[polkit/f14/master: 2/3] fix a CK interaction bug
Matthias Clasen
mclasen at fedoraproject.org
Wed Aug 18 18:43:21 UTC 2010
commit c1967a3fdd7aef928ca827fda9be92f95f9e02a1
Author: Matthias Clasen <mclasen at redhat.com>
Date: Wed Aug 18 14:38:44 2010 -0400
fix a CK interaction bug
0001-Fix-ConsoleKit-interaction-bug.patch | 132 +++++++++++++++++++++++++++++
polkit.spec | 15 ++--
2 files changed, 141 insertions(+), 6 deletions(-)
---
diff --git a/0001-Fix-ConsoleKit-interaction-bug.patch b/0001-Fix-ConsoleKit-interaction-bug.patch
new file mode 100644
index 0000000..ab54b49
--- /dev/null
+++ b/0001-Fix-ConsoleKit-interaction-bug.patch
@@ -0,0 +1,132 @@
+From 22363658629553e04277259ccac8dbf4e33839ea Mon Sep 17 00:00:00 2001
+From: David Zeuthen <davidz at redhat.com>
+Date: Wed, 18 Aug 2010 12:24:04 -0400
+Subject: [PATCH] Fix ConsoleKit interaction bug
+
+First of all, there was a glaring bug where we forgot to load the
+GKeyFile for /var/run/ConsoleKit/database resulting in criticals like
+this:
+
+ (lt-polkitd:17984): GLib-CRITICAL **: g_key_file_get_boolean: assertion `key_file != NULL' failed
+ (lt-polkitd:17984): GLib-CRITICAL **: g_key_file_get_boolean: assertion `key_file != NULL' failed
+
+Furthermore, this resulted in the Authority returning "not authorized"
+for subjects that should have been authorized. For an example, see
+
+ https://bugzilla.redhat.com/show_bug.cgi?id=624125
+
+Fix this bug by calling ensure_database() to make sure the GKeyFile
+contains information from /var/run/ConsoleKit/database. Also, since
+there is a race (theoretical at least, but see
+https://bugzilla.gnome.org/show_bug.cgi?id=627285 ) with file
+monitoring, also ensure that we are using the latest and greatest
+version of /var/run/ConsoleKit/database.
+
+Signed-off-by: David Zeuthen <davidz at redhat.com>
+---
+ src/polkitbackend/polkitbackendsessionmonitor.c | 52 ++++++++++++++++++++--
+ 1 files changed, 47 insertions(+), 5 deletions(-)
+
+diff --git a/src/polkitbackend/polkitbackendsessionmonitor.c b/src/polkitbackend/polkitbackendsessionmonitor.c
+index 2b63f3c..877d69e 100644
+--- a/src/polkitbackend/polkitbackendsessionmonitor.c
++++ b/src/polkitbackend/polkitbackendsessionmonitor.c
+@@ -47,6 +47,7 @@ struct _PolkitBackendSessionMonitor
+
+ GKeyFile *database;
+ GFileMonitor *database_monitor;
++ time_t database_mtime;
+ };
+
+ struct _PolkitBackendSessionMonitorClass
+@@ -74,17 +75,34 @@ reload_database (PolkitBackendSessionMonitor *monitor,
+ GError **error)
+ {
+ gboolean ret;
++ struct stat statbuf;
+
+ ret = FALSE;
+
++ if (monitor->database != NULL)
++ {
++ g_key_file_free (monitor->database);
++ monitor->database = NULL;
++ }
++
++ if (stat (CKDB_PATH, &statbuf) != 0)
++ {
++ g_set_error (error,
++ G_IO_ERROR,
++ g_io_error_from_errno (errno),
++ "Error statting file " CKDB_PATH ": %s",
++ strerror (errno));
++ goto out;
++ }
++
++ monitor->database_mtime = statbuf.st_mtime;
++
+ monitor->database = g_key_file_new ();
+ if (!g_key_file_load_from_file (monitor->database,
+ CKDB_PATH,
+ G_KEY_FILE_NONE,
+ error))
+ {
+- g_key_file_free (monitor->database);
+- monitor->database = NULL;
+ goto out;
+ }
+
+@@ -102,8 +120,22 @@ ensure_database (PolkitBackendSessionMonitor *monitor,
+
+ if (monitor->database != NULL)
+ {
+- ret = TRUE;
+- goto out;
++ struct stat statbuf;
++
++ if (stat (CKDB_PATH, &statbuf) != 0)
++ {
++ g_set_error (error,
++ G_IO_ERROR,
++ g_io_error_from_errno (errno),
++ "Error statting file " CKDB_PATH " to check timestamp: %s",
++ strerror (errno));
++ goto out;
++ }
++ if (statbuf.st_mtime == monitor->database_mtime)
++ {
++ ret = TRUE;
++ goto out;
++ }
+ }
+
+ ret = reload_database (monitor, error);
+@@ -266,7 +298,6 @@ polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor
+ if (local_error != NULL)
+ {
+ g_propagate_prefixed_error (error, local_error, "Error getting user for process: ");
+- g_error_free (local_error);
+ goto out;
+ }
+
+@@ -427,6 +458,17 @@ get_boolean (PolkitBackendSessionMonitor *monitor,
+ group = g_strdup_printf ("Session %s", polkit_unix_session_get_session_id (POLKIT_UNIX_SESSION (session)));
+
+ error = NULL;
++ if (!ensure_database (monitor, &error))
++ {
++ g_printerr ("Error getting boolean `%s' in group `%s': Error ensuring CK database at " CKDB_PATH ": %s",
++ key_name,
++ group,
++ error->message);
++ g_error_free (error);
++ goto out;
++ }
++
++ error = NULL;
+ ret = g_key_file_get_boolean (monitor->database, group, key_name, &error);
+ if (error != NULL)
+ {
+--
+1.7.2.1
+
diff --git a/polkit.spec b/polkit.spec
index a772426..0e83cf4 100644
--- a/polkit.spec
+++ b/polkit.spec
@@ -1,11 +1,10 @@
Summary: PolicyKit Authorization Framework
Name: polkit
Version: 0.97
-Release: 3%{?dist}
+Release: 4%{?dist}
License: LGPLv2+
URL: http://www.freedesktop.org/wiki/Software/PolicyKit
Source0: http://hal.freedesktop.org/releases/%{name}-%{version}.tar.gz
-BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
Group: System Environment/Libraries
BuildRequires: glib2-devel >= 2.25.12
BuildRequires: expat-devel
@@ -27,6 +26,10 @@ Conflicts: polkit-gnome < 0.97
# upstream
Patch0: polkit-0.97-subject-scanning.patch
+# Upstream fix
+Patch1: 0001-Fix-ConsoleKit-interaction-bug.patch
+
+
%description
PolicyKit is a toolkit for defining and handling authorizations.
It is used for allowing unprivileged processes to speak to privileged
@@ -70,13 +73,13 @@ Roles and default policy for desktop usage.
%prep
%setup -q
%patch0 -p1 -b .subject-scanning
+%patch1 -p1 -b .ck-interaction
%build
%configure --enable-gtk-doc --disable-static --libexecdir=%{_libexecdir}/polkit-1 --disable-introspection --enable-examples
make
%install
-rm -rf $RPM_BUILD_ROOT
make install DESTDIR=$RPM_BUILD_ROOT
rm -f $RPM_BUILD_ROOT%{_libdir}/*.la
@@ -129,9 +132,6 @@ EOF
### END DESKTOP POLICY CONFIGURATION
###
-%clean
-rm -rf $RPM_BUILD_ROOT
-
%post -p /sbin/ldconfig
%postun -p /sbin/ldconfig
@@ -191,6 +191,9 @@ rm -rf $RPM_BUILD_ROOT
%{_datadir}/gtk-doc/html/*
%changelog
+* Wed Aug 18 2010 Matthias Clasen <mclasen at redhat.com> - 0.97-4
+- Fix a ConsoleKit interaction bug
+
* Fri Aug 13 2010 David Zeuthen <davidz at redhat.com> - 0.97-3
- Add a patch to make pkcheck(1) work the way libvirtd uses it (#623257)
- Require GLib >= 2.25.12 instead of 2.25.11
More information about the scm-commits
mailing list