PolicyKit: Branch 'master' - 2 commits
David Zeuthen
david at kemper.freedesktop.org
Wed Apr 30 09:56:30 PDT 2008
configure.in | 32 +++++
src/kit/Makefile.am | 1
src/kit/kit-file.c | 8 +
src/kit/kit-file.h | 1
src/kit/kit-lib.c | 136 ++++++++++++++++++++++++
src/kit/kit-lib.h | 52 +++++++++
src/kit/kit-spawn.c | 1
src/kit/kit-string.c | 22 +++
src/kit/kit.h | 1
src/polkit-dbus/Makefile.am | 2
src/polkit-dbus/polkit-read-auth-helper.c | 18 +--
src/polkit-dbus/polkit-resolve-exe-helper.c | 12 --
src/polkit-dbus/polkit-set-default-helper.c | 9 -
src/polkit-grant/Makefile.am | 4
src/polkit-grant/polkit-explicit-grant-helper.c | 9 -
src/polkit-grant/polkit-grant-helper-pam.c | 11 -
src/polkit-grant/polkit-grant-helper.c | 11 -
src/polkit-grant/polkit-grant.c | 46 --------
src/polkit-grant/polkit-revoke-helper.c | 9 -
src/polkit/polkit-config.c | 1
src/polkit/polkit-context.c | 127 ++++++++++++++++++++++
src/polkit/polkit-policy-cache.c | 8 +
src/polkit/polkit-policy-file.c | 21 ---
src/polkit/polkit-sysdeps.c | 41 +++++++
tools/polkit-auth.c | 73 ++++++++++++
25 files changed, 527 insertions(+), 129 deletions(-)
New commits:
commit bde1337785b7d97fa21e60f7608abc1876f22a18
Author: David Zeuthen <davidz at redhat.com>
Date: Wed Apr 30 12:54:08 2008 -0400
need to link with libkit.la for some helpers
diff --git a/src/polkit-dbus/Makefile.am b/src/polkit-dbus/Makefile.am
index 9c2c69a..6c5863f 100644
--- a/src/polkit-dbus/Makefile.am
+++ b/src/polkit-dbus/Makefile.am
@@ -34,7 +34,7 @@ libexec_PROGRAMS = polkit-resolve-exe-helper
polkit_resolve_exe_helper_SOURCES = polkit-resolve-exe-helper.c
polkit_resolve_exe_helper_CFLAGS = @DBUS_CFLAGS@
-polkit_resolve_exe_helper_LDADD = $(top_builddir)/src/polkit/libpolkit.la libpolkit-dbus.la
+polkit_resolve_exe_helper_LDADD = $(top_builddir)/src/kit/libkit.la $(top_builddir)/src/polkit/libpolkit.la libpolkit-dbus.la
if POLKIT_AUTHDB_DEFAULT
libexec_PROGRAMS += polkit-read-auth-helper polkit-set-default-helper
diff --git a/src/polkit-grant/Makefile.am b/src/polkit-grant/Makefile.am
index a70d886..f947911 100644
--- a/src/polkit-grant/Makefile.am
+++ b/src/polkit-grant/Makefile.am
@@ -56,11 +56,11 @@ endif
libexec_PROGRAMS += polkit-explicit-grant-helper polkit-revoke-helper
polkit_grant_helper_SOURCES = polkit-grant-helper.c
-polkit_grant_helper_LDADD = @GLIB_LIBS@ @DBUS_LIBS@ $(top_builddir)/src/polkit/libpolkit.la $(top_builddir)/src/polkit-dbus/libpolkit-dbus.la libpolkit-grant.la
+polkit_grant_helper_LDADD = @GLIB_LIBS@ @DBUS_LIBS@ $(top_builddir)/src/kit/libkit.la $(top_builddir)/src/polkit/libpolkit.la $(top_builddir)/src/polkit-dbus/libpolkit-dbus.la libpolkit-grant.la
if POLKIT_AUTHFW_PAM
polkit_grant_helper_pam_SOURCES = polkit-grant-helper-pam.c
-polkit_grant_helper_pam_LDADD = @AUTH_LIBS@ $(top_builddir)/src/polkit/libpolkit.la
+polkit_grant_helper_pam_LDADD = @AUTH_LIBS@ $(top_builddir)/src/kit/libkit.la $(top_builddir)/src/polkit/libpolkit.la
endif
if POLKIT_AUTHFW_SHADOW
commit 40c8b8aedf3de55c91af9b33c239587b3f2ec36a
Author: Joe Marcus Clarke <marcus at FreeBSD.org>
Date: Wed Apr 30 12:46:02 2008 -0400
add support for FreeBSD
On Mon, 2008-04-21 at 15:06 -0400, David Zeuthen wrote:
> On Sat, 2008-04-19 at 01:34 -0400, Joe Marcus Clarke wrote:
> > I'm seeing a few PK problems on FreeBSD, but I'm not sure if this is a
> > problem with our port, or an issue in general. First, all of the tests
> > David mentioned earlier (with polkit-auth) work. The built-in tests
> > also appear to work. PK consumers also seem to work.
> >
> > What I'm noticing is that PolicyKit-gnome doesn't update in real-time.
> > For example, if I launch polkit-gnome-authorization, then change a
> > policy, the changes don't reflect in the GUI until I restart
> > polkit-gnome-authorization. Also, I'm not seeing any UI changes in
> > polkit-gnome-example when I click on the various buttons (though
> > polkit-gnome-manager does launch).
>
> This suggests that file monitoring of /var/lib/misc/PolicyKit.reload is
> somehow botched. Is polkit_context_io_func() in polkit-context.c ever
> called if you do
>
> # touch /var/lib/misc/PolicyKit.reload
>
> Is it called if you manually grant/revoke an authorization using
> polkit-auth(1)? (And does /var/lib/misc/PolicyKit.reload change mtime
> in that case?)
Thanks for your advice. I was not monitoring the reload file for
attribute changes, so I was missing the mtime change. That is working
now.
I updated the PK diff with the portability fix. I didn't actually use
the Solaris code as it caused a slew of compiler warnings and other
problems. Instead, I went with creating a kit-lib.[ch] to store the
missing functions. As for strndup(), I stuck that in kit-string.c. I
wrapped all of these functions with configure checks to avoid
hard-coding OS checks. This should make it easier to port PK to other
platforms.
I would still like your advice on the IO problem with PK-gnome. I have
changed io_watch_have_data() in polkit-gnome-manager.c to return FALSE
instead of TRUE to auto-remove the IO watch. As I said, FreeBSD's
poll() continuously indicates EOF as a G_IO_IN condition until it is
handled. By returning FALSE here, the infinite loop is fixed, and I
didn't notice any other problems.
What problems could this cause? Is there a better way of handling this?
Thanks.
http://www.marcuscom.com/downloads/pk/
Joe
--
Joe Marcus Clarke
FreeBSD GNOME Team :: gnome at FreeBSD.org
FreeNode / #freebsd-gnome
http://www.FreeBSD.org/gnome
diff --git a/configure.in b/configure.in
index a008e61..5530958 100644
--- a/configure.in
+++ b/configure.in
@@ -179,7 +179,7 @@ PKG_CHECK_MODULES(DBUS_GLIB, [dbus-glib-1 >= 0.73])
AC_SUBST(DBUS_GLIB_CFLAGS)
AC_SUBST(DBUS_GLIB_LIBS)
-AC_CHECK_FUNCS(getgrouplist)
+AC_CHECK_FUNCS(getgrouplist readdir64 getline strndup clearenv)
EXPAT_LIB=""
AC_ARG_WITH(expat, [ --with-expat=<dir> Use expat from here],
@@ -471,7 +471,8 @@ AM_CONDITIONAL(OS_TYPE_RED_HAT, test x$with_os_type = xredhat, [Running on Red H
AM_CONDITIONAL(OS_TYPE_SUSE, test x$with_os_type = xsuse, [Running on SUSE OS'es])
AM_CONDITIONAL(OS_TYPE_GENTOO, test x$with_os_type = xgentoo, [Running on Gentoo OS'es])
AM_CONDITIONAL(OS_TYPE_PARDUS, test x$with_os_type = xpardus, [Running on Pardus OS'es])
-AM_CONDITIONAL(OS_TYPE_SALARIS, test x$with_os_type = xsolaris, [Running os Solaris OS'es])
+AM_CONDITIONAL(OS_TYPE_SOLARIS, test x$with_os_type = xsolaris, [Running os Solaris OS'es])
+AM_CONDITIONAL(OS_TYPE_FREEBSD, test x$with_os_type = xfreebsd, [Running on FreeBSD OS'es])
AC_ARG_WITH(pam-include, [ --with-pam-include=<file> pam file to include])
@@ -491,6 +492,11 @@ elif test x$with_os_type = xsuse -o x$with_os_type = xsolaris ; then
PAM_FILE_INCLUDE_ACCOUNT=common-account
PAM_FILE_INCLUDE_PASSWORD=common-password
PAM_FILE_INCLUDE_SESSION=common-session
+elif test x$with_os_type = xfreebsd ; then
+ PAM_FILE_INCLUDE_AUTH=system
+ PAM_FILE_INCLUDE_ACCOUNT=system
+ PAM_FILE_INCLUDE_PASSWORD=system
+ PAM_FILE_INCLUDE_SESSION=system
else
PAM_FILE_INCLUDE_AUTH=system-auth
PAM_FILE_INCLUDE_ACCOUNT=system-auth
@@ -516,8 +522,30 @@ case "$host_os" in
*solaris*)
AC_DEFINE([HAVE_SOLARIS], 1, [Is this a Solaris system?])
;;
+ *freebsd*)
+ AC_DEFINE([HAVE_FREEBSD], 1, [Is this a FreeBSD system?])
+ ;;
esac
+have_inotify=no
+AC_CHECK_HEADERS([linux/inotify.h], [have_inotify=yes])
+AC_CHECK_HEADERS([sys/inotify.h], [have_inotify=yes])
+
+AM_CONDITIONAL(HAVE_INOTIFY, test "x$have_inotify" = "xyes")
+
+if test "x$have_inotify" = "xyes" ; then
+ AC_DEFINE([HAVE_INOTIFY], 1, [Enable Linux inotify() usage])
+fi
+
+have_kqueue=yes
+AC_CHECK_FUNCS([kqueue],,have_kqueue=no)
+
+AM_CONDITIONAL(HAVE_KQUEUE, test "x$have_kqueue" = "xyes")
+
+if test "x$have_kqueue" = "xyes" ; then
+ AC_DEFINE([HAVE_KQUEUE], 1, [Enable BSD kqueue() usage])
+fi
+
# ********************
# Internationalisation
# ********************
diff --git a/src/kit/Makefile.am b/src/kit/Makefile.am
index abd12bf..824f48c 100644
--- a/src/kit/Makefile.am
+++ b/src/kit/Makefile.am
@@ -23,6 +23,7 @@ libkit_la_SOURCES = \
kit-test.h kit-test.c \
kit-memory.h kit-memory.c \
kit-string.h kit-string.c \
+ kit-lib.h kit-lib.c \
kit-list.h kit-list.c \
kit-hash.h kit-hash.c \
kit-file.h kit-file.c \
diff --git a/src/kit/kit-file.c b/src/kit/kit-file.c
index 6a5d0fc..438f6c2 100644
--- a/src/kit/kit-file.c
+++ b/src/kit/kit-file.c
@@ -283,7 +283,11 @@ _kit_get_num_fd (void)
DIR *dir;
char buf[128];
ssize_t num;
+#ifdef HAVE_READDIR64
struct dirent64 *d;
+#else
+ struct dirent *d;
+#endif
num = -1;
@@ -296,7 +300,11 @@ _kit_get_num_fd (void)
}
num = -2;
+#ifdef HAVE_READDIR64
while ((d = readdir64 (dir)) != NULL) {
+#else
+ while ((d = readdir (dir)) != NULL) {
+#endif
if (d->d_name == NULL)
continue;
num++;
diff --git a/src/kit/kit-file.h b/src/kit/kit-file.h
index fb7c5be..4fbd84d 100644
--- a/src/kit/kit-file.h
+++ b/src/kit/kit-file.h
@@ -34,6 +34,7 @@
#ifndef KIT_FILE_H
#define KIT_FILE_H
+#include <sys/stat.h>
#include <kit/kit.h>
#ifdef HAVE_SOLARIS
#include <sys/types.h>
diff --git a/src/kit/kit-lib.c b/src/kit/kit-lib.c
new file mode 100644
index 0000000..a05cc11
--- /dev/null
+++ b/src/kit/kit-lib.c
@@ -0,0 +1,136 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * kit-lib.c : General utilities
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Permission is hereby granted, free of charge, to any person
+ * obtaining a copy of this software and associated documentation
+ * files (the "Software"), to deal in the Software without
+ * restriction, including without limitation the rights to use, copy,
+ * modify, merge, publish, distribute, sublicense, and/or sell copies
+ * of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
+ * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+ * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+ * DEALINGS IN THE SOFTWARE.
+ *
+ **************************************************************************/
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+
+#define _GNU_SOURCE
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+
+#include <kit/kit.h>
+#include "kit-test.h"
+
+#ifndef HAVE_GETLINE
+ssize_t
+kit_getline (char **lineptr, size_t *n, FILE *stream)
+{
+ char *line, *p;
+ long size, copy;
+
+ if (lineptr == NULL || n == NULL) {
+ errno = EINVAL;
+ return (ssize_t) -1;
+ }
+
+ if (ferror (stream))
+ return (ssize_t) -1;
+
+ /* Make sure we have a line buffer to start with. */
+ if (*lineptr == NULL || *n < 2) /* !seen and no buf yet need 2 chars. */ {
+#ifndef MAX_CANON
+#define MAX_CANON 256
+#endif
+ if (!*lineptr)
+ line = (char *) malloc (MAX_CANON);
+ else
+ line = (char *) realloc (*lineptr, MAX_CANON);
+ if (line == NULL)
+ return (ssize_t) -1;
+ *lineptr = line;
+ *n = MAX_CANON;
+ }
+
+ line = *lineptr;
+ size = *n;
+
+ copy = size;
+ p = line;
+
+ while (1) {
+ long len;
+
+ while (--copy > 0) {
+ int c = getc (stream);
+
+ if (c == EOF)
+ goto lose;
+ else if ((*p++ = c) == '\n')
+ goto win;
+ }
+
+ /* Need to enlarge the line buffer. */
+ len = p - line;
+ size *= 2;
+ line = (char *) realloc (line, size);
+ if (line == NULL)
+ goto lose;
+ *lineptr = line;
+ *n = size;
+ p = line + len;
+ copy = size - len;
+ }
+
+lose:
+ if (p == *lineptr)
+ return (ssize_t) -1;
+
+ /* Return a partial line since we got an error in the middle. */
+win:
+ *p = '\0';
+ return p - *lineptr;
+}
+#else
+ssize_t
+kit_getline (char **lineptr, size_t *n, FILE *f)
+{
+ return getline (lineptr, n, f);
+}
+#endif
+
+#ifndef HAVE_CLEARENV
+extern char **environ;
+
+int
+kit_clearenv (void)
+{
+ if (environ != NULL)
+ environ[0] = NULL;
+ return 0;
+}
+#else
+int
+kit_clearenv (void)
+{
+ return clearenv ();
+}
+#endif
diff --git a/src/kit/kit-lib.h b/src/kit/kit-lib.h
new file mode 100644
index 0000000..523e096
--- /dev/null
+++ b/src/kit/kit-lib.h
@@ -0,0 +1,52 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
+/***************************************************************************
+ *
+ * kit-string.h : General utilities
+ *
+ * Copyright (C) 2007 David Zeuthen, <david at fubar.dk>
+ *
+ * Permission is hereby granted, free of charge, to any person
+ * obtaining a copy of this software and associated documentation
+ * files (the "Software"), to deal in the Software without
+ * restriction, including without limitation the rights to use, copy,
+ * modify, merge, publish, distribute, sublicense, and/or sell copies
+ * of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
+ * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+ * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+ * DEALINGS IN THE SOFTWARE.
+ *
+ **************************************************************************/
+
+#if !defined (KIT_COMPILATION) && !defined(_KIT_INSIDE_KIT_H)
+#error "Only <kit/kit.h> can be included directly, this file may disappear or change contents."
+#endif
+
+#ifndef KIT_LIB_H
+#define KIT_LIB_H
+
+#include <sys/types.h>
+#include <stdio.h>
+
+#include <kit/kit.h>
+
+KIT_BEGIN_DECLS
+
+ssize_t kit_getline (char **lineptr, size_t *n, FILE *f);
+
+int kit_clearenv (void);
+
+KIT_END_DECLS
+
+#endif /* KIT_LIB_H */
+
+
diff --git a/src/kit/kit-spawn.c b/src/kit/kit-spawn.c
index 836dcda..080a1bc 100644
--- a/src/kit/kit-spawn.c
+++ b/src/kit/kit-spawn.c
@@ -40,6 +40,7 @@
#include <unistd.h>
#include <fcntl.h>
#include <errno.h>
+#include <signal.h>
#include <kit/kit.h>
#include "kit-test.h"
diff --git a/src/kit/kit-string.c b/src/kit/kit-string.c
index 0647815..13a563d 100644
--- a/src/kit/kit-string.c
+++ b/src/kit/kit-string.c
@@ -113,6 +113,28 @@ out:
#else
+#ifndef HAVE_STRNDUP
+static char
+*strndup ( const char *s, size_t n)
+{
+ size_t nAvail;
+ char *p;
+
+ if ( !s )
+ return NULL;
+
+ if ( strlen(s) > n )
+ nAvail = n + 1;
+ else
+ nAvail = strlen(s) + 1;
+ p = malloc ( nAvail );
+ memcpy ( p, s, nAvail );
+ p[nAvail - 1] = '\0';
+
+ return p;
+}
+#endif
+
char *
kit_strdup (const char *s)
{
diff --git a/src/kit/kit.h b/src/kit/kit.h
index c5ca791..1457acf 100644
--- a/src/kit/kit.h
+++ b/src/kit/kit.h
@@ -148,6 +148,7 @@ do {
#endif
#include <kit/kit-memory.h>
#include <kit/kit-string.h>
+#include <kit/kit-lib.h>
#include <kit/kit-list.h>
#include <kit/kit-hash.h>
#include <kit/kit-file.h>
diff --git a/src/polkit-dbus/polkit-read-auth-helper.c b/src/polkit-dbus/polkit-read-auth-helper.c
index 4e065c2..cdcc7f3 100644
--- a/src/polkit-dbus/polkit-read-auth-helper.c
+++ b/src/polkit-dbus/polkit-read-auth-helper.c
@@ -39,6 +39,7 @@
#include <string.h>
#include <unistd.h>
#include <sys/types.h>
+#include <sys/param.h>
#include <sys/stat.h>
#include <grp.h>
#include <pwd.h>
@@ -159,7 +160,11 @@ dump_auths_all (const char *root)
{
DIR *dir;
int dfd;
+#ifdef HAVE_READDIR64
struct dirent64 *d;
+#else
+ struct dirent *d;
+#endif
polkit_bool_t ret;
ret = FALSE;
@@ -176,7 +181,11 @@ dump_auths_all (const char *root)
goto out;
}
+#ifdef HAVE_READDIR64
while ((d = readdir64(dir)) != NULL) {
+#else
+ while ((d = readdir(dir)) != NULL) {
+#endif
unsigned int n, m;
uid_t uid;
size_t name_len;
@@ -291,15 +300,8 @@ main (int argc, char *argv[])
#ifndef POLKIT_BUILD_TESTS
/* clear the entire environment to avoid attacks using with libraries honoring environment variables */
-#ifdef HAVE_SOLARIS
- extern char **environ;
-
- if (environ != NULL)
- environ[0] = NULL;
-#else
- if (clearenv () != 0)
+ if (kit_clearenv () != 0)
goto out;
-#endif
/* set a minimal environment */
setenv ("PATH", "/usr/sbin:/usr/bin:/sbin:/bin", 1);
#endif
diff --git a/src/polkit-dbus/polkit-resolve-exe-helper.c b/src/polkit-dbus/polkit-resolve-exe-helper.c
index fb96804..c56b2f5 100644
--- a/src/polkit-dbus/polkit-resolve-exe-helper.c
+++ b/src/polkit-dbus/polkit-resolve-exe-helper.c
@@ -40,6 +40,9 @@
#include <unistd.h>
#include <sys/types.h>
#include <sys/stat.h>
+#ifdef HAVE_FREEBSD
+#include <sys/param.h>
+#endif
#include <security/pam_appl.h>
#include <grp.h>
#include <pwd.h>
@@ -76,15 +79,8 @@ main (int argc, char *argv[])
ret = 1;
/* clear the entire environment to avoid attacks using with libraries honoring environment variables */
-#ifdef HAVE_SOLARIS
- extern char **environ;
-
- if (environ != NULL)
- environ[0] = NULL;
-#else
- if (clearenv () != 0)
+ if (kit_clearenv () != 0)
goto out;
-#endif
/* set a minimal environment */
setenv ("PATH", "/usr/sbin:/usr/bin:/sbin:/bin", 1);
diff --git a/src/polkit-dbus/polkit-set-default-helper.c b/src/polkit-dbus/polkit-set-default-helper.c
index 6fb2eae..c903dbd 100644
--- a/src/polkit-dbus/polkit-set-default-helper.c
+++ b/src/polkit-dbus/polkit-set-default-helper.c
@@ -128,15 +128,8 @@ main (int argc, char *argv[])
ret = 1;
/* clear the entire environment to avoid attacks using with libraries honoring environment variables */
-#ifdef HAVE_SOLARIS
- extern char **environ;
-
- if (environ != NULL)
- environ[0] = NULL;
-#else
- if (clearenv () != 0)
+ if (kit_clearenv () != 0)
goto out;
-#endif
/* set a minimal environment */
setenv ("PATH", "/usr/sbin:/usr/bin:/sbin:/bin", 1);
diff --git a/src/polkit-grant/Makefile.am b/src/polkit-grant/Makefile.am
index 6088ccd..a70d886 100644
--- a/src/polkit-grant/Makefile.am
+++ b/src/polkit-grant/Makefile.am
@@ -60,7 +60,7 @@ polkit_grant_helper_LDADD = @GLIB_LIBS@ @DBUS_LIBS@ $(top_builddir)/src/polkit/l
if POLKIT_AUTHFW_PAM
polkit_grant_helper_pam_SOURCES = polkit-grant-helper-pam.c
-polkit_grant_helper_pam_LDADD = @AUTH_LIBS@
+polkit_grant_helper_pam_LDADD = @AUTH_LIBS@ $(top_builddir)/src/polkit/libpolkit.la
endif
if POLKIT_AUTHFW_SHADOW
diff --git a/src/polkit-grant/polkit-explicit-grant-helper.c b/src/polkit-grant/polkit-explicit-grant-helper.c
index 39cdcaa..2e83bde 100644
--- a/src/polkit-grant/polkit-explicit-grant-helper.c
+++ b/src/polkit-grant/polkit-explicit-grant-helper.c
@@ -70,15 +70,8 @@ main (int argc, char *argv[])
ret = 1;
/* clear the entire environment to avoid attacks using with libraries honoring environment variables */
-#ifdef HAVE_SOLARIS
- extern char **environ;
-
- if (environ != NULL)
- environ[0] = NULL;
-#else
- if (clearenv () != 0)
+ if (kit_clearenv () != 0)
goto out;
-#endif
/* set a minimal environment */
setenv ("PATH", "/usr/sbin:/usr/bin:/sbin:/bin", 1);
diff --git a/src/polkit-grant/polkit-grant-helper-pam.c b/src/polkit-grant/polkit-grant-helper-pam.c
index 7ce19b0..d6f4677 100644
--- a/src/polkit-grant/polkit-grant-helper-pam.c
+++ b/src/polkit-grant/polkit-grant-helper-pam.c
@@ -41,6 +41,8 @@
#include <syslog.h>
#include <security/pam_appl.h>
+#include <kit/kit.h>
+
#ifdef HAVE_SOLARIS
#define LOG_AUTHPRIV (10<<3)
#endif
@@ -67,15 +69,8 @@ main (int argc, char *argv[])
pam_h = NULL;
/* clear the entire environment to avoid attacks using with libraries honoring environment variables */
-#ifdef HAVE_SOLARIS
- extern char **environ;
-
- if (environ != NULL)
- environ[0] = NULL;
-#else
- if (clearenv () != 0)
+ if (kit_clearenv () != 0)
goto error;
-#endif
/* set a minimal environment */
setenv ("PATH", "/usr/sbin:/usr/bin:/sbin:/bin", 1);
diff --git a/src/polkit-grant/polkit-grant-helper.c b/src/polkit-grant/polkit-grant-helper.c
index f568686..cdfa710 100644
--- a/src/polkit-grant/polkit-grant-helper.c
+++ b/src/polkit-grant/polkit-grant-helper.c
@@ -57,6 +57,8 @@
#include <glib.h>
+#include <kit/kit.h>
+
#include <polkit-dbus/polkit-dbus.h>
// #include <polkit/polkit-grant-database.h>
@@ -564,15 +566,8 @@ main (int argc, char *argv[])
ret = 3;
/* clear the entire environment to avoid attacks using with libraries honoring environment variables */
-#ifdef HAVE_SOLARIS
- extern char **environ;
-
- if (environ != NULL)
- environ[0] = NULL;
-#else
- if (clearenv () != 0)
+ if (kit_clearenv () != 0)
goto out;
-#endif
/* set a minimal environment */
setenv ("PATH", "/usr/sbin:/usr/bin:/sbin:/bin", 1);
diff --git a/src/polkit-grant/polkit-grant.c b/src/polkit-grant/polkit-grant.c
index 02077c0..36f0e5d 100644
--- a/src/polkit-grant/polkit-grant.c
+++ b/src/polkit-grant/polkit-grant.c
@@ -39,6 +39,7 @@
#include <sys/types.h>
#include <unistd.h>
#include <sys/wait.h>
+#include <signal.h>
#include <glib.h>
#include "polkit-grant.h"
@@ -302,7 +303,7 @@ polkit_grant_io_func (PolKitGrant *polkit_grant, int fd)
g_return_if_fail (polkit_grant != NULL);
g_return_if_fail (polkit_grant->helper_is_running);
- while (getline (&line, &line_len, polkit_grant->child_stdout_f) != -1) {
+ while (kit_getline (&line, &line_len, polkit_grant->child_stdout_f) != -1) {
if (strlen (line) > 0 &&
line[strlen (line) - 1] == '\n')
line[strlen (line) - 1] = '\0';
@@ -543,49 +544,6 @@ error:
return FALSE;
}
-#ifdef HAVE_SOLARIS
-#define BUFFER_LEN 256
-
-ssize_t getline (char **lineptr, size_t *n, FILE *f)
-{
- char ch;
- size_t m = 0;
- ssize_t buf_len = 0;
- char * buf = NULL;
- char * p = NULL;
-
-
- while ( (ch = getc(f)) !=EOF )
- {
- if (errno != 0)
- return -1;
- if ( m++ >= buf_len )
- {
- buf_len += BUFFER_LEN;
- buf = (char *) realloc(buf, buf_len + 1);
- if ( buf == NULL )
- {
- return -1;
- }
- p = buf + buf_len - BUFFER_LEN;
- }
- if ( ch == '\n' )
- break;
- *p = ch;
- p++;
- }
- if ( m == 0 )
- {
- return -1;
- } else {
- *p = '\0';
- *lineptr = buf;
- *n = m;
- return m;
- }
-}
-#endif
-
#ifdef POLKIT_BUILD_TESTS
static polkit_bool_t
diff --git a/src/polkit-grant/polkit-revoke-helper.c b/src/polkit-grant/polkit-revoke-helper.c
index 6052df0..5f59856 100644
--- a/src/polkit-grant/polkit-revoke-helper.c
+++ b/src/polkit-grant/polkit-revoke-helper.c
@@ -112,15 +112,8 @@ main (int argc, char *argv[])
#ifndef POLKIT_BUILD_TESTS
/* clear the entire environment to avoid attacks using with libraries honoring environment variables */
-#ifdef HAVE_SOLARIS
- extern char **environ;
-
- if (environ != NULL)
- environ[0] = NULL;
-#else
- if (clearenv () != 0)
+ if (kit_clearenv () != 0)
goto out;
-#endif
/* set a minimal environment */
setenv ("PATH", "/usr/sbin:/usr/bin:/sbin:/bin", 1);
#endif
diff --git a/src/polkit/polkit-config.c b/src/polkit/polkit-config.c
index 1ae67e7..375615e 100644
--- a/src/polkit/polkit-config.c
+++ b/src/polkit/polkit-config.c
@@ -39,7 +39,6 @@
#include <grp.h>
#include <unistd.h>
#include <errno.h>
-#include <sys/inotify.h>
#include <regex.h>
#include <syslog.h>
#include <regex.h>
diff --git a/src/polkit/polkit-context.c b/src/polkit/polkit-context.c
index f1d4b11..14d08f0 100644
--- a/src/polkit/polkit-context.c
+++ b/src/polkit/polkit-context.c
@@ -43,7 +43,13 @@
#include <port.h>
#include <sys/stat.h>
#else
+#ifdef HAVE_INOTIFY
#include <sys/inotify.h>
+#elif HAVE_KQUEUE
+#include <sys/event.h>
+#include <sys/time.h>
+#include <fcntl.h>
+#endif
#endif
#include <syslog.h>
@@ -111,11 +117,19 @@ struct _PolKitContext
polkit_bool_t load_descriptions;
+#ifdef HAVE_INOTIFY
int inotify_fd;
int inotify_fd_watch_id;
int inotify_config_wd;
int inotify_policy_wd;
int inotify_grant_perm_wd;
+#elif HAVE_KQUEUE
+ int kqueue_fd;
+ int kqueue_fd_watch_id;
+ int kqueue_config_fd;
+ int kqueue_policy_fd;
+ int kqueue_grant_perm_fd;
+#endif
};
/**
@@ -149,6 +163,10 @@ polkit_context_new (void)
polkit_bool_t
polkit_context_init (PolKitContext *pk_context, PolKitError **error)
{
+#ifdef HAVE_KQUEUE
+ struct kevent ev;
+#endif
+
kit_return_val_if_fail (pk_context != NULL, FALSE);
pk_context->policy_dir = kit_strdup (PACKAGE_DATA_DIR "/PolicyKit/policy");
@@ -209,7 +227,87 @@ polkit_context_init (PolKitContext *pk_context, PolKitError **error)
goto error;
}
}
+#elif HAVE_KQUEUE
+ if (pk_context->io_add_watch_func != NULL) {
+ pk_context->kqueue_fd = kqueue ();
+ if (pk_context->kqueue_fd < 0) {
+ polkit_debug ("failed to initialize kqueue: %s", strerror (errno));
+ /* TODO: set error */
+ goto error;
+ }
+
+ /* Watch the /etc/PolicyKit/PolicyKit.conf file */
+ pk_context->kqueue_config_fd = open (PACKAGE_SYSCONF_DIR "/PolicyKit/PolicyKit.conf", O_RDONLY);
+ if (pk_context->kqueue_config_fd < 0) {
+ polkit_debug ("failed '" PACKAGE_SYSCONF_DIR "/PolicyKit/PolicyKit.conf' for reading: %s",
+ strerror (errno));
+ /* TODO: set error */
+ goto error;
+ }
+
+ EV_SET (&ev, pk_context->kqueue_config_fd, EVFILT_VNODE,
+ EV_ADD | EV_ENABLE | EV_CLEAR,
+ NOTE_DELETE | NOTE_EXTEND | NOTE_WRITE | NOTE_RENAME,
+ 0, 0);
+ if (kevent (pk_context->kqueue_fd, &ev, 1, NULL, 0, NULL) == -1) {
+ polkit_debug ("failed to add watch on file '" PACKAGE_SYSCONF_DIR "/PolicyKit/PolicyKit.conf': %s",
+ strerror (errno));
+ close (pk_context->kqueue_config_fd);
+ /* TODO: set error */
+ goto error;
+ }
+
+ /* Watch the /usr/share/PolicyKit/policy directory */
+ pk_context->kqueue_policy_fd = open (PACKAGE_DATA_DIR "/PolicyKit/policy", O_RDONLY);
+ if (pk_context->kqueue_policy_fd < 0) {
+ polkit_debug ("failed to open '" PACKAGE_DATA_DIR "/PolicyKit/policy for reading: %s",
+ strerror (errno));
+ /* TODO: set error */
+ goto error;
+ }
+
+ EV_SET (&ev, pk_context->kqueue_policy_fd, EVFILT_VNODE,
+ EV_ADD | EV_ENABLE | EV_CLEAR,
+ NOTE_DELETE | NOTE_EXTEND | NOTE_WRITE | NOTE_RENAME,
+ 0, 0);
+ if (kevent (pk_context->kqueue_fd, &ev, 1, NULL, 0, NULL) == -1) {
+ polkit_debug ("failed to add watch on directory '" PACKAGE_DATA_DIR "/PolicyKit/policy': %s",
+ strerror (errno));
+ close (pk_context->kqueue_policy_fd);
+ /* TODO: set error */
+ goto error;
+ }
+
+#ifdef POLKIT_AUTHDB_DEFAULT
+ /* Watch the /var/lib/misc/PolicyKit.reload file */
+ pk_context->kqueue_grant_perm_fd = open (PACKAGE_LOCALSTATE_DIR "/lib/misc/PolicyKit.reload", O_RDONLY);
+ if (pk_context->kqueue_grant_perm_fd < 0) {
+ polkit_debug ("failed to open '" PACKAGE_LOCALSTATE_DIR "/lib/misc/PolicyKit.reload' for reading: %s",
+ strerror (errno));
+ /* TODO: set error */
+ goto error;
+ }
+
+ EV_SET (&ev, pk_context->kqueue_grant_perm_fd, EVFILT_VNODE,
+ EV_ADD | EV_ENABLE | EV_CLEAR,
+ NOTE_DELETE | NOTE_EXTEND | NOTE_WRITE | NOTE_RENAME | NOTE_ATTRIB,
+ 0, 0);
+ if (kevent (pk_context->kqueue_fd, &ev, 1, NULL, 0, NULL) == -1) {
+ polkit_debug ("failed to add watch on file '" PACKAGE_LOCALSTATE_DIR "/lib/misc/PolicyKit.reload': %s",
+ strerror (errno));
+ close (pk_context->kqueue_grant_perm_fd);
+ /* TODO: set error */
+ goto error;
+ }
+#endif
+ pk_context->kqueue_fd_watch_id = pk_context->io_add_watch_func (pk_context, pk_context->kqueue_fd);
+ if (pk_context->kqueue_fd_watch_id == 0) {
+ polkit_debug ("failed to add io watch");
+ /* TODO: set error */
+ goto error;
+ }
+ }
#else
if (pk_context->io_add_watch_func != NULL) {
pk_context->inotify_fd = inotify_init ();
@@ -444,6 +542,35 @@ polkit_context_io_func (PolKitContext *pk_context, int fd)
}
}
+#elif HAVE_KQUEUE
+ if (fd == pk_context->kqueue_fd) {
+ struct kevent ev[1024];
+ struct timespec nullts = { 0, 0 };
+ int res;
+ int i = 0;
+
+ res = kevent (fd, NULL, 0, ev, 1024, &nullts);
+
+ if (res > 0) {
+ /* Sleep for a half-second to avoid potential races
+ * during install/uninstall. */
+ usleep (500000);
+
+ while (i < res) {
+ struct kevent *evptr;
+
+ evptr = &ev[i];
+ polkit_debug ("ident=%d filter=%d flags=%u fflags=%u",
+ evptr->ident, evptr->filter, evptr->flags, evptr->fflags);
+ polkit_debug ("config changed!");
+ config_changed = TRUE;
+
+ i++;
+ }
+ } else {
+ polkit_debug ("failed to read kqueue event: %s", strerror (errno));
+ }
+ }
#else
if (fd == pk_context->inotify_fd) {
/* size of the event structure, not counting name */
diff --git a/src/polkit/polkit-policy-cache.c b/src/polkit/polkit-policy-cache.c
index a349e04..d5e3218 100644
--- a/src/polkit/polkit-policy-cache.c
+++ b/src/polkit/polkit-policy-cache.c
@@ -101,7 +101,11 @@ PolKitPolicyCache *
_polkit_policy_cache_new (const char *dirname, polkit_bool_t load_descriptions, PolKitError **error)
{
DIR *dir;
+#ifdef HAVE_READDIR64
struct dirent64 *d;
+#else
+ struct dirent *d;
+#endif
PolKitPolicyCache *pc;
struct stat statbuf;
@@ -123,7 +127,11 @@ _polkit_policy_cache_new (const char *dirname, polkit_bool_t load_descriptions,
goto out;
}
+#ifdef HAVE_READDIR64
while ((d = readdir64 (dir)) != NULL) {
+#else
+ while ((d = readdir (dir)) != NULL) {
+#endif
char *path;
PolKitPolicyFile *pf;
PolKitError *pk_error;
diff --git a/src/polkit/polkit-policy-file.c b/src/polkit/polkit-policy-file.c
index 28b6647..14bfc85 100644
--- a/src/polkit/polkit-policy-file.c
+++ b/src/polkit/polkit-policy-file.c
@@ -804,27 +804,6 @@ polkit_policy_file_entry_foreach (PolKitPolicyFile *policy_file,
return FALSE;
}
-#ifdef HAVE_SOLARIS
-char *strndup ( const char *s, size_t n)
-{
- size_t nAvail;
- char *p;
-
- if ( !s )
- return 0;
-
- if ( strlen(s) > n )
- nAvail = n + 1;
- else
- nAvail = strlen(s) + 1;
- p = malloc ( nAvail );
- memcpy ( p, s, nAvail );
- p[nAvail - 1] = '\0';
-
- return p;
-}
-#endif
-
#ifdef POLKIT_BUILD_TESTS
/* this checks that the policy descriptions read from test-valid-3-lang.policy are correct */
diff --git a/src/polkit/polkit-sysdeps.c b/src/polkit/polkit-sysdeps.c
index 7a7c386..fe0fc6f 100644
--- a/src/polkit/polkit-sysdeps.c
+++ b/src/polkit/polkit-sysdeps.c
@@ -51,7 +51,7 @@
#else
#include <procfs.h>
#endif
-#else
+#elif defined(HAVE_INOTIFY)
#include <sys/inotify.h>
#endif
#include <syslog.h>
@@ -106,7 +106,11 @@ polkit_sysdeps_get_start_time_for_pid (pid_t pid)
}
start_time = (unsigned long long) (info.pr_start.tv_sec);
#else
+#ifdef __FreeBSD__
+ filename = kit_strdup_printf ("/proc/%d/status", pid);
+#else
filename = kit_strdup_printf ("/proc/%d/stat", pid);
+#endif
if (filename == NULL) {
errno = ENOMEM;
goto out;
@@ -117,6 +121,36 @@ polkit_sysdeps_get_start_time_for_pid (pid_t pid)
goto out;
}
+#ifdef __FreeBSD__
+ tokens = kit_strsplit (contents, ' ', &num_tokens);
+ if (tokens == NULL)
+ goto out;
+ if (num_tokens < 8) {
+ kit_strfreev (tokens);
+ goto out;
+ }
+
+ p = kit_strdup (tokens[7]);
+ kit_strfreev (tokens);
+
+ tokens = kit_strsplit (p, ',', &num_tokens);
+ kit_free (p);
+ if (tokens == NULL)
+ goto out;
+ if (num_tokens >= 1) {
+ start_time = strtoll (tokens[0], &endp, 10);
+ if (endp == tokens[0]) {
+ kit_strfreev (tokens);
+ goto out;
+ }
+ } else {
+ kit_strfreev (tokens);
+ goto out;
+ }
+
+ kit_strfreev (tokens);
+#else
+
/* start time is the 19th token after the '(process name)' entry */
p = strchr (contents, ')');
@@ -143,6 +177,7 @@ polkit_sysdeps_get_start_time_for_pid (pid_t pid)
kit_strfreev (tokens);
#endif
+#endif
out:
#ifndef HAVE_SOLARIS
@@ -235,7 +270,11 @@ polkit_sysdeps_get_exe_for_pid (pid_t pid, char *out_buf, size_t buf_size)
ret = strlen (info.pr_psargs);
strncpy (out_buf, info.pr_psargs, ret);
#else
+#ifdef __FreeBSD__
+ snprintf (proc_name, sizeof (proc_name), "/proc/%d/file", pid);
+#else
snprintf (proc_name, sizeof (proc_name), "/proc/%d/exe", pid);
+#endif
ret = readlink (proc_name, out_buf, buf_size - 1);
if (ret == -1) {
strncpy (out_buf, "(unknown)", buf_size);
diff --git a/tools/polkit-auth.c b/tools/polkit-auth.c
index 0ce5e29..001298e 100644
--- a/tools/polkit-auth.c
+++ b/tools/polkit-auth.c
@@ -37,7 +37,7 @@
#include <stdlib.h>
#include <string.h>
#include <sys/types.h>
-#ifdef HAVE_SOLARIS
+#if defined(HAVE_SOLARIS) || defined(HAVE_FREEBSD)
#include <sys/wait.h>
#endif
#include <pwd.h>
@@ -72,6 +72,77 @@ typedef struct {
GMainLoop *loop;
} UserData;
+#ifndef HAVE_GETLINE
+static ssize_t
+getline (char **lineptr, size_t *n, FILE *stream)
+{
+ char *line, *p;
+ long size, copy;
+
+ if (lineptr == NULL || n == NULL) {
+ errno = EINVAL;
+ return (ssize_t) -1;
+ }
+
+ if (ferror (stream))
+ return (ssize_t) -1;
+
+ /* Make sure we have a line buffer to start with. */
+ if (*lineptr == NULL || *n < 2) /* !seen and no buf yet need 2 chars. */ {
+#ifndef MAX_CANON
+#define MAX_CANON 256
+#endif
+ if (!*lineptr)
+ line = (char *) malloc (MAX_CANON);
+ else
+ line = (char *) realloc (*lineptr, MAX_CANON);
+ if (line == NULL)
+ return (ssize_t) -1;
+ *lineptr = line;
+ *n = MAX_CANON;
+ }
+
+ line = *lineptr;
+ size = *n;
+
+ copy = size;
+ p = line;
+
+ while (1) {
+ long len;
+
+ while (--copy > 0) {
+ int c = getc (stream);
+
+ if (c == EOF)
+ goto lose;
+ else if ((*p++ = c) == '\n')
+ goto win;
+ }
+
+ /* Need to enlarge the line buffer. */
+ len = p - line;
+ size *= 2;
+ line = (char *) realloc (line, size);
+ if (line == NULL)
+ goto lose;
+ *lineptr = line;
+ *n = size;
+ p = line + len;
+ copy = size - len;
+ }
+
+lose:
+ if (p == *lineptr)
+ return (ssize_t) -1;
+
+ /* Return a partial line since we got an error in the middle. */
+win:
+ *p = '\0';
+ return p - *lineptr;
+}
+#endif
+
static void
conversation_type (PolKitGrant *polkit_grant, PolKitResult auth_type, void *user_data)
{
More information about the hal-commit
mailing list