PolicyKit: Branch 'master' - 2 commits

Colin Walters walters at kemper.freedesktop.org
Sat Nov 9 05:33:30 PST 2013


 src/examples/cancel.c                                   |    2 
 src/polkit/polkitsystembusname.c                        |   56 ++++++++++++++++
 src/polkit/polkitsystembusname.h                        |    4 +
 src/polkitbackend/polkitbackendsessionmonitor-systemd.c |   20 -----
 src/polkitbackend/polkitbackendsessionmonitor.c         |   20 -----
 5 files changed, 63 insertions(+), 39 deletions(-)

New commits:
commit aa4cd969b7371d73da49700d0098e41874a370e6
Author: Colin Walters <walters at verbum.org>
Date:   Thu Nov 7 17:18:52 2013 -0500

    examples/cancel: Fix to securely lookup subject
    
    This is just an uninstalled example, but it needed the same fix as was
    done for pkexec with the 3b12cfac29dddd27f1f166a7574d8374cc1dccf2
    commit.
    
    This drops use of deprecated API.
    
    https://bugs.freedesktop.org/show_bug.cgi?id=69538

diff --git a/src/examples/cancel.c b/src/examples/cancel.c
index 7978ebe..1470025 100644
--- a/src/examples/cancel.c
+++ b/src/examples/cancel.c
@@ -128,7 +128,7 @@ main (int argc, char *argv[])
       g_printerr ("Parent process was reaped by init(1)\n");
       return 1;
     }
-  subject = polkit_unix_process_new (parent_pid);
+  subject = polkit_unix_process_new_for_owner (parent_pid, 0, getuid ());
 
   cancellable = g_cancellable_new ();
 
commit 904d8404d93dec45fce3b719eb1a626acc6b8a73
Author: Colin Walters <walters at verbum.org>
Date:   Wed Aug 21 12:23:55 2013 -0400

    PolkitSystemBusName: Add public API to retrieve Unix user
    
    And change the duplicated code in the backend session monitors to use
    it.  This just a code cleanup resulting from review after
    CVE-2013-4288.  There's no security impact from this patch, it just
    removes duplicated code.
    
    https://bugs.freedesktop.org/show_bug.cgi?id=69538

diff --git a/src/polkit/polkitsystembusname.c b/src/polkit/polkitsystembusname.c
index 2a297c4..51e4a69 100644
--- a/src/polkit/polkitsystembusname.c
+++ b/src/polkit/polkitsystembusname.c
@@ -25,6 +25,7 @@
 
 #include <string.h>
 #include "polkitsystembusname.h"
+#include "polkitunixuser.h"
 #include "polkitsubject.h"
 #include "polkitprivate.h"
 
@@ -396,3 +397,58 @@ polkit_system_bus_name_get_process_sync (PolkitSystemBusName  *system_bus_name,
   return ret;
 }
 
+/**
+ * polkit_system_bus_name_get_user_sync:
+ * @system_bus_name: A #PolkitSystemBusName.
+ * @cancellable: (allow-none): A #GCancellable or %NULL.
+ * @error: (allow-none): Return location for error or %NULL.
+ *
+ * Synchronously gets a #PolkitUnixUser object for @system_bus_name;
+ * the calling thread is blocked until a reply is received.
+ *
+ * Returns: (allow-none) (transfer full): A #PolkitUnixUser object or %NULL if @error is set.
+ **/
+PolkitUnixUser *
+polkit_system_bus_name_get_user_sync (PolkitSystemBusName  *system_bus_name,
+				      GCancellable         *cancellable,
+				      GError              **error)
+{
+  GDBusConnection *connection;
+  PolkitUnixUser *ret;
+  GVariant *result;
+  guint32 uid;
+
+  g_return_val_if_fail (POLKIT_IS_SYSTEM_BUS_NAME (system_bus_name), NULL);
+  g_return_val_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable), NULL);
+  g_return_val_if_fail (error == NULL || *error == NULL, NULL);
+
+  ret = NULL;
+
+  connection = g_bus_get_sync (G_BUS_TYPE_SYSTEM, cancellable, error);
+  if (connection == NULL)
+    goto out;
+
+  result = g_dbus_connection_call_sync (connection,
+                                        "org.freedesktop.DBus",       /* name */
+                                        "/org/freedesktop/DBus",      /* object path */
+                                        "org.freedesktop.DBus",       /* interface name */
+                                        "GetConnectionUnixUser",      /* method */
+                                        g_variant_new ("(s)", system_bus_name->name),
+                                        G_VARIANT_TYPE ("(u)"),
+                                        G_DBUS_CALL_FLAGS_NONE,
+                                        -1,
+                                        cancellable,
+                                        error);
+  if (result == NULL)
+    goto out;
+
+  g_variant_get (result, "(u)", &uid);
+  g_variant_unref (result);
+
+  ret = (PolkitUnixUser*)polkit_unix_user_new (uid);
+
+ out:
+  if (connection != NULL)
+    g_object_unref (connection);
+  return ret;
+}
diff --git a/src/polkit/polkitsystembusname.h b/src/polkit/polkitsystembusname.h
index 1fc464f..38d31f7 100644
--- a/src/polkit/polkitsystembusname.h
+++ b/src/polkit/polkitsystembusname.h
@@ -56,6 +56,10 @@ PolkitSubject  *polkit_system_bus_name_get_process_sync   (PolkitSystemBusName
                                                            GCancellable         *cancellable,
                                                            GError              **error);
 
+PolkitUnixUser * polkit_system_bus_name_get_user_sync     (PolkitSystemBusName  *system_bus_name,
+							   GCancellable         *cancellable,
+							   GError              **error);
+
 G_END_DECLS
 
 #endif /* __POLKIT_SYSTEM_BUS_NAME_H */
diff --git a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c
index 58593c3..0185310 100644
--- a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c
+++ b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c
@@ -277,25 +277,7 @@ polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor
     }
   else if (POLKIT_IS_SYSTEM_BUS_NAME (subject))
     {
-      GVariant *result;
-
-      result = g_dbus_connection_call_sync (monitor->system_bus,
-                                            "org.freedesktop.DBus",
-                                            "/org/freedesktop/DBus",
-                                            "org.freedesktop.DBus",
-                                            "GetConnectionUnixUser",
-                                            g_variant_new ("(s)", polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (subject))),
-                                            G_VARIANT_TYPE ("(u)"),
-                                            G_DBUS_CALL_FLAGS_NONE,
-                                            -1, /* timeout_msec */
-                                            NULL, /* GCancellable */
-                                            error);
-      if (result == NULL)
-        goto out;
-      g_variant_get (result, "(u)", &uid);
-      g_variant_unref (result);
-
-      ret = polkit_unix_user_new (uid);
+      ret = (PolkitIdentity*)polkit_system_bus_name_get_user_sync (POLKIT_SYSTEM_BUS_NAME (subject), NULL, error);
     }
   else if (POLKIT_IS_UNIX_SESSION (subject))
     {
diff --git a/src/polkitbackend/polkitbackendsessionmonitor.c b/src/polkitbackend/polkitbackendsessionmonitor.c
index 9c331b6..4075d3f 100644
--- a/src/polkitbackend/polkitbackendsessionmonitor.c
+++ b/src/polkitbackend/polkitbackendsessionmonitor.c
@@ -306,25 +306,7 @@ polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor
     }
   else if (POLKIT_IS_SYSTEM_BUS_NAME (subject))
     {
-      GVariant *result;
-
-      result = g_dbus_connection_call_sync (monitor->system_bus,
-                                            "org.freedesktop.DBus",
-                                            "/org/freedesktop/DBus",
-                                            "org.freedesktop.DBus",
-                                            "GetConnectionUnixUser",
-                                            g_variant_new ("(s)", polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (subject))),
-                                            G_VARIANT_TYPE ("(u)"),
-                                            G_DBUS_CALL_FLAGS_NONE,
-                                            -1, /* timeout_msec */
-                                            NULL, /* GCancellable */
-                                            error);
-      if (result == NULL)
-        goto out;
-      g_variant_get (result, "(u)", &uid);
-      g_variant_unref (result);
-
-      ret = polkit_unix_user_new (uid);
+      ret = (PolkitIdentity*)polkit_system_bus_name_get_user_sync (POLKIT_SYSTEM_BUS_NAME (subject));
     }
   else if (POLKIT_IS_UNIX_SESSION (subject))
     {


More information about the hal-commit mailing list