...
 
Commits (55)
......@@ -9,24 +9,165 @@ some security review. Use at your own risk.
This is polkit 0.114.
Highlights:
TODO
Port to mozjs 52, the latest version of the firefox JavaScript engine.
Add gettext support for policy files
Fixes for various memory leaks
Build requirements
glib, gobject, gio >= 2.30
mozjs185 or mozjs-17.0
glib, gobject, gio >= 2.32
mozjs-52
gobject-introspection >= 0.6.2 (optional)
pam (optional)
ConsoleKit OR systemd
Changes since polkit 0.113:
TODO
Anders Jonsson (2):
pkcheck: fix man typos
Add Swedish translation
Antoine Jacoutot (1):
Add support for OpenBSD
Christian Kirbach (1):
Add German translation
Colin Walters (3):
build: Pull in GCC warning infra from ostree
build: Use AC_USE_SYSTEM_EXTENSIONS
tests: Correct boundary test for overflow
Dariusz Gadomski (2):
Fix multi-line pam text info.
Refactor send_to_helper usage
Gabor Kelemen (1):
Add initial Hungarian translation, and add hu to LINGUAS
Jeremy Linton (5):
change mozjs interface module to c++
Switch to hard requiring mozjs24
Fix warnings caused by building with C++
Replace autocompartment
test: Add a test case to handle actions without explicit rules
Jiří Klimeš (1):
trivial: fix deprecated indication for polkit_agent_register_listener()
Matthias Clasen (1):
Add gettext support for .policy files
Miloslav Trmač (21):
Post-release version bump to 0.114
Consistently use HAVE_NETGROUP_H instead of HAVE_OPENBSD
Fix a memory leak of PolkitAgentListener's Server object
Remove polkitbackendconfigsource.[ch]
Add Slovak translation by Dusan Kazik <prescott66@gmail.com>
Add Indonesian translation by Andika Triwidada
Add Chinese (Taiwan) translation
Fix a typo in polkit(8)
Simplify GVariant reference counting
Fix a memory leak on an error path of lookup_asv (twice)
Fix a memory leak in server_handle_register_authentication_agent_with_options
Fix a memory leak in server_handle_unregister_authentication_agent
Fix a memory leak in server_handle_authentication_agent_response{,2}
Fix memory leaks in server_handle_*_temporary_authorizations
Fix error handling in polkit_authority_enumerate_temporary_authorizations_finish
Fix a memory leak per agent authentication
Fix a memory leak on agent authentication cancellation
Audit and fix GVariant reference counting
Fix help for (pkttyagent -s)
Fix a race condition when terminating runaway_killer_thread
Move to current GLib
Mingye Wang (Arthur2e5) (1):
Add zh_CN translation
Muhammet Kara (1):
Added Turkish translation
OBATA Akio (1):
Add support for NetBSD
Peter Hutterer (1):
gettext: switch to default-translate "no"
Philip Withnall (3):
polkit: Add g_autoptr() support for GObject-derived polkit types
data: Set GIO_USE_VFS=local in the environment
polkitbackend: Fix typos in a couple of initialisation error messages
Piotr Drąg (1):
Add Polish translation
Rafael Fontenelle (1):
Add Brazilian Portuguese translation
Ray Strode (34):
configure: bump mozjs requirement to 52
jsauthority: fix how classes are defined
jsauthority: use JS_FN instead of JS_FS
jsauthority: get rid of JSRuntime
jsauthority: change how setVersion is called
jsauthority: call JS_Init
jsauthority: call JS_InitSelfHostedCode
jsauthority: change how JIT is disabled
jsauthority: JS::SetWarningReporter instead of JS_SetErrorReporter
jsauthority: add UTF8 suffix to renamed functions
jsauthority: pass "%s" format string to report functions
jsauthority: s/JSBool/bool/
jsauthority: s/jsval/JS::Value/
jsauthority: s/JSVAL_NULL/JS::NullValue()/
jsauthority: s/JSVAL_VOID/JS::UndefinedValue()/
jsauthority: s/OBJECT_TO_JSVAL/JS::ObjectValue/
jsauthority: s/STRING_TO_JSVAL/JS::StringValue/
jsauthority: s/BOOLEAN_TO_JSVAL/JS::BooleanValue/
jsauthority: JSVAL_TO_OBJECT (o) to o.toObjectOrNull()
jsauthority: JSVAL_TO_STRING (s) to s.toString()
jsauthority: JSVAL_IS_STRING (s) to s.isString()
jsauthority: JSVAL_IS_NULL (o) to o.isNull()
jsauthority: Fix up JS_CallFunctionName invocations
jsauthority: use InterruptCallback api instead of OperationCallback
jsauthority: redo how global objects are set up
jsauthority: root some locals to the context
jsauthority: adapt arguments for new JS::Compile API
jsauthority: adapt arguments for new JS_ExecuteScript API
jsauthority: use JS::Evaluate instead of JS_EvaluateScript
jsauthority: fix up set_property methods
jsauthority: stop using JS_GetStringCharsZ
jsauthority: switch from JS_ConvertArguments to JS::CallArgsFromVp
jsauthority: re-enable JIT
Port JavaScript authority to mozjs52
Rui Matos (1):
polkitpermission: Fix a memory leak on authority changes
Sebastien Bacher (1):
Support polkit session agent running outside user session
Stef Walter (2):
polkitagent: Fix access after dereference on hashtable
polkitagent: No double warnings in polkit_agent_listener_register()
Sven Eden (1):
configure: enable elogind support in PolicyKit
Yuri Chornoivan (1):
Add Ukrainian translation
enkore (1):
Fix abnomal formatting of authentication header lines
muzena (1):
Add hr.po
Thanks to our contributors.
Colin Walters and Miloslav Trmač,
$DATE
April 2, 2017
--------------
polkit 0.113
......
......@@ -23,6 +23,7 @@ AC_SUBST(LT_CURRENT)
AC_SUBST(LT_REVISION)
AC_SUBST(LT_AGE)
AC_USE_SYSTEM_EXTENSIONS
AC_ISC_POSIX
AC_PROG_CC
AC_HEADER_STDC
......@@ -77,12 +78,8 @@ AC_SUBST(WARN_CFLAGS)
PKG_CHECK_MODULES(GLIB, [gmodule-2.0 gio-unix-2.0 >= 2.30.0])
AC_SUBST(GLIB_CFLAGS)
AC_SUBST(GLIB_LIBS)
AC_DEFINE([GLIB_VERSION_MIN_REQUIRED], [GLIB_VERSION_2_30],
[Avoid warning spew about g_type_init() being deprecated])
AC_DEFINE([GLIB_VERSION_MAX_ALLOWED], [G_ENCODE_VERSION(2,34)],
[Notify us when we'll need to transition away from g_type_init()])
PKG_CHECK_MODULES(LIBJS, [mozjs-24])
PKG_CHECK_MODULES(LIBJS, [mozjs-52])
AC_SUBST(LIBJS_CFLAGS)
AC_SUBST(LIBJS_CXXFLAGS)
......@@ -132,10 +129,11 @@ AC_ARG_ENABLE([test],
AM_CONDITIONAL(BUILD_TEST, [test "x$enable_test" = "xyes"])
dnl ---------------------------------------------------------------------------
dnl - Select wether to use libsystemd-login or ConsoleKit for session tracking
dnl - Select wether to use libsystemd-login, libelogind or ConsoleKit for session tracking
dnl ---------------------------------------------------------------------------
have_libsystemd=no
have_libelogind=no
SESSION_TRACKING=ConsoleKit
AC_ARG_ENABLE([libsystemd-login],
......@@ -156,16 +154,48 @@ if test "$enable_libsystemd_login" != "no"; then
],
[have_libsystemd=no])])
if test "$have_libsystemd" = "yes"; then
SESSION_TRACKING=libsystemd-login
AC_DEFINE([HAVE_LIBSYSTEMD], 1, [Define to 1 if libsystemd is available])
save_LIBS=$LIBS
LIBS=$LIBSYSTEMD_LIBS
AC_CHECK_FUNCS(sd_uid_get_display)
LIBS=$save_LIBS
SESSION_TRACKING=libsystemd-login
fi
fi
AC_ARG_ENABLE([libelogind],
[AS_HELP_STRING([--enable-libelogind[=@<:@auto/yes/no@:>@]], [Use libelogind (auto/yes/no)])],
[enable_libelogind=$enableval],
[enable_libelogind=auto])
dnl Using libelogind makes no sense when libsystemd-login is already in use
if test "$have_libsystemd" = "yes"; then
enable_libelogind=no
fi
if test "$enable_libelogind" != "no"; then
PKG_CHECK_MODULES([LIBELOGIND],
[libelogind],
[have_libelogind=yes])
if test "$have_libelogind" = "yes"; then
SESSION_TRACKING=libelogind
fi
fi
dnl libelogind is a drop-in replacement for libsystemd-login, so using it does
dnl not need any different actions than using libsystemd-login.
if test "$SESSION_TRACKING" != "ConsoleKit"; then
AC_DEFINE([HAVE_LIBSYSTEMD], 1, [Define to 1 if libsystemd or libelogind is available])
save_LIBS=$LIBS
if test "$have_libelogind" = "yes"; then
LIBS=$LIBELOGIND_LIBS
dnl We have to act like this was libsystemd-login
LIBSYSTEMD_CFLAGS=$LIBELOGIND_CFLAGS
LIBSYSTEMD_LIBS=$LIBELOGIND_LIBS
else
if test "$enable_libsystemd_login" = "yes"; then
AC_MSG_ERROR([libsystemd support requested but libsystemd or libsystemd-login library not found])
fi
LIBS=$LIBSYSTEMD_LIBS
fi
AC_CHECK_FUNCS(sd_uid_get_display)
LIBS=$save_LIBS
else
if test "$enable_libsystemd_login" = "yes"; then
AC_MSG_ERROR([libsystemd support requested but libsystemd or libsystemd-login library not found])
fi
if test "$enable_libelogind" = "yes"; then
AC_MSG_ERROR([libelogind support requested but libelogind library not found])
fi
fi
......
......@@ -37,7 +37,7 @@ pkgconfig_DATA = polkit-gobject-1.pc polkit-agent-1.pc
# ----------------------------------------------------------------------------------------------------
itsdir = $(datadir)/gettext/its
its_DATA = polkit.loc polkit.its
dist_its_DATA = polkit.loc polkit.its
# ----------------------------------------------------------------------------------------------------
......
......@@ -102,8 +102,6 @@ main (int argc, char *argv[])
PolkitAuthority *authority;
GCancellable *cancellable;
g_type_init ();
if (argc != 2)
{
g_printerr ("usage: %s <action_id>\n", argv[0]);
......
......@@ -19,7 +19,8 @@
* Author: David Zeuthen <davidz@redhat.com>
*/
#define _GNU_SOURCE
#include "config.h"
#include <glib.h>
#include <unistd.h>
#include <stdlib.h>
......
......@@ -352,10 +352,10 @@ polkit_action_description_new_for_gvariant (GVariant *value)
return action_description;
}
/* Note that this returns a floating value. */
GVariant *
polkit_action_description_to_gvariant (PolkitActionDescription *action_description)
{
GVariant *value;
GVariantBuilder builder;
GHashTableIter iter;
const gchar *a_key;
......@@ -368,17 +368,15 @@ polkit_action_description_to_gvariant (PolkitActionDescription *action_descripti
g_variant_builder_add (&builder, "{ss}", a_key, a_value);
/* TODO: note 'foo ? : ""' is a gcc specific extension (it's a short-hand for 'foo ? foo : ""') */
value = g_variant_new ("(ssssssuuua{ss})",
action_description->action_id ? : "",
action_description->description ? : "",
action_description->message ? : "",
action_description->vendor_name ? : "",
action_description->vendor_url ? : "",
action_description->icon_name ? : "",
action_description->implicit_any,
action_description->implicit_inactive,
action_description->implicit_active,
&builder);
return value;
return g_variant_new ("(ssssssuuua{ss})",
action_description->action_id ? : "",
action_description->description ? : "",
action_description->message ? : "",
action_description->vendor_name ? : "",
action_description->vendor_url ? : "",
action_description->icon_name ? : "",
action_description->implicit_any,
action_description->implicit_inactive,
action_description->implicit_active,
&builder);
}
......@@ -886,8 +886,6 @@ polkit_authority_check_authorization (PolkitAuthority *authority,
GAsyncReadyCallback callback,
gpointer user_data)
{
GVariant *subject_value;
GVariant *details_value;
CheckAuthData *data;
g_return_if_fail (POLKIT_IS_AUTHORITY (authority));
......@@ -896,11 +894,6 @@ polkit_authority_check_authorization (PolkitAuthority *authority,
g_return_if_fail (details == NULL || POLKIT_IS_DETAILS (details));
g_return_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable));
subject_value = polkit_subject_to_gvariant (subject);
details_value = polkit_details_to_gvariant (details);
g_variant_ref_sink (subject_value);
g_variant_ref_sink (details_value);
data = g_new0 (CheckAuthData, 1);
data->authority = g_object_ref (authority);
data->simple = g_simple_async_result_new (G_OBJECT (authority),
......@@ -915,9 +908,9 @@ polkit_authority_check_authorization (PolkitAuthority *authority,
g_dbus_proxy_call (authority->proxy,
"CheckAuthorization",
g_variant_new ("(@(sa{sv})s@a{ss}us)",
subject_value,
polkit_subject_to_gvariant (subject), /* A floating value */
action_id,
details_value,
polkit_details_to_gvariant (details), /* A floating value */
flags,
data->cancellation_id != NULL ? data->cancellation_id : ""),
G_DBUS_CALL_FLAGS_NONE,
......@@ -925,8 +918,6 @@ polkit_authority_check_authorization (PolkitAuthority *authority,
cancellable,
(GAsyncReadyCallback) check_authorization_cb,
data);
g_variant_unref (subject_value);
g_variant_unref (details_value);
}
/**
......@@ -1058,20 +1049,16 @@ polkit_authority_register_authentication_agent (PolkitAuthority *authority,
GAsyncReadyCallback callback,
gpointer user_data)
{
GVariant *subject_value;
g_return_if_fail (POLKIT_IS_AUTHORITY (authority));
g_return_if_fail (POLKIT_IS_SUBJECT (subject));
g_return_if_fail (locale != NULL);
g_return_if_fail (g_variant_is_object_path (object_path));
g_return_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable));
subject_value = polkit_subject_to_gvariant (subject);
g_variant_ref_sink (subject_value);
g_dbus_proxy_call (authority->proxy,
"RegisterAuthenticationAgent",
g_variant_new ("(@(sa{sv})ss)",
subject_value,
polkit_subject_to_gvariant (subject), /* A floating value */
locale,
object_path),
G_DBUS_CALL_FLAGS_NONE,
......@@ -1082,7 +1069,6 @@ polkit_authority_register_authentication_agent (PolkitAuthority *authority,
callback,
user_data,
polkit_authority_register_authentication_agent));
g_variant_unref (subject_value);
}
/**
......@@ -1375,19 +1361,15 @@ polkit_authority_unregister_authentication_agent (PolkitAuthority *authorit
GAsyncReadyCallback callback,
gpointer user_data)
{
GVariant *subject_value;
g_return_if_fail (POLKIT_IS_AUTHORITY (authority));
g_return_if_fail (POLKIT_IS_SUBJECT (subject));
g_return_if_fail (g_variant_is_object_path (object_path));
g_return_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable));
subject_value = polkit_subject_to_gvariant (subject);
g_variant_ref_sink (subject_value);
g_dbus_proxy_call (authority->proxy,
"UnregisterAuthenticationAgent",
g_variant_new ("(@(sa{sv})s)",
subject_value,
polkit_subject_to_gvariant (subject), /* A floating value */
object_path),
G_DBUS_CALL_FLAGS_NONE,
-1,
......@@ -1397,7 +1379,6 @@ polkit_authority_unregister_authentication_agent (PolkitAuthority *authorit
callback,
user_data,
polkit_authority_unregister_authentication_agent));
g_variant_unref (subject_value);
}
/**
......@@ -1511,7 +1492,6 @@ polkit_authority_authentication_agent_response (PolkitAuthority *authority,
GAsyncReadyCallback callback,
gpointer user_data)
{
GVariant *identity_value;
/* Note that in reality, this API is only accessible to root, and
* only called from the setuid helper `polkit-agent-helper-1`.
*
......@@ -1526,14 +1506,12 @@ polkit_authority_authentication_agent_response (PolkitAuthority *authority,
g_return_if_fail (POLKIT_IS_IDENTITY (identity));
g_return_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable));
identity_value = polkit_identity_to_gvariant (identity);
g_variant_ref_sink (identity_value);
g_dbus_proxy_call (authority->proxy,
"AuthenticationAgentResponse2",
g_variant_new ("(us@(sa{sv}))",
(guint32)uid,
cookie,
identity_value),
polkit_identity_to_gvariant (identity)), /* A floating value */
G_DBUS_CALL_FLAGS_NONE,
-1,
cancellable,
......@@ -1542,7 +1520,6 @@ polkit_authority_authentication_agent_response (PolkitAuthority *authority,
callback,
user_data,
polkit_authority_authentication_agent_response));
g_variant_unref (identity_value);
}
/**
......@@ -1653,18 +1630,14 @@ polkit_authority_enumerate_temporary_authorizations (PolkitAuthority *author
GAsyncReadyCallback callback,
gpointer user_data)
{
GVariant *subject_value;
g_return_if_fail (POLKIT_IS_AUTHORITY (authority));
g_return_if_fail (POLKIT_IS_SUBJECT (subject));
g_return_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable));
subject_value = polkit_subject_to_gvariant (subject);
g_variant_ref_sink (subject_value);
g_dbus_proxy_call (authority->proxy,
"EnumerateTemporaryAuthorizations",
g_variant_new ("(@(sa{sv}))",
subject_value),
polkit_subject_to_gvariant (subject)), /* A floating value */
G_DBUS_CALL_FLAGS_NONE,
-1,
cancellable,
......@@ -1673,7 +1646,6 @@ polkit_authority_enumerate_temporary_authorizations (PolkitAuthority *author
callback,
user_data,
polkit_authority_enumerate_temporary_authorizations));
g_variant_unref (subject_value);
}
/**
......@@ -1726,11 +1698,13 @@ polkit_authority_enumerate_temporary_authorizations_finish (PolkitAuthority *aut
g_prefix_error (error, "Error serializing return value of EnumerateTemporaryAuthorizations: ");
g_list_foreach (ret, (GFunc) g_object_unref, NULL);
g_list_free (ret);
goto out;
ret = NULL;
goto out_array;
}
ret = g_list_prepend (ret, auth);
}
ret = g_list_reverse (ret);
out_array:
g_variant_unref (array);
g_variant_unref (value);
......@@ -1805,18 +1779,14 @@ polkit_authority_revoke_temporary_authorizations (PolkitAuthority *authority
GAsyncReadyCallback callback,
gpointer user_data)
{
GVariant *subject_value;
g_return_if_fail (POLKIT_IS_AUTHORITY (authority));
g_return_if_fail (POLKIT_IS_SUBJECT (subject));
g_return_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable));
subject_value = polkit_subject_to_gvariant (subject);
g_variant_ref_sink (subject_value);
g_dbus_proxy_call (authority->proxy,
"RevokeTemporaryAuthorizations",
g_variant_new ("(@(sa{sv}))",
subject_value),
polkit_subject_to_gvariant (subject)), /* A floating value */
G_DBUS_CALL_FLAGS_NONE,
-1,
cancellable,
......@@ -1825,7 +1795,6 @@ polkit_authority_revoke_temporary_authorizations (PolkitAuthority *authority
callback,
user_data,
polkit_authority_revoke_temporary_authorizations));
g_variant_unref (subject_value);
}
/**
......
......@@ -290,19 +290,15 @@ polkit_authorization_result_new_for_gvariant (GVariant *value)
return ret;
}
/* Note that this returns a floating value. */
GVariant *
polkit_authorization_result_to_gvariant (PolkitAuthorizationResult *authorization_result)
{
GVariant *ret;
GVariant *details_gvariant;
details_gvariant = polkit_details_to_gvariant (polkit_authorization_result_get_details (authorization_result));
g_variant_ref_sink (details_gvariant);
ret = g_variant_new ("(bb@a{ss})",
polkit_authorization_result_get_is_authorized (authorization_result),
polkit_authorization_result_get_is_challenge (authorization_result),
details_gvariant);
g_variant_unref (details_gvariant);
PolkitDetails *details;
return ret;
details = polkit_authorization_result_get_details (authorization_result);
return g_variant_new ("(bb@a{ss})",
polkit_authorization_result_get_is_authorized (authorization_result),
polkit_authorization_result_get_is_challenge (authorization_result),
polkit_details_to_gvariant (details)); /* A floating value */
}
......@@ -195,10 +195,10 @@ polkit_details_get_keys (PolkitDetails *details)
return ret;
}
/* Note that this returns a floating value. */
GVariant *
polkit_details_to_gvariant (PolkitDetails *details)
{
GVariant *ret;
GVariantBuilder builder;
g_variant_builder_init (&builder, G_VARIANT_TYPE ("a{ss}"));
......@@ -212,8 +212,7 @@ polkit_details_to_gvariant (PolkitDetails *details)
while (g_hash_table_iter_next (&hash_iter, (gpointer) &key, (gpointer) &value))
g_variant_builder_add (&builder, "{ss}", key, value);
}
ret = g_variant_builder_end (&builder);
return ret;
return g_variant_builder_end (&builder);
}
PolkitDetails *
......
......@@ -198,12 +198,12 @@ polkit_identity_from_string (const gchar *str,
return identity;
}
/* Note that this returns a floating value. */
GVariant *
polkit_identity_to_gvariant (PolkitIdentity *identity)
{
GVariantBuilder builder;
GVariant *dict;
GVariant *ret;
const gchar *kind;
kind = "";
......@@ -233,8 +233,7 @@ polkit_identity_to_gvariant (PolkitIdentity *identity)
}
dict = g_variant_builder_end (&builder);
ret = g_variant_new ("(s@a{sv})", kind, dict);
return ret;
return g_variant_new ("(s@a{sv})", kind, dict);
}
static GVariant *
......@@ -267,6 +266,7 @@ lookup_asv (GVariant *dict,
g_variant_get_type_string (value),
type_string);
g_free (type_string);
g_variant_unref (value);
goto out;
}
ret = value;
......
......@@ -290,12 +290,12 @@ polkit_subject_from_string (const gchar *str,
return subject;
}
/* Note that this returns a floating value. */
GVariant *
polkit_subject_to_gvariant (PolkitSubject *subject)
{
GVariantBuilder builder;
GVariant *dict;
GVariant *ret;
const gchar *kind;
kind = "";
......@@ -329,8 +329,7 @@ polkit_subject_to_gvariant (PolkitSubject *subject)
}
dict = g_variant_builder_end (&builder);
ret = g_variant_new ("(s@a{sv})", kind, dict);
return ret;
return g_variant_new ("(s@a{sv})", kind, dict);
}
static GVariant *
......@@ -363,6 +362,7 @@ lookup_asv (GVariant *dict,
g_variant_get_type_string (value),
type_string);
g_free (type_string);
g_variant_unref (value);
goto out;
}
ret = value;
......
......@@ -212,22 +212,15 @@ polkit_temporary_authorization_new_for_gvariant (GVariant *value,
return authorization;
}
/* Note that this returns a floating value. */
GVariant *
polkit_temporary_authorization_to_gvariant (PolkitTemporaryAuthorization *authorization)
{
GVariant *ret;
GVariant *subject_gvariant;
subject_gvariant = polkit_subject_to_gvariant (authorization->subject);
g_variant_ref_sink (subject_gvariant);
ret = g_variant_new ("(ss@(sa{sv})tt)",
authorization->id,
authorization->action_id,
subject_gvariant,
authorization->time_obtained,
authorization->time_expires);
g_variant_unref (subject_gvariant);
return ret;
return g_variant_new ("(ss@(sa{sv})tt)",
authorization->id,
authorization->action_id,
polkit_subject_to_gvariant (authorization->subject), /* A floating value */
authorization->time_obtained,
authorization->time_expires);
}
......@@ -451,6 +451,7 @@ polkit_unix_session_initable_init (GInitable *initable,
PolkitUnixSession *session = POLKIT_UNIX_SESSION (initable);
gboolean ret = FALSE;
char *s;
uid_t uid;
if (session->session_id != NULL)
{
......@@ -467,6 +468,19 @@ polkit_unix_session_initable_init (GInitable *initable,
goto out;
}
/* Now do process -> uid -> graphical session (systemd version 213)*/
if (sd_pid_get_owner_uid (session->pid, &uid) < 0)
goto error;
if (sd_uid_get_display (uid, &s) >= 0)
{
session->session_id = g_strdup (s);
free (s);
ret = TRUE;
goto out;
}
error:
g_set_error (error,
POLKIT_ERROR,
POLKIT_ERROR_FAILED,
......
......@@ -88,8 +88,6 @@ send_dbus_message (const char *cookie, const char *user)
ret = FALSE;
g_type_init ();
error = NULL;
authority = polkit_authority_get_sync (NULL /* GCancellable* */, &error);
if (authority == NULL)
......
......@@ -22,7 +22,6 @@
#ifndef __POLKIT_AGENT_HELPER_PRIVATE_H
#define __POLKIT_AGENT_HELPER_PRIVATE_H
#define _GNU_SOURCE
#include <polkit/polkit.h>
/* Development aid: define PAH_DEBUG to get debugging output. Do _NOT_
......
......@@ -156,7 +156,6 @@ server_register (Server *server,
NULL,
&local_error))
{
g_warning ("Unable to register authentication agent: %s", local_error->message);
g_propagate_error (error, local_error);
}
else
......@@ -422,10 +421,8 @@ polkit_agent_listener_register_with_options (PolkitAgentListener *listener,
if (flags & POLKIT_AGENT_REGISTER_FLAGS_RUN_IN_THREAD)
{
server->thread = g_thread_create (server_thread_func,
server,
TRUE,
error);
server->thread = g_thread_try_new ("polkit agent listener",
server_thread_func, server, error);
if (server->thread == NULL)
{
server_free (server);
......
......@@ -112,7 +112,7 @@ gboolean polkit_agent_listener_initiate_authentication_finish (PolkitAgentList
gboolean polkit_agent_register_listener (PolkitAgentListener *listener,
PolkitSubject *subject,
const gchar *object_path,
GError **error) G_GNUC_DEPRECATED_FOR (polkit_authority_listener_register);
GError **error) G_GNUC_DEPRECATED_FOR (polkit_agent_listener_register);
/**
* PolkitAgentRegisterFlags:
......
......@@ -645,11 +645,8 @@ server_handle_enumerate_actions (Server *server,
for (l = actions; l != NULL; l = l->next)
{
PolkitActionDescription *ad = POLKIT_ACTION_DESCRIPTION (l->data);
GVariant *value;
value = polkit_action_description_to_gvariant (ad);
g_variant_ref_sink (value);
g_variant_builder_add_value (&builder, value);
g_variant_unref (value);
g_variant_builder_add_value (&builder,
polkit_action_description_to_gvariant (ad)); /* A floating value */
}
g_dbus_method_invocation_return_value (invocation, g_variant_new ("(a(ssssssuuua{ss}))", &builder));
......@@ -709,11 +706,9 @@ check_auth_cb (GObject *source_object,
}
else
{
GVariant *value;
value = polkit_authorization_result_to_gvariant (result);
g_variant_ref_sink (value);
g_dbus_method_invocation_return_value (data->invocation, g_variant_new ("(@(bba{ss}))", value));
g_variant_unref (value);
g_dbus_method_invocation_return_value (data->invocation,
g_variant_new ("(@(bba{ss}))",
polkit_authorization_result_to_gvariant (result))); /* A floating value */
g_object_unref (result);
}
......@@ -956,6 +951,7 @@ server_handle_register_authentication_agent_with_options (Server
g_dbus_method_invocation_return_value (invocation, g_variant_new ("()"));
out:
g_variant_unref (subject_gvariant);
if (options != NULL)
g_variant_unref (options);
if (subject != NULL)
......@@ -1007,6 +1003,7 @@ server_handle_unregister_authentication_agent (Server *server,
g_dbus_method_invocation_return_value (invocation, g_variant_new ("()"));
out:
g_variant_unref (subject_gvariant);
if (subject != NULL)
g_object_unref (subject);
}
......@@ -1057,6 +1054,7 @@ server_handle_authentication_agent_response (Server *server,
g_dbus_method_invocation_return_value (invocation, g_variant_new ("()"));
out:
g_variant_unref (identity_gvariant);
if (identity != NULL)
g_object_unref (identity);
}
......@@ -1107,6 +1105,7 @@ server_handle_authentication_agent_response2 (Server *server,
g_dbus_method_invocation_return_value (invocation, g_variant_new ("()"));
out:
g_variant_unref (identity_gvariant);
if (identity != NULL)
g_object_unref (identity);
}
......@@ -1158,17 +1157,15 @@ server_handle_enumerate_temporary_authorizations (Server *server
for (l = authorizations; l != NULL; l = l->next)
{
PolkitTemporaryAuthorization *a = POLKIT_TEMPORARY_AUTHORIZATION (l->data);
GVariant *value;
value = polkit_temporary_authorization_to_gvariant (a);
g_variant_ref_sink (value);
g_variant_builder_add_value (&builder, value);
g_variant_unref (value);
g_variant_builder_add_value (&builder,
polkit_temporary_authorization_to_gvariant (a)); /* A floating value */
}
g_list_foreach (authorizations, (GFunc) g_object_unref, NULL);
g_list_free (authorizations);
g_dbus_method_invocation_return_value (invocation, g_variant_new ("(a(ss(sa{sv})tt))", &builder));
out:
g_variant_unref (subject_gvariant);
if (subject != NULL)
g_object_unref (subject);
}
......@@ -1215,6 +1212,7 @@ server_handle_revoke_temporary_authorizations (Server *server,
g_dbus_method_invocation_return_value (invocation, g_variant_new ("()"));
out:
g_variant_unref (subject_gvariant);
if (subject != NULL)
g_object_unref (subject);
}
......
......@@ -1906,15 +1906,15 @@ authentication_agent_begin_cb (GDBusProxy *proxy,
AuthenticationSession *session = user_data;
gboolean gained_authorization;
gboolean was_dismissed;
GVariant *result;
GError *error;
was_dismissed = FALSE;
gained_authorization = FALSE;
error = NULL;
if (!g_dbus_proxy_call_finish (proxy,
res,
&error))
result = g_dbus_proxy_call_finish (proxy, res, &error);
if (result == NULL)
{
g_printerr ("Error performing authentication: %s (%s %d)\n",
error->message,
......@@ -1926,6 +1926,7 @@ authentication_agent_begin_cb (GDBusProxy *proxy,
}
else
{
g_variant_unref (result);
gained_authorization = session->is_authenticated;
g_debug ("Authentication complete, is_authenticated = %d", session->is_authenticated);
}
......@@ -2299,7 +2300,6 @@ authentication_agent_initiate_challenge (AuthenticationAgent *agent,
gchar *localized_message;
gchar *localized_icon_name;
PolkitDetails *localized_details;
GVariant *details_gvariant;
GList *user_identities = NULL;
GVariantBuilder identities_builder;
GVariant *parameters;
......@@ -2397,28 +2397,21 @@ authentication_agent_initiate_challenge (AuthenticationAgent *agent,
add_pid (localized_details, caller, "polkit.caller-pid");
add_pid (localized_details, subject, "polkit.subject-pid");
details_gvariant = polkit_details_to_gvariant (localized_details);
g_variant_ref_sink (details_gvariant);
g_variant_builder_init (&identities_builder, G_VARIANT_TYPE ("a(sa{sv})"));
for (l = user_identities; l != NULL; l = l->next)
{
PolkitIdentity *identity = POLKIT_IDENTITY (l->data);
GVariant *value;
value = polkit_identity_to_gvariant (identity);
g_variant_ref_sink (value);
g_variant_builder_add_value (&identities_builder, value);
g_variant_unref (value);
g_variant_builder_add_value (&identities_builder,
polkit_identity_to_gvariant (identity)); /* A floating value */
}
parameters = g_variant_new ("(sss@a{ss}sa(sa{sv}))",
action_id,
localized_message,
localized_icon_name,
details_gvariant,
polkit_details_to_gvariant (localized_details), /* A floating value */
session->cookie,
&identities_builder);
g_variant_unref (details_gvariant);
g_dbus_proxy_call (agent->proxy,
"BeginAuthentication",
......@@ -2444,13 +2437,18 @@ authentication_agent_cancel_cb (GDBusProxy *proxy,
GAsyncResult *res,
gpointer user_data)
{
GVariant *result;
GError *error;
error = NULL;
if (!g_dbus_proxy_call_finish (proxy, res, &error))
result = g_dbus_proxy_call_finish (proxy, res, &error);
if (result == NULL)
{
g_printerr ("Error cancelling authentication: %s\n", error->message);
g_error_free (error);
}
else
g_variant_unref (result);
}
static void
......
......@@ -43,6 +43,7 @@
#include <systemd/sd-login.h>
#endif /* HAVE_LIBSYSTEMD */
#include <js/Initialization.h>
#include <jsapi.h>
#include "initjs.h" /* init.js */
......@@ -73,15 +74,12 @@ struct _PolkitBackendJsAuthorityPrivate
gchar **rules_dirs;
GFileMonitor **dir_monitors; /* NULL-terminated array of GFileMonitor instances */
JSRuntime *rt;
JSContext *cx;
JSObject *js_global;
JS::Heap<JSObject*> *js_global;
JSAutoCompartment *ac;
JSObject *js_polkit;
JS::Heap<JSObject*> *js_polkit;
GThread *runaway_killer_thread;
GMutex rkt_init_mutex;
GCond rkt_init_cond;
GMainContext *rkt_context;
GMainLoop *rkt_loop;
GSource *rkt_source;
......@@ -92,9 +90,9 @@ struct _PolkitBackendJsAuthorityPrivate
GList *scripts;
};
static JSBool execute_script_with_runaway_killer (PolkitBackendJsAuthority *authority,
JSScript *script,
jsval *rval);
static bool execute_script_with_runaway_killer (PolkitBackendJsAuthority *authority,
JS::HandleScript script,
JS::MutableHandleValue rval);
static void utils_spawn (const gchar *const *argv,
guint timeout_seconds,
......@@ -125,6 +123,7 @@ enum
/* ---------------------------------------------------------------------------------------------------- */
static gpointer runaway_killer_thread_func (gpointer user_data);
static void runaway_killer_terminate (PolkitBackendJsAuthority *authority);
static GList *polkit_backend_js_authority_get_admin_auth_identities (PolkitBackendInteractiveAuthority *authority,
PolkitSubject *caller,
......@@ -150,52 +149,64 @@ G_DEFINE_TYPE (PolkitBackendJsAuthority, polkit_backend_js_authority, POLKIT_BAC
/* ---------------------------------------------------------------------------------------------------- */
static const struct JSClassOps js_global_class_ops = {
NULL,
NULL,
NULL,
NULL,
NULL,
NULL,
NULL,
NULL,
NULL,
NULL,
NULL,
NULL
};
static JSClass js_global_class = {
"global",
JSCLASS_GLOBAL_FLAGS,
JS_PropertyStub,
JS_DeletePropertyStub,
JS_PropertyStub,
JS_StrictPropertyStub,
JS_EnumerateStub,
JS_ResolveStub,
JS_ConvertStub,
NULL,
JSCLASS_NO_OPTIONAL_MEMBERS
&js_global_class_ops
};
/* ---------------------------------------------------------------------------------------------------- */
static const struct JSClassOps js_polkit_class_ops = {
NULL,
NULL,
NULL,
NULL,
NULL,
NULL,
NULL,
NULL,
NULL,
NULL,
NULL,
NULL
};
static JSClass js_polkit_class = {
"Polkit",
0,
JS_PropertyStub,
JS_DeletePropertyStub,
JS_PropertyStub,
JS_StrictPropertyStub,
JS_EnumerateStub,
JS_ResolveStub,
JS_ConvertStub,
NULL,
JSCLASS_NO_OPTIONAL_MEMBERS
&js_polkit_class_ops
};
static JSBool js_polkit_log (JSContext *cx, unsigned argc, jsval *vp);
static JSBool js_polkit_spawn (JSContext *cx, unsigned argc, jsval *vp);
static JSBool js_polkit_user_is_in_netgroup (JSContext *cx, unsigned argc, jsval *vp);
static bool js_polkit_log (JSContext *cx, unsigned argc, JS::Value *vp);
static bool js_polkit_spawn (JSContext *cx, unsigned argc, JS::Value *vp);
static bool js_polkit_user_is_in_netgroup (JSContext *cx, unsigned argc, JS::Value *vp);
static JSFunctionSpec js_polkit_functions[] =
{
JS_FS("log", js_polkit_log, 0, 0),
JS_FS("spawn", js_polkit_spawn, 0, 0),
JS_FS("_userIsInNetGroup", js_polkit_user_is_in_netgroup, 0, 0),
JS_FN("log", js_polkit_log, 0, 0),
JS_FN("spawn", js_polkit_spawn, 0, 0),
JS_FN("_userIsInNetGroup", js_polkit_user_is_in_netgroup, 0, 0),
JS_FS_END
};
/* ---------------------------------------------------------------------------------------------------- */
static void report_error (JSContext *cx,
const char *message,
JSErrorReport *report)
{
PolkitBackendJsAuthority *authority = POLKIT_BACKEND_JS_AUTHORITY (JS_GetContextPrivate (cx));
......@@ -203,7 +214,7 @@ static void report_error (JSContext *cx,
"%s:%u: %s",
report->filename ? report->filename : "<no filename>",
(unsigned int) report->lineno,
message);
report->message().c_str());
}
static void
......@@ -291,13 +302,8 @@ load_scripts (PolkitBackendJsAuthority *authority)
const gchar *filename = (gchar *)l->data;
JS::RootedScript script(authority->priv->cx);
JS::CompileOptions options(authority->priv->cx);
JS::RootedObject obj(authority->priv->cx,authority->priv->js_global);
options.setUTF8(true);
script = JS::Compile (authority->priv->cx,
obj, options,
filename);
if (script == NULL)
if (!JS::Compile (authority->priv->cx, options, filename, &script))
{
polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority),
"Error compiling script %s",
......@@ -306,7 +312,7 @@ load_scripts (PolkitBackendJsAuthority *authority)
}
/* evaluate the script */
jsval rval;
JS::RootedValue rval(authority->priv->cx);
if (!execute_script_with_runaway_killer (authority,
script,
&rval))
......@@ -331,16 +337,18 @@ load_scripts (PolkitBackendJsAuthority *authority)
static void
reload_scripts (PolkitBackendJsAuthority *authority)
{
jsval argv[1] = {JSVAL_NULL};
jsval rval = JSVAL_NULL;
JS_BeginRequest (authority->priv->cx);
JS::AutoValueArray<1> args(authority->priv->cx);
JS::RootedValue rval(authority->priv->cx);
JS::RootedObject js_polkit(authority->priv->cx, authority->priv->js_polkit->get ());
args[0].setUndefined ();
if (!JS_CallFunctionName(authority->priv->cx,
authority->priv->js_polkit,
js_polkit,
"_deleteRules",
0,
argv,
args,
&rval))
{
polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority),
......@@ -350,7 +358,7 @@ reload_scripts (PolkitBackendJsAuthority *authority)
polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority),
"Collecting garbage unconditionally...");
JS_GC (authority->priv->rt);
JS_GC (authority->priv->cx);
load_scripts (authority);
......@@ -442,21 +450,18 @@ polkit_backend_js_authority_constructed (GObject *object)
PolkitBackendJsAuthority *authority = POLKIT_BACKEND_JS_AUTHORITY (object);
gboolean entered_request = FALSE;
authority->priv->rt = JS_NewRuntime (8L * 1024L * 1024L, JS_USE_HELPER_THREADS);
if (authority->priv->rt == NULL)
authority->priv->cx = JS_NewContext (8L * 1024L * 1024L);
if (authority->priv->cx == NULL)
goto fail;
authority->priv->cx = JS_NewContext (authority->priv->rt, 8192);
if (authority->priv->cx == NULL)
if (!JS::InitSelfHostedCode (authority->priv->cx))
goto fail;
/* TODO: JIT'ing doesn't work will with killing runaway scripts... I think
* this is just a SpiderMonkey bug. So disable the JIT for now.
*/
JS_SetOptions (authority->priv->cx,
JSOPTION_VAROBJFIX
/* | JSOPTION_JIT | JSOPTION_METHODJIT*/);
JS_SetErrorReporter(authority->priv->cx, report_error);
JS::ContextOptionsRef (authority->priv->cx)
.setIon (TRUE)
.setBaseline (TRUE)
.setAsmJS (TRUE);
JS::SetWarningReporter(authority->priv->cx, report_error);
JS_SetContextPrivate (authority->priv->cx, authority);
JS_BeginRequest(authority->priv->cx);
......@@ -464,43 +469,47 @@ polkit_backend_js_authority_constructed (GObject *object)
{
JS::CompartmentOptions compart_opts;
compart_opts.setVersion(JSVERSION_LATEST);
authority->priv->js_global = JS_NewGlobalObject (authority->priv->cx, &js_global_class, NULL, compart_opts);
compart_opts.behaviors().setVersion(JSVERSION_LATEST);
JS::RootedObject global(authority->priv->cx);
if (authority->priv->js_global == NULL)
authority->priv->js_global = new JS::Heap<JSObject*> (JS_NewGlobalObject (authority->priv->cx, &js_global_class, NULL, JS::FireOnNewGlobalHook, compart_opts));
global = authority->priv->js_global->get ();
if (global == NULL)
goto fail;
authority->priv->ac = new JSAutoCompartment(authority->priv->cx, authority->priv->js_global);
authority->priv->ac = new JSAutoCompartment(authority->priv->cx, global);
if (authority->priv->ac == NULL)
goto fail;
JS_AddObjectRoot (authority->priv->cx, &authority->priv->js_global);
if (!JS_InitStandardClasses (authority->priv->cx, global))
goto fail;
JS::RootedObject polkit(authority->priv->cx);
authority->priv->js_polkit = new JS::Heap<JSObject *> (JS_NewObject (authority->priv->cx, &js_polkit_class));
polkit = authority->priv->js_polkit->get ();
if (!JS_InitStandardClasses (authority->priv->cx, authority->priv->js_global))
if (polkit == NULL)
goto fail;
authority->priv->js_polkit = JS_DefineObject (authority->priv->cx,
authority->priv->js_global,
"polkit",
&js_polkit_class,
NULL,
JSPROP_ENUMERATE);
if (authority->priv->js_polkit == NULL)
if (!JS_DefineProperty(authority->priv->cx, global, "polkit", polkit, JSPROP_ENUMERATE))
goto fail;
JS_AddObjectRoot (authority->priv->cx, &authority->priv->js_polkit);
if (!JS_DefineFunctions (authority->priv->cx,
authority->priv->js_polkit,
polkit,
js_polkit_functions))
goto fail;
if (!JS_EvaluateScript (authority->priv->cx,
authority->priv->js_global,
init_js, strlen (init_js), /* init.js */
"init.js", /* filename */
0, /* lineno */
NULL)) /* rval */
JS::CompileOptions options(authority->priv->cx, JSVERSION_UNKNOWN);
JS::RootedValue rval(authority->priv->cx);
if (!JS::Evaluate (authority->priv->cx,
options,
init_js, strlen (init_js), /* init.js */
&rval)) /* rval */
{
goto fail;
}
......@@ -512,20 +521,14 @@ polkit_backend_js_authority_constructed (GObject *object)
authority->priv->rules_dirs[1] = g_strdup (PACKAGE_DATA_DIR "/polkit-1/rules.d");
}
g_mutex_init (&authority->priv->rkt_init_mutex);
g_cond_init (&authority->priv->rkt_init_cond);
authority->priv->rkt_context = g_main_context_new ();
authority->priv->rkt_loop = g_main_loop_new (authority->priv->rkt_context, FALSE);
g_mutex_init (&authority->priv->rkt_timeout_pending_mutex);
authority->priv->runaway_killer_thread = g_thread_new ("runaway-killer-thread",
runaway_killer_thread_func,
authority);
/* wait for runaway_killer_thread to set up its GMainContext */
g_mutex_lock (&authority->priv->rkt_init_mutex);
while (authority->priv->rkt_context == NULL)
g_cond_wait (&authority->priv->rkt_init_cond, &authority->priv->rkt_init_mutex);
g_mutex_unlock (&authority->priv->rkt_init_mutex);
setup_file_monitors (authority);
load_scripts (authority);
}
......@@ -549,15 +552,11 @@ polkit_backend_js_authority_finalize (GObject *object)
PolkitBackendJsAuthority *authority = POLKIT_BACKEND_JS_AUTHORITY (object);
guint n;
g_mutex_clear (&authority->priv->rkt_init_mutex);
g_cond_clear (&authority->priv->rkt_init_cond);
g_mutex_clear (&authority->priv->rkt_timeout_pending_mutex);
runaway_killer_terminate (authority);
/* shut down the killer thread */
g_assert (authority->priv->rkt_loop != NULL);
g_main_loop_quit (authority->priv->rkt_loop);
g_thread_join (authority->priv->runaway_killer_thread);
g_assert (authority->priv->rkt_loop == NULL);
g_mutex_clear (&authority->priv->rkt_timeout_pending_mutex);
g_main_loop_unref (authority->priv->rkt_loop);
g_main_context_unref (authority->priv->rkt_context);
for (n = 0; authority->priv->dir_monitors != NULL && authority->priv->dir_monitors[n] != NULL; n++)
{
......@@ -570,14 +569,9 @@ polkit_backend_js_authority_finalize (GObject *object)
g_free (authority->priv->dir_monitors);
g_strfreev (authority->priv->rules_dirs);
JS_BeginRequest (authority->priv->cx);
JS_RemoveObjectRoot (authority->priv->cx, &authority->priv->js_polkit);
delete authority->priv->ac;
JS_RemoveObjectRoot (authority->priv->cx, &authority->priv->js_global);
JS_EndRequest (authority->priv->cx);
JS_DestroyContext (authority->priv->cx);
JS_DestroyRuntime (authority->priv->rt);
/* JS_ShutDown (); */
G_OBJECT_CLASS (polkit_backend_js_authority_parent_class)->finalize (object);
......@@ -654,6 +648,8 @@ polkit_backend_js_authority_class_init (PolkitBackendJsAuthorityClass *klass)
g_type_class_add_private (klass, sizeof (PolkitBackendJsAuthorityPrivate));
JS_Init ();
}
/* ---------------------------------------------------------------------------------------------------- */
......@@ -661,66 +657,75 @@ polkit_backend_js_authority_class_init (PolkitBackendJsAuthorityClass *klass)
/* authority->priv->cx must be within a request */
static void
set_property_str (PolkitBackendJsAuthority *authority,
JSObject *obj,
JS::HandleObject obj,
const gchar *name,
const gchar *value)
{
JSString *value_jsstr;
jsval value_jsval;
value_jsstr = JS_NewStringCopyZ (authority->priv->cx, value);
value_jsval = STRING_TO_JSVAL (value_jsstr);
JS_SetProperty (authority->priv->cx, obj, name, &value_jsval);
JS::RootedValue value_jsval(authority->priv->cx);
if (value)
{
JS::ConstUTF8CharsZ chars(value, strlen(value));
JS::RootedString str(authority->priv->cx, JS_NewStringCopyUTF8Z(authority->priv->cx, chars));
value_jsval = JS::StringValue (str);
}
else
value_jsval = JS::NullValue ();
JS_SetProperty (authority->priv->cx, obj, name, value_jsval);
}
/* authority->priv->cx must be within a request */
static void
set_property_strv (PolkitBackendJsAuthority *authority,