1 |
ssuominen 10/09/09 21:13:16 |
2 |
|
3 |
Added: consolekit-0.4.2-revert.patch |
4 |
Log: |
5 |
Revert upstream "Only set sessions to be is-local=true if set by a trusted party" wrt #336634. |
6 |
|
7 |
(Portage version: 2.2_rc78/cvs/Linux x86_64) |
8 |
|
9 |
Revision Changes Path |
10 |
1.1 sys-auth/consolekit/files/consolekit-0.4.2-revert.patch |
11 |
|
12 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sys-auth/consolekit/files/consolekit-0.4.2-revert.patch?rev=1.1&view=markup |
13 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sys-auth/consolekit/files/consolekit-0.4.2-revert.patch?rev=1.1&content-type=text/plain |
14 |
|
15 |
Index: consolekit-0.4.2-revert.patch |
16 |
=================================================================== |
17 |
Revert upstream http://cgit.freedesktop.org/ConsoleKit/commit/?id=4f88228f31a63c026c424a92827f26ad7535275c |
18 |
which renders ConsoleKit unusable. |
19 |
|
20 |
diff -ur ConsoleKit-0.4.2.orig/src/ck-manager.c ConsoleKit-0.4.2/src/ck-manager.c |
21 |
--- ConsoleKit-0.4.2.orig/src/ck-manager.c 2010-09-03 16:54:31.000000000 +0300 |
22 |
+++ ConsoleKit-0.4.2/src/ck-manager.c 2010-09-10 00:02:32.000000000 +0300 |
23 |
@@ -1660,175 +1660,12 @@ |
24 |
dbus_g_method_return (context, cookie); |
25 |
} |
26 |
|
27 |
-enum { |
28 |
- PROP_STRING, |
29 |
- PROP_BOOLEAN, |
30 |
-}; |
31 |
- |
32 |
-#define CK_TYPE_PARAMETER_STRUCT (dbus_g_type_get_struct ("GValueArray", \ |
33 |
- G_TYPE_STRING, \ |
34 |
- G_TYPE_VALUE, \ |
35 |
- G_TYPE_INVALID)) |
36 |
- |
37 |
-static gboolean |
38 |
-_get_parameter (GPtrArray *parameters, |
39 |
- const char *name, |
40 |
- int prop_type, |
41 |
- gpointer *value) |
42 |
-{ |
43 |
- gboolean ret; |
44 |
- int i; |
45 |
- |
46 |
- if (parameters == NULL) { |
47 |
- return FALSE; |
48 |
- } |
49 |
- |
50 |
- ret = FALSE; |
51 |
- |
52 |
- for (i = 0; i < parameters->len && ret == FALSE; i++) { |
53 |
- gboolean res; |
54 |
- GValue val_struct = { 0, }; |
55 |
- char *prop_name; |
56 |
- GValue *prop_val; |
57 |
- |
58 |
- g_value_init (&val_struct, CK_TYPE_PARAMETER_STRUCT); |
59 |
- g_value_set_static_boxed (&val_struct, g_ptr_array_index (parameters, i)); |
60 |
- |
61 |
- res = dbus_g_type_struct_get (&val_struct, |
62 |
- 0, &prop_name, |
63 |
- 1, &prop_val, |
64 |
- G_MAXUINT); |
65 |
- if (! res) { |
66 |
- g_debug ("Unable to extract parameter input"); |
67 |
- goto cont; |
68 |
- } |
69 |
- |
70 |
- if (prop_name == NULL) { |
71 |
- g_debug ("Skipping NULL parameter"); |
72 |
- goto cont; |
73 |
- } |
74 |
- |
75 |
- if (strcmp (prop_name, name) != 0) { |
76 |
- goto cont; |
77 |
- } |
78 |
- |
79 |
- switch (prop_type) { |
80 |
- case PROP_STRING: |
81 |
- if (value != NULL) { |
82 |
- *value = g_value_dup_string (prop_val); |
83 |
- } |
84 |
- break; |
85 |
- case PROP_BOOLEAN: |
86 |
- if (value != NULL) { |
87 |
- *(gboolean *)value = g_value_get_boolean (prop_val); |
88 |
- } |
89 |
- break; |
90 |
- default: |
91 |
- g_assert_not_reached (); |
92 |
- break; |
93 |
- } |
94 |
- |
95 |
- ret = TRUE; |
96 |
- |
97 |
- cont: |
98 |
- g_free (prop_name); |
99 |
- if (prop_val != NULL) { |
100 |
- g_value_unset (prop_val); |
101 |
- g_free (prop_val); |
102 |
- } |
103 |
- } |
104 |
- |
105 |
- return ret; |
106 |
-} |
107 |
- |
108 |
-static gboolean |
109 |
-_verify_login_session_id_is_local (CkManager *manager, |
110 |
- const char *login_session_id) |
111 |
-{ |
112 |
- GHashTableIter iter; |
113 |
- const char *id; |
114 |
- CkSession *session; |
115 |
- |
116 |
- g_return_val_if_fail (CK_IS_MANAGER (manager), FALSE); |
117 |
- |
118 |
- /* If any local session exists for the given login session id |
119 |
- then that means a trusted party has vouched for the |
120 |
- original login */ |
121 |
- |
122 |
- g_debug ("Looking for local sessions for login-session-id=%s", login_session_id); |
123 |
- |
124 |
- session = NULL; |
125 |
- g_hash_table_iter_init (&iter, manager->priv->sessions); |
126 |
- while (g_hash_table_iter_next (&iter, (gpointer *)&id, (gpointer *)&session)) { |
127 |
- if (session != NULL) { |
128 |
- gboolean is_local; |
129 |
- char *sessid; |
130 |
- |
131 |
- sessid = NULL; |
132 |
- g_object_get (session, |
133 |
- "login-session-id", &sessid, |
134 |
- "is-local", &is_local, |
135 |
- NULL); |
136 |
- if (g_strcmp0 (sessid, login_session_id) == 0 && is_local) { |
137 |
- g_debug ("CkManager: found is-local=true on %s", id); |
138 |
- return TRUE; |
139 |
- } |
140 |
- } |
141 |
- } |
142 |
- |
143 |
- return FALSE; |
144 |
-} |
145 |
- |
146 |
-static void |
147 |
-add_param_boolean (GPtrArray *parameters, |
148 |
- const char *key, |
149 |
- gboolean value) |
150 |
-{ |
151 |
- GValue val = { 0, }; |
152 |
- GValue param_val = { 0, }; |
153 |
- |
154 |
- g_value_init (&val, G_TYPE_BOOLEAN); |
155 |
- g_value_set_boolean (&val, value); |
156 |
- g_value_init (¶m_val, CK_TYPE_PARAMETER_STRUCT); |
157 |
- g_value_take_boxed (¶m_val, |
158 |
- dbus_g_type_specialized_construct (CK_TYPE_PARAMETER_STRUCT)); |
159 |
- dbus_g_type_struct_set (¶m_val, |
160 |
- 0, key, |
161 |
- 1, &val, |
162 |
- G_MAXUINT); |
163 |
- g_value_unset (&val); |
164 |
- |
165 |
- g_ptr_array_add (parameters, g_value_get_boxed (¶m_val)); |
166 |
-} |
167 |
- |
168 |
static void |
169 |
verify_and_open_session_for_leader (CkManager *manager, |
170 |
CkSessionLeader *leader, |
171 |
- GPtrArray *parameters, |
172 |
+ const GPtrArray *parameters, |
173 |
DBusGMethodInvocation *context) |
174 |
{ |
175 |
- /* Only allow a local session if originating from an existing |
176 |
- local session. Effectively this means that only trusted |
177 |
- parties can create local sessions. */ |
178 |
- |
179 |
- g_debug ("CkManager: verifying session for leader"); |
180 |
- |
181 |
- if (parameters != NULL && ! _get_parameter (parameters, "is-local", PROP_BOOLEAN, NULL)) { |
182 |
- gboolean is_local; |
183 |
- char *login_session_id; |
184 |
- |
185 |
- g_debug ("CkManager: is-local has not been set, will inherit from existing login-session-id if available"); |
186 |
- |
187 |
- is_local = FALSE; |
188 |
- |
189 |
- if (_get_parameter (parameters, "login-session-id", PROP_STRING, (gpointer *) &login_session_id)) { |
190 |
- is_local = _verify_login_session_id_is_local (manager, login_session_id); |
191 |
- g_debug ("CkManager: found is-local=%s", is_local ? "true" : "false"); |
192 |
- } |
193 |
- |
194 |
- add_param_boolean (parameters, "is-local", is_local); |
195 |
- } |
196 |
- |
197 |
open_session_for_leader (manager, |
198 |
leader, |
199 |
parameters, |
200 |
diff -ur ConsoleKit-0.4.2.orig/tools/ck-collect-session-info.c ConsoleKit-0.4.2/tools/ck-collect-session-info.c |
201 |
--- ConsoleKit-0.4.2.orig/tools/ck-collect-session-info.c 2010-09-03 16:54:31.000000000 +0300 |
202 |
+++ ConsoleKit-0.4.2/tools/ck-collect-session-info.c 2010-09-10 00:06:30.000000000 +0300 |
203 |
@@ -274,7 +274,8 @@ |
204 |
si->x11_display_device = ck_process_stat_get_tty (xorg_stat); |
205 |
ck_process_stat_free (xorg_stat); |
206 |
|
207 |
- /* don't set is-local here - let the daemon do that */ |
208 |
+ si->is_local = TRUE; |
209 |
+ si->is_local_is_set = TRUE; |
210 |
|
211 |
g_free (si->remote_host_name); |
212 |
si->remote_host_name = NULL; |
213 |
@@ -303,6 +304,13 @@ |
214 |
|
215 |
fill_x11_info (si); |
216 |
|
217 |
+ if (! si->is_local_is_set) { |
218 |
+ /* FIXME: how should we set this? */ |
219 |
+ /* non x11 sessions must be local I guess */ |
220 |
+ si->is_local = TRUE; |
221 |
+ si->is_local_is_set = TRUE; |
222 |
+ } |
223 |
+ |
224 |
res = ck_unix_pid_get_login_session_id (si->pid, &si->login_session_id); |
225 |
if (! res) { |
226 |
si->login_session_id = NULL; |