| 1 |
ssuominen 10/09/09 21:13:16 |
| 2 |
|
| 3 |
Added: consolekit-0.4.2-revert.patch |
| 4 |
Log: |
| 5 |
Revert upstream "Only set sessions to be is-local=true if set by a trusted party" wrt #336634. |
| 6 |
|
| 7 |
(Portage version: 2.2_rc78/cvs/Linux x86_64) |
| 8 |
|
| 9 |
Revision Changes Path |
| 10 |
1.1 sys-auth/consolekit/files/consolekit-0.4.2-revert.patch |
| 11 |
|
| 12 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sys-auth/consolekit/files/consolekit-0.4.2-revert.patch?rev=1.1&view=markup |
| 13 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sys-auth/consolekit/files/consolekit-0.4.2-revert.patch?rev=1.1&content-type=text/plain |
| 14 |
|
| 15 |
Index: consolekit-0.4.2-revert.patch |
| 16 |
=================================================================== |
| 17 |
Revert upstream http://cgit.freedesktop.org/ConsoleKit/commit/?id=4f88228f31a63c026c424a92827f26ad7535275c |
| 18 |
which renders ConsoleKit unusable. |
| 19 |
|
| 20 |
diff -ur ConsoleKit-0.4.2.orig/src/ck-manager.c ConsoleKit-0.4.2/src/ck-manager.c |
| 21 |
--- ConsoleKit-0.4.2.orig/src/ck-manager.c 2010-09-03 16:54:31.000000000 +0300 |
| 22 |
+++ ConsoleKit-0.4.2/src/ck-manager.c 2010-09-10 00:02:32.000000000 +0300 |
| 23 |
@@ -1660,175 +1660,12 @@ |
| 24 |
dbus_g_method_return (context, cookie); |
| 25 |
} |
| 26 |
|
| 27 |
-enum { |
| 28 |
- PROP_STRING, |
| 29 |
- PROP_BOOLEAN, |
| 30 |
-}; |
| 31 |
- |
| 32 |
-#define CK_TYPE_PARAMETER_STRUCT (dbus_g_type_get_struct ("GValueArray", \ |
| 33 |
- G_TYPE_STRING, \ |
| 34 |
- G_TYPE_VALUE, \ |
| 35 |
- G_TYPE_INVALID)) |
| 36 |
- |
| 37 |
-static gboolean |
| 38 |
-_get_parameter (GPtrArray *parameters, |
| 39 |
- const char *name, |
| 40 |
- int prop_type, |
| 41 |
- gpointer *value) |
| 42 |
-{ |
| 43 |
- gboolean ret; |
| 44 |
- int i; |
| 45 |
- |
| 46 |
- if (parameters == NULL) { |
| 47 |
- return FALSE; |
| 48 |
- } |
| 49 |
- |
| 50 |
- ret = FALSE; |
| 51 |
- |
| 52 |
- for (i = 0; i < parameters->len && ret == FALSE; i++) { |
| 53 |
- gboolean res; |
| 54 |
- GValue val_struct = { 0, }; |
| 55 |
- char *prop_name; |
| 56 |
- GValue *prop_val; |
| 57 |
- |
| 58 |
- g_value_init (&val_struct, CK_TYPE_PARAMETER_STRUCT); |
| 59 |
- g_value_set_static_boxed (&val_struct, g_ptr_array_index (parameters, i)); |
| 60 |
- |
| 61 |
- res = dbus_g_type_struct_get (&val_struct, |
| 62 |
- 0, &prop_name, |
| 63 |
- 1, &prop_val, |
| 64 |
- G_MAXUINT); |
| 65 |
- if (! res) { |
| 66 |
- g_debug ("Unable to extract parameter input"); |
| 67 |
- goto cont; |
| 68 |
- } |
| 69 |
- |
| 70 |
- if (prop_name == NULL) { |
| 71 |
- g_debug ("Skipping NULL parameter"); |
| 72 |
- goto cont; |
| 73 |
- } |
| 74 |
- |
| 75 |
- if (strcmp (prop_name, name) != 0) { |
| 76 |
- goto cont; |
| 77 |
- } |
| 78 |
- |
| 79 |
- switch (prop_type) { |
| 80 |
- case PROP_STRING: |
| 81 |
- if (value != NULL) { |
| 82 |
- *value = g_value_dup_string (prop_val); |
| 83 |
- } |
| 84 |
- break; |
| 85 |
- case PROP_BOOLEAN: |
| 86 |
- if (value != NULL) { |
| 87 |
- *(gboolean *)value = g_value_get_boolean (prop_val); |
| 88 |
- } |
| 89 |
- break; |
| 90 |
- default: |
| 91 |
- g_assert_not_reached (); |
| 92 |
- break; |
| 93 |
- } |
| 94 |
- |
| 95 |
- ret = TRUE; |
| 96 |
- |
| 97 |
- cont: |
| 98 |
- g_free (prop_name); |
| 99 |
- if (prop_val != NULL) { |
| 100 |
- g_value_unset (prop_val); |
| 101 |
- g_free (prop_val); |
| 102 |
- } |
| 103 |
- } |
| 104 |
- |
| 105 |
- return ret; |
| 106 |
-} |
| 107 |
- |
| 108 |
-static gboolean |
| 109 |
-_verify_login_session_id_is_local (CkManager *manager, |
| 110 |
- const char *login_session_id) |
| 111 |
-{ |
| 112 |
- GHashTableIter iter; |
| 113 |
- const char *id; |
| 114 |
- CkSession *session; |
| 115 |
- |
| 116 |
- g_return_val_if_fail (CK_IS_MANAGER (manager), FALSE); |
| 117 |
- |
| 118 |
- /* If any local session exists for the given login session id |
| 119 |
- then that means a trusted party has vouched for the |
| 120 |
- original login */ |
| 121 |
- |
| 122 |
- g_debug ("Looking for local sessions for login-session-id=%s", login_session_id); |
| 123 |
- |
| 124 |
- session = NULL; |
| 125 |
- g_hash_table_iter_init (&iter, manager->priv->sessions); |
| 126 |
- while (g_hash_table_iter_next (&iter, (gpointer *)&id, (gpointer *)&session)) { |
| 127 |
- if (session != NULL) { |
| 128 |
- gboolean is_local; |
| 129 |
- char *sessid; |
| 130 |
- |
| 131 |
- sessid = NULL; |
| 132 |
- g_object_get (session, |
| 133 |
- "login-session-id", &sessid, |
| 134 |
- "is-local", &is_local, |
| 135 |
- NULL); |
| 136 |
- if (g_strcmp0 (sessid, login_session_id) == 0 && is_local) { |
| 137 |
- g_debug ("CkManager: found is-local=true on %s", id); |
| 138 |
- return TRUE; |
| 139 |
- } |
| 140 |
- } |
| 141 |
- } |
| 142 |
- |
| 143 |
- return FALSE; |
| 144 |
-} |
| 145 |
- |
| 146 |
-static void |
| 147 |
-add_param_boolean (GPtrArray *parameters, |
| 148 |
- const char *key, |
| 149 |
- gboolean value) |
| 150 |
-{ |
| 151 |
- GValue val = { 0, }; |
| 152 |
- GValue param_val = { 0, }; |
| 153 |
- |
| 154 |
- g_value_init (&val, G_TYPE_BOOLEAN); |
| 155 |
- g_value_set_boolean (&val, value); |
| 156 |
- g_value_init (¶m_val, CK_TYPE_PARAMETER_STRUCT); |
| 157 |
- g_value_take_boxed (¶m_val, |
| 158 |
- dbus_g_type_specialized_construct (CK_TYPE_PARAMETER_STRUCT)); |
| 159 |
- dbus_g_type_struct_set (¶m_val, |
| 160 |
- 0, key, |
| 161 |
- 1, &val, |
| 162 |
- G_MAXUINT); |
| 163 |
- g_value_unset (&val); |
| 164 |
- |
| 165 |
- g_ptr_array_add (parameters, g_value_get_boxed (¶m_val)); |
| 166 |
-} |
| 167 |
- |
| 168 |
static void |
| 169 |
verify_and_open_session_for_leader (CkManager *manager, |
| 170 |
CkSessionLeader *leader, |
| 171 |
- GPtrArray *parameters, |
| 172 |
+ const GPtrArray *parameters, |
| 173 |
DBusGMethodInvocation *context) |
| 174 |
{ |
| 175 |
- /* Only allow a local session if originating from an existing |
| 176 |
- local session. Effectively this means that only trusted |
| 177 |
- parties can create local sessions. */ |
| 178 |
- |
| 179 |
- g_debug ("CkManager: verifying session for leader"); |
| 180 |
- |
| 181 |
- if (parameters != NULL && ! _get_parameter (parameters, "is-local", PROP_BOOLEAN, NULL)) { |
| 182 |
- gboolean is_local; |
| 183 |
- char *login_session_id; |
| 184 |
- |
| 185 |
- g_debug ("CkManager: is-local has not been set, will inherit from existing login-session-id if available"); |
| 186 |
- |
| 187 |
- is_local = FALSE; |
| 188 |
- |
| 189 |
- if (_get_parameter (parameters, "login-session-id", PROP_STRING, (gpointer *) &login_session_id)) { |
| 190 |
- is_local = _verify_login_session_id_is_local (manager, login_session_id); |
| 191 |
- g_debug ("CkManager: found is-local=%s", is_local ? "true" : "false"); |
| 192 |
- } |
| 193 |
- |
| 194 |
- add_param_boolean (parameters, "is-local", is_local); |
| 195 |
- } |
| 196 |
- |
| 197 |
open_session_for_leader (manager, |
| 198 |
leader, |
| 199 |
parameters, |
| 200 |
diff -ur ConsoleKit-0.4.2.orig/tools/ck-collect-session-info.c ConsoleKit-0.4.2/tools/ck-collect-session-info.c |
| 201 |
--- ConsoleKit-0.4.2.orig/tools/ck-collect-session-info.c 2010-09-03 16:54:31.000000000 +0300 |
| 202 |
+++ ConsoleKit-0.4.2/tools/ck-collect-session-info.c 2010-09-10 00:06:30.000000000 +0300 |
| 203 |
@@ -274,7 +274,8 @@ |
| 204 |
si->x11_display_device = ck_process_stat_get_tty (xorg_stat); |
| 205 |
ck_process_stat_free (xorg_stat); |
| 206 |
|
| 207 |
- /* don't set is-local here - let the daemon do that */ |
| 208 |
+ si->is_local = TRUE; |
| 209 |
+ si->is_local_is_set = TRUE; |
| 210 |
|
| 211 |
g_free (si->remote_host_name); |
| 212 |
si->remote_host_name = NULL; |
| 213 |
@@ -303,6 +304,13 @@ |
| 214 |
|
| 215 |
fill_x11_info (si); |
| 216 |
|
| 217 |
+ if (! si->is_local_is_set) { |
| 218 |
+ /* FIXME: how should we set this? */ |
| 219 |
+ /* non x11 sessions must be local I guess */ |
| 220 |
+ si->is_local = TRUE; |
| 221 |
+ si->is_local_is_set = TRUE; |
| 222 |
+ } |
| 223 |
+ |
| 224 |
res = ck_unix_pid_get_login_session_id (si->pid, &si->login_session_id); |
| 225 |
if (! res) { |
| 226 |
si->login_session_id = NULL; |
Archives