---- polkit-0.113/configure.ac.orig 2015-07-03 21:22:54.764174841 +0200
-+++ polkit-0.113/configure.ac 2015-07-03 22:21:19.010694450 +0200
+diff -ruN polkit-0.113.orig/configure.ac polkit-0.113/configure.ac
+--- polkit-0.113.orig/configure.ac 2015-06-19 22:31:02.000000000 +0200
++++ polkit-0.113/configure.ac 2015-09-26 23:40:21.669982142 +0200
@@ -200,7 +200,7 @@
[have_libsystemd=yes],
dnl if libsystemd is not available, fall back to the older libsystemd-login
[
have_libsystemd=yes
LIBSYSTEMD_CFLAGS="$LIBSYSTEMD_LOGIN_CFLAGS"
---- polkit-0.113/src/polkit/Makefile.am.orig 2015-07-03 21:22:54.764174841 +0200
-+++ polkit-0.113/src/polkit/Makefile.am 2015-07-03 22:31:00.080670064 +0200
+diff -ruN polkit-0.113.orig/src/polkit/Makefile.am polkit-0.113/src/polkit/Makefile.am
+--- polkit-0.113.orig/src/polkit/Makefile.am 2015-06-19 22:31:02.000000000 +0200
++++ polkit-0.113/src/polkit/Makefile.am 2015-09-26 23:40:21.669982142 +0200
@@ -79,15 +79,7 @@
polkitimplicitauthorization.c polkitimplicitauthorization.h \
polkittemporaryauthorization.c polkittemporaryauthorization.h \
libpolkit_gobject_1_la_CFLAGS = \
-D_POLKIT_COMPILATION \
-diff -urN polkit-0.107.old/src/polkit/polkitunixsession.c polkit-0.107/src/polkit/polkitunixsession.c
---- polkit-0.107.old/src/polkit/polkitunixsession.c 2012-10-07 21:31:48.376245189 +0200
-+++ polkit-0.107/src/polkit/polkitunixsession.c 2012-10-07 22:44:55.042489220 +0200
+--- polkit-0.114/src/polkit/polkitunixsession.c.orig 2018-03-23 16:09:30.000000000 +0100
++++ polkit-0.114/src/polkit/polkitunixsession.c 2018-04-12 19:03:50.775644785 +0200
@@ -29,6 +29,12 @@
#include "polkiterror.h"
#include "polkitprivate.h"
/**
* SECTION:polkitunixsession
* @title: PolkitUnixSession
-@@ -363,35 +369,49 @@
+@@ -363,35 +369,49 @@ polkit_unix_session_exists_sync (PolkitS
{
PolkitUnixSession *session = POLKIT_UNIX_SESSION (subject);
GDBusConnection *connection;
return ret;
}
-@@ -474,6 +494,7 @@
+@@ -474,6 +494,7 @@ polkit_unix_session_initable_init (GInit
GVariant *result;
gboolean ret;
connection = NULL;
ret = FALSE;
-@@ -484,28 +505,51 @@
+@@ -484,28 +505,65 @@ polkit_unix_session_initable_init (GInit
goto out;
}
- connection = g_bus_get_sync (G_BUS_TYPE_SYSTEM, cancellable, error);
- if (connection == NULL)
- goto out;
--
++#ifdef HAVE_LIBSYSTEMD
++ char *s;
++ uid_t uid;
++
++ if (sd_booted () > 0)
++ {
++ if (sd_pid_get_session (session->pid, &s) == 0)
++ {
++ session->session_id = g_strdup (s);
++ free (s);
++ ret = TRUE;
++ goto out;
++ }
++
++ /* Now do process -> uid -> graphical session (systemd version 213)*/
++ if (sd_pid_get_owner_uid (session->pid, &uid) < 0)
++ goto error;
+
- result = g_dbus_connection_call_sync (connection,
- "org.freedesktop.ConsoleKit", /* name */
- "/org/freedesktop/ConsoleKit/Manager", /* object path */
- error);
- if (result == NULL)
- goto out;
-+#ifdef HAVE_LIBSYSTEMD
-+ char *s;
-+
-+ if (sd_booted () > 0)
++ if (sd_uid_get_display (uid, &s) >= 0)
+ {
-+ if (sd_pid_get_session (session->pid, &s) == 0)
-+ {
-+ session->session_id = g_strdup (s);
-+ free (s);
-+ ret = TRUE;
-+ goto out;
-+ }
-+
++ session->session_id = g_strdup (s);
++ free (s);
++ ret = TRUE;
++ goto out;
++ }
+
+- g_variant_get (result, "(o)", &session->session_id);
+- g_variant_unref (result);
++error:
+ g_set_error (error,
+ POLKIT_ERROR,
+ POLKIT_ERROR_FAILED,
+ if (result == NULL)
+ goto out;
-- g_variant_get (result, "(o)", &session->session_id);
-- g_variant_unref (result);
+- ret = TRUE;
+ g_variant_get (result, "(o)", &session->session_id);
+ g_variant_unref (result);
-
-- ret = TRUE;
++
+ ret = TRUE;
+ }
out:
if (connection != NULL)
-diff -urN polkit-0.107.old/src/polkit/polkitunixsession-systemd.c polkit-0.107/src/polkit/polkitunixsession-systemd.c
---- polkit-0.107.old/src/polkit/polkitunixsession-systemd.c 2012-10-07 21:31:48.379578504 +0200
-+++ polkit-0.107/src/polkit/polkitunixsession-systemd.c 1970-01-01 01:00:00.000000000 +0100
-@@ -1,490 +0,0 @@
+--- polkit-0.114/src/polkit/polkitunixsession-systemd.c.orig 2018-04-12 18:55:30.995650493 +0200
++++ polkit-0.114/src/polkit/polkitunixsession-systemd.c 1970-01-01 01:00:00.000000000 +0100
+@@ -1,504 +0,0 @@
-/*
- * Copyright (C) 2011 Red Hat, Inc.
- *
- PolkitUnixSession *session = POLKIT_UNIX_SESSION (initable);
- gboolean ret = FALSE;
- char *s;
+- uid_t uid;
-
- if (session->session_id != NULL)
- {
- goto out;
- }
-
+- /* Now do process -> uid -> graphical session (systemd version 213)*/
+- if (sd_pid_get_owner_uid (session->pid, &uid) < 0)
+- goto error;
+-
+- if (sd_uid_get_display (uid, &s) >= 0)
+- {
+- session->session_id = g_strdup (s);
+- free (s);
+- ret = TRUE;
+- goto out;
+- }
+-
+-error:
- g_set_error (error,
- POLKIT_ERROR,
- POLKIT_ERROR_FAILED,
-{
- /* use default implementation to run GInitable code in a thread */
-}
---- polkit-0.113/src/polkitbackend/Makefile.am.orig 2015-07-03 21:22:54.774174842 +0200
-+++ polkit-0.113/src/polkitbackend/Makefile.am 2015-07-04 17:20:31.954492615 +0200
+diff -ruN polkit-0.113.orig/src/polkitbackend/Makefile.am polkit-0.113/src/polkitbackend/Makefile.am
+--- polkit-0.113.orig/src/polkitbackend/Makefile.am 2015-06-19 22:31:02.000000000 +0200
++++ polkit-0.113/src/polkitbackend/Makefile.am 2015-09-26 23:40:21.674982125 +0200
@@ -36,15 +36,7 @@
+ polkitbackendjsauthority.h polkitbackendjsauthority.cpp \
polkitbackendactionpool.h polkitbackendactionpool.c \
- polkitbackendconfigsource.h polkitbackendconfigsource.c \
polkitbackendactionlookup.h polkitbackendactionlookup.c \
- $(NULL)
-
libpolkit_backend_1_la_CFLAGS = \
-D_POLKIT_COMPILATION \
---- polkit-0.113/src/polkitbackend/polkitbackendjsauthority.c.orig 2015-07-04 17:21:23.981157097 +0200
-+++ polkit-0.113/src/polkitbackend/polkitbackendjsauthority.c 2015-07-08 20:44:47.206141518 +0200
+--- polkit-0.114.orig/src/polkitbackend/polkitbackendjsauthority.cpp 2015-06-19 22:39:58.000000000 +0200
++++ polkit-0.114/src/polkitbackend/polkitbackendjsauthority.cpp 2015-09-26 23:40:21.674982125 +0200
@@ -36,6 +36,7 @@
#include <polkit/polkitprivate.h>
#include <systemd/sd-login.h>
#endif /* HAVE_LIBSYSTEMD */
-@@ -794,6 +795,8 @@ subject_to_jsval (PolkitBackendJsAuthori
+@@ -794,6 +795,8 @@
}
#ifdef HAVE_LIBSYSTEMD
if (sd_pid_get_session (pid, &session_str) == 0)
{
if (sd_session_get_seat (session_str, &seat_str) == 0)
-@@ -801,6 +804,7 @@ subject_to_jsval (PolkitBackendJsAuthori
+@@ -801,6 +804,7 @@
/* do nothing */
}
}
#endif /* HAVE_LIBSYSTEMD */
g_assert (POLKIT_IS_UNIX_USER (user_for_subject));
---- polkit-0.113/src/polkitbackend/polkitbackendsessionmonitor.c.orig 2015-06-06 01:24:06.000000000 +0200
-+++ polkit-0.113/src/polkitbackend/polkitbackendsessionmonitor.c 2015-07-08 20:29:01.079514558 +0200
+--- polkit-0.115/src/polkitbackend/polkitbackendsessionmonitor.c.orig 2018-06-26 15:17:52.000000000 +0200
++++ polkit-0.115/src/polkitbackend/polkitbackendsessionmonitor.c 2018-09-29 10:42:52.104190929 +0200
@@ -26,6 +26,12 @@
#include <string.h>
#include <glib/gstdio.h>
+#endif /* HAVE_LIBSYSTEMD */
+
#include <polkit/polkit.h>
+ #include <polkit/polkitprivate.h>
#include "polkitbackendsessionmonitor.h"
-
-@@ -39,6 +45,88 @@
+@@ -40,6 +46,88 @@
* The #PolkitBackendSessionMonitor class is a utility class to track and monitor sessions.
*/
struct _PolkitBackendSessionMonitor
{
GObject parent_instance;
-@@ -48,6 +136,10 @@ struct _PolkitBackendSessionMonitor
+@@ -49,6 +137,10 @@
GKeyFile *database;
GFileMonitor *database_monitor;
time_t database_mtime;
};
struct _PolkitBackendSessionMonitorClass
-@@ -70,6 +162,18 @@ G_DEFINE_TYPE (PolkitBackendSessionMonit
+@@ -71,6 +163,18 @@
/* ---------------------------------------------------------------------------------------------------- */
static gboolean
reload_database (PolkitBackendSessionMonitor *monitor,
GError **error)
-@@ -176,31 +280,47 @@ polkit_backend_session_monitor_init (Pol
+@@ -177,31 +281,47 @@
g_error_free (error);
}
}
}
-@@ -218,6 +338,12 @@ polkit_backend_session_monitor_finalize
+@@ -219,6 +339,12 @@
if (monitor->database != NULL)
g_key_file_free (monitor->database);
if (G_OBJECT_CLASS (polkit_backend_session_monitor_parent_class)->finalize != NULL)
G_OBJECT_CLASS (polkit_backend_session_monitor_parent_class)->finalize (object);
}
-@@ -310,22 +436,38 @@ polkit_backend_session_monitor_get_user_
+@@ -332,6 +458,26 @@
}
else if (POLKIT_IS_UNIX_SESSION (subject))
{
-- if (!ensure_database (monitor, error))
+#ifdef HAVE_LIBSYSTEMD
+ if (monitor->sd_source != NULL)
- {
-- g_prefix_error (error, "Error getting user for session: Error ensuring CK database at " CKDB_PATH ": ");
-- goto out;
-+ if (sd_session_get_uid (polkit_unix_session_get_session_id (POLKIT_UNIX_SESSION (subject)), &uid) < 0)
-+ {
-+ g_set_error (error,
-+ POLKIT_ERROR,
-+ POLKIT_ERROR_FAILED,
-+ "Error getting uid for session");
-+ goto out;
-+ }
- }
--
-- group = g_strdup_printf ("Session %s", polkit_unix_session_get_session_id (POLKIT_UNIX_SESSION (subject)));
-- local_error = NULL;
-- uid = g_key_file_get_integer (monitor->database, group, "uid", &local_error);
-- if (local_error != NULL)
++ {
++ uid_t uid;
++
++ if (sd_session_get_uid (polkit_unix_session_get_session_id (POLKIT_UNIX_SESSION (subject)), &uid) < 0)
++ {
++ g_set_error (error,
++ POLKIT_ERROR,
++ POLKIT_ERROR_FAILED,
++ "Error getting uid for session");
++ goto out;
++ }
++
++ ret = polkit_unix_user_new (uid);
++ matches = TRUE;
++ }
+ else
+#endif /* HAVE_LIBSYSTEMD */
- {
-- g_propagate_prefixed_error (error, local_error, "Error getting uid using " CKDB_PATH ": ");
-+ if (!ensure_database (monitor, error))
-+ {
-+ g_prefix_error (error, "Error getting user for session: Error ensuring CK database at " CKDB_PATH ": ");
-+ goto out;
-+ }
-+
-+ group = g_strdup_printf ("Session %s", polkit_unix_session_get_session_id (POLKIT_UNIX_SESSION (subject)));
-+ local_error = NULL;
-+ uid = g_key_file_get_integer (monitor->database, group, "uid", &local_error);
-+ if (local_error != NULL)
-+ {
-+ g_propagate_prefixed_error (error, local_error, "Error getting uid using " CKDB_PATH ": ");
-+ g_free (group);
-+ goto out;
-+ }
- g_free (group);
-- goto out;
- }
-- g_free (group);
++ {
+ gint uid;
+ gchar *group;
+
+@@ -354,6 +500,7 @@
ret = polkit_unix_user_new (uid);
+ matches = TRUE;
++ }
}
-@@ -349,35 +491,27 @@ polkit_backend_session_monitor_get_sessi
+
+ out:
+@@ -379,35 +526,26 @@
PolkitSubject *subject,
GError **error)
{
}
else if (POLKIT_IS_SYSTEM_BUS_NAME (subject))
- {
+- guint32 pid;
+- const gchar *session_id;
+ { /* Convert bus name to process / pid */
+#ifdef HAVE_LIBSYSTEMD
+ if (monitor->sd_source != NULL)
+ } else
+#endif
+ {
- guint32 pid;
-- const gchar *session_id;
GVariant *result;
result = g_dbus_connection_call_sync (monitor->system_bus,
-@@ -395,23 +530,7 @@ polkit_backend_session_monitor_get_sessi
+@@ -425,23 +563,7 @@
goto out;
g_variant_get (result, "(u)", &pid);
g_variant_unref (result);
}
else
{
-@@ -420,8 +539,57 @@ polkit_backend_session_monitor_get_sessi
+@@ -450,8 +572,57 @@
POLKIT_ERROR_NOT_SUPPORTED,
"Cannot get user for subject of type %s",
g_type_name (G_TYPE_FROM_INSTANCE (subject)));
out:
return session;
-@@ -472,7 +639,22 @@ gboolean
+@@ -502,7 +673,22 @@
polkit_backend_session_monitor_is_session_local (PolkitBackendSessionMonitor *monitor,
PolkitSubject *session)
{
}
-@@ -480,6 +662,44 @@ gboolean
+@@ -510,6 +696,44 @@
polkit_backend_session_monitor_is_session_active (PolkitBackendSessionMonitor *monitor,
PolkitSubject *session)
{
+ return get_boolean (monitor, session, "is_active");
}
---- polkit-0.113/src/polkitbackend/polkitbackendsessionmonitor-systemd.c.orig 2015-07-04 17:22:07.104488621 +0200
-+++ polkit-0.113/src/polkitbackend/polkitbackendsessionmonitor-systemd.c 1970-01-01 01:00:00.000000000 +0100
-@@ -1,425 +0,0 @@
+--- polkit-0.115/src/polkitbackend/polkitbackendsessionmonitor-systemd.c.orig 2018-09-29 09:48:19.240894967 +0200
++++ polkit-0.115/src/polkitbackend/polkitbackendsessionmonitor-systemd.c 1970-01-01 01:00:00.000000000 +0100
+@@ -1,455 +0,0 @@
-/*
- * Copyright (C) 2011 Red Hat, Inc.
- *
-#include <stdlib.h>
-
-#include <polkit/polkit.h>
+-#include <polkit/polkitprivate.h>
-#include "polkitbackendsessionmonitor.h"
-
-/* <internal>
- * polkit_backend_session_monitor_get_user:
- * @monitor: A #PolkitBackendSessionMonitor.
- * @subject: A #PolkitSubject.
+- * @result_matches: If not %NULL, set to indicate whether the return value matches current (RACY) state.
- * @error: Return location for error.
- *
- * Gets the user corresponding to @subject or %NULL if no user exists.
- *
+- * NOTE: For a #PolkitUnixProcess, the UID is read from @subject (which may
+- * come from e.g. a D-Bus client), so it may not correspond to the actual UID
+- * of the referenced process (at any point in time). This is indicated by
+- * setting @result_matches to %FALSE; the caller may reject such subjects or
+- * require additional privileges. @result_matches == %TRUE only indicates that
+- * the UID matched the underlying process at ONE point in time, it may not match
+- * later.
+- *
- * Returns: %NULL if @error is set otherwise a #PolkitUnixUser that should be freed with g_object_unref().
- */
-PolkitIdentity *
-polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor *monitor,
- PolkitSubject *subject,
+- gboolean *result_matches,
- GError **error)
-{
- PolkitIdentity *ret;
-- guint32 uid;
+- gboolean matches;
-
- ret = NULL;
+- matches = FALSE;
-
- if (POLKIT_IS_UNIX_PROCESS (subject))
- {
-- uid = polkit_unix_process_get_uid (POLKIT_UNIX_PROCESS (subject));
-- if ((gint) uid == -1)
+- gint subject_uid, current_uid;
+- GError *local_error;
+-
+- subject_uid = polkit_unix_process_get_uid (POLKIT_UNIX_PROCESS (subject));
+- if (subject_uid == -1)
- {
- g_set_error (error,
- POLKIT_ERROR,
- "Unix process subject does not have uid set");
- goto out;
- }
-- ret = polkit_unix_user_new (uid);
+- local_error = NULL;
+- current_uid = polkit_unix_process_get_racy_uid__ (POLKIT_UNIX_PROCESS (subject), &local_error);
+- if (local_error != NULL)
+- {
+- g_propagate_error (error, local_error);
+- goto out;
+- }
+- ret = polkit_unix_user_new (subject_uid);
+- matches = (subject_uid == current_uid);
- }
- else if (POLKIT_IS_SYSTEM_BUS_NAME (subject))
- {
- ret = (PolkitIdentity*)polkit_system_bus_name_get_user_sync (POLKIT_SYSTEM_BUS_NAME (subject), NULL, error);
+- matches = TRUE;
- }
- else if (POLKIT_IS_UNIX_SESSION (subject))
- {
+- uid_t uid;
-
- if (sd_session_get_uid (polkit_unix_session_get_session_id (POLKIT_UNIX_SESSION (subject)), &uid) < 0)
- {
- }
-
- ret = polkit_unix_user_new (uid);
+- matches = TRUE;
- }
-
- out:
+- if (result_matches != NULL)
+- {
+- *result_matches = matches;
+- }
- return ret;
-}
-