up to 0.120

[packages/polkit.git] / systemd-fallback.patch

diff --git a/systemd-fallback.patch b/systemd-fallback.patch
index 1a4f1ed0a66c9eaf58234e78a1ad0dc1d76504c8..606c1067fe472de7f79a66f11f5fe224a324821f 100644 (file)
--- a/systemd-fallback.patch
+++ b/systemd-fallback.patch
@@ -29,9 +29,8 @@ diff -ruN polkit-0.113.orig/src/polkit/Makefile.am polkit-0.113/src/polkit/Makef
  
  libpolkit_gobject_1_la_CFLAGS =                                               \
          -D_POLKIT_COMPILATION                                                 \
-diff -ruN polkit-0.113.orig/src/polkit/polkitunixsession.c polkit-0.113/src/polkit/polkitunixsession.c
---- polkit-0.113.orig/src/polkit/polkitunixsession.c   2014-01-14 23:42:25.000000000 +0100
-+++ polkit-0.113/src/polkit/polkitunixsession.c        2015-09-26 23:40:21.671982135 +0200
+--- polkit-0.114/src/polkit/polkitunixsession.c.orig   2018-03-23 16:09:30.000000000 +0100
++++ polkit-0.114/src/polkit/polkitunixsession.c        2018-04-12 19:03:50.775644785 +0200
 @@ -29,6 +29,12 @@
  #include "polkiterror.h"
  #include "polkitprivate.h"
@@ -45,7 +44,7 @@ diff -ruN polkit-0.113.orig/src/polkit/polkitunixsession.c polkit-0.113/src/polk
  /**
   * SECTION:polkitunixsession
   * @title: PolkitUnixSession
-@@ -363,35 +369,49 @@
+@@ -363,35 +369,49 @@ polkit_unix_session_exists_sync (PolkitS
  {
    PolkitUnixSession *session = POLKIT_UNIX_SESSION (subject);
    GDBusConnection *connection;
@@ -114,7 +113,7 @@ diff -ruN polkit-0.113.orig/src/polkit/polkitunixsession.c polkit-0.113/src/polk
    return ret;
  }
  
-@@ -474,6 +494,7 @@
+@@ -474,6 +494,7 @@ polkit_unix_session_initable_init (GInit
    GVariant *result;
    gboolean ret;
  
@@ -122,14 +121,31 @@ diff -ruN polkit-0.113.orig/src/polkit/polkitunixsession.c polkit-0.113/src/polk
    connection = NULL;
    ret = FALSE;
  
-@@ -484,28 +505,51 @@
+@@ -484,28 +505,65 @@ polkit_unix_session_initable_init (GInit
        goto out;
      }
  
 -  connection = g_bus_get_sync (G_BUS_TYPE_SYSTEM, cancellable, error);
 -  if (connection == NULL)
 -    goto out;
--
++#ifdef HAVE_LIBSYSTEMD
++  char *s;
++  uid_t uid;
++  
++  if (sd_booted () > 0)
++    {
++      if (sd_pid_get_session (session->pid, &s) == 0)
++        {
++          session->session_id = g_strdup (s);
++          free (s);
++          ret = TRUE;
++          goto out;
++        }
++
++  /* Now do process -> uid -> graphical session (systemd version 213)*/
++  if (sd_pid_get_owner_uid (session->pid, &uid) < 0)
++    goto error;
+ 
 -  result = g_dbus_connection_call_sync (connection,
 -                                        "org.freedesktop.ConsoleKit",           /* name */
 -                                        "/org/freedesktop/ConsoleKit/Manager",  /* object path */
@@ -143,19 +159,17 @@ diff -ruN polkit-0.113.orig/src/polkit/polkitunixsession.c polkit-0.113/src/polk
 -                                        error);
 -  if (result == NULL)
 -    goto out;
-+#ifdef HAVE_LIBSYSTEMD
-+  char *s;
-+  
-+  if (sd_booted () > 0)
++  if (sd_uid_get_display (uid, &s) >= 0)
 +    {
-+      if (sd_pid_get_session (session->pid, &s) == 0)
-+        {
-+          session->session_id = g_strdup (s);
-+          free (s);
-+          ret = TRUE;
-+          goto out;
-+        }
-+
++      session->session_id =  g_strdup (s);
++      free (s);
++      ret = TRUE;
++      goto out;
++    }
+ 
+-  g_variant_get (result, "(o)", &session->session_id);
+-  g_variant_unref (result);
++error:
 +      g_set_error (error,
 +                   POLKIT_ERROR,
 +                   POLKIT_ERROR_FAILED,
@@ -183,21 +197,18 @@ diff -ruN polkit-0.113.orig/src/polkit/polkitunixsession.c polkit-0.113/src/polk
 +      if (result == NULL)
 +      goto out;
  
--  g_variant_get (result, "(o)", &session->session_id);
--  g_variant_unref (result);
+-  ret = TRUE;
 +      g_variant_get (result, "(o)", &session->session_id);
 +      g_variant_unref (result);
- 
--  ret = TRUE;
++
 +      ret = TRUE;
 +    }
  
   out:
    if (connection != NULL)
-diff -ruN polkit-0.113.orig/src/polkit/polkitunixsession-systemd.c polkit-0.113/src/polkit/polkitunixsession-systemd.c
---- polkit-0.113.orig/src/polkit/polkitunixsession-systemd.c   2014-01-14 23:42:25.000000000 +0100
-+++ polkit-0.113/src/polkit/polkitunixsession-systemd.c        1970-01-01 01:00:00.000000000 +0100
-@@ -1,490 +0,0 @@
+--- polkit-0.114/src/polkit/polkitunixsession-systemd.c.orig   2018-04-12 18:55:30.995650493 +0200
++++ polkit-0.114/src/polkit/polkitunixsession-systemd.c        1970-01-01 01:00:00.000000000 +0100
+@@ -1,504 +0,0 @@
 -/*
 - * Copyright (C) 2011 Red Hat, Inc.
 - *
@@ -651,6 +662,7 @@ diff -ruN polkit-0.113.orig/src/polkit/polkitunixsession-systemd.c polkit-0.113/
 -  PolkitUnixSession *session = POLKIT_UNIX_SESSION (initable);
 -  gboolean ret = FALSE;
 -  char *s;
+-  uid_t uid;
 -
 -  if (session->session_id != NULL)
 -    {
@@ -667,6 +679,19 @@ diff -ruN polkit-0.113.orig/src/polkit/polkitunixsession-systemd.c polkit-0.113/
 -      goto out;
 -    }
 -
+-  /* Now do process -> uid -> graphical session (systemd version 213)*/
+-  if (sd_pid_get_owner_uid (session->pid, &uid) < 0)
+-    goto error;
+-
+-  if (sd_uid_get_display (uid, &s) >= 0)
+-    {
+-      session->session_id =  g_strdup (s);
+-      free (s);
+-      ret = TRUE;
+-      goto out;
+-    }
+-
+-error:
 -  g_set_error (error,
 -               POLKIT_ERROR,
 -               POLKIT_ERROR_FAILED,
@@ -692,8 +717,8 @@ diff -ruN polkit-0.113.orig/src/polkitbackend/Makefile.am polkit-0.113/src/polki
 --- polkit-0.113.orig/src/polkitbackend/Makefile.am    2015-06-19 22:31:02.000000000 +0200
 +++ polkit-0.113/src/polkitbackend/Makefile.am 2015-09-26 23:40:21.674982125 +0200
 @@ -36,15 +36,7 @@
+       polkitbackendjsauthority.h              polkitbackendjsauthority.cpp            \
        polkitbackendactionpool.h               polkitbackendactionpool.c               \
-       polkitbackendconfigsource.h             polkitbackendconfigsource.c             \
        polkitbackendactionlookup.h             polkitbackendactionlookup.c             \
 -        $(NULL)
 -
@@ -707,9 +732,8 @@ diff -ruN polkit-0.113.orig/src/polkitbackend/Makefile.am polkit-0.113/src/polki
  
  libpolkit_backend_1_la_CFLAGS =                                               \
          -D_POLKIT_COMPILATION                                                 \
-diff -ruN polkit-0.113.orig/src/polkitbackend/polkitbackendjsauthority.c polkit-0.113/src/polkitbackend/polkitbackendjsauthority.c
---- polkit-0.113.orig/src/polkitbackend/polkitbackendjsauthority.c     2015-06-19 22:39:58.000000000 +0200
-+++ polkit-0.113/src/polkitbackend/polkitbackendjsauthority.c  2015-09-26 23:40:21.674982125 +0200
+--- polkit-0.114.orig/src/polkitbackend/polkitbackendjsauthority.cpp   2015-06-19 22:39:58.000000000 +0200
++++ polkit-0.114/src/polkitbackend/polkitbackendjsauthority.cpp        2015-09-26 23:40:21.674982125 +0200
 @@ -36,6 +36,7 @@
  #include <polkit/polkitprivate.h>
  
@@ -735,9 +759,8 @@ diff -ruN polkit-0.113.orig/src/polkitbackend/polkitbackendjsauthority.c polkit-
  #endif /* HAVE_LIBSYSTEMD */
  
    g_assert (POLKIT_IS_UNIX_USER (user_for_subject));
-diff -ruN polkit-0.113.orig/src/polkitbackend/polkitbackendsessionmonitor.c polkit-0.113/src/polkitbackend/polkitbackendsessionmonitor.c
---- polkit-0.113.orig/src/polkitbackend/polkitbackendsessionmonitor.c  2015-06-06 01:24:06.000000000 +0200
-+++ polkit-0.113/src/polkitbackend/polkitbackendsessionmonitor.c       2015-09-26 23:40:39.451918791 +0200
+--- polkit-0.115/src/polkitbackend/polkitbackendsessionmonitor.c.orig  2018-06-26 15:17:52.000000000 +0200
++++ polkit-0.115/src/polkitbackend/polkitbackendsessionmonitor.c       2018-09-29 10:42:52.104190929 +0200
 @@ -26,6 +26,12 @@
  #include <string.h>
  #include <glib/gstdio.h>
@@ -749,9 +772,9 @@ diff -ruN polkit-0.113.orig/src/polkitbackend/polkitbackendsessionmonitor.c polk
 +#endif /* HAVE_LIBSYSTEMD */
 +
  #include <polkit/polkit.h>
+ #include <polkit/polkitprivate.h>
  #include "polkitbackendsessionmonitor.h"
- 
-@@ -39,6 +45,88 @@
+@@ -40,6 +46,88 @@
   * The #PolkitBackendSessionMonitor class is a utility class to track and monitor sessions.
   */
  
@@ -840,7 +863,7 @@ diff -ruN polkit-0.113.orig/src/polkitbackend/polkitbackendsessionmonitor.c polk
  struct _PolkitBackendSessionMonitor
  {
    GObject parent_instance;
-@@ -48,6 +136,10 @@
+@@ -49,6 +137,10 @@
    GKeyFile *database;
    GFileMonitor *database_monitor;
    time_t database_mtime;
@@ -851,7 +874,7 @@ diff -ruN polkit-0.113.orig/src/polkitbackend/polkitbackendsessionmonitor.c polk
  };
  
  struct _PolkitBackendSessionMonitorClass
-@@ -70,6 +162,18 @@
+@@ -71,6 +163,18 @@
  
  /* ---------------------------------------------------------------------------------------------------- */
  
@@ -870,7 +893,7 @@ diff -ruN polkit-0.113.orig/src/polkitbackend/polkitbackendsessionmonitor.c polk
  static gboolean
  reload_database (PolkitBackendSessionMonitor  *monitor,
                   GError                      **error)
-@@ -176,31 +280,47 @@
+@@ -177,31 +281,47 @@
        g_error_free (error);
      }
  
@@ -937,7 +960,7 @@ diff -ruN polkit-0.113.orig/src/polkitbackend/polkitbackendsessionmonitor.c polk
      }
  }
  
-@@ -218,6 +338,12 @@
+@@ -219,6 +339,12 @@
    if (monitor->database != NULL)
      g_key_file_free (monitor->database);
  
@@ -950,57 +973,42 @@ diff -ruN polkit-0.113.orig/src/polkitbackend/polkitbackendsessionmonitor.c polk
    if (G_OBJECT_CLASS (polkit_backend_session_monitor_parent_class)->finalize != NULL)
      G_OBJECT_CLASS (polkit_backend_session_monitor_parent_class)->finalize (object);
  }
-@@ -310,22 +436,38 @@
+@@ -332,6 +458,26 @@
      }
    else if (POLKIT_IS_UNIX_SESSION (subject))
      {
--      if (!ensure_database (monitor, error))
 +#ifdef HAVE_LIBSYSTEMD
 +      if (monitor->sd_source != NULL)
-         {
--          g_prefix_error (error, "Error getting user for session: Error ensuring CK database at " CKDB_PATH ": ");
--          goto out;
-+          if (sd_session_get_uid (polkit_unix_session_get_session_id (POLKIT_UNIX_SESSION (subject)), &uid) < 0)
-+            {
-+              g_set_error (error,
-+                          POLKIT_ERROR,
-+                          POLKIT_ERROR_FAILED,
-+                          "Error getting uid for session");
-+              goto out;
-+            }
-         }
--
--      group = g_strdup_printf ("Session %s", polkit_unix_session_get_session_id (POLKIT_UNIX_SESSION (subject)));
--      local_error = NULL;
--      uid = g_key_file_get_integer (monitor->database, group, "uid", &local_error);
--      if (local_error != NULL)
++      {
++      uid_t uid;
++
++      if (sd_session_get_uid (polkit_unix_session_get_session_id (POLKIT_UNIX_SESSION (subject)), &uid) < 0)
++        {
++          g_set_error (error,
++                       POLKIT_ERROR,
++                       POLKIT_ERROR_FAILED,
++                       "Error getting uid for session");
++          goto out;
++        }
++
++      ret = polkit_unix_user_new (uid);
++      matches = TRUE;
++      }
 +      else
 +#endif /* HAVE_LIBSYSTEMD */
-         {
--          g_propagate_prefixed_error (error, local_error, "Error getting uid using " CKDB_PATH ": ");
-+          if (!ensure_database (monitor, error))
-+            {
-+              g_prefix_error (error, "Error getting user for session: Error ensuring CK database at " CKDB_PATH ": ");
-+              goto out;
-+            }
-+
-+          group = g_strdup_printf ("Session %s", polkit_unix_session_get_session_id (POLKIT_UNIX_SESSION (subject)));
-+          local_error = NULL;
-+          uid = g_key_file_get_integer (monitor->database, group, "uid", &local_error);
-+          if (local_error != NULL)
-+            {
-+              g_propagate_prefixed_error (error, local_error, "Error getting uid using " CKDB_PATH ": ");
-+              g_free (group);
-+              goto out;
-+            }
-           g_free (group);
--          goto out;
-         }
--      g_free (group);
++      {
+       gint uid;
+       gchar *group;
+ 
+@@ -354,6 +500,7 @@
  
        ret = polkit_unix_user_new (uid);
+       matches = TRUE;
++      }
      }
-@@ -349,35 +491,26 @@
+ 
+  out:
+@@ -379,35 +526,26 @@
                                                          PolkitSubject               *subject,
                                                          GError                     **error)
  {
@@ -1052,7 +1060,7 @@ diff -ruN polkit-0.113.orig/src/polkitbackend/polkitbackendsessionmonitor.c polk
        GVariant *result;
  
        result = g_dbus_connection_call_sync (monitor->system_bus,
-@@ -395,23 +528,7 @@
+@@ -425,23 +563,7 @@
          goto out;
        g_variant_get (result, "(u)", &pid);
        g_variant_unref (result);
@@ -1077,7 +1085,7 @@ diff -ruN polkit-0.113.orig/src/polkitbackend/polkitbackendsessionmonitor.c polk
      }
    else
      {
-@@ -420,8 +537,57 @@
+@@ -450,8 +572,57 @@
                     POLKIT_ERROR_NOT_SUPPORTED,
                     "Cannot get user for subject of type %s",
                     g_type_name (G_TYPE_FROM_INSTANCE (subject)));
@@ -1135,7 +1143,7 @@ diff -ruN polkit-0.113.orig/src/polkitbackend/polkitbackendsessionmonitor.c polk
   out:
  
    return session;
-@@ -472,7 +638,22 @@
+@@ -502,7 +673,22 @@
  polkit_backend_session_monitor_is_session_local  (PolkitBackendSessionMonitor *monitor,
                                                    PolkitSubject               *session)
  {
@@ -1159,7 +1167,7 @@ diff -ruN polkit-0.113.orig/src/polkitbackend/polkitbackendsessionmonitor.c polk
  }
  
  
-@@ -480,6 +661,44 @@
+@@ -510,6 +696,44 @@
  polkit_backend_session_monitor_is_session_active (PolkitBackendSessionMonitor *monitor,
                                                    PolkitSubject               *session)
  {
@@ -1205,10 +1213,9 @@ diff -ruN polkit-0.113.orig/src/polkitbackend/polkitbackendsessionmonitor.c polk
 +    return get_boolean (monitor, session, "is_active");
  }
  
-diff -ruN polkit-0.113.orig/src/polkitbackend/polkitbackendsessionmonitor-systemd.c polkit-0.113/src/polkitbackend/polkitbackendsessionmonitor-systemd.c
---- polkit-0.113.orig/src/polkitbackend/polkitbackendsessionmonitor-systemd.c  2015-06-19 22:31:02.000000000 +0200
-+++ polkit-0.113/src/polkitbackend/polkitbackendsessionmonitor-systemd.c       1970-01-01 01:00:00.000000000 +0100
-@@ -1,425 +0,0 @@
+--- polkit-0.115/src/polkitbackend/polkitbackendsessionmonitor-systemd.c.orig  2018-09-29 09:48:19.240894967 +0200
++++ polkit-0.115/src/polkitbackend/polkitbackendsessionmonitor-systemd.c       1970-01-01 01:00:00.000000000 +0100
+@@ -1,455 +0,0 @@
 -/*
 - * Copyright (C) 2011 Red Hat, Inc.
 - *
@@ -1240,6 +1247,7 @@ diff -ruN polkit-0.113.orig/src/polkitbackend/polkitbackendsessionmonitor-system
 -#include <stdlib.h>
 -
 -#include <polkit/polkit.h>
+-#include <polkit/polkitprivate.h>
 -#include "polkitbackendsessionmonitor.h"
 -
 -/* <internal>
@@ -1457,26 +1465,40 @@ diff -ruN polkit-0.113.orig/src/polkitbackend/polkitbackendsessionmonitor-system
 - * polkit_backend_session_monitor_get_user:
 - * @monitor: A #PolkitBackendSessionMonitor.
 - * @subject: A #PolkitSubject.
+- * @result_matches: If not %NULL, set to indicate whether the return value matches current (RACY) state.
 - * @error: Return location for error.
 - *
 - * Gets the user corresponding to @subject or %NULL if no user exists.
 - *
+- * NOTE: For a #PolkitUnixProcess, the UID is read from @subject (which may
+- * come from e.g. a D-Bus client), so it may not correspond to the actual UID
+- * of the referenced process (at any point in time).  This is indicated by
+- * setting @result_matches to %FALSE; the caller may reject such subjects or
+- * require additional privileges. @result_matches == %TRUE only indicates that
+- * the UID matched the underlying process at ONE point in time, it may not match
+- * later.
+- *
 - * Returns: %NULL if @error is set otherwise a #PolkitUnixUser that should be freed with g_object_unref().
 - */
 -PolkitIdentity *
 -polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor  *monitor,
 -                                                     PolkitSubject                *subject,
+-                                                     gboolean                     *result_matches,
 -                                                     GError                      **error)
 -{
 -  PolkitIdentity *ret;
--  guint32 uid;
+-  gboolean matches;
 -
 -  ret = NULL;
+-  matches = FALSE;
 -
 -  if (POLKIT_IS_UNIX_PROCESS (subject))
 -    {
--      uid = polkit_unix_process_get_uid (POLKIT_UNIX_PROCESS (subject));
--      if ((gint) uid == -1)
+-      gint subject_uid, current_uid;
+-      GError *local_error;
+-
+-      subject_uid = polkit_unix_process_get_uid (POLKIT_UNIX_PROCESS (subject));
+-      if (subject_uid == -1)
 -        {
 -          g_set_error (error,
 -                       POLKIT_ERROR,
@@ -1484,14 +1506,24 @@ diff -ruN polkit-0.113.orig/src/polkitbackend/polkitbackendsessionmonitor-system
 -                       "Unix process subject does not have uid set");
 -          goto out;
 -        }
--      ret = polkit_unix_user_new (uid);
+-      local_error = NULL;
+-      current_uid = polkit_unix_process_get_racy_uid__ (POLKIT_UNIX_PROCESS (subject), &local_error);
+-      if (local_error != NULL)
+-      {
+-        g_propagate_error (error, local_error);
+-        goto out;
+-      }
+-      ret = polkit_unix_user_new (subject_uid);
+-      matches = (subject_uid == current_uid);
 -    }
 -  else if (POLKIT_IS_SYSTEM_BUS_NAME (subject))
 -    {
 -      ret = (PolkitIdentity*)polkit_system_bus_name_get_user_sync (POLKIT_SYSTEM_BUS_NAME (subject), NULL, error);
+-      matches = TRUE;
 -    }
 -  else if (POLKIT_IS_UNIX_SESSION (subject))
 -    {
+-      uid_t uid;
 -
 -      if (sd_session_get_uid (polkit_unix_session_get_session_id (POLKIT_UNIX_SESSION (subject)), &uid) < 0)
 -        {
@@ -1503,9 +1535,14 @@ diff -ruN polkit-0.113.orig/src/polkitbackend/polkitbackendsessionmonitor-system
 -        }
 -
 -      ret = polkit_unix_user_new (uid);
+-      matches = TRUE;
 -    }
 -
 - out:
+-  if (result_matches != NULL)
+-    {
+-      *result_matches = matches;
+-    }
 -  return ret;
 -}
 -