (gint level, #ifdef POLKIT_AUTHFW_PAM
@@ -423,7 +427,6 @@ main (int argc, char *argv[])
GPtrArray *saved_env;
gchar *opt_user;
pid_t pid_of_caller;
- uid_t uid_of_caller;
gpointer local_agent_handle;
/* ---------------------------------------------------------------------------------------------------- */ ret = 127;
@@ -598,40 +601,49 @@ main (int argc, char *argv[])
+#ifdef POLKIT_AUTHFW_PAM
static int
pam_conversation_function (int n,
const struct pam_message **msg,
@@ -167,6 +172,7 @@ out:
pam_end (pam_h, rc);
return ret;
}
+#endif /* POLKIT_AUTHFW_PAM */
/* ---------------------------------------------------------------------------------------------------- */
@@ -437,7 +443,7 @@ main (int argc, char *argv[])
goto out;
}
- original_cwd = g_strdup (get_current_dir_name ());
+ original_cwd = g_strdup (getcwd (NULL, 0));
if (original_cwd == NULL)
{
g_printerr ("Error getting cwd.\n");
@@ -741,11 +747,13 @@ main (int argc, char *argv[])
* TODO: The question here is whether we should clear the limits before applying them?
* As evident above, neither su(1) (and, for that matter, nor sudo(8)) does this.
*/ */
+#ifdef POLKIT_AUTHW_PAM g_type_init ();
if (!open_session (pw->pw_name))
- /* now check if the program that invoked us is authorized */
+ /* make sure we are nuked if the parent process dies */
+#ifdef __linux__
+ if (prctl (PR_SET_PDEATHSIG, SIGTERM) != 0)
+ {
+ g_printerr ("prctl(PR_SET_PDEATHSIG, SIGTERM) failed: %s\n", g_strerror (errno));
+ goto out;
+ }
+#else
+#warning "Please add OS specific code to catch when the parent dies"
+#endif
+
+ /* Figure out the parent process */
pid_of_caller = getppid ();
if (pid_of_caller == 1)
{ {
/* getppid() can return 1 if the parent died (meaning that we are reaped
- * by /sbin/init); get process group leader instead - for example, this
- * happens when launching via gnome-panel (alt+f2, then 'pkexec gedit').
+ * by /sbin/init); In that case we simpy bail.
*/
- pid_of_caller = getpgrp ();
- }
-
- subject = polkit_unix_process_new (pid_of_caller);
- if (subject == NULL)
- {
- g_printerr ("No such process for pid %d: %s\n", (gint) pid_of_caller, error->message);
- g_error_free (error);
+ g_printerr ("Refusing to render service to dead parents.\n");
goto out; goto out;
} }
-
+#endif /* POLKIT_AUTHFW_PAM */ - /* paranoia: check that the uid of pid_of_caller matches getuid() */
+ - error = NULL;
/* become the user */ - uid_of_caller = polkit_unix_process_get_owner (POLKIT_UNIX_PROCESS (subject),
if (setgroups (0, NULL) != 0) - &error);
{ - if (error != NULL)
- {
- g_printerr ("Error determing pid of caller (pid %d): %s\n", (gint) pid_of_caller, error->message);
- g_error_free (error);
- goto out;
- }
- if (uid_of_caller != getuid ())
- {
- g_printerr ("User of caller (%d) does not match our uid (%d)\n", uid_of_caller, getuid ());
- goto out;
- }
+ /* This process we want to check an authorization for is the process
+ * that launched us - our parent process.
+ *
+ * At the time the parent process fork()'ed and exec()'ed us, the
+ * process had the same real-uid that we have now. So we use this
+ * real-uid instead of of looking it up to avoid TOCTTOU issues
+ * (consider the parent process exec()'ing a setuid helper).
+ *
+ * On the other hand, the monotonic process start-time is guaranteed
+ * to never change so it's safe to look that up given only the PID
+ * since we are guaranteed to be nuked if the parent goes away
+ * (cf. the prctl(2) call above).
+ */
+ subject = polkit_unix_process_new_for_owner (pid_of_caller,
+ 0, /* 0 means "look up start-time in /proc" */
+ getuid ());
+ /* really double-check the invariants guaranteed by the PolkitUnixProcess class */
+ g_assert (subject != NULL);
+ g_assert (polkit_unix_process_get_pid (POLKIT_UNIX_PROCESS (subject)) == pid_of_caller);
+ g_assert (polkit_unix_process_get_uid (POLKIT_UNIX_PROCESS (subject)) >= 0);
+ g_assert (polkit_unix_process_get_start_time (POLKIT_UNIX_PROCESS (subject)) > 0);
error = NULL;
authority = polkit_authority_get_sync (NULL /* GCancellable* */, &error);

3
sysutils/polkit/pkg/PFRAG.shared
View File

@ -1,6 +1,5 @@
@comment $OpenBSD: PFRAG.shared,v 1.1.1.1 2010/07/01 07:46:21 ajacoutot Exp $ @comment $OpenBSD: PFRAG.shared,v 1.2 2011/04/28 13:09:07 ajacoutot Exp $
@lib lib/libpolkit-agent-1.so.${LIBpolkit-agent-1_VERSION} @lib lib/libpolkit-agent-1.so.${LIBpolkit-agent-1_VERSION}
@lib lib/libpolkit-backend-1.so.${LIBpolkit-backend-1_VERSION} @lib lib/libpolkit-backend-1.so.${LIBpolkit-backend-1_VERSION}
@lib lib/libpolkit-gobject-1.so.${LIBpolkit-gobject-1_VERSION} @lib lib/libpolkit-gobject-1.so.${LIBpolkit-gobject-1_VERSION}
lib/polkit-1/extensions/libnullbackend.so lib/polkit-1/extensions/libnullbackend.so
lib/polkit-1/extensions/libpkexec-action-lookup.so

15
sysutils/polkit/pkg/PLIST
View File

@ -1,4 +1,4 @@
@comment $OpenBSD: PLIST,v 1.5 2011/04/07 11:12:12 ajacoutot Exp $ @comment $OpenBSD: PLIST,v 1.6 2011/04/28 13:09:07 ajacoutot Exp $
%%SHARED%% %%SHARED%%
@bin bin/pk-example-frobnicate @bin bin/pk-example-frobnicate
@bin bin/pkaction @bin bin/pkaction
@ -21,6 +21,7 @@ include/polkit-1/polkit/polkitenumtypes.h
include/polkit-1/polkit/polkiterror.h include/polkit-1/polkit/polkiterror.h
include/polkit-1/polkit/polkitidentity.h include/polkit-1/polkit/polkitidentity.h
include/polkit-1/polkit/polkitimplicitauthorization.h include/polkit-1/polkit/polkitimplicitauthorization.h
include/polkit-1/polkit/polkitpermission.h
include/polkit-1/polkit/polkitprivate.h include/polkit-1/polkit/polkitprivate.h
include/polkit-1/polkit/polkitsubject.h include/polkit-1/polkit/polkitsubject.h
include/polkit-1/polkit/polkitsystembusname.h include/polkit-1/polkit/polkitsystembusname.h
@ -32,22 +33,21 @@ include/polkit-1/polkit/polkitunixsession.h
include/polkit-1/polkit/polkitunixuser.h include/polkit-1/polkit/polkitunixuser.h
include/polkit-1/polkitagent/ include/polkit-1/polkitagent/
include/polkit-1/polkitagent/polkitagent.h include/polkit-1/polkitagent/polkitagent.h
include/polkit-1/polkitagent/polkitagentenumtypes.h
include/polkit-1/polkitagent/polkitagentlistener.h include/polkit-1/polkitagent/polkitagentlistener.h
include/polkit-1/polkitagent/polkitagentsession.h include/polkit-1/polkitagent/polkitagentsession.h
include/polkit-1/polkitagent/polkitagenttextlistener.h
include/polkit-1/polkitagent/polkitagenttypes.h include/polkit-1/polkitagent/polkitagenttypes.h
include/polkit-1/polkitbackend/ include/polkit-1/polkitbackend/
include/polkit-1/polkitbackend/polkitbackend.h include/polkit-1/polkitbackend/polkitbackend.h
include/polkit-1/polkitbackend/polkitbackendactionlookup.h include/polkit-1/polkitbackend/polkitbackendactionlookup.h
include/polkit-1/polkitbackend/polkitbackendactionpool.h
include/polkit-1/polkitbackend/polkitbackendauthority.h include/polkit-1/polkitbackend/polkitbackendauthority.h
include/polkit-1/polkitbackend/polkitbackendconfigsource.h
include/polkit-1/polkitbackend/polkitbackendinteractiveauthority.h include/polkit-1/polkitbackend/polkitbackendinteractiveauthority.h
include/polkit-1/polkitbackend/polkitbackendlocalauthority.h include/polkit-1/polkitbackend/polkitbackendlocalauthority.h
include/polkit-1/polkitbackend/polkitbackendlocalauthorizationstore.h
include/polkit-1/polkitbackend/polkitbackendsessionmonitor.h
include/polkit-1/polkitbackend/polkitbackendtypes.h include/polkit-1/polkitbackend/polkitbackendtypes.h
lib/girepository-1.0/ lib/girepository-1.0/
lib/girepository-1.0/Polkit-1.0.typelib lib/girepository-1.0/Polkit-1.0.typelib
lib/girepository-1.0/PolkitAgent-1.0.typelib
lib/libpolkit-agent-1.a lib/libpolkit-agent-1.a
lib/libpolkit-agent-1.la lib/libpolkit-agent-1.la
lib/libpolkit-backend-1.a lib/libpolkit-backend-1.a
@ -62,8 +62,6 @@ lib/polkit-1/
lib/polkit-1/extensions/ lib/polkit-1/extensions/
@comment lib/polkit-1/extensions/libnullbackend.a @comment lib/polkit-1/extensions/libnullbackend.a
@comment lib/polkit-1/extensions/libnullbackend.la @comment lib/polkit-1/extensions/libnullbackend.la
@comment lib/polkit-1/extensions/libpkexec-action-lookup.a
@comment lib/polkit-1/extensions/libpkexec-action-lookup.la
@mode 4755 @mode 4755
@owner root @owner root
@bin libexec/polkit-agent-helper-1 @bin libexec/polkit-agent-helper-1
@ -88,8 +86,8 @@ share/examples/polkit/polkit-1/
@mode 0700 @mode 0700
@sample ${SYSCONFDIR}/polkit-1/ @sample ${SYSCONFDIR}/polkit-1/
@sample /var/db/polkit-1/ @sample /var/db/polkit-1/
@mode
@sample ${SYSCONFDIR}/polkit-1/localauthority/ @sample ${SYSCONFDIR}/polkit-1/localauthority/
@mode
share/examples/polkit/polkit-1/localauthority.conf.d/ share/examples/polkit/polkit-1/localauthority.conf.d/
@sample ${SYSCONFDIR}/polkit-1/localauthority.conf.d/ @sample ${SYSCONFDIR}/polkit-1/localauthority.conf.d/
share/examples/polkit/polkit-1/localauthority.conf.d/50-localauthority.conf share/examples/polkit/polkit-1/localauthority.conf.d/50-localauthority.conf
@ -108,6 +106,7 @@ share/examples/polkit/var/db/polkit-1/localauthority/10-vendor.d/
share/examples/polkit/var/db/polkit-1/localauthority/10-vendor.d/10-desktop-policy.pkla share/examples/polkit/var/db/polkit-1/localauthority/10-vendor.d/10-desktop-policy.pkla
share/gir-1.0/ share/gir-1.0/
share/gir-1.0/Polkit-1.0.gir share/gir-1.0/Polkit-1.0.gir
share/gir-1.0/PolkitAgent-1.0.gir
share/locale/da/LC_MESSAGES/polkit-1.mo share/locale/da/LC_MESSAGES/polkit-1.mo
share/polkit-1/ share/polkit-1/
share/polkit-1/actions/ share/polkit-1/actions/