mailarchive of the ptxdist mailing list
 help / color / mirror / Atom feed
From: Juergen Borleis <jbe@pengutronix.de>
To: ptxdist@pengutronix.de
Subject: [ptxdist] [APTCH] polkit: version bump 0.96 -> 0.104
Date: Mon, 16 Mar 2015 14:24:05 +0100	[thread overview]
Message-ID: <201503161424.05539.jbe@pengutronix.de> (raw)

Signed-off-by: Juergen Borleis <jbe@pengutronix.de>

diff --git a/patches/polkit-0.96/0001-Bug-26982-pkexec-information-disclosure-vulnerabilit.patch b/patches/polkit-0.96/0001-Bug-26982-pkexec-information-disclosure-vulnerabilit.patch
deleted file mode 100644
index 3c8efb61bdbd..000000000000
--- a/patches/polkit-0.96/0001-Bug-26982-pkexec-information-disclosure-vulnerabilit.patch
+++ /dev/null
@@ -1,68 +0,0 @@
-From 14bdfd816512a82b1ad258fa143ae5faa945df8a Mon Sep 17 00:00:00 2001
-From: Dan Rosenberg <dan.j.rosenberg@gmail.com>
-Date: Wed, 10 Mar 2010 12:46:19 -0500
-Subject: [PATCH 1/3] =?UTF-8?q?Bug=2026982=20=E2=80=93=20pkexec=20information=20disclosure=20vulnerability?=
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-pkexec is vulnerable to a minor information disclosure vulnerability
-that allows an attacker to verify whether or not arbitrary files
-exist, violating directory permissions. I reproduced the issue on my
-Karmic installation as follows:
-
- $ mkdir secret
- $ sudo chown root:root secret
- $ sudo chmod 400 secret
- $ sudo touch secret/hidden
- $ pkexec /home/drosenbe/secret/hidden
- (password prompt)
- $ pkexec /home/drosenbe/secret/doesnotexist
- Error getting information about /home/drosenbe/secret/doesnotexist: No such
- file or directory
-
-I've attached my patch for the issue. I replaced the stat() call
-entirely with access() using F_OK, so rather than check that the
-target exists, pkexec now checks if the user has permission to verify
-the existence of the program. There might be another way of doing
-this, such as chdir()'ing to the parent directory of the target and
-calling lstat(), but this seemed like more code than necessary to
-prevent such a minor problem.  I see no reason to allow pkexec to
-execute targets that are not accessible to the executing user because
-of directory permissions. This is such a limited use case anyway that
-this doesn't really affect functionality.
-
-http://bugs.freedesktop.org/show_bug.cgi?id=26982
-
-Signed-off-by: David Zeuthen <davidz@redhat.com>
----
- src/programs/pkexec.c |    5 ++---
- 1 files changed, 2 insertions(+), 3 deletions(-)
-
-diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c
-index 860e665..17c191e 100644
---- a/src/programs/pkexec.c
-+++ b/src/programs/pkexec.c
-@@ -411,7 +411,6 @@ main (int argc, char *argv[])
-   gchar *opt_user;
-   pid_t pid_of_caller;
-   uid_t uid_of_caller;
--  struct stat statbuf;
- 
-   ret = 127;
-   authority = NULL;
-@@ -520,9 +519,9 @@ main (int argc, char *argv[])
-       g_free (path);
-       argv[n] = path = s;
-     }
--  if (stat (path, &statbuf) != 0)
-+  if (access (path, F_OK) != 0)
-     {
--      g_printerr ("Error getting information about %s: %s\n", path, g_strerror (errno));
-+      g_printerr ("Error accessing %s: %s\n", path, g_strerror (errno));
-       goto out;
-     }
-   command_line = g_strjoinv (" ", argv + n);
--- 
-1.7.1
-
diff --git a/patches/polkit-0.96/0002-Add-shadow-support.patch b/patches/polkit-0.96/0002-Add-shadow-support.patch
deleted file mode 100644
index b9119e13fb0f..000000000000
--- a/patches/polkit-0.96/0002-Add-shadow-support.patch
+++ /dev/null
@@ -1,1083 +0,0 @@
-From a2edcef54d2ab1a92f729e34dfa0c183b2533c61 Mon Sep 17 00:00:00 2001
-From: Andrew Psaltis <ampsaltis@gmail.com>
-Date: Mon, 28 Jun 2010 22:04:00 -0400
-Subject: [PATCH 2/3] Add shadow support
-
-Added support for the shadow authentication framework instead of PAM.
-Enable it by passing --with-authfw=shadow to configure.
-
-This is done by splitting the polkitagenthelper source into separate
-parts, one that does auth with PAM, and another that does auth with
-shadow, sharing functions where appropriate.
-
-Also, all PAM-dependendent code in all other files has been #ifdef'd.
-The only affected file is src/programs/pkexec.c
-
-Signed-off-by: David Zeuthen <davidz@redhat.com>
----
- src/polkitagent/Makefile.am                |    9 +-
- src/polkitagent/polkitagenthelper-pam.c    |  264 ++++++++++++++++++++++
- src/polkitagent/polkitagenthelper-shadow.c |  198 ++++++++++++++++
- src/polkitagent/polkitagenthelper.c        |  339 ----------------------------
- src/polkitagent/polkitagenthelperprivate.c |  106 +++++++++
- src/polkitagent/polkitagenthelperprivate.h |   45 ++++
- src/programs/pkexec.c                      |    8 +
- 7 files changed, 629 insertions(+), 340 deletions(-)
- create mode 100644 src/polkitagent/polkitagenthelper-pam.c
- create mode 100644 src/polkitagent/polkitagenthelper-shadow.c
- delete mode 100644 src/polkitagent/polkitagenthelper.c
- create mode 100644 src/polkitagent/polkitagenthelperprivate.c
- create mode 100644 src/polkitagent/polkitagenthelperprivate.h
-
-diff --git a/src/polkitagent/Makefile.am b/src/polkitagent/Makefile.am
-index 3f38329..820be4d 100644
---- a/src/polkitagent/Makefile.am
-+++ b/src/polkitagent/Makefile.am
-@@ -68,9 +68,16 @@ libpolkit_agent_1_la_LDFLAGS = -export-symbols-regex '(^polkit_.*)'
- libexec_PROGRAMS = polkit-agent-helper-1
- 
- polkit_agent_helper_1_SOURCES = 					\
--	polkitagenthelper.c						\
-+	polkitagenthelperprivate.c polkitagenthelperprivate.h		\
- 	$(NULL)
- 
-+if POLKIT_AUTHFW_PAM
-+polkit_agent_helper_1_SOURCES += polkitagenthelper-pam.c
-+endif
-+if POLKIT_AUTHFW_SHADOW
-+polkit_agent_helper_1_SOURCES += polkitagenthelper-shadow.c
-+endif
-+
- polkit_agent_helper_1_CFLAGS  = 					\
-         -D_POLKIT_COMPILATION                                  		\
- 	$(GLIB_CFLAGS)							\
-diff --git a/src/polkitagent/polkitagenthelper-pam.c b/src/polkitagent/polkitagenthelper-pam.c
-new file mode 100644
-index 0000000..5e8b54c
---- /dev/null
-+++ b/src/polkitagent/polkitagenthelper-pam.c
-@@ -0,0 +1,264 @@
-+/*
-+ * Copyright (C) 2008, 2010 Red Hat, Inc.
-+ *
-+ * This library is free software; you can redistribute it and/or
-+ * modify it under the terms of the GNU Lesser General Public
-+ * License as published by the Free Software Foundation; either
-+ * version 2 of the License, or (at your option) any later version.
-+ *
-+ * This library is distributed in the hope that it will be useful,
-+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
-+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-+ * Lesser General Public License for more details.
-+ *
-+ * You should have received a copy of the GNU Lesser General
-+ * Public License along with this library; if not, write to the
-+ * Free Software Foundation, Inc., 59 Temple Place, Suite 330,
-+ * Boston, MA 02111-1307, USA.
-+ *
-+ * Author: David Zeuthen <davidz@redhat.com>
-+ */
-+
-+#include "config.h"
-+#include "polkitagenthelperprivate.h"
-+
-+#include <stdio.h>
-+#include <stdlib.h>
-+#include <string.h>
-+#include <unistd.h>
-+#include <sys/types.h>
-+#include <sys/stat.h>
-+#include <syslog.h>
-+#include <security/pam_appl.h>
-+
-+#include <polkit/polkit.h>
-+
-+static int conversation_function (int n, const struct pam_message **msg, struct pam_response **resp, void *data);
-+
-+int
-+main (int argc, char *argv[])
-+{
-+  int rc;
-+  const char *user_to_auth;
-+  const char *cookie;
-+  struct pam_conv pam_conversation;
-+  pam_handle_t *pam_h;
-+  const void *authed_user;
-+
-+  rc = 0;
-+  pam_h = NULL;
-+
-+  /* clear the entire environment to avoid attacks using with libraries honoring environment variables */
-+  if (_polkit_clearenv () != 0)
-+    goto error;
-+
-+  /* set a minimal environment */
-+  setenv ("PATH", "/usr/sbin:/usr/bin:/sbin:/bin", 1);
-+
-+  /* check that we are setuid root */
-+  if (geteuid () != 0)
-+    {
-+      fprintf (stderr, "polkit-agent-helper-1: needs to be setuid root\n");
-+      goto error;
-+    }
-+
-+  openlog ("polkit-agent-helper-1", LOG_CONS | LOG_PID, LOG_AUTHPRIV);
-+
-+  /* check for correct invocation */
-+  if (argc != 3)
-+    {
-+      syslog (LOG_NOTICE, "inappropriate use of helper, wrong number of arguments [uid=%d]", getuid ());
-+      fprintf (stderr, "polkit-agent-helper-1: wrong number of arguments. This incident has been logged.\n");
-+      goto error;
-+    }
-+
-+  user_to_auth = argv[1];
-+  cookie = argv[2];
-+
-+  if (getuid () != 0)
-+    {
-+      /* check we're running with a non-tty stdin */
-+      if (isatty (STDIN_FILENO) != 0)
-+        {
-+          syslog (LOG_NOTICE, "inappropriate use of helper, stdin is a tty [uid=%d]", getuid ());
-+          fprintf (stderr, "polkit-agent-helper-1: inappropriate use of helper, stdin is a tty. This incident has been logged.\n");
-+          goto error;
-+        }
-+    }
-+
-+#ifdef PAH_DEBUG
-+  fprintf (stderr, "polkit-agent-helper-1: user to auth is '%s'.\n", user_to_auth);
-+#endif /* PAH_DEBUG */
-+
-+  pam_conversation.conv        = conversation_function;
-+  pam_conversation.appdata_ptr = NULL;
-+
-+  /* start the pam stack */
-+  rc = pam_start ("polkit-1",
-+                  user_to_auth,
-+                  &pam_conversation,
-+                  &pam_h);
-+  if (rc != PAM_SUCCESS)
-+    {
-+      fprintf (stderr, "polkit-agent-helper-1: pam_start failed: %s\n", pam_strerror (pam_h, rc));
-+      goto error;
-+    }
-+
-+  /* set the requesting user */
-+  rc = pam_set_item (pam_h, PAM_RUSER, user_to_auth);
-+  if (rc != PAM_SUCCESS)
-+    {
-+      fprintf (stderr, "polkit-agent-helper-1: pam_set_item failed: %s\n", pam_strerror (pam_h, rc));
-+      goto error;
-+    }
-+
-+  /* is user really user? */
-+  rc = pam_authenticate (pam_h, 0);
-+  if (rc != PAM_SUCCESS)
-+    {
-+      fprintf (stderr, "polkit-agent-helper-1: pam_authenticated failed: %s\n", pam_strerror (pam_h, rc));
-+      goto error;
-+    }
-+
-+  /* permitted access? */
-+  rc = pam_acct_mgmt (pam_h, 0);
-+  if (rc != PAM_SUCCESS)
-+    {
-+      fprintf (stderr, "polkit-agent-helper-1: pam_acct_mgmt failed: %s\n", pam_strerror (pam_h, rc));
-+      goto error;
-+    }
-+
-+  /* did we auth the right user? */
-+  rc = pam_get_item (pam_h, PAM_USER, &authed_user);
-+  if (rc != PAM_SUCCESS)
-+    {
-+      fprintf (stderr, "polkit-agent-helper-1: pam_get_item failed: %s\n", pam_strerror (pam_h, rc));
-+      goto error;
-+    }
-+
-+  if (strcmp (authed_user, user_to_auth) != 0)
-+    {
-+      fprintf (stderr, "polkit-agent-helper-1: Tried to auth user '%s' but we got auth for user '%s' instead",
-+               user_to_auth, (const char *) authed_user);
-+      goto error;
-+    }
-+
-+#ifdef PAH_DEBUG
-+  fprintf (stderr, "polkit-agent-helper-1: successfully authenticated user '%s'.\n", user_to_auth);
-+#endif /* PAH_DEBUG */
-+
-+  pam_end (pam_h, rc);
-+  pam_h = NULL;
-+
-+#ifdef PAH_DEBUG
-+  fprintf (stderr, "polkit-agent-helper-1: sending D-Bus message to PolicyKit daemon\n");
-+#endif /* PAH_DEBUG */
-+
-+  /* now send a D-Bus message to the PolicyKit daemon that
-+   * includes a) the cookie; and b) the user we authenticated
-+   */
-+  if (!send_dbus_message (cookie, user_to_auth))
-+    {
-+#ifdef PAH_DEBUG
-+      fprintf (stderr, "polkit-agent-helper-1: error sending D-Bus message to PolicyKit daemon\n");
-+#endif /* PAH_DEBUG */
-+      goto error;
-+    }
-+
-+#ifdef PAH_DEBUG
-+  fprintf (stderr, "polkit-agent-helper-1: successfully sent D-Bus message to PolicyKit daemon\n");
-+#endif /* PAH_DEBUG */
-+
-+  fprintf (stdout, "SUCCESS\n");
-+  flush_and_wait();
-+  return 0;
-+
-+error:
-+  if (pam_h != NULL)
-+    pam_end (pam_h, rc);
-+
-+  fprintf (stdout, "FAILURE\n");
-+  flush_and_wait();
-+  return 1;
-+}
-+
-+static int
-+conversation_function (int n, const struct pam_message **msg, struct pam_response **resp, void *data)
-+{
-+  struct pam_response *aresp;
-+  char buf[PAM_MAX_RESP_SIZE];
-+  int i;
-+
-+  data = data;
-+  if (n <= 0 || n > PAM_MAX_NUM_MSG)
-+    return PAM_CONV_ERR;
-+
-+  if ((aresp = calloc(n, sizeof *aresp)) == NULL)
-+    return PAM_BUF_ERR;
-+
-+  for (i = 0; i < n; ++i)
-+    {
-+      aresp[i].resp_retcode = 0;
-+      aresp[i].resp = NULL;
-+      switch (msg[i]->msg_style)
-+        {
-+
-+        case PAM_PROMPT_ECHO_OFF:
-+          fprintf (stdout, "PAM_PROMPT_ECHO_OFF ");
-+          goto conv1;
-+
-+        case PAM_PROMPT_ECHO_ON:
-+          fprintf (stdout, "PAM_PROMPT_ECHO_ON ");
-+        conv1:
-+          fputs (msg[i]->msg, stdout);
-+          if (strlen (msg[i]->msg) > 0 && msg[i]->msg[strlen (msg[i]->msg) - 1] != '\n')
-+            fputc ('\n', stdout);
-+          fflush (stdout);
-+
-+          if (fgets (buf, sizeof buf, stdin) == NULL)
-+            goto error;
-+
-+          if (strlen (buf) > 0 &&
-+              buf[strlen (buf) - 1] == '\n')
-+            buf[strlen (buf) - 1] = '\0';
-+
-+          aresp[i].resp = strdup (buf);
-+          if (aresp[i].resp == NULL)
-+            goto error;
-+          break;
-+
-+        case PAM_ERROR_MSG:
-+          fprintf (stdout, "PAM_ERROR_MSG ");
-+          goto conv2;
-+
-+        case PAM_TEXT_INFO:
-+          fprintf (stdout, "PAM_TEXT_INFO ");
-+        conv2:
-+          fputs (msg[i]->msg, stdout);
-+          if (strlen (msg[i]->msg) > 0 &&
-+              msg[i]->msg[strlen (msg[i]->msg) - 1] != '\n')
-+            fputc ('\n', stdout);
-+          fflush (stdout);
-+          break;
-+
-+        default:
-+          goto error;
-+        }
-+    }
-+
-+  *resp = aresp;
-+  return PAM_SUCCESS;
-+
-+error:
-+
-+  for (i = 0; i < n; ++i)
-+    {
-+      if (aresp[i].resp != NULL) {
-+        memset (aresp[i].resp, 0, strlen(aresp[i].resp));
-+        free (aresp[i].resp);
-+      }
-+    }
-+  memset (aresp, 0, n * sizeof *aresp);
-+  *resp = NULL;
-+  return PAM_CONV_ERR;
-+}
-diff --git a/src/polkitagent/polkitagenthelper-shadow.c b/src/polkitagent/polkitagenthelper-shadow.c
-new file mode 100644
-index 0000000..a4f73ac
---- /dev/null
-+++ b/src/polkitagent/polkitagenthelper-shadow.c
-@@ -0,0 +1,198 @@
-+/*
-+ * Copyright (C) 2008 Red Hat, Inc.
-+ * Copyright (C) 2009-2010 Andrew Psaltis <ampsaltis@gmail.com>
-+ *
-+ * This library is free software; you can redistribute it and/or
-+ * modify it under the terms of the GNU Lesser General Public
-+ * License as published by the Free Software Foundation; either
-+ * version 2 of the License, or (at your option) any later version.
-+ *
-+ * This library is distributed in the hope that it will be useful,
-+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
-+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-+ * Lesser General Public License for more details.
-+ *
-+ * You should have received a copy of the GNU Lesser General
-+ * Public License along with this library; if not, write to the
-+ * Free Software Foundation, Inc., 59 Temple Place, Suite 330,
-+ * Boston, MA 02111-1307, USA.
-+ *
-+ * Authors: Andrew Psaltis <ampsaltis@gmail.com>, based on
-+ *            polkitagenthelper.c which was written by
-+ *          David Zeuthen <davidz@redhat.com>
-+ */
-+
-+#include "config.h"
-+#include "polkitagenthelperprivate.h"
-+
-+#include <stdio.h>
-+#include <stdlib.h>
-+#include <string.h>
-+#include <unistd.h>
-+#include <sys/types.h>
-+#include <sys/stat.h>
-+#include <syslog.h>
-+#include <shadow.h>
-+#include <grp.h>
-+#include <pwd.h>
-+#include <time.h>
-+
-+#include <polkit/polkit.h>
-+
-+static gboolean shadow_authenticate (struct spwd *shadow);
-+
-+int
-+main (int argc, char *argv[])
-+{
-+  struct spwd *shadow;
-+  const char *user_to_auth;
-+  const char *cookie;
-+  time_t now;
-+
-+  /* clear the entire environment to avoid attacks with
-+     libraries honoring environment variables */
-+  if (_polkit_clearenv () != 0)
-+    goto error;
-+
-+  /* set a minimal environment */
-+  setenv ("PATH", "/usr/sbin:/usr/bin:/sbin:/bin", 1);
-+
-+  /* check that we are setuid root */
-+  if (geteuid () != 0)
-+    {
-+      fprintf (stderr, "polkit-agent-helper-1: needs to be setuid root\n");
-+      goto error;
-+    }
-+
-+  openlog ("polkit-agent-helper-1", LOG_CONS | LOG_PID, LOG_AUTHPRIV);
-+
-+  /* check for correct invocation */
-+  if (argc != 3)
-+    {
-+      syslog (LOG_NOTICE, "inappropriate use of helper, wrong number of arguments [uid=%d]", getuid ());
-+      fprintf (stderr, "polkit-agent-helper-1: wrong number of arguments. This incident has been logged.\n");
-+      goto error;
-+    }
-+
-+  if (getuid () != 0)
-+    {
-+    /* check we're running with a non-tty stdin */
-+    if (isatty (STDIN_FILENO) != 0)
-+      {
-+        syslog (LOG_NOTICE, "inappropriate use of helper, stdin is a tty [uid=%d]", getuid ());
-+        fprintf (stderr, "polkit-agent-helper-1: inappropriate use of helper, stdin is a tty. This incident has been logged.\n");
-+        goto error;
-+      }
-+    }
-+
-+  user_to_auth = argv[1];
-+  cookie = argv[2];
-+
-+#ifdef PAH_DEBUG
-+  fprintf (stderr, "polkit-agent-helper-1: user to auth is '%s'.\n", user_to_auth);
-+#endif /* PAH_DEBUG */
-+
-+
-+  /* Ask shadow about the user requesting authentication */
-+  shadow = getspnam (user_to_auth);
-+
-+  if (shadow == NULL)
-+    {
-+      syslog (LOG_NOTICE, "shadow file data information request for user '%s' [uid=%d] failed", user_to_auth, getuid ());
-+      fprintf(stderr, "polkit-agent-helper-1: could not get shadow information for '%s'", user_to_auth);
-+      goto error;
-+    }
-+
-+  /* Check the user's identity */
-+  if (shadow_authenticate (shadow) == FALSE)
-+    {
-+      syslog (LOG_NOTICE, "authentication failure [uid=%d] trying to authenticate '%s'", getuid (), user_to_auth);
-+      fprintf (stderr, "polkit-agent-helper-1: authentication failure. This incident has been logged.\n");
-+      goto error;
-+    }
-+
-+  /* Check whether the user's password has expired */
-+  now = time (NULL);
-+  if (shadow->sp_max >= 0 && (shadow->sp_lstchg + shadow->sp_max) * 60 * 60 * 24 <= now)
-+    {
-+      syslog (LOG_NOTICE, "password expired for user '%s' [uid=%d] trying to authenticate", user_to_auth, getuid ());
-+      fprintf (stderr, "polkit-agent-helper-1: authorization failure. This incident has been logged.\n");
-+      goto error;
-+    }
-+
-+  /* Check whether the user's password has aged (and account expired along
-+   * with it)
-+   */
-+  if (shadow->sp_inact >= 0 && (shadow->sp_lstchg + shadow->sp_max + shadow->sp_inact) * 60 * 60 * 24 <= now)
-+    {
-+      syslog (LOG_NOTICE, "password aged for user '%s' [uid=%d] trying to authenticate", user_to_auth, getuid ());
-+      fprintf (stderr, "polkit-agent-helper-1: authorization failure. This incident has been logged.\n");
-+      goto error;
-+    }
-+
-+  /* Check whether the user's account has expired */
-+  if (shadow->sp_expire >= 0 && shadow->sp_expire * 60 * 60 * 24 <= now)
-+    {
-+      syslog (LOG_NOTICE, "account expired for user '%s' [uid=%d] trying to authenticate", user_to_auth, getuid ());
-+      fprintf (stderr, "polkit-agent-helper-1: authorization failure. This incident has been logged.\n");
-+      goto error;
-+    }
-+
-+#ifdef PAH_DEBUG
-+  fprintf (stderr, "polkit-agent-helper-1: sending D-Bus message to PolicyKit daemon\n");
-+#endif /* PAH_DEBUG */
-+
-+  /* now send a D-Bus message to the PolicyKit daemon that
-+   * includes a) the cookie; and b) the user we authenticated
-+   */
-+  if (!send_dbus_message (cookie, user_to_auth))
-+    {
-+#ifdef PAH_DEBUG
-+      fprintf (stderr, "polkit-agent-helper-1: error sending D-Bus message to PolicyKit daemon\n");
-+#endif /* PAH_DEBUG */
-+      goto error;
-+    }
-+
-+#ifdef PAH_DEBUG
-+  fprintf (stderr, "polkit-agent-helper-1: successfully sent D-Bus message to PolicyKit daemon\n");
-+#endif /* PAH_DEBUG */
-+
-+  fprintf (stdout, "SUCCESS\n");
-+  flush_and_wait ();
-+  return 0;
-+
-+error:
-+  fprintf (stdout, "FAILURE\n");
-+  flush_and_wait ();
-+  return 1;
-+}
-+
-+static gboolean
-+shadow_authenticate (struct spwd *shadow)
-+{
-+  char passwd[512], *crypt_pass;
-+
-+  fprintf (stdout, "PAM_PROMPT_ECHO_OFF password:\n");
-+  fflush (stdout);
-+  usleep (10 * 1000); /* since fflush(3) seems buggy */
-+
-+  if (fgets (passwd, sizeof (passwd), stdin) == NULL)
-+    goto error;
-+
-+  if (strlen (passwd) > 0 && passwd[strlen (passwd) - 1] == '\n')
-+    passwd[strlen (passwd) - 1] = '\0';
-+
-+  /* Use the encrypted password as the salt, according to the crypt(3) man page,
-+   * it will perform whatever encryption method is specified in /etc/shadow
-+   */
-+  crypt_pass = crypt (passwd, shadow->sp_pwdp);
-+
-+  if (crypt_pass == NULL)
-+    goto error;
-+
-+  if (strcmp (shadow->sp_pwdp, crypt (passwd, shadow->sp_pwdp)) != 0)
-+    goto error;
-+  return 1;
-+error:
-+  return 0;
-+}
-diff --git a/src/polkitagent/polkitagenthelper.c b/src/polkitagent/polkitagenthelper.c
-deleted file mode 100644
-index cca86db..0000000
---- a/src/polkitagent/polkitagenthelper.c
-+++ /dev/null
-@@ -1,339 +0,0 @@
--/*
-- * Copyright (C) 2008 Red Hat, Inc.
-- *
-- * This library is free software; you can redistribute it and/or
-- * modify it under the terms of the GNU Lesser General Public
-- * License as published by the Free Software Foundation; either
-- * version 2 of the License, or (at your option) any later version.
-- *
-- * This library is distributed in the hope that it will be useful,
-- * but WITHOUT ANY WARRANTY; without even the implied warranty of
-- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-- * Lesser General Public License for more details.
-- *
-- * You should have received a copy of the GNU Lesser General
-- * Public License along with this library; if not, write to the
-- * Free Software Foundation, Inc., 59 Temple Place, Suite 330,
-- * Boston, MA 02111-1307, USA.
-- *
-- * Author: David Zeuthen <davidz@redhat.com>
-- */
--
--#include "config.h"
--#include <stdio.h>
--#include <stdlib.h>
--#include <string.h>
--#include <unistd.h>
--#include <sys/types.h>
--#include <sys/stat.h>
--#include <syslog.h>
--#include <security/pam_appl.h>
--
--#include <polkit/polkit.h>
--
--#ifdef HAVE_SOLARIS
--#  define LOG_AUTHPRIV    (10<<3)
--#endif
--
--#ifndef HAVE_CLEARENV
--extern char **environ;
--
--static int
--clearenv (void)
--{
--	if (environ != NULL)
--		environ[0] = NULL;
--	return 0;
--}
--#endif
--
--/* Development aid: define PAH_DEBUG to get debugging output. Do _NOT_
-- * enable this in production builds; it may leak passwords and other
-- * sensitive information.
-- */
--#undef PAH_DEBUG
--// #define PAH_DEBUG
--
--static gboolean send_dbus_message (const char *cookie, const char *user);
--
--static int conversation_function (int n, const struct pam_message **msg, struct pam_response **resp, void *data);
--
--int
--main (int argc, char *argv[])
--{
--  int rc;
--  const char *user_to_auth;
--  const char *cookie;
--  struct pam_conv pam_conversation;
--  pam_handle_t *pam_h;
--  const void *authed_user;
--
--  rc = 0;
--  pam_h = NULL;
--
--  /* clear the entire environment to avoid attacks using with libraries honoring environment variables */
--  if (clearenv () != 0)
--    goto error;
--
--  /* set a minimal environment */
--  setenv ("PATH", "/usr/sbin:/usr/bin:/sbin:/bin", 1);
--
--  /* check that we are setuid root */
--  if (geteuid () != 0)
--    {
--      fprintf (stderr, "polkit-agent-helper-1: needs to be setuid root\n");
--      goto error;
--    }
--
--  openlog ("polkit-agent-helper-1", LOG_CONS | LOG_PID, LOG_AUTHPRIV);
--
--  /* check for correct invocation */
--  if (argc != 3)
--    {
--      syslog (LOG_NOTICE, "inappropriate use of helper, wrong number of arguments [uid=%d]", getuid ());
--      fprintf (stderr, "polkit-agent-helper-1: wrong number of arguments. This incident has been logged.\n");
--      goto error;
--    }
--
--  user_to_auth = argv[1];
--  cookie = argv[2];
--
--  if (getuid () != 0)
--    {
--      /* check we're running with a non-tty stdin */
--      if (isatty (STDIN_FILENO) != 0)
--        {
--          syslog (LOG_NOTICE, "inappropriate use of helper, stdin is a tty [uid=%d]", getuid ());
--          fprintf (stderr, "polkit-agent-helper-1: inappropriate use of helper, stdin is a tty. This incident has been logged.\n");
--          goto error;
--        }
--    }
--
--#ifdef PAH_DEBUG
--  fprintf (stderr, "polkit-agent-helper-1: user to auth is '%s'.\n", user_to_auth);
--#endif /* PAH_DEBUG */
--
--  pam_conversation.conv        = conversation_function;
--  pam_conversation.appdata_ptr = NULL;
--
--  /* start the pam stack */
--  rc = pam_start ("polkit-1",
--                  user_to_auth,
--                  &pam_conversation,
--                  &pam_h);
--  if (rc != PAM_SUCCESS)
--    {
--      fprintf (stderr, "polkit-agent-helper-1: pam_start failed: %s\n", pam_strerror (pam_h, rc));
--      goto error;
--    }
--
--  /* set the requesting user */
--  rc = pam_set_item (pam_h, PAM_RUSER, user_to_auth);
--  if (rc != PAM_SUCCESS)
--    {
--      fprintf (stderr, "polkit-agent-helper-1: pam_set_item failed: %s\n", pam_strerror (pam_h, rc));
--      goto error;
--    }
--
--  /* is user really user? */
--  rc = pam_authenticate (pam_h, 0);
--  if (rc != PAM_SUCCESS)
--    {
--      fprintf (stderr, "polkit-agent-helper-1: pam_authenticated failed: %s\n", pam_strerror (pam_h, rc));
--      goto error;
--    }
--
--  /* permitted access? */
--  rc = pam_acct_mgmt (pam_h, 0);
--  if (rc != PAM_SUCCESS)
--    {
--      fprintf (stderr, "polkit-agent-helper-1: pam_acct_mgmt failed: %s\n", pam_strerror (pam_h, rc));
--      goto error;
--    }
--
--  /* did we auth the right user? */
--  rc = pam_get_item (pam_h, PAM_USER, &authed_user);
--  if (rc != PAM_SUCCESS)
--    {
--      fprintf (stderr, "polkit-agent-helper-1: pam_get_item failed: %s\n", pam_strerror (pam_h, rc));
--      goto error;
--    }
--
--  if (strcmp (authed_user, user_to_auth) != 0)
--    {
--      fprintf (stderr, "polkit-agent-helper-1: Tried to auth user '%s' but we got auth for user '%s' instead",
--               user_to_auth, (const char *) authed_user);
--      goto error;
--    }
--
--#ifdef PAH_DEBUG
--  fprintf (stderr, "polkit-agent-helper-1: successfully authenticated user '%s'.\n", user_to_auth);
--#endif /* PAH_DEBUG */
--
--  pam_end (pam_h, rc);
--  pam_h = NULL;
--
--#ifdef PAH_DEBUG
--  fprintf (stderr, "polkit-agent-helper-1: sending D-Bus message to PolicyKit daemon\n");
--#endif /* PAH_DEBUG */
--
--  /* now send a D-Bus message to the PolicyKit daemon that
--   * includes a) the cookie; and b) the user we authenticated
--   */
--  if (!send_dbus_message (cookie, user_to_auth))
--    {
--#ifdef PAH_DEBUG
--      fprintf (stderr, "polkit-agent-helper-1: error sending D-Bus message to PolicyKit daemon\n");
--#endif /* PAH_DEBUG */
--      goto error;
--    }
--
--#ifdef PAH_DEBUG
--  fprintf (stderr, "polkit-agent-helper-1: successfully sent D-Bus message to PolicyKit daemon\n");
--#endif /* PAH_DEBUG */
--
--  fprintf (stdout, "SUCCESS\n");
--  fflush (stdout);
--  fflush (stderr);
--  usleep (10 * 1000); /* since fflush(3) seems buggy */
--  return 0;
--
--error:
--  if (pam_h != NULL)
--    pam_end (pam_h, rc);
--
--  fprintf (stdout, "FAILURE\n");
--  fflush (stdout);
--  fflush (stderr);
--  usleep (10 * 1000); /* since fflush(3) seems buggy */
--  return 1;
--}
--
--static int
--conversation_function (int n, const struct pam_message **msg, struct pam_response **resp, void *data)
--{
--  struct pam_response *aresp;
--  char buf[PAM_MAX_RESP_SIZE];
--  int i;
--
--  data = data;
--  if (n <= 0 || n > PAM_MAX_NUM_MSG)
--    return PAM_CONV_ERR;
--
--  if ((aresp = calloc(n, sizeof *aresp)) == NULL)
--    return PAM_BUF_ERR;
--
--  for (i = 0; i < n; ++i)
--    {
--      aresp[i].resp_retcode = 0;
--      aresp[i].resp = NULL;
--      switch (msg[i]->msg_style)
--        {
--
--        case PAM_PROMPT_ECHO_OFF:
--          fprintf (stdout, "PAM_PROMPT_ECHO_OFF ");
--          goto conv1;
--
--        case PAM_PROMPT_ECHO_ON:
--          fprintf (stdout, "PAM_PROMPT_ECHO_ON ");
--        conv1:
--          fputs (msg[i]->msg, stdout);
--          if (strlen (msg[i]->msg) > 0 && msg[i]->msg[strlen (msg[i]->msg) - 1] != '\n')
--            fputc ('\n', stdout);
--          fflush (stdout);
--
--          if (fgets (buf, sizeof buf, stdin) == NULL)
--            goto error;
--
--          if (strlen (buf) > 0 &&
--              buf[strlen (buf) - 1] == '\n')
--            buf[strlen (buf) - 1] = '\0';
--
--          aresp[i].resp = strdup (buf);
--          if (aresp[i].resp == NULL)
--            goto error;
--          break;
--
--        case PAM_ERROR_MSG:
--          fprintf (stdout, "PAM_ERROR_MSG ");
--          goto conv2;
--
--        case PAM_TEXT_INFO:
--          fprintf (stdout, "PAM_TEXT_INFO ");
--        conv2:
--          fputs (msg[i]->msg, stdout);
--          if (strlen (msg[i]->msg) > 0 &&
--              msg[i]->msg[strlen (msg[i]->msg) - 1] != '\n')
--            fputc ('\n', stdout);
--          fflush (stdout);
--          break;
--
--        default:
--          goto error;
--        }
--    }
--
--  *resp = aresp;
--  return PAM_SUCCESS;
--
--error:
--
--  for (i = 0; i < n; ++i)
--    {
--      if (aresp[i].resp != NULL) {
--        memset (aresp[i].resp, 0, strlen(aresp[i].resp));
--        free (aresp[i].resp);
--      }
--    }
--  memset (aresp, 0, n * sizeof *aresp);
--  *resp = NULL;
--  return PAM_CONV_ERR;
--}
--
--static gboolean
--send_dbus_message (const char *cookie, const char *user)
--{
--  PolkitAuthority *authority;
--  PolkitIdentity *identity;
--  GError *error;
--  gboolean ret;
--
--  ret = FALSE;
--
--  error = NULL;
--
--  g_type_init ();
--
--  authority = polkit_authority_get ();
--
--  identity = polkit_unix_user_new_for_name (user, &error);
--  if (identity == NULL)
--    {
--      g_printerr ("Error constructing identity: %s\n", error->message);
--      g_error_free (error);
--      goto out;
--    }
--
--  if (!polkit_authority_authentication_agent_response_sync (authority,
--                                                            cookie,
--                                                            identity,
--                                                            NULL,
--                                                            &error))
--    {
--      g_printerr ("polkit-agent-helper-1: error response to PolicyKit daemon: %s\n", error->message);
--      g_error_free (error);
--      goto out;
--    }
--
--  ret = TRUE;
--
-- out:
--
--  if (identity != NULL)
--    g_object_unref (identity);
--
--  if (authority != NULL)
--    g_object_unref (authority);
--
--  return ret;
--}
-diff --git a/src/polkitagent/polkitagenthelperprivate.c b/src/polkitagent/polkitagenthelperprivate.c
-new file mode 100644
-index 0000000..be495e9
---- /dev/null
-+++ b/src/polkitagent/polkitagenthelperprivate.c
-@@ -0,0 +1,106 @@
-+/*
-+ * Copyright (C) 2009-2010 Red Hat, Inc.
-+ *
-+ * This library is free software; you can redistribute it and/or
-+ * modify it under the terms of the GNU Lesser General Public
-+ * License as published by the Free Software Foundation; either
-+ * version 2 of the License, or (at your option) any later version.
-+ *
-+ * This library is distributed in the hope that it will be useful,
-+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
-+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-+ * Lesser General Public License for more details.
-+ *
-+ * You should have received a copy of the GNU Lesser General
-+ * Public License along with this library; if not, write to the
-+ * Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
-+ * Boston, MA 02110-1301, USA.
-+ *
-+ * Authors: David Zeuthen <davidz@redhat.com>,
-+ *          Andrew Psaltis <ampsaltis@gmail.com>
-+ */
-+
-+#include "config.h"
-+#include "polkitagenthelperprivate.h"
-+#include <stdio.h>
-+#include <stdlib.h>
-+#include <unistd.h>
-+
-+#ifndef HAVE_CLEARENV
-+extern char **environ;
-+
-+int
-+_polkit_clearenv (void)
-+{
-+  if (environ != NULL)
-+    environ[0] = NULL;
-+  return 0;
-+}
-+#else
-+int
-+_polkit_clearenv (void)
-+{
-+  return clearenv ();
-+}
-+#endif
-+
-+
-+gboolean
-+send_dbus_message (const char *cookie, const char *user)
-+{
-+  PolkitAuthority *authority;
-+  PolkitIdentity *identity;
-+  GError *error;
-+  gboolean ret;
-+
-+  ret = FALSE;
-+
-+  error = NULL;
-+
-+  g_type_init ();
-+
-+  authority = polkit_authority_get ();
-+
-+  identity = polkit_unix_user_new_for_name (user, &error);
-+  if (identity == NULL)
-+    {
-+      g_printerr ("Error constructing identity: %s\n", error->message);
-+      g_error_free (error);
-+      goto out;
-+    }
-+
-+  if (!polkit_authority_authentication_agent_response_sync (authority,
-+                                                            cookie,
-+                                                            identity,
-+                                                            NULL,
-+                                                            &error))
-+    {
-+      g_printerr ("polkit-agent-helper-1: error response to PolicyKit daemon: %s\n", error->message);
-+      g_error_free (error);
-+      goto out;
-+    }
-+
-+  ret = TRUE;
-+
-+ out:
-+
-+  if (identity != NULL)
-+    g_object_unref (identity);
-+
-+  if (authority != NULL)
-+    g_object_unref (authority);
-+
-+  return ret;
-+}
-+
-+/* fflush(3) stdin and stdout and wait a little bit.
-+ * This replaces the three-line commands at the bottom of
-+ * polkit-agent-helper-1's main() function.
-+ */
-+void
-+flush_and_wait ()
-+{
-+  fflush (stdout);
-+  fflush (stderr);
-+  usleep (10 * 1000); /* since fflush(3) seems buggy */
-+}
-diff --git a/src/polkitagent/polkitagenthelperprivate.h b/src/polkitagent/polkitagenthelperprivate.h
-new file mode 100644
-index 0000000..7294d46
---- /dev/null
-+++ b/src/polkitagent/polkitagenthelperprivate.h
-@@ -0,0 +1,45 @@
-+/*
-+ * Copyright (C) 2009-2010 Red Hat, Inc.
-+ *
-+ * This library is free software; you can redistribute it and/or
-+ * modify it under the terms of the GNU Lesser General Public
-+ * License as published by the Free Software Foundation; either
-+ * version 2 of the License, or (at your option) any later version.
-+ *
-+ * This library is distributed in the hope that it will be useful,
-+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
-+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-+ * Lesser General Public License for more details.
-+ *
-+ * You should have received a copy of the GNU Lesser General
-+ * Public License along with this library; if not, write to the
-+ * Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
-+ * Boston, MA 02110-1301, USA.
-+ *
-+ * Authors: David Zeuthen <davidz@redhat.com>,
-+ *          Andrew Psaltis <ampsalits@gmail.com>
-+ */
-+#ifndef __POLKIT_AGENT_HELPER_PRIVATE_H
-+#define __POLKIT_AGENT_HELPER_PRIVATE_H
-+
-+#define _GNU_SOURCE
-+#include <polkit/polkit.h>
-+
-+/* Development aid: define PAH_DEBUG to get debugging output. Do _NOT_
-+ * enable this in production builds; it may leak passwords and other
-+ * sensitive information.
-+ */
-+#undef PAH_DEBUG
-+// #define PAH_DEBUG
-+
-+#ifdef HAVE_SOLARIS
-+#  define LOG_AUTHPRIV    (10<<3)
-+#endif
-+
-+int _polkit_clearenv (void);
-+
-+gboolean send_dbus_message (const char *cookie, const char *user);
-+
-+void flush_and_wait ();
-+
-+#endif /* __POLKIT_AGENT_HELPER_PRIVATE_H */
-diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c
-index 17c191e..b0193f4 100644
---- a/src/programs/pkexec.c
-+++ b/src/programs/pkexec.c
-@@ -34,7 +34,11 @@
- #include <grp.h>
- #include <pwd.h>
- #include <errno.h>
-+
-+#ifdef POLKIT_AUTHFW_PAM
- #include <security/pam_appl.h>
-+#endif /* POLKIT_AUTHFW_PAM */
-+
- #include <syslog.h>
- #include <stdarg.h>
- 
-@@ -115,6 +119,7 @@ log_message (gint     level,
- 
- /* ---------------------------------------------------------------------------------------------------- */
- 
-+#ifdef POLKIT_AUTHFW_PAM
- static int
- pam_conversation_function (int n,
-                            const struct pam_message **msg,
-@@ -167,6 +172,7 @@ out:
-     pam_end (pam_h, rc);
-   return ret;
- }
-+#endif /* POLKIT_AUTHFW_PAM */
- 
- /* ---------------------------------------------------------------------------------------------------- */
- 
-@@ -741,10 +747,12 @@ main (int argc, char *argv[])
-    * TODO: The question here is whether we should clear the limits before applying them?
-    * As evident above, neither su(1) (and, for that matter, nor sudo(8)) does this.
-    */
-+#ifdef POLKIT_AUTHFW_PAM
-   if (!open_session (pw->pw_name))
-     {
-       goto out;
-     }
-+#endif /* POLKIT_AUTHFW_PAM */
- 
-   /* become the user */
-   if (setgroups (0, NULL) != 0)
--- 
-1.7.1
-
diff --git a/patches/polkit-0.96/0003-Bug-29051-Configuration-reload-on-every-query.patch b/patches/polkit-0.96/0003-Bug-29051-Configuration-reload-on-every-query.patch
deleted file mode 100644
index d9cf8c23bfd6..000000000000
--- a/patches/polkit-0.96/0003-Bug-29051-Configuration-reload-on-every-query.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-From 779c0153fc0bd3c2e302dac1979d17638f054229 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Petr=20Mr=C3=A1zek?= <peterix@gmail.com>
-Date: Wed, 14 Jul 2010 02:59:12 +0200
-Subject: [PATCH 3/3] =?UTF-8?q?Bug=2029051=20=E2=80=93=20Configuration=20reload=20on=20every=20query?=
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Set has_data to true after the data is loaded to prevent excessive
-reloading of config files.
-
-Signed-off-by: David Zeuthen <davidz@redhat.com>
----
- src/polkitbackend/polkitbackendconfigsource.c      |    1 +
- .../polkitbackendlocalauthorizationstore.c         |    2 ++
- 2 files changed, 3 insertions(+), 0 deletions(-)
-
-diff --git a/src/polkitbackend/polkitbackendconfigsource.c b/src/polkitbackend/polkitbackendconfigsource.c
-index 224d0d0..465da96 100644
---- a/src/polkitbackend/polkitbackendconfigsource.c
-+++ b/src/polkitbackend/polkitbackendconfigsource.c
-@@ -386,6 +386,7 @@ polkit_backend_config_source_ensure (PolkitBackendConfigSource *source)
-     }
- 
-   source->priv->key_files = g_list_reverse (source->priv->key_files);
-+  source->priv->has_data = TRUE;
- 
-  out:
-   g_list_foreach (files, (GFunc) g_object_unref, NULL);
-diff --git a/src/polkitbackend/polkitbackendlocalauthorizationstore.c b/src/polkitbackend/polkitbackendlocalauthorizationstore.c
-index 5d5dc14..b959269 100644
---- a/src/polkitbackend/polkitbackendlocalauthorizationstore.c
-+++ b/src/polkitbackend/polkitbackendlocalauthorizationstore.c
-@@ -641,6 +641,8 @@ polkit_backend_local_authorization_store_ensure (PolkitBackendLocalAuthorization
-       g_free (filename);
-     }
- 
-+  store->priv->has_data = TRUE;
-+
-  out:
-   g_list_foreach (files, (GFunc) g_object_unref, NULL);
-   g_list_free (files);
--- 
-1.7.1
-
diff --git a/patches/polkit-0.96/autogen.sh b/patches/polkit-0.96/autogen.sh
deleted file mode 120000
index 9f8a4cb7ddcb..000000000000
--- a/patches/polkit-0.96/autogen.sh
+++ /dev/null
@@ -1 +0,0 @@
-../autogen.sh
\ No newline at end of file
diff --git a/patches/polkit-0.96/series b/patches/polkit-0.96/series
deleted file mode 100644
index ee29cd64eb79..000000000000
--- a/patches/polkit-0.96/series
+++ /dev/null
@@ -1,3 +0,0 @@
-0001-Bug-26982-pkexec-information-disclosure-vulnerabilit.patch
-0002-Add-shadow-support.patch
-0003-Bug-29051-Configuration-reload-on-every-query.patch
diff --git a/rules/polkit.in b/rules/polkit.in
index d28de7c67e91..4edfccd2194f 100644
--- a/rules/polkit.in
+++ b/rules/polkit.in
@@ -1,14 +1,26 @@
 ## SECTION=system_libraries
 
-config POLKIT
+menuconfig POLKIT
 	tristate
-	prompt "policykit-1"
+	prompt "policykit-1                   "
 	select LIBC_CRYPT
 	select HOST_INTLTOOL
 	select HOST_GTK_DOC
+	select EXPAT
 	select GLIB
 	select DBUS_GLIB
 	select EGGDBUS
+	select SYSTEMD_LOGIND if POLKIT_SYSTEMD
 	help
 	  PolicyKit offers an infrastructure for security policies for
 	  dbus applications.
+
+if POLKIT
+
+config POLKIT_SYSTEMD
+	bool "systemd based session tracking"
+	default y if SYSTEMD
+	help
+	  Use systemd for session tracking, else ConsoleKit is used
+
+endif
diff --git a/rules/polkit.make b/rules/polkit.make
index b702a1b50d90..376315f929f8 100644
--- a/rules/polkit.make
+++ b/rules/polkit.make
@@ -16,8 +16,8 @@ PACKAGES-$(PTXCONF_POLKIT) += polkit
 #
 # Paths and names
 #
-POLKIT_VERSION	:= 0.96
-POLKIT_MD5	:= e0a06da501b04ed3bab986a9df5b5aa2
+POLKIT_VERSION	:= 0.104
+POLKIT_MD5	:= e380b4c6fb1e7bccf854e92edc0a8ce1
 POLKIT		:= polkit-$(POLKIT_VERSION)
 POLKIT_SUFFIX	:= tar.gz
 POLKIT_URL	:= http://hal.freedesktop.org/releases/$(POLKIT).$(POLKIT_SUFFIX)
@@ -28,19 +28,19 @@ POLKIT_DIR	:= $(BUILDDIR)/$(POLKIT)
 # Prepare
 # ----------------------------------------------------------------------------
 
-#
-# autoconf
-#
-POLKIT_AUTOCONF := \
+POLKIT_CONF_TOOL	:= autoconf
+POLKIT_CONF_OPT		:= \
 	$(CROSS_AUTOCONF_USR) \
-	--enable-shared \
-	--enable-static \
+	$(GLOBAL_LARGE_FILE_OPTION) \
 	--disable-ansi \
 	--disable-verbose-mode \
 	--disable-man-pages \
 	--disable-gtk-doc \
-	--disable-examples \
+	--disable-gtk-doc-html \
+	--$(call ptx/endis, PTXCONF_POLKIT_SYSTEMD)-systemd \
 	--disable-introspection \
+	--disable-examples \
+	--disable-nls \
 	--with-gnu-ld \
 	--with-authfw=shadow \
 	--with-os-type=ptxdist
@@ -65,6 +65,7 @@ $(STATEDIR)/polkit.targetinstall:
 		/usr/share/dbus-1/system-services/org.freedesktop.PolicyKit1.service)
 
 # config
+	@$(call install_copy, polkit, 0, 0, 700, /etc/polkit-1/localauthority)
 	@$(call install_copy, polkit, 0, 0, 0644, -, \
 		/etc/polkit-1/localauthority.conf.d/50-localauthority.conf)
 	@$(call install_copy, polkit, 0, 0, 0644, -, \
@@ -79,8 +80,6 @@ $(STATEDIR)/polkit.targetinstall:
 
 	@$(call install_copy, polkit, 0, 0, 0644, -, \
 		/usr/lib/polkit-1/extensions/libnullbackend.so)
-	@$(call install_copy, polkit, 0, 0, 0644, -, \
-		/usr/lib/polkit-1/extensions/libpkexec-action-lookup.so)
 
 # binaries
 	@$(call install_copy, polkit, 0, 0, 0755, -, /usr/bin/pkaction)
@@ -93,6 +92,9 @@ $(STATEDIR)/polkit.targetinstall:
 	@$(call install_copy, polkit, 0, 0, 4755, -, \
 		/usr/libexec/polkit-agent-helper-1)
 
+# run-time
+	@$(call install_copy, polkit, 0, 0, 700, /var/lib/polkit-1)
+
 	@$(call install_finish, polkit)
 
 	@$(call touch)
-- 
Pengutronix e.K.                              | Juergen Borleis             |
Industrial Linux Solutions                    | http://www.pengutronix.de/  |

-- 
ptxdist mailing list
ptxdist@pengutronix.de

             reply	other threads:[~2015-03-16 13:21 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-03-16 13:24 Juergen Borleis [this message]
2015-03-21 17:21 ` Michael Olbrich

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=201503161424.05539.jbe@pengutronix.de \
    --to=jbe@pengutronix.de \
    --cc=ptxdist@pengutronix.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox