Compare commits

..

No commits in common. 'c9' and 'i8-beta' have entirely different histories.
c9 ... i8-beta

2
.gitignore vendored

@ -1 +1 @@
SOURCES/gvfs-1.48.1.tar.xz SOURCES/gvfs-1.36.2.tar.xz

@ -1 +1 @@
d49f1e5247ad09d07e9a9ec0a936959e9fbdb7f1 SOURCES/gvfs-1.48.1.tar.xz fb5fe05f0661da8c88f5fa41014bcd526ad39993 SOURCES/gvfs-1.36.2.tar.xz

@ -0,0 +1,301 @@
From abde372ea0188d7c1ca7a183b5a5be152e7a377b Mon Sep 17 00:00:00 2001
From: Sergey Cherevko <s.cherevko@msvsphere-os.ru>
Date: Fri, 15 Mar 2024 12:34:26 +0300
Subject: [PATCH] Added yandex disk webdav support (by Alexey Berezhok
<aberezhok@msvsphere-os.ru>)
---
daemon/gvfsbackenddav.c | 242 +++++++++++++++++++++++++++++++++++++++-
1 file changed, 240 insertions(+), 2 deletions(-)
diff --git a/daemon/gvfsbackenddav.c b/daemon/gvfsbackenddav.c
index 967f1db..7d6814e 100644
--- a/daemon/gvfsbackenddav.c
+++ b/daemon/gvfsbackenddav.c
@@ -114,6 +114,205 @@ struct _GVfsBackendDav
G_DEFINE_TYPE (GVfsBackendDav, g_vfs_backend_dav, G_VFS_TYPE_BACKEND_HTTP);
+/*Yandex Oauth, looks like same as basik, but another token*/
+
+/* Standard GObject macros */
+#define E_TYPE_SOUP_AUTH_BEARER \
+ (e_soup_auth_bearer_get_type ())
+#define E_SOUP_AUTH_BEARER(obj) \
+ (G_TYPE_CHECK_INSTANCE_CAST \
+ ((obj), E_TYPE_SOUP_AUTH_BEARER, ESoupAuthBearer))
+#define E_SOUP_AUTH_BEARER_CLASS(cls) \
+ (G_TYPE_CHECK_CLASS_CAST \
+ ((cls), E_TYPE_SOUP_AUTH_BEARER, ESoupAuthBearerClass))
+#define E_IS_SOUP_AUTH_BEARER(obj) \
+ (G_TYPE_CHECK_INSTANCE_TYPE \
+ ((obj), E_TYPE_SOUP_AUTH_BEARER))
+#define E_IS_SOUP_AUTH_BEARER_CLASS(cls) \
+ (G_TYPE_CHECK_CLASS_TYPE \
+ ((cls), E_TYPE_SOUP_AUTH_BEARER))
+#define E_SOUP_AUTH_BEARER_GET_CLASS(obj) \
+ (G_TYPE_INSTANCE_GET_CLASS \
+ ((obj), E_TYPE_SOUP_AUTH_BEARER, ESoupAuthBearerClass))
+
+G_BEGIN_DECLS
+
+typedef struct _ESoupAuthBearer ESoupAuthBearer;
+typedef struct _ESoupAuthBearerClass ESoupAuthBearerClass;
+typedef struct _ESoupAuthBearerPrivate ESoupAuthBearerPrivate;
+
+
+struct _ESoupAuthBearer {
+ /*< private >*/
+ SoupAuth parent;
+ ESoupAuthBearerPrivate *priv;
+};
+
+struct _ESoupAuthBearerClass {
+ SoupAuthClass parent_class;
+};
+
+GType e_soup_auth_bearer_get_type (void) G_GNUC_CONST;
+void e_soup_auth_bearer_set_access_token
+ (ESoupAuthBearer *bearer,
+ const gchar *access_token);
+gboolean
+e_soup_auth_bearer_set_custom_bearer_name (ESoupAuthBearer *bearer,
+const gchar *bearer_name);
+
+G_END_DECLS
+
+#define OAUTH_SAUTH_STRENGTH 1
+
+struct _ESoupAuthBearerPrivate {
+ GMutex property_lock;
+ gchar *access_token;
+};
+
+G_DEFINE_TYPE_WITH_PRIVATE (
+ ESoupAuthBearer,
+ e_soup_auth_bearer,
+ SOUP_TYPE_AUTH)
+
+static void
+e_soup_auth_bearer_finalize (GObject *object)
+{
+ ESoupAuthBearerPrivate *priv;
+
+ priv = E_SOUP_AUTH_BEARER (object)->priv;
+
+ g_mutex_clear (&priv->property_lock);
+ g_free (priv->access_token);
+
+ G_OBJECT_CLASS (e_soup_auth_bearer_parent_class)->finalize (object);
+}
+
+static gboolean
+e_soup_auth_bearer_update (SoupAuth *auth,
+ SoupMessage *message,
+ GHashTable *auth_header)
+{
+
+ ESoupAuthBearer *bearer;
+
+ g_return_val_if_fail (E_IS_SOUP_AUTH_BEARER (auth), FALSE);
+
+ bearer = E_SOUP_AUTH_BEARER (auth);
+
+ g_mutex_lock (&bearer->priv->property_lock);
+
+ if (bearer->priv->access_token){
+ memset (bearer->priv->access_token, 0, strlen (bearer->priv->access_token));
+ g_free (bearer->priv->access_token);
+ bearer->priv->access_token = NULL;
+ }
+
+ g_mutex_unlock (&bearer->priv->property_lock);
+
+ return TRUE;
+}
+
+static GSList *
+e_soup_auth_bearer_get_protection_space (SoupAuth *auth,
+ SoupURI *source_uri)
+{
+ return g_slist_prepend (NULL, g_strdup (""));
+}
+
+static gboolean
+e_soup_auth_bearer_is_authenticated (SoupAuth *auth)
+{
+ ESoupAuthBearer *bearer;
+ gboolean authenticated = FALSE;
+
+ bearer = E_SOUP_AUTH_BEARER (auth);
+
+ g_mutex_lock (&bearer->priv->property_lock);
+
+ authenticated = (bearer->priv->access_token != NULL);
+
+ g_mutex_unlock (&bearer->priv->property_lock);
+
+ return authenticated;
+}
+
+static gchar *
+e_soup_auth_bearer_get_authorization (SoupAuth *auth,
+ SoupMessage *message)
+{
+ ESoupAuthBearer *bearer;
+ gchar *res;
+
+ bearer = E_SOUP_AUTH_BEARER (auth);
+
+ g_mutex_lock (&bearer->priv->property_lock);
+ res = g_strdup_printf ("OAuth %s", bearer->priv->access_token);
+ g_mutex_unlock (&bearer->priv->property_lock);
+
+ return res;
+}
+
+static void
+e_soup_auth_bearer_class_init (ESoupAuthBearerClass *class)
+{
+ GObjectClass *object_class;
+ SoupAuthClass *auth_class;
+
+ object_class = G_OBJECT_CLASS (class);
+ object_class->finalize = e_soup_auth_bearer_finalize;
+
+ auth_class = SOUP_AUTH_CLASS (class);
+ auth_class->scheme_name = "Basic";
+ auth_class->strength = OAUTH_SAUTH_STRENGTH;
+ auth_class->update = e_soup_auth_bearer_update;
+ auth_class->get_protection_space = e_soup_auth_bearer_get_protection_space;
+ auth_class->is_authenticated = e_soup_auth_bearer_is_authenticated;
+ auth_class->get_authorization = e_soup_auth_bearer_get_authorization;
+}
+
+static void
+e_soup_auth_bearer_init (ESoupAuthBearer *bearer)
+{
+ bearer->priv = e_soup_auth_bearer_get_instance_private (bearer);
+ g_mutex_init (&bearer->priv->property_lock);
+}
+
+void
+e_soup_auth_bearer_set_access_token (ESoupAuthBearer *bearer,
+ const gchar *access_token)
+{
+ gboolean was_authenticated;
+ gboolean now_authenticated;
+
+ g_return_if_fail (E_IS_SOUP_AUTH_BEARER (bearer));
+
+ was_authenticated = soup_auth_is_authenticated (SOUP_AUTH (bearer));
+
+ g_mutex_lock (&bearer->priv->property_lock);
+
+ if (g_strcmp0 (bearer->priv->access_token, access_token) == 0) {
+ g_mutex_unlock (&bearer->priv->property_lock);
+ return;
+ }
+
+ g_free (bearer->priv->access_token);
+ bearer->priv->access_token = g_strdup (access_token);
+
+ g_mutex_unlock (&bearer->priv->property_lock);
+
+ now_authenticated = soup_auth_is_authenticated (SOUP_AUTH (bearer));
+
+ if (was_authenticated != now_authenticated)
+ g_object_notify (
+ G_OBJECT (bearer),
+ SOUP_AUTH_IS_AUTHENTICATED);
+}
+
+/*
+end of Yandex ouath
+*/
+
+
static void
g_vfs_backend_dav_finalize (GObject *object)
{
@@ -1488,6 +1687,7 @@ soup_authenticate_interactive (SoupSession *session,
char *new_username;
char *new_password;
char *prompt;
+ GType auth_type_oauth;
g_debug ("+ soup_authenticate_interactive (%s) \n",
retrying ? "retrying" : "first auth");
@@ -1555,7 +1755,13 @@ soup_authenticate_interactive (SoupSession *session,
if (retrying == FALSE && have_auth)
{
- soup_auth_authenticate (auth, info->username, info->password);
+ auth_type_oauth = G_OBJECT_TYPE (auth);
+ if (auth_type_oauth == E_TYPE_SOUP_AUTH_BEARER){
+ ESoupAuthBearer *soup_auth_oauth = (ESoupAuthBearer *)auth;
+ e_soup_auth_bearer_set_access_token (soup_auth_oauth, info->password);
+ } else {
+ soup_auth_authenticate (auth, info->username, info->password);
+ }
return;
}
@@ -1591,7 +1797,13 @@ soup_authenticate_interactive (SoupSession *session,
if (new_username == NULL)
new_username = g_strdup (info->username);
- soup_auth_authenticate (auth, new_username, new_password);
+ auth_type_oauth = G_OBJECT_TYPE (auth);
+ if (auth_type_oauth == E_TYPE_SOUP_AUTH_BEARER){
+ ESoupAuthBearer *soup_auth_oauth = (ESoupAuthBearer *)auth;
+ e_soup_auth_bearer_set_access_token (soup_auth_oauth, new_password);
+ } else {
+ soup_auth_authenticate (auth, new_username, new_password);
+ }
g_free (info->username);
g_free (info->password);
@@ -1820,6 +2032,7 @@ do_mount (GVfsBackend *backend,
char *last_good_path;
const char *host;
const char *type;
+ SoupAuth *soup_auth_oauth;
g_debug ("+ mount\n");
@@ -1876,6 +2089,31 @@ do_mount (GVfsBackend *backend,
data->server_auth.pw_save = G_PASSWORD_SAVE_NEVER;
data->proxy_auth.pw_save = G_PASSWORD_SAVE_NEVER;
+ if (!g_strcmp0("webdav.yandex.ru",mount_base->host)){
+ SoupAuthManager *auth_manager;
+ GType auth_type_outh;
+ soup_auth_oauth = g_object_new (
+ E_TYPE_SOUP_AUTH_BEARER,
+ SOUP_AUTH_HOST, mount_base->host, NULL);
+ SoupSessionFeature *feature;
+ feature = soup_session_get_feature (session, SOUP_TYPE_AUTH_MANAGER);
+ auth_type_outh = G_OBJECT_TYPE (soup_auth_oauth);
+
+ if (soup_session_feature_has_feature (feature, SOUP_TYPE_AUTH_BASIC)){
+ soup_session_feature_remove_feature(feature, SOUP_TYPE_AUTH_BASIC);
+ }
+
+ if (!soup_session_feature_has_feature (feature, auth_type_outh)) {
+ soup_session_feature_add_feature (feature, auth_type_outh);
+ }
+
+ auth_manager = SOUP_AUTH_MANAGER (feature);
+
+ soup_auth_manager_clear_cached_credentials (auth_manager);
+ soup_auth_manager_use_auth (auth_manager, mount_base, soup_auth_oauth);
+ g_object_unref(soup_auth_oauth);
+ }
+
signal_id = g_signal_connect (session, "authenticate",
G_CALLBACK (soup_authenticate_interactive),
data);
--
2.39.3

@ -0,0 +1,127 @@
From 5cd76d627f4d1982b6e77a0e271ef9301732d09e Mon Sep 17 00:00:00 2001
From: Ondrej Holy <oholy@redhat.com>
Date: Thu, 23 May 2019 10:24:36 +0200
Subject: [PATCH] admin: Add query_info_on_read/write functionality
Admin backend doesn't implement query_info_on_read/write which might
potentially lead to some race conditions which aren't really wanted
especially in case of admin backend. Let's add this missing functionality.
---
daemon/gvfsbackendadmin.c | 79 +++++++++++++++++++++++++++++++++------
1 file changed, 67 insertions(+), 12 deletions(-)
diff --git a/daemon/gvfsbackendadmin.c b/daemon/gvfsbackendadmin.c
index 65a979e7..23d16f16 100644
--- a/daemon/gvfsbackendadmin.c
+++ b/daemon/gvfsbackendadmin.c
@@ -42,6 +42,8 @@
#include "gvfsjobopenforwrite.h"
#include "gvfsjobqueryattributes.h"
#include "gvfsjobqueryinfo.h"
+#include "gvfsjobqueryinforead.h"
+#include "gvfsjobqueryinfowrite.h"
#include "gvfsjobread.h"
#include "gvfsjobseekread.h"
#include "gvfsjobseekwrite.h"
@@ -155,6 +157,19 @@ complete_job (GVfsJob *job,
g_vfs_job_succeeded (job);
}
+static void
+fix_file_info (GFileInfo *info)
+{
+ /* Override read/write flags, since the above call will use access()
+ * to determine permissions, which does not honor our privileged
+ * capabilities.
+ */
+ g_file_info_set_attribute_boolean (info, G_FILE_ATTRIBUTE_ACCESS_CAN_READ, TRUE);
+ g_file_info_set_attribute_boolean (info, G_FILE_ATTRIBUTE_ACCESS_CAN_WRITE, TRUE);
+ g_file_info_set_attribute_boolean (info, G_FILE_ATTRIBUTE_ACCESS_CAN_DELETE, TRUE);
+ g_file_info_set_attribute_boolean (info, G_FILE_ATTRIBUTE_ACCESS_CAN_RENAME, TRUE);
+}
+
static void
do_query_info (GVfsBackend *backend,
GVfsJobQueryInfo *query_info_job,
@@ -180,19 +195,57 @@ do_query_info (GVfsBackend *backend,
if (error != NULL)
goto out;
- /* Override read/write flags, since the above call will use access()
- * to determine permissions, which does not honor our privileged
- * capabilities.
- */
- g_file_info_set_attribute_boolean (real_info,
- G_FILE_ATTRIBUTE_ACCESS_CAN_READ, TRUE);
- g_file_info_set_attribute_boolean (real_info,
- G_FILE_ATTRIBUTE_ACCESS_CAN_WRITE, TRUE);
- g_file_info_set_attribute_boolean (real_info,
- G_FILE_ATTRIBUTE_ACCESS_CAN_DELETE, TRUE);
- g_file_info_set_attribute_boolean (real_info,
- G_FILE_ATTRIBUTE_ACCESS_CAN_RENAME, TRUE);
+ fix_file_info (real_info);
+ g_file_info_copy_into (real_info, info);
+ g_object_unref (real_info);
+
+ out:
+ complete_job (job, error);
+}
+
+static void
+do_query_info_on_read (GVfsBackend *backend,
+ GVfsJobQueryInfoRead *query_info_job,
+ GVfsBackendHandle handle,
+ GFileInfo *info,
+ GFileAttributeMatcher *matcher)
+{
+ GVfsJob *job = G_VFS_JOB (query_info_job);
+ GFileInputStream *stream = handle;
+ GError *error = NULL;
+ GFileInfo *real_info;
+
+ real_info = g_file_input_stream_query_info (stream, query_info_job->attributes,
+ job->cancellable, &error);
+ if (error != NULL)
+ goto out;
+
+ fix_file_info (real_info);
+ g_file_info_copy_into (real_info, info);
+ g_object_unref (real_info);
+
+ out:
+ complete_job (job, error);
+}
+
+static void
+do_query_info_on_write (GVfsBackend *backend,
+ GVfsJobQueryInfoWrite *query_info_job,
+ GVfsBackendHandle handle,
+ GFileInfo *info,
+ GFileAttributeMatcher *matcher)
+{
+ GVfsJob *job = G_VFS_JOB (query_info_job);
+ GFileOutputStream *stream = handle;
+ GError *error = NULL;
+ GFileInfo *real_info;
+
+ real_info = g_file_output_stream_query_info (stream, query_info_job->attributes,
+ job->cancellable, &error);
+ if (error != NULL)
+ goto out;
+ fix_file_info (real_info);
g_file_info_copy_into (real_info, info);
g_object_unref (real_info);
@@ -868,6 +921,8 @@ g_vfs_backend_admin_class_init (GVfsBackendAdminClass * klass)
backend_class->mount = do_mount;
backend_class->open_for_read = do_open_for_read;
backend_class->query_info = do_query_info;
+ backend_class->query_info_on_read = do_query_info_on_read;
+ backend_class->query_info_on_write = do_query_info_on_write;
backend_class->read = do_read;
backend_class->create = do_create;
backend_class->append_to = do_append_to;
--
2.23.0

@ -0,0 +1,80 @@
From d5dfd823c94045488aef8727c553f1e0f7666b90 Mon Sep 17 00:00:00 2001
From: Ondrej Holy <oholy@redhat.com>
Date: Fri, 24 May 2019 09:43:43 +0200
Subject: [PATCH] admin: Ensure correct ownership when moving to file:// uri
User and group is not restored properly when moving (or copying with
G_FILE_COPY_ALL_METADATA) from admin:// to file://, because it is handled
by GIO fallback code, which doesn't run with root permissions. Let's
handle this case with pull method to ensure correct ownership.
---
daemon/gvfsbackendadmin.c | 46 +++++++++++++++++++++++++++++++++++++++
1 file changed, 46 insertions(+)
diff --git a/daemon/gvfsbackendadmin.c b/daemon/gvfsbackendadmin.c
index 32b51b1a..9a7e8295 100644
--- a/daemon/gvfsbackendadmin.c
+++ b/daemon/gvfsbackendadmin.c
@@ -807,6 +807,51 @@ do_move (GVfsBackend *backend,
complete_job (job, error);
}
+static void
+do_pull (GVfsBackend *backend,
+ GVfsJobPull *pull_job,
+ const char *source,
+ const char *local_path,
+ GFileCopyFlags flags,
+ gboolean remove_source,
+ GFileProgressCallback progress_callback,
+ gpointer progress_callback_data)
+{
+ GVfsBackendAdmin *self = G_VFS_BACKEND_ADMIN (backend);
+ GVfsJob *job = G_VFS_JOB (pull_job);
+ GError *error = NULL;
+ GFile *src_file, *dst_file;
+
+ /* Pull method is necessary when user/group needs to be restored, return
+ * G_IO_ERROR_NOT_SUPPORTED in other cases to proceed with the fallback code.
+ */
+ if (!(flags & G_FILE_COPY_ALL_METADATA))
+ {
+ g_vfs_job_failed_literal (G_VFS_JOB (job), G_IO_ERROR,
+ G_IO_ERROR_NOT_SUPPORTED,
+ _("Operation not supported"));
+ return;
+ }
+
+ if (!check_permission (self, job))
+ return;
+
+ src_file = g_file_new_for_path (source);
+ dst_file = g_file_new_for_path (local_path);
+
+ if (remove_source)
+ g_file_move (src_file, dst_file, flags, job->cancellable,
+ progress_callback, progress_callback_data, &error);
+ else
+ g_file_copy (src_file, dst_file, flags, job->cancellable,
+ progress_callback, progress_callback_data, &error);
+
+ g_object_unref (src_file);
+ g_object_unref (dst_file);
+
+ complete_job (job, error);
+}
+
static void
do_query_settable_attributes (GVfsBackend *backend,
GVfsJobQueryAttributes *query_job,
@@ -927,6 +972,7 @@ g_vfs_backend_admin_class_init (GVfsBackendAdminClass * klass)
backend_class->set_attribute = do_set_attribute;
backend_class->delete = do_delete;
backend_class->move = do_move;
+ backend_class->pull = do_pull;
backend_class->query_settable_attributes = do_query_settable_attributes;
backend_class->query_writable_namespaces = do_query_writable_namespaces;
}
--
2.23.0

@ -0,0 +1,42 @@
From d8d0c8c40049cfd824b2b90d0cd47914052b9811 Mon Sep 17 00:00:00 2001
From: Ondrej Holy <oholy@redhat.com>
Date: Wed, 2 Jan 2019 17:13:27 +0100
Subject: [PATCH] admin: Prevent access if any authentication agent isn't
available
The backend currently allows to access and modify files without prompting
for password if any polkit authentication agent isn't available. This seems
isn't usually problem, because polkit agents are integral parts of
graphical environments / linux distributions. The agents can't be simply
disabled without root permissions and are automatically respawned. However,
this might be a problem in some non-standard cases.
This affects only users which belong to wheel group (i.e. those who are
already allowed to use sudo). It doesn't allow privilege escalation for
users, who don't belong to that group.
Let's return permission denied error also when the subject can't be
authorized by any polkit agent to prevent this behavior.
Closes: https://gitlab.gnome.org/GNOME/gvfs/issues/355
---
daemon/gvfsbackendadmin.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/daemon/gvfsbackendadmin.c b/daemon/gvfsbackendadmin.c
index ec0f2392..0f849008 100644
--- a/daemon/gvfsbackendadmin.c
+++ b/daemon/gvfsbackendadmin.c
@@ -130,8 +130,7 @@ check_permission (GVfsBackendAdmin *self,
return FALSE;
}
- is_authorized = polkit_authorization_result_get_is_authorized (result) ||
- polkit_authorization_result_get_is_challenge (result);
+ is_authorized = polkit_authorization_result_get_is_authorized (result);
g_object_unref (result);
--
2.20.1

@ -0,0 +1,87 @@
From d7d362995aa0cb8905c8d5c2a2a4c305d2ffff80 Mon Sep 17 00:00:00 2001
From: Ondrej Holy <oholy@redhat.com>
Date: Thu, 23 May 2019 10:33:30 +0200
Subject: [PATCH] admin: Use fsuid to ensure correct file ownership
Files created over admin backend should be owned by root, but they are
owned by the user itself. This is because the daemon drops the uid to
make dbus connection work. Use fsuid and euid to fix this issue.
Closes: https://gitlab.gnome.org/GNOME/gvfs/issues/21
---
daemon/gvfsbackendadmin.c | 29 +++++++----------------------
1 file changed, 7 insertions(+), 22 deletions(-)
diff --git a/daemon/gvfsbackendadmin.c b/daemon/gvfsbackendadmin.c
index a74d09cf..32b51b1a 100644
--- a/daemon/gvfsbackendadmin.c
+++ b/daemon/gvfsbackendadmin.c
@@ -157,19 +157,6 @@ complete_job (GVfsJob *job,
g_vfs_job_succeeded (job);
}
-static void
-fix_file_info (GFileInfo *info)
-{
- /* Override read/write flags, since the above call will use access()
- * to determine permissions, which does not honor our privileged
- * capabilities.
- */
- g_file_info_set_attribute_boolean (info, G_FILE_ATTRIBUTE_ACCESS_CAN_READ, TRUE);
- g_file_info_set_attribute_boolean (info, G_FILE_ATTRIBUTE_ACCESS_CAN_WRITE, TRUE);
- g_file_info_set_attribute_boolean (info, G_FILE_ATTRIBUTE_ACCESS_CAN_DELETE, TRUE);
- g_file_info_set_attribute_boolean (info, G_FILE_ATTRIBUTE_ACCESS_CAN_RENAME, TRUE);
-}
-
static void
do_query_info (GVfsBackend *backend,
GVfsJobQueryInfo *query_info_job,
@@ -195,7 +182,6 @@ do_query_info (GVfsBackend *backend,
if (error != NULL)
goto out;
- fix_file_info (real_info);
g_file_info_copy_into (real_info, info);
g_object_unref (real_info);
@@ -220,7 +206,6 @@ do_query_info_on_read (GVfsBackend *backend,
if (error != NULL)
goto out;
- fix_file_info (real_info);
g_file_info_copy_into (real_info, info);
g_object_unref (real_info);
@@ -245,7 +230,6 @@ do_query_info_on_write (GVfsBackend *backend,
if (error != NULL)
goto out;
- fix_file_info (real_info);
g_file_info_copy_into (real_info, info);
g_object_unref (real_info);
@@ -977,14 +961,15 @@ acquire_caps (uid_t uid)
struct __user_cap_header_struct hdr;
struct __user_cap_data_struct data;
- /* Tell kernel not clear capabilities when dropping root */
- if (prctl (PR_SET_KEEPCAPS, 1, 0, 0, 0) < 0)
- g_error ("prctl(PR_SET_KEEPCAPS) failed");
-
- /* Drop root uid, but retain the required permitted caps */
- if (setuid (uid) < 0)
+ /* Set euid to user to make dbus work */
+ if (seteuid (uid) < 0)
g_error ("unable to drop privs");
+ /* Set fsuid to still behave like root when working with files */
+ setfsuid (0);
+ if (setfsuid (-1) != 0)
+ g_error ("setfsuid failed");
+
memset (&hdr, 0, sizeof(hdr));
hdr.version = _LINUX_CAPABILITY_VERSION;
--
2.23.0

@ -0,0 +1,385 @@
From af4d0d88604af7c196e461a743f2d1e81239d76a Mon Sep 17 00:00:00 2001
From: Ondrej Holy <oholy@redhat.com>
Date: Tue, 14 May 2019 09:31:37 +0200
Subject: [PATCH 2/3] daemon: Handle lockdown option to disable writing
Handle the new mount-removable-storage-devices-as-read-only option of
org.gnome.desktop.lockdown schema and present AFC, MTP, GPhoto2 devices
as read-only if enabled.
---
daemon/gvfsbackend.c | 62 ++++++++++++++++++++++++++++++++--
daemon/gvfsbackend.h | 6 ++++
daemon/gvfsbackendafc.c | 2 ++
daemon/gvfsbackendgphoto2.c | 1 +
daemon/gvfsbackendmtp.c | 1 +
daemon/gvfsjobcopy.c | 7 ++++
daemon/gvfsjobdelete.c | 7 ++++
daemon/gvfsjobmakedirectory.c | 7 ++++
daemon/gvfsjobmakesymlink.c | 7 ++++
daemon/gvfsjobmove.c | 7 ++++
daemon/gvfsjobopenforwrite.c | 7 ++++
daemon/gvfsjobpush.c | 7 ++++
daemon/gvfsjobqueryfsinfo.c | 11 ++----
daemon/gvfsjobsetattribute.c | 7 ++++
daemon/gvfsjobsetdisplayname.c | 7 ++++
daemon/gvfsjobtrash.c | 7 ++++
16 files changed, 143 insertions(+), 10 deletions(-)
diff --git a/daemon/gvfsbackend.c b/daemon/gvfsbackend.c
index 4fd3455c..599733ef 100644
--- a/daemon/gvfsbackend.c
+++ b/daemon/gvfsbackend.c
@@ -80,6 +80,9 @@ struct _GVfsBackendPrivate
char *default_location;
GMountSpec *mount_spec;
gboolean block_requests;
+
+ GSettings *lockdown_settings;
+ gboolean readonly_lockdown;
};
@@ -155,7 +158,9 @@ g_vfs_backend_finalize (GObject *object)
g_free (backend->priv->default_location);
if (backend->priv->mount_spec)
g_mount_spec_unref (backend->priv->mount_spec);
-
+
+ g_clear_object (&backend->priv->lockdown_settings);
+
if (G_OBJECT_CLASS (g_vfs_backend_parent_class)->finalize)
(*G_OBJECT_CLASS (g_vfs_backend_parent_class)->finalize) (object);
}
@@ -587,7 +592,29 @@ g_vfs_backend_add_auto_info (GVfsBackend *backend,
g_file_attribute_matcher_matches (matcher,
G_FILE_ATTRIBUTE_THUMBNAILING_FAILED)))
get_thumbnail_attributes (uri, info);
-
+
+ if (backend->priv->readonly_lockdown)
+ {
+ g_file_info_set_attribute_boolean (info, G_FILE_ATTRIBUTE_ACCESS_CAN_DELETE, FALSE);
+ g_file_info_set_attribute_boolean (info, G_FILE_ATTRIBUTE_ACCESS_CAN_RENAME, FALSE);
+ g_file_info_set_attribute_boolean (info, G_FILE_ATTRIBUTE_ACCESS_CAN_TRASH, FALSE);
+ g_file_info_set_attribute_boolean (info, G_FILE_ATTRIBUTE_ACCESS_CAN_WRITE, FALSE);
+ }
+}
+
+void
+g_vfs_backend_add_auto_fs_info (GVfsBackend *backend,
+ GFileAttributeMatcher *matcher,
+ GFileInfo *info)
+{
+ const char *type;
+
+ type = g_vfs_backend_get_backend_type (backend);
+ if (type)
+ g_file_info_set_attribute_string (info, G_FILE_ATTRIBUTE_GVFS_BACKEND, type);
+
+ if (backend->priv->readonly_lockdown)
+ g_file_info_set_attribute_boolean (info, G_FILE_ATTRIBUTE_FILESYSTEM_READONLY, TRUE);
}
void
@@ -1047,3 +1074,34 @@ g_vfs_backend_force_unmount (GVfsBackend *backend)
(GAsyncReadyCallback) forced_unregister_mount_callback,
NULL);
}
+
+static void
+lockdown_settings_changed (GSettings *settings,
+ gchar *key,
+ gpointer user_data)
+{
+ GVfsBackend *backend = G_VFS_BACKEND (user_data);
+
+ backend->priv->readonly_lockdown = g_settings_get_boolean (settings,
+ "mount-removable-storage-devices-as-read-only");
+}
+
+
+void
+g_vfs_backend_handle_readonly_lockdown (GVfsBackend *backend)
+{
+ backend->priv->lockdown_settings = g_settings_new ("org.gnome.desktop.lockdown");
+ backend->priv->readonly_lockdown = g_settings_get_boolean (backend->priv->lockdown_settings,
+ "mount-removable-storage-devices-as-read-only");
+ g_signal_connect_object (backend->priv->lockdown_settings,
+ "changed",
+ G_CALLBACK (lockdown_settings_changed),
+ backend,
+ 0);
+}
+
+gboolean
+g_vfs_backend_get_readonly_lockdown (GVfsBackend *backend)
+{
+ return backend->priv->readonly_lockdown;
+}
diff --git a/daemon/gvfsbackend.h b/daemon/gvfsbackend.h
index 9c7476cf..431dd290 100644
--- a/daemon/gvfsbackend.h
+++ b/daemon/gvfsbackend.h
@@ -516,6 +516,9 @@ void g_vfs_backend_add_auto_info (GVfsBackend
GFileAttributeMatcher *matcher,
GFileInfo *info,
const char *uri);
+void g_vfs_backend_add_auto_fs_info (GVfsBackend *backend,
+ GFileAttributeMatcher *matcher,
+ GFileInfo *info);
void g_vfs_backend_set_block_requests (GVfsBackend *backend,
gboolean value);
@@ -534,6 +537,9 @@ gboolean g_vfs_backend_invocation_first_handler (GVfsDBusMount *object,
GDBusMethodInvocation *invocation,
GVfsBackend *backend);
+void g_vfs_backend_handle_readonly_lockdown (GVfsBackend *backend);
+gboolean g_vfs_backend_get_readonly_lockdown (GVfsBackend *backend);
+
G_END_DECLS
#endif /* __G_VFS_BACKEND_H__ */
diff --git a/daemon/gvfsbackendafc.c b/daemon/gvfsbackendafc.c
index b6e6a106..ce68aa45 100644
--- a/daemon/gvfsbackendafc.c
+++ b/daemon/gvfsbackendafc.c
@@ -2760,6 +2760,8 @@ g_vfs_backend_afc_init (GVfsBackendAfc *self)
}
g_mutex_init (&self->apps_lock);
+
+ g_vfs_backend_handle_readonly_lockdown (G_VFS_BACKEND (self));
}
static void
diff --git a/daemon/gvfsbackendgphoto2.c b/daemon/gvfsbackendgphoto2.c
index 51e9a3bd..7e50194a 100644
--- a/daemon/gvfsbackendgphoto2.c
+++ b/daemon/gvfsbackendgphoto2.c
@@ -614,6 +614,7 @@ g_vfs_backend_gphoto2_init (GVfsBackendGphoto2 *gphoto2_backend)
g_mutex_init (&gphoto2_backend->lock);
g_vfs_backend_set_display_name (backend, "gphoto2");
+ g_vfs_backend_handle_readonly_lockdown (G_VFS_BACKEND (backend));
mount_spec = g_mount_spec_new ("gphoto2");
g_vfs_backend_set_mount_spec (backend, mount_spec);
diff --git a/daemon/gvfsbackendmtp.c b/daemon/gvfsbackendmtp.c
index e3a25ef2..c4f1e855 100644
--- a/daemon/gvfsbackendmtp.c
+++ b/daemon/gvfsbackendmtp.c
@@ -379,6 +379,7 @@ g_vfs_backend_mtp_init (GVfsBackendMtp *backend)
g_mutex_init (&backend->mutex);
g_vfs_backend_set_display_name (G_VFS_BACKEND (backend), "mtp");
g_vfs_backend_set_icon_name (G_VFS_BACKEND (backend), "multimedia-player");
+ g_vfs_backend_handle_readonly_lockdown (G_VFS_BACKEND (backend));
mount_spec = g_mount_spec_new ("mtp");
g_vfs_backend_set_mount_spec (G_VFS_BACKEND (backend), mount_spec);
diff --git a/daemon/gvfsjobcopy.c b/daemon/gvfsjobcopy.c
index 785d7480..cf33da56 100644
--- a/daemon/gvfsjobcopy.c
+++ b/daemon/gvfsjobcopy.c
@@ -141,6 +141,13 @@ try (GVfsJob *job)
GVfsBackendClass *class = G_VFS_BACKEND_GET_CLASS (op_job->backend);
gboolean res;
+ if (g_vfs_backend_get_readonly_lockdown (op_job->backend))
+ {
+ g_vfs_job_failed (job, G_IO_ERROR, G_IO_ERROR_PERMISSION_DENIED,
+ _("Filesystem is read-only"));
+ return TRUE;
+ }
+
if (class->try_copy == NULL)
return FALSE;
diff --git a/daemon/gvfsjobdelete.c b/daemon/gvfsjobdelete.c
index 92892f15..8d5e5b8e 100644
--- a/daemon/gvfsjobdelete.c
+++ b/daemon/gvfsjobdelete.c
@@ -120,6 +120,13 @@ try (GVfsJob *job)
GVfsJobDelete *op_job = G_VFS_JOB_DELETE (job);
GVfsBackendClass *class = G_VFS_BACKEND_GET_CLASS (op_job->backend);
+ if (g_vfs_backend_get_readonly_lockdown (op_job->backend))
+ {
+ g_vfs_job_failed (job, G_IO_ERROR, G_IO_ERROR_PERMISSION_DENIED,
+ _("Filesystem is read-only"));
+ return TRUE;
+ }
+
if (class->try_delete == NULL)
return FALSE;
diff --git a/daemon/gvfsjobmakedirectory.c b/daemon/gvfsjobmakedirectory.c
index 98bb28d5..56a9c42a 100644
--- a/daemon/gvfsjobmakedirectory.c
+++ b/daemon/gvfsjobmakedirectory.c
@@ -120,6 +120,13 @@ try (GVfsJob *job)
GVfsJobMakeDirectory *op_job = G_VFS_JOB_MAKE_DIRECTORY (job);
GVfsBackendClass *class = G_VFS_BACKEND_GET_CLASS (op_job->backend);
+ if (g_vfs_backend_get_readonly_lockdown (op_job->backend))
+ {
+ g_vfs_job_failed (job, G_IO_ERROR, G_IO_ERROR_PERMISSION_DENIED,
+ _("Filesystem is read-only"));
+ return TRUE;
+ }
+
if (class->try_make_directory == NULL)
return FALSE;
diff --git a/daemon/gvfsjobmakesymlink.c b/daemon/gvfsjobmakesymlink.c
index 2c55e26b..2684b6fd 100644
--- a/daemon/gvfsjobmakesymlink.c
+++ b/daemon/gvfsjobmakesymlink.c
@@ -124,6 +124,13 @@ try (GVfsJob *job)
GVfsJobMakeSymlink *op_job = G_VFS_JOB_MAKE_SYMLINK (job);
GVfsBackendClass *class = G_VFS_BACKEND_GET_CLASS (op_job->backend);
+ if (g_vfs_backend_get_readonly_lockdown (op_job->backend))
+ {
+ g_vfs_job_failed (job, G_IO_ERROR, G_IO_ERROR_PERMISSION_DENIED,
+ _("Filesystem is read-only"));
+ return TRUE;
+ }
+
if (class->try_make_symlink == NULL)
return FALSE;
diff --git a/daemon/gvfsjobmove.c b/daemon/gvfsjobmove.c
index cc4ad220..5903d17a 100644
--- a/daemon/gvfsjobmove.c
+++ b/daemon/gvfsjobmove.c
@@ -141,6 +141,13 @@ try (GVfsJob *job)
GVfsBackendClass *class = G_VFS_BACKEND_GET_CLASS (op_job->backend);
gboolean res;
+ if (g_vfs_backend_get_readonly_lockdown (op_job->backend))
+ {
+ g_vfs_job_failed (job, G_IO_ERROR, G_IO_ERROR_PERMISSION_DENIED,
+ _("Filesystem is read-only"));
+ return TRUE;
+ }
+
if (class->try_move == NULL)
return FALSE;
diff --git a/daemon/gvfsjobopenforwrite.c b/daemon/gvfsjobopenforwrite.c
index 68eae532..60ce64f9 100644
--- a/daemon/gvfsjobopenforwrite.c
+++ b/daemon/gvfsjobopenforwrite.c
@@ -230,6 +230,13 @@ try (GVfsJob *job)
GVfsJobOpenForWrite *op_job = G_VFS_JOB_OPEN_FOR_WRITE (job);
GVfsBackendClass *class = G_VFS_BACKEND_GET_CLASS (op_job->backend);
+ if (g_vfs_backend_get_readonly_lockdown (op_job->backend))
+ {
+ g_vfs_job_failed (job, G_IO_ERROR, G_IO_ERROR_PERMISSION_DENIED,
+ _("Filesystem is read-only"));
+ return TRUE;
+ }
+
if (op_job->mode == OPEN_FOR_WRITE_CREATE)
{
if (class->try_create == NULL)
diff --git a/daemon/gvfsjobpush.c b/daemon/gvfsjobpush.c
index d7e48d86..a8df73a8 100644
--- a/daemon/gvfsjobpush.c
+++ b/daemon/gvfsjobpush.c
@@ -146,6 +146,13 @@ try (GVfsJob *job)
GVfsBackendClass *class = G_VFS_BACKEND_GET_CLASS (op_job->backend);
gboolean res;
+ if (g_vfs_backend_get_readonly_lockdown (op_job->backend))
+ {
+ g_vfs_job_failed (job, G_IO_ERROR, G_IO_ERROR_PERMISSION_DENIED,
+ _("Filesystem is read-only"));
+ return TRUE;
+ }
+
if (class->try_push == NULL)
return FALSE;
diff --git a/daemon/gvfsjobqueryfsinfo.c b/daemon/gvfsjobqueryfsinfo.c
index 898052ea..3363311a 100644
--- a/daemon/gvfsjobqueryfsinfo.c
+++ b/daemon/gvfsjobqueryfsinfo.c
@@ -147,15 +147,10 @@ create_reply (GVfsJob *job,
GDBusMethodInvocation *invocation)
{
GVfsJobQueryFsInfo *op_job = G_VFS_JOB_QUERY_FS_INFO (job);
- const char *type;
-
- type = g_vfs_backend_get_backend_type (op_job->backend);
-
- if (type)
- g_file_info_set_attribute_string (op_job->file_info,
- G_FILE_ATTRIBUTE_GVFS_BACKEND,
- type);
+ g_vfs_backend_add_auto_fs_info (op_job->backend,
+ op_job->attribute_matcher,
+ op_job->file_info);
g_file_info_set_attribute_mask (op_job->file_info,
op_job->attribute_matcher);
diff --git a/daemon/gvfsjobsetattribute.c b/daemon/gvfsjobsetattribute.c
index 1efe7c94..ac7618a4 100644
--- a/daemon/gvfsjobsetattribute.c
+++ b/daemon/gvfsjobsetattribute.c
@@ -146,6 +146,13 @@ try (GVfsJob *job)
GVfsJobSetAttribute *op_job = G_VFS_JOB_SET_ATTRIBUTE (job);
GVfsBackendClass *class = G_VFS_BACKEND_GET_CLASS (op_job->backend);
+ if (g_vfs_backend_get_readonly_lockdown (op_job->backend))
+ {
+ g_vfs_job_failed (job, G_IO_ERROR, G_IO_ERROR_PERMISSION_DENIED,
+ _("Filesystem is read-only"));
+ return TRUE;
+ }
+
if (class->try_set_attribute == NULL)
return FALSE;
diff --git a/daemon/gvfsjobsetdisplayname.c b/daemon/gvfsjobsetdisplayname.c
index badb10dd..e12ae879 100644
--- a/daemon/gvfsjobsetdisplayname.c
+++ b/daemon/gvfsjobsetdisplayname.c
@@ -124,6 +124,13 @@ try (GVfsJob *job)
GVfsJobSetDisplayName *op_job = G_VFS_JOB_SET_DISPLAY_NAME (job);
GVfsBackendClass *class = G_VFS_BACKEND_GET_CLASS (op_job->backend);
+ if (g_vfs_backend_get_readonly_lockdown (op_job->backend))
+ {
+ g_vfs_job_failed (job, G_IO_ERROR, G_IO_ERROR_PERMISSION_DENIED,
+ _("Filesystem is read-only"));
+ return TRUE;
+ }
+
if (class->try_set_display_name == NULL)
return FALSE;
diff --git a/daemon/gvfsjobtrash.c b/daemon/gvfsjobtrash.c
index 1738f8a2..5234ebf8 100644
--- a/daemon/gvfsjobtrash.c
+++ b/daemon/gvfsjobtrash.c
@@ -119,6 +119,13 @@ try (GVfsJob *job)
GVfsJobTrash *op_job = G_VFS_JOB_TRASH (job);
GVfsBackendClass *class = G_VFS_BACKEND_GET_CLASS (op_job->backend);
+ if (g_vfs_backend_get_readonly_lockdown (op_job->backend))
+ {
+ g_vfs_job_failed (job, G_IO_ERROR, G_IO_ERROR_PERMISSION_DENIED,
+ _("Filesystem is read-only"));
+ return TRUE;
+ }
+
if (class->try_trash == NULL)
return FALSE;
--
2.21.0

@ -0,0 +1,99 @@
From 396216f71abf6907efd1383ca0d1a597918cd83d Mon Sep 17 00:00:00 2001
From: Ondrej Holy <oholy@redhat.com>
Date: Thu, 11 Oct 2018 17:47:59 +0200
Subject: [PATCH] daemon: Prevent spawning new daemons if outgoing operation
exists
A new daemon is always spawned if MountLocation method (or LookupMount for
automounted) is called and the respective mount isn't registered yet. This
is not usually an issue, because the redundant daemons are consequently
terminated. However, this is a problem if mount operations hang for some reason.
This may happen e.g. with trash backend due to stale NFS mounts. Consequently,
new and new daemons are spawned which may lead to system failures due to lack
of system resources. See the following downstream bug report:
https://bugzilla.redhat.com/show_bug.cgi?id=1632960
Let's fix that behavior simply by preventing spawning of new daemons if
respective outgoing mount operations exist.
https://gitlab.gnome.org/GNOME/gvfs/merge_requests/19
---
daemon/mount.c | 26 ++++++++++++++++++++++++++
1 file changed, 26 insertions(+)
diff --git a/daemon/mount.c b/daemon/mount.c
index e242666d..33cae597 100644
--- a/daemon/mount.c
+++ b/daemon/mount.c
@@ -73,6 +73,7 @@ typedef void (*MountCallback) (VfsMountable *mountable,
static GList *mountables = NULL;
static GList *mounts = NULL;
+static GList *ongoing = NULL;
static gboolean fuse_available;
@@ -253,6 +254,7 @@ typedef struct {
char *obj_path;
gboolean spawned;
GVfsDBusSpawner *spawner;
+ GList *pending; /* MountData */
} MountData;
static void spawn_mount (MountData *data);
@@ -264,6 +266,7 @@ mount_data_free (MountData *data)
g_mount_spec_unref (data->mount_spec);
g_free (data->obj_path);
g_clear_object (&data->spawner);
+ g_list_free_full (data->pending, (GDestroyNotify) mount_data_free);
g_free (data);
}
@@ -271,7 +274,17 @@ mount_data_free (MountData *data)
static void
mount_finish (MountData *data, GError *error)
{
+ GList *l;
+
+ ongoing = g_list_remove (ongoing, data);
+
data->callback (data->mountable, error, data->user_data);
+ for (l = data->pending; l != NULL; l = l->next)
+ {
+ MountData *pending_data = l->data;
+ pending_data->callback (pending_data->mountable, error, pending_data->user_data);
+ }
+
mount_data_free (data);
}
@@ -493,6 +506,7 @@ mountable_mount (VfsMountable *mountable,
gpointer user_data)
{
MountData *data;
+ GList *l;
data = g_new0 (MountData, 1);
data->automount = automount;
@@ -502,6 +516,18 @@ mountable_mount (VfsMountable *mountable,
data->callback = callback;
data->user_data = user_data;
+ for (l = ongoing; l != NULL; l = l->next)
+ {
+ MountData *ongoing_data = l->data;
+ if (g_mount_spec_equal (ongoing_data->mount_spec, mount_spec))
+ {
+ ongoing_data->pending = g_list_append (ongoing_data->pending, data);
+ return;
+ }
+ }
+
+ ongoing = g_list_append (ongoing, data);
+
if (mountable->dbus_name == NULL)
spawn_mount (data);
else
--
2.20.1

@ -0,0 +1,164 @@
From bbc95d6716ac491489f059c68a6dd258e38aee79 Mon Sep 17 00:00:00 2001
From: Ondrej Holy <oholy@redhat.com>
Date: Mon, 25 Nov 2019 16:53:31 +0100
Subject: [PATCH] goa: Add support for certificate prompts
Since commit f5ee590e, it is not possible to access Nextcloud/ownCloud
shares with self-signed (or invalid) certificates. This is because
the mount operation is handled by GOA volume monitor and the prompt
to accept certificate is not shown. Let's update the volume monitor
to handle just passwords and show the prompt to the client.
Fixes: https://gitlab.gnome.org/GNOME/gvfs/issues/251
---
monitor/goa/goavolume.c | 98 ++++++++++++++++++++++++++++++++++++++++-
1 file changed, 96 insertions(+), 2 deletions(-)
diff --git a/monitor/goa/goavolume.c b/monitor/goa/goavolume.c
index c077dd94..5e9097c6 100644
--- a/monitor/goa/goavolume.c
+++ b/monitor/goa/goavolume.c
@@ -64,6 +64,7 @@ G_DEFINE_TYPE_EXTENDED (GVfsGoaVolume, g_vfs_goa_volume, G_TYPE_OBJECT, 0,
typedef struct
{
GMountOperation *mount_operation;
+ GMountOperation *mount_operation_orig;
gchar *passwd;
} MountOp;
@@ -72,6 +73,13 @@ mount_op_free (MountOp *data)
{
g_clear_object (&data->mount_operation);
g_free (data->passwd);
+
+ if (data->mount_operation_orig != NULL)
+ {
+ g_signal_handlers_disconnect_by_data (data->mount_operation_orig, data);
+ g_object_unref (data->mount_operation_orig);
+ }
+
g_slice_free (MountOp, data);
}
@@ -97,6 +105,88 @@ account_attention_needed_cb (GObject *_object, GParamSpec *pspec, gpointer user_
/* ---------------------------------------------------------------------------------------------------- */
+GType g_vfs_goa_mount_operation_get_type (void) G_GNUC_CONST;
+
+typedef struct
+{
+ GMountOperation parent_instance;
+} GVfsGoaMountOperation;
+
+typedef struct
+{
+ GMountOperationClass parent_class;
+} GVfsGoaMountOperationClass;
+
+static GMountOperation *
+g_vfs_goa_mount_operation_new (void)
+{
+ return G_MOUNT_OPERATION (g_object_new (g_vfs_goa_mount_operation_get_type (), NULL));
+}
+
+G_DEFINE_TYPE (GVfsGoaMountOperation, g_vfs_goa_mount_operation, G_TYPE_MOUNT_OPERATION)
+
+static void
+g_vfs_goa_mount_operation_init (GVfsGoaMountOperation *mount_operation)
+{
+}
+
+static void
+g_vfs_goa_mount_operation_ask_question (GMountOperation *op,
+ const char *message,
+ const char *choices[])
+{
+ /* This is needed to prevent G_MOUNT_OPERATION_UNHANDLED reply in idle. */
+}
+
+static void
+g_vfs_goa_mount_operation_class_init (GVfsGoaMountOperationClass *klass)
+{
+ GMountOperationClass *mount_op_class;
+
+ mount_op_class = G_MOUNT_OPERATION_CLASS (klass);
+ mount_op_class->ask_question = g_vfs_goa_mount_operation_ask_question;
+}
+
+/* ---------------------------------------------------------------------------------------------------- */
+
+static void
+ask_question_reply_cb (GMountOperation *op,
+ GMountOperationResult result,
+ gpointer user_data)
+{
+ MountOp *data = g_task_get_task_data (user_data);
+
+ g_mount_operation_set_choice (data->mount_operation,
+ g_mount_operation_get_choice (op));
+ g_mount_operation_reply (data->mount_operation, result);
+}
+
+static void
+mount_operation_ask_question_cb (GMountOperation *op,
+ gchar *message,
+ GStrv choices,
+ gpointer user_data)
+{
+ MountOp *data = g_task_get_task_data (user_data);
+
+ if (data->mount_operation_orig != NULL)
+ {
+ g_signal_connect (data->mount_operation_orig,
+ "reply",
+ G_CALLBACK (ask_question_reply_cb),
+ user_data);
+ g_signal_emit_by_name (data->mount_operation_orig,
+ "ask-question",
+ message,
+ choices);
+ }
+ else
+ {
+ g_mount_operation_reply (data->mount_operation,
+ G_MOUNT_OPERATION_UNHANDLED);
+ }
+}
+
static void
mount_operation_ask_password_cb (GMountOperation *op,
gchar *message,
@@ -412,7 +502,7 @@ g_vfs_goa_volume_get_uuid (GVolume *_self)
static void
g_vfs_goa_volume_mount (GVolume *_self,
GMountMountFlags flags,
- GMountOperation *mount_operation,
+ GMountOperation *mount_operation_orig,
GCancellable *cancellable,
GAsyncReadyCallback callback,
gpointer user_data)
@@ -423,6 +513,9 @@ g_vfs_goa_volume_mount (GVolume *_self,
GoaAccount *account;
data = g_slice_new0 (MountOp);
+ if (mount_operation_orig != NULL)
+ data->mount_operation_orig = g_object_ref (mount_operation_orig);
+
task = g_task_new (self, cancellable, callback, user_data);
g_task_set_source_tag (task, g_vfs_goa_volume_mount);
g_task_set_task_data (task, data, (GDestroyNotify) mount_op_free);
@@ -431,8 +524,9 @@ g_vfs_goa_volume_mount (GVolume *_self,
* monitor because it is set up to emit MountOpAskPassword on
* ask-password.
*/
- data->mount_operation = g_mount_operation_new ();
+ data->mount_operation = g_vfs_goa_mount_operation_new ();
g_signal_connect (data->mount_operation, "ask-password", G_CALLBACK (mount_operation_ask_password_cb), task);
+ g_signal_connect (data->mount_operation, "ask-question", G_CALLBACK (mount_operation_ask_question_cb), task);
account = goa_object_peek_account (self->object);
goa_account_call_ensure_credentials (account, cancellable, ensure_credentials_cb, task);
--
2.28.0

File diff suppressed because it is too large Load Diff

@ -0,0 +1,92 @@
From e3808a1b4042761055b1d975333a8243d67b8bfe Mon Sep 17 00:00:00 2001
From: Simon McVittie <smcv@collabora.com>
Date: Wed, 5 Jun 2019 13:33:38 +0100
Subject: [PATCH] gvfsdaemon: Check that the connecting client is the same user
Otherwise, an attacker who learns the abstract socket address from
netstat(8) or similar could connect to it and issue D-Bus method
calls.
Signed-off-by: Simon McVittie <smcv@collabora.com>
---
daemon/gvfsdaemon.c | 36 +++++++++++++++++++++++++++++++++++-
1 file changed, 35 insertions(+), 1 deletion(-)
diff --git a/daemon/gvfsdaemon.c b/daemon/gvfsdaemon.c
index 406d4f8e..be148a7b 100644
--- a/daemon/gvfsdaemon.c
+++ b/daemon/gvfsdaemon.c
@@ -79,6 +79,7 @@ struct _GVfsDaemon
gint mount_counter;
+ GDBusAuthObserver *auth_observer;
GDBusConnection *conn;
GVfsDBusDaemon *daemon_skeleton;
GVfsDBusMountable *mountable_skeleton;
@@ -171,6 +172,8 @@ g_vfs_daemon_finalize (GObject *object)
}
if (daemon->conn != NULL)
g_object_unref (daemon->conn);
+ if (daemon->auth_observer != NULL)
+ g_object_unref (daemon->auth_observer);
g_hash_table_destroy (daemon->registered_paths);
g_hash_table_destroy (daemon->client_connections);
@@ -236,6 +239,35 @@ name_vanished_handler (GDBusConnection *connection,
daemon->lost_main_daemon = TRUE;
}
+/*
+ * Authentication observer signal handler that authorizes connections
+ * from the same uid as this process. This matches the behaviour of a
+ * libdbus DBusServer/DBusConnection when no DBusAllowUnixUserFunction
+ * has been set, but is not the default in GDBus.
+ */
+static gboolean
+authorize_authenticated_peer_cb (GDBusAuthObserver *observer,
+ G_GNUC_UNUSED GIOStream *stream,
+ GCredentials *credentials,
+ G_GNUC_UNUSED gpointer user_data)
+{
+ gboolean authorized = FALSE;
+
+ if (credentials != NULL)
+ {
+ GCredentials *own_credentials;
+
+ own_credentials = g_credentials_new ();
+
+ if (g_credentials_is_same_user (credentials, own_credentials, NULL))
+ authorized = TRUE;
+
+ g_object_unref (own_credentials);
+ }
+
+ return authorized;
+}
+
static void
g_vfs_daemon_init (GVfsDaemon *daemon)
{
@@ -265,6 +297,8 @@ g_vfs_daemon_init (GVfsDaemon *daemon)
daemon->conn = g_bus_get_sync (G_BUS_TYPE_SESSION, NULL, NULL);
g_assert (daemon->conn != NULL);
+ daemon->auth_observer = g_dbus_auth_observer_new ();
+ g_signal_connect (daemon->auth_observer, "authorize-authenticated-peer", G_CALLBACK (authorize_authenticated_peer_cb), NULL);
daemon->daemon_skeleton = gvfs_dbus_daemon_skeleton_new ();
g_signal_connect (daemon->daemon_skeleton, "handle-get-connection", G_CALLBACK (handle_get_connection), daemon);
@@ -876,7 +910,7 @@ handle_get_connection (GVfsDBusDaemon *object,
server = g_dbus_server_new_sync (address1,
G_DBUS_SERVER_FLAGS_NONE,
guid,
- NULL, /* GDBusAuthObserver */
+ daemon->auth_observer,
NULL, /* GCancellable */
&error);
g_free (guid);
--
2.21.0

@ -1,18 +1,3 @@
From 747c7f6ea6c8b6a7ccd008bb47996ba7eb169bcc Mon Sep 17 00:00:00 2001
From: Ondrej Holy <oholy@redhat.com>
Date: Mon, 11 Apr 2022 10:54:04 +0200
Subject: [PATCH] smb: Ignore EINVAL for kerberos/ccache login
With samba 4.16.0, mount operation fails with the "Invalid Argument" error
when kerberos/ccache is misconfigured. Ignore this error, so user get a chance
to login using the password...
Fixes: https://gitlab.gnome.org/GNOME/gvfs/-/issues/611
---
daemon/gvfsbackendsmb.c | 8 +++++++-
daemon/gvfsbackendsmbbrowse.c | 10 ++++++++--
2 files changed, 15 insertions(+), 3 deletions(-)
diff --git a/daemon/gvfsbackendsmb.c b/daemon/gvfsbackendsmb.c diff --git a/daemon/gvfsbackendsmb.c b/daemon/gvfsbackendsmb.c
index 33d1a209..776b67bc 100644 index 33d1a209..776b67bc 100644
--- a/daemon/gvfsbackendsmb.c --- a/daemon/gvfsbackendsmb.c
@ -22,7 +7,7 @@ index 33d1a209..776b67bc 100644
break; break;
- if (op_backend->mount_cancelled || (errsv != EACCES && errsv != EPERM)) - if (op_backend->mount_cancelled || (errsv != EACCES && errsv != EPERM))
+ if (errsv == EINVAL && op_backend->mount_try <= 1 && op_backend->user == NULL) + if (errsv == EINVAL && op_backend->mount_try == 0 && op_backend->user == NULL)
+ { + {
+ /* EINVAL is "expected" when kerberos/ccache is misconfigured, see: + /* EINVAL is "expected" when kerberos/ccache is misconfigured, see:
+ * https://gitlab.gnome.org/GNOME/gvfs/-/issues/611 + * https://gitlab.gnome.org/GNOME/gvfs/-/issues/611

@ -0,0 +1,115 @@
diff --git a/configure.ac b/configure.ac
index daeee728..689667e5 100644
--- a/configure.ac
+++ b/configure.ac
@@ -551,6 +551,11 @@ if test "x$enable_samba" != "xno"; then
AC_DEFINE(HAVE_SMBC_SETOPTIONPROTOCOLS, 1, [Define to 1 if smbc_setOptionProtocols() is available]),
[]
)
+
+ AC_CHECK_LIB(smbclient, smbc_readdirplus2,
+ AC_DEFINE(HAVE_SMBC_READDIRPLUS2, 1, [Define to 1 if smbc_readdirplus2() is available]),
+ []
+ )
fi
fi
diff --git a/daemon/gvfsbackendsmb.c b/daemon/gvfsbackendsmb.c
index 9571fa0d..ce151648 100644
--- a/daemon/gvfsbackendsmb.c
+++ b/daemon/gvfsbackendsmb.c
@@ -1738,25 +1738,34 @@ do_enumerate (GVfsBackend *backend,
GFileQueryInfoFlags flags)
{
GVfsBackendSmb *op_backend = G_VFS_BACKEND_SMB (backend);
- struct stat st;
- int res;
+ struct stat st = { 0 };
GError *error;
SMBCFILE *dir;
- char dirents[1024*4];
- struct smbc_dirent *dirp;
GFileInfo *info;
GString *uri;
- int uri_start_len;
smbc_opendir_fn smbc_opendir;
+ smbc_closedir_fn smbc_closedir;
+#ifndef HAVE_SMBC_READDIRPLUS2
+ int res;
+ char dirents[1024*4];
+ struct smbc_dirent *dirp;
+ int uri_start_len;
smbc_getdents_fn smbc_getdents;
smbc_stat_fn smbc_stat;
- smbc_closedir_fn smbc_closedir;
+#else
+ smbc_readdirplus2_fn smbc_readdirplus2;
+ const struct libsmb_file_info *exstat;
+#endif
uri = create_smb_uri_string (op_backend->server, op_backend->port, op_backend->share, filename);
smbc_opendir = smbc_getFunctionOpendir (op_backend->smb_context);
+#ifndef HAVE_SMBC_READDIRPLUS2
smbc_getdents = smbc_getFunctionGetdents (op_backend->smb_context);
smbc_stat = smbc_getFunctionStat (op_backend->smb_context);
+#else
+ smbc_readdirplus2 = smbc_getFunctionReaddirPlus2 (op_backend->smb_context);
+#endif
smbc_closedir = smbc_getFunctionClosedir (op_backend->smb_context);
dir = smbc_opendir (op_backend->smb_context, uri->str);
@@ -1776,6 +1785,8 @@ do_enumerate (GVfsBackend *backend,
if (uri->str[uri->len - 1] != '/')
g_string_append_c (uri, '/');
+
+#ifndef HAVE_SMBC_READDIRPLUS2
uri_start_len = uri->len;
while (TRUE)
@@ -1827,9 +1838,27 @@ do_enumerate (GVfsBackend *backend,
dirp = (struct smbc_dirent *) (((char *)dirp) + dirlen);
res -= dirlen;
}
+ }
+#else
+ while ((exstat = smbc_readdirplus2 (op_backend->smb_context, dir, &st)) != NULL)
+ {
+ if ((S_ISREG (st.st_mode) ||
+ S_ISDIR (st.st_mode) ||
+ S_ISLNK (st.st_mode)) &&
+ g_strcmp0 (exstat->name, ".") != 0 &&
+ g_strcmp0 (exstat->name, "..") != 0)
+ {
+ info = g_file_info_new ();
+ set_info_from_stat (op_backend, info, &st, exstat->name, matcher);
+ g_vfs_job_enumerate_add_info (job, info);
+ g_object_unref (info);
+ }
+
+ memset (&st, 0, sizeof (struct stat));
}
-
- res = smbc_closedir (op_backend->smb_context, dir);
+#endif
+
+ smbc_closedir (op_backend->smb_context, dir);
g_vfs_job_enumerate_done (job);
diff --git a/meson.build b/meson.build
index 6ae768d9..d3f59457 100644
--- a/meson.build
+++ b/meson.build
@@ -418,6 +418,7 @@ if enable_samba
smbclient_dep = dependency('smbclient')
config_h.set('HAVE_SMBC_SETOPTIONPROTOCOLS', cc.has_function('smbc_setOptionProtocols', dependencies: smbclient_dep))
+ config_h.set('HAVE_SMBC_READDIRPLUS2', cc.has_function('smbc_readdirplus2', dependencies: smbclient_dep))
endif
# *** Check for libarchive ***
--
2.26.2

@ -1,20 +1,3 @@
From 8c7e79042d819304ea38408d0d90313eef7a3869 Mon Sep 17 00:00:00 2001
From: Ondrej Holy <oholy@redhat.com>
Date: Wed, 4 May 2022 13:20:46 +0200
Subject: [PATCH] smb: Rework anonymous handling to avoid EINVAL
After the recent samba change, the "Invalid Argument" error can be still
returned when anonymous login is requested even after the commit 747c7f6.
This is because `smbc_setOptionNoAutoAnonymousLogin` is called after returning
from the `auth_callback` function (i.e. there is one redundant iteration).
Let's rework the handling a bit and call that immediately, which bypasses
the issue.
Fixes: https://gitlab.gnome.org/GNOME/gvfs/-/issues/619
---
daemon/gvfsbackendsmb.c | 19 ++++---------------
1 file changed, 4 insertions(+), 15 deletions(-)
diff --git a/daemon/gvfsbackendsmb.c b/daemon/gvfsbackendsmb.c diff --git a/daemon/gvfsbackendsmb.c b/daemon/gvfsbackendsmb.c
index 776b67bc..a1e3eacd 100644 index 776b67bc..a1e3eacd 100644
--- a/daemon/gvfsbackendsmb.c --- a/daemon/gvfsbackendsmb.c
@ -29,7 +12,7 @@ index 776b67bc..a1e3eacd 100644
GPasswordSave password_save; GPasswordSave password_save;
@@ -215,13 +214,6 @@ auth_callback (SMBCCTX *context, @@ -215,13 +214,6 @@ auth_callback (SMBCCTX *context,
backend->mount_try_again = TRUE; backend->mount_try_again = TRUE;
g_debug ("auth_callback - ccache pass\n"); g_debug ("auth_callback - kerberos pass\n");
} }
- else if (backend->use_anonymous) - else if (backend->use_anonymous)
- { - {

@ -0,0 +1,67 @@
From 3f6f906c7c7b28dc30edb98200b6e13e1a513bb4 Mon Sep 17 00:00:00 2001
From: Ondrej Holy <oholy@redhat.com>
Date: Wed, 9 May 2018 12:54:59 +0200
Subject: [PATCH] smb: Use O_RDWR to fix fstat when writing
fstat fails with EINVAL on Windows servers if O_WRONLY is used to open
(though it works properly on SAMBA servers). O_RDWR is needed to make
it work. This causes issues when copying files over gvfsd-fuse among
others.
https://bugzilla.gnome.org/show_bug.cgi?id=795805
---
daemon/gvfsbackendsmb.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/daemon/gvfsbackendsmb.c b/daemon/gvfsbackendsmb.c
index d4944197..9571fa0d 100644
--- a/daemon/gvfsbackendsmb.c
+++ b/daemon/gvfsbackendsmb.c
@@ -808,7 +808,7 @@ do_create (GVfsBackend *backend,
smbc_open = smbc_getFunctionOpen (op_backend->smb_context);
errno = 0;
file = smbc_open (op_backend->smb_context, uri,
- O_CREAT|O_WRONLY|O_EXCL, 0666);
+ O_CREAT|O_RDWR|O_EXCL, 0666);
g_free (uri);
if (file == NULL)
@@ -850,7 +850,7 @@ do_append_to (GVfsBackend *backend,
smbc_open = smbc_getFunctionOpen (op_backend->smb_context);
errno = 0;
file = smbc_open (op_backend->smb_context, uri,
- O_CREAT|O_WRONLY|O_APPEND, 0666);
+ O_CREAT|O_RDWR|O_APPEND, 0666);
g_free (uri);
if (file == NULL)
@@ -916,7 +916,7 @@ open_tmpfile (GVfsBackendSmb *backend,
smbc_open = smbc_getFunctionOpen (backend->smb_context);
errno = 0;
file = smbc_open (backend->smb_context, tmp_uri,
- O_CREAT|O_WRONLY|O_EXCL, 0666);
+ O_CREAT|O_RDWR|O_EXCL, 0666);
} while (file == NULL && errno == EEXIST);
g_free (dir_uri);
@@ -1040,7 +1040,7 @@ do_replace (GVfsBackend *backend,
errno = 0;
file = smbc_open (op_backend->smb_context, uri,
- O_CREAT|O_WRONLY|O_EXCL, 0);
+ O_CREAT|O_RDWR|O_EXCL, 0);
if (file == NULL && errno != EEXIST)
{
int errsv = fixup_open_errno (errno);
@@ -1110,7 +1110,7 @@ do_replace (GVfsBackend *backend,
errno = 0;
file = smbc_open (op_backend->smb_context, uri,
- O_CREAT|O_WRONLY|O_TRUNC, 0);
+ O_CREAT|O_RDWR|O_TRUNC, 0);
if (file == NULL)
{
int errsv = fixup_open_errno (errno);
--
2.35.3

@ -0,0 +1,89 @@
diff --git a/configure.ac b/configure.ac
index 3b5836ff..daeee728 100644
--- a/configure.ac
+++ b/configure.ac
@@ -546,6 +546,11 @@ if test "x$enable_samba" != "xno"; then
if test "x$msg_samba" = "xyes"; then
PKG_CHECK_MODULES([SAMBA], [smbclient])
AC_DEFINE([HAVE_SAMBA], 1, [Define to 1 if you have the samba libraries])
+
+ AC_CHECK_LIB(smbclient, smbc_setOptionProtocols,
+ AC_DEFINE(HAVE_SMBC_SETOPTIONPROTOCOLS, 1, [Define to 1 if smbc_setOptionProtocols() is available]),
+ []
+ )
fi
fi
diff --git a/daemon/gvfsbackendsmbbrowse.c b/daemon/gvfsbackendsmbbrowse.c
index f08d2988..3b11883e 100644
--- a/daemon/gvfsbackendsmbbrowse.c
+++ b/daemon/gvfsbackendsmbbrowse.c
@@ -45,6 +45,7 @@
#include "gvfskeyring.h"
#include "gmounttracker.h"
#include "gvfsbackendsmbprivate.h"
+#include "gvfsutils.h"
#include <libsmbclient.h>
@@ -847,6 +848,47 @@ do_mount (GVfsBackend *backend,
else
op_backend->server = g_strdup (op_backend->mounted_server);
+#ifdef HAVE_SMBC_SETOPTIONPROTOCOLS
+ /* Force NT1 protocol version if server can't be resolved (i.e. is not
+ * hostname, nor IP address). This is needed for workgroup support, because
+ * "client max protocol" has been changed from NT1 to SMB3 in recent samba
+ * versions.
+ */
+
+ if (op_backend->server != NULL)
+ {
+ GResolver *resolver;
+ GList *addresses;
+ GError *error = NULL;
+ gchar *server;
+
+ resolver = g_resolver_get_default ();
+
+ /* IPv6 server includes brackets in GMountSpec, GResolver doesn't */
+ if (gvfs_is_ipv6 (op_backend->server))
+ server = g_strndup (op_backend->server + 1, strlen (op_backend->server) - 2);
+ else
+ server = g_strdup (op_backend->server);
+
+ addresses = g_resolver_lookup_by_name (resolver, server, NULL, &error);
+ if (addresses == NULL)
+ {
+ if (error != NULL)
+ {
+ g_debug ("%s\n", error->message);
+ g_error_free (error);
+ }
+
+ g_debug ("Forcing NT1 protocol version\n");
+ smbc_setOptionProtocols (smb_context, "NT1", "NT1");
+ }
+
+ g_resolver_free_addresses (addresses);
+ g_object_unref (resolver);
+ g_free (server);
+ }
+#endif
+
icon = NULL;
symbolic_icon = NULL;
if (op_backend->server == NULL)
diff --git a/meson.build b/meson.build
index 34600188..3a876172 100644
--- a/meson.build
+++ b/meson.build
@@ -416,6 +416,8 @@ config_h.set10('HAVE_LIBUSB', enable_libusb)
enable_samba = get_option('smb')
if enable_samba
smbclient_dep = dependency('smbclient')
+
+ config_h.set('HAVE_SMBC_SETOPTIONPROTOCOLS', cc.has_function('smbc_setOptionProtocols', dependencies: smbclient_dep))
endif
# *** Check for libarchive ***

@ -0,0 +1,65 @@
From f93bd46c36c8e42f17f0f61b79c55a3794906395 Mon Sep 17 00:00:00 2001
From: Ondrej Holy <oholy@redhat.com>
Date: Fri, 6 Mar 2020 10:08:09 +0100
Subject: [PATCH] trash: Add support for x-gvfs-notrash option to ignore mounts
Add support for x-gvfs-notrash mount option, which allows to ignore
trash folder on certain mounts. This might be especially useful e.g.
to prevent wakeups of autofs mounts...
https://bugzilla.redhat.com/show_bug.cgi?id=1096200
---
daemon/trashlib/trashwatcher.c | 30 +++++++++++++++++++++++++++++-
1 file changed, 29 insertions(+), 1 deletion(-)
diff --git a/daemon/trashlib/trashwatcher.c b/daemon/trashlib/trashwatcher.c
index 6b455235..01c440a1 100644
--- a/daemon/trashlib/trashwatcher.c
+++ b/daemon/trashlib/trashwatcher.c
@@ -211,6 +211,34 @@ trash_mount_remove (TrashMount **mount_ptr)
g_slice_free (TrashMount, mount);
}
+static gboolean
+ignore_trash_mount (GUnixMountEntry *mount)
+{
+ GUnixMountPoint *mount_point = NULL;
+ const gchar *mount_options;
+ gboolean retval = TRUE;
+
+ if (g_unix_mount_is_system_internal (mount))
+ return TRUE;
+
+ mount_options = g_unix_mount_get_options (mount);
+ if (mount_options == NULL)
+ {
+ mount_point = g_unix_mount_point_at (g_unix_mount_get_mount_path (mount),
+ NULL);
+ if (mount_point != NULL)
+ mount_options = g_unix_mount_point_get_options (mount_point);
+ }
+
+ if (mount_options == NULL ||
+ strstr (mount_options, "x-gvfs-notrash") == NULL)
+ retval = FALSE;
+
+ g_clear_pointer (&mount_point, g_unix_mount_point_free);
+
+ return retval;
+}
+
static void
trash_watcher_remount (TrashWatcher *watcher)
{
@@ -229,7 +257,7 @@ trash_watcher_remount (TrashWatcher *watcher)
{
int result;
- if (new && g_unix_mount_is_system_internal (new->data))
+ if (new && ignore_trash_mount (new->data))
{
g_unix_mount_free (new->data);
new = new->next;
--
2.41.0

@ -0,0 +1,55 @@
From 41862c0179f834d8bc3bd84ce78ee495050f2676 Mon Sep 17 00:00:00 2001
From: rong wang <wangrong@uniontech.com>
Date: Thu, 23 Mar 2023 10:26:24 +0800
Subject: [PATCH] trash: Sync trash dir items when files change
In the case of an application monitoring the trash can, delete a file
on the mounted device to the trash can, and then unmount the device.
At this time, if you check the status of the trash can, you will find
that the number of files queried is inconsistent with the number of
files obtained through the enumeration job. This is because the number
of files queried includes some files that do not exist when the device
is unmounted. The solution is to synchronize the status of the trash
can in time to ensure that the trash can does not record files that do
not exist.
---
daemon/trashlib/trashdir.c | 21 +++++++++++++++++++--
1 file changed, 19 insertions(+), 2 deletions(-)
diff --git a/daemon/trashlib/trashdir.c b/daemon/trashlib/trashdir.c
index c470d3bd..0d7d2b1b 100644
--- a/daemon/trashlib/trashdir.c
+++ b/daemon/trashlib/trashdir.c
@@ -163,10 +163,27 @@ trash_dir_changed (GFileMonitor *monitor,
TrashDir *dir = user_data;
if (event_type == G_FILE_MONITOR_EVENT_CREATED)
- trash_root_add_item (dir->root, file, dir->topdir, dir->is_homedir);
+ {
+ dir->items = g_slist_insert_sorted (dir->items,
+ g_object_ref (file),
+ (GCompareFunc) compare_basename);
+ trash_root_add_item (dir->root, file, dir->topdir, dir->is_homedir);
+ }
else if (event_type == G_FILE_MONITOR_EVENT_DELETED)
- trash_root_remove_item (dir->root, file, dir->is_homedir);
+ {
+ GSList *node;
+
+ node = g_slist_find_custom (dir->items,
+ file,
+ (GCompareFunc) compare_basename);
+ if (node)
+ {
+ g_object_unref (node->data);
+ dir->items = g_slist_delete_link (dir->items, node);
+ }
+ trash_root_remove_item (dir->root, file, dir->is_homedir);
+ }
else if (event_type == G_FILE_MONITOR_EVENT_PRE_UNMOUNT ||
event_type == G_FILE_MONITOR_EVENT_UNMOUNTED ||
--
2.41.0

@ -0,0 +1,29 @@
From 38831e4ea149a0b4731d123c63d8b493d30ad0be Mon Sep 17 00:00:00 2001
From: Ondrej Holy <oholy@redhat.com>
Date: Sat, 26 May 2018 08:16:02 +0200
Subject: [PATCH] udisks2: Fix crashes caused by missing source tag
GAsyncReadyCallback is never called from g_drive_stop, because
source_tag is not set, but checked. This obviously causes issues
for client applications. Add missing source_tag.
Closes: https://gitlab.gnome.org/GNOME/gvfs/issues/1
---
monitor/udisks2/gvfsudisks2drive.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/monitor/udisks2/gvfsudisks2drive.c b/monitor/udisks2/gvfsudisks2drive.c
index 52e9b75e..87656688 100644
--- a/monitor/udisks2/gvfsudisks2drive.c
+++ b/monitor/udisks2/gvfsudisks2drive.c
@@ -915,6 +915,7 @@ gvfs_udisks2_drive_stop (GDrive *_drive,
GTask *task;
task = g_task_new (drive, cancellable, callback, user_data);
+ g_task_set_source_tag (task, gvfs_udisks2_drive_stop);
/* This information is needed in GVfsDdisks2Volume when apps have
* open files on the device ... we need to know if the button should
--
2.23.0

@ -0,0 +1,128 @@
From 9fdd59cfda93b508e76770146a8295d0a26b175d Mon Sep 17 00:00:00 2001
From: Ondrej Holy <oholy@redhat.com>
Date: Tue, 14 May 2019 08:46:48 +0200
Subject: [PATCH 1/3] udisks2: Handle lockdown option to disable writing
Handle the new mount-removable-storage-devices-as-read-only option of
org.gnome.desktop.lockdown schema and mount removable devices as read-only
if enabled.
---
monitor/udisks2/gvfsudisks2volume.c | 8 +++++
monitor/udisks2/gvfsudisks2volumemonitor.c | 34 ++++++++++++++++++++++
monitor/udisks2/gvfsudisks2volumemonitor.h | 1 +
3 files changed, 43 insertions(+)
diff --git a/monitor/udisks2/gvfsudisks2volume.c b/monitor/udisks2/gvfsudisks2volume.c
index a509b5dd..b2545058 100644
--- a/monitor/udisks2/gvfsudisks2volume.c
+++ b/monitor/udisks2/gvfsudisks2volume.c
@@ -1093,6 +1093,7 @@ do_mount (GTask *task)
{
MountData *data = g_task_get_task_data (task);
GVariantBuilder builder;
+ GVfsUDisks2Volume *volume = g_task_get_source_object (task);
g_variant_builder_init (&builder, G_VARIANT_TYPE_VARDICT);
if (data->mount_operation == NULL)
@@ -1101,6 +1102,13 @@ do_mount (GTask *task)
"{sv}",
"auth.no_user_interaction", g_variant_new_boolean (TRUE));
}
+ if (gvfs_udisks2_volume_monitor_get_readonly_lockdown (volume->monitor))
+ {
+ g_variant_builder_add (&builder,
+ "{sv}",
+ "options", g_variant_new_string ("ro"));
+
+ }
udisks_filesystem_call_mount (data->filesystem_to_mount,
g_variant_builder_end (&builder),
g_task_get_cancellable (task),
diff --git a/monitor/udisks2/gvfsudisks2volumemonitor.c b/monitor/udisks2/gvfsudisks2volumemonitor.c
index 0a5ce96e..37c81fcf 100644
--- a/monitor/udisks2/gvfsudisks2volumemonitor.c
+++ b/monitor/udisks2/gvfsudisks2volumemonitor.c
@@ -65,6 +65,9 @@ struct _GVfsUDisks2VolumeMonitor
/* we keep volumes/mounts for blank and audio discs separate to handle e.g. mixed discs properly */
GList *disc_volumes;
GList *disc_mounts;
+
+ GSettings *lockdown_settings;
+ gboolean readonly_lockdown;
};
static UDisksClient *get_udisks_client_sync (GError **error);
@@ -140,6 +143,8 @@ gvfs_udisks2_volume_monitor_finalize (GObject *object)
g_list_free_full (monitor->disc_volumes, g_object_unref);
g_list_free_full (monitor->disc_mounts, g_object_unref);
+ g_clear_object (&monitor->lockdown_settings);
+
G_OBJECT_CLASS (gvfs_udisks2_volume_monitor_parent_class)->finalize (object);
}
@@ -304,6 +309,17 @@ gvfs_udisks2_volume_monitor_constructor (GType type,
return ret;
}
+static void
+lockdown_settings_changed (GSettings *settings,
+ gchar *key,
+ gpointer user_data)
+{
+ GVfsUDisks2VolumeMonitor *monitor = GVFS_UDISKS2_VOLUME_MONITOR (user_data);
+
+ monitor->readonly_lockdown = g_settings_get_boolean (settings,
+ "mount-removable-storage-devices-as-read-only");
+}
+
static void
gvfs_udisks2_volume_monitor_init (GVfsUDisks2VolumeMonitor *monitor)
{
@@ -325,6 +341,15 @@ gvfs_udisks2_volume_monitor_init (GVfsUDisks2VolumeMonitor *monitor)
G_CALLBACK (mountpoints_changed),
monitor);
+ monitor->lockdown_settings = g_settings_new ("org.gnome.desktop.lockdown");
+ monitor->readonly_lockdown = g_settings_get_boolean (monitor->lockdown_settings,
+ "mount-removable-storage-devices-as-read-only");
+ g_signal_connect_object (monitor->lockdown_settings,
+ "changed",
+ G_CALLBACK (lockdown_settings_changed),
+ monitor,
+ 0);
+
update_all (monitor, FALSE, TRUE);
}
@@ -388,6 +413,15 @@ gvfs_udisks2_volume_monitor_get_gudev_client (GVfsUDisks2VolumeMonitor *monitor)
/* ---------------------------------------------------------------------------------------------------- */
+gboolean
+gvfs_udisks2_volume_monitor_get_readonly_lockdown (GVfsUDisks2VolumeMonitor *monitor)
+{
+ g_return_val_if_fail (GVFS_IS_UDISKS2_VOLUME_MONITOR (monitor), FALSE);
+ return monitor->readonly_lockdown;
+}
+
+/* ---------------------------------------------------------------------------------------------------- */
+
void
gvfs_udisks2_volume_monitor_update (GVfsUDisks2VolumeMonitor *monitor)
{
diff --git a/monitor/udisks2/gvfsudisks2volumemonitor.h b/monitor/udisks2/gvfsudisks2volumemonitor.h
index 7f0215dc..751a0236 100644
--- a/monitor/udisks2/gvfsudisks2volumemonitor.h
+++ b/monitor/udisks2/gvfsudisks2volumemonitor.h
@@ -49,6 +49,7 @@ GVolumeMonitor *gvfs_udisks2_volume_monitor_new (void);
UDisksClient *gvfs_udisks2_volume_monitor_get_udisks_client (GVfsUDisks2VolumeMonitor *monitor);
void gvfs_udisks2_volume_monitor_update (GVfsUDisks2VolumeMonitor *monitor);
GUdevClient *gvfs_udisks2_volume_monitor_get_gudev_client (GVfsUDisks2VolumeMonitor *monitor);
+gboolean gvfs_udisks2_volume_monitor_get_readonly_lockdown (GVfsUDisks2VolumeMonitor *monitor);
G_END_DECLS
--
2.21.0

@ -1,45 +1,92 @@
%define _unpackaged_files_terminate_build 0
%global avahi_version 0.6 %global avahi_version 0.6
%global fuse_version 3.0.0 %global fuse_version 2.8.0
%global glib2_version 2.65.1 %global gettext_version 0.19.4
%global gsettings_desktop_schemas_version 3.33.0 %global glib2_version 2.56.4-162
%global goa_version 3.17.1 %global goa_version 3.17.1
%global gsettings_desktop_schemas_version 3.28.1-2
%global gudev_version 147 %global gudev_version 147
%global libarchive_version 3.0.22 %global libarchive_version 3.0.22
%global libcdio_paranoia_version 0.78.2 %global libcdio_paranoia_version 0.78.2
%global libgcrypt_version 1.2.2 %global libgcrypt_version 1.2.2
%global libgdata_version 0.18.0 %global libgdata_version 0.17.9
%global libgphoto2_version 2.5.0 %global libgphoto2_version 2.5.0
%global libimobiledevice_version 1.2 %global libimobiledevice_version 1.2
%global libmtp_version 1.1.15 %global libmtp_version 1.1.12
%global libnfs_version 1.9.8 %global libnfs_version 1.9.8
%global libplist_version 2.2 %global libplist_version 0.15
%global libsmbclient_version 4.12.0 %global libsmbclient_version 3.4.0
%global libsoup_version 2.58.0 %global libsoup_version 2.42.0
%global libusb_version 1.0.21 %global libusb_version 1.0.21
%global systemd_version 206 %global systemd_version 206
%global talloc_version 1.3.0 %global talloc_version 1.3.0
%global udisks2_version 1.97 %global udisks2_version 1.97
Name: gvfs Name: gvfs
Version: 1.48.1 Version: 1.36.2
Release: 4%{?dist} Release: 16%{?dist}.inferit
Summary: Backends for the gio framework in GLib Summary: Backends for the gio framework in GLib
License: GPLv3 and LGPLv2+ and BSD and MPLv2.0 License: GPLv3 and LGPLv2+ and BSD and MPLv2.0
URL: https://wiki.gnome.org/Projects/gvfs URL: https://wiki.gnome.org/Projects/gvfs
Source0: https://download.gnome.org/sources/gvfs/1.48/gvfs-%{version}.tar.xz Source0: https://download.gnome.org/sources/gvfs/1.36/gvfs-%{version}.tar.xz
# https://bugzilla.redhat.com/show_bug.cgi?id=1673888
Patch0: admin-Prevent-access-if-any-authentication-agent-isn.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1662193
Patch1: udisks2-Handle-lockdown-option-to-disable-writing.patch
Patch2: daemon-Handle-lockdown-option-to-disable-writing.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1729885
Patch3: gvfsdaemon-Check-that-the-connecting-client-is-the-s.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1739117
Patch4: daemon-Prevent-spawning-new-daemons-if-outgoing-oper.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1739116
Patch5: smbbrowse-Force-NT1-protocol-version-for-workgroup-s.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1754506
Patch6: admin-Add-query_info_on_read-write-functionality.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1752926
Patch7: admin-Use-fsuid-to-ensure-correct-file-ownership.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1753972
Patch8: admin-Ensure-correct-ownership-when-moving-to-file-u.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1759075
Patch9: udisks2-Fix-crashes-caused-by-missing-source-tag.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2093861 # https://bugzilla.redhat.com/show_bug.cgi?id=1569868
Patch0: smb-Ignore-EINVAL-for-kerberos-ccache-login.patch Patch10: smb-Improve-enumeration-performance.patch
Patch1: smb-Rework-anonymous-handling-to-avoid-EINVAL.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1889411
Patch11: goa-Add-support-for-certificate-prompts.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2095712
Patch12: smb-Ignore-EINVAL-for-kerberos-login.patch
Patch13: smb-Rework-anonymous-handling-to-avoid-EINVAL.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2080478
Patch14: smb-Use-O_RDWR-to-fix-fstat-when-writing.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2083481
Patch15: google-performance-fixes.patch
# https://issues.redhat.com/browse/RHEL-2824
Patch16: trash-Add-support-for-x-gvfs-notrash-option-to-ignor.patch
Patch17: trash-Sync-trash-dir-items-when-files-change.patch
# MSVSphere
Patch1000: 0001-Added-yandex-disk-webdav-support.patch
BuildRequires: meson
BuildRequires: gcc
BuildRequires: pkgconfig BuildRequires: pkgconfig
BuildRequires: pkgconfig(glib-2.0) >= %{glib2_version} BuildRequires: pkgconfig(glib-2.0) >= %{glib2_version}
BuildRequires: pkgconfig(dbus-glib-1) BuildRequires: pkgconfig(dbus-glib-1)
BuildRequires: pkgconfig(gcr-3) BuildRequires: pkgconfig(gcr-3)
BuildRequires: pkgconfig(gsettings-desktop-schemas) >= %{gsettings_desktop_schemas_version}
BuildRequires: /usr/bin/ssh BuildRequires: /usr/bin/ssh
BuildRequires: pkgconfig(libcdio_paranoia) >= %{libcdio_paranoia_version} BuildRequires: pkgconfig(libcdio_paranoia) >= %{libcdio_paranoia_version}
BuildRequires: pkgconfig(gudev-1.0) >= %{gudev_version} BuildRequires: pkgconfig(gudev-1.0) >= %{gudev_version}
@ -47,7 +94,7 @@ BuildRequires: pkgconfig(libsoup-2.4) >= %{libsoup_version}
BuildRequires: pkgconfig(avahi-client) >= %{avahi_version} BuildRequires: pkgconfig(avahi-client) >= %{avahi_version}
BuildRequires: pkgconfig(avahi-glib) >= %{avahi_version} BuildRequires: pkgconfig(avahi-glib) >= %{avahi_version}
BuildRequires: pkgconfig(libsecret-1) BuildRequires: pkgconfig(libsecret-1)
BuildRequires: gettext-devel BuildRequires: gettext-devel >= %{gettext_version}
BuildRequires: pkgconfig(udisks2) >= %{udisks2_version} BuildRequires: pkgconfig(udisks2) >= %{udisks2_version}
%if ! 0%{?rhel} %if ! 0%{?rhel}
BuildRequires: pkgconfig(libbluray) BuildRequires: pkgconfig(libbluray)
@ -58,10 +105,13 @@ BuildRequires: docbook-style-xsl
BuildRequires: pkgconfig(polkit-gobject-1) BuildRequires: pkgconfig(polkit-gobject-1)
BuildRequires: pkgconfig(libcap) BuildRequires: pkgconfig(libcap)
BuildRequires: automake autoconf
BuildRequires: libtool
Requires: %{name}-client%{?_isa} = %{version}-%{release} Requires: %{name}-client%{?_isa} = %{version}-%{release}
Requires: glib2%{?_isa} >= %{glib2_version} Requires: glib2%{?_isa} >= %{glib2_version}
Requires: gsettings-desktop-schemas >= %{gsettings_desktop_schemas_version}
Requires: udisks2 >= %{udisks2_version} Requires: udisks2 >= %{udisks2_version}
Requires: gsettings-desktop-schemas >= %{gsettings_desktop_schemas_version}
# for file triggers # for file triggers
Requires(post): desktop-file-utils >= 0.22-6 Requires(post): desktop-file-utils >= 0.22-6
@ -98,8 +148,8 @@ required to develop applications using gvfs.
Summary: FUSE support for gvfs Summary: FUSE support for gvfs
Requires: %{name}%{?_isa} = %{version}-%{release} Requires: %{name}%{?_isa} = %{version}-%{release}
Requires: %{name}-client%{?_isa} = %{version}-%{release} Requires: %{name}-client%{?_isa} = %{version}-%{release}
BuildRequires: pkgconfig(fuse3) >= %{fuse_version} BuildRequires: pkgconfig(fuse) >= %{fuse_version}
Requires: fuse3 >= %{fuse_version} Requires: fuse >= %{fuse_version}
%description fuse %description fuse
This package provides support for applications not using gio This package provides support for applications not using gio
@ -118,7 +168,6 @@ This package provides support for reading and writing files on windows
shares (SMB) to applications using gvfs. shares (SMB) to applications using gvfs.
%if ! (0%{?rhel} >= 9)
%package archive %package archive
Summary: Archiving support for gvfs Summary: Archiving support for gvfs
Requires: %{name}%{?_isa} = %{version}-%{release} Requires: %{name}%{?_isa} = %{version}-%{release}
@ -128,7 +177,6 @@ BuildRequires: pkgconfig(libarchive) >= %{libarchive_version}
%description archive %description archive
This package provides support for accessing files inside Zip and Tar archives, This package provides support for accessing files inside Zip and Tar archives,
as well as ISO images, to applications using gvfs. as well as ISO images, to applications using gvfs.
%endif
%package gphoto2 %package gphoto2
@ -145,23 +193,20 @@ media players (Media Transfer Protocol) to applications using gvfs.
%ifnarch s390 s390x %ifnarch s390 s390x
%if ! 0%{?rhel}
%package afc %package afc
Summary: AFC support for gvfs Summary: AFC support for gvfs
Requires: %{name}%{?_isa} = %{version}-%{release} Requires: %{name}%{?_isa} = %{version}-%{release}
Requires: %{name}-client%{?_isa} = %{version}-%{release} Requires: %{name}-client%{?_isa} = %{version}-%{release}
Requires: usbmuxd Requires: usbmuxd
BuildRequires: pkgconfig(libimobiledevice-1.0) >= %{libimobiledevice_version} BuildRequires: pkgconfig(libimobiledevice-1.0) >= %{libimobiledevice_version}
BuildRequires: pkgconfig(libplist-2.0) >= %{libplist_version} BuildRequires: pkgconfig(libplist) >= %{libplist_version}
%description afc %description afc
This package provides support for reading files on mobile devices This package provides support for reading files on mobile devices
including phones and music players to applications using gvfs. including phones and music players to applications using gvfs.
%endif %endif
%endif
%if ! (0%{?rhel} >= 9)
%package afp %package afp
Summary: AFP support for gvfs Summary: AFP support for gvfs
Requires: %{name}%{?_isa} = %{version}-%{release} Requires: %{name}%{?_isa} = %{version}-%{release}
@ -174,7 +219,6 @@ Obsoletes: %{name} < 1.9.4-1
This package provides support for reading and writing files on This package provides support for reading and writing files on
Mac OS X and original Mac OS network shares via Apple Filing Protocol Mac OS X and original Mac OS network shares via Apple Filing Protocol
to applications using gvfs. to applications using gvfs.
%endif
%package mtp %package mtp
@ -225,27 +269,26 @@ the functionality of the installed gvfs package.
%prep %prep
%autosetup -p1 %autosetup -p1
autoreconf -fi
%build %build
%meson -Dinstalled_tests=true \ %configure \
-Dman=true \ --disable-gdu \
%ifarch s390 s390x --enable-udisks2 \
-Dafc=false \ --enable-keyring \
%endif --enable-installed-tests \
%if 0%{?rhel} %if 0%{?rhel}
-Dnfs=false \ --disable-nfs \
-Dbluray=false \ --disable-bluray \
-Dafc=false \
%endif
%if 0%{?rhel} >= 9
-Darchive=false \
-Dafp=false \
-Dgcrypt=false \
%endif %endif
%{nil} %{nil}
%meson_build make %{?_smp_mflags} V=1
%install %install
%meson_install %make_install
rm $RPM_BUILD_ROOT%{_libdir}/gvfs/*.la
rm $RPM_BUILD_ROOT%{_libdir}/gio/modules/*.la
# trashlib is GPLv3, include the license # trashlib is GPLv3, include the license
cp -p daemon/trashlib/COPYING COPYING.GPL3 cp -p daemon/trashlib/COPYING COPYING.GPL3
@ -266,24 +309,18 @@ killall -USR1 gvfsd >&/dev/null || :
%post goa %post goa
killall -USR1 gvfsd >&/dev/null || : killall -USR1 gvfsd >&/dev/null || :
%ifnarch s390 s390x %ifnarch s390 s390x
%if ! 0%{?rhel}
%post afc %post afc
killall -USR1 gvfsd >&/dev/null || : killall -USR1 gvfsd >&/dev/null || :
%endif %endif
%endif
%if ! (0%{?rhel} >= 9)
%post archive %post archive
killall -USR1 gvfsd >&/dev/null || : killall -USR1 gvfsd >&/dev/null || :
%endif
%if ! 0%{?rhel} %if ! 0%{?rhel}
%post nfs %post nfs
killall -USR1 gvfsd >&/dev/null || : killall -USR1 gvfsd >&/dev/null || :
%endif %endif
%if ! (0%{?rhel} >= 9)
%post afp %post afp
killall -USR1 gvfsd >&/dev/null || : killall -USR1 gvfsd >&/dev/null || :
%endif
%files %files
@ -302,7 +339,6 @@ killall -USR1 gvfsd >&/dev/null || :
%{_datadir}/gvfs/mounts/dns-sd.mount %{_datadir}/gvfs/mounts/dns-sd.mount
%{_datadir}/gvfs/mounts/network.mount %{_datadir}/gvfs/mounts/network.mount
%{_datadir}/gvfs/mounts/ftp.mount %{_datadir}/gvfs/mounts/ftp.mount
%{_datadir}/gvfs/mounts/ftpis.mount
%{_datadir}/gvfs/mounts/ftps.mount %{_datadir}/gvfs/mounts/ftps.mount
%{_datadir}/gvfs/mounts/recent.mount %{_datadir}/gvfs/mounts/recent.mount
%{_datadir}/dbus-1/services/org.gtk.vfs.Daemon.service %{_datadir}/dbus-1/services/org.gtk.vfs.Daemon.service
@ -333,13 +369,16 @@ killall -USR1 gvfsd >&/dev/null || :
%{_libexecdir}/gvfsd-recent %{_libexecdir}/gvfsd-recent
%{_mandir}/man1/gvfsd.1* %{_mandir}/man1/gvfsd.1*
%{_mandir}/man1/gvfsd-metadata.1* %{_mandir}/man1/gvfsd-metadata.1*
%if ! 0%{?flatpak}
%{_userunitdir}/gvfs-daemon.service %{_userunitdir}/gvfs-daemon.service
%{_userunitdir}/gvfs-metadata.service %{_userunitdir}/gvfs-metadata.service
%{_userunitdir}/gvfs-udisks2-volume-monitor.service %{_userunitdir}/gvfs-udisks2-volume-monitor.service
%endif
%files client -f gvfs.lang %files client -f gvfs.lang
%{!?_licensedir:%global license %%doc}
%license COPYING COPYING.GPL3 %license COPYING COPYING.GPL3
%doc NEWS README.md %doc AUTHORS NEWS README
%dir %{_libdir}/gvfs %dir %{_libdir}/gvfs
%{_libdir}/gvfs/libgvfscommon.so %{_libdir}/gvfs/libgvfscommon.so
%{_libdir}/gio/modules/libgioremote-volume-monitor.so %{_libdir}/gio/modules/libgioremote-volume-monitor.so
@ -356,7 +395,9 @@ killall -USR1 gvfsd >&/dev/null || :
%files fuse %files fuse
%{_libexecdir}/gvfsd-fuse %{_libexecdir}/gvfsd-fuse
%{_mandir}/man1/gvfsd-fuse.1* %{_mandir}/man1/gvfsd-fuse.1*
%if ! 0%{?flatpak}
%{_tmpfilesdir}/gvfsd-fuse-tmpfiles.conf %{_tmpfilesdir}/gvfsd-fuse-tmpfiles.conf
%endif
%files smb %files smb
%{_libexecdir}/gvfsd-smb %{_libexecdir}/gvfsd-smb
@ -365,11 +406,9 @@ killall -USR1 gvfsd >&/dev/null || :
%{_datadir}/gvfs/mounts/smb.mount %{_datadir}/gvfs/mounts/smb.mount
%if ! (0%{?rhel} >= 9)
%files archive %files archive
%{_libexecdir}/gvfsd-archive %{_libexecdir}/gvfsd-archive
%{_datadir}/gvfs/mounts/archive.mount %{_datadir}/gvfs/mounts/archive.mount
%endif
%files gphoto2 %files gphoto2
@ -378,27 +417,27 @@ killall -USR1 gvfsd >&/dev/null || :
%{_libexecdir}/gvfs-gphoto2-volume-monitor %{_libexecdir}/gvfs-gphoto2-volume-monitor
%{_datadir}/dbus-1/services/org.gtk.vfs.GPhoto2VolumeMonitor.service %{_datadir}/dbus-1/services/org.gtk.vfs.GPhoto2VolumeMonitor.service
%{_datadir}/gvfs/remote-volume-monitors/gphoto2.monitor %{_datadir}/gvfs/remote-volume-monitors/gphoto2.monitor
%if ! 0%{?flatpak}
%{_userunitdir}/gvfs-gphoto2-volume-monitor.service %{_userunitdir}/gvfs-gphoto2-volume-monitor.service
%endif
%ifnarch s390 s390x %ifnarch s390 s390x
%if ! 0%{?rhel}
%files afc %files afc
%{_libexecdir}/gvfsd-afc %{_libexecdir}/gvfsd-afc
%{_datadir}/gvfs/mounts/afc.mount %{_datadir}/gvfs/mounts/afc.mount
%{_libexecdir}/gvfs-afc-volume-monitor %{_libexecdir}/gvfs-afc-volume-monitor
%{_datadir}/dbus-1/services/org.gtk.vfs.AfcVolumeMonitor.service %{_datadir}/dbus-1/services/org.gtk.vfs.AfcVolumeMonitor.service
%{_datadir}/gvfs/remote-volume-monitors/afc.monitor %{_datadir}/gvfs/remote-volume-monitors/afc.monitor
%if ! 0%{?flatpak}
%{_userunitdir}/gvfs-afc-volume-monitor.service %{_userunitdir}/gvfs-afc-volume-monitor.service
%endif %endif
%endif %endif
%if ! (0%{?rhel} >= 9)
%files afp %files afp
%{_libexecdir}/gvfsd-afp %{_libexecdir}/gvfsd-afp
%{_libexecdir}/gvfsd-afp-browse %{_libexecdir}/gvfsd-afp-browse
%{_datadir}/gvfs/mounts/afp.mount %{_datadir}/gvfs/mounts/afp.mount
%{_datadir}/gvfs/mounts/afp-browse.mount %{_datadir}/gvfs/mounts/afp-browse.mount
%endif
%files mtp %files mtp
%{_libexecdir}/gvfsd-mtp %{_libexecdir}/gvfsd-mtp
@ -406,10 +445,13 @@ killall -USR1 gvfsd >&/dev/null || :
%{_libexecdir}/gvfs-mtp-volume-monitor %{_libexecdir}/gvfs-mtp-volume-monitor
%{_datadir}/dbus-1/services/org.gtk.vfs.MTPVolumeMonitor.service %{_datadir}/dbus-1/services/org.gtk.vfs.MTPVolumeMonitor.service
%{_datadir}/gvfs/remote-volume-monitors/mtp.monitor %{_datadir}/gvfs/remote-volume-monitors/mtp.monitor
%if ! 0%{?flatpak}
%{_userunitdir}/gvfs-mtp-volume-monitor.service %{_userunitdir}/gvfs-mtp-volume-monitor.service
%endif
%if ! 0%{?rhel} %if ! 0%{?rhel}
%files nfs %files nfs
%{_libexecdir}/gvfsd-nfs
# for privileged ports # for privileged ports
%caps(cap_net_bind_service=ep) %{_libexecdir}/gvfsd-nfs %caps(cap_net_bind_service=ep) %{_libexecdir}/gvfsd-nfs
%{_datadir}/gvfs/mounts/nfs.mount %{_datadir}/gvfs/mounts/nfs.mount
@ -421,7 +463,9 @@ killall -USR1 gvfsd >&/dev/null || :
%{_datadir}/gvfs/remote-volume-monitors/goa.monitor %{_datadir}/gvfs/remote-volume-monitors/goa.monitor
%{_datadir}/gvfs/mounts/google.mount %{_datadir}/gvfs/mounts/google.mount
%{_libexecdir}/gvfsd-google %{_libexecdir}/gvfsd-google
%if ! 0%{?flatpak}
%{_userunitdir}/gvfs-goa-volume-monitor.service %{_userunitdir}/gvfs-goa-volume-monitor.service
%endif
%files tests %files tests
%dir %{_libexecdir}/installed-tests %dir %{_libexecdir}/installed-tests
@ -429,185 +473,71 @@ killall -USR1 gvfsd >&/dev/null || :
%{_datadir}/installed-tests %{_datadir}/installed-tests
%changelog %changelog
* Tue Jun 14 2022 Ondrej Holy <oholy@redhat.com> - 1.48.1-4 * Mon Apr 22 2024 Sergey Cherevko <s.cherevko@msvsphere-os.ru> - 1.36.2-16.inferit
- Ignore EINVAL for kerberos/ccache login to fix SMB mounting (#2093861) - Update to 1.36.2-16
- Rebuilt for MSVSphere 8.10 beta
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1.48.1-3
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Tue Jul 13 2021 Ondrej Holy <oholy@redhat.com> - 1.48.1-2 * Fri Mar 15 2024 Sergey Cherevko <s.cherevko@msvsphere-os.ru> - 1.36.2-14.inferit
- Disable gcrypt to fix build - Added yandex disk webdav support (by Alexey Berezhok <aberezhok@msvsphere-os.ru>)
- Rebuilt for MSVSphere 8.9
* Wed May 05 2021 Kalev Lember <klember@redhat.com> - 1.48.1-1 * Wed Dec 06 2023 Ondrej Holy <oholy@redhat.com> - 1.36.2-16
- Update to 1.48.1 - Sync trash dir items when files change (RHEL-2824)
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 1.48.0-2 * Mon Oct 09 2023 Ondrej Holy <oholy@redhat.com> - 1.36.2-15
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 - Add support for x-gvfs-notrash mount option (RHEL-2824)
* Mon Mar 22 2021 Kalev Lember <klember@redhat.com> - 1.48.0-1 * Tue Jul 25 2023 MSVSphere Packaging Team <packager@msvsphere.ru> - 1.36.2-14
- Update to 1.48.0 - Rebuilt for MSVSphere 8.8
* Mon Mar 15 2021 Kalev Lember <klember@redhat.com> - 1.47.91-1 * Thu Jun 16 2022 Ondrej Holy <oholy@redhat.com> - 1.36.2-14
- Update to 1.47.91 - Backport performance fixes for Google backend (#2083481)
* Wed Feb 17 2021 Kalev Lember <klember@redhat.com> - 1.47.90-1 * Tue Jun 14 2022 Ondrej Holy <oholy@redhat.com> - 1.36.2-13
- Update to 1.47.90 - Use O_RDWR to fix fstat when writing on SMB share (#2080478)
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.46.2-2 * Tue Jun 14 2022 Ondrej Holy <oholy@redhat.com> - 1.36.2-12
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild - Ignore EINVAL for kerberos login to fix SMB mounting (#2095712)
* Sat Jan 16 2021 Kalev Lember <klember@redhat.com> - 1.46.2-1 * Tue Nov 03 2020 Ondrej Holy <oholy@redhat.com> - 1.36.2-11
- Update to 1.46.2 - Add support for certificates prompts for GOA mounts (rhbz#1889411)
* Mon Oct 5 2020 Kalev Lember <klember@redhat.com> - 1.46.1-1 * Wed Aug 05 2020 Ondrej Holy <oholy@redhat.com> - 1.36.2-10
- Update to 1.46.1 - Fix libusb(x) requirements (rhbz#1866332)
* Fri Sep 11 2020 Kalev Lember <klember@redhat.com> - 1.46.0-1 * Wed Jun 17 2020 Ondrej Holy <oholy@redhat.com> - 1.36.2-9
- Update to 1.46.0 - Improve enumeration performance of smb backend (rhbz#1569868)
* Fri Sep 04 2020 Kalev Lember <klember@redhat.com> - 1.45.92-1 * Tue Oct 8 2019 Ondrej Holy <oholy@redhat.com> - 1.36.2-8
- Update to 1.45.92 - Fix udisks2 volume monitor crashes when stopping drive (rhbz#1759075)
* Mon Aug 17 2020 Kalev Lember <klember@redhat.com> - 1.45.90-1 * Thu Sep 19 2019 Ondrej Holy <oholy@redhat.com> - 1.36.2-7
- Update to 1.45.90 - Remove libbluray support (#1747972)
- CVE-2019-12448: Add query_info_on_read/write functionality (rhbz#1754506)
- CVE-2019-12447: Use fsuid to ensure correct file ownership (rhbz#1752926)
- CVE-2019-12449: Ensure correct ownership when moving to file:// uri (rhbz#1753972)
* Tue Aug 04 2020 Ondrej Holy <oholy@redhat.com> - 1.45.3-1 * Fri Aug 09 2019 Ondrej Holy <oholy@redhat.com> - 1.36.2-6
- Update to 1.45.3 - Prevent spawning new daemons if outgoing operation exists (#1739117)
- Force NT1 protocol version for workgroup support (#1739116)
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.45.2-4 * Thu Aug 08 2019 Ondrej Holy <oholy@redhat.com> - 1.36.2-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild - CVE-2019-12795 Check that the connecting client is the same user (#1729885)
* Mon Jul 13 2020 Bastien Nocera <bnocera@redhat.com> - 1.45.2-3 * Thu May 16 2019 Ondrej Holy <oholy@redhat.com> - 1.36.2-4
+ gvfs-1.45.2-3 - Handle lockdown option to disable writing (#1662193)
- Disable afc backend in RHEL
* Wed Jun 17 2020 Bastien Nocera <bnocera@redhat.com> - 1.45.2-2 * Mon Apr 01 2019 Ondrej Holy <oholy@redhat.com> - 1.36.2-3
+ gvfs-1.45.2-2 - CVE-2019-3827: Prevent access if any authentication agent isn't available (#1673888)
- Rebuild with libplist 2.2 support
* Fri May 29 2020 Kalev Lember <klember@redhat.com> - 1.45.2-1 * Fri Dec 14 2018 Ray Strode <rstrode@redhat.com> - 1.36.2-2
- Update to 1.45.2 - rebuild
* Tue Mar 31 2020 Adrian Reber <adrian@lisas.de> - 1.44.1-2 * Tue Jun 12 2018 Ondrej Holy <oholy@redhat.com> - 1.36.2-1
- Rebuilt for libcdio-2.1.0 - Update to 1.36.2
* Fri Mar 27 2020 Kalev Lember <klember@redhat.com> - 1.44.1-1
- Update to 1.44.1
* Fri Mar 06 2020 Kalev Lember <klember@redhat.com> - 1.44.0-1
- Update to 1.44.0
* Mon Mar 02 2020 Kalev Lember <klember@redhat.com> - 1.43.92-1
- Update to 1.43.92
* Mon Feb 17 2020 Kalev Lember <klember@redhat.com> - 1.43.91-1
- Update to 1.43.91
* Sun Feb 02 2020 Kalev Lember <klember@redhat.com> - 1.43.90-1
- Update to 1.43.90
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.43.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Mon Dec 02 2019 Kalev Lember <klember@redhat.com> - 1.43.2-1
- Update to 1.43.2
* Wed Nov 27 2019 Kalev Lember <klember@redhat.com> - 1.42.2-1
- Update to 1.42.2
* Mon Oct 07 2019 Kalev Lember <klember@redhat.com> - 1.42.1-1
- Update to 1.42.1
* Thu Sep 19 2019 Ondrej Holy <oholy@redhat.com> - 1.42.0-3
- Remove libbluray support on RHEL (#1747972)
* Wed Sep 11 2019 Leigh Scott <leigh123linux@googlemail.com> - 1.42.0-2
- Rebuild for new libnfs version
* Mon Sep 09 2019 Kalev Lember <klember@redhat.com> - 1.42.0-1
- Update to 1.42.0
* Tue Aug 20 2019 Kalev Lember <klember@redhat.com> - 1.41.91-1
- Update to 1.41.91
* Mon Aug 12 2019 Kalev Lember <klember@redhat.com> - 1.41.90-1
- Update to 1.41.90
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.41.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Mon Jul 15 2019 Kalev Lember <klember@redhat.com> - 1.41.4-1
- Update to 1.41.4
* Wed Jun 19 2019 Kalev Lember <klember@redhat.com> - 1.41.3-1
- Update to 1.41.3
* Tue May 21 2019 Kalev Lember <klember@redhat.com> - 1.41.2-1
- Update to 1.41.2
* Thu May 09 2019 Kalev Lember <klember@redhat.com> - 1.41.1-1
- Update to 1.41.1
- Build against fuse3
* Tue Apr 16 2019 Adam Williamson <awilliam@redhat.com> - 1.40.1-2
- Rebuild with Meson fix for #1699099
* Tue Apr 09 2019 Kalev Lember <klember@redhat.com> - 1.40.1-1
- Update to 1.40.1
* Mon Mar 11 2019 Kalev Lember <klember@redhat.com> - 1.40.0-1
- Update to 1.40.0
* Mon Mar 04 2019 Kalev Lember <klember@redhat.com> - 1.39.92-1
- Update to 1.39.92
* Mon Feb 18 2019 Kalev Lember <klember@redhat.com> - 1.39.91-1
- Update to 1.39.91
* Mon Feb 04 2019 Kalev Lember <klember@redhat.com> - 1.39.90-1
- Update to 1.39.90
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.39.4-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Thu Jan 17 2019 Ondrej Holy <oholy@redhat.com> - 1.39.4-2
- admin: Prevent access if any authentication agent isn't available
* Mon Jan 07 2019 Kalev Lember <klember@redhat.com> - 1.39.4-1
- Update to 1.39.4
* Tue Oct 09 2018 Kalev Lember <klember@redhat.com> - 1.39.1-1
- Update to 1.39.1
* Tue Sep 25 2018 Ondrej Holy <oholy@redhat.com> - 1.38.1-1
- Update to 1.38.1
* Thu Sep 06 2018 Kalev Lember <klember@redhat.com> - 1.38.0-1
- Update to 1.38.0
* Thu Aug 02 2018 Ondrej Holy <oholy@redhat.com> - 1.37.90-1
- Update to 1.37.90
* Fri Jul 13 2018 Ondrej Holy <oholy@redhat.com> - 1.37.4-1
- Update to 1.37.4
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.37.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
- Add missing gcc dependency
* Wed May 09 2018 Ondrej Holy <oholy@redhat.com> - 1.37.2-1
- Update to 1.37.2
- Disable NFS support in RHEL
* Wed May 09 2018 Ondrej Holy <oholy@redhat.com> - 1.37.1-1
- Update to 1.37.1
- Remove mount-archive.desktop helper - Remove mount-archive.desktop helper
- Switch to meson build system
- Remove obsolete gvfs utils - Remove obsolete gvfs utils
- Disable nfs support
* Tue May 08 2018 Kalev Lember <klember@redhat.com> - 1.36.2-1
- Update to 1.36.2
* Mon Apr 09 2018 Kalev Lember <klember@redhat.com> - 1.36.1-1 * Mon Apr 09 2018 Kalev Lember <klember@redhat.com> - 1.36.1-1
- Update to 1.36.1 - Update to 1.36.1

Loading…
Cancel
Save