Hello community, here is the log from the commit of package ConsoleKit for openSUSE:11.3 checked in at Tue Jun 7 14:11:05 CEST 2011.
-------- --- old-versions/11.3/all/ConsoleKit/ConsoleKit.changes 2010-05-04 11:32:43.000000000 +0200 +++ 11.3/ConsoleKit/ConsoleKit.changes 2011-05-24 12:52:54.000000000 +0200 @@ -1,0 +2,7 @@ +Tue May 24 12:53:08 CEST 2011 - hma...@suse.de + +- add ConsoleKit-fix-is-local-set-for-remote-sessions.patch: + Prevent remote users to open a ConsoleKit session considered + local (bnc#686150) + +------------------------------------------------------------------- ConsoleKit-doc.changes: same change Package does not exist at destination yet. Using Fallback old-versions/11.3/all/ConsoleKit Destination is old-versions/11.3/UPDATES/all/ConsoleKit calling whatdependson for 11.3-i586 New: ---- ConsoleKit-fix-is-local-set-for-remote-sessions.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ConsoleKit-doc.spec ++++++ --- /var/tmp/diff_new_pack.yxsqN0/_old 2011-06-07 14:10:17.000000000 +0200 +++ /var/tmp/diff_new_pack.yxsqN0/_new 2011-06-07 14:10:17.000000000 +0200 @@ -1,7 +1,7 @@ # -# spec file for package ConsoleKit-doc (Version 0.4.1) +# spec file for package ConsoleKit-doc # -# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -37,7 +37,7 @@ %endif Summary: System daemon for tracking users, sessions and seats Version: 0.4.1 -Release: 4 +Release: 7.<RELEASE2> License: GPLv2+ Group: System/Daemons AutoReqProv: on @@ -47,6 +47,7 @@ Patch1: 0009-Don-t-take-bus-name-until-ready.patch Patch2: 0010-Don-t-segfault-if-the-seats-file-is-invalid.patch Patch3: 0012-format-not-a-string-literal-and-no-format-arguments.patch +Patch4: ConsoleKit-fix-is-local-set-for-remote-sessions.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %if %build_doc == 0 PreReq: pwdutils login @@ -90,6 +91,7 @@ %patch1 -p1 %patch2 -p1 %patch3 -p1 +%patch4 -p1 %build autoreconf -fi ConsoleKit.spec: same change ++++++ ConsoleKit-fix-is-local-set-for-remote-sessions.patch ++++++ commit 4f88228f31a63c026c424a92827f26ad7535275c Author: William Jon McCann <jmcc...@redhat.com> Date: Thu Jun 3 20:02:35 2010 -0400 Only set sessions to be is-local=true if set by a trusted party https://bugs.freedesktop.org/show_bug.cgi?id=28377 Index: ConsoleKit-0.4.1/src/ck-manager.c =================================================================== --- ConsoleKit-0.4.1.orig/src/ck-manager.c +++ ConsoleKit-0.4.1/src/ck-manager.c @@ -1641,13 +1641,175 @@ open_session_for_leader (CkManager dbus_g_method_return (context, cookie); } +enum { + PROP_STRING, + PROP_BOOLEAN, +}; + +#define CK_TYPE_PARAMETER_STRUCT (dbus_g_type_get_struct ("GValueArray", \ + G_TYPE_STRING, \ + G_TYPE_VALUE, \ + G_TYPE_INVALID)) + +static gboolean +_get_parameter (GPtrArray *parameters, + const char *name, + int prop_type, + gpointer *value) +{ + gboolean ret; + int i; + + if (parameters == NULL) { + return FALSE; + } + + ret = FALSE; + + for (i = 0; i < parameters->len && ret == FALSE; i++) { + gboolean res; + GValue val_struct = { 0, }; + char *prop_name; + GValue *prop_val; + + g_value_init (&val_struct, CK_TYPE_PARAMETER_STRUCT); + g_value_set_static_boxed (&val_struct, g_ptr_array_index (parameters, i)); + + res = dbus_g_type_struct_get (&val_struct, + 0, &prop_name, + 1, &prop_val, + G_MAXUINT); + if (! res) { + g_debug ("Unable to extract parameter input"); + goto cont; + } + + if (prop_name == NULL) { + g_debug ("Skipping NULL parameter"); + goto cont; + } + + if (strcmp (prop_name, name) != 0) { + goto cont; + } + + switch (prop_type) { + case PROP_STRING: + if (value != NULL) { + *value = g_value_dup_string (prop_val); + } + break; + case PROP_BOOLEAN: + if (value != NULL) { + *(gboolean *)value = g_value_get_boolean (prop_val); + } + break; + default: + g_assert_not_reached (); + break; + } + + ret = TRUE; + + cont: + g_free (prop_name); + if (prop_val != NULL) { + g_value_unset (prop_val); + g_free (prop_val); + } + } + + return ret; +} + +static gboolean +_verify_login_session_id_is_local (CkManager *manager, + const char *login_session_id) +{ + GHashTableIter iter; + const char *id; + CkSession *session; + + g_return_val_if_fail (CK_IS_MANAGER (manager), FALSE); + + /* If any local session exists for the given login session id + then that means a trusted party has vouched for the + original login */ + + g_debug ("Looking for local sessions for login-session-id=%s", login_session_id); + + session = NULL; + g_hash_table_iter_init (&iter, manager->priv->sessions); + while (g_hash_table_iter_next (&iter, (gpointer *)&id, (gpointer *)&session)) { + if (session != NULL) { + gboolean is_local; + char *sessid; + + sessid = NULL; + g_object_get (session, + "login-session-id", &sessid, + "is-local", &is_local, + NULL); + if (g_strcmp0 (sessid, login_session_id) == 0 && is_local) { + g_debug ("CkManager: found is-local=true on %s", id); + return TRUE; + } + } + } + + return FALSE; +} + +static void +add_param_boolean (GPtrArray *parameters, + const char *key, + gboolean value) +{ + GValue val = { 0, }; + GValue param_val = { 0, }; + + g_value_init (&val, G_TYPE_BOOLEAN); + g_value_set_boolean (&val, value); + g_value_init (¶m_val, CK_TYPE_PARAMETER_STRUCT); + g_value_take_boxed (¶m_val, + dbus_g_type_specialized_construct (CK_TYPE_PARAMETER_STRUCT)); + dbus_g_type_struct_set (¶m_val, + 0, key, + 1, &val, + G_MAXUINT); + g_value_unset (&val); + + g_ptr_array_add (parameters, g_value_get_boxed (¶m_val)); +} + static void verify_and_open_session_for_leader (CkManager *manager, CkSessionLeader *leader, - const GPtrArray *parameters, + GPtrArray *parameters, DBusGMethodInvocation *context) { - /* for now don't bother verifying since we protect OpenSessionWithParameters */ + /* Only allow a local session if originating from an existing + local session. Effectively this means that only trusted + parties can create local sessions. */ + + g_debug ("CkManager: verifying session for leader"); + + if (parameters != NULL && ! _get_parameter (parameters, "is-local", PROP_BOOLEAN, NULL)) { + gboolean is_local; + char *login_session_id; + + g_debug ("CkManager: is-local has not been set, will inherit from existing login-session-id if available"); + + is_local = FALSE; + + if (_get_parameter (parameters, "login-session-id", PROP_STRING, (gpointer *) &login_session_id)) { + is_local = _verify_login_session_id_is_local (manager, login_session_id); + g_debug ("CkManager: found is-local=%s", is_local ? "true" : "false"); + } + + add_param_boolean (parameters, "is-local", is_local); + } + open_session_for_leader (manager, leader, parameters, Index: ConsoleKit-0.4.1/tools/ck-collect-session-info.c =================================================================== --- ConsoleKit-0.4.1.orig/tools/ck-collect-session-info.c +++ ConsoleKit-0.4.1/tools/ck-collect-session-info.c @@ -274,8 +274,7 @@ fill_x11_info (SessionInfo *si) si->x11_display_device = ck_process_stat_get_tty (xorg_stat); ck_process_stat_free (xorg_stat); - si->is_local = TRUE; - si->is_local_is_set = TRUE; + /* don't set is-local here - let the daemon do that */ g_free (si->remote_host_name); si->remote_host_name = NULL; @@ -304,13 +303,6 @@ fill_session_info (SessionInfo *si) fill_x11_info (si); - if (! si->is_local_is_set) { - /* FIXME: how should we set this? */ - /* non x11 sessions must be local I guess */ - si->is_local = TRUE; - si->is_local_is_set = TRUE; - } - res = ck_unix_pid_get_login_session_id (si->pid, &si->login_session_id); if (! res) { si->login_session_id = NULL; ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org