#endif /* HAVE_LIBSYSTEMD */
g_assert (POLKIT_IS_UNIX_USER (user_for_subject));
-diff -ruN polkit-0.113.orig/src/polkitbackend/polkitbackendsessionmonitor.c polkit-0.113/src/polkitbackend/polkitbackendsessionmonitor.c
---- polkit-0.113.orig/src/polkitbackend/polkitbackendsessionmonitor.c 2015-06-06 01:24:06.000000000 +0200
-+++ polkit-0.113/src/polkitbackend/polkitbackendsessionmonitor.c 2015-09-26 23:40:39.451918791 +0200
+--- polkit-0.115/src/polkitbackend/polkitbackendsessionmonitor.c.orig 2018-06-26 15:17:52.000000000 +0200
++++ polkit-0.115/src/polkitbackend/polkitbackendsessionmonitor.c 2018-09-29 10:42:52.104190929 +0200
@@ -26,6 +26,12 @@
#include <string.h>
#include <glib/gstdio.h>
+#endif /* HAVE_LIBSYSTEMD */
+
#include <polkit/polkit.h>
+ #include <polkit/polkitprivate.h>
#include "polkitbackendsessionmonitor.h"
-
-@@ -39,6 +45,88 @@
+@@ -40,6 +46,88 @@
* The #PolkitBackendSessionMonitor class is a utility class to track and monitor sessions.
*/
struct _PolkitBackendSessionMonitor
{
GObject parent_instance;
-@@ -48,6 +136,10 @@
+@@ -49,6 +137,10 @@
GKeyFile *database;
GFileMonitor *database_monitor;
time_t database_mtime;
};
struct _PolkitBackendSessionMonitorClass
-@@ -70,6 +162,18 @@
+@@ -71,6 +163,18 @@
/* ---------------------------------------------------------------------------------------------------- */
static gboolean
reload_database (PolkitBackendSessionMonitor *monitor,
GError **error)
-@@ -176,31 +280,47 @@
+@@ -177,31 +281,47 @@
g_error_free (error);
}
}
}
-@@ -218,6 +338,12 @@
+@@ -219,6 +339,12 @@
if (monitor->database != NULL)
g_key_file_free (monitor->database);
if (G_OBJECT_CLASS (polkit_backend_session_monitor_parent_class)->finalize != NULL)
G_OBJECT_CLASS (polkit_backend_session_monitor_parent_class)->finalize (object);
}
-@@ -310,22 +436,38 @@
+@@ -332,6 +458,26 @@
}
else if (POLKIT_IS_UNIX_SESSION (subject))
{
-- if (!ensure_database (monitor, error))
+#ifdef HAVE_LIBSYSTEMD
+ if (monitor->sd_source != NULL)
- {
-- g_prefix_error (error, "Error getting user for session: Error ensuring CK database at " CKDB_PATH ": ");
-- goto out;
-+ if (sd_session_get_uid (polkit_unix_session_get_session_id (POLKIT_UNIX_SESSION (subject)), &uid) < 0)
-+ {
-+ g_set_error (error,
-+ POLKIT_ERROR,
-+ POLKIT_ERROR_FAILED,
-+ "Error getting uid for session");
-+ goto out;
-+ }
- }
--
-- group = g_strdup_printf ("Session %s", polkit_unix_session_get_session_id (POLKIT_UNIX_SESSION (subject)));
-- local_error = NULL;
-- uid = g_key_file_get_integer (monitor->database, group, "uid", &local_error);
-- if (local_error != NULL)
++ {
++ uid_t uid;
++
++ if (sd_session_get_uid (polkit_unix_session_get_session_id (POLKIT_UNIX_SESSION (subject)), &uid) < 0)
++ {
++ g_set_error (error,
++ POLKIT_ERROR,
++ POLKIT_ERROR_FAILED,
++ "Error getting uid for session");
++ goto out;
++ }
++
++ ret = polkit_unix_user_new (uid);
++ matches = TRUE;
++ }
+ else
+#endif /* HAVE_LIBSYSTEMD */
- {
-- g_propagate_prefixed_error (error, local_error, "Error getting uid using " CKDB_PATH ": ");
-+ if (!ensure_database (monitor, error))
-+ {
-+ g_prefix_error (error, "Error getting user for session: Error ensuring CK database at " CKDB_PATH ": ");
-+ goto out;
-+ }
-+
-+ group = g_strdup_printf ("Session %s", polkit_unix_session_get_session_id (POLKIT_UNIX_SESSION (subject)));
-+ local_error = NULL;
-+ uid = g_key_file_get_integer (monitor->database, group, "uid", &local_error);
-+ if (local_error != NULL)
-+ {
-+ g_propagate_prefixed_error (error, local_error, "Error getting uid using " CKDB_PATH ": ");
-+ g_free (group);
-+ goto out;
-+ }
- g_free (group);
-- goto out;
- }
-- g_free (group);
++ {
+ gint uid;
+ gchar *group;
+
+@@ -354,6 +500,7 @@
ret = polkit_unix_user_new (uid);
+ matches = TRUE;
++ }
}
-@@ -349,35 +491,26 @@
+
+ out:
+@@ -379,35 +526,26 @@
PolkitSubject *subject,
GError **error)
{
GVariant *result;
result = g_dbus_connection_call_sync (monitor->system_bus,
-@@ -395,23 +528,7 @@
+@@ -425,23 +563,7 @@
goto out;
g_variant_get (result, "(u)", &pid);
g_variant_unref (result);
}
else
{
-@@ -420,8 +537,57 @@
+@@ -450,8 +572,57 @@
POLKIT_ERROR_NOT_SUPPORTED,
"Cannot get user for subject of type %s",
g_type_name (G_TYPE_FROM_INSTANCE (subject)));
out:
return session;
-@@ -472,7 +638,22 @@
+@@ -502,7 +673,22 @@
polkit_backend_session_monitor_is_session_local (PolkitBackendSessionMonitor *monitor,
PolkitSubject *session)
{
}
-@@ -480,6 +661,44 @@
+@@ -510,6 +696,44 @@
polkit_backend_session_monitor_is_session_active (PolkitBackendSessionMonitor *monitor,
PolkitSubject *session)
{
+ return get_boolean (monitor, session, "is_active");
}
-diff -ruN polkit-0.113.orig/src/polkitbackend/polkitbackendsessionmonitor-systemd.c polkit-0.113/src/polkitbackend/polkitbackendsessionmonitor-systemd.c
---- polkit-0.113.orig/src/polkitbackend/polkitbackendsessionmonitor-systemd.c 2015-06-19 22:31:02.000000000 +0200
-+++ polkit-0.113/src/polkitbackend/polkitbackendsessionmonitor-systemd.c 1970-01-01 01:00:00.000000000 +0100
-@@ -1,425 +0,0 @@
+--- polkit-0.115/src/polkitbackend/polkitbackendsessionmonitor-systemd.c.orig 2018-09-29 09:48:19.240894967 +0200
++++ polkit-0.115/src/polkitbackend/polkitbackendsessionmonitor-systemd.c 1970-01-01 01:00:00.000000000 +0100
+@@ -1,455 +0,0 @@
-/*
- * Copyright (C) 2011 Red Hat, Inc.
- *
-#include <stdlib.h>
-
-#include <polkit/polkit.h>
+-#include <polkit/polkitprivate.h>
-#include "polkitbackendsessionmonitor.h"
-
-/* <internal>
- * polkit_backend_session_monitor_get_user:
- * @monitor: A #PolkitBackendSessionMonitor.
- * @subject: A #PolkitSubject.
+- * @result_matches: If not %NULL, set to indicate whether the return value matches current (RACY) state.
- * @error: Return location for error.
- *
- * Gets the user corresponding to @subject or %NULL if no user exists.
- *
+- * NOTE: For a #PolkitUnixProcess, the UID is read from @subject (which may
+- * come from e.g. a D-Bus client), so it may not correspond to the actual UID
+- * of the referenced process (at any point in time). This is indicated by
+- * setting @result_matches to %FALSE; the caller may reject such subjects or
+- * require additional privileges. @result_matches == %TRUE only indicates that
+- * the UID matched the underlying process at ONE point in time, it may not match
+- * later.
+- *
- * Returns: %NULL if @error is set otherwise a #PolkitUnixUser that should be freed with g_object_unref().
- */
-PolkitIdentity *
-polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor *monitor,
- PolkitSubject *subject,
+- gboolean *result_matches,
- GError **error)
-{
- PolkitIdentity *ret;
-- guint32 uid;
+- gboolean matches;
-
- ret = NULL;
+- matches = FALSE;
-
- if (POLKIT_IS_UNIX_PROCESS (subject))
- {
-- uid = polkit_unix_process_get_uid (POLKIT_UNIX_PROCESS (subject));
-- if ((gint) uid == -1)
+- gint subject_uid, current_uid;
+- GError *local_error;
+-
+- subject_uid = polkit_unix_process_get_uid (POLKIT_UNIX_PROCESS (subject));
+- if (subject_uid == -1)
- {
- g_set_error (error,
- POLKIT_ERROR,
- "Unix process subject does not have uid set");
- goto out;
- }
-- ret = polkit_unix_user_new (uid);
+- local_error = NULL;
+- current_uid = polkit_unix_process_get_racy_uid__ (POLKIT_UNIX_PROCESS (subject), &local_error);
+- if (local_error != NULL)
+- {
+- g_propagate_error (error, local_error);
+- goto out;
+- }
+- ret = polkit_unix_user_new (subject_uid);
+- matches = (subject_uid == current_uid);
- }
- else if (POLKIT_IS_SYSTEM_BUS_NAME (subject))
- {
- ret = (PolkitIdentity*)polkit_system_bus_name_get_user_sync (POLKIT_SYSTEM_BUS_NAME (subject), NULL, error);
+- matches = TRUE;
- }
- else if (POLKIT_IS_UNIX_SESSION (subject))
- {
+- uid_t uid;
-
- if (sd_session_get_uid (polkit_unix_session_get_session_id (POLKIT_UNIX_SESSION (subject)), &uid) < 0)
- {
- }
-
- ret = polkit_unix_user_new (uid);
+- matches = TRUE;
- }
-
- out:
+- if (result_matches != NULL)
+- {
+- *result_matches = matches;
+- }
- return ret;
-}
-