rpms
/
polkit
20
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

merge into: rpms:c9
Branches Tags
rpms:i10c-beta
rpms:c10-beta
rpms:i9
rpms:i10cs
rpms:cs10
rpms:i9c-beta
rpms:c9-beta
rpms:i8c
rpms:c8
rpms:i8e
rpms:i9e
rpms:i9c
rpms:c9
...
pull from: rpms:i9
Branches Tags
rpms:i10c-beta
rpms:c10-beta
rpms:i9
rpms:i10cs
rpms:cs10
rpms:i9c-beta
rpms:c9-beta
rpms:i8c
rpms:c8
rpms:i8e
rpms:i9e
rpms:i9c
rpms:c9

No commits in common. 'c9' and 'i9' have entirely different histories.
c9 ... i9

5 changed files with 737 additions and 2 deletions
Show Stats

236
SOURCES/0001-Added-Russian-translation.patch
Unescape View File

@ -0,0 +1,236 @@
From 6d16fd1e0ba46197c29e6356a5f33750ab5908ec Mon Sep 17 00:00:00 2001
From: Sergey Cherevko <s.cherevko@msvsphere-os.ru>
Date: Tue, 13 Feb 2024 13:02:01 +0300
Subject: [PATCH] Added Russian translation
---
po/LINGUAS | 1 +
po/ru.po | 204 +++++++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 205 insertions(+)
create mode 100644 po/ru.po
diff --git a/po/LINGUAS b/po/LINGUAS
index 771fcaa..9eb1491 100644
--- a/po/LINGUAS
+++ b/po/LINGUAS
@@ -10,6 +10,7 @@ it
nn
pl
pt_BR
+ru
sk
sv
tr
diff --git a/po/ru.po b/po/ru.po
new file mode 100644
index 0000000..2b296fb
--- /dev/null
+++ b/po/ru.po
@@ -0,0 +1,204 @@
+# Russian translation for polkit.
+# Copyright (C) 2015 polkit's COPYRIGHT HOLDER
+# This file is distributed under the same license as the polkit package.
+#
+# Sergey Cherevko <s.cherevko@msvsphere-os.ru>, 2024.
+msgid ""
+msgstr ""
+"Project-Id-Version: polkit master\n"
+"Report-Msgid-Bugs-To: https://gitlab.freedesktop.org/polkit/polkit/issues\n"
+"POT-Creation-Date: 2020-03-22 03:56+0000\n"
+"PO-Revision-Date: 2024-02-13 11:39+0300\n"
+"Last-Translator: Sergey Cherevko <s.cherevko@msvsphere-os.ru>\n"
+"Language-Team: MSVSphere <s.cherevko@msvspere-os.ru>\n"
+"Language: ru\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n"
+"%10<=4 && (n%100<12 || n%100>14) ? 1 : 2);\n"
+"X-Generator: Poedit 3.4.2\n"
+
+#: ../actions/org.freedesktop.policykit.policy.in.h:1
+msgid "Run a program as another user"
+msgstr "Запуск программы от имени другого пользователя"
+
+#: ../actions/org.freedesktop.policykit.policy.in.h:2
+msgid "Authentication is required to run a program as another user"
+msgstr ""
+"Для запуска программы от имени другого пользователя требуется аутентификация"
+
+#: ../src/examples/org.freedesktop.policykit.examples.pkexec.policy.in.h:1
+msgid "Run the polkit example program Frobnicate"
+msgstr "Запустите программу-пример Frobnicate из polkit"
+
+#: ../src/examples/org.freedesktop.policykit.examples.pkexec.policy.in.h:2
+msgid ""
+"Authentication is required to run the polkit example program Frobnicate "
+"(user=$(user), user.gecos=$(user.gecos), user.display=$(user.display), "
+"program=$(program), command_line=$(command_line))"
+msgstr ""
+"Для запуска примера программы polkit Frobnicate (user=$(user), user.gecos=$(user.gecos), "
+"user.display=$(user.display), program=$(program), command_line="
+"$(command_line)) требуется аутентификация"
+
+#: ../src/programs/pkaction.c:101
+msgid "Only output information about ACTION"
+msgstr "Выводите только информацию о ДЕЙСТВИИ"
+
+#: ../src/programs/pkaction.c:101
+msgid "ACTION"
+msgstr "ДЕЙСТВИЕ"
+
+#: ../src/programs/pkaction.c:105
+msgid "Output detailed action information"
+msgstr "Вывод подробной информации о действиях"
+
+#: ../src/programs/pkaction.c:109 ../src/programs/pkttyagent.c:95
+msgid "Show version"
+msgstr "Показать версию"
+
+#: ../src/programs/pkaction.c:132
+msgid "[--action-id ACTION]"
+msgstr "[--action-id ДЕЙСТВИЕ]"
+
+#: ../src/programs/pkaction.c:133 ../src/programs/pkttyagent.c:118
+#, c-format
+msgid ""
+"Report bugs to: %s\n"
+"%s home page: <%s>"
+msgstr ""
+"Сообщить об ошибках в: %s\n"
+"%s главная страница: <%s>"
+
+#: ../src/programs/pkaction.c:147 ../src/programs/pkcheck.c:493
+#: ../src/programs/pkttyagent.c:132
+#, c-format
+msgid "%s: Unexpected argument `%s'\n"
+msgstr "%s: Неожиданный аргумент `%s'\n"
+
+#: ../src/programs/pkcheck.c:36
+#, c-format
+msgid ""
+"Usage:\n"
+" pkcheck [OPTION...]\n"
+"\n"
+"Help Options:\n"
+" -h, --help Show help options\n"
+"\n"
+"Application Options:\n"
+" -a, --action-id=ACTION Check authorization to perform ACTION\n"
+" -u, --allow-user-interaction Interact with the user if necessary\n"
+" -d, --details=KEY VALUE Add (KEY, VALUE) to information about "
+"the action\n"
+" --enable-internal-agent Use an internal authentication agent if "
+"necessary\n"
+" --list-temp List temporary authorizations for "
+"current session\n"
+" -p, --process=PID[,START_TIME,UID] Check authorization of specified "
+"process\n"
+" --revoke-temp Revoke all temporary authorizations for "
+"current session\n"
+" -s, --system-bus-name=BUS_NAME Check authorization of owner of "
+"BUS_NAME\n"
+" --version Show version\n"
+"\n"
+"Report bugs to: %s\n"
+"%s home page: <%s>\n"
+msgstr ""
+"Использование:\n"
+" pkcheck [ПАРАМЕТР...]\n"
+"\n"
+"Параметры справки:\n"
+" -h, --help Показать параметры справки\n"
+"\n"
+"Опции приложения:\n"
+" -a, --action-id=ДЕЙСТВИЕ Проверка разрешения на выполнение ДЕЙСТВИЯ\n"
+" -u, --allow-user-interaction Взаимодействовать с пользователем, если это "
+"необходимо\n"
+" -d, --details=КЛЮЧ ЗНАЧЕНИЕ Добавить (КЛЮЧ, ЗНАЧЕНИЕ) к информации о действии\n"
+" --enable-internal-agent Использовать внутренний агент аутентификации, если "
+"необходимо\n"
+" --list-temp Список временных авторизаций для текущей сессии\n"
+" -p, --process=PID[,ВРЕМЯ_ЗАПУСКА,UID] Проверка авторизации указанного "
+"процесса\n"
+" --revoke-temp Отменить все временные авторизации для текущей сессии\n"
+" -s, --system-bus-name=ИМЯ_ШИНЫ Проверить авторизацию владельца ИМЯ_ШИНЫ\n"
+" --version Показать версию\n"
+"\n"
+"Сообщайте об ошибках по адресу: %s\n"
+"%s домашняя страница: <%s>\n"
+
+#: ../src/programs/pkcheck.c:393 ../src/programs/pkcheck.c:426
+#: ../src/programs/pkcheck.c:438
+#, c-format
+msgid "%s: Argument expected after `%s'\n"
+msgstr "%s: Аргумент ожидается после `%s'\n"
+
+#: ../src/programs/pkcheck.c:416
+#, c-format
+msgid "%s: Invalid --process value `%s'\n"
+msgstr "%s: Недопустимое значение --process `%s'\n"
+
+#: ../src/programs/pkcheck.c:453 ../src/programs/pkcheck.c:462
+#, c-format
+msgid "%s: Two arguments expected after `--detail'\n"
+msgstr "%s: Ожидается два аргумента после `--detail'\n"
+
+#: ../src/programs/pkcheck.c:523
+#, c-format
+msgid "%s: Subject not specified\n"
+msgstr "%s: Тема не указана\n"
+
+#. Translators: message shown when trying to run a program as root. Do not
+#. * translate the $(program) fragment - it will be expanded to the path
+#. * of the program e.g. /bin/bash.
+#.
+#: ../src/programs/pkexec.c:790
+msgid "Authentication is needed to run `$(program)' as the super user"
+msgstr ""
+"Для запуска `$(program)' от имени суперпользователя требуется аутентификация"
+
+#. Translators: message shown when trying to run a program as another user.
+#. * Do not translate the $(program) or $(user) fragments - the former will
+#. * be expanded to the path of the program e.g. "/bin/bash" and the latter
+#. * to the user e.g. "John Doe (johndoe)" or "johndoe".
+#.
+#: ../src/programs/pkexec.c:800
+msgid "Authentication is needed to run `$(program)' as user $(user.display)"
+msgstr ""
+"Для запуска `$(program)' от имени пользователя $(user.display) требуется "
+"аутентификация"
+
+#: ../src/programs/pkttyagent.c:78
+msgid "Don't replace existing agent if any"
+msgstr "Не заменяйте существующего агента, если таковой имеется"
+
+#: ../src/programs/pkttyagent.c:82
+msgid "Close FD when the agent is registered"
+msgstr "Закрыть дескриптор файла, когда агент зарегистрирован"
+
+#: ../src/programs/pkttyagent.c:82
+msgid "FD"
+msgstr "ДФ"
+
+#: ../src/programs/pkttyagent.c:86
+msgid "Register the agent for the specified process"
+msgstr "Зарегистрируйте агента для указанного процесса"
+
+#: ../src/programs/pkttyagent.c:87
+msgid "PID[,START_TIME]"
+msgstr "PID[,ВРЕМЯ_ЗАПУСКА]"
+
+#: ../src/programs/pkttyagent.c:91
+msgid "Register the agent for the owner of BUS_NAME"
+msgstr "Зарегистрируйте агента для владельца ИМЯ_ШИНЫ"
+
+#: ../src/programs/pkttyagent.c:91
+msgid "BUS_NAME"
+msgstr "ИМЯ_ШИНЫ"
+
+#: ../src/programs/pkttyagent.c:164
+#, c-format
+msgid "%s: Invalid process specifier `%s'\n"
+msgstr "%s: Недопустимый спецификатор процесса `%s'\n"
--
2.39.3

391
SOURCES/pkpermission-watch-changed-ssn-only.patch
Unescape View File

@ -0,0 +1,391 @@
From 31ebedebf1d9850a4c699af5cfe57b81e908f642 Mon Sep 17 00:00:00 2001
From: Jan Rybar <jrybar@redhat.com>
Date: Thu, 23 May 2024 08:59:11 +0200
Subject: [PATCH 1/3] Only instances affected by sessions change should call
for CheckAuthorization (#453)
* Only instances affected by sessions change should call for
CheckAuthorization
Currently, every time the systemd-logind monitor sends a notification
about change in sessions, all instances of PolkitPermission (and
probably other classes using PolkitAuthority) send CheckAuthorization to
the daemon even though their session is not affected. This hogs the cpu
needlessly, because ALL programs/applets in ALL instances for ALL users
send CheckAuthorization, making each such request even repeated.
This PR adds recognition of a change in sessions, adds it to the
"Changed" dbus signal as a parameter, and on the client side of polkit
(i.e. PolkitAuthority) enables to react accordingly. This enables
PolkitPermission to assess whether the session change affects just the
objects in affected sessions.
---
data/org.freedesktop.PolicyKit1.Authority.xml | 2 +-
src/polkit/polkitauthority.c | 32 ++++++-
src/polkit/polkitpermission.c | 87 +++++++++++++++++++
src/polkitbackend/polkitbackendauthority.c | 54 +++++++++++-
.../polkitbackendinteractiveauthority.c | 2 +-
5 files changed, 170 insertions(+), 7 deletions(-)
diff --git a/data/org.freedesktop.PolicyKit1.Authority.xml b/data/org.freedesktop.PolicyKit1.Authority.xml
index 453ffc8..214b8c2 100644
--- a/data/org.freedesktop.PolicyKit1.Authority.xml
+++ b/data/org.freedesktop.PolicyKit1.Authority.xml
@@ -431,7 +431,7 @@ Must match the effective UID of the caller of org.freedesktop.PolicyKit1.Authori
<!-- ---------------------------------------------------------------------------------------------------- -->
<signal name="Changed">
- <annotation name="org.gtk.EggDBus.DocString" value="This signal is emitted when actions and/or authorizations change"/>
+ <annotation name="org.gtk.EggDBus.DocString" value="This signal is emitted when actions, sessions and/or authorizations change, carrying information about the change."/>
</signal>
</interface>
diff --git a/src/polkit/polkitauthority.c b/src/polkit/polkitauthority.c
index 71d527c..08cb511 100644
--- a/src/polkit/polkitauthority.c
+++ b/src/polkit/polkitauthority.c
@@ -84,6 +84,7 @@ static PolkitAuthority *the_authority = NULL;
enum
{
CHANGED_SIGNAL,
+ SESSIONS_CHANGED_SIGNAL,
LAST_SIGNAL,
};
@@ -113,9 +114,23 @@ on_proxy_signal (GDBusProxy *proxy,
gpointer user_data)
{
PolkitAuthority *authority = POLKIT_AUTHORITY (user_data);
+ guint16 msg_mask;
+
if (g_strcmp0 (signal_name, "Changed") == 0)
{
- g_signal_emit_by_name (authority, "changed");
+ if ((parameters != NULL) && g_variant_check_format_string(parameters, "(q)", FALSE))
+ {
+ g_variant_get(parameters, "(q)", &msg_mask);
+ if (msg_mask >= LAST_SIGNAL)
+ {
+ msg_mask = CHANGED_SIGNAL; /* If signal not valid, we send generic "changed". */
+ }
+ g_signal_emit (authority, signals[msg_mask], 0);
+ }
+ else
+ {
+ g_signal_emit_by_name (authority, "changed");
+ }
}
}
@@ -287,6 +302,21 @@ polkit_authority_class_init (PolkitAuthorityClass *klass)
g_cclosure_marshal_VOID__VOID,
G_TYPE_NONE,
0);
+ /**
+ * PolkitAuthority::sessions-changed:
+ * @authority: A #PolkitAuthority.
+ *
+ * Emitted when sessions change
+ */
+ signals[SESSIONS_CHANGED_SIGNAL] = g_signal_new ("sessions-changed",
+ POLKIT_TYPE_AUTHORITY,
+ G_SIGNAL_RUN_LAST,
+ 0, /* class offset */
+ NULL, /* accumulator */
+ NULL, /* accumulator data */
+ g_cclosure_marshal_VOID__VOID,
+ G_TYPE_NONE,
+ 0);
}
/* ---------------------------------------------------------------------------------------------------- */
diff --git a/src/polkit/polkitpermission.c b/src/polkit/polkitpermission.c
index d4b2459..c53f2cb 100644
--- a/src/polkit/polkitpermission.c
+++ b/src/polkit/polkitpermission.c
@@ -24,6 +24,10 @@
# include "config.h"
#endif
+#ifdef HAVE_LIBSYSTEMD
+# include <systemd/sd-login.h>
+#endif
+
#include <sys/types.h>
#include <unistd.h>
@@ -60,6 +64,8 @@ struct _PolkitPermission
gchar *action_id;
+ gchar *session_state;
+
/* non-NULL exactly when authorized with a temporary authorization */
gchar *tmp_authz_id;
};
@@ -74,9 +80,14 @@ enum
static void process_result (PolkitPermission *permission,
PolkitAuthorizationResult *result);
+static char *get_session_state();
+
static void on_authority_changed (PolkitAuthority *authority,
gpointer user_data);
+static void on_sessions_changed (PolkitAuthority *authority,
+ gpointer user_data);
+
static gboolean acquire (GPermission *permission,
GCancellable *cancellable,
GError **error);
@@ -126,6 +137,8 @@ polkit_permission_constructed (GObject *object)
if (G_OBJECT_CLASS (polkit_permission_parent_class)->constructed != NULL)
G_OBJECT_CLASS (polkit_permission_parent_class)->constructed (object);
+
+ permission->session_state = get_session_state();
}
static void
@@ -135,6 +148,7 @@ polkit_permission_finalize (GObject *object)
g_free (permission->action_id);
g_free (permission->tmp_authz_id);
+ g_free (permission->session_state);
g_object_unref (permission->subject);
if (permission->authority != NULL)
@@ -142,6 +156,9 @@ polkit_permission_finalize (GObject *object)
g_signal_handlers_disconnect_by_func (permission->authority,
on_authority_changed,
permission);
+ g_signal_handlers_disconnect_by_func (permission->authority,
+ on_sessions_changed,
+ permission);
g_object_unref (permission->authority);
}
@@ -420,6 +437,11 @@ polkit_permission_initable_init (GInitable *initable,
G_CALLBACK (on_authority_changed),
permission);
+ g_signal_connect (permission->authority,
+ "sessions-changed",
+ G_CALLBACK (on_sessions_changed),
+ permission);
+
result = polkit_authority_check_authorization_sync (permission->authority,
permission->subject,
permission->action_id,
@@ -472,6 +494,37 @@ changed_check_cb (GObject *source_object,
g_object_unref (permission);
}
+static char *get_session_state()
+{
+#ifdef HAVE_LIBSYSTEMD
+ char *session = NULL;
+ char *state = NULL;
+ uid_t uid;
+
+ if ( sd_pid_get_session(getpid(), &session) < 0 )
+ {
+ if ( sd_pid_get_owner_uid(getpid(), &uid) < 0)
+ {
+ goto out;
+ }
+ if (sd_uid_get_display(uid, &session) < 0)
+ {
+ goto out;
+ }
+ }
+
+ if (session != NULL)
+ {
+ sd_session_get_state(session, &state);
+ }
+out:
+ g_free(session);
+ return state;
+#else
+ return NULL;
+#endif
+}
+
static void
on_authority_changed (PolkitAuthority *authority,
gpointer user_data)
@@ -488,6 +541,40 @@ on_authority_changed (PolkitAuthority *authority,
g_object_ref (permission));
}
+
+static void on_sessions_changed (PolkitAuthority *authority,
+ gpointer user_data)
+{
+#ifdef HAVE_LIBSYSTEMD
+ char *new_session_state = NULL;
+ char *last_state = NULL;
+
+ PolkitPermission *permission = POLKIT_PERMISSION (user_data);
+
+ new_session_state = get_session_state();
+
+ /* if we cannot tell the session state, we should do CheckAuthorization anyway */
+ if ((new_session_state == NULL) || ( g_strcmp0(new_session_state, permission->session_state) != 0 ))
+ {
+ last_state = permission->session_state;
+ permission->session_state = new_session_state;
+ g_free(last_state);
+
+ polkit_authority_check_authorization (permission->authority,
+ permission->subject,
+ permission->action_id,
+ NULL, /* PolkitDetails */
+ POLKIT_CHECK_AUTHORIZATION_FLAGS_NONE,
+ NULL /* cancellable */,
+ changed_check_cb,
+ g_object_ref (permission));
+ }
+#else
+ on_authority_changed(authority, user_data); /* TODO: resolve the "too many session signals" issue for non-systemd systems later */
+#endif
+}
+
+
static void
process_result (PolkitPermission *permission,
PolkitAuthorizationResult *result)
diff --git a/src/polkitbackend/polkitbackendauthority.c b/src/polkitbackend/polkitbackendauthority.c
index d4c6f7d..c74216e 100644
--- a/src/polkitbackend/polkitbackendauthority.c
+++ b/src/polkitbackend/polkitbackendauthority.c
@@ -48,6 +48,7 @@
enum
{
CHANGED_SIGNAL,
+ SESSIONS_CHANGED_SIGNAL,
LAST_SIGNAL,
};
@@ -78,6 +79,15 @@ polkit_backend_authority_class_init (PolkitBackendAuthorityClass *klass)
g_cclosure_marshal_VOID__VOID,
G_TYPE_NONE,
0);
+ signals[SESSIONS_CHANGED_SIGNAL] = g_signal_new ("sessions-changed",
+ POLKIT_BACKEND_TYPE_AUTHORITY,
+ G_SIGNAL_RUN_LAST,
+ G_STRUCT_OFFSET (PolkitBackendAuthorityClass, changed),
+ NULL, /* accumulator */
+ NULL, /* accumulator data */
+ g_cclosure_marshal_VOID__VOID,
+ G_TYPE_NONE,
+ 0);
}
/**
@@ -501,6 +511,8 @@ typedef struct
gulong authority_changed_id;
+ gulong authority_session_monitor_signaller;
+
gchar *object_path;
GHashTable *cancellation_id_to_check_auth_data;
@@ -523,6 +535,9 @@ server_free (Server *server)
if (server->authority != NULL && server->authority_changed_id > 0)
g_signal_handler_disconnect (server->authority, server->authority_changed_id);
+ if (server->authority != NULL && server->authority_session_monitor_signaller > 0)
+ g_signal_handler_disconnect (server->authority, server->authority_session_monitor_signaller);
+
if (server->cancellation_id_to_check_auth_data != NULL)
g_hash_table_unref (server->cancellation_id_to_check_auth_data);
@@ -531,20 +546,23 @@ server_free (Server *server)
g_free (server);
}
-static void
-on_authority_changed (PolkitBackendAuthority *authority,
- gpointer user_data)
+static void changed_dbus_call_handler(PolkitBackendAuthority *authority,
+ gpointer user_data,
+ guint16 msg_mask)
{
Server *server = user_data;
GError *error;
+ GVariant *parameters;
error = NULL;
+
+ parameters = g_variant_new("(q)", msg_mask);
if (!g_dbus_connection_emit_signal (server->connection,
NULL, /* destination bus name */
server->object_path,
"org.freedesktop.PolicyKit1.Authority",
"Changed",
- NULL,
+ parameters,
&error))
{
g_warning ("Error emitting Changed() signal: %s", error->message);
@@ -552,6 +570,29 @@ on_authority_changed (PolkitBackendAuthority *authority,
}
}
+
+static void
+on_authority_changed (PolkitBackendAuthority *authority,
+ gpointer user_data)
+{
+ guint16 msg_mask;
+
+ msg_mask = (guint16) CHANGED_SIGNAL;
+ changed_dbus_call_handler(authority, user_data, msg_mask);
+}
+
+
+static void
+on_sessions_changed (PolkitBackendAuthority *authority,
+ gpointer user_data)
+{
+ guint16 msg_mask;
+
+ msg_mask = (guint16) SESSIONS_CHANGED_SIGNAL;
+ changed_dbus_call_handler(authority, user_data, msg_mask);
+}
+
+
static const gchar *server_introspection_data =
"<node>"
" <interface name='org.freedesktop.PolicyKit1.Authority'>"
@@ -1397,6 +1438,11 @@ polkit_backend_authority_register (PolkitBackendAuthority *authority,
G_CALLBACK (on_authority_changed),
server);
+ server->authority_session_monitor_signaller = g_signal_connect (server->authority,
+ "sessions-changed",
+ G_CALLBACK (on_sessions_changed),
+ server);
+
return server;
error:
diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c
index 9dab476..517e715 100644
--- a/src/polkitbackend/polkitbackendinteractiveauthority.c
+++ b/src/polkitbackend/polkitbackendinteractiveauthority.c
@@ -284,7 +284,7 @@ on_session_monitor_changed (PolkitBackendSessionMonitor *monitor,
gpointer user_data)
{
PolkitBackendInteractiveAuthority *authority = POLKIT_BACKEND_INTERACTIVE_AUTHORITY (user_data);
- g_signal_emit_by_name (authority, "changed");
+ g_signal_emit_by_name (authority, "sessions-changed");
}
static void
--
2.40.1

66
SOURCES/pkttyagent-coredump-after-eof.patch
Unescape View File

@ -0,0 +1,66 @@
commit 6c9c07981f7ac7e7dfde05fa8210ae4204d31139
Author: Jan Rybar <jrybar@redhat.com>
Date: Mon Mar 11 16:55:40 2024 +0100
pkttyagent: EOF in password causes coredump
diff --git a/src/polkitagent/polkitagenttextlistener.c b/src/polkitagent/polkitagenttextlistener.c
index 99af1d1..2ce4098 100644
--- a/src/polkitagent/polkitagenttextlistener.c
+++ b/src/polkitagent/polkitagenttextlistener.c
@@ -330,6 +330,7 @@ on_request (PolkitAgentSession *session,
PolkitAgentTextListener *listener = POLKIT_AGENT_TEXT_LISTENER (user_data);
struct termios ts, ots;
GString *str;
+ gint c;
fprintf (listener->tty, "%s", request);
fflush (listener->tty);
@@ -374,7 +375,6 @@ on_request (PolkitAgentSession *session,
str = g_string_new (NULL);
while (TRUE)
{
- gint c;
c = getc (listener->tty);
if (c == '\n')
{
@@ -384,8 +384,7 @@ on_request (PolkitAgentSession *session,
else if (c == EOF)
{
tcsetattr (fileno (listener->tty), TCSAFLUSH, &ots);
- g_error ("Got unexpected EOF while reading from controlling terminal.");
- abort ();
+ g_warning ("Got unexpected EOF while reading from controlling terminal.");
break;
}
else
@@ -397,7 +396,15 @@ on_request (PolkitAgentSession *session,
g_signal_emit_by_name(listener, "tty_attrs_changed", FALSE);
putc ('\n', listener->tty);
- polkit_agent_session_response (session, str->str);
+ if (c == EOF)
+ {
+ polkit_agent_session_cancel (listener->active_session);
+ }
+ else
+ {
+ polkit_agent_session_response (session, str->str);
+ }
+
memset (str->str, '\0', str->len);
g_string_free (str, TRUE);
}
@@ -512,9 +519,9 @@ choose_identity (PolkitAgentTextListener *listener,
}
else if (c == EOF)
{
- g_error ("Got unexpected EOF while reading from controlling terminal.");
- abort ();
- break;
+ g_warning ("Got unexpected EOF while reading from controlling terminal.");
+ ret = NULL; /* let' be defensive */
+ goto out;
}
else
{

13
SOURCES/session-monitor-watch-sessions-only.patch
Unescape View File

@ -0,0 +1,13 @@
diff --git a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c
index 1a6107a..3abd7c5 100644
--- a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c
+++ b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c
@@ -106,7 +106,7 @@ sd_source_new (void)
source = g_source_new (&sd_source_funcs, sizeof (SdSource));
sd_source = (SdSource *)source;
- if ((ret = sd_login_monitor_new (NULL, &sd_source->monitor)) < 0)
+ if ((ret = sd_login_monitor_new ("session", &sd_source->monitor)) < 0)
{
g_printerr ("Error getting login monitor: %d", ret);
}

33
SPECS/polkit.spec
Unescape View File

@ -22,7 +22,7 @@
Summary: An authorization framework
Name: polkit
Version: 0.117
Release: 11%{?dist}
Release: 13%{?dist}.inferit
License: LGPLv2+
URL: http://www.freedesktop.org/wiki/Software/polkit
Source0: http://www.freedesktop.org/software/polkit/releases/%{name}-%{version}.tar.gz
@ -33,6 +33,12 @@ Patch1002: CVE-2021-3560.patch
Patch1003: CVE-2021-4034.patch
Patch1004: CVE-2021-4115.patch
Patch1005: tty-restore-flags-if-changed.patch
Patch1006: pkttyagent-coredump-after-eof.patch
Patch1007: session-monitor-watch-sessions-only.patch
Patch1008: pkpermission-watch-changed-ssn-only.patch
# MSVSphere
Patch10000: 0001-Added-Russian-translation.patch
%if 0%{?bundled_mozjs}
Source2: https://ftp.mozilla.org/pub/firefox/releases/%{mozjs_version}esr/source/firefox-%{mozjs_version}esr.source.tar.xz
@ -111,7 +117,8 @@ BuildRequires: automake
BuildRequires: libtool
%endif
Requires: dbus, polkit-pkla-compat
Requires: dbus
Recommends: polkit-pkla-compat
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
Requires(pre): shadow-utils
@ -181,6 +188,12 @@ Libraries files for polkit.
%patch1003 -p1
%patch1004 -p1
%patch1005 -p1
%patch1006 -p1
%patch1007 -p1
%patch1008 -p1
# MSVSphere
%patch10000 -p1
%if 0%{?bundled_mozjs}
# Extract mozjs archive
@ -387,6 +400,22 @@ exit 0
%endif
%changelog
* Fri Nov 22 2024 Sergey Cherevko <s.cherevko@msvsphere-os.ru> - 0.117-13.inferit
- Added Russian translation
* Tue May 28 2024 Jan Rybar <jrybar@redhat.com> - 0.117-13
- session-monitor: watch sessions only
- PolkitPermission: react on really changed sessions
- allow polkit-pkla-compat to be uninstalled if no .pkla rules
- Resolves: RHEL-39063
* Mon Mar 18 2024 Jan Rybar <jrybar@redhat.com> - 0.117-12
- pkttyagent: EOF in passwd results in coredump
- Resolves: RHEL-5772
* Fri Apr 14 2023 MSVSphere Packaging Team <packager@msvsphere.ru> - 0.117-11
- Rebuilt for MSVSphere 9.2 beta
* Fri Dec 02 2022 Jan Rybar <jrybar@redhat.com> - 0.117-11
- backport: restore tty only if changed
- Resolves: rhbz#2150310

Write Preview
Loading…
Cancel
Save