summaryrefslogtreecommitdiff
path: root/src/polkitbackend
Commit message (Collapse)AuthorAgeFilesLines
* Remove autotools build systemJan Rybar2022-05-091-131/+0
|
* backend: Check for subject's primary group when expanding admin groupDan Nicholson2022-04-271-1/+16
|
* jsauthority: use JS::CompileUtf8Path instead of custom code reading fileXi Ruoyao2022-04-071-28/+3
|
* polkitd: consider connection to the system bus in return valueVincent Mihalkovic2022-04-061-6/+5
|
* fix build without C++Fabrice Fontaine2022-04-021-0/+1
| | | | | | | | | | | | | | | Fix the following build failure without C++ raised since https://gitlab.freedesktop.org/polkit/polkit/-/commit/957a015157fd359d9679540f664183e4b9492896: The following exception(s) were encountered: Running "/home/autobuild/autobuild/instance-14/output-1/host/bin/or1k-buildroot-linux-musl-g++ --version" gave "[Errno 2] No such file or directory: '/home/autobuild/autobuild/instance-14/output-1/host/bin/or1k-buildroot-linux-musl-g++'" Indeed, C++ is only required with mozjs engine Fixes: - http://autobuild.buildroot.org/results/1d52c8100414aa384572b23006a13f9b806d2d5a Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
* jsauthority: port to mozjs-91Xi Ruoyao2022-01-271-2/+7
|
* Added support for duktape as JS engineGustavo Lima Chaves2022-01-256-668/+1823
| | | | | Original author: Wu Xiaotian (@yetist) Resurrection author, runaway-killer author: Gustavo Lima Chaves (@limachaves)
* build: Make the directory for helper executables consistent with AutotoolsSimon McVittie2021-07-191-1/+1
| | | | | | | | | | | | | | | | | | The Autotools build system has been using /usr/lib/polkit-1 for several releases, even on distributions where the library directory is /usr/lib64 or /usr/lib/x86_64-linux-gnu, so it makes sense for Meson to do the same. This lets 32- and 64-bit polkit agents share a single helper executable. This might be superseded by polkit!63, which requests going back to using the libexecdir for these (like polkit 0.105 did), which would also make sense; but until that's decided, let's at least be consistent between our two build systems. Every time we change this, all programs that have already loaded libpolkit-agent into their address space need to be restarted, unless distributions provide compatibility symlinks. Signed-off-by: Simon McVittie <smcv@debian.org>
* Revert "Merge branch 'pwithnall/polkit-51-usr-local-share-is-my-homeboy' ↵revert-2c8287fbJan Rybar2021-04-133-8/+2
| | | | | into 'master'" This reverts merge request !75
* test: Fix a typo in a commentJan Rybar2021-02-253-2/+8
| | | | Signed-off-by: Philip Withnall <withnall@endlessm.com>
* build: Port to meson build systemJan Rybar2020-10-262-0/+73
| | | | | | meson is a build system focused on speed an ease of use, which helps speeding up the software development. This patch adds meson support along autotools.
* Port polkit to mozjs78Jan Rybar2020-08-251-9/+6
|
* Port JavaScript authority to mozjs-68Xi Ruoyao2020-06-161-64/+79
|
* ci: Add a CIBastien Nocera2020-02-211-2/+3
| | | | Just compiles and installs polkit
* jsauthority: Fix two minor memory leaksJan Rybar2019-10-081-0/+2
|
* Use JS_EncodeStringToUTF8 consistently with JavaScriptJan Rybar2019-04-021-7/+15
| | | | | | | | | | | | | | | | | | | | When strings handled by the jsbackendauthority contain non-ASCII, the code will fail. For example, on a system having a user with a non-ASCII name, the following message will appear when a USB stick is plugged in. mar 04 21:47:31 mimmi polkitd[17163]: Error evaluating authorization rules The user will not be allowed to do the mount. The problem is that strings were variously encoded back to C strings with JS_EncodeString and JS_EncodeStringToUTF8. According to the documentation (https://developer.mozilla.org/en-US/docs/Mozilla/Projects/SpiderMonkey/JSAPI_reference/JS_EncodeString#Description) the former will simply drop the high byte from each character. If that happens to a username, it will no longer be found as a valid user name on the system. Explicitly encoding to UTF-8 will at least work in UTF-8 locales, which is the increasingly dominant encoding.
* Code polish and removal of unused var reported by lintJan Rybar2019-03-261-3/+1
|
* Port the JS authority to mozjs-60Emmanuele Bassi2019-03-121-33/+32
| | | | | | | | | | | | | | API changes in mozjs that need to be reflected in the JS authority: - the JS::CompileOptions constructor and the JS::CompartmentOptions do not allow setting a JS version any more - do not use NULL comparisons for C++ objects - the resize() method for a vector has a return value that needs to be handled - JSClassOps has different fields
* backend: Compare PolkitUnixProcess uids for temporary authorizationsColin Walters2019-01-081-1/+38
| | | | | | | | | | | | | | It turns out that the combination of `(pid, start time)` is not enough to be unique. For temporary authorizations, we can avoid separate users racing on pid reuse by simply comparing the uid. https://bugs.chromium.org/p/project-zero/issues/detail?id=1692 And the above original email report is included in full in a new comment. Reported-by: Jann Horn <jannh@google.com> Closes: https://gitlab.freedesktop.org/polkit/polkit/issues/75
* polkitbackend: Fix some minor typos in an internal commentPhilip Withnall2018-11-291-2/+2
| | | | Signed-off-by: Philip Withnall <withnall@endlessm.com>
* Leaking zombie child processesJan Rybar2018-08-151-1/+2
| | | | | | | | | | | | Resolves: bz#106021 Subject: [PATCH] polkitd: fix zombie not reaped when js spawned process timed out The child watch source attached to thread context didn't work due to the release of it's main loop and context outside. So we attach the source to the global default main context to make it work and avoid zombies.
* Fix CVE-2018-1116: Trusting client-supplied UIDMiloslav Trmač2018-07-034-23/+95
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | As part of CVE-2013-4288, the D-Bus clients were allowed (and encouraged) to submit the UID of the subject of authorization checks to avoid races against UID changes (notably using executables set-UID to root). However, that also allowed any client to submit an arbitrary UID, and that could be used to bypass "can only ask about / affect the same UID" checks in CheckAuthorization / RegisterAuthenticationAgent / UnregisterAuthenticationAgent. This allowed an attacker: - With CheckAuthorization, to cause the registered authentication agent in victim's session to pop up a dialog, or to determine whether the victim currently has a temporary authorization to perform an operation. (In principle, the attacker can also determine whether JavaScript rules allow the victim process to perform an operation; however, usually rules base their decisions on information determined from the supplied UID, so the attacker usually won't learn anything new.) - With RegisterAuthenticationAgent, to prevent the victim's authentication agent to work (for a specific victim process), or to learn about which operations requiring authorization the victim is attempting. To fix this, expose internal _polkit_unix_process_get_owner() / obsolete polkit_unix_process_get_owner() as a private polkit_unix_process_get_racy_uid__() (being more explicit about the dangers on relying on it), and use it in polkit_backend_session_monitor_get_user_for_subject() to return a boolean indicating whether the subject UID may be caller-chosen. Then, in the permission checks that require the subject to be equal to the caller, fail on caller-chosen UIDs (and continue through the pre-existing code paths which allow root, or root-designated server processes, to ask about arbitrary subjects.) Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* jsauthority: pass "%s" format string to remaining report functionRay Strode2018-04-031-1/+1
| | | | | | | | | | commit 00adeee1b62 attempted to add a "%s" format string to the two JS_Report invocations that needed it, but somehow only got one them. This commit gets the other one. https://bugzilla.gnome.org/show_bug.cgi?id=105865
* jsauthority: re-enable JITRay Strode2018-04-031-6/+3
| | | | | | | | seems to work with mozjs52 Signed-off-by: Ray Strode <rstrode@redhat.com> https://bugs.freedesktop.org/show_bug.cgi?id=105865
* jsauthority: switch from JS_ConvertArguments to JS::CallArgsFromVpRay Strode2018-04-031-19/+14
| | | | | | Signed-off-by: Ray Strode <rstrode@redhat.com> https://bugs.freedesktop.org/show_bug.cgi?id=105865
* jsauthority: stop using JS_GetStringCharsZRay Strode2018-04-031-9/+6
| | | | | | | | it's not around anymore. Signed-off-by: Ray Strode <rstrode@redhat.com> https://bugs.freedesktop.org/show_bug.cgi?id=105865
* jsauthority: fix up set_property methodsRay Strode2018-04-031-26/+35
| | | | | | Signed-off-by: Ray Strode <rstrode@redhat.com> https://bugs.freedesktop.org/show_bug.cgi?id=105865
* jsauthority: use JS::Evaluate instead of JS_EvaluateScriptRay Strode2018-04-031-28/+21
| | | | | | | | | JS_EvaluateScript is no longer in the API set, so use JS::Evaluate instead. Signed-off-by: Ray Strode <rstrode@redhat.com> https://bugs.freedesktop.org/show_bug.cgi?id=105865
* jsauthority: adapt arguments for new JS_ExecuteScript APIRay Strode2018-04-031-1/+0
| | | | | | | | JS_ExecuteScript no longer takes a global argument. Signed-off-by: Ray Strode <rstrode@redhat.com> https://bugs.freedesktop.org/show_bug.cgi?id=105865
* jsauthority: adapt arguments for new JS::Compile APIRay Strode2018-04-031-6/+1
| | | | | | | | | | | The global object is implicit now and the result is an out arg. This commit adapts to the new api. Signed-off-by: Ray Strode <rstrode@redhat.com> https://bugs.freedesktop.org/show_bug.cgi?id=105865
* jsauthority: root some locals to the contextRay Strode2018-04-031-4/+4
| | | | | | Signed-off-by: Ray Strode <rstrode@redhat.com> https://bugs.freedesktop.org/show_bug.cgi?id=105865
* jsauthority: redo how global objects are set upRay Strode2018-04-031-23/+25
| | | | | | | | | | | | This commit drops usage of JS_AddObjectRoot and switches the global object over to being wrapped in a JS::Heap pointer. It stops using JS_DefineObject which no longer seems to be available, and adds a new JS::FireOnNewGlobalHook which seems to be required. Signed-off-by: Ray Strode <rstrode@redhat.com> https://bugs.freedesktop.org/show_bug.cgi?id=105865
* jsauthority: use InterruptCallback api instead of OperationCallbackRay Strode2018-04-031-5/+7
| | | | | | | | seems like it got renamed. Signed-off-by: Ray Strode <rstrode@redhat.com> https://bugs.freedesktop.org/show_bug.cgi?id=105865
* jsauthority: Fix up JS_CallFunctionName invocationsRay Strode2018-04-031-28/+28
| | | | | | | | The way args are passed in changed. Signed-off-by: Ray Strode <rstrode@redhat.com> https://bugs.freedesktop.org/show_bug.cgi?id=105865
* jsauthority: JSVAL_IS_NULL (o) to o.isNull()Ray Strode2018-04-031-1/+1
| | | | | | Signed-off-by: Ray Strode <rstrode@redhat.com> https://bugs.freedesktop.org/show_bug.cgi?id=105865
* jsauthority: JSVAL_IS_STRING (s) to s.isString()Ray Strode2018-04-031-3/+3
| | | | | | Signed-off-by: Ray Strode <rstrode@redhat.com> https://bugs.freedesktop.org/show_bug.cgi?id=105865
* jsauthority: JSVAL_TO_STRING (s) to s.toString()Ray Strode2018-04-031-3/+3
| | | | | | Signed-off-by: Ray Strode <rstrode@redhat.com> https://bugs.freedesktop.org/show_bug.cgi?id=105865
* jsauthority: JSVAL_TO_OBJECT (o) to o.toObjectOrNull()Ray Strode2018-04-031-2/+2
| | | | | | Signed-off-by: Ray Strode <rstrode@redhat.com> https://bugs.freedesktop.org/show_bug.cgi?id=105865
* jsauthority: s/BOOLEAN_TO_JSVAL/JS::BooleanValue/Ray Strode2018-04-031-1/+1
| | | | | | Signed-off-by: Ray Strode <rstrode@redhat.com> https://bugs.freedesktop.org/show_bug.cgi?id=105865
* jsauthority: s/STRING_TO_JSVAL/JS::StringValue/Ray Strode2018-04-031-4/+4
| | | | | | Signed-off-by: Ray Strode <rstrode@redhat.com> https://bugs.freedesktop.org/show_bug.cgi?id=105865
* jsauthority: s/OBJECT_TO_JSVAL/JS::ObjectValue/Ray Strode2018-04-031-1/+1
| | | | | | | | | This commit does a global search and replace for OBJECT_TO_JSVAL to JS::ObjectValue() Signed-off-by: Ray Strode <rstrode@redhat.com> https://bugs.freedesktop.org/show_bug.cgi?id=105865
* jsauthority: s/JSVAL_VOID/JS::UndefinedValue()/Ray Strode2018-04-031-1/+1
| | | | | | | | | This commit does a global search and replace for JSVAL_VOID to JS::UndefinedValue() Signed-off-by: Ray Strode <rstrode@redhat.com> https://bugs.freedesktop.org/show_bug.cgi?id=105865
* jsauthority: s/JSVAL_NULL/JS::NullValue()/Ray Strode2018-04-031-6/+6
| | | | | | | | | This commit does a global search and replace for JSVAL_NULL to JS::NullValue() Signed-off-by: Ray Strode <rstrode@redhat.com> https://bugs.freedesktop.org/show_bug.cgi?id=105865
* jsauthority: s/jsval/JS::Value/Ray Strode2018-04-031-28/+28
| | | | | | | | The API got renamed in mozjs31. Signed-off-by: Ray Strode <rstrode@redhat.com> https://bugs.freedesktop.org/show_bug.cgi?id=105865
* jsauthority: s/JSBool/bool/Ray Strode2018-04-031-23/+23
| | | | | | | | It's been gone since mozjs31 Signed-off-by: Ray Strode <rstrode@redhat.com> https://bugs.freedesktop.org/show_bug.cgi?id=105865
* jsauthority: pass "%s" format string to report functionsRay Strode2018-04-031-1/+1
| | | | | | | | This just avoids the potential for security problems down the line. Signed-off-by: Ray Strode <rstrode@redhat.com> https://bugs.freedesktop.org/show_bug.cgi?id=105865
* jsauthority: add UTF8 suffix to renamed functionsRay Strode2018-04-031-6/+6
| | | | | | Signed-off-by: Ray Strode <rstrode@redhat.com> https://bugs.freedesktop.org/show_bug.cgi?id=105865
* jsauthority: JS::SetWarningReporter instead of JS_SetErrorReporterRay Strode2018-04-031-3/+2
| | | | | | | | | | | This commit changes the code to use JS::SetWarningReporter instead of JS_SetErrorReporter. The latter, as far as I can tell, is just a slightly renamed version of the former with the args moved around a little bit. Signed-off-by: Ray Strode <rstrode@redhat.com> https://bugs.freedesktop.org/show_bug.cgi?id=105865
* jsauthority: change how JIT is disabledRay Strode2018-04-031-3/+4
| | | | | | | | | | JS_SetOptions seems to be replaced with JS::ContextOptionsRef now. Also, disabling the JIT seems to be three options now instead of just one. Signed-off-by: Ray Strode <rstrode@redhat.com> https://bugs.freedesktop.org/show_bug.cgi?id=105865
* jsauthority: call JS_InitSelfHostedCodeRay Strode2018-04-031-0/+3
| | | | | | | | This is now required Signed-off-by: Ray Strode <rstrode@redhat.com> https://bugs.freedesktop.org/show_bug.cgi?id=105865
View Lorry Controller Status