Accepting request 346801 from Base:System

- polkit-revert-session-magic.patch: revert a session detection change
  that could lead to sessions not being detected as active due to 
  a systemd bug. bsc#954139

OBS-URL: https://build.opensuse.org/request/show/346801
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/polkit?expand=0&rev=55

polkit-revert-session-magic.patch

@@ -0,0 +1,66 @@
+commit a29653ffa99e0809e15aa34afcd7b2df8593871c
+Author: Philip Withnall <philip.withnall@collabora.co.uk>
+Date:   Tue Jun 2 16:19:51 2015 +0100
+
+    sessionmonitor-systemd: Use sd_uid_get_state() to check session activity
+    
+    Instead of using sd_pid_get_session() then sd_session_is_active() to
+    determine whether the user is active, use sd_uid_get_state() directly.
+    This gets the maximum of the states of all the user’s sessions, rather
+    than the state of the session containing the subject process. Since the
+    user is the security boundary, this is fine.
+    
+    This change is necessary for `systemd --user` sessions, where most user
+    code will be forked off user@.service, rather than running inside the
+    logind session (whether that be a foreground/active or background/online
+    session).
+    
+    Policy-wise, the change is from checking whether the subject process is
+    in an active session; to checking whether the subject process is owned
+    by a user with at least one active session.
+    
+    https://bugs.freedesktop.org/show_bug.cgi?id=76358
+
+diff --git a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c
+index 9995f87..2a6c739 100644
+--- a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c
++++ b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c
+@@ -389,6 +389,37 @@ gboolean
+ polkit_backend_session_monitor_is_session_active (PolkitBackendSessionMonitor *monitor,
+                                                   PolkitSubject               *session)
+ {
+-  return sd_session_is_active (polkit_unix_session_get_session_id (POLKIT_UNIX_SESSION (session)));
++  const char *session_id;
++  char *state;
++  uid_t uid;
++  gboolean is_active = FALSE;
++
++  session_id = polkit_unix_session_get_session_id (POLKIT_UNIX_SESSION (session));
++
++  g_debug ("Checking whether session %s is active.", session_id);
++
++  /* Check whether *any* of the user's current sessions are active. */
++  if (sd_session_get_uid (session_id, &uid) < 0)
++    goto fallback;
++
++  g_debug ("Session %s has UID %u.", session_id, uid);
++
++  if (sd_uid_get_state (uid, &state) < 0)
++    goto fallback;
++
++  g_debug ("UID %u has state %s.", uid, state);
++
++  is_active = (g_strcmp0 (state, "active") == 0);
++  free (state);
++
++  return is_active;
++
++fallback:
++  /* Fall back to checking the session. This is not ideal, since the user
++   * might have multiple sessions, and we cannot guarantee to have chosen
++   * the active one.
++   *
++   * See: https://bugs.freedesktop.org/show_bug.cgi?id=76358. */
++  return sd_session_is_active (session_id);
+ }
+ 

polkit.changes

@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Thu Nov 26 16:26:09 UTC 2015 - meissner@suse.com
+
+- polkit-revert-session-magic.patch: revert a session detection change
+  that could lead to sessions not being detected as active due to 
+  a systemd bug. bsc#954139
+
 -------------------------------------------------------------------
 Thu Aug  6 21:26:18 UTC 2015 - antoine.belvire@laposte.net
 

polkit.spec

@@ -37,6 +37,8 @@ Source99:       baselibs.conf
 Patch0:         polkit-no-wheel-group.patch
 # PATCH-FIX-UPSTREAM polkit-no-systemd.patch bnc#782395 fdo#55377 vuntz@opensuse.org -- Do not reference non-existing polkit.service file for systemd (only applied if not built with systemd support)
 Patch1:         polkit-no-systemd.patch
+# PATCH-REVERT-UPSTREAM polkit-revert-session-magic.patch various bugs meissner -- systemd session magic was not updating the user seats correctly
+Patch2:         polkit-revert-session-magic.patch
 # needed for patch1
 BuildRequires:  autoconf
 # needed for patch1
@@ -129,6 +131,7 @@ This package provides the GObject Introspection bindings for PolicyKit.
 %if !(0%{?with_systemd})
 %patch1 -p1
 %endif
+%patch2 -p1 -R
 
 %build
 export V=1