PolicyKit: Branch 'master'
David Zeuthen
david at kemper.freedesktop.org
Sun Oct 28 22:38:40 PDT 2007
polkit-dbus/polkit-read-auth-helper.c | 98 +++++++++++++++++++++++++---------
polkit/polkit-authorization-db.c | 5 +
polkit/polkit-authorization.c | 6 +-
polkit/polkit-private.h | 7 --
4 files changed, 82 insertions(+), 34 deletions(-)
New commits:
commit 3b120787fc9924ddf35dd907d44fb84fdf918128
Author: David Zeuthen <davidz at redhat.com>
Date: Mon Oct 29 01:36:58 2007 -0400
fix uid retrival when getting auths from all users
diff --git a/polkit-dbus/polkit-read-auth-helper.c b/polkit-dbus/polkit-read-auth-helper.c
index 0694c3d..385c75d 100644
--- a/polkit-dbus/polkit-read-auth-helper.c
+++ b/polkit-dbus/polkit-read-auth-helper.c
@@ -117,7 +117,7 @@ out:
}
static polkit_bool_t
-dump_auths_from_file (const char *path)
+dump_auths_from_file (const char *path, uid_t uid)
{
int ret;
int fd;
@@ -129,6 +129,7 @@ dump_auths_from_file (const char *path)
ssize_t num_bytes_to_write;
ssize_t num_bytes_written;
ssize_t num_bytes_remaining_to_write;
+ polkit_bool_t have_written_uid;
ret = FALSE;
@@ -150,22 +151,34 @@ dump_auths_from_file (const char *path)
num_bytes_remaining_to_read = statbuf.st_size;
+ have_written_uid = FALSE;
while (num_bytes_remaining_to_read > 0) {
- if (num_bytes_remaining_to_read > (ssize_t) sizeof (buf))
- num_bytes_to_read = (ssize_t) sizeof (buf);
- else
- num_bytes_to_read = num_bytes_remaining_to_read;
-
- again:
- num_bytes_read = read (fd, buf, num_bytes_to_read);
- if (num_bytes_read == -1) {
- if (errno == EAGAIN || errno == EINTR) {
- goto again;
- } else {
- fprintf (stderr, "polkit-read-auth-helper: error reading file %s: %m\n", path);
- close (fd);
- goto out;
+
+ /* start with writing the uid - this is necessary when dumping all authorizations via uid=1 */
+ if (!have_written_uid) {
+ have_written_uid = TRUE;
+ snprintf (buf, sizeof (buf), "#uid=%d\n", uid);
+ num_bytes_read = strlen (buf);
+ } else {
+
+ if (num_bytes_remaining_to_read > (ssize_t) sizeof (buf))
+ num_bytes_to_read = (ssize_t) sizeof (buf);
+ else
+ num_bytes_to_read = num_bytes_remaining_to_read;
+
+ again:
+ num_bytes_read = read (fd, buf, num_bytes_to_read);
+ if (num_bytes_read == -1) {
+ if (errno == EAGAIN || errno == EINTR) {
+ goto again;
+ } else {
+ fprintf (stderr, "polkit-read-auth-helper: error reading file %s: %m\n", path);
+ close (fd);
+ goto out;
+ }
}
+
+ num_bytes_remaining_to_read -= num_bytes_read;
}
/* write to stdout */
@@ -190,11 +203,6 @@ dump_auths_from_file (const char *path)
num_bytes_remaining_to_write -= num_bytes_written;
}
-
-
-
-
- num_bytes_remaining_to_read -= num_bytes_read;
}
@@ -229,9 +237,14 @@ dump_auths_all (const char *root)
}
while ((d = readdir64(dir)) != NULL) {
+ unsigned int n, m;
+ uid_t uid;
size_t name_len;
+ char *filename;
+ char username[PATH_MAX];
char path[PATH_MAX];
static const char suffix[] = ".auths";
+ struct passwd *pw;
if (d->d_type != DT_REG)
continue;
@@ -239,19 +252,54 @@ dump_auths_all (const char *root)
if (d->d_name == NULL)
continue;
- name_len = strlen (d->d_name);
+ filename = d->d_name;
+ name_len = strlen (filename);
if (name_len < sizeof (suffix))
continue;
- if (strcmp ((d->d_name + name_len - sizeof (suffix) + 1), suffix) != 0)
+ if (strcmp ((filename + name_len - sizeof (suffix) + 1), suffix) != 0)
continue;
- if (snprintf (path, sizeof (path), "%s/%s", root, d->d_name) >= (int) sizeof (path)) {
+ /* find the user name.. */
+ for (n = 0; n < name_len; n++) {
+ if (filename[n] == '-')
+ break;
+ }
+ if (filename[n] == '\0') {
+ fprintf (stderr, "polkit-read-auth-helper: file name '%s' is malformed (1)\n", filename);
+ continue;
+ }
+ n++;
+ m = n;
+ for ( ; n < name_len; n++) {
+ if (filename[n] == '.')
+ break;
+ }
+
+ if (filename[n] == '\0') {
+ fprintf (stderr, "polkit-read-auth-helper: file name '%s' is malformed (2)\n", filename);
+ continue;
+ }
+ if (n - m > sizeof (username) - 1) {
+ fprintf (stderr, "polkit-read-auth-helper: file name '%s' is malformed (3)\n", filename);
+ continue;
+ }
+ strncpy (username, filename + m, n - m);
+ username[n - m] = '\0';
+
+ pw = getpwnam (username);
+ if (pw == NULL) {
+ fprintf (stderr, "polkit-read-auth-helper: cannot look up uid for username %s\n", username);
+ continue;
+ }
+ uid = pw->pw_uid;
+
+ if (snprintf (path, sizeof (path), "%s/%s", root, filename) >= (int) sizeof (path)) {
fprintf (stderr, "polkit-read-auth-helper: string was truncated (1)\n");
goto out;
}
- if (!dump_auths_from_file (path))
+ if (!dump_auths_from_file (path, uid))
goto out;
}
@@ -280,7 +328,7 @@ dump_auths_for_uid (const char *root, uid_t uid)
return FALSE;
}
- return dump_auths_from_file (path);
+ return dump_auths_from_file (path, uid);
}
diff --git a/polkit/polkit-authorization-db.c b/polkit/polkit-authorization-db.c
index eab1da3..30a5970 100644
--- a/polkit/polkit-authorization-db.c
+++ b/polkit/polkit-authorization-db.c
@@ -328,8 +328,11 @@ _authdb_get_auths_for_uid (PolKitAuthorizationDB *authdb,
line = standard_output + n;
- if (strlen (line) >= 2 && line[0] != '#') {
+ if (strlen (line) >= 2 && strncmp (line, "#uid=", 5) == 0) {
+ uid = (uid_t) atoi (line + 5);
+ }
+ if (strlen (line) >= 2 && line[0] != '#') {
auth = _polkit_authorization_new_for_uid (line, uid);
if (auth != NULL) {
diff --git a/polkit/polkit-authorization.c b/polkit/polkit-authorization.c
index 1cd961d..733e1a0 100644
--- a/polkit/polkit-authorization.c
+++ b/polkit/polkit-authorization.c
@@ -92,6 +92,8 @@ _polkit_authorization_get_authfile_entry (PolKitAuthorization *auth)
return auth->entry_in_auth_file;
}
+#ifdef POLKIT_AUTHDB_DEFAULT
+
PolKitAuthorization *
_polkit_authorization_new_for_uid (const char *entry_in_auth_file, uid_t uid)
{
@@ -258,12 +260,14 @@ _polkit_authorization_new_for_uid (const char *entry_in_auth_file, uid_t uid)
return auth;
error:
- g_warning ("Error parsing token %d in '%s'", n, entry_in_auth_file);
+ g_warning ("Error parsing token %d from line '%s'", n, entry_in_auth_file);
polkit_authorization_unref (auth);
g_strfreev (t);
return NULL;
}
+#endif /* POLKIT_AUTHDB_DEFAULT */
+
/**
* polkit_authorization_ref:
* @auth: the authorization object
diff --git a/polkit/polkit-private.h b/polkit/polkit-private.h
index 1186620..30e5eb4 100644
--- a/polkit/polkit-private.h
+++ b/polkit/polkit-private.h
@@ -40,15 +40,8 @@ const char *_polkit_authorization_get_authfile_entry (PolKitAuthorization *auth)
PolKitAuthorizationConstraint *_polkit_authorization_constraint_new (const char *entry_in_auth_file);
-PolKitAuthorizationDB *_polkit_authorization_db_new (void);
-void _polkit_authorization_db_invalidate_cache (PolKitAuthorizationDB *authdb);
-
-PolKitAuthorization *_polkit_authorization_new_for_uid (const char *entry_in_auth_file, uid_t uid);
-
polkit_bool_t _polkit_authorization_db_auth_file_add (const char *root, polkit_bool_t transient, uid_t uid, char *str_to_add);
-const char *_polkit_authorization_get_authfile_entry (PolKitAuthorization *auth);
-
PolKitAuthorizationDB *_polkit_authorization_db_new (void);
void _polkit_authorization_db_invalidate_cache (PolKitAuthorizationDB *authdb);
More information about the hal-commit
mailing list