summaryrefslogtreecommitdiffstats
path: root/source/l/polkit
diff options
context:
space:
mode:
author Patrick J Volkerding <volkerdi@slackware.com>2011-04-25 13:37:00 +0000
committer Eric Hameleers <alien@slackware.com>2018-05-31 22:45:18 +0200
commit75a4a592e5ccda30715f93563d741b83e0dcf39e (patch)
tree502f745607e77a2c4386ad38d818ddcafe81489c /source/l/polkit
parentb76270bf9e6dd375e495fec92140a79a79415d27 (diff)
downloadcurrent-75a4a592e5ccda30715f93563d741b83e0dcf39e.tar.gz
current-75a4a592e5ccda30715f93563d741b83e0dcf39e.tar.xz
Slackware 13.37slackware-13.37
Mon Apr 25 13:37:00 UTC 2011 Slackware 13.37 x86_64 stable is released! Thanks to everyone who pitched in on this release: the Slackware team, the folks producing upstream code, and linuxquestions.org for providing a great forum for collaboration and testing. The ISOs are off to be replicated, a 6 CD-ROM 32-bit set and a dual-sided 32-bit/64-bit x86/x86_64 DVD. Please consider supporting the Slackware project by picking up a copy from store.slackware.com. We're taking pre-orders now, and offer a discount if you sign up for a subscription. As always, thanks to the Slackware community for testing, suggestions, and feedback. :-) Have fun!
Diffstat (limited to 'source/l/polkit')
-rw-r--r--source/l/polkit/CVE-2011-1485/0001-PolkitUnixProcess-Clarify-that-the-real-uid-is-retur.patch139
-rw-r--r--source/l/polkit/CVE-2011-1485/0002-Make-PolkitUnixProcess-also-record-the-uid-of-the-pr.patch623
-rw-r--r--source/l/polkit/CVE-2011-1485/0003-Use-polkit_unix_process_get_uid-to-get-the-owner-of-.patch41
-rw-r--r--source/l/polkit/CVE-2011-1485/0004-pkexec-Avoid-TOCTTOU-problems-with-parent-process.patch127
-rw-r--r--source/l/polkit/polkit-1-shadow.diff1030
-rwxr-xr-xsource/l/polkit/polkit.SlackBuild32
6 files changed, 946 insertions, 1046 deletions
diff --git a/source/l/polkit/CVE-2011-1485/0001-PolkitUnixProcess-Clarify-that-the-real-uid-is-retur.patch b/source/l/polkit/CVE-2011-1485/0001-PolkitUnixProcess-Clarify-that-the-real-uid-is-retur.patch
new file mode 100644
index 000000000..9431056bc
--- /dev/null
+++ b/source/l/polkit/CVE-2011-1485/0001-PolkitUnixProcess-Clarify-that-the-real-uid-is-retur.patch
@@ -0,0 +1,139 @@
+From dd848a42a64a3b22a0cc60f6657b56ce9b6010ae Mon Sep 17 00:00:00 2001
+From: David Zeuthen <davidz@redhat.com>
+Date: Thu, 31 Mar 2011 12:59:09 -0400
+Subject: [PATCH 1/4] PolkitUnixProcess: Clarify that the real uid is
+ returned, not the effective one
+
+On Linux, also switch to parsing /proc/<pid>/status instead of relying
+on the st_uid returned by stat(2) to be the uid we want.
+
+This was pointed out by Neel Mehta <nmehta@google.com>. Thanks!
+
+Signed-off-by: David Zeuthen <davidz@redhat.com>
+---
+ src/polkit/polkitunixprocess.c | 66 ++++++++++++++++++++++++++++++----------
+ 1 files changed, 50 insertions(+), 16 deletions(-)
+
+diff --git a/src/polkit/polkitunixprocess.c b/src/polkit/polkitunixprocess.c
+index d95a1d4..876da69 100644
+--- a/src/polkit/polkitunixprocess.c
++++ b/src/polkit/polkitunixprocess.c
+@@ -24,9 +24,7 @@
+ #endif
+
+ #include <sys/types.h>
+-#ifndef HAVE_FREEBSD
+-#include <sys/stat.h>
+-#else
++#ifdef HAVE_FREEBSD
+ #include <sys/param.h>
+ #include <sys/sysctl.h>
+ #include <sys/user.h>
+@@ -34,6 +32,7 @@
+ #include <stdlib.h>
+ #include <string.h>
+ #include <errno.h>
++#include <stdio.h>
+
+ #include "polkitunixprocess.h"
+ #include "polkitsubject.h"
+@@ -208,6 +207,8 @@ polkit_unix_process_get_pid (PolkitUnixProcess *process)
+ *
+ * Gets the uid of the owner of @process.
+ *
++ * Note that this returns the real user-id (not the effective user-id) of @process.
++ *
+ * Returns: The UNIX user id of the owner for @process or 0 if @error is set.
+ **/
+ gint
+@@ -215,17 +216,21 @@ polkit_unix_process_get_owner (PolkitUnixProcess *process,
+ GError **error)
+ {
+ gint result;
++ gchar *contents;
++ gchar **lines;
+ #ifdef HAVE_FREEBSD
+ struct kinfo_proc p;
+ #else
+- struct stat statbuf;
+- char procbuf[32];
++ gchar filename[64];
++ guint n;
+ #endif
+
+ g_return_val_if_fail (POLKIT_IS_UNIX_PROCESS (process), 0);
+ g_return_val_if_fail (error == NULL || *error == NULL, 0);
+
+ result = 0;
++ lines = NULL;
++ contents = NULL;
+
+ #ifdef HAVE_FREEBSD
+ if (get_kinfo_proc (process->pid, &p) == 0)
+@@ -241,23 +246,52 @@ polkit_unix_process_get_owner (PolkitUnixProcess *process,
+
+ result = p.ki_uid;
+ #else
+- g_snprintf (procbuf, sizeof procbuf, "/proc/%d", process->pid);
+- if (stat (procbuf, &statbuf) != 0)
++
++ /* see 'man proc' for layout of the status file
++ *
++ * Uid, Gid: Real, effective, saved set, and file system UIDs (GIDs).
++ */
++ g_snprintf (filename, sizeof filename, "/proc/%d/status", process->pid);
++ if (!g_file_get_contents (filename,
++ &contents,
++ NULL,
++ error))
+ {
+- g_set_error (error,
+- POLKIT_ERROR,
+- POLKIT_ERROR_FAILED,
+- "stat() failed for /proc/%d: %s",
+- process->pid,
+- g_strerror (errno));
+ goto out;
+ }
++ lines = g_strsplit (contents, "\n", -1);
++ for (n = 0; lines != NULL && lines[n] != NULL; n++)
++ {
++ gint real_uid, effective_uid;
++ if (!g_str_has_prefix (lines[n], "Uid:"))
++ continue;
++ if (sscanf (lines[n] + 4, "%d %d", &real_uid, &effective_uid) != 2)
++ {
++ g_set_error (error,
++ POLKIT_ERROR,
++ POLKIT_ERROR_FAILED,
++ "Unexpected line `%s' in file %s",
++ lines[n],
++ filename);
++ goto out;
++ }
++ else
++ {
++ result = real_uid;
++ goto out;
++ }
++ }
+
+- result = statbuf.st_uid;
++ g_set_error (error,
++ POLKIT_ERROR,
++ POLKIT_ERROR_FAILED,
++ "Didn't find any line starting with `Uid:' in file %s",
++ filename);
+ #endif
+
+- out:
+-
++out:
++ g_strfreev (lines);
++ g_free (contents);
+ return result;
+ }
+
+--
+1.7.4.4
+
diff --git a/source/l/polkit/CVE-2011-1485/0002-Make-PolkitUnixProcess-also-record-the-uid-of-the-pr.patch b/source/l/polkit/CVE-2011-1485/0002-Make-PolkitUnixProcess-also-record-the-uid-of-the-pr.patch
new file mode 100644
index 000000000..81a163c68
--- /dev/null
+++ b/source/l/polkit/CVE-2011-1485/0002-Make-PolkitUnixProcess-also-record-the-uid-of-the-pr.patch
@@ -0,0 +1,623 @@
+From 129b6223a19e7fb2753f8cad7957ac5402394076 Mon Sep 17 00:00:00 2001
+From: David Zeuthen <davidz@redhat.com>
+Date: Fri, 1 Apr 2011 12:09:45 -0400
+Subject: [PATCH 2/4] Make PolkitUnixProcess also record the uid of the
+ process
+
+This is needed to avoid possible TOCTTOU issues since a process can
+change both its real uid and effective uid.
+
+Signed-off-by: David Zeuthen <davidz@redhat.com>
+---
+ docs/polkit/polkit-1-sections.txt | 7 +-
+ src/polkit/polkitsubject.c | 25 +++-
+ src/polkit/polkitunixprocess.c | 346 +++++++++++++++++++++++++------------
+ src/polkit/polkitunixprocess.h | 18 ++-
+ 4 files changed, 278 insertions(+), 118 deletions(-)
+
+diff --git a/docs/polkit/polkit-1-sections.txt b/docs/polkit/polkit-1-sections.txt
+index 12141e3..9f4fcf8 100644
+--- a/docs/polkit/polkit-1-sections.txt
++++ b/docs/polkit/polkit-1-sections.txt
+@@ -145,10 +145,13 @@ POLKIT_UNIX_SESSION_GET_CLASS
+ PolkitUnixProcess
+ polkit_unix_process_new
+ polkit_unix_process_new_full
++polkit_unix_process_new_for_owner
++polkit_unix_process_set_pid
+ polkit_unix_process_get_pid
++polkit_unix_process_set_start_time
+ polkit_unix_process_get_start_time
+-polkit_unix_process_set_pid
+-polkit_unix_process_get_owner
++polkit_unix_process_set_uid
++polkit_unix_process_get_uid
+ <SUBSECTION Standard>
+ PolkitUnixProcessClass
+ POLKIT_UNIX_PROCESS
+diff --git a/src/polkit/polkitsubject.c b/src/polkit/polkitsubject.c
+index 577afec..d2c4c20 100644
+--- a/src/polkit/polkitsubject.c
++++ b/src/polkit/polkitsubject.c
+@@ -238,13 +238,18 @@ polkit_subject_from_string (const gchar *str,
+ {
+ gint scanned_pid;
+ guint64 scanned_starttime;
+- if (sscanf (str, "unix-process:%d:%" G_GUINT64_FORMAT, &scanned_pid, &scanned_starttime) == 2)
++ gint scanned_uid;
++ if (sscanf (str, "unix-process:%d:%" G_GUINT64_FORMAT ":%d", &scanned_pid, &scanned_starttime, &scanned_uid) == 3)
++ {
++ subject = polkit_unix_process_new_for_owner (scanned_pid, scanned_starttime, scanned_uid);
++ }
++ else if (sscanf (str, "unix-process:%d:%" G_GUINT64_FORMAT, &scanned_pid, &scanned_starttime) == 2)
+ {
+ subject = polkit_unix_process_new_full (scanned_pid, scanned_starttime);
+ }
+ else if (sscanf (str, "unix-process:%d", &scanned_pid) == 1)
+ {
+- subject = polkit_unix_process_new_full (scanned_pid, 0);
++ subject = polkit_unix_process_new (scanned_pid);
+ if (polkit_unix_process_get_start_time (POLKIT_UNIX_PROCESS (subject)) == 0)
+ {
+ g_object_unref (subject);
+@@ -297,6 +302,8 @@ polkit_subject_to_gvariant (PolkitSubject *subject)
+ g_variant_new_uint32 (polkit_unix_process_get_pid (POLKIT_UNIX_PROCESS (subject))));
+ g_variant_builder_add (&builder, "{sv}", "start-time",
+ g_variant_new_uint64 (polkit_unix_process_get_start_time (POLKIT_UNIX_PROCESS (subject))));
++ g_variant_builder_add (&builder, "{sv}", "uid",
++ g_variant_new_int32 (polkit_unix_process_get_uid (POLKIT_UNIX_PROCESS (subject))));
+ }
+ else if (POLKIT_IS_UNIX_SESSION (subject))
+ {
+@@ -395,6 +402,7 @@ polkit_subject_new_for_gvariant (GVariant *variant,
+ GVariant *v;
+ guint32 pid;
+ guint64 start_time;
++ gint32 uid;
+
+ v = lookup_asv (details_gvariant, "pid", G_VARIANT_TYPE_UINT32, error);
+ if (v == NULL)
+@@ -414,7 +422,18 @@ polkit_subject_new_for_gvariant (GVariant *variant,
+ start_time = g_variant_get_uint64 (v);
+ g_variant_unref (v);
+
+- ret = polkit_unix_process_new_full (pid, start_time);
++ v = lookup_asv (details_gvariant, "uid", G_VARIANT_TYPE_INT32, error);
++ if (v != NULL)
++ {
++ uid = g_variant_get_int32 (v);
++ g_variant_unref (v);
++ }
++ else
++ {
++ uid = -1;
++ }
++
++ ret = polkit_unix_process_new_for_owner (pid, start_time, uid);
+ }
+ else if (g_strcmp0 (kind, "unix-session") == 0)
+ {
+diff --git a/src/polkit/polkitunixprocess.c b/src/polkit/polkitunixprocess.c
+index 876da69..913be3a 100644
+--- a/src/polkit/polkitunixprocess.c
++++ b/src/polkit/polkitunixprocess.c
+@@ -62,6 +62,7 @@ struct _PolkitUnixProcess
+
+ gint pid;
+ guint64 start_time;
++ gint uid;
+ };
+
+ struct _PolkitUnixProcessClass
+@@ -74,6 +75,7 @@ enum
+ PROP_0,
+ PROP_PID,
+ PROP_START_TIME,
++ PROP_UID
+ };
+
+ static void subject_iface_init (PolkitSubjectIface *subject_iface);
+@@ -81,6 +83,9 @@ static void subject_iface_init (PolkitSubjectIface *subject_iface);
+ static guint64 get_start_time_for_pid (gint pid,
+ GError **error);
+
++static gint _polkit_unix_process_get_owner (PolkitUnixProcess *process,
++ GError **error);
++
+ #ifdef HAVE_FREEBSD
+ static gboolean get_kinfo_proc (gint pid, struct kinfo_proc *p);
+ #endif
+@@ -92,6 +97,7 @@ G_DEFINE_TYPE_WITH_CODE (PolkitUnixProcess, polkit_unix_process, G_TYPE_OBJECT,
+ static void
+ polkit_unix_process_init (PolkitUnixProcess *unix_process)
+ {
++ unix_process->uid = -1;
+ }
+
+ static void
+@@ -108,6 +114,10 @@ polkit_unix_process_get_property (GObject *object,
+ g_value_set_int (value, unix_process->pid);
+ break;
+
++ case PROP_UID:
++ g_value_set_int (value, unix_process->uid);
++ break;
++
+ case PROP_START_TIME:
+ g_value_set_uint64 (value, unix_process->start_time);
+ break;
+@@ -132,6 +142,14 @@ polkit_unix_process_set_property (GObject *object,
+ polkit_unix_process_set_pid (unix_process, g_value_get_int (value));
+ break;
+
++ case PROP_UID:
++ polkit_unix_process_set_uid (unix_process, g_value_get_int (value));
++ break;
++
++ case PROP_START_TIME:
++ polkit_unix_process_set_start_time (unix_process, g_value_get_uint64 (value));
++ break;
++
+ default:
+ G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
+ break;
+@@ -139,12 +157,39 @@ polkit_unix_process_set_property (GObject *object,
+ }
+
+ static void
++polkit_unix_process_constructed (GObject *object)
++{
++ PolkitUnixProcess *process = POLKIT_UNIX_PROCESS (object);
++
++ /* sets start_time and uid in case they are unset */
++
++ if (process->start_time == 0)
++ process->start_time = get_start_time_for_pid (process->pid, NULL);
++
++ if (process->uid == -1)
++ {
++ GError *error;
++ error = NULL;
++ process->uid = _polkit_unix_process_get_owner (process, &error);
++ if (error != NULL)
++ {
++ process->uid = -1;
++ g_error_free (error);
++ }
++ }
++
++ if (G_OBJECT_CLASS (polkit_unix_process_parent_class)->constructed != NULL)
++ G_OBJECT_CLASS (polkit_unix_process_parent_class)->constructed (object);
++}
++
++static void
+ polkit_unix_process_class_init (PolkitUnixProcessClass *klass)
+ {
+ GObjectClass *gobject_class = G_OBJECT_CLASS (klass);
+
+ gobject_class->get_property = polkit_unix_process_get_property;
+ gobject_class->set_property = polkit_unix_process_set_property;
++ gobject_class->constructed = polkit_unix_process_constructed;
+
+ /**
+ * PolkitUnixProcess:pid:
+@@ -156,7 +201,7 @@ polkit_unix_process_class_init (PolkitUnixProcessClass *klass)
+ g_param_spec_int ("pid",
+ "Process ID",
+ "The UNIX process ID",
+- -1,
++ 0,
+ G_MAXINT,
+ 0,
+ G_PARAM_CONSTRUCT |
+@@ -166,6 +211,27 @@ polkit_unix_process_class_init (PolkitUnixProcessClass *klass)
+ G_PARAM_STATIC_NICK));
+
+ /**
++ * PolkitUnixProcess:uid:
++ *
++ * The UNIX user id of the process or -1 if unknown.
++ *
++ * Note that this is the real user-id, not the effective user-id.
++ */
++ g_object_class_install_property (gobject_class,
++ PROP_UID,
++ g_param_spec_int ("uid",
++ "User ID",
++ "The UNIX user ID",
++ -1,
++ G_MAXINT,
++ -1,
++ G_PARAM_CONSTRUCT |
++ G_PARAM_READWRITE |
++ G_PARAM_STATIC_NAME |
++ G_PARAM_STATIC_BLURB |
++ G_PARAM_STATIC_NICK));
++
++ /**
+ * PolkitUnixProcess:start-time:
+ *
+ * The start time of the process.
+@@ -178,7 +244,8 @@ polkit_unix_process_class_init (PolkitUnixProcessClass *klass)
+ 0,
+ G_MAXUINT64,
+ 0,
+- G_PARAM_READABLE |
++ G_PARAM_CONSTRUCT |
++ G_PARAM_READWRITE |
+ G_PARAM_STATIC_NAME |
+ G_PARAM_STATIC_BLURB |
+ G_PARAM_STATIC_NICK));
+@@ -186,113 +253,50 @@ polkit_unix_process_class_init (PolkitUnixProcessClass *klass)
+ }
+
+ /**
+- * polkit_unix_process_get_pid:
++ * polkit_unix_process_get_uid:
+ * @process: A #PolkitUnixProcess.
+ *
+- * Gets the process id for @process.
++ * Gets the user id for @process. Note that this is the real user-id,
++ * not the effective user-id.
+ *
+- * Returns: The process id for @process.
++ * Returns: The user id for @process or -1 if unknown.
+ */
+ gint
+-polkit_unix_process_get_pid (PolkitUnixProcess *process)
++polkit_unix_process_get_uid (PolkitUnixProcess *process)
+ {
+- g_return_val_if_fail (POLKIT_IS_UNIX_PROCESS (process), 0);
+- return process->pid;
++ g_return_val_if_fail (POLKIT_IS_UNIX_PROCESS (process), -1);
++ return process->uid;
+ }
+
+ /**
+- * polkit_unix_process_get_owner:
++ * polkit_unix_process_set_uid:
+ * @process: A #PolkitUnixProcess.
+- * @error: (allow-none): Return location for error or %NULL.
++ * @uid: The user id to set for @process or -1 to unset it.
+ *
+- * Gets the uid of the owner of @process.
++ * Sets the (real, not effective) user id for @process.
++ */
++void
++polkit_unix_process_set_uid (PolkitUnixProcess *process,
++ gint uid)
++{
++ g_return_if_fail (POLKIT_IS_UNIX_PROCESS (process));
++ g_return_if_fail (uid >= -1);
++ process->uid = uid;
++}
++
++/**
++ * polkit_unix_process_get_pid:
++ * @process: A #PolkitUnixProcess.
+ *
+- * Note that this returns the real user-id (not the effective user-id) of @process.
++ * Gets the process id for @process.
+ *
+- * Returns: The UNIX user id of the owner for @process or 0 if @error is set.
+- **/
++ * Returns: The process id for @process.
++ */
+ gint
+-polkit_unix_process_get_owner (PolkitUnixProcess *process,
+- GError **error)
++polkit_unix_process_get_pid (PolkitUnixProcess *process)
+ {
+- gint result;
+- gchar *contents;
+- gchar **lines;
+-#ifdef HAVE_FREEBSD
+- struct kinfo_proc p;
+-#else
+- gchar filename[64];
+- guint n;
+-#endif
+-
+ g_return_val_if_fail (POLKIT_IS_UNIX_PROCESS (process), 0);
+- g_return_val_if_fail (error == NULL || *error == NULL, 0);
+-
+- result = 0;
+- lines = NULL;
+- contents = NULL;
+-
+-#ifdef HAVE_FREEBSD
+- if (get_kinfo_proc (process->pid, &p) == 0)
+- {
+- g_set_error (error,
+- POLKIT_ERROR,
+- POLKIT_ERROR_FAILED,
+- "get_kinfo_proc() failed for pid %d: %s",
+- process->pid,
+- g_strerror (errno));
+- goto out;
+- }
+-
+- result = p.ki_uid;
+-#else
+-
+- /* see 'man proc' for layout of the status file
+- *
+- * Uid, Gid: Real, effective, saved set, and file system UIDs (GIDs).
+- */
+- g_snprintf (filename, sizeof filename, "/proc/%d/status", process->pid);
+- if (!g_file_get_contents (filename,
+- &contents,
+- NULL,
+- error))
+- {
+- goto out;
+- }
+- lines = g_strsplit (contents, "\n", -1);
+- for (n = 0; lines != NULL && lines[n] != NULL; n++)
+- {
+- gint real_uid, effective_uid;
+- if (!g_str_has_prefix (lines[n], "Uid:"))
+- continue;
+- if (sscanf (lines[n] + 4, "%d %d", &real_uid, &effective_uid) != 2)
+- {
+- g_set_error (error,
+- POLKIT_ERROR,
+- POLKIT_ERROR_FAILED,
+- "Unexpected line `%s' in file %s",
+- lines[n],
+- filename);
+- goto out;
+- }
+- else
+- {
+- result = real_uid;
+- goto out;
+- }
+- }
+-
+- g_set_error (error,
+- POLKIT_ERROR,
+- POLKIT_ERROR_FAILED,
+- "Didn't find any line starting with `Uid:' in file %s",
+- filename);
+-#endif
+-
+-out:
+- g_strfreev (lines);
+- g_free (contents);
+- return result;
++ return process->pid;
+ }
+
+ /**
+@@ -311,6 +315,21 @@ polkit_unix_process_get_start_time (PolkitUnixProcess *process)
+ }
+
+ /**
++ * polkit_unix_process_set_start_time:
++ * @process: A #PolkitUnixProcess.
++ * @start_time: The start time for @pid.
++ *
++ * Set the start time of @process.
++ */
++void
++polkit_unix_process_set_start_time (PolkitUnixProcess *process,
++ guint64 start_time)
++{
++ g_return_if_fail (POLKIT_IS_UNIX_PROCESS (process));
++ process->start_time = start_time;
++}
++
++/**
+ * polkit_unix_process_set_pid:
+ * @process: A #PolkitUnixProcess.
+ * @pid: A process id.
+@@ -323,18 +342,17 @@ polkit_unix_process_set_pid (PolkitUnixProcess *process,
+ {
+ g_return_if_fail (POLKIT_IS_UNIX_PROCESS (process));
+ process->pid = pid;
+- if (pid != (gint) -1)
+- process->start_time = get_start_time_for_pid (pid, NULL);
+ }
+
+ /**
+ * polkit_unix_process_new:
+ * @pid: The process id.
+ *
+- * Creates a new #PolkitUnixProcess for @pid. The start time of the
+- * process will be looked up in using e.g. the
+- * <filename>/proc</filename> filesystem depending on the platform in
+- * use.
++ * Creates a new #PolkitUnixProcess for @pid.
++ *
++ * The uid and start time of the process will be looked up in using
++ * e.g. the <filename>/proc</filename> filesystem depending on the
++ * platform in use.
+ *
+ * Returns: (transfer full): A #PolkitSubject. Free with g_object_unref().
+ */
+@@ -353,22 +371,42 @@ polkit_unix_process_new (gint pid)
+ *
+ * Creates a new #PolkitUnixProcess object for @pid and @start_time.
+ *
++ * The uid of the process will be looked up in using e.g. the
++ * <filename>/proc</filename> filesystem depending on the platform in
++ * use.
++ *
+ * Returns: (transfer full): A #PolkitSubject. Free with g_object_unref().
+ */
+ PolkitSubject *
+ polkit_unix_process_new_full (gint pid,
+ guint64 start_time)
+ {
+- PolkitUnixProcess *process;
+-
+- process = POLKIT_UNIX_PROCESS (polkit_unix_process_new ((gint) -1));
+- process->pid = pid;
+- if (start_time != 0)
+- process->start_time = start_time;
+- else
+- process->start_time = get_start_time_for_pid (pid, NULL);
++ return POLKIT_SUBJECT (g_object_new (POLKIT_TYPE_UNIX_PROCESS,
++ "pid", pid,
++ "start_time", start_time,
++ NULL));
++}
+
+- return POLKIT_SUBJECT (process);
++/**
++ * polkit_unix_process_new_for_owner:
++ * @pid: The process id.
++ * @start_time: The start time for @pid or 0 to look it up in e.g. <filename>/proc</filename>.
++ * @uid: The (real, not effective) uid of the owner of @pid or -1 to look it up in e.g. <filename>/proc</filename>.
++ *
++ * Creates a new #PolkitUnixProcess object for @pid, @start_time and @uid.
++ *
++ * Returns: (transfer full): A #PolkitSubject. Free with g_object_unref().
++ */
++PolkitSubject *
++polkit_unix_process_new_for_owner (gint pid,
++ guint64 start_time,
++ gint uid)
++{
++ return POLKIT_SUBJECT (g_object_new (POLKIT_TYPE_UNIX_PROCESS,
++ "pid", pid,
++ "start_time", start_time,
++ "uid", uid,
++ NULL));
+ }
+
+ static guint
+@@ -616,3 +654,95 @@ out:
+
+ return start_time;
+ }
++
++static gint
++_polkit_unix_process_get_owner (PolkitUnixProcess *process,
++ GError **error)
++{
++ gint result;
++ gchar *contents;
++ gchar **lines;
++#ifdef HAVE_FREEBSD
++ struct kinfo_proc p;
++#else
++ gchar filename[64];
++ guint n;
++#endif
++
++ g_return_val_if_fail (POLKIT_IS_UNIX_PROCESS (process), 0);
++ g_return_val_if_fail (error == NULL || *error == NULL, 0);
++
++ result = 0;
++ lines = NULL;
++ contents = NULL;
++
++#ifdef HAVE_FREEBSD
++ if (get_kinfo_proc (process->pid, &p) == 0)
++ {
++ g_set_error (error,
++ POLKIT_ERROR,
++ POLKIT_ERROR_FAILED,
++ "get_kinfo_proc() failed for pid %d: %s",
++ process->pid,
++ g_strerror (errno));
++ goto out;
++ }
++
++ result = p.ki_uid;
++#else
++
++ /* see 'man proc' for layout of the status file
++ *
++ * Uid, Gid: Real, effective, saved set, and file system UIDs (GIDs).
++ */
++ g_snprintf (filename, sizeof filename, "/proc/%d/status", process->pid);
++ if (!g_file_get_contents (filename,
++ &contents,
++ NULL,
++ error))
++ {
++ goto out;
++ }
++ lines = g_strsplit (contents, "\n", -1);
++ for (n = 0; lines != NULL && lines[n] != NULL; n++)
++ {
++ gint real_uid, effective_uid;
++ if (!g_str_has_prefix (lines[n], "Uid:"))
++ continue;
++ if (sscanf (lines[n] + 4, "%d %d", &real_uid, &effective_uid) != 2)
++ {
++ g_set_error (error,
++ POLKIT_ERROR,
++ POLKIT_ERROR_FAILED,
++ "Unexpected line `%s' in file %s",
++ lines[n],
++ filename);
++ goto out;
++ }
++ else
++ {
++ result = real_uid;
++ goto out;
++ }
++ }
++
++ g_set_error (error,
++ POLKIT_ERROR,
++ POLKIT_ERROR_FAILED,
++ "Didn't find any line starting with `Uid:' in file %s",
++ filename);
++#endif
++
++out:
++ g_strfreev (lines);
++ g_free (contents);
++ return result;
++}
++
++/* deprecated public method */
++gint
++polkit_unix_process_get_owner (PolkitUnixProcess *process,
++ GError **error)
++{
++ return _polkit_unix_process_get_owner (process, error);
++}
+diff --git a/src/polkit/polkitunixprocess.h b/src/polkit/polkitunixprocess.h
+index b88cd03..531a57d 100644
+--- a/src/polkit/polkitunixprocess.h
++++ b/src/polkit/polkitunixprocess.h
+@@ -47,16 +47,24 @@ typedef struct _PolkitUnixProcess PolkitUnixProcess;
+ typedef struct _PolkitUnixProcessClass PolkitUnixProcessClass;
+
+ GType polkit_unix_process_get_type (void) G_GNUC_CONST;
+-PolkitSubject *polkit_unix_process_new (gint pid);
+-PolkitSubject *polkit_unix_process_new_full (gint pid,
+- guint64 start_time);
+-
++PolkitSubject *polkit_unix_process_new (gint pid);
++PolkitSubject *polkit_unix_process_new_full (gint pid,
++ guint64 start_time);
++PolkitSubject *polkit_unix_process_new_for_owner (gint pid,
++ guint64 start_time,
++ gint uid);
+ gint polkit_unix_process_get_pid (PolkitUnixProcess *process);
+ guint64 polkit_unix_process_get_start_time (PolkitUnixProcess *process);
++gint polkit_unix_process_get_uid (PolkitUnixProcess *process);
+ void polkit_unix_process_set_pid (PolkitUnixProcess *process,
+ gint pid);
++void polkit_unix_process_set_uid (PolkitUnixProcess *process,
++ gint uid);
++void polkit_unix_process_set_start_time (PolkitUnixProcess *process,
++ guint64 start_time);
++
+ gint polkit_unix_process_get_owner (PolkitUnixProcess *process,
+- GError **error);
++ GError **error) G_GNUC_DEPRECATED_FOR (polkit_unix_process_get_uid);
+
+ G_END_DECLS
+
+--
+1.7.4.4
+
diff --git a/source/l/polkit/CVE-2011-1485/0003-Use-polkit_unix_process_get_uid-to-get-the-owner-of-.patch b/source/l/polkit/CVE-2011-1485/0003-Use-polkit_unix_process_get_uid-to-get-the-owner-of-.patch
new file mode 100644
index 000000000..90d9352e3
--- /dev/null
+++ b/source/l/polkit/CVE-2011-1485/0003-Use-polkit_unix_process_get_uid-to-get-the-owner-of-.patch
@@ -0,0 +1,41 @@
+From c23d74447c7615dc74dae259f0fc3688ec988867 Mon Sep 17 00:00:00 2001
+From: David Zeuthen <davidz@redhat.com>
+Date: Fri, 1 Apr 2011 12:12:27 -0400
+Subject: [PATCH 3/4] Use polkit_unix_process_get_uid() to get the owner of a
+ process
+
+This avoids a TOCTTOU problem.
+
+Signed-off-by: David Zeuthen <davidz@redhat.com>
+---
+ src/polkitbackend/polkitbackendsessionmonitor.c | 11 ++++++-----
+ 1 files changed, 6 insertions(+), 5 deletions(-)
+
+diff --git a/src/polkitbackend/polkitbackendsessionmonitor.c b/src/polkitbackend/polkitbackendsessionmonitor.c
+index 495f752..9c331b6 100644
+--- a/src/polkitbackend/polkitbackendsessionmonitor.c
++++ b/src/polkitbackend/polkitbackendsessionmonitor.c
+@@ -293,14 +293,15 @@ polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor
+
+ if (POLKIT_IS_UNIX_PROCESS (subject))
+ {
+- local_error = NULL;
+- uid = polkit_unix_process_get_owner (POLKIT_UNIX_PROCESS (subject), &local_error);
+- if (local_error != NULL)
++ uid = polkit_unix_process_get_uid (POLKIT_UNIX_PROCESS (subject));
++ if ((gint) uid == -1)
+ {
+- g_propagate_prefixed_error (error, local_error, "Error getting user for process: ");
++ g_set_error (error,
++ POLKIT_ERROR,
++ POLKIT_ERROR_FAILED,
++ "Unix process subject does not have uid set");
+ goto out;
+ }
+-
+ ret = polkit_unix_user_new (uid);
+ }
+ else if (POLKIT_IS_SYSTEM_BUS_NAME (subject))
+--
+1.7.4.4
+
diff --git a/source/l/polkit/CVE-2011-1485/0004-pkexec-Avoid-TOCTTOU-problems-with-parent-process.patch b/source/l/polkit/CVE-2011-1485/0004-pkexec-Avoid-TOCTTOU-problems-with-parent-process.patch
new file mode 100644
index 000000000..8572f732d
--- /dev/null
+++ b/source/l/polkit/CVE-2011-1485/0004-pkexec-Avoid-TOCTTOU-problems-with-parent-process.patch
@@ -0,0 +1,127 @@
+From 3b12cfac29dddd27f1f166a7574d8374cc1dccf2 Mon Sep 17 00:00:00 2001
+From: David Zeuthen <davidz@redhat.com>
+Date: Fri, 1 Apr 2011 12:13:15 -0400
+Subject: [PATCH 4/4] pkexec: Avoid TOCTTOU problems with parent process
+
+In a nutshell, the parent process may change its uid (either real- or
+effective uid) after launching pkexec. It can do this by exec()'ing
+e.g. a setuid root program.
+
+To avoid this problem, just use the uid the parent process had when it
+executed pkexec. This happens to be the same uid of the pkexec process
+itself.
+
+Additionally, remove some dubious code that allowed pkexec to continue
+when the parent process died as there is no reason to support
+something like that. Also ensure that the pkexec process is killed if
+the parent process dies.
+
+This problem was pointed out by Neel Mehta <nmehta@google.com>.
+
+Signed-off-by: David Zeuthen <davidz@redhat.com>
+---
+ src/programs/pkexec.c | 66 +++++++++++++++++++++++++++++--------------------
+ 1 files changed, 39 insertions(+), 27 deletions(-)
+
+diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c
+index 9217954..3e656be 100644
+--- a/src/programs/pkexec.c
++++ b/src/programs/pkexec.c
+@@ -35,6 +35,10 @@
+ #include <pwd.h>
+ #include <errno.h>
+
++#ifdef __linux__
++#include <sys/prctl.h>
++#endif
++
+ #include <glib/gi18n.h>
+
+ #ifdef POLKIT_AUTHFW_PAM
+@@ -423,7 +427,6 @@ main (int argc, char *argv[])
+ GPtrArray *saved_env;
+ gchar *opt_user;
+ pid_t pid_of_caller;
+- uid_t uid_of_caller;
+ gpointer local_agent_handle;
+
+ ret = 127;
+@@ -598,40 +601,49 @@ main (int argc, char *argv[])
+ */
+ g_type_init ();
+
+- /* now check if the program that invoked us is authorized */
++ /* make sure we are nuked if the parent process dies */
++#ifdef __linux__
++ if (prctl (PR_SET_PDEATHSIG, SIGTERM) != 0)
++ {
++ g_printerr ("prctl(PR_SET_PDEATHSIG, SIGTERM) failed: %s\n", g_strerror (errno));
++ goto out;
++ }
++#else
++#warning "Please add OS specific code to catch when the parent dies"
++#endif
++
++ /* Figure out the parent process */
+ pid_of_caller = getppid ();
+ if (pid_of_caller == 1)
+ {
+ /* getppid() can return 1 if the parent died (meaning that we are reaped
+- * by /sbin/init); get process group leader instead - for example, this
+- * happens when launching via gnome-panel (alt+f2, then 'pkexec gedit').
++ * by /sbin/init); In that case we simpy bail.
+ */
+- pid_of_caller = getpgrp ();
+- }
+-
+- subject = polkit_unix_process_new (pid_of_caller);
+- if (subject == NULL)
+- {
+- g_printerr ("No such process for pid %d: %s\n", (gint) pid_of_caller, error->message);
+- g_error_free (error);
++ g_printerr ("Refusing to render service to dead parents.\n");
+ goto out;
+ }
+
+- /* paranoia: check that the uid of pid_of_caller matches getuid() */
+- error = NULL;
+- uid_of_caller = polkit_unix_process_get_owner (POLKIT_UNIX_PROCESS (subject),
+- &error);
+- if (error != NULL)
+- {
+- g_printerr ("Error determing pid of caller (pid %d): %s\n", (gint) pid_of_caller, error->message);
+- g_error_free (error);
+- goto out;
+- }
+- if (uid_of_caller != getuid ())
+- {
+- g_printerr ("User of caller (%d) does not match our uid (%d)\n", uid_of_caller, getuid ());
+- goto out;
+- }
++ /* This process we want to check an authorization for is the process
++ * that launched us - our parent process.
++ *
++ * At the time the parent process fork()'ed and exec()'ed us, the
++ * process had the same real-uid that we have now. So we use this
++ * real-uid instead of of looking it up to avoid TOCTTOU issues
++ * (consider the parent process exec()'ing a setuid helper).
++ *
++ * On the other hand, the monotonic process start-time is guaranteed
++ * to never change so it's safe to look that up given only the PID
++ * since we are guaranteed to be nuked if the parent goes away
++ * (cf. the prctl(2) call above).
++ */
++ subject = polkit_unix_process_new_for_owner (pid_of_caller,
++ 0, /* 0 means "look up start-time in /proc" */
++ getuid ());
++ /* really double-check the invariants guaranteed by the PolkitUnixProcess class */
++ g_assert (subject != NULL);
++ g_assert (polkit_unix_process_get_pid (POLKIT_UNIX_PROCESS (subject)) == pid_of_caller);
++ g_assert (polkit_unix_process_get_uid (POLKIT_UNIX_PROCESS (subject)) >= 0);
++ g_assert (polkit_unix_process_get_start_time (POLKIT_UNIX_PROCESS (subject)) > 0);
+
+ error = NULL;
+ authority = polkit_authority_get_sync (NULL /* GCancellable* */, &error);
+--
+1.7.4.4
+
diff --git a/source/l/polkit/polkit-1-shadow.diff b/source/l/polkit/polkit-1-shadow.diff
deleted file mode 100644
index 56e24277d..000000000
--- a/source/l/polkit/polkit-1-shadow.diff
+++ /dev/null
@@ -1,1030 +0,0 @@
-diff --git a/src/polkitagent/Makefile.am b/src/polkitagent/Makefile.am
-index 3f38329..e114d01 100644
---- a/src/polkitagent/Makefile.am
-+++ b/src/polkitagent/Makefile.am
-@@ -68,8 +68,15 @@ libpolkit_agent_1_la_LDFLAGS = -export-symbols-regex '(^polkit_.*)'
- libexec_PROGRAMS = polkit-agent-helper-1
-
- polkit_agent_helper_1_SOURCES = \
-- polkitagenthelper.c \
-- $(NULL)
-+ polkitagenthelperprivate.c polkitagenthelperprivate.h
-+
-+if POLKIT_AUTHFW_PAM
-+polkit_agent_helper_1_SOURCES += polkitagenthelper-pam.c
-+endif
-+if POLKIT_AUTHFW_SHADOW
-+polkit_agent_helper_1_SOURCES += polkitagenthelper-shadow.c
-+endif
-+polkit_agent_helper_1_SOURCES += $(NULL)
-
- polkit_agent_helper_1_CFLAGS = \
- -D_POLKIT_COMPILATION \
-diff --git a/src/polkitagent/polkitagenthelper-pam.c b/src/polkitagent/polkitagenthelper-pam.c
-new file mode 100644
-index 0000000..4c6c6fb
---- /dev/null
-+++ b/src/polkitagent/polkitagenthelper-pam.c
-@@ -0,0 +1,264 @@
-+/*
-+ * Copyright (C) 2008, 2010 Red Hat, Inc.
-+ *
-+ * This library is free software; you can redistribute it and/or
-+ * modify it under the terms of the GNU Lesser General Public
-+ * License as published by the Free Software Foundation; either
-+ * version 2 of the License, or (at your option) any later version.
-+ *
-+ * This library is distributed in the hope that it will be useful,
-+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
-+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-+ * Lesser General Public License for more details.
-+ *
-+ * You should have received a copy of the GNU Lesser General
-+ * Public License along with this library; if not, write to the
-+ * Free Software Foundation, Inc., 59 Temple Place, Suite 330,
-+ * Boston, MA 02111-1307, USA.
-+ *
-+ * Author: David Zeuthen <davidz@redhat.com>
-+ */
-+
-+#include "config.h"
-+#include <stdio.h>
-+#include <stdlib.h>
-+#include <string.h>
-+#include <unistd.h>
-+#include <sys/types.h>
-+#include <sys/stat.h>
-+#include <syslog.h>
-+#include <security/pam_appl.h>
-+
-+#include <polkit/polkit.h>
-+#include "polkitagenthelperprivate.h"
-+
-+static int conversation_function (int n, const struct pam_message **msg, struct pam_response **resp, void *data);
-+
-+int
-+main (int argc, char *argv[])
-+{
-+ int rc;
-+ const char *user_to_auth;
-+ const char *cookie;
-+ struct pam_conv pam_conversation;
-+ pam_handle_t *pam_h;
-+ const void *authed_user;
-+
-+ rc = 0;
-+ pam_h = NULL;
-+
-+ /* clear the entire environment to avoid attacks using with libraries honoring environment variables */
-+ if (clearenv () != 0)
-+ goto error;
-+
-+ /* set a minimal environment */
-+ setenv ("PATH", "/usr/sbin:/usr/bin:/sbin:/bin", 1);
-+
-+ /* check that we are setuid root */
-+ if (geteuid () != 0)
-+ {
-+ fprintf (stderr, "polkit-agent-helper-1: needs to be setuid root\n");
-+ goto error;
-+ }
-+
-+ openlog ("polkit-agent-helper-1", LOG_CONS | LOG_PID, LOG_AUTHPRIV);
-+
-+ /* check for correct invocation */
-+ if (argc != 3)
-+ {
-+ syslog (LOG_NOTICE, "inappropriate use of helper, wrong number of arguments [uid=%d]", getuid ());
-+ fprintf (stderr, "polkit-agent-helper-1: wrong number of arguments. This incident has been logged.\n");
-+ goto error;
-+ }
-+
-+ user_to_auth = argv[1];
-+ cookie = argv[2];
-+
-+ if (getuid () != 0)
-+ {
-+ /* check we're running with a non-tty stdin */
-+ if (isatty (STDIN_FILENO) != 0)
-+ {
-+ syslog (LOG_NOTICE, "inappropriate use of helper, stdin is a tty [uid=%d]", getuid ());
-+ fprintf (stderr, "polkit-agent-helper-1: inappropriate use of helper, stdin is a tty. This incident has been logged.\n");
-+ goto error;
-+ }
-+ }
-+
-+#ifdef PAH_DEBUG
-+ fprintf (stderr, "polkit-agent-helper-1: user to auth is '%s'.\n", user_to_auth);
-+#endif /* PAH_DEBUG */
-+
-+ pam_conversation.conv = conversation_function;
-+ pam_conversation.appdata_ptr = NULL;
-+
-+ /* start the pam stack */
-+ rc = pam_start ("polkit-1",
-+ user_to_auth,
-+ &pam_conversation,
-+ &pam_h);
-+ if (rc != PAM_SUCCESS)
-+ {
-+ fprintf (stderr, "polkit-agent-helper-1: pam_start failed: %s\n", pam_strerror (pam_h, rc));
-+ goto error;
-+ }
-+
-+ /* set the requesting user */
-+ rc = pam_set_item (pam_h, PAM_RUSER, user_to_auth);
-+ if (rc != PAM_SUCCESS)
-+ {
-+ fprintf (stderr, "polkit-agent-helper-1: pam_set_item failed: %s\n", pam_strerror (pam_h, rc));
-+ goto error;
-+ }
-+
-+ /* is user really user? */
-+ rc = pam_authenticate (pam_h, 0);
-+ if (rc != PAM_SUCCESS)
-+ {
-+ fprintf (stderr, "polkit-agent-helper-1: pam_authenticated failed: %s\n", pam_strerror (pam_h, rc));
-+ goto error;
-+ }
-+
-+ /* permitted access? */
-+ rc = pam_acct_mgmt (pam_h, 0);
-+ if (rc != PAM_SUCCESS)
-+ {
-+ fprintf (stderr, "polkit-agent-helper-1: pam_acct_mgmt failed: %s\n", pam_strerror (pam_h, rc));
-+ goto error;
-+ }
-+
-+ /* did we auth the right user? */
-+ rc = pam_get_item (pam_h, PAM_USER, &authed_user);
-+ if (rc != PAM_SUCCESS)
-+ {
-+ fprintf (stderr, "polkit-agent-helper-1: pam_get_item failed: %s\n", pam_strerror (pam_h, rc));
-+ goto error;
-+ }
-+
-+ if (strcmp (authed_user, user_to_auth) != 0)
-+ {
-+ fprintf (stderr, "polkit-agent-helper-1: Tried to auth user '%s' but we got auth for user '%s' instead",
-+ user_to_auth, (const char *) authed_user);
-+ goto error;
-+ }
-+
-+#ifdef PAH_DEBUG
-+ fprintf (stderr, "polkit-agent-helper-1: successfully authenticated user '%s'.\n", user_to_auth);
-+#endif /* PAH_DEBUG */
-+
-+ pam_end (pam_h, rc);
-+ pam_h = NULL;
-+
-+#ifdef PAH_DEBUG
-+ fprintf (stderr, "polkit-agent-helper-1: sending D-Bus message to PolicyKit daemon\n");
-+#endif /* PAH_DEBUG */
-+
-+ /* now send a D-Bus message to the PolicyKit daemon that
-+ * includes a) the cookie; and b) the user we authenticated
-+ */
-+ if (!send_dbus_message (cookie, user_to_auth))
-+ {
-+#ifdef PAH_DEBUG
-+ fprintf (stderr, "polkit-agent-helper-1: error sending D-Bus message to PolicyKit daemon\n");
-+#endif /* PAH_DEBUG */
-+ goto error;
-+ }
-+
-+#ifdef PAH_DEBUG
-+ fprintf (stderr, "polkit-agent-helper-1: successfully sent D-Bus message to PolicyKit daemon\n");
-+#endif /* PAH_DEBUG */
-+
-+ fprintf (stdout, "SUCCESS\n");
-+ flush_and_wait();
-+ return 0;
-+
-+error:
-+ if (pam_h != NULL)
-+ pam_end (pam_h, rc);
-+
-+ fprintf (stdout, "FAILURE\n");
-+ flush_and_wait();
-+ return 1;
-+}
-+
-+static int
-+conversation_function (int n, const struct pam_message **msg, struct pam_response **resp, void *data)
-+{
-+ struct pam_response *aresp;
-+ char buf[PAM_MAX_RESP_SIZE];
-+ int i;
-+
-+ data = data;
-+ if (n <= 0 || n > PAM_MAX_NUM_MSG)
-+ return PAM_CONV_ERR;
-+
-+ if ((aresp = calloc(n, sizeof *aresp)) == NULL)
-+ return PAM_BUF_ERR;
-+
-+ for (i = 0; i < n; ++i)
-+ {
-+ aresp[i].resp_retcode = 0;
-+ aresp[i].resp = NULL;
-+ switch (msg[i]->msg_style)
-+ {
-+
-+ case PAM_PROMPT_ECHO_OFF:
-+ fprintf (stdout, "PAM_PROMPT_ECHO_OFF ");
-+ goto conv1;
-+
-+ case PAM_PROMPT_ECHO_ON:
-+ fprintf (stdout, "PAM_PROMPT_ECHO_ON ");
-+ conv1:
-+ fputs (msg[i]->msg, stdout);
-+ if (strlen (msg[i]->msg) > 0 && msg[i]->msg[strlen (msg[i]->msg) - 1] != '\n')
-+ fputc ('\n', stdout);
-+ fflush (stdout);
-+
-+ if (fgets (buf, sizeof buf, stdin) == NULL)
-+ goto error;
-+
-+ if (strlen (buf) > 0 &&
-+ buf[strlen (buf) - 1] == '\n')
-+ buf[strlen (buf) - 1] = '\0';
-+
-+ aresp[i].resp = strdup (buf);
-+ if (aresp[i].resp == NULL)
-+ goto error;
-+ break;
-+
-+ case PAM_ERROR_MSG:
-+ fprintf (stdout, "PAM_ERROR_MSG ");
-+ goto conv2;
-+
-+ case PAM_TEXT_INFO:
-+ fprintf (stdout, "PAM_TEXT_INFO ");
-+ conv2:
-+ fputs (msg[i]->msg, stdout);
-+ if (strlen (msg[i]->msg) > 0 &&
-+ msg[i]->msg[strlen (msg[i]->msg) - 1] != '\n')
-+ fputc ('\n', stdout);
-+ fflush (stdout);
-+ break;
-+
-+ default:
-+ goto error;
-+ }
-+ }
-+
-+ *resp = aresp;
-+ return PAM_SUCCESS;
-+
-+error:
-+
-+ for (i = 0; i < n; ++i)
-+ {
-+ if (aresp[i].resp != NULL) {
-+ memset (aresp[i].resp, 0, strlen(aresp[i].resp));
-+ free (aresp[i].resp);
-+ }
-+ }
-+ memset (aresp, 0, n * sizeof *aresp);
-+ *resp = NULL;
-+ return PAM_CONV_ERR;
-+}
-+
-diff --git a/src/polkitagent/polkitagenthelper-shadow.c b/src/polkitagent/polkitagenthelper-shadow.c
-new file mode 100644
-index 0000000..7435533
---- /dev/null
-+++ b/src/polkitagent/polkitagenthelper-shadow.c
-@@ -0,0 +1,189 @@
-+/*
-+ * Copyright (C) 2008 Red Hat, Inc.
-+ * Copyright (C) 2009-2010 Andrew Psaltis <ampsaltis@gmail.com>
-+ *
-+ * This library is free software; you can redistribute it and/or
-+ * modify it under the terms of the GNU Lesser General Public
-+ * License as published by the Free Software Foundation; either
-+ * version 2 of the License, or (at your option) any later version.
-+ *
-+ * This library is distributed in the hope that it will be useful,
-+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
-+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-+ * Lesser General Public License for more details.
-+ *
-+ * You should have received a copy of the GNU Lesser General
-+ * Public License along with this library; if not, write to the
-+ * Free Software Foundation, Inc., 59 Temple Place, Suite 330,
-+ * Boston, MA 02111-1307, USA.
-+ *
-+ * Authors: Andrew Psaltis <ampsaltis@gmail.com>, based on
-+ * polkitagenthelper.c which was written by
-+ * David Zeuthen <davidz@redhat.com>
-+ */
-+
-+#include "config.h"
-+#include <stdio.h>
-+#include <stdlib.h>
-+#include <string.h>
-+#include <unistd.h>
-+#include <sys/types.h>
-+#include <sys/stat.h>
-+#include <syslog.h>
-+#include <shadow.h>
-+#include <grp.h>
-+#include <pwd.h>
-+#include <time.h>
-+
-+#include <polkit/polkit.h>
-+#include "polkitagenthelperprivate.h"
-+
-+
-+extern char *crypt ();
-+static int shadow_authenticate (struct spwd *shadow);
-+
-+int
-+main (int argc, char *argv[])
-+{
-+ struct spwd *shadow;
-+ const char *user_to_auth;
-+ const char *cookie;
-+ time_t tm;
-+
-+ /* clear the entire environment to avoid attacks with
-+ libraries honoring environment variables */
-+ if (clearenv () != 0)
-+ goto error;
-+
-+ /* set a minimal environment */
-+ setenv ("PATH", "/usr/sbin:/usr/bin:/sbin:/bin", 1);
-+
-+ /* check that we are setuid root */
-+ if (geteuid () != 0)
-+ {
-+ fprintf (stderr, "polkit-agent-helper-1: needs to be setuid root\n");
-+ goto error;
-+ }
-+
-+ openlog ("polkit-agent-helper-1", LOG_CONS | LOG_PID, LOG_AUTHPRIV);
-+
-+ /* check for correct invocation */
-+ if (argc != 3)
-+ {
-+ syslog (LOG_NOTICE, "inappropriate use of helper, wrong number of arguments [uid=%d]", getuid ());
-+ fprintf (stderr, "polkit-agent-helper-1: wrong number of arguments. This incident has been logged.\n");
-+ goto error;
-+ }
-+
-+ if (getuid () != 0)
-+ {
-+ /* check we're running with a non-tty stdin */
-+ if (isatty (STDIN_FILENO) != 0)
-+ {
-+ syslog (LOG_NOTICE, "inappropriate use of helper, stdin is a tty [uid=%d]", getuid ());
-+ fprintf (stderr, "polkit-agent-helper-1: inappropriate use of helper, stdin is a tty. This incident has been logged.\n");
-+ goto error;
-+ }
-+ }
-+
-+ user_to_auth = argv[1];
-+ cookie = argv[2];
-+
-+#ifdef PAH_DEBUG
-+ fprintf (stderr, "polkit-agent-helper-1: user to auth is '%s'.\n", user_to_auth);
-+#endif /* PAH_DEBUG */
-+
-+ /* Ask shadow about the user requesting authentication */
-+ if ((shadow = getspnam (user_to_auth)) == NULL)
-+ {
-+ syslog (LOG_NOTICE, "shadow file data information request for user %s [uid=%d] failed", user_to_auth, getuid());
-+ fprintf(stderr, "polkit-agent-helper-1: could not get shadow information for%.100s", user_to_auth);
-+ goto error;
-+ }
-+
-+ /* Check the user's identity */
-+ if(!shadow_authenticate (shadow))
-+ {
-+ syslog (LOG_NOTICE, "authentication failure [uid=%d] trying to authenticate '%s'", getuid (), user_to_auth);
-+ fprintf (stderr, "polkit-agent-helper-1: authentication failure. This incident has been logged.\n");
-+ goto error;
-+ }
-+
-+ /* Check whether the user's password has expired */
-+ time(&tm);
-+ if( shadow->sp_max >= 0 && (shadow->sp_lstchg + shadow->sp_max) * 60 * 60 * 24 <= tm)
-+ {
-+ syslog (LOG_NOTICE, "password expired for user '%s' [uid=%d] trying to authenticate", user_to_auth, getuid () );
-+ fprintf (stderr, "polkit-agent-helper-1: authorization failure. This incident has been logged.\n");
-+ goto error;
-+ }
-+
-+ /* Check whether the user's password has aged (and account expired along
-+ * with it)
-+ */
-+ if( shadow->sp_inact >= 0 && (shadow->sp_lstchg + shadow->sp_max + shadow->sp_inact) * 60 * 60 * 24 <= tm)
-+ {
-+ syslog (LOG_NOTICE, "password aged for user '%s' [uid=%d] trying to authenticate", user_to_auth, getuid () );
-+ fprintf (stderr, "polkit-agent-helper-1: authorization failure. This incident has been logged.\n");
-+ goto error;
-+ }
-+
-+ /* Check whether the user's account has expired */
-+ if(shadow->sp_expire >= 0 && shadow->sp_expire * 60 * 60 * 24 <= tm)
-+ {
-+ syslog (LOG_NOTICE, "account expired for user '%s' [uid=%d] trying to authenticate", user_to_auth, getuid () );
-+ fprintf (stderr, "polkit-agent-helper-1: authorization failure. This incident has been logged.\n");
-+ goto error;
-+ }
-+
-+#ifdef PAH_DEBUG
-+ fprintf (stderr, "polkit-agent-helper-1: sending D-Bus message to PolicyKit daemon\n");
-+#endif /* PAH_DEBUG */
-+
-+ /* now send a D-Bus message to the PolicyKit daemon that
-+ * includes a) the cookie; and b) the user we authenticated
-+ */
-+ if (!send_dbus_message (cookie, user_to_auth))
-+ {
-+#ifdef PAH_DEBUG
-+ fprintf (stderr, "polkit-agent-helper-1: error sending D-Bus message to PolicyKit daemon\n");
-+#endif /* PAH_DEBUG */
-+ goto error;
-+ }
-+
-+#ifdef PAH_DEBUG
-+ fprintf (stderr, "polkit-agent-helper-1: successfully sent D-Bus message to PolicyKit daemon\n");
-+#endif /* PAH_DEBUG */
-+
-+ fprintf (stdout, "SUCCESS\n");
-+ flush_and_wait();
-+ return 0;
-+
-+error:
-+ fprintf (stdout, "FAILURE\n");
-+ flush_and_wait();
-+ return 1;
-+}
-+
-+static int
-+shadow_authenticate(struct spwd *shadow)
-+{
-+ /* Speak PAM to the daemon, thanks to David Zeuthen for the idea. */
-+ char passwd[512];
-+ fprintf(stdout, "PAM_PROMPT_ECHO_OFF password:\n");
-+ fflush(stdout);
-+ usleep (10 * 1000); /* since fflush(3) seems buggy */
-+
-+ if (fgets (passwd, sizeof (passwd), stdin) == NULL)
-+ goto error;
-+
-+ if (strlen (passwd) > 0 && passwd[strlen (passwd) - 1] == '\n')
-+ passwd[strlen (passwd) - 1] = '\0';
-+
-+ if (strcmp (shadow->sp_pwdp, crypt (passwd, shadow->sp_pwdp)) != 0)
-+ goto error;
-+ return 1;
-+error:
-+ return 0;
-+}
-+
-diff --git a/src/polkitagent/polkitagenthelper.c b/src/polkitagent/polkitagenthelper.c
-deleted file mode 100644
-index cca86db..0000000
---- a/src/polkitagent/polkitagenthelper.c
-+++ /dev/null
-@@ -1,339 +0,0 @@
--/*
-- * Copyright (C) 2008 Red Hat, Inc.
-- *
-- * This library is free software; you can redistribute it and/or
-- * modify it under the terms of the GNU Lesser General Public
-- * License as published by the Free Software Foundation; either
-- * version 2 of the License, or (at your option) any later version.
-- *
-- * This library is distributed in the hope that it will be useful,
-- * but WITHOUT ANY WARRANTY; without even the implied warranty of
-- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-- * Lesser General Public License for more details.
-- *
-- * You should have received a copy of the GNU Lesser General
-- * Public License along with this library; if not, write to the
-- * Free Software Foundation, Inc., 59 Temple Place, Suite 330,
-- * Boston, MA 02111-1307, USA.
-- *
-- * Author: David Zeuthen <davidz@redhat.com>
-- */
--
--#include "config.h"
--#include <stdio.h>
--#include <stdlib.h>
--#include <string.h>
--#include <unistd.h>
--#include <sys/types.h>
--#include <sys/stat.h>
--#include <syslog.h>
--#include <security/pam_appl.h>
--
--#include <polkit/polkit.h>
--
--#ifdef HAVE_SOLARIS
--# define LOG_AUTHPRIV (10<<3)
--#endif
--
--#ifndef HAVE_CLEARENV
--extern char **environ;
--
--static int
--clearenv (void)
--{
-- if (environ != NULL)
-- environ[0] = NULL;
-- return 0;
--}
--#endif
--
--/* Development aid: define PAH_DEBUG to get debugging output. Do _NOT_
-- * enable this in production builds; it may leak passwords and other
-- * sensitive information.
-- */
--#undef PAH_DEBUG
--// #define PAH_DEBUG
--
--static gboolean send_dbus_message (const char *cookie, const char *user);
--
--static int conversation_function (int n, const struct pam_message **msg, struct pam_response **resp, void *data);
--
--int
--main (int argc, char *argv[])
--{
-- int rc;
-- const char *user_to_auth;
-- const char *cookie;
-- struct pam_conv pam_conversation;
-- pam_handle_t *pam_h;
-- const void *authed_user;
--
-- rc = 0;
-- pam_h = NULL;
--
-- /* clear the entire environment to avoid attacks using with libraries honoring environment variables */
-- if (clearenv () != 0)
-- goto error;
--
-- /* set a minimal environment */
-- setenv ("PATH", "/usr/sbin:/usr/bin:/sbin:/bin", 1);
--
-- /* check that we are setuid root */
-- if (geteuid () != 0)
-- {
-- fprintf (stderr, "polkit-agent-helper-1: needs to be setuid root\n");
-- goto error;
-- }
--
-- openlog ("polkit-agent-helper-1", LOG_CONS | LOG_PID, LOG_AUTHPRIV);
--
-- /* check for correct invocation */
-- if (argc != 3)
-- {
-- syslog (LOG_NOTICE, "inappropriate use of helper, wrong number of arguments [uid=%d]", getuid ());
-- fprintf (stderr, "polkit-agent-helper-1: wrong number of arguments. This incident has been logged.\n");
-- goto error;
-- }
--
-- user_to_auth = argv[1];
-- cookie = argv[2];
--
-- if (getuid () != 0)
-- {
-- /* check we're running with a non-tty stdin */
-- if (isatty (STDIN_FILENO) != 0)
-- {
-- syslog (LOG_NOTICE, "inappropriate use of helper, stdin is a tty [uid=%d]", getuid ());
-- fprintf (stderr, "polkit-agent-helper-1: inappropriate use of helper, stdin is a tty. This incident has been logged.\n");
-- goto error;
-- }
-- }
--
--#ifdef PAH_DEBUG
-- fprintf (stderr, "polkit-agent-helper-1: user to auth is '%s'.\n", user_to_auth);
--#endif /* PAH_DEBUG */
--
-- pam_conversation.conv = conversation_function;
-- pam_conversation.appdata_ptr = NULL;
--
-- /* start the pam stack */
-- rc = pam_start ("polkit-1",
-- user_to_auth,
-- &pam_conversation,
-- &pam_h);
-- if (rc != PAM_SUCCESS)
-- {
-- fprintf (stderr, "polkit-agent-helper-1: pam_start failed: %s\n", pam_strerror (pam_h, rc));
-- goto error;
-- }
--
-- /* set the requesting user */
-- rc = pam_set_item (pam_h, PAM_RUSER, user_to_auth);
-- if (rc != PAM_SUCCESS)
-- {
-- fprintf (stderr, "polkit-agent-helper-1: pam_set_item failed: %s\n", pam_strerror (pam_h, rc));
-- goto error;
-- }
--
-- /* is user really user? */
-- rc = pam_authenticate (pam_h, 0);
-- if (rc != PAM_SUCCESS)
-- {
-- fprintf (stderr, "polkit-agent-helper-1: pam_authenticated failed: %s\n", pam_strerror (pam_h, rc));
-- goto error;
-- }
--
-- /* permitted access? */
-- rc = pam_acct_mgmt (pam_h, 0);
-- if (rc != PAM_SUCCESS)
-- {
-- fprintf (stderr, "polkit-agent-helper-1: pam_acct_mgmt failed: %s\n", pam_strerror (pam_h, rc));
-- goto error;
-- }
--
-- /* did we auth the right user? */
-- rc = pam_get_item (pam_h, PAM_USER, &authed_user);
-- if (rc != PAM_SUCCESS)
-- {
-- fprintf (stderr, "polkit-agent-helper-1: pam_get_item failed: %s\n", pam_strerror (pam_h, rc));
-- goto error;
-- }
--
-- if (strcmp (authed_user, user_to_auth) != 0)
-- {
-- fprintf (stderr, "polkit-agent-helper-1: Tried to auth user '%s' but we got auth for user '%s' instead",
-- user_to_auth, (const char *) authed_user);
-- goto error;
-- }
--
--#ifdef PAH_DEBUG
-- fprintf (stderr, "polkit-agent-helper-1: successfully authenticated user '%s'.\n", user_to_auth);
--#endif /* PAH_DEBUG */
--
-- pam_end (pam_h, rc);
-- pam_h = NULL;
--
--#ifdef PAH_DEBUG
-- fprintf (stderr, "polkit-agent-helper-1: sending D-Bus message to PolicyKit daemon\n");
--#endif /* PAH_DEBUG */
--
-- /* now send a D-Bus message to the PolicyKit daemon that
-- * includes a) the cookie; and b) the user we authenticated
-- */
-- if (!send_dbus_message (cookie, user_to_auth))
-- {
--#ifdef PAH_DEBUG
-- fprintf (stderr, "polkit-agent-helper-1: error sending D-Bus message to PolicyKit daemon\n");
--#endif /* PAH_DEBUG */
-- goto error;
-- }
--
--#ifdef PAH_DEBUG
-- fprintf (stderr, "polkit-agent-helper-1: successfully sent D-Bus message to PolicyKit daemon\n");
--#endif /* PAH_DEBUG */
--
-- fprintf (stdout, "SUCCESS\n");
-- fflush (stdout);
-- fflush (stderr);
-- usleep (10 * 1000); /* since fflush(3) seems buggy */
-- return 0;
--
--error:
-- if (pam_h != NULL)
-- pam_end (pam_h, rc);
--
-- fprintf (stdout, "FAILURE\n");
-- fflush (stdout);
-- fflush (stderr);
-- usleep (10 * 1000); /* since fflush(3) seems buggy */
-- return 1;
--}
--
--static int
--conversation_function (int n, const struct pam_message **msg, struct pam_response **resp, void *data)
--{
-- struct pam_response *aresp;
-- char buf[PAM_MAX_RESP_SIZE];
-- int i;
--
-- data = data;
-- if (n <= 0 || n > PAM_MAX_NUM_MSG)
-- return PAM_CONV_ERR;
--
-- if ((aresp = calloc(n, sizeof *aresp)) == NULL)
-- return PAM_BUF_ERR;
--
-- for (i = 0; i < n; ++i)
-- {
-- aresp[i].resp_retcode = 0;
-- aresp[i].resp = NULL;
-- switch (msg[i]->msg_style)
-- {
--
-- case PAM_PROMPT_ECHO_OFF:
-- fprintf (stdout, "PAM_PROMPT_ECHO_OFF ");
-- goto conv1;
--
-- case PAM_PROMPT_ECHO_ON:
-- fprintf (stdout, "PAM_PROMPT_ECHO_ON ");
-- conv1:
-- fputs (msg[i]->msg, stdout);
-- if (strlen (msg[i]->msg) > 0 && msg[i]->msg[strlen (msg[i]->msg) - 1] != '\n')
-- fputc ('\n', stdout);
-- fflush (stdout);
--
-- if (fgets (buf, sizeof buf, stdin) == NULL)
-- goto error;
--
-- if (strlen (buf) > 0 &&
-- buf[strlen (buf) - 1] == '\n')
-- buf[strlen (buf) - 1] = '\0';
--
-- aresp[i].resp = strdup (buf);
-- if (aresp[i].resp == NULL)
-- goto error;
-- break;
--
-- case PAM_ERROR_MSG:
-- fprintf (stdout, "PAM_ERROR_MSG ");
-- goto conv2;
--
-- case PAM_TEXT_INFO:
-- fprintf (stdout, "PAM_TEXT_INFO ");
-- conv2:
-- fputs (msg[i]->msg, stdout);
-- if (strlen (msg[i]->msg) > 0 &&
-- msg[i]->msg[strlen (msg[i]->msg) - 1] != '\n')
-- fputc ('\n', stdout);
-- fflush (stdout);
-- break;
--
-- default:
-- goto error;
-- }
-- }
--
-- *resp = aresp;
-- return PAM_SUCCESS;
--
--error:
--
-- for (i = 0; i < n; ++i)
-- {
-- if (aresp[i].resp != NULL) {
-- memset (aresp[i].resp, 0, strlen(aresp[i].resp));
-- free (aresp[i].resp);
-- }
-- }
-- memset (aresp, 0, n * sizeof *aresp);
-- *resp = NULL;
-- return PAM_CONV_ERR;
--}
--
--static gboolean
--send_dbus_message (const char *cookie, const char *user)
--{
-- PolkitAuthority *authority;
-- PolkitIdentity *identity;
-- GError *error;
-- gboolean ret;
--
-- ret = FALSE;
--
-- error = NULL;
--
-- g_type_init ();
--
-- authority = polkit_authority_get ();
--
-- identity = polkit_unix_user_new_for_name (user, &error);
-- if (identity == NULL)
-- {
-- g_printerr ("Error constructing identity: %s\n", error->message);
-- g_error_free (error);
-- goto out;
-- }
--
-- if (!polkit_authority_authentication_agent_response_sync (authority,
-- cookie,
-- identity,
-- NULL,
-- &error))
-- {
-- g_printerr ("polkit-agent-helper-1: error response to PolicyKit daemon: %s\n", error->message);
-- g_error_free (error);
-- goto out;
-- }
--
-- ret = TRUE;
--
-- out:
--
-- if (identity != NULL)
-- g_object_unref (identity);
--
-- if (authority != NULL)
-- g_object_unref (authority);
--
-- return ret;
--}
-diff --git a/src/polkitagent/polkitagenthelperprivate.c b/src/polkitagent/polkitagenthelperprivate.c
-new file mode 100644
-index 0000000..abf5524
---- /dev/null
-+++ b/src/polkitagent/polkitagenthelperprivate.c
-@@ -0,0 +1,97 @@
-+/*
-+ * Copyright (C) 2009-2010 Red Hat, Inc.
-+ *
-+ * This library is free software; you can redistribute it and/or
-+ * modify it under the terms of the GNU Lesser General Public
-+ * License as published by the Free Software Foundation; either
-+ * version 2 of the License, or (at your option) any later version.
-+ *
-+ * This library is distributed in the hope that it will be useful,
-+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
-+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-+ * Lesser General Public License for more details.
-+ *
-+ * You should have received a copy of the GNU Lesser General
-+ * Public License along with this library; if not, write to the
-+ * Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
-+ * Boston, MA 02110-1301, USA.
-+ *
-+ * Authors: David Zeuthen <davidz@redhat.com>,
-+ * Andrew Psaltis <ampsaltis@gmail.com>
-+ */
-+
-+#include "polkitagenthelperprivate.h"
-+#include <stdio.h>
-+
-+#ifndef HAVE_CLEARENV
-+extern char **environ;
-+
-+static int
-+clearenv (void)
-+{
-+ if (environ != NULL)
-+ environ[0] = NULL;
-+ return 0;
-+}
-+#endif
-+
-+
-+gboolean
-+send_dbus_message (const char *cookie, const char *user)
-+{
-+ PolkitAuthority *authority;
-+ PolkitIdentity *identity;
-+ GError *error;
-+ gboolean ret;
-+
-+ ret = FALSE;
-+
-+ error = NULL;
-+
-+ g_type_init ();
-+
-+ authority = polkit_authority_get ();
-+
-+ identity = polkit_unix_user_new_for_name (user, &error);
-+ if (identity == NULL)
-+ {
-+ g_printerr ("Error constructing identity: %s\n", error->message);
-+ g_error_free (error);
-+ goto out;
-+ }
-+
-+ if (!polkit_authority_authentication_agent_response_sync (authority,
-+ cookie,
-+ identity,
-+ NULL,
-+ &error))
-+ {
-+ g_printerr ("polkit-agent-helper-1: error response to PolicyKit daemon: %s\n", error->message);
-+ g_error_free (error);
-+ goto out;
-+ }
-+
-+ ret = TRUE;
-+
-+ out:
-+
-+ if (identity != NULL)
-+ g_object_unref (identity);
-+
-+ if (authority != NULL)
-+ g_object_unref (authority);
-+
-+ return ret;
-+}
-+
-+/* fflush(3) stdin and stdout and wait a little bit.
-+ * This replaces the three-line commands at the bottom of
-+ * polkit-agent-helper-1's main() function.
-+ */
-+void
-+flush_and_wait ()
-+{
-+ fflush (stdout);
-+ fflush (stderr);
-+ usleep (10 * 1000); /* since fflush(3) seems buggy */
-+}
-diff --git a/src/polkitagent/polkitagenthelperprivate.h b/src/polkitagent/polkitagenthelperprivate.h
-new file mode 100644
-index 0000000..16f7ba4
---- /dev/null
-+++ b/src/polkitagent/polkitagenthelperprivate.h
-@@ -0,0 +1,42 @@
-+/*
-+ * Copyright (C) 2009-2010 Red Hat, Inc.
-+ *
-+ * This library is free software; you can redistribute it and/or
-+ * modify it under the terms of the GNU Lesser General Public
-+ * License as published by the Free Software Foundation; either
-+ * version 2 of the License, or (at your option) any later version.
-+ *
-+ * This library is distributed in the hope that it will be useful,
-+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
-+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-+ * Lesser General Public License for more details.
-+ *
-+ * You should have received a copy of the GNU Lesser General
-+ * Public License along with this library; if not, write to the
-+ * Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
-+ * Boston, MA 02110-1301, USA.
-+ *
-+ * Authors: David Zeuthen <davidz@redhat.com>,
-+ * Andrew Psaltis <ampsalits@gmail.com>
-+ */
-+#ifndef __POLKIT_AGENT_HELPER_PRIVATE_H
-+#define __POLKIT_AGENT_HELPER_PRIVATE_H
-+
-+#include <polkit/polkit.h>
-+
-+/* Development aid: define PAH_DEBUG to get debugging output. Do _NOT_
-+ * enable this in production builds; it may leak passwords and other
-+ * sensitive information.
-+ */
-+#undef PAH_DEBUG
-+// #define PAH_DEBUG
-+
-+#ifdef HAVE_SOLARIS
-+# define LOG_AUTHPRIV (10<<3)
-+#endif
-+
-+gboolean send_dbus_message (const char *cookie, const char *user);
-+
-+void flush_and_wait ();
-+
-+#endif /* __POLKIT_AGENT_HELPER_PRIVATE_H */
-diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c
-index 17c191e..3e096bf 100644
---- a/src/programs/pkexec.c
-+++ b/src/programs/pkexec.c
-@@ -34,7 +34,11 @@
- #include <grp.h>
- #include <pwd.h>
- #include <errno.h>
-+
-+#ifdef POLKIT_AUTHFW_PAM
- #include <security/pam_appl.h>
-+#endif /* POLKIT_AUTHFW_PAM */
-+
- #include <syslog.h>
- #include <stdarg.h>
-
-@@ -115,6 +119,7 @@ log_message (gint level,
-
- /* ---------------------------------------------------------------------------------------------------- */
-
-+#ifdef POLKIT_AUTHFW_PAM
- static int
- pam_conversation_function (int n,
- const struct pam_message **msg,
-@@ -167,6 +172,7 @@ out:
- pam_end (pam_h, rc);
- return ret;
- }
-+#endif /* POLKIT_AUTHFW_PAM */
-
- /* ---------------------------------------------------------------------------------------------------- */
-
-@@ -741,11 +747,13 @@ main (int argc, char *argv[])
- * TODO: The question here is whether we should clear the limits before applying them?
- * As evident above, neither su(1) (and, for that matter, nor sudo(8)) does this.
- */
-+#ifdef POLKIT_AUTHW_PAM
- if (!open_session (pw->pw_name))
- {
- goto out;
- }
--
-+#endif /* POLKIT_AUTHFW_PAM */
-+
- /* become the user */
- if (setgroups (0, NULL) != 0)
- {
diff --git a/source/l/polkit/polkit.SlackBuild b/source/l/polkit/polkit.SlackBuild
index 74193f135..7aa40f5df 100755
--- a/source/l/polkit/polkit.SlackBuild
+++ b/source/l/polkit/polkit.SlackBuild
@@ -1,8 +1,8 @@
#!/bin/sh
-# Copyright 2009 Robby Workman, Northport, Alabama, USA
+# Copyright 2009, 2011 Robby Workman, Northport, Alabama, USA
# Copyright 2010 Eric Hameleers, Eindhoven, NL
-# Copyright 2009, 2010 Patrick J. Volkerding, Sebeka, MN, USA
+# Copyright 2009, 2010, 2011 Patrick J. Volkerding, Sebeka, MN, USA
# All rights reserved.
# Redistribution and use of this script, with or without modification, is
@@ -24,9 +24,8 @@
PKGNAM=polkit
-VERSION=${VERSION:-1_14bdfd8}
-BUILD=${BUILD:-1}
-NUMJOBS=${NUMJOBS:--j6}
+VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z* | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
+BUILD=${BUILD:-2}
# Automatically determine the architecture we're building on:
if [ -z "$ARCH" ]; then
@@ -38,6 +37,8 @@ if [ -z "$ARCH" ]; then
esac
fi
+NUMJOBS=${NUMJOBS:--j6}
+
CWD=$(pwd)
TMP=${TMP:-/tmp}
PKG=$TMP/package-$PKGNAM
@@ -60,12 +61,9 @@ rm -rf $PKG
mkdir -p $TMP $PKG
cd $TMP
rm -rf $PKGNAM-$VERSION
-tar xvf $CWD/$PKGNAM-$VERSION.tar.bz2 || exit 1
+tar xvf $CWD/$PKGNAM-$VERSION.tar.?z* || exit 1
cd $PKGNAM-$VERSION || exit 1
-# Apply the patch that makes --with-authfw=shadow work
-cat $CWD/polkit-1-shadow.diff | patch -p1 --verbose || exit 1
-
# Make sure ownerships and permissions are sane:
chown -R root:root .
find . \
@@ -74,27 +72,29 @@ find . \
\( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \
-exec chmod 644 {} \;
-# Configure:
-# Using polkit-user=hald for now for easier transition; I don't think the
-# separate user account is actually required any more, but I could be wrong
+# https://bugzilla.redhat.com/show_bug.cgi?id=692922
+patch -p1 < $CWD/CVE-2011-1485/0001-PolkitUnixProcess-Clarify-that-the-real-uid-is-retur.patch || exit 1
+patch -p1 < $CWD/CVE-2011-1485/0002-Make-PolkitUnixProcess-also-record-the-uid-of-the-pr.patch || exit 1
+patch -p1 < $CWD/CVE-2011-1485/0003-Use-polkit_unix_process_get_uid-to-get-the-owner-of-.patch || exit 1
+patch -p1 < $CWD/CVE-2011-1485/0004-pkexec-Avoid-TOCTTOU-problems-with-parent-process.patch || exit 1
+
CFLAGS="$SLKCFLAGS" \
CXXFLAGS="$SLKCFLAGS" \
-./autogen.sh \
+./configure \
--prefix=/usr \
--libdir=/usr/lib${LIBDIRSUFFIX} \
--sysconfdir=/etc \
--localstatedir=/var \
- --enable-gtk-doc \
--docdir=/usr/doc/$PKGNAM-$VERSION \
--enable-man-pages \
+ --enable-gtk-doc \
--mandir=/usr/man \
--disable-static \
--disable-introspection \
--with-authfw=shadow \
--enable-verbose-mode \
+ --with-os-type=Slackware \
--build=$ARCH-slackware-linux
- # Deprecated:
- #--with-polkit-user=hald \
#NOTE: The directory /etc/polkit-1/localauthority must be owned
# by root and have mode 700