Hello community,
here is the log from the commit of package smpppd
checked in at Wed Sep 24 17:32:50 CEST 2008.
--------
--- smpppd/smpppd.changes 2008-09-16 16:08:33.000000000 +0200
+++ /mounts/work_src_done/STABLE/smpppd/smpppd.changes 2008-09-19 14:29:59.000000000 +0200
@@ -1,0 +2,5 @@
+Fri Sep 19 14:29:18 CEST 2008 - lnussel@suse.de
+
+- also check explicit PolicyKit authorizations
+
+-------------------------------------------------------------------
Old:
----
smpppd-1.59_SVN30.tar.bz2
New:
----
smpppd-1.59_SVN31.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ smpppd.spec ++++++
--- /var/tmp/diff_new_pack.eV1623/_old 2008-09-24 17:31:12.000000000 +0200
+++ /var/tmp/diff_new_pack.eV1623/_new 2008-09-24 17:31:12.000000000 +0200
@@ -1,5 +1,5 @@
#
-# spec file for package smpppd (Version 1.59_SVN30)
+# spec file for package smpppd (Version 1.59_SVN31)
#
# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
@@ -25,7 +25,7 @@
Group: Productivity/Networking/PPP
Summary: SuSE Meta PPP Daemon
Requires: ppp /usr/bin/killall
-Version: 1.59_SVN30
+Version: 1.59_SVN31
Release: 1
Source0: smpppd-%version.tar.bz2
BuildRoot: %{_tmppath}/%{name}-%{version}-build
@@ -41,7 +41,8 @@
Authors:
--------
- Arvin Schnell
+ Arvin Schnell
+ Ludwig Nussel
%prep
%setup -q
@@ -107,6 +108,8 @@
%{restart_on_update smpppd}
%changelog
+* Fri Sep 19 2008 lnussel@suse.de
+- also check explicit PolicyKit authorizations
* Tue Sep 16 2008 lnussel@suse.de
- add support for IPv6
* Thu Sep 11 2008 lnussel@suse.de
++++++ smpppd-1.59_SVN30.tar.bz2 -> smpppd-1.59_SVN31.tar.bz2 ++++++
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/smpppd-1.59_SVN30/configure new/smpppd-1.59_SVN31/configure
--- old/smpppd-1.59_SVN30/configure 2008-09-16 16:07:23.000000000 +0200
+++ new/smpppd-1.59_SVN31/configure 2008-09-19 14:26:53.000000000 +0200
@@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.61 for smpppd 1.59_SVN30.
+# Generated by GNU Autoconf 2.61 for smpppd 1.59_SVN31.
#
# Report bugs to http://developer.novell.com/wiki/index.php/Smpppd.
#
@@ -574,8 +574,8 @@
# Identity of this package.
PACKAGE_NAME='smpppd'
PACKAGE_TARNAME='smpppd'
-PACKAGE_VERSION='1.59_SVN30'
-PACKAGE_STRING='smpppd 1.59_SVN30'
+PACKAGE_VERSION='1.59_SVN31'
+PACKAGE_STRING='smpppd 1.59_SVN31'
PACKAGE_BUGREPORT='http://developer.novell.com/wiki/index.php/Smpppd'
ac_unique_file="smpppd/smpppd.cc"
@@ -1224,7 +1224,7 @@
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures smpppd 1.59_SVN30 to adapt to many kinds of systems.
+\`configure' configures smpppd 1.59_SVN31 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1290,7 +1290,7 @@
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of smpppd 1.59_SVN30:";;
+ short | recursive ) echo "Configuration of smpppd 1.59_SVN31:";;
esac
cat <<\_ACEOF
@@ -1387,7 +1387,7 @@
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-smpppd configure 1.59_SVN30
+smpppd configure 1.59_SVN31
generated by GNU Autoconf 2.61
Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001,
@@ -1401,7 +1401,7 @@
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by smpppd $as_me 1.59_SVN30, which was
+It was created by smpppd $as_me 1.59_SVN31, which was
generated by GNU Autoconf 2.61. Invocation command line was
$ $0 $@
@@ -2094,7 +2094,7 @@
# Define the identity of the package.
PACKAGE='smpppd'
- VERSION='1.59_SVN30'
+ VERSION='1.59_SVN31'
cat >>confdefs.h <<_ACEOF
@@ -5615,7 +5615,7 @@
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by smpppd $as_me 1.59_SVN30, which was
+This file was extended by smpppd $as_me 1.59_SVN31, which was
generated by GNU Autoconf 2.61. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -5668,7 +5668,7 @@
_ACEOF
cat >>$CONFIG_STATUS <<_ACEOF
ac_cs_version="\\
-smpppd config.status 1.59_SVN30
+smpppd config.status 1.59_SVN31
configured by $0, generated by GNU Autoconf 2.61,
with options \\"`echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`\\"
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/smpppd-1.59_SVN30/smpppd/check-polkit-auth.c new/smpppd-1.59_SVN31/smpppd/check-polkit-auth.c
--- old/smpppd-1.59_SVN30/smpppd/check-polkit-auth.c 2008-09-11 17:05:03.000000000 +0200
+++ new/smpppd-1.59_SVN31/smpppd/check-polkit-auth.c 2008-09-19 14:25:55.000000000 +0200
@@ -35,8 +35,11 @@
static int debug_lvl;
static uid_t session_uid;
+static pid_t session_pid;
static const char* priv_name;
+static PolKitContext *pk_context = NULL;
+
#define IF_ERROR_PRINT(error) \
do { if(dbus_error_is_set(&error)) { \
fprintf(stderr, "%s: %s", error.name, error.message); \
@@ -221,7 +224,6 @@
static dbus_bool_t is_session_authorized(polkit_bool_t is_active, polkit_bool_t is_local, const char* session_id, const char* seat_id)
{
PolKitError *p_error = NULL;
- PolKitContext *pk_context = NULL;
PolKitResult pk_result;
PolKitSeat *pk_seat;
@@ -237,13 +239,6 @@
seat_id += strlen(PFX);
#undef PFX
- pk_context = polkit_context_new ();
- if (!polkit_context_init (pk_context, &p_error)) {
- fprintf (stderr, "could not init PolicyKit context: %s\n", polkit_error_get_error_message (p_error));
- polkit_error_free(p_error);
- return ret;
- }
-
pk_seat = polkit_seat_new ();
polkit_seat_set_ck_objref (pk_seat, seat_id);
pk_session = polkit_session_new ();
@@ -278,27 +273,88 @@
polkit_action_unref (pk_action);
polkit_session_unref (pk_session);
- polkit_context_unref(pk_context);
+
+ return ret;
+}
+
+static dbus_bool_t is_caller_authorized()
+{
+ PolKitError *p_error = NULL;
+ PolKitCaller* pk_caller = NULL;
+ PolKitResult pk_result;
+ PolKitAction *pk_action;
+ dbus_bool_t ret = FALSE;
+
+ pk_action = polkit_action_new();
+ polkit_action_set_action_id (pk_action, priv_name);
+
+ pk_caller = polkit_caller_new();
+ polkit_caller_set_uid(pk_caller, session_uid);
+ polkit_caller_set_pid(pk_caller, session_pid);
+
+ if(!polkit_caller_validate(pk_caller)) {
+ if(debug_lvl) printf ("caller invalid\n");
+ goto out;
+ }
+
+ pk_result = polkit_context_is_caller_authorized (pk_context, pk_action, pk_caller, TRUE, &p_error);
+
+ if(pk_result != POLKIT_RESULT_YES) {
+ if(polkit_error_is_set(p_error)) {
+ fprintf(stderr, "Error: %s\n", polkit_error_get_error_message (p_error));
+ polkit_error_free(p_error);
+ }
+ if(debug_lvl) printf ("caller unauthorized\n");
+ } else {
+ if(debug_lvl) printf ("caller authorized\n");
+ ret = TRUE;
+ }
+
+out:
+ polkit_action_unref(pk_action);
+ polkit_caller_unref(pk_caller);
return ret;
}
int main(int argc, char* argv[])
{
+ PolKitError *p_error = NULL;
int argi = 1;
+ int ok = FALSE;
+
if(argc - argi) {
if(!strcmp(argv[argi], "--debug")) {
++argi;
debug_lvl = 1;
}
}
- if(argc - argi != 2) {
- fprintf(stderr, "Usage: %s [--debug] <uid> <privilege>\n", program_invocation_short_name);
+ if(argc - argi < 2) {
+ fprintf(stderr, "Usage: %s [--debug] <uid> <privilege> [pid]\n", program_invocation_short_name);
return 1;
}
- session_uid = atol(argv[argi]);
- priv_name = argv[argi+1];
+ session_uid = atol(argv[argi++]);
+ priv_name = argv[argi++];
+ if(argc-argi) {
+ session_pid = atol(argv[argi++]);
+ }
+
+ pk_context = polkit_context_new ();
+ if (!polkit_context_init (pk_context, &p_error)) {
+ fprintf (stderr, "could not init PolicyKit context: %s\n", polkit_error_get_error_message (p_error));
+ polkit_error_free(p_error);
+ return 1;
+ }
+
+ // stupid but we always need a pid for that to work
+ if(session_pid)
+ ok = is_caller_authorized();
+
+ if(!ok)
+ ok = have_authorized_session();
+
+ polkit_context_unref(pk_context);
- return !have_authorized_session();
+ return !ok;
}
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/smpppd-1.59_SVN30/smpppd/smpppd.cc new/smpppd-1.59_SVN31/smpppd/smpppd.cc
--- old/smpppd-1.59_SVN30/smpppd/smpppd.cc 2008-09-11 17:05:03.000000000 +0200
+++ new/smpppd-1.59_SVN31/smpppd/smpppd.cc 2008-09-19 14:25:55.000000000 +0200
@@ -556,9 +556,12 @@
polkit << PACKAGE_LIB_DIR "/check-polkit-auth";
char uidstr[128];
+ char pidstr[128];
snprintf(uidstr, sizeof(uidstr), "%u", cred.uid);
+ snprintf(pidstr, sizeof(pidstr), "%u", cred.pid);
polkit << uidstr;
polkit << POLKIT_PRIV_CONNECT;
+ polkit << pidstr;
if(!polkit.start())
{
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org