| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
User and group is not restored properly when moving (or copying with
G_FILE_COPY_ALL_METADATA) from admin:// to file://, because it is handled
by GIO fallback code, which doesn't run with root permissions. Let's
handle this case with pull method to ensure correct ownership.
|
| |
|
|
|
|
|
|
| |
Files created over admin backend should be owned by root, but they are
owned by the user itself. This is because the daemon drops the uid to
make dbus connection work. Use fsuid and euid to fix this issue.
Closes: https://gitlab.gnome.org/GNOME/gvfs/issues/21
|
| |
|
|
|
|
|
| |
CAP_CHOWN is dropped together with other privilages and thus the backend
can't change file owner. This might be probably e.g. in case of copy
operation when G_FILE_COPY_ALL_METADATA is used. Let's keep CAP_CHOWN
to fix this.
|
| |
|
|
|
|
|
|
|
|
| |
Admin backend doesn't implement query_info_on_read/write which might
potentially lead to some race conditions which aren't really wanted
especially in case of admin backend. For example, in file_copy_fallback(),
g_file_query_info() is used if g_file_input_stream_query_info() is not
supported, which in theory means that the info might be obtained from
the different file then it is opened. Let's add this missing
functionality to prevent this possibility.
|
| |
|
|
|
| |
Error is shown if `gvfsd-admin --help` is started without pkexec. Change
order of the input checks and print help in this case as well.
|
| |
|
|
|
|
|
|
| |
Use `g_printerr ()` instead of `g_error ()` in order to prevent core
dumps when starting the gvfsd-admin daemon manually without pkexec, or
with wrong commandline arguments.
Fixes: https://gitlab.gnome.org/GNOME/gvfs/issues/395
|
| |
|
|
|
| |
GOptionContext is not released after `g_option_context_new ()` call.
Let's use `g_option_context_free ()` to fix this minor memory leak.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The backend currently allows to access and modify files without prompting
for password if any polkit authentication agent isn't available. This seems
isn't usually problem, because polkit agents are integral parts of
graphical environments / linux distributions. The agents can't be simply
disabled without root permissions and are automatically respawned. However,
this might be a problem in some non-standard cases.
This affects only users which belong to wheel group (i.e. those who are
already allowed to use sudo). It doesn't allow privilege escalation for
users, who don't belong to that group.
Let's return permission denied error also when the subject can't be
authorized by any polkit agent to prevent this behavior.
Closes: https://gitlab.gnome.org/GNOME/gvfs/issues/355
|
| |
|
|
| |
https://gitlab.gnome.org/GNOME/gvfs/issues/2
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The admin backend is pretty special, because it can't use GMountOperation
for authorization and polkit prompt is shown for each client. This leads
to unwanted behavior because the admin prompt might be shown unexpectedly
(e.g. when obtaining info for recently used files).
Let's require mounting explicitly for each client. So each client gets
G_IO_ERROR_NOT_MOUNTED if it hasn't called g_file_mountable_mount before.
It works nicely for most of the apps which I tested (e.g. with Nautilus,
GEdit, Totem, Evince, GIMP, LibreOffice). However, this requires changes
for some applications, which expects that the file is already mounted
(e.g. EOG).
Unfortunatelly, it breaks utils like "gio list" because it fails with
"The specified location is not mounted" error and "gio mount admin:///"
doesn't help, because it has different PID.
This isn't ideal, but it is better than the unexpected password prompts...
https://bugzilla.gnome.org/show_bug.cgi?id=771285
|
| |
|
|
|
|
|
|
| |
The result from strtol is stored in uid_t and then checked for
LONG_MAX and LONG_MIN, however, uid_t doesn't have to be long. Let's
check just the errno value, it should be enough.
This issue was revealed by coverity scan.
|
| | |
|
| |
|
|
| |
We can also delete/rename files when going through the admin backend.
|
| |
|
|
| |
We can use the return value of g_file_set_display_name().
|
| |
|
|
|
| |
g_file_append_to() will already return a stream that points to the end
of the file.
|
| | |
|
| | |
|
| |
|
|
| |
Simplify code.
|
| | |
|
| | |
|
| | |
|
| | |
|
|
|
The new admin backend is activated through pkexec and allows
applications to promote their I/O operations to be privileged.
Privilege checking is achieved through polkit.
|
