diff --git a/fprintd.spec b/fprintd.spec index 5dbc659..5370cee 100644 --- a/fprintd.spec +++ b/fprintd.spec @@ -3,7 +3,7 @@ Name: fprintd Version: 0.1 -Release: 9.git%{short_hash}%{?dist} +Release: 10.git%{short_hash}%{?dist} Summary: D-Bus service for Fingerprint reader access Group: System Environment/Daemons @@ -17,6 +17,8 @@ Source0: fprintd-0.1-%{short_hash}.tar.bz2 # FIXME remove when we have a newer libfprint Patch0: old-libfprint.patch Patch1: 0001-Detect-when-a-device-is-disconnected.patch +# https://bugzilla.redhat.com/show_bug.cgi?id=498368 +Patch2: polkit1.patch Url: http://www.reactivated.net/fprint/wiki/Fprintd BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) ExcludeArch: s390 s390x @@ -24,9 +26,10 @@ ExcludeArch: s390 s390x BuildRequires: dbus-glib-devel BuildRequires: pam-devel BuildRequires: libfprint-devel >= 0.1.0 -BuildRequires: PolicyKit-devel +BuildRequires: polkit-devel BuildRequires: gtk-doc -BuildRequires: perl(XML::Parser) intltool +BuildRequires: intltool +BuildRequires: autoconf automake libtool %description D-Bus service to access fingerprint readers. @@ -61,6 +64,9 @@ fingerprint readers access. %setup -q -n %{name}-%{version} %patch0 -p1 %patch1 -p1 +%patch2 -p1 -b .polkit1 + +autoreconf -i -f %build %configure --libdir=/%{_lib}/ --enable-gtk-doc --enable-pam @@ -84,7 +90,7 @@ rm -rf $RPM_BUILD_ROOT %{_sysconfdir}/fprintd.conf %{_sysconfdir}/dbus-1/system.d/net.reactivated.Fprint.conf %{_datadir}/dbus-1/system-services/net.reactivated.Fprint.service -%{_datadir}/PolicyKit/policy/net.reactivated.fprint.device.policy +%{_datadir}/polkit-1/actions/net.reactivated.fprint.device.policy %{_localstatedir}/lib/fprint %files pam @@ -99,6 +105,9 @@ rm -rf $RPM_BUILD_ROOT %{_datadir}/dbus-1/interfaces/net.reactivated.Fprint.Manager.xml %changelog +* Tue Jun 9 2009 Matthias Clasen 0.1-10.git04fd09cfa +- Port to PolicyKit 1 + * Thu May 07 2009 Bastien Nocera 0.1-9.git04fd09cfa - Add /var/lib/fprint to the RPM to avoid SELinux errors (#499513) diff --git a/polkit1.patch b/polkit1.patch new file mode 100644 index 0000000..f6d1569 --- /dev/null +++ b/polkit1.patch @@ -0,0 +1,259 @@ +diff -up fprintd-0.1/configure.ac.polkit1 fprintd-0.1/configure.ac +--- fprintd-0.1/configure.ac.polkit1 2008-11-22 09:34:59.000000000 -0500 ++++ fprintd-0.1/configure.ac 2009-05-13 18:09:05.064187014 -0400 +@@ -22,7 +22,7 @@ PKG_CHECK_MODULES(GLIB, glib-2.0 dbus-gl + AC_SUBST(GLIB_CFLAGS) + AC_SUBST(GLIB_LIBS) + +-PKG_CHECK_MODULES(DAEMON, glib-2.0 dbus-glib-1 gmodule-2.0 polkit >= 0.8 polkit-dbus) ++PKG_CHECK_MODULES(DAEMON, glib-2.0 dbus-glib-1 gmodule-2.0 polkit-gobject-1 >= 0.91) + AC_SUBST(DAEMON_LIBS) + AC_SUBST(DAEMON_CFLAGS) + +@@ -45,9 +45,6 @@ AC_MSG_CHECKING(for PAM headers and libr + AC_MSG_RESULT([$has_pam]) + + +-AC_CHECK_PROG([POLKIT_POLICY_FILE_VALIDATE], +- [polkit-policy-file-validate], [polkit-policy-file-validate]) +- + AC_PATH_PROG([XSLTPROC], [xsltproc]) + GTK_DOC_CHECK([1.3]) + +diff -up fprintd-0.1/data/Makefile.am.polkit1 fprintd-0.1/data/Makefile.am +--- fprintd-0.1/data/Makefile.am.polkit1 2008-11-22 09:34:59.000000000 -0500 ++++ fprintd-0.1/data/Makefile.am 2009-05-13 18:09:05.065186384 -0400 +@@ -9,7 +9,7 @@ $(dbus_services_DATA): $(dbus_services_i + dbus_confdir = $(sysconfdir)/dbus-1/system.d + dbus_conf_DATA = net.reactivated.Fprint.conf + +-polkitdir = $(datadir)/PolicyKit/policy ++polkitdir = $(datadir)/polkit-1/actions + polkit_in_files = net.reactivated.fprint.device.policy.in + + @INTLTOOL_POLICY_RULE@ +@@ -21,7 +21,3 @@ conf_DATA = fprintd.conf + EXTRA_DIST = $(dbus_services_in_files) $(dbus_conf_DATA) $(polkit_in_files) $(conf_DATA) + CLEANFILES = $(polkit_DATA) $(dbus_services_DATA) + +-check: +- $(POLKIT_POLICY_FILE_VALIDATE) $(polkit_DATA) +- +- +diff -up fprintd-0.1/data/net.reactivated.fprint.device.policy.in.polkit1 fprintd-0.1/data/net.reactivated.fprint.device.policy.in +--- fprintd-0.1/data/net.reactivated.fprint.device.policy.in.polkit1 2008-11-22 09:34:59.000000000 -0500 ++++ fprintd-0.1/data/net.reactivated.fprint.device.policy.in 2009-05-13 18:09:05.065186384 -0400 +@@ -35,7 +35,7 @@ + + no + no +- auth_admin_keep_always ++ auth_admin_keep + + + +diff -up fprintd-0.1/pam/Makefile.am.polkit1 fprintd-0.1/pam/Makefile.am +--- fprintd-0.1/pam/Makefile.am.polkit1 2009-01-26 05:35:54.000000000 -0500 ++++ fprintd-0.1/pam/Makefile.am 2009-05-13 18:09:05.068186099 -0400 +@@ -1,12 +1,12 @@ + if HAVE_PAM + +-pammod_PROGRAMS = pam_fprintd.so ++pammod_LTLIBRARIES = pam_fprintd.la + pammoddir=$(libdir)/security + +-pam_fprintd_so_SOURCES = pam_fprintd.c $(MARSHALFILES) +-pam_fprintd_so_CFLAGS = -fPIC $(WARN_CFLAGS) $(GLIB_CFLAGS) +-pam_fprintd_so_LDFLAGS = -shared +-pam_fprintd_so_LDADD = $(PAM_LIBS) $(GLIB_LIBS) ++pam_fprintd_la_SOURCES = pam_fprintd.c $(MARSHALFILES) ++pam_fprintd_la_CFLAGS = -fPIC $(WARN_CFLAGS) $(GLIB_CFLAGS) ++pam_fprintd_la_LDFLAGS = -module ++pam_fprintd_la_LIBADD = $(PAM_LIBS) $(GLIB_LIBS) + + MARSHALFILES = marshal.c marshal.h + GLIB_GENMARSHAL=`pkg-config --variable=glib_genmarshal glib-2.0` +diff -up fprintd-0.1/src/device.c.polkit1 fprintd-0.1/src/device.c +--- fprintd-0.1/src/device.c.polkit1 2009-05-13 18:09:05.047196683 -0400 ++++ fprintd-0.1/src/device.c 2009-05-13 18:10:05.449188670 -0400 +@@ -23,7 +23,6 @@ + #include + #include + #include +-#include + #include + + #include +@@ -96,7 +95,7 @@ struct FprintDevicePrivate { + struct fp_dev *dev; + struct session_data *session; + +- PolKitContext *pol_ctx; ++ PolkitAuthority *auth; + + /* The current user of the device, if claimed */ + char *sender; +@@ -266,53 +265,13 @@ static void fprint_device_class_init(Fpr + g_cclosure_marshal_VOID__STRING, G_TYPE_NONE, 1, G_TYPE_STRING); + } + +-static gboolean +-pk_io_watch_have_data (GIOChannel *channel, GIOCondition condition, gpointer user_data) +-{ +- int fd; +- PolKitContext *pk_context = user_data; +- fd = g_io_channel_unix_get_fd (channel); +- polkit_context_io_func (pk_context, fd); +- return TRUE; +-} +- +-static int +-pk_io_add_watch (PolKitContext *pk_context, int fd) +-{ +- guint id = 0; +- GIOChannel *channel; +- channel = g_io_channel_unix_new (fd); +- if (channel == NULL) +- goto out; +- id = g_io_add_watch (channel, G_IO_IN, pk_io_watch_have_data, pk_context); +- if (id == 0) { +- g_io_channel_unref (channel); +- goto out; +- } +- g_io_channel_unref (channel); +-out: +- return id; +-} +- +-static void +-pk_io_remove_watch (PolKitContext *pk_context, int watch_id) +-{ +- g_source_remove (watch_id); +-} +- + static void fprint_device_init(FprintDevice *device) + { + FprintDevicePrivate *priv = DEVICE_GET_PRIVATE(device); + priv->id = ++last_id; + + /* Setup PolicyKit */ +- priv->pol_ctx = polkit_context_new (); +- polkit_context_set_io_watch_functions (priv->pol_ctx, pk_io_add_watch, pk_io_remove_watch); +- if (!polkit_context_init (priv->pol_ctx, NULL)) { +- g_critical ("cannot initialize libpolkit"); +- polkit_context_unref (priv->pol_ctx); +- priv->pol_ctx = NULL; +- } ++ priv->auth = polkit_authority_get (); + priv->clients = g_hash_table_new_full (g_str_hash, + g_str_equal, + g_free, +@@ -449,28 +408,14 @@ _fprint_device_check_polkit_for_action ( + { + FprintDevicePrivate *priv = DEVICE_GET_PRIVATE(rdev); + const char *sender; +- DBusError dbus_error; +- PolKitCaller *pk_caller; +- PolKitAction *pk_action; +- PolKitResult pk_result; +- uid_t uid; ++ PolkitSubject *subject; ++ PolkitAuthorizationResult *result; + + /* Check that caller is privileged */ + sender = dbus_g_method_get_sender (context); +- dbus_error_init (&dbus_error); +- pk_caller = polkit_caller_new_from_dbus_name ( +- dbus_g_connection_get_connection (fprintd_dbus_conn), +- sender, +- &dbus_error); +- if (pk_caller == NULL) { +- g_set_error (error, FPRINT_ERROR, +- FPRINT_ERROR_INTERNAL, +- "Error getting information about caller: %s: %s", +- dbus_error.name, dbus_error.message); +- dbus_error_free (&dbus_error); +- return FALSE; +- } ++ subject = polkit_system_bus_name_new (sender); + ++#if 0 + /* XXX Hack? + * We'd like to allow root to set the username by default, so + * it can authenticate users through PAM +@@ -481,24 +426,26 @@ _fprint_device_check_polkit_for_action ( + polkit_caller_unref (pk_caller); + return TRUE; + } ++#endif + +- pk_action = polkit_action_new (); +- polkit_action_set_action_id (pk_action, action); +- pk_result = polkit_context_is_caller_authorized (priv->pol_ctx, pk_action, pk_caller, +- TRUE, NULL); +- polkit_caller_unref (pk_caller); +- polkit_action_unref (pk_action); ++ result = polkit_authority_check_authorization_sync (priv->auth, ++ subject, ++ action, ++ NULL, ++ POLKIT_CHECK_AUTHORIZATION_FLAGS_ALLOW_USER_INTERACTION, ++ NULL, NULL); ++ g_object_unref (subject); + +- if (pk_result != POLKIT_RESULT_YES) { ++ if (!polkit_authorization_result_get_is_authorized (result)) { + g_set_error (error, FPRINT_ERROR, + FPRINT_ERROR_PERMISSION_DENIED, +- "%s %s <-- (action, result)", +- action, +- polkit_result_to_string_representation (pk_result)); +- dbus_error_free (&dbus_error); ++ "Not Authorized: %s", action); ++ g_object_unref (result); + return FALSE; + } + ++ g_object_unref (result); ++ + return TRUE; + } + +@@ -1095,6 +1042,7 @@ static void fprint_device_enroll_start(F + } + + if (_fprint_device_check_polkit_for_action (rdev, context, "net.reactivated.fprint.device.enroll", &error) == FALSE) { ++ g_print ("enroll not allowed: %s\n", error->message); + dbus_g_method_return_error (context, error); + return; + } +diff -up fprintd-0.1/src/net.reactivated.Fprint.Device.xml.polkit1 fprintd-0.1/src/net.reactivated.Fprint.Device.xml +--- fprintd-0.1/src/net.reactivated.Fprint.Device.xml.polkit1 2009-01-26 05:31:45.000000000 -0500 ++++ fprintd-0.1/src/net.reactivated.Fprint.Device.xml 2009-05-13 18:09:05.071212005 -0400 +@@ -183,6 +183,12 @@ + + + ++ verify-disconnected ++ ++ The device was disconnected during the verification, no other actions should be taken, and you shouldn't use the device any more. ++ ++ ++ + verify-unknown-error + + An unknown error occurred (usually a driver problem), Device.VerifyStop should now be called. +@@ -240,6 +246,13 @@ + + + ++ enroll-disconnected ++ ++ The device was disconnected during the enrollment, no other actions should be taken, and you shouldn't use the device any more. ++ ++ ++ ++ + enroll-unknown-error + + An unknown error occurred (usually a driver problem), Device.EnrollStop should now be called.