summaryrefslogtreecommitdiff
path: root/user/polkit
diff options
context:
space:
mode:
Diffstat (limited to 'user/polkit')
-rw-r--r--user/polkit/0001-Bug-50145-make-netgroup-support-optional.patch108
-rw-r--r--user/polkit/0001-make-netgroup-support-optional.patch480
-rw-r--r--user/polkit/APKBUILD59
-rw-r--r--user/polkit/CVE-2013-4288.patch123
-rw-r--r--user/polkit/CVE-2015-3218.patch115
-rw-r--r--user/polkit/CVE-2015-3255.patch67
-rw-r--r--user/polkit/CVE-2015-4625.patch1008
-rw-r--r--user/polkit/automake.patch19
-rw-r--r--user/polkit/disable-ck-test.patch15
9 files changed, 502 insertions, 1492 deletions
diff --git a/user/polkit/0001-Bug-50145-make-netgroup-support-optional.patch b/user/polkit/0001-Bug-50145-make-netgroup-support-optional.patch
deleted file mode 100644
index 1498e831a..000000000
--- a/user/polkit/0001-Bug-50145-make-netgroup-support-optional.patch
+++ /dev/null
@@ -1,108 +0,0 @@
-From 2428beec9189bb93e6e1fdd5bdde35acf5279a03 Mon Sep 17 00:00:00 2001
-From: Natanael Copa <ncopa@alpinelinux.org>
-Date: Sun, 20 May 2012 15:42:56 +0200
-Subject: [PATCH] Bug 50145 - make netgroup support optional
-
-https://bugs.freedesktop.org/show_bug.cgi?id=50145
-
-netgroups are not defined in POSIX and are not be available on
-all systems.
-
-We check for getnetgrent in configure script.
-
-Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
----
- configure.ac | 2 +-
- src/polkitbackend/polkitbackendlocalauthority.c | 8 ++++++--
- src/polkitbackend/polkitbackendlocalauthorizationstore.c | 3 ++-
- 3 files changed, 9 insertions(+), 4 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index f325922..711aa7c 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -141,7 +141,7 @@ AC_CHECK_LIB(expat,XML_ParserCreate,[EXPAT_LIBS="-lexpat"],
- [AC_MSG_ERROR([Can't find expat library. Please install expat.])])
- AC_SUBST(EXPAT_LIBS)
-
--AC_CHECK_FUNCS(clearenv)
-+AC_CHECK_FUNCS(clearenv getnetgrent)
-
- if test "x$GCC" = "xyes"; then
- LDFLAGS="-Wl,--as-needed $LDFLAGS"
-diff --git a/src/polkitbackend/polkitbackendlocalauthority.c b/src/polkitbackend/polkitbackendlocalauthority.c
-index b53eda3..f14e924 100644
---- a/src/polkitbackend/polkitbackendlocalauthority.c
-+++ b/src/polkitbackend/polkitbackendlocalauthority.c
-@@ -52,9 +52,10 @@
-
- static GList *get_users_in_group (PolkitIdentity *group,
- gboolean include_root);
--
-+#if defined HAVE_GETNETGRENT
- static GList *get_users_in_net_group (PolkitIdentity *group,
- gboolean include_root);
-+#endif
-
- static GList *get_groups_for_user (PolkitIdentity *user);
-
-@@ -511,10 +512,12 @@ polkit_backend_local_authority_get_admin_auth_identities (PolkitBackendInteracti
- {
- ret = g_list_concat (ret, get_users_in_group (identity, FALSE));
- }
-+#if defined HAVE_GETNETGRENT
- else if (POLKIT_IS_UNIX_NETGROUP (identity))
- {
- ret = g_list_concat (ret, get_users_in_net_group (identity, FALSE));
- }
-+#endif
- else
- {
- g_warning ("Unsupported identity %s", admin_identities[n]);
-@@ -690,6 +693,7 @@ get_users_in_group (PolkitIdentity *group,
- return ret;
- }
-
-+#if defined HAVE_GETNETGRENT
- static GList *
- get_users_in_net_group (PolkitIdentity *group,
- gboolean include_root)
-@@ -741,7 +745,7 @@ get_users_in_net_group (PolkitIdentity *group,
- endnetgrent ();
- return ret;
- }
--
-+#endif
-
- static GList *
- get_groups_for_user (PolkitIdentity *user)
-diff --git a/src/polkitbackend/polkitbackendlocalauthorizationstore.c b/src/polkitbackend/polkitbackendlocalauthorizationstore.c
-index 2ddfe75..02553c4 100644
---- a/src/polkitbackend/polkitbackendlocalauthorizationstore.c
-+++ b/src/polkitbackend/polkitbackendlocalauthorizationstore.c
-@@ -725,6 +725,7 @@ polkit_backend_local_authorization_store_lookup (PolkitBackendLocalAuthorization
- break;
- }
-
-+#if defined HAVE_GETNETGRENT
- /* if no identity specs matched and identity is a user, match against netgroups */
- if (ll == NULL && POLKIT_IS_UNIX_USER (identity))
- {
-@@ -732,13 +733,13 @@ polkit_backend_local_authorization_store_lookup (PolkitBackendLocalAuthorization
- const gchar *user_name = polkit_unix_user_get_name (user_identity);
- if (!user_name)
- continue;
--
- for (ll = authorization->netgroup_identities; ll != NULL; ll = ll->next)
- {
- if (innetgr ((const gchar *) ll->data, NULL, user_name, NULL))
- break;
- }
- }
-+#endif
-
- if (ll == NULL)
- continue;
---
-1.7.10.2
-
diff --git a/user/polkit/0001-make-netgroup-support-optional.patch b/user/polkit/0001-make-netgroup-support-optional.patch
new file mode 100644
index 000000000..1a7716c45
--- /dev/null
+++ b/user/polkit/0001-make-netgroup-support-optional.patch
@@ -0,0 +1,480 @@
+From aafb9fd0e79775146186ee1d7ffef1f76cdbc1bb Mon Sep 17 00:00:00 2001
+From: "A. Wilcox" <AWilcox@Wilcox-Tech.com>
+Date: Wed, 11 Jul 2018 04:54:26 -0500
+Subject: [PATCH] make netgroup support optional
+
+On at least Linux/musl and Linux/uclibc, netgroup support is not
+available. PolKit fails to compile on these systems for that reason.
+
+This change makes netgroup support conditional on the presence of the
+setnetgrent(3) function which is required for the support to work. If
+that function is not available on the system, an error will be returned
+to the administrator if unix-netgroup: is specified in configuration.
+
+Fixes bug 50145.
+---
+ 0001-make-netgroup-support-optional.patch | 226 ++++++++++++++++++
+ configure.ac | 2 +-
+ src/polkit/polkitidentity.c | 16 ++
+ src/polkit/polkitunixnetgroup.c | 3 +
+ .../polkitbackendinteractiveauthority.c | 14 +-
+ .../polkitbackendjsauthority.cpp | 2 +
+ test/polkit/polkitidentitytest.c | 9 +-
+ test/polkit/polkitunixnetgrouptest.c | 3 +
+ .../test-polkitbackendjsauthority.c | 2 +
+ 9 files changed, 269 insertions(+), 8 deletions(-)
+ create mode 100644 0001-make-netgroup-support-optional.patch
+
+diff --git a/0001-make-netgroup-support-optional.patch b/0001-make-netgroup-support-optional.patch
+new file mode 100644
+index 0000000..dedc5f7
+--- /dev/null
++++ b/0001-make-netgroup-support-optional.patch
+@@ -0,0 +1,226 @@
++From 73eada88dd344333cc1d1f9c5c35413fcee1dd67 Mon Sep 17 00:00:00 2001
++From: "A. Wilcox" <AWilcox@Wilcox-Tech.com>
++Date: Wed, 11 Jul 2018 04:54:26 -0500
++Subject: [PATCH] make netgroup support optional
++
++On at least Linux/musl and Linux/uclibc, netgroup support is not
++available. PolKit fails to compile on these systems for that reason.
++
++This change makes netgroup support conditional on the presence of the
++setnetgrent(3) function which is required for the support to work. If
++that function is not available on the system, an error will be returned
++to the administrator if unix-netgroup: is specified in configuration.
++
++Fixes bug 50145.
++---
++ configure.ac | 2 +-
++ src/polkit/polkitidentity.c | 16 ++++++++++++++++
++ src/polkit/polkitunixnetgroup.c | 3 +++
++ .../polkitbackendinteractiveauthority.c | 14 ++++++++------
++ src/polkitbackend/polkitbackendjsauthority.cpp | 2 ++
++ test/polkit/polkitidentitytest.c | 9 ++++++++-
++ test/polkit/polkitunixnetgrouptest.c | 3 +++
++ 7 files changed, 41 insertions(+), 8 deletions(-)
++
++diff --git a/configure.ac b/configure.ac
++index bfa87dd..cb86ac7 100644
++--- a/configure.ac
+++++ b/configure.ac
++@@ -99,7 +99,7 @@ AC_CHECK_LIB(expat,XML_ParserCreate,[EXPAT_LIBS="-lexpat"],
++ [AC_MSG_ERROR([Can't find expat library. Please install expat.])])
++ AC_SUBST(EXPAT_LIBS)
++
++-AC_CHECK_FUNCS(clearenv fdatasync)
+++AC_CHECK_FUNCS(clearenv fdatasync setnetgrent)
++
++ if test "x$GCC" = "xyes"; then
++ LDFLAGS="-Wl,--as-needed $LDFLAGS"
++diff --git a/src/polkit/polkitidentity.c b/src/polkit/polkitidentity.c
++index 3aa1f7f..10e9c17 100644
++--- a/src/polkit/polkitidentity.c
+++++ b/src/polkit/polkitidentity.c
++@@ -182,7 +182,15 @@ polkit_identity_from_string (const gchar *str,
++ }
++ else if (g_str_has_prefix (str, "unix-netgroup:"))
++ {
+++#ifndef HAVE_SETNETGRENT
+++ g_set_error (error,
+++ POLKIT_ERROR,
+++ POLKIT_ERROR_FAILED,
+++ "Netgroups are not available on this machine ('%s')",
+++ str);
+++#else
++ identity = polkit_unix_netgroup_new (str + sizeof "unix-netgroup:" - 1);
+++#endif
++ }
++
++ if (identity == NULL && (error != NULL && *error == NULL))
++@@ -344,6 +352,13 @@ polkit_identity_new_for_gvariant (GVariant *variant,
++ GVariant *v;
++ const char *name;
++
+++#ifndef HAVE_SETNETGRENT
+++ g_set_error (error,
+++ POLKIT_ERROR,
+++ POLKIT_ERROR_FAILED,
+++ "Netgroups are not available on this machine");
+++ goto out;
+++#else
++ v = lookup_asv (details_gvariant, "name", G_VARIANT_TYPE_STRING, error);
++ if (v == NULL)
++ {
++@@ -353,6 +368,7 @@ polkit_identity_new_for_gvariant (GVariant *variant,
++ name = g_variant_get_string (v, NULL);
++ ret = polkit_unix_netgroup_new (name);
++ g_variant_unref (v);
+++#endif
++ }
++ else
++ {
++diff --git a/src/polkit/polkitunixnetgroup.c b/src/polkit/polkitunixnetgroup.c
++index 8a2b369..83f8d4a 100644
++--- a/src/polkit/polkitunixnetgroup.c
+++++ b/src/polkit/polkitunixnetgroup.c
++@@ -194,6 +194,9 @@ polkit_unix_netgroup_set_name (PolkitUnixNetgroup *group,
++ PolkitIdentity *
++ polkit_unix_netgroup_new (const gchar *name)
++ {
+++#ifndef HAVE_SETNETGRENT
+++ g_assert_not_reached();
+++#endif
++ g_return_val_if_fail (name != NULL, NULL);
++ return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_NETGROUP,
++ "name", name,
++diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c
++index cb6fdab..ab47a98 100644
++--- a/src/polkitbackend/polkitbackendinteractiveauthority.c
+++++ b/src/polkitbackend/polkitbackendinteractiveauthority.c
++@@ -2233,25 +2233,26 @@ get_users_in_net_group (PolkitIdentity *group,
++ GList *ret;
++
++ ret = NULL;
+++#ifdef HAVE_SETNETGRENT
++ name = polkit_unix_netgroup_get_name (POLKIT_UNIX_NETGROUP (group));
++
++-#ifdef HAVE_SETNETGRENT_RETURN
+++# ifdef HAVE_SETNETGRENT_RETURN
++ if (setnetgrent (name) == 0)
++ {
++ g_warning ("Error looking up net group with name %s: %s", name, g_strerror (errno));
++ goto out;
++ }
++-#else
+++# else
++ setnetgrent (name);
++-#endif
+++# endif /* HAVE_SETNETGRENT_RETURN */
++
++ for (;;)
++ {
++-#if defined(HAVE_NETBSD) || defined(HAVE_OPENBSD)
+++# if defined(HAVE_NETBSD) || defined(HAVE_OPENBSD)
++ const char *hostname, *username, *domainname;
++-#else
+++# else
++ char *hostname, *username, *domainname;
++-#endif
+++# endif /* defined(HAVE_NETBSD) || defined(HAVE_OPENBSD) */
++ PolkitIdentity *user;
++ GError *error = NULL;
++
++@@ -2282,6 +2283,7 @@ get_users_in_net_group (PolkitIdentity *group,
++
++ out:
++ endnetgrent ();
+++#endif /* HAVE_SETNETGRENT */
++ return ret;
++ }
++
++diff --git a/src/polkitbackend/polkitbackendjsauthority.cpp b/src/polkitbackend/polkitbackendjsauthority.cpp
++index 517f3c6..45b0378 100644
++--- a/src/polkitbackend/polkitbackendjsauthority.cpp
+++++ b/src/polkitbackend/polkitbackendjsauthority.cpp
++@@ -1499,6 +1499,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx,
++
++ JS::CallArgs args = JS::CallArgsFromVp (argc, vp);
++
+++#ifdef HAVE_SETNETGRENT
++ user = JS_EncodeString (cx, args[0].toString());
++ netgroup = JS_EncodeString (cx, args[1].toString());
++
++@@ -1512,6 +1513,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx,
++
++ JS_free (cx, netgroup);
++ JS_free (cx, user);
+++#endif
++
++ ret = true;
++
++diff --git a/test/polkit/polkitidentitytest.c b/test/polkit/polkitidentitytest.c
++index e91967b..e829aaa 100644
++--- a/test/polkit/polkitidentitytest.c
+++++ b/test/polkit/polkitidentitytest.c
++@@ -19,6 +19,7 @@
++ * Author: Nikki VonHollen <vonhollen@google.com>
++ */
++
+++#include "config.h"
++ #include "glib.h"
++ #include <polkit/polkit.h>
++ #include <polkit/polkitprivate.h>
++@@ -145,11 +146,15 @@ struct ComparisonTestData comparison_test_data [] = {
++ {"unix-group:root", "unix-group:jane", FALSE},
++ {"unix-group:jane", "unix-group:jane", TRUE},
++
+++#ifdef HAVE_SETNETGRENT
++ {"unix-netgroup:foo", "unix-netgroup:foo", TRUE},
++ {"unix-netgroup:foo", "unix-netgroup:bar", FALSE},
+++#endif
++
++ {"unix-user:root", "unix-group:root", FALSE},
+++#ifdef HAVE_SETNETGRENT
++ {"unix-user:jane", "unix-netgroup:foo", FALSE},
+++#endif
++
++ {NULL},
++ };
++@@ -181,11 +186,13 @@ main (int argc, char *argv[])
++ g_test_add_data_func ("/PolkitIdentity/group_string_2", "unix-group:jane", test_string);
++ g_test_add_data_func ("/PolkitIdentity/group_string_3", "unix-group:users", test_string);
++
+++#ifdef HAVE_SETNETGRENT
++ g_test_add_data_func ("/PolkitIdentity/netgroup_string", "unix-netgroup:foo", test_string);
+++ g_test_add_data_func ("/PolkitIdentity/netgroup_gvariant", "unix-netgroup:foo", test_gvariant);
+++#endif
++
++ g_test_add_data_func ("/PolkitIdentity/user_gvariant", "unix-user:root", test_gvariant);
++ g_test_add_data_func ("/PolkitIdentity/group_gvariant", "unix-group:root", test_gvariant);
++- g_test_add_data_func ("/PolkitIdentity/netgroup_gvariant", "unix-netgroup:foo", test_gvariant);
++
++ add_comparison_tests ();
++
++diff --git a/test/polkit/polkitunixnetgrouptest.c b/test/polkit/polkitunixnetgrouptest.c
++index 3701ba1..e3352eb 100644
++--- a/test/polkit/polkitunixnetgrouptest.c
+++++ b/test/polkit/polkitunixnetgrouptest.c
++@@ -19,6 +19,7 @@
++ * Author: Nikki VonHollen <vonhollen@google.com>
++ */
++
+++#include "config.h"
++ #include "glib.h"
++ #include <polkit/polkit.h>
++ #include <string.h>
++@@ -69,7 +70,9 @@ int
++ main (int argc, char *argv[])
++ {
++ g_test_init (&argc, &argv, NULL);
+++#ifdef HAVE_SETNETGRENT
++ g_test_add_func ("/PolkitUnixNetgroup/new", test_new);
++ g_test_add_func ("/PolkitUnixNetgroup/set_name", test_set_name);
+++#endif
++ return g_test_run ();
++ }
++--
++2.17.1
++
+diff --git a/configure.ac b/configure.ac
+index bfa87dd..cb86ac7 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -99,7 +99,7 @@ AC_CHECK_LIB(expat,XML_ParserCreate,[EXPAT_LIBS="-lexpat"],
+ [AC_MSG_ERROR([Can't find expat library. Please install expat.])])
+ AC_SUBST(EXPAT_LIBS)
+
+-AC_CHECK_FUNCS(clearenv fdatasync)
++AC_CHECK_FUNCS(clearenv fdatasync setnetgrent)
+
+ if test "x$GCC" = "xyes"; then
+ LDFLAGS="-Wl,--as-needed $LDFLAGS"
+diff --git a/src/polkit/polkitidentity.c b/src/polkit/polkitidentity.c
+index 3aa1f7f..10e9c17 100644
+--- a/src/polkit/polkitidentity.c
++++ b/src/polkit/polkitidentity.c
+@@ -182,7 +182,15 @@ polkit_identity_from_string (const gchar *str,
+ }
+ else if (g_str_has_prefix (str, "unix-netgroup:"))
+ {
++#ifndef HAVE_SETNETGRENT
++ g_set_error (error,
++ POLKIT_ERROR,
++ POLKIT_ERROR_FAILED,
++ "Netgroups are not available on this machine ('%s')",
++ str);
++#else
+ identity = polkit_unix_netgroup_new (str + sizeof "unix-netgroup:" - 1);
++#endif
+ }
+
+ if (identity == NULL && (error != NULL && *error == NULL))
+@@ -344,6 +352,13 @@ polkit_identity_new_for_gvariant (GVariant *variant,
+ GVariant *v;
+ const char *name;
+
++#ifndef HAVE_SETNETGRENT
++ g_set_error (error,
++ POLKIT_ERROR,
++ POLKIT_ERROR_FAILED,
++ "Netgroups are not available on this machine");
++ goto out;
++#else
+ v = lookup_asv (details_gvariant, "name", G_VARIANT_TYPE_STRING, error);
+ if (v == NULL)
+ {
+@@ -353,6 +368,7 @@ polkit_identity_new_for_gvariant (GVariant *variant,
+ name = g_variant_get_string (v, NULL);
+ ret = polkit_unix_netgroup_new (name);
+ g_variant_unref (v);
++#endif
+ }
+ else
+ {
+diff --git a/src/polkit/polkitunixnetgroup.c b/src/polkit/polkitunixnetgroup.c
+index 8a2b369..83f8d4a 100644
+--- a/src/polkit/polkitunixnetgroup.c
++++ b/src/polkit/polkitunixnetgroup.c
+@@ -194,6 +194,9 @@ polkit_unix_netgroup_set_name (PolkitUnixNetgroup *group,
+ PolkitIdentity *
+ polkit_unix_netgroup_new (const gchar *name)
+ {
++#ifndef HAVE_SETNETGRENT
++ g_assert_not_reached();
++#endif
+ g_return_val_if_fail (name != NULL, NULL);
+ return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_NETGROUP,
+ "name", name,
+diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c
+index cb6fdab..ab47a98 100644
+--- a/src/polkitbackend/polkitbackendinteractiveauthority.c
++++ b/src/polkitbackend/polkitbackendinteractiveauthority.c
+@@ -2233,25 +2233,26 @@ get_users_in_net_group (PolkitIdentity *group,
+ GList *ret;
+
+ ret = NULL;
++#ifdef HAVE_SETNETGRENT
+ name = polkit_unix_netgroup_get_name (POLKIT_UNIX_NETGROUP (group));
+
+-#ifdef HAVE_SETNETGRENT_RETURN
++# ifdef HAVE_SETNETGRENT_RETURN
+ if (setnetgrent (name) == 0)
+ {
+ g_warning ("Error looking up net group with name %s: %s", name, g_strerror (errno));
+ goto out;
+ }
+-#else
++# else
+ setnetgrent (name);
+-#endif
++# endif /* HAVE_SETNETGRENT_RETURN */
+
+ for (;;)
+ {
+-#if defined(HAVE_NETBSD) || defined(HAVE_OPENBSD)
++# if defined(HAVE_NETBSD) || defined(HAVE_OPENBSD)
+ const char *hostname, *username, *domainname;
+-#else
++# else
+ char *hostname, *username, *domainname;
+-#endif
++# endif /* defined(HAVE_NETBSD) || defined(HAVE_OPENBSD) */
+ PolkitIdentity *user;
+ GError *error = NULL;
+
+@@ -2282,6 +2283,7 @@ get_users_in_net_group (PolkitIdentity *group,
+
+ out:
+ endnetgrent ();
++#endif /* HAVE_SETNETGRENT */
+ return ret;
+ }
+
+diff --git a/src/polkitbackend/polkitbackendjsauthority.cpp b/src/polkitbackend/polkitbackendjsauthority.cpp
+index 517f3c6..45b0378 100644
+--- a/src/polkitbackend/polkitbackendjsauthority.cpp
++++ b/src/polkitbackend/polkitbackendjsauthority.cpp
+@@ -1499,6 +1499,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx,
+
+ JS::CallArgs args = JS::CallArgsFromVp (argc, vp);
+
++#ifdef HAVE_SETNETGRENT
+ user = JS_EncodeString (cx, args[0].toString());
+ netgroup = JS_EncodeString (cx, args[1].toString());
+
+@@ -1512,6 +1513,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx,
+
+ JS_free (cx, netgroup);
+ JS_free (cx, user);
++#endif
+
+ ret = true;
+
+diff --git a/test/polkit/polkitidentitytest.c b/test/polkit/polkitidentitytest.c
+index e91967b..e829aaa 100644
+--- a/test/polkit/polkitidentitytest.c
++++ b/test/polkit/polkitidentitytest.c
+@@ -19,6 +19,7 @@
+ * Author: Nikki VonHollen <vonhollen@google.com>
+ */
+
++#include "config.h"
+ #include "glib.h"
+ #include <polkit/polkit.h>
+ #include <polkit/polkitprivate.h>
+@@ -145,11 +146,15 @@ struct ComparisonTestData comparison_test_data [] = {
+ {"unix-group:root", "unix-group:jane", FALSE},
+ {"unix-group:jane", "unix-group:jane", TRUE},
+
++#ifdef HAVE_SETNETGRENT
+ {"unix-netgroup:foo", "unix-netgroup:foo", TRUE},
+ {"unix-netgroup:foo", "unix-netgroup:bar", FALSE},
++#endif
+
+ {"unix-user:root", "unix-group:root", FALSE},
++#ifdef HAVE_SETNETGRENT
+ {"unix-user:jane", "unix-netgroup:foo", FALSE},
++#endif
+
+ {NULL},
+ };
+@@ -181,11 +186,13 @@ main (int argc, char *argv[])
+ g_test_add_data_func ("/PolkitIdentity/group_string_2", "unix-group:jane", test_string);
+ g_test_add_data_func ("/PolkitIdentity/group_string_3", "unix-group:users", test_string);
+
++#ifdef HAVE_SETNETGRENT
+ g_test_add_data_func ("/PolkitIdentity/netgroup_string", "unix-netgroup:foo", test_string);
++ g_test_add_data_func ("/PolkitIdentity/netgroup_gvariant", "unix-netgroup:foo", test_gvariant);
++#endif
+
+ g_test_add_data_func ("/PolkitIdentity/user_gvariant", "unix-user:root", test_gvariant);
+ g_test_add_data_func ("/PolkitIdentity/group_gvariant", "unix-group:root", test_gvariant);
+- g_test_add_data_func ("/PolkitIdentity/netgroup_gvariant", "unix-netgroup:foo", test_gvariant);
+
+ add_comparison_tests ();
+
+diff --git a/test/polkit/polkitunixnetgrouptest.c b/test/polkit/polkitunixnetgrouptest.c
+index 3701ba1..e3352eb 100644
+--- a/test/polkit/polkitunixnetgrouptest.c
++++ b/test/polkit/polkitunixnetgrouptest.c
+@@ -19,6 +19,7 @@
+ * Author: Nikki VonHollen <vonhollen@google.com>
+ */
+
++#include "config.h"
+ #include "glib.h"
+ #include <polkit/polkit.h>
+ #include <string.h>
+@@ -69,7 +70,9 @@ int
+ main (int argc, char *argv[])
+ {
+ g_test_init (&argc, &argv, NULL);
++#ifdef HAVE_SETNETGRENT
+ g_test_add_func ("/PolkitUnixNetgroup/new", test_new);
+ g_test_add_func ("/PolkitUnixNetgroup/set_name", test_set_name);
++#endif
+ return g_test_run ();
+ }
+diff --git a/test/polkitbackend/test-polkitbackendjsauthority.c b/test/polkitbackend/test-polkitbackendjsauthority.c
+index b484a26..01e4907 100644
+--- a/test/polkitbackend/test-polkitbackendjsauthority.c
++++ b/test/polkitbackend/test-polkitbackendjsauthority.c
+@@ -137,12 +137,14 @@ test_get_admin_identities (void)
+ "unix-group:users"
+ }
+ },
++#ifdef HAVE_SETNETGRENT
+ {
+ "net.company.action3",
+ {
+ "unix-netgroup:foo"
+ }
+ },
++#endif
+ };
+ guint n;
+
+--
+2.17.1
+
diff --git a/user/polkit/APKBUILD b/user/polkit/APKBUILD
index fdc37d634..52a742130 100644
--- a/user/polkit/APKBUILD
+++ b/user/polkit/APKBUILD
@@ -1,37 +1,28 @@
# Contributor: Carlo Landmeter
-# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+# Maintainer: A. Wilcox <awilfox@adelielinux.org>
pkgname=polkit
-pkgver=0.105
-pkgrel=8
-pkgdesc="Application development toolkit for controlling system-wide privileges"
-url="http://www.freedesktop.org/wiki/Software/polkit/"
+pkgver=0.115
+pkgrel=0
+pkgdesc="Toolkit for controlling system-wide privileges"
+url="https://www.freedesktop.org/wiki/Software/polkit/"
arch="all"
-license="LGPL"
-depends=
-options="suid"
-depends_dev="eggdbus-dev dbus-glib-dev linux-pam-dev"
-makedepends="$depends_dev expat-dev glib-dev gtk-doc gobject-introspection-dev
- intltool autoconf automake libtool"
-install=
+options="!check suid" # Requires running ConsoleKit and PolKit for JS backend
+license="LGPL-2.0+"
+depends=""
+makedepends="glib-dev gobject-introspection-dev gtk-doc intltool linux-pam-dev
+ mozjs-dev"
subpackages="$pkgname-dev $pkgname-doc $pkgname-lang"
-source="http://www.freedesktop.org/software/polkit/releases/polkit-$pkgver.tar.gz
- 0001-Bug-50145-make-netgroup-support-optional.patch
- CVE-2013-4288.patch
- CVE-2015-3218.patch
- CVE-2015-3255.patch
- CVE-2015-4625.patch
- automake.patch
- fix-parallel-make.patch
+pkgusers="polkit"
+source="https://www.freedesktop.org/software/polkit/releases/polkit-$pkgver.tar.gz
+ 0001-make-netgroup-support-optional.patch
fix-consolekit-db-stat.patch
fix-test-fgetpwent.patch
- disable-ck-test.patch
-"
+ "
prepare() {
cd "$builddir"
- update_config_sub
default_prepare
- libtoolize --force && aclocal && autoconf && automake --add-missing
+ autoreconf -vif
}
build() {
@@ -48,11 +39,12 @@ build() {
--disable-static \
--enable-nls \
--enable-introspection \
- --with-os-type=alpine \
+ --enable-man-pages \
--with-pam-include=base-auth \
- --disable-gtk-doc \
--disable-gtk-doc-html \
- --disable-gtk-doc-pdf
+ --disable-gtk-doc-pdf \
+ --disable-libsystemd-login \
+ --disable-libelogind
make
}
@@ -67,14 +59,7 @@ package() {
make DESTDIR="$pkgdir" install
}
-sha512sums="7c0f84b9639814b4690e42b570285ff2018a5ea4cfd7216d9abf44c84ece6592c530f2d6211511c1346963daf4f135e9fa79d1b2f592b454115950991b5e4bc3 polkit-0.105.tar.gz
-09ca9c14044c0a281e9069919efbb6d14918f23f58a282b5ce25c8a6640966396904373822869fe994c711f40c33d5c34cf3b77f85a59e239ba3d0c22a31ca8e 0001-Bug-50145-make-netgroup-support-optional.patch
-d6de3beb063243c11906f525ef2eb65aeca823c25b1f44dde4a16f4fc2c5ce587b129e0bfb25a4a4b88ac2bf5713c47e57700c139323d961c9f9b6ba4c03fffb CVE-2013-4288.patch
-625be61ca38267508bb360002c410414f7ca814487f4a51257906118731e208be0c90d21f45ac90fd9f64f2f5937fa1e312d6900179853fabbaaf5e75073c82c CVE-2015-3218.patch
-0b26b819da0b34f10ff8a768850560b3207a6e10a7141bd1aa4769c1cb2829eb110164974b99d993d4e3a62145ace0fc5375489f84d2b56fe08e3430e3232aa8 CVE-2015-3255.patch
-32ecc38db938fc1e3d14ffd9c492d12a42a91750e0eb1f66f8346d0cefd6e18fd0dffac8bffc65578cfb56c9598d3b336721477e8496de2619d6d69f1a6b309e CVE-2015-4625.patch
-25465a23332247d0873e24cb5f011a267413615526755a8295a6367d64fc5eb8c2aa3c9c1fdcfa183b39e3ece14f33b25f15a339d966a31f3feb861b3f17adbf automake.patch
-6b0d9262ba8b3c000acdcc8c86bd6fc043e5750a0155730638d4e3a92e63f43cb476d63b11856c041d60d8f38f7eb5ada0eb0eced9100bdac3bc2c7dd5108ddd fix-parallel-make.patch
+sha512sums="1153011fa93145b2c184e6b3446d3ca21b38918641aeccd8fac3985ac3e30ec6bc75be6973985fde90f2a24236592f1595be259155061c2d33358dd17c4ee4fc polkit-0.115.tar.gz
+6d68d90e6dc9594175631c99699d4d949fba6d2d1ad66680897f9a17e9dc3c17b44f2bc06ed4f6149931e17a96baaf481981fb0698aace7c81a67c06c2806c29 0001-make-netgroup-support-optional.patch
95493ef842b46ce9e724933a5d86083589075fb452435057b8f629643cac7c7eff67a24fd188087987e98057f0130757fad546d0c090767da3d71ebaf8485a24 fix-consolekit-db-stat.patch
-966825aded565432f4fda9e54113a773b514ebf7ee7faa83bcb8b97d218ae84a8707d6747bbc3cb8a828638d692fdef34c05038f150ad38e02a29f2c782aba5b fix-test-fgetpwent.patch
-f73ab05ab5fdc90d3961fdcf88fa57eee8c90af4960b20d7ac845d2395c4cc20873ddc72bfd00fd127471336807faa705d0845444a0218343e74063e8f190980 disable-ck-test.patch"
+966825aded565432f4fda9e54113a773b514ebf7ee7faa83bcb8b97d218ae84a8707d6747bbc3cb8a828638d692fdef34c05038f150ad38e02a29f2c782aba5b fix-test-fgetpwent.patch"
diff --git a/user/polkit/CVE-2013-4288.patch b/user/polkit/CVE-2013-4288.patch
deleted file mode 100644
index 0ca8131e8..000000000
--- a/user/polkit/CVE-2013-4288.patch
+++ /dev/null
@@ -1,123 +0,0 @@
-From a3fa3b86f0015e42a534526ed800bcde5b3f2a15 Mon Sep 17 00:00:00 2001
-From: Colin Walters <walters@verbum.org>
-Date: Mon, 19 Aug 2013 12:16:11 -0400
-Subject: [PATCH] pkcheck: Support --process=pid,start-time,uid syntax too
-
-The uid is a new addition; this allows callers such as libvirt to
-close a race condition in reading the uid of the process talking to
-them. They can read it via getsockopt(SO_PEERCRED) or equivalent,
-rather than having pkcheck look at /proc later after the fact.
-
-Programs which invoke pkcheck but need to know beforehand (i.e. at
-compile time) whether or not it supports passing the uid can
-use:
-
-pkcheck_supports_uid=$($PKG_CONFIG --variable pkcheck_supports_uid polkit-gobject-1)
-test x$pkcheck_supports_uid = xyes
-
-Conflicts:
- docs/man/pkcheck.xml
- src/programs/pkcheck.c
----
- data/polkit-gobject-1.pc.in | 3 +++
- docs/man/pkcheck.xml | 33 +++++++++++++++++++++------------
- src/programs/pkcheck.c | 7 ++++++-
- 3 files changed, 30 insertions(+), 13 deletions(-)
-
-diff --git a/data/polkit-gobject-1.pc.in b/data/polkit-gobject-1.pc.in
-index c39677d..5c4c620 100644
---- a/data/polkit-gobject-1.pc.in
-+++ b/data/polkit-gobject-1.pc.in
-@@ -11,3 +11,6 @@ Version: @VERSION@
- Libs: -L${libdir} -lpolkit-gobject-1
- Cflags: -I${includedir}/polkit-1
- Requires: gio-2.0 >= 2.18 glib-2.0 >= 2.18
-+# Programs using pkcheck can use this to determine
-+# whether or not it can be passed a uid.
-+pkcheck_supports_uid=true
-diff --git a/docs/man/pkcheck.xml b/docs/man/pkcheck.xml
-index 6b8a874..9f2faef 100644
---- a/docs/man/pkcheck.xml
-+++ b/docs/man/pkcheck.xml
-@@ -55,6 +55,9 @@
- <arg choice="plain">
- <replaceable>pid,pid-start-time</replaceable>
- </arg>
-+ <arg choice="plain">
-+ <replaceable>pid,pid-start-time,uid</replaceable>
-+ </arg>
- </group>
- </arg>
- <arg choice="plain">
-@@ -90,7 +93,7 @@
- <title>DESCRIPTION</title>
- <para>
- <command>pkcheck</command> is used to check whether a process, specified by
-- either <option>--process</option> or <option>--system-bus-name</option>,
-+ either <option>--process</option> (see below) or <option>--system-bus-name</option>,
- is authorized for <replaceable>action</replaceable>. The <option>--detail</option>
- option can be used zero or more times to pass details about <replaceable>action</replaceable>.
- If <option>--allow-user-interaction</option> is passed, <command>pkcheck</command> blocks
-@@ -160,17 +163,23 @@ KEY3=VALUE3
- <refsect1 id="pkcheck-notes">
- <title>NOTES</title>
- <para>
-- Since process identifiers can be recycled, the caller should always use
-- <replaceable>pid,pid-start-time</replaceable> to specify the process
-- to check for authorization when using the <option>--process</option> option.
-- The value of <replaceable>pid-start-time</replaceable>
-- can be determined by consulting e.g. the
-- <citerefentry>
-- <refentrytitle>proc</refentrytitle><manvolnum>5</manvolnum>
-- </citerefentry>
-- file system depending on the operating system. If only <replaceable>pid</replaceable>
-- is passed to the <option>--process</option> option, then <command>pkcheck</command>
-- will look up the start time itself but note that this may be racy.
-+ Do not use either the bare <replaceable>pid</replaceable> or
-+ <replaceable>pid,start-time</replaceable> syntax forms for
-+ <option>--process</option>. There are race conditions in both.
-+ New code should always use
-+ <replaceable>pid,pid-start-time,uid</replaceable>. The value of
-+ <replaceable>start-time</replaceable> can be determined by
-+ consulting e.g. the
-+ <citerefentry><refentrytitle>proc</refentrytitle><manvolnum>5</manvolnum></citerefentry>
-+ file system depending on the operating system. If fewer than 3
-+ arguments are passed, <command>pkcheck</command> will attempt to
-+ look up them up internally, but note that this may be racy.
-+ </para>
-+ <para>
-+ If your program is a daemon with e.g. a custom Unix domain
-+ socket, you should determine the <replaceable>uid</replaceable>
-+ parameter via operating system mechanisms such as
-+ <literal>PEERCRED</literal>.
- </para>
- </refsect1>
-
-diff --git a/src/programs/pkcheck.c b/src/programs/pkcheck.c
-index 719a36c..057e926 100644
---- a/src/programs/pkcheck.c
-+++ b/src/programs/pkcheck.c
-@@ -372,6 +372,7 @@ main (int argc, char *argv[])
- else if (g_strcmp0 (argv[n], "--process") == 0 || g_strcmp0 (argv[n], "-p") == 0)
- {
- gint pid;
-+ guint uid;
- guint64 pid_start_time;
-
- n++;
-@@ -381,7 +382,11 @@ main (int argc, char *argv[])
- goto out;
- }
-
-- if (sscanf (argv[n], "%i,%" G_GUINT64_FORMAT, &pid, &pid_start_time) == 2)
-+ if (sscanf (argv[n], "%i,%" G_GUINT64_FORMAT ",%u", &pid, &pid_start_time, &uid) == 3)
-+ {
-+ subject = polkit_unix_process_new_for_owner (pid, pid_start_time, uid);
-+ }
-+ else if (sscanf (argv[n], "%i,%" G_GUINT64_FORMAT, &pid, &pid_start_time) == 2)
- {
- subject = polkit_unix_process_new_full (pid, pid_start_time);
- }
---
-1.8.5.1
-
diff --git a/user/polkit/CVE-2015-3218.patch b/user/polkit/CVE-2015-3218.patch
deleted file mode 100644
index 977825102..000000000
--- a/user/polkit/CVE-2015-3218.patch
+++ /dev/null
@@ -1,115 +0,0 @@
-From 48e646918efb2bf0b3b505747655726d7869f31c Mon Sep 17 00:00:00 2001
-From: Colin Walters <walters@redhat.com>
-Date: Sat, 30 May 2015 09:06:23 -0400
-Subject: CVE-2015-3218: backend: Handle invalid object paths in
- RegisterAuthenticationAgent
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Properly propagate the error, otherwise we dereference a `NULL`
-pointer. This is a local, authenticated DoS.
-
-`RegisterAuthenticationAgentWithOptions` and
-`UnregisterAuthentication` have been validated to not need changes for
-this.
-
-http://lists.freedesktop.org/archives/polkit-devel/2015-May/000420.html
-https://bugs.freedesktop.org/show_bug.cgi?id=90829
-
-Reported-by: Tavis Ormandy <taviso@google.com>
-Reviewed-by: Philip Withnall <philip@tecnocode.co.uk>
-Reviewed-by: Miloslav Trmač <mitr@redhat.com>
-Signed-off-by: Colin Walters <walters@redhat.com>
-
-diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c
-index f6ea0fc..587f954 100644
---- a/src/polkitbackend/polkitbackendinteractiveauthority.c
-+++ b/src/polkitbackend/polkitbackendinteractiveauthority.c
-@@ -1566,36 +1566,42 @@ authentication_agent_new (PolkitSubject *scope,
- const gchar *unique_system_bus_name,
- const gchar *locale,
- const gchar *object_path,
-- GVariant *registration_options)
-+ GVariant *registration_options,
-+ GError **error)
- {
- AuthenticationAgent *agent;
-- GError *error;
-+ GDBusProxy *proxy;
-
-- agent = g_new0 (AuthenticationAgent, 1);
-+ if (!g_variant_is_object_path (object_path))
-+ {
-+ g_set_error (error, POLKIT_ERROR, POLKIT_ERROR_FAILED,
-+ "Invalid object path '%s'", object_path);
-+ return NULL;
-+ }
-+
-+ proxy = g_dbus_proxy_new_for_bus_sync (G_BUS_TYPE_SYSTEM,
-+ G_DBUS_PROXY_FLAGS_DO_NOT_LOAD_PROPERTIES |
-+ G_DBUS_PROXY_FLAGS_DO_NOT_CONNECT_SIGNALS,
-+ NULL, /* GDBusInterfaceInfo* */
-+ unique_system_bus_name,
-+ object_path,
-+ "org.freedesktop.PolicyKit1.AuthenticationAgent",
-+ NULL, /* GCancellable* */
-+ error);
-+ if (proxy == NULL)
-+ {
-+ g_prefix_error (error, "Failed to construct proxy for agent: " );
-+ return NULL;
-+ }
-
-+ agent = g_new0 (AuthenticationAgent, 1);
- agent->ref_count = 1;
- agent->scope = g_object_ref (scope);
- agent->object_path = g_strdup (object_path);
- agent->unique_system_bus_name = g_strdup (unique_system_bus_name);
- agent->locale = g_strdup (locale);
- agent->registration_options = registration_options != NULL ? g_variant_ref (registration_options) : NULL;
--
-- error = NULL;
-- agent->proxy = g_dbus_proxy_new_for_bus_sync (G_BUS_TYPE_SYSTEM,
-- G_DBUS_PROXY_FLAGS_DO_NOT_LOAD_PROPERTIES |
-- G_DBUS_PROXY_FLAGS_DO_NOT_CONNECT_SIGNALS,
-- NULL, /* GDBusInterfaceInfo* */
-- agent->unique_system_bus_name,
-- agent->object_path,
-- "org.freedesktop.PolicyKit1.AuthenticationAgent",
-- NULL, /* GCancellable* */
-- &error);
-- if (agent->proxy == NULL)
-- {
-- g_warning ("Error constructing proxy for agent: %s", error->message);
-- g_error_free (error);
-- /* TODO: Make authentication_agent_new() return NULL and set a GError */
-- }
-+ agent->proxy = proxy;
-
- return agent;
- }
-@@ -2398,8 +2404,6 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken
- caller_cmdline = NULL;
- agent = NULL;
-
-- /* TODO: validate that object path is well-formed */
--
- interactive_authority = POLKIT_BACKEND_INTERACTIVE_AUTHORITY (authority);
- priv = POLKIT_BACKEND_INTERACTIVE_AUTHORITY_GET_PRIVATE (interactive_authority);
-
-@@ -2486,7 +2490,10 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken
- polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (caller)),
- locale,
- object_path,
-- options);
-+ options,
-+ error);
-+ if (!agent)
-+ goto out;
-
- g_hash_table_insert (priv->hash_scope_to_authentication_agent,
- g_object_ref (subject),
---
-cgit v0.10.2
-
diff --git a/user/polkit/CVE-2015-3255.patch b/user/polkit/CVE-2015-3255.patch
deleted file mode 100644
index 1bd7c6bcf..000000000
--- a/user/polkit/CVE-2015-3255.patch
+++ /dev/null
@@ -1,67 +0,0 @@
-From 9f5e0c731784003bd4d6fc75ab739ff8b2ea269f Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= <mitr@redhat.com>
-Date: Wed, 1 Apr 2015 05:22:37 +0200
-Subject: CVE-2015-3255 Fix GHashTable usage.
-
-Don't assume that the hash table with free both the key and the value
-at the same time, supply proper deallocation functions for the key
-and value separately.
-
-Then drop ParsedAction::action_id which is no longer used for anything.
-
-https://bugs.freedesktop.org/show_bug.cgi?id=69501
-and
-https://bugs.freedesktop.org/show_bug.cgi?id=83590
-
-CVE: CVE-2015-3255
-
-diff --git a/src/polkitbackend/polkitbackendactionpool.c b/src/polkitbackend/polkitbackendactionpool.c
-index bc14381..3894fe9 100644
---- a/src/polkitbackend/polkitbackendactionpool.c
-+++ b/src/polkitbackend/polkitbackendactionpool.c
-@@ -40,7 +40,6 @@
-
- typedef struct
- {
-- gchar *action_id;
- gchar *vendor_name;
- gchar *vendor_url;
- gchar *icon_name;
-@@ -62,7 +61,6 @@ typedef struct
- static void
- parsed_action_free (ParsedAction *action)
- {
-- g_free (action->action_id);
- g_free (action->vendor_name);
- g_free (action->vendor_url);
- g_free (action->icon_name);
-@@ -134,7 +132,7 @@ polkit_backend_action_pool_init (PolkitBackendActionPool *pool)
-
- priv->parsed_actions = g_hash_table_new_full (g_str_hash,
- g_str_equal,
-- NULL,
-+ g_free,
- (GDestroyNotify) parsed_action_free);
-
- priv->parsed_files = g_hash_table_new_full (g_str_hash,
-@@ -988,7 +986,6 @@ _end (void *data, const char *el)
- icon_name = pd->global_icon_name;
-
- action = g_new0 (ParsedAction, 1);
-- action->action_id = g_strdup (pd->action_id);
- action->vendor_name = g_strdup (vendor);
- action->vendor_url = g_strdup (vendor_url);
- action->icon_name = g_strdup (icon_name);
-@@ -1003,7 +1000,8 @@ _end (void *data, const char *el)
- action->implicit_authorization_inactive = pd->implicit_authorization_inactive;
- action->implicit_authorization_active = pd->implicit_authorization_active;
-
-- g_hash_table_insert (priv->parsed_actions, action->action_id, action);
-+ g_hash_table_insert (priv->parsed_actions, g_strdup (pd->action_id),
-+ action);
-
- /* we steal these hash tables */
- pd->annotations = NULL;
---
-cgit v0.10.2
-
diff --git a/user/polkit/CVE-2015-4625.patch b/user/polkit/CVE-2015-4625.patch
deleted file mode 100644
index 4a43fb433..000000000
--- a/user/polkit/CVE-2015-4625.patch
+++ /dev/null
@@ -1,1008 +0,0 @@
-From ea544ffc18405237ccd95d28d7f45afef49aca17 Mon Sep 17 00:00:00 2001
-From: Colin Walters <walters@redhat.com>
-Date: Thu, 4 Jun 2015 12:15:18 -0400
-Subject: CVE-2015-4625: Use unpredictable cookie values, keep them secret
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Tavis noted that it'd be possible with a 32 bit counter for someone to
-cause the cookie to wrap by creating Authentication requests in a
-loop.
-
-Something important to note here is that wrapping of signed integers
-is undefined behavior in C, so we definitely want to fix that. All
-counter integers used in this patch are unsigned.
-
-See the comment above `authentication_agent_generate_cookie` for
-details, but basically we're now using a cookie of the form:
-
-```
- <agent serial> - <agent random id> - <session serial> - <session
-random id>
-```
-
-Which has multiple 64 bit counters, plus unpredictable random 128 bit
-integer ids (effectively UUIDs, but we're not calling them that
-because we don't need to be globally unique.
-
-We further ensure that the cookies are not visible to other processes
-by changing the setuid helper to accept them over standard input. This
-means that an attacker would have to guess both ids.
-
-In any case, the security hole here is better fixed with the other
-change to bind user id (uid) of the agent with cookie lookups, making
-cookie guessing worthless.
-
-Nevertheless, I think it's worth doing this change too, for defense in
-depth.
-
-Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90832
-CVE: CVE-2015-4625
-Reported-by: Tavis Ormandy <taviso@google.com>
-Reviewed-by: Miloslav Trmač <mitr@redhat.com>
-Signed-off-by: Colin Walters <walters@redhat.com>
-
-diff --git a/src/polkitagent/polkitagenthelper-pam.c b/src/polkitagent/polkitagenthelper-pam.c
-index 937386e..19062aa 100644
---- a/src/polkitagent/polkitagenthelper-pam.c
-+++ b/src/polkitagent/polkitagenthelper-pam.c
-@@ -65,7 +65,7 @@ main (int argc, char *argv[])
- {
- int rc;
- const char *user_to_auth;
-- const char *cookie;
-+ char *cookie = NULL;
- struct pam_conv pam_conversation;
- pam_handle_t *pam_h;
- const void *authed_user;
-@@ -97,7 +97,7 @@ main (int argc, char *argv[])
- openlog ("polkit-agent-helper-1", LOG_CONS | LOG_PID, LOG_AUTHPRIV);
-
- /* check for correct invocation */
-- if (argc != 3)
-+ if (!(argc == 2 || argc == 3))
- {
- syslog (LOG_NOTICE, "inappropriate use of helper, wrong number of arguments [uid=%d]", getuid ());
- fprintf (stderr, "polkit-agent-helper-1: wrong number of arguments. This incident has been logged.\n");
-@@ -105,7 +105,10 @@ main (int argc, char *argv[])
- }
-
- user_to_auth = argv[1];
-- cookie = argv[2];
-+
-+ cookie = read_cookie (argc, argv);
-+ if (!cookie)
-+ goto error;
-
- if (getuid () != 0)
- {
-@@ -203,6 +206,8 @@ main (int argc, char *argv[])
- goto error;
- }
-
-+ free (cookie);
-+
- #ifdef PAH_DEBUG
- fprintf (stderr, "polkit-agent-helper-1: successfully sent D-Bus message to PolicyKit daemon\n");
- #endif /* PAH_DEBUG */
-@@ -212,6 +217,7 @@ main (int argc, char *argv[])
- return 0;
-
- error:
-+ free (cookie);
- if (pam_h != NULL)
- pam_end (pam_h, rc);
-
-diff --git a/src/polkitagent/polkitagenthelper-shadow.c b/src/polkitagent/polkitagenthelper-shadow.c
-index a4f73ac..e877915 100644
---- a/src/polkitagent/polkitagenthelper-shadow.c
-+++ b/src/polkitagent/polkitagenthelper-shadow.c
-@@ -46,7 +46,7 @@ main (int argc, char *argv[])
- {
- struct spwd *shadow;
- const char *user_to_auth;
-- const char *cookie;
-+ char *cookie = NULL;
- time_t now;
-
- /* clear the entire environment to avoid attacks with
-@@ -67,7 +67,7 @@ main (int argc, char *argv[])
- openlog ("polkit-agent-helper-1", LOG_CONS | LOG_PID, LOG_AUTHPRIV);
-
- /* check for correct invocation */
-- if (argc != 3)
-+ if (!(argc == 2 || argc == 3))
- {
- syslog (LOG_NOTICE, "inappropriate use of helper, wrong number of arguments [uid=%d]", getuid ());
- fprintf (stderr, "polkit-agent-helper-1: wrong number of arguments. This incident has been logged.\n");
-@@ -86,7 +86,10 @@ main (int argc, char *argv[])
- }
-
- user_to_auth = argv[1];
-- cookie = argv[2];
-+
-+ cookie = read_cookie (argc, argv);
-+ if (!cookie)
-+ goto error;
-
- #ifdef PAH_DEBUG
- fprintf (stderr, "polkit-agent-helper-1: user to auth is '%s'.\n", user_to_auth);
-@@ -153,6 +156,8 @@ main (int argc, char *argv[])
- goto error;
- }
-
-+ free (cookie);
-+
- #ifdef PAH_DEBUG
- fprintf (stderr, "polkit-agent-helper-1: successfully sent D-Bus message to PolicyKit daemon\n");
- #endif /* PAH_DEBUG */
-@@ -162,6 +167,7 @@ main (int argc, char *argv[])
- return 0;
-
- error:
-+ free (cookie);
- fprintf (stdout, "FAILURE\n");
- flush_and_wait ();
- return 1;
-diff --git a/src/polkitagent/polkitagenthelperprivate.c b/src/polkitagent/polkitagenthelperprivate.c
-index cfa77fc..e23f9f5 100644
---- a/src/polkitagent/polkitagenthelperprivate.c
-+++ b/src/polkitagent/polkitagenthelperprivate.c
-@@ -23,6 +23,7 @@
- #include "config.h"
- #include "polkitagenthelperprivate.h"
- #include <stdio.h>
-+#include <string.h>
- #include <stdlib.h>
- #include <unistd.h>
-
-@@ -45,6 +46,38 @@ _polkit_clearenv (void)
- #endif
-
-
-+char *
-+read_cookie (int argc, char **argv)
-+{
-+ /* As part of CVE-2015-4625, we started passing the cookie
-+ * on standard input, to ensure it's not visible to other
-+ * processes. However, to ensure that things continue
-+ * to work if the setuid binary is upgraded while old
-+ * agents are still running (this will be common with
-+ * package managers), we support both modes.
-+ */
-+ if (argc == 3)
-+ return strdup (argv[2]);
-+ else
-+ {
-+ char *ret = NULL;
-+ size_t n = 0;
-+ ssize_t r = getline (&ret, &n, stdin);
-+ if (r == -1)
-+ {
-+ if (!feof (stdin))
-+ perror ("getline");
-+ free (ret);
-+ return NULL;
-+ }
-+ else
-+ {
-+ g_strchomp (ret);
-+ return ret;
-+ }
-+ }
-+}
-+
- gboolean
- send_dbus_message (const char *cookie, const char *user)
- {
-diff --git a/src/polkitagent/polkitagenthelperprivate.h b/src/polkitagent/polkitagenthelperprivate.h
-index aeca2c7..547fdcc 100644
---- a/src/polkitagent/polkitagenthelperprivate.h
-+++ b/src/polkitagent/polkitagenthelperprivate.h
-@@ -38,6 +38,8 @@
-
- int _polkit_clearenv (void);
-
-+char *read_cookie (int argc, char **argv);
-+
- gboolean send_dbus_message (const char *cookie, const char *user);
-
- void flush_and_wait ();
-diff --git a/src/polkitagent/polkitagentsession.c b/src/polkitagent/polkitagentsession.c
-index f014773..8b93ad0 100644
---- a/src/polkitagent/polkitagentsession.c
-+++ b/src/polkitagent/polkitagentsession.c
-@@ -55,6 +55,7 @@
- #include <stdio.h>
- #include <sys/types.h>
- #include <sys/wait.h>
-+#include <gio/gunixoutputstream.h>
- #include <pwd.h>
-
- #include "polkitagentmarshal.h"
-@@ -88,7 +89,7 @@ struct _PolkitAgentSession
- gchar *cookie;
- PolkitIdentity *identity;
-
-- int child_stdin;
-+ GOutputStream *child_stdin;
- int child_stdout;
- GPid child_pid;
-
-@@ -129,7 +130,6 @@ G_DEFINE_TYPE (PolkitAgentSession, polkit_agent_session, G_TYPE_OBJECT);
- static void
- polkit_agent_session_init (PolkitAgentSession *session)
- {
-- session->child_stdin = -1;
- session->child_stdout = -1;
- }
-
-@@ -395,11 +395,7 @@ kill_helper (PolkitAgentSession *session)
- session->child_stdout = -1;
- }
-
-- if (session->child_stdin != -1)
-- {
-- g_warn_if_fail (close (session->child_stdin) == 0);
-- session->child_stdin = -1;
-- }
-+ g_clear_object (&session->child_stdin);
-
- session->helper_is_running = FALSE;
-
-@@ -545,9 +541,9 @@ polkit_agent_session_response (PolkitAgentSession *session,
-
- add_newline = (response[response_len] != '\n');
-
-- write (session->child_stdin, response, response_len);
-+ (void) g_output_stream_write_all (session->child_stdin, response, response_len, NULL, NULL, NULL);
- if (add_newline)
-- write (session->child_stdin, newline, 1);
-+ (void) g_output_stream_write_all (session->child_stdin, newline, 1, NULL, NULL, NULL);
- }
-
- /**
-@@ -567,8 +563,9 @@ polkit_agent_session_initiate (PolkitAgentSession *session)
- {
- uid_t uid;
- GError *error;
-- gchar *helper_argv[4];
-+ gchar *helper_argv[3];
- struct passwd *passwd;
-+ int stdin_fd = -1;
-
- g_return_if_fail (POLKIT_AGENT_IS_SESSION (session));
-
-@@ -600,10 +597,8 @@ polkit_agent_session_initiate (PolkitAgentSession *session)
-
- helper_argv[0] = PACKAGE_PREFIX "/lib/polkit-1/polkit-agent-helper-1";
- helper_argv[1] = passwd->pw_name;
-- helper_argv[2] = session->cookie;
-- helper_argv[3] = NULL;
-+ helper_argv[2] = NULL;
-
-- session->child_stdin = -1;
- session->child_stdout = -1;
-
- error = NULL;
-@@ -615,7 +610,7 @@ polkit_agent_session_initiate (PolkitAgentSession *session)
- NULL,
- NULL,
- &session->child_pid,
-- &session->child_stdin,
-+ &stdin_fd,
- &session->child_stdout,
- NULL,
- &error))
-@@ -628,6 +623,13 @@ polkit_agent_session_initiate (PolkitAgentSession *session)
- if (G_UNLIKELY (_show_debug ()))
- g_print ("PolkitAgentSession: spawned helper with pid %d\n", (gint) session->child_pid);
-
-+ session->child_stdin = (GOutputStream*)g_unix_output_stream_new (stdin_fd, TRUE);
-+
-+ /* Write the cookie on stdin so it can't be seen by other processes */
-+ (void) g_output_stream_write_all (session->child_stdin, session->cookie, strlen (session->cookie),
-+ NULL, NULL, NULL);
-+ (void) g_output_stream_write_all (session->child_stdin, "\n", 1, NULL, NULL, NULL);
-+
- session->child_stdout_channel = g_io_channel_unix_new (session->child_stdout);
- session->child_stdout_watch_source = g_io_create_watch (session->child_stdout_channel,
- G_IO_IN | G_IO_ERR | G_IO_HUP);
-diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c
-index 3f339e9..15adc6a 100644
---- a/src/polkitbackend/polkitbackendinteractiveauthority.c
-+++ b/src/polkitbackend/polkitbackendinteractiveauthority.c
-@@ -214,6 +214,8 @@ typedef struct
-
- GDBusConnection *system_bus_connection;
- guint name_owner_changed_signal_id;
-+
-+ guint64 agent_serial;
- } PolkitBackendInteractiveAuthorityPrivate;
-
- /* ---------------------------------------------------------------------------------------------------- */
-@@ -439,11 +441,15 @@ struct AuthenticationAgent
- volatile gint ref_count;
-
- PolkitSubject *scope;
-+ guint64 serial;
-
- gchar *locale;
- GVariant *registration_options;
- gchar *object_path;
- gchar *unique_system_bus_name;
-+ GRand *cookie_pool;
-+ gchar *cookie_prefix;
-+ guint64 cookie_serial;
-
- GDBusProxy *proxy;
-
-@@ -1427,9 +1433,54 @@ authentication_session_cancelled_cb (GCancellable *cancellable,
- authentication_session_cancel (session);
- }
-
-+/* We're not calling this a UUID, but it's basically
-+ * the same thing, just not formatted that way because:
-+ *
-+ * - I'm too lazy to do it
-+ * - If we did, people might think it was actually
-+ * generated from /dev/random, which we're not doing
-+ * because this value doesn't actually need to be
-+ * globally unique.
-+ */
-+static void
-+append_rand_u128_str (GString *buf,
-+ GRand *pool)
-+{
-+ g_string_append_printf (buf, "%08x%08x%08x%08x",
-+ g_rand_int (pool),
-+ g_rand_int (pool),
-+ g_rand_int (pool),
-+ g_rand_int (pool));
-+}
-+
-+/* A value that should be unique to the (AuthenticationAgent, AuthenticationSession)
-+ * pair, and not guessable by other agents.
-+ *
-+ * <agent serial> - <agent uuid> - <session serial> - <session uuid>
-+ *
-+ * See http://lists.freedesktop.org/archives/polkit-devel/2015-June/000425.html
-+ *
-+ */
-+static gchar *
-+authentication_agent_generate_cookie (AuthenticationAgent *agent)
-+{
-+ GString *buf = g_string_new ("");
-+
-+ g_string_append (buf, agent->cookie_prefix);
-+
-+ g_string_append_c (buf, '-');
-+ agent->cookie_serial++;
-+ g_string_append_printf (buf, "%" G_GUINT64_FORMAT,
-+ agent->cookie_serial);
-+ g_string_append_c (buf, '-');
-+ append_rand_u128_str (buf, agent->cookie_pool);
-+
-+ return g_string_free (buf, FALSE);
-+}
-+
-+
- static AuthenticationSession *
- authentication_session_new (AuthenticationAgent *agent,
-- const gchar *cookie,
- PolkitSubject *subject,
- PolkitIdentity *user_of_subject,
- PolkitSubject *caller,
-@@ -1447,7 +1498,7 @@ authentication_session_new (AuthenticationAgent *agent,
-
- session = g_new0 (AuthenticationSession, 1);
- session->agent = authentication_agent_ref (agent);
-- session->cookie = g_strdup (cookie);
-+ session->cookie = authentication_agent_generate_cookie (agent);
- session->subject = g_object_ref (subject);
- session->user_of_subject = g_object_ref (user_of_subject);
- session->caller = g_object_ref (caller);
-@@ -1496,16 +1547,6 @@ authentication_session_free (AuthenticationSession *session)
- g_free (session);
- }
-
--static gchar *
--authentication_agent_new_cookie (AuthenticationAgent *agent)
--{
-- static gint counter = 0;
--
-- /* TODO: use a more random-looking cookie */
--
-- return g_strdup_printf ("cookie%d", counter++);
--}
--
- static PolkitSubject *
- authentication_agent_get_scope (AuthenticationAgent *agent)
- {
-@@ -1553,12 +1594,15 @@ authentication_agent_unref (AuthenticationAgent *agent)
- g_free (agent->unique_system_bus_name);
- if (agent->registration_options != NULL)
- g_variant_unref (agent->registration_options);
-+ g_rand_free (agent->cookie_pool);
-+ g_free (agent->cookie_prefix);
- g_free (agent);
- }
- }
-
- static AuthenticationAgent *
--authentication_agent_new (PolkitSubject *scope,
-+authentication_agent_new (guint64 serial,
-+ PolkitSubject *scope,
- const gchar *unique_system_bus_name,
- const gchar *locale,
- const gchar *object_path,
-@@ -1592,6 +1636,7 @@ authentication_agent_new (PolkitSubject *scope,
-
- agent = g_new0 (AuthenticationAgent, 1);
- agent->ref_count = 1;
-+ agent->serial = serial;
- agent->scope = g_object_ref (scope);
- agent->object_path = g_strdup (object_path);
- agent->unique_system_bus_name = g_strdup (unique_system_bus_name);
-@@ -1599,6 +1644,25 @@ authentication_agent_new (PolkitSubject *scope,
- agent->registration_options = registration_options != NULL ? g_variant_ref (registration_options) : NULL;
- agent->proxy = proxy;
-
-+ {
-+ GString *cookie_prefix = g_string_new ("");
-+ GRand *agent_private_rand = g_rand_new ();
-+
-+ g_string_append_printf (cookie_prefix, "%" G_GUINT64_FORMAT "-", agent->serial);
-+
-+ /* Use a uniquely seeded PRNG to get a prefix cookie for this agent,
-+ * whose sequence will not correlate with the per-authentication session
-+ * cookies.
-+ */
-+ append_rand_u128_str (cookie_prefix, agent_private_rand);
-+ g_rand_free (agent_private_rand);
-+
-+ agent->cookie_prefix = g_string_free (cookie_prefix, FALSE);
-+
-+ /* And a newly seeded pool for per-session cookies */
-+ agent->cookie_pool = g_rand_new ();
-+ }
-+
- return agent;
- }
-
-@@ -2193,7 +2257,6 @@ authentication_agent_initiate_challenge (AuthenticationAgent *agent,
- {
- PolkitBackendInteractiveAuthorityPrivate *priv = POLKIT_BACKEND_INTERACTIVE_AUTHORITY_GET_PRIVATE (authority);
- AuthenticationSession *session;
-- gchar *cookie;
- GList *l;
- GList *identities;
- gchar *localized_message;
-@@ -2215,8 +2278,6 @@ authentication_agent_initiate_challenge (AuthenticationAgent *agent,
- &localized_icon_name,
- &localized_details);
-
-- cookie = authentication_agent_new_cookie (agent);
--
- identities = NULL;
-
- /* select admin user if required by the implicit authorization */
-@@ -2279,7 +2340,6 @@ authentication_agent_initiate_challenge (AuthenticationAgent *agent,
- user_identities = g_list_prepend (NULL, polkit_unix_user_new (0));
-
- session = authentication_session_new (agent,
-- cookie,
- subject,
- user_of_subject,
- caller,
-@@ -2335,7 +2395,6 @@ authentication_agent_initiate_challenge (AuthenticationAgent *agent,
- g_list_free_full (user_identities, g_object_unref);
- g_list_foreach (identities, (GFunc) g_object_unref, NULL);
- g_list_free (identities);
-- g_free (cookie);
-
- g_free (localized_message);
- g_free (localized_icon_name);
-@@ -2482,7 +2541,9 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken
- goto out;
- }
-
-- agent = authentication_agent_new (subject,
-+ priv->agent_serial++;
-+ agent = authentication_agent_new (priv->agent_serial,
-+ subject,
- polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (caller)),
- locale,
- object_path,
---
-cgit v0.10.2
-
-From 493aa5dc1d278ab9097110c1262f5229bbaf1766 Mon Sep 17 00:00:00 2001
-From: Colin Walters <walters@redhat.com>
-Date: Wed, 17 Jun 2015 13:07:02 -0400
-Subject: CVE-2015-4625: Bind use of cookies to specific uids
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-http://lists.freedesktop.org/archives/polkit-devel/2015-June/000425.html
-
-The "cookie" value that Polkit hands out is global to all polkit
-users. And when `AuthenticationAgentResponse` is invoked, we
-previously only received the cookie and *target* identity, and
-attempted to find an agent from that.
-
-The problem is that the current cookie is just an integer
-counter, and if it overflowed, it would be possible for
-an successful authorization in one session to trigger a response
-in another session.
-
-The overflow and ability to guess the cookie were fixed by the
-previous patch.
-
-This patch is conceptually further hardening on top of that. Polkit
-currently treats uids as equivalent from a security domain
-perspective; there is no support for
-SELinux/AppArmor/etc. differentiation.
-
-We can retrieve the uid from `getuid()` in the setuid helper, which
-allows us to ensure the uid invoking `AuthenticationAgentResponse2`
-matches that of the agent.
-
-Then the authority only looks at authentication sessions matching the
-cookie that were created by a matching uid, thus removing the ability
-for different uids to interfere with each other entirely.
-
-Several fixes to this patch were contributed by:
-Miloslav Trmač <mitr@redhat.com>
-
-Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90837
-CVE: CVE-2015-4625
-Reported-by: Tavis Ormandy <taviso@google.com>
-Reviewed-by: Miloslav Trmač <mitr@redhat.com>
-Signed-off-by: Colin Walters <walters@redhat.com>
-
-diff --git a/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml b/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml
-index 3b519c2..5beef7d 100644
---- a/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml
-+++ b/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml
-@@ -8,7 +8,19 @@
- <annotation name="org.gtk.EggDBus.DocString" value="<para>This D-Bus interface is used for communication between the system-wide PolicyKit daemon and one or more authentication agents each running in a user session.</para><para>An authentication agent must implement this interface and register (passing the object path of the object implementing the interface) using the org.freedesktop.PolicyKit1.Authority.RegisterAuthenticationAgent() and org.freedesktop.PolicyKit1.Authority.UnregisterAuthenticationAgent() methods on the #org.freedesktop.PolicyKit1.Authority interface of the PolicyKit daemon.</para>"/>
-
- <method name="BeginAuthentication">
-- <annotation name="org.gtk.EggDBus.DocString" value="<para>Called by the PolicyKit daemon when the authentication agent needs the user to authenticate as one of the identities in @identities for the action with the identifier @action_id.</para><para>Upon succesful authentication, the authentication agent must invoke the org.freedesktop.PolicyKit1.Authority.AuthenticationAgentResponse() method on the #org.freedesktop.PolicyKit1.Authority interface of the PolicyKit daemon before returning.</para><para>If the user dismisses the authentication dialog, the authentication agent should return an error.</para>"/>
-+ <annotation name="org.gtk.EggDBus.DocString" value="<para>Called
-+ by the PolicyKit daemon when the authentication agent needs the
-+ user to authenticate as one of the identities in @identities for
-+ the action with the identifier @action_id.</para><para>This
-+ authentication is normally achieved via the
-+ polkit_agent_session_response() API, which invokes a private
-+ setuid helper process to verify the authentication. When
-+ successful, it calls the
-+ org.freedesktop.PolicyKit1.Authority.AuthenticationAgentResponse2()
-+ method on the #org.freedesktop.PolicyKit1.Authority interface of
-+ the PolicyKit daemon before returning. If the user dismisses the
-+ authentication dialog, the authentication agent should call
-+ polkit_agent_session_cancel().</para>"/>
-
- <arg name="action_id" direction="in" type="s">
- <annotation name="org.gtk.EggDBus.DocString" value="The identifier for the action that the user is authentication for."/>
-diff --git a/data/org.freedesktop.PolicyKit1.Authority.xml b/data/org.freedesktop.PolicyKit1.Authority.xml
-index fbfb9cd..f9021ee 100644
---- a/data/org.freedesktop.PolicyKit1.Authority.xml
-+++ b/data/org.freedesktop.PolicyKit1.Authority.xml
-@@ -313,7 +313,29 @@
- </method>
-
- <method name="AuthenticationAgentResponse">
-- <annotation name="org.gtk.EggDBus.DocString" value="Method for authentication agents to invoke on successful authentication. This method will fail unless a sufficiently privileged caller invokes it."/>
-+ <annotation name="org.gtk.EggDBus.DocString" value="Method for authentication agents to invoke on successful
-+authentication, intended only for use by a privileged helper process
-+internal to polkit."/>
-+
-+ <arg name="cookie" direction="in" type="s">
-+ <annotation name="org.gtk.EggDBus.DocString" value="The cookie identifying the authentication request that was passed to the authentication agent."/>
-+ </arg>
-+
-+ <arg name="identity" direction="in" type="(sa{sv})">
-+ <annotation name="org.gtk.EggDBus.Type" value="Identity"/>
-+ <annotation name="org.gtk.EggDBus.DocString" value="A #Identity struct describing what identity was authenticated."/>
-+ </arg>
-+ </method>
-+
-+ <method name="AuthenticationAgentResponse2">
-+ <annotation name="org.gtk.EggDBus.DocString" value="Method for authentication agents to invoke on successful
-+authentication, intended only for use by a privileged helper process
-+internal to polkit. Note this method was added in 0.114, and should be preferred over AuthenticationAgentResponse
-+as it fixes a security issue."/>
-+
-+ <arg name="uid" direction="in" type="u">
-+ <annotation name="org.gtk.EggDBus.DocString" value="The real uid of the agent. Normally set by the setuid helper program."/>
-+ </arg>
-
- <arg name="cookie" direction="in" type="s">
- <annotation name="org.gtk.EggDBus.DocString" value="The cookie identifying the authentication request that was passed to the authentication agent."/>
-diff --git a/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml b/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml
-index 6525e25..e66bf53 100644
---- a/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml
-+++ b/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml
-@@ -42,6 +42,8 @@ Structure <link linkend="eggdbus-struct-TemporaryAuthorization">TemporaryAuth
- IN String object_path)
- <link linkend="eggdbus-method-org.freedesktop.PolicyKit1.Authority.AuthenticationAgentResponse">AuthenticationAgentResponse</link> (IN String cookie,
- IN <link linkend="eggdbus-struct-Identity">Identity</link> identity)
-+<link linkend="eggdbus-method-org.freedesktop.PolicyKit1.Authority.AuthenticationAgentResponse">AuthenticationAgentResponse2</link> (IN uint32 uid, IN String cookie,
-+ IN <link linkend="eggdbus-struct-Identity">Identity</link> identity)
- <link linkend="eggdbus-method-org.freedesktop.PolicyKit1.Authority.EnumerateTemporaryAuthorizations">EnumerateTemporaryAuthorizations</link> (IN <link linkend="eggdbus-struct-Subject">Subject</link> subject,
- OUT Array&lt;<link linkend="eggdbus-struct-TemporaryAuthorization">TemporaryAuthorization</link>&gt; temporary_authorizations)
- <link linkend="eggdbus-method-org.freedesktop.PolicyKit1.Authority.RevokeTemporaryAuthorizations">RevokeTemporaryAuthorizations</link> (IN <link linkend="eggdbus-struct-Subject">Subject</link> subject)
-@@ -777,10 +779,52 @@ AuthenticationAgentResponse (IN String cookie,
- IN <link linkend="eggdbus-struct-Identity">Identity</link> identity)
- </programlisting>
- <para>
--Method for authentication agents to invoke on successful authentication. This method will fail unless a sufficiently privileged caller invokes it.
-+Method for authentication agents to invoke on successful
-+authentication, intended only for use by a privileged helper process
-+internal to polkit. Deprecated in favor of AuthenticationAgentResponse2.
-+ </para>
-+<variablelist role="params">
-+ <varlistentry>
-+ <term><literal>IN String <parameter>cookie</parameter></literal>:</term>
-+ <listitem>
-+ <para>
-+The cookie identifying the authentication request that was passed to the authentication agent.
-+ </para>
-+ </listitem>
-+ </varlistentry>
-+ <varlistentry>
-+ <term><literal>IN <link linkend="eggdbus-struct-Identity">Identity</link> <parameter>identity</parameter></literal>:</term>
-+ <listitem>
-+ <para>
-+A <link linkend="eggdbus-struct-Identity">Identity</link> struct describing what identity was authenticated.
-+ </para>
-+ </listitem>
-+ </varlistentry>
-+</variablelist>
-+ </refsect2>
-+ <refsect2 role="function" id="eggdbus-method-org.freedesktop.PolicyKit1.Authority.AuthenticationAgentResponse2">
-+ <title>AuthenticationAgentResponse2 ()</title>
-+ <programlisting>
-+AuthenticationAgentResponse2 (IN uint32 uid,
-+ IN String cookie,
-+ IN <link linkend="eggdbus-struct-Identity">Identity</link> identity)
-+ </programlisting>
-+ <para>
-+Method for authentication agents to invoke on successful
-+authentication, intended only for use by a privileged helper process
-+internal to polkit. Note this method was introduced in 0.114 to fix a security issue.
- </para>
- <variablelist role="params">
- <varlistentry>
-+ <term><literal>IN uint32 <parameter>uid</parameter></literal>:</term>
-+ <listitem>
-+ <para>
-+The user id of the agent; normally this is the owner of the parent pid
-+of the process that invoked the internal setuid helper.
-+ </para>
-+ </listitem>
-+ </varlistentry>
-+ <varlistentry>
- <term><literal>IN String <parameter>cookie</parameter></literal>:</term>
- <listitem>
- <para>
-diff --git a/docs/polkit/overview.xml b/docs/polkit/overview.xml
-index 150a7bc..176d2ea 100644
---- a/docs/polkit/overview.xml
-+++ b/docs/polkit/overview.xml
-@@ -314,16 +314,18 @@
- <para>
- Authentication agents are provided by desktop environments. When
- an user session starts, the agent registers with the polkit
-- Authority using
-- the <link linkend="eggdbus-method-org.freedesktop.PolicyKit1.Authority.RegisterAuthenticationAgent">RegisterAuthenticationAgent()</link>
-+ Authority using the <link
-+ linkend="eggdbus-method-org.freedesktop.PolicyKit1.Authority.RegisterAuthenticationAgent">RegisterAuthenticationAgent()</link>
- method. When services are needed, the authority will invoke
-- methods on
-- the <link linkend="eggdbus-interface-org.freedesktop.PolicyKit1.AuthenticationAgent">org.freedesktop.PolicyKit1.AuthenticationAgent</link>
-+ methods on the <link
-+ linkend="eggdbus-interface-org.freedesktop.PolicyKit1.AuthenticationAgent">org.freedesktop.PolicyKit1.AuthenticationAgent</link>
- D-Bus interface. Once the user is authenticated, (a privileged
-- part of) the agent invokes
-- the <link linkend="eggdbus-method-org.freedesktop.PolicyKit1.Authority.AuthenticationAgentResponse">AuthenticationAgentResponse()</link>
-- method. Note that the polkit Authority itself does not care
-- how the agent authenticates the user.
-+ part of) the agent invokes the <link
-+ linkend="eggdbus-method-org.freedesktop.PolicyKit1.Authority.AuthenticationAgentResponse">AuthenticationAgentResponse()</link>
-+ method. This method should be treated as an internal
-+ implementation detail, and callers should use the public shared
-+ library API to invoke it, which currently uses a setuid helper
-+ program.
- </para>
- <para>
- The <link linkend="ref-authentication-agent-api">libpolkit-agent-1</link>
-diff --git a/src/polkit/polkitauthority.c b/src/polkit/polkitauthority.c
-index ab6d3cd..6bd684a 100644
---- a/src/polkit/polkitauthority.c
-+++ b/src/polkit/polkitauthority.c
-@@ -1492,6 +1492,14 @@ polkit_authority_authentication_agent_response (PolkitAuthority *authority,
- gpointer user_data)
- {
- GVariant *identity_value;
-+ /* Note that in reality, this API is only accessible to root, and
-+ * only called from the setuid helper `polkit-agent-helper-1`.
-+ *
-+ * However, because this is currently public API, we avoid
-+ * triggering warnings from ABI diff type programs by just grabbing
-+ * the real uid of the caller here.
-+ */
-+ uid_t uid = getuid ();
-
- g_return_if_fail (POLKIT_IS_AUTHORITY (authority));
- g_return_if_fail (cookie != NULL);
-@@ -1501,8 +1509,9 @@ polkit_authority_authentication_agent_response (PolkitAuthority *authority,
- identity_value = polkit_identity_to_gvariant (identity);
- g_variant_ref_sink (identity_value);
- g_dbus_proxy_call (authority->proxy,
-- "AuthenticationAgentResponse",
-- g_variant_new ("(s@(sa{sv}))",
-+ "AuthenticationAgentResponse2",
-+ g_variant_new ("(us@(sa{sv}))",
-+ (guint32)uid,
- cookie,
- identity_value),
- G_DBUS_CALL_FLAGS_NONE,
-diff --git a/src/polkitbackend/polkitbackendauthority.c b/src/polkitbackend/polkitbackendauthority.c
-index 601a974..03a4e84 100644
---- a/src/polkitbackend/polkitbackendauthority.c
-+++ b/src/polkitbackend/polkitbackendauthority.c
-@@ -355,6 +355,7 @@ polkit_backend_authority_unregister_authentication_agent (PolkitBackendAuthority
- gboolean
- polkit_backend_authority_authentication_agent_response (PolkitBackendAuthority *authority,
- PolkitSubject *caller,
-+ uid_t uid,
- const gchar *cookie,
- PolkitIdentity *identity,
- GError **error)
-@@ -373,7 +374,7 @@ polkit_backend_authority_authentication_agent_response (PolkitBackendAuthority
- }
- else
- {
-- return klass->authentication_agent_response (authority, caller, cookie, identity, error);
-+ return klass->authentication_agent_response (authority, caller, uid, cookie, identity, error);
- }
- }
-
-@@ -587,6 +588,11 @@ static const gchar *server_introspection_data =
- " <arg type='s' name='cookie' direction='in'/>"
- " <arg type='(sa{sv})' name='identity' direction='in'/>"
- " </method>"
-+ " <method name='AuthenticationAgentResponse2'>"
-+ " <arg type='u' name='uid' direction='in'/>"
-+ " <arg type='s' name='cookie' direction='in'/>"
-+ " <arg type='(sa{sv})' name='identity' direction='in'/>"
-+ " </method>"
- " <method name='EnumerateTemporaryAuthorizations'>"
- " <arg type='(sa{sv})' name='subject' direction='in'/>"
- " <arg type='a(ss(sa{sv})tt)' name='temporary_authorizations' direction='out'/>"
-@@ -1035,6 +1041,57 @@ server_handle_authentication_agent_response (Server *server,
- error = NULL;
- if (!polkit_backend_authority_authentication_agent_response (server->authority,
- caller,
-+ (uid_t)-1,
-+ cookie,
-+ identity,
-+ &error))
-+ {
-+ g_dbus_method_invocation_return_gerror (invocation, error);
-+ g_error_free (error);
-+ goto out;
-+ }
-+
-+ g_dbus_method_invocation_return_value (invocation, g_variant_new ("()"));
-+
-+ out:
-+ if (identity != NULL)
-+ g_object_unref (identity);
-+}
-+
-+static void
-+server_handle_authentication_agent_response2 (Server *server,
-+ GVariant *parameters,
-+ PolkitSubject *caller,
-+ GDBusMethodInvocation *invocation)
-+{
-+ const gchar *cookie;
-+ GVariant *identity_gvariant;
-+ PolkitIdentity *identity;
-+ GError *error;
-+ guint32 uid;
-+
-+ identity = NULL;
-+
-+ g_variant_get (parameters,
-+ "(u&s@(sa{sv}))",
-+ &uid,
-+ &cookie,
-+ &identity_gvariant);
-+
-+ error = NULL;
-+ identity = polkit_identity_new_for_gvariant (identity_gvariant, &error);
-+ if (identity == NULL)
-+ {
-+ g_prefix_error (&error, "Error getting identity: ");
-+ g_dbus_method_invocation_return_gerror (invocation, error);
-+ g_error_free (error);
-+ goto out;
-+ }
-+
-+ error = NULL;
-+ if (!polkit_backend_authority_authentication_agent_response (server->authority,
-+ caller,
-+ (uid_t)uid,
- cookie,
- identity,
- &error))
-@@ -1222,6 +1279,8 @@ server_handle_method_call (GDBusConnection *connection,
- server_handle_unregister_authentication_agent (server, parameters, caller, invocation);
- else if (g_strcmp0 (method_name, "AuthenticationAgentResponse") == 0)
- server_handle_authentication_agent_response (server, parameters, caller, invocation);
-+ else if (g_strcmp0 (method_name, "AuthenticationAgentResponse2") == 0)
-+ server_handle_authentication_agent_response2 (server, parameters, caller, invocation);
- else if (g_strcmp0 (method_name, "EnumerateTemporaryAuthorizations") == 0)
- server_handle_enumerate_temporary_authorizations (server, parameters, caller, invocation);
- else if (g_strcmp0 (method_name, "RevokeTemporaryAuthorizations") == 0)
-diff --git a/src/polkitbackend/polkitbackendauthority.h b/src/polkitbackend/polkitbackendauthority.h
-index f9f7385..88df82e 100644
---- a/src/polkitbackend/polkitbackendauthority.h
-+++ b/src/polkitbackend/polkitbackendauthority.h
-@@ -147,6 +147,7 @@ struct _PolkitBackendAuthorityClass
-
- gboolean (*authentication_agent_response) (PolkitBackendAuthority *authority,
- PolkitSubject *caller,
-+ uid_t uid,
- const gchar *cookie,
- PolkitIdentity *identity,
- GError **error);
-@@ -249,6 +250,7 @@ gboolean polkit_backend_authority_unregister_authentication_agent (PolkitBackend
-
- gboolean polkit_backend_authority_authentication_agent_response (PolkitBackendAuthority *authority,
- PolkitSubject *caller,
-+ uid_t uid,
- const gchar *cookie,
- PolkitIdentity *identity,
- GError **error);
-diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c
-index 15adc6a..96725f7 100644
---- a/src/polkitbackend/polkitbackendinteractiveauthority.c
-+++ b/src/polkitbackend/polkitbackendinteractiveauthority.c
-@@ -108,8 +108,9 @@ static AuthenticationAgent *get_authentication_agent_for_subject (PolkitBackendI
- PolkitSubject *subject);
-
-
--static AuthenticationSession *get_authentication_session_for_cookie (PolkitBackendInteractiveAuthority *authority,
-- const gchar *cookie);
-+static AuthenticationSession *get_authentication_session_for_uid_and_cookie (PolkitBackendInteractiveAuthority *authority,
-+ uid_t uid,
-+ const gchar *cookie);
-
- static GList *get_authentication_sessions_initiated_by_system_bus_unique_name (PolkitBackendInteractiveAuthority *authority,
- const gchar *system_bus_unique_name);
-@@ -169,6 +170,7 @@ static gboolean polkit_backend_interactive_authority_unregister_authentication_a
-
- static gboolean polkit_backend_interactive_authority_authentication_agent_response (PolkitBackendAuthority *authority,
- PolkitSubject *caller,
-+ uid_t uid,
- const gchar *cookie,
- PolkitIdentity *identity,
- GError **error);
-@@ -440,6 +442,7 @@ struct AuthenticationAgent
- {
- volatile gint ref_count;
-
-+ uid_t creator_uid;
- PolkitSubject *scope;
- guint64 serial;
-
-@@ -1603,6 +1606,7 @@ authentication_agent_unref (AuthenticationAgent *agent)
- static AuthenticationAgent *
- authentication_agent_new (guint64 serial,
- PolkitSubject *scope,
-+ PolkitIdentity *creator,
- const gchar *unique_system_bus_name,
- const gchar *locale,
- const gchar *object_path,
-@@ -1611,6 +1615,10 @@ authentication_agent_new (guint64 serial,
- {
- AuthenticationAgent *agent;
- GDBusProxy *proxy;
-+ PolkitUnixUser *creator_user;
-+
-+ g_assert (POLKIT_IS_UNIX_USER (creator));
-+ creator_user = POLKIT_UNIX_USER (creator);
-
- if (!g_variant_is_object_path (object_path))
- {
-@@ -1638,6 +1646,7 @@ authentication_agent_new (guint64 serial,
- agent->ref_count = 1;
- agent->serial = serial;
- agent->scope = g_object_ref (scope);
-+ agent->creator_uid = (uid_t)polkit_unix_user_get_uid (creator_user);
- agent->object_path = g_strdup (object_path);
- agent->unique_system_bus_name = g_strdup (unique_system_bus_name);
- agent->locale = g_strdup (locale);
-@@ -1736,8 +1745,9 @@ get_authentication_agent_for_subject (PolkitBackendInteractiveAuthority *authori
- }
-
- static AuthenticationSession *
--get_authentication_session_for_cookie (PolkitBackendInteractiveAuthority *authority,
-- const gchar *cookie)
-+get_authentication_session_for_uid_and_cookie (PolkitBackendInteractiveAuthority *authority,
-+ uid_t uid,
-+ const gchar *cookie)
- {
- PolkitBackendInteractiveAuthorityPrivate *priv;
- GHashTableIter hash_iter;
-@@ -1755,6 +1765,23 @@ get_authentication_session_for_cookie (PolkitBackendInteractiveAuthority *author
- {
- GList *l;
-
-+ /* We need to ensure that if somehow we have duplicate cookies
-+ * due to wrapping, that the cookie used is matched to the user
-+ * who called AuthenticationAgentResponse2. See
-+ * http://lists.freedesktop.org/archives/polkit-devel/2015-June/000425.html
-+ *
-+ * Except if the legacy AuthenticationAgentResponse is invoked,
-+ * we don't know the uid and hence use -1. Continue to support
-+ * the old behavior for backwards compatibility, although everyone
-+ * who is using our own setuid helper will automatically be updated
-+ * to the new API.
-+ */
-+ if (uid != (uid_t)-1)
-+ {
-+ if (agent->creator_uid != uid)
-+ continue;
-+ }
-+
- for (l = agent->active_sessions; l != NULL; l = l->next)
- {
- AuthenticationSession *session = l->data;
-@@ -2544,6 +2571,7 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken
- priv->agent_serial++;
- agent = authentication_agent_new (priv->agent_serial,
- subject,
-+ user_of_caller,
- polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (caller)),
- locale,
- object_path,
-@@ -2757,6 +2785,7 @@ polkit_backend_interactive_authority_unregister_authentication_agent (PolkitBack
- static gboolean
- polkit_backend_interactive_authority_authentication_agent_response (PolkitBackendAuthority *authority,
- PolkitSubject *caller,
-+ uid_t uid,
- const gchar *cookie,
- PolkitIdentity *identity,
- GError **error)
-@@ -2799,7 +2828,7 @@ polkit_backend_interactive_authority_authentication_agent_response (PolkitBacken
- }
-
- /* find the authentication session */
-- session = get_authentication_session_for_cookie (interactive_authority, cookie);
-+ session = get_authentication_session_for_uid_and_cookie (interactive_authority, uid, cookie);
- if (session == NULL)
- {
- g_set_error (error,
---
-cgit v0.10.2
-
---- ./configure.ac.orig
-+++ ./configure.ac
-@@ -122,7 +122,7 @@
- changequote([,])dnl
- fi
-
--PKG_CHECK_MODULES(GLIB, [gio-2.0 >= 2.28.0])
-+PKG_CHECK_MODULES(GLIB, [gmodule-2.0 gio-unix-2.0 gio-2.0 >= 2.30.0])
- AC_SUBST(GLIB_CFLAGS)
- AC_SUBST(GLIB_LIBS)
-
diff --git a/user/polkit/automake.patch b/user/polkit/automake.patch
deleted file mode 100644
index 0f6825a26..000000000
--- a/user/polkit/automake.patch
+++ /dev/null
@@ -1,19 +0,0 @@
---- ./configure.ac.orig 2012-12-31 21:39:08.969445979 +0000
-+++ ./configure.ac 2012-12-31 21:39:30.136285425 +0000
-@@ -3,7 +3,7 @@
- AC_PREREQ(2.59c)
- AC_INIT(polkit, 0.105, http://lists.freedesktop.org/mailman/listinfo/polkit-devel)
- AM_INIT_AUTOMAKE(polkit, 0.105)
--AM_CONFIG_HEADER(config.h)
-+AC_CONFIG_HEADER(config.h)
- AM_MAINTAINER_MODE
-
- m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])])
-@@ -24,7 +24,6 @@
-
- AC_ISC_POSIX
- AC_PROG_CC
--AM_PROG_CC_STDC
- AC_HEADER_STDC
- AM_PROG_LIBTOOL
- AC_PROG_MAKE_SET
diff --git a/user/polkit/disable-ck-test.patch b/user/polkit/disable-ck-test.patch
deleted file mode 100644
index e1987d40d..000000000
--- a/user/polkit/disable-ck-test.patch
+++ /dev/null
@@ -1,15 +0,0 @@
-This test requires ConsoleKit to be running.
-
---- polkit-0.105/test/polkitbackend/Makefile.am.old 2012-04-24 11:05:34.000000000 -0500
-+++ polkit-0.105/test/polkitbackend/Makefile.am 2017-09-27 20:48:42.479959296 -0500
-@@ -36,8 +36,8 @@
- TEST_PROGS += polkitbackendlocalauthorizationstoretest
- polkitbackendlocalauthorizationstoretest_SOURCES = polkitbackendlocalauthorizationstoretest.c
-
--TEST_PROGS += polkitbackendlocalauthoritytest
--polkitbackendlocalauthoritytest_SOURCES = polkitbackendlocalauthoritytest.c
-+#TEST_PROGS += polkitbackendlocalauthoritytest
-+#polkitbackendlocalauthoritytest_SOURCES = polkitbackendlocalauthoritytest.c
-
- # ----------------------------------------------------------------------------------------------------
-