1. 20 Aug, 2010 6 commits
  2. 18 Aug, 2010 1 commit
    • David Zeuthen's avatar
      Fix ConsoleKit interaction bug · 22363658
      David Zeuthen authored
      First of all, there was a glaring bug where we forgot to load the
      GKeyFile for /var/run/ConsoleKit/database resulting in criticals like
      this:
      
       (lt-polkitd:17984): GLib-CRITICAL **: g_key_file_get_boolean: assertion `key_file != NULL' failed
       (lt-polkitd:17984): GLib-CRITICAL **: g_key_file_get_boolean: assertion `key_file != NULL' failed
      
      Furthermore, this resulted in the Authority returning "not authorized"
      for subjects that should have been authorized. For an example, see
      
       https://bugzilla.redhat.com/show_bug.cgi?id=624125
      
      Fix this bug by calling ensure_database() to make sure the GKeyFile
      contains information from /var/run/ConsoleKit/database. Also, since
      there is a race (theoretical at least, but see
      https://bugzilla.gnome.org/show_bug.cgi?id=627285
      
       ) with file
      monitoring, also ensure that we are using the latest and greatest
      version of /var/run/ConsoleKit/database.
      Signed-off-by: default avatarDavid Zeuthen <davidz@redhat.com>
      22363658
  3. 12 Aug, 2010 2 commits
    • David Zeuthen's avatar
      Add textual authentication agent and use it in pkexec(1) · 42177383
      David Zeuthen authored
      
      
      This makes pkexec(1) work when e.g. logging in via ssh(1) or the linux
      console but also when using `su -'. Example:
      
       [davidz@x61 ~]$ su - bateman
       Password:
       [bateman@x61 ~]$ pkexec bash
       ==== AUTHENTICATING FOR org.freedesktop.policykit.exec ===
       Authentication is needed to run `/bin/bash' as the super user
       Authenticating as: root
       Password:
       ==== AUTHENTICATION COMPLETE ===
       [root@x61 ~]#
      
      Summary of changes
      
       - Added a PolkitAgentTextListener class
      
       - Add new polkit_agent_listener_register() (and _unregister()) API
      
       - Deprecate polkit_agent_register_listener API
      
       - Allow registering authentication agents for PolkitUnixProcess subjects
         and prefer such agents to ones governing the session
      
       - Make PolkitAgentSession use the thread-default GMainContext - otherwise
         it won't work in spawned threads
      
       - (finally) use PolkitAgentTextListener in pkexec(1) if authorization
         via authentication is possible but no authentication agent was
         found
      Signed-off-by: default avatarDavid Zeuthen <davidz@redhat.com>
      42177383
    • David Zeuthen's avatar
      Fix scanning of unix-process subjects · 17f06005
      David Zeuthen authored
      
      
      In particular accept both "unix-process:<pid>,<starttime>" and
      "unix-process:<pid>". For the latter, return an error if we cannot
      lookup the starttime (for example if the given pid references a
      non-existing process).
      Signed-off-by: default avatarDavid Zeuthen <davidz@redhat.com>
      17f06005
  4. 10 Aug, 2010 1 commit
  5. 09 Aug, 2010 10 commits
  6. 07 Aug, 2010 1 commit
  7. 06 Aug, 2010 2 commits
  8. 03 Aug, 2010 2 commits
  9. 02 Aug, 2010 1 commit
  10. 30 Jul, 2010 2 commits
  11. 29 Jul, 2010 3 commits
  12. 28 Jul, 2010 2 commits
  13. 15 Jul, 2010 1 commit
  14. 02 Jul, 2010 1 commit
    • Andrew Psaltis's avatar
      Add shadow support · a2edcef5
      Andrew Psaltis authored
      
      
      Added support for the shadow authentication framework instead of PAM.
      Enable it by passing --with-authfw=shadow to configure.
      
      This is done by splitting the polkitagenthelper source into separate
      parts, one that does auth with PAM, and another that does auth with
      shadow, sharing functions where appropriate.
      
      Also, all PAM-dependendent code in all other files has been #ifdef'd.
      The only affected file is src/programs/pkexec.c
      Signed-off-by: default avatarDavid Zeuthen <davidz@redhat.com>
      a2edcef5
  15. 10 Mar, 2010 1 commit
    • Dan Rosenberg's avatar
      Bug 26982 – pkexec information disclosure vulnerability · 14bdfd81
      Dan Rosenberg authored
      pkexec is vulnerable to a minor information disclosure vulnerability
      that allows an attacker to verify whether or not arbitrary files
      exist, violating directory permissions. I reproduced the issue on my
      Karmic installation as follows:
      
       $ mkdir secret
       $ sudo chown root:root secret
       $ sudo chmod 400 secret
       $ sudo touch secret/hidden
       $ pkexec /home/drosenbe/secret/hidden
       (password prompt)
       $ pkexec /home/drosenbe/secret/doesnotexist
       Error getting information about /home/drosenbe/secret/doesnotexist: No such
       file or directory
      
      I've attached my patch for the issue. I replaced the stat() call
      entirely with access() using F_OK, so rather than check that the
      target exists, pkexec now checks if the user has permission to verify
      the existence of the program. There might be another way of doing
      this, such as chdir()'ing to the parent directory of the target and
      calling lstat(), but this seemed like more code than necessary to
      prevent such a minor problem.  I see no reason to allow pkexec to
      execute targets that are not accessible to the executing user because
      of directory permissions. This is such a limited use case anyway that
      this doesn't really affect functionality.
      
      http://bugs.freedesktop.org/show_bug.cgi?id=26982
      
      Signed-off-by: default avatarDavid Zeuthen <davidz@redhat.com>
      14bdfd81
  16. 15 Jan, 2010 4 commits