rpms/polkit/devel 0001-Sort-by-action-id-in-pkaction-1-output.patch, NONE, 1.1 0002-Bug-23867-UnixProcess-vs.-SystemBusName-aliasing.patch, NONE, 1.1 polkit.spec, 1.9, 1.10
David Zeuthen
davidz at fedoraproject.org
Fri Sep 11 19:50:48 UTC 2009
Author: davidz
Update of /cvs/pkgs/rpms/polkit/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv16509
Modified Files:
polkit.spec
Added Files:
0001-Sort-by-action-id-in-pkaction-1-output.patch
0002-Bug-23867-UnixProcess-vs.-SystemBusName-aliasing.patch
Log Message:
* Fri Sep 11 2009 David Zeuthen <davidz at redhat.com> - 0.94-4
- Add some patches from git master
- Sort pkaction(1) output
- Bug 23867 – UnixProcess vs. SystemBusName aliasing
0001-Sort-by-action-id-in-pkaction-1-output.patch:
pkaction.c | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
--- NEW FILE 0001-Sort-by-action-id-in-pkaction-1-output.patch ---
>From f8f132f066a930e296aa327d4c35c6d644774b9c Mon Sep 17 00:00:00 2001
From: David Zeuthen <davidz at redhat.com>
Date: Fri, 11 Sep 2009 11:35:58 -0400
Subject: [PATCH 1/2] Sort by action id in pkaction(1) output
---
src/programs/pkaction.c | 11 +++++++++++
1 files changed, 11 insertions(+), 0 deletions(-)
diff --git a/src/programs/pkaction.c b/src/programs/pkaction.c
index 3493bc0..7d8f645 100644
--- a/src/programs/pkaction.c
+++ b/src/programs/pkaction.c
@@ -93,6 +93,14 @@ print_action (PolkitActionDescription *action,
}
}
+static gint
+action_desc_compare_by_action_id_func (PolkitActionDescription *a,
+ PolkitActionDescription *b)
+{
+ return g_strcmp0 (polkit_action_description_get_action_id (a),
+ polkit_action_description_get_action_id (b));
+}
+
int
main (int argc, char *argv[])
{
@@ -196,6 +204,9 @@ main (int argc, char *argv[])
}
else
{
+ actions = g_list_sort (actions,
+ (GCompareFunc) action_desc_compare_by_action_id_func);
+
for (l = actions; l != NULL; l = l->next)
{
PolkitActionDescription *action = POLKIT_ACTION_DESCRIPTION (l->data);
--
1.6.4.2
0002-Bug-23867-UnixProcess-vs.-SystemBusName-aliasing.patch:
docs/polkit/polkit-1-sections.txt | 1
src/polkit/polkitsystembusname.c | 44 ++++++++++++++
src/polkit/polkitsystembusname.h | 14 +++-
src/polkitbackend/polkitbackendinteractiveauthority.c | 54 +++++++++++++++++-
4 files changed, 105 insertions(+), 8 deletions(-)
--- NEW FILE 0002-Bug-23867-UnixProcess-vs.-SystemBusName-aliasing.patch ---
>From 2a932ebb20c93d9a81eb89eab25a9cea7b8b388a Mon Sep 17 00:00:00 2001
From: David Zeuthen <davidz at redhat.com>
Date: Fri, 11 Sep 2009 15:35:10 -0400
Subject: [PATCH 2/2] =?UTF-8?q?Bug=2023867=20=E2=80=93=20UnixProcess=20vs.=20SystemBusName=20aliasing?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
For now, convert SystemBusName to UnixProcess when storing/checking
temporary authorizations. See
http://git.gnome.org/cgit/PolicyKit-gnome/commit/?id=ad5fe38a1f7a7a670c3d8e9384b9cd0d037c9222
for a test-case for this.
---
docs/polkit/polkit-1-sections.txt | 1 +
src/polkit/polkitsystembusname.c | 44 ++++++++++++++++
src/polkit/polkitsystembusname.h | 14 +++--
.../polkitbackendinteractiveauthority.c | 53 +++++++++++++++++++-
4 files changed, 105 insertions(+), 7 deletions(-)
diff --git a/docs/polkit/polkit-1-sections.txt b/docs/polkit/polkit-1-sections.txt
index 9219fb8..333e2c8 100644
--- a/docs/polkit/polkit-1-sections.txt
+++ b/docs/polkit/polkit-1-sections.txt
@@ -82,6 +82,7 @@ PolkitSystemBusName
polkit_system_bus_name_new
polkit_system_bus_name_get_name
polkit_system_bus_name_set_name
+polkit_system_bus_name_get_process_sync
<SUBSECTION Standard>
PolkitSystemBusNameClass
POLKIT_SYSTEM_BUS_NAME
diff --git a/src/polkit/polkitsystembusname.c b/src/polkit/polkitsystembusname.c
index 180b6b6..4c9b812 100644
--- a/src/polkit/polkitsystembusname.c
+++ b/src/polkit/polkitsystembusname.c
@@ -28,6 +28,8 @@
#include "polkitsubject.h"
#include "polkitprivate.h"
+#include "polkitunixprocess.h"
+
/**
* SECTION:polkitsystembusname
* @title: PolkitSystemBusName
@@ -379,3 +381,45 @@ subject_iface_init (PolkitSubjectIface *subject_iface)
subject_iface->exists_finish = polkit_system_bus_name_exists_finish;
subject_iface->exists_sync = polkit_system_bus_name_exists_sync;
}
+
+/* ---------------------------------------------------------------------------------------------------- */
+
+/**
+ * polkit_system_bus_name_get_process_sync:
+ * @system_bus_name: A #PolkitSystemBusName.
+ * @cancellable: A #GCancellable or %NULL.
+ * @error: Return location for error or %NULL.
+ *
+ * Synchronously gets a #PolkitUnixProcess object for @system_bus_name.
+ *
+ * Returns: A #PolkitUnixProcess object or %NULL if @error is set.
+ **/
+PolkitSubject *
+polkit_system_bus_name_get_process_sync (PolkitSystemBusName *system_bus_name,
+ GCancellable *cancellable,
+ GError **error)
+{
+ EggDBusConnection *connection;
+ PolkitSubject *ret;
+ pid_t pid;
+
+ ret = NULL;
+
+ connection = egg_dbus_connection_get_for_bus (EGG_DBUS_BUS_TYPE_SYSTEM);
+ if (!egg_dbus_bus_get_connection_unix_process_id_sync (egg_dbus_connection_get_bus (connection),
+ EGG_DBUS_CALL_FLAGS_NONE,
+ system_bus_name->name,
+ &pid,
+ cancellable,
+ error))
+ {
+ goto out;
+ }
+
+ ret = polkit_unix_process_new (pid);
+
+ out:
+ g_object_unref (connection);
+ return ret;
+}
+
diff --git a/src/polkit/polkitsystembusname.h b/src/polkit/polkitsystembusname.h
index 4c91ee6..1fc464f 100644
--- a/src/polkit/polkitsystembusname.h
+++ b/src/polkit/polkitsystembusname.h
@@ -46,11 +46,15 @@ typedef struct _PolkitSystemBusName PolkitSystemBusName;
#endif
typedef struct _PolkitSystemBusNameClass PolkitSystemBusNameClass;
-GType polkit_system_bus_name_get_type (void) G_GNUC_CONST;
-PolkitSubject *polkit_system_bus_name_new (const gchar *name);
-const gchar *polkit_system_bus_name_get_name (PolkitSystemBusName *system_bus_name);
-void polkit_system_bus_name_set_name (PolkitSystemBusName *system_bus_name,
- const gchar *name);
+GType polkit_system_bus_name_get_type (void) G_GNUC_CONST;
+PolkitSubject *polkit_system_bus_name_new (const gchar *name);
+const gchar *polkit_system_bus_name_get_name (PolkitSystemBusName *system_bus_name);
+void polkit_system_bus_name_set_name (PolkitSystemBusName *system_bus_name,
+ const gchar *name);
+/* TODO: add async version of get_process() method */
+PolkitSubject *polkit_system_bus_name_get_process_sync (PolkitSystemBusName *system_bus_name,
+ GCancellable *cancellable,
+ GError **error);
G_END_DECLS
diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c
index 811d169..bf88c2b 100644
--- a/src/polkitbackend/polkitbackendinteractiveauthority.c
+++ b/src/polkitbackend/polkitbackendinteractiveauthority.c
@@ -1959,18 +1959,41 @@ temporary_authorization_store_has_authorization (TemporaryAuthorizationStore *st
{
GList *l;
gboolean ret;
+ PolkitSubject *subject_to_use;
g_return_val_if_fail (store != NULL, FALSE);
g_return_val_if_fail (POLKIT_IS_SUBJECT (subject), FALSE);
g_return_val_if_fail (action_id != NULL, FALSE);
+ /* XXX: for now, prefer to store the process */
+ if (POLKIT_IS_SYSTEM_BUS_NAME (subject))
+ {
+ GError *error;
+ error = NULL;
+ subject_to_use = polkit_system_bus_name_get_process_sync (POLKIT_SYSTEM_BUS_NAME (subject),
+ NULL,
+ &error);
+ if (subject_to_use == NULL)
+ {
+ g_warning ("Error getting process for system bus name `%s': %s",
+ polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (subject)),
+ error->message);
+ g_error_free (error);
+ subject_to_use = g_object_ref (subject);
+ }
+ }
+ else
+ {
+ subject_to_use = g_object_ref (subject);
+ }
+
ret = FALSE;
for (l = store->authorizations; l != NULL; l = l->next) {
TemporaryAuthorization *authorization = l->data;
if (strcmp (action_id, authorization->action_id) == 0 &&
- polkit_subject_equal (subject, authorization->subject))
+ polkit_subject_equal (subject_to_use, authorization->subject))
{
ret = TRUE;
if (out_tmp_authz_id != NULL)
@@ -1980,6 +2003,7 @@ temporary_authorization_store_has_authorization (TemporaryAuthorizationStore *st
}
out:
+ g_object_unref (subject_to_use);
return ret;
}
@@ -2095,12 +2119,35 @@ temporary_authorization_store_add_authorization (TemporaryAuthorizationStore *st
{
TemporaryAuthorization *authorization;
guint expiration_seconds;
+ PolkitSubject *subject_to_use;
g_return_val_if_fail (store != NULL, NULL);
g_return_val_if_fail (POLKIT_IS_SUBJECT (subject), NULL);
g_return_val_if_fail (action_id != NULL, NULL);
g_return_val_if_fail (!temporary_authorization_store_has_authorization (store, subject, action_id, NULL), NULL);
+ /* XXX: for now, prefer to store the process */
+ if (POLKIT_IS_SYSTEM_BUS_NAME (subject))
+ {
+ GError *error;
+ error = NULL;
+ subject_to_use = polkit_system_bus_name_get_process_sync (POLKIT_SYSTEM_BUS_NAME (subject),
+ NULL,
+ &error);
+ if (subject_to_use == NULL)
+ {
+ g_warning ("Error getting process for system bus name `%s': %s",
+ polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (subject)),
+ error->message);
+ g_error_free (error);
+ subject_to_use = g_object_ref (subject);
+ }
+ }
+ else
+ {
+ subject_to_use = g_object_ref (subject);
+ }
+
/* TODO: right now the time the temporary authorization is kept is hard-coded - we
* could make it a propery on the PolkitBackendInteractiveAuthority class (so
* the local authority could read it from a config file) or a vfunc
@@ -2111,7 +2158,7 @@ temporary_authorization_store_add_authorization (TemporaryAuthorizationStore *st
authorization = g_new0 (TemporaryAuthorization, 1);
authorization->id = g_strdup_printf ("tmpauthz%" G_GUINT64_FORMAT, store->serial++);
authorization->store = store;
- authorization->subject = g_object_ref (subject);
+ authorization->subject = g_object_ref (subject_to_use);
authorization->session = g_object_ref (session);
authorization->action_id = g_strdup (action_id);
authorization->time_granted = time (NULL);
@@ -2152,6 +2199,8 @@ temporary_authorization_store_add_authorization (TemporaryAuthorizationStore *st
store->authorizations = g_list_prepend (store->authorizations, authorization);
+ g_object_unref (subject_to_use);
+
return authorization->id;
}
--
1.6.4.2
Index: polkit.spec
===================================================================
RCS file: /cvs/pkgs/rpms/polkit/devel/polkit.spec,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -p -r1.9 -r1.10
--- polkit.spec 13 Aug 2009 17:56:44 -0000 1.9
+++ polkit.spec 11 Sep 2009 19:50:47 -0000 1.10
@@ -1,7 +1,7 @@
Summary: PolicyKit Authorization Framework
Name: polkit
Version: 0.94
-Release: 3%{?dist}
+Release: 4%{?dist}
License: LGPLv2+
URL: http://www.freedesktop.org/wiki/Software/PolicyKit
Source0: http://hal.freedesktop.org/releases/%{name}-%{version}.tar.gz
@@ -18,6 +18,9 @@ BuildRequires: gobject-introspection-dev
Requires: ConsoleKit
Requires: dbus
+Patch0: 0001-Sort-by-action-id-in-pkaction-1-output.patch
+Patch1: 0002-Bug-23867-UnixProcess-vs.-SystemBusName-aliasing.patch
+
%description
PolicyKit is a toolkit for defining and handling authorizations.
It is used for allowing unprivileged processes to speak to privileged
@@ -56,6 +59,8 @@ Roles and default policy for desktop usa
%prep
%setup -q
+%patch0 -p1
+%patch1 -p1
%build
%configure --enable-gtk-doc --disable-static --libexecdir=%{_libexecdir}/polkit-1 --disable-introspection
@@ -182,6 +187,11 @@ rm -rf $RPM_BUILD_ROOT
%{_datadir}/gtk-doc/html/*
%changelog
+* Fri Sep 11 2009 David Zeuthen <davidz at redhat.com> - 0.94-4
+- Add some patches from git master
+- Sort pkaction(1) output
+- Bug 23867 – UnixProcess vs. SystemBusName aliasing
+
* Thu Aug 13 2009 David Zeuthen <davidz at redhat.com> - 0.94-3
- Add desktop_admin_r and desktop_user_r groups along with a first cut
of default authorizations for users in these groups.
More information about the fedora-extras-commits
mailing list