From: Juergen Borleis <jbe@pengutronix.de>
To: ptxdist@pengutronix.de
Subject: [ptxdist] [PATCH v2] polkit: version bump 0.96 -> 0.104
Date: Thu, 26 Mar 2015 09:48:04 +0100 [thread overview]
Message-ID: <201503260948.04180.jbe@pengutronix.de> (raw)
Signed-off-by: Juergen Borleis <jbe@pengutronix.de>
diff --git a/patches/polkit-0.96/0001-Bug-26982-pkexec-information-disclosure-vulnerabilit.patch b/patches/polkit-0.96/0001-Bug-26982-pkexec-information-disclosure-vulnerabilit.patch
deleted file mode 100644
index 3c8efb61bdbd..000000000000
--- a/patches/polkit-0.96/0001-Bug-26982-pkexec-information-disclosure-vulnerabilit.patch
+++ /dev/null
@@ -1,68 +0,0 @@
-From 14bdfd816512a82b1ad258fa143ae5faa945df8a Mon Sep 17 00:00:00 2001
-From: Dan Rosenberg <dan.j.rosenberg@gmail.com>
-Date: Wed, 10 Mar 2010 12:46:19 -0500
-Subject: [PATCH 1/3] =?UTF-8?q?Bug=2026982=20=E2=80=93=20pkexec=20information=20disclosure=20vulnerability?=
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-pkexec is vulnerable to a minor information disclosure vulnerability
-that allows an attacker to verify whether or not arbitrary files
-exist, violating directory permissions. I reproduced the issue on my
-Karmic installation as follows:
-
- $ mkdir secret
- $ sudo chown root:root secret
- $ sudo chmod 400 secret
- $ sudo touch secret/hidden
- $ pkexec /home/drosenbe/secret/hidden
- (password prompt)
- $ pkexec /home/drosenbe/secret/doesnotexist
- Error getting information about /home/drosenbe/secret/doesnotexist: No such
- file or directory
-
-I've attached my patch for the issue. I replaced the stat() call
-entirely with access() using F_OK, so rather than check that the
-target exists, pkexec now checks if the user has permission to verify
-the existence of the program. There might be another way of doing
-this, such as chdir()'ing to the parent directory of the target and
-calling lstat(), but this seemed like more code than necessary to
-prevent such a minor problem. I see no reason to allow pkexec to
-execute targets that are not accessible to the executing user because
-of directory permissions. This is such a limited use case anyway that
-this doesn't really affect functionality.
-
-http://bugs.freedesktop.org/show_bug.cgi?id=26982
-
-Signed-off-by: David Zeuthen <davidz@redhat.com>
----
- src/programs/pkexec.c | 5 ++---
- 1 files changed, 2 insertions(+), 3 deletions(-)
-
-diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c
-index 860e665..17c191e 100644
---- a/src/programs/pkexec.c
-+++ b/src/programs/pkexec.c
-@@ -411,7 +411,6 @@ main (int argc, char *argv[])
- gchar *opt_user;
- pid_t pid_of_caller;
- uid_t uid_of_caller;
-- struct stat statbuf;
-
- ret = 127;
- authority = NULL;
-@@ -520,9 +519,9 @@ main (int argc, char *argv[])
- g_free (path);
- argv[n] = path = s;
- }
-- if (stat (path, &statbuf) != 0)
-+ if (access (path, F_OK) != 0)
- {
-- g_printerr ("Error getting information about %s: %s\n", path, g_strerror (errno));
-+ g_printerr ("Error accessing %s: %s\n", path, g_strerror (errno));
- goto out;
- }
- command_line = g_strjoinv (" ", argv + n);
---
-1.7.1
-
diff --git a/patches/polkit-0.96/0002-Add-shadow-support.patch b/patches/polkit-0.96/0002-Add-shadow-support.patch
deleted file mode 100644
index b9119e13fb0f..000000000000
--- a/patches/polkit-0.96/0002-Add-shadow-support.patch
+++ /dev/null
@@ -1,1083 +0,0 @@
-From a2edcef54d2ab1a92f729e34dfa0c183b2533c61 Mon Sep 17 00:00:00 2001
-From: Andrew Psaltis <ampsaltis@gmail.com>
-Date: Mon, 28 Jun 2010 22:04:00 -0400
-Subject: [PATCH 2/3] Add shadow support
-
-Added support for the shadow authentication framework instead of PAM.
-Enable it by passing --with-authfw=shadow to configure.
-
-This is done by splitting the polkitagenthelper source into separate
-parts, one that does auth with PAM, and another that does auth with
-shadow, sharing functions where appropriate.
-
-Also, all PAM-dependendent code in all other files has been #ifdef'd.
-The only affected file is src/programs/pkexec.c
-
-Signed-off-by: David Zeuthen <davidz@redhat.com>
----
- src/polkitagent/Makefile.am | 9 +-
- src/polkitagent/polkitagenthelper-pam.c | 264 ++++++++++++++++++++++
- src/polkitagent/polkitagenthelper-shadow.c | 198 ++++++++++++++++
- src/polkitagent/polkitagenthelper.c | 339 ----------------------------
- src/polkitagent/polkitagenthelperprivate.c | 106 +++++++++
- src/polkitagent/polkitagenthelperprivate.h | 45 ++++
- src/programs/pkexec.c | 8 +
- 7 files changed, 629 insertions(+), 340 deletions(-)
- create mode 100644 src/polkitagent/polkitagenthelper-pam.c
- create mode 100644 src/polkitagent/polkitagenthelper-shadow.c
- delete mode 100644 src/polkitagent/polkitagenthelper.c
- create mode 100644 src/polkitagent/polkitagenthelperprivate.c
- create mode 100644 src/polkitagent/polkitagenthelperprivate.h
-
-diff --git a/src/polkitagent/Makefile.am b/src/polkitagent/Makefile.am
-index 3f38329..820be4d 100644
---- a/src/polkitagent/Makefile.am
-+++ b/src/polkitagent/Makefile.am
-@@ -68,9 +68,16 @@ libpolkit_agent_1_la_LDFLAGS = -export-symbols-regex '(^polkit_.*)'
- libexec_PROGRAMS = polkit-agent-helper-1
-
- polkit_agent_helper_1_SOURCES = \
-- polkitagenthelper.c \
-+ polkitagenthelperprivate.c polkitagenthelperprivate.h \
- $(NULL)
-
-+if POLKIT_AUTHFW_PAM
-+polkit_agent_helper_1_SOURCES += polkitagenthelper-pam.c
-+endif
-+if POLKIT_AUTHFW_SHADOW
-+polkit_agent_helper_1_SOURCES += polkitagenthelper-shadow.c
-+endif
-+
- polkit_agent_helper_1_CFLAGS = \
- -D_POLKIT_COMPILATION \
- $(GLIB_CFLAGS) \
-diff --git a/src/polkitagent/polkitagenthelper-pam.c b/src/polkitagent/polkitagenthelper-pam.c
-new file mode 100644
-index 0000000..5e8b54c
---- /dev/null
-+++ b/src/polkitagent/polkitagenthelper-pam.c
-@@ -0,0 +1,264 @@
-+/*
-+ * Copyright (C) 2008, 2010 Red Hat, Inc.
-+ *
-+ * This library is free software; you can redistribute it and/or
-+ * modify it under the terms of the GNU Lesser General Public
-+ * License as published by the Free Software Foundation; either
-+ * version 2 of the License, or (at your option) any later version.
-+ *
-+ * This library is distributed in the hope that it will be useful,
-+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
-+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-+ * Lesser General Public License for more details.
-+ *
-+ * You should have received a copy of the GNU Lesser General
-+ * Public License along with this library; if not, write to the
-+ * Free Software Foundation, Inc., 59 Temple Place, Suite 330,
-+ * Boston, MA 02111-1307, USA.
-+ *
-+ * Author: David Zeuthen <davidz@redhat.com>
-+ */
-+
-+#include "config.h"
-+#include "polkitagenthelperprivate.h"
-+
-+#include <stdio.h>
-+#include <stdlib.h>
-+#include <string.h>
-+#include <unistd.h>
-+#include <sys/types.h>
-+#include <sys/stat.h>
-+#include <syslog.h>
-+#include <security/pam_appl.h>
-+
-+#include <polkit/polkit.h>
-+
-+static int conversation_function (int n, const struct pam_message **msg, struct pam_response **resp, void *data);
-+
-+int
-+main (int argc, char *argv[])
-+{
-+ int rc;
-+ const char *user_to_auth;
-+ const char *cookie;
-+ struct pam_conv pam_conversation;
-+ pam_handle_t *pam_h;
-+ const void *authed_user;
-+
-+ rc = 0;
-+ pam_h = NULL;
-+
-+ /* clear the entire environment to avoid attacks using with libraries honoring environment variables */
-+ if (_polkit_clearenv () != 0)
-+ goto error;
-+
-+ /* set a minimal environment */
-+ setenv ("PATH", "/usr/sbin:/usr/bin:/sbin:/bin", 1);
-+
-+ /* check that we are setuid root */
-+ if (geteuid () != 0)
-+ {
-+ fprintf (stderr, "polkit-agent-helper-1: needs to be setuid root\n");
-+ goto error;
-+ }
-+
-+ openlog ("polkit-agent-helper-1", LOG_CONS | LOG_PID, LOG_AUTHPRIV);
-+
-+ /* check for correct invocation */
-+ if (argc != 3)
-+ {
-+ syslog (LOG_NOTICE, "inappropriate use of helper, wrong number of arguments [uid=%d]", getuid ());
-+ fprintf (stderr, "polkit-agent-helper-1: wrong number of arguments. This incident has been logged.\n");
-+ goto error;
-+ }
-+
-+ user_to_auth = argv[1];
-+ cookie = argv[2];
-+
-+ if (getuid () != 0)
-+ {
-+ /* check we're running with a non-tty stdin */
-+ if (isatty (STDIN_FILENO) != 0)
-+ {
-+ syslog (LOG_NOTICE, "inappropriate use of helper, stdin is a tty [uid=%d]", getuid ());
-+ fprintf (stderr, "polkit-agent-helper-1: inappropriate use of helper, stdin is a tty. This incident has been logged.\n");
-+ goto error;
-+ }
-+ }
-+
-+#ifdef PAH_DEBUG
-+ fprintf (stderr, "polkit-agent-helper-1: user to auth is '%s'.\n", user_to_auth);
-+#endif /* PAH_DEBUG */
-+
-+ pam_conversation.conv = conversation_function;
-+ pam_conversation.appdata_ptr = NULL;
-+
-+ /* start the pam stack */
-+ rc = pam_start ("polkit-1",
-+ user_to_auth,
-+ &pam_conversation,
-+ &pam_h);
-+ if (rc != PAM_SUCCESS)
-+ {
-+ fprintf (stderr, "polkit-agent-helper-1: pam_start failed: %s\n", pam_strerror (pam_h, rc));
-+ goto error;
-+ }
-+
-+ /* set the requesting user */
-+ rc = pam_set_item (pam_h, PAM_RUSER, user_to_auth);
-+ if (rc != PAM_SUCCESS)
-+ {
-+ fprintf (stderr, "polkit-agent-helper-1: pam_set_item failed: %s\n", pam_strerror (pam_h, rc));
-+ goto error;
-+ }
-+
-+ /* is user really user? */
-+ rc = pam_authenticate (pam_h, 0);
-+ if (rc != PAM_SUCCESS)
-+ {
-+ fprintf (stderr, "polkit-agent-helper-1: pam_authenticated failed: %s\n", pam_strerror (pam_h, rc));
-+ goto error;
-+ }
-+
-+ /* permitted access? */
-+ rc = pam_acct_mgmt (pam_h, 0);
-+ if (rc != PAM_SUCCESS)
-+ {
-+ fprintf (stderr, "polkit-agent-helper-1: pam_acct_mgmt failed: %s\n", pam_strerror (pam_h, rc));
-+ goto error;
-+ }
-+
-+ /* did we auth the right user? */
-+ rc = pam_get_item (pam_h, PAM_USER, &authed_user);
-+ if (rc != PAM_SUCCESS)
-+ {
-+ fprintf (stderr, "polkit-agent-helper-1: pam_get_item failed: %s\n", pam_strerror (pam_h, rc));
-+ goto error;
-+ }
-+
-+ if (strcmp (authed_user, user_to_auth) != 0)
-+ {
-+ fprintf (stderr, "polkit-agent-helper-1: Tried to auth user '%s' but we got auth for user '%s' instead",
-+ user_to_auth, (const char *) authed_user);
-+ goto error;
-+ }
-+
-+#ifdef PAH_DEBUG
-+ fprintf (stderr, "polkit-agent-helper-1: successfully authenticated user '%s'.\n", user_to_auth);
-+#endif /* PAH_DEBUG */
-+
-+ pam_end (pam_h, rc);
-+ pam_h = NULL;
-+
-+#ifdef PAH_DEBUG
-+ fprintf (stderr, "polkit-agent-helper-1: sending D-Bus message to PolicyKit daemon\n");
-+#endif /* PAH_DEBUG */
-+
-+ /* now send a D-Bus message to the PolicyKit daemon that
-+ * includes a) the cookie; and b) the user we authenticated
-+ */
-+ if (!send_dbus_message (cookie, user_to_auth))
-+ {
-+#ifdef PAH_DEBUG
-+ fprintf (stderr, "polkit-agent-helper-1: error sending D-Bus message to PolicyKit daemon\n");
-+#endif /* PAH_DEBUG */
-+ goto error;
-+ }
-+
-+#ifdef PAH_DEBUG
-+ fprintf (stderr, "polkit-agent-helper-1: successfully sent D-Bus message to PolicyKit daemon\n");
-+#endif /* PAH_DEBUG */
-+
-+ fprintf (stdout, "SUCCESS\n");
-+ flush_and_wait();
-+ return 0;
-+
-+error:
-+ if (pam_h != NULL)
-+ pam_end (pam_h, rc);
-+
-+ fprintf (stdout, "FAILURE\n");
-+ flush_and_wait();
-+ return 1;
-+}
-+
-+static int
-+conversation_function (int n, const struct pam_message **msg, struct pam_response **resp, void *data)
-+{
-+ struct pam_response *aresp;
-+ char buf[PAM_MAX_RESP_SIZE];
-+ int i;
-+
-+ data = data;
-+ if (n <= 0 || n > PAM_MAX_NUM_MSG)
-+ return PAM_CONV_ERR;
-+
-+ if ((aresp = calloc(n, sizeof *aresp)) == NULL)
-+ return PAM_BUF_ERR;
-+
-+ for (i = 0; i < n; ++i)
-+ {
-+ aresp[i].resp_retcode = 0;
-+ aresp[i].resp = NULL;
-+ switch (msg[i]->msg_style)
-+ {
-+
-+ case PAM_PROMPT_ECHO_OFF:
-+ fprintf (stdout, "PAM_PROMPT_ECHO_OFF ");
-+ goto conv1;
-+
-+ case PAM_PROMPT_ECHO_ON:
-+ fprintf (stdout, "PAM_PROMPT_ECHO_ON ");
-+ conv1:
-+ fputs (msg[i]->msg, stdout);
-+ if (strlen (msg[i]->msg) > 0 && msg[i]->msg[strlen (msg[i]->msg) - 1] != '\n')
-+ fputc ('\n', stdout);
-+ fflush (stdout);
-+
-+ if (fgets (buf, sizeof buf, stdin) == NULL)
-+ goto error;
-+
-+ if (strlen (buf) > 0 &&
-+ buf[strlen (buf) - 1] == '\n')
-+ buf[strlen (buf) - 1] = '\0';
-+
-+ aresp[i].resp = strdup (buf);
-+ if (aresp[i].resp == NULL)
-+ goto error;
-+ break;
-+
-+ case PAM_ERROR_MSG:
-+ fprintf (stdout, "PAM_ERROR_MSG ");
-+ goto conv2;
-+
-+ case PAM_TEXT_INFO:
-+ fprintf (stdout, "PAM_TEXT_INFO ");
-+ conv2:
-+ fputs (msg[i]->msg, stdout);
-+ if (strlen (msg[i]->msg) > 0 &&
-+ msg[i]->msg[strlen (msg[i]->msg) - 1] != '\n')
-+ fputc ('\n', stdout);
-+ fflush (stdout);
-+ break;
-+
-+ default:
-+ goto error;
-+ }
-+ }
-+
-+ *resp = aresp;
-+ return PAM_SUCCESS;
-+
-+error:
-+
-+ for (i = 0; i < n; ++i)
-+ {
-+ if (aresp[i].resp != NULL) {
-+ memset (aresp[i].resp, 0, strlen(aresp[i].resp));
-+ free (aresp[i].resp);
-+ }
-+ }
-+ memset (aresp, 0, n * sizeof *aresp);
-+ *resp = NULL;
-+ return PAM_CONV_ERR;
-+}
-diff --git a/src/polkitagent/polkitagenthelper-shadow.c b/src/polkitagent/polkitagenthelper-shadow.c
-new file mode 100644
-index 0000000..a4f73ac
---- /dev/null
-+++ b/src/polkitagent/polkitagenthelper-shadow.c
-@@ -0,0 +1,198 @@
-+/*
-+ * Copyright (C) 2008 Red Hat, Inc.
-+ * Copyright (C) 2009-2010 Andrew Psaltis <ampsaltis@gmail.com>
-+ *
-+ * This library is free software; you can redistribute it and/or
-+ * modify it under the terms of the GNU Lesser General Public
-+ * License as published by the Free Software Foundation; either
-+ * version 2 of the License, or (at your option) any later version.
-+ *
-+ * This library is distributed in the hope that it will be useful,
-+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
-+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-+ * Lesser General Public License for more details.
-+ *
-+ * You should have received a copy of the GNU Lesser General
-+ * Public License along with this library; if not, write to the
-+ * Free Software Foundation, Inc., 59 Temple Place, Suite 330,
-+ * Boston, MA 02111-1307, USA.
-+ *
-+ * Authors: Andrew Psaltis <ampsaltis@gmail.com>, based on
-+ * polkitagenthelper.c which was written by
-+ * David Zeuthen <davidz@redhat.com>
-+ */
-+
-+#include "config.h"
-+#include "polkitagenthelperprivate.h"
-+
-+#include <stdio.h>
-+#include <stdlib.h>
-+#include <string.h>
-+#include <unistd.h>
-+#include <sys/types.h>
-+#include <sys/stat.h>
-+#include <syslog.h>
-+#include <shadow.h>
-+#include <grp.h>
-+#include <pwd.h>
-+#include <time.h>
-+
-+#include <polkit/polkit.h>
-+
-+static gboolean shadow_authenticate (struct spwd *shadow);
-+
-+int
-+main (int argc, char *argv[])
-+{
-+ struct spwd *shadow;
-+ const char *user_to_auth;
-+ const char *cookie;
-+ time_t now;
-+
-+ /* clear the entire environment to avoid attacks with
-+ libraries honoring environment variables */
-+ if (_polkit_clearenv () != 0)
-+ goto error;
-+
-+ /* set a minimal environment */
-+ setenv ("PATH", "/usr/sbin:/usr/bin:/sbin:/bin", 1);
-+
-+ /* check that we are setuid root */
-+ if (geteuid () != 0)
-+ {
-+ fprintf (stderr, "polkit-agent-helper-1: needs to be setuid root\n");
-+ goto error;
-+ }
-+
-+ openlog ("polkit-agent-helper-1", LOG_CONS | LOG_PID, LOG_AUTHPRIV);
-+
-+ /* check for correct invocation */
-+ if (argc != 3)
-+ {
-+ syslog (LOG_NOTICE, "inappropriate use of helper, wrong number of arguments [uid=%d]", getuid ());
-+ fprintf (stderr, "polkit-agent-helper-1: wrong number of arguments. This incident has been logged.\n");
-+ goto error;
-+ }
-+
-+ if (getuid () != 0)
-+ {
-+ /* check we're running with a non-tty stdin */
-+ if (isatty (STDIN_FILENO) != 0)
-+ {
-+ syslog (LOG_NOTICE, "inappropriate use of helper, stdin is a tty [uid=%d]", getuid ());
-+ fprintf (stderr, "polkit-agent-helper-1: inappropriate use of helper, stdin is a tty. This incident has been logged.\n");
-+ goto error;
-+ }
-+ }
-+
-+ user_to_auth = argv[1];
-+ cookie = argv[2];
-+
-+#ifdef PAH_DEBUG
-+ fprintf (stderr, "polkit-agent-helper-1: user to auth is '%s'.\n", user_to_auth);
-+#endif /* PAH_DEBUG */
-+
-+
-+ /* Ask shadow about the user requesting authentication */
-+ shadow = getspnam (user_to_auth);
-+
-+ if (shadow == NULL)
-+ {
-+ syslog (LOG_NOTICE, "shadow file data information request for user '%s' [uid=%d] failed", user_to_auth, getuid ());
-+ fprintf(stderr, "polkit-agent-helper-1: could not get shadow information for '%s'", user_to_auth);
-+ goto error;
-+ }
-+
-+ /* Check the user's identity */
-+ if (shadow_authenticate (shadow) == FALSE)
-+ {
-+ syslog (LOG_NOTICE, "authentication failure [uid=%d] trying to authenticate '%s'", getuid (), user_to_auth);
-+ fprintf (stderr, "polkit-agent-helper-1: authentication failure. This incident has been logged.\n");
-+ goto error;
-+ }
-+
-+ /* Check whether the user's password has expired */
-+ now = time (NULL);
-+ if (shadow->sp_max >= 0 && (shadow->sp_lstchg + shadow->sp_max) * 60 * 60 * 24 <= now)
-+ {
-+ syslog (LOG_NOTICE, "password expired for user '%s' [uid=%d] trying to authenticate", user_to_auth, getuid ());
-+ fprintf (stderr, "polkit-agent-helper-1: authorization failure. This incident has been logged.\n");
-+ goto error;
-+ }
-+
-+ /* Check whether the user's password has aged (and account expired along
-+ * with it)
-+ */
-+ if (shadow->sp_inact >= 0 && (shadow->sp_lstchg + shadow->sp_max + shadow->sp_inact) * 60 * 60 * 24 <= now)
-+ {
-+ syslog (LOG_NOTICE, "password aged for user '%s' [uid=%d] trying to authenticate", user_to_auth, getuid ());
-+ fprintf (stderr, "polkit-agent-helper-1: authorization failure. This incident has been logged.\n");
-+ goto error;
-+ }
-+
-+ /* Check whether the user's account has expired */
-+ if (shadow->sp_expire >= 0 && shadow->sp_expire * 60 * 60 * 24 <= now)
-+ {
-+ syslog (LOG_NOTICE, "account expired for user '%s' [uid=%d] trying to authenticate", user_to_auth, getuid ());
-+ fprintf (stderr, "polkit-agent-helper-1: authorization failure. This incident has been logged.\n");
-+ goto error;
-+ }
-+
-+#ifdef PAH_DEBUG
-+ fprintf (stderr, "polkit-agent-helper-1: sending D-Bus message to PolicyKit daemon\n");
-+#endif /* PAH_DEBUG */
-+
-+ /* now send a D-Bus message to the PolicyKit daemon that
-+ * includes a) the cookie; and b) the user we authenticated
-+ */
-+ if (!send_dbus_message (cookie, user_to_auth))
-+ {
-+#ifdef PAH_DEBUG
-+ fprintf (stderr, "polkit-agent-helper-1: error sending D-Bus message to PolicyKit daemon\n");
-+#endif /* PAH_DEBUG */
-+ goto error;
-+ }
-+
-+#ifdef PAH_DEBUG
-+ fprintf (stderr, "polkit-agent-helper-1: successfully sent D-Bus message to PolicyKit daemon\n");
-+#endif /* PAH_DEBUG */
-+
-+ fprintf (stdout, "SUCCESS\n");
-+ flush_and_wait ();
-+ return 0;
-+
-+error:
-+ fprintf (stdout, "FAILURE\n");
-+ flush_and_wait ();
-+ return 1;
-+}
-+
-+static gboolean
-+shadow_authenticate (struct spwd *shadow)
-+{
-+ char passwd[512], *crypt_pass;
-+
-+ fprintf (stdout, "PAM_PROMPT_ECHO_OFF password:\n");
-+ fflush (stdout);
-+ usleep (10 * 1000); /* since fflush(3) seems buggy */
-+
-+ if (fgets (passwd, sizeof (passwd), stdin) == NULL)
-+ goto error;
-+
-+ if (strlen (passwd) > 0 && passwd[strlen (passwd) - 1] == '\n')
-+ passwd[strlen (passwd) - 1] = '\0';
-+
-+ /* Use the encrypted password as the salt, according to the crypt(3) man page,
-+ * it will perform whatever encryption method is specified in /etc/shadow
-+ */
-+ crypt_pass = crypt (passwd, shadow->sp_pwdp);
-+
-+ if (crypt_pass == NULL)
-+ goto error;
-+
-+ if (strcmp (shadow->sp_pwdp, crypt (passwd, shadow->sp_pwdp)) != 0)
-+ goto error;
-+ return 1;
-+error:
-+ return 0;
-+}
-diff --git a/src/polkitagent/polkitagenthelper.c b/src/polkitagent/polkitagenthelper.c
-deleted file mode 100644
-index cca86db..0000000
---- a/src/polkitagent/polkitagenthelper.c
-+++ /dev/null
-@@ -1,339 +0,0 @@
--/*
-- * Copyright (C) 2008 Red Hat, Inc.
-- *
-- * This library is free software; you can redistribute it and/or
-- * modify it under the terms of the GNU Lesser General Public
-- * License as published by the Free Software Foundation; either
-- * version 2 of the License, or (at your option) any later version.
-- *
-- * This library is distributed in the hope that it will be useful,
-- * but WITHOUT ANY WARRANTY; without even the implied warranty of
-- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-- * Lesser General Public License for more details.
-- *
-- * You should have received a copy of the GNU Lesser General
-- * Public License along with this library; if not, write to the
-- * Free Software Foundation, Inc., 59 Temple Place, Suite 330,
-- * Boston, MA 02111-1307, USA.
-- *
-- * Author: David Zeuthen <davidz@redhat.com>
-- */
--
--#include "config.h"
--#include <stdio.h>
--#include <stdlib.h>
--#include <string.h>
--#include <unistd.h>
--#include <sys/types.h>
--#include <sys/stat.h>
--#include <syslog.h>
--#include <security/pam_appl.h>
--
--#include <polkit/polkit.h>
--
--#ifdef HAVE_SOLARIS
--# define LOG_AUTHPRIV (10<<3)
--#endif
--
--#ifndef HAVE_CLEARENV
--extern char **environ;
--
--static int
--clearenv (void)
--{
-- if (environ != NULL)
-- environ[0] = NULL;
-- return 0;
--}
--#endif
--
--/* Development aid: define PAH_DEBUG to get debugging output. Do _NOT_
-- * enable this in production builds; it may leak passwords and other
-- * sensitive information.
-- */
--#undef PAH_DEBUG
--// #define PAH_DEBUG
--
--static gboolean send_dbus_message (const char *cookie, const char *user);
--
--static int conversation_function (int n, const struct pam_message **msg, struct pam_response **resp, void *data);
--
--int
--main (int argc, char *argv[])
--{
-- int rc;
-- const char *user_to_auth;
-- const char *cookie;
-- struct pam_conv pam_conversation;
-- pam_handle_t *pam_h;
-- const void *authed_user;
--
-- rc = 0;
-- pam_h = NULL;
--
-- /* clear the entire environment to avoid attacks using with libraries honoring environment variables */
-- if (clearenv () != 0)
-- goto error;
--
-- /* set a minimal environment */
-- setenv ("PATH", "/usr/sbin:/usr/bin:/sbin:/bin", 1);
--
-- /* check that we are setuid root */
-- if (geteuid () != 0)
-- {
-- fprintf (stderr, "polkit-agent-helper-1: needs to be setuid root\n");
-- goto error;
-- }
--
-- openlog ("polkit-agent-helper-1", LOG_CONS | LOG_PID, LOG_AUTHPRIV);
--
-- /* check for correct invocation */
-- if (argc != 3)
-- {
-- syslog (LOG_NOTICE, "inappropriate use of helper, wrong number of arguments [uid=%d]", getuid ());
-- fprintf (stderr, "polkit-agent-helper-1: wrong number of arguments. This incident has been logged.\n");
-- goto error;
-- }
--
-- user_to_auth = argv[1];
-- cookie = argv[2];
--
-- if (getuid () != 0)
-- {
-- /* check we're running with a non-tty stdin */
-- if (isatty (STDIN_FILENO) != 0)
-- {
-- syslog (LOG_NOTICE, "inappropriate use of helper, stdin is a tty [uid=%d]", getuid ());
-- fprintf (stderr, "polkit-agent-helper-1: inappropriate use of helper, stdin is a tty. This incident has been logged.\n");
-- goto error;
-- }
-- }
--
--#ifdef PAH_DEBUG
-- fprintf (stderr, "polkit-agent-helper-1: user to auth is '%s'.\n", user_to_auth);
--#endif /* PAH_DEBUG */
--
-- pam_conversation.conv = conversation_function;
-- pam_conversation.appdata_ptr = NULL;
--
-- /* start the pam stack */
-- rc = pam_start ("polkit-1",
-- user_to_auth,
-- &pam_conversation,
-- &pam_h);
-- if (rc != PAM_SUCCESS)
-- {
-- fprintf (stderr, "polkit-agent-helper-1: pam_start failed: %s\n", pam_strerror (pam_h, rc));
-- goto error;
-- }
--
-- /* set the requesting user */
-- rc = pam_set_item (pam_h, PAM_RUSER, user_to_auth);
-- if (rc != PAM_SUCCESS)
-- {
-- fprintf (stderr, "polkit-agent-helper-1: pam_set_item failed: %s\n", pam_strerror (pam_h, rc));
-- goto error;
-- }
--
-- /* is user really user? */
-- rc = pam_authenticate (pam_h, 0);
-- if (rc != PAM_SUCCESS)
-- {
-- fprintf (stderr, "polkit-agent-helper-1: pam_authenticated failed: %s\n", pam_strerror (pam_h, rc));
-- goto error;
-- }
--
-- /* permitted access? */
-- rc = pam_acct_mgmt (pam_h, 0);
-- if (rc != PAM_SUCCESS)
-- {
-- fprintf (stderr, "polkit-agent-helper-1: pam_acct_mgmt failed: %s\n", pam_strerror (pam_h, rc));
-- goto error;
-- }
--
-- /* did we auth the right user? */
-- rc = pam_get_item (pam_h, PAM_USER, &authed_user);
-- if (rc != PAM_SUCCESS)
-- {
-- fprintf (stderr, "polkit-agent-helper-1: pam_get_item failed: %s\n", pam_strerror (pam_h, rc));
-- goto error;
-- }
--
-- if (strcmp (authed_user, user_to_auth) != 0)
-- {
-- fprintf (stderr, "polkit-agent-helper-1: Tried to auth user '%s' but we got auth for user '%s' instead",
-- user_to_auth, (const char *) authed_user);
-- goto error;
-- }
--
--#ifdef PAH_DEBUG
-- fprintf (stderr, "polkit-agent-helper-1: successfully authenticated user '%s'.\n", user_to_auth);
--#endif /* PAH_DEBUG */
--
-- pam_end (pam_h, rc);
-- pam_h = NULL;
--
--#ifdef PAH_DEBUG
-- fprintf (stderr, "polkit-agent-helper-1: sending D-Bus message to PolicyKit daemon\n");
--#endif /* PAH_DEBUG */
--
-- /* now send a D-Bus message to the PolicyKit daemon that
-- * includes a) the cookie; and b) the user we authenticated
-- */
-- if (!send_dbus_message (cookie, user_to_auth))
-- {
--#ifdef PAH_DEBUG
-- fprintf (stderr, "polkit-agent-helper-1: error sending D-Bus message to PolicyKit daemon\n");
--#endif /* PAH_DEBUG */
-- goto error;
-- }
--
--#ifdef PAH_DEBUG
-- fprintf (stderr, "polkit-agent-helper-1: successfully sent D-Bus message to PolicyKit daemon\n");
--#endif /* PAH_DEBUG */
--
-- fprintf (stdout, "SUCCESS\n");
-- fflush (stdout);
-- fflush (stderr);
-- usleep (10 * 1000); /* since fflush(3) seems buggy */
-- return 0;
--
--error:
-- if (pam_h != NULL)
-- pam_end (pam_h, rc);
--
-- fprintf (stdout, "FAILURE\n");
-- fflush (stdout);
-- fflush (stderr);
-- usleep (10 * 1000); /* since fflush(3) seems buggy */
-- return 1;
--}
--
--static int
--conversation_function (int n, const struct pam_message **msg, struct pam_response **resp, void *data)
--{
-- struct pam_response *aresp;
-- char buf[PAM_MAX_RESP_SIZE];
-- int i;
--
-- data = data;
-- if (n <= 0 || n > PAM_MAX_NUM_MSG)
-- return PAM_CONV_ERR;
--
-- if ((aresp = calloc(n, sizeof *aresp)) == NULL)
-- return PAM_BUF_ERR;
--
-- for (i = 0; i < n; ++i)
-- {
-- aresp[i].resp_retcode = 0;
-- aresp[i].resp = NULL;
-- switch (msg[i]->msg_style)
-- {
--
-- case PAM_PROMPT_ECHO_OFF:
-- fprintf (stdout, "PAM_PROMPT_ECHO_OFF ");
-- goto conv1;
--
-- case PAM_PROMPT_ECHO_ON:
-- fprintf (stdout, "PAM_PROMPT_ECHO_ON ");
-- conv1:
-- fputs (msg[i]->msg, stdout);
-- if (strlen (msg[i]->msg) > 0 && msg[i]->msg[strlen (msg[i]->msg) - 1] != '\n')
-- fputc ('\n', stdout);
-- fflush (stdout);
--
-- if (fgets (buf, sizeof buf, stdin) == NULL)
-- goto error;
--
-- if (strlen (buf) > 0 &&
-- buf[strlen (buf) - 1] == '\n')
-- buf[strlen (buf) - 1] = '\0';
--
-- aresp[i].resp = strdup (buf);
-- if (aresp[i].resp == NULL)
-- goto error;
-- break;
--
-- case PAM_ERROR_MSG:
-- fprintf (stdout, "PAM_ERROR_MSG ");
-- goto conv2;
--
-- case PAM_TEXT_INFO:
-- fprintf (stdout, "PAM_TEXT_INFO ");
-- conv2:
-- fputs (msg[i]->msg, stdout);
-- if (strlen (msg[i]->msg) > 0 &&
-- msg[i]->msg[strlen (msg[i]->msg) - 1] != '\n')
-- fputc ('\n', stdout);
-- fflush (stdout);
-- break;
--
-- default:
-- goto error;
-- }
-- }
--
-- *resp = aresp;
-- return PAM_SUCCESS;
--
--error:
--
-- for (i = 0; i < n; ++i)
-- {
-- if (aresp[i].resp != NULL) {
-- memset (aresp[i].resp, 0, strlen(aresp[i].resp));
-- free (aresp[i].resp);
-- }
-- }
-- memset (aresp, 0, n * sizeof *aresp);
-- *resp = NULL;
-- return PAM_CONV_ERR;
--}
--
--static gboolean
--send_dbus_message (const char *cookie, const char *user)
--{
-- PolkitAuthority *authority;
-- PolkitIdentity *identity;
-- GError *error;
-- gboolean ret;
--
-- ret = FALSE;
--
-- error = NULL;
--
-- g_type_init ();
--
-- authority = polkit_authority_get ();
--
-- identity = polkit_unix_user_new_for_name (user, &error);
-- if (identity == NULL)
-- {
-- g_printerr ("Error constructing identity: %s\n", error->message);
-- g_error_free (error);
-- goto out;
-- }
--
-- if (!polkit_authority_authentication_agent_response_sync (authority,
-- cookie,
-- identity,
-- NULL,
-- &error))
-- {
-- g_printerr ("polkit-agent-helper-1: error response to PolicyKit daemon: %s\n", error->message);
-- g_error_free (error);
-- goto out;
-- }
--
-- ret = TRUE;
--
-- out:
--
-- if (identity != NULL)
-- g_object_unref (identity);
--
-- if (authority != NULL)
-- g_object_unref (authority);
--
-- return ret;
--}
-diff --git a/src/polkitagent/polkitagenthelperprivate.c b/src/polkitagent/polkitagenthelperprivate.c
-new file mode 100644
-index 0000000..be495e9
---- /dev/null
-+++ b/src/polkitagent/polkitagenthelperprivate.c
-@@ -0,0 +1,106 @@
-+/*
-+ * Copyright (C) 2009-2010 Red Hat, Inc.
-+ *
-+ * This library is free software; you can redistribute it and/or
-+ * modify it under the terms of the GNU Lesser General Public
-+ * License as published by the Free Software Foundation; either
-+ * version 2 of the License, or (at your option) any later version.
-+ *
-+ * This library is distributed in the hope that it will be useful,
-+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
-+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-+ * Lesser General Public License for more details.
-+ *
-+ * You should have received a copy of the GNU Lesser General
-+ * Public License along with this library; if not, write to the
-+ * Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
-+ * Boston, MA 02110-1301, USA.
-+ *
-+ * Authors: David Zeuthen <davidz@redhat.com>,
-+ * Andrew Psaltis <ampsaltis@gmail.com>
-+ */
-+
-+#include "config.h"
-+#include "polkitagenthelperprivate.h"
-+#include <stdio.h>
-+#include <stdlib.h>
-+#include <unistd.h>
-+
-+#ifndef HAVE_CLEARENV
-+extern char **environ;
-+
-+int
-+_polkit_clearenv (void)
-+{
-+ if (environ != NULL)
-+ environ[0] = NULL;
-+ return 0;
-+}
-+#else
-+int
-+_polkit_clearenv (void)
-+{
-+ return clearenv ();
-+}
-+#endif
-+
-+
-+gboolean
-+send_dbus_message (const char *cookie, const char *user)
-+{
-+ PolkitAuthority *authority;
-+ PolkitIdentity *identity;
-+ GError *error;
-+ gboolean ret;
-+
-+ ret = FALSE;
-+
-+ error = NULL;
-+
-+ g_type_init ();
-+
-+ authority = polkit_authority_get ();
-+
-+ identity = polkit_unix_user_new_for_name (user, &error);
-+ if (identity == NULL)
-+ {
-+ g_printerr ("Error constructing identity: %s\n", error->message);
-+ g_error_free (error);
-+ goto out;
-+ }
-+
-+ if (!polkit_authority_authentication_agent_response_sync (authority,
-+ cookie,
-+ identity,
-+ NULL,
-+ &error))
-+ {
-+ g_printerr ("polkit-agent-helper-1: error response to PolicyKit daemon: %s\n", error->message);
-+ g_error_free (error);
-+ goto out;
-+ }
-+
-+ ret = TRUE;
-+
-+ out:
-+
-+ if (identity != NULL)
-+ g_object_unref (identity);
-+
-+ if (authority != NULL)
-+ g_object_unref (authority);
-+
-+ return ret;
-+}
-+
-+/* fflush(3) stdin and stdout and wait a little bit.
-+ * This replaces the three-line commands at the bottom of
-+ * polkit-agent-helper-1's main() function.
-+ */
-+void
-+flush_and_wait ()
-+{
-+ fflush (stdout);
-+ fflush (stderr);
-+ usleep (10 * 1000); /* since fflush(3) seems buggy */
-+}
-diff --git a/src/polkitagent/polkitagenthelperprivate.h b/src/polkitagent/polkitagenthelperprivate.h
-new file mode 100644
-index 0000000..7294d46
---- /dev/null
-+++ b/src/polkitagent/polkitagenthelperprivate.h
-@@ -0,0 +1,45 @@
-+/*
-+ * Copyright (C) 2009-2010 Red Hat, Inc.
-+ *
-+ * This library is free software; you can redistribute it and/or
-+ * modify it under the terms of the GNU Lesser General Public
-+ * License as published by the Free Software Foundation; either
-+ * version 2 of the License, or (at your option) any later version.
-+ *
-+ * This library is distributed in the hope that it will be useful,
-+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
-+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-+ * Lesser General Public License for more details.
-+ *
-+ * You should have received a copy of the GNU Lesser General
-+ * Public License along with this library; if not, write to the
-+ * Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
-+ * Boston, MA 02110-1301, USA.
-+ *
-+ * Authors: David Zeuthen <davidz@redhat.com>,
-+ * Andrew Psaltis <ampsalits@gmail.com>
-+ */
-+#ifndef __POLKIT_AGENT_HELPER_PRIVATE_H
-+#define __POLKIT_AGENT_HELPER_PRIVATE_H
-+
-+#define _GNU_SOURCE
-+#include <polkit/polkit.h>
-+
-+/* Development aid: define PAH_DEBUG to get debugging output. Do _NOT_
-+ * enable this in production builds; it may leak passwords and other
-+ * sensitive information.
-+ */
-+#undef PAH_DEBUG
-+// #define PAH_DEBUG
-+
-+#ifdef HAVE_SOLARIS
-+# define LOG_AUTHPRIV (10<<3)
-+#endif
-+
-+int _polkit_clearenv (void);
-+
-+gboolean send_dbus_message (const char *cookie, const char *user);
-+
-+void flush_and_wait ();
-+
-+#endif /* __POLKIT_AGENT_HELPER_PRIVATE_H */
-diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c
-index 17c191e..b0193f4 100644
---- a/src/programs/pkexec.c
-+++ b/src/programs/pkexec.c
-@@ -34,7 +34,11 @@
- #include <grp.h>
- #include <pwd.h>
- #include <errno.h>
-+
-+#ifdef POLKIT_AUTHFW_PAM
- #include <security/pam_appl.h>
-+#endif /* POLKIT_AUTHFW_PAM */
-+
- #include <syslog.h>
- #include <stdarg.h>
-
-@@ -115,6 +119,7 @@ log_message (gint level,
-
- /* ---------------------------------------------------------------------------------------------------- */
-
-+#ifdef POLKIT_AUTHFW_PAM
- static int
- pam_conversation_function (int n,
- const struct pam_message **msg,
-@@ -167,6 +172,7 @@ out:
- pam_end (pam_h, rc);
- return ret;
- }
-+#endif /* POLKIT_AUTHFW_PAM */
-
- /* ---------------------------------------------------------------------------------------------------- */
-
-@@ -741,10 +747,12 @@ main (int argc, char *argv[])
- * TODO: The question here is whether we should clear the limits before applying them?
- * As evident above, neither su(1) (and, for that matter, nor sudo(8)) does this.
- */
-+#ifdef POLKIT_AUTHFW_PAM
- if (!open_session (pw->pw_name))
- {
- goto out;
- }
-+#endif /* POLKIT_AUTHFW_PAM */
-
- /* become the user */
- if (setgroups (0, NULL) != 0)
---
-1.7.1
-
diff --git a/patches/polkit-0.96/0003-Bug-29051-Configuration-reload-on-every-query.patch b/patches/polkit-0.96/0003-Bug-29051-Configuration-reload-on-every-query.patch
deleted file mode 100644
index d9cf8c23bfd6..000000000000
--- a/patches/polkit-0.96/0003-Bug-29051-Configuration-reload-on-every-query.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-From 779c0153fc0bd3c2e302dac1979d17638f054229 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Petr=20Mr=C3=A1zek?= <peterix@gmail.com>
-Date: Wed, 14 Jul 2010 02:59:12 +0200
-Subject: [PATCH 3/3] =?UTF-8?q?Bug=2029051=20=E2=80=93=20Configuration=20reload=20on=20every=20query?=
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Set has_data to true after the data is loaded to prevent excessive
-reloading of config files.
-
-Signed-off-by: David Zeuthen <davidz@redhat.com>
----
- src/polkitbackend/polkitbackendconfigsource.c | 1 +
- .../polkitbackendlocalauthorizationstore.c | 2 ++
- 2 files changed, 3 insertions(+), 0 deletions(-)
-
-diff --git a/src/polkitbackend/polkitbackendconfigsource.c b/src/polkitbackend/polkitbackendconfigsource.c
-index 224d0d0..465da96 100644
---- a/src/polkitbackend/polkitbackendconfigsource.c
-+++ b/src/polkitbackend/polkitbackendconfigsource.c
-@@ -386,6 +386,7 @@ polkit_backend_config_source_ensure (PolkitBackendConfigSource *source)
- }
-
- source->priv->key_files = g_list_reverse (source->priv->key_files);
-+ source->priv->has_data = TRUE;
-
- out:
- g_list_foreach (files, (GFunc) g_object_unref, NULL);
-diff --git a/src/polkitbackend/polkitbackendlocalauthorizationstore.c b/src/polkitbackend/polkitbackendlocalauthorizationstore.c
-index 5d5dc14..b959269 100644
---- a/src/polkitbackend/polkitbackendlocalauthorizationstore.c
-+++ b/src/polkitbackend/polkitbackendlocalauthorizationstore.c
-@@ -641,6 +641,8 @@ polkit_backend_local_authorization_store_ensure (PolkitBackendLocalAuthorization
- g_free (filename);
- }
-
-+ store->priv->has_data = TRUE;
-+
- out:
- g_list_foreach (files, (GFunc) g_object_unref, NULL);
- g_list_free (files);
---
-1.7.1
-
diff --git a/patches/polkit-0.96/autogen.sh b/patches/polkit-0.96/autogen.sh
deleted file mode 120000
index 9f8a4cb7ddcb..000000000000
--- a/patches/polkit-0.96/autogen.sh
+++ /dev/null
@@ -1 +0,0 @@
-../autogen.sh
\ No newline at end of file
diff --git a/patches/polkit-0.96/series b/patches/polkit-0.96/series
deleted file mode 100644
index ee29cd64eb79..000000000000
--- a/patches/polkit-0.96/series
+++ /dev/null
@@ -1,3 +0,0 @@
-0001-Bug-26982-pkexec-information-disclosure-vulnerabilit.patch
-0002-Add-shadow-support.patch
-0003-Bug-29051-Configuration-reload-on-every-query.patch
diff --git a/rules/polkit.in b/rules/polkit.in
index d28de7c67e91..07c3744b6964 100644
--- a/rules/polkit.in
+++ b/rules/polkit.in
@@ -1,14 +1,27 @@
## SECTION=system_libraries
-config POLKIT
+menuconfig POLKIT
tristate
- prompt "policykit-1"
+ prompt "policykit-1 "
select LIBC_CRYPT
select HOST_INTLTOOL
select HOST_GTK_DOC
+ select EXPAT
select GLIB
select DBUS_GLIB
select EGGDBUS
+ select SYSTEMD if POLKIT_SYSTEMD
+ select SYSTEMD_LOGIND if POLKIT_SYSTEMD
help
PolicyKit offers an infrastructure for security policies for
dbus applications.
+
+if POLKIT
+
+config POLKIT_SYSTEMD
+ bool "systemd based session tracking"
+ default y if INITMETHOD_SYSTEMD
+ help
+ Use systemd for session tracking, else ConsoleKit is used
+
+endif
diff --git a/rules/polkit.make b/rules/polkit.make
index b702a1b50d90..376315f929f8 100644
--- a/rules/polkit.make
+++ b/rules/polkit.make
@@ -16,8 +16,8 @@ PACKAGES-$(PTXCONF_POLKIT) += polkit
#
# Paths and names
#
-POLKIT_VERSION := 0.96
-POLKIT_MD5 := e0a06da501b04ed3bab986a9df5b5aa2
+POLKIT_VERSION := 0.104
+POLKIT_MD5 := e380b4c6fb1e7bccf854e92edc0a8ce1
POLKIT := polkit-$(POLKIT_VERSION)
POLKIT_SUFFIX := tar.gz
POLKIT_URL := http://hal.freedesktop.org/releases/$(POLKIT).$(POLKIT_SUFFIX)
@@ -28,19 +28,19 @@ POLKIT_DIR := $(BUILDDIR)/$(POLKIT)
# Prepare
# ----------------------------------------------------------------------------
-#
-# autoconf
-#
-POLKIT_AUTOCONF := \
+POLKIT_CONF_TOOL := autoconf
+POLKIT_CONF_OPT := \
$(CROSS_AUTOCONF_USR) \
- --enable-shared \
- --enable-static \
+ $(GLOBAL_LARGE_FILE_OPTION) \
--disable-ansi \
--disable-verbose-mode \
--disable-man-pages \
--disable-gtk-doc \
- --disable-examples \
+ --disable-gtk-doc-html \
+ --$(call ptx/endis, PTXCONF_POLKIT_SYSTEMD)-systemd \
--disable-introspection \
+ --disable-examples \
+ --disable-nls \
--with-gnu-ld \
--with-authfw=shadow \
--with-os-type=ptxdist
@@ -65,6 +65,7 @@ $(STATEDIR)/polkit.targetinstall:
/usr/share/dbus-1/system-services/org.freedesktop.PolicyKit1.service)
# config
+ @$(call install_copy, polkit, 0, 0, 700, /etc/polkit-1/localauthority)
@$(call install_copy, polkit, 0, 0, 0644, -, \
/etc/polkit-1/localauthority.conf.d/50-localauthority.conf)
@$(call install_copy, polkit, 0, 0, 0644, -, \
@@ -79,8 +80,6 @@ $(STATEDIR)/polkit.targetinstall:
@$(call install_copy, polkit, 0, 0, 0644, -, \
/usr/lib/polkit-1/extensions/libnullbackend.so)
- @$(call install_copy, polkit, 0, 0, 0644, -, \
- /usr/lib/polkit-1/extensions/libpkexec-action-lookup.so)
# binaries
@$(call install_copy, polkit, 0, 0, 0755, -, /usr/bin/pkaction)
@@ -93,6 +92,9 @@ $(STATEDIR)/polkit.targetinstall:
@$(call install_copy, polkit, 0, 0, 4755, -, \
/usr/libexec/polkit-agent-helper-1)
+# run-time
+ @$(call install_copy, polkit, 0, 0, 700, /var/lib/polkit-1)
+
@$(call install_finish, polkit)
@$(call touch)
--
Pengutronix e.K. | Juergen Borleis |
Industrial Linux Solutions | http://www.pengutronix.de/ |
--
ptxdist mailing list
ptxdist@pengutronix.de
next reply other threads:[~2015-03-26 8:45 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-03-26 8:48 Juergen Borleis [this message]
2015-04-02 16:20 ` Michael Olbrich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=201503260948.04180.jbe@pengutronix.de \
--to=jbe@pengutronix.de \
--cc=ptxdist@pengutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox