From 8369c5f72435b8e0d96369e53c4905e2c24b9d72 Mon Sep 17 00:00:00 2001 From: Michael Biebl Date: Tue, 24 Apr 2012 20:06:04 +0100 Subject: Import policykit-1_0.105.orig.tar.gz [dgit import orig policykit-1_0.105.orig.tar.gz] --- AUTHORS | 0 COPYING | 482 + ChangeLog | 0 HACKING | 93 + INSTALL | 370 + Makefile.am | 27 + Makefile.in | 835 + NEWS | 635 + README | 27 + aclocal.m4 | 10737 +++++++++++ actions/Makefile.am | 16 + actions/Makefile.in | 494 + actions/org.freedesktop.policykit.policy | 33 + actions/org.freedesktop.policykit.policy.in | 32 + compile | 310 + config.guess | 1522 ++ config.h.in | 143 + config.sub | 1766 ++ configure | 18930 +++++++++++++++++++ configure.ac | 516 + data/Makefile.am | 34 + data/Makefile.in | 576 + ....freedesktop.PolicyKit1.AuthenticationAgent.xml | 49 + data/org.freedesktop.PolicyKit1.Authority.xml | 413 + data/org.freedesktop.PolicyKit1.conf | 20 + data/org.freedesktop.PolicyKit1.service.in | 4 + data/polkit-1.in | 6 + data/polkit-agent-1.pc.in | 11 + data/polkit-backend-1.pc.in | 11 + data/polkit-gobject-1.pc.in | 13 + depcomp | 688 + docs/Makefile.am | 4 + docs/Makefile.in | 636 + docs/TODO | 20 + docs/extensiondir.xml | 1 + docs/extensiondir.xml.in | 1 + docs/man/Makefile.am | 32 + docs/man/Makefile.in | 578 + docs/man/pkaction.xml | 109 + docs/man/pkcheck.xml | 222 + docs/man/pkexec.xml | 292 + docs/man/pklocalauthority.xml | 471 + docs/man/pkttyagent.xml | 165 + docs/man/polkit.xml | 489 + docs/man/polkitd.xml | 67 + docs/pkexec-bash.png | Bin 0 -> 24794 bytes docs/pkexec-frobnicate-da.png | Bin 0 -> 27322 bytes docs/pkexec-frobnicate.png | Bin 0 -> 27160 bytes docs/polkit-architecture.png | Bin 0 -> 45318 bytes docs/polkit-authentication-agent-example-wheel.png | Bin 0 -> 29901 bytes docs/polkit-authentication-agent-example.png | Bin 0 -> 26122 bytes docs/polkit/Makefile.am | 106 + docs/polkit/Makefile.in | 782 + ....freedesktop.PolicyKit1.AuthenticationAgent.xml | 138 + ...erface-org.freedesktop.PolicyKit1.Authority.xml | 912 + docs/polkit/html/Identities.html | 44 + docs/polkit/html/PolkitActionDescription.html | 388 + docs/polkit/html/PolkitAgentListener.html | 451 + docs/polkit/html/PolkitAgentSession.html | 366 + docs/polkit/html/PolkitAgentTextListener.html | 118 + docs/polkit/html/PolkitAuthority.html | 1871 ++ docs/polkit/html/PolkitAuthorizationResult.html | 304 + docs/polkit/html/PolkitBackendAuthority.html | 874 + .../html/PolkitBackendInteractiveAuthority.html | 275 + docs/polkit/html/PolkitBackendLocalAuthority.html | 126 + docs/polkit/html/PolkitDetails.html | 180 + docs/polkit/html/PolkitError.html | 115 + docs/polkit/html/PolkitIdentity.html | 239 + docs/polkit/html/PolkitPermission.html | 293 + docs/polkit/html/PolkitSubject.html | 387 + docs/polkit/html/PolkitSystemBusName.html | 209 + docs/polkit/html/PolkitTemporaryAuthorization.html | 202 + docs/polkit/html/PolkitUnixGroup.html | 201 + docs/polkit/html/PolkitUnixNetgroup.html | 153 + docs/polkit/html/PolkitUnixProcess.html | 366 + docs/polkit/html/PolkitUnixSession.html | 313 + docs/polkit/html/PolkitUnixUser.html | 223 + ...freedesktop.PolicyKit1.AuthenticationAgent.html | 165 + ...rface-org.freedesktop.PolicyKit1.Authority.html | 983 + docs/polkit/html/home.png | Bin 0 -> 654 bytes docs/polkit/html/index.html | 153 + docs/polkit/html/index.sgml | 474 + docs/polkit/html/left.png | Bin 0 -> 459 bytes docs/polkit/html/license.html | 516 + docs/polkit/html/manpages.html | 56 + docs/polkit/html/overview.html | 39 + docs/polkit/html/pkaction.1.html | 92 + docs/polkit/html/pkcheck.1.html | 185 + docs/polkit/html/pkexec-bash.html | 34 + docs/polkit/html/pkexec-bash.png | Bin 0 -> 24794 bytes docs/polkit/html/pkexec-frobnicate-da.html | 32 + docs/polkit/html/pkexec-frobnicate-da.png | Bin 0 -> 27322 bytes docs/polkit/html/pkexec-frobnicate.html | 33 + docs/polkit/html/pkexec-frobnicate.png | Bin 0 -> 27160 bytes docs/polkit/html/pkexec.1.html | 227 + docs/polkit/html/pklocalauthority.8.html | 450 + docs/polkit/html/pkttyagent.1.html | 137 + docs/polkit/html/polit-index.html | 464 + docs/polkit/html/polkit-1.devhelp2 | 296 + docs/polkit/html/polkit-agents.html | 55 + docs/polkit/html/polkit-apps.html | 486 + docs/polkit/html/polkit-architecture.html | 44 + docs/polkit/html/polkit-architecture.png | Bin 0 -> 45318 bytes .../polkit-authentication-agent-example-wheel.html | 36 + .../polkit-authentication-agent-example-wheel.png | Bin 0 -> 29901 bytes .../html/polkit-authentication-agent-example.html | 34 + .../html/polkit-authentication-agent-example.png | Bin 0 -> 26122 bytes docs/polkit/html/polkit-extending.html | 56 + docs/polkit/html/polkit-hierarchy.html | 62 + docs/polkit/html/polkit-intro.html | 37 + docs/polkit/html/polkit.8.html | 399 + docs/polkit/html/polkitd.8.html | 74 + docs/polkit/html/ref-api.html | 86 + docs/polkit/html/ref-authentication-agent-api.html | 44 + docs/polkit/html/ref-backend-api.html | 44 + docs/polkit/html/ref-dbus-api.html | 41 + docs/polkit/html/right.png | Bin 0 -> 472 bytes docs/polkit/html/style.css | 266 + docs/polkit/html/subjects.html | 44 + docs/polkit/html/up.png | Bin 0 -> 406 bytes docs/polkit/overview.xml | 126 + docs/polkit/polkit-1-docs.xml | 90 + docs/polkit/polkit-1-overrides.txt | 0 docs/polkit/polkit-1-sections.txt | 463 + docs/polkit/polkit-1.types | 30 + docs/version.xml | 1 + docs/version.xml.in | 1 + gtk-doc.make | 256 + install-sh | 527 + ltmain.sh | 9655 ++++++++++ missing | 331 + po/ChangeLog | 0 po/LINGUAS | 3 + po/Makefile.in.in | 222 + po/POTFILES.in | 7 + po/POTFILES.skip | 1 + po/da.po | 65 + src/Makefile.am | 9 + src/Makefile.in | 636 + src/examples/Makefile.am | 66 + src/examples/Makefile.in | 749 + src/examples/cancel.c | 158 + src/examples/frobnicate.c | 82 + ...rg.freedesktop.policykit.examples.pkexec.policy | 24 + ...freedesktop.policykit.examples.pkexec.policy.in | 22 + src/nullbackend/50-nullbackend.conf | 16 + src/nullbackend/Makefile.am | 50 + src/nullbackend/Makefile.in | 698 + src/nullbackend/nullbackend.c | 34 + src/nullbackend/polkitbackendnullauthority.c | 195 + src/nullbackend/polkitbackendnullauthority.h | 59 + src/polkit/Makefile.am | 137 + src/polkit/Makefile.in | 1002 + src/polkit/polkit.h | 50 + src/polkit/polkitactiondescription.c | 384 + src/polkit/polkitactiondescription.h | 65 + src/polkit/polkitauthority.c | 2084 ++ src/polkit/polkitauthority.h | 227 + src/polkit/polkitauthorityfeatures.c | 29 + src/polkit/polkitauthorityfeatures.h | 49 + src/polkit/polkitauthorizationresult.c | 308 + src/polkit/polkitauthorizationresult.h | 61 + src/polkit/polkitcheckauthorizationflags.c | 29 + src/polkit/polkitcheckauthorizationflags.h | 50 + src/polkit/polkitdetails.c | 231 + src/polkit/polkitdetails.h | 58 + src/polkit/polkitenumtypes.c.template | 39 + src/polkit/polkitenumtypes.h.template | 24 + src/polkit/polkiterror.c | 55 + src/polkit/polkiterror.h | 62 + src/polkit/polkitidentity.c | 367 + src/polkit/polkitidentity.h | 82 + src/polkit/polkitimplicitauthorization.c | 125 + src/polkit/polkitimplicitauthorization.h | 64 + src/polkit/polkitpermission.c | 861 + src/polkit/polkitpermission.h | 56 + src/polkit/polkitprivate.h | 62 + src/polkit/polkitsubject.c | 489 + src/polkit/polkitsubject.h | 108 + src/polkit/polkitsystembusname.c | 398 + src/polkit/polkitsystembusname.h | 61 + src/polkit/polkittemporaryauthorization.c | 233 + src/polkit/polkittemporaryauthorization.h | 61 + src/polkit/polkittypes.h | 67 + src/polkit/polkitunixgroup.c | 275 + src/polkit/polkitunixgroup.h | 59 + src/polkit/polkitunixnetgroup.c | 242 + src/polkit/polkitunixnetgroup.h | 58 + src/polkit/polkitunixprocess.c | 748 + src/polkit/polkitunixprocess.h | 71 + src/polkit/polkitunixsession-systemd.c | 490 + src/polkit/polkitunixsession.c | 527 + src/polkit/polkitunixsession.h | 64 + src/polkit/polkitunixuser.c | 308 + src/polkit/polkitunixuser.h | 60 + src/polkitagent/Makefile.am | 145 + src/polkitagent/Makefile.in | 977 + src/polkitagent/polkitagent.h | 37 + src/polkitagent/polkitagentenumtypes.c.template | 39 + src/polkitagent/polkitagentenumtypes.h.template | 24 + src/polkitagent/polkitagenthelper-pam.c | 321 + src/polkitagent/polkitagenthelper-shadow.c | 198 + src/polkitagent/polkitagenthelperprivate.c | 109 + src/polkitagent/polkitagenthelperprivate.h | 45 + src/polkitagent/polkitagentlistener.c | 821 + src/polkitagent/polkitagentlistener.h | 149 + src/polkitagent/polkitagentmarshal.list | 1 + src/polkitagent/polkitagentsession.c | 690 + src/polkitagent/polkitagentsession.h | 54 + src/polkitagent/polkitagenttextlistener.c | 565 + src/polkitagent/polkitagenttextlistener.h | 45 + src/polkitagent/polkitagenttypes.h | 44 + src/polkitbackend/50-localauthority.conf | 10 + src/polkitbackend/Makefile.am | 92 + src/polkitbackend/Makefile.in | 847 + src/polkitbackend/polkitbackend.h | 41 + src/polkitbackend/polkitbackendactionlookup.c | 180 + src/polkitbackend/polkitbackendactionlookup.h | 123 + src/polkitbackend/polkitbackendactionpool.c | 1144 ++ src/polkitbackend/polkitbackendactionpool.h | 78 + src/polkitbackend/polkitbackendauthority.c | 1432 ++ src/polkitbackend/polkitbackendauthority.h | 291 + src/polkitbackend/polkitbackendconfigsource.c | 565 + src/polkitbackend/polkitbackendconfigsource.h | 98 + .../polkitbackendinteractiveauthority.c | 3259 ++++ .../polkitbackendinteractiveauthority.h | 148 + src/polkitbackend/polkitbackendlocalauthority.c | 787 + src/polkitbackend/polkitbackendlocalauthority.h | 107 + .../polkitbackendlocalauthorizationstore.c | 776 + .../polkitbackendlocalauthorizationstore.h | 87 + src/polkitbackend/polkitbackendprivate.h | 29 + .../polkitbackendsessionmonitor-systemd.c | 414 + src/polkitbackend/polkitbackendsessionmonitor.c | 503 + src/polkitbackend/polkitbackendsessionmonitor.h | 65 + src/polkitbackend/polkitbackendtypes.h | 40 + src/polkitd/Makefile.am | 40 + src/polkitd/Makefile.in | 669 + src/polkitd/gposixsignal.c | 148 + src/polkitd/gposixsignal.h | 42 + src/polkitd/main.c | 188 + src/programs/Makefile.am | 84 + src/programs/Makefile.in | 772 + src/programs/pkaction.c | 239 + src/programs/pkcheck.c | 631 + src/programs/pkexec.c | 941 + src/programs/pkttyagent.c | 254 + test/Makefile.am | 30 + test/Makefile.in | 725 + test/data/etc/group | 7 + test/data/etc/netgroup | 5 + test/data/etc/passwd | 5 + .../polkit-1/localauthority.conf.d/10-test.conf | 2 + .../localauthority/10-test/com.example.pkla | 14 + .../localauthority/10-test/com.example.pkla | 6 + test/mocklibc/AUTHORS | 1 + test/mocklibc/COPYING | 202 + test/mocklibc/ChangeLog | 10 + test/mocklibc/INSTALL | 365 + test/mocklibc/Makefile.am | 3 + test/mocklibc/Makefile.in | 739 + test/mocklibc/NEWS | 0 test/mocklibc/README | 121 + test/mocklibc/aclocal.m4 | 9562 ++++++++++ test/mocklibc/bin/Makefile.am | 25 + test/mocklibc/bin/Makefile.in | 540 + test/mocklibc/bin/mocklibc-test.in | 136 + test/mocklibc/bin/mocklibc.in | 34 + test/mocklibc/config.guess | 1522 ++ test/mocklibc/config.h.in | 99 + test/mocklibc/config.sub | 1766 ++ test/mocklibc/configure | 13839 ++++++++++++++ test/mocklibc/configure.ac | 38 + test/mocklibc/depcomp | 688 + test/mocklibc/example/group | 4 + test/mocklibc/example/netgroup | 5 + test/mocklibc/example/passwd | 3 + test/mocklibc/install-sh | 527 + test/mocklibc/ltmain.sh | 9655 ++++++++++ test/mocklibc/missing | 331 + test/mocklibc/src/Makefile.am | 8 + test/mocklibc/src/Makefile.in | 588 + test/mocklibc/src/grp.c | 156 + test/mocklibc/src/netdb.c | 100 + test/mocklibc/src/netgroup-debug.c | 84 + test/mocklibc/src/netgroup-debug.h | 58 + test/mocklibc/src/netgroup.c | 342 + test/mocklibc/src/netgroup.h | 144 + test/mocklibc/src/pwd.c | 99 + test/polkit/Makefile.am | 52 + test/polkit/Makefile.in | 730 + test/polkit/polkitidentitytest.c | 194 + test/polkit/polkitunixgrouptest.c | 82 + test/polkit/polkitunixnetgrouptest.c | 76 + test/polkit/polkitunixusertest.c | 104 + test/polkitbackend/Makefile.am | 48 + test/polkitbackend/Makefile.in | 715 + .../polkitbackendlocalauthoritytest.c | 264 + .../polkitbackendlocalauthorizationstoretest.c | 142 + test/polkittesthelper.c | 68 + test/polkittesthelper.h | 36 + 300 files changed, 147603 insertions(+) create mode 100644 AUTHORS create mode 100644 COPYING create mode 100644 ChangeLog create mode 100644 HACKING create mode 100644 INSTALL create mode 100644 Makefile.am create mode 100644 Makefile.in create mode 100644 NEWS create mode 100644 README create mode 100644 aclocal.m4 create mode 100644 actions/Makefile.am create mode 100644 actions/Makefile.in create mode 100644 actions/org.freedesktop.policykit.policy create mode 100644 actions/org.freedesktop.policykit.policy.in create mode 100755 compile create mode 100755 config.guess create mode 100644 config.h.in create mode 100755 config.sub create mode 100755 configure create mode 100644 configure.ac create mode 100644 data/Makefile.am create mode 100644 data/Makefile.in create mode 100644 data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml create mode 100644 data/org.freedesktop.PolicyKit1.Authority.xml create mode 100644 data/org.freedesktop.PolicyKit1.conf create mode 100644 data/org.freedesktop.PolicyKit1.service.in create mode 100644 data/polkit-1.in create mode 100644 data/polkit-agent-1.pc.in create mode 100644 data/polkit-backend-1.pc.in create mode 100644 data/polkit-gobject-1.pc.in create mode 100755 depcomp create mode 100644 docs/Makefile.am create mode 100644 docs/Makefile.in create mode 100644 docs/TODO create mode 100644 docs/extensiondir.xml create mode 100644 docs/extensiondir.xml.in create mode 100644 docs/man/Makefile.am create mode 100644 docs/man/Makefile.in create mode 100644 docs/man/pkaction.xml create mode 100644 docs/man/pkcheck.xml create mode 100644 docs/man/pkexec.xml create mode 100644 docs/man/pklocalauthority.xml create mode 100644 docs/man/pkttyagent.xml create mode 100644 docs/man/polkit.xml create mode 100644 docs/man/polkitd.xml create mode 100644 docs/pkexec-bash.png create mode 100644 docs/pkexec-frobnicate-da.png create mode 100644 docs/pkexec-frobnicate.png create mode 100644 docs/polkit-architecture.png create mode 100644 docs/polkit-authentication-agent-example-wheel.png create mode 100644 docs/polkit-authentication-agent-example.png create mode 100644 docs/polkit/Makefile.am create mode 100644 docs/polkit/Makefile.in create mode 100644 docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.AuthenticationAgent.xml create mode 100644 docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml create mode 100644 docs/polkit/html/Identities.html create mode 100644 docs/polkit/html/PolkitActionDescription.html create mode 100644 docs/polkit/html/PolkitAgentListener.html create mode 100644 docs/polkit/html/PolkitAgentSession.html create mode 100644 docs/polkit/html/PolkitAgentTextListener.html create mode 100644 docs/polkit/html/PolkitAuthority.html create mode 100644 docs/polkit/html/PolkitAuthorizationResult.html create mode 100644 docs/polkit/html/PolkitBackendAuthority.html create mode 100644 docs/polkit/html/PolkitBackendInteractiveAuthority.html create mode 100644 docs/polkit/html/PolkitBackendLocalAuthority.html create mode 100644 docs/polkit/html/PolkitDetails.html create mode 100644 docs/polkit/html/PolkitError.html create mode 100644 docs/polkit/html/PolkitIdentity.html create mode 100644 docs/polkit/html/PolkitPermission.html create mode 100644 docs/polkit/html/PolkitSubject.html create mode 100644 docs/polkit/html/PolkitSystemBusName.html create mode 100644 docs/polkit/html/PolkitTemporaryAuthorization.html create mode 100644 docs/polkit/html/PolkitUnixGroup.html create mode 100644 docs/polkit/html/PolkitUnixNetgroup.html create mode 100644 docs/polkit/html/PolkitUnixProcess.html create mode 100644 docs/polkit/html/PolkitUnixSession.html create mode 100644 docs/polkit/html/PolkitUnixUser.html create mode 100644 docs/polkit/html/eggdbus-interface-org.freedesktop.PolicyKit1.AuthenticationAgent.html create mode 100644 docs/polkit/html/eggdbus-interface-org.freedesktop.PolicyKit1.Authority.html create mode 100644 docs/polkit/html/home.png create mode 100644 docs/polkit/html/index.html create mode 100644 docs/polkit/html/index.sgml create mode 100644 docs/polkit/html/left.png create mode 100644 docs/polkit/html/license.html create mode 100644 docs/polkit/html/manpages.html create mode 100644 docs/polkit/html/overview.html create mode 100644 docs/polkit/html/pkaction.1.html create mode 100644 docs/polkit/html/pkcheck.1.html create mode 100644 docs/polkit/html/pkexec-bash.html create mode 100644 docs/polkit/html/pkexec-bash.png create mode 100644 docs/polkit/html/pkexec-frobnicate-da.html create mode 100644 docs/polkit/html/pkexec-frobnicate-da.png create mode 100644 docs/polkit/html/pkexec-frobnicate.html create mode 100644 docs/polkit/html/pkexec-frobnicate.png create mode 100644 docs/polkit/html/pkexec.1.html create mode 100644 docs/polkit/html/pklocalauthority.8.html create mode 100644 docs/polkit/html/pkttyagent.1.html create mode 100644 docs/polkit/html/polit-index.html create mode 100644 docs/polkit/html/polkit-1.devhelp2 create mode 100644 docs/polkit/html/polkit-agents.html create mode 100644 docs/polkit/html/polkit-apps.html create mode 100644 docs/polkit/html/polkit-architecture.html create mode 100644 docs/polkit/html/polkit-architecture.png create mode 100644 docs/polkit/html/polkit-authentication-agent-example-wheel.html create mode 100644 docs/polkit/html/polkit-authentication-agent-example-wheel.png create mode 100644 docs/polkit/html/polkit-authentication-agent-example.html create mode 100644 docs/polkit/html/polkit-authentication-agent-example.png create mode 100644 docs/polkit/html/polkit-extending.html create mode 100644 docs/polkit/html/polkit-hierarchy.html create mode 100644 docs/polkit/html/polkit-intro.html create mode 100644 docs/polkit/html/polkit.8.html create mode 100644 docs/polkit/html/polkitd.8.html create mode 100644 docs/polkit/html/ref-api.html create mode 100644 docs/polkit/html/ref-authentication-agent-api.html create mode 100644 docs/polkit/html/ref-backend-api.html create mode 100644 docs/polkit/html/ref-dbus-api.html create mode 100644 docs/polkit/html/right.png create mode 100644 docs/polkit/html/style.css create mode 100644 docs/polkit/html/subjects.html create mode 100644 docs/polkit/html/up.png create mode 100644 docs/polkit/overview.xml create mode 100644 docs/polkit/polkit-1-docs.xml create mode 100644 docs/polkit/polkit-1-overrides.txt create mode 100644 docs/polkit/polkit-1-sections.txt create mode 100644 docs/polkit/polkit-1.types create mode 100644 docs/version.xml create mode 100644 docs/version.xml.in create mode 100644 gtk-doc.make create mode 100755 install-sh create mode 100644 ltmain.sh create mode 100755 missing create mode 100644 po/ChangeLog create mode 100644 po/LINGUAS create mode 100644 po/Makefile.in.in create mode 100644 po/POTFILES.in create mode 100644 po/POTFILES.skip create mode 100644 po/da.po create mode 100644 src/Makefile.am create mode 100644 src/Makefile.in create mode 100644 src/examples/Makefile.am create mode 100644 src/examples/Makefile.in create mode 100644 src/examples/cancel.c create mode 100644 src/examples/frobnicate.c create mode 100644 src/examples/org.freedesktop.policykit.examples.pkexec.policy create mode 100644 src/examples/org.freedesktop.policykit.examples.pkexec.policy.in create mode 100644 src/nullbackend/50-nullbackend.conf create mode 100644 src/nullbackend/Makefile.am create mode 100644 src/nullbackend/Makefile.in create mode 100644 src/nullbackend/nullbackend.c create mode 100644 src/nullbackend/polkitbackendnullauthority.c create mode 100644 src/nullbackend/polkitbackendnullauthority.h create mode 100644 src/polkit/Makefile.am create mode 100644 src/polkit/Makefile.in create mode 100644 src/polkit/polkit.h create mode 100644 src/polkit/polkitactiondescription.c create mode 100644 src/polkit/polkitactiondescription.h create mode 100644 src/polkit/polkitauthority.c create mode 100644 src/polkit/polkitauthority.h create mode 100644 src/polkit/polkitauthorityfeatures.c create mode 100644 src/polkit/polkitauthorityfeatures.h create mode 100644 src/polkit/polkitauthorizationresult.c create mode 100644 src/polkit/polkitauthorizationresult.h create mode 100644 src/polkit/polkitcheckauthorizationflags.c create mode 100644 src/polkit/polkitcheckauthorizationflags.h create mode 100644 src/polkit/polkitdetails.c create mode 100644 src/polkit/polkitdetails.h create mode 100644 src/polkit/polkitenumtypes.c.template create mode 100644 src/polkit/polkitenumtypes.h.template create mode 100644 src/polkit/polkiterror.c create mode 100644 src/polkit/polkiterror.h create mode 100644 src/polkit/polkitidentity.c create mode 100644 src/polkit/polkitidentity.h create mode 100644 src/polkit/polkitimplicitauthorization.c create mode 100644 src/polkit/polkitimplicitauthorization.h create mode 100644 src/polkit/polkitpermission.c create mode 100644 src/polkit/polkitpermission.h create mode 100644 src/polkit/polkitprivate.h create mode 100644 src/polkit/polkitsubject.c create mode 100644 src/polkit/polkitsubject.h create mode 100644 src/polkit/polkitsystembusname.c create mode 100644 src/polkit/polkitsystembusname.h create mode 100644 src/polkit/polkittemporaryauthorization.c create mode 100644 src/polkit/polkittemporaryauthorization.h create mode 100644 src/polkit/polkittypes.h create mode 100644 src/polkit/polkitunixgroup.c create mode 100644 src/polkit/polkitunixgroup.h create mode 100644 src/polkit/polkitunixnetgroup.c create mode 100644 src/polkit/polkitunixnetgroup.h create mode 100644 src/polkit/polkitunixprocess.c create mode 100644 src/polkit/polkitunixprocess.h create mode 100644 src/polkit/polkitunixsession-systemd.c create mode 100644 src/polkit/polkitunixsession.c create mode 100644 src/polkit/polkitunixsession.h create mode 100644 src/polkit/polkitunixuser.c create mode 100644 src/polkit/polkitunixuser.h create mode 100644 src/polkitagent/Makefile.am create mode 100644 src/polkitagent/Makefile.in create mode 100644 src/polkitagent/polkitagent.h create mode 100644 src/polkitagent/polkitagentenumtypes.c.template create mode 100644 src/polkitagent/polkitagentenumtypes.h.template create mode 100644 src/polkitagent/polkitagenthelper-pam.c create mode 100644 src/polkitagent/polkitagenthelper-shadow.c create mode 100644 src/polkitagent/polkitagenthelperprivate.c create mode 100644 src/polkitagent/polkitagenthelperprivate.h create mode 100644 src/polkitagent/polkitagentlistener.c create mode 100644 src/polkitagent/polkitagentlistener.h create mode 100644 src/polkitagent/polkitagentmarshal.list create mode 100644 src/polkitagent/polkitagentsession.c create mode 100644 src/polkitagent/polkitagentsession.h create mode 100644 src/polkitagent/polkitagenttextlistener.c create mode 100644 src/polkitagent/polkitagenttextlistener.h create mode 100644 src/polkitagent/polkitagenttypes.h create mode 100644 src/polkitbackend/50-localauthority.conf create mode 100644 src/polkitbackend/Makefile.am create mode 100644 src/polkitbackend/Makefile.in create mode 100644 src/polkitbackend/polkitbackend.h create mode 100644 src/polkitbackend/polkitbackendactionlookup.c create mode 100644 src/polkitbackend/polkitbackendactionlookup.h create mode 100644 src/polkitbackend/polkitbackendactionpool.c create mode 100644 src/polkitbackend/polkitbackendactionpool.h create mode 100644 src/polkitbackend/polkitbackendauthority.c create mode 100644 src/polkitbackend/polkitbackendauthority.h create mode 100644 src/polkitbackend/polkitbackendconfigsource.c create mode 100644 src/polkitbackend/polkitbackendconfigsource.h create mode 100644 src/polkitbackend/polkitbackendinteractiveauthority.c create mode 100644 src/polkitbackend/polkitbackendinteractiveauthority.h create mode 100644 src/polkitbackend/polkitbackendlocalauthority.c create mode 100644 src/polkitbackend/polkitbackendlocalauthority.h create mode 100644 src/polkitbackend/polkitbackendlocalauthorizationstore.c create mode 100644 src/polkitbackend/polkitbackendlocalauthorizationstore.h create mode 100644 src/polkitbackend/polkitbackendprivate.h create mode 100644 src/polkitbackend/polkitbackendsessionmonitor-systemd.c create mode 100644 src/polkitbackend/polkitbackendsessionmonitor.c create mode 100644 src/polkitbackend/polkitbackendsessionmonitor.h create mode 100644 src/polkitbackend/polkitbackendtypes.h create mode 100644 src/polkitd/Makefile.am create mode 100644 src/polkitd/Makefile.in create mode 100644 src/polkitd/gposixsignal.c create mode 100644 src/polkitd/gposixsignal.h create mode 100644 src/polkitd/main.c create mode 100644 src/programs/Makefile.am create mode 100644 src/programs/Makefile.in create mode 100644 src/programs/pkaction.c create mode 100644 src/programs/pkcheck.c create mode 100644 src/programs/pkexec.c create mode 100644 src/programs/pkttyagent.c create mode 100644 test/Makefile.am create mode 100644 test/Makefile.in create mode 100644 test/data/etc/group create mode 100644 test/data/etc/netgroup create mode 100644 test/data/etc/passwd create mode 100644 test/data/etc/polkit-1/localauthority.conf.d/10-test.conf create mode 100644 test/data/etc/polkit-1/localauthority/10-test/com.example.pkla create mode 100644 test/data/var/lib/polkit-1/localauthority/10-test/com.example.pkla create mode 100644 test/mocklibc/AUTHORS create mode 100644 test/mocklibc/COPYING create mode 100644 test/mocklibc/ChangeLog create mode 100644 test/mocklibc/INSTALL create mode 100644 test/mocklibc/Makefile.am create mode 100644 test/mocklibc/Makefile.in create mode 100644 test/mocklibc/NEWS create mode 100644 test/mocklibc/README create mode 100644 test/mocklibc/aclocal.m4 create mode 100644 test/mocklibc/bin/Makefile.am create mode 100644 test/mocklibc/bin/Makefile.in create mode 100644 test/mocklibc/bin/mocklibc-test.in create mode 100644 test/mocklibc/bin/mocklibc.in create mode 100755 test/mocklibc/config.guess create mode 100644 test/mocklibc/config.h.in create mode 100755 test/mocklibc/config.sub create mode 100755 test/mocklibc/configure create mode 100644 test/mocklibc/configure.ac create mode 100755 test/mocklibc/depcomp create mode 100644 test/mocklibc/example/group create mode 100644 test/mocklibc/example/netgroup create mode 100644 test/mocklibc/example/passwd create mode 100755 test/mocklibc/install-sh create mode 100644 test/mocklibc/ltmain.sh create mode 100755 test/mocklibc/missing create mode 100644 test/mocklibc/src/Makefile.am create mode 100644 test/mocklibc/src/Makefile.in create mode 100644 test/mocklibc/src/grp.c create mode 100644 test/mocklibc/src/netdb.c create mode 100644 test/mocklibc/src/netgroup-debug.c create mode 100644 test/mocklibc/src/netgroup-debug.h create mode 100644 test/mocklibc/src/netgroup.c create mode 100644 test/mocklibc/src/netgroup.h create mode 100644 test/mocklibc/src/pwd.c create mode 100644 test/polkit/Makefile.am create mode 100644 test/polkit/Makefile.in create mode 100644 test/polkit/polkitidentitytest.c create mode 100644 test/polkit/polkitunixgrouptest.c create mode 100644 test/polkit/polkitunixnetgrouptest.c create mode 100644 test/polkit/polkitunixusertest.c create mode 100644 test/polkitbackend/Makefile.am create mode 100644 test/polkitbackend/Makefile.in create mode 100644 test/polkitbackend/polkitbackendlocalauthoritytest.c create mode 100644 test/polkitbackend/polkitbackendlocalauthorizationstoretest.c create mode 100644 test/polkittesthelper.c create mode 100644 test/polkittesthelper.h diff --git a/AUTHORS b/AUTHORS new file mode 100644 index 00000000..e69de29b diff --git a/COPYING b/COPYING new file mode 100644 index 00000000..20c84511 --- /dev/null +++ b/COPYING @@ -0,0 +1,482 @@ + GNU LIBRARY GENERAL PUBLIC LICENSE + Version 2, June 1991 + + Copyright (C) 1991 Free Software Foundation, Inc. + 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + +[This is the first released version of the library GPL. It is + numbered 2 because it goes with version 2 of the ordinary GPL.] + + Preamble + + The licenses for most software are designed to take away your +freedom to share and change it. By contrast, the GNU General Public +Licenses are intended to guarantee your freedom to share and change +free software--to make sure the software is free for all its users. + + This license, the Library General Public License, applies to some +specially designated Free Software Foundation software, and to any +other libraries whose authors decide to use it. You can use it for +your libraries, too. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +this service if you wish), that you receive source code or can get it +if you want it, that you can change the software or use pieces of it +in new free programs; and that you know you can do these things. + + To protect your rights, we need to make restrictions that forbid +anyone to deny you these rights or to ask you to surrender the rights. +These restrictions translate to certain responsibilities for you if +you distribute copies of the library, or if you modify it. + + For example, if you distribute copies of the library, whether gratis +or for a fee, you must give the recipients all the rights that we gave +you. You must make sure that they, too, receive or can get the source +code. If you link a program with the library, you must provide +complete object files to the recipients so that they can relink them +with the library, after making changes to the library and recompiling +it. And you must show them these terms so they know their rights. + + Our method of protecting your rights has two steps: (1) copyright +the library, and (2) offer you this license which gives you legal +permission to copy, distribute and/or modify the library. + + Also, for each distributor's protection, we want to make certain +that everyone understands that there is no warranty for this free +library. If the library is modified by someone else and passed on, we +want its recipients to know that what they have is not the original +version, so that any problems introduced by others will not reflect on +the original authors' reputations. + + Finally, any free program is threatened constantly by software +patents. We wish to avoid the danger that companies distributing free +software will individually obtain patent licenses, thus in effect +transforming the program into proprietary software. To prevent this, +we have made it clear that any patent must be licensed for everyone's +free use or not licensed at all. + + Most GNU software, including some libraries, is covered by the ordinary +GNU General Public License, which was designed for utility programs. This +license, the GNU Library General Public License, applies to certain +designated libraries. This license is quite different from the ordinary +one; be sure to read it in full, and don't assume that anything in it is +the same as in the ordinary license. + + The reason we have a separate public license for some libraries is that +they blur the distinction we usually make between modifying or adding to a +program and simply using it. Linking a program with a library, without +changing the library, is in some sense simply using the library, and is +analogous to running a utility program or application program. However, in +a textual and legal sense, the linked executable is a combined work, a +derivative of the original library, and the ordinary General Public License +treats it as such. + + Because of this blurred distinction, using the ordinary General +Public License for libraries did not effectively promote software +sharing, because most developers did not use the libraries. We +concluded that weaker conditions might promote sharing better. + + However, unrestricted linking of non-free programs would deprive the +users of those programs of all benefit from the free status of the +libraries themselves. This Library General Public License is intended to +permit developers of non-free programs to use free libraries, while +preserving your freedom as a user of such programs to change the free +libraries that are incorporated in them. (We have not seen how to achieve +this as regards changes in header files, but we have achieved it as regards +changes in the actual functions of the Library.) The hope is that this +will lead to faster development of free libraries. + + The precise terms and conditions for copying, distribution and +modification follow. Pay close attention to the difference between a +"work based on the library" and a "work that uses the library". The +former contains code derived from the library, while the latter only +works together with the library. + + Note that it is possible for a library to be covered by the ordinary +General Public License rather than by this special one. + + GNU LIBRARY GENERAL PUBLIC LICENSE + TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + + 0. This License Agreement applies to any software library which +contains a notice placed by the copyright holder or other authorized +party saying it may be distributed under the terms of this Library +General Public License (also called "this License"). Each licensee is +addressed as "you". + + A "library" means a collection of software functions and/or data +prepared so as to be conveniently linked with application programs +(which use some of those functions and data) to form executables. + + The "Library", below, refers to any such software library or work +which has been distributed under these terms. A "work based on the +Library" means either the Library or any derivative work under +copyright law: that is to say, a work containing the Library or a +portion of it, either verbatim or with modifications and/or translated +straightforwardly into another language. (Hereinafter, translation is +included without limitation in the term "modification".) + + "Source code" for a work means the preferred form of the work for +making modifications to it. For a library, complete source code means +all the source code for all modules it contains, plus any associated +interface definition files, plus the scripts used to control compilation +and installation of the library. + + Activities other than copying, distribution and modification are not +covered by this License; they are outside its scope. The act of +running a program using the Library is not restricted, and output from +such a program is covered only if its contents constitute a work based +on the Library (independent of the use of the Library in a tool for +writing it). Whether that is true depends on what the Library does +and what the program that uses the Library does. + + 1. You may copy and distribute verbatim copies of the Library's +complete source code as you receive it, in any medium, provided that +you conspicuously and appropriately publish on each copy an +appropriate copyright notice and disclaimer of warranty; keep intact +all the notices that refer to this License and to the absence of any +warranty; and distribute a copy of this License along with the +Library. + + You may charge a fee for the physical act of transferring a copy, +and you may at your option offer warranty protection in exchange for a +fee. + + 2. You may modify your copy or copies of the Library or any portion +of it, thus forming a work based on the Library, and copy and +distribute such modifications or work under the terms of Section 1 +above, provided that you also meet all of these conditions: + + a) The modified work must itself be a software library. + + b) You must cause the files modified to carry prominent notices + stating that you changed the files and the date of any change. + + c) You must cause the whole of the work to be licensed at no + charge to all third parties under the terms of this License. + + d) If a facility in the modified Library refers to a function or a + table of data to be supplied by an application program that uses + the facility, other than as an argument passed when the facility + is invoked, then you must make a good faith effort to ensure that, + in the event an application does not supply such function or + table, the facility still operates, and performs whatever part of + its purpose remains meaningful. + + (For example, a function in a library to compute square roots has + a purpose that is entirely well-defined independent of the + application. Therefore, Subsection 2d requires that any + application-supplied function or table used by this function must + be optional: if the application does not supply it, the square + root function must still compute square roots.) + +These requirements apply to the modified work as a whole. If +identifiable sections of that work are not derived from the Library, +and can be reasonably considered independent and separate works in +themselves, then this License, and its terms, do not apply to those +sections when you distribute them as separate works. But when you +distribute the same sections as part of a whole which is a work based +on the Library, the distribution of the whole must be on the terms of +this License, whose permissions for other licensees extend to the +entire whole, and thus to each and every part regardless of who wrote +it. + +Thus, it is not the intent of this section to claim rights or contest +your rights to work written entirely by you; rather, the intent is to +exercise the right to control the distribution of derivative or +collective works based on the Library. + +In addition, mere aggregation of another work not based on the Library +with the Library (or with a work based on the Library) on a volume of +a storage or distribution medium does not bring the other work under +the scope of this License. + + 3. You may opt to apply the terms of the ordinary GNU General Public +License instead of this License to a given copy of the Library. To do +this, you must alter all the notices that refer to this License, so +that they refer to the ordinary GNU General Public License, version 2, +instead of to this License. (If a newer version than version 2 of the +ordinary GNU General Public License has appeared, then you can specify +that version instead if you wish.) Do not make any other change in +these notices. + + Once this change is made in a given copy, it is irreversible for +that copy, so the ordinary GNU General Public License applies to all +subsequent copies and derivative works made from that copy. + + This option is useful when you wish to copy part of the code of +the Library into a program that is not a library. + + 4. You may copy and distribute the Library (or a portion or +derivative of it, under Section 2) in object code or executable form +under the terms of Sections 1 and 2 above provided that you accompany +it with the complete corresponding machine-readable source code, which +must be distributed under the terms of Sections 1 and 2 above on a +medium customarily used for software interchange. + + If distribution of object code is made by offering access to copy +from a designated place, then offering equivalent access to copy the +source code from the same place satisfies the requirement to +distribute the source code, even though third parties are not +compelled to copy the source along with the object code. + + 5. A program that contains no derivative of any portion of the +Library, but is designed to work with the Library by being compiled or +linked with it, is called a "work that uses the Library". Such a +work, in isolation, is not a derivative work of the Library, and +therefore falls outside the scope of this License. + + However, linking a "work that uses the Library" with the Library +creates an executable that is a derivative of the Library (because it +contains portions of the Library), rather than a "work that uses the +library". The executable is therefore covered by this License. +Section 6 states terms for distribution of such executables. + + When a "work that uses the Library" uses material from a header file +that is part of the Library, the object code for the work may be a +derivative work of the Library even though the source code is not. +Whether this is true is especially significant if the work can be +linked without the Library, or if the work is itself a library. The +threshold for this to be true is not precisely defined by law. + + If such an object file uses only numerical parameters, data +structure layouts and accessors, and small macros and small inline +functions (ten lines or less in length), then the use of the object +file is unrestricted, regardless of whether it is legally a derivative +work. (Executables containing this object code plus portions of the +Library will still fall under Section 6.) + + Otherwise, if the work is a derivative of the Library, you may +distribute the object code for the work under the terms of Section 6. +Any executables containing that work also fall under Section 6, +whether or not they are linked directly with the Library itself. + + 6. As an exception to the Sections above, you may also compile or +link a "work that uses the Library" with the Library to produce a +work containing portions of the Library, and distribute that work +under terms of your choice, provided that the terms permit +modification of the work for the customer's own use and reverse +engineering for debugging such modifications. + + You must give prominent notice with each copy of the work that the +Library is used in it and that the Library and its use are covered by +this License. You must supply a copy of this License. If the work +during execution displays copyright notices, you must include the +copyright notice for the Library among them, as well as a reference +directing the user to the copy of this License. Also, you must do one +of these things: + + a) Accompany the work with the complete corresponding + machine-readable source code for the Library including whatever + changes were used in the work (which must be distributed under + Sections 1 and 2 above); and, if the work is an executable linked + with the Library, with the complete machine-readable "work that + uses the Library", as object code and/or source code, so that the + user can modify the Library and then relink to produce a modified + executable containing the modified Library. (It is understood + that the user who changes the contents of definitions files in the + Library will not necessarily be able to recompile the application + to use the modified definitions.) + + b) Accompany the work with a written offer, valid for at + least three years, to give the same user the materials + specified in Subsection 6a, above, for a charge no more + than the cost of performing this distribution. + + c) If distribution of the work is made by offering access to copy + from a designated place, offer equivalent access to copy the above + specified materials from the same place. + + d) Verify that the user has already received a copy of these + materials or that you have already sent this user a copy. + + For an executable, the required form of the "work that uses the +Library" must include any data and utility programs needed for +reproducing the executable from it. However, as a special exception, +the source code distributed need not include anything that is normally +distributed (in either source or binary form) with the major +components (compiler, kernel, and so on) of the operating system on +which the executable runs, unless that component itself accompanies +the executable. + + It may happen that this requirement contradicts the license +restrictions of other proprietary libraries that do not normally +accompany the operating system. Such a contradiction means you cannot +use both them and the Library together in an executable that you +distribute. + + 7. You may place library facilities that are a work based on the +Library side-by-side in a single library together with other library +facilities not covered by this License, and distribute such a combined +library, provided that the separate distribution of the work based on +the Library and of the other library facilities is otherwise +permitted, and provided that you do these two things: + + a) Accompany the combined library with a copy of the same work + based on the Library, uncombined with any other library + facilities. This must be distributed under the terms of the + Sections above. + + b) Give prominent notice with the combined library of the fact + that part of it is a work based on the Library, and explaining + where to find the accompanying uncombined form of the same work. + + 8. You may not copy, modify, sublicense, link with, or distribute +the Library except as expressly provided under this License. Any +attempt otherwise to copy, modify, sublicense, link with, or +distribute the Library is void, and will automatically terminate your +rights under this License. However, parties who have received copies, +or rights, from you under this License will not have their licenses +terminated so long as such parties remain in full compliance. + + 9. You are not required to accept this License, since you have not +signed it. However, nothing else grants you permission to modify or +distribute the Library or its derivative works. These actions are +prohibited by law if you do not accept this License. Therefore, by +modifying or distributing the Library (or any work based on the +Library), you indicate your acceptance of this License to do so, and +all its terms and conditions for copying, distributing or modifying +the Library or works based on it. + + 10. Each time you redistribute the Library (or any work based on the +Library), the recipient automatically receives a license from the +original licensor to copy, distribute, link with or modify the Library +subject to these terms and conditions. You may not impose any further +restrictions on the recipients' exercise of the rights granted herein. +You are not responsible for enforcing compliance by third parties to +this License. + + 11. If, as a consequence of a court judgment or allegation of patent +infringement or for any other reason (not limited to patent issues), +conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot +distribute so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you +may not distribute the Library at all. For example, if a patent +license would not permit royalty-free redistribution of the Library by +all those who receive copies directly or indirectly through you, then +the only way you could satisfy both it and this License would be to +refrain entirely from distribution of the Library. + +If any portion of this section is held invalid or unenforceable under any +particular circumstance, the balance of the section is intended to apply, +and the section as a whole is intended to apply in other circumstances. + +It is not the purpose of this section to induce you to infringe any +patents or other property right claims or to contest validity of any +such claims; this section has the sole purpose of protecting the +integrity of the free software distribution system which is +implemented by public license practices. Many people have made +generous contributions to the wide range of software distributed +through that system in reliance on consistent application of that +system; it is up to the author/donor to decide if he or she is willing +to distribute software through any other system and a licensee cannot +impose that choice. + +This section is intended to make thoroughly clear what is believed to +be a consequence of the rest of this License. + + 12. If the distribution and/or use of the Library is restricted in +certain countries either by patents or by copyrighted interfaces, the +original copyright holder who places the Library under this License may add +an explicit geographical distribution limitation excluding those countries, +so that distribution is permitted only in or among countries not thus +excluded. In such case, this License incorporates the limitation as if +written in the body of this License. + + 13. The Free Software Foundation may publish revised and/or new +versions of the Library General Public License from time to time. +Such new versions will be similar in spirit to the present version, +but may differ in detail to address new problems or concerns. + +Each version is given a distinguishing version number. If the Library +specifies a version number of this License which applies to it and +"any later version", you have the option of following the terms and +conditions either of that version or of any later version published by +the Free Software Foundation. If the Library does not specify a +license version number, you may choose any version ever published by +the Free Software Foundation. + + 14. If you wish to incorporate parts of the Library into other free +programs whose distribution conditions are incompatible with these, +write to the author to ask for permission. For software which is +copyrighted by the Free Software Foundation, write to the Free +Software Foundation; we sometimes make exceptions for this. Our +decision will be guided by the two goals of preserving the free status +of all derivatives of our free software and of promoting the sharing +and reuse of software generally. + + NO WARRANTY + + 15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO +WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW. +EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR +OTHER PARTIES PROVIDE THE LIBRARY "AS IS" WITHOUT WARRANTY OF ANY +KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE +LIBRARY IS WITH YOU. SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME +THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. + + 16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN +WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY +AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU +FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR +CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE +LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING +RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A +FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF +SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH +DAMAGES. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Libraries + + If you develop a new library, and you want it to be of the greatest +possible use to the public, we recommend making it free software that +everyone can redistribute and change. You can do so by permitting +redistribution under these terms (or, alternatively, under the terms of the +ordinary General Public License). + + To apply these terms, attach the following notices to the library. It is +safest to attach them to the start of each source file to most effectively +convey the exclusion of warranty; and each file should have at least the +"copyright" line and a pointer to where the full notice is found. + + + Copyright (C) + + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Library General Public + License as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Library General Public License for more details. + + You should have received a copy of the GNU Library General Public + License along with this library; if not, write to the + Free Software Foundation, Inc., 59 Temple Place - Suite 330, + Boston, MA 02111-1307 USA. + +Also add information on how to contact you by electronic and paper mail. + +You should also get your employer (if you work as a programmer) or your +school, if any, to sign a "copyright disclaimer" for the library, if +necessary. Here is a sample; alter the names: + + Yoyodyne, Inc., hereby disclaims all copyright interest in the + library `Frob' (a library for tweaking knobs) written by James Random Hacker. + + , 1 April 1990 + Ty Coon, President of Vice + +That's all there is to it! diff --git a/ChangeLog b/ChangeLog new file mode 100644 index 00000000..e69de29b diff --git a/HACKING b/HACKING new file mode 100644 index 00000000..14f30cd3 --- /dev/null +++ b/HACKING @@ -0,0 +1,93 @@ +SCM +=== + + - anonymous checkouts + + $ git clone git://git.freedesktop.org/git/PolicyKit.git + + - checkouts if you got an ssh account on fd.o (username@ is optional) + + $ git clone ssh://[username@]git.freedesktop.org/git/PolicyKit.git + + - commit to local repository + + $ git commit -a + + - push local repository to master repository at fd.o (remember most patches + requires review at the mailing list) + + $ git push + + - pull changes from master repository at fd.o + + $ git pull + + - diff of working tree versus local repository + + $ git diff + + - diff of local repository vs. master repository at fd.o + + synchronize with upstream repo: + $ git pull + + (possibly merge changes) + + generate the diff: + $ git diff origin HEAD + + - influential environment variables (set these in e.g. .bash_profile) + + export GIT_AUTHOR_NAME='Your Full Name' + export GIT_COMMITTER_NAME='Your Full Name' + export GIT_COMMITTER_EMAIL=youremail@domain.net + export GIT_AUTHOR_EMAIL=youremail@domain.net + + - see also + + http://www.kernel.org/pub/software/scm/git/docs/ + + +Committing code +=== + + - Commit messages should be of the form (the five lines between the + lines starting with ===) + +=== begin example commit === +short explanation of the commit + +Longer explanation explaining exactly what's changed, whether any +external or private interfaces changed, what bugs were fixed (with bug +tracker reference if applicable) and so forth. Be concise but not too brief. +=== end example commit === + + - Always add a brief description of the commit to the _first_ line of + the commit and terminate by two newlines (it will work without the + second newline, but that is not nice for the interfaces). + + - First line (the brief description) must only be one sentence and + must not start with a capital letter. Don't use a trailing period + either. + + - The main description (the body) is normal prose and should use normal + punctuation and capital letters where appropriate. Normally, for patches + sent to a mailing list it's copied from there. + + - When committing code on behalf of others use the --author option, e.g. + git commit -a --author "Joe Coder " + +Coding Style +=== + + - Please follow the coding style already used. + + - Write docs for all functions and structs and so on. We use gtkdoc format. + + - All external interfaces (network protocols, file formats, etc.) + should have documented specifications sufficient to allow an + alternative implementation to be written. Our implementation should + be strict about specification compliance (should not for example + heuristically parse a file and accept not-well-formed + data). Avoiding heuristics is also important for security reasons; + if it looks funny, ignore it (or exit, or disconnect). diff --git a/INSTALL b/INSTALL new file mode 100644 index 00000000..a1e89e18 --- /dev/null +++ b/INSTALL @@ -0,0 +1,370 @@ +Installation Instructions +************************* + +Copyright (C) 1994-1996, 1999-2002, 2004-2011 Free Software Foundation, +Inc. + + Copying and distribution of this file, with or without modification, +are permitted in any medium without royalty provided the copyright +notice and this notice are preserved. This file is offered as-is, +without warranty of any kind. + +Basic Installation +================== + + Briefly, the shell commands `./configure; make; make install' should +configure, build, and install this package. The following +more-detailed instructions are generic; see the `README' file for +instructions specific to this package. Some packages provide this +`INSTALL' file but do not implement all of the features documented +below. The lack of an optional feature in a given package is not +necessarily a bug. More recommendations for GNU packages can be found +in *note Makefile Conventions: (standards)Makefile Conventions. + + The `configure' shell script attempts to guess correct values for +various system-dependent variables used during compilation. It uses +those values to create a `Makefile' in each directory of the package. +It may also create one or more `.h' files containing system-dependent +definitions. Finally, it creates a shell script `config.status' that +you can run in the future to recreate the current configuration, and a +file `config.log' containing compiler output (useful mainly for +debugging `configure'). + + It can also use an optional file (typically called `config.cache' +and enabled with `--cache-file=config.cache' or simply `-C') that saves +the results of its tests to speed up reconfiguring. Caching is +disabled by default to prevent problems with accidental use of stale +cache files. + + If you need to do unusual things to compile the package, please try +to figure out how `configure' could check whether to do them, and mail +diffs or instructions to the address given in the `README' so they can +be considered for the next release. If you are using the cache, and at +some point `config.cache' contains results you don't want to keep, you +may remove or edit it. + + The file `configure.ac' (or `configure.in') is used to create +`configure' by a program called `autoconf'. You need `configure.ac' if +you want to change it or regenerate `configure' using a newer version +of `autoconf'. + + The simplest way to compile this package is: + + 1. `cd' to the directory containing the package's source code and type + `./configure' to configure the package for your system. + + Running `configure' might take a while. While running, it prints + some messages telling which features it is checking for. + + 2. Type `make' to compile the package. + + 3. Optionally, type `make check' to run any self-tests that come with + the package, generally using the just-built uninstalled binaries. + + 4. Type `make install' to install the programs and any data files and + documentation. When installing into a prefix owned by root, it is + recommended that the package be configured and built as a regular + user, and only the `make install' phase executed with root + privileges. + + 5. Optionally, type `make installcheck' to repeat any self-tests, but + this time using the binaries in their final installed location. + This target does not install anything. Running this target as a + regular user, particularly if the prior `make install' required + root privileges, verifies that the installation completed + correctly. + + 6. You can remove the program binaries and object files from the + source code directory by typing `make clean'. To also remove the + files that `configure' created (so you can compile the package for + a different kind of computer), type `make distclean'. There is + also a `make maintainer-clean' target, but that is intended mainly + for the package's developers. If you use it, you may have to get + all sorts of other programs in order to regenerate files that came + with the distribution. + + 7. Often, you can also type `make uninstall' to remove the installed + files again. In practice, not all packages have tested that + uninstallation works correctly, even though it is required by the + GNU Coding Standards. + + 8. Some packages, particularly those that use Automake, provide `make + distcheck', which can by used by developers to test that all other + targets like `make install' and `make uninstall' work correctly. + This target is generally not run by end users. + +Compilers and Options +===================== + + Some systems require unusual options for compilation or linking that +the `configure' script does not know about. Run `./configure --help' +for details on some of the pertinent environment variables. + + You can give `configure' initial values for configuration parameters +by setting variables in the command line or in the environment. Here +is an example: + + ./configure CC=c99 CFLAGS=-g LIBS=-lposix + + *Note Defining Variables::, for more details. + +Compiling For Multiple Architectures +==================================== + + You can compile the package for more than one kind of computer at the +same time, by placing the object files for each architecture in their +own directory. To do this, you can use GNU `make'. `cd' to the +directory where you want the object files and executables to go and run +the `configure' script. `configure' automatically checks for the +source code in the directory that `configure' is in and in `..'. This +is known as a "VPATH" build. + + With a non-GNU `make', it is safer to compile the package for one +architecture at a time in the source code directory. After you have +installed the package for one architecture, use `make distclean' before +reconfiguring for another architecture. + + On MacOS X 10.5 and later systems, you can create libraries and +executables that work on multiple system types--known as "fat" or +"universal" binaries--by specifying multiple `-arch' options to the +compiler but only a single `-arch' option to the preprocessor. Like +this: + + ./configure CC="gcc -arch i386 -arch x86_64 -arch ppc -arch ppc64" \ + CXX="g++ -arch i386 -arch x86_64 -arch ppc -arch ppc64" \ + CPP="gcc -E" CXXCPP="g++ -E" + + This is not guaranteed to produce working output in all cases, you +may have to build one architecture at a time and combine the results +using the `lipo' tool if you have problems. + +Installation Names +================== + + By default, `make install' installs the package's commands under +`/usr/local/bin', include files under `/usr/local/include', etc. You +can specify an installation prefix other than `/usr/local' by giving +`configure' the option `--prefix=PREFIX', where PREFIX must be an +absolute file name. + + You can specify separate installation prefixes for +architecture-specific files and architecture-independent files. If you +pass the option `--exec-prefix=PREFIX' to `configure', the package uses +PREFIX as the prefix for installing programs and libraries. +Documentation and other data files still use the regular prefix. + + In addition, if you use an unusual directory layout you can give +options like `--bindir=DIR' to specify different values for particular +kinds of files. Run `configure --help' for a list of the directories +you can set and what kinds of files go in them. In general, the +default for these options is expressed in terms of `${prefix}', so that +specifying just `--prefix' will affect all of the other directory +specifications that were not explicitly provided. + + The most portable way to affect installation locations is to pass the +correct locations to `configure'; however, many packages provide one or +both of the following shortcuts of passing variable assignments to the +`make install' command line to change installation locations without +having to reconfigure or recompile. + + The first method involves providing an override variable for each +affected directory. For example, `make install +prefix=/alternate/directory' will choose an alternate location for all +directory configuration variables that were expressed in terms of +`${prefix}'. Any directories that were specified during `configure', +but not in terms of `${prefix}', must each be overridden at install +time for the entire installation to be relocated. The approach of +makefile variable overrides for each directory variable is required by +the GNU Coding Standards, and ideally causes no recompilation. +However, some platforms have known limitations with the semantics of +shared libraries that end up requiring recompilation when using this +method, particularly noticeable in packages that use GNU Libtool. + + The second method involves providing the `DESTDIR' variable. For +example, `make install DESTDIR=/alternate/directory' will prepend +`/alternate/directory' before all installation names. The approach of +`DESTDIR' overrides is not required by the GNU Coding Standards, and +does not work on platforms that have drive letters. On the other hand, +it does better at avoiding recompilation issues, and works well even +when some directory options were not specified in terms of `${prefix}' +at `configure' time. + +Optional Features +================= + + If the package supports it, you can cause programs to be installed +with an extra prefix or suffix on their names by giving `configure' the +option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'. + + Some packages pay attention to `--enable-FEATURE' options to +`configure', where FEATURE indicates an optional part of the package. +They may also pay attention to `--with-PACKAGE' options, where PACKAGE +is something like `gnu-as' or `x' (for the X Window System). The +`README' should mention any `--enable-' and `--with-' options that the +package recognizes. + + For packages that use the X Window System, `configure' can usually +find the X include and library files automatically, but if it doesn't, +you can use the `configure' options `--x-includes=DIR' and +`--x-libraries=DIR' to specify their locations. + + Some packages offer the ability to configure how verbose the +execution of `make' will be. For these packages, running `./configure +--enable-silent-rules' sets the default to minimal output, which can be +overridden with `make V=1'; while running `./configure +--disable-silent-rules' sets the default to verbose, which can be +overridden with `make V=0'. + +Particular systems +================== + + On HP-UX, the default C compiler is not ANSI C compatible. If GNU +CC is not installed, it is recommended to use the following options in +order to use an ANSI C compiler: + + ./configure CC="cc -Ae -D_XOPEN_SOURCE=500" + +and if that doesn't work, install pre-built binaries of GCC for HP-UX. + + HP-UX `make' updates targets which have the same time stamps as +their prerequisites, which makes it generally unusable when shipped +generated files such as `configure' are involved. Use GNU `make' +instead. + + On OSF/1 a.k.a. Tru64, some versions of the default C compiler cannot +parse its `' header file. The option `-nodtk' can be used as +a workaround. If GNU CC is not installed, it is therefore recommended +to try + + ./configure CC="cc" + +and if that doesn't work, try + + ./configure CC="cc -nodtk" + + On Solaris, don't put `/usr/ucb' early in your `PATH'. This +directory contains several dysfunctional programs; working variants of +these programs are available in `/usr/bin'. So, if you need `/usr/ucb' +in your `PATH', put it _after_ `/usr/bin'. + + On Haiku, software installed for all users goes in `/boot/common', +not `/usr/local'. It is recommended to use the following options: + + ./configure --prefix=/boot/common + +Specifying the System Type +========================== + + There may be some features `configure' cannot figure out +automatically, but needs to determine by the type of machine the package +will run on. Usually, assuming the package is built to be run on the +_same_ architectures, `configure' can figure that out, but if it prints +a message saying it cannot guess the machine type, give it the +`--build=TYPE' option. TYPE can either be a short name for the system +type, such as `sun4', or a canonical name which has the form: + + CPU-COMPANY-SYSTEM + +where SYSTEM can have one of these forms: + + OS + KERNEL-OS + + See the file `config.sub' for the possible values of each field. If +`config.sub' isn't included in this package, then this package doesn't +need to know the machine type. + + If you are _building_ compiler tools for cross-compiling, you should +use the option `--target=TYPE' to select the type of system they will +produce code for. + + If you want to _use_ a cross compiler, that generates code for a +platform different from the build platform, you should specify the +"host" platform (i.e., that on which the generated programs will +eventually be run) with `--host=TYPE'. + +Sharing Defaults +================ + + If you want to set default values for `configure' scripts to share, +you can create a site shell script called `config.site' that gives +default values for variables like `CC', `cache_file', and `prefix'. +`configure' looks for `PREFIX/share/config.site' if it exists, then +`PREFIX/etc/config.site' if it exists. Or, you can set the +`CONFIG_SITE' environment variable to the location of the site script. +A warning: not all `configure' scripts look for a site script. + +Defining Variables +================== + + Variables not defined in a site shell script can be set in the +environment passed to `configure'. However, some packages may run +configure again during the build, and the customized values of these +variables may be lost. In order to avoid this problem, you should set +them in the `configure' command line, using `VAR=value'. For example: + + ./configure CC=/usr/local2/bin/gcc + +causes the specified `gcc' to be used as the C compiler (unless it is +overridden in the site shell script). + +Unfortunately, this technique does not work for `CONFIG_SHELL' due to +an Autoconf bug. Until the bug is fixed you can use this workaround: + + CONFIG_SHELL=/bin/bash /bin/bash ./configure CONFIG_SHELL=/bin/bash + +`configure' Invocation +====================== + + `configure' recognizes the following options to control how it +operates. + +`--help' +`-h' + Print a summary of all of the options to `configure', and exit. + +`--help=short' +`--help=recursive' + Print a summary of the options unique to this package's + `configure', and exit. The `short' variant lists options used + only in the top level, while the `recursive' variant lists options + also present in any nested packages. + +`--version' +`-V' + Print the version of Autoconf used to generate the `configure' + script, and exit. + +`--cache-file=FILE' + Enable the cache: use and save the results of the tests in FILE, + traditionally `config.cache'. FILE defaults to `/dev/null' to + disable caching. + +`--config-cache' +`-C' + Alias for `--cache-file=config.cache'. + +`--quiet' +`--silent' +`-q' + Do not print messages saying which checks are being made. To + suppress all normal output, redirect it to `/dev/null' (any error + messages will still be shown). + +`--srcdir=DIR' + Look for the package's source code in directory DIR. Usually + `configure' can determine that directory automatically. + +`--prefix=DIR' + Use DIR as the installation prefix. *note Installation Names:: + for more details, including other options available for fine-tuning + the installation locations. + +`--no-create' +`-n' + Run the configure checks, but stop before creating any output + files. + +`configure' also accepts some other, not widely useful, options. Run +`configure --help' for more details. + diff --git a/Makefile.am b/Makefile.am new file mode 100644 index 00000000..01f0a4ba --- /dev/null +++ b/Makefile.am @@ -0,0 +1,27 @@ +## Process this file with automake to produce Makefile.in + +SUBDIRS = actions data src docs po test + +NULL = + +EXTRA_DIST = \ + HACKING \ + $(NULL) + +# xsltproc barfs on 'make distcheck'; disable for now +DISTCHECK_CONFIGURE_FLAGS=--disable-man-pages --disable-gtk-doc --disable-introspection + +sign : dist + gpg --armor --detach-sign --output polkit-$(VERSION).tar.gz.sign polkit-$(VERSION).tar.gz + +publish : sign + scp polkit-$(VERSION).tar.gz polkit-$(VERSION).tar.gz.sign "david@people.freedesktop.org:/srv/www.freedesktop.org/www/software/polkit/releases/" + +publish-docs : + gtkdoc-rebase --html-dir docs/polkit/html --online + ssh "david@people.freedesktop.org" "mkdir -p /srv/www.freedesktop.org/www/software/polkit/docs/$(VERSION)" + scp docs/polkit/html/* "david@people.freedesktop.org:/srv/www.freedesktop.org/www/software/polkit/docs/$(VERSION)" + ssh "david@people.freedesktop.org" "rm -f /srv/www.freedesktop.org/www/software/polkit/docs/latest; ln -s $(VERSION) /srv/www.freedesktop.org/www/software/polkit/docs/latest" + +clean-local : + rm -f *~ diff --git a/Makefile.in b/Makefile.in new file mode 100644 index 00000000..261122f1 --- /dev/null +++ b/Makefile.in @@ -0,0 +1,835 @@ +# Makefile.in generated by automake 1.11.3 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software +# Foundation, Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ +VPATH = @srcdir@ +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +subdir = . +DIST_COMMON = README $(am__configure_deps) $(srcdir)/Makefile.am \ + $(srcdir)/Makefile.in $(srcdir)/config.h.in \ + $(top_srcdir)/configure AUTHORS COPYING ChangeLog INSTALL NEWS \ + compile config.guess config.sub depcomp install-sh ltmain.sh \ + missing +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \ + configure.lineno config.status.lineno +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = config.h +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +AM_V_GEN = $(am__v_GEN_@AM_V@) +am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) +am__v_GEN_0 = @echo " GEN " $@; +AM_V_at = $(am__v_at_@AM_V@) +am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) +am__v_at_0 = @ +SOURCES = +DIST_SOURCES = +RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \ + html-recursive info-recursive install-data-recursive \ + install-dvi-recursive install-exec-recursive \ + install-html-recursive install-info-recursive \ + install-pdf-recursive install-ps-recursive install-recursive \ + installcheck-recursive installdirs-recursive pdf-recursive \ + ps-recursive uninstall-recursive +RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \ + distclean-recursive maintainer-clean-recursive +AM_RECURSIVE_TARGETS = $(RECURSIVE_TARGETS:-recursive=) \ + $(RECURSIVE_CLEAN_TARGETS:-recursive=) tags TAGS ctags CTAGS \ + distdir dist dist-all distcheck +ETAGS = etags +CTAGS = ctags +DIST_SUBDIRS = $(SUBDIRS) +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +distdir = $(PACKAGE)-$(VERSION) +top_distdir = $(distdir) +am__remove_distdir = \ + if test -d "$(distdir)"; then \ + find "$(distdir)" -type d ! -perm -200 -exec chmod u+w {} ';' \ + && rm -rf "$(distdir)" \ + || { sleep 5 && rm -rf "$(distdir)"; }; \ + else :; fi +am__relativize = \ + dir0=`pwd`; \ + sed_first='s,^\([^/]*\)/.*$$,\1,'; \ + sed_rest='s,^[^/]*/*,,'; \ + sed_last='s,^.*/\([^/]*\)$$,\1,'; \ + sed_butlast='s,/*[^/]*$$,,'; \ + while test -n "$$dir1"; do \ + first=`echo "$$dir1" | sed -e "$$sed_first"`; \ + if test "$$first" != "."; then \ + if test "$$first" = ".."; then \ + dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \ + dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \ + else \ + first2=`echo "$$dir2" | sed -e "$$sed_first"`; \ + if test "$$first2" = "$$first"; then \ + dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \ + else \ + dir2="../$$dir2"; \ + fi; \ + dir0="$$dir0"/"$$first"; \ + fi; \ + fi; \ + dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \ + done; \ + reldir="$$dir2" +DIST_ARCHIVES = $(distdir).tar.gz +GZIP_ENV = --best +distuninstallcheck_listfiles = find . -type f -print +am__distuninstallcheck_listfiles = $(distuninstallcheck_listfiles) \ + | sed 's|^\./|$(prefix)/|' | grep -v '$(infodir)/dir$$' +distcleancheck_listfiles = find . -type f -print +ACLOCAL = @ACLOCAL@ +ALL_LINGUAS = @ALL_LINGUAS@ +AMTAR = @AMTAR@ +AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ +AR = @AR@ +AUTH_LIBS = @AUTH_LIBS@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +CATALOGS = @CATALOGS@ +CATOBJEXT = @CATOBJEXT@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DATADIRNAME = @DATADIRNAME@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +EXPAT_LIBS = @EXPAT_LIBS@ +FGREP = @FGREP@ +GETTEXT_PACKAGE = @GETTEXT_PACKAGE@ +GLIB_CFLAGS = @GLIB_CFLAGS@ +GLIB_LIBS = @GLIB_LIBS@ +GMOFILES = @GMOFILES@ +GMSGFMT = @GMSGFMT@ +GREP = @GREP@ +GTKDOC_CHECK = @GTKDOC_CHECK@ +GTKDOC_DEPS_CFLAGS = @GTKDOC_DEPS_CFLAGS@ +GTKDOC_DEPS_LIBS = @GTKDOC_DEPS_LIBS@ +GTKDOC_MKPDF = @GTKDOC_MKPDF@ +GTKDOC_REBASE = @GTKDOC_REBASE@ +HAVE_PAM = @HAVE_PAM@ +HTML_DIR = @HTML_DIR@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +INSTOBJEXT = @INSTOBJEXT@ +INTLLIBS = @INTLLIBS@ +INTLTOOL_EXTRACT = @INTLTOOL_EXTRACT@ +INTLTOOL_MERGE = @INTLTOOL_MERGE@ +INTLTOOL_PERL = @INTLTOOL_PERL@ +INTLTOOL_UPDATE = @INTLTOOL_UPDATE@ +INTLTOOL_V_MERGE = @INTLTOOL_V_MERGE@ +INTLTOOL_V_MERGE_OPTIONS = @INTLTOOL_V_MERGE_OPTIONS@ +INTLTOOL__v_MERGE_ = @INTLTOOL__v_MERGE_@ +INTLTOOL__v_MERGE_0 = @INTLTOOL__v_MERGE_0@ +INTROSPECTION_CFLAGS = @INTROSPECTION_CFLAGS@ +INTROSPECTION_COMPILER = @INTROSPECTION_COMPILER@ +INTROSPECTION_GENERATE = @INTROSPECTION_GENERATE@ +INTROSPECTION_GIRDIR = @INTROSPECTION_GIRDIR@ +INTROSPECTION_LIBS = @INTROSPECTION_LIBS@ +INTROSPECTION_MAKEFILE = @INTROSPECTION_MAKEFILE@ +INTROSPECTION_SCANNER = @INTROSPECTION_SCANNER@ +INTROSPECTION_TYPELIBDIR = @INTROSPECTION_TYPELIBDIR@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +LT_AGE = @LT_AGE@ +LT_CURRENT = @LT_CURRENT@ +LT_REVISION = @LT_REVISION@ +MAINT = @MAINT@ +MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ +MKDIR_P = @MKDIR_P@ +MKINSTALLDIRS = @MKINSTALLDIRS@ +MSGFMT = @MSGFMT@ +MSGFMT_OPTS = @MSGFMT_OPTS@ +MSGMERGE = @MSGMERGE@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PAM_FILE_INCLUDE_ACCOUNT = @PAM_FILE_INCLUDE_ACCOUNT@ +PAM_FILE_INCLUDE_AUTH = @PAM_FILE_INCLUDE_AUTH@ +PAM_FILE_INCLUDE_PASSWORD = @PAM_FILE_INCLUDE_PASSWORD@ +PAM_FILE_INCLUDE_SESSION = @PAM_FILE_INCLUDE_SESSION@ +PAM_MODULE_DIR = @PAM_MODULE_DIR@ +PAM_PREFIX = @PAM_PREFIX@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +POFILES = @POFILES@ +POLKIT_AUTHFW = @POLKIT_AUTHFW@ +POSUB = @POSUB@ +PO_IN_DATADIR_FALSE = @PO_IN_DATADIR_FALSE@ +PO_IN_DATADIR_TRUE = @PO_IN_DATADIR_TRUE@ +RANLIB = @RANLIB@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +STRIP = @STRIP@ +SYSTEMD_CFLAGS = @SYSTEMD_CFLAGS@ +SYSTEMD_LIBS = @SYSTEMD_LIBS@ +USE_NLS = @USE_NLS@ +VERSION = @VERSION@ +XGETTEXT = @XGETTEXT@ +XSLTPROC = @XSLTPROC@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +intltool__v_merge_options_ = @intltool__v_merge_options_@ +intltool__v_merge_options_0 = @intltool__v_merge_options_0@ +libdir = @libdir@ +libexecdir = @libexecdir@ +localedir = @localedir@ +localstatedir = @localstatedir@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +subdirs = @subdirs@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +SUBDIRS = actions data src docs po test +NULL = +EXTRA_DIST = \ + HACKING \ + $(NULL) + + +# xsltproc barfs on 'make distcheck'; disable for now +DISTCHECK_CONFIGURE_FLAGS = --disable-man-pages --disable-gtk-doc --disable-introspection +all: config.h + $(MAKE) $(AM_MAKEFLAGS) all-recursive + +.SUFFIXES: +am--refresh: Makefile + @: +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + echo ' cd $(srcdir) && $(AUTOMAKE) --gnu'; \ + $(am__cd) $(srcdir) && $(AUTOMAKE) --gnu \ + && exit 0; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + echo ' $(SHELL) ./config.status'; \ + $(SHELL) ./config.status;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + $(SHELL) ./config.status --recheck + +$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) + $(am__cd) $(srcdir) && $(AUTOCONF) +$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) + $(am__cd) $(srcdir) && $(ACLOCAL) $(ACLOCAL_AMFLAGS) +$(am__aclocal_m4_deps): + +config.h: stamp-h1 + @if test ! -f $@; then rm -f stamp-h1; else :; fi + @if test ! -f $@; then $(MAKE) $(AM_MAKEFLAGS) stamp-h1; else :; fi + +stamp-h1: $(srcdir)/config.h.in $(top_builddir)/config.status + @rm -f stamp-h1 + cd $(top_builddir) && $(SHELL) ./config.status config.h +$(srcdir)/config.h.in: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) + ($(am__cd) $(top_srcdir) && $(AUTOHEADER)) + rm -f stamp-h1 + touch $@ + +distclean-hdr: + -rm -f config.h stamp-h1 + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +distclean-libtool: + -rm -f libtool config.lt + +# This directory's subdirectories are mostly independent; you can cd +# into them and run `make' without going through this Makefile. +# To change the values of `make' variables: instead of editing Makefiles, +# (1) if the variable is set in `config.status', edit `config.status' +# (which will cause the Makefiles to be regenerated when you run `make'); +# (2) otherwise, pass the desired values on the `make' command line. +$(RECURSIVE_TARGETS): + @fail= failcom='exit 1'; \ + for f in x $$MAKEFLAGS; do \ + case $$f in \ + *=* | --[!k]*);; \ + *k*) failcom='fail=yes';; \ + esac; \ + done; \ + dot_seen=no; \ + target=`echo $@ | sed s/-recursive//`; \ + list='$(SUBDIRS)'; for subdir in $$list; do \ + echo "Making $$target in $$subdir"; \ + if test "$$subdir" = "."; then \ + dot_seen=yes; \ + local_target="$$target-am"; \ + else \ + local_target="$$target"; \ + fi; \ + ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ + || eval $$failcom; \ + done; \ + if test "$$dot_seen" = "no"; then \ + $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \ + fi; test -z "$$fail" + +$(RECURSIVE_CLEAN_TARGETS): + @fail= failcom='exit 1'; \ + for f in x $$MAKEFLAGS; do \ + case $$f in \ + *=* | --[!k]*);; \ + *k*) failcom='fail=yes';; \ + esac; \ + done; \ + dot_seen=no; \ + case "$@" in \ + distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \ + *) list='$(SUBDIRS)' ;; \ + esac; \ + rev=''; for subdir in $$list; do \ + if test "$$subdir" = "."; then :; else \ + rev="$$subdir $$rev"; \ + fi; \ + done; \ + rev="$$rev ."; \ + target=`echo $@ | sed s/-recursive//`; \ + for subdir in $$rev; do \ + echo "Making $$target in $$subdir"; \ + if test "$$subdir" = "."; then \ + local_target="$$target-am"; \ + else \ + local_target="$$target"; \ + fi; \ + ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ + || eval $$failcom; \ + done && test -z "$$fail" +tags-recursive: + list='$(SUBDIRS)'; for subdir in $$list; do \ + test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \ + done +ctags-recursive: + list='$(SUBDIRS)'; for subdir in $$list; do \ + test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \ + done + +ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + mkid -fID $$unique +tags: TAGS + +TAGS: tags-recursive $(HEADERS) $(SOURCES) config.h.in $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + set x; \ + here=`pwd`; \ + if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \ + include_option=--etags-include; \ + empty_fix=.; \ + else \ + include_option=--include; \ + empty_fix=; \ + fi; \ + list='$(SUBDIRS)'; for subdir in $$list; do \ + if test "$$subdir" = .; then :; else \ + test ! -f $$subdir/TAGS || \ + set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \ + fi; \ + done; \ + list='$(SOURCES) $(HEADERS) config.h.in $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: CTAGS +CTAGS: ctags-recursive $(HEADERS) $(SOURCES) config.h.in $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + list='$(SOURCES) $(HEADERS) config.h.in $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(DISTFILES) + $(am__remove_distdir) + test -d "$(distdir)" || mkdir "$(distdir)" + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done + @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ + if test "$$subdir" = .; then :; else \ + test -d "$(distdir)/$$subdir" \ + || $(MKDIR_P) "$(distdir)/$$subdir" \ + || exit 1; \ + fi; \ + done + @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ + if test "$$subdir" = .; then :; else \ + dir1=$$subdir; dir2="$(distdir)/$$subdir"; \ + $(am__relativize); \ + new_distdir=$$reldir; \ + dir1=$$subdir; dir2="$(top_distdir)"; \ + $(am__relativize); \ + new_top_distdir=$$reldir; \ + echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \ + echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \ + ($(am__cd) $$subdir && \ + $(MAKE) $(AM_MAKEFLAGS) \ + top_distdir="$$new_top_distdir" \ + distdir="$$new_distdir" \ + am__remove_distdir=: \ + am__skip_length_check=: \ + am__skip_mode_fix=: \ + distdir) \ + || exit 1; \ + fi; \ + done + -test -n "$(am__skip_mode_fix)" \ + || find "$(distdir)" -type d ! -perm -755 \ + -exec chmod u+rwx,go+rx {} \; -o \ + ! -type d ! -perm -444 -links 1 -exec chmod a+r {} \; -o \ + ! -type d ! -perm -400 -exec chmod a+r {} \; -o \ + ! -type d ! -perm -444 -exec $(install_sh) -c -m a+r {} {} \; \ + || chmod -R a+r "$(distdir)" +dist-gzip: distdir + tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz + $(am__remove_distdir) + +dist-bzip2: distdir + tardir=$(distdir) && $(am__tar) | BZIP2=$${BZIP2--9} bzip2 -c >$(distdir).tar.bz2 + $(am__remove_distdir) + +dist-lzip: distdir + tardir=$(distdir) && $(am__tar) | lzip -c $${LZIP_OPT--9} >$(distdir).tar.lz + $(am__remove_distdir) + +dist-lzma: distdir + tardir=$(distdir) && $(am__tar) | lzma -9 -c >$(distdir).tar.lzma + $(am__remove_distdir) + +dist-xz: distdir + tardir=$(distdir) && $(am__tar) | XZ_OPT=$${XZ_OPT--e} xz -c >$(distdir).tar.xz + $(am__remove_distdir) + +dist-tarZ: distdir + tardir=$(distdir) && $(am__tar) | compress -c >$(distdir).tar.Z + $(am__remove_distdir) + +dist-shar: distdir + shar $(distdir) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).shar.gz + $(am__remove_distdir) + +dist-zip: distdir + -rm -f $(distdir).zip + zip -rq $(distdir).zip $(distdir) + $(am__remove_distdir) + +dist dist-all: distdir + tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz + $(am__remove_distdir) + +# This target untars the dist file and tries a VPATH configuration. Then +# it guarantees that the distribution is self-contained by making another +# tarfile. +distcheck: dist + case '$(DIST_ARCHIVES)' in \ + *.tar.gz*) \ + GZIP=$(GZIP_ENV) gzip -dc $(distdir).tar.gz | $(am__untar) ;;\ + *.tar.bz2*) \ + bzip2 -dc $(distdir).tar.bz2 | $(am__untar) ;;\ + *.tar.lzma*) \ + lzma -dc $(distdir).tar.lzma | $(am__untar) ;;\ + *.tar.lz*) \ + lzip -dc $(distdir).tar.lz | $(am__untar) ;;\ + *.tar.xz*) \ + xz -dc $(distdir).tar.xz | $(am__untar) ;;\ + *.tar.Z*) \ + uncompress -c $(distdir).tar.Z | $(am__untar) ;;\ + *.shar.gz*) \ + GZIP=$(GZIP_ENV) gzip -dc $(distdir).shar.gz | unshar ;;\ + *.zip*) \ + unzip $(distdir).zip ;;\ + esac + chmod -R a-w $(distdir); chmod a+w $(distdir) + mkdir $(distdir)/_build + mkdir $(distdir)/_inst + chmod a-w $(distdir) + test -d $(distdir)/_build || exit 0; \ + dc_install_base=`$(am__cd) $(distdir)/_inst && pwd | sed -e 's,^[^:\\/]:[\\/],/,'` \ + && dc_destdir="$${TMPDIR-/tmp}/am-dc-$$$$/" \ + && am__cwd=`pwd` \ + && $(am__cd) $(distdir)/_build \ + && ../configure --srcdir=.. --prefix="$$dc_install_base" \ + $(AM_DISTCHECK_CONFIGURE_FLAGS) \ + $(DISTCHECK_CONFIGURE_FLAGS) \ + && $(MAKE) $(AM_MAKEFLAGS) \ + && $(MAKE) $(AM_MAKEFLAGS) dvi \ + && $(MAKE) $(AM_MAKEFLAGS) check \ + && $(MAKE) $(AM_MAKEFLAGS) install \ + && $(MAKE) $(AM_MAKEFLAGS) installcheck \ + && $(MAKE) $(AM_MAKEFLAGS) uninstall \ + && $(MAKE) $(AM_MAKEFLAGS) distuninstallcheck_dir="$$dc_install_base" \ + distuninstallcheck \ + && chmod -R a-w "$$dc_install_base" \ + && ({ \ + (cd ../.. && umask 077 && mkdir "$$dc_destdir") \ + && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" install \ + && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" uninstall \ + && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" \ + distuninstallcheck_dir="$$dc_destdir" distuninstallcheck; \ + } || { rm -rf "$$dc_destdir"; exit 1; }) \ + && rm -rf "$$dc_destdir" \ + && $(MAKE) $(AM_MAKEFLAGS) dist \ + && rm -rf $(DIST_ARCHIVES) \ + && $(MAKE) $(AM_MAKEFLAGS) distcleancheck \ + && cd "$$am__cwd" \ + || exit 1 + $(am__remove_distdir) + @(echo "$(distdir) archives ready for distribution: "; \ + list='$(DIST_ARCHIVES)'; for i in $$list; do echo $$i; done) | \ + sed -e 1h -e 1s/./=/g -e 1p -e 1x -e '$$p' -e '$$x' +distuninstallcheck: + @test -n '$(distuninstallcheck_dir)' || { \ + echo 'ERROR: trying to run $@ with an empty' \ + '$$(distuninstallcheck_dir)' >&2; \ + exit 1; \ + }; \ + $(am__cd) '$(distuninstallcheck_dir)' || { \ + echo 'ERROR: cannot chdir into $(distuninstallcheck_dir)' >&2; \ + exit 1; \ + }; \ + test `$(am__distuninstallcheck_listfiles) | wc -l` -eq 0 \ + || { echo "ERROR: files left after uninstall:" ; \ + if test -n "$(DESTDIR)"; then \ + echo " (check DESTDIR support)"; \ + fi ; \ + $(distuninstallcheck_listfiles) ; \ + exit 1; } >&2 +distcleancheck: distclean + @if test '$(srcdir)' = . ; then \ + echo "ERROR: distcleancheck can only run from a VPATH build" ; \ + exit 1 ; \ + fi + @test `$(distcleancheck_listfiles) | wc -l` -eq 0 \ + || { echo "ERROR: files left in build directory after distclean:" ; \ + $(distcleancheck_listfiles) ; \ + exit 1; } >&2 +check-am: all-am +check: check-recursive +all-am: Makefile config.h +installdirs: installdirs-recursive +installdirs-am: +install: install-recursive +install-exec: install-exec-recursive +install-data: install-data-recursive +uninstall: uninstall-recursive + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-recursive +install-strip: + if test -z '$(STRIP)'; then \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + install; \ + else \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ + fi +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-recursive + +clean-am: clean-generic clean-libtool clean-local mostlyclean-am + +distclean: distclean-recursive + -rm -f $(am__CONFIG_DISTCLEAN_FILES) + -rm -f Makefile +distclean-am: clean-am distclean-generic distclean-hdr \ + distclean-libtool distclean-tags + +dvi: dvi-recursive + +dvi-am: + +html: html-recursive + +html-am: + +info: info-recursive + +info-am: + +install-data-am: + +install-dvi: install-dvi-recursive + +install-dvi-am: + +install-exec-am: + +install-html: install-html-recursive + +install-html-am: + +install-info: install-info-recursive + +install-info-am: + +install-man: + +install-pdf: install-pdf-recursive + +install-pdf-am: + +install-ps: install-ps-recursive + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-recursive + -rm -f $(am__CONFIG_DISTCLEAN_FILES) + -rm -rf $(top_srcdir)/autom4te.cache + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-recursive + +mostlyclean-am: mostlyclean-generic mostlyclean-libtool + +pdf: pdf-recursive + +pdf-am: + +ps: ps-recursive + +ps-am: + +uninstall-am: + +.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) all \ + ctags-recursive install-am install-strip tags-recursive + +.PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \ + all all-am am--refresh check check-am clean clean-generic \ + clean-libtool clean-local ctags ctags-recursive dist dist-all \ + dist-bzip2 dist-gzip dist-lzip dist-lzma dist-shar dist-tarZ \ + dist-xz dist-zip distcheck distclean distclean-generic \ + distclean-hdr distclean-libtool distclean-tags distcleancheck \ + distdir distuninstallcheck dvi dvi-am html html-am info \ + info-am install install-am install-data install-data-am \ + install-dvi install-dvi-am install-exec install-exec-am \ + install-html install-html-am install-info install-info-am \ + install-man install-pdf install-pdf-am install-ps \ + install-ps-am install-strip installcheck installcheck-am \ + installdirs installdirs-am maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-generic \ + mostlyclean-libtool pdf pdf-am ps ps-am tags tags-recursive \ + uninstall uninstall-am + + +sign : dist + gpg --armor --detach-sign --output polkit-$(VERSION).tar.gz.sign polkit-$(VERSION).tar.gz + +publish : sign + scp polkit-$(VERSION).tar.gz polkit-$(VERSION).tar.gz.sign "david@people.freedesktop.org:/srv/www.freedesktop.org/www/software/polkit/releases/" + +publish-docs : + gtkdoc-rebase --html-dir docs/polkit/html --online + ssh "david@people.freedesktop.org" "mkdir -p /srv/www.freedesktop.org/www/software/polkit/docs/$(VERSION)" + scp docs/polkit/html/* "david@people.freedesktop.org:/srv/www.freedesktop.org/www/software/polkit/docs/$(VERSION)" + ssh "david@people.freedesktop.org" "rm -f /srv/www.freedesktop.org/www/software/polkit/docs/latest; ln -s $(VERSION) /srv/www.freedesktop.org/www/software/polkit/docs/latest" + +clean-local : + rm -f *~ + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/NEWS b/NEWS new file mode 100644 index 00000000..20c59946 --- /dev/null +++ b/NEWS @@ -0,0 +1,635 @@ +-------------- +polkit 0.105 +-------------- + +This is polkit 0.105 + +WARNING WARNING WARNING: This is a prerelease on the road to polkit +1.0. Public API might change and certain parts of the code still needs +some security review. Use at your own risk. + +Build requirements + + glib, gobject, gio >= 2.28 + gobject-introspection >= 0.6.2 (optional) + pam (optional) + ConsoleKit OR systemd + +Changes since polkit 0.104: + +David Zeuthen (11): + Post-release version bump + PolkitUnixSession: Set error if we cannot find a session for the given pid + PolkitUnixSession: Actually return TRUE if a session exists + PolkitAgentSession: Don't leak file descriptors + Add pkttyagent(1) helper + Make it possible to influence agent registration with an a{sv} parameter + Fix type in docs + Mention pkttyagent(1) in "Writing PolicyKit applications" chapter + Update the docs to use 'polkit' (instead of 'PolicyKit') as the name + Add Makefile rules for signing and publishing releases and docs + Update NEWS for release + +Ryan Lortie (1): + Various builddir != srcdir fixes + +Thanks to our contributors. + +David Zeuthen, +April 24, 2012 + +-------------- +PolicyKit 0.104 +-------------- + +This is PolicyKit 0.104 + +WARNING WARNING WARNING: This is a prerelease on the road to PolicyKit +1.0. Public API might change and certain parts of the code still needs +some security review. Use at your own risk. + +Build requirements + + glib, gobject, gio >= 2.28 + gobject-introspection >= 0.6.2 (optional) + pam (optional) + ConsoleKit OR systemd + +Changes since PolicyKit 0.103: + + David Zeuthen (3): + Post-release version bump to 0.104 + Detect whether systemd is available and default to use if so + Update NEWS for release + + Matthias Clasen (1): + Add optional systemd support + + Nikki VonHollen (2): + Bug 43608 – Add unit tests + Bug 43610 - Add netgroup support + +Thanks to our contributors. + +David Zeuthen, +January 3, 2012 + +-------------- +PolicyKit 0.103 +-------------- + +This is PolicyKit 0.103 + +WARNING WARNING WARNING: This is a prerelease on the road to PolicyKit +1.0. Public API might change and certain parts of the code still needs +some security review. Use at your own risk. + +Build requirements + + glib, gobject, gio >= 2.28 + gobject-introspection >= 0.6.2 (optional) + pam (optional) + +IMPORTANT: As of release 0.103, the default Authority backend now +defaults to allowing members of the 'wheel' group to authenticate as +an administator since this is common usage in popular Linux +distributions. Distributors can change this by patching the +50-localauthority.conf file in /etc/polkit-1/localauthority.conf.d as +needed. + +Changes since PolicyKit 0.102: + + Alan Near (1): + Mistype in DBus object: PoliycKit1 -> PolicyKit1 + + David Zeuthen (7): + Post-release version bump to 0.103 + Add support for the org.freedesktop.policykit.imply annotation + Add --no-debug option and use this for D-Bus activation + Bug 41025 – Add org.freedesktop.policykit.owner annotation + Default to AdminIdentities=unix-group:wheel for local authority + Update NEWS for release + Fix typo + +Thanks to our contributors. + +David Zeuthen, +December 6, 2011 + +-------------- +PolicyKit 0.102 +-------------- + +This is PolicyKit 0.102 + +WARNING WARNING WARNING: This is a prerelease on the road to PolicyKit +1.0. Public API might change and certain parts of the code still needs +some security review. Use at your own risk. + +Build requirements + + glib, gobject, gio >= 2.28 + gobject-introspection >= 0.6.2 (optional) + pam (optional) + +Changes since PolicyKit 0.101: + + Benjamin Otte (1): + introspection: Add --c-include to the gir files + + David Zeuthen (7): + Post-release version bump to 0.102 + Don't show diagnostic messages intended for the administrator to the end u + PolkitUnixProcess: Clarify that the real uid is returned, not the effectiv + Make PolkitUnixProcess also record the uid of the process + Use polkit_unix_process_get_uid() to get the owner of a process + pkexec: Avoid TOCTTOU problems with parent process + Update NEWS for release + + Evan Nemerson (1): + Specify exported pkg-config files in GIRs + + Marc Deslauriers (1): + Fix multi-line pam prompt handling + + Martin Pitt (3): + Ignore .po/ for intltool + Fix backend crash if a .policy file does not specify + Bug 38769 — pkexec: Support running X11 apps + +Thanks to our contributors. + +David Zeuthen, +August 1, 2011 + +-------------- +PolicyKit 0.101 +-------------- + +This is PolicyKit 0.101 + +WARNING WARNING WARNING: This is a prerelease on the road to PolicyKit +1.0. Public API might change and certain parts of the code still needs +some security review. Use at your own risk. + +Build requirements + + glib, gobject, gio >= 2.28 + gobject-introspection >= 0.6.2 (optional) + pam (optional) + +Changes since PolicyKit 0.100: + + Adrian Bunk (1): + Bug 27253 – Use GOBJECT_INTROSPECTION_CHECK from gobject-introspection + + David Zeuthen (16): + Post-release version bump to 0.101 + Bug 30653 – No way to detect cancellation in pkexec + Bug 27081 – pkexec fails to build on non glibc systems + Bug 30438 – PolicyKit fails to build on AIX + Bug 32334 – Always set polkit.retains_authorization_after_challenge + Fix a memory leak + Be more specific about what info we want when enumerating files + Make pkcheck(1) report if the authentication dialog was dismissed + pkcheck: Make it possible to list and revoke temporary authorizations + Be a bit more careful parsing the command-line + Bug 29712 – Use monotonic for temporary authorizations + Allow overriding message shown in authentication dialog + Deprecated PolkitBackendActionLookup + Fix a couple of warnings triggered by gcc 4.6 + Build examples by default and fix compiler warnings + Update NEWS for release + + Michael Biebl (1): + Bug 29871 – Fix build failures with binutils-gold + +Thanks to our contributors. + +David Zeuthen, +March 3, 2011 + +-------------- +PolicyKit 0.100 +-------------- + +This is PolicyKit 0.100 + +WARNING WARNING WARNING: This is a prerelease on the road to PolicyKit +1.0. Public API might change and certain parts of the code still needs +some security review. Use at your own risk. + +Build requirements + + glib, gobject, gio >= 2.25.12 + gobject-introspection >= 0.6.2 (optional) + pam (optional) + +Changes since PolicyKit 0.99: + +David Zeuthen (12): + Post-release version bump to 0.100 + Add missing GObject Introspection annotations + Build gir/typelib for PolkitAgent-1.0 + Fix-up PolkitAgentSession to use GObject properties + Improve error reporting for authentication sessions + Add some debug info that can be shown with the env var POLKIT_DEBUG + Fix up debug and timeouts in agent helper + Always pass non-zero value to g_once_init_leave() + Add a note about POLKIT_DEBUG + Pass caller and subject pid to authentication agent + Update NEWS for release + Fix 'make distcheck' + +Thanks to our contributors. + +David Zeuthen, +February 21, 2011 + +-------------- +PolicyKit 0.99 +-------------- + +This is PolicyKit 0.99 + +WARNING WARNING WARNING: This is a prerelease on the road to PolicyKit +1.0. Public API might change and certain parts of the code still needs +some security review. Use at your own risk. + +Build requirements + + glib, gobject, gio >= 2.25.12 + gobject-introspection >= 0.6.2 (optional) + pam (optional) + +Changes since PolicyKit 0.98: + + Colin Walters (3): + Remove duplicate definitions of enumeration types + Fix (correct) GCC warning about possibly-uninitialized variable + Fix another GCC uninitialized variable warning + + David Zeuthen (2): + Post-release version bump to 0.99 + Update NEWS for release + + Vincent Untz (1): + Bug 29816 – Install polkitagentenumtypes.h + +Thanks to our contributors. + +David Zeuthen, +September 15, 2010 + +-------------- +PolicyKit 0.98 +-------------- + +This is PolicyKit 0.98. + +WARNING WARNING WARNING: This is a prerelease on the road to PolicyKit +1.0. Public API might change and certain parts of the code still needs +some security review. Use at your own risk. + +Build requirements + + glib, gobject, gio >= 2.25.12 + gobject-introspection >= 0.6.2 (optional) + pam (optional) + +Changes since PolicyKit 0.97: + +David Zeuthen (11): + Post-release version bump to 0.98 + Require GLib 2.25.12 + Fix scanning of unix-process subjects + Add textual authentication agent and use it in pkexec(1) + Fix ConsoleKit interaction bug + pkexec: add --disable-internal-agent option + pkcheck: add --enable-internal-agent option + Fix wording in pkexec(1) man page + Various doc cleanups + Fix dist-check + Update NEWS for release + +Thanks to our contributors. + +David Zeuthen, +August 20, 2010 + +-------------- +PolicyKit 0.97 +-------------- + +This is PolicyKit 0.97. + +WARNING WARNING WARNING: This is a prerelease on the road to PolicyKit +1.0. Public API might change and certain parts of the code still needs +some security review. Use at your own risk. + +The main change since the previous version is a port from eggdbus to +GLib's new D-Bus implementation. Other changes includes various bug +fixes and support for shadow authentication. Support for the +AddLockdown() and RemoveLockdown() methods has been removed. You will +need an updated version of PolicyKit-gnome to go with this release. + +Build requirements + + glib, gobject, gio >= 2.25.11 + gobject-introspection >= 0.6.2 (optional) + pam (optional) + +Changes since PolicyKit 0.96: + +Andrew Psaltis (1): + Add shadow support + +Dan Rosenberg (1): + Bug 26982 – pkexec information disclosure vulnerability + +David Zeuthen (23): + Post-release version bump to 0.97 + Port core bits to gdbus + Port CK class to gdbus + Port PolkitBackendInteractiveAuthority to gdbus + Port PolkitAgent to gdbus + Add generated docbook D-Bus API docs to git + Nuke eggdbus usage + Make polkitd accept --replace and gracefully handle SIGINT + Implement polkit_temporary_authorization_new_for_gvariant() + Remove Lock Down functionality + Make NameOwnerChanged a private impl detail of the interactive authority + Update README + Merge remote branch 'origin/gdbus' + Add a GPermission implementation + PolkitAuthority: Implement failable initialization + PolkitAuthority: Add g_return_if_fail() checks + Add g_return_if_fail() to all public API entry points + Use polkit_authority_get_sync() instead of deprecated polkit_authority_get + PolkitBackend: Don't export unneeded convenience API + Update GI annotations + Don't dist org.freedesktop.ConsoleKit.xml; It's dead, Jim + Properly reference headers + Update NEWS for release + +Petr Mrázek (1): + Bug 29051 – Configuration reload on every query + +Thanks to our contributors. + +David Zeuthen, +August 9, 2010 + +-------------- +PolicyKit 0.96 +-------------- + +This is PolicyKit 0.96. This is supposed to be the last release until 1.0. + +WARNING WARNING WARNING: This is a prerelease on the road to PolicyKit +1.0. Public API might change and certain parts of the code still needs +some security review. Use at your own risk. + +Build requirements + + glib, gobject, gio >= 2.21.4 + eggdbus-1 >= 0.6 + gobject-introspection >= 0.6.2 (optional) + pam + +Changes since PolicyKit 0.95: + +David Zeuthen (15): + Bug 25367 — Also read local authority configuration data from /etc + Fix logic error in pk-example-frobnicate + Run the open_session part of the PAM stack in pkexec(1) + Fix up last comment + Bug 25594 – System logging + Remove trailing whitespace from log messages + Properly handle return value from getpwnam_r() + Fix error message when no authentication agent is available + Make pkexec(1) validate environment variables + Make pkexec(1) use the syslogging facilities + Save original cwd in pkexec(1) since it will change during the life-time + Complain on stderr, not stdout + Post-release version bump to 0.96 + Don't log authorization checks + Update NEWS for release + +David Zeuthen, +January 15, 2010 + +-------------- +PolicyKit 0.95 +-------------- + +This is PolicyKit 0.95. This is supposed to be the last release until 1.0. + +WARNING WARNING WARNING: This is a prerelease on the road to PolicyKit +1.0. Public API might change and certain parts of the code still needs +some security review. Use at your own risk. + +Build requirements + + glib, gobject, gio >= 2.21.4 + eggdbus-1 >= 0.6 + gobject-introspection >= 0.6.2 (optional) + pam + +Changes since PolicyKit 0.94: + +Alexander Sack (1): + Bug 24566 – Properly _ref authority in singleton constructor + +Andreas Sandberg (1): + Bug 24235 – polkit-agent-helper may call pam_end with a stale pam handle + +Bastien Nocera (1): + Fix process start time when using polkit_unix_process_new_full() + +David Zeuthen (20): + Post-release version bump to 0.95 + Use correct program name when complaining about not being setuid root + Sort by action id in pkaction(1) output + Bug 23867 – UnixProcess vs. SystemBusName aliasing + Implement lockdown for the Local Authority implementation + Remove POLKIT_USER from configuration summary + Add missing comma so we're save both LANG and LANGUAGE, not only LANGLANGUAGE + Pass --libtool to g-ir-scanner + Clarify comment on where to find process start-time on Linux + Add properties with information about the currently used authority + Clarify when AllowUserInteraction should and shouldn't be used + Add methods AddLockdownForAction() and RemoveLockdownForAction() + Port lockdown from pklalockdown(1) to D-Bus methods + Drop ununsed policykit actions + Remove TODO about symbol visibility as this has been fixed for a while + Clarify pklocalauthority(8) man page + Properly validate all arguments passed via D-Bus + Add Python example + Fix make distcheck + Update NEWS for release + +Matthias Clasen (1): + Bug 24640 – Typos in pklocalauthority(8) + +Michael Biebl (8): + Trim the list of exported symbols + Use _polkit_agent_marshal prefix + Make private symbols accessible to libpolkitagent and libpolkitbackend + Make examples optional + Enable silent rules + Remove POLKIT_USER option + Don't include Polkit-1.0.gir in the dist tarball + Bug 24176 – Current git master fails to build, GLIB_LDADD -> GLIB_LIBS + +Samuel Thibault (1): + Bug 24495 – Fails to build on platforms without PATH_MAX (like hurd) + +David Zeuthen, +November 13, 2009 + +-------------- +PolicyKit 0.94 +-------------- + +This is PolicyKit 0.94. + +WARNING WARNING WARNING: This is a prerelease on the road to PolicyKit +1.0. Public API might change and certain parts of the code still needs +some security review. Use at your own risk. + +Build requirements + + glib, gobject, gio >= 2.21.4 + eggdbus-1 >= 0.5 + gobject-introspection >= 0.6.2 (optional) + pam + +Changes since PolicyKit 0.93: + + David Zeuthen (13): + Post-release version bump to 0.94 + Require correct versions of glib and eggdbus + Ignore .pkla files starting with dot and don't segfault on error path + Allow unprivileged callers to check authorizations + Don't spawn man(1) from a setuid program + Add polkit.retains_authorization_after_challenge to authz result + Ensure all fds except stdin/stdout/stderr are closed after exec(2) + Be more careful when determining process start time + Pass the right struct offset for the ::changed class signal handler + Don't set the GError if the process doesn't exist + Remove temporary authorization when the subject it applies to vanishes + Generate GI gir and typelibs for libpolkit-gobject-1 + Update NEWS for release + + Joe Marcus Clarke (1): + Bug 23093 – FreeBSD portability fixes + +David Zeuthen, +August 12, 2009 + +-------------- +PolicyKit 0.93 +-------------- + +This is PolicyKit 0.93. + +WARNING WARNING WARNING: This is a prerelease on the road to PolicyKit +1.0. Public API might change and certain parts of the code still needs +some security review. Use at your own risk. + +Build requirements + + glib, gobject, gio >= 2.21.4 + eggdbus-1 >= 0.5 + pam + +Changes since PolicyKit 0.92: + +David Zeuthen (16): + Post-release version bump to 0.93 + GIO modules need to be prefix with lib + Cancel an authentication if the unique name for the subject vanishes + Plug a couple of memory leaks + Move local authority management to a separate library + Rip out polkit-local and refactor local authority to only use tmp authz + Move authentication agent bits to separate authority subclass + Also pass the identity of the subject we are checking for + Actually make the local authority look up authorization files + In .pkla files, use Result{Any,Inactive,Active} instead of just Result + Rename some man pages and the daemon binary + Add docs detailing how the Local Authority works + Add support for querying and revoking temporary authorizations + Fix make distcheck + Update TODO + Update NEWS for release + +Yanko Kaneti (2): + Use unique ids for sections to prevent them being autogenerated + More unique ids to get the docs build fully predictable + +David Zeuthen, +July 20th, 2009 + +-------------- +PolicyKit 0.92 +-------------- + +This is PolicyKit 0.92. + +WARNING WARNING WARNING: This is a prerelease on the road to PolicyKit +1.0. Public API might change and certain parts of the code still needs +some security review. Use at your own risk. + +Build requirements + + glib, gobject, gio >= 2.14 + eggdbus-1 >= 0.4 + pam + +Changes since PolicyKit 0.91: + + David Zeuthen (36): + post-release version bump to 0.92 + install gtkdoc HTML in the proper location + Fix D-Bus policy to work with non-permissive D-Bus + Only allow privileged apps to check authz and add ActionLookup interface + Change the PolkitAuthorizationResult enumeration into an object + Port examples and command-line tools to new API + Move docs to proper location + Add a pkexec(1) command + Mention /usr/bin/pkexec in the configure blurb + Fix a bug where details were not shown for normal pkexec usage + Use an object, not a GHashTable when passing details around + Forgot to add source for PolkitDetails + Change the defaults for .run-frobnicate to auth_self_keep + Require eggdbus-1 >= 0.4 + Only free hash table if it's not NULL + Avoid returning an error if no authentication agent is available + Clarify docs for is_challenge member of the AuthorizationResult struct + Add pkcheck(1) command to check for authorizations + nullbackend: Catch up with latest API changes + Return the icon name instead of a GIcon in PolkitActionDescription + Add pkaction(1) and nuke polkit-1(1) commands + Update SEE ALSO sections in man pages + Add a man page for polkit-1(8) + First cut at some high-level docs + Improve pkexec(1) man page by adding screenshots of authentication dialogs + Add some more API docs + Add a "PolicyKit Overview" section to the docs + Consolidate all gtk-doc stuff in docs/polkit + Expand on the D-Bus docs + Use .../extensions instead of ../backends for loading extensions + Minor doc fixes + Move the doc chapters around a bit + Change GNOME to freedesktop.org in the docs + Fix make distcheck + Update NEWS + Also dist polkitd-1.xml + + Richard Hughes (2): + fix up gtk-doc API markup for a couple of functions + add a draft version of the porting guide -- WIP + +David Zeuthen, +June 8, 2009 diff --git a/README b/README new file mode 100644 index 00000000..b0751627 --- /dev/null +++ b/README @@ -0,0 +1,27 @@ +OVERVIEW +======== + +polkit is a toolkit for defining and handling authorizations. It is +used for allowing unprivileged processes to speak to privileged +processes. + +RELEASES +======== + +Releases of polkit are available in compressed tarballs from + + http://www.freedesktop.org/software/polkit/releases/ + +To verify the authenticity of the compressed tarball, use this command + + $ gpg --verify polkit-$(VERSION).tar.gz.sign polkit-$(VERSION).tar.gz + gpg: Signature made Sat 10 Mar 2012 03:00:30 PM EST using RSA key ID 3418A891 + gpg: Good signature from "David Zeuthen " + gpg: aka "[jpeg image of size 5237]" + +BUGS and DEVELOPMENT +==================== + +Please report bugs via the freedesktop.org bugzilla at + + https://bugs.freedesktop.org/enter_bug.cgi?product=PolicyKit diff --git a/aclocal.m4 b/aclocal.m4 new file mode 100644 index 00000000..2b058333 --- /dev/null +++ b/aclocal.m4 @@ -0,0 +1,10737 @@ +# generated automatically by aclocal 1.11.3 -*- Autoconf -*- + +# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, +# 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software Foundation, +# Inc. +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +m4_ifndef([AC_AUTOCONF_VERSION], + [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl +m4_if(m4_defn([AC_AUTOCONF_VERSION]), [2.68],, +[m4_warning([this file was generated for autoconf 2.68. +You have another version of autoconf. It may work, but is not guaranteed to. +If you have problems, you may need to regenerate the build system entirely. +To do so, use the procedure documented by the package, typically `autoreconf'.])]) + +# Copyright (C) 1995-2002 Free Software Foundation, Inc. +# Copyright (C) 2001-2003,2004 Red Hat, Inc. +# +# This file is free software, distributed under the terms of the GNU +# General Public License. As a special exception to the GNU General +# Public License, this file may be distributed as part of a program +# that contains a configuration script generated by Autoconf, under +# the same distribution terms as the rest of that program. +# +# This file can be copied and used freely without restrictions. It can +# be used in projects which are not available under the GNU Public License +# but which still want to provide support for the GNU gettext functionality. +# +# Macro to add for using GNU gettext. +# Ulrich Drepper , 1995, 1996 +# +# Modified to never use included libintl. +# Owen Taylor , 12/15/1998 +# +# Major rework to remove unused code +# Owen Taylor , 12/11/2002 +# +# Added better handling of ALL_LINGUAS from GNU gettext version +# written by Bruno Haible, Owen Taylor 5/30/3002 +# +# Modified to require ngettext +# Matthias Clasen 08/06/2004 +# +# We need this here as well, since someone might use autoconf-2.5x +# to configure GLib then an older version to configure a package +# using AM_GLIB_GNU_GETTEXT +AC_PREREQ(2.53) + +dnl +dnl We go to great lengths to make sure that aclocal won't +dnl try to pull in the installed version of these macros +dnl when running aclocal in the glib directory. +dnl +m4_copy([AC_DEFUN],[glib_DEFUN]) +m4_copy([AC_REQUIRE],[glib_REQUIRE]) +dnl +dnl At the end, if we're not within glib, we'll define the public +dnl definitions in terms of our private definitions. +dnl + +# GLIB_LC_MESSAGES +#-------------------- +glib_DEFUN([GLIB_LC_MESSAGES], + [AC_CHECK_HEADERS([locale.h]) + if test $ac_cv_header_locale_h = yes; then + AC_CACHE_CHECK([for LC_MESSAGES], am_cv_val_LC_MESSAGES, + [AC_TRY_LINK([#include ], [return LC_MESSAGES], + am_cv_val_LC_MESSAGES=yes, am_cv_val_LC_MESSAGES=no)]) + if test $am_cv_val_LC_MESSAGES = yes; then + AC_DEFINE(HAVE_LC_MESSAGES, 1, + [Define if your file defines LC_MESSAGES.]) + fi + fi]) + +# GLIB_PATH_PROG_WITH_TEST +#---------------------------- +dnl GLIB_PATH_PROG_WITH_TEST(VARIABLE, PROG-TO-CHECK-FOR, +dnl TEST-PERFORMED-ON-FOUND_PROGRAM [, VALUE-IF-NOT-FOUND [, PATH]]) +glib_DEFUN([GLIB_PATH_PROG_WITH_TEST], +[# Extract the first word of "$2", so it can be a program name with args. +set dummy $2; ac_word=[$]2 +AC_MSG_CHECKING([for $ac_word]) +AC_CACHE_VAL(ac_cv_path_$1, +[case "[$]$1" in + /*) + ac_cv_path_$1="[$]$1" # Let the user override the test with a path. + ;; + *) + IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:" + for ac_dir in ifelse([$5], , $PATH, [$5]); do + test -z "$ac_dir" && ac_dir=. + if test -f $ac_dir/$ac_word; then + if [$3]; then + ac_cv_path_$1="$ac_dir/$ac_word" + break + fi + fi + done + IFS="$ac_save_ifs" +dnl If no 4th arg is given, leave the cache variable unset, +dnl so AC_PATH_PROGS will keep looking. +ifelse([$4], , , [ test -z "[$]ac_cv_path_$1" && ac_cv_path_$1="$4" +])dnl + ;; +esac])dnl +$1="$ac_cv_path_$1" +if test ifelse([$4], , [-n "[$]$1"], ["[$]$1" != "$4"]); then + AC_MSG_RESULT([$]$1) +else + AC_MSG_RESULT(no) +fi +AC_SUBST($1)dnl +]) + +# GLIB_WITH_NLS +#----------------- +glib_DEFUN([GLIB_WITH_NLS], + dnl NLS is obligatory + [USE_NLS=yes + AC_SUBST(USE_NLS) + + gt_cv_have_gettext=no + + CATOBJEXT=NONE + XGETTEXT=: + INTLLIBS= + + AC_CHECK_HEADER(libintl.h, + [gt_cv_func_dgettext_libintl="no" + libintl_extra_libs="" + + # + # First check in libc + # + AC_CACHE_CHECK([for ngettext in libc], gt_cv_func_ngettext_libc, + [AC_TRY_LINK([ +#include +], + [return !ngettext ("","", 1)], + gt_cv_func_ngettext_libc=yes, + gt_cv_func_ngettext_libc=no) + ]) + + if test "$gt_cv_func_ngettext_libc" = "yes" ; then + AC_CACHE_CHECK([for dgettext in libc], gt_cv_func_dgettext_libc, + [AC_TRY_LINK([ +#include +], + [return !dgettext ("","")], + gt_cv_func_dgettext_libc=yes, + gt_cv_func_dgettext_libc=no) + ]) + fi + + if test "$gt_cv_func_ngettext_libc" = "yes" ; then + AC_CHECK_FUNCS(bind_textdomain_codeset) + fi + + # + # If we don't have everything we want, check in libintl + # + if test "$gt_cv_func_dgettext_libc" != "yes" \ + || test "$gt_cv_func_ngettext_libc" != "yes" \ + || test "$ac_cv_func_bind_textdomain_codeset" != "yes" ; then + + AC_CHECK_LIB(intl, bindtextdomain, + [AC_CHECK_LIB(intl, ngettext, + [AC_CHECK_LIB(intl, dgettext, + gt_cv_func_dgettext_libintl=yes)])]) + + if test "$gt_cv_func_dgettext_libintl" != "yes" ; then + AC_MSG_CHECKING([if -liconv is needed to use gettext]) + AC_MSG_RESULT([]) + AC_CHECK_LIB(intl, ngettext, + [AC_CHECK_LIB(intl, dcgettext, + [gt_cv_func_dgettext_libintl=yes + libintl_extra_libs=-liconv], + :,-liconv)], + :,-liconv) + fi + + # + # If we found libintl, then check in it for bind_textdomain_codeset(); + # we'll prefer libc if neither have bind_textdomain_codeset(), + # and both have dgettext and ngettext + # + if test "$gt_cv_func_dgettext_libintl" = "yes" ; then + glib_save_LIBS="$LIBS" + LIBS="$LIBS -lintl $libintl_extra_libs" + unset ac_cv_func_bind_textdomain_codeset + AC_CHECK_FUNCS(bind_textdomain_codeset) + LIBS="$glib_save_LIBS" + + if test "$ac_cv_func_bind_textdomain_codeset" = "yes" ; then + gt_cv_func_dgettext_libc=no + else + if test "$gt_cv_func_dgettext_libc" = "yes" \ + && test "$gt_cv_func_ngettext_libc" = "yes"; then + gt_cv_func_dgettext_libintl=no + fi + fi + fi + fi + + if test "$gt_cv_func_dgettext_libc" = "yes" \ + || test "$gt_cv_func_dgettext_libintl" = "yes"; then + gt_cv_have_gettext=yes + fi + + if test "$gt_cv_func_dgettext_libintl" = "yes"; then + INTLLIBS="-lintl $libintl_extra_libs" + fi + + if test "$gt_cv_have_gettext" = "yes"; then + AC_DEFINE(HAVE_GETTEXT,1, + [Define if the GNU gettext() function is already present or preinstalled.]) + GLIB_PATH_PROG_WITH_TEST(MSGFMT, msgfmt, + [test -z "`$ac_dir/$ac_word -h 2>&1 | grep 'dv '`"], no)dnl + if test "$MSGFMT" != "no"; then + glib_save_LIBS="$LIBS" + LIBS="$LIBS $INTLLIBS" + AC_CHECK_FUNCS(dcgettext) + MSGFMT_OPTS= + AC_MSG_CHECKING([if msgfmt accepts -c]) + GLIB_RUN_PROG([$MSGFMT -c -o /dev/null],[ +msgid "" +msgstr "" +"Content-Type: text/plain; charset=UTF-8\n" +"Project-Id-Version: test 1.0\n" +"PO-Revision-Date: 2007-02-15 12:01+0100\n" +"Last-Translator: test \n" +"Language-Team: C \n" +"MIME-Version: 1.0\n" +"Content-Transfer-Encoding: 8bit\n" +], [MSGFMT_OPTS=-c; AC_MSG_RESULT([yes])], [AC_MSG_RESULT([no])]) + AC_SUBST(MSGFMT_OPTS) + AC_PATH_PROG(GMSGFMT, gmsgfmt, $MSGFMT) + GLIB_PATH_PROG_WITH_TEST(XGETTEXT, xgettext, + [test -z "`$ac_dir/$ac_word -h 2>&1 | grep '(HELP)'`"], :) + AC_TRY_LINK(, [extern int _nl_msg_cat_cntr; + return _nl_msg_cat_cntr], + [CATOBJEXT=.gmo + DATADIRNAME=share], + [case $host in + *-*-solaris*) + dnl On Solaris, if bind_textdomain_codeset is in libc, + dnl GNU format message catalog is always supported, + dnl since both are added to the libc all together. + dnl Hence, we'd like to go with DATADIRNAME=share and + dnl and CATOBJEXT=.gmo in this case. + AC_CHECK_FUNC(bind_textdomain_codeset, + [CATOBJEXT=.gmo + DATADIRNAME=share], + [CATOBJEXT=.mo + DATADIRNAME=lib]) + ;; + *-*-openbsd*) + CATOBJEXT=.mo + DATADIRNAME=share + ;; + *) + CATOBJEXT=.mo + DATADIRNAME=lib + ;; + esac]) + LIBS="$glib_save_LIBS" + INSTOBJEXT=.mo + else + gt_cv_have_gettext=no + fi + fi + ]) + + if test "$gt_cv_have_gettext" = "yes" ; then + AC_DEFINE(ENABLE_NLS, 1, + [always defined to indicate that i18n is enabled]) + fi + + dnl Test whether we really found GNU xgettext. + if test "$XGETTEXT" != ":"; then + dnl If it is not GNU xgettext we define it as : so that the + dnl Makefiles still can work. + if $XGETTEXT --omit-header /dev/null 2> /dev/null; then + : ; + else + AC_MSG_RESULT( + [found xgettext program is not GNU xgettext; ignore it]) + XGETTEXT=":" + fi + fi + + # We need to process the po/ directory. + POSUB=po + + AC_OUTPUT_COMMANDS( + [case "$CONFIG_FILES" in *po/Makefile.in*) + sed -e "/POTFILES =/r po/POTFILES" po/Makefile.in > po/Makefile + esac]) + + dnl These rules are solely for the distribution goal. While doing this + dnl we only have to keep exactly one list of the available catalogs + dnl in configure.ac. + for lang in $ALL_LINGUAS; do + GMOFILES="$GMOFILES $lang.gmo" + POFILES="$POFILES $lang.po" + done + + dnl Make all variables we use known to autoconf. + AC_SUBST(CATALOGS) + AC_SUBST(CATOBJEXT) + AC_SUBST(DATADIRNAME) + AC_SUBST(GMOFILES) + AC_SUBST(INSTOBJEXT) + AC_SUBST(INTLLIBS) + AC_SUBST(PO_IN_DATADIR_TRUE) + AC_SUBST(PO_IN_DATADIR_FALSE) + AC_SUBST(POFILES) + AC_SUBST(POSUB) + ]) + +# AM_GLIB_GNU_GETTEXT +# ------------------- +# Do checks necessary for use of gettext. If a suitable implementation +# of gettext is found in either in libintl or in the C library, +# it will set INTLLIBS to the libraries needed for use of gettext +# and AC_DEFINE() HAVE_GETTEXT and ENABLE_NLS. (The shell variable +# gt_cv_have_gettext will be set to "yes".) It will also call AC_SUBST() +# on various variables needed by the Makefile.in.in installed by +# glib-gettextize. +dnl +glib_DEFUN([GLIB_GNU_GETTEXT], + [AC_REQUIRE([AC_PROG_CC])dnl + AC_REQUIRE([AC_HEADER_STDC])dnl + + GLIB_LC_MESSAGES + GLIB_WITH_NLS + + if test "$gt_cv_have_gettext" = "yes"; then + if test "x$ALL_LINGUAS" = "x"; then + LINGUAS= + else + AC_MSG_CHECKING(for catalogs to be installed) + NEW_LINGUAS= + for presentlang in $ALL_LINGUAS; do + useit=no + if test "%UNSET%" != "${LINGUAS-%UNSET%}"; then + desiredlanguages="$LINGUAS" + else + desiredlanguages="$ALL_LINGUAS" + fi + for desiredlang in $desiredlanguages; do + # Use the presentlang catalog if desiredlang is + # a. equal to presentlang, or + # b. a variant of presentlang (because in this case, + # presentlang can be used as a fallback for messages + # which are not translated in the desiredlang catalog). + case "$desiredlang" in + "$presentlang"*) useit=yes;; + esac + done + if test $useit = yes; then + NEW_LINGUAS="$NEW_LINGUAS $presentlang" + fi + done + LINGUAS=$NEW_LINGUAS + AC_MSG_RESULT($LINGUAS) + fi + + dnl Construct list of names of catalog files to be constructed. + if test -n "$LINGUAS"; then + for lang in $LINGUAS; do CATALOGS="$CATALOGS $lang$CATOBJEXT"; done + fi + fi + + dnl If the AC_CONFIG_AUX_DIR macro for autoconf is used we possibly + dnl find the mkinstalldirs script in another subdir but ($top_srcdir). + dnl Try to locate is. + MKINSTALLDIRS= + if test -n "$ac_aux_dir"; then + MKINSTALLDIRS="$ac_aux_dir/mkinstalldirs" + fi + if test -z "$MKINSTALLDIRS"; then + MKINSTALLDIRS="\$(top_srcdir)/mkinstalldirs" + fi + AC_SUBST(MKINSTALLDIRS) + + dnl Generate list of files to be processed by xgettext which will + dnl be included in po/Makefile. + test -d po || mkdir po + if test "x$srcdir" != "x."; then + if test "x`echo $srcdir | sed 's@/.*@@'`" = "x"; then + posrcprefix="$srcdir/" + else + posrcprefix="../$srcdir/" + fi + else + posrcprefix="../" + fi + rm -f po/POTFILES + sed -e "/^#/d" -e "/^\$/d" -e "s,.*, $posrcprefix& \\\\," -e "\$s/\(.*\) \\\\/\1/" \ + < $srcdir/po/POTFILES.in > po/POTFILES + ]) + +# AM_GLIB_DEFINE_LOCALEDIR(VARIABLE) +# ------------------------------- +# Define VARIABLE to the location where catalog files will +# be installed by po/Makefile. +glib_DEFUN([GLIB_DEFINE_LOCALEDIR], +[glib_REQUIRE([GLIB_GNU_GETTEXT])dnl +glib_save_prefix="$prefix" +glib_save_exec_prefix="$exec_prefix" +glib_save_datarootdir="$datarootdir" +test "x$prefix" = xNONE && prefix=$ac_default_prefix +test "x$exec_prefix" = xNONE && exec_prefix=$prefix +datarootdir=`eval echo "${datarootdir}"` +if test "x$CATOBJEXT" = "x.mo" ; then + localedir=`eval echo "${libdir}/locale"` +else + localedir=`eval echo "${datadir}/locale"` +fi +prefix="$glib_save_prefix" +exec_prefix="$glib_save_exec_prefix" +datarootdir="$glib_save_datarootdir" +AC_DEFINE_UNQUOTED($1, "$localedir", + [Define the location where the catalogs will be installed]) +]) + +dnl +dnl Now the definitions that aclocal will find +dnl +ifdef(glib_configure_ac,[],[ +AC_DEFUN([AM_GLIB_GNU_GETTEXT],[GLIB_GNU_GETTEXT($@)]) +AC_DEFUN([AM_GLIB_DEFINE_LOCALEDIR],[GLIB_DEFINE_LOCALEDIR($@)]) +])dnl + +# GLIB_RUN_PROG(PROGRAM, TEST-FILE, [ACTION-IF-PASS], [ACTION-IF-FAIL]) +# +# Create a temporary file with TEST-FILE as its contents and pass the +# file name to PROGRAM. Perform ACTION-IF-PASS if PROGRAM exits with +# 0 and perform ACTION-IF-FAIL for any other exit status. +AC_DEFUN([GLIB_RUN_PROG], +[cat >conftest.foo <<_ACEOF +$2 +_ACEOF +if AC_RUN_LOG([$1 conftest.foo]); then + m4_ifval([$3], [$3], [:]) +m4_ifvaln([$4], [else $4])dnl +echo "$as_me: failed input was:" >&AS_MESSAGE_LOG_FD +sed 's/^/| /' conftest.foo >&AS_MESSAGE_LOG_FD +fi]) + + +dnl -*- mode: autoconf -*- + +# serial 1 + +dnl Usage: +dnl GTK_DOC_CHECK([minimum-gtk-doc-version]) +AC_DEFUN([GTK_DOC_CHECK], +[ + AC_REQUIRE([PKG_PROG_PKG_CONFIG]) + AC_BEFORE([AC_PROG_LIBTOOL],[$0])dnl setup libtool first + AC_BEFORE([AM_PROG_LIBTOOL],[$0])dnl setup libtool first + + dnl check for tools we added during development + AC_PATH_PROG([GTKDOC_CHECK],[gtkdoc-check]) + AC_PATH_PROGS([GTKDOC_REBASE],[gtkdoc-rebase],[true]) + AC_PATH_PROG([GTKDOC_MKPDF],[gtkdoc-mkpdf]) + + dnl for overriding the documentation installation directory + AC_ARG_WITH([html-dir], + AS_HELP_STRING([--with-html-dir=PATH], [path to installed docs]),, + [with_html_dir='${datadir}/gtk-doc/html']) + HTML_DIR="$with_html_dir" + AC_SUBST([HTML_DIR]) + + dnl enable/disable documentation building + AC_ARG_ENABLE([gtk-doc], + AS_HELP_STRING([--enable-gtk-doc], + [use gtk-doc to build documentation [[default=no]]]),, + [enable_gtk_doc=no]) + + if test x$enable_gtk_doc = xyes; then + ifelse([$1],[], + [PKG_CHECK_EXISTS([gtk-doc],, + AC_MSG_ERROR([gtk-doc not installed and --enable-gtk-doc requested]))], + [PKG_CHECK_EXISTS([gtk-doc >= $1],, + AC_MSG_ERROR([You need to have gtk-doc >= $1 installed to build $PACKAGE_NAME]))]) + dnl don't check for glib if we build glib + if test "x$PACKAGE_NAME" != "xglib"; then + dnl don't fail if someone does not have glib + PKG_CHECK_MODULES(GTKDOC_DEPS, glib-2.0 >= 2.10.0 gobject-2.0 >= 2.10.0,,) + fi + fi + + AC_MSG_CHECKING([whether to build gtk-doc documentation]) + AC_MSG_RESULT($enable_gtk_doc) + + dnl enable/disable output formats + AC_ARG_ENABLE([gtk-doc-html], + AS_HELP_STRING([--enable-gtk-doc-html], + [build documentation in html format [[default=yes]]]),, + [enable_gtk_doc_html=yes]) + AC_ARG_ENABLE([gtk-doc-pdf], + AS_HELP_STRING([--enable-gtk-doc-pdf], + [build documentation in pdf format [[default=no]]]),, + [enable_gtk_doc_pdf=no]) + + if test -z "$GTKDOC_MKPDF"; then + enable_gtk_doc_pdf=no + fi + + + AM_CONDITIONAL([ENABLE_GTK_DOC], [test x$enable_gtk_doc = xyes]) + AM_CONDITIONAL([GTK_DOC_BUILD_HTML], [test x$enable_gtk_doc_html = xyes]) + AM_CONDITIONAL([GTK_DOC_BUILD_PDF], [test x$enable_gtk_doc_pdf = xyes]) + AM_CONDITIONAL([GTK_DOC_USE_LIBTOOL], [test -n "$LIBTOOL"]) + AM_CONDITIONAL([GTK_DOC_USE_REBASE], [test -n "$GTKDOC_REBASE"]) +]) + + +dnl IT_PROG_INTLTOOL([MINIMUM-VERSION], [no-xml]) +# serial 42 IT_PROG_INTLTOOL +AC_DEFUN([IT_PROG_INTLTOOL], [ +AC_PREREQ([2.50])dnl +AC_REQUIRE([AM_NLS])dnl + +case "$am__api_version" in + 1.[01234]) + AC_MSG_ERROR([Automake 1.5 or newer is required to use intltool]) + ;; + *) + ;; +esac + +INTLTOOL_REQUIRED_VERSION_AS_INT=`echo $1 | awk -F. '{ print $ 1 * 1000 + $ 2 * 100 + $ 3; }'` +INTLTOOL_APPLIED_VERSION=`intltool-update --version | head -1 | cut -d" " -f3` +INTLTOOL_APPLIED_VERSION_AS_INT=`echo $INTLTOOL_APPLIED_VERSION | awk -F. '{ print $ 1 * 1000 + $ 2 * 100 + $ 3; }'` +if test -n "$1"; then + AC_MSG_CHECKING([for intltool >= $1]) + AC_MSG_RESULT([$INTLTOOL_APPLIED_VERSION found]) + test "$INTLTOOL_APPLIED_VERSION_AS_INT" -ge "$INTLTOOL_REQUIRED_VERSION_AS_INT" || + AC_MSG_ERROR([Your intltool is too old. You need intltool $1 or later.]) +fi + +AC_PATH_PROG(INTLTOOL_UPDATE, [intltool-update]) +AC_PATH_PROG(INTLTOOL_MERGE, [intltool-merge]) +AC_PATH_PROG(INTLTOOL_EXTRACT, [intltool-extract]) +if test -z "$INTLTOOL_UPDATE" -o -z "$INTLTOOL_MERGE" -o -z "$INTLTOOL_EXTRACT"; then + AC_MSG_ERROR([The intltool scripts were not found. Please install intltool.]) +fi + +if test -z "$AM_DEFAULT_VERBOSITY"; then + AM_DEFAULT_VERBOSITY=1 +fi +AC_SUBST([AM_DEFAULT_VERBOSITY]) + +INTLTOOL_V_MERGE='$(INTLTOOL__v_MERGE_$(V))' +INTLTOOL__v_MERGE_='$(INTLTOOL__v_MERGE_$(AM_DEFAULT_VERBOSITY))' +INTLTOOL__v_MERGE_0='@echo " ITMRG " [$]@;' +AC_SUBST(INTLTOOL_V_MERGE) +AC_SUBST(INTLTOOL__v_MERGE_) +AC_SUBST(INTLTOOL__v_MERGE_0) + +INTLTOOL_V_MERGE_OPTIONS='$(intltool__v_merge_options_$(V))' +intltool__v_merge_options_='$(intltool__v_merge_options_$(AM_DEFAULT_VERBOSITY))' +intltool__v_merge_options_0='-q' +AC_SUBST(INTLTOOL_V_MERGE_OPTIONS) +AC_SUBST(intltool__v_merge_options_) +AC_SUBST(intltool__v_merge_options_0) + + INTLTOOL_DESKTOP_RULE='%.desktop: %.desktop.in $(INTLTOOL_MERGE) $(wildcard $(top_srcdir)/po/*.po) ; $(INTLTOOL_V_MERGE)LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -d -u -c $(top_builddir)/po/.intltool-merge-cache $(top_srcdir)/po $< [$]@' +INTLTOOL_DIRECTORY_RULE='%.directory: %.directory.in $(INTLTOOL_MERGE) $(wildcard $(top_srcdir)/po/*.po) ; $(INTLTOOL_V_MERGE)LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -d -u -c $(top_builddir)/po/.intltool-merge-cache $(top_srcdir)/po $< [$]@' + INTLTOOL_KEYS_RULE='%.keys: %.keys.in $(INTLTOOL_MERGE) $(wildcard $(top_srcdir)/po/*.po) ; $(INTLTOOL_V_MERGE)LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -k -u -c $(top_builddir)/po/.intltool-merge-cache $(top_srcdir)/po $< [$]@' + INTLTOOL_PROP_RULE='%.prop: %.prop.in $(INTLTOOL_MERGE) $(wildcard $(top_srcdir)/po/*.po) ; $(INTLTOOL_V_MERGE)LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -d -u -c $(top_builddir)/po/.intltool-merge-cache $(top_srcdir)/po $< [$]@' + INTLTOOL_OAF_RULE='%.oaf: %.oaf.in $(INTLTOOL_MERGE) $(wildcard $(top_srcdir)/po/*.po) ; $(INTLTOOL_V_MERGE)LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -o -p $(top_srcdir)/po $< [$]@' + INTLTOOL_PONG_RULE='%.pong: %.pong.in $(INTLTOOL_MERGE) $(wildcard $(top_srcdir)/po/*.po) ; $(INTLTOOL_V_MERGE)LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -x -u -c $(top_builddir)/po/.intltool-merge-cache $(top_srcdir)/po $< [$]@' + INTLTOOL_SERVER_RULE='%.server: %.server.in $(INTLTOOL_MERGE) $(wildcard $(top_srcdir)/po/*.po) ; $(INTLTOOL_V_MERGE)LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -o -u -c $(top_builddir)/po/.intltool-merge-cache $(top_srcdir)/po $< [$]@' + INTLTOOL_SHEET_RULE='%.sheet: %.sheet.in $(INTLTOOL_MERGE) $(wildcard $(top_srcdir)/po/*.po) ; $(INTLTOOL_V_MERGE)LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -x -u -c $(top_builddir)/po/.intltool-merge-cache $(top_srcdir)/po $< [$]@' +INTLTOOL_SOUNDLIST_RULE='%.soundlist: %.soundlist.in $(INTLTOOL_MERGE) $(wildcard $(top_srcdir)/po/*.po) ; $(INTLTOOL_V_MERGE)LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -d -u -c $(top_builddir)/po/.intltool-merge-cache $(top_srcdir)/po $< [$]@' + INTLTOOL_UI_RULE='%.ui: %.ui.in $(INTLTOOL_MERGE) $(wildcard $(top_srcdir)/po/*.po) ; $(INTLTOOL_V_MERGE)LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -x -u -c $(top_builddir)/po/.intltool-merge-cache $(top_srcdir)/po $< [$]@' + INTLTOOL_XML_RULE='%.xml: %.xml.in $(INTLTOOL_MERGE) $(wildcard $(top_srcdir)/po/*.po) ; $(INTLTOOL_V_MERGE)LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -x -u -c $(top_builddir)/po/.intltool-merge-cache $(top_srcdir)/po $< [$]@' +if test "$INTLTOOL_APPLIED_VERSION_AS_INT" -ge 5000; then + INTLTOOL_XML_NOMERGE_RULE='%.xml: %.xml.in $(INTLTOOL_MERGE) ; $(INTLTOOL_V_MERGE)LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -x -u --no-translations $< [$]@' +else + INTLTOOL_XML_NOMERGE_RULE='%.xml: %.xml.in $(INTLTOOL_MERGE) ; $(INTLTOOL_V_MERGE)_it_tmp_dir=tmp.intltool.[$][$]RANDOM && mkdir [$][$]_it_tmp_dir && LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -x -u [$][$]_it_tmp_dir $< [$]@ && rmdir [$][$]_it_tmp_dir' +fi + INTLTOOL_XAM_RULE='%.xam: %.xml.in $(INTLTOOL_MERGE) $(wildcard $(top_srcdir)/po/*.po) ; $(INTLTOOL_V_MERGE)LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -x -u -c $(top_builddir)/po/.intltool-merge-cache $(top_srcdir)/po $< [$]@' + INTLTOOL_KBD_RULE='%.kbd: %.kbd.in $(INTLTOOL_MERGE) $(wildcard $(top_srcdir)/po/*.po) ; $(INTLTOOL_V_MERGE)LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -x -u -m -c $(top_builddir)/po/.intltool-merge-cache $(top_srcdir)/po $< [$]@' + INTLTOOL_CAVES_RULE='%.caves: %.caves.in $(INTLTOOL_MERGE) $(wildcard $(top_srcdir)/po/*.po) ; $(INTLTOOL_V_MERGE)LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -d -u -c $(top_builddir)/po/.intltool-merge-cache $(top_srcdir)/po $< [$]@' + INTLTOOL_SCHEMAS_RULE='%.schemas: %.schemas.in $(INTLTOOL_MERGE) $(wildcard $(top_srcdir)/po/*.po) ; $(INTLTOOL_V_MERGE)LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -s -u -c $(top_builddir)/po/.intltool-merge-cache $(top_srcdir)/po $< [$]@' + INTLTOOL_THEME_RULE='%.theme: %.theme.in $(INTLTOOL_MERGE) $(wildcard $(top_srcdir)/po/*.po) ; $(INTLTOOL_V_MERGE)LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -d -u -c $(top_builddir)/po/.intltool-merge-cache $(top_srcdir)/po $< [$]@' + INTLTOOL_SERVICE_RULE='%.service: %.service.in $(INTLTOOL_MERGE) $(wildcard $(top_srcdir)/po/*.po) ; $(INTLTOOL_V_MERGE)LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -d -u -c $(top_builddir)/po/.intltool-merge-cache $(top_srcdir)/po $< [$]@' + INTLTOOL_POLICY_RULE='%.policy: %.policy.in $(INTLTOOL_MERGE) $(wildcard $(top_srcdir)/po/*.po) ; $(INTLTOOL_V_MERGE)LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -x -u -c $(top_builddir)/po/.intltool-merge-cache $(top_srcdir)/po $< [$]@' + +_IT_SUBST(INTLTOOL_DESKTOP_RULE) +_IT_SUBST(INTLTOOL_DIRECTORY_RULE) +_IT_SUBST(INTLTOOL_KEYS_RULE) +_IT_SUBST(INTLTOOL_PROP_RULE) +_IT_SUBST(INTLTOOL_OAF_RULE) +_IT_SUBST(INTLTOOL_PONG_RULE) +_IT_SUBST(INTLTOOL_SERVER_RULE) +_IT_SUBST(INTLTOOL_SHEET_RULE) +_IT_SUBST(INTLTOOL_SOUNDLIST_RULE) +_IT_SUBST(INTLTOOL_UI_RULE) +_IT_SUBST(INTLTOOL_XAM_RULE) +_IT_SUBST(INTLTOOL_KBD_RULE) +_IT_SUBST(INTLTOOL_XML_RULE) +_IT_SUBST(INTLTOOL_XML_NOMERGE_RULE) +_IT_SUBST(INTLTOOL_CAVES_RULE) +_IT_SUBST(INTLTOOL_SCHEMAS_RULE) +_IT_SUBST(INTLTOOL_THEME_RULE) +_IT_SUBST(INTLTOOL_SERVICE_RULE) +_IT_SUBST(INTLTOOL_POLICY_RULE) + +# Check the gettext tools to make sure they are GNU +AC_PATH_PROG(XGETTEXT, xgettext) +AC_PATH_PROG(MSGMERGE, msgmerge) +AC_PATH_PROG(MSGFMT, msgfmt) +AC_PATH_PROG(GMSGFMT, gmsgfmt, $MSGFMT) +if test -z "$XGETTEXT" -o -z "$MSGMERGE" -o -z "$MSGFMT"; then + AC_MSG_ERROR([GNU gettext tools not found; required for intltool]) +fi +xgversion="`$XGETTEXT --version|grep '(GNU ' 2> /dev/null`" +mmversion="`$MSGMERGE --version|grep '(GNU ' 2> /dev/null`" +mfversion="`$MSGFMT --version|grep '(GNU ' 2> /dev/null`" +if test -z "$xgversion" -o -z "$mmversion" -o -z "$mfversion"; then + AC_MSG_ERROR([GNU gettext tools not found; required for intltool]) +fi + +AC_PATH_PROG(INTLTOOL_PERL, perl) +if test -z "$INTLTOOL_PERL"; then + AC_MSG_ERROR([perl not found]) +fi +AC_MSG_CHECKING([for perl >= 5.8.1]) +$INTLTOOL_PERL -e "use 5.8.1;" > /dev/null 2>&1 +if test $? -ne 0; then + AC_MSG_ERROR([perl 5.8.1 is required for intltool]) +else + IT_PERL_VERSION=`$INTLTOOL_PERL -e "printf '%vd', $^V"` + AC_MSG_RESULT([$IT_PERL_VERSION]) +fi +if test "x$2" != "xno-xml"; then + AC_MSG_CHECKING([for XML::Parser]) + if `$INTLTOOL_PERL -e "require XML::Parser" 2>/dev/null`; then + AC_MSG_RESULT([ok]) + else + AC_MSG_ERROR([XML::Parser perl module is required for intltool]) + fi +fi + +# Substitute ALL_LINGUAS so we can use it in po/Makefile +AC_SUBST(ALL_LINGUAS) + +# Set DATADIRNAME correctly if it is not set yet +# (copied from glib-gettext.m4) +if test -z "$DATADIRNAME"; then + AC_LINK_IFELSE( + [AC_LANG_PROGRAM([[]], + [[extern int _nl_msg_cat_cntr; + return _nl_msg_cat_cntr]])], + [DATADIRNAME=share], + [case $host in + *-*-solaris*) + dnl On Solaris, if bind_textdomain_codeset is in libc, + dnl GNU format message catalog is always supported, + dnl since both are added to the libc all together. + dnl Hence, we'd like to go with DATADIRNAME=share + dnl in this case. + AC_CHECK_FUNC(bind_textdomain_codeset, + [DATADIRNAME=share], [DATADIRNAME=lib]) + ;; + *) + [DATADIRNAME=lib] + ;; + esac]) +fi +AC_SUBST(DATADIRNAME) + +IT_PO_SUBDIR([po]) + +]) + + +# IT_PO_SUBDIR(DIRNAME) +# --------------------- +# All po subdirs have to be declared with this macro; the subdir "po" is +# declared by IT_PROG_INTLTOOL. +# +AC_DEFUN([IT_PO_SUBDIR], +[AC_PREREQ([2.53])dnl We use ac_top_srcdir inside AC_CONFIG_COMMANDS. +dnl +dnl The following CONFIG_COMMANDS should be executed at the very end +dnl of config.status. +AC_CONFIG_COMMANDS_PRE([ + AC_CONFIG_COMMANDS([$1/stamp-it], [ + if [ ! grep "^# INTLTOOL_MAKEFILE$" "$1/Makefile.in" > /dev/null ]; then + AC_MSG_ERROR([$1/Makefile.in.in was not created by intltoolize.]) + fi + rm -f "$1/stamp-it" "$1/stamp-it.tmp" "$1/POTFILES" "$1/Makefile.tmp" + >"$1/stamp-it.tmp" + [sed '/^#/d + s/^[[].*] *// + /^[ ]*$/d + '"s|^| $ac_top_srcdir/|" \ + "$srcdir/$1/POTFILES.in" | sed '$!s/$/ \\/' >"$1/POTFILES" + ] + [sed '/^POTFILES =/,/[^\\]$/ { + /^POTFILES =/!d + r $1/POTFILES + } + ' "$1/Makefile.in" >"$1/Makefile"] + rm -f "$1/Makefile.tmp" + mv "$1/stamp-it.tmp" "$1/stamp-it" + ]) +])dnl +]) + +# _IT_SUBST(VARIABLE) +# ------------------- +# Abstract macro to do either _AM_SUBST_NOTMAKE or AC_SUBST +# +AC_DEFUN([_IT_SUBST], +[ +AC_SUBST([$1]) +m4_ifdef([_AM_SUBST_NOTMAKE], [_AM_SUBST_NOTMAKE([$1])]) +] +) + +# deprecated macros +AU_ALIAS([AC_PROG_INTLTOOL], [IT_PROG_INTLTOOL]) +# A hint is needed for aclocal from Automake <= 1.9.4: +# AC_DEFUN([AC_PROG_INTLTOOL], ...) + + +dnl -*- mode: autoconf -*- +dnl Copyright 2009 Johan Dahlin +dnl +dnl This file is free software; the author(s) gives unlimited +dnl permission to copy and/or distribute it, with or without +dnl modifications, as long as this notice is preserved. +dnl + +# serial 1 + +m4_define([_GOBJECT_INTROSPECTION_CHECK_INTERNAL], +[ + AC_BEFORE([AC_PROG_LIBTOOL],[$0])dnl setup libtool first + AC_BEFORE([AM_PROG_LIBTOOL],[$0])dnl setup libtool first + AC_BEFORE([LT_INIT],[$0])dnl setup libtool first + + dnl enable/disable introspection + m4_if([$2], [require], + [dnl + enable_introspection=yes + ],[dnl + AC_ARG_ENABLE(introspection, + AS_HELP_STRING([--enable-introspection[=@<:@no/auto/yes@:>@]], + [Enable introspection for this build]),, + [enable_introspection=auto]) + ])dnl + + AC_MSG_CHECKING([for gobject-introspection]) + + dnl presence/version checking + AS_CASE([$enable_introspection], + [no], [dnl + found_introspection="no (disabled, use --enable-introspection to enable)" + ],dnl + [yes],[dnl + PKG_CHECK_EXISTS([gobject-introspection-1.0],, + AC_MSG_ERROR([gobject-introspection-1.0 is not installed])) + PKG_CHECK_EXISTS([gobject-introspection-1.0 >= $1], + found_introspection=yes, + AC_MSG_ERROR([You need to have gobject-introspection >= $1 installed to build AC_PACKAGE_NAME])) + ],dnl + [auto],[dnl + PKG_CHECK_EXISTS([gobject-introspection-1.0 >= $1], found_introspection=yes, found_introspection=no) + dnl Canonicalize enable_introspection + enable_introspection=$found_introspection + ],dnl + [dnl + AC_MSG_ERROR([invalid argument passed to --enable-introspection, should be one of @<:@no/auto/yes@:>@]) + ])dnl + + AC_MSG_RESULT([$found_introspection]) + + INTROSPECTION_SCANNER= + INTROSPECTION_COMPILER= + INTROSPECTION_GENERATE= + INTROSPECTION_GIRDIR= + INTROSPECTION_TYPELIBDIR= + if test "x$found_introspection" = "xyes"; then + INTROSPECTION_SCANNER=`$PKG_CONFIG --variable=g_ir_scanner gobject-introspection-1.0` + INTROSPECTION_COMPILER=`$PKG_CONFIG --variable=g_ir_compiler gobject-introspection-1.0` + INTROSPECTION_GENERATE=`$PKG_CONFIG --variable=g_ir_generate gobject-introspection-1.0` + INTROSPECTION_GIRDIR=`$PKG_CONFIG --variable=girdir gobject-introspection-1.0` + INTROSPECTION_TYPELIBDIR="$($PKG_CONFIG --variable=typelibdir gobject-introspection-1.0)" + INTROSPECTION_CFLAGS=`$PKG_CONFIG --cflags gobject-introspection-1.0` + INTROSPECTION_LIBS=`$PKG_CONFIG --libs gobject-introspection-1.0` + INTROSPECTION_MAKEFILE=`$PKG_CONFIG --variable=datadir gobject-introspection-1.0`/gobject-introspection-1.0/Makefile.introspection + fi + AC_SUBST(INTROSPECTION_SCANNER) + AC_SUBST(INTROSPECTION_COMPILER) + AC_SUBST(INTROSPECTION_GENERATE) + AC_SUBST(INTROSPECTION_GIRDIR) + AC_SUBST(INTROSPECTION_TYPELIBDIR) + AC_SUBST(INTROSPECTION_CFLAGS) + AC_SUBST(INTROSPECTION_LIBS) + AC_SUBST(INTROSPECTION_MAKEFILE) + + AM_CONDITIONAL(HAVE_INTROSPECTION, test "x$found_introspection" = "xyes") +]) + + +dnl Usage: +dnl GOBJECT_INTROSPECTION_CHECK([minimum-g-i-version]) + +AC_DEFUN([GOBJECT_INTROSPECTION_CHECK], +[ + _GOBJECT_INTROSPECTION_CHECK_INTERNAL([$1]) +]) + +dnl Usage: +dnl GOBJECT_INTROSPECTION_REQUIRE([minimum-g-i-version]) + + +AC_DEFUN([GOBJECT_INTROSPECTION_REQUIRE], +[ + _GOBJECT_INTROSPECTION_CHECK_INTERNAL([$1], [require]) +]) + +# libtool.m4 - Configure libtool for the host system. -*-Autoconf-*- +# +# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005, +# 2006, 2007, 2008, 2009, 2010, 2011 Free Software +# Foundation, Inc. +# Written by Gordon Matzigkeit, 1996 +# +# This file is free software; the Free Software Foundation gives +# unlimited permission to copy and/or distribute it, with or without +# modifications, as long as this notice is preserved. + +m4_define([_LT_COPYING], [dnl +# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005, +# 2006, 2007, 2008, 2009, 2010, 2011 Free Software +# Foundation, Inc. +# Written by Gordon Matzigkeit, 1996 +# +# This file is part of GNU Libtool. +# +# GNU Libtool is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License as +# published by the Free Software Foundation; either version 2 of +# the License, or (at your option) any later version. +# +# As a special exception to the GNU General Public License, +# if you distribute this file as part of a program or library that +# is built using GNU Libtool, you may include this file under the +# same distribution terms that you use for the rest of that program. +# +# GNU Libtool is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GNU Libtool; see the file COPYING. If not, a copy +# can be downloaded from http://www.gnu.org/licenses/gpl.html, or +# obtained by writing to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. +]) + +# serial 57 LT_INIT + + +# LT_PREREQ(VERSION) +# ------------------ +# Complain and exit if this libtool version is less that VERSION. +m4_defun([LT_PREREQ], +[m4_if(m4_version_compare(m4_defn([LT_PACKAGE_VERSION]), [$1]), -1, + [m4_default([$3], + [m4_fatal([Libtool version $1 or higher is required], + 63)])], + [$2])]) + + +# _LT_CHECK_BUILDDIR +# ------------------ +# Complain if the absolute build directory name contains unusual characters +m4_defun([_LT_CHECK_BUILDDIR], +[case `pwd` in + *\ * | *\ *) + AC_MSG_WARN([Libtool does not cope well with whitespace in `pwd`]) ;; +esac +]) + + +# LT_INIT([OPTIONS]) +# ------------------ +AC_DEFUN([LT_INIT], +[AC_PREREQ([2.58])dnl We use AC_INCLUDES_DEFAULT +AC_REQUIRE([AC_CONFIG_AUX_DIR_DEFAULT])dnl +AC_BEFORE([$0], [LT_LANG])dnl +AC_BEFORE([$0], [LT_OUTPUT])dnl +AC_BEFORE([$0], [LTDL_INIT])dnl +m4_require([_LT_CHECK_BUILDDIR])dnl + +dnl Autoconf doesn't catch unexpanded LT_ macros by default: +m4_pattern_forbid([^_?LT_[A-Z_]+$])dnl +m4_pattern_allow([^(_LT_EOF|LT_DLGLOBAL|LT_DLLAZY_OR_NOW|LT_MULTI_MODULE)$])dnl +dnl aclocal doesn't pull ltoptions.m4, ltsugar.m4, or ltversion.m4 +dnl unless we require an AC_DEFUNed macro: +AC_REQUIRE([LTOPTIONS_VERSION])dnl +AC_REQUIRE([LTSUGAR_VERSION])dnl +AC_REQUIRE([LTVERSION_VERSION])dnl +AC_REQUIRE([LTOBSOLETE_VERSION])dnl +m4_require([_LT_PROG_LTMAIN])dnl + +_LT_SHELL_INIT([SHELL=${CONFIG_SHELL-/bin/sh}]) + +dnl Parse OPTIONS +_LT_SET_OPTIONS([$0], [$1]) + +# This can be used to rebuild libtool when needed +LIBTOOL_DEPS="$ltmain" + +# Always use our own libtool. +LIBTOOL='$(SHELL) $(top_builddir)/libtool' +AC_SUBST(LIBTOOL)dnl + +_LT_SETUP + +# Only expand once: +m4_define([LT_INIT]) +])# LT_INIT + +# Old names: +AU_ALIAS([AC_PROG_LIBTOOL], [LT_INIT]) +AU_ALIAS([AM_PROG_LIBTOOL], [LT_INIT]) +dnl aclocal-1.4 backwards compatibility: +dnl AC_DEFUN([AC_PROG_LIBTOOL], []) +dnl AC_DEFUN([AM_PROG_LIBTOOL], []) + + +# _LT_CC_BASENAME(CC) +# ------------------- +# Calculate cc_basename. Skip known compiler wrappers and cross-prefix. +m4_defun([_LT_CC_BASENAME], +[for cc_temp in $1""; do + case $cc_temp in + compile | *[[\\/]]compile | ccache | *[[\\/]]ccache ) ;; + distcc | *[[\\/]]distcc | purify | *[[\\/]]purify ) ;; + \-*) ;; + *) break;; + esac +done +cc_basename=`$ECHO "$cc_temp" | $SED "s%.*/%%; s%^$host_alias-%%"` +]) + + +# _LT_FILEUTILS_DEFAULTS +# ---------------------- +# It is okay to use these file commands and assume they have been set +# sensibly after `m4_require([_LT_FILEUTILS_DEFAULTS])'. +m4_defun([_LT_FILEUTILS_DEFAULTS], +[: ${CP="cp -f"} +: ${MV="mv -f"} +: ${RM="rm -f"} +])# _LT_FILEUTILS_DEFAULTS + + +# _LT_SETUP +# --------- +m4_defun([_LT_SETUP], +[AC_REQUIRE([AC_CANONICAL_HOST])dnl +AC_REQUIRE([AC_CANONICAL_BUILD])dnl +AC_REQUIRE([_LT_PREPARE_SED_QUOTE_VARS])dnl +AC_REQUIRE([_LT_PROG_ECHO_BACKSLASH])dnl + +_LT_DECL([], [PATH_SEPARATOR], [1], [The PATH separator for the build system])dnl +dnl +_LT_DECL([], [host_alias], [0], [The host system])dnl +_LT_DECL([], [host], [0])dnl +_LT_DECL([], [host_os], [0])dnl +dnl +_LT_DECL([], [build_alias], [0], [The build system])dnl +_LT_DECL([], [build], [0])dnl +_LT_DECL([], [build_os], [0])dnl +dnl +AC_REQUIRE([AC_PROG_CC])dnl +AC_REQUIRE([LT_PATH_LD])dnl +AC_REQUIRE([LT_PATH_NM])dnl +dnl +AC_REQUIRE([AC_PROG_LN_S])dnl +test -z "$LN_S" && LN_S="ln -s" +_LT_DECL([], [LN_S], [1], [Whether we need soft or hard links])dnl +dnl +AC_REQUIRE([LT_CMD_MAX_LEN])dnl +_LT_DECL([objext], [ac_objext], [0], [Object file suffix (normally "o")])dnl +_LT_DECL([], [exeext], [0], [Executable file suffix (normally "")])dnl +dnl +m4_require([_LT_FILEUTILS_DEFAULTS])dnl +m4_require([_LT_CHECK_SHELL_FEATURES])dnl +m4_require([_LT_PATH_CONVERSION_FUNCTIONS])dnl +m4_require([_LT_CMD_RELOAD])dnl +m4_require([_LT_CHECK_MAGIC_METHOD])dnl +m4_require([_LT_CHECK_SHAREDLIB_FROM_LINKLIB])dnl +m4_require([_LT_CMD_OLD_ARCHIVE])dnl +m4_require([_LT_CMD_GLOBAL_SYMBOLS])dnl +m4_require([_LT_WITH_SYSROOT])dnl + +_LT_CONFIG_LIBTOOL_INIT([ +# See if we are running on zsh, and set the options which allow our +# commands through without removal of \ escapes INIT. +if test -n "\${ZSH_VERSION+set}" ; then + setopt NO_GLOB_SUBST +fi +]) +if test -n "${ZSH_VERSION+set}" ; then + setopt NO_GLOB_SUBST +fi + +_LT_CHECK_OBJDIR + +m4_require([_LT_TAG_COMPILER])dnl + +case $host_os in +aix3*) + # AIX sometimes has problems with the GCC collect2 program. For some + # reason, if we set the COLLECT_NAMES environment variable, the problems + # vanish in a puff of smoke. + if test "X${COLLECT_NAMES+set}" != Xset; then + COLLECT_NAMES= + export COLLECT_NAMES + fi + ;; +esac + +# Global variables: +ofile=libtool +can_build_shared=yes + +# All known linkers require a `.a' archive for static linking (except MSVC, +# which needs '.lib'). +libext=a + +with_gnu_ld="$lt_cv_prog_gnu_ld" + +old_CC="$CC" +old_CFLAGS="$CFLAGS" + +# Set sane defaults for various variables +test -z "$CC" && CC=cc +test -z "$LTCC" && LTCC=$CC +test -z "$LTCFLAGS" && LTCFLAGS=$CFLAGS +test -z "$LD" && LD=ld +test -z "$ac_objext" && ac_objext=o + +_LT_CC_BASENAME([$compiler]) + +# Only perform the check for file, if the check method requires it +test -z "$MAGIC_CMD" && MAGIC_CMD=file +case $deplibs_check_method in +file_magic*) + if test "$file_magic_cmd" = '$MAGIC_CMD'; then + _LT_PATH_MAGIC + fi + ;; +esac + +# Use C for the default configuration in the libtool script +LT_SUPPORTED_TAG([CC]) +_LT_LANG_C_CONFIG +_LT_LANG_DEFAULT_CONFIG +_LT_CONFIG_COMMANDS +])# _LT_SETUP + + +# _LT_PREPARE_SED_QUOTE_VARS +# -------------------------- +# Define a few sed substitution that help us do robust quoting. +m4_defun([_LT_PREPARE_SED_QUOTE_VARS], +[# Backslashify metacharacters that are still active within +# double-quoted strings. +sed_quote_subst='s/\([["`$\\]]\)/\\\1/g' + +# Same as above, but do not quote variable references. +double_quote_subst='s/\([["`\\]]\)/\\\1/g' + +# Sed substitution to delay expansion of an escaped shell variable in a +# double_quote_subst'ed string. +delay_variable_subst='s/\\\\\\\\\\\$/\\\\\\$/g' + +# Sed substitution to delay expansion of an escaped single quote. +delay_single_quote_subst='s/'\''/'\'\\\\\\\'\''/g' + +# Sed substitution to avoid accidental globbing in evaled expressions +no_glob_subst='s/\*/\\\*/g' +]) + +# _LT_PROG_LTMAIN +# --------------- +# Note that this code is called both from `configure', and `config.status' +# now that we use AC_CONFIG_COMMANDS to generate libtool. Notably, +# `config.status' has no value for ac_aux_dir unless we are using Automake, +# so we pass a copy along to make sure it has a sensible value anyway. +m4_defun([_LT_PROG_LTMAIN], +[m4_ifdef([AC_REQUIRE_AUX_FILE], [AC_REQUIRE_AUX_FILE([ltmain.sh])])dnl +_LT_CONFIG_LIBTOOL_INIT([ac_aux_dir='$ac_aux_dir']) +ltmain="$ac_aux_dir/ltmain.sh" +])# _LT_PROG_LTMAIN + + + +# So that we can recreate a full libtool script including additional +# tags, we accumulate the chunks of code to send to AC_CONFIG_COMMANDS +# in macros and then make a single call at the end using the `libtool' +# label. + + +# _LT_CONFIG_LIBTOOL_INIT([INIT-COMMANDS]) +# ---------------------------------------- +# Register INIT-COMMANDS to be passed to AC_CONFIG_COMMANDS later. +m4_define([_LT_CONFIG_LIBTOOL_INIT], +[m4_ifval([$1], + [m4_append([_LT_OUTPUT_LIBTOOL_INIT], + [$1 +])])]) + +# Initialize. +m4_define([_LT_OUTPUT_LIBTOOL_INIT]) + + +# _LT_CONFIG_LIBTOOL([COMMANDS]) +# ------------------------------ +# Register COMMANDS to be passed to AC_CONFIG_COMMANDS later. +m4_define([_LT_CONFIG_LIBTOOL], +[m4_ifval([$1], + [m4_append([_LT_OUTPUT_LIBTOOL_COMMANDS], + [$1 +])])]) + +# Initialize. +m4_define([_LT_OUTPUT_LIBTOOL_COMMANDS]) + + +# _LT_CONFIG_SAVE_COMMANDS([COMMANDS], [INIT_COMMANDS]) +# ----------------------------------------------------- +m4_defun([_LT_CONFIG_SAVE_COMMANDS], +[_LT_CONFIG_LIBTOOL([$1]) +_LT_CONFIG_LIBTOOL_INIT([$2]) +]) + + +# _LT_FORMAT_COMMENT([COMMENT]) +# ----------------------------- +# Add leading comment marks to the start of each line, and a trailing +# full-stop to the whole comment if one is not present already. +m4_define([_LT_FORMAT_COMMENT], +[m4_ifval([$1], [ +m4_bpatsubst([m4_bpatsubst([$1], [^ *], [# ])], + [['`$\]], [\\\&])]m4_bmatch([$1], [[!?.]$], [], [.]) +)]) + + + + + +# _LT_DECL([CONFIGNAME], VARNAME, VALUE, [DESCRIPTION], [IS-TAGGED?]) +# ------------------------------------------------------------------- +# CONFIGNAME is the name given to the value in the libtool script. +# VARNAME is the (base) name used in the configure script. +# VALUE may be 0, 1 or 2 for a computed quote escaped value based on +# VARNAME. Any other value will be used directly. +m4_define([_LT_DECL], +[lt_if_append_uniq([lt_decl_varnames], [$2], [, ], + [lt_dict_add_subkey([lt_decl_dict], [$2], [libtool_name], + [m4_ifval([$1], [$1], [$2])]) + lt_dict_add_subkey([lt_decl_dict], [$2], [value], [$3]) + m4_ifval([$4], + [lt_dict_add_subkey([lt_decl_dict], [$2], [description], [$4])]) + lt_dict_add_subkey([lt_decl_dict], [$2], + [tagged?], [m4_ifval([$5], [yes], [no])])]) +]) + + +# _LT_TAGDECL([CONFIGNAME], VARNAME, VALUE, [DESCRIPTION]) +# -------------------------------------------------------- +m4_define([_LT_TAGDECL], [_LT_DECL([$1], [$2], [$3], [$4], [yes])]) + + +# lt_decl_tag_varnames([SEPARATOR], [VARNAME1...]) +# ------------------------------------------------ +m4_define([lt_decl_tag_varnames], +[_lt_decl_filter([tagged?], [yes], $@)]) + + +# _lt_decl_filter(SUBKEY, VALUE, [SEPARATOR], [VARNAME1..]) +# --------------------------------------------------------- +m4_define([_lt_decl_filter], +[m4_case([$#], + [0], [m4_fatal([$0: too few arguments: $#])], + [1], [m4_fatal([$0: too few arguments: $#: $1])], + [2], [lt_dict_filter([lt_decl_dict], [$1], [$2], [], lt_decl_varnames)], + [3], [lt_dict_filter([lt_decl_dict], [$1], [$2], [$3], lt_decl_varnames)], + [lt_dict_filter([lt_decl_dict], $@)])[]dnl +]) + + +# lt_decl_quote_varnames([SEPARATOR], [VARNAME1...]) +# -------------------------------------------------- +m4_define([lt_decl_quote_varnames], +[_lt_decl_filter([value], [1], $@)]) + + +# lt_decl_dquote_varnames([SEPARATOR], [VARNAME1...]) +# --------------------------------------------------- +m4_define([lt_decl_dquote_varnames], +[_lt_decl_filter([value], [2], $@)]) + + +# lt_decl_varnames_tagged([SEPARATOR], [VARNAME1...]) +# --------------------------------------------------- +m4_define([lt_decl_varnames_tagged], +[m4_assert([$# <= 2])dnl +_$0(m4_quote(m4_default([$1], [[, ]])), + m4_ifval([$2], [[$2]], [m4_dquote(lt_decl_tag_varnames)]), + m4_split(m4_normalize(m4_quote(_LT_TAGS)), [ ]))]) +m4_define([_lt_decl_varnames_tagged], +[m4_ifval([$3], [lt_combine([$1], [$2], [_], $3)])]) + + +# lt_decl_all_varnames([SEPARATOR], [VARNAME1...]) +# ------------------------------------------------ +m4_define([lt_decl_all_varnames], +[_$0(m4_quote(m4_default([$1], [[, ]])), + m4_if([$2], [], + m4_quote(lt_decl_varnames), + m4_quote(m4_shift($@))))[]dnl +]) +m4_define([_lt_decl_all_varnames], +[lt_join($@, lt_decl_varnames_tagged([$1], + lt_decl_tag_varnames([[, ]], m4_shift($@))))dnl +]) + + +# _LT_CONFIG_STATUS_DECLARE([VARNAME]) +# ------------------------------------ +# Quote a variable value, and forward it to `config.status' so that its +# declaration there will have the same value as in `configure'. VARNAME +# must have a single quote delimited value for this to work. +m4_define([_LT_CONFIG_STATUS_DECLARE], +[$1='`$ECHO "$][$1" | $SED "$delay_single_quote_subst"`']) + + +# _LT_CONFIG_STATUS_DECLARATIONS +# ------------------------------ +# We delimit libtool config variables with single quotes, so when +# we write them to config.status, we have to be sure to quote all +# embedded single quotes properly. In configure, this macro expands +# each variable declared with _LT_DECL (and _LT_TAGDECL) into: +# +# ='`$ECHO "$" | $SED "$delay_single_quote_subst"`' +m4_defun([_LT_CONFIG_STATUS_DECLARATIONS], +[m4_foreach([_lt_var], m4_quote(lt_decl_all_varnames), + [m4_n([_LT_CONFIG_STATUS_DECLARE(_lt_var)])])]) + + +# _LT_LIBTOOL_TAGS +# ---------------- +# Output comment and list of tags supported by the script +m4_defun([_LT_LIBTOOL_TAGS], +[_LT_FORMAT_COMMENT([The names of the tagged configurations supported by this script])dnl +available_tags="_LT_TAGS"dnl +]) + + +# _LT_LIBTOOL_DECLARE(VARNAME, [TAG]) +# ----------------------------------- +# Extract the dictionary values for VARNAME (optionally with TAG) and +# expand to a commented shell variable setting: +# +# # Some comment about what VAR is for. +# visible_name=$lt_internal_name +m4_define([_LT_LIBTOOL_DECLARE], +[_LT_FORMAT_COMMENT(m4_quote(lt_dict_fetch([lt_decl_dict], [$1], + [description])))[]dnl +m4_pushdef([_libtool_name], + m4_quote(lt_dict_fetch([lt_decl_dict], [$1], [libtool_name])))[]dnl +m4_case(m4_quote(lt_dict_fetch([lt_decl_dict], [$1], [value])), + [0], [_libtool_name=[$]$1], + [1], [_libtool_name=$lt_[]$1], + [2], [_libtool_name=$lt_[]$1], + [_libtool_name=lt_dict_fetch([lt_decl_dict], [$1], [value])])[]dnl +m4_ifval([$2], [_$2])[]m4_popdef([_libtool_name])[]dnl +]) + + +# _LT_LIBTOOL_CONFIG_VARS +# ----------------------- +# Produce commented declarations of non-tagged libtool config variables +# suitable for insertion in the LIBTOOL CONFIG section of the `libtool' +# script. Tagged libtool config variables (even for the LIBTOOL CONFIG +# section) are produced by _LT_LIBTOOL_TAG_VARS. +m4_defun([_LT_LIBTOOL_CONFIG_VARS], +[m4_foreach([_lt_var], + m4_quote(_lt_decl_filter([tagged?], [no], [], lt_decl_varnames)), + [m4_n([_LT_LIBTOOL_DECLARE(_lt_var)])])]) + + +# _LT_LIBTOOL_TAG_VARS(TAG) +# ------------------------- +m4_define([_LT_LIBTOOL_TAG_VARS], +[m4_foreach([_lt_var], m4_quote(lt_decl_tag_varnames), + [m4_n([_LT_LIBTOOL_DECLARE(_lt_var, [$1])])])]) + + +# _LT_TAGVAR(VARNAME, [TAGNAME]) +# ------------------------------ +m4_define([_LT_TAGVAR], [m4_ifval([$2], [$1_$2], [$1])]) + + +# _LT_CONFIG_COMMANDS +# ------------------- +# Send accumulated output to $CONFIG_STATUS. Thanks to the lists of +# variables for single and double quote escaping we saved from calls +# to _LT_DECL, we can put quote escaped variables declarations +# into `config.status', and then the shell code to quote escape them in +# for loops in `config.status'. Finally, any additional code accumulated +# from calls to _LT_CONFIG_LIBTOOL_INIT is expanded. +m4_defun([_LT_CONFIG_COMMANDS], +[AC_PROVIDE_IFELSE([LT_OUTPUT], + dnl If the libtool generation code has been placed in $CONFIG_LT, + dnl instead of duplicating it all over again into config.status, + dnl then we will have config.status run $CONFIG_LT later, so it + dnl needs to know what name is stored there: + [AC_CONFIG_COMMANDS([libtool], + [$SHELL $CONFIG_LT || AS_EXIT(1)], [CONFIG_LT='$CONFIG_LT'])], + dnl If the libtool generation code is destined for config.status, + dnl expand the accumulated commands and init code now: + [AC_CONFIG_COMMANDS([libtool], + [_LT_OUTPUT_LIBTOOL_COMMANDS], [_LT_OUTPUT_LIBTOOL_COMMANDS_INIT])]) +])#_LT_CONFIG_COMMANDS + + +# Initialize. +m4_define([_LT_OUTPUT_LIBTOOL_COMMANDS_INIT], +[ + +# The HP-UX ksh and POSIX shell print the target directory to stdout +# if CDPATH is set. +(unset CDPATH) >/dev/null 2>&1 && unset CDPATH + +sed_quote_subst='$sed_quote_subst' +double_quote_subst='$double_quote_subst' +delay_variable_subst='$delay_variable_subst' +_LT_CONFIG_STATUS_DECLARATIONS +LTCC='$LTCC' +LTCFLAGS='$LTCFLAGS' +compiler='$compiler_DEFAULT' + +# A function that is used when there is no print builtin or printf. +func_fallback_echo () +{ + eval 'cat <<_LTECHO_EOF +\$[]1 +_LTECHO_EOF' +} + +# Quote evaled strings. +for var in lt_decl_all_varnames([[ \ +]], lt_decl_quote_varnames); do + case \`eval \\\\\$ECHO \\\\""\\\\\$\$var"\\\\"\` in + *[[\\\\\\\`\\"\\\$]]*) + eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"\\\$\$var\\" | \\\$SED \\"\\\$sed_quote_subst\\"\\\`\\\\\\"" + ;; + *) + eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\"" + ;; + esac +done + +# Double-quote double-evaled strings. +for var in lt_decl_all_varnames([[ \ +]], lt_decl_dquote_varnames); do + case \`eval \\\\\$ECHO \\\\""\\\\\$\$var"\\\\"\` in + *[[\\\\\\\`\\"\\\$]]*) + eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"\\\$\$var\\" | \\\$SED -e \\"\\\$double_quote_subst\\" -e \\"\\\$sed_quote_subst\\" -e \\"\\\$delay_variable_subst\\"\\\`\\\\\\"" + ;; + *) + eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\"" + ;; + esac +done + +_LT_OUTPUT_LIBTOOL_INIT +]) + +# _LT_GENERATED_FILE_INIT(FILE, [COMMENT]) +# ------------------------------------ +# Generate a child script FILE with all initialization necessary to +# reuse the environment learned by the parent script, and make the +# file executable. If COMMENT is supplied, it is inserted after the +# `#!' sequence but before initialization text begins. After this +# macro, additional text can be appended to FILE to form the body of +# the child script. The macro ends with non-zero status if the +# file could not be fully written (such as if the disk is full). +m4_ifdef([AS_INIT_GENERATED], +[m4_defun([_LT_GENERATED_FILE_INIT],[AS_INIT_GENERATED($@)])], +[m4_defun([_LT_GENERATED_FILE_INIT], +[m4_require([AS_PREPARE])]dnl +[m4_pushdef([AS_MESSAGE_LOG_FD])]dnl +[lt_write_fail=0 +cat >$1 <<_ASEOF || lt_write_fail=1 +#! $SHELL +# Generated by $as_me. +$2 +SHELL=\${CONFIG_SHELL-$SHELL} +export SHELL +_ASEOF +cat >>$1 <<\_ASEOF || lt_write_fail=1 +AS_SHELL_SANITIZE +_AS_PREPARE +exec AS_MESSAGE_FD>&1 +_ASEOF +test $lt_write_fail = 0 && chmod +x $1[]dnl +m4_popdef([AS_MESSAGE_LOG_FD])])])# _LT_GENERATED_FILE_INIT + +# LT_OUTPUT +# --------- +# This macro allows early generation of the libtool script (before +# AC_OUTPUT is called), incase it is used in configure for compilation +# tests. +AC_DEFUN([LT_OUTPUT], +[: ${CONFIG_LT=./config.lt} +AC_MSG_NOTICE([creating $CONFIG_LT]) +_LT_GENERATED_FILE_INIT(["$CONFIG_LT"], +[# Run this file to recreate a libtool stub with the current configuration.]) + +cat >>"$CONFIG_LT" <<\_LTEOF +lt_cl_silent=false +exec AS_MESSAGE_LOG_FD>>config.log +{ + echo + AS_BOX([Running $as_me.]) +} >&AS_MESSAGE_LOG_FD + +lt_cl_help="\ +\`$as_me' creates a local libtool stub from the current configuration, +for use in further configure time tests before the real libtool is +generated. + +Usage: $[0] [[OPTIONS]] + + -h, --help print this help, then exit + -V, --version print version number, then exit + -q, --quiet do not print progress messages + -d, --debug don't remove temporary files + +Report bugs to ." + +lt_cl_version="\ +m4_ifset([AC_PACKAGE_NAME], [AC_PACKAGE_NAME ])config.lt[]dnl +m4_ifset([AC_PACKAGE_VERSION], [ AC_PACKAGE_VERSION]) +configured by $[0], generated by m4_PACKAGE_STRING. + +Copyright (C) 2011 Free Software Foundation, Inc. +This config.lt script is free software; the Free Software Foundation +gives unlimited permision to copy, distribute and modify it." + +while test $[#] != 0 +do + case $[1] in + --version | --v* | -V ) + echo "$lt_cl_version"; exit 0 ;; + --help | --h* | -h ) + echo "$lt_cl_help"; exit 0 ;; + --debug | --d* | -d ) + debug=: ;; + --quiet | --q* | --silent | --s* | -q ) + lt_cl_silent=: ;; + + -*) AC_MSG_ERROR([unrecognized option: $[1] +Try \`$[0] --help' for more information.]) ;; + + *) AC_MSG_ERROR([unrecognized argument: $[1] +Try \`$[0] --help' for more information.]) ;; + esac + shift +done + +if $lt_cl_silent; then + exec AS_MESSAGE_FD>/dev/null +fi +_LTEOF + +cat >>"$CONFIG_LT" <<_LTEOF +_LT_OUTPUT_LIBTOOL_COMMANDS_INIT +_LTEOF + +cat >>"$CONFIG_LT" <<\_LTEOF +AC_MSG_NOTICE([creating $ofile]) +_LT_OUTPUT_LIBTOOL_COMMANDS +AS_EXIT(0) +_LTEOF +chmod +x "$CONFIG_LT" + +# configure is writing to config.log, but config.lt does its own redirection, +# appending to config.log, which fails on DOS, as config.log is still kept +# open by configure. Here we exec the FD to /dev/null, effectively closing +# config.log, so it can be properly (re)opened and appended to by config.lt. +lt_cl_success=: +test "$silent" = yes && + lt_config_lt_args="$lt_config_lt_args --quiet" +exec AS_MESSAGE_LOG_FD>/dev/null +$SHELL "$CONFIG_LT" $lt_config_lt_args || lt_cl_success=false +exec AS_MESSAGE_LOG_FD>>config.log +$lt_cl_success || AS_EXIT(1) +])# LT_OUTPUT + + +# _LT_CONFIG(TAG) +# --------------- +# If TAG is the built-in tag, create an initial libtool script with a +# default configuration from the untagged config vars. Otherwise add code +# to config.status for appending the configuration named by TAG from the +# matching tagged config vars. +m4_defun([_LT_CONFIG], +[m4_require([_LT_FILEUTILS_DEFAULTS])dnl +_LT_CONFIG_SAVE_COMMANDS([ + m4_define([_LT_TAG], m4_if([$1], [], [C], [$1]))dnl + m4_if(_LT_TAG, [C], [ + # See if we are running on zsh, and set the options which allow our + # commands through without removal of \ escapes. + if test -n "${ZSH_VERSION+set}" ; then + setopt NO_GLOB_SUBST + fi + + cfgfile="${ofile}T" + trap "$RM \"$cfgfile\"; exit 1" 1 2 15 + $RM "$cfgfile" + + cat <<_LT_EOF >> "$cfgfile" +#! $SHELL + +# `$ECHO "$ofile" | sed 's%^.*/%%'` - Provide generalized library-building support services. +# Generated automatically by $as_me ($PACKAGE$TIMESTAMP) $VERSION +# Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`: +# NOTE: Changes made to this file will be lost: look at ltmain.sh. +# +_LT_COPYING +_LT_LIBTOOL_TAGS + +# ### BEGIN LIBTOOL CONFIG +_LT_LIBTOOL_CONFIG_VARS +_LT_LIBTOOL_TAG_VARS +# ### END LIBTOOL CONFIG + +_LT_EOF + + case $host_os in + aix3*) + cat <<\_LT_EOF >> "$cfgfile" +# AIX sometimes has problems with the GCC collect2 program. For some +# reason, if we set the COLLECT_NAMES environment variable, the problems +# vanish in a puff of smoke. +if test "X${COLLECT_NAMES+set}" != Xset; then + COLLECT_NAMES= + export COLLECT_NAMES +fi +_LT_EOF + ;; + esac + + _LT_PROG_LTMAIN + + # We use sed instead of cat because bash on DJGPP gets confused if + # if finds mixed CR/LF and LF-only lines. Since sed operates in + # text mode, it properly converts lines to CR/LF. This bash problem + # is reportedly fixed, but why not run on old versions too? + sed '$q' "$ltmain" >> "$cfgfile" \ + || (rm -f "$cfgfile"; exit 1) + + _LT_PROG_REPLACE_SHELLFNS + + mv -f "$cfgfile" "$ofile" || + (rm -f "$ofile" && cp "$cfgfile" "$ofile" && rm -f "$cfgfile") + chmod +x "$ofile" +], +[cat <<_LT_EOF >> "$ofile" + +dnl Unfortunately we have to use $1 here, since _LT_TAG is not expanded +dnl in a comment (ie after a #). +# ### BEGIN LIBTOOL TAG CONFIG: $1 +_LT_LIBTOOL_TAG_VARS(_LT_TAG) +# ### END LIBTOOL TAG CONFIG: $1 +_LT_EOF +])dnl /m4_if +], +[m4_if([$1], [], [ + PACKAGE='$PACKAGE' + VERSION='$VERSION' + TIMESTAMP='$TIMESTAMP' + RM='$RM' + ofile='$ofile'], []) +])dnl /_LT_CONFIG_SAVE_COMMANDS +])# _LT_CONFIG + + +# LT_SUPPORTED_TAG(TAG) +# --------------------- +# Trace this macro to discover what tags are supported by the libtool +# --tag option, using: +# autoconf --trace 'LT_SUPPORTED_TAG:$1' +AC_DEFUN([LT_SUPPORTED_TAG], []) + + +# C support is built-in for now +m4_define([_LT_LANG_C_enabled], []) +m4_define([_LT_TAGS], []) + + +# LT_LANG(LANG) +# ------------- +# Enable libtool support for the given language if not already enabled. +AC_DEFUN([LT_LANG], +[AC_BEFORE([$0], [LT_OUTPUT])dnl +m4_case([$1], + [C], [_LT_LANG(C)], + [C++], [_LT_LANG(CXX)], + [Go], [_LT_LANG(GO)], + [Java], [_LT_LANG(GCJ)], + [Fortran 77], [_LT_LANG(F77)], + [Fortran], [_LT_LANG(FC)], + [Windows Resource], [_LT_LANG(RC)], + [m4_ifdef([_LT_LANG_]$1[_CONFIG], + [_LT_LANG($1)], + [m4_fatal([$0: unsupported language: "$1"])])])dnl +])# LT_LANG + + +# _LT_LANG(LANGNAME) +# ------------------ +m4_defun([_LT_LANG], +[m4_ifdef([_LT_LANG_]$1[_enabled], [], + [LT_SUPPORTED_TAG([$1])dnl + m4_append([_LT_TAGS], [$1 ])dnl + m4_define([_LT_LANG_]$1[_enabled], [])dnl + _LT_LANG_$1_CONFIG($1)])dnl +])# _LT_LANG + + +m4_ifndef([AC_PROG_GO], [ +# NOTE: This macro has been submitted for inclusion into # +# GNU Autoconf as AC_PROG_GO. When it is available in # +# a released version of Autoconf we should remove this # +# macro and use it instead. # +m4_defun([AC_PROG_GO], +[AC_LANG_PUSH(Go)dnl +AC_ARG_VAR([GOC], [Go compiler command])dnl +AC_ARG_VAR([GOFLAGS], [Go compiler flags])dnl +_AC_ARG_VAR_LDFLAGS()dnl +AC_CHECK_TOOL(GOC, gccgo) +if test -z "$GOC"; then + if test -n "$ac_tool_prefix"; then + AC_CHECK_PROG(GOC, [${ac_tool_prefix}gccgo], [${ac_tool_prefix}gccgo]) + fi +fi +if test -z "$GOC"; then + AC_CHECK_PROG(GOC, gccgo, gccgo, false) +fi +])#m4_defun +])#m4_ifndef + + +# _LT_LANG_DEFAULT_CONFIG +# ----------------------- +m4_defun([_LT_LANG_DEFAULT_CONFIG], +[AC_PROVIDE_IFELSE([AC_PROG_CXX], + [LT_LANG(CXX)], + [m4_define([AC_PROG_CXX], defn([AC_PROG_CXX])[LT_LANG(CXX)])]) + +AC_PROVIDE_IFELSE([AC_PROG_F77], + [LT_LANG(F77)], + [m4_define([AC_PROG_F77], defn([AC_PROG_F77])[LT_LANG(F77)])]) + +AC_PROVIDE_IFELSE([AC_PROG_FC], + [LT_LANG(FC)], + [m4_define([AC_PROG_FC], defn([AC_PROG_FC])[LT_LANG(FC)])]) + +dnl The call to [A][M_PROG_GCJ] is quoted like that to stop aclocal +dnl pulling things in needlessly. +AC_PROVIDE_IFELSE([AC_PROG_GCJ], + [LT_LANG(GCJ)], + [AC_PROVIDE_IFELSE([A][M_PROG_GCJ], + [LT_LANG(GCJ)], + [AC_PROVIDE_IFELSE([LT_PROG_GCJ], + [LT_LANG(GCJ)], + [m4_ifdef([AC_PROG_GCJ], + [m4_define([AC_PROG_GCJ], defn([AC_PROG_GCJ])[LT_LANG(GCJ)])]) + m4_ifdef([A][M_PROG_GCJ], + [m4_define([A][M_PROG_GCJ], defn([A][M_PROG_GCJ])[LT_LANG(GCJ)])]) + m4_ifdef([LT_PROG_GCJ], + [m4_define([LT_PROG_GCJ], defn([LT_PROG_GCJ])[LT_LANG(GCJ)])])])])]) + +AC_PROVIDE_IFELSE([AC_PROG_GO], + [LT_LANG(GO)], + [m4_define([AC_PROG_GO], defn([AC_PROG_GO])[LT_LANG(GO)])]) + +AC_PROVIDE_IFELSE([LT_PROG_RC], + [LT_LANG(RC)], + [m4_define([LT_PROG_RC], defn([LT_PROG_RC])[LT_LANG(RC)])]) +])# _LT_LANG_DEFAULT_CONFIG + +# Obsolete macros: +AU_DEFUN([AC_LIBTOOL_CXX], [LT_LANG(C++)]) +AU_DEFUN([AC_LIBTOOL_F77], [LT_LANG(Fortran 77)]) +AU_DEFUN([AC_LIBTOOL_FC], [LT_LANG(Fortran)]) +AU_DEFUN([AC_LIBTOOL_GCJ], [LT_LANG(Java)]) +AU_DEFUN([AC_LIBTOOL_RC], [LT_LANG(Windows Resource)]) +dnl aclocal-1.4 backwards compatibility: +dnl AC_DEFUN([AC_LIBTOOL_CXX], []) +dnl AC_DEFUN([AC_LIBTOOL_F77], []) +dnl AC_DEFUN([AC_LIBTOOL_FC], []) +dnl AC_DEFUN([AC_LIBTOOL_GCJ], []) +dnl AC_DEFUN([AC_LIBTOOL_RC], []) + + +# _LT_TAG_COMPILER +# ---------------- +m4_defun([_LT_TAG_COMPILER], +[AC_REQUIRE([AC_PROG_CC])dnl + +_LT_DECL([LTCC], [CC], [1], [A C compiler])dnl +_LT_DECL([LTCFLAGS], [CFLAGS], [1], [LTCC compiler flags])dnl +_LT_TAGDECL([CC], [compiler], [1], [A language specific compiler])dnl +_LT_TAGDECL([with_gcc], [GCC], [0], [Is the compiler the GNU compiler?])dnl + +# If no C compiler was specified, use CC. +LTCC=${LTCC-"$CC"} + +# If no C compiler flags were specified, use CFLAGS. +LTCFLAGS=${LTCFLAGS-"$CFLAGS"} + +# Allow CC to be a program name with arguments. +compiler=$CC +])# _LT_TAG_COMPILER + + +# _LT_COMPILER_BOILERPLATE +# ------------------------ +# Check for compiler boilerplate output or warnings with +# the simple compiler test code. +m4_defun([_LT_COMPILER_BOILERPLATE], +[m4_require([_LT_DECL_SED])dnl +ac_outfile=conftest.$ac_objext +echo "$lt_simple_compile_test_code" >conftest.$ac_ext +eval "$ac_compile" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err +_lt_compiler_boilerplate=`cat conftest.err` +$RM conftest* +])# _LT_COMPILER_BOILERPLATE + + +# _LT_LINKER_BOILERPLATE +# ---------------------- +# Check for linker boilerplate output or warnings with +# the simple link test code. +m4_defun([_LT_LINKER_BOILERPLATE], +[m4_require([_LT_DECL_SED])dnl +ac_outfile=conftest.$ac_objext +echo "$lt_simple_link_test_code" >conftest.$ac_ext +eval "$ac_link" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err +_lt_linker_boilerplate=`cat conftest.err` +$RM -r conftest* +])# _LT_LINKER_BOILERPLATE + +# _LT_REQUIRED_DARWIN_CHECKS +# ------------------------- +m4_defun_once([_LT_REQUIRED_DARWIN_CHECKS],[ + case $host_os in + rhapsody* | darwin*) + AC_CHECK_TOOL([DSYMUTIL], [dsymutil], [:]) + AC_CHECK_TOOL([NMEDIT], [nmedit], [:]) + AC_CHECK_TOOL([LIPO], [lipo], [:]) + AC_CHECK_TOOL([OTOOL], [otool], [:]) + AC_CHECK_TOOL([OTOOL64], [otool64], [:]) + _LT_DECL([], [DSYMUTIL], [1], + [Tool to manipulate archived DWARF debug symbol files on Mac OS X]) + _LT_DECL([], [NMEDIT], [1], + [Tool to change global to local symbols on Mac OS X]) + _LT_DECL([], [LIPO], [1], + [Tool to manipulate fat objects and archives on Mac OS X]) + _LT_DECL([], [OTOOL], [1], + [ldd/readelf like tool for Mach-O binaries on Mac OS X]) + _LT_DECL([], [OTOOL64], [1], + [ldd/readelf like tool for 64 bit Mach-O binaries on Mac OS X 10.4]) + + AC_CACHE_CHECK([for -single_module linker flag],[lt_cv_apple_cc_single_mod], + [lt_cv_apple_cc_single_mod=no + if test -z "${LT_MULTI_MODULE}"; then + # By default we will add the -single_module flag. You can override + # by either setting the environment variable LT_MULTI_MODULE + # non-empty at configure time, or by adding -multi_module to the + # link flags. + rm -rf libconftest.dylib* + echo "int foo(void){return 1;}" > conftest.c + echo "$LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \ +-dynamiclib -Wl,-single_module conftest.c" >&AS_MESSAGE_LOG_FD + $LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \ + -dynamiclib -Wl,-single_module conftest.c 2>conftest.err + _lt_result=$? + # If there is a non-empty error log, and "single_module" + # appears in it, assume the flag caused a linker warning + if test -s conftest.err && $GREP single_module conftest.err; then + cat conftest.err >&AS_MESSAGE_LOG_FD + # Otherwise, if the output was created with a 0 exit code from + # the compiler, it worked. + elif test -f libconftest.dylib && test $_lt_result -eq 0; then + lt_cv_apple_cc_single_mod=yes + else + cat conftest.err >&AS_MESSAGE_LOG_FD + fi + rm -rf libconftest.dylib* + rm -f conftest.* + fi]) + + AC_CACHE_CHECK([for -exported_symbols_list linker flag], + [lt_cv_ld_exported_symbols_list], + [lt_cv_ld_exported_symbols_list=no + save_LDFLAGS=$LDFLAGS + echo "_main" > conftest.sym + LDFLAGS="$LDFLAGS -Wl,-exported_symbols_list,conftest.sym" + AC_LINK_IFELSE([AC_LANG_PROGRAM([],[])], + [lt_cv_ld_exported_symbols_list=yes], + [lt_cv_ld_exported_symbols_list=no]) + LDFLAGS="$save_LDFLAGS" + ]) + + AC_CACHE_CHECK([for -force_load linker flag],[lt_cv_ld_force_load], + [lt_cv_ld_force_load=no + cat > conftest.c << _LT_EOF +int forced_loaded() { return 2;} +_LT_EOF + echo "$LTCC $LTCFLAGS -c -o conftest.o conftest.c" >&AS_MESSAGE_LOG_FD + $LTCC $LTCFLAGS -c -o conftest.o conftest.c 2>&AS_MESSAGE_LOG_FD + echo "$AR cru libconftest.a conftest.o" >&AS_MESSAGE_LOG_FD + $AR cru libconftest.a conftest.o 2>&AS_MESSAGE_LOG_FD + echo "$RANLIB libconftest.a" >&AS_MESSAGE_LOG_FD + $RANLIB libconftest.a 2>&AS_MESSAGE_LOG_FD + cat > conftest.c << _LT_EOF +int main() { return 0;} +_LT_EOF + echo "$LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a" >&AS_MESSAGE_LOG_FD + $LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a 2>conftest.err + _lt_result=$? + if test -s conftest.err && $GREP force_load conftest.err; then + cat conftest.err >&AS_MESSAGE_LOG_FD + elif test -f conftest && test $_lt_result -eq 0 && $GREP forced_load conftest >/dev/null 2>&1 ; then + lt_cv_ld_force_load=yes + else + cat conftest.err >&AS_MESSAGE_LOG_FD + fi + rm -f conftest.err libconftest.a conftest conftest.c + rm -rf conftest.dSYM + ]) + case $host_os in + rhapsody* | darwin1.[[012]]) + _lt_dar_allow_undefined='${wl}-undefined ${wl}suppress' ;; + darwin1.*) + _lt_dar_allow_undefined='${wl}-flat_namespace ${wl}-undefined ${wl}suppress' ;; + darwin*) # darwin 5.x on + # if running on 10.5 or later, the deployment target defaults + # to the OS version, if on x86, and 10.4, the deployment + # target defaults to 10.4. Don't you love it? + case ${MACOSX_DEPLOYMENT_TARGET-10.0},$host in + 10.0,*86*-darwin8*|10.0,*-darwin[[91]]*) + _lt_dar_allow_undefined='${wl}-undefined ${wl}dynamic_lookup' ;; + 10.[[012]]*) + _lt_dar_allow_undefined='${wl}-flat_namespace ${wl}-undefined ${wl}suppress' ;; + 10.*) + _lt_dar_allow_undefined='${wl}-undefined ${wl}dynamic_lookup' ;; + esac + ;; + esac + if test "$lt_cv_apple_cc_single_mod" = "yes"; then + _lt_dar_single_mod='$single_module' + fi + if test "$lt_cv_ld_exported_symbols_list" = "yes"; then + _lt_dar_export_syms=' ${wl}-exported_symbols_list,$output_objdir/${libname}-symbols.expsym' + else + _lt_dar_export_syms='~$NMEDIT -s $output_objdir/${libname}-symbols.expsym ${lib}' + fi + if test "$DSYMUTIL" != ":" && test "$lt_cv_ld_force_load" = "no"; then + _lt_dsymutil='~$DSYMUTIL $lib || :' + else + _lt_dsymutil= + fi + ;; + esac +]) + + +# _LT_DARWIN_LINKER_FEATURES([TAG]) +# --------------------------------- +# Checks for linker and compiler features on darwin +m4_defun([_LT_DARWIN_LINKER_FEATURES], +[ + m4_require([_LT_REQUIRED_DARWIN_CHECKS]) + _LT_TAGVAR(archive_cmds_need_lc, $1)=no + _LT_TAGVAR(hardcode_direct, $1)=no + _LT_TAGVAR(hardcode_automatic, $1)=yes + _LT_TAGVAR(hardcode_shlibpath_var, $1)=unsupported + if test "$lt_cv_ld_force_load" = "yes"; then + _LT_TAGVAR(whole_archive_flag_spec, $1)='`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience ${wl}-force_load,$conv\"; done; func_echo_all \"$new_convenience\"`' + m4_case([$1], [F77], [_LT_TAGVAR(compiler_needs_object, $1)=yes], + [FC], [_LT_TAGVAR(compiler_needs_object, $1)=yes]) + else + _LT_TAGVAR(whole_archive_flag_spec, $1)='' + fi + _LT_TAGVAR(link_all_deplibs, $1)=yes + _LT_TAGVAR(allow_undefined_flag, $1)="$_lt_dar_allow_undefined" + case $cc_basename in + ifort*) _lt_dar_can_shared=yes ;; + *) _lt_dar_can_shared=$GCC ;; + esac + if test "$_lt_dar_can_shared" = "yes"; then + output_verbose_link_cmd=func_echo_all + _LT_TAGVAR(archive_cmds, $1)="\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod${_lt_dsymutil}" + _LT_TAGVAR(module_cmds, $1)="\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags${_lt_dsymutil}" + _LT_TAGVAR(archive_expsym_cmds, $1)="sed 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring ${_lt_dar_single_mod}${_lt_dar_export_syms}${_lt_dsymutil}" + _LT_TAGVAR(module_expsym_cmds, $1)="sed -e 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags${_lt_dar_export_syms}${_lt_dsymutil}" + m4_if([$1], [CXX], +[ if test "$lt_cv_apple_cc_single_mod" != "yes"; then + _LT_TAGVAR(archive_cmds, $1)="\$CC -r -keep_private_externs -nostdlib -o \${lib}-master.o \$libobjs~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \${lib}-master.o \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring${_lt_dsymutil}" + _LT_TAGVAR(archive_expsym_cmds, $1)="sed 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC -r -keep_private_externs -nostdlib -o \${lib}-master.o \$libobjs~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \${lib}-master.o \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring${_lt_dar_export_syms}${_lt_dsymutil}" + fi +],[]) + else + _LT_TAGVAR(ld_shlibs, $1)=no + fi +]) + +# _LT_SYS_MODULE_PATH_AIX([TAGNAME]) +# ---------------------------------- +# Links a minimal program and checks the executable +# for the system default hardcoded library path. In most cases, +# this is /usr/lib:/lib, but when the MPI compilers are used +# the location of the communication and MPI libs are included too. +# If we don't find anything, use the default library path according +# to the aix ld manual. +# Store the results from the different compilers for each TAGNAME. +# Allow to override them for all tags through lt_cv_aix_libpath. +m4_defun([_LT_SYS_MODULE_PATH_AIX], +[m4_require([_LT_DECL_SED])dnl +if test "${lt_cv_aix_libpath+set}" = set; then + aix_libpath=$lt_cv_aix_libpath +else + AC_CACHE_VAL([_LT_TAGVAR([lt_cv_aix_libpath_], [$1])], + [AC_LINK_IFELSE([AC_LANG_PROGRAM],[ + lt_aix_libpath_sed='[ + /Import File Strings/,/^$/ { + /^0/ { + s/^0 *\([^ ]*\) *$/\1/ + p + } + }]' + _LT_TAGVAR([lt_cv_aix_libpath_], [$1])=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` + # Check for a 64-bit object if we didn't find anything. + if test -z "$_LT_TAGVAR([lt_cv_aix_libpath_], [$1])"; then + _LT_TAGVAR([lt_cv_aix_libpath_], [$1])=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` + fi],[]) + if test -z "$_LT_TAGVAR([lt_cv_aix_libpath_], [$1])"; then + _LT_TAGVAR([lt_cv_aix_libpath_], [$1])="/usr/lib:/lib" + fi + ]) + aix_libpath=$_LT_TAGVAR([lt_cv_aix_libpath_], [$1]) +fi +])# _LT_SYS_MODULE_PATH_AIX + + +# _LT_SHELL_INIT(ARG) +# ------------------- +m4_define([_LT_SHELL_INIT], +[m4_divert_text([M4SH-INIT], [$1 +])])# _LT_SHELL_INIT + + + +# _LT_PROG_ECHO_BACKSLASH +# ----------------------- +# Find how we can fake an echo command that does not interpret backslash. +# In particular, with Autoconf 2.60 or later we add some code to the start +# of the generated configure script which will find a shell with a builtin +# printf (which we can use as an echo command). +m4_defun([_LT_PROG_ECHO_BACKSLASH], +[ECHO='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' +ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO +ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO$ECHO + +AC_MSG_CHECKING([how to print strings]) +# Test print first, because it will be a builtin if present. +if test "X`( print -r -- -n ) 2>/dev/null`" = X-n && \ + test "X`print -r -- $ECHO 2>/dev/null`" = "X$ECHO"; then + ECHO='print -r --' +elif test "X`printf %s $ECHO 2>/dev/null`" = "X$ECHO"; then + ECHO='printf %s\n' +else + # Use this function as a fallback that always works. + func_fallback_echo () + { + eval 'cat <<_LTECHO_EOF +$[]1 +_LTECHO_EOF' + } + ECHO='func_fallback_echo' +fi + +# func_echo_all arg... +# Invoke $ECHO with all args, space-separated. +func_echo_all () +{ + $ECHO "$*" +} + +case "$ECHO" in + printf*) AC_MSG_RESULT([printf]) ;; + print*) AC_MSG_RESULT([print -r]) ;; + *) AC_MSG_RESULT([cat]) ;; +esac + +m4_ifdef([_AS_DETECT_SUGGESTED], +[_AS_DETECT_SUGGESTED([ + test -n "${ZSH_VERSION+set}${BASH_VERSION+set}" || ( + ECHO='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' + ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO + ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO$ECHO + PATH=/empty FPATH=/empty; export PATH FPATH + test "X`printf %s $ECHO`" = "X$ECHO" \ + || test "X`print -r -- $ECHO`" = "X$ECHO" )])]) + +_LT_DECL([], [SHELL], [1], [Shell to use when invoking shell scripts]) +_LT_DECL([], [ECHO], [1], [An echo program that protects backslashes]) +])# _LT_PROG_ECHO_BACKSLASH + + +# _LT_WITH_SYSROOT +# ---------------- +AC_DEFUN([_LT_WITH_SYSROOT], +[AC_MSG_CHECKING([for sysroot]) +AC_ARG_WITH([sysroot], +[ --with-sysroot[=DIR] Search for dependent libraries within DIR + (or the compiler's sysroot if not specified).], +[], [with_sysroot=no]) + +dnl lt_sysroot will always be passed unquoted. We quote it here +dnl in case the user passed a directory name. +lt_sysroot= +case ${with_sysroot} in #( + yes) + if test "$GCC" = yes; then + lt_sysroot=`$CC --print-sysroot 2>/dev/null` + fi + ;; #( + /*) + lt_sysroot=`echo "$with_sysroot" | sed -e "$sed_quote_subst"` + ;; #( + no|'') + ;; #( + *) + AC_MSG_RESULT([${with_sysroot}]) + AC_MSG_ERROR([The sysroot must be an absolute path.]) + ;; +esac + + AC_MSG_RESULT([${lt_sysroot:-no}]) +_LT_DECL([], [lt_sysroot], [0], [The root where to search for ]dnl +[dependent libraries, and in which our libraries should be installed.])]) + +# _LT_ENABLE_LOCK +# --------------- +m4_defun([_LT_ENABLE_LOCK], +[AC_ARG_ENABLE([libtool-lock], + [AS_HELP_STRING([--disable-libtool-lock], + [avoid locking (might break parallel builds)])]) +test "x$enable_libtool_lock" != xno && enable_libtool_lock=yes + +# Some flags need to be propagated to the compiler or linker for good +# libtool support. +case $host in +ia64-*-hpux*) + # Find out which ABI we are using. + echo 'int i;' > conftest.$ac_ext + if AC_TRY_EVAL(ac_compile); then + case `/usr/bin/file conftest.$ac_objext` in + *ELF-32*) + HPUX_IA64_MODE="32" + ;; + *ELF-64*) + HPUX_IA64_MODE="64" + ;; + esac + fi + rm -rf conftest* + ;; +*-*-irix6*) + # Find out which ABI we are using. + echo '[#]line '$LINENO' "configure"' > conftest.$ac_ext + if AC_TRY_EVAL(ac_compile); then + if test "$lt_cv_prog_gnu_ld" = yes; then + case `/usr/bin/file conftest.$ac_objext` in + *32-bit*) + LD="${LD-ld} -melf32bsmip" + ;; + *N32*) + LD="${LD-ld} -melf32bmipn32" + ;; + *64-bit*) + LD="${LD-ld} -melf64bmip" + ;; + esac + else + case `/usr/bin/file conftest.$ac_objext` in + *32-bit*) + LD="${LD-ld} -32" + ;; + *N32*) + LD="${LD-ld} -n32" + ;; + *64-bit*) + LD="${LD-ld} -64" + ;; + esac + fi + fi + rm -rf conftest* + ;; + +x86_64-*kfreebsd*-gnu|x86_64-*linux*|ppc*-*linux*|powerpc*-*linux*| \ +s390*-*linux*|s390*-*tpf*|sparc*-*linux*) + # Find out which ABI we are using. + echo 'int i;' > conftest.$ac_ext + if AC_TRY_EVAL(ac_compile); then + case `/usr/bin/file conftest.o` in + *32-bit*) + case $host in + x86_64-*kfreebsd*-gnu) + LD="${LD-ld} -m elf_i386_fbsd" + ;; + x86_64-*linux*) + LD="${LD-ld} -m elf_i386" + ;; + ppc64-*linux*|powerpc64-*linux*) + LD="${LD-ld} -m elf32ppclinux" + ;; + s390x-*linux*) + LD="${LD-ld} -m elf_s390" + ;; + sparc64-*linux*) + LD="${LD-ld} -m elf32_sparc" + ;; + esac + ;; + *64-bit*) + case $host in + x86_64-*kfreebsd*-gnu) + LD="${LD-ld} -m elf_x86_64_fbsd" + ;; + x86_64-*linux*) + LD="${LD-ld} -m elf_x86_64" + ;; + ppc*-*linux*|powerpc*-*linux*) + LD="${LD-ld} -m elf64ppc" + ;; + s390*-*linux*|s390*-*tpf*) + LD="${LD-ld} -m elf64_s390" + ;; + sparc*-*linux*) + LD="${LD-ld} -m elf64_sparc" + ;; + esac + ;; + esac + fi + rm -rf conftest* + ;; + +*-*-sco3.2v5*) + # On SCO OpenServer 5, we need -belf to get full-featured binaries. + SAVE_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS -belf" + AC_CACHE_CHECK([whether the C compiler needs -belf], lt_cv_cc_needs_belf, + [AC_LANG_PUSH(C) + AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],[[]])],[lt_cv_cc_needs_belf=yes],[lt_cv_cc_needs_belf=no]) + AC_LANG_POP]) + if test x"$lt_cv_cc_needs_belf" != x"yes"; then + # this is probably gcc 2.8.0, egcs 1.0 or newer; no need for -belf + CFLAGS="$SAVE_CFLAGS" + fi + ;; +*-*solaris*) + # Find out which ABI we are using. + echo 'int i;' > conftest.$ac_ext + if AC_TRY_EVAL(ac_compile); then + case `/usr/bin/file conftest.o` in + *64-bit*) + case $lt_cv_prog_gnu_ld in + yes*) + case $host in + i?86-*-solaris*) + LD="${LD-ld} -m elf_x86_64" + ;; + sparc*-*-solaris*) + LD="${LD-ld} -m elf64_sparc" + ;; + esac + # GNU ld 2.21 introduced _sol2 emulations. Use them if available. + if ${LD-ld} -V | grep _sol2 >/dev/null 2>&1; then + LD="${LD-ld}_sol2" + fi + ;; + *) + if ${LD-ld} -64 -r -o conftest2.o conftest.o >/dev/null 2>&1; then + LD="${LD-ld} -64" + fi + ;; + esac + ;; + esac + fi + rm -rf conftest* + ;; +esac + +need_locks="$enable_libtool_lock" +])# _LT_ENABLE_LOCK + + +# _LT_PROG_AR +# ----------- +m4_defun([_LT_PROG_AR], +[AC_CHECK_TOOLS(AR, [ar], false) +: ${AR=ar} +: ${AR_FLAGS=cru} +_LT_DECL([], [AR], [1], [The archiver]) +_LT_DECL([], [AR_FLAGS], [1], [Flags to create an archive]) + +AC_CACHE_CHECK([for archiver @FILE support], [lt_cv_ar_at_file], + [lt_cv_ar_at_file=no + AC_COMPILE_IFELSE([AC_LANG_PROGRAM], + [echo conftest.$ac_objext > conftest.lst + lt_ar_try='$AR $AR_FLAGS libconftest.a @conftest.lst >&AS_MESSAGE_LOG_FD' + AC_TRY_EVAL([lt_ar_try]) + if test "$ac_status" -eq 0; then + # Ensure the archiver fails upon bogus file names. + rm -f conftest.$ac_objext libconftest.a + AC_TRY_EVAL([lt_ar_try]) + if test "$ac_status" -ne 0; then + lt_cv_ar_at_file=@ + fi + fi + rm -f conftest.* libconftest.a + ]) + ]) + +if test "x$lt_cv_ar_at_file" = xno; then + archiver_list_spec= +else + archiver_list_spec=$lt_cv_ar_at_file +fi +_LT_DECL([], [archiver_list_spec], [1], + [How to feed a file listing to the archiver]) +])# _LT_PROG_AR + + +# _LT_CMD_OLD_ARCHIVE +# ------------------- +m4_defun([_LT_CMD_OLD_ARCHIVE], +[_LT_PROG_AR + +AC_CHECK_TOOL(STRIP, strip, :) +test -z "$STRIP" && STRIP=: +_LT_DECL([], [STRIP], [1], [A symbol stripping program]) + +AC_CHECK_TOOL(RANLIB, ranlib, :) +test -z "$RANLIB" && RANLIB=: +_LT_DECL([], [RANLIB], [1], + [Commands used to install an old-style archive]) + +# Determine commands to create old-style static archives. +old_archive_cmds='$AR $AR_FLAGS $oldlib$oldobjs' +old_postinstall_cmds='chmod 644 $oldlib' +old_postuninstall_cmds= + +if test -n "$RANLIB"; then + case $host_os in + openbsd*) + old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB -t \$tool_oldlib" + ;; + *) + old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB \$tool_oldlib" + ;; + esac + old_archive_cmds="$old_archive_cmds~\$RANLIB \$tool_oldlib" +fi + +case $host_os in + darwin*) + lock_old_archive_extraction=yes ;; + *) + lock_old_archive_extraction=no ;; +esac +_LT_DECL([], [old_postinstall_cmds], [2]) +_LT_DECL([], [old_postuninstall_cmds], [2]) +_LT_TAGDECL([], [old_archive_cmds], [2], + [Commands used to build an old-style archive]) +_LT_DECL([], [lock_old_archive_extraction], [0], + [Whether to use a lock for old archive extraction]) +])# _LT_CMD_OLD_ARCHIVE + + +# _LT_COMPILER_OPTION(MESSAGE, VARIABLE-NAME, FLAGS, +# [OUTPUT-FILE], [ACTION-SUCCESS], [ACTION-FAILURE]) +# ---------------------------------------------------------------- +# Check whether the given compiler option works +AC_DEFUN([_LT_COMPILER_OPTION], +[m4_require([_LT_FILEUTILS_DEFAULTS])dnl +m4_require([_LT_DECL_SED])dnl +AC_CACHE_CHECK([$1], [$2], + [$2=no + m4_if([$4], , [ac_outfile=conftest.$ac_objext], [ac_outfile=$4]) + echo "$lt_simple_compile_test_code" > conftest.$ac_ext + lt_compiler_flag="$3" + # Insert the option either (1) after the last *FLAGS variable, or + # (2) before a word containing "conftest.", or (3) at the end. + # Note that $ac_compile itself does not contain backslashes and begins + # with a dollar sign (not a hyphen), so the echo should work correctly. + # The option is referenced via a variable to avoid confusing sed. + lt_compile=`echo "$ac_compile" | $SED \ + -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ + -e 's: [[^ ]]*conftest\.: $lt_compiler_flag&:; t' \ + -e 's:$: $lt_compiler_flag:'` + (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&AS_MESSAGE_LOG_FD) + (eval "$lt_compile" 2>conftest.err) + ac_status=$? + cat conftest.err >&AS_MESSAGE_LOG_FD + echo "$as_me:$LINENO: \$? = $ac_status" >&AS_MESSAGE_LOG_FD + if (exit $ac_status) && test -s "$ac_outfile"; then + # The compiler can only warn and ignore the option if not recognized + # So say no if there are warnings other than the usual output. + $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' >conftest.exp + $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 + if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then + $2=yes + fi + fi + $RM conftest* +]) + +if test x"[$]$2" = xyes; then + m4_if([$5], , :, [$5]) +else + m4_if([$6], , :, [$6]) +fi +])# _LT_COMPILER_OPTION + +# Old name: +AU_ALIAS([AC_LIBTOOL_COMPILER_OPTION], [_LT_COMPILER_OPTION]) +dnl aclocal-1.4 backwards compatibility: +dnl AC_DEFUN([AC_LIBTOOL_COMPILER_OPTION], []) + + +# _LT_LINKER_OPTION(MESSAGE, VARIABLE-NAME, FLAGS, +# [ACTION-SUCCESS], [ACTION-FAILURE]) +# ---------------------------------------------------- +# Check whether the given linker option works +AC_DEFUN([_LT_LINKER_OPTION], +[m4_require([_LT_FILEUTILS_DEFAULTS])dnl +m4_require([_LT_DECL_SED])dnl +AC_CACHE_CHECK([$1], [$2], + [$2=no + save_LDFLAGS="$LDFLAGS" + LDFLAGS="$LDFLAGS $3" + echo "$lt_simple_link_test_code" > conftest.$ac_ext + if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then + # The linker can only warn and ignore the option if not recognized + # So say no if there are warnings + if test -s conftest.err; then + # Append any errors to the config.log. + cat conftest.err 1>&AS_MESSAGE_LOG_FD + $ECHO "$_lt_linker_boilerplate" | $SED '/^$/d' > conftest.exp + $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 + if diff conftest.exp conftest.er2 >/dev/null; then + $2=yes + fi + else + $2=yes + fi + fi + $RM -r conftest* + LDFLAGS="$save_LDFLAGS" +]) + +if test x"[$]$2" = xyes; then + m4_if([$4], , :, [$4]) +else + m4_if([$5], , :, [$5]) +fi +])# _LT_LINKER_OPTION + +# Old name: +AU_ALIAS([AC_LIBTOOL_LINKER_OPTION], [_LT_LINKER_OPTION]) +dnl aclocal-1.4 backwards compatibility: +dnl AC_DEFUN([AC_LIBTOOL_LINKER_OPTION], []) + + +# LT_CMD_MAX_LEN +#--------------- +AC_DEFUN([LT_CMD_MAX_LEN], +[AC_REQUIRE([AC_CANONICAL_HOST])dnl +# find the maximum length of command line arguments +AC_MSG_CHECKING([the maximum length of command line arguments]) +AC_CACHE_VAL([lt_cv_sys_max_cmd_len], [dnl + i=0 + teststring="ABCD" + + case $build_os in + msdosdjgpp*) + # On DJGPP, this test can blow up pretty badly due to problems in libc + # (any single argument exceeding 2000 bytes causes a buffer overrun + # during glob expansion). Even if it were fixed, the result of this + # check would be larger than it should be. + lt_cv_sys_max_cmd_len=12288; # 12K is about right + ;; + + gnu*) + # Under GNU Hurd, this test is not required because there is + # no limit to the length of command line arguments. + # Libtool will interpret -1 as no limit whatsoever + lt_cv_sys_max_cmd_len=-1; + ;; + + cygwin* | mingw* | cegcc*) + # On Win9x/ME, this test blows up -- it succeeds, but takes + # about 5 minutes as the teststring grows exponentially. + # Worse, since 9x/ME are not pre-emptively multitasking, + # you end up with a "frozen" computer, even though with patience + # the test eventually succeeds (with a max line length of 256k). + # Instead, let's just punt: use the minimum linelength reported by + # all of the supported platforms: 8192 (on NT/2K/XP). + lt_cv_sys_max_cmd_len=8192; + ;; + + mint*) + # On MiNT this can take a long time and run out of memory. + lt_cv_sys_max_cmd_len=8192; + ;; + + amigaos*) + # On AmigaOS with pdksh, this test takes hours, literally. + # So we just punt and use a minimum line length of 8192. + lt_cv_sys_max_cmd_len=8192; + ;; + + netbsd* | freebsd* | openbsd* | darwin* | dragonfly*) + # This has been around since 386BSD, at least. Likely further. + if test -x /sbin/sysctl; then + lt_cv_sys_max_cmd_len=`/sbin/sysctl -n kern.argmax` + elif test -x /usr/sbin/sysctl; then + lt_cv_sys_max_cmd_len=`/usr/sbin/sysctl -n kern.argmax` + else + lt_cv_sys_max_cmd_len=65536 # usable default for all BSDs + fi + # And add a safety zone + lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4` + lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3` + ;; + + interix*) + # We know the value 262144 and hardcode it with a safety zone (like BSD) + lt_cv_sys_max_cmd_len=196608 + ;; + + os2*) + # The test takes a long time on OS/2. + lt_cv_sys_max_cmd_len=8192 + ;; + + osf*) + # Dr. Hans Ekkehard Plesser reports seeing a kernel panic running configure + # due to this test when exec_disable_arg_limit is 1 on Tru64. It is not + # nice to cause kernel panics so lets avoid the loop below. + # First set a reasonable default. + lt_cv_sys_max_cmd_len=16384 + # + if test -x /sbin/sysconfig; then + case `/sbin/sysconfig -q proc exec_disable_arg_limit` in + *1*) lt_cv_sys_max_cmd_len=-1 ;; + esac + fi + ;; + sco3.2v5*) + lt_cv_sys_max_cmd_len=102400 + ;; + sysv5* | sco5v6* | sysv4.2uw2*) + kargmax=`grep ARG_MAX /etc/conf/cf.d/stune 2>/dev/null` + if test -n "$kargmax"; then + lt_cv_sys_max_cmd_len=`echo $kargmax | sed 's/.*[[ ]]//'` + else + lt_cv_sys_max_cmd_len=32768 + fi + ;; + *) + lt_cv_sys_max_cmd_len=`(getconf ARG_MAX) 2> /dev/null` + if test -n "$lt_cv_sys_max_cmd_len"; then + lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4` + lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3` + else + # Make teststring a little bigger before we do anything with it. + # a 1K string should be a reasonable start. + for i in 1 2 3 4 5 6 7 8 ; do + teststring=$teststring$teststring + done + SHELL=${SHELL-${CONFIG_SHELL-/bin/sh}} + # If test is not a shell built-in, we'll probably end up computing a + # maximum length that is only half of the actual maximum length, but + # we can't tell. + while { test "X"`env echo "$teststring$teststring" 2>/dev/null` \ + = "X$teststring$teststring"; } >/dev/null 2>&1 && + test $i != 17 # 1/2 MB should be enough + do + i=`expr $i + 1` + teststring=$teststring$teststring + done + # Only check the string length outside the loop. + lt_cv_sys_max_cmd_len=`expr "X$teststring" : ".*" 2>&1` + teststring= + # Add a significant safety factor because C++ compilers can tack on + # massive amounts of additional arguments before passing them to the + # linker. It appears as though 1/2 is a usable value. + lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 2` + fi + ;; + esac +]) +if test -n $lt_cv_sys_max_cmd_len ; then + AC_MSG_RESULT($lt_cv_sys_max_cmd_len) +else + AC_MSG_RESULT(none) +fi +max_cmd_len=$lt_cv_sys_max_cmd_len +_LT_DECL([], [max_cmd_len], [0], + [What is the maximum length of a command?]) +])# LT_CMD_MAX_LEN + +# Old name: +AU_ALIAS([AC_LIBTOOL_SYS_MAX_CMD_LEN], [LT_CMD_MAX_LEN]) +dnl aclocal-1.4 backwards compatibility: +dnl AC_DEFUN([AC_LIBTOOL_SYS_MAX_CMD_LEN], []) + + +# _LT_HEADER_DLFCN +# ---------------- +m4_defun([_LT_HEADER_DLFCN], +[AC_CHECK_HEADERS([dlfcn.h], [], [], [AC_INCLUDES_DEFAULT])dnl +])# _LT_HEADER_DLFCN + + +# _LT_TRY_DLOPEN_SELF (ACTION-IF-TRUE, ACTION-IF-TRUE-W-USCORE, +# ACTION-IF-FALSE, ACTION-IF-CROSS-COMPILING) +# ---------------------------------------------------------------- +m4_defun([_LT_TRY_DLOPEN_SELF], +[m4_require([_LT_HEADER_DLFCN])dnl +if test "$cross_compiling" = yes; then : + [$4] +else + lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 + lt_status=$lt_dlunknown + cat > conftest.$ac_ext <<_LT_EOF +[#line $LINENO "configure" +#include "confdefs.h" + +#if HAVE_DLFCN_H +#include +#endif + +#include + +#ifdef RTLD_GLOBAL +# define LT_DLGLOBAL RTLD_GLOBAL +#else +# ifdef DL_GLOBAL +# define LT_DLGLOBAL DL_GLOBAL +# else +# define LT_DLGLOBAL 0 +# endif +#endif + +/* We may have to define LT_DLLAZY_OR_NOW in the command line if we + find out it does not work in some platform. */ +#ifndef LT_DLLAZY_OR_NOW +# ifdef RTLD_LAZY +# define LT_DLLAZY_OR_NOW RTLD_LAZY +# else +# ifdef DL_LAZY +# define LT_DLLAZY_OR_NOW DL_LAZY +# else +# ifdef RTLD_NOW +# define LT_DLLAZY_OR_NOW RTLD_NOW +# else +# ifdef DL_NOW +# define LT_DLLAZY_OR_NOW DL_NOW +# else +# define LT_DLLAZY_OR_NOW 0 +# endif +# endif +# endif +# endif +#endif + +/* When -fvisbility=hidden is used, assume the code has been annotated + correspondingly for the symbols needed. */ +#if defined(__GNUC__) && (((__GNUC__ == 3) && (__GNUC_MINOR__ >= 3)) || (__GNUC__ > 3)) +int fnord () __attribute__((visibility("default"))); +#endif + +int fnord () { return 42; } +int main () +{ + void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW); + int status = $lt_dlunknown; + + if (self) + { + if (dlsym (self,"fnord")) status = $lt_dlno_uscore; + else + { + if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore; + else puts (dlerror ()); + } + /* dlclose (self); */ + } + else + puts (dlerror ()); + + return status; +}] +_LT_EOF + if AC_TRY_EVAL(ac_link) && test -s conftest${ac_exeext} 2>/dev/null; then + (./conftest; exit; ) >&AS_MESSAGE_LOG_FD 2>/dev/null + lt_status=$? + case x$lt_status in + x$lt_dlno_uscore) $1 ;; + x$lt_dlneed_uscore) $2 ;; + x$lt_dlunknown|x*) $3 ;; + esac + else : + # compilation failed + $3 + fi +fi +rm -fr conftest* +])# _LT_TRY_DLOPEN_SELF + + +# LT_SYS_DLOPEN_SELF +# ------------------ +AC_DEFUN([LT_SYS_DLOPEN_SELF], +[m4_require([_LT_HEADER_DLFCN])dnl +if test "x$enable_dlopen" != xyes; then + enable_dlopen=unknown + enable_dlopen_self=unknown + enable_dlopen_self_static=unknown +else + lt_cv_dlopen=no + lt_cv_dlopen_libs= + + case $host_os in + beos*) + lt_cv_dlopen="load_add_on" + lt_cv_dlopen_libs= + lt_cv_dlopen_self=yes + ;; + + mingw* | pw32* | cegcc*) + lt_cv_dlopen="LoadLibrary" + lt_cv_dlopen_libs= + ;; + + cygwin*) + lt_cv_dlopen="dlopen" + lt_cv_dlopen_libs= + ;; + + darwin*) + # if libdl is installed we need to link against it + AC_CHECK_LIB([dl], [dlopen], + [lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl"],[ + lt_cv_dlopen="dyld" + lt_cv_dlopen_libs= + lt_cv_dlopen_self=yes + ]) + ;; + + *) + AC_CHECK_FUNC([shl_load], + [lt_cv_dlopen="shl_load"], + [AC_CHECK_LIB([dld], [shl_load], + [lt_cv_dlopen="shl_load" lt_cv_dlopen_libs="-ldld"], + [AC_CHECK_FUNC([dlopen], + [lt_cv_dlopen="dlopen"], + [AC_CHECK_LIB([dl], [dlopen], + [lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl"], + [AC_CHECK_LIB([svld], [dlopen], + [lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-lsvld"], + [AC_CHECK_LIB([dld], [dld_link], + [lt_cv_dlopen="dld_link" lt_cv_dlopen_libs="-ldld"]) + ]) + ]) + ]) + ]) + ]) + ;; + esac + + if test "x$lt_cv_dlopen" != xno; then + enable_dlopen=yes + else + enable_dlopen=no + fi + + case $lt_cv_dlopen in + dlopen) + save_CPPFLAGS="$CPPFLAGS" + test "x$ac_cv_header_dlfcn_h" = xyes && CPPFLAGS="$CPPFLAGS -DHAVE_DLFCN_H" + + save_LDFLAGS="$LDFLAGS" + wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $export_dynamic_flag_spec\" + + save_LIBS="$LIBS" + LIBS="$lt_cv_dlopen_libs $LIBS" + + AC_CACHE_CHECK([whether a program can dlopen itself], + lt_cv_dlopen_self, [dnl + _LT_TRY_DLOPEN_SELF( + lt_cv_dlopen_self=yes, lt_cv_dlopen_self=yes, + lt_cv_dlopen_self=no, lt_cv_dlopen_self=cross) + ]) + + if test "x$lt_cv_dlopen_self" = xyes; then + wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $lt_prog_compiler_static\" + AC_CACHE_CHECK([whether a statically linked program can dlopen itself], + lt_cv_dlopen_self_static, [dnl + _LT_TRY_DLOPEN_SELF( + lt_cv_dlopen_self_static=yes, lt_cv_dlopen_self_static=yes, + lt_cv_dlopen_self_static=no, lt_cv_dlopen_self_static=cross) + ]) + fi + + CPPFLAGS="$save_CPPFLAGS" + LDFLAGS="$save_LDFLAGS" + LIBS="$save_LIBS" + ;; + esac + + case $lt_cv_dlopen_self in + yes|no) enable_dlopen_self=$lt_cv_dlopen_self ;; + *) enable_dlopen_self=unknown ;; + esac + + case $lt_cv_dlopen_self_static in + yes|no) enable_dlopen_self_static=$lt_cv_dlopen_self_static ;; + *) enable_dlopen_self_static=unknown ;; + esac +fi +_LT_DECL([dlopen_support], [enable_dlopen], [0], + [Whether dlopen is supported]) +_LT_DECL([dlopen_self], [enable_dlopen_self], [0], + [Whether dlopen of programs is supported]) +_LT_DECL([dlopen_self_static], [enable_dlopen_self_static], [0], + [Whether dlopen of statically linked programs is supported]) +])# LT_SYS_DLOPEN_SELF + +# Old name: +AU_ALIAS([AC_LIBTOOL_DLOPEN_SELF], [LT_SYS_DLOPEN_SELF]) +dnl aclocal-1.4 backwards compatibility: +dnl AC_DEFUN([AC_LIBTOOL_DLOPEN_SELF], []) + + +# _LT_COMPILER_C_O([TAGNAME]) +# --------------------------- +# Check to see if options -c and -o are simultaneously supported by compiler. +# This macro does not hard code the compiler like AC_PROG_CC_C_O. +m4_defun([_LT_COMPILER_C_O], +[m4_require([_LT_DECL_SED])dnl +m4_require([_LT_FILEUTILS_DEFAULTS])dnl +m4_require([_LT_TAG_COMPILER])dnl +AC_CACHE_CHECK([if $compiler supports -c -o file.$ac_objext], + [_LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)], + [_LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)=no + $RM -r conftest 2>/dev/null + mkdir conftest + cd conftest + mkdir out + echo "$lt_simple_compile_test_code" > conftest.$ac_ext + + lt_compiler_flag="-o out/conftest2.$ac_objext" + # Insert the option either (1) after the last *FLAGS variable, or + # (2) before a word containing "conftest.", or (3) at the end. + # Note that $ac_compile itself does not contain backslashes and begins + # with a dollar sign (not a hyphen), so the echo should work correctly. + lt_compile=`echo "$ac_compile" | $SED \ + -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ + -e 's: [[^ ]]*conftest\.: $lt_compiler_flag&:; t' \ + -e 's:$: $lt_compiler_flag:'` + (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&AS_MESSAGE_LOG_FD) + (eval "$lt_compile" 2>out/conftest.err) + ac_status=$? + cat out/conftest.err >&AS_MESSAGE_LOG_FD + echo "$as_me:$LINENO: \$? = $ac_status" >&AS_MESSAGE_LOG_FD + if (exit $ac_status) && test -s out/conftest2.$ac_objext + then + # The compiler can only warn and ignore the option if not recognized + # So say no if there are warnings + $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' > out/conftest.exp + $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2 + if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then + _LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)=yes + fi + fi + chmod u+w . 2>&AS_MESSAGE_LOG_FD + $RM conftest* + # SGI C++ compiler will create directory out/ii_files/ for + # template instantiation + test -d out/ii_files && $RM out/ii_files/* && rmdir out/ii_files + $RM out/* && rmdir out + cd .. + $RM -r conftest + $RM conftest* +]) +_LT_TAGDECL([compiler_c_o], [lt_cv_prog_compiler_c_o], [1], + [Does compiler simultaneously support -c and -o options?]) +])# _LT_COMPILER_C_O + + +# _LT_COMPILER_FILE_LOCKS([TAGNAME]) +# ---------------------------------- +# Check to see if we can do hard links to lock some files if needed +m4_defun([_LT_COMPILER_FILE_LOCKS], +[m4_require([_LT_ENABLE_LOCK])dnl +m4_require([_LT_FILEUTILS_DEFAULTS])dnl +_LT_COMPILER_C_O([$1]) + +hard_links="nottested" +if test "$_LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)" = no && test "$need_locks" != no; then + # do not overwrite the value of need_locks provided by the user + AC_MSG_CHECKING([if we can lock with hard links]) + hard_links=yes + $RM conftest* + ln conftest.a conftest.b 2>/dev/null && hard_links=no + touch conftest.a + ln conftest.a conftest.b 2>&5 || hard_links=no + ln conftest.a conftest.b 2>/dev/null && hard_links=no + AC_MSG_RESULT([$hard_links]) + if test "$hard_links" = no; then + AC_MSG_WARN([`$CC' does not support `-c -o', so `make -j' may be unsafe]) + need_locks=warn + fi +else + need_locks=no +fi +_LT_DECL([], [need_locks], [1], [Must we lock files when doing compilation?]) +])# _LT_COMPILER_FILE_LOCKS + + +# _LT_CHECK_OBJDIR +# ---------------- +m4_defun([_LT_CHECK_OBJDIR], +[AC_CACHE_CHECK([for objdir], [lt_cv_objdir], +[rm -f .libs 2>/dev/null +mkdir .libs 2>/dev/null +if test -d .libs; then + lt_cv_objdir=.libs +else + # MS-DOS does not allow filenames that begin with a dot. + lt_cv_objdir=_libs +fi +rmdir .libs 2>/dev/null]) +objdir=$lt_cv_objdir +_LT_DECL([], [objdir], [0], + [The name of the directory that contains temporary libtool files])dnl +m4_pattern_allow([LT_OBJDIR])dnl +AC_DEFINE_UNQUOTED(LT_OBJDIR, "$lt_cv_objdir/", + [Define to the sub-directory in which libtool stores uninstalled libraries.]) +])# _LT_CHECK_OBJDIR + + +# _LT_LINKER_HARDCODE_LIBPATH([TAGNAME]) +# -------------------------------------- +# Check hardcoding attributes. +m4_defun([_LT_LINKER_HARDCODE_LIBPATH], +[AC_MSG_CHECKING([how to hardcode library paths into programs]) +_LT_TAGVAR(hardcode_action, $1)= +if test -n "$_LT_TAGVAR(hardcode_libdir_flag_spec, $1)" || + test -n "$_LT_TAGVAR(runpath_var, $1)" || + test "X$_LT_TAGVAR(hardcode_automatic, $1)" = "Xyes" ; then + + # We can hardcode non-existent directories. + if test "$_LT_TAGVAR(hardcode_direct, $1)" != no && + # If the only mechanism to avoid hardcoding is shlibpath_var, we + # have to relink, otherwise we might link with an installed library + # when we should be linking with a yet-to-be-installed one + ## test "$_LT_TAGVAR(hardcode_shlibpath_var, $1)" != no && + test "$_LT_TAGVAR(hardcode_minus_L, $1)" != no; then + # Linking always hardcodes the temporary library directory. + _LT_TAGVAR(hardcode_action, $1)=relink + else + # We can link without hardcoding, and we can hardcode nonexisting dirs. + _LT_TAGVAR(hardcode_action, $1)=immediate + fi +else + # We cannot hardcode anything, or else we can only hardcode existing + # directories. + _LT_TAGVAR(hardcode_action, $1)=unsupported +fi +AC_MSG_RESULT([$_LT_TAGVAR(hardcode_action, $1)]) + +if test "$_LT_TAGVAR(hardcode_action, $1)" = relink || + test "$_LT_TAGVAR(inherit_rpath, $1)" = yes; then + # Fast installation is not supported + enable_fast_install=no +elif test "$shlibpath_overrides_runpath" = yes || + test "$enable_shared" = no; then + # Fast installation is not necessary + enable_fast_install=needless +fi +_LT_TAGDECL([], [hardcode_action], [0], + [How to hardcode a shared library path into an executable]) +])# _LT_LINKER_HARDCODE_LIBPATH + + +# _LT_CMD_STRIPLIB +# ---------------- +m4_defun([_LT_CMD_STRIPLIB], +[m4_require([_LT_DECL_EGREP]) +striplib= +old_striplib= +AC_MSG_CHECKING([whether stripping libraries is possible]) +if test -n "$STRIP" && $STRIP -V 2>&1 | $GREP "GNU strip" >/dev/null; then + test -z "$old_striplib" && old_striplib="$STRIP --strip-debug" + test -z "$striplib" && striplib="$STRIP --strip-unneeded" + AC_MSG_RESULT([yes]) +else +# FIXME - insert some real tests, host_os isn't really good enough + case $host_os in + darwin*) + if test -n "$STRIP" ; then + striplib="$STRIP -x" + old_striplib="$STRIP -S" + AC_MSG_RESULT([yes]) + else + AC_MSG_RESULT([no]) + fi + ;; + *) + AC_MSG_RESULT([no]) + ;; + esac +fi +_LT_DECL([], [old_striplib], [1], [Commands to strip libraries]) +_LT_DECL([], [striplib], [1]) +])# _LT_CMD_STRIPLIB + + +# _LT_SYS_DYNAMIC_LINKER([TAG]) +# ----------------------------- +# PORTME Fill in your ld.so characteristics +m4_defun([_LT_SYS_DYNAMIC_LINKER], +[AC_REQUIRE([AC_CANONICAL_HOST])dnl +m4_require([_LT_DECL_EGREP])dnl +m4_require([_LT_FILEUTILS_DEFAULTS])dnl +m4_require([_LT_DECL_OBJDUMP])dnl +m4_require([_LT_DECL_SED])dnl +m4_require([_LT_CHECK_SHELL_FEATURES])dnl +AC_MSG_CHECKING([dynamic linker characteristics]) +m4_if([$1], + [], [ +if test "$GCC" = yes; then + case $host_os in + darwin*) lt_awk_arg="/^libraries:/,/LR/" ;; + *) lt_awk_arg="/^libraries:/" ;; + esac + case $host_os in + mingw* | cegcc*) lt_sed_strip_eq="s,=\([[A-Za-z]]:\),\1,g" ;; + *) lt_sed_strip_eq="s,=/,/,g" ;; + esac + lt_search_path_spec=`$CC -print-search-dirs | awk $lt_awk_arg | $SED -e "s/^libraries://" -e $lt_sed_strip_eq` + case $lt_search_path_spec in + *\;*) + # if the path contains ";" then we assume it to be the separator + # otherwise default to the standard path separator (i.e. ":") - it is + # assumed that no part of a normal pathname contains ";" but that should + # okay in the real world where ";" in dirpaths is itself problematic. + lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED 's/;/ /g'` + ;; + *) + lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED "s/$PATH_SEPARATOR/ /g"` + ;; + esac + # Ok, now we have the path, separated by spaces, we can step through it + # and add multilib dir if necessary. + lt_tmp_lt_search_path_spec= + lt_multi_os_dir=`$CC $CPPFLAGS $CFLAGS $LDFLAGS -print-multi-os-directory 2>/dev/null` + for lt_sys_path in $lt_search_path_spec; do + if test -d "$lt_sys_path/$lt_multi_os_dir"; then + lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path/$lt_multi_os_dir" + else + test -d "$lt_sys_path" && \ + lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path" + fi + done + lt_search_path_spec=`$ECHO "$lt_tmp_lt_search_path_spec" | awk ' +BEGIN {RS=" "; FS="/|\n";} { + lt_foo=""; + lt_count=0; + for (lt_i = NF; lt_i > 0; lt_i--) { + if ($lt_i != "" && $lt_i != ".") { + if ($lt_i == "..") { + lt_count++; + } else { + if (lt_count == 0) { + lt_foo="/" $lt_i lt_foo; + } else { + lt_count--; + } + } + } + } + if (lt_foo != "") { lt_freq[[lt_foo]]++; } + if (lt_freq[[lt_foo]] == 1) { print lt_foo; } +}'` + # AWK program above erroneously prepends '/' to C:/dos/paths + # for these hosts. + case $host_os in + mingw* | cegcc*) lt_search_path_spec=`$ECHO "$lt_search_path_spec" |\ + $SED 's,/\([[A-Za-z]]:\),\1,g'` ;; + esac + sys_lib_search_path_spec=`$ECHO "$lt_search_path_spec" | $lt_NL2SP` +else + sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib" +fi]) +library_names_spec= +libname_spec='lib$name' +soname_spec= +shrext_cmds=".so" +postinstall_cmds= +postuninstall_cmds= +finish_cmds= +finish_eval= +shlibpath_var= +shlibpath_overrides_runpath=unknown +version_type=none +dynamic_linker="$host_os ld.so" +sys_lib_dlsearch_path_spec="/lib /usr/lib" +need_lib_prefix=unknown +hardcode_into_libs=no + +# when you set need_version to no, make sure it does not cause -set_version +# flags to be left without arguments +need_version=unknown + +case $host_os in +aix3*) + version_type=linux # correct to gnu/linux during the next big refactor + library_names_spec='${libname}${release}${shared_ext}$versuffix $libname.a' + shlibpath_var=LIBPATH + + # AIX 3 has no versioning support, so we append a major version to the name. + soname_spec='${libname}${release}${shared_ext}$major' + ;; + +aix[[4-9]]*) + version_type=linux # correct to gnu/linux during the next big refactor + need_lib_prefix=no + need_version=no + hardcode_into_libs=yes + if test "$host_cpu" = ia64; then + # AIX 5 supports IA64 + library_names_spec='${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext}$versuffix $libname${shared_ext}' + shlibpath_var=LD_LIBRARY_PATH + else + # With GCC up to 2.95.x, collect2 would create an import file + # for dependence libraries. The import file would start with + # the line `#! .'. This would cause the generated library to + # depend on `.', always an invalid library. This was fixed in + # development snapshots of GCC prior to 3.0. + case $host_os in + aix4 | aix4.[[01]] | aix4.[[01]].*) + if { echo '#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 97)' + echo ' yes ' + echo '#endif'; } | ${CC} -E - | $GREP yes > /dev/null; then + : + else + can_build_shared=no + fi + ;; + esac + # AIX (on Power*) has no versioning support, so currently we can not hardcode correct + # soname into executable. Probably we can add versioning support to + # collect2, so additional links can be useful in future. + if test "$aix_use_runtimelinking" = yes; then + # If using run time linking (on AIX 4.2 or later) use lib.so + # instead of lib.a to let people know that these are not + # typical AIX shared libraries. + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + else + # We preserve .a as extension for shared libraries through AIX4.2 + # and later when we are not doing run time linking. + library_names_spec='${libname}${release}.a $libname.a' + soname_spec='${libname}${release}${shared_ext}$major' + fi + shlibpath_var=LIBPATH + fi + ;; + +amigaos*) + case $host_cpu in + powerpc) + # Since July 2007 AmigaOS4 officially supports .so libraries. + # When compiling the executable, add -use-dynld -Lsobjs: to the compileline. + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + ;; + m68k) + library_names_spec='$libname.ixlibrary $libname.a' + # Create ${libname}_ixlibrary.a entries in /sys/libs. + finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`func_echo_all "$lib" | $SED '\''s%^.*/\([[^/]]*\)\.ixlibrary$%\1%'\''`; test $RM /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done' + ;; + esac + ;; + +beos*) + library_names_spec='${libname}${shared_ext}' + dynamic_linker="$host_os ld.so" + shlibpath_var=LIBRARY_PATH + ;; + +bsdi[[45]]*) + version_type=linux # correct to gnu/linux during the next big refactor + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + finish_cmds='PATH="\$PATH:/sbin" ldconfig $libdir' + shlibpath_var=LD_LIBRARY_PATH + sys_lib_search_path_spec="/shlib /usr/lib /usr/X11/lib /usr/contrib/lib /lib /usr/local/lib" + sys_lib_dlsearch_path_spec="/shlib /usr/lib /usr/local/lib" + # the default ld.so.conf also contains /usr/contrib/lib and + # /usr/X11R6/lib (/usr/X11 is a link to /usr/X11R6), but let us allow + # libtool to hard-code these into programs + ;; + +cygwin* | mingw* | pw32* | cegcc*) + version_type=windows + shrext_cmds=".dll" + need_version=no + need_lib_prefix=no + + case $GCC,$cc_basename in + yes,*) + # gcc + library_names_spec='$libname.dll.a' + # DLL is installed to $(libdir)/../bin by postinstall_cmds + postinstall_cmds='base_file=`basename \${file}`~ + dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\${base_file}'\''i; echo \$dlname'\''`~ + dldir=$destdir/`dirname \$dlpath`~ + test -d \$dldir || mkdir -p \$dldir~ + $install_prog $dir/$dlname \$dldir/$dlname~ + chmod a+x \$dldir/$dlname~ + if test -n '\''$stripme'\'' && test -n '\''$striplib'\''; then + eval '\''$striplib \$dldir/$dlname'\'' || exit \$?; + fi' + postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~ + dlpath=$dir/\$dldll~ + $RM \$dlpath' + shlibpath_overrides_runpath=yes + + case $host_os in + cygwin*) + # Cygwin DLLs use 'cyg' prefix rather than 'lib' + soname_spec='`echo ${libname} | sed -e 's/^lib/cyg/'``echo ${release} | $SED -e 's/[[.]]/-/g'`${versuffix}${shared_ext}' +m4_if([$1], [],[ + sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/lib/w32api"]) + ;; + mingw* | cegcc*) + # MinGW DLLs use traditional 'lib' prefix + soname_spec='${libname}`echo ${release} | $SED -e 's/[[.]]/-/g'`${versuffix}${shared_ext}' + ;; + pw32*) + # pw32 DLLs use 'pw' prefix rather than 'lib' + library_names_spec='`echo ${libname} | sed -e 's/^lib/pw/'``echo ${release} | $SED -e 's/[[.]]/-/g'`${versuffix}${shared_ext}' + ;; + esac + dynamic_linker='Win32 ld.exe' + ;; + + *,cl*) + # Native MSVC + libname_spec='$name' + soname_spec='${libname}`echo ${release} | $SED -e 's/[[.]]/-/g'`${versuffix}${shared_ext}' + library_names_spec='${libname}.dll.lib' + + case $build_os in + mingw*) + sys_lib_search_path_spec= + lt_save_ifs=$IFS + IFS=';' + for lt_path in $LIB + do + IFS=$lt_save_ifs + # Let DOS variable expansion print the short 8.3 style file name. + lt_path=`cd "$lt_path" 2>/dev/null && cmd //C "for %i in (".") do @echo %~si"` + sys_lib_search_path_spec="$sys_lib_search_path_spec $lt_path" + done + IFS=$lt_save_ifs + # Convert to MSYS style. + sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | sed -e 's|\\\\|/|g' -e 's| \\([[a-zA-Z]]\\):| /\\1|g' -e 's|^ ||'` + ;; + cygwin*) + # Convert to unix form, then to dos form, then back to unix form + # but this time dos style (no spaces!) so that the unix form looks + # like /cygdrive/c/PROGRA~1:/cygdr... + sys_lib_search_path_spec=`cygpath --path --unix "$LIB"` + sys_lib_search_path_spec=`cygpath --path --dos "$sys_lib_search_path_spec" 2>/dev/null` + sys_lib_search_path_spec=`cygpath --path --unix "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"` + ;; + *) + sys_lib_search_path_spec="$LIB" + if $ECHO "$sys_lib_search_path_spec" | [$GREP ';[c-zC-Z]:/' >/dev/null]; then + # It is most probably a Windows format PATH. + sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'` + else + sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"` + fi + # FIXME: find the short name or the path components, as spaces are + # common. (e.g. "Program Files" -> "PROGRA~1") + ;; + esac + + # DLL is installed to $(libdir)/../bin by postinstall_cmds + postinstall_cmds='base_file=`basename \${file}`~ + dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\${base_file}'\''i; echo \$dlname'\''`~ + dldir=$destdir/`dirname \$dlpath`~ + test -d \$dldir || mkdir -p \$dldir~ + $install_prog $dir/$dlname \$dldir/$dlname' + postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~ + dlpath=$dir/\$dldll~ + $RM \$dlpath' + shlibpath_overrides_runpath=yes + dynamic_linker='Win32 link.exe' + ;; + + *) + # Assume MSVC wrapper + library_names_spec='${libname}`echo ${release} | $SED -e 's/[[.]]/-/g'`${versuffix}${shared_ext} $libname.lib' + dynamic_linker='Win32 ld.exe' + ;; + esac + # FIXME: first we should search . and the directory the executable is in + shlibpath_var=PATH + ;; + +darwin* | rhapsody*) + dynamic_linker="$host_os dyld" + version_type=darwin + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${major}$shared_ext ${libname}$shared_ext' + soname_spec='${libname}${release}${major}$shared_ext' + shlibpath_overrides_runpath=yes + shlibpath_var=DYLD_LIBRARY_PATH + shrext_cmds='`test .$module = .yes && echo .so || echo .dylib`' +m4_if([$1], [],[ + sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/local/lib"]) + sys_lib_dlsearch_path_spec='/usr/local/lib /lib /usr/lib' + ;; + +dgux*) + version_type=linux # correct to gnu/linux during the next big refactor + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname$shared_ext' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + ;; + +freebsd* | dragonfly*) + # DragonFly does not have aout. When/if they implement a new + # versioning mechanism, adjust this. + if test -x /usr/bin/objformat; then + objformat=`/usr/bin/objformat` + else + case $host_os in + freebsd[[23]].*) objformat=aout ;; + *) objformat=elf ;; + esac + fi + version_type=freebsd-$objformat + case $version_type in + freebsd-elf*) + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}' + need_version=no + need_lib_prefix=no + ;; + freebsd-*) + library_names_spec='${libname}${release}${shared_ext}$versuffix $libname${shared_ext}$versuffix' + need_version=yes + ;; + esac + shlibpath_var=LD_LIBRARY_PATH + case $host_os in + freebsd2.*) + shlibpath_overrides_runpath=yes + ;; + freebsd3.[[01]]* | freebsdelf3.[[01]]*) + shlibpath_overrides_runpath=yes + hardcode_into_libs=yes + ;; + freebsd3.[[2-9]]* | freebsdelf3.[[2-9]]* | \ + freebsd4.[[0-5]] | freebsdelf4.[[0-5]] | freebsd4.1.1 | freebsdelf4.1.1) + shlibpath_overrides_runpath=no + hardcode_into_libs=yes + ;; + *) # from 4.6 on, and DragonFly + shlibpath_overrides_runpath=yes + hardcode_into_libs=yes + ;; + esac + ;; + +gnu*) + version_type=linux # correct to gnu/linux during the next big refactor + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}${major} ${libname}${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no + hardcode_into_libs=yes + ;; + +haiku*) + version_type=linux # correct to gnu/linux during the next big refactor + need_lib_prefix=no + need_version=no + dynamic_linker="$host_os runtime_loader" + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}${major} ${libname}${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LIBRARY_PATH + shlibpath_overrides_runpath=yes + sys_lib_dlsearch_path_spec='/boot/home/config/lib /boot/common/lib /boot/system/lib' + hardcode_into_libs=yes + ;; + +hpux9* | hpux10* | hpux11*) + # Give a soname corresponding to the major version so that dld.sl refuses to + # link against other versions. + version_type=sunos + need_lib_prefix=no + need_version=no + case $host_cpu in + ia64*) + shrext_cmds='.so' + hardcode_into_libs=yes + dynamic_linker="$host_os dld.so" + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + if test "X$HPUX_IA64_MODE" = X32; then + sys_lib_search_path_spec="/usr/lib/hpux32 /usr/local/lib/hpux32 /usr/local/lib" + else + sys_lib_search_path_spec="/usr/lib/hpux64 /usr/local/lib/hpux64" + fi + sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec + ;; + hppa*64*) + shrext_cmds='.sl' + hardcode_into_libs=yes + dynamic_linker="$host_os dld.sl" + shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH + shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + sys_lib_search_path_spec="/usr/lib/pa20_64 /usr/ccs/lib/pa20_64" + sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec + ;; + *) + shrext_cmds='.sl' + dynamic_linker="$host_os dld.sl" + shlibpath_var=SHLIB_PATH + shlibpath_overrides_runpath=no # +s is required to enable SHLIB_PATH + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + ;; + esac + # HP-UX runs *really* slowly unless shared libraries are mode 555, ... + postinstall_cmds='chmod 555 $lib' + # or fails outright, so override atomically: + install_override_mode=555 + ;; + +interix[[3-9]]*) + version_type=linux # correct to gnu/linux during the next big refactor + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + dynamic_linker='Interix 3.x ld.so.1 (PE, like ELF)' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no + hardcode_into_libs=yes + ;; + +irix5* | irix6* | nonstopux*) + case $host_os in + nonstopux*) version_type=nonstopux ;; + *) + if test "$lt_cv_prog_gnu_ld" = yes; then + version_type=linux # correct to gnu/linux during the next big refactor + else + version_type=irix + fi ;; + esac + need_lib_prefix=no + need_version=no + soname_spec='${libname}${release}${shared_ext}$major' + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext} $libname${shared_ext}' + case $host_os in + irix5* | nonstopux*) + libsuff= shlibsuff= + ;; + *) + case $LD in # libtool.m4 will add one of these switches to LD + *-32|*"-32 "|*-melf32bsmip|*"-melf32bsmip ") + libsuff= shlibsuff= libmagic=32-bit;; + *-n32|*"-n32 "|*-melf32bmipn32|*"-melf32bmipn32 ") + libsuff=32 shlibsuff=N32 libmagic=N32;; + *-64|*"-64 "|*-melf64bmip|*"-melf64bmip ") + libsuff=64 shlibsuff=64 libmagic=64-bit;; + *) libsuff= shlibsuff= libmagic=never-match;; + esac + ;; + esac + shlibpath_var=LD_LIBRARY${shlibsuff}_PATH + shlibpath_overrides_runpath=no + sys_lib_search_path_spec="/usr/lib${libsuff} /lib${libsuff} /usr/local/lib${libsuff}" + sys_lib_dlsearch_path_spec="/usr/lib${libsuff} /lib${libsuff}" + hardcode_into_libs=yes + ;; + +# No shared lib support for Linux oldld, aout, or coff. +linux*oldld* | linux*aout* | linux*coff*) + dynamic_linker=no + ;; + +# This must be glibc/ELF. +linux* | k*bsd*-gnu | kopensolaris*-gnu) + version_type=linux # correct to gnu/linux during the next big refactor + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + finish_cmds='PATH="\$PATH:/sbin" ldconfig -n $libdir' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no + + # Some binutils ld are patched to set DT_RUNPATH + AC_CACHE_VAL([lt_cv_shlibpath_overrides_runpath], + [lt_cv_shlibpath_overrides_runpath=no + save_LDFLAGS=$LDFLAGS + save_libdir=$libdir + eval "libdir=/foo; wl=\"$_LT_TAGVAR(lt_prog_compiler_wl, $1)\"; \ + LDFLAGS=\"\$LDFLAGS $_LT_TAGVAR(hardcode_libdir_flag_spec, $1)\"" + AC_LINK_IFELSE([AC_LANG_PROGRAM([],[])], + [AS_IF([ ($OBJDUMP -p conftest$ac_exeext) 2>/dev/null | grep "RUNPATH.*$libdir" >/dev/null], + [lt_cv_shlibpath_overrides_runpath=yes])]) + LDFLAGS=$save_LDFLAGS + libdir=$save_libdir + ]) + shlibpath_overrides_runpath=$lt_cv_shlibpath_overrides_runpath + + # This implies no fast_install, which is unacceptable. + # Some rework will be needed to allow for fast_install + # before this can be enabled. + hardcode_into_libs=yes + + # Add ABI-specific directories to the system library path. + sys_lib_dlsearch_path_spec="/lib64 /usr/lib64 /lib /usr/lib" + + # Append ld.so.conf contents to the search path + if test -f /etc/ld.so.conf; then + lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \[$]2)); skip = 1; } { if (!skip) print \[$]0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[ ]*hwcap[ ]/d;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;s/"//g;/^$/d' | tr '\n' ' '` + sys_lib_dlsearch_path_spec="$sys_lib_dlsearch_path_spec $lt_ld_extra" + + fi + + # We used to test for /lib/ld.so.1 and disable shared libraries on + # powerpc, because MkLinux only supported shared libraries with the + # GNU dynamic linker. Since this was broken with cross compilers, + # most powerpc-linux boxes support dynamic linking these days and + # people can always --disable-shared, the test was removed, and we + # assume the GNU/Linux dynamic linker is in use. + dynamic_linker='GNU/Linux ld.so' + ;; + +netbsd*) + version_type=sunos + need_lib_prefix=no + need_version=no + if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix' + finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir' + dynamic_linker='NetBSD (a.out) ld.so' + else + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + dynamic_linker='NetBSD ld.elf_so' + fi + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + hardcode_into_libs=yes + ;; + +newsos6) + version_type=linux # correct to gnu/linux during the next big refactor + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + ;; + +*nto* | *qnx*) + version_type=qnx + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no + hardcode_into_libs=yes + dynamic_linker='ldqnx.so' + ;; + +openbsd*) + version_type=sunos + sys_lib_dlsearch_path_spec="/usr/lib" + need_lib_prefix=no + # Some older versions of OpenBSD (3.3 at least) *do* need versioned libs. + case $host_os in + openbsd3.3 | openbsd3.3.*) need_version=yes ;; + *) need_version=no ;; + esac + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix' + finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir' + shlibpath_var=LD_LIBRARY_PATH + if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then + case $host_os in + openbsd2.[[89]] | openbsd2.[[89]].*) + shlibpath_overrides_runpath=no + ;; + *) + shlibpath_overrides_runpath=yes + ;; + esac + else + shlibpath_overrides_runpath=yes + fi + ;; + +os2*) + libname_spec='$name' + shrext_cmds=".dll" + need_lib_prefix=no + library_names_spec='$libname${shared_ext} $libname.a' + dynamic_linker='OS/2 ld.exe' + shlibpath_var=LIBPATH + ;; + +osf3* | osf4* | osf5*) + version_type=osf + need_lib_prefix=no + need_version=no + soname_spec='${libname}${release}${shared_ext}$major' + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + shlibpath_var=LD_LIBRARY_PATH + sys_lib_search_path_spec="/usr/shlib /usr/ccs/lib /usr/lib/cmplrs/cc /usr/lib /usr/local/lib /var/shlib" + sys_lib_dlsearch_path_spec="$sys_lib_search_path_spec" + ;; + +rdos*) + dynamic_linker=no + ;; + +solaris*) + version_type=linux # correct to gnu/linux during the next big refactor + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + hardcode_into_libs=yes + # ldd complains unless libraries are executable + postinstall_cmds='chmod +x $lib' + ;; + +sunos4*) + version_type=sunos + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix' + finish_cmds='PATH="\$PATH:/usr/etc" ldconfig $libdir' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + if test "$with_gnu_ld" = yes; then + need_lib_prefix=no + fi + need_version=yes + ;; + +sysv4 | sysv4.3*) + version_type=linux # correct to gnu/linux during the next big refactor + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + case $host_vendor in + sni) + shlibpath_overrides_runpath=no + need_lib_prefix=no + runpath_var=LD_RUN_PATH + ;; + siemens) + need_lib_prefix=no + ;; + motorola) + need_lib_prefix=no + need_version=no + shlibpath_overrides_runpath=no + sys_lib_search_path_spec='/lib /usr/lib /usr/ccs/lib' + ;; + esac + ;; + +sysv4*MP*) + if test -d /usr/nec ;then + version_type=linux # correct to gnu/linux during the next big refactor + library_names_spec='$libname${shared_ext}.$versuffix $libname${shared_ext}.$major $libname${shared_ext}' + soname_spec='$libname${shared_ext}.$major' + shlibpath_var=LD_LIBRARY_PATH + fi + ;; + +sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*) + version_type=freebsd-elf + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + hardcode_into_libs=yes + if test "$with_gnu_ld" = yes; then + sys_lib_search_path_spec='/usr/local/lib /usr/gnu/lib /usr/ccs/lib /usr/lib /lib' + else + sys_lib_search_path_spec='/usr/ccs/lib /usr/lib' + case $host_os in + sco3.2v5*) + sys_lib_search_path_spec="$sys_lib_search_path_spec /lib" + ;; + esac + fi + sys_lib_dlsearch_path_spec='/usr/lib' + ;; + +tpf*) + # TPF is a cross-target only. Preferred cross-host = GNU/Linux. + version_type=linux # correct to gnu/linux during the next big refactor + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no + hardcode_into_libs=yes + ;; + +uts4*) + version_type=linux # correct to gnu/linux during the next big refactor + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + ;; + +*) + dynamic_linker=no + ;; +esac +AC_MSG_RESULT([$dynamic_linker]) +test "$dynamic_linker" = no && can_build_shared=no + +variables_saved_for_relink="PATH $shlibpath_var $runpath_var" +if test "$GCC" = yes; then + variables_saved_for_relink="$variables_saved_for_relink GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH" +fi + +if test "${lt_cv_sys_lib_search_path_spec+set}" = set; then + sys_lib_search_path_spec="$lt_cv_sys_lib_search_path_spec" +fi +if test "${lt_cv_sys_lib_dlsearch_path_spec+set}" = set; then + sys_lib_dlsearch_path_spec="$lt_cv_sys_lib_dlsearch_path_spec" +fi + +_LT_DECL([], [variables_saved_for_relink], [1], + [Variables whose values should be saved in libtool wrapper scripts and + restored at link time]) +_LT_DECL([], [need_lib_prefix], [0], + [Do we need the "lib" prefix for modules?]) +_LT_DECL([], [need_version], [0], [Do we need a version for libraries?]) +_LT_DECL([], [version_type], [0], [Library versioning type]) +_LT_DECL([], [runpath_var], [0], [Shared library runtime path variable]) +_LT_DECL([], [shlibpath_var], [0],[Shared library path variable]) +_LT_DECL([], [shlibpath_overrides_runpath], [0], + [Is shlibpath searched before the hard-coded library search path?]) +_LT_DECL([], [libname_spec], [1], [Format of library name prefix]) +_LT_DECL([], [library_names_spec], [1], + [[List of archive names. First name is the real one, the rest are links. + The last name is the one that the linker finds with -lNAME]]) +_LT_DECL([], [soname_spec], [1], + [[The coded name of the library, if different from the real name]]) +_LT_DECL([], [install_override_mode], [1], + [Permission mode override for installation of shared libraries]) +_LT_DECL([], [postinstall_cmds], [2], + [Command to use after installation of a shared archive]) +_LT_DECL([], [postuninstall_cmds], [2], + [Command to use after uninstallation of a shared archive]) +_LT_DECL([], [finish_cmds], [2], + [Commands used to finish a libtool library installation in a directory]) +_LT_DECL([], [finish_eval], [1], + [[As "finish_cmds", except a single script fragment to be evaled but + not shown]]) +_LT_DECL([], [hardcode_into_libs], [0], + [Whether we should hardcode library paths into libraries]) +_LT_DECL([], [sys_lib_search_path_spec], [2], + [Compile-time system search path for libraries]) +_LT_DECL([], [sys_lib_dlsearch_path_spec], [2], + [Run-time system search path for libraries]) +])# _LT_SYS_DYNAMIC_LINKER + + +# _LT_PATH_TOOL_PREFIX(TOOL) +# -------------------------- +# find a file program which can recognize shared library +AC_DEFUN([_LT_PATH_TOOL_PREFIX], +[m4_require([_LT_DECL_EGREP])dnl +AC_MSG_CHECKING([for $1]) +AC_CACHE_VAL(lt_cv_path_MAGIC_CMD, +[case $MAGIC_CMD in +[[\\/*] | ?:[\\/]*]) + lt_cv_path_MAGIC_CMD="$MAGIC_CMD" # Let the user override the test with a path. + ;; +*) + lt_save_MAGIC_CMD="$MAGIC_CMD" + lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR +dnl $ac_dummy forces splitting on constant user-supplied paths. +dnl POSIX.2 word splitting is done only on the output of word expansions, +dnl not every word. This closes a longstanding sh security hole. + ac_dummy="m4_if([$2], , $PATH, [$2])" + for ac_dir in $ac_dummy; do + IFS="$lt_save_ifs" + test -z "$ac_dir" && ac_dir=. + if test -f $ac_dir/$1; then + lt_cv_path_MAGIC_CMD="$ac_dir/$1" + if test -n "$file_magic_test_file"; then + case $deplibs_check_method in + "file_magic "*) + file_magic_regex=`expr "$deplibs_check_method" : "file_magic \(.*\)"` + MAGIC_CMD="$lt_cv_path_MAGIC_CMD" + if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null | + $EGREP "$file_magic_regex" > /dev/null; then + : + else + cat <<_LT_EOF 1>&2 + +*** Warning: the command libtool uses to detect shared libraries, +*** $file_magic_cmd, produces output that libtool cannot recognize. +*** The result is that libtool may fail to recognize shared libraries +*** as such. This will affect the creation of libtool libraries that +*** depend on shared libraries, but programs linked with such libtool +*** libraries will work regardless of this problem. Nevertheless, you +*** may want to report the problem to your system manager and/or to +*** bug-libtool@gnu.org + +_LT_EOF + fi ;; + esac + fi + break + fi + done + IFS="$lt_save_ifs" + MAGIC_CMD="$lt_save_MAGIC_CMD" + ;; +esac]) +MAGIC_CMD="$lt_cv_path_MAGIC_CMD" +if test -n "$MAGIC_CMD"; then + AC_MSG_RESULT($MAGIC_CMD) +else + AC_MSG_RESULT(no) +fi +_LT_DECL([], [MAGIC_CMD], [0], + [Used to examine libraries when file_magic_cmd begins with "file"])dnl +])# _LT_PATH_TOOL_PREFIX + +# Old name: +AU_ALIAS([AC_PATH_TOOL_PREFIX], [_LT_PATH_TOOL_PREFIX]) +dnl aclocal-1.4 backwards compatibility: +dnl AC_DEFUN([AC_PATH_TOOL_PREFIX], []) + + +# _LT_PATH_MAGIC +# -------------- +# find a file program which can recognize a shared library +m4_defun([_LT_PATH_MAGIC], +[_LT_PATH_TOOL_PREFIX(${ac_tool_prefix}file, /usr/bin$PATH_SEPARATOR$PATH) +if test -z "$lt_cv_path_MAGIC_CMD"; then + if test -n "$ac_tool_prefix"; then + _LT_PATH_TOOL_PREFIX(file, /usr/bin$PATH_SEPARATOR$PATH) + else + MAGIC_CMD=: + fi +fi +])# _LT_PATH_MAGIC + + +# LT_PATH_LD +# ---------- +# find the pathname to the GNU or non-GNU linker +AC_DEFUN([LT_PATH_LD], +[AC_REQUIRE([AC_PROG_CC])dnl +AC_REQUIRE([AC_CANONICAL_HOST])dnl +AC_REQUIRE([AC_CANONICAL_BUILD])dnl +m4_require([_LT_DECL_SED])dnl +m4_require([_LT_DECL_EGREP])dnl +m4_require([_LT_PROG_ECHO_BACKSLASH])dnl + +AC_ARG_WITH([gnu-ld], + [AS_HELP_STRING([--with-gnu-ld], + [assume the C compiler uses GNU ld @<:@default=no@:>@])], + [test "$withval" = no || with_gnu_ld=yes], + [with_gnu_ld=no])dnl + +ac_prog=ld +if test "$GCC" = yes; then + # Check if gcc -print-prog-name=ld gives a path. + AC_MSG_CHECKING([for ld used by $CC]) + case $host in + *-*-mingw*) + # gcc leaves a trailing carriage return which upsets mingw + ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;; + *) + ac_prog=`($CC -print-prog-name=ld) 2>&5` ;; + esac + case $ac_prog in + # Accept absolute paths. + [[\\/]]* | ?:[[\\/]]*) + re_direlt='/[[^/]][[^/]]*/\.\./' + # Canonicalize the pathname of ld + ac_prog=`$ECHO "$ac_prog"| $SED 's%\\\\%/%g'` + while $ECHO "$ac_prog" | $GREP "$re_direlt" > /dev/null 2>&1; do + ac_prog=`$ECHO $ac_prog| $SED "s%$re_direlt%/%"` + done + test -z "$LD" && LD="$ac_prog" + ;; + "") + # If it fails, then pretend we aren't using GCC. + ac_prog=ld + ;; + *) + # If it is relative, then search for the first ld in PATH. + with_gnu_ld=unknown + ;; + esac +elif test "$with_gnu_ld" = yes; then + AC_MSG_CHECKING([for GNU ld]) +else + AC_MSG_CHECKING([for non-GNU ld]) +fi +AC_CACHE_VAL(lt_cv_path_LD, +[if test -z "$LD"; then + lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR + for ac_dir in $PATH; do + IFS="$lt_save_ifs" + test -z "$ac_dir" && ac_dir=. + if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then + lt_cv_path_LD="$ac_dir/$ac_prog" + # Check to see if the program is GNU ld. I'd rather use --version, + # but apparently some variants of GNU ld only accept -v. + # Break only if it was the GNU/non-GNU ld that we prefer. + case `"$lt_cv_path_LD" -v 2>&1 &1 /dev/null 2>&1; then + lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL' + lt_cv_file_magic_cmd='func_win32_libid' + else + # Keep this pattern in sync with the one in func_win32_libid. + lt_cv_deplibs_check_method='file_magic file format (pei*-i386(.*architecture: i386)?|pe-arm-wince|pe-x86-64)' + lt_cv_file_magic_cmd='$OBJDUMP -f' + fi + ;; + +cegcc*) + # use the weaker test based on 'objdump'. See mingw*. + lt_cv_deplibs_check_method='file_magic file format pe-arm-.*little(.*architecture: arm)?' + lt_cv_file_magic_cmd='$OBJDUMP -f' + ;; + +darwin* | rhapsody*) + lt_cv_deplibs_check_method=pass_all + ;; + +freebsd* | dragonfly*) + if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then + case $host_cpu in + i*86 ) + # Not sure whether the presence of OpenBSD here was a mistake. + # Let's accept both of them until this is cleared up. + lt_cv_deplibs_check_method='file_magic (FreeBSD|OpenBSD|DragonFly)/i[[3-9]]86 (compact )?demand paged shared library' + lt_cv_file_magic_cmd=/usr/bin/file + lt_cv_file_magic_test_file=`echo /usr/lib/libc.so.*` + ;; + esac + else + lt_cv_deplibs_check_method=pass_all + fi + ;; + +gnu*) + lt_cv_deplibs_check_method=pass_all + ;; + +haiku*) + lt_cv_deplibs_check_method=pass_all + ;; + +hpux10.20* | hpux11*) + lt_cv_file_magic_cmd=/usr/bin/file + case $host_cpu in + ia64*) + lt_cv_deplibs_check_method='file_magic (s[[0-9]][[0-9]][[0-9]]|ELF-[[0-9]][[0-9]]) shared object file - IA64' + lt_cv_file_magic_test_file=/usr/lib/hpux32/libc.so + ;; + hppa*64*) + [lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF[ -][0-9][0-9])(-bit)?( [LM]SB)? shared object( file)?[, -]* PA-RISC [0-9]\.[0-9]'] + lt_cv_file_magic_test_file=/usr/lib/pa20_64/libc.sl + ;; + *) + lt_cv_deplibs_check_method='file_magic (s[[0-9]][[0-9]][[0-9]]|PA-RISC[[0-9]]\.[[0-9]]) shared library' + lt_cv_file_magic_test_file=/usr/lib/libc.sl + ;; + esac + ;; + +interix[[3-9]]*) + # PIC code is broken on Interix 3.x, that's why |\.a not |_pic\.a here + lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so|\.a)$' + ;; + +irix5* | irix6* | nonstopux*) + case $LD in + *-32|*"-32 ") libmagic=32-bit;; + *-n32|*"-n32 ") libmagic=N32;; + *-64|*"-64 ") libmagic=64-bit;; + *) libmagic=never-match;; + esac + lt_cv_deplibs_check_method=pass_all + ;; + +# This must be glibc/ELF. +linux* | k*bsd*-gnu | kopensolaris*-gnu) + lt_cv_deplibs_check_method=pass_all + ;; + +netbsd*) + if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then + lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|_pic\.a)$' + else + lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so|_pic\.a)$' + fi + ;; + +newos6*) + lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[ML]]SB (executable|dynamic lib)' + lt_cv_file_magic_cmd=/usr/bin/file + lt_cv_file_magic_test_file=/usr/lib/libnls.so + ;; + +*nto* | *qnx*) + lt_cv_deplibs_check_method=pass_all + ;; + +openbsd*) + if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then + lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|\.so|_pic\.a)$' + else + lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|_pic\.a)$' + fi + ;; + +osf3* | osf4* | osf5*) + lt_cv_deplibs_check_method=pass_all + ;; + +rdos*) + lt_cv_deplibs_check_method=pass_all + ;; + +solaris*) + lt_cv_deplibs_check_method=pass_all + ;; + +sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*) + lt_cv_deplibs_check_method=pass_all + ;; + +sysv4 | sysv4.3*) + case $host_vendor in + motorola) + lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[ML]]SB (shared object|dynamic lib) M[[0-9]][[0-9]]* Version [[0-9]]' + lt_cv_file_magic_test_file=`echo /usr/lib/libc.so*` + ;; + ncr) + lt_cv_deplibs_check_method=pass_all + ;; + sequent) + lt_cv_file_magic_cmd='/bin/file' + lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[LM]]SB (shared object|dynamic lib )' + ;; + sni) + lt_cv_file_magic_cmd='/bin/file' + lt_cv_deplibs_check_method="file_magic ELF [[0-9]][[0-9]]*-bit [[LM]]SB dynamic lib" + lt_cv_file_magic_test_file=/lib/libc.so + ;; + siemens) + lt_cv_deplibs_check_method=pass_all + ;; + pc) + lt_cv_deplibs_check_method=pass_all + ;; + esac + ;; + +tpf*) + lt_cv_deplibs_check_method=pass_all + ;; +esac +]) + +file_magic_glob= +want_nocaseglob=no +if test "$build" = "$host"; then + case $host_os in + mingw* | pw32*) + if ( shopt | grep nocaseglob ) >/dev/null 2>&1; then + want_nocaseglob=yes + else + file_magic_glob=`echo aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ | $SED -e "s/\(..\)/s\/[[\1]]\/[[\1]]\/g;/g"` + fi + ;; + esac +fi + +file_magic_cmd=$lt_cv_file_magic_cmd +deplibs_check_method=$lt_cv_deplibs_check_method +test -z "$deplibs_check_method" && deplibs_check_method=unknown + +_LT_DECL([], [deplibs_check_method], [1], + [Method to check whether dependent libraries are shared objects]) +_LT_DECL([], [file_magic_cmd], [1], + [Command to use when deplibs_check_method = "file_magic"]) +_LT_DECL([], [file_magic_glob], [1], + [How to find potential files when deplibs_check_method = "file_magic"]) +_LT_DECL([], [want_nocaseglob], [1], + [Find potential files using nocaseglob when deplibs_check_method = "file_magic"]) +])# _LT_CHECK_MAGIC_METHOD + + +# LT_PATH_NM +# ---------- +# find the pathname to a BSD- or MS-compatible name lister +AC_DEFUN([LT_PATH_NM], +[AC_REQUIRE([AC_PROG_CC])dnl +AC_CACHE_CHECK([for BSD- or MS-compatible name lister (nm)], lt_cv_path_NM, +[if test -n "$NM"; then + # Let the user override the test. + lt_cv_path_NM="$NM" +else + lt_nm_to_check="${ac_tool_prefix}nm" + if test -n "$ac_tool_prefix" && test "$build" = "$host"; then + lt_nm_to_check="$lt_nm_to_check nm" + fi + for lt_tmp_nm in $lt_nm_to_check; do + lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR + for ac_dir in $PATH /usr/ccs/bin/elf /usr/ccs/bin /usr/ucb /bin; do + IFS="$lt_save_ifs" + test -z "$ac_dir" && ac_dir=. + tmp_nm="$ac_dir/$lt_tmp_nm" + if test -f "$tmp_nm" || test -f "$tmp_nm$ac_exeext" ; then + # Check to see if the nm accepts a BSD-compat flag. + # Adding the `sed 1q' prevents false positives on HP-UX, which says: + # nm: unknown option "B" ignored + # Tru64's nm complains that /dev/null is an invalid object file + case `"$tmp_nm" -B /dev/null 2>&1 | sed '1q'` in + */dev/null* | *'Invalid file or object type'*) + lt_cv_path_NM="$tmp_nm -B" + break + ;; + *) + case `"$tmp_nm" -p /dev/null 2>&1 | sed '1q'` in + */dev/null*) + lt_cv_path_NM="$tmp_nm -p" + break + ;; + *) + lt_cv_path_NM=${lt_cv_path_NM="$tmp_nm"} # keep the first match, but + continue # so that we can try to find one that supports BSD flags + ;; + esac + ;; + esac + fi + done + IFS="$lt_save_ifs" + done + : ${lt_cv_path_NM=no} +fi]) +if test "$lt_cv_path_NM" != "no"; then + NM="$lt_cv_path_NM" +else + # Didn't find any BSD compatible name lister, look for dumpbin. + if test -n "$DUMPBIN"; then : + # Let the user override the test. + else + AC_CHECK_TOOLS(DUMPBIN, [dumpbin "link -dump"], :) + case `$DUMPBIN -symbols /dev/null 2>&1 | sed '1q'` in + *COFF*) + DUMPBIN="$DUMPBIN -symbols" + ;; + *) + DUMPBIN=: + ;; + esac + fi + AC_SUBST([DUMPBIN]) + if test "$DUMPBIN" != ":"; then + NM="$DUMPBIN" + fi +fi +test -z "$NM" && NM=nm +AC_SUBST([NM]) +_LT_DECL([], [NM], [1], [A BSD- or MS-compatible name lister])dnl + +AC_CACHE_CHECK([the name lister ($NM) interface], [lt_cv_nm_interface], + [lt_cv_nm_interface="BSD nm" + echo "int some_variable = 0;" > conftest.$ac_ext + (eval echo "\"\$as_me:$LINENO: $ac_compile\"" >&AS_MESSAGE_LOG_FD) + (eval "$ac_compile" 2>conftest.err) + cat conftest.err >&AS_MESSAGE_LOG_FD + (eval echo "\"\$as_me:$LINENO: $NM \\\"conftest.$ac_objext\\\"\"" >&AS_MESSAGE_LOG_FD) + (eval "$NM \"conftest.$ac_objext\"" 2>conftest.err > conftest.out) + cat conftest.err >&AS_MESSAGE_LOG_FD + (eval echo "\"\$as_me:$LINENO: output\"" >&AS_MESSAGE_LOG_FD) + cat conftest.out >&AS_MESSAGE_LOG_FD + if $GREP 'External.*some_variable' conftest.out > /dev/null; then + lt_cv_nm_interface="MS dumpbin" + fi + rm -f conftest*]) +])# LT_PATH_NM + +# Old names: +AU_ALIAS([AM_PROG_NM], [LT_PATH_NM]) +AU_ALIAS([AC_PROG_NM], [LT_PATH_NM]) +dnl aclocal-1.4 backwards compatibility: +dnl AC_DEFUN([AM_PROG_NM], []) +dnl AC_DEFUN([AC_PROG_NM], []) + +# _LT_CHECK_SHAREDLIB_FROM_LINKLIB +# -------------------------------- +# how to determine the name of the shared library +# associated with a specific link library. +# -- PORTME fill in with the dynamic library characteristics +m4_defun([_LT_CHECK_SHAREDLIB_FROM_LINKLIB], +[m4_require([_LT_DECL_EGREP]) +m4_require([_LT_DECL_OBJDUMP]) +m4_require([_LT_DECL_DLLTOOL]) +AC_CACHE_CHECK([how to associate runtime and link libraries], +lt_cv_sharedlib_from_linklib_cmd, +[lt_cv_sharedlib_from_linklib_cmd='unknown' + +case $host_os in +cygwin* | mingw* | pw32* | cegcc*) + # two different shell functions defined in ltmain.sh + # decide which to use based on capabilities of $DLLTOOL + case `$DLLTOOL --help 2>&1` in + *--identify-strict*) + lt_cv_sharedlib_from_linklib_cmd=func_cygming_dll_for_implib + ;; + *) + lt_cv_sharedlib_from_linklib_cmd=func_cygming_dll_for_implib_fallback + ;; + esac + ;; +*) + # fallback: assume linklib IS sharedlib + lt_cv_sharedlib_from_linklib_cmd="$ECHO" + ;; +esac +]) +sharedlib_from_linklib_cmd=$lt_cv_sharedlib_from_linklib_cmd +test -z "$sharedlib_from_linklib_cmd" && sharedlib_from_linklib_cmd=$ECHO + +_LT_DECL([], [sharedlib_from_linklib_cmd], [1], + [Command to associate shared and link libraries]) +])# _LT_CHECK_SHAREDLIB_FROM_LINKLIB + + +# _LT_PATH_MANIFEST_TOOL +# ---------------------- +# locate the manifest tool +m4_defun([_LT_PATH_MANIFEST_TOOL], +[AC_CHECK_TOOL(MANIFEST_TOOL, mt, :) +test -z "$MANIFEST_TOOL" && MANIFEST_TOOL=mt +AC_CACHE_CHECK([if $MANIFEST_TOOL is a manifest tool], [lt_cv_path_mainfest_tool], + [lt_cv_path_mainfest_tool=no + echo "$as_me:$LINENO: $MANIFEST_TOOL '-?'" >&AS_MESSAGE_LOG_FD + $MANIFEST_TOOL '-?' 2>conftest.err > conftest.out + cat conftest.err >&AS_MESSAGE_LOG_FD + if $GREP 'Manifest Tool' conftest.out > /dev/null; then + lt_cv_path_mainfest_tool=yes + fi + rm -f conftest*]) +if test "x$lt_cv_path_mainfest_tool" != xyes; then + MANIFEST_TOOL=: +fi +_LT_DECL([], [MANIFEST_TOOL], [1], [Manifest tool])dnl +])# _LT_PATH_MANIFEST_TOOL + + +# LT_LIB_M +# -------- +# check for math library +AC_DEFUN([LT_LIB_M], +[AC_REQUIRE([AC_CANONICAL_HOST])dnl +LIBM= +case $host in +*-*-beos* | *-*-cegcc* | *-*-cygwin* | *-*-haiku* | *-*-pw32* | *-*-darwin*) + # These system don't have libm, or don't need it + ;; +*-ncr-sysv4.3*) + AC_CHECK_LIB(mw, _mwvalidcheckl, LIBM="-lmw") + AC_CHECK_LIB(m, cos, LIBM="$LIBM -lm") + ;; +*) + AC_CHECK_LIB(m, cos, LIBM="-lm") + ;; +esac +AC_SUBST([LIBM]) +])# LT_LIB_M + +# Old name: +AU_ALIAS([AC_CHECK_LIBM], [LT_LIB_M]) +dnl aclocal-1.4 backwards compatibility: +dnl AC_DEFUN([AC_CHECK_LIBM], []) + + +# _LT_COMPILER_NO_RTTI([TAGNAME]) +# ------------------------------- +m4_defun([_LT_COMPILER_NO_RTTI], +[m4_require([_LT_TAG_COMPILER])dnl + +_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)= + +if test "$GCC" = yes; then + case $cc_basename in + nvcc*) + _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=' -Xcompiler -fno-builtin' ;; + *) + _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=' -fno-builtin' ;; + esac + + _LT_COMPILER_OPTION([if $compiler supports -fno-rtti -fno-exceptions], + lt_cv_prog_compiler_rtti_exceptions, + [-fno-rtti -fno-exceptions], [], + [_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)="$_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1) -fno-rtti -fno-exceptions"]) +fi +_LT_TAGDECL([no_builtin_flag], [lt_prog_compiler_no_builtin_flag], [1], + [Compiler flag to turn off builtin functions]) +])# _LT_COMPILER_NO_RTTI + + +# _LT_CMD_GLOBAL_SYMBOLS +# ---------------------- +m4_defun([_LT_CMD_GLOBAL_SYMBOLS], +[AC_REQUIRE([AC_CANONICAL_HOST])dnl +AC_REQUIRE([AC_PROG_CC])dnl +AC_REQUIRE([AC_PROG_AWK])dnl +AC_REQUIRE([LT_PATH_NM])dnl +AC_REQUIRE([LT_PATH_LD])dnl +m4_require([_LT_DECL_SED])dnl +m4_require([_LT_DECL_EGREP])dnl +m4_require([_LT_TAG_COMPILER])dnl + +# Check for command to grab the raw symbol name followed by C symbol from nm. +AC_MSG_CHECKING([command to parse $NM output from $compiler object]) +AC_CACHE_VAL([lt_cv_sys_global_symbol_pipe], +[ +# These are sane defaults that work on at least a few old systems. +# [They come from Ultrix. What could be older than Ultrix?!! ;)] + +# Character class describing NM global symbol codes. +symcode='[[BCDEGRST]]' + +# Regexp to match symbols that can be accessed directly from C. +sympat='\([[_A-Za-z]][[_A-Za-z0-9]]*\)' + +# Define system-specific variables. +case $host_os in +aix*) + symcode='[[BCDT]]' + ;; +cygwin* | mingw* | pw32* | cegcc*) + symcode='[[ABCDGISTW]]' + ;; +hpux*) + if test "$host_cpu" = ia64; then + symcode='[[ABCDEGRST]]' + fi + ;; +irix* | nonstopux*) + symcode='[[BCDEGRST]]' + ;; +osf*) + symcode='[[BCDEGQRST]]' + ;; +solaris*) + symcode='[[BDRT]]' + ;; +sco3.2v5*) + symcode='[[DT]]' + ;; +sysv4.2uw2*) + symcode='[[DT]]' + ;; +sysv5* | sco5v6* | unixware* | OpenUNIX*) + symcode='[[ABDT]]' + ;; +sysv4) + symcode='[[DFNSTU]]' + ;; +esac + +# If we're using GNU nm, then use its standard symbol codes. +case `$NM -V 2>&1` in +*GNU* | *'with BFD'*) + symcode='[[ABCDGIRSTW]]' ;; +esac + +# Transform an extracted symbol line into a proper C declaration. +# Some systems (esp. on ia64) link data and code symbols differently, +# so use this general approach. +lt_cv_sys_global_symbol_to_cdecl="sed -n -e 's/^T .* \(.*\)$/extern int \1();/p' -e 's/^$symcode* .* \(.*\)$/extern char \1;/p'" + +# Transform an extracted symbol line into symbol name and symbol address +lt_cv_sys_global_symbol_to_c_name_address="sed -n -e 's/^: \([[^ ]]*\)[[ ]]*$/ {\\\"\1\\\", (void *) 0},/p' -e 's/^$symcode* \([[^ ]]*\) \([[^ ]]*\)$/ {\"\2\", (void *) \&\2},/p'" +lt_cv_sys_global_symbol_to_c_name_address_lib_prefix="sed -n -e 's/^: \([[^ ]]*\)[[ ]]*$/ {\\\"\1\\\", (void *) 0},/p' -e 's/^$symcode* \([[^ ]]*\) \(lib[[^ ]]*\)$/ {\"\2\", (void *) \&\2},/p' -e 's/^$symcode* \([[^ ]]*\) \([[^ ]]*\)$/ {\"lib\2\", (void *) \&\2},/p'" + +# Handle CRLF in mingw tool chain +opt_cr= +case $build_os in +mingw*) + opt_cr=`$ECHO 'x\{0,1\}' | tr x '\015'` # option cr in regexp + ;; +esac + +# Try without a prefix underscore, then with it. +for ac_symprfx in "" "_"; do + + # Transform symcode, sympat, and symprfx into a raw symbol and a C symbol. + symxfrm="\\1 $ac_symprfx\\2 \\2" + + # Write the raw and C identifiers. + if test "$lt_cv_nm_interface" = "MS dumpbin"; then + # Fake it for dumpbin and say T for any non-static function + # and D for any global variable. + # Also find C++ and __fastcall symbols from MSVC++, + # which start with @ or ?. + lt_cv_sys_global_symbol_pipe="$AWK ['"\ +" {last_section=section; section=\$ 3};"\ +" /^COFF SYMBOL TABLE/{for(i in hide) delete hide[i]};"\ +" /Section length .*#relocs.*(pick any)/{hide[last_section]=1};"\ +" \$ 0!~/External *\|/{next};"\ +" / 0+ UNDEF /{next}; / UNDEF \([^|]\)*()/{next};"\ +" {if(hide[section]) next};"\ +" {f=0}; \$ 0~/\(\).*\|/{f=1}; {printf f ? \"T \" : \"D \"};"\ +" {split(\$ 0, a, /\||\r/); split(a[2], s)};"\ +" s[1]~/^[@?]/{print s[1], s[1]; next};"\ +" s[1]~prfx {split(s[1],t,\"@\"); print t[1], substr(t[1],length(prfx))}"\ +" ' prfx=^$ac_symprfx]" + else + lt_cv_sys_global_symbol_pipe="sed -n -e 's/^.*[[ ]]\($symcode$symcode*\)[[ ]][[ ]]*$ac_symprfx$sympat$opt_cr$/$symxfrm/p'" + fi + lt_cv_sys_global_symbol_pipe="$lt_cv_sys_global_symbol_pipe | sed '/ __gnu_lto/d'" + + # Check to see that the pipe works correctly. + pipe_works=no + + rm -f conftest* + cat > conftest.$ac_ext <<_LT_EOF +#ifdef __cplusplus +extern "C" { +#endif +char nm_test_var; +void nm_test_func(void); +void nm_test_func(void){} +#ifdef __cplusplus +} +#endif +int main(){nm_test_var='a';nm_test_func();return(0);} +_LT_EOF + + if AC_TRY_EVAL(ac_compile); then + # Now try to grab the symbols. + nlist=conftest.nm + if AC_TRY_EVAL(NM conftest.$ac_objext \| "$lt_cv_sys_global_symbol_pipe" \> $nlist) && test -s "$nlist"; then + # Try sorting and uniquifying the output. + if sort "$nlist" | uniq > "$nlist"T; then + mv -f "$nlist"T "$nlist" + else + rm -f "$nlist"T + fi + + # Make sure that we snagged all the symbols we need. + if $GREP ' nm_test_var$' "$nlist" >/dev/null; then + if $GREP ' nm_test_func$' "$nlist" >/dev/null; then + cat <<_LT_EOF > conftest.$ac_ext +/* Keep this code in sync between libtool.m4, ltmain, lt_system.h, and tests. */ +#if defined(_WIN32) || defined(__CYGWIN__) || defined(_WIN32_WCE) +/* DATA imports from DLLs on WIN32 con't be const, because runtime + relocations are performed -- see ld's documentation on pseudo-relocs. */ +# define LT@&t@_DLSYM_CONST +#elif defined(__osf__) +/* This system does not cope well with relocations in const data. */ +# define LT@&t@_DLSYM_CONST +#else +# define LT@&t@_DLSYM_CONST const +#endif + +#ifdef __cplusplus +extern "C" { +#endif + +_LT_EOF + # Now generate the symbol file. + eval "$lt_cv_sys_global_symbol_to_cdecl"' < "$nlist" | $GREP -v main >> conftest.$ac_ext' + + cat <<_LT_EOF >> conftest.$ac_ext + +/* The mapping between symbol names and symbols. */ +LT@&t@_DLSYM_CONST struct { + const char *name; + void *address; +} +lt__PROGRAM__LTX_preloaded_symbols[[]] = +{ + { "@PROGRAM@", (void *) 0 }, +_LT_EOF + $SED "s/^$symcode$symcode* \(.*\) \(.*\)$/ {\"\2\", (void *) \&\2},/" < "$nlist" | $GREP -v main >> conftest.$ac_ext + cat <<\_LT_EOF >> conftest.$ac_ext + {0, (void *) 0} +}; + +/* This works around a problem in FreeBSD linker */ +#ifdef FREEBSD_WORKAROUND +static const void *lt_preloaded_setup() { + return lt__PROGRAM__LTX_preloaded_symbols; +} +#endif + +#ifdef __cplusplus +} +#endif +_LT_EOF + # Now try linking the two files. + mv conftest.$ac_objext conftstm.$ac_objext + lt_globsym_save_LIBS=$LIBS + lt_globsym_save_CFLAGS=$CFLAGS + LIBS="conftstm.$ac_objext" + CFLAGS="$CFLAGS$_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)" + if AC_TRY_EVAL(ac_link) && test -s conftest${ac_exeext}; then + pipe_works=yes + fi + LIBS=$lt_globsym_save_LIBS + CFLAGS=$lt_globsym_save_CFLAGS + else + echo "cannot find nm_test_func in $nlist" >&AS_MESSAGE_LOG_FD + fi + else + echo "cannot find nm_test_var in $nlist" >&AS_MESSAGE_LOG_FD + fi + else + echo "cannot run $lt_cv_sys_global_symbol_pipe" >&AS_MESSAGE_LOG_FD + fi + else + echo "$progname: failed program was:" >&AS_MESSAGE_LOG_FD + cat conftest.$ac_ext >&5 + fi + rm -rf conftest* conftst* + + # Do not use the global_symbol_pipe unless it works. + if test "$pipe_works" = yes; then + break + else + lt_cv_sys_global_symbol_pipe= + fi +done +]) +if test -z "$lt_cv_sys_global_symbol_pipe"; then + lt_cv_sys_global_symbol_to_cdecl= +fi +if test -z "$lt_cv_sys_global_symbol_pipe$lt_cv_sys_global_symbol_to_cdecl"; then + AC_MSG_RESULT(failed) +else + AC_MSG_RESULT(ok) +fi + +# Response file support. +if test "$lt_cv_nm_interface" = "MS dumpbin"; then + nm_file_list_spec='@' +elif $NM --help 2>/dev/null | grep '[[@]]FILE' >/dev/null; then + nm_file_list_spec='@' +fi + +_LT_DECL([global_symbol_pipe], [lt_cv_sys_global_symbol_pipe], [1], + [Take the output of nm and produce a listing of raw symbols and C names]) +_LT_DECL([global_symbol_to_cdecl], [lt_cv_sys_global_symbol_to_cdecl], [1], + [Transform the output of nm in a proper C declaration]) +_LT_DECL([global_symbol_to_c_name_address], + [lt_cv_sys_global_symbol_to_c_name_address], [1], + [Transform the output of nm in a C name address pair]) +_LT_DECL([global_symbol_to_c_name_address_lib_prefix], + [lt_cv_sys_global_symbol_to_c_name_address_lib_prefix], [1], + [Transform the output of nm in a C name address pair when lib prefix is needed]) +_LT_DECL([], [nm_file_list_spec], [1], + [Specify filename containing input files for $NM]) +]) # _LT_CMD_GLOBAL_SYMBOLS + + +# _LT_COMPILER_PIC([TAGNAME]) +# --------------------------- +m4_defun([_LT_COMPILER_PIC], +[m4_require([_LT_TAG_COMPILER])dnl +_LT_TAGVAR(lt_prog_compiler_wl, $1)= +_LT_TAGVAR(lt_prog_compiler_pic, $1)= +_LT_TAGVAR(lt_prog_compiler_static, $1)= + +m4_if([$1], [CXX], [ + # C++ specific cases for pic, static, wl, etc. + if test "$GXX" = yes; then + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-static' + + case $host_os in + aix*) + # All AIX code is PIC. + if test "$host_cpu" = ia64; then + # AIX 5 now supports IA64 processor + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + fi + ;; + + amigaos*) + case $host_cpu in + powerpc) + # see comment about AmigaOS4 .so support + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' + ;; + m68k) + # FIXME: we need at least 68020 code to build shared libraries, but + # adding the `-m68020' flag to GCC prevents building anything better, + # like `-m68040'. + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-m68020 -resident32 -malways-restore-a4' + ;; + esac + ;; + + beos* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*) + # PIC is the default for these OSes. + ;; + mingw* | cygwin* | os2* | pw32* | cegcc*) + # This hack is so that the source file can tell whether it is being + # built for inclusion in a dll (and should export symbols for example). + # Although the cygwin gcc ignores -fPIC, still need this for old-style + # (--disable-auto-import) libraries + m4_if([$1], [GCJ], [], + [_LT_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT']) + ;; + darwin* | rhapsody*) + # PIC is the default on this platform + # Common symbols not allowed in MH_DYLIB files + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fno-common' + ;; + *djgpp*) + # DJGPP does not support shared libraries at all + _LT_TAGVAR(lt_prog_compiler_pic, $1)= + ;; + haiku*) + # PIC is the default for Haiku. + # The "-static" flag exists, but is broken. + _LT_TAGVAR(lt_prog_compiler_static, $1)= + ;; + interix[[3-9]]*) + # Interix 3.x gcc -fpic/-fPIC options generate broken code. + # Instead, we relocate shared libraries at runtime. + ;; + sysv4*MP*) + if test -d /usr/nec; then + _LT_TAGVAR(lt_prog_compiler_pic, $1)=-Kconform_pic + fi + ;; + hpux*) + # PIC is the default for 64-bit PA HP-UX, but not for 32-bit + # PA HP-UX. On IA64 HP-UX, PIC is the default but the pic flag + # sets the default TLS model and affects inlining. + case $host_cpu in + hppa*64*) + ;; + *) + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' + ;; + esac + ;; + *qnx* | *nto*) + # QNX uses GNU C++, but need to define -shared option too, otherwise + # it will coredump. + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC -shared' + ;; + *) + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' + ;; + esac + else + case $host_os in + aix[[4-9]]*) + # All AIX code is PIC. + if test "$host_cpu" = ia64; then + # AIX 5 now supports IA64 processor + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + else + _LT_TAGVAR(lt_prog_compiler_static, $1)='-bnso -bI:/lib/syscalls.exp' + fi + ;; + chorus*) + case $cc_basename in + cxch68*) + # Green Hills C++ Compiler + # _LT_TAGVAR(lt_prog_compiler_static, $1)="--no_auto_instantiation -u __main -u __premain -u _abort -r $COOL_DIR/lib/libOrb.a $MVME_DIR/lib/CC/libC.a $MVME_DIR/lib/classix/libcx.s.a" + ;; + esac + ;; + mingw* | cygwin* | os2* | pw32* | cegcc*) + # This hack is so that the source file can tell whether it is being + # built for inclusion in a dll (and should export symbols for example). + m4_if([$1], [GCJ], [], + [_LT_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT']) + ;; + dgux*) + case $cc_basename in + ec++*) + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' + ;; + ghcx*) + # Green Hills C++ Compiler + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic' + ;; + *) + ;; + esac + ;; + freebsd* | dragonfly*) + # FreeBSD uses GNU C++ + ;; + hpux9* | hpux10* | hpux11*) + case $cc_basename in + CC*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_static, $1)='${wl}-a ${wl}archive' + if test "$host_cpu" != ia64; then + _LT_TAGVAR(lt_prog_compiler_pic, $1)='+Z' + fi + ;; + aCC*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_static, $1)='${wl}-a ${wl}archive' + case $host_cpu in + hppa*64*|ia64*) + # +Z the default + ;; + *) + _LT_TAGVAR(lt_prog_compiler_pic, $1)='+Z' + ;; + esac + ;; + *) + ;; + esac + ;; + interix*) + # This is c89, which is MS Visual C++ (no shared libs) + # Anyone wants to do a port? + ;; + irix5* | irix6* | nonstopux*) + case $cc_basename in + CC*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' + # CC pic flag -KPIC is the default. + ;; + *) + ;; + esac + ;; + linux* | k*bsd*-gnu | kopensolaris*-gnu) + case $cc_basename in + KCC*) + # KAI C++ Compiler + _LT_TAGVAR(lt_prog_compiler_wl, $1)='--backend -Wl,' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' + ;; + ecpc* ) + # old Intel C++ for x86_64 which still supported -KPIC. + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-static' + ;; + icpc* ) + # Intel C++, used to be incompatible with GCC. + # ICC 10 doesn't accept -KPIC any more. + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-static' + ;; + pgCC* | pgcpp*) + # Portland Group C++ compiler + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fpic' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + ;; + cxx*) + # Compaq C++ + # Make sure the PIC flag is empty. It appears that all Alpha + # Linux and Compaq Tru64 Unix objects are PIC. + _LT_TAGVAR(lt_prog_compiler_pic, $1)= + _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' + ;; + xlc* | xlC* | bgxl[[cC]]* | mpixl[[cC]]*) + # IBM XL 8.0, 9.0 on PPC and BlueGene + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-qpic' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-qstaticlink' + ;; + *) + case `$CC -V 2>&1 | sed 5q` in + *Sun\ C*) + # Sun C++ 5.9 + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld ' + ;; + esac + ;; + esac + ;; + lynxos*) + ;; + m88k*) + ;; + mvs*) + case $cc_basename in + cxx*) + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-W c,exportall' + ;; + *) + ;; + esac + ;; + netbsd*) + ;; + *qnx* | *nto*) + # QNX uses GNU C++, but need to define -shared option too, otherwise + # it will coredump. + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC -shared' + ;; + osf3* | osf4* | osf5*) + case $cc_basename in + KCC*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='--backend -Wl,' + ;; + RCC*) + # Rational C++ 2.4.1 + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic' + ;; + cxx*) + # Digital/Compaq C++ + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + # Make sure the PIC flag is empty. It appears that all Alpha + # Linux and Compaq Tru64 Unix objects are PIC. + _LT_TAGVAR(lt_prog_compiler_pic, $1)= + _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' + ;; + *) + ;; + esac + ;; + psos*) + ;; + solaris*) + case $cc_basename in + CC* | sunCC*) + # Sun C++ 4.2, 5.x and Centerline C++ + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld ' + ;; + gcx*) + # Green Hills C++ Compiler + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-PIC' + ;; + *) + ;; + esac + ;; + sunos4*) + case $cc_basename in + CC*) + # Sun C++ 4.x + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + ;; + lcc*) + # Lucid + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic' + ;; + *) + ;; + esac + ;; + sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*) + case $cc_basename in + CC*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + ;; + esac + ;; + tandem*) + case $cc_basename in + NCC*) + # NonStop-UX NCC 3.20 + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' + ;; + *) + ;; + esac + ;; + vxworks*) + ;; + *) + _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no + ;; + esac + fi +], +[ + if test "$GCC" = yes; then + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-static' + + case $host_os in + aix*) + # All AIX code is PIC. + if test "$host_cpu" = ia64; then + # AIX 5 now supports IA64 processor + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + fi + ;; + + amigaos*) + case $host_cpu in + powerpc) + # see comment about AmigaOS4 .so support + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' + ;; + m68k) + # FIXME: we need at least 68020 code to build shared libraries, but + # adding the `-m68020' flag to GCC prevents building anything better, + # like `-m68040'. + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-m68020 -resident32 -malways-restore-a4' + ;; + esac + ;; + + beos* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*) + # PIC is the default for these OSes. + ;; + + mingw* | cygwin* | pw32* | os2* | cegcc*) + # This hack is so that the source file can tell whether it is being + # built for inclusion in a dll (and should export symbols for example). + # Although the cygwin gcc ignores -fPIC, still need this for old-style + # (--disable-auto-import) libraries + m4_if([$1], [GCJ], [], + [_LT_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT']) + ;; + + darwin* | rhapsody*) + # PIC is the default on this platform + # Common symbols not allowed in MH_DYLIB files + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fno-common' + ;; + + haiku*) + # PIC is the default for Haiku. + # The "-static" flag exists, but is broken. + _LT_TAGVAR(lt_prog_compiler_static, $1)= + ;; + + hpux*) + # PIC is the default for 64-bit PA HP-UX, but not for 32-bit + # PA HP-UX. On IA64 HP-UX, PIC is the default but the pic flag + # sets the default TLS model and affects inlining. + case $host_cpu in + hppa*64*) + # +Z the default + ;; + *) + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' + ;; + esac + ;; + + interix[[3-9]]*) + # Interix 3.x gcc -fpic/-fPIC options generate broken code. + # Instead, we relocate shared libraries at runtime. + ;; + + msdosdjgpp*) + # Just because we use GCC doesn't mean we suddenly get shared libraries + # on systems that don't support them. + _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no + enable_shared=no + ;; + + *nto* | *qnx*) + # QNX uses GNU C++, but need to define -shared option too, otherwise + # it will coredump. + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC -shared' + ;; + + sysv4*MP*) + if test -d /usr/nec; then + _LT_TAGVAR(lt_prog_compiler_pic, $1)=-Kconform_pic + fi + ;; + + *) + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' + ;; + esac + + case $cc_basename in + nvcc*) # Cuda Compiler Driver 2.2 + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Xlinker ' + if test -n "$_LT_TAGVAR(lt_prog_compiler_pic, $1)"; then + _LT_TAGVAR(lt_prog_compiler_pic, $1)="-Xcompiler $_LT_TAGVAR(lt_prog_compiler_pic, $1)" + fi + ;; + esac + else + # PORTME Check for flag to pass linker flags through the system compiler. + case $host_os in + aix*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + if test "$host_cpu" = ia64; then + # AIX 5 now supports IA64 processor + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + else + _LT_TAGVAR(lt_prog_compiler_static, $1)='-bnso -bI:/lib/syscalls.exp' + fi + ;; + + mingw* | cygwin* | pw32* | os2* | cegcc*) + # This hack is so that the source file can tell whether it is being + # built for inclusion in a dll (and should export symbols for example). + m4_if([$1], [GCJ], [], + [_LT_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT']) + ;; + + hpux9* | hpux10* | hpux11*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but + # not for PA HP-UX. + case $host_cpu in + hppa*64*|ia64*) + # +Z the default + ;; + *) + _LT_TAGVAR(lt_prog_compiler_pic, $1)='+Z' + ;; + esac + # Is there a better lt_prog_compiler_static that works with the bundled CC? + _LT_TAGVAR(lt_prog_compiler_static, $1)='${wl}-a ${wl}archive' + ;; + + irix5* | irix6* | nonstopux*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + # PIC (with -KPIC) is the default. + _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' + ;; + + linux* | k*bsd*-gnu | kopensolaris*-gnu) + case $cc_basename in + # old Intel for x86_64 which still supported -KPIC. + ecc*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-static' + ;; + # icc used to be incompatible with GCC. + # ICC 10 doesn't accept -KPIC any more. + icc* | ifort*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-static' + ;; + # Lahey Fortran 8.1. + lf95*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='--shared' + _LT_TAGVAR(lt_prog_compiler_static, $1)='--static' + ;; + nagfor*) + # NAG Fortran compiler + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,-Wl,,' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-PIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + ;; + pgcc* | pgf77* | pgf90* | pgf95* | pgfortran*) + # Portland Group compilers (*not* the Pentium gcc compiler, + # which looks to be a dead project) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fpic' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + ;; + ccc*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + # All Alpha code is PIC. + _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' + ;; + xl* | bgxl* | bgf* | mpixl*) + # IBM XL C 8.0/Fortran 10.1, 11.1 on PPC and BlueGene + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-qpic' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-qstaticlink' + ;; + *) + case `$CC -V 2>&1 | sed 5q` in + *Sun\ Ceres\ Fortran* | *Sun*Fortran*\ [[1-7]].* | *Sun*Fortran*\ 8.[[0-3]]*) + # Sun Fortran 8.3 passes all unrecognized flags to the linker + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + _LT_TAGVAR(lt_prog_compiler_wl, $1)='' + ;; + *Sun\ F* | *Sun*Fortran*) + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld ' + ;; + *Sun\ C*) + # Sun C 5.9 + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + ;; + *Intel*\ [[CF]]*Compiler*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-static' + ;; + *Portland\ Group*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fpic' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + ;; + esac + ;; + esac + ;; + + newsos6) + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + ;; + + *nto* | *qnx*) + # QNX uses GNU C++, but need to define -shared option too, otherwise + # it will coredump. + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC -shared' + ;; + + osf3* | osf4* | osf5*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + # All OSF/1 code is PIC. + _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' + ;; + + rdos*) + _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' + ;; + + solaris*) + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + case $cc_basename in + f77* | f90* | f95* | sunf77* | sunf90* | sunf95*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld ';; + *) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,';; + esac + ;; + + sunos4*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld ' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-PIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + ;; + + sysv4 | sysv4.2uw2* | sysv4.3*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + ;; + + sysv4*MP*) + if test -d /usr/nec ;then + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-Kconform_pic' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + fi + ;; + + sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + ;; + + unicos*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no + ;; + + uts4*) + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + ;; + + *) + _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no + ;; + esac + fi +]) +case $host_os in + # For platforms which do not support PIC, -DPIC is meaningless: + *djgpp*) + _LT_TAGVAR(lt_prog_compiler_pic, $1)= + ;; + *) + _LT_TAGVAR(lt_prog_compiler_pic, $1)="$_LT_TAGVAR(lt_prog_compiler_pic, $1)@&t@m4_if([$1],[],[ -DPIC],[m4_if([$1],[CXX],[ -DPIC],[])])" + ;; +esac + +AC_CACHE_CHECK([for $compiler option to produce PIC], + [_LT_TAGVAR(lt_cv_prog_compiler_pic, $1)], + [_LT_TAGVAR(lt_cv_prog_compiler_pic, $1)=$_LT_TAGVAR(lt_prog_compiler_pic, $1)]) +_LT_TAGVAR(lt_prog_compiler_pic, $1)=$_LT_TAGVAR(lt_cv_prog_compiler_pic, $1) + +# +# Check to make sure the PIC flag actually works. +# +if test -n "$_LT_TAGVAR(lt_prog_compiler_pic, $1)"; then + _LT_COMPILER_OPTION([if $compiler PIC flag $_LT_TAGVAR(lt_prog_compiler_pic, $1) works], + [_LT_TAGVAR(lt_cv_prog_compiler_pic_works, $1)], + [$_LT_TAGVAR(lt_prog_compiler_pic, $1)@&t@m4_if([$1],[],[ -DPIC],[m4_if([$1],[CXX],[ -DPIC],[])])], [], + [case $_LT_TAGVAR(lt_prog_compiler_pic, $1) in + "" | " "*) ;; + *) _LT_TAGVAR(lt_prog_compiler_pic, $1)=" $_LT_TAGVAR(lt_prog_compiler_pic, $1)" ;; + esac], + [_LT_TAGVAR(lt_prog_compiler_pic, $1)= + _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no]) +fi +_LT_TAGDECL([pic_flag], [lt_prog_compiler_pic], [1], + [Additional compiler flags for building library objects]) + +_LT_TAGDECL([wl], [lt_prog_compiler_wl], [1], + [How to pass a linker flag through the compiler]) +# +# Check to make sure the static flag actually works. +# +wl=$_LT_TAGVAR(lt_prog_compiler_wl, $1) eval lt_tmp_static_flag=\"$_LT_TAGVAR(lt_prog_compiler_static, $1)\" +_LT_LINKER_OPTION([if $compiler static flag $lt_tmp_static_flag works], + _LT_TAGVAR(lt_cv_prog_compiler_static_works, $1), + $lt_tmp_static_flag, + [], + [_LT_TAGVAR(lt_prog_compiler_static, $1)=]) +_LT_TAGDECL([link_static_flag], [lt_prog_compiler_static], [1], + [Compiler flag to prevent dynamic linking]) +])# _LT_COMPILER_PIC + + +# _LT_LINKER_SHLIBS([TAGNAME]) +# ---------------------------- +# See if the linker supports building shared libraries. +m4_defun([_LT_LINKER_SHLIBS], +[AC_REQUIRE([LT_PATH_LD])dnl +AC_REQUIRE([LT_PATH_NM])dnl +m4_require([_LT_PATH_MANIFEST_TOOL])dnl +m4_require([_LT_FILEUTILS_DEFAULTS])dnl +m4_require([_LT_DECL_EGREP])dnl +m4_require([_LT_DECL_SED])dnl +m4_require([_LT_CMD_GLOBAL_SYMBOLS])dnl +m4_require([_LT_TAG_COMPILER])dnl +AC_MSG_CHECKING([whether the $compiler linker ($LD) supports shared libraries]) +m4_if([$1], [CXX], [ + _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols' + _LT_TAGVAR(exclude_expsyms, $1)=['_GLOBAL_OFFSET_TABLE_|_GLOBAL__F[ID]_.*'] + case $host_os in + aix[[4-9]]*) + # If we're using GNU nm, then we don't want the "-C" option. + # -C means demangle to AIX nm, but means don't demangle with GNU nm + # Also, AIX nm treats weak defined symbols like other global defined + # symbols, whereas GNU nm marks them as "W". + if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then + _LT_TAGVAR(export_symbols_cmds, $1)='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W")) && ([substr](\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols' + else + _LT_TAGVAR(export_symbols_cmds, $1)='$NM -BCpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B")) && ([substr](\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols' + fi + ;; + pw32*) + _LT_TAGVAR(export_symbols_cmds, $1)="$ltdll_cmds" + ;; + cygwin* | mingw* | cegcc*) + case $cc_basename in + cl*) + _LT_TAGVAR(exclude_expsyms, $1)='_NULL_IMPORT_DESCRIPTOR|_IMPORT_DESCRIPTOR_.*' + ;; + *) + _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]][[ ]]/s/.*[[ ]]\([[^ ]]*\)/\1 DATA/;s/^.*[[ ]]__nm__\([[^ ]]*\)[[ ]][[^ ]]*/\1 DATA/;/^I[[ ]]/d;/^[[AITW]][[ ]]/s/.* //'\'' | sort | uniq > $export_symbols' + _LT_TAGVAR(exclude_expsyms, $1)=['[_]+GLOBAL_OFFSET_TABLE_|[_]+GLOBAL__[FID]_.*|[_]+head_[A-Za-z0-9_]+_dll|[A-Za-z0-9_]+_dll_iname'] + ;; + esac + ;; + *) + _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols' + ;; + esac +], [ + runpath_var= + _LT_TAGVAR(allow_undefined_flag, $1)= + _LT_TAGVAR(always_export_symbols, $1)=no + _LT_TAGVAR(archive_cmds, $1)= + _LT_TAGVAR(archive_expsym_cmds, $1)= + _LT_TAGVAR(compiler_needs_object, $1)=no + _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no + _LT_TAGVAR(export_dynamic_flag_spec, $1)= + _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols' + _LT_TAGVAR(hardcode_automatic, $1)=no + _LT_TAGVAR(hardcode_direct, $1)=no + _LT_TAGVAR(hardcode_direct_absolute, $1)=no + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)= + _LT_TAGVAR(hardcode_libdir_separator, $1)= + _LT_TAGVAR(hardcode_minus_L, $1)=no + _LT_TAGVAR(hardcode_shlibpath_var, $1)=unsupported + _LT_TAGVAR(inherit_rpath, $1)=no + _LT_TAGVAR(link_all_deplibs, $1)=unknown + _LT_TAGVAR(module_cmds, $1)= + _LT_TAGVAR(module_expsym_cmds, $1)= + _LT_TAGVAR(old_archive_from_new_cmds, $1)= + _LT_TAGVAR(old_archive_from_expsyms_cmds, $1)= + _LT_TAGVAR(thread_safe_flag_spec, $1)= + _LT_TAGVAR(whole_archive_flag_spec, $1)= + # include_expsyms should be a list of space-separated symbols to be *always* + # included in the symbol list + _LT_TAGVAR(include_expsyms, $1)= + # exclude_expsyms can be an extended regexp of symbols to exclude + # it will be wrapped by ` (' and `)$', so one must not match beginning or + # end of line. Example: `a|bc|.*d.*' will exclude the symbols `a' and `bc', + # as well as any symbol that contains `d'. + _LT_TAGVAR(exclude_expsyms, $1)=['_GLOBAL_OFFSET_TABLE_|_GLOBAL__F[ID]_.*'] + # Although _GLOBAL_OFFSET_TABLE_ is a valid symbol C name, most a.out + # platforms (ab)use it in PIC code, but their linkers get confused if + # the symbol is explicitly referenced. Since portable code cannot + # rely on this symbol name, it's probably fine to never include it in + # preloaded symbol tables. + # Exclude shared library initialization/finalization symbols. +dnl Note also adjust exclude_expsyms for C++ above. + extract_expsyms_cmds= + + case $host_os in + cygwin* | mingw* | pw32* | cegcc*) + # FIXME: the MSVC++ port hasn't been tested in a loooong time + # When not using gcc, we currently assume that we are using + # Microsoft Visual C++. + if test "$GCC" != yes; then + with_gnu_ld=no + fi + ;; + interix*) + # we just hope/assume this is gcc and not c89 (= MSVC++) + with_gnu_ld=yes + ;; + openbsd*) + with_gnu_ld=no + ;; + esac + + _LT_TAGVAR(ld_shlibs, $1)=yes + + # On some targets, GNU ld is compatible enough with the native linker + # that we're better off using the native interface for both. + lt_use_gnu_ld_interface=no + if test "$with_gnu_ld" = yes; then + case $host_os in + aix*) + # The AIX port of GNU ld has always aspired to compatibility + # with the native linker. However, as the warning in the GNU ld + # block says, versions before 2.19.5* couldn't really create working + # shared libraries, regardless of the interface used. + case `$LD -v 2>&1` in + *\ \(GNU\ Binutils\)\ 2.19.5*) ;; + *\ \(GNU\ Binutils\)\ 2.[[2-9]]*) ;; + *\ \(GNU\ Binutils\)\ [[3-9]]*) ;; + *) + lt_use_gnu_ld_interface=yes + ;; + esac + ;; + *) + lt_use_gnu_ld_interface=yes + ;; + esac + fi + + if test "$lt_use_gnu_ld_interface" = yes; then + # If archive_cmds runs LD, not CC, wlarc should be empty + wlarc='${wl}' + + # Set some defaults for GNU ld with shared library support. These + # are reset later if shared libraries are not supported. Putting them + # here allows them to be overridden if necessary. + runpath_var=LD_RUN_PATH + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic' + # ancient GNU ld didn't support --whole-archive et. al. + if $LD --help 2>&1 | $GREP 'no-whole-archive' > /dev/null; then + _LT_TAGVAR(whole_archive_flag_spec, $1)="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive' + else + _LT_TAGVAR(whole_archive_flag_spec, $1)= + fi + supports_anon_versioning=no + case `$LD -v 2>&1` in + *GNU\ gold*) supports_anon_versioning=yes ;; + *\ [[01]].* | *\ 2.[[0-9]].* | *\ 2.10.*) ;; # catch versions < 2.11 + *\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ... + *\ 2.11.92.0.12\ *) supports_anon_versioning=yes ;; # Mandrake 8.2 ... + *\ 2.11.*) ;; # other 2.11 versions + *) supports_anon_versioning=yes ;; + esac + + # See if GNU ld supports shared libraries. + case $host_os in + aix[[3-9]]*) + # On AIX/PPC, the GNU linker is very broken + if test "$host_cpu" != ia64; then + _LT_TAGVAR(ld_shlibs, $1)=no + cat <<_LT_EOF 1>&2 + +*** Warning: the GNU linker, at least up to release 2.19, is reported +*** to be unable to reliably create shared libraries on AIX. +*** Therefore, libtool is disabling shared libraries support. If you +*** really care for shared libraries, you may want to install binutils +*** 2.20 or above, or modify your PATH so that a non-GNU linker is found. +*** You will then need to restart the configuration process. + +_LT_EOF + fi + ;; + + amigaos*) + case $host_cpu in + powerpc) + # see comment about AmigaOS4 .so support + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='' + ;; + m68k) + _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/a2ixlibrary.data~$ECHO "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$ECHO "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$ECHO "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$ECHO "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' + _LT_TAGVAR(hardcode_minus_L, $1)=yes + ;; + esac + ;; + + beos*) + if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then + _LT_TAGVAR(allow_undefined_flag, $1)=unsupported + # Joseph Beckenbach says some releases of gcc + # support --undefined. This deserves some investigation. FIXME + _LT_TAGVAR(archive_cmds, $1)='$CC -nostart $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + else + _LT_TAGVAR(ld_shlibs, $1)=no + fi + ;; + + cygwin* | mingw* | pw32* | cegcc*) + # _LT_TAGVAR(hardcode_libdir_flag_spec, $1) is actually meaningless, + # as there is no search path for DLLs. + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-all-symbols' + _LT_TAGVAR(allow_undefined_flag, $1)=unsupported + _LT_TAGVAR(always_export_symbols, $1)=no + _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes + _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]][[ ]]/s/.*[[ ]]\([[^ ]]*\)/\1 DATA/;s/^.*[[ ]]__nm__\([[^ ]]*\)[[ ]][[^ ]]*/\1 DATA/;/^I[[ ]]/d;/^[[AITW]][[ ]]/s/.* //'\'' | sort | uniq > $export_symbols' + _LT_TAGVAR(exclude_expsyms, $1)=['[_]+GLOBAL_OFFSET_TABLE_|[_]+GLOBAL__[FID]_.*|[_]+head_[A-Za-z0-9_]+_dll|[A-Za-z0-9_]+_dll_iname'] + + if $LD --help 2>&1 | $GREP 'auto-import' > /dev/null; then + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' + # If the export-symbols file already is a .def file (1st line + # is EXPORTS), use it as is; otherwise, prepend... + _LT_TAGVAR(archive_expsym_cmds, $1)='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then + cp $export_symbols $output_objdir/$soname.def; + else + echo EXPORTS > $output_objdir/$soname.def; + cat $export_symbols >> $output_objdir/$soname.def; + fi~ + $CC -shared $output_objdir/$soname.def $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' + else + _LT_TAGVAR(ld_shlibs, $1)=no + fi + ;; + + haiku*) + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + _LT_TAGVAR(link_all_deplibs, $1)=yes + ;; + + interix[[3-9]]*) + _LT_TAGVAR(hardcode_direct, $1)=no + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' + # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc. + # Instead, shared libraries are loaded at an image base (0x10000000 by + # default) and relocated if they conflict, which is a slow very memory + # consuming and fragmenting process. To avoid this, we pick a random, + # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link + # time. Moving up from 0x10000000 also allows more sbrk(2) space. + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='sed "s,^,_," $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--retain-symbols-file,$output_objdir/$soname.expsym ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' + ;; + + gnu* | linux* | tpf* | k*bsd*-gnu | kopensolaris*-gnu) + tmp_diet=no + if test "$host_os" = linux-dietlibc; then + case $cc_basename in + diet\ *) tmp_diet=yes;; # linux-dietlibc with static linking (!diet-dyn) + esac + fi + if $LD --help 2>&1 | $EGREP ': supported targets:.* elf' > /dev/null \ + && test "$tmp_diet" = no + then + tmp_addflag=' $pic_flag' + tmp_sharedflag='-shared' + case $cc_basename,$host_cpu in + pgcc*) # Portland Group C compiler + _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` ${wl}--no-whole-archive' + tmp_addflag=' $pic_flag' + ;; + pgf77* | pgf90* | pgf95* | pgfortran*) + # Portland Group f77 and f90 compilers + _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` ${wl}--no-whole-archive' + tmp_addflag=' $pic_flag -Mnomain' ;; + ecc*,ia64* | icc*,ia64*) # Intel C compiler on ia64 + tmp_addflag=' -i_dynamic' ;; + efc*,ia64* | ifort*,ia64*) # Intel Fortran compiler on ia64 + tmp_addflag=' -i_dynamic -nofor_main' ;; + ifc* | ifort*) # Intel Fortran compiler + tmp_addflag=' -nofor_main' ;; + lf95*) # Lahey Fortran 8.1 + _LT_TAGVAR(whole_archive_flag_spec, $1)= + tmp_sharedflag='--shared' ;; + xl[[cC]]* | bgxl[[cC]]* | mpixl[[cC]]*) # IBM XL C 8.0 on PPC (deal with xlf below) + tmp_sharedflag='-qmkshrobj' + tmp_addflag= ;; + nvcc*) # Cuda Compiler Driver 2.2 + _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` ${wl}--no-whole-archive' + _LT_TAGVAR(compiler_needs_object, $1)=yes + ;; + esac + case `$CC -V 2>&1 | sed 5q` in + *Sun\ C*) # Sun C 5.9 + _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` ${wl}--no-whole-archive' + _LT_TAGVAR(compiler_needs_object, $1)=yes + tmp_sharedflag='-G' ;; + *Sun\ F*) # Sun Fortran 8.3 + tmp_sharedflag='-G' ;; + esac + _LT_TAGVAR(archive_cmds, $1)='$CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + + if test "x$supports_anon_versioning" = xyes; then + _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~ + cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ + echo "local: *; };" >> $output_objdir/$libname.ver~ + $CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-version-script ${wl}$output_objdir/$libname.ver -o $lib' + fi + + case $cc_basename in + xlf* | bgf* | bgxlf* | mpixlf*) + # IBM XL Fortran 10.1 on PPC cannot create shared libs itself + _LT_TAGVAR(whole_archive_flag_spec, $1)='--whole-archive$convenience --no-whole-archive' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' + _LT_TAGVAR(archive_cmds, $1)='$LD -shared $libobjs $deplibs $linker_flags -soname $soname -o $lib' + if test "x$supports_anon_versioning" = xyes; then + _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~ + cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ + echo "local: *; };" >> $output_objdir/$libname.ver~ + $LD -shared $libobjs $deplibs $linker_flags -soname $soname -version-script $output_objdir/$libname.ver -o $lib' + fi + ;; + esac + else + _LT_TAGVAR(ld_shlibs, $1)=no + fi + ;; + + netbsd*) + if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then + _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib' + wlarc= + else + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' + fi + ;; + + solaris*) + if $LD -v 2>&1 | $GREP 'BFD 2\.8' > /dev/null; then + _LT_TAGVAR(ld_shlibs, $1)=no + cat <<_LT_EOF 1>&2 + +*** Warning: The releases 2.8.* of the GNU linker cannot reliably +*** create shared libraries on Solaris systems. Therefore, libtool +*** is disabling shared libraries support. We urge you to upgrade GNU +*** binutils to release 2.9.1 or newer. Another option is to modify +*** your PATH or compiler configuration so that the native linker is +*** used, and then restart. + +_LT_EOF + elif $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' + else + _LT_TAGVAR(ld_shlibs, $1)=no + fi + ;; + + sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX*) + case `$LD -v 2>&1` in + *\ [[01]].* | *\ 2.[[0-9]].* | *\ 2.1[[0-5]].*) + _LT_TAGVAR(ld_shlibs, $1)=no + cat <<_LT_EOF 1>&2 + +*** Warning: Releases of the GNU linker prior to 2.16.91.0.3 can not +*** reliably create shared libraries on SCO systems. Therefore, libtool +*** is disabling shared libraries support. We urge you to upgrade GNU +*** binutils to release 2.16.91.0.3 or newer. Another option is to modify +*** your PATH or compiler configuration so that the native linker is +*** used, and then restart. + +_LT_EOF + ;; + *) + # For security reasons, it is highly recommended that you always + # use absolute paths for naming shared libraries, and exclude the + # DT_RUNPATH tag from executables and libraries. But doing so + # requires that you compile everything twice, which is a pain. + if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' + else + _LT_TAGVAR(ld_shlibs, $1)=no + fi + ;; + esac + ;; + + sunos4*) + _LT_TAGVAR(archive_cmds, $1)='$LD -assert pure-text -Bshareable -o $lib $libobjs $deplibs $linker_flags' + wlarc= + _LT_TAGVAR(hardcode_direct, $1)=yes + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + ;; + + *) + if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' + else + _LT_TAGVAR(ld_shlibs, $1)=no + fi + ;; + esac + + if test "$_LT_TAGVAR(ld_shlibs, $1)" = no; then + runpath_var= + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)= + _LT_TAGVAR(export_dynamic_flag_spec, $1)= + _LT_TAGVAR(whole_archive_flag_spec, $1)= + fi + else + # PORTME fill in a description of your system's linker (not GNU ld) + case $host_os in + aix3*) + _LT_TAGVAR(allow_undefined_flag, $1)=unsupported + _LT_TAGVAR(always_export_symbols, $1)=yes + _LT_TAGVAR(archive_expsym_cmds, $1)='$LD -o $output_objdir/$soname $libobjs $deplibs $linker_flags -bE:$export_symbols -T512 -H512 -bM:SRE~$AR $AR_FLAGS $lib $output_objdir/$soname' + # Note: this linker hardcodes the directories in LIBPATH if there + # are no directories specified by -L. + _LT_TAGVAR(hardcode_minus_L, $1)=yes + if test "$GCC" = yes && test -z "$lt_prog_compiler_static"; then + # Neither direct hardcoding nor static linking is supported with a + # broken collect2. + _LT_TAGVAR(hardcode_direct, $1)=unsupported + fi + ;; + + aix[[4-9]]*) + if test "$host_cpu" = ia64; then + # On IA64, the linker does run time linking by default, so we don't + # have to do anything special. + aix_use_runtimelinking=no + exp_sym_flag='-Bexport' + no_entry_flag="" + else + # If we're using GNU nm, then we don't want the "-C" option. + # -C means demangle to AIX nm, but means don't demangle with GNU nm + # Also, AIX nm treats weak defined symbols like other global + # defined symbols, whereas GNU nm marks them as "W". + if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then + _LT_TAGVAR(export_symbols_cmds, $1)='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W")) && ([substr](\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols' + else + _LT_TAGVAR(export_symbols_cmds, $1)='$NM -BCpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B")) && ([substr](\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols' + fi + aix_use_runtimelinking=no + + # Test if we are trying to use run time linking or normal + # AIX style linking. If -brtl is somewhere in LDFLAGS, we + # need to do runtime linking. + case $host_os in aix4.[[23]]|aix4.[[23]].*|aix[[5-9]]*) + for ld_flag in $LDFLAGS; do + if (test $ld_flag = "-brtl" || test $ld_flag = "-Wl,-brtl"); then + aix_use_runtimelinking=yes + break + fi + done + ;; + esac + + exp_sym_flag='-bexport' + no_entry_flag='-bnoentry' + fi + + # When large executables or shared objects are built, AIX ld can + # have problems creating the table of contents. If linking a library + # or program results in "error TOC overflow" add -mminimal-toc to + # CXXFLAGS/CFLAGS for g++/gcc. In the cases where that is not + # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS. + + _LT_TAGVAR(archive_cmds, $1)='' + _LT_TAGVAR(hardcode_direct, $1)=yes + _LT_TAGVAR(hardcode_direct_absolute, $1)=yes + _LT_TAGVAR(hardcode_libdir_separator, $1)=':' + _LT_TAGVAR(link_all_deplibs, $1)=yes + _LT_TAGVAR(file_list_spec, $1)='${wl}-f,' + + if test "$GCC" = yes; then + case $host_os in aix4.[[012]]|aix4.[[012]].*) + # We only want to do this on AIX 4.2 and lower, the check + # below for broken collect2 doesn't work under 4.3+ + collect2name=`${CC} -print-prog-name=collect2` + if test -f "$collect2name" && + strings "$collect2name" | $GREP resolve_lib_name >/dev/null + then + # We have reworked collect2 + : + else + # We have old collect2 + _LT_TAGVAR(hardcode_direct, $1)=unsupported + # It fails to find uninstalled libraries when the uninstalled + # path is not listed in the libpath. Setting hardcode_minus_L + # to unsupported forces relinking + _LT_TAGVAR(hardcode_minus_L, $1)=yes + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' + _LT_TAGVAR(hardcode_libdir_separator, $1)= + fi + ;; + esac + shared_flag='-shared' + if test "$aix_use_runtimelinking" = yes; then + shared_flag="$shared_flag "'${wl}-G' + fi + else + # not using gcc + if test "$host_cpu" = ia64; then + # VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release + # chokes on -Wl,-G. The following line is correct: + shared_flag='-G' + else + if test "$aix_use_runtimelinking" = yes; then + shared_flag='${wl}-G' + else + shared_flag='${wl}-bM:SRE' + fi + fi + fi + + _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-bexpall' + # It seems that -bexpall does not export symbols beginning with + # underscore (_), so it is better to generate a list of symbols to export. + _LT_TAGVAR(always_export_symbols, $1)=yes + if test "$aix_use_runtimelinking" = yes; then + # Warning - without using the other runtime loading flags (-brtl), + # -berok will link without error, but may produce a broken library. + _LT_TAGVAR(allow_undefined_flag, $1)='-berok' + # Determine the default libpath from the value encoded in an + # empty executable. + _LT_SYS_MODULE_PATH_AIX([$1]) + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-blibpath:$libdir:'"$aix_libpath" + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then func_echo_all "${wl}${allow_undefined_flag}"; else :; fi` '"\${wl}$exp_sym_flag:\$export_symbols $shared_flag" + else + if test "$host_cpu" = ia64; then + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-R $libdir:/usr/lib:/lib' + _LT_TAGVAR(allow_undefined_flag, $1)="-z nodefs" + _LT_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags ${wl}${allow_undefined_flag} '"\${wl}$exp_sym_flag:\$export_symbols" + else + # Determine the default libpath from the value encoded in an + # empty executable. + _LT_SYS_MODULE_PATH_AIX([$1]) + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-blibpath:$libdir:'"$aix_libpath" + # Warning - without using the other run time loading flags, + # -berok will link without error, but may produce a broken library. + _LT_TAGVAR(no_undefined_flag, $1)=' ${wl}-bernotok' + _LT_TAGVAR(allow_undefined_flag, $1)=' ${wl}-berok' + if test "$with_gnu_ld" = yes; then + # We only use this code for GNU lds that support --whole-archive. + _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive$convenience ${wl}--no-whole-archive' + else + # Exported symbols can be pulled into shared objects from archives + _LT_TAGVAR(whole_archive_flag_spec, $1)='$convenience' + fi + _LT_TAGVAR(archive_cmds_need_lc, $1)=yes + # This is similar to how AIX traditionally builds its shared libraries. + _LT_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs ${wl}-bnoentry $compiler_flags ${wl}-bE:$export_symbols${allow_undefined_flag}~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$soname' + fi + fi + ;; + + amigaos*) + case $host_cpu in + powerpc) + # see comment about AmigaOS4 .so support + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='' + ;; + m68k) + _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/a2ixlibrary.data~$ECHO "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$ECHO "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$ECHO "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$ECHO "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' + _LT_TAGVAR(hardcode_minus_L, $1)=yes + ;; + esac + ;; + + bsdi[[45]]*) + _LT_TAGVAR(export_dynamic_flag_spec, $1)=-rdynamic + ;; + + cygwin* | mingw* | pw32* | cegcc*) + # When not using gcc, we currently assume that we are using + # Microsoft Visual C++. + # hardcode_libdir_flag_spec is actually meaningless, as there is + # no search path for DLLs. + case $cc_basename in + cl*) + # Native MSVC + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=' ' + _LT_TAGVAR(allow_undefined_flag, $1)=unsupported + _LT_TAGVAR(always_export_symbols, $1)=yes + _LT_TAGVAR(file_list_spec, $1)='@' + # Tell ltmain to make .lib files, not .a files. + libext=lib + # Tell ltmain to make .dll files, not .so files. + shrext_cmds=".dll" + # FIXME: Setting linknames here is a bad hack. + _LT_TAGVAR(archive_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $compiler_flags $deplibs -Wl,-dll~linknames=' + _LT_TAGVAR(archive_expsym_cmds, $1)='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then + sed -n -e 's/\\\\\\\(.*\\\\\\\)/-link\\\ -EXPORT:\\\\\\\1/' -e '1\\\!p' < $export_symbols > $output_objdir/$soname.exp; + else + sed -e 's/\\\\\\\(.*\\\\\\\)/-link\\\ -EXPORT:\\\\\\\1/' < $export_symbols > $output_objdir/$soname.exp; + fi~ + $CC -o $tool_output_objdir$soname $libobjs $compiler_flags $deplibs "@$tool_output_objdir$soname.exp" -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~ + linknames=' + # The linker will not automatically build a static lib if we build a DLL. + # _LT_TAGVAR(old_archive_from_new_cmds, $1)='true' + _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes + _LT_TAGVAR(exclude_expsyms, $1)='_NULL_IMPORT_DESCRIPTOR|_IMPORT_DESCRIPTOR_.*' + _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]][[ ]]/s/.*[[ ]]\([[^ ]]*\)/\1,DATA/'\'' | $SED -e '\''/^[[AITW]][[ ]]/s/.*[[ ]]//'\'' | sort | uniq > $export_symbols' + # Don't use ranlib + _LT_TAGVAR(old_postinstall_cmds, $1)='chmod 644 $oldlib' + _LT_TAGVAR(postlink_cmds, $1)='lt_outputfile="@OUTPUT@"~ + lt_tool_outputfile="@TOOL_OUTPUT@"~ + case $lt_outputfile in + *.exe|*.EXE) ;; + *) + lt_outputfile="$lt_outputfile.exe" + lt_tool_outputfile="$lt_tool_outputfile.exe" + ;; + esac~ + if test "$MANIFEST_TOOL" != ":" && test -f "$lt_outputfile.manifest"; then + $MANIFEST_TOOL -manifest "$lt_tool_outputfile.manifest" -outputresource:"$lt_tool_outputfile" || exit 1; + $RM "$lt_outputfile.manifest"; + fi' + ;; + *) + # Assume MSVC wrapper + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=' ' + _LT_TAGVAR(allow_undefined_flag, $1)=unsupported + # Tell ltmain to make .lib files, not .a files. + libext=lib + # Tell ltmain to make .dll files, not .so files. + shrext_cmds=".dll" + # FIXME: Setting linknames here is a bad hack. + _LT_TAGVAR(archive_cmds, $1)='$CC -o $lib $libobjs $compiler_flags `func_echo_all "$deplibs" | $SED '\''s/ -lc$//'\''` -link -dll~linknames=' + # The linker will automatically build a .lib file if we build a DLL. + _LT_TAGVAR(old_archive_from_new_cmds, $1)='true' + # FIXME: Should let the user specify the lib program. + _LT_TAGVAR(old_archive_cmds, $1)='lib -OUT:$oldlib$oldobjs$old_deplibs' + _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes + ;; + esac + ;; + + darwin* | rhapsody*) + _LT_DARWIN_LINKER_FEATURES($1) + ;; + + dgux*) + _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + ;; + + # FreeBSD 2.2.[012] allows us to include c++rt0.o to get C++ constructor + # support. Future versions do this automatically, but an explicit c++rt0.o + # does not break anything, and helps significantly (at the cost of a little + # extra space). + freebsd2.2*) + _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags /usr/lib/c++rt0.o' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' + _LT_TAGVAR(hardcode_direct, $1)=yes + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + ;; + + # Unfortunately, older versions of FreeBSD 2 do not have this feature. + freebsd2.*) + _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' + _LT_TAGVAR(hardcode_direct, $1)=yes + _LT_TAGVAR(hardcode_minus_L, $1)=yes + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + ;; + + # FreeBSD 3 and greater uses gcc -shared to do shared libraries. + freebsd* | dragonfly*) + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' + _LT_TAGVAR(hardcode_direct, $1)=yes + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + ;; + + hpux9*) + if test "$GCC" = yes; then + _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$CC -shared $pic_flag ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $libobjs $deplibs $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib' + else + _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$LD -b +b $install_libdir -o $output_objdir/$soname $libobjs $deplibs $linker_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib' + fi + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir' + _LT_TAGVAR(hardcode_libdir_separator, $1)=: + _LT_TAGVAR(hardcode_direct, $1)=yes + + # hardcode_minus_L: Not really in the search PATH, + # but as the default location of the library. + _LT_TAGVAR(hardcode_minus_L, $1)=yes + _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' + ;; + + hpux10*) + if test "$GCC" = yes && test "$with_gnu_ld" = no; then + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags' + else + _LT_TAGVAR(archive_cmds, $1)='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags' + fi + if test "$with_gnu_ld" = no; then + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir' + _LT_TAGVAR(hardcode_libdir_separator, $1)=: + _LT_TAGVAR(hardcode_direct, $1)=yes + _LT_TAGVAR(hardcode_direct_absolute, $1)=yes + _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' + # hardcode_minus_L: Not really in the search PATH, + # but as the default location of the library. + _LT_TAGVAR(hardcode_minus_L, $1)=yes + fi + ;; + + hpux11*) + if test "$GCC" = yes && test "$with_gnu_ld" = no; then + case $host_cpu in + hppa*64*) + _LT_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags' + ;; + ia64*) + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags' + ;; + *) + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags' + ;; + esac + else + case $host_cpu in + hppa*64*) + _LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags' + ;; + ia64*) + _LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags' + ;; + *) + m4_if($1, [], [ + # Older versions of the 11.00 compiler do not understand -b yet + # (HP92453-01 A.11.01.20 doesn't, HP92453-01 B.11.X.35175-35176.GP does) + _LT_LINKER_OPTION([if $CC understands -b], + _LT_TAGVAR(lt_cv_prog_compiler__b, $1), [-b], + [_LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags'], + [_LT_TAGVAR(archive_cmds, $1)='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags'])], + [_LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags']) + ;; + esac + fi + if test "$with_gnu_ld" = no; then + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir' + _LT_TAGVAR(hardcode_libdir_separator, $1)=: + + case $host_cpu in + hppa*64*|ia64*) + _LT_TAGVAR(hardcode_direct, $1)=no + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + ;; + *) + _LT_TAGVAR(hardcode_direct, $1)=yes + _LT_TAGVAR(hardcode_direct_absolute, $1)=yes + _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' + + # hardcode_minus_L: Not really in the search PATH, + # but as the default location of the library. + _LT_TAGVAR(hardcode_minus_L, $1)=yes + ;; + esac + fi + ;; + + irix5* | irix6* | nonstopux*) + if test "$GCC" = yes; then + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' + # Try to use the -exported_symbol ld option, if it does not + # work, assume that -exports_file does not work either and + # implicitly export all symbols. + # This should be the same for all languages, so no per-tag cache variable. + AC_CACHE_CHECK([whether the $host_os linker accepts -exported_symbol], + [lt_cv_irix_exported_symbol], + [save_LDFLAGS="$LDFLAGS" + LDFLAGS="$LDFLAGS -shared ${wl}-exported_symbol ${wl}foo ${wl}-update_registry ${wl}/dev/null" + AC_LINK_IFELSE( + [AC_LANG_SOURCE( + [AC_LANG_CASE([C], [[int foo (void) { return 0; }]], + [C++], [[int foo (void) { return 0; }]], + [Fortran 77], [[ + subroutine foo + end]], + [Fortran], [[ + subroutine foo + end]])])], + [lt_cv_irix_exported_symbol=yes], + [lt_cv_irix_exported_symbol=no]) + LDFLAGS="$save_LDFLAGS"]) + if test "$lt_cv_irix_exported_symbol" = yes; then + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations ${wl}-exports_file ${wl}$export_symbols -o $lib' + fi + else + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -exports_file $export_symbols -o $lib' + fi + _LT_TAGVAR(archive_cmds_need_lc, $1)='no' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' + _LT_TAGVAR(hardcode_libdir_separator, $1)=: + _LT_TAGVAR(inherit_rpath, $1)=yes + _LT_TAGVAR(link_all_deplibs, $1)=yes + ;; + + netbsd*) + if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then + _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' # a.out + else + _LT_TAGVAR(archive_cmds, $1)='$LD -shared -o $lib $libobjs $deplibs $linker_flags' # ELF + fi + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' + _LT_TAGVAR(hardcode_direct, $1)=yes + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + ;; + + newsos6) + _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' + _LT_TAGVAR(hardcode_direct, $1)=yes + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' + _LT_TAGVAR(hardcode_libdir_separator, $1)=: + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + ;; + + *nto* | *qnx*) + ;; + + openbsd*) + if test -f /usr/libexec/ld.so; then + _LT_TAGVAR(hardcode_direct, $1)=yes + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + _LT_TAGVAR(hardcode_direct_absolute, $1)=yes + if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-retain-symbols-file,$export_symbols' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' + else + case $host_os in + openbsd[[01]].* | openbsd2.[[0-7]] | openbsd2.[[0-7]].*) + _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' + ;; + *) + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' + ;; + esac + fi + else + _LT_TAGVAR(ld_shlibs, $1)=no + fi + ;; + + os2*) + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' + _LT_TAGVAR(hardcode_minus_L, $1)=yes + _LT_TAGVAR(allow_undefined_flag, $1)=unsupported + _LT_TAGVAR(archive_cmds, $1)='$ECHO "LIBRARY $libname INITINSTANCE" > $output_objdir/$libname.def~$ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~echo DATA >> $output_objdir/$libname.def~echo " SINGLE NONSHARED" >> $output_objdir/$libname.def~echo EXPORTS >> $output_objdir/$libname.def~emxexp $libobjs >> $output_objdir/$libname.def~$CC -Zdll -Zcrtdll -o $lib $libobjs $deplibs $compiler_flags $output_objdir/$libname.def' + _LT_TAGVAR(old_archive_from_new_cmds, $1)='emximp -o $output_objdir/$libname.a $output_objdir/$libname.def' + ;; + + osf3*) + if test "$GCC" = yes; then + _LT_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' + else + _LT_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib' + fi + _LT_TAGVAR(archive_cmds_need_lc, $1)='no' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' + _LT_TAGVAR(hardcode_libdir_separator, $1)=: + ;; + + osf4* | osf5*) # as osf3* with the addition of -msym flag + if test "$GCC" = yes; then + _LT_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $pic_flag $libobjs $deplibs $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' + else + _LT_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags -msym -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done; printf "%s\\n" "-hidden">> $lib.exp~ + $CC -shared${allow_undefined_flag} ${wl}-input ${wl}$lib.exp $compiler_flags $libobjs $deplibs -soname $soname `test -n "$verstring" && $ECHO "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib~$RM $lib.exp' + + # Both c and cxx compiler support -rpath directly + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir' + fi + _LT_TAGVAR(archive_cmds_need_lc, $1)='no' + _LT_TAGVAR(hardcode_libdir_separator, $1)=: + ;; + + solaris*) + _LT_TAGVAR(no_undefined_flag, $1)=' -z defs' + if test "$GCC" = yes; then + wlarc='${wl}' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag ${wl}-z ${wl}text ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ + $CC -shared $pic_flag ${wl}-z ${wl}text ${wl}-M ${wl}$lib.exp ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp' + else + case `$CC -V 2>&1` in + *"Compilers 5.0"*) + wlarc='' + _LT_TAGVAR(archive_cmds, $1)='$LD -G${allow_undefined_flag} -h $soname -o $lib $libobjs $deplibs $linker_flags' + _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ + $LD -G${allow_undefined_flag} -M $lib.exp -h $soname -o $lib $libobjs $deplibs $linker_flags~$RM $lib.exp' + ;; + *) + wlarc='${wl}' + _LT_TAGVAR(archive_cmds, $1)='$CC -G${allow_undefined_flag} -h $soname -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ + $CC -G${allow_undefined_flag} -M $lib.exp -h $soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp' + ;; + esac + fi + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + case $host_os in + solaris2.[[0-5]] | solaris2.[[0-5]].*) ;; + *) + # The compiler driver will combine and reorder linker options, + # but understands `-z linker_flag'. GCC discards it without `$wl', + # but is careful enough not to reorder. + # Supported since Solaris 2.6 (maybe 2.5.1?) + if test "$GCC" = yes; then + _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}-z ${wl}allextract$convenience ${wl}-z ${wl}defaultextract' + else + _LT_TAGVAR(whole_archive_flag_spec, $1)='-z allextract$convenience -z defaultextract' + fi + ;; + esac + _LT_TAGVAR(link_all_deplibs, $1)=yes + ;; + + sunos4*) + if test "x$host_vendor" = xsequent; then + # Use $CC to link under sequent, because it throws in some extra .o + # files that make .init and .fini sections work. + _LT_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h $soname -o $lib $libobjs $deplibs $compiler_flags' + else + _LT_TAGVAR(archive_cmds, $1)='$LD -assert pure-text -Bstatic -o $lib $libobjs $deplibs $linker_flags' + fi + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' + _LT_TAGVAR(hardcode_direct, $1)=yes + _LT_TAGVAR(hardcode_minus_L, $1)=yes + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + ;; + + sysv4) + case $host_vendor in + sni) + _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' + _LT_TAGVAR(hardcode_direct, $1)=yes # is this really true??? + ;; + siemens) + ## LD is ld it makes a PLAMLIB + ## CC just makes a GrossModule. + _LT_TAGVAR(archive_cmds, $1)='$LD -G -o $lib $libobjs $deplibs $linker_flags' + _LT_TAGVAR(reload_cmds, $1)='$CC -r -o $output$reload_objs' + _LT_TAGVAR(hardcode_direct, $1)=no + ;; + motorola) + _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' + _LT_TAGVAR(hardcode_direct, $1)=no #Motorola manual says yes, but my tests say they lie + ;; + esac + runpath_var='LD_RUN_PATH' + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + ;; + + sysv4.3*) + _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + _LT_TAGVAR(export_dynamic_flag_spec, $1)='-Bexport' + ;; + + sysv4*MP*) + if test -d /usr/nec; then + _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + runpath_var=LD_RUN_PATH + hardcode_runpath_var=yes + _LT_TAGVAR(ld_shlibs, $1)=yes + fi + ;; + + sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[[01]].[[10]]* | unixware7* | sco3.2v5.0.[[024]]*) + _LT_TAGVAR(no_undefined_flag, $1)='${wl}-z,text' + _LT_TAGVAR(archive_cmds_need_lc, $1)=no + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + runpath_var='LD_RUN_PATH' + + if test "$GCC" = yes; then + _LT_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + else + _LT_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + fi + ;; + + sysv5* | sco3.2v5* | sco5v6*) + # Note: We can NOT use -z defs as we might desire, because we do not + # link with -lc, and that would cause any symbols used from libc to + # always be unresolved, which means just about no library would + # ever link correctly. If we're not using GNU ld we use -z text + # though, which does catch some bad symbols but isn't as heavy-handed + # as -z defs. + _LT_TAGVAR(no_undefined_flag, $1)='${wl}-z,text' + _LT_TAGVAR(allow_undefined_flag, $1)='${wl}-z,nodefs' + _LT_TAGVAR(archive_cmds_need_lc, $1)=no + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-R,$libdir' + _LT_TAGVAR(hardcode_libdir_separator, $1)=':' + _LT_TAGVAR(link_all_deplibs, $1)=yes + _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-Bexport' + runpath_var='LD_RUN_PATH' + + if test "$GCC" = yes; then + _LT_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + else + _LT_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + fi + ;; + + uts4*) + _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + ;; + + *) + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + esac + + if test x$host_vendor = xsni; then + case $host in + sysv4 | sysv4.2uw2* | sysv4.3* | sysv5*) + _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-Blargedynsym' + ;; + esac + fi + fi +]) +AC_MSG_RESULT([$_LT_TAGVAR(ld_shlibs, $1)]) +test "$_LT_TAGVAR(ld_shlibs, $1)" = no && can_build_shared=no + +_LT_TAGVAR(with_gnu_ld, $1)=$with_gnu_ld + +_LT_DECL([], [libext], [0], [Old archive suffix (normally "a")])dnl +_LT_DECL([], [shrext_cmds], [1], [Shared library suffix (normally ".so")])dnl +_LT_DECL([], [extract_expsyms_cmds], [2], + [The commands to extract the exported symbol list from a shared archive]) + +# +# Do we need to explicitly link libc? +# +case "x$_LT_TAGVAR(archive_cmds_need_lc, $1)" in +x|xyes) + # Assume -lc should be added + _LT_TAGVAR(archive_cmds_need_lc, $1)=yes + + if test "$enable_shared" = yes && test "$GCC" = yes; then + case $_LT_TAGVAR(archive_cmds, $1) in + *'~'*) + # FIXME: we may have to deal with multi-command sequences. + ;; + '$CC '*) + # Test whether the compiler implicitly links with -lc since on some + # systems, -lgcc has to come before -lc. If gcc already passes -lc + # to ld, don't add -lc before -lgcc. + AC_CACHE_CHECK([whether -lc should be explicitly linked in], + [lt_cv_]_LT_TAGVAR(archive_cmds_need_lc, $1), + [$RM conftest* + echo "$lt_simple_compile_test_code" > conftest.$ac_ext + + if AC_TRY_EVAL(ac_compile) 2>conftest.err; then + soname=conftest + lib=conftest + libobjs=conftest.$ac_objext + deplibs= + wl=$_LT_TAGVAR(lt_prog_compiler_wl, $1) + pic_flag=$_LT_TAGVAR(lt_prog_compiler_pic, $1) + compiler_flags=-v + linker_flags=-v + verstring= + output_objdir=. + libname=conftest + lt_save_allow_undefined_flag=$_LT_TAGVAR(allow_undefined_flag, $1) + _LT_TAGVAR(allow_undefined_flag, $1)= + if AC_TRY_EVAL(_LT_TAGVAR(archive_cmds, $1) 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1) + then + lt_cv_[]_LT_TAGVAR(archive_cmds_need_lc, $1)=no + else + lt_cv_[]_LT_TAGVAR(archive_cmds_need_lc, $1)=yes + fi + _LT_TAGVAR(allow_undefined_flag, $1)=$lt_save_allow_undefined_flag + else + cat conftest.err 1>&5 + fi + $RM conftest* + ]) + _LT_TAGVAR(archive_cmds_need_lc, $1)=$lt_cv_[]_LT_TAGVAR(archive_cmds_need_lc, $1) + ;; + esac + fi + ;; +esac + +_LT_TAGDECL([build_libtool_need_lc], [archive_cmds_need_lc], [0], + [Whether or not to add -lc for building shared libraries]) +_LT_TAGDECL([allow_libtool_libs_with_static_runtimes], + [enable_shared_with_static_runtimes], [0], + [Whether or not to disallow shared libs when runtime libs are static]) +_LT_TAGDECL([], [export_dynamic_flag_spec], [1], + [Compiler flag to allow reflexive dlopens]) +_LT_TAGDECL([], [whole_archive_flag_spec], [1], + [Compiler flag to generate shared objects directly from archives]) +_LT_TAGDECL([], [compiler_needs_object], [1], + [Whether the compiler copes with passing no objects directly]) +_LT_TAGDECL([], [old_archive_from_new_cmds], [2], + [Create an old-style archive from a shared archive]) +_LT_TAGDECL([], [old_archive_from_expsyms_cmds], [2], + [Create a temporary old-style archive to link instead of a shared archive]) +_LT_TAGDECL([], [archive_cmds], [2], [Commands used to build a shared archive]) +_LT_TAGDECL([], [archive_expsym_cmds], [2]) +_LT_TAGDECL([], [module_cmds], [2], + [Commands used to build a loadable module if different from building + a shared archive.]) +_LT_TAGDECL([], [module_expsym_cmds], [2]) +_LT_TAGDECL([], [with_gnu_ld], [1], + [Whether we are building with GNU ld or not]) +_LT_TAGDECL([], [allow_undefined_flag], [1], + [Flag that allows shared libraries with undefined symbols to be built]) +_LT_TAGDECL([], [no_undefined_flag], [1], + [Flag that enforces no undefined symbols]) +_LT_TAGDECL([], [hardcode_libdir_flag_spec], [1], + [Flag to hardcode $libdir into a binary during linking. + This must work even if $libdir does not exist]) +_LT_TAGDECL([], [hardcode_libdir_separator], [1], + [Whether we need a single "-rpath" flag with a separated argument]) +_LT_TAGDECL([], [hardcode_direct], [0], + [Set to "yes" if using DIR/libNAME${shared_ext} during linking hardcodes + DIR into the resulting binary]) +_LT_TAGDECL([], [hardcode_direct_absolute], [0], + [Set to "yes" if using DIR/libNAME${shared_ext} during linking hardcodes + DIR into the resulting binary and the resulting library dependency is + "absolute", i.e impossible to change by setting ${shlibpath_var} if the + library is relocated]) +_LT_TAGDECL([], [hardcode_minus_L], [0], + [Set to "yes" if using the -LDIR flag during linking hardcodes DIR + into the resulting binary]) +_LT_TAGDECL([], [hardcode_shlibpath_var], [0], + [Set to "yes" if using SHLIBPATH_VAR=DIR during linking hardcodes DIR + into the resulting binary]) +_LT_TAGDECL([], [hardcode_automatic], [0], + [Set to "yes" if building a shared library automatically hardcodes DIR + into the library and all subsequent libraries and executables linked + against it]) +_LT_TAGDECL([], [inherit_rpath], [0], + [Set to yes if linker adds runtime paths of dependent libraries + to runtime path list]) +_LT_TAGDECL([], [link_all_deplibs], [0], + [Whether libtool must link a program against all its dependency libraries]) +_LT_TAGDECL([], [always_export_symbols], [0], + [Set to "yes" if exported symbols are required]) +_LT_TAGDECL([], [export_symbols_cmds], [2], + [The commands to list exported symbols]) +_LT_TAGDECL([], [exclude_expsyms], [1], + [Symbols that should not be listed in the preloaded symbols]) +_LT_TAGDECL([], [include_expsyms], [1], + [Symbols that must always be exported]) +_LT_TAGDECL([], [prelink_cmds], [2], + [Commands necessary for linking programs (against libraries) with templates]) +_LT_TAGDECL([], [postlink_cmds], [2], + [Commands necessary for finishing linking programs]) +_LT_TAGDECL([], [file_list_spec], [1], + [Specify filename containing input files]) +dnl FIXME: Not yet implemented +dnl _LT_TAGDECL([], [thread_safe_flag_spec], [1], +dnl [Compiler flag to generate thread safe objects]) +])# _LT_LINKER_SHLIBS + + +# _LT_LANG_C_CONFIG([TAG]) +# ------------------------ +# Ensure that the configuration variables for a C compiler are suitably +# defined. These variables are subsequently used by _LT_CONFIG to write +# the compiler configuration to `libtool'. +m4_defun([_LT_LANG_C_CONFIG], +[m4_require([_LT_DECL_EGREP])dnl +lt_save_CC="$CC" +AC_LANG_PUSH(C) + +# Source file extension for C test sources. +ac_ext=c + +# Object file extension for compiled C test sources. +objext=o +_LT_TAGVAR(objext, $1)=$objext + +# Code to be used in simple compile tests +lt_simple_compile_test_code="int some_variable = 0;" + +# Code to be used in simple link tests +lt_simple_link_test_code='int main(){return(0);}' + +_LT_TAG_COMPILER +# Save the default compiler, since it gets overwritten when the other +# tags are being tested, and _LT_TAGVAR(compiler, []) is a NOP. +compiler_DEFAULT=$CC + +# save warnings/boilerplate of simple test code +_LT_COMPILER_BOILERPLATE +_LT_LINKER_BOILERPLATE + +if test -n "$compiler"; then + _LT_COMPILER_NO_RTTI($1) + _LT_COMPILER_PIC($1) + _LT_COMPILER_C_O($1) + _LT_COMPILER_FILE_LOCKS($1) + _LT_LINKER_SHLIBS($1) + _LT_SYS_DYNAMIC_LINKER($1) + _LT_LINKER_HARDCODE_LIBPATH($1) + LT_SYS_DLOPEN_SELF + _LT_CMD_STRIPLIB + + # Report which library types will actually be built + AC_MSG_CHECKING([if libtool supports shared libraries]) + AC_MSG_RESULT([$can_build_shared]) + + AC_MSG_CHECKING([whether to build shared libraries]) + test "$can_build_shared" = "no" && enable_shared=no + + # On AIX, shared libraries and static libraries use the same namespace, and + # are all built from PIC. + case $host_os in + aix3*) + test "$enable_shared" = yes && enable_static=no + if test -n "$RANLIB"; then + archive_cmds="$archive_cmds~\$RANLIB \$lib" + postinstall_cmds='$RANLIB $lib' + fi + ;; + + aix[[4-9]]*) + if test "$host_cpu" != ia64 && test "$aix_use_runtimelinking" = no ; then + test "$enable_shared" = yes && enable_static=no + fi + ;; + esac + AC_MSG_RESULT([$enable_shared]) + + AC_MSG_CHECKING([whether to build static libraries]) + # Make sure either enable_shared or enable_static is yes. + test "$enable_shared" = yes || enable_static=yes + AC_MSG_RESULT([$enable_static]) + + _LT_CONFIG($1) +fi +AC_LANG_POP +CC="$lt_save_CC" +])# _LT_LANG_C_CONFIG + + +# _LT_LANG_CXX_CONFIG([TAG]) +# -------------------------- +# Ensure that the configuration variables for a C++ compiler are suitably +# defined. These variables are subsequently used by _LT_CONFIG to write +# the compiler configuration to `libtool'. +m4_defun([_LT_LANG_CXX_CONFIG], +[m4_require([_LT_FILEUTILS_DEFAULTS])dnl +m4_require([_LT_DECL_EGREP])dnl +m4_require([_LT_PATH_MANIFEST_TOOL])dnl +if test -n "$CXX" && ( test "X$CXX" != "Xno" && + ( (test "X$CXX" = "Xg++" && `g++ -v >/dev/null 2>&1` ) || + (test "X$CXX" != "Xg++"))) ; then + AC_PROG_CXXCPP +else + _lt_caught_CXX_error=yes +fi + +AC_LANG_PUSH(C++) +_LT_TAGVAR(archive_cmds_need_lc, $1)=no +_LT_TAGVAR(allow_undefined_flag, $1)= +_LT_TAGVAR(always_export_symbols, $1)=no +_LT_TAGVAR(archive_expsym_cmds, $1)= +_LT_TAGVAR(compiler_needs_object, $1)=no +_LT_TAGVAR(export_dynamic_flag_spec, $1)= +_LT_TAGVAR(hardcode_direct, $1)=no +_LT_TAGVAR(hardcode_direct_absolute, $1)=no +_LT_TAGVAR(hardcode_libdir_flag_spec, $1)= +_LT_TAGVAR(hardcode_libdir_separator, $1)= +_LT_TAGVAR(hardcode_minus_L, $1)=no +_LT_TAGVAR(hardcode_shlibpath_var, $1)=unsupported +_LT_TAGVAR(hardcode_automatic, $1)=no +_LT_TAGVAR(inherit_rpath, $1)=no +_LT_TAGVAR(module_cmds, $1)= +_LT_TAGVAR(module_expsym_cmds, $1)= +_LT_TAGVAR(link_all_deplibs, $1)=unknown +_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds +_LT_TAGVAR(reload_flag, $1)=$reload_flag +_LT_TAGVAR(reload_cmds, $1)=$reload_cmds +_LT_TAGVAR(no_undefined_flag, $1)= +_LT_TAGVAR(whole_archive_flag_spec, $1)= +_LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no + +# Source file extension for C++ test sources. +ac_ext=cpp + +# Object file extension for compiled C++ test sources. +objext=o +_LT_TAGVAR(objext, $1)=$objext + +# No sense in running all these tests if we already determined that +# the CXX compiler isn't working. Some variables (like enable_shared) +# are currently assumed to apply to all compilers on this platform, +# and will be corrupted by setting them based on a non-working compiler. +if test "$_lt_caught_CXX_error" != yes; then + # Code to be used in simple compile tests + lt_simple_compile_test_code="int some_variable = 0;" + + # Code to be used in simple link tests + lt_simple_link_test_code='int main(int, char *[[]]) { return(0); }' + + # ltmain only uses $CC for tagged configurations so make sure $CC is set. + _LT_TAG_COMPILER + + # save warnings/boilerplate of simple test code + _LT_COMPILER_BOILERPLATE + _LT_LINKER_BOILERPLATE + + # Allow CC to be a program name with arguments. + lt_save_CC=$CC + lt_save_CFLAGS=$CFLAGS + lt_save_LD=$LD + lt_save_GCC=$GCC + GCC=$GXX + lt_save_with_gnu_ld=$with_gnu_ld + lt_save_path_LD=$lt_cv_path_LD + if test -n "${lt_cv_prog_gnu_ldcxx+set}"; then + lt_cv_prog_gnu_ld=$lt_cv_prog_gnu_ldcxx + else + $as_unset lt_cv_prog_gnu_ld + fi + if test -n "${lt_cv_path_LDCXX+set}"; then + lt_cv_path_LD=$lt_cv_path_LDCXX + else + $as_unset lt_cv_path_LD + fi + test -z "${LDCXX+set}" || LD=$LDCXX + CC=${CXX-"c++"} + CFLAGS=$CXXFLAGS + compiler=$CC + _LT_TAGVAR(compiler, $1)=$CC + _LT_CC_BASENAME([$compiler]) + + if test -n "$compiler"; then + # We don't want -fno-exception when compiling C++ code, so set the + # no_builtin_flag separately + if test "$GXX" = yes; then + _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=' -fno-builtin' + else + _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)= + fi + + if test "$GXX" = yes; then + # Set up default GNU C++ configuration + + LT_PATH_LD + + # Check if GNU C++ uses GNU ld as the underlying linker, since the + # archiving commands below assume that GNU ld is being used. + if test "$with_gnu_ld" = yes; then + _LT_TAGVAR(archive_cmds, $1)='$CC $pic_flag -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC $pic_flag -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' + + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic' + + # If archive_cmds runs LD, not CC, wlarc should be empty + # XXX I think wlarc can be eliminated in ltcf-cxx, but I need to + # investigate it a little bit more. (MM) + wlarc='${wl}' + + # ancient GNU ld didn't support --whole-archive et. al. + if eval "`$CC -print-prog-name=ld` --help 2>&1" | + $GREP 'no-whole-archive' > /dev/null; then + _LT_TAGVAR(whole_archive_flag_spec, $1)="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive' + else + _LT_TAGVAR(whole_archive_flag_spec, $1)= + fi + else + with_gnu_ld=no + wlarc= + + # A generic and very simple default shared library creation + # command for GNU C++ for the case where it uses the native + # linker, instead of GNU ld. If possible, this setting should + # overridden to take advantage of the native linker features on + # the platform it is being used on. + _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $lib' + fi + + # Commands to make compiler produce verbose output that lists + # what "hidden" libraries, object files and flags are used when + # linking a shared library. + output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"' + + else + GXX=no + with_gnu_ld=no + wlarc= + fi + + # PORTME: fill in a description of your system's C++ link characteristics + AC_MSG_CHECKING([whether the $compiler linker ($LD) supports shared libraries]) + _LT_TAGVAR(ld_shlibs, $1)=yes + case $host_os in + aix3*) + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + aix[[4-9]]*) + if test "$host_cpu" = ia64; then + # On IA64, the linker does run time linking by default, so we don't + # have to do anything special. + aix_use_runtimelinking=no + exp_sym_flag='-Bexport' + no_entry_flag="" + else + aix_use_runtimelinking=no + + # Test if we are trying to use run time linking or normal + # AIX style linking. If -brtl is somewhere in LDFLAGS, we + # need to do runtime linking. + case $host_os in aix4.[[23]]|aix4.[[23]].*|aix[[5-9]]*) + for ld_flag in $LDFLAGS; do + case $ld_flag in + *-brtl*) + aix_use_runtimelinking=yes + break + ;; + esac + done + ;; + esac + + exp_sym_flag='-bexport' + no_entry_flag='-bnoentry' + fi + + # When large executables or shared objects are built, AIX ld can + # have problems creating the table of contents. If linking a library + # or program results in "error TOC overflow" add -mminimal-toc to + # CXXFLAGS/CFLAGS for g++/gcc. In the cases where that is not + # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS. + + _LT_TAGVAR(archive_cmds, $1)='' + _LT_TAGVAR(hardcode_direct, $1)=yes + _LT_TAGVAR(hardcode_direct_absolute, $1)=yes + _LT_TAGVAR(hardcode_libdir_separator, $1)=':' + _LT_TAGVAR(link_all_deplibs, $1)=yes + _LT_TAGVAR(file_list_spec, $1)='${wl}-f,' + + if test "$GXX" = yes; then + case $host_os in aix4.[[012]]|aix4.[[012]].*) + # We only want to do this on AIX 4.2 and lower, the check + # below for broken collect2 doesn't work under 4.3+ + collect2name=`${CC} -print-prog-name=collect2` + if test -f "$collect2name" && + strings "$collect2name" | $GREP resolve_lib_name >/dev/null + then + # We have reworked collect2 + : + else + # We have old collect2 + _LT_TAGVAR(hardcode_direct, $1)=unsupported + # It fails to find uninstalled libraries when the uninstalled + # path is not listed in the libpath. Setting hardcode_minus_L + # to unsupported forces relinking + _LT_TAGVAR(hardcode_minus_L, $1)=yes + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' + _LT_TAGVAR(hardcode_libdir_separator, $1)= + fi + esac + shared_flag='-shared' + if test "$aix_use_runtimelinking" = yes; then + shared_flag="$shared_flag "'${wl}-G' + fi + else + # not using gcc + if test "$host_cpu" = ia64; then + # VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release + # chokes on -Wl,-G. The following line is correct: + shared_flag='-G' + else + if test "$aix_use_runtimelinking" = yes; then + shared_flag='${wl}-G' + else + shared_flag='${wl}-bM:SRE' + fi + fi + fi + + _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-bexpall' + # It seems that -bexpall does not export symbols beginning with + # underscore (_), so it is better to generate a list of symbols to + # export. + _LT_TAGVAR(always_export_symbols, $1)=yes + if test "$aix_use_runtimelinking" = yes; then + # Warning - without using the other runtime loading flags (-brtl), + # -berok will link without error, but may produce a broken library. + _LT_TAGVAR(allow_undefined_flag, $1)='-berok' + # Determine the default libpath from the value encoded in an empty + # executable. + _LT_SYS_MODULE_PATH_AIX([$1]) + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-blibpath:$libdir:'"$aix_libpath" + + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then func_echo_all "${wl}${allow_undefined_flag}"; else :; fi` '"\${wl}$exp_sym_flag:\$export_symbols $shared_flag" + else + if test "$host_cpu" = ia64; then + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-R $libdir:/usr/lib:/lib' + _LT_TAGVAR(allow_undefined_flag, $1)="-z nodefs" + _LT_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags ${wl}${allow_undefined_flag} '"\${wl}$exp_sym_flag:\$export_symbols" + else + # Determine the default libpath from the value encoded in an + # empty executable. + _LT_SYS_MODULE_PATH_AIX([$1]) + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-blibpath:$libdir:'"$aix_libpath" + # Warning - without using the other run time loading flags, + # -berok will link without error, but may produce a broken library. + _LT_TAGVAR(no_undefined_flag, $1)=' ${wl}-bernotok' + _LT_TAGVAR(allow_undefined_flag, $1)=' ${wl}-berok' + if test "$with_gnu_ld" = yes; then + # We only use this code for GNU lds that support --whole-archive. + _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive$convenience ${wl}--no-whole-archive' + else + # Exported symbols can be pulled into shared objects from archives + _LT_TAGVAR(whole_archive_flag_spec, $1)='$convenience' + fi + _LT_TAGVAR(archive_cmds_need_lc, $1)=yes + # This is similar to how AIX traditionally builds its shared + # libraries. + _LT_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs ${wl}-bnoentry $compiler_flags ${wl}-bE:$export_symbols${allow_undefined_flag}~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$soname' + fi + fi + ;; + + beos*) + if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then + _LT_TAGVAR(allow_undefined_flag, $1)=unsupported + # Joseph Beckenbach says some releases of gcc + # support --undefined. This deserves some investigation. FIXME + _LT_TAGVAR(archive_cmds, $1)='$CC -nostart $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + else + _LT_TAGVAR(ld_shlibs, $1)=no + fi + ;; + + chorus*) + case $cc_basename in + *) + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + esac + ;; + + cygwin* | mingw* | pw32* | cegcc*) + case $GXX,$cc_basename in + ,cl* | no,cl*) + # Native MSVC + # hardcode_libdir_flag_spec is actually meaningless, as there is + # no search path for DLLs. + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=' ' + _LT_TAGVAR(allow_undefined_flag, $1)=unsupported + _LT_TAGVAR(always_export_symbols, $1)=yes + _LT_TAGVAR(file_list_spec, $1)='@' + # Tell ltmain to make .lib files, not .a files. + libext=lib + # Tell ltmain to make .dll files, not .so files. + shrext_cmds=".dll" + # FIXME: Setting linknames here is a bad hack. + _LT_TAGVAR(archive_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $compiler_flags $deplibs -Wl,-dll~linknames=' + _LT_TAGVAR(archive_expsym_cmds, $1)='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then + $SED -n -e 's/\\\\\\\(.*\\\\\\\)/-link\\\ -EXPORT:\\\\\\\1/' -e '1\\\!p' < $export_symbols > $output_objdir/$soname.exp; + else + $SED -e 's/\\\\\\\(.*\\\\\\\)/-link\\\ -EXPORT:\\\\\\\1/' < $export_symbols > $output_objdir/$soname.exp; + fi~ + $CC -o $tool_output_objdir$soname $libobjs $compiler_flags $deplibs "@$tool_output_objdir$soname.exp" -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~ + linknames=' + # The linker will not automatically build a static lib if we build a DLL. + # _LT_TAGVAR(old_archive_from_new_cmds, $1)='true' + _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes + # Don't use ranlib + _LT_TAGVAR(old_postinstall_cmds, $1)='chmod 644 $oldlib' + _LT_TAGVAR(postlink_cmds, $1)='lt_outputfile="@OUTPUT@"~ + lt_tool_outputfile="@TOOL_OUTPUT@"~ + case $lt_outputfile in + *.exe|*.EXE) ;; + *) + lt_outputfile="$lt_outputfile.exe" + lt_tool_outputfile="$lt_tool_outputfile.exe" + ;; + esac~ + func_to_tool_file "$lt_outputfile"~ + if test "$MANIFEST_TOOL" != ":" && test -f "$lt_outputfile.manifest"; then + $MANIFEST_TOOL -manifest "$lt_tool_outputfile.manifest" -outputresource:"$lt_tool_outputfile" || exit 1; + $RM "$lt_outputfile.manifest"; + fi' + ;; + *) + # g++ + # _LT_TAGVAR(hardcode_libdir_flag_spec, $1) is actually meaningless, + # as there is no search path for DLLs. + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-all-symbols' + _LT_TAGVAR(allow_undefined_flag, $1)=unsupported + _LT_TAGVAR(always_export_symbols, $1)=no + _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes + + if $LD --help 2>&1 | $GREP 'auto-import' > /dev/null; then + _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' + # If the export-symbols file already is a .def file (1st line + # is EXPORTS), use it as is; otherwise, prepend... + _LT_TAGVAR(archive_expsym_cmds, $1)='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then + cp $export_symbols $output_objdir/$soname.def; + else + echo EXPORTS > $output_objdir/$soname.def; + cat $export_symbols >> $output_objdir/$soname.def; + fi~ + $CC -shared -nostdlib $output_objdir/$soname.def $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' + else + _LT_TAGVAR(ld_shlibs, $1)=no + fi + ;; + esac + ;; + darwin* | rhapsody*) + _LT_DARWIN_LINKER_FEATURES($1) + ;; + + dgux*) + case $cc_basename in + ec++*) + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + ghcx*) + # Green Hills C++ Compiler + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + *) + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + esac + ;; + + freebsd2.*) + # C++ shared libraries reported to be fairly broken before + # switch to ELF + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + + freebsd-elf*) + _LT_TAGVAR(archive_cmds_need_lc, $1)=no + ;; + + freebsd* | dragonfly*) + # FreeBSD 3 and later use GNU C++ and GNU ld with standard ELF + # conventions + _LT_TAGVAR(ld_shlibs, $1)=yes + ;; + + gnu*) + ;; + + haiku*) + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + _LT_TAGVAR(link_all_deplibs, $1)=yes + ;; + + hpux9*) + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir' + _LT_TAGVAR(hardcode_libdir_separator, $1)=: + _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' + _LT_TAGVAR(hardcode_direct, $1)=yes + _LT_TAGVAR(hardcode_minus_L, $1)=yes # Not in the search PATH, + # but as the default + # location of the library. + + case $cc_basename in + CC*) + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + aCC*) + _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$CC -b ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib' + # Commands to make compiler produce verbose output that lists + # what "hidden" libraries, object files and flags are used when + # linking a shared library. + # + # There doesn't appear to be a way to prevent this compiler from + # explicitly linking system object files so we need to strip them + # from the output so that they don't get included in the library + # dependencies. + output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $EGREP "\-L"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"' + ;; + *) + if test "$GXX" = yes; then + _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$CC -shared -nostdlib $pic_flag ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib' + else + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + fi + ;; + esac + ;; + + hpux10*|hpux11*) + if test $with_gnu_ld = no; then + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir' + _LT_TAGVAR(hardcode_libdir_separator, $1)=: + + case $host_cpu in + hppa*64*|ia64*) + ;; + *) + _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' + ;; + esac + fi + case $host_cpu in + hppa*64*|ia64*) + _LT_TAGVAR(hardcode_direct, $1)=no + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + ;; + *) + _LT_TAGVAR(hardcode_direct, $1)=yes + _LT_TAGVAR(hardcode_direct_absolute, $1)=yes + _LT_TAGVAR(hardcode_minus_L, $1)=yes # Not in the search PATH, + # but as the default + # location of the library. + ;; + esac + + case $cc_basename in + CC*) + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + aCC*) + case $host_cpu in + hppa*64*) + _LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' + ;; + ia64*) + _LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' + ;; + *) + _LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' + ;; + esac + # Commands to make compiler produce verbose output that lists + # what "hidden" libraries, object files and flags are used when + # linking a shared library. + # + # There doesn't appear to be a way to prevent this compiler from + # explicitly linking system object files so we need to strip them + # from the output so that they don't get included in the library + # dependencies. + output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $GREP "\-L"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"' + ;; + *) + if test "$GXX" = yes; then + if test $with_gnu_ld = no; then + case $host_cpu in + hppa*64*) + _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib -fPIC ${wl}+h ${wl}$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' + ;; + ia64*) + _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $pic_flag ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' + ;; + *) + _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $pic_flag ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' + ;; + esac + fi + else + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + fi + ;; + esac + ;; + + interix[[3-9]]*) + _LT_TAGVAR(hardcode_direct, $1)=no + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' + # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc. + # Instead, shared libraries are loaded at an image base (0x10000000 by + # default) and relocated if they conflict, which is a slow very memory + # consuming and fragmenting process. To avoid this, we pick a random, + # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link + # time. Moving up from 0x10000000 also allows more sbrk(2) space. + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='sed "s,^,_," $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--retain-symbols-file,$output_objdir/$soname.expsym ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' + ;; + irix5* | irix6*) + case $cc_basename in + CC*) + # SGI C++ + _LT_TAGVAR(archive_cmds, $1)='$CC -shared -all -multigot $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib' + + # Archives containing C++ object files must be created using + # "CC -ar", where "CC" is the IRIX C++ compiler. This is + # necessary to make sure instantiated templates are included + # in the archive. + _LT_TAGVAR(old_archive_cmds, $1)='$CC -ar -WR,-u -o $oldlib $oldobjs' + ;; + *) + if test "$GXX" = yes; then + if test "$with_gnu_ld" = no; then + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' + else + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` -o $lib' + fi + fi + _LT_TAGVAR(link_all_deplibs, $1)=yes + ;; + esac + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' + _LT_TAGVAR(hardcode_libdir_separator, $1)=: + _LT_TAGVAR(inherit_rpath, $1)=yes + ;; + + linux* | k*bsd*-gnu | kopensolaris*-gnu) + case $cc_basename in + KCC*) + # Kuck and Associates, Inc. (KAI) C++ Compiler + + # KCC will only create a shared library if the output file + # ends with ".so" (or ".sl" for HP-UX), so rename the library + # to its proper name (with version) after linking. + _LT_TAGVAR(archive_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib ${wl}-retain-symbols-file,$export_symbols; mv \$templib $lib' + # Commands to make compiler produce verbose output that lists + # what "hidden" libraries, object files and flags are used when + # linking a shared library. + # + # There doesn't appear to be a way to prevent this compiler from + # explicitly linking system object files so we need to strip them + # from the output so that they don't get included in the library + # dependencies. + output_verbose_link_cmd='templist=`$CC $CFLAGS -v conftest.$objext -o libconftest$shared_ext 2>&1 | $GREP "ld"`; rm -f libconftest$shared_ext; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"' + + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic' + + # Archives containing C++ object files must be created using + # "CC -Bstatic", where "CC" is the KAI C++ compiler. + _LT_TAGVAR(old_archive_cmds, $1)='$CC -Bstatic -o $oldlib $oldobjs' + ;; + icpc* | ecpc* ) + # Intel C++ + with_gnu_ld=yes + # version 8.0 and above of icpc choke on multiply defined symbols + # if we add $predep_objects and $postdep_objects, however 7.1 and + # earlier do not add the objects themselves. + case `$CC -V 2>&1` in + *"Version 7."*) + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' + ;; + *) # Version 8.0 or newer + tmp_idyn= + case $host_cpu in + ia64*) tmp_idyn=' -i_dynamic';; + esac + _LT_TAGVAR(archive_cmds, $1)='$CC -shared'"$tmp_idyn"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared'"$tmp_idyn"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' + ;; + esac + _LT_TAGVAR(archive_cmds_need_lc, $1)=no + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic' + _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive$convenience ${wl}--no-whole-archive' + ;; + pgCC* | pgcpp*) + # Portland Group C++ compiler + case `$CC -V` in + *pgCC\ [[1-5]].* | *pgcpp\ [[1-5]].*) + _LT_TAGVAR(prelink_cmds, $1)='tpldir=Template.dir~ + rm -rf $tpldir~ + $CC --prelink_objects --instantiation_dir $tpldir $objs $libobjs $compile_deplibs~ + compile_command="$compile_command `find $tpldir -name \*.o | sort | $NL2SP`"' + _LT_TAGVAR(old_archive_cmds, $1)='tpldir=Template.dir~ + rm -rf $tpldir~ + $CC --prelink_objects --instantiation_dir $tpldir $oldobjs$old_deplibs~ + $AR $AR_FLAGS $oldlib$oldobjs$old_deplibs `find $tpldir -name \*.o | sort | $NL2SP`~ + $RANLIB $oldlib' + _LT_TAGVAR(archive_cmds, $1)='tpldir=Template.dir~ + rm -rf $tpldir~ + $CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~ + $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | sort | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='tpldir=Template.dir~ + rm -rf $tpldir~ + $CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~ + $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | sort | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname ${wl}-retain-symbols-file ${wl}$export_symbols -o $lib' + ;; + *) # Version 6 and above use weak symbols + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname ${wl}-retain-symbols-file ${wl}$export_symbols -o $lib' + ;; + esac + + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}--rpath ${wl}$libdir' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic' + _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` ${wl}--no-whole-archive' + ;; + cxx*) + # Compaq C++ + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib ${wl}-retain-symbols-file $wl$export_symbols' + + runpath_var=LD_RUN_PATH + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir' + _LT_TAGVAR(hardcode_libdir_separator, $1)=: + + # Commands to make compiler produce verbose output that lists + # what "hidden" libraries, object files and flags are used when + # linking a shared library. + # + # There doesn't appear to be a way to prevent this compiler from + # explicitly linking system object files so we need to strip them + # from the output so that they don't get included in the library + # dependencies. + output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "ld"`; templist=`func_echo_all "$templist" | $SED "s/\(^.*ld.*\)\( .*ld .*$\)/\1/"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "X$list" | $Xsed' + ;; + xl* | mpixl* | bgxl*) + # IBM XL 8.0 on PPC, with GNU ld + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic' + _LT_TAGVAR(archive_cmds, $1)='$CC -qmkshrobj $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + if test "x$supports_anon_versioning" = xyes; then + _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~ + cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ + echo "local: *; };" >> $output_objdir/$libname.ver~ + $CC -qmkshrobj $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-version-script ${wl}$output_objdir/$libname.ver -o $lib' + fi + ;; + *) + case `$CC -V 2>&1 | sed 5q` in + *Sun\ C*) + # Sun C++ 5.9 + _LT_TAGVAR(no_undefined_flag, $1)=' -zdefs' + _LT_TAGVAR(archive_cmds, $1)='$CC -G${allow_undefined_flag} -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G${allow_undefined_flag} -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-retain-symbols-file ${wl}$export_symbols' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' + _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` ${wl}--no-whole-archive' + _LT_TAGVAR(compiler_needs_object, $1)=yes + + # Not sure whether something based on + # $CC $CFLAGS -v conftest.$objext -o libconftest$shared_ext 2>&1 + # would be better. + output_verbose_link_cmd='func_echo_all' + + # Archives containing C++ object files must be created using + # "CC -xar", where "CC" is the Sun C++ compiler. This is + # necessary to make sure instantiated templates are included + # in the archive. + _LT_TAGVAR(old_archive_cmds, $1)='$CC -xar -o $oldlib $oldobjs' + ;; + esac + ;; + esac + ;; + + lynxos*) + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + + m88k*) + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + + mvs*) + case $cc_basename in + cxx*) + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + *) + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + esac + ;; + + netbsd*) + if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then + _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $predep_objects $libobjs $deplibs $postdep_objects $linker_flags' + wlarc= + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' + _LT_TAGVAR(hardcode_direct, $1)=yes + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + fi + # Workaround some broken pre-1.5 toolchains + output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP conftest.$objext | $SED -e "s:-lgcc -lc -lgcc::"' + ;; + + *nto* | *qnx*) + _LT_TAGVAR(ld_shlibs, $1)=yes + ;; + + openbsd2*) + # C++ shared libraries are fairly broken + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + + openbsd*) + if test -f /usr/libexec/ld.so; then + _LT_TAGVAR(hardcode_direct, $1)=yes + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + _LT_TAGVAR(hardcode_direct_absolute, $1)=yes + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $lib' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' + if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-retain-symbols-file,$export_symbols -o $lib' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' + _LT_TAGVAR(whole_archive_flag_spec, $1)="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive' + fi + output_verbose_link_cmd=func_echo_all + else + _LT_TAGVAR(ld_shlibs, $1)=no + fi + ;; + + osf3* | osf4* | osf5*) + case $cc_basename in + KCC*) + # Kuck and Associates, Inc. (KAI) C++ Compiler + + # KCC will only create a shared library if the output file + # ends with ".so" (or ".sl" for HP-UX), so rename the library + # to its proper name (with version) after linking. + _LT_TAGVAR(archive_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo "$lib" | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib' + + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' + _LT_TAGVAR(hardcode_libdir_separator, $1)=: + + # Archives containing C++ object files must be created using + # the KAI C++ compiler. + case $host in + osf3*) _LT_TAGVAR(old_archive_cmds, $1)='$CC -Bstatic -o $oldlib $oldobjs' ;; + *) _LT_TAGVAR(old_archive_cmds, $1)='$CC -o $oldlib $oldobjs' ;; + esac + ;; + RCC*) + # Rational C++ 2.4.1 + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + cxx*) + case $host in + osf3*) + _LT_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $soname `test -n "$verstring" && func_echo_all "${wl}-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' + ;; + *) + _LT_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done~ + echo "-hidden">> $lib.exp~ + $CC -shared$allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname ${wl}-input ${wl}$lib.exp `test -n "$verstring" && $ECHO "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib~ + $RM $lib.exp' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir' + ;; + esac + + _LT_TAGVAR(hardcode_libdir_separator, $1)=: + + # Commands to make compiler produce verbose output that lists + # what "hidden" libraries, object files and flags are used when + # linking a shared library. + # + # There doesn't appear to be a way to prevent this compiler from + # explicitly linking system object files so we need to strip them + # from the output so that they don't get included in the library + # dependencies. + output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "ld" | $GREP -v "ld:"`; templist=`func_echo_all "$templist" | $SED "s/\(^.*ld.*\)\( .*ld.*$\)/\1/"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"' + ;; + *) + if test "$GXX" = yes && test "$with_gnu_ld" = no; then + _LT_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*' + case $host in + osf3*) + _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib ${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' + ;; + *) + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -nostdlib ${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' + ;; + esac + + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' + _LT_TAGVAR(hardcode_libdir_separator, $1)=: + + # Commands to make compiler produce verbose output that lists + # what "hidden" libraries, object files and flags are used when + # linking a shared library. + output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"' + + else + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + fi + ;; + esac + ;; + + psos*) + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + + sunos4*) + case $cc_basename in + CC*) + # Sun C++ 4.x + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + lcc*) + # Lucid + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + *) + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + esac + ;; + + solaris*) + case $cc_basename in + CC* | sunCC*) + # Sun C++ 4.2, 5.x and Centerline C++ + _LT_TAGVAR(archive_cmds_need_lc,$1)=yes + _LT_TAGVAR(no_undefined_flag, $1)=' -zdefs' + _LT_TAGVAR(archive_cmds, $1)='$CC -G${allow_undefined_flag} -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' + _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ + $CC -G${allow_undefined_flag} ${wl}-M ${wl}$lib.exp -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp' + + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + case $host_os in + solaris2.[[0-5]] | solaris2.[[0-5]].*) ;; + *) + # The compiler driver will combine and reorder linker options, + # but understands `-z linker_flag'. + # Supported since Solaris 2.6 (maybe 2.5.1?) + _LT_TAGVAR(whole_archive_flag_spec, $1)='-z allextract$convenience -z defaultextract' + ;; + esac + _LT_TAGVAR(link_all_deplibs, $1)=yes + + output_verbose_link_cmd='func_echo_all' + + # Archives containing C++ object files must be created using + # "CC -xar", where "CC" is the Sun C++ compiler. This is + # necessary to make sure instantiated templates are included + # in the archive. + _LT_TAGVAR(old_archive_cmds, $1)='$CC -xar -o $oldlib $oldobjs' + ;; + gcx*) + # Green Hills C++ Compiler + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-h $wl$soname -o $lib' + + # The C++ compiler must be used to create the archive. + _LT_TAGVAR(old_archive_cmds, $1)='$CC $LDFLAGS -archive -o $oldlib $oldobjs' + ;; + *) + # GNU C++ compiler with Solaris linker + if test "$GXX" = yes && test "$with_gnu_ld" = no; then + _LT_TAGVAR(no_undefined_flag, $1)=' ${wl}-z ${wl}defs' + if $CC --version | $GREP -v '^2\.7' > /dev/null; then + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -nostdlib $LDFLAGS $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-h $wl$soname -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ + $CC -shared $pic_flag -nostdlib ${wl}-M $wl$lib.exp -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp' + + # Commands to make compiler produce verbose output that lists + # what "hidden" libraries, object files and flags are used when + # linking a shared library. + output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"' + else + # g++ 2.7 appears to require `-G' NOT `-shared' on this + # platform. + _LT_TAGVAR(archive_cmds, $1)='$CC -G -nostdlib $LDFLAGS $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-h $wl$soname -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ + $CC -G -nostdlib ${wl}-M $wl$lib.exp -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp' + + # Commands to make compiler produce verbose output that lists + # what "hidden" libraries, object files and flags are used when + # linking a shared library. + output_verbose_link_cmd='$CC -G $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"' + fi + + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-R $wl$libdir' + case $host_os in + solaris2.[[0-5]] | solaris2.[[0-5]].*) ;; + *) + _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}-z ${wl}allextract$convenience ${wl}-z ${wl}defaultextract' + ;; + esac + fi + ;; + esac + ;; + + sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[[01]].[[10]]* | unixware7* | sco3.2v5.0.[[024]]*) + _LT_TAGVAR(no_undefined_flag, $1)='${wl}-z,text' + _LT_TAGVAR(archive_cmds_need_lc, $1)=no + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + runpath_var='LD_RUN_PATH' + + case $cc_basename in + CC*) + _LT_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + ;; + *) + _LT_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + ;; + esac + ;; + + sysv5* | sco3.2v5* | sco5v6*) + # Note: We can NOT use -z defs as we might desire, because we do not + # link with -lc, and that would cause any symbols used from libc to + # always be unresolved, which means just about no library would + # ever link correctly. If we're not using GNU ld we use -z text + # though, which does catch some bad symbols but isn't as heavy-handed + # as -z defs. + _LT_TAGVAR(no_undefined_flag, $1)='${wl}-z,text' + _LT_TAGVAR(allow_undefined_flag, $1)='${wl}-z,nodefs' + _LT_TAGVAR(archive_cmds_need_lc, $1)=no + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-R,$libdir' + _LT_TAGVAR(hardcode_libdir_separator, $1)=':' + _LT_TAGVAR(link_all_deplibs, $1)=yes + _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-Bexport' + runpath_var='LD_RUN_PATH' + + case $cc_basename in + CC*) + _LT_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(old_archive_cmds, $1)='$CC -Tprelink_objects $oldobjs~ + '"$_LT_TAGVAR(old_archive_cmds, $1)" + _LT_TAGVAR(reload_cmds, $1)='$CC -Tprelink_objects $reload_objs~ + '"$_LT_TAGVAR(reload_cmds, $1)" + ;; + *) + _LT_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + ;; + esac + ;; + + tandem*) + case $cc_basename in + NCC*) + # NonStop-UX NCC 3.20 + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + *) + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + esac + ;; + + vxworks*) + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + + *) + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + esac + + AC_MSG_RESULT([$_LT_TAGVAR(ld_shlibs, $1)]) + test "$_LT_TAGVAR(ld_shlibs, $1)" = no && can_build_shared=no + + _LT_TAGVAR(GCC, $1)="$GXX" + _LT_TAGVAR(LD, $1)="$LD" + + ## CAVEAT EMPTOR: + ## There is no encapsulation within the following macros, do not change + ## the running order or otherwise move them around unless you know exactly + ## what you are doing... + _LT_SYS_HIDDEN_LIBDEPS($1) + _LT_COMPILER_PIC($1) + _LT_COMPILER_C_O($1) + _LT_COMPILER_FILE_LOCKS($1) + _LT_LINKER_SHLIBS($1) + _LT_SYS_DYNAMIC_LINKER($1) + _LT_LINKER_HARDCODE_LIBPATH($1) + + _LT_CONFIG($1) + fi # test -n "$compiler" + + CC=$lt_save_CC + CFLAGS=$lt_save_CFLAGS + LDCXX=$LD + LD=$lt_save_LD + GCC=$lt_save_GCC + with_gnu_ld=$lt_save_with_gnu_ld + lt_cv_path_LDCXX=$lt_cv_path_LD + lt_cv_path_LD=$lt_save_path_LD + lt_cv_prog_gnu_ldcxx=$lt_cv_prog_gnu_ld + lt_cv_prog_gnu_ld=$lt_save_with_gnu_ld +fi # test "$_lt_caught_CXX_error" != yes + +AC_LANG_POP +])# _LT_LANG_CXX_CONFIG + + +# _LT_FUNC_STRIPNAME_CNF +# ---------------------- +# func_stripname_cnf prefix suffix name +# strip PREFIX and SUFFIX off of NAME. +# PREFIX and SUFFIX must not contain globbing or regex special +# characters, hashes, percent signs, but SUFFIX may contain a leading +# dot (in which case that matches only a dot). +# +# This function is identical to the (non-XSI) version of func_stripname, +# except this one can be used by m4 code that may be executed by configure, +# rather than the libtool script. +m4_defun([_LT_FUNC_STRIPNAME_CNF],[dnl +AC_REQUIRE([_LT_DECL_SED]) +AC_REQUIRE([_LT_PROG_ECHO_BACKSLASH]) +func_stripname_cnf () +{ + case ${2} in + .*) func_stripname_result=`$ECHO "${3}" | $SED "s%^${1}%%; s%\\\\${2}\$%%"`;; + *) func_stripname_result=`$ECHO "${3}" | $SED "s%^${1}%%; s%${2}\$%%"`;; + esac +} # func_stripname_cnf +])# _LT_FUNC_STRIPNAME_CNF + +# _LT_SYS_HIDDEN_LIBDEPS([TAGNAME]) +# --------------------------------- +# Figure out "hidden" library dependencies from verbose +# compiler output when linking a shared library. +# Parse the compiler output and extract the necessary +# objects, libraries and library flags. +m4_defun([_LT_SYS_HIDDEN_LIBDEPS], +[m4_require([_LT_FILEUTILS_DEFAULTS])dnl +AC_REQUIRE([_LT_FUNC_STRIPNAME_CNF])dnl +# Dependencies to place before and after the object being linked: +_LT_TAGVAR(predep_objects, $1)= +_LT_TAGVAR(postdep_objects, $1)= +_LT_TAGVAR(predeps, $1)= +_LT_TAGVAR(postdeps, $1)= +_LT_TAGVAR(compiler_lib_search_path, $1)= + +dnl we can't use the lt_simple_compile_test_code here, +dnl because it contains code intended for an executable, +dnl not a library. It's possible we should let each +dnl tag define a new lt_????_link_test_code variable, +dnl but it's only used here... +m4_if([$1], [], [cat > conftest.$ac_ext <<_LT_EOF +int a; +void foo (void) { a = 0; } +_LT_EOF +], [$1], [CXX], [cat > conftest.$ac_ext <<_LT_EOF +class Foo +{ +public: + Foo (void) { a = 0; } +private: + int a; +}; +_LT_EOF +], [$1], [F77], [cat > conftest.$ac_ext <<_LT_EOF + subroutine foo + implicit none + integer*4 a + a=0 + return + end +_LT_EOF +], [$1], [FC], [cat > conftest.$ac_ext <<_LT_EOF + subroutine foo + implicit none + integer a + a=0 + return + end +_LT_EOF +], [$1], [GCJ], [cat > conftest.$ac_ext <<_LT_EOF +public class foo { + private int a; + public void bar (void) { + a = 0; + } +}; +_LT_EOF +], [$1], [GO], [cat > conftest.$ac_ext <<_LT_EOF +package foo +func foo() { +} +_LT_EOF +]) + +_lt_libdeps_save_CFLAGS=$CFLAGS +case "$CC $CFLAGS " in #( +*\ -flto*\ *) CFLAGS="$CFLAGS -fno-lto" ;; +*\ -fwhopr*\ *) CFLAGS="$CFLAGS -fno-whopr" ;; +*\ -fuse-linker-plugin*\ *) CFLAGS="$CFLAGS -fno-use-linker-plugin" ;; +esac + +dnl Parse the compiler output and extract the necessary +dnl objects, libraries and library flags. +if AC_TRY_EVAL(ac_compile); then + # Parse the compiler output and extract the necessary + # objects, libraries and library flags. + + # Sentinel used to keep track of whether or not we are before + # the conftest object file. + pre_test_object_deps_done=no + + for p in `eval "$output_verbose_link_cmd"`; do + case ${prev}${p} in + + -L* | -R* | -l*) + # Some compilers place space between "-{L,R}" and the path. + # Remove the space. + if test $p = "-L" || + test $p = "-R"; then + prev=$p + continue + fi + + # Expand the sysroot to ease extracting the directories later. + if test -z "$prev"; then + case $p in + -L*) func_stripname_cnf '-L' '' "$p"; prev=-L; p=$func_stripname_result ;; + -R*) func_stripname_cnf '-R' '' "$p"; prev=-R; p=$func_stripname_result ;; + -l*) func_stripname_cnf '-l' '' "$p"; prev=-l; p=$func_stripname_result ;; + esac + fi + case $p in + =*) func_stripname_cnf '=' '' "$p"; p=$lt_sysroot$func_stripname_result ;; + esac + if test "$pre_test_object_deps_done" = no; then + case ${prev} in + -L | -R) + # Internal compiler library paths should come after those + # provided the user. The postdeps already come after the + # user supplied libs so there is no need to process them. + if test -z "$_LT_TAGVAR(compiler_lib_search_path, $1)"; then + _LT_TAGVAR(compiler_lib_search_path, $1)="${prev}${p}" + else + _LT_TAGVAR(compiler_lib_search_path, $1)="${_LT_TAGVAR(compiler_lib_search_path, $1)} ${prev}${p}" + fi + ;; + # The "-l" case would never come before the object being + # linked, so don't bother handling this case. + esac + else + if test -z "$_LT_TAGVAR(postdeps, $1)"; then + _LT_TAGVAR(postdeps, $1)="${prev}${p}" + else + _LT_TAGVAR(postdeps, $1)="${_LT_TAGVAR(postdeps, $1)} ${prev}${p}" + fi + fi + prev= + ;; + + *.lto.$objext) ;; # Ignore GCC LTO objects + *.$objext) + # This assumes that the test object file only shows up + # once in the compiler output. + if test "$p" = "conftest.$objext"; then + pre_test_object_deps_done=yes + continue + fi + + if test "$pre_test_object_deps_done" = no; then + if test -z "$_LT_TAGVAR(predep_objects, $1)"; then + _LT_TAGVAR(predep_objects, $1)="$p" + else + _LT_TAGVAR(predep_objects, $1)="$_LT_TAGVAR(predep_objects, $1) $p" + fi + else + if test -z "$_LT_TAGVAR(postdep_objects, $1)"; then + _LT_TAGVAR(postdep_objects, $1)="$p" + else + _LT_TAGVAR(postdep_objects, $1)="$_LT_TAGVAR(postdep_objects, $1) $p" + fi + fi + ;; + + *) ;; # Ignore the rest. + + esac + done + + # Clean up. + rm -f a.out a.exe +else + echo "libtool.m4: error: problem compiling $1 test program" +fi + +$RM -f confest.$objext +CFLAGS=$_lt_libdeps_save_CFLAGS + +# PORTME: override above test on systems where it is broken +m4_if([$1], [CXX], +[case $host_os in +interix[[3-9]]*) + # Interix 3.5 installs completely hosed .la files for C++, so rather than + # hack all around it, let's just trust "g++" to DTRT. + _LT_TAGVAR(predep_objects,$1)= + _LT_TAGVAR(postdep_objects,$1)= + _LT_TAGVAR(postdeps,$1)= + ;; + +linux*) + case `$CC -V 2>&1 | sed 5q` in + *Sun\ C*) + # Sun C++ 5.9 + + # The more standards-conforming stlport4 library is + # incompatible with the Cstd library. Avoid specifying + # it if it's in CXXFLAGS. Ignore libCrun as + # -library=stlport4 depends on it. + case " $CXX $CXXFLAGS " in + *" -library=stlport4 "*) + solaris_use_stlport4=yes + ;; + esac + + if test "$solaris_use_stlport4" != yes; then + _LT_TAGVAR(postdeps,$1)='-library=Cstd -library=Crun' + fi + ;; + esac + ;; + +solaris*) + case $cc_basename in + CC* | sunCC*) + # The more standards-conforming stlport4 library is + # incompatible with the Cstd library. Avoid specifying + # it if it's in CXXFLAGS. Ignore libCrun as + # -library=stlport4 depends on it. + case " $CXX $CXXFLAGS " in + *" -library=stlport4 "*) + solaris_use_stlport4=yes + ;; + esac + + # Adding this requires a known-good setup of shared libraries for + # Sun compiler versions before 5.6, else PIC objects from an old + # archive will be linked into the output, leading to subtle bugs. + if test "$solaris_use_stlport4" != yes; then + _LT_TAGVAR(postdeps,$1)='-library=Cstd -library=Crun' + fi + ;; + esac + ;; +esac +]) + +case " $_LT_TAGVAR(postdeps, $1) " in +*" -lc "*) _LT_TAGVAR(archive_cmds_need_lc, $1)=no ;; +esac + _LT_TAGVAR(compiler_lib_search_dirs, $1)= +if test -n "${_LT_TAGVAR(compiler_lib_search_path, $1)}"; then + _LT_TAGVAR(compiler_lib_search_dirs, $1)=`echo " ${_LT_TAGVAR(compiler_lib_search_path, $1)}" | ${SED} -e 's! -L! !g' -e 's!^ !!'` +fi +_LT_TAGDECL([], [compiler_lib_search_dirs], [1], + [The directories searched by this compiler when creating a shared library]) +_LT_TAGDECL([], [predep_objects], [1], + [Dependencies to place before and after the objects being linked to + create a shared library]) +_LT_TAGDECL([], [postdep_objects], [1]) +_LT_TAGDECL([], [predeps], [1]) +_LT_TAGDECL([], [postdeps], [1]) +_LT_TAGDECL([], [compiler_lib_search_path], [1], + [The library search path used internally by the compiler when linking + a shared library]) +])# _LT_SYS_HIDDEN_LIBDEPS + + +# _LT_LANG_F77_CONFIG([TAG]) +# -------------------------- +# Ensure that the configuration variables for a Fortran 77 compiler are +# suitably defined. These variables are subsequently used by _LT_CONFIG +# to write the compiler configuration to `libtool'. +m4_defun([_LT_LANG_F77_CONFIG], +[AC_LANG_PUSH(Fortran 77) +if test -z "$F77" || test "X$F77" = "Xno"; then + _lt_disable_F77=yes +fi + +_LT_TAGVAR(archive_cmds_need_lc, $1)=no +_LT_TAGVAR(allow_undefined_flag, $1)= +_LT_TAGVAR(always_export_symbols, $1)=no +_LT_TAGVAR(archive_expsym_cmds, $1)= +_LT_TAGVAR(export_dynamic_flag_spec, $1)= +_LT_TAGVAR(hardcode_direct, $1)=no +_LT_TAGVAR(hardcode_direct_absolute, $1)=no +_LT_TAGVAR(hardcode_libdir_flag_spec, $1)= +_LT_TAGVAR(hardcode_libdir_separator, $1)= +_LT_TAGVAR(hardcode_minus_L, $1)=no +_LT_TAGVAR(hardcode_automatic, $1)=no +_LT_TAGVAR(inherit_rpath, $1)=no +_LT_TAGVAR(module_cmds, $1)= +_LT_TAGVAR(module_expsym_cmds, $1)= +_LT_TAGVAR(link_all_deplibs, $1)=unknown +_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds +_LT_TAGVAR(reload_flag, $1)=$reload_flag +_LT_TAGVAR(reload_cmds, $1)=$reload_cmds +_LT_TAGVAR(no_undefined_flag, $1)= +_LT_TAGVAR(whole_archive_flag_spec, $1)= +_LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no + +# Source file extension for f77 test sources. +ac_ext=f + +# Object file extension for compiled f77 test sources. +objext=o +_LT_TAGVAR(objext, $1)=$objext + +# No sense in running all these tests if we already determined that +# the F77 compiler isn't working. Some variables (like enable_shared) +# are currently assumed to apply to all compilers on this platform, +# and will be corrupted by setting them based on a non-working compiler. +if test "$_lt_disable_F77" != yes; then + # Code to be used in simple compile tests + lt_simple_compile_test_code="\ + subroutine t + return + end +" + + # Code to be used in simple link tests + lt_simple_link_test_code="\ + program t + end +" + + # ltmain only uses $CC for tagged configurations so make sure $CC is set. + _LT_TAG_COMPILER + + # save warnings/boilerplate of simple test code + _LT_COMPILER_BOILERPLATE + _LT_LINKER_BOILERPLATE + + # Allow CC to be a program name with arguments. + lt_save_CC="$CC" + lt_save_GCC=$GCC + lt_save_CFLAGS=$CFLAGS + CC=${F77-"f77"} + CFLAGS=$FFLAGS + compiler=$CC + _LT_TAGVAR(compiler, $1)=$CC + _LT_CC_BASENAME([$compiler]) + GCC=$G77 + if test -n "$compiler"; then + AC_MSG_CHECKING([if libtool supports shared libraries]) + AC_MSG_RESULT([$can_build_shared]) + + AC_MSG_CHECKING([whether to build shared libraries]) + test "$can_build_shared" = "no" && enable_shared=no + + # On AIX, shared libraries and static libraries use the same namespace, and + # are all built from PIC. + case $host_os in + aix3*) + test "$enable_shared" = yes && enable_static=no + if test -n "$RANLIB"; then + archive_cmds="$archive_cmds~\$RANLIB \$lib" + postinstall_cmds='$RANLIB $lib' + fi + ;; + aix[[4-9]]*) + if test "$host_cpu" != ia64 && test "$aix_use_runtimelinking" = no ; then + test "$enable_shared" = yes && enable_static=no + fi + ;; + esac + AC_MSG_RESULT([$enable_shared]) + + AC_MSG_CHECKING([whether to build static libraries]) + # Make sure either enable_shared or enable_static is yes. + test "$enable_shared" = yes || enable_static=yes + AC_MSG_RESULT([$enable_static]) + + _LT_TAGVAR(GCC, $1)="$G77" + _LT_TAGVAR(LD, $1)="$LD" + + ## CAVEAT EMPTOR: + ## There is no encapsulation within the following macros, do not change + ## the running order or otherwise move them around unless you know exactly + ## what you are doing... + _LT_COMPILER_PIC($1) + _LT_COMPILER_C_O($1) + _LT_COMPILER_FILE_LOCKS($1) + _LT_LINKER_SHLIBS($1) + _LT_SYS_DYNAMIC_LINKER($1) + _LT_LINKER_HARDCODE_LIBPATH($1) + + _LT_CONFIG($1) + fi # test -n "$compiler" + + GCC=$lt_save_GCC + CC="$lt_save_CC" + CFLAGS="$lt_save_CFLAGS" +fi # test "$_lt_disable_F77" != yes + +AC_LANG_POP +])# _LT_LANG_F77_CONFIG + + +# _LT_LANG_FC_CONFIG([TAG]) +# ------------------------- +# Ensure that the configuration variables for a Fortran compiler are +# suitably defined. These variables are subsequently used by _LT_CONFIG +# to write the compiler configuration to `libtool'. +m4_defun([_LT_LANG_FC_CONFIG], +[AC_LANG_PUSH(Fortran) + +if test -z "$FC" || test "X$FC" = "Xno"; then + _lt_disable_FC=yes +fi + +_LT_TAGVAR(archive_cmds_need_lc, $1)=no +_LT_TAGVAR(allow_undefined_flag, $1)= +_LT_TAGVAR(always_export_symbols, $1)=no +_LT_TAGVAR(archive_expsym_cmds, $1)= +_LT_TAGVAR(export_dynamic_flag_spec, $1)= +_LT_TAGVAR(hardcode_direct, $1)=no +_LT_TAGVAR(hardcode_direct_absolute, $1)=no +_LT_TAGVAR(hardcode_libdir_flag_spec, $1)= +_LT_TAGVAR(hardcode_libdir_separator, $1)= +_LT_TAGVAR(hardcode_minus_L, $1)=no +_LT_TAGVAR(hardcode_automatic, $1)=no +_LT_TAGVAR(inherit_rpath, $1)=no +_LT_TAGVAR(module_cmds, $1)= +_LT_TAGVAR(module_expsym_cmds, $1)= +_LT_TAGVAR(link_all_deplibs, $1)=unknown +_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds +_LT_TAGVAR(reload_flag, $1)=$reload_flag +_LT_TAGVAR(reload_cmds, $1)=$reload_cmds +_LT_TAGVAR(no_undefined_flag, $1)= +_LT_TAGVAR(whole_archive_flag_spec, $1)= +_LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no + +# Source file extension for fc test sources. +ac_ext=${ac_fc_srcext-f} + +# Object file extension for compiled fc test sources. +objext=o +_LT_TAGVAR(objext, $1)=$objext + +# No sense in running all these tests if we already determined that +# the FC compiler isn't working. Some variables (like enable_shared) +# are currently assumed to apply to all compilers on this platform, +# and will be corrupted by setting them based on a non-working compiler. +if test "$_lt_disable_FC" != yes; then + # Code to be used in simple compile tests + lt_simple_compile_test_code="\ + subroutine t + return + end +" + + # Code to be used in simple link tests + lt_simple_link_test_code="\ + program t + end +" + + # ltmain only uses $CC for tagged configurations so make sure $CC is set. + _LT_TAG_COMPILER + + # save warnings/boilerplate of simple test code + _LT_COMPILER_BOILERPLATE + _LT_LINKER_BOILERPLATE + + # Allow CC to be a program name with arguments. + lt_save_CC="$CC" + lt_save_GCC=$GCC + lt_save_CFLAGS=$CFLAGS + CC=${FC-"f95"} + CFLAGS=$FCFLAGS + compiler=$CC + GCC=$ac_cv_fc_compiler_gnu + + _LT_TAGVAR(compiler, $1)=$CC + _LT_CC_BASENAME([$compiler]) + + if test -n "$compiler"; then + AC_MSG_CHECKING([if libtool supports shared libraries]) + AC_MSG_RESULT([$can_build_shared]) + + AC_MSG_CHECKING([whether to build shared libraries]) + test "$can_build_shared" = "no" && enable_shared=no + + # On AIX, shared libraries and static libraries use the same namespace, and + # are all built from PIC. + case $host_os in + aix3*) + test "$enable_shared" = yes && enable_static=no + if test -n "$RANLIB"; then + archive_cmds="$archive_cmds~\$RANLIB \$lib" + postinstall_cmds='$RANLIB $lib' + fi + ;; + aix[[4-9]]*) + if test "$host_cpu" != ia64 && test "$aix_use_runtimelinking" = no ; then + test "$enable_shared" = yes && enable_static=no + fi + ;; + esac + AC_MSG_RESULT([$enable_shared]) + + AC_MSG_CHECKING([whether to build static libraries]) + # Make sure either enable_shared or enable_static is yes. + test "$enable_shared" = yes || enable_static=yes + AC_MSG_RESULT([$enable_static]) + + _LT_TAGVAR(GCC, $1)="$ac_cv_fc_compiler_gnu" + _LT_TAGVAR(LD, $1)="$LD" + + ## CAVEAT EMPTOR: + ## There is no encapsulation within the following macros, do not change + ## the running order or otherwise move them around unless you know exactly + ## what you are doing... + _LT_SYS_HIDDEN_LIBDEPS($1) + _LT_COMPILER_PIC($1) + _LT_COMPILER_C_O($1) + _LT_COMPILER_FILE_LOCKS($1) + _LT_LINKER_SHLIBS($1) + _LT_SYS_DYNAMIC_LINKER($1) + _LT_LINKER_HARDCODE_LIBPATH($1) + + _LT_CONFIG($1) + fi # test -n "$compiler" + + GCC=$lt_save_GCC + CC=$lt_save_CC + CFLAGS=$lt_save_CFLAGS +fi # test "$_lt_disable_FC" != yes + +AC_LANG_POP +])# _LT_LANG_FC_CONFIG + + +# _LT_LANG_GCJ_CONFIG([TAG]) +# -------------------------- +# Ensure that the configuration variables for the GNU Java Compiler compiler +# are suitably defined. These variables are subsequently used by _LT_CONFIG +# to write the compiler configuration to `libtool'. +m4_defun([_LT_LANG_GCJ_CONFIG], +[AC_REQUIRE([LT_PROG_GCJ])dnl +AC_LANG_SAVE + +# Source file extension for Java test sources. +ac_ext=java + +# Object file extension for compiled Java test sources. +objext=o +_LT_TAGVAR(objext, $1)=$objext + +# Code to be used in simple compile tests +lt_simple_compile_test_code="class foo {}" + +# Code to be used in simple link tests +lt_simple_link_test_code='public class conftest { public static void main(String[[]] argv) {}; }' + +# ltmain only uses $CC for tagged configurations so make sure $CC is set. +_LT_TAG_COMPILER + +# save warnings/boilerplate of simple test code +_LT_COMPILER_BOILERPLATE +_LT_LINKER_BOILERPLATE + +# Allow CC to be a program name with arguments. +lt_save_CC=$CC +lt_save_CFLAGS=$CFLAGS +lt_save_GCC=$GCC +GCC=yes +CC=${GCJ-"gcj"} +CFLAGS=$GCJFLAGS +compiler=$CC +_LT_TAGVAR(compiler, $1)=$CC +_LT_TAGVAR(LD, $1)="$LD" +_LT_CC_BASENAME([$compiler]) + +# GCJ did not exist at the time GCC didn't implicitly link libc in. +_LT_TAGVAR(archive_cmds_need_lc, $1)=no + +_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds +_LT_TAGVAR(reload_flag, $1)=$reload_flag +_LT_TAGVAR(reload_cmds, $1)=$reload_cmds + +if test -n "$compiler"; then + _LT_COMPILER_NO_RTTI($1) + _LT_COMPILER_PIC($1) + _LT_COMPILER_C_O($1) + _LT_COMPILER_FILE_LOCKS($1) + _LT_LINKER_SHLIBS($1) + _LT_LINKER_HARDCODE_LIBPATH($1) + + _LT_CONFIG($1) +fi + +AC_LANG_RESTORE + +GCC=$lt_save_GCC +CC=$lt_save_CC +CFLAGS=$lt_save_CFLAGS +])# _LT_LANG_GCJ_CONFIG + + +# _LT_LANG_GO_CONFIG([TAG]) +# -------------------------- +# Ensure that the configuration variables for the GNU Go compiler +# are suitably defined. These variables are subsequently used by _LT_CONFIG +# to write the compiler configuration to `libtool'. +m4_defun([_LT_LANG_GO_CONFIG], +[AC_REQUIRE([LT_PROG_GO])dnl +AC_LANG_SAVE + +# Source file extension for Go test sources. +ac_ext=go + +# Object file extension for compiled Go test sources. +objext=o +_LT_TAGVAR(objext, $1)=$objext + +# Code to be used in simple compile tests +lt_simple_compile_test_code="package main; func main() { }" + +# Code to be used in simple link tests +lt_simple_link_test_code='package main; func main() { }' + +# ltmain only uses $CC for tagged configurations so make sure $CC is set. +_LT_TAG_COMPILER + +# save warnings/boilerplate of simple test code +_LT_COMPILER_BOILERPLATE +_LT_LINKER_BOILERPLATE + +# Allow CC to be a program name with arguments. +lt_save_CC=$CC +lt_save_CFLAGS=$CFLAGS +lt_save_GCC=$GCC +GCC=yes +CC=${GOC-"gccgo"} +CFLAGS=$GOFLAGS +compiler=$CC +_LT_TAGVAR(compiler, $1)=$CC +_LT_TAGVAR(LD, $1)="$LD" +_LT_CC_BASENAME([$compiler]) + +# Go did not exist at the time GCC didn't implicitly link libc in. +_LT_TAGVAR(archive_cmds_need_lc, $1)=no + +_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds +_LT_TAGVAR(reload_flag, $1)=$reload_flag +_LT_TAGVAR(reload_cmds, $1)=$reload_cmds + +if test -n "$compiler"; then + _LT_COMPILER_NO_RTTI($1) + _LT_COMPILER_PIC($1) + _LT_COMPILER_C_O($1) + _LT_COMPILER_FILE_LOCKS($1) + _LT_LINKER_SHLIBS($1) + _LT_LINKER_HARDCODE_LIBPATH($1) + + _LT_CONFIG($1) +fi + +AC_LANG_RESTORE + +GCC=$lt_save_GCC +CC=$lt_save_CC +CFLAGS=$lt_save_CFLAGS +])# _LT_LANG_GO_CONFIG + + +# _LT_LANG_RC_CONFIG([TAG]) +# ------------------------- +# Ensure that the configuration variables for the Windows resource compiler +# are suitably defined. These variables are subsequently used by _LT_CONFIG +# to write the compiler configuration to `libtool'. +m4_defun([_LT_LANG_RC_CONFIG], +[AC_REQUIRE([LT_PROG_RC])dnl +AC_LANG_SAVE + +# Source file extension for RC test sources. +ac_ext=rc + +# Object file extension for compiled RC test sources. +objext=o +_LT_TAGVAR(objext, $1)=$objext + +# Code to be used in simple compile tests +lt_simple_compile_test_code='sample MENU { MENUITEM "&Soup", 100, CHECKED }' + +# Code to be used in simple link tests +lt_simple_link_test_code="$lt_simple_compile_test_code" + +# ltmain only uses $CC for tagged configurations so make sure $CC is set. +_LT_TAG_COMPILER + +# save warnings/boilerplate of simple test code +_LT_COMPILER_BOILERPLATE +_LT_LINKER_BOILERPLATE + +# Allow CC to be a program name with arguments. +lt_save_CC="$CC" +lt_save_CFLAGS=$CFLAGS +lt_save_GCC=$GCC +GCC= +CC=${RC-"windres"} +CFLAGS= +compiler=$CC +_LT_TAGVAR(compiler, $1)=$CC +_LT_CC_BASENAME([$compiler]) +_LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)=yes + +if test -n "$compiler"; then + : + _LT_CONFIG($1) +fi + +GCC=$lt_save_GCC +AC_LANG_RESTORE +CC=$lt_save_CC +CFLAGS=$lt_save_CFLAGS +])# _LT_LANG_RC_CONFIG + + +# LT_PROG_GCJ +# ----------- +AC_DEFUN([LT_PROG_GCJ], +[m4_ifdef([AC_PROG_GCJ], [AC_PROG_GCJ], + [m4_ifdef([A][M_PROG_GCJ], [A][M_PROG_GCJ], + [AC_CHECK_TOOL(GCJ, gcj,) + test "x${GCJFLAGS+set}" = xset || GCJFLAGS="-g -O2" + AC_SUBST(GCJFLAGS)])])[]dnl +]) + +# Old name: +AU_ALIAS([LT_AC_PROG_GCJ], [LT_PROG_GCJ]) +dnl aclocal-1.4 backwards compatibility: +dnl AC_DEFUN([LT_AC_PROG_GCJ], []) + + +# LT_PROG_GO +# ---------- +AC_DEFUN([LT_PROG_GO], +[AC_CHECK_TOOL(GOC, gccgo,) +]) + + +# LT_PROG_RC +# ---------- +AC_DEFUN([LT_PROG_RC], +[AC_CHECK_TOOL(RC, windres,) +]) + +# Old name: +AU_ALIAS([LT_AC_PROG_RC], [LT_PROG_RC]) +dnl aclocal-1.4 backwards compatibility: +dnl AC_DEFUN([LT_AC_PROG_RC], []) + + +# _LT_DECL_EGREP +# -------------- +# If we don't have a new enough Autoconf to choose the best grep +# available, choose the one first in the user's PATH. +m4_defun([_LT_DECL_EGREP], +[AC_REQUIRE([AC_PROG_EGREP])dnl +AC_REQUIRE([AC_PROG_FGREP])dnl +test -z "$GREP" && GREP=grep +_LT_DECL([], [GREP], [1], [A grep program that handles long lines]) +_LT_DECL([], [EGREP], [1], [An ERE matcher]) +_LT_DECL([], [FGREP], [1], [A literal string matcher]) +dnl Non-bleeding-edge autoconf doesn't subst GREP, so do it here too +AC_SUBST([GREP]) +]) + + +# _LT_DECL_OBJDUMP +# -------------- +# If we don't have a new enough Autoconf to choose the best objdump +# available, choose the one first in the user's PATH. +m4_defun([_LT_DECL_OBJDUMP], +[AC_CHECK_TOOL(OBJDUMP, objdump, false) +test -z "$OBJDUMP" && OBJDUMP=objdump +_LT_DECL([], [OBJDUMP], [1], [An object symbol dumper]) +AC_SUBST([OBJDUMP]) +]) + +# _LT_DECL_DLLTOOL +# ---------------- +# Ensure DLLTOOL variable is set. +m4_defun([_LT_DECL_DLLTOOL], +[AC_CHECK_TOOL(DLLTOOL, dlltool, false) +test -z "$DLLTOOL" && DLLTOOL=dlltool +_LT_DECL([], [DLLTOOL], [1], [DLL creation program]) +AC_SUBST([DLLTOOL]) +]) + +# _LT_DECL_SED +# ------------ +# Check for a fully-functional sed program, that truncates +# as few characters as possible. Prefer GNU sed if found. +m4_defun([_LT_DECL_SED], +[AC_PROG_SED +test -z "$SED" && SED=sed +Xsed="$SED -e 1s/^X//" +_LT_DECL([], [SED], [1], [A sed program that does not truncate output]) +_LT_DECL([], [Xsed], ["\$SED -e 1s/^X//"], + [Sed that helps us avoid accidentally triggering echo(1) options like -n]) +])# _LT_DECL_SED + +m4_ifndef([AC_PROG_SED], [ +# NOTE: This macro has been submitted for inclusion into # +# GNU Autoconf as AC_PROG_SED. When it is available in # +# a released version of Autoconf we should remove this # +# macro and use it instead. # + +m4_defun([AC_PROG_SED], +[AC_MSG_CHECKING([for a sed that does not truncate output]) +AC_CACHE_VAL(lt_cv_path_SED, +[# Loop through the user's path and test for sed and gsed. +# Then use that list of sed's as ones to test for truncation. +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for lt_ac_prog in sed gsed; do + for ac_exec_ext in '' $ac_executable_extensions; do + if $as_executable_p "$as_dir/$lt_ac_prog$ac_exec_ext"; then + lt_ac_sed_list="$lt_ac_sed_list $as_dir/$lt_ac_prog$ac_exec_ext" + fi + done + done +done +IFS=$as_save_IFS +lt_ac_max=0 +lt_ac_count=0 +# Add /usr/xpg4/bin/sed as it is typically found on Solaris +# along with /bin/sed that truncates output. +for lt_ac_sed in $lt_ac_sed_list /usr/xpg4/bin/sed; do + test ! -f $lt_ac_sed && continue + cat /dev/null > conftest.in + lt_ac_count=0 + echo $ECHO_N "0123456789$ECHO_C" >conftest.in + # Check for GNU sed and select it if it is found. + if "$lt_ac_sed" --version 2>&1 < /dev/null | grep 'GNU' > /dev/null; then + lt_cv_path_SED=$lt_ac_sed + break + fi + while true; do + cat conftest.in conftest.in >conftest.tmp + mv conftest.tmp conftest.in + cp conftest.in conftest.nl + echo >>conftest.nl + $lt_ac_sed -e 's/a$//' < conftest.nl >conftest.out || break + cmp -s conftest.out conftest.nl || break + # 10000 chars as input seems more than enough + test $lt_ac_count -gt 10 && break + lt_ac_count=`expr $lt_ac_count + 1` + if test $lt_ac_count -gt $lt_ac_max; then + lt_ac_max=$lt_ac_count + lt_cv_path_SED=$lt_ac_sed + fi + done +done +]) +SED=$lt_cv_path_SED +AC_SUBST([SED]) +AC_MSG_RESULT([$SED]) +])#AC_PROG_SED +])#m4_ifndef + +# Old name: +AU_ALIAS([LT_AC_PROG_SED], [AC_PROG_SED]) +dnl aclocal-1.4 backwards compatibility: +dnl AC_DEFUN([LT_AC_PROG_SED], []) + + +# _LT_CHECK_SHELL_FEATURES +# ------------------------ +# Find out whether the shell is Bourne or XSI compatible, +# or has some other useful features. +m4_defun([_LT_CHECK_SHELL_FEATURES], +[AC_MSG_CHECKING([whether the shell understands some XSI constructs]) +# Try some XSI features +xsi_shell=no +( _lt_dummy="a/b/c" + test "${_lt_dummy##*/},${_lt_dummy%/*},${_lt_dummy#??}"${_lt_dummy%"$_lt_dummy"}, \ + = c,a/b,b/c, \ + && eval 'test $(( 1 + 1 )) -eq 2 \ + && test "${#_lt_dummy}" -eq 5' ) >/dev/null 2>&1 \ + && xsi_shell=yes +AC_MSG_RESULT([$xsi_shell]) +_LT_CONFIG_LIBTOOL_INIT([xsi_shell='$xsi_shell']) + +AC_MSG_CHECKING([whether the shell understands "+="]) +lt_shell_append=no +( foo=bar; set foo baz; eval "$[1]+=\$[2]" && test "$foo" = barbaz ) \ + >/dev/null 2>&1 \ + && lt_shell_append=yes +AC_MSG_RESULT([$lt_shell_append]) +_LT_CONFIG_LIBTOOL_INIT([lt_shell_append='$lt_shell_append']) + +if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then + lt_unset=unset +else + lt_unset=false +fi +_LT_DECL([], [lt_unset], [0], [whether the shell understands "unset"])dnl + +# test EBCDIC or ASCII +case `echo X|tr X '\101'` in + A) # ASCII based system + # \n is not interpreted correctly by Solaris 8 /usr/ucb/tr + lt_SP2NL='tr \040 \012' + lt_NL2SP='tr \015\012 \040\040' + ;; + *) # EBCDIC based system + lt_SP2NL='tr \100 \n' + lt_NL2SP='tr \r\n \100\100' + ;; +esac +_LT_DECL([SP2NL], [lt_SP2NL], [1], [turn spaces into newlines])dnl +_LT_DECL([NL2SP], [lt_NL2SP], [1], [turn newlines into spaces])dnl +])# _LT_CHECK_SHELL_FEATURES + + +# _LT_PROG_FUNCTION_REPLACE (FUNCNAME, REPLACEMENT-BODY) +# ------------------------------------------------------ +# In `$cfgfile', look for function FUNCNAME delimited by `^FUNCNAME ()$' and +# '^} FUNCNAME ', and replace its body with REPLACEMENT-BODY. +m4_defun([_LT_PROG_FUNCTION_REPLACE], +[dnl { +sed -e '/^$1 ()$/,/^} # $1 /c\ +$1 ()\ +{\ +m4_bpatsubsts([$2], [$], [\\], [^\([ ]\)], [\\\1]) +} # Extended-shell $1 implementation' "$cfgfile" > $cfgfile.tmp \ + && mv -f "$cfgfile.tmp" "$cfgfile" \ + || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") +test 0 -eq $? || _lt_function_replace_fail=: +]) + + +# _LT_PROG_REPLACE_SHELLFNS +# ------------------------- +# Replace existing portable implementations of several shell functions with +# equivalent extended shell implementations where those features are available.. +m4_defun([_LT_PROG_REPLACE_SHELLFNS], +[if test x"$xsi_shell" = xyes; then + _LT_PROG_FUNCTION_REPLACE([func_dirname], [dnl + case ${1} in + */*) func_dirname_result="${1%/*}${2}" ;; + * ) func_dirname_result="${3}" ;; + esac]) + + _LT_PROG_FUNCTION_REPLACE([func_basename], [dnl + func_basename_result="${1##*/}"]) + + _LT_PROG_FUNCTION_REPLACE([func_dirname_and_basename], [dnl + case ${1} in + */*) func_dirname_result="${1%/*}${2}" ;; + * ) func_dirname_result="${3}" ;; + esac + func_basename_result="${1##*/}"]) + + _LT_PROG_FUNCTION_REPLACE([func_stripname], [dnl + # pdksh 5.2.14 does not do ${X%$Y} correctly if both X and Y are + # positional parameters, so assign one to ordinary parameter first. + func_stripname_result=${3} + func_stripname_result=${func_stripname_result#"${1}"} + func_stripname_result=${func_stripname_result%"${2}"}]) + + _LT_PROG_FUNCTION_REPLACE([func_split_long_opt], [dnl + func_split_long_opt_name=${1%%=*} + func_split_long_opt_arg=${1#*=}]) + + _LT_PROG_FUNCTION_REPLACE([func_split_short_opt], [dnl + func_split_short_opt_arg=${1#??} + func_split_short_opt_name=${1%"$func_split_short_opt_arg"}]) + + _LT_PROG_FUNCTION_REPLACE([func_lo2o], [dnl + case ${1} in + *.lo) func_lo2o_result=${1%.lo}.${objext} ;; + *) func_lo2o_result=${1} ;; + esac]) + + _LT_PROG_FUNCTION_REPLACE([func_xform], [ func_xform_result=${1%.*}.lo]) + + _LT_PROG_FUNCTION_REPLACE([func_arith], [ func_arith_result=$(( $[*] ))]) + + _LT_PROG_FUNCTION_REPLACE([func_len], [ func_len_result=${#1}]) +fi + +if test x"$lt_shell_append" = xyes; then + _LT_PROG_FUNCTION_REPLACE([func_append], [ eval "${1}+=\\${2}"]) + + _LT_PROG_FUNCTION_REPLACE([func_append_quoted], [dnl + func_quote_for_eval "${2}" +dnl m4 expansion turns \\\\ into \\, and then the shell eval turns that into \ + eval "${1}+=\\\\ \\$func_quote_for_eval_result"]) + + # Save a `func_append' function call where possible by direct use of '+=' + sed -e 's%func_append \([[a-zA-Z_]]\{1,\}\) "%\1+="%g' $cfgfile > $cfgfile.tmp \ + && mv -f "$cfgfile.tmp" "$cfgfile" \ + || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") + test 0 -eq $? || _lt_function_replace_fail=: +else + # Save a `func_append' function call even when '+=' is not available + sed -e 's%func_append \([[a-zA-Z_]]\{1,\}\) "%\1="$\1%g' $cfgfile > $cfgfile.tmp \ + && mv -f "$cfgfile.tmp" "$cfgfile" \ + || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") + test 0 -eq $? || _lt_function_replace_fail=: +fi + +if test x"$_lt_function_replace_fail" = x":"; then + AC_MSG_WARN([Unable to substitute extended shell functions in $ofile]) +fi +]) + +# _LT_PATH_CONVERSION_FUNCTIONS +# ----------------------------- +# Determine which file name conversion functions should be used by +# func_to_host_file (and, implicitly, by func_to_host_path). These are needed +# for certain cross-compile configurations and native mingw. +m4_defun([_LT_PATH_CONVERSION_FUNCTIONS], +[AC_REQUIRE([AC_CANONICAL_HOST])dnl +AC_REQUIRE([AC_CANONICAL_BUILD])dnl +AC_MSG_CHECKING([how to convert $build file names to $host format]) +AC_CACHE_VAL(lt_cv_to_host_file_cmd, +[case $host in + *-*-mingw* ) + case $build in + *-*-mingw* ) # actually msys + lt_cv_to_host_file_cmd=func_convert_file_msys_to_w32 + ;; + *-*-cygwin* ) + lt_cv_to_host_file_cmd=func_convert_file_cygwin_to_w32 + ;; + * ) # otherwise, assume *nix + lt_cv_to_host_file_cmd=func_convert_file_nix_to_w32 + ;; + esac + ;; + *-*-cygwin* ) + case $build in + *-*-mingw* ) # actually msys + lt_cv_to_host_file_cmd=func_convert_file_msys_to_cygwin + ;; + *-*-cygwin* ) + lt_cv_to_host_file_cmd=func_convert_file_noop + ;; + * ) # otherwise, assume *nix + lt_cv_to_host_file_cmd=func_convert_file_nix_to_cygwin + ;; + esac + ;; + * ) # unhandled hosts (and "normal" native builds) + lt_cv_to_host_file_cmd=func_convert_file_noop + ;; +esac +]) +to_host_file_cmd=$lt_cv_to_host_file_cmd +AC_MSG_RESULT([$lt_cv_to_host_file_cmd]) +_LT_DECL([to_host_file_cmd], [lt_cv_to_host_file_cmd], + [0], [convert $build file names to $host format])dnl + +AC_MSG_CHECKING([how to convert $build file names to toolchain format]) +AC_CACHE_VAL(lt_cv_to_tool_file_cmd, +[#assume ordinary cross tools, or native build. +lt_cv_to_tool_file_cmd=func_convert_file_noop +case $host in + *-*-mingw* ) + case $build in + *-*-mingw* ) # actually msys + lt_cv_to_tool_file_cmd=func_convert_file_msys_to_w32 + ;; + esac + ;; +esac +]) +to_tool_file_cmd=$lt_cv_to_tool_file_cmd +AC_MSG_RESULT([$lt_cv_to_tool_file_cmd]) +_LT_DECL([to_tool_file_cmd], [lt_cv_to_tool_file_cmd], + [0], [convert $build files to toolchain format])dnl +])# _LT_PATH_CONVERSION_FUNCTIONS + +# Helper functions for option handling. -*- Autoconf -*- +# +# Copyright (C) 2004, 2005, 2007, 2008, 2009 Free Software Foundation, +# Inc. +# Written by Gary V. Vaughan, 2004 +# +# This file is free software; the Free Software Foundation gives +# unlimited permission to copy and/or distribute it, with or without +# modifications, as long as this notice is preserved. + +# serial 7 ltoptions.m4 + +# This is to help aclocal find these macros, as it can't see m4_define. +AC_DEFUN([LTOPTIONS_VERSION], [m4_if([1])]) + + +# _LT_MANGLE_OPTION(MACRO-NAME, OPTION-NAME) +# ------------------------------------------ +m4_define([_LT_MANGLE_OPTION], +[[_LT_OPTION_]m4_bpatsubst($1__$2, [[^a-zA-Z0-9_]], [_])]) + + +# _LT_SET_OPTION(MACRO-NAME, OPTION-NAME) +# --------------------------------------- +# Set option OPTION-NAME for macro MACRO-NAME, and if there is a +# matching handler defined, dispatch to it. Other OPTION-NAMEs are +# saved as a flag. +m4_define([_LT_SET_OPTION], +[m4_define(_LT_MANGLE_OPTION([$1], [$2]))dnl +m4_ifdef(_LT_MANGLE_DEFUN([$1], [$2]), + _LT_MANGLE_DEFUN([$1], [$2]), + [m4_warning([Unknown $1 option `$2'])])[]dnl +]) + + +# _LT_IF_OPTION(MACRO-NAME, OPTION-NAME, IF-SET, [IF-NOT-SET]) +# ------------------------------------------------------------ +# Execute IF-SET if OPTION is set, IF-NOT-SET otherwise. +m4_define([_LT_IF_OPTION], +[m4_ifdef(_LT_MANGLE_OPTION([$1], [$2]), [$3], [$4])]) + + +# _LT_UNLESS_OPTIONS(MACRO-NAME, OPTION-LIST, IF-NOT-SET) +# ------------------------------------------------------- +# Execute IF-NOT-SET unless all options in OPTION-LIST for MACRO-NAME +# are set. +m4_define([_LT_UNLESS_OPTIONS], +[m4_foreach([_LT_Option], m4_split(m4_normalize([$2])), + [m4_ifdef(_LT_MANGLE_OPTION([$1], _LT_Option), + [m4_define([$0_found])])])[]dnl +m4_ifdef([$0_found], [m4_undefine([$0_found])], [$3 +])[]dnl +]) + + +# _LT_SET_OPTIONS(MACRO-NAME, OPTION-LIST) +# ---------------------------------------- +# OPTION-LIST is a space-separated list of Libtool options associated +# with MACRO-NAME. If any OPTION has a matching handler declared with +# LT_OPTION_DEFINE, dispatch to that macro; otherwise complain about +# the unknown option and exit. +m4_defun([_LT_SET_OPTIONS], +[# Set options +m4_foreach([_LT_Option], m4_split(m4_normalize([$2])), + [_LT_SET_OPTION([$1], _LT_Option)]) + +m4_if([$1],[LT_INIT],[ + dnl + dnl Simply set some default values (i.e off) if boolean options were not + dnl specified: + _LT_UNLESS_OPTIONS([LT_INIT], [dlopen], [enable_dlopen=no + ]) + _LT_UNLESS_OPTIONS([LT_INIT], [win32-dll], [enable_win32_dll=no + ]) + dnl + dnl If no reference was made to various pairs of opposing options, then + dnl we run the default mode handler for the pair. For example, if neither + dnl `shared' nor `disable-shared' was passed, we enable building of shared + dnl archives by default: + _LT_UNLESS_OPTIONS([LT_INIT], [shared disable-shared], [_LT_ENABLE_SHARED]) + _LT_UNLESS_OPTIONS([LT_INIT], [static disable-static], [_LT_ENABLE_STATIC]) + _LT_UNLESS_OPTIONS([LT_INIT], [pic-only no-pic], [_LT_WITH_PIC]) + _LT_UNLESS_OPTIONS([LT_INIT], [fast-install disable-fast-install], + [_LT_ENABLE_FAST_INSTALL]) + ]) +])# _LT_SET_OPTIONS + + + +# _LT_MANGLE_DEFUN(MACRO-NAME, OPTION-NAME) +# ----------------------------------------- +m4_define([_LT_MANGLE_DEFUN], +[[_LT_OPTION_DEFUN_]m4_bpatsubst(m4_toupper([$1__$2]), [[^A-Z0-9_]], [_])]) + + +# LT_OPTION_DEFINE(MACRO-NAME, OPTION-NAME, CODE) +# ----------------------------------------------- +m4_define([LT_OPTION_DEFINE], +[m4_define(_LT_MANGLE_DEFUN([$1], [$2]), [$3])[]dnl +])# LT_OPTION_DEFINE + + +# dlopen +# ------ +LT_OPTION_DEFINE([LT_INIT], [dlopen], [enable_dlopen=yes +]) + +AU_DEFUN([AC_LIBTOOL_DLOPEN], +[_LT_SET_OPTION([LT_INIT], [dlopen]) +AC_DIAGNOSE([obsolete], +[$0: Remove this warning and the call to _LT_SET_OPTION when you +put the `dlopen' option into LT_INIT's first parameter.]) +]) + +dnl aclocal-1.4 backwards compatibility: +dnl AC_DEFUN([AC_LIBTOOL_DLOPEN], []) + + +# win32-dll +# --------- +# Declare package support for building win32 dll's. +LT_OPTION_DEFINE([LT_INIT], [win32-dll], +[enable_win32_dll=yes + +case $host in +*-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-cegcc*) + AC_CHECK_TOOL(AS, as, false) + AC_CHECK_TOOL(DLLTOOL, dlltool, false) + AC_CHECK_TOOL(OBJDUMP, objdump, false) + ;; +esac + +test -z "$AS" && AS=as +_LT_DECL([], [AS], [1], [Assembler program])dnl + +test -z "$DLLTOOL" && DLLTOOL=dlltool +_LT_DECL([], [DLLTOOL], [1], [DLL creation program])dnl + +test -z "$OBJDUMP" && OBJDUMP=objdump +_LT_DECL([], [OBJDUMP], [1], [Object dumper program])dnl +])# win32-dll + +AU_DEFUN([AC_LIBTOOL_WIN32_DLL], +[AC_REQUIRE([AC_CANONICAL_HOST])dnl +_LT_SET_OPTION([LT_INIT], [win32-dll]) +AC_DIAGNOSE([obsolete], +[$0: Remove this warning and the call to _LT_SET_OPTION when you +put the `win32-dll' option into LT_INIT's first parameter.]) +]) + +dnl aclocal-1.4 backwards compatibility: +dnl AC_DEFUN([AC_LIBTOOL_WIN32_DLL], []) + + +# _LT_ENABLE_SHARED([DEFAULT]) +# ---------------------------- +# implement the --enable-shared flag, and supports the `shared' and +# `disable-shared' LT_INIT options. +# DEFAULT is either `yes' or `no'. If omitted, it defaults to `yes'. +m4_define([_LT_ENABLE_SHARED], +[m4_define([_LT_ENABLE_SHARED_DEFAULT], [m4_if($1, no, no, yes)])dnl +AC_ARG_ENABLE([shared], + [AS_HELP_STRING([--enable-shared@<:@=PKGS@:>@], + [build shared libraries @<:@default=]_LT_ENABLE_SHARED_DEFAULT[@:>@])], + [p=${PACKAGE-default} + case $enableval in + yes) enable_shared=yes ;; + no) enable_shared=no ;; + *) + enable_shared=no + # Look at the argument we got. We use all the common list separators. + lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR," + for pkg in $enableval; do + IFS="$lt_save_ifs" + if test "X$pkg" = "X$p"; then + enable_shared=yes + fi + done + IFS="$lt_save_ifs" + ;; + esac], + [enable_shared=]_LT_ENABLE_SHARED_DEFAULT) + + _LT_DECL([build_libtool_libs], [enable_shared], [0], + [Whether or not to build shared libraries]) +])# _LT_ENABLE_SHARED + +LT_OPTION_DEFINE([LT_INIT], [shared], [_LT_ENABLE_SHARED([yes])]) +LT_OPTION_DEFINE([LT_INIT], [disable-shared], [_LT_ENABLE_SHARED([no])]) + +# Old names: +AC_DEFUN([AC_ENABLE_SHARED], +[_LT_SET_OPTION([LT_INIT], m4_if([$1], [no], [disable-])[shared]) +]) + +AC_DEFUN([AC_DISABLE_SHARED], +[_LT_SET_OPTION([LT_INIT], [disable-shared]) +]) + +AU_DEFUN([AM_ENABLE_SHARED], [AC_ENABLE_SHARED($@)]) +AU_DEFUN([AM_DISABLE_SHARED], [AC_DISABLE_SHARED($@)]) + +dnl aclocal-1.4 backwards compatibility: +dnl AC_DEFUN([AM_ENABLE_SHARED], []) +dnl AC_DEFUN([AM_DISABLE_SHARED], []) + + + +# _LT_ENABLE_STATIC([DEFAULT]) +# ---------------------------- +# implement the --enable-static flag, and support the `static' and +# `disable-static' LT_INIT options. +# DEFAULT is either `yes' or `no'. If omitted, it defaults to `yes'. +m4_define([_LT_ENABLE_STATIC], +[m4_define([_LT_ENABLE_STATIC_DEFAULT], [m4_if($1, no, no, yes)])dnl +AC_ARG_ENABLE([static], + [AS_HELP_STRING([--enable-static@<:@=PKGS@:>@], + [build static libraries @<:@default=]_LT_ENABLE_STATIC_DEFAULT[@:>@])], + [p=${PACKAGE-default} + case $enableval in + yes) enable_static=yes ;; + no) enable_static=no ;; + *) + enable_static=no + # Look at the argument we got. We use all the common list separators. + lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR," + for pkg in $enableval; do + IFS="$lt_save_ifs" + if test "X$pkg" = "X$p"; then + enable_static=yes + fi + done + IFS="$lt_save_ifs" + ;; + esac], + [enable_static=]_LT_ENABLE_STATIC_DEFAULT) + + _LT_DECL([build_old_libs], [enable_static], [0], + [Whether or not to build static libraries]) +])# _LT_ENABLE_STATIC + +LT_OPTION_DEFINE([LT_INIT], [static], [_LT_ENABLE_STATIC([yes])]) +LT_OPTION_DEFINE([LT_INIT], [disable-static], [_LT_ENABLE_STATIC([no])]) + +# Old names: +AC_DEFUN([AC_ENABLE_STATIC], +[_LT_SET_OPTION([LT_INIT], m4_if([$1], [no], [disable-])[static]) +]) + +AC_DEFUN([AC_DISABLE_STATIC], +[_LT_SET_OPTION([LT_INIT], [disable-static]) +]) + +AU_DEFUN([AM_ENABLE_STATIC], [AC_ENABLE_STATIC($@)]) +AU_DEFUN([AM_DISABLE_STATIC], [AC_DISABLE_STATIC($@)]) + +dnl aclocal-1.4 backwards compatibility: +dnl AC_DEFUN([AM_ENABLE_STATIC], []) +dnl AC_DEFUN([AM_DISABLE_STATIC], []) + + + +# _LT_ENABLE_FAST_INSTALL([DEFAULT]) +# ---------------------------------- +# implement the --enable-fast-install flag, and support the `fast-install' +# and `disable-fast-install' LT_INIT options. +# DEFAULT is either `yes' or `no'. If omitted, it defaults to `yes'. +m4_define([_LT_ENABLE_FAST_INSTALL], +[m4_define([_LT_ENABLE_FAST_INSTALL_DEFAULT], [m4_if($1, no, no, yes)])dnl +AC_ARG_ENABLE([fast-install], + [AS_HELP_STRING([--enable-fast-install@<:@=PKGS@:>@], + [optimize for fast installation @<:@default=]_LT_ENABLE_FAST_INSTALL_DEFAULT[@:>@])], + [p=${PACKAGE-default} + case $enableval in + yes) enable_fast_install=yes ;; + no) enable_fast_install=no ;; + *) + enable_fast_install=no + # Look at the argument we got. We use all the common list separators. + lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR," + for pkg in $enableval; do + IFS="$lt_save_ifs" + if test "X$pkg" = "X$p"; then + enable_fast_install=yes + fi + done + IFS="$lt_save_ifs" + ;; + esac], + [enable_fast_install=]_LT_ENABLE_FAST_INSTALL_DEFAULT) + +_LT_DECL([fast_install], [enable_fast_install], [0], + [Whether or not to optimize for fast installation])dnl +])# _LT_ENABLE_FAST_INSTALL + +LT_OPTION_DEFINE([LT_INIT], [fast-install], [_LT_ENABLE_FAST_INSTALL([yes])]) +LT_OPTION_DEFINE([LT_INIT], [disable-fast-install], [_LT_ENABLE_FAST_INSTALL([no])]) + +# Old names: +AU_DEFUN([AC_ENABLE_FAST_INSTALL], +[_LT_SET_OPTION([LT_INIT], m4_if([$1], [no], [disable-])[fast-install]) +AC_DIAGNOSE([obsolete], +[$0: Remove this warning and the call to _LT_SET_OPTION when you put +the `fast-install' option into LT_INIT's first parameter.]) +]) + +AU_DEFUN([AC_DISABLE_FAST_INSTALL], +[_LT_SET_OPTION([LT_INIT], [disable-fast-install]) +AC_DIAGNOSE([obsolete], +[$0: Remove this warning and the call to _LT_SET_OPTION when you put +the `disable-fast-install' option into LT_INIT's first parameter.]) +]) + +dnl aclocal-1.4 backwards compatibility: +dnl AC_DEFUN([AC_ENABLE_FAST_INSTALL], []) +dnl AC_DEFUN([AM_DISABLE_FAST_INSTALL], []) + + +# _LT_WITH_PIC([MODE]) +# -------------------- +# implement the --with-pic flag, and support the `pic-only' and `no-pic' +# LT_INIT options. +# MODE is either `yes' or `no'. If omitted, it defaults to `both'. +m4_define([_LT_WITH_PIC], +[AC_ARG_WITH([pic], + [AS_HELP_STRING([--with-pic@<:@=PKGS@:>@], + [try to use only PIC/non-PIC objects @<:@default=use both@:>@])], + [lt_p=${PACKAGE-default} + case $withval in + yes|no) pic_mode=$withval ;; + *) + pic_mode=default + # Look at the argument we got. We use all the common list separators. + lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR," + for lt_pkg in $withval; do + IFS="$lt_save_ifs" + if test "X$lt_pkg" = "X$lt_p"; then + pic_mode=yes + fi + done + IFS="$lt_save_ifs" + ;; + esac], + [pic_mode=default]) + +test -z "$pic_mode" && pic_mode=m4_default([$1], [default]) + +_LT_DECL([], [pic_mode], [0], [What type of objects to build])dnl +])# _LT_WITH_PIC + +LT_OPTION_DEFINE([LT_INIT], [pic-only], [_LT_WITH_PIC([yes])]) +LT_OPTION_DEFINE([LT_INIT], [no-pic], [_LT_WITH_PIC([no])]) + +# Old name: +AU_DEFUN([AC_LIBTOOL_PICMODE], +[_LT_SET_OPTION([LT_INIT], [pic-only]) +AC_DIAGNOSE([obsolete], +[$0: Remove this warning and the call to _LT_SET_OPTION when you +put the `pic-only' option into LT_INIT's first parameter.]) +]) + +dnl aclocal-1.4 backwards compatibility: +dnl AC_DEFUN([AC_LIBTOOL_PICMODE], []) + + +m4_define([_LTDL_MODE], []) +LT_OPTION_DEFINE([LTDL_INIT], [nonrecursive], + [m4_define([_LTDL_MODE], [nonrecursive])]) +LT_OPTION_DEFINE([LTDL_INIT], [recursive], + [m4_define([_LTDL_MODE], [recursive])]) +LT_OPTION_DEFINE([LTDL_INIT], [subproject], + [m4_define([_LTDL_MODE], [subproject])]) + +m4_define([_LTDL_TYPE], []) +LT_OPTION_DEFINE([LTDL_INIT], [installable], + [m4_define([_LTDL_TYPE], [installable])]) +LT_OPTION_DEFINE([LTDL_INIT], [convenience], + [m4_define([_LTDL_TYPE], [convenience])]) + +# ltsugar.m4 -- libtool m4 base layer. -*-Autoconf-*- +# +# Copyright (C) 2004, 2005, 2007, 2008 Free Software Foundation, Inc. +# Written by Gary V. Vaughan, 2004 +# +# This file is free software; the Free Software Foundation gives +# unlimited permission to copy and/or distribute it, with or without +# modifications, as long as this notice is preserved. + +# serial 6 ltsugar.m4 + +# This is to help aclocal find these macros, as it can't see m4_define. +AC_DEFUN([LTSUGAR_VERSION], [m4_if([0.1])]) + + +# lt_join(SEP, ARG1, [ARG2...]) +# ----------------------------- +# Produce ARG1SEPARG2...SEPARGn, omitting [] arguments and their +# associated separator. +# Needed until we can rely on m4_join from Autoconf 2.62, since all earlier +# versions in m4sugar had bugs. +m4_define([lt_join], +[m4_if([$#], [1], [], + [$#], [2], [[$2]], + [m4_if([$2], [], [], [[$2]_])$0([$1], m4_shift(m4_shift($@)))])]) +m4_define([_lt_join], +[m4_if([$#$2], [2], [], + [m4_if([$2], [], [], [[$1$2]])$0([$1], m4_shift(m4_shift($@)))])]) + + +# lt_car(LIST) +# lt_cdr(LIST) +# ------------ +# Manipulate m4 lists. +# These macros are necessary as long as will still need to support +# Autoconf-2.59 which quotes differently. +m4_define([lt_car], [[$1]]) +m4_define([lt_cdr], +[m4_if([$#], 0, [m4_fatal([$0: cannot be called without arguments])], + [$#], 1, [], + [m4_dquote(m4_shift($@))])]) +m4_define([lt_unquote], $1) + + +# lt_append(MACRO-NAME, STRING, [SEPARATOR]) +# ------------------------------------------ +# Redefine MACRO-NAME to hold its former content plus `SEPARATOR'`STRING'. +# Note that neither SEPARATOR nor STRING are expanded; they are appended +# to MACRO-NAME as is (leaving the expansion for when MACRO-NAME is invoked). +# No SEPARATOR is output if MACRO-NAME was previously undefined (different +# than defined and empty). +# +# This macro is needed until we can rely on Autoconf 2.62, since earlier +# versions of m4sugar mistakenly expanded SEPARATOR but not STRING. +m4_define([lt_append], +[m4_define([$1], + m4_ifdef([$1], [m4_defn([$1])[$3]])[$2])]) + + + +# lt_combine(SEP, PREFIX-LIST, INFIX, SUFFIX1, [SUFFIX2...]) +# ---------------------------------------------------------- +# Produce a SEP delimited list of all paired combinations of elements of +# PREFIX-LIST with SUFFIX1 through SUFFIXn. Each element of the list +# has the form PREFIXmINFIXSUFFIXn. +# Needed until we can rely on m4_combine added in Autoconf 2.62. +m4_define([lt_combine], +[m4_if(m4_eval([$# > 3]), [1], + [m4_pushdef([_Lt_sep], [m4_define([_Lt_sep], m4_defn([lt_car]))])]]dnl +[[m4_foreach([_Lt_prefix], [$2], + [m4_foreach([_Lt_suffix], + ]m4_dquote(m4_dquote(m4_shift(m4_shift(m4_shift($@)))))[, + [_Lt_sep([$1])[]m4_defn([_Lt_prefix])[$3]m4_defn([_Lt_suffix])])])])]) + + +# lt_if_append_uniq(MACRO-NAME, VARNAME, [SEPARATOR], [UNIQ], [NOT-UNIQ]) +# ----------------------------------------------------------------------- +# Iff MACRO-NAME does not yet contain VARNAME, then append it (delimited +# by SEPARATOR if supplied) and expand UNIQ, else NOT-UNIQ. +m4_define([lt_if_append_uniq], +[m4_ifdef([$1], + [m4_if(m4_index([$3]m4_defn([$1])[$3], [$3$2$3]), [-1], + [lt_append([$1], [$2], [$3])$4], + [$5])], + [lt_append([$1], [$2], [$3])$4])]) + + +# lt_dict_add(DICT, KEY, VALUE) +# ----------------------------- +m4_define([lt_dict_add], +[m4_define([$1($2)], [$3])]) + + +# lt_dict_add_subkey(DICT, KEY, SUBKEY, VALUE) +# -------------------------------------------- +m4_define([lt_dict_add_subkey], +[m4_define([$1($2:$3)], [$4])]) + + +# lt_dict_fetch(DICT, KEY, [SUBKEY]) +# ---------------------------------- +m4_define([lt_dict_fetch], +[m4_ifval([$3], + m4_ifdef([$1($2:$3)], [m4_defn([$1($2:$3)])]), + m4_ifdef([$1($2)], [m4_defn([$1($2)])]))]) + + +# lt_if_dict_fetch(DICT, KEY, [SUBKEY], VALUE, IF-TRUE, [IF-FALSE]) +# ----------------------------------------------------------------- +m4_define([lt_if_dict_fetch], +[m4_if(lt_dict_fetch([$1], [$2], [$3]), [$4], + [$5], + [$6])]) + + +# lt_dict_filter(DICT, [SUBKEY], VALUE, [SEPARATOR], KEY, [...]) +# -------------------------------------------------------------- +m4_define([lt_dict_filter], +[m4_if([$5], [], [], + [lt_join(m4_quote(m4_default([$4], [[, ]])), + lt_unquote(m4_split(m4_normalize(m4_foreach(_Lt_key, lt_car([m4_shiftn(4, $@)]), + [lt_if_dict_fetch([$1], _Lt_key, [$2], [$3], [_Lt_key ])])))))])[]dnl +]) + +# ltversion.m4 -- version numbers -*- Autoconf -*- +# +# Copyright (C) 2004 Free Software Foundation, Inc. +# Written by Scott James Remnant, 2004 +# +# This file is free software; the Free Software Foundation gives +# unlimited permission to copy and/or distribute it, with or without +# modifications, as long as this notice is preserved. + +# @configure_input@ + +# serial 3337 ltversion.m4 +# This file is part of GNU Libtool + +m4_define([LT_PACKAGE_VERSION], [2.4.2]) +m4_define([LT_PACKAGE_REVISION], [1.3337]) + +AC_DEFUN([LTVERSION_VERSION], +[macro_version='2.4.2' +macro_revision='1.3337' +_LT_DECL(, macro_version, 0, [Which release of libtool.m4 was used?]) +_LT_DECL(, macro_revision, 0) +]) + +# lt~obsolete.m4 -- aclocal satisfying obsolete definitions. -*-Autoconf-*- +# +# Copyright (C) 2004, 2005, 2007, 2009 Free Software Foundation, Inc. +# Written by Scott James Remnant, 2004. +# +# This file is free software; the Free Software Foundation gives +# unlimited permission to copy and/or distribute it, with or without +# modifications, as long as this notice is preserved. + +# serial 5 lt~obsolete.m4 + +# These exist entirely to fool aclocal when bootstrapping libtool. +# +# In the past libtool.m4 has provided macros via AC_DEFUN (or AU_DEFUN) +# which have later been changed to m4_define as they aren't part of the +# exported API, or moved to Autoconf or Automake where they belong. +# +# The trouble is, aclocal is a bit thick. It'll see the old AC_DEFUN +# in /usr/share/aclocal/libtool.m4 and remember it, then when it sees us +# using a macro with the same name in our local m4/libtool.m4 it'll +# pull the old libtool.m4 in (it doesn't see our shiny new m4_define +# and doesn't know about Autoconf macros at all.) +# +# So we provide this file, which has a silly filename so it's always +# included after everything else. This provides aclocal with the +# AC_DEFUNs it wants, but when m4 processes it, it doesn't do anything +# because those macros already exist, or will be overwritten later. +# We use AC_DEFUN over AU_DEFUN for compatibility with aclocal-1.6. +# +# Anytime we withdraw an AC_DEFUN or AU_DEFUN, remember to add it here. +# Yes, that means every name once taken will need to remain here until +# we give up compatibility with versions before 1.7, at which point +# we need to keep only those names which we still refer to. + +# This is to help aclocal find these macros, as it can't see m4_define. +AC_DEFUN([LTOBSOLETE_VERSION], [m4_if([1])]) + +m4_ifndef([AC_LIBTOOL_LINKER_OPTION], [AC_DEFUN([AC_LIBTOOL_LINKER_OPTION])]) +m4_ifndef([AC_PROG_EGREP], [AC_DEFUN([AC_PROG_EGREP])]) +m4_ifndef([_LT_AC_PROG_ECHO_BACKSLASH], [AC_DEFUN([_LT_AC_PROG_ECHO_BACKSLASH])]) +m4_ifndef([_LT_AC_SHELL_INIT], [AC_DEFUN([_LT_AC_SHELL_INIT])]) +m4_ifndef([_LT_AC_SYS_LIBPATH_AIX], [AC_DEFUN([_LT_AC_SYS_LIBPATH_AIX])]) +m4_ifndef([_LT_PROG_LTMAIN], [AC_DEFUN([_LT_PROG_LTMAIN])]) +m4_ifndef([_LT_AC_TAGVAR], [AC_DEFUN([_LT_AC_TAGVAR])]) +m4_ifndef([AC_LTDL_ENABLE_INSTALL], [AC_DEFUN([AC_LTDL_ENABLE_INSTALL])]) +m4_ifndef([AC_LTDL_PREOPEN], [AC_DEFUN([AC_LTDL_PREOPEN])]) +m4_ifndef([_LT_AC_SYS_COMPILER], [AC_DEFUN([_LT_AC_SYS_COMPILER])]) +m4_ifndef([_LT_AC_LOCK], [AC_DEFUN([_LT_AC_LOCK])]) +m4_ifndef([AC_LIBTOOL_SYS_OLD_ARCHIVE], [AC_DEFUN([AC_LIBTOOL_SYS_OLD_ARCHIVE])]) +m4_ifndef([_LT_AC_TRY_DLOPEN_SELF], [AC_DEFUN([_LT_AC_TRY_DLOPEN_SELF])]) +m4_ifndef([AC_LIBTOOL_PROG_CC_C_O], [AC_DEFUN([AC_LIBTOOL_PROG_CC_C_O])]) +m4_ifndef([AC_LIBTOOL_SYS_HARD_LINK_LOCKS], [AC_DEFUN([AC_LIBTOOL_SYS_HARD_LINK_LOCKS])]) +m4_ifndef([AC_LIBTOOL_OBJDIR], [AC_DEFUN([AC_LIBTOOL_OBJDIR])]) +m4_ifndef([AC_LTDL_OBJDIR], [AC_DEFUN([AC_LTDL_OBJDIR])]) +m4_ifndef([AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH], [AC_DEFUN([AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH])]) +m4_ifndef([AC_LIBTOOL_SYS_LIB_STRIP], [AC_DEFUN([AC_LIBTOOL_SYS_LIB_STRIP])]) +m4_ifndef([AC_PATH_MAGIC], [AC_DEFUN([AC_PATH_MAGIC])]) +m4_ifndef([AC_PROG_LD_GNU], [AC_DEFUN([AC_PROG_LD_GNU])]) +m4_ifndef([AC_PROG_LD_RELOAD_FLAG], [AC_DEFUN([AC_PROG_LD_RELOAD_FLAG])]) +m4_ifndef([AC_DEPLIBS_CHECK_METHOD], [AC_DEFUN([AC_DEPLIBS_CHECK_METHOD])]) +m4_ifndef([AC_LIBTOOL_PROG_COMPILER_NO_RTTI], [AC_DEFUN([AC_LIBTOOL_PROG_COMPILER_NO_RTTI])]) +m4_ifndef([AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE], [AC_DEFUN([AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE])]) +m4_ifndef([AC_LIBTOOL_PROG_COMPILER_PIC], [AC_DEFUN([AC_LIBTOOL_PROG_COMPILER_PIC])]) +m4_ifndef([AC_LIBTOOL_PROG_LD_SHLIBS], [AC_DEFUN([AC_LIBTOOL_PROG_LD_SHLIBS])]) +m4_ifndef([AC_LIBTOOL_POSTDEP_PREDEP], [AC_DEFUN([AC_LIBTOOL_POSTDEP_PREDEP])]) +m4_ifndef([LT_AC_PROG_EGREP], [AC_DEFUN([LT_AC_PROG_EGREP])]) +m4_ifndef([LT_AC_PROG_SED], [AC_DEFUN([LT_AC_PROG_SED])]) +m4_ifndef([_LT_CC_BASENAME], [AC_DEFUN([_LT_CC_BASENAME])]) +m4_ifndef([_LT_COMPILER_BOILERPLATE], [AC_DEFUN([_LT_COMPILER_BOILERPLATE])]) +m4_ifndef([_LT_LINKER_BOILERPLATE], [AC_DEFUN([_LT_LINKER_BOILERPLATE])]) +m4_ifndef([_AC_PROG_LIBTOOL], [AC_DEFUN([_AC_PROG_LIBTOOL])]) +m4_ifndef([AC_LIBTOOL_SETUP], [AC_DEFUN([AC_LIBTOOL_SETUP])]) +m4_ifndef([_LT_AC_CHECK_DLFCN], [AC_DEFUN([_LT_AC_CHECK_DLFCN])]) +m4_ifndef([AC_LIBTOOL_SYS_DYNAMIC_LINKER], [AC_DEFUN([AC_LIBTOOL_SYS_DYNAMIC_LINKER])]) +m4_ifndef([_LT_AC_TAGCONFIG], [AC_DEFUN([_LT_AC_TAGCONFIG])]) +m4_ifndef([AC_DISABLE_FAST_INSTALL], [AC_DEFUN([AC_DISABLE_FAST_INSTALL])]) +m4_ifndef([_LT_AC_LANG_CXX], [AC_DEFUN([_LT_AC_LANG_CXX])]) +m4_ifndef([_LT_AC_LANG_F77], [AC_DEFUN([_LT_AC_LANG_F77])]) +m4_ifndef([_LT_AC_LANG_GCJ], [AC_DEFUN([_LT_AC_LANG_GCJ])]) +m4_ifndef([AC_LIBTOOL_LANG_C_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_C_CONFIG])]) +m4_ifndef([_LT_AC_LANG_C_CONFIG], [AC_DEFUN([_LT_AC_LANG_C_CONFIG])]) +m4_ifndef([AC_LIBTOOL_LANG_CXX_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_CXX_CONFIG])]) +m4_ifndef([_LT_AC_LANG_CXX_CONFIG], [AC_DEFUN([_LT_AC_LANG_CXX_CONFIG])]) +m4_ifndef([AC_LIBTOOL_LANG_F77_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_F77_CONFIG])]) +m4_ifndef([_LT_AC_LANG_F77_CONFIG], [AC_DEFUN([_LT_AC_LANG_F77_CONFIG])]) +m4_ifndef([AC_LIBTOOL_LANG_GCJ_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_GCJ_CONFIG])]) +m4_ifndef([_LT_AC_LANG_GCJ_CONFIG], [AC_DEFUN([_LT_AC_LANG_GCJ_CONFIG])]) +m4_ifndef([AC_LIBTOOL_LANG_RC_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_RC_CONFIG])]) +m4_ifndef([_LT_AC_LANG_RC_CONFIG], [AC_DEFUN([_LT_AC_LANG_RC_CONFIG])]) +m4_ifndef([AC_LIBTOOL_CONFIG], [AC_DEFUN([AC_LIBTOOL_CONFIG])]) +m4_ifndef([_LT_AC_FILE_LTDLL_C], [AC_DEFUN([_LT_AC_FILE_LTDLL_C])]) +m4_ifndef([_LT_REQUIRED_DARWIN_CHECKS], [AC_DEFUN([_LT_REQUIRED_DARWIN_CHECKS])]) +m4_ifndef([_LT_AC_PROG_CXXCPP], [AC_DEFUN([_LT_AC_PROG_CXXCPP])]) +m4_ifndef([_LT_PREPARE_SED_QUOTE_VARS], [AC_DEFUN([_LT_PREPARE_SED_QUOTE_VARS])]) +m4_ifndef([_LT_PROG_ECHO_BACKSLASH], [AC_DEFUN([_LT_PROG_ECHO_BACKSLASH])]) +m4_ifndef([_LT_PROG_F77], [AC_DEFUN([_LT_PROG_F77])]) +m4_ifndef([_LT_PROG_FC], [AC_DEFUN([_LT_PROG_FC])]) +m4_ifndef([_LT_PROG_CXX], [AC_DEFUN([_LT_PROG_CXX])]) + +# nls.m4 serial 5 (gettext-0.18) +dnl Copyright (C) 1995-2003, 2005-2006, 2008-2010 Free Software Foundation, +dnl Inc. +dnl This file is free software; the Free Software Foundation +dnl gives unlimited permission to copy and/or distribute it, +dnl with or without modifications, as long as this notice is preserved. +dnl +dnl This file can can be used in projects which are not available under +dnl the GNU General Public License or the GNU Library General Public +dnl License but which still want to provide support for the GNU gettext +dnl functionality. +dnl Please note that the actual code of the GNU gettext library is covered +dnl by the GNU Library General Public License, and the rest of the GNU +dnl gettext package package is covered by the GNU General Public License. +dnl They are *not* in the public domain. + +dnl Authors: +dnl Ulrich Drepper , 1995-2000. +dnl Bruno Haible , 2000-2003. + +AC_PREREQ([2.50]) + +AC_DEFUN([AM_NLS], +[ + AC_MSG_CHECKING([whether NLS is requested]) + dnl Default is enabled NLS + AC_ARG_ENABLE([nls], + [ --disable-nls do not use Native Language Support], + USE_NLS=$enableval, USE_NLS=yes) + AC_MSG_RESULT([$USE_NLS]) + AC_SUBST([USE_NLS]) +]) + +# pkg.m4 - Macros to locate and utilise pkg-config. -*- Autoconf -*- +# serial 1 (pkg-config-0.24) +# +# Copyright © 2004 Scott James Remnant . +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. +# +# As a special exception to the GNU General Public License, if you +# distribute this file as part of a program that contains a +# configuration script generated by Autoconf, you may include it under +# the same distribution terms that you use for the rest of that program. + +# PKG_PROG_PKG_CONFIG([MIN-VERSION]) +# ---------------------------------- +AC_DEFUN([PKG_PROG_PKG_CONFIG], +[m4_pattern_forbid([^_?PKG_[A-Z_]+$]) +m4_pattern_allow([^PKG_CONFIG(_PATH)?$]) +AC_ARG_VAR([PKG_CONFIG], [path to pkg-config utility]) +AC_ARG_VAR([PKG_CONFIG_PATH], [directories to add to pkg-config's search path]) +AC_ARG_VAR([PKG_CONFIG_LIBDIR], [path overriding pkg-config's built-in search path]) + +if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then + AC_PATH_TOOL([PKG_CONFIG], [pkg-config]) +fi +if test -n "$PKG_CONFIG"; then + _pkg_min_version=m4_default([$1], [0.9.0]) + AC_MSG_CHECKING([pkg-config is at least version $_pkg_min_version]) + if $PKG_CONFIG --atleast-pkgconfig-version $_pkg_min_version; then + AC_MSG_RESULT([yes]) + else + AC_MSG_RESULT([no]) + PKG_CONFIG="" + fi +fi[]dnl +])# PKG_PROG_PKG_CONFIG + +# PKG_CHECK_EXISTS(MODULES, [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND]) +# +# Check to see whether a particular set of modules exists. Similar +# to PKG_CHECK_MODULES(), but does not set variables or print errors. +# +# Please remember that m4 expands AC_REQUIRE([PKG_PROG_PKG_CONFIG]) +# only at the first occurence in configure.ac, so if the first place +# it's called might be skipped (such as if it is within an "if", you +# have to call PKG_CHECK_EXISTS manually +# -------------------------------------------------------------- +AC_DEFUN([PKG_CHECK_EXISTS], +[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl +if test -n "$PKG_CONFIG" && \ + AC_RUN_LOG([$PKG_CONFIG --exists --print-errors "$1"]); then + m4_default([$2], [:]) +m4_ifvaln([$3], [else + $3])dnl +fi]) + +# _PKG_CONFIG([VARIABLE], [COMMAND], [MODULES]) +# --------------------------------------------- +m4_define([_PKG_CONFIG], +[if test -n "$$1"; then + pkg_cv_[]$1="$$1" + elif test -n "$PKG_CONFIG"; then + PKG_CHECK_EXISTS([$3], + [pkg_cv_[]$1=`$PKG_CONFIG --[]$2 "$3" 2>/dev/null`], + [pkg_failed=yes]) + else + pkg_failed=untried +fi[]dnl +])# _PKG_CONFIG + +# _PKG_SHORT_ERRORS_SUPPORTED +# ----------------------------- +AC_DEFUN([_PKG_SHORT_ERRORS_SUPPORTED], +[AC_REQUIRE([PKG_PROG_PKG_CONFIG]) +if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then + _pkg_short_errors_supported=yes +else + _pkg_short_errors_supported=no +fi[]dnl +])# _PKG_SHORT_ERRORS_SUPPORTED + + +# PKG_CHECK_MODULES(VARIABLE-PREFIX, MODULES, [ACTION-IF-FOUND], +# [ACTION-IF-NOT-FOUND]) +# +# +# Note that if there is a possibility the first call to +# PKG_CHECK_MODULES might not happen, you should be sure to include an +# explicit call to PKG_PROG_PKG_CONFIG in your configure.ac +# +# +# -------------------------------------------------------------- +AC_DEFUN([PKG_CHECK_MODULES], +[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl +AC_ARG_VAR([$1][_CFLAGS], [C compiler flags for $1, overriding pkg-config])dnl +AC_ARG_VAR([$1][_LIBS], [linker flags for $1, overriding pkg-config])dnl + +pkg_failed=no +AC_MSG_CHECKING([for $1]) + +_PKG_CONFIG([$1][_CFLAGS], [cflags], [$2]) +_PKG_CONFIG([$1][_LIBS], [libs], [$2]) + +m4_define([_PKG_TEXT], [Alternatively, you may set the environment variables $1[]_CFLAGS +and $1[]_LIBS to avoid the need to call pkg-config. +See the pkg-config man page for more details.]) + +if test $pkg_failed = yes; then + AC_MSG_RESULT([no]) + _PKG_SHORT_ERRORS_SUPPORTED + if test $_pkg_short_errors_supported = yes; then + $1[]_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors "$2" 2>&1` + else + $1[]_PKG_ERRORS=`$PKG_CONFIG --print-errors "$2" 2>&1` + fi + # Put the nasty error message in config.log where it belongs + echo "$$1[]_PKG_ERRORS" >&AS_MESSAGE_LOG_FD + + m4_default([$4], [AC_MSG_ERROR( +[Package requirements ($2) were not met: + +$$1_PKG_ERRORS + +Consider adjusting the PKG_CONFIG_PATH environment variable if you +installed software in a non-standard prefix. + +_PKG_TEXT]) + ]) +elif test $pkg_failed = untried; then + AC_MSG_RESULT([no]) + m4_default([$4], [AC_MSG_FAILURE( +[The pkg-config script could not be found or is too old. Make sure it +is in your PATH or set the PKG_CONFIG environment variable to the full +path to pkg-config. + +_PKG_TEXT + +To get pkg-config, see .]) + ]) +else + $1[]_CFLAGS=$pkg_cv_[]$1[]_CFLAGS + $1[]_LIBS=$pkg_cv_[]$1[]_LIBS + AC_MSG_RESULT([yes]) + $3 +fi[]dnl +])# PKG_CHECK_MODULES + +# Copyright (C) 2002, 2003, 2005, 2006, 2007, 2008, 2011 Free Software +# Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# serial 1 + +# AM_AUTOMAKE_VERSION(VERSION) +# ---------------------------- +# Automake X.Y traces this macro to ensure aclocal.m4 has been +# generated from the m4 files accompanying Automake X.Y. +# (This private macro should not be called outside this file.) +AC_DEFUN([AM_AUTOMAKE_VERSION], +[am__api_version='1.11' +dnl Some users find AM_AUTOMAKE_VERSION and mistake it for a way to +dnl require some minimum version. Point them to the right macro. +m4_if([$1], [1.11.3], [], + [AC_FATAL([Do not call $0, use AM_INIT_AUTOMAKE([$1]).])])dnl +]) + +# _AM_AUTOCONF_VERSION(VERSION) +# ----------------------------- +# aclocal traces this macro to find the Autoconf version. +# This is a private macro too. Using m4_define simplifies +# the logic in aclocal, which can simply ignore this definition. +m4_define([_AM_AUTOCONF_VERSION], []) + +# AM_SET_CURRENT_AUTOMAKE_VERSION +# ------------------------------- +# Call AM_AUTOMAKE_VERSION and AM_AUTOMAKE_VERSION so they can be traced. +# This function is AC_REQUIREd by AM_INIT_AUTOMAKE. +AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION], +[AM_AUTOMAKE_VERSION([1.11.3])dnl +m4_ifndef([AC_AUTOCONF_VERSION], + [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl +_AM_AUTOCONF_VERSION(m4_defn([AC_AUTOCONF_VERSION]))]) + +# AM_AUX_DIR_EXPAND -*- Autoconf -*- + +# Copyright (C) 2001, 2003, 2005, 2011 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# serial 1 + +# For projects using AC_CONFIG_AUX_DIR([foo]), Autoconf sets +# $ac_aux_dir to `$srcdir/foo'. In other projects, it is set to +# `$srcdir', `$srcdir/..', or `$srcdir/../..'. +# +# Of course, Automake must honor this variable whenever it calls a +# tool from the auxiliary directory. The problem is that $srcdir (and +# therefore $ac_aux_dir as well) can be either absolute or relative, +# depending on how configure is run. This is pretty annoying, since +# it makes $ac_aux_dir quite unusable in subdirectories: in the top +# source directory, any form will work fine, but in subdirectories a +# relative path needs to be adjusted first. +# +# $ac_aux_dir/missing +# fails when called from a subdirectory if $ac_aux_dir is relative +# $top_srcdir/$ac_aux_dir/missing +# fails if $ac_aux_dir is absolute, +# fails when called from a subdirectory in a VPATH build with +# a relative $ac_aux_dir +# +# The reason of the latter failure is that $top_srcdir and $ac_aux_dir +# are both prefixed by $srcdir. In an in-source build this is usually +# harmless because $srcdir is `.', but things will broke when you +# start a VPATH build or use an absolute $srcdir. +# +# So we could use something similar to $top_srcdir/$ac_aux_dir/missing, +# iff we strip the leading $srcdir from $ac_aux_dir. That would be: +# am_aux_dir='\$(top_srcdir)/'`expr "$ac_aux_dir" : "$srcdir//*\(.*\)"` +# and then we would define $MISSING as +# MISSING="\${SHELL} $am_aux_dir/missing" +# This will work as long as MISSING is not called from configure, because +# unfortunately $(top_srcdir) has no meaning in configure. +# However there are other variables, like CC, which are often used in +# configure, and could therefore not use this "fixed" $ac_aux_dir. +# +# Another solution, used here, is to always expand $ac_aux_dir to an +# absolute PATH. The drawback is that using absolute paths prevent a +# configured tree to be moved without reconfiguration. + +AC_DEFUN([AM_AUX_DIR_EXPAND], +[dnl Rely on autoconf to set up CDPATH properly. +AC_PREREQ([2.50])dnl +# expand $ac_aux_dir to an absolute path +am_aux_dir=`cd $ac_aux_dir && pwd` +]) + + +# Copyright (C) 1996, 1997, 1999, 2000, 2001, 2002, 2003, 2005 +# Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# serial 4 + +# This was merged into AC_PROG_CC in Autoconf. + +AU_DEFUN([AM_PROG_CC_STDC], +[AC_PROG_CC +AC_DIAGNOSE([obsolete], [$0: + your code should no longer depend upon `am_cv_prog_cc_stdc', but upon + `ac_cv_prog_cc_stdc'. Remove this warning and the assignment when + you adjust the code. You can also remove the above call to + AC_PROG_CC if you already called it elsewhere.]) +am_cv_prog_cc_stdc=$ac_cv_prog_cc_stdc +]) +AU_DEFUN([fp_PROG_CC_STDC]) + +# AM_CONDITIONAL -*- Autoconf -*- + +# Copyright (C) 1997, 2000, 2001, 2003, 2004, 2005, 2006, 2008 +# Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# serial 9 + +# AM_CONDITIONAL(NAME, SHELL-CONDITION) +# ------------------------------------- +# Define a conditional. +AC_DEFUN([AM_CONDITIONAL], +[AC_PREREQ(2.52)dnl + ifelse([$1], [TRUE], [AC_FATAL([$0: invalid condition: $1])], + [$1], [FALSE], [AC_FATAL([$0: invalid condition: $1])])dnl +AC_SUBST([$1_TRUE])dnl +AC_SUBST([$1_FALSE])dnl +_AM_SUBST_NOTMAKE([$1_TRUE])dnl +_AM_SUBST_NOTMAKE([$1_FALSE])dnl +m4_define([_AM_COND_VALUE_$1], [$2])dnl +if $2; then + $1_TRUE= + $1_FALSE='#' +else + $1_TRUE='#' + $1_FALSE= +fi +AC_CONFIG_COMMANDS_PRE( +[if test -z "${$1_TRUE}" && test -z "${$1_FALSE}"; then + AC_MSG_ERROR([[conditional "$1" was never defined. +Usually this means the macro was only invoked conditionally.]]) +fi])]) + +# Copyright (C) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2009, +# 2010, 2011 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# serial 12 + +# There are a few dirty hacks below to avoid letting `AC_PROG_CC' be +# written in clear, in which case automake, when reading aclocal.m4, +# will think it sees a *use*, and therefore will trigger all it's +# C support machinery. Also note that it means that autoscan, seeing +# CC etc. in the Makefile, will ask for an AC_PROG_CC use... + + +# _AM_DEPENDENCIES(NAME) +# ---------------------- +# See how the compiler implements dependency checking. +# NAME is "CC", "CXX", "GCJ", or "OBJC". +# We try a few techniques and use that to set a single cache variable. +# +# We don't AC_REQUIRE the corresponding AC_PROG_CC since the latter was +# modified to invoke _AM_DEPENDENCIES(CC); we would have a circular +# dependency, and given that the user is not expected to run this macro, +# just rely on AC_PROG_CC. +AC_DEFUN([_AM_DEPENDENCIES], +[AC_REQUIRE([AM_SET_DEPDIR])dnl +AC_REQUIRE([AM_OUTPUT_DEPENDENCY_COMMANDS])dnl +AC_REQUIRE([AM_MAKE_INCLUDE])dnl +AC_REQUIRE([AM_DEP_TRACK])dnl + +ifelse([$1], CC, [depcc="$CC" am_compiler_list=], + [$1], CXX, [depcc="$CXX" am_compiler_list=], + [$1], OBJC, [depcc="$OBJC" am_compiler_list='gcc3 gcc'], + [$1], UPC, [depcc="$UPC" am_compiler_list=], + [$1], GCJ, [depcc="$GCJ" am_compiler_list='gcc3 gcc'], + [depcc="$$1" am_compiler_list=]) + +AC_CACHE_CHECK([dependency style of $depcc], + [am_cv_$1_dependencies_compiler_type], +[if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then + # We make a subdir and do the tests there. Otherwise we can end up + # making bogus files that we don't know about and never remove. For + # instance it was reported that on HP-UX the gcc test will end up + # making a dummy file named `D' -- because `-MD' means `put the output + # in D'. + rm -rf conftest.dir + mkdir conftest.dir + # Copy depcomp to subdir because otherwise we won't find it if we're + # using a relative directory. + cp "$am_depcomp" conftest.dir + cd conftest.dir + # We will build objects and dependencies in a subdirectory because + # it helps to detect inapplicable dependency modes. For instance + # both Tru64's cc and ICC support -MD to output dependencies as a + # side effect of compilation, but ICC will put the dependencies in + # the current directory while Tru64 will put them in the object + # directory. + mkdir sub + + am_cv_$1_dependencies_compiler_type=none + if test "$am_compiler_list" = ""; then + am_compiler_list=`sed -n ['s/^#*\([a-zA-Z0-9]*\))$/\1/p'] < ./depcomp` + fi + am__universal=false + m4_case([$1], [CC], + [case " $depcc " in #( + *\ -arch\ *\ -arch\ *) am__universal=true ;; + esac], + [CXX], + [case " $depcc " in #( + *\ -arch\ *\ -arch\ *) am__universal=true ;; + esac]) + + for depmode in $am_compiler_list; do + # Setup a source with many dependencies, because some compilers + # like to wrap large dependency lists on column 80 (with \), and + # we should not choose a depcomp mode which is confused by this. + # + # We need to recreate these files for each test, as the compiler may + # overwrite some of them when testing with obscure command lines. + # This happens at least with the AIX C compiler. + : > sub/conftest.c + for i in 1 2 3 4 5 6; do + echo '#include "conftst'$i'.h"' >> sub/conftest.c + # Using `: > sub/conftst$i.h' creates only sub/conftst1.h with + # Solaris 8's {/usr,}/bin/sh. + touch sub/conftst$i.h + done + echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf + + # We check with `-c' and `-o' for the sake of the "dashmstdout" + # mode. It turns out that the SunPro C++ compiler does not properly + # handle `-M -o', and we need to detect this. Also, some Intel + # versions had trouble with output in subdirs + am__obj=sub/conftest.${OBJEXT-o} + am__minus_obj="-o $am__obj" + case $depmode in + gcc) + # This depmode causes a compiler race in universal mode. + test "$am__universal" = false || continue + ;; + nosideeffect) + # after this tag, mechanisms are not by side-effect, so they'll + # only be used when explicitly requested + if test "x$enable_dependency_tracking" = xyes; then + continue + else + break + fi + ;; + msvc7 | msvc7msys | msvisualcpp | msvcmsys) + # This compiler won't grok `-c -o', but also, the minuso test has + # not run yet. These depmodes are late enough in the game, and + # so weak that their functioning should not be impacted. + am__obj=conftest.${OBJEXT-o} + am__minus_obj= + ;; + none) break ;; + esac + if depmode=$depmode \ + source=sub/conftest.c object=$am__obj \ + depfile=sub/conftest.Po tmpdepfile=sub/conftest.TPo \ + $SHELL ./depcomp $depcc -c $am__minus_obj sub/conftest.c \ + >/dev/null 2>conftest.err && + grep sub/conftst1.h sub/conftest.Po > /dev/null 2>&1 && + grep sub/conftst6.h sub/conftest.Po > /dev/null 2>&1 && + grep $am__obj sub/conftest.Po > /dev/null 2>&1 && + ${MAKE-make} -s -f confmf > /dev/null 2>&1; then + # icc doesn't choke on unknown options, it will just issue warnings + # or remarks (even with -Werror). So we grep stderr for any message + # that says an option was ignored or not supported. + # When given -MP, icc 7.0 and 7.1 complain thusly: + # icc: Command line warning: ignoring option '-M'; no argument required + # The diagnosis changed in icc 8.0: + # icc: Command line remark: option '-MP' not supported + if (grep 'ignoring option' conftest.err || + grep 'not supported' conftest.err) >/dev/null 2>&1; then :; else + am_cv_$1_dependencies_compiler_type=$depmode + break + fi + fi + done + + cd .. + rm -rf conftest.dir +else + am_cv_$1_dependencies_compiler_type=none +fi +]) +AC_SUBST([$1DEPMODE], [depmode=$am_cv_$1_dependencies_compiler_type]) +AM_CONDITIONAL([am__fastdep$1], [ + test "x$enable_dependency_tracking" != xno \ + && test "$am_cv_$1_dependencies_compiler_type" = gcc3]) +]) + + +# AM_SET_DEPDIR +# ------------- +# Choose a directory name for dependency files. +# This macro is AC_REQUIREd in _AM_DEPENDENCIES +AC_DEFUN([AM_SET_DEPDIR], +[AC_REQUIRE([AM_SET_LEADING_DOT])dnl +AC_SUBST([DEPDIR], ["${am__leading_dot}deps"])dnl +]) + + +# AM_DEP_TRACK +# ------------ +AC_DEFUN([AM_DEP_TRACK], +[AC_ARG_ENABLE(dependency-tracking, +[ --disable-dependency-tracking speeds up one-time build + --enable-dependency-tracking do not reject slow dependency extractors]) +if test "x$enable_dependency_tracking" != xno; then + am_depcomp="$ac_aux_dir/depcomp" + AMDEPBACKSLASH='\' + am__nodep='_no' +fi +AM_CONDITIONAL([AMDEP], [test "x$enable_dependency_tracking" != xno]) +AC_SUBST([AMDEPBACKSLASH])dnl +_AM_SUBST_NOTMAKE([AMDEPBACKSLASH])dnl +AC_SUBST([am__nodep])dnl +_AM_SUBST_NOTMAKE([am__nodep])dnl +]) + +# Generate code to set up dependency tracking. -*- Autoconf -*- + +# Copyright (C) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2008 +# Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +#serial 5 + +# _AM_OUTPUT_DEPENDENCY_COMMANDS +# ------------------------------ +AC_DEFUN([_AM_OUTPUT_DEPENDENCY_COMMANDS], +[{ + # Autoconf 2.62 quotes --file arguments for eval, but not when files + # are listed without --file. Let's play safe and only enable the eval + # if we detect the quoting. + case $CONFIG_FILES in + *\'*) eval set x "$CONFIG_FILES" ;; + *) set x $CONFIG_FILES ;; + esac + shift + for mf + do + # Strip MF so we end up with the name of the file. + mf=`echo "$mf" | sed -e 's/:.*$//'` + # Check whether this is an Automake generated Makefile or not. + # We used to match only the files named `Makefile.in', but + # some people rename them; so instead we look at the file content. + # Grep'ing the first line is not enough: some people post-process + # each Makefile.in and add a new line on top of each file to say so. + # Grep'ing the whole file is not good either: AIX grep has a line + # limit of 2048, but all sed's we know have understand at least 4000. + if sed -n 's,^#.*generated by automake.*,X,p' "$mf" | grep X >/dev/null 2>&1; then + dirpart=`AS_DIRNAME("$mf")` + else + continue + fi + # Extract the definition of DEPDIR, am__include, and am__quote + # from the Makefile without running `make'. + DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"` + test -z "$DEPDIR" && continue + am__include=`sed -n 's/^am__include = //p' < "$mf"` + test -z "am__include" && continue + am__quote=`sed -n 's/^am__quote = //p' < "$mf"` + # When using ansi2knr, U may be empty or an underscore; expand it + U=`sed -n 's/^U = //p' < "$mf"` + # Find all dependency output files, they are included files with + # $(DEPDIR) in their names. We invoke sed twice because it is the + # simplest approach to changing $(DEPDIR) to its actual value in the + # expansion. + for file in `sed -n " + s/^$am__include $am__quote\(.*(DEPDIR).*\)$am__quote"'$/\1/p' <"$mf" | \ + sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g' -e 's/\$U/'"$U"'/g'`; do + # Make sure the directory exists. + test -f "$dirpart/$file" && continue + fdir=`AS_DIRNAME(["$file"])` + AS_MKDIR_P([$dirpart/$fdir]) + # echo "creating $dirpart/$file" + echo '# dummy' > "$dirpart/$file" + done + done +} +])# _AM_OUTPUT_DEPENDENCY_COMMANDS + + +# AM_OUTPUT_DEPENDENCY_COMMANDS +# ----------------------------- +# This macro should only be invoked once -- use via AC_REQUIRE. +# +# This code is only required when automatic dependency tracking +# is enabled. FIXME. This creates each `.P' file that we will +# need in order to bootstrap the dependency handling code. +AC_DEFUN([AM_OUTPUT_DEPENDENCY_COMMANDS], +[AC_CONFIG_COMMANDS([depfiles], + [test x"$AMDEP_TRUE" != x"" || _AM_OUTPUT_DEPENDENCY_COMMANDS], + [AMDEP_TRUE="$AMDEP_TRUE" ac_aux_dir="$ac_aux_dir"]) +]) + +# Copyright (C) 1996, 1997, 2000, 2001, 2003, 2005 +# Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# serial 8 + +# AM_CONFIG_HEADER is obsolete. It has been replaced by AC_CONFIG_HEADERS. +AU_DEFUN([AM_CONFIG_HEADER], [AC_CONFIG_HEADERS($@)]) + +# Do all the work for Automake. -*- Autoconf -*- + +# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, +# 2005, 2006, 2008, 2009 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# serial 16 + +# This macro actually does too much. Some checks are only needed if +# your package does certain things. But this isn't really a big deal. + +# AM_INIT_AUTOMAKE(PACKAGE, VERSION, [NO-DEFINE]) +# AM_INIT_AUTOMAKE([OPTIONS]) +# ----------------------------------------------- +# The call with PACKAGE and VERSION arguments is the old style +# call (pre autoconf-2.50), which is being phased out. PACKAGE +# and VERSION should now be passed to AC_INIT and removed from +# the call to AM_INIT_AUTOMAKE. +# We support both call styles for the transition. After +# the next Automake release, Autoconf can make the AC_INIT +# arguments mandatory, and then we can depend on a new Autoconf +# release and drop the old call support. +AC_DEFUN([AM_INIT_AUTOMAKE], +[AC_PREREQ([2.62])dnl +dnl Autoconf wants to disallow AM_ names. We explicitly allow +dnl the ones we care about. +m4_pattern_allow([^AM_[A-Z]+FLAGS$])dnl +AC_REQUIRE([AM_SET_CURRENT_AUTOMAKE_VERSION])dnl +AC_REQUIRE([AC_PROG_INSTALL])dnl +if test "`cd $srcdir && pwd`" != "`pwd`"; then + # Use -I$(srcdir) only when $(srcdir) != ., so that make's output + # is not polluted with repeated "-I." + AC_SUBST([am__isrc], [' -I$(srcdir)'])_AM_SUBST_NOTMAKE([am__isrc])dnl + # test to see if srcdir already configured + if test -f $srcdir/config.status; then + AC_MSG_ERROR([source directory already configured; run "make distclean" there first]) + fi +fi + +# test whether we have cygpath +if test -z "$CYGPATH_W"; then + if (cygpath --version) >/dev/null 2>/dev/null; then + CYGPATH_W='cygpath -w' + else + CYGPATH_W=echo + fi +fi +AC_SUBST([CYGPATH_W]) + +# Define the identity of the package. +dnl Distinguish between old-style and new-style calls. +m4_ifval([$2], +[m4_ifval([$3], [_AM_SET_OPTION([no-define])])dnl + AC_SUBST([PACKAGE], [$1])dnl + AC_SUBST([VERSION], [$2])], +[_AM_SET_OPTIONS([$1])dnl +dnl Diagnose old-style AC_INIT with new-style AM_AUTOMAKE_INIT. +m4_if(m4_ifdef([AC_PACKAGE_NAME], 1)m4_ifdef([AC_PACKAGE_VERSION], 1), 11,, + [m4_fatal([AC_INIT should be called with package and version arguments])])dnl + AC_SUBST([PACKAGE], ['AC_PACKAGE_TARNAME'])dnl + AC_SUBST([VERSION], ['AC_PACKAGE_VERSION'])])dnl + +_AM_IF_OPTION([no-define],, +[AC_DEFINE_UNQUOTED(PACKAGE, "$PACKAGE", [Name of package]) + AC_DEFINE_UNQUOTED(VERSION, "$VERSION", [Version number of package])])dnl + +# Some tools Automake needs. +AC_REQUIRE([AM_SANITY_CHECK])dnl +AC_REQUIRE([AC_ARG_PROGRAM])dnl +AM_MISSING_PROG(ACLOCAL, aclocal-${am__api_version}) +AM_MISSING_PROG(AUTOCONF, autoconf) +AM_MISSING_PROG(AUTOMAKE, automake-${am__api_version}) +AM_MISSING_PROG(AUTOHEADER, autoheader) +AM_MISSING_PROG(MAKEINFO, makeinfo) +AC_REQUIRE([AM_PROG_INSTALL_SH])dnl +AC_REQUIRE([AM_PROG_INSTALL_STRIP])dnl +AC_REQUIRE([AM_PROG_MKDIR_P])dnl +# We need awk for the "check" target. The system "awk" is bad on +# some platforms. +AC_REQUIRE([AC_PROG_AWK])dnl +AC_REQUIRE([AC_PROG_MAKE_SET])dnl +AC_REQUIRE([AM_SET_LEADING_DOT])dnl +_AM_IF_OPTION([tar-ustar], [_AM_PROG_TAR([ustar])], + [_AM_IF_OPTION([tar-pax], [_AM_PROG_TAR([pax])], + [_AM_PROG_TAR([v7])])]) +_AM_IF_OPTION([no-dependencies],, +[AC_PROVIDE_IFELSE([AC_PROG_CC], + [_AM_DEPENDENCIES(CC)], + [define([AC_PROG_CC], + defn([AC_PROG_CC])[_AM_DEPENDENCIES(CC)])])dnl +AC_PROVIDE_IFELSE([AC_PROG_CXX], + [_AM_DEPENDENCIES(CXX)], + [define([AC_PROG_CXX], + defn([AC_PROG_CXX])[_AM_DEPENDENCIES(CXX)])])dnl +AC_PROVIDE_IFELSE([AC_PROG_OBJC], + [_AM_DEPENDENCIES(OBJC)], + [define([AC_PROG_OBJC], + defn([AC_PROG_OBJC])[_AM_DEPENDENCIES(OBJC)])])dnl +]) +_AM_IF_OPTION([silent-rules], [AC_REQUIRE([AM_SILENT_RULES])])dnl +dnl The `parallel-tests' driver may need to know about EXEEXT, so add the +dnl `am__EXEEXT' conditional if _AM_COMPILER_EXEEXT was seen. This macro +dnl is hooked onto _AC_COMPILER_EXEEXT early, see below. +AC_CONFIG_COMMANDS_PRE(dnl +[m4_provide_if([_AM_COMPILER_EXEEXT], + [AM_CONDITIONAL([am__EXEEXT], [test -n "$EXEEXT"])])])dnl +]) + +dnl Hook into `_AC_COMPILER_EXEEXT' early to learn its expansion. Do not +dnl add the conditional right here, as _AC_COMPILER_EXEEXT may be further +dnl mangled by Autoconf and run in a shell conditional statement. +m4_define([_AC_COMPILER_EXEEXT], +m4_defn([_AC_COMPILER_EXEEXT])[m4_provide([_AM_COMPILER_EXEEXT])]) + + +# When config.status generates a header, we must update the stamp-h file. +# This file resides in the same directory as the config header +# that is generated. The stamp files are numbered to have different names. + +# Autoconf calls _AC_AM_CONFIG_HEADER_HOOK (when defined) in the +# loop where config.status creates the headers, so we can generate +# our stamp files there. +AC_DEFUN([_AC_AM_CONFIG_HEADER_HOOK], +[# Compute $1's index in $config_headers. +_am_arg=$1 +_am_stamp_count=1 +for _am_header in $config_headers :; do + case $_am_header in + $_am_arg | $_am_arg:* ) + break ;; + * ) + _am_stamp_count=`expr $_am_stamp_count + 1` ;; + esac +done +echo "timestamp for $_am_arg" >`AS_DIRNAME(["$_am_arg"])`/stamp-h[]$_am_stamp_count]) + +# Copyright (C) 2001, 2003, 2005, 2008, 2011 Free Software Foundation, +# Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# serial 1 + +# AM_PROG_INSTALL_SH +# ------------------ +# Define $install_sh. +AC_DEFUN([AM_PROG_INSTALL_SH], +[AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl +if test x"${install_sh}" != xset; then + case $am_aux_dir in + *\ * | *\ *) + install_sh="\${SHELL} '$am_aux_dir/install-sh'" ;; + *) + install_sh="\${SHELL} $am_aux_dir/install-sh" + esac +fi +AC_SUBST(install_sh)]) + +# Copyright (C) 2003, 2005 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# serial 2 + +# Check whether the underlying file-system supports filenames +# with a leading dot. For instance MS-DOS doesn't. +AC_DEFUN([AM_SET_LEADING_DOT], +[rm -rf .tst 2>/dev/null +mkdir .tst 2>/dev/null +if test -d .tst; then + am__leading_dot=. +else + am__leading_dot=_ +fi +rmdir .tst 2>/dev/null +AC_SUBST([am__leading_dot])]) + +# Add --enable-maintainer-mode option to configure. -*- Autoconf -*- +# From Jim Meyering + +# Copyright (C) 1996, 1998, 2000, 2001, 2002, 2003, 2004, 2005, 2008, +# 2011 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# serial 5 + +# AM_MAINTAINER_MODE([DEFAULT-MODE]) +# ---------------------------------- +# Control maintainer-specific portions of Makefiles. +# Default is to disable them, unless `enable' is passed literally. +# For symmetry, `disable' may be passed as well. Anyway, the user +# can override the default with the --enable/--disable switch. +AC_DEFUN([AM_MAINTAINER_MODE], +[m4_case(m4_default([$1], [disable]), + [enable], [m4_define([am_maintainer_other], [disable])], + [disable], [m4_define([am_maintainer_other], [enable])], + [m4_define([am_maintainer_other], [enable]) + m4_warn([syntax], [unexpected argument to AM@&t@_MAINTAINER_MODE: $1])]) +AC_MSG_CHECKING([whether to enable maintainer-specific portions of Makefiles]) + dnl maintainer-mode's default is 'disable' unless 'enable' is passed + AC_ARG_ENABLE([maintainer-mode], +[ --][am_maintainer_other][-maintainer-mode am_maintainer_other make rules and dependencies not useful + (and sometimes confusing) to the casual installer], + [USE_MAINTAINER_MODE=$enableval], + [USE_MAINTAINER_MODE=]m4_if(am_maintainer_other, [enable], [no], [yes])) + AC_MSG_RESULT([$USE_MAINTAINER_MODE]) + AM_CONDITIONAL([MAINTAINER_MODE], [test $USE_MAINTAINER_MODE = yes]) + MAINT=$MAINTAINER_MODE_TRUE + AC_SUBST([MAINT])dnl +] +) + +AU_DEFUN([jm_MAINTAINER_MODE], [AM_MAINTAINER_MODE]) + +# Check to see how 'make' treats includes. -*- Autoconf -*- + +# Copyright (C) 2001, 2002, 2003, 2005, 2009 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# serial 4 + +# AM_MAKE_INCLUDE() +# ----------------- +# Check to see how make treats includes. +AC_DEFUN([AM_MAKE_INCLUDE], +[am_make=${MAKE-make} +cat > confinc << 'END' +am__doit: + @echo this is the am__doit target +.PHONY: am__doit +END +# If we don't find an include directive, just comment out the code. +AC_MSG_CHECKING([for style of include used by $am_make]) +am__include="#" +am__quote= +_am_result=none +# First try GNU make style include. +echo "include confinc" > confmf +# Ignore all kinds of additional output from `make'. +case `$am_make -s -f confmf 2> /dev/null` in #( +*the\ am__doit\ target*) + am__include=include + am__quote= + _am_result=GNU + ;; +esac +# Now try BSD make style include. +if test "$am__include" = "#"; then + echo '.include "confinc"' > confmf + case `$am_make -s -f confmf 2> /dev/null` in #( + *the\ am__doit\ target*) + am__include=.include + am__quote="\"" + _am_result=BSD + ;; + esac +fi +AC_SUBST([am__include]) +AC_SUBST([am__quote]) +AC_MSG_RESULT([$_am_result]) +rm -f confinc confmf +]) + +# Copyright (C) 1999, 2000, 2001, 2003, 2004, 2005, 2008 +# Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# serial 6 + +# AM_PROG_CC_C_O +# -------------- +# Like AC_PROG_CC_C_O, but changed for automake. +AC_DEFUN([AM_PROG_CC_C_O], +[AC_REQUIRE([AC_PROG_CC_C_O])dnl +AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl +AC_REQUIRE_AUX_FILE([compile])dnl +# FIXME: we rely on the cache variable name because +# there is no other way. +set dummy $CC +am_cc=`echo $[2] | sed ['s/[^a-zA-Z0-9_]/_/g;s/^[0-9]/_/']` +eval am_t=\$ac_cv_prog_cc_${am_cc}_c_o +if test "$am_t" != yes; then + # Losing compiler, so override with the script. + # FIXME: It is wrong to rewrite CC. + # But if we don't then we get into trouble of one sort or another. + # A longer-term fix would be to have automake use am__CC in this case, + # and then we could set am__CC="\$(top_srcdir)/compile \$(CC)" + CC="$am_aux_dir/compile $CC" +fi +dnl Make sure AC_PROG_CC is never called again, or it will override our +dnl setting of CC. +m4_define([AC_PROG_CC], + [m4_fatal([AC_PROG_CC cannot be called after AM_PROG_CC_C_O])]) +]) + +# Fake the existence of programs that GNU maintainers use. -*- Autoconf -*- + +# Copyright (C) 1997, 1999, 2000, 2001, 2003, 2004, 2005, 2008 +# Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# serial 6 + +# AM_MISSING_PROG(NAME, PROGRAM) +# ------------------------------ +AC_DEFUN([AM_MISSING_PROG], +[AC_REQUIRE([AM_MISSING_HAS_RUN]) +$1=${$1-"${am_missing_run}$2"} +AC_SUBST($1)]) + + +# AM_MISSING_HAS_RUN +# ------------------ +# Define MISSING if not defined so far and test if it supports --run. +# If it does, set am_missing_run to use it, otherwise, to nothing. +AC_DEFUN([AM_MISSING_HAS_RUN], +[AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl +AC_REQUIRE_AUX_FILE([missing])dnl +if test x"${MISSING+set}" != xset; then + case $am_aux_dir in + *\ * | *\ *) + MISSING="\${SHELL} \"$am_aux_dir/missing\"" ;; + *) + MISSING="\${SHELL} $am_aux_dir/missing" ;; + esac +fi +# Use eval to expand $SHELL +if eval "$MISSING --run true"; then + am_missing_run="$MISSING --run " +else + am_missing_run= + AC_MSG_WARN([`missing' script is too old or missing]) +fi +]) + +# Copyright (C) 2003, 2004, 2005, 2006, 2011 Free Software Foundation, +# Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# serial 1 + +# AM_PROG_MKDIR_P +# --------------- +# Check for `mkdir -p'. +AC_DEFUN([AM_PROG_MKDIR_P], +[AC_PREREQ([2.60])dnl +AC_REQUIRE([AC_PROG_MKDIR_P])dnl +dnl Automake 1.8 to 1.9.6 used to define mkdir_p. We now use MKDIR_P, +dnl while keeping a definition of mkdir_p for backward compatibility. +dnl @MKDIR_P@ is magic: AC_OUTPUT adjusts its value for each Makefile. +dnl However we cannot define mkdir_p as $(MKDIR_P) for the sake of +dnl Makefile.ins that do not define MKDIR_P, so we do our own +dnl adjustment using top_builddir (which is defined more often than +dnl MKDIR_P). +AC_SUBST([mkdir_p], ["$MKDIR_P"])dnl +case $mkdir_p in + [[\\/$]]* | ?:[[\\/]]*) ;; + */*) mkdir_p="\$(top_builddir)/$mkdir_p" ;; +esac +]) + +# Helper functions for option handling. -*- Autoconf -*- + +# Copyright (C) 2001, 2002, 2003, 2005, 2008, 2010 Free Software +# Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# serial 5 + +# _AM_MANGLE_OPTION(NAME) +# ----------------------- +AC_DEFUN([_AM_MANGLE_OPTION], +[[_AM_OPTION_]m4_bpatsubst($1, [[^a-zA-Z0-9_]], [_])]) + +# _AM_SET_OPTION(NAME) +# -------------------- +# Set option NAME. Presently that only means defining a flag for this option. +AC_DEFUN([_AM_SET_OPTION], +[m4_define(_AM_MANGLE_OPTION([$1]), 1)]) + +# _AM_SET_OPTIONS(OPTIONS) +# ------------------------ +# OPTIONS is a space-separated list of Automake options. +AC_DEFUN([_AM_SET_OPTIONS], +[m4_foreach_w([_AM_Option], [$1], [_AM_SET_OPTION(_AM_Option)])]) + +# _AM_IF_OPTION(OPTION, IF-SET, [IF-NOT-SET]) +# ------------------------------------------- +# Execute IF-SET if OPTION is set, IF-NOT-SET otherwise. +AC_DEFUN([_AM_IF_OPTION], +[m4_ifset(_AM_MANGLE_OPTION([$1]), [$2], [$3])]) + +# Check to make sure that the build environment is sane. -*- Autoconf -*- + +# Copyright (C) 1996, 1997, 2000, 2001, 2003, 2005, 2008 +# Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# serial 5 + +# AM_SANITY_CHECK +# --------------- +AC_DEFUN([AM_SANITY_CHECK], +[AC_MSG_CHECKING([whether build environment is sane]) +# Just in case +sleep 1 +echo timestamp > conftest.file +# Reject unsafe characters in $srcdir or the absolute working directory +# name. Accept space and tab only in the latter. +am_lf=' +' +case `pwd` in + *[[\\\"\#\$\&\'\`$am_lf]]*) + AC_MSG_ERROR([unsafe absolute working directory name]);; +esac +case $srcdir in + *[[\\\"\#\$\&\'\`$am_lf\ \ ]]*) + AC_MSG_ERROR([unsafe srcdir value: `$srcdir']);; +esac + +# Do `set' in a subshell so we don't clobber the current shell's +# arguments. Must try -L first in case configure is actually a +# symlink; some systems play weird games with the mod time of symlinks +# (eg FreeBSD returns the mod time of the symlink's containing +# directory). +if ( + set X `ls -Lt "$srcdir/configure" conftest.file 2> /dev/null` + if test "$[*]" = "X"; then + # -L didn't work. + set X `ls -t "$srcdir/configure" conftest.file` + fi + rm -f conftest.file + if test "$[*]" != "X $srcdir/configure conftest.file" \ + && test "$[*]" != "X conftest.file $srcdir/configure"; then + + # If neither matched, then we have a broken ls. This can happen + # if, for instance, CONFIG_SHELL is bash and it inherits a + # broken ls alias from the environment. This has actually + # happened. Such a system could not be considered "sane". + AC_MSG_ERROR([ls -t appears to fail. Make sure there is not a broken +alias in your environment]) + fi + + test "$[2]" = conftest.file + ) +then + # Ok. + : +else + AC_MSG_ERROR([newly created file is older than distributed files! +Check your system clock]) +fi +AC_MSG_RESULT(yes)]) + +# Copyright (C) 2009, 2011 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# serial 2 + +# AM_SILENT_RULES([DEFAULT]) +# -------------------------- +# Enable less verbose build rules; with the default set to DEFAULT +# (`yes' being less verbose, `no' or empty being verbose). +AC_DEFUN([AM_SILENT_RULES], +[AC_ARG_ENABLE([silent-rules], +[ --enable-silent-rules less verbose build output (undo: `make V=1') + --disable-silent-rules verbose build output (undo: `make V=0')]) +case $enable_silent_rules in +yes) AM_DEFAULT_VERBOSITY=0;; +no) AM_DEFAULT_VERBOSITY=1;; +*) AM_DEFAULT_VERBOSITY=m4_if([$1], [yes], [0], [1]);; +esac +dnl +dnl A few `make' implementations (e.g., NonStop OS and NextStep) +dnl do not support nested variable expansions. +dnl See automake bug#9928 and bug#10237. +am_make=${MAKE-make} +AC_CACHE_CHECK([whether $am_make supports nested variables], + [am_cv_make_support_nested_variables], + [if AS_ECHO([['TRUE=$(BAR$(V)) +BAR0=false +BAR1=true +V=1 +am__doit: + @$(TRUE) +.PHONY: am__doit']]) | $am_make -f - >/dev/null 2>&1; then + am_cv_make_support_nested_variables=yes +else + am_cv_make_support_nested_variables=no +fi]) +if test $am_cv_make_support_nested_variables = yes; then + dnl Using `$V' instead of `$(V)' breaks IRIX make. + AM_V='$(V)' + AM_DEFAULT_V='$(AM_DEFAULT_VERBOSITY)' +else + AM_V=$AM_DEFAULT_VERBOSITY + AM_DEFAULT_V=$AM_DEFAULT_VERBOSITY +fi +AC_SUBST([AM_V])dnl +AM_SUBST_NOTMAKE([AM_V])dnl +AC_SUBST([AM_DEFAULT_V])dnl +AM_SUBST_NOTMAKE([AM_DEFAULT_V])dnl +AC_SUBST([AM_DEFAULT_VERBOSITY])dnl +AM_BACKSLASH='\' +AC_SUBST([AM_BACKSLASH])dnl +_AM_SUBST_NOTMAKE([AM_BACKSLASH])dnl +]) + +# Copyright (C) 2001, 2003, 2005, 2011 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# serial 1 + +# AM_PROG_INSTALL_STRIP +# --------------------- +# One issue with vendor `install' (even GNU) is that you can't +# specify the program used to strip binaries. This is especially +# annoying in cross-compiling environments, where the build's strip +# is unlikely to handle the host's binaries. +# Fortunately install-sh will honor a STRIPPROG variable, so we +# always use install-sh in `make install-strip', and initialize +# STRIPPROG with the value of the STRIP variable (set by the user). +AC_DEFUN([AM_PROG_INSTALL_STRIP], +[AC_REQUIRE([AM_PROG_INSTALL_SH])dnl +# Installed binaries are usually stripped using `strip' when the user +# run `make install-strip'. However `strip' might not be the right +# tool to use in cross-compilation environments, therefore Automake +# will honor the `STRIP' environment variable to overrule this program. +dnl Don't test for $cross_compiling = yes, because it might be `maybe'. +if test "$cross_compiling" != no; then + AC_CHECK_TOOL([STRIP], [strip], :) +fi +INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s" +AC_SUBST([INSTALL_STRIP_PROGRAM])]) + +# Copyright (C) 2006, 2008, 2010 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# serial 3 + +# _AM_SUBST_NOTMAKE(VARIABLE) +# --------------------------- +# Prevent Automake from outputting VARIABLE = @VARIABLE@ in Makefile.in. +# This macro is traced by Automake. +AC_DEFUN([_AM_SUBST_NOTMAKE]) + +# AM_SUBST_NOTMAKE(VARIABLE) +# -------------------------- +# Public sister of _AM_SUBST_NOTMAKE. +AC_DEFUN([AM_SUBST_NOTMAKE], [_AM_SUBST_NOTMAKE($@)]) + +# Check how to create a tarball. -*- Autoconf -*- + +# Copyright (C) 2004, 2005, 2012 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# serial 2 + +# _AM_PROG_TAR(FORMAT) +# -------------------- +# Check how to create a tarball in format FORMAT. +# FORMAT should be one of `v7', `ustar', or `pax'. +# +# Substitute a variable $(am__tar) that is a command +# writing to stdout a FORMAT-tarball containing the directory +# $tardir. +# tardir=directory && $(am__tar) > result.tar +# +# Substitute a variable $(am__untar) that extract such +# a tarball read from stdin. +# $(am__untar) < result.tar +AC_DEFUN([_AM_PROG_TAR], +[# Always define AMTAR for backward compatibility. Yes, it's still used +# in the wild :-( We should find a proper way to deprecate it ... +AC_SUBST([AMTAR], ['$${TAR-tar}']) +m4_if([$1], [v7], + [am__tar='$${TAR-tar} chof - "$$tardir"' am__untar='$${TAR-tar} xf -'], + [m4_case([$1], [ustar],, [pax],, + [m4_fatal([Unknown tar format])]) +AC_MSG_CHECKING([how to create a $1 tar archive]) +# Loop over all known methods to create a tar archive until one works. +_am_tools='gnutar m4_if([$1], [ustar], [plaintar]) pax cpio none' +_am_tools=${am_cv_prog_tar_$1-$_am_tools} +# Do not fold the above two line into one, because Tru64 sh and +# Solaris sh will not grok spaces in the rhs of `-'. +for _am_tool in $_am_tools +do + case $_am_tool in + gnutar) + for _am_tar in tar gnutar gtar; + do + AM_RUN_LOG([$_am_tar --version]) && break + done + am__tar="$_am_tar --format=m4_if([$1], [pax], [posix], [$1]) -chf - "'"$$tardir"' + am__tar_="$_am_tar --format=m4_if([$1], [pax], [posix], [$1]) -chf - "'"$tardir"' + am__untar="$_am_tar -xf -" + ;; + plaintar) + # Must skip GNU tar: if it does not support --format= it doesn't create + # ustar tarball either. + (tar --version) >/dev/null 2>&1 && continue + am__tar='tar chf - "$$tardir"' + am__tar_='tar chf - "$tardir"' + am__untar='tar xf -' + ;; + pax) + am__tar='pax -L -x $1 -w "$$tardir"' + am__tar_='pax -L -x $1 -w "$tardir"' + am__untar='pax -r' + ;; + cpio) + am__tar='find "$$tardir" -print | cpio -o -H $1 -L' + am__tar_='find "$tardir" -print | cpio -o -H $1 -L' + am__untar='cpio -i -H $1 -d' + ;; + none) + am__tar=false + am__tar_=false + am__untar=false + ;; + esac + + # If the value was cached, stop now. We just wanted to have am__tar + # and am__untar set. + test -n "${am_cv_prog_tar_$1}" && break + + # tar/untar a dummy directory, and stop if the command works + rm -rf conftest.dir + mkdir conftest.dir + echo GrepMe > conftest.dir/file + AM_RUN_LOG([tardir=conftest.dir && eval $am__tar_ >conftest.tar]) + rm -rf conftest.dir + if test -s conftest.tar; then + AM_RUN_LOG([$am__untar /dev/null 2>&1 && break + fi +done +rm -rf conftest.dir + +AC_CACHE_VAL([am_cv_prog_tar_$1], [am_cv_prog_tar_$1=$_am_tool]) +AC_MSG_RESULT([$am_cv_prog_tar_$1])]) +AC_SUBST([am__tar]) +AC_SUBST([am__untar]) +]) # _AM_PROG_TAR + diff --git a/actions/Makefile.am b/actions/Makefile.am new file mode 100644 index 00000000..f111078f --- /dev/null +++ b/actions/Makefile.am @@ -0,0 +1,16 @@ + +polkit_actiondir = $(datadir)/polkit-1/actions + +dist_polkit_action_DATA = org.freedesktop.policykit.policy + +@INTLTOOL_POLICY_RULE@ + +#check: +# $(top_builddir)/tools/polkit-policy-file-validate-1 $(top_srcdir)/policy/$(dist_polkit_action_DATA) + +clean-local : + rm -f *~ + +DISTCLEANFILES = org.freedesktop.policykit.policy + +EXTRA_DIST = org.freedesktop.policykit.policy.in diff --git a/actions/Makefile.in b/actions/Makefile.in new file mode 100644 index 00000000..6b43620e --- /dev/null +++ b/actions/Makefile.in @@ -0,0 +1,494 @@ +# Makefile.in generated by automake 1.11.3 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software +# Foundation, Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +VPATH = @srcdir@ +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +subdir = actions +DIST_COMMON = $(dist_polkit_action_DATA) $(srcdir)/Makefile.am \ + $(srcdir)/Makefile.in +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/config.h +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +AM_V_GEN = $(am__v_GEN_@AM_V@) +am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) +am__v_GEN_0 = @echo " GEN " $@; +AM_V_at = $(am__v_at_@AM_V@) +am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) +am__v_at_0 = @ +SOURCES = +DIST_SOURCES = +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__uninstall_files_from_dir = { \ + test -z "$$files" \ + || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ + || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ + $(am__cd) "$$dir" && rm -f $$files; }; \ + } +am__installdirs = "$(DESTDIR)$(polkit_actiondir)" +DATA = $(dist_polkit_action_DATA) +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +ALL_LINGUAS = @ALL_LINGUAS@ +AMTAR = @AMTAR@ +AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ +AR = @AR@ +AUTH_LIBS = @AUTH_LIBS@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +CATALOGS = @CATALOGS@ +CATOBJEXT = @CATOBJEXT@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DATADIRNAME = @DATADIRNAME@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +EXPAT_LIBS = @EXPAT_LIBS@ +FGREP = @FGREP@ +GETTEXT_PACKAGE = @GETTEXT_PACKAGE@ +GLIB_CFLAGS = @GLIB_CFLAGS@ +GLIB_LIBS = @GLIB_LIBS@ +GMOFILES = @GMOFILES@ +GMSGFMT = @GMSGFMT@ +GREP = @GREP@ +GTKDOC_CHECK = @GTKDOC_CHECK@ +GTKDOC_DEPS_CFLAGS = @GTKDOC_DEPS_CFLAGS@ +GTKDOC_DEPS_LIBS = @GTKDOC_DEPS_LIBS@ +GTKDOC_MKPDF = @GTKDOC_MKPDF@ +GTKDOC_REBASE = @GTKDOC_REBASE@ +HAVE_PAM = @HAVE_PAM@ +HTML_DIR = @HTML_DIR@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +INSTOBJEXT = @INSTOBJEXT@ +INTLLIBS = @INTLLIBS@ +INTLTOOL_EXTRACT = @INTLTOOL_EXTRACT@ +INTLTOOL_MERGE = @INTLTOOL_MERGE@ +INTLTOOL_PERL = @INTLTOOL_PERL@ +INTLTOOL_UPDATE = @INTLTOOL_UPDATE@ +INTLTOOL_V_MERGE = @INTLTOOL_V_MERGE@ +INTLTOOL_V_MERGE_OPTIONS = @INTLTOOL_V_MERGE_OPTIONS@ +INTLTOOL__v_MERGE_ = @INTLTOOL__v_MERGE_@ +INTLTOOL__v_MERGE_0 = @INTLTOOL__v_MERGE_0@ +INTROSPECTION_CFLAGS = @INTROSPECTION_CFLAGS@ +INTROSPECTION_COMPILER = @INTROSPECTION_COMPILER@ +INTROSPECTION_GENERATE = @INTROSPECTION_GENERATE@ +INTROSPECTION_GIRDIR = @INTROSPECTION_GIRDIR@ +INTROSPECTION_LIBS = @INTROSPECTION_LIBS@ +INTROSPECTION_MAKEFILE = @INTROSPECTION_MAKEFILE@ +INTROSPECTION_SCANNER = @INTROSPECTION_SCANNER@ +INTROSPECTION_TYPELIBDIR = @INTROSPECTION_TYPELIBDIR@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +LT_AGE = @LT_AGE@ +LT_CURRENT = @LT_CURRENT@ +LT_REVISION = @LT_REVISION@ +MAINT = @MAINT@ +MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ +MKDIR_P = @MKDIR_P@ +MKINSTALLDIRS = @MKINSTALLDIRS@ +MSGFMT = @MSGFMT@ +MSGFMT_OPTS = @MSGFMT_OPTS@ +MSGMERGE = @MSGMERGE@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PAM_FILE_INCLUDE_ACCOUNT = @PAM_FILE_INCLUDE_ACCOUNT@ +PAM_FILE_INCLUDE_AUTH = @PAM_FILE_INCLUDE_AUTH@ +PAM_FILE_INCLUDE_PASSWORD = @PAM_FILE_INCLUDE_PASSWORD@ +PAM_FILE_INCLUDE_SESSION = @PAM_FILE_INCLUDE_SESSION@ +PAM_MODULE_DIR = @PAM_MODULE_DIR@ +PAM_PREFIX = @PAM_PREFIX@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +POFILES = @POFILES@ +POLKIT_AUTHFW = @POLKIT_AUTHFW@ +POSUB = @POSUB@ +PO_IN_DATADIR_FALSE = @PO_IN_DATADIR_FALSE@ +PO_IN_DATADIR_TRUE = @PO_IN_DATADIR_TRUE@ +RANLIB = @RANLIB@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +STRIP = @STRIP@ +SYSTEMD_CFLAGS = @SYSTEMD_CFLAGS@ +SYSTEMD_LIBS = @SYSTEMD_LIBS@ +USE_NLS = @USE_NLS@ +VERSION = @VERSION@ +XGETTEXT = @XGETTEXT@ +XSLTPROC = @XSLTPROC@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +intltool__v_merge_options_ = @intltool__v_merge_options_@ +intltool__v_merge_options_0 = @intltool__v_merge_options_0@ +libdir = @libdir@ +libexecdir = @libexecdir@ +localedir = @localedir@ +localstatedir = @localstatedir@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +subdirs = @subdirs@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +polkit_actiondir = $(datadir)/polkit-1/actions +dist_polkit_action_DATA = org.freedesktop.policykit.policy +DISTCLEANFILES = org.freedesktop.policykit.policy +EXTRA_DIST = org.freedesktop.policykit.policy.in +all: all-am + +.SUFFIXES: +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu actions/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu actions/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs +install-dist_polkit_actionDATA: $(dist_polkit_action_DATA) + @$(NORMAL_INSTALL) + test -z "$(polkit_actiondir)" || $(MKDIR_P) "$(DESTDIR)$(polkit_actiondir)" + @list='$(dist_polkit_action_DATA)'; test -n "$(polkit_actiondir)" || list=; \ + for p in $$list; do \ + if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; \ + done | $(am__base_list) | \ + while read files; do \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(polkit_actiondir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(polkit_actiondir)" || exit $$?; \ + done + +uninstall-dist_polkit_actionDATA: + @$(NORMAL_UNINSTALL) + @list='$(dist_polkit_action_DATA)'; test -n "$(polkit_actiondir)" || list=; \ + files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ + dir='$(DESTDIR)$(polkit_actiondir)'; $(am__uninstall_files_from_dir) +tags: TAGS +TAGS: + +ctags: CTAGS +CTAGS: + + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile $(DATA) +installdirs: + for dir in "$(DESTDIR)$(polkit_actiondir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + if test -z '$(STRIP)'; then \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + install; \ + else \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ + fi +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + -test -z "$(DISTCLEANFILES)" || rm -f $(DISTCLEANFILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic clean-libtool clean-local mostlyclean-am + +distclean: distclean-am + -rm -f Makefile +distclean-am: clean-am distclean-generic + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: install-dist_polkit_actionDATA + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-generic mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-dist_polkit_actionDATA + +.MAKE: install-am install-strip + +.PHONY: all all-am check check-am clean clean-generic clean-libtool \ + clean-local distclean distclean-generic distclean-libtool \ + distdir dvi dvi-am html html-am info info-am install \ + install-am install-data install-data-am \ + install-dist_polkit_actionDATA install-dvi install-dvi-am \ + install-exec install-exec-am install-html install-html-am \ + install-info install-info-am install-man install-pdf \ + install-pdf-am install-ps install-ps-am install-strip \ + installcheck installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-generic \ + mostlyclean-libtool pdf pdf-am ps ps-am uninstall uninstall-am \ + uninstall-dist_polkit_actionDATA + + +@INTLTOOL_POLICY_RULE@ + +#check: +# $(top_builddir)/tools/polkit-policy-file-validate-1 $(top_srcdir)/policy/$(dist_polkit_action_DATA) + +clean-local : + rm -f *~ + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/actions/org.freedesktop.policykit.policy b/actions/org.freedesktop.policykit.policy new file mode 100644 index 00000000..85dabcff --- /dev/null +++ b/actions/org.freedesktop.policykit.policy @@ -0,0 +1,33 @@ + + + + The PolicyKit Project + http://hal.freedesktop.org/docs/PolicyKit/ + + + Run programs as another user + Kør et program som en anden bruger + Authentication is required to run a program as another user + Autorisering er påkrævet for at afvikle et program som en anden bruger + + auth_admin + auth_admin + auth_admin + + + + + Configure lock down for an action + Konfigurer lock down for en action + Authentication is required to configure lock down policy + Autorisering er påkrævet for at konfigurer lock down + + no + no + auth_admin + + /usr/bin/pklalockdown + + \ No newline at end of file diff --git a/actions/org.freedesktop.policykit.policy.in b/actions/org.freedesktop.policykit.policy.in new file mode 100644 index 00000000..23608ee7 --- /dev/null +++ b/actions/org.freedesktop.policykit.policy.in @@ -0,0 +1,32 @@ + + + + + + + The PolicyKit Project + http://hal.freedesktop.org/docs/PolicyKit/ + + + <_description>Run programs as another user + <_message>Authentication is required to run a program as another user + + auth_admin + auth_admin + auth_admin + + + + + <_description>Configure lock down for an action + <_message>Authentication is required to configure lock down policy + + no + no + auth_admin + + /usr/bin/pklalockdown + + diff --git a/compile b/compile new file mode 100755 index 00000000..b1f47491 --- /dev/null +++ b/compile @@ -0,0 +1,310 @@ +#! /bin/sh +# Wrapper for compilers which do not understand '-c -o'. + +scriptversion=2012-01-04.17; # UTC + +# Copyright (C) 1999, 2000, 2003, 2004, 2005, 2009, 2010, 2012 Free +# Software Foundation, Inc. +# Written by Tom Tromey . +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2, or (at your option) +# any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +# As a special exception to the GNU General Public License, if you +# distribute this file as part of a program that contains a +# configuration script generated by Autoconf, you may include it under +# the same distribution terms that you use for the rest of that program. + +# This file is maintained in Automake, please report +# bugs to or send patches to +# . + +nl=' +' + +# We need space, tab and new line, in precisely that order. Quoting is +# there to prevent tools from complaining about whitespace usage. +IFS=" "" $nl" + +file_conv= + +# func_file_conv build_file lazy +# Convert a $build file to $host form and store it in $file +# Currently only supports Windows hosts. If the determined conversion +# type is listed in (the comma separated) LAZY, no conversion will +# take place. +func_file_conv () +{ + file=$1 + case $file in + / | /[!/]*) # absolute file, and not a UNC file + if test -z "$file_conv"; then + # lazily determine how to convert abs files + case `uname -s` in + MINGW*) + file_conv=mingw + ;; + CYGWIN*) + file_conv=cygwin + ;; + *) + file_conv=wine + ;; + esac + fi + case $file_conv/,$2, in + *,$file_conv,*) + ;; + mingw/*) + file=`cmd //C echo "$file " | sed -e 's/"\(.*\) " *$/\1/'` + ;; + cygwin/*) + file=`cygpath -m "$file" || echo "$file"` + ;; + wine/*) + file=`winepath -w "$file" || echo "$file"` + ;; + esac + ;; + esac +} + +# func_cl_wrapper cl arg... +# Adjust compile command to suit cl +func_cl_wrapper () +{ + # Assume a capable shell + lib_path= + shared=: + linker_opts= + for arg + do + if test -n "$eat"; then + eat= + else + case $1 in + -o) + # configure might choose to run compile as 'compile cc -o foo foo.c'. + eat=1 + case $2 in + *.o | *.[oO][bB][jJ]) + func_file_conv "$2" + set x "$@" -Fo"$file" + shift + ;; + *) + func_file_conv "$2" + set x "$@" -Fe"$file" + shift + ;; + esac + ;; + -I*) + func_file_conv "${1#-I}" mingw + set x "$@" -I"$file" + shift + ;; + -l*) + lib=${1#-l} + found=no + save_IFS=$IFS + IFS=';' + for dir in $lib_path $LIB + do + IFS=$save_IFS + if $shared && test -f "$dir/$lib.dll.lib"; then + found=yes + set x "$@" "$dir/$lib.dll.lib" + break + fi + if test -f "$dir/$lib.lib"; then + found=yes + set x "$@" "$dir/$lib.lib" + break + fi + done + IFS=$save_IFS + + test "$found" != yes && set x "$@" "$lib.lib" + shift + ;; + -L*) + func_file_conv "${1#-L}" + if test -z "$lib_path"; then + lib_path=$file + else + lib_path="$lib_path;$file" + fi + linker_opts="$linker_opts -LIBPATH:$file" + ;; + -static) + shared=false + ;; + -Wl,*) + arg=${1#-Wl,} + save_ifs="$IFS"; IFS=',' + for flag in $arg; do + IFS="$save_ifs" + linker_opts="$linker_opts $flag" + done + IFS="$save_ifs" + ;; + -Xlinker) + eat=1 + linker_opts="$linker_opts $2" + ;; + -*) + set x "$@" "$1" + shift + ;; + *.cc | *.CC | *.cxx | *.CXX | *.[cC]++) + func_file_conv "$1" + set x "$@" -Tp"$file" + shift + ;; + *.c | *.cpp | *.CPP | *.lib | *.LIB | *.Lib | *.OBJ | *.obj | *.[oO]) + func_file_conv "$1" mingw + set x "$@" "$file" + shift + ;; + *) + set x "$@" "$1" + shift + ;; + esac + fi + shift + done + if test -n "$linker_opts"; then + linker_opts="-link$linker_opts" + fi + exec "$@" $linker_opts + exit 1 +} + +eat= + +case $1 in + '') + echo "$0: No command. Try '$0 --help' for more information." 1>&2 + exit 1; + ;; + -h | --h*) + cat <<\EOF +Usage: compile [--help] [--version] PROGRAM [ARGS] + +Wrapper for compilers which do not understand '-c -o'. +Remove '-o dest.o' from ARGS, run PROGRAM with the remaining +arguments, and rename the output as expected. + +If you are trying to build a whole package this is not the +right script to run: please start by reading the file 'INSTALL'. + +Report bugs to . +EOF + exit $? + ;; + -v | --v*) + echo "compile $scriptversion" + exit $? + ;; + cl | *[/\\]cl | cl.exe | *[/\\]cl.exe ) + func_cl_wrapper "$@" # Doesn't return... + ;; +esac + +ofile= +cfile= + +for arg +do + if test -n "$eat"; then + eat= + else + case $1 in + -o) + # configure might choose to run compile as 'compile cc -o foo foo.c'. + # So we strip '-o arg' only if arg is an object. + eat=1 + case $2 in + *.o | *.obj) + ofile=$2 + ;; + *) + set x "$@" -o "$2" + shift + ;; + esac + ;; + *.c) + cfile=$1 + set x "$@" "$1" + shift + ;; + *) + set x "$@" "$1" + shift + ;; + esac + fi + shift +done + +if test -z "$ofile" || test -z "$cfile"; then + # If no '-o' option was seen then we might have been invoked from a + # pattern rule where we don't need one. That is ok -- this is a + # normal compilation that the losing compiler can handle. If no + # '.c' file was seen then we are probably linking. That is also + # ok. + exec "$@" +fi + +# Name of file we expect compiler to create. +cofile=`echo "$cfile" | sed 's|^.*[\\/]||; s|^[a-zA-Z]:||; s/\.c$/.o/'` + +# Create the lock directory. +# Note: use '[/\\:.-]' here to ensure that we don't use the same name +# that we are using for the .o file. Also, base the name on the expected +# object file name, since that is what matters with a parallel build. +lockdir=`echo "$cofile" | sed -e 's|[/\\:.-]|_|g'`.d +while true; do + if mkdir "$lockdir" >/dev/null 2>&1; then + break + fi + sleep 1 +done +# FIXME: race condition here if user kills between mkdir and trap. +trap "rmdir '$lockdir'; exit 1" 1 2 15 + +# Run the compile. +"$@" +ret=$? + +if test -f "$cofile"; then + test "$cofile" = "$ofile" || mv "$cofile" "$ofile" +elif test -f "${cofile}bj"; then + test "${cofile}bj" = "$ofile" || mv "${cofile}bj" "$ofile" +fi + +rmdir "$lockdir" +exit $ret + +# Local Variables: +# mode: shell-script +# sh-indentation: 2 +# eval: (add-hook 'write-file-hooks 'time-stamp) +# time-stamp-start: "scriptversion=" +# time-stamp-format: "%:y-%02m-%02d.%02H" +# time-stamp-time-zone: "UTC" +# time-stamp-end: "; # UTC" +# End: diff --git a/config.guess b/config.guess new file mode 100755 index 00000000..49ba16f1 --- /dev/null +++ b/config.guess @@ -0,0 +1,1522 @@ +#! /bin/sh +# Attempt to guess a canonical system name. +# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, +# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, +# 2011, 2012 Free Software Foundation, Inc. + +timestamp='2012-01-01' + +# This file is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA +# 02110-1301, USA. +# +# As a special exception to the GNU General Public License, if you +# distribute this file as part of a program that contains a +# configuration script generated by Autoconf, you may include it under +# the same distribution terms that you use for the rest of that program. + + +# Originally written by Per Bothner. Please send patches (context +# diff format) to and include a ChangeLog +# entry. +# +# This script attempts to guess a canonical system name similar to +# config.sub. If it succeeds, it prints the system name on stdout, and +# exits with 0. Otherwise, it exits with 1. +# +# You can get the latest version of this script from: +# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD + +me=`echo "$0" | sed -e 's,.*/,,'` + +usage="\ +Usage: $0 [OPTION] + +Output the configuration name of the system \`$me' is run on. + +Operation modes: + -h, --help print this help, then exit + -t, --time-stamp print date of last modification, then exit + -v, --version print version number, then exit + +Report bugs and patches to ." + +version="\ +GNU config.guess ($timestamp) + +Originally written by Per Bothner. +Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, +2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012 +Free Software Foundation, Inc. + +This is free software; see the source for copying conditions. There is NO +warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." + +help=" +Try \`$me --help' for more information." + +# Parse command line +while test $# -gt 0 ; do + case $1 in + --time-stamp | --time* | -t ) + echo "$timestamp" ; exit ;; + --version | -v ) + echo "$version" ; exit ;; + --help | --h* | -h ) + echo "$usage"; exit ;; + -- ) # Stop option processing + shift; break ;; + - ) # Use stdin as input. + break ;; + -* ) + echo "$me: invalid option $1$help" >&2 + exit 1 ;; + * ) + break ;; + esac +done + +if test $# != 0; then + echo "$me: too many arguments$help" >&2 + exit 1 +fi + +trap 'exit 1' 1 2 15 + +# CC_FOR_BUILD -- compiler used by this script. Note that the use of a +# compiler to aid in system detection is discouraged as it requires +# temporary files to be created and, as you can see below, it is a +# headache to deal with in a portable fashion. + +# Historically, `CC_FOR_BUILD' used to be named `HOST_CC'. We still +# use `HOST_CC' if defined, but it is deprecated. + +# Portable tmp directory creation inspired by the Autoconf team. + +set_cc_for_build=' +trap "exitcode=\$?; (rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null) && exit \$exitcode" 0 ; +trap "rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null; exit 1" 1 2 13 15 ; +: ${TMPDIR=/tmp} ; + { tmp=`(umask 077 && mktemp -d "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } || + { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir $tmp) ; } || + { tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir $tmp) && echo "Warning: creating insecure temp directory" >&2 ; } || + { echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; } ; +dummy=$tmp/dummy ; +tmpfiles="$dummy.c $dummy.o $dummy.rel $dummy" ; +case $CC_FOR_BUILD,$HOST_CC,$CC in + ,,) echo "int x;" > $dummy.c ; + for c in cc gcc c89 c99 ; do + if ($c -c -o $dummy.o $dummy.c) >/dev/null 2>&1 ; then + CC_FOR_BUILD="$c"; break ; + fi ; + done ; + if test x"$CC_FOR_BUILD" = x ; then + CC_FOR_BUILD=no_compiler_found ; + fi + ;; + ,,*) CC_FOR_BUILD=$CC ;; + ,*,*) CC_FOR_BUILD=$HOST_CC ;; +esac ; set_cc_for_build= ;' + +# This is needed to find uname on a Pyramid OSx when run in the BSD universe. +# (ghazi@noc.rutgers.edu 1994-08-24) +if (test -f /.attbin/uname) >/dev/null 2>&1 ; then + PATH=$PATH:/.attbin ; export PATH +fi + +UNAME_MACHINE=`(uname -m) 2>/dev/null` || UNAME_MACHINE=unknown +UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown +UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown +UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown + +# Note: order is significant - the case branches are not exclusive. + +case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in + *:NetBSD:*:*) + # NetBSD (nbsd) targets should (where applicable) match one or + # more of the tuples: *-*-netbsdelf*, *-*-netbsdaout*, + # *-*-netbsdecoff* and *-*-netbsd*. For targets that recently + # switched to ELF, *-*-netbsd* would select the old + # object file format. This provides both forward + # compatibility and a consistent mechanism for selecting the + # object file format. + # + # Note: NetBSD doesn't particularly care about the vendor + # portion of the name. We always set it to "unknown". + sysctl="sysctl -n hw.machine_arch" + UNAME_MACHINE_ARCH=`(/sbin/$sysctl 2>/dev/null || \ + /usr/sbin/$sysctl 2>/dev/null || echo unknown)` + case "${UNAME_MACHINE_ARCH}" in + armeb) machine=armeb-unknown ;; + arm*) machine=arm-unknown ;; + sh3el) machine=shl-unknown ;; + sh3eb) machine=sh-unknown ;; + sh5el) machine=sh5le-unknown ;; + *) machine=${UNAME_MACHINE_ARCH}-unknown ;; + esac + # The Operating System including object format, if it has switched + # to ELF recently, or will in the future. + case "${UNAME_MACHINE_ARCH}" in + arm*|i386|m68k|ns32k|sh3*|sparc|vax) + eval $set_cc_for_build + if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \ + | grep -q __ELF__ + then + # Once all utilities can be ECOFF (netbsdecoff) or a.out (netbsdaout). + # Return netbsd for either. FIX? + os=netbsd + else + os=netbsdelf + fi + ;; + *) + os=netbsd + ;; + esac + # The OS release + # Debian GNU/NetBSD machines have a different userland, and + # thus, need a distinct triplet. However, they do not need + # kernel version information, so it can be replaced with a + # suitable tag, in the style of linux-gnu. + case "${UNAME_VERSION}" in + Debian*) + release='-gnu' + ;; + *) + release=`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'` + ;; + esac + # Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM: + # contains redundant information, the shorter form: + # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used. + echo "${machine}-${os}${release}" + exit ;; + *:OpenBSD:*:*) + UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'` + echo ${UNAME_MACHINE_ARCH}-unknown-openbsd${UNAME_RELEASE} + exit ;; + *:ekkoBSD:*:*) + echo ${UNAME_MACHINE}-unknown-ekkobsd${UNAME_RELEASE} + exit ;; + *:SolidBSD:*:*) + echo ${UNAME_MACHINE}-unknown-solidbsd${UNAME_RELEASE} + exit ;; + macppc:MirBSD:*:*) + echo powerpc-unknown-mirbsd${UNAME_RELEASE} + exit ;; + *:MirBSD:*:*) + echo ${UNAME_MACHINE}-unknown-mirbsd${UNAME_RELEASE} + exit ;; + alpha:OSF1:*:*) + case $UNAME_RELEASE in + *4.0) + UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'` + ;; + *5.*) + UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $4}'` + ;; + esac + # According to Compaq, /usr/sbin/psrinfo has been available on + # OSF/1 and Tru64 systems produced since 1995. I hope that + # covers most systems running today. This code pipes the CPU + # types through head -n 1, so we only detect the type of CPU 0. + ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^ The alpha \(.*\) processor.*$/\1/p' | head -n 1` + case "$ALPHA_CPU_TYPE" in + "EV4 (21064)") + UNAME_MACHINE="alpha" ;; + "EV4.5 (21064)") + UNAME_MACHINE="alpha" ;; + "LCA4 (21066/21068)") + UNAME_MACHINE="alpha" ;; + "EV5 (21164)") + UNAME_MACHINE="alphaev5" ;; + "EV5.6 (21164A)") + UNAME_MACHINE="alphaev56" ;; + "EV5.6 (21164PC)") + UNAME_MACHINE="alphapca56" ;; + "EV5.7 (21164PC)") + UNAME_MACHINE="alphapca57" ;; + "EV6 (21264)") + UNAME_MACHINE="alphaev6" ;; + "EV6.7 (21264A)") + UNAME_MACHINE="alphaev67" ;; + "EV6.8CB (21264C)") + UNAME_MACHINE="alphaev68" ;; + "EV6.8AL (21264B)") + UNAME_MACHINE="alphaev68" ;; + "EV6.8CX (21264D)") + UNAME_MACHINE="alphaev68" ;; + "EV6.9A (21264/EV69A)") + UNAME_MACHINE="alphaev69" ;; + "EV7 (21364)") + UNAME_MACHINE="alphaev7" ;; + "EV7.9 (21364A)") + UNAME_MACHINE="alphaev79" ;; + esac + # A Pn.n version is a patched version. + # A Vn.n version is a released version. + # A Tn.n version is a released field test version. + # A Xn.n version is an unreleased experimental baselevel. + # 1.2 uses "1.2" for uname -r. + echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` + # Reset EXIT trap before exiting to avoid spurious non-zero exit code. + exitcode=$? + trap '' 0 + exit $exitcode ;; + Alpha\ *:Windows_NT*:*) + # How do we know it's Interix rather than the generic POSIX subsystem? + # Should we change UNAME_MACHINE based on the output of uname instead + # of the specific Alpha model? + echo alpha-pc-interix + exit ;; + 21064:Windows_NT:50:3) + echo alpha-dec-winnt3.5 + exit ;; + Amiga*:UNIX_System_V:4.0:*) + echo m68k-unknown-sysv4 + exit ;; + *:[Aa]miga[Oo][Ss]:*:*) + echo ${UNAME_MACHINE}-unknown-amigaos + exit ;; + *:[Mm]orph[Oo][Ss]:*:*) + echo ${UNAME_MACHINE}-unknown-morphos + exit ;; + *:OS/390:*:*) + echo i370-ibm-openedition + exit ;; + *:z/VM:*:*) + echo s390-ibm-zvmoe + exit ;; + *:OS400:*:*) + echo powerpc-ibm-os400 + exit ;; + arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*) + echo arm-acorn-riscix${UNAME_RELEASE} + exit ;; + arm:riscos:*:*|arm:RISCOS:*:*) + echo arm-unknown-riscos + exit ;; + SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*) + echo hppa1.1-hitachi-hiuxmpp + exit ;; + Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*) + # akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE. + if test "`(/bin/universe) 2>/dev/null`" = att ; then + echo pyramid-pyramid-sysv3 + else + echo pyramid-pyramid-bsd + fi + exit ;; + NILE*:*:*:dcosx) + echo pyramid-pyramid-svr4 + exit ;; + DRS?6000:unix:4.0:6*) + echo sparc-icl-nx6 + exit ;; + DRS?6000:UNIX_SV:4.2*:7* | DRS?6000:isis:4.2*:7*) + case `/usr/bin/uname -p` in + sparc) echo sparc-icl-nx7; exit ;; + esac ;; + s390x:SunOS:*:*) + echo ${UNAME_MACHINE}-ibm-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + exit ;; + sun4H:SunOS:5.*:*) + echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + exit ;; + sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*) + echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + exit ;; + i86pc:AuroraUX:5.*:* | i86xen:AuroraUX:5.*:*) + echo i386-pc-auroraux${UNAME_RELEASE} + exit ;; + i86pc:SunOS:5.*:* | i86xen:SunOS:5.*:*) + eval $set_cc_for_build + SUN_ARCH="i386" + # If there is a compiler, see if it is configured for 64-bit objects. + # Note that the Sun cc does not turn __LP64__ into 1 like gcc does. + # This test works for both compilers. + if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then + if (echo '#ifdef __amd64'; echo IS_64BIT_ARCH; echo '#endif') | \ + (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \ + grep IS_64BIT_ARCH >/dev/null + then + SUN_ARCH="x86_64" + fi + fi + echo ${SUN_ARCH}-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + exit ;; + sun4*:SunOS:6*:*) + # According to config.sub, this is the proper way to canonicalize + # SunOS6. Hard to guess exactly what SunOS6 will be like, but + # it's likely to be more like Solaris than SunOS4. + echo sparc-sun-solaris3`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + exit ;; + sun4*:SunOS:*:*) + case "`/usr/bin/arch -k`" in + Series*|S4*) + UNAME_RELEASE=`uname -v` + ;; + esac + # Japanese Language versions have a version number like `4.1.3-JL'. + echo sparc-sun-sunos`echo ${UNAME_RELEASE}|sed -e 's/-/_/'` + exit ;; + sun3*:SunOS:*:*) + echo m68k-sun-sunos${UNAME_RELEASE} + exit ;; + sun*:*:4.2BSD:*) + UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null` + test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3 + case "`/bin/arch`" in + sun3) + echo m68k-sun-sunos${UNAME_RELEASE} + ;; + sun4) + echo sparc-sun-sunos${UNAME_RELEASE} + ;; + esac + exit ;; + aushp:SunOS:*:*) + echo sparc-auspex-sunos${UNAME_RELEASE} + exit ;; + # The situation for MiNT is a little confusing. The machine name + # can be virtually everything (everything which is not + # "atarist" or "atariste" at least should have a processor + # > m68000). The system name ranges from "MiNT" over "FreeMiNT" + # to the lowercase version "mint" (or "freemint"). Finally + # the system name "TOS" denotes a system which is actually not + # MiNT. But MiNT is downward compatible to TOS, so this should + # be no problem. + atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*) + echo m68k-atari-mint${UNAME_RELEASE} + exit ;; + atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*) + echo m68k-atari-mint${UNAME_RELEASE} + exit ;; + *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*) + echo m68k-atari-mint${UNAME_RELEASE} + exit ;; + milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*) + echo m68k-milan-mint${UNAME_RELEASE} + exit ;; + hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*) + echo m68k-hades-mint${UNAME_RELEASE} + exit ;; + *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*) + echo m68k-unknown-mint${UNAME_RELEASE} + exit ;; + m68k:machten:*:*) + echo m68k-apple-machten${UNAME_RELEASE} + exit ;; + powerpc:machten:*:*) + echo powerpc-apple-machten${UNAME_RELEASE} + exit ;; + RISC*:Mach:*:*) + echo mips-dec-mach_bsd4.3 + exit ;; + RISC*:ULTRIX:*:*) + echo mips-dec-ultrix${UNAME_RELEASE} + exit ;; + VAX*:ULTRIX*:*:*) + echo vax-dec-ultrix${UNAME_RELEASE} + exit ;; + 2020:CLIX:*:* | 2430:CLIX:*:*) + echo clipper-intergraph-clix${UNAME_RELEASE} + exit ;; + mips:*:*:UMIPS | mips:*:*:RISCos) + eval $set_cc_for_build + sed 's/^ //' << EOF >$dummy.c +#ifdef __cplusplus +#include /* for printf() prototype */ + int main (int argc, char *argv[]) { +#else + int main (argc, argv) int argc; char *argv[]; { +#endif + #if defined (host_mips) && defined (MIPSEB) + #if defined (SYSTYPE_SYSV) + printf ("mips-mips-riscos%ssysv\n", argv[1]); exit (0); + #endif + #if defined (SYSTYPE_SVR4) + printf ("mips-mips-riscos%ssvr4\n", argv[1]); exit (0); + #endif + #if defined (SYSTYPE_BSD43) || defined(SYSTYPE_BSD) + printf ("mips-mips-riscos%sbsd\n", argv[1]); exit (0); + #endif + #endif + exit (-1); + } +EOF + $CC_FOR_BUILD -o $dummy $dummy.c && + dummyarg=`echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` && + SYSTEM_NAME=`$dummy $dummyarg` && + { echo "$SYSTEM_NAME"; exit; } + echo mips-mips-riscos${UNAME_RELEASE} + exit ;; + Motorola:PowerMAX_OS:*:*) + echo powerpc-motorola-powermax + exit ;; + Motorola:*:4.3:PL8-*) + echo powerpc-harris-powermax + exit ;; + Night_Hawk:*:*:PowerMAX_OS | Synergy:PowerMAX_OS:*:*) + echo powerpc-harris-powermax + exit ;; + Night_Hawk:Power_UNIX:*:*) + echo powerpc-harris-powerunix + exit ;; + m88k:CX/UX:7*:*) + echo m88k-harris-cxux7 + exit ;; + m88k:*:4*:R4*) + echo m88k-motorola-sysv4 + exit ;; + m88k:*:3*:R3*) + echo m88k-motorola-sysv3 + exit ;; + AViiON:dgux:*:*) + # DG/UX returns AViiON for all architectures + UNAME_PROCESSOR=`/usr/bin/uname -p` + if [ $UNAME_PROCESSOR = mc88100 ] || [ $UNAME_PROCESSOR = mc88110 ] + then + if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx ] || \ + [ ${TARGET_BINARY_INTERFACE}x = x ] + then + echo m88k-dg-dgux${UNAME_RELEASE} + else + echo m88k-dg-dguxbcs${UNAME_RELEASE} + fi + else + echo i586-dg-dgux${UNAME_RELEASE} + fi + exit ;; + M88*:DolphinOS:*:*) # DolphinOS (SVR3) + echo m88k-dolphin-sysv3 + exit ;; + M88*:*:R3*:*) + # Delta 88k system running SVR3 + echo m88k-motorola-sysv3 + exit ;; + XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3) + echo m88k-tektronix-sysv3 + exit ;; + Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD) + echo m68k-tektronix-bsd + exit ;; + *:IRIX*:*:*) + echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'` + exit ;; + ????????:AIX?:[12].1:2) # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX. + echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id + exit ;; # Note that: echo "'`uname -s`'" gives 'AIX ' + i*86:AIX:*:*) + echo i386-ibm-aix + exit ;; + ia64:AIX:*:*) + if [ -x /usr/bin/oslevel ] ; then + IBM_REV=`/usr/bin/oslevel` + else + IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE} + fi + echo ${UNAME_MACHINE}-ibm-aix${IBM_REV} + exit ;; + *:AIX:2:3) + if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then + eval $set_cc_for_build + sed 's/^ //' << EOF >$dummy.c + #include + + main() + { + if (!__power_pc()) + exit(1); + puts("powerpc-ibm-aix3.2.5"); + exit(0); + } +EOF + if $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` + then + echo "$SYSTEM_NAME" + else + echo rs6000-ibm-aix3.2.5 + fi + elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then + echo rs6000-ibm-aix3.2.4 + else + echo rs6000-ibm-aix3.2 + fi + exit ;; + *:AIX:*:[4567]) + IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'` + if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then + IBM_ARCH=rs6000 + else + IBM_ARCH=powerpc + fi + if [ -x /usr/bin/oslevel ] ; then + IBM_REV=`/usr/bin/oslevel` + else + IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE} + fi + echo ${IBM_ARCH}-ibm-aix${IBM_REV} + exit ;; + *:AIX:*:*) + echo rs6000-ibm-aix + exit ;; + ibmrt:4.4BSD:*|romp-ibm:BSD:*) + echo romp-ibm-bsd4.4 + exit ;; + ibmrt:*BSD:*|romp-ibm:BSD:*) # covers RT/PC BSD and + echo romp-ibm-bsd${UNAME_RELEASE} # 4.3 with uname added to + exit ;; # report: romp-ibm BSD 4.3 + *:BOSX:*:*) + echo rs6000-bull-bosx + exit ;; + DPX/2?00:B.O.S.:*:*) + echo m68k-bull-sysv3 + exit ;; + 9000/[34]??:4.3bsd:1.*:*) + echo m68k-hp-bsd + exit ;; + hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*) + echo m68k-hp-bsd4.4 + exit ;; + 9000/[34678]??:HP-UX:*:*) + HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'` + case "${UNAME_MACHINE}" in + 9000/31? ) HP_ARCH=m68000 ;; + 9000/[34]?? ) HP_ARCH=m68k ;; + 9000/[678][0-9][0-9]) + if [ -x /usr/bin/getconf ]; then + sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null` + sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null` + case "${sc_cpu_version}" in + 523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0 + 528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1 + 532) # CPU_PA_RISC2_0 + case "${sc_kernel_bits}" in + 32) HP_ARCH="hppa2.0n" ;; + 64) HP_ARCH="hppa2.0w" ;; + '') HP_ARCH="hppa2.0" ;; # HP-UX 10.20 + esac ;; + esac + fi + if [ "${HP_ARCH}" = "" ]; then + eval $set_cc_for_build + sed 's/^ //' << EOF >$dummy.c + + #define _HPUX_SOURCE + #include + #include + + int main () + { + #if defined(_SC_KERNEL_BITS) + long bits = sysconf(_SC_KERNEL_BITS); + #endif + long cpu = sysconf (_SC_CPU_VERSION); + + switch (cpu) + { + case CPU_PA_RISC1_0: puts ("hppa1.0"); break; + case CPU_PA_RISC1_1: puts ("hppa1.1"); break; + case CPU_PA_RISC2_0: + #if defined(_SC_KERNEL_BITS) + switch (bits) + { + case 64: puts ("hppa2.0w"); break; + case 32: puts ("hppa2.0n"); break; + default: puts ("hppa2.0"); break; + } break; + #else /* !defined(_SC_KERNEL_BITS) */ + puts ("hppa2.0"); break; + #endif + default: puts ("hppa1.0"); break; + } + exit (0); + } +EOF + (CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy` + test -z "$HP_ARCH" && HP_ARCH=hppa + fi ;; + esac + if [ ${HP_ARCH} = "hppa2.0w" ] + then + eval $set_cc_for_build + + # hppa2.0w-hp-hpux* has a 64-bit kernel and a compiler generating + # 32-bit code. hppa64-hp-hpux* has the same kernel and a compiler + # generating 64-bit code. GNU and HP use different nomenclature: + # + # $ CC_FOR_BUILD=cc ./config.guess + # => hppa2.0w-hp-hpux11.23 + # $ CC_FOR_BUILD="cc +DA2.0w" ./config.guess + # => hppa64-hp-hpux11.23 + + if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | + grep -q __LP64__ + then + HP_ARCH="hppa2.0w" + else + HP_ARCH="hppa64" + fi + fi + echo ${HP_ARCH}-hp-hpux${HPUX_REV} + exit ;; + ia64:HP-UX:*:*) + HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'` + echo ia64-hp-hpux${HPUX_REV} + exit ;; + 3050*:HI-UX:*:*) + eval $set_cc_for_build + sed 's/^ //' << EOF >$dummy.c + #include + int + main () + { + long cpu = sysconf (_SC_CPU_VERSION); + /* The order matters, because CPU_IS_HP_MC68K erroneously returns + true for CPU_PA_RISC1_0. CPU_IS_PA_RISC returns correct + results, however. */ + if (CPU_IS_PA_RISC (cpu)) + { + switch (cpu) + { + case CPU_PA_RISC1_0: puts ("hppa1.0-hitachi-hiuxwe2"); break; + case CPU_PA_RISC1_1: puts ("hppa1.1-hitachi-hiuxwe2"); break; + case CPU_PA_RISC2_0: puts ("hppa2.0-hitachi-hiuxwe2"); break; + default: puts ("hppa-hitachi-hiuxwe2"); break; + } + } + else if (CPU_IS_HP_MC68K (cpu)) + puts ("m68k-hitachi-hiuxwe2"); + else puts ("unknown-hitachi-hiuxwe2"); + exit (0); + } +EOF + $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` && + { echo "$SYSTEM_NAME"; exit; } + echo unknown-hitachi-hiuxwe2 + exit ;; + 9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* ) + echo hppa1.1-hp-bsd + exit ;; + 9000/8??:4.3bsd:*:*) + echo hppa1.0-hp-bsd + exit ;; + *9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*) + echo hppa1.0-hp-mpeix + exit ;; + hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* ) + echo hppa1.1-hp-osf + exit ;; + hp8??:OSF1:*:*) + echo hppa1.0-hp-osf + exit ;; + i*86:OSF1:*:*) + if [ -x /usr/sbin/sysversion ] ; then + echo ${UNAME_MACHINE}-unknown-osf1mk + else + echo ${UNAME_MACHINE}-unknown-osf1 + fi + exit ;; + parisc*:Lites*:*:*) + echo hppa1.1-hp-lites + exit ;; + C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*) + echo c1-convex-bsd + exit ;; + C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*) + if getsysinfo -f scalar_acc + then echo c32-convex-bsd + else echo c2-convex-bsd + fi + exit ;; + C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*) + echo c34-convex-bsd + exit ;; + C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*) + echo c38-convex-bsd + exit ;; + C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*) + echo c4-convex-bsd + exit ;; + CRAY*Y-MP:*:*:*) + echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' + exit ;; + CRAY*[A-Z]90:*:*:*) + echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \ + | sed -e 's/CRAY.*\([A-Z]90\)/\1/' \ + -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ \ + -e 's/\.[^.]*$/.X/' + exit ;; + CRAY*TS:*:*:*) + echo t90-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' + exit ;; + CRAY*T3E:*:*:*) + echo alphaev5-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' + exit ;; + CRAY*SV1:*:*:*) + echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' + exit ;; + *:UNICOS/mp:*:*) + echo craynv-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' + exit ;; + F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*) + FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` + FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` + FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'` + echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" + exit ;; + 5000:UNIX_System_V:4.*:*) + FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` + FUJITSU_REL=`echo ${UNAME_RELEASE} | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/ /_/'` + echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" + exit ;; + i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*) + echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE} + exit ;; + sparc*:BSD/OS:*:*) + echo sparc-unknown-bsdi${UNAME_RELEASE} + exit ;; + *:BSD/OS:*:*) + echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE} + exit ;; + *:FreeBSD:*:*) + UNAME_PROCESSOR=`/usr/bin/uname -p` + case ${UNAME_PROCESSOR} in + amd64) + echo x86_64-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; + *) + echo ${UNAME_PROCESSOR}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; + esac + exit ;; + i*:CYGWIN*:*) + echo ${UNAME_MACHINE}-pc-cygwin + exit ;; + *:MINGW*:*) + echo ${UNAME_MACHINE}-pc-mingw32 + exit ;; + i*:MSYS*:*) + echo ${UNAME_MACHINE}-pc-msys + exit ;; + i*:windows32*:*) + # uname -m includes "-pc" on this system. + echo ${UNAME_MACHINE}-mingw32 + exit ;; + i*:PW*:*) + echo ${UNAME_MACHINE}-pc-pw32 + exit ;; + *:Interix*:*) + case ${UNAME_MACHINE} in + x86) + echo i586-pc-interix${UNAME_RELEASE} + exit ;; + authenticamd | genuineintel | EM64T) + echo x86_64-unknown-interix${UNAME_RELEASE} + exit ;; + IA64) + echo ia64-unknown-interix${UNAME_RELEASE} + exit ;; + esac ;; + [345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*) + echo i${UNAME_MACHINE}-pc-mks + exit ;; + 8664:Windows_NT:*) + echo x86_64-pc-mks + exit ;; + i*:Windows_NT*:* | Pentium*:Windows_NT*:*) + # How do we know it's Interix rather than the generic POSIX subsystem? + # It also conflicts with pre-2.0 versions of AT&T UWIN. Should we + # UNAME_MACHINE based on the output of uname instead of i386? + echo i586-pc-interix + exit ;; + i*:UWIN*:*) + echo ${UNAME_MACHINE}-pc-uwin + exit ;; + amd64:CYGWIN*:*:* | x86_64:CYGWIN*:*:*) + echo x86_64-unknown-cygwin + exit ;; + p*:CYGWIN*:*) + echo powerpcle-unknown-cygwin + exit ;; + prep*:SunOS:5.*:*) + echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + exit ;; + *:GNU:*:*) + # the GNU system + echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'` + exit ;; + *:GNU/*:*:*) + # other systems with GNU libc and userland + echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-gnu + exit ;; + i*86:Minix:*:*) + echo ${UNAME_MACHINE}-pc-minix + exit ;; + alpha:Linux:*:*) + case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in + EV5) UNAME_MACHINE=alphaev5 ;; + EV56) UNAME_MACHINE=alphaev56 ;; + PCA56) UNAME_MACHINE=alphapca56 ;; + PCA57) UNAME_MACHINE=alphapca56 ;; + EV6) UNAME_MACHINE=alphaev6 ;; + EV67) UNAME_MACHINE=alphaev67 ;; + EV68*) UNAME_MACHINE=alphaev68 ;; + esac + objdump --private-headers /bin/sh | grep -q ld.so.1 + if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi + echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC} + exit ;; + arm*:Linux:*:*) + eval $set_cc_for_build + if echo __ARM_EABI__ | $CC_FOR_BUILD -E - 2>/dev/null \ + | grep -q __ARM_EABI__ + then + echo ${UNAME_MACHINE}-unknown-linux-gnu + else + if echo __ARM_PCS_VFP | $CC_FOR_BUILD -E - 2>/dev/null \ + | grep -q __ARM_PCS_VFP + then + echo ${UNAME_MACHINE}-unknown-linux-gnueabi + else + echo ${UNAME_MACHINE}-unknown-linux-gnueabihf + fi + fi + exit ;; + avr32*:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit ;; + cris:Linux:*:*) + echo ${UNAME_MACHINE}-axis-linux-gnu + exit ;; + crisv32:Linux:*:*) + echo ${UNAME_MACHINE}-axis-linux-gnu + exit ;; + frv:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit ;; + hexagon:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit ;; + i*86:Linux:*:*) + LIBC=gnu + eval $set_cc_for_build + sed 's/^ //' << EOF >$dummy.c + #ifdef __dietlibc__ + LIBC=dietlibc + #endif +EOF + eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^LIBC'` + echo "${UNAME_MACHINE}-pc-linux-${LIBC}" + exit ;; + ia64:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit ;; + m32r*:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit ;; + m68*:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit ;; + mips:Linux:*:* | mips64:Linux:*:*) + eval $set_cc_for_build + sed 's/^ //' << EOF >$dummy.c + #undef CPU + #undef ${UNAME_MACHINE} + #undef ${UNAME_MACHINE}el + #if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL) + CPU=${UNAME_MACHINE}el + #else + #if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB) + CPU=${UNAME_MACHINE} + #else + CPU= + #endif + #endif +EOF + eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^CPU'` + test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; } + ;; + or32:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit ;; + padre:Linux:*:*) + echo sparc-unknown-linux-gnu + exit ;; + parisc64:Linux:*:* | hppa64:Linux:*:*) + echo hppa64-unknown-linux-gnu + exit ;; + parisc:Linux:*:* | hppa:Linux:*:*) + # Look for CPU level + case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in + PA7*) echo hppa1.1-unknown-linux-gnu ;; + PA8*) echo hppa2.0-unknown-linux-gnu ;; + *) echo hppa-unknown-linux-gnu ;; + esac + exit ;; + ppc64:Linux:*:*) + echo powerpc64-unknown-linux-gnu + exit ;; + ppc:Linux:*:*) + echo powerpc-unknown-linux-gnu + exit ;; + s390:Linux:*:* | s390x:Linux:*:*) + echo ${UNAME_MACHINE}-ibm-linux + exit ;; + sh64*:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit ;; + sh*:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit ;; + sparc:Linux:*:* | sparc64:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit ;; + tile*:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit ;; + vax:Linux:*:*) + echo ${UNAME_MACHINE}-dec-linux-gnu + exit ;; + x86_64:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit ;; + xtensa*:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit ;; + i*86:DYNIX/ptx:4*:*) + # ptx 4.0 does uname -s correctly, with DYNIX/ptx in there. + # earlier versions are messed up and put the nodename in both + # sysname and nodename. + echo i386-sequent-sysv4 + exit ;; + i*86:UNIX_SV:4.2MP:2.*) + # Unixware is an offshoot of SVR4, but it has its own version + # number series starting with 2... + # I am not positive that other SVR4 systems won't match this, + # I just have to hope. -- rms. + # Use sysv4.2uw... so that sysv4* matches it. + echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION} + exit ;; + i*86:OS/2:*:*) + # If we were able to find `uname', then EMX Unix compatibility + # is probably installed. + echo ${UNAME_MACHINE}-pc-os2-emx + exit ;; + i*86:XTS-300:*:STOP) + echo ${UNAME_MACHINE}-unknown-stop + exit ;; + i*86:atheos:*:*) + echo ${UNAME_MACHINE}-unknown-atheos + exit ;; + i*86:syllable:*:*) + echo ${UNAME_MACHINE}-pc-syllable + exit ;; + i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.[02]*:*) + echo i386-unknown-lynxos${UNAME_RELEASE} + exit ;; + i*86:*DOS:*:*) + echo ${UNAME_MACHINE}-pc-msdosdjgpp + exit ;; + i*86:*:4.*:* | i*86:SYSTEM_V:4.*:*) + UNAME_REL=`echo ${UNAME_RELEASE} | sed 's/\/MP$//'` + if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then + echo ${UNAME_MACHINE}-univel-sysv${UNAME_REL} + else + echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL} + fi + exit ;; + i*86:*:5:[678]*) + # UnixWare 7.x, OpenUNIX and OpenServer 6. + case `/bin/uname -X | grep "^Machine"` in + *486*) UNAME_MACHINE=i486 ;; + *Pentium) UNAME_MACHINE=i586 ;; + *Pent*|*Celeron) UNAME_MACHINE=i686 ;; + esac + echo ${UNAME_MACHINE}-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION} + exit ;; + i*86:*:3.2:*) + if test -f /usr/options/cb.name; then + UNAME_REL=`sed -n 's/.*Version //p' /dev/null >/dev/null ; then + UNAME_REL=`(/bin/uname -X|grep Release|sed -e 's/.*= //')` + (/bin/uname -X|grep i80486 >/dev/null) && UNAME_MACHINE=i486 + (/bin/uname -X|grep '^Machine.*Pentium' >/dev/null) \ + && UNAME_MACHINE=i586 + (/bin/uname -X|grep '^Machine.*Pent *II' >/dev/null) \ + && UNAME_MACHINE=i686 + (/bin/uname -X|grep '^Machine.*Pentium Pro' >/dev/null) \ + && UNAME_MACHINE=i686 + echo ${UNAME_MACHINE}-pc-sco$UNAME_REL + else + echo ${UNAME_MACHINE}-pc-sysv32 + fi + exit ;; + pc:*:*:*) + # Left here for compatibility: + # uname -m prints for DJGPP always 'pc', but it prints nothing about + # the processor, so we play safe by assuming i586. + # Note: whatever this is, it MUST be the same as what config.sub + # prints for the "djgpp" host, or else GDB configury will decide that + # this is a cross-build. + echo i586-pc-msdosdjgpp + exit ;; + Intel:Mach:3*:*) + echo i386-pc-mach3 + exit ;; + paragon:*:*:*) + echo i860-intel-osf1 + exit ;; + i860:*:4.*:*) # i860-SVR4 + if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then + echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4 + else # Add other i860-SVR4 vendors below as they are discovered. + echo i860-unknown-sysv${UNAME_RELEASE} # Unknown i860-SVR4 + fi + exit ;; + mini*:CTIX:SYS*5:*) + # "miniframe" + echo m68010-convergent-sysv + exit ;; + mc68k:UNIX:SYSTEM5:3.51m) + echo m68k-convergent-sysv + exit ;; + M680?0:D-NIX:5.3:*) + echo m68k-diab-dnix + exit ;; + M68*:*:R3V[5678]*:*) + test -r /sysV68 && { echo 'm68k-motorola-sysv'; exit; } ;; + 3[345]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0 | SHG2:*:4.0:3.0 | S7501*:*:4.0:3.0) + OS_REL='' + test -r /etc/.relid \ + && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid` + /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ + && { echo i486-ncr-sysv4.3${OS_REL}; exit; } + /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ + && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;; + 3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*) + /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ + && { echo i486-ncr-sysv4; exit; } ;; + NCR*:*:4.2:* | MPRAS*:*:4.2:*) + OS_REL='.3' + test -r /etc/.relid \ + && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid` + /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ + && { echo i486-ncr-sysv4.3${OS_REL}; exit; } + /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ + && { echo i586-ncr-sysv4.3${OS_REL}; exit; } + /bin/uname -p 2>/dev/null | /bin/grep pteron >/dev/null \ + && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;; + m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*) + echo m68k-unknown-lynxos${UNAME_RELEASE} + exit ;; + mc68030:UNIX_System_V:4.*:*) + echo m68k-atari-sysv4 + exit ;; + TSUNAMI:LynxOS:2.*:*) + echo sparc-unknown-lynxos${UNAME_RELEASE} + exit ;; + rs6000:LynxOS:2.*:*) + echo rs6000-unknown-lynxos${UNAME_RELEASE} + exit ;; + PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.[02]*:*) + echo powerpc-unknown-lynxos${UNAME_RELEASE} + exit ;; + SM[BE]S:UNIX_SV:*:*) + echo mips-dde-sysv${UNAME_RELEASE} + exit ;; + RM*:ReliantUNIX-*:*:*) + echo mips-sni-sysv4 + exit ;; + RM*:SINIX-*:*:*) + echo mips-sni-sysv4 + exit ;; + *:SINIX-*:*:*) + if uname -p 2>/dev/null >/dev/null ; then + UNAME_MACHINE=`(uname -p) 2>/dev/null` + echo ${UNAME_MACHINE}-sni-sysv4 + else + echo ns32k-sni-sysv + fi + exit ;; + PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort + # says + echo i586-unisys-sysv4 + exit ;; + *:UNIX_System_V:4*:FTX*) + # From Gerald Hewes . + # How about differentiating between stratus architectures? -djm + echo hppa1.1-stratus-sysv4 + exit ;; + *:*:*:FTX*) + # From seanf@swdc.stratus.com. + echo i860-stratus-sysv4 + exit ;; + i*86:VOS:*:*) + # From Paul.Green@stratus.com. + echo ${UNAME_MACHINE}-stratus-vos + exit ;; + *:VOS:*:*) + # From Paul.Green@stratus.com. + echo hppa1.1-stratus-vos + exit ;; + mc68*:A/UX:*:*) + echo m68k-apple-aux${UNAME_RELEASE} + exit ;; + news*:NEWS-OS:6*:*) + echo mips-sony-newsos6 + exit ;; + R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*) + if [ -d /usr/nec ]; then + echo mips-nec-sysv${UNAME_RELEASE} + else + echo mips-unknown-sysv${UNAME_RELEASE} + fi + exit ;; + BeBox:BeOS:*:*) # BeOS running on hardware made by Be, PPC only. + echo powerpc-be-beos + exit ;; + BeMac:BeOS:*:*) # BeOS running on Mac or Mac clone, PPC only. + echo powerpc-apple-beos + exit ;; + BePC:BeOS:*:*) # BeOS running on Intel PC compatible. + echo i586-pc-beos + exit ;; + BePC:Haiku:*:*) # Haiku running on Intel PC compatible. + echo i586-pc-haiku + exit ;; + SX-4:SUPER-UX:*:*) + echo sx4-nec-superux${UNAME_RELEASE} + exit ;; + SX-5:SUPER-UX:*:*) + echo sx5-nec-superux${UNAME_RELEASE} + exit ;; + SX-6:SUPER-UX:*:*) + echo sx6-nec-superux${UNAME_RELEASE} + exit ;; + SX-7:SUPER-UX:*:*) + echo sx7-nec-superux${UNAME_RELEASE} + exit ;; + SX-8:SUPER-UX:*:*) + echo sx8-nec-superux${UNAME_RELEASE} + exit ;; + SX-8R:SUPER-UX:*:*) + echo sx8r-nec-superux${UNAME_RELEASE} + exit ;; + Power*:Rhapsody:*:*) + echo powerpc-apple-rhapsody${UNAME_RELEASE} + exit ;; + *:Rhapsody:*:*) + echo ${UNAME_MACHINE}-apple-rhapsody${UNAME_RELEASE} + exit ;; + *:Darwin:*:*) + UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown + case $UNAME_PROCESSOR in + i386) + eval $set_cc_for_build + if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then + if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \ + (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \ + grep IS_64BIT_ARCH >/dev/null + then + UNAME_PROCESSOR="x86_64" + fi + fi ;; + unknown) UNAME_PROCESSOR=powerpc ;; + esac + echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE} + exit ;; + *:procnto*:*:* | *:QNX:[0123456789]*:*) + UNAME_PROCESSOR=`uname -p` + if test "$UNAME_PROCESSOR" = "x86"; then + UNAME_PROCESSOR=i386 + UNAME_MACHINE=pc + fi + echo ${UNAME_PROCESSOR}-${UNAME_MACHINE}-nto-qnx${UNAME_RELEASE} + exit ;; + *:QNX:*:4*) + echo i386-pc-qnx + exit ;; + NEO-?:NONSTOP_KERNEL:*:*) + echo neo-tandem-nsk${UNAME_RELEASE} + exit ;; + NSE-?:NONSTOP_KERNEL:*:*) + echo nse-tandem-nsk${UNAME_RELEASE} + exit ;; + NSR-?:NONSTOP_KERNEL:*:*) + echo nsr-tandem-nsk${UNAME_RELEASE} + exit ;; + *:NonStop-UX:*:*) + echo mips-compaq-nonstopux + exit ;; + BS2000:POSIX*:*:*) + echo bs2000-siemens-sysv + exit ;; + DS/*:UNIX_System_V:*:*) + echo ${UNAME_MACHINE}-${UNAME_SYSTEM}-${UNAME_RELEASE} + exit ;; + *:Plan9:*:*) + # "uname -m" is not consistent, so use $cputype instead. 386 + # is converted to i386 for consistency with other x86 + # operating systems. + if test "$cputype" = "386"; then + UNAME_MACHINE=i386 + else + UNAME_MACHINE="$cputype" + fi + echo ${UNAME_MACHINE}-unknown-plan9 + exit ;; + *:TOPS-10:*:*) + echo pdp10-unknown-tops10 + exit ;; + *:TENEX:*:*) + echo pdp10-unknown-tenex + exit ;; + KS10:TOPS-20:*:* | KL10:TOPS-20:*:* | TYPE4:TOPS-20:*:*) + echo pdp10-dec-tops20 + exit ;; + XKL-1:TOPS-20:*:* | TYPE5:TOPS-20:*:*) + echo pdp10-xkl-tops20 + exit ;; + *:TOPS-20:*:*) + echo pdp10-unknown-tops20 + exit ;; + *:ITS:*:*) + echo pdp10-unknown-its + exit ;; + SEI:*:*:SEIUX) + echo mips-sei-seiux${UNAME_RELEASE} + exit ;; + *:DragonFly:*:*) + echo ${UNAME_MACHINE}-unknown-dragonfly`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` + exit ;; + *:*VMS:*:*) + UNAME_MACHINE=`(uname -p) 2>/dev/null` + case "${UNAME_MACHINE}" in + A*) echo alpha-dec-vms ; exit ;; + I*) echo ia64-dec-vms ; exit ;; + V*) echo vax-dec-vms ; exit ;; + esac ;; + *:XENIX:*:SysV) + echo i386-pc-xenix + exit ;; + i*86:skyos:*:*) + echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE}` | sed -e 's/ .*$//' + exit ;; + i*86:rdos:*:*) + echo ${UNAME_MACHINE}-pc-rdos + exit ;; + i*86:AROS:*:*) + echo ${UNAME_MACHINE}-pc-aros + exit ;; +esac + +#echo '(No uname command or uname output not recognized.)' 1>&2 +#echo "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" 1>&2 + +eval $set_cc_for_build +cat >$dummy.c < +# include +#endif +main () +{ +#if defined (sony) +#if defined (MIPSEB) + /* BFD wants "bsd" instead of "newsos". Perhaps BFD should be changed, + I don't know.... */ + printf ("mips-sony-bsd\n"); exit (0); +#else +#include + printf ("m68k-sony-newsos%s\n", +#ifdef NEWSOS4 + "4" +#else + "" +#endif + ); exit (0); +#endif +#endif + +#if defined (__arm) && defined (__acorn) && defined (__unix) + printf ("arm-acorn-riscix\n"); exit (0); +#endif + +#if defined (hp300) && !defined (hpux) + printf ("m68k-hp-bsd\n"); exit (0); +#endif + +#if defined (NeXT) +#if !defined (__ARCHITECTURE__) +#define __ARCHITECTURE__ "m68k" +#endif + int version; + version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`; + if (version < 4) + printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version); + else + printf ("%s-next-openstep%d\n", __ARCHITECTURE__, version); + exit (0); +#endif + +#if defined (MULTIMAX) || defined (n16) +#if defined (UMAXV) + printf ("ns32k-encore-sysv\n"); exit (0); +#else +#if defined (CMU) + printf ("ns32k-encore-mach\n"); exit (0); +#else + printf ("ns32k-encore-bsd\n"); exit (0); +#endif +#endif +#endif + +#if defined (__386BSD__) + printf ("i386-pc-bsd\n"); exit (0); +#endif + +#if defined (sequent) +#if defined (i386) + printf ("i386-sequent-dynix\n"); exit (0); +#endif +#if defined (ns32000) + printf ("ns32k-sequent-dynix\n"); exit (0); +#endif +#endif + +#if defined (_SEQUENT_) + struct utsname un; + + uname(&un); + + if (strncmp(un.version, "V2", 2) == 0) { + printf ("i386-sequent-ptx2\n"); exit (0); + } + if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */ + printf ("i386-sequent-ptx1\n"); exit (0); + } + printf ("i386-sequent-ptx\n"); exit (0); + +#endif + +#if defined (vax) +# if !defined (ultrix) +# include +# if defined (BSD) +# if BSD == 43 + printf ("vax-dec-bsd4.3\n"); exit (0); +# else +# if BSD == 199006 + printf ("vax-dec-bsd4.3reno\n"); exit (0); +# else + printf ("vax-dec-bsd\n"); exit (0); +# endif +# endif +# else + printf ("vax-dec-bsd\n"); exit (0); +# endif +# else + printf ("vax-dec-ultrix\n"); exit (0); +# endif +#endif + +#if defined (alliant) && defined (i860) + printf ("i860-alliant-bsd\n"); exit (0); +#endif + + exit (1); +} +EOF + +$CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && SYSTEM_NAME=`$dummy` && + { echo "$SYSTEM_NAME"; exit; } + +# Apollos put the system type in the environment. + +test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit; } + +# Convex versions that predate uname can use getsysinfo(1) + +if [ -x /usr/convex/getsysinfo ] +then + case `getsysinfo -f cpu_type` in + c1*) + echo c1-convex-bsd + exit ;; + c2*) + if getsysinfo -f scalar_acc + then echo c32-convex-bsd + else echo c2-convex-bsd + fi + exit ;; + c34*) + echo c34-convex-bsd + exit ;; + c38*) + echo c38-convex-bsd + exit ;; + c4*) + echo c4-convex-bsd + exit ;; + esac +fi + +cat >&2 < in order to provide the needed +information to handle your system. + +config.guess timestamp = $timestamp + +uname -m = `(uname -m) 2>/dev/null || echo unknown` +uname -r = `(uname -r) 2>/dev/null || echo unknown` +uname -s = `(uname -s) 2>/dev/null || echo unknown` +uname -v = `(uname -v) 2>/dev/null || echo unknown` + +/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null` +/bin/uname -X = `(/bin/uname -X) 2>/dev/null` + +hostinfo = `(hostinfo) 2>/dev/null` +/bin/universe = `(/bin/universe) 2>/dev/null` +/usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null` +/bin/arch = `(/bin/arch) 2>/dev/null` +/usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null` +/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null` + +UNAME_MACHINE = ${UNAME_MACHINE} +UNAME_RELEASE = ${UNAME_RELEASE} +UNAME_SYSTEM = ${UNAME_SYSTEM} +UNAME_VERSION = ${UNAME_VERSION} +EOF + +exit 1 + +# Local variables: +# eval: (add-hook 'write-file-hooks 'time-stamp) +# time-stamp-start: "timestamp='" +# time-stamp-format: "%:y-%02m-%02d" +# time-stamp-end: "'" +# End: diff --git a/config.h.in b/config.h.in new file mode 100644 index 00000000..968ddec8 --- /dev/null +++ b/config.h.in @@ -0,0 +1,143 @@ +/* config.h.in. Generated from configure.ac by autoheader. */ + +/* always defined to indicate that i18n is enabled */ +#undef ENABLE_NLS + +/* gettext domain */ +#undef GETTEXT_PACKAGE + +/* Define to 1 if you have the `bind_textdomain_codeset' function. */ +#undef HAVE_BIND_TEXTDOMAIN_CODESET + +/* Define to 1 if you have the `clearenv' function. */ +#undef HAVE_CLEARENV + +/* Define to 1 if you have the `dcgettext' function. */ +#undef HAVE_DCGETTEXT + +/* Define to 1 if you have the header file. */ +#undef HAVE_DLFCN_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_EXPAT_H + +/* Is this a FreeBSD system? */ +#undef HAVE_FREEBSD + +/* Define if the GNU gettext() function is already present or preinstalled. */ +#undef HAVE_GETTEXT + +/* Define to 1 if you have the header file. */ +#undef HAVE_INTTYPES_H + +/* Define if your file defines LC_MESSAGES. */ +#undef HAVE_LC_MESSAGES + +/* Define to 1 if you have the header file. */ +#undef HAVE_LOCALE_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_MEMORY_H + +/* Define if PAM support is included */ +#undef HAVE_PAM + +/* "Have pam_ext.h" */ +#undef HAVE_PAM_EXT_H + +/* "Have pam_modutil.h" */ +#undef HAVE_PAM_MODUTIL_H + +/* "Have pam_vsyslog" */ +#undef HAVE_PAM_VSYSLOG + +/* Is this a Solaris system? */ +#undef HAVE_SOLARIS + +/* Define to 1 if you have the header file. */ +#undef HAVE_STDINT_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_STDLIB_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_STRINGS_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_STRING_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_STAT_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_TYPES_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_UNISTD_H + +/* Define to the sub-directory in which libtool stores uninstalled libraries. + */ +#undef LT_OBJDIR + +/* Define to 1 if your C compiler doesn't accept -c and -o together. */ +#undef NO_MINUS_C_MINUS_O + +/* Name of package */ +#undef PACKAGE + +/* Define to the address where bug reports for this package should be sent. */ +#undef PACKAGE_BUGREPORT + +/* Define to the full name of this package. */ +#undef PACKAGE_NAME + +/* Define to the full name and version of this package. */ +#undef PACKAGE_STRING + +/* Define to the one symbol short name of this package. */ +#undef PACKAGE_TARNAME + +/* Define to the home page for this package. */ +#undef PACKAGE_URL + +/* Define to the version of this package. */ +#undef PACKAGE_VERSION + +/* pam file account */ +#undef PAM_FILE_INCLUDE_ACCOUNT + +/* pam file auth */ +#undef PAM_FILE_INCLUDE_AUTH + +/* pam file password */ +#undef PAM_FILE_INCLUDE_PASSWORD + +/* pam file session */ +#undef PAM_FILE_INCLUDE_SESSION + +/* Define if pam_strerror takes two arguments */ +#undef PAM_STRERROR_TWO_ARGS + +/* Authentication Framework to use */ +#undef POLKIT_AUTHFW + +/* If using no authentication framework */ +#undef POLKIT_AUTHFW_NONE + +/* If using the PAM authentication framework */ +#undef POLKIT_AUTHFW_PAM + +/* If using the Shadow authentication framework */ +#undef POLKIT_AUTHFW_SHADOW + +/* Define to 1 if you have the ANSI C header files. */ +#undef STDC_HEADERS + +/* Version number of package */ +#undef VERSION + +/* Number of bits in a file offset, on hosts where this is settable. */ +#undef _FILE_OFFSET_BITS + +/* Define for large files, on AIX-style hosts. */ +#undef _LARGE_FILES diff --git a/config.sub b/config.sub new file mode 100755 index 00000000..d6b6b3c7 --- /dev/null +++ b/config.sub @@ -0,0 +1,1766 @@ +#! /bin/sh +# Configuration validation subroutine script. +# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, +# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, +# 2011, 2012 Free Software Foundation, Inc. + +timestamp='2012-01-01' + +# This file is (in principle) common to ALL GNU software. +# The presence of a machine in this file suggests that SOME GNU software +# can handle that machine. It does not imply ALL GNU software can. +# +# This file is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA +# 02110-1301, USA. +# +# As a special exception to the GNU General Public License, if you +# distribute this file as part of a program that contains a +# configuration script generated by Autoconf, you may include it under +# the same distribution terms that you use for the rest of that program. + + +# Please send patches to . Submit a context +# diff and a properly formatted GNU ChangeLog entry. +# +# Configuration subroutine to validate and canonicalize a configuration type. +# Supply the specified configuration type as an argument. +# If it is invalid, we print an error message on stderr and exit with code 1. +# Otherwise, we print the canonical config type on stdout and succeed. + +# You can get the latest version of this script from: +# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD + +# This file is supposed to be the same for all GNU packages +# and recognize all the CPU types, system types and aliases +# that are meaningful with *any* GNU software. +# Each package is responsible for reporting which valid configurations +# it does not support. The user should be able to distinguish +# a failure to support a valid configuration from a meaningless +# configuration. + +# The goal of this file is to map all the various variations of a given +# machine specification into a single specification in the form: +# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM +# or in some cases, the newer four-part form: +# CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM +# It is wrong to echo any other type of specification. + +me=`echo "$0" | sed -e 's,.*/,,'` + +usage="\ +Usage: $0 [OPTION] CPU-MFR-OPSYS + $0 [OPTION] ALIAS + +Canonicalize a configuration name. + +Operation modes: + -h, --help print this help, then exit + -t, --time-stamp print date of last modification, then exit + -v, --version print version number, then exit + +Report bugs and patches to ." + +version="\ +GNU config.sub ($timestamp) + +Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, +2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012 +Free Software Foundation, Inc. + +This is free software; see the source for copying conditions. There is NO +warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." + +help=" +Try \`$me --help' for more information." + +# Parse command line +while test $# -gt 0 ; do + case $1 in + --time-stamp | --time* | -t ) + echo "$timestamp" ; exit ;; + --version | -v ) + echo "$version" ; exit ;; + --help | --h* | -h ) + echo "$usage"; exit ;; + -- ) # Stop option processing + shift; break ;; + - ) # Use stdin as input. + break ;; + -* ) + echo "$me: invalid option $1$help" + exit 1 ;; + + *local*) + # First pass through any local machine types. + echo $1 + exit ;; + + * ) + break ;; + esac +done + +case $# in + 0) echo "$me: missing argument$help" >&2 + exit 1;; + 1) ;; + *) echo "$me: too many arguments$help" >&2 + exit 1;; +esac + +# Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any). +# Here we must recognize all the valid KERNEL-OS combinations. +maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'` +case $maybe_os in + nto-qnx* | linux-gnu* | linux-android* | linux-dietlibc | linux-newlib* | \ + linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | \ + knetbsd*-gnu* | netbsd*-gnu* | \ + kopensolaris*-gnu* | \ + storm-chaos* | os2-emx* | rtmk-nova*) + os=-$maybe_os + basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'` + ;; + *) + basic_machine=`echo $1 | sed 's/-[^-]*$//'` + if [ $basic_machine != $1 ] + then os=`echo $1 | sed 's/.*-/-/'` + else os=; fi + ;; +esac + +### Let's recognize common machines as not being operating systems so +### that things like config.sub decstation-3100 work. We also +### recognize some manufacturers as not being operating systems, so we +### can provide default operating systems below. +case $os in + -sun*os*) + # Prevent following clause from handling this invalid input. + ;; + -dec* | -mips* | -sequent* | -encore* | -pc532* | -sgi* | -sony* | \ + -att* | -7300* | -3300* | -delta* | -motorola* | -sun[234]* | \ + -unicom* | -ibm* | -next | -hp | -isi* | -apollo | -altos* | \ + -convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\ + -c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \ + -harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \ + -apple | -axis | -knuth | -cray | -microblaze) + os= + basic_machine=$1 + ;; + -bluegene*) + os=-cnk + ;; + -sim | -cisco | -oki | -wec | -winbond) + os= + basic_machine=$1 + ;; + -scout) + ;; + -wrs) + os=-vxworks + basic_machine=$1 + ;; + -chorusos*) + os=-chorusos + basic_machine=$1 + ;; + -chorusrdb) + os=-chorusrdb + basic_machine=$1 + ;; + -hiux*) + os=-hiuxwe2 + ;; + -sco6) + os=-sco5v6 + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -sco5) + os=-sco3.2v5 + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -sco4) + os=-sco3.2v4 + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -sco3.2.[4-9]*) + os=`echo $os | sed -e 's/sco3.2./sco3.2v/'` + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -sco3.2v[4-9]*) + # Don't forget version if it is 3.2v4 or newer. + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -sco5v6*) + # Don't forget version if it is 3.2v4 or newer. + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -sco*) + os=-sco3.2v2 + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -udk*) + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -isc) + os=-isc2.2 + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -clix*) + basic_machine=clipper-intergraph + ;; + -isc*) + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -lynx*) + os=-lynxos + ;; + -ptx*) + basic_machine=`echo $1 | sed -e 's/86-.*/86-sequent/'` + ;; + -windowsnt*) + os=`echo $os | sed -e 's/windowsnt/winnt/'` + ;; + -psos*) + os=-psos + ;; + -mint | -mint[0-9]*) + basic_machine=m68k-atari + os=-mint + ;; +esac + +# Decode aliases for certain CPU-COMPANY combinations. +case $basic_machine in + # Recognize the basic CPU types without company name. + # Some are omitted here because they have special meanings below. + 1750a | 580 \ + | a29k \ + | alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \ + | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \ + | am33_2.0 \ + | arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr | avr32 \ + | be32 | be64 \ + | bfin \ + | c4x | clipper \ + | d10v | d30v | dlx | dsp16xx \ + | epiphany \ + | fido | fr30 | frv \ + | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \ + | hexagon \ + | i370 | i860 | i960 | ia64 \ + | ip2k | iq2000 \ + | le32 | le64 \ + | lm32 \ + | m32c | m32r | m32rle | m68000 | m68k | m88k \ + | maxq | mb | microblaze | mcore | mep | metag \ + | mips | mipsbe | mipseb | mipsel | mipsle \ + | mips16 \ + | mips64 | mips64el \ + | mips64octeon | mips64octeonel \ + | mips64orion | mips64orionel \ + | mips64r5900 | mips64r5900el \ + | mips64vr | mips64vrel \ + | mips64vr4100 | mips64vr4100el \ + | mips64vr4300 | mips64vr4300el \ + | mips64vr5000 | mips64vr5000el \ + | mips64vr5900 | mips64vr5900el \ + | mipsisa32 | mipsisa32el \ + | mipsisa32r2 | mipsisa32r2el \ + | mipsisa64 | mipsisa64el \ + | mipsisa64r2 | mipsisa64r2el \ + | mipsisa64sb1 | mipsisa64sb1el \ + | mipsisa64sr71k | mipsisa64sr71kel \ + | mipstx39 | mipstx39el \ + | mn10200 | mn10300 \ + | moxie \ + | mt \ + | msp430 \ + | nds32 | nds32le | nds32be \ + | nios | nios2 \ + | ns16k | ns32k \ + | open8 \ + | or32 \ + | pdp10 | pdp11 | pj | pjl \ + | powerpc | powerpc64 | powerpc64le | powerpcle \ + | pyramid \ + | rl78 | rx \ + | score \ + | sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \ + | sh64 | sh64le \ + | sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \ + | sparcv8 | sparcv9 | sparcv9b | sparcv9v \ + | spu \ + | tahoe | tic4x | tic54x | tic55x | tic6x | tic80 | tron \ + | ubicom32 \ + | v850 | v850e | v850e1 | v850e2 | v850es | v850e2v3 \ + | we32k \ + | x86 | xc16x | xstormy16 | xtensa \ + | z8k | z80) + basic_machine=$basic_machine-unknown + ;; + c54x) + basic_machine=tic54x-unknown + ;; + c55x) + basic_machine=tic55x-unknown + ;; + c6x) + basic_machine=tic6x-unknown + ;; + m6811 | m68hc11 | m6812 | m68hc12 | picochip) + basic_machine=$basic_machine-unknown + os=-none + ;; + m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | v70 | w65 | z8k) + ;; + ms1) + basic_machine=mt-unknown + ;; + + strongarm | thumb | xscale) + basic_machine=arm-unknown + ;; + + xscaleeb) + basic_machine=armeb-unknown + ;; + + xscaleel) + basic_machine=armel-unknown + ;; + + # We use `pc' rather than `unknown' + # because (1) that's what they normally are, and + # (2) the word "unknown" tends to confuse beginning users. + i*86 | x86_64) + basic_machine=$basic_machine-pc + ;; + # Object if more than one company name word. + *-*-*) + echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2 + exit 1 + ;; + # Recognize the basic CPU types with company name. + 580-* \ + | a29k-* \ + | alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \ + | alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \ + | alphapca5[67]-* | alpha64pca5[67]-* | arc-* \ + | arm-* | armbe-* | armle-* | armeb-* | armv*-* \ + | avr-* | avr32-* \ + | be32-* | be64-* \ + | bfin-* | bs2000-* \ + | c[123]* | c30-* | [cjt]90-* | c4x-* \ + | clipper-* | craynv-* | cydra-* \ + | d10v-* | d30v-* | dlx-* \ + | elxsi-* \ + | f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \ + | h8300-* | h8500-* \ + | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \ + | hexagon-* \ + | i*86-* | i860-* | i960-* | ia64-* \ + | ip2k-* | iq2000-* \ + | le32-* | le64-* \ + | lm32-* \ + | m32c-* | m32r-* | m32rle-* \ + | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \ + | m88110-* | m88k-* | maxq-* | mcore-* | metag-* | microblaze-* \ + | mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \ + | mips16-* \ + | mips64-* | mips64el-* \ + | mips64octeon-* | mips64octeonel-* \ + | mips64orion-* | mips64orionel-* \ + | mips64r5900-* | mips64r5900el-* \ + | mips64vr-* | mips64vrel-* \ + | mips64vr4100-* | mips64vr4100el-* \ + | mips64vr4300-* | mips64vr4300el-* \ + | mips64vr5000-* | mips64vr5000el-* \ + | mips64vr5900-* | mips64vr5900el-* \ + | mipsisa32-* | mipsisa32el-* \ + | mipsisa32r2-* | mipsisa32r2el-* \ + | mipsisa64-* | mipsisa64el-* \ + | mipsisa64r2-* | mipsisa64r2el-* \ + | mipsisa64sb1-* | mipsisa64sb1el-* \ + | mipsisa64sr71k-* | mipsisa64sr71kel-* \ + | mipstx39-* | mipstx39el-* \ + | mmix-* \ + | mt-* \ + | msp430-* \ + | nds32-* | nds32le-* | nds32be-* \ + | nios-* | nios2-* \ + | none-* | np1-* | ns16k-* | ns32k-* \ + | open8-* \ + | orion-* \ + | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \ + | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* \ + | pyramid-* \ + | rl78-* | romp-* | rs6000-* | rx-* \ + | sh-* | sh[1234]-* | sh[24]a-* | sh[24]aeb-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \ + | shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \ + | sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \ + | sparclite-* \ + | sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | sv1-* | sx?-* \ + | tahoe-* \ + | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \ + | tile*-* \ + | tron-* \ + | ubicom32-* \ + | v850-* | v850e-* | v850e1-* | v850es-* | v850e2-* | v850e2v3-* \ + | vax-* \ + | we32k-* \ + | x86-* | x86_64-* | xc16x-* | xps100-* \ + | xstormy16-* | xtensa*-* \ + | ymp-* \ + | z8k-* | z80-*) + ;; + # Recognize the basic CPU types without company name, with glob match. + xtensa*) + basic_machine=$basic_machine-unknown + ;; + # Recognize the various machine names and aliases which stand + # for a CPU type and a company and sometimes even an OS. + 386bsd) + basic_machine=i386-unknown + os=-bsd + ;; + 3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc) + basic_machine=m68000-att + ;; + 3b*) + basic_machine=we32k-att + ;; + a29khif) + basic_machine=a29k-amd + os=-udi + ;; + abacus) + basic_machine=abacus-unknown + ;; + adobe68k) + basic_machine=m68010-adobe + os=-scout + ;; + alliant | fx80) + basic_machine=fx80-alliant + ;; + altos | altos3068) + basic_machine=m68k-altos + ;; + am29k) + basic_machine=a29k-none + os=-bsd + ;; + amd64) + basic_machine=x86_64-pc + ;; + amd64-*) + basic_machine=x86_64-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + amdahl) + basic_machine=580-amdahl + os=-sysv + ;; + amiga | amiga-*) + basic_machine=m68k-unknown + ;; + amigaos | amigados) + basic_machine=m68k-unknown + os=-amigaos + ;; + amigaunix | amix) + basic_machine=m68k-unknown + os=-sysv4 + ;; + apollo68) + basic_machine=m68k-apollo + os=-sysv + ;; + apollo68bsd) + basic_machine=m68k-apollo + os=-bsd + ;; + aros) + basic_machine=i386-pc + os=-aros + ;; + aux) + basic_machine=m68k-apple + os=-aux + ;; + balance) + basic_machine=ns32k-sequent + os=-dynix + ;; + blackfin) + basic_machine=bfin-unknown + os=-linux + ;; + blackfin-*) + basic_machine=bfin-`echo $basic_machine | sed 's/^[^-]*-//'` + os=-linux + ;; + bluegene*) + basic_machine=powerpc-ibm + os=-cnk + ;; + c54x-*) + basic_machine=tic54x-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + c55x-*) + basic_machine=tic55x-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + c6x-*) + basic_machine=tic6x-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + c90) + basic_machine=c90-cray + os=-unicos + ;; + cegcc) + basic_machine=arm-unknown + os=-cegcc + ;; + convex-c1) + basic_machine=c1-convex + os=-bsd + ;; + convex-c2) + basic_machine=c2-convex + os=-bsd + ;; + convex-c32) + basic_machine=c32-convex + os=-bsd + ;; + convex-c34) + basic_machine=c34-convex + os=-bsd + ;; + convex-c38) + basic_machine=c38-convex + os=-bsd + ;; + cray | j90) + basic_machine=j90-cray + os=-unicos + ;; + craynv) + basic_machine=craynv-cray + os=-unicosmp + ;; + cr16 | cr16-*) + basic_machine=cr16-unknown + os=-elf + ;; + crds | unos) + basic_machine=m68k-crds + ;; + crisv32 | crisv32-* | etraxfs*) + basic_machine=crisv32-axis + ;; + cris | cris-* | etrax*) + basic_machine=cris-axis + ;; + crx) + basic_machine=crx-unknown + os=-elf + ;; + da30 | da30-*) + basic_machine=m68k-da30 + ;; + decstation | decstation-3100 | pmax | pmax-* | pmin | dec3100 | decstatn) + basic_machine=mips-dec + ;; + decsystem10* | dec10*) + basic_machine=pdp10-dec + os=-tops10 + ;; + decsystem20* | dec20*) + basic_machine=pdp10-dec + os=-tops20 + ;; + delta | 3300 | motorola-3300 | motorola-delta \ + | 3300-motorola | delta-motorola) + basic_machine=m68k-motorola + ;; + delta88) + basic_machine=m88k-motorola + os=-sysv3 + ;; + dicos) + basic_machine=i686-pc + os=-dicos + ;; + djgpp) + basic_machine=i586-pc + os=-msdosdjgpp + ;; + dpx20 | dpx20-*) + basic_machine=rs6000-bull + os=-bosx + ;; + dpx2* | dpx2*-bull) + basic_machine=m68k-bull + os=-sysv3 + ;; + ebmon29k) + basic_machine=a29k-amd + os=-ebmon + ;; + elxsi) + basic_machine=elxsi-elxsi + os=-bsd + ;; + encore | umax | mmax) + basic_machine=ns32k-encore + ;; + es1800 | OSE68k | ose68k | ose | OSE) + basic_machine=m68k-ericsson + os=-ose + ;; + fx2800) + basic_machine=i860-alliant + ;; + genix) + basic_machine=ns32k-ns + ;; + gmicro) + basic_machine=tron-gmicro + os=-sysv + ;; + go32) + basic_machine=i386-pc + os=-go32 + ;; + h3050r* | hiux*) + basic_machine=hppa1.1-hitachi + os=-hiuxwe2 + ;; + h8300hms) + basic_machine=h8300-hitachi + os=-hms + ;; + h8300xray) + basic_machine=h8300-hitachi + os=-xray + ;; + h8500hms) + basic_machine=h8500-hitachi + os=-hms + ;; + harris) + basic_machine=m88k-harris + os=-sysv3 + ;; + hp300-*) + basic_machine=m68k-hp + ;; + hp300bsd) + basic_machine=m68k-hp + os=-bsd + ;; + hp300hpux) + basic_machine=m68k-hp + os=-hpux + ;; + hp3k9[0-9][0-9] | hp9[0-9][0-9]) + basic_machine=hppa1.0-hp + ;; + hp9k2[0-9][0-9] | hp9k31[0-9]) + basic_machine=m68000-hp + ;; + hp9k3[2-9][0-9]) + basic_machine=m68k-hp + ;; + hp9k6[0-9][0-9] | hp6[0-9][0-9]) + basic_machine=hppa1.0-hp + ;; + hp9k7[0-79][0-9] | hp7[0-79][0-9]) + basic_machine=hppa1.1-hp + ;; + hp9k78[0-9] | hp78[0-9]) + # FIXME: really hppa2.0-hp + basic_machine=hppa1.1-hp + ;; + hp9k8[67]1 | hp8[67]1 | hp9k80[24] | hp80[24] | hp9k8[78]9 | hp8[78]9 | hp9k893 | hp893) + # FIXME: really hppa2.0-hp + basic_machine=hppa1.1-hp + ;; + hp9k8[0-9][13679] | hp8[0-9][13679]) + basic_machine=hppa1.1-hp + ;; + hp9k8[0-9][0-9] | hp8[0-9][0-9]) + basic_machine=hppa1.0-hp + ;; + hppa-next) + os=-nextstep3 + ;; + hppaosf) + basic_machine=hppa1.1-hp + os=-osf + ;; + hppro) + basic_machine=hppa1.1-hp + os=-proelf + ;; + i370-ibm* | ibm*) + basic_machine=i370-ibm + ;; + i*86v32) + basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` + os=-sysv32 + ;; + i*86v4*) + basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` + os=-sysv4 + ;; + i*86v) + basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` + os=-sysv + ;; + i*86sol2) + basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` + os=-solaris2 + ;; + i386mach) + basic_machine=i386-mach + os=-mach + ;; + i386-vsta | vsta) + basic_machine=i386-unknown + os=-vsta + ;; + iris | iris4d) + basic_machine=mips-sgi + case $os in + -irix*) + ;; + *) + os=-irix4 + ;; + esac + ;; + isi68 | isi) + basic_machine=m68k-isi + os=-sysv + ;; + m68knommu) + basic_machine=m68k-unknown + os=-linux + ;; + m68knommu-*) + basic_machine=m68k-`echo $basic_machine | sed 's/^[^-]*-//'` + os=-linux + ;; + m88k-omron*) + basic_machine=m88k-omron + ;; + magnum | m3230) + basic_machine=mips-mips + os=-sysv + ;; + merlin) + basic_machine=ns32k-utek + os=-sysv + ;; + microblaze) + basic_machine=microblaze-xilinx + ;; + mingw32) + basic_machine=i386-pc + os=-mingw32 + ;; + mingw32ce) + basic_machine=arm-unknown + os=-mingw32ce + ;; + miniframe) + basic_machine=m68000-convergent + ;; + *mint | -mint[0-9]* | *MiNT | *MiNT[0-9]*) + basic_machine=m68k-atari + os=-mint + ;; + mips3*-*) + basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'` + ;; + mips3*) + basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown + ;; + monitor) + basic_machine=m68k-rom68k + os=-coff + ;; + morphos) + basic_machine=powerpc-unknown + os=-morphos + ;; + msdos) + basic_machine=i386-pc + os=-msdos + ;; + ms1-*) + basic_machine=`echo $basic_machine | sed -e 's/ms1-/mt-/'` + ;; + msys) + basic_machine=i386-pc + os=-msys + ;; + mvs) + basic_machine=i370-ibm + os=-mvs + ;; + nacl) + basic_machine=le32-unknown + os=-nacl + ;; + ncr3000) + basic_machine=i486-ncr + os=-sysv4 + ;; + netbsd386) + basic_machine=i386-unknown + os=-netbsd + ;; + netwinder) + basic_machine=armv4l-rebel + os=-linux + ;; + news | news700 | news800 | news900) + basic_machine=m68k-sony + os=-newsos + ;; + news1000) + basic_machine=m68030-sony + os=-newsos + ;; + news-3600 | risc-news) + basic_machine=mips-sony + os=-newsos + ;; + necv70) + basic_machine=v70-nec + os=-sysv + ;; + next | m*-next ) + basic_machine=m68k-next + case $os in + -nextstep* ) + ;; + -ns2*) + os=-nextstep2 + ;; + *) + os=-nextstep3 + ;; + esac + ;; + nh3000) + basic_machine=m68k-harris + os=-cxux + ;; + nh[45]000) + basic_machine=m88k-harris + os=-cxux + ;; + nindy960) + basic_machine=i960-intel + os=-nindy + ;; + mon960) + basic_machine=i960-intel + os=-mon960 + ;; + nonstopux) + basic_machine=mips-compaq + os=-nonstopux + ;; + np1) + basic_machine=np1-gould + ;; + neo-tandem) + basic_machine=neo-tandem + ;; + nse-tandem) + basic_machine=nse-tandem + ;; + nsr-tandem) + basic_machine=nsr-tandem + ;; + op50n-* | op60c-*) + basic_machine=hppa1.1-oki + os=-proelf + ;; + openrisc | openrisc-*) + basic_machine=or32-unknown + ;; + os400) + basic_machine=powerpc-ibm + os=-os400 + ;; + OSE68000 | ose68000) + basic_machine=m68000-ericsson + os=-ose + ;; + os68k) + basic_machine=m68k-none + os=-os68k + ;; + pa-hitachi) + basic_machine=hppa1.1-hitachi + os=-hiuxwe2 + ;; + paragon) + basic_machine=i860-intel + os=-osf + ;; + parisc) + basic_machine=hppa-unknown + os=-linux + ;; + parisc-*) + basic_machine=hppa-`echo $basic_machine | sed 's/^[^-]*-//'` + os=-linux + ;; + pbd) + basic_machine=sparc-tti + ;; + pbb) + basic_machine=m68k-tti + ;; + pc532 | pc532-*) + basic_machine=ns32k-pc532 + ;; + pc98) + basic_machine=i386-pc + ;; + pc98-*) + basic_machine=i386-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + pentium | p5 | k5 | k6 | nexgen | viac3) + basic_machine=i586-pc + ;; + pentiumpro | p6 | 6x86 | athlon | athlon_*) + basic_machine=i686-pc + ;; + pentiumii | pentium2 | pentiumiii | pentium3) + basic_machine=i686-pc + ;; + pentium4) + basic_machine=i786-pc + ;; + pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*) + basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + pentiumpro-* | p6-* | 6x86-* | athlon-*) + basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + pentiumii-* | pentium2-* | pentiumiii-* | pentium3-*) + basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + pentium4-*) + basic_machine=i786-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + pn) + basic_machine=pn-gould + ;; + power) basic_machine=power-ibm + ;; + ppc | ppcbe) basic_machine=powerpc-unknown + ;; + ppc-* | ppcbe-*) + basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + ppcle | powerpclittle | ppc-le | powerpc-little) + basic_machine=powerpcle-unknown + ;; + ppcle-* | powerpclittle-*) + basic_machine=powerpcle-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + ppc64) basic_machine=powerpc64-unknown + ;; + ppc64-*) basic_machine=powerpc64-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + ppc64le | powerpc64little | ppc64-le | powerpc64-little) + basic_machine=powerpc64le-unknown + ;; + ppc64le-* | powerpc64little-*) + basic_machine=powerpc64le-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + ps2) + basic_machine=i386-ibm + ;; + pw32) + basic_machine=i586-unknown + os=-pw32 + ;; + rdos) + basic_machine=i386-pc + os=-rdos + ;; + rom68k) + basic_machine=m68k-rom68k + os=-coff + ;; + rm[46]00) + basic_machine=mips-siemens + ;; + rtpc | rtpc-*) + basic_machine=romp-ibm + ;; + s390 | s390-*) + basic_machine=s390-ibm + ;; + s390x | s390x-*) + basic_machine=s390x-ibm + ;; + sa29200) + basic_machine=a29k-amd + os=-udi + ;; + sb1) + basic_machine=mipsisa64sb1-unknown + ;; + sb1el) + basic_machine=mipsisa64sb1el-unknown + ;; + sde) + basic_machine=mipsisa32-sde + os=-elf + ;; + sei) + basic_machine=mips-sei + os=-seiux + ;; + sequent) + basic_machine=i386-sequent + ;; + sh) + basic_machine=sh-hitachi + os=-hms + ;; + sh5el) + basic_machine=sh5le-unknown + ;; + sh64) + basic_machine=sh64-unknown + ;; + sparclite-wrs | simso-wrs) + basic_machine=sparclite-wrs + os=-vxworks + ;; + sps7) + basic_machine=m68k-bull + os=-sysv2 + ;; + spur) + basic_machine=spur-unknown + ;; + st2000) + basic_machine=m68k-tandem + ;; + stratus) + basic_machine=i860-stratus + os=-sysv4 + ;; + strongarm-* | thumb-*) + basic_machine=arm-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + sun2) + basic_machine=m68000-sun + ;; + sun2os3) + basic_machine=m68000-sun + os=-sunos3 + ;; + sun2os4) + basic_machine=m68000-sun + os=-sunos4 + ;; + sun3os3) + basic_machine=m68k-sun + os=-sunos3 + ;; + sun3os4) + basic_machine=m68k-sun + os=-sunos4 + ;; + sun4os3) + basic_machine=sparc-sun + os=-sunos3 + ;; + sun4os4) + basic_machine=sparc-sun + os=-sunos4 + ;; + sun4sol2) + basic_machine=sparc-sun + os=-solaris2 + ;; + sun3 | sun3-*) + basic_machine=m68k-sun + ;; + sun4) + basic_machine=sparc-sun + ;; + sun386 | sun386i | roadrunner) + basic_machine=i386-sun + ;; + sv1) + basic_machine=sv1-cray + os=-unicos + ;; + symmetry) + basic_machine=i386-sequent + os=-dynix + ;; + t3e) + basic_machine=alphaev5-cray + os=-unicos + ;; + t90) + basic_machine=t90-cray + os=-unicos + ;; + tile*) + basic_machine=$basic_machine-unknown + os=-linux-gnu + ;; + tx39) + basic_machine=mipstx39-unknown + ;; + tx39el) + basic_machine=mipstx39el-unknown + ;; + toad1) + basic_machine=pdp10-xkl + os=-tops20 + ;; + tower | tower-32) + basic_machine=m68k-ncr + ;; + tpf) + basic_machine=s390x-ibm + os=-tpf + ;; + udi29k) + basic_machine=a29k-amd + os=-udi + ;; + ultra3) + basic_machine=a29k-nyu + os=-sym1 + ;; + v810 | necv810) + basic_machine=v810-nec + os=-none + ;; + vaxv) + basic_machine=vax-dec + os=-sysv + ;; + vms) + basic_machine=vax-dec + os=-vms + ;; + vpp*|vx|vx-*) + basic_machine=f301-fujitsu + ;; + vxworks960) + basic_machine=i960-wrs + os=-vxworks + ;; + vxworks68) + basic_machine=m68k-wrs + os=-vxworks + ;; + vxworks29k) + basic_machine=a29k-wrs + os=-vxworks + ;; + w65*) + basic_machine=w65-wdc + os=-none + ;; + w89k-*) + basic_machine=hppa1.1-winbond + os=-proelf + ;; + xbox) + basic_machine=i686-pc + os=-mingw32 + ;; + xps | xps100) + basic_machine=xps100-honeywell + ;; + xscale-* | xscalee[bl]-*) + basic_machine=`echo $basic_machine | sed 's/^xscale/arm/'` + ;; + ymp) + basic_machine=ymp-cray + os=-unicos + ;; + z8k-*-coff) + basic_machine=z8k-unknown + os=-sim + ;; + z80-*-coff) + basic_machine=z80-unknown + os=-sim + ;; + none) + basic_machine=none-none + os=-none + ;; + +# Here we handle the default manufacturer of certain CPU types. It is in +# some cases the only manufacturer, in others, it is the most popular. + w89k) + basic_machine=hppa1.1-winbond + ;; + op50n) + basic_machine=hppa1.1-oki + ;; + op60c) + basic_machine=hppa1.1-oki + ;; + romp) + basic_machine=romp-ibm + ;; + mmix) + basic_machine=mmix-knuth + ;; + rs6000) + basic_machine=rs6000-ibm + ;; + vax) + basic_machine=vax-dec + ;; + pdp10) + # there are many clones, so DEC is not a safe bet + basic_machine=pdp10-unknown + ;; + pdp11) + basic_machine=pdp11-dec + ;; + we32k) + basic_machine=we32k-att + ;; + sh[1234] | sh[24]a | sh[24]aeb | sh[34]eb | sh[1234]le | sh[23]ele) + basic_machine=sh-unknown + ;; + sparc | sparcv8 | sparcv9 | sparcv9b | sparcv9v) + basic_machine=sparc-sun + ;; + cydra) + basic_machine=cydra-cydrome + ;; + orion) + basic_machine=orion-highlevel + ;; + orion105) + basic_machine=clipper-highlevel + ;; + mac | mpw | mac-mpw) + basic_machine=m68k-apple + ;; + pmac | pmac-mpw) + basic_machine=powerpc-apple + ;; + *-unknown) + # Make sure to match an already-canonicalized machine name. + ;; + *) + echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2 + exit 1 + ;; +esac + +# Here we canonicalize certain aliases for manufacturers. +case $basic_machine in + *-digital*) + basic_machine=`echo $basic_machine | sed 's/digital.*/dec/'` + ;; + *-commodore*) + basic_machine=`echo $basic_machine | sed 's/commodore.*/cbm/'` + ;; + *) + ;; +esac + +# Decode manufacturer-specific aliases for certain operating systems. + +if [ x"$os" != x"" ] +then +case $os in + # First match some system type aliases + # that might get confused with valid system types. + # -solaris* is a basic system type, with this one exception. + -auroraux) + os=-auroraux + ;; + -solaris1 | -solaris1.*) + os=`echo $os | sed -e 's|solaris1|sunos4|'` + ;; + -solaris) + os=-solaris2 + ;; + -svr4*) + os=-sysv4 + ;; + -unixware*) + os=-sysv4.2uw + ;; + -gnu/linux*) + os=`echo $os | sed -e 's|gnu/linux|linux-gnu|'` + ;; + # First accept the basic system types. + # The portable systems comes first. + # Each alternative MUST END IN A *, to match a version number. + # -sysv* is not here because it comes later, after sysvr4. + -gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \ + | -*vms* | -sco* | -esix* | -isc* | -aix* | -cnk* | -sunos | -sunos[34]*\ + | -hpux* | -unos* | -osf* | -luna* | -dgux* | -auroraux* | -solaris* \ + | -sym* | -kopensolaris* \ + | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \ + | -aos* | -aros* \ + | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \ + | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \ + | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \ + | -openbsd* | -solidbsd* \ + | -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \ + | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \ + | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \ + | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \ + | -chorusos* | -chorusrdb* | -cegcc* \ + | -cygwin* | -msys* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ + | -mingw32* | -linux-gnu* | -linux-android* \ + | -linux-newlib* | -linux-uclibc* \ + | -uxpv* | -beos* | -mpeix* | -udk* \ + | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \ + | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \ + | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \ + | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \ + | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \ + | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \ + | -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es*) + # Remember, each alternative MUST END IN *, to match a version number. + ;; + -qnx*) + case $basic_machine in + x86-* | i*86-*) + ;; + *) + os=-nto$os + ;; + esac + ;; + -nto-qnx*) + ;; + -nto*) + os=`echo $os | sed -e 's|nto|nto-qnx|'` + ;; + -sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \ + | -windows* | -osx | -abug | -netware* | -os9* | -beos* | -haiku* \ + | -macos* | -mpw* | -magic* | -mmixware* | -mon960* | -lnews*) + ;; + -mac*) + os=`echo $os | sed -e 's|mac|macos|'` + ;; + -linux-dietlibc) + os=-linux-dietlibc + ;; + -linux*) + os=`echo $os | sed -e 's|linux|linux-gnu|'` + ;; + -sunos5*) + os=`echo $os | sed -e 's|sunos5|solaris2|'` + ;; + -sunos6*) + os=`echo $os | sed -e 's|sunos6|solaris3|'` + ;; + -opened*) + os=-openedition + ;; + -os400*) + os=-os400 + ;; + -wince*) + os=-wince + ;; + -osfrose*) + os=-osfrose + ;; + -osf*) + os=-osf + ;; + -utek*) + os=-bsd + ;; + -dynix*) + os=-bsd + ;; + -acis*) + os=-aos + ;; + -atheos*) + os=-atheos + ;; + -syllable*) + os=-syllable + ;; + -386bsd) + os=-bsd + ;; + -ctix* | -uts*) + os=-sysv + ;; + -nova*) + os=-rtmk-nova + ;; + -ns2 ) + os=-nextstep2 + ;; + -nsk*) + os=-nsk + ;; + # Preserve the version number of sinix5. + -sinix5.*) + os=`echo $os | sed -e 's|sinix|sysv|'` + ;; + -sinix*) + os=-sysv4 + ;; + -tpf*) + os=-tpf + ;; + -triton*) + os=-sysv3 + ;; + -oss*) + os=-sysv3 + ;; + -svr4) + os=-sysv4 + ;; + -svr3) + os=-sysv3 + ;; + -sysvr4) + os=-sysv4 + ;; + # This must come after -sysvr4. + -sysv*) + ;; + -ose*) + os=-ose + ;; + -es1800*) + os=-ose + ;; + -xenix) + os=-xenix + ;; + -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*) + os=-mint + ;; + -aros*) + os=-aros + ;; + -kaos*) + os=-kaos + ;; + -zvmoe) + os=-zvmoe + ;; + -dicos*) + os=-dicos + ;; + -nacl*) + ;; + -none) + ;; + *) + # Get rid of the `-' at the beginning of $os. + os=`echo $os | sed 's/[^-]*-//'` + echo Invalid configuration \`$1\': system \`$os\' not recognized 1>&2 + exit 1 + ;; +esac +else + +# Here we handle the default operating systems that come with various machines. +# The value should be what the vendor currently ships out the door with their +# machine or put another way, the most popular os provided with the machine. + +# Note that if you're going to try to match "-MANUFACTURER" here (say, +# "-sun"), then you have to tell the case statement up towards the top +# that MANUFACTURER isn't an operating system. Otherwise, code above +# will signal an error saying that MANUFACTURER isn't an operating +# system, and we'll never get to this point. + +case $basic_machine in + score-*) + os=-elf + ;; + spu-*) + os=-elf + ;; + *-acorn) + os=-riscix1.2 + ;; + arm*-rebel) + os=-linux + ;; + arm*-semi) + os=-aout + ;; + c4x-* | tic4x-*) + os=-coff + ;; + tic54x-*) + os=-coff + ;; + tic55x-*) + os=-coff + ;; + tic6x-*) + os=-coff + ;; + # This must come before the *-dec entry. + pdp10-*) + os=-tops20 + ;; + pdp11-*) + os=-none + ;; + *-dec | vax-*) + os=-ultrix4.2 + ;; + m68*-apollo) + os=-domain + ;; + i386-sun) + os=-sunos4.0.2 + ;; + m68000-sun) + os=-sunos3 + ;; + m68*-cisco) + os=-aout + ;; + mep-*) + os=-elf + ;; + mips*-cisco) + os=-elf + ;; + mips*-*) + os=-elf + ;; + or32-*) + os=-coff + ;; + *-tti) # must be before sparc entry or we get the wrong os. + os=-sysv3 + ;; + sparc-* | *-sun) + os=-sunos4.1.1 + ;; + *-be) + os=-beos + ;; + *-haiku) + os=-haiku + ;; + *-ibm) + os=-aix + ;; + *-knuth) + os=-mmixware + ;; + *-wec) + os=-proelf + ;; + *-winbond) + os=-proelf + ;; + *-oki) + os=-proelf + ;; + *-hp) + os=-hpux + ;; + *-hitachi) + os=-hiux + ;; + i860-* | *-att | *-ncr | *-altos | *-motorola | *-convergent) + os=-sysv + ;; + *-cbm) + os=-amigaos + ;; + *-dg) + os=-dgux + ;; + *-dolphin) + os=-sysv3 + ;; + m68k-ccur) + os=-rtu + ;; + m88k-omron*) + os=-luna + ;; + *-next ) + os=-nextstep + ;; + *-sequent) + os=-ptx + ;; + *-crds) + os=-unos + ;; + *-ns) + os=-genix + ;; + i370-*) + os=-mvs + ;; + *-next) + os=-nextstep3 + ;; + *-gould) + os=-sysv + ;; + *-highlevel) + os=-bsd + ;; + *-encore) + os=-bsd + ;; + *-sgi) + os=-irix + ;; + *-siemens) + os=-sysv4 + ;; + *-masscomp) + os=-rtu + ;; + f30[01]-fujitsu | f700-fujitsu) + os=-uxpv + ;; + *-rom68k) + os=-coff + ;; + *-*bug) + os=-coff + ;; + *-apple) + os=-macos + ;; + *-atari*) + os=-mint + ;; + *) + os=-none + ;; +esac +fi + +# Here we handle the case where we know the os, and the CPU type, but not the +# manufacturer. We pick the logical manufacturer. +vendor=unknown +case $basic_machine in + *-unknown) + case $os in + -riscix*) + vendor=acorn + ;; + -sunos*) + vendor=sun + ;; + -cnk*|-aix*) + vendor=ibm + ;; + -beos*) + vendor=be + ;; + -hpux*) + vendor=hp + ;; + -mpeix*) + vendor=hp + ;; + -hiux*) + vendor=hitachi + ;; + -unos*) + vendor=crds + ;; + -dgux*) + vendor=dg + ;; + -luna*) + vendor=omron + ;; + -genix*) + vendor=ns + ;; + -mvs* | -opened*) + vendor=ibm + ;; + -os400*) + vendor=ibm + ;; + -ptx*) + vendor=sequent + ;; + -tpf*) + vendor=ibm + ;; + -vxsim* | -vxworks* | -windiss*) + vendor=wrs + ;; + -aux*) + vendor=apple + ;; + -hms*) + vendor=hitachi + ;; + -mpw* | -macos*) + vendor=apple + ;; + -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*) + vendor=atari + ;; + -vos*) + vendor=stratus + ;; + esac + basic_machine=`echo $basic_machine | sed "s/unknown/$vendor/"` + ;; +esac + +echo $basic_machine$os +exit + +# Local variables: +# eval: (add-hook 'write-file-hooks 'time-stamp) +# time-stamp-start: "timestamp='" +# time-stamp-format: "%:y-%02m-%02d" +# time-stamp-end: "'" +# End: diff --git a/configure b/configure new file mode 100755 index 00000000..60465508 --- /dev/null +++ b/configure @@ -0,0 +1,18930 @@ +#! /bin/sh +# Guess values for system-dependent variables and create Makefiles. +# Generated by GNU Autoconf 2.68 for polkit 0.105. +# +# Report bugs to . +# +# +# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001, +# 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 Free Software +# Foundation, Inc. +# +# +# This configure script is free software; the Free Software Foundation +# gives unlimited permission to copy, distribute and modify it. +## -------------------- ## +## M4sh Initialization. ## +## -------------------- ## + +# Be more Bourne compatible +DUALCASE=1; export DUALCASE # for MKS sh +if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then : + emulate sh + NULLCMD=: + # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which + # is contrary to our usage. Disable this feature. + alias -g '${1+"$@"}'='"$@"' + setopt NO_GLOB_SUBST +else + case `(set -o) 2>/dev/null` in #( + *posix*) : + set -o posix ;; #( + *) : + ;; +esac +fi + + +as_nl=' +' +export as_nl +# Printing a long string crashes Solaris 7 /usr/bin/printf. +as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' +as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo +as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo +# Prefer a ksh shell builtin over an external printf program on Solaris, +# but without wasting forks for bash or zsh. +if test -z "$BASH_VERSION$ZSH_VERSION" \ + && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then + as_echo='print -r --' + as_echo_n='print -rn --' +elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then + as_echo='printf %s\n' + as_echo_n='printf %s' +else + if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then + as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"' + as_echo_n='/usr/ucb/echo -n' + else + as_echo_body='eval expr "X$1" : "X\\(.*\\)"' + as_echo_n_body='eval + arg=$1; + case $arg in #( + *"$as_nl"*) + expr "X$arg" : "X\\(.*\\)$as_nl"; + arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;; + esac; + expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl" + ' + export as_echo_n_body + as_echo_n='sh -c $as_echo_n_body as_echo' + fi + export as_echo_body + as_echo='sh -c $as_echo_body as_echo' +fi + +# The user is always right. +if test "${PATH_SEPARATOR+set}" != set; then + PATH_SEPARATOR=: + (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && { + (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 || + PATH_SEPARATOR=';' + } +fi + + +# IFS +# We need space, tab and new line, in precisely that order. Quoting is +# there to prevent editors from complaining about space-tab. +# (If _AS_PATH_WALK were called with IFS unset, it would disable word +# splitting by setting IFS to empty value.) +IFS=" "" $as_nl" + +# Find who we are. Look in the path if we contain no directory separator. +as_myself= +case $0 in #(( + *[\\/]* ) as_myself=$0 ;; + *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break + done +IFS=$as_save_IFS + + ;; +esac +# We did not find ourselves, most probably we were run as `sh COMMAND' +# in which case we are not to be found in the path. +if test "x$as_myself" = x; then + as_myself=$0 +fi +if test ! -f "$as_myself"; then + $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 + exit 1 +fi + +# Unset variables that we do not need and which cause bugs (e.g. in +# pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1" +# suppresses any "Segmentation fault" message there. '((' could +# trigger a bug in pdksh 5.2.14. +for as_var in BASH_ENV ENV MAIL MAILPATH +do eval test x\${$as_var+set} = xset \ + && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || : +done +PS1='$ ' +PS2='> ' +PS4='+ ' + +# NLS nuisances. +LC_ALL=C +export LC_ALL +LANGUAGE=C +export LANGUAGE + +# CDPATH. +(unset CDPATH) >/dev/null 2>&1 && unset CDPATH + +if test "x$CONFIG_SHELL" = x; then + as_bourne_compatible="if test -n \"\${ZSH_VERSION+set}\" && (emulate sh) >/dev/null 2>&1; then : + emulate sh + NULLCMD=: + # Pre-4.2 versions of Zsh do word splitting on \${1+\"\$@\"}, which + # is contrary to our usage. Disable this feature. + alias -g '\${1+\"\$@\"}'='\"\$@\"' + setopt NO_GLOB_SUBST +else + case \`(set -o) 2>/dev/null\` in #( + *posix*) : + set -o posix ;; #( + *) : + ;; +esac +fi +" + as_required="as_fn_return () { (exit \$1); } +as_fn_success () { as_fn_return 0; } +as_fn_failure () { as_fn_return 1; } +as_fn_ret_success () { return 0; } +as_fn_ret_failure () { return 1; } + +exitcode=0 +as_fn_success || { exitcode=1; echo as_fn_success failed.; } +as_fn_failure && { exitcode=1; echo as_fn_failure succeeded.; } +as_fn_ret_success || { exitcode=1; echo as_fn_ret_success failed.; } +as_fn_ret_failure && { exitcode=1; echo as_fn_ret_failure succeeded.; } +if ( set x; as_fn_ret_success y && test x = \"\$1\" ); then : + +else + exitcode=1; echo positional parameters were not saved. +fi +test x\$exitcode = x0 || exit 1" + as_suggested=" as_lineno_1=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_1a=\$LINENO + as_lineno_2=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_2a=\$LINENO + eval 'test \"x\$as_lineno_1'\$as_run'\" != \"x\$as_lineno_2'\$as_run'\" && + test \"x\`expr \$as_lineno_1'\$as_run' + 1\`\" = \"x\$as_lineno_2'\$as_run'\"' || exit 1 +test \$(( 1 + 1 )) = 2 || exit 1 + + test -n \"\${ZSH_VERSION+set}\${BASH_VERSION+set}\" || ( + ECHO='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' + ECHO=\$ECHO\$ECHO\$ECHO\$ECHO\$ECHO + ECHO=\$ECHO\$ECHO\$ECHO\$ECHO\$ECHO\$ECHO + PATH=/empty FPATH=/empty; export PATH FPATH + test \"X\`printf %s \$ECHO\`\" = \"X\$ECHO\" \\ + || test \"X\`print -r -- \$ECHO\`\" = \"X\$ECHO\" ) || exit 1" + if (eval "$as_required") 2>/dev/null; then : + as_have_required=yes +else + as_have_required=no +fi + if test x$as_have_required = xyes && (eval "$as_suggested") 2>/dev/null; then : + +else + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +as_found=false +for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + as_found=: + case $as_dir in #( + /*) + for as_base in sh bash ksh sh5; do + # Try only shells that exist, to save several forks. + as_shell=$as_dir/$as_base + if { test -f "$as_shell" || test -f "$as_shell.exe"; } && + { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$as_shell"; } 2>/dev/null; then : + CONFIG_SHELL=$as_shell as_have_required=yes + if { $as_echo "$as_bourne_compatible""$as_suggested" | as_run=a "$as_shell"; } 2>/dev/null; then : + break 2 +fi +fi + done;; + esac + as_found=false +done +$as_found || { if { test -f "$SHELL" || test -f "$SHELL.exe"; } && + { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$SHELL"; } 2>/dev/null; then : + CONFIG_SHELL=$SHELL as_have_required=yes +fi; } +IFS=$as_save_IFS + + + if test "x$CONFIG_SHELL" != x; then : + # We cannot yet assume a decent shell, so we have to provide a + # neutralization value for shells without unset; and this also + # works around shells that cannot unset nonexistent variables. + # Preserve -v and -x to the replacement shell. + BASH_ENV=/dev/null + ENV=/dev/null + (unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV + export CONFIG_SHELL + case $- in # (((( + *v*x* | *x*v* ) as_opts=-vx ;; + *v* ) as_opts=-v ;; + *x* ) as_opts=-x ;; + * ) as_opts= ;; + esac + exec "$CONFIG_SHELL" $as_opts "$as_myself" ${1+"$@"} +fi + + if test x$as_have_required = xno; then : + $as_echo "$0: This script requires a shell more modern than all" + $as_echo "$0: the shells that I found on your system." + if test x${ZSH_VERSION+set} = xset ; then + $as_echo "$0: In particular, zsh $ZSH_VERSION has bugs and should" + $as_echo "$0: be upgraded to zsh 4.3.4 or later." + else + $as_echo "$0: Please tell bug-autoconf@gnu.org and +$0: http://lists.freedesktop.org/mailman/listinfo/polkit-devel +$0: about your system, including any error possibly output +$0: before this message. Then install a modern shell, or +$0: manually run the script under such a shell if you do +$0: have one." + fi + exit 1 +fi +fi +fi +SHELL=${CONFIG_SHELL-/bin/sh} +export SHELL +# Unset more variables known to interfere with behavior of common tools. +CLICOLOR_FORCE= GREP_OPTIONS= +unset CLICOLOR_FORCE GREP_OPTIONS + +## --------------------- ## +## M4sh Shell Functions. ## +## --------------------- ## +# as_fn_unset VAR +# --------------- +# Portably unset VAR. +as_fn_unset () +{ + { eval $1=; unset $1;} +} +as_unset=as_fn_unset + +# as_fn_set_status STATUS +# ----------------------- +# Set $? to STATUS, without forking. +as_fn_set_status () +{ + return $1 +} # as_fn_set_status + +# as_fn_exit STATUS +# ----------------- +# Exit the shell with STATUS, even in a "trap 0" or "set -e" context. +as_fn_exit () +{ + set +e + as_fn_set_status $1 + exit $1 +} # as_fn_exit + +# as_fn_mkdir_p +# ------------- +# Create "$as_dir" as a directory, including parents if necessary. +as_fn_mkdir_p () +{ + + case $as_dir in #( + -*) as_dir=./$as_dir;; + esac + test -d "$as_dir" || eval $as_mkdir_p || { + as_dirs= + while :; do + case $as_dir in #( + *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'( + *) as_qdir=$as_dir;; + esac + as_dirs="'$as_qdir' $as_dirs" + as_dir=`$as_dirname -- "$as_dir" || +$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$as_dir" : 'X\(//\)[^/]' \| \ + X"$as_dir" : 'X\(//\)$' \| \ + X"$as_dir" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X"$as_dir" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + test -d "$as_dir" && break + done + test -z "$as_dirs" || eval "mkdir $as_dirs" + } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir" + + +} # as_fn_mkdir_p +# as_fn_append VAR VALUE +# ---------------------- +# Append the text in VALUE to the end of the definition contained in VAR. Take +# advantage of any shell optimizations that allow amortized linear growth over +# repeated appends, instead of the typical quadratic growth present in naive +# implementations. +if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then : + eval 'as_fn_append () + { + eval $1+=\$2 + }' +else + as_fn_append () + { + eval $1=\$$1\$2 + } +fi # as_fn_append + +# as_fn_arith ARG... +# ------------------ +# Perform arithmetic evaluation on the ARGs, and store the result in the +# global $as_val. Take advantage of shells that can avoid forks. The arguments +# must be portable across $(()) and expr. +if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then : + eval 'as_fn_arith () + { + as_val=$(( $* )) + }' +else + as_fn_arith () + { + as_val=`expr "$@" || test $? -eq 1` + } +fi # as_fn_arith + + +# as_fn_error STATUS ERROR [LINENO LOG_FD] +# ---------------------------------------- +# Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are +# provided, also output the error to LOG_FD, referencing LINENO. Then exit the +# script with STATUS, using 1 if that was 0. +as_fn_error () +{ + as_status=$1; test $as_status -eq 0 && as_status=1 + if test "$4"; then + as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4 + fi + $as_echo "$as_me: error: $2" >&2 + as_fn_exit $as_status +} # as_fn_error + +if expr a : '\(a\)' >/dev/null 2>&1 && + test "X`expr 00001 : '.*\(...\)'`" = X001; then + as_expr=expr +else + as_expr=false +fi + +if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then + as_basename=basename +else + as_basename=false +fi + +if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then + as_dirname=dirname +else + as_dirname=false +fi + +as_me=`$as_basename -- "$0" || +$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ + X"$0" : 'X\(//\)$' \| \ + X"$0" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X/"$0" | + sed '/^.*\/\([^/][^/]*\)\/*$/{ + s//\1/ + q + } + /^X\/\(\/\/\)$/{ + s//\1/ + q + } + /^X\/\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + +# Avoid depending upon Character Ranges. +as_cr_letters='abcdefghijklmnopqrstuvwxyz' +as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' +as_cr_Letters=$as_cr_letters$as_cr_LETTERS +as_cr_digits='0123456789' +as_cr_alnum=$as_cr_Letters$as_cr_digits + + + as_lineno_1=$LINENO as_lineno_1a=$LINENO + as_lineno_2=$LINENO as_lineno_2a=$LINENO + eval 'test "x$as_lineno_1'$as_run'" != "x$as_lineno_2'$as_run'" && + test "x`expr $as_lineno_1'$as_run' + 1`" = "x$as_lineno_2'$as_run'"' || { + # Blame Lee E. McMahon (1931-1989) for sed's syntax. :-) + sed -n ' + p + /[$]LINENO/= + ' <$as_myself | + sed ' + s/[$]LINENO.*/&-/ + t lineno + b + :lineno + N + :loop + s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/ + t loop + s/-\n.*// + ' >$as_me.lineno && + chmod +x "$as_me.lineno" || + { $as_echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2; as_fn_exit 1; } + + # Don't try to exec as it changes $[0], causing all sort of problems + # (the dirname of $[0] is not the place where we might find the + # original and so on. Autoconf is especially sensitive to this). + . "./$as_me.lineno" + # Exit status is that of the last command. + exit +} + +ECHO_C= ECHO_N= ECHO_T= +case `echo -n x` in #((((( +-n*) + case `echo 'xy\c'` in + *c*) ECHO_T=' ';; # ECHO_T is single tab character. + xy) ECHO_C='\c';; + *) echo `echo ksh88 bug on AIX 6.1` > /dev/null + ECHO_T=' ';; + esac;; +*) + ECHO_N='-n';; +esac + +rm -f conf$$ conf$$.exe conf$$.file +if test -d conf$$.dir; then + rm -f conf$$.dir/conf$$.file +else + rm -f conf$$.dir + mkdir conf$$.dir 2>/dev/null +fi +if (echo >conf$$.file) 2>/dev/null; then + if ln -s conf$$.file conf$$ 2>/dev/null; then + as_ln_s='ln -s' + # ... but there are two gotchas: + # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. + # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. + # In both cases, we have to default to `cp -p'. + ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || + as_ln_s='cp -p' + elif ln conf$$.file conf$$ 2>/dev/null; then + as_ln_s=ln + else + as_ln_s='cp -p' + fi +else + as_ln_s='cp -p' +fi +rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file +rmdir conf$$.dir 2>/dev/null + +if mkdir -p . 2>/dev/null; then + as_mkdir_p='mkdir -p "$as_dir"' +else + test -d ./-p && rmdir ./-p + as_mkdir_p=false +fi + +if test -x / >/dev/null 2>&1; then + as_test_x='test -x' +else + if ls -dL / >/dev/null 2>&1; then + as_ls_L_option=L + else + as_ls_L_option= + fi + as_test_x=' + eval sh -c '\'' + if test -d "$1"; then + test -d "$1/."; + else + case $1 in #( + -*)set "./$1";; + esac; + case `ls -ld'$as_ls_L_option' "$1" 2>/dev/null` in #(( + ???[sx]*):;;*)false;;esac;fi + '\'' sh + ' +fi +as_executable_p=$as_test_x + +# Sed expression to map a string onto a valid CPP name. +as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" + +# Sed expression to map a string onto a valid variable name. +as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" + +SHELL=${CONFIG_SHELL-/bin/sh} + + +test -n "$DJDIR" || exec 7<&0 &1 + +# Name of the host. +# hostname on some systems (SVR3.2, old GNU/Linux) returns a bogus exit status, +# so uname gets run too. +ac_hostname=`(hostname || uname -n) 2>/dev/null | sed 1q` + +# +# Initializations. +# +ac_default_prefix=/usr/local +ac_clean_files= +ac_config_libobj_dir=. +LIBOBJS= +cross_compiling=no +subdirs= +MFLAGS= +MAKEFLAGS= + +# Identity of this package. +PACKAGE_NAME='polkit' +PACKAGE_TARNAME='polkit' +PACKAGE_VERSION='0.105' +PACKAGE_STRING='polkit 0.105' +PACKAGE_BUGREPORT='http://lists.freedesktop.org/mailman/listinfo/polkit-devel' +PACKAGE_URL='' + +enable_option_checking=no +# Factoring default headers for most tests. +ac_includes_default="\ +#include +#ifdef HAVE_SYS_TYPES_H +# include +#endif +#ifdef HAVE_SYS_STAT_H +# include +#endif +#ifdef STDC_HEADERS +# include +# include +#else +# ifdef HAVE_STDLIB_H +# include +# endif +#endif +#ifdef HAVE_STRING_H +# if !defined STDC_HEADERS && defined HAVE_MEMORY_H +# include +# endif +# include +#endif +#ifdef HAVE_STRINGS_H +# include +#endif +#ifdef HAVE_INTTYPES_H +# include +#endif +#ifdef HAVE_STDINT_H +# include +#endif +#ifdef HAVE_UNISTD_H +# include +#endif" + +ac_subst_vars='am__EXEEXT_FALSE +am__EXEEXT_TRUE +LTLIBOBJS +LIBOBJS +MKINSTALLDIRS +POSUB +POFILES +PO_IN_DATADIR_FALSE +PO_IN_DATADIR_TRUE +INTLLIBS +INSTOBJEXT +GMOFILES +CATOBJEXT +CATALOGS +MSGFMT_OPTS +GETTEXT_PACKAGE +DATADIRNAME +ALL_LINGUAS +INTLTOOL_PERL +GMSGFMT +MSGFMT +MSGMERGE +XGETTEXT +INTLTOOL_POLICY_RULE +INTLTOOL_SERVICE_RULE +INTLTOOL_THEME_RULE +INTLTOOL_SCHEMAS_RULE +INTLTOOL_CAVES_RULE +INTLTOOL_XML_NOMERGE_RULE +INTLTOOL_XML_RULE +INTLTOOL_KBD_RULE +INTLTOOL_XAM_RULE +INTLTOOL_UI_RULE +INTLTOOL_SOUNDLIST_RULE +INTLTOOL_SHEET_RULE +INTLTOOL_SERVER_RULE +INTLTOOL_PONG_RULE +INTLTOOL_OAF_RULE +INTLTOOL_PROP_RULE +INTLTOOL_KEYS_RULE +INTLTOOL_DIRECTORY_RULE +INTLTOOL_DESKTOP_RULE +intltool__v_merge_options_0 +intltool__v_merge_options_ +INTLTOOL_V_MERGE_OPTIONS +INTLTOOL__v_MERGE_0 +INTLTOOL__v_MERGE_ +INTLTOOL_V_MERGE +INTLTOOL_EXTRACT +INTLTOOL_MERGE +INTLTOOL_UPDATE +USE_NLS +BUILD_EXAMPLES_FALSE +BUILD_EXAMPLES_TRUE +HAVE_INTROSPECTION_FALSE +HAVE_INTROSPECTION_TRUE +INTROSPECTION_MAKEFILE +INTROSPECTION_LIBS +INTROSPECTION_CFLAGS +INTROSPECTION_TYPELIBDIR +INTROSPECTION_GIRDIR +INTROSPECTION_GENERATE +INTROSPECTION_COMPILER +INTROSPECTION_SCANNER +PAM_FILE_INCLUDE_SESSION +PAM_FILE_INCLUDE_PASSWORD +PAM_FILE_INCLUDE_ACCOUNT +PAM_FILE_INCLUDE_AUTH +OS_TYPE_FREEBSD_FALSE +OS_TYPE_FREEBSD_TRUE +OS_TYPE_SOLARIS_FALSE +OS_TYPE_SOLARIS_TRUE +OS_TYPE_PARDUS_FALSE +OS_TYPE_PARDUS_TRUE +OS_TYPE_GENTOO_FALSE +OS_TYPE_GENTOO_TRUE +OS_TYPE_SUSE_FALSE +OS_TYPE_SUSE_TRUE +OS_TYPE_RED_HAT_FALSE +OS_TYPE_RED_HAT_TRUE +OS_TYPE_UNKNOWN_FALSE +OS_TYPE_UNKNOWN_TRUE +PAM_MODULE_DIR +AUTH_LIBS +HAVE_PAM +HAVE_PAM_FALSE +HAVE_PAM_TRUE +PAM_PREFIX +POLKIT_AUTHFW_SHADOW_FALSE +POLKIT_AUTHFW_SHADOW_TRUE +POLKIT_AUTHFW_PAM_FALSE +POLKIT_AUTHFW_PAM_TRUE +POLKIT_AUTHFW_NONE_FALSE +POLKIT_AUTHFW_NONE_TRUE +POLKIT_AUTHFW +HAVE_SYSTEMD_FALSE +HAVE_SYSTEMD_TRUE +SYSTEMD_LIBS +SYSTEMD_CFLAGS +EXPAT_LIBS +GLIB_LIBS +GLIB_CFLAGS +GTK_DOC_USE_REBASE_FALSE +GTK_DOC_USE_REBASE_TRUE +GTK_DOC_USE_LIBTOOL_FALSE +GTK_DOC_USE_LIBTOOL_TRUE +GTK_DOC_BUILD_PDF_FALSE +GTK_DOC_BUILD_PDF_TRUE +GTK_DOC_BUILD_HTML_FALSE +GTK_DOC_BUILD_HTML_TRUE +ENABLE_GTK_DOC_FALSE +ENABLE_GTK_DOC_TRUE +GTKDOC_DEPS_LIBS +GTKDOC_DEPS_CFLAGS +HTML_DIR +GTKDOC_MKPDF +GTKDOC_REBASE +GTKDOC_CHECK +PKG_CONFIG_LIBDIR +PKG_CONFIG_PATH +PKG_CONFIG +MAN_PAGES_ENABLED_FALSE +MAN_PAGES_ENABLED_TRUE +XSLTPROC +OTOOL64 +OTOOL +LIPO +NMEDIT +DSYMUTIL +MANIFEST_TOOL +RANLIB +ac_ct_AR +AR +DLLTOOL +OBJDUMP +LN_S +NM +ac_ct_DUMPBIN +DUMPBIN +LD +FGREP +SED +host_os +host_vendor +host_cpu +host +build_os +build_vendor +build_cpu +build +LIBTOOL +EGREP +GREP +CPP +am__fastdepCC_FALSE +am__fastdepCC_TRUE +CCDEPMODE +am__nodep +AMDEPBACKSLASH +AMDEP_FALSE +AMDEP_TRUE +am__quote +am__include +DEPDIR +OBJEXT +EXEEXT +ac_ct_CC +CPPFLAGS +LDFLAGS +CFLAGS +CC +LT_AGE +LT_REVISION +LT_CURRENT +subdirs +AM_BACKSLASH +AM_DEFAULT_VERBOSITY +AM_DEFAULT_V +AM_V +MAINT +MAINTAINER_MODE_FALSE +MAINTAINER_MODE_TRUE +am__untar +am__tar +AMTAR +am__leading_dot +SET_MAKE +AWK +mkdir_p +MKDIR_P +INSTALL_STRIP_PROGRAM +STRIP +install_sh +MAKEINFO +AUTOHEADER +AUTOMAKE +AUTOCONF +ACLOCAL +VERSION +PACKAGE +CYGPATH_W +am__isrc +INSTALL_DATA +INSTALL_SCRIPT +INSTALL_PROGRAM +target_alias +host_alias +build_alias +LIBS +ECHO_T +ECHO_N +ECHO_C +DEFS +mandir +localedir +libdir +psdir +pdfdir +dvidir +htmldir +infodir +docdir +oldincludedir +includedir +localstatedir +sharedstatedir +sysconfdir +datadir +datarootdir +libexecdir +sbindir +bindir +program_transform_name +prefix +exec_prefix +PACKAGE_URL +PACKAGE_BUGREPORT +PACKAGE_STRING +PACKAGE_VERSION +PACKAGE_TARNAME +PACKAGE_NAME +PATH_SEPARATOR +SHELL' +ac_subst_files='' +ac_user_opts=' +enable_option_checking +enable_maintainer_mode +enable_silent_rules +enable_dependency_tracking +enable_shared +enable_static +with_pic +enable_fast_install +with_gnu_ld +with_sysroot +enable_libtool_lock +enable_largefile +enable_ansi +enable_verbose_mode +enable_man_pages +with_html_dir +enable_gtk_doc +enable_gtk_doc_html +enable_gtk_doc_pdf +with_expat +enable_systemd +with_authfw +with_pam_prefix +with_pam_module_dir +with_os_type +with_pam_include +enable_introspection +enable_examples +enable_nls +' + ac_precious_vars='build_alias +host_alias +target_alias +CC +CFLAGS +LDFLAGS +LIBS +CPPFLAGS +CPP +PKG_CONFIG +PKG_CONFIG_PATH +PKG_CONFIG_LIBDIR +GTKDOC_DEPS_CFLAGS +GTKDOC_DEPS_LIBS +GLIB_CFLAGS +GLIB_LIBS +SYSTEMD_CFLAGS +SYSTEMD_LIBS' +ac_subdirs_all='test/mocklibc' + +# Initialize some variables set by options. +ac_init_help= +ac_init_version=false +ac_unrecognized_opts= +ac_unrecognized_sep= +# The variables have the same names as the options, with +# dashes changed to underlines. +cache_file=/dev/null +exec_prefix=NONE +no_create= +no_recursion= +prefix=NONE +program_prefix=NONE +program_suffix=NONE +program_transform_name=s,x,x, +silent= +site= +srcdir= +verbose= +x_includes=NONE +x_libraries=NONE + +# Installation directory options. +# These are left unexpanded so users can "make install exec_prefix=/foo" +# and all the variables that are supposed to be based on exec_prefix +# by default will actually change. +# Use braces instead of parens because sh, perl, etc. also accept them. +# (The list follows the same order as the GNU Coding Standards.) +bindir='${exec_prefix}/bin' +sbindir='${exec_prefix}/sbin' +libexecdir='${exec_prefix}/libexec' +datarootdir='${prefix}/share' +datadir='${datarootdir}' +sysconfdir='${prefix}/etc' +sharedstatedir='${prefix}/com' +localstatedir='${prefix}/var' +includedir='${prefix}/include' +oldincludedir='/usr/include' +docdir='${datarootdir}/doc/${PACKAGE_TARNAME}' +infodir='${datarootdir}/info' +htmldir='${docdir}' +dvidir='${docdir}' +pdfdir='${docdir}' +psdir='${docdir}' +libdir='${exec_prefix}/lib' +localedir='${datarootdir}/locale' +mandir='${datarootdir}/man' + +ac_prev= +ac_dashdash= +for ac_option +do + # If the previous option needs an argument, assign it. + if test -n "$ac_prev"; then + eval $ac_prev=\$ac_option + ac_prev= + continue + fi + + case $ac_option in + *=?*) ac_optarg=`expr "X$ac_option" : '[^=]*=\(.*\)'` ;; + *=) ac_optarg= ;; + *) ac_optarg=yes ;; + esac + + # Accept the important Cygnus configure options, so we can diagnose typos. + + case $ac_dashdash$ac_option in + --) + ac_dashdash=yes ;; + + -bindir | --bindir | --bindi | --bind | --bin | --bi) + ac_prev=bindir ;; + -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*) + bindir=$ac_optarg ;; + + -build | --build | --buil | --bui | --bu) + ac_prev=build_alias ;; + -build=* | --build=* | --buil=* | --bui=* | --bu=*) + build_alias=$ac_optarg ;; + + -cache-file | --cache-file | --cache-fil | --cache-fi \ + | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c) + ac_prev=cache_file ;; + -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \ + | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*) + cache_file=$ac_optarg ;; + + --config-cache | -C) + cache_file=config.cache ;; + + -datadir | --datadir | --datadi | --datad) + ac_prev=datadir ;; + -datadir=* | --datadir=* | --datadi=* | --datad=*) + datadir=$ac_optarg ;; + + -datarootdir | --datarootdir | --datarootdi | --datarootd | --dataroot \ + | --dataroo | --dataro | --datar) + ac_prev=datarootdir ;; + -datarootdir=* | --datarootdir=* | --datarootdi=* | --datarootd=* \ + | --dataroot=* | --dataroo=* | --dataro=* | --datar=*) + datarootdir=$ac_optarg ;; + + -disable-* | --disable-*) + ac_useropt=`expr "x$ac_option" : 'x-*disable-\(.*\)'` + # Reject names that are not valid shell variable names. + expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && + as_fn_error $? "invalid feature name: $ac_useropt" + ac_useropt_orig=$ac_useropt + ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` + case $ac_user_opts in + *" +"enable_$ac_useropt" +"*) ;; + *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--disable-$ac_useropt_orig" + ac_unrecognized_sep=', ';; + esac + eval enable_$ac_useropt=no ;; + + -docdir | --docdir | --docdi | --doc | --do) + ac_prev=docdir ;; + -docdir=* | --docdir=* | --docdi=* | --doc=* | --do=*) + docdir=$ac_optarg ;; + + -dvidir | --dvidir | --dvidi | --dvid | --dvi | --dv) + ac_prev=dvidir ;; + -dvidir=* | --dvidir=* | --dvidi=* | --dvid=* | --dvi=* | --dv=*) + dvidir=$ac_optarg ;; + + -enable-* | --enable-*) + ac_useropt=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'` + # Reject names that are not valid shell variable names. + expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && + as_fn_error $? "invalid feature name: $ac_useropt" + ac_useropt_orig=$ac_useropt + ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` + case $ac_user_opts in + *" +"enable_$ac_useropt" +"*) ;; + *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--enable-$ac_useropt_orig" + ac_unrecognized_sep=', ';; + esac + eval enable_$ac_useropt=\$ac_optarg ;; + + -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \ + | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \ + | --exec | --exe | --ex) + ac_prev=exec_prefix ;; + -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \ + | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \ + | --exec=* | --exe=* | --ex=*) + exec_prefix=$ac_optarg ;; + + -gas | --gas | --ga | --g) + # Obsolete; use --with-gas. + with_gas=yes ;; + + -help | --help | --hel | --he | -h) + ac_init_help=long ;; + -help=r* | --help=r* | --hel=r* | --he=r* | -hr*) + ac_init_help=recursive ;; + -help=s* | --help=s* | --hel=s* | --he=s* | -hs*) + ac_init_help=short ;; + + -host | --host | --hos | --ho) + ac_prev=host_alias ;; + -host=* | --host=* | --hos=* | --ho=*) + host_alias=$ac_optarg ;; + + -htmldir | --htmldir | --htmldi | --htmld | --html | --htm | --ht) + ac_prev=htmldir ;; + -htmldir=* | --htmldir=* | --htmldi=* | --htmld=* | --html=* | --htm=* \ + | --ht=*) + htmldir=$ac_optarg ;; + + -includedir | --includedir | --includedi | --included | --include \ + | --includ | --inclu | --incl | --inc) + ac_prev=includedir ;; + -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \ + | --includ=* | --inclu=* | --incl=* | --inc=*) + includedir=$ac_optarg ;; + + -infodir | --infodir | --infodi | --infod | --info | --inf) + ac_prev=infodir ;; + -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*) + infodir=$ac_optarg ;; + + -libdir | --libdir | --libdi | --libd) + ac_prev=libdir ;; + -libdir=* | --libdir=* | --libdi=* | --libd=*) + libdir=$ac_optarg ;; + + -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \ + | --libexe | --libex | --libe) + ac_prev=libexecdir ;; + -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \ + | --libexe=* | --libex=* | --libe=*) + libexecdir=$ac_optarg ;; + + -localedir | --localedir | --localedi | --localed | --locale) + ac_prev=localedir ;; + -localedir=* | --localedir=* | --localedi=* | --localed=* | --locale=*) + localedir=$ac_optarg ;; + + -localstatedir | --localstatedir | --localstatedi | --localstated \ + | --localstate | --localstat | --localsta | --localst | --locals) + ac_prev=localstatedir ;; + -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \ + | --localstate=* | --localstat=* | --localsta=* | --localst=* | --locals=*) + localstatedir=$ac_optarg ;; + + -mandir | --mandir | --mandi | --mand | --man | --ma | --m) + ac_prev=mandir ;; + -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*) + mandir=$ac_optarg ;; + + -nfp | --nfp | --nf) + # Obsolete; use --without-fp. + with_fp=no ;; + + -no-create | --no-create | --no-creat | --no-crea | --no-cre \ + | --no-cr | --no-c | -n) + no_create=yes ;; + + -no-recursion | --no-recursion | --no-recursio | --no-recursi \ + | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r) + no_recursion=yes ;; + + -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \ + | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \ + | --oldin | --oldi | --old | --ol | --o) + ac_prev=oldincludedir ;; + -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \ + | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \ + | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*) + oldincludedir=$ac_optarg ;; + + -prefix | --prefix | --prefi | --pref | --pre | --pr | --p) + ac_prev=prefix ;; + -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*) + prefix=$ac_optarg ;; + + -program-prefix | --program-prefix | --program-prefi | --program-pref \ + | --program-pre | --program-pr | --program-p) + ac_prev=program_prefix ;; + -program-prefix=* | --program-prefix=* | --program-prefi=* \ + | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*) + program_prefix=$ac_optarg ;; + + -program-suffix | --program-suffix | --program-suffi | --program-suff \ + | --program-suf | --program-su | --program-s) + ac_prev=program_suffix ;; + -program-suffix=* | --program-suffix=* | --program-suffi=* \ + | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*) + program_suffix=$ac_optarg ;; + + -program-transform-name | --program-transform-name \ + | --program-transform-nam | --program-transform-na \ + | --program-transform-n | --program-transform- \ + | --program-transform | --program-transfor \ + | --program-transfo | --program-transf \ + | --program-trans | --program-tran \ + | --progr-tra | --program-tr | --program-t) + ac_prev=program_transform_name ;; + -program-transform-name=* | --program-transform-name=* \ + | --program-transform-nam=* | --program-transform-na=* \ + | --program-transform-n=* | --program-transform-=* \ + | --program-transform=* | --program-transfor=* \ + | --program-transfo=* | --program-transf=* \ + | --program-trans=* | --program-tran=* \ + | --progr-tra=* | --program-tr=* | --program-t=*) + program_transform_name=$ac_optarg ;; + + -pdfdir | --pdfdir | --pdfdi | --pdfd | --pdf | --pd) + ac_prev=pdfdir ;; + -pdfdir=* | --pdfdir=* | --pdfdi=* | --pdfd=* | --pdf=* | --pd=*) + pdfdir=$ac_optarg ;; + + -psdir | --psdir | --psdi | --psd | --ps) + ac_prev=psdir ;; + -psdir=* | --psdir=* | --psdi=* | --psd=* | --ps=*) + psdir=$ac_optarg ;; + + -q | -quiet | --quiet | --quie | --qui | --qu | --q \ + | -silent | --silent | --silen | --sile | --sil) + silent=yes ;; + + -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb) + ac_prev=sbindir ;; + -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \ + | --sbi=* | --sb=*) + sbindir=$ac_optarg ;; + + -sharedstatedir | --sharedstatedir | --sharedstatedi \ + | --sharedstated | --sharedstate | --sharedstat | --sharedsta \ + | --sharedst | --shareds | --shared | --share | --shar \ + | --sha | --sh) + ac_prev=sharedstatedir ;; + -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \ + | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \ + | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \ + | --sha=* | --sh=*) + sharedstatedir=$ac_optarg ;; + + -site | --site | --sit) + ac_prev=site ;; + -site=* | --site=* | --sit=*) + site=$ac_optarg ;; + + -srcdir | --srcdir | --srcdi | --srcd | --src | --sr) + ac_prev=srcdir ;; + -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*) + srcdir=$ac_optarg ;; + + -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \ + | --syscon | --sysco | --sysc | --sys | --sy) + ac_prev=sysconfdir ;; + -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \ + | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*) + sysconfdir=$ac_optarg ;; + + -target | --target | --targe | --targ | --tar | --ta | --t) + ac_prev=target_alias ;; + -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*) + target_alias=$ac_optarg ;; + + -v | -verbose | --verbose | --verbos | --verbo | --verb) + verbose=yes ;; + + -version | --version | --versio | --versi | --vers | -V) + ac_init_version=: ;; + + -with-* | --with-*) + ac_useropt=`expr "x$ac_option" : 'x-*with-\([^=]*\)'` + # Reject names that are not valid shell variable names. + expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && + as_fn_error $? "invalid package name: $ac_useropt" + ac_useropt_orig=$ac_useropt + ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` + case $ac_user_opts in + *" +"with_$ac_useropt" +"*) ;; + *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--with-$ac_useropt_orig" + ac_unrecognized_sep=', ';; + esac + eval with_$ac_useropt=\$ac_optarg ;; + + -without-* | --without-*) + ac_useropt=`expr "x$ac_option" : 'x-*without-\(.*\)'` + # Reject names that are not valid shell variable names. + expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && + as_fn_error $? "invalid package name: $ac_useropt" + ac_useropt_orig=$ac_useropt + ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` + case $ac_user_opts in + *" +"with_$ac_useropt" +"*) ;; + *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--without-$ac_useropt_orig" + ac_unrecognized_sep=', ';; + esac + eval with_$ac_useropt=no ;; + + --x) + # Obsolete; use --with-x. + with_x=yes ;; + + -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \ + | --x-incl | --x-inc | --x-in | --x-i) + ac_prev=x_includes ;; + -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \ + | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*) + x_includes=$ac_optarg ;; + + -x-libraries | --x-libraries | --x-librarie | --x-librari \ + | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l) + ac_prev=x_libraries ;; + -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \ + | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*) + x_libraries=$ac_optarg ;; + + -*) as_fn_error $? "unrecognized option: \`$ac_option' +Try \`$0 --help' for more information" + ;; + + *=*) + ac_envvar=`expr "x$ac_option" : 'x\([^=]*\)='` + # Reject names that are not valid shell variable names. + case $ac_envvar in #( + '' | [0-9]* | *[!_$as_cr_alnum]* ) + as_fn_error $? "invalid variable name: \`$ac_envvar'" ;; + esac + eval $ac_envvar=\$ac_optarg + export $ac_envvar ;; + + *) + # FIXME: should be removed in autoconf 3.0. + $as_echo "$as_me: WARNING: you should use --build, --host, --target" >&2 + expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null && + $as_echo "$as_me: WARNING: invalid host type: $ac_option" >&2 + : "${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option}" + ;; + + esac +done + +if test -n "$ac_prev"; then + ac_option=--`echo $ac_prev | sed 's/_/-/g'` + as_fn_error $? "missing argument to $ac_option" +fi + +if test -n "$ac_unrecognized_opts"; then + case $enable_option_checking in + no) ;; + fatal) as_fn_error $? "unrecognized options: $ac_unrecognized_opts" ;; + *) $as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2 ;; + esac +fi + +# Check all directory arguments for consistency. +for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \ + datadir sysconfdir sharedstatedir localstatedir includedir \ + oldincludedir docdir infodir htmldir dvidir pdfdir psdir \ + libdir localedir mandir +do + eval ac_val=\$$ac_var + # Remove trailing slashes. + case $ac_val in + */ ) + ac_val=`expr "X$ac_val" : 'X\(.*[^/]\)' \| "X$ac_val" : 'X\(.*\)'` + eval $ac_var=\$ac_val;; + esac + # Be sure to have absolute directory names. + case $ac_val in + [\\/$]* | ?:[\\/]* ) continue;; + NONE | '' ) case $ac_var in *prefix ) continue;; esac;; + esac + as_fn_error $? "expected an absolute directory name for --$ac_var: $ac_val" +done + +# There might be people who depend on the old broken behavior: `$host' +# used to hold the argument of --host etc. +# FIXME: To remove some day. +build=$build_alias +host=$host_alias +target=$target_alias + +# FIXME: To remove some day. +if test "x$host_alias" != x; then + if test "x$build_alias" = x; then + cross_compiling=maybe + $as_echo "$as_me: WARNING: if you wanted to set the --build type, don't use --host. + If a cross compiler is detected then cross compile mode will be used" >&2 + elif test "x$build_alias" != "x$host_alias"; then + cross_compiling=yes + fi +fi + +ac_tool_prefix= +test -n "$host_alias" && ac_tool_prefix=$host_alias- + +test "$silent" = yes && exec 6>/dev/null + + +ac_pwd=`pwd` && test -n "$ac_pwd" && +ac_ls_di=`ls -di .` && +ac_pwd_ls_di=`cd "$ac_pwd" && ls -di .` || + as_fn_error $? "working directory cannot be determined" +test "X$ac_ls_di" = "X$ac_pwd_ls_di" || + as_fn_error $? "pwd does not report name of working directory" + + +# Find the source files, if location was not specified. +if test -z "$srcdir"; then + ac_srcdir_defaulted=yes + # Try the directory containing this script, then the parent directory. + ac_confdir=`$as_dirname -- "$as_myself" || +$as_expr X"$as_myself" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$as_myself" : 'X\(//\)[^/]' \| \ + X"$as_myself" : 'X\(//\)$' \| \ + X"$as_myself" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X"$as_myself" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + srcdir=$ac_confdir + if test ! -r "$srcdir/$ac_unique_file"; then + srcdir=.. + fi +else + ac_srcdir_defaulted=no +fi +if test ! -r "$srcdir/$ac_unique_file"; then + test "$ac_srcdir_defaulted" = yes && srcdir="$ac_confdir or .." + as_fn_error $? "cannot find sources ($ac_unique_file) in $srcdir" +fi +ac_msg="sources are in $srcdir, but \`cd $srcdir' does not work" +ac_abs_confdir=`( + cd "$srcdir" && test -r "./$ac_unique_file" || as_fn_error $? "$ac_msg" + pwd)` +# When building in place, set srcdir=. +if test "$ac_abs_confdir" = "$ac_pwd"; then + srcdir=. +fi +# Remove unnecessary trailing slashes from srcdir. +# Double slashes in file names in object file debugging info +# mess up M-x gdb in Emacs. +case $srcdir in +*/) srcdir=`expr "X$srcdir" : 'X\(.*[^/]\)' \| "X$srcdir" : 'X\(.*\)'`;; +esac +for ac_var in $ac_precious_vars; do + eval ac_env_${ac_var}_set=\${${ac_var}+set} + eval ac_env_${ac_var}_value=\$${ac_var} + eval ac_cv_env_${ac_var}_set=\${${ac_var}+set} + eval ac_cv_env_${ac_var}_value=\$${ac_var} +done + +# +# Report the --help message. +# +if test "$ac_init_help" = "long"; then + # Omit some internal or obsolete options to make the list less imposing. + # This message is too long to be a string in the A/UX 3.1 sh. + cat <<_ACEOF +\`configure' configures polkit 0.105 to adapt to many kinds of systems. + +Usage: $0 [OPTION]... [VAR=VALUE]... + +To assign environment variables (e.g., CC, CFLAGS...), specify them as +VAR=VALUE. See below for descriptions of some of the useful variables. + +Defaults for the options are specified in brackets. + +Configuration: + -h, --help display this help and exit + --help=short display options specific to this package + --help=recursive display the short help of all the included packages + -V, --version display version information and exit + -q, --quiet, --silent do not print \`checking ...' messages + --cache-file=FILE cache test results in FILE [disabled] + -C, --config-cache alias for \`--cache-file=config.cache' + -n, --no-create do not create output files + --srcdir=DIR find the sources in DIR [configure dir or \`..'] + +Installation directories: + --prefix=PREFIX install architecture-independent files in PREFIX + [$ac_default_prefix] + --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX + [PREFIX] + +By default, \`make install' will install all the files in +\`$ac_default_prefix/bin', \`$ac_default_prefix/lib' etc. You can specify +an installation prefix other than \`$ac_default_prefix' using \`--prefix', +for instance \`--prefix=\$HOME'. + +For better control, use the options below. + +Fine tuning of the installation directories: + --bindir=DIR user executables [EPREFIX/bin] + --sbindir=DIR system admin executables [EPREFIX/sbin] + --libexecdir=DIR program executables [EPREFIX/libexec] + --sysconfdir=DIR read-only single-machine data [PREFIX/etc] + --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] + --localstatedir=DIR modifiable single-machine data [PREFIX/var] + --libdir=DIR object code libraries [EPREFIX/lib] + --includedir=DIR C header files [PREFIX/include] + --oldincludedir=DIR C header files for non-gcc [/usr/include] + --datarootdir=DIR read-only arch.-independent data root [PREFIX/share] + --datadir=DIR read-only architecture-independent data [DATAROOTDIR] + --infodir=DIR info documentation [DATAROOTDIR/info] + --localedir=DIR locale-dependent data [DATAROOTDIR/locale] + --mandir=DIR man documentation [DATAROOTDIR/man] + --docdir=DIR documentation root [DATAROOTDIR/doc/polkit] + --htmldir=DIR html documentation [DOCDIR] + --dvidir=DIR dvi documentation [DOCDIR] + --pdfdir=DIR pdf documentation [DOCDIR] + --psdir=DIR ps documentation [DOCDIR] +_ACEOF + + cat <<\_ACEOF + +Program names: + --program-prefix=PREFIX prepend PREFIX to installed program names + --program-suffix=SUFFIX append SUFFIX to installed program names + --program-transform-name=PROGRAM run sed PROGRAM on installed program names + +System types: + --build=BUILD configure for building on BUILD [guessed] + --host=HOST cross-compile to build programs to run on HOST [BUILD] +_ACEOF +fi + +if test -n "$ac_init_help"; then + case $ac_init_help in + short | recursive ) echo "Configuration of polkit 0.105:";; + esac + cat <<\_ACEOF + +Optional Features: + --disable-option-checking ignore unrecognized --enable/--with options + --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no) + --enable-FEATURE[=ARG] include FEATURE [ARG=yes] + --enable-maintainer-mode enable make rules and dependencies not useful + (and sometimes confusing) to the casual installer + --enable-silent-rules less verbose build output (undo: `make V=1') + --disable-silent-rules verbose build output (undo: `make V=0') + --disable-dependency-tracking speeds up one-time build + --enable-dependency-tracking do not reject slow dependency extractors + --enable-shared[=PKGS] build shared libraries [default=yes] + --enable-static[=PKGS] build static libraries [default=yes] + --enable-fast-install[=PKGS] + optimize for fast installation [default=yes] + --disable-libtool-lock avoid locking (might break parallel builds) + --disable-largefile omit support for large files + --enable-ansi enable -ansi -pedantic gcc flags + --enable-verbose-mode support verbose debug mode + --enable-man-pages build manual pages + --enable-gtk-doc use gtk-doc to build documentation [[default=no]] + --enable-gtk-doc-html build documentation in html format [[default=yes]] + --enable-gtk-doc-pdf build documentation in pdf format [[default=no]] + --enable-systemd=[auto/yes/no] + Use systemd (auto/yes/no) + --enable-introspection=[no/auto/yes] + Enable introspection for this build + --enable-examples Build the example programs + --disable-nls do not use Native Language Support + +Optional Packages: + --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] + --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no) + --with-pic[=PKGS] try to use only PIC/non-PIC objects [default=use + both] + --with-gnu-ld assume the C compiler uses GNU ld [default=no] + --with-sysroot=DIR Search for dependent libraries within DIR + (or the compiler's sysroot if not specified). + --with-html-dir=PATH path to installed docs + --with-expat= Use expat from here + --with-authfw= Authentication framework (none/pam/shadow) + --with-pam-prefix= specify where pam files go + --with-pam-module-dir=dirname directory to install PAM security module + --with-os-type= distribution or OS (redhat/suse/gentoo/pardus/solaris) + --with-pam-include= pam file to include + +Some influential environment variables: + CC C compiler command + CFLAGS C compiler flags + LDFLAGS linker flags, e.g. -L if you have libraries in a + nonstandard directory + LIBS libraries to pass to the linker, e.g. -l + CPPFLAGS (Objective) C/C++ preprocessor flags, e.g. -I if + you have headers in a nonstandard directory + CPP C preprocessor + PKG_CONFIG path to pkg-config utility + PKG_CONFIG_PATH + directories to add to pkg-config's search path + PKG_CONFIG_LIBDIR + path overriding pkg-config's built-in search path + GTKDOC_DEPS_CFLAGS + C compiler flags for GTKDOC_DEPS, overriding pkg-config + GTKDOC_DEPS_LIBS + linker flags for GTKDOC_DEPS, overriding pkg-config + GLIB_CFLAGS C compiler flags for GLIB, overriding pkg-config + GLIB_LIBS linker flags for GLIB, overriding pkg-config + SYSTEMD_CFLAGS + C compiler flags for SYSTEMD, overriding pkg-config + SYSTEMD_LIBS + linker flags for SYSTEMD, overriding pkg-config + +Use these variables to override the choices made by `configure' or to help +it to find libraries and programs with nonstandard names/locations. + +Report bugs to . +_ACEOF +ac_status=$? +fi + +if test "$ac_init_help" = "recursive"; then + # If there are subdirs, report their specific --help. + for ac_dir in : $ac_subdirs_all; do test "x$ac_dir" = x: && continue + test -d "$ac_dir" || + { cd "$srcdir" && ac_pwd=`pwd` && srcdir=. && test -d "$ac_dir"; } || + continue + ac_builddir=. + +case "$ac_dir" in +.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;; +*) + ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'` + # A ".." for each directory in $ac_dir_suffix. + ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'` + case $ac_top_builddir_sub in + "") ac_top_builddir_sub=. ac_top_build_prefix= ;; + *) ac_top_build_prefix=$ac_top_builddir_sub/ ;; + esac ;; +esac +ac_abs_top_builddir=$ac_pwd +ac_abs_builddir=$ac_pwd$ac_dir_suffix +# for backward compatibility: +ac_top_builddir=$ac_top_build_prefix + +case $srcdir in + .) # We are building in place. + ac_srcdir=. + ac_top_srcdir=$ac_top_builddir_sub + ac_abs_top_srcdir=$ac_pwd ;; + [\\/]* | ?:[\\/]* ) # Absolute name. + ac_srcdir=$srcdir$ac_dir_suffix; + ac_top_srcdir=$srcdir + ac_abs_top_srcdir=$srcdir ;; + *) # Relative name. + ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix + ac_top_srcdir=$ac_top_build_prefix$srcdir + ac_abs_top_srcdir=$ac_pwd/$srcdir ;; +esac +ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix + + cd "$ac_dir" || { ac_status=$?; continue; } + # Check for guested configure. + if test -f "$ac_srcdir/configure.gnu"; then + echo && + $SHELL "$ac_srcdir/configure.gnu" --help=recursive + elif test -f "$ac_srcdir/configure"; then + echo && + $SHELL "$ac_srcdir/configure" --help=recursive + else + $as_echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2 + fi || ac_status=$? + cd "$ac_pwd" || { ac_status=$?; break; } + done +fi + +test -n "$ac_init_help" && exit $ac_status +if $ac_init_version; then + cat <<\_ACEOF +polkit configure 0.105 +generated by GNU Autoconf 2.68 + +Copyright (C) 2010 Free Software Foundation, Inc. +This configure script is free software; the Free Software Foundation +gives unlimited permission to copy, distribute and modify it. +_ACEOF + exit +fi + +## ------------------------ ## +## Autoconf initialization. ## +## ------------------------ ## + +# ac_fn_c_try_compile LINENO +# -------------------------- +# Try to compile conftest.$ac_ext, and return whether this succeeded. +ac_fn_c_try_compile () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + rm -f conftest.$ac_objext + if { { ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_compile") 2>conftest.err + ac_status=$? + if test -s conftest.err; then + grep -v '^ *+' conftest.err >conftest.er1 + cat conftest.er1 >&5 + mv -f conftest.er1 conftest.err + fi + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest.$ac_objext; then : + ac_retval=0 +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_retval=1 +fi + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + as_fn_set_status $ac_retval + +} # ac_fn_c_try_compile + +# ac_fn_c_try_link LINENO +# ----------------------- +# Try to link conftest.$ac_ext, and return whether this succeeded. +ac_fn_c_try_link () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + rm -f conftest.$ac_objext conftest$ac_exeext + if { { ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_link") 2>conftest.err + ac_status=$? + if test -s conftest.err; then + grep -v '^ *+' conftest.err >conftest.er1 + cat conftest.er1 >&5 + mv -f conftest.er1 conftest.err + fi + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest$ac_exeext && { + test "$cross_compiling" = yes || + $as_test_x conftest$ac_exeext + }; then : + ac_retval=0 +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_retval=1 +fi + # Delete the IPA/IPO (Inter Procedural Analysis/Optimization) information + # created by the PGI compiler (conftest_ipa8_conftest.oo), as it would + # interfere with the next link command; also delete a directory that is + # left behind by Apple's compiler. We do this before executing the actions. + rm -rf conftest.dSYM conftest_ipa8_conftest.oo + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + as_fn_set_status $ac_retval + +} # ac_fn_c_try_link + +# ac_fn_c_try_cpp LINENO +# ---------------------- +# Try to preprocess conftest.$ac_ext, and return whether this succeeded. +ac_fn_c_try_cpp () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + if { { ac_try="$ac_cpp conftest.$ac_ext" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_cpp conftest.$ac_ext") 2>conftest.err + ac_status=$? + if test -s conftest.err; then + grep -v '^ *+' conftest.err >conftest.er1 + cat conftest.er1 >&5 + mv -f conftest.er1 conftest.err + fi + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } > conftest.i && { + test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || + test ! -s conftest.err + }; then : + ac_retval=0 +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_retval=1 +fi + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + as_fn_set_status $ac_retval + +} # ac_fn_c_try_cpp + +# ac_fn_c_try_run LINENO +# ---------------------- +# Try to link conftest.$ac_ext, and return whether this succeeded. Assumes +# that executables *can* be run. +ac_fn_c_try_run () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + if { { ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_link") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } && { ac_try='./conftest$ac_exeext' + { { case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_try") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; }; then : + ac_retval=0 +else + $as_echo "$as_me: program exited with status $ac_status" >&5 + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_retval=$ac_status +fi + rm -rf conftest.dSYM conftest_ipa8_conftest.oo + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + as_fn_set_status $ac_retval + +} # ac_fn_c_try_run + +# ac_fn_c_check_header_compile LINENO HEADER VAR INCLUDES +# ------------------------------------------------------- +# Tests whether HEADER exists and can be compiled using the include files in +# INCLUDES, setting the cache variable VAR accordingly. +ac_fn_c_check_header_compile () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 +$as_echo_n "checking for $2... " >&6; } +if eval \${$3+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$4 +#include <$2> +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + eval "$3=yes" +else + eval "$3=no" +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +eval ac_res=\$$3 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + +} # ac_fn_c_check_header_compile + +# ac_fn_c_check_func LINENO FUNC VAR +# ---------------------------------- +# Tests whether FUNC exists, setting the cache variable VAR accordingly +ac_fn_c_check_func () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 +$as_echo_n "checking for $2... " >&6; } +if eval \${$3+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +/* Define $2 to an innocuous variant, in case declares $2. + For example, HP-UX 11i declares gettimeofday. */ +#define $2 innocuous_$2 + +/* System header to define __stub macros and hopefully few prototypes, + which can conflict with char $2 (); below. + Prefer to if __STDC__ is defined, since + exists even on freestanding compilers. */ + +#ifdef __STDC__ +# include +#else +# include +#endif + +#undef $2 + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char $2 (); +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined __stub_$2 || defined __stub___$2 +choke me +#endif + +int +main () +{ +return $2 (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + eval "$3=yes" +else + eval "$3=no" +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +fi +eval ac_res=\$$3 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + +} # ac_fn_c_check_func + +# ac_fn_c_check_header_mongrel LINENO HEADER VAR INCLUDES +# ------------------------------------------------------- +# Tests whether HEADER exists, giving a warning if it cannot be compiled using +# the include files in INCLUDES and setting the cache variable VAR +# accordingly. +ac_fn_c_check_header_mongrel () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + if eval \${$3+:} false; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 +$as_echo_n "checking for $2... " >&6; } +if eval \${$3+:} false; then : + $as_echo_n "(cached) " >&6 +fi +eval ac_res=\$$3 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } +else + # Is the header compilable? +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking $2 usability" >&5 +$as_echo_n "checking $2 usability... " >&6; } +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$4 +#include <$2> +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_header_compiler=yes +else + ac_header_compiler=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_header_compiler" >&5 +$as_echo "$ac_header_compiler" >&6; } + +# Is the header present? +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking $2 presence" >&5 +$as_echo_n "checking $2 presence... " >&6; } +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include <$2> +_ACEOF +if ac_fn_c_try_cpp "$LINENO"; then : + ac_header_preproc=yes +else + ac_header_preproc=no +fi +rm -f conftest.err conftest.i conftest.$ac_ext +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_header_preproc" >&5 +$as_echo "$ac_header_preproc" >&6; } + +# So? What about this header? +case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in #(( + yes:no: ) + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: accepted by the compiler, rejected by the preprocessor!" >&5 +$as_echo "$as_me: WARNING: $2: accepted by the compiler, rejected by the preprocessor!" >&2;} + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5 +$as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;} + ;; + no:yes:* ) + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: present but cannot be compiled" >&5 +$as_echo "$as_me: WARNING: $2: present but cannot be compiled" >&2;} + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: check for missing prerequisite headers?" >&5 +$as_echo "$as_me: WARNING: $2: check for missing prerequisite headers?" >&2;} + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: see the Autoconf documentation" >&5 +$as_echo "$as_me: WARNING: $2: see the Autoconf documentation" >&2;} + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: section \"Present But Cannot Be Compiled\"" >&5 +$as_echo "$as_me: WARNING: $2: section \"Present But Cannot Be Compiled\"" >&2;} + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5 +$as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;} +( $as_echo "## ------------------------------------------------------------------------- ## +## Report this to http://lists.freedesktop.org/mailman/listinfo/polkit-devel ## +## ------------------------------------------------------------------------- ##" + ) | sed "s/^/$as_me: WARNING: /" >&2 + ;; +esac + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 +$as_echo_n "checking for $2... " >&6; } +if eval \${$3+:} false; then : + $as_echo_n "(cached) " >&6 +else + eval "$3=\$ac_header_compiler" +fi +eval ac_res=\$$3 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } +fi + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + +} # ac_fn_c_check_header_mongrel +cat >config.log <<_ACEOF +This file contains any messages produced by compilers while +running configure, to aid debugging if configure makes a mistake. + +It was created by polkit $as_me 0.105, which was +generated by GNU Autoconf 2.68. Invocation command line was + + $ $0 $@ + +_ACEOF +exec 5>>config.log +{ +cat <<_ASUNAME +## --------- ## +## Platform. ## +## --------- ## + +hostname = `(hostname || uname -n) 2>/dev/null | sed 1q` +uname -m = `(uname -m) 2>/dev/null || echo unknown` +uname -r = `(uname -r) 2>/dev/null || echo unknown` +uname -s = `(uname -s) 2>/dev/null || echo unknown` +uname -v = `(uname -v) 2>/dev/null || echo unknown` + +/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null || echo unknown` +/bin/uname -X = `(/bin/uname -X) 2>/dev/null || echo unknown` + +/bin/arch = `(/bin/arch) 2>/dev/null || echo unknown` +/usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null || echo unknown` +/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null || echo unknown` +/usr/bin/hostinfo = `(/usr/bin/hostinfo) 2>/dev/null || echo unknown` +/bin/machine = `(/bin/machine) 2>/dev/null || echo unknown` +/usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null || echo unknown` +/bin/universe = `(/bin/universe) 2>/dev/null || echo unknown` + +_ASUNAME + +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + $as_echo "PATH: $as_dir" + done +IFS=$as_save_IFS + +} >&5 + +cat >&5 <<_ACEOF + + +## ----------- ## +## Core tests. ## +## ----------- ## + +_ACEOF + + +# Keep a trace of the command line. +# Strip out --no-create and --no-recursion so they do not pile up. +# Strip out --silent because we don't want to record it for future runs. +# Also quote any args containing shell meta-characters. +# Make two passes to allow for proper duplicate-argument suppression. +ac_configure_args= +ac_configure_args0= +ac_configure_args1= +ac_must_keep_next=false +for ac_pass in 1 2 +do + for ac_arg + do + case $ac_arg in + -no-create | --no-c* | -n | -no-recursion | --no-r*) continue ;; + -q | -quiet | --quiet | --quie | --qui | --qu | --q \ + | -silent | --silent | --silen | --sile | --sil) + continue ;; + *\'*) + ac_arg=`$as_echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;; + esac + case $ac_pass in + 1) as_fn_append ac_configure_args0 " '$ac_arg'" ;; + 2) + as_fn_append ac_configure_args1 " '$ac_arg'" + if test $ac_must_keep_next = true; then + ac_must_keep_next=false # Got value, back to normal. + else + case $ac_arg in + *=* | --config-cache | -C | -disable-* | --disable-* \ + | -enable-* | --enable-* | -gas | --g* | -nfp | --nf* \ + | -q | -quiet | --q* | -silent | --sil* | -v | -verb* \ + | -with-* | --with-* | -without-* | --without-* | --x) + case "$ac_configure_args0 " in + "$ac_configure_args1"*" '$ac_arg' "* ) continue ;; + esac + ;; + -* ) ac_must_keep_next=true ;; + esac + fi + as_fn_append ac_configure_args " '$ac_arg'" + ;; + esac + done +done +{ ac_configure_args0=; unset ac_configure_args0;} +{ ac_configure_args1=; unset ac_configure_args1;} + +# When interrupted or exit'd, cleanup temporary files, and complete +# config.log. We remove comments because anyway the quotes in there +# would cause problems or look ugly. +# WARNING: Use '\'' to represent an apostrophe within the trap. +# WARNING: Do not start the trap code with a newline, due to a FreeBSD 4.0 bug. +trap 'exit_status=$? + # Save into config.log some information that might help in debugging. + { + echo + + $as_echo "## ---------------- ## +## Cache variables. ## +## ---------------- ##" + echo + # The following way of writing the cache mishandles newlines in values, +( + for ac_var in `(set) 2>&1 | sed -n '\''s/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'\''`; do + eval ac_val=\$$ac_var + case $ac_val in #( + *${as_nl}*) + case $ac_var in #( + *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5 +$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; + esac + case $ac_var in #( + _ | IFS | as_nl) ;; #( + BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #( + *) { eval $ac_var=; unset $ac_var;} ;; + esac ;; + esac + done + (set) 2>&1 | + case $as_nl`(ac_space='\'' '\''; set) 2>&1` in #( + *${as_nl}ac_space=\ *) + sed -n \ + "s/'\''/'\''\\\\'\'''\''/g; + s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\''\\2'\''/p" + ;; #( + *) + sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p" + ;; + esac | + sort +) + echo + + $as_echo "## ----------------- ## +## Output variables. ## +## ----------------- ##" + echo + for ac_var in $ac_subst_vars + do + eval ac_val=\$$ac_var + case $ac_val in + *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;; + esac + $as_echo "$ac_var='\''$ac_val'\''" + done | sort + echo + + if test -n "$ac_subst_files"; then + $as_echo "## ------------------- ## +## File substitutions. ## +## ------------------- ##" + echo + for ac_var in $ac_subst_files + do + eval ac_val=\$$ac_var + case $ac_val in + *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;; + esac + $as_echo "$ac_var='\''$ac_val'\''" + done | sort + echo + fi + + if test -s confdefs.h; then + $as_echo "## ----------- ## +## confdefs.h. ## +## ----------- ##" + echo + cat confdefs.h + echo + fi + test "$ac_signal" != 0 && + $as_echo "$as_me: caught signal $ac_signal" + $as_echo "$as_me: exit $exit_status" + } >&5 + rm -f core *.core core.conftest.* && + rm -f -r conftest* confdefs* conf$$* $ac_clean_files && + exit $exit_status +' 0 +for ac_signal in 1 2 13 15; do + trap 'ac_signal='$ac_signal'; as_fn_exit 1' $ac_signal +done +ac_signal=0 + +# confdefs.h avoids OS command line length limits that DEFS can exceed. +rm -f -r conftest* confdefs.h + +$as_echo "/* confdefs.h */" > confdefs.h + +# Predefined preprocessor variables. + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_NAME "$PACKAGE_NAME" +_ACEOF + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_TARNAME "$PACKAGE_TARNAME" +_ACEOF + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_VERSION "$PACKAGE_VERSION" +_ACEOF + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_STRING "$PACKAGE_STRING" +_ACEOF + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_BUGREPORT "$PACKAGE_BUGREPORT" +_ACEOF + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_URL "$PACKAGE_URL" +_ACEOF + + +# Let the site file select an alternate cache file if it wants to. +# Prefer an explicitly selected file to automatically selected ones. +ac_site_file1=NONE +ac_site_file2=NONE +if test -n "$CONFIG_SITE"; then + # We do not want a PATH search for config.site. + case $CONFIG_SITE in #(( + -*) ac_site_file1=./$CONFIG_SITE;; + */*) ac_site_file1=$CONFIG_SITE;; + *) ac_site_file1=./$CONFIG_SITE;; + esac +elif test "x$prefix" != xNONE; then + ac_site_file1=$prefix/share/config.site + ac_site_file2=$prefix/etc/config.site +else + ac_site_file1=$ac_default_prefix/share/config.site + ac_site_file2=$ac_default_prefix/etc/config.site +fi +for ac_site_file in "$ac_site_file1" "$ac_site_file2" +do + test "x$ac_site_file" = xNONE && continue + if test /dev/null != "$ac_site_file" && test -r "$ac_site_file"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: loading site script $ac_site_file" >&5 +$as_echo "$as_me: loading site script $ac_site_file" >&6;} + sed 's/^/| /' "$ac_site_file" >&5 + . "$ac_site_file" \ + || { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "failed to load site script $ac_site_file +See \`config.log' for more details" "$LINENO" 5; } + fi +done + +if test -r "$cache_file"; then + # Some versions of bash will fail to source /dev/null (special files + # actually), so we avoid doing that. DJGPP emulates it as a regular file. + if test /dev/null != "$cache_file" && test -f "$cache_file"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: loading cache $cache_file" >&5 +$as_echo "$as_me: loading cache $cache_file" >&6;} + case $cache_file in + [\\/]* | ?:[\\/]* ) . "$cache_file";; + *) . "./$cache_file";; + esac + fi +else + { $as_echo "$as_me:${as_lineno-$LINENO}: creating cache $cache_file" >&5 +$as_echo "$as_me: creating cache $cache_file" >&6;} + >$cache_file +fi + +# Check that the precious variables saved in the cache have kept the same +# value. +ac_cache_corrupted=false +for ac_var in $ac_precious_vars; do + eval ac_old_set=\$ac_cv_env_${ac_var}_set + eval ac_new_set=\$ac_env_${ac_var}_set + eval ac_old_val=\$ac_cv_env_${ac_var}_value + eval ac_new_val=\$ac_env_${ac_var}_value + case $ac_old_set,$ac_new_set in + set,) + { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5 +$as_echo "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;} + ac_cache_corrupted=: ;; + ,set) + { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was not set in the previous run" >&5 +$as_echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;} + ac_cache_corrupted=: ;; + ,);; + *) + if test "x$ac_old_val" != "x$ac_new_val"; then + # differences in whitespace do not lead to failure. + ac_old_val_w=`echo x $ac_old_val` + ac_new_val_w=`echo x $ac_new_val` + if test "$ac_old_val_w" != "$ac_new_val_w"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' has changed since the previous run:" >&5 +$as_echo "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;} + ac_cache_corrupted=: + else + { $as_echo "$as_me:${as_lineno-$LINENO}: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&5 +$as_echo "$as_me: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&2;} + eval $ac_var=\$ac_old_val + fi + { $as_echo "$as_me:${as_lineno-$LINENO}: former value: \`$ac_old_val'" >&5 +$as_echo "$as_me: former value: \`$ac_old_val'" >&2;} + { $as_echo "$as_me:${as_lineno-$LINENO}: current value: \`$ac_new_val'" >&5 +$as_echo "$as_me: current value: \`$ac_new_val'" >&2;} + fi;; + esac + # Pass precious variables to config.status. + if test "$ac_new_set" = set; then + case $ac_new_val in + *\'*) ac_arg=$ac_var=`$as_echo "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;; + *) ac_arg=$ac_var=$ac_new_val ;; + esac + case " $ac_configure_args " in + *" '$ac_arg' "*) ;; # Avoid dups. Use of quotes ensures accuracy. + *) as_fn_append ac_configure_args " '$ac_arg'" ;; + esac + fi +done +if $ac_cache_corrupted; then + { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} + { $as_echo "$as_me:${as_lineno-$LINENO}: error: changes in the environment can compromise the build" >&5 +$as_echo "$as_me: error: changes in the environment can compromise the build" >&2;} + as_fn_error $? "run \`make distclean' and/or \`rm $cache_file' and start over" "$LINENO" 5 +fi +## -------------------- ## +## Main body of script. ## +## -------------------- ## + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + + +am__api_version='1.11' + +ac_aux_dir= +for ac_dir in "$srcdir" "$srcdir/.." "$srcdir/../.."; do + if test -f "$ac_dir/install-sh"; then + ac_aux_dir=$ac_dir + ac_install_sh="$ac_aux_dir/install-sh -c" + break + elif test -f "$ac_dir/install.sh"; then + ac_aux_dir=$ac_dir + ac_install_sh="$ac_aux_dir/install.sh -c" + break + elif test -f "$ac_dir/shtool"; then + ac_aux_dir=$ac_dir + ac_install_sh="$ac_aux_dir/shtool install -c" + break + fi +done +if test -z "$ac_aux_dir"; then + as_fn_error $? "cannot find install-sh, install.sh, or shtool in \"$srcdir\" \"$srcdir/..\" \"$srcdir/../..\"" "$LINENO" 5 +fi + +# These three variables are undocumented and unsupported, +# and are intended to be withdrawn in a future Autoconf release. +# They can cause serious problems if a builder's source tree is in a directory +# whose full name contains unusual characters. +ac_config_guess="$SHELL $ac_aux_dir/config.guess" # Please don't use this var. +ac_config_sub="$SHELL $ac_aux_dir/config.sub" # Please don't use this var. +ac_configure="$SHELL $ac_aux_dir/configure" # Please don't use this var. + + +# Find a good install program. We prefer a C program (faster), +# so one script is as good as another. But avoid the broken or +# incompatible versions: +# SysV /etc/install, /usr/sbin/install +# SunOS /usr/etc/install +# IRIX /sbin/install +# AIX /bin/install +# AmigaOS /C/install, which installs bootblocks on floppy discs +# AIX 4 /usr/bin/installbsd, which doesn't work without a -g flag +# AFS /usr/afsws/bin/install, which mishandles nonexistent args +# SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff" +# OS/2's system install, which has a completely different semantic +# ./install, which can be erroneously created by make from ./install.sh. +# Reject install programs that cannot install multiple files. +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a BSD-compatible install" >&5 +$as_echo_n "checking for a BSD-compatible install... " >&6; } +if test -z "$INSTALL"; then +if ${ac_cv_path_install+:} false; then : + $as_echo_n "(cached) " >&6 +else + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + # Account for people who put trailing slashes in PATH elements. +case $as_dir/ in #(( + ./ | .// | /[cC]/* | \ + /etc/* | /usr/sbin/* | /usr/etc/* | /sbin/* | /usr/afsws/bin/* | \ + ?:[\\/]os2[\\/]install[\\/]* | ?:[\\/]OS2[\\/]INSTALL[\\/]* | \ + /usr/ucb/* ) ;; + *) + # OSF1 and SCO ODT 3.0 have their own names for install. + # Don't use installbsd from OSF since it installs stuff as root + # by default. + for ac_prog in ginstall scoinst install; do + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_prog$ac_exec_ext" && $as_test_x "$as_dir/$ac_prog$ac_exec_ext"; }; then + if test $ac_prog = install && + grep dspmsg "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then + # AIX install. It has an incompatible calling convention. + : + elif test $ac_prog = install && + grep pwplus "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then + # program-specific install script used by HP pwplus--don't use. + : + else + rm -rf conftest.one conftest.two conftest.dir + echo one > conftest.one + echo two > conftest.two + mkdir conftest.dir + if "$as_dir/$ac_prog$ac_exec_ext" -c conftest.one conftest.two "`pwd`/conftest.dir" && + test -s conftest.one && test -s conftest.two && + test -s conftest.dir/conftest.one && + test -s conftest.dir/conftest.two + then + ac_cv_path_install="$as_dir/$ac_prog$ac_exec_ext -c" + break 3 + fi + fi + fi + done + done + ;; +esac + + done +IFS=$as_save_IFS + +rm -rf conftest.one conftest.two conftest.dir + +fi + if test "${ac_cv_path_install+set}" = set; then + INSTALL=$ac_cv_path_install + else + # As a last resort, use the slow shell script. Don't cache a + # value for INSTALL within a source directory, because that will + # break other packages using the cache if that directory is + # removed, or if the value is a relative name. + INSTALL=$ac_install_sh + fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $INSTALL" >&5 +$as_echo "$INSTALL" >&6; } + +# Use test -z because SunOS4 sh mishandles braces in ${var-val}. +# It thinks the first close brace ends the variable substitution. +test -z "$INSTALL_PROGRAM" && INSTALL_PROGRAM='${INSTALL}' + +test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL}' + +test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644' + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether build environment is sane" >&5 +$as_echo_n "checking whether build environment is sane... " >&6; } +# Just in case +sleep 1 +echo timestamp > conftest.file +# Reject unsafe characters in $srcdir or the absolute working directory +# name. Accept space and tab only in the latter. +am_lf=' +' +case `pwd` in + *[\\\"\#\$\&\'\`$am_lf]*) + as_fn_error $? "unsafe absolute working directory name" "$LINENO" 5;; +esac +case $srcdir in + *[\\\"\#\$\&\'\`$am_lf\ \ ]*) + as_fn_error $? "unsafe srcdir value: \`$srcdir'" "$LINENO" 5;; +esac + +# Do `set' in a subshell so we don't clobber the current shell's +# arguments. Must try -L first in case configure is actually a +# symlink; some systems play weird games with the mod time of symlinks +# (eg FreeBSD returns the mod time of the symlink's containing +# directory). +if ( + set X `ls -Lt "$srcdir/configure" conftest.file 2> /dev/null` + if test "$*" = "X"; then + # -L didn't work. + set X `ls -t "$srcdir/configure" conftest.file` + fi + rm -f conftest.file + if test "$*" != "X $srcdir/configure conftest.file" \ + && test "$*" != "X conftest.file $srcdir/configure"; then + + # If neither matched, then we have a broken ls. This can happen + # if, for instance, CONFIG_SHELL is bash and it inherits a + # broken ls alias from the environment. This has actually + # happened. Such a system could not be considered "sane". + as_fn_error $? "ls -t appears to fail. Make sure there is not a broken +alias in your environment" "$LINENO" 5 + fi + + test "$2" = conftest.file + ) +then + # Ok. + : +else + as_fn_error $? "newly created file is older than distributed files! +Check your system clock" "$LINENO" 5 +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } +test "$program_prefix" != NONE && + program_transform_name="s&^&$program_prefix&;$program_transform_name" +# Use a double $ so make ignores it. +test "$program_suffix" != NONE && + program_transform_name="s&\$&$program_suffix&;$program_transform_name" +# Double any \ or $. +# By default was `s,x,x', remove it if useless. +ac_script='s/[\\$]/&&/g;s/;s,x,x,$//' +program_transform_name=`$as_echo "$program_transform_name" | sed "$ac_script"` + +# expand $ac_aux_dir to an absolute path +am_aux_dir=`cd $ac_aux_dir && pwd` + +if test x"${MISSING+set}" != xset; then + case $am_aux_dir in + *\ * | *\ *) + MISSING="\${SHELL} \"$am_aux_dir/missing\"" ;; + *) + MISSING="\${SHELL} $am_aux_dir/missing" ;; + esac +fi +# Use eval to expand $SHELL +if eval "$MISSING --run true"; then + am_missing_run="$MISSING --run " +else + am_missing_run= + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: \`missing' script is too old or missing" >&5 +$as_echo "$as_me: WARNING: \`missing' script is too old or missing" >&2;} +fi + +if test x"${install_sh}" != xset; then + case $am_aux_dir in + *\ * | *\ *) + install_sh="\${SHELL} '$am_aux_dir/install-sh'" ;; + *) + install_sh="\${SHELL} $am_aux_dir/install-sh" + esac +fi + +# Installed binaries are usually stripped using `strip' when the user +# run `make install-strip'. However `strip' might not be the right +# tool to use in cross-compilation environments, therefore Automake +# will honor the `STRIP' environment variable to overrule this program. +if test "$cross_compiling" != no; then + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args. +set dummy ${ac_tool_prefix}strip; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_STRIP+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$STRIP"; then + ac_cv_prog_STRIP="$STRIP" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_STRIP="${ac_tool_prefix}strip" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +STRIP=$ac_cv_prog_STRIP +if test -n "$STRIP"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $STRIP" >&5 +$as_echo "$STRIP" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_STRIP"; then + ac_ct_STRIP=$STRIP + # Extract the first word of "strip", so it can be a program name with args. +set dummy strip; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_STRIP+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_STRIP"; then + ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_ac_ct_STRIP="strip" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP +if test -n "$ac_ct_STRIP"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_STRIP" >&5 +$as_echo "$ac_ct_STRIP" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_ct_STRIP" = x; then + STRIP=":" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + STRIP=$ac_ct_STRIP + fi +else + STRIP="$ac_cv_prog_STRIP" +fi + +fi +INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s" + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a thread-safe mkdir -p" >&5 +$as_echo_n "checking for a thread-safe mkdir -p... " >&6; } +if test -z "$MKDIR_P"; then + if ${ac_cv_path_mkdir+:} false; then : + $as_echo_n "(cached) " >&6 +else + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH$PATH_SEPARATOR/opt/sfw/bin +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_prog in mkdir gmkdir; do + for ac_exec_ext in '' $ac_executable_extensions; do + { test -f "$as_dir/$ac_prog$ac_exec_ext" && $as_test_x "$as_dir/$ac_prog$ac_exec_ext"; } || continue + case `"$as_dir/$ac_prog$ac_exec_ext" --version 2>&1` in #( + 'mkdir (GNU coreutils) '* | \ + 'mkdir (coreutils) '* | \ + 'mkdir (fileutils) '4.1*) + ac_cv_path_mkdir=$as_dir/$ac_prog$ac_exec_ext + break 3;; + esac + done + done + done +IFS=$as_save_IFS + +fi + + test -d ./--version && rmdir ./--version + if test "${ac_cv_path_mkdir+set}" = set; then + MKDIR_P="$ac_cv_path_mkdir -p" + else + # As a last resort, use the slow shell script. Don't cache a + # value for MKDIR_P within a source directory, because that will + # break other packages using the cache if that directory is + # removed, or if the value is a relative name. + MKDIR_P="$ac_install_sh -d" + fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $MKDIR_P" >&5 +$as_echo "$MKDIR_P" >&6; } + +mkdir_p="$MKDIR_P" +case $mkdir_p in + [\\/$]* | ?:[\\/]*) ;; + */*) mkdir_p="\$(top_builddir)/$mkdir_p" ;; +esac + +for ac_prog in gawk mawk nawk awk +do + # Extract the first word of "$ac_prog", so it can be a program name with args. +set dummy $ac_prog; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_AWK+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$AWK"; then + ac_cv_prog_AWK="$AWK" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_AWK="$ac_prog" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +AWK=$ac_cv_prog_AWK +if test -n "$AWK"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $AWK" >&5 +$as_echo "$AWK" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + test -n "$AWK" && break +done + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ${MAKE-make} sets \$(MAKE)" >&5 +$as_echo_n "checking whether ${MAKE-make} sets \$(MAKE)... " >&6; } +set x ${MAKE-make} +ac_make=`$as_echo "$2" | sed 's/+/p/g; s/[^a-zA-Z0-9_]/_/g'` +if eval \${ac_cv_prog_make_${ac_make}_set+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat >conftest.make <<\_ACEOF +SHELL = /bin/sh +all: + @echo '@@@%%%=$(MAKE)=@@@%%%' +_ACEOF +# GNU make sometimes prints "make[1]: Entering ...", which would confuse us. +case `${MAKE-make} -f conftest.make 2>/dev/null` in + *@@@%%%=?*=@@@%%%*) + eval ac_cv_prog_make_${ac_make}_set=yes;; + *) + eval ac_cv_prog_make_${ac_make}_set=no;; +esac +rm -f conftest.make +fi +if eval test \$ac_cv_prog_make_${ac_make}_set = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + SET_MAKE= +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + SET_MAKE="MAKE=${MAKE-make}" +fi + +rm -rf .tst 2>/dev/null +mkdir .tst 2>/dev/null +if test -d .tst; then + am__leading_dot=. +else + am__leading_dot=_ +fi +rmdir .tst 2>/dev/null + +if test "`cd $srcdir && pwd`" != "`pwd`"; then + # Use -I$(srcdir) only when $(srcdir) != ., so that make's output + # is not polluted with repeated "-I." + am__isrc=' -I$(srcdir)' + # test to see if srcdir already configured + if test -f $srcdir/config.status; then + as_fn_error $? "source directory already configured; run \"make distclean\" there first" "$LINENO" 5 + fi +fi + +# test whether we have cygpath +if test -z "$CYGPATH_W"; then + if (cygpath --version) >/dev/null 2>/dev/null; then + CYGPATH_W='cygpath -w' + else + CYGPATH_W=echo + fi +fi + + +# Define the identity of the package. + PACKAGE=polkit + VERSION=0.105 + + +cat >>confdefs.h <<_ACEOF +#define PACKAGE "$PACKAGE" +_ACEOF + + +cat >>confdefs.h <<_ACEOF +#define VERSION "$VERSION" +_ACEOF + +# Some tools Automake needs. + +ACLOCAL=${ACLOCAL-"${am_missing_run}aclocal-${am__api_version}"} + + +AUTOCONF=${AUTOCONF-"${am_missing_run}autoconf"} + + +AUTOMAKE=${AUTOMAKE-"${am_missing_run}automake-${am__api_version}"} + + +AUTOHEADER=${AUTOHEADER-"${am_missing_run}autoheader"} + + +MAKEINFO=${MAKEINFO-"${am_missing_run}makeinfo"} + +# We need awk for the "check" target. The system "awk" is bad on +# some platforms. +# Always define AMTAR for backward compatibility. Yes, it's still used +# in the wild :-( We should find a proper way to deprecate it ... +AMTAR='$${TAR-tar}' + +am__tar='$${TAR-tar} chof - "$$tardir"' am__untar='$${TAR-tar} xf -' + + + + + +ac_config_headers="$ac_config_headers config.h" + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable maintainer-specific portions of Makefiles" >&5 +$as_echo_n "checking whether to enable maintainer-specific portions of Makefiles... " >&6; } + # Check whether --enable-maintainer-mode was given. +if test "${enable_maintainer_mode+set}" = set; then : + enableval=$enable_maintainer_mode; USE_MAINTAINER_MODE=$enableval +else + USE_MAINTAINER_MODE=no +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $USE_MAINTAINER_MODE" >&5 +$as_echo "$USE_MAINTAINER_MODE" >&6; } + if test $USE_MAINTAINER_MODE = yes; then + MAINTAINER_MODE_TRUE= + MAINTAINER_MODE_FALSE='#' +else + MAINTAINER_MODE_TRUE='#' + MAINTAINER_MODE_FALSE= +fi + + MAINT=$MAINTAINER_MODE_TRUE + + + +# Check whether --enable-silent-rules was given. +if test "${enable_silent_rules+set}" = set; then : + enableval=$enable_silent_rules; +fi + +case $enable_silent_rules in +yes) AM_DEFAULT_VERBOSITY=0;; +no) AM_DEFAULT_VERBOSITY=1;; +*) AM_DEFAULT_VERBOSITY=0;; +esac +am_make=${MAKE-make} +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $am_make supports nested variables" >&5 +$as_echo_n "checking whether $am_make supports nested variables... " >&6; } +if ${am_cv_make_support_nested_variables+:} false; then : + $as_echo_n "(cached) " >&6 +else + if $as_echo 'TRUE=$(BAR$(V)) +BAR0=false +BAR1=true +V=1 +am__doit: + @$(TRUE) +.PHONY: am__doit' | $am_make -f - >/dev/null 2>&1; then + am_cv_make_support_nested_variables=yes +else + am_cv_make_support_nested_variables=no +fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_make_support_nested_variables" >&5 +$as_echo "$am_cv_make_support_nested_variables" >&6; } +if test $am_cv_make_support_nested_variables = yes; then + AM_V='$(V)' + AM_DEFAULT_V='$(AM_DEFAULT_VERBOSITY)' +else + AM_V=$AM_DEFAULT_VERBOSITY + AM_DEFAULT_V=$AM_DEFAULT_VERBOSITY +fi +AM_BACKSLASH='\' + + +# Include external mocklibc tool for unit testing + + +subdirs="$subdirs test/mocklibc" + + +# libtool versioning - this applies to all libraries in this package +# +# See http://sources.redhat.com/autobook/autobook/autobook_91.html#SEC91 for details +# +LT_CURRENT=0 +LT_REVISION=0 +LT_AGE=0 + + + + +DEPDIR="${am__leading_dot}deps" + +ac_config_commands="$ac_config_commands depfiles" + + +am_make=${MAKE-make} +cat > confinc << 'END' +am__doit: + @echo this is the am__doit target +.PHONY: am__doit +END +# If we don't find an include directive, just comment out the code. +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for style of include used by $am_make" >&5 +$as_echo_n "checking for style of include used by $am_make... " >&6; } +am__include="#" +am__quote= +_am_result=none +# First try GNU make style include. +echo "include confinc" > confmf +# Ignore all kinds of additional output from `make'. +case `$am_make -s -f confmf 2> /dev/null` in #( +*the\ am__doit\ target*) + am__include=include + am__quote= + _am_result=GNU + ;; +esac +# Now try BSD make style include. +if test "$am__include" = "#"; then + echo '.include "confinc"' > confmf + case `$am_make -s -f confmf 2> /dev/null` in #( + *the\ am__doit\ target*) + am__include=.include + am__quote="\"" + _am_result=BSD + ;; + esac +fi + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $_am_result" >&5 +$as_echo "$_am_result" >&6; } +rm -f confinc confmf + +# Check whether --enable-dependency-tracking was given. +if test "${enable_dependency_tracking+set}" = set; then : + enableval=$enable_dependency_tracking; +fi + +if test "x$enable_dependency_tracking" != xno; then + am_depcomp="$ac_aux_dir/depcomp" + AMDEPBACKSLASH='\' + am__nodep='_no' +fi + if test "x$enable_dependency_tracking" != xno; then + AMDEP_TRUE= + AMDEP_FALSE='#' +else + AMDEP_TRUE='#' + AMDEP_FALSE= +fi + + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu +if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args. +set dummy ${ac_tool_prefix}gcc; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_CC+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_CC="${ac_tool_prefix}gcc" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 +$as_echo "$CC" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_CC"; then + ac_ct_CC=$CC + # Extract the first word of "gcc", so it can be a program name with args. +set dummy gcc; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_CC+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_CC"; then + ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_ac_ct_CC="gcc" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_CC=$ac_cv_prog_ac_ct_CC +if test -n "$ac_ct_CC"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 +$as_echo "$ac_ct_CC" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_ct_CC" = x; then + CC="" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + CC=$ac_ct_CC + fi +else + CC="$ac_cv_prog_CC" +fi + +if test -z "$CC"; then + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args. +set dummy ${ac_tool_prefix}cc; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_CC+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_CC="${ac_tool_prefix}cc" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 +$as_echo "$CC" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + fi +fi +if test -z "$CC"; then + # Extract the first word of "cc", so it can be a program name with args. +set dummy cc; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_CC+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else + ac_prog_rejected=no +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then + ac_prog_rejected=yes + continue + fi + ac_cv_prog_CC="cc" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +if test $ac_prog_rejected = yes; then + # We found a bogon in the path, so make sure we never use it. + set dummy $ac_cv_prog_CC + shift + if test $# != 0; then + # We chose a different compiler from the bogus one. + # However, it has the same basename, so the bogon will be chosen + # first if we set CC to just the basename; use the full file name. + shift + ac_cv_prog_CC="$as_dir/$ac_word${1+' '}$@" + fi +fi +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 +$as_echo "$CC" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$CC"; then + if test -n "$ac_tool_prefix"; then + for ac_prog in cl.exe + do + # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. +set dummy $ac_tool_prefix$ac_prog; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_CC+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_CC="$ac_tool_prefix$ac_prog" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 +$as_echo "$CC" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + test -n "$CC" && break + done +fi +if test -z "$CC"; then + ac_ct_CC=$CC + for ac_prog in cl.exe +do + # Extract the first word of "$ac_prog", so it can be a program name with args. +set dummy $ac_prog; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_CC+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_CC"; then + ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_ac_ct_CC="$ac_prog" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_CC=$ac_cv_prog_ac_ct_CC +if test -n "$ac_ct_CC"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 +$as_echo "$ac_ct_CC" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + test -n "$ac_ct_CC" && break +done + + if test "x$ac_ct_CC" = x; then + CC="" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + CC=$ac_ct_CC + fi +fi + +fi + + +test -z "$CC" && { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "no acceptable C compiler found in \$PATH +See \`config.log' for more details" "$LINENO" 5; } + +# Provide some information about the compiler. +$as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5 +set X $ac_compile +ac_compiler=$2 +for ac_option in --version -v -V -qversion; do + { { ac_try="$ac_compiler $ac_option >&5" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_compiler $ac_option >&5") 2>conftest.err + ac_status=$? + if test -s conftest.err; then + sed '10a\ +... rest of stderr output deleted ... + 10q' conftest.err >conftest.er1 + cat conftest.er1 >&5 + fi + rm -f conftest.er1 conftest.err + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } +done + +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +ac_clean_files_save=$ac_clean_files +ac_clean_files="$ac_clean_files a.out a.out.dSYM a.exe b.out" +# Try to create an executable without -o first, disregard a.out. +# It will help us diagnose broken compilers, and finding out an intuition +# of exeext. +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the C compiler works" >&5 +$as_echo_n "checking whether the C compiler works... " >&6; } +ac_link_default=`$as_echo "$ac_link" | sed 's/ -o *conftest[^ ]*//'` + +# The possible output files: +ac_files="a.out conftest.exe conftest a.exe a_out.exe b.out conftest.*" + +ac_rmfiles= +for ac_file in $ac_files +do + case $ac_file in + *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;; + * ) ac_rmfiles="$ac_rmfiles $ac_file";; + esac +done +rm -f $ac_rmfiles + +if { { ac_try="$ac_link_default" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_link_default") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then : + # Autoconf-2.13 could set the ac_cv_exeext variable to `no'. +# So ignore a value of `no', otherwise this would lead to `EXEEXT = no' +# in a Makefile. We should not override ac_cv_exeext if it was cached, +# so that the user can short-circuit this test for compilers unknown to +# Autoconf. +for ac_file in $ac_files '' +do + test -f "$ac_file" || continue + case $ac_file in + *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) + ;; + [ab].out ) + # We found the default executable, but exeext='' is most + # certainly right. + break;; + *.* ) + if test "${ac_cv_exeext+set}" = set && test "$ac_cv_exeext" != no; + then :; else + ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` + fi + # We set ac_cv_exeext here because the later test for it is not + # safe: cross compilers may not add the suffix if given an `-o' + # argument, so we may need to know it at that point already. + # Even if this section looks crufty: it has the advantage of + # actually working. + break;; + * ) + break;; + esac +done +test "$ac_cv_exeext" = no && ac_cv_exeext= + +else + ac_file='' +fi +if test -z "$ac_file"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +$as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error 77 "C compiler cannot create executables +See \`config.log' for more details" "$LINENO" 5; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler default output file name" >&5 +$as_echo_n "checking for C compiler default output file name... " >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_file" >&5 +$as_echo "$ac_file" >&6; } +ac_exeext=$ac_cv_exeext + +rm -f -r a.out a.out.dSYM a.exe conftest$ac_cv_exeext b.out +ac_clean_files=$ac_clean_files_save +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of executables" >&5 +$as_echo_n "checking for suffix of executables... " >&6; } +if { { ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_link") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then : + # If both `conftest.exe' and `conftest' are `present' (well, observable) +# catch `conftest.exe'. For instance with Cygwin, `ls conftest' will +# work properly (i.e., refer to `conftest.exe'), while it won't with +# `rm'. +for ac_file in conftest.exe conftest conftest.*; do + test -f "$ac_file" || continue + case $ac_file in + *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;; + *.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` + break;; + * ) break;; + esac +done +else + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "cannot compute suffix of executables: cannot compile and link +See \`config.log' for more details" "$LINENO" 5; } +fi +rm -f conftest conftest$ac_cv_exeext +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_exeext" >&5 +$as_echo "$ac_cv_exeext" >&6; } + +rm -f conftest.$ac_ext +EXEEXT=$ac_cv_exeext +ac_exeext=$EXEEXT +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +int +main () +{ +FILE *f = fopen ("conftest.out", "w"); + return ferror (f) || fclose (f) != 0; + + ; + return 0; +} +_ACEOF +ac_clean_files="$ac_clean_files conftest.out" +# Check that the compiler produces executables we can run. If not, either +# the compiler is broken, or we cross compile. +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are cross compiling" >&5 +$as_echo_n "checking whether we are cross compiling... " >&6; } +if test "$cross_compiling" != yes; then + { { ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_link") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + if { ac_try='./conftest$ac_cv_exeext' + { { case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_try") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; }; then + cross_compiling=no + else + if test "$cross_compiling" = maybe; then + cross_compiling=yes + else + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "cannot run C compiled programs. +If you meant to cross compile, use \`--host'. +See \`config.log' for more details" "$LINENO" 5; } + fi + fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $cross_compiling" >&5 +$as_echo "$cross_compiling" >&6; } + +rm -f conftest.$ac_ext conftest$ac_cv_exeext conftest.out +ac_clean_files=$ac_clean_files_save +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of object files" >&5 +$as_echo_n "checking for suffix of object files... " >&6; } +if ${ac_cv_objext+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +rm -f conftest.o conftest.obj +if { { ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_compile") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then : + for ac_file in conftest.o conftest.obj conftest.*; do + test -f "$ac_file" || continue; + case $ac_file in + *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM ) ;; + *) ac_cv_objext=`expr "$ac_file" : '.*\.\(.*\)'` + break;; + esac +done +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "cannot compute suffix of object files: cannot compile +See \`config.log' for more details" "$LINENO" 5; } +fi +rm -f conftest.$ac_cv_objext conftest.$ac_ext +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_objext" >&5 +$as_echo "$ac_cv_objext" >&6; } +OBJEXT=$ac_cv_objext +ac_objext=$OBJEXT +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using the GNU C compiler" >&5 +$as_echo_n "checking whether we are using the GNU C compiler... " >&6; } +if ${ac_cv_c_compiler_gnu+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ +#ifndef __GNUC__ + choke me +#endif + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_compiler_gnu=yes +else + ac_compiler_gnu=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +ac_cv_c_compiler_gnu=$ac_compiler_gnu + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_compiler_gnu" >&5 +$as_echo "$ac_cv_c_compiler_gnu" >&6; } +if test $ac_compiler_gnu = yes; then + GCC=yes +else + GCC= +fi +ac_test_CFLAGS=${CFLAGS+set} +ac_save_CFLAGS=$CFLAGS +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC accepts -g" >&5 +$as_echo_n "checking whether $CC accepts -g... " >&6; } +if ${ac_cv_prog_cc_g+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_save_c_werror_flag=$ac_c_werror_flag + ac_c_werror_flag=yes + ac_cv_prog_cc_g=no + CFLAGS="-g" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_prog_cc_g=yes +else + CFLAGS="" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + +else + ac_c_werror_flag=$ac_save_c_werror_flag + CFLAGS="-g" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_prog_cc_g=yes +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + ac_c_werror_flag=$ac_save_c_werror_flag +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_g" >&5 +$as_echo "$ac_cv_prog_cc_g" >&6; } +if test "$ac_test_CFLAGS" = set; then + CFLAGS=$ac_save_CFLAGS +elif test $ac_cv_prog_cc_g = yes; then + if test "$GCC" = yes; then + CFLAGS="-g -O2" + else + CFLAGS="-g" + fi +else + if test "$GCC" = yes; then + CFLAGS="-O2" + else + CFLAGS= + fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $CC option to accept ISO C89" >&5 +$as_echo_n "checking for $CC option to accept ISO C89... " >&6; } +if ${ac_cv_prog_cc_c89+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_cv_prog_cc_c89=no +ac_save_CC=$CC +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +#include +#include +#include +/* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */ +struct buf { int x; }; +FILE * (*rcsopen) (struct buf *, struct stat *, int); +static char *e (p, i) + char **p; + int i; +{ + return p[i]; +} +static char *f (char * (*g) (char **, int), char **p, ...) +{ + char *s; + va_list v; + va_start (v,p); + s = g (p, va_arg (v,int)); + va_end (v); + return s; +} + +/* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has + function prototypes and stuff, but not '\xHH' hex character constants. + These don't provoke an error unfortunately, instead are silently treated + as 'x'. The following induces an error, until -std is added to get + proper ANSI mode. Curiously '\x00'!='x' always comes out true, for an + array size at least. It's necessary to write '\x00'==0 to get something + that's true only with -std. */ +int osf4_cc_array ['\x00' == 0 ? 1 : -1]; + +/* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters + inside strings and character constants. */ +#define FOO(x) 'x' +int xlc6_cc_array[FOO(a) == 'x' ? 1 : -1]; + +int test (int i, double x); +struct s1 {int (*f) (int a);}; +struct s2 {int (*f) (double a);}; +int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int); +int argc; +char **argv; +int +main () +{ +return f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1]; + ; + return 0; +} +_ACEOF +for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std \ + -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__" +do + CC="$ac_save_CC $ac_arg" + if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_prog_cc_c89=$ac_arg +fi +rm -f core conftest.err conftest.$ac_objext + test "x$ac_cv_prog_cc_c89" != "xno" && break +done +rm -f conftest.$ac_ext +CC=$ac_save_CC + +fi +# AC_CACHE_VAL +case "x$ac_cv_prog_cc_c89" in + x) + { $as_echo "$as_me:${as_lineno-$LINENO}: result: none needed" >&5 +$as_echo "none needed" >&6; } ;; + xno) + { $as_echo "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5 +$as_echo "unsupported" >&6; } ;; + *) + CC="$CC $ac_cv_prog_cc_c89" + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5 +$as_echo "$ac_cv_prog_cc_c89" >&6; } ;; +esac +if test "x$ac_cv_prog_cc_c89" != xno; then : + +fi + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + +depcc="$CC" am_compiler_list= + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking dependency style of $depcc" >&5 +$as_echo_n "checking dependency style of $depcc... " >&6; } +if ${am_cv_CC_dependencies_compiler_type+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then + # We make a subdir and do the tests there. Otherwise we can end up + # making bogus files that we don't know about and never remove. For + # instance it was reported that on HP-UX the gcc test will end up + # making a dummy file named `D' -- because `-MD' means `put the output + # in D'. + rm -rf conftest.dir + mkdir conftest.dir + # Copy depcomp to subdir because otherwise we won't find it if we're + # using a relative directory. + cp "$am_depcomp" conftest.dir + cd conftest.dir + # We will build objects and dependencies in a subdirectory because + # it helps to detect inapplicable dependency modes. For instance + # both Tru64's cc and ICC support -MD to output dependencies as a + # side effect of compilation, but ICC will put the dependencies in + # the current directory while Tru64 will put them in the object + # directory. + mkdir sub + + am_cv_CC_dependencies_compiler_type=none + if test "$am_compiler_list" = ""; then + am_compiler_list=`sed -n 's/^#*\([a-zA-Z0-9]*\))$/\1/p' < ./depcomp` + fi + am__universal=false + case " $depcc " in #( + *\ -arch\ *\ -arch\ *) am__universal=true ;; + esac + + for depmode in $am_compiler_list; do + # Setup a source with many dependencies, because some compilers + # like to wrap large dependency lists on column 80 (with \), and + # we should not choose a depcomp mode which is confused by this. + # + # We need to recreate these files for each test, as the compiler may + # overwrite some of them when testing with obscure command lines. + # This happens at least with the AIX C compiler. + : > sub/conftest.c + for i in 1 2 3 4 5 6; do + echo '#include "conftst'$i'.h"' >> sub/conftest.c + # Using `: > sub/conftst$i.h' creates only sub/conftst1.h with + # Solaris 8's {/usr,}/bin/sh. + touch sub/conftst$i.h + done + echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf + + # We check with `-c' and `-o' for the sake of the "dashmstdout" + # mode. It turns out that the SunPro C++ compiler does not properly + # handle `-M -o', and we need to detect this. Also, some Intel + # versions had trouble with output in subdirs + am__obj=sub/conftest.${OBJEXT-o} + am__minus_obj="-o $am__obj" + case $depmode in + gcc) + # This depmode causes a compiler race in universal mode. + test "$am__universal" = false || continue + ;; + nosideeffect) + # after this tag, mechanisms are not by side-effect, so they'll + # only be used when explicitly requested + if test "x$enable_dependency_tracking" = xyes; then + continue + else + break + fi + ;; + msvc7 | msvc7msys | msvisualcpp | msvcmsys) + # This compiler won't grok `-c -o', but also, the minuso test has + # not run yet. These depmodes are late enough in the game, and + # so weak that their functioning should not be impacted. + am__obj=conftest.${OBJEXT-o} + am__minus_obj= + ;; + none) break ;; + esac + if depmode=$depmode \ + source=sub/conftest.c object=$am__obj \ + depfile=sub/conftest.Po tmpdepfile=sub/conftest.TPo \ + $SHELL ./depcomp $depcc -c $am__minus_obj sub/conftest.c \ + >/dev/null 2>conftest.err && + grep sub/conftst1.h sub/conftest.Po > /dev/null 2>&1 && + grep sub/conftst6.h sub/conftest.Po > /dev/null 2>&1 && + grep $am__obj sub/conftest.Po > /dev/null 2>&1 && + ${MAKE-make} -s -f confmf > /dev/null 2>&1; then + # icc doesn't choke on unknown options, it will just issue warnings + # or remarks (even with -Werror). So we grep stderr for any message + # that says an option was ignored or not supported. + # When given -MP, icc 7.0 and 7.1 complain thusly: + # icc: Command line warning: ignoring option '-M'; no argument required + # The diagnosis changed in icc 8.0: + # icc: Command line remark: option '-MP' not supported + if (grep 'ignoring option' conftest.err || + grep 'not supported' conftest.err) >/dev/null 2>&1; then :; else + am_cv_CC_dependencies_compiler_type=$depmode + break + fi + fi + done + + cd .. + rm -rf conftest.dir +else + am_cv_CC_dependencies_compiler_type=none +fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_CC_dependencies_compiler_type" >&5 +$as_echo "$am_cv_CC_dependencies_compiler_type" >&6; } +CCDEPMODE=depmode=$am_cv_CC_dependencies_compiler_type + + if + test "x$enable_dependency_tracking" != xno \ + && test "$am_cv_CC_dependencies_compiler_type" = gcc3; then + am__fastdepCC_TRUE= + am__fastdepCC_FALSE='#' +else + am__fastdepCC_TRUE='#' + am__fastdepCC_FALSE= +fi + + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing strerror" >&5 +$as_echo_n "checking for library containing strerror... " >&6; } +if ${ac_cv_search_strerror+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_func_search_save_LIBS=$LIBS +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char strerror (); +int +main () +{ +return strerror (); + ; + return 0; +} +_ACEOF +for ac_lib in '' cposix; do + if test -z "$ac_lib"; then + ac_res="none required" + else + ac_res=-l$ac_lib + LIBS="-l$ac_lib $ac_func_search_save_LIBS" + fi + if ac_fn_c_try_link "$LINENO"; then : + ac_cv_search_strerror=$ac_res +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext + if ${ac_cv_search_strerror+:} false; then : + break +fi +done +if ${ac_cv_search_strerror+:} false; then : + +else + ac_cv_search_strerror=no +fi +rm conftest.$ac_ext +LIBS=$ac_func_search_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_strerror" >&5 +$as_echo "$ac_cv_search_strerror" >&6; } +ac_res=$ac_cv_search_strerror +if test "$ac_res" != no; then : + test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" + +fi + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu +if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args. +set dummy ${ac_tool_prefix}gcc; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_CC+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_CC="${ac_tool_prefix}gcc" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 +$as_echo "$CC" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_CC"; then + ac_ct_CC=$CC + # Extract the first word of "gcc", so it can be a program name with args. +set dummy gcc; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_CC+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_CC"; then + ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_ac_ct_CC="gcc" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_CC=$ac_cv_prog_ac_ct_CC +if test -n "$ac_ct_CC"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 +$as_echo "$ac_ct_CC" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_ct_CC" = x; then + CC="" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + CC=$ac_ct_CC + fi +else + CC="$ac_cv_prog_CC" +fi + +if test -z "$CC"; then + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args. +set dummy ${ac_tool_prefix}cc; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_CC+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_CC="${ac_tool_prefix}cc" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 +$as_echo "$CC" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + fi +fi +if test -z "$CC"; then + # Extract the first word of "cc", so it can be a program name with args. +set dummy cc; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_CC+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else + ac_prog_rejected=no +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then + ac_prog_rejected=yes + continue + fi + ac_cv_prog_CC="cc" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +if test $ac_prog_rejected = yes; then + # We found a bogon in the path, so make sure we never use it. + set dummy $ac_cv_prog_CC + shift + if test $# != 0; then + # We chose a different compiler from the bogus one. + # However, it has the same basename, so the bogon will be chosen + # first if we set CC to just the basename; use the full file name. + shift + ac_cv_prog_CC="$as_dir/$ac_word${1+' '}$@" + fi +fi +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 +$as_echo "$CC" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$CC"; then + if test -n "$ac_tool_prefix"; then + for ac_prog in cl.exe + do + # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. +set dummy $ac_tool_prefix$ac_prog; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_CC+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_CC="$ac_tool_prefix$ac_prog" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 +$as_echo "$CC" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + test -n "$CC" && break + done +fi +if test -z "$CC"; then + ac_ct_CC=$CC + for ac_prog in cl.exe +do + # Extract the first word of "$ac_prog", so it can be a program name with args. +set dummy $ac_prog; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_CC+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_CC"; then + ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_ac_ct_CC="$ac_prog" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_CC=$ac_cv_prog_ac_ct_CC +if test -n "$ac_ct_CC"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 +$as_echo "$ac_ct_CC" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + test -n "$ac_ct_CC" && break +done + + if test "x$ac_ct_CC" = x; then + CC="" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + CC=$ac_ct_CC + fi +fi + +fi + + +test -z "$CC" && { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "no acceptable C compiler found in \$PATH +See \`config.log' for more details" "$LINENO" 5; } + +# Provide some information about the compiler. +$as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5 +set X $ac_compile +ac_compiler=$2 +for ac_option in --version -v -V -qversion; do + { { ac_try="$ac_compiler $ac_option >&5" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_compiler $ac_option >&5") 2>conftest.err + ac_status=$? + if test -s conftest.err; then + sed '10a\ +... rest of stderr output deleted ... + 10q' conftest.err >conftest.er1 + cat conftest.er1 >&5 + fi + rm -f conftest.er1 conftest.err + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } +done + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using the GNU C compiler" >&5 +$as_echo_n "checking whether we are using the GNU C compiler... " >&6; } +if ${ac_cv_c_compiler_gnu+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ +#ifndef __GNUC__ + choke me +#endif + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_compiler_gnu=yes +else + ac_compiler_gnu=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +ac_cv_c_compiler_gnu=$ac_compiler_gnu + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_compiler_gnu" >&5 +$as_echo "$ac_cv_c_compiler_gnu" >&6; } +if test $ac_compiler_gnu = yes; then + GCC=yes +else + GCC= +fi +ac_test_CFLAGS=${CFLAGS+set} +ac_save_CFLAGS=$CFLAGS +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC accepts -g" >&5 +$as_echo_n "checking whether $CC accepts -g... " >&6; } +if ${ac_cv_prog_cc_g+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_save_c_werror_flag=$ac_c_werror_flag + ac_c_werror_flag=yes + ac_cv_prog_cc_g=no + CFLAGS="-g" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_prog_cc_g=yes +else + CFLAGS="" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + +else + ac_c_werror_flag=$ac_save_c_werror_flag + CFLAGS="-g" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_prog_cc_g=yes +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + ac_c_werror_flag=$ac_save_c_werror_flag +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_g" >&5 +$as_echo "$ac_cv_prog_cc_g" >&6; } +if test "$ac_test_CFLAGS" = set; then + CFLAGS=$ac_save_CFLAGS +elif test $ac_cv_prog_cc_g = yes; then + if test "$GCC" = yes; then + CFLAGS="-g -O2" + else + CFLAGS="-g" + fi +else + if test "$GCC" = yes; then + CFLAGS="-O2" + else + CFLAGS= + fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $CC option to accept ISO C89" >&5 +$as_echo_n "checking for $CC option to accept ISO C89... " >&6; } +if ${ac_cv_prog_cc_c89+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_cv_prog_cc_c89=no +ac_save_CC=$CC +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +#include +#include +#include +/* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */ +struct buf { int x; }; +FILE * (*rcsopen) (struct buf *, struct stat *, int); +static char *e (p, i) + char **p; + int i; +{ + return p[i]; +} +static char *f (char * (*g) (char **, int), char **p, ...) +{ + char *s; + va_list v; + va_start (v,p); + s = g (p, va_arg (v,int)); + va_end (v); + return s; +} + +/* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has + function prototypes and stuff, but not '\xHH' hex character constants. + These don't provoke an error unfortunately, instead are silently treated + as 'x'. The following induces an error, until -std is added to get + proper ANSI mode. Curiously '\x00'!='x' always comes out true, for an + array size at least. It's necessary to write '\x00'==0 to get something + that's true only with -std. */ +int osf4_cc_array ['\x00' == 0 ? 1 : -1]; + +/* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters + inside strings and character constants. */ +#define FOO(x) 'x' +int xlc6_cc_array[FOO(a) == 'x' ? 1 : -1]; + +int test (int i, double x); +struct s1 {int (*f) (int a);}; +struct s2 {int (*f) (double a);}; +int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int); +int argc; +char **argv; +int +main () +{ +return f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1]; + ; + return 0; +} +_ACEOF +for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std \ + -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__" +do + CC="$ac_save_CC $ac_arg" + if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_prog_cc_c89=$ac_arg +fi +rm -f core conftest.err conftest.$ac_objext + test "x$ac_cv_prog_cc_c89" != "xno" && break +done +rm -f conftest.$ac_ext +CC=$ac_save_CC + +fi +# AC_CACHE_VAL +case "x$ac_cv_prog_cc_c89" in + x) + { $as_echo "$as_me:${as_lineno-$LINENO}: result: none needed" >&5 +$as_echo "none needed" >&6; } ;; + xno) + { $as_echo "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5 +$as_echo "unsupported" >&6; } ;; + *) + CC="$CC $ac_cv_prog_cc_c89" + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5 +$as_echo "$ac_cv_prog_cc_c89" >&6; } ;; +esac +if test "x$ac_cv_prog_cc_c89" != xno; then : + +fi + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + +depcc="$CC" am_compiler_list= + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking dependency style of $depcc" >&5 +$as_echo_n "checking dependency style of $depcc... " >&6; } +if ${am_cv_CC_dependencies_compiler_type+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then + # We make a subdir and do the tests there. Otherwise we can end up + # making bogus files that we don't know about and never remove. For + # instance it was reported that on HP-UX the gcc test will end up + # making a dummy file named `D' -- because `-MD' means `put the output + # in D'. + rm -rf conftest.dir + mkdir conftest.dir + # Copy depcomp to subdir because otherwise we won't find it if we're + # using a relative directory. + cp "$am_depcomp" conftest.dir + cd conftest.dir + # We will build objects and dependencies in a subdirectory because + # it helps to detect inapplicable dependency modes. For instance + # both Tru64's cc and ICC support -MD to output dependencies as a + # side effect of compilation, but ICC will put the dependencies in + # the current directory while Tru64 will put them in the object + # directory. + mkdir sub + + am_cv_CC_dependencies_compiler_type=none + if test "$am_compiler_list" = ""; then + am_compiler_list=`sed -n 's/^#*\([a-zA-Z0-9]*\))$/\1/p' < ./depcomp` + fi + am__universal=false + case " $depcc " in #( + *\ -arch\ *\ -arch\ *) am__universal=true ;; + esac + + for depmode in $am_compiler_list; do + # Setup a source with many dependencies, because some compilers + # like to wrap large dependency lists on column 80 (with \), and + # we should not choose a depcomp mode which is confused by this. + # + # We need to recreate these files for each test, as the compiler may + # overwrite some of them when testing with obscure command lines. + # This happens at least with the AIX C compiler. + : > sub/conftest.c + for i in 1 2 3 4 5 6; do + echo '#include "conftst'$i'.h"' >> sub/conftest.c + # Using `: > sub/conftst$i.h' creates only sub/conftst1.h with + # Solaris 8's {/usr,}/bin/sh. + touch sub/conftst$i.h + done + echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf + + # We check with `-c' and `-o' for the sake of the "dashmstdout" + # mode. It turns out that the SunPro C++ compiler does not properly + # handle `-M -o', and we need to detect this. Also, some Intel + # versions had trouble with output in subdirs + am__obj=sub/conftest.${OBJEXT-o} + am__minus_obj="-o $am__obj" + case $depmode in + gcc) + # This depmode causes a compiler race in universal mode. + test "$am__universal" = false || continue + ;; + nosideeffect) + # after this tag, mechanisms are not by side-effect, so they'll + # only be used when explicitly requested + if test "x$enable_dependency_tracking" = xyes; then + continue + else + break + fi + ;; + msvc7 | msvc7msys | msvisualcpp | msvcmsys) + # This compiler won't grok `-c -o', but also, the minuso test has + # not run yet. These depmodes are late enough in the game, and + # so weak that their functioning should not be impacted. + am__obj=conftest.${OBJEXT-o} + am__minus_obj= + ;; + none) break ;; + esac + if depmode=$depmode \ + source=sub/conftest.c object=$am__obj \ + depfile=sub/conftest.Po tmpdepfile=sub/conftest.TPo \ + $SHELL ./depcomp $depcc -c $am__minus_obj sub/conftest.c \ + >/dev/null 2>conftest.err && + grep sub/conftst1.h sub/conftest.Po > /dev/null 2>&1 && + grep sub/conftst6.h sub/conftest.Po > /dev/null 2>&1 && + grep $am__obj sub/conftest.Po > /dev/null 2>&1 && + ${MAKE-make} -s -f confmf > /dev/null 2>&1; then + # icc doesn't choke on unknown options, it will just issue warnings + # or remarks (even with -Werror). So we grep stderr for any message + # that says an option was ignored or not supported. + # When given -MP, icc 7.0 and 7.1 complain thusly: + # icc: Command line warning: ignoring option '-M'; no argument required + # The diagnosis changed in icc 8.0: + # icc: Command line remark: option '-MP' not supported + if (grep 'ignoring option' conftest.err || + grep 'not supported' conftest.err) >/dev/null 2>&1; then :; else + am_cv_CC_dependencies_compiler_type=$depmode + break + fi + fi + done + + cd .. + rm -rf conftest.dir +else + am_cv_CC_dependencies_compiler_type=none +fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_CC_dependencies_compiler_type" >&5 +$as_echo "$am_cv_CC_dependencies_compiler_type" >&6; } +CCDEPMODE=depmode=$am_cv_CC_dependencies_compiler_type + + if + test "x$enable_dependency_tracking" != xno \ + && test "$am_cv_CC_dependencies_compiler_type" = gcc3; then + am__fastdepCC_TRUE= + am__fastdepCC_FALSE='#' +else + am__fastdepCC_TRUE='#' + am__fastdepCC_FALSE= +fi + + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu +if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args. +set dummy ${ac_tool_prefix}gcc; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_CC+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_CC="${ac_tool_prefix}gcc" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 +$as_echo "$CC" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_CC"; then + ac_ct_CC=$CC + # Extract the first word of "gcc", so it can be a program name with args. +set dummy gcc; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_CC+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_CC"; then + ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_ac_ct_CC="gcc" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_CC=$ac_cv_prog_ac_ct_CC +if test -n "$ac_ct_CC"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 +$as_echo "$ac_ct_CC" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_ct_CC" = x; then + CC="" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + CC=$ac_ct_CC + fi +else + CC="$ac_cv_prog_CC" +fi + +if test -z "$CC"; then + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args. +set dummy ${ac_tool_prefix}cc; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_CC+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_CC="${ac_tool_prefix}cc" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 +$as_echo "$CC" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + fi +fi +if test -z "$CC"; then + # Extract the first word of "cc", so it can be a program name with args. +set dummy cc; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_CC+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else + ac_prog_rejected=no +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then + ac_prog_rejected=yes + continue + fi + ac_cv_prog_CC="cc" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +if test $ac_prog_rejected = yes; then + # We found a bogon in the path, so make sure we never use it. + set dummy $ac_cv_prog_CC + shift + if test $# != 0; then + # We chose a different compiler from the bogus one. + # However, it has the same basename, so the bogon will be chosen + # first if we set CC to just the basename; use the full file name. + shift + ac_cv_prog_CC="$as_dir/$ac_word${1+' '}$@" + fi +fi +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 +$as_echo "$CC" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$CC"; then + if test -n "$ac_tool_prefix"; then + for ac_prog in cl.exe + do + # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. +set dummy $ac_tool_prefix$ac_prog; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_CC+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_CC="$ac_tool_prefix$ac_prog" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 +$as_echo "$CC" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + test -n "$CC" && break + done +fi +if test -z "$CC"; then + ac_ct_CC=$CC + for ac_prog in cl.exe +do + # Extract the first word of "$ac_prog", so it can be a program name with args. +set dummy $ac_prog; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_CC+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_CC"; then + ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_ac_ct_CC="$ac_prog" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_CC=$ac_cv_prog_ac_ct_CC +if test -n "$ac_ct_CC"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 +$as_echo "$ac_ct_CC" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + test -n "$ac_ct_CC" && break +done + + if test "x$ac_ct_CC" = x; then + CC="" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + CC=$ac_ct_CC + fi +fi + +fi + + +test -z "$CC" && { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "no acceptable C compiler found in \$PATH +See \`config.log' for more details" "$LINENO" 5; } + +# Provide some information about the compiler. +$as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5 +set X $ac_compile +ac_compiler=$2 +for ac_option in --version -v -V -qversion; do + { { ac_try="$ac_compiler $ac_option >&5" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_compiler $ac_option >&5") 2>conftest.err + ac_status=$? + if test -s conftest.err; then + sed '10a\ +... rest of stderr output deleted ... + 10q' conftest.err >conftest.er1 + cat conftest.er1 >&5 + fi + rm -f conftest.er1 conftest.err + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } +done + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using the GNU C compiler" >&5 +$as_echo_n "checking whether we are using the GNU C compiler... " >&6; } +if ${ac_cv_c_compiler_gnu+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ +#ifndef __GNUC__ + choke me +#endif + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_compiler_gnu=yes +else + ac_compiler_gnu=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +ac_cv_c_compiler_gnu=$ac_compiler_gnu + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_compiler_gnu" >&5 +$as_echo "$ac_cv_c_compiler_gnu" >&6; } +if test $ac_compiler_gnu = yes; then + GCC=yes +else + GCC= +fi +ac_test_CFLAGS=${CFLAGS+set} +ac_save_CFLAGS=$CFLAGS +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC accepts -g" >&5 +$as_echo_n "checking whether $CC accepts -g... " >&6; } +if ${ac_cv_prog_cc_g+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_save_c_werror_flag=$ac_c_werror_flag + ac_c_werror_flag=yes + ac_cv_prog_cc_g=no + CFLAGS="-g" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_prog_cc_g=yes +else + CFLAGS="" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + +else + ac_c_werror_flag=$ac_save_c_werror_flag + CFLAGS="-g" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_prog_cc_g=yes +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + ac_c_werror_flag=$ac_save_c_werror_flag +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_g" >&5 +$as_echo "$ac_cv_prog_cc_g" >&6; } +if test "$ac_test_CFLAGS" = set; then + CFLAGS=$ac_save_CFLAGS +elif test $ac_cv_prog_cc_g = yes; then + if test "$GCC" = yes; then + CFLAGS="-g -O2" + else + CFLAGS="-g" + fi +else + if test "$GCC" = yes; then + CFLAGS="-O2" + else + CFLAGS= + fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $CC option to accept ISO C89" >&5 +$as_echo_n "checking for $CC option to accept ISO C89... " >&6; } +if ${ac_cv_prog_cc_c89+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_cv_prog_cc_c89=no +ac_save_CC=$CC +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +#include +#include +#include +/* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */ +struct buf { int x; }; +FILE * (*rcsopen) (struct buf *, struct stat *, int); +static char *e (p, i) + char **p; + int i; +{ + return p[i]; +} +static char *f (char * (*g) (char **, int), char **p, ...) +{ + char *s; + va_list v; + va_start (v,p); + s = g (p, va_arg (v,int)); + va_end (v); + return s; +} + +/* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has + function prototypes and stuff, but not '\xHH' hex character constants. + These don't provoke an error unfortunately, instead are silently treated + as 'x'. The following induces an error, until -std is added to get + proper ANSI mode. Curiously '\x00'!='x' always comes out true, for an + array size at least. It's necessary to write '\x00'==0 to get something + that's true only with -std. */ +int osf4_cc_array ['\x00' == 0 ? 1 : -1]; + +/* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters + inside strings and character constants. */ +#define FOO(x) 'x' +int xlc6_cc_array[FOO(a) == 'x' ? 1 : -1]; + +int test (int i, double x); +struct s1 {int (*f) (int a);}; +struct s2 {int (*f) (double a);}; +int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int); +int argc; +char **argv; +int +main () +{ +return f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1]; + ; + return 0; +} +_ACEOF +for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std \ + -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__" +do + CC="$ac_save_CC $ac_arg" + if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_prog_cc_c89=$ac_arg +fi +rm -f core conftest.err conftest.$ac_objext + test "x$ac_cv_prog_cc_c89" != "xno" && break +done +rm -f conftest.$ac_ext +CC=$ac_save_CC + +fi +# AC_CACHE_VAL +case "x$ac_cv_prog_cc_c89" in + x) + { $as_echo "$as_me:${as_lineno-$LINENO}: result: none needed" >&5 +$as_echo "none needed" >&6; } ;; + xno) + { $as_echo "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5 +$as_echo "unsupported" >&6; } ;; + *) + CC="$CC $ac_cv_prog_cc_c89" + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5 +$as_echo "$ac_cv_prog_cc_c89" >&6; } ;; +esac +if test "x$ac_cv_prog_cc_c89" != xno; then : + +fi + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + +depcc="$CC" am_compiler_list= + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking dependency style of $depcc" >&5 +$as_echo_n "checking dependency style of $depcc... " >&6; } +if ${am_cv_CC_dependencies_compiler_type+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then + # We make a subdir and do the tests there. Otherwise we can end up + # making bogus files that we don't know about and never remove. For + # instance it was reported that on HP-UX the gcc test will end up + # making a dummy file named `D' -- because `-MD' means `put the output + # in D'. + rm -rf conftest.dir + mkdir conftest.dir + # Copy depcomp to subdir because otherwise we won't find it if we're + # using a relative directory. + cp "$am_depcomp" conftest.dir + cd conftest.dir + # We will build objects and dependencies in a subdirectory because + # it helps to detect inapplicable dependency modes. For instance + # both Tru64's cc and ICC support -MD to output dependencies as a + # side effect of compilation, but ICC will put the dependencies in + # the current directory while Tru64 will put them in the object + # directory. + mkdir sub + + am_cv_CC_dependencies_compiler_type=none + if test "$am_compiler_list" = ""; then + am_compiler_list=`sed -n 's/^#*\([a-zA-Z0-9]*\))$/\1/p' < ./depcomp` + fi + am__universal=false + case " $depcc " in #( + *\ -arch\ *\ -arch\ *) am__universal=true ;; + esac + + for depmode in $am_compiler_list; do + # Setup a source with many dependencies, because some compilers + # like to wrap large dependency lists on column 80 (with \), and + # we should not choose a depcomp mode which is confused by this. + # + # We need to recreate these files for each test, as the compiler may + # overwrite some of them when testing with obscure command lines. + # This happens at least with the AIX C compiler. + : > sub/conftest.c + for i in 1 2 3 4 5 6; do + echo '#include "conftst'$i'.h"' >> sub/conftest.c + # Using `: > sub/conftst$i.h' creates only sub/conftst1.h with + # Solaris 8's {/usr,}/bin/sh. + touch sub/conftst$i.h + done + echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf + + # We check with `-c' and `-o' for the sake of the "dashmstdout" + # mode. It turns out that the SunPro C++ compiler does not properly + # handle `-M -o', and we need to detect this. Also, some Intel + # versions had trouble with output in subdirs + am__obj=sub/conftest.${OBJEXT-o} + am__minus_obj="-o $am__obj" + case $depmode in + gcc) + # This depmode causes a compiler race in universal mode. + test "$am__universal" = false || continue + ;; + nosideeffect) + # after this tag, mechanisms are not by side-effect, so they'll + # only be used when explicitly requested + if test "x$enable_dependency_tracking" = xyes; then + continue + else + break + fi + ;; + msvc7 | msvc7msys | msvisualcpp | msvcmsys) + # This compiler won't grok `-c -o', but also, the minuso test has + # not run yet. These depmodes are late enough in the game, and + # so weak that their functioning should not be impacted. + am__obj=conftest.${OBJEXT-o} + am__minus_obj= + ;; + none) break ;; + esac + if depmode=$depmode \ + source=sub/conftest.c object=$am__obj \ + depfile=sub/conftest.Po tmpdepfile=sub/conftest.TPo \ + $SHELL ./depcomp $depcc -c $am__minus_obj sub/conftest.c \ + >/dev/null 2>conftest.err && + grep sub/conftst1.h sub/conftest.Po > /dev/null 2>&1 && + grep sub/conftst6.h sub/conftest.Po > /dev/null 2>&1 && + grep $am__obj sub/conftest.Po > /dev/null 2>&1 && + ${MAKE-make} -s -f confmf > /dev/null 2>&1; then + # icc doesn't choke on unknown options, it will just issue warnings + # or remarks (even with -Werror). So we grep stderr for any message + # that says an option was ignored or not supported. + # When given -MP, icc 7.0 and 7.1 complain thusly: + # icc: Command line warning: ignoring option '-M'; no argument required + # The diagnosis changed in icc 8.0: + # icc: Command line remark: option '-MP' not supported + if (grep 'ignoring option' conftest.err || + grep 'not supported' conftest.err) >/dev/null 2>&1; then :; else + am_cv_CC_dependencies_compiler_type=$depmode + break + fi + fi + done + + cd .. + rm -rf conftest.dir +else + am_cv_CC_dependencies_compiler_type=none +fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_CC_dependencies_compiler_type" >&5 +$as_echo "$am_cv_CC_dependencies_compiler_type" >&6; } +CCDEPMODE=depmode=$am_cv_CC_dependencies_compiler_type + + if + test "x$enable_dependency_tracking" != xno \ + && test "$am_cv_CC_dependencies_compiler_type" = gcc3; then + am__fastdepCC_TRUE= + am__fastdepCC_FALSE='#' +else + am__fastdepCC_TRUE='#' + am__fastdepCC_FALSE= +fi + + + +am_cv_prog_cc_stdc=$ac_cv_prog_cc_stdc + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to run the C preprocessor" >&5 +$as_echo_n "checking how to run the C preprocessor... " >&6; } +# On Suns, sometimes $CPP names a directory. +if test -n "$CPP" && test -d "$CPP"; then + CPP= +fi +if test -z "$CPP"; then + if ${ac_cv_prog_CPP+:} false; then : + $as_echo_n "(cached) " >&6 +else + # Double quotes because CPP needs to be expanded + for CPP in "$CC -E" "$CC -E -traditional-cpp" "/lib/cpp" + do + ac_preproc_ok=false +for ac_c_preproc_warn_flag in '' yes +do + # Use a header file that comes with gcc, so configuring glibc + # with a fresh cross-compiler works. + # Prefer to if __STDC__ is defined, since + # exists even on freestanding compilers. + # On the NeXT, cc -E runs the code through the compiler's parser, + # not just through cpp. "Syntax error" is here to catch this case. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#ifdef __STDC__ +# include +#else +# include +#endif + Syntax error +_ACEOF +if ac_fn_c_try_cpp "$LINENO"; then : + +else + # Broken: fails on valid input. +continue +fi +rm -f conftest.err conftest.i conftest.$ac_ext + + # OK, works on sane cases. Now check whether nonexistent headers + # can be detected and how. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +_ACEOF +if ac_fn_c_try_cpp "$LINENO"; then : + # Broken: success on invalid input. +continue +else + # Passes both tests. +ac_preproc_ok=: +break +fi +rm -f conftest.err conftest.i conftest.$ac_ext + +done +# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. +rm -f conftest.i conftest.err conftest.$ac_ext +if $ac_preproc_ok; then : + break +fi + + done + ac_cv_prog_CPP=$CPP + +fi + CPP=$ac_cv_prog_CPP +else + ac_cv_prog_CPP=$CPP +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $CPP" >&5 +$as_echo "$CPP" >&6; } +ac_preproc_ok=false +for ac_c_preproc_warn_flag in '' yes +do + # Use a header file that comes with gcc, so configuring glibc + # with a fresh cross-compiler works. + # Prefer to if __STDC__ is defined, since + # exists even on freestanding compilers. + # On the NeXT, cc -E runs the code through the compiler's parser, + # not just through cpp. "Syntax error" is here to catch this case. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#ifdef __STDC__ +# include +#else +# include +#endif + Syntax error +_ACEOF +if ac_fn_c_try_cpp "$LINENO"; then : + +else + # Broken: fails on valid input. +continue +fi +rm -f conftest.err conftest.i conftest.$ac_ext + + # OK, works on sane cases. Now check whether nonexistent headers + # can be detected and how. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +_ACEOF +if ac_fn_c_try_cpp "$LINENO"; then : + # Broken: success on invalid input. +continue +else + # Passes both tests. +ac_preproc_ok=: +break +fi +rm -f conftest.err conftest.i conftest.$ac_ext + +done +# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. +rm -f conftest.i conftest.err conftest.$ac_ext +if $ac_preproc_ok; then : + +else + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "C preprocessor \"$CPP\" fails sanity check +See \`config.log' for more details" "$LINENO" 5; } +fi + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for grep that handles long lines and -e" >&5 +$as_echo_n "checking for grep that handles long lines and -e... " >&6; } +if ${ac_cv_path_GREP+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -z "$GREP"; then + ac_path_GREP_found=false + # Loop through the user's path and test for each of PROGNAME-LIST + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_prog in grep ggrep; do + for ac_exec_ext in '' $ac_executable_extensions; do + ac_path_GREP="$as_dir/$ac_prog$ac_exec_ext" + { test -f "$ac_path_GREP" && $as_test_x "$ac_path_GREP"; } || continue +# Check for GNU ac_path_GREP and select it if it is found. + # Check for GNU $ac_path_GREP +case `"$ac_path_GREP" --version 2>&1` in +*GNU*) + ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_found=:;; +*) + ac_count=0 + $as_echo_n 0123456789 >"conftest.in" + while : + do + cat "conftest.in" "conftest.in" >"conftest.tmp" + mv "conftest.tmp" "conftest.in" + cp "conftest.in" "conftest.nl" + $as_echo 'GREP' >> "conftest.nl" + "$ac_path_GREP" -e 'GREP$' -e '-(cannot match)-' < "conftest.nl" >"conftest.out" 2>/dev/null || break + diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break + as_fn_arith $ac_count + 1 && ac_count=$as_val + if test $ac_count -gt ${ac_path_GREP_max-0}; then + # Best one so far, save it but keep looking for a better one + ac_cv_path_GREP="$ac_path_GREP" + ac_path_GREP_max=$ac_count + fi + # 10*(2^10) chars as input seems more than enough + test $ac_count -gt 10 && break + done + rm -f conftest.in conftest.tmp conftest.nl conftest.out;; +esac + + $ac_path_GREP_found && break 3 + done + done + done +IFS=$as_save_IFS + if test -z "$ac_cv_path_GREP"; then + as_fn_error $? "no acceptable grep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 + fi +else + ac_cv_path_GREP=$GREP +fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_GREP" >&5 +$as_echo "$ac_cv_path_GREP" >&6; } + GREP="$ac_cv_path_GREP" + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for egrep" >&5 +$as_echo_n "checking for egrep... " >&6; } +if ${ac_cv_path_EGREP+:} false; then : + $as_echo_n "(cached) " >&6 +else + if echo a | $GREP -E '(a|b)' >/dev/null 2>&1 + then ac_cv_path_EGREP="$GREP -E" + else + if test -z "$EGREP"; then + ac_path_EGREP_found=false + # Loop through the user's path and test for each of PROGNAME-LIST + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_prog in egrep; do + for ac_exec_ext in '' $ac_executable_extensions; do + ac_path_EGREP="$as_dir/$ac_prog$ac_exec_ext" + { test -f "$ac_path_EGREP" && $as_test_x "$ac_path_EGREP"; } || continue +# Check for GNU ac_path_EGREP and select it if it is found. + # Check for GNU $ac_path_EGREP +case `"$ac_path_EGREP" --version 2>&1` in +*GNU*) + ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_found=:;; +*) + ac_count=0 + $as_echo_n 0123456789 >"conftest.in" + while : + do + cat "conftest.in" "conftest.in" >"conftest.tmp" + mv "conftest.tmp" "conftest.in" + cp "conftest.in" "conftest.nl" + $as_echo 'EGREP' >> "conftest.nl" + "$ac_path_EGREP" 'EGREP$' < "conftest.nl" >"conftest.out" 2>/dev/null || break + diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break + as_fn_arith $ac_count + 1 && ac_count=$as_val + if test $ac_count -gt ${ac_path_EGREP_max-0}; then + # Best one so far, save it but keep looking for a better one + ac_cv_path_EGREP="$ac_path_EGREP" + ac_path_EGREP_max=$ac_count + fi + # 10*(2^10) chars as input seems more than enough + test $ac_count -gt 10 && break + done + rm -f conftest.in conftest.tmp conftest.nl conftest.out;; +esac + + $ac_path_EGREP_found && break 3 + done + done + done +IFS=$as_save_IFS + if test -z "$ac_cv_path_EGREP"; then + as_fn_error $? "no acceptable egrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 + fi +else + ac_cv_path_EGREP=$EGREP +fi + + fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_EGREP" >&5 +$as_echo "$ac_cv_path_EGREP" >&6; } + EGREP="$ac_cv_path_EGREP" + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ANSI C header files" >&5 +$as_echo_n "checking for ANSI C header files... " >&6; } +if ${ac_cv_header_stdc+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +#include +#include +#include + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_header_stdc=yes +else + ac_cv_header_stdc=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +if test $ac_cv_header_stdc = yes; then + # SunOS 4.x string.h does not declare mem*, contrary to ANSI. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "memchr" >/dev/null 2>&1; then : + +else + ac_cv_header_stdc=no +fi +rm -f conftest* + +fi + +if test $ac_cv_header_stdc = yes; then + # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "free" >/dev/null 2>&1; then : + +else + ac_cv_header_stdc=no +fi +rm -f conftest* + +fi + +if test $ac_cv_header_stdc = yes; then + # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi. + if test "$cross_compiling" = yes; then : + : +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +#include +#if ((' ' & 0x0FF) == 0x020) +# define ISLOWER(c) ('a' <= (c) && (c) <= 'z') +# define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c)) +#else +# define ISLOWER(c) \ + (('a' <= (c) && (c) <= 'i') \ + || ('j' <= (c) && (c) <= 'r') \ + || ('s' <= (c) && (c) <= 'z')) +# define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c)) +#endif + +#define XOR(e, f) (((e) && !(f)) || (!(e) && (f))) +int +main () +{ + int i; + for (i = 0; i < 256; i++) + if (XOR (islower (i), ISLOWER (i)) + || toupper (i) != TOUPPER (i)) + return 2; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + +else + ac_cv_header_stdc=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_stdc" >&5 +$as_echo "$ac_cv_header_stdc" >&6; } +if test $ac_cv_header_stdc = yes; then + +$as_echo "#define STDC_HEADERS 1" >>confdefs.h + +fi + +case `pwd` in + *\ * | *\ *) + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Libtool does not cope well with whitespace in \`pwd\`" >&5 +$as_echo "$as_me: WARNING: Libtool does not cope well with whitespace in \`pwd\`" >&2;} ;; +esac + + + +macro_version='2.4.2' +macro_revision='1.3337' + + + + + + + + + + + + + +ltmain="$ac_aux_dir/ltmain.sh" + +# Make sure we can run config.sub. +$SHELL "$ac_aux_dir/config.sub" sun4 >/dev/null 2>&1 || + as_fn_error $? "cannot run $SHELL $ac_aux_dir/config.sub" "$LINENO" 5 + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking build system type" >&5 +$as_echo_n "checking build system type... " >&6; } +if ${ac_cv_build+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_build_alias=$build_alias +test "x$ac_build_alias" = x && + ac_build_alias=`$SHELL "$ac_aux_dir/config.guess"` +test "x$ac_build_alias" = x && + as_fn_error $? "cannot guess build type; you must specify one" "$LINENO" 5 +ac_cv_build=`$SHELL "$ac_aux_dir/config.sub" $ac_build_alias` || + as_fn_error $? "$SHELL $ac_aux_dir/config.sub $ac_build_alias failed" "$LINENO" 5 + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_build" >&5 +$as_echo "$ac_cv_build" >&6; } +case $ac_cv_build in +*-*-*) ;; +*) as_fn_error $? "invalid value of canonical build" "$LINENO" 5;; +esac +build=$ac_cv_build +ac_save_IFS=$IFS; IFS='-' +set x $ac_cv_build +shift +build_cpu=$1 +build_vendor=$2 +shift; shift +# Remember, the first character of IFS is used to create $*, +# except with old shells: +build_os=$* +IFS=$ac_save_IFS +case $build_os in *\ *) build_os=`echo "$build_os" | sed 's/ /-/g'`;; esac + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking host system type" >&5 +$as_echo_n "checking host system type... " >&6; } +if ${ac_cv_host+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test "x$host_alias" = x; then + ac_cv_host=$ac_cv_build +else + ac_cv_host=`$SHELL "$ac_aux_dir/config.sub" $host_alias` || + as_fn_error $? "$SHELL $ac_aux_dir/config.sub $host_alias failed" "$LINENO" 5 +fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_host" >&5 +$as_echo "$ac_cv_host" >&6; } +case $ac_cv_host in +*-*-*) ;; +*) as_fn_error $? "invalid value of canonical host" "$LINENO" 5;; +esac +host=$ac_cv_host +ac_save_IFS=$IFS; IFS='-' +set x $ac_cv_host +shift +host_cpu=$1 +host_vendor=$2 +shift; shift +# Remember, the first character of IFS is used to create $*, +# except with old shells: +host_os=$* +IFS=$ac_save_IFS +case $host_os in *\ *) host_os=`echo "$host_os" | sed 's/ /-/g'`;; esac + + +# Backslashify metacharacters that are still active within +# double-quoted strings. +sed_quote_subst='s/\(["`$\\]\)/\\\1/g' + +# Same as above, but do not quote variable references. +double_quote_subst='s/\(["`\\]\)/\\\1/g' + +# Sed substitution to delay expansion of an escaped shell variable in a +# double_quote_subst'ed string. +delay_variable_subst='s/\\\\\\\\\\\$/\\\\\\$/g' + +# Sed substitution to delay expansion of an escaped single quote. +delay_single_quote_subst='s/'\''/'\'\\\\\\\'\''/g' + +# Sed substitution to avoid accidental globbing in evaled expressions +no_glob_subst='s/\*/\\\*/g' + +ECHO='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' +ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO +ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO$ECHO + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to print strings" >&5 +$as_echo_n "checking how to print strings... " >&6; } +# Test print first, because it will be a builtin if present. +if test "X`( print -r -- -n ) 2>/dev/null`" = X-n && \ + test "X`print -r -- $ECHO 2>/dev/null`" = "X$ECHO"; then + ECHO='print -r --' +elif test "X`printf %s $ECHO 2>/dev/null`" = "X$ECHO"; then + ECHO='printf %s\n' +else + # Use this function as a fallback that always works. + func_fallback_echo () + { + eval 'cat <<_LTECHO_EOF +$1 +_LTECHO_EOF' + } + ECHO='func_fallback_echo' +fi + +# func_echo_all arg... +# Invoke $ECHO with all args, space-separated. +func_echo_all () +{ + $ECHO "" +} + +case "$ECHO" in + printf*) { $as_echo "$as_me:${as_lineno-$LINENO}: result: printf" >&5 +$as_echo "printf" >&6; } ;; + print*) { $as_echo "$as_me:${as_lineno-$LINENO}: result: print -r" >&5 +$as_echo "print -r" >&6; } ;; + *) { $as_echo "$as_me:${as_lineno-$LINENO}: result: cat" >&5 +$as_echo "cat" >&6; } ;; +esac + + + + + + + + + + + + + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a sed that does not truncate output" >&5 +$as_echo_n "checking for a sed that does not truncate output... " >&6; } +if ${ac_cv_path_SED+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_script=s/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb/ + for ac_i in 1 2 3 4 5 6 7; do + ac_script="$ac_script$as_nl$ac_script" + done + echo "$ac_script" 2>/dev/null | sed 99q >conftest.sed + { ac_script=; unset ac_script;} + if test -z "$SED"; then + ac_path_SED_found=false + # Loop through the user's path and test for each of PROGNAME-LIST + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_prog in sed gsed; do + for ac_exec_ext in '' $ac_executable_extensions; do + ac_path_SED="$as_dir/$ac_prog$ac_exec_ext" + { test -f "$ac_path_SED" && $as_test_x "$ac_path_SED"; } || continue +# Check for GNU ac_path_SED and select it if it is found. + # Check for GNU $ac_path_SED +case `"$ac_path_SED" --version 2>&1` in +*GNU*) + ac_cv_path_SED="$ac_path_SED" ac_path_SED_found=:;; +*) + ac_count=0 + $as_echo_n 0123456789 >"conftest.in" + while : + do + cat "conftest.in" "conftest.in" >"conftest.tmp" + mv "conftest.tmp" "conftest.in" + cp "conftest.in" "conftest.nl" + $as_echo '' >> "conftest.nl" + "$ac_path_SED" -f conftest.sed < "conftest.nl" >"conftest.out" 2>/dev/null || break + diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break + as_fn_arith $ac_count + 1 && ac_count=$as_val + if test $ac_count -gt ${ac_path_SED_max-0}; then + # Best one so far, save it but keep looking for a better one + ac_cv_path_SED="$ac_path_SED" + ac_path_SED_max=$ac_count + fi + # 10*(2^10) chars as input seems more than enough + test $ac_count -gt 10 && break + done + rm -f conftest.in conftest.tmp conftest.nl conftest.out;; +esac + + $ac_path_SED_found && break 3 + done + done + done +IFS=$as_save_IFS + if test -z "$ac_cv_path_SED"; then + as_fn_error $? "no acceptable sed could be found in \$PATH" "$LINENO" 5 + fi +else + ac_cv_path_SED=$SED +fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_SED" >&5 +$as_echo "$ac_cv_path_SED" >&6; } + SED="$ac_cv_path_SED" + rm -f conftest.sed + +test -z "$SED" && SED=sed +Xsed="$SED -e 1s/^X//" + + + + + + + + + + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for fgrep" >&5 +$as_echo_n "checking for fgrep... " >&6; } +if ${ac_cv_path_FGREP+:} false; then : + $as_echo_n "(cached) " >&6 +else + if echo 'ab*c' | $GREP -F 'ab*c' >/dev/null 2>&1 + then ac_cv_path_FGREP="$GREP -F" + else + if test -z "$FGREP"; then + ac_path_FGREP_found=false + # Loop through the user's path and test for each of PROGNAME-LIST + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_prog in fgrep; do + for ac_exec_ext in '' $ac_executable_extensions; do + ac_path_FGREP="$as_dir/$ac_prog$ac_exec_ext" + { test -f "$ac_path_FGREP" && $as_test_x "$ac_path_FGREP"; } || continue +# Check for GNU ac_path_FGREP and select it if it is found. + # Check for GNU $ac_path_FGREP +case `"$ac_path_FGREP" --version 2>&1` in +*GNU*) + ac_cv_path_FGREP="$ac_path_FGREP" ac_path_FGREP_found=:;; +*) + ac_count=0 + $as_echo_n 0123456789 >"conftest.in" + while : + do + cat "conftest.in" "conftest.in" >"conftest.tmp" + mv "conftest.tmp" "conftest.in" + cp "conftest.in" "conftest.nl" + $as_echo 'FGREP' >> "conftest.nl" + "$ac_path_FGREP" FGREP < "conftest.nl" >"conftest.out" 2>/dev/null || break + diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break + as_fn_arith $ac_count + 1 && ac_count=$as_val + if test $ac_count -gt ${ac_path_FGREP_max-0}; then + # Best one so far, save it but keep looking for a better one + ac_cv_path_FGREP="$ac_path_FGREP" + ac_path_FGREP_max=$ac_count + fi + # 10*(2^10) chars as input seems more than enough + test $ac_count -gt 10 && break + done + rm -f conftest.in conftest.tmp conftest.nl conftest.out;; +esac + + $ac_path_FGREP_found && break 3 + done + done + done +IFS=$as_save_IFS + if test -z "$ac_cv_path_FGREP"; then + as_fn_error $? "no acceptable fgrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 + fi +else + ac_cv_path_FGREP=$FGREP +fi + + fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_FGREP" >&5 +$as_echo "$ac_cv_path_FGREP" >&6; } + FGREP="$ac_cv_path_FGREP" + + +test -z "$GREP" && GREP=grep + + + + + + + + + + + + + + + + + + + +# Check whether --with-gnu-ld was given. +if test "${with_gnu_ld+set}" = set; then : + withval=$with_gnu_ld; test "$withval" = no || with_gnu_ld=yes +else + with_gnu_ld=no +fi + +ac_prog=ld +if test "$GCC" = yes; then + # Check if gcc -print-prog-name=ld gives a path. + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ld used by $CC" >&5 +$as_echo_n "checking for ld used by $CC... " >&6; } + case $host in + *-*-mingw*) + # gcc leaves a trailing carriage return which upsets mingw + ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;; + *) + ac_prog=`($CC -print-prog-name=ld) 2>&5` ;; + esac + case $ac_prog in + # Accept absolute paths. + [\\/]* | ?:[\\/]*) + re_direlt='/[^/][^/]*/\.\./' + # Canonicalize the pathname of ld + ac_prog=`$ECHO "$ac_prog"| $SED 's%\\\\%/%g'` + while $ECHO "$ac_prog" | $GREP "$re_direlt" > /dev/null 2>&1; do + ac_prog=`$ECHO $ac_prog| $SED "s%$re_direlt%/%"` + done + test -z "$LD" && LD="$ac_prog" + ;; + "") + # If it fails, then pretend we aren't using GCC. + ac_prog=ld + ;; + *) + # If it is relative, then search for the first ld in PATH. + with_gnu_ld=unknown + ;; + esac +elif test "$with_gnu_ld" = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for GNU ld" >&5 +$as_echo_n "checking for GNU ld... " >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for non-GNU ld" >&5 +$as_echo_n "checking for non-GNU ld... " >&6; } +fi +if ${lt_cv_path_LD+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -z "$LD"; then + lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR + for ac_dir in $PATH; do + IFS="$lt_save_ifs" + test -z "$ac_dir" && ac_dir=. + if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then + lt_cv_path_LD="$ac_dir/$ac_prog" + # Check to see if the program is GNU ld. I'd rather use --version, + # but apparently some variants of GNU ld only accept -v. + # Break only if it was the GNU/non-GNU ld that we prefer. + case `"$lt_cv_path_LD" -v 2>&1 &5 +$as_echo "$LD" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi +test -z "$LD" && as_fn_error $? "no acceptable ld found in \$PATH" "$LINENO" 5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if the linker ($LD) is GNU ld" >&5 +$as_echo_n "checking if the linker ($LD) is GNU ld... " >&6; } +if ${lt_cv_prog_gnu_ld+:} false; then : + $as_echo_n "(cached) " >&6 +else + # I'd rather use --version here, but apparently some GNU lds only accept -v. +case `$LD -v 2>&1 &5 +$as_echo "$lt_cv_prog_gnu_ld" >&6; } +with_gnu_ld=$lt_cv_prog_gnu_ld + + + + + + + + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for BSD- or MS-compatible name lister (nm)" >&5 +$as_echo_n "checking for BSD- or MS-compatible name lister (nm)... " >&6; } +if ${lt_cv_path_NM+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$NM"; then + # Let the user override the test. + lt_cv_path_NM="$NM" +else + lt_nm_to_check="${ac_tool_prefix}nm" + if test -n "$ac_tool_prefix" && test "$build" = "$host"; then + lt_nm_to_check="$lt_nm_to_check nm" + fi + for lt_tmp_nm in $lt_nm_to_check; do + lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR + for ac_dir in $PATH /usr/ccs/bin/elf /usr/ccs/bin /usr/ucb /bin; do + IFS="$lt_save_ifs" + test -z "$ac_dir" && ac_dir=. + tmp_nm="$ac_dir/$lt_tmp_nm" + if test -f "$tmp_nm" || test -f "$tmp_nm$ac_exeext" ; then + # Check to see if the nm accepts a BSD-compat flag. + # Adding the `sed 1q' prevents false positives on HP-UX, which says: + # nm: unknown option "B" ignored + # Tru64's nm complains that /dev/null is an invalid object file + case `"$tmp_nm" -B /dev/null 2>&1 | sed '1q'` in + */dev/null* | *'Invalid file or object type'*) + lt_cv_path_NM="$tmp_nm -B" + break + ;; + *) + case `"$tmp_nm" -p /dev/null 2>&1 | sed '1q'` in + */dev/null*) + lt_cv_path_NM="$tmp_nm -p" + break + ;; + *) + lt_cv_path_NM=${lt_cv_path_NM="$tmp_nm"} # keep the first match, but + continue # so that we can try to find one that supports BSD flags + ;; + esac + ;; + esac + fi + done + IFS="$lt_save_ifs" + done + : ${lt_cv_path_NM=no} +fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_path_NM" >&5 +$as_echo "$lt_cv_path_NM" >&6; } +if test "$lt_cv_path_NM" != "no"; then + NM="$lt_cv_path_NM" +else + # Didn't find any BSD compatible name lister, look for dumpbin. + if test -n "$DUMPBIN"; then : + # Let the user override the test. + else + if test -n "$ac_tool_prefix"; then + for ac_prog in dumpbin "link -dump" + do + # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. +set dummy $ac_tool_prefix$ac_prog; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_DUMPBIN+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$DUMPBIN"; then + ac_cv_prog_DUMPBIN="$DUMPBIN" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_DUMPBIN="$ac_tool_prefix$ac_prog" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +DUMPBIN=$ac_cv_prog_DUMPBIN +if test -n "$DUMPBIN"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $DUMPBIN" >&5 +$as_echo "$DUMPBIN" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + test -n "$DUMPBIN" && break + done +fi +if test -z "$DUMPBIN"; then + ac_ct_DUMPBIN=$DUMPBIN + for ac_prog in dumpbin "link -dump" +do + # Extract the first word of "$ac_prog", so it can be a program name with args. +set dummy $ac_prog; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_DUMPBIN+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_DUMPBIN"; then + ac_cv_prog_ac_ct_DUMPBIN="$ac_ct_DUMPBIN" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_ac_ct_DUMPBIN="$ac_prog" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_DUMPBIN=$ac_cv_prog_ac_ct_DUMPBIN +if test -n "$ac_ct_DUMPBIN"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_DUMPBIN" >&5 +$as_echo "$ac_ct_DUMPBIN" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + test -n "$ac_ct_DUMPBIN" && break +done + + if test "x$ac_ct_DUMPBIN" = x; then + DUMPBIN=":" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + DUMPBIN=$ac_ct_DUMPBIN + fi +fi + + case `$DUMPBIN -symbols /dev/null 2>&1 | sed '1q'` in + *COFF*) + DUMPBIN="$DUMPBIN -symbols" + ;; + *) + DUMPBIN=: + ;; + esac + fi + + if test "$DUMPBIN" != ":"; then + NM="$DUMPBIN" + fi +fi +test -z "$NM" && NM=nm + + + + + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking the name lister ($NM) interface" >&5 +$as_echo_n "checking the name lister ($NM) interface... " >&6; } +if ${lt_cv_nm_interface+:} false; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_nm_interface="BSD nm" + echo "int some_variable = 0;" > conftest.$ac_ext + (eval echo "\"\$as_me:$LINENO: $ac_compile\"" >&5) + (eval "$ac_compile" 2>conftest.err) + cat conftest.err >&5 + (eval echo "\"\$as_me:$LINENO: $NM \\\"conftest.$ac_objext\\\"\"" >&5) + (eval "$NM \"conftest.$ac_objext\"" 2>conftest.err > conftest.out) + cat conftest.err >&5 + (eval echo "\"\$as_me:$LINENO: output\"" >&5) + cat conftest.out >&5 + if $GREP 'External.*some_variable' conftest.out > /dev/null; then + lt_cv_nm_interface="MS dumpbin" + fi + rm -f conftest* +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_nm_interface" >&5 +$as_echo "$lt_cv_nm_interface" >&6; } + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ln -s works" >&5 +$as_echo_n "checking whether ln -s works... " >&6; } +LN_S=$as_ln_s +if test "$LN_S" = "ln -s"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no, using $LN_S" >&5 +$as_echo "no, using $LN_S" >&6; } +fi + +# find the maximum length of command line arguments +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking the maximum length of command line arguments" >&5 +$as_echo_n "checking the maximum length of command line arguments... " >&6; } +if ${lt_cv_sys_max_cmd_len+:} false; then : + $as_echo_n "(cached) " >&6 +else + i=0 + teststring="ABCD" + + case $build_os in + msdosdjgpp*) + # On DJGPP, this test can blow up pretty badly due to problems in libc + # (any single argument exceeding 2000 bytes causes a buffer overrun + # during glob expansion). Even if it were fixed, the result of this + # check would be larger than it should be. + lt_cv_sys_max_cmd_len=12288; # 12K is about right + ;; + + gnu*) + # Under GNU Hurd, this test is not required because there is + # no limit to the length of command line arguments. + # Libtool will interpret -1 as no limit whatsoever + lt_cv_sys_max_cmd_len=-1; + ;; + + cygwin* | mingw* | cegcc*) + # On Win9x/ME, this test blows up -- it succeeds, but takes + # about 5 minutes as the teststring grows exponentially. + # Worse, since 9x/ME are not pre-emptively multitasking, + # you end up with a "frozen" computer, even though with patience + # the test eventually succeeds (with a max line length of 256k). + # Instead, let's just punt: use the minimum linelength reported by + # all of the supported platforms: 8192 (on NT/2K/XP). + lt_cv_sys_max_cmd_len=8192; + ;; + + mint*) + # On MiNT this can take a long time and run out of memory. + lt_cv_sys_max_cmd_len=8192; + ;; + + amigaos*) + # On AmigaOS with pdksh, this test takes hours, literally. + # So we just punt and use a minimum line length of 8192. + lt_cv_sys_max_cmd_len=8192; + ;; + + netbsd* | freebsd* | openbsd* | darwin* | dragonfly*) + # This has been around since 386BSD, at least. Likely further. + if test -x /sbin/sysctl; then + lt_cv_sys_max_cmd_len=`/sbin/sysctl -n kern.argmax` + elif test -x /usr/sbin/sysctl; then + lt_cv_sys_max_cmd_len=`/usr/sbin/sysctl -n kern.argmax` + else + lt_cv_sys_max_cmd_len=65536 # usable default for all BSDs + fi + # And add a safety zone + lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4` + lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3` + ;; + + interix*) + # We know the value 262144 and hardcode it with a safety zone (like BSD) + lt_cv_sys_max_cmd_len=196608 + ;; + + os2*) + # The test takes a long time on OS/2. + lt_cv_sys_max_cmd_len=8192 + ;; + + osf*) + # Dr. Hans Ekkehard Plesser reports seeing a kernel panic running configure + # due to this test when exec_disable_arg_limit is 1 on Tru64. It is not + # nice to cause kernel panics so lets avoid the loop below. + # First set a reasonable default. + lt_cv_sys_max_cmd_len=16384 + # + if test -x /sbin/sysconfig; then + case `/sbin/sysconfig -q proc exec_disable_arg_limit` in + *1*) lt_cv_sys_max_cmd_len=-1 ;; + esac + fi + ;; + sco3.2v5*) + lt_cv_sys_max_cmd_len=102400 + ;; + sysv5* | sco5v6* | sysv4.2uw2*) + kargmax=`grep ARG_MAX /etc/conf/cf.d/stune 2>/dev/null` + if test -n "$kargmax"; then + lt_cv_sys_max_cmd_len=`echo $kargmax | sed 's/.*[ ]//'` + else + lt_cv_sys_max_cmd_len=32768 + fi + ;; + *) + lt_cv_sys_max_cmd_len=`(getconf ARG_MAX) 2> /dev/null` + if test -n "$lt_cv_sys_max_cmd_len"; then + lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4` + lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3` + else + # Make teststring a little bigger before we do anything with it. + # a 1K string should be a reasonable start. + for i in 1 2 3 4 5 6 7 8 ; do + teststring=$teststring$teststring + done + SHELL=${SHELL-${CONFIG_SHELL-/bin/sh}} + # If test is not a shell built-in, we'll probably end up computing a + # maximum length that is only half of the actual maximum length, but + # we can't tell. + while { test "X"`env echo "$teststring$teststring" 2>/dev/null` \ + = "X$teststring$teststring"; } >/dev/null 2>&1 && + test $i != 17 # 1/2 MB should be enough + do + i=`expr $i + 1` + teststring=$teststring$teststring + done + # Only check the string length outside the loop. + lt_cv_sys_max_cmd_len=`expr "X$teststring" : ".*" 2>&1` + teststring= + # Add a significant safety factor because C++ compilers can tack on + # massive amounts of additional arguments before passing them to the + # linker. It appears as though 1/2 is a usable value. + lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 2` + fi + ;; + esac + +fi + +if test -n $lt_cv_sys_max_cmd_len ; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_sys_max_cmd_len" >&5 +$as_echo "$lt_cv_sys_max_cmd_len" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: none" >&5 +$as_echo "none" >&6; } +fi +max_cmd_len=$lt_cv_sys_max_cmd_len + + + + + + +: ${CP="cp -f"} +: ${MV="mv -f"} +: ${RM="rm -f"} + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the shell understands some XSI constructs" >&5 +$as_echo_n "checking whether the shell understands some XSI constructs... " >&6; } +# Try some XSI features +xsi_shell=no +( _lt_dummy="a/b/c" + test "${_lt_dummy##*/},${_lt_dummy%/*},${_lt_dummy#??}"${_lt_dummy%"$_lt_dummy"}, \ + = c,a/b,b/c, \ + && eval 'test $(( 1 + 1 )) -eq 2 \ + && test "${#_lt_dummy}" -eq 5' ) >/dev/null 2>&1 \ + && xsi_shell=yes +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $xsi_shell" >&5 +$as_echo "$xsi_shell" >&6; } + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the shell understands \"+=\"" >&5 +$as_echo_n "checking whether the shell understands \"+=\"... " >&6; } +lt_shell_append=no +( foo=bar; set foo baz; eval "$1+=\$2" && test "$foo" = barbaz ) \ + >/dev/null 2>&1 \ + && lt_shell_append=yes +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_shell_append" >&5 +$as_echo "$lt_shell_append" >&6; } + + +if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then + lt_unset=unset +else + lt_unset=false +fi + + + + + +# test EBCDIC or ASCII +case `echo X|tr X '\101'` in + A) # ASCII based system + # \n is not interpreted correctly by Solaris 8 /usr/ucb/tr + lt_SP2NL='tr \040 \012' + lt_NL2SP='tr \015\012 \040\040' + ;; + *) # EBCDIC based system + lt_SP2NL='tr \100 \n' + lt_NL2SP='tr \r\n \100\100' + ;; +esac + + + + + + + + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to convert $build file names to $host format" >&5 +$as_echo_n "checking how to convert $build file names to $host format... " >&6; } +if ${lt_cv_to_host_file_cmd+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $host in + *-*-mingw* ) + case $build in + *-*-mingw* ) # actually msys + lt_cv_to_host_file_cmd=func_convert_file_msys_to_w32 + ;; + *-*-cygwin* ) + lt_cv_to_host_file_cmd=func_convert_file_cygwin_to_w32 + ;; + * ) # otherwise, assume *nix + lt_cv_to_host_file_cmd=func_convert_file_nix_to_w32 + ;; + esac + ;; + *-*-cygwin* ) + case $build in + *-*-mingw* ) # actually msys + lt_cv_to_host_file_cmd=func_convert_file_msys_to_cygwin + ;; + *-*-cygwin* ) + lt_cv_to_host_file_cmd=func_convert_file_noop + ;; + * ) # otherwise, assume *nix + lt_cv_to_host_file_cmd=func_convert_file_nix_to_cygwin + ;; + esac + ;; + * ) # unhandled hosts (and "normal" native builds) + lt_cv_to_host_file_cmd=func_convert_file_noop + ;; +esac + +fi + +to_host_file_cmd=$lt_cv_to_host_file_cmd +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_to_host_file_cmd" >&5 +$as_echo "$lt_cv_to_host_file_cmd" >&6; } + + + + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to convert $build file names to toolchain format" >&5 +$as_echo_n "checking how to convert $build file names to toolchain format... " >&6; } +if ${lt_cv_to_tool_file_cmd+:} false; then : + $as_echo_n "(cached) " >&6 +else + #assume ordinary cross tools, or native build. +lt_cv_to_tool_file_cmd=func_convert_file_noop +case $host in + *-*-mingw* ) + case $build in + *-*-mingw* ) # actually msys + lt_cv_to_tool_file_cmd=func_convert_file_msys_to_w32 + ;; + esac + ;; +esac + +fi + +to_tool_file_cmd=$lt_cv_to_tool_file_cmd +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_to_tool_file_cmd" >&5 +$as_echo "$lt_cv_to_tool_file_cmd" >&6; } + + + + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $LD option to reload object files" >&5 +$as_echo_n "checking for $LD option to reload object files... " >&6; } +if ${lt_cv_ld_reload_flag+:} false; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_ld_reload_flag='-r' +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_reload_flag" >&5 +$as_echo "$lt_cv_ld_reload_flag" >&6; } +reload_flag=$lt_cv_ld_reload_flag +case $reload_flag in +"" | " "*) ;; +*) reload_flag=" $reload_flag" ;; +esac +reload_cmds='$LD$reload_flag -o $output$reload_objs' +case $host_os in + cygwin* | mingw* | pw32* | cegcc*) + if test "$GCC" != yes; then + reload_cmds=false + fi + ;; + darwin*) + if test "$GCC" = yes; then + reload_cmds='$LTCC $LTCFLAGS -nostdlib ${wl}-r -o $output$reload_objs' + else + reload_cmds='$LD$reload_flag -o $output$reload_objs' + fi + ;; +esac + + + + + + + + + +if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}objdump", so it can be a program name with args. +set dummy ${ac_tool_prefix}objdump; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_OBJDUMP+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$OBJDUMP"; then + ac_cv_prog_OBJDUMP="$OBJDUMP" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_OBJDUMP="${ac_tool_prefix}objdump" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +OBJDUMP=$ac_cv_prog_OBJDUMP +if test -n "$OBJDUMP"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $OBJDUMP" >&5 +$as_echo "$OBJDUMP" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_OBJDUMP"; then + ac_ct_OBJDUMP=$OBJDUMP + # Extract the first word of "objdump", so it can be a program name with args. +set dummy objdump; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_OBJDUMP+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_OBJDUMP"; then + ac_cv_prog_ac_ct_OBJDUMP="$ac_ct_OBJDUMP" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_ac_ct_OBJDUMP="objdump" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_OBJDUMP=$ac_cv_prog_ac_ct_OBJDUMP +if test -n "$ac_ct_OBJDUMP"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OBJDUMP" >&5 +$as_echo "$ac_ct_OBJDUMP" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_ct_OBJDUMP" = x; then + OBJDUMP="false" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + OBJDUMP=$ac_ct_OBJDUMP + fi +else + OBJDUMP="$ac_cv_prog_OBJDUMP" +fi + +test -z "$OBJDUMP" && OBJDUMP=objdump + + + + + + + + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to recognize dependent libraries" >&5 +$as_echo_n "checking how to recognize dependent libraries... " >&6; } +if ${lt_cv_deplibs_check_method+:} false; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_file_magic_cmd='$MAGIC_CMD' +lt_cv_file_magic_test_file= +lt_cv_deplibs_check_method='unknown' +# Need to set the preceding variable on all platforms that support +# interlibrary dependencies. +# 'none' -- dependencies not supported. +# `unknown' -- same as none, but documents that we really don't know. +# 'pass_all' -- all dependencies passed with no checks. +# 'test_compile' -- check by making test program. +# 'file_magic [[regex]]' -- check by looking for files in library path +# which responds to the $file_magic_cmd with a given extended regex. +# If you have `file' or equivalent on your system and you're not sure +# whether `pass_all' will *always* work, you probably want this one. + +case $host_os in +aix[4-9]*) + lt_cv_deplibs_check_method=pass_all + ;; + +beos*) + lt_cv_deplibs_check_method=pass_all + ;; + +bsdi[45]*) + lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (shared object|dynamic lib)' + lt_cv_file_magic_cmd='/usr/bin/file -L' + lt_cv_file_magic_test_file=/shlib/libc.so + ;; + +cygwin*) + # func_win32_libid is a shell function defined in ltmain.sh + lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL' + lt_cv_file_magic_cmd='func_win32_libid' + ;; + +mingw* | pw32*) + # Base MSYS/MinGW do not provide the 'file' command needed by + # func_win32_libid shell function, so use a weaker test based on 'objdump', + # unless we find 'file', for example because we are cross-compiling. + # func_win32_libid assumes BSD nm, so disallow it if using MS dumpbin. + if ( test "$lt_cv_nm_interface" = "BSD nm" && file / ) >/dev/null 2>&1; then + lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL' + lt_cv_file_magic_cmd='func_win32_libid' + else + # Keep this pattern in sync with the one in func_win32_libid. + lt_cv_deplibs_check_method='file_magic file format (pei*-i386(.*architecture: i386)?|pe-arm-wince|pe-x86-64)' + lt_cv_file_magic_cmd='$OBJDUMP -f' + fi + ;; + +cegcc*) + # use the weaker test based on 'objdump'. See mingw*. + lt_cv_deplibs_check_method='file_magic file format pe-arm-.*little(.*architecture: arm)?' + lt_cv_file_magic_cmd='$OBJDUMP -f' + ;; + +darwin* | rhapsody*) + lt_cv_deplibs_check_method=pass_all + ;; + +freebsd* | dragonfly*) + if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then + case $host_cpu in + i*86 ) + # Not sure whether the presence of OpenBSD here was a mistake. + # Let's accept both of them until this is cleared up. + lt_cv_deplibs_check_method='file_magic (FreeBSD|OpenBSD|DragonFly)/i[3-9]86 (compact )?demand paged shared library' + lt_cv_file_magic_cmd=/usr/bin/file + lt_cv_file_magic_test_file=`echo /usr/lib/libc.so.*` + ;; + esac + else + lt_cv_deplibs_check_method=pass_all + fi + ;; + +gnu*) + lt_cv_deplibs_check_method=pass_all + ;; + +haiku*) + lt_cv_deplibs_check_method=pass_all + ;; + +hpux10.20* | hpux11*) + lt_cv_file_magic_cmd=/usr/bin/file + case $host_cpu in + ia64*) + lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF-[0-9][0-9]) shared object file - IA64' + lt_cv_file_magic_test_file=/usr/lib/hpux32/libc.so + ;; + hppa*64*) + lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF[ -][0-9][0-9])(-bit)?( [LM]SB)? shared object( file)?[, -]* PA-RISC [0-9]\.[0-9]' + lt_cv_file_magic_test_file=/usr/lib/pa20_64/libc.sl + ;; + *) + lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|PA-RISC[0-9]\.[0-9]) shared library' + lt_cv_file_magic_test_file=/usr/lib/libc.sl + ;; + esac + ;; + +interix[3-9]*) + # PIC code is broken on Interix 3.x, that's why |\.a not |_pic\.a here + lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so|\.a)$' + ;; + +irix5* | irix6* | nonstopux*) + case $LD in + *-32|*"-32 ") libmagic=32-bit;; + *-n32|*"-n32 ") libmagic=N32;; + *-64|*"-64 ") libmagic=64-bit;; + *) libmagic=never-match;; + esac + lt_cv_deplibs_check_method=pass_all + ;; + +# This must be glibc/ELF. +linux* | k*bsd*-gnu | kopensolaris*-gnu) + lt_cv_deplibs_check_method=pass_all + ;; + +netbsd*) + if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then + lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|_pic\.a)$' + else + lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so|_pic\.a)$' + fi + ;; + +newos6*) + lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (executable|dynamic lib)' + lt_cv_file_magic_cmd=/usr/bin/file + lt_cv_file_magic_test_file=/usr/lib/libnls.so + ;; + +*nto* | *qnx*) + lt_cv_deplibs_check_method=pass_all + ;; + +openbsd*) + if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then + lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|\.so|_pic\.a)$' + else + lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|_pic\.a)$' + fi + ;; + +osf3* | osf4* | osf5*) + lt_cv_deplibs_check_method=pass_all + ;; + +rdos*) + lt_cv_deplibs_check_method=pass_all + ;; + +solaris*) + lt_cv_deplibs_check_method=pass_all + ;; + +sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*) + lt_cv_deplibs_check_method=pass_all + ;; + +sysv4 | sysv4.3*) + case $host_vendor in + motorola) + lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (shared object|dynamic lib) M[0-9][0-9]* Version [0-9]' + lt_cv_file_magic_test_file=`echo /usr/lib/libc.so*` + ;; + ncr) + lt_cv_deplibs_check_method=pass_all + ;; + sequent) + lt_cv_file_magic_cmd='/bin/file' + lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [LM]SB (shared object|dynamic lib )' + ;; + sni) + lt_cv_file_magic_cmd='/bin/file' + lt_cv_deplibs_check_method="file_magic ELF [0-9][0-9]*-bit [LM]SB dynamic lib" + lt_cv_file_magic_test_file=/lib/libc.so + ;; + siemens) + lt_cv_deplibs_check_method=pass_all + ;; + pc) + lt_cv_deplibs_check_method=pass_all + ;; + esac + ;; + +tpf*) + lt_cv_deplibs_check_method=pass_all + ;; +esac + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_deplibs_check_method" >&5 +$as_echo "$lt_cv_deplibs_check_method" >&6; } + +file_magic_glob= +want_nocaseglob=no +if test "$build" = "$host"; then + case $host_os in + mingw* | pw32*) + if ( shopt | grep nocaseglob ) >/dev/null 2>&1; then + want_nocaseglob=yes + else + file_magic_glob=`echo aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ | $SED -e "s/\(..\)/s\/[\1]\/[\1]\/g;/g"` + fi + ;; + esac +fi + +file_magic_cmd=$lt_cv_file_magic_cmd +deplibs_check_method=$lt_cv_deplibs_check_method +test -z "$deplibs_check_method" && deplibs_check_method=unknown + + + + + + + + + + + + + + + + + + + + + + +if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}dlltool", so it can be a program name with args. +set dummy ${ac_tool_prefix}dlltool; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_DLLTOOL+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$DLLTOOL"; then + ac_cv_prog_DLLTOOL="$DLLTOOL" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_DLLTOOL="${ac_tool_prefix}dlltool" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +DLLTOOL=$ac_cv_prog_DLLTOOL +if test -n "$DLLTOOL"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $DLLTOOL" >&5 +$as_echo "$DLLTOOL" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_DLLTOOL"; then + ac_ct_DLLTOOL=$DLLTOOL + # Extract the first word of "dlltool", so it can be a program name with args. +set dummy dlltool; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_DLLTOOL+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_DLLTOOL"; then + ac_cv_prog_ac_ct_DLLTOOL="$ac_ct_DLLTOOL" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_ac_ct_DLLTOOL="dlltool" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_DLLTOOL=$ac_cv_prog_ac_ct_DLLTOOL +if test -n "$ac_ct_DLLTOOL"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_DLLTOOL" >&5 +$as_echo "$ac_ct_DLLTOOL" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_ct_DLLTOOL" = x; then + DLLTOOL="false" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + DLLTOOL=$ac_ct_DLLTOOL + fi +else + DLLTOOL="$ac_cv_prog_DLLTOOL" +fi + +test -z "$DLLTOOL" && DLLTOOL=dlltool + + + + + + + + + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to associate runtime and link libraries" >&5 +$as_echo_n "checking how to associate runtime and link libraries... " >&6; } +if ${lt_cv_sharedlib_from_linklib_cmd+:} false; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_sharedlib_from_linklib_cmd='unknown' + +case $host_os in +cygwin* | mingw* | pw32* | cegcc*) + # two different shell functions defined in ltmain.sh + # decide which to use based on capabilities of $DLLTOOL + case `$DLLTOOL --help 2>&1` in + *--identify-strict*) + lt_cv_sharedlib_from_linklib_cmd=func_cygming_dll_for_implib + ;; + *) + lt_cv_sharedlib_from_linklib_cmd=func_cygming_dll_for_implib_fallback + ;; + esac + ;; +*) + # fallback: assume linklib IS sharedlib + lt_cv_sharedlib_from_linklib_cmd="$ECHO" + ;; +esac + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_sharedlib_from_linklib_cmd" >&5 +$as_echo "$lt_cv_sharedlib_from_linklib_cmd" >&6; } +sharedlib_from_linklib_cmd=$lt_cv_sharedlib_from_linklib_cmd +test -z "$sharedlib_from_linklib_cmd" && sharedlib_from_linklib_cmd=$ECHO + + + + + + + +if test -n "$ac_tool_prefix"; then + for ac_prog in ar + do + # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. +set dummy $ac_tool_prefix$ac_prog; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_AR+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$AR"; then + ac_cv_prog_AR="$AR" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_AR="$ac_tool_prefix$ac_prog" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +AR=$ac_cv_prog_AR +if test -n "$AR"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $AR" >&5 +$as_echo "$AR" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + test -n "$AR" && break + done +fi +if test -z "$AR"; then + ac_ct_AR=$AR + for ac_prog in ar +do + # Extract the first word of "$ac_prog", so it can be a program name with args. +set dummy $ac_prog; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_AR+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_AR"; then + ac_cv_prog_ac_ct_AR="$ac_ct_AR" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_ac_ct_AR="$ac_prog" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_AR=$ac_cv_prog_ac_ct_AR +if test -n "$ac_ct_AR"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_AR" >&5 +$as_echo "$ac_ct_AR" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + test -n "$ac_ct_AR" && break +done + + if test "x$ac_ct_AR" = x; then + AR="false" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + AR=$ac_ct_AR + fi +fi + +: ${AR=ar} +: ${AR_FLAGS=cru} + + + + + + + + + + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for archiver @FILE support" >&5 +$as_echo_n "checking for archiver @FILE support... " >&6; } +if ${lt_cv_ar_at_file+:} false; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_ar_at_file=no + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + echo conftest.$ac_objext > conftest.lst + lt_ar_try='$AR $AR_FLAGS libconftest.a @conftest.lst >&5' + { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$lt_ar_try\""; } >&5 + (eval $lt_ar_try) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + if test "$ac_status" -eq 0; then + # Ensure the archiver fails upon bogus file names. + rm -f conftest.$ac_objext libconftest.a + { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$lt_ar_try\""; } >&5 + (eval $lt_ar_try) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + if test "$ac_status" -ne 0; then + lt_cv_ar_at_file=@ + fi + fi + rm -f conftest.* libconftest.a + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ar_at_file" >&5 +$as_echo "$lt_cv_ar_at_file" >&6; } + +if test "x$lt_cv_ar_at_file" = xno; then + archiver_list_spec= +else + archiver_list_spec=$lt_cv_ar_at_file +fi + + + + + + + +if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args. +set dummy ${ac_tool_prefix}strip; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_STRIP+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$STRIP"; then + ac_cv_prog_STRIP="$STRIP" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_STRIP="${ac_tool_prefix}strip" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +STRIP=$ac_cv_prog_STRIP +if test -n "$STRIP"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $STRIP" >&5 +$as_echo "$STRIP" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_STRIP"; then + ac_ct_STRIP=$STRIP + # Extract the first word of "strip", so it can be a program name with args. +set dummy strip; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_STRIP+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_STRIP"; then + ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_ac_ct_STRIP="strip" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP +if test -n "$ac_ct_STRIP"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_STRIP" >&5 +$as_echo "$ac_ct_STRIP" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_ct_STRIP" = x; then + STRIP=":" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + STRIP=$ac_ct_STRIP + fi +else + STRIP="$ac_cv_prog_STRIP" +fi + +test -z "$STRIP" && STRIP=: + + + + + + +if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}ranlib", so it can be a program name with args. +set dummy ${ac_tool_prefix}ranlib; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_RANLIB+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$RANLIB"; then + ac_cv_prog_RANLIB="$RANLIB" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_RANLIB="${ac_tool_prefix}ranlib" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +RANLIB=$ac_cv_prog_RANLIB +if test -n "$RANLIB"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $RANLIB" >&5 +$as_echo "$RANLIB" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_RANLIB"; then + ac_ct_RANLIB=$RANLIB + # Extract the first word of "ranlib", so it can be a program name with args. +set dummy ranlib; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_RANLIB+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_RANLIB"; then + ac_cv_prog_ac_ct_RANLIB="$ac_ct_RANLIB" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_ac_ct_RANLIB="ranlib" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_RANLIB=$ac_cv_prog_ac_ct_RANLIB +if test -n "$ac_ct_RANLIB"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_RANLIB" >&5 +$as_echo "$ac_ct_RANLIB" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_ct_RANLIB" = x; then + RANLIB=":" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + RANLIB=$ac_ct_RANLIB + fi +else + RANLIB="$ac_cv_prog_RANLIB" +fi + +test -z "$RANLIB" && RANLIB=: + + + + + + +# Determine commands to create old-style static archives. +old_archive_cmds='$AR $AR_FLAGS $oldlib$oldobjs' +old_postinstall_cmds='chmod 644 $oldlib' +old_postuninstall_cmds= + +if test -n "$RANLIB"; then + case $host_os in + openbsd*) + old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB -t \$tool_oldlib" + ;; + *) + old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB \$tool_oldlib" + ;; + esac + old_archive_cmds="$old_archive_cmds~\$RANLIB \$tool_oldlib" +fi + +case $host_os in + darwin*) + lock_old_archive_extraction=yes ;; + *) + lock_old_archive_extraction=no ;; +esac + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +# If no C compiler was specified, use CC. +LTCC=${LTCC-"$CC"} + +# If no C compiler flags were specified, use CFLAGS. +LTCFLAGS=${LTCFLAGS-"$CFLAGS"} + +# Allow CC to be a program name with arguments. +compiler=$CC + + +# Check for command to grab the raw symbol name followed by C symbol from nm. +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking command to parse $NM output from $compiler object" >&5 +$as_echo_n "checking command to parse $NM output from $compiler object... " >&6; } +if ${lt_cv_sys_global_symbol_pipe+:} false; then : + $as_echo_n "(cached) " >&6 +else + +# These are sane defaults that work on at least a few old systems. +# [They come from Ultrix. What could be older than Ultrix?!! ;)] + +# Character class describing NM global symbol codes. +symcode='[BCDEGRST]' + +# Regexp to match symbols that can be accessed directly from C. +sympat='\([_A-Za-z][_A-Za-z0-9]*\)' + +# Define system-specific variables. +case $host_os in +aix*) + symcode='[BCDT]' + ;; +cygwin* | mingw* | pw32* | cegcc*) + symcode='[ABCDGISTW]' + ;; +hpux*) + if test "$host_cpu" = ia64; then + symcode='[ABCDEGRST]' + fi + ;; +irix* | nonstopux*) + symcode='[BCDEGRST]' + ;; +osf*) + symcode='[BCDEGQRST]' + ;; +solaris*) + symcode='[BDRT]' + ;; +sco3.2v5*) + symcode='[DT]' + ;; +sysv4.2uw2*) + symcode='[DT]' + ;; +sysv5* | sco5v6* | unixware* | OpenUNIX*) + symcode='[ABDT]' + ;; +sysv4) + symcode='[DFNSTU]' + ;; +esac + +# If we're using GNU nm, then use its standard symbol codes. +case `$NM -V 2>&1` in +*GNU* | *'with BFD'*) + symcode='[ABCDGIRSTW]' ;; +esac + +# Transform an extracted symbol line into a proper C declaration. +# Some systems (esp. on ia64) link data and code symbols differently, +# so use this general approach. +lt_cv_sys_global_symbol_to_cdecl="sed -n -e 's/^T .* \(.*\)$/extern int \1();/p' -e 's/^$symcode* .* \(.*\)$/extern char \1;/p'" + +# Transform an extracted symbol line into symbol name and symbol address +lt_cv_sys_global_symbol_to_c_name_address="sed -n -e 's/^: \([^ ]*\)[ ]*$/ {\\\"\1\\\", (void *) 0},/p' -e 's/^$symcode* \([^ ]*\) \([^ ]*\)$/ {\"\2\", (void *) \&\2},/p'" +lt_cv_sys_global_symbol_to_c_name_address_lib_prefix="sed -n -e 's/^: \([^ ]*\)[ ]*$/ {\\\"\1\\\", (void *) 0},/p' -e 's/^$symcode* \([^ ]*\) \(lib[^ ]*\)$/ {\"\2\", (void *) \&\2},/p' -e 's/^$symcode* \([^ ]*\) \([^ ]*\)$/ {\"lib\2\", (void *) \&\2},/p'" + +# Handle CRLF in mingw tool chain +opt_cr= +case $build_os in +mingw*) + opt_cr=`$ECHO 'x\{0,1\}' | tr x '\015'` # option cr in regexp + ;; +esac + +# Try without a prefix underscore, then with it. +for ac_symprfx in "" "_"; do + + # Transform symcode, sympat, and symprfx into a raw symbol and a C symbol. + symxfrm="\\1 $ac_symprfx\\2 \\2" + + # Write the raw and C identifiers. + if test "$lt_cv_nm_interface" = "MS dumpbin"; then + # Fake it for dumpbin and say T for any non-static function + # and D for any global variable. + # Also find C++ and __fastcall symbols from MSVC++, + # which start with @ or ?. + lt_cv_sys_global_symbol_pipe="$AWK '"\ +" {last_section=section; section=\$ 3};"\ +" /^COFF SYMBOL TABLE/{for(i in hide) delete hide[i]};"\ +" /Section length .*#relocs.*(pick any)/{hide[last_section]=1};"\ +" \$ 0!~/External *\|/{next};"\ +" / 0+ UNDEF /{next}; / UNDEF \([^|]\)*()/{next};"\ +" {if(hide[section]) next};"\ +" {f=0}; \$ 0~/\(\).*\|/{f=1}; {printf f ? \"T \" : \"D \"};"\ +" {split(\$ 0, a, /\||\r/); split(a[2], s)};"\ +" s[1]~/^[@?]/{print s[1], s[1]; next};"\ +" s[1]~prfx {split(s[1],t,\"@\"); print t[1], substr(t[1],length(prfx))}"\ +" ' prfx=^$ac_symprfx" + else + lt_cv_sys_global_symbol_pipe="sed -n -e 's/^.*[ ]\($symcode$symcode*\)[ ][ ]*$ac_symprfx$sympat$opt_cr$/$symxfrm/p'" + fi + lt_cv_sys_global_symbol_pipe="$lt_cv_sys_global_symbol_pipe | sed '/ __gnu_lto/d'" + + # Check to see that the pipe works correctly. + pipe_works=no + + rm -f conftest* + cat > conftest.$ac_ext <<_LT_EOF +#ifdef __cplusplus +extern "C" { +#endif +char nm_test_var; +void nm_test_func(void); +void nm_test_func(void){} +#ifdef __cplusplus +} +#endif +int main(){nm_test_var='a';nm_test_func();return(0);} +_LT_EOF + + if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + # Now try to grab the symbols. + nlist=conftest.nm + if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$NM conftest.$ac_objext \| "$lt_cv_sys_global_symbol_pipe" \> $nlist\""; } >&5 + (eval $NM conftest.$ac_objext \| "$lt_cv_sys_global_symbol_pipe" \> $nlist) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } && test -s "$nlist"; then + # Try sorting and uniquifying the output. + if sort "$nlist" | uniq > "$nlist"T; then + mv -f "$nlist"T "$nlist" + else + rm -f "$nlist"T + fi + + # Make sure that we snagged all the symbols we need. + if $GREP ' nm_test_var$' "$nlist" >/dev/null; then + if $GREP ' nm_test_func$' "$nlist" >/dev/null; then + cat <<_LT_EOF > conftest.$ac_ext +/* Keep this code in sync between libtool.m4, ltmain, lt_system.h, and tests. */ +#if defined(_WIN32) || defined(__CYGWIN__) || defined(_WIN32_WCE) +/* DATA imports from DLLs on WIN32 con't be const, because runtime + relocations are performed -- see ld's documentation on pseudo-relocs. */ +# define LT_DLSYM_CONST +#elif defined(__osf__) +/* This system does not cope well with relocations in const data. */ +# define LT_DLSYM_CONST +#else +# define LT_DLSYM_CONST const +#endif + +#ifdef __cplusplus +extern "C" { +#endif + +_LT_EOF + # Now generate the symbol file. + eval "$lt_cv_sys_global_symbol_to_cdecl"' < "$nlist" | $GREP -v main >> conftest.$ac_ext' + + cat <<_LT_EOF >> conftest.$ac_ext + +/* The mapping between symbol names and symbols. */ +LT_DLSYM_CONST struct { + const char *name; + void *address; +} +lt__PROGRAM__LTX_preloaded_symbols[] = +{ + { "@PROGRAM@", (void *) 0 }, +_LT_EOF + $SED "s/^$symcode$symcode* \(.*\) \(.*\)$/ {\"\2\", (void *) \&\2},/" < "$nlist" | $GREP -v main >> conftest.$ac_ext + cat <<\_LT_EOF >> conftest.$ac_ext + {0, (void *) 0} +}; + +/* This works around a problem in FreeBSD linker */ +#ifdef FREEBSD_WORKAROUND +static const void *lt_preloaded_setup() { + return lt__PROGRAM__LTX_preloaded_symbols; +} +#endif + +#ifdef __cplusplus +} +#endif +_LT_EOF + # Now try linking the two files. + mv conftest.$ac_objext conftstm.$ac_objext + lt_globsym_save_LIBS=$LIBS + lt_globsym_save_CFLAGS=$CFLAGS + LIBS="conftstm.$ac_objext" + CFLAGS="$CFLAGS$lt_prog_compiler_no_builtin_flag" + if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_link\""; } >&5 + (eval $ac_link) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } && test -s conftest${ac_exeext}; then + pipe_works=yes + fi + LIBS=$lt_globsym_save_LIBS + CFLAGS=$lt_globsym_save_CFLAGS + else + echo "cannot find nm_test_func in $nlist" >&5 + fi + else + echo "cannot find nm_test_var in $nlist" >&5 + fi + else + echo "cannot run $lt_cv_sys_global_symbol_pipe" >&5 + fi + else + echo "$progname: failed program was:" >&5 + cat conftest.$ac_ext >&5 + fi + rm -rf conftest* conftst* + + # Do not use the global_symbol_pipe unless it works. + if test "$pipe_works" = yes; then + break + else + lt_cv_sys_global_symbol_pipe= + fi +done + +fi + +if test -z "$lt_cv_sys_global_symbol_pipe"; then + lt_cv_sys_global_symbol_to_cdecl= +fi +if test -z "$lt_cv_sys_global_symbol_pipe$lt_cv_sys_global_symbol_to_cdecl"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: failed" >&5 +$as_echo "failed" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: ok" >&5 +$as_echo "ok" >&6; } +fi + +# Response file support. +if test "$lt_cv_nm_interface" = "MS dumpbin"; then + nm_file_list_spec='@' +elif $NM --help 2>/dev/null | grep '[@]FILE' >/dev/null; then + nm_file_list_spec='@' +fi + + + + + + + + + + + + + + + + + + + + + + + + + + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for sysroot" >&5 +$as_echo_n "checking for sysroot... " >&6; } + +# Check whether --with-sysroot was given. +if test "${with_sysroot+set}" = set; then : + withval=$with_sysroot; +else + with_sysroot=no +fi + + +lt_sysroot= +case ${with_sysroot} in #( + yes) + if test "$GCC" = yes; then + lt_sysroot=`$CC --print-sysroot 2>/dev/null` + fi + ;; #( + /*) + lt_sysroot=`echo "$with_sysroot" | sed -e "$sed_quote_subst"` + ;; #( + no|'') + ;; #( + *) + { $as_echo "$as_me:${as_lineno-$LINENO}: result: ${with_sysroot}" >&5 +$as_echo "${with_sysroot}" >&6; } + as_fn_error $? "The sysroot must be an absolute path." "$LINENO" 5 + ;; +esac + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: ${lt_sysroot:-no}" >&5 +$as_echo "${lt_sysroot:-no}" >&6; } + + + + + +# Check whether --enable-libtool-lock was given. +if test "${enable_libtool_lock+set}" = set; then : + enableval=$enable_libtool_lock; +fi + +test "x$enable_libtool_lock" != xno && enable_libtool_lock=yes + +# Some flags need to be propagated to the compiler or linker for good +# libtool support. +case $host in +ia64-*-hpux*) + # Find out which ABI we are using. + echo 'int i;' > conftest.$ac_ext + if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + case `/usr/bin/file conftest.$ac_objext` in + *ELF-32*) + HPUX_IA64_MODE="32" + ;; + *ELF-64*) + HPUX_IA64_MODE="64" + ;; + esac + fi + rm -rf conftest* + ;; +*-*-irix6*) + # Find out which ABI we are using. + echo '#line '$LINENO' "configure"' > conftest.$ac_ext + if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + if test "$lt_cv_prog_gnu_ld" = yes; then + case `/usr/bin/file conftest.$ac_objext` in + *32-bit*) + LD="${LD-ld} -melf32bsmip" + ;; + *N32*) + LD="${LD-ld} -melf32bmipn32" + ;; + *64-bit*) + LD="${LD-ld} -melf64bmip" + ;; + esac + else + case `/usr/bin/file conftest.$ac_objext` in + *32-bit*) + LD="${LD-ld} -32" + ;; + *N32*) + LD="${LD-ld} -n32" + ;; + *64-bit*) + LD="${LD-ld} -64" + ;; + esac + fi + fi + rm -rf conftest* + ;; + +x86_64-*kfreebsd*-gnu|x86_64-*linux*|ppc*-*linux*|powerpc*-*linux*| \ +s390*-*linux*|s390*-*tpf*|sparc*-*linux*) + # Find out which ABI we are using. + echo 'int i;' > conftest.$ac_ext + if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + case `/usr/bin/file conftest.o` in + *32-bit*) + case $host in + x86_64-*kfreebsd*-gnu) + LD="${LD-ld} -m elf_i386_fbsd" + ;; + x86_64-*linux*) + LD="${LD-ld} -m elf_i386" + ;; + ppc64-*linux*|powerpc64-*linux*) + LD="${LD-ld} -m elf32ppclinux" + ;; + s390x-*linux*) + LD="${LD-ld} -m elf_s390" + ;; + sparc64-*linux*) + LD="${LD-ld} -m elf32_sparc" + ;; + esac + ;; + *64-bit*) + case $host in + x86_64-*kfreebsd*-gnu) + LD="${LD-ld} -m elf_x86_64_fbsd" + ;; + x86_64-*linux*) + LD="${LD-ld} -m elf_x86_64" + ;; + ppc*-*linux*|powerpc*-*linux*) + LD="${LD-ld} -m elf64ppc" + ;; + s390*-*linux*|s390*-*tpf*) + LD="${LD-ld} -m elf64_s390" + ;; + sparc*-*linux*) + LD="${LD-ld} -m elf64_sparc" + ;; + esac + ;; + esac + fi + rm -rf conftest* + ;; + +*-*-sco3.2v5*) + # On SCO OpenServer 5, we need -belf to get full-featured binaries. + SAVE_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS -belf" + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the C compiler needs -belf" >&5 +$as_echo_n "checking whether the C compiler needs -belf... " >&6; } +if ${lt_cv_cc_needs_belf+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + lt_cv_cc_needs_belf=yes +else + lt_cv_cc_needs_belf=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_cc_needs_belf" >&5 +$as_echo "$lt_cv_cc_needs_belf" >&6; } + if test x"$lt_cv_cc_needs_belf" != x"yes"; then + # this is probably gcc 2.8.0, egcs 1.0 or newer; no need for -belf + CFLAGS="$SAVE_CFLAGS" + fi + ;; +*-*solaris*) + # Find out which ABI we are using. + echo 'int i;' > conftest.$ac_ext + if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + case `/usr/bin/file conftest.o` in + *64-bit*) + case $lt_cv_prog_gnu_ld in + yes*) + case $host in + i?86-*-solaris*) + LD="${LD-ld} -m elf_x86_64" + ;; + sparc*-*-solaris*) + LD="${LD-ld} -m elf64_sparc" + ;; + esac + # GNU ld 2.21 introduced _sol2 emulations. Use them if available. + if ${LD-ld} -V | grep _sol2 >/dev/null 2>&1; then + LD="${LD-ld}_sol2" + fi + ;; + *) + if ${LD-ld} -64 -r -o conftest2.o conftest.o >/dev/null 2>&1; then + LD="${LD-ld} -64" + fi + ;; + esac + ;; + esac + fi + rm -rf conftest* + ;; +esac + +need_locks="$enable_libtool_lock" + +if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}mt", so it can be a program name with args. +set dummy ${ac_tool_prefix}mt; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_MANIFEST_TOOL+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$MANIFEST_TOOL"; then + ac_cv_prog_MANIFEST_TOOL="$MANIFEST_TOOL" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_MANIFEST_TOOL="${ac_tool_prefix}mt" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +MANIFEST_TOOL=$ac_cv_prog_MANIFEST_TOOL +if test -n "$MANIFEST_TOOL"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MANIFEST_TOOL" >&5 +$as_echo "$MANIFEST_TOOL" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_MANIFEST_TOOL"; then + ac_ct_MANIFEST_TOOL=$MANIFEST_TOOL + # Extract the first word of "mt", so it can be a program name with args. +set dummy mt; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_MANIFEST_TOOL+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_MANIFEST_TOOL"; then + ac_cv_prog_ac_ct_MANIFEST_TOOL="$ac_ct_MANIFEST_TOOL" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_ac_ct_MANIFEST_TOOL="mt" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_MANIFEST_TOOL=$ac_cv_prog_ac_ct_MANIFEST_TOOL +if test -n "$ac_ct_MANIFEST_TOOL"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_MANIFEST_TOOL" >&5 +$as_echo "$ac_ct_MANIFEST_TOOL" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_ct_MANIFEST_TOOL" = x; then + MANIFEST_TOOL=":" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + MANIFEST_TOOL=$ac_ct_MANIFEST_TOOL + fi +else + MANIFEST_TOOL="$ac_cv_prog_MANIFEST_TOOL" +fi + +test -z "$MANIFEST_TOOL" && MANIFEST_TOOL=mt +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if $MANIFEST_TOOL is a manifest tool" >&5 +$as_echo_n "checking if $MANIFEST_TOOL is a manifest tool... " >&6; } +if ${lt_cv_path_mainfest_tool+:} false; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_path_mainfest_tool=no + echo "$as_me:$LINENO: $MANIFEST_TOOL '-?'" >&5 + $MANIFEST_TOOL '-?' 2>conftest.err > conftest.out + cat conftest.err >&5 + if $GREP 'Manifest Tool' conftest.out > /dev/null; then + lt_cv_path_mainfest_tool=yes + fi + rm -f conftest* +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_path_mainfest_tool" >&5 +$as_echo "$lt_cv_path_mainfest_tool" >&6; } +if test "x$lt_cv_path_mainfest_tool" != xyes; then + MANIFEST_TOOL=: +fi + + + + + + + case $host_os in + rhapsody* | darwin*) + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}dsymutil", so it can be a program name with args. +set dummy ${ac_tool_prefix}dsymutil; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_DSYMUTIL+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$DSYMUTIL"; then + ac_cv_prog_DSYMUTIL="$DSYMUTIL" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_DSYMUTIL="${ac_tool_prefix}dsymutil" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +DSYMUTIL=$ac_cv_prog_DSYMUTIL +if test -n "$DSYMUTIL"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $DSYMUTIL" >&5 +$as_echo "$DSYMUTIL" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_DSYMUTIL"; then + ac_ct_DSYMUTIL=$DSYMUTIL + # Extract the first word of "dsymutil", so it can be a program name with args. +set dummy dsymutil; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_DSYMUTIL+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_DSYMUTIL"; then + ac_cv_prog_ac_ct_DSYMUTIL="$ac_ct_DSYMUTIL" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_ac_ct_DSYMUTIL="dsymutil" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_DSYMUTIL=$ac_cv_prog_ac_ct_DSYMUTIL +if test -n "$ac_ct_DSYMUTIL"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_DSYMUTIL" >&5 +$as_echo "$ac_ct_DSYMUTIL" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_ct_DSYMUTIL" = x; then + DSYMUTIL=":" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + DSYMUTIL=$ac_ct_DSYMUTIL + fi +else + DSYMUTIL="$ac_cv_prog_DSYMUTIL" +fi + + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}nmedit", so it can be a program name with args. +set dummy ${ac_tool_prefix}nmedit; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_NMEDIT+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$NMEDIT"; then + ac_cv_prog_NMEDIT="$NMEDIT" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_NMEDIT="${ac_tool_prefix}nmedit" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +NMEDIT=$ac_cv_prog_NMEDIT +if test -n "$NMEDIT"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $NMEDIT" >&5 +$as_echo "$NMEDIT" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_NMEDIT"; then + ac_ct_NMEDIT=$NMEDIT + # Extract the first word of "nmedit", so it can be a program name with args. +set dummy nmedit; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_NMEDIT+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_NMEDIT"; then + ac_cv_prog_ac_ct_NMEDIT="$ac_ct_NMEDIT" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_ac_ct_NMEDIT="nmedit" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_NMEDIT=$ac_cv_prog_ac_ct_NMEDIT +if test -n "$ac_ct_NMEDIT"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_NMEDIT" >&5 +$as_echo "$ac_ct_NMEDIT" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_ct_NMEDIT" = x; then + NMEDIT=":" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + NMEDIT=$ac_ct_NMEDIT + fi +else + NMEDIT="$ac_cv_prog_NMEDIT" +fi + + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}lipo", so it can be a program name with args. +set dummy ${ac_tool_prefix}lipo; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_LIPO+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$LIPO"; then + ac_cv_prog_LIPO="$LIPO" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_LIPO="${ac_tool_prefix}lipo" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +LIPO=$ac_cv_prog_LIPO +if test -n "$LIPO"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LIPO" >&5 +$as_echo "$LIPO" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_LIPO"; then + ac_ct_LIPO=$LIPO + # Extract the first word of "lipo", so it can be a program name with args. +set dummy lipo; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_LIPO+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_LIPO"; then + ac_cv_prog_ac_ct_LIPO="$ac_ct_LIPO" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_ac_ct_LIPO="lipo" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_LIPO=$ac_cv_prog_ac_ct_LIPO +if test -n "$ac_ct_LIPO"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_LIPO" >&5 +$as_echo "$ac_ct_LIPO" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_ct_LIPO" = x; then + LIPO=":" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + LIPO=$ac_ct_LIPO + fi +else + LIPO="$ac_cv_prog_LIPO" +fi + + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}otool", so it can be a program name with args. +set dummy ${ac_tool_prefix}otool; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_OTOOL+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$OTOOL"; then + ac_cv_prog_OTOOL="$OTOOL" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_OTOOL="${ac_tool_prefix}otool" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +OTOOL=$ac_cv_prog_OTOOL +if test -n "$OTOOL"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $OTOOL" >&5 +$as_echo "$OTOOL" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_OTOOL"; then + ac_ct_OTOOL=$OTOOL + # Extract the first word of "otool", so it can be a program name with args. +set dummy otool; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_OTOOL+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_OTOOL"; then + ac_cv_prog_ac_ct_OTOOL="$ac_ct_OTOOL" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_ac_ct_OTOOL="otool" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_OTOOL=$ac_cv_prog_ac_ct_OTOOL +if test -n "$ac_ct_OTOOL"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OTOOL" >&5 +$as_echo "$ac_ct_OTOOL" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_ct_OTOOL" = x; then + OTOOL=":" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + OTOOL=$ac_ct_OTOOL + fi +else + OTOOL="$ac_cv_prog_OTOOL" +fi + + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}otool64", so it can be a program name with args. +set dummy ${ac_tool_prefix}otool64; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_OTOOL64+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$OTOOL64"; then + ac_cv_prog_OTOOL64="$OTOOL64" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_OTOOL64="${ac_tool_prefix}otool64" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +OTOOL64=$ac_cv_prog_OTOOL64 +if test -n "$OTOOL64"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $OTOOL64" >&5 +$as_echo "$OTOOL64" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_OTOOL64"; then + ac_ct_OTOOL64=$OTOOL64 + # Extract the first word of "otool64", so it can be a program name with args. +set dummy otool64; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_OTOOL64+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_OTOOL64"; then + ac_cv_prog_ac_ct_OTOOL64="$ac_ct_OTOOL64" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_ac_ct_OTOOL64="otool64" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_OTOOL64=$ac_cv_prog_ac_ct_OTOOL64 +if test -n "$ac_ct_OTOOL64"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OTOOL64" >&5 +$as_echo "$ac_ct_OTOOL64" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_ct_OTOOL64" = x; then + OTOOL64=":" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + OTOOL64=$ac_ct_OTOOL64 + fi +else + OTOOL64="$ac_cv_prog_OTOOL64" +fi + + + + + + + + + + + + + + + + + + + + + + + + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for -single_module linker flag" >&5 +$as_echo_n "checking for -single_module linker flag... " >&6; } +if ${lt_cv_apple_cc_single_mod+:} false; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_apple_cc_single_mod=no + if test -z "${LT_MULTI_MODULE}"; then + # By default we will add the -single_module flag. You can override + # by either setting the environment variable LT_MULTI_MODULE + # non-empty at configure time, or by adding -multi_module to the + # link flags. + rm -rf libconftest.dylib* + echo "int foo(void){return 1;}" > conftest.c + echo "$LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \ +-dynamiclib -Wl,-single_module conftest.c" >&5 + $LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \ + -dynamiclib -Wl,-single_module conftest.c 2>conftest.err + _lt_result=$? + # If there is a non-empty error log, and "single_module" + # appears in it, assume the flag caused a linker warning + if test -s conftest.err && $GREP single_module conftest.err; then + cat conftest.err >&5 + # Otherwise, if the output was created with a 0 exit code from + # the compiler, it worked. + elif test -f libconftest.dylib && test $_lt_result -eq 0; then + lt_cv_apple_cc_single_mod=yes + else + cat conftest.err >&5 + fi + rm -rf libconftest.dylib* + rm -f conftest.* + fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_apple_cc_single_mod" >&5 +$as_echo "$lt_cv_apple_cc_single_mod" >&6; } + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for -exported_symbols_list linker flag" >&5 +$as_echo_n "checking for -exported_symbols_list linker flag... " >&6; } +if ${lt_cv_ld_exported_symbols_list+:} false; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_ld_exported_symbols_list=no + save_LDFLAGS=$LDFLAGS + echo "_main" > conftest.sym + LDFLAGS="$LDFLAGS -Wl,-exported_symbols_list,conftest.sym" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + lt_cv_ld_exported_symbols_list=yes +else + lt_cv_ld_exported_symbols_list=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + LDFLAGS="$save_LDFLAGS" + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_exported_symbols_list" >&5 +$as_echo "$lt_cv_ld_exported_symbols_list" >&6; } + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for -force_load linker flag" >&5 +$as_echo_n "checking for -force_load linker flag... " >&6; } +if ${lt_cv_ld_force_load+:} false; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_ld_force_load=no + cat > conftest.c << _LT_EOF +int forced_loaded() { return 2;} +_LT_EOF + echo "$LTCC $LTCFLAGS -c -o conftest.o conftest.c" >&5 + $LTCC $LTCFLAGS -c -o conftest.o conftest.c 2>&5 + echo "$AR cru libconftest.a conftest.o" >&5 + $AR cru libconftest.a conftest.o 2>&5 + echo "$RANLIB libconftest.a" >&5 + $RANLIB libconftest.a 2>&5 + cat > conftest.c << _LT_EOF +int main() { return 0;} +_LT_EOF + echo "$LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a" >&5 + $LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a 2>conftest.err + _lt_result=$? + if test -s conftest.err && $GREP force_load conftest.err; then + cat conftest.err >&5 + elif test -f conftest && test $_lt_result -eq 0 && $GREP forced_load conftest >/dev/null 2>&1 ; then + lt_cv_ld_force_load=yes + else + cat conftest.err >&5 + fi + rm -f conftest.err libconftest.a conftest conftest.c + rm -rf conftest.dSYM + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_force_load" >&5 +$as_echo "$lt_cv_ld_force_load" >&6; } + case $host_os in + rhapsody* | darwin1.[012]) + _lt_dar_allow_undefined='${wl}-undefined ${wl}suppress' ;; + darwin1.*) + _lt_dar_allow_undefined='${wl}-flat_namespace ${wl}-undefined ${wl}suppress' ;; + darwin*) # darwin 5.x on + # if running on 10.5 or later, the deployment target defaults + # to the OS version, if on x86, and 10.4, the deployment + # target defaults to 10.4. Don't you love it? + case ${MACOSX_DEPLOYMENT_TARGET-10.0},$host in + 10.0,*86*-darwin8*|10.0,*-darwin[91]*) + _lt_dar_allow_undefined='${wl}-undefined ${wl}dynamic_lookup' ;; + 10.[012]*) + _lt_dar_allow_undefined='${wl}-flat_namespace ${wl}-undefined ${wl}suppress' ;; + 10.*) + _lt_dar_allow_undefined='${wl}-undefined ${wl}dynamic_lookup' ;; + esac + ;; + esac + if test "$lt_cv_apple_cc_single_mod" = "yes"; then + _lt_dar_single_mod='$single_module' + fi + if test "$lt_cv_ld_exported_symbols_list" = "yes"; then + _lt_dar_export_syms=' ${wl}-exported_symbols_list,$output_objdir/${libname}-symbols.expsym' + else + _lt_dar_export_syms='~$NMEDIT -s $output_objdir/${libname}-symbols.expsym ${lib}' + fi + if test "$DSYMUTIL" != ":" && test "$lt_cv_ld_force_load" = "no"; then + _lt_dsymutil='~$DSYMUTIL $lib || :' + else + _lt_dsymutil= + fi + ;; + esac + +# On IRIX 5.3, sys/types and inttypes.h are conflicting. +for ac_header in sys/types.h sys/stat.h stdlib.h string.h memory.h strings.h \ + inttypes.h stdint.h unistd.h +do : + as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` +ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default +" +if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 +_ACEOF + +fi + +done + + +for ac_header in dlfcn.h +do : + ac_fn_c_check_header_compile "$LINENO" "dlfcn.h" "ac_cv_header_dlfcn_h" "$ac_includes_default +" +if test "x$ac_cv_header_dlfcn_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_DLFCN_H 1 +_ACEOF + +fi + +done + + + + + +# Set options + + + + enable_dlopen=no + + + enable_win32_dll=no + + + # Check whether --enable-shared was given. +if test "${enable_shared+set}" = set; then : + enableval=$enable_shared; p=${PACKAGE-default} + case $enableval in + yes) enable_shared=yes ;; + no) enable_shared=no ;; + *) + enable_shared=no + # Look at the argument we got. We use all the common list separators. + lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR," + for pkg in $enableval; do + IFS="$lt_save_ifs" + if test "X$pkg" = "X$p"; then + enable_shared=yes + fi + done + IFS="$lt_save_ifs" + ;; + esac +else + enable_shared=yes +fi + + + + + + + + + + # Check whether --enable-static was given. +if test "${enable_static+set}" = set; then : + enableval=$enable_static; p=${PACKAGE-default} + case $enableval in + yes) enable_static=yes ;; + no) enable_static=no ;; + *) + enable_static=no + # Look at the argument we got. We use all the common list separators. + lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR," + for pkg in $enableval; do + IFS="$lt_save_ifs" + if test "X$pkg" = "X$p"; then + enable_static=yes + fi + done + IFS="$lt_save_ifs" + ;; + esac +else + enable_static=yes +fi + + + + + + + + + + +# Check whether --with-pic was given. +if test "${with_pic+set}" = set; then : + withval=$with_pic; lt_p=${PACKAGE-default} + case $withval in + yes|no) pic_mode=$withval ;; + *) + pic_mode=default + # Look at the argument we got. We use all the common list separators. + lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR," + for lt_pkg in $withval; do + IFS="$lt_save_ifs" + if test "X$lt_pkg" = "X$lt_p"; then + pic_mode=yes + fi + done + IFS="$lt_save_ifs" + ;; + esac +else + pic_mode=default +fi + + +test -z "$pic_mode" && pic_mode=default + + + + + + + + # Check whether --enable-fast-install was given. +if test "${enable_fast_install+set}" = set; then : + enableval=$enable_fast_install; p=${PACKAGE-default} + case $enableval in + yes) enable_fast_install=yes ;; + no) enable_fast_install=no ;; + *) + enable_fast_install=no + # Look at the argument we got. We use all the common list separators. + lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR," + for pkg in $enableval; do + IFS="$lt_save_ifs" + if test "X$pkg" = "X$p"; then + enable_fast_install=yes + fi + done + IFS="$lt_save_ifs" + ;; + esac +else + enable_fast_install=yes +fi + + + + + + + + + + + +# This can be used to rebuild libtool when needed +LIBTOOL_DEPS="$ltmain" + +# Always use our own libtool. +LIBTOOL='$(SHELL) $(top_builddir)/libtool' + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +test -z "$LN_S" && LN_S="ln -s" + + + + + + + + + + + + + + +if test -n "${ZSH_VERSION+set}" ; then + setopt NO_GLOB_SUBST +fi + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for objdir" >&5 +$as_echo_n "checking for objdir... " >&6; } +if ${lt_cv_objdir+:} false; then : + $as_echo_n "(cached) " >&6 +else + rm -f .libs 2>/dev/null +mkdir .libs 2>/dev/null +if test -d .libs; then + lt_cv_objdir=.libs +else + # MS-DOS does not allow filenames that begin with a dot. + lt_cv_objdir=_libs +fi +rmdir .libs 2>/dev/null +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_objdir" >&5 +$as_echo "$lt_cv_objdir" >&6; } +objdir=$lt_cv_objdir + + + + + +cat >>confdefs.h <<_ACEOF +#define LT_OBJDIR "$lt_cv_objdir/" +_ACEOF + + + + +case $host_os in +aix3*) + # AIX sometimes has problems with the GCC collect2 program. For some + # reason, if we set the COLLECT_NAMES environment variable, the problems + # vanish in a puff of smoke. + if test "X${COLLECT_NAMES+set}" != Xset; then + COLLECT_NAMES= + export COLLECT_NAMES + fi + ;; +esac + +# Global variables: +ofile=libtool +can_build_shared=yes + +# All known linkers require a `.a' archive for static linking (except MSVC, +# which needs '.lib'). +libext=a + +with_gnu_ld="$lt_cv_prog_gnu_ld" + +old_CC="$CC" +old_CFLAGS="$CFLAGS" + +# Set sane defaults for various variables +test -z "$CC" && CC=cc +test -z "$LTCC" && LTCC=$CC +test -z "$LTCFLAGS" && LTCFLAGS=$CFLAGS +test -z "$LD" && LD=ld +test -z "$ac_objext" && ac_objext=o + +for cc_temp in $compiler""; do + case $cc_temp in + compile | *[\\/]compile | ccache | *[\\/]ccache ) ;; + distcc | *[\\/]distcc | purify | *[\\/]purify ) ;; + \-*) ;; + *) break;; + esac +done +cc_basename=`$ECHO "$cc_temp" | $SED "s%.*/%%; s%^$host_alias-%%"` + + +# Only perform the check for file, if the check method requires it +test -z "$MAGIC_CMD" && MAGIC_CMD=file +case $deplibs_check_method in +file_magic*) + if test "$file_magic_cmd" = '$MAGIC_CMD'; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ${ac_tool_prefix}file" >&5 +$as_echo_n "checking for ${ac_tool_prefix}file... " >&6; } +if ${lt_cv_path_MAGIC_CMD+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $MAGIC_CMD in +[\\/*] | ?:[\\/]*) + lt_cv_path_MAGIC_CMD="$MAGIC_CMD" # Let the user override the test with a path. + ;; +*) + lt_save_MAGIC_CMD="$MAGIC_CMD" + lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR + ac_dummy="/usr/bin$PATH_SEPARATOR$PATH" + for ac_dir in $ac_dummy; do + IFS="$lt_save_ifs" + test -z "$ac_dir" && ac_dir=. + if test -f $ac_dir/${ac_tool_prefix}file; then + lt_cv_path_MAGIC_CMD="$ac_dir/${ac_tool_prefix}file" + if test -n "$file_magic_test_file"; then + case $deplibs_check_method in + "file_magic "*) + file_magic_regex=`expr "$deplibs_check_method" : "file_magic \(.*\)"` + MAGIC_CMD="$lt_cv_path_MAGIC_CMD" + if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null | + $EGREP "$file_magic_regex" > /dev/null; then + : + else + cat <<_LT_EOF 1>&2 + +*** Warning: the command libtool uses to detect shared libraries, +*** $file_magic_cmd, produces output that libtool cannot recognize. +*** The result is that libtool may fail to recognize shared libraries +*** as such. This will affect the creation of libtool libraries that +*** depend on shared libraries, but programs linked with such libtool +*** libraries will work regardless of this problem. Nevertheless, you +*** may want to report the problem to your system manager and/or to +*** bug-libtool@gnu.org + +_LT_EOF + fi ;; + esac + fi + break + fi + done + IFS="$lt_save_ifs" + MAGIC_CMD="$lt_save_MAGIC_CMD" + ;; +esac +fi + +MAGIC_CMD="$lt_cv_path_MAGIC_CMD" +if test -n "$MAGIC_CMD"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MAGIC_CMD" >&5 +$as_echo "$MAGIC_CMD" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + + + +if test -z "$lt_cv_path_MAGIC_CMD"; then + if test -n "$ac_tool_prefix"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for file" >&5 +$as_echo_n "checking for file... " >&6; } +if ${lt_cv_path_MAGIC_CMD+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $MAGIC_CMD in +[\\/*] | ?:[\\/]*) + lt_cv_path_MAGIC_CMD="$MAGIC_CMD" # Let the user override the test with a path. + ;; +*) + lt_save_MAGIC_CMD="$MAGIC_CMD" + lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR + ac_dummy="/usr/bin$PATH_SEPARATOR$PATH" + for ac_dir in $ac_dummy; do + IFS="$lt_save_ifs" + test -z "$ac_dir" && ac_dir=. + if test -f $ac_dir/file; then + lt_cv_path_MAGIC_CMD="$ac_dir/file" + if test -n "$file_magic_test_file"; then + case $deplibs_check_method in + "file_magic "*) + file_magic_regex=`expr "$deplibs_check_method" : "file_magic \(.*\)"` + MAGIC_CMD="$lt_cv_path_MAGIC_CMD" + if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null | + $EGREP "$file_magic_regex" > /dev/null; then + : + else + cat <<_LT_EOF 1>&2 + +*** Warning: the command libtool uses to detect shared libraries, +*** $file_magic_cmd, produces output that libtool cannot recognize. +*** The result is that libtool may fail to recognize shared libraries +*** as such. This will affect the creation of libtool libraries that +*** depend on shared libraries, but programs linked with such libtool +*** libraries will work regardless of this problem. Nevertheless, you +*** may want to report the problem to your system manager and/or to +*** bug-libtool@gnu.org + +_LT_EOF + fi ;; + esac + fi + break + fi + done + IFS="$lt_save_ifs" + MAGIC_CMD="$lt_save_MAGIC_CMD" + ;; +esac +fi + +MAGIC_CMD="$lt_cv_path_MAGIC_CMD" +if test -n "$MAGIC_CMD"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MAGIC_CMD" >&5 +$as_echo "$MAGIC_CMD" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + else + MAGIC_CMD=: + fi +fi + + fi + ;; +esac + +# Use C for the default configuration in the libtool script + +lt_save_CC="$CC" +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + + +# Source file extension for C test sources. +ac_ext=c + +# Object file extension for compiled C test sources. +objext=o +objext=$objext + +# Code to be used in simple compile tests +lt_simple_compile_test_code="int some_variable = 0;" + +# Code to be used in simple link tests +lt_simple_link_test_code='int main(){return(0);}' + + + + + + + +# If no C compiler was specified, use CC. +LTCC=${LTCC-"$CC"} + +# If no C compiler flags were specified, use CFLAGS. +LTCFLAGS=${LTCFLAGS-"$CFLAGS"} + +# Allow CC to be a program name with arguments. +compiler=$CC + +# Save the default compiler, since it gets overwritten when the other +# tags are being tested, and _LT_TAGVAR(compiler, []) is a NOP. +compiler_DEFAULT=$CC + +# save warnings/boilerplate of simple test code +ac_outfile=conftest.$ac_objext +echo "$lt_simple_compile_test_code" >conftest.$ac_ext +eval "$ac_compile" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err +_lt_compiler_boilerplate=`cat conftest.err` +$RM conftest* + +ac_outfile=conftest.$ac_objext +echo "$lt_simple_link_test_code" >conftest.$ac_ext +eval "$ac_link" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err +_lt_linker_boilerplate=`cat conftest.err` +$RM -r conftest* + + +if test -n "$compiler"; then + +lt_prog_compiler_no_builtin_flag= + +if test "$GCC" = yes; then + case $cc_basename in + nvcc*) + lt_prog_compiler_no_builtin_flag=' -Xcompiler -fno-builtin' ;; + *) + lt_prog_compiler_no_builtin_flag=' -fno-builtin' ;; + esac + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -fno-rtti -fno-exceptions" >&5 +$as_echo_n "checking if $compiler supports -fno-rtti -fno-exceptions... " >&6; } +if ${lt_cv_prog_compiler_rtti_exceptions+:} false; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_prog_compiler_rtti_exceptions=no + ac_outfile=conftest.$ac_objext + echo "$lt_simple_compile_test_code" > conftest.$ac_ext + lt_compiler_flag="-fno-rtti -fno-exceptions" + # Insert the option either (1) after the last *FLAGS variable, or + # (2) before a word containing "conftest.", or (3) at the end. + # Note that $ac_compile itself does not contain backslashes and begins + # with a dollar sign (not a hyphen), so the echo should work correctly. + # The option is referenced via a variable to avoid confusing sed. + lt_compile=`echo "$ac_compile" | $SED \ + -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ + -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ + -e 's:$: $lt_compiler_flag:'` + (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&5) + (eval "$lt_compile" 2>conftest.err) + ac_status=$? + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + if (exit $ac_status) && test -s "$ac_outfile"; then + # The compiler can only warn and ignore the option if not recognized + # So say no if there are warnings other than the usual output. + $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' >conftest.exp + $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 + if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then + lt_cv_prog_compiler_rtti_exceptions=yes + fi + fi + $RM conftest* + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_rtti_exceptions" >&5 +$as_echo "$lt_cv_prog_compiler_rtti_exceptions" >&6; } + +if test x"$lt_cv_prog_compiler_rtti_exceptions" = xyes; then + lt_prog_compiler_no_builtin_flag="$lt_prog_compiler_no_builtin_flag -fno-rtti -fno-exceptions" +else + : +fi + +fi + + + + + + + lt_prog_compiler_wl= +lt_prog_compiler_pic= +lt_prog_compiler_static= + + + if test "$GCC" = yes; then + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_static='-static' + + case $host_os in + aix*) + # All AIX code is PIC. + if test "$host_cpu" = ia64; then + # AIX 5 now supports IA64 processor + lt_prog_compiler_static='-Bstatic' + fi + ;; + + amigaos*) + case $host_cpu in + powerpc) + # see comment about AmigaOS4 .so support + lt_prog_compiler_pic='-fPIC' + ;; + m68k) + # FIXME: we need at least 68020 code to build shared libraries, but + # adding the `-m68020' flag to GCC prevents building anything better, + # like `-m68040'. + lt_prog_compiler_pic='-m68020 -resident32 -malways-restore-a4' + ;; + esac + ;; + + beos* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*) + # PIC is the default for these OSes. + ;; + + mingw* | cygwin* | pw32* | os2* | cegcc*) + # This hack is so that the source file can tell whether it is being + # built for inclusion in a dll (and should export symbols for example). + # Although the cygwin gcc ignores -fPIC, still need this for old-style + # (--disable-auto-import) libraries + lt_prog_compiler_pic='-DDLL_EXPORT' + ;; + + darwin* | rhapsody*) + # PIC is the default on this platform + # Common symbols not allowed in MH_DYLIB files + lt_prog_compiler_pic='-fno-common' + ;; + + haiku*) + # PIC is the default for Haiku. + # The "-static" flag exists, but is broken. + lt_prog_compiler_static= + ;; + + hpux*) + # PIC is the default for 64-bit PA HP-UX, but not for 32-bit + # PA HP-UX. On IA64 HP-UX, PIC is the default but the pic flag + # sets the default TLS model and affects inlining. + case $host_cpu in + hppa*64*) + # +Z the default + ;; + *) + lt_prog_compiler_pic='-fPIC' + ;; + esac + ;; + + interix[3-9]*) + # Interix 3.x gcc -fpic/-fPIC options generate broken code. + # Instead, we relocate shared libraries at runtime. + ;; + + msdosdjgpp*) + # Just because we use GCC doesn't mean we suddenly get shared libraries + # on systems that don't support them. + lt_prog_compiler_can_build_shared=no + enable_shared=no + ;; + + *nto* | *qnx*) + # QNX uses GNU C++, but need to define -shared option too, otherwise + # it will coredump. + lt_prog_compiler_pic='-fPIC -shared' + ;; + + sysv4*MP*) + if test -d /usr/nec; then + lt_prog_compiler_pic=-Kconform_pic + fi + ;; + + *) + lt_prog_compiler_pic='-fPIC' + ;; + esac + + case $cc_basename in + nvcc*) # Cuda Compiler Driver 2.2 + lt_prog_compiler_wl='-Xlinker ' + if test -n "$lt_prog_compiler_pic"; then + lt_prog_compiler_pic="-Xcompiler $lt_prog_compiler_pic" + fi + ;; + esac + else + # PORTME Check for flag to pass linker flags through the system compiler. + case $host_os in + aix*) + lt_prog_compiler_wl='-Wl,' + if test "$host_cpu" = ia64; then + # AIX 5 now supports IA64 processor + lt_prog_compiler_static='-Bstatic' + else + lt_prog_compiler_static='-bnso -bI:/lib/syscalls.exp' + fi + ;; + + mingw* | cygwin* | pw32* | os2* | cegcc*) + # This hack is so that the source file can tell whether it is being + # built for inclusion in a dll (and should export symbols for example). + lt_prog_compiler_pic='-DDLL_EXPORT' + ;; + + hpux9* | hpux10* | hpux11*) + lt_prog_compiler_wl='-Wl,' + # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but + # not for PA HP-UX. + case $host_cpu in + hppa*64*|ia64*) + # +Z the default + ;; + *) + lt_prog_compiler_pic='+Z' + ;; + esac + # Is there a better lt_prog_compiler_static that works with the bundled CC? + lt_prog_compiler_static='${wl}-a ${wl}archive' + ;; + + irix5* | irix6* | nonstopux*) + lt_prog_compiler_wl='-Wl,' + # PIC (with -KPIC) is the default. + lt_prog_compiler_static='-non_shared' + ;; + + linux* | k*bsd*-gnu | kopensolaris*-gnu) + case $cc_basename in + # old Intel for x86_64 which still supported -KPIC. + ecc*) + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_pic='-KPIC' + lt_prog_compiler_static='-static' + ;; + # icc used to be incompatible with GCC. + # ICC 10 doesn't accept -KPIC any more. + icc* | ifort*) + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_pic='-fPIC' + lt_prog_compiler_static='-static' + ;; + # Lahey Fortran 8.1. + lf95*) + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_pic='--shared' + lt_prog_compiler_static='--static' + ;; + nagfor*) + # NAG Fortran compiler + lt_prog_compiler_wl='-Wl,-Wl,,' + lt_prog_compiler_pic='-PIC' + lt_prog_compiler_static='-Bstatic' + ;; + pgcc* | pgf77* | pgf90* | pgf95* | pgfortran*) + # Portland Group compilers (*not* the Pentium gcc compiler, + # which looks to be a dead project) + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_pic='-fpic' + lt_prog_compiler_static='-Bstatic' + ;; + ccc*) + lt_prog_compiler_wl='-Wl,' + # All Alpha code is PIC. + lt_prog_compiler_static='-non_shared' + ;; + xl* | bgxl* | bgf* | mpixl*) + # IBM XL C 8.0/Fortran 10.1, 11.1 on PPC and BlueGene + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_pic='-qpic' + lt_prog_compiler_static='-qstaticlink' + ;; + *) + case `$CC -V 2>&1 | sed 5q` in + *Sun\ Ceres\ Fortran* | *Sun*Fortran*\ [1-7].* | *Sun*Fortran*\ 8.[0-3]*) + # Sun Fortran 8.3 passes all unrecognized flags to the linker + lt_prog_compiler_pic='-KPIC' + lt_prog_compiler_static='-Bstatic' + lt_prog_compiler_wl='' + ;; + *Sun\ F* | *Sun*Fortran*) + lt_prog_compiler_pic='-KPIC' + lt_prog_compiler_static='-Bstatic' + lt_prog_compiler_wl='-Qoption ld ' + ;; + *Sun\ C*) + # Sun C 5.9 + lt_prog_compiler_pic='-KPIC' + lt_prog_compiler_static='-Bstatic' + lt_prog_compiler_wl='-Wl,' + ;; + *Intel*\ [CF]*Compiler*) + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_pic='-fPIC' + lt_prog_compiler_static='-static' + ;; + *Portland\ Group*) + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_pic='-fpic' + lt_prog_compiler_static='-Bstatic' + ;; + esac + ;; + esac + ;; + + newsos6) + lt_prog_compiler_pic='-KPIC' + lt_prog_compiler_static='-Bstatic' + ;; + + *nto* | *qnx*) + # QNX uses GNU C++, but need to define -shared option too, otherwise + # it will coredump. + lt_prog_compiler_pic='-fPIC -shared' + ;; + + osf3* | osf4* | osf5*) + lt_prog_compiler_wl='-Wl,' + # All OSF/1 code is PIC. + lt_prog_compiler_static='-non_shared' + ;; + + rdos*) + lt_prog_compiler_static='-non_shared' + ;; + + solaris*) + lt_prog_compiler_pic='-KPIC' + lt_prog_compiler_static='-Bstatic' + case $cc_basename in + f77* | f90* | f95* | sunf77* | sunf90* | sunf95*) + lt_prog_compiler_wl='-Qoption ld ';; + *) + lt_prog_compiler_wl='-Wl,';; + esac + ;; + + sunos4*) + lt_prog_compiler_wl='-Qoption ld ' + lt_prog_compiler_pic='-PIC' + lt_prog_compiler_static='-Bstatic' + ;; + + sysv4 | sysv4.2uw2* | sysv4.3*) + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_pic='-KPIC' + lt_prog_compiler_static='-Bstatic' + ;; + + sysv4*MP*) + if test -d /usr/nec ;then + lt_prog_compiler_pic='-Kconform_pic' + lt_prog_compiler_static='-Bstatic' + fi + ;; + + sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*) + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_pic='-KPIC' + lt_prog_compiler_static='-Bstatic' + ;; + + unicos*) + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_can_build_shared=no + ;; + + uts4*) + lt_prog_compiler_pic='-pic' + lt_prog_compiler_static='-Bstatic' + ;; + + *) + lt_prog_compiler_can_build_shared=no + ;; + esac + fi + +case $host_os in + # For platforms which do not support PIC, -DPIC is meaningless: + *djgpp*) + lt_prog_compiler_pic= + ;; + *) + lt_prog_compiler_pic="$lt_prog_compiler_pic -DPIC" + ;; +esac + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $compiler option to produce PIC" >&5 +$as_echo_n "checking for $compiler option to produce PIC... " >&6; } +if ${lt_cv_prog_compiler_pic+:} false; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_prog_compiler_pic=$lt_prog_compiler_pic +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_pic" >&5 +$as_echo "$lt_cv_prog_compiler_pic" >&6; } +lt_prog_compiler_pic=$lt_cv_prog_compiler_pic + +# +# Check to make sure the PIC flag actually works. +# +if test -n "$lt_prog_compiler_pic"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler PIC flag $lt_prog_compiler_pic works" >&5 +$as_echo_n "checking if $compiler PIC flag $lt_prog_compiler_pic works... " >&6; } +if ${lt_cv_prog_compiler_pic_works+:} false; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_prog_compiler_pic_works=no + ac_outfile=conftest.$ac_objext + echo "$lt_simple_compile_test_code" > conftest.$ac_ext + lt_compiler_flag="$lt_prog_compiler_pic -DPIC" + # Insert the option either (1) after the last *FLAGS variable, or + # (2) before a word containing "conftest.", or (3) at the end. + # Note that $ac_compile itself does not contain backslashes and begins + # with a dollar sign (not a hyphen), so the echo should work correctly. + # The option is referenced via a variable to avoid confusing sed. + lt_compile=`echo "$ac_compile" | $SED \ + -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ + -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ + -e 's:$: $lt_compiler_flag:'` + (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&5) + (eval "$lt_compile" 2>conftest.err) + ac_status=$? + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + if (exit $ac_status) && test -s "$ac_outfile"; then + # The compiler can only warn and ignore the option if not recognized + # So say no if there are warnings other than the usual output. + $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' >conftest.exp + $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 + if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then + lt_cv_prog_compiler_pic_works=yes + fi + fi + $RM conftest* + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_pic_works" >&5 +$as_echo "$lt_cv_prog_compiler_pic_works" >&6; } + +if test x"$lt_cv_prog_compiler_pic_works" = xyes; then + case $lt_prog_compiler_pic in + "" | " "*) ;; + *) lt_prog_compiler_pic=" $lt_prog_compiler_pic" ;; + esac +else + lt_prog_compiler_pic= + lt_prog_compiler_can_build_shared=no +fi + +fi + + + + + + + + + + + +# +# Check to make sure the static flag actually works. +# +wl=$lt_prog_compiler_wl eval lt_tmp_static_flag=\"$lt_prog_compiler_static\" +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler static flag $lt_tmp_static_flag works" >&5 +$as_echo_n "checking if $compiler static flag $lt_tmp_static_flag works... " >&6; } +if ${lt_cv_prog_compiler_static_works+:} false; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_prog_compiler_static_works=no + save_LDFLAGS="$LDFLAGS" + LDFLAGS="$LDFLAGS $lt_tmp_static_flag" + echo "$lt_simple_link_test_code" > conftest.$ac_ext + if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then + # The linker can only warn and ignore the option if not recognized + # So say no if there are warnings + if test -s conftest.err; then + # Append any errors to the config.log. + cat conftest.err 1>&5 + $ECHO "$_lt_linker_boilerplate" | $SED '/^$/d' > conftest.exp + $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 + if diff conftest.exp conftest.er2 >/dev/null; then + lt_cv_prog_compiler_static_works=yes + fi + else + lt_cv_prog_compiler_static_works=yes + fi + fi + $RM -r conftest* + LDFLAGS="$save_LDFLAGS" + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_static_works" >&5 +$as_echo "$lt_cv_prog_compiler_static_works" >&6; } + +if test x"$lt_cv_prog_compiler_static_works" = xyes; then + : +else + lt_prog_compiler_static= +fi + + + + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -c -o file.$ac_objext" >&5 +$as_echo_n "checking if $compiler supports -c -o file.$ac_objext... " >&6; } +if ${lt_cv_prog_compiler_c_o+:} false; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_prog_compiler_c_o=no + $RM -r conftest 2>/dev/null + mkdir conftest + cd conftest + mkdir out + echo "$lt_simple_compile_test_code" > conftest.$ac_ext + + lt_compiler_flag="-o out/conftest2.$ac_objext" + # Insert the option either (1) after the last *FLAGS variable, or + # (2) before a word containing "conftest.", or (3) at the end. + # Note that $ac_compile itself does not contain backslashes and begins + # with a dollar sign (not a hyphen), so the echo should work correctly. + lt_compile=`echo "$ac_compile" | $SED \ + -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ + -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ + -e 's:$: $lt_compiler_flag:'` + (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&5) + (eval "$lt_compile" 2>out/conftest.err) + ac_status=$? + cat out/conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + if (exit $ac_status) && test -s out/conftest2.$ac_objext + then + # The compiler can only warn and ignore the option if not recognized + # So say no if there are warnings + $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' > out/conftest.exp + $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2 + if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then + lt_cv_prog_compiler_c_o=yes + fi + fi + chmod u+w . 2>&5 + $RM conftest* + # SGI C++ compiler will create directory out/ii_files/ for + # template instantiation + test -d out/ii_files && $RM out/ii_files/* && rmdir out/ii_files + $RM out/* && rmdir out + cd .. + $RM -r conftest + $RM conftest* + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_c_o" >&5 +$as_echo "$lt_cv_prog_compiler_c_o" >&6; } + + + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -c -o file.$ac_objext" >&5 +$as_echo_n "checking if $compiler supports -c -o file.$ac_objext... " >&6; } +if ${lt_cv_prog_compiler_c_o+:} false; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_prog_compiler_c_o=no + $RM -r conftest 2>/dev/null + mkdir conftest + cd conftest + mkdir out + echo "$lt_simple_compile_test_code" > conftest.$ac_ext + + lt_compiler_flag="-o out/conftest2.$ac_objext" + # Insert the option either (1) after the last *FLAGS variable, or + # (2) before a word containing "conftest.", or (3) at the end. + # Note that $ac_compile itself does not contain backslashes and begins + # with a dollar sign (not a hyphen), so the echo should work correctly. + lt_compile=`echo "$ac_compile" | $SED \ + -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ + -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ + -e 's:$: $lt_compiler_flag:'` + (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&5) + (eval "$lt_compile" 2>out/conftest.err) + ac_status=$? + cat out/conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + if (exit $ac_status) && test -s out/conftest2.$ac_objext + then + # The compiler can only warn and ignore the option if not recognized + # So say no if there are warnings + $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' > out/conftest.exp + $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2 + if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then + lt_cv_prog_compiler_c_o=yes + fi + fi + chmod u+w . 2>&5 + $RM conftest* + # SGI C++ compiler will create directory out/ii_files/ for + # template instantiation + test -d out/ii_files && $RM out/ii_files/* && rmdir out/ii_files + $RM out/* && rmdir out + cd .. + $RM -r conftest + $RM conftest* + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_c_o" >&5 +$as_echo "$lt_cv_prog_compiler_c_o" >&6; } + + + + +hard_links="nottested" +if test "$lt_cv_prog_compiler_c_o" = no && test "$need_locks" != no; then + # do not overwrite the value of need_locks provided by the user + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if we can lock with hard links" >&5 +$as_echo_n "checking if we can lock with hard links... " >&6; } + hard_links=yes + $RM conftest* + ln conftest.a conftest.b 2>/dev/null && hard_links=no + touch conftest.a + ln conftest.a conftest.b 2>&5 || hard_links=no + ln conftest.a conftest.b 2>/dev/null && hard_links=no + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $hard_links" >&5 +$as_echo "$hard_links" >&6; } + if test "$hard_links" = no; then + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&5 +$as_echo "$as_me: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&2;} + need_locks=warn + fi +else + need_locks=no +fi + + + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the $compiler linker ($LD) supports shared libraries" >&5 +$as_echo_n "checking whether the $compiler linker ($LD) supports shared libraries... " >&6; } + + runpath_var= + allow_undefined_flag= + always_export_symbols=no + archive_cmds= + archive_expsym_cmds= + compiler_needs_object=no + enable_shared_with_static_runtimes=no + export_dynamic_flag_spec= + export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols' + hardcode_automatic=no + hardcode_direct=no + hardcode_direct_absolute=no + hardcode_libdir_flag_spec= + hardcode_libdir_separator= + hardcode_minus_L=no + hardcode_shlibpath_var=unsupported + inherit_rpath=no + link_all_deplibs=unknown + module_cmds= + module_expsym_cmds= + old_archive_from_new_cmds= + old_archive_from_expsyms_cmds= + thread_safe_flag_spec= + whole_archive_flag_spec= + # include_expsyms should be a list of space-separated symbols to be *always* + # included in the symbol list + include_expsyms= + # exclude_expsyms can be an extended regexp of symbols to exclude + # it will be wrapped by ` (' and `)$', so one must not match beginning or + # end of line. Example: `a|bc|.*d.*' will exclude the symbols `a' and `bc', + # as well as any symbol that contains `d'. + exclude_expsyms='_GLOBAL_OFFSET_TABLE_|_GLOBAL__F[ID]_.*' + # Although _GLOBAL_OFFSET_TABLE_ is a valid symbol C name, most a.out + # platforms (ab)use it in PIC code, but their linkers get confused if + # the symbol is explicitly referenced. Since portable code cannot + # rely on this symbol name, it's probably fine to never include it in + # preloaded symbol tables. + # Exclude shared library initialization/finalization symbols. + extract_expsyms_cmds= + + case $host_os in + cygwin* | mingw* | pw32* | cegcc*) + # FIXME: the MSVC++ port hasn't been tested in a loooong time + # When not using gcc, we currently assume that we are using + # Microsoft Visual C++. + if test "$GCC" != yes; then + with_gnu_ld=no + fi + ;; + interix*) + # we just hope/assume this is gcc and not c89 (= MSVC++) + with_gnu_ld=yes + ;; + openbsd*) + with_gnu_ld=no + ;; + esac + + ld_shlibs=yes + + # On some targets, GNU ld is compatible enough with the native linker + # that we're better off using the native interface for both. + lt_use_gnu_ld_interface=no + if test "$with_gnu_ld" = yes; then + case $host_os in + aix*) + # The AIX port of GNU ld has always aspired to compatibility + # with the native linker. However, as the warning in the GNU ld + # block says, versions before 2.19.5* couldn't really create working + # shared libraries, regardless of the interface used. + case `$LD -v 2>&1` in + *\ \(GNU\ Binutils\)\ 2.19.5*) ;; + *\ \(GNU\ Binutils\)\ 2.[2-9]*) ;; + *\ \(GNU\ Binutils\)\ [3-9]*) ;; + *) + lt_use_gnu_ld_interface=yes + ;; + esac + ;; + *) + lt_use_gnu_ld_interface=yes + ;; + esac + fi + + if test "$lt_use_gnu_ld_interface" = yes; then + # If archive_cmds runs LD, not CC, wlarc should be empty + wlarc='${wl}' + + # Set some defaults for GNU ld with shared library support. These + # are reset later if shared libraries are not supported. Putting them + # here allows them to be overridden if necessary. + runpath_var=LD_RUN_PATH + hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir' + export_dynamic_flag_spec='${wl}--export-dynamic' + # ancient GNU ld didn't support --whole-archive et. al. + if $LD --help 2>&1 | $GREP 'no-whole-archive' > /dev/null; then + whole_archive_flag_spec="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive' + else + whole_archive_flag_spec= + fi + supports_anon_versioning=no + case `$LD -v 2>&1` in + *GNU\ gold*) supports_anon_versioning=yes ;; + *\ [01].* | *\ 2.[0-9].* | *\ 2.10.*) ;; # catch versions < 2.11 + *\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ... + *\ 2.11.92.0.12\ *) supports_anon_versioning=yes ;; # Mandrake 8.2 ... + *\ 2.11.*) ;; # other 2.11 versions + *) supports_anon_versioning=yes ;; + esac + + # See if GNU ld supports shared libraries. + case $host_os in + aix[3-9]*) + # On AIX/PPC, the GNU linker is very broken + if test "$host_cpu" != ia64; then + ld_shlibs=no + cat <<_LT_EOF 1>&2 + +*** Warning: the GNU linker, at least up to release 2.19, is reported +*** to be unable to reliably create shared libraries on AIX. +*** Therefore, libtool is disabling shared libraries support. If you +*** really care for shared libraries, you may want to install binutils +*** 2.20 or above, or modify your PATH so that a non-GNU linker is found. +*** You will then need to restart the configuration process. + +_LT_EOF + fi + ;; + + amigaos*) + case $host_cpu in + powerpc) + # see comment about AmigaOS4 .so support + archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + archive_expsym_cmds='' + ;; + m68k) + archive_cmds='$RM $output_objdir/a2ixlibrary.data~$ECHO "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$ECHO "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$ECHO "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$ECHO "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)' + hardcode_libdir_flag_spec='-L$libdir' + hardcode_minus_L=yes + ;; + esac + ;; + + beos*) + if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then + allow_undefined_flag=unsupported + # Joseph Beckenbach says some releases of gcc + # support --undefined. This deserves some investigation. FIXME + archive_cmds='$CC -nostart $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + else + ld_shlibs=no + fi + ;; + + cygwin* | mingw* | pw32* | cegcc*) + # _LT_TAGVAR(hardcode_libdir_flag_spec, ) is actually meaningless, + # as there is no search path for DLLs. + hardcode_libdir_flag_spec='-L$libdir' + export_dynamic_flag_spec='${wl}--export-all-symbols' + allow_undefined_flag=unsupported + always_export_symbols=no + enable_shared_with_static_runtimes=yes + export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGRS][ ]/s/.*[ ]\([^ ]*\)/\1 DATA/;s/^.*[ ]__nm__\([^ ]*\)[ ][^ ]*/\1 DATA/;/^I[ ]/d;/^[AITW][ ]/s/.* //'\'' | sort | uniq > $export_symbols' + exclude_expsyms='[_]+GLOBAL_OFFSET_TABLE_|[_]+GLOBAL__[FID]_.*|[_]+head_[A-Za-z0-9_]+_dll|[A-Za-z0-9_]+_dll_iname' + + if $LD --help 2>&1 | $GREP 'auto-import' > /dev/null; then + archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' + # If the export-symbols file already is a .def file (1st line + # is EXPORTS), use it as is; otherwise, prepend... + archive_expsym_cmds='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then + cp $export_symbols $output_objdir/$soname.def; + else + echo EXPORTS > $output_objdir/$soname.def; + cat $export_symbols >> $output_objdir/$soname.def; + fi~ + $CC -shared $output_objdir/$soname.def $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' + else + ld_shlibs=no + fi + ;; + + haiku*) + archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + link_all_deplibs=yes + ;; + + interix[3-9]*) + hardcode_direct=no + hardcode_shlibpath_var=no + hardcode_libdir_flag_spec='${wl}-rpath,$libdir' + export_dynamic_flag_spec='${wl}-E' + # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc. + # Instead, shared libraries are loaded at an image base (0x10000000 by + # default) and relocated if they conflict, which is a slow very memory + # consuming and fragmenting process. To avoid this, we pick a random, + # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link + # time. Moving up from 0x10000000 also allows more sbrk(2) space. + archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' + archive_expsym_cmds='sed "s,^,_," $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--retain-symbols-file,$output_objdir/$soname.expsym ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' + ;; + + gnu* | linux* | tpf* | k*bsd*-gnu | kopensolaris*-gnu) + tmp_diet=no + if test "$host_os" = linux-dietlibc; then + case $cc_basename in + diet\ *) tmp_diet=yes;; # linux-dietlibc with static linking (!diet-dyn) + esac + fi + if $LD --help 2>&1 | $EGREP ': supported targets:.* elf' > /dev/null \ + && test "$tmp_diet" = no + then + tmp_addflag=' $pic_flag' + tmp_sharedflag='-shared' + case $cc_basename,$host_cpu in + pgcc*) # Portland Group C compiler + whole_archive_flag_spec='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` ${wl}--no-whole-archive' + tmp_addflag=' $pic_flag' + ;; + pgf77* | pgf90* | pgf95* | pgfortran*) + # Portland Group f77 and f90 compilers + whole_archive_flag_spec='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` ${wl}--no-whole-archive' + tmp_addflag=' $pic_flag -Mnomain' ;; + ecc*,ia64* | icc*,ia64*) # Intel C compiler on ia64 + tmp_addflag=' -i_dynamic' ;; + efc*,ia64* | ifort*,ia64*) # Intel Fortran compiler on ia64 + tmp_addflag=' -i_dynamic -nofor_main' ;; + ifc* | ifort*) # Intel Fortran compiler + tmp_addflag=' -nofor_main' ;; + lf95*) # Lahey Fortran 8.1 + whole_archive_flag_spec= + tmp_sharedflag='--shared' ;; + xl[cC]* | bgxl[cC]* | mpixl[cC]*) # IBM XL C 8.0 on PPC (deal with xlf below) + tmp_sharedflag='-qmkshrobj' + tmp_addflag= ;; + nvcc*) # Cuda Compiler Driver 2.2 + whole_archive_flag_spec='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` ${wl}--no-whole-archive' + compiler_needs_object=yes + ;; + esac + case `$CC -V 2>&1 | sed 5q` in + *Sun\ C*) # Sun C 5.9 + whole_archive_flag_spec='${wl}--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` ${wl}--no-whole-archive' + compiler_needs_object=yes + tmp_sharedflag='-G' ;; + *Sun\ F*) # Sun Fortran 8.3 + tmp_sharedflag='-G' ;; + esac + archive_cmds='$CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + + if test "x$supports_anon_versioning" = xyes; then + archive_expsym_cmds='echo "{ global:" > $output_objdir/$libname.ver~ + cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ + echo "local: *; };" >> $output_objdir/$libname.ver~ + $CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-version-script ${wl}$output_objdir/$libname.ver -o $lib' + fi + + case $cc_basename in + xlf* | bgf* | bgxlf* | mpixlf*) + # IBM XL Fortran 10.1 on PPC cannot create shared libs itself + whole_archive_flag_spec='--whole-archive$convenience --no-whole-archive' + hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir' + archive_cmds='$LD -shared $libobjs $deplibs $linker_flags -soname $soname -o $lib' + if test "x$supports_anon_versioning" = xyes; then + archive_expsym_cmds='echo "{ global:" > $output_objdir/$libname.ver~ + cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ + echo "local: *; };" >> $output_objdir/$libname.ver~ + $LD -shared $libobjs $deplibs $linker_flags -soname $soname -version-script $output_objdir/$libname.ver -o $lib' + fi + ;; + esac + else + ld_shlibs=no + fi + ;; + + netbsd*) + if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then + archive_cmds='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib' + wlarc= + else + archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' + fi + ;; + + solaris*) + if $LD -v 2>&1 | $GREP 'BFD 2\.8' > /dev/null; then + ld_shlibs=no + cat <<_LT_EOF 1>&2 + +*** Warning: The releases 2.8.* of the GNU linker cannot reliably +*** create shared libraries on Solaris systems. Therefore, libtool +*** is disabling shared libraries support. We urge you to upgrade GNU +*** binutils to release 2.9.1 or newer. Another option is to modify +*** your PATH or compiler configuration so that the native linker is +*** used, and then restart. + +_LT_EOF + elif $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then + archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' + else + ld_shlibs=no + fi + ;; + + sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX*) + case `$LD -v 2>&1` in + *\ [01].* | *\ 2.[0-9].* | *\ 2.1[0-5].*) + ld_shlibs=no + cat <<_LT_EOF 1>&2 + +*** Warning: Releases of the GNU linker prior to 2.16.91.0.3 can not +*** reliably create shared libraries on SCO systems. Therefore, libtool +*** is disabling shared libraries support. We urge you to upgrade GNU +*** binutils to release 2.16.91.0.3 or newer. Another option is to modify +*** your PATH or compiler configuration so that the native linker is +*** used, and then restart. + +_LT_EOF + ;; + *) + # For security reasons, it is highly recommended that you always + # use absolute paths for naming shared libraries, and exclude the + # DT_RUNPATH tag from executables and libraries. But doing so + # requires that you compile everything twice, which is a pain. + if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then + hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir' + archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' + else + ld_shlibs=no + fi + ;; + esac + ;; + + sunos4*) + archive_cmds='$LD -assert pure-text -Bshareable -o $lib $libobjs $deplibs $linker_flags' + wlarc= + hardcode_direct=yes + hardcode_shlibpath_var=no + ;; + + *) + if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then + archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' + else + ld_shlibs=no + fi + ;; + esac + + if test "$ld_shlibs" = no; then + runpath_var= + hardcode_libdir_flag_spec= + export_dynamic_flag_spec= + whole_archive_flag_spec= + fi + else + # PORTME fill in a description of your system's linker (not GNU ld) + case $host_os in + aix3*) + allow_undefined_flag=unsupported + always_export_symbols=yes + archive_expsym_cmds='$LD -o $output_objdir/$soname $libobjs $deplibs $linker_flags -bE:$export_symbols -T512 -H512 -bM:SRE~$AR $AR_FLAGS $lib $output_objdir/$soname' + # Note: this linker hardcodes the directories in LIBPATH if there + # are no directories specified by -L. + hardcode_minus_L=yes + if test "$GCC" = yes && test -z "$lt_prog_compiler_static"; then + # Neither direct hardcoding nor static linking is supported with a + # broken collect2. + hardcode_direct=unsupported + fi + ;; + + aix[4-9]*) + if test "$host_cpu" = ia64; then + # On IA64, the linker does run time linking by default, so we don't + # have to do anything special. + aix_use_runtimelinking=no + exp_sym_flag='-Bexport' + no_entry_flag="" + else + # If we're using GNU nm, then we don't want the "-C" option. + # -C means demangle to AIX nm, but means don't demangle with GNU nm + # Also, AIX nm treats weak defined symbols like other global + # defined symbols, whereas GNU nm marks them as "W". + if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then + export_symbols_cmds='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W")) && (substr(\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols' + else + export_symbols_cmds='$NM -BCpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B")) && (substr(\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols' + fi + aix_use_runtimelinking=no + + # Test if we are trying to use run time linking or normal + # AIX style linking. If -brtl is somewhere in LDFLAGS, we + # need to do runtime linking. + case $host_os in aix4.[23]|aix4.[23].*|aix[5-9]*) + for ld_flag in $LDFLAGS; do + if (test $ld_flag = "-brtl" || test $ld_flag = "-Wl,-brtl"); then + aix_use_runtimelinking=yes + break + fi + done + ;; + esac + + exp_sym_flag='-bexport' + no_entry_flag='-bnoentry' + fi + + # When large executables or shared objects are built, AIX ld can + # have problems creating the table of contents. If linking a library + # or program results in "error TOC overflow" add -mminimal-toc to + # CXXFLAGS/CFLAGS for g++/gcc. In the cases where that is not + # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS. + + archive_cmds='' + hardcode_direct=yes + hardcode_direct_absolute=yes + hardcode_libdir_separator=':' + link_all_deplibs=yes + file_list_spec='${wl}-f,' + + if test "$GCC" = yes; then + case $host_os in aix4.[012]|aix4.[012].*) + # We only want to do this on AIX 4.2 and lower, the check + # below for broken collect2 doesn't work under 4.3+ + collect2name=`${CC} -print-prog-name=collect2` + if test -f "$collect2name" && + strings "$collect2name" | $GREP resolve_lib_name >/dev/null + then + # We have reworked collect2 + : + else + # We have old collect2 + hardcode_direct=unsupported + # It fails to find uninstalled libraries when the uninstalled + # path is not listed in the libpath. Setting hardcode_minus_L + # to unsupported forces relinking + hardcode_minus_L=yes + hardcode_libdir_flag_spec='-L$libdir' + hardcode_libdir_separator= + fi + ;; + esac + shared_flag='-shared' + if test "$aix_use_runtimelinking" = yes; then + shared_flag="$shared_flag "'${wl}-G' + fi + else + # not using gcc + if test "$host_cpu" = ia64; then + # VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release + # chokes on -Wl,-G. The following line is correct: + shared_flag='-G' + else + if test "$aix_use_runtimelinking" = yes; then + shared_flag='${wl}-G' + else + shared_flag='${wl}-bM:SRE' + fi + fi + fi + + export_dynamic_flag_spec='${wl}-bexpall' + # It seems that -bexpall does not export symbols beginning with + # underscore (_), so it is better to generate a list of symbols to export. + always_export_symbols=yes + if test "$aix_use_runtimelinking" = yes; then + # Warning - without using the other runtime loading flags (-brtl), + # -berok will link without error, but may produce a broken library. + allow_undefined_flag='-berok' + # Determine the default libpath from the value encoded in an + # empty executable. + if test "${lt_cv_aix_libpath+set}" = set; then + aix_libpath=$lt_cv_aix_libpath +else + if ${lt_cv_aix_libpath_+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + + lt_aix_libpath_sed=' + /Import File Strings/,/^$/ { + /^0/ { + s/^0 *\([^ ]*\) *$/\1/ + p + } + }' + lt_cv_aix_libpath_=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` + # Check for a 64-bit object if we didn't find anything. + if test -z "$lt_cv_aix_libpath_"; then + lt_cv_aix_libpath_=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` + fi +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + if test -z "$lt_cv_aix_libpath_"; then + lt_cv_aix_libpath_="/usr/lib:/lib" + fi + +fi + + aix_libpath=$lt_cv_aix_libpath_ +fi + + hardcode_libdir_flag_spec='${wl}-blibpath:$libdir:'"$aix_libpath" + archive_expsym_cmds='$CC -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then func_echo_all "${wl}${allow_undefined_flag}"; else :; fi` '"\${wl}$exp_sym_flag:\$export_symbols $shared_flag" + else + if test "$host_cpu" = ia64; then + hardcode_libdir_flag_spec='${wl}-R $libdir:/usr/lib:/lib' + allow_undefined_flag="-z nodefs" + archive_expsym_cmds="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags ${wl}${allow_undefined_flag} '"\${wl}$exp_sym_flag:\$export_symbols" + else + # Determine the default libpath from the value encoded in an + # empty executable. + if test "${lt_cv_aix_libpath+set}" = set; then + aix_libpath=$lt_cv_aix_libpath +else + if ${lt_cv_aix_libpath_+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + + lt_aix_libpath_sed=' + /Import File Strings/,/^$/ { + /^0/ { + s/^0 *\([^ ]*\) *$/\1/ + p + } + }' + lt_cv_aix_libpath_=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` + # Check for a 64-bit object if we didn't find anything. + if test -z "$lt_cv_aix_libpath_"; then + lt_cv_aix_libpath_=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` + fi +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + if test -z "$lt_cv_aix_libpath_"; then + lt_cv_aix_libpath_="/usr/lib:/lib" + fi + +fi + + aix_libpath=$lt_cv_aix_libpath_ +fi + + hardcode_libdir_flag_spec='${wl}-blibpath:$libdir:'"$aix_libpath" + # Warning - without using the other run time loading flags, + # -berok will link without error, but may produce a broken library. + no_undefined_flag=' ${wl}-bernotok' + allow_undefined_flag=' ${wl}-berok' + if test "$with_gnu_ld" = yes; then + # We only use this code for GNU lds that support --whole-archive. + whole_archive_flag_spec='${wl}--whole-archive$convenience ${wl}--no-whole-archive' + else + # Exported symbols can be pulled into shared objects from archives + whole_archive_flag_spec='$convenience' + fi + archive_cmds_need_lc=yes + # This is similar to how AIX traditionally builds its shared libraries. + archive_expsym_cmds="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs ${wl}-bnoentry $compiler_flags ${wl}-bE:$export_symbols${allow_undefined_flag}~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$soname' + fi + fi + ;; + + amigaos*) + case $host_cpu in + powerpc) + # see comment about AmigaOS4 .so support + archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + archive_expsym_cmds='' + ;; + m68k) + archive_cmds='$RM $output_objdir/a2ixlibrary.data~$ECHO "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$ECHO "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$ECHO "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$ECHO "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)' + hardcode_libdir_flag_spec='-L$libdir' + hardcode_minus_L=yes + ;; + esac + ;; + + bsdi[45]*) + export_dynamic_flag_spec=-rdynamic + ;; + + cygwin* | mingw* | pw32* | cegcc*) + # When not using gcc, we currently assume that we are using + # Microsoft Visual C++. + # hardcode_libdir_flag_spec is actually meaningless, as there is + # no search path for DLLs. + case $cc_basename in + cl*) + # Native MSVC + hardcode_libdir_flag_spec=' ' + allow_undefined_flag=unsupported + always_export_symbols=yes + file_list_spec='@' + # Tell ltmain to make .lib files, not .a files. + libext=lib + # Tell ltmain to make .dll files, not .so files. + shrext_cmds=".dll" + # FIXME: Setting linknames here is a bad hack. + archive_cmds='$CC -o $output_objdir/$soname $libobjs $compiler_flags $deplibs -Wl,-dll~linknames=' + archive_expsym_cmds='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then + sed -n -e 's/\\\\\\\(.*\\\\\\\)/-link\\\ -EXPORT:\\\\\\\1/' -e '1\\\!p' < $export_symbols > $output_objdir/$soname.exp; + else + sed -e 's/\\\\\\\(.*\\\\\\\)/-link\\\ -EXPORT:\\\\\\\1/' < $export_symbols > $output_objdir/$soname.exp; + fi~ + $CC -o $tool_output_objdir$soname $libobjs $compiler_flags $deplibs "@$tool_output_objdir$soname.exp" -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~ + linknames=' + # The linker will not automatically build a static lib if we build a DLL. + # _LT_TAGVAR(old_archive_from_new_cmds, )='true' + enable_shared_with_static_runtimes=yes + exclude_expsyms='_NULL_IMPORT_DESCRIPTOR|_IMPORT_DESCRIPTOR_.*' + export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGRS][ ]/s/.*[ ]\([^ ]*\)/\1,DATA/'\'' | $SED -e '\''/^[AITW][ ]/s/.*[ ]//'\'' | sort | uniq > $export_symbols' + # Don't use ranlib + old_postinstall_cmds='chmod 644 $oldlib' + postlink_cmds='lt_outputfile="@OUTPUT@"~ + lt_tool_outputfile="@TOOL_OUTPUT@"~ + case $lt_outputfile in + *.exe|*.EXE) ;; + *) + lt_outputfile="$lt_outputfile.exe" + lt_tool_outputfile="$lt_tool_outputfile.exe" + ;; + esac~ + if test "$MANIFEST_TOOL" != ":" && test -f "$lt_outputfile.manifest"; then + $MANIFEST_TOOL -manifest "$lt_tool_outputfile.manifest" -outputresource:"$lt_tool_outputfile" || exit 1; + $RM "$lt_outputfile.manifest"; + fi' + ;; + *) + # Assume MSVC wrapper + hardcode_libdir_flag_spec=' ' + allow_undefined_flag=unsupported + # Tell ltmain to make .lib files, not .a files. + libext=lib + # Tell ltmain to make .dll files, not .so files. + shrext_cmds=".dll" + # FIXME: Setting linknames here is a bad hack. + archive_cmds='$CC -o $lib $libobjs $compiler_flags `func_echo_all "$deplibs" | $SED '\''s/ -lc$//'\''` -link -dll~linknames=' + # The linker will automatically build a .lib file if we build a DLL. + old_archive_from_new_cmds='true' + # FIXME: Should let the user specify the lib program. + old_archive_cmds='lib -OUT:$oldlib$oldobjs$old_deplibs' + enable_shared_with_static_runtimes=yes + ;; + esac + ;; + + darwin* | rhapsody*) + + + archive_cmds_need_lc=no + hardcode_direct=no + hardcode_automatic=yes + hardcode_shlibpath_var=unsupported + if test "$lt_cv_ld_force_load" = "yes"; then + whole_archive_flag_spec='`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience ${wl}-force_load,$conv\"; done; func_echo_all \"$new_convenience\"`' + + else + whole_archive_flag_spec='' + fi + link_all_deplibs=yes + allow_undefined_flag="$_lt_dar_allow_undefined" + case $cc_basename in + ifort*) _lt_dar_can_shared=yes ;; + *) _lt_dar_can_shared=$GCC ;; + esac + if test "$_lt_dar_can_shared" = "yes"; then + output_verbose_link_cmd=func_echo_all + archive_cmds="\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod${_lt_dsymutil}" + module_cmds="\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags${_lt_dsymutil}" + archive_expsym_cmds="sed 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring ${_lt_dar_single_mod}${_lt_dar_export_syms}${_lt_dsymutil}" + module_expsym_cmds="sed -e 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags${_lt_dar_export_syms}${_lt_dsymutil}" + + else + ld_shlibs=no + fi + + ;; + + dgux*) + archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' + hardcode_libdir_flag_spec='-L$libdir' + hardcode_shlibpath_var=no + ;; + + # FreeBSD 2.2.[012] allows us to include c++rt0.o to get C++ constructor + # support. Future versions do this automatically, but an explicit c++rt0.o + # does not break anything, and helps significantly (at the cost of a little + # extra space). + freebsd2.2*) + archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags /usr/lib/c++rt0.o' + hardcode_libdir_flag_spec='-R$libdir' + hardcode_direct=yes + hardcode_shlibpath_var=no + ;; + + # Unfortunately, older versions of FreeBSD 2 do not have this feature. + freebsd2.*) + archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' + hardcode_direct=yes + hardcode_minus_L=yes + hardcode_shlibpath_var=no + ;; + + # FreeBSD 3 and greater uses gcc -shared to do shared libraries. + freebsd* | dragonfly*) + archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' + hardcode_libdir_flag_spec='-R$libdir' + hardcode_direct=yes + hardcode_shlibpath_var=no + ;; + + hpux9*) + if test "$GCC" = yes; then + archive_cmds='$RM $output_objdir/$soname~$CC -shared $pic_flag ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $libobjs $deplibs $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib' + else + archive_cmds='$RM $output_objdir/$soname~$LD -b +b $install_libdir -o $output_objdir/$soname $libobjs $deplibs $linker_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib' + fi + hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir' + hardcode_libdir_separator=: + hardcode_direct=yes + + # hardcode_minus_L: Not really in the search PATH, + # but as the default location of the library. + hardcode_minus_L=yes + export_dynamic_flag_spec='${wl}-E' + ;; + + hpux10*) + if test "$GCC" = yes && test "$with_gnu_ld" = no; then + archive_cmds='$CC -shared $pic_flag ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags' + else + archive_cmds='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags' + fi + if test "$with_gnu_ld" = no; then + hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir' + hardcode_libdir_separator=: + hardcode_direct=yes + hardcode_direct_absolute=yes + export_dynamic_flag_spec='${wl}-E' + # hardcode_minus_L: Not really in the search PATH, + # but as the default location of the library. + hardcode_minus_L=yes + fi + ;; + + hpux11*) + if test "$GCC" = yes && test "$with_gnu_ld" = no; then + case $host_cpu in + hppa*64*) + archive_cmds='$CC -shared ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags' + ;; + ia64*) + archive_cmds='$CC -shared $pic_flag ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags' + ;; + *) + archive_cmds='$CC -shared $pic_flag ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags' + ;; + esac + else + case $host_cpu in + hppa*64*) + archive_cmds='$CC -b ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags' + ;; + ia64*) + archive_cmds='$CC -b ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags' + ;; + *) + + # Older versions of the 11.00 compiler do not understand -b yet + # (HP92453-01 A.11.01.20 doesn't, HP92453-01 B.11.X.35175-35176.GP does) + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC understands -b" >&5 +$as_echo_n "checking if $CC understands -b... " >&6; } +if ${lt_cv_prog_compiler__b+:} false; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_prog_compiler__b=no + save_LDFLAGS="$LDFLAGS" + LDFLAGS="$LDFLAGS -b" + echo "$lt_simple_link_test_code" > conftest.$ac_ext + if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then + # The linker can only warn and ignore the option if not recognized + # So say no if there are warnings + if test -s conftest.err; then + # Append any errors to the config.log. + cat conftest.err 1>&5 + $ECHO "$_lt_linker_boilerplate" | $SED '/^$/d' > conftest.exp + $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 + if diff conftest.exp conftest.er2 >/dev/null; then + lt_cv_prog_compiler__b=yes + fi + else + lt_cv_prog_compiler__b=yes + fi + fi + $RM -r conftest* + LDFLAGS="$save_LDFLAGS" + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler__b" >&5 +$as_echo "$lt_cv_prog_compiler__b" >&6; } + +if test x"$lt_cv_prog_compiler__b" = xyes; then + archive_cmds='$CC -b ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags' +else + archive_cmds='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags' +fi + + ;; + esac + fi + if test "$with_gnu_ld" = no; then + hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir' + hardcode_libdir_separator=: + + case $host_cpu in + hppa*64*|ia64*) + hardcode_direct=no + hardcode_shlibpath_var=no + ;; + *) + hardcode_direct=yes + hardcode_direct_absolute=yes + export_dynamic_flag_spec='${wl}-E' + + # hardcode_minus_L: Not really in the search PATH, + # but as the default location of the library. + hardcode_minus_L=yes + ;; + esac + fi + ;; + + irix5* | irix6* | nonstopux*) + if test "$GCC" = yes; then + archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' + # Try to use the -exported_symbol ld option, if it does not + # work, assume that -exports_file does not work either and + # implicitly export all symbols. + # This should be the same for all languages, so no per-tag cache variable. + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the $host_os linker accepts -exported_symbol" >&5 +$as_echo_n "checking whether the $host_os linker accepts -exported_symbol... " >&6; } +if ${lt_cv_irix_exported_symbol+:} false; then : + $as_echo_n "(cached) " >&6 +else + save_LDFLAGS="$LDFLAGS" + LDFLAGS="$LDFLAGS -shared ${wl}-exported_symbol ${wl}foo ${wl}-update_registry ${wl}/dev/null" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +int foo (void) { return 0; } +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + lt_cv_irix_exported_symbol=yes +else + lt_cv_irix_exported_symbol=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + LDFLAGS="$save_LDFLAGS" +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_irix_exported_symbol" >&5 +$as_echo "$lt_cv_irix_exported_symbol" >&6; } + if test "$lt_cv_irix_exported_symbol" = yes; then + archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations ${wl}-exports_file ${wl}$export_symbols -o $lib' + fi + else + archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib' + archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -exports_file $export_symbols -o $lib' + fi + archive_cmds_need_lc='no' + hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir' + hardcode_libdir_separator=: + inherit_rpath=yes + link_all_deplibs=yes + ;; + + netbsd*) + if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then + archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' # a.out + else + archive_cmds='$LD -shared -o $lib $libobjs $deplibs $linker_flags' # ELF + fi + hardcode_libdir_flag_spec='-R$libdir' + hardcode_direct=yes + hardcode_shlibpath_var=no + ;; + + newsos6) + archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' + hardcode_direct=yes + hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir' + hardcode_libdir_separator=: + hardcode_shlibpath_var=no + ;; + + *nto* | *qnx*) + ;; + + openbsd*) + if test -f /usr/libexec/ld.so; then + hardcode_direct=yes + hardcode_shlibpath_var=no + hardcode_direct_absolute=yes + if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then + archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' + archive_expsym_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-retain-symbols-file,$export_symbols' + hardcode_libdir_flag_spec='${wl}-rpath,$libdir' + export_dynamic_flag_spec='${wl}-E' + else + case $host_os in + openbsd[01].* | openbsd2.[0-7] | openbsd2.[0-7].*) + archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' + hardcode_libdir_flag_spec='-R$libdir' + ;; + *) + archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' + hardcode_libdir_flag_spec='${wl}-rpath,$libdir' + ;; + esac + fi + else + ld_shlibs=no + fi + ;; + + os2*) + hardcode_libdir_flag_spec='-L$libdir' + hardcode_minus_L=yes + allow_undefined_flag=unsupported + archive_cmds='$ECHO "LIBRARY $libname INITINSTANCE" > $output_objdir/$libname.def~$ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~echo DATA >> $output_objdir/$libname.def~echo " SINGLE NONSHARED" >> $output_objdir/$libname.def~echo EXPORTS >> $output_objdir/$libname.def~emxexp $libobjs >> $output_objdir/$libname.def~$CC -Zdll -Zcrtdll -o $lib $libobjs $deplibs $compiler_flags $output_objdir/$libname.def' + old_archive_from_new_cmds='emximp -o $output_objdir/$libname.a $output_objdir/$libname.def' + ;; + + osf3*) + if test "$GCC" = yes; then + allow_undefined_flag=' ${wl}-expect_unresolved ${wl}\*' + archive_cmds='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' + else + allow_undefined_flag=' -expect_unresolved \*' + archive_cmds='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib' + fi + archive_cmds_need_lc='no' + hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir' + hardcode_libdir_separator=: + ;; + + osf4* | osf5*) # as osf3* with the addition of -msym flag + if test "$GCC" = yes; then + allow_undefined_flag=' ${wl}-expect_unresolved ${wl}\*' + archive_cmds='$CC -shared${allow_undefined_flag} $pic_flag $libobjs $deplibs $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' + hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir' + else + allow_undefined_flag=' -expect_unresolved \*' + archive_cmds='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags -msym -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib' + archive_expsym_cmds='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done; printf "%s\\n" "-hidden">> $lib.exp~ + $CC -shared${allow_undefined_flag} ${wl}-input ${wl}$lib.exp $compiler_flags $libobjs $deplibs -soname $soname `test -n "$verstring" && $ECHO "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib~$RM $lib.exp' + + # Both c and cxx compiler support -rpath directly + hardcode_libdir_flag_spec='-rpath $libdir' + fi + archive_cmds_need_lc='no' + hardcode_libdir_separator=: + ;; + + solaris*) + no_undefined_flag=' -z defs' + if test "$GCC" = yes; then + wlarc='${wl}' + archive_cmds='$CC -shared $pic_flag ${wl}-z ${wl}text ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags' + archive_expsym_cmds='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ + $CC -shared $pic_flag ${wl}-z ${wl}text ${wl}-M ${wl}$lib.exp ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp' + else + case `$CC -V 2>&1` in + *"Compilers 5.0"*) + wlarc='' + archive_cmds='$LD -G${allow_undefined_flag} -h $soname -o $lib $libobjs $deplibs $linker_flags' + archive_expsym_cmds='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ + $LD -G${allow_undefined_flag} -M $lib.exp -h $soname -o $lib $libobjs $deplibs $linker_flags~$RM $lib.exp' + ;; + *) + wlarc='${wl}' + archive_cmds='$CC -G${allow_undefined_flag} -h $soname -o $lib $libobjs $deplibs $compiler_flags' + archive_expsym_cmds='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ + $CC -G${allow_undefined_flag} -M $lib.exp -h $soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp' + ;; + esac + fi + hardcode_libdir_flag_spec='-R$libdir' + hardcode_shlibpath_var=no + case $host_os in + solaris2.[0-5] | solaris2.[0-5].*) ;; + *) + # The compiler driver will combine and reorder linker options, + # but understands `-z linker_flag'. GCC discards it without `$wl', + # but is careful enough not to reorder. + # Supported since Solaris 2.6 (maybe 2.5.1?) + if test "$GCC" = yes; then + whole_archive_flag_spec='${wl}-z ${wl}allextract$convenience ${wl}-z ${wl}defaultextract' + else + whole_archive_flag_spec='-z allextract$convenience -z defaultextract' + fi + ;; + esac + link_all_deplibs=yes + ;; + + sunos4*) + if test "x$host_vendor" = xsequent; then + # Use $CC to link under sequent, because it throws in some extra .o + # files that make .init and .fini sections work. + archive_cmds='$CC -G ${wl}-h $soname -o $lib $libobjs $deplibs $compiler_flags' + else + archive_cmds='$LD -assert pure-text -Bstatic -o $lib $libobjs $deplibs $linker_flags' + fi + hardcode_libdir_flag_spec='-L$libdir' + hardcode_direct=yes + hardcode_minus_L=yes + hardcode_shlibpath_var=no + ;; + + sysv4) + case $host_vendor in + sni) + archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' + hardcode_direct=yes # is this really true??? + ;; + siemens) + ## LD is ld it makes a PLAMLIB + ## CC just makes a GrossModule. + archive_cmds='$LD -G -o $lib $libobjs $deplibs $linker_flags' + reload_cmds='$CC -r -o $output$reload_objs' + hardcode_direct=no + ;; + motorola) + archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' + hardcode_direct=no #Motorola manual says yes, but my tests say they lie + ;; + esac + runpath_var='LD_RUN_PATH' + hardcode_shlibpath_var=no + ;; + + sysv4.3*) + archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' + hardcode_shlibpath_var=no + export_dynamic_flag_spec='-Bexport' + ;; + + sysv4*MP*) + if test -d /usr/nec; then + archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' + hardcode_shlibpath_var=no + runpath_var=LD_RUN_PATH + hardcode_runpath_var=yes + ld_shlibs=yes + fi + ;; + + sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[01].[10]* | unixware7* | sco3.2v5.0.[024]*) + no_undefined_flag='${wl}-z,text' + archive_cmds_need_lc=no + hardcode_shlibpath_var=no + runpath_var='LD_RUN_PATH' + + if test "$GCC" = yes; then + archive_cmds='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + archive_expsym_cmds='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + else + archive_cmds='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + archive_expsym_cmds='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + fi + ;; + + sysv5* | sco3.2v5* | sco5v6*) + # Note: We can NOT use -z defs as we might desire, because we do not + # link with -lc, and that would cause any symbols used from libc to + # always be unresolved, which means just about no library would + # ever link correctly. If we're not using GNU ld we use -z text + # though, which does catch some bad symbols but isn't as heavy-handed + # as -z defs. + no_undefined_flag='${wl}-z,text' + allow_undefined_flag='${wl}-z,nodefs' + archive_cmds_need_lc=no + hardcode_shlibpath_var=no + hardcode_libdir_flag_spec='${wl}-R,$libdir' + hardcode_libdir_separator=':' + link_all_deplibs=yes + export_dynamic_flag_spec='${wl}-Bexport' + runpath_var='LD_RUN_PATH' + + if test "$GCC" = yes; then + archive_cmds='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + archive_expsym_cmds='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + else + archive_cmds='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + archive_expsym_cmds='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + fi + ;; + + uts4*) + archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' + hardcode_libdir_flag_spec='-L$libdir' + hardcode_shlibpath_var=no + ;; + + *) + ld_shlibs=no + ;; + esac + + if test x$host_vendor = xsni; then + case $host in + sysv4 | sysv4.2uw2* | sysv4.3* | sysv5*) + export_dynamic_flag_spec='${wl}-Blargedynsym' + ;; + esac + fi + fi + +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ld_shlibs" >&5 +$as_echo "$ld_shlibs" >&6; } +test "$ld_shlibs" = no && can_build_shared=no + +with_gnu_ld=$with_gnu_ld + + + + + + + + + + + + + + + +# +# Do we need to explicitly link libc? +# +case "x$archive_cmds_need_lc" in +x|xyes) + # Assume -lc should be added + archive_cmds_need_lc=yes + + if test "$enable_shared" = yes && test "$GCC" = yes; then + case $archive_cmds in + *'~'*) + # FIXME: we may have to deal with multi-command sequences. + ;; + '$CC '*) + # Test whether the compiler implicitly links with -lc since on some + # systems, -lgcc has to come before -lc. If gcc already passes -lc + # to ld, don't add -lc before -lgcc. + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether -lc should be explicitly linked in" >&5 +$as_echo_n "checking whether -lc should be explicitly linked in... " >&6; } +if ${lt_cv_archive_cmds_need_lc+:} false; then : + $as_echo_n "(cached) " >&6 +else + $RM conftest* + echo "$lt_simple_compile_test_code" > conftest.$ac_ext + + if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } 2>conftest.err; then + soname=conftest + lib=conftest + libobjs=conftest.$ac_objext + deplibs= + wl=$lt_prog_compiler_wl + pic_flag=$lt_prog_compiler_pic + compiler_flags=-v + linker_flags=-v + verstring= + output_objdir=. + libname=conftest + lt_save_allow_undefined_flag=$allow_undefined_flag + allow_undefined_flag= + if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$archive_cmds 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1\""; } >&5 + (eval $archive_cmds 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + then + lt_cv_archive_cmds_need_lc=no + else + lt_cv_archive_cmds_need_lc=yes + fi + allow_undefined_flag=$lt_save_allow_undefined_flag + else + cat conftest.err 1>&5 + fi + $RM conftest* + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_archive_cmds_need_lc" >&5 +$as_echo "$lt_cv_archive_cmds_need_lc" >&6; } + archive_cmds_need_lc=$lt_cv_archive_cmds_need_lc + ;; + esac + fi + ;; +esac + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking dynamic linker characteristics" >&5 +$as_echo_n "checking dynamic linker characteristics... " >&6; } + +if test "$GCC" = yes; then + case $host_os in + darwin*) lt_awk_arg="/^libraries:/,/LR/" ;; + *) lt_awk_arg="/^libraries:/" ;; + esac + case $host_os in + mingw* | cegcc*) lt_sed_strip_eq="s,=\([A-Za-z]:\),\1,g" ;; + *) lt_sed_strip_eq="s,=/,/,g" ;; + esac + lt_search_path_spec=`$CC -print-search-dirs | awk $lt_awk_arg | $SED -e "s/^libraries://" -e $lt_sed_strip_eq` + case $lt_search_path_spec in + *\;*) + # if the path contains ";" then we assume it to be the separator + # otherwise default to the standard path separator (i.e. ":") - it is + # assumed that no part of a normal pathname contains ";" but that should + # okay in the real world where ";" in dirpaths is itself problematic. + lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED 's/;/ /g'` + ;; + *) + lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED "s/$PATH_SEPARATOR/ /g"` + ;; + esac + # Ok, now we have the path, separated by spaces, we can step through it + # and add multilib dir if necessary. + lt_tmp_lt_search_path_spec= + lt_multi_os_dir=`$CC $CPPFLAGS $CFLAGS $LDFLAGS -print-multi-os-directory 2>/dev/null` + for lt_sys_path in $lt_search_path_spec; do + if test -d "$lt_sys_path/$lt_multi_os_dir"; then + lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path/$lt_multi_os_dir" + else + test -d "$lt_sys_path" && \ + lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path" + fi + done + lt_search_path_spec=`$ECHO "$lt_tmp_lt_search_path_spec" | awk ' +BEGIN {RS=" "; FS="/|\n";} { + lt_foo=""; + lt_count=0; + for (lt_i = NF; lt_i > 0; lt_i--) { + if ($lt_i != "" && $lt_i != ".") { + if ($lt_i == "..") { + lt_count++; + } else { + if (lt_count == 0) { + lt_foo="/" $lt_i lt_foo; + } else { + lt_count--; + } + } + } + } + if (lt_foo != "") { lt_freq[lt_foo]++; } + if (lt_freq[lt_foo] == 1) { print lt_foo; } +}'` + # AWK program above erroneously prepends '/' to C:/dos/paths + # for these hosts. + case $host_os in + mingw* | cegcc*) lt_search_path_spec=`$ECHO "$lt_search_path_spec" |\ + $SED 's,/\([A-Za-z]:\),\1,g'` ;; + esac + sys_lib_search_path_spec=`$ECHO "$lt_search_path_spec" | $lt_NL2SP` +else + sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib" +fi +library_names_spec= +libname_spec='lib$name' +soname_spec= +shrext_cmds=".so" +postinstall_cmds= +postuninstall_cmds= +finish_cmds= +finish_eval= +shlibpath_var= +shlibpath_overrides_runpath=unknown +version_type=none +dynamic_linker="$host_os ld.so" +sys_lib_dlsearch_path_spec="/lib /usr/lib" +need_lib_prefix=unknown +hardcode_into_libs=no + +# when you set need_version to no, make sure it does not cause -set_version +# flags to be left without arguments +need_version=unknown + +case $host_os in +aix3*) + version_type=linux # correct to gnu/linux during the next big refactor + library_names_spec='${libname}${release}${shared_ext}$versuffix $libname.a' + shlibpath_var=LIBPATH + + # AIX 3 has no versioning support, so we append a major version to the name. + soname_spec='${libname}${release}${shared_ext}$major' + ;; + +aix[4-9]*) + version_type=linux # correct to gnu/linux during the next big refactor + need_lib_prefix=no + need_version=no + hardcode_into_libs=yes + if test "$host_cpu" = ia64; then + # AIX 5 supports IA64 + library_names_spec='${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext}$versuffix $libname${shared_ext}' + shlibpath_var=LD_LIBRARY_PATH + else + # With GCC up to 2.95.x, collect2 would create an import file + # for dependence libraries. The import file would start with + # the line `#! .'. This would cause the generated library to + # depend on `.', always an invalid library. This was fixed in + # development snapshots of GCC prior to 3.0. + case $host_os in + aix4 | aix4.[01] | aix4.[01].*) + if { echo '#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 97)' + echo ' yes ' + echo '#endif'; } | ${CC} -E - | $GREP yes > /dev/null; then + : + else + can_build_shared=no + fi + ;; + esac + # AIX (on Power*) has no versioning support, so currently we can not hardcode correct + # soname into executable. Probably we can add versioning support to + # collect2, so additional links can be useful in future. + if test "$aix_use_runtimelinking" = yes; then + # If using run time linking (on AIX 4.2 or later) use lib.so + # instead of lib.a to let people know that these are not + # typical AIX shared libraries. + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + else + # We preserve .a as extension for shared libraries through AIX4.2 + # and later when we are not doing run time linking. + library_names_spec='${libname}${release}.a $libname.a' + soname_spec='${libname}${release}${shared_ext}$major' + fi + shlibpath_var=LIBPATH + fi + ;; + +amigaos*) + case $host_cpu in + powerpc) + # Since July 2007 AmigaOS4 officially supports .so libraries. + # When compiling the executable, add -use-dynld -Lsobjs: to the compileline. + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + ;; + m68k) + library_names_spec='$libname.ixlibrary $libname.a' + # Create ${libname}_ixlibrary.a entries in /sys/libs. + finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`func_echo_all "$lib" | $SED '\''s%^.*/\([^/]*\)\.ixlibrary$%\1%'\''`; test $RM /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done' + ;; + esac + ;; + +beos*) + library_names_spec='${libname}${shared_ext}' + dynamic_linker="$host_os ld.so" + shlibpath_var=LIBRARY_PATH + ;; + +bsdi[45]*) + version_type=linux # correct to gnu/linux during the next big refactor + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + finish_cmds='PATH="\$PATH:/sbin" ldconfig $libdir' + shlibpath_var=LD_LIBRARY_PATH + sys_lib_search_path_spec="/shlib /usr/lib /usr/X11/lib /usr/contrib/lib /lib /usr/local/lib" + sys_lib_dlsearch_path_spec="/shlib /usr/lib /usr/local/lib" + # the default ld.so.conf also contains /usr/contrib/lib and + # /usr/X11R6/lib (/usr/X11 is a link to /usr/X11R6), but let us allow + # libtool to hard-code these into programs + ;; + +cygwin* | mingw* | pw32* | cegcc*) + version_type=windows + shrext_cmds=".dll" + need_version=no + need_lib_prefix=no + + case $GCC,$cc_basename in + yes,*) + # gcc + library_names_spec='$libname.dll.a' + # DLL is installed to $(libdir)/../bin by postinstall_cmds + postinstall_cmds='base_file=`basename \${file}`~ + dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\${base_file}'\''i; echo \$dlname'\''`~ + dldir=$destdir/`dirname \$dlpath`~ + test -d \$dldir || mkdir -p \$dldir~ + $install_prog $dir/$dlname \$dldir/$dlname~ + chmod a+x \$dldir/$dlname~ + if test -n '\''$stripme'\'' && test -n '\''$striplib'\''; then + eval '\''$striplib \$dldir/$dlname'\'' || exit \$?; + fi' + postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~ + dlpath=$dir/\$dldll~ + $RM \$dlpath' + shlibpath_overrides_runpath=yes + + case $host_os in + cygwin*) + # Cygwin DLLs use 'cyg' prefix rather than 'lib' + soname_spec='`echo ${libname} | sed -e 's/^lib/cyg/'``echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}' + + sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/lib/w32api" + ;; + mingw* | cegcc*) + # MinGW DLLs use traditional 'lib' prefix + soname_spec='${libname}`echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}' + ;; + pw32*) + # pw32 DLLs use 'pw' prefix rather than 'lib' + library_names_spec='`echo ${libname} | sed -e 's/^lib/pw/'``echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}' + ;; + esac + dynamic_linker='Win32 ld.exe' + ;; + + *,cl*) + # Native MSVC + libname_spec='$name' + soname_spec='${libname}`echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}' + library_names_spec='${libname}.dll.lib' + + case $build_os in + mingw*) + sys_lib_search_path_spec= + lt_save_ifs=$IFS + IFS=';' + for lt_path in $LIB + do + IFS=$lt_save_ifs + # Let DOS variable expansion print the short 8.3 style file name. + lt_path=`cd "$lt_path" 2>/dev/null && cmd //C "for %i in (".") do @echo %~si"` + sys_lib_search_path_spec="$sys_lib_search_path_spec $lt_path" + done + IFS=$lt_save_ifs + # Convert to MSYS style. + sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | sed -e 's|\\\\|/|g' -e 's| \\([a-zA-Z]\\):| /\\1|g' -e 's|^ ||'` + ;; + cygwin*) + # Convert to unix form, then to dos form, then back to unix form + # but this time dos style (no spaces!) so that the unix form looks + # like /cygdrive/c/PROGRA~1:/cygdr... + sys_lib_search_path_spec=`cygpath --path --unix "$LIB"` + sys_lib_search_path_spec=`cygpath --path --dos "$sys_lib_search_path_spec" 2>/dev/null` + sys_lib_search_path_spec=`cygpath --path --unix "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"` + ;; + *) + sys_lib_search_path_spec="$LIB" + if $ECHO "$sys_lib_search_path_spec" | $GREP ';[c-zC-Z]:/' >/dev/null; then + # It is most probably a Windows format PATH. + sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'` + else + sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"` + fi + # FIXME: find the short name or the path components, as spaces are + # common. (e.g. "Program Files" -> "PROGRA~1") + ;; + esac + + # DLL is installed to $(libdir)/../bin by postinstall_cmds + postinstall_cmds='base_file=`basename \${file}`~ + dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\${base_file}'\''i; echo \$dlname'\''`~ + dldir=$destdir/`dirname \$dlpath`~ + test -d \$dldir || mkdir -p \$dldir~ + $install_prog $dir/$dlname \$dldir/$dlname' + postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~ + dlpath=$dir/\$dldll~ + $RM \$dlpath' + shlibpath_overrides_runpath=yes + dynamic_linker='Win32 link.exe' + ;; + + *) + # Assume MSVC wrapper + library_names_spec='${libname}`echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext} $libname.lib' + dynamic_linker='Win32 ld.exe' + ;; + esac + # FIXME: first we should search . and the directory the executable is in + shlibpath_var=PATH + ;; + +darwin* | rhapsody*) + dynamic_linker="$host_os dyld" + version_type=darwin + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${major}$shared_ext ${libname}$shared_ext' + soname_spec='${libname}${release}${major}$shared_ext' + shlibpath_overrides_runpath=yes + shlibpath_var=DYLD_LIBRARY_PATH + shrext_cmds='`test .$module = .yes && echo .so || echo .dylib`' + + sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/local/lib" + sys_lib_dlsearch_path_spec='/usr/local/lib /lib /usr/lib' + ;; + +dgux*) + version_type=linux # correct to gnu/linux during the next big refactor + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname$shared_ext' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + ;; + +freebsd* | dragonfly*) + # DragonFly does not have aout. When/if they implement a new + # versioning mechanism, adjust this. + if test -x /usr/bin/objformat; then + objformat=`/usr/bin/objformat` + else + case $host_os in + freebsd[23].*) objformat=aout ;; + *) objformat=elf ;; + esac + fi + version_type=freebsd-$objformat + case $version_type in + freebsd-elf*) + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}' + need_version=no + need_lib_prefix=no + ;; + freebsd-*) + library_names_spec='${libname}${release}${shared_ext}$versuffix $libname${shared_ext}$versuffix' + need_version=yes + ;; + esac + shlibpath_var=LD_LIBRARY_PATH + case $host_os in + freebsd2.*) + shlibpath_overrides_runpath=yes + ;; + freebsd3.[01]* | freebsdelf3.[01]*) + shlibpath_overrides_runpath=yes + hardcode_into_libs=yes + ;; + freebsd3.[2-9]* | freebsdelf3.[2-9]* | \ + freebsd4.[0-5] | freebsdelf4.[0-5] | freebsd4.1.1 | freebsdelf4.1.1) + shlibpath_overrides_runpath=no + hardcode_into_libs=yes + ;; + *) # from 4.6 on, and DragonFly + shlibpath_overrides_runpath=yes + hardcode_into_libs=yes + ;; + esac + ;; + +gnu*) + version_type=linux # correct to gnu/linux during the next big refactor + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}${major} ${libname}${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no + hardcode_into_libs=yes + ;; + +haiku*) + version_type=linux # correct to gnu/linux during the next big refactor + need_lib_prefix=no + need_version=no + dynamic_linker="$host_os runtime_loader" + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}${major} ${libname}${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LIBRARY_PATH + shlibpath_overrides_runpath=yes + sys_lib_dlsearch_path_spec='/boot/home/config/lib /boot/common/lib /boot/system/lib' + hardcode_into_libs=yes + ;; + +hpux9* | hpux10* | hpux11*) + # Give a soname corresponding to the major version so that dld.sl refuses to + # link against other versions. + version_type=sunos + need_lib_prefix=no + need_version=no + case $host_cpu in + ia64*) + shrext_cmds='.so' + hardcode_into_libs=yes + dynamic_linker="$host_os dld.so" + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + if test "X$HPUX_IA64_MODE" = X32; then + sys_lib_search_path_spec="/usr/lib/hpux32 /usr/local/lib/hpux32 /usr/local/lib" + else + sys_lib_search_path_spec="/usr/lib/hpux64 /usr/local/lib/hpux64" + fi + sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec + ;; + hppa*64*) + shrext_cmds='.sl' + hardcode_into_libs=yes + dynamic_linker="$host_os dld.sl" + shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH + shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + sys_lib_search_path_spec="/usr/lib/pa20_64 /usr/ccs/lib/pa20_64" + sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec + ;; + *) + shrext_cmds='.sl' + dynamic_linker="$host_os dld.sl" + shlibpath_var=SHLIB_PATH + shlibpath_overrides_runpath=no # +s is required to enable SHLIB_PATH + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + ;; + esac + # HP-UX runs *really* slowly unless shared libraries are mode 555, ... + postinstall_cmds='chmod 555 $lib' + # or fails outright, so override atomically: + install_override_mode=555 + ;; + +interix[3-9]*) + version_type=linux # correct to gnu/linux during the next big refactor + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + dynamic_linker='Interix 3.x ld.so.1 (PE, like ELF)' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no + hardcode_into_libs=yes + ;; + +irix5* | irix6* | nonstopux*) + case $host_os in + nonstopux*) version_type=nonstopux ;; + *) + if test "$lt_cv_prog_gnu_ld" = yes; then + version_type=linux # correct to gnu/linux during the next big refactor + else + version_type=irix + fi ;; + esac + need_lib_prefix=no + need_version=no + soname_spec='${libname}${release}${shared_ext}$major' + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext} $libname${shared_ext}' + case $host_os in + irix5* | nonstopux*) + libsuff= shlibsuff= + ;; + *) + case $LD in # libtool.m4 will add one of these switches to LD + *-32|*"-32 "|*-melf32bsmip|*"-melf32bsmip ") + libsuff= shlibsuff= libmagic=32-bit;; + *-n32|*"-n32 "|*-melf32bmipn32|*"-melf32bmipn32 ") + libsuff=32 shlibsuff=N32 libmagic=N32;; + *-64|*"-64 "|*-melf64bmip|*"-melf64bmip ") + libsuff=64 shlibsuff=64 libmagic=64-bit;; + *) libsuff= shlibsuff= libmagic=never-match;; + esac + ;; + esac + shlibpath_var=LD_LIBRARY${shlibsuff}_PATH + shlibpath_overrides_runpath=no + sys_lib_search_path_spec="/usr/lib${libsuff} /lib${libsuff} /usr/local/lib${libsuff}" + sys_lib_dlsearch_path_spec="/usr/lib${libsuff} /lib${libsuff}" + hardcode_into_libs=yes + ;; + +# No shared lib support for Linux oldld, aout, or coff. +linux*oldld* | linux*aout* | linux*coff*) + dynamic_linker=no + ;; + +# This must be glibc/ELF. +linux* | k*bsd*-gnu | kopensolaris*-gnu) + version_type=linux # correct to gnu/linux during the next big refactor + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + finish_cmds='PATH="\$PATH:/sbin" ldconfig -n $libdir' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no + + # Some binutils ld are patched to set DT_RUNPATH + if ${lt_cv_shlibpath_overrides_runpath+:} false; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_shlibpath_overrides_runpath=no + save_LDFLAGS=$LDFLAGS + save_libdir=$libdir + eval "libdir=/foo; wl=\"$lt_prog_compiler_wl\"; \ + LDFLAGS=\"\$LDFLAGS $hardcode_libdir_flag_spec\"" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + if ($OBJDUMP -p conftest$ac_exeext) 2>/dev/null | grep "RUNPATH.*$libdir" >/dev/null; then : + lt_cv_shlibpath_overrides_runpath=yes +fi +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + LDFLAGS=$save_LDFLAGS + libdir=$save_libdir + +fi + + shlibpath_overrides_runpath=$lt_cv_shlibpath_overrides_runpath + + # This implies no fast_install, which is unacceptable. + # Some rework will be needed to allow for fast_install + # before this can be enabled. + hardcode_into_libs=yes + + # Add ABI-specific directories to the system library path. + sys_lib_dlsearch_path_spec="/lib64 /usr/lib64 /lib /usr/lib" + + # Append ld.so.conf contents to the search path + if test -f /etc/ld.so.conf; then + lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[ ]*hwcap[ ]/d;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;s/"//g;/^$/d' | tr '\n' ' '` + sys_lib_dlsearch_path_spec="$sys_lib_dlsearch_path_spec $lt_ld_extra" + + fi + + # We used to test for /lib/ld.so.1 and disable shared libraries on + # powerpc, because MkLinux only supported shared libraries with the + # GNU dynamic linker. Since this was broken with cross compilers, + # most powerpc-linux boxes support dynamic linking these days and + # people can always --disable-shared, the test was removed, and we + # assume the GNU/Linux dynamic linker is in use. + dynamic_linker='GNU/Linux ld.so' + ;; + +netbsd*) + version_type=sunos + need_lib_prefix=no + need_version=no + if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix' + finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir' + dynamic_linker='NetBSD (a.out) ld.so' + else + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + dynamic_linker='NetBSD ld.elf_so' + fi + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + hardcode_into_libs=yes + ;; + +newsos6) + version_type=linux # correct to gnu/linux during the next big refactor + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + ;; + +*nto* | *qnx*) + version_type=qnx + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no + hardcode_into_libs=yes + dynamic_linker='ldqnx.so' + ;; + +openbsd*) + version_type=sunos + sys_lib_dlsearch_path_spec="/usr/lib" + need_lib_prefix=no + # Some older versions of OpenBSD (3.3 at least) *do* need versioned libs. + case $host_os in + openbsd3.3 | openbsd3.3.*) need_version=yes ;; + *) need_version=no ;; + esac + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix' + finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir' + shlibpath_var=LD_LIBRARY_PATH + if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then + case $host_os in + openbsd2.[89] | openbsd2.[89].*) + shlibpath_overrides_runpath=no + ;; + *) + shlibpath_overrides_runpath=yes + ;; + esac + else + shlibpath_overrides_runpath=yes + fi + ;; + +os2*) + libname_spec='$name' + shrext_cmds=".dll" + need_lib_prefix=no + library_names_spec='$libname${shared_ext} $libname.a' + dynamic_linker='OS/2 ld.exe' + shlibpath_var=LIBPATH + ;; + +osf3* | osf4* | osf5*) + version_type=osf + need_lib_prefix=no + need_version=no + soname_spec='${libname}${release}${shared_ext}$major' + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + shlibpath_var=LD_LIBRARY_PATH + sys_lib_search_path_spec="/usr/shlib /usr/ccs/lib /usr/lib/cmplrs/cc /usr/lib /usr/local/lib /var/shlib" + sys_lib_dlsearch_path_spec="$sys_lib_search_path_spec" + ;; + +rdos*) + dynamic_linker=no + ;; + +solaris*) + version_type=linux # correct to gnu/linux during the next big refactor + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + hardcode_into_libs=yes + # ldd complains unless libraries are executable + postinstall_cmds='chmod +x $lib' + ;; + +sunos4*) + version_type=sunos + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix' + finish_cmds='PATH="\$PATH:/usr/etc" ldconfig $libdir' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + if test "$with_gnu_ld" = yes; then + need_lib_prefix=no + fi + need_version=yes + ;; + +sysv4 | sysv4.3*) + version_type=linux # correct to gnu/linux during the next big refactor + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + case $host_vendor in + sni) + shlibpath_overrides_runpath=no + need_lib_prefix=no + runpath_var=LD_RUN_PATH + ;; + siemens) + need_lib_prefix=no + ;; + motorola) + need_lib_prefix=no + need_version=no + shlibpath_overrides_runpath=no + sys_lib_search_path_spec='/lib /usr/lib /usr/ccs/lib' + ;; + esac + ;; + +sysv4*MP*) + if test -d /usr/nec ;then + version_type=linux # correct to gnu/linux during the next big refactor + library_names_spec='$libname${shared_ext}.$versuffix $libname${shared_ext}.$major $libname${shared_ext}' + soname_spec='$libname${shared_ext}.$major' + shlibpath_var=LD_LIBRARY_PATH + fi + ;; + +sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*) + version_type=freebsd-elf + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + hardcode_into_libs=yes + if test "$with_gnu_ld" = yes; then + sys_lib_search_path_spec='/usr/local/lib /usr/gnu/lib /usr/ccs/lib /usr/lib /lib' + else + sys_lib_search_path_spec='/usr/ccs/lib /usr/lib' + case $host_os in + sco3.2v5*) + sys_lib_search_path_spec="$sys_lib_search_path_spec /lib" + ;; + esac + fi + sys_lib_dlsearch_path_spec='/usr/lib' + ;; + +tpf*) + # TPF is a cross-target only. Preferred cross-host = GNU/Linux. + version_type=linux # correct to gnu/linux during the next big refactor + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no + hardcode_into_libs=yes + ;; + +uts4*) + version_type=linux # correct to gnu/linux during the next big refactor + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + ;; + +*) + dynamic_linker=no + ;; +esac +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $dynamic_linker" >&5 +$as_echo "$dynamic_linker" >&6; } +test "$dynamic_linker" = no && can_build_shared=no + +variables_saved_for_relink="PATH $shlibpath_var $runpath_var" +if test "$GCC" = yes; then + variables_saved_for_relink="$variables_saved_for_relink GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH" +fi + +if test "${lt_cv_sys_lib_search_path_spec+set}" = set; then + sys_lib_search_path_spec="$lt_cv_sys_lib_search_path_spec" +fi +if test "${lt_cv_sys_lib_dlsearch_path_spec+set}" = set; then + sys_lib_dlsearch_path_spec="$lt_cv_sys_lib_dlsearch_path_spec" +fi + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to hardcode library paths into programs" >&5 +$as_echo_n "checking how to hardcode library paths into programs... " >&6; } +hardcode_action= +if test -n "$hardcode_libdir_flag_spec" || + test -n "$runpath_var" || + test "X$hardcode_automatic" = "Xyes" ; then + + # We can hardcode non-existent directories. + if test "$hardcode_direct" != no && + # If the only mechanism to avoid hardcoding is shlibpath_var, we + # have to relink, otherwise we might link with an installed library + # when we should be linking with a yet-to-be-installed one + ## test "$_LT_TAGVAR(hardcode_shlibpath_var, )" != no && + test "$hardcode_minus_L" != no; then + # Linking always hardcodes the temporary library directory. + hardcode_action=relink + else + # We can link without hardcoding, and we can hardcode nonexisting dirs. + hardcode_action=immediate + fi +else + # We cannot hardcode anything, or else we can only hardcode existing + # directories. + hardcode_action=unsupported +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $hardcode_action" >&5 +$as_echo "$hardcode_action" >&6; } + +if test "$hardcode_action" = relink || + test "$inherit_rpath" = yes; then + # Fast installation is not supported + enable_fast_install=no +elif test "$shlibpath_overrides_runpath" = yes || + test "$enable_shared" = no; then + # Fast installation is not necessary + enable_fast_install=needless +fi + + + + + + + if test "x$enable_dlopen" != xyes; then + enable_dlopen=unknown + enable_dlopen_self=unknown + enable_dlopen_self_static=unknown +else + lt_cv_dlopen=no + lt_cv_dlopen_libs= + + case $host_os in + beos*) + lt_cv_dlopen="load_add_on" + lt_cv_dlopen_libs= + lt_cv_dlopen_self=yes + ;; + + mingw* | pw32* | cegcc*) + lt_cv_dlopen="LoadLibrary" + lt_cv_dlopen_libs= + ;; + + cygwin*) + lt_cv_dlopen="dlopen" + lt_cv_dlopen_libs= + ;; + + darwin*) + # if libdl is installed we need to link against it + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5 +$as_echo_n "checking for dlopen in -ldl... " >&6; } +if ${ac_cv_lib_dl_dlopen+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-ldl $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char dlopen (); +int +main () +{ +return dlopen (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_dl_dlopen=yes +else + ac_cv_lib_dl_dlopen=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5 +$as_echo "$ac_cv_lib_dl_dlopen" >&6; } +if test "x$ac_cv_lib_dl_dlopen" = xyes; then : + lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl" +else + + lt_cv_dlopen="dyld" + lt_cv_dlopen_libs= + lt_cv_dlopen_self=yes + +fi + + ;; + + *) + ac_fn_c_check_func "$LINENO" "shl_load" "ac_cv_func_shl_load" +if test "x$ac_cv_func_shl_load" = xyes; then : + lt_cv_dlopen="shl_load" +else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for shl_load in -ldld" >&5 +$as_echo_n "checking for shl_load in -ldld... " >&6; } +if ${ac_cv_lib_dld_shl_load+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-ldld $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char shl_load (); +int +main () +{ +return shl_load (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_dld_shl_load=yes +else + ac_cv_lib_dld_shl_load=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dld_shl_load" >&5 +$as_echo "$ac_cv_lib_dld_shl_load" >&6; } +if test "x$ac_cv_lib_dld_shl_load" = xyes; then : + lt_cv_dlopen="shl_load" lt_cv_dlopen_libs="-ldld" +else + ac_fn_c_check_func "$LINENO" "dlopen" "ac_cv_func_dlopen" +if test "x$ac_cv_func_dlopen" = xyes; then : + lt_cv_dlopen="dlopen" +else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5 +$as_echo_n "checking for dlopen in -ldl... " >&6; } +if ${ac_cv_lib_dl_dlopen+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-ldl $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char dlopen (); +int +main () +{ +return dlopen (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_dl_dlopen=yes +else + ac_cv_lib_dl_dlopen=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5 +$as_echo "$ac_cv_lib_dl_dlopen" >&6; } +if test "x$ac_cv_lib_dl_dlopen" = xyes; then : + lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl" +else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -lsvld" >&5 +$as_echo_n "checking for dlopen in -lsvld... " >&6; } +if ${ac_cv_lib_svld_dlopen+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lsvld $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char dlopen (); +int +main () +{ +return dlopen (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_svld_dlopen=yes +else + ac_cv_lib_svld_dlopen=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_svld_dlopen" >&5 +$as_echo "$ac_cv_lib_svld_dlopen" >&6; } +if test "x$ac_cv_lib_svld_dlopen" = xyes; then : + lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-lsvld" +else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dld_link in -ldld" >&5 +$as_echo_n "checking for dld_link in -ldld... " >&6; } +if ${ac_cv_lib_dld_dld_link+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-ldld $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char dld_link (); +int +main () +{ +return dld_link (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_dld_dld_link=yes +else + ac_cv_lib_dld_dld_link=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dld_dld_link" >&5 +$as_echo "$ac_cv_lib_dld_dld_link" >&6; } +if test "x$ac_cv_lib_dld_dld_link" = xyes; then : + lt_cv_dlopen="dld_link" lt_cv_dlopen_libs="-ldld" +fi + + +fi + + +fi + + +fi + + +fi + + +fi + + ;; + esac + + if test "x$lt_cv_dlopen" != xno; then + enable_dlopen=yes + else + enable_dlopen=no + fi + + case $lt_cv_dlopen in + dlopen) + save_CPPFLAGS="$CPPFLAGS" + test "x$ac_cv_header_dlfcn_h" = xyes && CPPFLAGS="$CPPFLAGS -DHAVE_DLFCN_H" + + save_LDFLAGS="$LDFLAGS" + wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $export_dynamic_flag_spec\" + + save_LIBS="$LIBS" + LIBS="$lt_cv_dlopen_libs $LIBS" + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether a program can dlopen itself" >&5 +$as_echo_n "checking whether a program can dlopen itself... " >&6; } +if ${lt_cv_dlopen_self+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test "$cross_compiling" = yes; then : + lt_cv_dlopen_self=cross +else + lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 + lt_status=$lt_dlunknown + cat > conftest.$ac_ext <<_LT_EOF +#line $LINENO "configure" +#include "confdefs.h" + +#if HAVE_DLFCN_H +#include +#endif + +#include + +#ifdef RTLD_GLOBAL +# define LT_DLGLOBAL RTLD_GLOBAL +#else +# ifdef DL_GLOBAL +# define LT_DLGLOBAL DL_GLOBAL +# else +# define LT_DLGLOBAL 0 +# endif +#endif + +/* We may have to define LT_DLLAZY_OR_NOW in the command line if we + find out it does not work in some platform. */ +#ifndef LT_DLLAZY_OR_NOW +# ifdef RTLD_LAZY +# define LT_DLLAZY_OR_NOW RTLD_LAZY +# else +# ifdef DL_LAZY +# define LT_DLLAZY_OR_NOW DL_LAZY +# else +# ifdef RTLD_NOW +# define LT_DLLAZY_OR_NOW RTLD_NOW +# else +# ifdef DL_NOW +# define LT_DLLAZY_OR_NOW DL_NOW +# else +# define LT_DLLAZY_OR_NOW 0 +# endif +# endif +# endif +# endif +#endif + +/* When -fvisbility=hidden is used, assume the code has been annotated + correspondingly for the symbols needed. */ +#if defined(__GNUC__) && (((__GNUC__ == 3) && (__GNUC_MINOR__ >= 3)) || (__GNUC__ > 3)) +int fnord () __attribute__((visibility("default"))); +#endif + +int fnord () { return 42; } +int main () +{ + void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW); + int status = $lt_dlunknown; + + if (self) + { + if (dlsym (self,"fnord")) status = $lt_dlno_uscore; + else + { + if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore; + else puts (dlerror ()); + } + /* dlclose (self); */ + } + else + puts (dlerror ()); + + return status; +} +_LT_EOF + if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_link\""; } >&5 + (eval $ac_link) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } && test -s conftest${ac_exeext} 2>/dev/null; then + (./conftest; exit; ) >&5 2>/dev/null + lt_status=$? + case x$lt_status in + x$lt_dlno_uscore) lt_cv_dlopen_self=yes ;; + x$lt_dlneed_uscore) lt_cv_dlopen_self=yes ;; + x$lt_dlunknown|x*) lt_cv_dlopen_self=no ;; + esac + else : + # compilation failed + lt_cv_dlopen_self=no + fi +fi +rm -fr conftest* + + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_dlopen_self" >&5 +$as_echo "$lt_cv_dlopen_self" >&6; } + + if test "x$lt_cv_dlopen_self" = xyes; then + wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $lt_prog_compiler_static\" + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether a statically linked program can dlopen itself" >&5 +$as_echo_n "checking whether a statically linked program can dlopen itself... " >&6; } +if ${lt_cv_dlopen_self_static+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test "$cross_compiling" = yes; then : + lt_cv_dlopen_self_static=cross +else + lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 + lt_status=$lt_dlunknown + cat > conftest.$ac_ext <<_LT_EOF +#line $LINENO "configure" +#include "confdefs.h" + +#if HAVE_DLFCN_H +#include +#endif + +#include + +#ifdef RTLD_GLOBAL +# define LT_DLGLOBAL RTLD_GLOBAL +#else +# ifdef DL_GLOBAL +# define LT_DLGLOBAL DL_GLOBAL +# else +# define LT_DLGLOBAL 0 +# endif +#endif + +/* We may have to define LT_DLLAZY_OR_NOW in the command line if we + find out it does not work in some platform. */ +#ifndef LT_DLLAZY_OR_NOW +# ifdef RTLD_LAZY +# define LT_DLLAZY_OR_NOW RTLD_LAZY +# else +# ifdef DL_LAZY +# define LT_DLLAZY_OR_NOW DL_LAZY +# else +# ifdef RTLD_NOW +# define LT_DLLAZY_OR_NOW RTLD_NOW +# else +# ifdef DL_NOW +# define LT_DLLAZY_OR_NOW DL_NOW +# else +# define LT_DLLAZY_OR_NOW 0 +# endif +# endif +# endif +# endif +#endif + +/* When -fvisbility=hidden is used, assume the code has been annotated + correspondingly for the symbols needed. */ +#if defined(__GNUC__) && (((__GNUC__ == 3) && (__GNUC_MINOR__ >= 3)) || (__GNUC__ > 3)) +int fnord () __attribute__((visibility("default"))); +#endif + +int fnord () { return 42; } +int main () +{ + void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW); + int status = $lt_dlunknown; + + if (self) + { + if (dlsym (self,"fnord")) status = $lt_dlno_uscore; + else + { + if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore; + else puts (dlerror ()); + } + /* dlclose (self); */ + } + else + puts (dlerror ()); + + return status; +} +_LT_EOF + if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_link\""; } >&5 + (eval $ac_link) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } && test -s conftest${ac_exeext} 2>/dev/null; then + (./conftest; exit; ) >&5 2>/dev/null + lt_status=$? + case x$lt_status in + x$lt_dlno_uscore) lt_cv_dlopen_self_static=yes ;; + x$lt_dlneed_uscore) lt_cv_dlopen_self_static=yes ;; + x$lt_dlunknown|x*) lt_cv_dlopen_self_static=no ;; + esac + else : + # compilation failed + lt_cv_dlopen_self_static=no + fi +fi +rm -fr conftest* + + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_dlopen_self_static" >&5 +$as_echo "$lt_cv_dlopen_self_static" >&6; } + fi + + CPPFLAGS="$save_CPPFLAGS" + LDFLAGS="$save_LDFLAGS" + LIBS="$save_LIBS" + ;; + esac + + case $lt_cv_dlopen_self in + yes|no) enable_dlopen_self=$lt_cv_dlopen_self ;; + *) enable_dlopen_self=unknown ;; + esac + + case $lt_cv_dlopen_self_static in + yes|no) enable_dlopen_self_static=$lt_cv_dlopen_self_static ;; + *) enable_dlopen_self_static=unknown ;; + esac +fi + + + + + + + + + + + + + + + + + +striplib= +old_striplib= +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether stripping libraries is possible" >&5 +$as_echo_n "checking whether stripping libraries is possible... " >&6; } +if test -n "$STRIP" && $STRIP -V 2>&1 | $GREP "GNU strip" >/dev/null; then + test -z "$old_striplib" && old_striplib="$STRIP --strip-debug" + test -z "$striplib" && striplib="$STRIP --strip-unneeded" + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } +else +# FIXME - insert some real tests, host_os isn't really good enough + case $host_os in + darwin*) + if test -n "$STRIP" ; then + striplib="$STRIP -x" + old_striplib="$STRIP -S" + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + fi + ;; + *) + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + ;; + esac +fi + + + + + + + + + + + + + # Report which library types will actually be built + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if libtool supports shared libraries" >&5 +$as_echo_n "checking if libtool supports shared libraries... " >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $can_build_shared" >&5 +$as_echo "$can_build_shared" >&6; } + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to build shared libraries" >&5 +$as_echo_n "checking whether to build shared libraries... " >&6; } + test "$can_build_shared" = "no" && enable_shared=no + + # On AIX, shared libraries and static libraries use the same namespace, and + # are all built from PIC. + case $host_os in + aix3*) + test "$enable_shared" = yes && enable_static=no + if test -n "$RANLIB"; then + archive_cmds="$archive_cmds~\$RANLIB \$lib" + postinstall_cmds='$RANLIB $lib' + fi + ;; + + aix[4-9]*) + if test "$host_cpu" != ia64 && test "$aix_use_runtimelinking" = no ; then + test "$enable_shared" = yes && enable_static=no + fi + ;; + esac + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_shared" >&5 +$as_echo "$enable_shared" >&6; } + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to build static libraries" >&5 +$as_echo_n "checking whether to build static libraries... " >&6; } + # Make sure either enable_shared or enable_static is yes. + test "$enable_shared" = yes || enable_static=yes + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_static" >&5 +$as_echo "$enable_static" >&6; } + + + + +fi +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + +CC="$lt_save_CC" + + + + + + + + + + + + + + + + ac_config_commands="$ac_config_commands libtool" + + + + +# Only expand once: + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ${MAKE-make} sets \$(MAKE)" >&5 +$as_echo_n "checking whether ${MAKE-make} sets \$(MAKE)... " >&6; } +set x ${MAKE-make} +ac_make=`$as_echo "$2" | sed 's/+/p/g; s/[^a-zA-Z0-9_]/_/g'` +if eval \${ac_cv_prog_make_${ac_make}_set+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat >conftest.make <<\_ACEOF +SHELL = /bin/sh +all: + @echo '@@@%%%=$(MAKE)=@@@%%%' +_ACEOF +# GNU make sometimes prints "make[1]: Entering ...", which would confuse us. +case `${MAKE-make} -f conftest.make 2>/dev/null` in + *@@@%%%=?*=@@@%%%*) + eval ac_cv_prog_make_${ac_make}_set=yes;; + *) + eval ac_cv_prog_make_${ac_make}_set=no;; +esac +rm -f conftest.make +fi +if eval test \$ac_cv_prog_make_${ac_make}_set = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + SET_MAKE= +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + SET_MAKE="MAKE=${MAKE-make}" +fi + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ln -s works" >&5 +$as_echo_n "checking whether ln -s works... " >&6; } +LN_S=$as_ln_s +if test "$LN_S" = "ln -s"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no, using $LN_S" >&5 +$as_echo "no, using $LN_S" >&6; } +fi + +# Check whether --enable-largefile was given. +if test "${enable_largefile+set}" = set; then : + enableval=$enable_largefile; +fi + +if test "$enable_largefile" != no; then + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for special C compiler options needed for large files" >&5 +$as_echo_n "checking for special C compiler options needed for large files... " >&6; } +if ${ac_cv_sys_largefile_CC+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_cv_sys_largefile_CC=no + if test "$GCC" != yes; then + ac_save_CC=$CC + while :; do + # IRIX 6.2 and later do not support large files by default, + # so use the C compiler's -n32 option if that helps. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + /* Check that off_t can represent 2**63 - 1 correctly. + We can't simply define LARGE_OFF_T to be 9223372036854775807, + since some C++ compilers masquerading as C compilers + incorrectly reject 9223372036854775807. */ +#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) + int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 + && LARGE_OFF_T % 2147483647 == 1) + ? 1 : -1]; +int +main () +{ + + ; + return 0; +} +_ACEOF + if ac_fn_c_try_compile "$LINENO"; then : + break +fi +rm -f core conftest.err conftest.$ac_objext + CC="$CC -n32" + if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_sys_largefile_CC=' -n32'; break +fi +rm -f core conftest.err conftest.$ac_objext + break + done + CC=$ac_save_CC + rm -f conftest.$ac_ext + fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_largefile_CC" >&5 +$as_echo "$ac_cv_sys_largefile_CC" >&6; } + if test "$ac_cv_sys_largefile_CC" != no; then + CC=$CC$ac_cv_sys_largefile_CC + fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for _FILE_OFFSET_BITS value needed for large files" >&5 +$as_echo_n "checking for _FILE_OFFSET_BITS value needed for large files... " >&6; } +if ${ac_cv_sys_file_offset_bits+:} false; then : + $as_echo_n "(cached) " >&6 +else + while :; do + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + /* Check that off_t can represent 2**63 - 1 correctly. + We can't simply define LARGE_OFF_T to be 9223372036854775807, + since some C++ compilers masquerading as C compilers + incorrectly reject 9223372036854775807. */ +#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) + int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 + && LARGE_OFF_T % 2147483647 == 1) + ? 1 : -1]; +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_sys_file_offset_bits=no; break +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#define _FILE_OFFSET_BITS 64 +#include + /* Check that off_t can represent 2**63 - 1 correctly. + We can't simply define LARGE_OFF_T to be 9223372036854775807, + since some C++ compilers masquerading as C compilers + incorrectly reject 9223372036854775807. */ +#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) + int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 + && LARGE_OFF_T % 2147483647 == 1) + ? 1 : -1]; +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_sys_file_offset_bits=64; break +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + ac_cv_sys_file_offset_bits=unknown + break +done +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_file_offset_bits" >&5 +$as_echo "$ac_cv_sys_file_offset_bits" >&6; } +case $ac_cv_sys_file_offset_bits in #( + no | unknown) ;; + *) +cat >>confdefs.h <<_ACEOF +#define _FILE_OFFSET_BITS $ac_cv_sys_file_offset_bits +_ACEOF +;; +esac +rm -rf conftest* + if test $ac_cv_sys_file_offset_bits = unknown; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for _LARGE_FILES value needed for large files" >&5 +$as_echo_n "checking for _LARGE_FILES value needed for large files... " >&6; } +if ${ac_cv_sys_large_files+:} false; then : + $as_echo_n "(cached) " >&6 +else + while :; do + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + /* Check that off_t can represent 2**63 - 1 correctly. + We can't simply define LARGE_OFF_T to be 9223372036854775807, + since some C++ compilers masquerading as C compilers + incorrectly reject 9223372036854775807. */ +#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) + int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 + && LARGE_OFF_T % 2147483647 == 1) + ? 1 : -1]; +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_sys_large_files=no; break +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#define _LARGE_FILES 1 +#include + /* Check that off_t can represent 2**63 - 1 correctly. + We can't simply define LARGE_OFF_T to be 9223372036854775807, + since some C++ compilers masquerading as C compilers + incorrectly reject 9223372036854775807. */ +#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) + int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 + && LARGE_OFF_T % 2147483647 == 1) + ? 1 : -1]; +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_sys_large_files=1; break +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + ac_cv_sys_large_files=unknown + break +done +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_large_files" >&5 +$as_echo "$ac_cv_sys_large_files" >&6; } +case $ac_cv_sys_large_files in #( + no | unknown) ;; + *) +cat >>confdefs.h <<_ACEOF +#define _LARGE_FILES $ac_cv_sys_large_files +_ACEOF +;; +esac +rm -rf conftest* + fi +fi + +if test "x$CC" != xcc; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC and cc understand -c and -o together" >&5 +$as_echo_n "checking whether $CC and cc understand -c and -o together... " >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether cc understands -c and -o together" >&5 +$as_echo_n "checking whether cc understands -c and -o together... " >&6; } +fi +set dummy $CC; ac_cc=`$as_echo "$2" | + sed 's/[^a-zA-Z0-9_]/_/g;s/^[0-9]/_/'` +if eval \${ac_cv_prog_cc_${ac_cc}_c_o+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +# Make sure it works both with $CC and with simple cc. +# We do the test twice because some compilers refuse to overwrite an +# existing .o file with -o, though they will create one. +ac_try='$CC -c conftest.$ac_ext -o conftest2.$ac_objext >&5' +rm -f conftest2.* +if { { case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_try") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } && + test -f conftest2.$ac_objext && { { case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_try") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; +then + eval ac_cv_prog_cc_${ac_cc}_c_o=yes + if test "x$CC" != xcc; then + # Test first that cc exists at all. + if { ac_try='cc -c conftest.$ac_ext >&5' + { { case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_try") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; }; then + ac_try='cc -c conftest.$ac_ext -o conftest2.$ac_objext >&5' + rm -f conftest2.* + if { { case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_try") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } && + test -f conftest2.$ac_objext && { { case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_try") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; + then + # cc works too. + : + else + # cc exists but doesn't like -o. + eval ac_cv_prog_cc_${ac_cc}_c_o=no + fi + fi + fi +else + eval ac_cv_prog_cc_${ac_cc}_c_o=no +fi +rm -f core conftest* + +fi +if eval test \$ac_cv_prog_cc_${ac_cc}_c_o = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +$as_echo "#define NO_MINUS_C_MINUS_O 1" >>confdefs.h + +fi + +# FIXME: we rely on the cache variable name because +# there is no other way. +set dummy $CC +am_cc=`echo $2 | sed 's/[^a-zA-Z0-9_]/_/g;s/^[0-9]/_/'` +eval am_t=\$ac_cv_prog_cc_${am_cc}_c_o +if test "$am_t" != yes; then + # Losing compiler, so override with the script. + # FIXME: It is wrong to rewrite CC. + # But if we don't then we get into trouble of one sort or another. + # A longer-term fix would be to have automake use am__CC in this case, + # and then we could set am__CC="\$(top_srcdir)/compile \$(CC)" + CC="$am_aux_dir/compile $CC" +fi + + + +# Taken from dbus +# Check whether --enable-ansi was given. +if test "${enable_ansi+set}" = set; then : + enableval=$enable_ansi; enable_ansi=$enableval +else + enable_ansi=no +fi + +# Check whether --enable-verbose-mode was given. +if test "${enable_verbose_mode+set}" = set; then : + enableval=$enable_verbose_mode; enable_verbose_mode=$enableval +else + enable_verbose_mode=$USE_MAINTAINER_MODE +fi + +# Check whether --enable-man-pages was given. +if test "${enable_man_pages+set}" = set; then : + enableval=$enable_man_pages; enable_man_pages=$enableval +else + enable_man_pages=yes +fi + + +if test "${enable_man_page}" != no; then +# Extract the first word of "xsltproc", so it can be a program name with args. +set dummy xsltproc; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_XSLTPROC+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $XSLTPROC in + [\\/]* | ?:[\\/]*) + ac_cv_path_XSLTPROC="$XSLTPROC" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_path_XSLTPROC="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +XSLTPROC=$ac_cv_path_XSLTPROC +if test -n "$XSLTPROC"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $XSLTPROC" >&5 +$as_echo "$XSLTPROC" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + if test -z "$XSLTPROC"; then + enable_man_pages=no + fi +fi + if test x$enable_man_pages = xyes; then + MAN_PAGES_ENABLED_TRUE= + MAN_PAGES_ENABLED_FALSE='#' +else + MAN_PAGES_ENABLED_TRUE='#' + MAN_PAGES_ENABLED_FALSE= +fi + + + + + + + + +if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}pkg-config", so it can be a program name with args. +set dummy ${ac_tool_prefix}pkg-config; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_PKG_CONFIG+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $PKG_CONFIG in + [\\/]* | ?:[\\/]*) + ac_cv_path_PKG_CONFIG="$PKG_CONFIG" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_path_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +PKG_CONFIG=$ac_cv_path_PKG_CONFIG +if test -n "$PKG_CONFIG"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PKG_CONFIG" >&5 +$as_echo "$PKG_CONFIG" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_path_PKG_CONFIG"; then + ac_pt_PKG_CONFIG=$PKG_CONFIG + # Extract the first word of "pkg-config", so it can be a program name with args. +set dummy pkg-config; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_ac_pt_PKG_CONFIG+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $ac_pt_PKG_CONFIG in + [\\/]* | ?:[\\/]*) + ac_cv_path_ac_pt_PKG_CONFIG="$ac_pt_PKG_CONFIG" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_path_ac_pt_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +ac_pt_PKG_CONFIG=$ac_cv_path_ac_pt_PKG_CONFIG +if test -n "$ac_pt_PKG_CONFIG"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_pt_PKG_CONFIG" >&5 +$as_echo "$ac_pt_PKG_CONFIG" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_pt_PKG_CONFIG" = x; then + PKG_CONFIG="" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + PKG_CONFIG=$ac_pt_PKG_CONFIG + fi +else + PKG_CONFIG="$ac_cv_path_PKG_CONFIG" +fi + +fi +if test -n "$PKG_CONFIG"; then + _pkg_min_version=0.9.0 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking pkg-config is at least version $_pkg_min_version" >&5 +$as_echo_n "checking pkg-config is at least version $_pkg_min_version... " >&6; } + if $PKG_CONFIG --atleast-pkgconfig-version $_pkg_min_version; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + PKG_CONFIG="" + fi +fi + + + + # Extract the first word of "gtkdoc-check", so it can be a program name with args. +set dummy gtkdoc-check; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_GTKDOC_CHECK+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $GTKDOC_CHECK in + [\\/]* | ?:[\\/]*) + ac_cv_path_GTKDOC_CHECK="$GTKDOC_CHECK" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_path_GTKDOC_CHECK="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +GTKDOC_CHECK=$ac_cv_path_GTKDOC_CHECK +if test -n "$GTKDOC_CHECK"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $GTKDOC_CHECK" >&5 +$as_echo "$GTKDOC_CHECK" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + for ac_prog in gtkdoc-rebase +do + # Extract the first word of "$ac_prog", so it can be a program name with args. +set dummy $ac_prog; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_GTKDOC_REBASE+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $GTKDOC_REBASE in + [\\/]* | ?:[\\/]*) + ac_cv_path_GTKDOC_REBASE="$GTKDOC_REBASE" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_path_GTKDOC_REBASE="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +GTKDOC_REBASE=$ac_cv_path_GTKDOC_REBASE +if test -n "$GTKDOC_REBASE"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $GTKDOC_REBASE" >&5 +$as_echo "$GTKDOC_REBASE" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + test -n "$GTKDOC_REBASE" && break +done +test -n "$GTKDOC_REBASE" || GTKDOC_REBASE="true" + + # Extract the first word of "gtkdoc-mkpdf", so it can be a program name with args. +set dummy gtkdoc-mkpdf; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_GTKDOC_MKPDF+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $GTKDOC_MKPDF in + [\\/]* | ?:[\\/]*) + ac_cv_path_GTKDOC_MKPDF="$GTKDOC_MKPDF" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_path_GTKDOC_MKPDF="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +GTKDOC_MKPDF=$ac_cv_path_GTKDOC_MKPDF +if test -n "$GTKDOC_MKPDF"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $GTKDOC_MKPDF" >&5 +$as_echo "$GTKDOC_MKPDF" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + + +# Check whether --with-html-dir was given. +if test "${with_html_dir+set}" = set; then : + withval=$with_html_dir; +else + with_html_dir='${datadir}/gtk-doc/html' +fi + + HTML_DIR="$with_html_dir" + + + # Check whether --enable-gtk-doc was given. +if test "${enable_gtk_doc+set}" = set; then : + enableval=$enable_gtk_doc; +else + enable_gtk_doc=no +fi + + + if test x$enable_gtk_doc = xyes; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"gtk-doc >= 1.3\""; } >&5 + ($PKG_CONFIG --exists --print-errors "gtk-doc >= 1.3") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + : +else + as_fn_error $? "You need to have gtk-doc >= 1.3 installed to build $PACKAGE_NAME" "$LINENO" 5 +fi + if test "x$PACKAGE_NAME" != "xglib"; then + +pkg_failed=no +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for GTKDOC_DEPS" >&5 +$as_echo_n "checking for GTKDOC_DEPS... " >&6; } + +if test -n "$GTKDOC_DEPS_CFLAGS"; then + pkg_cv_GTKDOC_DEPS_CFLAGS="$GTKDOC_DEPS_CFLAGS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"glib-2.0 >= 2.10.0 gobject-2.0 >= 2.10.0\""; } >&5 + ($PKG_CONFIG --exists --print-errors "glib-2.0 >= 2.10.0 gobject-2.0 >= 2.10.0") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_GTKDOC_DEPS_CFLAGS=`$PKG_CONFIG --cflags "glib-2.0 >= 2.10.0 gobject-2.0 >= 2.10.0" 2>/dev/null` +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi +if test -n "$GTKDOC_DEPS_LIBS"; then + pkg_cv_GTKDOC_DEPS_LIBS="$GTKDOC_DEPS_LIBS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"glib-2.0 >= 2.10.0 gobject-2.0 >= 2.10.0\""; } >&5 + ($PKG_CONFIG --exists --print-errors "glib-2.0 >= 2.10.0 gobject-2.0 >= 2.10.0") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_GTKDOC_DEPS_LIBS=`$PKG_CONFIG --libs "glib-2.0 >= 2.10.0 gobject-2.0 >= 2.10.0" 2>/dev/null` +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi + + + +if test $pkg_failed = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then + _pkg_short_errors_supported=yes +else + _pkg_short_errors_supported=no +fi + if test $_pkg_short_errors_supported = yes; then + GTKDOC_DEPS_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors "glib-2.0 >= 2.10.0 gobject-2.0 >= 2.10.0" 2>&1` + else + GTKDOC_DEPS_PKG_ERRORS=`$PKG_CONFIG --print-errors "glib-2.0 >= 2.10.0 gobject-2.0 >= 2.10.0" 2>&1` + fi + # Put the nasty error message in config.log where it belongs + echo "$GTKDOC_DEPS_PKG_ERRORS" >&5 + + as_fn_error $? "Package requirements (glib-2.0 >= 2.10.0 gobject-2.0 >= 2.10.0) were not met: + +$GTKDOC_DEPS_PKG_ERRORS + +Consider adjusting the PKG_CONFIG_PATH environment variable if you +installed software in a non-standard prefix. + +Alternatively, you may set the environment variables GTKDOC_DEPS_CFLAGS +and GTKDOC_DEPS_LIBS to avoid the need to call pkg-config. +See the pkg-config man page for more details." "$LINENO" 5 + +elif test $pkg_failed = untried; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "The pkg-config script could not be found or is too old. Make sure it +is in your PATH or set the PKG_CONFIG environment variable to the full +path to pkg-config. + +Alternatively, you may set the environment variables GTKDOC_DEPS_CFLAGS +and GTKDOC_DEPS_LIBS to avoid the need to call pkg-config. +See the pkg-config man page for more details. + +To get pkg-config, see . +See \`config.log' for more details" "$LINENO" 5; } + +else + GTKDOC_DEPS_CFLAGS=$pkg_cv_GTKDOC_DEPS_CFLAGS + GTKDOC_DEPS_LIBS=$pkg_cv_GTKDOC_DEPS_LIBS + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + +fi + fi + fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to build gtk-doc documentation" >&5 +$as_echo_n "checking whether to build gtk-doc documentation... " >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_gtk_doc" >&5 +$as_echo "$enable_gtk_doc" >&6; } + + # Check whether --enable-gtk-doc-html was given. +if test "${enable_gtk_doc_html+set}" = set; then : + enableval=$enable_gtk_doc_html; +else + enable_gtk_doc_html=yes +fi + + # Check whether --enable-gtk-doc-pdf was given. +if test "${enable_gtk_doc_pdf+set}" = set; then : + enableval=$enable_gtk_doc_pdf; +else + enable_gtk_doc_pdf=no +fi + + + if test -z "$GTKDOC_MKPDF"; then + enable_gtk_doc_pdf=no + fi + + + if test x$enable_gtk_doc = xyes; then + ENABLE_GTK_DOC_TRUE= + ENABLE_GTK_DOC_FALSE='#' +else + ENABLE_GTK_DOC_TRUE='#' + ENABLE_GTK_DOC_FALSE= +fi + + if test x$enable_gtk_doc_html = xyes; then + GTK_DOC_BUILD_HTML_TRUE= + GTK_DOC_BUILD_HTML_FALSE='#' +else + GTK_DOC_BUILD_HTML_TRUE='#' + GTK_DOC_BUILD_HTML_FALSE= +fi + + if test x$enable_gtk_doc_pdf = xyes; then + GTK_DOC_BUILD_PDF_TRUE= + GTK_DOC_BUILD_PDF_FALSE='#' +else + GTK_DOC_BUILD_PDF_TRUE='#' + GTK_DOC_BUILD_PDF_FALSE= +fi + + if test -n "$LIBTOOL"; then + GTK_DOC_USE_LIBTOOL_TRUE= + GTK_DOC_USE_LIBTOOL_FALSE='#' +else + GTK_DOC_USE_LIBTOOL_TRUE='#' + GTK_DOC_USE_LIBTOOL_FALSE= +fi + + if test -n "$GTKDOC_REBASE"; then + GTK_DOC_USE_REBASE_TRUE= + GTK_DOC_USE_REBASE_FALSE='#' +else + GTK_DOC_USE_REBASE_TRUE='#' + GTK_DOC_USE_REBASE_FALSE= +fi + + + +#### gcc warning flags + +if test "x$GCC" = "xyes"; then + case " $CFLAGS " in + *[\ \ ]-Wall[\ \ ]*) ;; + *) CFLAGS="$CFLAGS -Wall" ;; + esac + + case " $CFLAGS " in + *[\ \ ]-Wchar-subscripts[\ \ ]*) ;; + *) CFLAGS="$CFLAGS -Wchar-subscripts" ;; + esac + + case " $CFLAGS " in + *[\ \ ]-Wmissing-declarations[\ \ ]*) ;; + *) CFLAGS="$CFLAGS -Wmissing-declarations" ;; + esac + + case " $CFLAGS " in + *[\ \ ]-Wnested-externs[\ \ ]*) ;; + *) CFLAGS="$CFLAGS -Wnested-externs" ;; + esac + + case " $CFLAGS " in + *[\ \ ]-Wpointer-arith[\ \ ]*) ;; + *) CFLAGS="$CFLAGS -Wpointer-arith" ;; + esac + + case " $CFLAGS " in + *[\ \ ]-Wcast-align[\ \ ]*) ;; + *) CFLAGS="$CFLAGS -Wcast-align" ;; + esac + + case " $CFLAGS " in + *[\ \ ]-Wsign-compare[\ \ ]*) ;; + *) CFLAGS="$CFLAGS -Wsign-compare" ;; + esac + + case " $CFLAGS " in + *[\ \ ]-Wformat[\ \ ]*) ;; + *) CFLAGS="$CFLAGS -Wformat" ;; + esac + + case " $CFLAGS " in + *[\ \ ]-Wformat-security[\ \ ]*) ;; + *) CFLAGS="$CFLAGS -Wformat-security" ;; + esac + + if test "x$enable_ansi" = "xyes"; then + case " $CFLAGS " in + *[\ \ ]-ansi[\ \ ]*) ;; + *) CFLAGS="$CFLAGS -ansi" ;; + esac + + case " $CFLAGS " in + *[\ \ ]-D_POSIX_C_SOURCE*) ;; + *) CFLAGS="$CFLAGS -D_POSIX_C_SOURCE=199309L" ;; + esac + + case " $CFLAGS " in + *[\ \ ]-D_BSD_SOURCE[\ \ ]*) ;; + *) CFLAGS="$CFLAGS -D_BSD_SOURCE" ;; + esac + + case " $CFLAGS " in + *[\ \ ]-pedantic[\ \ ]*) ;; + *) CFLAGS="$CFLAGS -pedantic" ;; + esac + fi + fi + + +pkg_failed=no +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for GLIB" >&5 +$as_echo_n "checking for GLIB... " >&6; } + +if test -n "$GLIB_CFLAGS"; then + pkg_cv_GLIB_CFLAGS="$GLIB_CFLAGS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"gio-2.0 >= 2.28.0\""; } >&5 + ($PKG_CONFIG --exists --print-errors "gio-2.0 >= 2.28.0") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_GLIB_CFLAGS=`$PKG_CONFIG --cflags "gio-2.0 >= 2.28.0" 2>/dev/null` +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi +if test -n "$GLIB_LIBS"; then + pkg_cv_GLIB_LIBS="$GLIB_LIBS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"gio-2.0 >= 2.28.0\""; } >&5 + ($PKG_CONFIG --exists --print-errors "gio-2.0 >= 2.28.0") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_GLIB_LIBS=`$PKG_CONFIG --libs "gio-2.0 >= 2.28.0" 2>/dev/null` +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi + + + +if test $pkg_failed = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then + _pkg_short_errors_supported=yes +else + _pkg_short_errors_supported=no +fi + if test $_pkg_short_errors_supported = yes; then + GLIB_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors "gio-2.0 >= 2.28.0" 2>&1` + else + GLIB_PKG_ERRORS=`$PKG_CONFIG --print-errors "gio-2.0 >= 2.28.0" 2>&1` + fi + # Put the nasty error message in config.log where it belongs + echo "$GLIB_PKG_ERRORS" >&5 + + as_fn_error $? "Package requirements (gio-2.0 >= 2.28.0) were not met: + +$GLIB_PKG_ERRORS + +Consider adjusting the PKG_CONFIG_PATH environment variable if you +installed software in a non-standard prefix. + +Alternatively, you may set the environment variables GLIB_CFLAGS +and GLIB_LIBS to avoid the need to call pkg-config. +See the pkg-config man page for more details." "$LINENO" 5 + +elif test $pkg_failed = untried; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "The pkg-config script could not be found or is too old. Make sure it +is in your PATH or set the PKG_CONFIG environment variable to the full +path to pkg-config. + +Alternatively, you may set the environment variables GLIB_CFLAGS +and GLIB_LIBS to avoid the need to call pkg-config. +See the pkg-config man page for more details. + +To get pkg-config, see . +See \`config.log' for more details" "$LINENO" 5; } + +else + GLIB_CFLAGS=$pkg_cv_GLIB_CFLAGS + GLIB_LIBS=$pkg_cv_GLIB_LIBS + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + +fi + + + +EXPAT_LIB="" + +# Check whether --with-expat was given. +if test "${with_expat+set}" = set; then : + withval=$with_expat; + expat=$withval + CPPFLAGS="$CPPFLAGS -I$withval/include" + LDFLAGS="$LDFLAGS -L$withval/lib" + + +fi + +for ac_header in expat.h +do : + ac_fn_c_check_header_mongrel "$LINENO" "expat.h" "ac_cv_header_expat_h" "$ac_includes_default" +if test "x$ac_cv_header_expat_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_EXPAT_H 1 +_ACEOF + $as_echo "#define HAVE_EXPAT_H 1" >>confdefs.h + +else + as_fn_error $? "Can't find expat.h. Please install expat." "$LINENO" 5 +fi + +done + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for XML_ParserCreate in -lexpat" >&5 +$as_echo_n "checking for XML_ParserCreate in -lexpat... " >&6; } +if ${ac_cv_lib_expat_XML_ParserCreate+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lexpat $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char XML_ParserCreate (); +int +main () +{ +return XML_ParserCreate (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_expat_XML_ParserCreate=yes +else + ac_cv_lib_expat_XML_ParserCreate=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_expat_XML_ParserCreate" >&5 +$as_echo "$ac_cv_lib_expat_XML_ParserCreate" >&6; } +if test "x$ac_cv_lib_expat_XML_ParserCreate" = xyes; then : + EXPAT_LIBS="-lexpat" +else + as_fn_error $? "Can't find expat library. Please install expat." "$LINENO" 5 +fi + + + +for ac_func in clearenv +do : + ac_fn_c_check_func "$LINENO" "clearenv" "ac_cv_func_clearenv" +if test "x$ac_cv_func_clearenv" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_CLEARENV 1 +_ACEOF + +fi +done + + +if test "x$GCC" = "xyes"; then + LDFLAGS="-Wl,--as-needed $LDFLAGS" +fi + + +have_systemd=no +SESSION_TRACKING=ConsoleKit + +# Check whether --enable-systemd was given. +if test "${enable_systemd+set}" = set; then : + enableval=$enable_systemd; enable_systemd=$enableval +else + enable_systemd=auto +fi + +if test "$enable_systemd" != "no"; then + +pkg_failed=no +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for SYSTEMD" >&5 +$as_echo_n "checking for SYSTEMD... " >&6; } + +if test -n "$SYSTEMD_CFLAGS"; then + pkg_cv_SYSTEMD_CFLAGS="$SYSTEMD_CFLAGS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libsystemd-login\""; } >&5 + ($PKG_CONFIG --exists --print-errors "libsystemd-login") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_SYSTEMD_CFLAGS=`$PKG_CONFIG --cflags "libsystemd-login" 2>/dev/null` +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi +if test -n "$SYSTEMD_LIBS"; then + pkg_cv_SYSTEMD_LIBS="$SYSTEMD_LIBS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libsystemd-login\""; } >&5 + ($PKG_CONFIG --exists --print-errors "libsystemd-login") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_SYSTEMD_LIBS=`$PKG_CONFIG --libs "libsystemd-login" 2>/dev/null` +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi + + + +if test $pkg_failed = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then + _pkg_short_errors_supported=yes +else + _pkg_short_errors_supported=no +fi + if test $_pkg_short_errors_supported = yes; then + SYSTEMD_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors "libsystemd-login" 2>&1` + else + SYSTEMD_PKG_ERRORS=`$PKG_CONFIG --print-errors "libsystemd-login" 2>&1` + fi + # Put the nasty error message in config.log where it belongs + echo "$SYSTEMD_PKG_ERRORS" >&5 + + have_systemd=no +elif test $pkg_failed = untried; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + have_systemd=no +else + SYSTEMD_CFLAGS=$pkg_cv_SYSTEMD_CFLAGS + SYSTEMD_LIBS=$pkg_cv_SYSTEMD_LIBS + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + have_systemd=yes +fi + if test "$have_systemd" = "yes"; then + SESSION_TRACKING=systemd + else + if test "$enable_systemd" = "yes"; then + as_fn_error $? "systemd support requested but libsystemd-login1 library not found" "$LINENO" 5 + fi + fi +fi + + + + if test "$have_systemd" = "yes"; then + HAVE_SYSTEMD_TRUE= + HAVE_SYSTEMD_FALSE='#' +else + HAVE_SYSTEMD_TRUE='#' + HAVE_SYSTEMD_FALSE= +fi + + + + +# Check whether --with-authfw was given. +if test "${with_authfw+set}" = set; then : + withval=$with_authfw; +fi + +if ! test -z "$with_authfw" ; then + if test x$with_authdb = xdummy ; then + if ! test x$with_authfw = xnone ; then + as_fn_error $? "Only 'none' is a valid authentication framework for the dummy authorization database" "$LINENO" 5 + fi + else + if test x$with_authfw = xnone ; then + as_fn_error $? "'none' is only a valid authentication framework for the dummy authorization database" "$LINENO" 5 + fi + fi + POLKIT_AUTHFW=$with_authfw +else + if test x$with_authdb = xdummy ; then + POLKIT_AUTHFW=none + else + POLKIT_AUTHFW=pam + fi +fi + + + +cat >>confdefs.h <<_ACEOF +#define POLKIT_AUTHFW "$POLKIT_AUTHFW" +_ACEOF + + +case $POLKIT_AUTHFW in + none) + need_pam=no + +$as_echo "#define POLKIT_AUTHFW_NONE 1" >>confdefs.h + + ;; + + pam) + need_pam=yes + +$as_echo "#define POLKIT_AUTHFW_PAM 1" >>confdefs.h + + ;; + + shadow) + need_pam=no + AUTH_LIBS="${AUTH_LIBS} -lcrypt" + +$as_echo "#define POLKIT_AUTHFW_SHADOW 1" >>confdefs.h + + ;; + + *) + as_fn_error $? "Unknown Authentication Framework: $POLKIT_AUTHFW" "$LINENO" 5 + ;; +esac + + if test x$POLKIT_AUTHFW = xnone; then + POLKIT_AUTHFW_NONE_TRUE= + POLKIT_AUTHFW_NONE_FALSE='#' +else + POLKIT_AUTHFW_NONE_TRUE='#' + POLKIT_AUTHFW_NONE_FALSE= +fi + + if test x$POLKIT_AUTHFW = xpam; then + POLKIT_AUTHFW_PAM_TRUE= + POLKIT_AUTHFW_PAM_FALSE='#' +else + POLKIT_AUTHFW_PAM_TRUE='#' + POLKIT_AUTHFW_PAM_FALSE= +fi + + if test x$POLKIT_AUTHFW = xshadow; then + POLKIT_AUTHFW_SHADOW_TRUE= + POLKIT_AUTHFW_SHADOW_FALSE='#' +else + POLKIT_AUTHFW_SHADOW_TRUE='#' + POLKIT_AUTHFW_SHADOW_FALSE= +fi + + + + +withval="" + +# Check whether --with-pam-prefix was given. +if test "${with_pam_prefix+set}" = set; then : + withval=$with_pam_prefix; +if test x$withval != x; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: \"PAM files will be installed in prefix ${withval}.\"" >&5 +$as_echo "\"PAM files will be installed in prefix ${withval}.\"" >&6; } +fi +fi + +if test x$withval != x; then + PAM_PREFIX_UNEXPANDED="$withval" +else + PAM_PREFIX_UNEXPANDED="$sysconfdir" +fi +PAM_PREFIX=`eval echo $PAM_PREFIX_UNEXPANDED` + + +have_pam=no +if test "$need_pam" = yes ; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for pam_start in -lpam" >&5 +$as_echo_n "checking for pam_start in -lpam... " >&6; } +if ${ac_cv_lib_pam_pam_start+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lpam $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char pam_start (); +int +main () +{ +return pam_start (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_pam_pam_start=yes +else + ac_cv_lib_pam_pam_start=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_pam_pam_start" >&5 +$as_echo "$ac_cv_lib_pam_pam_start" >&6; } +if test "x$ac_cv_lib_pam_pam_start" = xyes; then : + have_pam=yes +fi + +fi + +if test x$have_pam = xno; then + if test "$need_pam" = yes ; then + as_fn_error $? "Could not find pam/pam-devel, please install the needed packages." "$LINENO" 5 + fi +else + AUTH_LIBS="${AUTH_LIBS} -lpam" + +$as_echo "#define HAVE_PAM 1" >>confdefs.h + + + # On Linux, sigtimedwait() is in libc; on Solaris, it's in librt. + have_timedwait=no + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for sigtimedwait in -lc" >&5 +$as_echo_n "checking for sigtimedwait in -lc... " >&6; } +if ${ac_cv_lib_c_sigtimedwait+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lc $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char sigtimedwait (); +int +main () +{ +return sigtimedwait (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_c_sigtimedwait=yes +else + ac_cv_lib_c_sigtimedwait=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_c_sigtimedwait" >&5 +$as_echo "$ac_cv_lib_c_sigtimedwait" >&6; } +if test "x$ac_cv_lib_c_sigtimedwait" = xyes; then : + have_timedwait=yes +fi + + if test "$have_timedwait" = no ; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for sigtimedwait in -lrt" >&5 +$as_echo_n "checking for sigtimedwait in -lrt... " >&6; } +if ${ac_cv_lib_rt_sigtimedwait+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lrt $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char sigtimedwait (); +int +main () +{ +return sigtimedwait (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_rt_sigtimedwait=yes +else + ac_cv_lib_rt_sigtimedwait=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_rt_sigtimedwait" >&5 +$as_echo "$ac_cv_lib_rt_sigtimedwait" >&6; } +if test "x$ac_cv_lib_rt_sigtimedwait" = xyes; then : + AUTH_LIBS="${AUTH_LIBS} -lrt" +fi + + fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to call pam_strerror" >&5 +$as_echo_n "checking how to call pam_strerror... " >&6; } + if ${ac_cv_pam_strerror_args+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + #include + #include +int +main () +{ +pam_handle_t *pamh = 0; + char *s = pam_strerror(pamh, PAM_SUCCESS); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_pam_strerror_args=2 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + #include + #include +int +main () +{ +char *s = + pam_strerror(PAM_SUCCESS); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_pam_strerror_args=1 +else + ac_pam_strerror_args=0 +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + ac_cv_pam_strerror_args=$ac_pam_strerror_args +fi + + ac_pam_strerror_args=$ac_cv_pam_strerror_args + if test "$ac_pam_strerror_args" = 1 ; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: one argument" >&5 +$as_echo "one argument" >&6; } + elif test "$ac_pam_strerror_args" = 2 ; then + +$as_echo "#define PAM_STRERROR_TWO_ARGS 1" >>confdefs.h + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: two arguments" >&5 +$as_echo "two arguments" >&6; } + else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: unknown" >&5 +$as_echo "unknown" >&6; } + fi + +fi + + if test x$have_pam = xyes; then + HAVE_PAM_TRUE= + HAVE_PAM_FALSE='#' +else + HAVE_PAM_TRUE='#' + HAVE_PAM_FALSE= +fi + + + + +ac_fn_c_check_header_mongrel "$LINENO" "security/pam_modutil.h" "ac_cv_header_security_pam_modutil_h" "$ac_includes_default" +if test "x$ac_cv_header_security_pam_modutil_h" = xyes; then : + +$as_echo "#define HAVE_PAM_MODUTIL_H /**/" >>confdefs.h + +fi + + +ac_fn_c_check_header_mongrel "$LINENO" "security/pam_ext.h" "ac_cv_header_security_pam_ext_h" "$ac_includes_default" +if test "x$ac_cv_header_security_pam_ext_h" = xyes; then : + +$as_echo "#define HAVE_PAM_EXT_H /**/" >>confdefs.h + +fi + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for pam_vsyslog in -lpam" >&5 +$as_echo_n "checking for pam_vsyslog in -lpam... " >&6; } +if ${ac_cv_lib_pam_pam_vsyslog+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lpam $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char pam_vsyslog (); +int +main () +{ +return pam_vsyslog (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_pam_pam_vsyslog=yes +else + ac_cv_lib_pam_pam_vsyslog=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_pam_pam_vsyslog" >&5 +$as_echo "$ac_cv_lib_pam_pam_vsyslog" >&6; } +if test "x$ac_cv_lib_pam_pam_vsyslog" = xyes; then : + +$as_echo "#define HAVE_PAM_VSYSLOG /**/" >>confdefs.h + +fi + + + +# Check whether --with-pam-module-dir was given. +if test "${with_pam_module_dir+set}" = set; then : + withval=$with_pam_module_dir; +fi + +if ! test -z "$with_pam_module_dir"; then + PAM_MODULE_DIR=$with_pam_module_dir +else + PAM_MODULE_DIR="/lib/security" +fi + + + + +# Check whether --with-os-type was given. +if test "${with_os_type+set}" = set; then : + withval=$with_os_type; +fi + + +#### Check our operating system (distro-tweaks required) +if test "z$with_os_type" = "z"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for /etc/redhat-release" >&5 +$as_echo_n "checking for /etc/redhat-release... " >&6; } +if ${ac_cv_file__etc_redhat_release+:} false; then : + $as_echo_n "(cached) " >&6 +else + test "$cross_compiling" = yes && + as_fn_error $? "cannot check for file existence when cross compiling" "$LINENO" 5 +if test -r "/etc/redhat-release"; then + ac_cv_file__etc_redhat_release=yes +else + ac_cv_file__etc_redhat_release=no +fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_file__etc_redhat_release" >&5 +$as_echo "$ac_cv_file__etc_redhat_release" >&6; } +if test "x$ac_cv_file__etc_redhat_release" = xyes; then : + distro_type="redhat" +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for /etc/SuSE-release" >&5 +$as_echo_n "checking for /etc/SuSE-release... " >&6; } +if ${ac_cv_file__etc_SuSE_release+:} false; then : + $as_echo_n "(cached) " >&6 +else + test "$cross_compiling" = yes && + as_fn_error $? "cannot check for file existence when cross compiling" "$LINENO" 5 +if test -r "/etc/SuSE-release"; then + ac_cv_file__etc_SuSE_release=yes +else + ac_cv_file__etc_SuSE_release=no +fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_file__etc_SuSE_release" >&5 +$as_echo "$ac_cv_file__etc_SuSE_release" >&6; } +if test "x$ac_cv_file__etc_SuSE_release" = xyes; then : + distro_type="suse" +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for /etc/gentoo-release" >&5 +$as_echo_n "checking for /etc/gentoo-release... " >&6; } +if ${ac_cv_file__etc_gentoo_release+:} false; then : + $as_echo_n "(cached) " >&6 +else + test "$cross_compiling" = yes && + as_fn_error $? "cannot check for file existence when cross compiling" "$LINENO" 5 +if test -r "/etc/gentoo-release"; then + ac_cv_file__etc_gentoo_release=yes +else + ac_cv_file__etc_gentoo_release=no +fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_file__etc_gentoo_release" >&5 +$as_echo "$ac_cv_file__etc_gentoo_release" >&6; } +if test "x$ac_cv_file__etc_gentoo_release" = xyes; then : + distro_type="gentoo" +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for /etc/pardus-release" >&5 +$as_echo_n "checking for /etc/pardus-release... " >&6; } +if ${ac_cv_file__etc_pardus_release+:} false; then : + $as_echo_n "(cached) " >&6 +else + test "$cross_compiling" = yes && + as_fn_error $? "cannot check for file existence when cross compiling" "$LINENO" 5 +if test -r "/etc/pardus-release"; then + ac_cv_file__etc_pardus_release=yes +else + ac_cv_file__etc_pardus_release=no +fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_file__etc_pardus_release" >&5 +$as_echo "$ac_cv_file__etc_pardus_release" >&6; } +if test "x$ac_cv_file__etc_pardus_release" = xyes; then : + distro_type="pardus" +fi + + if test "z$distro_type" = "z"; then + echo "Linux distribution autodetection failed, specify the distribution to target using --with-os-type=" + else + operating_system=`echo ${distro_type} | tr '[:upper:]' '[:lower:]' ` + fi +fi + +#### Sort out OS (distro-tweaks required) +if test x$with_os_type = x; then + if test x$operating_system = xredhat ; then + with_os_type=redhat + elif test x$operating_system = xsuse ; then + with_os_type=suse + elif test x$operating_system = xgentoo ; then + with_os_type=gentoo + elif test x$operating_system = xpardus ; then + with_os_type=pardus + elif test x$operating_system = xsolaris ; then + with_os_type=solaris + elif test x$operating_system = xfreebsd ; then + with_os_type=freebsd + else + with_os_type=unknown + fi +fi + +# (distro-tweaks required) + if test x$with_os_type = xunknown; then + OS_TYPE_UNKNOWN_TRUE= + OS_TYPE_UNKNOWN_FALSE='#' +else + OS_TYPE_UNKNOWN_TRUE='#' + OS_TYPE_UNKNOWN_FALSE= +fi + + if test x$with_os_type = xredhat; then + OS_TYPE_RED_HAT_TRUE= + OS_TYPE_RED_HAT_FALSE='#' +else + OS_TYPE_RED_HAT_TRUE='#' + OS_TYPE_RED_HAT_FALSE= +fi + + if test x$with_os_type = xsuse; then + OS_TYPE_SUSE_TRUE= + OS_TYPE_SUSE_FALSE='#' +else + OS_TYPE_SUSE_TRUE='#' + OS_TYPE_SUSE_FALSE= +fi + + if test x$with_os_type = xgentoo; then + OS_TYPE_GENTOO_TRUE= + OS_TYPE_GENTOO_FALSE='#' +else + OS_TYPE_GENTOO_TRUE='#' + OS_TYPE_GENTOO_FALSE= +fi + + if test x$with_os_type = xpardus; then + OS_TYPE_PARDUS_TRUE= + OS_TYPE_PARDUS_FALSE='#' +else + OS_TYPE_PARDUS_TRUE='#' + OS_TYPE_PARDUS_FALSE= +fi + + if test x$with_os_type = xsolaris; then + OS_TYPE_SOLARIS_TRUE= + OS_TYPE_SOLARIS_FALSE='#' +else + OS_TYPE_SOLARIS_TRUE='#' + OS_TYPE_SOLARIS_FALSE= +fi + + if test x$with_os_type = xfreebsd; then + OS_TYPE_FREEBSD_TRUE= + OS_TYPE_FREEBSD_FALSE='#' +else + OS_TYPE_FREEBSD_TRUE='#' + OS_TYPE_FREEBSD_FALSE= +fi + + + +# Check whether --with-pam-include was given. +if test "${with_pam_include+set}" = set; then : + withval=$with_pam_include; +fi + + +#### Set up pam file to include (distro-tweaks required) +if ! test -z "$with_pam_include"; then + PAM_FILE_INCLUDE_AUTH=$with_pam_include + PAM_FILE_INCLUDE_ACCOUNT=$with_pam_include + PAM_FILE_INCLUDE_PASSWORD=$with_pam_include + PAM_FILE_INCLUDE_SESSION=$with_pam_include +elif test x$with_os_type = xredhat -o x$with_os_type = xgentoo -o x$with_os_type = xpardus ; then + PAM_FILE_INCLUDE_AUTH=system-auth + PAM_FILE_INCLUDE_ACCOUNT=system-auth + PAM_FILE_INCLUDE_PASSWORD=system-auth + PAM_FILE_INCLUDE_SESSION=system-auth +elif test x$with_os_type = xsuse -o x$with_os_type = xsolaris ; then + PAM_FILE_INCLUDE_AUTH=common-auth + PAM_FILE_INCLUDE_ACCOUNT=common-account + PAM_FILE_INCLUDE_PASSWORD=common-password + PAM_FILE_INCLUDE_SESSION=common-session +elif test x$with_os_type = xfreebsd ; then + PAM_FILE_INCLUDE_AUTH=system + PAM_FILE_INCLUDE_ACCOUNT=system + PAM_FILE_INCLUDE_PASSWORD=system + PAM_FILE_INCLUDE_SESSION=system +else + PAM_FILE_INCLUDE_AUTH=system-auth + PAM_FILE_INCLUDE_ACCOUNT=system-auth + PAM_FILE_INCLUDE_PASSWORD=system-auth + PAM_FILE_INCLUDE_SESSION=system-auth +fi + + + + + + +cat >>confdefs.h <<_ACEOF +#define PAM_FILE_INCLUDE_AUTH "$PAM_FILE_INCLUDE_AUTH" +_ACEOF + + +cat >>confdefs.h <<_ACEOF +#define PAM_FILE_INCLUDE_ACCOUNT "$PAM_FILE_INCLUDE_ACCOUNT" +_ACEOF + + +cat >>confdefs.h <<_ACEOF +#define PAM_FILE_INCLUDE_PASSWORD "$PAM_FILE_INCLUDE_PASSWORD" +_ACEOF + + +cat >>confdefs.h <<_ACEOF +#define PAM_FILE_INCLUDE_SESSION "$PAM_FILE_INCLUDE_SESSION" +_ACEOF + + +case "$host_os" in + *linux*) + ;; + *solaris*) + +$as_echo "#define HAVE_SOLARIS 1" >>confdefs.h + + ;; + *freebsd*) + +$as_echo "#define HAVE_FREEBSD 1" >>confdefs.h + + ;; +esac + + + + + # Check whether --enable-introspection was given. +if test "${enable_introspection+set}" = set; then : + enableval=$enable_introspection; +else + enable_introspection=auto +fi + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for gobject-introspection" >&5 +$as_echo_n "checking for gobject-introspection... " >&6; } + + case $enable_introspection in #( + no) : + found_introspection="no (disabled, use --enable-introspection to enable)" + ;; #( + yes) : + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"gobject-introspection-1.0\""; } >&5 + ($PKG_CONFIG --exists --print-errors "gobject-introspection-1.0") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + : +else + as_fn_error $? "gobject-introspection-1.0 is not installed" "$LINENO" 5 +fi + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"gobject-introspection-1.0 >= 0.6.2\""; } >&5 + ($PKG_CONFIG --exists --print-errors "gobject-introspection-1.0 >= 0.6.2") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + found_introspection=yes +else + as_fn_error $? "You need to have gobject-introspection >= 0.6.2 installed to build polkit" "$LINENO" 5 +fi + ;; #( + auto) : + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"gobject-introspection-1.0 >= 0.6.2\""; } >&5 + ($PKG_CONFIG --exists --print-errors "gobject-introspection-1.0 >= 0.6.2") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + found_introspection=yes +else + found_introspection=no +fi + enable_introspection=$found_introspection + ;; #( + *) : + as_fn_error $? "invalid argument passed to --enable-introspection, should be one of [no/auto/yes]" "$LINENO" 5 + ;; +esac + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $found_introspection" >&5 +$as_echo "$found_introspection" >&6; } + + INTROSPECTION_SCANNER= + INTROSPECTION_COMPILER= + INTROSPECTION_GENERATE= + INTROSPECTION_GIRDIR= + INTROSPECTION_TYPELIBDIR= + if test "x$found_introspection" = "xyes"; then + INTROSPECTION_SCANNER=`$PKG_CONFIG --variable=g_ir_scanner gobject-introspection-1.0` + INTROSPECTION_COMPILER=`$PKG_CONFIG --variable=g_ir_compiler gobject-introspection-1.0` + INTROSPECTION_GENERATE=`$PKG_CONFIG --variable=g_ir_generate gobject-introspection-1.0` + INTROSPECTION_GIRDIR=`$PKG_CONFIG --variable=girdir gobject-introspection-1.0` + INTROSPECTION_TYPELIBDIR="$($PKG_CONFIG --variable=typelibdir gobject-introspection-1.0)" + INTROSPECTION_CFLAGS=`$PKG_CONFIG --cflags gobject-introspection-1.0` + INTROSPECTION_LIBS=`$PKG_CONFIG --libs gobject-introspection-1.0` + INTROSPECTION_MAKEFILE=`$PKG_CONFIG --variable=datadir gobject-introspection-1.0`/gobject-introspection-1.0/Makefile.introspection + fi + + + + + + + + + + if test "x$found_introspection" = "xyes"; then + HAVE_INTROSPECTION_TRUE= + HAVE_INTROSPECTION_FALSE='#' +else + HAVE_INTROSPECTION_TRUE='#' + HAVE_INTROSPECTION_FALSE= +fi + + + + +# Check whether --enable-examples was given. +if test "${enable_examples+set}" = set; then : + enableval=$enable_examples; +else + enable_examples=yes +fi + + + if test "x$enable_examples" = "xyes"; then + BUILD_EXAMPLES_TRUE= + BUILD_EXAMPLES_FALSE='#' +else + BUILD_EXAMPLES_TRUE='#' + BUILD_EXAMPLES_FALSE= +fi + + +# ******************** +# Internationalization +# ******************** + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether NLS is requested" >&5 +$as_echo_n "checking whether NLS is requested... " >&6; } + # Check whether --enable-nls was given. +if test "${enable_nls+set}" = set; then : + enableval=$enable_nls; USE_NLS=$enableval +else + USE_NLS=yes +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $USE_NLS" >&5 +$as_echo "$USE_NLS" >&6; } + + + + +case "$am__api_version" in + 1.01234) + as_fn_error $? "Automake 1.5 or newer is required to use intltool" "$LINENO" 5 + ;; + *) + ;; +esac + +INTLTOOL_REQUIRED_VERSION_AS_INT=`echo 0.40.0 | awk -F. '{ print $ 1 * 1000 + $ 2 * 100 + $ 3; }'` +INTLTOOL_APPLIED_VERSION=`intltool-update --version | head -1 | cut -d" " -f3` +INTLTOOL_APPLIED_VERSION_AS_INT=`echo $INTLTOOL_APPLIED_VERSION | awk -F. '{ print $ 1 * 1000 + $ 2 * 100 + $ 3; }'` +if test -n "0.40.0"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for intltool >= 0.40.0" >&5 +$as_echo_n "checking for intltool >= 0.40.0... " >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $INTLTOOL_APPLIED_VERSION found" >&5 +$as_echo "$INTLTOOL_APPLIED_VERSION found" >&6; } + test "$INTLTOOL_APPLIED_VERSION_AS_INT" -ge "$INTLTOOL_REQUIRED_VERSION_AS_INT" || + as_fn_error $? "Your intltool is too old. You need intltool 0.40.0 or later." "$LINENO" 5 +fi + +# Extract the first word of "intltool-update", so it can be a program name with args. +set dummy intltool-update; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_INTLTOOL_UPDATE+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $INTLTOOL_UPDATE in + [\\/]* | ?:[\\/]*) + ac_cv_path_INTLTOOL_UPDATE="$INTLTOOL_UPDATE" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_path_INTLTOOL_UPDATE="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +INTLTOOL_UPDATE=$ac_cv_path_INTLTOOL_UPDATE +if test -n "$INTLTOOL_UPDATE"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $INTLTOOL_UPDATE" >&5 +$as_echo "$INTLTOOL_UPDATE" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +# Extract the first word of "intltool-merge", so it can be a program name with args. +set dummy intltool-merge; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_INTLTOOL_MERGE+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $INTLTOOL_MERGE in + [\\/]* | ?:[\\/]*) + ac_cv_path_INTLTOOL_MERGE="$INTLTOOL_MERGE" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_path_INTLTOOL_MERGE="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +INTLTOOL_MERGE=$ac_cv_path_INTLTOOL_MERGE +if test -n "$INTLTOOL_MERGE"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $INTLTOOL_MERGE" >&5 +$as_echo "$INTLTOOL_MERGE" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +# Extract the first word of "intltool-extract", so it can be a program name with args. +set dummy intltool-extract; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_INTLTOOL_EXTRACT+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $INTLTOOL_EXTRACT in + [\\/]* | ?:[\\/]*) + ac_cv_path_INTLTOOL_EXTRACT="$INTLTOOL_EXTRACT" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_path_INTLTOOL_EXTRACT="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +INTLTOOL_EXTRACT=$ac_cv_path_INTLTOOL_EXTRACT +if test -n "$INTLTOOL_EXTRACT"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $INTLTOOL_EXTRACT" >&5 +$as_echo "$INTLTOOL_EXTRACT" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +if test -z "$INTLTOOL_UPDATE" -o -z "$INTLTOOL_MERGE" -o -z "$INTLTOOL_EXTRACT"; then + as_fn_error $? "The intltool scripts were not found. Please install intltool." "$LINENO" 5 +fi + +if test -z "$AM_DEFAULT_VERBOSITY"; then + AM_DEFAULT_VERBOSITY=1 +fi + + +INTLTOOL_V_MERGE='$(INTLTOOL__v_MERGE_$(V))' +INTLTOOL__v_MERGE_='$(INTLTOOL__v_MERGE_$(AM_DEFAULT_VERBOSITY))' +INTLTOOL__v_MERGE_0='@echo " ITMRG " $@;' + + + + +INTLTOOL_V_MERGE_OPTIONS='$(intltool__v_merge_options_$(V))' +intltool__v_merge_options_='$(intltool__v_merge_options_$(AM_DEFAULT_VERBOSITY))' +intltool__v_merge_options_0='-q' + + + + + INTLTOOL_DESKTOP_RULE='%.desktop: %.desktop.in $(INTLTOOL_MERGE) $(wildcard $(top_srcdir)/po/*.po) ; $(INTLTOOL_V_MERGE)LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -d -u -c $(top_builddir)/po/.intltool-merge-cache $(top_srcdir)/po $< $@' +INTLTOOL_DIRECTORY_RULE='%.directory: %.directory.in $(INTLTOOL_MERGE) $(wildcard $(top_srcdir)/po/*.po) ; $(INTLTOOL_V_MERGE)LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -d -u -c $(top_builddir)/po/.intltool-merge-cache $(top_srcdir)/po $< $@' + INTLTOOL_KEYS_RULE='%.keys: %.keys.in $(INTLTOOL_MERGE) $(wildcard $(top_srcdir)/po/*.po) ; $(INTLTOOL_V_MERGE)LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -k -u -c $(top_builddir)/po/.intltool-merge-cache $(top_srcdir)/po $< $@' + INTLTOOL_PROP_RULE='%.prop: %.prop.in $(INTLTOOL_MERGE) $(wildcard $(top_srcdir)/po/*.po) ; $(INTLTOOL_V_MERGE)LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -d -u -c $(top_builddir)/po/.intltool-merge-cache $(top_srcdir)/po $< $@' + INTLTOOL_OAF_RULE='%.oaf: %.oaf.in $(INTLTOOL_MERGE) $(wildcard $(top_srcdir)/po/*.po) ; $(INTLTOOL_V_MERGE)LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -o -p $(top_srcdir)/po $< $@' + INTLTOOL_PONG_RULE='%.pong: %.pong.in $(INTLTOOL_MERGE) $(wildcard $(top_srcdir)/po/*.po) ; $(INTLTOOL_V_MERGE)LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -x -u -c $(top_builddir)/po/.intltool-merge-cache $(top_srcdir)/po $< $@' + INTLTOOL_SERVER_RULE='%.server: %.server.in $(INTLTOOL_MERGE) $(wildcard $(top_srcdir)/po/*.po) ; $(INTLTOOL_V_MERGE)LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -o -u -c $(top_builddir)/po/.intltool-merge-cache $(top_srcdir)/po $< $@' + INTLTOOL_SHEET_RULE='%.sheet: %.sheet.in $(INTLTOOL_MERGE) $(wildcard $(top_srcdir)/po/*.po) ; $(INTLTOOL_V_MERGE)LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -x -u -c $(top_builddir)/po/.intltool-merge-cache $(top_srcdir)/po $< $@' +INTLTOOL_SOUNDLIST_RULE='%.soundlist: %.soundlist.in $(INTLTOOL_MERGE) $(wildcard $(top_srcdir)/po/*.po) ; $(INTLTOOL_V_MERGE)LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -d -u -c $(top_builddir)/po/.intltool-merge-cache $(top_srcdir)/po $< $@' + INTLTOOL_UI_RULE='%.ui: %.ui.in $(INTLTOOL_MERGE) $(wildcard $(top_srcdir)/po/*.po) ; $(INTLTOOL_V_MERGE)LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -x -u -c $(top_builddir)/po/.intltool-merge-cache $(top_srcdir)/po $< $@' + INTLTOOL_XML_RULE='%.xml: %.xml.in $(INTLTOOL_MERGE) $(wildcard $(top_srcdir)/po/*.po) ; $(INTLTOOL_V_MERGE)LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -x -u -c $(top_builddir)/po/.intltool-merge-cache $(top_srcdir)/po $< $@' +if test "$INTLTOOL_APPLIED_VERSION_AS_INT" -ge 5000; then + INTLTOOL_XML_NOMERGE_RULE='%.xml: %.xml.in $(INTLTOOL_MERGE) ; $(INTLTOOL_V_MERGE)LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -x -u --no-translations $< $@' +else + INTLTOOL_XML_NOMERGE_RULE='%.xml: %.xml.in $(INTLTOOL_MERGE) ; $(INTLTOOL_V_MERGE)_it_tmp_dir=tmp.intltool.$$RANDOM && mkdir $$_it_tmp_dir && LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -x -u $$_it_tmp_dir $< $@ && rmdir $$_it_tmp_dir' +fi + INTLTOOL_XAM_RULE='%.xam: %.xml.in $(INTLTOOL_MERGE) $(wildcard $(top_srcdir)/po/*.po) ; $(INTLTOOL_V_MERGE)LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -x -u -c $(top_builddir)/po/.intltool-merge-cache $(top_srcdir)/po $< $@' + INTLTOOL_KBD_RULE='%.kbd: %.kbd.in $(INTLTOOL_MERGE) $(wildcard $(top_srcdir)/po/*.po) ; $(INTLTOOL_V_MERGE)LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -x -u -m -c $(top_builddir)/po/.intltool-merge-cache $(top_srcdir)/po $< $@' + INTLTOOL_CAVES_RULE='%.caves: %.caves.in $(INTLTOOL_MERGE) $(wildcard $(top_srcdir)/po/*.po) ; $(INTLTOOL_V_MERGE)LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -d -u -c $(top_builddir)/po/.intltool-merge-cache $(top_srcdir)/po $< $@' + INTLTOOL_SCHEMAS_RULE='%.schemas: %.schemas.in $(INTLTOOL_MERGE) $(wildcard $(top_srcdir)/po/*.po) ; $(INTLTOOL_V_MERGE)LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -s -u -c $(top_builddir)/po/.intltool-merge-cache $(top_srcdir)/po $< $@' + INTLTOOL_THEME_RULE='%.theme: %.theme.in $(INTLTOOL_MERGE) $(wildcard $(top_srcdir)/po/*.po) ; $(INTLTOOL_V_MERGE)LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -d -u -c $(top_builddir)/po/.intltool-merge-cache $(top_srcdir)/po $< $@' + INTLTOOL_SERVICE_RULE='%.service: %.service.in $(INTLTOOL_MERGE) $(wildcard $(top_srcdir)/po/*.po) ; $(INTLTOOL_V_MERGE)LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -d -u -c $(top_builddir)/po/.intltool-merge-cache $(top_srcdir)/po $< $@' + INTLTOOL_POLICY_RULE='%.policy: %.policy.in $(INTLTOOL_MERGE) $(wildcard $(top_srcdir)/po/*.po) ; $(INTLTOOL_V_MERGE)LC_ALL=C $(INTLTOOL_MERGE) $(INTLTOOL_V_MERGE_OPTIONS) -x -u -c $(top_builddir)/po/.intltool-merge-cache $(top_srcdir)/po $< $@' + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +# Check the gettext tools to make sure they are GNU +# Extract the first word of "xgettext", so it can be a program name with args. +set dummy xgettext; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_XGETTEXT+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $XGETTEXT in + [\\/]* | ?:[\\/]*) + ac_cv_path_XGETTEXT="$XGETTEXT" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_path_XGETTEXT="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +XGETTEXT=$ac_cv_path_XGETTEXT +if test -n "$XGETTEXT"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $XGETTEXT" >&5 +$as_echo "$XGETTEXT" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +# Extract the first word of "msgmerge", so it can be a program name with args. +set dummy msgmerge; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_MSGMERGE+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $MSGMERGE in + [\\/]* | ?:[\\/]*) + ac_cv_path_MSGMERGE="$MSGMERGE" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_path_MSGMERGE="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +MSGMERGE=$ac_cv_path_MSGMERGE +if test -n "$MSGMERGE"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MSGMERGE" >&5 +$as_echo "$MSGMERGE" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +# Extract the first word of "msgfmt", so it can be a program name with args. +set dummy msgfmt; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_MSGFMT+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $MSGFMT in + [\\/]* | ?:[\\/]*) + ac_cv_path_MSGFMT="$MSGFMT" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_path_MSGFMT="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +MSGFMT=$ac_cv_path_MSGFMT +if test -n "$MSGFMT"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MSGFMT" >&5 +$as_echo "$MSGFMT" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +# Extract the first word of "gmsgfmt", so it can be a program name with args. +set dummy gmsgfmt; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_GMSGFMT+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $GMSGFMT in + [\\/]* | ?:[\\/]*) + ac_cv_path_GMSGFMT="$GMSGFMT" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_path_GMSGFMT="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + test -z "$ac_cv_path_GMSGFMT" && ac_cv_path_GMSGFMT="$MSGFMT" + ;; +esac +fi +GMSGFMT=$ac_cv_path_GMSGFMT +if test -n "$GMSGFMT"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $GMSGFMT" >&5 +$as_echo "$GMSGFMT" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +if test -z "$XGETTEXT" -o -z "$MSGMERGE" -o -z "$MSGFMT"; then + as_fn_error $? "GNU gettext tools not found; required for intltool" "$LINENO" 5 +fi +xgversion="`$XGETTEXT --version|grep '(GNU ' 2> /dev/null`" +mmversion="`$MSGMERGE --version|grep '(GNU ' 2> /dev/null`" +mfversion="`$MSGFMT --version|grep '(GNU ' 2> /dev/null`" +if test -z "$xgversion" -o -z "$mmversion" -o -z "$mfversion"; then + as_fn_error $? "GNU gettext tools not found; required for intltool" "$LINENO" 5 +fi + +# Extract the first word of "perl", so it can be a program name with args. +set dummy perl; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_INTLTOOL_PERL+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $INTLTOOL_PERL in + [\\/]* | ?:[\\/]*) + ac_cv_path_INTLTOOL_PERL="$INTLTOOL_PERL" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_path_INTLTOOL_PERL="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +INTLTOOL_PERL=$ac_cv_path_INTLTOOL_PERL +if test -n "$INTLTOOL_PERL"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $INTLTOOL_PERL" >&5 +$as_echo "$INTLTOOL_PERL" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +if test -z "$INTLTOOL_PERL"; then + as_fn_error $? "perl not found" "$LINENO" 5 +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for perl >= 5.8.1" >&5 +$as_echo_n "checking for perl >= 5.8.1... " >&6; } +$INTLTOOL_PERL -e "use 5.8.1;" > /dev/null 2>&1 +if test $? -ne 0; then + as_fn_error $? "perl 5.8.1 is required for intltool" "$LINENO" 5 +else + IT_PERL_VERSION=`$INTLTOOL_PERL -e "printf '%vd', $^V"` + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $IT_PERL_VERSION" >&5 +$as_echo "$IT_PERL_VERSION" >&6; } +fi +if test "x" != "xno-xml"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for XML::Parser" >&5 +$as_echo_n "checking for XML::Parser... " >&6; } + if `$INTLTOOL_PERL -e "require XML::Parser" 2>/dev/null`; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: ok" >&5 +$as_echo "ok" >&6; } + else + as_fn_error $? "XML::Parser perl module is required for intltool" "$LINENO" 5 + fi +fi + +# Substitute ALL_LINGUAS so we can use it in po/Makefile + + +# Set DATADIRNAME correctly if it is not set yet +# (copied from glib-gettext.m4) +if test -z "$DATADIRNAME"; then + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ +extern int _nl_msg_cat_cntr; + return _nl_msg_cat_cntr + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + DATADIRNAME=share +else + case $host in + *-*-solaris*) + ac_fn_c_check_func "$LINENO" "bind_textdomain_codeset" "ac_cv_func_bind_textdomain_codeset" +if test "x$ac_cv_func_bind_textdomain_codeset" = xyes; then : + DATADIRNAME=share +else + DATADIRNAME=lib +fi + + ;; + *) + DATADIRNAME=lib + ;; + esac +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +fi + + + + + +GETTEXT_PACKAGE=polkit-1 + + + for ac_header in locale.h +do : + ac_fn_c_check_header_mongrel "$LINENO" "locale.h" "ac_cv_header_locale_h" "$ac_includes_default" +if test "x$ac_cv_header_locale_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_LOCALE_H 1 +_ACEOF + +fi + +done + + if test $ac_cv_header_locale_h = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for LC_MESSAGES" >&5 +$as_echo_n "checking for LC_MESSAGES... " >&6; } +if ${am_cv_val_LC_MESSAGES+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +int +main () +{ +return LC_MESSAGES + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + am_cv_val_LC_MESSAGES=yes +else + am_cv_val_LC_MESSAGES=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_val_LC_MESSAGES" >&5 +$as_echo "$am_cv_val_LC_MESSAGES" >&6; } + if test $am_cv_val_LC_MESSAGES = yes; then + +$as_echo "#define HAVE_LC_MESSAGES 1" >>confdefs.h + + fi + fi + USE_NLS=yes + + + gt_cv_have_gettext=no + + CATOBJEXT=NONE + XGETTEXT=: + INTLLIBS= + + ac_fn_c_check_header_mongrel "$LINENO" "libintl.h" "ac_cv_header_libintl_h" "$ac_includes_default" +if test "x$ac_cv_header_libintl_h" = xyes; then : + gt_cv_func_dgettext_libintl="no" + libintl_extra_libs="" + + # + # First check in libc + # + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ngettext in libc" >&5 +$as_echo_n "checking for ngettext in libc... " >&6; } +if ${gt_cv_func_ngettext_libc+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include + +int +main () +{ +return !ngettext ("","", 1) + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + gt_cv_func_ngettext_libc=yes +else + gt_cv_func_ngettext_libc=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gt_cv_func_ngettext_libc" >&5 +$as_echo "$gt_cv_func_ngettext_libc" >&6; } + + if test "$gt_cv_func_ngettext_libc" = "yes" ; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dgettext in libc" >&5 +$as_echo_n "checking for dgettext in libc... " >&6; } +if ${gt_cv_func_dgettext_libc+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include + +int +main () +{ +return !dgettext ("","") + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + gt_cv_func_dgettext_libc=yes +else + gt_cv_func_dgettext_libc=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gt_cv_func_dgettext_libc" >&5 +$as_echo "$gt_cv_func_dgettext_libc" >&6; } + fi + + if test "$gt_cv_func_ngettext_libc" = "yes" ; then + for ac_func in bind_textdomain_codeset +do : + ac_fn_c_check_func "$LINENO" "bind_textdomain_codeset" "ac_cv_func_bind_textdomain_codeset" +if test "x$ac_cv_func_bind_textdomain_codeset" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_BIND_TEXTDOMAIN_CODESET 1 +_ACEOF + +fi +done + + fi + + # + # If we don't have everything we want, check in libintl + # + if test "$gt_cv_func_dgettext_libc" != "yes" \ + || test "$gt_cv_func_ngettext_libc" != "yes" \ + || test "$ac_cv_func_bind_textdomain_codeset" != "yes" ; then + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for bindtextdomain in -lintl" >&5 +$as_echo_n "checking for bindtextdomain in -lintl... " >&6; } +if ${ac_cv_lib_intl_bindtextdomain+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lintl $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char bindtextdomain (); +int +main () +{ +return bindtextdomain (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_intl_bindtextdomain=yes +else + ac_cv_lib_intl_bindtextdomain=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_intl_bindtextdomain" >&5 +$as_echo "$ac_cv_lib_intl_bindtextdomain" >&6; } +if test "x$ac_cv_lib_intl_bindtextdomain" = xyes; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ngettext in -lintl" >&5 +$as_echo_n "checking for ngettext in -lintl... " >&6; } +if ${ac_cv_lib_intl_ngettext+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lintl $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char ngettext (); +int +main () +{ +return ngettext (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_intl_ngettext=yes +else + ac_cv_lib_intl_ngettext=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_intl_ngettext" >&5 +$as_echo "$ac_cv_lib_intl_ngettext" >&6; } +if test "x$ac_cv_lib_intl_ngettext" = xyes; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dgettext in -lintl" >&5 +$as_echo_n "checking for dgettext in -lintl... " >&6; } +if ${ac_cv_lib_intl_dgettext+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lintl $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char dgettext (); +int +main () +{ +return dgettext (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_intl_dgettext=yes +else + ac_cv_lib_intl_dgettext=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_intl_dgettext" >&5 +$as_echo "$ac_cv_lib_intl_dgettext" >&6; } +if test "x$ac_cv_lib_intl_dgettext" = xyes; then : + gt_cv_func_dgettext_libintl=yes +fi + +fi + +fi + + + if test "$gt_cv_func_dgettext_libintl" != "yes" ; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if -liconv is needed to use gettext" >&5 +$as_echo_n "checking if -liconv is needed to use gettext... " >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: " >&5 +$as_echo "" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ngettext in -lintl" >&5 +$as_echo_n "checking for ngettext in -lintl... " >&6; } +if ${ac_cv_lib_intl_ngettext+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lintl -liconv $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char ngettext (); +int +main () +{ +return ngettext (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_intl_ngettext=yes +else + ac_cv_lib_intl_ngettext=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_intl_ngettext" >&5 +$as_echo "$ac_cv_lib_intl_ngettext" >&6; } +if test "x$ac_cv_lib_intl_ngettext" = xyes; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dcgettext in -lintl" >&5 +$as_echo_n "checking for dcgettext in -lintl... " >&6; } +if ${ac_cv_lib_intl_dcgettext+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lintl -liconv $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char dcgettext (); +int +main () +{ +return dcgettext (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_intl_dcgettext=yes +else + ac_cv_lib_intl_dcgettext=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_intl_dcgettext" >&5 +$as_echo "$ac_cv_lib_intl_dcgettext" >&6; } +if test "x$ac_cv_lib_intl_dcgettext" = xyes; then : + gt_cv_func_dgettext_libintl=yes + libintl_extra_libs=-liconv +else + : +fi + +else + : +fi + + fi + + # + # If we found libintl, then check in it for bind_textdomain_codeset(); + # we'll prefer libc if neither have bind_textdomain_codeset(), + # and both have dgettext and ngettext + # + if test "$gt_cv_func_dgettext_libintl" = "yes" ; then + glib_save_LIBS="$LIBS" + LIBS="$LIBS -lintl $libintl_extra_libs" + unset ac_cv_func_bind_textdomain_codeset + for ac_func in bind_textdomain_codeset +do : + ac_fn_c_check_func "$LINENO" "bind_textdomain_codeset" "ac_cv_func_bind_textdomain_codeset" +if test "x$ac_cv_func_bind_textdomain_codeset" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_BIND_TEXTDOMAIN_CODESET 1 +_ACEOF + +fi +done + + LIBS="$glib_save_LIBS" + + if test "$ac_cv_func_bind_textdomain_codeset" = "yes" ; then + gt_cv_func_dgettext_libc=no + else + if test "$gt_cv_func_dgettext_libc" = "yes" \ + && test "$gt_cv_func_ngettext_libc" = "yes"; then + gt_cv_func_dgettext_libintl=no + fi + fi + fi + fi + + if test "$gt_cv_func_dgettext_libc" = "yes" \ + || test "$gt_cv_func_dgettext_libintl" = "yes"; then + gt_cv_have_gettext=yes + fi + + if test "$gt_cv_func_dgettext_libintl" = "yes"; then + INTLLIBS="-lintl $libintl_extra_libs" + fi + + if test "$gt_cv_have_gettext" = "yes"; then + +$as_echo "#define HAVE_GETTEXT 1" >>confdefs.h + + # Extract the first word of "msgfmt", so it can be a program name with args. +set dummy msgfmt; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_MSGFMT+:} false; then : + $as_echo_n "(cached) " >&6 +else + case "$MSGFMT" in + /*) + ac_cv_path_MSGFMT="$MSGFMT" # Let the user override the test with a path. + ;; + *) + IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:" + for ac_dir in $PATH; do + test -z "$ac_dir" && ac_dir=. + if test -f $ac_dir/$ac_word; then + if test -z "`$ac_dir/$ac_word -h 2>&1 | grep 'dv '`"; then + ac_cv_path_MSGFMT="$ac_dir/$ac_word" + break + fi + fi + done + IFS="$ac_save_ifs" + test -z "$ac_cv_path_MSGFMT" && ac_cv_path_MSGFMT="no" + ;; +esac +fi +MSGFMT="$ac_cv_path_MSGFMT" +if test "$MSGFMT" != "no"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MSGFMT" >&5 +$as_echo "$MSGFMT" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + if test "$MSGFMT" != "no"; then + glib_save_LIBS="$LIBS" + LIBS="$LIBS $INTLLIBS" + for ac_func in dcgettext +do : + ac_fn_c_check_func "$LINENO" "dcgettext" "ac_cv_func_dcgettext" +if test "x$ac_cv_func_dcgettext" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_DCGETTEXT 1 +_ACEOF + +fi +done + + MSGFMT_OPTS= + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if msgfmt accepts -c" >&5 +$as_echo_n "checking if msgfmt accepts -c... " >&6; } + cat >conftest.foo <<_ACEOF + +msgid "" +msgstr "" +"Content-Type: text/plain; charset=UTF-8\n" +"Project-Id-Version: test 1.0\n" +"PO-Revision-Date: 2007-02-15 12:01+0100\n" +"Last-Translator: test \n" +"Language-Team: C \n" +"MIME-Version: 1.0\n" +"Content-Transfer-Encoding: 8bit\n" + +_ACEOF +if { { $as_echo "$as_me:${as_lineno-$LINENO}: \$MSGFMT -c -o /dev/null conftest.foo"; } >&5 + ($MSGFMT -c -o /dev/null conftest.foo) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + MSGFMT_OPTS=-c; { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } +else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +echo "$as_me: failed input was:" >&5 +sed 's/^/| /' conftest.foo >&5 +fi + + # Extract the first word of "gmsgfmt", so it can be a program name with args. +set dummy gmsgfmt; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_GMSGFMT+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $GMSGFMT in + [\\/]* | ?:[\\/]*) + ac_cv_path_GMSGFMT="$GMSGFMT" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_path_GMSGFMT="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + test -z "$ac_cv_path_GMSGFMT" && ac_cv_path_GMSGFMT="$MSGFMT" + ;; +esac +fi +GMSGFMT=$ac_cv_path_GMSGFMT +if test -n "$GMSGFMT"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $GMSGFMT" >&5 +$as_echo "$GMSGFMT" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + # Extract the first word of "xgettext", so it can be a program name with args. +set dummy xgettext; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_XGETTEXT+:} false; then : + $as_echo_n "(cached) " >&6 +else + case "$XGETTEXT" in + /*) + ac_cv_path_XGETTEXT="$XGETTEXT" # Let the user override the test with a path. + ;; + *) + IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:" + for ac_dir in $PATH; do + test -z "$ac_dir" && ac_dir=. + if test -f $ac_dir/$ac_word; then + if test -z "`$ac_dir/$ac_word -h 2>&1 | grep '(HELP)'`"; then + ac_cv_path_XGETTEXT="$ac_dir/$ac_word" + break + fi + fi + done + IFS="$ac_save_ifs" + test -z "$ac_cv_path_XGETTEXT" && ac_cv_path_XGETTEXT=":" + ;; +esac +fi +XGETTEXT="$ac_cv_path_XGETTEXT" +if test "$XGETTEXT" != ":"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $XGETTEXT" >&5 +$as_echo "$XGETTEXT" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ +extern int _nl_msg_cat_cntr; + return _nl_msg_cat_cntr + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + CATOBJEXT=.gmo + DATADIRNAME=share +else + case $host in + *-*-solaris*) + ac_fn_c_check_func "$LINENO" "bind_textdomain_codeset" "ac_cv_func_bind_textdomain_codeset" +if test "x$ac_cv_func_bind_textdomain_codeset" = xyes; then : + CATOBJEXT=.gmo + DATADIRNAME=share +else + CATOBJEXT=.mo + DATADIRNAME=lib +fi + + ;; + *-*-openbsd*) + CATOBJEXT=.mo + DATADIRNAME=share + ;; + *) + CATOBJEXT=.mo + DATADIRNAME=lib + ;; + esac +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + LIBS="$glib_save_LIBS" + INSTOBJEXT=.mo + else + gt_cv_have_gettext=no + fi + fi + +fi + + + + if test "$gt_cv_have_gettext" = "yes" ; then + +$as_echo "#define ENABLE_NLS 1" >>confdefs.h + + fi + + if test "$XGETTEXT" != ":"; then + if $XGETTEXT --omit-header /dev/null 2> /dev/null; then + : ; + else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: found xgettext program is not GNU xgettext; ignore it" >&5 +$as_echo "found xgettext program is not GNU xgettext; ignore it" >&6; } + XGETTEXT=":" + fi + fi + + # We need to process the po/ directory. + POSUB=po + + ac_config_commands="$ac_config_commands default-1" + + + for lang in $ALL_LINGUAS; do + GMOFILES="$GMOFILES $lang.gmo" + POFILES="$POFILES $lang.po" + done + + + + + + + + + + + + + + if test "$gt_cv_have_gettext" = "yes"; then + if test "x$ALL_LINGUAS" = "x"; then + LINGUAS= + else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for catalogs to be installed" >&5 +$as_echo_n "checking for catalogs to be installed... " >&6; } + NEW_LINGUAS= + for presentlang in $ALL_LINGUAS; do + useit=no + if test "%UNSET%" != "${LINGUAS-%UNSET%}"; then + desiredlanguages="$LINGUAS" + else + desiredlanguages="$ALL_LINGUAS" + fi + for desiredlang in $desiredlanguages; do + # Use the presentlang catalog if desiredlang is + # a. equal to presentlang, or + # b. a variant of presentlang (because in this case, + # presentlang can be used as a fallback for messages + # which are not translated in the desiredlang catalog). + case "$desiredlang" in + "$presentlang"*) useit=yes;; + esac + done + if test $useit = yes; then + NEW_LINGUAS="$NEW_LINGUAS $presentlang" + fi + done + LINGUAS=$NEW_LINGUAS + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LINGUAS" >&5 +$as_echo "$LINGUAS" >&6; } + fi + + if test -n "$LINGUAS"; then + for lang in $LINGUAS; do CATALOGS="$CATALOGS $lang$CATOBJEXT"; done + fi + fi + + MKINSTALLDIRS= + if test -n "$ac_aux_dir"; then + MKINSTALLDIRS="$ac_aux_dir/mkinstalldirs" + fi + if test -z "$MKINSTALLDIRS"; then + MKINSTALLDIRS="\$(top_srcdir)/mkinstalldirs" + fi + + + test -d po || mkdir po + if test "x$srcdir" != "x."; then + if test "x`echo $srcdir | sed 's@/.*@@'`" = "x"; then + posrcprefix="$srcdir/" + else + posrcprefix="../$srcdir/" + fi + else + posrcprefix="../" + fi + rm -f po/POTFILES + sed -e "/^#/d" -e "/^\$/d" -e "s,.*, $posrcprefix& \\\\," -e "\$s/\(.*\) \\\\/\1/" \ + < $srcdir/po/POTFILES.in > po/POTFILES + + +cat >>confdefs.h <<_ACEOF +#define GETTEXT_PACKAGE "$GETTEXT_PACKAGE" +_ACEOF + + +ac_config_files="$ac_config_files Makefile actions/Makefile data/Makefile data/polkit-1 data/polkit-gobject-1.pc data/polkit-backend-1.pc data/polkit-agent-1.pc src/Makefile src/polkit/Makefile src/polkitbackend/Makefile src/polkitagent/Makefile src/polkitd/Makefile src/programs/Makefile src/examples/Makefile src/nullbackend/Makefile docs/version.xml docs/extensiondir.xml docs/Makefile docs/polkit/Makefile docs/man/Makefile po/Makefile.in test/Makefile test/polkit/Makefile test/polkitbackend/Makefile" + +cat >confcache <<\_ACEOF +# This file is a shell script that caches the results of configure +# tests run on this system so they can be shared between configure +# scripts and configure runs, see configure's option --config-cache. +# It is not useful on other systems. If it contains results you don't +# want to keep, you may remove or edit it. +# +# config.status only pays attention to the cache file if you give it +# the --recheck option to rerun configure. +# +# `ac_cv_env_foo' variables (set or unset) will be overridden when +# loading this file, other *unset* `ac_cv_foo' will be assigned the +# following values. + +_ACEOF + +# The following way of writing the cache mishandles newlines in values, +# but we know of no workaround that is simple, portable, and efficient. +# So, we kill variables containing newlines. +# Ultrix sh set writes to stderr and can't be redirected directly, +# and sets the high bit in the cache file unless we assign to the vars. +( + for ac_var in `(set) 2>&1 | sed -n 's/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'`; do + eval ac_val=\$$ac_var + case $ac_val in #( + *${as_nl}*) + case $ac_var in #( + *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5 +$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; + esac + case $ac_var in #( + _ | IFS | as_nl) ;; #( + BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #( + *) { eval $ac_var=; unset $ac_var;} ;; + esac ;; + esac + done + + (set) 2>&1 | + case $as_nl`(ac_space=' '; set) 2>&1` in #( + *${as_nl}ac_space=\ *) + # `set' does not quote correctly, so add quotes: double-quote + # substitution turns \\\\ into \\, and sed turns \\ into \. + sed -n \ + "s/'/'\\\\''/g; + s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p" + ;; #( + *) + # `set' quotes correctly as required by POSIX, so do not add quotes. + sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p" + ;; + esac | + sort +) | + sed ' + /^ac_cv_env_/b end + t clear + :clear + s/^\([^=]*\)=\(.*[{}].*\)$/test "${\1+set}" = set || &/ + t end + s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/ + :end' >>confcache +if diff "$cache_file" confcache >/dev/null 2>&1; then :; else + if test -w "$cache_file"; then + if test "x$cache_file" != "x/dev/null"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: updating cache $cache_file" >&5 +$as_echo "$as_me: updating cache $cache_file" >&6;} + if test ! -f "$cache_file" || test -h "$cache_file"; then + cat confcache >"$cache_file" + else + case $cache_file in #( + */* | ?:*) + mv -f confcache "$cache_file"$$ && + mv -f "$cache_file"$$ "$cache_file" ;; #( + *) + mv -f confcache "$cache_file" ;; + esac + fi + fi + else + { $as_echo "$as_me:${as_lineno-$LINENO}: not updating unwritable cache $cache_file" >&5 +$as_echo "$as_me: not updating unwritable cache $cache_file" >&6;} + fi +fi +rm -f confcache + +test "x$prefix" = xNONE && prefix=$ac_default_prefix +# Let make expand exec_prefix. +test "x$exec_prefix" = xNONE && exec_prefix='${prefix}' + +DEFS=-DHAVE_CONFIG_H + +ac_libobjs= +ac_ltlibobjs= +U= +for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue + # 1. Remove the extension, and $U if already installed. + ac_script='s/\$U\././;s/\.o$//;s/\.obj$//' + ac_i=`$as_echo "$ac_i" | sed "$ac_script"` + # 2. Prepend LIBOBJDIR. When used with automake>=1.10 LIBOBJDIR + # will be set to the directory where LIBOBJS objects are built. + as_fn_append ac_libobjs " \${LIBOBJDIR}$ac_i\$U.$ac_objext" + as_fn_append ac_ltlibobjs " \${LIBOBJDIR}$ac_i"'$U.lo' +done +LIBOBJS=$ac_libobjs + +LTLIBOBJS=$ac_ltlibobjs + + + if test -n "$EXEEXT"; then + am__EXEEXT_TRUE= + am__EXEEXT_FALSE='#' +else + am__EXEEXT_TRUE='#' + am__EXEEXT_FALSE= +fi + +if test -z "${MAINTAINER_MODE_TRUE}" && test -z "${MAINTAINER_MODE_FALSE}"; then + as_fn_error $? "conditional \"MAINTAINER_MODE\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${AMDEP_TRUE}" && test -z "${AMDEP_FALSE}"; then + as_fn_error $? "conditional \"AMDEP\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${am__fastdepCC_TRUE}" && test -z "${am__fastdepCC_FALSE}"; then + as_fn_error $? "conditional \"am__fastdepCC\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${am__fastdepCC_TRUE}" && test -z "${am__fastdepCC_FALSE}"; then + as_fn_error $? "conditional \"am__fastdepCC\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${am__fastdepCC_TRUE}" && test -z "${am__fastdepCC_FALSE}"; then + as_fn_error $? "conditional \"am__fastdepCC\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${MAN_PAGES_ENABLED_TRUE}" && test -z "${MAN_PAGES_ENABLED_FALSE}"; then + as_fn_error $? "conditional \"MAN_PAGES_ENABLED\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${ENABLE_GTK_DOC_TRUE}" && test -z "${ENABLE_GTK_DOC_FALSE}"; then + as_fn_error $? "conditional \"ENABLE_GTK_DOC\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${GTK_DOC_BUILD_HTML_TRUE}" && test -z "${GTK_DOC_BUILD_HTML_FALSE}"; then + as_fn_error $? "conditional \"GTK_DOC_BUILD_HTML\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${GTK_DOC_BUILD_PDF_TRUE}" && test -z "${GTK_DOC_BUILD_PDF_FALSE}"; then + as_fn_error $? "conditional \"GTK_DOC_BUILD_PDF\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${GTK_DOC_USE_LIBTOOL_TRUE}" && test -z "${GTK_DOC_USE_LIBTOOL_FALSE}"; then + as_fn_error $? "conditional \"GTK_DOC_USE_LIBTOOL\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${GTK_DOC_USE_REBASE_TRUE}" && test -z "${GTK_DOC_USE_REBASE_FALSE}"; then + as_fn_error $? "conditional \"GTK_DOC_USE_REBASE\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${HAVE_SYSTEMD_TRUE}" && test -z "${HAVE_SYSTEMD_FALSE}"; then + as_fn_error $? "conditional \"HAVE_SYSTEMD\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${POLKIT_AUTHFW_NONE_TRUE}" && test -z "${POLKIT_AUTHFW_NONE_FALSE}"; then + as_fn_error $? "conditional \"POLKIT_AUTHFW_NONE\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${POLKIT_AUTHFW_PAM_TRUE}" && test -z "${POLKIT_AUTHFW_PAM_FALSE}"; then + as_fn_error $? "conditional \"POLKIT_AUTHFW_PAM\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${POLKIT_AUTHFW_SHADOW_TRUE}" && test -z "${POLKIT_AUTHFW_SHADOW_FALSE}"; then + as_fn_error $? "conditional \"POLKIT_AUTHFW_SHADOW\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${HAVE_PAM_TRUE}" && test -z "${HAVE_PAM_FALSE}"; then + as_fn_error $? "conditional \"HAVE_PAM\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${OS_TYPE_UNKNOWN_TRUE}" && test -z "${OS_TYPE_UNKNOWN_FALSE}"; then + as_fn_error $? "conditional \"OS_TYPE_UNKNOWN\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${OS_TYPE_RED_HAT_TRUE}" && test -z "${OS_TYPE_RED_HAT_FALSE}"; then + as_fn_error $? "conditional \"OS_TYPE_RED_HAT\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${OS_TYPE_SUSE_TRUE}" && test -z "${OS_TYPE_SUSE_FALSE}"; then + as_fn_error $? "conditional \"OS_TYPE_SUSE\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${OS_TYPE_GENTOO_TRUE}" && test -z "${OS_TYPE_GENTOO_FALSE}"; then + as_fn_error $? "conditional \"OS_TYPE_GENTOO\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${OS_TYPE_PARDUS_TRUE}" && test -z "${OS_TYPE_PARDUS_FALSE}"; then + as_fn_error $? "conditional \"OS_TYPE_PARDUS\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${OS_TYPE_SOLARIS_TRUE}" && test -z "${OS_TYPE_SOLARIS_FALSE}"; then + as_fn_error $? "conditional \"OS_TYPE_SOLARIS\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${OS_TYPE_FREEBSD_TRUE}" && test -z "${OS_TYPE_FREEBSD_FALSE}"; then + as_fn_error $? "conditional \"OS_TYPE_FREEBSD\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${HAVE_INTROSPECTION_TRUE}" && test -z "${HAVE_INTROSPECTION_FALSE}"; then + as_fn_error $? "conditional \"HAVE_INTROSPECTION\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${BUILD_EXAMPLES_TRUE}" && test -z "${BUILD_EXAMPLES_FALSE}"; then + as_fn_error $? "conditional \"BUILD_EXAMPLES\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi + + ac_config_commands="$ac_config_commands po/stamp-it" + + + +: "${CONFIG_STATUS=./config.status}" +ac_write_fail=0 +ac_clean_files_save=$ac_clean_files +ac_clean_files="$ac_clean_files $CONFIG_STATUS" +{ $as_echo "$as_me:${as_lineno-$LINENO}: creating $CONFIG_STATUS" >&5 +$as_echo "$as_me: creating $CONFIG_STATUS" >&6;} +as_write_fail=0 +cat >$CONFIG_STATUS <<_ASEOF || as_write_fail=1 +#! $SHELL +# Generated by $as_me. +# Run this file to recreate the current configuration. +# Compiler output produced by configure, useful for debugging +# configure, is in config.log if it exists. + +debug=false +ac_cs_recheck=false +ac_cs_silent=false + +SHELL=\${CONFIG_SHELL-$SHELL} +export SHELL +_ASEOF +cat >>$CONFIG_STATUS <<\_ASEOF || as_write_fail=1 +## -------------------- ## +## M4sh Initialization. ## +## -------------------- ## + +# Be more Bourne compatible +DUALCASE=1; export DUALCASE # for MKS sh +if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then : + emulate sh + NULLCMD=: + # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which + # is contrary to our usage. Disable this feature. + alias -g '${1+"$@"}'='"$@"' + setopt NO_GLOB_SUBST +else + case `(set -o) 2>/dev/null` in #( + *posix*) : + set -o posix ;; #( + *) : + ;; +esac +fi + + +as_nl=' +' +export as_nl +# Printing a long string crashes Solaris 7 /usr/bin/printf. +as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' +as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo +as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo +# Prefer a ksh shell builtin over an external printf program on Solaris, +# but without wasting forks for bash or zsh. +if test -z "$BASH_VERSION$ZSH_VERSION" \ + && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then + as_echo='print -r --' + as_echo_n='print -rn --' +elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then + as_echo='printf %s\n' + as_echo_n='printf %s' +else + if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then + as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"' + as_echo_n='/usr/ucb/echo -n' + else + as_echo_body='eval expr "X$1" : "X\\(.*\\)"' + as_echo_n_body='eval + arg=$1; + case $arg in #( + *"$as_nl"*) + expr "X$arg" : "X\\(.*\\)$as_nl"; + arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;; + esac; + expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl" + ' + export as_echo_n_body + as_echo_n='sh -c $as_echo_n_body as_echo' + fi + export as_echo_body + as_echo='sh -c $as_echo_body as_echo' +fi + +# The user is always right. +if test "${PATH_SEPARATOR+set}" != set; then + PATH_SEPARATOR=: + (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && { + (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 || + PATH_SEPARATOR=';' + } +fi + + +# IFS +# We need space, tab and new line, in precisely that order. Quoting is +# there to prevent editors from complaining about space-tab. +# (If _AS_PATH_WALK were called with IFS unset, it would disable word +# splitting by setting IFS to empty value.) +IFS=" "" $as_nl" + +# Find who we are. Look in the path if we contain no directory separator. +as_myself= +case $0 in #(( + *[\\/]* ) as_myself=$0 ;; + *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break + done +IFS=$as_save_IFS + + ;; +esac +# We did not find ourselves, most probably we were run as `sh COMMAND' +# in which case we are not to be found in the path. +if test "x$as_myself" = x; then + as_myself=$0 +fi +if test ! -f "$as_myself"; then + $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 + exit 1 +fi + +# Unset variables that we do not need and which cause bugs (e.g. in +# pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1" +# suppresses any "Segmentation fault" message there. '((' could +# trigger a bug in pdksh 5.2.14. +for as_var in BASH_ENV ENV MAIL MAILPATH +do eval test x\${$as_var+set} = xset \ + && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || : +done +PS1='$ ' +PS2='> ' +PS4='+ ' + +# NLS nuisances. +LC_ALL=C +export LC_ALL +LANGUAGE=C +export LANGUAGE + +# CDPATH. +(unset CDPATH) >/dev/null 2>&1 && unset CDPATH + + +# as_fn_error STATUS ERROR [LINENO LOG_FD] +# ---------------------------------------- +# Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are +# provided, also output the error to LOG_FD, referencing LINENO. Then exit the +# script with STATUS, using 1 if that was 0. +as_fn_error () +{ + as_status=$1; test $as_status -eq 0 && as_status=1 + if test "$4"; then + as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4 + fi + $as_echo "$as_me: error: $2" >&2 + as_fn_exit $as_status +} # as_fn_error + + +# as_fn_set_status STATUS +# ----------------------- +# Set $? to STATUS, without forking. +as_fn_set_status () +{ + return $1 +} # as_fn_set_status + +# as_fn_exit STATUS +# ----------------- +# Exit the shell with STATUS, even in a "trap 0" or "set -e" context. +as_fn_exit () +{ + set +e + as_fn_set_status $1 + exit $1 +} # as_fn_exit + +# as_fn_unset VAR +# --------------- +# Portably unset VAR. +as_fn_unset () +{ + { eval $1=; unset $1;} +} +as_unset=as_fn_unset +# as_fn_append VAR VALUE +# ---------------------- +# Append the text in VALUE to the end of the definition contained in VAR. Take +# advantage of any shell optimizations that allow amortized linear growth over +# repeated appends, instead of the typical quadratic growth present in naive +# implementations. +if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then : + eval 'as_fn_append () + { + eval $1+=\$2 + }' +else + as_fn_append () + { + eval $1=\$$1\$2 + } +fi # as_fn_append + +# as_fn_arith ARG... +# ------------------ +# Perform arithmetic evaluation on the ARGs, and store the result in the +# global $as_val. Take advantage of shells that can avoid forks. The arguments +# must be portable across $(()) and expr. +if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then : + eval 'as_fn_arith () + { + as_val=$(( $* )) + }' +else + as_fn_arith () + { + as_val=`expr "$@" || test $? -eq 1` + } +fi # as_fn_arith + + +if expr a : '\(a\)' >/dev/null 2>&1 && + test "X`expr 00001 : '.*\(...\)'`" = X001; then + as_expr=expr +else + as_expr=false +fi + +if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then + as_basename=basename +else + as_basename=false +fi + +if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then + as_dirname=dirname +else + as_dirname=false +fi + +as_me=`$as_basename -- "$0" || +$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ + X"$0" : 'X\(//\)$' \| \ + X"$0" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X/"$0" | + sed '/^.*\/\([^/][^/]*\)\/*$/{ + s//\1/ + q + } + /^X\/\(\/\/\)$/{ + s//\1/ + q + } + /^X\/\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + +# Avoid depending upon Character Ranges. +as_cr_letters='abcdefghijklmnopqrstuvwxyz' +as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' +as_cr_Letters=$as_cr_letters$as_cr_LETTERS +as_cr_digits='0123456789' +as_cr_alnum=$as_cr_Letters$as_cr_digits + +ECHO_C= ECHO_N= ECHO_T= +case `echo -n x` in #((((( +-n*) + case `echo 'xy\c'` in + *c*) ECHO_T=' ';; # ECHO_T is single tab character. + xy) ECHO_C='\c';; + *) echo `echo ksh88 bug on AIX 6.1` > /dev/null + ECHO_T=' ';; + esac;; +*) + ECHO_N='-n';; +esac + +rm -f conf$$ conf$$.exe conf$$.file +if test -d conf$$.dir; then + rm -f conf$$.dir/conf$$.file +else + rm -f conf$$.dir + mkdir conf$$.dir 2>/dev/null +fi +if (echo >conf$$.file) 2>/dev/null; then + if ln -s conf$$.file conf$$ 2>/dev/null; then + as_ln_s='ln -s' + # ... but there are two gotchas: + # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. + # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. + # In both cases, we have to default to `cp -p'. + ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || + as_ln_s='cp -p' + elif ln conf$$.file conf$$ 2>/dev/null; then + as_ln_s=ln + else + as_ln_s='cp -p' + fi +else + as_ln_s='cp -p' +fi +rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file +rmdir conf$$.dir 2>/dev/null + + +# as_fn_mkdir_p +# ------------- +# Create "$as_dir" as a directory, including parents if necessary. +as_fn_mkdir_p () +{ + + case $as_dir in #( + -*) as_dir=./$as_dir;; + esac + test -d "$as_dir" || eval $as_mkdir_p || { + as_dirs= + while :; do + case $as_dir in #( + *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'( + *) as_qdir=$as_dir;; + esac + as_dirs="'$as_qdir' $as_dirs" + as_dir=`$as_dirname -- "$as_dir" || +$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$as_dir" : 'X\(//\)[^/]' \| \ + X"$as_dir" : 'X\(//\)$' \| \ + X"$as_dir" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X"$as_dir" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + test -d "$as_dir" && break + done + test -z "$as_dirs" || eval "mkdir $as_dirs" + } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir" + + +} # as_fn_mkdir_p +if mkdir -p . 2>/dev/null; then + as_mkdir_p='mkdir -p "$as_dir"' +else + test -d ./-p && rmdir ./-p + as_mkdir_p=false +fi + +if test -x / >/dev/null 2>&1; then + as_test_x='test -x' +else + if ls -dL / >/dev/null 2>&1; then + as_ls_L_option=L + else + as_ls_L_option= + fi + as_test_x=' + eval sh -c '\'' + if test -d "$1"; then + test -d "$1/."; + else + case $1 in #( + -*)set "./$1";; + esac; + case `ls -ld'$as_ls_L_option' "$1" 2>/dev/null` in #(( + ???[sx]*):;;*)false;;esac;fi + '\'' sh + ' +fi +as_executable_p=$as_test_x + +# Sed expression to map a string onto a valid CPP name. +as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" + +# Sed expression to map a string onto a valid variable name. +as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" + + +exec 6>&1 +## ----------------------------------- ## +## Main body of $CONFIG_STATUS script. ## +## ----------------------------------- ## +_ASEOF +test $as_write_fail = 0 && chmod +x $CONFIG_STATUS || ac_write_fail=1 + +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +# Save the log message, to keep $0 and so on meaningful, and to +# report actual input values of CONFIG_FILES etc. instead of their +# values after options handling. +ac_log=" +This file was extended by polkit $as_me 0.105, which was +generated by GNU Autoconf 2.68. Invocation command line was + + CONFIG_FILES = $CONFIG_FILES + CONFIG_HEADERS = $CONFIG_HEADERS + CONFIG_LINKS = $CONFIG_LINKS + CONFIG_COMMANDS = $CONFIG_COMMANDS + $ $0 $@ + +on `(hostname || uname -n) 2>/dev/null | sed 1q` +" + +_ACEOF + +case $ac_config_files in *" +"*) set x $ac_config_files; shift; ac_config_files=$*;; +esac + +case $ac_config_headers in *" +"*) set x $ac_config_headers; shift; ac_config_headers=$*;; +esac + + +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +# Files that config.status was made for. +config_files="$ac_config_files" +config_headers="$ac_config_headers" +config_commands="$ac_config_commands" + +_ACEOF + +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +ac_cs_usage="\ +\`$as_me' instantiates files and other configuration actions +from templates according to the current configuration. Unless the files +and actions are specified as TAGs, all are instantiated by default. + +Usage: $0 [OPTION]... [TAG]... + + -h, --help print this help, then exit + -V, --version print version number and configuration settings, then exit + --config print configuration, then exit + -q, --quiet, --silent + do not print progress messages + -d, --debug don't remove temporary files + --recheck update $as_me by reconfiguring in the same conditions + --file=FILE[:TEMPLATE] + instantiate the configuration file FILE + --header=FILE[:TEMPLATE] + instantiate the configuration header FILE + +Configuration files: +$config_files + +Configuration headers: +$config_headers + +Configuration commands: +$config_commands + +Report bugs to ." + +_ACEOF +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" +ac_cs_version="\\ +polkit config.status 0.105 +configured by $0, generated by GNU Autoconf 2.68, + with options \\"\$ac_cs_config\\" + +Copyright (C) 2010 Free Software Foundation, Inc. +This config.status script is free software; the Free Software Foundation +gives unlimited permission to copy, distribute and modify it." + +ac_pwd='$ac_pwd' +srcdir='$srcdir' +INSTALL='$INSTALL' +MKDIR_P='$MKDIR_P' +AWK='$AWK' +test -n "\$AWK" || AWK=awk +_ACEOF + +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +# The default lists apply if the user does not specify any file. +ac_need_defaults=: +while test $# != 0 +do + case $1 in + --*=?*) + ac_option=`expr "X$1" : 'X\([^=]*\)='` + ac_optarg=`expr "X$1" : 'X[^=]*=\(.*\)'` + ac_shift=: + ;; + --*=) + ac_option=`expr "X$1" : 'X\([^=]*\)='` + ac_optarg= + ac_shift=: + ;; + *) + ac_option=$1 + ac_optarg=$2 + ac_shift=shift + ;; + esac + + case $ac_option in + # Handling of the options. + -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r) + ac_cs_recheck=: ;; + --version | --versio | --versi | --vers | --ver | --ve | --v | -V ) + $as_echo "$ac_cs_version"; exit ;; + --config | --confi | --conf | --con | --co | --c ) + $as_echo "$ac_cs_config"; exit ;; + --debug | --debu | --deb | --de | --d | -d ) + debug=: ;; + --file | --fil | --fi | --f ) + $ac_shift + case $ac_optarg in + *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;; + '') as_fn_error $? "missing file argument" ;; + esac + as_fn_append CONFIG_FILES " '$ac_optarg'" + ac_need_defaults=false;; + --header | --heade | --head | --hea ) + $ac_shift + case $ac_optarg in + *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;; + esac + as_fn_append CONFIG_HEADERS " '$ac_optarg'" + ac_need_defaults=false;; + --he | --h) + # Conflict between --help and --header + as_fn_error $? "ambiguous option: \`$1' +Try \`$0 --help' for more information.";; + --help | --hel | -h ) + $as_echo "$ac_cs_usage"; exit ;; + -q | -quiet | --quiet | --quie | --qui | --qu | --q \ + | -silent | --silent | --silen | --sile | --sil | --si | --s) + ac_cs_silent=: ;; + + # This is an error. + -*) as_fn_error $? "unrecognized option: \`$1' +Try \`$0 --help' for more information." ;; + + *) as_fn_append ac_config_targets " $1" + ac_need_defaults=false ;; + + esac + shift +done + +ac_configure_extra_args= + +if $ac_cs_silent; then + exec 6>/dev/null + ac_configure_extra_args="$ac_configure_extra_args --silent" +fi + +_ACEOF +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +if \$ac_cs_recheck; then + set X '$SHELL' '$0' $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion + shift + \$as_echo "running CONFIG_SHELL=$SHELL \$*" >&6 + CONFIG_SHELL='$SHELL' + export CONFIG_SHELL + exec "\$@" +fi + +_ACEOF +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +exec 5>>config.log +{ + echo + sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX +## Running $as_me. ## +_ASBOX + $as_echo "$ac_log" +} >&5 + +_ACEOF +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +# +# INIT-COMMANDS +# +AMDEP_TRUE="$AMDEP_TRUE" ac_aux_dir="$ac_aux_dir" + + +# The HP-UX ksh and POSIX shell print the target directory to stdout +# if CDPATH is set. +(unset CDPATH) >/dev/null 2>&1 && unset CDPATH + +sed_quote_subst='$sed_quote_subst' +double_quote_subst='$double_quote_subst' +delay_variable_subst='$delay_variable_subst' +macro_version='`$ECHO "$macro_version" | $SED "$delay_single_quote_subst"`' +macro_revision='`$ECHO "$macro_revision" | $SED "$delay_single_quote_subst"`' +enable_shared='`$ECHO "$enable_shared" | $SED "$delay_single_quote_subst"`' +enable_static='`$ECHO "$enable_static" | $SED "$delay_single_quote_subst"`' +pic_mode='`$ECHO "$pic_mode" | $SED "$delay_single_quote_subst"`' +enable_fast_install='`$ECHO "$enable_fast_install" | $SED "$delay_single_quote_subst"`' +SHELL='`$ECHO "$SHELL" | $SED "$delay_single_quote_subst"`' +ECHO='`$ECHO "$ECHO" | $SED "$delay_single_quote_subst"`' +PATH_SEPARATOR='`$ECHO "$PATH_SEPARATOR" | $SED "$delay_single_quote_subst"`' +host_alias='`$ECHO "$host_alias" | $SED "$delay_single_quote_subst"`' +host='`$ECHO "$host" | $SED "$delay_single_quote_subst"`' +host_os='`$ECHO "$host_os" | $SED "$delay_single_quote_subst"`' +build_alias='`$ECHO "$build_alias" | $SED "$delay_single_quote_subst"`' +build='`$ECHO "$build" | $SED "$delay_single_quote_subst"`' +build_os='`$ECHO "$build_os" | $SED "$delay_single_quote_subst"`' +SED='`$ECHO "$SED" | $SED "$delay_single_quote_subst"`' +Xsed='`$ECHO "$Xsed" | $SED "$delay_single_quote_subst"`' +GREP='`$ECHO "$GREP" | $SED "$delay_single_quote_subst"`' +EGREP='`$ECHO "$EGREP" | $SED "$delay_single_quote_subst"`' +FGREP='`$ECHO "$FGREP" | $SED "$delay_single_quote_subst"`' +LD='`$ECHO "$LD" | $SED "$delay_single_quote_subst"`' +NM='`$ECHO "$NM" | $SED "$delay_single_quote_subst"`' +LN_S='`$ECHO "$LN_S" | $SED "$delay_single_quote_subst"`' +max_cmd_len='`$ECHO "$max_cmd_len" | $SED "$delay_single_quote_subst"`' +ac_objext='`$ECHO "$ac_objext" | $SED "$delay_single_quote_subst"`' +exeext='`$ECHO "$exeext" | $SED "$delay_single_quote_subst"`' +lt_unset='`$ECHO "$lt_unset" | $SED "$delay_single_quote_subst"`' +lt_SP2NL='`$ECHO "$lt_SP2NL" | $SED "$delay_single_quote_subst"`' +lt_NL2SP='`$ECHO "$lt_NL2SP" | $SED "$delay_single_quote_subst"`' +lt_cv_to_host_file_cmd='`$ECHO "$lt_cv_to_host_file_cmd" | $SED "$delay_single_quote_subst"`' +lt_cv_to_tool_file_cmd='`$ECHO "$lt_cv_to_tool_file_cmd" | $SED "$delay_single_quote_subst"`' +reload_flag='`$ECHO "$reload_flag" | $SED "$delay_single_quote_subst"`' +reload_cmds='`$ECHO "$reload_cmds" | $SED "$delay_single_quote_subst"`' +OBJDUMP='`$ECHO "$OBJDUMP" | $SED "$delay_single_quote_subst"`' +deplibs_check_method='`$ECHO "$deplibs_check_method" | $SED "$delay_single_quote_subst"`' +file_magic_cmd='`$ECHO "$file_magic_cmd" | $SED "$delay_single_quote_subst"`' +file_magic_glob='`$ECHO "$file_magic_glob" | $SED "$delay_single_quote_subst"`' +want_nocaseglob='`$ECHO "$want_nocaseglob" | $SED "$delay_single_quote_subst"`' +DLLTOOL='`$ECHO "$DLLTOOL" | $SED "$delay_single_quote_subst"`' +sharedlib_from_linklib_cmd='`$ECHO "$sharedlib_from_linklib_cmd" | $SED "$delay_single_quote_subst"`' +AR='`$ECHO "$AR" | $SED "$delay_single_quote_subst"`' +AR_FLAGS='`$ECHO "$AR_FLAGS" | $SED "$delay_single_quote_subst"`' +archiver_list_spec='`$ECHO "$archiver_list_spec" | $SED "$delay_single_quote_subst"`' +STRIP='`$ECHO "$STRIP" | $SED "$delay_single_quote_subst"`' +RANLIB='`$ECHO "$RANLIB" | $SED "$delay_single_quote_subst"`' +old_postinstall_cmds='`$ECHO "$old_postinstall_cmds" | $SED "$delay_single_quote_subst"`' +old_postuninstall_cmds='`$ECHO "$old_postuninstall_cmds" | $SED "$delay_single_quote_subst"`' +old_archive_cmds='`$ECHO "$old_archive_cmds" | $SED "$delay_single_quote_subst"`' +lock_old_archive_extraction='`$ECHO "$lock_old_archive_extraction" | $SED "$delay_single_quote_subst"`' +CC='`$ECHO "$CC" | $SED "$delay_single_quote_subst"`' +CFLAGS='`$ECHO "$CFLAGS" | $SED "$delay_single_quote_subst"`' +compiler='`$ECHO "$compiler" | $SED "$delay_single_quote_subst"`' +GCC='`$ECHO "$GCC" | $SED "$delay_single_quote_subst"`' +lt_cv_sys_global_symbol_pipe='`$ECHO "$lt_cv_sys_global_symbol_pipe" | $SED "$delay_single_quote_subst"`' +lt_cv_sys_global_symbol_to_cdecl='`$ECHO "$lt_cv_sys_global_symbol_to_cdecl" | $SED "$delay_single_quote_subst"`' +lt_cv_sys_global_symbol_to_c_name_address='`$ECHO "$lt_cv_sys_global_symbol_to_c_name_address" | $SED "$delay_single_quote_subst"`' +lt_cv_sys_global_symbol_to_c_name_address_lib_prefix='`$ECHO "$lt_cv_sys_global_symbol_to_c_name_address_lib_prefix" | $SED "$delay_single_quote_subst"`' +nm_file_list_spec='`$ECHO "$nm_file_list_spec" | $SED "$delay_single_quote_subst"`' +lt_sysroot='`$ECHO "$lt_sysroot" | $SED "$delay_single_quote_subst"`' +objdir='`$ECHO "$objdir" | $SED "$delay_single_quote_subst"`' +MAGIC_CMD='`$ECHO "$MAGIC_CMD" | $SED "$delay_single_quote_subst"`' +lt_prog_compiler_no_builtin_flag='`$ECHO "$lt_prog_compiler_no_builtin_flag" | $SED "$delay_single_quote_subst"`' +lt_prog_compiler_pic='`$ECHO "$lt_prog_compiler_pic" | $SED "$delay_single_quote_subst"`' +lt_prog_compiler_wl='`$ECHO "$lt_prog_compiler_wl" | $SED "$delay_single_quote_subst"`' +lt_prog_compiler_static='`$ECHO "$lt_prog_compiler_static" | $SED "$delay_single_quote_subst"`' +lt_cv_prog_compiler_c_o='`$ECHO "$lt_cv_prog_compiler_c_o" | $SED "$delay_single_quote_subst"`' +need_locks='`$ECHO "$need_locks" | $SED "$delay_single_quote_subst"`' +MANIFEST_TOOL='`$ECHO "$MANIFEST_TOOL" | $SED "$delay_single_quote_subst"`' +DSYMUTIL='`$ECHO "$DSYMUTIL" | $SED "$delay_single_quote_subst"`' +NMEDIT='`$ECHO "$NMEDIT" | $SED "$delay_single_quote_subst"`' +LIPO='`$ECHO "$LIPO" | $SED "$delay_single_quote_subst"`' +OTOOL='`$ECHO "$OTOOL" | $SED "$delay_single_quote_subst"`' +OTOOL64='`$ECHO "$OTOOL64" | $SED "$delay_single_quote_subst"`' +libext='`$ECHO "$libext" | $SED "$delay_single_quote_subst"`' +shrext_cmds='`$ECHO "$shrext_cmds" | $SED "$delay_single_quote_subst"`' +extract_expsyms_cmds='`$ECHO "$extract_expsyms_cmds" | $SED "$delay_single_quote_subst"`' +archive_cmds_need_lc='`$ECHO "$archive_cmds_need_lc" | $SED "$delay_single_quote_subst"`' +enable_shared_with_static_runtimes='`$ECHO "$enable_shared_with_static_runtimes" | $SED "$delay_single_quote_subst"`' +export_dynamic_flag_spec='`$ECHO "$export_dynamic_flag_spec" | $SED "$delay_single_quote_subst"`' +whole_archive_flag_spec='`$ECHO "$whole_archive_flag_spec" | $SED "$delay_single_quote_subst"`' +compiler_needs_object='`$ECHO "$compiler_needs_object" | $SED "$delay_single_quote_subst"`' +old_archive_from_new_cmds='`$ECHO "$old_archive_from_new_cmds" | $SED "$delay_single_quote_subst"`' +old_archive_from_expsyms_cmds='`$ECHO "$old_archive_from_expsyms_cmds" | $SED "$delay_single_quote_subst"`' +archive_cmds='`$ECHO "$archive_cmds" | $SED "$delay_single_quote_subst"`' +archive_expsym_cmds='`$ECHO "$archive_expsym_cmds" | $SED "$delay_single_quote_subst"`' +module_cmds='`$ECHO "$module_cmds" | $SED "$delay_single_quote_subst"`' +module_expsym_cmds='`$ECHO "$module_expsym_cmds" | $SED "$delay_single_quote_subst"`' +with_gnu_ld='`$ECHO "$with_gnu_ld" | $SED "$delay_single_quote_subst"`' +allow_undefined_flag='`$ECHO "$allow_undefined_flag" | $SED "$delay_single_quote_subst"`' +no_undefined_flag='`$ECHO "$no_undefined_flag" | $SED "$delay_single_quote_subst"`' +hardcode_libdir_flag_spec='`$ECHO "$hardcode_libdir_flag_spec" | $SED "$delay_single_quote_subst"`' +hardcode_libdir_separator='`$ECHO "$hardcode_libdir_separator" | $SED "$delay_single_quote_subst"`' +hardcode_direct='`$ECHO "$hardcode_direct" | $SED "$delay_single_quote_subst"`' +hardcode_direct_absolute='`$ECHO "$hardcode_direct_absolute" | $SED "$delay_single_quote_subst"`' +hardcode_minus_L='`$ECHO "$hardcode_minus_L" | $SED "$delay_single_quote_subst"`' +hardcode_shlibpath_var='`$ECHO "$hardcode_shlibpath_var" | $SED "$delay_single_quote_subst"`' +hardcode_automatic='`$ECHO "$hardcode_automatic" | $SED "$delay_single_quote_subst"`' +inherit_rpath='`$ECHO "$inherit_rpath" | $SED "$delay_single_quote_subst"`' +link_all_deplibs='`$ECHO "$link_all_deplibs" | $SED "$delay_single_quote_subst"`' +always_export_symbols='`$ECHO "$always_export_symbols" | $SED "$delay_single_quote_subst"`' +export_symbols_cmds='`$ECHO "$export_symbols_cmds" | $SED "$delay_single_quote_subst"`' +exclude_expsyms='`$ECHO "$exclude_expsyms" | $SED "$delay_single_quote_subst"`' +include_expsyms='`$ECHO "$include_expsyms" | $SED "$delay_single_quote_subst"`' +prelink_cmds='`$ECHO "$prelink_cmds" | $SED "$delay_single_quote_subst"`' +postlink_cmds='`$ECHO "$postlink_cmds" | $SED "$delay_single_quote_subst"`' +file_list_spec='`$ECHO "$file_list_spec" | $SED "$delay_single_quote_subst"`' +variables_saved_for_relink='`$ECHO "$variables_saved_for_relink" | $SED "$delay_single_quote_subst"`' +need_lib_prefix='`$ECHO "$need_lib_prefix" | $SED "$delay_single_quote_subst"`' +need_version='`$ECHO "$need_version" | $SED "$delay_single_quote_subst"`' +version_type='`$ECHO "$version_type" | $SED "$delay_single_quote_subst"`' +runpath_var='`$ECHO "$runpath_var" | $SED "$delay_single_quote_subst"`' +shlibpath_var='`$ECHO "$shlibpath_var" | $SED "$delay_single_quote_subst"`' +shlibpath_overrides_runpath='`$ECHO "$shlibpath_overrides_runpath" | $SED "$delay_single_quote_subst"`' +libname_spec='`$ECHO "$libname_spec" | $SED "$delay_single_quote_subst"`' +library_names_spec='`$ECHO "$library_names_spec" | $SED "$delay_single_quote_subst"`' +soname_spec='`$ECHO "$soname_spec" | $SED "$delay_single_quote_subst"`' +install_override_mode='`$ECHO "$install_override_mode" | $SED "$delay_single_quote_subst"`' +postinstall_cmds='`$ECHO "$postinstall_cmds" | $SED "$delay_single_quote_subst"`' +postuninstall_cmds='`$ECHO "$postuninstall_cmds" | $SED "$delay_single_quote_subst"`' +finish_cmds='`$ECHO "$finish_cmds" | $SED "$delay_single_quote_subst"`' +finish_eval='`$ECHO "$finish_eval" | $SED "$delay_single_quote_subst"`' +hardcode_into_libs='`$ECHO "$hardcode_into_libs" | $SED "$delay_single_quote_subst"`' +sys_lib_search_path_spec='`$ECHO "$sys_lib_search_path_spec" | $SED "$delay_single_quote_subst"`' +sys_lib_dlsearch_path_spec='`$ECHO "$sys_lib_dlsearch_path_spec" | $SED "$delay_single_quote_subst"`' +hardcode_action='`$ECHO "$hardcode_action" | $SED "$delay_single_quote_subst"`' +enable_dlopen='`$ECHO "$enable_dlopen" | $SED "$delay_single_quote_subst"`' +enable_dlopen_self='`$ECHO "$enable_dlopen_self" | $SED "$delay_single_quote_subst"`' +enable_dlopen_self_static='`$ECHO "$enable_dlopen_self_static" | $SED "$delay_single_quote_subst"`' +old_striplib='`$ECHO "$old_striplib" | $SED "$delay_single_quote_subst"`' +striplib='`$ECHO "$striplib" | $SED "$delay_single_quote_subst"`' + +LTCC='$LTCC' +LTCFLAGS='$LTCFLAGS' +compiler='$compiler_DEFAULT' + +# A function that is used when there is no print builtin or printf. +func_fallback_echo () +{ + eval 'cat <<_LTECHO_EOF +\$1 +_LTECHO_EOF' +} + +# Quote evaled strings. +for var in SHELL \ +ECHO \ +PATH_SEPARATOR \ +SED \ +GREP \ +EGREP \ +FGREP \ +LD \ +NM \ +LN_S \ +lt_SP2NL \ +lt_NL2SP \ +reload_flag \ +OBJDUMP \ +deplibs_check_method \ +file_magic_cmd \ +file_magic_glob \ +want_nocaseglob \ +DLLTOOL \ +sharedlib_from_linklib_cmd \ +AR \ +AR_FLAGS \ +archiver_list_spec \ +STRIP \ +RANLIB \ +CC \ +CFLAGS \ +compiler \ +lt_cv_sys_global_symbol_pipe \ +lt_cv_sys_global_symbol_to_cdecl \ +lt_cv_sys_global_symbol_to_c_name_address \ +lt_cv_sys_global_symbol_to_c_name_address_lib_prefix \ +nm_file_list_spec \ +lt_prog_compiler_no_builtin_flag \ +lt_prog_compiler_pic \ +lt_prog_compiler_wl \ +lt_prog_compiler_static \ +lt_cv_prog_compiler_c_o \ +need_locks \ +MANIFEST_TOOL \ +DSYMUTIL \ +NMEDIT \ +LIPO \ +OTOOL \ +OTOOL64 \ +shrext_cmds \ +export_dynamic_flag_spec \ +whole_archive_flag_spec \ +compiler_needs_object \ +with_gnu_ld \ +allow_undefined_flag \ +no_undefined_flag \ +hardcode_libdir_flag_spec \ +hardcode_libdir_separator \ +exclude_expsyms \ +include_expsyms \ +file_list_spec \ +variables_saved_for_relink \ +libname_spec \ +library_names_spec \ +soname_spec \ +install_override_mode \ +finish_eval \ +old_striplib \ +striplib; do + case \`eval \\\\\$ECHO \\\\""\\\\\$\$var"\\\\"\` in + *[\\\\\\\`\\"\\\$]*) + eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"\\\$\$var\\" | \\\$SED \\"\\\$sed_quote_subst\\"\\\`\\\\\\"" + ;; + *) + eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\"" + ;; + esac +done + +# Double-quote double-evaled strings. +for var in reload_cmds \ +old_postinstall_cmds \ +old_postuninstall_cmds \ +old_archive_cmds \ +extract_expsyms_cmds \ +old_archive_from_new_cmds \ +old_archive_from_expsyms_cmds \ +archive_cmds \ +archive_expsym_cmds \ +module_cmds \ +module_expsym_cmds \ +export_symbols_cmds \ +prelink_cmds \ +postlink_cmds \ +postinstall_cmds \ +postuninstall_cmds \ +finish_cmds \ +sys_lib_search_path_spec \ +sys_lib_dlsearch_path_spec; do + case \`eval \\\\\$ECHO \\\\""\\\\\$\$var"\\\\"\` in + *[\\\\\\\`\\"\\\$]*) + eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"\\\$\$var\\" | \\\$SED -e \\"\\\$double_quote_subst\\" -e \\"\\\$sed_quote_subst\\" -e \\"\\\$delay_variable_subst\\"\\\`\\\\\\"" + ;; + *) + eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\"" + ;; + esac +done + +ac_aux_dir='$ac_aux_dir' +xsi_shell='$xsi_shell' +lt_shell_append='$lt_shell_append' + +# See if we are running on zsh, and set the options which allow our +# commands through without removal of \ escapes INIT. +if test -n "\${ZSH_VERSION+set}" ; then + setopt NO_GLOB_SUBST +fi + + + PACKAGE='$PACKAGE' + VERSION='$VERSION' + TIMESTAMP='$TIMESTAMP' + RM='$RM' + ofile='$ofile' + + + + + +_ACEOF + +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 + +# Handling of arguments. +for ac_config_target in $ac_config_targets +do + case $ac_config_target in + "config.h") CONFIG_HEADERS="$CONFIG_HEADERS config.h" ;; + "depfiles") CONFIG_COMMANDS="$CONFIG_COMMANDS depfiles" ;; + "libtool") CONFIG_COMMANDS="$CONFIG_COMMANDS libtool" ;; + "default-1") CONFIG_COMMANDS="$CONFIG_COMMANDS default-1" ;; + "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;; + "actions/Makefile") CONFIG_FILES="$CONFIG_FILES actions/Makefile" ;; + "data/Makefile") CONFIG_FILES="$CONFIG_FILES data/Makefile" ;; + "data/polkit-1") CONFIG_FILES="$CONFIG_FILES data/polkit-1" ;; + "data/polkit-gobject-1.pc") CONFIG_FILES="$CONFIG_FILES data/polkit-gobject-1.pc" ;; + "data/polkit-backend-1.pc") CONFIG_FILES="$CONFIG_FILES data/polkit-backend-1.pc" ;; + "data/polkit-agent-1.pc") CONFIG_FILES="$CONFIG_FILES data/polkit-agent-1.pc" ;; + "src/Makefile") CONFIG_FILES="$CONFIG_FILES src/Makefile" ;; + "src/polkit/Makefile") CONFIG_FILES="$CONFIG_FILES src/polkit/Makefile" ;; + "src/polkitbackend/Makefile") CONFIG_FILES="$CONFIG_FILES src/polkitbackend/Makefile" ;; + "src/polkitagent/Makefile") CONFIG_FILES="$CONFIG_FILES src/polkitagent/Makefile" ;; + "src/polkitd/Makefile") CONFIG_FILES="$CONFIG_FILES src/polkitd/Makefile" ;; + "src/programs/Makefile") CONFIG_FILES="$CONFIG_FILES src/programs/Makefile" ;; + "src/examples/Makefile") CONFIG_FILES="$CONFIG_FILES src/examples/Makefile" ;; + "src/nullbackend/Makefile") CONFIG_FILES="$CONFIG_FILES src/nullbackend/Makefile" ;; + "docs/version.xml") CONFIG_FILES="$CONFIG_FILES docs/version.xml" ;; + "docs/extensiondir.xml") CONFIG_FILES="$CONFIG_FILES docs/extensiondir.xml" ;; + "docs/Makefile") CONFIG_FILES="$CONFIG_FILES docs/Makefile" ;; + "docs/polkit/Makefile") CONFIG_FILES="$CONFIG_FILES docs/polkit/Makefile" ;; + "docs/man/Makefile") CONFIG_FILES="$CONFIG_FILES docs/man/Makefile" ;; + "po/Makefile.in") CONFIG_FILES="$CONFIG_FILES po/Makefile.in" ;; + "test/Makefile") CONFIG_FILES="$CONFIG_FILES test/Makefile" ;; + "test/polkit/Makefile") CONFIG_FILES="$CONFIG_FILES test/polkit/Makefile" ;; + "test/polkitbackend/Makefile") CONFIG_FILES="$CONFIG_FILES test/polkitbackend/Makefile" ;; + "po/stamp-it") CONFIG_COMMANDS="$CONFIG_COMMANDS po/stamp-it" ;; + + *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;; + esac +done + + +# If the user did not use the arguments to specify the items to instantiate, +# then the envvar interface is used. Set only those that are not. +# We use the long form for the default assignment because of an extremely +# bizarre bug on SunOS 4.1.3. +if $ac_need_defaults; then + test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files + test "${CONFIG_HEADERS+set}" = set || CONFIG_HEADERS=$config_headers + test "${CONFIG_COMMANDS+set}" = set || CONFIG_COMMANDS=$config_commands +fi + +# Have a temporary directory for convenience. Make it in the build tree +# simply because there is no reason against having it here, and in addition, +# creating and moving files from /tmp can sometimes cause problems. +# Hook for its removal unless debugging. +# Note that there is a small window in which the directory will not be cleaned: +# after its creation but before its name has been assigned to `$tmp'. +$debug || +{ + tmp= ac_tmp= + trap 'exit_status=$? + : "${ac_tmp:=$tmp}" + { test ! -d "$ac_tmp" || rm -fr "$ac_tmp"; } && exit $exit_status +' 0 + trap 'as_fn_exit 1' 1 2 13 15 +} +# Create a (secure) tmp directory for tmp files. + +{ + tmp=`(umask 077 && mktemp -d "./confXXXXXX") 2>/dev/null` && + test -d "$tmp" +} || +{ + tmp=./conf$$-$RANDOM + (umask 077 && mkdir "$tmp") +} || as_fn_error $? "cannot create a temporary directory in ." "$LINENO" 5 +ac_tmp=$tmp + +# Set up the scripts for CONFIG_FILES section. +# No need to generate them if there are no CONFIG_FILES. +# This happens for instance with `./config.status config.h'. +if test -n "$CONFIG_FILES"; then + + +ac_cr=`echo X | tr X '\015'` +# On cygwin, bash can eat \r inside `` if the user requested igncr. +# But we know of no other shell where ac_cr would be empty at this +# point, so we can use a bashism as a fallback. +if test "x$ac_cr" = x; then + eval ac_cr=\$\'\\r\' +fi +ac_cs_awk_cr=`$AWK 'BEGIN { print "a\rb" }' /dev/null` +if test "$ac_cs_awk_cr" = "a${ac_cr}b"; then + ac_cs_awk_cr='\\r' +else + ac_cs_awk_cr=$ac_cr +fi + +echo 'BEGIN {' >"$ac_tmp/subs1.awk" && +_ACEOF + + +{ + echo "cat >conf$$subs.awk <<_ACEOF" && + echo "$ac_subst_vars" | sed 's/.*/&!$&$ac_delim/' && + echo "_ACEOF" +} >conf$$subs.sh || + as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 +ac_delim_num=`echo "$ac_subst_vars" | grep -c '^'` +ac_delim='%!_!# ' +for ac_last_try in false false false false false :; do + . ./conf$$subs.sh || + as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 + + ac_delim_n=`sed -n "s/.*$ac_delim\$/X/p" conf$$subs.awk | grep -c X` + if test $ac_delim_n = $ac_delim_num; then + break + elif $ac_last_try; then + as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 + else + ac_delim="$ac_delim!$ac_delim _$ac_delim!! " + fi +done +rm -f conf$$subs.sh + +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +cat >>"\$ac_tmp/subs1.awk" <<\\_ACAWK && +_ACEOF +sed -n ' +h +s/^/S["/; s/!.*/"]=/ +p +g +s/^[^!]*!// +:repl +t repl +s/'"$ac_delim"'$// +t delim +:nl +h +s/\(.\{148\}\)..*/\1/ +t more1 +s/["\\]/\\&/g; s/^/"/; s/$/\\n"\\/ +p +n +b repl +:more1 +s/["\\]/\\&/g; s/^/"/; s/$/"\\/ +p +g +s/.\{148\}// +t nl +:delim +h +s/\(.\{148\}\)..*/\1/ +t more2 +s/["\\]/\\&/g; s/^/"/; s/$/"/ +p +b +:more2 +s/["\\]/\\&/g; s/^/"/; s/$/"\\/ +p +g +s/.\{148\}// +t delim +' >$CONFIG_STATUS || ac_write_fail=1 +rm -f conf$$subs.awk +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +_ACAWK +cat >>"\$ac_tmp/subs1.awk" <<_ACAWK && + for (key in S) S_is_set[key] = 1 + FS = "" + +} +{ + line = $ 0 + nfields = split(line, field, "@") + substed = 0 + len = length(field[1]) + for (i = 2; i < nfields; i++) { + key = field[i] + keylen = length(key) + if (S_is_set[key]) { + value = S[key] + line = substr(line, 1, len) "" value "" substr(line, len + keylen + 3) + len += length(value) + length(field[++i]) + substed = 1 + } else + len += 1 + keylen + } + + print line +} + +_ACAWK +_ACEOF +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +if sed "s/$ac_cr//" < /dev/null > /dev/null 2>&1; then + sed "s/$ac_cr\$//; s/$ac_cr/$ac_cs_awk_cr/g" +else + cat +fi < "$ac_tmp/subs1.awk" > "$ac_tmp/subs.awk" \ + || as_fn_error $? "could not setup config files machinery" "$LINENO" 5 +_ACEOF + +# VPATH may cause trouble with some makes, so we remove sole $(srcdir), +# ${srcdir} and @srcdir@ entries from VPATH if srcdir is ".", strip leading and +# trailing colons and then remove the whole line if VPATH becomes empty +# (actually we leave an empty line to preserve line numbers). +if test "x$srcdir" = x.; then + ac_vpsub='/^[ ]*VPATH[ ]*=[ ]*/{ +h +s/// +s/^/:/ +s/[ ]*$/:/ +s/:\$(srcdir):/:/g +s/:\${srcdir}:/:/g +s/:@srcdir@:/:/g +s/^:*// +s/:*$// +x +s/\(=[ ]*\).*/\1/ +G +s/\n// +s/^[^=]*=[ ]*$// +}' +fi + +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +fi # test -n "$CONFIG_FILES" + +# Set up the scripts for CONFIG_HEADERS section. +# No need to generate them if there are no CONFIG_HEADERS. +# This happens for instance with `./config.status Makefile'. +if test -n "$CONFIG_HEADERS"; then +cat >"$ac_tmp/defines.awk" <<\_ACAWK || +BEGIN { +_ACEOF + +# Transform confdefs.h into an awk script `defines.awk', embedded as +# here-document in config.status, that substitutes the proper values into +# config.h.in to produce config.h. + +# Create a delimiter string that does not exist in confdefs.h, to ease +# handling of long lines. +ac_delim='%!_!# ' +for ac_last_try in false false :; do + ac_tt=`sed -n "/$ac_delim/p" confdefs.h` + if test -z "$ac_tt"; then + break + elif $ac_last_try; then + as_fn_error $? "could not make $CONFIG_HEADERS" "$LINENO" 5 + else + ac_delim="$ac_delim!$ac_delim _$ac_delim!! " + fi +done + +# For the awk script, D is an array of macro values keyed by name, +# likewise P contains macro parameters if any. Preserve backslash +# newline sequences. + +ac_word_re=[_$as_cr_Letters][_$as_cr_alnum]* +sed -n ' +s/.\{148\}/&'"$ac_delim"'/g +t rset +:rset +s/^[ ]*#[ ]*define[ ][ ]*/ / +t def +d +:def +s/\\$// +t bsnl +s/["\\]/\\&/g +s/^ \('"$ac_word_re"'\)\(([^()]*)\)[ ]*\(.*\)/P["\1"]="\2"\ +D["\1"]=" \3"/p +s/^ \('"$ac_word_re"'\)[ ]*\(.*\)/D["\1"]=" \2"/p +d +:bsnl +s/["\\]/\\&/g +s/^ \('"$ac_word_re"'\)\(([^()]*)\)[ ]*\(.*\)/P["\1"]="\2"\ +D["\1"]=" \3\\\\\\n"\\/p +t cont +s/^ \('"$ac_word_re"'\)[ ]*\(.*\)/D["\1"]=" \2\\\\\\n"\\/p +t cont +d +:cont +n +s/.\{148\}/&'"$ac_delim"'/g +t clear +:clear +s/\\$// +t bsnlc +s/["\\]/\\&/g; s/^/"/; s/$/"/p +d +:bsnlc +s/["\\]/\\&/g; s/^/"/; s/$/\\\\\\n"\\/p +b cont +' >$CONFIG_STATUS || ac_write_fail=1 + +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 + for (key in D) D_is_set[key] = 1 + FS = "" +} +/^[\t ]*#[\t ]*(define|undef)[\t ]+$ac_word_re([\t (]|\$)/ { + line = \$ 0 + split(line, arg, " ") + if (arg[1] == "#") { + defundef = arg[2] + mac1 = arg[3] + } else { + defundef = substr(arg[1], 2) + mac1 = arg[2] + } + split(mac1, mac2, "(") #) + macro = mac2[1] + prefix = substr(line, 1, index(line, defundef) - 1) + if (D_is_set[macro]) { + # Preserve the white space surrounding the "#". + print prefix "define", macro P[macro] D[macro] + next + } else { + # Replace #undef with comments. This is necessary, for example, + # in the case of _POSIX_SOURCE, which is predefined and required + # on some systems where configure will not decide to define it. + if (defundef == "undef") { + print "/*", prefix defundef, macro, "*/" + next + } + } +} +{ print } +_ACAWK +_ACEOF +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 + as_fn_error $? "could not setup config headers machinery" "$LINENO" 5 +fi # test -n "$CONFIG_HEADERS" + + +eval set X " :F $CONFIG_FILES :H $CONFIG_HEADERS :C $CONFIG_COMMANDS" +shift +for ac_tag +do + case $ac_tag in + :[FHLC]) ac_mode=$ac_tag; continue;; + esac + case $ac_mode$ac_tag in + :[FHL]*:*);; + :L* | :C*:*) as_fn_error $? "invalid tag \`$ac_tag'" "$LINENO" 5;; + :[FH]-) ac_tag=-:-;; + :[FH]*) ac_tag=$ac_tag:$ac_tag.in;; + esac + ac_save_IFS=$IFS + IFS=: + set x $ac_tag + IFS=$ac_save_IFS + shift + ac_file=$1 + shift + + case $ac_mode in + :L) ac_source=$1;; + :[FH]) + ac_file_inputs= + for ac_f + do + case $ac_f in + -) ac_f="$ac_tmp/stdin";; + *) # Look for the file first in the build tree, then in the source tree + # (if the path is not absolute). The absolute path cannot be DOS-style, + # because $ac_f cannot contain `:'. + test -f "$ac_f" || + case $ac_f in + [\\/$]*) false;; + *) test -f "$srcdir/$ac_f" && ac_f="$srcdir/$ac_f";; + esac || + as_fn_error 1 "cannot find input file: \`$ac_f'" "$LINENO" 5;; + esac + case $ac_f in *\'*) ac_f=`$as_echo "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac + as_fn_append ac_file_inputs " '$ac_f'" + done + + # Let's still pretend it is `configure' which instantiates (i.e., don't + # use $as_me), people would be surprised to read: + # /* config.h. Generated by config.status. */ + configure_input='Generated from '` + $as_echo "$*" | sed 's|^[^:]*/||;s|:[^:]*/|, |g' + `' by configure.' + if test x"$ac_file" != x-; then + configure_input="$ac_file. $configure_input" + { $as_echo "$as_me:${as_lineno-$LINENO}: creating $ac_file" >&5 +$as_echo "$as_me: creating $ac_file" >&6;} + fi + # Neutralize special characters interpreted by sed in replacement strings. + case $configure_input in #( + *\&* | *\|* | *\\* ) + ac_sed_conf_input=`$as_echo "$configure_input" | + sed 's/[\\\\&|]/\\\\&/g'`;; #( + *) ac_sed_conf_input=$configure_input;; + esac + + case $ac_tag in + *:-:* | *:-) cat >"$ac_tmp/stdin" \ + || as_fn_error $? "could not create $ac_file" "$LINENO" 5 ;; + esac + ;; + esac + + ac_dir=`$as_dirname -- "$ac_file" || +$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$ac_file" : 'X\(//\)[^/]' \| \ + X"$ac_file" : 'X\(//\)$' \| \ + X"$ac_file" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X"$ac_file" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + as_dir="$ac_dir"; as_fn_mkdir_p + ac_builddir=. + +case "$ac_dir" in +.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;; +*) + ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'` + # A ".." for each directory in $ac_dir_suffix. + ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'` + case $ac_top_builddir_sub in + "") ac_top_builddir_sub=. ac_top_build_prefix= ;; + *) ac_top_build_prefix=$ac_top_builddir_sub/ ;; + esac ;; +esac +ac_abs_top_builddir=$ac_pwd +ac_abs_builddir=$ac_pwd$ac_dir_suffix +# for backward compatibility: +ac_top_builddir=$ac_top_build_prefix + +case $srcdir in + .) # We are building in place. + ac_srcdir=. + ac_top_srcdir=$ac_top_builddir_sub + ac_abs_top_srcdir=$ac_pwd ;; + [\\/]* | ?:[\\/]* ) # Absolute name. + ac_srcdir=$srcdir$ac_dir_suffix; + ac_top_srcdir=$srcdir + ac_abs_top_srcdir=$srcdir ;; + *) # Relative name. + ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix + ac_top_srcdir=$ac_top_build_prefix$srcdir + ac_abs_top_srcdir=$ac_pwd/$srcdir ;; +esac +ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix + + + case $ac_mode in + :F) + # + # CONFIG_FILE + # + + case $INSTALL in + [\\/$]* | ?:[\\/]* ) ac_INSTALL=$INSTALL ;; + *) ac_INSTALL=$ac_top_build_prefix$INSTALL ;; + esac + ac_MKDIR_P=$MKDIR_P + case $MKDIR_P in + [\\/$]* | ?:[\\/]* ) ;; + */*) ac_MKDIR_P=$ac_top_build_prefix$MKDIR_P ;; + esac +_ACEOF + +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +# If the template does not know about datarootdir, expand it. +# FIXME: This hack should be removed a few years after 2.60. +ac_datarootdir_hack=; ac_datarootdir_seen= +ac_sed_dataroot=' +/datarootdir/ { + p + q +} +/@datadir@/p +/@docdir@/p +/@infodir@/p +/@localedir@/p +/@mandir@/p' +case `eval "sed -n \"\$ac_sed_dataroot\" $ac_file_inputs"` in +*datarootdir*) ac_datarootdir_seen=yes;; +*@datadir@*|*@docdir@*|*@infodir@*|*@localedir@*|*@mandir@*) + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5 +$as_echo "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;} +_ACEOF +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 + ac_datarootdir_hack=' + s&@datadir@&$datadir&g + s&@docdir@&$docdir&g + s&@infodir@&$infodir&g + s&@localedir@&$localedir&g + s&@mandir@&$mandir&g + s&\\\${datarootdir}&$datarootdir&g' ;; +esac +_ACEOF + +# Neutralize VPATH when `$srcdir' = `.'. +# Shell code in configure.ac might set extrasub. +# FIXME: do we really want to maintain this feature? +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +ac_sed_extra="$ac_vpsub +$extrasub +_ACEOF +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +:t +/@[a-zA-Z_][a-zA-Z_0-9]*@/!b +s|@configure_input@|$ac_sed_conf_input|;t t +s&@top_builddir@&$ac_top_builddir_sub&;t t +s&@top_build_prefix@&$ac_top_build_prefix&;t t +s&@srcdir@&$ac_srcdir&;t t +s&@abs_srcdir@&$ac_abs_srcdir&;t t +s&@top_srcdir@&$ac_top_srcdir&;t t +s&@abs_top_srcdir@&$ac_abs_top_srcdir&;t t +s&@builddir@&$ac_builddir&;t t +s&@abs_builddir@&$ac_abs_builddir&;t t +s&@abs_top_builddir@&$ac_abs_top_builddir&;t t +s&@INSTALL@&$ac_INSTALL&;t t +s&@MKDIR_P@&$ac_MKDIR_P&;t t +$ac_datarootdir_hack +" +eval sed \"\$ac_sed_extra\" "$ac_file_inputs" | $AWK -f "$ac_tmp/subs.awk" \ + >$ac_tmp/out || as_fn_error $? "could not create $ac_file" "$LINENO" 5 + +test -z "$ac_datarootdir_hack$ac_datarootdir_seen" && + { ac_out=`sed -n '/\${datarootdir}/p' "$ac_tmp/out"`; test -n "$ac_out"; } && + { ac_out=`sed -n '/^[ ]*datarootdir[ ]*:*=/p' \ + "$ac_tmp/out"`; test -z "$ac_out"; } && + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file contains a reference to the variable \`datarootdir' +which seems to be undefined. Please make sure it is defined" >&5 +$as_echo "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir' +which seems to be undefined. Please make sure it is defined" >&2;} + + rm -f "$ac_tmp/stdin" + case $ac_file in + -) cat "$ac_tmp/out" && rm -f "$ac_tmp/out";; + *) rm -f "$ac_file" && mv "$ac_tmp/out" "$ac_file";; + esac \ + || as_fn_error $? "could not create $ac_file" "$LINENO" 5 + ;; + :H) + # + # CONFIG_HEADER + # + if test x"$ac_file" != x-; then + { + $as_echo "/* $configure_input */" \ + && eval '$AWK -f "$ac_tmp/defines.awk"' "$ac_file_inputs" + } >"$ac_tmp/config.h" \ + || as_fn_error $? "could not create $ac_file" "$LINENO" 5 + if diff "$ac_file" "$ac_tmp/config.h" >/dev/null 2>&1; then + { $as_echo "$as_me:${as_lineno-$LINENO}: $ac_file is unchanged" >&5 +$as_echo "$as_me: $ac_file is unchanged" >&6;} + else + rm -f "$ac_file" + mv "$ac_tmp/config.h" "$ac_file" \ + || as_fn_error $? "could not create $ac_file" "$LINENO" 5 + fi + else + $as_echo "/* $configure_input */" \ + && eval '$AWK -f "$ac_tmp/defines.awk"' "$ac_file_inputs" \ + || as_fn_error $? "could not create -" "$LINENO" 5 + fi +# Compute "$ac_file"'s index in $config_headers. +_am_arg="$ac_file" +_am_stamp_count=1 +for _am_header in $config_headers :; do + case $_am_header in + $_am_arg | $_am_arg:* ) + break ;; + * ) + _am_stamp_count=`expr $_am_stamp_count + 1` ;; + esac +done +echo "timestamp for $_am_arg" >`$as_dirname -- "$_am_arg" || +$as_expr X"$_am_arg" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$_am_arg" : 'X\(//\)[^/]' \| \ + X"$_am_arg" : 'X\(//\)$' \| \ + X"$_am_arg" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X"$_am_arg" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'`/stamp-h$_am_stamp_count + ;; + + :C) { $as_echo "$as_me:${as_lineno-$LINENO}: executing $ac_file commands" >&5 +$as_echo "$as_me: executing $ac_file commands" >&6;} + ;; + esac + + + case $ac_file$ac_mode in + "depfiles":C) test x"$AMDEP_TRUE" != x"" || { + # Autoconf 2.62 quotes --file arguments for eval, but not when files + # are listed without --file. Let's play safe and only enable the eval + # if we detect the quoting. + case $CONFIG_FILES in + *\'*) eval set x "$CONFIG_FILES" ;; + *) set x $CONFIG_FILES ;; + esac + shift + for mf + do + # Strip MF so we end up with the name of the file. + mf=`echo "$mf" | sed -e 's/:.*$//'` + # Check whether this is an Automake generated Makefile or not. + # We used to match only the files named `Makefile.in', but + # some people rename them; so instead we look at the file content. + # Grep'ing the first line is not enough: some people post-process + # each Makefile.in and add a new line on top of each file to say so. + # Grep'ing the whole file is not good either: AIX grep has a line + # limit of 2048, but all sed's we know have understand at least 4000. + if sed -n 's,^#.*generated by automake.*,X,p' "$mf" | grep X >/dev/null 2>&1; then + dirpart=`$as_dirname -- "$mf" || +$as_expr X"$mf" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$mf" : 'X\(//\)[^/]' \| \ + X"$mf" : 'X\(//\)$' \| \ + X"$mf" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X"$mf" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + else + continue + fi + # Extract the definition of DEPDIR, am__include, and am__quote + # from the Makefile without running `make'. + DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"` + test -z "$DEPDIR" && continue + am__include=`sed -n 's/^am__include = //p' < "$mf"` + test -z "am__include" && continue + am__quote=`sed -n 's/^am__quote = //p' < "$mf"` + # When using ansi2knr, U may be empty or an underscore; expand it + U=`sed -n 's/^U = //p' < "$mf"` + # Find all dependency output files, they are included files with + # $(DEPDIR) in their names. We invoke sed twice because it is the + # simplest approach to changing $(DEPDIR) to its actual value in the + # expansion. + for file in `sed -n " + s/^$am__include $am__quote\(.*(DEPDIR).*\)$am__quote"'$/\1/p' <"$mf" | \ + sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g' -e 's/\$U/'"$U"'/g'`; do + # Make sure the directory exists. + test -f "$dirpart/$file" && continue + fdir=`$as_dirname -- "$file" || +$as_expr X"$file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$file" : 'X\(//\)[^/]' \| \ + X"$file" : 'X\(//\)$' \| \ + X"$file" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X"$file" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + as_dir=$dirpart/$fdir; as_fn_mkdir_p + # echo "creating $dirpart/$file" + echo '# dummy' > "$dirpart/$file" + done + done +} + ;; + "libtool":C) + + # See if we are running on zsh, and set the options which allow our + # commands through without removal of \ escapes. + if test -n "${ZSH_VERSION+set}" ; then + setopt NO_GLOB_SUBST + fi + + cfgfile="${ofile}T" + trap "$RM \"$cfgfile\"; exit 1" 1 2 15 + $RM "$cfgfile" + + cat <<_LT_EOF >> "$cfgfile" +#! $SHELL + +# `$ECHO "$ofile" | sed 's%^.*/%%'` - Provide generalized library-building support services. +# Generated automatically by $as_me ($PACKAGE$TIMESTAMP) $VERSION +# Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`: +# NOTE: Changes made to this file will be lost: look at ltmain.sh. +# +# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005, +# 2006, 2007, 2008, 2009, 2010, 2011 Free Software +# Foundation, Inc. +# Written by Gordon Matzigkeit, 1996 +# +# This file is part of GNU Libtool. +# +# GNU Libtool is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License as +# published by the Free Software Foundation; either version 2 of +# the License, or (at your option) any later version. +# +# As a special exception to the GNU General Public License, +# if you distribute this file as part of a program or library that +# is built using GNU Libtool, you may include this file under the +# same distribution terms that you use for the rest of that program. +# +# GNU Libtool is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GNU Libtool; see the file COPYING. If not, a copy +# can be downloaded from http://www.gnu.org/licenses/gpl.html, or +# obtained by writing to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + + +# The names of the tagged configurations supported by this script. +available_tags="" + +# ### BEGIN LIBTOOL CONFIG + +# Which release of libtool.m4 was used? +macro_version=$macro_version +macro_revision=$macro_revision + +# Whether or not to build shared libraries. +build_libtool_libs=$enable_shared + +# Whether or not to build static libraries. +build_old_libs=$enable_static + +# What type of objects to build. +pic_mode=$pic_mode + +# Whether or not to optimize for fast installation. +fast_install=$enable_fast_install + +# Shell to use when invoking shell scripts. +SHELL=$lt_SHELL + +# An echo program that protects backslashes. +ECHO=$lt_ECHO + +# The PATH separator for the build system. +PATH_SEPARATOR=$lt_PATH_SEPARATOR + +# The host system. +host_alias=$host_alias +host=$host +host_os=$host_os + +# The build system. +build_alias=$build_alias +build=$build +build_os=$build_os + +# A sed program that does not truncate output. +SED=$lt_SED + +# Sed that helps us avoid accidentally triggering echo(1) options like -n. +Xsed="\$SED -e 1s/^X//" + +# A grep program that handles long lines. +GREP=$lt_GREP + +# An ERE matcher. +EGREP=$lt_EGREP + +# A literal string matcher. +FGREP=$lt_FGREP + +# A BSD- or MS-compatible name lister. +NM=$lt_NM + +# Whether we need soft or hard links. +LN_S=$lt_LN_S + +# What is the maximum length of a command? +max_cmd_len=$max_cmd_len + +# Object file suffix (normally "o"). +objext=$ac_objext + +# Executable file suffix (normally ""). +exeext=$exeext + +# whether the shell understands "unset". +lt_unset=$lt_unset + +# turn spaces into newlines. +SP2NL=$lt_lt_SP2NL + +# turn newlines into spaces. +NL2SP=$lt_lt_NL2SP + +# convert \$build file names to \$host format. +to_host_file_cmd=$lt_cv_to_host_file_cmd + +# convert \$build files to toolchain format. +to_tool_file_cmd=$lt_cv_to_tool_file_cmd + +# An object symbol dumper. +OBJDUMP=$lt_OBJDUMP + +# Method to check whether dependent libraries are shared objects. +deplibs_check_method=$lt_deplibs_check_method + +# Command to use when deplibs_check_method = "file_magic". +file_magic_cmd=$lt_file_magic_cmd + +# How to find potential files when deplibs_check_method = "file_magic". +file_magic_glob=$lt_file_magic_glob + +# Find potential files using nocaseglob when deplibs_check_method = "file_magic". +want_nocaseglob=$lt_want_nocaseglob + +# DLL creation program. +DLLTOOL=$lt_DLLTOOL + +# Command to associate shared and link libraries. +sharedlib_from_linklib_cmd=$lt_sharedlib_from_linklib_cmd + +# The archiver. +AR=$lt_AR + +# Flags to create an archive. +AR_FLAGS=$lt_AR_FLAGS + +# How to feed a file listing to the archiver. +archiver_list_spec=$lt_archiver_list_spec + +# A symbol stripping program. +STRIP=$lt_STRIP + +# Commands used to install an old-style archive. +RANLIB=$lt_RANLIB +old_postinstall_cmds=$lt_old_postinstall_cmds +old_postuninstall_cmds=$lt_old_postuninstall_cmds + +# Whether to use a lock for old archive extraction. +lock_old_archive_extraction=$lock_old_archive_extraction + +# A C compiler. +LTCC=$lt_CC + +# LTCC compiler flags. +LTCFLAGS=$lt_CFLAGS + +# Take the output of nm and produce a listing of raw symbols and C names. +global_symbol_pipe=$lt_lt_cv_sys_global_symbol_pipe + +# Transform the output of nm in a proper C declaration. +global_symbol_to_cdecl=$lt_lt_cv_sys_global_symbol_to_cdecl + +# Transform the output of nm in a C name address pair. +global_symbol_to_c_name_address=$lt_lt_cv_sys_global_symbol_to_c_name_address + +# Transform the output of nm in a C name address pair when lib prefix is needed. +global_symbol_to_c_name_address_lib_prefix=$lt_lt_cv_sys_global_symbol_to_c_name_address_lib_prefix + +# Specify filename containing input files for \$NM. +nm_file_list_spec=$lt_nm_file_list_spec + +# The root where to search for dependent libraries,and in which our libraries should be installed. +lt_sysroot=$lt_sysroot + +# The name of the directory that contains temporary libtool files. +objdir=$objdir + +# Used to examine libraries when file_magic_cmd begins with "file". +MAGIC_CMD=$MAGIC_CMD + +# Must we lock files when doing compilation? +need_locks=$lt_need_locks + +# Manifest tool. +MANIFEST_TOOL=$lt_MANIFEST_TOOL + +# Tool to manipulate archived DWARF debug symbol files on Mac OS X. +DSYMUTIL=$lt_DSYMUTIL + +# Tool to change global to local symbols on Mac OS X. +NMEDIT=$lt_NMEDIT + +# Tool to manipulate fat objects and archives on Mac OS X. +LIPO=$lt_LIPO + +# ldd/readelf like tool for Mach-O binaries on Mac OS X. +OTOOL=$lt_OTOOL + +# ldd/readelf like tool for 64 bit Mach-O binaries on Mac OS X 10.4. +OTOOL64=$lt_OTOOL64 + +# Old archive suffix (normally "a"). +libext=$libext + +# Shared library suffix (normally ".so"). +shrext_cmds=$lt_shrext_cmds + +# The commands to extract the exported symbol list from a shared archive. +extract_expsyms_cmds=$lt_extract_expsyms_cmds + +# Variables whose values should be saved in libtool wrapper scripts and +# restored at link time. +variables_saved_for_relink=$lt_variables_saved_for_relink + +# Do we need the "lib" prefix for modules? +need_lib_prefix=$need_lib_prefix + +# Do we need a version for libraries? +need_version=$need_version + +# Library versioning type. +version_type=$version_type + +# Shared library runtime path variable. +runpath_var=$runpath_var + +# Shared library path variable. +shlibpath_var=$shlibpath_var + +# Is shlibpath searched before the hard-coded library search path? +shlibpath_overrides_runpath=$shlibpath_overrides_runpath + +# Format of library name prefix. +libname_spec=$lt_libname_spec + +# List of archive names. First name is the real one, the rest are links. +# The last name is the one that the linker finds with -lNAME +library_names_spec=$lt_library_names_spec + +# The coded name of the library, if different from the real name. +soname_spec=$lt_soname_spec + +# Permission mode override for installation of shared libraries. +install_override_mode=$lt_install_override_mode + +# Command to use after installation of a shared archive. +postinstall_cmds=$lt_postinstall_cmds + +# Command to use after uninstallation of a shared archive. +postuninstall_cmds=$lt_postuninstall_cmds + +# Commands used to finish a libtool library installation in a directory. +finish_cmds=$lt_finish_cmds + +# As "finish_cmds", except a single script fragment to be evaled but +# not shown. +finish_eval=$lt_finish_eval + +# Whether we should hardcode library paths into libraries. +hardcode_into_libs=$hardcode_into_libs + +# Compile-time system search path for libraries. +sys_lib_search_path_spec=$lt_sys_lib_search_path_spec + +# Run-time system search path for libraries. +sys_lib_dlsearch_path_spec=$lt_sys_lib_dlsearch_path_spec + +# Whether dlopen is supported. +dlopen_support=$enable_dlopen + +# Whether dlopen of programs is supported. +dlopen_self=$enable_dlopen_self + +# Whether dlopen of statically linked programs is supported. +dlopen_self_static=$enable_dlopen_self_static + +# Commands to strip libraries. +old_striplib=$lt_old_striplib +striplib=$lt_striplib + + +# The linker used to build libraries. +LD=$lt_LD + +# How to create reloadable object files. +reload_flag=$lt_reload_flag +reload_cmds=$lt_reload_cmds + +# Commands used to build an old-style archive. +old_archive_cmds=$lt_old_archive_cmds + +# A language specific compiler. +CC=$lt_compiler + +# Is the compiler the GNU compiler? +with_gcc=$GCC + +# Compiler flag to turn off builtin functions. +no_builtin_flag=$lt_lt_prog_compiler_no_builtin_flag + +# Additional compiler flags for building library objects. +pic_flag=$lt_lt_prog_compiler_pic + +# How to pass a linker flag through the compiler. +wl=$lt_lt_prog_compiler_wl + +# Compiler flag to prevent dynamic linking. +link_static_flag=$lt_lt_prog_compiler_static + +# Does compiler simultaneously support -c and -o options? +compiler_c_o=$lt_lt_cv_prog_compiler_c_o + +# Whether or not to add -lc for building shared libraries. +build_libtool_need_lc=$archive_cmds_need_lc + +# Whether or not to disallow shared libs when runtime libs are static. +allow_libtool_libs_with_static_runtimes=$enable_shared_with_static_runtimes + +# Compiler flag to allow reflexive dlopens. +export_dynamic_flag_spec=$lt_export_dynamic_flag_spec + +# Compiler flag to generate shared objects directly from archives. +whole_archive_flag_spec=$lt_whole_archive_flag_spec + +# Whether the compiler copes with passing no objects directly. +compiler_needs_object=$lt_compiler_needs_object + +# Create an old-style archive from a shared archive. +old_archive_from_new_cmds=$lt_old_archive_from_new_cmds + +# Create a temporary old-style archive to link instead of a shared archive. +old_archive_from_expsyms_cmds=$lt_old_archive_from_expsyms_cmds + +# Commands used to build a shared archive. +archive_cmds=$lt_archive_cmds +archive_expsym_cmds=$lt_archive_expsym_cmds + +# Commands used to build a loadable module if different from building +# a shared archive. +module_cmds=$lt_module_cmds +module_expsym_cmds=$lt_module_expsym_cmds + +# Whether we are building with GNU ld or not. +with_gnu_ld=$lt_with_gnu_ld + +# Flag that allows shared libraries with undefined symbols to be built. +allow_undefined_flag=$lt_allow_undefined_flag + +# Flag that enforces no undefined symbols. +no_undefined_flag=$lt_no_undefined_flag + +# Flag to hardcode \$libdir into a binary during linking. +# This must work even if \$libdir does not exist +hardcode_libdir_flag_spec=$lt_hardcode_libdir_flag_spec + +# Whether we need a single "-rpath" flag with a separated argument. +hardcode_libdir_separator=$lt_hardcode_libdir_separator + +# Set to "yes" if using DIR/libNAME\${shared_ext} during linking hardcodes +# DIR into the resulting binary. +hardcode_direct=$hardcode_direct + +# Set to "yes" if using DIR/libNAME\${shared_ext} during linking hardcodes +# DIR into the resulting binary and the resulting library dependency is +# "absolute",i.e impossible to change by setting \${shlibpath_var} if the +# library is relocated. +hardcode_direct_absolute=$hardcode_direct_absolute + +# Set to "yes" if using the -LDIR flag during linking hardcodes DIR +# into the resulting binary. +hardcode_minus_L=$hardcode_minus_L + +# Set to "yes" if using SHLIBPATH_VAR=DIR during linking hardcodes DIR +# into the resulting binary. +hardcode_shlibpath_var=$hardcode_shlibpath_var + +# Set to "yes" if building a shared library automatically hardcodes DIR +# into the library and all subsequent libraries and executables linked +# against it. +hardcode_automatic=$hardcode_automatic + +# Set to yes if linker adds runtime paths of dependent libraries +# to runtime path list. +inherit_rpath=$inherit_rpath + +# Whether libtool must link a program against all its dependency libraries. +link_all_deplibs=$link_all_deplibs + +# Set to "yes" if exported symbols are required. +always_export_symbols=$always_export_symbols + +# The commands to list exported symbols. +export_symbols_cmds=$lt_export_symbols_cmds + +# Symbols that should not be listed in the preloaded symbols. +exclude_expsyms=$lt_exclude_expsyms + +# Symbols that must always be exported. +include_expsyms=$lt_include_expsyms + +# Commands necessary for linking programs (against libraries) with templates. +prelink_cmds=$lt_prelink_cmds + +# Commands necessary for finishing linking programs. +postlink_cmds=$lt_postlink_cmds + +# Specify filename containing input files. +file_list_spec=$lt_file_list_spec + +# How to hardcode a shared library path into an executable. +hardcode_action=$hardcode_action + +# ### END LIBTOOL CONFIG + +_LT_EOF + + case $host_os in + aix3*) + cat <<\_LT_EOF >> "$cfgfile" +# AIX sometimes has problems with the GCC collect2 program. For some +# reason, if we set the COLLECT_NAMES environment variable, the problems +# vanish in a puff of smoke. +if test "X${COLLECT_NAMES+set}" != Xset; then + COLLECT_NAMES= + export COLLECT_NAMES +fi +_LT_EOF + ;; + esac + + +ltmain="$ac_aux_dir/ltmain.sh" + + + # We use sed instead of cat because bash on DJGPP gets confused if + # if finds mixed CR/LF and LF-only lines. Since sed operates in + # text mode, it properly converts lines to CR/LF. This bash problem + # is reportedly fixed, but why not run on old versions too? + sed '$q' "$ltmain" >> "$cfgfile" \ + || (rm -f "$cfgfile"; exit 1) + + if test x"$xsi_shell" = xyes; then + sed -e '/^func_dirname ()$/,/^} # func_dirname /c\ +func_dirname ()\ +{\ +\ case ${1} in\ +\ */*) func_dirname_result="${1%/*}${2}" ;;\ +\ * ) func_dirname_result="${3}" ;;\ +\ esac\ +} # Extended-shell func_dirname implementation' "$cfgfile" > $cfgfile.tmp \ + && mv -f "$cfgfile.tmp" "$cfgfile" \ + || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") +test 0 -eq $? || _lt_function_replace_fail=: + + + sed -e '/^func_basename ()$/,/^} # func_basename /c\ +func_basename ()\ +{\ +\ func_basename_result="${1##*/}"\ +} # Extended-shell func_basename implementation' "$cfgfile" > $cfgfile.tmp \ + && mv -f "$cfgfile.tmp" "$cfgfile" \ + || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") +test 0 -eq $? || _lt_function_replace_fail=: + + + sed -e '/^func_dirname_and_basename ()$/,/^} # func_dirname_and_basename /c\ +func_dirname_and_basename ()\ +{\ +\ case ${1} in\ +\ */*) func_dirname_result="${1%/*}${2}" ;;\ +\ * ) func_dirname_result="${3}" ;;\ +\ esac\ +\ func_basename_result="${1##*/}"\ +} # Extended-shell func_dirname_and_basename implementation' "$cfgfile" > $cfgfile.tmp \ + && mv -f "$cfgfile.tmp" "$cfgfile" \ + || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") +test 0 -eq $? || _lt_function_replace_fail=: + + + sed -e '/^func_stripname ()$/,/^} # func_stripname /c\ +func_stripname ()\ +{\ +\ # pdksh 5.2.14 does not do ${X%$Y} correctly if both X and Y are\ +\ # positional parameters, so assign one to ordinary parameter first.\ +\ func_stripname_result=${3}\ +\ func_stripname_result=${func_stripname_result#"${1}"}\ +\ func_stripname_result=${func_stripname_result%"${2}"}\ +} # Extended-shell func_stripname implementation' "$cfgfile" > $cfgfile.tmp \ + && mv -f "$cfgfile.tmp" "$cfgfile" \ + || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") +test 0 -eq $? || _lt_function_replace_fail=: + + + sed -e '/^func_split_long_opt ()$/,/^} # func_split_long_opt /c\ +func_split_long_opt ()\ +{\ +\ func_split_long_opt_name=${1%%=*}\ +\ func_split_long_opt_arg=${1#*=}\ +} # Extended-shell func_split_long_opt implementation' "$cfgfile" > $cfgfile.tmp \ + && mv -f "$cfgfile.tmp" "$cfgfile" \ + || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") +test 0 -eq $? || _lt_function_replace_fail=: + + + sed -e '/^func_split_short_opt ()$/,/^} # func_split_short_opt /c\ +func_split_short_opt ()\ +{\ +\ func_split_short_opt_arg=${1#??}\ +\ func_split_short_opt_name=${1%"$func_split_short_opt_arg"}\ +} # Extended-shell func_split_short_opt implementation' "$cfgfile" > $cfgfile.tmp \ + && mv -f "$cfgfile.tmp" "$cfgfile" \ + || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") +test 0 -eq $? || _lt_function_replace_fail=: + + + sed -e '/^func_lo2o ()$/,/^} # func_lo2o /c\ +func_lo2o ()\ +{\ +\ case ${1} in\ +\ *.lo) func_lo2o_result=${1%.lo}.${objext} ;;\ +\ *) func_lo2o_result=${1} ;;\ +\ esac\ +} # Extended-shell func_lo2o implementation' "$cfgfile" > $cfgfile.tmp \ + && mv -f "$cfgfile.tmp" "$cfgfile" \ + || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") +test 0 -eq $? || _lt_function_replace_fail=: + + + sed -e '/^func_xform ()$/,/^} # func_xform /c\ +func_xform ()\ +{\ + func_xform_result=${1%.*}.lo\ +} # Extended-shell func_xform implementation' "$cfgfile" > $cfgfile.tmp \ + && mv -f "$cfgfile.tmp" "$cfgfile" \ + || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") +test 0 -eq $? || _lt_function_replace_fail=: + + + sed -e '/^func_arith ()$/,/^} # func_arith /c\ +func_arith ()\ +{\ + func_arith_result=$(( $* ))\ +} # Extended-shell func_arith implementation' "$cfgfile" > $cfgfile.tmp \ + && mv -f "$cfgfile.tmp" "$cfgfile" \ + || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") +test 0 -eq $? || _lt_function_replace_fail=: + + + sed -e '/^func_len ()$/,/^} # func_len /c\ +func_len ()\ +{\ + func_len_result=${#1}\ +} # Extended-shell func_len implementation' "$cfgfile" > $cfgfile.tmp \ + && mv -f "$cfgfile.tmp" "$cfgfile" \ + || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") +test 0 -eq $? || _lt_function_replace_fail=: + +fi + +if test x"$lt_shell_append" = xyes; then + sed -e '/^func_append ()$/,/^} # func_append /c\ +func_append ()\ +{\ + eval "${1}+=\\${2}"\ +} # Extended-shell func_append implementation' "$cfgfile" > $cfgfile.tmp \ + && mv -f "$cfgfile.tmp" "$cfgfile" \ + || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") +test 0 -eq $? || _lt_function_replace_fail=: + + + sed -e '/^func_append_quoted ()$/,/^} # func_append_quoted /c\ +func_append_quoted ()\ +{\ +\ func_quote_for_eval "${2}"\ +\ eval "${1}+=\\\\ \\$func_quote_for_eval_result"\ +} # Extended-shell func_append_quoted implementation' "$cfgfile" > $cfgfile.tmp \ + && mv -f "$cfgfile.tmp" "$cfgfile" \ + || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") +test 0 -eq $? || _lt_function_replace_fail=: + + + # Save a `func_append' function call where possible by direct use of '+=' + sed -e 's%func_append \([a-zA-Z_]\{1,\}\) "%\1+="%g' $cfgfile > $cfgfile.tmp \ + && mv -f "$cfgfile.tmp" "$cfgfile" \ + || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") + test 0 -eq $? || _lt_function_replace_fail=: +else + # Save a `func_append' function call even when '+=' is not available + sed -e 's%func_append \([a-zA-Z_]\{1,\}\) "%\1="$\1%g' $cfgfile > $cfgfile.tmp \ + && mv -f "$cfgfile.tmp" "$cfgfile" \ + || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") + test 0 -eq $? || _lt_function_replace_fail=: +fi + +if test x"$_lt_function_replace_fail" = x":"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Unable to substitute extended shell functions in $ofile" >&5 +$as_echo "$as_me: WARNING: Unable to substitute extended shell functions in $ofile" >&2;} +fi + + + mv -f "$cfgfile" "$ofile" || + (rm -f "$ofile" && cp "$cfgfile" "$ofile" && rm -f "$cfgfile") + chmod +x "$ofile" + + ;; + "default-1":C) case "$CONFIG_FILES" in *po/Makefile.in*) + sed -e "/POTFILES =/r po/POTFILES" po/Makefile.in > po/Makefile + esac ;; + "po/stamp-it":C) + if ! grep "^# INTLTOOL_MAKEFILE$" "po/Makefile.in" > /dev/null ; then + as_fn_error $? "po/Makefile.in.in was not created by intltoolize." "$LINENO" 5 + fi + rm -f "po/stamp-it" "po/stamp-it.tmp" "po/POTFILES" "po/Makefile.tmp" + >"po/stamp-it.tmp" + sed '/^#/d + s/^[[].*] *// + /^[ ]*$/d + '"s|^| $ac_top_srcdir/|" \ + "$srcdir/po/POTFILES.in" | sed '$!s/$/ \\/' >"po/POTFILES" + + sed '/^POTFILES =/,/[^\\]$/ { + /^POTFILES =/!d + r po/POTFILES + } + ' "po/Makefile.in" >"po/Makefile" + rm -f "po/Makefile.tmp" + mv "po/stamp-it.tmp" "po/stamp-it" + ;; + + esac +done # for ac_tag + + +as_fn_exit 0 +_ACEOF +ac_clean_files=$ac_clean_files_save + +test $ac_write_fail = 0 || + as_fn_error $? "write failure creating $CONFIG_STATUS" "$LINENO" 5 + + +# configure is writing to config.log, and then calls config.status. +# config.status does its own redirection, appending to config.log. +# Unfortunately, on DOS this fails, as config.log is still kept open +# by configure, so config.status won't be able to write to it; its +# output is simply discarded. So we exec the FD to /dev/null, +# effectively closing config.log, so it can be properly (re)opened and +# appended to by config.status. When coming back to configure, we +# need to make the FD available again. +if test "$no_create" != yes; then + ac_cs_success=: + ac_config_status_args= + test "$silent" = yes && + ac_config_status_args="$ac_config_status_args --quiet" + exec 5>/dev/null + $SHELL $CONFIG_STATUS $ac_config_status_args || ac_cs_success=false + exec 5>>config.log + # Use ||, not &&, to avoid exiting from the if with $? = 1, which + # would make configure fail if this is the last instruction. + $ac_cs_success || as_fn_exit 1 +fi + +# +# CONFIG_SUBDIRS section. +# +if test "$no_recursion" != yes; then + + # Remove --cache-file, --srcdir, and --disable-option-checking arguments + # so they do not pile up. + ac_sub_configure_args= + ac_prev= + eval "set x $ac_configure_args" + shift + for ac_arg + do + if test -n "$ac_prev"; then + ac_prev= + continue + fi + case $ac_arg in + -cache-file | --cache-file | --cache-fil | --cache-fi \ + | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c) + ac_prev=cache_file ;; + -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \ + | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* \ + | --c=*) + ;; + --config-cache | -C) + ;; + -srcdir | --srcdir | --srcdi | --srcd | --src | --sr) + ac_prev=srcdir ;; + -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*) + ;; + -prefix | --prefix | --prefi | --pref | --pre | --pr | --p) + ac_prev=prefix ;; + -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*) + ;; + --disable-option-checking) + ;; + *) + case $ac_arg in + *\'*) ac_arg=`$as_echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;; + esac + as_fn_append ac_sub_configure_args " '$ac_arg'" ;; + esac + done + + # Always prepend --prefix to ensure using the same prefix + # in subdir configurations. + ac_arg="--prefix=$prefix" + case $ac_arg in + *\'*) ac_arg=`$as_echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;; + esac + ac_sub_configure_args="'$ac_arg' $ac_sub_configure_args" + + # Pass --silent + if test "$silent" = yes; then + ac_sub_configure_args="--silent $ac_sub_configure_args" + fi + + # Always prepend --disable-option-checking to silence warnings, since + # different subdirs can have different --enable and --with options. + ac_sub_configure_args="--disable-option-checking $ac_sub_configure_args" + + ac_popdir=`pwd` + for ac_dir in : $subdirs; do test "x$ac_dir" = x: && continue + + # Do not complain, so a configure script can configure whichever + # parts of a large source tree are present. + test -d "$srcdir/$ac_dir" || continue + + ac_msg="=== configuring in $ac_dir (`pwd`/$ac_dir)" + $as_echo "$as_me:${as_lineno-$LINENO}: $ac_msg" >&5 + $as_echo "$ac_msg" >&6 + as_dir="$ac_dir"; as_fn_mkdir_p + ac_builddir=. + +case "$ac_dir" in +.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;; +*) + ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'` + # A ".." for each directory in $ac_dir_suffix. + ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'` + case $ac_top_builddir_sub in + "") ac_top_builddir_sub=. ac_top_build_prefix= ;; + *) ac_top_build_prefix=$ac_top_builddir_sub/ ;; + esac ;; +esac +ac_abs_top_builddir=$ac_pwd +ac_abs_builddir=$ac_pwd$ac_dir_suffix +# for backward compatibility: +ac_top_builddir=$ac_top_build_prefix + +case $srcdir in + .) # We are building in place. + ac_srcdir=. + ac_top_srcdir=$ac_top_builddir_sub + ac_abs_top_srcdir=$ac_pwd ;; + [\\/]* | ?:[\\/]* ) # Absolute name. + ac_srcdir=$srcdir$ac_dir_suffix; + ac_top_srcdir=$srcdir + ac_abs_top_srcdir=$srcdir ;; + *) # Relative name. + ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix + ac_top_srcdir=$ac_top_build_prefix$srcdir + ac_abs_top_srcdir=$ac_pwd/$srcdir ;; +esac +ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix + + + cd "$ac_dir" + + # Check for guested configure; otherwise get Cygnus style configure. + if test -f "$ac_srcdir/configure.gnu"; then + ac_sub_configure=$ac_srcdir/configure.gnu + elif test -f "$ac_srcdir/configure"; then + ac_sub_configure=$ac_srcdir/configure + elif test -f "$ac_srcdir/configure.in"; then + # This should be Cygnus configure. + ac_sub_configure=$ac_aux_dir/configure + else + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: no configuration information is in $ac_dir" >&5 +$as_echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2;} + ac_sub_configure= + fi + + # The recursion is here. + if test -n "$ac_sub_configure"; then + # Make the cache file name correct relative to the subdirectory. + case $cache_file in + [\\/]* | ?:[\\/]* ) ac_sub_cache_file=$cache_file ;; + *) # Relative name. + ac_sub_cache_file=$ac_top_build_prefix$cache_file ;; + esac + + { $as_echo "$as_me:${as_lineno-$LINENO}: running $SHELL $ac_sub_configure $ac_sub_configure_args --cache-file=$ac_sub_cache_file --srcdir=$ac_srcdir" >&5 +$as_echo "$as_me: running $SHELL $ac_sub_configure $ac_sub_configure_args --cache-file=$ac_sub_cache_file --srcdir=$ac_srcdir" >&6;} + # The eval makes quoting arguments work. + eval "\$SHELL \"\$ac_sub_configure\" $ac_sub_configure_args \ + --cache-file=\"\$ac_sub_cache_file\" --srcdir=\"\$ac_srcdir\"" || + as_fn_error $? "$ac_sub_configure failed for $ac_dir" "$LINENO" 5 + fi + + cd "$ac_popdir" + done +fi +if test -n "$ac_unrecognized_opts" && test "$enable_option_checking" != no; then + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: unrecognized options: $ac_unrecognized_opts" >&5 +$as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2;} +fi + + +echo " + polkit $VERSION + ================= + + prefix: ${prefix} + libdir: ${libdir} + libexecdir: ${libexecdir} + bindir: ${bindir} + sbindir: ${sbindir} + datadir: ${datadir} + sysconfdir: ${sysconfdir} + localstatedir: ${localstatedir} + docdir: ${docdir} + + compiler: ${CC} + cflags: ${CFLAGS} + cppflags: ${CPPFLAGS} + xsltproc: ${XSLTPROC} + introspection: ${found_introspection} + + Distribution/OS: ${with_os_type} + Authentication framework: ${POLKIT_AUTHFW} + Session tracking: ${SESSION_TRACKING} + PAM support: ${have_pam}" + +if test "$have_pam" = yes ; then +echo " + PAM file auth: ${PAM_FILE_INCLUDE_AUTH} + PAM file account: ${PAM_FILE_INCLUDE_ACCOUNT} + PAM file password: ${PAM_FILE_INCLUDE_PASSWORD} + PAM file session: ${PAM_FILE_INCLUDE_SESSION}" +fi +echo " + Maintainer mode: ${USE_MAINTAINER_MODE} + Building verbose mode: ${enable_verbose_mode} + Building api docs: ${enable_gtk_doc} + Building man pages: ${enable_man_pages} + Building examples: ${enable_examples} + +" + +echo "NOTE: The directory ${sysconfdir}/polkit-1/localauthority must be owned" +echo " by root and have mode 700" +echo + +echo "NOTE: The directory ${localstatedir}/lib/polkit-1 must be owned" +echo " by root and have mode 700" +echo + +echo "NOTE: The file ${libexecdir}/polkit-agent-helper-1 must be owned" +echo " by root and have mode 4755 (setuid root binary)" +echo + +echo "NOTE: The file ${bindir}/pkexec must be owned by root and" +echo " have mode 4755 (setuid root binary)" +echo + diff --git a/configure.ac b/configure.ac new file mode 100644 index 00000000..f4a0c417 --- /dev/null +++ b/configure.ac @@ -0,0 +1,516 @@ +dnl Process this file with autoconf to produce a configure script. + +AC_PREREQ(2.59c) +AC_INIT(polkit, 0.105, http://lists.freedesktop.org/mailman/listinfo/polkit-devel) +AM_INIT_AUTOMAKE(polkit, 0.105) +AM_CONFIG_HEADER(config.h) +AM_MAINTAINER_MODE + +m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])]) + +# Include external mocklibc tool for unit testing +AC_CONFIG_SUBDIRS([test/mocklibc]) + +# libtool versioning - this applies to all libraries in this package +# +# See http://sources.redhat.com/autobook/autobook/autobook_91.html#SEC91 for details +# +LT_CURRENT=0 +LT_REVISION=0 +LT_AGE=0 +AC_SUBST(LT_CURRENT) +AC_SUBST(LT_REVISION) +AC_SUBST(LT_AGE) + +AC_ISC_POSIX +AC_PROG_CC +AM_PROG_CC_STDC +AC_HEADER_STDC +AM_PROG_LIBTOOL +AC_PROG_MAKE_SET +AC_PROG_LN_S +AC_SYS_LARGEFILE +AM_PROG_CC_C_O + +# Taken from dbus +AC_ARG_ENABLE(ansi, [ --enable-ansi enable -ansi -pedantic gcc flags],enable_ansi=$enableval,enable_ansi=no) +AC_ARG_ENABLE(verbose-mode, [ --enable-verbose-mode support verbose debug mode],enable_verbose_mode=$enableval,enable_verbose_mode=$USE_MAINTAINER_MODE) +AC_ARG_ENABLE(man-pages, [ --enable-man-pages build manual pages],enable_man_pages=$enableval,enable_man_pages=yes) + +if test "${enable_man_page}" != no; then +dnl +dnl Check for xsltproc +dnl +AC_PATH_PROG([XSLTPROC], [xsltproc]) + if test -z "$XSLTPROC"; then + enable_man_pages=no + fi +fi +AM_CONDITIONAL(MAN_PAGES_ENABLED, test x$enable_man_pages = xyes) + +GTK_DOC_CHECK([1.3]) + +#### gcc warning flags + +if test "x$GCC" = "xyes"; then + changequote(,)dnl + case " $CFLAGS " in + *[\ \ ]-Wall[\ \ ]*) ;; + *) CFLAGS="$CFLAGS -Wall" ;; + esac + + case " $CFLAGS " in + *[\ \ ]-Wchar-subscripts[\ \ ]*) ;; + *) CFLAGS="$CFLAGS -Wchar-subscripts" ;; + esac + + case " $CFLAGS " in + *[\ \ ]-Wmissing-declarations[\ \ ]*) ;; + *) CFLAGS="$CFLAGS -Wmissing-declarations" ;; + esac + + case " $CFLAGS " in + *[\ \ ]-Wnested-externs[\ \ ]*) ;; + *) CFLAGS="$CFLAGS -Wnested-externs" ;; + esac + + case " $CFLAGS " in + *[\ \ ]-Wpointer-arith[\ \ ]*) ;; + *) CFLAGS="$CFLAGS -Wpointer-arith" ;; + esac + + case " $CFLAGS " in + *[\ \ ]-Wcast-align[\ \ ]*) ;; + *) CFLAGS="$CFLAGS -Wcast-align" ;; + esac + + case " $CFLAGS " in + *[\ \ ]-Wsign-compare[\ \ ]*) ;; + *) CFLAGS="$CFLAGS -Wsign-compare" ;; + esac + + case " $CFLAGS " in + *[\ \ ]-Wformat[\ \ ]*) ;; + *) CFLAGS="$CFLAGS -Wformat" ;; + esac + + case " $CFLAGS " in + *[\ \ ]-Wformat-security[\ \ ]*) ;; + *) CFLAGS="$CFLAGS -Wformat-security" ;; + esac + + if test "x$enable_ansi" = "xyes"; then + case " $CFLAGS " in + *[\ \ ]-ansi[\ \ ]*) ;; + *) CFLAGS="$CFLAGS -ansi" ;; + esac + + case " $CFLAGS " in + *[\ \ ]-D_POSIX_C_SOURCE*) ;; + *) CFLAGS="$CFLAGS -D_POSIX_C_SOURCE=199309L" ;; + esac + + case " $CFLAGS " in + *[\ \ ]-D_BSD_SOURCE[\ \ ]*) ;; + *) CFLAGS="$CFLAGS -D_BSD_SOURCE" ;; + esac + + case " $CFLAGS " in + *[\ \ ]-pedantic[\ \ ]*) ;; + *) CFLAGS="$CFLAGS -pedantic" ;; + esac + fi + changequote([,])dnl +fi + +PKG_CHECK_MODULES(GLIB, [gio-2.0 >= 2.28.0]) +AC_SUBST(GLIB_CFLAGS) +AC_SUBST(GLIB_LIBS) + +EXPAT_LIB="" +AC_ARG_WITH(expat, [ --with-expat= Use expat from here], + [ + expat=$withval + CPPFLAGS="$CPPFLAGS -I$withval/include" + LDFLAGS="$LDFLAGS -L$withval/lib" + ] + ) +AC_CHECK_HEADERS(expat.h, [AC_DEFINE(HAVE_EXPAT_H)], + [AC_MSG_ERROR([Can't find expat.h. Please install expat.])]) +AC_CHECK_LIB(expat,XML_ParserCreate,[EXPAT_LIBS="-lexpat"], + [AC_MSG_ERROR([Can't find expat library. Please install expat.])]) +AC_SUBST(EXPAT_LIBS) + +AC_CHECK_FUNCS(clearenv) + +if test "x$GCC" = "xyes"; then + LDFLAGS="-Wl,--as-needed $LDFLAGS" +fi + +dnl --------------------------------------------------------------------------- +dnl - Select wether to use systemd or ConsoleKit for session tracking +dnl --------------------------------------------------------------------------- + +have_systemd=no +SESSION_TRACKING=ConsoleKit + +AC_ARG_ENABLE([systemd], + AS_HELP_STRING([--enable-systemd[=@<:@auto/yes/no@:>@]], [Use systemd (auto/yes/no)]), + [enable_systemd=$enableval], + [enable_systemd=auto]) +if test "$enable_systemd" != "no"; then + PKG_CHECK_MODULES(SYSTEMD, + [libsystemd-login], + have_systemd=yes, + have_systemd=no) + if test "$have_systemd" = "yes"; then + SESSION_TRACKING=systemd + else + if test "$enable_systemd" = "yes"; then + AC_MSG_ERROR([systemd support requested but libsystemd-login1 library not found]) + fi + fi +fi + +AC_SUBST(SYSTEMD_CFLAGS) +AC_SUBST(SYSTEMD_LIBS) +AM_CONDITIONAL(HAVE_SYSTEMD, [test "$have_systemd" = "yes"], [Using systemd]) + +dnl --------------------------------------------------------------------------- +dnl - Select which authentication framework to use +dnl --------------------------------------------------------------------------- + +AC_ARG_WITH([authfw], + AS_HELP_STRING([--with-authfw=], + [Authentication framework (none/pam/shadow)])) +if ! test -z "$with_authfw" ; then + if test x$with_authdb = xdummy ; then + if ! test x$with_authfw = xnone ; then + AC_MSG_ERROR([Only 'none' is a valid authentication framework for the dummy authorization database]) + fi + else + if test x$with_authfw = xnone ; then + AC_MSG_ERROR(['none' is only a valid authentication framework for the dummy authorization database]) + fi + fi + POLKIT_AUTHFW=$with_authfw +else + if test x$with_authdb = xdummy ; then + POLKIT_AUTHFW=none + else + POLKIT_AUTHFW=pam + fi +fi + +AC_SUBST(POLKIT_AUTHFW) +AC_DEFINE_UNQUOTED(POLKIT_AUTHFW,"$POLKIT_AUTHFW", [Authentication Framework to use]) + +case $POLKIT_AUTHFW in + none) + need_pam=no + AC_DEFINE(POLKIT_AUTHFW_NONE, 1, [If using no authentication framework]) + ;; + + pam) + need_pam=yes + AC_DEFINE(POLKIT_AUTHFW_PAM, 1, [If using the PAM authentication framework]) + ;; + + shadow) + need_pam=no + AUTH_LIBS="${AUTH_LIBS} -lcrypt" + AC_DEFINE(POLKIT_AUTHFW_SHADOW, 1, [If using the Shadow authentication framework]) + ;; + + *) + AC_MSG_ERROR([Unknown Authentication Framework: $POLKIT_AUTHFW]) + ;; +esac + +AM_CONDITIONAL(POLKIT_AUTHFW_NONE, [test x$POLKIT_AUTHFW = xnone], [Using no authfw]) +AM_CONDITIONAL(POLKIT_AUTHFW_PAM, [test x$POLKIT_AUTHFW = xpam], [Using PAM authfw]) +AM_CONDITIONAL(POLKIT_AUTHFW_SHADOW, [test x$POLKIT_AUTHFW = xshadow], [Using Shadow authfw]) + + +dnl --------------------------------------------------------------------------- +dnl - Check for PAM +dnl --------------------------------------------------------------------------- + +withval="" +AC_ARG_WITH(pam-prefix, +[ --with-pam-prefix= specify where pam files go],[ +if test x$withval != x; then + AC_MSG_RESULT("PAM files will be installed in prefix ${withval}.") +fi]) +if test x$withval != x; then + PAM_PREFIX_UNEXPANDED="$withval" +else + PAM_PREFIX_UNEXPANDED="$sysconfdir" +fi +PAM_PREFIX=`eval echo $PAM_PREFIX_UNEXPANDED` +AC_SUBST(PAM_PREFIX) + +have_pam=no +if test "$need_pam" = yes ; then + AC_CHECK_LIB(pam, pam_start, have_pam=yes) +fi + +if test x$have_pam = xno; then + if test "$need_pam" = yes ; then + AC_ERROR([Could not find pam/pam-devel, please install the needed packages.]) + fi +else + AUTH_LIBS="${AUTH_LIBS} -lpam" + AC_DEFINE(HAVE_PAM, 1, [Define if PAM support is included]) + + # On Linux, sigtimedwait() is in libc; on Solaris, it's in librt. + have_timedwait=no + AC_CHECK_LIB(c, sigtimedwait, [have_timedwait=yes]) + if test "$have_timedwait" = no ; then + AC_CHECK_LIB(rt, sigtimedwait, [AUTH_LIBS="${AUTH_LIBS} -lrt"]) + fi + + AC_MSG_CHECKING(how to call pam_strerror) + AC_CACHE_VAL(ac_cv_pam_strerror_args, + [AC_TRY_COMPILE([#include + #include + #include ], + [pam_handle_t *pamh = 0; + char *s = pam_strerror(pamh, PAM_SUCCESS);], + [ac_pam_strerror_args=2], + [AC_TRY_COMPILE([#include + #include + #include ], + [char *s = + pam_strerror(PAM_SUCCESS);], + [ac_pam_strerror_args=1], + [ac_pam_strerror_args=0])]) + ac_cv_pam_strerror_args=$ac_pam_strerror_args]) + ac_pam_strerror_args=$ac_cv_pam_strerror_args + if test "$ac_pam_strerror_args" = 1 ; then + AC_MSG_RESULT(one argument) + elif test "$ac_pam_strerror_args" = 2 ; then + AC_DEFINE(PAM_STRERROR_TWO_ARGS, 1, [Define if pam_strerror takes two arguments]) + AC_MSG_RESULT(two arguments) + else + AC_MSG_RESULT(unknown) + fi + +fi + +AM_CONDITIONAL(HAVE_PAM, test x$have_pam = xyes) +AC_SUBST(HAVE_PAM) +AC_SUBST(AUTH_LIBS) + +AC_CHECK_HEADER(security/pam_modutil.h, [AC_DEFINE(HAVE_PAM_MODUTIL_H, [], "Have pam_modutil.h")]) +AC_CHECK_HEADER(security/pam_ext.h, [AC_DEFINE(HAVE_PAM_EXT_H, [], "Have pam_ext.h")]) +AC_CHECK_LIB(pam, pam_vsyslog, [AC_DEFINE(HAVE_PAM_VSYSLOG, [], "Have pam_vsyslog")]) + +AC_ARG_WITH(pam-module-dir, [ --with-pam-module-dir=[dirname] directory to install PAM security module]) +if ! test -z "$with_pam_module_dir"; then + PAM_MODULE_DIR=$with_pam_module_dir +else + PAM_MODULE_DIR="/lib/security" +fi + +AC_SUBST(PAM_MODULE_DIR) + +AC_ARG_WITH(os-type, [ --with-os-type= distribution or OS (redhat/suse/gentoo/pardus/solaris)]) + +#### Check our operating system (distro-tweaks required) +if test "z$with_os_type" = "z"; then + AC_CHECK_FILE(/etc/redhat-release,distro_type="redhat") + AC_CHECK_FILE(/etc/SuSE-release,distro_type="suse") + AC_CHECK_FILE(/etc/gentoo-release,distro_type="gentoo") + AC_CHECK_FILE(/etc/pardus-release,distro_type="pardus") + if test "z$distro_type" = "z"; then + echo "Linux distribution autodetection failed, specify the distribution to target using --with-os-type=" + else + operating_system=`echo ${distro_type} | tr '[[:upper:]]' '[[:lower:]]' ` + fi +fi + +#### Sort out OS (distro-tweaks required) +if test x$with_os_type = x; then + if test x$operating_system = xredhat ; then + with_os_type=redhat + elif test x$operating_system = xsuse ; then + with_os_type=suse + elif test x$operating_system = xgentoo ; then + with_os_type=gentoo + elif test x$operating_system = xpardus ; then + with_os_type=pardus + elif test x$operating_system = xsolaris ; then + with_os_type=solaris + elif test x$operating_system = xfreebsd ; then + with_os_type=freebsd + else + with_os_type=unknown + fi +fi + +# (distro-tweaks required) +AM_CONDITIONAL(OS_TYPE_UNKNOWN, test x$with_os_type = xunknown, [Running on unknown OS]) +AM_CONDITIONAL(OS_TYPE_RED_HAT, test x$with_os_type = xredhat, [Running on Red Hat OS'es]) +AM_CONDITIONAL(OS_TYPE_SUSE, test x$with_os_type = xsuse, [Running on SUSE OS'es]) +AM_CONDITIONAL(OS_TYPE_GENTOO, test x$with_os_type = xgentoo, [Running on Gentoo OS'es]) +AM_CONDITIONAL(OS_TYPE_PARDUS, test x$with_os_type = xpardus, [Running on Pardus OS'es]) +AM_CONDITIONAL(OS_TYPE_SOLARIS, test x$with_os_type = xsolaris, [Running os Solaris OS'es]) +AM_CONDITIONAL(OS_TYPE_FREEBSD, test x$with_os_type = xfreebsd, [Running on FreeBSD OS'es]) + +AC_ARG_WITH(pam-include, [ --with-pam-include= pam file to include]) + +#### Set up pam file to include (distro-tweaks required) +if ! test -z "$with_pam_include"; then + PAM_FILE_INCLUDE_AUTH=$with_pam_include + PAM_FILE_INCLUDE_ACCOUNT=$with_pam_include + PAM_FILE_INCLUDE_PASSWORD=$with_pam_include + PAM_FILE_INCLUDE_SESSION=$with_pam_include +elif test x$with_os_type = xredhat -o x$with_os_type = xgentoo -o x$with_os_type = xpardus ; then + PAM_FILE_INCLUDE_AUTH=system-auth + PAM_FILE_INCLUDE_ACCOUNT=system-auth + PAM_FILE_INCLUDE_PASSWORD=system-auth + PAM_FILE_INCLUDE_SESSION=system-auth +elif test x$with_os_type = xsuse -o x$with_os_type = xsolaris ; then + PAM_FILE_INCLUDE_AUTH=common-auth + PAM_FILE_INCLUDE_ACCOUNT=common-account + PAM_FILE_INCLUDE_PASSWORD=common-password + PAM_FILE_INCLUDE_SESSION=common-session +elif test x$with_os_type = xfreebsd ; then + PAM_FILE_INCLUDE_AUTH=system + PAM_FILE_INCLUDE_ACCOUNT=system + PAM_FILE_INCLUDE_PASSWORD=system + PAM_FILE_INCLUDE_SESSION=system +else + PAM_FILE_INCLUDE_AUTH=system-auth + PAM_FILE_INCLUDE_ACCOUNT=system-auth + PAM_FILE_INCLUDE_PASSWORD=system-auth + PAM_FILE_INCLUDE_SESSION=system-auth +fi + +AC_SUBST(PAM_FILE_INCLUDE_AUTH) +AC_SUBST(PAM_FILE_INCLUDE_ACCOUNT) +AC_SUBST(PAM_FILE_INCLUDE_PASSWORD) +AC_SUBST(PAM_FILE_INCLUDE_SESSION) +AC_DEFINE_UNQUOTED(PAM_FILE_INCLUDE_AUTH, "$PAM_FILE_INCLUDE_AUTH", [pam file auth]) +AC_DEFINE_UNQUOTED(PAM_FILE_INCLUDE_ACCOUNT, "$PAM_FILE_INCLUDE_ACCOUNT", [pam file account]) +AC_DEFINE_UNQUOTED(PAM_FILE_INCLUDE_PASSWORD, "$PAM_FILE_INCLUDE_PASSWORD", [pam file password]) +AC_DEFINE_UNQUOTED(PAM_FILE_INCLUDE_SESSION, "$PAM_FILE_INCLUDE_SESSION", [pam file session]) + +dnl --------------------------------------------------------------------------- +dnl - check OS +dnl --------------------------------------------------------------------------- +case "$host_os" in + *linux*) + ;; + *solaris*) + AC_DEFINE([HAVE_SOLARIS], 1, [Is this a Solaris system?]) + ;; + *freebsd*) + AC_DEFINE([HAVE_FREEBSD], 1, [Is this a FreeBSD system?]) + ;; +esac + +GOBJECT_INTROSPECTION_CHECK([0.6.2]) + +AC_ARG_ENABLE([examples], + AS_HELP_STRING([--enable-examples], [Build the example programs]),, + [enable_examples=yes]) + +AM_CONDITIONAL(BUILD_EXAMPLES, test "x$enable_examples" = "xyes") + +# ******************** +# Internationalization +# ******************** + +IT_PROG_INTLTOOL([0.40.0]) +GETTEXT_PACKAGE=polkit-1 +AC_SUBST([GETTEXT_PACKAGE]) +AM_GLIB_GNU_GETTEXT +AC_DEFINE_UNQUOTED([GETTEXT_PACKAGE],["$GETTEXT_PACKAGE"],[gettext domain]) + +AC_OUTPUT([ +Makefile +actions/Makefile +data/Makefile +data/polkit-1 +data/polkit-gobject-1.pc +data/polkit-backend-1.pc +data/polkit-agent-1.pc +src/Makefile +src/polkit/Makefile +src/polkitbackend/Makefile +src/polkitagent/Makefile +src/polkitd/Makefile +src/programs/Makefile +src/examples/Makefile +src/nullbackend/Makefile +docs/version.xml +docs/extensiondir.xml +docs/Makefile +docs/polkit/Makefile +docs/man/Makefile +po/Makefile.in +test/Makefile +test/polkit/Makefile +test/polkitbackend/Makefile +]) + +dnl ========================================================================== +echo " + polkit $VERSION + ================= + + prefix: ${prefix} + libdir: ${libdir} + libexecdir: ${libexecdir} + bindir: ${bindir} + sbindir: ${sbindir} + datadir: ${datadir} + sysconfdir: ${sysconfdir} + localstatedir: ${localstatedir} + docdir: ${docdir} + + compiler: ${CC} + cflags: ${CFLAGS} + cppflags: ${CPPFLAGS} + xsltproc: ${XSLTPROC} + introspection: ${found_introspection} + + Distribution/OS: ${with_os_type} + Authentication framework: ${POLKIT_AUTHFW} + Session tracking: ${SESSION_TRACKING} + PAM support: ${have_pam}" + +if test "$have_pam" = yes ; then +echo " + PAM file auth: ${PAM_FILE_INCLUDE_AUTH} + PAM file account: ${PAM_FILE_INCLUDE_ACCOUNT} + PAM file password: ${PAM_FILE_INCLUDE_PASSWORD} + PAM file session: ${PAM_FILE_INCLUDE_SESSION}" +fi +echo " + Maintainer mode: ${USE_MAINTAINER_MODE} + Building verbose mode: ${enable_verbose_mode} + Building api docs: ${enable_gtk_doc} + Building man pages: ${enable_man_pages} + Building examples: ${enable_examples} + +" + +echo "NOTE: The directory ${sysconfdir}/polkit-1/localauthority must be owned" +echo " by root and have mode 700" +echo + +echo "NOTE: The directory ${localstatedir}/lib/polkit-1 must be owned" +echo " by root and have mode 700" +echo + +echo "NOTE: The file ${libexecdir}/polkit-agent-helper-1 must be owned" +echo " by root and have mode 4755 (setuid root binary)" +echo + +echo "NOTE: The file ${bindir}/pkexec must be owned by root and" +echo " have mode 4755 (setuid root binary)" +echo + diff --git a/data/Makefile.am b/data/Makefile.am new file mode 100644 index 00000000..f0beeba4 --- /dev/null +++ b/data/Makefile.am @@ -0,0 +1,34 @@ +## Process this file with automake to produce Makefile.in + +NULL = + +servicedir = $(datadir)/dbus-1/system-services +service_in_files = org.freedesktop.PolicyKit1.service.in +service_DATA = $(service_in_files:.service.in=.service) + +$(service_DATA): $(service_in_files) Makefile + @sed -e "s|\@libexecdir\@|$(libexecdir)|" $< > $@ + +dbusconfdir = $(sysconfdir)/dbus-1/system.d +dbusconf_DATA = org.freedesktop.PolicyKit1.conf + +if POLKIT_AUTHFW_PAM +pamdir = $(sysconfdir)/pam.d +pam_DATA = polkit-1 +endif + +pkgconfigdir = $(libdir)/pkgconfig +pkgconfig_DATA = polkit-gobject-1.pc polkit-backend-1.pc polkit-agent-1.pc + +CLEANFILES = $(BUILT_SOURCES) + +EXTRA_DIST = \ + org.freedesktop.PolicyKit1.Authority.xml \ + org.freedesktop.PolicyKit1.AuthenticationAgent.xml \ + $(service_in_files) \ + $(dbusconf_DATA) \ + $(NULL) + + +clean-local : + rm -f *~ $(service_DATA) diff --git a/data/Makefile.in b/data/Makefile.in new file mode 100644 index 00000000..d40b338d --- /dev/null +++ b/data/Makefile.in @@ -0,0 +1,576 @@ +# Makefile.in generated by automake 1.11.3 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software +# Foundation, Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +VPATH = @srcdir@ +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +subdir = data +DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \ + $(srcdir)/polkit-1.in $(srcdir)/polkit-agent-1.pc.in \ + $(srcdir)/polkit-backend-1.pc.in \ + $(srcdir)/polkit-gobject-1.pc.in +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/config.h +CONFIG_CLEAN_FILES = polkit-1 polkit-gobject-1.pc polkit-backend-1.pc \ + polkit-agent-1.pc +CONFIG_CLEAN_VPATH_FILES = +AM_V_GEN = $(am__v_GEN_@AM_V@) +am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) +am__v_GEN_0 = @echo " GEN " $@; +AM_V_at = $(am__v_at_@AM_V@) +am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) +am__v_at_0 = @ +SOURCES = +DIST_SOURCES = +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__uninstall_files_from_dir = { \ + test -z "$$files" \ + || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ + || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ + $(am__cd) "$$dir" && rm -f $$files; }; \ + } +am__installdirs = "$(DESTDIR)$(dbusconfdir)" "$(DESTDIR)$(pamdir)" \ + "$(DESTDIR)$(pkgconfigdir)" "$(DESTDIR)$(servicedir)" +DATA = $(dbusconf_DATA) $(pam_DATA) $(pkgconfig_DATA) $(service_DATA) +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +ALL_LINGUAS = @ALL_LINGUAS@ +AMTAR = @AMTAR@ +AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ +AR = @AR@ +AUTH_LIBS = @AUTH_LIBS@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +CATALOGS = @CATALOGS@ +CATOBJEXT = @CATOBJEXT@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DATADIRNAME = @DATADIRNAME@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +EXPAT_LIBS = @EXPAT_LIBS@ +FGREP = @FGREP@ +GETTEXT_PACKAGE = @GETTEXT_PACKAGE@ +GLIB_CFLAGS = @GLIB_CFLAGS@ +GLIB_LIBS = @GLIB_LIBS@ +GMOFILES = @GMOFILES@ +GMSGFMT = @GMSGFMT@ +GREP = @GREP@ +GTKDOC_CHECK = @GTKDOC_CHECK@ +GTKDOC_DEPS_CFLAGS = @GTKDOC_DEPS_CFLAGS@ +GTKDOC_DEPS_LIBS = @GTKDOC_DEPS_LIBS@ +GTKDOC_MKPDF = @GTKDOC_MKPDF@ +GTKDOC_REBASE = @GTKDOC_REBASE@ +HAVE_PAM = @HAVE_PAM@ +HTML_DIR = @HTML_DIR@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +INSTOBJEXT = @INSTOBJEXT@ +INTLLIBS = @INTLLIBS@ +INTLTOOL_EXTRACT = @INTLTOOL_EXTRACT@ +INTLTOOL_MERGE = @INTLTOOL_MERGE@ +INTLTOOL_PERL = @INTLTOOL_PERL@ +INTLTOOL_UPDATE = @INTLTOOL_UPDATE@ +INTLTOOL_V_MERGE = @INTLTOOL_V_MERGE@ +INTLTOOL_V_MERGE_OPTIONS = @INTLTOOL_V_MERGE_OPTIONS@ +INTLTOOL__v_MERGE_ = @INTLTOOL__v_MERGE_@ +INTLTOOL__v_MERGE_0 = @INTLTOOL__v_MERGE_0@ +INTROSPECTION_CFLAGS = @INTROSPECTION_CFLAGS@ +INTROSPECTION_COMPILER = @INTROSPECTION_COMPILER@ +INTROSPECTION_GENERATE = @INTROSPECTION_GENERATE@ +INTROSPECTION_GIRDIR = @INTROSPECTION_GIRDIR@ +INTROSPECTION_LIBS = @INTROSPECTION_LIBS@ +INTROSPECTION_MAKEFILE = @INTROSPECTION_MAKEFILE@ +INTROSPECTION_SCANNER = @INTROSPECTION_SCANNER@ +INTROSPECTION_TYPELIBDIR = @INTROSPECTION_TYPELIBDIR@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +LT_AGE = @LT_AGE@ +LT_CURRENT = @LT_CURRENT@ +LT_REVISION = @LT_REVISION@ +MAINT = @MAINT@ +MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ +MKDIR_P = @MKDIR_P@ +MKINSTALLDIRS = @MKINSTALLDIRS@ +MSGFMT = @MSGFMT@ +MSGFMT_OPTS = @MSGFMT_OPTS@ +MSGMERGE = @MSGMERGE@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PAM_FILE_INCLUDE_ACCOUNT = @PAM_FILE_INCLUDE_ACCOUNT@ +PAM_FILE_INCLUDE_AUTH = @PAM_FILE_INCLUDE_AUTH@ +PAM_FILE_INCLUDE_PASSWORD = @PAM_FILE_INCLUDE_PASSWORD@ +PAM_FILE_INCLUDE_SESSION = @PAM_FILE_INCLUDE_SESSION@ +PAM_MODULE_DIR = @PAM_MODULE_DIR@ +PAM_PREFIX = @PAM_PREFIX@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +POFILES = @POFILES@ +POLKIT_AUTHFW = @POLKIT_AUTHFW@ +POSUB = @POSUB@ +PO_IN_DATADIR_FALSE = @PO_IN_DATADIR_FALSE@ +PO_IN_DATADIR_TRUE = @PO_IN_DATADIR_TRUE@ +RANLIB = @RANLIB@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +STRIP = @STRIP@ +SYSTEMD_CFLAGS = @SYSTEMD_CFLAGS@ +SYSTEMD_LIBS = @SYSTEMD_LIBS@ +USE_NLS = @USE_NLS@ +VERSION = @VERSION@ +XGETTEXT = @XGETTEXT@ +XSLTPROC = @XSLTPROC@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +intltool__v_merge_options_ = @intltool__v_merge_options_@ +intltool__v_merge_options_0 = @intltool__v_merge_options_0@ +libdir = @libdir@ +libexecdir = @libexecdir@ +localedir = @localedir@ +localstatedir = @localstatedir@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +subdirs = @subdirs@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +NULL = +servicedir = $(datadir)/dbus-1/system-services +service_in_files = org.freedesktop.PolicyKit1.service.in +service_DATA = $(service_in_files:.service.in=.service) +dbusconfdir = $(sysconfdir)/dbus-1/system.d +dbusconf_DATA = org.freedesktop.PolicyKit1.conf +@POLKIT_AUTHFW_PAM_TRUE@pamdir = $(sysconfdir)/pam.d +@POLKIT_AUTHFW_PAM_TRUE@pam_DATA = polkit-1 +pkgconfigdir = $(libdir)/pkgconfig +pkgconfig_DATA = polkit-gobject-1.pc polkit-backend-1.pc polkit-agent-1.pc +CLEANFILES = $(BUILT_SOURCES) +EXTRA_DIST = \ + org.freedesktop.PolicyKit1.Authority.xml \ + org.freedesktop.PolicyKit1.AuthenticationAgent.xml \ + $(service_in_files) \ + $(dbusconf_DATA) \ + $(NULL) + +all: all-am + +.SUFFIXES: +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu data/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu data/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): +polkit-1: $(top_builddir)/config.status $(srcdir)/polkit-1.in + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ +polkit-gobject-1.pc: $(top_builddir)/config.status $(srcdir)/polkit-gobject-1.pc.in + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ +polkit-backend-1.pc: $(top_builddir)/config.status $(srcdir)/polkit-backend-1.pc.in + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ +polkit-agent-1.pc: $(top_builddir)/config.status $(srcdir)/polkit-agent-1.pc.in + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs +install-dbusconfDATA: $(dbusconf_DATA) + @$(NORMAL_INSTALL) + test -z "$(dbusconfdir)" || $(MKDIR_P) "$(DESTDIR)$(dbusconfdir)" + @list='$(dbusconf_DATA)'; test -n "$(dbusconfdir)" || list=; \ + for p in $$list; do \ + if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; \ + done | $(am__base_list) | \ + while read files; do \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(dbusconfdir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(dbusconfdir)" || exit $$?; \ + done + +uninstall-dbusconfDATA: + @$(NORMAL_UNINSTALL) + @list='$(dbusconf_DATA)'; test -n "$(dbusconfdir)" || list=; \ + files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ + dir='$(DESTDIR)$(dbusconfdir)'; $(am__uninstall_files_from_dir) +install-pamDATA: $(pam_DATA) + @$(NORMAL_INSTALL) + test -z "$(pamdir)" || $(MKDIR_P) "$(DESTDIR)$(pamdir)" + @list='$(pam_DATA)'; test -n "$(pamdir)" || list=; \ + for p in $$list; do \ + if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; \ + done | $(am__base_list) | \ + while read files; do \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(pamdir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(pamdir)" || exit $$?; \ + done + +uninstall-pamDATA: + @$(NORMAL_UNINSTALL) + @list='$(pam_DATA)'; test -n "$(pamdir)" || list=; \ + files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ + dir='$(DESTDIR)$(pamdir)'; $(am__uninstall_files_from_dir) +install-pkgconfigDATA: $(pkgconfig_DATA) + @$(NORMAL_INSTALL) + test -z "$(pkgconfigdir)" || $(MKDIR_P) "$(DESTDIR)$(pkgconfigdir)" + @list='$(pkgconfig_DATA)'; test -n "$(pkgconfigdir)" || list=; \ + for p in $$list; do \ + if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; \ + done | $(am__base_list) | \ + while read files; do \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(pkgconfigdir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(pkgconfigdir)" || exit $$?; \ + done + +uninstall-pkgconfigDATA: + @$(NORMAL_UNINSTALL) + @list='$(pkgconfig_DATA)'; test -n "$(pkgconfigdir)" || list=; \ + files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ + dir='$(DESTDIR)$(pkgconfigdir)'; $(am__uninstall_files_from_dir) +install-serviceDATA: $(service_DATA) + @$(NORMAL_INSTALL) + test -z "$(servicedir)" || $(MKDIR_P) "$(DESTDIR)$(servicedir)" + @list='$(service_DATA)'; test -n "$(servicedir)" || list=; \ + for p in $$list; do \ + if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; \ + done | $(am__base_list) | \ + while read files; do \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(servicedir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(servicedir)" || exit $$?; \ + done + +uninstall-serviceDATA: + @$(NORMAL_UNINSTALL) + @list='$(service_DATA)'; test -n "$(servicedir)" || list=; \ + files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ + dir='$(DESTDIR)$(servicedir)'; $(am__uninstall_files_from_dir) +tags: TAGS +TAGS: + +ctags: CTAGS +CTAGS: + + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile $(DATA) +installdirs: + for dir in "$(DESTDIR)$(dbusconfdir)" "$(DESTDIR)$(pamdir)" "$(DESTDIR)$(pkgconfigdir)" "$(DESTDIR)$(servicedir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + if test -z '$(STRIP)'; then \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + install; \ + else \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ + fi +mostlyclean-generic: + +clean-generic: + -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic clean-libtool clean-local mostlyclean-am + +distclean: distclean-am + -rm -f Makefile +distclean-am: clean-am distclean-generic + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: install-dbusconfDATA install-pamDATA \ + install-pkgconfigDATA install-serviceDATA + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-generic mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-dbusconfDATA uninstall-pamDATA \ + uninstall-pkgconfigDATA uninstall-serviceDATA + +.MAKE: install-am install-strip + +.PHONY: all all-am check check-am clean clean-generic clean-libtool \ + clean-local distclean distclean-generic distclean-libtool \ + distdir dvi dvi-am html html-am info info-am install \ + install-am install-data install-data-am install-dbusconfDATA \ + install-dvi install-dvi-am install-exec install-exec-am \ + install-html install-html-am install-info install-info-am \ + install-man install-pamDATA install-pdf install-pdf-am \ + install-pkgconfigDATA install-ps install-ps-am \ + install-serviceDATA install-strip installcheck installcheck-am \ + installdirs maintainer-clean maintainer-clean-generic \ + mostlyclean mostlyclean-generic mostlyclean-libtool pdf pdf-am \ + ps ps-am uninstall uninstall-am uninstall-dbusconfDATA \ + uninstall-pamDATA uninstall-pkgconfigDATA \ + uninstall-serviceDATA + + +$(service_DATA): $(service_in_files) Makefile + @sed -e "s|\@libexecdir\@|$(libexecdir)|" $< > $@ + +clean-local : + rm -f *~ $(service_DATA) + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml b/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml new file mode 100644 index 00000000..3b519c2f --- /dev/null +++ b/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml @@ -0,0 +1,49 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/data/org.freedesktop.PolicyKit1.Authority.xml b/data/org.freedesktop.PolicyKit1.Authority.xml new file mode 100644 index 00000000..fbfb9cdc --- /dev/null +++ b/data/org.freedesktop.PolicyKit1.Authority.xml @@ -0,0 +1,413 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/data/org.freedesktop.PolicyKit1.conf b/data/org.freedesktop.PolicyKit1.conf new file mode 100644 index 00000000..c8ef513e --- /dev/null +++ b/data/org.freedesktop.PolicyKit1.conf @@ -0,0 +1,20 @@ + + + + + + + + + + + + + + + + + + diff --git a/data/org.freedesktop.PolicyKit1.service.in b/data/org.freedesktop.PolicyKit1.service.in new file mode 100644 index 00000000..b6cd02b6 --- /dev/null +++ b/data/org.freedesktop.PolicyKit1.service.in @@ -0,0 +1,4 @@ +[D-BUS Service] +Name=org.freedesktop.PolicyKit1 +Exec=@libexecdir@/polkitd --no-debug +User=root diff --git a/data/polkit-1.in b/data/polkit-1.in new file mode 100644 index 00000000..142dadd3 --- /dev/null +++ b/data/polkit-1.in @@ -0,0 +1,6 @@ +#%PAM-1.0 + +auth include @PAM_FILE_INCLUDE_AUTH@ +account include @PAM_FILE_INCLUDE_ACCOUNT@ +password include @PAM_FILE_INCLUDE_PASSWORD@ +session include @PAM_FILE_INCLUDE_SESSION@ diff --git a/data/polkit-agent-1.pc.in b/data/polkit-agent-1.pc.in new file mode 100644 index 00000000..6402c2f8 --- /dev/null +++ b/data/polkit-agent-1.pc.in @@ -0,0 +1,11 @@ +prefix=@prefix@ +exec_prefix=@exec_prefix@ +libdir=@libdir@ +includedir=@includedir@ + +Name: polkit-agent-1 +Description: PolicyKit Authentication Agent API +Version: @VERSION@ +Libs: -L${libdir} -lpolkit-agent-1 +Cflags: -I${includedir}/polkit-1 +Requires: polkit-gobject-1 diff --git a/data/polkit-backend-1.pc.in b/data/polkit-backend-1.pc.in new file mode 100644 index 00000000..7f6197d9 --- /dev/null +++ b/data/polkit-backend-1.pc.in @@ -0,0 +1,11 @@ +prefix=@prefix@ +exec_prefix=@exec_prefix@ +libdir=@libdir@ +includedir=@includedir@ + +Name: polkit-backend-1 +Description: PolicyKit Backend API +Version: @VERSION@ +Libs: -L${libdir} -lpolkit-backend-1 +Cflags: -I${includedir}/polkit-1 +Requires: polkit-gobject-1 diff --git a/data/polkit-gobject-1.pc.in b/data/polkit-gobject-1.pc.in new file mode 100644 index 00000000..c39677dd --- /dev/null +++ b/data/polkit-gobject-1.pc.in @@ -0,0 +1,13 @@ +prefix=@prefix@ +exec_prefix=@exec_prefix@ +libdir=@libdir@ +includedir=@includedir@ +policydir=@datarootdir@/polkit-1/actions/ +actiondir=@datarootdir@/polkit-1/actions/ + +Name: polkit-gobject-1 +Description: PolicyKit Authorization API +Version: @VERSION@ +Libs: -L${libdir} -lpolkit-gobject-1 +Cflags: -I${includedir}/polkit-1 +Requires: gio-2.0 >= 2.18 glib-2.0 >= 2.18 diff --git a/depcomp b/depcomp new file mode 100755 index 00000000..bd0ac089 --- /dev/null +++ b/depcomp @@ -0,0 +1,688 @@ +#! /bin/sh +# depcomp - compile a program generating dependencies as side-effects + +scriptversion=2011-12-04.11; # UTC + +# Copyright (C) 1999, 2000, 2003, 2004, 2005, 2006, 2007, 2009, 2010, +# 2011 Free Software Foundation, Inc. + +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2, or (at your option) +# any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +# As a special exception to the GNU General Public License, if you +# distribute this file as part of a program that contains a +# configuration script generated by Autoconf, you may include it under +# the same distribution terms that you use for the rest of that program. + +# Originally written by Alexandre Oliva . + +case $1 in + '') + echo "$0: No command. Try \`$0 --help' for more information." 1>&2 + exit 1; + ;; + -h | --h*) + cat <<\EOF +Usage: depcomp [--help] [--version] PROGRAM [ARGS] + +Run PROGRAMS ARGS to compile a file, generating dependencies +as side-effects. + +Environment variables: + depmode Dependency tracking mode. + source Source file read by `PROGRAMS ARGS'. + object Object file output by `PROGRAMS ARGS'. + DEPDIR directory where to store dependencies. + depfile Dependency file to output. + tmpdepfile Temporary file to use when outputting dependencies. + libtool Whether libtool is used (yes/no). + +Report bugs to . +EOF + exit $? + ;; + -v | --v*) + echo "depcomp $scriptversion" + exit $? + ;; +esac + +if test -z "$depmode" || test -z "$source" || test -z "$object"; then + echo "depcomp: Variables source, object and depmode must be set" 1>&2 + exit 1 +fi + +# Dependencies for sub/bar.o or sub/bar.obj go into sub/.deps/bar.Po. +depfile=${depfile-`echo "$object" | + sed 's|[^\\/]*$|'${DEPDIR-.deps}'/&|;s|\.\([^.]*\)$|.P\1|;s|Pobj$|Po|'`} +tmpdepfile=${tmpdepfile-`echo "$depfile" | sed 's/\.\([^.]*\)$/.T\1/'`} + +rm -f "$tmpdepfile" + +# Some modes work just like other modes, but use different flags. We +# parameterize here, but still list the modes in the big case below, +# to make depend.m4 easier to write. Note that we *cannot* use a case +# here, because this file can only contain one case statement. +if test "$depmode" = hp; then + # HP compiler uses -M and no extra arg. + gccflag=-M + depmode=gcc +fi + +if test "$depmode" = dashXmstdout; then + # This is just like dashmstdout with a different argument. + dashmflag=-xM + depmode=dashmstdout +fi + +cygpath_u="cygpath -u -f -" +if test "$depmode" = msvcmsys; then + # This is just like msvisualcpp but w/o cygpath translation. + # Just convert the backslash-escaped backslashes to single forward + # slashes to satisfy depend.m4 + cygpath_u='sed s,\\\\,/,g' + depmode=msvisualcpp +fi + +if test "$depmode" = msvc7msys; then + # This is just like msvc7 but w/o cygpath translation. + # Just convert the backslash-escaped backslashes to single forward + # slashes to satisfy depend.m4 + cygpath_u='sed s,\\\\,/,g' + depmode=msvc7 +fi + +case "$depmode" in +gcc3) +## gcc 3 implements dependency tracking that does exactly what +## we want. Yay! Note: for some reason libtool 1.4 doesn't like +## it if -MD -MP comes after the -MF stuff. Hmm. +## Unfortunately, FreeBSD c89 acceptance of flags depends upon +## the command line argument order; so add the flags where they +## appear in depend2.am. Note that the slowdown incurred here +## affects only configure: in makefiles, %FASTDEP% shortcuts this. + for arg + do + case $arg in + -c) set fnord "$@" -MT "$object" -MD -MP -MF "$tmpdepfile" "$arg" ;; + *) set fnord "$@" "$arg" ;; + esac + shift # fnord + shift # $arg + done + "$@" + stat=$? + if test $stat -eq 0; then : + else + rm -f "$tmpdepfile" + exit $stat + fi + mv "$tmpdepfile" "$depfile" + ;; + +gcc) +## There are various ways to get dependency output from gcc. Here's +## why we pick this rather obscure method: +## - Don't want to use -MD because we'd like the dependencies to end +## up in a subdir. Having to rename by hand is ugly. +## (We might end up doing this anyway to support other compilers.) +## - The DEPENDENCIES_OUTPUT environment variable makes gcc act like +## -MM, not -M (despite what the docs say). +## - Using -M directly means running the compiler twice (even worse +## than renaming). + if test -z "$gccflag"; then + gccflag=-MD, + fi + "$@" -Wp,"$gccflag$tmpdepfile" + stat=$? + if test $stat -eq 0; then : + else + rm -f "$tmpdepfile" + exit $stat + fi + rm -f "$depfile" + echo "$object : \\" > "$depfile" + alpha=ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz +## The second -e expression handles DOS-style file names with drive letters. + sed -e 's/^[^:]*: / /' \ + -e 's/^['$alpha']:\/[^:]*: / /' < "$tmpdepfile" >> "$depfile" +## This next piece of magic avoids the `deleted header file' problem. +## The problem is that when a header file which appears in a .P file +## is deleted, the dependency causes make to die (because there is +## typically no way to rebuild the header). We avoid this by adding +## dummy dependencies for each header file. Too bad gcc doesn't do +## this for us directly. + tr ' ' ' +' < "$tmpdepfile" | +## Some versions of gcc put a space before the `:'. On the theory +## that the space means something, we add a space to the output as +## well. hp depmode also adds that space, but also prefixes the VPATH +## to the object. Take care to not repeat it in the output. +## Some versions of the HPUX 10.20 sed can't process this invocation +## correctly. Breaking it into two sed invocations is a workaround. + sed -e 's/^\\$//' -e '/^$/d' -e "s|.*$object$||" -e '/:$/d' \ + | sed -e 's/$/ :/' >> "$depfile" + rm -f "$tmpdepfile" + ;; + +hp) + # This case exists only to let depend.m4 do its work. It works by + # looking at the text of this script. This case will never be run, + # since it is checked for above. + exit 1 + ;; + +sgi) + if test "$libtool" = yes; then + "$@" "-Wp,-MDupdate,$tmpdepfile" + else + "$@" -MDupdate "$tmpdepfile" + fi + stat=$? + if test $stat -eq 0; then : + else + rm -f "$tmpdepfile" + exit $stat + fi + rm -f "$depfile" + + if test -f "$tmpdepfile"; then # yes, the sourcefile depend on other files + echo "$object : \\" > "$depfile" + + # Clip off the initial element (the dependent). Don't try to be + # clever and replace this with sed code, as IRIX sed won't handle + # lines with more than a fixed number of characters (4096 in + # IRIX 6.2 sed, 8192 in IRIX 6.5). We also remove comment lines; + # the IRIX cc adds comments like `#:fec' to the end of the + # dependency line. + tr ' ' ' +' < "$tmpdepfile" \ + | sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' | \ + tr ' +' ' ' >> "$depfile" + echo >> "$depfile" + + # The second pass generates a dummy entry for each header file. + tr ' ' ' +' < "$tmpdepfile" \ + | sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' -e 's/$/:/' \ + >> "$depfile" + else + # The sourcefile does not contain any dependencies, so just + # store a dummy comment line, to avoid errors with the Makefile + # "include basename.Plo" scheme. + echo "#dummy" > "$depfile" + fi + rm -f "$tmpdepfile" + ;; + +aix) + # The C for AIX Compiler uses -M and outputs the dependencies + # in a .u file. In older versions, this file always lives in the + # current directory. Also, the AIX compiler puts `$object:' at the + # start of each line; $object doesn't have directory information. + # Version 6 uses the directory in both cases. + dir=`echo "$object" | sed -e 's|/[^/]*$|/|'` + test "x$dir" = "x$object" && dir= + base=`echo "$object" | sed -e 's|^.*/||' -e 's/\.o$//' -e 's/\.lo$//'` + if test "$libtool" = yes; then + tmpdepfile1=$dir$base.u + tmpdepfile2=$base.u + tmpdepfile3=$dir.libs/$base.u + "$@" -Wc,-M + else + tmpdepfile1=$dir$base.u + tmpdepfile2=$dir$base.u + tmpdepfile3=$dir$base.u + "$@" -M + fi + stat=$? + + if test $stat -eq 0; then : + else + rm -f "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3" + exit $stat + fi + + for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3" + do + test -f "$tmpdepfile" && break + done + if test -f "$tmpdepfile"; then + # Each line is of the form `foo.o: dependent.h'. + # Do two passes, one to just change these to + # `$object: dependent.h' and one to simply `dependent.h:'. + sed -e "s,^.*\.[a-z]*:,$object:," < "$tmpdepfile" > "$depfile" + # That's a tab and a space in the []. + sed -e 's,^.*\.[a-z]*:[ ]*,,' -e 's,$,:,' < "$tmpdepfile" >> "$depfile" + else + # The sourcefile does not contain any dependencies, so just + # store a dummy comment line, to avoid errors with the Makefile + # "include basename.Plo" scheme. + echo "#dummy" > "$depfile" + fi + rm -f "$tmpdepfile" + ;; + +icc) + # Intel's C compiler understands `-MD -MF file'. However on + # icc -MD -MF foo.d -c -o sub/foo.o sub/foo.c + # ICC 7.0 will fill foo.d with something like + # foo.o: sub/foo.c + # foo.o: sub/foo.h + # which is wrong. We want: + # sub/foo.o: sub/foo.c + # sub/foo.o: sub/foo.h + # sub/foo.c: + # sub/foo.h: + # ICC 7.1 will output + # foo.o: sub/foo.c sub/foo.h + # and will wrap long lines using \ : + # foo.o: sub/foo.c ... \ + # sub/foo.h ... \ + # ... + + "$@" -MD -MF "$tmpdepfile" + stat=$? + if test $stat -eq 0; then : + else + rm -f "$tmpdepfile" + exit $stat + fi + rm -f "$depfile" + # Each line is of the form `foo.o: dependent.h', + # or `foo.o: dep1.h dep2.h \', or ` dep3.h dep4.h \'. + # Do two passes, one to just change these to + # `$object: dependent.h' and one to simply `dependent.h:'. + sed "s,^[^:]*:,$object :," < "$tmpdepfile" > "$depfile" + # Some versions of the HPUX 10.20 sed can't process this invocation + # correctly. Breaking it into two sed invocations is a workaround. + sed 's,^[^:]*: \(.*\)$,\1,;s/^\\$//;/^$/d;/:$/d' < "$tmpdepfile" | + sed -e 's/$/ :/' >> "$depfile" + rm -f "$tmpdepfile" + ;; + +hp2) + # The "hp" stanza above does not work with aCC (C++) and HP's ia64 + # compilers, which have integrated preprocessors. The correct option + # to use with these is +Maked; it writes dependencies to a file named + # 'foo.d', which lands next to the object file, wherever that + # happens to be. + # Much of this is similar to the tru64 case; see comments there. + dir=`echo "$object" | sed -e 's|/[^/]*$|/|'` + test "x$dir" = "x$object" && dir= + base=`echo "$object" | sed -e 's|^.*/||' -e 's/\.o$//' -e 's/\.lo$//'` + if test "$libtool" = yes; then + tmpdepfile1=$dir$base.d + tmpdepfile2=$dir.libs/$base.d + "$@" -Wc,+Maked + else + tmpdepfile1=$dir$base.d + tmpdepfile2=$dir$base.d + "$@" +Maked + fi + stat=$? + if test $stat -eq 0; then : + else + rm -f "$tmpdepfile1" "$tmpdepfile2" + exit $stat + fi + + for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2" + do + test -f "$tmpdepfile" && break + done + if test -f "$tmpdepfile"; then + sed -e "s,^.*\.[a-z]*:,$object:," "$tmpdepfile" > "$depfile" + # Add `dependent.h:' lines. + sed -ne '2,${ + s/^ *// + s/ \\*$// + s/$/:/ + p + }' "$tmpdepfile" >> "$depfile" + else + echo "#dummy" > "$depfile" + fi + rm -f "$tmpdepfile" "$tmpdepfile2" + ;; + +tru64) + # The Tru64 compiler uses -MD to generate dependencies as a side + # effect. `cc -MD -o foo.o ...' puts the dependencies into `foo.o.d'. + # At least on Alpha/Redhat 6.1, Compaq CCC V6.2-504 seems to put + # dependencies in `foo.d' instead, so we check for that too. + # Subdirectories are respected. + dir=`echo "$object" | sed -e 's|/[^/]*$|/|'` + test "x$dir" = "x$object" && dir= + base=`echo "$object" | sed -e 's|^.*/||' -e 's/\.o$//' -e 's/\.lo$//'` + + if test "$libtool" = yes; then + # With Tru64 cc, shared objects can also be used to make a + # static library. This mechanism is used in libtool 1.4 series to + # handle both shared and static libraries in a single compilation. + # With libtool 1.4, dependencies were output in $dir.libs/$base.lo.d. + # + # With libtool 1.5 this exception was removed, and libtool now + # generates 2 separate objects for the 2 libraries. These two + # compilations output dependencies in $dir.libs/$base.o.d and + # in $dir$base.o.d. We have to check for both files, because + # one of the two compilations can be disabled. We should prefer + # $dir$base.o.d over $dir.libs/$base.o.d because the latter is + # automatically cleaned when .libs/ is deleted, while ignoring + # the former would cause a distcleancheck panic. + tmpdepfile1=$dir.libs/$base.lo.d # libtool 1.4 + tmpdepfile2=$dir$base.o.d # libtool 1.5 + tmpdepfile3=$dir.libs/$base.o.d # libtool 1.5 + tmpdepfile4=$dir.libs/$base.d # Compaq CCC V6.2-504 + "$@" -Wc,-MD + else + tmpdepfile1=$dir$base.o.d + tmpdepfile2=$dir$base.d + tmpdepfile3=$dir$base.d + tmpdepfile4=$dir$base.d + "$@" -MD + fi + + stat=$? + if test $stat -eq 0; then : + else + rm -f "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3" "$tmpdepfile4" + exit $stat + fi + + for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3" "$tmpdepfile4" + do + test -f "$tmpdepfile" && break + done + if test -f "$tmpdepfile"; then + sed -e "s,^.*\.[a-z]*:,$object:," < "$tmpdepfile" > "$depfile" + # That's a tab and a space in the []. + sed -e 's,^.*\.[a-z]*:[ ]*,,' -e 's,$,:,' < "$tmpdepfile" >> "$depfile" + else + echo "#dummy" > "$depfile" + fi + rm -f "$tmpdepfile" + ;; + +msvc7) + if test "$libtool" = yes; then + showIncludes=-Wc,-showIncludes + else + showIncludes=-showIncludes + fi + "$@" $showIncludes > "$tmpdepfile" + stat=$? + grep -v '^Note: including file: ' "$tmpdepfile" + if test "$stat" = 0; then : + else + rm -f "$tmpdepfile" + exit $stat + fi + rm -f "$depfile" + echo "$object : \\" > "$depfile" + # The first sed program below extracts the file names and escapes + # backslashes for cygpath. The second sed program outputs the file + # name when reading, but also accumulates all include files in the + # hold buffer in order to output them again at the end. This only + # works with sed implementations that can handle large buffers. + sed < "$tmpdepfile" -n ' +/^Note: including file: *\(.*\)/ { + s//\1/ + s/\\/\\\\/g + p +}' | $cygpath_u | sort -u | sed -n ' +s/ /\\ /g +s/\(.*\)/ \1 \\/p +s/.\(.*\) \\/\1:/ +H +$ { + s/.*/ / + G + p +}' >> "$depfile" + rm -f "$tmpdepfile" + ;; + +msvc7msys) + # This case exists only to let depend.m4 do its work. It works by + # looking at the text of this script. This case will never be run, + # since it is checked for above. + exit 1 + ;; + +#nosideeffect) + # This comment above is used by automake to tell side-effect + # dependency tracking mechanisms from slower ones. + +dashmstdout) + # Important note: in order to support this mode, a compiler *must* + # always write the preprocessed file to stdout, regardless of -o. + "$@" || exit $? + + # Remove the call to Libtool. + if test "$libtool" = yes; then + while test "X$1" != 'X--mode=compile'; do + shift + done + shift + fi + + # Remove `-o $object'. + IFS=" " + for arg + do + case $arg in + -o) + shift + ;; + $object) + shift + ;; + *) + set fnord "$@" "$arg" + shift # fnord + shift # $arg + ;; + esac + done + + test -z "$dashmflag" && dashmflag=-M + # Require at least two characters before searching for `:' + # in the target name. This is to cope with DOS-style filenames: + # a dependency such as `c:/foo/bar' could be seen as target `c' otherwise. + "$@" $dashmflag | + sed 's:^[ ]*[^: ][^:][^:]*\:[ ]*:'"$object"'\: :' > "$tmpdepfile" + rm -f "$depfile" + cat < "$tmpdepfile" > "$depfile" + tr ' ' ' +' < "$tmpdepfile" | \ +## Some versions of the HPUX 10.20 sed can't process this invocation +## correctly. Breaking it into two sed invocations is a workaround. + sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' | sed -e 's/$/ :/' >> "$depfile" + rm -f "$tmpdepfile" + ;; + +dashXmstdout) + # This case only exists to satisfy depend.m4. It is never actually + # run, as this mode is specially recognized in the preamble. + exit 1 + ;; + +makedepend) + "$@" || exit $? + # Remove any Libtool call + if test "$libtool" = yes; then + while test "X$1" != 'X--mode=compile'; do + shift + done + shift + fi + # X makedepend + shift + cleared=no eat=no + for arg + do + case $cleared in + no) + set ""; shift + cleared=yes ;; + esac + if test $eat = yes; then + eat=no + continue + fi + case "$arg" in + -D*|-I*) + set fnord "$@" "$arg"; shift ;; + # Strip any option that makedepend may not understand. Remove + # the object too, otherwise makedepend will parse it as a source file. + -arch) + eat=yes ;; + -*|$object) + ;; + *) + set fnord "$@" "$arg"; shift ;; + esac + done + obj_suffix=`echo "$object" | sed 's/^.*\././'` + touch "$tmpdepfile" + ${MAKEDEPEND-makedepend} -o"$obj_suffix" -f"$tmpdepfile" "$@" + rm -f "$depfile" + # makedepend may prepend the VPATH from the source file name to the object. + # No need to regex-escape $object, excess matching of '.' is harmless. + sed "s|^.*\($object *:\)|\1|" "$tmpdepfile" > "$depfile" + sed '1,2d' "$tmpdepfile" | tr ' ' ' +' | \ +## Some versions of the HPUX 10.20 sed can't process this invocation +## correctly. Breaking it into two sed invocations is a workaround. + sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' | sed -e 's/$/ :/' >> "$depfile" + rm -f "$tmpdepfile" "$tmpdepfile".bak + ;; + +cpp) + # Important note: in order to support this mode, a compiler *must* + # always write the preprocessed file to stdout. + "$@" || exit $? + + # Remove the call to Libtool. + if test "$libtool" = yes; then + while test "X$1" != 'X--mode=compile'; do + shift + done + shift + fi + + # Remove `-o $object'. + IFS=" " + for arg + do + case $arg in + -o) + shift + ;; + $object) + shift + ;; + *) + set fnord "$@" "$arg" + shift # fnord + shift # $arg + ;; + esac + done + + "$@" -E | + sed -n -e '/^# [0-9][0-9]* "\([^"]*\)".*/ s:: \1 \\:p' \ + -e '/^#line [0-9][0-9]* "\([^"]*\)".*/ s:: \1 \\:p' | + sed '$ s: \\$::' > "$tmpdepfile" + rm -f "$depfile" + echo "$object : \\" > "$depfile" + cat < "$tmpdepfile" >> "$depfile" + sed < "$tmpdepfile" '/^$/d;s/^ //;s/ \\$//;s/$/ :/' >> "$depfile" + rm -f "$tmpdepfile" + ;; + +msvisualcpp) + # Important note: in order to support this mode, a compiler *must* + # always write the preprocessed file to stdout. + "$@" || exit $? + + # Remove the call to Libtool. + if test "$libtool" = yes; then + while test "X$1" != 'X--mode=compile'; do + shift + done + shift + fi + + IFS=" " + for arg + do + case "$arg" in + -o) + shift + ;; + $object) + shift + ;; + "-Gm"|"/Gm"|"-Gi"|"/Gi"|"-ZI"|"/ZI") + set fnord "$@" + shift + shift + ;; + *) + set fnord "$@" "$arg" + shift + shift + ;; + esac + done + "$@" -E 2>/dev/null | + sed -n '/^#line [0-9][0-9]* "\([^"]*\)"/ s::\1:p' | $cygpath_u | sort -u > "$tmpdepfile" + rm -f "$depfile" + echo "$object : \\" > "$depfile" + sed < "$tmpdepfile" -n -e 's% %\\ %g' -e '/^\(.*\)$/ s:: \1 \\:p' >> "$depfile" + echo " " >> "$depfile" + sed < "$tmpdepfile" -n -e 's% %\\ %g' -e '/^\(.*\)$/ s::\1\::p' >> "$depfile" + rm -f "$tmpdepfile" + ;; + +msvcmsys) + # This case exists only to let depend.m4 do its work. It works by + # looking at the text of this script. This case will never be run, + # since it is checked for above. + exit 1 + ;; + +none) + exec "$@" + ;; + +*) + echo "Unknown depmode $depmode" 1>&2 + exit 1 + ;; +esac + +exit 0 + +# Local Variables: +# mode: shell-script +# sh-indentation: 2 +# eval: (add-hook 'write-file-hooks 'time-stamp) +# time-stamp-start: "scriptversion=" +# time-stamp-format: "%:y-%02m-%02d.%02H" +# time-stamp-time-zone: "UTC" +# time-stamp-end: "; # UTC" +# End: diff --git a/docs/Makefile.am b/docs/Makefile.am new file mode 100644 index 00000000..ccae4ce8 --- /dev/null +++ b/docs/Makefile.am @@ -0,0 +1,4 @@ + +SUBDIRS = man polkit + +EXTRA_DIST = version.xml.in diff --git a/docs/Makefile.in b/docs/Makefile.in new file mode 100644 index 00000000..4e8745b6 --- /dev/null +++ b/docs/Makefile.in @@ -0,0 +1,636 @@ +# Makefile.in generated by automake 1.11.3 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software +# Foundation, Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ +VPATH = @srcdir@ +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +subdir = docs +DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \ + $(srcdir)/extensiondir.xml.in $(srcdir)/version.xml.in TODO +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/config.h +CONFIG_CLEAN_FILES = version.xml extensiondir.xml +CONFIG_CLEAN_VPATH_FILES = +AM_V_GEN = $(am__v_GEN_@AM_V@) +am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) +am__v_GEN_0 = @echo " GEN " $@; +AM_V_at = $(am__v_at_@AM_V@) +am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) +am__v_at_0 = @ +SOURCES = +DIST_SOURCES = +RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \ + html-recursive info-recursive install-data-recursive \ + install-dvi-recursive install-exec-recursive \ + install-html-recursive install-info-recursive \ + install-pdf-recursive install-ps-recursive install-recursive \ + installcheck-recursive installdirs-recursive pdf-recursive \ + ps-recursive uninstall-recursive +RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \ + distclean-recursive maintainer-clean-recursive +AM_RECURSIVE_TARGETS = $(RECURSIVE_TARGETS:-recursive=) \ + $(RECURSIVE_CLEAN_TARGETS:-recursive=) tags TAGS ctags CTAGS \ + distdir +ETAGS = etags +CTAGS = ctags +DIST_SUBDIRS = $(SUBDIRS) +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +am__relativize = \ + dir0=`pwd`; \ + sed_first='s,^\([^/]*\)/.*$$,\1,'; \ + sed_rest='s,^[^/]*/*,,'; \ + sed_last='s,^.*/\([^/]*\)$$,\1,'; \ + sed_butlast='s,/*[^/]*$$,,'; \ + while test -n "$$dir1"; do \ + first=`echo "$$dir1" | sed -e "$$sed_first"`; \ + if test "$$first" != "."; then \ + if test "$$first" = ".."; then \ + dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \ + dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \ + else \ + first2=`echo "$$dir2" | sed -e "$$sed_first"`; \ + if test "$$first2" = "$$first"; then \ + dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \ + else \ + dir2="../$$dir2"; \ + fi; \ + dir0="$$dir0"/"$$first"; \ + fi; \ + fi; \ + dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \ + done; \ + reldir="$$dir2" +ACLOCAL = @ACLOCAL@ +ALL_LINGUAS = @ALL_LINGUAS@ +AMTAR = @AMTAR@ +AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ +AR = @AR@ +AUTH_LIBS = @AUTH_LIBS@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +CATALOGS = @CATALOGS@ +CATOBJEXT = @CATOBJEXT@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DATADIRNAME = @DATADIRNAME@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +EXPAT_LIBS = @EXPAT_LIBS@ +FGREP = @FGREP@ +GETTEXT_PACKAGE = @GETTEXT_PACKAGE@ +GLIB_CFLAGS = @GLIB_CFLAGS@ +GLIB_LIBS = @GLIB_LIBS@ +GMOFILES = @GMOFILES@ +GMSGFMT = @GMSGFMT@ +GREP = @GREP@ +GTKDOC_CHECK = @GTKDOC_CHECK@ +GTKDOC_DEPS_CFLAGS = @GTKDOC_DEPS_CFLAGS@ +GTKDOC_DEPS_LIBS = @GTKDOC_DEPS_LIBS@ +GTKDOC_MKPDF = @GTKDOC_MKPDF@ +GTKDOC_REBASE = @GTKDOC_REBASE@ +HAVE_PAM = @HAVE_PAM@ +HTML_DIR = @HTML_DIR@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +INSTOBJEXT = @INSTOBJEXT@ +INTLLIBS = @INTLLIBS@ +INTLTOOL_EXTRACT = @INTLTOOL_EXTRACT@ +INTLTOOL_MERGE = @INTLTOOL_MERGE@ +INTLTOOL_PERL = @INTLTOOL_PERL@ +INTLTOOL_UPDATE = @INTLTOOL_UPDATE@ +INTLTOOL_V_MERGE = @INTLTOOL_V_MERGE@ +INTLTOOL_V_MERGE_OPTIONS = @INTLTOOL_V_MERGE_OPTIONS@ +INTLTOOL__v_MERGE_ = @INTLTOOL__v_MERGE_@ +INTLTOOL__v_MERGE_0 = @INTLTOOL__v_MERGE_0@ +INTROSPECTION_CFLAGS = @INTROSPECTION_CFLAGS@ +INTROSPECTION_COMPILER = @INTROSPECTION_COMPILER@ +INTROSPECTION_GENERATE = @INTROSPECTION_GENERATE@ +INTROSPECTION_GIRDIR = @INTROSPECTION_GIRDIR@ +INTROSPECTION_LIBS = @INTROSPECTION_LIBS@ +INTROSPECTION_MAKEFILE = @INTROSPECTION_MAKEFILE@ +INTROSPECTION_SCANNER = @INTROSPECTION_SCANNER@ +INTROSPECTION_TYPELIBDIR = @INTROSPECTION_TYPELIBDIR@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +LT_AGE = @LT_AGE@ +LT_CURRENT = @LT_CURRENT@ +LT_REVISION = @LT_REVISION@ +MAINT = @MAINT@ +MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ +MKDIR_P = @MKDIR_P@ +MKINSTALLDIRS = @MKINSTALLDIRS@ +MSGFMT = @MSGFMT@ +MSGFMT_OPTS = @MSGFMT_OPTS@ +MSGMERGE = @MSGMERGE@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PAM_FILE_INCLUDE_ACCOUNT = @PAM_FILE_INCLUDE_ACCOUNT@ +PAM_FILE_INCLUDE_AUTH = @PAM_FILE_INCLUDE_AUTH@ +PAM_FILE_INCLUDE_PASSWORD = @PAM_FILE_INCLUDE_PASSWORD@ +PAM_FILE_INCLUDE_SESSION = @PAM_FILE_INCLUDE_SESSION@ +PAM_MODULE_DIR = @PAM_MODULE_DIR@ +PAM_PREFIX = @PAM_PREFIX@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +POFILES = @POFILES@ +POLKIT_AUTHFW = @POLKIT_AUTHFW@ +POSUB = @POSUB@ +PO_IN_DATADIR_FALSE = @PO_IN_DATADIR_FALSE@ +PO_IN_DATADIR_TRUE = @PO_IN_DATADIR_TRUE@ +RANLIB = @RANLIB@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +STRIP = @STRIP@ +SYSTEMD_CFLAGS = @SYSTEMD_CFLAGS@ +SYSTEMD_LIBS = @SYSTEMD_LIBS@ +USE_NLS = @USE_NLS@ +VERSION = @VERSION@ +XGETTEXT = @XGETTEXT@ +XSLTPROC = @XSLTPROC@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +intltool__v_merge_options_ = @intltool__v_merge_options_@ +intltool__v_merge_options_0 = @intltool__v_merge_options_0@ +libdir = @libdir@ +libexecdir = @libexecdir@ +localedir = @localedir@ +localstatedir = @localstatedir@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +subdirs = @subdirs@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +SUBDIRS = man polkit +EXTRA_DIST = version.xml.in +all: all-recursive + +.SUFFIXES: +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu docs/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu docs/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): +version.xml: $(top_builddir)/config.status $(srcdir)/version.xml.in + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ +extensiondir.xml: $(top_builddir)/config.status $(srcdir)/extensiondir.xml.in + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +# This directory's subdirectories are mostly independent; you can cd +# into them and run `make' without going through this Makefile. +# To change the values of `make' variables: instead of editing Makefiles, +# (1) if the variable is set in `config.status', edit `config.status' +# (which will cause the Makefiles to be regenerated when you run `make'); +# (2) otherwise, pass the desired values on the `make' command line. +$(RECURSIVE_TARGETS): + @fail= failcom='exit 1'; \ + for f in x $$MAKEFLAGS; do \ + case $$f in \ + *=* | --[!k]*);; \ + *k*) failcom='fail=yes';; \ + esac; \ + done; \ + dot_seen=no; \ + target=`echo $@ | sed s/-recursive//`; \ + list='$(SUBDIRS)'; for subdir in $$list; do \ + echo "Making $$target in $$subdir"; \ + if test "$$subdir" = "."; then \ + dot_seen=yes; \ + local_target="$$target-am"; \ + else \ + local_target="$$target"; \ + fi; \ + ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ + || eval $$failcom; \ + done; \ + if test "$$dot_seen" = "no"; then \ + $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \ + fi; test -z "$$fail" + +$(RECURSIVE_CLEAN_TARGETS): + @fail= failcom='exit 1'; \ + for f in x $$MAKEFLAGS; do \ + case $$f in \ + *=* | --[!k]*);; \ + *k*) failcom='fail=yes';; \ + esac; \ + done; \ + dot_seen=no; \ + case "$@" in \ + distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \ + *) list='$(SUBDIRS)' ;; \ + esac; \ + rev=''; for subdir in $$list; do \ + if test "$$subdir" = "."; then :; else \ + rev="$$subdir $$rev"; \ + fi; \ + done; \ + rev="$$rev ."; \ + target=`echo $@ | sed s/-recursive//`; \ + for subdir in $$rev; do \ + echo "Making $$target in $$subdir"; \ + if test "$$subdir" = "."; then \ + local_target="$$target-am"; \ + else \ + local_target="$$target"; \ + fi; \ + ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ + || eval $$failcom; \ + done && test -z "$$fail" +tags-recursive: + list='$(SUBDIRS)'; for subdir in $$list; do \ + test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \ + done +ctags-recursive: + list='$(SUBDIRS)'; for subdir in $$list; do \ + test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \ + done + +ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + mkid -fID $$unique +tags: TAGS + +TAGS: tags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + set x; \ + here=`pwd`; \ + if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \ + include_option=--etags-include; \ + empty_fix=.; \ + else \ + include_option=--include; \ + empty_fix=; \ + fi; \ + list='$(SUBDIRS)'; for subdir in $$list; do \ + if test "$$subdir" = .; then :; else \ + test ! -f $$subdir/TAGS || \ + set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \ + fi; \ + done; \ + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: CTAGS +CTAGS: ctags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done + @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ + if test "$$subdir" = .; then :; else \ + test -d "$(distdir)/$$subdir" \ + || $(MKDIR_P) "$(distdir)/$$subdir" \ + || exit 1; \ + fi; \ + done + @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ + if test "$$subdir" = .; then :; else \ + dir1=$$subdir; dir2="$(distdir)/$$subdir"; \ + $(am__relativize); \ + new_distdir=$$reldir; \ + dir1=$$subdir; dir2="$(top_distdir)"; \ + $(am__relativize); \ + new_top_distdir=$$reldir; \ + echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \ + echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \ + ($(am__cd) $$subdir && \ + $(MAKE) $(AM_MAKEFLAGS) \ + top_distdir="$$new_top_distdir" \ + distdir="$$new_distdir" \ + am__remove_distdir=: \ + am__skip_length_check=: \ + am__skip_mode_fix=: \ + distdir) \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-recursive +all-am: Makefile +installdirs: installdirs-recursive +installdirs-am: +install: install-recursive +install-exec: install-exec-recursive +install-data: install-data-recursive +uninstall: uninstall-recursive + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-recursive +install-strip: + if test -z '$(STRIP)'; then \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + install; \ + else \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ + fi +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-recursive + +clean-am: clean-generic clean-libtool mostlyclean-am + +distclean: distclean-recursive + -rm -f Makefile +distclean-am: clean-am distclean-generic distclean-tags + +dvi: dvi-recursive + +dvi-am: + +html: html-recursive + +html-am: + +info: info-recursive + +info-am: + +install-data-am: + +install-dvi: install-dvi-recursive + +install-dvi-am: + +install-exec-am: + +install-html: install-html-recursive + +install-html-am: + +install-info: install-info-recursive + +install-info-am: + +install-man: + +install-pdf: install-pdf-recursive + +install-pdf-am: + +install-ps: install-ps-recursive + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-recursive + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-recursive + +mostlyclean-am: mostlyclean-generic mostlyclean-libtool + +pdf: pdf-recursive + +pdf-am: + +ps: ps-recursive + +ps-am: + +uninstall-am: + +.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) ctags-recursive \ + install-am install-strip tags-recursive + +.PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \ + all all-am check check-am clean clean-generic clean-libtool \ + ctags ctags-recursive distclean distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-man install-pdf install-pdf-am \ + install-ps install-ps-am install-strip installcheck \ + installcheck-am installdirs installdirs-am maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-generic \ + mostlyclean-libtool pdf pdf-am ps ps-am tags tags-recursive \ + uninstall uninstall-am + + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/docs/TODO b/docs/TODO new file mode 100644 index 00000000..5cd211d9 --- /dev/null +++ b/docs/TODO @@ -0,0 +1,20 @@ + +Needed for 1.0 +-------------- + + - check that all public but unstable API is properly guard off with + I_KNOW_THIS_API_IS_SUBJECT_TO_CHANGE_ETC + + - man page review / section review + + - make sure library API is reasonably MT-safe + + - avoid watching all name owner changes in PolkitBackendAuthority and + PolkitBackendServer; remove the name-owner-changed vfunc + +GNOME Authentication Agent +-------------------------- + + - maybe expand on the notification icon so it is more detailed + what temporary authorizations the session has - and maybe a way + to only drop some of them diff --git a/docs/extensiondir.xml b/docs/extensiondir.xml new file mode 100644 index 00000000..b83eac58 --- /dev/null +++ b/docs/extensiondir.xml @@ -0,0 +1 @@ +/usr/lib64/polkit-1/extensions diff --git a/docs/extensiondir.xml.in b/docs/extensiondir.xml.in new file mode 100644 index 00000000..44e242c2 --- /dev/null +++ b/docs/extensiondir.xml.in @@ -0,0 +1 @@ +@libdir@/polkit-1/extensions diff --git a/docs/man/Makefile.am b/docs/man/Makefile.am new file mode 100644 index 00000000..b71c1d27 --- /dev/null +++ b/docs/man/Makefile.am @@ -0,0 +1,32 @@ + +NULL = + +if MAN_PAGES_ENABLED + +man_MANS = \ + polkit.8 \ + polkitd.8 \ + pklocalauthority.8 \ + pkexec.1 \ + pkcheck.1 \ + pkaction.1 \ + pkttyagent.1 \ + $(NULL) + +%.8 %.1 : %.xml + $(XSLTPROC) -nonet --stringparam man.base.url.for.relative.links $(datadir)/gtk-doc/html/polkit-1/ --xinclude http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl $< + +endif # MAN_PAGES_ENABLED + +EXTRA_DIST = \ + polkit.xml \ + polkitd.xml \ + pklocalauthority.xml \ + pkexec.xml \ + pkcheck.xml \ + pkaction.xml \ + pkttyagent.xml \ + $(NULL) + +clean-local: + rm -f *~ *.1 *.8 diff --git a/docs/man/Makefile.in b/docs/man/Makefile.in new file mode 100644 index 00000000..ed075765 --- /dev/null +++ b/docs/man/Makefile.in @@ -0,0 +1,578 @@ +# Makefile.in generated by automake 1.11.3 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software +# Foundation, Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ +VPATH = @srcdir@ +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +subdir = docs/man +DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/config.h +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +AM_V_GEN = $(am__v_GEN_@AM_V@) +am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) +am__v_GEN_0 = @echo " GEN " $@; +AM_V_at = $(am__v_at_@AM_V@) +am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) +am__v_at_0 = @ +SOURCES = +DIST_SOURCES = +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__uninstall_files_from_dir = { \ + test -z "$$files" \ + || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ + || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ + $(am__cd) "$$dir" && rm -f $$files; }; \ + } +man1dir = $(mandir)/man1 +am__installdirs = "$(DESTDIR)$(man1dir)" "$(DESTDIR)$(man8dir)" +man8dir = $(mandir)/man8 +NROFF = nroff +MANS = $(man_MANS) +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +ALL_LINGUAS = @ALL_LINGUAS@ +AMTAR = @AMTAR@ +AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ +AR = @AR@ +AUTH_LIBS = @AUTH_LIBS@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +CATALOGS = @CATALOGS@ +CATOBJEXT = @CATOBJEXT@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DATADIRNAME = @DATADIRNAME@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +EXPAT_LIBS = @EXPAT_LIBS@ +FGREP = @FGREP@ +GETTEXT_PACKAGE = @GETTEXT_PACKAGE@ +GLIB_CFLAGS = @GLIB_CFLAGS@ +GLIB_LIBS = @GLIB_LIBS@ +GMOFILES = @GMOFILES@ +GMSGFMT = @GMSGFMT@ +GREP = @GREP@ +GTKDOC_CHECK = @GTKDOC_CHECK@ +GTKDOC_DEPS_CFLAGS = @GTKDOC_DEPS_CFLAGS@ +GTKDOC_DEPS_LIBS = @GTKDOC_DEPS_LIBS@ +GTKDOC_MKPDF = @GTKDOC_MKPDF@ +GTKDOC_REBASE = @GTKDOC_REBASE@ +HAVE_PAM = @HAVE_PAM@ +HTML_DIR = @HTML_DIR@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +INSTOBJEXT = @INSTOBJEXT@ +INTLLIBS = @INTLLIBS@ +INTLTOOL_EXTRACT = @INTLTOOL_EXTRACT@ +INTLTOOL_MERGE = @INTLTOOL_MERGE@ +INTLTOOL_PERL = @INTLTOOL_PERL@ +INTLTOOL_UPDATE = @INTLTOOL_UPDATE@ +INTLTOOL_V_MERGE = @INTLTOOL_V_MERGE@ +INTLTOOL_V_MERGE_OPTIONS = @INTLTOOL_V_MERGE_OPTIONS@ +INTLTOOL__v_MERGE_ = @INTLTOOL__v_MERGE_@ +INTLTOOL__v_MERGE_0 = @INTLTOOL__v_MERGE_0@ +INTROSPECTION_CFLAGS = @INTROSPECTION_CFLAGS@ +INTROSPECTION_COMPILER = @INTROSPECTION_COMPILER@ +INTROSPECTION_GENERATE = @INTROSPECTION_GENERATE@ +INTROSPECTION_GIRDIR = @INTROSPECTION_GIRDIR@ +INTROSPECTION_LIBS = @INTROSPECTION_LIBS@ +INTROSPECTION_MAKEFILE = @INTROSPECTION_MAKEFILE@ +INTROSPECTION_SCANNER = @INTROSPECTION_SCANNER@ +INTROSPECTION_TYPELIBDIR = @INTROSPECTION_TYPELIBDIR@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +LT_AGE = @LT_AGE@ +LT_CURRENT = @LT_CURRENT@ +LT_REVISION = @LT_REVISION@ +MAINT = @MAINT@ +MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ +MKDIR_P = @MKDIR_P@ +MKINSTALLDIRS = @MKINSTALLDIRS@ +MSGFMT = @MSGFMT@ +MSGFMT_OPTS = @MSGFMT_OPTS@ +MSGMERGE = @MSGMERGE@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PAM_FILE_INCLUDE_ACCOUNT = @PAM_FILE_INCLUDE_ACCOUNT@ +PAM_FILE_INCLUDE_AUTH = @PAM_FILE_INCLUDE_AUTH@ +PAM_FILE_INCLUDE_PASSWORD = @PAM_FILE_INCLUDE_PASSWORD@ +PAM_FILE_INCLUDE_SESSION = @PAM_FILE_INCLUDE_SESSION@ +PAM_MODULE_DIR = @PAM_MODULE_DIR@ +PAM_PREFIX = @PAM_PREFIX@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +POFILES = @POFILES@ +POLKIT_AUTHFW = @POLKIT_AUTHFW@ +POSUB = @POSUB@ +PO_IN_DATADIR_FALSE = @PO_IN_DATADIR_FALSE@ +PO_IN_DATADIR_TRUE = @PO_IN_DATADIR_TRUE@ +RANLIB = @RANLIB@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +STRIP = @STRIP@ +SYSTEMD_CFLAGS = @SYSTEMD_CFLAGS@ +SYSTEMD_LIBS = @SYSTEMD_LIBS@ +USE_NLS = @USE_NLS@ +VERSION = @VERSION@ +XGETTEXT = @XGETTEXT@ +XSLTPROC = @XSLTPROC@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +intltool__v_merge_options_ = @intltool__v_merge_options_@ +intltool__v_merge_options_0 = @intltool__v_merge_options_0@ +libdir = @libdir@ +libexecdir = @libexecdir@ +localedir = @localedir@ +localstatedir = @localstatedir@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +subdirs = @subdirs@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +NULL = +@MAN_PAGES_ENABLED_TRUE@man_MANS = \ +@MAN_PAGES_ENABLED_TRUE@ polkit.8 \ +@MAN_PAGES_ENABLED_TRUE@ polkitd.8 \ +@MAN_PAGES_ENABLED_TRUE@ pklocalauthority.8 \ +@MAN_PAGES_ENABLED_TRUE@ pkexec.1 \ +@MAN_PAGES_ENABLED_TRUE@ pkcheck.1 \ +@MAN_PAGES_ENABLED_TRUE@ pkaction.1 \ +@MAN_PAGES_ENABLED_TRUE@ pkttyagent.1 \ +@MAN_PAGES_ENABLED_TRUE@ $(NULL) + +EXTRA_DIST = \ + polkit.xml \ + polkitd.xml \ + pklocalauthority.xml \ + pkexec.xml \ + pkcheck.xml \ + pkaction.xml \ + pkttyagent.xml \ + $(NULL) + +all: all-am + +.SUFFIXES: +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu docs/man/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu docs/man/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs +install-man1: $(man_MANS) + @$(NORMAL_INSTALL) + test -z "$(man1dir)" || $(MKDIR_P) "$(DESTDIR)$(man1dir)" + @list=''; test -n "$(man1dir)" || exit 0; \ + { for i in $$list; do echo "$$i"; done; \ + l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.1[a-z]*$$/p'; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ + done | \ + sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^1][0-9a-z]*$$,1,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ + sed 'N;N;s,\n, ,g' | { \ + list=; while read file base inst; do \ + if test "$$base" = "$$inst"; then list="$$list $$file"; else \ + echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man1dir)/$$inst'"; \ + $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man1dir)/$$inst" || exit $$?; \ + fi; \ + done; \ + for i in $$list; do echo "$$i"; done | $(am__base_list) | \ + while read files; do \ + test -z "$$files" || { \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man1dir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(man1dir)" || exit $$?; }; \ + done; } + +uninstall-man1: + @$(NORMAL_UNINSTALL) + @list=''; test -n "$(man1dir)" || exit 0; \ + files=`{ for i in $$list; do echo "$$i"; done; \ + l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.1[a-z]*$$/p'; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^1][0-9a-z]*$$,1,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ + dir='$(DESTDIR)$(man1dir)'; $(am__uninstall_files_from_dir) +install-man8: $(man_MANS) + @$(NORMAL_INSTALL) + test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" + @list=''; test -n "$(man8dir)" || exit 0; \ + { for i in $$list; do echo "$$i"; done; \ + l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.8[a-z]*$$/p'; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ + done | \ + sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ + sed 'N;N;s,\n, ,g' | { \ + list=; while read file base inst; do \ + if test "$$base" = "$$inst"; then list="$$list $$file"; else \ + echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \ + $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \ + fi; \ + done; \ + for i in $$list; do echo "$$i"; done | $(am__base_list) | \ + while read files; do \ + test -z "$$files" || { \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \ + done; } + +uninstall-man8: + @$(NORMAL_UNINSTALL) + @list=''; test -n "$(man8dir)" || exit 0; \ + files=`{ for i in $$list; do echo "$$i"; done; \ + l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.8[a-z]*$$/p'; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ + dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir) +tags: TAGS +TAGS: + +ctags: CTAGS +CTAGS: + + +distdir: $(DISTFILES) + @list='$(MANS)'; if test -n "$$list"; then \ + list=`for p in $$list; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ + if test -n "$$list" && \ + grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ + echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ + grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ + echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ + echo " typically \`make maintainer-clean' will remove them" >&2; \ + exit 1; \ + else :; fi; \ + else :; fi + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile $(MANS) +installdirs: + for dir in "$(DESTDIR)$(man1dir)" "$(DESTDIR)$(man8dir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + if test -z '$(STRIP)'; then \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + install; \ + else \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ + fi +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic clean-libtool clean-local mostlyclean-am + +distclean: distclean-am + -rm -f Makefile +distclean-am: clean-am distclean-generic + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: install-man + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: install-man1 install-man8 + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-generic mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-man + +uninstall-man: uninstall-man1 uninstall-man8 + +.MAKE: install-am install-strip + +.PHONY: all all-am check check-am clean clean-generic clean-libtool \ + clean-local distclean distclean-generic distclean-libtool \ + distdir dvi dvi-am html html-am info info-am install \ + install-am install-data install-data-am install-dvi \ + install-dvi-am install-exec install-exec-am install-html \ + install-html-am install-info install-info-am install-man \ + install-man1 install-man8 install-pdf install-pdf-am \ + install-ps install-ps-am install-strip installcheck \ + installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-generic \ + mostlyclean-libtool pdf pdf-am ps ps-am uninstall uninstall-am \ + uninstall-man uninstall-man1 uninstall-man8 + + +@MAN_PAGES_ENABLED_TRUE@%.8 %.1 : %.xml +@MAN_PAGES_ENABLED_TRUE@ $(XSLTPROC) -nonet --stringparam man.base.url.for.relative.links $(datadir)/gtk-doc/html/polkit-1/ --xinclude http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl $< + +clean-local: + rm -f *~ *.1 *.8 + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/docs/man/pkaction.xml b/docs/man/pkaction.xml new file mode 100644 index 00000000..24c156ff --- /dev/null +++ b/docs/man/pkaction.xml @@ -0,0 +1,109 @@ + + +]> + + + pkaction + May 2009 + polkit + + + + pkaction + 1 + + + + + pkaction + Get details about a registered action + + + + + pkaction + + + + + + pkaction + + + + + + + + + pkaction + + + action + + + + + + + + + + + + DESCRIPTION + + pkaction is used to obtain information about registered + PolicyKit actions. If called with then all + actions are displayed. Otherwise the action action. + If called without the option only the name + of the action is shown. Otherwise details about the actions are shown. + + + + + RETURN VALUE + + On success pkaction returns 0. Otherwise a + non-zero value is returned and a diagnostic message is printed + on standard error. + + + + AUTHOR + + Written by David Zeuthen davidz@redhat.com with + a lot of help from many others. + + + + + BUGS + + Please send bug reports to either the distribution or the + polkit-devel mailing list, + see the link + on how to subscribe. + + + + + SEE ALSO + + + polkit8 + , + + pkcheck1 + , + + pkexec1 + , + + pkttyagent1 + + + + diff --git a/docs/man/pkcheck.xml b/docs/man/pkcheck.xml new file mode 100644 index 00000000..6b8a8743 --- /dev/null +++ b/docs/man/pkcheck.xml @@ -0,0 +1,222 @@ + + +]> + + + pkcheck + May 2009 + polkit + + + + pkcheck + 1 + + + + + pkcheck + Check whether a process is authorized + + + + + pkcheck + + + + + + pkcheck + + + + + pkcheck + + + + + pkcheck + + + action + + + + + + + + pid + + + pid,pid-start-time + + + + + + busname + + + + + + + + + + + + + + + + + + + key + value + + + + + + + + DESCRIPTION + + pkcheck is used to check whether a process, specified by + either or , + is authorized for action. The + option can be used zero or more times to pass details about action. + If is passed, pkcheck blocks + while waiting for authentication. + + + The invocation pkcheck --list-temp will list + all temporary authorizations for the current session and + pkcheck --revoke-temp will revoke all + temporary authorizations for the current session. + + + This command is a simple wrapper around the PolicyKit D-Bus interface; see the + D-Bus interface documentation for details. + + + + + RETURN VALUE + + If the specified process is + authorized, pkcheck exits with a return value + of 0. If the authorization result contains any details, these + are printed on standard output as key/value pairs using + environment style reporting, e.g. first the key followed by a an equal sign, then the + value followed by a newline. + +KEY1=VALUE1 +KEY2=VALUE2 +KEY3=VALUE3 +... + Octects that are not in [a-zA-Z0-9_] are escaped using octal codes prefixed + with \. + For example, the UTF-8 string føl,你好 will be printed + as f\303\270l\54\344\275\240\345\245\275. + + + If the specificied process is not + authorized, pkcheck exits with a return value + of 1 and a diagnostic message is printed on standard error. Details + are printed on standard output. + + + If the specificied process is not + authorized because no suitable authentication agent is available or if the + wasn't passed, pkcheck + exits with a return value of 2 and a diagnostic message is printed on standard error. + Details are printed on standard output. + + + If the specificied process is not authorized because the + authentication dialog / request was dismissed by the user, + pkcheck exits with a return value of 3 and a + diagnostic message is printed on standard error. Details are + printed on standard output. + + + If an error occured while checking for authorization, pkcheck exits + with a return value of 127 with a diagnostic message printed on standard error. + + + If one or more of the options passed are malformed, pkcheck exits + with a return value of 126. If stdin is a tty, then this manual page is also shown. + + + + + NOTES + + Since process identifiers can be recycled, the caller should always use + pid,pid-start-time to specify the process + to check for authorization when using the option. + The value of pid-start-time + can be determined by consulting e.g. the + + proc5 + + file system depending on the operating system. If only pid + is passed to the option, then pkcheck + will look up the start time itself but note that this may be racy. + + + + AUTHENTICATION AGENT + + pkcheck, like any other PolicyKit + application, will use the authentication agent registered for + the process in question. However, if no authentication agent is + available, then pkcheck can register its own + textual authentication agent if the option + is passed. + + + + AUTHOR + + Written by David Zeuthen davidz@redhat.com with + a lot of help from many others. + + + + + BUGS + + Please send bug reports to either the distribution or the + polkit-devel mailing list, + see the link + on how to subscribe. + + + + + SEE ALSO + + + polkit8 + , + + pkaction1 + , + + pkexec1 + , + + pkttyagent1 + + + + diff --git a/docs/man/pkexec.xml b/docs/man/pkexec.xml new file mode 100644 index 00000000..17340331 --- /dev/null +++ b/docs/man/pkexec.xml @@ -0,0 +1,292 @@ + + +]> + + + pkexec + May 2009 + polkit + + + + pkexec + 1 + + + + + pkexec + Execute a command as another user + + + + + pkexec + + + + + + + pkexec + + + + username + + + PROGRAM + + ARGUMENTS + + + + + + DESCRIPTION + + pkexec allows an authorized user to + execute PROGRAM as another + user. If username is not specified, + then the program will be executed as the administrative super + user, root. + + + + RETURN VALUE + + Upon successful completion, the return value is the return value + of PROGRAM. If the calling process is + not authorized or an authorization could not be obtained through + authentication or an error occured, pkexec + exits with a return value of 127. If the authorization could not + be obtained because the user dismissed the authentication + dialog, pkexec exits with a return value of + 126. + + + + AUTHENTICATION AGENT + + pkexec, like any other PolicyKit application, + will use the authentication agent registered for the calling + process. However, if no authentication agent is available, then + pkexec will register its own textual + authentication agent. This behavior can be turned off by passing + the option. + + + + SECURITY NOTES + + Executing a program as another user is a privileged + operation. By default the required authorization (See + ) requires administrator + authentication. In addition, the authentication dialog presented + to the user will display the full path to the program to be + executed so the user is aware of what will happen: + + + + + + + + + + + The environment that PROGRAM will run + it, will be set to a minimal known and safe environment in order + to avoid injecting code + through LD_LIBRARY_PATH or similar + mechanisms. In addition the PKEXEC_UID + environment variable is set to the user id of the process + invoking pkexec. As a + result, pkexec will not allow you to run + X11 applications as another user since + the $DISPLAY and $XAUTHORITY + environment variables are not set. These two variables will be retained + if the org.freedesktop.policykit.exec.allow_gui annotation + on an action is set to a nonempty value; this is discouraged, though, and + should only be used for legacy programs. + + + + REQUIRED AUTHORIZATIONS + + By default, + the org.freedesktop.policykit.exec + authorization is required unless an action definition file is + present for the program in question. To require another + authorization, it can be specified using the org.freedesktop.policykit.exec.path annotation on an action (See for details). + + + + EXAMPLE + + To specify what kind of authorization is needed to execute the + program /usr/bin/pk-example-frobnicate as + another user, simply write an action definition file like this + + +FIXME: MISSING XINCLUDE CONTENT + + and drop it in the + /usr/share/polkit-1/actions directory under + a suitable name (e.g. matching the namespace of the action). + Note that in addition to specifying the program, the + authentication message, description, icon and defaults can be + specified. Note that occurences of the strings + $(user), $(program) and + $(command_line) in the message will be + replaced with respectively the user (of the form "Real Name + (username)" or just "username" if there is no real name for the + username), the binary to execute (a fully-qualified path, + e.g. "/usr/bin/pk-example-frobnicate") and + the command-line, e.g. "pk-example-frobnicate foo + bar". For example, for the action defined above, the + following authentication dialog will be shown: + + + + + + + + + + + If the user is using the da_DK locale, the + dialog looks like this: + + + + + + + + + + + Note that pkexec does no validation of + the ARGUMENTS passed + to PROGRAM. In the normal case (where + administrator authentication is required every + time pkexec is used), this is not a problem + since if the user is an administrator he might as well just + run pkexec bash to get root. + + + However, if an action is used for which the user can retain + authorization (or if the user is implicitly authorized), such as + with pk-example-frobnicate above, this + could be a security hole. Therefore, as a rule of thumb, + programs for which the default required authorization is + changed, should never implicitly trust user input (e.g. like any + other well-written suid program). + + + + AUTHOR + + Written by David Zeuthen davidz@redhat.com with + a lot of help from many others. + + + + + BUGS + + Please send bug reports to either the distribution or the + polkit-devel mailing list, + see the link + on how to subscribe. + + + + + SEE ALSO + + + polkit8 + , + + pkaction1 + , + + pkcheck1 + , + + pkttyagent1 + + + + diff --git a/docs/man/pklocalauthority.xml b/docs/man/pklocalauthority.xml new file mode 100644 index 00000000..a03a4341 --- /dev/null +++ b/docs/man/pklocalauthority.xml @@ -0,0 +1,471 @@ + + +]> + + + pklocalauthority + May 2009 + polkit + + + + pklocalauthority + 8 + + + + + pklocalauthority + PolicyKit Local Authority + + + + DESCRIPTION + + The Local Authority is the default PolicyKit authority + implementation. Configuration for the Local Authority and + information pertaining to authorization decisions are read from + local files on the disk. One design goal of the Local Authority + is to split configuration items into separate files such that + 3rd party packages and users won't conflict trying to edit the + same files. This policy also ensures smooth upgrades when + distributing PolicyKit using a package management system. + + + Files shipped with PolicyKit and 3rd party packages (e.g. under + package manager control) typically have comments (such + as DO NOT EDIT THIS FILE, it will be overwritten on + update) telling the system administrator that changes + will be overwritten on update. + + + + + ADMINISTRATOR AUTHENTICATION + + PolicyKit makes a distinction between user + authentication (to make the user in front of the + system prove he really is the user) and administrator + authentication (to make the user in front of the + system prove he really is an administrator). Since various + operating systems (or even flavors of the same operating system) + has different ways of defining "administrator", the Local + Authority provides a way to specify what "administrator + authentication" means. + + + By default, "administrator authentication" is defined as asking + for the root password. Since some systems, for usability + reasons, don't have a root password and instead rely on a group + of users being member of an administrative group that gives them + super-user privileges, the Local Authority can be configured to + support this use-case as well. + + + Configuration for the Local Authority is read from files in + the /etc/polkit-1/localauthority.conf.d + directory. All files are read in lexigraphical order (using the + C locale) meaning that later files can override earlier + ones. The file 50-localauthority.conf + contains the settings provided by the OS vendor. Users and 3rd + party packages can drop configuration files with a priority + higher than 60 to change the defaults. The configuration file + format is simple. Each configuration file is a key + file (also commonly known as a ini + file) with a single group + called [Configuration]. Only a single + key, AdminIdentities is read. The value of + this key is a semi-colon separated list of identities that can + be used when administrator authentication is required. Users are + specified by prefixing the user name with + unix-user:, groups of users are specified by + prefixing with unix-group:, and netgroups of + users are specified with unix-netgroup:. See + for an example of a + configuration file. + + + + + DIRECTORY STRUCTURE + + The Local Authority reads files with .pkla + extension from all directories located inside the + /etc/polkit-1/localauthority + and /var/lib/polkit-1/localauthority + directories. By default, the following sub-directories are installed. + + +/etc/polkit-1/ +`-- localauthority + |-- 10-vendor.d + |-- 20-org.d + |-- 30-site.d + |-- 50-local.d + `-- 90-mandatory.d + + + and + + +/var/lib/polkit-1/ +`-- localauthority + |-- 10-vendor.d + |-- 20-org.d + |-- 30-site.d + |-- 50-local.d + `-- 90-mandatory.d + + + The /etc/polkit-1/localauthority hierarchy + is inteded for local configuration and + the /var/lib/polkit-1/localauthority is + intended for 3rd party packages. + + + Each .pkla file contains one or more + authorization entries. If the underlying filesystem supports + file monitoring, the Local Authority will reload information + whenever .pkla files are added, removed or + changed. + + + Each directory is intended for a specific audience + + + + 10-vendor.d + + + Intended for use by the OS vendor. + + + + + 20-org.d + + + Intended for the organization deploying the OS. + + + + + 30-site.d + + + Intended for the site deploying the system. + + + + + 50-local.d + + + Intended for local usage. + + + + + 90-mandatory.d + + + Intended for the organization deploying the OS. + + + + + + and new directories can be added/removed as needed. + + + As to regards to the content, each .pkla + file is a standard key file and contains + key/value pairs in one or more groups with each group + representing an authorization entry. + A .pkla file MUST be named by using a + scheme to ensure that the name is unique, e.g. reverse DNS + notation or similar. For example, if the organization is + Acme Corp needs to modify policy for the + product Frobnicator, a name + like com.acme.frobnicator.pkla would be + suitable. + + + + + AUTHORIZATION ENTRY + + Each group in a .pkla file must have a name + that is unique within the file it belongs to. The following keys + are are recognized: + + + + Identity + + + A semi-colon separated list of globs to match identities. Each glob + should start with unix-user: or + unix-group: to specify whether to match on a + UNIX user name or a UNIX group name. Netgroups are supported with + the unix-netgroup: prefix, but cannot support + glob syntax. + + + + + Action + + + A semi-colon separated list of globs to match action identifiers. + + + + + ResultActive + + + The result to return for subjects in an active local + session that matches one or more of the given identities. + Allowed values are similar to what can be used in + the defaults section + of .policy files used to define + actions, e.g. + yes, + no, + auth_self, + auth_self_keep, + auth_admin and + auth_admin_keep. + + + + + ResultInactive + + + Like ResultActive but instead applies + to subjects in inactive local sessions. + + + + + ResultAny + + + Like ResultActive but instead applies + to any subject. + + + + + ReturnValue + + + A semi-colon separated list of key/value pairs (of the + form key=value) that are added to the details of + authorization result on positive matches. + + + + + + All keys specified above are required except that only at least + one + of ResultAny, ResultInactive + and ResultActive must + be present. The ReturnValue key is optional. + + + + + EVALUATION ORDER + + When a Mechanism requests services from the Authority to check + if a given Subject is authorized for a given Action, the + authorization entries discussed above are consulted using the + following algorithm. + + + The authorization entries from all .pkla files are ordered using + the following rules. First all the basename of all + sub-directories (e.g. 30-site.d) from both + the /etc/polkit-1/localauthority + and /var/lib/polkit-1/localauthority + directories are enumerated and sorted (using the C locale). If a + name exists in both /etc + and /var, the one + in /etc takes precedence. Then + all .pkla files are read in order from this + list of sub-directories. For each .pkla + file, authorizations from each file are appended in order resulting + in an ordered list of authorization entries. + + + For example, given the following files + + +/var/lib/polkit-1 +└── localauthority + ├── 10-vendor.d + │ └── 10-desktop-policy.pkla + ├── 20-org.d + ├── 30-site.d + ├── 50-local.d + ├── 55-org.my.company.d + │ └── 10-org.my.company.product.pkla + └── 90-mandatory.d + +/etc/polkit-1 +└── localauthority + ├── 10-vendor.d + │ └── 01-some-changes-from-a-subvendor.pkla + ├── 20-org.d + ├── 30-site.d + ├── 50-local.d + ├── 55-org.my.company.d + │ └── 10-org.my.company.product.pkla + └── 90-mandatory.d + + + the evaluation order of the .pkla files is: + + + + + 10-desktop-policy.pkla + + + + + 01-some-changes-from-a-subvendor.pkla + + + + + 10-org.my.company.product.pkla (the /var one) + + + + + 10-org.my.company.product.pkla (the /etc one) + + + + + When the list of authorization entries has been calculated, the + authorization check can be made. First, the user of the Subject + is determined and the groups that the user belongs are looked + up. For each group identity, the authorization entries are + consulted in order. If the authorization check matches the data + from the authorization check, then the authorization result + from RequireAny, RequireInactive + or RequireActive is used + and ReturnValue is added to the + authorization result. + + + Finally, the authorization entries are consulted using the user + identity in the same manner. + + + Note that processing continues even after a match. This allows + for socalled negative authorizations, see + for further + discussion. + + + + + EXAMPLES + + The following .conf file + + +[Configuration] +AdminIdentities=unix-group:staff + + + specifies that any user in the staff UNIX + group can be used for authentication when administrator + authentication is needed. This file would typically be installed + in the /etc/polkit-1/localauthority.conf.d + directory and given the + name 60-desktop-policy.conf to ensure that + it is evaluted after + the 50-localauthority.conf file shipped + with PolicyKit. If the local administrator wants to override this (suppose 60-desktop-policy.conf was shipped as part of the OS) he can simply create a file 99-my-admin-configuration.conf with the following content + + +[Configuration] +AdminIdentities=unix-user:lisa;unix-user:marge + + + to specify that only the users lisa + and marge can authenticate when + administrator authentication is needed. + + + The following .pkla file grants + authorization to all users in the staff group + for actions matching the + glob com.example.awesomeproduct.* provided + they are in an active session on the local console: + + +[Normal Staff Permissions] +Identity=unix-group:staff +Action=com.example.awesomeproduct.* +ResultAny=no +ResultInactive=no +ResultActive=yes + + + If the users homer and grimes are member of + the staff group but policy requires that an + administrator needs to authenticate every time authorization for + any action + matching com.example.awesomeproduct.* is + required, one would add + + +[Exclude Some Problematic Users] +Identity=unix-user:homer;unix-user:grimes +Action=com.example.awesomeproduct.* +ResultAny=no +ResultInactive=no +ResultActive=auth_admin + + + and make sure this authorization entry is after the first one. + + + + AUTHOR + + Written by David Zeuthen davidz@redhat.com with + a lot of help from many others. + + + + + BUGS + + Please send bug reports to either the distribution or the + polkit-devel mailing list, + see the link + on how to subscribe. + + + + + SEE ALSO + + + polkit8 + + + + diff --git a/docs/man/pkttyagent.xml b/docs/man/pkttyagent.xml new file mode 100644 index 00000000..a5bab8a5 --- /dev/null +++ b/docs/man/pkttyagent.xml @@ -0,0 +1,165 @@ + + +]> + + + pkttyagent + May 2009 + polkit + + + + pkttyagent + 1 + + + + + pkttyagent + Textual authentication helper + + + + + pkttyagent + + + + + + pkttyagent + + + + + + + pid + + + pid,pid-start-time + + + + + + busname + + + + + + + fd + + + + + + + + + + + + + + + DESCRIPTION + + pkttyagent is used to start a textual + authentication agent for the subject specified by either + or + . If neither of these options + are given, the parent process is used. + + + To get notified when the authentication agent has been + registered either listen to the Changed + D-Bus signal or use to pass the + number of a file descriptor that has been passed to the + program. This file descriptor will then be closed when the + authentication agent has been successfully registered. + + + If is used, the textual + authentication agent will not replace an existing authentication + agent. + + + + + RETURN VALUE + + If the authentication agent could not be registered, + pkttyagent exits with an exit code of + 127. Diagnostic messages are printed on standard error. + + + If one or more of the options passed are malformed, + pkttyagent exits with an exit code of 126. If + stdin is a tty, then this manual page is also shown. + + + If the authentication agent was successfully registered, + pkttyagent will keep running, interacting + with the user as needed. When its services are no longer needed, + the process can be killed. + + + + + NOTES + + Since process identifiers can be recycled, the caller should + always use pid,pid-start-time when + using the option. The value of + pid-start-time can be determined by + consulting e.g. the + + proc5 + + file system depending on the operating system. If only pid + is passed to the option, then pkttyagent + will look up the start time itself but note that this may be racy. + + + + AUTHOR + + Written by David Zeuthen davidz@redhat.com with + a lot of help from many others. + + + + + BUGS + + Please send bug reports to either the distribution or the + polkit-devel mailing list, + see the link + on how to subscribe. + + + + + SEE ALSO + + + polkit8 + , + + pkaction1 + , + + pkcheck1 + , + + pkexec1 + + + + diff --git a/docs/man/polkit.xml b/docs/man/polkit.xml new file mode 100644 index 00000000..188c5141 --- /dev/null +++ b/docs/man/polkit.xml @@ -0,0 +1,489 @@ + + +]> + + + polkit + January 2009 + polkit + + + + polkit + 8 + + + + + polkit + Authorization Framework + + + OVERVIEW + + PolicyKit provides an authorization API intended to be used by + privileged programs (MECHANISMS) offering service + to unprivileged programs (CLIENTS) through some + form of IPC mechanism such as D-Bus or Unix pipes. In this + scenario, the mechanism typically treats the client as + untrusted. For every request from a client, the mechanism needs + to determine if the request is authorized or if it should refuse + to service the client. Using the PolicyKit API, a mechanism can + offload this decision to a trusted party: The PolicyKit + Authority. + + + + In addition to acting as an authority, PolicyKit allows users to + obtain temporary authorization through authenticating either an + administrative user or the owner of the session the client + belongs to. This is useful for scenarios where a mechanism needs + to verify that the operator of the system really is the user or + really is an administrative user. + + + + + SYSTEM ARCHITECTURE + + The system architecture of PolicyKit is comprised of + the Authority (implemented as a service on + the system message bus) and a + Authentication Agent per user session + (provided and started by the user session e.g. GNOME or KDE). + Additionally, PolicyKit supports a number of extension points – + specifically, vendors and/or sites can write extensions to + completely control authorization policy. In a block diagram, the + architecture looks like this: + + + + + + + | libpolkit-gobject-1 | ++------------------+ +---------------------+ +| org.freedesktop. | +| PolicyKit1 | ++------------------+ +| Backends and | +| Extensions | ++------------------+ +]]> + + + + For convenience, the libpolkit-gobject-1 + library wraps the PolicyKit D-Bus API using GObject. However, a + mechanism can also use the D-Bus API or the + pkcheck1 + command to check authorizations. + + + + The libpolkit-agent-1 library provides an + abstraction of the native authentication system, e.g. + pam8 + and also facilities registration and communication with the + PolicyKit D-Bus service. + + + + PolicyKit extensions and authority backends are implemented + using the + libpolkit-backend-1 library. + + + + See the + developer + documentation for more information about using and + extending PolicyKit. + + + + See + pklocalauthority8 + for information about the Local Authority - the default + authority implementation shipped with PolicyKit. + + + + AUTHENTICATION AGENTS + + An authentication agent is used to make the user of a session + prove that the user of the session really is the user (by + authenticating as the user) or an administrative user (by + authenticating as a administrator). In order to integrate well + with the rest of the user session (e.g. match the look and + feel), authentication agents are meant to be provided by the + user session that the user uses. For example, an authentication + agent may look like this: + + + + + + + + + + + If the system is configured without a root + account it may allow you to select the administrative user who + is authenticating: + + + + + + + + + + + See + pklocalauthority8 + on how to set up the local authority + implemention for systems without a root + account. + + + + Applications that do not run under a desktop environment (for + example, if launched from a + ssh1 + login) may not have have an authentication agent associated with + them. Such applications may use the PolkitAgentTextListener + type or the + pkttyagent1 + helper so the user can authenticate using a textual interface. + + + + DECLARING ACTIONS + + A mechanism need to declare a set of ACTIONS in + order to use PolicyKit. Actions correspond to operations that + clients can request the mechanism to carry out and are defined + in XML files that the mechanism installs into + the /usr/share/polkit-1/actions directory. + + + + PolicyKit actions are namespaced and can only contain the + characters [a-z][0-9].- e.g. lower-case + ASCII, digits, period and hyphen. Each XML file can contain more + than one action but all actions need to be in the same namespace + and the file needs to be named after the namespace and have the + extension .policy. + + + + The XML file must have the following doctype declaration + + + +]]> + + The policyconfig element must be present + exactly once. Elements that can be used + inside policyconfig includes: + + + + vendor + The name of the project or vendor that is + supplying the actions in the XML + document. Optional. + + + vendor_url + A URL to the project or vendor that is + supplying the actions in the XML document. + Optional. + + + icon_name + An icon representing the project or vendor + that is supplying the actions in the XML document. The icon + name must adhere to + the Freedesktop.org + Icon Naming Specification. Optional. + + + action + Declares an action. The action name is + specified using the id attribute and can + only contain the characters [a-z][0-9].- + e.g. lower-case ASCII, digits, period and + hyphen. + + + + Elements that can be used inside action includes: + + + + description + A human readable description of the action, e.g. Install unsigned software. + + + message + A human readable message displayed to the user when asking for credentials when authentication is needed, e.g. Installing unsigned software requires authentication. + + + defaults + This element is used to specify implicit authorizations for clients. + + Elements that can be used inside defaults includes: + + + + allow_any + Implicit authorizations that apply to + any client. Optional. + + + allow_inactive + Implicit authorizations that apply to + clients in inactive sessions on local + consoles. Optional. + + + allow_active + Implicit authorizations that apply to + clients in active sessions on local + consoles. Optional. + + + + Each of + the allow_any, allow_inactive + and allow_active elements can contain + the following values: + + + + no + Not authorized. + + + yes + Authorized. + + + auth_self + Authentication by the owner of the + session that the client originates from is + required. + + + auth_admin + Authentication by an administrative user + is required. + + + auth_self_keep + Like auth_self but + the authorization is kept for a brief + period. + + + auth_admin_keep + Like auth_admin but the authorization is kept for a brief period. + + + + + + annotate + Used for annotating an action with a key/value + pair. The key is specified using the + the key attribute and the value is + specified using the value attribute. This + element may appear zero or more times. See + below for known annotations. + + + vendor + Used for overriding the vendor on a per-action + basis. Optional. + + + vendor_url + Used for overriding the vendor URL on a + per-action basis. Optional. + + + icon_name + Used for overriding the icon name on a + per-action basis. Optional. + + + + For localization, description + and message elements may occur multiple + times with different xml:lang attributes. + + + To list installed PolicyKit actions, use the + pkaction1 + command. + + + Known annotations + + The org.freedesktop.policykit.exec.path + annotation is used by the pkexec program + shipped with PolicyKit - see the + pkexec1 + man page for details. + + + The org.freedesktop.policykit.imply + annotation (its value is a string containing a space separated + list of action identifiers) can be used to define meta + actions. The way it works is that if a subject is + authorized for an action with this annotation, then it is also + authorized for any action specified by the annotation. A typical + use of this annotation is when defining an UI shell with a + single lock button that should unlock multiple actions from + distinct mechanisms. + + + The org.freedesktop.policykit.owner + annotation can be used to define a set of users who can query + whether a client is authorized to perform this action. If this + annotation is not specified then only root can query whether a + client running as a different user is authorized for an action. + The value of this annotation is a string containing a space + separated list of PolkitIdentity entries, + for example "unix-user:42 unix-user:colord". + A typical use of this annotation is for a daemon process that + runs as a system user rather than root. + + + + + + AUTHOR + + Written by David Zeuthen davidz@redhat.com with + a lot of help from many others. + + + + + BUGS + + Please send bug reports to either the distribution or the + polkit-devel mailing list, + see the link + on how to subscribe. + + + + + SEE ALSO + + + pklocalauthority8 + + + polkitd8 + + + pkaction1 + , + + pkcheck1 + , + + pkexec1 + , + + pkttyagent1 + + + + diff --git a/docs/man/polkitd.xml b/docs/man/polkitd.xml new file mode 100644 index 00000000..7e5cc029 --- /dev/null +++ b/docs/man/polkitd.xml @@ -0,0 +1,67 @@ + + +]> + + + polkitd + May 2009 + polkit + + + + polkitd + 8 + + + + + polkitd + PolicyKit daemon + + + + + polkitd + + + + DESCRIPTION + + polkitd provides + the org.freedesktop.PolicyKit1 D-Bus + service on the system message bus. Users or administrators + should never need to start this daemon as it will be + automatically started by + dbus-daemon1 + whenever an application calls into the service. + + + + AUTHOR + + Written by David Zeuthen davidz@redhat.com with + a lot of help from many others. + + + + + BUGS + + Please send bug reports to either the distribution or the + polkit-devel mailing list, + see the link + on how to subscribe. + + + + + SEE ALSO + + + polkit8 + + + + diff --git a/docs/pkexec-bash.png b/docs/pkexec-bash.png new file mode 100644 index 00000000..b2d22087 Binary files /dev/null and b/docs/pkexec-bash.png differ diff --git a/docs/pkexec-frobnicate-da.png b/docs/pkexec-frobnicate-da.png new file mode 100644 index 00000000..5c242d48 Binary files /dev/null and b/docs/pkexec-frobnicate-da.png differ diff --git a/docs/pkexec-frobnicate.png b/docs/pkexec-frobnicate.png new file mode 100644 index 00000000..60050da3 Binary files /dev/null and b/docs/pkexec-frobnicate.png differ diff --git a/docs/polkit-architecture.png b/docs/polkit-architecture.png new file mode 100644 index 00000000..11342e57 Binary files /dev/null and b/docs/polkit-architecture.png differ diff --git a/docs/polkit-authentication-agent-example-wheel.png b/docs/polkit-authentication-agent-example-wheel.png new file mode 100644 index 00000000..bafe5a8b Binary files /dev/null and b/docs/polkit-authentication-agent-example-wheel.png differ diff --git a/docs/polkit-authentication-agent-example.png b/docs/polkit-authentication-agent-example.png new file mode 100644 index 00000000..b2f65590 Binary files /dev/null and b/docs/polkit-authentication-agent-example.png differ diff --git a/docs/polkit/Makefile.am b/docs/polkit/Makefile.am new file mode 100644 index 00000000..fd7123f6 --- /dev/null +++ b/docs/polkit/Makefile.am @@ -0,0 +1,106 @@ + +NULL = + +AUTOMAKE_OPTIONS = 1.7 + +# The name of the module. +DOC_MODULE=polkit-1 + +# The top-level SGML file. +DOC_MAIN_SGML_FILE=polkit-1-docs.xml + +# Extra options to supply to gtkdoc-scan +SCAN_OPTIONS=--ignore-headers=config.h + +# The directory containing the source code. Relative to $(srcdir) +DOC_SOURCE_DIR=../../src + +# Used for dependencies +HFILE_GLOB=$(top_srcdir)/src/polkit*/*.h +CFILE_GLOB=$(top_srcdir)/src/polkit*/*.c + +# Headers to ignore +IGNORE_HFILES= \ + $(NULL) + +# CFLAGS and LDFLAGS for compiling scan program. Only needed +# if $(DOC_MODULE).types is non-empty. +INCLUDES = \ + $(DBUS_GLIB_CFLAGS) \ + $(GLIB_CFLAGS) \ + $(GIO_CFLAGS) \ + -I$(top_srcdir)/src/polkit \ + -I$(top_builddir)/src/polkit \ + -I$(top_srcdir)/src/polkitbackend \ + -I$(top_builddir)/src/polkitbackend \ + -I$(top_srcdir)/src/polkitagent \ + -I$(top_builddir)/src/polkitagent \ + $(NULL) + +GTKDOC_LIBS = \ + $(DBUS_GLIB_LIBS) \ + $(GLIB_LIBS) \ + $(GIO_LIBS) \ + $(top_builddir)/src/polkit/libpolkit-gobject-1.la \ + $(top_builddir)/src/polkitbackend/libpolkit-backend-1.la \ + $(top_builddir)/src/polkitagent/libpolkit-agent-1.la \ + $(NULL) + +# Extra options to supply to gtkdoc-mkdb +MKDB_OPTIONS=--sgml-mode --output-format=xml --name-space=polkit + +# Extra options to supply to gtkdoc-mktmpl +MKTMPL_OPTIONS= + +# Non-autogenerated SGML files to be included in $(DOC_MAIN_SGML_FILE) +content_files = \ + overview.xml \ + ../extensiondir.xml \ + ../version.xml \ + docbook-interface-org.freedesktop.PolicyKit1.Authority.xml \ + docbook-interface-org.freedesktop.PolicyKit1.AuthenticationAgent.xml \ + ../man/polkit.xml \ + ../man/polkitd.xml \ + ../man/pklocalauthority.xml \ + ../man/pkcheck.xml \ + ../man/pkaction.xml \ + ../man/pkexec.xml \ + ../man/pkttyagent.xml \ + $(NULL) + +# Images to copy into HTML directory +HTML_IMAGES = \ + ../polkit-architecture.png \ + ../polkit-authentication-agent-example.png \ + ../polkit-authentication-agent-example-wheel.png \ + ../pkexec-bash.png \ + ../pkexec-frobnicate.png \ + ../pkexec-frobnicate-da.png \ + $(NULL) + +# Extra options to supply to gtkdoc-fixref +FIXXREF_OPTIONS= + +if ENABLE_GTK_DOC +include $(top_srcdir)/gtk-doc.make +else +CLEANFILES = +endif + +CLEANFILES += *~ \ + polkit-1-scan.* \ + polkit-1.args \ + polkit-1.hierarchy \ + polkit-1.interfaces \ + polkit-1.prerequisites \ + polkit-1.signals \ + *.bak \ + polkit-1-decl-list.txt \ + polkit-1-decl.txt \ + polkit-1-overrides.txt \ + polkit-1-undeclared.txt \ + polkit-1-undocumented.txt \ + *.stamp \ + -rf html xml \ + $(NULL) + diff --git a/docs/polkit/Makefile.in b/docs/polkit/Makefile.in new file mode 100644 index 00000000..9f326f77 --- /dev/null +++ b/docs/polkit/Makefile.in @@ -0,0 +1,782 @@ +# Makefile.in generated by automake 1.11.3 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software +# Foundation, Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +# -*- mode: makefile -*- + +#################################### +# Everything below here is generic # +#################################### +VPATH = @srcdir@ +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \ + $(top_srcdir)/gtk-doc.make +subdir = docs/polkit +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/config.h +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +AM_V_GEN = $(am__v_GEN_@AM_V@) +am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) +am__v_GEN_0 = @echo " GEN " $@; +AM_V_at = $(am__v_at_@AM_V@) +am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) +am__v_at_0 = @ +SOURCES = +DIST_SOURCES = +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +ALL_LINGUAS = @ALL_LINGUAS@ +AMTAR = @AMTAR@ +AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ +AR = @AR@ +AUTH_LIBS = @AUTH_LIBS@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +CATALOGS = @CATALOGS@ +CATOBJEXT = @CATOBJEXT@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DATADIRNAME = @DATADIRNAME@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +EXPAT_LIBS = @EXPAT_LIBS@ +FGREP = @FGREP@ +GETTEXT_PACKAGE = @GETTEXT_PACKAGE@ +GLIB_CFLAGS = @GLIB_CFLAGS@ +GLIB_LIBS = @GLIB_LIBS@ +GMOFILES = @GMOFILES@ +GMSGFMT = @GMSGFMT@ +GREP = @GREP@ +GTKDOC_CHECK = @GTKDOC_CHECK@ +GTKDOC_DEPS_CFLAGS = @GTKDOC_DEPS_CFLAGS@ +GTKDOC_DEPS_LIBS = @GTKDOC_DEPS_LIBS@ +GTKDOC_MKPDF = @GTKDOC_MKPDF@ +GTKDOC_REBASE = @GTKDOC_REBASE@ +HAVE_PAM = @HAVE_PAM@ +HTML_DIR = @HTML_DIR@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +INSTOBJEXT = @INSTOBJEXT@ +INTLLIBS = @INTLLIBS@ +INTLTOOL_EXTRACT = @INTLTOOL_EXTRACT@ +INTLTOOL_MERGE = @INTLTOOL_MERGE@ +INTLTOOL_PERL = @INTLTOOL_PERL@ +INTLTOOL_UPDATE = @INTLTOOL_UPDATE@ +INTLTOOL_V_MERGE = @INTLTOOL_V_MERGE@ +INTLTOOL_V_MERGE_OPTIONS = @INTLTOOL_V_MERGE_OPTIONS@ +INTLTOOL__v_MERGE_ = @INTLTOOL__v_MERGE_@ +INTLTOOL__v_MERGE_0 = @INTLTOOL__v_MERGE_0@ +INTROSPECTION_CFLAGS = @INTROSPECTION_CFLAGS@ +INTROSPECTION_COMPILER = @INTROSPECTION_COMPILER@ +INTROSPECTION_GENERATE = @INTROSPECTION_GENERATE@ +INTROSPECTION_GIRDIR = @INTROSPECTION_GIRDIR@ +INTROSPECTION_LIBS = @INTROSPECTION_LIBS@ +INTROSPECTION_MAKEFILE = @INTROSPECTION_MAKEFILE@ +INTROSPECTION_SCANNER = @INTROSPECTION_SCANNER@ +INTROSPECTION_TYPELIBDIR = @INTROSPECTION_TYPELIBDIR@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +LT_AGE = @LT_AGE@ +LT_CURRENT = @LT_CURRENT@ +LT_REVISION = @LT_REVISION@ +MAINT = @MAINT@ +MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ +MKDIR_P = @MKDIR_P@ +MKINSTALLDIRS = @MKINSTALLDIRS@ +MSGFMT = @MSGFMT@ +MSGFMT_OPTS = @MSGFMT_OPTS@ +MSGMERGE = @MSGMERGE@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PAM_FILE_INCLUDE_ACCOUNT = @PAM_FILE_INCLUDE_ACCOUNT@ +PAM_FILE_INCLUDE_AUTH = @PAM_FILE_INCLUDE_AUTH@ +PAM_FILE_INCLUDE_PASSWORD = @PAM_FILE_INCLUDE_PASSWORD@ +PAM_FILE_INCLUDE_SESSION = @PAM_FILE_INCLUDE_SESSION@ +PAM_MODULE_DIR = @PAM_MODULE_DIR@ +PAM_PREFIX = @PAM_PREFIX@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +POFILES = @POFILES@ +POLKIT_AUTHFW = @POLKIT_AUTHFW@ +POSUB = @POSUB@ +PO_IN_DATADIR_FALSE = @PO_IN_DATADIR_FALSE@ +PO_IN_DATADIR_TRUE = @PO_IN_DATADIR_TRUE@ +RANLIB = @RANLIB@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +STRIP = @STRIP@ +SYSTEMD_CFLAGS = @SYSTEMD_CFLAGS@ +SYSTEMD_LIBS = @SYSTEMD_LIBS@ +USE_NLS = @USE_NLS@ +VERSION = @VERSION@ +XGETTEXT = @XGETTEXT@ +XSLTPROC = @XSLTPROC@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +intltool__v_merge_options_ = @intltool__v_merge_options_@ +intltool__v_merge_options_0 = @intltool__v_merge_options_0@ +libdir = @libdir@ +libexecdir = @libexecdir@ +localedir = @localedir@ +localstatedir = @localstatedir@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +subdirs = @subdirs@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +NULL = +AUTOMAKE_OPTIONS = 1.7 + +# The name of the module. +DOC_MODULE = polkit-1 + +# The top-level SGML file. +DOC_MAIN_SGML_FILE = polkit-1-docs.xml + +# Extra options to supply to gtkdoc-scan +SCAN_OPTIONS = --ignore-headers=config.h + +# The directory containing the source code. Relative to $(srcdir) +DOC_SOURCE_DIR = ../../src + +# Used for dependencies +HFILE_GLOB = $(top_srcdir)/src/polkit*/*.h +CFILE_GLOB = $(top_srcdir)/src/polkit*/*.c + +# Headers to ignore +IGNORE_HFILES = \ + $(NULL) + + +# CFLAGS and LDFLAGS for compiling scan program. Only needed +# if $(DOC_MODULE).types is non-empty. +INCLUDES = \ + $(DBUS_GLIB_CFLAGS) \ + $(GLIB_CFLAGS) \ + $(GIO_CFLAGS) \ + -I$(top_srcdir)/src/polkit \ + -I$(top_builddir)/src/polkit \ + -I$(top_srcdir)/src/polkitbackend \ + -I$(top_builddir)/src/polkitbackend \ + -I$(top_srcdir)/src/polkitagent \ + -I$(top_builddir)/src/polkitagent \ + $(NULL) + +GTKDOC_LIBS = \ + $(DBUS_GLIB_LIBS) \ + $(GLIB_LIBS) \ + $(GIO_LIBS) \ + $(top_builddir)/src/polkit/libpolkit-gobject-1.la \ + $(top_builddir)/src/polkitbackend/libpolkit-backend-1.la \ + $(top_builddir)/src/polkitagent/libpolkit-agent-1.la \ + $(NULL) + + +# Extra options to supply to gtkdoc-mkdb +MKDB_OPTIONS = --sgml-mode --output-format=xml --name-space=polkit + +# Extra options to supply to gtkdoc-mktmpl +MKTMPL_OPTIONS = + +# Non-autogenerated SGML files to be included in $(DOC_MAIN_SGML_FILE) +content_files = \ + overview.xml \ + ../extensiondir.xml \ + ../version.xml \ + docbook-interface-org.freedesktop.PolicyKit1.Authority.xml \ + docbook-interface-org.freedesktop.PolicyKit1.AuthenticationAgent.xml \ + ../man/polkit.xml \ + ../man/polkitd.xml \ + ../man/pklocalauthority.xml \ + ../man/pkcheck.xml \ + ../man/pkaction.xml \ + ../man/pkexec.xml \ + ../man/pkttyagent.xml \ + $(NULL) + + +# Images to copy into HTML directory +HTML_IMAGES = \ + ../polkit-architecture.png \ + ../polkit-authentication-agent-example.png \ + ../polkit-authentication-agent-example-wheel.png \ + ../pkexec-bash.png \ + ../pkexec-frobnicate.png \ + ../pkexec-frobnicate-da.png \ + $(NULL) + + +# Extra options to supply to gtkdoc-fixref +FIXXREF_OPTIONS = +@ENABLE_GTK_DOC_TRUE@@GTK_DOC_USE_LIBTOOL_FALSE@GTKDOC_CC = $(CC) $(INCLUDES) $(GTKDOC_DEPS_CFLAGS) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +@ENABLE_GTK_DOC_TRUE@@GTK_DOC_USE_LIBTOOL_TRUE@GTKDOC_CC = $(LIBTOOL) --tag=CC --mode=compile $(CC) $(INCLUDES) $(GTKDOC_DEPS_CFLAGS) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +@ENABLE_GTK_DOC_TRUE@@GTK_DOC_USE_LIBTOOL_FALSE@GTKDOC_LD = $(CC) $(GTKDOC_DEPS_LIBS) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) +@ENABLE_GTK_DOC_TRUE@@GTK_DOC_USE_LIBTOOL_TRUE@GTKDOC_LD = $(LIBTOOL) --tag=CC --mode=link $(CC) $(GTKDOC_DEPS_LIBS) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) +@ENABLE_GTK_DOC_TRUE@@GTK_DOC_USE_LIBTOOL_FALSE@GTKDOC_RUN = +@ENABLE_GTK_DOC_TRUE@@GTK_DOC_USE_LIBTOOL_TRUE@GTKDOC_RUN = $(LIBTOOL) --mode=execute + +# We set GPATH here; this gives us semantics for GNU make +# which are more like other make's VPATH, when it comes to +# whether a source that is a target of one rule is then +# searched for in VPATH/GPATH. +# +@ENABLE_GTK_DOC_TRUE@GPATH = $(srcdir) +@ENABLE_GTK_DOC_TRUE@TARGET_DIR = $(HTML_DIR)/$(DOC_MODULE) +@ENABLE_GTK_DOC_TRUE@SETUP_FILES = \ +@ENABLE_GTK_DOC_TRUE@ $(content_files) \ +@ENABLE_GTK_DOC_TRUE@ $(DOC_MAIN_SGML_FILE) \ +@ENABLE_GTK_DOC_TRUE@ $(DOC_MODULE)-sections.txt \ +@ENABLE_GTK_DOC_TRUE@ $(DOC_MODULE)-overrides.txt + +@ENABLE_GTK_DOC_TRUE@EXTRA_DIST = \ +@ENABLE_GTK_DOC_TRUE@ $(HTML_IMAGES) \ +@ENABLE_GTK_DOC_TRUE@ $(SETUP_FILES) + +@ENABLE_GTK_DOC_TRUE@DOC_STAMPS = setup-build.stamp scan-build.stamp sgml-build.stamp \ +@ENABLE_GTK_DOC_TRUE@ html-build.stamp pdf-build.stamp \ +@ENABLE_GTK_DOC_TRUE@ sgml.stamp html.stamp pdf.stamp + +@ENABLE_GTK_DOC_TRUE@SCANOBJ_FILES = \ +@ENABLE_GTK_DOC_TRUE@ $(DOC_MODULE).args \ +@ENABLE_GTK_DOC_TRUE@ $(DOC_MODULE).hierarchy \ +@ENABLE_GTK_DOC_TRUE@ $(DOC_MODULE).interfaces \ +@ENABLE_GTK_DOC_TRUE@ $(DOC_MODULE).prerequisites \ +@ENABLE_GTK_DOC_TRUE@ $(DOC_MODULE).signals + +@ENABLE_GTK_DOC_TRUE@REPORT_FILES = \ +@ENABLE_GTK_DOC_TRUE@ $(DOC_MODULE)-undocumented.txt \ +@ENABLE_GTK_DOC_TRUE@ $(DOC_MODULE)-undeclared.txt \ +@ENABLE_GTK_DOC_TRUE@ $(DOC_MODULE)-unused.txt + +@ENABLE_GTK_DOC_FALSE@CLEANFILES = *~ polkit-1-scan.* polkit-1.args \ +@ENABLE_GTK_DOC_FALSE@ polkit-1.hierarchy polkit-1.interfaces \ +@ENABLE_GTK_DOC_FALSE@ polkit-1.prerequisites polkit-1.signals \ +@ENABLE_GTK_DOC_FALSE@ *.bak polkit-1-decl-list.txt \ +@ENABLE_GTK_DOC_FALSE@ polkit-1-decl.txt polkit-1-overrides.txt \ +@ENABLE_GTK_DOC_FALSE@ polkit-1-undeclared.txt \ +@ENABLE_GTK_DOC_FALSE@ polkit-1-undocumented.txt *.stamp -rf \ +@ENABLE_GTK_DOC_FALSE@ html xml $(NULL) +@ENABLE_GTK_DOC_TRUE@CLEANFILES = $(SCANOBJ_FILES) $(REPORT_FILES) \ +@ENABLE_GTK_DOC_TRUE@ $(DOC_STAMPS) *~ polkit-1-scan.* \ +@ENABLE_GTK_DOC_TRUE@ polkit-1.args polkit-1.hierarchy \ +@ENABLE_GTK_DOC_TRUE@ polkit-1.interfaces \ +@ENABLE_GTK_DOC_TRUE@ polkit-1.prerequisites polkit-1.signals \ +@ENABLE_GTK_DOC_TRUE@ *.bak polkit-1-decl-list.txt \ +@ENABLE_GTK_DOC_TRUE@ polkit-1-decl.txt polkit-1-overrides.txt \ +@ENABLE_GTK_DOC_TRUE@ polkit-1-undeclared.txt \ +@ENABLE_GTK_DOC_TRUE@ polkit-1-undocumented.txt *.stamp -rf \ +@ENABLE_GTK_DOC_TRUE@ html xml $(NULL) +@ENABLE_GTK_DOC_TRUE@@GTK_DOC_BUILD_HTML_FALSE@HTML_BUILD_STAMP = +@ENABLE_GTK_DOC_TRUE@@GTK_DOC_BUILD_HTML_TRUE@HTML_BUILD_STAMP = html-build.stamp +@ENABLE_GTK_DOC_TRUE@@GTK_DOC_BUILD_PDF_FALSE@PDF_BUILD_STAMP = +@ENABLE_GTK_DOC_TRUE@@GTK_DOC_BUILD_PDF_TRUE@PDF_BUILD_STAMP = pdf-build.stamp +all: all-am + +.SUFFIXES: +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/gtk-doc.make $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu docs/polkit/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu docs/polkit/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; +$(top_srcdir)/gtk-doc.make: + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs +tags: TAGS +TAGS: + +ctags: CTAGS +CTAGS: + +@ENABLE_GTK_DOC_FALSE@dist-hook: + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done + $(MAKE) $(AM_MAKEFLAGS) \ + top_distdir="$(top_distdir)" distdir="$(distdir)" \ + dist-hook +check-am: all-am +check: check-am +@ENABLE_GTK_DOC_FALSE@all-local: +all-am: Makefile all-local +installdirs: +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + if test -z '$(STRIP)'; then \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + install; \ + else \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ + fi +mostlyclean-generic: + +clean-generic: + -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +@ENABLE_GTK_DOC_FALSE@uninstall-local: +@ENABLE_GTK_DOC_FALSE@distclean-local: +@ENABLE_GTK_DOC_FALSE@install-data-local: +@ENABLE_GTK_DOC_FALSE@maintainer-clean-local: +@ENABLE_GTK_DOC_FALSE@clean-local: +clean: clean-am + +clean-am: clean-generic clean-libtool clean-local mostlyclean-am + +distclean: distclean-am + -rm -f Makefile +distclean-am: clean-am distclean-generic distclean-local + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: install-data-local + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic \ + maintainer-clean-local + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-generic mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-local + +.MAKE: install-am install-strip + +.PHONY: all all-am all-local check check-am clean clean-generic \ + clean-libtool clean-local dist-hook distclean \ + distclean-generic distclean-libtool distclean-local distdir \ + dvi dvi-am html html-am info info-am install install-am \ + install-data install-data-am install-data-local install-dvi \ + install-dvi-am install-exec install-exec-am install-html \ + install-html-am install-info install-info-am install-man \ + install-pdf install-pdf-am install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic \ + maintainer-clean-local mostlyclean mostlyclean-generic \ + mostlyclean-libtool pdf pdf-am ps ps-am uninstall uninstall-am \ + uninstall-local + + +@ENABLE_GTK_DOC_TRUE@all-local: $(HTML_BUILD_STAMP) $(PDF_BUILD_STAMP) +#all-local: + +@ENABLE_GTK_DOC_TRUE@docs: $(HTML_BUILD_STAMP) $(PDF_BUILD_STAMP) + +@ENABLE_GTK_DOC_TRUE@$(REPORT_FILES): sgml-build.stamp + +#### setup #### + +@ENABLE_GTK_DOC_TRUE@setup-build.stamp: +@ENABLE_GTK_DOC_TRUE@ -@if test "$(abs_srcdir)" != "$(abs_builddir)" ; then \ +@ENABLE_GTK_DOC_TRUE@ echo ' DOC Preparing build'; \ +@ENABLE_GTK_DOC_TRUE@ files=`echo $(SETUP_FILES) $(expand_content_files) $(DOC_MODULE).types`; \ +@ENABLE_GTK_DOC_TRUE@ if test "x$$files" != "x" ; then \ +@ENABLE_GTK_DOC_TRUE@ for file in $$files ; do \ +@ENABLE_GTK_DOC_TRUE@ test -f $(abs_srcdir)/$$file && \ +@ENABLE_GTK_DOC_TRUE@ cp -pu $(abs_srcdir)/$$file $(abs_builddir)/ || true; \ +@ENABLE_GTK_DOC_TRUE@ done; \ +@ENABLE_GTK_DOC_TRUE@ fi; \ +@ENABLE_GTK_DOC_TRUE@ fi +@ENABLE_GTK_DOC_TRUE@ @touch setup-build.stamp + +#### scan #### + +@ENABLE_GTK_DOC_TRUE@scan-build.stamp: $(HFILE_GLOB) $(CFILE_GLOB) +@ENABLE_GTK_DOC_TRUE@ @echo ' DOC Scanning header files' +@ENABLE_GTK_DOC_TRUE@ @_source_dir='' ; \ +@ENABLE_GTK_DOC_TRUE@ for i in $(DOC_SOURCE_DIR) ; do \ +@ENABLE_GTK_DOC_TRUE@ _source_dir="$${_source_dir} --source-dir=$$i" ; \ +@ENABLE_GTK_DOC_TRUE@ done ; \ +@ENABLE_GTK_DOC_TRUE@ gtkdoc-scan --module=$(DOC_MODULE) --ignore-headers="$(IGNORE_HFILES)" $${_source_dir} $(SCAN_OPTIONS) $(EXTRA_HFILES) +@ENABLE_GTK_DOC_TRUE@ @if grep -l '^..*$$' $(DOC_MODULE).types > /dev/null 2>&1 ; then \ +@ENABLE_GTK_DOC_TRUE@ echo " DOC Introspecting gobjects"; \ +@ENABLE_GTK_DOC_TRUE@ scanobj_options=""; \ +@ENABLE_GTK_DOC_TRUE@ gtkdoc-scangobj 2>&1 --help | grep >/dev/null "\-\-verbose"; \ +@ENABLE_GTK_DOC_TRUE@ if test "$(?)" = "0"; then \ +@ENABLE_GTK_DOC_TRUE@ if test "x$(V)" = "x1"; then \ +@ENABLE_GTK_DOC_TRUE@ scanobj_options="--verbose"; \ +@ENABLE_GTK_DOC_TRUE@ fi; \ +@ENABLE_GTK_DOC_TRUE@ fi; \ +@ENABLE_GTK_DOC_TRUE@ CC="$(GTKDOC_CC)" LD="$(GTKDOC_LD)" RUN="$(GTKDOC_RUN)" CFLAGS="$(GTKDOC_CFLAGS) $(CFLAGS)" LDFLAGS="$(GTKDOC_LIBS) $(LDFLAGS)" \ +@ENABLE_GTK_DOC_TRUE@ gtkdoc-scangobj $(SCANGOBJ_OPTIONS) $$scanobj_options --module=$(DOC_MODULE); \ +@ENABLE_GTK_DOC_TRUE@ else \ +@ENABLE_GTK_DOC_TRUE@ for i in $(SCANOBJ_FILES) ; do \ +@ENABLE_GTK_DOC_TRUE@ test -f $$i || touch $$i ; \ +@ENABLE_GTK_DOC_TRUE@ done \ +@ENABLE_GTK_DOC_TRUE@ fi +@ENABLE_GTK_DOC_TRUE@ @touch scan-build.stamp + +@ENABLE_GTK_DOC_TRUE@$(DOC_MODULE)-decl.txt $(SCANOBJ_FILES) $(DOC_MODULE)-sections.txt $(DOC_MODULE)-overrides.txt: scan-build.stamp +@ENABLE_GTK_DOC_TRUE@ @true + +#### xml #### + +@ENABLE_GTK_DOC_TRUE@sgml-build.stamp: setup-build.stamp $(DOC_MODULE)-decl.txt $(SCANOBJ_FILES) $(DOC_MODULE)-sections.txt $(DOC_MODULE)-overrides.txt $(expand_content_files) +@ENABLE_GTK_DOC_TRUE@ @echo ' DOC Building XML' +@ENABLE_GTK_DOC_TRUE@ @_source_dir='' ; \ +@ENABLE_GTK_DOC_TRUE@ for i in $(DOC_SOURCE_DIR) ; do \ +@ENABLE_GTK_DOC_TRUE@ _source_dir="$${_source_dir} --source-dir=$$i" ; \ +@ENABLE_GTK_DOC_TRUE@ done ; \ +@ENABLE_GTK_DOC_TRUE@ gtkdoc-mkdb --module=$(DOC_MODULE) --output-format=xml --expand-content-files="$(expand_content_files)" --main-sgml-file=$(DOC_MAIN_SGML_FILE) $${_source_dir} $(MKDB_OPTIONS) +@ENABLE_GTK_DOC_TRUE@ @touch sgml-build.stamp + +@ENABLE_GTK_DOC_TRUE@sgml.stamp: sgml-build.stamp +@ENABLE_GTK_DOC_TRUE@ @true + +#### html #### + +@ENABLE_GTK_DOC_TRUE@html-build.stamp: sgml.stamp $(DOC_MAIN_SGML_FILE) $(content_files) +@ENABLE_GTK_DOC_TRUE@ @echo ' DOC Building HTML' +@ENABLE_GTK_DOC_TRUE@ @rm -rf html +@ENABLE_GTK_DOC_TRUE@ @mkdir html +@ENABLE_GTK_DOC_TRUE@ @mkhtml_options=""; \ +@ENABLE_GTK_DOC_TRUE@ gtkdoc-mkhtml 2>&1 --help | grep >/dev/null "\-\-verbose"; \ +@ENABLE_GTK_DOC_TRUE@ if test "$(?)" = "0"; then \ +@ENABLE_GTK_DOC_TRUE@ if test "x$(V)" = "x1"; then \ +@ENABLE_GTK_DOC_TRUE@ mkhtml_options="$$mkhtml_options --verbose"; \ +@ENABLE_GTK_DOC_TRUE@ fi; \ +@ENABLE_GTK_DOC_TRUE@ fi; \ +@ENABLE_GTK_DOC_TRUE@ gtkdoc-mkhtml 2>&1 --help | grep >/dev/null "\-\-path"; \ +@ENABLE_GTK_DOC_TRUE@ if test "$(?)" = "0"; then \ +@ENABLE_GTK_DOC_TRUE@ mkhtml_options="$$mkhtml_options --path=\"$(abs_srcdir)\""; \ +@ENABLE_GTK_DOC_TRUE@ fi; \ +@ENABLE_GTK_DOC_TRUE@ cd html && gtkdoc-mkhtml $$mkhtml_options $(MKHTML_OPTIONS) $(DOC_MODULE) ../$(DOC_MAIN_SGML_FILE) +@ENABLE_GTK_DOC_TRUE@ -@test "x$(HTML_IMAGES)" = "x" || \ +@ENABLE_GTK_DOC_TRUE@ for file in $(HTML_IMAGES) ; do \ +@ENABLE_GTK_DOC_TRUE@ if test -f $(abs_srcdir)/$$file ; then \ +@ENABLE_GTK_DOC_TRUE@ cp $(abs_srcdir)/$$file $(abs_builddir)/html; \ +@ENABLE_GTK_DOC_TRUE@ fi; \ +@ENABLE_GTK_DOC_TRUE@ if test -f $(abs_builddir)/$$file ; then \ +@ENABLE_GTK_DOC_TRUE@ cp $(abs_builddir)/$$file $(abs_builddir)/html; \ +@ENABLE_GTK_DOC_TRUE@ fi; \ +@ENABLE_GTK_DOC_TRUE@ done; +@ENABLE_GTK_DOC_TRUE@ @echo ' DOC Fixing cross-references' +@ENABLE_GTK_DOC_TRUE@ @gtkdoc-fixxref --module=$(DOC_MODULE) --module-dir=html --html-dir=$(HTML_DIR) $(FIXXREF_OPTIONS) +@ENABLE_GTK_DOC_TRUE@ @touch html-build.stamp + +#### pdf #### + +@ENABLE_GTK_DOC_TRUE@pdf-build.stamp: sgml.stamp $(DOC_MAIN_SGML_FILE) $(content_files) +@ENABLE_GTK_DOC_TRUE@ @echo ' DOC Building PDF' +@ENABLE_GTK_DOC_TRUE@ @rm -f $(DOC_MODULE).pdf +@ENABLE_GTK_DOC_TRUE@ @mkpdf_options=""; \ +@ENABLE_GTK_DOC_TRUE@ gtkdoc-mkpdf 2>&1 --help | grep >/dev/null "\-\-verbose"; \ +@ENABLE_GTK_DOC_TRUE@ if test "$(?)" = "0"; then \ +@ENABLE_GTK_DOC_TRUE@ if test "x$(V)" = "x1"; then \ +@ENABLE_GTK_DOC_TRUE@ mkpdf_options="$$mkpdf_options --verbose"; \ +@ENABLE_GTK_DOC_TRUE@ fi; \ +@ENABLE_GTK_DOC_TRUE@ fi; \ +@ENABLE_GTK_DOC_TRUE@ if test "x$(HTML_IMAGES)" != "x"; then \ +@ENABLE_GTK_DOC_TRUE@ for img in $(HTML_IMAGES); do \ +@ENABLE_GTK_DOC_TRUE@ part=`dirname $$img`; \ +@ENABLE_GTK_DOC_TRUE@ echo $$mkpdf_options | grep >/dev/null "\-\-imgdir=$$part "; \ +@ENABLE_GTK_DOC_TRUE@ if test $$? != 0; then \ +@ENABLE_GTK_DOC_TRUE@ mkpdf_options="$$mkpdf_options --imgdir=$$part"; \ +@ENABLE_GTK_DOC_TRUE@ fi; \ +@ENABLE_GTK_DOC_TRUE@ done; \ +@ENABLE_GTK_DOC_TRUE@ fi; \ +@ENABLE_GTK_DOC_TRUE@ gtkdoc-mkpdf --path="$(abs_srcdir)" $$mkpdf_options $(DOC_MODULE) $(DOC_MAIN_SGML_FILE) $(MKPDF_OPTIONS) +@ENABLE_GTK_DOC_TRUE@ @touch pdf-build.stamp + +############## + +@ENABLE_GTK_DOC_TRUE@clean-local: +@ENABLE_GTK_DOC_TRUE@ @rm -f *~ *.bak +@ENABLE_GTK_DOC_TRUE@ @rm -rf .libs + +@ENABLE_GTK_DOC_TRUE@distclean-local: +@ENABLE_GTK_DOC_TRUE@ @rm -rf xml html $(REPORT_FILES) $(DOC_MODULE).pdf \ +@ENABLE_GTK_DOC_TRUE@ $(DOC_MODULE)-decl-list.txt $(DOC_MODULE)-decl.txt +@ENABLE_GTK_DOC_TRUE@ @if test "$(abs_srcdir)" != "$(abs_builddir)" ; then \ +@ENABLE_GTK_DOC_TRUE@ rm -f $(SETUP_FILES) $(expand_content_files) $(DOC_MODULE).types; \ +@ENABLE_GTK_DOC_TRUE@ fi + +@ENABLE_GTK_DOC_TRUE@maintainer-clean-local: clean +@ENABLE_GTK_DOC_TRUE@ @rm -rf xml html + +@ENABLE_GTK_DOC_TRUE@install-data-local: +@ENABLE_GTK_DOC_TRUE@ @installfiles=`echo $(builddir)/html/*`; \ +@ENABLE_GTK_DOC_TRUE@ if test "$$installfiles" = '$(builddir)/html/*'; \ +@ENABLE_GTK_DOC_TRUE@ then echo 1>&2 'Nothing to install' ; \ +@ENABLE_GTK_DOC_TRUE@ else \ +@ENABLE_GTK_DOC_TRUE@ if test -n "$(DOC_MODULE_VERSION)"; then \ +@ENABLE_GTK_DOC_TRUE@ installdir="$(DESTDIR)$(TARGET_DIR)-$(DOC_MODULE_VERSION)"; \ +@ENABLE_GTK_DOC_TRUE@ else \ +@ENABLE_GTK_DOC_TRUE@ installdir="$(DESTDIR)$(TARGET_DIR)"; \ +@ENABLE_GTK_DOC_TRUE@ fi; \ +@ENABLE_GTK_DOC_TRUE@ $(mkinstalldirs) $${installdir} ; \ +@ENABLE_GTK_DOC_TRUE@ for i in $$installfiles; do \ +@ENABLE_GTK_DOC_TRUE@ echo ' $(INSTALL_DATA) '$$i ; \ +@ENABLE_GTK_DOC_TRUE@ $(INSTALL_DATA) $$i $${installdir}; \ +@ENABLE_GTK_DOC_TRUE@ done; \ +@ENABLE_GTK_DOC_TRUE@ if test -n "$(DOC_MODULE_VERSION)"; then \ +@ENABLE_GTK_DOC_TRUE@ mv -f $${installdir}/$(DOC_MODULE).devhelp2 \ +@ENABLE_GTK_DOC_TRUE@ $${installdir}/$(DOC_MODULE)-$(DOC_MODULE_VERSION).devhelp2; \ +@ENABLE_GTK_DOC_TRUE@ fi; \ +@ENABLE_GTK_DOC_TRUE@ $(GTKDOC_REBASE) --relative --dest-dir=$(DESTDIR) --html-dir=$${installdir}; \ +@ENABLE_GTK_DOC_TRUE@ fi + +@ENABLE_GTK_DOC_TRUE@uninstall-local: +@ENABLE_GTK_DOC_TRUE@ @if test -n "$(DOC_MODULE_VERSION)"; then \ +@ENABLE_GTK_DOC_TRUE@ installdir="$(DESTDIR)$(TARGET_DIR)-$(DOC_MODULE_VERSION)"; \ +@ENABLE_GTK_DOC_TRUE@ else \ +@ENABLE_GTK_DOC_TRUE@ installdir="$(DESTDIR)$(TARGET_DIR)"; \ +@ENABLE_GTK_DOC_TRUE@ fi; \ +@ENABLE_GTK_DOC_TRUE@ rm -rf $${installdir} + +# +# Require gtk-doc when making dist +# +@ENABLE_GTK_DOC_TRUE@dist-check-gtkdoc: +#dist-check-gtkdoc: +# @echo "*** gtk-doc must be installed and enabled in order to make dist" +# @false + +@ENABLE_GTK_DOC_TRUE@dist-hook: dist-check-gtkdoc dist-hook-local +@ENABLE_GTK_DOC_TRUE@ @mkdir $(distdir)/html +@ENABLE_GTK_DOC_TRUE@ @cp ./html/* $(distdir)/html +@ENABLE_GTK_DOC_TRUE@ @-cp ./$(DOC_MODULE).pdf $(distdir)/ +@ENABLE_GTK_DOC_TRUE@ @-cp ./$(DOC_MODULE).types $(distdir)/ +@ENABLE_GTK_DOC_TRUE@ @-cp ./$(DOC_MODULE)-sections.txt $(distdir)/ +@ENABLE_GTK_DOC_TRUE@ @cd $(distdir) && rm -f $(DISTCLEANFILES) +@ENABLE_GTK_DOC_TRUE@ @$(GTKDOC_REBASE) --online --relative --html-dir=$(distdir)/html + +@ENABLE_GTK_DOC_TRUE@.PHONY : dist-hook-local docs + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.AuthenticationAgent.xml b/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.AuthenticationAgent.xml new file mode 100644 index 00000000..ec596268 --- /dev/null +++ b/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.AuthenticationAgent.xml @@ -0,0 +1,138 @@ + + + + + org.freedesktop.PolicyKit1.AuthenticationAgent Interface + + + org.freedesktop.PolicyKit1.AuthenticationAgent Interface + Authentication Agent Interface + + + Methods + +BeginAuthentication (IN String action_id, + IN String message, + IN String icon_name, + IN Dict<String,String> details, + IN String cookie, + IN Array<Identity> identities) +CancelAuthentication (IN String cookie) + + + + Description + +This D-Bus interface is used for communication between the system-wide PolicyKit daemon and one or more authentication agents each running in a user session.An authentication agent must implement this interface and register (passing the object path of the object implementing the interface) using the RegisterAuthenticationAgent() and UnregisterAuthenticationAgent() methods on the org.freedesktop.PolicyKit1.Authority interface of the PolicyKit daemon. + + + + Method Details + + BeginAuthentication () + +BeginAuthentication (IN String action_id, + IN String message, + IN String icon_name, + IN Dict<String,String> details, + IN String cookie, + IN Array<Identity> identities) + + + + Called by the PolicyKit daemon when the authentication agent + needs the user to authenticate as one of the identities in + identities for the action with the + identifier action_id.Upon + succesful authentication, the authentication agent must invoke + the AuthenticationAgentResponse() + method on the org.freedesktop.PolicyKit1.Authority + interface of the PolicyKit daemon before returning. + + + The authentication agent should not return until after authentication is complete. + If the user dismisses the authentication dialog, the authentication agent should return the org.freedesktop.PolicyKit1.Error.Cancelled error. + + + + + + IN String action_id: + + +The identifier for the action that the user is authentication for. + + + + + IN String message: + + +The message to display to the user. This is translated into the locale passed when registering the authentication agent using RegisterAuthenticationAgent(). + + + + + IN String icon_name: + + +The themed icon describing the action or the empty string if no icon is set. + + + + + IN Dict<String,String> details: + + + Details about the authentication request. This is a dictionary + of key/value pairs where both key and value are strings. + Known key/value-pairs include + polkit.caller-pid (the process id of the + mechanism making the authorization check) and + polkit.subject-pid (the process id of the + subject the check is for). + + + + + IN String cookie: + + +A cookie identifying the authentication request. + + + + + IN Array<Identity> identities: + + +An array of Identity structs that the user can use for authentication. + + + + + + + CancelAuthentication () + +CancelAuthentication (IN String cookie) + + +Called by the PolicyKit daemon if the authentication agent needs to cancel an authentication dialog. + + + + IN String cookie: + + +The cookie identifying the authentication request. + + + + + + + diff --git a/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml b/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml new file mode 100644 index 00000000..6525e250 --- /dev/null +++ b/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml @@ -0,0 +1,912 @@ + + + + + org.freedesktop.PolicyKit1.Authority Interface + + + org.freedesktop.PolicyKit1.Authority Interface + Authority Interface + + + Methods + +Flags CheckAuthorizationFlags +Enumeration ImplicitAuthorization +ErrorDomain org.freedesktop.PolicyKit1.Error.* +Flags AuthorityFeatures +Structure Subject +Structure Identity +Structure ActionDescription +Structure AuthorizationResult +Structure TemporaryAuthorization + +EnumerateActions (IN String locale, + OUT Array<ActionDescription> action_descriptions) +CheckAuthorization (IN Subject subject, + IN String action_id, + IN Dict<String,String> details, + IN CheckAuthorizationFlags flags, + IN String cancellation_id, + OUT AuthorizationResult result) +CancelCheckAuthorization (IN String cancellation_id) +RegisterAuthenticationAgent (IN Subject subject, + IN String locale, + IN String object_path) +RegisterAuthenticationAgentWithOptions (IN Subject subject, + IN String locale, + IN String object_path, + IN Dict<String,Variant> options) +UnregisterAuthenticationAgent (IN Subject subject, + IN String object_path) +AuthenticationAgentResponse (IN String cookie, + IN Identity identity) +EnumerateTemporaryAuthorizations (IN Subject subject, + OUT Array<TemporaryAuthorization> temporary_authorizations) +RevokeTemporaryAuthorizations (IN Subject subject) +RevokeTemporaryAuthorizationById (IN String id) + + + + Signals + +Changed () + + + + Properties + +BackendName readable String +BackendVersion readable String +BackendFeatures readable AuthorityFeatures + + + + Description + +This D-Bus interface is implemented by the /org/freedesktop/PolicyKit1/Authority object on the well-known name org.freedesktop.PolicyKit1 on the system message bus. + + + + Enumerations + + The CheckAuthorizationFlags Flags + + +{ + None = 0x00000000, + AllowUserInteraction = 0x00000001 +} + + +Flags used in the CheckAuthorization() method. + + + + None + + +No flags set. + + + + + AllowUserInteraction + + +If the Subject can obtain the authorization through authentication, and an authentication agent is available, then attempt to do so. Note, this means that the CheckAuthorization() method will block while the user is being asked to authenticate. + + + + + + + + The ImplicitAuthorization Enumeration + + +{ + NotAuthorized = 0, + AuthenticationRequired = 1, + AdministratorAuthenticationRequired = 2, + AuthenticationRequiredRetained = 3, + AdministratorAuthenticationRequiredRetained = 4, + Authorized = 5 +} + + +An enumeration for granting implicit authorizations. + + + + NotAuthorized + + +The Subject is not authorized. + + + + + AuthenticationRequired + + +Authentication is required. + + + + + AdministratorAuthenticationRequired + + +Authentication as an administrator is required. + + + + + AuthenticationRequiredRetained + + +Authentication is required. If the authorization is obtained, it is retained. + + + + + AdministratorAuthenticationRequiredRetained + + +Authentication as an administrator is required. If the authorization is obtained, it is retained. + + + + + Authorized + + +The subject is authorized. + + + + + + + The org.freedesktop.PolicyKit1.Error.* Error Domain + + +{ + org.freedesktop.PolicyKit1.Error.Failed, + org.freedesktop.PolicyKit1.Error.Cancelled, + org.freedesktop.PolicyKit1.Error.NotSupported, + org.freedesktop.PolicyKit1.Error.NotAuthorized, + org.freedesktop.PolicyKit1.Error.CancellationIdNotUnique +} + + +Errors that can be returned by various method calls. + + + + org.freedesktop.PolicyKit1.Error.Failed + + +The operation failed. + + + + + org.freedesktop.PolicyKit1.Error.Cancelled + + +The operation was cancelled. + + + + + org.freedesktop.PolicyKit1.Error.NotSupported + + +The operation is not supported. + + + + + org.freedesktop.PolicyKit1.Error.NotAuthorized + + +You are not authorized to perform the requested operation. + + + + + org.freedesktop.PolicyKit1.Error.CancellationIdNotUnique + + +The passed cancellation_id is already in use. + + + + + + + + The AuthorityFeatures Flags + + +{ + None = 0x00000000, + TemporaryAuthorization = 0x00000001 +} + + +Flags describing features supported by the Authority implementation. + + + + None + + +No flags set. + + + + + TemporaryAuthorization + + +The authority supports temporary authorizations that can be obtained through authentication. + + + + + + + + + Structures + + The Subject Structure + + +{ + String subject_kind, + Dict<String,Variant> subject_details +} + + +This struct describes subjects such as UNIX processes. It is typically used to check if a given process is authorized for an action.The following kinds of subjects are known: Unix Processsubject_kind should be set to unix-process with keys pid (of type uint32) and start-time (of type uint64). Unix Sessionsubject_kind should be set to unix-session with the key session-id (of type string). System Bus Namesubject_kind should be set to system-bus-name with the key name (of type string). + + + + String subject_kind + + +The type of the subject. + + + + + Dict<String,Variant> subject_details + + +Details about the subject. Depending of the value of subject_kind, a set of well-defined key/value pairs are guaranteed to be available. + + + + + + + + The Identity Structure + + +{ + String identity_kind, + Dict<String,Variant> identity_details +} + + +This struct describes identities such as UNIX users and UNIX groups. It is typically used to check if a given process is authorized for an action.The following kinds of identities are known: Unix Useridentity_kind should be set to unix-user with key uid (of type uint32). Unix Groupidentity_kind should be set to unix-group with key gid (of type uint32). + + + + String identity_kind + + +Type of identity. + + + + + Dict<String,Variant> identity_details + + +Details about the identity. Depending of the value of identity_kind, a set of well-defined key/value pairs are guaranteed to be available. + + + + + + + + The ActionDescription Structure + + +{ + String action_id, + String description, + String message, + String vendor_name, + String vendor_url, + String icon_name, + ImplicitAuthorization implicit_any, + ImplicitAuthorization implicit_inactive, + ImplicitAuthorization implicit_active, + Dict<String,String> annotations +} + + +This struct describes actions registered with the PolicyKit daemon. + + + + String action_id + + +Action Identifier. + + + + + String description + + +Localized description of the action. + + + + + String message + + +Localized message to be displayed when making the user authenticate for an action. + + + + + String vendor_name + + +Name of the provider of the action or the empty string. + + + + + String vendor_url + + +A URL pointing to a place with more information about the action or the empty string. + + + + + String icon_name + + +The themed icon describing the action or the empty string if no icon is set. + + + + + ImplicitAuthorization implicit_any + + +A value from the ImplicitAuthorization. enumeration for implicit authorizations that apply to any Subject. + + + + + ImplicitAuthorization implicit_inactive + + +A value from the ImplicitAuthorization. enumeration for implicit authorizations that apply any Subject in an inactive user session on the local console. + + + + + ImplicitAuthorization implicit_active + + +A value from the ImplicitAuthorization. enumeration for implicit authorizations that apply any Subject in an active user session on the local console. + + + + + Dict<String,String> annotations + + +Annotations for the action. + + + + + + + + The AuthorizationResult Structure + + +{ + Boolean is_authorized, + Boolean is_challenge, + Dict<String,String> details +} + + +Describes the result of calling CheckAuthorization(). + + + + Boolean is_authorized + + +TRUE if the given Subject is authorized for the given action. + + + + + Boolean is_challenge + + +TRUE if the given Subject could be authorized if more information was provided, and CheckAuthorizationFlags.AllowUserInteraction wasn't passed or no suitable authentication agent was available. + + + + + Dict<String,String> details + + +Details for the result. Known key/value-pairs include polkit.temporary_authorization_id (if the authorization is temporary, this is set to the opaque temporary authorization id), polkit.retains_authorization_after_challenge (Set to a non-empty string if the authorization will be retained after authentication (if is_challenge is TRUE)), polkit.dismissed (Set to a non-empty string if the authentication dialog was dismissed by the user). + + + + + + + + The TemporaryAuthorization Structure + + +{ + String id, + String action_id, + Subject subject, + UInt64 time_obtained, + UInt64 time_expires +} + + +This struct describes a temporary authorization. + + + + String id + + +An opaque identifier for the temporary authorization. + + + + + String action_id + + +The action the temporary authorization is for. + + + + + Subject subject + + +The subject the temporary authorization is for. + + + + + UInt64 time_obtained + + +When the temporary authorization was obtained, in seconds since the Epoch Jan 1, 1970 0:00 UTC. +Note that the PolicyKit daemon is using monotonic time internally so the returned value may change if system time changes. + + + + + UInt64 time_expires + + +When the temporary authorization is set to expire, in seconds since the Epoch Jan 1, 1970 0:00 UTC. +Note that the PolicyKit daemon is using monotonic time internally so the returned value may change if system time changes. + + + + + + + + + Method Details + + EnumerateActions () + +EnumerateActions (IN String locale, + OUT Array<ActionDescription> action_descriptions) + + +Enumerates all registered PolicyKit actions. + + + + IN String locale: + + +The locale to get descriptions in or the blank string to use the system locale. + + + + + OUT Array<ActionDescription> action_descriptions: + + +An array of ActionDescription structs. + + + + + + + CheckAuthorization () + +CheckAuthorization (IN Subject subject, + IN String action_id, + IN Dict<String,String> details, + IN CheckAuthorizationFlags flags, + IN String cancellation_id, + OUT AuthorizationResult result) + + + + Checks if subject is authorized to + perform the action with identifier + action_id + + + If cancellation_id is non-empty and + already in use for the caller, the org.freedesktop.PolicyKit1.Error.CancellationIdNotUnique + error is returned. + + + Note that CheckAuthorizationFlags.AllowUserInteraction + SHOULD be passed ONLY if the event that triggered the + authorization check is stemming from an user action, e.g. the + user pressing a button or attaching a device. + + + + + + + IN Subject subject: + + +A Subject struct. + + + + + IN String action_id: + + +Identifier for the action that subject is attempting to do. + + + + + IN Dict<String,String> details: + + +Details describing the action. Keys starting with polkit. are can only be set if defined in this document. + + + Known keys include polkit.message and + polkit.gettext_domain that can be used to + override the message shown to the user. This latter is needed + because the user could be running an authentication agent in + another locale than the calling process. + + + The (translated version of) polkit.message + may include references to other keys that are expanded with + their respective values. For example if the key + device_file has the value + /dev/sda then the message + "Authenticate to format $(device_file)" is + expanded to "Authenticate to format + /dev/sda". + + + The key polkit.icon_name is used to override the icon shown in the authentication dialog. + + + If non-empty, then the request will fail with + org.freedesktop.PolicyKit1.Error.Failed + unless the process doing the check itsef is sufficiently authorized (e.g. running as uid 0). + + + + + IN CheckAuthorizationFlags flags: + + +A set of CheckAuthorizationFlags. + + + + + IN String cancellation_id: + + +A unique id used to cancel the the authentication check via CancelCheckAuthorization() or the empty string if cancellation is not needed. + + + + + OUT AuthorizationResult result: + + +An AuthorizationResult structure. + + + + + + + CancelCheckAuthorization () + +CancelCheckAuthorization (IN String cancellation_id) + + +Cancels an authorization check. + + + + IN String cancellation_id: + + +The cancellation_id passed to CheckAuthorization(). + + + + + + + RegisterAuthenticationAgent () + +RegisterAuthenticationAgent (IN Subject subject, + IN String locale, + IN String object_path) + + +Register an authentication agent.Note that current versions of PolicyKit will only work if session_id is set to the empty string. In the future it might work for non-empty strings if the caller is sufficiently privileged. + + + + IN Subject subject: + + +The subject to register the authentication agent for, typically a session subject. + + + + + IN String locale: + + +The locale of the authentication agent. + + + + + IN String object_path: + + +The object path of authentication agent object on the unique name of the caller. + + + + + + + + RegisterAuthenticationAgentWithOptions () + +RegisterAuthenticationAgentWithOptions (IN Subject subject, + IN String locale, + IN String object_path, + IN Dict<String,Variant> options) + + +Like RegisterAuthenticationAgent but takes additional options. If the option fallback (of type Boolean) is TRUE, then the authentcation agent will only be used as a fallback, e.g. if another agent (without the fallback option set TRUE) is available, it will be used instead. + + + + + UnregisterAuthenticationAgent () + +UnregisterAuthenticationAgent (IN Subject subject, + IN String object_path) + + +Unregister an authentication agent. + + + + IN Subject subject: + + +The subject passed to RegisterAuthenticationAgent(). + + + + + IN String object_path: + + +The object_path passed to RegisterAuthenticationAgent(). + + + + + + + AuthenticationAgentResponse () + +AuthenticationAgentResponse (IN String cookie, + IN Identity identity) + + +Method for authentication agents to invoke on successful authentication. This method will fail unless a sufficiently privileged caller invokes it. + + + + IN String cookie: + + +The cookie identifying the authentication request that was passed to the authentication agent. + + + + + IN Identity identity: + + +A Identity struct describing what identity was authenticated. + + + + + + + EnumerateTemporaryAuthorizations () + +EnumerateTemporaryAuthorizations (IN Subject subject, + OUT Array<TemporaryAuthorization> temporary_authorizations) + + +Retrieves all temporary authorizations that applies to subject. + + + + IN Subject subject: + + +The subject to get temporary authorizations for. + + + + + OUT Array<TemporaryAuthorization> temporary_authorizations: + + +An array of TemporaryAuthorization structs. + + + + + + + RevokeTemporaryAuthorizations () + +RevokeTemporaryAuthorizations (IN Subject subject) + + +Revokes all temporary authorizations that applies to subject. + + + + IN Subject subject: + + +The subject to revoke temporary authorizations from. + + + + + + + RevokeTemporaryAuthorizationById () + +RevokeTemporaryAuthorizationById (IN String id) + + +Revokes all temporary authorizations that applies to subject. + + + + IN String id: + + +The opaque identifier of the temporary authorization. + + + + + + + + Signal Details + + The "Changed" signal + +Changed () + + +This signal is emitted when actions and/or authorizations change + + + + + + + Property Details + + The "BackendName" property + +BackendName readable String + + +The name of the currently used Authority backend. + + + + The "BackendVersion" property + +BackendVersion readable String + + +The version of the currently used Authority backend. + + + + The "BackendFeatures" property + +BackendFeatures readable AuthorityFeatures + + +The features supported by the currently used Authority backend. + + + + diff --git a/docs/polkit/html/Identities.html b/docs/polkit/html/Identities.html new file mode 100644 index 00000000..f2155584 --- /dev/null +++ b/docs/polkit/html/Identities.html @@ -0,0 +1,44 @@ + + + + +Identities + + + + + + + + + + + + + + + + +
+

+Identities

+
+
+PolkitIdentity — Type for representing identities +
+
+PolkitUnixUser — Unix users +
+
+PolkitUnixGroup — Unix groups +
+
+PolkitUnixNetgroup — Unix netgroups +
+
+
+
+
+ Generated by GTK-Doc V1.18
+ + \ No newline at end of file diff --git a/docs/polkit/html/PolkitActionDescription.html b/docs/polkit/html/PolkitActionDescription.html new file mode 100644 index 00000000..30cc1f73 --- /dev/null +++ b/docs/polkit/html/PolkitActionDescription.html @@ -0,0 +1,388 @@ + + + + +PolkitActionDescription + + + + + + + + + + + + + + + + + + + +
+
+
+ + +
+

PolkitActionDescription

+

PolkitActionDescription — Description of Actions

+
+
+

Synopsis

+
                    PolkitActionDescription;
+enum                PolkitImplicitAuthorization;
+const gchar *       polkit_action_description_get_action_id
+                                                        (PolkitActionDescription *action_description);
+const gchar *       polkit_action_description_get_description
+                                                        (PolkitActionDescription *action_description);
+const gchar *       polkit_action_description_get_message
+                                                        (PolkitActionDescription *action_description);
+const gchar *       polkit_action_description_get_vendor_name
+                                                        (PolkitActionDescription *action_description);
+const gchar *       polkit_action_description_get_vendor_url
+                                                        (PolkitActionDescription *action_description);
+const gchar *       polkit_action_description_get_icon_name
+                                                        (PolkitActionDescription *action_description);
+PolkitImplicitAuthorization polkit_action_description_get_implicit_any
+                                                        (PolkitActionDescription *action_description);
+PolkitImplicitAuthorization polkit_action_description_get_implicit_inactive
+                                                        (PolkitActionDescription *action_description);
+PolkitImplicitAuthorization polkit_action_description_get_implicit_active
+                                                        (PolkitActionDescription *action_description);
+const gchar *       polkit_action_description_get_annotation
+                                                        (PolkitActionDescription *action_description,
+                                                         const gchar *key);
+
+
+
+

Object Hierarchy

+
+  GObject
+   +----PolkitActionDescription
+
+
+  GEnum
+   +----PolkitImplicitAuthorization
+
+
+
+

Description

+

+Object used to encapsulate a registered action. +

+
+
+

Details

+
+

PolkitActionDescription

+
typedef struct _PolkitActionDescription PolkitActionDescription;
+

+The PolkitActionDescription struct should not be accessed directly. +

+
+
+
+

enum PolkitImplicitAuthorization

+
typedef enum {
+  POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN = -1,
+  POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED = 0,
+  POLKIT_IMPLICIT_AUTHORIZATION_AUTHENTICATION_REQUIRED = 1,
+  POLKIT_IMPLICIT_AUTHORIZATION_ADMINISTRATOR_AUTHENTICATION_REQUIRED = 2,
+  POLKIT_IMPLICIT_AUTHORIZATION_AUTHENTICATION_REQUIRED_RETAINED = 3,
+  POLKIT_IMPLICIT_AUTHORIZATION_ADMINISTRATOR_AUTHENTICATION_REQUIRED_RETAINED = 4,
+  POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED = 5,
+} PolkitImplicitAuthorization;
+
+

+Possible implicit authorizations. +

+
++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN

Unknown whether the subject is authorized, never returned in any public API. +

POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED

Subject is not authorized. +

POLKIT_IMPLICIT_AUTHORIZATION_AUTHENTICATION_REQUIRED

Authentication is required. +

POLKIT_IMPLICIT_AUTHORIZATION_ADMINISTRATOR_AUTHENTICATION_REQUIRED

Authentication as an administrator is required. +

POLKIT_IMPLICIT_AUTHORIZATION_AUTHENTICATION_REQUIRED_RETAINED

Authentication is required. If the authorization is obtained, it is retained. +

POLKIT_IMPLICIT_AUTHORIZATION_ADMINISTRATOR_AUTHENTICATION_REQUIRED_RETAINED

Authentication as an administrator is required. If the authorization is obtained, it is retained. +

POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED

The subject is authorized +
+
+
+
+

polkit_action_description_get_action_id ()

+
const gchar *       polkit_action_description_get_action_id
+                                                        (PolkitActionDescription *action_description);
+

+Gets the action id for action_description. +

+
++ + + + + + + + + + +

action_description :

A PolkitActionDescription.

Returns :

A string owned by action_description. Do not free.
+
+
+
+

polkit_action_description_get_description ()

+
const gchar *       polkit_action_description_get_description
+                                                        (PolkitActionDescription *action_description);
+

+Gets the description used for action_description. +

+
++ + + + + + + + + + +

action_description :

A PolkitActionDescription.

Returns :

A string owned by action_description. Do not free.
+
+
+
+

polkit_action_description_get_message ()

+
const gchar *       polkit_action_description_get_message
+                                                        (PolkitActionDescription *action_description);
+

+Gets the message used for action_description. +

+
++ + + + + + + + + + +

action_description :

A PolkitActionDescription.

Returns :

A string owned by action_description. Do not free.
+
+
+
+

polkit_action_description_get_vendor_name ()

+
const gchar *       polkit_action_description_get_vendor_name
+                                                        (PolkitActionDescription *action_description);
+

+Gets the vendor name for action_description, if any. +

+
++ + + + + + + + + + +

action_description :

A PolkitActionDescription.

Returns :

A string owned by action_description. Do not free.
+
+
+
+

polkit_action_description_get_vendor_url ()

+
const gchar *       polkit_action_description_get_vendor_url
+                                                        (PolkitActionDescription *action_description);
+

+Gets the vendor URL for action_description, if any. +

+
++ + + + + + + + + + +

action_description :

A PolkitActionDescription.

Returns :

A string owned by action_description. Do not free.
+
+
+
+

polkit_action_description_get_icon_name ()

+
const gchar *       polkit_action_description_get_icon_name
+                                                        (PolkitActionDescription *action_description);
+

+Gets the icon name for action_description, if any. +

+
++ + + + + + + + + + +

action_description :

A PolkitActionDescription.

Returns :

A string owned by action_description. Do not free.
+
+
+
+

polkit_action_description_get_implicit_any ()

+
PolkitImplicitAuthorization polkit_action_description_get_implicit_any
+                                                        (PolkitActionDescription *action_description);
+

+Gets the implicit authorization for action_description used for +any subject. +

+
++ + + + + + + + + + +

action_description :

A PolkitActionDescription.

Returns :

A value from the PolkitImplicitAuthorization enumeration.
+
+
+
+

polkit_action_description_get_implicit_inactive ()

+
PolkitImplicitAuthorization polkit_action_description_get_implicit_inactive
+                                                        (PolkitActionDescription *action_description);
+

+Gets the implicit authorization for action_description used for +subjects in inactive sessions on a local console. +

+
++ + + + + + + + + + +

action_description :

A PolkitActionDescription.

Returns :

A value from the PolkitImplicitAuthorization enumeration.
+
+
+
+

polkit_action_description_get_implicit_active ()

+
PolkitImplicitAuthorization polkit_action_description_get_implicit_active
+                                                        (PolkitActionDescription *action_description);
+

+Gets the implicit authorization for action_description used for +subjects in active sessions on a local console. +

+
++ + + + + + + + + + +

action_description :

A PolkitActionDescription.

Returns :

A value from the PolkitImplicitAuthorization enumeration.
+
+
+
+

polkit_action_description_get_annotation ()

+
const gchar *       polkit_action_description_get_annotation
+                                                        (PolkitActionDescription *action_description,
+                                                         const gchar *key);
+

+Get the value of the annotation with key. +

+
++ + + + + + + + + + + + + + +

action_description :

A PolkitActionDescription.

key :

An annotation key.

Returns :

 +NULL if there is no annoation with key, +otherwise the annotation value owned by action_description. Do not +free. [allow-none] +
+
+
+
+
+
+ Generated by GTK-Doc V1.18
+ + \ No newline at end of file diff --git a/docs/polkit/html/PolkitAgentListener.html b/docs/polkit/html/PolkitAgentListener.html new file mode 100644 index 00000000..6b3ea089 --- /dev/null +++ b/docs/polkit/html/PolkitAgentListener.html @@ -0,0 +1,451 @@ + + + + +PolkitAgentListener + + + + + + + + + + + + + + + + + + + +
+
+
+ + +
+

PolkitAgentListener

+

PolkitAgentListener — Abstract base class for Authentication Agents

+
+
+

Stability Level

+Unstable, unless otherwise indicated +
+
+

Synopsis

+
                    PolkitAgentListener;
+struct              PolkitAgentListenerClass;
+void                polkit_agent_listener_initiate_authentication
+                                                        (PolkitAgentListener *listener,
+                                                         const gchar *action_id,
+                                                         const gchar *message,
+                                                         const gchar *icon_name,
+                                                         PolkitDetails *details,
+                                                         const gchar *cookie,
+                                                         GList *identities,
+                                                         GCancellable *cancellable,
+                                                         GAsyncReadyCallback callback,
+                                                         gpointer user_data);
+gboolean            polkit_agent_listener_initiate_authentication_finish
+                                                        (PolkitAgentListener *listener,
+                                                         GAsyncResult *res,
+                                                         GError **error);
+enum                PolkitAgentRegisterFlags;
+gpointer            polkit_agent_listener_register      (PolkitAgentListener *listener,
+                                                         PolkitAgentRegisterFlags flags,
+                                                         PolkitSubject *subject,
+                                                         const gchar *object_path,
+                                                         GCancellable *cancellable,
+                                                         GError **error);
+gpointer            polkit_agent_listener_register_with_options
+                                                        (PolkitAgentListener *listener,
+                                                         PolkitAgentRegisterFlags flags,
+                                                         PolkitSubject *subject,
+                                                         const gchar *object_path,
+                                                         GVariant *options,
+                                                         GCancellable *cancellable,
+                                                         GError **error);
+void                polkit_agent_listener_unregister    (gpointer registration_handle);
+
+
+
+

Object Hierarchy

+
+  GObject
+   +----PolkitAgentListener
+         +----PolkitAgentTextListener
+
+
+
+

Description

+

+PolkitAgentListener is an abstract base class used for implementing authentication +agents. To implement an authentication agent, simply subclass PolkitAgentListener and +implement the initiate_authentication and initiate_authentication_finish methods. +

+

+Typically authentication agents use PolkitAgentSession to +authenticate users (via passwords) and communicate back the +authentication result to the PolicyKit daemon. This is however not +requirement. Depending on the system an authentication agent may +use other means (such as a Yes/No dialog) to obtain sufficient +evidence that the user is one of the requested identities. +

+

+To register a PolkitAgentListener with the PolicyKit daemon, use +polkit_agent_listener_register() or +polkit_agent_listener_register_with_options(). +

+
+
+

Details

+
+

PolkitAgentListener

+
typedef struct _PolkitAgentListener PolkitAgentListener;
+

+The PolkitAgentListener struct should not be accessed directly. +

+
+
+
+

struct PolkitAgentListenerClass

+
struct PolkitAgentListenerClass {
+  GObjectClass parent_class;
+
+  /* Vtable */
+  void     (*initiate_authentication)        (PolkitAgentListener  *listener,
+                                              const gchar          *action_id,
+                                              const gchar          *message,
+                                              const gchar          *icon_name,
+                                              PolkitDetails        *details,
+                                              const gchar          *cookie,
+                                              GList                *identities,
+                                              GCancellable         *cancellable,
+                                              GAsyncReadyCallback   callback,
+                                              gpointer              user_data);
+
+  gboolean (*initiate_authentication_finish) (PolkitAgentListener  *listener,
+                                              GAsyncResult         *res,
+                                              GError              **error);
+};
+
+

+VFuncs that authentication agents needs to implement. +

+
++ + + + + + + + + + + + + + +

GObjectClass parent_class;

The parent class.

initiate_authentication ()

Handle an authentication request, see polkit_agent_listener_initiate_authentication().

initiate_authentication_finish ()

Finishes handling an authentication request, see polkit_agent_listener_initiate_authentication_finish().
+
+
+
+

polkit_agent_listener_initiate_authentication ()

+
void                polkit_agent_listener_initiate_authentication
+                                                        (PolkitAgentListener *listener,
+                                                         const gchar *action_id,
+                                                         const gchar *message,
+                                                         const gchar *icon_name,
+                                                         PolkitDetails *details,
+                                                         const gchar *cookie,
+                                                         GList *identities,
+                                                         GCancellable *cancellable,
+                                                         GAsyncReadyCallback callback,
+                                                         gpointer user_data);
+

+Called on a registered authentication agent (see +polkit_agent_listener_register()) when the user owning the session +needs to prove he is one of the identities listed in identities. +

+

+When the user is done authenticating (for example by dismissing an +authentication dialog or by successfully entering a password or +otherwise proving the user is one of the identities in +identities), callback will be invoked. The caller then calls +polkit_agent_listener_initiate_authentication_finish() to get the +result. +

+

+PolkitAgentListener derived subclasses imlementing this method +MUST not ignore cancellable; callers of this +function can and will use it. Additionally, callback must be +invoked in the thread-default main +loop of the thread that this method is called from. +

+
++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

listener :

A PolkitAgentListener.

action_id :

The action to authenticate for.

message :

The message to present to the user.

icon_name :

A themed icon name representing the action or NULL.

details :

Details describing the action.

cookie :

The cookie for the authentication request.

identities :

A list of PolkitIdentity objects that the user can choose to authenticate as.

cancellable :

A GCancellable.

callback :

Function to call when the user is done authenticating.

user_data :

Data to pass to callback.
+
+
+
+

polkit_agent_listener_initiate_authentication_finish ()

+
gboolean            polkit_agent_listener_initiate_authentication_finish
+                                                        (PolkitAgentListener *listener,
+                                                         GAsyncResult *res,
+                                                         GError **error);
+

+Finishes an authentication request from the PolicyKit daemon, see +polkit_agent_listener_initiate_authentication() for details. +

+
++ + + + + + + + + + + + + + + + + + +

listener :

A PolkitAgentListener.

res :

A GAsyncResult obtained from the GAsyncReadyCallback function passed to polkit_agent_listener_initiate_authentication().

error :

Return location for error.

Returns :

 +TRUE if error is set.
+
+
+
+

enum PolkitAgentRegisterFlags

+
typedef enum {
+  POLKIT_AGENT_REGISTER_FLAGS_NONE = 0,
+  POLKIT_AGENT_REGISTER_FLAGS_RUN_IN_THREAD = (1<<0)
+} PolkitAgentRegisterFlags;
+
+

+Flags used in polkit_agent_listener_register(). +

+
++ + + + + + + + + + +

POLKIT_AGENT_REGISTER_FLAGS_NONE

No flags are set. +

POLKIT_AGENT_REGISTER_FLAGS_RUN_IN_THREAD

Run the listener in a dedicated thread. +
+
+
+
+

polkit_agent_listener_register ()

+
gpointer            polkit_agent_listener_register      (PolkitAgentListener *listener,
+                                                         PolkitAgentRegisterFlags flags,
+                                                         PolkitSubject *subject,
+                                                         const gchar *object_path,
+                                                         GCancellable *cancellable,
+                                                         GError **error);
+

+Registers listener with the PolicyKit daemon as an authentication +agent for subject. This is implemented by registering a D-Bus +object at object_path on the unique name assigned by the system +message bus. +

+

+Whenever the PolicyKit daemon needs to authenticate a processes +that is related to subject, the methods +polkit_agent_listener_initiate_authentication() and +polkit_agent_listener_initiate_authentication_finish() will be +invoked on listener. +

+

+Note that registration of an authentication agent can fail; for +example another authentication agent may already be registered for +subject. +

+

+Note that the calling thread is blocked until a reply is received. +

+
++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

listener :

A PolkitAgentListener.

flags :

A set of flags from the PolkitAgentRegisterFlags enumeration.

subject :

The subject to become an authentication agent for, typically a PolkitUnixSession object.

object_path :

The D-Bus object path to use for the authentication agent or NULL for the default object path.

cancellable :

A GCancellable or NULL.

error :

Return location for error.

Returns :

 +NULL if error is set, otherwise a +registration handle that can be used with +polkit_agent_listener_unregister(). [transfer full] +
+
+
+
+

polkit_agent_listener_register_with_options ()

+
gpointer            polkit_agent_listener_register_with_options
+                                                        (PolkitAgentListener *listener,
+                                                         PolkitAgentRegisterFlags flags,
+                                                         PolkitSubject *subject,
+                                                         const gchar *object_path,
+                                                         GVariant *options,
+                                                         GCancellable *cancellable,
+                                                         GError **error);
+

+Like polkit_agent_listener_register() but takes options to influence registration. See the +RegisterAuthenticationAgentWithOptions() D-Bus method for details. +

+
++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

listener :

A PolkitAgentListener.

flags :

A set of flags from the PolkitAgentRegisterFlags enumeration.

subject :

The subject to become an authentication agent for, typically a PolkitUnixSession object.

object_path :

The D-Bus object path to use for the authentication agent or NULL for the default object path.

options :

A GVariant with options or NULL. [allow-none] +

cancellable :

A GCancellable or NULL.

error :

Return location for error.

Returns :

 +NULL if error is set, otherwise a +registration handle that can be used with +polkit_agent_listener_unregister(). [transfer full] +
+
+
+
+

polkit_agent_listener_unregister ()

+
void                polkit_agent_listener_unregister    (gpointer registration_handle);
+

+Unregisters listener. +

+
++ + + + +

registration_handle :

A handle obtained from polkit_agent_listener_register().
+
+
+
+
+
+ Generated by GTK-Doc V1.18
+ + \ No newline at end of file diff --git a/docs/polkit/html/PolkitAgentSession.html b/docs/polkit/html/PolkitAgentSession.html new file mode 100644 index 00000000..a46332bd --- /dev/null +++ b/docs/polkit/html/PolkitAgentSession.html @@ -0,0 +1,366 @@ + + + + +PolkitAgentSession + + + + + + + + + + + + + + + + + + + +
+
+
+ + +
+

PolkitAgentSession

+

PolkitAgentSession — Authentication Session

+
+
+

Stability Level

+Unstable, unless otherwise indicated +
+
+

Synopsis

+
                    PolkitAgentSession;
+PolkitAgentSession * polkit_agent_session_new           (PolkitIdentity *identity,
+                                                         const gchar *cookie);
+void                polkit_agent_session_initiate       (PolkitAgentSession *session);
+void                polkit_agent_session_response       (PolkitAgentSession *session,
+                                                         const gchar *response);
+void                polkit_agent_session_cancel         (PolkitAgentSession *session);
+
+
+
+

Object Hierarchy

+
+  GObject
+   +----PolkitAgentSession
+
+
+
+

Properties

+
+  "cookie"                   gchar*                : Read / Write / Construct Only
+  "identity"                 PolkitIdentity*       : Read / Write / Construct Only
+
+
+
+

Signals

+
+  "completed"                                      : Run Last
+  "request"                                        : Run Last
+  "show-error"                                     : Run Last
+  "show-info"                                      : Run Last
+
+
+
+

Description

+

+The PolkitAgentSession class is an abstraction used for interacting with the +native authentication system (for example PAM) for obtaining authorizations. +This class is typically used together with instances that are derived from +the PolkitAgentListener abstract base class. +

+

+To perform the actual authentication, PolkitAgentSession uses a trusted suid helper. +The authentication conversation is done through a pipe. This is transparent; the user +only need to handle the +"request", +"show-info", +"show-error" and +"completed" +signals and invoke polkit_agent_session_response() in response to requests. +

+

+If the user successfully authenticates, the authentication helper will invoke +a method on the PolicyKit daemon (see polkit_authority_authentication_agent_response_sync()) +with the given cookie. Upon receiving a positive response from the PolicyKit daemon (via +the authentication helper), the "completed" signal will be emitted +with the gained_authorization paramter set to TRUE. +

+

+If the user is unable to authenticate, the "completed" signal will +be emitted with the gained_authorization paramter set to FALSE. +

+
+
+

Details

+
+

PolkitAgentSession

+
typedef struct _PolkitAgentSession PolkitAgentSession;
+

+The PolkitAgentSession struct should not be accessed directly. +

+
+
+
+

polkit_agent_session_new ()

+
PolkitAgentSession * polkit_agent_session_new           (PolkitIdentity *identity,
+                                                         const gchar *cookie);
+

+Creates a new authentication session. +

+

+The caller should connect to the +"request", +"show-info", +"show-error" and +"completed" +signals and then call polkit_agent_session_initiate() to initiate the authentication session. +

+
++ + + + + + + + + + + + + + +

identity :

The identity to authenticate.

cookie :

The cookie obtained from the PolicyKit daemon

Returns :

A PolkitAgentSession. Free with g_object_unref().
+
+
+
+

polkit_agent_session_initiate ()

+
void                polkit_agent_session_initiate       (PolkitAgentSession *session);
+

+Initiates the authentication session. Before calling this method, +make sure to connect to the various signals. The signals will be +emitted in the thread-default main +loop that this method is invoked from. +

+

+Use polkit_agent_session_cancel() to cancel the session. +

+
++ + + + +

session :

A PolkitAgentSession.
+
+
+
+

polkit_agent_session_response ()

+
void                polkit_agent_session_response       (PolkitAgentSession *session,
+                                                         const gchar *response);
+

+Function for providing response to requests received +via the "request" signal. +

+
++ + + + + + + + + + +

session :

A PolkitAgentSession.

response :

Response from the user, typically a password.
+
+
+
+

polkit_agent_session_cancel ()

+
void                polkit_agent_session_cancel         (PolkitAgentSession *session);
+

+Cancels an authentication session. This will make session emit the "completed" +signal. +

+
++ + + + +

session :

A PolkitAgentSession.
+
+
+
+

Property Details

+
+

The "cookie" property

+
  "cookie"                   gchar*                : Read / Write / Construct Only
+

+The cookie obtained from the PolicyKit daemon +

+

Default value: NULL

+
+
+
+

The "identity" property

+
  "identity"                 PolkitIdentity*       : Read / Write / Construct Only
+

+The identity to authenticate. +

+
+
+
+

Signal Details

+
+

The "completed" signal

+
void                user_function                      (PolkitAgentSession *session,
+                                                        gboolean            gained_authorization,
+                                                        gpointer            user_data)                 : Run Last
+

+Emitted when the authentication session has been completed or +cancelled. The gained_authorization parameter is TRUE only if +the user successfully authenticated. +

+

+Upon receiving this signal, the user should free session using g_object_unref(). +

+
++ + + + + + + + + + + + + + +

session :

A PolkitAgentSession.

gained_authorization :

 +TRUE only if the authorization was successfully obtained.

user_data :

user data set when the signal handler was connected.
+
+
+
+

The "request" signal

+
void                user_function                      (PolkitAgentSession *session,
+                                                        gchar              *request,
+                                                        gboolean            echo_on,
+                                                        gpointer            user_data)      : Run Last
+

+Emitted when the user is requested to answer a question. +

+

+When the response has been collected from the user, call polkit_agent_session_response(). +

+
++ + + + + + + + + + + + + + + + + + +

session :

A PolkitAgentSession.

request :

The request to show the user, e.g. "name: " or "password: ".

echo_on :

 +TRUE if the response to the request SHOULD be echoed on the +screen, FALSE if the response MUST NOT be echoed to the screen.

user_data :

user data set when the signal handler was connected.
+
+
+
+

The "show-error" signal

+
void                user_function                      (PolkitAgentSession *session,
+                                                        gchar              *text,
+                                                        gpointer            user_data)      : Run Last
+

+Emitted when there is information related to an error condition to be displayed to the user. +

+
++ + + + + + + + + + + + + + +

session :

A PolkitAgentSession.

text :

An error string to display to the user.

user_data :

user data set when the signal handler was connected.
+
+
+
+

The "show-info" signal

+
void                user_function                      (PolkitAgentSession *session,
+                                                        gchar              *text,
+                                                        gpointer            user_data)      : Run Last
+

+Emitted when there is information to be displayed to the user. +

+
++ + + + + + + + + + + + + + +

session :

A PolkitAgentSession.

text :

A string to display to the user.

user_data :

user data set when the signal handler was connected.
+
+
+
+
+
+ Generated by GTK-Doc V1.18
+ + \ No newline at end of file diff --git a/docs/polkit/html/PolkitAgentTextListener.html b/docs/polkit/html/PolkitAgentTextListener.html new file mode 100644 index 00000000..77abf24b --- /dev/null +++ b/docs/polkit/html/PolkitAgentTextListener.html @@ -0,0 +1,118 @@ + + + + +PolkitAgentTextListener + + + + + + + + + + + + + + + + + + + +
+
+
+ + +
+

PolkitAgentTextListener

+

PolkitAgentTextListener — Text-based Authentication Agent

+
+
+

Stability Level

+Unstable, unless otherwise indicated +
+
+

Synopsis

+
                    PolkitAgentTextListener;
+PolkitAgentListener * polkit_agent_text_listener_new    (GCancellable *cancellable,
+                                                         GError **error);
+
+
+
+

Object Hierarchy

+
+  GObject
+   +----PolkitAgentListener
+         +----PolkitAgentTextListener
+
+
+
+

Implemented Interfaces

+

+PolkitAgentTextListener implements + GInitable.

+
+
+

Description

+

+PolkitAgentTextListener is an PolkitAgentListener implementation +that interacts with the user using a textual interface. +

+
+
+

Details

+
+

PolkitAgentTextListener

+
typedef struct _PolkitAgentTextListener PolkitAgentTextListener;
+

+The PolkitAgentTextListener struct should not be accessed directly. +

+
+
+
+

polkit_agent_text_listener_new ()

+
PolkitAgentListener * polkit_agent_text_listener_new    (GCancellable *cancellable,
+                                                         GError **error);
+

+Creates a new PolkitAgentTextListener for authenticating the user +via an textual interface on the controlling terminal +(e.g. /dev/tty). This can fail if e.g. the +current process has no controlling terminal. +

+
++ + + + + + + + + + + + + + +

cancellable :

A GCancellable or NULL.

error :

Return location for error or NULL.

Returns :

A PolkitAgentTextListener or NULL if error is set. Free with g_object_unref() when done with it.
+
+
+
+
+
+ Generated by GTK-Doc V1.18
+ + \ No newline at end of file diff --git a/docs/polkit/html/PolkitAuthority.html b/docs/polkit/html/PolkitAuthority.html new file mode 100644 index 00000000..31b01203 --- /dev/null +++ b/docs/polkit/html/PolkitAuthority.html @@ -0,0 +1,1871 @@ + + + + +PolkitAuthority + + + + + + + + + + + + + + + + + + + +
+
+
+ + +
+

PolkitAuthority

+

PolkitAuthority — Authority

+
+
+

Stability Level

+Stable, unless otherwise indicated +
+
+

Synopsis

+
                    PolkitAuthority;
+enum                PolkitAuthorityFeatures;
+enum                PolkitCheckAuthorizationFlags;
+void                polkit_authority_get_async          (GCancellable *cancellable,
+                                                         GAsyncReadyCallback callback,
+                                                         gpointer user_data);
+PolkitAuthority *   polkit_authority_get_finish         (GAsyncResult *res,
+                                                         GError **error);
+PolkitAuthority *   polkit_authority_get_sync           (GCancellable *cancellable,
+                                                         GError **error);
+gchar *             polkit_authority_get_owner          (PolkitAuthority *authority);
+const gchar *       polkit_authority_get_backend_name   (PolkitAuthority *authority);
+const gchar *       polkit_authority_get_backend_version
+                                                        (PolkitAuthority *authority);
+PolkitAuthorityFeatures polkit_authority_get_backend_features
+                                                        (PolkitAuthority *authority);
+void                polkit_authority_check_authorization
+                                                        (PolkitAuthority *authority,
+                                                         PolkitSubject *subject,
+                                                         const gchar *action_id,
+                                                         PolkitDetails *details,
+                                                         PolkitCheckAuthorizationFlags flags,
+                                                         GCancellable *cancellable,
+                                                         GAsyncReadyCallback callback,
+                                                         gpointer user_data);
+PolkitAuthorizationResult * polkit_authority_check_authorization_finish
+                                                        (PolkitAuthority *authority,
+                                                         GAsyncResult *res,
+                                                         GError **error);
+PolkitAuthorizationResult * polkit_authority_check_authorization_sync
+                                                        (PolkitAuthority *authority,
+                                                         PolkitSubject *subject,
+                                                         const gchar *action_id,
+                                                         PolkitDetails *details,
+                                                         PolkitCheckAuthorizationFlags flags,
+                                                         GCancellable *cancellable,
+                                                         GError **error);
+void                polkit_authority_enumerate_actions  (PolkitAuthority *authority,
+                                                         GCancellable *cancellable,
+                                                         GAsyncReadyCallback callback,
+                                                         gpointer user_data);
+GList *             polkit_authority_enumerate_actions_finish
+                                                        (PolkitAuthority *authority,
+                                                         GAsyncResult *res,
+                                                         GError **error);
+GList *             polkit_authority_enumerate_actions_sync
+                                                        (PolkitAuthority *authority,
+                                                         GCancellable *cancellable,
+                                                         GError **error);
+void                polkit_authority_register_authentication_agent
+                                                        (PolkitAuthority *authority,
+                                                         PolkitSubject *subject,
+                                                         const gchar *locale,
+                                                         const gchar *object_path,
+                                                         GCancellable *cancellable,
+                                                         GAsyncReadyCallback callback,
+                                                         gpointer user_data);
+gboolean            polkit_authority_register_authentication_agent_finish
+                                                        (PolkitAuthority *authority,
+                                                         GAsyncResult *res,
+                                                         GError **error);
+gboolean            polkit_authority_register_authentication_agent_sync
+                                                        (PolkitAuthority *authority,
+                                                         PolkitSubject *subject,
+                                                         const gchar *locale,
+                                                         const gchar *object_path,
+                                                         GCancellable *cancellable,
+                                                         GError **error);
+void                polkit_authority_register_authentication_agent_with_options
+                                                        (PolkitAuthority *authority,
+                                                         PolkitSubject *subject,
+                                                         const gchar *locale,
+                                                         const gchar *object_path,
+                                                         GVariant *options,
+                                                         GCancellable *cancellable,
+                                                         GAsyncReadyCallback callback,
+                                                         gpointer user_data);
+gboolean            polkit_authority_register_authentication_agent_with_options_finish
+                                                        (PolkitAuthority *authority,
+                                                         GAsyncResult *res,
+                                                         GError **error);
+gboolean            polkit_authority_register_authentication_agent_with_options_sync
+                                                        (PolkitAuthority *authority,
+                                                         PolkitSubject *subject,
+                                                         const gchar *locale,
+                                                         const gchar *object_path,
+                                                         GVariant *options,
+                                                         GCancellable *cancellable,
+                                                         GError **error);
+void                polkit_authority_unregister_authentication_agent
+                                                        (PolkitAuthority *authority,
+                                                         PolkitSubject *subject,
+                                                         const gchar *object_path,
+                                                         GCancellable *cancellable,
+                                                         GAsyncReadyCallback callback,
+                                                         gpointer user_data);
+gboolean            polkit_authority_unregister_authentication_agent_finish
+                                                        (PolkitAuthority *authority,
+                                                         GAsyncResult *res,
+                                                         GError **error);
+gboolean            polkit_authority_unregister_authentication_agent_sync
+                                                        (PolkitAuthority *authority,
+                                                         PolkitSubject *subject,
+                                                         const gchar *object_path,
+                                                         GCancellable *cancellable,
+                                                         GError **error);
+void                polkit_authority_authentication_agent_response
+                                                        (PolkitAuthority *authority,
+                                                         const gchar *cookie,
+                                                         PolkitIdentity *identity,
+                                                         GCancellable *cancellable,
+                                                         GAsyncReadyCallback callback,
+                                                         gpointer user_data);
+gboolean            polkit_authority_authentication_agent_response_finish
+                                                        (PolkitAuthority *authority,
+                                                         GAsyncResult *res,
+                                                         GError **error);
+gboolean            polkit_authority_authentication_agent_response_sync
+                                                        (PolkitAuthority *authority,
+                                                         const gchar *cookie,
+                                                         PolkitIdentity *identity,
+                                                         GCancellable *cancellable,
+                                                         GError **error);
+void                polkit_authority_enumerate_temporary_authorizations
+                                                        (PolkitAuthority *authority,
+                                                         PolkitSubject *subject,
+                                                         GCancellable *cancellable,
+                                                         GAsyncReadyCallback callback,
+                                                         gpointer user_data);
+GList *             polkit_authority_enumerate_temporary_authorizations_finish
+                                                        (PolkitAuthority *authority,
+                                                         GAsyncResult *res,
+                                                         GError **error);
+GList *             polkit_authority_enumerate_temporary_authorizations_sync
+                                                        (PolkitAuthority *authority,
+                                                         PolkitSubject *subject,
+                                                         GCancellable *cancellable,
+                                                         GError **error);
+void                polkit_authority_revoke_temporary_authorizations
+                                                        (PolkitAuthority *authority,
+                                                         PolkitSubject *subject,
+                                                         GCancellable *cancellable,
+                                                         GAsyncReadyCallback callback,
+                                                         gpointer user_data);
+gboolean            polkit_authority_revoke_temporary_authorizations_finish
+                                                        (PolkitAuthority *authority,
+                                                         GAsyncResult *res,
+                                                         GError **error);
+gboolean            polkit_authority_revoke_temporary_authorizations_sync
+                                                        (PolkitAuthority *authority,
+                                                         PolkitSubject *subject,
+                                                         GCancellable *cancellable,
+                                                         GError **error);
+void                polkit_authority_revoke_temporary_authorization_by_id
+                                                        (PolkitAuthority *authority,
+                                                         const gchar *id,
+                                                         GCancellable *cancellable,
+                                                         GAsyncReadyCallback callback,
+                                                         gpointer user_data);
+gboolean            polkit_authority_revoke_temporary_authorization_by_id_finish
+                                                        (PolkitAuthority *authority,
+                                                         GAsyncResult *res,
+                                                         GError **error);
+gboolean            polkit_authority_revoke_temporary_authorization_by_id_sync
+                                                        (PolkitAuthority *authority,
+                                                         const gchar *id,
+                                                         GCancellable *cancellable,
+                                                         GError **error);
+
+
+
+

Object Hierarchy

+
+  GObject
+   +----PolkitAuthority
+
+
+  GFlags
+   +----PolkitAuthorityFeatures
+
+
+  GFlags
+   +----PolkitCheckAuthorizationFlags
+
+
+
+

Implemented Interfaces

+

+PolkitAuthority implements + GInitable and GAsyncInitable.

+
+
+

Properties

+
+  "backend-features"         PolkitAuthorityFeatures  : Read
+  "backend-name"             gchar*                : Read
+  "backend-version"          gchar*                : Read
+  "owner"                    gchar*                : Read
+
+
+
+

Signals

+
+  "changed"                                        : Run Last
+
+
+
+

Description

+

+PolkitAuthority is used for checking whether a given subject is +authorized to perform a given action. Typically privileged system +daemons or suid helpers will use this when handling requests from +untrusted clients. +

+

+User sessions can register an authentication agent with the +authority. This is used for requests from untrusted clients where +system policy requires that the user needs to acknowledge (through +proving he is the user or the administrator) a given action. See +PolkitAgentListener and PolkitAgentSession for details. +

+
+
+

Details

+
+

PolkitAuthority

+
typedef struct _PolkitAuthority PolkitAuthority;
+

+The PolkitAuthority struct should not be accessed directly. +

+
+
+
+

enum PolkitAuthorityFeatures

+
typedef enum {
+  POLKIT_AUTHORITY_FEATURES_NONE                    = 0,
+  POLKIT_AUTHORITY_FEATURES_TEMPORARY_AUTHORIZATION = (1<<0),
+} PolkitAuthorityFeatures;
+
+

+Flags describing features supported by the Authority implementation. +

+
++ + + + + + + + + + +

POLKIT_AUTHORITY_FEATURES_NONE

No flags set. +

POLKIT_AUTHORITY_FEATURES_TEMPORARY_AUTHORIZATION

The authority supports temporary authorizations +that can be obtained through authentication. +
+
+
+
+

enum PolkitCheckAuthorizationFlags

+
typedef enum {
+  POLKIT_CHECK_AUTHORIZATION_FLAGS_NONE = 0,
+  POLKIT_CHECK_AUTHORIZATION_FLAGS_ALLOW_USER_INTERACTION = (1<<0),
+} PolkitCheckAuthorizationFlags;
+
+

+Possible flags when checking authorizations. +

+
++ + + + + + + + + + +

POLKIT_CHECK_AUTHORIZATION_FLAGS_NONE

No flags set. +

POLKIT_CHECK_AUTHORIZATION_FLAGS_ALLOW_USER_INTERACTION

If the subject can obtain the authorization +through authentication, and an authentication agent is available, then attempt to do so. Note, this +means that the method used for checking authorization is likely to block for a long time. +
+
+
+
+

polkit_authority_get_async ()

+
void                polkit_authority_get_async          (GCancellable *cancellable,
+                                                         GAsyncReadyCallback callback,
+                                                         gpointer user_data);
+

+Asynchronously gets a reference to the authority. +

+

+This is an asynchronous failable function. When the result is +ready, callback will be invoked in the thread-default main +loop of the thread you are calling this method from and you +can use polkit_authority_get_finish() to get the result. See +polkit_authority_get_sync() for the synchronous version. +

+
++ + + + + + + + + + + + + + +

cancellable :

A GCancellable or NULL. [allow-none] +

callback :

A GAsyncReadyCallback to call when the request is satisfied.

user_data :

The data to pass to callback.
+
+
+
+

polkit_authority_get_finish ()

+
PolkitAuthority *   polkit_authority_get_finish         (GAsyncResult *res,
+                                                         GError **error);
+

+Finishes an operation started with polkit_authority_get_async(). +

+
++ + + + + + + + + + + + + + +

res :

A GAsyncResult obtained from the GAsyncReadyCallback passed to polkit_authority_get_async().

error :

Return location for error or NULL. [allow-none] +

Returns :

A PolkitAuthority. Free it with +g_object_unref() when done with it. [transfer full] +
+
+
+
+

polkit_authority_get_sync ()

+
PolkitAuthority *   polkit_authority_get_sync           (GCancellable *cancellable,
+                                                         GError **error);
+

+Synchronously gets a reference to the authority. +

+

+This is a synchronous failable function - the calling thread is +blocked until a reply is received. See polkit_authority_get_async() +for the asynchronous version. +

+
++ + + + + + + + + + + + + + +

cancellable :

A GCancellable or NULL. [allow-none] +

error :

Return location for error or NULL. [allow-none] +

Returns :

A PolkitAuthority. Free it with +g_object_unref() when done with it. [transfer full] +
+
+
+
+

polkit_authority_get_owner ()

+
gchar *             polkit_authority_get_owner          (PolkitAuthority *authority);
+

+The unique name on the system message bus of the owner of the name +org.freedesktop.PolicyKit1 or NULL if no-one +currently owns the name. You may connect to the "notify" +signal to track changes to the "owner" property. +

+
++ + + + + + + + + + +

authority :

A PolkitAuthority.

Returns :

 +NULL or a string that should be freed with g_free(). [allow-none] +
+
+
+
+

polkit_authority_get_backend_name ()

+
const gchar *       polkit_authority_get_backend_name   (PolkitAuthority *authority);
+

+Gets the name of the authority backend. +

+
++ + + + + + + + + + +

authority :

A PolkitAuthority.

Returns :

The name of the backend.
+
+
+
+

polkit_authority_get_backend_version ()

+
const gchar *       polkit_authority_get_backend_version
+                                                        (PolkitAuthority *authority);
+

+Gets the version of the authority backend. +

+
++ + + + + + + + + + +

authority :

A PolkitAuthority.

Returns :

The version string for the backend.
+
+
+
+

polkit_authority_get_backend_features ()

+
PolkitAuthorityFeatures polkit_authority_get_backend_features
+                                                        (PolkitAuthority *authority);
+

+Gets the features supported by the authority backend. +

+
++ + + + + + + + + + +

authority :

A PolkitAuthority.

Returns :

Flags from PolkitAuthorityFeatures.
+
+
+
+

polkit_authority_check_authorization ()

+
void                polkit_authority_check_authorization
+                                                        (PolkitAuthority *authority,
+                                                         PolkitSubject *subject,
+                                                         const gchar *action_id,
+                                                         PolkitDetails *details,
+                                                         PolkitCheckAuthorizationFlags flags,
+                                                         GCancellable *cancellable,
+                                                         GAsyncReadyCallback callback,
+                                                         gpointer user_data);
+

+Asynchronously checks if subject is authorized to perform the action represented +by action_id. +

+

+Note that POLKIT_CHECK_AUTHORIZATION_FLAGS_ALLOW_USER_INTERACTION +SHOULD be passed ONLY if +the event that triggered the authorization check is stemming from +an user action, e.g. the user pressing a button or attaching a +device. +

+

+When the operation is finished, callback will be invoked in the +thread-default +main loop of the thread you are calling this method +from. You can then call +polkit_authority_check_authorization_finish() to get the result of +the operation. +

+

+Known keys in details include polkit.message +and polkit.gettext_domain that can be used to +override the message shown to the user. See the documentation for +the D-Bus method for more details. +

+

+If details is non-empty then the request will fail with +POLKIT_ERROR_FAILED unless the process doing the check itsef is +sufficiently authorized (e.g. running as uid 0). +

+
++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

authority :

A PolkitAuthority.

subject :

A PolkitSubject.

action_id :

The action to check for.

details :

Details about the action or NULL. [allow-none] +

flags :

A set of PolkitCheckAuthorizationFlags.

cancellable :

A GCancellable or NULL. [allow-none] +

callback :

A GAsyncReadyCallback to call when the request is satisfied.

user_data :

The data to pass to callback.
+
+
+
+

polkit_authority_check_authorization_finish ()

+
PolkitAuthorizationResult * polkit_authority_check_authorization_finish
+                                                        (PolkitAuthority *authority,
+                                                         GAsyncResult *res,
+                                                         GError **error);
+

+Finishes checking if a subject is authorized for an action. +

+
++ + + + + + + + + + + + + + + + + + +

authority :

A PolkitAuthority.

res :

A GAsyncResult obtained from the callback.

error :

Return location for error or NULL. [allow-none] +

Returns :

A PolkitAuthorizationResult or NULL if +error is set. Free with g_object_unref(). [transfer full] +
+
+
+
+

polkit_authority_check_authorization_sync ()

+
PolkitAuthorizationResult * polkit_authority_check_authorization_sync
+                                                        (PolkitAuthority *authority,
+                                                         PolkitSubject *subject,
+                                                         const gchar *action_id,
+                                                         PolkitDetails *details,
+                                                         PolkitCheckAuthorizationFlags flags,
+                                                         GCancellable *cancellable,
+                                                         GError **error);
+

+Checks if subject is authorized to perform the action represented +by action_id. +

+

+Note that POLKIT_CHECK_AUTHORIZATION_FLAGS_ALLOW_USER_INTERACTION +SHOULD be passed ONLY if +the event that triggered the authorization check is stemming from +an user action, e.g. the user pressing a button or attaching a +device. +

+

+Note the calling thread is blocked until a reply is received. You +should therefore NEVER do this from a GUI +thread or a daemon service thread when using the +POLKIT_CHECK_AUTHORIZATION_FLAGS_ALLOW_USER_INTERACTION flag. This +is because it may potentially take minutes (or even hours) for the +operation to complete because it involves waiting for the user to +authenticate. +

+

+Known keys in details include polkit.message +and polkit.gettext_domain that can be used to +override the message shown to the user. See the documentation for +the D-Bus method for more details. +

+
++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

authority :

A PolkitAuthority.

subject :

A PolkitSubject.

action_id :

The action to check for.

details :

Details about the action or NULL. [allow-none] +

flags :

A set of PolkitCheckAuthorizationFlags.

cancellable :

A GCancellable or NULL. [allow-none] +

error :

Return location for error or NULL. [allow-none] +

Returns :

A PolkitAuthorizationResult or NULL if error is set. Free with g_object_unref(). [transfer full] +
+
+
+
+

polkit_authority_enumerate_actions ()

+
void                polkit_authority_enumerate_actions  (PolkitAuthority *authority,
+                                                         GCancellable *cancellable,
+                                                         GAsyncReadyCallback callback,
+                                                         gpointer user_data);
+

+Asynchronously retrieves all registered actions. +

+

+When the operation is finished, callback will be invoked in the +thread-default +main loop of the thread you are calling this method +from. You can then call polkit_authority_enumerate_actions_finish() +to get the result of the operation. +

+
++ + + + + + + + + + + + + + + + + + +

authority :

A PolkitAuthority.

cancellable :

A GCancellable or NULL. [allow-none] +

callback :

A GAsyncReadyCallback to call when the request is satisfied.

user_data :

The data to pass to callback.
+
+
+
+

polkit_authority_enumerate_actions_finish ()

+
GList *             polkit_authority_enumerate_actions_finish
+                                                        (PolkitAuthority *authority,
+                                                         GAsyncResult *res,
+                                                         GError **error);
+

+Finishes retrieving all registered actions. +

+
++ + + + + + + + + + + + + + + + + + +

authority :

A PolkitAuthority.

res :

A GAsyncResult obtained from the callback.

error :

Return location for error or NULL. [allow-none] +

Returns :

A list of PolkitActionDescription +objects or NULL if error is set. The returned list should be +freed with g_list_free() after each element have been freed with +g_object_unref(). [transfer full] +
+
+
+
+

polkit_authority_enumerate_actions_sync ()

+
GList *             polkit_authority_enumerate_actions_sync
+                                                        (PolkitAuthority *authority,
+                                                         GCancellable *cancellable,
+                                                         GError **error);
+

+Synchronously retrieves all registered actions - the calling thread +is blocked until a reply is received. See +polkit_authority_enumerate_actions() for the asynchronous version. +

+
++ + + + + + + + + + + + + + + + + + +

authority :

A PolkitAuthority.

cancellable :

A GCancellable or NULL. [allow-none] +

error :

Return location for error or NULL. [allow-none] +

Returns :

A list of PolkitActionDescription or +NULL if error is set. The returned list should be freed with +g_list_free() after each element have been freed with +g_object_unref(). [transfer full] +
+
+
+
+

polkit_authority_register_authentication_agent ()

+
void                polkit_authority_register_authentication_agent
+                                                        (PolkitAuthority *authority,
+                                                         PolkitSubject *subject,
+                                                         const gchar *locale,
+                                                         const gchar *object_path,
+                                                         GCancellable *cancellable,
+                                                         GAsyncReadyCallback callback,
+                                                         gpointer user_data);
+

+Asynchronously registers an authentication agent. +

+

+When the operation is finished, callback will be invoked in the +thread-default +main loop of the thread you are calling this method +from. You can then call +polkit_authority_register_authentication_agent_finish() to get the +result of the operation. +

+
++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

authority :

A PolkitAuthority.

subject :

The subject the authentication agent is for, typically a PolkitUnixSession object.

locale :

The locale of the authentication agent.

object_path :

The object path for the authentication agent.

cancellable :

A GCancellable or NULL. [allow-none] +

callback :

A GAsyncReadyCallback to call when the request is satisfied.

user_data :

The data to pass to callback.
+
+
+
+

polkit_authority_register_authentication_agent_finish ()

+
gboolean            polkit_authority_register_authentication_agent_finish
+                                                        (PolkitAuthority *authority,
+                                                         GAsyncResult *res,
+                                                         GError **error);
+

+Finishes registering an authentication agent. +

+
++ + + + + + + + + + + + + + + + + + +

authority :

A PolkitAuthority.

res :

A GAsyncResult obtained from the callback.

error :

Return location for error or NULL. [allow-none] +

Returns :

 +TRUE if the authentication agent was successfully registered, FALSE if error is set.
+
+
+
+

polkit_authority_register_authentication_agent_sync ()

+
gboolean            polkit_authority_register_authentication_agent_sync
+                                                        (PolkitAuthority *authority,
+                                                         PolkitSubject *subject,
+                                                         const gchar *locale,
+                                                         const gchar *object_path,
+                                                         GCancellable *cancellable,
+                                                         GError **error);
+

+Registers an authentication agent. The calling thread is blocked +until a reply is received. See +polkit_authority_register_authentication_agent() for the +asynchronous version. +

+
++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

authority :

A PolkitAuthority.

subject :

The subject the authentication agent is for, typically a PolkitUnixSession object.

locale :

The locale of the authentication agent.

object_path :

The object path for the authentication agent.

cancellable :

A GCancellable or NULL. [allow-none] +

error :

Return location for error or NULL. [allow-none] +

Returns :

 +TRUE if the authentication agent was successfully registered, FALSE if error is set.
+
+
+
+

polkit_authority_register_authentication_agent_with_options ()

+
void                polkit_authority_register_authentication_agent_with_options
+                                                        (PolkitAuthority *authority,
+                                                         PolkitSubject *subject,
+                                                         const gchar *locale,
+                                                         const gchar *object_path,
+                                                         GVariant *options,
+                                                         GCancellable *cancellable,
+                                                         GAsyncReadyCallback callback,
+                                                         gpointer user_data);
+

+Asynchronously registers an authentication agent. +

+

+When the operation is finished, callback will be invoked in the +thread-default +main loop of the thread you are calling this method +from. You can then call +polkit_authority_register_authentication_agent_with_options_finish() to get the +result of the operation. +

+
++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

authority :

A PolkitAuthority.

subject :

The subject the authentication agent is for, typically a PolkitUnixSession object.

locale :

The locale of the authentication agent.

object_path :

The object path for the authentication agent.

options :

A GVariant with options or NULL. [allow-none] +

cancellable :

A GCancellable or NULL. [allow-none] +

callback :

A GAsyncReadyCallback to call when the request is satisfied.

user_data :

The data to pass to callback.
+
+
+
+

polkit_authority_register_authentication_agent_with_options_finish ()

+
gboolean            polkit_authority_register_authentication_agent_with_options_finish
+                                                        (PolkitAuthority *authority,
+                                                         GAsyncResult *res,
+                                                         GError **error);
+

+Finishes registering an authentication agent. +

+
++ + + + + + + + + + + + + + + + + + +

authority :

A PolkitAuthority.

res :

A GAsyncResult obtained from the callback.

error :

Return location for error or NULL. [allow-none] +

Returns :

 +TRUE if the authentication agent was successfully registered, FALSE if error is set.
+
+
+
+

polkit_authority_register_authentication_agent_with_options_sync ()

+
gboolean            polkit_authority_register_authentication_agent_with_options_sync
+                                                        (PolkitAuthority *authority,
+                                                         PolkitSubject *subject,
+                                                         const gchar *locale,
+                                                         const gchar *object_path,
+                                                         GVariant *options,
+                                                         GCancellable *cancellable,
+                                                         GError **error);
+

+Registers an authentication agent. The calling thread is blocked +until a reply is received. See +polkit_authority_register_authentication_agent_with_options() for the +asynchronous version. +

+
++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

authority :

A PolkitAuthority.

subject :

The subject the authentication agent is for, typically a PolkitUnixSession object.

locale :

The locale of the authentication agent.

object_path :

The object path for the authentication agent.

options :

A GVariant with options or NULL. [allow-none] +

cancellable :

A GCancellable or NULL. [allow-none] +

error :

Return location for error or NULL. [allow-none] +

Returns :

 +TRUE if the authentication agent was successfully registered, FALSE if error is set.
+
+
+
+

polkit_authority_unregister_authentication_agent ()

+
void                polkit_authority_unregister_authentication_agent
+                                                        (PolkitAuthority *authority,
+                                                         PolkitSubject *subject,
+                                                         const gchar *object_path,
+                                                         GCancellable *cancellable,
+                                                         GAsyncReadyCallback callback,
+                                                         gpointer user_data);
+

+Asynchronously unregisters an authentication agent. +

+

+When the operation is finished, callback will be invoked in the +thread-default +main loop of the thread you are calling this method +from. You can then call +polkit_authority_unregister_authentication_agent_finish() to get +the result of the operation. +

+
++ + + + + + + + + + + + + + + + + + + + + + + + + + +

authority :

A PolkitAuthority.

subject :

The subject the authentication agent is for, typically a PolkitUnixSession object.

object_path :

The object path for the authentication agent.

cancellable :

A GCancellable or NULL. [allow-none] +

callback :

A GAsyncReadyCallback to call when the request is satisfied.

user_data :

The data to pass to callback.
+
+
+
+

polkit_authority_unregister_authentication_agent_finish ()

+
gboolean            polkit_authority_unregister_authentication_agent_finish
+                                                        (PolkitAuthority *authority,
+                                                         GAsyncResult *res,
+                                                         GError **error);
+

+Finishes unregistering an authentication agent. +

+
++ + + + + + + + + + + + + + + + + + +

authority :

A PolkitAuthority.

res :

A GAsyncResult obtained from the callback.

error :

Return location for error or NULL. [allow-none] +

Returns :

 +TRUE if the authentication agent was successfully unregistered, FALSE if error is set.
+
+
+
+

polkit_authority_unregister_authentication_agent_sync ()

+
gboolean            polkit_authority_unregister_authentication_agent_sync
+                                                        (PolkitAuthority *authority,
+                                                         PolkitSubject *subject,
+                                                         const gchar *object_path,
+                                                         GCancellable *cancellable,
+                                                         GError **error);
+

+Unregisters an authentication agent. The calling thread is blocked +until a reply is received. See +polkit_authority_unregister_authentication_agent() for the +asynchronous version. +

+
++ + + + + + + + + + + + + + + + + + + + + + + + + + +

authority :

A PolkitAuthority.

subject :

The subject the authentication agent is for, typically a PolkitUnixSession object.

object_path :

The object path for the authentication agent.

cancellable :

A GCancellable or NULL. [allow-none] +

error :

Return location for error or NULL. [allow-none] +

Returns :

 +TRUE if the authentication agent was successfully unregistered, FALSE if error is set.
+
+
+
+

polkit_authority_authentication_agent_response ()

+
void                polkit_authority_authentication_agent_response
+                                                        (PolkitAuthority *authority,
+                                                         const gchar *cookie,
+                                                         PolkitIdentity *identity,
+                                                         GCancellable *cancellable,
+                                                         GAsyncReadyCallback callback,
+                                                         gpointer user_data);
+

+Asynchronously provide response that identity successfully authenticated +for the authentication request identified by cookie. +

+

+This function is only used by the privileged bits of an authentication agent. +It will fail if the caller is not sufficiently privileged (typically uid 0). +

+

+When the operation is finished, callback will be invoked in the +thread-default +main loop of the thread you are calling this method +from. You can then call +polkit_authority_authentication_agent_response_finish() to get the +result of the operation. +

+
++ + + + + + + + + + + + + + + + + + + + + + + + + + +

authority :

A PolkitAuthority.

cookie :

The cookie passed to the authentication agent from the authority.

identity :

The identity that was authenticated.

cancellable :

A GCancellable or NULL. [allow-none] +

callback :

A GAsyncReadyCallback to call when the request is satisfied.

user_data :

The data to pass to callback.
+
+
+
+

polkit_authority_authentication_agent_response_finish ()

+
gboolean            polkit_authority_authentication_agent_response_finish
+                                                        (PolkitAuthority *authority,
+                                                         GAsyncResult *res,
+                                                         GError **error);
+

+Finishes providing response from an authentication agent. +

+
++ + + + + + + + + + + + + + + + + + +

authority :

A PolkitAuthority.

res :

A GAsyncResult obtained from the callback.

error :

Return location for error or NULL. [allow-none] +

Returns :

 +TRUE if authority acknowledged the call, FALSE if error is set.
+
+
+
+

polkit_authority_authentication_agent_response_sync ()

+
gboolean            polkit_authority_authentication_agent_response_sync
+                                                        (PolkitAuthority *authority,
+                                                         const gchar *cookie,
+                                                         PolkitIdentity *identity,
+                                                         GCancellable *cancellable,
+                                                         GError **error);
+

+Provide response that identity successfully authenticated for the +authentication request identified by cookie. See polkit_authority_authentication_agent_response() +for limitations on who is allowed is to call this method. +

+

+The calling thread is blocked until a reply is received. See +polkit_authority_authentication_agent_response() for the +asynchronous version. +

+
++ + + + + + + + + + + + + + + + + + + + + + + + + + +

authority :

A PolkitAuthority.

cookie :

The cookie passed to the authentication agent from the authority.

identity :

The identity that was authenticated.

cancellable :

A GCancellable or NULL. [allow-none] +

error :

Return location for error or NULL. [allow-none] +

Returns :

 +TRUE if authority acknowledged the call, FALSE if error is set.
+
+
+
+

polkit_authority_enumerate_temporary_authorizations ()

+
void                polkit_authority_enumerate_temporary_authorizations
+                                                        (PolkitAuthority *authority,
+                                                         PolkitSubject *subject,
+                                                         GCancellable *cancellable,
+                                                         GAsyncReadyCallback callback,
+                                                         gpointer user_data);
+

+Asynchronously gets all temporary authorizations for subject. +

+

+When the operation is finished, callback will be invoked in the +thread-default +main loop of the thread you are calling this method +from. You can then call +polkit_authority_enumerate_temporary_authorizations_finish() to get +the result of the operation. +

+
++ + + + + + + + + + + + + + + + + + + + + + +

authority :

A PolkitAuthority.

subject :

A PolkitSubject, typically a PolkitUnixSession.

cancellable :

A GCancellable or NULL. [allow-none] +

callback :

A GAsyncReadyCallback to call when the request is satisfied.

user_data :

The data to pass to callback.
+
+
+
+

polkit_authority_enumerate_temporary_authorizations_finish ()

+
GList *             polkit_authority_enumerate_temporary_authorizations_finish
+                                                        (PolkitAuthority *authority,
+                                                         GAsyncResult *res,
+                                                         GError **error);
+

+Finishes retrieving all registered actions. +

+
++ + + + + + + + + + + + + + + + + + +

authority :

A PolkitAuthority.

res :

A GAsyncResult obtained from the callback.

error :

Return location for error or NULL. [allow-none] +

Returns :

A list of PolkitTemporaryAuthorization +objects or NULL if error is set. The returned list should be +freed with g_list_free() after each element have been freed with +g_object_unref(). [transfer full] +
+
+
+
+

polkit_authority_enumerate_temporary_authorizations_sync ()

+
GList *             polkit_authority_enumerate_temporary_authorizations_sync
+                                                        (PolkitAuthority *authority,
+                                                         PolkitSubject *subject,
+                                                         GCancellable *cancellable,
+                                                         GError **error);
+

+Synchronousky gets all temporary authorizations for subject. +

+

+The calling thread is blocked until a reply is received. See +polkit_authority_enumerate_temporary_authorizations() for the +asynchronous version. +

+
++ + + + + + + + + + + + + + + + + + + + + + +

authority :

A PolkitAuthority.

subject :

A PolkitSubject, typically a PolkitUnixSession.

cancellable :

A GCancellable or NULL. [allow-none] +

error :

Return location for error or NULL. [allow-none] +

Returns :

A list of PolkitTemporaryAuthorization +objects or NULL if error is set. The returned list should be +freed with g_list_free() after each element have been freed with +g_object_unref(). [transfer full] +
+
+
+
+

polkit_authority_revoke_temporary_authorizations ()

+
void                polkit_authority_revoke_temporary_authorizations
+                                                        (PolkitAuthority *authority,
+                                                         PolkitSubject *subject,
+                                                         GCancellable *cancellable,
+                                                         GAsyncReadyCallback callback,
+                                                         gpointer user_data);
+

+Asynchronously revokes all temporary authorizations for subject. +

+

+When the operation is finished, callback will be invoked in the +thread-default +main loop of the thread you are calling this method +from. You can then call +polkit_authority_revoke_temporary_authorizations_finish() to get +the result of the operation. +

+
++ + + + + + + + + + + + + + + + + + + + + + +

authority :

A PolkitAuthority.

subject :

The subject to revoke authorizations from, typically a PolkitUnixSession.

cancellable :

A GCancellable or NULL. [allow-none] +

callback :

A GAsyncReadyCallback to call when the request is satisfied.

user_data :

The data to pass to callback.
+
+
+
+

polkit_authority_revoke_temporary_authorizations_finish ()

+
gboolean            polkit_authority_revoke_temporary_authorizations_finish
+                                                        (PolkitAuthority *authority,
+                                                         GAsyncResult *res,
+                                                         GError **error);
+

+Finishes revoking temporary authorizations. +

+
++ + + + + + + + + + + + + + + + + + +

authority :

A PolkitAuthority.

res :

A GAsyncResult obtained from the callback.

error :

Return location for error or NULL. [allow-none] +

Returns :

 +TRUE if all the temporary authorizations was revoked, FALSE if error is set.
+
+
+
+

polkit_authority_revoke_temporary_authorizations_sync ()

+
gboolean            polkit_authority_revoke_temporary_authorizations_sync
+                                                        (PolkitAuthority *authority,
+                                                         PolkitSubject *subject,
+                                                         GCancellable *cancellable,
+                                                         GError **error);
+

+Synchronously revokes all temporary authorization from subject. +

+

+The calling thread is blocked until a reply is received. See +polkit_authority_revoke_temporary_authorizations() for the +asynchronous version. +

+
++ + + + + + + + + + + + + + + + + + + + + + +

authority :

A PolkitAuthority.

subject :

The subject to revoke authorizations from, typically a PolkitUnixSession.

cancellable :

A GCancellable or NULL. [allow-none] +

error :

Return location for error or NULL. [allow-none] +

Returns :

 +TRUE if the temporary authorization was revoked, FALSE if error is set.
+
+
+
+

polkit_authority_revoke_temporary_authorization_by_id ()

+
void                polkit_authority_revoke_temporary_authorization_by_id
+                                                        (PolkitAuthority *authority,
+                                                         const gchar *id,
+                                                         GCancellable *cancellable,
+                                                         GAsyncReadyCallback callback,
+                                                         gpointer user_data);
+

+Asynchronously revoke a temporary authorization. +

+

+When the operation is finished, callback will be invoked in the +thread-default +main loop of the thread you are calling this method +from. You can then call +polkit_authority_revoke_temporary_authorization_by_id_finish() to +get the result of the operation. +

+
++ + + + + + + + + + + + + + + + + + + + + + +

authority :

A PolkitAuthority.

id :

The opaque identifier for the temporary authorization.

cancellable :

A GCancellable or NULL. [allow-none] +

callback :

A GAsyncReadyCallback to call when the request is satisfied.

user_data :

The data to pass to callback.
+
+
+
+

polkit_authority_revoke_temporary_authorization_by_id_finish ()

+
gboolean            polkit_authority_revoke_temporary_authorization_by_id_finish
+                                                        (PolkitAuthority *authority,
+                                                         GAsyncResult *res,
+                                                         GError **error);
+

+Finishes revoking a temporary authorization by id. +

+
++ + + + + + + + + + + + + + + + + + +

authority :

A PolkitAuthority.

res :

A GAsyncResult obtained from the callback.

error :

Return location for error or NULL. [allow-none] +

Returns :

 +TRUE if the temporary authorization was revoked, FALSE if error is set.
+
+
+
+

polkit_authority_revoke_temporary_authorization_by_id_sync ()

+
gboolean            polkit_authority_revoke_temporary_authorization_by_id_sync
+                                                        (PolkitAuthority *authority,
+                                                         const gchar *id,
+                                                         GCancellable *cancellable,
+                                                         GError **error);
+

+Synchronously revokes a temporary authorization. +

+

+The calling thread is blocked until a reply is received. See +polkit_authority_revoke_temporary_authorization_by_id() for the +asynchronous version. +

+
++ + + + + + + + + + + + + + + + + + + + + + +

authority :

A PolkitAuthority.

id :

The opaque identifier for the temporary authorization.

cancellable :

A GCancellable or NULL. [allow-none] +

error :

Return location for error or NULL. [allow-none] +

Returns :

 +TRUE if the temporary authorization was revoked, FALSE if error is set.
+
+
+
+

Property Details

+
+

The "backend-features" property

+
  "backend-features"         PolkitAuthorityFeatures  : Read
+

+The features of the currently used Authority backend. +

+
+
+
+

The "backend-name" property

+
  "backend-name"             gchar*                : Read
+

+The name of the currently used Authority backend. +

+

Default value: NULL

+
+
+
+

The "backend-version" property

+
  "backend-version"          gchar*                : Read
+

The version of the currently used Authority backend.

+

Default value: NULL

+
+
+
+

The "owner" property

+
  "owner"                    gchar*                : Read
+

+The unique name of the owner of the org.freedesktop.PolicyKit1 +D-Bus service or NULL if there is no owner. Connect to the +"notify" signal to track changes to this property. +

+

Default value: NULL

+
+
+
+

Signal Details

+
+

The "changed" signal

+
void                user_function                      (PolkitAuthority *authority,
+                                                        gpointer         user_data)      : Run Last
+

+Emitted when actions and/or authorizations change +

+
++ + + + + + + + + + +

authority :

A PolkitAuthority.

user_data :

user data set when the signal handler was connected.
+
+
+
+
+
+ Generated by GTK-Doc V1.18
+ + \ No newline at end of file diff --git a/docs/polkit/html/PolkitAuthorizationResult.html b/docs/polkit/html/PolkitAuthorizationResult.html new file mode 100644 index 00000000..a867a17d --- /dev/null +++ b/docs/polkit/html/PolkitAuthorizationResult.html @@ -0,0 +1,304 @@ + + + + +PolkitAuthorizationResult + + + + + + + + + + + + + + + + + + + +
+
+
+ + +
+

PolkitAuthorizationResult

+

PolkitAuthorizationResult — Result for checking an authorization

+
+
+

Stability Level

+Stable, unless otherwise indicated +
+
+

Synopsis

+
                    PolkitAuthorizationResult;
+PolkitAuthorizationResult * polkit_authorization_result_new
+                                                        (gboolean is_authorized,
+                                                         gboolean is_challenge,
+                                                         PolkitDetails *details);
+gboolean            polkit_authorization_result_get_is_authorized
+                                                        (PolkitAuthorizationResult *result);
+gboolean            polkit_authorization_result_get_is_challenge
+                                                        (PolkitAuthorizationResult *result);
+gboolean            polkit_authorization_result_get_retains_authorization
+                                                        (PolkitAuthorizationResult *result);
+const gchar *       polkit_authorization_result_get_temporary_authorization_id
+                                                        (PolkitAuthorizationResult *result);
+gboolean            polkit_authorization_result_get_dismissed
+                                                        (PolkitAuthorizationResult *result);
+PolkitDetails *     polkit_authorization_result_get_details
+                                                        (PolkitAuthorizationResult *result);
+
+
+
+

Object Hierarchy

+
+  GObject
+   +----PolkitAuthorizationResult
+
+
+
+

Description

+

+This class represents the result you get when checking for an authorization. +

+
+
+

Details

+
+

PolkitAuthorizationResult

+
typedef struct _PolkitAuthorizationResult PolkitAuthorizationResult;
+

+The PolkitAuthorizationResult struct should not be accessed directly. +

+
+
+
+

polkit_authorization_result_new ()

+
PolkitAuthorizationResult * polkit_authorization_result_new
+                                                        (gboolean is_authorized,
+                                                         gboolean is_challenge,
+                                                         PolkitDetails *details);
+

+Creates a new PolkitAuthorizationResult object. +

+
++ + + + + + + + + + + + + + + + + + +

is_authorized :

Whether the subject is authorized.

is_challenge :

Whether the subject is authorized if more +information is provided. Must be FALSE unless is_authorized is +TRUE.

details :

Must be NULL unless is_authorized is TRUE. [allow-none] +

Returns :

A PolkitAuthorizationResult object. Free with g_object_unref().
+
+
+
+

polkit_authorization_result_get_is_authorized ()

+
gboolean            polkit_authorization_result_get_is_authorized
+                                                        (PolkitAuthorizationResult *result);
+

+Gets whether the subject is authorized. +

+

+If the authorization is temporary, use polkit_authorization_result_get_temporary_authorization_id() +to get the opaque identifier for the temporary authorization. +

+
++ + + + + + + + + + +

result :

A PolkitAuthorizationResult.

Returns :

Whether the subject is authorized.
+
+
+
+

polkit_authorization_result_get_is_challenge ()

+
gboolean            polkit_authorization_result_get_is_challenge
+                                                        (PolkitAuthorizationResult *result);
+

+Gets whether the subject is authorized if more information is provided. +

+
++ + + + + + + + + + +

result :

A PolkitAuthorizationResult.

Returns :

Whether the subject is authorized if more information is provided.
+
+
+
+

polkit_authorization_result_get_retains_authorization ()

+
gboolean            polkit_authorization_result_get_retains_authorization
+                                                        (PolkitAuthorizationResult *result);
+

+Gets whether authorization is retained if obtained via authentication. This can only be the case +if result indicates that the subject can obtain authorization after challenge (cf. +polkit_authorization_result_get_is_challenge()), e.g. when the subject is not already authorized (cf. +polkit_authorization_result_get_is_authorized()). +

+

+If the subject is already authorized, use polkit_authorization_result_get_temporary_authorization_id() +to check if the authorization is temporary. +

+

+This method simply reads the value of the key/value pair in details with the +key polkit.retains_authorization_after_challenge. +

+
++ + + + + + + + + + +

result :

A PolkitAuthorizationResult.

Returns :

 +TRUE if the authorization is or will be temporary.
+
+
+
+

polkit_authorization_result_get_temporary_authorization_id ()

+
const gchar *       polkit_authorization_result_get_temporary_authorization_id
+                                                        (PolkitAuthorizationResult *result);
+

+Gets the opaque temporary authorization id for result if result indicates the +subject is authorized and the authorization is temporary rather than one-shot or +permanent. +

+

+You can use this string together with the result from +polkit_authority_enumerate_temporary_authorizations() to get more details +about the temporary authorization or polkit_authority_revoke_temporary_authorization_by_id() +to revoke the temporary authorization. +

+

+If the subject is not authorized, use polkit_authorization_result_get_retains_authorization() +to check if the authorization will be retained if obtained via authentication. +

+

+This method simply reads the value of the key/value pair in details with the +key polkit.temporary_authorization_id. +

+
++ + + + + + + + + + +

result :

A PolkitAuthorizationResult.

Returns :

The opaque temporary authorization id for +result or NULL if not available. Do not free this string, it +is owned by result. [allow-none] +
+
+
+
+

polkit_authorization_result_get_dismissed ()

+
gboolean            polkit_authorization_result_get_dismissed
+                                                        (PolkitAuthorizationResult *result);
+

+Gets whether the authentication request was dismissed / canceled by the user. +

+

+This method simply reads the value of the key/value pair in details with the +key polkit.dismissed. +

+
++ + + + + + + + + + +

result :

A PolkitAuthorizationResult.

Returns :

 +TRUE if the authentication request was dismissed, FALSE otherwise.
+

Since 0.101

+
+
+
+

polkit_authorization_result_get_details ()

+
PolkitDetails *     polkit_authorization_result_get_details
+                                                        (PolkitAuthorizationResult *result);
+

+Gets the details about the result. +

+
++ + + + + + + + + + +

result :

A PolkitAuthorizationResult.

Returns :

A PolkitDetails object or +NULL if there are no details. This object is owned by result and +should not be freed by the caller. [allow-none][transfer none] +
+
+
+
+
+
+ Generated by GTK-Doc V1.18
+ + \ No newline at end of file diff --git a/docs/polkit/html/PolkitBackendAuthority.html b/docs/polkit/html/PolkitBackendAuthority.html new file mode 100644 index 00000000..980372d6 --- /dev/null +++ b/docs/polkit/html/PolkitBackendAuthority.html @@ -0,0 +1,874 @@ + + + + +PolkitBackendAuthority + + + + + + + + + + + + + + + + + + + +
+
+
+ + +
+

PolkitBackendAuthority

+

PolkitBackendAuthority — Abstract base class for authority backends

+
+
+

Stability Level

+Unstable, unless otherwise indicated +
+
+

Synopsis

+
#define             POLKIT_BACKEND_AUTHORITY_EXTENSION_POINT_NAME
+                    PolkitBackendAuthority;
+struct              PolkitBackendAuthorityClass;
+const gchar *       polkit_backend_authority_get_name   (PolkitBackendAuthority *authority);
+const gchar *       polkit_backend_authority_get_version
+                                                        (PolkitBackendAuthority *authority);
+PolkitAuthorityFeatures polkit_backend_authority_get_features
+                                                        (PolkitBackendAuthority *authority);
+void                polkit_backend_authority_check_authorization
+                                                        (PolkitBackendAuthority *authority,
+                                                         PolkitSubject *caller,
+                                                         PolkitSubject *subject,
+                                                         const gchar *action_id,
+                                                         PolkitDetails *details,
+                                                         PolkitCheckAuthorizationFlags flags,
+                                                         GCancellable *cancellable,
+                                                         GAsyncReadyCallback callback,
+                                                         gpointer user_data);
+PolkitAuthorizationResult * polkit_backend_authority_check_authorization_finish
+                                                        (PolkitBackendAuthority *authority,
+                                                         GAsyncResult *res,
+                                                         GError **error);
+gboolean            polkit_backend_authority_register_authentication_agent
+                                                        (PolkitBackendAuthority *authority,
+                                                         PolkitSubject *caller,
+                                                         PolkitSubject *subject,
+                                                         const gchar *locale,
+                                                         const gchar *object_path,
+                                                         GVariant *options,
+                                                         GError **error);
+gboolean            polkit_backend_authority_unregister_authentication_agent
+                                                        (PolkitBackendAuthority *authority,
+                                                         PolkitSubject *caller,
+                                                         PolkitSubject *subject,
+                                                         const gchar *object_path,
+                                                         GError **error);
+gboolean            polkit_backend_authority_authentication_agent_response
+                                                        (PolkitBackendAuthority *authority,
+                                                         PolkitSubject *caller,
+                                                         const gchar *cookie,
+                                                         PolkitIdentity *identity,
+                                                         GError **error);
+GList *             polkit_backend_authority_enumerate_actions
+                                                        (PolkitBackendAuthority *authority,
+                                                         PolkitSubject *caller,
+                                                         const gchar *locale,
+                                                         GError **error);
+GList *             polkit_backend_authority_enumerate_temporary_authorizations
+                                                        (PolkitBackendAuthority *authority,
+                                                         PolkitSubject *caller,
+                                                         PolkitSubject *subject,
+                                                         GError **error);
+gboolean            polkit_backend_authority_revoke_temporary_authorizations
+                                                        (PolkitBackendAuthority *authority,
+                                                         PolkitSubject *caller,
+                                                         PolkitSubject *subject,
+                                                         GError **error);
+gboolean            polkit_backend_authority_revoke_temporary_authorization_by_id
+                                                        (PolkitBackendAuthority *authority,
+                                                         PolkitSubject *caller,
+                                                         const gchar *id,
+                                                         GError **error);
+PolkitBackendAuthority * polkit_backend_authority_get   (void);
+gpointer            polkit_backend_authority_register   (PolkitBackendAuthority *authority,
+                                                         GDBusConnection *connection,
+                                                         const gchar *object_path,
+                                                         GError **error);
+void                polkit_backend_authority_unregister (gpointer registration_id);
+
+
+
+

Object Hierarchy

+
+  GObject
+   +----PolkitBackendAuthority
+         +----PolkitBackendInteractiveAuthority
+
+
+
+

Signals

+
+  "changed"                                        : Run Last
+
+
+
+

Description

+

+To implement an authority backend, simply subclass PolkitBackendAuthority +and implement the required VFuncs. +

+
+
+

Details

+
+

POLKIT_BACKEND_AUTHORITY_EXTENSION_POINT_NAME

+
#define POLKIT_BACKEND_AUTHORITY_EXTENSION_POINT_NAME "polkit-backend-authority-1"
+
+

+Extension point name for authority backend implementations. +

+
+
+
+

PolkitBackendAuthority

+
typedef struct _PolkitBackendAuthority PolkitBackendAuthority;
+

+The PolkitBackendAuthority struct should not be accessed directly. +

+
+
+
+

struct PolkitBackendAuthorityClass

+
struct PolkitBackendAuthorityClass {
+  GObjectClass parent_class;
+
+  /* Signals */
+  void (*changed)  (PolkitBackendAuthority   *authority);
+
+  /* VTable */
+
+  const gchar             *(*get_name)     (PolkitBackendAuthority *authority);
+  const gchar             *(*get_version)  (PolkitBackendAuthority *authority);
+  PolkitAuthorityFeatures  (*get_features) (PolkitBackendAuthority *authority);
+
+  GList *(*enumerate_actions)  (PolkitBackendAuthority   *authority,
+                                PolkitSubject            *caller,
+                                const gchar              *locale,
+                                GError                  **error);
+
+  void (*check_authorization) (PolkitBackendAuthority        *authority,
+                               PolkitSubject                 *caller,
+                               PolkitSubject                 *subject,
+                               const gchar                   *action_id,
+                               PolkitDetails                 *details,
+                               PolkitCheckAuthorizationFlags  flags,
+                               GCancellable                  *cancellable,
+                               GAsyncReadyCallback            callback,
+                               gpointer                       user_data);
+
+  PolkitAuthorizationResult * (*check_authorization_finish) (PolkitBackendAuthority  *authority,
+                                                             GAsyncResult            *res,
+                                                             GError                 **error);
+
+  gboolean (*register_authentication_agent) (PolkitBackendAuthority   *authority,
+                                             PolkitSubject            *caller,
+                                             PolkitSubject            *subject,
+                                             const gchar              *locale,
+                                             const gchar              *object_path,
+                                             GVariant                 *options,
+                                             GError                  **error);
+
+  gboolean (*unregister_authentication_agent) (PolkitBackendAuthority   *authority,
+                                               PolkitSubject            *caller,
+                                               PolkitSubject            *subject,
+                                               const gchar              *object_path,
+                                               GError                  **error);
+
+  gboolean (*authentication_agent_response) (PolkitBackendAuthority   *authority,
+                                             PolkitSubject            *caller,
+                                             const gchar              *cookie,
+                                             PolkitIdentity           *identity,
+                                             GError                  **error);
+
+  GList *(*enumerate_temporary_authorizations) (PolkitBackendAuthority   *authority,
+                                                PolkitSubject            *caller,
+                                                PolkitSubject            *subject,
+                                                GError                  **error);
+
+  gboolean (*revoke_temporary_authorizations) (PolkitBackendAuthority   *authority,
+                                               PolkitSubject            *caller,
+                                               PolkitSubject            *subject,
+                                               GError                  **error);
+
+  gboolean (*revoke_temporary_authorization_by_id) (PolkitBackendAuthority   *authority,
+                                                    PolkitSubject            *caller,
+                                                    const gchar              *id,
+                                                    GError                  **error);
+};
+
+

+Class structure for PolkitBackendAuthority. +

+
++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

GObjectClass parent_class;

The parent class.

changed ()

Function pointer for "changed" signal.

get_name ()

Function pointer for the polkit_backend_authority_get_name() function.

get_version ()

Function pointer for the polkit_backend_authority_get_version() function.

get_features ()

Function pointer for the polkit_backend_authority_get_features() function.

enumerate_actions ()

Enumerates registered actions on the +system. See polkit_backend_authority_enumerate_actions() for +details.

check_authorization ()

Called to initiate an asynchronous +authorization check. See +polkit_backend_authority_check_authorization() for details.

check_authorization_finish ()

Called when finishing an authorization +check. See polkit_backend_authority_check_authorization_finish() +for details.

register_authentication_agent ()

Called when an authentication agent +is attempting to register or NULL if the backend doesn't support +the operation. See +polkit_backend_authority_register_authentication_agent() for +details.

unregister_authentication_agent ()

Called when an authentication +agent is attempting to unregister or NULL if the backend doesn't +support the operation. See +polkit_backend_authority_unregister_authentication_agent() for +details.

authentication_agent_response ()

Called by an authentication agent +when the user successfully authenticates or NULL if the backend +doesn't support the operation. See +polkit_backend_authority_authentication_agent_response() for +details.

enumerate_temporary_authorizations ()

Called to enumerate temporary +authorizations or NULL if the backend doesn't support the operation. +See polkit_backend_authority_enumerate_temporary_authorizations() +for details.

revoke_temporary_authorizations ()

Called to revoke temporary +authorizations or NULL if the backend doesn't support the operation. +See polkit_backend_authority_revoke_temporary_authorizations() +for details.

revoke_temporary_authorization_by_id ()

Called to revoke a temporary +authorization identified by id or NULL if the backend doesn't support +the operation. See polkit_backend_authority_revoke_temporary_authorization_by_id() +for details.
+
+
+
+

polkit_backend_authority_get_name ()

+
const gchar *       polkit_backend_authority_get_name   (PolkitBackendAuthority *authority);
+

+Gets the name of the authority backend. +

+
++ + + + + + + + + + +

authority :

A PolkitBackendAuthority.

Returns :

The name of the backend.
+
+
+
+

polkit_backend_authority_get_version ()

+
const gchar *       polkit_backend_authority_get_version
+                                                        (PolkitBackendAuthority *authority);
+

+Gets the version of the authority backend. +

+
++ + + + + + + + + + +

authority :

A PolkitBackendAuthority.

Returns :

The name of the backend.
+
+
+
+

polkit_backend_authority_get_features ()

+
PolkitAuthorityFeatures polkit_backend_authority_get_features
+                                                        (PolkitBackendAuthority *authority);
+

+Gets the features supported by the authority backend. +

+
++ + + + + + + + + + +

authority :

A PolkitBackendAuthority.

Returns :

Flags from PolkitAuthorityFeatures.
+
+
+
+

polkit_backend_authority_check_authorization ()

+
void                polkit_backend_authority_check_authorization
+                                                        (PolkitBackendAuthority *authority,
+                                                         PolkitSubject *caller,
+                                                         PolkitSubject *subject,
+                                                         const gchar *action_id,
+                                                         PolkitDetails *details,
+                                                         PolkitCheckAuthorizationFlags flags,
+                                                         GCancellable *cancellable,
+                                                         GAsyncReadyCallback callback,
+                                                         gpointer user_data);
+

+Asynchronously checks if subject is authorized to perform the action represented +by action_id. +

+

+When the operation is finished, callback will be invoked. You can then +call polkit_backend_authority_check_authorization_finish() to get the result of +the operation. +

+
++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

authority :

A PolkitBackendAuthority.

caller :

The system bus name that initiated the query.

subject :

A PolkitSubject.

action_id :

The action to check for.

details :

Details about the action or NULL.

flags :

A set of PolkitCheckAuthorizationFlags.

cancellable :

A GCancellable.

callback :

A GAsyncReadyCallback to call when the request is satisfied.

user_data :

The data to pass to callback.
+
+
+
+

polkit_backend_authority_check_authorization_finish ()

+
PolkitAuthorizationResult * polkit_backend_authority_check_authorization_finish
+                                                        (PolkitBackendAuthority *authority,
+                                                         GAsyncResult *res,
+                                                         GError **error);
+

+Finishes checking if a subject is authorized for an action. +

+
++ + + + + + + + + + + + + + + + + + +

authority :

A PolkitBackendAuthority.

res :

A GAsyncResult obtained from the callback.

error :

Return location for error or NULL.

Returns :

A PolkitAuthorizationResult or NULL if error is set. Free with g_object_unref().
+
+
+
+

polkit_backend_authority_register_authentication_agent ()

+
gboolean            polkit_backend_authority_register_authentication_agent
+                                                        (PolkitBackendAuthority *authority,
+                                                         PolkitSubject *caller,
+                                                         PolkitSubject *subject,
+                                                         const gchar *locale,
+                                                         const gchar *object_path,
+                                                         GVariant *options,
+                                                         GError **error);
+

+Registers an authentication agent. +

+
++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

authority :

A PolkitBackendAuthority.

caller :

The system bus name that initiated the query.

subject :

The subject the authentication agent wants to register for.

locale :

The locale of the authentication agent.

object_path :

The object path for the authentication agent.

options :

A GVariant with options or NULL.

error :

Return location for error or NULL.

Returns :

 +TRUE if the authentication agent was successfully registered, FALSE if error is set.
+
+
+
+

polkit_backend_authority_unregister_authentication_agent ()

+
gboolean            polkit_backend_authority_unregister_authentication_agent
+                                                        (PolkitBackendAuthority *authority,
+                                                         PolkitSubject *caller,
+                                                         PolkitSubject *subject,
+                                                         const gchar *object_path,
+                                                         GError **error);
+

+Unregisters an authentication agent. +

+
++ + + + + + + + + + + + + + + + + + + + + + + + + + +

authority :

A PolkitBackendAuthority.

caller :

The system bus name that initiated the query.

subject :

The subject the agent claims to be registered at.

object_path :

The object path that the authentication agent is registered at.

error :

Return location for error or NULL.

Returns :

 +TRUE if the authentication agent was successfully unregistered, FALSE if error is set.
+
+
+
+

polkit_backend_authority_authentication_agent_response ()

+
gboolean            polkit_backend_authority_authentication_agent_response
+                                                        (PolkitBackendAuthority *authority,
+                                                         PolkitSubject *caller,
+                                                         const gchar *cookie,
+                                                         PolkitIdentity *identity,
+                                                         GError **error);
+

+Provide response that identity successfully authenticated for the +authentication request identified by cookie. +

+
++ + + + + + + + + + + + + + + + + + + + + + + + + + +

authority :

A PolkitBackendAuthority.

caller :

The system bus name that initiated the query.

cookie :

The cookie passed to the authentication agent from the authority.

identity :

The identity that was authenticated.

error :

Return location for error or NULL.

Returns :

 +TRUE if authority acknowledged the call, FALSE if error is set.
+
+
+
+

polkit_backend_authority_enumerate_actions ()

+
GList *             polkit_backend_authority_enumerate_actions
+                                                        (PolkitBackendAuthority *authority,
+                                                         PolkitSubject *caller,
+                                                         const gchar *locale,
+                                                         GError **error);
+

+Retrieves all registered actions. +

+
++ + + + + + + + + + + + + + + + + + + + + + +

authority :

A PolkitBackendAuthority.

caller :

The system bus name that initiated the query.

locale :

The locale to retrieve descriptions for.

error :

Return location for error or NULL.

Returns :

A list of PolkitActionDescription objects or NULL if error is set. The returned list +should be freed with g_list_free() after each element have been freed with g_object_unref().
+
+
+
+

polkit_backend_authority_enumerate_temporary_authorizations ()

+
GList *             polkit_backend_authority_enumerate_temporary_authorizations
+                                                        (PolkitBackendAuthority *authority,
+                                                         PolkitSubject *caller,
+                                                         PolkitSubject *subject,
+                                                         GError **error);
+

+Gets temporary authorizations for subject. +

+
++ + + + + + + + + + + + + + + + + + + + + + +

authority :

A PolkitBackendAuthority.

caller :

The system bus name that initiated the query.

subject :

The subject to get temporary authorizations for.

error :

Return location for error.

Returns :

A list of PolkitTemporaryAuthorization objects or NULL if error is set. The returned list +should be freed with g_list_free() after each element have been freed with g_object_unref().
+
+
+
+

polkit_backend_authority_revoke_temporary_authorizations ()

+
gboolean            polkit_backend_authority_revoke_temporary_authorizations
+                                                        (PolkitBackendAuthority *authority,
+                                                         PolkitSubject *caller,
+                                                         PolkitSubject *subject,
+                                                         GError **error);
+

+Revokes temporary authorizations for subject. +

+
++ + + + + + + + + + + + + + + + + + + + + + +

authority :

A PolkitBackendAuthority.

caller :

The system bus name that initiated the query.

subject :

The subject to revoke temporary authorizations for.

error :

Return location for error.

Returns :

 +TRUE if the operation succeeded, FALSE if error is set.
+
+
+
+

polkit_backend_authority_revoke_temporary_authorization_by_id ()

+
gboolean            polkit_backend_authority_revoke_temporary_authorization_by_id
+                                                        (PolkitBackendAuthority *authority,
+                                                         PolkitSubject *caller,
+                                                         const gchar *id,
+                                                         GError **error);
+

+Revokes a temporary authorizations with opaque identifier id. +

+
++ + + + + + + + + + + + + + + + + + + + + + +

authority :

A PolkitBackendAuthority.

caller :

The system bus name that initiated the query.

id :

The opaque identifier of the temporary authorization.

error :

Return location for error.

Returns :

 +TRUE if the operation succeeded, FALSE if error is set.
+
+
+
+

polkit_backend_authority_get ()

+
PolkitBackendAuthority * polkit_backend_authority_get   (void);
+

+Loads all GIOModules from $(libdir)/polkit-1/extensions to determine +what implementation of PolkitBackendAuthority to use. Then instantiates an object of the +implementation with the highest priority and unloads all other modules. +

+
++ + + + +

Returns :

A PolkitBackendAuthority. Free with g_object_unref().
+
+
+
+

polkit_backend_authority_register ()

+
gpointer            polkit_backend_authority_register   (PolkitBackendAuthority *authority,
+                                                         GDBusConnection *connection,
+                                                         const gchar *object_path,
+                                                         GError **error);
+

+Registers authority on a GDBusConnection. +

+
++ + + + + + + + + + + + + + + + + + + + + + +

connection :

The GDBusConnection to register the authority on.

authority :

A PolkitBackendAuthority.

object_path :

Object path of the authority.

error :

Return location for error.

Returns :

A gpointer that can be used with polkit_backend_authority_unregister() or NULL if error is set.
+
+
+
+

polkit_backend_authority_unregister ()

+
void                polkit_backend_authority_unregister (gpointer registration_id);
+

+Unregisters a PolkitBackendAuthority registered with polkit_backend_authority_register(). +

+
++ + + + +

registration_id :

A gpointer obtained from polkit_backend_authority_register().
+
+
+
+

Signal Details

+
+

The "changed" signal

+
void                user_function                      (PolkitBackendAuthority *authority,
+                                                        gpointer                user_data)      : Run Last
+

+Emitted when actions and/or authorizations change. +

+
++ + + + + + + + + + +

authority :

A PolkitBackendAuthority.

user_data :

user data set when the signal handler was connected.
+
+
+
+

See Also

+PolkitBackendLocalAuthority +
+
+
+
+ Generated by GTK-Doc V1.18
+ + \ No newline at end of file diff --git a/docs/polkit/html/PolkitBackendInteractiveAuthority.html b/docs/polkit/html/PolkitBackendInteractiveAuthority.html new file mode 100644 index 00000000..6d38ac02 --- /dev/null +++ b/docs/polkit/html/PolkitBackendInteractiveAuthority.html @@ -0,0 +1,275 @@ + + + + +PolkitBackendInteractiveAuthority + + + + + + + + + + + + + + + + + + + +
+
+
+ + +
+

PolkitBackendInteractiveAuthority

+

PolkitBackendInteractiveAuthority — Interactive Authority

+
+
+

Stability Level

+Unstable, unless otherwise indicated +
+
+

Synopsis

+
                    PolkitBackendInteractiveAuthority;
+struct              PolkitBackendInteractiveAuthorityClass;
+GList *             polkit_backend_interactive_authority_get_admin_identities
+                                                        (PolkitBackendInteractiveAuthority *authority,
+                                                         PolkitSubject *caller,
+                                                         PolkitSubject *subject,
+                                                         PolkitIdentity *user_for_subject,
+                                                         const gchar *action_id,
+                                                         PolkitDetails *details);
+PolkitImplicitAuthorization polkit_backend_interactive_authority_check_authorization_sync
+                                                        (PolkitBackendInteractiveAuthority *authority,
+                                                         PolkitSubject *caller,
+                                                         PolkitSubject *subject,
+                                                         PolkitIdentity *user_for_subject,
+                                                         gboolean subject_is_local,
+                                                         gboolean subject_is_active,
+                                                         const gchar *action_id,
+                                                         PolkitDetails *details,
+                                                         PolkitImplicitAuthorization implicit,
+                                                         PolkitDetails *out_details);
+
+
+
+

Object Hierarchy

+
+  GObject
+   +----PolkitBackendAuthority
+         +----PolkitBackendInteractiveAuthority
+               +----PolkitBackendLocalAuthority
+
+
+
+

Description

+

+An subclass of PolkitBackendAuthority that supports interaction +with authentication agents. +

+
+
+

Details

+
+

PolkitBackendInteractiveAuthority

+
typedef struct _PolkitBackendInteractiveAuthority PolkitBackendInteractiveAuthority;
+

+The PolkitBackendInteractiveAuthority struct should not be accessed directly. +

+
+
+
+

struct PolkitBackendInteractiveAuthorityClass

+
struct PolkitBackendInteractiveAuthorityClass {
+  PolkitBackendAuthorityClass parent_class;
+
+  /* VTable */
+  GList *                     (*get_admin_identities)          (PolkitBackendInteractiveAuthority *authority,
+                                                                PolkitSubject                     *caller,
+                                                                PolkitSubject                     *subject,
+                                                                PolkitIdentity                    *user_for_subject,
+                                                                const gchar                       *action_id,
+                                                                PolkitDetails                     *details);
+
+  PolkitImplicitAuthorization (*check_authorization_sync) (PolkitBackendInteractiveAuthority *authority,
+                                                           PolkitSubject                     *caller,
+                                                           PolkitSubject                     *subject,
+                                                           PolkitIdentity                    *user_for_subject,
+                                                           gboolean                           subject_is_local,
+                                                           gboolean                           subject_is_active,
+                                                           const gchar                       *action_id,
+                                                           PolkitDetails                     *details,
+                                                           PolkitImplicitAuthorization        implicit,
+                                                           PolkitDetails                     *out_details);
+};
+
+

+Class structure for PolkitBackendInteractiveAuthority. +

+
++ + + + + + + + + + + + + + +

PolkitBackendAuthorityClass parent_class;

The parent class.

get_admin_identities ()

Returns list of identities for administrator authentication or NULL to use the default +implementation. See polkit_backend_interactive_authority_get_admin_identities() for details.

check_authorization_sync ()

Checks for an authorization or NULL to use the default implementation. +See polkit_backend_interactive_authority_check_authorization_sync() for details.
+
+
+
+

polkit_backend_interactive_authority_get_admin_identities ()

+
GList *             polkit_backend_interactive_authority_get_admin_identities
+                                                        (PolkitBackendInteractiveAuthority *authority,
+                                                         PolkitSubject *caller,
+                                                         PolkitSubject *subject,
+                                                         PolkitIdentity *user_for_subject,
+                                                         const gchar *action_id,
+                                                         PolkitDetails *details);
+

+Gets a list of identities to use for administrator authentication. +

+

+The default implementation returns a list with a single element for the super user. +

+
++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

authority :

A PolkitBackendInteractiveAuthority.

caller :

The subject that is inquiring whether subject is authorized.

subject :

The subject we are about to authenticate for.

user_for_subject :

The user of the subject we are about to authenticate for.

action_id :

The action we are about to authenticate for.

details :

Details about the action.

Returns :

A list of PolkitIdentity objects. Free each element +g_object_unref(), then free the list with g_list_free().
+
+
+
+

polkit_backend_interactive_authority_check_authorization_sync ()

+
PolkitImplicitAuthorization polkit_backend_interactive_authority_check_authorization_sync
+                                                        (PolkitBackendInteractiveAuthority *authority,
+                                                         PolkitSubject *caller,
+                                                         PolkitSubject *subject,
+                                                         PolkitIdentity *user_for_subject,
+                                                         gboolean subject_is_local,
+                                                         gboolean subject_is_active,
+                                                         const gchar *action_id,
+                                                         PolkitDetails *details,
+                                                         PolkitImplicitAuthorization implicit,
+                                                         PolkitDetails *out_details);
+

+Checks whether subject is authorized to perform the action +specified by action_id and details. The implementation may +append key/value pairs to out_details to return extra information +to caller. +

+

+The default implementation of this method simply returns implicit. +

+
++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

authority :

A PolkitBackendInteractiveAuthority.

caller :

The subject that is inquiring whether subject is authorized.

subject :

The subject we are checking an authorization for.

user_for_subject :

The user of the subject we are checking an authorization for.

subject_is_local :

 +TRUE if the session for subject is local.

subject_is_active :

 +TRUE if the session for subject is active.

action_id :

The action we are checking an authorization for.

details :

Details about the action.

implicit :

A PolkitImplicitAuthorization value computed from the policy file and subject.

out_details :

A PolkitDetails object that will be return to caller.

Returns :

A PolkitImplicitAuthorization that specifies if the subject is authorized or whether +authentication is required.
+
+
+
+
+
+ Generated by GTK-Doc V1.18
+ + \ No newline at end of file diff --git a/docs/polkit/html/PolkitBackendLocalAuthority.html b/docs/polkit/html/PolkitBackendLocalAuthority.html new file mode 100644 index 00000000..82722b6c --- /dev/null +++ b/docs/polkit/html/PolkitBackendLocalAuthority.html @@ -0,0 +1,126 @@ + + + + +PolkitBackendLocalAuthority + + + + + + + + + + + + + + + + + + + +
+
+
+ + +
+

PolkitBackendLocalAuthority

+

PolkitBackendLocalAuthority — Local Authority

+
+
+

Stability Level

+Unstable, unless otherwise indicated +
+
+

Synopsis

+
                    PolkitBackendLocalAuthority;
+struct              PolkitBackendLocalAuthorityClass;
+
+
+
+

Object Hierarchy

+
+  GObject
+   +----PolkitBackendAuthority
+         +----PolkitBackendInteractiveAuthority
+               +----PolkitBackendLocalAuthority
+
+
+
+

Properties

+
+  "auth-store-paths"         gchar*                : Write / Construct Only
+  "config-path"              gchar*                : Write / Construct Only
+
+
+
+

Description

+

+An implementation of PolkitBackendAuthority that stores +authorizations on the local file system, supports interaction with +authentication agents (virtue of being based on +PolkitBackendInteractiveAuthority). +

+
+
+

Details

+
+

PolkitBackendLocalAuthority

+
typedef struct _PolkitBackendLocalAuthority PolkitBackendLocalAuthority;
+

+The PolkitBackendLocalAuthority struct should not be accessed directly. +

+
+
+
+

struct PolkitBackendLocalAuthorityClass

+
struct PolkitBackendLocalAuthorityClass {
+  PolkitBackendInteractiveAuthorityClass parent_class;
+};
+
+

+Class structure for PolkitBackendLocalAuthority. +

+
++ + + + +

PolkitBackendInteractiveAuthorityClass parent_class;

The parent class.
+
+
+
+

Property Details

+
+

The "auth-store-paths" property

+
  "auth-store-paths"         gchar*                : Write / Construct Only
+

Semi-colon separated list of Authorization Store 'top' directories.

+

Default value: "/var/lib/polkit-1/localauthority;/etc/polkit-1/localauthority"

+
+
+
+

The "config-path" property

+
  "config-path"              gchar*                : Write / Construct Only
+

Path to directory of LocalAuthority config files.

+

Default value: "/etc/polkit-1/localauthority.conf.d"

+
+
+
+
+
+ Generated by GTK-Doc V1.18
+ + \ No newline at end of file diff --git a/docs/polkit/html/PolkitDetails.html b/docs/polkit/html/PolkitDetails.html new file mode 100644 index 00000000..81cb056a --- /dev/null +++ b/docs/polkit/html/PolkitDetails.html @@ -0,0 +1,180 @@ + + + + +PolkitDetails + + + + + + + + + + + + + + + + + + + +
+
+
+ + +
+

PolkitDetails

+

PolkitDetails — Object used for passing details

+
+
+

Stability Level

+Stable, unless otherwise indicated +
+
+

Synopsis

+
                    PolkitDetails;
+PolkitDetails *     polkit_details_new                  (void);
+const gchar *       polkit_details_lookup               (PolkitDetails *details,
+                                                         const gchar *key);
+void                polkit_details_insert               (PolkitDetails *details,
+                                                         const gchar *key,
+                                                         const gchar *value);
+gchar **            polkit_details_get_keys             (PolkitDetails *details);
+
+
+
+

Object Hierarchy

+
+  GObject
+   +----PolkitDetails
+
+
+
+

Description

+

+An object used for passing details around. +

+
+
+

Details

+
+

PolkitDetails

+
typedef struct _PolkitDetails PolkitDetails;
+

+The PolkitDetails struct should not be accessed directly. +

+
+
+
+

polkit_details_new ()

+
PolkitDetails *     polkit_details_new                  (void);
+

+Creates a new PolkitDetails object. +

+
++ + + + +

Returns :

A PolkitDetails object. Free with g_object_unref().
+
+
+
+

polkit_details_lookup ()

+
const gchar *       polkit_details_lookup               (PolkitDetails *details,
+                                                         const gchar *key);
+

+Gets the value for key on details. +

+
++ + + + + + + + + + + + + + +

details :

A PolkitDetails.

key :

A key.

Returns :

 +NULL if there is no value for key, otherwise a string owned by details. [allow-none] +
+
+
+
+

polkit_details_insert ()

+
void                polkit_details_insert               (PolkitDetails *details,
+                                                         const gchar *key,
+                                                         const gchar *value);
+

+Inserts a copy of key and value on details. +

+
++ + + + + + + + + + + + + + +

details :

A PolkitDetails.

key :

A key.

value :

A value. [allow-none] +
+
+
+
+

polkit_details_get_keys ()

+
gchar **            polkit_details_get_keys             (PolkitDetails *details);
+

+Gets a list of all keys on details. +

+
++ + + + + + + + + + +

details :

A PolkitDetails.

Returns :

 +NULL if there are no keys +otherwise an array of strings that should be freed with +g_strfreev(). [transfer full][allow-none] +
+
+
+
+
+
+ Generated by GTK-Doc V1.18
+ + \ No newline at end of file diff --git a/docs/polkit/html/PolkitError.html b/docs/polkit/html/PolkitError.html new file mode 100644 index 00000000..3ea3ac14 --- /dev/null +++ b/docs/polkit/html/PolkitError.html @@ -0,0 +1,115 @@ + + + + +PolkitError + + + + + + + + + + + + + + + + + + + +
+
+
+ + +
+

PolkitError

+

PolkitError — Error codes

+
+
+

Synopsis

+
#define             POLKIT_ERROR
+enum                PolkitError;
+
+
+
+

Object Hierarchy

+
+  GEnum
+   +----PolkitError
+
+
+
+

Description

+

+Error codes. +

+
+
+

Details

+
+

POLKIT_ERROR

+
#define POLKIT_ERROR (polkit_error_quark())
+
+

+Error domain for errors when using PolicyKit. Errors in this domain will be from the PolkitError +enumeration. See GError for information on error domains +

+
+
+
+

enum PolkitError

+
typedef enum {
+  POLKIT_ERROR_FAILED = 0,
+  POLKIT_ERROR_CANCELLED = 1,
+  POLKIT_ERROR_NOT_SUPPORTED = 2,
+  POLKIT_ERROR_NOT_AUTHORIZED = 3,
+} PolkitError;
+
+

+Possible error when using PolicyKit. +

+
++ + + + + + + + + + + + + + + + + + +

POLKIT_ERROR_FAILED

The operation failed. +

POLKIT_ERROR_CANCELLED

The operation was cancelled. +

POLKIT_ERROR_NOT_SUPPORTED

Operation is not supported. +

POLKIT_ERROR_NOT_AUTHORIZED

Not authorized to perform operation. +
+
+
+
+
+
+ Generated by GTK-Doc V1.18
+ + \ No newline at end of file diff --git a/docs/polkit/html/PolkitIdentity.html b/docs/polkit/html/PolkitIdentity.html new file mode 100644 index 00000000..3a758a96 --- /dev/null +++ b/docs/polkit/html/PolkitIdentity.html @@ -0,0 +1,239 @@ + + + + +PolkitIdentity + + + + + + + + + + + + + + + + + + + +
+
+
+ + +
+

PolkitIdentity

+

PolkitIdentity — Type for representing identities

+
+
+

Synopsis

+
                    PolkitIdentity;
+struct              PolkitIdentityIface;
+guint               polkit_identity_hash                (PolkitIdentity *identity);
+gboolean            polkit_identity_equal               (PolkitIdentity *a,
+                                                         PolkitIdentity *b);
+gchar *             polkit_identity_to_string           (PolkitIdentity *identity);
+PolkitIdentity *    polkit_identity_from_string         (const gchar *str,
+                                                         GError **error);
+
+
+
+

Object Hierarchy

+
+  GInterface
+   +----PolkitIdentity
+
+
+
+

Prerequisites

+

+PolkitIdentity requires + GObject.

+
+
+

Known Implementations

+

+PolkitIdentity is implemented by + PolkitUnixGroup, PolkitUnixNetgroup and PolkitUnixUser.

+
+
+

Description

+

+PolkitIdentity is an abstract type for representing one or more +identities. +

+
+
+

Details

+
+

PolkitIdentity

+
typedef struct _PolkitIdentity PolkitIdentity;
+

+Generic type for all objects that can be used as identities. +

+
+
+
+

struct PolkitIdentityIface

+
struct PolkitIdentityIface {
+  GTypeInterface parent_iface;
+
+  guint    (*hash)      (PolkitIdentity *identity);
+
+  gboolean (*equal)     (PolkitIdentity *a,
+                         PolkitIdentity *b);
+
+  gchar *  (*to_string) (PolkitIdentity *identity);
+};
+
+

+An interface for identities. +

+
++ + + + + + + + + + + + + + + + + + +

GTypeInterface parent_iface;

The parent interface.

hash ()

Gets a hash value for a PolkitIdentity.

equal ()

Checks if two PolkitIdentitys are equal.

to_string ()

Serializes a PolkitIdentity to a string that can be +used in polkit_identity_from_string().
+
+
+
+

polkit_identity_hash ()

+
guint               polkit_identity_hash                (PolkitIdentity *identity);
+

+Gets a hash code for identity that can be used with e.g. g_hash_table_new(). +

+
++ + + + + + + + + + +

identity :

A PolkitIdentity.

Returns :

A hash code.
+
+
+
+

polkit_identity_equal ()

+
gboolean            polkit_identity_equal               (PolkitIdentity *a,
+                                                         PolkitIdentity *b);
+

+Checks if a and b are equal, ie. represent the same identity. +

+

+This function can be used in e.g. g_hash_table_new(). +

+
++ + + + + + + + + + + + + + +

a :

A PolkitIdentity.

b :

A PolkitIdentity.

Returns :

 +TRUE if a and b are equal, FALSE otherwise.
+
+
+
+

polkit_identity_to_string ()

+
gchar *             polkit_identity_to_string           (PolkitIdentity *identity);
+

+Serializes identity to a string that can be used in +polkit_identity_from_string(). +

+
++ + + + + + + + + + +

identity :

A PolkitIdentity.

Returns :

A string representing identity. Free with g_free().
+
+
+
+

polkit_identity_from_string ()

+
PolkitIdentity *    polkit_identity_from_string         (const gchar *str,
+                                                         GError **error);
+

+Creates an object from str that implements the PolkitIdentity +interface. +

+
++ + + + + + + + + + + + + + +

str :

A string obtained from polkit_identity_to_string().

error :

Return location for error.

Returns :

A PolkitIdentity or NULL +if error is set. Free with g_object_unref(). [allow-none][transfer full] +
+
+
+
+
+
+ Generated by GTK-Doc V1.18
+ + \ No newline at end of file diff --git a/docs/polkit/html/PolkitPermission.html b/docs/polkit/html/PolkitPermission.html new file mode 100644 index 00000000..27a82d01 --- /dev/null +++ b/docs/polkit/html/PolkitPermission.html @@ -0,0 +1,293 @@ + + + + +PolkitPermission + + + + + + + + + + + + + + + + + + + +
+
+
+ + +
+

PolkitPermission

+

PolkitPermission — PolicyKit GPermission implementation

+
+
+

Stability Level

+Stable, unless otherwise indicated +
+
+

Synopsis

+
                    PolkitPermission;
+void                polkit_permission_new               (const gchar *action_id,
+                                                         PolkitSubject *subject,
+                                                         GCancellable *cancellable,
+                                                         GAsyncReadyCallback callback,
+                                                         gpointer user_data);
+GPermission *       polkit_permission_new_finish        (GAsyncResult *res,
+                                                         GError **error);
+GPermission *       polkit_permission_new_sync          (const gchar *action_id,
+                                                         PolkitSubject *subject,
+                                                         GCancellable *cancellable,
+                                                         GError **error);
+const gchar *       polkit_permission_get_action_id     (PolkitPermission *permission);
+PolkitSubject *     polkit_permission_get_subject       (PolkitPermission *permission);
+
+
+
+

Object Hierarchy

+
+  GObject
+   +----GPermission
+         +----PolkitPermission
+
+
+
+

Implemented Interfaces

+

+PolkitPermission implements + GInitable and GAsyncInitable.

+
+
+

Properties

+
+  "action-id"                gchar*                : Read / Write / Construct Only
+  "subject"                  PolkitSubject*        : Read / Write / Construct Only
+
+
+
+

Description

+

+PolkitPermission is a GPermission implementation. It can be used +with e.g. GtkLockButton. See the GPermission documentation for +more information. +

+
+
+

Details

+
+

PolkitPermission

+
typedef struct _PolkitPermission PolkitPermission;
+

+The PolkitPermission struct should not be accessed directly. +

+
+
+
+

polkit_permission_new ()

+
void                polkit_permission_new               (const gchar *action_id,
+                                                         PolkitSubject *subject,
+                                                         GCancellable *cancellable,
+                                                         GAsyncReadyCallback callback,
+                                                         gpointer user_data);
+

+Creates a GPermission instance for the PolicyKit action +action_id. +

+

+When the operation is finished, callback will be invoked. You can +then call polkit_permission_new_finish() to get the result of the +operation. +

+

+This is a asynchronous failable constructor. See +polkit_permission_new_sync() for the synchronous version. +

+
++ + + + + + + + + + + + + + + + + + + + + + +

action_id :

The PolicyKit action identifier.

subject :

A PolkitSubject or NULL for the current process. [allow-none] +

cancellable :

A GCancellable or NULL. [allow-none] +

callback :

A GAsyncReadyCallback to call when the request is satisfied.

user_data :

The data to pass to callback.
+
+
+
+

polkit_permission_new_finish ()

+
GPermission *       polkit_permission_new_finish        (GAsyncResult *res,
+                                                         GError **error);
+

+Finishes an operation started with polkit_permission_new(). +

+
++ + + + + + + + + + + + + + +

res :

A GAsyncResult obtained from the GAsyncReadyCallback passed to polkit_permission_new().

error :

Return location for error or NULL. [allow-none] +

Returns :

A GPermission or NULL if error is set.
+
+
+
+

polkit_permission_new_sync ()

+
GPermission *       polkit_permission_new_sync          (const gchar *action_id,
+                                                         PolkitSubject *subject,
+                                                         GCancellable *cancellable,
+                                                         GError **error);
+

+Creates a GPermission instance for the PolicyKit action +action_id. +

+

+This is a synchronous failable constructor. See +polkit_permission_new() for the asynchronous version. +

+
++ + + + + + + + + + + + + + + + + + + + + + +

action_id :

The PolicyKit action identifier.

subject :

A PolkitSubject or NULL for the current process. [allow-none] +

cancellable :

A GCancellable or NULL. [allow-none] +

error :

Return location for error or NULL. [allow-none] +

Returns :

A GPermission or NULL if error is set.
+
+
+
+

polkit_permission_get_action_id ()

+
const gchar *       polkit_permission_get_action_id     (PolkitPermission *permission);
+

+Gets the PolicyKit action identifier used for permission. +

+
++ + + + + + + + + + +

permission :

A PolkitPermission.

Returns :

A string owned by permission. Do not free.
+
+
+
+

polkit_permission_get_subject ()

+
PolkitSubject *     polkit_permission_get_subject       (PolkitPermission *permission);
+

+Gets the subject used for permission. +

+
++ + + + + + + + + + +

permission :

A PolkitPermission.

Returns :

An object owned by permission. Do not free. [transfer none] +
+
+
+
+

Property Details

+
+

The "action-id" property

+
  "action-id"                gchar*                : Read / Write / Construct Only
+

+The action identifier to use for the permission. +

+

Default value: NULL

+
+
+
+

The "subject" property

+
  "subject"                  PolkitSubject*        : Read / Write / Construct Only
+

+The PolkitSubject to use for the permission. If not set during +construction, it will be set to match the current process. +

+
+
+
+
+
+ Generated by GTK-Doc V1.18
+ + \ No newline at end of file diff --git a/docs/polkit/html/PolkitSubject.html b/docs/polkit/html/PolkitSubject.html new file mode 100644 index 00000000..609f2eb1 --- /dev/null +++ b/docs/polkit/html/PolkitSubject.html @@ -0,0 +1,387 @@ + + + + +PolkitSubject + + + + + + + + + + + + + + + + + + + +
+
+
+ + +
+

PolkitSubject

+

PolkitSubject — Type for representing subjects

+
+
+

Synopsis

+
                    PolkitSubject;
+struct              PolkitSubjectIface;
+guint               polkit_subject_hash                 (PolkitSubject *subject);
+gboolean            polkit_subject_equal                (PolkitSubject *a,
+                                                         PolkitSubject *b);
+void                polkit_subject_exists               (PolkitSubject *subject,
+                                                         GCancellable *cancellable,
+                                                         GAsyncReadyCallback callback,
+                                                         gpointer user_data);
+gboolean            polkit_subject_exists_finish        (PolkitSubject *subject,
+                                                         GAsyncResult *res,
+                                                         GError **error);
+gboolean            polkit_subject_exists_sync          (PolkitSubject *subject,
+                                                         GCancellable *cancellable,
+                                                         GError **error);
+gchar *             polkit_subject_to_string            (PolkitSubject *subject);
+PolkitSubject *     polkit_subject_from_string          (const gchar *str,
+                                                         GError **error);
+
+
+
+

Object Hierarchy

+
+  GInterface
+   +----PolkitSubject
+
+
+
+

Prerequisites

+

+PolkitSubject requires + GObject.

+
+
+

Known Implementations

+

+PolkitSubject is implemented by + PolkitSystemBusName, PolkitUnixProcess and PolkitUnixSession.

+
+
+

Description

+

+PolkitSubject is an abstract type for representing one or more +processes. +

+
+
+

Details

+
+

PolkitSubject

+
typedef struct _PolkitSubject PolkitSubject;
+

+Generic type for all objects that can be used as subjects. +

+
+
+
+

struct PolkitSubjectIface

+
struct PolkitSubjectIface {
+  GTypeInterface parent_iface;
+
+  guint    (*hash)          (PolkitSubject       *subject);
+
+  gboolean (*equal)         (PolkitSubject       *a,
+                             PolkitSubject       *b);
+
+  gchar *  (*to_string)     (PolkitSubject       *subject);
+
+  void     (*exists)        (PolkitSubject       *subject,
+                             GCancellable        *cancellable,
+                             GAsyncReadyCallback  callback,
+                             gpointer             user_data);
+
+  gboolean (*exists_finish) (PolkitSubject       *subject,
+                             GAsyncResult        *res,
+                             GError             **error);
+
+  gboolean (*exists_sync)   (PolkitSubject       *subject,
+                             GCancellable        *cancellable,
+                             GError             **error);
+};
+
+

+An interface for subjects. +

+
++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

GTypeInterface parent_iface;

The parent interface.

hash ()

Gets a hash value for a PolkitSubject.

equal ()

Checks if two PolkitSubjects are equal.

to_string ()

Serializes a PolkitSubject to a string that can be +used in polkit_subject_from_string().

exists ()

Asynchronously check if a PolkitSubject exists.

exists_finish ()

Finishes checking if a PolkitSubject exists.

exists_sync ()

Synchronously check if a PolkitSubject exists.
+
+
+
+

polkit_subject_hash ()

+
guint               polkit_subject_hash                 (PolkitSubject *subject);
+

+Gets a hash code for subject that can be used with e.g. g_hash_table_new(). +

+
++ + + + + + + + + + +

subject :

A PolkitSubject.

Returns :

A hash code.
+
+
+
+

polkit_subject_equal ()

+
gboolean            polkit_subject_equal                (PolkitSubject *a,
+                                                         PolkitSubject *b);
+

+Checks if a and b are equal, ie. represent the same subject. +

+

+This function can be used in e.g. g_hash_table_new(). +

+
++ + + + + + + + + + + + + + +

a :

A PolkitSubject.

b :

A PolkitSubject.

Returns :

 +TRUE if a and b are equal, FALSE otherwise.
+
+
+
+

polkit_subject_exists ()

+
void                polkit_subject_exists               (PolkitSubject *subject,
+                                                         GCancellable *cancellable,
+                                                         GAsyncReadyCallback callback,
+                                                         gpointer user_data);
+

+Asynchronously checks if subject exists. +

+

+When the operation is finished, callback will be invoked in the +thread-default +main loop of the thread you are calling this method +from. You can then call polkit_subject_exists_finish() to get the +result of the operation. +

+
++ + + + + + + + + + + + + + + + + + +

subject :

A PolkitSubject.

cancellable :

A GCancellable or NULL. [allow-none] +

callback :

A GAsyncReadyCallback to call when the request is satisfied

user_data :

The data to pass to callback.
+
+
+
+

polkit_subject_exists_finish ()

+
gboolean            polkit_subject_exists_finish        (PolkitSubject *subject,
+                                                         GAsyncResult *res,
+                                                         GError **error);
+

+Finishes checking whether a subject exists. +

+
++ + + + + + + + + + + + + + + + + + +

subject :

A PolkitSubject.

res :

A GAsyncResult obtained from the GAsyncReadyCallback passed to polkit_subject_exists().

error :

Return location for error or NULL. [allow-none] +

Returns :

 +TRUE if the subject exists, FALSE if not or error is set.
+
+
+
+

polkit_subject_exists_sync ()

+
gboolean            polkit_subject_exists_sync          (PolkitSubject *subject,
+                                                         GCancellable *cancellable,
+                                                         GError **error);
+

+Checks if subject exists. +

+

+This is a synchronous blocking call - the calling thread is blocked +until a reply is received. See polkit_subject_exists() for the +asynchronous version. +

+
++ + + + + + + + + + + + + + + + + + +

subject :

A PolkitSubject.

cancellable :

A GCancellable or NULL. [allow-none] +

error :

Return location for error or NULL. [allow-none] +

Returns :

 +TRUE if the subject exists, FALSE if not or error is set.
+
+
+
+

polkit_subject_to_string ()

+
gchar *             polkit_subject_to_string            (PolkitSubject *subject);
+

+Serializes subject to a string that can be used in +polkit_subject_from_string(). +

+
++ + + + + + + + + + +

subject :

A PolkitSubject.

Returns :

A string representing subject. Free with g_free().
+
+
+
+

polkit_subject_from_string ()

+
PolkitSubject *     polkit_subject_from_string          (const gchar *str,
+                                                         GError **error);
+

+Creates an object from str that implements the PolkitSubject +interface. +

+
++ + + + + + + + + + + + + + +

str :

A string obtained from polkit_subject_to_string().

error :

Return location for error or NULL. [allow-none] +

Returns :

A PolkitSubject or NULL if error is +set. Free with g_object_unref(). [transfer full] +
+
+
+
+
+
+ Generated by GTK-Doc V1.18
+ + \ No newline at end of file diff --git a/docs/polkit/html/PolkitSystemBusName.html b/docs/polkit/html/PolkitSystemBusName.html new file mode 100644 index 00000000..a9962215 --- /dev/null +++ b/docs/polkit/html/PolkitSystemBusName.html @@ -0,0 +1,209 @@ + + + + +PolkitSystemBusName + + + + + + + + + + + + + + + + + + + +
+
+
+ + +
+

PolkitSystemBusName

+

PolkitSystemBusName — Unique system bus names

+
+
+

Synopsis

+
                    PolkitSystemBusName;
+PolkitSubject *     polkit_system_bus_name_new          (const gchar *name);
+const gchar *       polkit_system_bus_name_get_name     (PolkitSystemBusName *system_bus_name);
+void                polkit_system_bus_name_set_name     (PolkitSystemBusName *system_bus_name,
+                                                         const gchar *name);
+PolkitSubject *     polkit_system_bus_name_get_process_sync
+                                                        (PolkitSystemBusName *system_bus_name,
+                                                         GCancellable *cancellable,
+                                                         GError **error);
+
+
+
+

Object Hierarchy

+
+  GObject
+   +----PolkitSystemBusName
+
+
+
+

Implemented Interfaces

+

+PolkitSystemBusName implements + PolkitSubject.

+
+
+

Properties

+
+  "name"                     gchar*                : Read / Write / Construct
+
+
+
+

Description

+

+An object that represents a process owning a unique name on the system bus. +

+
+
+

Details

+
+

PolkitSystemBusName

+
typedef struct _PolkitSystemBusName PolkitSystemBusName;
+
+
+
+

polkit_system_bus_name_new ()

+
PolkitSubject *     polkit_system_bus_name_new          (const gchar *name);
+

+Creates a new PolkitSystemBusName for name. +

+
++ + + + + + + + + + +

name :

A unique system bus name.

Returns :

A PolkitSystemBusName. Free with g_object_unref(). [transfer full] +
+
+
+
+

polkit_system_bus_name_get_name ()

+
const gchar *       polkit_system_bus_name_get_name     (PolkitSystemBusName *system_bus_name);
+

+Gets the unique system bus name for system_bus_name. +

+
++ + + + + + + + + + +

system_bus_name :

A PolkitSystemBusName.

Returns :

The unique system bus name for system_bus_name. Do not +free, this string is owned by system_bus_name.
+
+
+
+

polkit_system_bus_name_set_name ()

+
void                polkit_system_bus_name_set_name     (PolkitSystemBusName *system_bus_name,
+                                                         const gchar *name);
+

+Sets the unique system bus name for system_bus_name. +

+
++ + + + + + + + + + +

system_bus_name :

A PolkitSystemBusName.

name :

A unique system bus name.
+
+
+
+

polkit_system_bus_name_get_process_sync ()

+
PolkitSubject *     polkit_system_bus_name_get_process_sync
+                                                        (PolkitSystemBusName *system_bus_name,
+                                                         GCancellable *cancellable,
+                                                         GError **error);
+

+Synchronously gets a PolkitUnixProcess object for system_bus_name +

+

  • the calling thread is blocked until a reply is received.

+

+

+
++ + + + + + + + + + + + + + + + + + +

system_bus_name :

A PolkitSystemBusName.

cancellable :

A GCancellable or NULL. [allow-none] +

error :

Return location for error or NULL. [allow-none] +

Returns :

A PolkitUnixProcess object or NULL if error is set. [allow-none][transfer full] +
+
+
+
+

Property Details

+
+

The "name" property

+
  "name"                     gchar*                : Read / Write / Construct
+

+The unique name on the system message bus. +

+

Default value: NULL

+
+
+
+
+
+ Generated by GTK-Doc V1.18
+ + \ No newline at end of file diff --git a/docs/polkit/html/PolkitTemporaryAuthorization.html b/docs/polkit/html/PolkitTemporaryAuthorization.html new file mode 100644 index 00000000..7062af38 --- /dev/null +++ b/docs/polkit/html/PolkitTemporaryAuthorization.html @@ -0,0 +1,202 @@ + + + + +PolkitTemporaryAuthorization + + + + + + + + + + + + + + + + + + + +
+
+
+ + +
+

PolkitTemporaryAuthorization

+

PolkitTemporaryAuthorization — Temporary Authorizations

+
+
+

Synopsis

+
                    PolkitTemporaryAuthorization;
+const gchar *       polkit_temporary_authorization_get_id
+                                                        (PolkitTemporaryAuthorization *authorization);
+const gchar *       polkit_temporary_authorization_get_action_id
+                                                        (PolkitTemporaryAuthorization *authorization);
+PolkitSubject *     polkit_temporary_authorization_get_subject
+                                                        (PolkitTemporaryAuthorization *authorization);
+guint64             polkit_temporary_authorization_get_time_obtained
+                                                        (PolkitTemporaryAuthorization *authorization);
+guint64             polkit_temporary_authorization_get_time_expires
+                                                        (PolkitTemporaryAuthorization *authorization);
+
+
+
+

Object Hierarchy

+
+  GObject
+   +----PolkitTemporaryAuthorization
+
+
+
+

Description

+

+Object used to describe a temporary authorization. +

+
+
+

Details

+
+

PolkitTemporaryAuthorization

+
typedef struct _PolkitTemporaryAuthorization PolkitTemporaryAuthorization;
+

+The PolkitTemporaryAuthorization struct should not be accessed directly. +

+
+
+
+

polkit_temporary_authorization_get_id ()

+
const gchar *       polkit_temporary_authorization_get_id
+                                                        (PolkitTemporaryAuthorization *authorization);
+

+Gets the opaque identifier for authorization. +

+
++ + + + + + + + + + +

authorization :

A PolkitTemporaryAuthorization.

Returns :

A string owned by authorization. Do not free.
+
+
+
+

polkit_temporary_authorization_get_action_id ()

+
const gchar *       polkit_temporary_authorization_get_action_id
+                                                        (PolkitTemporaryAuthorization *authorization);
+

+Gets the action that authorization is for. +

+
++ + + + + + + + + + +

authorization :

A PolkitTemporaryAuthorization.

Returns :

A string owned by authorization. Do not free.
+
+
+
+

polkit_temporary_authorization_get_subject ()

+
PolkitSubject *     polkit_temporary_authorization_get_subject
+                                                        (PolkitTemporaryAuthorization *authorization);
+

+Gets the subject that authorization is for. +

+
++ + + + + + + + + + +

authorization :

A PolkitTemporaryAuthorization.

Returns :

A PolkitSubject, free with g_object_unref(). [transfer full] +
+
+
+
+

polkit_temporary_authorization_get_time_obtained ()

+
guint64             polkit_temporary_authorization_get_time_obtained
+                                                        (PolkitTemporaryAuthorization *authorization);
+

+Gets the time when authorization was obtained. +

+

+(Note that the PolicyKit daemon is using monotonic time internally +so the returned value may change if system time changes.) +

+
++ + + + + + + + + + +

authorization :

A PolkitTemporaryAuthorization.

Returns :

Seconds since the Epoch Jan 1. 1970, 0:00 UTC.
+
+
+
+

polkit_temporary_authorization_get_time_expires ()

+
guint64             polkit_temporary_authorization_get_time_expires
+                                                        (PolkitTemporaryAuthorization *authorization);
+

+Gets the time when authorization will expire. +

+

+(Note that the PolicyKit daemon is using monotonic time internally +so the returned value may change if system time changes.) +

+
++ + + + + + + + + + +

authorization :

A PolkitTemporaryAuthorization.

Returns :

Seconds since the Epoch Jan 1. 1970, 0:00 UTC.
+
+
+
+
+
+ Generated by GTK-Doc V1.18
+ + \ No newline at end of file diff --git a/docs/polkit/html/PolkitUnixGroup.html b/docs/polkit/html/PolkitUnixGroup.html new file mode 100644 index 00000000..dade5c15 --- /dev/null +++ b/docs/polkit/html/PolkitUnixGroup.html @@ -0,0 +1,201 @@ + + + + +PolkitUnixGroup + + + + + + + + + + + + + + + + + + + +
+
+
+ + +
+

PolkitUnixGroup

+

PolkitUnixGroup — Unix groups

+
+
+

Synopsis

+
                    PolkitUnixGroup;
+PolkitIdentity *    polkit_unix_group_new               (gint gid);
+PolkitIdentity *    polkit_unix_group_new_for_name      (const gchar *name,
+                                                         GError **error);
+gint                polkit_unix_group_get_gid           (PolkitUnixGroup *group);
+void                polkit_unix_group_set_gid           (PolkitUnixGroup *group,
+                                                         gint gid);
+
+
+
+

Object Hierarchy

+
+  GObject
+   +----PolkitUnixGroup
+
+
+
+

Implemented Interfaces

+

+PolkitUnixGroup implements + PolkitIdentity.

+
+
+

Properties

+
+  "gid"                      gint                  : Read / Write / Construct
+
+
+
+

Description

+

+An object representing a group identity on a UNIX system. +

+
+
+

Details

+
+

PolkitUnixGroup

+
typedef struct _PolkitUnixGroup PolkitUnixGroup;
+

+The PolkitUnixGroup struct should not be accessed directly. +

+
+
+
+

polkit_unix_group_new ()

+
PolkitIdentity *    polkit_unix_group_new               (gint gid);
+

+Creates a new PolkitUnixGroup object for gid. +

+
++ + + + + + + + + + +

gid :

A UNIX group id.

Returns :

A PolkitUnixGroup object. Free with g_object_unref(). [transfer full] +
+
+
+
+

polkit_unix_group_new_for_name ()

+
PolkitIdentity *    polkit_unix_group_new_for_name      (const gchar *name,
+                                                         GError **error);
+

+Creates a new PolkitUnixGroup object for a group with the group name +name. +

+
++ + + + + + + + + + + + + + +

name :

A UNIX group name.

error :

Return location for error.

Returns :

(allow-none): A PolkitUnixGroup object or NULL if error +is set. [transfer full] +
+
+
+
+

polkit_unix_group_get_gid ()

+
gint                polkit_unix_group_get_gid           (PolkitUnixGroup *group);
+

+Gets the UNIX group id for group. +

+
++ + + + + + + + + + +

group :

A PolkitUnixGroup.

Returns :

A UNIX group id.
+
+
+
+

polkit_unix_group_set_gid ()

+
void                polkit_unix_group_set_gid           (PolkitUnixGroup *group,
+                                                         gint gid);
+

+Sets gid for group. +

+
++ + + + + + + + + + +

group :

A PolkitUnixGroup.

gid :

A UNIX group id.
+
+
+
+

Property Details

+
+

The "gid" property

+
  "gid"                      gint                  : Read / Write / Construct
+

+The UNIX group id. +

+

Allowed values: >= 0

+

Default value: 0

+
+
+
+
+
+ Generated by GTK-Doc V1.18
+ + \ No newline at end of file diff --git a/docs/polkit/html/PolkitUnixNetgroup.html b/docs/polkit/html/PolkitUnixNetgroup.html new file mode 100644 index 00000000..adf86d65 --- /dev/null +++ b/docs/polkit/html/PolkitUnixNetgroup.html @@ -0,0 +1,153 @@ + + + + +PolkitUnixNetgroup + + + + + + + + + + + + + + + + + + + +
+
+
+ + +
+

PolkitUnixNetgroup

+

PolkitUnixNetgroup — Unix netgroups

+
+
+

Synopsis

+
                    PolkitUnixNetgroup;
+PolkitIdentity *    polkit_unix_netgroup_new            (const gchar *name);
+const gchar *       polkit_unix_netgroup_get_name       (PolkitUnixNetgroup *group);
+void                polkit_unix_netgroup_set_name       (PolkitUnixNetgroup *group,
+                                                         const gchar *name);
+
+
+
+

Object Hierarchy

+
+  GObject
+   +----PolkitUnixNetgroup
+
+
+
+

Implemented Interfaces

+

+PolkitUnixNetgroup implements + PolkitIdentity.

+
+
+

Properties

+
+  "name"                     gchar*                : Read / Write / Construct
+
+
+
+

Description

+

+An object representing a netgroup identity on a UNIX system. +

+
+
+

Details

+
+

PolkitUnixNetgroup

+
typedef struct _PolkitUnixNetgroup PolkitUnixNetgroup;
+

+The PolkitUnixNetgroup struct should not be accessed directly. +

+
+
+
+

polkit_unix_netgroup_new ()

+
PolkitIdentity *    polkit_unix_netgroup_new            (const gchar *name);
+

+Creates a new PolkitUnixNetgroup object for name. +

+
++ + + + + + + + + + +

name :

A netgroup name.

Returns :

A PolkitUnixNetgroup object. Free with g_object_unref(). [transfer full] +
+
+
+
+

polkit_unix_netgroup_get_name ()

+
const gchar *       polkit_unix_netgroup_get_name       (PolkitUnixNetgroup *group);
+

+Gets the netgroup name for group. +

+
++ + + + + + + + + + +

group :

A PolkitUnixNetgroup.

Returns :

A netgroup name string.
+
+
+
+

polkit_unix_netgroup_set_name ()

+
void                polkit_unix_netgroup_set_name       (PolkitUnixNetgroup *group,
+                                                         const gchar *name);
+
+
+
+

Property Details

+
+

The "name" property

+
  "name"                     gchar*                : Read / Write / Construct
+

+The NIS netgroup name. +

+

Default value: NULL

+
+
+
+
+
+ Generated by GTK-Doc V1.18
+ + \ No newline at end of file diff --git a/docs/polkit/html/PolkitUnixProcess.html b/docs/polkit/html/PolkitUnixProcess.html new file mode 100644 index 00000000..ac5ab4df --- /dev/null +++ b/docs/polkit/html/PolkitUnixProcess.html @@ -0,0 +1,366 @@ + + + + +PolkitUnixProcess + + + + + + + + + + + + + + + + + + + +
+
+
+ + +
+

PolkitUnixProcess

+

PolkitUnixProcess — Unix processs

+
+
+

Synopsis

+
                    PolkitUnixProcess;
+PolkitSubject *     polkit_unix_process_new             (gint pid);
+PolkitSubject *     polkit_unix_process_new_full        (gint pid,
+                                                         guint64 start_time);
+PolkitSubject *     polkit_unix_process_new_for_owner   (gint pid,
+                                                         guint64 start_time,
+                                                         gint uid);
+void                polkit_unix_process_set_pid         (PolkitUnixProcess *process,
+                                                         gint pid);
+gint                polkit_unix_process_get_pid         (PolkitUnixProcess *process);
+void                polkit_unix_process_set_start_time  (PolkitUnixProcess *process,
+                                                         guint64 start_time);
+guint64             polkit_unix_process_get_start_time  (PolkitUnixProcess *process);
+void                polkit_unix_process_set_uid         (PolkitUnixProcess *process,
+                                                         gint uid);
+gint                polkit_unix_process_get_uid         (PolkitUnixProcess *process);
+
+
+
+

Object Hierarchy

+
+  GObject
+   +----PolkitUnixProcess
+
+
+
+

Implemented Interfaces

+

+PolkitUnixProcess implements + PolkitSubject.

+
+
+

Properties

+
+  "pid"                      gint                  : Read / Write / Construct
+  "start-time"               guint64               : Read / Write / Construct
+  "uid"                      gint                  : Read / Write / Construct
+
+
+
+

Description

+

+An object for representing a UNIX process. +

+

+To uniquely identify processes, both the process id and the start +time of the process (a monotonic increasing value representing the +time since the kernel was started) is used. +

+
+
+

Details

+
+

PolkitUnixProcess

+
typedef struct _PolkitUnixProcess PolkitUnixProcess;
+

+The PolkitUnixProcess struct should not be accessed directly. +

+
+
+
+

polkit_unix_process_new ()

+
PolkitSubject *     polkit_unix_process_new             (gint pid);
+

+Creates a new PolkitUnixProcess for pid. +

+

+The uid and start time of the process will be looked up in using +e.g. the /proc filesystem depending on the +platform in use. +

+
++ + + + + + + + + + +

pid :

The process id.

Returns :

A PolkitSubject. Free with g_object_unref(). [transfer full] +
+
+
+
+

polkit_unix_process_new_full ()

+
PolkitSubject *     polkit_unix_process_new_full        (gint pid,
+                                                         guint64 start_time);
+

+Creates a new PolkitUnixProcess object for pid and start_time. +

+

+The uid of the process will be looked up in using e.g. the +/proc filesystem depending on the platform in +use. +

+
++ + + + + + + + + + + + + + +

pid :

The process id.

start_time :

The start time for pid.

Returns :

A PolkitSubject. Free with g_object_unref(). [transfer full] +
+
+
+
+

polkit_unix_process_new_for_owner ()

+
PolkitSubject *     polkit_unix_process_new_for_owner   (gint pid,
+                                                         guint64 start_time,
+                                                         gint uid);
+

+Creates a new PolkitUnixProcess object for pid, start_time and uid. +

+
++ + + + + + + + + + + + + + + + + + +

pid :

The process id.

start_time :

The start time for pid or 0 to look it up in e.g. /proc.

uid :

The (real, not effective) uid of the owner of pid or -1 to look it up in e.g. /proc.

Returns :

A PolkitSubject. Free with g_object_unref(). [transfer full] +
+
+
+
+

polkit_unix_process_set_pid ()

+
void                polkit_unix_process_set_pid         (PolkitUnixProcess *process,
+                                                         gint pid);
+

+Sets pid for process. +

+
++ + + + + + + + + + +

process :

A PolkitUnixProcess.

pid :

A process id.
+
+
+
+

polkit_unix_process_get_pid ()

+
gint                polkit_unix_process_get_pid         (PolkitUnixProcess *process);
+

+Gets the process id for process. +

+
++ + + + + + + + + + +

process :

A PolkitUnixProcess.

Returns :

The process id for process.
+
+
+
+

polkit_unix_process_set_start_time ()

+
void                polkit_unix_process_set_start_time  (PolkitUnixProcess *process,
+                                                         guint64 start_time);
+

+Set the start time of process. +

+
++ + + + + + + + + + +

process :

A PolkitUnixProcess.

start_time :

The start time for pid.
+
+
+
+

polkit_unix_process_get_start_time ()

+
guint64             polkit_unix_process_get_start_time  (PolkitUnixProcess *process);
+

+Gets the start time of process. +

+
++ + + + + + + + + + +

process :

A PolkitUnixProcess.

Returns :

The start time of process.
+
+
+
+

polkit_unix_process_set_uid ()

+
void                polkit_unix_process_set_uid         (PolkitUnixProcess *process,
+                                                         gint uid);
+

+Sets the (real, not effective) user id for process. +

+
++ + + + + + + + + + +

process :

A PolkitUnixProcess.

uid :

The user id to set for process or -1 to unset it.
+
+
+
+

polkit_unix_process_get_uid ()

+
gint                polkit_unix_process_get_uid         (PolkitUnixProcess *process);
+

+Gets the user id for process. Note that this is the real user-id, +not the effective user-id. +

+
++ + + + + + + + + + +

process :

A PolkitUnixProcess.

Returns :

The user id for process or -1 if unknown.
+
+
+
+

Property Details

+
+

The "pid" property

+
  "pid"                      gint                  : Read / Write / Construct
+

+The UNIX process id. +

+

Allowed values: >= 0

+

Default value: 0

+
+
+
+

The "start-time" property

+
  "start-time"               guint64               : Read / Write / Construct
+

+The start time of the process. +

+

Default value: 0

+
+
+
+

The "uid" property

+
  "uid"                      gint                  : Read / Write / Construct
+

+The UNIX user id of the process or -1 if unknown. +

+

+Note that this is the real user-id, not the effective user-id. +

+

Allowed values: >= G_MAXULONG

+

Default value: -1

+
+
+
+
+
+ Generated by GTK-Doc V1.18
+ + \ No newline at end of file diff --git a/docs/polkit/html/PolkitUnixSession.html b/docs/polkit/html/PolkitUnixSession.html new file mode 100644 index 00000000..8e219550 --- /dev/null +++ b/docs/polkit/html/PolkitUnixSession.html @@ -0,0 +1,313 @@ + + + + +PolkitUnixSession + + + + + + + + + + + + + + + + + + + +
+
+
+ + +
+

PolkitUnixSession

+

PolkitUnixSession — Unix sessions

+
+
+

Synopsis

+
                    PolkitUnixSession;
+PolkitSubject *     polkit_unix_session_new             (const gchar *session_id);
+void                polkit_unix_session_new_for_process (gint pid,
+                                                         GCancellable *cancellable,
+                                                         GAsyncReadyCallback callback,
+                                                         gpointer user_data);
+PolkitSubject *     polkit_unix_session_new_for_process_finish
+                                                        (GAsyncResult *res,
+                                                         GError **error);
+PolkitSubject *     polkit_unix_session_new_for_process_sync
+                                                        (gint pid,
+                                                         GCancellable *cancellable,
+                                                         GError **error);
+const gchar *       polkit_unix_session_get_session_id  (PolkitUnixSession *session);
+void                polkit_unix_session_set_session_id  (PolkitUnixSession *session,
+                                                         const gchar *session_id);
+
+
+
+

Object Hierarchy

+
+  GObject
+   +----PolkitUnixSession
+
+
+
+

Implemented Interfaces

+

+PolkitUnixSession implements + PolkitSubject, GInitable and GAsyncInitable.

+
+
+

Properties

+
+  "pid"                      gint                  : Write / Construct Only
+  "session-id"               gchar*                : Read / Write / Construct
+
+
+
+

Description

+

+An object that represents an user session. +

+

+The session id is an opaque string obtained from ConsoleKit. +

+
+
+

Details

+
+

PolkitUnixSession

+
typedef struct _PolkitUnixSession PolkitUnixSession;
+

+The PolkitUnixSession struct should not be accessed directly. +

+
+
+
+

polkit_unix_session_new ()

+
PolkitSubject *     polkit_unix_session_new             (const gchar *session_id);
+

+Creates a new PolkitUnixSession for session_id. +

+
++ + + + + + + + + + +

session_id :

The session id.

Returns :

A PolkitUnixSession. Free with g_object_unref(). [transfer full] +
+
+
+
+

polkit_unix_session_new_for_process ()

+
void                polkit_unix_session_new_for_process (gint pid,
+                                                         GCancellable *cancellable,
+                                                         GAsyncReadyCallback callback,
+                                                         gpointer user_data);
+

+Asynchronously creates a new PolkitUnixSession object for the +process with process id pid. +

+

+When the operation is finished, callback will be invoked in the +thread-default +main loop of the thread you are calling this method +from. You can then call +polkit_unix_session_new_for_process_finish() to get the result of +the operation. +

+

+This method constructs the object asynchronously, for the synchronous and blocking version +use polkit_unix_session_new_for_process_sync(). +

+
++ + + + + + + + + + + + + + + + + + +

pid :

The process id of the process to get the session for.

cancellable :

A GCancellable or NULL. [allow-none] +

callback :

A GAsyncReadyCallback to call when the request is satisfied

user_data :

The data to pass to callback.
+
+
+
+

polkit_unix_session_new_for_process_finish ()

+
PolkitSubject *     polkit_unix_session_new_for_process_finish
+                                                        (GAsyncResult *res,
+                                                         GError **error);
+

+Finishes constructing a PolkitSubject for a process id. +

+
++ + + + + + + + + + + + + + +

res :

A GAsyncResult obtained from the GAsyncReadyCallback passed to polkit_unix_session_new_for_process().

error :

Return location for error. [allow-none] +

Returns :

A PolkitUnixSession for the pid passed to +polkit_unix_session_new_for_process() or NULL if error is +set. Free with g_object_unref(). [transfer full][allow-none] +
+
+
+
+

polkit_unix_session_new_for_process_sync ()

+
PolkitSubject *     polkit_unix_session_new_for_process_sync
+                                                        (gint pid,
+                                                         GCancellable *cancellable,
+                                                         GError **error);
+

+Creates a new PolkitUnixSession for the process with process id pid. +

+

+This is a synchronous call - the calling thread is blocked until a +reply is received. For the asynchronous version, see +polkit_unix_session_new_for_process(). +

+
++ + + + + + + + + + + + + + + + + + +

pid :

The process id of the process to get the session for.

cancellable :

A GCancellable or NULL. [allow-none] +

error :

Return location for error. [allow-none] +

Returns :

A PolkitUnixSession for +pid or NULL if error is set. Free with g_object_unref(). [allow-none][transfer full] +
+
+
+
+

polkit_unix_session_get_session_id ()

+
const gchar *       polkit_unix_session_get_session_id  (PolkitUnixSession *session);
+

+Gets the session id for session. +

+
++ + + + + + + + + + +

session :

A PolkitUnixSession.

Returns :

The session id for session. Do not free this string, it +is owned by session.
+
+
+
+

polkit_unix_session_set_session_id ()

+
void                polkit_unix_session_set_session_id  (PolkitUnixSession *session,
+                                                         const gchar *session_id);
+

+Sets the session id for session to session_id. +

+
++ + + + + + + + + + +

session :

A PolkitUnixSession.

session_id :

The session id.
+
+
+
+

Property Details

+
+

The "pid" property

+
  "pid"                      gint                  : Write / Construct Only
+

+The UNIX process id to look up the session. +

+

Allowed values: >= 0

+

Default value: 0

+
+
+
+

The "session-id" property

+
  "session-id"               gchar*                : Read / Write / Construct
+

+The UNIX session id. +

+

Default value: NULL

+
+
+
+
+
+ Generated by GTK-Doc V1.18
+ + \ No newline at end of file diff --git a/docs/polkit/html/PolkitUnixUser.html b/docs/polkit/html/PolkitUnixUser.html new file mode 100644 index 00000000..c4de09e6 --- /dev/null +++ b/docs/polkit/html/PolkitUnixUser.html @@ -0,0 +1,223 @@ + + + + +PolkitUnixUser + + + + + + + + + + + + + + + + + + + +
+
+
+ + +
+

PolkitUnixUser

+

PolkitUnixUser — Unix users

+
+
+

Synopsis

+
                    PolkitUnixUser;
+PolkitIdentity *    polkit_unix_user_new                (gint uid);
+PolkitIdentity *    polkit_unix_user_new_for_name       (const gchar *name,
+                                                         GError **error);
+gint                polkit_unix_user_get_uid            (PolkitUnixUser *user);
+void                polkit_unix_user_set_uid            (PolkitUnixUser *user,
+                                                         gint uid);
+const gchar *       polkit_unix_user_get_name           (PolkitUnixUser *user);
+
+
+
+

Object Hierarchy

+
+  GObject
+   +----PolkitUnixUser
+
+
+
+

Implemented Interfaces

+

+PolkitUnixUser implements + PolkitIdentity.

+
+
+

Properties

+
+  "uid"                      gint                  : Read / Write / Construct
+
+
+
+

Description

+

+An object representing a user identity on a UNIX system. +

+
+
+

Details

+
+

PolkitUnixUser

+
typedef struct _PolkitUnixUser PolkitUnixUser;
+

+The PolkitUnixUser struct should not be accessed directly. +

+
+
+
+

polkit_unix_user_new ()

+
PolkitIdentity *    polkit_unix_user_new                (gint uid);
+

+Creates a new PolkitUnixUser object for uid. +

+
++ + + + + + + + + + +

uid :

A UNIX user id.

Returns :

A PolkitUnixUser object. Free with g_object_unref(). [transfer full] +
+
+
+
+

polkit_unix_user_new_for_name ()

+
PolkitIdentity *    polkit_unix_user_new_for_name       (const gchar *name,
+                                                         GError **error);
+

+Creates a new PolkitUnixUser object for a user with the user name +name. +

+
++ + + + + + + + + + + + + + +

name :

A UNIX user name.

error :

Return location for error.

Returns :

A PolkitUnixUser object or NULL if error is set. [allow-none][transfer full] +
+
+
+
+

polkit_unix_user_get_uid ()

+
gint                polkit_unix_user_get_uid            (PolkitUnixUser *user);
+

+Gets the UNIX user id for user. +

+
++ + + + + + + + + + +

user :

A PolkitUnixUser.

Returns :

A UNIX user id.
+
+
+
+

polkit_unix_user_set_uid ()

+
void                polkit_unix_user_set_uid            (PolkitUnixUser *user,
+                                                         gint uid);
+

+Sets uid for user. +

+
++ + + + + + + + + + +

user :

A PolkitUnixUser.

uid :

A UNIX user id.
+
+
+
+

polkit_unix_user_get_name ()

+
const gchar *       polkit_unix_user_get_name           (PolkitUnixUser *user);
+

+Get the user's name. +

+
++ + + + + + + + + + +

user :

A PolkitUnixUser.

Returns :

User name string or NULL if user uid not found. [allow-none][transfer none] +
+
+
+
+

Property Details

+
+

The "uid" property

+
  "uid"                      gint                  : Read / Write / Construct
+

+The UNIX user id. +

+

Allowed values: >= 0

+

Default value: 0

+
+
+
+
+
+ Generated by GTK-Doc V1.18
+ + \ No newline at end of file diff --git a/docs/polkit/html/eggdbus-interface-org.freedesktop.PolicyKit1.AuthenticationAgent.html b/docs/polkit/html/eggdbus-interface-org.freedesktop.PolicyKit1.AuthenticationAgent.html new file mode 100644 index 00000000..dd196053 --- /dev/null +++ b/docs/polkit/html/eggdbus-interface-org.freedesktop.PolicyKit1.AuthenticationAgent.html @@ -0,0 +1,165 @@ + + + + +org.freedesktop.PolicyKit1.AuthenticationAgent Interface + + + + + + + + + + + + + + + + + + + +
+
+
+ + +
+

org.freedesktop.PolicyKit1.AuthenticationAgent Interface

+

org.freedesktop.PolicyKit1.AuthenticationAgent Interface — Authentication Agent Interface

+
+
+

Methods

+
+BeginAuthentication  (IN  String               action_id,
+                      IN  String               message,
+                      IN  String               icon_name,
+                      IN  Dict<String,String>  details,
+                      IN  String               cookie,
+                      IN  Array<Identity>      identities)
+CancelAuthentication (IN  String               cookie)
+
+
+
+

Description

+

+

+

This D-Bus interface is used for communication between the system-wide PolicyKit daemon and one or more authentication agents each running in a user session.

+

An authentication agent must implement this interface and register (passing the object path of the object implementing the interface) using the RegisterAuthenticationAgent() and UnregisterAuthenticationAgent() methods on the org.freedesktop.PolicyKit1.Authority interface of the PolicyKit daemon.

+

+

+
+
+

Method Details

+
+

BeginAuthentication ()

+
+BeginAuthentication (IN  String               action_id,
+                     IN  String               message,
+                     IN  String               icon_name,
+                     IN  Dict<String,String>  details,
+                     IN  String               cookie,
+                     IN  Array<Identity>      identities)
+
+

+

+

+ Called by the PolicyKit daemon when the authentication agent + needs the user to authenticate as one of the identities in + identities for the action with the + identifier action_id.

+

Upon + succesful authentication, the authentication agent must invoke + the AuthenticationAgentResponse() + method on the org.freedesktop.PolicyKit1.Authority + interface of the PolicyKit daemon before returning. +

+

+

+

+ The authentication agent should not return until after authentication is complete. + If the user dismisses the authentication dialog, the authentication agent should return the org.freedesktop.PolicyKit1.Error.Cancelled error. +

+

+

+
++ + + + + + + + + + + + + + + + + + + + + + + + + + +

IN String action_id:

+The identifier for the action that the user is authentication for. +

IN String message:

+The message to display to the user. This is translated into the locale passed when registering the authentication agent using RegisterAuthenticationAgent(). +

IN String icon_name:

+The themed icon describing the action or the empty string if no icon is set. +

IN Dict<String,String> details:

+ Details about the authentication request. This is a dictionary + of key/value pairs where both key and value are strings. + Known key/value-pairs include + polkit.caller-pid (the process id of the + mechanism making the authorization check) and + polkit.subject-pid (the process id of the + subject the check is for). +

IN String cookie:

+A cookie identifying the authentication request. +

IN Array<Identity> identities:

+An array of Identity structs that the user can use for authentication. +

+
+
+
+

CancelAuthentication ()

+
+CancelAuthentication (IN  String  cookie)
+
+

+Called by the PolicyKit daemon if the authentication agent needs to cancel an authentication dialog. +

+
++ + + + +

IN String cookie:

+The cookie identifying the authentication request. +

+
+
+
+
+
+ Generated by GTK-Doc V1.18
+ + \ No newline at end of file diff --git a/docs/polkit/html/eggdbus-interface-org.freedesktop.PolicyKit1.Authority.html b/docs/polkit/html/eggdbus-interface-org.freedesktop.PolicyKit1.Authority.html new file mode 100644 index 00000000..ab1212fc --- /dev/null +++ b/docs/polkit/html/eggdbus-interface-org.freedesktop.PolicyKit1.Authority.html @@ -0,0 +1,983 @@ + + + + +org.freedesktop.PolicyKit1.Authority Interface + + + + + + + + + + + + + + + + + + + +
+
+
+ + +
+

org.freedesktop.PolicyKit1.Authority Interface

+

org.freedesktop.PolicyKit1.Authority Interface — Authority Interface

+
+
+

Methods

+
+Flags        CheckAuthorizationFlags
+Enumeration  ImplicitAuthorization
+ErrorDomain  org.freedesktop.PolicyKit1.Error.*
+Flags        AuthorityFeatures
+Structure    Subject
+Structure    Identity
+Structure    ActionDescription
+Structure    AuthorizationResult
+Structure    TemporaryAuthorization
+
+EnumerateActions                 (IN  String                         locale,
+                                  OUT Array<ActionDescription>       action_descriptions)
+CheckAuthorization               (IN  Subject                        subject,
+                                  IN  String                         action_id,
+                                  IN  Dict<String,String>            details,
+                                  IN  CheckAuthorizationFlags        flags,
+                                  IN  String                         cancellation_id,
+                                  OUT AuthorizationResult            result)
+CancelCheckAuthorization         (IN  String                         cancellation_id)
+RegisterAuthenticationAgent      (IN  Subject                        subject,
+                                  IN  String                         locale,
+                                  IN  String                         object_path)
+RegisterAuthenticationAgentWithOptions (IN  Subject                  subject,
+                                  IN  String                         locale,
+                                  IN  String                         object_path,
+                                  IN  Dict<String,Variant>     options)
+UnregisterAuthenticationAgent    (IN  Subject                        subject,
+                                  IN  String                         object_path)
+AuthenticationAgentResponse      (IN  String                         cookie,
+                                  IN  Identity                       identity)
+EnumerateTemporaryAuthorizations (IN  Subject                        subject,
+                                  OUT Array<TemporaryAuthorization>  temporary_authorizations)
+RevokeTemporaryAuthorizations    (IN  Subject                        subject)
+RevokeTemporaryAuthorizationById (IN  String                         id)
+
+
+
+

Signals

+
+Changed ()
+
+
+
+

Properties

+
+BackendName         readable     String
+BackendVersion      readable     String
+BackendFeatures     readable     AuthorityFeatures
+
+
+
+

Description

+

+This D-Bus interface is implemented by the /org/freedesktop/PolicyKit1/Authority object on the well-known name org.freedesktop.PolicyKit1 on the system message bus. +

+
+
+

Enumerations

+
+

The CheckAuthorizationFlags Flags

+

+

+
+{
+  None                 = 0x00000000,
+  AllowUserInteraction = 0x00000001
+}
+
+

+

+

+Flags used in the CheckAuthorization() method. +

+

+

+
++ + + + + + + + + + +

None

+No flags set. +

AllowUserInteraction

+If the Subject can obtain the authorization through authentication, and an authentication agent is available, then attempt to do so. Note, this means that the CheckAuthorization() method will block while the user is being asked to authenticate. +

+

+

+
+
+
+

The ImplicitAuthorization Enumeration

+

+

+
+{
+  NotAuthorized                               = 0,
+  AuthenticationRequired                      = 1,
+  AdministratorAuthenticationRequired         = 2,
+  AuthenticationRequiredRetained              = 3,
+  AdministratorAuthenticationRequiredRetained = 4,
+  Authorized                                  = 5
+}
+
+

+

+

+An enumeration for granting implicit authorizations. +

+

+

+
++ + + + + + + + + + + + + + + + + + + + + + + + + + +

NotAuthorized

+The Subject is not authorized. +

AuthenticationRequired

+Authentication is required. +

AdministratorAuthenticationRequired

+Authentication as an administrator is required. +

AuthenticationRequiredRetained

+Authentication is required. If the authorization is obtained, it is retained. +

AdministratorAuthenticationRequiredRetained

+Authentication as an administrator is required. If the authorization is obtained, it is retained. +

Authorized

+The subject is authorized. +

+

+

+
+
+
+

The org.freedesktop.PolicyKit1.Error.* Error Domain

+

+

+
+{
+  org.freedesktop.PolicyKit1.Error.Failed,
+  org.freedesktop.PolicyKit1.Error.Cancelled,
+  org.freedesktop.PolicyKit1.Error.NotSupported,
+  org.freedesktop.PolicyKit1.Error.NotAuthorized,
+  org.freedesktop.PolicyKit1.Error.CancellationIdNotUnique
+}
+
+

+

+

+Errors that can be returned by various method calls. +

+

+

+
++ + + + + + + + + + + + + + + + + + + + + + +

org.freedesktop.PolicyKit1.Error.Failed

+The operation failed. +

org.freedesktop.PolicyKit1.Error.Cancelled

+The operation was cancelled. +

org.freedesktop.PolicyKit1.Error.NotSupported

+The operation is not supported. +

org.freedesktop.PolicyKit1.Error.NotAuthorized

+You are not authorized to perform the requested operation. +

org.freedesktop.PolicyKit1.Error.CancellationIdNotUnique

+The passed cancellation_id is already in use. +

+

+

+
+
+
+

The AuthorityFeatures Flags

+

+

+
+{
+  None                   = 0x00000000,
+  TemporaryAuthorization = 0x00000001
+}
+
+

+

+

+Flags describing features supported by the Authority implementation. +

+

+

+
++ + + + + + + + + + +

None

+No flags set. +

TemporaryAuthorization

+The authority supports temporary authorizations that can be obtained through authentication. +

+

+

+
+
+
+

Structures

+
+

The Subject Structure

+

+

+
+{
+  String               subject_kind,
+  Dict<String,Variant> subject_details
+}
+
+

+

+

+

+

This struct describes subjects such as UNIX processes. It is typically used to check if a given process is authorized for an action.

+

The following kinds of subjects are known:

+

+

Unix Process. subject_kind should be set to unix-process with keys pid (of type uint32) and start-time (of type uint64).

+

+

Unix Session. subject_kind should be set to unix-session with the key session-id (of type string).

+

+

System Bus Name. subject_kind should be set to system-bus-name with the key name (of type string).

+

+

+

+

+
++ + + + + + + + + + +

String subject_kind

+The type of the subject. +

Dict<String,Variant> subject_details

+Details about the subject. Depending of the value of subject_kind, a set of well-defined key/value pairs are guaranteed to be available. +

+

+

+
+
+
+

The Identity Structure

+

+

+
+{
+  String               identity_kind,
+  Dict<String,Variant> identity_details
+}
+
+

+

+

+

+

This struct describes identities such as UNIX users and UNIX groups. It is typically used to check if a given process is authorized for an action.

+

The following kinds of identities are known:

+

+

Unix User. identity_kind should be set to unix-user with key uid (of type uint32).

+

+

Unix Group. identity_kind should be set to unix-group with key gid (of type uint32).

+

+

+

+

+
++ + + + + + + + + + +

String identity_kind

+Type of identity. +

Dict<String,Variant> identity_details

+Details about the identity. Depending of the value of identity_kind, a set of well-defined key/value pairs are guaranteed to be available. +

+

+

+
+
+
+

The ActionDescription Structure

+

+

+
+{
+  String                action_id,
+  String                description,
+  String                message,
+  String                vendor_name,
+  String                vendor_url,
+  String                icon_name,
+  ImplicitAuthorization implicit_any,
+  ImplicitAuthorization implicit_inactive,
+  ImplicitAuthorization implicit_active,
+  Dict<String,String>   annotations
+}
+
+

+

+

+This struct describes actions registered with the PolicyKit daemon. +

+

+

+
++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

String action_id

+Action Identifier. +

String description

+Localized description of the action. +

String message

+Localized message to be displayed when making the user authenticate for an action. +

String vendor_name

+Name of the provider of the action or the empty string. +

String vendor_url

+A URL pointing to a place with more information about the action or the empty string. +

String icon_name

+The themed icon describing the action or the empty string if no icon is set. +

ImplicitAuthorization implicit_any

+A value from the ImplicitAuthorization. enumeration for implicit authorizations that apply to any Subject. +

ImplicitAuthorization implicit_inactive

+A value from the ImplicitAuthorization. enumeration for implicit authorizations that apply any Subject in an inactive user session on the local console. +

ImplicitAuthorization implicit_active

+A value from the ImplicitAuthorization. enumeration for implicit authorizations that apply any Subject in an active user session on the local console. +

Dict<String,String> annotations

+Annotations for the action. +

+

+

+
+
+
+

The AuthorizationResult Structure

+

+

+
+{
+  Boolean             is_authorized,
+  Boolean             is_challenge,
+  Dict<String,String> details
+}
+
+

+

+

+Describes the result of calling CheckAuthorization(). +

+

+

+
++ + + + + + + + + + + + + + +

Boolean is_authorized

+TRUE if the given Subject is authorized for the given action. +

Boolean is_challenge

+TRUE if the given Subject could be authorized if more information was provided, and CheckAuthorizationFlags.AllowUserInteraction wasn't passed or no suitable authentication agent was available. +

Dict<String,String> details

+Details for the result. Known key/value-pairs include polkit.temporary_authorization_id (if the authorization is temporary, this is set to the opaque temporary authorization id), polkit.retains_authorization_after_challenge (Set to a non-empty string if the authorization will be retained after authentication (if is_challenge is TRUE)), polkit.dismissed (Set to a non-empty string if the authentication dialog was dismissed by the user). +

+

+

+
+
+
+

The TemporaryAuthorization Structure

+

+

+
+{
+  String  id,
+  String  action_id,
+  Subject subject,
+  UInt64  time_obtained,
+  UInt64  time_expires
+}
+
+

+

+

+This struct describes a temporary authorization. +

+

+

+
++ + + + + + + + + + + + + + + + + + + + + + +

String id

+An opaque identifier for the temporary authorization. +

String action_id

+The action the temporary authorization is for. +

Subject subject

+The subject the temporary authorization is for. +

UInt64 time_obtained

+When the temporary authorization was obtained, in seconds since the Epoch Jan 1, 1970 0:00 UTC. +Note that the PolicyKit daemon is using monotonic time internally so the returned value may change if system time changes. +

UInt64 time_expires

+When the temporary authorization is set to expire, in seconds since the Epoch Jan 1, 1970 0:00 UTC. +Note that the PolicyKit daemon is using monotonic time internally so the returned value may change if system time changes. +

+

+

+
+
+
+

Method Details

+
+

EnumerateActions ()

+
+EnumerateActions (IN  String                    locale,
+                  OUT Array<ActionDescription>  action_descriptions)
+
+

+Enumerates all registered PolicyKit actions. +

+
++ + + + + + + + + + +

IN String locale:

+The locale to get descriptions in or the blank string to use the system locale. +

OUT Array<ActionDescription> action_descriptions:

+An array of ActionDescription structs. +

+
+
+
+

CheckAuthorization ()

+
+CheckAuthorization (IN  Subject                  subject,
+                    IN  String                   action_id,
+                    IN  Dict<String,String>      details,
+                    IN  CheckAuthorizationFlags  flags,
+                    IN  String                   cancellation_id,
+                    OUT AuthorizationResult      result)
+
+

+

+

+ Checks if subject is authorized to + perform the action with identifier + action_id +

+

+

+

+ If cancellation_id is non-empty and + already in use for the caller, the org.freedesktop.PolicyKit1.Error.CancellationIdNotUnique + error is returned. +

+

+

+

+ Note that CheckAuthorizationFlags.AllowUserInteraction + SHOULD be passed ONLY if the event that triggered the + authorization check is stemming from an user action, e.g. the + user pressing a button or attaching a device. +

+

+

+

+

+

+

+
++ + + + + + + + + + + + + + + + + + + + + + + + + + +

IN Subject subject:

+A Subject struct. +

IN String action_id:

+Identifier for the action that subject is attempting to do. +

IN Dict<String,String> details:

 +

+Details describing the action. Keys starting with polkit. are can only be set if defined in this document. +

+

+ Known keys include polkit.message and + polkit.gettext_domain that can be used to + override the message shown to the user. This latter is needed + because the user could be running an authentication agent in + another locale than the calling process. +

+

+ The (translated version of) polkit.message + may include references to other keys that are expanded with + their respective values. For example if the key + device_file has the value + /dev/sda then the message + "Authenticate to format $(device_file)" is + expanded to "Authenticate to format + /dev/sda". +

+

+ The key polkit.icon_name is used to override the icon shown in the authentication dialog. +

+

+ If non-empty, then the request will fail with + org.freedesktop.PolicyKit1.Error.Failed + unless the process doing the check itsef is sufficiently authorized (e.g. running as uid 0). +

+

IN CheckAuthorizationFlags flags:

+A set of CheckAuthorizationFlags. +

IN String cancellation_id:

+A unique id used to cancel the the authentication check via CancelCheckAuthorization() or the empty string if cancellation is not needed. +

OUT AuthorizationResult result:

+An AuthorizationResult structure. +

+
+
+
+

CancelCheckAuthorization ()

+
+CancelCheckAuthorization (IN  String  cancellation_id)
+
+

+Cancels an authorization check. +

+
++ + + + +

IN String cancellation_id:

+The cancellation_id passed to CheckAuthorization(). +

+
+
+
+

RegisterAuthenticationAgent ()

+
+RegisterAuthenticationAgent (IN  Subject  subject,
+                             IN  String   locale,
+                             IN  String   object_path)
+
+

+

+

Register an authentication agent.

+

Note that current versions of PolicyKit will only work if session_id is set to the empty string. In the future it might work for non-empty strings if the caller is sufficiently privileged.

+

+

+
++ + + + + + + + + + + + + + +

IN Subject subject:

+The subject to register the authentication agent for, typically a session subject. +

IN String locale:

+The locale of the authentication agent. +

IN String object_path:

+The object path of authentication agent object on the unique name of the caller. +

+
+
+
+

RegisterAuthenticationAgentWithOptions ()

+
+RegisterAuthenticationAgentWithOptions (IN  Subject  subject,
+                                        IN  String                   locale,
+                                        IN  String                   object_path,
+                                        IN  Dict<String,Variant>     options)
+
+

+

+

Like RegisterAuthenticationAgent but takes additional options. If the option fallback (of type Boolean) is TRUE, then the authentcation agent will only be used as a fallback, e.g. if another agent (without the fallback option set TRUE) is available, it will be used instead.

+

+

+
+
+
+

UnregisterAuthenticationAgent ()

+
+UnregisterAuthenticationAgent (IN  Subject  subject,
+                               IN  String   object_path)
+
+

+Unregister an authentication agent. +

+
++ + + + + + + + + + +

IN Subject subject:

+The subject passed to RegisterAuthenticationAgent(). +

IN String object_path:

+The object_path passed to RegisterAuthenticationAgent(). +

+
+
+
+

AuthenticationAgentResponse ()

+
+AuthenticationAgentResponse (IN  String    cookie,
+                             IN  Identity  identity)
+
+

+Method for authentication agents to invoke on successful authentication. This method will fail unless a sufficiently privileged caller invokes it. +

+
++ + + + + + + + + + +

IN String cookie:

+The cookie identifying the authentication request that was passed to the authentication agent. +

IN Identity identity:

+A Identity struct describing what identity was authenticated. +

+
+
+
+

EnumerateTemporaryAuthorizations ()

+
+EnumerateTemporaryAuthorizations (IN  Subject                        subject,
+                                  OUT Array<TemporaryAuthorization>  temporary_authorizations)
+
+

+Retrieves all temporary authorizations that applies to subject. +

+
++ + + + + + + + + + +

IN Subject subject:

+The subject to get temporary authorizations for. +

OUT Array<TemporaryAuthorization> temporary_authorizations:

+An array of TemporaryAuthorization structs. +

+
+
+
+

RevokeTemporaryAuthorizations ()

+
+RevokeTemporaryAuthorizations (IN  Subject  subject)
+
+

+Revokes all temporary authorizations that applies to subject. +

+
++ + + + +

IN Subject subject:

+The subject to revoke temporary authorizations from. +

+
+
+
+

RevokeTemporaryAuthorizationById ()

+
+RevokeTemporaryAuthorizationById (IN  String  id)
+
+

+Revokes all temporary authorizations that applies to subject. +

+
++ + + + +

IN String id:

+The opaque identifier of the temporary authorization. +

+
+
+
+

Signal Details

+
+

The "Changed" signal

+
+Changed ()
+
+

+This signal is emitted when actions and/or authorizations change +

+
++ +
+
+
+
+

Property Details

+
+

The "BackendName" property

+
+BackendName     readable     String
+
+

+The name of the currently used Authority backend. +

+
+
+
+

The "BackendVersion" property

+
+BackendVersion     readable     String
+
+

+The version of the currently used Authority backend. +

+
+
+
+

The "BackendFeatures" property

+
+BackendFeatures     readable     AuthorityFeatures
+
+

+The features supported by the currently used Authority backend. +

+
+
+
+
+
+ Generated by GTK-Doc V1.18
+ + \ No newline at end of file diff --git a/docs/polkit/html/home.png b/docs/polkit/html/home.png new file mode 100644 index 00000000..17003611 Binary files /dev/null and b/docs/polkit/html/home.png differ diff --git a/docs/polkit/html/index.html b/docs/polkit/html/index.html new file mode 100644 index 00000000..f7c30cf3 --- /dev/null +++ b/docs/polkit/html/index.html @@ -0,0 +1,153 @@ + + + + +polkit Reference Manual + + + + + + + +
+
+
+
+

+ For version 0.105 + — the latest version of this + documentation can be found at http://www.freedesktop.org/software/polkit/docs/latest/. +

+
+
+
+
+
I. polkit Overview
+
+
Introduction
+
Writing polkit applications
+
Writing polkit Authentication Agents
+
Extending polkit
+
+
II. D-Bus API Reference
+
+
+org.freedesktop.PolicyKit1.Authority Interface — Authority Interface +
+
+org.freedesktop.PolicyKit1.AuthenticationAgent Interface — Authentication Agent Interface +
+
+
III. Client API Reference
+
+
+PolkitAuthority — Authority +
+
+PolkitAuthorizationResult — Result for checking an authorization +
+
+PolkitDetails — Object used for passing details +
+
+PolkitError — Error codes +
+
+PolkitActionDescription — Description of Actions +
+
+PolkitTemporaryAuthorization — Temporary Authorizations +
+
+PolkitPermission — PolicyKit GPermission implementation +
+
Subjects
+
+
+PolkitSubject — Type for representing subjects +
+
+PolkitUnixProcess — Unix processs +
+
+PolkitUnixSession — Unix sessions +
+
+PolkitSystemBusName — Unique system bus names +
+
+
Identities
+
+
+PolkitIdentity — Type for representing identities +
+
+PolkitUnixUser — Unix users +
+
+PolkitUnixGroup — Unix groups +
+
+PolkitUnixNetgroup — Unix netgroups +
+
+
+
IV. Backend API Reference
+
+
+PolkitBackendAuthority — Abstract base class for authority backends +
+
+PolkitBackendInteractiveAuthority — Interactive Authority +
+
+PolkitBackendLocalAuthority — Local Authority +
+
+
V. Authentication Agent API Reference
+
+
+PolkitAgentListener — Abstract base class for Authentication Agents +
+
+PolkitAgentTextListener — Text-based Authentication Agent +
+
+PolkitAgentSession — Authentication Session +
+
+
VI. Manual Pages
+
+
+polkit — Authorization Framework +
+
+polkitd — PolicyKit daemon +
+
+pkcheck — Check whether a process is authorized +
+
+pkaction — Get details about a registered action +
+
+pkexec — Execute a command as another user +
+
+pklocalauthority — PolicyKit Local Authority +
+
+pkttyagent — Textual authentication helper +
+
+
Object Hierarchy
+
Index
+
A. License
+
+
+
+
+ Generated by GTK-Doc V1.18
+ + \ No newline at end of file diff --git a/docs/polkit/html/index.sgml b/docs/polkit/html/index.sgml new file mode 100644 index 00000000..03c15362 --- /dev/null +++ b/docs/polkit/html/index.sgml @@ -0,0 +1,474 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/polkit/html/left.png b/docs/polkit/html/left.png new file mode 100644 index 00000000..2d05b3d5 Binary files /dev/null and b/docs/polkit/html/left.png differ diff --git a/docs/polkit/html/license.html b/docs/polkit/html/license.html new file mode 100644 index 00000000..1d6468db --- /dev/null +++ b/docs/polkit/html/license.html @@ -0,0 +1,516 @@ + + + + +Appendix A. License + + + + + + + + + + + + + + + +
+

+Appendix A. License

+

+

+
                  GNU LIBRARY GENERAL PUBLIC LICENSE
+                       Version 2, June 1991
+
+ Copyright (C) 1991 Free Software Foundation, Inc.
+                    59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+[This is the first released version of the library GPL.  It is
+ numbered 2 because it goes with version 2 of the ordinary GPL.]
+
+                            Preamble
+
+  The licenses for most software are designed to take away your
+freedom to share and change it.  By contrast, the GNU General Public
+Licenses are intended to guarantee your freedom to share and change
+free software--to make sure the software is free for all its users.
+
+  This license, the Library General Public License, applies to some
+specially designated Free Software Foundation software, and to any
+other libraries whose authors decide to use it.  You can use it for
+your libraries, too.
+
+  When we speak of free software, we are referring to freedom, not
+price.  Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+this service if you wish), that you receive source code or can get it
+if you want it, that you can change the software or use pieces of it
+in new free programs; and that you know you can do these things.
+
+  To protect your rights, we need to make restrictions that forbid
+anyone to deny you these rights or to ask you to surrender the rights.
+These restrictions translate to certain responsibilities for you if
+you distribute copies of the library, or if you modify it.
+
+  For example, if you distribute copies of the library, whether gratis
+or for a fee, you must give the recipients all the rights that we gave
+you.  You must make sure that they, too, receive or can get the source
+code.  If you link a program with the library, you must provide
+complete object files to the recipients so that they can relink them
+with the library, after making changes to the library and recompiling
+it.  And you must show them these terms so they know their rights.
+
+  Our method of protecting your rights has two steps: (1) copyright
+the library, and (2) offer you this license which gives you legal
+permission to copy, distribute and/or modify the library.
+
+  Also, for each distributor's protection, we want to make certain
+that everyone understands that there is no warranty for this free
+library.  If the library is modified by someone else and passed on, we
+want its recipients to know that what they have is not the original
+version, so that any problems introduced by others will not reflect on
+the original authors' reputations.
+
+  Finally, any free program is threatened constantly by software
+patents.  We wish to avoid the danger that companies distributing free
+software will individually obtain patent licenses, thus in effect
+transforming the program into proprietary software.  To prevent this,
+we have made it clear that any patent must be licensed for everyone's
+free use or not licensed at all.
+
+  Most GNU software, including some libraries, is covered by the ordinary
+GNU General Public License, which was designed for utility programs.  This
+license, the GNU Library General Public License, applies to certain
+designated libraries.  This license is quite different from the ordinary
+one; be sure to read it in full, and don't assume that anything in it is
+the same as in the ordinary license.
+
+  The reason we have a separate public license for some libraries is that
+they blur the distinction we usually make between modifying or adding to a
+program and simply using it.  Linking a program with a library, without
+changing the library, is in some sense simply using the library, and is
+analogous to running a utility program or application program.  However, in
+a textual and legal sense, the linked executable is a combined work, a
+derivative of the original library, and the ordinary General Public License
+treats it as such.
+
+  Because of this blurred distinction, using the ordinary General
+Public License for libraries did not effectively promote software
+sharing, because most developers did not use the libraries.  We
+concluded that weaker conditions might promote sharing better.
+
+  However, unrestricted linking of non-free programs would deprive the
+users of those programs of all benefit from the free status of the
+libraries themselves.  This Library General Public License is intended to
+permit developers of non-free programs to use free libraries, while
+preserving your freedom as a user of such programs to change the free
+libraries that are incorporated in them.  (We have not seen how to achieve
+this as regards changes in header files, but we have achieved it as regards
+changes in the actual functions of the Library.)  The hope is that this
+will lead to faster development of free libraries.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.  Pay close attention to the difference between a
+"work based on the library" and a "work that uses the library".  The
+former contains code derived from the library, while the latter only
+works together with the library.
+
+  Note that it is possible for a library to be covered by the ordinary
+General Public License rather than by this special one.
+
+                  GNU LIBRARY GENERAL PUBLIC LICENSE
+   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+  0. This License Agreement applies to any software library which
+contains a notice placed by the copyright holder or other authorized
+party saying it may be distributed under the terms of this Library
+General Public License (also called "this License").  Each licensee is
+addressed as "you".
+
+  A "library" means a collection of software functions and/or data
+prepared so as to be conveniently linked with application programs
+(which use some of those functions and data) to form executables.
+
+  The "Library", below, refers to any such software library or work
+which has been distributed under these terms.  A "work based on the
+Library" means either the Library or any derivative work under
+copyright law: that is to say, a work containing the Library or a
+portion of it, either verbatim or with modifications and/or translated
+straightforwardly into another language.  (Hereinafter, translation is
+included without limitation in the term "modification".)
+
+  "Source code" for a work means the preferred form of the work for
+making modifications to it.  For a library, complete source code means
+all the source code for all modules it contains, plus any associated
+interface definition files, plus the scripts used to control compilation
+and installation of the library.
+
+  Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope.  The act of
+running a program using the Library is not restricted, and output from
+such a program is covered only if its contents constitute a work based
+on the Library (independent of the use of the Library in a tool for
+writing it).  Whether that is true depends on what the Library does
+and what the program that uses the Library does.
+
+  1. You may copy and distribute verbatim copies of the Library's
+complete source code as you receive it, in any medium, provided that
+you conspicuously and appropriately publish on each copy an
+appropriate copyright notice and disclaimer of warranty; keep intact
+all the notices that refer to this License and to the absence of any
+warranty; and distribute a copy of this License along with the
+Library.
+
+  You may charge a fee for the physical act of transferring a copy,
+and you may at your option offer warranty protection in exchange for a
+fee.
+
+  2. You may modify your copy or copies of the Library or any portion
+of it, thus forming a work based on the Library, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+    a) The modified work must itself be a software library.
+
+    b) You must cause the files modified to carry prominent notices
+    stating that you changed the files and the date of any change.
+
+    c) You must cause the whole of the work to be licensed at no
+    charge to all third parties under the terms of this License.
+
+    d) If a facility in the modified Library refers to a function or a
+    table of data to be supplied by an application program that uses
+    the facility, other than as an argument passed when the facility
+    is invoked, then you must make a good faith effort to ensure that,
+    in the event an application does not supply such function or
+    table, the facility still operates, and performs whatever part of
+    its purpose remains meaningful.
+
+    (For example, a function in a library to compute square roots has
+    a purpose that is entirely well-defined independent of the
+    application.  Therefore, Subsection 2d requires that any
+    application-supplied function or table used by this function must
+    be optional: if the application does not supply it, the square
+    root function must still compute square roots.)
+
+These requirements apply to the modified work as a whole.  If
+identifiable sections of that work are not derived from the Library,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works.  But when you
+distribute the same sections as part of a whole which is a work based
+on the Library, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote
+it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Library.
+
+In addition, mere aggregation of another work not based on the Library
+with the Library (or with a work based on the Library) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+  3. You may opt to apply the terms of the ordinary GNU General Public
+License instead of this License to a given copy of the Library.  To do
+this, you must alter all the notices that refer to this License, so
+that they refer to the ordinary GNU General Public License, version 2,
+instead of to this License.  (If a newer version than version 2 of the
+ordinary GNU General Public License has appeared, then you can specify
+that version instead if you wish.)  Do not make any other change in
+these notices.
+
+  Once this change is made in a given copy, it is irreversible for
+that copy, so the ordinary GNU General Public License applies to all
+subsequent copies and derivative works made from that copy.
+
+  This option is useful when you wish to copy part of the code of
+the Library into a program that is not a library.
+
+  4. You may copy and distribute the Library (or a portion or
+derivative of it, under Section 2) in object code or executable form
+under the terms of Sections 1 and 2 above provided that you accompany
+it with the complete corresponding machine-readable source code, which
+must be distributed under the terms of Sections 1 and 2 above on a
+medium customarily used for software interchange.
+
+  If distribution of object code is made by offering access to copy
+from a designated place, then offering equivalent access to copy the
+source code from the same place satisfies the requirement to
+distribute the source code, even though third parties are not
+compelled to copy the source along with the object code.
+
+  5. A program that contains no derivative of any portion of the
+Library, but is designed to work with the Library by being compiled or
+linked with it, is called a "work that uses the Library".  Such a
+work, in isolation, is not a derivative work of the Library, and
+therefore falls outside the scope of this License.
+
+  However, linking a "work that uses the Library" with the Library
+creates an executable that is a derivative of the Library (because it
+contains portions of the Library), rather than a "work that uses the
+library".  The executable is therefore covered by this License.
+Section 6 states terms for distribution of such executables.
+
+  When a "work that uses the Library" uses material from a header file
+that is part of the Library, the object code for the work may be a
+derivative work of the Library even though the source code is not.
+Whether this is true is especially significant if the work can be
+linked without the Library, or if the work is itself a library.  The
+threshold for this to be true is not precisely defined by law.
+
+  If such an object file uses only numerical parameters, data
+structure layouts and accessors, and small macros and small inline
+functions (ten lines or less in length), then the use of the object
+file is unrestricted, regardless of whether it is legally a derivative
+work.  (Executables containing this object code plus portions of the
+Library will still fall under Section 6.)
+
+  Otherwise, if the work is a derivative of the Library, you may
+distribute the object code for the work under the terms of Section 6.
+Any executables containing that work also fall under Section 6,
+whether or not they are linked directly with the Library itself.
+
+  6. As an exception to the Sections above, you may also compile or
+link a "work that uses the Library" with the Library to produce a
+work containing portions of the Library, and distribute that work
+under terms of your choice, provided that the terms permit
+modification of the work for the customer's own use and reverse
+engineering for debugging such modifications.
+
+  You must give prominent notice with each copy of the work that the
+Library is used in it and that the Library and its use are covered by
+this License.  You must supply a copy of this License.  If the work
+during execution displays copyright notices, you must include the
+copyright notice for the Library among them, as well as a reference
+directing the user to the copy of this License.  Also, you must do one
+of these things:
+
+    a) Accompany the work with the complete corresponding
+    machine-readable source code for the Library including whatever
+    changes were used in the work (which must be distributed under
+    Sections 1 and 2 above); and, if the work is an executable linked
+    with the Library, with the complete machine-readable "work that
+    uses the Library", as object code and/or source code, so that the
+    user can modify the Library and then relink to produce a modified
+    executable containing the modified Library.  (It is understood
+    that the user who changes the contents of definitions files in the
+    Library will not necessarily be able to recompile the application
+    to use the modified definitions.)
+
+    b) Accompany the work with a written offer, valid for at
+    least three years, to give the same user the materials
+    specified in Subsection 6a, above, for a charge no more
+    than the cost of performing this distribution.
+
+    c) If distribution of the work is made by offering access to copy
+    from a designated place, offer equivalent access to copy the above
+    specified materials from the same place.
+
+    d) Verify that the user has already received a copy of these
+    materials or that you have already sent this user a copy.
+
+  For an executable, the required form of the "work that uses the
+Library" must include any data and utility programs needed for
+reproducing the executable from it.  However, as a special exception,
+the source code distributed need not include anything that is normally
+distributed (in either source or binary form) with the major
+components (compiler, kernel, and so on) of the operating system on
+which the executable runs, unless that component itself accompanies
+the executable.
+
+  It may happen that this requirement contradicts the license
+restrictions of other proprietary libraries that do not normally
+accompany the operating system.  Such a contradiction means you cannot
+use both them and the Library together in an executable that you
+distribute.
+
+  7. You may place library facilities that are a work based on the
+Library side-by-side in a single library together with other library
+facilities not covered by this License, and distribute such a combined
+library, provided that the separate distribution of the work based on
+the Library and of the other library facilities is otherwise
+permitted, and provided that you do these two things:
+
+    a) Accompany the combined library with a copy of the same work
+    based on the Library, uncombined with any other library
+    facilities.  This must be distributed under the terms of the
+    Sections above.
+
+    b) Give prominent notice with the combined library of the fact
+    that part of it is a work based on the Library, and explaining
+    where to find the accompanying uncombined form of the same work.
+
+  8. You may not copy, modify, sublicense, link with, or distribute
+the Library except as expressly provided under this License.  Any
+attempt otherwise to copy, modify, sublicense, link with, or
+distribute the Library is void, and will automatically terminate your
+rights under this License.  However, parties who have received copies,
+or rights, from you under this License will not have their licenses
+terminated so long as such parties remain in full compliance.
+
+  9. You are not required to accept this License, since you have not
+signed it.  However, nothing else grants you permission to modify or
+distribute the Library or its derivative works.  These actions are
+prohibited by law if you do not accept this License.  Therefore, by
+modifying or distributing the Library (or any work based on the
+Library), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Library or works based on it.
+
+  10. Each time you redistribute the Library (or any work based on the
+Library), the recipient automatically receives a license from the
+original licensor to copy, distribute, link with or modify the Library
+subject to these terms and conditions.  You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties to
+this License.
+
+  11. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Library at all.  For example, if a patent
+license would not permit royalty-free redistribution of the Library by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Library.
+
+If any portion of this section is held invalid or unenforceable under any
+particular circumstance, the balance of the section is intended to apply,
+and the section as a whole is intended to apply in other circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system which is
+implemented by public license practices.  Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+
+  12. If the distribution and/or use of the Library is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Library under this License may add
+an explicit geographical distribution limitation excluding those countries,
+so that distribution is permitted only in or among countries not thus
+excluded.  In such case, this License incorporates the limitation as if
+written in the body of this License.
+
+  13. The Free Software Foundation may publish revised and/or new
+versions of the Library General Public License from time to time.
+Such new versions will be similar in spirit to the present version,
+but may differ in detail to address new problems or concerns.
+
+Each version is given a distinguishing version number.  If the Library
+specifies a version number of this License which applies to it and
+"any later version", you have the option of following the terms and
+conditions either of that version or of any later version published by
+the Free Software Foundation.  If the Library does not specify a
+license version number, you may choose any version ever published by
+the Free Software Foundation.
+
+  14. If you wish to incorporate parts of the Library into other free
+programs whose distribution conditions are incompatible with these,
+write to the author to ask for permission.  For software which is
+copyrighted by the Free Software Foundation, write to the Free
+Software Foundation; we sometimes make exceptions for this.  Our
+decision will be guided by the two goals of preserving the free status
+of all derivatives of our free software and of promoting the sharing
+and reuse of software generally.
+
+                            NO WARRANTY
+
+  15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO
+WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW.
+EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR
+OTHER PARTIES PROVIDE THE LIBRARY "AS IS" WITHOUT WARRANTY OF ANY
+KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+PURPOSE.  THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE
+LIBRARY IS WITH YOU.  SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME
+THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
+
+  16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN
+WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY
+AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU
+FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR
+CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE
+LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING
+RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A
+FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF
+SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH
+DAMAGES.
+
+                     END OF TERMS AND CONDITIONS
+
+           How to Apply These Terms to Your New Libraries
+
+  If you develop a new library, and you want it to be of the greatest
+possible use to the public, we recommend making it free software that
+everyone can redistribute and change.  You can do so by permitting
+redistribution under these terms (or, alternatively, under the terms of the
+ordinary General Public License).
+
+  To apply these terms, attach the following notices to the library.  It is
+safest to attach them to the start of each source file to most effectively
+convey the exclusion of warranty; and each file should have at least the
+"copyright" line and a pointer to where the full notice is found.
+
+    <one line to give the library's name and a brief idea of what it does.>
+    Copyright (C) <year>  <name of author>
+
+    This library is free software; you can redistribute it and/or
+    modify it under the terms of the GNU Library General Public
+    License as published by the Free Software Foundation; either
+    version 2 of the License, or (at your option) any later version.
+
+    This library is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+    Library General Public License for more details.
+
+    You should have received a copy of the GNU Library General Public
+    License along with this library; if not, write to the
+    Free Software Foundation, Inc., 59 Temple Place - Suite 330,
+    Boston, MA  02111-1307  USA.
+
+Also add information on how to contact you by electronic and paper mail.
+
+You should also get your employer (if you work as a programmer) or your
+school, if any, to sign a "copyright disclaimer" for the library, if
+necessary.  Here is a sample; alter the names:
+
+  Yoyodyne, Inc., hereby disclaims all copyright interest in the
+  library `Frob' (a library for tweaking knobs) written by James Random Hacker.
+
+  <signature of Ty Coon>, 1 April 1990
+  Ty Coon, President of Vice
+
+That's all there is to it!
+
+

+

+
+
+
+ Generated by GTK-Doc V1.18
+ + \ No newline at end of file diff --git a/docs/polkit/html/manpages.html b/docs/polkit/html/manpages.html new file mode 100644 index 00000000..fb2c853f --- /dev/null +++ b/docs/polkit/html/manpages.html @@ -0,0 +1,56 @@ + + + + +Part VI. Manual Pages + + + + + + + + + + + + + + + + +
+

+Part VI. Manual Pages

+
+

Table of Contents

+
+
+polkit — Authorization Framework +
+
+polkitd — PolicyKit daemon +
+
+pkcheck — Check whether a process is authorized +
+
+pkaction — Get details about a registered action +
+
+pkexec — Execute a command as another user +
+
+pklocalauthority — PolicyKit Local Authority +
+
+pkttyagent — Textual authentication helper +
+
+
+
+
+
+ Generated by GTK-Doc V1.18
+ + \ No newline at end of file diff --git a/docs/polkit/html/overview.html b/docs/polkit/html/overview.html new file mode 100644 index 00000000..aaefd8c4 --- /dev/null +++ b/docs/polkit/html/overview.html @@ -0,0 +1,39 @@ + + + + +Part I. polkit Overview + + + + + + + + + + + + + + + + +
+

+Part I. polkit Overview

+
+

Table of Contents

+
+
Introduction
+
Writing polkit applications
+
Writing polkit Authentication Agents
+
Extending polkit
+
+
+
+
+
+ Generated by GTK-Doc V1.18
+ + \ No newline at end of file diff --git a/docs/polkit/html/pkaction.1.html b/docs/polkit/html/pkaction.1.html new file mode 100644 index 00000000..6ffaacc3 --- /dev/null +++ b/docs/polkit/html/pkaction.1.html @@ -0,0 +1,92 @@ + + + + +pkaction + + + + + + + + + + + + + + + + +
+
+
+ + +
+

pkaction

+

pkaction — Get details about a registered action

+
+
+

Synopsis

+

pkaction [--version] [--help]

+

pkaction [ + --verbose + ]

+

pkaction + --action-id + action + [ + --verbose + ]

+
+
+

DESCRIPTION

+

+ pkaction is used to obtain information about registered + PolicyKit actions. If called with --action-id then all + actions are displayed. Otherwise the action action. + If called without the --verbose option only the name + of the action is shown. Otherwise details about the actions are shown. +

+
+
+

RETURN VALUE

+

+ On success pkaction returns 0. Otherwise a + non-zero value is returned and a diagnostic message is printed + on standard error. +

+
+
+

AUTHOR

+

+ Written by David Zeuthen with + a lot of help from many others. +

+
+
+

BUGS

+

+ Please send bug reports to either the distribution or the + polkit-devel mailing list, + see the link http://lists.freedesktop.org/mailman/listinfo/polkit-devel + on how to subscribe. +

+
+
+

SEE ALSO

+

+ polkit(8), + pkcheck(1), + pkexec(1), + pkttyagent(1) +

+
+
+
+
+ Generated by GTK-Doc V1.18
+ + \ No newline at end of file diff --git a/docs/polkit/html/pkcheck.1.html b/docs/polkit/html/pkcheck.1.html new file mode 100644 index 00000000..6af8708d --- /dev/null +++ b/docs/polkit/html/pkcheck.1.html @@ -0,0 +1,185 @@ + + + + +pkcheck + + + + + + + + + + + + + + + + +
+
+
+ + +
+

pkcheck

+

pkcheck — Check whether a process is authorized

+
+
+

Synopsis

+

pkcheck [--version] [--help]

+

pkcheck [--list-temp]

+

pkcheck [--revoke-temp]

+

pkcheck + --action-id + action + { + --process + { + pid + | + pid,pid-start-time + } + | + --system-bus-name + busname + } [ + --allow-user-interaction + ] [ + --enable-internal-agent + ] [ + --detail + key + value + ...]

+
+
+

DESCRIPTION

+

+ pkcheck is used to check whether a process, specified by + either --process or --system-bus-name, + is authorized for action. The --detail + option can be used zero or more times to pass details about action. + If --allow-user-interaction is passed, pkcheck blocks + while waiting for authentication. +

+

+ The invocation pkcheck --list-temp will list + all temporary authorizations for the current session and + pkcheck --revoke-temp will revoke all + temporary authorizations for the current session. +

+

+ This command is a simple wrapper around the PolicyKit D-Bus interface; see the + D-Bus interface documentation for details. +

+
+
+

RETURN VALUE

+

+ If the specified process is + authorized, pkcheck exits with a return value + of 0. If the authorization result contains any details, these + are printed on standard output as key/value pairs using + environment style reporting, e.g. first the key followed by a an equal sign, then the + value followed by a newline. +

+
+KEY1=VALUE1
+KEY2=VALUE2
+KEY3=VALUE3
+...
+

+ Octects that are not in [a-zA-Z0-9_] are escaped using octal codes prefixed + with \. + For example, the UTF-8 string føl,你好 will be printed + as f\303\270l\54\344\275\240\345\245\275. +

+

+ If the specificied process is not + authorized, pkcheck exits with a return value + of 1 and a diagnostic message is printed on standard error. Details + are printed on standard output. +

+

+ If the specificied process is not + authorized because no suitable authentication agent is available or if the + --allow-user-interaction wasn't passed, pkcheck + exits with a return value of 2 and a diagnostic message is printed on standard error. + Details are printed on standard output. +

+

+ If the specificied process is not authorized because the + authentication dialog / request was dismissed by the user, + pkcheck exits with a return value of 3 and a + diagnostic message is printed on standard error. Details are + printed on standard output. +

+

+ If an error occured while checking for authorization, pkcheck exits + with a return value of 127 with a diagnostic message printed on standard error. +

+

+ If one or more of the options passed are malformed, pkcheck exits + with a return value of 126. If stdin is a tty, then this manual page is also shown. +

+
+
+

NOTES

+

+ Since process identifiers can be recycled, the caller should always use + pid,pid-start-time to specify the process + to check for authorization when using the --process option. + The value of pid-start-time + can be determined by consulting e.g. the + proc(5) + file system depending on the operating system. If only pid + is passed to the --process option, then pkcheck + will look up the start time itself but note that this may be racy. +

+
+
+

AUTHENTICATION AGENT

+

+ pkcheck, like any other PolicyKit + application, will use the authentication agent registered for + the process in question. However, if no authentication agent is + available, then pkcheck can register its own + textual authentication agent if the option + --enable-internal-agent is passed. +

+
+
+

AUTHOR

+

+ Written by David Zeuthen with + a lot of help from many others. +

+
+
+

BUGS

+

+ Please send bug reports to either the distribution or the + polkit-devel mailing list, + see the link http://lists.freedesktop.org/mailman/listinfo/polkit-devel + on how to subscribe. +

+
+
+

SEE ALSO

+

+ polkit(8), + pkaction(1), + pkexec(1), + pkttyagent(1) +

+
+
+
+
+ Generated by GTK-Doc V1.18
+ + \ No newline at end of file diff --git a/docs/polkit/html/pkexec-bash.html b/docs/polkit/html/pkexec-bash.html new file mode 100644 index 00000000..ab1cb724 --- /dev/null +++ b/docs/polkit/html/pkexec-bash.html @@ -0,0 +1,34 @@ + + + + +Long Description + + + + +
++----------------------------------------------------------+
+|                     Authenticate                     [X] |
++----------------------------------------------------------+
+|                                                          |
+|  [Icon]  Authentication is needed to run `/bin/bash'     |
+|          as the super user                               |
+|                                                          |
+|          An application is attempting to perform an      |
+|          action that requires privileges. Authentication |
+|          as the super user is required to perform this   |
+|          action.                                         |
+|                                                          |
+|          Password for root: [_________________________]  |
+|                                                          |
+| [V] Details:                                             |
+|  Command: /bin/bash                                      |
+|  Run As:  Super User (root)                              |
+|  Action:  org.freedesktop.policykit.exec                 |
+|  Vendor:  The PolicyKit Project                          |
+|                                                          |
+|                                  [Cancel] [Authenticate] |
++----------------------------------------------------------+
+
+ \ No newline at end of file diff --git a/docs/polkit/html/pkexec-bash.png b/docs/polkit/html/pkexec-bash.png new file mode 100644 index 00000000..b2d22087 Binary files /dev/null and b/docs/polkit/html/pkexec-bash.png differ diff --git a/docs/polkit/html/pkexec-frobnicate-da.html b/docs/polkit/html/pkexec-frobnicate-da.html new file mode 100644 index 00000000..a46d4081 --- /dev/null +++ b/docs/polkit/html/pkexec-frobnicate-da.html @@ -0,0 +1,32 @@ + + + + +Long Description + + + + +
++----------------------------------------------------------+
+|                     Autorisering                     [X] |
++----------------------------------------------------------+
+|                                                          |
+|  [Icon]  Autorisering er påkrævet for at afvikle         |
+|          PolicyKit eksemplet Frobnicate                  |
+|                                                          |
+|          Et program forsøger at udføre en handling der   |
+|          kræver privilegier. Autorisering er påkrævet.   |
+|                                                          |
+|          Kodeord: [___________________________________]  |
+|                                                          |
+| [V] Detaljer:                                            |
+|  Bruger:   Super User (root)                             |
+|  Program:  /usr/bin/pk-example-frobnicate                |
+|  Handling: org.fd.pk.example.pkexec.run-frobnicate       |
+|  Vendor:   Examples for the PolicyKit Project            |
+|                                                          |
+|                                [Annullér] [Autorisering] |
++----------------------------------------------------------+
+
+ \ No newline at end of file diff --git a/docs/polkit/html/pkexec-frobnicate-da.png b/docs/polkit/html/pkexec-frobnicate-da.png new file mode 100644 index 00000000..5c242d48 Binary files /dev/null and b/docs/polkit/html/pkexec-frobnicate-da.png differ diff --git a/docs/polkit/html/pkexec-frobnicate.html b/docs/polkit/html/pkexec-frobnicate.html new file mode 100644 index 00000000..4ffc7f69 --- /dev/null +++ b/docs/polkit/html/pkexec-frobnicate.html @@ -0,0 +1,33 @@ + + + + +Long Description + + + + +
++----------------------------------------------------------+
+|                     Authenticate                     [X] |
++----------------------------------------------------------+
+|                                                          |
+|  [Icon]  Authentication is required to run the PolicyKit |
+|          example program Frobnicate                      |
+|                                                          |
+|          An application is attempting to perform an      |
+|          action that requires privileges. Authentication |
+|          is required to perform this action.             |
+|                                                          |
+|          Password: [__________________________________]  |
+|                                                          |
+| [V] Details:                                             |
+|  Command: /usr/bin/pk-example-frobnicate                 |
+|  Run As:  Super User (root)                              |
+|  Action:  org.fd.pk.example.pkexec.run-frobnicate        |
+|  Vendor:  Examples for the PolicyKit Project             |
+|                                                          |
+|                                  [Cancel] [Authenticate] |
++----------------------------------------------------------+
+
+ \ No newline at end of file diff --git a/docs/polkit/html/pkexec-frobnicate.png b/docs/polkit/html/pkexec-frobnicate.png new file mode 100644 index 00000000..60050da3 Binary files /dev/null and b/docs/polkit/html/pkexec-frobnicate.png differ diff --git a/docs/polkit/html/pkexec.1.html b/docs/polkit/html/pkexec.1.html new file mode 100644 index 00000000..03d7ca8e --- /dev/null +++ b/docs/polkit/html/pkexec.1.html @@ -0,0 +1,227 @@ + + + + +pkexec + + + + + + + + + + + + + + + + +
+
+
+ + +
+

pkexec

+

pkexec — Execute a command as another user

+
+
+

Synopsis

+

pkexec [--version] [--disable-internal-agent] [--help]

+

pkexec [ + --user + username + ] PROGRAM [ ARGUMENTS ...]

+
+
+

DESCRIPTION

+

+ pkexec allows an authorized user to + execute PROGRAM as another + user. If username is not specified, + then the program will be executed as the administrative super + user, root. +

+
+
+

RETURN VALUE

+

+ Upon successful completion, the return value is the return value + of PROGRAM. If the calling process is + not authorized or an authorization could not be obtained through + authentication or an error occured, pkexec + exits with a return value of 127. If the authorization could not + be obtained because the user dismissed the authentication + dialog, pkexec exits with a return value of + 126. +

+
+
+

AUTHENTICATION AGENT

+

+ pkexec, like any other PolicyKit application, + will use the authentication agent registered for the calling + process. However, if no authentication agent is available, then + pkexec will register its own textual + authentication agent. This behavior can be turned off by passing + the --disable-internal-agent option. +

+
+
+

SECURITY NOTES

+

+ Executing a program as another user is a privileged + operation. By default the required authorization (See + the section called “REQUIRED AUTHORIZATIONS”) requires administrator + authentication. In addition, the authentication dialog presented + to the user will display the full path to the program to be + executed so the user is aware of what will happen: +

+
+
+
[D] +
+
+

+ The environment that PROGRAM will run + it, will be set to a minimal known and safe environment in order + to avoid injecting code + through LD_LIBRARY_PATH or similar + mechanisms. In addition the PKEXEC_UID + environment variable is set to the user id of the process + invoking pkexec. As a + result, pkexec will not allow you to run + X11 applications as another user since + the $DISPLAY and $XAUTHORITY + environment variables are not set. These two variables will be retained + if the org.freedesktop.policykit.exec.allow_gui annotation + on an action is set to a nonempty value; this is discouraged, though, and + should only be used for legacy programs. +

+
+
+

REQUIRED AUTHORIZATIONS

+

+ By default, + the org.freedesktop.policykit.exec + authorization is required unless an action definition file is + present for the program in question. To require another + authorization, it can be specified using the org.freedesktop.policykit.exec.path annotation on an action (See the section called “EXAMPLE” for details). +

+
+
+

EXAMPLE

+

+ To specify what kind of authorization is needed to execute the + program /usr/bin/pk-example-frobnicate as + another user, simply write an action definition file like this +

+
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE policyconfig PUBLIC
+ "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
+<policyconfig>
+
+  <vendor>Examples for the PolicyKit Project</vendor>
+  <vendor_url>http://hal.freedesktop.org/docs/PolicyKit/</vendor_url>
+
+  <action id="org.freedesktop.policykit.example.pkexec.run-frobnicate">
+    <description>Run the PolicyKit example program Frobnicate</description>
+    <description xml:lang="da">Kør PolicyKit eksemplet Frobnicate</description>
+    <message>Authentication is required to run the PolicyKit example program Frobnicate (user=$(user), program=$(program), command_line=$(command_line))</message>
+    <message xml:lang="da">Autorisering er påkrævet for at afvikle PolicyKit eksemplet Frobnicate (user=$(user), program=$(program), command_line=$(command_line))</message>
+    <icon_name>audio-x-generic</icon_name> 
+    <defaults>
+      <allow_any>no</allow_any>
+      <allow_inactive>no</allow_inactive>
+      <allow_active>auth_self_keep</allow_active>
+    </defaults>
+    <annotate key="org.freedesktop.policykit.exec.path">/usr/bin/pk-example-frobnicate</annotate>
+  </action>
+
+</policyconfig>
+

+ and drop it in the + /usr/share/polkit-1/actions directory under + a suitable name (e.g. matching the namespace of the action). + Note that in addition to specifying the program, the + authentication message, description, icon and defaults can be + specified. Note that occurences of the strings + $(user), $(program) and + $(command_line) in the message will be + replaced with respectively the user (of the form "Real Name + (username)" or just "username" if there is no real name for the + username), the binary to execute (a fully-qualified path, + e.g. "/usr/bin/pk-example-frobnicate") and + the command-line, e.g. "pk-example-frobnicate foo + bar". For example, for the action defined above, the + following authentication dialog will be shown: +

+
+
+
[D] +
+
+

+ If the user is using the da_DK locale, the + dialog looks like this: +

+
+
+
[D] +
+
+

+ Note that pkexec does no validation of + the ARGUMENTS passed + to PROGRAM. In the normal case (where + administrator authentication is required every + time pkexec is used), this is not a problem + since if the user is an administrator he might as well just + run pkexec bash to get root. +

+

+ However, if an action is used for which the user can retain + authorization (or if the user is implicitly authorized), such as + with pk-example-frobnicate above, this + could be a security hole. Therefore, as a rule of thumb, + programs for which the default required authorization is + changed, should never implicitly trust user input (e.g. like any + other well-written suid program). +

+
+
+

AUTHOR

+

+ Written by David Zeuthen with + a lot of help from many others. +

+
+
+

BUGS

+

+ Please send bug reports to either the distribution or the + polkit-devel mailing list, + see the link http://lists.freedesktop.org/mailman/listinfo/polkit-devel + on how to subscribe. +

+
+
+

SEE ALSO

+

+ polkit(8), + pkaction(1), + pkcheck(1), + pkttyagent(1) +

+
+
+
+
+ Generated by GTK-Doc V1.18
+ + \ No newline at end of file diff --git a/docs/polkit/html/pklocalauthority.8.html b/docs/polkit/html/pklocalauthority.8.html new file mode 100644 index 00000000..5ea67d5b --- /dev/null +++ b/docs/polkit/html/pklocalauthority.8.html @@ -0,0 +1,450 @@ + + + + +pklocalauthority + + + + + + + + + + + + + + + + +
+
+
+ + +
+

pklocalauthority

+

pklocalauthority — PolicyKit Local Authority

+
+
+

DESCRIPTION

+

+ The Local Authority is the default PolicyKit authority + implementation. Configuration for the Local Authority and + information pertaining to authorization decisions are read from + local files on the disk. One design goal of the Local Authority + is to split configuration items into separate files such that + 3rd party packages and users won't conflict trying to edit the + same files. This policy also ensures smooth upgrades when + distributing PolicyKit using a package management system. +

+

+ Files shipped with PolicyKit and 3rd party packages (e.g. under + package manager control) typically have comments (such + as DO NOT EDIT THIS FILE, it will be overwritten on + update) telling the system administrator that changes + will be overwritten on update. +

+
+
+

ADMINISTRATOR AUTHENTICATION

+

+ PolicyKit makes a distinction between user + authentication (to make the user in front of the + system prove he really is the user) and administrator + authentication (to make the user in front of the + system prove he really is an administrator). Since various + operating systems (or even flavors of the same operating system) + has different ways of defining "administrator", the Local + Authority provides a way to specify what "administrator + authentication" means. +

+

+ By default, "administrator authentication" is defined as asking + for the root password. Since some systems, for usability + reasons, don't have a root password and instead rely on a group + of users being member of an administrative group that gives them + super-user privileges, the Local Authority can be configured to + support this use-case as well. +

+

+ Configuration for the Local Authority is read from files in + the /etc/polkit-1/localauthority.conf.d + directory. All files are read in lexigraphical order (using the + C locale) meaning that later files can override earlier + ones. The file 50-localauthority.conf + contains the settings provided by the OS vendor. Users and 3rd + party packages can drop configuration files with a priority + higher than 60 to change the defaults. The configuration file + format is simple. Each configuration file is a key + file (also commonly known as a ini + file) with a single group + called [Configuration]. Only a single + key, AdminIdentities is read. The value of + this key is a semi-colon separated list of identities that can + be used when administrator authentication is required. Users are + specified by prefixing the user name with + unix-user:, groups of users are specified by + prefixing with unix-group:, and netgroups of + users are specified with unix-netgroup:. See + the section called “EXAMPLES” for an example of a + configuration file. +

+
+
+

DIRECTORY STRUCTURE

+

+ The Local Authority reads files with .pkla + extension from all directories located inside the + /etc/polkit-1/localauthority + and /var/lib/polkit-1/localauthority + directories. By default, the following sub-directories are installed. +

+
+/etc/polkit-1/
+`-- localauthority
+    |-- 10-vendor.d
+    |-- 20-org.d
+    |-- 30-site.d
+    |-- 50-local.d
+    `-- 90-mandatory.d
+
+

+ and +

+
+/var/lib/polkit-1/
+`-- localauthority
+    |-- 10-vendor.d
+    |-- 20-org.d
+    |-- 30-site.d
+    |-- 50-local.d
+    `-- 90-mandatory.d
+
+

+ The /etc/polkit-1/localauthority hierarchy + is inteded for local configuration and + the /var/lib/polkit-1/localauthority is + intended for 3rd party packages. +

+

+ Each .pkla file contains one or more + authorization entries. If the underlying filesystem supports + file monitoring, the Local Authority will reload information + whenever .pkla files are added, removed or + changed. +

+

+ Each directory is intended for a specific audience +

+
++ + + + + + + + + + + + + + + + + + + + + + +

10-vendor.d

+ Intended for use by the OS vendor. +

20-org.d

+ Intended for the organization deploying the OS. +

30-site.d

+ Intended for the site deploying the system. +

50-local.d

+ Intended for local usage. +

90-mandatory.d

+ Intended for the organization deploying the OS. +

+

+ and new directories can be added/removed as needed. +

+

+ As to regards to the content, each .pkla + file is a standard key file and contains + key/value pairs in one or more groups with each group + representing an authorization entry. + A .pkla file MUST be named by using a + scheme to ensure that the name is unique, e.g. reverse DNS + notation or similar. For example, if the organization is + Acme Corp needs to modify policy for the + product Frobnicator, a name + like com.acme.frobnicator.pkla would be + suitable. +

+
+
+

AUTHORIZATION ENTRY

+

+ Each group in a .pkla file must have a name + that is unique within the file it belongs to. The following keys + are are recognized: +

+
++ + + + + + + + + + + + + + + + + + + + + + + + + + +

Identity

+ A semi-colon separated list of globs to match identities. Each glob + should start with unix-user: or + unix-group: to specify whether to match on a + UNIX user name or a UNIX group name. Netgroups are supported with + the unix-netgroup: prefix, but cannot support + glob syntax. +

Action

+ A semi-colon separated list of globs to match action identifiers. +

ResultActive

+ The result to return for subjects in an active local + session that matches one or more of the given identities. + Allowed values are similar to what can be used in + the defaults section + of .policy files used to define + actions, e.g. + yes, + no, + auth_self, + auth_self_keep, + auth_admin and + auth_admin_keep. +

ResultInactive

+ Like ResultActive but instead applies + to subjects in inactive local sessions. +

ResultAny

+ Like ResultActive but instead applies + to any subject. +

ReturnValue

+ A semi-colon separated list of key/value pairs (of the + form key=value) that are added to the details of + authorization result on positive matches. +

+

+ All keys specified above are required except that only at least + one + of ResultAny, ResultInactive + and ResultActive must + be present. The ReturnValue key is optional. +

+
+
+

EVALUATION ORDER

+

+ When a Mechanism requests services from the Authority to check + if a given Subject is authorized for a given Action, the + authorization entries discussed above are consulted using the + following algorithm. +

+

+ The authorization entries from all .pkla files are ordered using + the following rules. First all the basename of all + sub-directories (e.g. 30-site.d) from both + the /etc/polkit-1/localauthority + and /var/lib/polkit-1/localauthority + directories are enumerated and sorted (using the C locale). If a + name exists in both /etc + and /var, the one + in /etc takes precedence. Then + all .pkla files are read in order from this + list of sub-directories. For each .pkla + file, authorizations from each file are appended in order resulting + in an ordered list of authorization entries. +

+

+ For example, given the following files +

+
+/var/lib/polkit-1
+└── localauthority
+    ├── 10-vendor.d
+    │   └── 10-desktop-policy.pkla
+    ├── 20-org.d
+    ├── 30-site.d
+    ├── 50-local.d
+    ├── 55-org.my.company.d
+    │   └── 10-org.my.company.product.pkla
+    └── 90-mandatory.d
+
+/etc/polkit-1
+└── localauthority
+    ├── 10-vendor.d
+    │   └── 01-some-changes-from-a-subvendor.pkla
+    ├── 20-org.d
+    ├── 30-site.d
+    ├── 50-local.d
+    ├── 55-org.my.company.d
+    │   └── 10-org.my.company.product.pkla
+    └── 90-mandatory.d
+
+

+ the evaluation order of the .pkla files is: +

+
    +

  1. + 10-desktop-policy.pkla +

    2. +

  2. + 01-some-changes-from-a-subvendor.pkla +

    3. +

  3. + 10-org.my.company.product.pkla (the /var one) +

    4. +

  4. + 10-org.my.company.product.pkla (the /etc one) +

    5. +
+

+ When the list of authorization entries has been calculated, the + authorization check can be made. First, the user of the Subject + is determined and the groups that the user belongs are looked + up. For each group identity, the authorization entries are + consulted in order. If the authorization check matches the data + from the authorization check, then the authorization result + from RequireAny, RequireInactive + or RequireActive is used + and ReturnValue is added to the + authorization result. +

+

+ Finally, the authorization entries are consulted using the user + identity in the same manner. +

+

+ Note that processing continues even after a match. This allows + for socalled negative authorizations, see + the section called “EXAMPLES” for further + discussion. +

+
+
+

EXAMPLES

+

+ The following .conf file +

+
+[Configuration]
+AdminIdentities=unix-group:staff
+
+

+ specifies that any user in the staff UNIX + group can be used for authentication when administrator + authentication is needed. This file would typically be installed + in the /etc/polkit-1/localauthority.conf.d + directory and given the + name 60-desktop-policy.conf to ensure that + it is evaluted after + the 50-localauthority.conf file shipped + with PolicyKit. If the local administrator wants to override this (suppose 60-desktop-policy.conf was shipped as part of the OS) he can simply create a file 99-my-admin-configuration.conf with the following content +

+
+[Configuration]
+AdminIdentities=unix-user:lisa;unix-user:marge
+
+

+ to specify that only the users lisa + and marge can authenticate when + administrator authentication is needed. +

+

+ The following .pkla file grants + authorization to all users in the staff group + for actions matching the + glob com.example.awesomeproduct.* provided + they are in an active session on the local console: +

+
+[Normal Staff Permissions]
+Identity=unix-group:staff
+Action=com.example.awesomeproduct.*
+ResultAny=no
+ResultInactive=no
+ResultActive=yes
+
+

+ If the users homer and grimes are member of + the staff group but policy requires that an + administrator needs to authenticate every time authorization for + any action + matching com.example.awesomeproduct.* is + required, one would add +

+
+[Exclude Some Problematic Users]
+Identity=unix-user:homer;unix-user:grimes
+Action=com.example.awesomeproduct.*
+ResultAny=no
+ResultInactive=no
+ResultActive=auth_admin
+
+

+ and make sure this authorization entry is after the first one. +

+
+
+

AUTHOR

+

+ Written by David Zeuthen with + a lot of help from many others. +

+
+
+

BUGS

+

+ Please send bug reports to either the distribution or the + polkit-devel mailing list, + see the link http://lists.freedesktop.org/mailman/listinfo/polkit-devel + on how to subscribe. +

+
+
+

SEE ALSO

+

+ polkit(8) +

+
+
+
+
+ Generated by GTK-Doc V1.18
+ + \ No newline at end of file diff --git a/docs/polkit/html/pkttyagent.1.html b/docs/polkit/html/pkttyagent.1.html new file mode 100644 index 00000000..ed5f69d8 --- /dev/null +++ b/docs/polkit/html/pkttyagent.1.html @@ -0,0 +1,137 @@ + + + + +pkttyagent + + + + + + + + + + + + + + + + +
+
+
+ + +
+

pkttyagent

+

pkttyagent — Textual authentication helper

+
+
+

Synopsis

+

pkttyagent [--version] [--help]

+

pkttyagent [ + --process + { + pid + | + pid,pid-start-time + } + | + --system-bus-name + busname + ] [ + --notify-fd + fd + ] [ + --fallback + ]

+
+
+

DESCRIPTION

+

+ pkttyagent is used to start a textual + authentication agent for the subject specified by either + --process or + --system-bus-name. If neither of these options + are given, the parent process is used. +

+

+ To get notified when the authentication agent has been + registered either listen to the Changed + D-Bus signal or use --notify-fd to pass the + number of a file descriptor that has been passed to the + program. This file descriptor will then be closed when the + authentication agent has been successfully registered. +

+

+ If --fallback is used, the textual + authentication agent will not replace an existing authentication + agent. +

+
+
+

RETURN VALUE

+

+ If the authentication agent could not be registered, + pkttyagent exits with an exit code of + 127. Diagnostic messages are printed on standard error. +

+

+ If one or more of the options passed are malformed, + pkttyagent exits with an exit code of 126. If + stdin is a tty, then this manual page is also shown. +

+

+ If the authentication agent was successfully registered, + pkttyagent will keep running, interacting + with the user as needed. When its services are no longer needed, + the process can be killed. +

+
+
+

NOTES

+

+ Since process identifiers can be recycled, the caller should + always use pid,pid-start-time when + using the --process option. The value of + pid-start-time can be determined by + consulting e.g. the + proc(5) + file system depending on the operating system. If only pid + is passed to the --process option, then pkttyagent + will look up the start time itself but note that this may be racy. +

+
+
+

AUTHOR

+

+ Written by David Zeuthen with + a lot of help from many others. +

+
+
+

BUGS

+

+ Please send bug reports to either the distribution or the + polkit-devel mailing list, + see the link http://lists.freedesktop.org/mailman/listinfo/polkit-devel + on how to subscribe. +

+
+
+

SEE ALSO

+

+ polkit(8), + pkaction(1), + pkcheck(1), + pkexec(1) +

+
+
+
+
+ Generated by GTK-Doc V1.18
+ + \ No newline at end of file diff --git a/docs/polkit/html/polit-index.html b/docs/polkit/html/polit-index.html new file mode 100644 index 00000000..6a6f0cc1 --- /dev/null +++ b/docs/polkit/html/polit-index.html @@ -0,0 +1,464 @@ + + + + +Index + + + + + + + + + + + + + + + + +
+

+Index

+
+
+

A

+
+
PolkitActionDescription, PolkitActionDescription +
+
polkit_action_description_get_action_id, polkit_action_description_get_action_id () +
+
polkit_action_description_get_annotation, polkit_action_description_get_annotation () +
+
polkit_action_description_get_description, polkit_action_description_get_description () +
+
polkit_action_description_get_icon_name, polkit_action_description_get_icon_name () +
+
polkit_action_description_get_implicit_active, polkit_action_description_get_implicit_active () +
+
polkit_action_description_get_implicit_any, polkit_action_description_get_implicit_any () +
+
polkit_action_description_get_implicit_inactive, polkit_action_description_get_implicit_inactive () +
+
polkit_action_description_get_message, polkit_action_description_get_message () +
+
polkit_action_description_get_vendor_name, polkit_action_description_get_vendor_name () +
+
polkit_action_description_get_vendor_url, polkit_action_description_get_vendor_url () +
+
PolkitAgentListener, PolkitAgentListener +
+
PolkitAgentListenerClass, struct PolkitAgentListenerClass +
+
PolkitAgentRegisterFlags, enum PolkitAgentRegisterFlags +
+
PolkitAgentSession, PolkitAgentSession +
+
PolkitAgentSession::completed, The "completed" signal +
+
PolkitAgentSession::request, The "request" signal +
+
PolkitAgentSession::show-error, The "show-error" signal +
+
PolkitAgentSession::show-info, The "show-info" signal +
+
PolkitAgentSession:cookie, The "cookie" property +
+
PolkitAgentSession:identity, The "identity" property +
+
PolkitAgentTextListener, PolkitAgentTextListener +
+
polkit_agent_listener_initiate_authentication, polkit_agent_listener_initiate_authentication () +
+
polkit_agent_listener_initiate_authentication_finish, polkit_agent_listener_initiate_authentication_finish () +
+
polkit_agent_listener_register, polkit_agent_listener_register () +
+
polkit_agent_listener_register_with_options, polkit_agent_listener_register_with_options () +
+
polkit_agent_listener_unregister, polkit_agent_listener_unregister () +
+
polkit_agent_session_cancel, polkit_agent_session_cancel () +
+
polkit_agent_session_initiate, polkit_agent_session_initiate () +
+
polkit_agent_session_new, polkit_agent_session_new () +
+
polkit_agent_session_response, polkit_agent_session_response () +
+
polkit_agent_text_listener_new, polkit_agent_text_listener_new () +
+
PolkitAuthority, PolkitAuthority +
+
PolkitAuthority::changed, The "changed" signal +
+
PolkitAuthority:backend-features, The "backend-features" property +
+
PolkitAuthority:backend-name, The "backend-name" property +
+
PolkitAuthority:backend-version, The "backend-version" property +
+
PolkitAuthority:owner, The "owner" property +
+
PolkitAuthorityFeatures, enum PolkitAuthorityFeatures +
+
polkit_authority_authentication_agent_response, polkit_authority_authentication_agent_response () +
+
polkit_authority_authentication_agent_response_finish, polkit_authority_authentication_agent_response_finish () +
+
polkit_authority_authentication_agent_response_sync, polkit_authority_authentication_agent_response_sync () +
+
polkit_authority_check_authorization, polkit_authority_check_authorization () +
+
polkit_authority_check_authorization_finish, polkit_authority_check_authorization_finish () +
+
polkit_authority_check_authorization_sync, polkit_authority_check_authorization_sync () +
+
polkit_authority_enumerate_actions, polkit_authority_enumerate_actions () +
+
polkit_authority_enumerate_actions_finish, polkit_authority_enumerate_actions_finish () +
+
polkit_authority_enumerate_actions_sync, polkit_authority_enumerate_actions_sync () +
+
polkit_authority_enumerate_temporary_authorizations, polkit_authority_enumerate_temporary_authorizations () +
+
polkit_authority_enumerate_temporary_authorizations_finish, polkit_authority_enumerate_temporary_authorizations_finish () +
+
polkit_authority_enumerate_temporary_authorizations_sync, polkit_authority_enumerate_temporary_authorizations_sync () +
+
polkit_authority_get_async, polkit_authority_get_async () +
+
polkit_authority_get_backend_features, polkit_authority_get_backend_features () +
+
polkit_authority_get_backend_name, polkit_authority_get_backend_name () +
+
polkit_authority_get_backend_version, polkit_authority_get_backend_version () +
+
polkit_authority_get_finish, polkit_authority_get_finish () +
+
polkit_authority_get_owner, polkit_authority_get_owner () +
+
polkit_authority_get_sync, polkit_authority_get_sync () +
+
polkit_authority_register_authentication_agent, polkit_authority_register_authentication_agent () +
+
polkit_authority_register_authentication_agent_finish, polkit_authority_register_authentication_agent_finish () +
+
polkit_authority_register_authentication_agent_sync, polkit_authority_register_authentication_agent_sync () +
+
polkit_authority_register_authentication_agent_with_options, polkit_authority_register_authentication_agent_with_options () +
+
polkit_authority_register_authentication_agent_with_options_finish, polkit_authority_register_authentication_agent_with_options_finish () +
+
polkit_authority_register_authentication_agent_with_options_sync, polkit_authority_register_authentication_agent_with_options_sync () +
+
polkit_authority_revoke_temporary_authorizations, polkit_authority_revoke_temporary_authorizations () +
+
polkit_authority_revoke_temporary_authorizations_finish, polkit_authority_revoke_temporary_authorizations_finish () +
+
polkit_authority_revoke_temporary_authorizations_sync, polkit_authority_revoke_temporary_authorizations_sync () +
+
polkit_authority_revoke_temporary_authorization_by_id, polkit_authority_revoke_temporary_authorization_by_id () +
+
polkit_authority_revoke_temporary_authorization_by_id_finish, polkit_authority_revoke_temporary_authorization_by_id_finish () +
+
polkit_authority_revoke_temporary_authorization_by_id_sync, polkit_authority_revoke_temporary_authorization_by_id_sync () +
+
polkit_authority_unregister_authentication_agent, polkit_authority_unregister_authentication_agent () +
+
polkit_authority_unregister_authentication_agent_finish, polkit_authority_unregister_authentication_agent_finish () +
+
polkit_authority_unregister_authentication_agent_sync, polkit_authority_unregister_authentication_agent_sync () +
+
PolkitAuthorizationResult, PolkitAuthorizationResult +
+
polkit_authorization_result_get_details, polkit_authorization_result_get_details () +
+
polkit_authorization_result_get_dismissed, polkit_authorization_result_get_dismissed () +
+
polkit_authorization_result_get_is_authorized, polkit_authorization_result_get_is_authorized () +
+
polkit_authorization_result_get_is_challenge, polkit_authorization_result_get_is_challenge () +
+
polkit_authorization_result_get_retains_authorization, polkit_authorization_result_get_retains_authorization () +
+
polkit_authorization_result_get_temporary_authorization_id, polkit_authorization_result_get_temporary_authorization_id () +
+
polkit_authorization_result_new, polkit_authorization_result_new () +
+
+
+
+

B

+
+
PolkitBackendAuthority, PolkitBackendAuthority +
+
PolkitBackendAuthority::changed, The "changed" signal +
+
PolkitBackendAuthorityClass, struct PolkitBackendAuthorityClass +
+
PolkitBackendInteractiveAuthority, PolkitBackendInteractiveAuthority +
+
PolkitBackendInteractiveAuthorityClass, struct PolkitBackendInteractiveAuthorityClass +
+
PolkitBackendLocalAuthority, PolkitBackendLocalAuthority +
+
PolkitBackendLocalAuthority:auth-store-paths, The "auth-store-paths" property +
+
PolkitBackendLocalAuthority:config-path, The "config-path" property +
+
PolkitBackendLocalAuthorityClass, struct PolkitBackendLocalAuthorityClass +
+
polkit_backend_authority_authentication_agent_response, polkit_backend_authority_authentication_agent_response () +
+
polkit_backend_authority_check_authorization, polkit_backend_authority_check_authorization () +
+
polkit_backend_authority_check_authorization_finish, polkit_backend_authority_check_authorization_finish () +
+
polkit_backend_authority_enumerate_actions, polkit_backend_authority_enumerate_actions () +
+
polkit_backend_authority_enumerate_temporary_authorizations, polkit_backend_authority_enumerate_temporary_authorizations () +
+
POLKIT_BACKEND_AUTHORITY_EXTENSION_POINT_NAME, POLKIT_BACKEND_AUTHORITY_EXTENSION_POINT_NAME +
+
polkit_backend_authority_get, polkit_backend_authority_get () +
+
polkit_backend_authority_get_features, polkit_backend_authority_get_features () +
+
polkit_backend_authority_get_name, polkit_backend_authority_get_name () +
+
polkit_backend_authority_get_version, polkit_backend_authority_get_version () +
+
polkit_backend_authority_register, polkit_backend_authority_register () +
+
polkit_backend_authority_register_authentication_agent, polkit_backend_authority_register_authentication_agent () +
+
polkit_backend_authority_revoke_temporary_authorizations, polkit_backend_authority_revoke_temporary_authorizations () +
+
polkit_backend_authority_revoke_temporary_authorization_by_id, polkit_backend_authority_revoke_temporary_authorization_by_id () +
+
polkit_backend_authority_unregister, polkit_backend_authority_unregister () +
+
polkit_backend_authority_unregister_authentication_agent, polkit_backend_authority_unregister_authentication_agent () +
+
polkit_backend_interactive_authority_check_authorization_sync, polkit_backend_interactive_authority_check_authorization_sync () +
+
polkit_backend_interactive_authority_get_admin_identities, polkit_backend_interactive_authority_get_admin_identities () +
+
+
+
+

C

+
PolkitCheckAuthorizationFlags, enum PolkitCheckAuthorizationFlags +
+
+
+

D

+
+
PolkitDetails, PolkitDetails +
+
polkit_details_get_keys, polkit_details_get_keys () +
+
polkit_details_insert, polkit_details_insert () +
+
polkit_details_lookup, polkit_details_lookup () +
+
polkit_details_new, polkit_details_new () +
+
+
+
+

E

+
+
PolkitError, enum PolkitError +
+
POLKIT_ERROR, POLKIT_ERROR +
+
+
+
+

I

+
+
PolkitIdentity, PolkitIdentity +
+
PolkitIdentityIface, struct PolkitIdentityIface +
+
polkit_identity_equal, polkit_identity_equal () +
+
polkit_identity_from_string, polkit_identity_from_string () +
+
polkit_identity_hash, polkit_identity_hash () +
+
polkit_identity_to_string, polkit_identity_to_string () +
+
PolkitImplicitAuthorization, enum PolkitImplicitAuthorization +
+
+
+
+

P

+
+
PolkitPermission, PolkitPermission +
+
PolkitPermission:action-id, The "action-id" property +
+
PolkitPermission:subject, The "subject" property +
+
polkit_permission_get_action_id, polkit_permission_get_action_id () +
+
polkit_permission_get_subject, polkit_permission_get_subject () +
+
polkit_permission_new, polkit_permission_new () +
+
polkit_permission_new_finish, polkit_permission_new_finish () +
+
polkit_permission_new_sync, polkit_permission_new_sync () +
+
+
+
+

S

+
+
PolkitSubject, PolkitSubject +
+
PolkitSubjectIface, struct PolkitSubjectIface +
+
polkit_subject_equal, polkit_subject_equal () +
+
polkit_subject_exists, polkit_subject_exists () +
+
polkit_subject_exists_finish, polkit_subject_exists_finish () +
+
polkit_subject_exists_sync, polkit_subject_exists_sync () +
+
polkit_subject_from_string, polkit_subject_from_string () +
+
polkit_subject_hash, polkit_subject_hash () +
+
polkit_subject_to_string, polkit_subject_to_string () +
+
PolkitSystemBusName, PolkitSystemBusName +
+
PolkitSystemBusName:name, The "name" property +
+
polkit_system_bus_name_get_name, polkit_system_bus_name_get_name () +
+
polkit_system_bus_name_get_process_sync, polkit_system_bus_name_get_process_sync () +
+
polkit_system_bus_name_new, polkit_system_bus_name_new () +
+
polkit_system_bus_name_set_name, polkit_system_bus_name_set_name () +
+
+
+
+

T

+
+
PolkitTemporaryAuthorization, PolkitTemporaryAuthorization +
+
polkit_temporary_authorization_get_action_id, polkit_temporary_authorization_get_action_id () +
+
polkit_temporary_authorization_get_id, polkit_temporary_authorization_get_id () +
+
polkit_temporary_authorization_get_subject, polkit_temporary_authorization_get_subject () +
+
polkit_temporary_authorization_get_time_expires, polkit_temporary_authorization_get_time_expires () +
+
polkit_temporary_authorization_get_time_obtained, polkit_temporary_authorization_get_time_obtained () +
+
+
+
+

U

+
+
PolkitUnixGroup, PolkitUnixGroup +
+
PolkitUnixGroup:gid, The "gid" property +
+
PolkitUnixNetgroup, PolkitUnixNetgroup +
+
PolkitUnixNetgroup:name, The "name" property +
+
PolkitUnixProcess, PolkitUnixProcess +
+
PolkitUnixProcess:pid, The "pid" property +
+
PolkitUnixProcess:start-time, The "start-time" property +
+
PolkitUnixProcess:uid, The "uid" property +
+
PolkitUnixSession, PolkitUnixSession +
+
PolkitUnixSession:pid, The "pid" property +
+
PolkitUnixSession:session-id, The "session-id" property +
+
PolkitUnixUser, PolkitUnixUser +
+
PolkitUnixUser:uid, The "uid" property +
+
polkit_unix_group_get_gid, polkit_unix_group_get_gid () +
+
polkit_unix_group_new, polkit_unix_group_new () +
+
polkit_unix_group_new_for_name, polkit_unix_group_new_for_name () +
+
polkit_unix_group_set_gid, polkit_unix_group_set_gid () +
+
polkit_unix_netgroup_get_name, polkit_unix_netgroup_get_name () +
+
polkit_unix_netgroup_new, polkit_unix_netgroup_new () +
+
polkit_unix_netgroup_set_name, polkit_unix_netgroup_set_name () +
+
polkit_unix_process_get_pid, polkit_unix_process_get_pid () +
+
polkit_unix_process_get_start_time, polkit_unix_process_get_start_time () +
+
polkit_unix_process_get_uid, polkit_unix_process_get_uid () +
+
polkit_unix_process_new, polkit_unix_process_new () +
+
polkit_unix_process_new_for_owner, polkit_unix_process_new_for_owner () +
+
polkit_unix_process_new_full, polkit_unix_process_new_full () +
+
polkit_unix_process_set_pid, polkit_unix_process_set_pid () +
+
polkit_unix_process_set_start_time, polkit_unix_process_set_start_time () +
+
polkit_unix_process_set_uid, polkit_unix_process_set_uid () +
+
polkit_unix_session_get_session_id, polkit_unix_session_get_session_id () +
+
polkit_unix_session_new, polkit_unix_session_new () +
+
polkit_unix_session_new_for_process, polkit_unix_session_new_for_process () +
+
polkit_unix_session_new_for_process_finish, polkit_unix_session_new_for_process_finish () +
+
polkit_unix_session_new_for_process_sync, polkit_unix_session_new_for_process_sync () +
+
polkit_unix_session_set_session_id, polkit_unix_session_set_session_id () +
+
polkit_unix_user_get_name, polkit_unix_user_get_name () +
+
polkit_unix_user_get_uid, polkit_unix_user_get_uid () +
+
polkit_unix_user_new, polkit_unix_user_new () +
+
polkit_unix_user_new_for_name, polkit_unix_user_new_for_name () +
+
polkit_unix_user_set_uid, polkit_unix_user_set_uid () +
+
+
+
+
+
+
+ Generated by GTK-Doc V1.18
+ + \ No newline at end of file diff --git a/docs/polkit/html/polkit-1.devhelp2 b/docs/polkit/html/polkit-1.devhelp2 new file mode 100644 index 00000000..25f6b328 --- /dev/null +++ b/docs/polkit/html/polkit-1.devhelp2 @@ -0,0 +1,296 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/polkit/html/polkit-agents.html b/docs/polkit/html/polkit-agents.html new file mode 100644 index 00000000..1a58ab33 --- /dev/null +++ b/docs/polkit/html/polkit-agents.html @@ -0,0 +1,55 @@ + + + + +Writing polkit Authentication Agents + + + + + + + + + + + + + + + + +
+

+Writing polkit Authentication Agents

+

+ Authentication agents are provided by desktop environments. When + an user session starts, the agent registers with the polkit + Authority using + the RegisterAuthenticationAgent() + method. When services are needed, the authority will invoke + methods on + the org.freedesktop.PolicyKit1.AuthenticationAgent + D-Bus interface. Once the user is authenticated, (a privileged + part of) the agent invokes + the AuthenticationAgentResponse() + method. Note that the polkit Authority itself does not care + how the agent authenticates the user. +

+

+ The libpolkit-agent-1 + library provides helpers to make it easy to build authentication + agents that use the native authentication system + e.g. pam(8). +

+

+ If the environment variable POLKIT_DEBUG is + set, the libpolkit-agent-1 library prints out diagnostic + information on standard output. +

+
+
+
+ Generated by GTK-Doc V1.18
+ + \ No newline at end of file diff --git a/docs/polkit/html/polkit-apps.html b/docs/polkit/html/polkit-apps.html new file mode 100644 index 00000000..26c992f8 --- /dev/null +++ b/docs/polkit/html/polkit-apps.html @@ -0,0 +1,486 @@ + + + + +Writing polkit applications + + + + + + + + + + + + + + + + +
+

+Writing polkit applications

+

+ polkit applications are privileged mechanisms using the + polkit authority as a decider component. To do this, a + mechanism use either + the GObject API, + the D-Bus API or + the pkcheck command to + communicate with the polkit Authority. +

+

+ Note that clients normally doesn't use the + polkit API directly – it is intended for privileged + mechanisms. If a client needs to disable, + modify or remove UI elements to e.g. convey to the user that a + certain action cannot be carried out (because e.g. the user is + not authorized) or authentication is needed (by e.g. displaying + a padlock icon in the UI), it is usually better to have the + mechanism provide an API for this. +

+

+ If a polkit application wants to handle the case where no + authentication agent exists (for example if the app is launched + via a + ssh(1) + login), it is trivial for the application to use the PolkitAgentTextListener + class to spawn its own authentication agent as + needed. Alternatively, the pkttyagent(1) + helper can be used to do this. +

+

+ As an example of code using the GObject API, see Example 1, “Querying the Authority”. + For an example using the D-Bus API, see Example 2, “Accessing the Authority via D-Bus”. +

+
+

Example 1. Querying the Authority

+
+ + + + + + + + 
1
+2
+3
+4
+5
+6
+7
+8
+9
+10
+11
+12
+13
+14
+15
+16
+17
+18
+19
+20
+21
+22
+23
+24
+25
+26
+27
+28
+29
+30
+31
+32
+33
+34
+35
+36
+37
+38
+39
+40
+41
+42
+43
+44
+45
+46
+47
+48
+49
+50
+51
+52
+53
+54
+55
+56
+57
+58
+59
+60
+61
+62
+63
+64
+65
+66
+67
+68
+69
+70
+71
+72
+73
+74
+75
+76
+77
+78
+79
+80
+81
+82
+83
+84
+85
+86
+87
+88
+89
+90
+91
+92
+93
+94
+95
+96
+97
+98
+99
+100
+101
+102
+103
+104
+105
+106
+107
+108
+109
+110
+111
+112
+113
+114
+115
+116
+117
+118
+119
+120
+121
+122
+123
+124
+125
+126
+127
+128
+129
+130
+131
+132
+133
+134
+135
+136
+137
+138
+139
+140
+141
+142
+143
+144
+145
+146
+147
+148
+149
+150
+151
+152
+153
+154
+155
+156
+157
+158
/*
+ * Copyright (C) 2009 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General
+ * Public License along with this library; if not, write to the
+ * Free Software Foundation, Inc., 59 Temple Place, Suite 330,
+ * Boston, MA 02111-1307, USA.
+ *
+ * Author: David Zeuthen <davidz@redhat.com>
+ */
+
+/* Simple example that shows how to check for an authorization
+ * including cancelling the check.
+ *
+ * Cancelling an authorization check is desirable in situations where
+ * the object/action to check for vanishes.
+ *
+ * One concrete example of this is a disks service in which the user
+ * needs to authenticate to modify a disk. If the disk is removed
+ * while the authentication dialog is shown, the disks service should
+ * cancel the authorization check. A side effect of this, is that the
+ * authentication dialog is removed.
+ */
+
+#include <polkit/polkit.h>
+
+static gboolean
+on_tensec_timeout (gpointer user_data)
+{
+  GMainLoop *loop = user_data;
+  g_print ("Ten seconds has passed. Now exiting.\n");
+  g_main_loop_quit (loop);
+  return FALSE;
+}
+
+static void
+check_authorization_cb (PolkitAuthority *authority,
+                        GAsyncResult    *res,
+                        gpointer         user_data)
+{
+  GMainLoop *loop = user_data;
+  PolkitAuthorizationResult *result;
+  GError *error;
+
+  error = NULL;
+  result = polkit_authority_check_authorization_finish (authority, res, &error);
+  if (error != NULL)
+    {
+      g_print ("Error checking authorization: %s\n", error->message);
+      g_error_free (error);
+    }
+  else
+    {
+      const gchar *result_str;
+      if (polkit_authorization_result_get_is_authorized (result))
+        {
+          result_str = "authorized";
+        }
+      else if (polkit_authorization_result_get_is_challenge (result))
+        {
+          result_str = "challenge";
+        }
+      else
+        {
+          result_str = "not authorized";
+        }
+
+      g_print ("Authorization result: %s\n", result_str);
+    }
+
+  g_print ("Authorization check has been cancelled and the dialog should now be hidden.\n"
+           "This process will exit in ten seconds.\n");
+  g_timeout_add (10000, on_tensec_timeout, loop);
+}
+
+static gboolean
+do_cancel (GCancellable *cancellable)
+{
+  g_print ("Timer has expired; cancelling authorization check\n");
+  g_cancellable_cancel (cancellable);
+  return FALSE;
+}
+
+int
+main (int argc, char *argv[])
+{
+  pid_t parent_pid;
+  const gchar *action_id;
+  GMainLoop *loop;
+  PolkitSubject *subject;
+  PolkitAuthority *authority;
+  GCancellable *cancellable;
+
+  g_type_init ();
+
+  if (argc != 2)
+    {
+      g_printerr ("usage: %s <action_id>\n", argv[0]);
+      return 1;
+    }
+  action_id = argv[1];
+
+  loop = g_main_loop_new (NULL, FALSE);
+
+  authority = polkit_authority_get_sync (NULL, NULL);
+
+  /* Typically mechanisms will use a PolkitSystemBusName since most
+   * clients communicate with the mechanism via D-Bus. However for
+   * this simple example we use the process id of the calling process.
+   *
+   * Note that if the parent was reaped we have to be careful not to
+   * check if init(1) is authorized (it always is).
+   */
+  parent_pid = getppid ();
+  if (parent_pid == 1)
+    {
+      g_printerr ("Parent process was reaped by init(1)\n");
+      return 1;
+    }
+  subject = polkit_unix_process_new (parent_pid);
+
+  cancellable = g_cancellable_new ();
+
+  g_print ("Will cancel authorization check in 10 seconds\n");
+
+  /* Set up a 10 second timer to cancel the check */
+  g_timeout_add (10 * 1000,
+                 (GSourceFunc) do_cancel,
+                 cancellable);
+
+  polkit_authority_check_authorization (authority,
+                                        subject,
+                                        action_id,
+                                        NULL, /* PolkitDetails */
+                                        POLKIT_CHECK_AUTHORIZATION_FLAGS_ALLOW_USER_INTERACTION,
+                                        cancellable,
+                                        (GAsyncReadyCallback) check_authorization_cb,
+                                        loop);
+
+  g_main_loop_run (loop);
+
+  g_object_unref (authority);
+  g_object_unref (subject);
+  g_object_unref (cancellable);
+  g_main_loop_unref (loop);
+
+  return 0;
+}
+
+ +
+
+

Example 2. Accessing the Authority via D-Bus

+
+ + + + + + + + 
1
+2
+3
+4
+5
+6
+7
+8
+9
+10
+11
+12
+13
+14
+15
+16
+17
+18
+19
+20
+21
+22
+23
+24
+25
+26
+27
+28
+29
+30
+31
+32
+33
+34
+35
+36
+37
+38
+39
+40
+41
#!/usr/bin/env python
+
+# Copyright (C) 2009 Red Hat, Inc.
+#
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2 of the License, or (at your option) any later version.
+#
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General
+# Public License along with this library; if not, write to the
+# Free Software Foundation, Inc., 59 Temple Place, Suite 330,
+# Boston, MA 02111-1307, USA.
+#
+# Author: David Zeuthen <davidz@redhat.com>
+
+# Simple example showing how to access the Authority via D-Bus calls
+#
+
+import dbus
+
+bus = dbus.SystemBus()
+proxy = bus.get_object('org.freedesktop.PolicyKit1', '/org/freedesktop/PolicyKit1/Authority')
+authority = dbus.Interface(proxy, dbus_interface='org.freedesktop.PolicyKit1.Authority')
+
+system_bus_name = bus.get_unique_name()
+
+subject = ('system-bus-name', {'name' : system_bus_name})
+action_id = 'org.freedesktop.policykit.exec'
+details = {}
+flags = 1            # AllowUserInteraction flag
+cancellation_id = '' # No cancellation id
+
+result = authority.CheckAuthorization(subject, action_id, details, flags, cancellation_id)
+
+print result
+
+ +
+
+
+
+
+ Generated by GTK-Doc V1.18
+ + \ No newline at end of file diff --git a/docs/polkit/html/polkit-architecture.html b/docs/polkit/html/polkit-architecture.html new file mode 100644 index 00000000..383ba503 --- /dev/null +++ b/docs/polkit/html/polkit-architecture.html @@ -0,0 +1,44 @@ + + + + +Long Description + + + + +
+ +-------------------+
+ |   Authentication  |
+ |       Agent       |
+ +-------------------+
+ | libpolkit-agent-1 |
+ +-------------------+
+        ^                                  +--------+
+        |                                  | Client |
+        +--------------+                   +--------+
+                       |                        ^
+                       |                        |
+User Session           |                        |
+=======================|========================|=============
+System Context         |                        |
+                       |                        |
+                       |                    +---+
+                       V                    |
+                     /------------\         |
+                     | System Bus |         |
+                     \------------/         |
+                       ^        ^           V
+                       |        |      +---------------------+
+        +--------------+        |      |      Mechanism      |
+        |                       |      +---------------------+
+        V                       +----> | libpolkit-gobject-1 |
++------------------+                   +---------------------+
+| org.freedesktop. |
+|    PolicyKit1    |
++------------------+
+|   Backends and   |
+|    Extensions    |
++------------------+
+
+ \ No newline at end of file diff --git a/docs/polkit/html/polkit-architecture.png b/docs/polkit/html/polkit-architecture.png new file mode 100644 index 00000000..11342e57 Binary files /dev/null and b/docs/polkit/html/polkit-architecture.png differ diff --git a/docs/polkit/html/polkit-authentication-agent-example-wheel.html b/docs/polkit/html/polkit-authentication-agent-example-wheel.html new file mode 100644 index 00000000..a2e3c9d7 --- /dev/null +++ b/docs/polkit/html/polkit-authentication-agent-example-wheel.html @@ -0,0 +1,36 @@ + + + + +Long Description + + + + +
++----------------------------------------------------------+
+|                     Authenticate                     [X] |
++----------------------------------------------------------+
+|                                                          |
+|  [Icon]  Authentication is required to run ATA SMART     |
+|          self tests                                      |
+|                                                          |
+|          An application is attempting to perform an      |
+|          action that requires privileges. Authentication |
+|          as one of the users below is required to        |
+|          perform this action.                            |
+|                                                          |
+|          [[Face] Patrick Bateman (bateman)         [V]]  |
+|                                                          |
+|          Password for bateman: [______________________]  |
+|                                                          |
+| [V] Details:                                             |
+|  Drive:  ATA INTEL SSDSA2MH08 (045C)                     |
+|  Device: /dev/sda                                        |
+|  Action: org.fd.devicekit.disks.drive-ata-smart-selftest |
+|  Vendor: The DeviceKit Project                           |
+|                                                          |
+|                                  [Cancel] [Authenticate] |
++----------------------------------------------------------+
+
+ \ No newline at end of file diff --git a/docs/polkit/html/polkit-authentication-agent-example-wheel.png b/docs/polkit/html/polkit-authentication-agent-example-wheel.png new file mode 100644 index 00000000..bafe5a8b Binary files /dev/null and b/docs/polkit/html/polkit-authentication-agent-example-wheel.png differ diff --git a/docs/polkit/html/polkit-authentication-agent-example.html b/docs/polkit/html/polkit-authentication-agent-example.html new file mode 100644 index 00000000..91c6a875 --- /dev/null +++ b/docs/polkit/html/polkit-authentication-agent-example.html @@ -0,0 +1,34 @@ + + + + +Long Description + + + + +
++----------------------------------------------------------+
+|                     Authenticate                     [X] |
++----------------------------------------------------------+
+|                                                          |
+|  [Icon]  Authentication is required to run ATA SMART     |
+|          self tests                                      |
+|                                                          |
+|          An application is attempting to perform an      |
+|          action that requires privileges. Authentication |
+|          as the super user is required to perform this   |
+|          action.                                         |
+|                                                          |
+|          Password for root: [_________________________]  |
+|                                                          |
+| [V] Details:                                             |
+|  Drive:  ATA INTEL SSDSA2MH08 (045C)                     |
+|  Device: /dev/sda                                        |
+|  Action: org.fd.devicekit.disks.drive-ata-smart-selftest |
+|  Vendor: The DeviceKit Project                           |
+|                                                          |
+|                                  [Cancel] [Authenticate] |
++----------------------------------------------------------+
+
+ \ No newline at end of file diff --git a/docs/polkit/html/polkit-authentication-agent-example.png b/docs/polkit/html/polkit-authentication-agent-example.png new file mode 100644 index 00000000..b2f65590 Binary files /dev/null and b/docs/polkit/html/polkit-authentication-agent-example.png differ diff --git a/docs/polkit/html/polkit-extending.html b/docs/polkit/html/polkit-extending.html new file mode 100644 index 00000000..f0b75467 --- /dev/null +++ b/docs/polkit/html/polkit-extending.html @@ -0,0 +1,56 @@ + + + + +Extending polkit + + + + + + + + + + + + + + + + +
+

+Extending polkit

+

+ polkit exports a number of extension points to + replace/customize behavior of the polkit daemon. Note that + all extensions run with super user privileges in the same + process as the polkit daemon. +

+

+ The polkit daemons loads extensions + from the /usr/lib64/polkit-1/extensions + directory. See + the GIO Extension Point + documentation for more information about the extension + system used by polkit. +

+

+ The following extension points are currently defined by + polkit: +

+

POLKIT_BACKEND_AUTHORITY_EXTENSION_POINT_NAME.  + Allows replacing the Authority – the entity responsible for + making authorization decisions. Implementations of this + extension point must be derived from the + PolkitBackendAuthority class. See + the src/nullbackend/ directory in the + polkit sources for an example. +

+
+
+
+ Generated by GTK-Doc V1.18
+ + \ No newline at end of file diff --git a/docs/polkit/html/polkit-hierarchy.html b/docs/polkit/html/polkit-hierarchy.html new file mode 100644 index 00000000..0d02a234 --- /dev/null +++ b/docs/polkit/html/polkit-hierarchy.html @@ -0,0 +1,62 @@ + + + + +Object Hierarchy + + + + + + + + + + + + + + + + +
+

+Object Hierarchy

+
+    GObject
+        PolkitAuthority
+        PolkitActionDescription
+        PolkitDetails
+        PolkitUnixUser
+        PolkitUnixGroup
+        PolkitUnixNetgroup
+        PolkitUnixProcess
+        PolkitUnixSession
+        PolkitSystemBusName
+        PolkitAuthorizationResult
+        PolkitTemporaryAuthorization
+        GPermission
+            PolkitPermission
+        PolkitBackendAuthority
+            PolkitBackendInteractiveAuthority
+                PolkitBackendLocalAuthority
+        PolkitAgentSession
+        PolkitAgentListener
+            PolkitAgentTextListener
+    GInterface
+        PolkitIdentity
+        PolkitSubject
+        PolkitBackendActionLookup
+    GFlags
+        PolkitCheckAuthorizationFlags
+        PolkitAuthorityFeatures
+    GEnum
+        PolkitImplicitAuthorization
+        PolkitError
+
+
+
+
+ Generated by GTK-Doc V1.18
+ + \ No newline at end of file diff --git a/docs/polkit/html/polkit-intro.html b/docs/polkit/html/polkit-intro.html new file mode 100644 index 00000000..8a6a00cd --- /dev/null +++ b/docs/polkit/html/polkit-intro.html @@ -0,0 +1,37 @@ + + + + +Introduction + + + + + + + + + + + + + + + + +
+

+Introduction

+

+ polkit provides an authorization API intended to be used by + privileged programs (MECHANISMS) offering service + to unprivileged programs (CLIENTS). See the + polkit manual page for + the system architecture and big picture. +

+
+
+
+ Generated by GTK-Doc V1.18
+ + \ No newline at end of file diff --git a/docs/polkit/html/polkit.8.html b/docs/polkit/html/polkit.8.html new file mode 100644 index 00000000..c329ac09 --- /dev/null +++ b/docs/polkit/html/polkit.8.html @@ -0,0 +1,399 @@ + + + + +polkit + + + + + + + + + + + + + + + + +
+
+
+ + +
+

polkit

+

polkit — Authorization Framework

+
+
+

OVERVIEW

+

+ PolicyKit provides an authorization API intended to be used by + privileged programs (MECHANISMS) offering service + to unprivileged programs (CLIENTS) through some + form of IPC mechanism such as D-Bus or Unix pipes. In this + scenario, the mechanism typically treats the client as + untrusted. For every request from a client, the mechanism needs + to determine if the request is authorized or if it should refuse + to service the client. Using the PolicyKit API, a mechanism can + offload this decision to a trusted party: The PolicyKit + Authority. +

+

+ In addition to acting as an authority, PolicyKit allows users to + obtain temporary authorization through authenticating either an + administrative user or the owner of the session the client + belongs to. This is useful for scenarios where a mechanism needs + to verify that the operator of the system really is the user or + really is an administrative user. +

+
+
+

SYSTEM ARCHITECTURE

+

+ The system architecture of PolicyKit is comprised of + the Authority (implemented as a service on + the system message bus) and a + Authentication Agent per user session + (provided and started by the user session e.g. GNOME or KDE). + Additionally, PolicyKit supports a number of extension points – + specifically, vendors and/or sites can write extensions to + completely control authorization policy. In a block diagram, the + architecture looks like this: +

+
+
+
[D] +
+
+

+ For convenience, the libpolkit-gobject-1 + library wraps the PolicyKit D-Bus API using GObject. However, a + mechanism can also use the D-Bus API or the + pkcheck(1) + command to check authorizations. +

+

+ The libpolkit-agent-1 library provides an + abstraction of the native authentication system, e.g. + pam(8) + and also facilities registration and communication with the + PolicyKit D-Bus service. +

+

+ PolicyKit extensions and authority backends are implemented + using the + libpolkit-backend-1 library. +

+

+ See the + developer + documentation for more information about using and + extending PolicyKit. +

+

+ See + pklocalauthority(8) + for information about the Local Authority - the default + authority implementation shipped with PolicyKit. +

+
+
+

AUTHENTICATION AGENTS

+

+ An authentication agent is used to make the user of a session + prove that the user of the session really is the user (by + authenticating as the user) or an administrative user (by + authenticating as a administrator). In order to integrate well + with the rest of the user session (e.g. match the look and + feel), authentication agents are meant to be provided by the + user session that the user uses. For example, an authentication + agent may look like this: +

+
+
+
[D] +
+
+

+ If the system is configured without a root + account it may allow you to select the administrative user who + is authenticating: +

+
+
+
[D] +
+
+

+ See + pklocalauthority(8) + on how to set up the local authority + implemention for systems without a root + account. +

+

+ Applications that do not run under a desktop environment (for + example, if launched from a + ssh(1) + login) may not have have an authentication agent associated with + them. Such applications may use the PolkitAgentTextListener + type or the + pkttyagent(1) + helper so the user can authenticate using a textual interface. +

+
+
+

DECLARING ACTIONS

+

+ A mechanism need to declare a set of ACTIONS in + order to use PolicyKit. Actions correspond to operations that + clients can request the mechanism to carry out and are defined + in XML files that the mechanism installs into + the /usr/share/polkit-1/actions directory. +

+

+ PolicyKit actions are namespaced and can only contain the + characters [a-z][0-9].- e.g. lower-case + ASCII, digits, period and hyphen. Each XML file can contain more + than one action but all actions need to be in the same namespace + and the file needs to be named after the namespace and have the + extension .policy. +

+

+ The XML file must have the following doctype declaration +

+
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE policyconfig PUBLIC "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
+"http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd">
+
+

+ The policyconfig element must be present + exactly once. Elements that can be used + inside policyconfig includes: +

+
++ + + + + + + + + + + + + + + + + + +

vendor

The name of the project or vendor that is + supplying the actions in the XML + document. Optional.

vendor_url

A URL to the project or vendor that is + supplying the actions in the XML document. + Optional.

icon_name

An icon representing the project or vendor + that is supplying the actions in the XML document. The icon + name must adhere to + the Freedesktop.org + Icon Naming Specification. Optional.

action

Declares an action. The action name is + specified using the id attribute and can + only contain the characters [a-z][0-9].- + e.g. lower-case ASCII, digits, period and + hyphen.

+

+ Elements that can be used inside action includes: +

+
++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

description

A human readable description of the action, e.g. Install unsigned software.

message

A human readable message displayed to the user when asking for credentials when authentication is needed, e.g. Installing unsigned software requires authentication.

defaults

 +

This element is used to specify implicit authorizations for clients.

+

+ Elements that can be used inside defaults includes: +

+
++ + + + + + + + + + + + + + +

allow_any

Implicit authorizations that apply to + any client. Optional.

allow_inactive

Implicit authorizations that apply to + clients in inactive sessions on local + consoles. Optional.

allow_active

Implicit authorizations that apply to + clients in active sessions on local + consoles. Optional.

+

+ Each of + the allow_any, allow_inactive + and allow_active elements can contain + the following values: +

+
++ + + + + + + + + + + + + + + + + + + + + + + + + + +

no

Not authorized.

yes

Authorized.

auth_self

Authentication by the owner of the + session that the client originates from is + required.

auth_admin

Authentication by an administrative user + is required.

auth_self_keep

Like auth_self but + the authorization is kept for a brief + period.

auth_admin_keep

Like auth_admin but the authorization is kept for a brief period.

+

annotate

Used for annotating an action with a key/value + pair. The key is specified using the + the key attribute and the value is + specified using the value attribute. This + element may appear zero or more times. See + below for known annotations.

vendor

Used for overriding the vendor on a per-action + basis. Optional.

vendor_url

Used for overriding the vendor URL on a + per-action basis. Optional.

icon_name

Used for overriding the icon name on a + per-action basis. Optional.

+

+ For localization, description + and message elements may occur multiple + times with different xml:lang attributes. +

+

+ To list installed PolicyKit actions, use the + pkaction(1) + command. +

+
+

Known annotations

+

+ The org.freedesktop.policykit.exec.path + annotation is used by the pkexec program + shipped with PolicyKit - see the + pkexec(1) + man page for details. +

+

+ The org.freedesktop.policykit.imply + annotation (its value is a string containing a space separated + list of action identifiers) can be used to define meta + actions. The way it works is that if a subject is + authorized for an action with this annotation, then it is also + authorized for any action specified by the annotation. A typical + use of this annotation is when defining an UI shell with a + single lock button that should unlock multiple actions from + distinct mechanisms. +

+

+ The org.freedesktop.policykit.owner + annotation can be used to define a set of users who can query + whether a client is authorized to perform this action. If this + annotation is not specified then only root can query whether a + client running as a different user is authorized for an action. + The value of this annotation is a string containing a space + separated list of PolkitIdentity entries, + for example "unix-user:42 unix-user:colord". + A typical use of this annotation is for a daemon process that + runs as a system user rather than root. +

+
+
+
+

AUTHOR

+

+ Written by David Zeuthen with + a lot of help from many others. +

+
+
+

BUGS

+

+ Please send bug reports to either the distribution or the + polkit-devel mailing list, + see the link http://lists.freedesktop.org/mailman/listinfo/polkit-devel + on how to subscribe. +

+
+
+

SEE ALSO

+

+ pklocalauthority(8) + polkitd(8) + pkaction(1), + pkcheck(1), + pkexec(1), + pkttyagent(1) +

+
+
+
+
+ Generated by GTK-Doc V1.18
+ + \ No newline at end of file diff --git a/docs/polkit/html/polkitd.8.html b/docs/polkit/html/polkitd.8.html new file mode 100644 index 00000000..0584cf39 --- /dev/null +++ b/docs/polkit/html/polkitd.8.html @@ -0,0 +1,74 @@ + + + + +polkitd + + + + + + + + + + + + + + + + +
+
+
+ + +
+

polkitd

+

polkitd — PolicyKit daemon

+
+
+

Synopsis

+

polkitd

+
+
+

DESCRIPTION

+

+ polkitd provides + the org.freedesktop.PolicyKit1 D-Bus + service on the system message bus. Users or administrators + should never need to start this daemon as it will be + automatically started by + dbus-daemon(1) + whenever an application calls into the service. +

+
+
+

AUTHOR

+

+ Written by David Zeuthen with + a lot of help from many others. +

+
+
+

BUGS

+

+ Please send bug reports to either the distribution or the + polkit-devel mailing list, + see the link http://lists.freedesktop.org/mailman/listinfo/polkit-devel + on how to subscribe. +

+
+
+

SEE ALSO

+

+ polkit(8) +

+
+
+
+
+ Generated by GTK-Doc V1.18
+ + \ No newline at end of file diff --git a/docs/polkit/html/ref-api.html b/docs/polkit/html/ref-api.html new file mode 100644 index 00000000..a1053f9f --- /dev/null +++ b/docs/polkit/html/ref-api.html @@ -0,0 +1,86 @@ + + + + +Part III. Client API Reference + + + + + + + + + + + + + + + + +
+

+Part III. Client API Reference

+
+

Table of Contents

+
+
+PolkitAuthority — Authority +
+
+PolkitAuthorizationResult — Result for checking an authorization +
+
+PolkitDetails — Object used for passing details +
+
+PolkitError — Error codes +
+
+PolkitActionDescription — Description of Actions +
+
+PolkitTemporaryAuthorization — Temporary Authorizations +
+
+PolkitPermission — PolicyKit GPermission implementation +
+
Subjects
+
+
+PolkitSubject — Type for representing subjects +
+
+PolkitUnixProcess — Unix processs +
+
+PolkitUnixSession — Unix sessions +
+
+PolkitSystemBusName — Unique system bus names +
+
+
Identities
+
+
+PolkitIdentity — Type for representing identities +
+
+PolkitUnixUser — Unix users +
+
+PolkitUnixGroup — Unix groups +
+
+PolkitUnixNetgroup — Unix netgroups +
+
+
+
+
+
+
+ Generated by GTK-Doc V1.18
+ + \ No newline at end of file diff --git a/docs/polkit/html/ref-authentication-agent-api.html b/docs/polkit/html/ref-authentication-agent-api.html new file mode 100644 index 00000000..20d16179 --- /dev/null +++ b/docs/polkit/html/ref-authentication-agent-api.html @@ -0,0 +1,44 @@ + + + + +Part V. Authentication Agent API Reference + + + + + + + + + + + + + + + + +
+

+Part V. Authentication Agent API Reference

+
+

Table of Contents

+
+
+PolkitAgentListener — Abstract base class for Authentication Agents +
+
+PolkitAgentTextListener — Text-based Authentication Agent +
+
+PolkitAgentSession — Authentication Session +
+
+
+
+
+
+ Generated by GTK-Doc V1.18
+ + \ No newline at end of file diff --git a/docs/polkit/html/ref-backend-api.html b/docs/polkit/html/ref-backend-api.html new file mode 100644 index 00000000..4d38fc92 --- /dev/null +++ b/docs/polkit/html/ref-backend-api.html @@ -0,0 +1,44 @@ + + + + +Part IV. Backend API Reference + + + + + + + + + + + + + + + + +
+

+Part IV. Backend API Reference

+
+

Table of Contents

+
+
+PolkitBackendAuthority — Abstract base class for authority backends +
+
+PolkitBackendInteractiveAuthority — Interactive Authority +
+
+PolkitBackendLocalAuthority — Local Authority +
+
+
+
+
+
+ Generated by GTK-Doc V1.18
+ + \ No newline at end of file diff --git a/docs/polkit/html/ref-dbus-api.html b/docs/polkit/html/ref-dbus-api.html new file mode 100644 index 00000000..7cb8867f --- /dev/null +++ b/docs/polkit/html/ref-dbus-api.html @@ -0,0 +1,41 @@ + + + + +Part II. D-Bus API Reference + + + + + + + + + + + + + + + + +
+

+Part II. D-Bus API Reference

+
+

Table of Contents

+
+
+org.freedesktop.PolicyKit1.Authority Interface — Authority Interface +
+
+org.freedesktop.PolicyKit1.AuthenticationAgent Interface — Authentication Agent Interface +
+
+
+
+
+
+ Generated by GTK-Doc V1.18
+ + \ No newline at end of file diff --git a/docs/polkit/html/right.png b/docs/polkit/html/right.png new file mode 100644 index 00000000..92832e3a Binary files /dev/null and b/docs/polkit/html/right.png differ diff --git a/docs/polkit/html/style.css b/docs/polkit/html/style.css new file mode 100644 index 00000000..d6f6c26e --- /dev/null +++ b/docs/polkit/html/style.css @@ -0,0 +1,266 @@ +.synopsis, .classsynopsis +{ + /* tango:aluminium 1/2 */ + background: #eeeeec; + border: solid 1px #d3d7cf; + padding: 0.5em; +} +.programlisting +{ + /* tango:sky blue 0/1 */ + background: #e6f3ff; + border: solid 1px #729fcf; + padding: 0.5em; +} +.variablelist +{ + padding: 4px; + margin-left: 3em; +} +.variablelist td:first-child +{ + vertical-align: top; +} + +@media screen { + sup a.footnote + { + position: relative; + top: 0em ! important; + + } + /* this is needed so that the local anchors are displayed below the naviagtion */ + div.footnote a[name], div.refnamediv a[name], div.refsect1 a[name], div.refsect2 a[name], div.index a[name], div.glossary a[name], div.sect1 a[name] + { + display: inline-block; + position: relative; + top:-5em; + } + /* this seems to be a bug in the xsl style sheets when generating indexes */ + div.index div.index + { + top: 0em; + } + /* make space for the fixed navigation bar and add space at the bottom so that + * link targets appear somewhat close to top + */ + body + { + padding-top: 3.2em; + padding-bottom: 20em; + } + /* style and size the navigation bar */ + table.navigation#top + { + position: fixed; + /* tango:scarlet red 0/1 */ + background: #ffe6e6; + border: solid 1px #ef2929; + margin-top: 0; + margin-bottom: 0; + top: 0; + left: 0; + height: 3em; + z-index: 10; + } + .navigation a, .navigation a:visited + { + /* tango:scarlet red 3 */ + color: #a40000; + } + .navigation a:hover + { + /* tango:scarlet red 1 */ + color: #ef2929; + } + td.shortcuts + { + /* tango:scarlet red 1 */ + color: #ef2929; + font-size: 80%; + white-space: nowrap; + } +} +@media print { + table.navigation { + visibility: collapse; + display: none; + } + div.titlepage table.navigation { + visibility: visible; + display: table; + /* tango:scarlet red 0/1 */ + background: #ffe6e6; + border: solid 1px #ef2929; + margin-top: 0; + margin-bottom: 0; + top: 0; + left: 0; + height: 3em; + } +} + +.navigation .title +{ + font-size: 200%; +} + +div.gallery-float +{ + float: left; + padding: 10px; +} +div.gallery-float img +{ + border-style: none; +} +div.gallery-spacer +{ + clear: both; +} + +a, a:visited +{ + text-decoration: none; + /* tango:sky blue 2 */ + color: #3465a4; +} +a:hover +{ + text-decoration: underline; + /* tango:sky blue 1 */ + color: #729fcf; +} + +div.table table +{ + border-collapse: collapse; + border-spacing: 0px; + /* tango:aluminium 3 */ + border: solid 1px #babdb6; +} + +div.table table td, div.table table th +{ + /* tango:aluminium 3 */ + border: solid 1px #babdb6; + padding: 3px; + vertical-align: top; +} + +div.table table th +{ + /* tango:aluminium 2 */ + background-color: #d3d7cf; +} + +hr +{ + /* tango:aluminium 3 */ + color: #babdb6; + background: #babdb6; + border: none 0px; + height: 1px; + clear: both; +} + +.footer +{ + padding-top: 3.5em; + /* tango:aluminium 3 */ + color: #babdb6; + text-align: center; + font-size: 80%; +} + +.warning +{ + /* tango:orange 0/1 */ + background: #ffeed9; + border-color: #ffb04f; +} +.note +{ + /* tango:chameleon 0/0.5 */ + background: #d8ffb2; + border-color: #abf562; +} +.note, .warning +{ + padding: 0.5em; + border-width: 1px; + border-style: solid; +} +.note h3, .warning h3 +{ + margin-top: 0.0em +} +.note p, .warning p +{ + margin-bottom: 0.0em +} + +/* blob links */ +h2 .extralinks, h3 .extralinks +{ + float: right; + /* tango:aluminium 3 */ + color: #babdb6; + font-size: 80%; + font-weight: normal; +} + +.annotation +{ + /* tango:aluminium 5 */ + color: #555753; + font-size: 80%; + font-weight: normal; +} + +/* code listings */ + +.listing_code .programlisting .cbracket { color: #a40000; } /* tango: scarlet red 3 */ +.listing_code .programlisting .comment { color: #a1a39d; } /* tango: aluminium 4 */ +.listing_code .programlisting .function { color: #000000; font-weight: bold; } +.listing_code .programlisting .function a { color: #11326b; font-weight: bold; } /* tango: sky blue 4 */ +.listing_code .programlisting .keyword { color: #4e9a06; } /* tango: chameleon 3 */ +.listing_code .programlisting .linenum { color: #babdb6; } /* tango: aluminium 3 */ +.listing_code .programlisting .normal { color: #000000; } +.listing_code .programlisting .number { color: #75507b; } /* tango: plum 2 */ +.listing_code .programlisting .preproc { color: #204a87; } /* tango: sky blue 3 */ +.listing_code .programlisting .string { color: #c17d11; } /* tango: chocolate 2 */ +.listing_code .programlisting .type { color: #000000; } +.listing_code .programlisting .type a { color: #11326b; } /* tango: sky blue 4 */ +.listing_code .programlisting .symbol { color: #ce5c00; } /* tango: orange 3 */ + +.listing_frame { + /* tango:sky blue 1 */ + border: solid 1px #729fcf; + padding: 0px; +} + +.listing_lines, .listing_code { + margin-top: 0px; + margin-bottom: 0px; + padding: 0.5em; +} +.listing_lines { + /* tango:sky blue 0.5 */ + background: #a6c5e3; + /* tango:aluminium 6 */ + color: #2e3436; +} +.listing_code { + /* tango:sky blue 0 */ + background: #e6f3ff; +} +.listing_code .programlisting { + /* override from previous */ + border: none 0px; + padding: 0px; +} +.listing_lines pre, .listing_code pre { + margin: 0px; +} + diff --git a/docs/polkit/html/subjects.html b/docs/polkit/html/subjects.html new file mode 100644 index 00000000..dbfd708a --- /dev/null +++ b/docs/polkit/html/subjects.html @@ -0,0 +1,44 @@ + + + + +Subjects + + + + + + + + + + + + + + + + +
+

+Subjects

+
+
+PolkitSubject — Type for representing subjects +
+
+PolkitUnixProcess — Unix processs +
+
+PolkitUnixSession — Unix sessions +
+
+PolkitSystemBusName — Unique system bus names +
+
+
+
+
+ Generated by GTK-Doc V1.18
+ + \ No newline at end of file diff --git a/docs/polkit/html/up.png b/docs/polkit/html/up.png new file mode 100644 index 00000000..85b3e2a2 Binary files /dev/null and b/docs/polkit/html/up.png differ diff --git a/docs/polkit/overview.xml b/docs/polkit/overview.xml new file mode 100644 index 00000000..24440d2e --- /dev/null +++ b/docs/polkit/overview.xml @@ -0,0 +1,126 @@ + + + +]> + + polkit Overview + + Introduction + + polkit provides an authorization API intended to be used by + privileged programs (MECHANISMS) offering service + to unprivileged programs (CLIENTS). See the + polkit manual page for + the system architecture and big picture. + + + + + Writing polkit applications + + polkit applications are privileged mechanisms using the + polkit authority as a decider component. To do this, a + mechanism use either + the GObject API, + the D-Bus API or + the pkcheck command to + communicate with the polkit Authority. + + + Note that clients normally doesn't use the + polkit API directly – it is intended for privileged + mechanisms. If a client needs to disable, + modify or remove UI elements to e.g. convey to the user that a + certain action cannot be carried out (because e.g. the user is + not authorized) or authentication is needed (by e.g. displaying + a padlock icon in the UI), it is usually better to have the + mechanism provide an API for this. + + + If a polkit application wants to handle the case where no + authentication agent exists (for example if the app is launched + via a + ssh1 + login), it is trivial for the application to use the PolkitAgentTextListener + class to spawn its own authentication agent as + needed. Alternatively, the + helper can be used to do this. + + + As an example of code using the GObject API, see . + For an example using the D-Bus API, see . + + Querying the Authority + FIXME: MISSING XINCLUDE CONTENT + + Accessing the Authority via D-Bus + FIXME: MISSING XINCLUDE CONTENT + + + + + Writing polkit Authentication Agents + + Authentication agents are provided by desktop environments. When + an user session starts, the agent registers with the polkit + Authority using + the RegisterAuthenticationAgent() + method. When services are needed, the authority will invoke + methods on + the org.freedesktop.PolicyKit1.AuthenticationAgent + D-Bus interface. Once the user is authenticated, (a privileged + part of) the agent invokes + the AuthenticationAgentResponse() + method. Note that the polkit Authority itself does not care + how the agent authenticates the user. + + + The libpolkit-agent-1 + library provides helpers to make it easy to build authentication + agents that use the native authentication system + e.g. pam(8). + + + If the environment variable POLKIT_DEBUG is + set, the libpolkit-agent-1 library prints out diagnostic + information on standard output. + + + + + Extending polkit + + polkit exports a number of extension points to + replace/customize behavior of the polkit daemon. Note that + all extensions run with super user privileges in the same + process as the polkit daemon. + + + The polkit daemons loads extensions + from the &extensiondir; directory. See + the GIO Extension Point + documentation for more information about the extension + system used by polkit. + + + The following extension points are currently defined by + polkit: + + + + POLKIT_BACKEND_AUTHORITY_EXTENSION_POINT_NAME + + Allows replacing the Authority – the entity responsible for + making authorization decisions. Implementations of this + extension point must be derived from the + PolkitBackendAuthority class. See + the src/nullbackend/ directory in the + polkit sources for an example. + + + + + diff --git a/docs/polkit/polkit-1-docs.xml b/docs/polkit/polkit-1-docs.xml new file mode 100644 index 00000000..21b3681e --- /dev/null +++ b/docs/polkit/polkit-1-docs.xml @@ -0,0 +1,90 @@ + + + +]> + + + polkit Reference Manual + + For version &version; — the latest version of this + documentation can be found at http://www.freedesktop.org/software/polkit/docs/latest/. + + + + + + + D-Bus API Reference + + + + + + Client API Reference + + + + + + + + + Subjects + + + + + + + Identities + + + + + + + + + Backend API Reference + + + + + + + Authentication Agent API Reference + + + + + + + Manual Pages + + + + + + + + + + + Object Hierarchy + + + + + Index + + + + License + +FIXME: MISSING XINCLUDE CONTENT + + + diff --git a/docs/polkit/polkit-1-overrides.txt b/docs/polkit/polkit-1-overrides.txt new file mode 100644 index 00000000..e69de29b diff --git a/docs/polkit/polkit-1-sections.txt b/docs/polkit/polkit-1-sections.txt new file mode 100644 index 00000000..38810042 --- /dev/null +++ b/docs/polkit/polkit-1-sections.txt @@ -0,0 +1,463 @@ +
+polkitunixuser +PolkitUnixUser +polkit_unix_user_new +polkit_unix_user_new_for_name +polkit_unix_user_get_uid +polkit_unix_user_set_uid +polkit_unix_user_get_name + +PolkitUnixUserClass +POLKIT_UNIX_USER +POLKIT_IS_UNIX_USER +POLKIT_TYPE_UNIX_USER +polkit_unix_user_get_type +POLKIT_UNIX_USER_CLASS +POLKIT_IS_UNIX_USER_CLASS +POLKIT_UNIX_USER_GET_CLASS +
+ +
+polkitauthority +PolkitAuthority +PolkitAuthorityFeatures +PolkitCheckAuthorizationFlags +polkit_authority_get_async +polkit_authority_get_finish +polkit_authority_get_sync +polkit_authority_get_owner +polkit_authority_get_backend_name +polkit_authority_get_backend_version +polkit_authority_get_backend_features +polkit_authority_check_authorization +polkit_authority_check_authorization_finish +polkit_authority_check_authorization_sync +polkit_authority_enumerate_actions +polkit_authority_enumerate_actions_finish +polkit_authority_enumerate_actions_sync +polkit_authority_register_authentication_agent +polkit_authority_register_authentication_agent_finish +polkit_authority_register_authentication_agent_sync +polkit_authority_register_authentication_agent_with_options +polkit_authority_register_authentication_agent_with_options_finish +polkit_authority_register_authentication_agent_with_options_sync +polkit_authority_unregister_authentication_agent +polkit_authority_unregister_authentication_agent_finish +polkit_authority_unregister_authentication_agent_sync +polkit_authority_authentication_agent_response +polkit_authority_authentication_agent_response_finish +polkit_authority_authentication_agent_response_sync +polkit_authority_enumerate_temporary_authorizations +polkit_authority_enumerate_temporary_authorizations_finish +polkit_authority_enumerate_temporary_authorizations_sync +polkit_authority_revoke_temporary_authorizations +polkit_authority_revoke_temporary_authorizations_finish +polkit_authority_revoke_temporary_authorizations_sync +polkit_authority_revoke_temporary_authorization_by_id +polkit_authority_revoke_temporary_authorization_by_id_finish +polkit_authority_revoke_temporary_authorization_by_id_sync + +PolkitAuthorityClass +POLKIT_AUTHORITY +POLKIT_IS_AUTHORITY +POLKIT_TYPE_AUTHORITY +polkit_authority_get_type +POLKIT_AUTHORITY_CLASS +POLKIT_IS_AUTHORITY_CLASS +POLKIT_AUTHORITY_GET_CLASS +
+ +
+polkitauthorizationresult +PolkitAuthorizationResult +polkit_authorization_result_new +polkit_authorization_result_get_is_authorized +polkit_authorization_result_get_is_challenge +polkit_authorization_result_get_retains_authorization +polkit_authorization_result_get_temporary_authorization_id +polkit_authorization_result_get_dismissed +polkit_authorization_result_get_details + +PolkitAuthorizationResultClass +POLKIT_AUTHORIZATION_RESULT +POLKIT_IS_AUTHORIZATION_RESULT +POLKIT_TYPE_AUTHORIZATION_RESULT +polkit_authorization_result_get_type +POLKIT_AUTHORIZATION_RESULT_CLASS +POLKIT_IS_AUTHORIZATION_RESULT_CLASS +POLKIT_AUTHORIZATION_RESULT_GET_CLASS +
+ +
+polkitsystembusname +PolkitSystemBusName +polkit_system_bus_name_new +polkit_system_bus_name_get_name +polkit_system_bus_name_set_name +polkit_system_bus_name_get_process_sync + +PolkitSystemBusNameClass +POLKIT_SYSTEM_BUS_NAME +POLKIT_IS_SYSTEM_BUS_NAME +POLKIT_TYPE_SYSTEM_BUS_NAME +polkit_system_bus_name_get_type +POLKIT_SYSTEM_BUS_NAME_CLASS +POLKIT_IS_SYSTEM_BUS_NAME_CLASS +POLKIT_SYSTEM_BUS_NAME_GET_CLASS +
+ +
+polkitunixgroup +PolkitUnixGroup +polkit_unix_group_new +polkit_unix_group_new_for_name +polkit_unix_group_get_gid +polkit_unix_group_set_gid + +PolkitUnixGroupClass +POLKIT_UNIX_GROUP +POLKIT_IS_UNIX_GROUP +POLKIT_TYPE_UNIX_GROUP +polkit_unix_group_get_type +POLKIT_UNIX_GROUP_CLASS +POLKIT_IS_UNIX_GROUP_CLASS +POLKIT_UNIX_GROUP_GET_CLASS +
+ +
+polkitunixnetgroup +PolkitUnixNetgroup +polkit_unix_netgroup_new +polkit_unix_netgroup_get_name +polkit_unix_netgroup_set_name + +PolkitUnixNetgroupClass +POLKIT_UNIX_NETGROUP +POLKIT_IS_UNIX_NETGROUP +POLKIT_TYPE_UNIX_NETGROUP +polkit_unix_netgroup_get_type +POLKIT_UNIX_NETGROUP_CLASS +POLKIT_IS_UNIX_NETGROUP_CLASS +POLKIT_UNIX_NETGROUP_GET_CLASS +
+ +
+polkitunixsession +PolkitUnixSession +polkit_unix_session_new +polkit_unix_session_new_for_process +polkit_unix_session_new_for_process_finish +polkit_unix_session_new_for_process_sync +polkit_unix_session_get_session_id +polkit_unix_session_set_session_id + +PolkitUnixSessionClass +POLKIT_UNIX_SESSION +POLKIT_IS_UNIX_SESSION +POLKIT_TYPE_UNIX_SESSION +polkit_unix_session_get_type +POLKIT_UNIX_SESSION_CLASS +POLKIT_IS_UNIX_SESSION_CLASS +POLKIT_UNIX_SESSION_GET_CLASS +
+ +
+polkitunixprocess +PolkitUnixProcess +polkit_unix_process_new +polkit_unix_process_new_full +polkit_unix_process_new_for_owner +polkit_unix_process_set_pid +polkit_unix_process_get_pid +polkit_unix_process_set_start_time +polkit_unix_process_get_start_time +polkit_unix_process_set_uid +polkit_unix_process_get_uid + +PolkitUnixProcessClass +POLKIT_UNIX_PROCESS +POLKIT_IS_UNIX_PROCESS +POLKIT_TYPE_UNIX_PROCESS +polkit_unix_process_get_type +POLKIT_UNIX_PROCESS_CLASS +POLKIT_IS_UNIX_PROCESS_CLASS +POLKIT_UNIX_PROCESS_GET_CLASS +
+ +
+polkitidentity +PolkitIdentity +PolkitIdentityIface +polkit_identity_hash +polkit_identity_equal +polkit_identity_to_string +polkit_identity_from_string + +POLKIT_IDENTITY +POLKIT_IS_IDENTITY +POLKIT_TYPE_IDENTITY +polkit_identity_get_type +POLKIT_IDENTITY_GET_IFACE +
+ +
+polkitsubject +PolkitSubject +PolkitSubjectIface +polkit_subject_hash +polkit_subject_equal +polkit_subject_exists +polkit_subject_exists_finish +polkit_subject_exists_sync +polkit_subject_to_string +polkit_subject_from_string + +POLKIT_SUBJECT +POLKIT_IS_SUBJECT +POLKIT_TYPE_SUBJECT +polkit_subject_get_type +POLKIT_SUBJECT_GET_IFACE +
+ +
+polkitactiondescription +PolkitActionDescription +PolkitImplicitAuthorization +polkit_action_description_get_action_id +polkit_action_description_get_description +polkit_action_description_get_message +polkit_action_description_get_vendor_name +polkit_action_description_get_vendor_url +polkit_action_description_get_icon_name +polkit_action_description_get_implicit_any +polkit_action_description_get_implicit_inactive +polkit_action_description_get_implicit_active +polkit_action_description_get_annotation + +PolkitActionDescriptionClass +POLKIT_ACTION_DESCRIPTION +POLKIT_IS_ACTION_DESCRIPTION +POLKIT_TYPE_ACTION_DESCRIPTION +polkit_action_description_get_type +POLKIT_ACTION_DESCRIPTION_CLASS +POLKIT_IS_ACTION_DESCRIPTION_CLASS +POLKIT_ACTION_DESCRIPTION_GET_CLASS +
+ +
+polkitcheckauthorizationflags +POLKIT_TYPE_CHECK_AUTHORIZATION_FLAGS +PolkitCheckAuthorizationFlags + +polkit_check_authorization_flags_get_type +
+ +
+polkitimplicitauthorization +POLKIT_TYPE_IMPLICIT_AUTHORIZATION +PolkitImplicitAuthorization +polkit_implicit_authorization_to_string +polkit_implicit_authorization_from_string + +polkit_implicit_authorization_get_type +
+ +
+polkiterror +POLKIT_ERROR +PolkitError + +polkit_error_quark +POLKIT_TYPE_ERROR +polkit_error_get_type +
+ +
+polkitdetails +PolkitDetails +polkit_details_new +polkit_details_lookup +polkit_details_insert +polkit_details_get_keys + +PolkitDetailsClass +POLKIT_DETAILS +POLKIT_IS_DETAILS +POLKIT_TYPE_DETAILS +polkit_details_get_type +POLKIT_DETAILS_CLASS +POLKIT_IS_DETAILS_CLASS +POLKIT_DETAILS_GET_CLASS +
+ +
+polkitbackendauthority +PolkitBackendAuthority +POLKIT_BACKEND_AUTHORITY_EXTENSION_POINT_NAME +PolkitBackendAuthority +PolkitBackendAuthorityClass +polkit_backend_authority_get_name +polkit_backend_authority_get_version +polkit_backend_authority_get_features +polkit_backend_authority_check_authorization +polkit_backend_authority_check_authorization_finish +polkit_backend_authority_register_authentication_agent +polkit_backend_authority_unregister_authentication_agent +polkit_backend_authority_authentication_agent_response +polkit_backend_authority_enumerate_actions +polkit_backend_authority_enumerate_temporary_authorizations +polkit_backend_authority_revoke_temporary_authorizations +polkit_backend_authority_revoke_temporary_authorization_by_id +polkit_backend_authority_get +polkit_backend_authority_register +polkit_backend_authority_unregister + +POLKIT_BACKEND_AUTHORITY +POLKIT_BACKEND_IS_AUTHORITY +POLKIT_BACKEND_TYPE_AUTHORITY +polkit_backend_authority_get_type +POLKIT_BACKEND_AUTHORITY_CLASS +POLKIT_BACKEND_IS_AUTHORITY_CLASS +POLKIT_BACKEND_AUTHORITY_GET_CLASS +
+ +
+polkitbackendactionlookup +PolkitBackendActionLookup +POLKIT_BACKEND_ACTION_LOOKUP_EXTENSION_POINT_NAME +PolkitBackendActionLookup +PolkitBackendActionLookupIface +polkit_backend_action_lookup_get_message +polkit_backend_action_lookup_get_icon_name +polkit_backend_action_lookup_get_details + +POLKIT_BACKEND_ACTION_LOOKUP +POLKIT_BACKEND_IS_ACTION_LOOKUP +POLKIT_BACKEND_TYPE_ACTION_LOOKUP +polkit_backend_action_lookup_get_type +POLKIT_BACKEND_ACTION_LOOKUP_GET_IFACE +
+ +
+polkitbackendlocalauthority +PolkitBackendLocalAuthority +PolkitBackendLocalAuthority +PolkitBackendLocalAuthorityClass + +POLKIT_BACKEND_LOCAL_AUTHORITY +POLKIT_BACKEND_IS_LOCAL_AUTHORITY +POLKIT_BACKEND_TYPE_LOCAL_AUTHORITY +polkit_backend_local_authority_get_type +POLKIT_BACKEND_LOCAL_AUTHORITY_CLASS +POLKIT_BACKEND_IS_LOCAL_AUTHORITY_CLASS +POLKIT_BACKEND_LOCAL_AUTHORITY_GET_CLASS +
+ +
+polkitbackendinteractiveauthority +PolkitBackendInteractiveAuthority +PolkitBackendInteractiveAuthority +PolkitBackendInteractiveAuthorityClass +polkit_backend_interactive_authority_get_admin_identities +polkit_backend_interactive_authority_check_authorization_sync + +POLKIT_BACKEND_INTERACTIVE_AUTHORITY +POLKIT_BACKEND_IS_INTERACTIVE_AUTHORITY +POLKIT_BACKEND_TYPE_INTERACTIVE_AUTHORITY +polkit_backend_interactive_authority_get_type +POLKIT_BACKEND_INTERACTIVE_AUTHORITY_CLASS +POLKIT_BACKEND_IS_INTERACTIVE_AUTHORITY_CLASS +POLKIT_BACKEND_INTERACTIVE_AUTHORITY_GET_CLASS +
+ +
+polkitagentsession +PolkitAgentSession +PolkitAgentSession +polkit_agent_session_new +polkit_agent_session_initiate +polkit_agent_session_response +polkit_agent_session_cancel + +POLKIT_AGENT_SESSION +POLKIT_AGENT_IS_SESSION +POLKIT_AGENT_TYPE_SESSION +polkit_agent_session_get_type +POLKIT_AGENT_SESSION_CLASS +POLKIT_AGENT_IS_SESSION_CLASS +POLKIT_AGENT_SESSION_GET_CLASS +
+ +
+polkitagentlistener +PolkitAgentListener +PolkitAgentListener +PolkitAgentListenerClass +polkit_agent_listener_initiate_authentication +polkit_agent_listener_initiate_authentication_finish +PolkitAgentRegisterFlags +polkit_agent_listener_register +polkit_agent_listener_register_with_options +polkit_agent_listener_unregister + +POLKIT_AGENT_LISTENER +POLKIT_AGENT_IS_LISTENER +POLKIT_AGENT_TYPE_LISTENER +polkit_agent_listener_get_type +POLKIT_AGENT_LISTENER_CLASS +POLKIT_AGENT_IS_LISTENER_CLASS +POLKIT_AGENT_LISTENER_GET_CLASS +
+ +
+polkitagenttextlistener +PolkitAgentTextListener +PolkitAgentTextListener +polkit_agent_text_listener_new + +POLKIT_AGENT_TEXT_LISTENER +POLKIT_AGENT_IS_TEXT_LISTENER +POLKIT_AGENT_TYPE_TEXT_LISTENER +polkit_agent_text_listener_get_type +POLKIT_AGENT_TEXT_LISTENER_CLASS +POLKIT_AGENT_IS_TEXT_LISTENER_CLASS +POLKIT_AGENT_TEXT_LISTENER_GET_CLASS +
+ +
+polkittemporaryauthorization +PolkitTemporaryAuthorization +PolkitTemporaryAuthorization +polkit_temporary_authorization_get_id +polkit_temporary_authorization_get_action_id +polkit_temporary_authorization_get_subject +polkit_temporary_authorization_get_time_obtained +polkit_temporary_authorization_get_time_expires + +POLKIT_TEMPORARY_AUTHORIZATION +POLKIT_TEMPORARY_IS_AUTHORIZATION +POLKIT_TEMPORARY_TYPE_AUTHORIZATION +polkit_temporary_authorization_get_type +POLKIT_TEMPORARY_AUTHORIZATION_CLASS +POLKIT_TEMPORARY_IS_AUTHORIZATION_CLASS +POLKIT_TEMPORARY_AUTHORIZATION_GET_CLASS +
+ +
+polkitpermission +PolkitPermission +polkit_permission_new +polkit_permission_new_finish +polkit_permission_new_sync +polkit_permission_get_action_id +polkit_permission_get_subject + +PolkitPermissionClass +POLKIT_PERMISSION +POLKIT_IS_PERMISSION +POLKIT_TYPE_PERMISSION +polkit_permission_get_type +POLKIT_PERMISSION_CLASS +POLKIT_IS_PERMISSION_CLASS +POLKIT_PERMISSION_GET_CLASS +
diff --git a/docs/polkit/polkit-1.types b/docs/polkit/polkit-1.types new file mode 100644 index 00000000..b1e13cc5 --- /dev/null +++ b/docs/polkit/polkit-1.types @@ -0,0 +1,30 @@ +polkit_authority_get_type +polkit_action_description_get_type +polkit_details_get_type +polkit_check_authorization_flags_get_type +polkit_implicit_authorization_get_type +polkit_identity_get_type +polkit_unix_user_get_type +polkit_unix_group_get_type +polkit_unix_netgroup_get_type +polkit_subject_get_type +polkit_unix_process_get_type +polkit_unix_session_get_type +polkit_system_bus_name_get_type +polkit_error_get_type +polkit_authorization_result_get_type +polkit_temporary_authorization_get_type +polkit_permission_get_type + +polkit_backend_authority_get_type +polkit_backend_interactive_authority_get_type +polkit_backend_local_authority_get_type +polkit_backend_action_lookup_get_type +polkit_backend_action_pool_get_type +polkit_backend_session_monitor_get_type +polkit_backend_config_source_get_type +polkit_backend_local_authorization_store_get_type + +polkit_agent_session_get_type +polkit_agent_listener_get_type +polkit_agent_text_listener_get_type diff --git a/docs/version.xml b/docs/version.xml new file mode 100644 index 00000000..13f44f7b --- /dev/null +++ b/docs/version.xml @@ -0,0 +1 @@ +0.105 diff --git a/docs/version.xml.in b/docs/version.xml.in new file mode 100644 index 00000000..d78bda93 --- /dev/null +++ b/docs/version.xml.in @@ -0,0 +1 @@ +@VERSION@ diff --git a/gtk-doc.make b/gtk-doc.make new file mode 100644 index 00000000..9841de47 --- /dev/null +++ b/gtk-doc.make @@ -0,0 +1,256 @@ +# -*- mode: makefile -*- + +#################################### +# Everything below here is generic # +#################################### + +if GTK_DOC_USE_LIBTOOL +GTKDOC_CC = $(LIBTOOL) --tag=CC --mode=compile $(CC) $(INCLUDES) $(GTKDOC_DEPS_CFLAGS) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +GTKDOC_LD = $(LIBTOOL) --tag=CC --mode=link $(CC) $(GTKDOC_DEPS_LIBS) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) +GTKDOC_RUN = $(LIBTOOL) --mode=execute +else +GTKDOC_CC = $(CC) $(INCLUDES) $(GTKDOC_DEPS_CFLAGS) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +GTKDOC_LD = $(CC) $(GTKDOC_DEPS_LIBS) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) +GTKDOC_RUN = +endif + +# We set GPATH here; this gives us semantics for GNU make +# which are more like other make's VPATH, when it comes to +# whether a source that is a target of one rule is then +# searched for in VPATH/GPATH. +# +GPATH = $(srcdir) + +TARGET_DIR=$(HTML_DIR)/$(DOC_MODULE) + +SETUP_FILES = \ + $(content_files) \ + $(DOC_MAIN_SGML_FILE) \ + $(DOC_MODULE)-sections.txt \ + $(DOC_MODULE)-overrides.txt + +EXTRA_DIST = \ + $(HTML_IMAGES) \ + $(SETUP_FILES) + +DOC_STAMPS=setup-build.stamp scan-build.stamp sgml-build.stamp \ + html-build.stamp pdf-build.stamp \ + sgml.stamp html.stamp pdf.stamp + +SCANOBJ_FILES = \ + $(DOC_MODULE).args \ + $(DOC_MODULE).hierarchy \ + $(DOC_MODULE).interfaces \ + $(DOC_MODULE).prerequisites \ + $(DOC_MODULE).signals + +REPORT_FILES = \ + $(DOC_MODULE)-undocumented.txt \ + $(DOC_MODULE)-undeclared.txt \ + $(DOC_MODULE)-unused.txt + +CLEANFILES = $(SCANOBJ_FILES) $(REPORT_FILES) $(DOC_STAMPS) + +if ENABLE_GTK_DOC +if GTK_DOC_BUILD_HTML +HTML_BUILD_STAMP=html-build.stamp +else +HTML_BUILD_STAMP= +endif +if GTK_DOC_BUILD_PDF +PDF_BUILD_STAMP=pdf-build.stamp +else +PDF_BUILD_STAMP= +endif + +all-local: $(HTML_BUILD_STAMP) $(PDF_BUILD_STAMP) +else +all-local: +endif + +docs: $(HTML_BUILD_STAMP) $(PDF_BUILD_STAMP) + +$(REPORT_FILES): sgml-build.stamp + +#### setup #### + +setup-build.stamp: + -@if test "$(abs_srcdir)" != "$(abs_builddir)" ; then \ + echo ' DOC Preparing build'; \ + files=`echo $(SETUP_FILES) $(expand_content_files) $(DOC_MODULE).types`; \ + if test "x$$files" != "x" ; then \ + for file in $$files ; do \ + test -f $(abs_srcdir)/$$file && \ + cp -pu $(abs_srcdir)/$$file $(abs_builddir)/ || true; \ + done; \ + fi; \ + fi + @touch setup-build.stamp + + +#### scan #### + +scan-build.stamp: $(HFILE_GLOB) $(CFILE_GLOB) + @echo ' DOC Scanning header files' + @_source_dir='' ; \ + for i in $(DOC_SOURCE_DIR) ; do \ + _source_dir="$${_source_dir} --source-dir=$$i" ; \ + done ; \ + gtkdoc-scan --module=$(DOC_MODULE) --ignore-headers="$(IGNORE_HFILES)" $${_source_dir} $(SCAN_OPTIONS) $(EXTRA_HFILES) + @if grep -l '^..*$$' $(DOC_MODULE).types > /dev/null 2>&1 ; then \ + echo " DOC Introspecting gobjects"; \ + scanobj_options=""; \ + gtkdoc-scangobj 2>&1 --help | grep >/dev/null "\-\-verbose"; \ + if test "$(?)" = "0"; then \ + if test "x$(V)" = "x1"; then \ + scanobj_options="--verbose"; \ + fi; \ + fi; \ + CC="$(GTKDOC_CC)" LD="$(GTKDOC_LD)" RUN="$(GTKDOC_RUN)" CFLAGS="$(GTKDOC_CFLAGS) $(CFLAGS)" LDFLAGS="$(GTKDOC_LIBS) $(LDFLAGS)" \ + gtkdoc-scangobj $(SCANGOBJ_OPTIONS) $$scanobj_options --module=$(DOC_MODULE); \ + else \ + for i in $(SCANOBJ_FILES) ; do \ + test -f $$i || touch $$i ; \ + done \ + fi + @touch scan-build.stamp + +$(DOC_MODULE)-decl.txt $(SCANOBJ_FILES) $(DOC_MODULE)-sections.txt $(DOC_MODULE)-overrides.txt: scan-build.stamp + @true + +#### xml #### + +sgml-build.stamp: setup-build.stamp $(DOC_MODULE)-decl.txt $(SCANOBJ_FILES) $(DOC_MODULE)-sections.txt $(DOC_MODULE)-overrides.txt $(expand_content_files) + @echo ' DOC Building XML' + @_source_dir='' ; \ + for i in $(DOC_SOURCE_DIR) ; do \ + _source_dir="$${_source_dir} --source-dir=$$i" ; \ + done ; \ + gtkdoc-mkdb --module=$(DOC_MODULE) --output-format=xml --expand-content-files="$(expand_content_files)" --main-sgml-file=$(DOC_MAIN_SGML_FILE) $${_source_dir} $(MKDB_OPTIONS) + @touch sgml-build.stamp + +sgml.stamp: sgml-build.stamp + @true + +#### html #### + +html-build.stamp: sgml.stamp $(DOC_MAIN_SGML_FILE) $(content_files) + @echo ' DOC Building HTML' + @rm -rf html + @mkdir html + @mkhtml_options=""; \ + gtkdoc-mkhtml 2>&1 --help | grep >/dev/null "\-\-verbose"; \ + if test "$(?)" = "0"; then \ + if test "x$(V)" = "x1"; then \ + mkhtml_options="$$mkhtml_options --verbose"; \ + fi; \ + fi; \ + gtkdoc-mkhtml 2>&1 --help | grep >/dev/null "\-\-path"; \ + if test "$(?)" = "0"; then \ + mkhtml_options="$$mkhtml_options --path=\"$(abs_srcdir)\""; \ + fi; \ + cd html && gtkdoc-mkhtml $$mkhtml_options $(MKHTML_OPTIONS) $(DOC_MODULE) ../$(DOC_MAIN_SGML_FILE) + -@test "x$(HTML_IMAGES)" = "x" || \ + for file in $(HTML_IMAGES) ; do \ + if test -f $(abs_srcdir)/$$file ; then \ + cp $(abs_srcdir)/$$file $(abs_builddir)/html; \ + fi; \ + if test -f $(abs_builddir)/$$file ; then \ + cp $(abs_builddir)/$$file $(abs_builddir)/html; \ + fi; \ + done; + @echo ' DOC Fixing cross-references' + @gtkdoc-fixxref --module=$(DOC_MODULE) --module-dir=html --html-dir=$(HTML_DIR) $(FIXXREF_OPTIONS) + @touch html-build.stamp + +#### pdf #### + +pdf-build.stamp: sgml.stamp $(DOC_MAIN_SGML_FILE) $(content_files) + @echo ' DOC Building PDF' + @rm -f $(DOC_MODULE).pdf + @mkpdf_options=""; \ + gtkdoc-mkpdf 2>&1 --help | grep >/dev/null "\-\-verbose"; \ + if test "$(?)" = "0"; then \ + if test "x$(V)" = "x1"; then \ + mkpdf_options="$$mkpdf_options --verbose"; \ + fi; \ + fi; \ + if test "x$(HTML_IMAGES)" != "x"; then \ + for img in $(HTML_IMAGES); do \ + part=`dirname $$img`; \ + echo $$mkpdf_options | grep >/dev/null "\-\-imgdir=$$part "; \ + if test $$? != 0; then \ + mkpdf_options="$$mkpdf_options --imgdir=$$part"; \ + fi; \ + done; \ + fi; \ + gtkdoc-mkpdf --path="$(abs_srcdir)" $$mkpdf_options $(DOC_MODULE) $(DOC_MAIN_SGML_FILE) $(MKPDF_OPTIONS) + @touch pdf-build.stamp + +############## + +clean-local: + @rm -f *~ *.bak + @rm -rf .libs + +distclean-local: + @rm -rf xml html $(REPORT_FILES) $(DOC_MODULE).pdf \ + $(DOC_MODULE)-decl-list.txt $(DOC_MODULE)-decl.txt + @if test "$(abs_srcdir)" != "$(abs_builddir)" ; then \ + rm -f $(SETUP_FILES) $(expand_content_files) $(DOC_MODULE).types; \ + fi + +maintainer-clean-local: clean + @rm -rf xml html + +install-data-local: + @installfiles=`echo $(builddir)/html/*`; \ + if test "$$installfiles" = '$(builddir)/html/*'; \ + then echo 1>&2 'Nothing to install' ; \ + else \ + if test -n "$(DOC_MODULE_VERSION)"; then \ + installdir="$(DESTDIR)$(TARGET_DIR)-$(DOC_MODULE_VERSION)"; \ + else \ + installdir="$(DESTDIR)$(TARGET_DIR)"; \ + fi; \ + $(mkinstalldirs) $${installdir} ; \ + for i in $$installfiles; do \ + echo ' $(INSTALL_DATA) '$$i ; \ + $(INSTALL_DATA) $$i $${installdir}; \ + done; \ + if test -n "$(DOC_MODULE_VERSION)"; then \ + mv -f $${installdir}/$(DOC_MODULE).devhelp2 \ + $${installdir}/$(DOC_MODULE)-$(DOC_MODULE_VERSION).devhelp2; \ + fi; \ + $(GTKDOC_REBASE) --relative --dest-dir=$(DESTDIR) --html-dir=$${installdir}; \ + fi + +uninstall-local: + @if test -n "$(DOC_MODULE_VERSION)"; then \ + installdir="$(DESTDIR)$(TARGET_DIR)-$(DOC_MODULE_VERSION)"; \ + else \ + installdir="$(DESTDIR)$(TARGET_DIR)"; \ + fi; \ + rm -rf $${installdir} + +# +# Require gtk-doc when making dist +# +if ENABLE_GTK_DOC +dist-check-gtkdoc: +else +dist-check-gtkdoc: + @echo "*** gtk-doc must be installed and enabled in order to make dist" + @false +endif + +dist-hook: dist-check-gtkdoc dist-hook-local + @mkdir $(distdir)/html + @cp ./html/* $(distdir)/html + @-cp ./$(DOC_MODULE).pdf $(distdir)/ + @-cp ./$(DOC_MODULE).types $(distdir)/ + @-cp ./$(DOC_MODULE)-sections.txt $(distdir)/ + @cd $(distdir) && rm -f $(DISTCLEANFILES) + @$(GTKDOC_REBASE) --online --relative --html-dir=$(distdir)/html + +.PHONY : dist-hook-local docs diff --git a/install-sh b/install-sh new file mode 100755 index 00000000..a9244eb0 --- /dev/null +++ b/install-sh @@ -0,0 +1,527 @@ +#!/bin/sh +# install - install a program, script, or datafile + +scriptversion=2011-01-19.21; # UTC + +# This originates from X11R5 (mit/util/scripts/install.sh), which was +# later released in X11R6 (xc/config/util/install.sh) with the +# following copyright and license. +# +# Copyright (C) 1994 X Consortium +# +# Permission is hereby granted, free of charge, to any person obtaining a copy +# of this software and associated documentation files (the "Software"), to +# deal in the Software without restriction, including without limitation the +# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or +# sell copies of the Software, and to permit persons to whom the Software is +# furnished to do so, subject to the following conditions: +# +# The above copyright notice and this permission notice shall be included in +# all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +# X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN +# AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNEC- +# TION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +# +# Except as contained in this notice, the name of the X Consortium shall not +# be used in advertising or otherwise to promote the sale, use or other deal- +# ings in this Software without prior written authorization from the X Consor- +# tium. +# +# +# FSF changes to this file are in the public domain. +# +# Calling this script install-sh is preferred over install.sh, to prevent +# `make' implicit rules from creating a file called install from it +# when there is no Makefile. +# +# This script is compatible with the BSD install script, but was written +# from scratch. + +nl=' +' +IFS=" "" $nl" + +# set DOITPROG to echo to test this script + +# Don't use :- since 4.3BSD and earlier shells don't like it. +doit=${DOITPROG-} +if test -z "$doit"; then + doit_exec=exec +else + doit_exec=$doit +fi + +# Put in absolute file names if you don't have them in your path; +# or use environment vars. + +chgrpprog=${CHGRPPROG-chgrp} +chmodprog=${CHMODPROG-chmod} +chownprog=${CHOWNPROG-chown} +cmpprog=${CMPPROG-cmp} +cpprog=${CPPROG-cp} +mkdirprog=${MKDIRPROG-mkdir} +mvprog=${MVPROG-mv} +rmprog=${RMPROG-rm} +stripprog=${STRIPPROG-strip} + +posix_glob='?' +initialize_posix_glob=' + test "$posix_glob" != "?" || { + if (set -f) 2>/dev/null; then + posix_glob= + else + posix_glob=: + fi + } +' + +posix_mkdir= + +# Desired mode of installed file. +mode=0755 + +chgrpcmd= +chmodcmd=$chmodprog +chowncmd= +mvcmd=$mvprog +rmcmd="$rmprog -f" +stripcmd= + +src= +dst= +dir_arg= +dst_arg= + +copy_on_change=false +no_target_directory= + +usage="\ +Usage: $0 [OPTION]... [-T] SRCFILE DSTFILE + or: $0 [OPTION]... SRCFILES... DIRECTORY + or: $0 [OPTION]... -t DIRECTORY SRCFILES... + or: $0 [OPTION]... -d DIRECTORIES... + +In the 1st form, copy SRCFILE to DSTFILE. +In the 2nd and 3rd, copy all SRCFILES to DIRECTORY. +In the 4th, create DIRECTORIES. + +Options: + --help display this help and exit. + --version display version info and exit. + + -c (ignored) + -C install only if different (preserve the last data modification time) + -d create directories instead of installing files. + -g GROUP $chgrpprog installed files to GROUP. + -m MODE $chmodprog installed files to MODE. + -o USER $chownprog installed files to USER. + -s $stripprog installed files. + -t DIRECTORY install into DIRECTORY. + -T report an error if DSTFILE is a directory. + +Environment variables override the default commands: + CHGRPPROG CHMODPROG CHOWNPROG CMPPROG CPPROG MKDIRPROG MVPROG + RMPROG STRIPPROG +" + +while test $# -ne 0; do + case $1 in + -c) ;; + + -C) copy_on_change=true;; + + -d) dir_arg=true;; + + -g) chgrpcmd="$chgrpprog $2" + shift;; + + --help) echo "$usage"; exit $?;; + + -m) mode=$2 + case $mode in + *' '* | *' '* | *' +'* | *'*'* | *'?'* | *'['*) + echo "$0: invalid mode: $mode" >&2 + exit 1;; + esac + shift;; + + -o) chowncmd="$chownprog $2" + shift;; + + -s) stripcmd=$stripprog;; + + -t) dst_arg=$2 + # Protect names problematic for `test' and other utilities. + case $dst_arg in + -* | [=\(\)!]) dst_arg=./$dst_arg;; + esac + shift;; + + -T) no_target_directory=true;; + + --version) echo "$0 $scriptversion"; exit $?;; + + --) shift + break;; + + -*) echo "$0: invalid option: $1" >&2 + exit 1;; + + *) break;; + esac + shift +done + +if test $# -ne 0 && test -z "$dir_arg$dst_arg"; then + # When -d is used, all remaining arguments are directories to create. + # When -t is used, the destination is already specified. + # Otherwise, the last argument is the destination. Remove it from $@. + for arg + do + if test -n "$dst_arg"; then + # $@ is not empty: it contains at least $arg. + set fnord "$@" "$dst_arg" + shift # fnord + fi + shift # arg + dst_arg=$arg + # Protect names problematic for `test' and other utilities. + case $dst_arg in + -* | [=\(\)!]) dst_arg=./$dst_arg;; + esac + done +fi + +if test $# -eq 0; then + if test -z "$dir_arg"; then + echo "$0: no input file specified." >&2 + exit 1 + fi + # It's OK to call `install-sh -d' without argument. + # This can happen when creating conditional directories. + exit 0 +fi + +if test -z "$dir_arg"; then + do_exit='(exit $ret); exit $ret' + trap "ret=129; $do_exit" 1 + trap "ret=130; $do_exit" 2 + trap "ret=141; $do_exit" 13 + trap "ret=143; $do_exit" 15 + + # Set umask so as not to create temps with too-generous modes. + # However, 'strip' requires both read and write access to temps. + case $mode in + # Optimize common cases. + *644) cp_umask=133;; + *755) cp_umask=22;; + + *[0-7]) + if test -z "$stripcmd"; then + u_plus_rw= + else + u_plus_rw='% 200' + fi + cp_umask=`expr '(' 777 - $mode % 1000 ')' $u_plus_rw`;; + *) + if test -z "$stripcmd"; then + u_plus_rw= + else + u_plus_rw=,u+rw + fi + cp_umask=$mode$u_plus_rw;; + esac +fi + +for src +do + # Protect names problematic for `test' and other utilities. + case $src in + -* | [=\(\)!]) src=./$src;; + esac + + if test -n "$dir_arg"; then + dst=$src + dstdir=$dst + test -d "$dstdir" + dstdir_status=$? + else + + # Waiting for this to be detected by the "$cpprog $src $dsttmp" command + # might cause directories to be created, which would be especially bad + # if $src (and thus $dsttmp) contains '*'. + if test ! -f "$src" && test ! -d "$src"; then + echo "$0: $src does not exist." >&2 + exit 1 + fi + + if test -z "$dst_arg"; then + echo "$0: no destination specified." >&2 + exit 1 + fi + dst=$dst_arg + + # If destination is a directory, append the input filename; won't work + # if double slashes aren't ignored. + if test -d "$dst"; then + if test -n "$no_target_directory"; then + echo "$0: $dst_arg: Is a directory" >&2 + exit 1 + fi + dstdir=$dst + dst=$dstdir/`basename "$src"` + dstdir_status=0 + else + # Prefer dirname, but fall back on a substitute if dirname fails. + dstdir=` + (dirname "$dst") 2>/dev/null || + expr X"$dst" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$dst" : 'X\(//\)[^/]' \| \ + X"$dst" : 'X\(//\)$' \| \ + X"$dst" : 'X\(/\)' \| . 2>/dev/null || + echo X"$dst" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q' + ` + + test -d "$dstdir" + dstdir_status=$? + fi + fi + + obsolete_mkdir_used=false + + if test $dstdir_status != 0; then + case $posix_mkdir in + '') + # Create intermediate dirs using mode 755 as modified by the umask. + # This is like FreeBSD 'install' as of 1997-10-28. + umask=`umask` + case $stripcmd.$umask in + # Optimize common cases. + *[2367][2367]) mkdir_umask=$umask;; + .*0[02][02] | .[02][02] | .[02]) mkdir_umask=22;; + + *[0-7]) + mkdir_umask=`expr $umask + 22 \ + - $umask % 100 % 40 + $umask % 20 \ + - $umask % 10 % 4 + $umask % 2 + `;; + *) mkdir_umask=$umask,go-w;; + esac + + # With -d, create the new directory with the user-specified mode. + # Otherwise, rely on $mkdir_umask. + if test -n "$dir_arg"; then + mkdir_mode=-m$mode + else + mkdir_mode= + fi + + posix_mkdir=false + case $umask in + *[123567][0-7][0-7]) + # POSIX mkdir -p sets u+wx bits regardless of umask, which + # is incompatible with FreeBSD 'install' when (umask & 300) != 0. + ;; + *) + tmpdir=${TMPDIR-/tmp}/ins$RANDOM-$$ + trap 'ret=$?; rmdir "$tmpdir/d" "$tmpdir" 2>/dev/null; exit $ret' 0 + + if (umask $mkdir_umask && + exec $mkdirprog $mkdir_mode -p -- "$tmpdir/d") >/dev/null 2>&1 + then + if test -z "$dir_arg" || { + # Check for POSIX incompatibilities with -m. + # HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or + # other-writeable bit of parent directory when it shouldn't. + # FreeBSD 6.1 mkdir -m -p sets mode of existing directory. + ls_ld_tmpdir=`ls -ld "$tmpdir"` + case $ls_ld_tmpdir in + d????-?r-*) different_mode=700;; + d????-?--*) different_mode=755;; + *) false;; + esac && + $mkdirprog -m$different_mode -p -- "$tmpdir" && { + ls_ld_tmpdir_1=`ls -ld "$tmpdir"` + test "$ls_ld_tmpdir" = "$ls_ld_tmpdir_1" + } + } + then posix_mkdir=: + fi + rmdir "$tmpdir/d" "$tmpdir" + else + # Remove any dirs left behind by ancient mkdir implementations. + rmdir ./$mkdir_mode ./-p ./-- 2>/dev/null + fi + trap '' 0;; + esac;; + esac + + if + $posix_mkdir && ( + umask $mkdir_umask && + $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir" + ) + then : + else + + # The umask is ridiculous, or mkdir does not conform to POSIX, + # or it failed possibly due to a race condition. Create the + # directory the slow way, step by step, checking for races as we go. + + case $dstdir in + /*) prefix='/';; + [-=\(\)!]*) prefix='./';; + *) prefix='';; + esac + + eval "$initialize_posix_glob" + + oIFS=$IFS + IFS=/ + $posix_glob set -f + set fnord $dstdir + shift + $posix_glob set +f + IFS=$oIFS + + prefixes= + + for d + do + test X"$d" = X && continue + + prefix=$prefix$d + if test -d "$prefix"; then + prefixes= + else + if $posix_mkdir; then + (umask=$mkdir_umask && + $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir") && break + # Don't fail if two instances are running concurrently. + test -d "$prefix" || exit 1 + else + case $prefix in + *\'*) qprefix=`echo "$prefix" | sed "s/'/'\\\\\\\\''/g"`;; + *) qprefix=$prefix;; + esac + prefixes="$prefixes '$qprefix'" + fi + fi + prefix=$prefix/ + done + + if test -n "$prefixes"; then + # Don't fail if two instances are running concurrently. + (umask $mkdir_umask && + eval "\$doit_exec \$mkdirprog $prefixes") || + test -d "$dstdir" || exit 1 + obsolete_mkdir_used=true + fi + fi + fi + + if test -n "$dir_arg"; then + { test -z "$chowncmd" || $doit $chowncmd "$dst"; } && + { test -z "$chgrpcmd" || $doit $chgrpcmd "$dst"; } && + { test "$obsolete_mkdir_used$chowncmd$chgrpcmd" = false || + test -z "$chmodcmd" || $doit $chmodcmd $mode "$dst"; } || exit 1 + else + + # Make a couple of temp file names in the proper directory. + dsttmp=$dstdir/_inst.$$_ + rmtmp=$dstdir/_rm.$$_ + + # Trap to clean up those temp files at exit. + trap 'ret=$?; rm -f "$dsttmp" "$rmtmp" && exit $ret' 0 + + # Copy the file name to the temp name. + (umask $cp_umask && $doit_exec $cpprog "$src" "$dsttmp") && + + # and set any options; do chmod last to preserve setuid bits. + # + # If any of these fail, we abort the whole thing. If we want to + # ignore errors from any of these, just make sure not to ignore + # errors from the above "$doit $cpprog $src $dsttmp" command. + # + { test -z "$chowncmd" || $doit $chowncmd "$dsttmp"; } && + { test -z "$chgrpcmd" || $doit $chgrpcmd "$dsttmp"; } && + { test -z "$stripcmd" || $doit $stripcmd "$dsttmp"; } && + { test -z "$chmodcmd" || $doit $chmodcmd $mode "$dsttmp"; } && + + # If -C, don't bother to copy if it wouldn't change the file. + if $copy_on_change && + old=`LC_ALL=C ls -dlL "$dst" 2>/dev/null` && + new=`LC_ALL=C ls -dlL "$dsttmp" 2>/dev/null` && + + eval "$initialize_posix_glob" && + $posix_glob set -f && + set X $old && old=:$2:$4:$5:$6 && + set X $new && new=:$2:$4:$5:$6 && + $posix_glob set +f && + + test "$old" = "$new" && + $cmpprog "$dst" "$dsttmp" >/dev/null 2>&1 + then + rm -f "$dsttmp" + else + # Rename the file to the real destination. + $doit $mvcmd -f "$dsttmp" "$dst" 2>/dev/null || + + # The rename failed, perhaps because mv can't rename something else + # to itself, or perhaps because mv is so ancient that it does not + # support -f. + { + # Now remove or move aside any old file at destination location. + # We try this two ways since rm can't unlink itself on some + # systems and the destination file might be busy for other + # reasons. In this case, the final cleanup might fail but the new + # file should still install successfully. + { + test ! -f "$dst" || + $doit $rmcmd -f "$dst" 2>/dev/null || + { $doit $mvcmd -f "$dst" "$rmtmp" 2>/dev/null && + { $doit $rmcmd -f "$rmtmp" 2>/dev/null; :; } + } || + { echo "$0: cannot unlink or rename $dst" >&2 + (exit 1); exit 1 + } + } && + + # Now rename the file to the real destination. + $doit $mvcmd "$dsttmp" "$dst" + } + fi || exit 1 + + trap '' 0 + fi +done + +# Local variables: +# eval: (add-hook 'write-file-hooks 'time-stamp) +# time-stamp-start: "scriptversion=" +# time-stamp-format: "%:y-%02m-%02d.%02H" +# time-stamp-time-zone: "UTC" +# time-stamp-end: "; # UTC" +# End: diff --git a/ltmain.sh b/ltmain.sh new file mode 100644 index 00000000..63ae69dc --- /dev/null +++ b/ltmain.sh @@ -0,0 +1,9655 @@ + +# libtool (GNU libtool) 2.4.2 +# Written by Gordon Matzigkeit , 1996 + +# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005, 2006, +# 2007, 2008, 2009, 2010, 2011 Free Software Foundation, Inc. +# This is free software; see the source for copying conditions. There is NO +# warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + +# GNU Libtool is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# As a special exception to the GNU General Public License, +# if you distribute this file as part of a program or library that +# is built using GNU Libtool, you may include this file under the +# same distribution terms that you use for the rest of that program. +# +# GNU Libtool is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GNU Libtool; see the file COPYING. If not, a copy +# can be downloaded from http://www.gnu.org/licenses/gpl.html, +# or obtained by writing to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +# Usage: $progname [OPTION]... [MODE-ARG]... +# +# Provide generalized library-building support services. +# +# --config show all configuration variables +# --debug enable verbose shell tracing +# -n, --dry-run display commands without modifying any files +# --features display basic configuration information and exit +# --mode=MODE use operation mode MODE +# --preserve-dup-deps don't remove duplicate dependency libraries +# --quiet, --silent don't print informational messages +# --no-quiet, --no-silent +# print informational messages (default) +# --no-warn don't display warning messages +# --tag=TAG use configuration variables from tag TAG +# -v, --verbose print more informational messages than default +# --no-verbose don't print the extra informational messages +# --version print version information +# -h, --help, --help-all print short, long, or detailed help message +# +# MODE must be one of the following: +# +# clean remove files from the build directory +# compile compile a source file into a libtool object +# execute automatically set library path, then run a program +# finish complete the installation of libtool libraries +# install install libraries or executables +# link create a library or an executable +# uninstall remove libraries from an installed directory +# +# MODE-ARGS vary depending on the MODE. When passed as first option, +# `--mode=MODE' may be abbreviated as `MODE' or a unique abbreviation of that. +# Try `$progname --help --mode=MODE' for a more detailed description of MODE. +# +# When reporting a bug, please describe a test case to reproduce it and +# include the following information: +# +# host-triplet: $host +# shell: $SHELL +# compiler: $LTCC +# compiler flags: $LTCFLAGS +# linker: $LD (gnu? $with_gnu_ld) +# $progname: (GNU libtool) 2.4.2 +# automake: $automake_version +# autoconf: $autoconf_version +# +# Report bugs to . +# GNU libtool home page: . +# General help using GNU software: . + +PROGRAM=libtool +PACKAGE=libtool +VERSION=2.4.2 +TIMESTAMP="" +package_revision=1.3337 + +# Be Bourne compatible +if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then + emulate sh + NULLCMD=: + # Zsh 3.x and 4.x performs word splitting on ${1+"$@"}, which + # is contrary to our usage. Disable this feature. + alias -g '${1+"$@"}'='"$@"' + setopt NO_GLOB_SUBST +else + case `(set -o) 2>/dev/null` in *posix*) set -o posix;; esac +fi +BIN_SH=xpg4; export BIN_SH # for Tru64 +DUALCASE=1; export DUALCASE # for MKS sh + +# A function that is used when there is no print builtin or printf. +func_fallback_echo () +{ + eval 'cat <<_LTECHO_EOF +$1 +_LTECHO_EOF' +} + +# NLS nuisances: We save the old values to restore during execute mode. +lt_user_locale= +lt_safe_locale= +for lt_var in LANG LANGUAGE LC_ALL LC_CTYPE LC_COLLATE LC_MESSAGES +do + eval "if test \"\${$lt_var+set}\" = set; then + save_$lt_var=\$$lt_var + $lt_var=C + export $lt_var + lt_user_locale=\"$lt_var=\\\$save_\$lt_var; \$lt_user_locale\" + lt_safe_locale=\"$lt_var=C; \$lt_safe_locale\" + fi" +done +LC_ALL=C +LANGUAGE=C +export LANGUAGE LC_ALL + +$lt_unset CDPATH + + +# Work around backward compatibility issue on IRIX 6.5. On IRIX 6.4+, sh +# is ksh but when the shell is invoked as "sh" and the current value of +# the _XPG environment variable is not equal to 1 (one), the special +# positional parameter $0, within a function call, is the name of the +# function. +progpath="$0" + + + +: ${CP="cp -f"} +test "${ECHO+set}" = set || ECHO=${as_echo-'printf %s\n'} +: ${MAKE="make"} +: ${MKDIR="mkdir"} +: ${MV="mv -f"} +: ${RM="rm -f"} +: ${SHELL="${CONFIG_SHELL-/bin/sh}"} +: ${Xsed="$SED -e 1s/^X//"} + +# Global variables: +EXIT_SUCCESS=0 +EXIT_FAILURE=1 +EXIT_MISMATCH=63 # $? = 63 is used to indicate version mismatch to missing. +EXIT_SKIP=77 # $? = 77 is used to indicate a skipped test to automake. + +exit_status=$EXIT_SUCCESS + +# Make sure IFS has a sensible default +lt_nl=' +' +IFS=" $lt_nl" + +dirname="s,/[^/]*$,," +basename="s,^.*/,," + +# func_dirname file append nondir_replacement +# Compute the dirname of FILE. If nonempty, add APPEND to the result, +# otherwise set result to NONDIR_REPLACEMENT. +func_dirname () +{ + func_dirname_result=`$ECHO "${1}" | $SED "$dirname"` + if test "X$func_dirname_result" = "X${1}"; then + func_dirname_result="${3}" + else + func_dirname_result="$func_dirname_result${2}" + fi +} # func_dirname may be replaced by extended shell implementation + + +# func_basename file +func_basename () +{ + func_basename_result=`$ECHO "${1}" | $SED "$basename"` +} # func_basename may be replaced by extended shell implementation + + +# func_dirname_and_basename file append nondir_replacement +# perform func_basename and func_dirname in a single function +# call: +# dirname: Compute the dirname of FILE. If nonempty, +# add APPEND to the result, otherwise set result +# to NONDIR_REPLACEMENT. +# value returned in "$func_dirname_result" +# basename: Compute filename of FILE. +# value retuned in "$func_basename_result" +# Implementation must be kept synchronized with func_dirname +# and func_basename. For efficiency, we do not delegate to +# those functions but instead duplicate the functionality here. +func_dirname_and_basename () +{ + # Extract subdirectory from the argument. + func_dirname_result=`$ECHO "${1}" | $SED -e "$dirname"` + if test "X$func_dirname_result" = "X${1}"; then + func_dirname_result="${3}" + else + func_dirname_result="$func_dirname_result${2}" + fi + func_basename_result=`$ECHO "${1}" | $SED -e "$basename"` +} # func_dirname_and_basename may be replaced by extended shell implementation + + +# func_stripname prefix suffix name +# strip PREFIX and SUFFIX off of NAME. +# PREFIX and SUFFIX must not contain globbing or regex special +# characters, hashes, percent signs, but SUFFIX may contain a leading +# dot (in which case that matches only a dot). +# func_strip_suffix prefix name +func_stripname () +{ + case ${2} in + .*) func_stripname_result=`$ECHO "${3}" | $SED "s%^${1}%%; s%\\\\${2}\$%%"`;; + *) func_stripname_result=`$ECHO "${3}" | $SED "s%^${1}%%; s%${2}\$%%"`;; + esac +} # func_stripname may be replaced by extended shell implementation + + +# These SED scripts presuppose an absolute path with a trailing slash. +pathcar='s,^/\([^/]*\).*$,\1,' +pathcdr='s,^/[^/]*,,' +removedotparts=':dotsl + s@/\./@/@g + t dotsl + s,/\.$,/,' +collapseslashes='s@/\{1,\}@/@g' +finalslash='s,/*$,/,' + +# func_normal_abspath PATH +# Remove doubled-up and trailing slashes, "." path components, +# and cancel out any ".." path components in PATH after making +# it an absolute path. +# value returned in "$func_normal_abspath_result" +func_normal_abspath () +{ + # Start from root dir and reassemble the path. + func_normal_abspath_result= + func_normal_abspath_tpath=$1 + func_normal_abspath_altnamespace= + case $func_normal_abspath_tpath in + "") + # Empty path, that just means $cwd. + func_stripname '' '/' "`pwd`" + func_normal_abspath_result=$func_stripname_result + return + ;; + # The next three entries are used to spot a run of precisely + # two leading slashes without using negated character classes; + # we take advantage of case's first-match behaviour. + ///*) + # Unusual form of absolute path, do nothing. + ;; + //*) + # Not necessarily an ordinary path; POSIX reserves leading '//' + # and for example Cygwin uses it to access remote file shares + # over CIFS/SMB, so we conserve a leading double slash if found. + func_normal_abspath_altnamespace=/ + ;; + /*) + # Absolute path, do nothing. + ;; + *) + # Relative path, prepend $cwd. + func_normal_abspath_tpath=`pwd`/$func_normal_abspath_tpath + ;; + esac + # Cancel out all the simple stuff to save iterations. We also want + # the path to end with a slash for ease of parsing, so make sure + # there is one (and only one) here. + func_normal_abspath_tpath=`$ECHO "$func_normal_abspath_tpath" | $SED \ + -e "$removedotparts" -e "$collapseslashes" -e "$finalslash"` + while :; do + # Processed it all yet? + if test "$func_normal_abspath_tpath" = / ; then + # If we ascended to the root using ".." the result may be empty now. + if test -z "$func_normal_abspath_result" ; then + func_normal_abspath_result=/ + fi + break + fi + func_normal_abspath_tcomponent=`$ECHO "$func_normal_abspath_tpath" | $SED \ + -e "$pathcar"` + func_normal_abspath_tpath=`$ECHO "$func_normal_abspath_tpath" | $SED \ + -e "$pathcdr"` + # Figure out what to do with it + case $func_normal_abspath_tcomponent in + "") + # Trailing empty path component, ignore it. + ;; + ..) + # Parent dir; strip last assembled component from result. + func_dirname "$func_normal_abspath_result" + func_normal_abspath_result=$func_dirname_result + ;; + *) + # Actual path component, append it. + func_normal_abspath_result=$func_normal_abspath_result/$func_normal_abspath_tcomponent + ;; + esac + done + # Restore leading double-slash if one was found on entry. + func_normal_abspath_result=$func_normal_abspath_altnamespace$func_normal_abspath_result +} + +# func_relative_path SRCDIR DSTDIR +# generates a relative path from SRCDIR to DSTDIR, with a trailing +# slash if non-empty, suitable for immediately appending a filename +# without needing to append a separator. +# value returned in "$func_relative_path_result" +func_relative_path () +{ + func_relative_path_result= + func_normal_abspath "$1" + func_relative_path_tlibdir=$func_normal_abspath_result + func_normal_abspath "$2" + func_relative_path_tbindir=$func_normal_abspath_result + + # Ascend the tree starting from libdir + while :; do + # check if we have found a prefix of bindir + case $func_relative_path_tbindir in + $func_relative_path_tlibdir) + # found an exact match + func_relative_path_tcancelled= + break + ;; + $func_relative_path_tlibdir*) + # found a matching prefix + func_stripname "$func_relative_path_tlibdir" '' "$func_relative_path_tbindir" + func_relative_path_tcancelled=$func_stripname_result + if test -z "$func_relative_path_result"; then + func_relative_path_result=. + fi + break + ;; + *) + func_dirname $func_relative_path_tlibdir + func_relative_path_tlibdir=${func_dirname_result} + if test "x$func_relative_path_tlibdir" = x ; then + # Have to descend all the way to the root! + func_relative_path_result=../$func_relative_path_result + func_relative_path_tcancelled=$func_relative_path_tbindir + break + fi + func_relative_path_result=../$func_relative_path_result + ;; + esac + done + + # Now calculate path; take care to avoid doubling-up slashes. + func_stripname '' '/' "$func_relative_path_result" + func_relative_path_result=$func_stripname_result + func_stripname '/' '/' "$func_relative_path_tcancelled" + if test "x$func_stripname_result" != x ; then + func_relative_path_result=${func_relative_path_result}/${func_stripname_result} + fi + + # Normalisation. If bindir is libdir, return empty string, + # else relative path ending with a slash; either way, target + # file name can be directly appended. + if test ! -z "$func_relative_path_result"; then + func_stripname './' '' "$func_relative_path_result/" + func_relative_path_result=$func_stripname_result + fi +} + +# The name of this program: +func_dirname_and_basename "$progpath" +progname=$func_basename_result + +# Make sure we have an absolute path for reexecution: +case $progpath in + [\\/]*|[A-Za-z]:\\*) ;; + *[\\/]*) + progdir=$func_dirname_result + progdir=`cd "$progdir" && pwd` + progpath="$progdir/$progname" + ;; + *) + save_IFS="$IFS" + IFS=${PATH_SEPARATOR-:} + for progdir in $PATH; do + IFS="$save_IFS" + test -x "$progdir/$progname" && break + done + IFS="$save_IFS" + test -n "$progdir" || progdir=`pwd` + progpath="$progdir/$progname" + ;; +esac + +# Sed substitution that helps us do robust quoting. It backslashifies +# metacharacters that are still active within double-quoted strings. +Xsed="${SED}"' -e 1s/^X//' +sed_quote_subst='s/\([`"$\\]\)/\\\1/g' + +# Same as above, but do not quote variable references. +double_quote_subst='s/\(["`\\]\)/\\\1/g' + +# Sed substitution that turns a string into a regex matching for the +# string literally. +sed_make_literal_regex='s,[].[^$\\*\/],\\&,g' + +# Sed substitution that converts a w32 file name or path +# which contains forward slashes, into one that contains +# (escaped) backslashes. A very naive implementation. +lt_sed_naive_backslashify='s|\\\\*|\\|g;s|/|\\|g;s|\\|\\\\|g' + +# Re-`\' parameter expansions in output of double_quote_subst that were +# `\'-ed in input to the same. If an odd number of `\' preceded a '$' +# in input to double_quote_subst, that '$' was protected from expansion. +# Since each input `\' is now two `\'s, look for any number of runs of +# four `\'s followed by two `\'s and then a '$'. `\' that '$'. +bs='\\' +bs2='\\\\' +bs4='\\\\\\\\' +dollar='\$' +sed_double_backslash="\ + s/$bs4/&\\ +/g + s/^$bs2$dollar/$bs&/ + s/\\([^$bs]\\)$bs2$dollar/\\1$bs2$bs$dollar/g + s/\n//g" + +# Standard options: +opt_dry_run=false +opt_help=false +opt_quiet=false +opt_verbose=false +opt_warning=: + +# func_echo arg... +# Echo program name prefixed message, along with the current mode +# name if it has been set yet. +func_echo () +{ + $ECHO "$progname: ${opt_mode+$opt_mode: }$*" +} + +# func_verbose arg... +# Echo program name prefixed message in verbose mode only. +func_verbose () +{ + $opt_verbose && func_echo ${1+"$@"} + + # A bug in bash halts the script if the last line of a function + # fails when set -e is in force, so we need another command to + # work around that: + : +} + +# func_echo_all arg... +# Invoke $ECHO with all args, space-separated. +func_echo_all () +{ + $ECHO "$*" +} + +# func_error arg... +# Echo program name prefixed message to standard error. +func_error () +{ + $ECHO "$progname: ${opt_mode+$opt_mode: }"${1+"$@"} 1>&2 +} + +# func_warning arg... +# Echo program name prefixed warning message to standard error. +func_warning () +{ + $opt_warning && $ECHO "$progname: ${opt_mode+$opt_mode: }warning: "${1+"$@"} 1>&2 + + # bash bug again: + : +} + +# func_fatal_error arg... +# Echo program name prefixed message to standard error, and exit. +func_fatal_error () +{ + func_error ${1+"$@"} + exit $EXIT_FAILURE +} + +# func_fatal_help arg... +# Echo program name prefixed message to standard error, followed by +# a help hint, and exit. +func_fatal_help () +{ + func_error ${1+"$@"} + func_fatal_error "$help" +} +help="Try \`$progname --help' for more information." ## default + + +# func_grep expression filename +# Check whether EXPRESSION matches any line of FILENAME, without output. +func_grep () +{ + $GREP "$1" "$2" >/dev/null 2>&1 +} + + +# func_mkdir_p directory-path +# Make sure the entire path to DIRECTORY-PATH is available. +func_mkdir_p () +{ + my_directory_path="$1" + my_dir_list= + + if test -n "$my_directory_path" && test "$opt_dry_run" != ":"; then + + # Protect directory names starting with `-' + case $my_directory_path in + -*) my_directory_path="./$my_directory_path" ;; + esac + + # While some portion of DIR does not yet exist... + while test ! -d "$my_directory_path"; do + # ...make a list in topmost first order. Use a colon delimited + # list incase some portion of path contains whitespace. + my_dir_list="$my_directory_path:$my_dir_list" + + # If the last portion added has no slash in it, the list is done + case $my_directory_path in */*) ;; *) break ;; esac + + # ...otherwise throw away the child directory and loop + my_directory_path=`$ECHO "$my_directory_path" | $SED -e "$dirname"` + done + my_dir_list=`$ECHO "$my_dir_list" | $SED 's,:*$,,'` + + save_mkdir_p_IFS="$IFS"; IFS=':' + for my_dir in $my_dir_list; do + IFS="$save_mkdir_p_IFS" + # mkdir can fail with a `File exist' error if two processes + # try to create one of the directories concurrently. Don't + # stop in that case! + $MKDIR "$my_dir" 2>/dev/null || : + done + IFS="$save_mkdir_p_IFS" + + # Bail out if we (or some other process) failed to create a directory. + test -d "$my_directory_path" || \ + func_fatal_error "Failed to create \`$1'" + fi +} + + +# func_mktempdir [string] +# Make a temporary directory that won't clash with other running +# libtool processes, and avoids race conditions if possible. If +# given, STRING is the basename for that directory. +func_mktempdir () +{ + my_template="${TMPDIR-/tmp}/${1-$progname}" + + if test "$opt_dry_run" = ":"; then + # Return a directory name, but don't create it in dry-run mode + my_tmpdir="${my_template}-$$" + else + + # If mktemp works, use that first and foremost + my_tmpdir=`mktemp -d "${my_template}-XXXXXXXX" 2>/dev/null` + + if test ! -d "$my_tmpdir"; then + # Failing that, at least try and use $RANDOM to avoid a race + my_tmpdir="${my_template}-${RANDOM-0}$$" + + save_mktempdir_umask=`umask` + umask 0077 + $MKDIR "$my_tmpdir" + umask $save_mktempdir_umask + fi + + # If we're not in dry-run mode, bomb out on failure + test -d "$my_tmpdir" || \ + func_fatal_error "cannot create temporary directory \`$my_tmpdir'" + fi + + $ECHO "$my_tmpdir" +} + + +# func_quote_for_eval arg +# Aesthetically quote ARG to be evaled later. +# This function returns two values: FUNC_QUOTE_FOR_EVAL_RESULT +# is double-quoted, suitable for a subsequent eval, whereas +# FUNC_QUOTE_FOR_EVAL_UNQUOTED_RESULT has merely all characters +# which are still active within double quotes backslashified. +func_quote_for_eval () +{ + case $1 in + *[\\\`\"\$]*) + func_quote_for_eval_unquoted_result=`$ECHO "$1" | $SED "$sed_quote_subst"` ;; + *) + func_quote_for_eval_unquoted_result="$1" ;; + esac + + case $func_quote_for_eval_unquoted_result in + # Double-quote args containing shell metacharacters to delay + # word splitting, command substitution and and variable + # expansion for a subsequent eval. + # Many Bourne shells cannot handle close brackets correctly + # in scan sets, so we specify it separately. + *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"") + func_quote_for_eval_result="\"$func_quote_for_eval_unquoted_result\"" + ;; + *) + func_quote_for_eval_result="$func_quote_for_eval_unquoted_result" + esac +} + + +# func_quote_for_expand arg +# Aesthetically quote ARG to be evaled later; same as above, +# but do not quote variable references. +func_quote_for_expand () +{ + case $1 in + *[\\\`\"]*) + my_arg=`$ECHO "$1" | $SED \ + -e "$double_quote_subst" -e "$sed_double_backslash"` ;; + *) + my_arg="$1" ;; + esac + + case $my_arg in + # Double-quote args containing shell metacharacters to delay + # word splitting and command substitution for a subsequent eval. + # Many Bourne shells cannot handle close brackets correctly + # in scan sets, so we specify it separately. + *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"") + my_arg="\"$my_arg\"" + ;; + esac + + func_quote_for_expand_result="$my_arg" +} + + +# func_show_eval cmd [fail_exp] +# Unless opt_silent is true, then output CMD. Then, if opt_dryrun is +# not true, evaluate CMD. If the evaluation of CMD fails, and FAIL_EXP +# is given, then evaluate it. +func_show_eval () +{ + my_cmd="$1" + my_fail_exp="${2-:}" + + ${opt_silent-false} || { + func_quote_for_expand "$my_cmd" + eval "func_echo $func_quote_for_expand_result" + } + + if ${opt_dry_run-false}; then :; else + eval "$my_cmd" + my_status=$? + if test "$my_status" -eq 0; then :; else + eval "(exit $my_status); $my_fail_exp" + fi + fi +} + + +# func_show_eval_locale cmd [fail_exp] +# Unless opt_silent is true, then output CMD. Then, if opt_dryrun is +# not true, evaluate CMD. If the evaluation of CMD fails, and FAIL_EXP +# is given, then evaluate it. Use the saved locale for evaluation. +func_show_eval_locale () +{ + my_cmd="$1" + my_fail_exp="${2-:}" + + ${opt_silent-false} || { + func_quote_for_expand "$my_cmd" + eval "func_echo $func_quote_for_expand_result" + } + + if ${opt_dry_run-false}; then :; else + eval "$lt_user_locale + $my_cmd" + my_status=$? + eval "$lt_safe_locale" + if test "$my_status" -eq 0; then :; else + eval "(exit $my_status); $my_fail_exp" + fi + fi +} + +# func_tr_sh +# Turn $1 into a string suitable for a shell variable name. +# Result is stored in $func_tr_sh_result. All characters +# not in the set a-zA-Z0-9_ are replaced with '_'. Further, +# if $1 begins with a digit, a '_' is prepended as well. +func_tr_sh () +{ + case $1 in + [0-9]* | *[!a-zA-Z0-9_]*) + func_tr_sh_result=`$ECHO "$1" | $SED 's/^\([0-9]\)/_\1/; s/[^a-zA-Z0-9_]/_/g'` + ;; + * ) + func_tr_sh_result=$1 + ;; + esac +} + + +# func_version +# Echo version message to standard output and exit. +func_version () +{ + $opt_debug + + $SED -n '/(C)/!b go + :more + /\./!{ + N + s/\n# / / + b more + } + :go + /^# '$PROGRAM' (GNU /,/# warranty; / { + s/^# // + s/^# *$// + s/\((C)\)[ 0-9,-]*\( [1-9][0-9]*\)/\1\2/ + p + }' < "$progpath" + exit $? +} + +# func_usage +# Echo short help message to standard output and exit. +func_usage () +{ + $opt_debug + + $SED -n '/^# Usage:/,/^# *.*--help/ { + s/^# // + s/^# *$// + s/\$progname/'$progname'/ + p + }' < "$progpath" + echo + $ECHO "run \`$progname --help | more' for full usage" + exit $? +} + +# func_help [NOEXIT] +# Echo long help message to standard output and exit, +# unless 'noexit' is passed as argument. +func_help () +{ + $opt_debug + + $SED -n '/^# Usage:/,/# Report bugs to/ { + :print + s/^# // + s/^# *$// + s*\$progname*'$progname'* + s*\$host*'"$host"'* + s*\$SHELL*'"$SHELL"'* + s*\$LTCC*'"$LTCC"'* + s*\$LTCFLAGS*'"$LTCFLAGS"'* + s*\$LD*'"$LD"'* + s/\$with_gnu_ld/'"$with_gnu_ld"'/ + s/\$automake_version/'"`(${AUTOMAKE-automake} --version) 2>/dev/null |$SED 1q`"'/ + s/\$autoconf_version/'"`(${AUTOCONF-autoconf} --version) 2>/dev/null |$SED 1q`"'/ + p + d + } + /^# .* home page:/b print + /^# General help using/b print + ' < "$progpath" + ret=$? + if test -z "$1"; then + exit $ret + fi +} + +# func_missing_arg argname +# Echo program name prefixed message to standard error and set global +# exit_cmd. +func_missing_arg () +{ + $opt_debug + + func_error "missing argument for $1." + exit_cmd=exit +} + + +# func_split_short_opt shortopt +# Set func_split_short_opt_name and func_split_short_opt_arg shell +# variables after splitting SHORTOPT after the 2nd character. +func_split_short_opt () +{ + my_sed_short_opt='1s/^\(..\).*$/\1/;q' + my_sed_short_rest='1s/^..\(.*\)$/\1/;q' + + func_split_short_opt_name=`$ECHO "$1" | $SED "$my_sed_short_opt"` + func_split_short_opt_arg=`$ECHO "$1" | $SED "$my_sed_short_rest"` +} # func_split_short_opt may be replaced by extended shell implementation + + +# func_split_long_opt longopt +# Set func_split_long_opt_name and func_split_long_opt_arg shell +# variables after splitting LONGOPT at the `=' sign. +func_split_long_opt () +{ + my_sed_long_opt='1s/^\(--[^=]*\)=.*/\1/;q' + my_sed_long_arg='1s/^--[^=]*=//' + + func_split_long_opt_name=`$ECHO "$1" | $SED "$my_sed_long_opt"` + func_split_long_opt_arg=`$ECHO "$1" | $SED "$my_sed_long_arg"` +} # func_split_long_opt may be replaced by extended shell implementation + +exit_cmd=: + + + + + +magic="%%%MAGIC variable%%%" +magic_exe="%%%MAGIC EXE variable%%%" + +# Global variables. +nonopt= +preserve_args= +lo2o="s/\\.lo\$/.${objext}/" +o2lo="s/\\.${objext}\$/.lo/" +extracted_archives= +extracted_serial=0 + +# If this variable is set in any of the actions, the command in it +# will be execed at the end. This prevents here-documents from being +# left over by shells. +exec_cmd= + +# func_append var value +# Append VALUE to the end of shell variable VAR. +func_append () +{ + eval "${1}=\$${1}\${2}" +} # func_append may be replaced by extended shell implementation + +# func_append_quoted var value +# Quote VALUE and append to the end of shell variable VAR, separated +# by a space. +func_append_quoted () +{ + func_quote_for_eval "${2}" + eval "${1}=\$${1}\\ \$func_quote_for_eval_result" +} # func_append_quoted may be replaced by extended shell implementation + + +# func_arith arithmetic-term... +func_arith () +{ + func_arith_result=`expr "${@}"` +} # func_arith may be replaced by extended shell implementation + + +# func_len string +# STRING may not start with a hyphen. +func_len () +{ + func_len_result=`expr "${1}" : ".*" 2>/dev/null || echo $max_cmd_len` +} # func_len may be replaced by extended shell implementation + + +# func_lo2o object +func_lo2o () +{ + func_lo2o_result=`$ECHO "${1}" | $SED "$lo2o"` +} # func_lo2o may be replaced by extended shell implementation + + +# func_xform libobj-or-source +func_xform () +{ + func_xform_result=`$ECHO "${1}" | $SED 's/\.[^.]*$/.lo/'` +} # func_xform may be replaced by extended shell implementation + + +# func_fatal_configuration arg... +# Echo program name prefixed message to standard error, followed by +# a configuration failure hint, and exit. +func_fatal_configuration () +{ + func_error ${1+"$@"} + func_error "See the $PACKAGE documentation for more information." + func_fatal_error "Fatal configuration error." +} + + +# func_config +# Display the configuration for all the tags in this script. +func_config () +{ + re_begincf='^# ### BEGIN LIBTOOL' + re_endcf='^# ### END LIBTOOL' + + # Default configuration. + $SED "1,/$re_begincf CONFIG/d;/$re_endcf CONFIG/,\$d" < "$progpath" + + # Now print the configurations for the tags. + for tagname in $taglist; do + $SED -n "/$re_begincf TAG CONFIG: $tagname\$/,/$re_endcf TAG CONFIG: $tagname\$/p" < "$progpath" + done + + exit $? +} + +# func_features +# Display the features supported by this script. +func_features () +{ + echo "host: $host" + if test "$build_libtool_libs" = yes; then + echo "enable shared libraries" + else + echo "disable shared libraries" + fi + if test "$build_old_libs" = yes; then + echo "enable static libraries" + else + echo "disable static libraries" + fi + + exit $? +} + +# func_enable_tag tagname +# Verify that TAGNAME is valid, and either flag an error and exit, or +# enable the TAGNAME tag. We also add TAGNAME to the global $taglist +# variable here. +func_enable_tag () +{ + # Global variable: + tagname="$1" + + re_begincf="^# ### BEGIN LIBTOOL TAG CONFIG: $tagname\$" + re_endcf="^# ### END LIBTOOL TAG CONFIG: $tagname\$" + sed_extractcf="/$re_begincf/,/$re_endcf/p" + + # Validate tagname. + case $tagname in + *[!-_A-Za-z0-9,/]*) + func_fatal_error "invalid tag name: $tagname" + ;; + esac + + # Don't test for the "default" C tag, as we know it's + # there but not specially marked. + case $tagname in + CC) ;; + *) + if $GREP "$re_begincf" "$progpath" >/dev/null 2>&1; then + taglist="$taglist $tagname" + + # Evaluate the configuration. Be careful to quote the path + # and the sed script, to avoid splitting on whitespace, but + # also don't use non-portable quotes within backquotes within + # quotes we have to do it in 2 steps: + extractedcf=`$SED -n -e "$sed_extractcf" < "$progpath"` + eval "$extractedcf" + else + func_error "ignoring unknown tag $tagname" + fi + ;; + esac +} + +# func_check_version_match +# Ensure that we are using m4 macros, and libtool script from the same +# release of libtool. +func_check_version_match () +{ + if test "$package_revision" != "$macro_revision"; then + if test "$VERSION" != "$macro_version"; then + if test -z "$macro_version"; then + cat >&2 <<_LT_EOF +$progname: Version mismatch error. This is $PACKAGE $VERSION, but the +$progname: definition of this LT_INIT comes from an older release. +$progname: You should recreate aclocal.m4 with macros from $PACKAGE $VERSION +$progname: and run autoconf again. +_LT_EOF + else + cat >&2 <<_LT_EOF +$progname: Version mismatch error. This is $PACKAGE $VERSION, but the +$progname: definition of this LT_INIT comes from $PACKAGE $macro_version. +$progname: You should recreate aclocal.m4 with macros from $PACKAGE $VERSION +$progname: and run autoconf again. +_LT_EOF + fi + else + cat >&2 <<_LT_EOF +$progname: Version mismatch error. This is $PACKAGE $VERSION, revision $package_revision, +$progname: but the definition of this LT_INIT comes from revision $macro_revision. +$progname: You should recreate aclocal.m4 with macros from revision $package_revision +$progname: of $PACKAGE $VERSION and run autoconf again. +_LT_EOF + fi + + exit $EXIT_MISMATCH + fi +} + + +# Shorthand for --mode=foo, only valid as the first argument +case $1 in +clean|clea|cle|cl) + shift; set dummy --mode clean ${1+"$@"}; shift + ;; +compile|compil|compi|comp|com|co|c) + shift; set dummy --mode compile ${1+"$@"}; shift + ;; +execute|execut|execu|exec|exe|ex|e) + shift; set dummy --mode execute ${1+"$@"}; shift + ;; +finish|finis|fini|fin|fi|f) + shift; set dummy --mode finish ${1+"$@"}; shift + ;; +install|instal|insta|inst|ins|in|i) + shift; set dummy --mode install ${1+"$@"}; shift + ;; +link|lin|li|l) + shift; set dummy --mode link ${1+"$@"}; shift + ;; +uninstall|uninstal|uninsta|uninst|unins|unin|uni|un|u) + shift; set dummy --mode uninstall ${1+"$@"}; shift + ;; +esac + + + +# Option defaults: +opt_debug=: +opt_dry_run=false +opt_config=false +opt_preserve_dup_deps=false +opt_features=false +opt_finish=false +opt_help=false +opt_help_all=false +opt_silent=: +opt_warning=: +opt_verbose=: +opt_silent=false +opt_verbose=false + + +# Parse options once, thoroughly. This comes as soon as possible in the +# script to make things like `--version' happen as quickly as we can. +{ + # this just eases exit handling + while test $# -gt 0; do + opt="$1" + shift + case $opt in + --debug|-x) opt_debug='set -x' + func_echo "enabling shell trace mode" + $opt_debug + ;; + --dry-run|--dryrun|-n) + opt_dry_run=: + ;; + --config) + opt_config=: +func_config + ;; + --dlopen|-dlopen) + optarg="$1" + opt_dlopen="${opt_dlopen+$opt_dlopen +}$optarg" + shift + ;; + --preserve-dup-deps) + opt_preserve_dup_deps=: + ;; + --features) + opt_features=: +func_features + ;; + --finish) + opt_finish=: +set dummy --mode finish ${1+"$@"}; shift + ;; + --help) + opt_help=: + ;; + --help-all) + opt_help_all=: +opt_help=': help-all' + ;; + --mode) + test $# = 0 && func_missing_arg $opt && break + optarg="$1" + opt_mode="$optarg" +case $optarg in + # Valid mode arguments: + clean|compile|execute|finish|install|link|relink|uninstall) ;; + + # Catch anything else as an error + *) func_error "invalid argument for $opt" + exit_cmd=exit + break + ;; +esac + shift + ;; + --no-silent|--no-quiet) + opt_silent=false +func_append preserve_args " $opt" + ;; + --no-warning|--no-warn) + opt_warning=false +func_append preserve_args " $opt" + ;; + --no-verbose) + opt_verbose=false +func_append preserve_args " $opt" + ;; + --silent|--quiet) + opt_silent=: +func_append preserve_args " $opt" + opt_verbose=false + ;; + --verbose|-v) + opt_verbose=: +func_append preserve_args " $opt" +opt_silent=false + ;; + --tag) + test $# = 0 && func_missing_arg $opt && break + optarg="$1" + opt_tag="$optarg" +func_append preserve_args " $opt $optarg" +func_enable_tag "$optarg" + shift + ;; + + -\?|-h) func_usage ;; + --help) func_help ;; + --version) func_version ;; + + # Separate optargs to long options: + --*=*) + func_split_long_opt "$opt" + set dummy "$func_split_long_opt_name" "$func_split_long_opt_arg" ${1+"$@"} + shift + ;; + + # Separate non-argument short options: + -\?*|-h*|-n*|-v*) + func_split_short_opt "$opt" + set dummy "$func_split_short_opt_name" "-$func_split_short_opt_arg" ${1+"$@"} + shift + ;; + + --) break ;; + -*) func_fatal_help "unrecognized option \`$opt'" ;; + *) set dummy "$opt" ${1+"$@"}; shift; break ;; + esac + done + + # Validate options: + + # save first non-option argument + if test "$#" -gt 0; then + nonopt="$opt" + shift + fi + + # preserve --debug + test "$opt_debug" = : || func_append preserve_args " --debug" + + case $host in + *cygwin* | *mingw* | *pw32* | *cegcc*) + # don't eliminate duplications in $postdeps and $predeps + opt_duplicate_compiler_generated_deps=: + ;; + *) + opt_duplicate_compiler_generated_deps=$opt_preserve_dup_deps + ;; + esac + + $opt_help || { + # Sanity checks first: + func_check_version_match + + if test "$build_libtool_libs" != yes && test "$build_old_libs" != yes; then + func_fatal_configuration "not configured to build any kind of library" + fi + + # Darwin sucks + eval std_shrext=\"$shrext_cmds\" + + # Only execute mode is allowed to have -dlopen flags. + if test -n "$opt_dlopen" && test "$opt_mode" != execute; then + func_error "unrecognized option \`-dlopen'" + $ECHO "$help" 1>&2 + exit $EXIT_FAILURE + fi + + # Change the help message to a mode-specific one. + generic_help="$help" + help="Try \`$progname --help --mode=$opt_mode' for more information." + } + + + # Bail if the options were screwed + $exit_cmd $EXIT_FAILURE +} + + + + +## ----------- ## +## Main. ## +## ----------- ## + +# func_lalib_p file +# True iff FILE is a libtool `.la' library or `.lo' object file. +# This function is only a basic sanity check; it will hardly flush out +# determined imposters. +func_lalib_p () +{ + test -f "$1" && + $SED -e 4q "$1" 2>/dev/null \ + | $GREP "^# Generated by .*$PACKAGE" > /dev/null 2>&1 +} + +# func_lalib_unsafe_p file +# True iff FILE is a libtool `.la' library or `.lo' object file. +# This function implements the same check as func_lalib_p without +# resorting to external programs. To this end, it redirects stdin and +# closes it afterwards, without saving the original file descriptor. +# As a safety measure, use it only where a negative result would be +# fatal anyway. Works if `file' does not exist. +func_lalib_unsafe_p () +{ + lalib_p=no + if test -f "$1" && test -r "$1" && exec 5<&0 <"$1"; then + for lalib_p_l in 1 2 3 4 + do + read lalib_p_line + case "$lalib_p_line" in + \#\ Generated\ by\ *$PACKAGE* ) lalib_p=yes; break;; + esac + done + exec 0<&5 5<&- + fi + test "$lalib_p" = yes +} + +# func_ltwrapper_script_p file +# True iff FILE is a libtool wrapper script +# This function is only a basic sanity check; it will hardly flush out +# determined imposters. +func_ltwrapper_script_p () +{ + func_lalib_p "$1" +} + +# func_ltwrapper_executable_p file +# True iff FILE is a libtool wrapper executable +# This function is only a basic sanity check; it will hardly flush out +# determined imposters. +func_ltwrapper_executable_p () +{ + func_ltwrapper_exec_suffix= + case $1 in + *.exe) ;; + *) func_ltwrapper_exec_suffix=.exe ;; + esac + $GREP "$magic_exe" "$1$func_ltwrapper_exec_suffix" >/dev/null 2>&1 +} + +# func_ltwrapper_scriptname file +# Assumes file is an ltwrapper_executable +# uses $file to determine the appropriate filename for a +# temporary ltwrapper_script. +func_ltwrapper_scriptname () +{ + func_dirname_and_basename "$1" "" "." + func_stripname '' '.exe' "$func_basename_result" + func_ltwrapper_scriptname_result="$func_dirname_result/$objdir/${func_stripname_result}_ltshwrapper" +} + +# func_ltwrapper_p file +# True iff FILE is a libtool wrapper script or wrapper executable +# This function is only a basic sanity check; it will hardly flush out +# determined imposters. +func_ltwrapper_p () +{ + func_ltwrapper_script_p "$1" || func_ltwrapper_executable_p "$1" +} + + +# func_execute_cmds commands fail_cmd +# Execute tilde-delimited COMMANDS. +# If FAIL_CMD is given, eval that upon failure. +# FAIL_CMD may read-access the current command in variable CMD! +func_execute_cmds () +{ + $opt_debug + save_ifs=$IFS; IFS='~' + for cmd in $1; do + IFS=$save_ifs + eval cmd=\"$cmd\" + func_show_eval "$cmd" "${2-:}" + done + IFS=$save_ifs +} + + +# func_source file +# Source FILE, adding directory component if necessary. +# Note that it is not necessary on cygwin/mingw to append a dot to +# FILE even if both FILE and FILE.exe exist: automatic-append-.exe +# behavior happens only for exec(3), not for open(2)! Also, sourcing +# `FILE.' does not work on cygwin managed mounts. +func_source () +{ + $opt_debug + case $1 in + */* | *\\*) . "$1" ;; + *) . "./$1" ;; + esac +} + + +# func_resolve_sysroot PATH +# Replace a leading = in PATH with a sysroot. Store the result into +# func_resolve_sysroot_result +func_resolve_sysroot () +{ + func_resolve_sysroot_result=$1 + case $func_resolve_sysroot_result in + =*) + func_stripname '=' '' "$func_resolve_sysroot_result" + func_resolve_sysroot_result=$lt_sysroot$func_stripname_result + ;; + esac +} + +# func_replace_sysroot PATH +# If PATH begins with the sysroot, replace it with = and +# store the result into func_replace_sysroot_result. +func_replace_sysroot () +{ + case "$lt_sysroot:$1" in + ?*:"$lt_sysroot"*) + func_stripname "$lt_sysroot" '' "$1" + func_replace_sysroot_result="=$func_stripname_result" + ;; + *) + # Including no sysroot. + func_replace_sysroot_result=$1 + ;; + esac +} + +# func_infer_tag arg +# Infer tagged configuration to use if any are available and +# if one wasn't chosen via the "--tag" command line option. +# Only attempt this if the compiler in the base compile +# command doesn't match the default compiler. +# arg is usually of the form 'gcc ...' +func_infer_tag () +{ + $opt_debug + if test -n "$available_tags" && test -z "$tagname"; then + CC_quoted= + for arg in $CC; do + func_append_quoted CC_quoted "$arg" + done + CC_expanded=`func_echo_all $CC` + CC_quoted_expanded=`func_echo_all $CC_quoted` + case $@ in + # Blanks in the command may have been stripped by the calling shell, + # but not from the CC environment variable when configure was run. + " $CC "* | "$CC "* | " $CC_expanded "* | "$CC_expanded "* | \ + " $CC_quoted"* | "$CC_quoted "* | " $CC_quoted_expanded "* | "$CC_quoted_expanded "*) ;; + # Blanks at the start of $base_compile will cause this to fail + # if we don't check for them as well. + *) + for z in $available_tags; do + if $GREP "^# ### BEGIN LIBTOOL TAG CONFIG: $z$" < "$progpath" > /dev/null; then + # Evaluate the configuration. + eval "`${SED} -n -e '/^# ### BEGIN LIBTOOL TAG CONFIG: '$z'$/,/^# ### END LIBTOOL TAG CONFIG: '$z'$/p' < $progpath`" + CC_quoted= + for arg in $CC; do + # Double-quote args containing other shell metacharacters. + func_append_quoted CC_quoted "$arg" + done + CC_expanded=`func_echo_all $CC` + CC_quoted_expanded=`func_echo_all $CC_quoted` + case "$@ " in + " $CC "* | "$CC "* | " $CC_expanded "* | "$CC_expanded "* | \ + " $CC_quoted"* | "$CC_quoted "* | " $CC_quoted_expanded "* | "$CC_quoted_expanded "*) + # The compiler in the base compile command matches + # the one in the tagged configuration. + # Assume this is the tagged configuration we want. + tagname=$z + break + ;; + esac + fi + done + # If $tagname still isn't set, then no tagged configuration + # was found and let the user know that the "--tag" command + # line option must be used. + if test -z "$tagname"; then + func_echo "unable to infer tagged configuration" + func_fatal_error "specify a tag with \`--tag'" +# else +# func_verbose "using $tagname tagged configuration" + fi + ;; + esac + fi +} + + + +# func_write_libtool_object output_name pic_name nonpic_name +# Create a libtool object file (analogous to a ".la" file), +# but don't create it if we're doing a dry run. +func_write_libtool_object () +{ + write_libobj=${1} + if test "$build_libtool_libs" = yes; then + write_lobj=\'${2}\' + else + write_lobj=none + fi + + if test "$build_old_libs" = yes; then + write_oldobj=\'${3}\' + else + write_oldobj=none + fi + + $opt_dry_run || { + cat >${write_libobj}T </dev/null` + if test "$?" -eq 0 && test -n "${func_convert_core_file_wine_to_w32_tmp}"; then + func_convert_core_file_wine_to_w32_result=`$ECHO "$func_convert_core_file_wine_to_w32_tmp" | + $SED -e "$lt_sed_naive_backslashify"` + else + func_convert_core_file_wine_to_w32_result= + fi + fi +} +# end: func_convert_core_file_wine_to_w32 + + +# func_convert_core_path_wine_to_w32 ARG +# Helper function used by path conversion functions when $build is *nix, and +# $host is mingw, cygwin, or some other w32 environment. Relies on a correctly +# configured wine environment available, with the winepath program in $build's +# $PATH. Assumes ARG has no leading or trailing path separator characters. +# +# ARG is path to be converted from $build format to win32. +# Result is available in $func_convert_core_path_wine_to_w32_result. +# Unconvertible file (directory) names in ARG are skipped; if no directory names +# are convertible, then the result may be empty. +func_convert_core_path_wine_to_w32 () +{ + $opt_debug + # unfortunately, winepath doesn't convert paths, only file names + func_convert_core_path_wine_to_w32_result="" + if test -n "$1"; then + oldIFS=$IFS + IFS=: + for func_convert_core_path_wine_to_w32_f in $1; do + IFS=$oldIFS + func_convert_core_file_wine_to_w32 "$func_convert_core_path_wine_to_w32_f" + if test -n "$func_convert_core_file_wine_to_w32_result" ; then + if test -z "$func_convert_core_path_wine_to_w32_result"; then + func_convert_core_path_wine_to_w32_result="$func_convert_core_file_wine_to_w32_result" + else + func_append func_convert_core_path_wine_to_w32_result ";$func_convert_core_file_wine_to_w32_result" + fi + fi + done + IFS=$oldIFS + fi +} +# end: func_convert_core_path_wine_to_w32 + + +# func_cygpath ARGS... +# Wrapper around calling the cygpath program via LT_CYGPATH. This is used when +# when (1) $build is *nix and Cygwin is hosted via a wine environment; or (2) +# $build is MSYS and $host is Cygwin, or (3) $build is Cygwin. In case (1) or +# (2), returns the Cygwin file name or path in func_cygpath_result (input +# file name or path is assumed to be in w32 format, as previously converted +# from $build's *nix or MSYS format). In case (3), returns the w32 file name +# or path in func_cygpath_result (input file name or path is assumed to be in +# Cygwin format). Returns an empty string on error. +# +# ARGS are passed to cygpath, with the last one being the file name or path to +# be converted. +# +# Specify the absolute *nix (or w32) name to cygpath in the LT_CYGPATH +# environment variable; do not put it in $PATH. +func_cygpath () +{ + $opt_debug + if test -n "$LT_CYGPATH" && test -f "$LT_CYGPATH"; then + func_cygpath_result=`$LT_CYGPATH "$@" 2>/dev/null` + if test "$?" -ne 0; then + # on failure, ensure result is empty + func_cygpath_result= + fi + else + func_cygpath_result= + func_error "LT_CYGPATH is empty or specifies non-existent file: \`$LT_CYGPATH'" + fi +} +#end: func_cygpath + + +# func_convert_core_msys_to_w32 ARG +# Convert file name or path ARG from MSYS format to w32 format. Return +# result in func_convert_core_msys_to_w32_result. +func_convert_core_msys_to_w32 () +{ + $opt_debug + # awkward: cmd appends spaces to result + func_convert_core_msys_to_w32_result=`( cmd //c echo "$1" ) 2>/dev/null | + $SED -e 's/[ ]*$//' -e "$lt_sed_naive_backslashify"` +} +#end: func_convert_core_msys_to_w32 + + +# func_convert_file_check ARG1 ARG2 +# Verify that ARG1 (a file name in $build format) was converted to $host +# format in ARG2. Otherwise, emit an error message, but continue (resetting +# func_to_host_file_result to ARG1). +func_convert_file_check () +{ + $opt_debug + if test -z "$2" && test -n "$1" ; then + func_error "Could not determine host file name corresponding to" + func_error " \`$1'" + func_error "Continuing, but uninstalled executables may not work." + # Fallback: + func_to_host_file_result="$1" + fi +} +# end func_convert_file_check + + +# func_convert_path_check FROM_PATHSEP TO_PATHSEP FROM_PATH TO_PATH +# Verify that FROM_PATH (a path in $build format) was converted to $host +# format in TO_PATH. Otherwise, emit an error message, but continue, resetting +# func_to_host_file_result to a simplistic fallback value (see below). +func_convert_path_check () +{ + $opt_debug + if test -z "$4" && test -n "$3"; then + func_error "Could not determine the host path corresponding to" + func_error " \`$3'" + func_error "Continuing, but uninstalled executables may not work." + # Fallback. This is a deliberately simplistic "conversion" and + # should not be "improved". See libtool.info. + if test "x$1" != "x$2"; then + lt_replace_pathsep_chars="s|$1|$2|g" + func_to_host_path_result=`echo "$3" | + $SED -e "$lt_replace_pathsep_chars"` + else + func_to_host_path_result="$3" + fi + fi +} +# end func_convert_path_check + + +# func_convert_path_front_back_pathsep FRONTPAT BACKPAT REPL ORIG +# Modifies func_to_host_path_result by prepending REPL if ORIG matches FRONTPAT +# and appending REPL if ORIG matches BACKPAT. +func_convert_path_front_back_pathsep () +{ + $opt_debug + case $4 in + $1 ) func_to_host_path_result="$3$func_to_host_path_result" + ;; + esac + case $4 in + $2 ) func_append func_to_host_path_result "$3" + ;; + esac +} +# end func_convert_path_front_back_pathsep + + +################################################## +# $build to $host FILE NAME CONVERSION FUNCTIONS # +################################################## +# invoked via `$to_host_file_cmd ARG' +# +# In each case, ARG is the path to be converted from $build to $host format. +# Result will be available in $func_to_host_file_result. + + +# func_to_host_file ARG +# Converts the file name ARG from $build format to $host format. Return result +# in func_to_host_file_result. +func_to_host_file () +{ + $opt_debug + $to_host_file_cmd "$1" +} +# end func_to_host_file + + +# func_to_tool_file ARG LAZY +# converts the file name ARG from $build format to toolchain format. Return +# result in func_to_tool_file_result. If the conversion in use is listed +# in (the comma separated) LAZY, no conversion takes place. +func_to_tool_file () +{ + $opt_debug + case ,$2, in + *,"$to_tool_file_cmd",*) + func_to_tool_file_result=$1 + ;; + *) + $to_tool_file_cmd "$1" + func_to_tool_file_result=$func_to_host_file_result + ;; + esac +} +# end func_to_tool_file + + +# func_convert_file_noop ARG +# Copy ARG to func_to_host_file_result. +func_convert_file_noop () +{ + func_to_host_file_result="$1" +} +# end func_convert_file_noop + + +# func_convert_file_msys_to_w32 ARG +# Convert file name ARG from (mingw) MSYS to (mingw) w32 format; automatic +# conversion to w32 is not available inside the cwrapper. Returns result in +# func_to_host_file_result. +func_convert_file_msys_to_w32 () +{ + $opt_debug + func_to_host_file_result="$1" + if test -n "$1"; then + func_convert_core_msys_to_w32 "$1" + func_to_host_file_result="$func_convert_core_msys_to_w32_result" + fi + func_convert_file_check "$1" "$func_to_host_file_result" +} +# end func_convert_file_msys_to_w32 + + +# func_convert_file_cygwin_to_w32 ARG +# Convert file name ARG from Cygwin to w32 format. Returns result in +# func_to_host_file_result. +func_convert_file_cygwin_to_w32 () +{ + $opt_debug + func_to_host_file_result="$1" + if test -n "$1"; then + # because $build is cygwin, we call "the" cygpath in $PATH; no need to use + # LT_CYGPATH in this case. + func_to_host_file_result=`cygpath -m "$1"` + fi + func_convert_file_check "$1" "$func_to_host_file_result" +} +# end func_convert_file_cygwin_to_w32 + + +# func_convert_file_nix_to_w32 ARG +# Convert file name ARG from *nix to w32 format. Requires a wine environment +# and a working winepath. Returns result in func_to_host_file_result. +func_convert_file_nix_to_w32 () +{ + $opt_debug + func_to_host_file_result="$1" + if test -n "$1"; then + func_convert_core_file_wine_to_w32 "$1" + func_to_host_file_result="$func_convert_core_file_wine_to_w32_result" + fi + func_convert_file_check "$1" "$func_to_host_file_result" +} +# end func_convert_file_nix_to_w32 + + +# func_convert_file_msys_to_cygwin ARG +# Convert file name ARG from MSYS to Cygwin format. Requires LT_CYGPATH set. +# Returns result in func_to_host_file_result. +func_convert_file_msys_to_cygwin () +{ + $opt_debug + func_to_host_file_result="$1" + if test -n "$1"; then + func_convert_core_msys_to_w32 "$1" + func_cygpath -u "$func_convert_core_msys_to_w32_result" + func_to_host_file_result="$func_cygpath_result" + fi + func_convert_file_check "$1" "$func_to_host_file_result" +} +# end func_convert_file_msys_to_cygwin + + +# func_convert_file_nix_to_cygwin ARG +# Convert file name ARG from *nix to Cygwin format. Requires Cygwin installed +# in a wine environment, working winepath, and LT_CYGPATH set. Returns result +# in func_to_host_file_result. +func_convert_file_nix_to_cygwin () +{ + $opt_debug + func_to_host_file_result="$1" + if test -n "$1"; then + # convert from *nix to w32, then use cygpath to convert from w32 to cygwin. + func_convert_core_file_wine_to_w32 "$1" + func_cygpath -u "$func_convert_core_file_wine_to_w32_result" + func_to_host_file_result="$func_cygpath_result" + fi + func_convert_file_check "$1" "$func_to_host_file_result" +} +# end func_convert_file_nix_to_cygwin + + +############################################# +# $build to $host PATH CONVERSION FUNCTIONS # +############################################# +# invoked via `$to_host_path_cmd ARG' +# +# In each case, ARG is the path to be converted from $build to $host format. +# The result will be available in $func_to_host_path_result. +# +# Path separators are also converted from $build format to $host format. If +# ARG begins or ends with a path separator character, it is preserved (but +# converted to $host format) on output. +# +# All path conversion functions are named using the following convention: +# file name conversion function : func_convert_file_X_to_Y () +# path conversion function : func_convert_path_X_to_Y () +# where, for any given $build/$host combination the 'X_to_Y' value is the +# same. If conversion functions are added for new $build/$host combinations, +# the two new functions must follow this pattern, or func_init_to_host_path_cmd +# will break. + + +# func_init_to_host_path_cmd +# Ensures that function "pointer" variable $to_host_path_cmd is set to the +# appropriate value, based on the value of $to_host_file_cmd. +to_host_path_cmd= +func_init_to_host_path_cmd () +{ + $opt_debug + if test -z "$to_host_path_cmd"; then + func_stripname 'func_convert_file_' '' "$to_host_file_cmd" + to_host_path_cmd="func_convert_path_${func_stripname_result}" + fi +} + + +# func_to_host_path ARG +# Converts the path ARG from $build format to $host format. Return result +# in func_to_host_path_result. +func_to_host_path () +{ + $opt_debug + func_init_to_host_path_cmd + $to_host_path_cmd "$1" +} +# end func_to_host_path + + +# func_convert_path_noop ARG +# Copy ARG to func_to_host_path_result. +func_convert_path_noop () +{ + func_to_host_path_result="$1" +} +# end func_convert_path_noop + + +# func_convert_path_msys_to_w32 ARG +# Convert path ARG from (mingw) MSYS to (mingw) w32 format; automatic +# conversion to w32 is not available inside the cwrapper. Returns result in +# func_to_host_path_result. +func_convert_path_msys_to_w32 () +{ + $opt_debug + func_to_host_path_result="$1" + if test -n "$1"; then + # Remove leading and trailing path separator characters from ARG. MSYS + # behavior is inconsistent here; cygpath turns them into '.;' and ';.'; + # and winepath ignores them completely. + func_stripname : : "$1" + func_to_host_path_tmp1=$func_stripname_result + func_convert_core_msys_to_w32 "$func_to_host_path_tmp1" + func_to_host_path_result="$func_convert_core_msys_to_w32_result" + func_convert_path_check : ";" \ + "$func_to_host_path_tmp1" "$func_to_host_path_result" + func_convert_path_front_back_pathsep ":*" "*:" ";" "$1" + fi +} +# end func_convert_path_msys_to_w32 + + +# func_convert_path_cygwin_to_w32 ARG +# Convert path ARG from Cygwin to w32 format. Returns result in +# func_to_host_file_result. +func_convert_path_cygwin_to_w32 () +{ + $opt_debug + func_to_host_path_result="$1" + if test -n "$1"; then + # See func_convert_path_msys_to_w32: + func_stripname : : "$1" + func_to_host_path_tmp1=$func_stripname_result + func_to_host_path_result=`cygpath -m -p "$func_to_host_path_tmp1"` + func_convert_path_check : ";" \ + "$func_to_host_path_tmp1" "$func_to_host_path_result" + func_convert_path_front_back_pathsep ":*" "*:" ";" "$1" + fi +} +# end func_convert_path_cygwin_to_w32 + + +# func_convert_path_nix_to_w32 ARG +# Convert path ARG from *nix to w32 format. Requires a wine environment and +# a working winepath. Returns result in func_to_host_file_result. +func_convert_path_nix_to_w32 () +{ + $opt_debug + func_to_host_path_result="$1" + if test -n "$1"; then + # See func_convert_path_msys_to_w32: + func_stripname : : "$1" + func_to_host_path_tmp1=$func_stripname_result + func_convert_core_path_wine_to_w32 "$func_to_host_path_tmp1" + func_to_host_path_result="$func_convert_core_path_wine_to_w32_result" + func_convert_path_check : ";" \ + "$func_to_host_path_tmp1" "$func_to_host_path_result" + func_convert_path_front_back_pathsep ":*" "*:" ";" "$1" + fi +} +# end func_convert_path_nix_to_w32 + + +# func_convert_path_msys_to_cygwin ARG +# Convert path ARG from MSYS to Cygwin format. Requires LT_CYGPATH set. +# Returns result in func_to_host_file_result. +func_convert_path_msys_to_cygwin () +{ + $opt_debug + func_to_host_path_result="$1" + if test -n "$1"; then + # See func_convert_path_msys_to_w32: + func_stripname : : "$1" + func_to_host_path_tmp1=$func_stripname_result + func_convert_core_msys_to_w32 "$func_to_host_path_tmp1" + func_cygpath -u -p "$func_convert_core_msys_to_w32_result" + func_to_host_path_result="$func_cygpath_result" + func_convert_path_check : : \ + "$func_to_host_path_tmp1" "$func_to_host_path_result" + func_convert_path_front_back_pathsep ":*" "*:" : "$1" + fi +} +# end func_convert_path_msys_to_cygwin + + +# func_convert_path_nix_to_cygwin ARG +# Convert path ARG from *nix to Cygwin format. Requires Cygwin installed in a +# a wine environment, working winepath, and LT_CYGPATH set. Returns result in +# func_to_host_file_result. +func_convert_path_nix_to_cygwin () +{ + $opt_debug + func_to_host_path_result="$1" + if test -n "$1"; then + # Remove leading and trailing path separator characters from + # ARG. msys behavior is inconsistent here, cygpath turns them + # into '.;' and ';.', and winepath ignores them completely. + func_stripname : : "$1" + func_to_host_path_tmp1=$func_stripname_result + func_convert_core_path_wine_to_w32 "$func_to_host_path_tmp1" + func_cygpath -u -p "$func_convert_core_path_wine_to_w32_result" + func_to_host_path_result="$func_cygpath_result" + func_convert_path_check : : \ + "$func_to_host_path_tmp1" "$func_to_host_path_result" + func_convert_path_front_back_pathsep ":*" "*:" : "$1" + fi +} +# end func_convert_path_nix_to_cygwin + + +# func_mode_compile arg... +func_mode_compile () +{ + $opt_debug + # Get the compilation command and the source file. + base_compile= + srcfile="$nonopt" # always keep a non-empty value in "srcfile" + suppress_opt=yes + suppress_output= + arg_mode=normal + libobj= + later= + pie_flag= + + for arg + do + case $arg_mode in + arg ) + # do not "continue". Instead, add this to base_compile + lastarg="$arg" + arg_mode=normal + ;; + + target ) + libobj="$arg" + arg_mode=normal + continue + ;; + + normal ) + # Accept any command-line options. + case $arg in + -o) + test -n "$libobj" && \ + func_fatal_error "you cannot specify \`-o' more than once" + arg_mode=target + continue + ;; + + -pie | -fpie | -fPIE) + func_append pie_flag " $arg" + continue + ;; + + -shared | -static | -prefer-pic | -prefer-non-pic) + func_append later " $arg" + continue + ;; + + -no-suppress) + suppress_opt=no + continue + ;; + + -Xcompiler) + arg_mode=arg # the next one goes into the "base_compile" arg list + continue # The current "srcfile" will either be retained or + ;; # replaced later. I would guess that would be a bug. + + -Wc,*) + func_stripname '-Wc,' '' "$arg" + args=$func_stripname_result + lastarg= + save_ifs="$IFS"; IFS=',' + for arg in $args; do + IFS="$save_ifs" + func_append_quoted lastarg "$arg" + done + IFS="$save_ifs" + func_stripname ' ' '' "$lastarg" + lastarg=$func_stripname_result + + # Add the arguments to base_compile. + func_append base_compile " $lastarg" + continue + ;; + + *) + # Accept the current argument as the source file. + # The previous "srcfile" becomes the current argument. + # + lastarg="$srcfile" + srcfile="$arg" + ;; + esac # case $arg + ;; + esac # case $arg_mode + + # Aesthetically quote the previous argument. + func_append_quoted base_compile "$lastarg" + done # for arg + + case $arg_mode in + arg) + func_fatal_error "you must specify an argument for -Xcompile" + ;; + target) + func_fatal_error "you must specify a target with \`-o'" + ;; + *) + # Get the name of the library object. + test -z "$libobj" && { + func_basename "$srcfile" + libobj="$func_basename_result" + } + ;; + esac + + # Recognize several different file suffixes. + # If the user specifies -o file.o, it is replaced with file.lo + case $libobj in + *.[cCFSifmso] | \ + *.ada | *.adb | *.ads | *.asm | \ + *.c++ | *.cc | *.ii | *.class | *.cpp | *.cxx | \ + *.[fF][09]? | *.for | *.java | *.go | *.obj | *.sx | *.cu | *.cup) + func_xform "$libobj" + libobj=$func_xform_result + ;; + esac + + case $libobj in + *.lo) func_lo2o "$libobj"; obj=$func_lo2o_result ;; + *) + func_fatal_error "cannot determine name of library object from \`$libobj'" + ;; + esac + + func_infer_tag $base_compile + + for arg in $later; do + case $arg in + -shared) + test "$build_libtool_libs" != yes && \ + func_fatal_configuration "can not build a shared library" + build_old_libs=no + continue + ;; + + -static) + build_libtool_libs=no + build_old_libs=yes + continue + ;; + + -prefer-pic) + pic_mode=yes + continue + ;; + + -prefer-non-pic) + pic_mode=no + continue + ;; + esac + done + + func_quote_for_eval "$libobj" + test "X$libobj" != "X$func_quote_for_eval_result" \ + && $ECHO "X$libobj" | $GREP '[]~#^*{};<>?"'"'"' &()|`$[]' \ + && func_warning "libobj name \`$libobj' may not contain shell special characters." + func_dirname_and_basename "$obj" "/" "" + objname="$func_basename_result" + xdir="$func_dirname_result" + lobj=${xdir}$objdir/$objname + + test -z "$base_compile" && \ + func_fatal_help "you must specify a compilation command" + + # Delete any leftover library objects. + if test "$build_old_libs" = yes; then + removelist="$obj $lobj $libobj ${libobj}T" + else + removelist="$lobj $libobj ${libobj}T" + fi + + # On Cygwin there's no "real" PIC flag so we must build both object types + case $host_os in + cygwin* | mingw* | pw32* | os2* | cegcc*) + pic_mode=default + ;; + esac + if test "$pic_mode" = no && test "$deplibs_check_method" != pass_all; then + # non-PIC code in shared libraries is not supported + pic_mode=default + fi + + # Calculate the filename of the output object if compiler does + # not support -o with -c + if test "$compiler_c_o" = no; then + output_obj=`$ECHO "$srcfile" | $SED 's%^.*/%%; s%\.[^.]*$%%'`.${objext} + lockfile="$output_obj.lock" + else + output_obj= + need_locks=no + lockfile= + fi + + # Lock this critical section if it is needed + # We use this script file to make the link, it avoids creating a new file + if test "$need_locks" = yes; then + until $opt_dry_run || ln "$progpath" "$lockfile" 2>/dev/null; do + func_echo "Waiting for $lockfile to be removed" + sleep 2 + done + elif test "$need_locks" = warn; then + if test -f "$lockfile"; then + $ECHO "\ +*** ERROR, $lockfile exists and contains: +`cat $lockfile 2>/dev/null` + +This indicates that another process is trying to use the same +temporary object file, and libtool could not work around it because +your compiler does not support \`-c' and \`-o' together. If you +repeat this compilation, it may succeed, by chance, but you had better +avoid parallel builds (make -j) in this platform, or get a better +compiler." + + $opt_dry_run || $RM $removelist + exit $EXIT_FAILURE + fi + func_append removelist " $output_obj" + $ECHO "$srcfile" > "$lockfile" + fi + + $opt_dry_run || $RM $removelist + func_append removelist " $lockfile" + trap '$opt_dry_run || $RM $removelist; exit $EXIT_FAILURE' 1 2 15 + + func_to_tool_file "$srcfile" func_convert_file_msys_to_w32 + srcfile=$func_to_tool_file_result + func_quote_for_eval "$srcfile" + qsrcfile=$func_quote_for_eval_result + + # Only build a PIC object if we are building libtool libraries. + if test "$build_libtool_libs" = yes; then + # Without this assignment, base_compile gets emptied. + fbsd_hideous_sh_bug=$base_compile + + if test "$pic_mode" != no; then + command="$base_compile $qsrcfile $pic_flag" + else + # Don't build PIC code + command="$base_compile $qsrcfile" + fi + + func_mkdir_p "$xdir$objdir" + + if test -z "$output_obj"; then + # Place PIC objects in $objdir + func_append command " -o $lobj" + fi + + func_show_eval_locale "$command" \ + 'test -n "$output_obj" && $RM $removelist; exit $EXIT_FAILURE' + + if test "$need_locks" = warn && + test "X`cat $lockfile 2>/dev/null`" != "X$srcfile"; then + $ECHO "\ +*** ERROR, $lockfile contains: +`cat $lockfile 2>/dev/null` + +but it should contain: +$srcfile + +This indicates that another process is trying to use the same +temporary object file, and libtool could not work around it because +your compiler does not support \`-c' and \`-o' together. If you +repeat this compilation, it may succeed, by chance, but you had better +avoid parallel builds (make -j) in this platform, or get a better +compiler." + + $opt_dry_run || $RM $removelist + exit $EXIT_FAILURE + fi + + # Just move the object if needed, then go on to compile the next one + if test -n "$output_obj" && test "X$output_obj" != "X$lobj"; then + func_show_eval '$MV "$output_obj" "$lobj"' \ + 'error=$?; $opt_dry_run || $RM $removelist; exit $error' + fi + + # Allow error messages only from the first compilation. + if test "$suppress_opt" = yes; then + suppress_output=' >/dev/null 2>&1' + fi + fi + + # Only build a position-dependent object if we build old libraries. + if test "$build_old_libs" = yes; then + if test "$pic_mode" != yes; then + # Don't build PIC code + command="$base_compile $qsrcfile$pie_flag" + else + command="$base_compile $qsrcfile $pic_flag" + fi + if test "$compiler_c_o" = yes; then + func_append command " -o $obj" + fi + + # Suppress compiler output if we already did a PIC compilation. + func_append command "$suppress_output" + func_show_eval_locale "$command" \ + '$opt_dry_run || $RM $removelist; exit $EXIT_FAILURE' + + if test "$need_locks" = warn && + test "X`cat $lockfile 2>/dev/null`" != "X$srcfile"; then + $ECHO "\ +*** ERROR, $lockfile contains: +`cat $lockfile 2>/dev/null` + +but it should contain: +$srcfile + +This indicates that another process is trying to use the same +temporary object file, and libtool could not work around it because +your compiler does not support \`-c' and \`-o' together. If you +repeat this compilation, it may succeed, by chance, but you had better +avoid parallel builds (make -j) in this platform, or get a better +compiler." + + $opt_dry_run || $RM $removelist + exit $EXIT_FAILURE + fi + + # Just move the object if needed + if test -n "$output_obj" && test "X$output_obj" != "X$obj"; then + func_show_eval '$MV "$output_obj" "$obj"' \ + 'error=$?; $opt_dry_run || $RM $removelist; exit $error' + fi + fi + + $opt_dry_run || { + func_write_libtool_object "$libobj" "$objdir/$objname" "$objname" + + # Unlock the critical section if it was locked + if test "$need_locks" != no; then + removelist=$lockfile + $RM "$lockfile" + fi + } + + exit $EXIT_SUCCESS +} + +$opt_help || { + test "$opt_mode" = compile && func_mode_compile ${1+"$@"} +} + +func_mode_help () +{ + # We need to display help for each of the modes. + case $opt_mode in + "") + # Generic help is extracted from the usage comments + # at the start of this file. + func_help + ;; + + clean) + $ECHO \ +"Usage: $progname [OPTION]... --mode=clean RM [RM-OPTION]... FILE... + +Remove files from the build directory. + +RM is the name of the program to use to delete files associated with each FILE +(typically \`/bin/rm'). RM-OPTIONS are options (such as \`-f') to be passed +to RM. + +If FILE is a libtool library, object or program, all the files associated +with it are deleted. Otherwise, only FILE itself is deleted using RM." + ;; + + compile) + $ECHO \ +"Usage: $progname [OPTION]... --mode=compile COMPILE-COMMAND... SOURCEFILE + +Compile a source file into a libtool library object. + +This mode accepts the following additional options: + + -o OUTPUT-FILE set the output file name to OUTPUT-FILE + -no-suppress do not suppress compiler output for multiple passes + -prefer-pic try to build PIC objects only + -prefer-non-pic try to build non-PIC objects only + -shared do not build a \`.o' file suitable for static linking + -static only build a \`.o' file suitable for static linking + -Wc,FLAG pass FLAG directly to the compiler + +COMPILE-COMMAND is a command to be used in creating a \`standard' object file +from the given SOURCEFILE. + +The output file name is determined by removing the directory component from +SOURCEFILE, then substituting the C source code suffix \`.c' with the +library object suffix, \`.lo'." + ;; + + execute) + $ECHO \ +"Usage: $progname [OPTION]... --mode=execute COMMAND [ARGS]... + +Automatically set library path, then run a program. + +This mode accepts the following additional options: + + -dlopen FILE add the directory containing FILE to the library path + +This mode sets the library path environment variable according to \`-dlopen' +flags. + +If any of the ARGS are libtool executable wrappers, then they are translated +into their corresponding uninstalled binary, and any of their required library +directories are added to the library path. + +Then, COMMAND is executed, with ARGS as arguments." + ;; + + finish) + $ECHO \ +"Usage: $progname [OPTION]... --mode=finish [LIBDIR]... + +Complete the installation of libtool libraries. + +Each LIBDIR is a directory that contains libtool libraries. + +The commands that this mode executes may require superuser privileges. Use +the \`--dry-run' option if you just want to see what would be executed." + ;; + + install) + $ECHO \ +"Usage: $progname [OPTION]... --mode=install INSTALL-COMMAND... + +Install executables or libraries. + +INSTALL-COMMAND is the installation command. The first component should be +either the \`install' or \`cp' program. + +The following components of INSTALL-COMMAND are treated specially: + + -inst-prefix-dir PREFIX-DIR Use PREFIX-DIR as a staging area for installation + +The rest of the components are interpreted as arguments to that command (only +BSD-compatible install options are recognized)." + ;; + + link) + $ECHO \ +"Usage: $progname [OPTION]... --mode=link LINK-COMMAND... + +Link object files or libraries together to form another library, or to +create an executable program. + +LINK-COMMAND is a command using the C compiler that you would use to create +a program from several object files. + +The following components of LINK-COMMAND are treated specially: + + -all-static do not do any dynamic linking at all + -avoid-version do not add a version suffix if possible + -bindir BINDIR specify path to binaries directory (for systems where + libraries must be found in the PATH setting at runtime) + -dlopen FILE \`-dlpreopen' FILE if it cannot be dlopened at runtime + -dlpreopen FILE link in FILE and add its symbols to lt_preloaded_symbols + -export-dynamic allow symbols from OUTPUT-FILE to be resolved with dlsym(3) + -export-symbols SYMFILE + try to export only the symbols listed in SYMFILE + -export-symbols-regex REGEX + try to export only the symbols matching REGEX + -LLIBDIR search LIBDIR for required installed libraries + -lNAME OUTPUT-FILE requires the installed library libNAME + -module build a library that can dlopened + -no-fast-install disable the fast-install mode + -no-install link a not-installable executable + -no-undefined declare that a library does not refer to external symbols + -o OUTPUT-FILE create OUTPUT-FILE from the specified objects + -objectlist FILE Use a list of object files found in FILE to specify objects + -precious-files-regex REGEX + don't remove output files matching REGEX + -release RELEASE specify package release information + -rpath LIBDIR the created library will eventually be installed in LIBDIR + -R[ ]LIBDIR add LIBDIR to the runtime path of programs and libraries + -shared only do dynamic linking of libtool libraries + -shrext SUFFIX override the standard shared library file extension + -static do not do any dynamic linking of uninstalled libtool libraries + -static-libtool-libs + do not do any dynamic linking of libtool libraries + -version-info CURRENT[:REVISION[:AGE]] + specify library version info [each variable defaults to 0] + -weak LIBNAME declare that the target provides the LIBNAME interface + -Wc,FLAG + -Xcompiler FLAG pass linker-specific FLAG directly to the compiler + -Wl,FLAG + -Xlinker FLAG pass linker-specific FLAG directly to the linker + -XCClinker FLAG pass link-specific FLAG to the compiler driver (CC) + +All other options (arguments beginning with \`-') are ignored. + +Every other argument is treated as a filename. Files ending in \`.la' are +treated as uninstalled libtool libraries, other files are standard or library +object files. + +If the OUTPUT-FILE ends in \`.la', then a libtool library is created, +only library objects (\`.lo' files) may be specified, and \`-rpath' is +required, except when creating a convenience library. + +If OUTPUT-FILE ends in \`.a' or \`.lib', then a standard library is created +using \`ar' and \`ranlib', or on Windows using \`lib'. + +If OUTPUT-FILE ends in \`.lo' or \`.${objext}', then a reloadable object file +is created, otherwise an executable program is created." + ;; + + uninstall) + $ECHO \ +"Usage: $progname [OPTION]... --mode=uninstall RM [RM-OPTION]... FILE... + +Remove libraries from an installation directory. + +RM is the name of the program to use to delete files associated with each FILE +(typically \`/bin/rm'). RM-OPTIONS are options (such as \`-f') to be passed +to RM. + +If FILE is a libtool library, all the files associated with it are deleted. +Otherwise, only FILE itself is deleted using RM." + ;; + + *) + func_fatal_help "invalid operation mode \`$opt_mode'" + ;; + esac + + echo + $ECHO "Try \`$progname --help' for more information about other modes." +} + +# Now that we've collected a possible --mode arg, show help if necessary +if $opt_help; then + if test "$opt_help" = :; then + func_mode_help + else + { + func_help noexit + for opt_mode in compile link execute install finish uninstall clean; do + func_mode_help + done + } | sed -n '1p; 2,$s/^Usage:/ or: /p' + { + func_help noexit + for opt_mode in compile link execute install finish uninstall clean; do + echo + func_mode_help + done + } | + sed '1d + /^When reporting/,/^Report/{ + H + d + } + $x + /information about other modes/d + /more detailed .*MODE/d + s/^Usage:.*--mode=\([^ ]*\) .*/Description of \1 mode:/' + fi + exit $? +fi + + +# func_mode_execute arg... +func_mode_execute () +{ + $opt_debug + # The first argument is the command name. + cmd="$nonopt" + test -z "$cmd" && \ + func_fatal_help "you must specify a COMMAND" + + # Handle -dlopen flags immediately. + for file in $opt_dlopen; do + test -f "$file" \ + || func_fatal_help "\`$file' is not a file" + + dir= + case $file in + *.la) + func_resolve_sysroot "$file" + file=$func_resolve_sysroot_result + + # Check to see that this really is a libtool archive. + func_lalib_unsafe_p "$file" \ + || func_fatal_help "\`$lib' is not a valid libtool archive" + + # Read the libtool library. + dlname= + library_names= + func_source "$file" + + # Skip this library if it cannot be dlopened. + if test -z "$dlname"; then + # Warn if it was a shared library. + test -n "$library_names" && \ + func_warning "\`$file' was not linked with \`-export-dynamic'" + continue + fi + + func_dirname "$file" "" "." + dir="$func_dirname_result" + + if test -f "$dir/$objdir/$dlname"; then + func_append dir "/$objdir" + else + if test ! -f "$dir/$dlname"; then + func_fatal_error "cannot find \`$dlname' in \`$dir' or \`$dir/$objdir'" + fi + fi + ;; + + *.lo) + # Just add the directory containing the .lo file. + func_dirname "$file" "" "." + dir="$func_dirname_result" + ;; + + *) + func_warning "\`-dlopen' is ignored for non-libtool libraries and objects" + continue + ;; + esac + + # Get the absolute pathname. + absdir=`cd "$dir" && pwd` + test -n "$absdir" && dir="$absdir" + + # Now add the directory to shlibpath_var. + if eval "test -z \"\$$shlibpath_var\""; then + eval "$shlibpath_var=\"\$dir\"" + else + eval "$shlibpath_var=\"\$dir:\$$shlibpath_var\"" + fi + done + + # This variable tells wrapper scripts just to set shlibpath_var + # rather than running their programs. + libtool_execute_magic="$magic" + + # Check if any of the arguments is a wrapper script. + args= + for file + do + case $file in + -* | *.la | *.lo ) ;; + *) + # Do a test to see if this is really a libtool program. + if func_ltwrapper_script_p "$file"; then + func_source "$file" + # Transform arg to wrapped name. + file="$progdir/$program" + elif func_ltwrapper_executable_p "$file"; then + func_ltwrapper_scriptname "$file" + func_source "$func_ltwrapper_scriptname_result" + # Transform arg to wrapped name. + file="$progdir/$program" + fi + ;; + esac + # Quote arguments (to preserve shell metacharacters). + func_append_quoted args "$file" + done + + if test "X$opt_dry_run" = Xfalse; then + if test -n "$shlibpath_var"; then + # Export the shlibpath_var. + eval "export $shlibpath_var" + fi + + # Restore saved environment variables + for lt_var in LANG LANGUAGE LC_ALL LC_CTYPE LC_COLLATE LC_MESSAGES + do + eval "if test \"\${save_$lt_var+set}\" = set; then + $lt_var=\$save_$lt_var; export $lt_var + else + $lt_unset $lt_var + fi" + done + + # Now prepare to actually exec the command. + exec_cmd="\$cmd$args" + else + # Display what would be done. + if test -n "$shlibpath_var"; then + eval "\$ECHO \"\$shlibpath_var=\$$shlibpath_var\"" + echo "export $shlibpath_var" + fi + $ECHO "$cmd$args" + exit $EXIT_SUCCESS + fi +} + +test "$opt_mode" = execute && func_mode_execute ${1+"$@"} + + +# func_mode_finish arg... +func_mode_finish () +{ + $opt_debug + libs= + libdirs= + admincmds= + + for opt in "$nonopt" ${1+"$@"} + do + if test -d "$opt"; then + func_append libdirs " $opt" + + elif test -f "$opt"; then + if func_lalib_unsafe_p "$opt"; then + func_append libs " $opt" + else + func_warning "\`$opt' is not a valid libtool archive" + fi + + else + func_fatal_error "invalid argument \`$opt'" + fi + done + + if test -n "$libs"; then + if test -n "$lt_sysroot"; then + sysroot_regex=`$ECHO "$lt_sysroot" | $SED "$sed_make_literal_regex"` + sysroot_cmd="s/\([ ']\)$sysroot_regex/\1/g;" + else + sysroot_cmd= + fi + + # Remove sysroot references + if $opt_dry_run; then + for lib in $libs; do + echo "removing references to $lt_sysroot and \`=' prefixes from $lib" + done + else + tmpdir=`func_mktempdir` + for lib in $libs; do + sed -e "${sysroot_cmd} s/\([ ']-[LR]\)=/\1/g; s/\([ ']\)=/\1/g" $lib \ + > $tmpdir/tmp-la + mv -f $tmpdir/tmp-la $lib + done + ${RM}r "$tmpdir" + fi + fi + + if test -n "$finish_cmds$finish_eval" && test -n "$libdirs"; then + for libdir in $libdirs; do + if test -n "$finish_cmds"; then + # Do each command in the finish commands. + func_execute_cmds "$finish_cmds" 'admincmds="$admincmds +'"$cmd"'"' + fi + if test -n "$finish_eval"; then + # Do the single finish_eval. + eval cmds=\"$finish_eval\" + $opt_dry_run || eval "$cmds" || func_append admincmds " + $cmds" + fi + done + fi + + # Exit here if they wanted silent mode. + $opt_silent && exit $EXIT_SUCCESS + + if test -n "$finish_cmds$finish_eval" && test -n "$libdirs"; then + echo "----------------------------------------------------------------------" + echo "Libraries have been installed in:" + for libdir in $libdirs; do + $ECHO " $libdir" + done + echo + echo "If you ever happen to want to link against installed libraries" + echo "in a given directory, LIBDIR, you must either use libtool, and" + echo "specify the full pathname of the library, or use the \`-LLIBDIR'" + echo "flag during linking and do at least one of the following:" + if test -n "$shlibpath_var"; then + echo " - add LIBDIR to the \`$shlibpath_var' environment variable" + echo " during execution" + fi + if test -n "$runpath_var"; then + echo " - add LIBDIR to the \`$runpath_var' environment variable" + echo " during linking" + fi + if test -n "$hardcode_libdir_flag_spec"; then + libdir=LIBDIR + eval flag=\"$hardcode_libdir_flag_spec\" + + $ECHO " - use the \`$flag' linker flag" + fi + if test -n "$admincmds"; then + $ECHO " - have your system administrator run these commands:$admincmds" + fi + if test -f /etc/ld.so.conf; then + echo " - have your system administrator add LIBDIR to \`/etc/ld.so.conf'" + fi + echo + + echo "See any operating system documentation about shared libraries for" + case $host in + solaris2.[6789]|solaris2.1[0-9]) + echo "more information, such as the ld(1), crle(1) and ld.so(8) manual" + echo "pages." + ;; + *) + echo "more information, such as the ld(1) and ld.so(8) manual pages." + ;; + esac + echo "----------------------------------------------------------------------" + fi + exit $EXIT_SUCCESS +} + +test "$opt_mode" = finish && func_mode_finish ${1+"$@"} + + +# func_mode_install arg... +func_mode_install () +{ + $opt_debug + # There may be an optional sh(1) argument at the beginning of + # install_prog (especially on Windows NT). + if test "$nonopt" = "$SHELL" || test "$nonopt" = /bin/sh || + # Allow the use of GNU shtool's install command. + case $nonopt in *shtool*) :;; *) false;; esac; then + # Aesthetically quote it. + func_quote_for_eval "$nonopt" + install_prog="$func_quote_for_eval_result " + arg=$1 + shift + else + install_prog= + arg=$nonopt + fi + + # The real first argument should be the name of the installation program. + # Aesthetically quote it. + func_quote_for_eval "$arg" + func_append install_prog "$func_quote_for_eval_result" + install_shared_prog=$install_prog + case " $install_prog " in + *[\\\ /]cp\ *) install_cp=: ;; + *) install_cp=false ;; + esac + + # We need to accept at least all the BSD install flags. + dest= + files= + opts= + prev= + install_type= + isdir=no + stripme= + no_mode=: + for arg + do + arg2= + if test -n "$dest"; then + func_append files " $dest" + dest=$arg + continue + fi + + case $arg in + -d) isdir=yes ;; + -f) + if $install_cp; then :; else + prev=$arg + fi + ;; + -g | -m | -o) + prev=$arg + ;; + -s) + stripme=" -s" + continue + ;; + -*) + ;; + *) + # If the previous option needed an argument, then skip it. + if test -n "$prev"; then + if test "x$prev" = x-m && test -n "$install_override_mode"; then + arg2=$install_override_mode + no_mode=false + fi + prev= + else + dest=$arg + continue + fi + ;; + esac + + # Aesthetically quote the argument. + func_quote_for_eval "$arg" + func_append install_prog " $func_quote_for_eval_result" + if test -n "$arg2"; then + func_quote_for_eval "$arg2" + fi + func_append install_shared_prog " $func_quote_for_eval_result" + done + + test -z "$install_prog" && \ + func_fatal_help "you must specify an install program" + + test -n "$prev" && \ + func_fatal_help "the \`$prev' option requires an argument" + + if test -n "$install_override_mode" && $no_mode; then + if $install_cp; then :; else + func_quote_for_eval "$install_override_mode" + func_append install_shared_prog " -m $func_quote_for_eval_result" + fi + fi + + if test -z "$files"; then + if test -z "$dest"; then + func_fatal_help "no file or destination specified" + else + func_fatal_help "you must specify a destination" + fi + fi + + # Strip any trailing slash from the destination. + func_stripname '' '/' "$dest" + dest=$func_stripname_result + + # Check to see that the destination is a directory. + test -d "$dest" && isdir=yes + if test "$isdir" = yes; then + destdir="$dest" + destname= + else + func_dirname_and_basename "$dest" "" "." + destdir="$func_dirname_result" + destname="$func_basename_result" + + # Not a directory, so check to see that there is only one file specified. + set dummy $files; shift + test "$#" -gt 1 && \ + func_fatal_help "\`$dest' is not a directory" + fi + case $destdir in + [\\/]* | [A-Za-z]:[\\/]*) ;; + *) + for file in $files; do + case $file in + *.lo) ;; + *) + func_fatal_help "\`$destdir' must be an absolute directory name" + ;; + esac + done + ;; + esac + + # This variable tells wrapper scripts just to set variables rather + # than running their programs. + libtool_install_magic="$magic" + + staticlibs= + future_libdirs= + current_libdirs= + for file in $files; do + + # Do each installation. + case $file in + *.$libext) + # Do the static libraries later. + func_append staticlibs " $file" + ;; + + *.la) + func_resolve_sysroot "$file" + file=$func_resolve_sysroot_result + + # Check to see that this really is a libtool archive. + func_lalib_unsafe_p "$file" \ + || func_fatal_help "\`$file' is not a valid libtool archive" + + library_names= + old_library= + relink_command= + func_source "$file" + + # Add the libdir to current_libdirs if it is the destination. + if test "X$destdir" = "X$libdir"; then + case "$current_libdirs " in + *" $libdir "*) ;; + *) func_append current_libdirs " $libdir" ;; + esac + else + # Note the libdir as a future libdir. + case "$future_libdirs " in + *" $libdir "*) ;; + *) func_append future_libdirs " $libdir" ;; + esac + fi + + func_dirname "$file" "/" "" + dir="$func_dirname_result" + func_append dir "$objdir" + + if test -n "$relink_command"; then + # Determine the prefix the user has applied to our future dir. + inst_prefix_dir=`$ECHO "$destdir" | $SED -e "s%$libdir\$%%"` + + # Don't allow the user to place us outside of our expected + # location b/c this prevents finding dependent libraries that + # are installed to the same prefix. + # At present, this check doesn't affect windows .dll's that + # are installed into $libdir/../bin (currently, that works fine) + # but it's something to keep an eye on. + test "$inst_prefix_dir" = "$destdir" && \ + func_fatal_error "error: cannot install \`$file' to a directory not ending in $libdir" + + if test -n "$inst_prefix_dir"; then + # Stick the inst_prefix_dir data into the link command. + relink_command=`$ECHO "$relink_command" | $SED "s%@inst_prefix_dir@%-inst-prefix-dir $inst_prefix_dir%"` + else + relink_command=`$ECHO "$relink_command" | $SED "s%@inst_prefix_dir@%%"` + fi + + func_warning "relinking \`$file'" + func_show_eval "$relink_command" \ + 'func_fatal_error "error: relink \`$file'\'' with the above command before installing it"' + fi + + # See the names of the shared library. + set dummy $library_names; shift + if test -n "$1"; then + realname="$1" + shift + + srcname="$realname" + test -n "$relink_command" && srcname="$realname"T + + # Install the shared library and build the symlinks. + func_show_eval "$install_shared_prog $dir/$srcname $destdir/$realname" \ + 'exit $?' + tstripme="$stripme" + case $host_os in + cygwin* | mingw* | pw32* | cegcc*) + case $realname in + *.dll.a) + tstripme="" + ;; + esac + ;; + esac + if test -n "$tstripme" && test -n "$striplib"; then + func_show_eval "$striplib $destdir/$realname" 'exit $?' + fi + + if test "$#" -gt 0; then + # Delete the old symlinks, and create new ones. + # Try `ln -sf' first, because the `ln' binary might depend on + # the symlink we replace! Solaris /bin/ln does not understand -f, + # so we also need to try rm && ln -s. + for linkname + do + test "$linkname" != "$realname" \ + && func_show_eval "(cd $destdir && { $LN_S -f $realname $linkname || { $RM $linkname && $LN_S $realname $linkname; }; })" + done + fi + + # Do each command in the postinstall commands. + lib="$destdir/$realname" + func_execute_cmds "$postinstall_cmds" 'exit $?' + fi + + # Install the pseudo-library for information purposes. + func_basename "$file" + name="$func_basename_result" + instname="$dir/$name"i + func_show_eval "$install_prog $instname $destdir/$name" 'exit $?' + + # Maybe install the static library, too. + test -n "$old_library" && func_append staticlibs " $dir/$old_library" + ;; + + *.lo) + # Install (i.e. copy) a libtool object. + + # Figure out destination file name, if it wasn't already specified. + if test -n "$destname"; then + destfile="$destdir/$destname" + else + func_basename "$file" + destfile="$func_basename_result" + destfile="$destdir/$destfile" + fi + + # Deduce the name of the destination old-style object file. + case $destfile in + *.lo) + func_lo2o "$destfile" + staticdest=$func_lo2o_result + ;; + *.$objext) + staticdest="$destfile" + destfile= + ;; + *) + func_fatal_help "cannot copy a libtool object to \`$destfile'" + ;; + esac + + # Install the libtool object if requested. + test -n "$destfile" && \ + func_show_eval "$install_prog $file $destfile" 'exit $?' + + # Install the old object if enabled. + if test "$build_old_libs" = yes; then + # Deduce the name of the old-style object file. + func_lo2o "$file" + staticobj=$func_lo2o_result + func_show_eval "$install_prog \$staticobj \$staticdest" 'exit $?' + fi + exit $EXIT_SUCCESS + ;; + + *) + # Figure out destination file name, if it wasn't already specified. + if test -n "$destname"; then + destfile="$destdir/$destname" + else + func_basename "$file" + destfile="$func_basename_result" + destfile="$destdir/$destfile" + fi + + # If the file is missing, and there is a .exe on the end, strip it + # because it is most likely a libtool script we actually want to + # install + stripped_ext="" + case $file in + *.exe) + if test ! -f "$file"; then + func_stripname '' '.exe' "$file" + file=$func_stripname_result + stripped_ext=".exe" + fi + ;; + esac + + # Do a test to see if this is really a libtool program. + case $host in + *cygwin* | *mingw*) + if func_ltwrapper_executable_p "$file"; then + func_ltwrapper_scriptname "$file" + wrapper=$func_ltwrapper_scriptname_result + else + func_stripname '' '.exe' "$file" + wrapper=$func_stripname_result + fi + ;; + *) + wrapper=$file + ;; + esac + if func_ltwrapper_script_p "$wrapper"; then + notinst_deplibs= + relink_command= + + func_source "$wrapper" + + # Check the variables that should have been set. + test -z "$generated_by_libtool_version" && \ + func_fatal_error "invalid libtool wrapper script \`$wrapper'" + + finalize=yes + for lib in $notinst_deplibs; do + # Check to see that each library is installed. + libdir= + if test -f "$lib"; then + func_source "$lib" + fi + libfile="$libdir/"`$ECHO "$lib" | $SED 's%^.*/%%g'` ### testsuite: skip nested quoting test + if test -n "$libdir" && test ! -f "$libfile"; then + func_warning "\`$lib' has not been installed in \`$libdir'" + finalize=no + fi + done + + relink_command= + func_source "$wrapper" + + outputname= + if test "$fast_install" = no && test -n "$relink_command"; then + $opt_dry_run || { + if test "$finalize" = yes; then + tmpdir=`func_mktempdir` + func_basename "$file$stripped_ext" + file="$func_basename_result" + outputname="$tmpdir/$file" + # Replace the output file specification. + relink_command=`$ECHO "$relink_command" | $SED 's%@OUTPUT@%'"$outputname"'%g'` + + $opt_silent || { + func_quote_for_expand "$relink_command" + eval "func_echo $func_quote_for_expand_result" + } + if eval "$relink_command"; then : + else + func_error "error: relink \`$file' with the above command before installing it" + $opt_dry_run || ${RM}r "$tmpdir" + continue + fi + file="$outputname" + else + func_warning "cannot relink \`$file'" + fi + } + else + # Install the binary that we compiled earlier. + file=`$ECHO "$file$stripped_ext" | $SED "s%\([^/]*\)$%$objdir/\1%"` + fi + fi + + # remove .exe since cygwin /usr/bin/install will append another + # one anyway + case $install_prog,$host in + */usr/bin/install*,*cygwin*) + case $file:$destfile in + *.exe:*.exe) + # this is ok + ;; + *.exe:*) + destfile=$destfile.exe + ;; + *:*.exe) + func_stripname '' '.exe' "$destfile" + destfile=$func_stripname_result + ;; + esac + ;; + esac + func_show_eval "$install_prog\$stripme \$file \$destfile" 'exit $?' + $opt_dry_run || if test -n "$outputname"; then + ${RM}r "$tmpdir" + fi + ;; + esac + done + + for file in $staticlibs; do + func_basename "$file" + name="$func_basename_result" + + # Set up the ranlib parameters. + oldlib="$destdir/$name" + func_to_tool_file "$oldlib" func_convert_file_msys_to_w32 + tool_oldlib=$func_to_tool_file_result + + func_show_eval "$install_prog \$file \$oldlib" 'exit $?' + + if test -n "$stripme" && test -n "$old_striplib"; then + func_show_eval "$old_striplib $tool_oldlib" 'exit $?' + fi + + # Do each command in the postinstall commands. + func_execute_cmds "$old_postinstall_cmds" 'exit $?' + done + + test -n "$future_libdirs" && \ + func_warning "remember to run \`$progname --finish$future_libdirs'" + + if test -n "$current_libdirs"; then + # Maybe just do a dry run. + $opt_dry_run && current_libdirs=" -n$current_libdirs" + exec_cmd='$SHELL $progpath $preserve_args --finish$current_libdirs' + else + exit $EXIT_SUCCESS + fi +} + +test "$opt_mode" = install && func_mode_install ${1+"$@"} + + +# func_generate_dlsyms outputname originator pic_p +# Extract symbols from dlprefiles and create ${outputname}S.o with +# a dlpreopen symbol table. +func_generate_dlsyms () +{ + $opt_debug + my_outputname="$1" + my_originator="$2" + my_pic_p="${3-no}" + my_prefix=`$ECHO "$my_originator" | sed 's%[^a-zA-Z0-9]%_%g'` + my_dlsyms= + + if test -n "$dlfiles$dlprefiles" || test "$dlself" != no; then + if test -n "$NM" && test -n "$global_symbol_pipe"; then + my_dlsyms="${my_outputname}S.c" + else + func_error "not configured to extract global symbols from dlpreopened files" + fi + fi + + if test -n "$my_dlsyms"; then + case $my_dlsyms in + "") ;; + *.c) + # Discover the nlist of each of the dlfiles. + nlist="$output_objdir/${my_outputname}.nm" + + func_show_eval "$RM $nlist ${nlist}S ${nlist}T" + + # Parse the name list into a source file. + func_verbose "creating $output_objdir/$my_dlsyms" + + $opt_dry_run || $ECHO > "$output_objdir/$my_dlsyms" "\ +/* $my_dlsyms - symbol resolution table for \`$my_outputname' dlsym emulation. */ +/* Generated by $PROGRAM (GNU $PACKAGE$TIMESTAMP) $VERSION */ + +#ifdef __cplusplus +extern \"C\" { +#endif + +#if defined(__GNUC__) && (((__GNUC__ == 4) && (__GNUC_MINOR__ >= 4)) || (__GNUC__ > 4)) +#pragma GCC diagnostic ignored \"-Wstrict-prototypes\" +#endif + +/* Keep this code in sync between libtool.m4, ltmain, lt_system.h, and tests. */ +#if defined(_WIN32) || defined(__CYGWIN__) || defined(_WIN32_WCE) +/* DATA imports from DLLs on WIN32 con't be const, because runtime + relocations are performed -- see ld's documentation on pseudo-relocs. */ +# define LT_DLSYM_CONST +#elif defined(__osf__) +/* This system does not cope well with relocations in const data. */ +# define LT_DLSYM_CONST +#else +# define LT_DLSYM_CONST const +#endif + +/* External symbol declarations for the compiler. */\ +" + + if test "$dlself" = yes; then + func_verbose "generating symbol list for \`$output'" + + $opt_dry_run || echo ': @PROGRAM@ ' > "$nlist" + + # Add our own program objects to the symbol list. + progfiles=`$ECHO "$objs$old_deplibs" | $SP2NL | $SED "$lo2o" | $NL2SP` + for progfile in $progfiles; do + func_to_tool_file "$progfile" func_convert_file_msys_to_w32 + func_verbose "extracting global C symbols from \`$func_to_tool_file_result'" + $opt_dry_run || eval "$NM $func_to_tool_file_result | $global_symbol_pipe >> '$nlist'" + done + + if test -n "$exclude_expsyms"; then + $opt_dry_run || { + eval '$EGREP -v " ($exclude_expsyms)$" "$nlist" > "$nlist"T' + eval '$MV "$nlist"T "$nlist"' + } + fi + + if test -n "$export_symbols_regex"; then + $opt_dry_run || { + eval '$EGREP -e "$export_symbols_regex" "$nlist" > "$nlist"T' + eval '$MV "$nlist"T "$nlist"' + } + fi + + # Prepare the list of exported symbols + if test -z "$export_symbols"; then + export_symbols="$output_objdir/$outputname.exp" + $opt_dry_run || { + $RM $export_symbols + eval "${SED} -n -e '/^: @PROGRAM@ $/d' -e 's/^.* \(.*\)$/\1/p' "'< "$nlist" > "$export_symbols"' + case $host in + *cygwin* | *mingw* | *cegcc* ) + eval "echo EXPORTS "'> "$output_objdir/$outputname.def"' + eval 'cat "$export_symbols" >> "$output_objdir/$outputname.def"' + ;; + esac + } + else + $opt_dry_run || { + eval "${SED} -e 's/\([].[*^$]\)/\\\\\1/g' -e 's/^/ /' -e 's/$/$/'"' < "$export_symbols" > "$output_objdir/$outputname.exp"' + eval '$GREP -f "$output_objdir/$outputname.exp" < "$nlist" > "$nlist"T' + eval '$MV "$nlist"T "$nlist"' + case $host in + *cygwin* | *mingw* | *cegcc* ) + eval "echo EXPORTS "'> "$output_objdir/$outputname.def"' + eval 'cat "$nlist" >> "$output_objdir/$outputname.def"' + ;; + esac + } + fi + fi + + for dlprefile in $dlprefiles; do + func_verbose "extracting global C symbols from \`$dlprefile'" + func_basename "$dlprefile" + name="$func_basename_result" + case $host in + *cygwin* | *mingw* | *cegcc* ) + # if an import library, we need to obtain dlname + if func_win32_import_lib_p "$dlprefile"; then + func_tr_sh "$dlprefile" + eval "curr_lafile=\$libfile_$func_tr_sh_result" + dlprefile_dlbasename="" + if test -n "$curr_lafile" && func_lalib_p "$curr_lafile"; then + # Use subshell, to avoid clobbering current variable values + dlprefile_dlname=`source "$curr_lafile" && echo "$dlname"` + if test -n "$dlprefile_dlname" ; then + func_basename "$dlprefile_dlname" + dlprefile_dlbasename="$func_basename_result" + else + # no lafile. user explicitly requested -dlpreopen . + $sharedlib_from_linklib_cmd "$dlprefile" + dlprefile_dlbasename=$sharedlib_from_linklib_result + fi + fi + $opt_dry_run || { + if test -n "$dlprefile_dlbasename" ; then + eval '$ECHO ": $dlprefile_dlbasename" >> "$nlist"' + else + func_warning "Could not compute DLL name from $name" + eval '$ECHO ": $name " >> "$nlist"' + fi + func_to_tool_file "$dlprefile" func_convert_file_msys_to_w32 + eval "$NM \"$func_to_tool_file_result\" 2>/dev/null | $global_symbol_pipe | + $SED -e '/I __imp/d' -e 's/I __nm_/D /;s/_nm__//' >> '$nlist'" + } + else # not an import lib + $opt_dry_run || { + eval '$ECHO ": $name " >> "$nlist"' + func_to_tool_file "$dlprefile" func_convert_file_msys_to_w32 + eval "$NM \"$func_to_tool_file_result\" 2>/dev/null | $global_symbol_pipe >> '$nlist'" + } + fi + ;; + *) + $opt_dry_run || { + eval '$ECHO ": $name " >> "$nlist"' + func_to_tool_file "$dlprefile" func_convert_file_msys_to_w32 + eval "$NM \"$func_to_tool_file_result\" 2>/dev/null | $global_symbol_pipe >> '$nlist'" + } + ;; + esac + done + + $opt_dry_run || { + # Make sure we have at least an empty file. + test -f "$nlist" || : > "$nlist" + + if test -n "$exclude_expsyms"; then + $EGREP -v " ($exclude_expsyms)$" "$nlist" > "$nlist"T + $MV "$nlist"T "$nlist" + fi + + # Try sorting and uniquifying the output. + if $GREP -v "^: " < "$nlist" | + if sort -k 3 /dev/null 2>&1; then + sort -k 3 + else + sort +2 + fi | + uniq > "$nlist"S; then + : + else + $GREP -v "^: " < "$nlist" > "$nlist"S + fi + + if test -f "$nlist"S; then + eval "$global_symbol_to_cdecl"' < "$nlist"S >> "$output_objdir/$my_dlsyms"' + else + echo '/* NONE */' >> "$output_objdir/$my_dlsyms" + fi + + echo >> "$output_objdir/$my_dlsyms" "\ + +/* The mapping between symbol names and symbols. */ +typedef struct { + const char *name; + void *address; +} lt_dlsymlist; +extern LT_DLSYM_CONST lt_dlsymlist +lt_${my_prefix}_LTX_preloaded_symbols[]; +LT_DLSYM_CONST lt_dlsymlist +lt_${my_prefix}_LTX_preloaded_symbols[] = +{\ + { \"$my_originator\", (void *) 0 }," + + case $need_lib_prefix in + no) + eval "$global_symbol_to_c_name_address" < "$nlist" >> "$output_objdir/$my_dlsyms" + ;; + *) + eval "$global_symbol_to_c_name_address_lib_prefix" < "$nlist" >> "$output_objdir/$my_dlsyms" + ;; + esac + echo >> "$output_objdir/$my_dlsyms" "\ + {0, (void *) 0} +}; + +/* This works around a problem in FreeBSD linker */ +#ifdef FREEBSD_WORKAROUND +static const void *lt_preloaded_setup() { + return lt_${my_prefix}_LTX_preloaded_symbols; +} +#endif + +#ifdef __cplusplus +} +#endif\ +" + } # !$opt_dry_run + + pic_flag_for_symtable= + case "$compile_command " in + *" -static "*) ;; + *) + case $host in + # compiling the symbol table file with pic_flag works around + # a FreeBSD bug that causes programs to crash when -lm is + # linked before any other PIC object. But we must not use + # pic_flag when linking with -static. The problem exists in + # FreeBSD 2.2.6 and is fixed in FreeBSD 3.1. + *-*-freebsd2.*|*-*-freebsd3.0*|*-*-freebsdelf3.0*) + pic_flag_for_symtable=" $pic_flag -DFREEBSD_WORKAROUND" ;; + *-*-hpux*) + pic_flag_for_symtable=" $pic_flag" ;; + *) + if test "X$my_pic_p" != Xno; then + pic_flag_for_symtable=" $pic_flag" + fi + ;; + esac + ;; + esac + symtab_cflags= + for arg in $LTCFLAGS; do + case $arg in + -pie | -fpie | -fPIE) ;; + *) func_append symtab_cflags " $arg" ;; + esac + done + + # Now compile the dynamic symbol file. + func_show_eval '(cd $output_objdir && $LTCC$symtab_cflags -c$no_builtin_flag$pic_flag_for_symtable "$my_dlsyms")' 'exit $?' + + # Clean up the generated files. + func_show_eval '$RM "$output_objdir/$my_dlsyms" "$nlist" "${nlist}S" "${nlist}T"' + + # Transform the symbol file into the correct name. + symfileobj="$output_objdir/${my_outputname}S.$objext" + case $host in + *cygwin* | *mingw* | *cegcc* ) + if test -f "$output_objdir/$my_outputname.def"; then + compile_command=`$ECHO "$compile_command" | $SED "s%@SYMFILE@%$output_objdir/$my_outputname.def $symfileobj%"` + finalize_command=`$ECHO "$finalize_command" | $SED "s%@SYMFILE@%$output_objdir/$my_outputname.def $symfileobj%"` + else + compile_command=`$ECHO "$compile_command" | $SED "s%@SYMFILE@%$symfileobj%"` + finalize_command=`$ECHO "$finalize_command" | $SED "s%@SYMFILE@%$symfileobj%"` + fi + ;; + *) + compile_command=`$ECHO "$compile_command" | $SED "s%@SYMFILE@%$symfileobj%"` + finalize_command=`$ECHO "$finalize_command" | $SED "s%@SYMFILE@%$symfileobj%"` + ;; + esac + ;; + *) + func_fatal_error "unknown suffix for \`$my_dlsyms'" + ;; + esac + else + # We keep going just in case the user didn't refer to + # lt_preloaded_symbols. The linker will fail if global_symbol_pipe + # really was required. + + # Nullify the symbol file. + compile_command=`$ECHO "$compile_command" | $SED "s% @SYMFILE@%%"` + finalize_command=`$ECHO "$finalize_command" | $SED "s% @SYMFILE@%%"` + fi +} + +# func_win32_libid arg +# return the library type of file 'arg' +# +# Need a lot of goo to handle *both* DLLs and import libs +# Has to be a shell function in order to 'eat' the argument +# that is supplied when $file_magic_command is called. +# Despite the name, also deal with 64 bit binaries. +func_win32_libid () +{ + $opt_debug + win32_libid_type="unknown" + win32_fileres=`file -L $1 2>/dev/null` + case $win32_fileres in + *ar\ archive\ import\ library*) # definitely import + win32_libid_type="x86 archive import" + ;; + *ar\ archive*) # could be an import, or static + # Keep the egrep pattern in sync with the one in _LT_CHECK_MAGIC_METHOD. + if eval $OBJDUMP -f $1 | $SED -e '10q' 2>/dev/null | + $EGREP 'file format (pei*-i386(.*architecture: i386)?|pe-arm-wince|pe-x86-64)' >/dev/null; then + func_to_tool_file "$1" func_convert_file_msys_to_w32 + win32_nmres=`eval $NM -f posix -A \"$func_to_tool_file_result\" | + $SED -n -e ' + 1,100{ + / I /{ + s,.*,import, + p + q + } + }'` + case $win32_nmres in + import*) win32_libid_type="x86 archive import";; + *) win32_libid_type="x86 archive static";; + esac + fi + ;; + *DLL*) + win32_libid_type="x86 DLL" + ;; + *executable*) # but shell scripts are "executable" too... + case $win32_fileres in + *MS\ Windows\ PE\ Intel*) + win32_libid_type="x86 DLL" + ;; + esac + ;; + esac + $ECHO "$win32_libid_type" +} + +# func_cygming_dll_for_implib ARG +# +# Platform-specific function to extract the +# name of the DLL associated with the specified +# import library ARG. +# Invoked by eval'ing the libtool variable +# $sharedlib_from_linklib_cmd +# Result is available in the variable +# $sharedlib_from_linklib_result +func_cygming_dll_for_implib () +{ + $opt_debug + sharedlib_from_linklib_result=`$DLLTOOL --identify-strict --identify "$1"` +} + +# func_cygming_dll_for_implib_fallback_core SECTION_NAME LIBNAMEs +# +# The is the core of a fallback implementation of a +# platform-specific function to extract the name of the +# DLL associated with the specified import library LIBNAME. +# +# SECTION_NAME is either .idata$6 or .idata$7, depending +# on the platform and compiler that created the implib. +# +# Echos the name of the DLL associated with the +# specified import library. +func_cygming_dll_for_implib_fallback_core () +{ + $opt_debug + match_literal=`$ECHO "$1" | $SED "$sed_make_literal_regex"` + $OBJDUMP -s --section "$1" "$2" 2>/dev/null | + $SED '/^Contents of section '"$match_literal"':/{ + # Place marker at beginning of archive member dllname section + s/.*/====MARK====/ + p + d + } + # These lines can sometimes be longer than 43 characters, but + # are always uninteresting + /:[ ]*file format pe[i]\{,1\}-/d + /^In archive [^:]*:/d + # Ensure marker is printed + /^====MARK====/p + # Remove all lines with less than 43 characters + /^.\{43\}/!d + # From remaining lines, remove first 43 characters + s/^.\{43\}//' | + $SED -n ' + # Join marker and all lines until next marker into a single line + /^====MARK====/ b para + H + $ b para + b + :para + x + s/\n//g + # Remove the marker + s/^====MARK====// + # Remove trailing dots and whitespace + s/[\. \t]*$// + # Print + /./p' | + # we now have a list, one entry per line, of the stringified + # contents of the appropriate section of all members of the + # archive which possess that section. Heuristic: eliminate + # all those which have a first or second character that is + # a '.' (that is, objdump's representation of an unprintable + # character.) This should work for all archives with less than + # 0x302f exports -- but will fail for DLLs whose name actually + # begins with a literal '.' or a single character followed by + # a '.'. + # + # Of those that remain, print the first one. + $SED -e '/^\./d;/^.\./d;q' +} + +# func_cygming_gnu_implib_p ARG +# This predicate returns with zero status (TRUE) if +# ARG is a GNU/binutils-style import library. Returns +# with nonzero status (FALSE) otherwise. +func_cygming_gnu_implib_p () +{ + $opt_debug + func_to_tool_file "$1" func_convert_file_msys_to_w32 + func_cygming_gnu_implib_tmp=`$NM "$func_to_tool_file_result" | eval "$global_symbol_pipe" | $EGREP ' (_head_[A-Za-z0-9_]+_[ad]l*|[A-Za-z0-9_]+_[ad]l*_iname)$'` + test -n "$func_cygming_gnu_implib_tmp" +} + +# func_cygming_ms_implib_p ARG +# This predicate returns with zero status (TRUE) if +# ARG is an MS-style import library. Returns +# with nonzero status (FALSE) otherwise. +func_cygming_ms_implib_p () +{ + $opt_debug + func_to_tool_file "$1" func_convert_file_msys_to_w32 + func_cygming_ms_implib_tmp=`$NM "$func_to_tool_file_result" | eval "$global_symbol_pipe" | $GREP '_NULL_IMPORT_DESCRIPTOR'` + test -n "$func_cygming_ms_implib_tmp" +} + +# func_cygming_dll_for_implib_fallback ARG +# Platform-specific function to extract the +# name of the DLL associated with the specified +# import library ARG. +# +# This fallback implementation is for use when $DLLTOOL +# does not support the --identify-strict option. +# Invoked by eval'ing the libtool variable +# $sharedlib_from_linklib_cmd +# Result is available in the variable +# $sharedlib_from_linklib_result +func_cygming_dll_for_implib_fallback () +{ + $opt_debug + if func_cygming_gnu_implib_p "$1" ; then + # binutils import library + sharedlib_from_linklib_result=`func_cygming_dll_for_implib_fallback_core '.idata$7' "$1"` + elif func_cygming_ms_implib_p "$1" ; then + # ms-generated import library + sharedlib_from_linklib_result=`func_cygming_dll_for_implib_fallback_core '.idata$6' "$1"` + else + # unknown + sharedlib_from_linklib_result="" + fi +} + + +# func_extract_an_archive dir oldlib +func_extract_an_archive () +{ + $opt_debug + f_ex_an_ar_dir="$1"; shift + f_ex_an_ar_oldlib="$1" + if test "$lock_old_archive_extraction" = yes; then + lockfile=$f_ex_an_ar_oldlib.lock + until $opt_dry_run || ln "$progpath" "$lockfile" 2>/dev/null; do + func_echo "Waiting for $lockfile to be removed" + sleep 2 + done + fi + func_show_eval "(cd \$f_ex_an_ar_dir && $AR x \"\$f_ex_an_ar_oldlib\")" \ + 'stat=$?; rm -f "$lockfile"; exit $stat' + if test "$lock_old_archive_extraction" = yes; then + $opt_dry_run || rm -f "$lockfile" + fi + if ($AR t "$f_ex_an_ar_oldlib" | sort | sort -uc >/dev/null 2>&1); then + : + else + func_fatal_error "object name conflicts in archive: $f_ex_an_ar_dir/$f_ex_an_ar_oldlib" + fi +} + + +# func_extract_archives gentop oldlib ... +func_extract_archives () +{ + $opt_debug + my_gentop="$1"; shift + my_oldlibs=${1+"$@"} + my_oldobjs="" + my_xlib="" + my_xabs="" + my_xdir="" + + for my_xlib in $my_oldlibs; do + # Extract the objects. + case $my_xlib in + [\\/]* | [A-Za-z]:[\\/]*) my_xabs="$my_xlib" ;; + *) my_xabs=`pwd`"/$my_xlib" ;; + esac + func_basename "$my_xlib" + my_xlib="$func_basename_result" + my_xlib_u=$my_xlib + while :; do + case " $extracted_archives " in + *" $my_xlib_u "*) + func_arith $extracted_serial + 1 + extracted_serial=$func_arith_result + my_xlib_u=lt$extracted_serial-$my_xlib ;; + *) break ;; + esac + done + extracted_archives="$extracted_archives $my_xlib_u" + my_xdir="$my_gentop/$my_xlib_u" + + func_mkdir_p "$my_xdir" + + case $host in + *-darwin*) + func_verbose "Extracting $my_xabs" + # Do not bother doing anything if just a dry run + $opt_dry_run || { + darwin_orig_dir=`pwd` + cd $my_xdir || exit $? + darwin_archive=$my_xabs + darwin_curdir=`pwd` + darwin_base_archive=`basename "$darwin_archive"` + darwin_arches=`$LIPO -info "$darwin_archive" 2>/dev/null | $GREP Architectures 2>/dev/null || true` + if test -n "$darwin_arches"; then + darwin_arches=`$ECHO "$darwin_arches" | $SED -e 's/.*are://'` + darwin_arch= + func_verbose "$darwin_base_archive has multiple architectures $darwin_arches" + for darwin_arch in $darwin_arches ; do + func_mkdir_p "unfat-$$/${darwin_base_archive}-${darwin_arch}" + $LIPO -thin $darwin_arch -output "unfat-$$/${darwin_base_archive}-${darwin_arch}/${darwin_base_archive}" "${darwin_archive}" + cd "unfat-$$/${darwin_base_archive}-${darwin_arch}" + func_extract_an_archive "`pwd`" "${darwin_base_archive}" + cd "$darwin_curdir" + $RM "unfat-$$/${darwin_base_archive}-${darwin_arch}/${darwin_base_archive}" + done # $darwin_arches + ## Okay now we've a bunch of thin objects, gotta fatten them up :) + darwin_filelist=`find unfat-$$ -type f -name \*.o -print -o -name \*.lo -print | $SED -e "$basename" | sort -u` + darwin_file= + darwin_files= + for darwin_file in $darwin_filelist; do + darwin_files=`find unfat-$$ -name $darwin_file -print | sort | $NL2SP` + $LIPO -create -output "$darwin_file" $darwin_files + done # $darwin_filelist + $RM -rf unfat-$$ + cd "$darwin_orig_dir" + else + cd $darwin_orig_dir + func_extract_an_archive "$my_xdir" "$my_xabs" + fi # $darwin_arches + } # !$opt_dry_run + ;; + *) + func_extract_an_archive "$my_xdir" "$my_xabs" + ;; + esac + my_oldobjs="$my_oldobjs "`find $my_xdir -name \*.$objext -print -o -name \*.lo -print | sort | $NL2SP` + done + + func_extract_archives_result="$my_oldobjs" +} + + +# func_emit_wrapper [arg=no] +# +# Emit a libtool wrapper script on stdout. +# Don't directly open a file because we may want to +# incorporate the script contents within a cygwin/mingw +# wrapper executable. Must ONLY be called from within +# func_mode_link because it depends on a number of variables +# set therein. +# +# ARG is the value that the WRAPPER_SCRIPT_BELONGS_IN_OBJDIR +# variable will take. If 'yes', then the emitted script +# will assume that the directory in which it is stored is +# the $objdir directory. This is a cygwin/mingw-specific +# behavior. +func_emit_wrapper () +{ + func_emit_wrapper_arg1=${1-no} + + $ECHO "\ +#! $SHELL + +# $output - temporary wrapper script for $objdir/$outputname +# Generated by $PROGRAM (GNU $PACKAGE$TIMESTAMP) $VERSION +# +# The $output program cannot be directly executed until all the libtool +# libraries that it depends on are installed. +# +# This wrapper script should never be moved out of the build directory. +# If it is, it will not operate correctly. + +# Sed substitution that helps us do robust quoting. It backslashifies +# metacharacters that are still active within double-quoted strings. +sed_quote_subst='$sed_quote_subst' + +# Be Bourne compatible +if test -n \"\${ZSH_VERSION+set}\" && (emulate sh) >/dev/null 2>&1; then + emulate sh + NULLCMD=: + # Zsh 3.x and 4.x performs word splitting on \${1+\"\$@\"}, which + # is contrary to our usage. Disable this feature. + alias -g '\${1+\"\$@\"}'='\"\$@\"' + setopt NO_GLOB_SUBST +else + case \`(set -o) 2>/dev/null\` in *posix*) set -o posix;; esac +fi +BIN_SH=xpg4; export BIN_SH # for Tru64 +DUALCASE=1; export DUALCASE # for MKS sh + +# The HP-UX ksh and POSIX shell print the target directory to stdout +# if CDPATH is set. +(unset CDPATH) >/dev/null 2>&1 && unset CDPATH + +relink_command=\"$relink_command\" + +# This environment variable determines our operation mode. +if test \"\$libtool_install_magic\" = \"$magic\"; then + # install mode needs the following variables: + generated_by_libtool_version='$macro_version' + notinst_deplibs='$notinst_deplibs' +else + # When we are sourced in execute mode, \$file and \$ECHO are already set. + if test \"\$libtool_execute_magic\" != \"$magic\"; then + file=\"\$0\"" + + qECHO=`$ECHO "$ECHO" | $SED "$sed_quote_subst"` + $ECHO "\ + +# A function that is used when there is no print builtin or printf. +func_fallback_echo () +{ + eval 'cat <<_LTECHO_EOF +\$1 +_LTECHO_EOF' +} + ECHO=\"$qECHO\" + fi + +# Very basic option parsing. These options are (a) specific to +# the libtool wrapper, (b) are identical between the wrapper +# /script/ and the wrapper /executable/ which is used only on +# windows platforms, and (c) all begin with the string "--lt-" +# (application programs are unlikely to have options which match +# this pattern). +# +# There are only two supported options: --lt-debug and +# --lt-dump-script. There is, deliberately, no --lt-help. +# +# The first argument to this parsing function should be the +# script's $0 value, followed by "$@". +lt_option_debug= +func_parse_lt_options () +{ + lt_script_arg0=\$0 + shift + for lt_opt + do + case \"\$lt_opt\" in + --lt-debug) lt_option_debug=1 ;; + --lt-dump-script) + lt_dump_D=\`\$ECHO \"X\$lt_script_arg0\" | $SED -e 's/^X//' -e 's%/[^/]*$%%'\` + test \"X\$lt_dump_D\" = \"X\$lt_script_arg0\" && lt_dump_D=. + lt_dump_F=\`\$ECHO \"X\$lt_script_arg0\" | $SED -e 's/^X//' -e 's%^.*/%%'\` + cat \"\$lt_dump_D/\$lt_dump_F\" + exit 0 + ;; + --lt-*) + \$ECHO \"Unrecognized --lt- option: '\$lt_opt'\" 1>&2 + exit 1 + ;; + esac + done + + # Print the debug banner immediately: + if test -n \"\$lt_option_debug\"; then + echo \"${outputname}:${output}:\${LINENO}: libtool wrapper (GNU $PACKAGE$TIMESTAMP) $VERSION\" 1>&2 + fi +} + +# Used when --lt-debug. Prints its arguments to stdout +# (redirection is the responsibility of the caller) +func_lt_dump_args () +{ + lt_dump_args_N=1; + for lt_arg + do + \$ECHO \"${outputname}:${output}:\${LINENO}: newargv[\$lt_dump_args_N]: \$lt_arg\" + lt_dump_args_N=\`expr \$lt_dump_args_N + 1\` + done +} + +# Core function for launching the target application +func_exec_program_core () +{ +" + case $host in + # Backslashes separate directories on plain windows + *-*-mingw | *-*-os2* | *-cegcc*) + $ECHO "\ + if test -n \"\$lt_option_debug\"; then + \$ECHO \"${outputname}:${output}:\${LINENO}: newargv[0]: \$progdir\\\\\$program\" 1>&2 + func_lt_dump_args \${1+\"\$@\"} 1>&2 + fi + exec \"\$progdir\\\\\$program\" \${1+\"\$@\"} +" + ;; + + *) + $ECHO "\ + if test -n \"\$lt_option_debug\"; then + \$ECHO \"${outputname}:${output}:\${LINENO}: newargv[0]: \$progdir/\$program\" 1>&2 + func_lt_dump_args \${1+\"\$@\"} 1>&2 + fi + exec \"\$progdir/\$program\" \${1+\"\$@\"} +" + ;; + esac + $ECHO "\ + \$ECHO \"\$0: cannot exec \$program \$*\" 1>&2 + exit 1 +} + +# A function to encapsulate launching the target application +# Strips options in the --lt-* namespace from \$@ and +# launches target application with the remaining arguments. +func_exec_program () +{ + case \" \$* \" in + *\\ --lt-*) + for lt_wr_arg + do + case \$lt_wr_arg in + --lt-*) ;; + *) set x \"\$@\" \"\$lt_wr_arg\"; shift;; + esac + shift + done ;; + esac + func_exec_program_core \${1+\"\$@\"} +} + + # Parse options + func_parse_lt_options \"\$0\" \${1+\"\$@\"} + + # Find the directory that this script lives in. + thisdir=\`\$ECHO \"\$file\" | $SED 's%/[^/]*$%%'\` + test \"x\$thisdir\" = \"x\$file\" && thisdir=. + + # Follow symbolic links until we get to the real thisdir. + file=\`ls -ld \"\$file\" | $SED -n 's/.*-> //p'\` + while test -n \"\$file\"; do + destdir=\`\$ECHO \"\$file\" | $SED 's%/[^/]*\$%%'\` + + # If there was a directory component, then change thisdir. + if test \"x\$destdir\" != \"x\$file\"; then + case \"\$destdir\" in + [\\\\/]* | [A-Za-z]:[\\\\/]*) thisdir=\"\$destdir\" ;; + *) thisdir=\"\$thisdir/\$destdir\" ;; + esac + fi + + file=\`\$ECHO \"\$file\" | $SED 's%^.*/%%'\` + file=\`ls -ld \"\$thisdir/\$file\" | $SED -n 's/.*-> //p'\` + done + + # Usually 'no', except on cygwin/mingw when embedded into + # the cwrapper. + WRAPPER_SCRIPT_BELONGS_IN_OBJDIR=$func_emit_wrapper_arg1 + if test \"\$WRAPPER_SCRIPT_BELONGS_IN_OBJDIR\" = \"yes\"; then + # special case for '.' + if test \"\$thisdir\" = \".\"; then + thisdir=\`pwd\` + fi + # remove .libs from thisdir + case \"\$thisdir\" in + *[\\\\/]$objdir ) thisdir=\`\$ECHO \"\$thisdir\" | $SED 's%[\\\\/][^\\\\/]*$%%'\` ;; + $objdir ) thisdir=. ;; + esac + fi + + # Try to get the absolute directory name. + absdir=\`cd \"\$thisdir\" && pwd\` + test -n \"\$absdir\" && thisdir=\"\$absdir\" +" + + if test "$fast_install" = yes; then + $ECHO "\ + program=lt-'$outputname'$exeext + progdir=\"\$thisdir/$objdir\" + + if test ! -f \"\$progdir/\$program\" || + { file=\`ls -1dt \"\$progdir/\$program\" \"\$progdir/../\$program\" 2>/dev/null | ${SED} 1q\`; \\ + test \"X\$file\" != \"X\$progdir/\$program\"; }; then + + file=\"\$\$-\$program\" + + if test ! -d \"\$progdir\"; then + $MKDIR \"\$progdir\" + else + $RM \"\$progdir/\$file\" + fi" + + $ECHO "\ + + # relink executable if necessary + if test -n \"\$relink_command\"; then + if relink_command_output=\`eval \$relink_command 2>&1\`; then : + else + $ECHO \"\$relink_command_output\" >&2 + $RM \"\$progdir/\$file\" + exit 1 + fi + fi + + $MV \"\$progdir/\$file\" \"\$progdir/\$program\" 2>/dev/null || + { $RM \"\$progdir/\$program\"; + $MV \"\$progdir/\$file\" \"\$progdir/\$program\"; } + $RM \"\$progdir/\$file\" + fi" + else + $ECHO "\ + program='$outputname' + progdir=\"\$thisdir/$objdir\" +" + fi + + $ECHO "\ + + if test -f \"\$progdir/\$program\"; then" + + # fixup the dll searchpath if we need to. + # + # Fix the DLL searchpath if we need to. Do this before prepending + # to shlibpath, because on Windows, both are PATH and uninstalled + # libraries must come first. + if test -n "$dllsearchpath"; then + $ECHO "\ + # Add the dll search path components to the executable PATH + PATH=$dllsearchpath:\$PATH +" + fi + + # Export our shlibpath_var if we have one. + if test "$shlibpath_overrides_runpath" = yes && test -n "$shlibpath_var" && test -n "$temp_rpath"; then + $ECHO "\ + # Add our own library path to $shlibpath_var + $shlibpath_var=\"$temp_rpath\$$shlibpath_var\" + + # Some systems cannot cope with colon-terminated $shlibpath_var + # The second colon is a workaround for a bug in BeOS R4 sed + $shlibpath_var=\`\$ECHO \"\$$shlibpath_var\" | $SED 's/::*\$//'\` + + export $shlibpath_var +" + fi + + $ECHO "\ + if test \"\$libtool_execute_magic\" != \"$magic\"; then + # Run the actual program with our arguments. + func_exec_program \${1+\"\$@\"} + fi + else + # The program doesn't exist. + \$ECHO \"\$0: error: \\\`\$progdir/\$program' does not exist\" 1>&2 + \$ECHO \"This script is just a wrapper for \$program.\" 1>&2 + \$ECHO \"See the $PACKAGE documentation for more information.\" 1>&2 + exit 1 + fi +fi\ +" +} + + +# func_emit_cwrapperexe_src +# emit the source code for a wrapper executable on stdout +# Must ONLY be called from within func_mode_link because +# it depends on a number of variable set therein. +func_emit_cwrapperexe_src () +{ + cat < +#include +#ifdef _MSC_VER +# include +# include +# include +#else +# include +# include +# ifdef __CYGWIN__ +# include +# endif +#endif +#include +#include +#include +#include +#include +#include +#include +#include + +/* declarations of non-ANSI functions */ +#if defined(__MINGW32__) +# ifdef __STRICT_ANSI__ +int _putenv (const char *); +# endif +#elif defined(__CYGWIN__) +# ifdef __STRICT_ANSI__ +char *realpath (const char *, char *); +int putenv (char *); +int setenv (const char *, const char *, int); +# endif +/* #elif defined (other platforms) ... */ +#endif + +/* portability defines, excluding path handling macros */ +#if defined(_MSC_VER) +# define setmode _setmode +# define stat _stat +# define chmod _chmod +# define getcwd _getcwd +# define putenv _putenv +# define S_IXUSR _S_IEXEC +# ifndef _INTPTR_T_DEFINED +# define _INTPTR_T_DEFINED +# define intptr_t int +# endif +#elif defined(__MINGW32__) +# define setmode _setmode +# define stat _stat +# define chmod _chmod +# define getcwd _getcwd +# define putenv _putenv +#elif defined(__CYGWIN__) +# define HAVE_SETENV +# define FOPEN_WB "wb" +/* #elif defined (other platforms) ... */ +#endif + +#if defined(PATH_MAX) +# define LT_PATHMAX PATH_MAX +#elif defined(MAXPATHLEN) +# define LT_PATHMAX MAXPATHLEN +#else +# define LT_PATHMAX 1024 +#endif + +#ifndef S_IXOTH +# define S_IXOTH 0 +#endif +#ifndef S_IXGRP +# define S_IXGRP 0 +#endif + +/* path handling portability macros */ +#ifndef DIR_SEPARATOR +# define DIR_SEPARATOR '/' +# define PATH_SEPARATOR ':' +#endif + +#if defined (_WIN32) || defined (__MSDOS__) || defined (__DJGPP__) || \ + defined (__OS2__) +# define HAVE_DOS_BASED_FILE_SYSTEM +# define FOPEN_WB "wb" +# ifndef DIR_SEPARATOR_2 +# define DIR_SEPARATOR_2 '\\' +# endif +# ifndef PATH_SEPARATOR_2 +# define PATH_SEPARATOR_2 ';' +# endif +#endif + +#ifndef DIR_SEPARATOR_2 +# define IS_DIR_SEPARATOR(ch) ((ch) == DIR_SEPARATOR) +#else /* DIR_SEPARATOR_2 */ +# define IS_DIR_SEPARATOR(ch) \ + (((ch) == DIR_SEPARATOR) || ((ch) == DIR_SEPARATOR_2)) +#endif /* DIR_SEPARATOR_2 */ + +#ifndef PATH_SEPARATOR_2 +# define IS_PATH_SEPARATOR(ch) ((ch) == PATH_SEPARATOR) +#else /* PATH_SEPARATOR_2 */ +# define IS_PATH_SEPARATOR(ch) ((ch) == PATH_SEPARATOR_2) +#endif /* PATH_SEPARATOR_2 */ + +#ifndef FOPEN_WB +# define FOPEN_WB "w" +#endif +#ifndef _O_BINARY +# define _O_BINARY 0 +#endif + +#define XMALLOC(type, num) ((type *) xmalloc ((num) * sizeof(type))) +#define XFREE(stale) do { \ + if (stale) { free ((void *) stale); stale = 0; } \ +} while (0) + +#if defined(LT_DEBUGWRAPPER) +static int lt_debug = 1; +#else +static int lt_debug = 0; +#endif + +const char *program_name = "libtool-wrapper"; /* in case xstrdup fails */ + +void *xmalloc (size_t num); +char *xstrdup (const char *string); +const char *base_name (const char *name); +char *find_executable (const char *wrapper); +char *chase_symlinks (const char *pathspec); +int make_executable (const char *path); +int check_executable (const char *path); +char *strendzap (char *str, const char *pat); +void lt_debugprintf (const char *file, int line, const char *fmt, ...); +void lt_fatal (const char *file, int line, const char *message, ...); +static const char *nonnull (const char *s); +static const char *nonempty (const char *s); +void lt_setenv (const char *name, const char *value); +char *lt_extend_str (const char *orig_value, const char *add, int to_end); +void lt_update_exe_path (const char *name, const char *value); +void lt_update_lib_path (const char *name, const char *value); +char **prepare_spawn (char **argv); +void lt_dump_script (FILE *f); +EOF + + cat <= 0) + && (st.st_mode & (S_IXUSR | S_IXGRP | S_IXOTH))) + return 1; + else + return 0; +} + +int +make_executable (const char *path) +{ + int rval = 0; + struct stat st; + + lt_debugprintf (__FILE__, __LINE__, "(make_executable): %s\n", + nonempty (path)); + if ((!path) || (!*path)) + return 0; + + if (stat (path, &st) >= 0) + { + rval = chmod (path, st.st_mode | S_IXOTH | S_IXGRP | S_IXUSR); + } + return rval; +} + +/* Searches for the full path of the wrapper. Returns + newly allocated full path name if found, NULL otherwise + Does not chase symlinks, even on platforms that support them. +*/ +char * +find_executable (const char *wrapper) +{ + int has_slash = 0; + const char *p; + const char *p_next; + /* static buffer for getcwd */ + char tmp[LT_PATHMAX + 1]; + int tmp_len; + char *concat_name; + + lt_debugprintf (__FILE__, __LINE__, "(find_executable): %s\n", + nonempty (wrapper)); + + if ((wrapper == NULL) || (*wrapper == '\0')) + return NULL; + + /* Absolute path? */ +#if defined (HAVE_DOS_BASED_FILE_SYSTEM) + if (isalpha ((unsigned char) wrapper[0]) && wrapper[1] == ':') + { + concat_name = xstrdup (wrapper); + if (check_executable (concat_name)) + return concat_name; + XFREE (concat_name); + } + else + { +#endif + if (IS_DIR_SEPARATOR (wrapper[0])) + { + concat_name = xstrdup (wrapper); + if (check_executable (concat_name)) + return concat_name; + XFREE (concat_name); + } +#if defined (HAVE_DOS_BASED_FILE_SYSTEM) + } +#endif + + for (p = wrapper; *p; p++) + if (*p == '/') + { + has_slash = 1; + break; + } + if (!has_slash) + { + /* no slashes; search PATH */ + const char *path = getenv ("PATH"); + if (path != NULL) + { + for (p = path; *p; p = p_next) + { + const char *q; + size_t p_len; + for (q = p; *q; q++) + if (IS_PATH_SEPARATOR (*q)) + break; + p_len = q - p; + p_next = (*q == '\0' ? q : q + 1); + if (p_len == 0) + { + /* empty path: current directory */ + if (getcwd (tmp, LT_PATHMAX) == NULL) + lt_fatal (__FILE__, __LINE__, "getcwd failed: %s", + nonnull (strerror (errno))); + tmp_len = strlen (tmp); + concat_name = + XMALLOC (char, tmp_len + 1 + strlen (wrapper) + 1); + memcpy (concat_name, tmp, tmp_len); + concat_name[tmp_len] = '/'; + strcpy (concat_name + tmp_len + 1, wrapper); + } + else + { + concat_name = + XMALLOC (char, p_len + 1 + strlen (wrapper) + 1); + memcpy (concat_name, p, p_len); + concat_name[p_len] = '/'; + strcpy (concat_name + p_len + 1, wrapper); + } + if (check_executable (concat_name)) + return concat_name; + XFREE (concat_name); + } + } + /* not found in PATH; assume curdir */ + } + /* Relative path | not found in path: prepend cwd */ + if (getcwd (tmp, LT_PATHMAX) == NULL) + lt_fatal (__FILE__, __LINE__, "getcwd failed: %s", + nonnull (strerror (errno))); + tmp_len = strlen (tmp); + concat_name = XMALLOC (char, tmp_len + 1 + strlen (wrapper) + 1); + memcpy (concat_name, tmp, tmp_len); + concat_name[tmp_len] = '/'; + strcpy (concat_name + tmp_len + 1, wrapper); + + if (check_executable (concat_name)) + return concat_name; + XFREE (concat_name); + return NULL; +} + +char * +chase_symlinks (const char *pathspec) +{ +#ifndef S_ISLNK + return xstrdup (pathspec); +#else + char buf[LT_PATHMAX]; + struct stat s; + char *tmp_pathspec = xstrdup (pathspec); + char *p; + int has_symlinks = 0; + while (strlen (tmp_pathspec) && !has_symlinks) + { + lt_debugprintf (__FILE__, __LINE__, + "checking path component for symlinks: %s\n", + tmp_pathspec); + if (lstat (tmp_pathspec, &s) == 0) + { + if (S_ISLNK (s.st_mode) != 0) + { + has_symlinks = 1; + break; + } + + /* search backwards for last DIR_SEPARATOR */ + p = tmp_pathspec + strlen (tmp_pathspec) - 1; + while ((p > tmp_pathspec) && (!IS_DIR_SEPARATOR (*p))) + p--; + if ((p == tmp_pathspec) && (!IS_DIR_SEPARATOR (*p))) + { + /* no more DIR_SEPARATORS left */ + break; + } + *p = '\0'; + } + else + { + lt_fatal (__FILE__, __LINE__, + "error accessing file \"%s\": %s", + tmp_pathspec, nonnull (strerror (errno))); + } + } + XFREE (tmp_pathspec); + + if (!has_symlinks) + { + return xstrdup (pathspec); + } + + tmp_pathspec = realpath (pathspec, buf); + if (tmp_pathspec == 0) + { + lt_fatal (__FILE__, __LINE__, + "could not follow symlinks for %s", pathspec); + } + return xstrdup (tmp_pathspec); +#endif +} + +char * +strendzap (char *str, const char *pat) +{ + size_t len, patlen; + + assert (str != NULL); + assert (pat != NULL); + + len = strlen (str); + patlen = strlen (pat); + + if (patlen <= len) + { + str += len - patlen; + if (strcmp (str, pat) == 0) + *str = '\0'; + } + return str; +} + +void +lt_debugprintf (const char *file, int line, const char *fmt, ...) +{ + va_list args; + if (lt_debug) + { + (void) fprintf (stderr, "%s:%s:%d: ", program_name, file, line); + va_start (args, fmt); + (void) vfprintf (stderr, fmt, args); + va_end (args); + } +} + +static void +lt_error_core (int exit_status, const char *file, + int line, const char *mode, + const char *message, va_list ap) +{ + fprintf (stderr, "%s:%s:%d: %s: ", program_name, file, line, mode); + vfprintf (stderr, message, ap); + fprintf (stderr, ".\n"); + + if (exit_status >= 0) + exit (exit_status); +} + +void +lt_fatal (const char *file, int line, const char *message, ...) +{ + va_list ap; + va_start (ap, message); + lt_error_core (EXIT_FAILURE, file, line, "FATAL", message, ap); + va_end (ap); +} + +static const char * +nonnull (const char *s) +{ + return s ? s : "(null)"; +} + +static const char * +nonempty (const char *s) +{ + return (s && !*s) ? "(empty)" : nonnull (s); +} + +void +lt_setenv (const char *name, const char *value) +{ + lt_debugprintf (__FILE__, __LINE__, + "(lt_setenv) setting '%s' to '%s'\n", + nonnull (name), nonnull (value)); + { +#ifdef HAVE_SETENV + /* always make a copy, for consistency with !HAVE_SETENV */ + char *str = xstrdup (value); + setenv (name, str, 1); +#else + int len = strlen (name) + 1 + strlen (value) + 1; + char *str = XMALLOC (char, len); + sprintf (str, "%s=%s", name, value); + if (putenv (str) != EXIT_SUCCESS) + { + XFREE (str); + } +#endif + } +} + +char * +lt_extend_str (const char *orig_value, const char *add, int to_end) +{ + char *new_value; + if (orig_value && *orig_value) + { + int orig_value_len = strlen (orig_value); + int add_len = strlen (add); + new_value = XMALLOC (char, add_len + orig_value_len + 1); + if (to_end) + { + strcpy (new_value, orig_value); + strcpy (new_value + orig_value_len, add); + } + else + { + strcpy (new_value, add); + strcpy (new_value + add_len, orig_value); + } + } + else + { + new_value = xstrdup (add); + } + return new_value; +} + +void +lt_update_exe_path (const char *name, const char *value) +{ + lt_debugprintf (__FILE__, __LINE__, + "(lt_update_exe_path) modifying '%s' by prepending '%s'\n", + nonnull (name), nonnull (value)); + + if (name && *name && value && *value) + { + char *new_value = lt_extend_str (getenv (name), value, 0); + /* some systems can't cope with a ':'-terminated path #' */ + int len = strlen (new_value); + while (((len = strlen (new_value)) > 0) && IS_PATH_SEPARATOR (new_value[len-1])) + { + new_value[len-1] = '\0'; + } + lt_setenv (name, new_value); + XFREE (new_value); + } +} + +void +lt_update_lib_path (const char *name, const char *value) +{ + lt_debugprintf (__FILE__, __LINE__, + "(lt_update_lib_path) modifying '%s' by prepending '%s'\n", + nonnull (name), nonnull (value)); + + if (name && *name && value && *value) + { + char *new_value = lt_extend_str (getenv (name), value, 0); + lt_setenv (name, new_value); + XFREE (new_value); + } +} + +EOF + case $host_os in + mingw*) + cat <<"EOF" + +/* Prepares an argument vector before calling spawn(). + Note that spawn() does not by itself call the command interpreter + (getenv ("COMSPEC") != NULL ? getenv ("COMSPEC") : + ({ OSVERSIONINFO v; v.dwOSVersionInfoSize = sizeof(OSVERSIONINFO); + GetVersionEx(&v); + v.dwPlatformId == VER_PLATFORM_WIN32_NT; + }) ? "cmd.exe" : "command.com"). + Instead it simply concatenates the arguments, separated by ' ', and calls + CreateProcess(). We must quote the arguments since Win32 CreateProcess() + interprets characters like ' ', '\t', '\\', '"' (but not '<' and '>') in a + special way: + - Space and tab are interpreted as delimiters. They are not treated as + delimiters if they are surrounded by double quotes: "...". + - Unescaped double quotes are removed from the input. Their only effect is + that within double quotes, space and tab are treated like normal + characters. + - Backslashes not followed by double quotes are not special. + - But 2*n+1 backslashes followed by a double quote become + n backslashes followed by a double quote (n >= 0): + \" -> " + \\\" -> \" + \\\\\" -> \\" + */ +#define SHELL_SPECIAL_CHARS "\"\\ \001\002\003\004\005\006\007\010\011\012\013\014\015\016\017\020\021\022\023\024\025\026\027\030\031\032\033\034\035\036\037" +#define SHELL_SPACE_CHARS " \001\002\003\004\005\006\007\010\011\012\013\014\015\016\017\020\021\022\023\024\025\026\027\030\031\032\033\034\035\036\037" +char ** +prepare_spawn (char **argv) +{ + size_t argc; + char **new_argv; + size_t i; + + /* Count number of arguments. */ + for (argc = 0; argv[argc] != NULL; argc++) + ; + + /* Allocate new argument vector. */ + new_argv = XMALLOC (char *, argc + 1); + + /* Put quoted arguments into the new argument vector. */ + for (i = 0; i < argc; i++) + { + const char *string = argv[i]; + + if (string[0] == '\0') + new_argv[i] = xstrdup ("\"\""); + else if (strpbrk (string, SHELL_SPECIAL_CHARS) != NULL) + { + int quote_around = (strpbrk (string, SHELL_SPACE_CHARS) != NULL); + size_t length; + unsigned int backslashes; + const char *s; + char *quoted_string; + char *p; + + length = 0; + backslashes = 0; + if (quote_around) + length++; + for (s = string; *s != '\0'; s++) + { + char c = *s; + if (c == '"') + length += backslashes + 1; + length++; + if (c == '\\') + backslashes++; + else + backslashes = 0; + } + if (quote_around) + length += backslashes + 1; + + quoted_string = XMALLOC (char, length + 1); + + p = quoted_string; + backslashes = 0; + if (quote_around) + *p++ = '"'; + for (s = string; *s != '\0'; s++) + { + char c = *s; + if (c == '"') + { + unsigned int j; + for (j = backslashes + 1; j > 0; j--) + *p++ = '\\'; + } + *p++ = c; + if (c == '\\') + backslashes++; + else + backslashes = 0; + } + if (quote_around) + { + unsigned int j; + for (j = backslashes; j > 0; j--) + *p++ = '\\'; + *p++ = '"'; + } + *p = '\0'; + + new_argv[i] = quoted_string; + } + else + new_argv[i] = (char *) string; + } + new_argv[argc] = NULL; + + return new_argv; +} +EOF + ;; + esac + + cat <<"EOF" +void lt_dump_script (FILE* f) +{ +EOF + func_emit_wrapper yes | + $SED -n -e ' +s/^\(.\{79\}\)\(..*\)/\1\ +\2/ +h +s/\([\\"]\)/\\\1/g +s/$/\\n/ +s/\([^\n]*\).*/ fputs ("\1", f);/p +g +D' + cat <<"EOF" +} +EOF +} +# end: func_emit_cwrapperexe_src + +# func_win32_import_lib_p ARG +# True if ARG is an import lib, as indicated by $file_magic_cmd +func_win32_import_lib_p () +{ + $opt_debug + case `eval $file_magic_cmd \"\$1\" 2>/dev/null | $SED -e 10q` in + *import*) : ;; + *) false ;; + esac +} + +# func_mode_link arg... +func_mode_link () +{ + $opt_debug + case $host in + *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-cegcc*) + # It is impossible to link a dll without this setting, and + # we shouldn't force the makefile maintainer to figure out + # which system we are compiling for in order to pass an extra + # flag for every libtool invocation. + # allow_undefined=no + + # FIXME: Unfortunately, there are problems with the above when trying + # to make a dll which has undefined symbols, in which case not + # even a static library is built. For now, we need to specify + # -no-undefined on the libtool link line when we can be certain + # that all symbols are satisfied, otherwise we get a static library. + allow_undefined=yes + ;; + *) + allow_undefined=yes + ;; + esac + libtool_args=$nonopt + base_compile="$nonopt $@" + compile_command=$nonopt + finalize_command=$nonopt + + compile_rpath= + finalize_rpath= + compile_shlibpath= + finalize_shlibpath= + convenience= + old_convenience= + deplibs= + old_deplibs= + compiler_flags= + linker_flags= + dllsearchpath= + lib_search_path=`pwd` + inst_prefix_dir= + new_inherited_linker_flags= + + avoid_version=no + bindir= + dlfiles= + dlprefiles= + dlself=no + export_dynamic=no + export_symbols= + export_symbols_regex= + generated= + libobjs= + ltlibs= + module=no + no_install=no + objs= + non_pic_objects= + precious_files_regex= + prefer_static_libs=no + preload=no + prev= + prevarg= + release= + rpath= + xrpath= + perm_rpath= + temp_rpath= + thread_safe=no + vinfo= + vinfo_number=no + weak_libs= + single_module="${wl}-single_module" + func_infer_tag $base_compile + + # We need to know -static, to get the right output filenames. + for arg + do + case $arg in + -shared) + test "$build_libtool_libs" != yes && \ + func_fatal_configuration "can not build a shared library" + build_old_libs=no + break + ;; + -all-static | -static | -static-libtool-libs) + case $arg in + -all-static) + if test "$build_libtool_libs" = yes && test -z "$link_static_flag"; then + func_warning "complete static linking is impossible in this configuration" + fi + if test -n "$link_static_flag"; then + dlopen_self=$dlopen_self_static + fi + prefer_static_libs=yes + ;; + -static) + if test -z "$pic_flag" && test -n "$link_static_flag"; then + dlopen_self=$dlopen_self_static + fi + prefer_static_libs=built + ;; + -static-libtool-libs) + if test -z "$pic_flag" && test -n "$link_static_flag"; then + dlopen_self=$dlopen_self_static + fi + prefer_static_libs=yes + ;; + esac + build_libtool_libs=no + build_old_libs=yes + break + ;; + esac + done + + # See if our shared archives depend on static archives. + test -n "$old_archive_from_new_cmds" && build_old_libs=yes + + # Go through the arguments, transforming them on the way. + while test "$#" -gt 0; do + arg="$1" + shift + func_quote_for_eval "$arg" + qarg=$func_quote_for_eval_unquoted_result + func_append libtool_args " $func_quote_for_eval_result" + + # If the previous option needs an argument, assign it. + if test -n "$prev"; then + case $prev in + output) + func_append compile_command " @OUTPUT@" + func_append finalize_command " @OUTPUT@" + ;; + esac + + case $prev in + bindir) + bindir="$arg" + prev= + continue + ;; + dlfiles|dlprefiles) + if test "$preload" = no; then + # Add the symbol object into the linking commands. + func_append compile_command " @SYMFILE@" + func_append finalize_command " @SYMFILE@" + preload=yes + fi + case $arg in + *.la | *.lo) ;; # We handle these cases below. + force) + if test "$dlself" = no; then + dlself=needless + export_dynamic=yes + fi + prev= + continue + ;; + self) + if test "$prev" = dlprefiles; then + dlself=yes + elif test "$prev" = dlfiles && test "$dlopen_self" != yes; then + dlself=yes + else + dlself=needless + export_dynamic=yes + fi + prev= + continue + ;; + *) + if test "$prev" = dlfiles; then + func_append dlfiles " $arg" + else + func_append dlprefiles " $arg" + fi + prev= + continue + ;; + esac + ;; + expsyms) + export_symbols="$arg" + test -f "$arg" \ + || func_fatal_error "symbol file \`$arg' does not exist" + prev= + continue + ;; + expsyms_regex) + export_symbols_regex="$arg" + prev= + continue + ;; + framework) + case $host in + *-*-darwin*) + case "$deplibs " in + *" $qarg.ltframework "*) ;; + *) func_append deplibs " $qarg.ltframework" # this is fixed later + ;; + esac + ;; + esac + prev= + continue + ;; + inst_prefix) + inst_prefix_dir="$arg" + prev= + continue + ;; + objectlist) + if test -f "$arg"; then + save_arg=$arg + moreargs= + for fil in `cat "$save_arg"` + do +# func_append moreargs " $fil" + arg=$fil + # A libtool-controlled object. + + # Check to see that this really is a libtool object. + if func_lalib_unsafe_p "$arg"; then + pic_object= + non_pic_object= + + # Read the .lo file + func_source "$arg" + + if test -z "$pic_object" || + test -z "$non_pic_object" || + test "$pic_object" = none && + test "$non_pic_object" = none; then + func_fatal_error "cannot find name of object for \`$arg'" + fi + + # Extract subdirectory from the argument. + func_dirname "$arg" "/" "" + xdir="$func_dirname_result" + + if test "$pic_object" != none; then + # Prepend the subdirectory the object is found in. + pic_object="$xdir$pic_object" + + if test "$prev" = dlfiles; then + if test "$build_libtool_libs" = yes && test "$dlopen_support" = yes; then + func_append dlfiles " $pic_object" + prev= + continue + else + # If libtool objects are unsupported, then we need to preload. + prev=dlprefiles + fi + fi + + # CHECK ME: I think I busted this. -Ossama + if test "$prev" = dlprefiles; then + # Preload the old-style object. + func_append dlprefiles " $pic_object" + prev= + fi + + # A PIC object. + func_append libobjs " $pic_object" + arg="$pic_object" + fi + + # Non-PIC object. + if test "$non_pic_object" != none; then + # Prepend the subdirectory the object is found in. + non_pic_object="$xdir$non_pic_object" + + # A standard non-PIC object + func_append non_pic_objects " $non_pic_object" + if test -z "$pic_object" || test "$pic_object" = none ; then + arg="$non_pic_object" + fi + else + # If the PIC object exists, use it instead. + # $xdir was prepended to $pic_object above. + non_pic_object="$pic_object" + func_append non_pic_objects " $non_pic_object" + fi + else + # Only an error if not doing a dry-run. + if $opt_dry_run; then + # Extract subdirectory from the argument. + func_dirname "$arg" "/" "" + xdir="$func_dirname_result" + + func_lo2o "$arg" + pic_object=$xdir$objdir/$func_lo2o_result + non_pic_object=$xdir$func_lo2o_result + func_append libobjs " $pic_object" + func_append non_pic_objects " $non_pic_object" + else + func_fatal_error "\`$arg' is not a valid libtool object" + fi + fi + done + else + func_fatal_error "link input file \`$arg' does not exist" + fi + arg=$save_arg + prev= + continue + ;; + precious_regex) + precious_files_regex="$arg" + prev= + continue + ;; + release) + release="-$arg" + prev= + continue + ;; + rpath | xrpath) + # We need an absolute path. + case $arg in + [\\/]* | [A-Za-z]:[\\/]*) ;; + *) + func_fatal_error "only absolute run-paths are allowed" + ;; + esac + if test "$prev" = rpath; then + case "$rpath " in + *" $arg "*) ;; + *) func_append rpath " $arg" ;; + esac + else + case "$xrpath " in + *" $arg "*) ;; + *) func_append xrpath " $arg" ;; + esac + fi + prev= + continue + ;; + shrext) + shrext_cmds="$arg" + prev= + continue + ;; + weak) + func_append weak_libs " $arg" + prev= + continue + ;; + xcclinker) + func_append linker_flags " $qarg" + func_append compiler_flags " $qarg" + prev= + func_append compile_command " $qarg" + func_append finalize_command " $qarg" + continue + ;; + xcompiler) + func_append compiler_flags " $qarg" + prev= + func_append compile_command " $qarg" + func_append finalize_command " $qarg" + continue + ;; + xlinker) + func_append linker_flags " $qarg" + func_append compiler_flags " $wl$qarg" + prev= + func_append compile_command " $wl$qarg" + func_append finalize_command " $wl$qarg" + continue + ;; + *) + eval "$prev=\"\$arg\"" + prev= + continue + ;; + esac + fi # test -n "$prev" + + prevarg="$arg" + + case $arg in + -all-static) + if test -n "$link_static_flag"; then + # See comment for -static flag below, for more details. + func_append compile_command " $link_static_flag" + func_append finalize_command " $link_static_flag" + fi + continue + ;; + + -allow-undefined) + # FIXME: remove this flag sometime in the future. + func_fatal_error "\`-allow-undefined' must not be used because it is the default" + ;; + + -avoid-version) + avoid_version=yes + continue + ;; + + -bindir) + prev=bindir + continue + ;; + + -dlopen) + prev=dlfiles + continue + ;; + + -dlpreopen) + prev=dlprefiles + continue + ;; + + -export-dynamic) + export_dynamic=yes + continue + ;; + + -export-symbols | -export-symbols-regex) + if test -n "$export_symbols" || test -n "$export_symbols_regex"; then + func_fatal_error "more than one -exported-symbols argument is not allowed" + fi + if test "X$arg" = "X-export-symbols"; then + prev=expsyms + else + prev=expsyms_regex + fi + continue + ;; + + -framework) + prev=framework + continue + ;; + + -inst-prefix-dir) + prev=inst_prefix + continue + ;; + + # The native IRIX linker understands -LANG:*, -LIST:* and -LNO:* + # so, if we see these flags be careful not to treat them like -L + -L[A-Z][A-Z]*:*) + case $with_gcc/$host in + no/*-*-irix* | /*-*-irix*) + func_append compile_command " $arg" + func_append finalize_command " $arg" + ;; + esac + continue + ;; + + -L*) + func_stripname "-L" '' "$arg" + if test -z "$func_stripname_result"; then + if test "$#" -gt 0; then + func_fatal_error "require no space between \`-L' and \`$1'" + else + func_fatal_error "need path for \`-L' option" + fi + fi + func_resolve_sysroot "$func_stripname_result" + dir=$func_resolve_sysroot_result + # We need an absolute path. + case $dir in + [\\/]* | [A-Za-z]:[\\/]*) ;; + *) + absdir=`cd "$dir" && pwd` + test -z "$absdir" && \ + func_fatal_error "cannot determine absolute directory name of \`$dir'" + dir="$absdir" + ;; + esac + case "$deplibs " in + *" -L$dir "* | *" $arg "*) + # Will only happen for absolute or sysroot arguments + ;; + *) + # Preserve sysroot, but never include relative directories + case $dir in + [\\/]* | [A-Za-z]:[\\/]* | =*) func_append deplibs " $arg" ;; + *) func_append deplibs " -L$dir" ;; + esac + func_append lib_search_path " $dir" + ;; + esac + case $host in + *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-cegcc*) + testbindir=`$ECHO "$dir" | $SED 's*/lib$*/bin*'` + case :$dllsearchpath: in + *":$dir:"*) ;; + ::) dllsearchpath=$dir;; + *) func_append dllsearchpath ":$dir";; + esac + case :$dllsearchpath: in + *":$testbindir:"*) ;; + ::) dllsearchpath=$testbindir;; + *) func_append dllsearchpath ":$testbindir";; + esac + ;; + esac + continue + ;; + + -l*) + if test "X$arg" = "X-lc" || test "X$arg" = "X-lm"; then + case $host in + *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-beos* | *-cegcc* | *-*-haiku*) + # These systems don't actually have a C or math library (as such) + continue + ;; + *-*-os2*) + # These systems don't actually have a C library (as such) + test "X$arg" = "X-lc" && continue + ;; + *-*-openbsd* | *-*-freebsd* | *-*-dragonfly*) + # Do not include libc due to us having libc/libc_r. + test "X$arg" = "X-lc" && continue + ;; + *-*-rhapsody* | *-*-darwin1.[012]) + # Rhapsody C and math libraries are in the System framework + func_append deplibs " System.ltframework" + continue + ;; + *-*-sco3.2v5* | *-*-sco5v6*) + # Causes problems with __ctype + test "X$arg" = "X-lc" && continue + ;; + *-*-sysv4.2uw2* | *-*-sysv5* | *-*-unixware* | *-*-OpenUNIX*) + # Compiler inserts libc in the correct place for threads to work + test "X$arg" = "X-lc" && continue + ;; + esac + elif test "X$arg" = "X-lc_r"; then + case $host in + *-*-openbsd* | *-*-freebsd* | *-*-dragonfly*) + # Do not include libc_r directly, use -pthread flag. + continue + ;; + esac + fi + func_append deplibs " $arg" + continue + ;; + + -module) + module=yes + continue + ;; + + # Tru64 UNIX uses -model [arg] to determine the layout of C++ + # classes, name mangling, and exception handling. + # Darwin uses the -arch flag to determine output architecture. + -model|-arch|-isysroot|--sysroot) + func_append compiler_flags " $arg" + func_append compile_command " $arg" + func_append finalize_command " $arg" + prev=xcompiler + continue + ;; + + -mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe \ + |-threads|-fopenmp|-openmp|-mp|-xopenmp|-omp|-qsmp=*) + func_append compiler_flags " $arg" + func_append compile_command " $arg" + func_append finalize_command " $arg" + case "$new_inherited_linker_flags " in + *" $arg "*) ;; + * ) func_append new_inherited_linker_flags " $arg" ;; + esac + continue + ;; + + -multi_module) + single_module="${wl}-multi_module" + continue + ;; + + -no-fast-install) + fast_install=no + continue + ;; + + -no-install) + case $host in + *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-*-darwin* | *-cegcc*) + # The PATH hackery in wrapper scripts is required on Windows + # and Darwin in order for the loader to find any dlls it needs. + func_warning "\`-no-install' is ignored for $host" + func_warning "assuming \`-no-fast-install' instead" + fast_install=no + ;; + *) no_install=yes ;; + esac + continue + ;; + + -no-undefined) + allow_undefined=no + continue + ;; + + -objectlist) + prev=objectlist + continue + ;; + + -o) prev=output ;; + + -precious-files-regex) + prev=precious_regex + continue + ;; + + -release) + prev=release + continue + ;; + + -rpath) + prev=rpath + continue + ;; + + -R) + prev=xrpath + continue + ;; + + -R*) + func_stripname '-R' '' "$arg" + dir=$func_stripname_result + # We need an absolute path. + case $dir in + [\\/]* | [A-Za-z]:[\\/]*) ;; + =*) + func_stripname '=' '' "$dir" + dir=$lt_sysroot$func_stripname_result + ;; + *) + func_fatal_error "only absolute run-paths are allowed" + ;; + esac + case "$xrpath " in + *" $dir "*) ;; + *) func_append xrpath " $dir" ;; + esac + continue + ;; + + -shared) + # The effects of -shared are defined in a previous loop. + continue + ;; + + -shrext) + prev=shrext + continue + ;; + + -static | -static-libtool-libs) + # The effects of -static are defined in a previous loop. + # We used to do the same as -all-static on platforms that + # didn't have a PIC flag, but the assumption that the effects + # would be equivalent was wrong. It would break on at least + # Digital Unix and AIX. + continue + ;; + + -thread-safe) + thread_safe=yes + continue + ;; + + -version-info) + prev=vinfo + continue + ;; + + -version-number) + prev=vinfo + vinfo_number=yes + continue + ;; + + -weak) + prev=weak + continue + ;; + + -Wc,*) + func_stripname '-Wc,' '' "$arg" + args=$func_stripname_result + arg= + save_ifs="$IFS"; IFS=',' + for flag in $args; do + IFS="$save_ifs" + func_quote_for_eval "$flag" + func_append arg " $func_quote_for_eval_result" + func_append compiler_flags " $func_quote_for_eval_result" + done + IFS="$save_ifs" + func_stripname ' ' '' "$arg" + arg=$func_stripname_result + ;; + + -Wl,*) + func_stripname '-Wl,' '' "$arg" + args=$func_stripname_result + arg= + save_ifs="$IFS"; IFS=',' + for flag in $args; do + IFS="$save_ifs" + func_quote_for_eval "$flag" + func_append arg " $wl$func_quote_for_eval_result" + func_append compiler_flags " $wl$func_quote_for_eval_result" + func_append linker_flags " $func_quote_for_eval_result" + done + IFS="$save_ifs" + func_stripname ' ' '' "$arg" + arg=$func_stripname_result + ;; + + -Xcompiler) + prev=xcompiler + continue + ;; + + -Xlinker) + prev=xlinker + continue + ;; + + -XCClinker) + prev=xcclinker + continue + ;; + + # -msg_* for osf cc + -msg_*) + func_quote_for_eval "$arg" + arg="$func_quote_for_eval_result" + ;; + + # Flags to be passed through unchanged, with rationale: + # -64, -mips[0-9] enable 64-bit mode for the SGI compiler + # -r[0-9][0-9]* specify processor for the SGI compiler + # -xarch=*, -xtarget=* enable 64-bit mode for the Sun compiler + # +DA*, +DD* enable 64-bit mode for the HP compiler + # -q* compiler args for the IBM compiler + # -m*, -t[45]*, -txscale* architecture-specific flags for GCC + # -F/path path to uninstalled frameworks, gcc on darwin + # -p, -pg, --coverage, -fprofile-* profiling flags for GCC + # @file GCC response files + # -tp=* Portland pgcc target processor selection + # --sysroot=* for sysroot support + # -O*, -flto*, -fwhopr*, -fuse-linker-plugin GCC link-time optimization + -64|-mips[0-9]|-r[0-9][0-9]*|-xarch=*|-xtarget=*|+DA*|+DD*|-q*|-m*| \ + -t[45]*|-txscale*|-p|-pg|--coverage|-fprofile-*|-F*|@*|-tp=*|--sysroot=*| \ + -O*|-flto*|-fwhopr*|-fuse-linker-plugin) + func_quote_for_eval "$arg" + arg="$func_quote_for_eval_result" + func_append compile_command " $arg" + func_append finalize_command " $arg" + func_append compiler_flags " $arg" + continue + ;; + + # Some other compiler flag. + -* | +*) + func_quote_for_eval "$arg" + arg="$func_quote_for_eval_result" + ;; + + *.$objext) + # A standard object. + func_append objs " $arg" + ;; + + *.lo) + # A libtool-controlled object. + + # Check to see that this really is a libtool object. + if func_lalib_unsafe_p "$arg"; then + pic_object= + non_pic_object= + + # Read the .lo file + func_source "$arg" + + if test -z "$pic_object" || + test -z "$non_pic_object" || + test "$pic_object" = none && + test "$non_pic_object" = none; then + func_fatal_error "cannot find name of object for \`$arg'" + fi + + # Extract subdirectory from the argument. + func_dirname "$arg" "/" "" + xdir="$func_dirname_result" + + if test "$pic_object" != none; then + # Prepend the subdirectory the object is found in. + pic_object="$xdir$pic_object" + + if test "$prev" = dlfiles; then + if test "$build_libtool_libs" = yes && test "$dlopen_support" = yes; then + func_append dlfiles " $pic_object" + prev= + continue + else + # If libtool objects are unsupported, then we need to preload. + prev=dlprefiles + fi + fi + + # CHECK ME: I think I busted this. -Ossama + if test "$prev" = dlprefiles; then + # Preload the old-style object. + func_append dlprefiles " $pic_object" + prev= + fi + + # A PIC object. + func_append libobjs " $pic_object" + arg="$pic_object" + fi + + # Non-PIC object. + if test "$non_pic_object" != none; then + # Prepend the subdirectory the object is found in. + non_pic_object="$xdir$non_pic_object" + + # A standard non-PIC object + func_append non_pic_objects " $non_pic_object" + if test -z "$pic_object" || test "$pic_object" = none ; then + arg="$non_pic_object" + fi + else + # If the PIC object exists, use it instead. + # $xdir was prepended to $pic_object above. + non_pic_object="$pic_object" + func_append non_pic_objects " $non_pic_object" + fi + else + # Only an error if not doing a dry-run. + if $opt_dry_run; then + # Extract subdirectory from the argument. + func_dirname "$arg" "/" "" + xdir="$func_dirname_result" + + func_lo2o "$arg" + pic_object=$xdir$objdir/$func_lo2o_result + non_pic_object=$xdir$func_lo2o_result + func_append libobjs " $pic_object" + func_append non_pic_objects " $non_pic_object" + else + func_fatal_error "\`$arg' is not a valid libtool object" + fi + fi + ;; + + *.$libext) + # An archive. + func_append deplibs " $arg" + func_append old_deplibs " $arg" + continue + ;; + + *.la) + # A libtool-controlled library. + + func_resolve_sysroot "$arg" + if test "$prev" = dlfiles; then + # This library was specified with -dlopen. + func_append dlfiles " $func_resolve_sysroot_result" + prev= + elif test "$prev" = dlprefiles; then + # The library was specified with -dlpreopen. + func_append dlprefiles " $func_resolve_sysroot_result" + prev= + else + func_append deplibs " $func_resolve_sysroot_result" + fi + continue + ;; + + # Some other compiler argument. + *) + # Unknown arguments in both finalize_command and compile_command need + # to be aesthetically quoted because they are evaled later. + func_quote_for_eval "$arg" + arg="$func_quote_for_eval_result" + ;; + esac # arg + + # Now actually substitute the argument into the commands. + if test -n "$arg"; then + func_append compile_command " $arg" + func_append finalize_command " $arg" + fi + done # argument parsing loop + + test -n "$prev" && \ + func_fatal_help "the \`$prevarg' option requires an argument" + + if test "$export_dynamic" = yes && test -n "$export_dynamic_flag_spec"; then + eval arg=\"$export_dynamic_flag_spec\" + func_append compile_command " $arg" + func_append finalize_command " $arg" + fi + + oldlibs= + # calculate the name of the file, without its directory + func_basename "$output" + outputname="$func_basename_result" + libobjs_save="$libobjs" + + if test -n "$shlibpath_var"; then + # get the directories listed in $shlibpath_var + eval shlib_search_path=\`\$ECHO \"\${$shlibpath_var}\" \| \$SED \'s/:/ /g\'\` + else + shlib_search_path= + fi + eval sys_lib_search_path=\"$sys_lib_search_path_spec\" + eval sys_lib_dlsearch_path=\"$sys_lib_dlsearch_path_spec\" + + func_dirname "$output" "/" "" + output_objdir="$func_dirname_result$objdir" + func_to_tool_file "$output_objdir/" + tool_output_objdir=$func_to_tool_file_result + # Create the object directory. + func_mkdir_p "$output_objdir" + + # Determine the type of output + case $output in + "") + func_fatal_help "you must specify an output file" + ;; + *.$libext) linkmode=oldlib ;; + *.lo | *.$objext) linkmode=obj ;; + *.la) linkmode=lib ;; + *) linkmode=prog ;; # Anything else should be a program. + esac + + specialdeplibs= + + libs= + # Find all interdependent deplibs by searching for libraries + # that are linked more than once (e.g. -la -lb -la) + for deplib in $deplibs; do + if $opt_preserve_dup_deps ; then + case "$libs " in + *" $deplib "*) func_append specialdeplibs " $deplib" ;; + esac + fi + func_append libs " $deplib" + done + + if test "$linkmode" = lib; then + libs="$predeps $libs $compiler_lib_search_path $postdeps" + + # Compute libraries that are listed more than once in $predeps + # $postdeps and mark them as special (i.e., whose duplicates are + # not to be eliminated). + pre_post_deps= + if $opt_duplicate_compiler_generated_deps; then + for pre_post_dep in $predeps $postdeps; do + case "$pre_post_deps " in + *" $pre_post_dep "*) func_append specialdeplibs " $pre_post_deps" ;; + esac + func_append pre_post_deps " $pre_post_dep" + done + fi + pre_post_deps= + fi + + deplibs= + newdependency_libs= + newlib_search_path= + need_relink=no # whether we're linking any uninstalled libtool libraries + notinst_deplibs= # not-installed libtool libraries + notinst_path= # paths that contain not-installed libtool libraries + + case $linkmode in + lib) + passes="conv dlpreopen link" + for file in $dlfiles $dlprefiles; do + case $file in + *.la) ;; + *) + func_fatal_help "libraries can \`-dlopen' only libtool libraries: $file" + ;; + esac + done + ;; + prog) + compile_deplibs= + finalize_deplibs= + alldeplibs=no + newdlfiles= + newdlprefiles= + passes="conv scan dlopen dlpreopen link" + ;; + *) passes="conv" + ;; + esac + + for pass in $passes; do + # The preopen pass in lib mode reverses $deplibs; put it back here + # so that -L comes before libs that need it for instance... + if test "$linkmode,$pass" = "lib,link"; then + ## FIXME: Find the place where the list is rebuilt in the wrong + ## order, and fix it there properly + tmp_deplibs= + for deplib in $deplibs; do + tmp_deplibs="$deplib $tmp_deplibs" + done + deplibs="$tmp_deplibs" + fi + + if test "$linkmode,$pass" = "lib,link" || + test "$linkmode,$pass" = "prog,scan"; then + libs="$deplibs" + deplibs= + fi + if test "$linkmode" = prog; then + case $pass in + dlopen) libs="$dlfiles" ;; + dlpreopen) libs="$dlprefiles" ;; + link) libs="$deplibs %DEPLIBS% $dependency_libs" ;; + esac + fi + if test "$linkmode,$pass" = "lib,dlpreopen"; then + # Collect and forward deplibs of preopened libtool libs + for lib in $dlprefiles; do + # Ignore non-libtool-libs + dependency_libs= + func_resolve_sysroot "$lib" + case $lib in + *.la) func_source "$func_resolve_sysroot_result" ;; + esac + + # Collect preopened libtool deplibs, except any this library + # has declared as weak libs + for deplib in $dependency_libs; do + func_basename "$deplib" + deplib_base=$func_basename_result + case " $weak_libs " in + *" $deplib_base "*) ;; + *) func_append deplibs " $deplib" ;; + esac + done + done + libs="$dlprefiles" + fi + if test "$pass" = dlopen; then + # Collect dlpreopened libraries + save_deplibs="$deplibs" + deplibs= + fi + + for deplib in $libs; do + lib= + found=no + case $deplib in + -mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe \ + |-threads|-fopenmp|-openmp|-mp|-xopenmp|-omp|-qsmp=*) + if test "$linkmode,$pass" = "prog,link"; then + compile_deplibs="$deplib $compile_deplibs" + finalize_deplibs="$deplib $finalize_deplibs" + else + func_append compiler_flags " $deplib" + if test "$linkmode" = lib ; then + case "$new_inherited_linker_flags " in + *" $deplib "*) ;; + * ) func_append new_inherited_linker_flags " $deplib" ;; + esac + fi + fi + continue + ;; + -l*) + if test "$linkmode" != lib && test "$linkmode" != prog; then + func_warning "\`-l' is ignored for archives/objects" + continue + fi + func_stripname '-l' '' "$deplib" + name=$func_stripname_result + if test "$linkmode" = lib; then + searchdirs="$newlib_search_path $lib_search_path $compiler_lib_search_dirs $sys_lib_search_path $shlib_search_path" + else + searchdirs="$newlib_search_path $lib_search_path $sys_lib_search_path $shlib_search_path" + fi + for searchdir in $searchdirs; do + for search_ext in .la $std_shrext .so .a; do + # Search the libtool library + lib="$searchdir/lib${name}${search_ext}" + if test -f "$lib"; then + if test "$search_ext" = ".la"; then + found=yes + else + found=no + fi + break 2 + fi + done + done + if test "$found" != yes; then + # deplib doesn't seem to be a libtool library + if test "$linkmode,$pass" = "prog,link"; then + compile_deplibs="$deplib $compile_deplibs" + finalize_deplibs="$deplib $finalize_deplibs" + else + deplibs="$deplib $deplibs" + test "$linkmode" = lib && newdependency_libs="$deplib $newdependency_libs" + fi + continue + else # deplib is a libtool library + # If $allow_libtool_libs_with_static_runtimes && $deplib is a stdlib, + # We need to do some special things here, and not later. + if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then + case " $predeps $postdeps " in + *" $deplib "*) + if func_lalib_p "$lib"; then + library_names= + old_library= + func_source "$lib" + for l in $old_library $library_names; do + ll="$l" + done + if test "X$ll" = "X$old_library" ; then # only static version available + found=no + func_dirname "$lib" "" "." + ladir="$func_dirname_result" + lib=$ladir/$old_library + if test "$linkmode,$pass" = "prog,link"; then + compile_deplibs="$deplib $compile_deplibs" + finalize_deplibs="$deplib $finalize_deplibs" + else + deplibs="$deplib $deplibs" + test "$linkmode" = lib && newdependency_libs="$deplib $newdependency_libs" + fi + continue + fi + fi + ;; + *) ;; + esac + fi + fi + ;; # -l + *.ltframework) + if test "$linkmode,$pass" = "prog,link"; then + compile_deplibs="$deplib $compile_deplibs" + finalize_deplibs="$deplib $finalize_deplibs" + else + deplibs="$deplib $deplibs" + if test "$linkmode" = lib ; then + case "$new_inherited_linker_flags " in + *" $deplib "*) ;; + * ) func_append new_inherited_linker_flags " $deplib" ;; + esac + fi + fi + continue + ;; + -L*) + case $linkmode in + lib) + deplibs="$deplib $deplibs" + test "$pass" = conv && continue + newdependency_libs="$deplib $newdependency_libs" + func_stripname '-L' '' "$deplib" + func_resolve_sysroot "$func_stripname_result" + func_append newlib_search_path " $func_resolve_sysroot_result" + ;; + prog) + if test "$pass" = conv; then + deplibs="$deplib $deplibs" + continue + fi + if test "$pass" = scan; then + deplibs="$deplib $deplibs" + else + compile_deplibs="$deplib $compile_deplibs" + finalize_deplibs="$deplib $finalize_deplibs" + fi + func_stripname '-L' '' "$deplib" + func_resolve_sysroot "$func_stripname_result" + func_append newlib_search_path " $func_resolve_sysroot_result" + ;; + *) + func_warning "\`-L' is ignored for archives/objects" + ;; + esac # linkmode + continue + ;; # -L + -R*) + if test "$pass" = link; then + func_stripname '-R' '' "$deplib" + func_resolve_sysroot "$func_stripname_result" + dir=$func_resolve_sysroot_result + # Make sure the xrpath contains only unique directories. + case "$xrpath " in + *" $dir "*) ;; + *) func_append xrpath " $dir" ;; + esac + fi + deplibs="$deplib $deplibs" + continue + ;; + *.la) + func_resolve_sysroot "$deplib" + lib=$func_resolve_sysroot_result + ;; + *.$libext) + if test "$pass" = conv; then + deplibs="$deplib $deplibs" + continue + fi + case $linkmode in + lib) + # Linking convenience modules into shared libraries is allowed, + # but linking other static libraries is non-portable. + case " $dlpreconveniencelibs " in + *" $deplib "*) ;; + *) + valid_a_lib=no + case $deplibs_check_method in + match_pattern*) + set dummy $deplibs_check_method; shift + match_pattern_regex=`expr "$deplibs_check_method" : "$1 \(.*\)"` + if eval "\$ECHO \"$deplib\"" 2>/dev/null | $SED 10q \ + | $EGREP "$match_pattern_regex" > /dev/null; then + valid_a_lib=yes + fi + ;; + pass_all) + valid_a_lib=yes + ;; + esac + if test "$valid_a_lib" != yes; then + echo + $ECHO "*** Warning: Trying to link with static lib archive $deplib." + echo "*** I have the capability to make that library automatically link in when" + echo "*** you link to this library. But I can only do this if you have a" + echo "*** shared version of the library, which you do not appear to have" + echo "*** because the file extensions .$libext of this argument makes me believe" + echo "*** that it is just a static archive that I should not use here." + else + echo + $ECHO "*** Warning: Linking the shared library $output against the" + $ECHO "*** static library $deplib is not portable!" + deplibs="$deplib $deplibs" + fi + ;; + esac + continue + ;; + prog) + if test "$pass" != link; then + deplibs="$deplib $deplibs" + else + compile_deplibs="$deplib $compile_deplibs" + finalize_deplibs="$deplib $finalize_deplibs" + fi + continue + ;; + esac # linkmode + ;; # *.$libext + *.lo | *.$objext) + if test "$pass" = conv; then + deplibs="$deplib $deplibs" + elif test "$linkmode" = prog; then + if test "$pass" = dlpreopen || test "$dlopen_support" != yes || test "$build_libtool_libs" = no; then + # If there is no dlopen support or we're linking statically, + # we need to preload. + func_append newdlprefiles " $deplib" + compile_deplibs="$deplib $compile_deplibs" + finalize_deplibs="$deplib $finalize_deplibs" + else + func_append newdlfiles " $deplib" + fi + fi + continue + ;; + %DEPLIBS%) + alldeplibs=yes + continue + ;; + esac # case $deplib + + if test "$found" = yes || test -f "$lib"; then : + else + func_fatal_error "cannot find the library \`$lib' or unhandled argument \`$deplib'" + fi + + # Check to see that this really is a libtool archive. + func_lalib_unsafe_p "$lib" \ + || func_fatal_error "\`$lib' is not a valid libtool archive" + + func_dirname "$lib" "" "." + ladir="$func_dirname_result" + + dlname= + dlopen= + dlpreopen= + libdir= + library_names= + old_library= + inherited_linker_flags= + # If the library was installed with an old release of libtool, + # it will not redefine variables installed, or shouldnotlink + installed=yes + shouldnotlink=no + avoidtemprpath= + + + # Read the .la file + func_source "$lib" + + # Convert "-framework foo" to "foo.ltframework" + if test -n "$inherited_linker_flags"; then + tmp_inherited_linker_flags=`$ECHO "$inherited_linker_flags" | $SED 's/-framework \([^ $]*\)/\1.ltframework/g'` + for tmp_inherited_linker_flag in $tmp_inherited_linker_flags; do + case " $new_inherited_linker_flags " in + *" $tmp_inherited_linker_flag "*) ;; + *) func_append new_inherited_linker_flags " $tmp_inherited_linker_flag";; + esac + done + fi + dependency_libs=`$ECHO " $dependency_libs" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'` + if test "$linkmode,$pass" = "lib,link" || + test "$linkmode,$pass" = "prog,scan" || + { test "$linkmode" != prog && test "$linkmode" != lib; }; then + test -n "$dlopen" && func_append dlfiles " $dlopen" + test -n "$dlpreopen" && func_append dlprefiles " $dlpreopen" + fi + + if test "$pass" = conv; then + # Only check for convenience libraries + deplibs="$lib $deplibs" + if test -z "$libdir"; then + if test -z "$old_library"; then + func_fatal_error "cannot find name of link library for \`$lib'" + fi + # It is a libtool convenience library, so add in its objects. + func_append convenience " $ladir/$objdir/$old_library" + func_append old_convenience " $ladir/$objdir/$old_library" + elif test "$linkmode" != prog && test "$linkmode" != lib; then + func_fatal_error "\`$lib' is not a convenience library" + fi + tmp_libs= + for deplib in $dependency_libs; do + deplibs="$deplib $deplibs" + if $opt_preserve_dup_deps ; then + case "$tmp_libs " in + *" $deplib "*) func_append specialdeplibs " $deplib" ;; + esac + fi + func_append tmp_libs " $deplib" + done + continue + fi # $pass = conv + + + # Get the name of the library we link against. + linklib= + if test -n "$old_library" && + { test "$prefer_static_libs" = yes || + test "$prefer_static_libs,$installed" = "built,no"; }; then + linklib=$old_library + else + for l in $old_library $library_names; do + linklib="$l" + done + fi + if test -z "$linklib"; then + func_fatal_error "cannot find name of link library for \`$lib'" + fi + + # This library was specified with -dlopen. + if test "$pass" = dlopen; then + if test -z "$libdir"; then + func_fatal_error "cannot -dlopen a convenience library: \`$lib'" + fi + if test -z "$dlname" || + test "$dlopen_support" != yes || + test "$build_libtool_libs" = no; then + # If there is no dlname, no dlopen support or we're linking + # statically, we need to preload. We also need to preload any + # dependent libraries so libltdl's deplib preloader doesn't + # bomb out in the load deplibs phase. + func_append dlprefiles " $lib $dependency_libs" + else + func_append newdlfiles " $lib" + fi + continue + fi # $pass = dlopen + + # We need an absolute path. + case $ladir in + [\\/]* | [A-Za-z]:[\\/]*) abs_ladir="$ladir" ;; + *) + abs_ladir=`cd "$ladir" && pwd` + if test -z "$abs_ladir"; then + func_warning "cannot determine absolute directory name of \`$ladir'" + func_warning "passing it literally to the linker, although it might fail" + abs_ladir="$ladir" + fi + ;; + esac + func_basename "$lib" + laname="$func_basename_result" + + # Find the relevant object directory and library name. + if test "X$installed" = Xyes; then + if test ! -f "$lt_sysroot$libdir/$linklib" && test -f "$abs_ladir/$linklib"; then + func_warning "library \`$lib' was moved." + dir="$ladir" + absdir="$abs_ladir" + libdir="$abs_ladir" + else + dir="$lt_sysroot$libdir" + absdir="$lt_sysroot$libdir" + fi + test "X$hardcode_automatic" = Xyes && avoidtemprpath=yes + else + if test ! -f "$ladir/$objdir/$linklib" && test -f "$abs_ladir/$linklib"; then + dir="$ladir" + absdir="$abs_ladir" + # Remove this search path later + func_append notinst_path " $abs_ladir" + else + dir="$ladir/$objdir" + absdir="$abs_ladir/$objdir" + # Remove this search path later + func_append notinst_path " $abs_ladir" + fi + fi # $installed = yes + func_stripname 'lib' '.la' "$laname" + name=$func_stripname_result + + # This library was specified with -dlpreopen. + if test "$pass" = dlpreopen; then + if test -z "$libdir" && test "$linkmode" = prog; then + func_fatal_error "only libraries may -dlpreopen a convenience library: \`$lib'" + fi + case "$host" in + # special handling for platforms with PE-DLLs. + *cygwin* | *mingw* | *cegcc* ) + # Linker will automatically link against shared library if both + # static and shared are present. Therefore, ensure we extract + # symbols from the import library if a shared library is present + # (otherwise, the dlopen module name will be incorrect). We do + # this by putting the import library name into $newdlprefiles. + # We recover the dlopen module name by 'saving' the la file + # name in a special purpose variable, and (later) extracting the + # dlname from the la file. + if test -n "$dlname"; then + func_tr_sh "$dir/$linklib" + eval "libfile_$func_tr_sh_result=\$abs_ladir/\$laname" + func_append newdlprefiles " $dir/$linklib" + else + func_append newdlprefiles " $dir/$old_library" + # Keep a list of preopened convenience libraries to check + # that they are being used correctly in the link pass. + test -z "$libdir" && \ + func_append dlpreconveniencelibs " $dir/$old_library" + fi + ;; + * ) + # Prefer using a static library (so that no silly _DYNAMIC symbols + # are required to link). + if test -n "$old_library"; then + func_append newdlprefiles " $dir/$old_library" + # Keep a list of preopened convenience libraries to check + # that they are being used correctly in the link pass. + test -z "$libdir" && \ + func_append dlpreconveniencelibs " $dir/$old_library" + # Otherwise, use the dlname, so that lt_dlopen finds it. + elif test -n "$dlname"; then + func_append newdlprefiles " $dir/$dlname" + else + func_append newdlprefiles " $dir/$linklib" + fi + ;; + esac + fi # $pass = dlpreopen + + if test -z "$libdir"; then + # Link the convenience library + if test "$linkmode" = lib; then + deplibs="$dir/$old_library $deplibs" + elif test "$linkmode,$pass" = "prog,link"; then + compile_deplibs="$dir/$old_library $compile_deplibs" + finalize_deplibs="$dir/$old_library $finalize_deplibs" + else + deplibs="$lib $deplibs" # used for prog,scan pass + fi + continue + fi + + + if test "$linkmode" = prog && test "$pass" != link; then + func_append newlib_search_path " $ladir" + deplibs="$lib $deplibs" + + linkalldeplibs=no + if test "$link_all_deplibs" != no || test -z "$library_names" || + test "$build_libtool_libs" = no; then + linkalldeplibs=yes + fi + + tmp_libs= + for deplib in $dependency_libs; do + case $deplib in + -L*) func_stripname '-L' '' "$deplib" + func_resolve_sysroot "$func_stripname_result" + func_append newlib_search_path " $func_resolve_sysroot_result" + ;; + esac + # Need to link against all dependency_libs? + if test "$linkalldeplibs" = yes; then + deplibs="$deplib $deplibs" + else + # Need to hardcode shared library paths + # or/and link against static libraries + newdependency_libs="$deplib $newdependency_libs" + fi + if $opt_preserve_dup_deps ; then + case "$tmp_libs " in + *" $deplib "*) func_append specialdeplibs " $deplib" ;; + esac + fi + func_append tmp_libs " $deplib" + done # for deplib + continue + fi # $linkmode = prog... + + if test "$linkmode,$pass" = "prog,link"; then + if test -n "$library_names" && + { { test "$prefer_static_libs" = no || + test "$prefer_static_libs,$installed" = "built,yes"; } || + test -z "$old_library"; }; then + # We need to hardcode the library path + if test -n "$shlibpath_var" && test -z "$avoidtemprpath" ; then + # Make sure the rpath contains only unique directories. + case "$temp_rpath:" in + *"$absdir:"*) ;; + *) func_append temp_rpath "$absdir:" ;; + esac + fi + + # Hardcode the library path. + # Skip directories that are in the system default run-time + # search path. + case " $sys_lib_dlsearch_path " in + *" $absdir "*) ;; + *) + case "$compile_rpath " in + *" $absdir "*) ;; + *) func_append compile_rpath " $absdir" ;; + esac + ;; + esac + case " $sys_lib_dlsearch_path " in + *" $libdir "*) ;; + *) + case "$finalize_rpath " in + *" $libdir "*) ;; + *) func_append finalize_rpath " $libdir" ;; + esac + ;; + esac + fi # $linkmode,$pass = prog,link... + + if test "$alldeplibs" = yes && + { test "$deplibs_check_method" = pass_all || + { test "$build_libtool_libs" = yes && + test -n "$library_names"; }; }; then + # We only need to search for static libraries + continue + fi + fi + + link_static=no # Whether the deplib will be linked statically + use_static_libs=$prefer_static_libs + if test "$use_static_libs" = built && test "$installed" = yes; then + use_static_libs=no + fi + if test -n "$library_names" && + { test "$use_static_libs" = no || test -z "$old_library"; }; then + case $host in + *cygwin* | *mingw* | *cegcc*) + # No point in relinking DLLs because paths are not encoded + func_append notinst_deplibs " $lib" + need_relink=no + ;; + *) + if test "$installed" = no; then + func_append notinst_deplibs " $lib" + need_relink=yes + fi + ;; + esac + # This is a shared library + + # Warn about portability, can't link against -module's on some + # systems (darwin). Don't bleat about dlopened modules though! + dlopenmodule="" + for dlpremoduletest in $dlprefiles; do + if test "X$dlpremoduletest" = "X$lib"; then + dlopenmodule="$dlpremoduletest" + break + fi + done + if test -z "$dlopenmodule" && test "$shouldnotlink" = yes && test "$pass" = link; then + echo + if test "$linkmode" = prog; then + $ECHO "*** Warning: Linking the executable $output against the loadable module" + else + $ECHO "*** Warning: Linking the shared library $output against the loadable module" + fi + $ECHO "*** $linklib is not portable!" + fi + if test "$linkmode" = lib && + test "$hardcode_into_libs" = yes; then + # Hardcode the library path. + # Skip directories that are in the system default run-time + # search path. + case " $sys_lib_dlsearch_path " in + *" $absdir "*) ;; + *) + case "$compile_rpath " in + *" $absdir "*) ;; + *) func_append compile_rpath " $absdir" ;; + esac + ;; + esac + case " $sys_lib_dlsearch_path " in + *" $libdir "*) ;; + *) + case "$finalize_rpath " in + *" $libdir "*) ;; + *) func_append finalize_rpath " $libdir" ;; + esac + ;; + esac + fi + + if test -n "$old_archive_from_expsyms_cmds"; then + # figure out the soname + set dummy $library_names + shift + realname="$1" + shift + libname=`eval "\\$ECHO \"$libname_spec\""` + # use dlname if we got it. it's perfectly good, no? + if test -n "$dlname"; then + soname="$dlname" + elif test -n "$soname_spec"; then + # bleh windows + case $host in + *cygwin* | mingw* | *cegcc*) + func_arith $current - $age + major=$func_arith_result + versuffix="-$major" + ;; + esac + eval soname=\"$soname_spec\" + else + soname="$realname" + fi + + # Make a new name for the extract_expsyms_cmds to use + soroot="$soname" + func_basename "$soroot" + soname="$func_basename_result" + func_stripname 'lib' '.dll' "$soname" + newlib=libimp-$func_stripname_result.a + + # If the library has no export list, then create one now + if test -f "$output_objdir/$soname-def"; then : + else + func_verbose "extracting exported symbol list from \`$soname'" + func_execute_cmds "$extract_expsyms_cmds" 'exit $?' + fi + + # Create $newlib + if test -f "$output_objdir/$newlib"; then :; else + func_verbose "generating import library for \`$soname'" + func_execute_cmds "$old_archive_from_expsyms_cmds" 'exit $?' + fi + # make sure the library variables are pointing to the new library + dir=$output_objdir + linklib=$newlib + fi # test -n "$old_archive_from_expsyms_cmds" + + if test "$linkmode" = prog || test "$opt_mode" != relink; then + add_shlibpath= + add_dir= + add= + lib_linked=yes + case $hardcode_action in + immediate | unsupported) + if test "$hardcode_direct" = no; then + add="$dir/$linklib" + case $host in + *-*-sco3.2v5.0.[024]*) add_dir="-L$dir" ;; + *-*-sysv4*uw2*) add_dir="-L$dir" ;; + *-*-sysv5OpenUNIX* | *-*-sysv5UnixWare7.[01].[10]* | \ + *-*-unixware7*) add_dir="-L$dir" ;; + *-*-darwin* ) + # if the lib is a (non-dlopened) module then we can not + # link against it, someone is ignoring the earlier warnings + if /usr/bin/file -L $add 2> /dev/null | + $GREP ": [^:]* bundle" >/dev/null ; then + if test "X$dlopenmodule" != "X$lib"; then + $ECHO "*** Warning: lib $linklib is a module, not a shared library" + if test -z "$old_library" ; then + echo + echo "*** And there doesn't seem to be a static archive available" + echo "*** The link will probably fail, sorry" + else + add="$dir/$old_library" + fi + elif test -n "$old_library"; then + add="$dir/$old_library" + fi + fi + esac + elif test "$hardcode_minus_L" = no; then + case $host in + *-*-sunos*) add_shlibpath="$dir" ;; + esac + add_dir="-L$dir" + add="-l$name" + elif test "$hardcode_shlibpath_var" = no; then + add_shlibpath="$dir" + add="-l$name" + else + lib_linked=no + fi + ;; + relink) + if test "$hardcode_direct" = yes && + test "$hardcode_direct_absolute" = no; then + add="$dir/$linklib" + elif test "$hardcode_minus_L" = yes; then + add_dir="-L$absdir" + # Try looking first in the location we're being installed to. + if test -n "$inst_prefix_dir"; then + case $libdir in + [\\/]*) + func_append add_dir " -L$inst_prefix_dir$libdir" + ;; + esac + fi + add="-l$name" + elif test "$hardcode_shlibpath_var" = yes; then + add_shlibpath="$dir" + add="-l$name" + else + lib_linked=no + fi + ;; + *) lib_linked=no ;; + esac + + if test "$lib_linked" != yes; then + func_fatal_configuration "unsupported hardcode properties" + fi + + if test -n "$add_shlibpath"; then + case :$compile_shlibpath: in + *":$add_shlibpath:"*) ;; + *) func_append compile_shlibpath "$add_shlibpath:" ;; + esac + fi + if test "$linkmode" = prog; then + test -n "$add_dir" && compile_deplibs="$add_dir $compile_deplibs" + test -n "$add" && compile_deplibs="$add $compile_deplibs" + else + test -n "$add_dir" && deplibs="$add_dir $deplibs" + test -n "$add" && deplibs="$add $deplibs" + if test "$hardcode_direct" != yes && + test "$hardcode_minus_L" != yes && + test "$hardcode_shlibpath_var" = yes; then + case :$finalize_shlibpath: in + *":$libdir:"*) ;; + *) func_append finalize_shlibpath "$libdir:" ;; + esac + fi + fi + fi + + if test "$linkmode" = prog || test "$opt_mode" = relink; then + add_shlibpath= + add_dir= + add= + # Finalize command for both is simple: just hardcode it. + if test "$hardcode_direct" = yes && + test "$hardcode_direct_absolute" = no; then + add="$libdir/$linklib" + elif test "$hardcode_minus_L" = yes; then + add_dir="-L$libdir" + add="-l$name" + elif test "$hardcode_shlibpath_var" = yes; then + case :$finalize_shlibpath: in + *":$libdir:"*) ;; + *) func_append finalize_shlibpath "$libdir:" ;; + esac + add="-l$name" + elif test "$hardcode_automatic" = yes; then + if test -n "$inst_prefix_dir" && + test -f "$inst_prefix_dir$libdir/$linklib" ; then + add="$inst_prefix_dir$libdir/$linklib" + else + add="$libdir/$linklib" + fi + else + # We cannot seem to hardcode it, guess we'll fake it. + add_dir="-L$libdir" + # Try looking first in the location we're being installed to. + if test -n "$inst_prefix_dir"; then + case $libdir in + [\\/]*) + func_append add_dir " -L$inst_prefix_dir$libdir" + ;; + esac + fi + add="-l$name" + fi + + if test "$linkmode" = prog; then + test -n "$add_dir" && finalize_deplibs="$add_dir $finalize_deplibs" + test -n "$add" && finalize_deplibs="$add $finalize_deplibs" + else + test -n "$add_dir" && deplibs="$add_dir $deplibs" + test -n "$add" && deplibs="$add $deplibs" + fi + fi + elif test "$linkmode" = prog; then + # Here we assume that one of hardcode_direct or hardcode_minus_L + # is not unsupported. This is valid on all known static and + # shared platforms. + if test "$hardcode_direct" != unsupported; then + test -n "$old_library" && linklib="$old_library" + compile_deplibs="$dir/$linklib $compile_deplibs" + finalize_deplibs="$dir/$linklib $finalize_deplibs" + else + compile_deplibs="-l$name -L$dir $compile_deplibs" + finalize_deplibs="-l$name -L$dir $finalize_deplibs" + fi + elif test "$build_libtool_libs" = yes; then + # Not a shared library + if test "$deplibs_check_method" != pass_all; then + # We're trying link a shared library against a static one + # but the system doesn't support it. + + # Just print a warning and add the library to dependency_libs so + # that the program can be linked against the static library. + echo + $ECHO "*** Warning: This system can not link to static lib archive $lib." + echo "*** I have the capability to make that library automatically link in when" + echo "*** you link to this library. But I can only do this if you have a" + echo "*** shared version of the library, which you do not appear to have." + if test "$module" = yes; then + echo "*** But as you try to build a module library, libtool will still create " + echo "*** a static module, that should work as long as the dlopening application" + echo "*** is linked with the -dlopen flag to resolve symbols at runtime." + if test -z "$global_symbol_pipe"; then + echo + echo "*** However, this would only work if libtool was able to extract symbol" + echo "*** lists from a program, using \`nm' or equivalent, but libtool could" + echo "*** not find such a program. So, this module is probably useless." + echo "*** \`nm' from GNU binutils and a full rebuild may help." + fi + if test "$build_old_libs" = no; then + build_libtool_libs=module + build_old_libs=yes + else + build_libtool_libs=no + fi + fi + else + deplibs="$dir/$old_library $deplibs" + link_static=yes + fi + fi # link shared/static library? + + if test "$linkmode" = lib; then + if test -n "$dependency_libs" && + { test "$hardcode_into_libs" != yes || + test "$build_old_libs" = yes || + test "$link_static" = yes; }; then + # Extract -R from dependency_libs + temp_deplibs= + for libdir in $dependency_libs; do + case $libdir in + -R*) func_stripname '-R' '' "$libdir" + temp_xrpath=$func_stripname_result + case " $xrpath " in + *" $temp_xrpath "*) ;; + *) func_append xrpath " $temp_xrpath";; + esac;; + *) func_append temp_deplibs " $libdir";; + esac + done + dependency_libs="$temp_deplibs" + fi + + func_append newlib_search_path " $absdir" + # Link against this library + test "$link_static" = no && newdependency_libs="$abs_ladir/$laname $newdependency_libs" + # ... and its dependency_libs + tmp_libs= + for deplib in $dependency_libs; do + newdependency_libs="$deplib $newdependency_libs" + case $deplib in + -L*) func_stripname '-L' '' "$deplib" + func_resolve_sysroot "$func_stripname_result";; + *) func_resolve_sysroot "$deplib" ;; + esac + if $opt_preserve_dup_deps ; then + case "$tmp_libs " in + *" $func_resolve_sysroot_result "*) + func_append specialdeplibs " $func_resolve_sysroot_result" ;; + esac + fi + func_append tmp_libs " $func_resolve_sysroot_result" + done + + if test "$link_all_deplibs" != no; then + # Add the search paths of all dependency libraries + for deplib in $dependency_libs; do + path= + case $deplib in + -L*) path="$deplib" ;; + *.la) + func_resolve_sysroot "$deplib" + deplib=$func_resolve_sysroot_result + func_dirname "$deplib" "" "." + dir=$func_dirname_result + # We need an absolute path. + case $dir in + [\\/]* | [A-Za-z]:[\\/]*) absdir="$dir" ;; + *) + absdir=`cd "$dir" && pwd` + if test -z "$absdir"; then + func_warning "cannot determine absolute directory name of \`$dir'" + absdir="$dir" + fi + ;; + esac + if $GREP "^installed=no" $deplib > /dev/null; then + case $host in + *-*-darwin*) + depdepl= + eval deplibrary_names=`${SED} -n -e 's/^library_names=\(.*\)$/\1/p' $deplib` + if test -n "$deplibrary_names" ; then + for tmp in $deplibrary_names ; do + depdepl=$tmp + done + if test -f "$absdir/$objdir/$depdepl" ; then + depdepl="$absdir/$objdir/$depdepl" + darwin_install_name=`${OTOOL} -L $depdepl | awk '{if (NR == 2) {print $1;exit}}'` + if test -z "$darwin_install_name"; then + darwin_install_name=`${OTOOL64} -L $depdepl | awk '{if (NR == 2) {print $1;exit}}'` + fi + func_append compiler_flags " ${wl}-dylib_file ${wl}${darwin_install_name}:${depdepl}" + func_append linker_flags " -dylib_file ${darwin_install_name}:${depdepl}" + path= + fi + fi + ;; + *) + path="-L$absdir/$objdir" + ;; + esac + else + eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $deplib` + test -z "$libdir" && \ + func_fatal_error "\`$deplib' is not a valid libtool archive" + test "$absdir" != "$libdir" && \ + func_warning "\`$deplib' seems to be moved" + + path="-L$absdir" + fi + ;; + esac + case " $deplibs " in + *" $path "*) ;; + *) deplibs="$path $deplibs" ;; + esac + done + fi # link_all_deplibs != no + fi # linkmode = lib + done # for deplib in $libs + if test "$pass" = link; then + if test "$linkmode" = "prog"; then + compile_deplibs="$new_inherited_linker_flags $compile_deplibs" + finalize_deplibs="$new_inherited_linker_flags $finalize_deplibs" + else + compiler_flags="$compiler_flags "`$ECHO " $new_inherited_linker_flags" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'` + fi + fi + dependency_libs="$newdependency_libs" + if test "$pass" = dlpreopen; then + # Link the dlpreopened libraries before other libraries + for deplib in $save_deplibs; do + deplibs="$deplib $deplibs" + done + fi + if test "$pass" != dlopen; then + if test "$pass" != conv; then + # Make sure lib_search_path contains only unique directories. + lib_search_path= + for dir in $newlib_search_path; do + case "$lib_search_path " in + *" $dir "*) ;; + *) func_append lib_search_path " $dir" ;; + esac + done + newlib_search_path= + fi + + if test "$linkmode,$pass" != "prog,link"; then + vars="deplibs" + else + vars="compile_deplibs finalize_deplibs" + fi + for var in $vars dependency_libs; do + # Add libraries to $var in reverse order + eval tmp_libs=\"\$$var\" + new_libs= + for deplib in $tmp_libs; do + # FIXME: Pedantically, this is the right thing to do, so + # that some nasty dependency loop isn't accidentally + # broken: + #new_libs="$deplib $new_libs" + # Pragmatically, this seems to cause very few problems in + # practice: + case $deplib in + -L*) new_libs="$deplib $new_libs" ;; + -R*) ;; + *) + # And here is the reason: when a library appears more + # than once as an explicit dependence of a library, or + # is implicitly linked in more than once by the + # compiler, it is considered special, and multiple + # occurrences thereof are not removed. Compare this + # with having the same library being listed as a + # dependency of multiple other libraries: in this case, + # we know (pedantically, we assume) the library does not + # need to be listed more than once, so we keep only the + # last copy. This is not always right, but it is rare + # enough that we require users that really mean to play + # such unportable linking tricks to link the library + # using -Wl,-lname, so that libtool does not consider it + # for duplicate removal. + case " $specialdeplibs " in + *" $deplib "*) new_libs="$deplib $new_libs" ;; + *) + case " $new_libs " in + *" $deplib "*) ;; + *) new_libs="$deplib $new_libs" ;; + esac + ;; + esac + ;; + esac + done + tmp_libs= + for deplib in $new_libs; do + case $deplib in + -L*) + case " $tmp_libs " in + *" $deplib "*) ;; + *) func_append tmp_libs " $deplib" ;; + esac + ;; + *) func_append tmp_libs " $deplib" ;; + esac + done + eval $var=\"$tmp_libs\" + done # for var + fi + # Last step: remove runtime libs from dependency_libs + # (they stay in deplibs) + tmp_libs= + for i in $dependency_libs ; do + case " $predeps $postdeps $compiler_lib_search_path " in + *" $i "*) + i="" + ;; + esac + if test -n "$i" ; then + func_append tmp_libs " $i" + fi + done + dependency_libs=$tmp_libs + done # for pass + if test "$linkmode" = prog; then + dlfiles="$newdlfiles" + fi + if test "$linkmode" = prog || test "$linkmode" = lib; then + dlprefiles="$newdlprefiles" + fi + + case $linkmode in + oldlib) + if test -n "$dlfiles$dlprefiles" || test "$dlself" != no; then + func_warning "\`-dlopen' is ignored for archives" + fi + + case " $deplibs" in + *\ -l* | *\ -L*) + func_warning "\`-l' and \`-L' are ignored for archives" ;; + esac + + test -n "$rpath" && \ + func_warning "\`-rpath' is ignored for archives" + + test -n "$xrpath" && \ + func_warning "\`-R' is ignored for archives" + + test -n "$vinfo" && \ + func_warning "\`-version-info/-version-number' is ignored for archives" + + test -n "$release" && \ + func_warning "\`-release' is ignored for archives" + + test -n "$export_symbols$export_symbols_regex" && \ + func_warning "\`-export-symbols' is ignored for archives" + + # Now set the variables for building old libraries. + build_libtool_libs=no + oldlibs="$output" + func_append objs "$old_deplibs" + ;; + + lib) + # Make sure we only generate libraries of the form `libNAME.la'. + case $outputname in + lib*) + func_stripname 'lib' '.la' "$outputname" + name=$func_stripname_result + eval shared_ext=\"$shrext_cmds\" + eval libname=\"$libname_spec\" + ;; + *) + test "$module" = no && \ + func_fatal_help "libtool library \`$output' must begin with \`lib'" + + if test "$need_lib_prefix" != no; then + # Add the "lib" prefix for modules if required + func_stripname '' '.la' "$outputname" + name=$func_stripname_result + eval shared_ext=\"$shrext_cmds\" + eval libname=\"$libname_spec\" + else + func_stripname '' '.la' "$outputname" + libname=$func_stripname_result + fi + ;; + esac + + if test -n "$objs"; then + if test "$deplibs_check_method" != pass_all; then + func_fatal_error "cannot build libtool library \`$output' from non-libtool objects on this host:$objs" + else + echo + $ECHO "*** Warning: Linking the shared library $output against the non-libtool" + $ECHO "*** objects $objs is not portable!" + func_append libobjs " $objs" + fi + fi + + test "$dlself" != no && \ + func_warning "\`-dlopen self' is ignored for libtool libraries" + + set dummy $rpath + shift + test "$#" -gt 1 && \ + func_warning "ignoring multiple \`-rpath's for a libtool library" + + install_libdir="$1" + + oldlibs= + if test -z "$rpath"; then + if test "$build_libtool_libs" = yes; then + # Building a libtool convenience library. + # Some compilers have problems with a `.al' extension so + # convenience libraries should have the same extension an + # archive normally would. + oldlibs="$output_objdir/$libname.$libext $oldlibs" + build_libtool_libs=convenience + build_old_libs=yes + fi + + test -n "$vinfo" && \ + func_warning "\`-version-info/-version-number' is ignored for convenience libraries" + + test -n "$release" && \ + func_warning "\`-release' is ignored for convenience libraries" + else + + # Parse the version information argument. + save_ifs="$IFS"; IFS=':' + set dummy $vinfo 0 0 0 + shift + IFS="$save_ifs" + + test -n "$7" && \ + func_fatal_help "too many parameters to \`-version-info'" + + # convert absolute version numbers to libtool ages + # this retains compatibility with .la files and attempts + # to make the code below a bit more comprehensible + + case $vinfo_number in + yes) + number_major="$1" + number_minor="$2" + number_revision="$3" + # + # There are really only two kinds -- those that + # use the current revision as the major version + # and those that subtract age and use age as + # a minor version. But, then there is irix + # which has an extra 1 added just for fun + # + case $version_type in + # correct linux to gnu/linux during the next big refactor + darwin|linux|osf|windows|none) + func_arith $number_major + $number_minor + current=$func_arith_result + age="$number_minor" + revision="$number_revision" + ;; + freebsd-aout|freebsd-elf|qnx|sunos) + current="$number_major" + revision="$number_minor" + age="0" + ;; + irix|nonstopux) + func_arith $number_major + $number_minor + current=$func_arith_result + age="$number_minor" + revision="$number_minor" + lt_irix_increment=no + ;; + esac + ;; + no) + current="$1" + revision="$2" + age="$3" + ;; + esac + + # Check that each of the things are valid numbers. + case $current in + 0|[1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-9][0-9][0-9][0-9][0-9]) ;; + *) + func_error "CURRENT \`$current' must be a nonnegative integer" + func_fatal_error "\`$vinfo' is not valid version information" + ;; + esac + + case $revision in + 0|[1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-9][0-9][0-9][0-9][0-9]) ;; + *) + func_error "REVISION \`$revision' must be a nonnegative integer" + func_fatal_error "\`$vinfo' is not valid version information" + ;; + esac + + case $age in + 0|[1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-9][0-9][0-9][0-9][0-9]) ;; + *) + func_error "AGE \`$age' must be a nonnegative integer" + func_fatal_error "\`$vinfo' is not valid version information" + ;; + esac + + if test "$age" -gt "$current"; then + func_error "AGE \`$age' is greater than the current interface number \`$current'" + func_fatal_error "\`$vinfo' is not valid version information" + fi + + # Calculate the version variables. + major= + versuffix= + verstring= + case $version_type in + none) ;; + + darwin) + # Like Linux, but with the current version available in + # verstring for coding it into the library header + func_arith $current - $age + major=.$func_arith_result + versuffix="$major.$age.$revision" + # Darwin ld doesn't like 0 for these options... + func_arith $current + 1 + minor_current=$func_arith_result + xlcverstring="${wl}-compatibility_version ${wl}$minor_current ${wl}-current_version ${wl}$minor_current.$revision" + verstring="-compatibility_version $minor_current -current_version $minor_current.$revision" + ;; + + freebsd-aout) + major=".$current" + versuffix=".$current.$revision"; + ;; + + freebsd-elf) + major=".$current" + versuffix=".$current" + ;; + + irix | nonstopux) + if test "X$lt_irix_increment" = "Xno"; then + func_arith $current - $age + else + func_arith $current - $age + 1 + fi + major=$func_arith_result + + case $version_type in + nonstopux) verstring_prefix=nonstopux ;; + *) verstring_prefix=sgi ;; + esac + verstring="$verstring_prefix$major.$revision" + + # Add in all the interfaces that we are compatible with. + loop=$revision + while test "$loop" -ne 0; do + func_arith $revision - $loop + iface=$func_arith_result + func_arith $loop - 1 + loop=$func_arith_result + verstring="$verstring_prefix$major.$iface:$verstring" + done + + # Before this point, $major must not contain `.'. + major=.$major + versuffix="$major.$revision" + ;; + + linux) # correct to gnu/linux during the next big refactor + func_arith $current - $age + major=.$func_arith_result + versuffix="$major.$age.$revision" + ;; + + osf) + func_arith $current - $age + major=.$func_arith_result + versuffix=".$current.$age.$revision" + verstring="$current.$age.$revision" + + # Add in all the interfaces that we are compatible with. + loop=$age + while test "$loop" -ne 0; do + func_arith $current - $loop + iface=$func_arith_result + func_arith $loop - 1 + loop=$func_arith_result + verstring="$verstring:${iface}.0" + done + + # Make executables depend on our current version. + func_append verstring ":${current}.0" + ;; + + qnx) + major=".$current" + versuffix=".$current" + ;; + + sunos) + major=".$current" + versuffix=".$current.$revision" + ;; + + windows) + # Use '-' rather than '.', since we only want one + # extension on DOS 8.3 filesystems. + func_arith $current - $age + major=$func_arith_result + versuffix="-$major" + ;; + + *) + func_fatal_configuration "unknown library version type \`$version_type'" + ;; + esac + + # Clear the version info if we defaulted, and they specified a release. + if test -z "$vinfo" && test -n "$release"; then + major= + case $version_type in + darwin) + # we can't check for "0.0" in archive_cmds due to quoting + # problems, so we reset it completely + verstring= + ;; + *) + verstring="0.0" + ;; + esac + if test "$need_version" = no; then + versuffix= + else + versuffix=".0.0" + fi + fi + + # Remove version info from name if versioning should be avoided + if test "$avoid_version" = yes && test "$need_version" = no; then + major= + versuffix= + verstring="" + fi + + # Check to see if the archive will have undefined symbols. + if test "$allow_undefined" = yes; then + if test "$allow_undefined_flag" = unsupported; then + func_warning "undefined symbols not allowed in $host shared libraries" + build_libtool_libs=no + build_old_libs=yes + fi + else + # Don't allow undefined symbols. + allow_undefined_flag="$no_undefined_flag" + fi + + fi + + func_generate_dlsyms "$libname" "$libname" "yes" + func_append libobjs " $symfileobj" + test "X$libobjs" = "X " && libobjs= + + if test "$opt_mode" != relink; then + # Remove our outputs, but don't remove object files since they + # may have been created when compiling PIC objects. + removelist= + tempremovelist=`$ECHO "$output_objdir/*"` + for p in $tempremovelist; do + case $p in + *.$objext | *.gcno) + ;; + $output_objdir/$outputname | $output_objdir/$libname.* | $output_objdir/${libname}${release}.*) + if test "X$precious_files_regex" != "X"; then + if $ECHO "$p" | $EGREP -e "$precious_files_regex" >/dev/null 2>&1 + then + continue + fi + fi + func_append removelist " $p" + ;; + *) ;; + esac + done + test -n "$removelist" && \ + func_show_eval "${RM}r \$removelist" + fi + + # Now set the variables for building old libraries. + if test "$build_old_libs" = yes && test "$build_libtool_libs" != convenience ; then + func_append oldlibs " $output_objdir/$libname.$libext" + + # Transform .lo files to .o files. + oldobjs="$objs "`$ECHO "$libobjs" | $SP2NL | $SED "/\.${libext}$/d; $lo2o" | $NL2SP` + fi + + # Eliminate all temporary directories. + #for path in $notinst_path; do + # lib_search_path=`$ECHO "$lib_search_path " | $SED "s% $path % %g"` + # deplibs=`$ECHO "$deplibs " | $SED "s% -L$path % %g"` + # dependency_libs=`$ECHO "$dependency_libs " | $SED "s% -L$path % %g"` + #done + + if test -n "$xrpath"; then + # If the user specified any rpath flags, then add them. + temp_xrpath= + for libdir in $xrpath; do + func_replace_sysroot "$libdir" + func_append temp_xrpath " -R$func_replace_sysroot_result" + case "$finalize_rpath " in + *" $libdir "*) ;; + *) func_append finalize_rpath " $libdir" ;; + esac + done + if test "$hardcode_into_libs" != yes || test "$build_old_libs" = yes; then + dependency_libs="$temp_xrpath $dependency_libs" + fi + fi + + # Make sure dlfiles contains only unique files that won't be dlpreopened + old_dlfiles="$dlfiles" + dlfiles= + for lib in $old_dlfiles; do + case " $dlprefiles $dlfiles " in + *" $lib "*) ;; + *) func_append dlfiles " $lib" ;; + esac + done + + # Make sure dlprefiles contains only unique files + old_dlprefiles="$dlprefiles" + dlprefiles= + for lib in $old_dlprefiles; do + case "$dlprefiles " in + *" $lib "*) ;; + *) func_append dlprefiles " $lib" ;; + esac + done + + if test "$build_libtool_libs" = yes; then + if test -n "$rpath"; then + case $host in + *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-*-beos* | *-cegcc* | *-*-haiku*) + # these systems don't actually have a c library (as such)! + ;; + *-*-rhapsody* | *-*-darwin1.[012]) + # Rhapsody C library is in the System framework + func_append deplibs " System.ltframework" + ;; + *-*-netbsd*) + # Don't link with libc until the a.out ld.so is fixed. + ;; + *-*-openbsd* | *-*-freebsd* | *-*-dragonfly*) + # Do not include libc due to us having libc/libc_r. + ;; + *-*-sco3.2v5* | *-*-sco5v6*) + # Causes problems with __ctype + ;; + *-*-sysv4.2uw2* | *-*-sysv5* | *-*-unixware* | *-*-OpenUNIX*) + # Compiler inserts libc in the correct place for threads to work + ;; + *) + # Add libc to deplibs on all other systems if necessary. + if test "$build_libtool_need_lc" = "yes"; then + func_append deplibs " -lc" + fi + ;; + esac + fi + + # Transform deplibs into only deplibs that can be linked in shared. + name_save=$name + libname_save=$libname + release_save=$release + versuffix_save=$versuffix + major_save=$major + # I'm not sure if I'm treating the release correctly. I think + # release should show up in the -l (ie -lgmp5) so we don't want to + # add it in twice. Is that correct? + release="" + versuffix="" + major="" + newdeplibs= + droppeddeps=no + case $deplibs_check_method in + pass_all) + # Don't check for shared/static. Everything works. + # This might be a little naive. We might want to check + # whether the library exists or not. But this is on + # osf3 & osf4 and I'm not really sure... Just + # implementing what was already the behavior. + newdeplibs=$deplibs + ;; + test_compile) + # This code stresses the "libraries are programs" paradigm to its + # limits. Maybe even breaks it. We compile a program, linking it + # against the deplibs as a proxy for the library. Then we can check + # whether they linked in statically or dynamically with ldd. + $opt_dry_run || $RM conftest.c + cat > conftest.c </dev/null` + $nocaseglob + else + potential_libs=`ls $i/$libnameglob[.-]* 2>/dev/null` + fi + for potent_lib in $potential_libs; do + # Follow soft links. + if ls -lLd "$potent_lib" 2>/dev/null | + $GREP " -> " >/dev/null; then + continue + fi + # The statement above tries to avoid entering an + # endless loop below, in case of cyclic links. + # We might still enter an endless loop, since a link + # loop can be closed while we follow links, + # but so what? + potlib="$potent_lib" + while test -h "$potlib" 2>/dev/null; do + potliblink=`ls -ld $potlib | ${SED} 's/.* -> //'` + case $potliblink in + [\\/]* | [A-Za-z]:[\\/]*) potlib="$potliblink";; + *) potlib=`$ECHO "$potlib" | $SED 's,[^/]*$,,'`"$potliblink";; + esac + done + if eval $file_magic_cmd \"\$potlib\" 2>/dev/null | + $SED -e 10q | + $EGREP "$file_magic_regex" > /dev/null; then + func_append newdeplibs " $a_deplib" + a_deplib="" + break 2 + fi + done + done + fi + if test -n "$a_deplib" ; then + droppeddeps=yes + echo + $ECHO "*** Warning: linker path does not have real file for library $a_deplib." + echo "*** I have the capability to make that library automatically link in when" + echo "*** you link to this library. But I can only do this if you have a" + echo "*** shared version of the library, which you do not appear to have" + echo "*** because I did check the linker path looking for a file starting" + if test -z "$potlib" ; then + $ECHO "*** with $libname but no candidates were found. (...for file magic test)" + else + $ECHO "*** with $libname and none of the candidates passed a file format test" + $ECHO "*** using a file magic. Last file checked: $potlib" + fi + fi + ;; + *) + # Add a -L argument. + func_append newdeplibs " $a_deplib" + ;; + esac + done # Gone through all deplibs. + ;; + match_pattern*) + set dummy $deplibs_check_method; shift + match_pattern_regex=`expr "$deplibs_check_method" : "$1 \(.*\)"` + for a_deplib in $deplibs; do + case $a_deplib in + -l*) + func_stripname -l '' "$a_deplib" + name=$func_stripname_result + if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then + case " $predeps $postdeps " in + *" $a_deplib "*) + func_append newdeplibs " $a_deplib" + a_deplib="" + ;; + esac + fi + if test -n "$a_deplib" ; then + libname=`eval "\\$ECHO \"$libname_spec\""` + for i in $lib_search_path $sys_lib_search_path $shlib_search_path; do + potential_libs=`ls $i/$libname[.-]* 2>/dev/null` + for potent_lib in $potential_libs; do + potlib="$potent_lib" # see symlink-check above in file_magic test + if eval "\$ECHO \"$potent_lib\"" 2>/dev/null | $SED 10q | \ + $EGREP "$match_pattern_regex" > /dev/null; then + func_append newdeplibs " $a_deplib" + a_deplib="" + break 2 + fi + done + done + fi + if test -n "$a_deplib" ; then + droppeddeps=yes + echo + $ECHO "*** Warning: linker path does not have real file for library $a_deplib." + echo "*** I have the capability to make that library automatically link in when" + echo "*** you link to this library. But I can only do this if you have a" + echo "*** shared version of the library, which you do not appear to have" + echo "*** because I did check the linker path looking for a file starting" + if test -z "$potlib" ; then + $ECHO "*** with $libname but no candidates were found. (...for regex pattern test)" + else + $ECHO "*** with $libname and none of the candidates passed a file format test" + $ECHO "*** using a regex pattern. Last file checked: $potlib" + fi + fi + ;; + *) + # Add a -L argument. + func_append newdeplibs " $a_deplib" + ;; + esac + done # Gone through all deplibs. + ;; + none | unknown | *) + newdeplibs="" + tmp_deplibs=`$ECHO " $deplibs" | $SED 's/ -lc$//; s/ -[LR][^ ]*//g'` + if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then + for i in $predeps $postdeps ; do + # can't use Xsed below, because $i might contain '/' + tmp_deplibs=`$ECHO " $tmp_deplibs" | $SED "s,$i,,"` + done + fi + case $tmp_deplibs in + *[!\ \ ]*) + echo + if test "X$deplibs_check_method" = "Xnone"; then + echo "*** Warning: inter-library dependencies are not supported in this platform." + else + echo "*** Warning: inter-library dependencies are not known to be supported." + fi + echo "*** All declared inter-library dependencies are being dropped." + droppeddeps=yes + ;; + esac + ;; + esac + versuffix=$versuffix_save + major=$major_save + release=$release_save + libname=$libname_save + name=$name_save + + case $host in + *-*-rhapsody* | *-*-darwin1.[012]) + # On Rhapsody replace the C library with the System framework + newdeplibs=`$ECHO " $newdeplibs" | $SED 's/ -lc / System.ltframework /'` + ;; + esac + + if test "$droppeddeps" = yes; then + if test "$module" = yes; then + echo + echo "*** Warning: libtool could not satisfy all declared inter-library" + $ECHO "*** dependencies of module $libname. Therefore, libtool will create" + echo "*** a static module, that should work as long as the dlopening" + echo "*** application is linked with the -dlopen flag." + if test -z "$global_symbol_pipe"; then + echo + echo "*** However, this would only work if libtool was able to extract symbol" + echo "*** lists from a program, using \`nm' or equivalent, but libtool could" + echo "*** not find such a program. So, this module is probably useless." + echo "*** \`nm' from GNU binutils and a full rebuild may help." + fi + if test "$build_old_libs" = no; then + oldlibs="$output_objdir/$libname.$libext" + build_libtool_libs=module + build_old_libs=yes + else + build_libtool_libs=no + fi + else + echo "*** The inter-library dependencies that have been dropped here will be" + echo "*** automatically added whenever a program is linked with this library" + echo "*** or is declared to -dlopen it." + + if test "$allow_undefined" = no; then + echo + echo "*** Since this library must not contain undefined symbols," + echo "*** because either the platform does not support them or" + echo "*** it was explicitly requested with -no-undefined," + echo "*** libtool will only create a static version of it." + if test "$build_old_libs" = no; then + oldlibs="$output_objdir/$libname.$libext" + build_libtool_libs=module + build_old_libs=yes + else + build_libtool_libs=no + fi + fi + fi + fi + # Done checking deplibs! + deplibs=$newdeplibs + fi + # Time to change all our "foo.ltframework" stuff back to "-framework foo" + case $host in + *-*-darwin*) + newdeplibs=`$ECHO " $newdeplibs" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'` + new_inherited_linker_flags=`$ECHO " $new_inherited_linker_flags" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'` + deplibs=`$ECHO " $deplibs" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'` + ;; + esac + + # move library search paths that coincide with paths to not yet + # installed libraries to the beginning of the library search list + new_libs= + for path in $notinst_path; do + case " $new_libs " in + *" -L$path/$objdir "*) ;; + *) + case " $deplibs " in + *" -L$path/$objdir "*) + func_append new_libs " -L$path/$objdir" ;; + esac + ;; + esac + done + for deplib in $deplibs; do + case $deplib in + -L*) + case " $new_libs " in + *" $deplib "*) ;; + *) func_append new_libs " $deplib" ;; + esac + ;; + *) func_append new_libs " $deplib" ;; + esac + done + deplibs="$new_libs" + + # All the library-specific variables (install_libdir is set above). + library_names= + old_library= + dlname= + + # Test again, we may have decided not to build it any more + if test "$build_libtool_libs" = yes; then + # Remove ${wl} instances when linking with ld. + # FIXME: should test the right _cmds variable. + case $archive_cmds in + *\$LD\ *) wl= ;; + esac + if test "$hardcode_into_libs" = yes; then + # Hardcode the library paths + hardcode_libdirs= + dep_rpath= + rpath="$finalize_rpath" + test "$opt_mode" != relink && rpath="$compile_rpath$rpath" + for libdir in $rpath; do + if test -n "$hardcode_libdir_flag_spec"; then + if test -n "$hardcode_libdir_separator"; then + func_replace_sysroot "$libdir" + libdir=$func_replace_sysroot_result + if test -z "$hardcode_libdirs"; then + hardcode_libdirs="$libdir" + else + # Just accumulate the unique libdirs. + case $hardcode_libdir_separator$hardcode_libdirs$hardcode_libdir_separator in + *"$hardcode_libdir_separator$libdir$hardcode_libdir_separator"*) + ;; + *) + func_append hardcode_libdirs "$hardcode_libdir_separator$libdir" + ;; + esac + fi + else + eval flag=\"$hardcode_libdir_flag_spec\" + func_append dep_rpath " $flag" + fi + elif test -n "$runpath_var"; then + case "$perm_rpath " in + *" $libdir "*) ;; + *) func_append perm_rpath " $libdir" ;; + esac + fi + done + # Substitute the hardcoded libdirs into the rpath. + if test -n "$hardcode_libdir_separator" && + test -n "$hardcode_libdirs"; then + libdir="$hardcode_libdirs" + eval "dep_rpath=\"$hardcode_libdir_flag_spec\"" + fi + if test -n "$runpath_var" && test -n "$perm_rpath"; then + # We should set the runpath_var. + rpath= + for dir in $perm_rpath; do + func_append rpath "$dir:" + done + eval "$runpath_var='$rpath\$$runpath_var'; export $runpath_var" + fi + test -n "$dep_rpath" && deplibs="$dep_rpath $deplibs" + fi + + shlibpath="$finalize_shlibpath" + test "$opt_mode" != relink && shlibpath="$compile_shlibpath$shlibpath" + if test -n "$shlibpath"; then + eval "$shlibpath_var='$shlibpath\$$shlibpath_var'; export $shlibpath_var" + fi + + # Get the real and link names of the library. + eval shared_ext=\"$shrext_cmds\" + eval library_names=\"$library_names_spec\" + set dummy $library_names + shift + realname="$1" + shift + + if test -n "$soname_spec"; then + eval soname=\"$soname_spec\" + else + soname="$realname" + fi + if test -z "$dlname"; then + dlname=$soname + fi + + lib="$output_objdir/$realname" + linknames= + for link + do + func_append linknames " $link" + done + + # Use standard objects if they are pic + test -z "$pic_flag" && libobjs=`$ECHO "$libobjs" | $SP2NL | $SED "$lo2o" | $NL2SP` + test "X$libobjs" = "X " && libobjs= + + delfiles= + if test -n "$export_symbols" && test -n "$include_expsyms"; then + $opt_dry_run || cp "$export_symbols" "$output_objdir/$libname.uexp" + export_symbols="$output_objdir/$libname.uexp" + func_append delfiles " $export_symbols" + fi + + orig_export_symbols= + case $host_os in + cygwin* | mingw* | cegcc*) + if test -n "$export_symbols" && test -z "$export_symbols_regex"; then + # exporting using user supplied symfile + if test "x`$SED 1q $export_symbols`" != xEXPORTS; then + # and it's NOT already a .def file. Must figure out + # which of the given symbols are data symbols and tag + # them as such. So, trigger use of export_symbols_cmds. + # export_symbols gets reassigned inside the "prepare + # the list of exported symbols" if statement, so the + # include_expsyms logic still works. + orig_export_symbols="$export_symbols" + export_symbols= + always_export_symbols=yes + fi + fi + ;; + esac + + # Prepare the list of exported symbols + if test -z "$export_symbols"; then + if test "$always_export_symbols" = yes || test -n "$export_symbols_regex"; then + func_verbose "generating symbol list for \`$libname.la'" + export_symbols="$output_objdir/$libname.exp" + $opt_dry_run || $RM $export_symbols + cmds=$export_symbols_cmds + save_ifs="$IFS"; IFS='~' + for cmd1 in $cmds; do + IFS="$save_ifs" + # Take the normal branch if the nm_file_list_spec branch + # doesn't work or if tool conversion is not needed. + case $nm_file_list_spec~$to_tool_file_cmd in + *~func_convert_file_noop | *~func_convert_file_msys_to_w32 | ~*) + try_normal_branch=yes + eval cmd=\"$cmd1\" + func_len " $cmd" + len=$func_len_result + ;; + *) + try_normal_branch=no + ;; + esac + if test "$try_normal_branch" = yes \ + && { test "$len" -lt "$max_cmd_len" \ + || test "$max_cmd_len" -le -1; } + then + func_show_eval "$cmd" 'exit $?' + skipped_export=false + elif test -n "$nm_file_list_spec"; then + func_basename "$output" + output_la=$func_basename_result + save_libobjs=$libobjs + save_output=$output + output=${output_objdir}/${output_la}.nm + func_to_tool_file "$output" + libobjs=$nm_file_list_spec$func_to_tool_file_result + func_append delfiles " $output" + func_verbose "creating $NM input file list: $output" + for obj in $save_libobjs; do + func_to_tool_file "$obj" + $ECHO "$func_to_tool_file_result" + done > "$output" + eval cmd=\"$cmd1\" + func_show_eval "$cmd" 'exit $?' + output=$save_output + libobjs=$save_libobjs + skipped_export=false + else + # The command line is too long to execute in one step. + func_verbose "using reloadable object file for export list..." + skipped_export=: + # Break out early, otherwise skipped_export may be + # set to false by a later but shorter cmd. + break + fi + done + IFS="$save_ifs" + if test -n "$export_symbols_regex" && test "X$skipped_export" != "X:"; then + func_show_eval '$EGREP -e "$export_symbols_regex" "$export_symbols" > "${export_symbols}T"' + func_show_eval '$MV "${export_symbols}T" "$export_symbols"' + fi + fi + fi + + if test -n "$export_symbols" && test -n "$include_expsyms"; then + tmp_export_symbols="$export_symbols" + test -n "$orig_export_symbols" && tmp_export_symbols="$orig_export_symbols" + $opt_dry_run || eval '$ECHO "$include_expsyms" | $SP2NL >> "$tmp_export_symbols"' + fi + + if test "X$skipped_export" != "X:" && test -n "$orig_export_symbols"; then + # The given exports_symbols file has to be filtered, so filter it. + func_verbose "filter symbol list for \`$libname.la' to tag DATA exports" + # FIXME: $output_objdir/$libname.filter potentially contains lots of + # 's' commands which not all seds can handle. GNU sed should be fine + # though. Also, the filter scales superlinearly with the number of + # global variables. join(1) would be nice here, but unfortunately + # isn't a blessed tool. + $opt_dry_run || $SED -e '/[ ,]DATA/!d;s,\(.*\)\([ \,].*\),s|^\1$|\1\2|,' < $export_symbols > $output_objdir/$libname.filter + func_append delfiles " $export_symbols $output_objdir/$libname.filter" + export_symbols=$output_objdir/$libname.def + $opt_dry_run || $SED -f $output_objdir/$libname.filter < $orig_export_symbols > $export_symbols + fi + + tmp_deplibs= + for test_deplib in $deplibs; do + case " $convenience " in + *" $test_deplib "*) ;; + *) + func_append tmp_deplibs " $test_deplib" + ;; + esac + done + deplibs="$tmp_deplibs" + + if test -n "$convenience"; then + if test -n "$whole_archive_flag_spec" && + test "$compiler_needs_object" = yes && + test -z "$libobjs"; then + # extract the archives, so we have objects to list. + # TODO: could optimize this to just extract one archive. + whole_archive_flag_spec= + fi + if test -n "$whole_archive_flag_spec"; then + save_libobjs=$libobjs + eval libobjs=\"\$libobjs $whole_archive_flag_spec\" + test "X$libobjs" = "X " && libobjs= + else + gentop="$output_objdir/${outputname}x" + func_append generated " $gentop" + + func_extract_archives $gentop $convenience + func_append libobjs " $func_extract_archives_result" + test "X$libobjs" = "X " && libobjs= + fi + fi + + if test "$thread_safe" = yes && test -n "$thread_safe_flag_spec"; then + eval flag=\"$thread_safe_flag_spec\" + func_append linker_flags " $flag" + fi + + # Make a backup of the uninstalled library when relinking + if test "$opt_mode" = relink; then + $opt_dry_run || eval '(cd $output_objdir && $RM ${realname}U && $MV $realname ${realname}U)' || exit $? + fi + + # Do each of the archive commands. + if test "$module" = yes && test -n "$module_cmds" ; then + if test -n "$export_symbols" && test -n "$module_expsym_cmds"; then + eval test_cmds=\"$module_expsym_cmds\" + cmds=$module_expsym_cmds + else + eval test_cmds=\"$module_cmds\" + cmds=$module_cmds + fi + else + if test -n "$export_symbols" && test -n "$archive_expsym_cmds"; then + eval test_cmds=\"$archive_expsym_cmds\" + cmds=$archive_expsym_cmds + else + eval test_cmds=\"$archive_cmds\" + cmds=$archive_cmds + fi + fi + + if test "X$skipped_export" != "X:" && + func_len " $test_cmds" && + len=$func_len_result && + test "$len" -lt "$max_cmd_len" || test "$max_cmd_len" -le -1; then + : + else + # The command line is too long to link in one step, link piecewise + # or, if using GNU ld and skipped_export is not :, use a linker + # script. + + # Save the value of $output and $libobjs because we want to + # use them later. If we have whole_archive_flag_spec, we + # want to use save_libobjs as it was before + # whole_archive_flag_spec was expanded, because we can't + # assume the linker understands whole_archive_flag_spec. + # This may have to be revisited, in case too many + # convenience libraries get linked in and end up exceeding + # the spec. + if test -z "$convenience" || test -z "$whole_archive_flag_spec"; then + save_libobjs=$libobjs + fi + save_output=$output + func_basename "$output" + output_la=$func_basename_result + + # Clear the reloadable object creation command queue and + # initialize k to one. + test_cmds= + concat_cmds= + objlist= + last_robj= + k=1 + + if test -n "$save_libobjs" && test "X$skipped_export" != "X:" && test "$with_gnu_ld" = yes; then + output=${output_objdir}/${output_la}.lnkscript + func_verbose "creating GNU ld script: $output" + echo 'INPUT (' > $output + for obj in $save_libobjs + do + func_to_tool_file "$obj" + $ECHO "$func_to_tool_file_result" >> $output + done + echo ')' >> $output + func_append delfiles " $output" + func_to_tool_file "$output" + output=$func_to_tool_file_result + elif test -n "$save_libobjs" && test "X$skipped_export" != "X:" && test "X$file_list_spec" != X; then + output=${output_objdir}/${output_la}.lnk + func_verbose "creating linker input file list: $output" + : > $output + set x $save_libobjs + shift + firstobj= + if test "$compiler_needs_object" = yes; then + firstobj="$1 " + shift + fi + for obj + do + func_to_tool_file "$obj" + $ECHO "$func_to_tool_file_result" >> $output + done + func_append delfiles " $output" + func_to_tool_file "$output" + output=$firstobj\"$file_list_spec$func_to_tool_file_result\" + else + if test -n "$save_libobjs"; then + func_verbose "creating reloadable object files..." + output=$output_objdir/$output_la-${k}.$objext + eval test_cmds=\"$reload_cmds\" + func_len " $test_cmds" + len0=$func_len_result + len=$len0 + + # Loop over the list of objects to be linked. + for obj in $save_libobjs + do + func_len " $obj" + func_arith $len + $func_len_result + len=$func_arith_result + if test "X$objlist" = X || + test "$len" -lt "$max_cmd_len"; then + func_append objlist " $obj" + else + # The command $test_cmds is almost too long, add a + # command to the queue. + if test "$k" -eq 1 ; then + # The first file doesn't have a previous command to add. + reload_objs=$objlist + eval concat_cmds=\"$reload_cmds\" + else + # All subsequent reloadable object files will link in + # the last one created. + reload_objs="$objlist $last_robj" + eval concat_cmds=\"\$concat_cmds~$reload_cmds~\$RM $last_robj\" + fi + last_robj=$output_objdir/$output_la-${k}.$objext + func_arith $k + 1 + k=$func_arith_result + output=$output_objdir/$output_la-${k}.$objext + objlist=" $obj" + func_len " $last_robj" + func_arith $len0 + $func_len_result + len=$func_arith_result + fi + done + # Handle the remaining objects by creating one last + # reloadable object file. All subsequent reloadable object + # files will link in the last one created. + test -z "$concat_cmds" || concat_cmds=$concat_cmds~ + reload_objs="$objlist $last_robj" + eval concat_cmds=\"\${concat_cmds}$reload_cmds\" + if test -n "$last_robj"; then + eval concat_cmds=\"\${concat_cmds}~\$RM $last_robj\" + fi + func_append delfiles " $output" + + else + output= + fi + + if ${skipped_export-false}; then + func_verbose "generating symbol list for \`$libname.la'" + export_symbols="$output_objdir/$libname.exp" + $opt_dry_run || $RM $export_symbols + libobjs=$output + # Append the command to create the export file. + test -z "$concat_cmds" || concat_cmds=$concat_cmds~ + eval concat_cmds=\"\$concat_cmds$export_symbols_cmds\" + if test -n "$last_robj"; then + eval concat_cmds=\"\$concat_cmds~\$RM $last_robj\" + fi + fi + + test -n "$save_libobjs" && + func_verbose "creating a temporary reloadable object file: $output" + + # Loop through the commands generated above and execute them. + save_ifs="$IFS"; IFS='~' + for cmd in $concat_cmds; do + IFS="$save_ifs" + $opt_silent || { + func_quote_for_expand "$cmd" + eval "func_echo $func_quote_for_expand_result" + } + $opt_dry_run || eval "$cmd" || { + lt_exit=$? + + # Restore the uninstalled library and exit + if test "$opt_mode" = relink; then + ( cd "$output_objdir" && \ + $RM "${realname}T" && \ + $MV "${realname}U" "$realname" ) + fi + + exit $lt_exit + } + done + IFS="$save_ifs" + + if test -n "$export_symbols_regex" && ${skipped_export-false}; then + func_show_eval '$EGREP -e "$export_symbols_regex" "$export_symbols" > "${export_symbols}T"' + func_show_eval '$MV "${export_symbols}T" "$export_symbols"' + fi + fi + + if ${skipped_export-false}; then + if test -n "$export_symbols" && test -n "$include_expsyms"; then + tmp_export_symbols="$export_symbols" + test -n "$orig_export_symbols" && tmp_export_symbols="$orig_export_symbols" + $opt_dry_run || eval '$ECHO "$include_expsyms" | $SP2NL >> "$tmp_export_symbols"' + fi + + if test -n "$orig_export_symbols"; then + # The given exports_symbols file has to be filtered, so filter it. + func_verbose "filter symbol list for \`$libname.la' to tag DATA exports" + # FIXME: $output_objdir/$libname.filter potentially contains lots of + # 's' commands which not all seds can handle. GNU sed should be fine + # though. Also, the filter scales superlinearly with the number of + # global variables. join(1) would be nice here, but unfortunately + # isn't a blessed tool. + $opt_dry_run || $SED -e '/[ ,]DATA/!d;s,\(.*\)\([ \,].*\),s|^\1$|\1\2|,' < $export_symbols > $output_objdir/$libname.filter + func_append delfiles " $export_symbols $output_objdir/$libname.filter" + export_symbols=$output_objdir/$libname.def + $opt_dry_run || $SED -f $output_objdir/$libname.filter < $orig_export_symbols > $export_symbols + fi + fi + + libobjs=$output + # Restore the value of output. + output=$save_output + + if test -n "$convenience" && test -n "$whole_archive_flag_spec"; then + eval libobjs=\"\$libobjs $whole_archive_flag_spec\" + test "X$libobjs" = "X " && libobjs= + fi + # Expand the library linking commands again to reset the + # value of $libobjs for piecewise linking. + + # Do each of the archive commands. + if test "$module" = yes && test -n "$module_cmds" ; then + if test -n "$export_symbols" && test -n "$module_expsym_cmds"; then + cmds=$module_expsym_cmds + else + cmds=$module_cmds + fi + else + if test -n "$export_symbols" && test -n "$archive_expsym_cmds"; then + cmds=$archive_expsym_cmds + else + cmds=$archive_cmds + fi + fi + fi + + if test -n "$delfiles"; then + # Append the command to remove temporary files to $cmds. + eval cmds=\"\$cmds~\$RM $delfiles\" + fi + + # Add any objects from preloaded convenience libraries + if test -n "$dlprefiles"; then + gentop="$output_objdir/${outputname}x" + func_append generated " $gentop" + + func_extract_archives $gentop $dlprefiles + func_append libobjs " $func_extract_archives_result" + test "X$libobjs" = "X " && libobjs= + fi + + save_ifs="$IFS"; IFS='~' + for cmd in $cmds; do + IFS="$save_ifs" + eval cmd=\"$cmd\" + $opt_silent || { + func_quote_for_expand "$cmd" + eval "func_echo $func_quote_for_expand_result" + } + $opt_dry_run || eval "$cmd" || { + lt_exit=$? + + # Restore the uninstalled library and exit + if test "$opt_mode" = relink; then + ( cd "$output_objdir" && \ + $RM "${realname}T" && \ + $MV "${realname}U" "$realname" ) + fi + + exit $lt_exit + } + done + IFS="$save_ifs" + + # Restore the uninstalled library and exit + if test "$opt_mode" = relink; then + $opt_dry_run || eval '(cd $output_objdir && $RM ${realname}T && $MV $realname ${realname}T && $MV ${realname}U $realname)' || exit $? + + if test -n "$convenience"; then + if test -z "$whole_archive_flag_spec"; then + func_show_eval '${RM}r "$gentop"' + fi + fi + + exit $EXIT_SUCCESS + fi + + # Create links to the real library. + for linkname in $linknames; do + if test "$realname" != "$linkname"; then + func_show_eval '(cd "$output_objdir" && $RM "$linkname" && $LN_S "$realname" "$linkname")' 'exit $?' + fi + done + + # If -module or -export-dynamic was specified, set the dlname. + if test "$module" = yes || test "$export_dynamic" = yes; then + # On all known operating systems, these are identical. + dlname="$soname" + fi + fi + ;; + + obj) + if test -n "$dlfiles$dlprefiles" || test "$dlself" != no; then + func_warning "\`-dlopen' is ignored for objects" + fi + + case " $deplibs" in + *\ -l* | *\ -L*) + func_warning "\`-l' and \`-L' are ignored for objects" ;; + esac + + test -n "$rpath" && \ + func_warning "\`-rpath' is ignored for objects" + + test -n "$xrpath" && \ + func_warning "\`-R' is ignored for objects" + + test -n "$vinfo" && \ + func_warning "\`-version-info' is ignored for objects" + + test -n "$release" && \ + func_warning "\`-release' is ignored for objects" + + case $output in + *.lo) + test -n "$objs$old_deplibs" && \ + func_fatal_error "cannot build library object \`$output' from non-libtool objects" + + libobj=$output + func_lo2o "$libobj" + obj=$func_lo2o_result + ;; + *) + libobj= + obj="$output" + ;; + esac + + # Delete the old objects. + $opt_dry_run || $RM $obj $libobj + + # Objects from convenience libraries. This assumes + # single-version convenience libraries. Whenever we create + # different ones for PIC/non-PIC, this we'll have to duplicate + # the extraction. + reload_conv_objs= + gentop= + # reload_cmds runs $LD directly, so let us get rid of + # -Wl from whole_archive_flag_spec and hope we can get by with + # turning comma into space.. + wl= + + if test -n "$convenience"; then + if test -n "$whole_archive_flag_spec"; then + eval tmp_whole_archive_flags=\"$whole_archive_flag_spec\" + reload_conv_objs=$reload_objs\ `$ECHO "$tmp_whole_archive_flags" | $SED 's|,| |g'` + else + gentop="$output_objdir/${obj}x" + func_append generated " $gentop" + + func_extract_archives $gentop $convenience + reload_conv_objs="$reload_objs $func_extract_archives_result" + fi + fi + + # If we're not building shared, we need to use non_pic_objs + test "$build_libtool_libs" != yes && libobjs="$non_pic_objects" + + # Create the old-style object. + reload_objs="$objs$old_deplibs "`$ECHO "$libobjs" | $SP2NL | $SED "/\.${libext}$/d; /\.lib$/d; $lo2o" | $NL2SP`" $reload_conv_objs" ### testsuite: skip nested quoting test + + output="$obj" + func_execute_cmds "$reload_cmds" 'exit $?' + + # Exit if we aren't doing a library object file. + if test -z "$libobj"; then + if test -n "$gentop"; then + func_show_eval '${RM}r "$gentop"' + fi + + exit $EXIT_SUCCESS + fi + + if test "$build_libtool_libs" != yes; then + if test -n "$gentop"; then + func_show_eval '${RM}r "$gentop"' + fi + + # Create an invalid libtool object if no PIC, so that we don't + # accidentally link it into a program. + # $show "echo timestamp > $libobj" + # $opt_dry_run || eval "echo timestamp > $libobj" || exit $? + exit $EXIT_SUCCESS + fi + + if test -n "$pic_flag" || test "$pic_mode" != default; then + # Only do commands if we really have different PIC objects. + reload_objs="$libobjs $reload_conv_objs" + output="$libobj" + func_execute_cmds "$reload_cmds" 'exit $?' + fi + + if test -n "$gentop"; then + func_show_eval '${RM}r "$gentop"' + fi + + exit $EXIT_SUCCESS + ;; + + prog) + case $host in + *cygwin*) func_stripname '' '.exe' "$output" + output=$func_stripname_result.exe;; + esac + test -n "$vinfo" && \ + func_warning "\`-version-info' is ignored for programs" + + test -n "$release" && \ + func_warning "\`-release' is ignored for programs" + + test "$preload" = yes \ + && test "$dlopen_support" = unknown \ + && test "$dlopen_self" = unknown \ + && test "$dlopen_self_static" = unknown && \ + func_warning "\`LT_INIT([dlopen])' not used. Assuming no dlopen support." + + case $host in + *-*-rhapsody* | *-*-darwin1.[012]) + # On Rhapsody replace the C library is the System framework + compile_deplibs=`$ECHO " $compile_deplibs" | $SED 's/ -lc / System.ltframework /'` + finalize_deplibs=`$ECHO " $finalize_deplibs" | $SED 's/ -lc / System.ltframework /'` + ;; + esac + + case $host in + *-*-darwin*) + # Don't allow lazy linking, it breaks C++ global constructors + # But is supposedly fixed on 10.4 or later (yay!). + if test "$tagname" = CXX ; then + case ${MACOSX_DEPLOYMENT_TARGET-10.0} in + 10.[0123]) + func_append compile_command " ${wl}-bind_at_load" + func_append finalize_command " ${wl}-bind_at_load" + ;; + esac + fi + # Time to change all our "foo.ltframework" stuff back to "-framework foo" + compile_deplibs=`$ECHO " $compile_deplibs" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'` + finalize_deplibs=`$ECHO " $finalize_deplibs" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'` + ;; + esac + + + # move library search paths that coincide with paths to not yet + # installed libraries to the beginning of the library search list + new_libs= + for path in $notinst_path; do + case " $new_libs " in + *" -L$path/$objdir "*) ;; + *) + case " $compile_deplibs " in + *" -L$path/$objdir "*) + func_append new_libs " -L$path/$objdir" ;; + esac + ;; + esac + done + for deplib in $compile_deplibs; do + case $deplib in + -L*) + case " $new_libs " in + *" $deplib "*) ;; + *) func_append new_libs " $deplib" ;; + esac + ;; + *) func_append new_libs " $deplib" ;; + esac + done + compile_deplibs="$new_libs" + + + func_append compile_command " $compile_deplibs" + func_append finalize_command " $finalize_deplibs" + + if test -n "$rpath$xrpath"; then + # If the user specified any rpath flags, then add them. + for libdir in $rpath $xrpath; do + # This is the magic to use -rpath. + case "$finalize_rpath " in + *" $libdir "*) ;; + *) func_append finalize_rpath " $libdir" ;; + esac + done + fi + + # Now hardcode the library paths + rpath= + hardcode_libdirs= + for libdir in $compile_rpath $finalize_rpath; do + if test -n "$hardcode_libdir_flag_spec"; then + if test -n "$hardcode_libdir_separator"; then + if test -z "$hardcode_libdirs"; then + hardcode_libdirs="$libdir" + else + # Just accumulate the unique libdirs. + case $hardcode_libdir_separator$hardcode_libdirs$hardcode_libdir_separator in + *"$hardcode_libdir_separator$libdir$hardcode_libdir_separator"*) + ;; + *) + func_append hardcode_libdirs "$hardcode_libdir_separator$libdir" + ;; + esac + fi + else + eval flag=\"$hardcode_libdir_flag_spec\" + func_append rpath " $flag" + fi + elif test -n "$runpath_var"; then + case "$perm_rpath " in + *" $libdir "*) ;; + *) func_append perm_rpath " $libdir" ;; + esac + fi + case $host in + *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-cegcc*) + testbindir=`${ECHO} "$libdir" | ${SED} -e 's*/lib$*/bin*'` + case :$dllsearchpath: in + *":$libdir:"*) ;; + ::) dllsearchpath=$libdir;; + *) func_append dllsearchpath ":$libdir";; + esac + case :$dllsearchpath: in + *":$testbindir:"*) ;; + ::) dllsearchpath=$testbindir;; + *) func_append dllsearchpath ":$testbindir";; + esac + ;; + esac + done + # Substitute the hardcoded libdirs into the rpath. + if test -n "$hardcode_libdir_separator" && + test -n "$hardcode_libdirs"; then + libdir="$hardcode_libdirs" + eval rpath=\" $hardcode_libdir_flag_spec\" + fi + compile_rpath="$rpath" + + rpath= + hardcode_libdirs= + for libdir in $finalize_rpath; do + if test -n "$hardcode_libdir_flag_spec"; then + if test -n "$hardcode_libdir_separator"; then + if test -z "$hardcode_libdirs"; then + hardcode_libdirs="$libdir" + else + # Just accumulate the unique libdirs. + case $hardcode_libdir_separator$hardcode_libdirs$hardcode_libdir_separator in + *"$hardcode_libdir_separator$libdir$hardcode_libdir_separator"*) + ;; + *) + func_append hardcode_libdirs "$hardcode_libdir_separator$libdir" + ;; + esac + fi + else + eval flag=\"$hardcode_libdir_flag_spec\" + func_append rpath " $flag" + fi + elif test -n "$runpath_var"; then + case "$finalize_perm_rpath " in + *" $libdir "*) ;; + *) func_append finalize_perm_rpath " $libdir" ;; + esac + fi + done + # Substitute the hardcoded libdirs into the rpath. + if test -n "$hardcode_libdir_separator" && + test -n "$hardcode_libdirs"; then + libdir="$hardcode_libdirs" + eval rpath=\" $hardcode_libdir_flag_spec\" + fi + finalize_rpath="$rpath" + + if test -n "$libobjs" && test "$build_old_libs" = yes; then + # Transform all the library objects into standard objects. + compile_command=`$ECHO "$compile_command" | $SP2NL | $SED "$lo2o" | $NL2SP` + finalize_command=`$ECHO "$finalize_command" | $SP2NL | $SED "$lo2o" | $NL2SP` + fi + + func_generate_dlsyms "$outputname" "@PROGRAM@" "no" + + # template prelinking step + if test -n "$prelink_cmds"; then + func_execute_cmds "$prelink_cmds" 'exit $?' + fi + + wrappers_required=yes + case $host in + *cegcc* | *mingw32ce*) + # Disable wrappers for cegcc and mingw32ce hosts, we are cross compiling anyway. + wrappers_required=no + ;; + *cygwin* | *mingw* ) + if test "$build_libtool_libs" != yes; then + wrappers_required=no + fi + ;; + *) + if test "$need_relink" = no || test "$build_libtool_libs" != yes; then + wrappers_required=no + fi + ;; + esac + if test "$wrappers_required" = no; then + # Replace the output file specification. + compile_command=`$ECHO "$compile_command" | $SED 's%@OUTPUT@%'"$output"'%g'` + link_command="$compile_command$compile_rpath" + + # We have no uninstalled library dependencies, so finalize right now. + exit_status=0 + func_show_eval "$link_command" 'exit_status=$?' + + if test -n "$postlink_cmds"; then + func_to_tool_file "$output" + postlink_cmds=`func_echo_all "$postlink_cmds" | $SED -e 's%@OUTPUT@%'"$output"'%g' -e 's%@TOOL_OUTPUT@%'"$func_to_tool_file_result"'%g'` + func_execute_cmds "$postlink_cmds" 'exit $?' + fi + + # Delete the generated files. + if test -f "$output_objdir/${outputname}S.${objext}"; then + func_show_eval '$RM "$output_objdir/${outputname}S.${objext}"' + fi + + exit $exit_status + fi + + if test -n "$compile_shlibpath$finalize_shlibpath"; then + compile_command="$shlibpath_var=\"$compile_shlibpath$finalize_shlibpath\$$shlibpath_var\" $compile_command" + fi + if test -n "$finalize_shlibpath"; then + finalize_command="$shlibpath_var=\"$finalize_shlibpath\$$shlibpath_var\" $finalize_command" + fi + + compile_var= + finalize_var= + if test -n "$runpath_var"; then + if test -n "$perm_rpath"; then + # We should set the runpath_var. + rpath= + for dir in $perm_rpath; do + func_append rpath "$dir:" + done + compile_var="$runpath_var=\"$rpath\$$runpath_var\" " + fi + if test -n "$finalize_perm_rpath"; then + # We should set the runpath_var. + rpath= + for dir in $finalize_perm_rpath; do + func_append rpath "$dir:" + done + finalize_var="$runpath_var=\"$rpath\$$runpath_var\" " + fi + fi + + if test "$no_install" = yes; then + # We don't need to create a wrapper script. + link_command="$compile_var$compile_command$compile_rpath" + # Replace the output file specification. + link_command=`$ECHO "$link_command" | $SED 's%@OUTPUT@%'"$output"'%g'` + # Delete the old output file. + $opt_dry_run || $RM $output + # Link the executable and exit + func_show_eval "$link_command" 'exit $?' + + if test -n "$postlink_cmds"; then + func_to_tool_file "$output" + postlink_cmds=`func_echo_all "$postlink_cmds" | $SED -e 's%@OUTPUT@%'"$output"'%g' -e 's%@TOOL_OUTPUT@%'"$func_to_tool_file_result"'%g'` + func_execute_cmds "$postlink_cmds" 'exit $?' + fi + + exit $EXIT_SUCCESS + fi + + if test "$hardcode_action" = relink; then + # Fast installation is not supported + link_command="$compile_var$compile_command$compile_rpath" + relink_command="$finalize_var$finalize_command$finalize_rpath" + + func_warning "this platform does not like uninstalled shared libraries" + func_warning "\`$output' will be relinked during installation" + else + if test "$fast_install" != no; then + link_command="$finalize_var$compile_command$finalize_rpath" + if test "$fast_install" = yes; then + relink_command=`$ECHO "$compile_var$compile_command$compile_rpath" | $SED 's%@OUTPUT@%\$progdir/\$file%g'` + else + # fast_install is set to needless + relink_command= + fi + else + link_command="$compile_var$compile_command$compile_rpath" + relink_command="$finalize_var$finalize_command$finalize_rpath" + fi + fi + + # Replace the output file specification. + link_command=`$ECHO "$link_command" | $SED 's%@OUTPUT@%'"$output_objdir/$outputname"'%g'` + + # Delete the old output files. + $opt_dry_run || $RM $output $output_objdir/$outputname $output_objdir/lt-$outputname + + func_show_eval "$link_command" 'exit $?' + + if test -n "$postlink_cmds"; then + func_to_tool_file "$output_objdir/$outputname" + postlink_cmds=`func_echo_all "$postlink_cmds" | $SED -e 's%@OUTPUT@%'"$output_objdir/$outputname"'%g' -e 's%@TOOL_OUTPUT@%'"$func_to_tool_file_result"'%g'` + func_execute_cmds "$postlink_cmds" 'exit $?' + fi + + # Now create the wrapper script. + func_verbose "creating $output" + + # Quote the relink command for shipping. + if test -n "$relink_command"; then + # Preserve any variables that may affect compiler behavior + for var in $variables_saved_for_relink; do + if eval test -z \"\${$var+set}\"; then + relink_command="{ test -z \"\${$var+set}\" || $lt_unset $var || { $var=; export $var; }; }; $relink_command" + elif eval var_value=\$$var; test -z "$var_value"; then + relink_command="$var=; export $var; $relink_command" + else + func_quote_for_eval "$var_value" + relink_command="$var=$func_quote_for_eval_result; export $var; $relink_command" + fi + done + relink_command="(cd `pwd`; $relink_command)" + relink_command=`$ECHO "$relink_command" | $SED "$sed_quote_subst"` + fi + + # Only actually do things if not in dry run mode. + $opt_dry_run || { + # win32 will think the script is a binary if it has + # a .exe suffix, so we strip it off here. + case $output in + *.exe) func_stripname '' '.exe' "$output" + output=$func_stripname_result ;; + esac + # test for cygwin because mv fails w/o .exe extensions + case $host in + *cygwin*) + exeext=.exe + func_stripname '' '.exe' "$outputname" + outputname=$func_stripname_result ;; + *) exeext= ;; + esac + case $host in + *cygwin* | *mingw* ) + func_dirname_and_basename "$output" "" "." + output_name=$func_basename_result + output_path=$func_dirname_result + cwrappersource="$output_path/$objdir/lt-$output_name.c" + cwrapper="$output_path/$output_name.exe" + $RM $cwrappersource $cwrapper + trap "$RM $cwrappersource $cwrapper; exit $EXIT_FAILURE" 1 2 15 + + func_emit_cwrapperexe_src > $cwrappersource + + # The wrapper executable is built using the $host compiler, + # because it contains $host paths and files. If cross- + # compiling, it, like the target executable, must be + # executed on the $host or under an emulation environment. + $opt_dry_run || { + $LTCC $LTCFLAGS -o $cwrapper $cwrappersource + $STRIP $cwrapper + } + + # Now, create the wrapper script for func_source use: + func_ltwrapper_scriptname $cwrapper + $RM $func_ltwrapper_scriptname_result + trap "$RM $func_ltwrapper_scriptname_result; exit $EXIT_FAILURE" 1 2 15 + $opt_dry_run || { + # note: this script will not be executed, so do not chmod. + if test "x$build" = "x$host" ; then + $cwrapper --lt-dump-script > $func_ltwrapper_scriptname_result + else + func_emit_wrapper no > $func_ltwrapper_scriptname_result + fi + } + ;; + * ) + $RM $output + trap "$RM $output; exit $EXIT_FAILURE" 1 2 15 + + func_emit_wrapper no > $output + chmod +x $output + ;; + esac + } + exit $EXIT_SUCCESS + ;; + esac + + # See if we need to build an old-fashioned archive. + for oldlib in $oldlibs; do + + if test "$build_libtool_libs" = convenience; then + oldobjs="$libobjs_save $symfileobj" + addlibs="$convenience" + build_libtool_libs=no + else + if test "$build_libtool_libs" = module; then + oldobjs="$libobjs_save" + build_libtool_libs=no + else + oldobjs="$old_deplibs $non_pic_objects" + if test "$preload" = yes && test -f "$symfileobj"; then + func_append oldobjs " $symfileobj" + fi + fi + addlibs="$old_convenience" + fi + + if test -n "$addlibs"; then + gentop="$output_objdir/${outputname}x" + func_append generated " $gentop" + + func_extract_archives $gentop $addlibs + func_append oldobjs " $func_extract_archives_result" + fi + + # Do each command in the archive commands. + if test -n "$old_archive_from_new_cmds" && test "$build_libtool_libs" = yes; then + cmds=$old_archive_from_new_cmds + else + + # Add any objects from preloaded convenience libraries + if test -n "$dlprefiles"; then + gentop="$output_objdir/${outputname}x" + func_append generated " $gentop" + + func_extract_archives $gentop $dlprefiles + func_append oldobjs " $func_extract_archives_result" + fi + + # POSIX demands no paths to be encoded in archives. We have + # to avoid creating archives with duplicate basenames if we + # might have to extract them afterwards, e.g., when creating a + # static archive out of a convenience library, or when linking + # the entirety of a libtool archive into another (currently + # not supported by libtool). + if (for obj in $oldobjs + do + func_basename "$obj" + $ECHO "$func_basename_result" + done | sort | sort -uc >/dev/null 2>&1); then + : + else + echo "copying selected object files to avoid basename conflicts..." + gentop="$output_objdir/${outputname}x" + func_append generated " $gentop" + func_mkdir_p "$gentop" + save_oldobjs=$oldobjs + oldobjs= + counter=1 + for obj in $save_oldobjs + do + func_basename "$obj" + objbase="$func_basename_result" + case " $oldobjs " in + " ") oldobjs=$obj ;; + *[\ /]"$objbase "*) + while :; do + # Make sure we don't pick an alternate name that also + # overlaps. + newobj=lt$counter-$objbase + func_arith $counter + 1 + counter=$func_arith_result + case " $oldobjs " in + *[\ /]"$newobj "*) ;; + *) if test ! -f "$gentop/$newobj"; then break; fi ;; + esac + done + func_show_eval "ln $obj $gentop/$newobj || cp $obj $gentop/$newobj" + func_append oldobjs " $gentop/$newobj" + ;; + *) func_append oldobjs " $obj" ;; + esac + done + fi + func_to_tool_file "$oldlib" func_convert_file_msys_to_w32 + tool_oldlib=$func_to_tool_file_result + eval cmds=\"$old_archive_cmds\" + + func_len " $cmds" + len=$func_len_result + if test "$len" -lt "$max_cmd_len" || test "$max_cmd_len" -le -1; then + cmds=$old_archive_cmds + elif test -n "$archiver_list_spec"; then + func_verbose "using command file archive linking..." + for obj in $oldobjs + do + func_to_tool_file "$obj" + $ECHO "$func_to_tool_file_result" + done > $output_objdir/$libname.libcmd + func_to_tool_file "$output_objdir/$libname.libcmd" + oldobjs=" $archiver_list_spec$func_to_tool_file_result" + cmds=$old_archive_cmds + else + # the command line is too long to link in one step, link in parts + func_verbose "using piecewise archive linking..." + save_RANLIB=$RANLIB + RANLIB=: + objlist= + concat_cmds= + save_oldobjs=$oldobjs + oldobjs= + # Is there a better way of finding the last object in the list? + for obj in $save_oldobjs + do + last_oldobj=$obj + done + eval test_cmds=\"$old_archive_cmds\" + func_len " $test_cmds" + len0=$func_len_result + len=$len0 + for obj in $save_oldobjs + do + func_len " $obj" + func_arith $len + $func_len_result + len=$func_arith_result + func_append objlist " $obj" + if test "$len" -lt "$max_cmd_len"; then + : + else + # the above command should be used before it gets too long + oldobjs=$objlist + if test "$obj" = "$last_oldobj" ; then + RANLIB=$save_RANLIB + fi + test -z "$concat_cmds" || concat_cmds=$concat_cmds~ + eval concat_cmds=\"\${concat_cmds}$old_archive_cmds\" + objlist= + len=$len0 + fi + done + RANLIB=$save_RANLIB + oldobjs=$objlist + if test "X$oldobjs" = "X" ; then + eval cmds=\"\$concat_cmds\" + else + eval cmds=\"\$concat_cmds~\$old_archive_cmds\" + fi + fi + fi + func_execute_cmds "$cmds" 'exit $?' + done + + test -n "$generated" && \ + func_show_eval "${RM}r$generated" + + # Now create the libtool archive. + case $output in + *.la) + old_library= + test "$build_old_libs" = yes && old_library="$libname.$libext" + func_verbose "creating $output" + + # Preserve any variables that may affect compiler behavior + for var in $variables_saved_for_relink; do + if eval test -z \"\${$var+set}\"; then + relink_command="{ test -z \"\${$var+set}\" || $lt_unset $var || { $var=; export $var; }; }; $relink_command" + elif eval var_value=\$$var; test -z "$var_value"; then + relink_command="$var=; export $var; $relink_command" + else + func_quote_for_eval "$var_value" + relink_command="$var=$func_quote_for_eval_result; export $var; $relink_command" + fi + done + # Quote the link command for shipping. + relink_command="(cd `pwd`; $SHELL $progpath $preserve_args --mode=relink $libtool_args @inst_prefix_dir@)" + relink_command=`$ECHO "$relink_command" | $SED "$sed_quote_subst"` + if test "$hardcode_automatic" = yes ; then + relink_command= + fi + + # Only create the output if not a dry run. + $opt_dry_run || { + for installed in no yes; do + if test "$installed" = yes; then + if test -z "$install_libdir"; then + break + fi + output="$output_objdir/$outputname"i + # Replace all uninstalled libtool libraries with the installed ones + newdependency_libs= + for deplib in $dependency_libs; do + case $deplib in + *.la) + func_basename "$deplib" + name="$func_basename_result" + func_resolve_sysroot "$deplib" + eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $func_resolve_sysroot_result` + test -z "$libdir" && \ + func_fatal_error "\`$deplib' is not a valid libtool archive" + func_append newdependency_libs " ${lt_sysroot:+=}$libdir/$name" + ;; + -L*) + func_stripname -L '' "$deplib" + func_replace_sysroot "$func_stripname_result" + func_append newdependency_libs " -L$func_replace_sysroot_result" + ;; + -R*) + func_stripname -R '' "$deplib" + func_replace_sysroot "$func_stripname_result" + func_append newdependency_libs " -R$func_replace_sysroot_result" + ;; + *) func_append newdependency_libs " $deplib" ;; + esac + done + dependency_libs="$newdependency_libs" + newdlfiles= + + for lib in $dlfiles; do + case $lib in + *.la) + func_basename "$lib" + name="$func_basename_result" + eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $lib` + test -z "$libdir" && \ + func_fatal_error "\`$lib' is not a valid libtool archive" + func_append newdlfiles " ${lt_sysroot:+=}$libdir/$name" + ;; + *) func_append newdlfiles " $lib" ;; + esac + done + dlfiles="$newdlfiles" + newdlprefiles= + for lib in $dlprefiles; do + case $lib in + *.la) + # Only pass preopened files to the pseudo-archive (for + # eventual linking with the app. that links it) if we + # didn't already link the preopened objects directly into + # the library: + func_basename "$lib" + name="$func_basename_result" + eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $lib` + test -z "$libdir" && \ + func_fatal_error "\`$lib' is not a valid libtool archive" + func_append newdlprefiles " ${lt_sysroot:+=}$libdir/$name" + ;; + esac + done + dlprefiles="$newdlprefiles" + else + newdlfiles= + for lib in $dlfiles; do + case $lib in + [\\/]* | [A-Za-z]:[\\/]*) abs="$lib" ;; + *) abs=`pwd`"/$lib" ;; + esac + func_append newdlfiles " $abs" + done + dlfiles="$newdlfiles" + newdlprefiles= + for lib in $dlprefiles; do + case $lib in + [\\/]* | [A-Za-z]:[\\/]*) abs="$lib" ;; + *) abs=`pwd`"/$lib" ;; + esac + func_append newdlprefiles " $abs" + done + dlprefiles="$newdlprefiles" + fi + $RM $output + # place dlname in correct position for cygwin + # In fact, it would be nice if we could use this code for all target + # systems that can't hard-code library paths into their executables + # and that have no shared library path variable independent of PATH, + # but it turns out we can't easily determine that from inspecting + # libtool variables, so we have to hard-code the OSs to which it + # applies here; at the moment, that means platforms that use the PE + # object format with DLL files. See the long comment at the top of + # tests/bindir.at for full details. + tdlname=$dlname + case $host,$output,$installed,$module,$dlname in + *cygwin*,*lai,yes,no,*.dll | *mingw*,*lai,yes,no,*.dll | *cegcc*,*lai,yes,no,*.dll) + # If a -bindir argument was supplied, place the dll there. + if test "x$bindir" != x ; + then + func_relative_path "$install_libdir" "$bindir" + tdlname=$func_relative_path_result$dlname + else + # Otherwise fall back on heuristic. + tdlname=../bin/$dlname + fi + ;; + esac + $ECHO > $output "\ +# $outputname - a libtool library file +# Generated by $PROGRAM (GNU $PACKAGE$TIMESTAMP) $VERSION +# +# Please DO NOT delete this file! +# It is necessary for linking the library. + +# The name that we can dlopen(3). +dlname='$tdlname' + +# Names of this library. +library_names='$library_names' + +# The name of the static archive. +old_library='$old_library' + +# Linker flags that can not go in dependency_libs. +inherited_linker_flags='$new_inherited_linker_flags' + +# Libraries that this one depends upon. +dependency_libs='$dependency_libs' + +# Names of additional weak libraries provided by this library +weak_library_names='$weak_libs' + +# Version information for $libname. +current=$current +age=$age +revision=$revision + +# Is this an already installed library? +installed=$installed + +# Should we warn about portability when linking against -modules? +shouldnotlink=$module + +# Files to dlopen/dlpreopen +dlopen='$dlfiles' +dlpreopen='$dlprefiles' + +# Directory that this library needs to be installed in: +libdir='$install_libdir'" + if test "$installed" = no && test "$need_relink" = yes; then + $ECHO >> $output "\ +relink_command=\"$relink_command\"" + fi + done + } + + # Do a symbolic link so that the libtool archive can be found in + # LD_LIBRARY_PATH before the program is installed. + func_show_eval '( cd "$output_objdir" && $RM "$outputname" && $LN_S "../$outputname" "$outputname" )' 'exit $?' + ;; + esac + exit $EXIT_SUCCESS +} + +{ test "$opt_mode" = link || test "$opt_mode" = relink; } && + func_mode_link ${1+"$@"} + + +# func_mode_uninstall arg... +func_mode_uninstall () +{ + $opt_debug + RM="$nonopt" + files= + rmforce= + exit_status=0 + + # This variable tells wrapper scripts just to set variables rather + # than running their programs. + libtool_install_magic="$magic" + + for arg + do + case $arg in + -f) func_append RM " $arg"; rmforce=yes ;; + -*) func_append RM " $arg" ;; + *) func_append files " $arg" ;; + esac + done + + test -z "$RM" && \ + func_fatal_help "you must specify an RM program" + + rmdirs= + + for file in $files; do + func_dirname "$file" "" "." + dir="$func_dirname_result" + if test "X$dir" = X.; then + odir="$objdir" + else + odir="$dir/$objdir" + fi + func_basename "$file" + name="$func_basename_result" + test "$opt_mode" = uninstall && odir="$dir" + + # Remember odir for removal later, being careful to avoid duplicates + if test "$opt_mode" = clean; then + case " $rmdirs " in + *" $odir "*) ;; + *) func_append rmdirs " $odir" ;; + esac + fi + + # Don't error if the file doesn't exist and rm -f was used. + if { test -L "$file"; } >/dev/null 2>&1 || + { test -h "$file"; } >/dev/null 2>&1 || + test -f "$file"; then + : + elif test -d "$file"; then + exit_status=1 + continue + elif test "$rmforce" = yes; then + continue + fi + + rmfiles="$file" + + case $name in + *.la) + # Possibly a libtool archive, so verify it. + if func_lalib_p "$file"; then + func_source $dir/$name + + # Delete the libtool libraries and symlinks. + for n in $library_names; do + func_append rmfiles " $odir/$n" + done + test -n "$old_library" && func_append rmfiles " $odir/$old_library" + + case "$opt_mode" in + clean) + case " $library_names " in + *" $dlname "*) ;; + *) test -n "$dlname" && func_append rmfiles " $odir/$dlname" ;; + esac + test -n "$libdir" && func_append rmfiles " $odir/$name $odir/${name}i" + ;; + uninstall) + if test -n "$library_names"; then + # Do each command in the postuninstall commands. + func_execute_cmds "$postuninstall_cmds" 'test "$rmforce" = yes || exit_status=1' + fi + + if test -n "$old_library"; then + # Do each command in the old_postuninstall commands. + func_execute_cmds "$old_postuninstall_cmds" 'test "$rmforce" = yes || exit_status=1' + fi + # FIXME: should reinstall the best remaining shared library. + ;; + esac + fi + ;; + + *.lo) + # Possibly a libtool object, so verify it. + if func_lalib_p "$file"; then + + # Read the .lo file + func_source $dir/$name + + # Add PIC object to the list of files to remove. + if test -n "$pic_object" && + test "$pic_object" != none; then + func_append rmfiles " $dir/$pic_object" + fi + + # Add non-PIC object to the list of files to remove. + if test -n "$non_pic_object" && + test "$non_pic_object" != none; then + func_append rmfiles " $dir/$non_pic_object" + fi + fi + ;; + + *) + if test "$opt_mode" = clean ; then + noexename=$name + case $file in + *.exe) + func_stripname '' '.exe' "$file" + file=$func_stripname_result + func_stripname '' '.exe' "$name" + noexename=$func_stripname_result + # $file with .exe has already been added to rmfiles, + # add $file without .exe + func_append rmfiles " $file" + ;; + esac + # Do a test to see if this is a libtool program. + if func_ltwrapper_p "$file"; then + if func_ltwrapper_executable_p "$file"; then + func_ltwrapper_scriptname "$file" + relink_command= + func_source $func_ltwrapper_scriptname_result + func_append rmfiles " $func_ltwrapper_scriptname_result" + else + relink_command= + func_source $dir/$noexename + fi + + # note $name still contains .exe if it was in $file originally + # as does the version of $file that was added into $rmfiles + func_append rmfiles " $odir/$name $odir/${name}S.${objext}" + if test "$fast_install" = yes && test -n "$relink_command"; then + func_append rmfiles " $odir/lt-$name" + fi + if test "X$noexename" != "X$name" ; then + func_append rmfiles " $odir/lt-${noexename}.c" + fi + fi + fi + ;; + esac + func_show_eval "$RM $rmfiles" 'exit_status=1' + done + + # Try to remove the ${objdir}s in the directories where we deleted files + for dir in $rmdirs; do + if test -d "$dir"; then + func_show_eval "rmdir $dir >/dev/null 2>&1" + fi + done + + exit $exit_status +} + +{ test "$opt_mode" = uninstall || test "$opt_mode" = clean; } && + func_mode_uninstall ${1+"$@"} + +test -z "$opt_mode" && { + help="$generic_help" + func_fatal_help "you must specify a MODE" +} + +test -z "$exec_cmd" && \ + func_fatal_help "invalid operation mode \`$opt_mode'" + +if test -n "$exec_cmd"; then + eval exec "$exec_cmd" + exit $EXIT_FAILURE +fi + +exit $exit_status + + +# The TAGs below are defined such that we never get into a situation +# in which we disable both kinds of libraries. Given conflicting +# choices, we go for a static library, that is the most portable, +# since we can't tell whether shared libraries were disabled because +# the user asked for that or because the platform doesn't support +# them. This is particularly important on AIX, because we don't +# support having both static and shared libraries enabled at the same +# time on that platform, so we default to a shared-only configuration. +# If a disable-shared tag is given, we'll fallback to a static-only +# configuration. But we'll never go from static-only to shared-only. + +# ### BEGIN LIBTOOL TAG CONFIG: disable-shared +build_libtool_libs=no +build_old_libs=yes +# ### END LIBTOOL TAG CONFIG: disable-shared + +# ### BEGIN LIBTOOL TAG CONFIG: disable-static +build_old_libs=`case $build_libtool_libs in yes) echo no;; *) echo yes;; esac` +# ### END LIBTOOL TAG CONFIG: disable-static + +# Local Variables: +# mode:shell-script +# sh-indentation:2 +# End: +# vi:sw=2 + diff --git a/missing b/missing new file mode 100755 index 00000000..86a8fc31 --- /dev/null +++ b/missing @@ -0,0 +1,331 @@ +#! /bin/sh +# Common stub for a few missing GNU programs while installing. + +scriptversion=2012-01-06.13; # UTC + +# Copyright (C) 1996, 1997, 1999, 2000, 2002, 2003, 2004, 2005, 2006, +# 2008, 2009, 2010, 2011, 2012 Free Software Foundation, Inc. +# Originally by Fran,cois Pinard , 1996. + +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2, or (at your option) +# any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +# As a special exception to the GNU General Public License, if you +# distribute this file as part of a program that contains a +# configuration script generated by Autoconf, you may include it under +# the same distribution terms that you use for the rest of that program. + +if test $# -eq 0; then + echo 1>&2 "Try \`$0 --help' for more information" + exit 1 +fi + +run=: +sed_output='s/.* --output[ =]\([^ ]*\).*/\1/p' +sed_minuso='s/.* -o \([^ ]*\).*/\1/p' + +# In the cases where this matters, `missing' is being run in the +# srcdir already. +if test -f configure.ac; then + configure_ac=configure.ac +else + configure_ac=configure.in +fi + +msg="missing on your system" + +case $1 in +--run) + # Try to run requested program, and just exit if it succeeds. + run= + shift + "$@" && exit 0 + # Exit code 63 means version mismatch. This often happens + # when the user try to use an ancient version of a tool on + # a file that requires a minimum version. In this case we + # we should proceed has if the program had been absent, or + # if --run hadn't been passed. + if test $? = 63; then + run=: + msg="probably too old" + fi + ;; + + -h|--h|--he|--hel|--help) + echo "\ +$0 [OPTION]... PROGRAM [ARGUMENT]... + +Handle \`PROGRAM [ARGUMENT]...' for when PROGRAM is missing, or return an +error status if there is no known handling for PROGRAM. + +Options: + -h, --help display this help and exit + -v, --version output version information and exit + --run try to run the given command, and emulate it if it fails + +Supported PROGRAM values: + aclocal touch file \`aclocal.m4' + autoconf touch file \`configure' + autoheader touch file \`config.h.in' + autom4te touch the output file, or create a stub one + automake touch all \`Makefile.in' files + bison create \`y.tab.[ch]', if possible, from existing .[ch] + flex create \`lex.yy.c', if possible, from existing .c + help2man touch the output file + lex create \`lex.yy.c', if possible, from existing .c + makeinfo touch the output file + yacc create \`y.tab.[ch]', if possible, from existing .[ch] + +Version suffixes to PROGRAM as well as the prefixes \`gnu-', \`gnu', and +\`g' are ignored when checking the name. + +Send bug reports to ." + exit $? + ;; + + -v|--v|--ve|--ver|--vers|--versi|--versio|--version) + echo "missing $scriptversion (GNU Automake)" + exit $? + ;; + + -*) + echo 1>&2 "$0: Unknown \`$1' option" + echo 1>&2 "Try \`$0 --help' for more information" + exit 1 + ;; + +esac + +# normalize program name to check for. +program=`echo "$1" | sed ' + s/^gnu-//; t + s/^gnu//; t + s/^g//; t'` + +# Now exit if we have it, but it failed. Also exit now if we +# don't have it and --version was passed (most likely to detect +# the program). This is about non-GNU programs, so use $1 not +# $program. +case $1 in + lex*|yacc*) + # Not GNU programs, they don't have --version. + ;; + + *) + if test -z "$run" && ($1 --version) > /dev/null 2>&1; then + # We have it, but it failed. + exit 1 + elif test "x$2" = "x--version" || test "x$2" = "x--help"; then + # Could not run --version or --help. This is probably someone + # running `$TOOL --version' or `$TOOL --help' to check whether + # $TOOL exists and not knowing $TOOL uses missing. + exit 1 + fi + ;; +esac + +# If it does not exist, or fails to run (possibly an outdated version), +# try to emulate it. +case $program in + aclocal*) + echo 1>&2 "\ +WARNING: \`$1' is $msg. You should only need it if + you modified \`acinclude.m4' or \`${configure_ac}'. You might want + to install the \`Automake' and \`Perl' packages. Grab them from + any GNU archive site." + touch aclocal.m4 + ;; + + autoconf*) + echo 1>&2 "\ +WARNING: \`$1' is $msg. You should only need it if + you modified \`${configure_ac}'. You might want to install the + \`Autoconf' and \`GNU m4' packages. Grab them from any GNU + archive site." + touch configure + ;; + + autoheader*) + echo 1>&2 "\ +WARNING: \`$1' is $msg. You should only need it if + you modified \`acconfig.h' or \`${configure_ac}'. You might want + to install the \`Autoconf' and \`GNU m4' packages. Grab them + from any GNU archive site." + files=`sed -n 's/^[ ]*A[CM]_CONFIG_HEADER(\([^)]*\)).*/\1/p' ${configure_ac}` + test -z "$files" && files="config.h" + touch_files= + for f in $files; do + case $f in + *:*) touch_files="$touch_files "`echo "$f" | + sed -e 's/^[^:]*://' -e 's/:.*//'`;; + *) touch_files="$touch_files $f.in";; + esac + done + touch $touch_files + ;; + + automake*) + echo 1>&2 "\ +WARNING: \`$1' is $msg. You should only need it if + you modified \`Makefile.am', \`acinclude.m4' or \`${configure_ac}'. + You might want to install the \`Automake' and \`Perl' packages. + Grab them from any GNU archive site." + find . -type f -name Makefile.am -print | + sed 's/\.am$/.in/' | + while read f; do touch "$f"; done + ;; + + autom4te*) + echo 1>&2 "\ +WARNING: \`$1' is needed, but is $msg. + You might have modified some files without having the + proper tools for further handling them. + You can get \`$1' as part of \`Autoconf' from any GNU + archive site." + + file=`echo "$*" | sed -n "$sed_output"` + test -z "$file" && file=`echo "$*" | sed -n "$sed_minuso"` + if test -f "$file"; then + touch $file + else + test -z "$file" || exec >$file + echo "#! /bin/sh" + echo "# Created by GNU Automake missing as a replacement of" + echo "# $ $@" + echo "exit 0" + chmod +x $file + exit 1 + fi + ;; + + bison*|yacc*) + echo 1>&2 "\ +WARNING: \`$1' $msg. You should only need it if + you modified a \`.y' file. You may need the \`Bison' package + in order for those modifications to take effect. You can get + \`Bison' from any GNU archive site." + rm -f y.tab.c y.tab.h + if test $# -ne 1; then + eval LASTARG=\${$#} + case $LASTARG in + *.y) + SRCFILE=`echo "$LASTARG" | sed 's/y$/c/'` + if test -f "$SRCFILE"; then + cp "$SRCFILE" y.tab.c + fi + SRCFILE=`echo "$LASTARG" | sed 's/y$/h/'` + if test -f "$SRCFILE"; then + cp "$SRCFILE" y.tab.h + fi + ;; + esac + fi + if test ! -f y.tab.h; then + echo >y.tab.h + fi + if test ! -f y.tab.c; then + echo 'main() { return 0; }' >y.tab.c + fi + ;; + + lex*|flex*) + echo 1>&2 "\ +WARNING: \`$1' is $msg. You should only need it if + you modified a \`.l' file. You may need the \`Flex' package + in order for those modifications to take effect. You can get + \`Flex' from any GNU archive site." + rm -f lex.yy.c + if test $# -ne 1; then + eval LASTARG=\${$#} + case $LASTARG in + *.l) + SRCFILE=`echo "$LASTARG" | sed 's/l$/c/'` + if test -f "$SRCFILE"; then + cp "$SRCFILE" lex.yy.c + fi + ;; + esac + fi + if test ! -f lex.yy.c; then + echo 'main() { return 0; }' >lex.yy.c + fi + ;; + + help2man*) + echo 1>&2 "\ +WARNING: \`$1' is $msg. You should only need it if + you modified a dependency of a manual page. You may need the + \`Help2man' package in order for those modifications to take + effect. You can get \`Help2man' from any GNU archive site." + + file=`echo "$*" | sed -n "$sed_output"` + test -z "$file" && file=`echo "$*" | sed -n "$sed_minuso"` + if test -f "$file"; then + touch $file + else + test -z "$file" || exec >$file + echo ".ab help2man is required to generate this page" + exit $? + fi + ;; + + makeinfo*) + echo 1>&2 "\ +WARNING: \`$1' is $msg. You should only need it if + you modified a \`.texi' or \`.texinfo' file, or any other file + indirectly affecting the aspect of the manual. The spurious + call might also be the consequence of using a buggy \`make' (AIX, + DU, IRIX). You might want to install the \`Texinfo' package or + the \`GNU make' package. Grab either from any GNU archive site." + # The file to touch is that specified with -o ... + file=`echo "$*" | sed -n "$sed_output"` + test -z "$file" && file=`echo "$*" | sed -n "$sed_minuso"` + if test -z "$file"; then + # ... or it is the one specified with @setfilename ... + infile=`echo "$*" | sed 's/.* \([^ ]*\) *$/\1/'` + file=`sed -n ' + /^@setfilename/{ + s/.* \([^ ]*\) *$/\1/ + p + q + }' $infile` + # ... or it is derived from the source name (dir/f.texi becomes f.info) + test -z "$file" && file=`echo "$infile" | sed 's,.*/,,;s,.[^.]*$,,'`.info + fi + # If the file does not exist, the user really needs makeinfo; + # let's fail without touching anything. + test -f $file || exit 1 + touch $file + ;; + + *) + echo 1>&2 "\ +WARNING: \`$1' is needed, and is $msg. + You might have modified some files without having the + proper tools for further handling them. Check the \`README' file, + it often tells you about the needed prerequisites for installing + this package. You may also peek at any GNU archive site, in case + some other package would contain this missing \`$1' program." + exit 1 + ;; +esac + +exit 0 + +# Local variables: +# eval: (add-hook 'write-file-hooks 'time-stamp) +# time-stamp-start: "scriptversion=" +# time-stamp-format: "%:y-%02m-%02d.%02H" +# time-stamp-time-zone: "UTC" +# time-stamp-end: "; # UTC" +# End: diff --git a/po/ChangeLog b/po/ChangeLog new file mode 100644 index 00000000..e69de29b diff --git a/po/LINGUAS b/po/LINGUAS new file mode 100644 index 00000000..b6d2833a --- /dev/null +++ b/po/LINGUAS @@ -0,0 +1,3 @@ +# please keep this list sorted alphabetically +# +da diff --git a/po/Makefile.in.in b/po/Makefile.in.in new file mode 100644 index 00000000..06a8cfe9 --- /dev/null +++ b/po/Makefile.in.in @@ -0,0 +1,222 @@ +# Makefile for program source directory in GNU NLS utilities package. +# Copyright (C) 1995, 1996, 1997 by Ulrich Drepper +# Copyright (C) 2004-2008 Rodney Dawes +# +# This file may be copied and used freely without restrictions. It may +# be used in projects which are not available under a GNU Public License, +# but which still want to provide support for the GNU gettext functionality. +# +# - Modified by Owen Taylor to use GETTEXT_PACKAGE +# instead of PACKAGE and to look for po2tbl in ./ not in intl/ +# +# - Modified by jacob berkman to install +# Makefile.in.in and po2tbl.sed.in for use with glib-gettextize +# +# - Modified by Rodney Dawes for use with intltool +# +# We have the following line for use by intltoolize: +# INTLTOOL_MAKEFILE + +GETTEXT_PACKAGE = @GETTEXT_PACKAGE@ +PACKAGE = @PACKAGE@ +VERSION = @VERSION@ + +SHELL = @SHELL@ + +srcdir = @srcdir@ +top_srcdir = @top_srcdir@ +top_builddir = @top_builddir@ +VPATH = @srcdir@ + +prefix = @prefix@ +exec_prefix = @exec_prefix@ +datadir = @datadir@ +datarootdir = @datarootdir@ +libdir = @libdir@ +DATADIRNAME = @DATADIRNAME@ +itlocaledir = $(prefix)/$(DATADIRNAME)/locale +subdir = po +install_sh = @install_sh@ +# Automake >= 1.8 provides @mkdir_p@. +# Until it can be supposed, use the safe fallback: +mkdir_p = $(install_sh) -d + +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ + +GMSGFMT = @GMSGFMT@ +MSGFMT = @MSGFMT@ +XGETTEXT = @XGETTEXT@ +INTLTOOL_UPDATE = @INTLTOOL_UPDATE@ +INTLTOOL_EXTRACT = @INTLTOOL_EXTRACT@ +MSGMERGE = INTLTOOL_EXTRACT="$(INTLTOOL_EXTRACT)" XGETTEXT="$(XGETTEXT)" srcdir=$(srcdir) $(INTLTOOL_UPDATE) --gettext-package $(GETTEXT_PACKAGE) --dist +GENPOT = INTLTOOL_EXTRACT="$(INTLTOOL_EXTRACT)" XGETTEXT="$(XGETTEXT)" srcdir=$(srcdir) $(INTLTOOL_UPDATE) --gettext-package $(GETTEXT_PACKAGE) --pot + +ALL_LINGUAS = @ALL_LINGUAS@ + +PO_LINGUAS=$(shell if test -r $(srcdir)/LINGUAS; then grep -v "^\#" $(srcdir)/LINGUAS; else echo "$(ALL_LINGUAS)"; fi) + +USER_LINGUAS=$(shell if test -n "$(LINGUAS)"; then LLINGUAS="$(LINGUAS)"; ALINGUAS="$(ALL_LINGUAS)"; for lang in $$LLINGUAS; do if test -n "`grep \^$$lang$$ $(srcdir)/LINGUAS 2>/dev/null`" -o -n "`echo $$ALINGUAS|tr ' ' '\n'|grep \^$$lang$$`"; then printf "$$lang "; fi; done; fi) + +USE_LINGUAS=$(shell if test -n "$(USER_LINGUAS)" -o -n "$(LINGUAS)"; then LLINGUAS="$(USER_LINGUAS)"; else if test -n "$(PO_LINGUAS)"; then LLINGUAS="$(PO_LINGUAS)"; else LLINGUAS="$(ALL_LINGUAS)"; fi; fi; for lang in $$LLINGUAS; do printf "$$lang "; done) + +POFILES=$(shell LINGUAS="$(PO_LINGUAS)"; for lang in $$LINGUAS; do printf "$$lang.po "; done) + +DISTFILES = Makefile.in.in POTFILES.in $(POFILES) +EXTRA_DISTFILES = ChangeLog POTFILES.skip Makevars LINGUAS + +POTFILES = \ +# This comment gets stripped out + +CATALOGS=$(shell LINGUAS="$(USE_LINGUAS)"; for lang in $$LINGUAS; do printf "$$lang.gmo "; done) + +.SUFFIXES: +.SUFFIXES: .po .pox .gmo .mo .msg .cat + +AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ +INTLTOOL_V_MSGFMT = $(INTLTOOL__v_MSGFMT_$(V)) +INTLTOOL__v_MSGFMT_= $(INTLTOOL__v_MSGFMT_$(AM_DEFAULT_VERBOSITY)) +INTLTOOL__v_MSGFMT_0 = @echo " MSGFMT" $@; + +.po.pox: + $(MAKE) $(GETTEXT_PACKAGE).pot + $(MSGMERGE) $< $(GETTEXT_PACKAGE).pot -o $*.pox + +.po.mo: + $(INTLTOOL_V_MSGFMT)$(MSGFMT) -o $@ $< + +.po.gmo: + $(INTLTOOL_V_MSGFMT)file=`echo $* | sed 's,.*/,,'`.gmo \ + && rm -f $$file && $(GMSGFMT) -o $$file $< + +.po.cat: + sed -f ../intl/po2msg.sed < $< > $*.msg \ + && rm -f $@ && gencat $@ $*.msg + + +all: all-@USE_NLS@ + +all-yes: $(CATALOGS) +all-no: + +$(GETTEXT_PACKAGE).pot: $(POTFILES) + $(GENPOT) + +install: install-data +install-data: install-data-@USE_NLS@ +install-data-no: all +install-data-yes: all + linguas="$(USE_LINGUAS)"; \ + for lang in $$linguas; do \ + dir=$(DESTDIR)$(itlocaledir)/$$lang/LC_MESSAGES; \ + $(mkdir_p) $$dir; \ + if test -r $$lang.gmo; then \ + $(INSTALL_DATA) $$lang.gmo $$dir/$(GETTEXT_PACKAGE).mo; \ + echo "installing $$lang.gmo as $$dir/$(GETTEXT_PACKAGE).mo"; \ + else \ + $(INSTALL_DATA) $(srcdir)/$$lang.gmo $$dir/$(GETTEXT_PACKAGE).mo; \ + echo "installing $(srcdir)/$$lang.gmo as" \ + "$$dir/$(GETTEXT_PACKAGE).mo"; \ + fi; \ + if test -r $$lang.gmo.m; then \ + $(INSTALL_DATA) $$lang.gmo.m $$dir/$(GETTEXT_PACKAGE).mo.m; \ + echo "installing $$lang.gmo.m as $$dir/$(GETTEXT_PACKAGE).mo.m"; \ + else \ + if test -r $(srcdir)/$$lang.gmo.m ; then \ + $(INSTALL_DATA) $(srcdir)/$$lang.gmo.m \ + $$dir/$(GETTEXT_PACKAGE).mo.m; \ + echo "installing $(srcdir)/$$lang.gmo.m as" \ + "$$dir/$(GETTEXT_PACKAGE).mo.m"; \ + else \ + true; \ + fi; \ + fi; \ + done + +# Empty stubs to satisfy archaic automake needs +dvi info ctags tags CTAGS TAGS ID: + +# Define this as empty until I found a useful application. +install-exec installcheck: + +uninstall: + linguas="$(USE_LINGUAS)"; \ + for lang in $$linguas; do \ + rm -f $(DESTDIR)$(itlocaledir)/$$lang/LC_MESSAGES/$(GETTEXT_PACKAGE).mo; \ + rm -f $(DESTDIR)$(itlocaledir)/$$lang/LC_MESSAGES/$(GETTEXT_PACKAGE).mo.m; \ + done + +check: all $(GETTEXT_PACKAGE).pot + rm -f missing notexist + srcdir=$(srcdir) $(INTLTOOL_UPDATE) -m + if [ -r missing -o -r notexist ]; then \ + exit 1; \ + fi + +mostlyclean: + rm -f *.pox $(GETTEXT_PACKAGE).pot *.old.po cat-id-tbl.tmp + rm -f .intltool-merge-cache + +clean: mostlyclean + +distclean: clean + rm -f Makefile Makefile.in POTFILES stamp-it + rm -f *.mo *.msg *.cat *.cat.m *.gmo + +maintainer-clean: distclean + @echo "This command is intended for maintainers to use;" + @echo "it deletes files that may require special tools to rebuild." + rm -f Makefile.in.in + +distdir = ../$(PACKAGE)-$(VERSION)/$(subdir) +dist distdir: $(DISTFILES) + dists="$(DISTFILES)"; \ + extra_dists="$(EXTRA_DISTFILES)"; \ + for file in $$extra_dists; do \ + test -f $(srcdir)/$$file && dists="$$dists $(srcdir)/$$file"; \ + done; \ + for file in $$dists; do \ + test -f $$file || file="$(srcdir)/$$file"; \ + ln $$file $(distdir) 2> /dev/null \ + || cp -p $$file $(distdir); \ + done + +update-po: Makefile + $(MAKE) $(GETTEXT_PACKAGE).pot + tmpdir=`pwd`; \ + linguas="$(USE_LINGUAS)"; \ + for lang in $$linguas; do \ + echo "$$lang:"; \ + result="`$(MSGMERGE) -o $$tmpdir/$$lang.new.po $$lang`"; \ + if $$result; then \ + if cmp $(srcdir)/$$lang.po $$tmpdir/$$lang.new.po >/dev/null 2>&1; then \ + rm -f $$tmpdir/$$lang.new.po; \ + else \ + if mv -f $$tmpdir/$$lang.new.po $$lang.po; then \ + :; \ + else \ + echo "msgmerge for $$lang.po failed: cannot move $$tmpdir/$$lang.new.po to $$lang.po" 1>&2; \ + rm -f $$tmpdir/$$lang.new.po; \ + exit 1; \ + fi; \ + fi; \ + else \ + echo "msgmerge for $$lang.gmo failed!"; \ + rm -f $$tmpdir/$$lang.new.po; \ + fi; \ + done + +Makefile POTFILES: stamp-it + @if test ! -f $@; then \ + rm -f stamp-it; \ + $(MAKE) stamp-it; \ + fi + +stamp-it: Makefile.in.in $(top_builddir)/config.status POTFILES.in + cd $(top_builddir) \ + && CONFIG_FILES=$(subdir)/Makefile.in CONFIG_HEADERS= CONFIG_LINKS= \ + $(SHELL) ./config.status + +# Tell versions [3.59,3.63) of GNU make not to export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/po/POTFILES.in b/po/POTFILES.in new file mode 100644 index 00000000..02f82554 --- /dev/null +++ b/po/POTFILES.in @@ -0,0 +1,7 @@ +# List of source files containing translatable strings. +# Please keep this file sorted alphabetically. +[encoding: UTF-8] +actions/org.freedesktop.policykit.policy.in +src/examples/org.freedesktop.policykit.examples.pkexec.policy.in +src/polkitbackend/polkitbackendlocalauthority.c +src/programs/pkexec.c diff --git a/po/POTFILES.skip b/po/POTFILES.skip new file mode 100644 index 00000000..845ca067 --- /dev/null +++ b/po/POTFILES.skip @@ -0,0 +1 @@ +.pc diff --git a/po/da.po b/po/da.po new file mode 100644 index 00000000..c8c542b8 --- /dev/null +++ b/po/da.po @@ -0,0 +1,65 @@ +# Danish translations for PolicyKit. +# Copyright (C) 2009 Red Hat, Inc. +# This file is distributed under the same license as the PolicyKit package. +# David Zeuthen , 2009. +# +#, fuzzy +msgid "" +msgstr "" +"Project-Id-Version: DeviceKit-disks\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2011-03-03 13:03-0500\n" +"PO-Revision-Date: 2011-03-03 13:05-0500\n" +"Last-Translator: David Zeuthen \n" +"Language-Team: Danish \n" +"Language: da\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#: ../actions/org.freedesktop.policykit.policy.in.h:1 +msgid "Authentication is required to configure lock down policy" +msgstr "Autorisering er påkrævet for at konfigurer lock down" + +#: ../actions/org.freedesktop.policykit.policy.in.h:2 +msgid "Authentication is required to run a program as another user" +msgstr "Autorisering er påkrævet for at afvikle et program som en anden bruger" + +#: ../actions/org.freedesktop.policykit.policy.in.h:3 +msgid "Configure lock down for an action" +msgstr "Konfigurer lock down for en action" + +#: ../actions/org.freedesktop.policykit.policy.in.h:4 +msgid "Run programs as another user" +msgstr "Kør et program som en anden bruger" + +#: ../src/examples/org.freedesktop.policykit.examples.pkexec.policy.in.h:1 +msgid "" +"Authentication is required to run the PolicyKit example program Frobnicate " +"(user=$(user), program=$(program), command_line=$(command_line))" +msgstr "" +"Autorisering er påkrævet for at afvikle PolicyKit eksemplet Frobnicate (user=" +"$(user), program=$(program), command_line=$(command_line))" + +#: ../src/examples/org.freedesktop.policykit.examples.pkexec.policy.in.h:2 +msgid "Run the PolicyKit example program Frobnicate" +msgstr "Kør PolicyKit eksemplet Frobnicate" + +#. Translators: message shown when trying to run a program as root. Do not +#. * translate the $(program) fragment - it will be expanded to the path +#. * of the program e.g. /bin/bash. +#. +#: ../src/programs/pkexec.c:666 +msgid "Authentication is needed to run `$(program)' as the super user" +msgstr "Autorisering er påkrævet for at afvikle `$(program)' som super bruger" + +#. Translators: message shown when trying to run a program as another user. +#. * Do not translate the $(program) or $(user) fragments - the former will +#. * be expanded to the path of the program e.g. "/bin/bash" and the latter +#. * to the user e.g. "John Doe (johndoe)" or "johndoe". +#. +#: ../src/programs/pkexec.c:676 +msgid "Authentication is needed to run `$(program)' as user $(user)" +msgstr "" +"Autorisering er påkrævet for at afvikle `$(program)' som bruger $(user)" diff --git a/src/Makefile.am b/src/Makefile.am new file mode 100644 index 00000000..28c7bfa8 --- /dev/null +++ b/src/Makefile.am @@ -0,0 +1,9 @@ + +SUBDIRS = polkit polkitbackend polkitagent polkitd nullbackend programs + +if BUILD_EXAMPLES +SUBDIRS += examples +endif + +clean-local : + rm -f *~ diff --git a/src/Makefile.in b/src/Makefile.in new file mode 100644 index 00000000..40be747f --- /dev/null +++ b/src/Makefile.in @@ -0,0 +1,636 @@ +# Makefile.in generated by automake 1.11.3 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software +# Foundation, Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ +VPATH = @srcdir@ +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +@BUILD_EXAMPLES_TRUE@am__append_1 = examples +subdir = src +DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/config.h +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +AM_V_GEN = $(am__v_GEN_@AM_V@) +am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) +am__v_GEN_0 = @echo " GEN " $@; +AM_V_at = $(am__v_at_@AM_V@) +am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) +am__v_at_0 = @ +SOURCES = +DIST_SOURCES = +RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \ + html-recursive info-recursive install-data-recursive \ + install-dvi-recursive install-exec-recursive \ + install-html-recursive install-info-recursive \ + install-pdf-recursive install-ps-recursive install-recursive \ + installcheck-recursive installdirs-recursive pdf-recursive \ + ps-recursive uninstall-recursive +RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \ + distclean-recursive maintainer-clean-recursive +AM_RECURSIVE_TARGETS = $(RECURSIVE_TARGETS:-recursive=) \ + $(RECURSIVE_CLEAN_TARGETS:-recursive=) tags TAGS ctags CTAGS \ + distdir +ETAGS = etags +CTAGS = ctags +DIST_SUBDIRS = polkit polkitbackend polkitagent polkitd nullbackend \ + programs examples +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +am__relativize = \ + dir0=`pwd`; \ + sed_first='s,^\([^/]*\)/.*$$,\1,'; \ + sed_rest='s,^[^/]*/*,,'; \ + sed_last='s,^.*/\([^/]*\)$$,\1,'; \ + sed_butlast='s,/*[^/]*$$,,'; \ + while test -n "$$dir1"; do \ + first=`echo "$$dir1" | sed -e "$$sed_first"`; \ + if test "$$first" != "."; then \ + if test "$$first" = ".."; then \ + dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \ + dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \ + else \ + first2=`echo "$$dir2" | sed -e "$$sed_first"`; \ + if test "$$first2" = "$$first"; then \ + dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \ + else \ + dir2="../$$dir2"; \ + fi; \ + dir0="$$dir0"/"$$first"; \ + fi; \ + fi; \ + dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \ + done; \ + reldir="$$dir2" +ACLOCAL = @ACLOCAL@ +ALL_LINGUAS = @ALL_LINGUAS@ +AMTAR = @AMTAR@ +AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ +AR = @AR@ +AUTH_LIBS = @AUTH_LIBS@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +CATALOGS = @CATALOGS@ +CATOBJEXT = @CATOBJEXT@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DATADIRNAME = @DATADIRNAME@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +EXPAT_LIBS = @EXPAT_LIBS@ +FGREP = @FGREP@ +GETTEXT_PACKAGE = @GETTEXT_PACKAGE@ +GLIB_CFLAGS = @GLIB_CFLAGS@ +GLIB_LIBS = @GLIB_LIBS@ +GMOFILES = @GMOFILES@ +GMSGFMT = @GMSGFMT@ +GREP = @GREP@ +GTKDOC_CHECK = @GTKDOC_CHECK@ +GTKDOC_DEPS_CFLAGS = @GTKDOC_DEPS_CFLAGS@ +GTKDOC_DEPS_LIBS = @GTKDOC_DEPS_LIBS@ +GTKDOC_MKPDF = @GTKDOC_MKPDF@ +GTKDOC_REBASE = @GTKDOC_REBASE@ +HAVE_PAM = @HAVE_PAM@ +HTML_DIR = @HTML_DIR@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +INSTOBJEXT = @INSTOBJEXT@ +INTLLIBS = @INTLLIBS@ +INTLTOOL_EXTRACT = @INTLTOOL_EXTRACT@ +INTLTOOL_MERGE = @INTLTOOL_MERGE@ +INTLTOOL_PERL = @INTLTOOL_PERL@ +INTLTOOL_UPDATE = @INTLTOOL_UPDATE@ +INTLTOOL_V_MERGE = @INTLTOOL_V_MERGE@ +INTLTOOL_V_MERGE_OPTIONS = @INTLTOOL_V_MERGE_OPTIONS@ +INTLTOOL__v_MERGE_ = @INTLTOOL__v_MERGE_@ +INTLTOOL__v_MERGE_0 = @INTLTOOL__v_MERGE_0@ +INTROSPECTION_CFLAGS = @INTROSPECTION_CFLAGS@ +INTROSPECTION_COMPILER = @INTROSPECTION_COMPILER@ +INTROSPECTION_GENERATE = @INTROSPECTION_GENERATE@ +INTROSPECTION_GIRDIR = @INTROSPECTION_GIRDIR@ +INTROSPECTION_LIBS = @INTROSPECTION_LIBS@ +INTROSPECTION_MAKEFILE = @INTROSPECTION_MAKEFILE@ +INTROSPECTION_SCANNER = @INTROSPECTION_SCANNER@ +INTROSPECTION_TYPELIBDIR = @INTROSPECTION_TYPELIBDIR@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +LT_AGE = @LT_AGE@ +LT_CURRENT = @LT_CURRENT@ +LT_REVISION = @LT_REVISION@ +MAINT = @MAINT@ +MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ +MKDIR_P = @MKDIR_P@ +MKINSTALLDIRS = @MKINSTALLDIRS@ +MSGFMT = @MSGFMT@ +MSGFMT_OPTS = @MSGFMT_OPTS@ +MSGMERGE = @MSGMERGE@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PAM_FILE_INCLUDE_ACCOUNT = @PAM_FILE_INCLUDE_ACCOUNT@ +PAM_FILE_INCLUDE_AUTH = @PAM_FILE_INCLUDE_AUTH@ +PAM_FILE_INCLUDE_PASSWORD = @PAM_FILE_INCLUDE_PASSWORD@ +PAM_FILE_INCLUDE_SESSION = @PAM_FILE_INCLUDE_SESSION@ +PAM_MODULE_DIR = @PAM_MODULE_DIR@ +PAM_PREFIX = @PAM_PREFIX@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +POFILES = @POFILES@ +POLKIT_AUTHFW = @POLKIT_AUTHFW@ +POSUB = @POSUB@ +PO_IN_DATADIR_FALSE = @PO_IN_DATADIR_FALSE@ +PO_IN_DATADIR_TRUE = @PO_IN_DATADIR_TRUE@ +RANLIB = @RANLIB@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +STRIP = @STRIP@ +SYSTEMD_CFLAGS = @SYSTEMD_CFLAGS@ +SYSTEMD_LIBS = @SYSTEMD_LIBS@ +USE_NLS = @USE_NLS@ +VERSION = @VERSION@ +XGETTEXT = @XGETTEXT@ +XSLTPROC = @XSLTPROC@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +intltool__v_merge_options_ = @intltool__v_merge_options_@ +intltool__v_merge_options_0 = @intltool__v_merge_options_0@ +libdir = @libdir@ +libexecdir = @libexecdir@ +localedir = @localedir@ +localstatedir = @localstatedir@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +subdirs = @subdirs@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +SUBDIRS = polkit polkitbackend polkitagent polkitd nullbackend \ + programs $(am__append_1) +all: all-recursive + +.SUFFIXES: +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +# This directory's subdirectories are mostly independent; you can cd +# into them and run `make' without going through this Makefile. +# To change the values of `make' variables: instead of editing Makefiles, +# (1) if the variable is set in `config.status', edit `config.status' +# (which will cause the Makefiles to be regenerated when you run `make'); +# (2) otherwise, pass the desired values on the `make' command line. +$(RECURSIVE_TARGETS): + @fail= failcom='exit 1'; \ + for f in x $$MAKEFLAGS; do \ + case $$f in \ + *=* | --[!k]*);; \ + *k*) failcom='fail=yes';; \ + esac; \ + done; \ + dot_seen=no; \ + target=`echo $@ | sed s/-recursive//`; \ + list='$(SUBDIRS)'; for subdir in $$list; do \ + echo "Making $$target in $$subdir"; \ + if test "$$subdir" = "."; then \ + dot_seen=yes; \ + local_target="$$target-am"; \ + else \ + local_target="$$target"; \ + fi; \ + ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ + || eval $$failcom; \ + done; \ + if test "$$dot_seen" = "no"; then \ + $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \ + fi; test -z "$$fail" + +$(RECURSIVE_CLEAN_TARGETS): + @fail= failcom='exit 1'; \ + for f in x $$MAKEFLAGS; do \ + case $$f in \ + *=* | --[!k]*);; \ + *k*) failcom='fail=yes';; \ + esac; \ + done; \ + dot_seen=no; \ + case "$@" in \ + distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \ + *) list='$(SUBDIRS)' ;; \ + esac; \ + rev=''; for subdir in $$list; do \ + if test "$$subdir" = "."; then :; else \ + rev="$$subdir $$rev"; \ + fi; \ + done; \ + rev="$$rev ."; \ + target=`echo $@ | sed s/-recursive//`; \ + for subdir in $$rev; do \ + echo "Making $$target in $$subdir"; \ + if test "$$subdir" = "."; then \ + local_target="$$target-am"; \ + else \ + local_target="$$target"; \ + fi; \ + ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ + || eval $$failcom; \ + done && test -z "$$fail" +tags-recursive: + list='$(SUBDIRS)'; for subdir in $$list; do \ + test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \ + done +ctags-recursive: + list='$(SUBDIRS)'; for subdir in $$list; do \ + test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \ + done + +ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + mkid -fID $$unique +tags: TAGS + +TAGS: tags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + set x; \ + here=`pwd`; \ + if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \ + include_option=--etags-include; \ + empty_fix=.; \ + else \ + include_option=--include; \ + empty_fix=; \ + fi; \ + list='$(SUBDIRS)'; for subdir in $$list; do \ + if test "$$subdir" = .; then :; else \ + test ! -f $$subdir/TAGS || \ + set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \ + fi; \ + done; \ + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: CTAGS +CTAGS: ctags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done + @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ + if test "$$subdir" = .; then :; else \ + test -d "$(distdir)/$$subdir" \ + || $(MKDIR_P) "$(distdir)/$$subdir" \ + || exit 1; \ + fi; \ + done + @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ + if test "$$subdir" = .; then :; else \ + dir1=$$subdir; dir2="$(distdir)/$$subdir"; \ + $(am__relativize); \ + new_distdir=$$reldir; \ + dir1=$$subdir; dir2="$(top_distdir)"; \ + $(am__relativize); \ + new_top_distdir=$$reldir; \ + echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \ + echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \ + ($(am__cd) $$subdir && \ + $(MAKE) $(AM_MAKEFLAGS) \ + top_distdir="$$new_top_distdir" \ + distdir="$$new_distdir" \ + am__remove_distdir=: \ + am__skip_length_check=: \ + am__skip_mode_fix=: \ + distdir) \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-recursive +all-am: Makefile +installdirs: installdirs-recursive +installdirs-am: +install: install-recursive +install-exec: install-exec-recursive +install-data: install-data-recursive +uninstall: uninstall-recursive + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-recursive +install-strip: + if test -z '$(STRIP)'; then \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + install; \ + else \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ + fi +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-recursive + +clean-am: clean-generic clean-libtool clean-local mostlyclean-am + +distclean: distclean-recursive + -rm -f Makefile +distclean-am: clean-am distclean-generic distclean-tags + +dvi: dvi-recursive + +dvi-am: + +html: html-recursive + +html-am: + +info: info-recursive + +info-am: + +install-data-am: + +install-dvi: install-dvi-recursive + +install-dvi-am: + +install-exec-am: + +install-html: install-html-recursive + +install-html-am: + +install-info: install-info-recursive + +install-info-am: + +install-man: + +install-pdf: install-pdf-recursive + +install-pdf-am: + +install-ps: install-ps-recursive + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-recursive + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-recursive + +mostlyclean-am: mostlyclean-generic mostlyclean-libtool + +pdf: pdf-recursive + +pdf-am: + +ps: ps-recursive + +ps-am: + +uninstall-am: + +.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) ctags-recursive \ + install-am install-strip tags-recursive + +.PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \ + all all-am check check-am clean clean-generic clean-libtool \ + clean-local ctags ctags-recursive distclean distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-man install-pdf install-pdf-am \ + install-ps install-ps-am install-strip installcheck \ + installcheck-am installdirs installdirs-am maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-generic \ + mostlyclean-libtool pdf pdf-am ps ps-am tags tags-recursive \ + uninstall uninstall-am + + +clean-local : + rm -f *~ + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/src/examples/Makefile.am b/src/examples/Makefile.am new file mode 100644 index 00000000..88cea72e --- /dev/null +++ b/src/examples/Makefile.am @@ -0,0 +1,66 @@ + +NULL = + +INCLUDES = \ + -I$(top_builddir)/src \ + -I$(top_srcdir)/src \ + -DPACKAGE_LIBEXEC_DIR=\""$(libexecdir)"\" \ + -DPACKAGE_SYSCONF_DIR=\""$(sysconfdir)"\" \ + -DPACKAGE_DATA_DIR=\""$(datadir)"\" \ + -DPACKAGE_BIN_DIR=\""$(bindir)"\" \ + -DPACKAGE_LOCALSTATE_DIR=\""$(localstatedir)"\" \ + -DPACKAGE_LOCALE_DIR=\""$(localedir)"\" \ + -DPACKAGE_LIB_DIR=\""$(libdir)"\" \ + -D_POSIX_PTHREAD_SEMANTICS \ + -D_REENTRANT \ + $(NULL) + +bin_PROGRAMS = +noinst_PROGRAMS = + +# ---------------------------------------------------------------------------------------------------- + +noinst_PROGRAMS += cancel + +cancel_SOURCES = cancel.c + +cancel_CFLAGS = \ + $(GLIB_CFLAGS) \ + $(NULL) + +cancel_LDADD = \ + $(GLIB_LIBS) \ + $(top_builddir)/src/polkit/libpolkit-gobject-1.la \ + $(NULL) + +# ---------------------------------------------------------------------------------------------------- + +bin_PROGRAMS += pk-example-frobnicate + +pk_example_frobnicate_SOURCES = frobnicate.c + +pk_example_frobnicate_CFLAGS = \ + $(GLIB_CFLAGS) \ + $(NULL) + +pk_example_frobnicate_LDADD = \ + $(GLIB_LIBS) \ + $(NULL) + +polkit_actiondir = $(datadir)/polkit-1/actions + +dist_polkit_action_DATA = org.freedesktop.policykit.examples.pkexec.policy + +@INTLTOOL_POLICY_RULE@ + +#check: +# $(top_builddir)/tools/polkit-policy-file-validate-1 $(top_srcdir)/policy/$(dist_polkit_action_DATA) + +DISTCLEANFILES = org.freedesktop.policykit.examples.pkexec.policy + +EXTRA_DIST = org.freedesktop.policykit.examples.pkexec.policy.in + +# ---------------------------------------------------------------------------------------------------- + +clean-local : + rm -f *~ diff --git a/src/examples/Makefile.in b/src/examples/Makefile.in new file mode 100644 index 00000000..e833e0c8 --- /dev/null +++ b/src/examples/Makefile.in @@ -0,0 +1,749 @@ +# Makefile.in generated by automake 1.11.3 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software +# Foundation, Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + + +VPATH = @srcdir@ +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +bin_PROGRAMS = pk-example-frobnicate$(EXEEXT) +noinst_PROGRAMS = cancel$(EXEEXT) +subdir = src/examples +DIST_COMMON = $(dist_polkit_action_DATA) $(srcdir)/Makefile.am \ + $(srcdir)/Makefile.in +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/config.h +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +am__installdirs = "$(DESTDIR)$(bindir)" \ + "$(DESTDIR)$(polkit_actiondir)" +PROGRAMS = $(bin_PROGRAMS) $(noinst_PROGRAMS) +am_cancel_OBJECTS = cancel-cancel.$(OBJEXT) +cancel_OBJECTS = $(am_cancel_OBJECTS) +am__DEPENDENCIES_1 = +cancel_DEPENDENCIES = $(am__DEPENDENCIES_1) \ + $(top_builddir)/src/polkit/libpolkit-gobject-1.la \ + $(am__DEPENDENCIES_1) +AM_V_lt = $(am__v_lt_@AM_V@) +am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) +am__v_lt_0 = --silent +cancel_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(cancel_CFLAGS) $(CFLAGS) \ + $(AM_LDFLAGS) $(LDFLAGS) -o $@ +am_pk_example_frobnicate_OBJECTS = \ + pk_example_frobnicate-frobnicate.$(OBJEXT) +pk_example_frobnicate_OBJECTS = $(am_pk_example_frobnicate_OBJECTS) +pk_example_frobnicate_DEPENDENCIES = $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) +pk_example_frobnicate_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ + $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ + $(pk_example_frobnicate_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ + $(LDFLAGS) -o $@ +DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ + $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ + $(AM_CFLAGS) $(CFLAGS) +AM_V_CC = $(am__v_CC_@AM_V@) +am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) +am__v_CC_0 = @echo " CC " $@; +AM_V_at = $(am__v_at_@AM_V@) +am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) +am__v_at_0 = @ +CCLD = $(CC) +LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(AM_LDFLAGS) $(LDFLAGS) -o $@ +AM_V_CCLD = $(am__v_CCLD_@AM_V@) +am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) +am__v_CCLD_0 = @echo " CCLD " $@; +AM_V_GEN = $(am__v_GEN_@AM_V@) +am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) +am__v_GEN_0 = @echo " GEN " $@; +SOURCES = $(cancel_SOURCES) $(pk_example_frobnicate_SOURCES) +DIST_SOURCES = $(cancel_SOURCES) $(pk_example_frobnicate_SOURCES) +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__uninstall_files_from_dir = { \ + test -z "$$files" \ + || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ + || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ + $(am__cd) "$$dir" && rm -f $$files; }; \ + } +DATA = $(dist_polkit_action_DATA) +ETAGS = etags +CTAGS = ctags +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +ALL_LINGUAS = @ALL_LINGUAS@ +AMTAR = @AMTAR@ +AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ +AR = @AR@ +AUTH_LIBS = @AUTH_LIBS@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +CATALOGS = @CATALOGS@ +CATOBJEXT = @CATOBJEXT@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DATADIRNAME = @DATADIRNAME@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +EXPAT_LIBS = @EXPAT_LIBS@ +FGREP = @FGREP@ +GETTEXT_PACKAGE = @GETTEXT_PACKAGE@ +GLIB_CFLAGS = @GLIB_CFLAGS@ +GLIB_LIBS = @GLIB_LIBS@ +GMOFILES = @GMOFILES@ +GMSGFMT = @GMSGFMT@ +GREP = @GREP@ +GTKDOC_CHECK = @GTKDOC_CHECK@ +GTKDOC_DEPS_CFLAGS = @GTKDOC_DEPS_CFLAGS@ +GTKDOC_DEPS_LIBS = @GTKDOC_DEPS_LIBS@ +GTKDOC_MKPDF = @GTKDOC_MKPDF@ +GTKDOC_REBASE = @GTKDOC_REBASE@ +HAVE_PAM = @HAVE_PAM@ +HTML_DIR = @HTML_DIR@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +INSTOBJEXT = @INSTOBJEXT@ +INTLLIBS = @INTLLIBS@ +INTLTOOL_EXTRACT = @INTLTOOL_EXTRACT@ +INTLTOOL_MERGE = @INTLTOOL_MERGE@ +INTLTOOL_PERL = @INTLTOOL_PERL@ +INTLTOOL_UPDATE = @INTLTOOL_UPDATE@ +INTLTOOL_V_MERGE = @INTLTOOL_V_MERGE@ +INTLTOOL_V_MERGE_OPTIONS = @INTLTOOL_V_MERGE_OPTIONS@ +INTLTOOL__v_MERGE_ = @INTLTOOL__v_MERGE_@ +INTLTOOL__v_MERGE_0 = @INTLTOOL__v_MERGE_0@ +INTROSPECTION_CFLAGS = @INTROSPECTION_CFLAGS@ +INTROSPECTION_COMPILER = @INTROSPECTION_COMPILER@ +INTROSPECTION_GENERATE = @INTROSPECTION_GENERATE@ +INTROSPECTION_GIRDIR = @INTROSPECTION_GIRDIR@ +INTROSPECTION_LIBS = @INTROSPECTION_LIBS@ +INTROSPECTION_MAKEFILE = @INTROSPECTION_MAKEFILE@ +INTROSPECTION_SCANNER = @INTROSPECTION_SCANNER@ +INTROSPECTION_TYPELIBDIR = @INTROSPECTION_TYPELIBDIR@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +LT_AGE = @LT_AGE@ +LT_CURRENT = @LT_CURRENT@ +LT_REVISION = @LT_REVISION@ +MAINT = @MAINT@ +MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ +MKDIR_P = @MKDIR_P@ +MKINSTALLDIRS = @MKINSTALLDIRS@ +MSGFMT = @MSGFMT@ +MSGFMT_OPTS = @MSGFMT_OPTS@ +MSGMERGE = @MSGMERGE@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PAM_FILE_INCLUDE_ACCOUNT = @PAM_FILE_INCLUDE_ACCOUNT@ +PAM_FILE_INCLUDE_AUTH = @PAM_FILE_INCLUDE_AUTH@ +PAM_FILE_INCLUDE_PASSWORD = @PAM_FILE_INCLUDE_PASSWORD@ +PAM_FILE_INCLUDE_SESSION = @PAM_FILE_INCLUDE_SESSION@ +PAM_MODULE_DIR = @PAM_MODULE_DIR@ +PAM_PREFIX = @PAM_PREFIX@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +POFILES = @POFILES@ +POLKIT_AUTHFW = @POLKIT_AUTHFW@ +POSUB = @POSUB@ +PO_IN_DATADIR_FALSE = @PO_IN_DATADIR_FALSE@ +PO_IN_DATADIR_TRUE = @PO_IN_DATADIR_TRUE@ +RANLIB = @RANLIB@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +STRIP = @STRIP@ +SYSTEMD_CFLAGS = @SYSTEMD_CFLAGS@ +SYSTEMD_LIBS = @SYSTEMD_LIBS@ +USE_NLS = @USE_NLS@ +VERSION = @VERSION@ +XGETTEXT = @XGETTEXT@ +XSLTPROC = @XSLTPROC@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +intltool__v_merge_options_ = @intltool__v_merge_options_@ +intltool__v_merge_options_0 = @intltool__v_merge_options_0@ +libdir = @libdir@ +libexecdir = @libexecdir@ +localedir = @localedir@ +localstatedir = @localstatedir@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +subdirs = @subdirs@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +NULL = +INCLUDES = \ + -I$(top_builddir)/src \ + -I$(top_srcdir)/src \ + -DPACKAGE_LIBEXEC_DIR=\""$(libexecdir)"\" \ + -DPACKAGE_SYSCONF_DIR=\""$(sysconfdir)"\" \ + -DPACKAGE_DATA_DIR=\""$(datadir)"\" \ + -DPACKAGE_BIN_DIR=\""$(bindir)"\" \ + -DPACKAGE_LOCALSTATE_DIR=\""$(localstatedir)"\" \ + -DPACKAGE_LOCALE_DIR=\""$(localedir)"\" \ + -DPACKAGE_LIB_DIR=\""$(libdir)"\" \ + -D_POSIX_PTHREAD_SEMANTICS \ + -D_REENTRANT \ + $(NULL) + +cancel_SOURCES = cancel.c +cancel_CFLAGS = \ + $(GLIB_CFLAGS) \ + $(NULL) + +cancel_LDADD = \ + $(GLIB_LIBS) \ + $(top_builddir)/src/polkit/libpolkit-gobject-1.la \ + $(NULL) + +pk_example_frobnicate_SOURCES = frobnicate.c +pk_example_frobnicate_CFLAGS = \ + $(GLIB_CFLAGS) \ + $(NULL) + +pk_example_frobnicate_LDADD = \ + $(GLIB_LIBS) \ + $(NULL) + +polkit_actiondir = $(datadir)/polkit-1/actions +dist_polkit_action_DATA = org.freedesktop.policykit.examples.pkexec.policy + +#check: +# $(top_builddir)/tools/polkit-policy-file-validate-1 $(top_srcdir)/policy/$(dist_polkit_action_DATA) +DISTCLEANFILES = org.freedesktop.policykit.examples.pkexec.policy +EXTRA_DIST = org.freedesktop.policykit.examples.pkexec.policy.in +all: all-am + +.SUFFIXES: +.SUFFIXES: .c .lo .o .obj +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/examples/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/examples/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): +install-binPROGRAMS: $(bin_PROGRAMS) + @$(NORMAL_INSTALL) + test -z "$(bindir)" || $(MKDIR_P) "$(DESTDIR)$(bindir)" + @list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \ + for p in $$list; do echo "$$p $$p"; done | \ + sed 's/$(EXEEXT)$$//' | \ + while read p p1; do if test -f $$p || test -f $$p1; \ + then echo "$$p"; echo "$$p"; else :; fi; \ + done | \ + sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \ + -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \ + sed 'N;N;N;s,\n, ,g' | \ + $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \ + { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ + if ($$2 == $$4) files[d] = files[d] " " $$1; \ + else { print "f", $$3 "/" $$4, $$1; } } \ + END { for (d in files) print "f", d, files[d] }' | \ + while read type dir files; do \ + if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ + test -z "$$files" || { \ + echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(bindir)$$dir'"; \ + $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(bindir)$$dir" || exit $$?; \ + } \ + ; done + +uninstall-binPROGRAMS: + @$(NORMAL_UNINSTALL) + @list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \ + files=`for p in $$list; do echo "$$p"; done | \ + sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \ + -e 's/$$/$(EXEEXT)/' `; \ + test -n "$$list" || exit 0; \ + echo " ( cd '$(DESTDIR)$(bindir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(bindir)" && rm -f $$files + +clean-binPROGRAMS: + @list='$(bin_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list + +clean-noinstPROGRAMS: + @list='$(noinst_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list +cancel$(EXEEXT): $(cancel_OBJECTS) $(cancel_DEPENDENCIES) $(EXTRA_cancel_DEPENDENCIES) + @rm -f cancel$(EXEEXT) + $(AM_V_CCLD)$(cancel_LINK) $(cancel_OBJECTS) $(cancel_LDADD) $(LIBS) +pk-example-frobnicate$(EXEEXT): $(pk_example_frobnicate_OBJECTS) $(pk_example_frobnicate_DEPENDENCIES) $(EXTRA_pk_example_frobnicate_DEPENDENCIES) + @rm -f pk-example-frobnicate$(EXEEXT) + $(AM_V_CCLD)$(pk_example_frobnicate_LINK) $(pk_example_frobnicate_OBJECTS) $(pk_example_frobnicate_LDADD) $(LIBS) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + +distclean-compile: + -rm -f *.tab.c + +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cancel-cancel.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pk_example_frobnicate-frobnicate.Po@am__quote@ + +.c.o: +@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $< + +.c.obj: +@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'` + +.c.lo: +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< + +cancel-cancel.o: cancel.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(cancel_CFLAGS) $(CFLAGS) -MT cancel-cancel.o -MD -MP -MF $(DEPDIR)/cancel-cancel.Tpo -c -o cancel-cancel.o `test -f 'cancel.c' || echo '$(srcdir)/'`cancel.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/cancel-cancel.Tpo $(DEPDIR)/cancel-cancel.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='cancel.c' object='cancel-cancel.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(cancel_CFLAGS) $(CFLAGS) -c -o cancel-cancel.o `test -f 'cancel.c' || echo '$(srcdir)/'`cancel.c + +cancel-cancel.obj: cancel.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(cancel_CFLAGS) $(CFLAGS) -MT cancel-cancel.obj -MD -MP -MF $(DEPDIR)/cancel-cancel.Tpo -c -o cancel-cancel.obj `if test -f 'cancel.c'; then $(CYGPATH_W) 'cancel.c'; else $(CYGPATH_W) '$(srcdir)/cancel.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/cancel-cancel.Tpo $(DEPDIR)/cancel-cancel.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='cancel.c' object='cancel-cancel.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(cancel_CFLAGS) $(CFLAGS) -c -o cancel-cancel.obj `if test -f 'cancel.c'; then $(CYGPATH_W) 'cancel.c'; else $(CYGPATH_W) '$(srcdir)/cancel.c'; fi` + +pk_example_frobnicate-frobnicate.o: frobnicate.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pk_example_frobnicate_CFLAGS) $(CFLAGS) -MT pk_example_frobnicate-frobnicate.o -MD -MP -MF $(DEPDIR)/pk_example_frobnicate-frobnicate.Tpo -c -o pk_example_frobnicate-frobnicate.o `test -f 'frobnicate.c' || echo '$(srcdir)/'`frobnicate.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/pk_example_frobnicate-frobnicate.Tpo $(DEPDIR)/pk_example_frobnicate-frobnicate.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='frobnicate.c' object='pk_example_frobnicate-frobnicate.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pk_example_frobnicate_CFLAGS) $(CFLAGS) -c -o pk_example_frobnicate-frobnicate.o `test -f 'frobnicate.c' || echo '$(srcdir)/'`frobnicate.c + +pk_example_frobnicate-frobnicate.obj: frobnicate.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pk_example_frobnicate_CFLAGS) $(CFLAGS) -MT pk_example_frobnicate-frobnicate.obj -MD -MP -MF $(DEPDIR)/pk_example_frobnicate-frobnicate.Tpo -c -o pk_example_frobnicate-frobnicate.obj `if test -f 'frobnicate.c'; then $(CYGPATH_W) 'frobnicate.c'; else $(CYGPATH_W) '$(srcdir)/frobnicate.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/pk_example_frobnicate-frobnicate.Tpo $(DEPDIR)/pk_example_frobnicate-frobnicate.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='frobnicate.c' object='pk_example_frobnicate-frobnicate.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pk_example_frobnicate_CFLAGS) $(CFLAGS) -c -o pk_example_frobnicate-frobnicate.obj `if test -f 'frobnicate.c'; then $(CYGPATH_W) 'frobnicate.c'; else $(CYGPATH_W) '$(srcdir)/frobnicate.c'; fi` + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs +install-dist_polkit_actionDATA: $(dist_polkit_action_DATA) + @$(NORMAL_INSTALL) + test -z "$(polkit_actiondir)" || $(MKDIR_P) "$(DESTDIR)$(polkit_actiondir)" + @list='$(dist_polkit_action_DATA)'; test -n "$(polkit_actiondir)" || list=; \ + for p in $$list; do \ + if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; \ + done | $(am__base_list) | \ + while read files; do \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(polkit_actiondir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(polkit_actiondir)" || exit $$?; \ + done + +uninstall-dist_polkit_actionDATA: + @$(NORMAL_UNINSTALL) + @list='$(dist_polkit_action_DATA)'; test -n "$(polkit_actiondir)" || list=; \ + files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ + dir='$(DESTDIR)$(polkit_actiondir)'; $(am__uninstall_files_from_dir) + +ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + mkid -fID $$unique +tags: TAGS + +TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + set x; \ + here=`pwd`; \ + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: CTAGS +CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile $(PROGRAMS) $(DATA) +installdirs: + for dir in "$(DESTDIR)$(bindir)" "$(DESTDIR)$(polkit_actiondir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + if test -z '$(STRIP)'; then \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + install; \ + else \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ + fi +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + -test -z "$(DISTCLEANFILES)" || rm -f $(DISTCLEANFILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-binPROGRAMS clean-generic clean-libtool clean-local \ + clean-noinstPROGRAMS mostlyclean-am + +distclean: distclean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-tags + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: install-dist_polkit_actionDATA + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: install-binPROGRAMS + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-binPROGRAMS uninstall-dist_polkit_actionDATA + +.MAKE: install-am install-strip + +.PHONY: CTAGS GTAGS all all-am check check-am clean clean-binPROGRAMS \ + clean-generic clean-libtool clean-local clean-noinstPROGRAMS \ + ctags distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-binPROGRAMS \ + install-data install-data-am install-dist_polkit_actionDATA \ + install-dvi install-dvi-am install-exec install-exec-am \ + install-html install-html-am install-info install-info-am \ + install-man install-pdf install-pdf-am install-ps \ + install-ps-am install-strip installcheck installcheck-am \ + installdirs maintainer-clean maintainer-clean-generic \ + mostlyclean mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool pdf pdf-am ps ps-am tags uninstall \ + uninstall-am uninstall-binPROGRAMS \ + uninstall-dist_polkit_actionDATA + + +@INTLTOOL_POLICY_RULE@ + +# ---------------------------------------------------------------------------------------------------- + +clean-local : + rm -f *~ + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/src/examples/cancel.c b/src/examples/cancel.c new file mode 100644 index 00000000..8de5cd3c --- /dev/null +++ b/src/examples/cancel.c @@ -0,0 +1,158 @@ +/* + * Copyright (C) 2009 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, write to the + * Free Software Foundation, Inc., 59 Temple Place, Suite 330, + * Boston, MA 02111-1307, USA. + * + * Author: David Zeuthen + */ + +/* Simple example that shows how to check for an authorization + * including cancelling the check. + * + * Cancelling an authorization check is desirable in situations where + * the object/action to check for vanishes. + * + * One concrete example of this is a disks service in which the user + * needs to authenticate to modify a disk. If the disk is removed + * while the authentication dialog is shown, the disks service should + * cancel the authorization check. A side effect of this, is that the + * authentication dialog is removed. + */ + +#include + +static gboolean +on_tensec_timeout (gpointer user_data) +{ + GMainLoop *loop = user_data; + g_print ("Ten seconds has passed. Now exiting.\n"); + g_main_loop_quit (loop); + return FALSE; +} + +static void +check_authorization_cb (PolkitAuthority *authority, + GAsyncResult *res, + gpointer user_data) +{ + GMainLoop *loop = user_data; + PolkitAuthorizationResult *result; + GError *error; + + error = NULL; + result = polkit_authority_check_authorization_finish (authority, res, &error); + if (error != NULL) + { + g_print ("Error checking authorization: %s\n", error->message); + g_error_free (error); + } + else + { + const gchar *result_str; + if (polkit_authorization_result_get_is_authorized (result)) + { + result_str = "authorized"; + } + else if (polkit_authorization_result_get_is_challenge (result)) + { + result_str = "challenge"; + } + else + { + result_str = "not authorized"; + } + + g_print ("Authorization result: %s\n", result_str); + } + + g_print ("Authorization check has been cancelled and the dialog should now be hidden.\n" + "This process will exit in ten seconds.\n"); + g_timeout_add (10000, on_tensec_timeout, loop); +} + +static gboolean +do_cancel (GCancellable *cancellable) +{ + g_print ("Timer has expired; cancelling authorization check\n"); + g_cancellable_cancel (cancellable); + return FALSE; +} + +int +main (int argc, char *argv[]) +{ + pid_t parent_pid; + const gchar *action_id; + GMainLoop *loop; + PolkitSubject *subject; + PolkitAuthority *authority; + GCancellable *cancellable; + + g_type_init (); + + if (argc != 2) + { + g_printerr ("usage: %s \n", argv[0]); + return 1; + } + action_id = argv[1]; + + loop = g_main_loop_new (NULL, FALSE); + + authority = polkit_authority_get_sync (NULL, NULL); + + /* Typically mechanisms will use a PolkitSystemBusName since most + * clients communicate with the mechanism via D-Bus. However for + * this simple example we use the process id of the calling process. + * + * Note that if the parent was reaped we have to be careful not to + * check if init(1) is authorized (it always is). + */ + parent_pid = getppid (); + if (parent_pid == 1) + { + g_printerr ("Parent process was reaped by init(1)\n"); + return 1; + } + subject = polkit_unix_process_new (parent_pid); + + cancellable = g_cancellable_new (); + + g_print ("Will cancel authorization check in 10 seconds\n"); + + /* Set up a 10 second timer to cancel the check */ + g_timeout_add (10 * 1000, + (GSourceFunc) do_cancel, + cancellable); + + polkit_authority_check_authorization (authority, + subject, + action_id, + NULL, /* PolkitDetails */ + POLKIT_CHECK_AUTHORIZATION_FLAGS_ALLOW_USER_INTERACTION, + cancellable, + (GAsyncReadyCallback) check_authorization_cb, + loop); + + g_main_loop_run (loop); + + g_object_unref (authority); + g_object_unref (subject); + g_object_unref (cancellable); + g_main_loop_unref (loop); + + return 0; +} diff --git a/src/examples/frobnicate.c b/src/examples/frobnicate.c new file mode 100644 index 00000000..7ca6c462 --- /dev/null +++ b/src/examples/frobnicate.c @@ -0,0 +1,82 @@ +/* + * Copyright (C) 2009 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, write to the + * Free Software Foundation, Inc., 59 Temple Place, Suite 330, + * Boston, MA 02111-1307, USA. + * + * Author: David Zeuthen + */ + +#define _GNU_SOURCE +#include +#include +#include +#include +#include + +int +main (int argc, char *argv[]) +{ + gchar *args; + gchar **env; + guint n; + int ret; +#ifdef __GLIBC__ + gchar *cwd = NULL; +#else + gchar cwd[PATH_MAX]; +#endif + + ret = 1; + args = NULL; + env = NULL; + +#ifdef __GLIBC__ + if ((cwd = get_current_dir_name ()) == NULL) +#else + if (getcwd (cwd, sizeof cwd) == NULL) +#endif + { + g_printerr ("Error getting cwd: %s\n", g_strerror (errno)); + goto out; + } + + args = g_strjoinv (" ", argv); + + g_print ("In pk-example-frobnicate\n"); + g_print ("uid: %d\n", getuid ()); + g_print ("euid: %d\n", geteuid ()); + g_print ("args: `%s'\n", args); + g_print ("cwd: %s\n", cwd); + g_print ("environment:\n"); + + env = g_listenv (); + for (n = 0; env[n] != NULL; n++) + { + g_print (" %s=%s\n", env[n], g_getenv (env[n])); + } + + ret = 0; + + out: + +#ifdef __GLIBC__ + free (cwd); +#endif + g_free (args); + g_strfreev (env); + + return ret; +} diff --git a/src/examples/org.freedesktop.policykit.examples.pkexec.policy b/src/examples/org.freedesktop.policykit.examples.pkexec.policy new file mode 100644 index 00000000..eaffcfe8 --- /dev/null +++ b/src/examples/org.freedesktop.policykit.examples.pkexec.policy @@ -0,0 +1,24 @@ + + + + + Examples for the PolicyKit Project + http://hal.freedesktop.org/docs/PolicyKit/ + + + Run the PolicyKit example program Frobnicate + Kør PolicyKit eksemplet Frobnicate + Authentication is required to run the PolicyKit example program Frobnicate (user=$(user), program=$(program), command_line=$(command_line)) + Autorisering er påkrævet for at afvikle PolicyKit eksemplet Frobnicate (user=$(user), program=$(program), command_line=$(command_line)) + audio-x-generic + + no + no + auth_self_keep + + /usr/bin/pk-example-frobnicate + + + \ No newline at end of file diff --git a/src/examples/org.freedesktop.policykit.examples.pkexec.policy.in b/src/examples/org.freedesktop.policykit.examples.pkexec.policy.in new file mode 100644 index 00000000..9c05b772 --- /dev/null +++ b/src/examples/org.freedesktop.policykit.examples.pkexec.policy.in @@ -0,0 +1,22 @@ + + + + + Examples for the PolicyKit Project + http://hal.freedesktop.org/docs/PolicyKit/ + + + <_description>Run the PolicyKit example program Frobnicate + <_message>Authentication is required to run the PolicyKit example program Frobnicate (user=$(user), program=$(program), command_line=$(command_line)) + audio-x-generic + + no + no + auth_self_keep + + /usr/bin/pk-example-frobnicate + + + diff --git a/src/nullbackend/50-nullbackend.conf b/src/nullbackend/50-nullbackend.conf new file mode 100644 index 00000000..34976777 --- /dev/null +++ b/src/nullbackend/50-nullbackend.conf @@ -0,0 +1,16 @@ +# +# Configuration file for the PolicyKit null backend. +# +# DO NOT EDIT THIS FILE, it will be overwritten on update. +# +# To change configuration, create another file in this directory with +# a filename that is sorted after the 50-nullback.conf and make +# sure it has the .conf extension. +# +# Only a single configuration item, Priority, is supported. +# +# See the PolicyKit documentation for more information about PolicyKit. +# + +[Configuration] +Priority=-10 diff --git a/src/nullbackend/Makefile.am b/src/nullbackend/Makefile.am new file mode 100644 index 00000000..c683818e --- /dev/null +++ b/src/nullbackend/Makefile.am @@ -0,0 +1,50 @@ + +NULL = + +module_flags = -export_dynamic -avoid-version -module -no-undefined -export-symbols-regex '^g_io_module_(load|unload)' + +INCLUDES = \ + -I$(top_builddir)/src \ + -I$(top_srcdir)/src \ + -DPACKAGE_LIBEXEC_DIR=\""$(libexecdir)"\" \ + -DPACKAGE_SYSCONF_DIR=\""$(sysconfdir)"\" \ + -DPACKAGE_DATA_DIR=\""$(datadir)"\" \ + -DPACKAGE_BIN_DIR=\""$(bindir)"\" \ + -DPACKAGE_LOCALSTATE_DIR=\""$(localstatedir)"\" \ + -DPACKAGE_LOCALE_DIR=\""$(localedir)"\" \ + -DPACKAGE_LIB_DIR=\""$(libdir)"\" \ + -D_POSIX_PTHREAD_SEMANTICS \ + -D_REENTRANT \ + -D_POLKIT_BACKEND_COMPILATION \ + $(NULL) + +polkitmodulesdir = $(libdir)/polkit-1/extensions +polkitmodules_LTLIBRARIES = libnullbackend.la + +libnullbackend_la_SOURCES = \ + nullbackend.c \ + polkitbackendnullauthority.c polkitbackendnullauthority.h \ + $(NULL) + +libnullbackend_la_CFLAGS = \ + -DPOLKIT_BACKEND_I_KNOW_API_IS_SUBJECT_TO_CHANGE \ + -DG_LOG_DOMAIN=\"PolkitNullBackend\" \ + $(GLIB_CFLAGS) \ + $(NULL) + +libnullbackend_la_LDFLAGS = \ + $(module_flags) \ + $(GLIB_LIBS) \ + $(top_builddir)/src/polkitbackend/libpolkit-backend-1.la \ + $(NULL) + +libnullbackend_la_LIBADD = \ + $(NULL) + +nullconfigdir = $(sysconfdir)/polkit-1/nullbackend.conf.d +nullconfig_DATA = 50-nullbackend.conf + +EXTRA_DIST = $(nullconfig_DATA) + +clean-local : + rm -f *~ diff --git a/src/nullbackend/Makefile.in b/src/nullbackend/Makefile.in new file mode 100644 index 00000000..0f6f4656 --- /dev/null +++ b/src/nullbackend/Makefile.in @@ -0,0 +1,698 @@ +# Makefile.in generated by automake 1.11.3 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software +# Foundation, Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + + +VPATH = @srcdir@ +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +subdir = src/nullbackend +DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/config.h +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__uninstall_files_from_dir = { \ + test -z "$$files" \ + || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ + || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ + $(am__cd) "$$dir" && rm -f $$files; }; \ + } +am__installdirs = "$(DESTDIR)$(polkitmodulesdir)" \ + "$(DESTDIR)$(nullconfigdir)" +LTLIBRARIES = $(polkitmodules_LTLIBRARIES) +am__DEPENDENCIES_1 = +libnullbackend_la_DEPENDENCIES = $(am__DEPENDENCIES_1) +am__objects_1 = +am_libnullbackend_la_OBJECTS = libnullbackend_la-nullbackend.lo \ + libnullbackend_la-polkitbackendnullauthority.lo \ + $(am__objects_1) +libnullbackend_la_OBJECTS = $(am_libnullbackend_la_OBJECTS) +AM_V_lt = $(am__v_lt_@AM_V@) +am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) +am__v_lt_0 = --silent +libnullbackend_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ + $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ + $(libnullbackend_la_CFLAGS) $(CFLAGS) \ + $(libnullbackend_la_LDFLAGS) $(LDFLAGS) -o $@ +DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ + $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ + $(AM_CFLAGS) $(CFLAGS) +AM_V_CC = $(am__v_CC_@AM_V@) +am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) +am__v_CC_0 = @echo " CC " $@; +AM_V_at = $(am__v_at_@AM_V@) +am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) +am__v_at_0 = @ +CCLD = $(CC) +LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(AM_LDFLAGS) $(LDFLAGS) -o $@ +AM_V_CCLD = $(am__v_CCLD_@AM_V@) +am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) +am__v_CCLD_0 = @echo " CCLD " $@; +AM_V_GEN = $(am__v_GEN_@AM_V@) +am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) +am__v_GEN_0 = @echo " GEN " $@; +SOURCES = $(libnullbackend_la_SOURCES) +DIST_SOURCES = $(libnullbackend_la_SOURCES) +DATA = $(nullconfig_DATA) +ETAGS = etags +CTAGS = ctags +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +ALL_LINGUAS = @ALL_LINGUAS@ +AMTAR = @AMTAR@ +AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ +AR = @AR@ +AUTH_LIBS = @AUTH_LIBS@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +CATALOGS = @CATALOGS@ +CATOBJEXT = @CATOBJEXT@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DATADIRNAME = @DATADIRNAME@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +EXPAT_LIBS = @EXPAT_LIBS@ +FGREP = @FGREP@ +GETTEXT_PACKAGE = @GETTEXT_PACKAGE@ +GLIB_CFLAGS = @GLIB_CFLAGS@ +GLIB_LIBS = @GLIB_LIBS@ +GMOFILES = @GMOFILES@ +GMSGFMT = @GMSGFMT@ +GREP = @GREP@ +GTKDOC_CHECK = @GTKDOC_CHECK@ +GTKDOC_DEPS_CFLAGS = @GTKDOC_DEPS_CFLAGS@ +GTKDOC_DEPS_LIBS = @GTKDOC_DEPS_LIBS@ +GTKDOC_MKPDF = @GTKDOC_MKPDF@ +GTKDOC_REBASE = @GTKDOC_REBASE@ +HAVE_PAM = @HAVE_PAM@ +HTML_DIR = @HTML_DIR@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +INSTOBJEXT = @INSTOBJEXT@ +INTLLIBS = @INTLLIBS@ +INTLTOOL_EXTRACT = @INTLTOOL_EXTRACT@ +INTLTOOL_MERGE = @INTLTOOL_MERGE@ +INTLTOOL_PERL = @INTLTOOL_PERL@ +INTLTOOL_UPDATE = @INTLTOOL_UPDATE@ +INTLTOOL_V_MERGE = @INTLTOOL_V_MERGE@ +INTLTOOL_V_MERGE_OPTIONS = @INTLTOOL_V_MERGE_OPTIONS@ +INTLTOOL__v_MERGE_ = @INTLTOOL__v_MERGE_@ +INTLTOOL__v_MERGE_0 = @INTLTOOL__v_MERGE_0@ +INTROSPECTION_CFLAGS = @INTROSPECTION_CFLAGS@ +INTROSPECTION_COMPILER = @INTROSPECTION_COMPILER@ +INTROSPECTION_GENERATE = @INTROSPECTION_GENERATE@ +INTROSPECTION_GIRDIR = @INTROSPECTION_GIRDIR@ +INTROSPECTION_LIBS = @INTROSPECTION_LIBS@ +INTROSPECTION_MAKEFILE = @INTROSPECTION_MAKEFILE@ +INTROSPECTION_SCANNER = @INTROSPECTION_SCANNER@ +INTROSPECTION_TYPELIBDIR = @INTROSPECTION_TYPELIBDIR@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +LT_AGE = @LT_AGE@ +LT_CURRENT = @LT_CURRENT@ +LT_REVISION = @LT_REVISION@ +MAINT = @MAINT@ +MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ +MKDIR_P = @MKDIR_P@ +MKINSTALLDIRS = @MKINSTALLDIRS@ +MSGFMT = @MSGFMT@ +MSGFMT_OPTS = @MSGFMT_OPTS@ +MSGMERGE = @MSGMERGE@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PAM_FILE_INCLUDE_ACCOUNT = @PAM_FILE_INCLUDE_ACCOUNT@ +PAM_FILE_INCLUDE_AUTH = @PAM_FILE_INCLUDE_AUTH@ +PAM_FILE_INCLUDE_PASSWORD = @PAM_FILE_INCLUDE_PASSWORD@ +PAM_FILE_INCLUDE_SESSION = @PAM_FILE_INCLUDE_SESSION@ +PAM_MODULE_DIR = @PAM_MODULE_DIR@ +PAM_PREFIX = @PAM_PREFIX@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +POFILES = @POFILES@ +POLKIT_AUTHFW = @POLKIT_AUTHFW@ +POSUB = @POSUB@ +PO_IN_DATADIR_FALSE = @PO_IN_DATADIR_FALSE@ +PO_IN_DATADIR_TRUE = @PO_IN_DATADIR_TRUE@ +RANLIB = @RANLIB@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +STRIP = @STRIP@ +SYSTEMD_CFLAGS = @SYSTEMD_CFLAGS@ +SYSTEMD_LIBS = @SYSTEMD_LIBS@ +USE_NLS = @USE_NLS@ +VERSION = @VERSION@ +XGETTEXT = @XGETTEXT@ +XSLTPROC = @XSLTPROC@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +intltool__v_merge_options_ = @intltool__v_merge_options_@ +intltool__v_merge_options_0 = @intltool__v_merge_options_0@ +libdir = @libdir@ +libexecdir = @libexecdir@ +localedir = @localedir@ +localstatedir = @localstatedir@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +subdirs = @subdirs@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +NULL = +module_flags = -export_dynamic -avoid-version -module -no-undefined -export-symbols-regex '^g_io_module_(load|unload)' +INCLUDES = \ + -I$(top_builddir)/src \ + -I$(top_srcdir)/src \ + -DPACKAGE_LIBEXEC_DIR=\""$(libexecdir)"\" \ + -DPACKAGE_SYSCONF_DIR=\""$(sysconfdir)"\" \ + -DPACKAGE_DATA_DIR=\""$(datadir)"\" \ + -DPACKAGE_BIN_DIR=\""$(bindir)"\" \ + -DPACKAGE_LOCALSTATE_DIR=\""$(localstatedir)"\" \ + -DPACKAGE_LOCALE_DIR=\""$(localedir)"\" \ + -DPACKAGE_LIB_DIR=\""$(libdir)"\" \ + -D_POSIX_PTHREAD_SEMANTICS \ + -D_REENTRANT \ + -D_POLKIT_BACKEND_COMPILATION \ + $(NULL) + +polkitmodulesdir = $(libdir)/polkit-1/extensions +polkitmodules_LTLIBRARIES = libnullbackend.la +libnullbackend_la_SOURCES = \ + nullbackend.c \ + polkitbackendnullauthority.c polkitbackendnullauthority.h \ + $(NULL) + +libnullbackend_la_CFLAGS = \ + -DPOLKIT_BACKEND_I_KNOW_API_IS_SUBJECT_TO_CHANGE \ + -DG_LOG_DOMAIN=\"PolkitNullBackend\" \ + $(GLIB_CFLAGS) \ + $(NULL) + +libnullbackend_la_LDFLAGS = \ + $(module_flags) \ + $(GLIB_LIBS) \ + $(top_builddir)/src/polkitbackend/libpolkit-backend-1.la \ + $(NULL) + +libnullbackend_la_LIBADD = \ + $(NULL) + +nullconfigdir = $(sysconfdir)/polkit-1/nullbackend.conf.d +nullconfig_DATA = 50-nullbackend.conf +EXTRA_DIST = $(nullconfig_DATA) +all: all-am + +.SUFFIXES: +.SUFFIXES: .c .lo .o .obj +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/nullbackend/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/nullbackend/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): +install-polkitmodulesLTLIBRARIES: $(polkitmodules_LTLIBRARIES) + @$(NORMAL_INSTALL) + test -z "$(polkitmodulesdir)" || $(MKDIR_P) "$(DESTDIR)$(polkitmodulesdir)" + @list='$(polkitmodules_LTLIBRARIES)'; test -n "$(polkitmodulesdir)" || list=; \ + list2=; for p in $$list; do \ + if test -f $$p; then \ + list2="$$list2 $$p"; \ + else :; fi; \ + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(polkitmodulesdir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(polkitmodulesdir)"; \ + } + +uninstall-polkitmodulesLTLIBRARIES: + @$(NORMAL_UNINSTALL) + @list='$(polkitmodules_LTLIBRARIES)'; test -n "$(polkitmodulesdir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(polkitmodulesdir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(polkitmodulesdir)/$$f"; \ + done + +clean-polkitmodulesLTLIBRARIES: + -test -z "$(polkitmodules_LTLIBRARIES)" || rm -f $(polkitmodules_LTLIBRARIES) + @list='$(polkitmodules_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done +libnullbackend.la: $(libnullbackend_la_OBJECTS) $(libnullbackend_la_DEPENDENCIES) $(EXTRA_libnullbackend_la_DEPENDENCIES) + $(AM_V_CCLD)$(libnullbackend_la_LINK) -rpath $(polkitmodulesdir) $(libnullbackend_la_OBJECTS) $(libnullbackend_la_LIBADD) $(LIBS) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + +distclean-compile: + -rm -f *.tab.c + +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libnullbackend_la-nullbackend.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libnullbackend_la-polkitbackendnullauthority.Plo@am__quote@ + +.c.o: +@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $< + +.c.obj: +@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'` + +.c.lo: +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< + +libnullbackend_la-nullbackend.lo: nullbackend.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libnullbackend_la_CFLAGS) $(CFLAGS) -MT libnullbackend_la-nullbackend.lo -MD -MP -MF $(DEPDIR)/libnullbackend_la-nullbackend.Tpo -c -o libnullbackend_la-nullbackend.lo `test -f 'nullbackend.c' || echo '$(srcdir)/'`nullbackend.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libnullbackend_la-nullbackend.Tpo $(DEPDIR)/libnullbackend_la-nullbackend.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='nullbackend.c' object='libnullbackend_la-nullbackend.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libnullbackend_la_CFLAGS) $(CFLAGS) -c -o libnullbackend_la-nullbackend.lo `test -f 'nullbackend.c' || echo '$(srcdir)/'`nullbackend.c + +libnullbackend_la-polkitbackendnullauthority.lo: polkitbackendnullauthority.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libnullbackend_la_CFLAGS) $(CFLAGS) -MT libnullbackend_la-polkitbackendnullauthority.lo -MD -MP -MF $(DEPDIR)/libnullbackend_la-polkitbackendnullauthority.Tpo -c -o libnullbackend_la-polkitbackendnullauthority.lo `test -f 'polkitbackendnullauthority.c' || echo '$(srcdir)/'`polkitbackendnullauthority.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libnullbackend_la-polkitbackendnullauthority.Tpo $(DEPDIR)/libnullbackend_la-polkitbackendnullauthority.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='polkitbackendnullauthority.c' object='libnullbackend_la-polkitbackendnullauthority.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libnullbackend_la_CFLAGS) $(CFLAGS) -c -o libnullbackend_la-polkitbackendnullauthority.lo `test -f 'polkitbackendnullauthority.c' || echo '$(srcdir)/'`polkitbackendnullauthority.c + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs +install-nullconfigDATA: $(nullconfig_DATA) + @$(NORMAL_INSTALL) + test -z "$(nullconfigdir)" || $(MKDIR_P) "$(DESTDIR)$(nullconfigdir)" + @list='$(nullconfig_DATA)'; test -n "$(nullconfigdir)" || list=; \ + for p in $$list; do \ + if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; \ + done | $(am__base_list) | \ + while read files; do \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(nullconfigdir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(nullconfigdir)" || exit $$?; \ + done + +uninstall-nullconfigDATA: + @$(NORMAL_UNINSTALL) + @list='$(nullconfig_DATA)'; test -n "$(nullconfigdir)" || list=; \ + files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ + dir='$(DESTDIR)$(nullconfigdir)'; $(am__uninstall_files_from_dir) + +ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + mkid -fID $$unique +tags: TAGS + +TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + set x; \ + here=`pwd`; \ + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: CTAGS +CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile $(LTLIBRARIES) $(DATA) +installdirs: + for dir in "$(DESTDIR)$(polkitmodulesdir)" "$(DESTDIR)$(nullconfigdir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + if test -z '$(STRIP)'; then \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + install; \ + else \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ + fi +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic clean-libtool clean-local \ + clean-polkitmodulesLTLIBRARIES mostlyclean-am + +distclean: distclean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-tags + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: install-nullconfigDATA \ + install-polkitmodulesLTLIBRARIES + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-nullconfigDATA \ + uninstall-polkitmodulesLTLIBRARIES + +.MAKE: install-am install-strip + +.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ + clean-libtool clean-local clean-polkitmodulesLTLIBRARIES ctags \ + distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-man install-nullconfigDATA install-pdf \ + install-pdf-am install-polkitmodulesLTLIBRARIES install-ps \ + install-ps-am install-strip installcheck installcheck-am \ + installdirs maintainer-clean maintainer-clean-generic \ + mostlyclean mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool pdf pdf-am ps ps-am tags uninstall \ + uninstall-am uninstall-nullconfigDATA \ + uninstall-polkitmodulesLTLIBRARIES + + +clean-local : + rm -f *~ + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/src/nullbackend/nullbackend.c b/src/nullbackend/nullbackend.c new file mode 100644 index 00000000..0436cf09 --- /dev/null +++ b/src/nullbackend/nullbackend.c @@ -0,0 +1,34 @@ +/* + * Copyright (C) 2009 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, write to the + * Free Software Foundation, Inc., 59 Temple Place, Suite 330, + * Boston, MA 02111-1307, USA. + * + * Author: David Zeuthen + */ + +#include "polkitbackendnullauthority.h" + +void +g_io_module_load (GIOModule *module) +{ + polkit_backend_null_authority_register (module); +} + +void +g_io_module_unload (GIOModule *module) +{ +} + diff --git a/src/nullbackend/polkitbackendnullauthority.c b/src/nullbackend/polkitbackendnullauthority.c new file mode 100644 index 00000000..74915405 --- /dev/null +++ b/src/nullbackend/polkitbackendnullauthority.c @@ -0,0 +1,195 @@ +/* + * Copyright (C) 2008 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, write to the + * Free Software Foundation, Inc., 59 Temple Place, Suite 330, + * Boston, MA 02111-1307, USA. + * + * Author: David Zeuthen + */ + +#include "config.h" +#include +#include +#include +#include +#include + +#include "polkitbackend/polkitbackendconfigsource.h" +#include "polkitbackendnullauthority.h" + +struct _PolkitBackendNullAuthorityPrivate +{ + gint foo; +}; + +static GList *authority_enumerate_actions (PolkitBackendAuthority *authority, + PolkitSubject *caller, + const gchar *locale, + GError **error); + +static void authority_check_authorization (PolkitBackendAuthority *authority, + PolkitSubject *caller, + PolkitSubject *subject, + const gchar *action_id, + PolkitDetails *details, + PolkitCheckAuthorizationFlags flags, + GCancellable *cancellable, + GAsyncReadyCallback callback, + gpointer user_data); + +static PolkitAuthorizationResult *authority_check_authorization_finish (PolkitBackendAuthority *authority, + GAsyncResult *res, + GError **error); + +G_DEFINE_DYNAMIC_TYPE (PolkitBackendNullAuthority, polkit_backend_null_authority,POLKIT_BACKEND_TYPE_AUTHORITY); + +static void +polkit_backend_null_authority_init (PolkitBackendNullAuthority *authority) +{ + authority->priv = G_TYPE_INSTANCE_GET_PRIVATE (authority, + POLKIT_BACKEND_TYPE_NULL_AUTHORITY, + PolkitBackendNullAuthorityPrivate); +} + +static void +polkit_backend_null_authority_finalize (GObject *object) +{ + G_OBJECT_CLASS (polkit_backend_null_authority_parent_class)->finalize (object); +} + +static const gchar * +authority_get_name (PolkitBackendAuthority *authority) +{ + return "null"; +} + +static const gchar * +authority_get_version (PolkitBackendAuthority *authority) +{ + return PACKAGE_VERSION; +} + +static PolkitAuthorityFeatures +authority_get_features (PolkitBackendAuthority *authority) +{ + return POLKIT_AUTHORITY_FEATURES_NONE; +} + +static void +polkit_backend_null_authority_class_init (PolkitBackendNullAuthorityClass *klass) +{ + GObjectClass *gobject_class; + PolkitBackendAuthorityClass *authority_class; + + gobject_class = G_OBJECT_CLASS (klass); + authority_class = POLKIT_BACKEND_AUTHORITY_CLASS (klass); + + gobject_class->finalize = polkit_backend_null_authority_finalize; + + authority_class->get_name = authority_get_name; + authority_class->get_version = authority_get_version; + authority_class->get_features = authority_get_features; + authority_class->enumerate_actions = authority_enumerate_actions; + authority_class->check_authorization = authority_check_authorization; + authority_class->check_authorization_finish = authority_check_authorization_finish; + + g_type_class_add_private (klass, sizeof (PolkitBackendNullAuthorityPrivate)); +} + +static void +polkit_backend_null_authority_class_finalize (PolkitBackendNullAuthorityClass *klass) +{ +} + +void +polkit_backend_null_authority_register (GIOModule *module) +{ + gint priority; + GFile *directory; + PolkitBackendConfigSource *source; + + directory = g_file_new_for_path (PACKAGE_SYSCONF_DIR "/polkit-1/nullbackend.conf.d"); + source = polkit_backend_config_source_new (directory); + + priority = polkit_backend_config_source_get_integer (source, "Configuration", "Priority", NULL); + + polkit_backend_null_authority_register_type (G_TYPE_MODULE (module)); + + g_print ("Registering null backend at priority %d\n", priority); + + g_io_extension_point_implement (POLKIT_BACKEND_AUTHORITY_EXTENSION_POINT_NAME, + POLKIT_BACKEND_TYPE_NULL_AUTHORITY, + "null backend " PACKAGE_VERSION, + priority); + + g_object_unref (directory); + g_object_unref (source); +} + +/* ---------------------------------------------------------------------------------------------------- */ + +static GList * +authority_enumerate_actions (PolkitBackendAuthority *authority, + PolkitSubject *caller, + const gchar *locale, + GError **error) +{ + /* We don't know any actions */ + return NULL; +} + +static void +authority_check_authorization (PolkitBackendAuthority *authority, + PolkitSubject *caller, + PolkitSubject *subject, + const gchar *action_id, + PolkitDetails *details, + PolkitCheckAuthorizationFlags flags, + GCancellable *cancellable, + GAsyncReadyCallback callback, + gpointer user_data) +{ + GSimpleAsyncResult *simple; + + /* complete immediately */ + simple = g_simple_async_result_new (G_OBJECT (authority), + callback, + user_data, + authority_check_authorization); + g_simple_async_result_complete (simple); + g_object_unref (simple); +} + +static PolkitAuthorizationResult * +authority_check_authorization_finish (PolkitBackendAuthority *authority, + GAsyncResult *res, + GError **error) +{ + GSimpleAsyncResult *simple; + PolkitAuthorizationResult *result; + + simple = G_SIMPLE_ASYNC_RESULT (res); + + g_warn_if_fail (g_simple_async_result_get_source_tag (simple) == authority_check_authorization); + + /* we always return NOT_AUTHORIZED, never an error */ + result = polkit_authorization_result_new (FALSE, FALSE, NULL); + + if (g_simple_async_result_propagate_error (simple, error)) + goto out; + + out: + return result; +} diff --git a/src/nullbackend/polkitbackendnullauthority.h b/src/nullbackend/polkitbackendnullauthority.h new file mode 100644 index 00000000..318e4826 --- /dev/null +++ b/src/nullbackend/polkitbackendnullauthority.h @@ -0,0 +1,59 @@ +/* + * Copyright (C) 2009 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, write to the + * Free Software Foundation, Inc., 59 Temple Place, Suite 330, + * Boston, MA 02111-1307, USA. + * + * Author: David Zeuthen + */ + +#ifndef __POLKIT_BACKEND_NULL_AUTHORITY_H +#define __POLKIT_BACKEND_NULL_AUTHORITY_H + +#include + +G_BEGIN_DECLS + +#define POLKIT_BACKEND_TYPE_NULL_AUTHORITY (polkit_backend_null_authority_get_type ()) +#define POLKIT_BACKEND_NULL_AUTHORITY(o) (G_TYPE_CHECK_INSTANCE_CAST ((o), POLKIT_BACKEND_TYPE_NULL_AUTHORITY, PolkitBackendNullAuthority)) +#define POLKIT_BACKEND_NULL_AUTHORITY_CLASS(k) (G_TYPE_CHECK_CLASS_CAST ((k), POLKIT_BACKEND_TYPE_NULL_AUTHORITY, PolkitBackendNullAuthorityClass)) +#define POLKIT_BACKEND_NULL_AUTHORITY_GET_CLASS(o) (G_TYPE_INSTANCE_GET_CLASS ((o), POLKIT_BACKEND_TYPE_NULL_AUTHORITY,PolkitBackendNullAuthorityClass)) +#define POLKIT_BACKEND_IS_NULL_AUTHORITY(o) (G_TYPE_CHECK_INSTANCE_TYPE ((o), POLKIT_BACKEND_TYPE_NULL_AUTHORITY)) +#define POLKIT_BACKEND_IS_NULL_AUTHORITY_CLASS(k) (G_TYPE_CHECK_CLASS_TYPE ((k), POLKIT_BACKEND_TYPE_NULL_AUTHORITY)) + +typedef struct _PolkitBackendNullAuthority PolkitBackendNullAuthority; +typedef struct _PolkitBackendNullAuthorityClass PolkitBackendNullAuthorityClass; +typedef struct _PolkitBackendNullAuthorityPrivate PolkitBackendNullAuthorityPrivate; + +struct _PolkitBackendNullAuthority +{ + PolkitBackendAuthority parent_instance; + PolkitBackendNullAuthorityPrivate *priv; +}; + +struct _PolkitBackendNullAuthorityClass +{ + PolkitBackendAuthorityClass parent_class; + +}; + +GType polkit_backend_null_authority_get_type (void) G_GNUC_CONST; + +void polkit_backend_null_authority_register (GIOModule *module); + +G_END_DECLS + +#endif /* __POLKIT_BACKEND_NULL_AUTHORITY_H */ + diff --git a/src/polkit/Makefile.am b/src/polkit/Makefile.am new file mode 100644 index 00000000..1068ea12 --- /dev/null +++ b/src/polkit/Makefile.am @@ -0,0 +1,137 @@ +NULL = + +INCLUDES = \ + -I$(top_builddir)/src \ + -I$(top_srcdir)/src \ + -DPACKAGE_LIBEXEC_DIR=\""$(libexecdir)"\" \ + -DPACKAGE_SYSCONF_DIR=\""$(sysconfdir)"\" \ + -DPACKAGE_DATA_DIR=\""$(datadir)"\" \ + -DPACKAGE_BIN_DIR=\""$(bindir)"\" \ + -DPACKAGE_LOCALSTATE_DIR=\""$(localstatedir)"\" \ + -DPACKAGE_LOCALE_DIR=\""$(localedir)"\" \ + -DPACKAGE_LIB_DIR=\""$(libdir)"\" \ + -D_POSIX_PTHREAD_SEMANTICS \ + -D_REENTRANT \ + $(NULL) + +BUILT_SOURCES = \ + polkitenumtypes.c polkitenumtypes.h \ + $(NULL) + +enum_headers = polkitcheckauthorizationflags.h polkiterror.h polkitimplicitauthorization.h polkitauthorityfeatures.h + +polkitenumtypes.h: $(enum_headers) polkitenumtypes.h.template + ( top_builddir=`cd $(top_builddir) && pwd`; \ + cd $(srcdir) && glib-mkenums --template polkitenumtypes.h.template $(enum_headers)) > \ + polkitenumtypes.h.tmp && mv polkitenumtypes.h.tmp polkitenumtypes.h + +polkitenumtypes.c: $(enum_headers) polkitenumtypes.c.template + ( top_builddir=`cd $(top_builddir) && pwd`; \ + cd $(srcdir) && glib-mkenums --template polkitenumtypes.c.template $(enum_headers)) > \ + polkitenumtypes.c.tmp && mv polkitenumtypes.c.tmp polkitenumtypes.c + +lib_LTLIBRARIES=libpolkit-gobject-1.la + +libpolkit_gobject_1includedir=$(includedir)/polkit-1/polkit + +libpolkit_gobject_1include_HEADERS = \ + polkit.h \ + polkitprivate.h \ + polkittypes.h \ + polkitenumtypes.h \ + polkitactiondescription.h \ + polkitauthorityfeatures.h \ + polkitdetails.h \ + polkitauthority.h \ + polkiterror.h \ + polkitsubject.h \ + polkitunixprocess.h \ + polkitunixsession.h \ + polkitsystembusname.h \ + polkitidentity.h \ + polkitunixuser.h \ + polkitunixgroup.h \ + polkitunixnetgroup.h \ + polkitauthorizationresult.h \ + polkitcheckauthorizationflags.h \ + polkitimplicitauthorization.h \ + polkittemporaryauthorization.h \ + polkitpermission.h \ + $(NULL) + +libpolkit_gobject_1_la_SOURCES = \ + $(BUILT_SOURCES) \ + polkit.h \ + polkitactiondescription.c polkitactiondescription.h \ + polkitauthorityfeatures.h polkitauthorityfeatures.c \ + polkitdetails.c polkitdetails.h \ + polkitauthority.c polkitauthority.h \ + polkiterror.c polkiterror.h \ + polkitsubject.c polkitsubject.h \ + polkitunixprocess.c polkitunixprocess.h \ + polkitsystembusname.c polkitsystembusname.h \ + polkitidentity.c polkitidentity.h \ + polkitunixuser.c polkitunixuser.h \ + polkitunixgroup.c polkitunixgroup.h \ + polkitunixnetgroup.c polkitunixnetgroup.h \ + polkitauthorizationresult.c polkitauthorizationresult.h \ + polkitcheckauthorizationflags.c polkitcheckauthorizationflags.h \ + polkitimplicitauthorization.c polkitimplicitauthorization.h \ + polkittemporaryauthorization.c polkittemporaryauthorization.h \ + polkitpermission.c polkitpermission.h \ + $(NULL) + +if HAVE_SYSTEMD +libpolkit_gobject_1_la_SOURCES += \ + polkitunixsession-systemd.c polkitunixsession.h +else +libpolkit_gobject_1_la_SOURCES += \ + polkitunixsession.c polkitunixsession.h +endif + +libpolkit_gobject_1_la_CFLAGS = \ + -D_POLKIT_COMPILATION \ + $(GLIB_CFLAGS) \ + $(SYSTEMD_CFLAGS) \ + $(NULL) + +libpolkit_gobject_1_la_LIBADD = \ + $(GLIB_LIBS) \ + $(SYSTEMD_LIBS) \ + $(NULL) + +libpolkit_gobject_1_la_LDFLAGS = -export-symbols-regex '(^polkit_.*)' + +if HAVE_INTROSPECTION + +INTROSPECTION_GIRS = Polkit-1.0.gir + +girdir = $(INTROSPECTION_GIRDIR) +gir_DATA = Polkit-1.0.gir + +typelibsdir = $(INTROSPECTION_TYPELIBDIR) +typelibs_DATA = Polkit-1.0.typelib + +Polkit_1_0_gir_INCLUDES = Gio-2.0 +Polkit_1_0_gir_SCANNERFLAGS = --c-include='polkit/polkit.h' +Polkit_1_0_gir_CFLAGS = \ + $(libpolkit_gobject_1_la_CFLAGS) \ + -D_POLKIT_COMPILATION \ + -I.. -I$(top_srcdir)/src +Polkit_1_0_gir_LIBS = libpolkit-gobject-1.la +Polkit_1_0_gir_FILES = $(libpolkit_gobject_1_la_SOURCES) +Polkit_1_0_gir_EXPORT_PACKAGES = polkit-gobject-1 + +include $(INTROSPECTION_MAKEFILE) + +endif # HAVE_INTROSPECTION + +EXTRA_DIST = polkitenumtypes.h.template polkitenumtypes.c.template +CLEANFILES = $(gir_DATA) $(typelibs_DATA) + +dist-hook : + (for i in $(polkit_built_sources) $(BUILT_SOURCES) ; do rm -f $(distdir)/$$i ; done) + +clean-local : + rm -f *~ $(polkit_built_sources) $(BUILT_SOURCES) + diff --git a/src/polkit/Makefile.in b/src/polkit/Makefile.in new file mode 100644 index 00000000..fdc50a06 --- /dev/null +++ b/src/polkit/Makefile.in @@ -0,0 +1,1002 @@ +# Makefile.in generated by automake 1.11.3 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software +# Foundation, Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + + + +VPATH = @srcdir@ +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +@HAVE_SYSTEMD_TRUE@am__append_1 = \ +@HAVE_SYSTEMD_TRUE@ polkitunixsession-systemd.c polkitunixsession.h + +@HAVE_SYSTEMD_FALSE@am__append_2 = \ +@HAVE_SYSTEMD_FALSE@ polkitunixsession.c polkitunixsession.h + +subdir = src/polkit +DIST_COMMON = $(libpolkit_gobject_1include_HEADERS) \ + $(srcdir)/Makefile.am $(srcdir)/Makefile.in +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/config.h +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__uninstall_files_from_dir = { \ + test -z "$$files" \ + || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ + || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ + $(am__cd) "$$dir" && rm -f $$files; }; \ + } +am__installdirs = "$(DESTDIR)$(libdir)" "$(DESTDIR)$(girdir)" \ + "$(DESTDIR)$(typelibsdir)" \ + "$(DESTDIR)$(libpolkit_gobject_1includedir)" +LTLIBRARIES = $(lib_LTLIBRARIES) +am__DEPENDENCIES_1 = +libpolkit_gobject_1_la_DEPENDENCIES = $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) +am__libpolkit_gobject_1_la_SOURCES_DIST = polkitenumtypes.c \ + polkitenumtypes.h polkit.h polkitactiondescription.c \ + polkitactiondescription.h polkitauthorityfeatures.h \ + polkitauthorityfeatures.c polkitdetails.c polkitdetails.h \ + polkitauthority.c polkitauthority.h polkiterror.c \ + polkiterror.h polkitsubject.c polkitsubject.h \ + polkitunixprocess.c polkitunixprocess.h polkitsystembusname.c \ + polkitsystembusname.h polkitidentity.c polkitidentity.h \ + polkitunixuser.c polkitunixuser.h polkitunixgroup.c \ + polkitunixgroup.h polkitunixnetgroup.c polkitunixnetgroup.h \ + polkitauthorizationresult.c polkitauthorizationresult.h \ + polkitcheckauthorizationflags.c \ + polkitcheckauthorizationflags.h polkitimplicitauthorization.c \ + polkitimplicitauthorization.h polkittemporaryauthorization.c \ + polkittemporaryauthorization.h polkitpermission.c \ + polkitpermission.h polkitunixsession-systemd.c \ + polkitunixsession.h polkitunixsession.c +am__objects_1 = +am__objects_2 = libpolkit_gobject_1_la-polkitenumtypes.lo \ + $(am__objects_1) +@HAVE_SYSTEMD_TRUE@am__objects_3 = libpolkit_gobject_1_la-polkitunixsession-systemd.lo +@HAVE_SYSTEMD_FALSE@am__objects_4 = libpolkit_gobject_1_la-polkitunixsession.lo +am_libpolkit_gobject_1_la_OBJECTS = $(am__objects_2) \ + libpolkit_gobject_1_la-polkitactiondescription.lo \ + libpolkit_gobject_1_la-polkitauthorityfeatures.lo \ + libpolkit_gobject_1_la-polkitdetails.lo \ + libpolkit_gobject_1_la-polkitauthority.lo \ + libpolkit_gobject_1_la-polkiterror.lo \ + libpolkit_gobject_1_la-polkitsubject.lo \ + libpolkit_gobject_1_la-polkitunixprocess.lo \ + libpolkit_gobject_1_la-polkitsystembusname.lo \ + libpolkit_gobject_1_la-polkitidentity.lo \ + libpolkit_gobject_1_la-polkitunixuser.lo \ + libpolkit_gobject_1_la-polkitunixgroup.lo \ + libpolkit_gobject_1_la-polkitunixnetgroup.lo \ + libpolkit_gobject_1_la-polkitauthorizationresult.lo \ + libpolkit_gobject_1_la-polkitcheckauthorizationflags.lo \ + libpolkit_gobject_1_la-polkitimplicitauthorization.lo \ + libpolkit_gobject_1_la-polkittemporaryauthorization.lo \ + libpolkit_gobject_1_la-polkitpermission.lo $(am__objects_1) \ + $(am__objects_3) $(am__objects_4) +libpolkit_gobject_1_la_OBJECTS = $(am_libpolkit_gobject_1_la_OBJECTS) +AM_V_lt = $(am__v_lt_@AM_V@) +am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) +am__v_lt_0 = --silent +libpolkit_gobject_1_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ + $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ + $(libpolkit_gobject_1_la_CFLAGS) $(CFLAGS) \ + $(libpolkit_gobject_1_la_LDFLAGS) $(LDFLAGS) -o $@ +DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ + $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ + $(AM_CFLAGS) $(CFLAGS) +AM_V_CC = $(am__v_CC_@AM_V@) +am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) +am__v_CC_0 = @echo " CC " $@; +AM_V_at = $(am__v_at_@AM_V@) +am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) +am__v_at_0 = @ +CCLD = $(CC) +LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(AM_LDFLAGS) $(LDFLAGS) -o $@ +AM_V_CCLD = $(am__v_CCLD_@AM_V@) +am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) +am__v_CCLD_0 = @echo " CCLD " $@; +AM_V_GEN = $(am__v_GEN_@AM_V@) +am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) +am__v_GEN_0 = @echo " GEN " $@; +SOURCES = $(libpolkit_gobject_1_la_SOURCES) +DIST_SOURCES = $(am__libpolkit_gobject_1_la_SOURCES_DIST) +DATA = $(gir_DATA) $(typelibs_DATA) +HEADERS = $(libpolkit_gobject_1include_HEADERS) +ETAGS = etags +CTAGS = ctags +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +ALL_LINGUAS = @ALL_LINGUAS@ +AMTAR = @AMTAR@ +AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ +AR = @AR@ +AUTH_LIBS = @AUTH_LIBS@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +CATALOGS = @CATALOGS@ +CATOBJEXT = @CATOBJEXT@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DATADIRNAME = @DATADIRNAME@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +EXPAT_LIBS = @EXPAT_LIBS@ +FGREP = @FGREP@ +GETTEXT_PACKAGE = @GETTEXT_PACKAGE@ +GLIB_CFLAGS = @GLIB_CFLAGS@ +GLIB_LIBS = @GLIB_LIBS@ +GMOFILES = @GMOFILES@ +GMSGFMT = @GMSGFMT@ +GREP = @GREP@ +GTKDOC_CHECK = @GTKDOC_CHECK@ +GTKDOC_DEPS_CFLAGS = @GTKDOC_DEPS_CFLAGS@ +GTKDOC_DEPS_LIBS = @GTKDOC_DEPS_LIBS@ +GTKDOC_MKPDF = @GTKDOC_MKPDF@ +GTKDOC_REBASE = @GTKDOC_REBASE@ +HAVE_PAM = @HAVE_PAM@ +HTML_DIR = @HTML_DIR@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +INSTOBJEXT = @INSTOBJEXT@ +INTLLIBS = @INTLLIBS@ +INTLTOOL_EXTRACT = @INTLTOOL_EXTRACT@ +INTLTOOL_MERGE = @INTLTOOL_MERGE@ +INTLTOOL_PERL = @INTLTOOL_PERL@ +INTLTOOL_UPDATE = @INTLTOOL_UPDATE@ +INTLTOOL_V_MERGE = @INTLTOOL_V_MERGE@ +INTLTOOL_V_MERGE_OPTIONS = @INTLTOOL_V_MERGE_OPTIONS@ +INTLTOOL__v_MERGE_ = @INTLTOOL__v_MERGE_@ +INTLTOOL__v_MERGE_0 = @INTLTOOL__v_MERGE_0@ +INTROSPECTION_CFLAGS = @INTROSPECTION_CFLAGS@ +INTROSPECTION_COMPILER = @INTROSPECTION_COMPILER@ +INTROSPECTION_GENERATE = @INTROSPECTION_GENERATE@ +INTROSPECTION_GIRDIR = @INTROSPECTION_GIRDIR@ +INTROSPECTION_LIBS = @INTROSPECTION_LIBS@ +INTROSPECTION_MAKEFILE = @INTROSPECTION_MAKEFILE@ +INTROSPECTION_SCANNER = @INTROSPECTION_SCANNER@ +INTROSPECTION_TYPELIBDIR = @INTROSPECTION_TYPELIBDIR@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +LT_AGE = @LT_AGE@ +LT_CURRENT = @LT_CURRENT@ +LT_REVISION = @LT_REVISION@ +MAINT = @MAINT@ +MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ +MKDIR_P = @MKDIR_P@ +MKINSTALLDIRS = @MKINSTALLDIRS@ +MSGFMT = @MSGFMT@ +MSGFMT_OPTS = @MSGFMT_OPTS@ +MSGMERGE = @MSGMERGE@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PAM_FILE_INCLUDE_ACCOUNT = @PAM_FILE_INCLUDE_ACCOUNT@ +PAM_FILE_INCLUDE_AUTH = @PAM_FILE_INCLUDE_AUTH@ +PAM_FILE_INCLUDE_PASSWORD = @PAM_FILE_INCLUDE_PASSWORD@ +PAM_FILE_INCLUDE_SESSION = @PAM_FILE_INCLUDE_SESSION@ +PAM_MODULE_DIR = @PAM_MODULE_DIR@ +PAM_PREFIX = @PAM_PREFIX@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +POFILES = @POFILES@ +POLKIT_AUTHFW = @POLKIT_AUTHFW@ +POSUB = @POSUB@ +PO_IN_DATADIR_FALSE = @PO_IN_DATADIR_FALSE@ +PO_IN_DATADIR_TRUE = @PO_IN_DATADIR_TRUE@ +RANLIB = @RANLIB@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +STRIP = @STRIP@ +SYSTEMD_CFLAGS = @SYSTEMD_CFLAGS@ +SYSTEMD_LIBS = @SYSTEMD_LIBS@ +USE_NLS = @USE_NLS@ +VERSION = @VERSION@ +XGETTEXT = @XGETTEXT@ +XSLTPROC = @XSLTPROC@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +intltool__v_merge_options_ = @intltool__v_merge_options_@ +intltool__v_merge_options_0 = @intltool__v_merge_options_0@ +libdir = @libdir@ +libexecdir = @libexecdir@ +localedir = @localedir@ +localstatedir = @localstatedir@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +subdirs = @subdirs@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +NULL = +INCLUDES = \ + -I$(top_builddir)/src \ + -I$(top_srcdir)/src \ + -DPACKAGE_LIBEXEC_DIR=\""$(libexecdir)"\" \ + -DPACKAGE_SYSCONF_DIR=\""$(sysconfdir)"\" \ + -DPACKAGE_DATA_DIR=\""$(datadir)"\" \ + -DPACKAGE_BIN_DIR=\""$(bindir)"\" \ + -DPACKAGE_LOCALSTATE_DIR=\""$(localstatedir)"\" \ + -DPACKAGE_LOCALE_DIR=\""$(localedir)"\" \ + -DPACKAGE_LIB_DIR=\""$(libdir)"\" \ + -D_POSIX_PTHREAD_SEMANTICS \ + -D_REENTRANT \ + $(NULL) + +BUILT_SOURCES = \ + polkitenumtypes.c polkitenumtypes.h \ + $(NULL) + +enum_headers = polkitcheckauthorizationflags.h polkiterror.h polkitimplicitauthorization.h polkitauthorityfeatures.h +lib_LTLIBRARIES = libpolkit-gobject-1.la +libpolkit_gobject_1includedir = $(includedir)/polkit-1/polkit +libpolkit_gobject_1include_HEADERS = \ + polkit.h \ + polkitprivate.h \ + polkittypes.h \ + polkitenumtypes.h \ + polkitactiondescription.h \ + polkitauthorityfeatures.h \ + polkitdetails.h \ + polkitauthority.h \ + polkiterror.h \ + polkitsubject.h \ + polkitunixprocess.h \ + polkitunixsession.h \ + polkitsystembusname.h \ + polkitidentity.h \ + polkitunixuser.h \ + polkitunixgroup.h \ + polkitunixnetgroup.h \ + polkitauthorizationresult.h \ + polkitcheckauthorizationflags.h \ + polkitimplicitauthorization.h \ + polkittemporaryauthorization.h \ + polkitpermission.h \ + $(NULL) + +libpolkit_gobject_1_la_SOURCES = $(BUILT_SOURCES) polkit.h \ + polkitactiondescription.c polkitactiondescription.h \ + polkitauthorityfeatures.h polkitauthorityfeatures.c \ + polkitdetails.c polkitdetails.h polkitauthority.c \ + polkitauthority.h polkiterror.c polkiterror.h polkitsubject.c \ + polkitsubject.h polkitunixprocess.c polkitunixprocess.h \ + polkitsystembusname.c polkitsystembusname.h polkitidentity.c \ + polkitidentity.h polkitunixuser.c polkitunixuser.h \ + polkitunixgroup.c polkitunixgroup.h polkitunixnetgroup.c \ + polkitunixnetgroup.h polkitauthorizationresult.c \ + polkitauthorizationresult.h polkitcheckauthorizationflags.c \ + polkitcheckauthorizationflags.h polkitimplicitauthorization.c \ + polkitimplicitauthorization.h polkittemporaryauthorization.c \ + polkittemporaryauthorization.h polkitpermission.c \ + polkitpermission.h $(NULL) $(am__append_1) $(am__append_2) +libpolkit_gobject_1_la_CFLAGS = \ + -D_POLKIT_COMPILATION \ + $(GLIB_CFLAGS) \ + $(SYSTEMD_CFLAGS) \ + $(NULL) + +libpolkit_gobject_1_la_LIBADD = \ + $(GLIB_LIBS) \ + $(SYSTEMD_LIBS) \ + $(NULL) + +libpolkit_gobject_1_la_LDFLAGS = -export-symbols-regex '(^polkit_.*)' +@HAVE_INTROSPECTION_TRUE@INTROSPECTION_GIRS = Polkit-1.0.gir +@HAVE_INTROSPECTION_TRUE@girdir = $(INTROSPECTION_GIRDIR) +@HAVE_INTROSPECTION_TRUE@gir_DATA = Polkit-1.0.gir +@HAVE_INTROSPECTION_TRUE@typelibsdir = $(INTROSPECTION_TYPELIBDIR) +@HAVE_INTROSPECTION_TRUE@typelibs_DATA = Polkit-1.0.typelib +@HAVE_INTROSPECTION_TRUE@Polkit_1_0_gir_INCLUDES = Gio-2.0 +@HAVE_INTROSPECTION_TRUE@Polkit_1_0_gir_SCANNERFLAGS = --c-include='polkit/polkit.h' +@HAVE_INTROSPECTION_TRUE@Polkit_1_0_gir_CFLAGS = \ +@HAVE_INTROSPECTION_TRUE@ $(libpolkit_gobject_1_la_CFLAGS) \ +@HAVE_INTROSPECTION_TRUE@ -D_POLKIT_COMPILATION \ +@HAVE_INTROSPECTION_TRUE@ -I.. -I$(top_srcdir)/src + +@HAVE_INTROSPECTION_TRUE@Polkit_1_0_gir_LIBS = libpolkit-gobject-1.la +@HAVE_INTROSPECTION_TRUE@Polkit_1_0_gir_FILES = $(libpolkit_gobject_1_la_SOURCES) +@HAVE_INTROSPECTION_TRUE@Polkit_1_0_gir_EXPORT_PACKAGES = polkit-gobject-1 +EXTRA_DIST = polkitenumtypes.h.template polkitenumtypes.c.template +CLEANFILES = $(gir_DATA) $(typelibs_DATA) +all: $(BUILT_SOURCES) + $(MAKE) $(AM_MAKEFLAGS) all-am + +.SUFFIXES: +.SUFFIXES: .c .lo .o .obj +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/polkit/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/polkit/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): +install-libLTLIBRARIES: $(lib_LTLIBRARIES) + @$(NORMAL_INSTALL) + test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)" + @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \ + list2=; for p in $$list; do \ + if test -f $$p; then \ + list2="$$list2 $$p"; \ + else :; fi; \ + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(libdir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(libdir)"; \ + } + +uninstall-libLTLIBRARIES: + @$(NORMAL_UNINSTALL) + @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$f"; \ + done + +clean-libLTLIBRARIES: + -test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES) + @list='$(lib_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done +libpolkit-gobject-1.la: $(libpolkit_gobject_1_la_OBJECTS) $(libpolkit_gobject_1_la_DEPENDENCIES) $(EXTRA_libpolkit_gobject_1_la_DEPENDENCIES) + $(AM_V_CCLD)$(libpolkit_gobject_1_la_LINK) -rpath $(libdir) $(libpolkit_gobject_1_la_OBJECTS) $(libpolkit_gobject_1_la_LIBADD) $(LIBS) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + +distclean-compile: + -rm -f *.tab.c + +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpolkit_gobject_1_la-polkitactiondescription.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpolkit_gobject_1_la-polkitauthority.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpolkit_gobject_1_la-polkitauthorityfeatures.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpolkit_gobject_1_la-polkitauthorizationresult.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpolkit_gobject_1_la-polkitcheckauthorizationflags.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpolkit_gobject_1_la-polkitdetails.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpolkit_gobject_1_la-polkitenumtypes.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpolkit_gobject_1_la-polkiterror.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpolkit_gobject_1_la-polkitidentity.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpolkit_gobject_1_la-polkitimplicitauthorization.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpolkit_gobject_1_la-polkitpermission.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpolkit_gobject_1_la-polkitsubject.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpolkit_gobject_1_la-polkitsystembusname.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpolkit_gobject_1_la-polkittemporaryauthorization.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpolkit_gobject_1_la-polkitunixgroup.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpolkit_gobject_1_la-polkitunixnetgroup.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpolkit_gobject_1_la-polkitunixprocess.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpolkit_gobject_1_la-polkitunixsession-systemd.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpolkit_gobject_1_la-polkitunixsession.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpolkit_gobject_1_la-polkitunixuser.Plo@am__quote@ + +.c.o: +@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $< + +.c.obj: +@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'` + +.c.lo: +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< + +libpolkit_gobject_1_la-polkitenumtypes.lo: polkitenumtypes.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpolkit_gobject_1_la_CFLAGS) $(CFLAGS) -MT libpolkit_gobject_1_la-polkitenumtypes.lo -MD -MP -MF $(DEPDIR)/libpolkit_gobject_1_la-polkitenumtypes.Tpo -c -o libpolkit_gobject_1_la-polkitenumtypes.lo `test -f 'polkitenumtypes.c' || echo '$(srcdir)/'`polkitenumtypes.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpolkit_gobject_1_la-polkitenumtypes.Tpo $(DEPDIR)/libpolkit_gobject_1_la-polkitenumtypes.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='polkitenumtypes.c' object='libpolkit_gobject_1_la-polkitenumtypes.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpolkit_gobject_1_la_CFLAGS) $(CFLAGS) -c -o libpolkit_gobject_1_la-polkitenumtypes.lo `test -f 'polkitenumtypes.c' || echo '$(srcdir)/'`polkitenumtypes.c + +libpolkit_gobject_1_la-polkitactiondescription.lo: polkitactiondescription.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpolkit_gobject_1_la_CFLAGS) $(CFLAGS) -MT libpolkit_gobject_1_la-polkitactiondescription.lo -MD -MP -MF $(DEPDIR)/libpolkit_gobject_1_la-polkitactiondescription.Tpo -c -o libpolkit_gobject_1_la-polkitactiondescription.lo `test -f 'polkitactiondescription.c' || echo '$(srcdir)/'`polkitactiondescription.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpolkit_gobject_1_la-polkitactiondescription.Tpo $(DEPDIR)/libpolkit_gobject_1_la-polkitactiondescription.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='polkitactiondescription.c' object='libpolkit_gobject_1_la-polkitactiondescription.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpolkit_gobject_1_la_CFLAGS) $(CFLAGS) -c -o libpolkit_gobject_1_la-polkitactiondescription.lo `test -f 'polkitactiondescription.c' || echo '$(srcdir)/'`polkitactiondescription.c + +libpolkit_gobject_1_la-polkitauthorityfeatures.lo: polkitauthorityfeatures.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpolkit_gobject_1_la_CFLAGS) $(CFLAGS) -MT libpolkit_gobject_1_la-polkitauthorityfeatures.lo -MD -MP -MF $(DEPDIR)/libpolkit_gobject_1_la-polkitauthorityfeatures.Tpo -c -o libpolkit_gobject_1_la-polkitauthorityfeatures.lo `test -f 'polkitauthorityfeatures.c' || echo '$(srcdir)/'`polkitauthorityfeatures.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpolkit_gobject_1_la-polkitauthorityfeatures.Tpo $(DEPDIR)/libpolkit_gobject_1_la-polkitauthorityfeatures.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='polkitauthorityfeatures.c' object='libpolkit_gobject_1_la-polkitauthorityfeatures.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpolkit_gobject_1_la_CFLAGS) $(CFLAGS) -c -o libpolkit_gobject_1_la-polkitauthorityfeatures.lo `test -f 'polkitauthorityfeatures.c' || echo '$(srcdir)/'`polkitauthorityfeatures.c + +libpolkit_gobject_1_la-polkitdetails.lo: polkitdetails.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpolkit_gobject_1_la_CFLAGS) $(CFLAGS) -MT libpolkit_gobject_1_la-polkitdetails.lo -MD -MP -MF $(DEPDIR)/libpolkit_gobject_1_la-polkitdetails.Tpo -c -o libpolkit_gobject_1_la-polkitdetails.lo `test -f 'polkitdetails.c' || echo '$(srcdir)/'`polkitdetails.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpolkit_gobject_1_la-polkitdetails.Tpo $(DEPDIR)/libpolkit_gobject_1_la-polkitdetails.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='polkitdetails.c' object='libpolkit_gobject_1_la-polkitdetails.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpolkit_gobject_1_la_CFLAGS) $(CFLAGS) -c -o libpolkit_gobject_1_la-polkitdetails.lo `test -f 'polkitdetails.c' || echo '$(srcdir)/'`polkitdetails.c + +libpolkit_gobject_1_la-polkitauthority.lo: polkitauthority.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpolkit_gobject_1_la_CFLAGS) $(CFLAGS) -MT libpolkit_gobject_1_la-polkitauthority.lo -MD -MP -MF $(DEPDIR)/libpolkit_gobject_1_la-polkitauthority.Tpo -c -o libpolkit_gobject_1_la-polkitauthority.lo `test -f 'polkitauthority.c' || echo '$(srcdir)/'`polkitauthority.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpolkit_gobject_1_la-polkitauthority.Tpo $(DEPDIR)/libpolkit_gobject_1_la-polkitauthority.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='polkitauthority.c' object='libpolkit_gobject_1_la-polkitauthority.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpolkit_gobject_1_la_CFLAGS) $(CFLAGS) -c -o libpolkit_gobject_1_la-polkitauthority.lo `test -f 'polkitauthority.c' || echo '$(srcdir)/'`polkitauthority.c + +libpolkit_gobject_1_la-polkiterror.lo: polkiterror.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpolkit_gobject_1_la_CFLAGS) $(CFLAGS) -MT libpolkit_gobject_1_la-polkiterror.lo -MD -MP -MF $(DEPDIR)/libpolkit_gobject_1_la-polkiterror.Tpo -c -o libpolkit_gobject_1_la-polkiterror.lo `test -f 'polkiterror.c' || echo '$(srcdir)/'`polkiterror.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpolkit_gobject_1_la-polkiterror.Tpo $(DEPDIR)/libpolkit_gobject_1_la-polkiterror.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='polkiterror.c' object='libpolkit_gobject_1_la-polkiterror.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpolkit_gobject_1_la_CFLAGS) $(CFLAGS) -c -o libpolkit_gobject_1_la-polkiterror.lo `test -f 'polkiterror.c' || echo '$(srcdir)/'`polkiterror.c + +libpolkit_gobject_1_la-polkitsubject.lo: polkitsubject.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpolkit_gobject_1_la_CFLAGS) $(CFLAGS) -MT libpolkit_gobject_1_la-polkitsubject.lo -MD -MP -MF $(DEPDIR)/libpolkit_gobject_1_la-polkitsubject.Tpo -c -o libpolkit_gobject_1_la-polkitsubject.lo `test -f 'polkitsubject.c' || echo '$(srcdir)/'`polkitsubject.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpolkit_gobject_1_la-polkitsubject.Tpo $(DEPDIR)/libpolkit_gobject_1_la-polkitsubject.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='polkitsubject.c' object='libpolkit_gobject_1_la-polkitsubject.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpolkit_gobject_1_la_CFLAGS) $(CFLAGS) -c -o libpolkit_gobject_1_la-polkitsubject.lo `test -f 'polkitsubject.c' || echo '$(srcdir)/'`polkitsubject.c + +libpolkit_gobject_1_la-polkitunixprocess.lo: polkitunixprocess.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpolkit_gobject_1_la_CFLAGS) $(CFLAGS) -MT libpolkit_gobject_1_la-polkitunixprocess.lo -MD -MP -MF $(DEPDIR)/libpolkit_gobject_1_la-polkitunixprocess.Tpo -c -o libpolkit_gobject_1_la-polkitunixprocess.lo `test -f 'polkitunixprocess.c' || echo '$(srcdir)/'`polkitunixprocess.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpolkit_gobject_1_la-polkitunixprocess.Tpo $(DEPDIR)/libpolkit_gobject_1_la-polkitunixprocess.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='polkitunixprocess.c' object='libpolkit_gobject_1_la-polkitunixprocess.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpolkit_gobject_1_la_CFLAGS) $(CFLAGS) -c -o libpolkit_gobject_1_la-polkitunixprocess.lo `test -f 'polkitunixprocess.c' || echo '$(srcdir)/'`polkitunixprocess.c + +libpolkit_gobject_1_la-polkitsystembusname.lo: polkitsystembusname.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpolkit_gobject_1_la_CFLAGS) $(CFLAGS) -MT libpolkit_gobject_1_la-polkitsystembusname.lo -MD -MP -MF $(DEPDIR)/libpolkit_gobject_1_la-polkitsystembusname.Tpo -c -o libpolkit_gobject_1_la-polkitsystembusname.lo `test -f 'polkitsystembusname.c' || echo '$(srcdir)/'`polkitsystembusname.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpolkit_gobject_1_la-polkitsystembusname.Tpo $(DEPDIR)/libpolkit_gobject_1_la-polkitsystembusname.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='polkitsystembusname.c' object='libpolkit_gobject_1_la-polkitsystembusname.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpolkit_gobject_1_la_CFLAGS) $(CFLAGS) -c -o libpolkit_gobject_1_la-polkitsystembusname.lo `test -f 'polkitsystembusname.c' || echo '$(srcdir)/'`polkitsystembusname.c + +libpolkit_gobject_1_la-polkitidentity.lo: polkitidentity.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpolkit_gobject_1_la_CFLAGS) $(CFLAGS) -MT libpolkit_gobject_1_la-polkitidentity.lo -MD -MP -MF $(DEPDIR)/libpolkit_gobject_1_la-polkitidentity.Tpo -c -o libpolkit_gobject_1_la-polkitidentity.lo `test -f 'polkitidentity.c' || echo '$(srcdir)/'`polkitidentity.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpolkit_gobject_1_la-polkitidentity.Tpo $(DEPDIR)/libpolkit_gobject_1_la-polkitidentity.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='polkitidentity.c' object='libpolkit_gobject_1_la-polkitidentity.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpolkit_gobject_1_la_CFLAGS) $(CFLAGS) -c -o libpolkit_gobject_1_la-polkitidentity.lo `test -f 'polkitidentity.c' || echo '$(srcdir)/'`polkitidentity.c + +libpolkit_gobject_1_la-polkitunixuser.lo: polkitunixuser.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpolkit_gobject_1_la_CFLAGS) $(CFLAGS) -MT libpolkit_gobject_1_la-polkitunixuser.lo -MD -MP -MF $(DEPDIR)/libpolkit_gobject_1_la-polkitunixuser.Tpo -c -o libpolkit_gobject_1_la-polkitunixuser.lo `test -f 'polkitunixuser.c' || echo '$(srcdir)/'`polkitunixuser.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpolkit_gobject_1_la-polkitunixuser.Tpo $(DEPDIR)/libpolkit_gobject_1_la-polkitunixuser.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='polkitunixuser.c' object='libpolkit_gobject_1_la-polkitunixuser.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpolkit_gobject_1_la_CFLAGS) $(CFLAGS) -c -o libpolkit_gobject_1_la-polkitunixuser.lo `test -f 'polkitunixuser.c' || echo '$(srcdir)/'`polkitunixuser.c + +libpolkit_gobject_1_la-polkitunixgroup.lo: polkitunixgroup.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpolkit_gobject_1_la_CFLAGS) $(CFLAGS) -MT libpolkit_gobject_1_la-polkitunixgroup.lo -MD -MP -MF $(DEPDIR)/libpolkit_gobject_1_la-polkitunixgroup.Tpo -c -o libpolkit_gobject_1_la-polkitunixgroup.lo `test -f 'polkitunixgroup.c' || echo '$(srcdir)/'`polkitunixgroup.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpolkit_gobject_1_la-polkitunixgroup.Tpo $(DEPDIR)/libpolkit_gobject_1_la-polkitunixgroup.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='polkitunixgroup.c' object='libpolkit_gobject_1_la-polkitunixgroup.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpolkit_gobject_1_la_CFLAGS) $(CFLAGS) -c -o libpolkit_gobject_1_la-polkitunixgroup.lo `test -f 'polkitunixgroup.c' || echo '$(srcdir)/'`polkitunixgroup.c + +libpolkit_gobject_1_la-polkitunixnetgroup.lo: polkitunixnetgroup.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpolkit_gobject_1_la_CFLAGS) $(CFLAGS) -MT libpolkit_gobject_1_la-polkitunixnetgroup.lo -MD -MP -MF $(DEPDIR)/libpolkit_gobject_1_la-polkitunixnetgroup.Tpo -c -o libpolkit_gobject_1_la-polkitunixnetgroup.lo `test -f 'polkitunixnetgroup.c' || echo '$(srcdir)/'`polkitunixnetgroup.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpolkit_gobject_1_la-polkitunixnetgroup.Tpo $(DEPDIR)/libpolkit_gobject_1_la-polkitunixnetgroup.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='polkitunixnetgroup.c' object='libpolkit_gobject_1_la-polkitunixnetgroup.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpolkit_gobject_1_la_CFLAGS) $(CFLAGS) -c -o libpolkit_gobject_1_la-polkitunixnetgroup.lo `test -f 'polkitunixnetgroup.c' || echo '$(srcdir)/'`polkitunixnetgroup.c + +libpolkit_gobject_1_la-polkitauthorizationresult.lo: polkitauthorizationresult.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpolkit_gobject_1_la_CFLAGS) $(CFLAGS) -MT libpolkit_gobject_1_la-polkitauthorizationresult.lo -MD -MP -MF $(DEPDIR)/libpolkit_gobject_1_la-polkitauthorizationresult.Tpo -c -o libpolkit_gobject_1_la-polkitauthorizationresult.lo `test -f 'polkitauthorizationresult.c' || echo '$(srcdir)/'`polkitauthorizationresult.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpolkit_gobject_1_la-polkitauthorizationresult.Tpo $(DEPDIR)/libpolkit_gobject_1_la-polkitauthorizationresult.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='polkitauthorizationresult.c' object='libpolkit_gobject_1_la-polkitauthorizationresult.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpolkit_gobject_1_la_CFLAGS) $(CFLAGS) -c -o libpolkit_gobject_1_la-polkitauthorizationresult.lo `test -f 'polkitauthorizationresult.c' || echo '$(srcdir)/'`polkitauthorizationresult.c + +libpolkit_gobject_1_la-polkitcheckauthorizationflags.lo: polkitcheckauthorizationflags.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpolkit_gobject_1_la_CFLAGS) $(CFLAGS) -MT libpolkit_gobject_1_la-polkitcheckauthorizationflags.lo -MD -MP -MF $(DEPDIR)/libpolkit_gobject_1_la-polkitcheckauthorizationflags.Tpo -c -o libpolkit_gobject_1_la-polkitcheckauthorizationflags.lo `test -f 'polkitcheckauthorizationflags.c' || echo '$(srcdir)/'`polkitcheckauthorizationflags.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpolkit_gobject_1_la-polkitcheckauthorizationflags.Tpo $(DEPDIR)/libpolkit_gobject_1_la-polkitcheckauthorizationflags.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='polkitcheckauthorizationflags.c' object='libpolkit_gobject_1_la-polkitcheckauthorizationflags.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpolkit_gobject_1_la_CFLAGS) $(CFLAGS) -c -o libpolkit_gobject_1_la-polkitcheckauthorizationflags.lo `test -f 'polkitcheckauthorizationflags.c' || echo '$(srcdir)/'`polkitcheckauthorizationflags.c + +libpolkit_gobject_1_la-polkitimplicitauthorization.lo: polkitimplicitauthorization.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpolkit_gobject_1_la_CFLAGS) $(CFLAGS) -MT libpolkit_gobject_1_la-polkitimplicitauthorization.lo -MD -MP -MF $(DEPDIR)/libpolkit_gobject_1_la-polkitimplicitauthorization.Tpo -c -o libpolkit_gobject_1_la-polkitimplicitauthorization.lo `test -f 'polkitimplicitauthorization.c' || echo '$(srcdir)/'`polkitimplicitauthorization.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpolkit_gobject_1_la-polkitimplicitauthorization.Tpo $(DEPDIR)/libpolkit_gobject_1_la-polkitimplicitauthorization.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='polkitimplicitauthorization.c' object='libpolkit_gobject_1_la-polkitimplicitauthorization.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpolkit_gobject_1_la_CFLAGS) $(CFLAGS) -c -o libpolkit_gobject_1_la-polkitimplicitauthorization.lo `test -f 'polkitimplicitauthorization.c' || echo '$(srcdir)/'`polkitimplicitauthorization.c + +libpolkit_gobject_1_la-polkittemporaryauthorization.lo: polkittemporaryauthorization.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpolkit_gobject_1_la_CFLAGS) $(CFLAGS) -MT libpolkit_gobject_1_la-polkittemporaryauthorization.lo -MD -MP -MF $(DEPDIR)/libpolkit_gobject_1_la-polkittemporaryauthorization.Tpo -c -o libpolkit_gobject_1_la-polkittemporaryauthorization.lo `test -f 'polkittemporaryauthorization.c' || echo '$(srcdir)/'`polkittemporaryauthorization.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpolkit_gobject_1_la-polkittemporaryauthorization.Tpo $(DEPDIR)/libpolkit_gobject_1_la-polkittemporaryauthorization.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='polkittemporaryauthorization.c' object='libpolkit_gobject_1_la-polkittemporaryauthorization.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpolkit_gobject_1_la_CFLAGS) $(CFLAGS) -c -o libpolkit_gobject_1_la-polkittemporaryauthorization.lo `test -f 'polkittemporaryauthorization.c' || echo '$(srcdir)/'`polkittemporaryauthorization.c + +libpolkit_gobject_1_la-polkitpermission.lo: polkitpermission.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpolkit_gobject_1_la_CFLAGS) $(CFLAGS) -MT libpolkit_gobject_1_la-polkitpermission.lo -MD -MP -MF $(DEPDIR)/libpolkit_gobject_1_la-polkitpermission.Tpo -c -o libpolkit_gobject_1_la-polkitpermission.lo `test -f 'polkitpermission.c' || echo '$(srcdir)/'`polkitpermission.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpolkit_gobject_1_la-polkitpermission.Tpo $(DEPDIR)/libpolkit_gobject_1_la-polkitpermission.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='polkitpermission.c' object='libpolkit_gobject_1_la-polkitpermission.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpolkit_gobject_1_la_CFLAGS) $(CFLAGS) -c -o libpolkit_gobject_1_la-polkitpermission.lo `test -f 'polkitpermission.c' || echo '$(srcdir)/'`polkitpermission.c + +libpolkit_gobject_1_la-polkitunixsession-systemd.lo: polkitunixsession-systemd.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpolkit_gobject_1_la_CFLAGS) $(CFLAGS) -MT libpolkit_gobject_1_la-polkitunixsession-systemd.lo -MD -MP -MF $(DEPDIR)/libpolkit_gobject_1_la-polkitunixsession-systemd.Tpo -c -o libpolkit_gobject_1_la-polkitunixsession-systemd.lo `test -f 'polkitunixsession-systemd.c' || echo '$(srcdir)/'`polkitunixsession-systemd.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpolkit_gobject_1_la-polkitunixsession-systemd.Tpo $(DEPDIR)/libpolkit_gobject_1_la-polkitunixsession-systemd.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='polkitunixsession-systemd.c' object='libpolkit_gobject_1_la-polkitunixsession-systemd.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpolkit_gobject_1_la_CFLAGS) $(CFLAGS) -c -o libpolkit_gobject_1_la-polkitunixsession-systemd.lo `test -f 'polkitunixsession-systemd.c' || echo '$(srcdir)/'`polkitunixsession-systemd.c + +libpolkit_gobject_1_la-polkitunixsession.lo: polkitunixsession.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpolkit_gobject_1_la_CFLAGS) $(CFLAGS) -MT libpolkit_gobject_1_la-polkitunixsession.lo -MD -MP -MF $(DEPDIR)/libpolkit_gobject_1_la-polkitunixsession.Tpo -c -o libpolkit_gobject_1_la-polkitunixsession.lo `test -f 'polkitunixsession.c' || echo '$(srcdir)/'`polkitunixsession.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpolkit_gobject_1_la-polkitunixsession.Tpo $(DEPDIR)/libpolkit_gobject_1_la-polkitunixsession.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='polkitunixsession.c' object='libpolkit_gobject_1_la-polkitunixsession.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpolkit_gobject_1_la_CFLAGS) $(CFLAGS) -c -o libpolkit_gobject_1_la-polkitunixsession.lo `test -f 'polkitunixsession.c' || echo '$(srcdir)/'`polkitunixsession.c + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs +install-girDATA: $(gir_DATA) + @$(NORMAL_INSTALL) + test -z "$(girdir)" || $(MKDIR_P) "$(DESTDIR)$(girdir)" + @list='$(gir_DATA)'; test -n "$(girdir)" || list=; \ + for p in $$list; do \ + if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; \ + done | $(am__base_list) | \ + while read files; do \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(girdir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(girdir)" || exit $$?; \ + done + +uninstall-girDATA: + @$(NORMAL_UNINSTALL) + @list='$(gir_DATA)'; test -n "$(girdir)" || list=; \ + files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ + dir='$(DESTDIR)$(girdir)'; $(am__uninstall_files_from_dir) +install-typelibsDATA: $(typelibs_DATA) + @$(NORMAL_INSTALL) + test -z "$(typelibsdir)" || $(MKDIR_P) "$(DESTDIR)$(typelibsdir)" + @list='$(typelibs_DATA)'; test -n "$(typelibsdir)" || list=; \ + for p in $$list; do \ + if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; \ + done | $(am__base_list) | \ + while read files; do \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(typelibsdir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(typelibsdir)" || exit $$?; \ + done + +uninstall-typelibsDATA: + @$(NORMAL_UNINSTALL) + @list='$(typelibs_DATA)'; test -n "$(typelibsdir)" || list=; \ + files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ + dir='$(DESTDIR)$(typelibsdir)'; $(am__uninstall_files_from_dir) +install-libpolkit_gobject_1includeHEADERS: $(libpolkit_gobject_1include_HEADERS) + @$(NORMAL_INSTALL) + test -z "$(libpolkit_gobject_1includedir)" || $(MKDIR_P) "$(DESTDIR)$(libpolkit_gobject_1includedir)" + @list='$(libpolkit_gobject_1include_HEADERS)'; test -n "$(libpolkit_gobject_1includedir)" || list=; \ + for p in $$list; do \ + if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; \ + done | $(am__base_list) | \ + while read files; do \ + echo " $(INSTALL_HEADER) $$files '$(DESTDIR)$(libpolkit_gobject_1includedir)'"; \ + $(INSTALL_HEADER) $$files "$(DESTDIR)$(libpolkit_gobject_1includedir)" || exit $$?; \ + done + +uninstall-libpolkit_gobject_1includeHEADERS: + @$(NORMAL_UNINSTALL) + @list='$(libpolkit_gobject_1include_HEADERS)'; test -n "$(libpolkit_gobject_1includedir)" || list=; \ + files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ + dir='$(DESTDIR)$(libpolkit_gobject_1includedir)'; $(am__uninstall_files_from_dir) + +ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + mkid -fID $$unique +tags: TAGS + +TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + set x; \ + here=`pwd`; \ + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: CTAGS +CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done + $(MAKE) $(AM_MAKEFLAGS) \ + top_distdir="$(top_distdir)" distdir="$(distdir)" \ + dist-hook +check-am: all-am +check: $(BUILT_SOURCES) + $(MAKE) $(AM_MAKEFLAGS) check-am +all-am: Makefile $(LTLIBRARIES) $(DATA) $(HEADERS) +installdirs: + for dir in "$(DESTDIR)$(libdir)" "$(DESTDIR)$(girdir)" "$(DESTDIR)$(typelibsdir)" "$(DESTDIR)$(libpolkit_gobject_1includedir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: $(BUILT_SOURCES) + $(MAKE) $(AM_MAKEFLAGS) install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + if test -z '$(STRIP)'; then \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + install; \ + else \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ + fi +mostlyclean-generic: + +clean-generic: + -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." + -test -z "$(BUILT_SOURCES)" || rm -f $(BUILT_SOURCES) +clean: clean-am + +clean-am: clean-generic clean-libLTLIBRARIES clean-libtool clean-local \ + mostlyclean-am + +distclean: distclean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-tags + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: install-girDATA \ + install-libpolkit_gobject_1includeHEADERS install-typelibsDATA + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: install-libLTLIBRARIES + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-girDATA uninstall-libLTLIBRARIES \ + uninstall-libpolkit_gobject_1includeHEADERS \ + uninstall-typelibsDATA + +.MAKE: all check install install-am install-strip + +.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ + clean-libLTLIBRARIES clean-libtool clean-local ctags dist-hook \ + distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-girDATA install-html install-html-am \ + install-info install-info-am install-libLTLIBRARIES \ + install-libpolkit_gobject_1includeHEADERS install-man \ + install-pdf install-pdf-am install-ps install-ps-am \ + install-strip install-typelibsDATA installcheck \ + installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-compile \ + mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ + tags uninstall uninstall-am uninstall-girDATA \ + uninstall-libLTLIBRARIES \ + uninstall-libpolkit_gobject_1includeHEADERS \ + uninstall-typelibsDATA + + +polkitenumtypes.h: $(enum_headers) polkitenumtypes.h.template + ( top_builddir=`cd $(top_builddir) && pwd`; \ + cd $(srcdir) && glib-mkenums --template polkitenumtypes.h.template $(enum_headers)) > \ + polkitenumtypes.h.tmp && mv polkitenumtypes.h.tmp polkitenumtypes.h + +polkitenumtypes.c: $(enum_headers) polkitenumtypes.c.template + ( top_builddir=`cd $(top_builddir) && pwd`; \ + cd $(srcdir) && glib-mkenums --template polkitenumtypes.c.template $(enum_headers)) > \ + polkitenumtypes.c.tmp && mv polkitenumtypes.c.tmp polkitenumtypes.c + +@HAVE_INTROSPECTION_TRUE@include $(INTROSPECTION_MAKEFILE) + +dist-hook : + (for i in $(polkit_built_sources) $(BUILT_SOURCES) ; do rm -f $(distdir)/$$i ; done) + +clean-local : + rm -f *~ $(polkit_built_sources) $(BUILT_SOURCES) + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/src/polkit/polkit.h b/src/polkit/polkit.h new file mode 100644 index 00000000..bfe4c7de --- /dev/null +++ b/src/polkit/polkit.h @@ -0,0 +1,50 @@ +/* + * Copyright (C) 2008 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, write to the + * Free Software Foundation, Inc., 59 Temple Place, Suite 330, + * Boston, MA 02111-1307, USA. + * + * Author: David Zeuthen + */ + +#ifndef __POLKIT_H +#define __POLKIT_H + +#define _POLKIT_INSIDE_POLKIT_H 1 + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#undef _POLKIT_INSIDE_POLKIT_H + +#endif /* __POLKIT_H */ diff --git a/src/polkit/polkitactiondescription.c b/src/polkit/polkitactiondescription.c new file mode 100644 index 00000000..4bd96044 --- /dev/null +++ b/src/polkit/polkitactiondescription.c @@ -0,0 +1,384 @@ +/* + * Copyright (C) 2008 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, write to the + * Free Software Foundation, Inc., 59 Temple Place, Suite 330, + * Boston, MA 02111-1307, USA. + * + * Author: David Zeuthen + */ + +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + +#include +#include "polkitimplicitauthorization.h" +#include "polkitactiondescription.h" + +#include "polkitprivate.h" + +/** + * SECTION:polkitactiondescription + * @title: PolkitActionDescription + * @short_description: Description of Actions + * + * Object used to encapsulate a registered action. + */ + +/** + * PolkitActionDescription: + * + * The #PolkitActionDescription struct should not be accessed directly. + */ +struct _PolkitActionDescription +{ + GObject parent_instance; + gchar *action_id; + gchar *description; + gchar *message; + gchar *vendor_name; + gchar *vendor_url; + gchar *icon_name; + PolkitImplicitAuthorization implicit_any; + PolkitImplicitAuthorization implicit_inactive; + PolkitImplicitAuthorization implicit_active; + GHashTable *annotations; + gchar **annotation_keys; +}; + +struct _PolkitActionDescriptionClass +{ + GObjectClass parent_class; +}; + +G_DEFINE_TYPE (PolkitActionDescription, polkit_action_description, G_TYPE_OBJECT); + +static void +polkit_action_description_init (PolkitActionDescription *action_description) +{ + action_description->annotations = g_hash_table_new_full (g_str_hash, + g_str_equal, + g_free, + g_free); +} + +static void +polkit_action_description_finalize (GObject *object) +{ + PolkitActionDescription *action_description; + + action_description = POLKIT_ACTION_DESCRIPTION (object); + + g_free (action_description->action_id); + g_free (action_description->description); + g_free (action_description->message); + g_free (action_description->vendor_name); + g_free (action_description->vendor_url); + g_free (action_description->icon_name); + g_hash_table_unref (action_description->annotations); + g_strfreev (action_description->annotation_keys); + + if (G_OBJECT_CLASS (polkit_action_description_parent_class)->finalize != NULL) + G_OBJECT_CLASS (polkit_action_description_parent_class)->finalize (object); +} + +static void +polkit_action_description_class_init (PolkitActionDescriptionClass *klass) +{ + GObjectClass *gobject_class = G_OBJECT_CLASS (klass); + gobject_class->finalize = polkit_action_description_finalize; +} + +/** + * polkit_action_description_get_action_id: + * @action_description: A #PolkitActionDescription. + * + * Gets the action id for @action_description. + * + * Returns: A string owned by @action_description. Do not free. + */ +const gchar * +polkit_action_description_get_action_id (PolkitActionDescription *action_description) +{ + g_return_val_if_fail (POLKIT_IS_ACTION_DESCRIPTION (action_description), NULL); + return action_description->action_id; +} + +/** + * polkit_action_description_get_description: + * @action_description: A #PolkitActionDescription. + * + * Gets the description used for @action_description. + * + * Returns: A string owned by @action_description. Do not free. + */ +const gchar * +polkit_action_description_get_description (PolkitActionDescription *action_description) +{ + g_return_val_if_fail (POLKIT_IS_ACTION_DESCRIPTION (action_description), NULL); + return action_description->description; +} + +/** + * polkit_action_description_get_message: + * @action_description: A #PolkitActionDescription. + * + * Gets the message used for @action_description. + * + * Returns: A string owned by @action_description. Do not free. + */ +const gchar * +polkit_action_description_get_message (PolkitActionDescription *action_description) +{ + g_return_val_if_fail (POLKIT_IS_ACTION_DESCRIPTION (action_description), NULL); + return action_description->message; +} + +/** + * polkit_action_description_get_vendor_name: + * @action_description: A #PolkitActionDescription. + * + * Gets the vendor name for @action_description, if any. + * + * Returns: A string owned by @action_description. Do not free. + */ +const gchar * +polkit_action_description_get_vendor_name (PolkitActionDescription *action_description) +{ + g_return_val_if_fail (POLKIT_IS_ACTION_DESCRIPTION (action_description), NULL); + return action_description->vendor_name; +} + +/** + * polkit_action_description_get_vendor_url: + * @action_description: A #PolkitActionDescription. + * + * Gets the vendor URL for @action_description, if any. + * + * Returns: A string owned by @action_description. Do not free. + */ +const gchar * +polkit_action_description_get_vendor_url (PolkitActionDescription *action_description) +{ + g_return_val_if_fail (POLKIT_IS_ACTION_DESCRIPTION (action_description), NULL); + return action_description->vendor_url; +} + +/** + * polkit_action_description_get_implicit_any: + * @action_description: A #PolkitActionDescription. + * + * Gets the implicit authorization for @action_description used for + * any subject. + * + * Returns: A value from the #PolkitImplicitAuthorization enumeration. + */ +PolkitImplicitAuthorization +polkit_action_description_get_implicit_any (PolkitActionDescription *action_description) +{ + g_return_val_if_fail (POLKIT_IS_ACTION_DESCRIPTION (action_description), 0); + return action_description->implicit_any; +} + +/** + * polkit_action_description_get_implicit_inactive: + * @action_description: A #PolkitActionDescription. + * + * Gets the implicit authorization for @action_description used for + * subjects in inactive sessions on a local console. + * + * Returns: A value from the #PolkitImplicitAuthorization enumeration. + */ +PolkitImplicitAuthorization +polkit_action_description_get_implicit_inactive (PolkitActionDescription *action_description) +{ + g_return_val_if_fail (POLKIT_IS_ACTION_DESCRIPTION (action_description), 0); + return action_description->implicit_inactive; +} + +/** + * polkit_action_description_get_implicit_active: + * @action_description: A #PolkitActionDescription. + * + * Gets the implicit authorization for @action_description used for + * subjects in active sessions on a local console. + * + * Returns: A value from the #PolkitImplicitAuthorization enumeration. + */ +PolkitImplicitAuthorization +polkit_action_description_get_implicit_active (PolkitActionDescription *action_description) +{ + g_return_val_if_fail (POLKIT_IS_ACTION_DESCRIPTION (action_description), 0); + return action_description->implicit_active; +} + + +/** + * polkit_action_description_get_icon_name: + * @action_description: A #PolkitActionDescription. + * + * Gets the icon name for @action_description, if any. + * + * Returns: A string owned by @action_description. Do not free. + */ +const gchar * +polkit_action_description_get_icon_name (PolkitActionDescription *action_description) +{ + g_return_val_if_fail (POLKIT_IS_ACTION_DESCRIPTION (action_description), NULL); + return action_description->icon_name; +} + +/** + * polkit_action_description_get_annotation: + * @action_description: A #PolkitActionDescription. + * @key: An annotation key. + * + * Get the value of the annotation with @key. + * + * Returns: (allow-none): %NULL if there is no annoation with @key, + * otherwise the annotation value owned by @action_description. Do not + * free. + */ +const gchar * +polkit_action_description_get_annotation (PolkitActionDescription *action_description, + const gchar *key) +{ + g_return_val_if_fail (POLKIT_IS_ACTION_DESCRIPTION (action_description), NULL); + return g_hash_table_lookup (action_description->annotations, key); +} + +/** + * polkit_action_description_get_annotation_keys: + * @action_description: A #PolkitActionDescription. + * + * Gets the keys of annotations defined in @action_description. + * + * Returns: (transfer none): The annotation keys owned by @action_description. Do not free. + */ +const gchar * const * +polkit_action_description_get_annotation_keys (PolkitActionDescription *action_description) +{ + GPtrArray *p; + GHashTableIter iter; + const gchar *key; + + g_return_val_if_fail (POLKIT_IS_ACTION_DESCRIPTION (action_description), NULL); + + if (action_description->annotation_keys != NULL) + goto out; + + p = g_ptr_array_new (); + + g_hash_table_iter_init (&iter, action_description->annotations); + while (g_hash_table_iter_next (&iter, (gpointer) &key, NULL)) + g_ptr_array_add (p, g_strdup (key)); + + g_ptr_array_add (p, NULL); + action_description->annotation_keys = (gchar **) g_ptr_array_free (p, FALSE); + + out: + return (const gchar * const *) action_description->annotation_keys; +} + +PolkitActionDescription * +polkit_action_description_new (const gchar *action_id, + const gchar *description, + const gchar *message, + const gchar *vendor_name, + const gchar *vendor_url, + const gchar *icon_name, + PolkitImplicitAuthorization implicit_any, + PolkitImplicitAuthorization implicit_inactive, + PolkitImplicitAuthorization implicit_active, + GHashTable *annotations) +{ + PolkitActionDescription *ret; + g_return_val_if_fail (annotations != NULL, NULL); + ret = POLKIT_ACTION_DESCRIPTION (g_object_new (POLKIT_TYPE_ACTION_DESCRIPTION, NULL)); + ret->action_id = g_strdup (action_id); + ret->description = g_strdup (description); + ret->message = g_strdup (message); + ret->vendor_name = g_strdup (vendor_name); + ret->vendor_url = g_strdup (vendor_url); + ret->icon_name = g_strdup (icon_name); + ret->implicit_any = implicit_any; + ret->implicit_inactive = implicit_inactive; + ret->implicit_active = implicit_active; + if (ret->annotations != NULL) + g_hash_table_unref (ret->annotations); + ret->annotations = g_hash_table_ref (annotations); + return ret; +} + +PolkitActionDescription * +polkit_action_description_new_for_gvariant (GVariant *value) +{ + PolkitActionDescription *action_description; + GVariantIter iter; + GVariant *annotations_dict; + gchar *a_key; + gchar *a_value; + + action_description = POLKIT_ACTION_DESCRIPTION (g_object_new (POLKIT_TYPE_ACTION_DESCRIPTION, NULL)); + g_variant_get (value, + "(ssssssuuu@a{ss})", + &action_description->action_id, + &action_description->description, + &action_description->message, + &action_description->vendor_name, + &action_description->vendor_url, + &action_description->icon_name, + &action_description->implicit_any, + &action_description->implicit_inactive, + &action_description->implicit_active, + &annotations_dict); + g_variant_iter_init (&iter, annotations_dict); + while (g_variant_iter_next (&iter, "{ss}", &a_key, &a_value)) + g_hash_table_insert (action_description->annotations, a_key, a_value); /* adopts a_key and a_value */ + g_variant_unref (annotations_dict); + + return action_description; +} + +GVariant * +polkit_action_description_to_gvariant (PolkitActionDescription *action_description) +{ + GVariant *value; + GVariantBuilder builder; + GHashTableIter iter; + const gchar *a_key; + const gchar *a_value; + + g_variant_builder_init (&builder, G_VARIANT_TYPE ("a{ss}")); + + g_hash_table_iter_init (&iter, action_description->annotations); + while (g_hash_table_iter_next (&iter, (gpointer) &a_key, (gpointer) &a_value)) + g_variant_builder_add (&builder, "{ss}", a_key, a_value); + + /* TODO: note 'foo ? : ""' is a gcc specific extension (it's a short-hand for 'foo ? foo : ""') */ + value = g_variant_new ("(ssssssuuua{ss})", + action_description->action_id ? : "", + action_description->description ? : "", + action_description->message ? : "", + action_description->vendor_name ? : "", + action_description->vendor_url ? : "", + action_description->icon_name ? : "", + action_description->implicit_any, + action_description->implicit_inactive, + action_description->implicit_active, + &builder); + + return value; +} diff --git a/src/polkit/polkitactiondescription.h b/src/polkit/polkitactiondescription.h new file mode 100644 index 00000000..c9006245 --- /dev/null +++ b/src/polkit/polkitactiondescription.h @@ -0,0 +1,65 @@ +/* + * Copyright (C) 2008 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, write to the + * Free Software Foundation, Inc., 59 Temple Place, Suite 330, + * Boston, MA 02111-1307, USA. + * + * Author: David Zeuthen + */ + +#if !defined (_POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H) +#error "Only can be included directly, this file may disappear or change contents." +#endif + +#ifndef __POLKIT_ACTION_DESCRIPTION_H +#define __POLKIT_ACTION_DESCRIPTION_H + +#include +#include +#include + +G_BEGIN_DECLS + +#define POLKIT_TYPE_ACTION_DESCRIPTION (polkit_action_description_get_type()) +#define POLKIT_ACTION_DESCRIPTION(o) (G_TYPE_CHECK_INSTANCE_CAST ((o), POLKIT_TYPE_ACTION_DESCRIPTION, PolkitActionDescription)) +#define POLKIT_ACTION_DESCRIPTION_CLASS(k) (G_TYPE_CHECK_CLASS_CAST((k), POLKIT_TYPE_ACTION_DESCRIPTION, PolkitActionDescriptionClass)) +#define POLKIT_ACTION_DESCRIPTION_GET_CLASS(o) (G_TYPE_INSTANCE_GET_CLASS ((o), POLKIT_TYPE_ACTION_DESCRIPTION, PolkitActionDescriptionClass)) +#define POLKIT_IS_ACTION_DESCRIPTION(o) (G_TYPE_CHECK_INSTANCE_TYPE ((o), POLKIT_TYPE_ACTION_DESCRIPTION)) +#define POLKIT_IS_ACTION_DESCRIPTION_CLASS(k) (G_TYPE_CHECK_CLASS_TYPE ((k), POLKIT_TYPE_ACTION_DESCRIPTION)) + +#if 0 +typedef struct _PolkitActionDescription PolkitActionDescription; +#endif +typedef struct _PolkitActionDescriptionClass PolkitActionDescriptionClass; + +GType polkit_action_description_get_type (void) G_GNUC_CONST; +const gchar *polkit_action_description_get_action_id (PolkitActionDescription *action_description); +const gchar *polkit_action_description_get_description (PolkitActionDescription *action_description); +const gchar *polkit_action_description_get_message (PolkitActionDescription *action_description); +const gchar *polkit_action_description_get_vendor_name (PolkitActionDescription *action_description); +const gchar *polkit_action_description_get_vendor_url (PolkitActionDescription *action_description); +const gchar *polkit_action_description_get_icon_name (PolkitActionDescription *action_description); + +PolkitImplicitAuthorization polkit_action_description_get_implicit_any (PolkitActionDescription *action_description); +PolkitImplicitAuthorization polkit_action_description_get_implicit_inactive (PolkitActionDescription *action_description); +PolkitImplicitAuthorization polkit_action_description_get_implicit_active (PolkitActionDescription *action_description); + +const gchar *polkit_action_description_get_annotation (PolkitActionDescription *action_description, + const gchar *key); +const gchar * const *polkit_action_description_get_annotation_keys (PolkitActionDescription *action_description); + +G_END_DECLS + +#endif /* __POLKIT_ACTION_DESCRIPTION_H */ diff --git a/src/polkit/polkitauthority.c b/src/polkit/polkitauthority.c new file mode 100644 index 00000000..9947cf32 --- /dev/null +++ b/src/polkit/polkitauthority.c @@ -0,0 +1,2084 @@ +/* + * Copyright (C) 2008 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, write to the + * Free Software Foundation, Inc., 59 Temple Place, Suite 330, + * Boston, MA 02111-1307, USA. + * + * Author: David Zeuthen + */ + +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + +#include "polkitauthorizationresult.h" +#include "polkitcheckauthorizationflags.h" +#include "polkitauthority.h" +#include "polkiterror.h" +#include "polkitenumtypes.h" +#include "polkitsubject.h" +#include "polkitidentity.h" +#include "polkitdetails.h" + +#include "polkitprivate.h" + +/** + * SECTION:polkitauthority + * @title: PolkitAuthority + * @short_description: Authority + * @stability: Stable + * + * #PolkitAuthority is used for checking whether a given subject is + * authorized to perform a given action. Typically privileged system + * daemons or suid helpers will use this when handling requests from + * untrusted clients. + * + * User sessions can register an authentication agent with the + * authority. This is used for requests from untrusted clients where + * system policy requires that the user needs to acknowledge (through + * proving he is the user or the administrator) a given action. See + * #PolkitAgentListener and #PolkitAgentSession for details. + */ + +/** + * PolkitAuthority: + * + * The #PolkitAuthority struct should not be accessed directly. + */ +struct _PolkitAuthority +{ + /*< private >*/ + GObject parent_instance; + + gchar *name; + gchar *version; + + GDBusProxy *proxy; + guint cancellation_id_counter; + + gboolean initialized; + GError *initialization_error; +}; + +struct _PolkitAuthorityClass +{ + GObjectClass parent_class; + +}; + +G_LOCK_DEFINE_STATIC (the_lock); +static PolkitAuthority *the_authority = NULL; + +enum +{ + CHANGED_SIGNAL, + LAST_SIGNAL, +}; + +enum +{ + PROP_0, + PROP_OWNER, + PROP_BACKEND_NAME, + PROP_BACKEND_VERSION, + PROP_BACKEND_FEATURES +}; + +static guint signals[LAST_SIGNAL] = {0}; + +static void initable_iface_init (GInitableIface *initable_iface); +static void async_initable_iface_init (GAsyncInitableIface *async_initable_iface); + +G_DEFINE_TYPE_WITH_CODE (PolkitAuthority, polkit_authority, G_TYPE_OBJECT, + G_IMPLEMENT_INTERFACE (G_TYPE_INITABLE, initable_iface_init) + G_IMPLEMENT_INTERFACE (G_TYPE_ASYNC_INITABLE, async_initable_iface_init)) + +static void +on_proxy_signal (GDBusProxy *proxy, + const gchar *sender_name, + const gchar *signal_name, + GVariant *parameters, + gpointer user_data) +{ + PolkitAuthority *authority = POLKIT_AUTHORITY (user_data); + if (g_strcmp0 (signal_name, "Changed") == 0) + { + g_signal_emit_by_name (authority, "changed"); + } +} + +static void +on_notify_g_name_owner (GObject *object, + GParamSpec *ppsec, + gpointer user_data) +{ + PolkitAuthority *authority = POLKIT_AUTHORITY (user_data); + g_object_notify (G_OBJECT (authority), "owner"); +} + +static void +polkit_authority_init (PolkitAuthority *authority) +{ +} + +static void +polkit_authority_dispose (GObject *object) +{ + PolkitAuthority *authority = POLKIT_AUTHORITY (object); + + G_LOCK (the_lock); + if (authority == the_authority) + the_authority = NULL; + G_UNLOCK (the_lock); + + if (G_OBJECT_CLASS (polkit_authority_parent_class)->dispose != NULL) + G_OBJECT_CLASS (polkit_authority_parent_class)->dispose (object); +} + +static void +polkit_authority_finalize (GObject *object) +{ + PolkitAuthority *authority = POLKIT_AUTHORITY (object); + + if (authority->initialization_error != NULL) + g_error_free (authority->initialization_error); + + g_free (authority->name); + g_free (authority->version); + if (authority->proxy != NULL) + g_object_unref (authority->proxy); + + if (G_OBJECT_CLASS (polkit_authority_parent_class)->finalize != NULL) + G_OBJECT_CLASS (polkit_authority_parent_class)->finalize (object); +} + +static void +polkit_authority_get_property (GObject *object, + guint prop_id, + GValue *value, + GParamSpec *pspec) +{ + PolkitAuthority *authority = POLKIT_AUTHORITY (object); + + switch (prop_id) + { + case PROP_OWNER: + g_value_take_string (value, polkit_authority_get_owner (authority)); + break; + + case PROP_BACKEND_NAME: + g_value_set_string (value, polkit_authority_get_backend_name (authority)); + break; + + case PROP_BACKEND_VERSION: + g_value_set_string (value, polkit_authority_get_backend_version (authority)); + break; + + case PROP_BACKEND_FEATURES: + g_value_set_flags (value, polkit_authority_get_backend_features (authority)); + break; + + default: + G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); + break; + } +} + +static void +polkit_authority_class_init (PolkitAuthorityClass *klass) +{ + GObjectClass *gobject_class = G_OBJECT_CLASS (klass); + + gobject_class->dispose = polkit_authority_dispose; + gobject_class->finalize = polkit_authority_finalize; + gobject_class->get_property = polkit_authority_get_property; + + /** + * PolkitAuthority:owner: + * + * The unique name of the owner of the org.freedesktop.PolicyKit1 + * D-Bus service or %NULL if there is no owner. Connect to the + * #GObject::notify signal to track changes to this property. + */ + g_object_class_install_property (gobject_class, + PROP_OWNER, + g_param_spec_string ("owner", + "Owner", + "Owner.", + NULL, + G_PARAM_READABLE | + G_PARAM_STATIC_NAME | + G_PARAM_STATIC_NICK | + G_PARAM_STATIC_BLURB)); + + /** + * PolkitAuthority:backend-name: + * + * The name of the currently used Authority backend. + */ + g_object_class_install_property (gobject_class, + PROP_BACKEND_NAME, + g_param_spec_string ("backend-name", + "Backend name", + "The name of the currently used Authority backend.", + NULL, + G_PARAM_READABLE | + G_PARAM_STATIC_NAME | + G_PARAM_STATIC_NICK | + G_PARAM_STATIC_BLURB)); + + /** + * PolkitAuthority:version: + * + * The version of the currently used Authority backend. + */ + g_object_class_install_property (gobject_class, + PROP_BACKEND_VERSION, + g_param_spec_string ("backend-version", + "Backend version", + "The version of the currently used Authority backend.", + NULL, + G_PARAM_READABLE | + G_PARAM_STATIC_NAME | + G_PARAM_STATIC_NICK | + G_PARAM_STATIC_BLURB)); + + /** + * PolkitAuthority:backend-features: + * + * The features of the currently used Authority backend. + */ + g_object_class_install_property (gobject_class, + PROP_BACKEND_FEATURES, + g_param_spec_flags ("backend-features", + "Backend features", + "The features of the currently used Authority backend.", + POLKIT_TYPE_AUTHORITY_FEATURES, + POLKIT_AUTHORITY_FEATURES_NONE, + G_PARAM_READABLE | + G_PARAM_STATIC_NAME | + G_PARAM_STATIC_NICK | + G_PARAM_STATIC_BLURB)); + + /** + * PolkitAuthority::changed: + * @authority: A #PolkitAuthority. + * + * Emitted when actions and/or authorizations change + */ + signals[CHANGED_SIGNAL] = g_signal_new ("changed", + POLKIT_TYPE_AUTHORITY, + G_SIGNAL_RUN_LAST, + 0, /* class offset */ + NULL, /* accumulator */ + NULL, /* accumulator data */ + g_cclosure_marshal_VOID__VOID, + G_TYPE_NONE, + 0); +} + +/* ---------------------------------------------------------------------------------------------------- */ + +static gboolean +polkit_authority_initable_init (GInitable *initable, + GCancellable *cancellable, + GError **error) +{ + PolkitAuthority *authority = POLKIT_AUTHORITY (initable); + gboolean ret; + + /* This method needs to be idempotent to work with the singleton + * pattern. See the docs for g_initable_init(). We implement this by + * locking. + */ + + ret = FALSE; + + G_LOCK (the_lock); + if (authority->initialized) + { + if (authority->initialization_error == NULL) + ret = TRUE; + goto out; + } + + authority->proxy = g_dbus_proxy_new_for_bus_sync (G_BUS_TYPE_SYSTEM, + G_DBUS_PROXY_FLAGS_NONE, + NULL, /* TODO: pass GDBusInterfaceInfo* */ + "org.freedesktop.PolicyKit1", /* name */ + "/org/freedesktop/PolicyKit1/Authority", /* path */ + "org.freedesktop.PolicyKit1.Authority", /* interface */ + cancellable, + &authority->initialization_error); + if (authority->proxy == NULL) + { + g_prefix_error (&authority->initialization_error, "Error initializing authority: "); + goto out; + } + g_signal_connect (authority->proxy, + "g-signal", + G_CALLBACK (on_proxy_signal), + authority); + g_signal_connect (authority->proxy, + "notify::g-name-owner", + G_CALLBACK (on_notify_g_name_owner), + authority); + + ret = TRUE; + + out: + authority->initialized = TRUE; + + if (!ret) + { + g_assert (authority->initialization_error != NULL); + g_propagate_error (error, g_error_copy (authority->initialization_error)); + } + G_UNLOCK (the_lock); + return ret; +} + +/* ---------------------------------------------------------------------------------------------------- */ + +static void +initable_iface_init (GInitableIface *initable_iface) +{ + initable_iface->init = polkit_authority_initable_init; +} + +static void +async_initable_iface_init (GAsyncInitableIface *async_initable_iface) +{ + /* for now, we use default implementation to run GInitable code in a + * thread - would probably be nice to have real async version to + * avoid the thread-overhead + */ +} + +/* ---------------------------------------------------------------------------------------------------- */ + +/* deprecated, see polkitauthority.h */ + +/** + * polkit_authority_get: + * + * (deprecated) + * + * Returns: (transfer full): value + */ +PolkitAuthority * +polkit_authority_get (void) +{ + GError *error; + PolkitAuthority *ret; + + error = NULL; + ret = polkit_authority_get_sync (NULL, /* GCancellable* */ + &error); + if (ret == NULL) + { + g_warning ("polkit_authority_get: Error getting authority: %s", + error->message); + g_error_free (error); + } + + return ret; +} + +/* ---------------------------------------------------------------------------------------------------- */ + +static PolkitAuthority * +get_uninitialized_authority (GCancellable *cancellable, + GError **error) +{ + static volatile GQuark error_quark = 0; + + G_LOCK (the_lock); + if (error_quark == 0) + error_quark = POLKIT_ERROR; + + if (the_authority != NULL) + { + g_object_ref (the_authority); + goto out; + } + the_authority = POLKIT_AUTHORITY (g_object_new (POLKIT_TYPE_AUTHORITY, NULL)); + out: + G_UNLOCK (the_lock); + return the_authority; +} + +static void +authority_get_async_cb (GObject *source_object, + GAsyncResult *res, + gpointer user_data) +{ + GSimpleAsyncResult *simple = G_SIMPLE_ASYNC_RESULT (user_data); + GError *error; + + error = NULL; + if (!g_async_initable_init_finish (G_ASYNC_INITABLE (source_object), + res, + &error)) + { + g_assert (error != NULL); + g_simple_async_result_set_from_error (simple, error); + g_error_free (error); + g_object_unref (source_object); + } + else + { + g_simple_async_result_set_op_res_gpointer (simple, + source_object, + g_object_unref); + } + g_simple_async_result_complete_in_idle (simple); + g_object_unref (simple); +} + +/** + * polkit_authority_get_async: + * @cancellable: (allow-none): A #GCancellable or %NULL. + * @callback: A #GAsyncReadyCallback to call when the request is satisfied. + * @user_data: The data to pass to @callback. + * + * Asynchronously gets a reference to the authority. + * + * This is an asynchronous failable function. When the result is + * ready, @callback will be invoked in the thread-default main + * loop of the thread you are calling this method from and you + * can use polkit_authority_get_finish() to get the result. See + * polkit_authority_get_sync() for the synchronous version. + */ +void +polkit_authority_get_async (GCancellable *cancellable, + GAsyncReadyCallback callback, + gpointer user_data) +{ + PolkitAuthority *authority; + GSimpleAsyncResult *simple; + GError *error; + + g_return_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable)); + + simple = g_simple_async_result_new (NULL, + callback, + user_data, + polkit_authority_get_async); + + error = NULL; + authority = get_uninitialized_authority (cancellable, &error); + if (authority == NULL) + { + g_assert (error != NULL); + g_simple_async_result_set_from_error (simple, error); + g_error_free (error); + g_simple_async_result_complete_in_idle (simple); + g_object_unref (simple); + } + else + { + g_async_initable_init_async (G_ASYNC_INITABLE (authority), + G_PRIORITY_DEFAULT, + cancellable, + authority_get_async_cb, + simple); + } +} + +/** + * polkit_authority_get_finish: + * @res: A #GAsyncResult obtained from the #GAsyncReadyCallback passed to polkit_authority_get_async(). + * @error: (allow-none): Return location for error or %NULL. + * + * Finishes an operation started with polkit_authority_get_async(). + * + * Returns: (transfer full): A #PolkitAuthority. Free it with + * g_object_unref() when done with it. + */ +PolkitAuthority * +polkit_authority_get_finish (GAsyncResult *res, + GError **error) +{ + GSimpleAsyncResult *simple; + GObject *object; + PolkitAuthority *ret; + + g_return_val_if_fail (G_IS_SIMPLE_ASYNC_RESULT (res), NULL); + g_return_val_if_fail (error == NULL || *error == NULL, NULL); + + simple = G_SIMPLE_ASYNC_RESULT (res); + + g_warn_if_fail (g_simple_async_result_get_source_tag (simple) == polkit_authority_get_async); + + ret = NULL; + + if (g_simple_async_result_propagate_error (simple, error)) + goto out; + + object = g_simple_async_result_get_op_res_gpointer (simple); + g_assert (object != NULL); + ret = g_object_ref (POLKIT_AUTHORITY (object)); + + out: + return ret; +} + +/** + * polkit_authority_get_sync: + * @cancellable: (allow-none): A #GCancellable or %NULL. + * @error: (allow-none): Return location for error or %NULL. + * + * Synchronously gets a reference to the authority. + * + * This is a synchronous failable function - the calling thread is + * blocked until a reply is received. See polkit_authority_get_async() + * for the asynchronous version. + * + * Returns: (transfer full): A #PolkitAuthority. Free it with + * g_object_unref() when done with it. + */ +PolkitAuthority * +polkit_authority_get_sync (GCancellable *cancellable, + GError **error) +{ + PolkitAuthority *authority; + + g_return_val_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable), NULL); + g_return_val_if_fail (error == NULL || *error == NULL, NULL); + + authority = get_uninitialized_authority (cancellable, error); + if (authority == NULL) + goto out; + + if (!g_initable_init (G_INITABLE (authority), cancellable, error)) + { + g_object_unref (authority); + authority = NULL; + } + + out: + return authority; +} + +/* ---------------------------------------------------------------------------------------------------- */ + +typedef struct +{ + GAsyncResult *res; + GMainContext *context; + GMainLoop *loop; +} CallSyncData; + +static CallSyncData * +call_sync_new (void) +{ + CallSyncData *data; + data = g_new0 (CallSyncData, 1); + data->context = g_main_context_new (); + data->loop = g_main_loop_new (data->context, FALSE); + g_main_context_push_thread_default (data->context); + return data; +} + +static void +call_sync_cb (GObject *source_object, + GAsyncResult *res, + gpointer user_data) +{ + CallSyncData *data = user_data; + data->res = g_object_ref (res); + g_main_loop_quit (data->loop); +} + +static void +call_sync_block (CallSyncData *data) +{ + g_main_loop_run (data->loop); +} + +static void +call_sync_free (CallSyncData *data) +{ + g_main_context_pop_thread_default (data->context); + g_main_context_unref (data->context); + g_main_loop_unref (data->loop); + g_object_unref (data->res); + g_free (data); +} + +/* ---------------------------------------------------------------------------------------------------- */ + +static void +generic_async_cb (GObject *source_obj, + GAsyncResult *res, + gpointer user_data) +{ + GSimpleAsyncResult *simple = G_SIMPLE_ASYNC_RESULT (user_data); + g_simple_async_result_set_op_res_gpointer (simple, g_object_ref (res), g_object_unref); + g_simple_async_result_complete (simple); + g_object_unref (simple); +} + +/* ---------------------------------------------------------------------------------------------------- */ + +/** + * polkit_authority_enumerate_actions: + * @authority: A #PolkitAuthority. + * @cancellable: (allow-none): A #GCancellable or %NULL. + * @callback: A #GAsyncReadyCallback to call when the request is satisfied. + * @user_data: The data to pass to @callback. + * + * Asynchronously retrieves all registered actions. + * + * When the operation is finished, @callback will be invoked in the + * thread-default + * main loop of the thread you are calling this method + * from. You can then call polkit_authority_enumerate_actions_finish() + * to get the result of the operation. + **/ +void +polkit_authority_enumerate_actions (PolkitAuthority *authority, + GCancellable *cancellable, + GAsyncReadyCallback callback, + gpointer user_data) +{ + g_return_if_fail (POLKIT_IS_AUTHORITY (authority)); + g_return_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable)); + g_dbus_proxy_call (authority->proxy, + "EnumerateActions", + g_variant_new ("(s)", + ""), /* TODO: use system locale */ + G_DBUS_CALL_FLAGS_NONE, + -1, + cancellable, + generic_async_cb, + g_simple_async_result_new (G_OBJECT (authority), + callback, + user_data, + polkit_authority_enumerate_actions)); +} + +/** + * polkit_authority_enumerate_actions_finish: + * @authority: A #PolkitAuthority. + * @res: A #GAsyncResult obtained from the callback. + * @error: (allow-none): Return location for error or %NULL. + * + * Finishes retrieving all registered actions. + * + * Returns: (transfer full): A list of #PolkitActionDescription + * objects or %NULL if @error is set. The returned list should be + * freed with g_list_free() after each element have been freed with + * g_object_unref(). + **/ +GList * +polkit_authority_enumerate_actions_finish (PolkitAuthority *authority, + GAsyncResult *res, + GError **error) +{ + GList *ret; + GVariant *value; + GVariantIter iter; + GVariant *child; + GVariant *array; + GAsyncResult *_res; + + g_return_val_if_fail (POLKIT_IS_AUTHORITY (authority), NULL); + g_return_val_if_fail (G_IS_SIMPLE_ASYNC_RESULT (res), NULL); + g_return_val_if_fail (error == NULL || *error == NULL, NULL); + + ret = NULL; + + g_warn_if_fail (g_simple_async_result_get_source_tag (G_SIMPLE_ASYNC_RESULT (res)) == polkit_authority_enumerate_actions); + _res = G_ASYNC_RESULT (g_simple_async_result_get_op_res_gpointer (G_SIMPLE_ASYNC_RESULT (res))); + + value = g_dbus_proxy_call_finish (authority->proxy, _res, error); + if (value == NULL) + goto out; + + array = g_variant_get_child_value (value, 0); + g_variant_iter_init (&iter, array); + while ((child = g_variant_iter_next_value (&iter)) != NULL) + { + ret = g_list_prepend (ret, polkit_action_description_new_for_gvariant (child)); + g_variant_ref_sink (child); + g_variant_unref (child); + } + ret = g_list_reverse (ret); + g_variant_unref (array); + g_variant_unref (value); + + out: + return ret; +} + +/** + * polkit_authority_enumerate_actions_sync: + * @authority: A #PolkitAuthority. + * @cancellable: (allow-none): A #GCancellable or %NULL. + * @error: (allow-none): Return location for error or %NULL. + * + * Synchronously retrieves all registered actions - the calling thread + * is blocked until a reply is received. See + * polkit_authority_enumerate_actions() for the asynchronous version. + * + * Returns: (transfer full): A list of #PolkitActionDescription or + * %NULL if @error is set. The returned list should be freed with + * g_list_free() after each element have been freed with + * g_object_unref(). + **/ +GList * +polkit_authority_enumerate_actions_sync (PolkitAuthority *authority, + GCancellable *cancellable, + GError **error) +{ + GList *ret; + CallSyncData *data; + + g_return_val_if_fail (POLKIT_IS_AUTHORITY (authority), NULL); + g_return_val_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable), NULL); + g_return_val_if_fail (error == NULL || *error == NULL, NULL); + + data = call_sync_new (); + polkit_authority_enumerate_actions (authority, cancellable, call_sync_cb, data); + call_sync_block (data); + ret = polkit_authority_enumerate_actions_finish (authority, data->res, error); + call_sync_free (data); + + return ret; +} + +/* ---------------------------------------------------------------------------------------------------- */ + +typedef struct +{ + PolkitAuthority *authority; + GSimpleAsyncResult *simple; + gchar *cancellation_id; +} CheckAuthData; + +static void +cancel_check_authorization_cb (GDBusProxy *proxy, + GAsyncResult *res, + gpointer user_data) +{ + GVariant *value; + GError *error; + + error = NULL; + value = g_dbus_proxy_call_finish (proxy, res, &error); + if (value == NULL) + { + g_warning ("Error cancelling authorization check: %s", error->message); + g_error_free (error); + } + else + { + g_variant_unref (value); + } +} + +static void +check_authorization_cb (GDBusProxy *proxy, + GAsyncResult *res, + gpointer user_data) +{ + CheckAuthData *data = user_data; + GVariant *value; + GError *error; + + error = NULL; + value = g_dbus_proxy_call_finish (proxy, res, &error); + if (value == NULL) + { + if (data->cancellation_id != NULL && + (!g_dbus_error_is_remote_error (error) && + error->domain == G_IO_ERROR && + error->code == G_IO_ERROR_CANCELLED)) + { + g_dbus_proxy_call (data->authority->proxy, + "CancelCheckAuthorization", + g_variant_new ("(s)", data->cancellation_id), + G_DBUS_CALL_FLAGS_NONE, + -1, + NULL, /* GCancellable */ + (GAsyncReadyCallback) cancel_check_authorization_cb, + NULL); + } + g_simple_async_result_set_from_error (data->simple, error); + g_error_free (error); + } + else + { + GVariant *result_value; + PolkitAuthorizationResult *result; + result_value = g_variant_get_child_value (value, 0); + result = polkit_authorization_result_new_for_gvariant (result_value); + g_variant_unref (result_value); + g_variant_unref (value); + g_simple_async_result_set_op_res_gpointer (data->simple, result, g_object_unref); + } + + g_simple_async_result_complete (data->simple); + + g_object_unref (data->authority); + g_object_unref (data->simple); + g_free (data->cancellation_id); + g_free (data); +} + +/** + * polkit_authority_check_authorization: + * @authority: A #PolkitAuthority. + * @subject: A #PolkitSubject. + * @action_id: The action to check for. + * @details: (allow-none): Details about the action or %NULL. + * @flags: A set of #PolkitCheckAuthorizationFlags. + * @cancellable: (allow-none): A #GCancellable or %NULL. + * @callback: A #GAsyncReadyCallback to call when the request is satisfied. + * @user_data: The data to pass to @callback. + * + * Asynchronously checks if @subject is authorized to perform the action represented + * by @action_id. + * + * Note that %POLKIT_CHECK_AUTHORIZATION_FLAGS_ALLOW_USER_INTERACTION + * SHOULD be passed ONLY if + * the event that triggered the authorization check is stemming from + * an user action, e.g. the user pressing a button or attaching a + * device. + * + * When the operation is finished, @callback will be invoked in the + * thread-default + * main loop of the thread you are calling this method + * from. You can then call + * polkit_authority_check_authorization_finish() to get the result of + * the operation. + * + * Known keys in @details include polkit.message + * and polkit.gettext_domain that can be used to + * override the message shown to the user. See the documentation for + * the D-Bus method for more details. + * + * If @details is non-empty then the request will fail with + * #POLKIT_ERROR_FAILED unless the process doing the check itsef is + * sufficiently authorized (e.g. running as uid 0). + **/ +void +polkit_authority_check_authorization (PolkitAuthority *authority, + PolkitSubject *subject, + const gchar *action_id, + PolkitDetails *details, + PolkitCheckAuthorizationFlags flags, + GCancellable *cancellable, + GAsyncReadyCallback callback, + gpointer user_data) +{ + GVariant *subject_value; + GVariant *details_value; + CheckAuthData *data; + + g_return_if_fail (POLKIT_IS_AUTHORITY (authority)); + g_return_if_fail (POLKIT_IS_SUBJECT (subject)); + g_return_if_fail (action_id != NULL); + g_return_if_fail (details == NULL || POLKIT_IS_DETAILS (details)); + g_return_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable)); + + subject_value = polkit_subject_to_gvariant (subject); + details_value = polkit_details_to_gvariant (details); + g_variant_ref_sink (subject_value); + g_variant_ref_sink (details_value); + + data = g_new0 (CheckAuthData, 1); + data->authority = g_object_ref (authority); + data->simple = g_simple_async_result_new (G_OBJECT (authority), + callback, + user_data, + polkit_authority_check_authorization); + G_LOCK (the_lock); + if (cancellable != NULL) + data->cancellation_id = g_strdup_printf ("cancellation-id-%d", authority->cancellation_id_counter++); + G_UNLOCK (the_lock); + + g_dbus_proxy_call (authority->proxy, + "CheckAuthorization", + g_variant_new ("(@(sa{sv})s@a{ss}us)", + subject_value, + action_id, + details_value, + flags, + data->cancellation_id != NULL ? data->cancellation_id : ""), + G_DBUS_CALL_FLAGS_NONE, + G_MAXINT, /* no timeout */ + cancellable, + (GAsyncReadyCallback) check_authorization_cb, + data); + g_variant_unref (subject_value); + g_variant_unref (details_value); +} + +/** + * polkit_authority_check_authorization_finish: + * @authority: A #PolkitAuthority. + * @res: A #GAsyncResult obtained from the callback. + * @error: (allow-none): Return location for error or %NULL. + * + * Finishes checking if a subject is authorized for an action. + * + * Returns: (transfer full): A #PolkitAuthorizationResult or %NULL if + * @error is set. Free with g_object_unref(). + **/ +PolkitAuthorizationResult * +polkit_authority_check_authorization_finish (PolkitAuthority *authority, + GAsyncResult *res, + GError **error) +{ + PolkitAuthorizationResult *ret; + + g_return_val_if_fail (POLKIT_IS_AUTHORITY (authority), NULL); + g_return_val_if_fail (G_IS_SIMPLE_ASYNC_RESULT (res), NULL); + g_return_val_if_fail (error == NULL || *error == NULL, NULL); + + ret = NULL; + + if (g_simple_async_result_propagate_error (G_SIMPLE_ASYNC_RESULT (res), error)) + goto out; + + ret = g_object_ref (g_simple_async_result_get_op_res_gpointer (G_SIMPLE_ASYNC_RESULT (res))); + + out: + return ret; +} + +/** + * polkit_authority_check_authorization_sync: + * @authority: A #PolkitAuthority. + * @subject: A #PolkitSubject. + * @action_id: The action to check for. + * @details: (allow-none): Details about the action or %NULL. + * @flags: A set of #PolkitCheckAuthorizationFlags. + * @cancellable: (allow-none): A #GCancellable or %NULL. + * @error: (allow-none): Return location for error or %NULL. + * + * Checks if @subject is authorized to perform the action represented + * by @action_id. + * + * Note that %POLKIT_CHECK_AUTHORIZATION_FLAGS_ALLOW_USER_INTERACTION + * SHOULD be passed ONLY if + * the event that triggered the authorization check is stemming from + * an user action, e.g. the user pressing a button or attaching a + * device. + * + * Note the calling thread is blocked until a reply is received. You + * should therefore NEVER do this from a GUI + * thread or a daemon service thread when using the + * %POLKIT_CHECK_AUTHORIZATION_FLAGS_ALLOW_USER_INTERACTION flag. This + * is because it may potentially take minutes (or even hours) for the + * operation to complete because it involves waiting for the user to + * authenticate. + * + * Known keys in @details include polkit.message + * and polkit.gettext_domain that can be used to + * override the message shown to the user. See the documentation for + * the D-Bus method for more details. + * + * Returns: (transfer full): A #PolkitAuthorizationResult or %NULL if @error is set. Free with g_object_unref(). + */ +PolkitAuthorizationResult * +polkit_authority_check_authorization_sync (PolkitAuthority *authority, + PolkitSubject *subject, + const gchar *action_id, + PolkitDetails *details, + PolkitCheckAuthorizationFlags flags, + GCancellable *cancellable, + GError **error) +{ + PolkitAuthorizationResult *ret; + CallSyncData *data; + + g_return_val_if_fail (POLKIT_IS_AUTHORITY (authority), NULL); + g_return_val_if_fail (POLKIT_IS_SUBJECT (subject), NULL); + g_return_val_if_fail (action_id != NULL, NULL); + g_return_val_if_fail (details == NULL || POLKIT_IS_DETAILS (details), NULL); + g_return_val_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable), NULL); + g_return_val_if_fail (error == NULL || *error == NULL, NULL); + + data = call_sync_new (); + polkit_authority_check_authorization (authority, subject, action_id, details, flags, cancellable, call_sync_cb, data); + call_sync_block (data); + ret = polkit_authority_check_authorization_finish (authority, data->res, error); + call_sync_free (data); + + return ret; +} + +/* ---------------------------------------------------------------------------------------------------- */ + +/** + * polkit_authority_register_authentication_agent: + * @authority: A #PolkitAuthority. + * @subject: The subject the authentication agent is for, typically a #PolkitUnixSession object. + * @locale: The locale of the authentication agent. + * @object_path: The object path for the authentication agent. + * @cancellable: (allow-none): A #GCancellable or %NULL. + * @callback: A #GAsyncReadyCallback to call when the request is satisfied. + * @user_data: The data to pass to @callback. + * + * Asynchronously registers an authentication agent. + * + * When the operation is finished, @callback will be invoked in the + * thread-default + * main loop of the thread you are calling this method + * from. You can then call + * polkit_authority_register_authentication_agent_finish() to get the + * result of the operation. + **/ +void +polkit_authority_register_authentication_agent (PolkitAuthority *authority, + PolkitSubject *subject, + const gchar *locale, + const gchar *object_path, + GCancellable *cancellable, + GAsyncReadyCallback callback, + gpointer user_data) +{ + GVariant *subject_value; + + g_return_if_fail (POLKIT_IS_AUTHORITY (authority)); + g_return_if_fail (POLKIT_IS_SUBJECT (subject)); + g_return_if_fail (locale != NULL); + g_return_if_fail (g_variant_is_object_path (object_path)); + g_return_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable)); + + subject_value = polkit_subject_to_gvariant (subject); + g_variant_ref_sink (subject_value); + g_dbus_proxy_call (authority->proxy, + "RegisterAuthenticationAgent", + g_variant_new ("(@(sa{sv})ss)", + subject_value, + locale, + object_path), + G_DBUS_CALL_FLAGS_NONE, + -1, + cancellable, + generic_async_cb, + g_simple_async_result_new (G_OBJECT (authority), + callback, + user_data, + polkit_authority_register_authentication_agent)); + g_variant_unref (subject_value); +} + +/** + * polkit_authority_register_authentication_agent_finish: + * @authority: A #PolkitAuthority. + * @res: A #GAsyncResult obtained from the callback. + * @error: (allow-none): Return location for error or %NULL. + * + * Finishes registering an authentication agent. + * + * Returns: %TRUE if the authentication agent was successfully registered, %FALSE if @error is set. + **/ +gboolean +polkit_authority_register_authentication_agent_finish (PolkitAuthority *authority, + GAsyncResult *res, + GError **error) +{ + gboolean ret; + GVariant *value; + GAsyncResult *_res; + + g_return_val_if_fail (POLKIT_IS_AUTHORITY (authority), FALSE); + g_return_val_if_fail (G_IS_SIMPLE_ASYNC_RESULT (res), FALSE); + g_return_val_if_fail (error == NULL || *error == NULL, FALSE); + + ret = FALSE; + + g_warn_if_fail (g_simple_async_result_get_source_tag (G_SIMPLE_ASYNC_RESULT (res)) == polkit_authority_register_authentication_agent); + _res = G_ASYNC_RESULT (g_simple_async_result_get_op_res_gpointer (G_SIMPLE_ASYNC_RESULT (res))); + + value = g_dbus_proxy_call_finish (authority->proxy, _res, error); + if (value == NULL) + goto out; + ret = TRUE; + g_variant_unref (value); + + out: + return ret; +} + + +/** + * polkit_authority_register_authentication_agent_sync: + * @authority: A #PolkitAuthority. + * @subject: The subject the authentication agent is for, typically a #PolkitUnixSession object. + * @locale: The locale of the authentication agent. + * @object_path: The object path for the authentication agent. + * @cancellable: (allow-none): A #GCancellable or %NULL. + * @error: (allow-none): Return location for error or %NULL. + * + * Registers an authentication agent. The calling thread is blocked + * until a reply is received. See + * polkit_authority_register_authentication_agent() for the + * asynchronous version. + * + * Returns: %TRUE if the authentication agent was successfully registered, %FALSE if @error is set. + **/ +gboolean +polkit_authority_register_authentication_agent_sync (PolkitAuthority *authority, + PolkitSubject *subject, + const gchar *locale, + const gchar *object_path, + GCancellable *cancellable, + GError **error) +{ + gboolean ret; + CallSyncData *data; + + g_return_val_if_fail (POLKIT_IS_AUTHORITY (authority), FALSE); + g_return_val_if_fail (POLKIT_IS_SUBJECT (subject), FALSE); + g_return_val_if_fail (locale != NULL, FALSE); + g_return_val_if_fail (g_variant_is_object_path (object_path), FALSE); + g_return_val_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable), FALSE); + g_return_val_if_fail (error == NULL || *error == NULL, FALSE); + + data = call_sync_new (); + polkit_authority_register_authentication_agent (authority, subject, locale, object_path, cancellable, call_sync_cb, data); + call_sync_block (data); + ret = polkit_authority_register_authentication_agent_finish (authority, data->res, error); + call_sync_free (data); + + return ret; +} + +/* ---------------------------------------------------------------------------------------------------- */ + +/** + * polkit_authority_register_authentication_agent_with_options: + * @authority: A #PolkitAuthority. + * @subject: The subject the authentication agent is for, typically a #PolkitUnixSession object. + * @locale: The locale of the authentication agent. + * @object_path: The object path for the authentication agent. + * @options: (allow-none): A #GVariant with options or %NULL. + * @cancellable: (allow-none): A #GCancellable or %NULL. + * @callback: A #GAsyncReadyCallback to call when the request is satisfied. + * @user_data: The data to pass to @callback. + * + * Asynchronously registers an authentication agent. + * + * When the operation is finished, @callback will be invoked in the + * thread-default + * main loop of the thread you are calling this method + * from. You can then call + * polkit_authority_register_authentication_agent_with_options_finish() to get the + * result of the operation. + **/ +void +polkit_authority_register_authentication_agent_with_options (PolkitAuthority *authority, + PolkitSubject *subject, + const gchar *locale, + const gchar *object_path, + GVariant *options, + GCancellable *cancellable, + GAsyncReadyCallback callback, + gpointer user_data) +{ + GVariant *subject_value; + + g_return_if_fail (POLKIT_IS_AUTHORITY (authority)); + g_return_if_fail (POLKIT_IS_SUBJECT (subject)); + g_return_if_fail (locale != NULL); + g_return_if_fail (g_variant_is_object_path (object_path)); + g_return_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable)); + + subject_value = polkit_subject_to_gvariant (subject); + g_variant_ref_sink (subject_value); + if (options != NULL) + { + g_dbus_proxy_call (authority->proxy, + "RegisterAuthenticationAgentWithOptions", + g_variant_new ("(@(sa{sv})ss@a{sv})", + subject_value, + locale, + object_path, + options), + G_DBUS_CALL_FLAGS_NONE, + -1, + cancellable, + generic_async_cb, + g_simple_async_result_new (G_OBJECT (authority), + callback, + user_data, + polkit_authority_register_authentication_agent_with_options)); + } + else + { + g_dbus_proxy_call (authority->proxy, + "RegisterAuthenticationAgent", + g_variant_new ("(@(sa{sv})ss)", + subject_value, + locale, + object_path), + G_DBUS_CALL_FLAGS_NONE, + -1, + cancellable, + generic_async_cb, + g_simple_async_result_new (G_OBJECT (authority), + callback, + user_data, + polkit_authority_register_authentication_agent_with_options)); + } + g_variant_unref (subject_value); +} + +/** + * polkit_authority_register_authentication_agent_with_options_finish: + * @authority: A #PolkitAuthority. + * @res: A #GAsyncResult obtained from the callback. + * @error: (allow-none): Return location for error or %NULL. + * + * Finishes registering an authentication agent. + * + * Returns: %TRUE if the authentication agent was successfully registered, %FALSE if @error is set. + **/ +gboolean +polkit_authority_register_authentication_agent_with_options_finish (PolkitAuthority *authority, + GAsyncResult *res, + GError **error) +{ + gboolean ret; + GVariant *value; + GAsyncResult *_res; + + g_return_val_if_fail (POLKIT_IS_AUTHORITY (authority), FALSE); + g_return_val_if_fail (G_IS_SIMPLE_ASYNC_RESULT (res), FALSE); + g_return_val_if_fail (error == NULL || *error == NULL, FALSE); + + ret = FALSE; + + g_warn_if_fail (g_simple_async_result_get_source_tag (G_SIMPLE_ASYNC_RESULT (res)) == polkit_authority_register_authentication_agent_with_options); + _res = G_ASYNC_RESULT (g_simple_async_result_get_op_res_gpointer (G_SIMPLE_ASYNC_RESULT (res))); + + value = g_dbus_proxy_call_finish (authority->proxy, _res, error); + if (value == NULL) + goto out; + ret = TRUE; + g_variant_unref (value); + + out: + return ret; +} + + +/** + * polkit_authority_register_authentication_agent_with_options_sync: + * @authority: A #PolkitAuthority. + * @subject: The subject the authentication agent is for, typically a #PolkitUnixSession object. + * @locale: The locale of the authentication agent. + * @object_path: The object path for the authentication agent. + * @options: (allow-none): A #GVariant with options or %NULL. + * @cancellable: (allow-none): A #GCancellable or %NULL. + * @error: (allow-none): Return location for error or %NULL. + * + * Registers an authentication agent. The calling thread is blocked + * until a reply is received. See + * polkit_authority_register_authentication_agent_with_options() for the + * asynchronous version. + * + * Returns: %TRUE if the authentication agent was successfully registered, %FALSE if @error is set. + **/ +gboolean +polkit_authority_register_authentication_agent_with_options_sync (PolkitAuthority *authority, + PolkitSubject *subject, + const gchar *locale, + const gchar *object_path, + GVariant *options, + GCancellable *cancellable, + GError **error) +{ + gboolean ret; + CallSyncData *data; + + g_return_val_if_fail (POLKIT_IS_AUTHORITY (authority), FALSE); + g_return_val_if_fail (POLKIT_IS_SUBJECT (subject), FALSE); + g_return_val_if_fail (locale != NULL, FALSE); + g_return_val_if_fail (g_variant_is_object_path (object_path), FALSE); + g_return_val_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable), FALSE); + g_return_val_if_fail (error == NULL || *error == NULL, FALSE); + + data = call_sync_new (); + polkit_authority_register_authentication_agent_with_options (authority, subject, locale, object_path, options, cancellable, call_sync_cb, data); + call_sync_block (data); + ret = polkit_authority_register_authentication_agent_with_options_finish (authority, data->res, error); + call_sync_free (data); + + return ret; +} + +/* ---------------------------------------------------------------------------------------------------- */ + +/** + * polkit_authority_unregister_authentication_agent: + * @authority: A #PolkitAuthority. + * @subject: The subject the authentication agent is for, typically a #PolkitUnixSession object. + * @object_path: The object path for the authentication agent. + * @cancellable: (allow-none): A #GCancellable or %NULL. + * @callback: A #GAsyncReadyCallback to call when the request is satisfied. + * @user_data: The data to pass to @callback. + * + * Asynchronously unregisters an authentication agent. + * + * When the operation is finished, @callback will be invoked in the + * thread-default + * main loop of the thread you are calling this method + * from. You can then call + * polkit_authority_unregister_authentication_agent_finish() to get + * the result of the operation. + **/ +void +polkit_authority_unregister_authentication_agent (PolkitAuthority *authority, + PolkitSubject *subject, + const gchar *object_path, + GCancellable *cancellable, + GAsyncReadyCallback callback, + gpointer user_data) +{ + GVariant *subject_value; + + g_return_if_fail (POLKIT_IS_AUTHORITY (authority)); + g_return_if_fail (POLKIT_IS_SUBJECT (subject)); + g_return_if_fail (g_variant_is_object_path (object_path)); + g_return_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable)); + + subject_value = polkit_subject_to_gvariant (subject); + g_variant_ref_sink (subject_value); + g_dbus_proxy_call (authority->proxy, + "UnregisterAuthenticationAgent", + g_variant_new ("(@(sa{sv})s)", + subject_value, + object_path), + G_DBUS_CALL_FLAGS_NONE, + -1, + cancellable, + generic_async_cb, + g_simple_async_result_new (G_OBJECT (authority), + callback, + user_data, + polkit_authority_unregister_authentication_agent)); + g_variant_unref (subject_value); +} + +/** + * polkit_authority_unregister_authentication_agent_finish: + * @authority: A #PolkitAuthority. + * @res: A #GAsyncResult obtained from the callback. + * @error: (allow-none): Return location for error or %NULL. + * + * Finishes unregistering an authentication agent. + * + * Returns: %TRUE if the authentication agent was successfully unregistered, %FALSE if @error is set. + **/ +gboolean +polkit_authority_unregister_authentication_agent_finish (PolkitAuthority *authority, + GAsyncResult *res, + GError **error) +{ + gboolean ret; + GVariant *value; + GAsyncResult *_res; + + g_return_val_if_fail (POLKIT_IS_AUTHORITY (authority), FALSE); + g_return_val_if_fail (G_IS_SIMPLE_ASYNC_RESULT (res), FALSE); + g_return_val_if_fail (error == NULL || *error == NULL, FALSE); + + ret = FALSE; + + g_warn_if_fail (g_simple_async_result_get_source_tag (G_SIMPLE_ASYNC_RESULT (res)) == polkit_authority_unregister_authentication_agent); + _res = G_ASYNC_RESULT (g_simple_async_result_get_op_res_gpointer (G_SIMPLE_ASYNC_RESULT (res))); + + value = g_dbus_proxy_call_finish (authority->proxy, _res, error); + if (value == NULL) + goto out; + ret = TRUE; + g_variant_unref (value); + + out: + return ret; +} + + +/** + * polkit_authority_unregister_authentication_agent_sync: + * @authority: A #PolkitAuthority. + * @subject: The subject the authentication agent is for, typically a #PolkitUnixSession object. + * @object_path: The object path for the authentication agent. + * @cancellable: (allow-none): A #GCancellable or %NULL. + * @error: (allow-none): Return location for error or %NULL. + * + * Unregisters an authentication agent. The calling thread is blocked + * until a reply is received. See + * polkit_authority_unregister_authentication_agent() for the + * asynchronous version. + * + * Returns: %TRUE if the authentication agent was successfully unregistered, %FALSE if @error is set. + **/ +gboolean +polkit_authority_unregister_authentication_agent_sync (PolkitAuthority *authority, + PolkitSubject *subject, + const gchar *object_path, + GCancellable *cancellable, + GError **error) +{ + gboolean ret; + CallSyncData *data; + + g_return_val_if_fail (POLKIT_IS_AUTHORITY (authority), FALSE); + g_return_val_if_fail (POLKIT_IS_SUBJECT (subject), FALSE); + g_return_val_if_fail (g_variant_is_object_path (object_path), FALSE); + g_return_val_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable), FALSE); + g_return_val_if_fail (error == NULL || *error == NULL, FALSE); + + data = call_sync_new (); + polkit_authority_unregister_authentication_agent (authority, subject, object_path, cancellable, call_sync_cb, data); + call_sync_block (data); + ret = polkit_authority_unregister_authentication_agent_finish (authority, data->res, error); + call_sync_free (data); + + return ret; +} + +/* ---------------------------------------------------------------------------------------------------- */ + +/** + * polkit_authority_authentication_agent_response: + * @authority: A #PolkitAuthority. + * @cookie: The cookie passed to the authentication agent from the authority. + * @identity: The identity that was authenticated. + * @cancellable: (allow-none): A #GCancellable or %NULL. + * @callback: A #GAsyncReadyCallback to call when the request is satisfied. + * @user_data: The data to pass to @callback. + * + * Asynchronously provide response that @identity successfully authenticated + * for the authentication request identified by @cookie. + * + * This function is only used by the privileged bits of an authentication agent. + * It will fail if the caller is not sufficiently privileged (typically uid 0). + * + * When the operation is finished, @callback will be invoked in the + * thread-default + * main loop of the thread you are calling this method + * from. You can then call + * polkit_authority_authentication_agent_response_finish() to get the + * result of the operation. + **/ +void +polkit_authority_authentication_agent_response (PolkitAuthority *authority, + const gchar *cookie, + PolkitIdentity *identity, + GCancellable *cancellable, + GAsyncReadyCallback callback, + gpointer user_data) +{ + GVariant *identity_value; + + g_return_if_fail (POLKIT_IS_AUTHORITY (authority)); + g_return_if_fail (cookie != NULL); + g_return_if_fail (POLKIT_IS_IDENTITY (identity)); + g_return_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable)); + + identity_value = polkit_identity_to_gvariant (identity); + g_variant_ref_sink (identity_value); + g_dbus_proxy_call (authority->proxy, + "AuthenticationAgentResponse", + g_variant_new ("(s@(sa{sv}))", + cookie, + identity_value), + G_DBUS_CALL_FLAGS_NONE, + -1, + cancellable, + generic_async_cb, + g_simple_async_result_new (G_OBJECT (authority), + callback, + user_data, + polkit_authority_authentication_agent_response)); + g_variant_unref (identity_value); +} + +/** + * polkit_authority_authentication_agent_response_finish: + * @authority: A #PolkitAuthority. + * @res: A #GAsyncResult obtained from the callback. + * @error: (allow-none): Return location for error or %NULL. + * + * Finishes providing response from an authentication agent. + * + * Returns: %TRUE if @authority acknowledged the call, %FALSE if @error is set. + **/ +gboolean +polkit_authority_authentication_agent_response_finish (PolkitAuthority *authority, + GAsyncResult *res, + GError **error) +{ + gboolean ret; + GVariant *value; + GAsyncResult *_res; + + g_return_val_if_fail (POLKIT_IS_AUTHORITY (authority), FALSE); + g_return_val_if_fail (G_IS_SIMPLE_ASYNC_RESULT (res), FALSE); + g_return_val_if_fail (error == NULL || *error == NULL, FALSE); + + ret = FALSE; + + g_warn_if_fail (g_simple_async_result_get_source_tag (G_SIMPLE_ASYNC_RESULT (res)) == polkit_authority_authentication_agent_response); + _res = G_ASYNC_RESULT (g_simple_async_result_get_op_res_gpointer (G_SIMPLE_ASYNC_RESULT (res))); + + value = g_dbus_proxy_call_finish (authority->proxy, _res, error); + if (value == NULL) + goto out; + ret = TRUE; + g_variant_unref (value); + + out: + return ret; +} + + +/** + * polkit_authority_authentication_agent_response_sync: + * @authority: A #PolkitAuthority. + * @cookie: The cookie passed to the authentication agent from the authority. + * @identity: The identity that was authenticated. + * @cancellable: (allow-none): A #GCancellable or %NULL. + * @error: (allow-none): Return location for error or %NULL. + * + * Provide response that @identity successfully authenticated for the + * authentication request identified by @cookie. See polkit_authority_authentication_agent_response() + * for limitations on who is allowed is to call this method. + * + * The calling thread is blocked until a reply is received. See + * polkit_authority_authentication_agent_response() for the + * asynchronous version. + * + * Returns: %TRUE if @authority acknowledged the call, %FALSE if @error is set. + **/ +gboolean +polkit_authority_authentication_agent_response_sync (PolkitAuthority *authority, + const gchar *cookie, + PolkitIdentity *identity, + GCancellable *cancellable, + GError **error) +{ + gboolean ret; + CallSyncData *data; + + g_return_val_if_fail (POLKIT_IS_AUTHORITY (authority), FALSE); + g_return_val_if_fail (cookie != NULL, FALSE); + g_return_val_if_fail (POLKIT_IS_IDENTITY (identity), FALSE); + g_return_val_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable), FALSE); + g_return_val_if_fail (error == NULL || *error == NULL, FALSE); + + data = call_sync_new (); + polkit_authority_authentication_agent_response (authority, cookie, identity, cancellable, call_sync_cb, data); + call_sync_block (data); + ret = polkit_authority_authentication_agent_response_finish (authority, data->res, error); + call_sync_free (data); + + return ret; +} + +/* ---------------------------------------------------------------------------------------------------- */ + +/** + * polkit_authority_enumerate_temporary_authorizations: + * @authority: A #PolkitAuthority. + * @subject: A #PolkitSubject, typically a #PolkitUnixSession. + * @cancellable: (allow-none): A #GCancellable or %NULL. + * @callback: A #GAsyncReadyCallback to call when the request is satisfied. + * @user_data: The data to pass to @callback. + * + * Asynchronously gets all temporary authorizations for @subject. + * + * When the operation is finished, @callback will be invoked in the + * thread-default + * main loop of the thread you are calling this method + * from. You can then call + * polkit_authority_enumerate_temporary_authorizations_finish() to get + * the result of the operation. + **/ +void +polkit_authority_enumerate_temporary_authorizations (PolkitAuthority *authority, + PolkitSubject *subject, + GCancellable *cancellable, + GAsyncReadyCallback callback, + gpointer user_data) +{ + GVariant *subject_value; + + g_return_if_fail (POLKIT_IS_AUTHORITY (authority)); + g_return_if_fail (POLKIT_IS_SUBJECT (subject)); + g_return_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable)); + + subject_value = polkit_subject_to_gvariant (subject); + g_variant_ref_sink (subject_value); + g_dbus_proxy_call (authority->proxy, + "EnumerateTemporaryAuthorizations", + g_variant_new ("(@(sa{sv}))", + subject_value), + G_DBUS_CALL_FLAGS_NONE, + -1, + cancellable, + generic_async_cb, + g_simple_async_result_new (G_OBJECT (authority), + callback, + user_data, + polkit_authority_enumerate_temporary_authorizations)); + g_variant_unref (subject_value); +} + +/** + * polkit_authority_enumerate_temporary_authorizations_finish: + * @authority: A #PolkitAuthority. + * @res: A #GAsyncResult obtained from the callback. + * @error: (allow-none): Return location for error or %NULL. + * + * Finishes retrieving all registered actions. + * + * Returns: (transfer full): A list of #PolkitTemporaryAuthorization + * objects or %NULL if @error is set. The returned list should be + * freed with g_list_free() after each element have been freed with + * g_object_unref(). + **/ +GList * +polkit_authority_enumerate_temporary_authorizations_finish (PolkitAuthority *authority, + GAsyncResult *res, + GError **error) +{ + GList *ret; + GVariant *value; + GVariantIter iter; + GVariant *child; + GVariant *array; + GAsyncResult *_res; + + g_return_val_if_fail (POLKIT_IS_AUTHORITY (authority), NULL); + g_return_val_if_fail (G_IS_SIMPLE_ASYNC_RESULT (res), NULL); + g_return_val_if_fail (error == NULL || *error == NULL, NULL); + + ret = NULL; + + g_warn_if_fail (g_simple_async_result_get_source_tag (G_SIMPLE_ASYNC_RESULT (res)) == polkit_authority_enumerate_temporary_authorizations); + _res = G_ASYNC_RESULT (g_simple_async_result_get_op_res_gpointer (G_SIMPLE_ASYNC_RESULT (res))); + + value = g_dbus_proxy_call_finish (authority->proxy, _res, error); + if (value == NULL) + goto out; + + array = g_variant_get_child_value (value, 0); + g_variant_iter_init (&iter, array); + while ((child = g_variant_iter_next_value (&iter)) != NULL) + { + PolkitTemporaryAuthorization *auth; + auth = polkit_temporary_authorization_new_for_gvariant (child, error); + g_variant_unref (child); + if (auth == NULL) + { + g_prefix_error (error, "Error serializing return value of EnumerateTemporaryAuthorizations: "); + g_list_foreach (ret, (GFunc) g_object_unref, NULL); + g_list_free (ret); + goto out; + } + ret = g_list_prepend (ret, auth); + } + ret = g_list_reverse (ret); + g_variant_unref (array); + g_variant_unref (value); + + out: + return ret; +} + +/** + * polkit_authority_enumerate_temporary_authorizations_sync: + * @authority: A #PolkitAuthority. + * @subject: A #PolkitSubject, typically a #PolkitUnixSession. + * @cancellable: (allow-none): A #GCancellable or %NULL. + * @error: (allow-none): Return location for error or %NULL. + * + * Synchronousky gets all temporary authorizations for @subject. + * + * The calling thread is blocked until a reply is received. See + * polkit_authority_enumerate_temporary_authorizations() for the + * asynchronous version. + * + * Returns: (transfer full): A list of #PolkitTemporaryAuthorization + * objects or %NULL if @error is set. The returned list should be + * freed with g_list_free() after each element have been freed with + * g_object_unref(). + **/ +GList * +polkit_authority_enumerate_temporary_authorizations_sync (PolkitAuthority *authority, + PolkitSubject *subject, + GCancellable *cancellable, + GError **error) +{ + GList *ret; + CallSyncData *data; + + g_return_val_if_fail (POLKIT_IS_AUTHORITY (authority), NULL); + g_return_val_if_fail (POLKIT_IS_SUBJECT (subject), NULL); + g_return_val_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable), NULL); + g_return_val_if_fail (error == NULL || *error == NULL, NULL); + + data = call_sync_new (); + polkit_authority_enumerate_temporary_authorizations (authority, subject, cancellable, call_sync_cb, data); + call_sync_block (data); + ret = polkit_authority_enumerate_temporary_authorizations_finish (authority, data->res, error); + call_sync_free (data); + + return ret; +} + +/* ---------------------------------------------------------------------------------------------------- */ + +/** + * polkit_authority_revoke_temporary_authorizations: + * @authority: A #PolkitAuthority. + * @subject: The subject to revoke authorizations from, typically a #PolkitUnixSession. + * @cancellable: (allow-none): A #GCancellable or %NULL. + * @callback: A #GAsyncReadyCallback to call when the request is satisfied. + * @user_data: The data to pass to @callback. + * + * Asynchronously revokes all temporary authorizations for @subject. + * + * When the operation is finished, @callback will be invoked in the + * thread-default + * main loop of the thread you are calling this method + * from. You can then call + * polkit_authority_revoke_temporary_authorizations_finish() to get + * the result of the operation. + **/ +void +polkit_authority_revoke_temporary_authorizations (PolkitAuthority *authority, + PolkitSubject *subject, + GCancellable *cancellable, + GAsyncReadyCallback callback, + gpointer user_data) +{ + GVariant *subject_value; + + g_return_if_fail (POLKIT_IS_AUTHORITY (authority)); + g_return_if_fail (POLKIT_IS_SUBJECT (subject)); + g_return_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable)); + + subject_value = polkit_subject_to_gvariant (subject); + g_variant_ref_sink (subject_value); + g_dbus_proxy_call (authority->proxy, + "RevokeTemporaryAuthorizations", + g_variant_new ("(@(sa{sv}))", + subject_value), + G_DBUS_CALL_FLAGS_NONE, + -1, + cancellable, + generic_async_cb, + g_simple_async_result_new (G_OBJECT (authority), + callback, + user_data, + polkit_authority_revoke_temporary_authorizations)); + g_variant_unref (subject_value); +} + +/** + * polkit_authority_revoke_temporary_authorizations_finish: + * @authority: A #PolkitAuthority. + * @res: A #GAsyncResult obtained from the callback. + * @error: (allow-none): Return location for error or %NULL. + * + * Finishes revoking temporary authorizations. + * + * Returns: %TRUE if all the temporary authorizations was revoked, %FALSE if error is set. + **/ +gboolean +polkit_authority_revoke_temporary_authorizations_finish (PolkitAuthority *authority, + GAsyncResult *res, + GError **error) +{ + gboolean ret; + GVariant *value; + GAsyncResult *_res; + + g_return_val_if_fail (POLKIT_IS_AUTHORITY (authority), FALSE); + g_return_val_if_fail (G_IS_SIMPLE_ASYNC_RESULT (res), FALSE); + g_return_val_if_fail (error == NULL || *error == NULL, FALSE); + + ret = FALSE; + + g_warn_if_fail (g_simple_async_result_get_source_tag (G_SIMPLE_ASYNC_RESULT (res)) == polkit_authority_revoke_temporary_authorizations); + _res = G_ASYNC_RESULT (g_simple_async_result_get_op_res_gpointer (G_SIMPLE_ASYNC_RESULT (res))); + + value = g_dbus_proxy_call_finish (authority->proxy, _res, error); + if (value == NULL) + goto out; + ret = TRUE; + g_variant_unref (value); + + out: + return ret; +} + +/** + * polkit_authority_revoke_temporary_authorizations_sync: + * @authority: A #PolkitAuthority. + * @subject: The subject to revoke authorizations from, typically a #PolkitUnixSession. + * @cancellable: (allow-none): A #GCancellable or %NULL. + * @error: (allow-none): Return location for error or %NULL. + * + * Synchronously revokes all temporary authorization from @subject. + * + * The calling thread is blocked until a reply is received. See + * polkit_authority_revoke_temporary_authorizations() for the + * asynchronous version. + * + * Returns: %TRUE if the temporary authorization was revoked, %FALSE if error is set. + **/ +gboolean +polkit_authority_revoke_temporary_authorizations_sync (PolkitAuthority *authority, + PolkitSubject *subject, + GCancellable *cancellable, + GError **error) +{ + gboolean ret; + CallSyncData *data; + + g_return_val_if_fail (POLKIT_IS_AUTHORITY (authority), FALSE); + g_return_val_if_fail (POLKIT_IS_SUBJECT (subject), FALSE); + g_return_val_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable), FALSE); + g_return_val_if_fail (error == NULL || *error == NULL, FALSE); + + data = call_sync_new (); + polkit_authority_revoke_temporary_authorizations (authority, subject, cancellable, call_sync_cb, data); + call_sync_block (data); + ret = polkit_authority_revoke_temporary_authorizations_finish (authority, data->res, error); + call_sync_free (data); + + return ret; +} + +/* ---------------------------------------------------------------------------------------------------- */ + +/** + * polkit_authority_revoke_temporary_authorization_by_id: + * @authority: A #PolkitAuthority. + * @id: The opaque identifier for the temporary authorization. + * @cancellable: (allow-none): A #GCancellable or %NULL. + * @callback: A #GAsyncReadyCallback to call when the request is satisfied. + * @user_data: The data to pass to @callback. + * + * Asynchronously revoke a temporary authorization. + * + * When the operation is finished, @callback will be invoked in the + * thread-default + * main loop of the thread you are calling this method + * from. You can then call + * polkit_authority_revoke_temporary_authorization_by_id_finish() to + * get the result of the operation. + */ +void +polkit_authority_revoke_temporary_authorization_by_id (PolkitAuthority *authority, + const gchar *id, + GCancellable *cancellable, + GAsyncReadyCallback callback, + gpointer user_data) +{ + g_return_if_fail (POLKIT_IS_AUTHORITY (authority)); + g_return_if_fail (id != NULL); + g_return_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable)); + + g_dbus_proxy_call (authority->proxy, + "RevokeTemporaryAuthorizationById", + g_variant_new ("(s)", + id), + G_DBUS_CALL_FLAGS_NONE, + -1, + cancellable, + generic_async_cb, + g_simple_async_result_new (G_OBJECT (authority), + callback, + user_data, + polkit_authority_revoke_temporary_authorization_by_id)); +} + +/** + * polkit_authority_revoke_temporary_authorization_by_id_finish: + * @authority: A #PolkitAuthority. + * @res: A #GAsyncResult obtained from the callback. + * @error: (allow-none): Return location for error or %NULL. + * + * Finishes revoking a temporary authorization by id. + * + * Returns: %TRUE if the temporary authorization was revoked, %FALSE if error is set. + **/ +gboolean +polkit_authority_revoke_temporary_authorization_by_id_finish (PolkitAuthority *authority, + GAsyncResult *res, + GError **error) +{ + gboolean ret; + GVariant *value; + GAsyncResult *_res; + + g_return_val_if_fail (POLKIT_IS_AUTHORITY (authority), FALSE); + g_return_val_if_fail (G_IS_SIMPLE_ASYNC_RESULT (res), FALSE); + g_return_val_if_fail (error == NULL || *error == NULL, FALSE); + + ret = FALSE; + + g_warn_if_fail (g_simple_async_result_get_source_tag (G_SIMPLE_ASYNC_RESULT (res)) == polkit_authority_revoke_temporary_authorization_by_id); + _res = G_ASYNC_RESULT (g_simple_async_result_get_op_res_gpointer (G_SIMPLE_ASYNC_RESULT (res))); + + value = g_dbus_proxy_call_finish (authority->proxy, _res, error); + if (value == NULL) + goto out; + ret = TRUE; + g_variant_unref (value); + + out: + return ret; +} + +/** + * polkit_authority_revoke_temporary_authorization_by_id_sync: + * @authority: A #PolkitAuthority. + * @id: The opaque identifier for the temporary authorization. + * @cancellable: (allow-none): A #GCancellable or %NULL. + * @error: (allow-none): Return location for error or %NULL. + * + * Synchronously revokes a temporary authorization. + * + * The calling thread is blocked until a reply is received. See + * polkit_authority_revoke_temporary_authorization_by_id() for the + * asynchronous version. + * + * Returns: %TRUE if the temporary authorization was revoked, %FALSE if error is set. + **/ +gboolean +polkit_authority_revoke_temporary_authorization_by_id_sync (PolkitAuthority *authority, + const gchar *id, + GCancellable *cancellable, + GError **error) +{ + gboolean ret; + CallSyncData *data; + + g_return_val_if_fail (POLKIT_IS_AUTHORITY (authority), FALSE); + g_return_val_if_fail (id != NULL, FALSE); + g_return_val_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable), FALSE); + g_return_val_if_fail (error == NULL || *error == NULL, FALSE); + + data = call_sync_new (); + polkit_authority_revoke_temporary_authorization_by_id (authority, id, cancellable, call_sync_cb, data); + call_sync_block (data); + ret = polkit_authority_revoke_temporary_authorization_by_id_finish (authority, data->res, error); + call_sync_free (data); + + return ret; +} + +/* ---------------------------------------------------------------------------------------------------- */ + +/** + * polkit_authority_get_owner: + * @authority: A #PolkitAuthority. + * + * The unique name on the system message bus of the owner of the name + * org.freedesktop.PolicyKit1 or %NULL if no-one + * currently owns the name. You may connect to the #GObject::notify + * signal to track changes to the #PolkitAuthority:owner property. + * + * Returns: (allow-none): %NULL or a string that should be freed with g_free(). + **/ +gchar * +polkit_authority_get_owner (PolkitAuthority *authority) +{ + g_return_val_if_fail (POLKIT_IS_AUTHORITY (authority), NULL); + return g_dbus_proxy_get_name_owner (authority->proxy); +} + +/** + * polkit_authority_get_backend_name: + * @authority: A #PolkitAuthority. + * + * Gets the name of the authority backend. + * + * Returns: The name of the backend. + */ +const gchar * +polkit_authority_get_backend_name (PolkitAuthority *authority) +{ + g_return_val_if_fail (POLKIT_IS_AUTHORITY (authority), NULL); + if (authority->name == NULL) + { + GVariant *value; + value = g_dbus_proxy_get_cached_property (authority->proxy, "BackendName"); + authority->name = g_variant_dup_string (value, NULL); + g_variant_unref (value); + } + return authority->name; +} + +/** + * polkit_authority_get_backend_version: + * @authority: A #PolkitAuthority. + * + * Gets the version of the authority backend. + * + * Returns: The version string for the backend. + */ +const gchar * +polkit_authority_get_backend_version (PolkitAuthority *authority) +{ + g_return_val_if_fail (POLKIT_IS_AUTHORITY (authority), NULL); + if (authority->version == NULL) + { + GVariant *value; + value = g_dbus_proxy_get_cached_property (authority->proxy, "BackendVersion"); + authority->version = g_variant_dup_string (value, NULL); + g_variant_unref (value); + } + return authority->version; +} + +/** + * polkit_authority_get_backend_features: + * @authority: A #PolkitAuthority. + * + * Gets the features supported by the authority backend. + * + * Returns: Flags from #PolkitAuthorityFeatures. + */ +PolkitAuthorityFeatures +polkit_authority_get_backend_features (PolkitAuthority *authority) +{ + PolkitAuthorityFeatures ret; + GVariant *value; + + g_return_val_if_fail (POLKIT_IS_AUTHORITY (authority), 0); + + value = g_dbus_proxy_get_cached_property (authority->proxy, "BackendFeatures"); + ret = (PolkitAuthorityFeatures) g_variant_get_uint32 (value); + g_variant_unref (value); + + return ret; +} diff --git a/src/polkit/polkitauthority.h b/src/polkit/polkitauthority.h new file mode 100644 index 00000000..921b7125 --- /dev/null +++ b/src/polkit/polkitauthority.h @@ -0,0 +1,227 @@ +/* + * Copyright (C) 2008 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, write to the + * Free Software Foundation, Inc., 59 Temple Place, Suite 330, + * Boston, MA 02111-1307, USA. + * + * Author: David Zeuthen + */ + +#if !defined (_POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H) +#error "Only can be included directly, this file may disappear or change contents." +#endif + +#ifndef __POLKIT_AUTHORITY_H +#define __POLKIT_AUTHORITY_H + +#include +#include +#include +#include + +G_BEGIN_DECLS + +#define POLKIT_TYPE_AUTHORITY (polkit_authority_get_type()) +#define POLKIT_AUTHORITY(o) (G_TYPE_CHECK_INSTANCE_CAST ((o), POLKIT_TYPE_AUTHORITY, PolkitAuthority)) +#define POLKIT_AUTHORITY_CLASS(k) (G_TYPE_CHECK_CLASS_CAST((k), POLKIT_TYPE_AUTHORITY, PolkitAuthorityClass)) +#define POLKIT_AUTHORITY_GET_CLASS(o) (G_TYPE_INSTANCE_GET_CLASS ((o), POLKIT_TYPE_AUTHORITY, PolkitAuthorityClass)) +#define POLKIT_IS_AUTHORITY(o) (G_TYPE_CHECK_INSTANCE_TYPE ((o), POLKIT_TYPE_AUTHORITY)) +#define POLKIT_IS_AUTHORITY_CLASS(k) (G_TYPE_CHECK_CLASS_TYPE ((k), POLKIT_TYPE_AUTHORITY)) + +#if 0 +typedef struct _PolkitAuthority PolkitAuthority; +#endif +typedef struct _PolkitAuthorityClass PolkitAuthorityClass; + +GType polkit_authority_get_type (void) G_GNUC_CONST; + +PolkitAuthority *polkit_authority_get (void) G_GNUC_DEPRECATED_FOR (polkit_authority_get_sync); + +void polkit_authority_get_async (GCancellable *cancellable, + GAsyncReadyCallback callback, + gpointer user_data); +PolkitAuthority *polkit_authority_get_finish (GAsyncResult *res, + GError **error); +PolkitAuthority *polkit_authority_get_sync (GCancellable *cancellable, + GError **error); + +gchar *polkit_authority_get_owner (PolkitAuthority *authority); +const gchar *polkit_authority_get_backend_name (PolkitAuthority *authority); +const gchar *polkit_authority_get_backend_version (PolkitAuthority *authority); +PolkitAuthorityFeatures polkit_authority_get_backend_features (PolkitAuthority *authority); + +/* ---------------------------------------------------------------------------------------------------- */ + +GList *polkit_authority_enumerate_actions_sync (PolkitAuthority *authority, + GCancellable *cancellable, + GError **error); + +PolkitAuthorizationResult *polkit_authority_check_authorization_sync (PolkitAuthority *authority, + PolkitSubject *subject, + const gchar *action_id, + PolkitDetails *details, + PolkitCheckAuthorizationFlags flags, + GCancellable *cancellable, + GError **error); + +gboolean polkit_authority_register_authentication_agent_sync (PolkitAuthority *authority, + PolkitSubject *subject, + const gchar *locale, + const gchar *object_path, + GCancellable *cancellable, + GError **error); + +gboolean polkit_authority_register_authentication_agent_with_options_sync (PolkitAuthority *authority, + PolkitSubject *subject, + const gchar *locale, + const gchar *object_path, + GVariant *options, + GCancellable *cancellable, + GError **error); + +gboolean polkit_authority_unregister_authentication_agent_sync (PolkitAuthority *authority, + PolkitSubject *subject, + const gchar *object_path, + GCancellable *cancellable, + GError **error); + +gboolean polkit_authority_authentication_agent_response_sync (PolkitAuthority *authority, + const gchar *cookie, + PolkitIdentity *identity, + GCancellable *cancellable, + GError **error); + +GList *polkit_authority_enumerate_temporary_authorizations_sync (PolkitAuthority *authority, + PolkitSubject *subject, + GCancellable *cancellable, + GError **error); + +gboolean polkit_authority_revoke_temporary_authorizations_sync (PolkitAuthority *authority, + PolkitSubject *subject, + GCancellable *cancellable, + GError **error); + +gboolean polkit_authority_revoke_temporary_authorization_by_id_sync (PolkitAuthority *authority, + const gchar *id, + GCancellable *cancellable, + GError **error); + +/* ---------------------------------------------------------------------------------------------------- */ + +void polkit_authority_enumerate_actions (PolkitAuthority *authority, + GCancellable *cancellable, + GAsyncReadyCallback callback, + gpointer user_data); + +GList * polkit_authority_enumerate_actions_finish (PolkitAuthority *authority, + GAsyncResult *res, + GError **error); + +void polkit_authority_check_authorization (PolkitAuthority *authority, + PolkitSubject *subject, + const gchar *action_id, + PolkitDetails *details, + PolkitCheckAuthorizationFlags flags, + GCancellable *cancellable, + GAsyncReadyCallback callback, + gpointer user_data); + +PolkitAuthorizationResult *polkit_authority_check_authorization_finish (PolkitAuthority *authority, + GAsyncResult *res, + GError **error); + +void polkit_authority_register_authentication_agent (PolkitAuthority *authority, + PolkitSubject *subject, + const gchar *locale, + const gchar *object_path, + GCancellable *cancellable, + GAsyncReadyCallback callback, + gpointer user_data); + + +gboolean polkit_authority_register_authentication_agent_finish (PolkitAuthority *authority, + GAsyncResult *res, + GError **error); + +gboolean polkit_authority_register_authentication_agent_with_options_finish (PolkitAuthority *authority, + GAsyncResult *res, + GError **error); + +void polkit_authority_register_authentication_agent_with_options (PolkitAuthority *authority, + PolkitSubject *subject, + const gchar *locale, + const gchar *object_path, + GVariant *options, + GCancellable *cancellable, + GAsyncReadyCallback callback, + gpointer user_data); + +void polkit_authority_unregister_authentication_agent (PolkitAuthority *authority, + PolkitSubject *subject, + const gchar *object_path, + GCancellable *cancellable, + GAsyncReadyCallback callback, + gpointer user_data); + +gboolean polkit_authority_unregister_authentication_agent_finish (PolkitAuthority *authority, + GAsyncResult *res, + GError **error); + +void polkit_authority_authentication_agent_response (PolkitAuthority *authority, + const gchar *cookie, + PolkitIdentity *identity, + GCancellable *cancellable, + GAsyncReadyCallback callback, + gpointer user_data); + +gboolean polkit_authority_authentication_agent_response_finish (PolkitAuthority *authority, + GAsyncResult *res, + GError **error); + +void polkit_authority_enumerate_temporary_authorizations (PolkitAuthority *authority, + PolkitSubject *subject, + GCancellable *cancellable, + GAsyncReadyCallback callback, + gpointer user_data); + +GList *polkit_authority_enumerate_temporary_authorizations_finish (PolkitAuthority *authority, + GAsyncResult *res, + GError **error); + +void polkit_authority_revoke_temporary_authorizations (PolkitAuthority *authority, + PolkitSubject *subject, + GCancellable *cancellable, + GAsyncReadyCallback callback, + gpointer user_data); + +gboolean polkit_authority_revoke_temporary_authorizations_finish (PolkitAuthority *authority, + GAsyncResult *res, + GError **error); + +void polkit_authority_revoke_temporary_authorization_by_id (PolkitAuthority *authority, + const gchar *id, + GCancellable *cancellable, + GAsyncReadyCallback callback, + gpointer user_data); + +gboolean polkit_authority_revoke_temporary_authorization_by_id_finish (PolkitAuthority *authority, + GAsyncResult *res, + GError **error); + +/* ---------------------------------------------------------------------------------------------------- */ + +G_END_DECLS + +#endif /* __POLKIT_AUTHORITY_H */ diff --git a/src/polkit/polkitauthorityfeatures.c b/src/polkit/polkitauthorityfeatures.c new file mode 100644 index 00000000..16a91259 --- /dev/null +++ b/src/polkit/polkitauthorityfeatures.c @@ -0,0 +1,29 @@ +/* + * Copyright (C) 2008 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, write to the + * Free Software Foundation, Inc., 59 Temple Place, Suite 330, + * Boston, MA 02111-1307, USA. + * + * Author: David Zeuthen + */ + +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + +#include "polkitcheckauthorizationflags.h" +#include "polkitprivate.h" + + diff --git a/src/polkit/polkitauthorityfeatures.h b/src/polkit/polkitauthorityfeatures.h new file mode 100644 index 00000000..01aea78d --- /dev/null +++ b/src/polkit/polkitauthorityfeatures.h @@ -0,0 +1,49 @@ +/* + * Copyright (C) 2008 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, write to the + * Free Software Foundation, Inc., 59 Temple Place, Suite 330, + * Boston, MA 02111-1307, USA. + * + * Author: David Zeuthen + */ + +#if !defined (_POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H) +#error "Only can be included directly, this file may disappear or change contents." +#endif + +#ifndef __POLKIT_AUTHORITY_FEATURES_H +#define __POLKIT_AUTHORITY_FEATURES_H + +#include + +G_BEGIN_DECLS + +/** + * PolkitAuthorityFeatures: + * @POLKIT_AUTHORITY_FEATURES_NONE: No flags set. + * @POLKIT_AUTHORITY_FEATURES_TEMPORARY_AUTHORIZATION: The authority supports temporary authorizations + * that can be obtained through authentication. + * + * Flags describing features supported by the Authority implementation. + */ +typedef enum +{ + POLKIT_AUTHORITY_FEATURES_NONE = 0, + POLKIT_AUTHORITY_FEATURES_TEMPORARY_AUTHORIZATION = (1<<0), +} PolkitAuthorityFeatures; + +G_END_DECLS + +#endif /* __POLKIT_AUTHORITY_FEATURES_H */ diff --git a/src/polkit/polkitauthorizationresult.c b/src/polkit/polkitauthorizationresult.c new file mode 100644 index 00000000..dd3d7612 --- /dev/null +++ b/src/polkit/polkitauthorizationresult.c @@ -0,0 +1,308 @@ +/* + * Copyright (C) 2008 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, write to the + * Free Software Foundation, Inc., 59 Temple Place, Suite 330, + * Boston, MA 02111-1307, USA. + * + * Author: David Zeuthen + */ + +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + +#include "polkitauthorizationresult.h" +#include "polkitdetails.h" +#include "polkitprivate.h" + +/** + * SECTION:polkitauthorizationresult + * @title: PolkitAuthorizationResult + * @short_description: Result for checking an authorization + * @stability: Stable + * + * This class represents the result you get when checking for an authorization. + */ + +/** + * PolkitAuthorizationResult: + * + * The #PolkitAuthorizationResult struct should not be accessed directly. + */ +struct _PolkitAuthorizationResult +{ + GObject parent_instance; + + gboolean is_authorized; + gboolean is_challenge; + + PolkitDetails *details; +}; + +struct _PolkitAuthorizationResultClass +{ + GObjectClass parent_class; +}; + +G_DEFINE_TYPE (PolkitAuthorizationResult, polkit_authorization_result, G_TYPE_OBJECT); + +static void +polkit_authorization_result_init (PolkitAuthorizationResult *authorization_result) +{ +} + +static void +polkit_authorization_result_finalize (GObject *object) +{ + PolkitAuthorizationResult *authorization_result; + + authorization_result = POLKIT_AUTHORIZATION_RESULT (object); + + if (authorization_result->details != NULL) + g_object_unref (authorization_result->details); + + if (G_OBJECT_CLASS (polkit_authorization_result_parent_class)->finalize != NULL) + G_OBJECT_CLASS (polkit_authorization_result_parent_class)->finalize (object); +} + +static void +polkit_authorization_result_class_init (PolkitAuthorizationResultClass *klass) +{ + GObjectClass *gobject_class = G_OBJECT_CLASS (klass); + + gobject_class->finalize = polkit_authorization_result_finalize; +} + +/* ---------------------------------------------------------------------------------------------------- */ + +/** + * polkit_authorization_result_new: + * @is_authorized: Whether the subject is authorized. + * @is_challenge: Whether the subject is authorized if more + * information is provided. Must be %FALSE unless @is_authorized is + * %TRUE. + * @details: (allow-none): Must be %NULL unless @is_authorized is %TRUE + * + * Creates a new #PolkitAuthorizationResult object. + * + * Returns: A #PolkitAuthorizationResult object. Free with g_object_unref(). + */ +PolkitAuthorizationResult * +polkit_authorization_result_new (gboolean is_authorized, + gboolean is_challenge, + PolkitDetails *details) +{ + PolkitAuthorizationResult *authorization_result; + + g_return_val_if_fail (details == NULL || POLKIT_IS_DETAILS (details), NULL); + + authorization_result = POLKIT_AUTHORIZATION_RESULT (g_object_new (POLKIT_TYPE_AUTHORIZATION_RESULT, NULL)); + authorization_result->is_authorized = is_authorized; + authorization_result->is_challenge = is_challenge; + authorization_result->details = details != NULL ? g_object_ref (details) : NULL; + + return authorization_result; +} + +/** + * polkit_authorization_result_get_is_authorized: + * @result: A #PolkitAuthorizationResult. + * + * Gets whether the subject is authorized. + * + * If the authorization is temporary, use polkit_authorization_result_get_temporary_authorization_id() + * to get the opaque identifier for the temporary authorization. + * + * Returns: Whether the subject is authorized. + */ +gboolean +polkit_authorization_result_get_is_authorized (PolkitAuthorizationResult *result) +{ + g_return_val_if_fail (POLKIT_IS_AUTHORIZATION_RESULT (result), FALSE); + return result->is_authorized; +} + +/** + * polkit_authorization_result_get_is_challenge: + * @result: A #PolkitAuthorizationResult. + * + * Gets whether the subject is authorized if more information is provided. + * + * Returns: Whether the subject is authorized if more information is provided. + */ +gboolean +polkit_authorization_result_get_is_challenge (PolkitAuthorizationResult *result) +{ + g_return_val_if_fail (POLKIT_IS_AUTHORIZATION_RESULT (result), FALSE); + return result->is_challenge; +} + +/** + * polkit_authorization_result_get_details: + * @result: A #PolkitAuthorizationResult. + * + * Gets the details about the result. + * + * Returns: (allow-none) (transfer none): A #PolkitDetails object or + * %NULL if there are no details. This object is owned by @result and + * should not be freed by the caller. + */ +PolkitDetails * +polkit_authorization_result_get_details (PolkitAuthorizationResult *result) +{ + g_return_val_if_fail (POLKIT_IS_AUTHORIZATION_RESULT (result), NULL); + return result->details; +} + +/** + * polkit_authorization_result_get_retains_authorization: + * @result: A #PolkitAuthorizationResult. + * + * Gets whether authorization is retained if obtained via authentication. This can only be the case + * if @result indicates that the subject can obtain authorization after challenge (cf. + * polkit_authorization_result_get_is_challenge()), e.g. when the subject is not already authorized (cf. + * polkit_authorization_result_get_is_authorized()). + * + * If the subject is already authorized, use polkit_authorization_result_get_temporary_authorization_id() + * to check if the authorization is temporary. + * + * This method simply reads the value of the key/value pair in @details with the + * key polkit.retains_authorization_after_challenge. + * + * Returns: %TRUE if the authorization is or will be temporary. + */ +gboolean +polkit_authorization_result_get_retains_authorization (PolkitAuthorizationResult *result) +{ + gboolean ret; + PolkitDetails *details; + + g_return_val_if_fail (POLKIT_IS_AUTHORIZATION_RESULT (result), FALSE); + + ret = FALSE; + details = polkit_authorization_result_get_details (result); + if (details != NULL && polkit_details_lookup (details, "polkit.retains_authorization_after_challenge") != NULL) + ret = TRUE; + + return ret; +} + +/** + * polkit_authorization_result_get_temporary_authorization_id: + * @result: A #PolkitAuthorizationResult. + * + * Gets the opaque temporary authorization id for @result if @result indicates the + * subject is authorized and the authorization is temporary rather than one-shot or + * permanent. + * + * You can use this string together with the result from + * polkit_authority_enumerate_temporary_authorizations() to get more details + * about the temporary authorization or polkit_authority_revoke_temporary_authorization_by_id() + * to revoke the temporary authorization. + * + * If the subject is not authorized, use polkit_authorization_result_get_retains_authorization() + * to check if the authorization will be retained if obtained via authentication. + * + * This method simply reads the value of the key/value pair in @details with the + * key polkit.temporary_authorization_id. + * + * Returns: (allow-none): The opaque temporary authorization id for + * @result or %NULL if not available. Do not free this string, it + * is owned by @result. + */ +const gchar * +polkit_authorization_result_get_temporary_authorization_id (PolkitAuthorizationResult *result) +{ + const gchar *ret; + PolkitDetails *details; + + g_return_val_if_fail (POLKIT_IS_AUTHORIZATION_RESULT (result), NULL); + + ret = NULL; + details = polkit_authorization_result_get_details (result); + if (details != NULL) + ret = polkit_details_lookup (details, "polkit.temporary_authorization_id"); + + return ret; +} + +/** + * polkit_authorization_result_get_dismissed: + * @result: A #PolkitAuthorizationResult. + * + * Gets whether the authentication request was dismissed / canceled by the user. + * + * This method simply reads the value of the key/value pair in @details with the + * key polkit.dismissed. + * + * Returns: %TRUE if the authentication request was dismissed, %FALSE otherwise. + * + * Since: 0.101 + */ +gboolean +polkit_authorization_result_get_dismissed (PolkitAuthorizationResult *result) +{ + gboolean ret; + PolkitDetails *details; + + g_return_val_if_fail (POLKIT_IS_AUTHORIZATION_RESULT (result), FALSE); + + ret = FALSE; + details = polkit_authorization_result_get_details (result); + if (details != NULL && polkit_details_lookup (details, "polkit.dismissed") != NULL) + ret = TRUE; + + return ret; +} + +PolkitAuthorizationResult * +polkit_authorization_result_new_for_gvariant (GVariant *value) +{ + gboolean is_authorized; + gboolean is_challenge; + GVariant *dict; + PolkitDetails *details; + PolkitAuthorizationResult *ret; + + g_variant_get (value, + "(bb@a{ss})", + &is_authorized, + &is_challenge, + &dict); + details = polkit_details_new_for_gvariant (dict); + g_variant_unref (dict); + + ret = polkit_authorization_result_new (is_authorized, is_challenge, details); + g_object_unref (details); + + return ret; +} + +GVariant * +polkit_authorization_result_to_gvariant (PolkitAuthorizationResult *authorization_result) +{ + GVariant *ret; + GVariant *details_gvariant; + + details_gvariant = polkit_details_to_gvariant (polkit_authorization_result_get_details (authorization_result)); + g_variant_ref_sink (details_gvariant); + ret = g_variant_new ("(bb@a{ss})", + polkit_authorization_result_get_is_authorized (authorization_result), + polkit_authorization_result_get_is_challenge (authorization_result), + details_gvariant); + g_variant_unref (details_gvariant); + + return ret; +} diff --git a/src/polkit/polkitauthorizationresult.h b/src/polkit/polkitauthorizationresult.h new file mode 100644 index 00000000..7f93bee9 --- /dev/null +++ b/src/polkit/polkitauthorizationresult.h @@ -0,0 +1,61 @@ +/* + * Copyright (C) 2008 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, write to the + * Free Software Foundation, Inc., 59 Temple Place, Suite 330, + * Boston, MA 02111-1307, USA. + * + * Author: David Zeuthen + */ + +#if !defined (_POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H) +#error "Only can be included directly, this file may disappear or change contents." +#endif + +#ifndef __POLKIT_AUTHORIZATION_RESULT_H +#define __POLKIT_AUTHORIZATION_RESULT_H + +#include +#include + +G_BEGIN_DECLS + +#define POLKIT_TYPE_AUTHORIZATION_RESULT (polkit_authorization_result_get_type()) +#define POLKIT_AUTHORIZATION_RESULT(o) (G_TYPE_CHECK_INSTANCE_CAST ((o), POLKIT_TYPE_AUTHORIZATION_RESULT, PolkitAuthorizationResult)) +#define POLKIT_AUTHORIZATION_RESULT_CLASS(k) (G_TYPE_CHECK_CLASS_CAST((k), POLKIT_TYPE_AUTHORIZATION_RESULT, PolkitAuthorizationResultClass)) +#define POLKIT_AUTHORIZATION_RESULT_GET_CLASS(o) (G_TYPE_INSTANCE_GET_CLASS ((o), POLKIT_TYPE_AUTHORIZATION_RESULT, PolkitAuthorizationResultClass)) +#define POLKIT_IS_AUTHORIZATION_RESULT(o) (G_TYPE_CHECK_INSTANCE_TYPE ((o), POLKIT_TYPE_AUTHORIZATION_RESULT)) +#define POLKIT_IS_AUTHORIZATION_RESULT_CLASS(k) (G_TYPE_CHECK_CLASS_TYPE ((k), POLKIT_TYPE_AUTHORIZATION_RESULT)) + +#if 0 +typedef struct _PolkitAuthorizationResult PolkitAuthorizationResult; +#endif +typedef struct _PolkitAuthorizationResultClass PolkitAuthorizationResultClass; + +GType polkit_authorization_result_get_type (void) G_GNUC_CONST; +PolkitAuthorizationResult *polkit_authorization_result_new (gboolean is_authorized, + gboolean is_challenge, + PolkitDetails *details); +PolkitDetails *polkit_authorization_result_get_details (PolkitAuthorizationResult *result); +gboolean polkit_authorization_result_get_is_authorized (PolkitAuthorizationResult *result); +gboolean polkit_authorization_result_get_is_challenge (PolkitAuthorizationResult *result); +gboolean polkit_authorization_result_get_retains_authorization (PolkitAuthorizationResult *result); +const gchar *polkit_authorization_result_get_temporary_authorization_id (PolkitAuthorizationResult *result); +gboolean polkit_authorization_result_get_dismissed (PolkitAuthorizationResult *result); + +/* ---------------------------------------------------------------------------------------------------- */ + +G_END_DECLS + +#endif /* __POLKIT_AUTHORIZATION_RESULT_H */ diff --git a/src/polkit/polkitcheckauthorizationflags.c b/src/polkit/polkitcheckauthorizationflags.c new file mode 100644 index 00000000..16a91259 --- /dev/null +++ b/src/polkit/polkitcheckauthorizationflags.c @@ -0,0 +1,29 @@ +/* + * Copyright (C) 2008 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, write to the + * Free Software Foundation, Inc., 59 Temple Place, Suite 330, + * Boston, MA 02111-1307, USA. + * + * Author: David Zeuthen + */ + +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + +#include "polkitcheckauthorizationflags.h" +#include "polkitprivate.h" + + diff --git a/src/polkit/polkitcheckauthorizationflags.h b/src/polkit/polkitcheckauthorizationflags.h new file mode 100644 index 00000000..4baa0d19 --- /dev/null +++ b/src/polkit/polkitcheckauthorizationflags.h @@ -0,0 +1,50 @@ +/* + * Copyright (C) 2008 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, write to the + * Free Software Foundation, Inc., 59 Temple Place, Suite 330, + * Boston, MA 02111-1307, USA. + * + * Author: David Zeuthen + */ + +#if !defined (_POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H) +#error "Only can be included directly, this file may disappear or change contents." +#endif + +#ifndef __POLKIT_CHECK_AUTHORIZATION_FLAGS_H +#define __POLKIT_CHECK_AUTHORIZATION_FLAGS_H + +#include + +G_BEGIN_DECLS + +/** + * PolkitCheckAuthorizationFlags: + * @POLKIT_CHECK_AUTHORIZATION_FLAGS_NONE: No flags set. + * @POLKIT_CHECK_AUTHORIZATION_FLAGS_ALLOW_USER_INTERACTION: If the subject can obtain the authorization + * through authentication, and an authentication agent is available, then attempt to do so. Note, this + * means that the method used for checking authorization is likely to block for a long time. + * + * Possible flags when checking authorizations. + */ +typedef enum +{ + POLKIT_CHECK_AUTHORIZATION_FLAGS_NONE = 0, + POLKIT_CHECK_AUTHORIZATION_FLAGS_ALLOW_USER_INTERACTION = (1<<0), +} PolkitCheckAuthorizationFlags; + +G_END_DECLS + +#endif /* __POLKIT_CHECK_AUTHORIZATION_FLAGS_H */ diff --git a/src/polkit/polkitdetails.c b/src/polkit/polkitdetails.c new file mode 100644 index 00000000..9c5c7e74 --- /dev/null +++ b/src/polkit/polkitdetails.c @@ -0,0 +1,231 @@ +/* + * Copyright (C) 2008 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, write to the + * Free Software Foundation, Inc., 59 Temple Place, Suite 330, + * Boston, MA 02111-1307, USA. + * + * Author: David Zeuthen + */ + +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + +#include +#include "polkitimplicitauthorization.h" +#include "polkitdetails.h" + +#include "polkitprivate.h" + +/** + * SECTION:polkitdetails + * @title: PolkitDetails + * @short_description: Object used for passing details + * @stability: Stable + * + * An object used for passing details around. + */ + +/** + * PolkitDetails: + * + * The #PolkitDetails struct should not be accessed directly. + */ +struct _PolkitDetails +{ + GObject parent_instance; + + GHashTable *hash; +}; + +struct _PolkitDetailsClass +{ + GObjectClass parent_class; +}; + +G_DEFINE_TYPE (PolkitDetails, polkit_details, G_TYPE_OBJECT); + +static void +polkit_details_init (PolkitDetails *details) +{ +} + +static void +polkit_details_finalize (GObject *object) +{ + PolkitDetails *details; + + details = POLKIT_DETAILS (object); + + if (details->hash != NULL) + g_hash_table_unref (details->hash); + + if (G_OBJECT_CLASS (polkit_details_parent_class)->finalize != NULL) + G_OBJECT_CLASS (polkit_details_parent_class)->finalize (object); +} + +static void +polkit_details_class_init (PolkitDetailsClass *klass) +{ + GObjectClass *gobject_class = G_OBJECT_CLASS (klass); + + gobject_class->finalize = polkit_details_finalize; +} + +/** + * polkit_details_new: + * + * Creates a new #PolkitDetails object. + * + * Returns: A #PolkitDetails object. Free with g_object_unref(). + */ +PolkitDetails * +polkit_details_new (void) +{ + PolkitDetails *details; + + details = POLKIT_DETAILS (g_object_new (POLKIT_TYPE_DETAILS, NULL)); + + return details; +} + +/* private */ +static PolkitDetails * +polkit_details_new_for_hash (GHashTable *hash) +{ + PolkitDetails *details; + + details = POLKIT_DETAILS (g_object_new (POLKIT_TYPE_DETAILS, NULL)); + if (hash != NULL) + details->hash = g_hash_table_ref (hash); + + return details; +} + +/** + * polkit_details_lookup: + * @details: A #PolkitDetails. + * @key: A key. + * + * Gets the value for @key on @details. + * + * Returns: (allow-none): %NULL if there is no value for @key, otherwise a string owned by @details. + */ +const gchar * +polkit_details_lookup (PolkitDetails *details, + const gchar *key) +{ + g_return_val_if_fail (POLKIT_IS_DETAILS (details), NULL); + g_return_val_if_fail (key != NULL, NULL); + if (details->hash == NULL) + return NULL; + else + return g_hash_table_lookup (details->hash, key); +} + +/** + * polkit_details_insert: + * @details: A #PolkitDetails. + * @key: A key. + * @value: (allow-none): A value. + * + * Inserts a copy of @key and @value on @details. + */ +void +polkit_details_insert (PolkitDetails *details, + const gchar *key, + const gchar *value) +{ + g_return_if_fail (POLKIT_IS_DETAILS (details)); + g_return_if_fail (key != NULL); + if (details->hash == NULL) + details->hash = g_hash_table_new_full (g_str_hash, + g_str_equal, + g_free, + g_free); + g_hash_table_insert (details->hash, g_strdup (key), g_strdup (value)); +} + +/** + * polkit_details_get_keys: + * @details: A #PolkitDetails. + * + * Gets a list of all keys on @details. + * + * Returns: (transfer full) (allow-none): %NULL if there are no keys + * otherwise an array of strings that should be freed with + * g_strfreev(). + */ +gchar ** +polkit_details_get_keys (PolkitDetails *details) +{ + GList *keys, *l; + gchar **ret; + guint n; + + g_return_val_if_fail (POLKIT_IS_DETAILS (details), NULL); + + if (details->hash == NULL) + return NULL; + + keys = g_hash_table_get_keys (details->hash); + ret = g_new0 (gchar*, g_list_length (keys) + 1); + for (l = keys, n = 0; l != NULL; l = l->next, n++) + ret[n] = g_strdup (l->data); + + g_list_free (keys); + + return ret; +} + +GVariant * +polkit_details_to_gvariant (PolkitDetails *details) +{ + GVariant *ret; + GVariantBuilder builder; + + g_variant_builder_init (&builder, G_VARIANT_TYPE ("a{ss}")); + if (details != NULL && details->hash != NULL) + { + GHashTableIter hash_iter; + const gchar *key; + const gchar *value; + + g_hash_table_iter_init (&hash_iter, details->hash); + while (g_hash_table_iter_next (&hash_iter, (gpointer) &key, (gpointer) &value)) + g_variant_builder_add (&builder, "{ss}", key, value); + } + ret = g_variant_builder_end (&builder); + return ret; +} + +PolkitDetails * +polkit_details_new_for_gvariant (GVariant *value) +{ + PolkitDetails *ret; + GHashTable *hash; + GVariantIter iter; + gchar *hash_key; + gchar *hash_value; + + hash = g_hash_table_new_full (g_str_hash, g_str_equal, g_free, g_free); + g_variant_iter_init (&iter, value); + while (g_variant_iter_next (&iter, "{ss}", &hash_key, &hash_value)) + g_hash_table_insert (hash, hash_key, hash_value); + ret = polkit_details_new_for_hash (hash); + g_hash_table_unref (hash); + return ret; +} + diff --git a/src/polkit/polkitdetails.h b/src/polkit/polkitdetails.h new file mode 100644 index 00000000..ea2b4251 --- /dev/null +++ b/src/polkit/polkitdetails.h @@ -0,0 +1,58 @@ +/* + * Copyright (C) 2008 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, write to the + * Free Software Foundation, Inc., 59 Temple Place, Suite 330, + * Boston, MA 02111-1307, USA. + * + * Author: David Zeuthen + */ + +#if !defined (_POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H) +#error "Only can be included directly, this file may disappear or change contents." +#endif + +#ifndef __POLKIT_DETAILS_H +#define __POLKIT_DETAILS_H + +#include +#include +#include + +G_BEGIN_DECLS + +#define POLKIT_TYPE_DETAILS (polkit_details_get_type()) +#define POLKIT_DETAILS(o) (G_TYPE_CHECK_INSTANCE_CAST ((o), POLKIT_TYPE_DETAILS, PolkitDetails)) +#define POLKIT_DETAILS_CLASS(k) (G_TYPE_CHECK_CLASS_CAST((k), POLKIT_TYPE_DETAILS, PolkitDetailsClass)) +#define POLKIT_DETAILS_GET_CLASS(o) (G_TYPE_INSTANCE_GET_CLASS ((o), POLKIT_TYPE_DETAILS, PolkitDetailsClass)) +#define POLKIT_IS_DETAILS(o) (G_TYPE_CHECK_INSTANCE_TYPE ((o), POLKIT_TYPE_DETAILS)) +#define POLKIT_IS_DETAILS_CLASS(k) (G_TYPE_CHECK_CLASS_TYPE ((k), POLKIT_TYPE_DETAILS)) + +#if 0 +typedef struct _PolkitDetails PolkitDetails; +#endif +typedef struct _PolkitDetailsClass PolkitDetailsClass; + +GType polkit_details_get_type (void) G_GNUC_CONST; +PolkitDetails *polkit_details_new (void); +const gchar *polkit_details_lookup (PolkitDetails *details, + const gchar *key); +void polkit_details_insert (PolkitDetails *details, + const gchar *key, + const gchar *value); +gchar **polkit_details_get_keys (PolkitDetails *details); + +G_END_DECLS + +#endif /* __POLKIT_DETAILS_H */ diff --git a/src/polkit/polkitenumtypes.c.template b/src/polkit/polkitenumtypes.c.template new file mode 100644 index 00000000..7704ccad --- /dev/null +++ b/src/polkit/polkitenumtypes.c.template @@ -0,0 +1,39 @@ +/*** BEGIN file-header ***/ +#include + +/*** END file-header ***/ + +/*** BEGIN file-production ***/ +/* enumerations from "@filename@" */ +/*** END file-production ***/ + +/*** BEGIN value-header ***/ +GType +@enum_name@_get_type (void) +{ + static volatile gsize g_define_type_id__volatile = 0; + + if (g_once_init_enter (&g_define_type_id__volatile)) + { + static const G@Type@Value values[] = { +/*** END value-header ***/ + +/*** BEGIN value-production ***/ + { @VALUENAME@, "@VALUENAME@", "@valuenick@" }, +/*** END value-production ***/ + +/*** BEGIN value-tail ***/ + { 0, NULL, NULL } + }; + GType g_define_type_id = + g_@type@_register_static (g_intern_static_string ("@EnumName@"), values); + g_once_init_leave (&g_define_type_id__volatile, g_define_type_id); + } + + return g_define_type_id__volatile; +} + +/*** END value-tail ***/ + +/*** BEGIN file-tail ***/ +/*** END file-tail ***/ diff --git a/src/polkit/polkitenumtypes.h.template b/src/polkit/polkitenumtypes.h.template new file mode 100644 index 00000000..2ce48a65 --- /dev/null +++ b/src/polkit/polkitenumtypes.h.template @@ -0,0 +1,24 @@ +/*** BEGIN file-header ***/ +#ifndef __POLKIT_ENUM_TYPES_H__ +#define __POLKIT_ENUM_TYPES_H__ + +#include + +G_BEGIN_DECLS +/*** END file-header ***/ + +/*** BEGIN file-production ***/ + +/* enumerations from "@filename@" */ +/*** END file-production ***/ + +/*** BEGIN value-header ***/ +GType @enum_name@_get_type (void) G_GNUC_CONST; +#define @ENUMPREFIX@_TYPE_@ENUMSHORT@ (@enum_name@_get_type ()) +/*** END value-header ***/ + +/*** BEGIN file-tail ***/ +G_END_DECLS + +#endif /* __POLKIT_ENUM_TYPES_H__ */ +/*** END file-tail ***/ diff --git a/src/polkit/polkiterror.c b/src/polkit/polkiterror.c new file mode 100644 index 00000000..89b90070 --- /dev/null +++ b/src/polkit/polkiterror.c @@ -0,0 +1,55 @@ +/* + * Copyright (C) 2008 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, write to the + * Free Software Foundation, Inc., 59 Temple Place, Suite 330, + * Boston, MA 02111-1307, USA. + * + * Author: David Zeuthen + */ + +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + +#include "polkiterror.h" +#include "polkitprivate.h" + +/** + * SECTION:polkiterror + * @title: PolkitError + * @short_description: Error codes + * + * Error codes. + */ + +static const GDBusErrorEntry polkit_error_entries[] = +{ + {POLKIT_ERROR_FAILED, "org.freedesktop.PolicyKit1.Error.Failed"}, + {POLKIT_ERROR_CANCELLED, "org.freedesktop.PolicyKit1.Error.Cancelled"}, + {POLKIT_ERROR_NOT_SUPPORTED, "org.freedesktop.PolicyKit1.Error.NotSupported"}, + {POLKIT_ERROR_NOT_AUTHORIZED, "org.freedesktop.PolicyKit1.Error.NotAuthorized"}, +}; + +GQuark +polkit_error_quark (void) +{ + static volatile gsize quark_volatile = 0; + g_dbus_error_register_error_domain ("polkit-error-quark", + &quark_volatile, + polkit_error_entries, + G_N_ELEMENTS (polkit_error_entries)); + G_STATIC_ASSERT (G_N_ELEMENTS (polkit_error_entries) - 1 == POLKIT_ERROR_NOT_AUTHORIZED); + return (GQuark) quark_volatile; +} diff --git a/src/polkit/polkiterror.h b/src/polkit/polkiterror.h new file mode 100644 index 00000000..e49cabfa --- /dev/null +++ b/src/polkit/polkiterror.h @@ -0,0 +1,62 @@ +/* + * Copyright (C) 2008 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, write to the + * Free Software Foundation, Inc., 59 Temple Place, Suite 330, + * Boston, MA 02111-1307, USA. + * + * Author: David Zeuthen + */ + +#if !defined (_POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H) +#error "Only can be included directly, this file may disappear or change contents." +#endif + +#ifndef __POLKIT_ERROR_H +#define __POLKIT_ERROR_H + +#include + +G_BEGIN_DECLS + +/** + * POLKIT_ERROR: + * + * Error domain for errors when using PolicyKit. Errors in this domain will be from the #PolkitError + * enumeration. See #GError for information on error domains + */ +#define POLKIT_ERROR (polkit_error_quark()) + +GQuark polkit_error_quark (void); + +/** + * PolkitError: + * @POLKIT_ERROR_FAILED: The operation failed. + * @POLKIT_ERROR_CANCELLED: The operation was cancelled. + * @POLKIT_ERROR_NOT_SUPPORTED: Operation is not supported. + * @POLKIT_ERROR_NOT_AUTHORIZED: Not authorized to perform operation. + * + * Possible error when using PolicyKit. + */ +typedef enum +{ + POLKIT_ERROR_FAILED = 0, + POLKIT_ERROR_CANCELLED = 1, + POLKIT_ERROR_NOT_SUPPORTED = 2, + POLKIT_ERROR_NOT_AUTHORIZED = 3, +} PolkitError; + +G_END_DECLS + +#endif /* __POLKIT_ERROR_H */ diff --git a/src/polkit/polkitidentity.c b/src/polkit/polkitidentity.c new file mode 100644 index 00000000..dd15b2f9 --- /dev/null +++ b/src/polkit/polkitidentity.c @@ -0,0 +1,367 @@ +/* + * Copyright (C) 2008 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, write to the + * Free Software Foundation, Inc., 59 Temple Place, Suite 330, + * Boston, MA 02111-1307, USA. + * + * Author: David Zeuthen + */ + +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + +#include + +#include "polkitidentity.h" +#include "polkitunixuser.h" +#include "polkitunixgroup.h" +#include "polkitunixnetgroup.h" +#include "polkiterror.h" +#include "polkitprivate.h" + +/** + * SECTION:polkitidentity + * @title: PolkitIdentity + * @short_description: Type for representing identities + * + * #PolkitIdentity is an abstract type for representing one or more + * identities. + */ + +static void +base_init (gpointer g_iface) +{ +} + +GType +polkit_identity_get_type (void) +{ + static GType iface_type = 0; + + if (iface_type == 0) + { + static const GTypeInfo info = + { + sizeof (PolkitIdentityIface), + base_init, /* base_init */ + NULL, /* base_finalize */ + NULL, /* class_init */ + NULL, /* class_finalize */ + NULL, /* class_data */ + 0, /* instance_size */ + 0, /* n_preallocs */ + NULL, /* instance_init */ + NULL /* value_table */ + }; + + iface_type = g_type_register_static (G_TYPE_INTERFACE, "PolkitIdentity", &info, 0); + + g_type_interface_add_prerequisite (iface_type, G_TYPE_OBJECT); + } + + return iface_type; +} + +/** + * polkit_identity_hash: + * @identity: A #PolkitIdentity. + * + * Gets a hash code for @identity that can be used with e.g. g_hash_table_new(). + * + * Returns: A hash code. + */ +guint +polkit_identity_hash (PolkitIdentity *identity) +{ + g_return_val_if_fail (POLKIT_IS_IDENTITY (identity), 0); + return POLKIT_IDENTITY_GET_IFACE (identity)->hash (identity); +} + +/** + * polkit_identity_equal: + * @a: A #PolkitIdentity. + * @b: A #PolkitIdentity. + * + * Checks if @a and @b are equal, ie. represent the same identity. + * + * This function can be used in e.g. g_hash_table_new(). + * + * Returns: %TRUE if @a and @b are equal, %FALSE otherwise. + */ +gboolean +polkit_identity_equal (PolkitIdentity *a, + PolkitIdentity *b) +{ + g_return_val_if_fail (POLKIT_IS_IDENTITY (a), FALSE); + g_return_val_if_fail (POLKIT_IS_IDENTITY (b), FALSE); + + if (!g_type_is_a (G_TYPE_FROM_INSTANCE (a), G_TYPE_FROM_INSTANCE (b))) + return FALSE; + + return POLKIT_IDENTITY_GET_IFACE (a)->equal (a, b); +} + +/** + * polkit_identity_to_string: + * @identity: A #PolkitIdentity. + * + * Serializes @identity to a string that can be used in + * polkit_identity_from_string(). + * + * Returns: A string representing @identity. Free with g_free(). + */ +gchar * +polkit_identity_to_string (PolkitIdentity *identity) +{ + g_return_val_if_fail (POLKIT_IS_IDENTITY (identity), NULL); + return POLKIT_IDENTITY_GET_IFACE (identity)->to_string (identity); +} + +/** + * polkit_identity_from_string: + * @str: A string obtained from polkit_identity_to_string(). + * @error: Return location for error. + * + * Creates an object from @str that implements the #PolkitIdentity + * interface. + * + * Returns: (allow-none) (transfer full): A #PolkitIdentity or %NULL + * if @error is set. Free with g_object_unref(). + */ +PolkitIdentity * +polkit_identity_from_string (const gchar *str, + GError **error) +{ + PolkitIdentity *identity; + guint64 val; + gchar *endptr; + + g_return_val_if_fail (str != NULL, NULL); + g_return_val_if_fail (error == NULL || *error == NULL, NULL); + + /* TODO: we could do something with VFuncs like in g_icon_from_string() */ + + identity = NULL; + + if (g_str_has_prefix (str, "unix-user:")) + { + val = g_ascii_strtoull (str + sizeof "unix-user:" - 1, + &endptr, + 10); + if (*endptr == '\0') + identity = polkit_unix_user_new ((gint) val); + else + identity = polkit_unix_user_new_for_name (str + sizeof "unix-user:" - 1, + error); + } + else if (g_str_has_prefix (str, "unix-group:")) + { + val = g_ascii_strtoull (str + sizeof "unix-group:" - 1, + &endptr, + 10); + if (*endptr == '\0') + identity = polkit_unix_group_new ((gint) val); + else + identity = polkit_unix_group_new_for_name (str + sizeof "unix-group:" - 1, + error); + } + else if (g_str_has_prefix (str, "unix-netgroup:")) + { + identity = polkit_unix_netgroup_new (str + sizeof "unix-netgroup:" - 1); + } + + if (identity == NULL && (error != NULL && *error == NULL)) + { + g_set_error (error, + POLKIT_ERROR, + POLKIT_ERROR_FAILED, + "Malformed identity string '%s'", + str); + } + + + return identity; +} + +GVariant * +polkit_identity_to_gvariant (PolkitIdentity *identity) +{ + GVariantBuilder builder; + GVariant *dict; + GVariant *ret; + const gchar *kind; + + kind = ""; + + g_variant_builder_init (&builder, G_VARIANT_TYPE ("a{sv}")); + if (POLKIT_IS_UNIX_USER (identity)) + { + kind = "unix-user"; + g_variant_builder_add (&builder, "{sv}", "uid", + g_variant_new_uint32 (polkit_unix_user_get_uid (POLKIT_UNIX_USER (identity)))); + } + else if (POLKIT_IS_UNIX_GROUP (identity)) + { + kind = "unix-group"; + g_variant_builder_add (&builder, "{sv}", "gid", + g_variant_new_uint32 (polkit_unix_group_get_gid (POLKIT_UNIX_GROUP (identity)))); + } + else if (POLKIT_IS_UNIX_NETGROUP (identity)) + { + kind = "unix-netgroup"; + g_variant_builder_add (&builder, "{sv}", "name", + g_variant_new_string (polkit_unix_netgroup_get_name (POLKIT_UNIX_NETGROUP (identity)))); + } + else + { + g_warning ("Unknown class %s implementing PolkitIdentity", g_type_name (G_TYPE_FROM_INSTANCE (identity))); + } + + dict = g_variant_builder_end (&builder); + ret = g_variant_new ("(s@a{sv})", kind, dict); + return ret; +} + +static GVariant * +lookup_asv (GVariant *dict, + const gchar *given_key, + const GVariantType *given_type, + GError **error) +{ + GVariantIter iter; + const gchar *key; + GVariant *value; + GVariant *ret; + + ret = NULL; + + g_variant_iter_init (&iter, dict); + while (g_variant_iter_next (&iter, "{&sv}", &key, &value)) + { + if (g_strcmp0 (key, given_key) == 0) + { + if (!g_variant_is_of_type (value, given_type)) + { + gchar *type_string; + type_string = g_variant_type_dup_string (given_type); + g_set_error (error, + POLKIT_ERROR, + POLKIT_ERROR_FAILED, + "Value for key `%s' found but is of type %s and type %s was expected", + given_key, + g_variant_get_type_string (value), + type_string); + g_free (type_string); + goto out; + } + ret = value; + goto out; + } + g_variant_unref (value); + } + + out: + if (ret == NULL) + { + gchar *type_string; + type_string = g_variant_type_dup_string (given_type); + g_set_error (error, + POLKIT_ERROR, + POLKIT_ERROR_FAILED, + "Didn't find value for key `%s' of type %s", + given_key, + type_string); + g_free (type_string); + } + + return ret; +} + +PolkitIdentity * +polkit_identity_new_for_gvariant (GVariant *variant, + GError **error) +{ + PolkitIdentity *ret; + const gchar *kind; + GVariant *details_gvariant; + + ret = NULL; + + g_variant_get (variant, + "(&s@a{sv})", + &kind, + &details_gvariant); + + if (g_strcmp0 (kind, "unix-user") == 0) + { + GVariant *v; + guint32 uid; + + v = lookup_asv (details_gvariant, "uid", G_VARIANT_TYPE_UINT32, error); + if (v == NULL) + { + g_prefix_error (error, "Error parsing unix-user identity: "); + goto out; + } + uid = g_variant_get_uint32 (v); + g_variant_unref (v); + + ret = polkit_unix_user_new (uid); + } + else if (g_strcmp0 (kind, "unix-group") == 0) + { + GVariant *v; + guint32 gid; + + v = lookup_asv (details_gvariant, "gid", G_VARIANT_TYPE_UINT32, error); + if (v == NULL) + { + g_prefix_error (error, "Error parsing unix-user identity: "); + goto out; + } + gid = g_variant_get_uint32 (v); + g_variant_unref (v); + + ret = polkit_unix_group_new (gid); + } + else if (g_strcmp0 (kind, "unix-netgroup") == 0) + { + GVariant *v; + const char *name; + + v = lookup_asv (details_gvariant, "name", G_VARIANT_TYPE_STRING, error); + if (v == NULL) + { + g_prefix_error (error, "Error parsing net identity: "); + goto out; + } + name = g_variant_get_string (v, NULL); + ret = polkit_unix_netgroup_new (name); + g_variant_unref (v); + } + else + { + g_set_error (error, + POLKIT_ERROR, + POLKIT_ERROR_FAILED, + "Unknown identity of kind `%s'", + kind); + } + + out: + g_variant_unref (details_gvariant); + return ret; +} diff --git a/src/polkit/polkitidentity.h b/src/polkit/polkitidentity.h new file mode 100644 index 00000000..50491ad9 --- /dev/null +++ b/src/polkit/polkitidentity.h @@ -0,0 +1,82 @@ +/* + * Copyright (C) 2008 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, write to the + * Free Software Foundation, Inc., 59 Temple Place, Suite 330, + * Boston, MA 02111-1307, USA. + * + * Author: David Zeuthen + */ + +#if !defined (_POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H) +#error "Only can be included directly, this file may disappear or change contents." +#endif + +#ifndef __POLKIT_IDENTITY_H +#define __POLKIT_IDENTITY_H + +#include +#include +#include + +G_BEGIN_DECLS + +#define POLKIT_TYPE_IDENTITY (polkit_identity_get_type()) +#define POLKIT_IDENTITY(o) (G_TYPE_CHECK_INSTANCE_CAST ((o), POLKIT_TYPE_IDENTITY, PolkitIdentity)) +#define POLKIT_IS_IDENTITY(o) (G_TYPE_CHECK_INSTANCE_TYPE ((o), POLKIT_TYPE_IDENTITY)) +#define POLKIT_IDENTITY_GET_IFACE(o) (G_TYPE_INSTANCE_GET_INTERFACE((o), POLKIT_TYPE_IDENTITY, PolkitIdentityIface)) + +#if 0 +/** + * PolkitIdentity: + * + * Generic type for all objects that can be used as identities. + */ +typedef struct _PolkitIdentity PolkitIdentity; /* Dummy typedef */ +#endif +typedef struct _PolkitIdentityIface PolkitIdentityIface; + +/** + * PolkitIdentityIface: + * @parent_iface: The parent interface. + * @hash: Gets a hash value for a #PolkitIdentity. + * @equal: Checks if two #PolkitIdentitys are equal. + * @to_string: Serializes a #PolkitIdentity to a string that can be + * used in polkit_identity_from_string(). + * + * An interface for identities. + */ +struct _PolkitIdentityIface +{ + GTypeInterface parent_iface; + + guint (*hash) (PolkitIdentity *identity); + + gboolean (*equal) (PolkitIdentity *a, + PolkitIdentity *b); + + gchar * (*to_string) (PolkitIdentity *identity); +}; + +GType polkit_identity_get_type (void) G_GNUC_CONST; +guint polkit_identity_hash (PolkitIdentity *identity); +gboolean polkit_identity_equal (PolkitIdentity *a, + PolkitIdentity *b); +gchar *polkit_identity_to_string (PolkitIdentity *identity); +PolkitIdentity *polkit_identity_from_string (const gchar *str, + GError **error); + +G_END_DECLS + +#endif /* __POLKIT_IDENTITY_H */ diff --git a/src/polkit/polkitimplicitauthorization.c b/src/polkit/polkitimplicitauthorization.c new file mode 100644 index 00000000..1d6a933b --- /dev/null +++ b/src/polkit/polkitimplicitauthorization.c @@ -0,0 +1,125 @@ +/* + * Copyright (C) 2008 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, write to the + * Free Software Foundation, Inc., 59 Temple Place, Suite 330, + * Boston, MA 02111-1307, USA. + * + * Author: David Zeuthen + */ + +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + +#include + +#include "polkitimplicitauthorization.h" +#include "polkitprivate.h" + +/** + * SECTION:polkitimplicitauthorization + * @title: PolkitImplicitAuthorization + * @short_description: Implicit Authorizations + * + * Possible implicit authorizations. + */ + +gboolean +polkit_implicit_authorization_from_string (const gchar *string, + PolkitImplicitAuthorization *out_implicit_authorization) +{ + PolkitImplicitAuthorization result; + gboolean ret; + + ret = TRUE; + result = POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED; + + if (strcmp (string, "no") == 0) + { + result = POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED; + } + else if (strcmp (string, "auth_self") == 0) + { + result = POLKIT_IMPLICIT_AUTHORIZATION_AUTHENTICATION_REQUIRED; + } + else if (strcmp (string, "auth_admin") == 0) + { + result = POLKIT_IMPLICIT_AUTHORIZATION_ADMINISTRATOR_AUTHENTICATION_REQUIRED; + } + else if (strcmp (string, "auth_self_keep") == 0) + { + result = POLKIT_IMPLICIT_AUTHORIZATION_AUTHENTICATION_REQUIRED_RETAINED; + } + else if (strcmp (string, "auth_admin_keep") == 0) + { + result = POLKIT_IMPLICIT_AUTHORIZATION_ADMINISTRATOR_AUTHENTICATION_REQUIRED_RETAINED; + } + else if (strcmp (string, "yes") == 0) + { + result = POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED; + } + else + { + g_warning ("Unknown PolkitImplicitAuthorization string '%s'", string); + ret = FALSE; + result = POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN; + } + + if (out_implicit_authorization != NULL) + *out_implicit_authorization = result; + + return ret; +} + +const gchar * +polkit_implicit_authorization_to_string (PolkitImplicitAuthorization implicit_authorization) +{ + const gchar *s; + + s = "(unknown)"; + + switch (implicit_authorization) + { + case POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN: + s = "unknown"; + break; + + case POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED: + s = "no"; + break; + + case POLKIT_IMPLICIT_AUTHORIZATION_AUTHENTICATION_REQUIRED: + s = "auth_self"; + break; + + case POLKIT_IMPLICIT_AUTHORIZATION_ADMINISTRATOR_AUTHENTICATION_REQUIRED: + s = "auth_admin"; + break; + + case POLKIT_IMPLICIT_AUTHORIZATION_AUTHENTICATION_REQUIRED_RETAINED: + s = "auth_self_keep"; + break; + + case POLKIT_IMPLICIT_AUTHORIZATION_ADMINISTRATOR_AUTHENTICATION_REQUIRED_RETAINED: + s = "auth_admin_keep"; + break; + + case POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED: + s = "yes"; + break; + } + + return s; +} diff --git a/src/polkit/polkitimplicitauthorization.h b/src/polkit/polkitimplicitauthorization.h new file mode 100644 index 00000000..dee2611c --- /dev/null +++ b/src/polkit/polkitimplicitauthorization.h @@ -0,0 +1,64 @@ +/* + * Copyright (C) 2008 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, write to the + * Free Software Foundation, Inc., 59 Temple Place, Suite 330, + * Boston, MA 02111-1307, USA. + * + * Author: David Zeuthen + */ + +#if !defined (_POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H) +#error "Only can be included directly, this file may disappear or change contents." +#endif + +#ifndef __POLKIT_IMPLICIT_AUTHORIZATION_H +#define __POLKIT_IMPLICIT_AUTHORIZATION_H + +#include + +G_BEGIN_DECLS + +/** + * PolkitImplicitAuthorization: + * @POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN: Unknown whether the subject is authorized, never returned in any public API. + * @POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED: Subject is not authorized. + * @POLKIT_IMPLICIT_AUTHORIZATION_AUTHENTICATION_REQUIRED: Authentication is required. + * @POLKIT_IMPLICIT_AUTHORIZATION_ADMINISTRATOR_AUTHENTICATION_REQUIRED: Authentication as an administrator is required. + * @POLKIT_IMPLICIT_AUTHORIZATION_AUTHENTICATION_REQUIRED_RETAINED: Authentication is required. If the authorization is obtained, it is retained. + * @POLKIT_IMPLICIT_AUTHORIZATION_ADMINISTRATOR_AUTHENTICATION_REQUIRED_RETAINED: Authentication as an administrator is required. If the authorization is obtained, it is retained. + * @POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED: The subject is authorized + * + * Possible implicit authorizations. + */ +typedef enum +{ + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN = -1, + POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED = 0, + POLKIT_IMPLICIT_AUTHORIZATION_AUTHENTICATION_REQUIRED = 1, + POLKIT_IMPLICIT_AUTHORIZATION_ADMINISTRATOR_AUTHENTICATION_REQUIRED = 2, + POLKIT_IMPLICIT_AUTHORIZATION_AUTHENTICATION_REQUIRED_RETAINED = 3, + POLKIT_IMPLICIT_AUTHORIZATION_ADMINISTRATOR_AUTHENTICATION_REQUIRED_RETAINED = 4, + POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED = 5, +} PolkitImplicitAuthorization; + +const gchar *polkit_implicit_authorization_to_string (PolkitImplicitAuthorization implicit_authorization); + +gboolean polkit_implicit_authorization_from_string (const gchar *string, + PolkitImplicitAuthorization *out_implicit_authorization); + + +G_END_DECLS + +#endif /* __POLKIT_IMPLICIT_AUTHORIZATION_H */ diff --git a/src/polkit/polkitpermission.c b/src/polkit/polkitpermission.c new file mode 100644 index 00000000..22d195fc --- /dev/null +++ b/src/polkit/polkitpermission.c @@ -0,0 +1,861 @@ +/* + * Copyright (C) 2008-2010 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, write to the + * Free Software Foundation, Inc., 59 Temple Place, Suite 330, + * Boston, MA 02111-1307, USA. + * + * Author: Matthias Clasen + * David Zeuthen + */ + +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + +#include +#include + +#include +#include "polkitpermission.h" +#include + +#include "polkitpermission.h" + +/** + * SECTION:polkitpermission + * @title: PolkitPermission + * @short_description: PolicyKit #GPermission implementation + * @stability: Stable + * + * #PolkitPermission is a #GPermission implementation. It can be used + * with e.g. #GtkLockButton. See the #GPermission documentation for + * more information. + */ + +typedef GPermissionClass PolkitPermissionClass; + +/** + * PolkitPermission: + * + * The #PolkitPermission struct should not be accessed directly. + */ +struct _PolkitPermission +{ + GPermission parent_instance; + + PolkitAuthority *authority; + PolkitSubject *subject; + + gchar *action_id; + + /* non-NULL exactly when authorized with a temporary authorization */ + gchar *tmp_authz_id; +}; + +enum +{ + PROP_0, + PROP_ACTION_ID, + PROP_SUBJECT +}; + +static void process_result (PolkitPermission *permission, + PolkitAuthorizationResult *result); + +static void on_authority_changed (PolkitAuthority *authority, + gpointer user_data); + +static gboolean acquire (GPermission *permission, + GCancellable *cancellable, + GError **error); +static void acquire_async (GPermission *permission, + GCancellable *cancellable, + GAsyncReadyCallback callback, + gpointer user_data); +static gboolean acquire_finish (GPermission *permission, + GAsyncResult *result, + GError **error); + +static gboolean release (GPermission *permission, + GCancellable *cancellable, + GError **error); +static void release_async (GPermission *permission, + GCancellable *cancellable, + GAsyncReadyCallback callback, + gpointer user_data); +static gboolean release_finish (GPermission *permission, + GAsyncResult *result, + GError **error); + +static void initable_iface_init (GInitableIface *initable_iface); +static void async_initable_iface_init (GAsyncInitableIface *async_initable_iface); + +static gboolean polkit_permission_initable_init (GInitable *initable, + GCancellable *cancellable, + GError **error); + +G_DEFINE_TYPE_WITH_CODE (PolkitPermission, polkit_permission, G_TYPE_PERMISSION, + G_IMPLEMENT_INTERFACE (G_TYPE_INITABLE, initable_iface_init) + G_IMPLEMENT_INTERFACE (G_TYPE_ASYNC_INITABLE, async_initable_iface_init)) + + +static void +polkit_permission_init (PolkitPermission *simple) +{ +} + +static void +polkit_permission_constructed (GObject *object) +{ + PolkitPermission *permission = POLKIT_PERMISSION (object); + + if (permission->subject == NULL) + permission->subject = polkit_unix_process_new (getpid ()); + + if (G_OBJECT_CLASS (polkit_permission_parent_class)->constructed != NULL) + G_OBJECT_CLASS (polkit_permission_parent_class)->constructed (object); +} + +static void +polkit_permission_finalize (GObject *object) +{ + PolkitPermission *permission = POLKIT_PERMISSION (object); + + g_free (permission->action_id); + g_free (permission->tmp_authz_id); + g_object_unref (permission->subject); + + g_signal_handlers_disconnect_by_func (permission->authority, + on_authority_changed, + permission); + g_object_unref (permission->authority); + + if (G_OBJECT_CLASS (polkit_permission_parent_class)->finalize != NULL) + G_OBJECT_CLASS (polkit_permission_parent_class)->finalize (object); +} + +static void +polkit_permission_get_property (GObject *object, + guint property_id, + GValue *value, + GParamSpec *pspec) +{ + PolkitPermission *permission = POLKIT_PERMISSION (object); + + switch (property_id) + { + case PROP_ACTION_ID: + g_value_set_string (value, permission->action_id); + break; + + case PROP_SUBJECT: + g_value_set_object (value, permission->subject); + break; + + default: + G_OBJECT_WARN_INVALID_PROPERTY_ID (object, property_id, pspec); + break; + } +} + +static void +polkit_permission_set_property (GObject *object, + guint property_id, + const GValue *value, + GParamSpec *pspec) +{ + PolkitPermission *permission = POLKIT_PERMISSION (object); + + switch (property_id) + { + case PROP_ACTION_ID: + permission->action_id = g_value_dup_string (value); + break; + + case PROP_SUBJECT: + permission->subject = g_value_dup_object (value); + break; + + default: + G_OBJECT_WARN_INVALID_PROPERTY_ID (object, property_id, pspec); + break; + } +} + +static void +polkit_permission_class_init (PolkitPermissionClass *class) +{ + GObjectClass *object_class; + GPermissionClass *permission_class; + + permission_class = G_PERMISSION_CLASS (class); + permission_class->acquire = acquire; + permission_class->acquire_async = acquire_async; + permission_class->acquire_finish = acquire_finish; + permission_class->release = release; + permission_class->release_async = release_async; + permission_class->release_finish = release_finish; + + object_class = G_OBJECT_CLASS (class); + object_class->finalize = polkit_permission_finalize; + object_class->constructed = polkit_permission_constructed; + object_class->get_property = polkit_permission_get_property; + object_class->set_property = polkit_permission_set_property; + + /** + * PolkitPermission:action-id: + * + * The action identifier to use for the permission. + */ + g_object_class_install_property (object_class, + PROP_ACTION_ID, + g_param_spec_string ("action-id", + "Action Identifier", + "The action identifier to use for the permission", + NULL, + G_PARAM_READWRITE | + G_PARAM_CONSTRUCT_ONLY | + G_PARAM_STATIC_STRINGS)); + /** + * PolkitPermission:subject: + * + * The #PolkitSubject to use for the permission. If not set during + * construction, it will be set to match the current process. + */ + g_object_class_install_property (object_class, + PROP_SUBJECT, + g_param_spec_object ("subject", + "Subject", + "The subject to use for the permission", + POLKIT_TYPE_SUBJECT, + G_PARAM_READWRITE | + G_PARAM_CONSTRUCT_ONLY | + G_PARAM_STATIC_STRINGS)); +} + +/** + * polkit_permission_new: + * @action_id: The PolicyKit action identifier. + * @subject: (allow-none): A #PolkitSubject or %NULL for the current process. + * @cancellable: (allow-none): A #GCancellable or %NULL. + * @callback: A #GAsyncReadyCallback to call when the request is satisfied. + * @user_data: The data to pass to @callback. + * + * Creates a #GPermission instance for the PolicyKit action + * @action_id. + * + * When the operation is finished, @callback will be invoked. You can + * then call polkit_permission_new_finish() to get the result of the + * operation. + * + * This is a asynchronous failable constructor. See + * polkit_permission_new_sync() for the synchronous version. + */ +void +polkit_permission_new (const gchar *action_id, + PolkitSubject *subject, + GCancellable *cancellable, + GAsyncReadyCallback callback, + gpointer user_data) +{ + g_return_if_fail (action_id != NULL); + g_return_if_fail (subject == NULL || POLKIT_IS_SUBJECT (subject)); + g_return_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable)); + + g_async_initable_new_async (POLKIT_TYPE_PERMISSION, + G_PRIORITY_DEFAULT, + cancellable, + callback, + user_data, + "action-id", action_id, + "subject", subject, + NULL); +} + +/** + * polkit_permission_new_finish: + * @res: A #GAsyncResult obtained from the #GAsyncReadyCallback passed to polkit_permission_new(). + * @error: (allow-none): Return location for error or %NULL. + * + * Finishes an operation started with polkit_permission_new(). + * + * Returns: A #GPermission or %NULL if @error is set. + */ +GPermission * +polkit_permission_new_finish (GAsyncResult *res, + GError **error) +{ + GObject *object; + GObject *source_object; + + g_return_val_if_fail (G_IS_ASYNC_RESULT (res), NULL); + g_return_val_if_fail (error == NULL || *error == NULL, NULL); + + source_object = g_async_result_get_source_object (res); + g_assert (source_object != NULL); + object = g_async_initable_new_finish (G_ASYNC_INITABLE (source_object), + res, + error); + g_object_unref (source_object); + if (object != NULL) + return G_PERMISSION (object); + else + return NULL; +} + +/** + * polkit_permission_new_sync: + * @action_id: The PolicyKit action identifier. + * @subject: (allow-none): A #PolkitSubject or %NULL for the current process. + * @cancellable: (allow-none): A #GCancellable or %NULL. + * @error: (allow-none): Return location for error or %NULL. + * + * Creates a #GPermission instance for the PolicyKit action + * @action_id. + * + * This is a synchronous failable constructor. See + * polkit_permission_new() for the asynchronous version. + * + * Returns: A #GPermission or %NULL if @error is set. + */ +GPermission * +polkit_permission_new_sync (const gchar *action_id, + PolkitSubject *subject, + GCancellable *cancellable, + GError **error) +{ + g_return_val_if_fail (action_id != NULL, NULL); + g_return_val_if_fail (subject == NULL || POLKIT_IS_SUBJECT (subject), NULL); + g_return_val_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable), NULL); + g_return_val_if_fail (error == NULL || *error == NULL, NULL); + return g_initable_new (POLKIT_TYPE_PERMISSION, + cancellable, + error, + "action-id", action_id, + "subject", subject, + NULL); +} + +static void +initable_iface_init (GInitableIface *initable_iface) +{ + initable_iface->init = polkit_permission_initable_init; +} + +static void +async_initable_iface_init (GAsyncInitableIface *async_initable_iface) +{ + /* for now, we use default implementation to run GInitable code in a + * thread - would probably be nice to have real async version to + * avoid the thread-overhead + */ +} + +/* ---------------------------------------------------------------------------------------------------- */ + +/** + * polkit_permission_get_action_id: + * @permission: A #PolkitPermission. + * + * Gets the PolicyKit action identifier used for @permission. + * + * Returns: A string owned by @permission. Do not free. + */ +const gchar * +polkit_permission_get_action_id (PolkitPermission *permission) +{ + g_return_val_if_fail (POLKIT_IS_PERMISSION (permission), NULL); + return permission->action_id; +} + +/** + * polkit_permission_get_subject: + * @permission: A #PolkitPermission. + * + * Gets the subject used for @permission. + * + * Returns: (transfer none): An object owned by @permission. Do not free. + */ +PolkitSubject * +polkit_permission_get_subject (PolkitPermission *permission) +{ + g_return_val_if_fail (POLKIT_IS_PERMISSION (permission), NULL); + return permission->subject; +} + +/* ---------------------------------------------------------------------------------------------------- */ + +static gboolean +polkit_permission_initable_init (GInitable *initable, + GCancellable *cancellable, + GError **error) +{ + PolkitPermission *permission = POLKIT_PERMISSION (initable); + PolkitAuthorizationResult *result; + gboolean ret; + + ret = FALSE; + + permission->authority = polkit_authority_get_sync (cancellable, error); + if (permission->authority == NULL) + goto out; + + g_signal_connect (permission->authority, + "changed", + G_CALLBACK (on_authority_changed), + permission); + + result = polkit_authority_check_authorization_sync (permission->authority, + permission->subject, + permission->action_id, + NULL, /* PolkitDetails */ + POLKIT_CHECK_AUTHORIZATION_FLAGS_NONE, + cancellable, + error); + if (result == NULL) + goto out; + + process_result (permission, result); + g_object_unref (result); + + ret = TRUE; + + out: + return ret; +} + +/* ---------------------------------------------------------------------------------------------------- */ + +static void +changed_check_cb (GObject *source_object, + GAsyncResult *res, + gpointer user_data) +{ + PolkitPermission *permission = POLKIT_PERMISSION (user_data); + PolkitAuthorizationResult *result; + GError *error; + + error = NULL; + result = polkit_authority_check_authorization_finish (permission->authority, + res, + &error); + if (result != NULL) + { + process_result (permission, result); + } + else + { + /* this really should never fail (since we are not passing any + * details) so log to stderr if it happens + */ + g_warning ("Error checking authorization for action id %s: %s", + permission->action_id, + error->message); + g_error_free (error); + } + g_object_unref (permission); +} + +static void +on_authority_changed (PolkitAuthority *authority, + gpointer user_data) +{ + PolkitPermission *permission = POLKIT_PERMISSION (user_data); + + polkit_authority_check_authorization (permission->authority, + permission->subject, + permission->action_id, + NULL, /* PolkitDetails */ + POLKIT_CHECK_AUTHORIZATION_FLAGS_NONE, + NULL /* cancellable */, + changed_check_cb, + g_object_ref (permission)); +} + +static void +process_result (PolkitPermission *permission, + PolkitAuthorizationResult *result) +{ + gboolean can_acquire; + gboolean can_release; + gboolean allowed; + + /* save the temporary authorization id */ + g_free (permission->tmp_authz_id); + permission->tmp_authz_id = g_strdup (polkit_authorization_result_get_temporary_authorization_id (result)); + allowed = polkit_authorization_result_get_is_authorized (result); + if (permission->tmp_authz_id != NULL) + { + can_acquire = FALSE; + can_release = TRUE; + } + else + { + if (allowed) + can_acquire = FALSE; + else + can_acquire = polkit_authorization_result_get_retains_authorization (result); + can_release = FALSE; + } + g_permission_impl_update (G_PERMISSION (permission), allowed, can_acquire, can_release); +} + +/* ---------------------------------------------------------------------------------------------------- */ + +typedef struct +{ + PolkitPermission *permission; + GSimpleAsyncResult *simple; +} AcquireData; + +static void +acquire_data_free (AcquireData *data) +{ + g_object_unref (data->simple); + g_free (data); +} + +static void +acquire_cb (GObject *source_object, + GAsyncResult *res, + gpointer user_data) +{ + AcquireData *data = user_data; + PolkitAuthorizationResult *result; + GError *error; + + error = NULL; + result = polkit_authority_check_authorization_finish (data->permission->authority, + res, + &error); + if (result != NULL) + { + /* Process the result such that allowed, can_acquire and + * can_release are updated before returning to the user - see + * also release_cb for where we do this as well + */ + process_result (data->permission, result); + if (!polkit_authorization_result_get_is_authorized (result)) + { + if (polkit_authorization_result_get_dismissed (result)) + { + g_simple_async_result_set_error (data->simple, + G_IO_ERROR, + G_IO_ERROR_CANCELLED, + "User dismissed authentication dialog while trying to acquire permission for action-id %s", + data->permission->action_id); + } + else + { + g_simple_async_result_set_error (data->simple, + POLKIT_ERROR, + POLKIT_ERROR_FAILED, + "Failed to acquire permission for action-id %s", + data->permission->action_id); + } + } + g_object_unref (result); + } + else + { + g_simple_async_result_set_from_error (data->simple, error); + g_error_free (error); + } + /* don't complete in idle since we're already completing in idle + * due to how PolkitAuthority works + */ + g_simple_async_result_complete (data->simple); + acquire_data_free (data); +} + +static void +acquire_async (GPermission *gpermission, + GCancellable *cancellable, + GAsyncReadyCallback callback, + gpointer user_data) +{ + PolkitPermission *permission = POLKIT_PERMISSION (gpermission); + AcquireData *data; + + data = g_new0 (AcquireData, 1); + data->permission = permission; + data->simple = g_simple_async_result_new (G_OBJECT (permission), + callback, + user_data, + acquire_async); + + polkit_authority_check_authorization (permission->authority, + permission->subject, + permission->action_id, + NULL, /* PolkitDetails */ + POLKIT_CHECK_AUTHORIZATION_FLAGS_ALLOW_USER_INTERACTION, + cancellable, + acquire_cb, + data); +} + +static gboolean +acquire_finish (GPermission *gpermission, + GAsyncResult *result, + GError **error) +{ + GSimpleAsyncResult *simple; + + simple = G_SIMPLE_ASYNC_RESULT (result); + g_warn_if_fail (g_simple_async_result_get_source_tag (simple) == acquire_async); + + if (g_simple_async_result_propagate_error (simple, error)) + return FALSE; + + return TRUE; +} + +static gboolean +acquire (GPermission *gpermission, + GCancellable *cancellable, + GError **error) +{ + PolkitPermission *permission = POLKIT_PERMISSION (gpermission); + PolkitAuthorizationResult *result; + gboolean ret; + + ret = FALSE; + + result = polkit_authority_check_authorization_sync (permission->authority, + permission->subject, + permission->action_id, + NULL, /* PolkitDetails */ + POLKIT_CHECK_AUTHORIZATION_FLAGS_ALLOW_USER_INTERACTION, + cancellable, + error); + if (result != NULL) + { + /* need to update allowed, can_acquire, can_release before returning to the user */ + process_result (permission, result); + if (polkit_authorization_result_get_is_authorized (result)) + { + ret = TRUE; + } + else if (polkit_authorization_result_get_dismissed (result)) + { + g_set_error (error, + G_IO_ERROR, + G_IO_ERROR_CANCELLED, + "User dismissed authentication dialog while trying to acquire permission for action-id %s", + permission->action_id); + } + else + { + g_set_error (error, + POLKIT_ERROR, + POLKIT_ERROR_FAILED, + "Failed to acquire permission for action-id %s", + permission->action_id); + } + g_object_unref (result); + } + + return ret; +} + +/* ---------------------------------------------------------------------------------------------------- */ + +typedef struct +{ + PolkitPermission *permission; + GSimpleAsyncResult *simple; +} ReleaseData; + +static void +release_data_free (ReleaseData *data) +{ + g_object_unref (data->simple); + g_free (data); +} + +static void +release_check_cb (GObject *source_object, + GAsyncResult *res, + gpointer user_data) +{ + ReleaseData *data = user_data; + PolkitAuthorizationResult *result; + GError *error; + + error = NULL; + result = polkit_authority_check_authorization_finish (data->permission->authority, + res, + &error); + if (result == NULL) + { + g_prefix_error (&error, + "Error checking authorization for action id %s after releasing the permission: ", + data->permission->action_id); + g_simple_async_result_set_from_error (data->simple, error); + g_error_free (error); + } + else + { + process_result (data->permission, result); + g_object_unref (result); + } + /* don't complete in idle since we're already completing in idle + * due to how PolkitAuthority works + */ + g_simple_async_result_complete (data->simple); + release_data_free (data); +} + +static void +release_cb (GObject *source_object, + GAsyncResult *res, + gpointer user_data) +{ + ReleaseData *data = user_data; + GError *error; + gboolean ret; + + ret = FALSE; + + error = NULL; + ret = polkit_authority_revoke_temporary_authorization_by_id_finish (data->permission->authority, + res, + &error); + if (!ret) + { + g_simple_async_result_set_from_error (data->simple, error); + g_error_free (error); + /* don't complete in idle since we're already completing in idle + * due to how PolkitAuthority works + */ + g_simple_async_result_complete (data->simple); + release_data_free (data); + } + else + { + /* need to update allowed, can_acquire and can_release before + * returning to the user - see also acquire_cb where we do this + * as well + */ + polkit_authority_check_authorization (data->permission->authority, + data->permission->subject, + data->permission->action_id, + NULL, /* PolkitDetails */ + POLKIT_CHECK_AUTHORIZATION_FLAGS_NONE, + NULL /* cancellable */, + release_check_cb, + data); + } +} + +static void +release_async (GPermission *gpermission, + GCancellable *cancellable, + GAsyncReadyCallback callback, + gpointer user_data) +{ + PolkitPermission *permission = POLKIT_PERMISSION (gpermission); + ReleaseData *data; + + data = g_new0 (ReleaseData, 1); + data->permission = permission; + data->simple = g_simple_async_result_new (G_OBJECT (permission), + callback, + user_data, + release_async); + + if (permission->tmp_authz_id == NULL) + { + g_simple_async_result_set_error (data->simple, + POLKIT_ERROR, + POLKIT_ERROR_FAILED, + "Cannot release permission: no temporary authorization for action-id %s exist", + permission->action_id); + g_simple_async_result_complete_in_idle (data->simple); + release_data_free (data); + goto out; + } + + polkit_authority_revoke_temporary_authorization_by_id (permission->authority, + permission->tmp_authz_id, + cancellable, + release_cb, + data); + out: + ; +} + +static gboolean +release_finish (GPermission *gpermission, + GAsyncResult *result, + GError **error) +{ + GSimpleAsyncResult *simple; + + simple = G_SIMPLE_ASYNC_RESULT (result); + g_warn_if_fail (g_simple_async_result_get_source_tag (simple) == release_async); + + if (g_simple_async_result_propagate_error (simple, error)) + return FALSE; + + return TRUE; +} + +static gboolean +release (GPermission *gpermission, + GCancellable *cancellable, + GError **error) +{ + PolkitPermission *permission = POLKIT_PERMISSION (gpermission); + PolkitAuthorizationResult *result; + gboolean ret; + + ret = FALSE; + + if (permission->tmp_authz_id == NULL) + { + g_set_error (error, + POLKIT_ERROR, + POLKIT_ERROR_FAILED, + "Cannot release permission: no temporary authorization for action-id %s exist", + permission->action_id); + goto out; + } + + ret = polkit_authority_revoke_temporary_authorization_by_id_sync (permission->authority, + permission->tmp_authz_id, + cancellable, + error); + if (!ret) + goto out; + + /* need to update allowed, can_acquire, can_release before returning to the user */ + result = polkit_authority_check_authorization_sync (permission->authority, + permission->subject, + permission->action_id, + NULL, /* PolkitDetails */ + POLKIT_CHECK_AUTHORIZATION_FLAGS_NONE, + cancellable, + error); + if (result == NULL) + goto out; + process_result (permission, result); + g_object_unref (result); + + out: + return ret; +} + +/* ---------------------------------------------------------------------------------------------------- */ diff --git a/src/polkit/polkitpermission.h b/src/polkit/polkitpermission.h new file mode 100644 index 00000000..3640f0c8 --- /dev/null +++ b/src/polkit/polkitpermission.h @@ -0,0 +1,56 @@ +/* + * Copyright (C) 2008-2010 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, write to the + * Free Software Foundation, Inc., 59 Temple Place, Suite 330, + * Boston, MA 02111-1307, USA. + * + * Author: Matthias Clasen + * David Zeuthen + */ + +#if !defined (_POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H) +#error "Only can be included directly, this file may disappear or change contents." +#endif + +#ifndef __POLKIT_PERMISSION_H +#define __POLKIT_PERMISSION_H + +#include +#include + +G_BEGIN_DECLS + +#define POLKIT_TYPE_PERMISSION (polkit_permission_get_type ()) +#define POLKIT_PERMISSION(o) (G_TYPE_CHECK_INSTANCE_CAST ((o), POLKIT_TYPE_PERMISSION, PolkitPermission)) +#define POLKIT_IS_PERMISSION(o) (G_TYPE_CHECK_INSTANCE_TYPE ((o), POLKIT_TYPE_PERMISSION)) + +GType polkit_permission_get_type (void) G_GNUC_CONST; +void polkit_permission_new (const gchar *action_id, + PolkitSubject *subject, + GCancellable *cancellable, + GAsyncReadyCallback callback, + gpointer user_data); +GPermission *polkit_permission_new_finish (GAsyncResult *res, + GError **error); +GPermission *polkit_permission_new_sync (const gchar *action_id, + PolkitSubject *subject, + GCancellable *cancellable, + GError **error); +const gchar *polkit_permission_get_action_id (PolkitPermission *permission); +PolkitSubject *polkit_permission_get_subject (PolkitPermission *permission); + +G_END_DECLS + +#endif /* __POLKIT_PERMISSION_H */ diff --git a/src/polkit/polkitprivate.h b/src/polkit/polkitprivate.h new file mode 100644 index 00000000..579cc253 --- /dev/null +++ b/src/polkit/polkitprivate.h @@ -0,0 +1,62 @@ +/* + * Copyright (C) 2008 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, write to the + * Free Software Foundation, Inc., 59 Temple Place, Suite 330, + * Boston, MA 02111-1307, USA. + * + * Author: David Zeuthen + */ + +#ifndef __POLKIT_PRIVATE_H +#define __POLKIT_PRIVATE_H + +#include "polkitimplicitauthorization.h" +#include "polkitactiondescription.h" +#include "polkitsubject.h" +#include "polkitauthorizationresult.h" +#include "polkittemporaryauthorization.h" + +PolkitActionDescription *polkit_action_description_new_for_gvariant (GVariant *value); +GVariant *polkit_action_description_to_gvariant (PolkitActionDescription *action_description); + +GVariant *polkit_subject_to_gvariant (PolkitSubject *subject); +GVariant *polkit_identity_to_gvariant (PolkitIdentity *identity); + +PolkitSubject *polkit_subject_new_for_gvariant (GVariant *variant, GError **error); +PolkitIdentity *polkit_identity_new_for_gvariant (GVariant *variant, GError **error); + +PolkitAuthorizationResult *polkit_authorization_result_new_for_gvariant (GVariant *value); +GVariant *polkit_authorization_result_to_gvariant (PolkitAuthorizationResult *authorization_result); + +PolkitTemporaryAuthorization *polkit_temporary_authorization_new_for_gvariant (GVariant *value, + GError **error); +GVariant *polkit_temporary_authorization_to_gvariant (PolkitTemporaryAuthorization *authorization); + +GVariant *polkit_details_to_gvariant (PolkitDetails *details); +PolkitDetails *polkit_details_new_for_gvariant (GVariant *value); + +PolkitActionDescription * +polkit_action_description_new (const gchar *action_id, + const gchar *description, + const gchar *message, + const gchar *vendor_name, + const gchar *vendor_url, + const gchar *icon_name, + PolkitImplicitAuthorization implicit_any, + PolkitImplicitAuthorization implicit_inactive, + PolkitImplicitAuthorization implicit_active, + GHashTable *annotations); + +#endif /* __POLKIT_PRIVATE_H */ diff --git a/src/polkit/polkitsubject.c b/src/polkit/polkitsubject.c new file mode 100644 index 00000000..d2c4c205 --- /dev/null +++ b/src/polkit/polkitsubject.c @@ -0,0 +1,489 @@ +/* + * Copyright (C) 2008 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, write to the + * Free Software Foundation, Inc., 59 Temple Place, Suite 330, + * Boston, MA 02111-1307, USA. + * + * Author: David Zeuthen + */ + +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + +#include +#include + +#include "polkitsubject.h" +#include "polkitunixprocess.h" +#include "polkitunixsession.h" +#include "polkitsystembusname.h" +#include "polkiterror.h" +#include "polkitprivate.h" + +/** + * SECTION:polkitsubject + * @title: PolkitSubject + * @short_description: Type for representing subjects + * + * #PolkitSubject is an abstract type for representing one or more + * processes. + */ + +static void +base_init (gpointer g_iface) +{ +} + +GType +polkit_subject_get_type (void) +{ + static GType iface_type = 0; + + if (iface_type == 0) + { + static const GTypeInfo info = + { + sizeof (PolkitSubjectIface), + base_init, /* base_init */ + NULL, /* base_finalize */ + NULL, /* class_init */ + NULL, /* class_finalize */ + NULL, /* class_data */ + 0, /* instance_size */ + 0, /* n_preallocs */ + NULL, /* instance_init */ + NULL /* value_table */ + }; + + iface_type = g_type_register_static (G_TYPE_INTERFACE, "PolkitSubject", &info, 0); + + g_type_interface_add_prerequisite (iface_type, G_TYPE_OBJECT); + } + + return iface_type; +} + +/** + * polkit_subject_hash: + * @subject: A #PolkitSubject. + * + * Gets a hash code for @subject that can be used with e.g. g_hash_table_new(). + * + * Returns: A hash code. + */ +guint +polkit_subject_hash (PolkitSubject *subject) +{ + g_return_val_if_fail (POLKIT_IS_SUBJECT (subject), 0); + return POLKIT_SUBJECT_GET_IFACE (subject)->hash (subject); +} + +/** + * polkit_subject_equal: + * @a: A #PolkitSubject. + * @b: A #PolkitSubject. + * + * Checks if @a and @b are equal, ie. represent the same subject. + * + * This function can be used in e.g. g_hash_table_new(). + * + * Returns: %TRUE if @a and @b are equal, %FALSE otherwise. + */ +gboolean +polkit_subject_equal (PolkitSubject *a, + PolkitSubject *b) +{ + g_return_val_if_fail (POLKIT_IS_SUBJECT (a), FALSE); + g_return_val_if_fail (POLKIT_IS_SUBJECT (b), FALSE); + + if (!g_type_is_a (G_TYPE_FROM_INSTANCE (a), G_TYPE_FROM_INSTANCE (b))) + return FALSE; + + return POLKIT_SUBJECT_GET_IFACE (a)->equal (a, b); +} + +/** + * polkit_subject_to_string: + * @subject: A #PolkitSubject. + * + * Serializes @subject to a string that can be used in + * polkit_subject_from_string(). + * + * Returns: A string representing @subject. Free with g_free(). + */ +gchar * +polkit_subject_to_string (PolkitSubject *subject) +{ + g_return_val_if_fail (POLKIT_IS_SUBJECT (subject), NULL); + return POLKIT_SUBJECT_GET_IFACE (subject)->to_string (subject); +} + +/** + * polkit_subject_exists: + * @subject: A #PolkitSubject. + * @cancellable: (allow-none): A #GCancellable or %NULL. + * @callback: A #GAsyncReadyCallback to call when the request is satisfied + * @user_data: The data to pass to @callback. + * + * Asynchronously checks if @subject exists. + * + * When the operation is finished, @callback will be invoked in the + * thread-default + * main loop of the thread you are calling this method + * from. You can then call polkit_subject_exists_finish() to get the + * result of the operation. + **/ +void +polkit_subject_exists (PolkitSubject *subject, + GCancellable *cancellable, + GAsyncReadyCallback callback, + gpointer user_data) +{ + g_return_if_fail (POLKIT_IS_SUBJECT (subject)); + g_return_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable)); + POLKIT_SUBJECT_GET_IFACE (subject)->exists (subject, + cancellable, + callback, + user_data); +} + +/** + * polkit_subject_exists_finish: + * @subject: A #PolkitSubject. + * @res: A #GAsyncResult obtained from the #GAsyncReadyCallback passed to polkit_subject_exists(). + * @error: (allow-none): Return location for error or %NULL. + * + * Finishes checking whether a subject exists. + * + * Returns: %TRUE if the subject exists, %FALSE if not or @error is set. + */ +gboolean +polkit_subject_exists_finish (PolkitSubject *subject, + GAsyncResult *res, + GError **error) +{ + g_return_val_if_fail (POLKIT_IS_SUBJECT (subject), FALSE); + g_return_val_if_fail (G_IS_ASYNC_RESULT (res), FALSE); + g_return_val_if_fail (error == NULL || *error == NULL, FALSE); + return POLKIT_SUBJECT_GET_IFACE (subject)->exists_finish (subject, + res, + error); +} + +/** + * polkit_subject_exists_sync: + * @subject: A #PolkitSubject. + * @cancellable: (allow-none): A #GCancellable or %NULL. + * @error: (allow-none): Return location for error or %NULL. + * + * Checks if @subject exists. + * + * This is a synchronous blocking call - the calling thread is blocked + * until a reply is received. See polkit_subject_exists() for the + * asynchronous version. + * + * Returns: %TRUE if the subject exists, %FALSE if not or @error is set. + */ +gboolean +polkit_subject_exists_sync (PolkitSubject *subject, + GCancellable *cancellable, + GError **error) +{ + g_return_val_if_fail (POLKIT_IS_SUBJECT (subject), FALSE); + g_return_val_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable), FALSE); + g_return_val_if_fail (error == NULL || *error == NULL, FALSE); + return POLKIT_SUBJECT_GET_IFACE (subject)->exists_sync (subject, + cancellable, + error); +} + +/** + * polkit_subject_from_string: + * @str: A string obtained from polkit_subject_to_string(). + * @error: (allow-none): Return location for error or %NULL. + * + * Creates an object from @str that implements the #PolkitSubject + * interface. + * + * Returns: (transfer full): A #PolkitSubject or %NULL if @error is + * set. Free with g_object_unref(). + */ +PolkitSubject * +polkit_subject_from_string (const gchar *str, + GError **error) +{ + PolkitSubject *subject; + + g_return_val_if_fail (str != NULL, NULL); + g_return_val_if_fail (error == NULL || *error == NULL, NULL); + + /* TODO: we could do something with VFuncs like in g_icon_from_string() */ + + subject = NULL; + + if (g_str_has_prefix (str, "unix-process:")) + { + gint scanned_pid; + guint64 scanned_starttime; + gint scanned_uid; + if (sscanf (str, "unix-process:%d:%" G_GUINT64_FORMAT ":%d", &scanned_pid, &scanned_starttime, &scanned_uid) == 3) + { + subject = polkit_unix_process_new_for_owner (scanned_pid, scanned_starttime, scanned_uid); + } + else if (sscanf (str, "unix-process:%d:%" G_GUINT64_FORMAT, &scanned_pid, &scanned_starttime) == 2) + { + subject = polkit_unix_process_new_full (scanned_pid, scanned_starttime); + } + else if (sscanf (str, "unix-process:%d", &scanned_pid) == 1) + { + subject = polkit_unix_process_new (scanned_pid); + if (polkit_unix_process_get_start_time (POLKIT_UNIX_PROCESS (subject)) == 0) + { + g_object_unref (subject); + subject = NULL; + g_set_error (error, + POLKIT_ERROR, + POLKIT_ERROR_FAILED, + "Unable to determine start time for process with pid %d", + scanned_pid); + } + } + } + else if (g_str_has_prefix (str, "unix-session:")) + { + subject = polkit_unix_session_new (str + sizeof "unix-session:" - 1); + } + else if (g_str_has_prefix (str, "system-bus-name:")) + { + subject = polkit_system_bus_name_new (str + sizeof "system-bus-name:" - 1); + } + + if (subject == NULL && (error != NULL && *error == NULL)) + { + g_set_error (error, + POLKIT_ERROR, + POLKIT_ERROR_FAILED, + "Malformed subject string `%s'", + str); + } + + + return subject; +} + +GVariant * +polkit_subject_to_gvariant (PolkitSubject *subject) +{ + GVariantBuilder builder; + GVariant *dict; + GVariant *ret; + const gchar *kind; + + kind = ""; + + g_variant_builder_init (&builder, G_VARIANT_TYPE ("a{sv}")); + if (POLKIT_IS_UNIX_PROCESS (subject)) + { + kind = "unix-process"; + g_variant_builder_add (&builder, "{sv}", "pid", + g_variant_new_uint32 (polkit_unix_process_get_pid (POLKIT_UNIX_PROCESS (subject)))); + g_variant_builder_add (&builder, "{sv}", "start-time", + g_variant_new_uint64 (polkit_unix_process_get_start_time (POLKIT_UNIX_PROCESS (subject)))); + g_variant_builder_add (&builder, "{sv}", "uid", + g_variant_new_int32 (polkit_unix_process_get_uid (POLKIT_UNIX_PROCESS (subject)))); + } + else if (POLKIT_IS_UNIX_SESSION (subject)) + { + kind = "unix-session"; + g_variant_builder_add (&builder, "{sv}", "session-id", + g_variant_new_string (polkit_unix_session_get_session_id (POLKIT_UNIX_SESSION (subject)))); + } + else if (POLKIT_IS_SYSTEM_BUS_NAME (subject)) + { + kind = "system-bus-name"; + g_variant_builder_add (&builder, "{sv}", "name", + g_variant_new_string (polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (subject)))); + } + else + { + g_warning ("Unknown class %s implementing PolkitSubject", g_type_name (G_TYPE_FROM_INSTANCE (subject))); + } + + dict = g_variant_builder_end (&builder); + ret = g_variant_new ("(s@a{sv})", kind, dict); + return ret; +} + +static GVariant * +lookup_asv (GVariant *dict, + const gchar *given_key, + const GVariantType *given_type, + GError **error) +{ + GVariantIter iter; + const gchar *key; + GVariant *value; + GVariant *ret; + + ret = NULL; + + g_variant_iter_init (&iter, dict); + while (g_variant_iter_next (&iter, "{&sv}", &key, &value)) + { + if (g_strcmp0 (key, given_key) == 0) + { + if (!g_variant_is_of_type (value, given_type)) + { + gchar *type_string; + type_string = g_variant_type_dup_string (given_type); + g_set_error (error, + POLKIT_ERROR, + POLKIT_ERROR_FAILED, + "Value for key `%s' found but is of type %s and type %s was expected", + given_key, + g_variant_get_type_string (value), + type_string); + g_free (type_string); + goto out; + } + ret = value; + goto out; + } + g_variant_unref (value); + } + + out: + if (ret == NULL) + { + gchar *type_string; + type_string = g_variant_type_dup_string (given_type); + g_set_error (error, + POLKIT_ERROR, + POLKIT_ERROR_FAILED, + "Didn't find value for key `%s' of type %s", + given_key, + type_string); + g_free (type_string); + } + + return ret; +} + +PolkitSubject * +polkit_subject_new_for_gvariant (GVariant *variant, + GError **error) +{ + PolkitSubject *ret; + const gchar *kind; + GVariant *details_gvariant; + + ret = NULL; + + g_variant_get (variant, + "(&s@a{sv})", + &kind, + &details_gvariant); + + if (g_strcmp0 (kind, "unix-process") == 0) + { + GVariant *v; + guint32 pid; + guint64 start_time; + gint32 uid; + + v = lookup_asv (details_gvariant, "pid", G_VARIANT_TYPE_UINT32, error); + if (v == NULL) + { + g_prefix_error (error, "Error parsing unix-process subject: "); + goto out; + } + pid = g_variant_get_uint32 (v); + g_variant_unref (v); + + v = lookup_asv (details_gvariant, "start-time", G_VARIANT_TYPE_UINT64, error); + if (v == NULL) + { + g_prefix_error (error, "Error parsing unix-process subject: "); + goto out; + } + start_time = g_variant_get_uint64 (v); + g_variant_unref (v); + + v = lookup_asv (details_gvariant, "uid", G_VARIANT_TYPE_INT32, error); + if (v != NULL) + { + uid = g_variant_get_int32 (v); + g_variant_unref (v); + } + else + { + uid = -1; + } + + ret = polkit_unix_process_new_for_owner (pid, start_time, uid); + } + else if (g_strcmp0 (kind, "unix-session") == 0) + { + GVariant *v; + const gchar *session_id; + + v = lookup_asv (details_gvariant, "session-id", G_VARIANT_TYPE_STRING, error); + if (v == NULL) + { + g_prefix_error (error, "Error parsing unix-session subject: "); + goto out; + } + session_id = g_variant_get_string (v, NULL); + ret = polkit_unix_session_new (session_id); + g_variant_unref (v); + } + else if (g_strcmp0 (kind, "system-bus-name") == 0) + { + GVariant *v; + const gchar *name; + + v = lookup_asv (details_gvariant, "name", G_VARIANT_TYPE_STRING, error); + if (v == NULL) + { + g_prefix_error (error, "Error parsing system-bus-name subject: "); + goto out; + } + name = g_variant_get_string (v, NULL); + if (!g_dbus_is_unique_name (name)) + { + g_set_error (error, + POLKIT_ERROR, + POLKIT_ERROR_FAILED, + "Error parsing system-bus-name subject: `%s' is not a valid unique name", + name); + goto out; + } + ret = polkit_system_bus_name_new (name); + g_variant_unref (v); + } + else + { + g_set_error (error, + POLKIT_ERROR, + POLKIT_ERROR_FAILED, + "Unknown subject of kind `%s'", + kind); + } + + out: + g_variant_unref (details_gvariant); + return ret; +} diff --git a/src/polkit/polkitsubject.h b/src/polkit/polkitsubject.h new file mode 100644 index 00000000..616d95e8 --- /dev/null +++ b/src/polkit/polkitsubject.h @@ -0,0 +1,108 @@ +/* + * Copyright (C) 2008 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, write to the + * Free Software Foundation, Inc., 59 Temple Place, Suite 330, + * Boston, MA 02111-1307, USA. + * + * Author: David Zeuthen + */ + +#if !defined (_POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H) +#error "Only can be included directly, this file may disappear or change contents." +#endif + +#ifndef __POLKIT_SUBJECT_H +#define __POLKIT_SUBJECT_H + +#include +#include +#include + +G_BEGIN_DECLS + +#define POLKIT_TYPE_SUBJECT (polkit_subject_get_type()) +#define POLKIT_SUBJECT(o) (G_TYPE_CHECK_INSTANCE_CAST ((o), POLKIT_TYPE_SUBJECT, PolkitSubject)) +#define POLKIT_IS_SUBJECT(o) (G_TYPE_CHECK_INSTANCE_TYPE ((o), POLKIT_TYPE_SUBJECT)) +#define POLKIT_SUBJECT_GET_IFACE(o) (G_TYPE_INSTANCE_GET_INTERFACE((o), POLKIT_TYPE_SUBJECT, PolkitSubjectIface)) + +#if 0 +/** + * PolkitSubject: + * + * Generic type for all objects that can be used as subjects. + */ +typedef struct _PolkitSubject PolkitSubject; /* Dummy typedef */ +#endif +typedef struct _PolkitSubjectIface PolkitSubjectIface; + +/** + * PolkitSubjectIface: + * @parent_iface: The parent interface. + * @hash: Gets a hash value for a #PolkitSubject. + * @equal: Checks if two #PolkitSubjects are equal. + * @to_string: Serializes a #PolkitSubject to a string that can be + * used in polkit_subject_from_string(). + * @exists: Asynchronously check if a #PolkitSubject exists. + * @exists_finish: Finishes checking if a #PolkitSubject exists. + * @exists_sync: Synchronously check if a #PolkitSubject exists. + * + * An interface for subjects. + */ +struct _PolkitSubjectIface +{ + GTypeInterface parent_iface; + + guint (*hash) (PolkitSubject *subject); + + gboolean (*equal) (PolkitSubject *a, + PolkitSubject *b); + + gchar * (*to_string) (PolkitSubject *subject); + + void (*exists) (PolkitSubject *subject, + GCancellable *cancellable, + GAsyncReadyCallback callback, + gpointer user_data); + + gboolean (*exists_finish) (PolkitSubject *subject, + GAsyncResult *res, + GError **error); + + gboolean (*exists_sync) (PolkitSubject *subject, + GCancellable *cancellable, + GError **error); +}; + +GType polkit_subject_get_type (void) G_GNUC_CONST; +guint polkit_subject_hash (PolkitSubject *subject); +gboolean polkit_subject_equal (PolkitSubject *a, + PolkitSubject *b); +gchar *polkit_subject_to_string (PolkitSubject *subject); +PolkitSubject *polkit_subject_from_string (const gchar *str, + GError **error); +void polkit_subject_exists (PolkitSubject *subject, + GCancellable *cancellable, + GAsyncReadyCallback callback, + gpointer user_data); +gboolean polkit_subject_exists_finish (PolkitSubject *subject, + GAsyncResult *res, + GError **error); +gboolean polkit_subject_exists_sync (PolkitSubject *subject, + GCancellable *cancellable, + GError **error); + +G_END_DECLS + +#endif /* __POLKIT_SUBJECT_H */ diff --git a/src/polkit/polkitsystembusname.c b/src/polkit/polkitsystembusname.c new file mode 100644 index 00000000..2a297c4a --- /dev/null +++ b/src/polkit/polkitsystembusname.c @@ -0,0 +1,398 @@ +/* + * Copyright (C) 2008 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, write to the + * Free Software Foundation, Inc., 59 Temple Place, Suite 330, + * Boston, MA 02111-1307, USA. + * + * Author: David Zeuthen + */ + +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + +#include +#include "polkitsystembusname.h" +#include "polkitsubject.h" +#include "polkitprivate.h" + +#include "polkitunixprocess.h" + +/** + * SECTION:polkitsystembusname + * @title: PolkitSystemBusName + * @short_description: Unique system bus names + * + * An object that represents a process owning a unique name on the system bus. + */ + +/** + * PolkitUnixSystemBusName: + * + * The #PolkitSystemBusName struct should not be accessed directly. + */ +struct _PolkitSystemBusName +{ + GObject parent_instance; + + gchar *name; +}; + +struct _PolkitSystemBusNameClass +{ + GObjectClass parent_class; +}; + +enum +{ + PROP_0, + PROP_NAME, +}; + +static void subject_iface_init (PolkitSubjectIface *subject_iface); + +G_DEFINE_TYPE_WITH_CODE (PolkitSystemBusName, polkit_system_bus_name, G_TYPE_OBJECT, + G_IMPLEMENT_INTERFACE (POLKIT_TYPE_SUBJECT, subject_iface_init) + ); + +static void +polkit_system_bus_name_init (PolkitSystemBusName *system_bus_name) +{ +} + +static void +polkit_system_bus_name_finalize (GObject *object) +{ + PolkitSystemBusName *system_bus_name = POLKIT_SYSTEM_BUS_NAME (object); + + g_free (system_bus_name->name); + + if (G_OBJECT_CLASS (polkit_system_bus_name_parent_class)->finalize != NULL) + G_OBJECT_CLASS (polkit_system_bus_name_parent_class)->finalize (object); +} + +static void +polkit_system_bus_name_get_property (GObject *object, + guint prop_id, + GValue *value, + GParamSpec *pspec) +{ + PolkitSystemBusName *system_bus_name = POLKIT_SYSTEM_BUS_NAME (object); + + switch (prop_id) + { + case PROP_NAME: + g_value_set_string (value, system_bus_name->name); + break; + + default: + G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); + break; + } +} + +static void +polkit_system_bus_name_set_property (GObject *object, + guint prop_id, + const GValue *value, + GParamSpec *pspec) +{ + PolkitSystemBusName *system_bus_name = POLKIT_SYSTEM_BUS_NAME (object); + + switch (prop_id) + { + case PROP_NAME: + polkit_system_bus_name_set_name (system_bus_name, g_value_get_string (value)); + break; + + default: + G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); + break; + } +} + +static void +polkit_system_bus_name_class_init (PolkitSystemBusNameClass *klass) +{ + GObjectClass *gobject_class = G_OBJECT_CLASS (klass); + + gobject_class->get_property = polkit_system_bus_name_get_property; + gobject_class->set_property = polkit_system_bus_name_set_property; + gobject_class->finalize = polkit_system_bus_name_finalize; + + /** + * PolkitSystemBusName:name: + * + * The unique name on the system message bus. + */ + g_object_class_install_property (gobject_class, + PROP_NAME, + g_param_spec_string ("name", + "Name", + "The unique name on the system message bus", + NULL, + G_PARAM_CONSTRUCT | + G_PARAM_READWRITE | + G_PARAM_STATIC_NAME | + G_PARAM_STATIC_BLURB | + G_PARAM_STATIC_NICK)); + +} + +/** + * polkit_system_bus_name_get_name: + * @system_bus_name: A #PolkitSystemBusName. + * + * Gets the unique system bus name for @system_bus_name. + * + * Returns: The unique system bus name for @system_bus_name. Do not + * free, this string is owned by @system_bus_name. + */ +const gchar * +polkit_system_bus_name_get_name (PolkitSystemBusName *system_bus_name) +{ + g_return_val_if_fail (POLKIT_IS_SYSTEM_BUS_NAME (system_bus_name), NULL); + return system_bus_name->name; +} + +/** + * polkit_system_bus_name_set_name: + * @system_bus_name: A #PolkitSystemBusName. + * @name: A unique system bus name. + * + * Sets the unique system bus name for @system_bus_name. + */ +void +polkit_system_bus_name_set_name (PolkitSystemBusName *system_bus_name, + const gchar *name) +{ + g_return_if_fail (POLKIT_IS_SYSTEM_BUS_NAME (system_bus_name)); + g_return_if_fail (g_dbus_is_unique_name (name)); + g_free (system_bus_name->name); + system_bus_name->name = g_strdup (name); +} + +/** + * polkit_system_bus_name_new: + * @name: A unique system bus name. + * + * Creates a new #PolkitSystemBusName for @name. + * + * Returns: (transfer full): A #PolkitSystemBusName. Free with g_object_unref(). + */ +PolkitSubject * +polkit_system_bus_name_new (const gchar *name) +{ + g_return_val_if_fail (g_dbus_is_unique_name (name), NULL); + return POLKIT_SUBJECT (g_object_new (POLKIT_TYPE_SYSTEM_BUS_NAME, + "name", name, + NULL)); +} + +static guint +polkit_system_bus_name_hash (PolkitSubject *subject) +{ + PolkitSystemBusName *system_bus_name = POLKIT_SYSTEM_BUS_NAME (subject); + + return g_str_hash (system_bus_name->name); +} + +static gboolean +polkit_system_bus_name_equal (PolkitSubject *a, + PolkitSubject *b) +{ + PolkitSystemBusName *name_a; + PolkitSystemBusName *name_b; + + name_a = POLKIT_SYSTEM_BUS_NAME (a); + name_b = POLKIT_SYSTEM_BUS_NAME (b); + + return strcmp (name_a->name, name_b->name) == 0; +} + +static gchar * +polkit_system_bus_name_to_string (PolkitSubject *subject) +{ + PolkitSystemBusName *system_bus_name = POLKIT_SYSTEM_BUS_NAME (subject); + + return g_strdup_printf ("system-bus-name:%s", system_bus_name->name); +} + +static gboolean +polkit_system_bus_name_exists_sync (PolkitSubject *subject, + GCancellable *cancellable, + GError **error) +{ + PolkitSystemBusName *name = POLKIT_SYSTEM_BUS_NAME (subject); + GDBusConnection *connection; + GVariant *result; + gboolean ret; + + ret = FALSE; + + connection = g_bus_get_sync (G_BUS_TYPE_SYSTEM, cancellable, error); + if (connection == NULL) + goto out; + + result = g_dbus_connection_call_sync (connection, + "org.freedesktop.DBus", /* name */ + "/org/freedesktop/DBus", /* object path */ + "org.freedesktop.DBus", /* interface name */ + "NameHasOwner", /* method */ + g_variant_new ("(s)", name->name), + G_VARIANT_TYPE ("(b)"), + G_DBUS_CALL_FLAGS_NONE, + -1, + cancellable, + error); + if (result == NULL) + goto out; + + g_variant_get (result, "(b)", &ret); + g_variant_unref (result); + + out: + if (connection != NULL) + g_object_unref (connection); + return ret; +} + +static void +exists_in_thread_func (GSimpleAsyncResult *res, + GObject *object, + GCancellable *cancellable) +{ + GError *error; + error = NULL; + if (!polkit_system_bus_name_exists_sync (POLKIT_SUBJECT (object), + cancellable, + &error)) + { + g_simple_async_result_set_from_error (res, error); + g_error_free (error); + } +} + +static void +polkit_system_bus_name_exists (PolkitSubject *subject, + GCancellable *cancellable, + GAsyncReadyCallback callback, + gpointer user_data) +{ + GSimpleAsyncResult *simple; + + g_return_if_fail (POLKIT_IS_SYSTEM_BUS_NAME (subject)); + + simple = g_simple_async_result_new (G_OBJECT (subject), + callback, + user_data, + polkit_system_bus_name_exists); + g_simple_async_result_run_in_thread (simple, + exists_in_thread_func, + G_PRIORITY_DEFAULT, + cancellable); + g_object_unref (simple); +} + +static gboolean +polkit_system_bus_name_exists_finish (PolkitSubject *subject, + GAsyncResult *res, + GError **error) +{ + GSimpleAsyncResult *simple = G_SIMPLE_ASYNC_RESULT (res); + gboolean ret; + + g_warn_if_fail (g_simple_async_result_get_source_tag (simple) == polkit_system_bus_name_exists); + + ret = FALSE; + + if (g_simple_async_result_propagate_error (simple, error)) + goto out; + + ret = g_simple_async_result_get_op_res_gboolean (simple); + + out: + return ret; +} + +static void +subject_iface_init (PolkitSubjectIface *subject_iface) +{ + subject_iface->hash = polkit_system_bus_name_hash; + subject_iface->equal = polkit_system_bus_name_equal; + subject_iface->to_string = polkit_system_bus_name_to_string; + subject_iface->exists = polkit_system_bus_name_exists; + subject_iface->exists_finish = polkit_system_bus_name_exists_finish; + subject_iface->exists_sync = polkit_system_bus_name_exists_sync; +} + +/* ---------------------------------------------------------------------------------------------------- */ + +/** + * polkit_system_bus_name_get_process_sync: + * @system_bus_name: A #PolkitSystemBusName. + * @cancellable: (allow-none): A #GCancellable or %NULL. + * @error: (allow-none): Return location for error or %NULL. + * + * Synchronously gets a #PolkitUnixProcess object for @system_bus_name + * - the calling thread is blocked until a reply is received. + * + * Returns: (allow-none) (transfer full): A #PolkitUnixProcess object or %NULL if @error is set. + **/ +PolkitSubject * +polkit_system_bus_name_get_process_sync (PolkitSystemBusName *system_bus_name, + GCancellable *cancellable, + GError **error) +{ + GDBusConnection *connection; + PolkitSubject *ret; + GVariant *result; + guint32 pid; + + g_return_val_if_fail (POLKIT_IS_SYSTEM_BUS_NAME (system_bus_name), NULL); + g_return_val_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable), NULL); + g_return_val_if_fail (error == NULL || *error == NULL, NULL); + + ret = NULL; + + connection = g_bus_get_sync (G_BUS_TYPE_SYSTEM, cancellable, error); + if (connection == NULL) + goto out; + + result = g_dbus_connection_call_sync (connection, + "org.freedesktop.DBus", /* name */ + "/org/freedesktop/DBus", /* object path */ + "org.freedesktop.DBus", /* interface name */ + "GetConnectionUnixProcessID", /* method */ + g_variant_new ("(s)", system_bus_name->name), + G_VARIANT_TYPE ("(u)"), + G_DBUS_CALL_FLAGS_NONE, + -1, + cancellable, + error); + if (result == NULL) + goto out; + + g_variant_get (result, "(u)", &pid); + g_variant_unref (result); + + ret = polkit_unix_process_new (pid); + + out: + if (connection != NULL) + g_object_unref (connection); + return ret; +} + diff --git a/src/polkit/polkitsystembusname.h b/src/polkit/polkitsystembusname.h new file mode 100644 index 00000000..1fc464fc --- /dev/null +++ b/src/polkit/polkitsystembusname.h @@ -0,0 +1,61 @@ +/* + * Copyright (C) 2008 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, write to the + * Free Software Foundation, Inc., 59 Temple Place, Suite 330, + * Boston, MA 02111-1307, USA. + * + * Author: David Zeuthen + */ + +#if !defined (_POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H) +#error "Only can be included directly, this file may disappear or change contents." +#endif + +#ifndef __POLKIT_SYSTEM_BUS_NAME_H +#define __POLKIT_SYSTEM_BUS_NAME_H + +#include +#include +#include +#include +#include + +G_BEGIN_DECLS + +#define POLKIT_TYPE_SYSTEM_BUS_NAME (polkit_system_bus_name_get_type()) +#define POLKIT_SYSTEM_BUS_NAME(o) (G_TYPE_CHECK_INSTANCE_CAST ((o), POLKIT_TYPE_SYSTEM_BUS_NAME, PolkitSystemBusName)) +#define POLKIT_SYSTEM_BUS_NAME_CLASS(k) (G_TYPE_CHECK_CLASS_CAST((k), POLKIT_TYPE_SYSTEM_BUS_NAME, PolkitSystemBusNameClass)) +#define POLKIT_SYSTEM_BUS_NAME_GET_CLASS(o) (G_TYPE_INSTANCE_GET_CLASS ((o), POLKIT_TYPE_SYSTEM_BUS_NAME, PolkitSystemBusNameClass)) +#define POLKIT_IS_SYSTEM_BUS_NAME(o) (G_TYPE_CHECK_INSTANCE_TYPE ((o), POLKIT_TYPE_SYSTEM_BUS_NAME)) +#define POLKIT_IS_SYSTEM_BUS_NAME_CLASS(k) (G_TYPE_CHECK_CLASS_TYPE ((k), POLKIT_TYPE_SYSTEM_BUS_NAME)) + +#if 0 +typedef struct _PolkitSystemBusName PolkitSystemBusName; +#endif +typedef struct _PolkitSystemBusNameClass PolkitSystemBusNameClass; + +GType polkit_system_bus_name_get_type (void) G_GNUC_CONST; +PolkitSubject *polkit_system_bus_name_new (const gchar *name); +const gchar *polkit_system_bus_name_get_name (PolkitSystemBusName *system_bus_name); +void polkit_system_bus_name_set_name (PolkitSystemBusName *system_bus_name, + const gchar *name); +/* TODO: add async version of get_process() method */ +PolkitSubject *polkit_system_bus_name_get_process_sync (PolkitSystemBusName *system_bus_name, + GCancellable *cancellable, + GError **error); + +G_END_DECLS + +#endif /* __POLKIT_SYSTEM_BUS_NAME_H */ diff --git a/src/polkit/polkittemporaryauthorization.c b/src/polkit/polkittemporaryauthorization.c new file mode 100644 index 00000000..b2c60031 --- /dev/null +++ b/src/polkit/polkittemporaryauthorization.c @@ -0,0 +1,233 @@ +/* + * Copyright (C) 2008 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, write to the + * Free Software Foundation, Inc., 59 Temple Place, Suite 330, + * Boston, MA 02111-1307, USA. + * + * Author: David Zeuthen + */ + +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + +#include +#include "polkitimplicitauthorization.h" +#include "polkittemporaryauthorization.h" + +#include "polkitprivate.h" + +/** + * SECTION:polkittemporaryauthorization + * @title: PolkitTemporaryAuthorization + * @short_description: Temporary Authorizations + * + * Object used to describe a temporary authorization. + */ + +/** + * PolkitTemporaryAuthorization: + * + * The #PolkitTemporaryAuthorization struct should not be accessed directly. + */ +struct _PolkitTemporaryAuthorization +{ + GObject parent_instance; + + gchar *id; + gchar *action_id; + PolkitSubject *subject; + guint64 time_obtained; + guint64 time_expires; +}; + +struct _PolkitTemporaryAuthorizationClass +{ + GObjectClass parent_class; +}; + +G_DEFINE_TYPE (PolkitTemporaryAuthorization, polkit_temporary_authorization, G_TYPE_OBJECT); + +static void +polkit_temporary_authorization_init (PolkitTemporaryAuthorization *authorization) +{ +} + +static void +polkit_temporary_authorization_finalize (GObject *object) +{ + PolkitTemporaryAuthorization *authorization = POLKIT_TEMPORARY_AUTHORIZATION (object); + + g_free (authorization->id); + g_free (authorization->action_id); + g_object_unref (authorization->subject); + + if (G_OBJECT_CLASS (polkit_temporary_authorization_parent_class)->finalize != NULL) + G_OBJECT_CLASS (polkit_temporary_authorization_parent_class)->finalize (object); +} + +static void +polkit_temporary_authorization_class_init (PolkitTemporaryAuthorizationClass *klass) +{ + GObjectClass *gobject_class = G_OBJECT_CLASS (klass); + + gobject_class->finalize = polkit_temporary_authorization_finalize; +} + +PolkitTemporaryAuthorization * +polkit_temporary_authorization_new (const gchar *id, + const gchar *action_id, + PolkitSubject *subject, + guint64 time_obtained, + guint64 time_expires) +{ + PolkitTemporaryAuthorization *authorization; + authorization = POLKIT_TEMPORARY_AUTHORIZATION (g_object_new (POLKIT_TYPE_TEMPORARY_AUTHORIZATION, NULL)); + authorization->id = g_strdup (id); + authorization->action_id = g_strdup (action_id); + authorization->subject = g_object_ref (subject); + authorization->time_obtained = time_obtained; + authorization->time_expires = time_expires; + return authorization; +} + +/** + * polkit_temporary_authorization_get_id: + * @authorization: A #PolkitTemporaryAuthorization. + * + * Gets the opaque identifier for @authorization. + * + * Returns: A string owned by @authorization. Do not free. + */ +const gchar * +polkit_temporary_authorization_get_id (PolkitTemporaryAuthorization *authorization) +{ + g_return_val_if_fail (POLKIT_IS_TEMPORARY_AUTHORIZATION (authorization), NULL); + return authorization->id; +} + +/** + * polkit_temporary_authorization_get_action_id: + * @authorization: A #PolkitTemporaryAuthorization. + * + * Gets the action that @authorization is for. + * + * Returns: A string owned by @authorization. Do not free. + **/ +const gchar * +polkit_temporary_authorization_get_action_id (PolkitTemporaryAuthorization *authorization) +{ + g_return_val_if_fail (POLKIT_IS_TEMPORARY_AUTHORIZATION (authorization), NULL); + return authorization->action_id; +} + +/** + * polkit_temporary_authorization_get_subject: + * @authorization: A #PolkitTemporaryAuthorization. + * + * Gets the subject that @authorization is for. + * + * Returns: (transfer full): A #PolkitSubject, free with g_object_unref(). + **/ +PolkitSubject * +polkit_temporary_authorization_get_subject (PolkitTemporaryAuthorization *authorization) +{ + g_return_val_if_fail (POLKIT_IS_TEMPORARY_AUTHORIZATION (authorization), NULL); + return g_object_ref (authorization->subject); +} + +/** + * polkit_temporary_authorization_get_time_obtained: + * @authorization: A #PolkitTemporaryAuthorization. + * + * Gets the time when @authorization was obtained. + * + * (Note that the PolicyKit daemon is using monotonic time internally + * so the returned value may change if system time changes.) + * + * Returns: Seconds since the Epoch Jan 1. 1970, 0:00 UTC. + **/ +guint64 +polkit_temporary_authorization_get_time_obtained (PolkitTemporaryAuthorization *authorization) +{ + g_return_val_if_fail (POLKIT_IS_TEMPORARY_AUTHORIZATION (authorization), 0); + return authorization->time_obtained; +} + +/** + * polkit_temporary_authorization_get_time_expires: + * @authorization: A #PolkitTemporaryAuthorization. + * + * Gets the time when @authorization will expire. + * + * (Note that the PolicyKit daemon is using monotonic time internally + * so the returned value may change if system time changes.) + * + * Returns: Seconds since the Epoch Jan 1. 1970, 0:00 UTC. + **/ +guint64 +polkit_temporary_authorization_get_time_expires (PolkitTemporaryAuthorization *authorization) +{ + g_return_val_if_fail (POLKIT_IS_TEMPORARY_AUTHORIZATION (authorization), 0); + return authorization->time_expires; +} + +PolkitTemporaryAuthorization * +polkit_temporary_authorization_new_for_gvariant (GVariant *value, + GError **error) +{ + PolkitTemporaryAuthorization *authorization; + GVariant *subject_gvariant; + + authorization = POLKIT_TEMPORARY_AUTHORIZATION (g_object_new (POLKIT_TYPE_TEMPORARY_AUTHORIZATION, NULL)); + g_variant_get (value, + "(ss@(sa{sv})tt)", + &authorization->id, + &authorization->action_id, + &subject_gvariant, + &authorization->time_obtained, + &authorization->time_expires); + authorization->subject = polkit_subject_new_for_gvariant (subject_gvariant, error); + if (authorization->subject == NULL) + { + g_object_unref (authorization); + authorization = NULL; + goto out; + } + + out: + g_variant_unref (subject_gvariant); + return authorization; +} + +GVariant * +polkit_temporary_authorization_to_gvariant (PolkitTemporaryAuthorization *authorization) +{ + GVariant *ret; + GVariant *subject_gvariant; + + subject_gvariant = polkit_subject_to_gvariant (authorization->subject); + g_variant_ref_sink (subject_gvariant); + ret = g_variant_new ("(ss@(sa{sv})tt)", + authorization->id, + authorization->action_id, + subject_gvariant, + authorization->time_obtained, + authorization->time_expires); + g_variant_unref (subject_gvariant); + + return ret; +} + diff --git a/src/polkit/polkittemporaryauthorization.h b/src/polkit/polkittemporaryauthorization.h new file mode 100644 index 00000000..4d0c530a --- /dev/null +++ b/src/polkit/polkittemporaryauthorization.h @@ -0,0 +1,61 @@ +/* + * Copyright (C) 2008 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, write to the + * Free Software Foundation, Inc., 59 Temple Place, Suite 330, + * Boston, MA 02111-1307, USA. + * + * Author: David Zeuthen + */ + +#if !defined (_POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H) +#error "Only can be included directly, this file may disappear or change contents." +#endif + +#ifndef __POLKIT_TEMPORARY_AUTHORIZATION_H +#define __POLKIT_TEMPORARY_AUTHORIZATION_H + +#include +#include +#include + +G_BEGIN_DECLS + +#define POLKIT_TYPE_TEMPORARY_AUTHORIZATION (polkit_temporary_authorization_get_type()) +#define POLKIT_TEMPORARY_AUTHORIZATION(o) (G_TYPE_CHECK_INSTANCE_CAST ((o), POLKIT_TYPE_TEMPORARY_AUTHORIZATION, PolkitTemporaryAuthorization)) +#define POLKIT_TEMPORARY_AUTHORIZATION_CLASS(k) (G_TYPE_CHECK_CLASS_CAST((k), POLKIT_TYPE_TEMPORARY_AUTHORIZATION, PolkitTemporaryAuthorizationClass)) +#define POLKIT_TEMPORARY_AUTHORIZATION_GET_CLASS(o) (G_TYPE_INSTANCE_GET_CLASS ((o), POLKIT_TYPE_TEMPORARY_AUTHORIZATION, PolkitTemporaryAuthorizationClass)) +#define POLKIT_IS_TEMPORARY_AUTHORIZATION(o) (G_TYPE_CHECK_INSTANCE_TYPE ((o), POLKIT_TYPE_TEMPORARY_AUTHORIZATION)) +#define POLKIT_IS_TEMPORARY_AUTHORIZATION_CLASS(k) (G_TYPE_CHECK_CLASS_TYPE ((k), POLKIT_TYPE_TEMPORARY_AUTHORIZATION)) + +#if 0 +typedef struct _PolkitTemporaryAuthorization PolkitTemporaryAuthorization; +#endif +typedef struct _PolkitTemporaryAuthorizationClass PolkitTemporaryAuthorizationClass; + +GType polkit_temporary_authorization_get_type (void) G_GNUC_CONST; +PolkitTemporaryAuthorization *polkit_temporary_authorization_new (const gchar *id, + const gchar *action_id, + PolkitSubject *subject, + guint64 time_obtained, + guint64 time_expires); +const gchar *polkit_temporary_authorization_get_id (PolkitTemporaryAuthorization *authorization); +const gchar *polkit_temporary_authorization_get_action_id (PolkitTemporaryAuthorization *authorization); +PolkitSubject *polkit_temporary_authorization_get_subject (PolkitTemporaryAuthorization *authorization); +guint64 polkit_temporary_authorization_get_time_obtained (PolkitTemporaryAuthorization *authorization); +guint64 polkit_temporary_authorization_get_time_expires (PolkitTemporaryAuthorization *authorization); + +G_END_DECLS + +#endif /* __POLKIT_TEMPORARY_AUTHORIZATION_H */ diff --git a/src/polkit/polkittypes.h b/src/polkit/polkittypes.h new file mode 100644 index 00000000..3de17781 --- /dev/null +++ b/src/polkit/polkittypes.h @@ -0,0 +1,67 @@ +/* + * Copyright (C) 2008 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, write to the + * Free Software Foundation, Inc., 59 Temple Place, Suite 330, + * Boston, MA 02111-1307, USA. + * + * Author: David Zeuthen + */ + +#ifndef __POLKIT_TYPES_H +#define __POLKIT_TYPES_H + +#include + +struct _PolkitAuthority; +typedef struct _PolkitAuthority PolkitAuthority; + +struct _PolkitActionDescription; +typedef struct _PolkitActionDescription PolkitActionDescription; + +typedef struct _PolkitSubject PolkitSubject; /* Dummy typedef */ + +struct _PolkitUnixProcess; +typedef struct _PolkitUnixProcess PolkitUnixProcess; + +struct _PolkitUnixSession; +typedef struct _PolkitUnixSession PolkitUnixSession; + +struct _PolkitSystemBusName; +typedef struct _PolkitSystemBusName PolkitSystemBusName; + +typedef struct _PolkitIdentity PolkitIdentity; /* Dummy typedef */ + +struct _PolkitUnixUser; +typedef struct _PolkitUnixUser PolkitUnixUser; + +struct _PolkitUnixGroup; +typedef struct _PolkitUnixGroup PolkitUnixGroup; + +struct _PolkitUnixNetgroup; +typedef struct _PolkitUnixNetgroup PolkitUnixNetgroup; + +struct _PolkitAuthorizationResult; +typedef struct _PolkitAuthorizationResult PolkitAuthorizationResult; + +struct _PolkitDetails; +typedef struct _PolkitDetails PolkitDetails; + +struct _PolkitTemporaryAuthorization; +typedef struct _PolkitTemporaryAuthorization PolkitTemporaryAuthorization; + +struct _PolkitPermission; +typedef struct _PolkitPermission PolkitPermission; + +#endif /* __POLKIT_TYPES_H */ diff --git a/src/polkit/polkitunixgroup.c b/src/polkit/polkitunixgroup.c new file mode 100644 index 00000000..c57a1aaa --- /dev/null +++ b/src/polkit/polkitunixgroup.c @@ -0,0 +1,275 @@ +/* + * Copyright (C) 2008 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, write to the + * Free Software Foundation, Inc., 59 Temple Place, Suite 330, + * Boston, MA 02111-1307, USA. + * + * Author: David Zeuthen + */ + +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + +#include +#include +#include +#include "polkitunixgroup.h" +#include "polkitidentity.h" +#include "polkiterror.h" +#include "polkitprivate.h" + +/** + * SECTION:polkitunixgroup + * @title: PolkitUnixGroup + * @short_description: Unix groups + * + * An object representing a group identity on a UNIX system. + */ + +/** + * PolkitUnixGroup: + * + * The #PolkitUnixGroup struct should not be accessed directly. + */ +struct _PolkitUnixGroup +{ + GObject parent_instance; + + gint gid; +}; + +struct _PolkitUnixGroupClass +{ + GObjectClass parent_class; +}; + +enum +{ + PROP_0, + PROP_GID, +}; + +static void identity_iface_init (PolkitIdentityIface *identity_iface); + +G_DEFINE_TYPE_WITH_CODE (PolkitUnixGroup, polkit_unix_group, G_TYPE_OBJECT, + G_IMPLEMENT_INTERFACE (POLKIT_TYPE_IDENTITY, identity_iface_init) + ); + +static void +polkit_unix_group_init (PolkitUnixGroup *unix_group) +{ +} + +static void +polkit_unix_group_get_property (GObject *object, + guint prop_id, + GValue *value, + GParamSpec *pspec) +{ + PolkitUnixGroup *unix_group = POLKIT_UNIX_GROUP (object); + + switch (prop_id) + { + case PROP_GID: + g_value_set_int (value, unix_group->gid); + break; + + default: + G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); + break; + } +} + +static void +polkit_unix_group_set_property (GObject *object, + guint prop_id, + const GValue *value, + GParamSpec *pspec) +{ + PolkitUnixGroup *unix_group = POLKIT_UNIX_GROUP (object); + + switch (prop_id) + { + case PROP_GID: + unix_group->gid = g_value_get_int (value); + break; + + default: + G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); + break; + } +} + +static void +polkit_unix_group_class_init (PolkitUnixGroupClass *klass) +{ + GObjectClass *gobject_class = G_OBJECT_CLASS (klass); + + gobject_class->get_property = polkit_unix_group_get_property; + gobject_class->set_property = polkit_unix_group_set_property; + + /** + * PolkitUnixGroup:gid: + * + * The UNIX group id. + */ + g_object_class_install_property (gobject_class, + PROP_GID, + g_param_spec_int ("gid", + "Group ID", + "The UNIX group ID", + 0, + G_MAXINT, + 0, + G_PARAM_CONSTRUCT | + G_PARAM_READWRITE | + G_PARAM_STATIC_NAME | + G_PARAM_STATIC_BLURB | + G_PARAM_STATIC_NICK)); + +} + +/** + * polkit_unix_group_get_gid: + * @group: A #PolkitUnixGroup. + * + * Gets the UNIX group id for @group. + * + * Returns: A UNIX group id. + */ +gint +polkit_unix_group_get_gid (PolkitUnixGroup *group) +{ + g_return_val_if_fail (POLKIT_IS_UNIX_GROUP (group), -1); + return group->gid; +} + +/** + * polkit_unix_group_set_gid: + * @group: A #PolkitUnixGroup. + * @gid: A UNIX group id. + * + * Sets @gid for @group. + */ +void +polkit_unix_group_set_gid (PolkitUnixGroup *group, + gint gid) +{ + g_return_if_fail (POLKIT_IS_UNIX_GROUP (group)); + group->gid = gid; +} + +/** + * polkit_unix_group_new: + * @gid: A UNIX group id. + * + * Creates a new #PolkitUnixGroup object for @gid. + * + * Returns: (transfer full): A #PolkitUnixGroup object. Free with g_object_unref(). + */ +PolkitIdentity * +polkit_unix_group_new (gint gid) +{ + return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_GROUP, + "gid", gid, + NULL)); +} + +/** + * polkit_unix_group_new_for_name: + * @name: A UNIX group name. + * @error: Return location for error. + * + * Creates a new #PolkitUnixGroup object for a group with the group name + * @name. + * + * Returns: (transfer full): (allow-none): A #PolkitUnixGroup object or %NULL if @error + * is set. + */ +PolkitIdentity * +polkit_unix_group_new_for_name (const gchar *name, + GError **error) +{ + struct group *group; + PolkitIdentity *identity; + + g_return_val_if_fail (name != NULL, NULL); + g_return_val_if_fail (error == NULL || *error == NULL, NULL); + + identity = NULL; + + group = getgrnam (name); + if (group == NULL) + { + g_set_error (error, + POLKIT_ERROR, + POLKIT_ERROR_FAILED, + "No UNIX group with name %s: %s", + name, + g_strerror (errno)); + goto out; + } + + identity = polkit_unix_group_new (group->gr_gid); + + out: + return identity; +} + +static guint +polkit_unix_group_hash (PolkitIdentity *identity) +{ + PolkitUnixGroup *group; + + group = POLKIT_UNIX_GROUP (identity); + + return g_direct_hash (GINT_TO_POINTER (((gint) (group->gid)) * 2 + 1)); +} + +static gboolean +polkit_unix_group_equal (PolkitIdentity *a, + PolkitIdentity *b) +{ + PolkitUnixGroup *group_a; + PolkitUnixGroup *group_b; + + group_a = POLKIT_UNIX_GROUP (a); + group_b = POLKIT_UNIX_GROUP (b); + + return group_a->gid == group_b->gid; +} + +static gchar * +polkit_unix_group_to_string (PolkitIdentity *identity) +{ + PolkitUnixGroup *group = POLKIT_UNIX_GROUP (identity); + struct group *gr; + + gr = getgrgid (group->gid); + + if (gr == NULL) + return g_strdup_printf ("unix-group:%d", group->gid); + else + return g_strdup_printf ("unix-group:%s", gr->gr_name); +} + +static void +identity_iface_init (PolkitIdentityIface *identity_iface) +{ + identity_iface->hash = polkit_unix_group_hash; + identity_iface->equal = polkit_unix_group_equal; + identity_iface->to_string = polkit_unix_group_to_string; +} diff --git a/src/polkit/polkitunixgroup.h b/src/polkit/polkitunixgroup.h new file mode 100644 index 00000000..3165cf9d --- /dev/null +++ b/src/polkit/polkitunixgroup.h @@ -0,0 +1,59 @@ +/* + * Copyright (C) 2008 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, write to the + * Free Software Foundation, Inc., 59 Temple Place, Suite 330, + * Boston, MA 02111-1307, USA. + * + * Author: David Zeuthen + */ + +#if !defined (_POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H) +#error "Only can be included directly, this file may disappear or change contents." +#endif + +#ifndef __POLKIT_UNIX_GROUP_H +#define __POLKIT_UNIX_GROUP_H + +#include +#include +#include +#include +#include + +G_BEGIN_DECLS + +#define POLKIT_TYPE_UNIX_GROUP (polkit_unix_group_get_type()) +#define POLKIT_UNIX_GROUP(o) (G_TYPE_CHECK_INSTANCE_CAST ((o), POLKIT_TYPE_UNIX_GROUP, PolkitUnixGroup)) +#define POLKIT_UNIX_GROUP_CLASS(k) (G_TYPE_CHECK_CLASS_CAST((k), POLKIT_TYPE_UNIX_GROUP, PolkitUnixGroupClass)) +#define POLKIT_UNIX_GROUP_GET_CLASS(o) (G_TYPE_INSTANCE_GET_CLASS ((o), POLKIT_TYPE_UNIX_GROUP, PolkitUnixGroupClass)) +#define POLKIT_IS_UNIX_GROUP(o) (G_TYPE_CHECK_INSTANCE_TYPE ((o), POLKIT_TYPE_UNIX_GROUP)) +#define POLKIT_IS_UNIX_GROUP_CLASS(k) (G_TYPE_CHECK_CLASS_TYPE ((k), POLKIT_TYPE_UNIX_GROUP)) + +#if 0 +typedef struct _PolkitUnixGroup PolkitUnixGroup; +#endif +typedef struct _PolkitUnixGroupClass PolkitUnixGroupClass; + +GType polkit_unix_group_get_type (void) G_GNUC_CONST; +PolkitIdentity *polkit_unix_group_new (gint gid); +PolkitIdentity *polkit_unix_group_new_for_name (const gchar *name, + GError **error); +gint polkit_unix_group_get_gid (PolkitUnixGroup *group); +void polkit_unix_group_set_gid (PolkitUnixGroup *group, + gint gid); + +G_END_DECLS + +#endif /* __POLKIT_UNIX_GROUP_H */ diff --git a/src/polkit/polkitunixnetgroup.c b/src/polkit/polkitunixnetgroup.c new file mode 100644 index 00000000..e4438eb4 --- /dev/null +++ b/src/polkit/polkitunixnetgroup.c @@ -0,0 +1,242 @@ +/* + * Copyright (C) 2008 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, write to the + * Free Software Foundation, Inc., 59 Temple Place, Suite 330, + * Boston, MA 02111-1307, USA. + * + * Author: David Zeuthen + * Author: Nikki VonHollen + */ + +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + +#include +#include +#include "polkitunixnetgroup.h" +#include "polkitidentity.h" +#include "polkiterror.h" +#include "polkitprivate.h" + +/** + * SECTION:polkitunixnetgroup + * @title: PolkitUnixNetgroup + * @short_description: Unix netgroups + * + * An object representing a netgroup identity on a UNIX system. + */ + +/** + * PolkitUnixNetgroup: + * + * The #PolkitUnixNetgroup struct should not be accessed directly. + */ +struct _PolkitUnixNetgroup +{ + GObject parent_instance; + + gchar *name; +}; + +struct _PolkitUnixNetgroupClass +{ + GObjectClass parent_class; +}; + +enum +{ + PROP_0, + PROP_NAME, +}; + +static void identity_iface_init (PolkitIdentityIface *identity_iface); + +G_DEFINE_TYPE_WITH_CODE (PolkitUnixNetgroup, polkit_unix_netgroup, G_TYPE_OBJECT, + G_IMPLEMENT_INTERFACE (POLKIT_TYPE_IDENTITY, identity_iface_init) + ); + +static void +polkit_unix_netgroup_init (PolkitUnixNetgroup *net_group) +{ + net_group->name = NULL; +} + +static void +polkit_unix_netgroup_finalize (GObject *object) +{ + PolkitUnixNetgroup *net_group = POLKIT_UNIX_NETGROUP (object); + + g_free(net_group->name); + + G_OBJECT_CLASS (polkit_unix_netgroup_parent_class)->finalize (object); +} + +static void +polkit_unix_netgroup_get_property (GObject *object, + guint prop_id, + GValue *value, + GParamSpec *pspec) +{ + PolkitUnixNetgroup *net_group = POLKIT_UNIX_NETGROUP (object); + + switch (prop_id) + { + case PROP_NAME: + g_value_set_string (value, polkit_unix_netgroup_get_name (net_group)); + break; + + default: + G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); + break; + } +} + +static void +polkit_unix_netgroup_set_property (GObject *object, + guint prop_id, + const GValue *value, + GParamSpec *pspec) +{ + PolkitUnixNetgroup *net_group = POLKIT_UNIX_NETGROUP (object); + + switch (prop_id) + { + case PROP_NAME: + polkit_unix_netgroup_set_name (net_group, g_value_get_string (value)); + break; + + default: + G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); + break; + } +} + +static void +polkit_unix_netgroup_class_init (PolkitUnixNetgroupClass *klass) +{ + GObjectClass *gobject_class = G_OBJECT_CLASS (klass); + + gobject_class->finalize = polkit_unix_netgroup_finalize; + gobject_class->get_property = polkit_unix_netgroup_get_property; + gobject_class->set_property = polkit_unix_netgroup_set_property; + + /** + * PolkitUnixNetgroup:name: + * + * The NIS netgroup name. + */ + g_object_class_install_property (gobject_class, + PROP_NAME, + g_param_spec_string ("name", + "Group Name", + "The NIS netgroup name", + NULL, + G_PARAM_CONSTRUCT | + G_PARAM_READWRITE | + G_PARAM_STATIC_NAME | + G_PARAM_STATIC_BLURB | + G_PARAM_STATIC_NICK)); + +} + +/** + * polkit_unix_netgroup_get_name: + * @group: A #PolkitUnixNetgroup. + * + * Gets the netgroup name for @group. + * + * Returns: A netgroup name string. + */ +const gchar * +polkit_unix_netgroup_get_name (PolkitUnixNetgroup *group) +{ + g_return_val_if_fail (POLKIT_IS_UNIX_NETGROUP (group), NULL); + return group->name; +} + +/** + * polkit_unix_netgroup_set_gid: + * @group: A #PolkitUnixNetgroup. + * @name: A netgroup name. + * + * Sets @name for @group. + */ +void +polkit_unix_netgroup_set_name (PolkitUnixNetgroup *group, + const gchar * name) +{ + g_return_if_fail (POLKIT_IS_UNIX_NETGROUP (group)); + g_free(group->name); + group->name = g_strdup(name); +} + +/** + * polkit_unix_netgroup_new: + * @name: A netgroup name. + * + * Creates a new #PolkitUnixNetgroup object for @name. + * + * Returns: (transfer full): A #PolkitUnixNetgroup object. Free with g_object_unref(). + */ +PolkitIdentity * +polkit_unix_netgroup_new (const gchar *name) +{ + g_return_val_if_fail (name != NULL, NULL); + return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_NETGROUP, + "name", name, + NULL)); +} + +static guint +polkit_unix_netgroup_hash (PolkitIdentity *identity) +{ + PolkitUnixNetgroup *group; + + group = POLKIT_UNIX_NETGROUP (identity); + + return g_str_hash(group->name); +} + +static gboolean +polkit_unix_netgroup_equal (PolkitIdentity *a, + PolkitIdentity *b) +{ + PolkitUnixNetgroup *group_a; + PolkitUnixNetgroup *group_b; + + group_a = POLKIT_UNIX_NETGROUP (a); + group_b = POLKIT_UNIX_NETGROUP (b); + + if (g_strcmp0(group_a->name, group_b->name) == 0) + return TRUE; + else + return FALSE; +} + +static gchar * +polkit_unix_netgroup_to_string (PolkitIdentity *identity) +{ + PolkitUnixNetgroup *group = POLKIT_UNIX_NETGROUP (identity); + return g_strconcat("unix-netgroup:", group->name, NULL); +} + +static void +identity_iface_init (PolkitIdentityIface *identity_iface) +{ + identity_iface->hash = polkit_unix_netgroup_hash; + identity_iface->equal = polkit_unix_netgroup_equal; + identity_iface->to_string = polkit_unix_netgroup_to_string; +} diff --git a/src/polkit/polkitunixnetgroup.h b/src/polkit/polkitunixnetgroup.h new file mode 100644 index 00000000..873d4280 --- /dev/null +++ b/src/polkit/polkitunixnetgroup.h @@ -0,0 +1,58 @@ +/* + * Copyright (C) 2008 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, write to the + * Free Software Foundation, Inc., 59 Temple Place, Suite 330, + * Boston, MA 02111-1307, USA. + * + * Author: David Zeuthen + * Author: Nikki VonHollen + */ + +#if !defined (_POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H) +#error "Only can be included directly, this file may disappear or change contents." +#endif + +#ifndef __POLKIT_UNIX_NETGROUP_H +#define __POLKIT_UNIX_NETGROUP_H + +#include +#include +#include +#include +#include + +G_BEGIN_DECLS + +#define POLKIT_TYPE_UNIX_NETGROUP (polkit_unix_netgroup_get_type()) +#define POLKIT_UNIX_NETGROUP(o) (G_TYPE_CHECK_INSTANCE_CAST ((o), POLKIT_TYPE_UNIX_NETGROUP, PolkitUnixNetgroup)) +#define POLKIT_UNIX_NETGROUP_CLASS(k) (G_TYPE_CHECK_CLASS_CAST((k), POLKIT_TYPE_UNIX_NETGROUP, PolkitUnixNetgroupClass)) +#define POLKIT_UNIX_NETGROUP_GET_CLASS(o) (G_TYPE_INSTANCE_GET_CLASS ((o), POLKIT_TYPE_UNIX_NETGROUP, PolkitUnixNetgroupClass)) +#define POLKIT_IS_UNIX_NETGROUP(o) (G_TYPE_CHECK_INSTANCE_TYPE ((o), POLKIT_TYPE_UNIX_NETGROUP)) +#define POLKIT_IS_UNIX_NETGROUP_CLASS(k) (G_TYPE_CHECK_CLASS_TYPE ((k), POLKIT_TYPE_UNIX_NETGROUP)) + +#if 0 +typedef struct _PolkitUnixNetgroup PolkitUnixNetgroup; +#endif +typedef struct _PolkitUnixNetgroupClass PolkitUnixNetgroupClass; + +GType polkit_unix_netgroup_get_type (void) G_GNUC_CONST; +PolkitIdentity *polkit_unix_netgroup_new (const gchar *name); +const gchar *polkit_unix_netgroup_get_name (PolkitUnixNetgroup *group); +void polkit_unix_netgroup_set_name (PolkitUnixNetgroup *group, + const gchar *name); + +G_END_DECLS + +#endif /* __POLKIT_UNIX_NETGROUP_H */ diff --git a/src/polkit/polkitunixprocess.c b/src/polkit/polkitunixprocess.c new file mode 100644 index 00000000..913be3ac --- /dev/null +++ b/src/polkit/polkitunixprocess.c @@ -0,0 +1,748 @@ +/* + * Copyright (C) 2008 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, write to the + * Free Software Foundation, Inc., 59 Temple Place, Suite 330, + * Boston, MA 02111-1307, USA. + * + * Author: David Zeuthen + */ + +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + +#include +#ifdef HAVE_FREEBSD +#include +#include +#include +#endif +#include +#include +#include +#include + +#include "polkitunixprocess.h" +#include "polkitsubject.h" +#include "polkitprivate.h" +#include "polkiterror.h" + +/** + * SECTION:polkitunixprocess + * @title: PolkitUnixProcess + * @short_description: Unix processs + * + * An object for representing a UNIX process. + * + * To uniquely identify processes, both the process id and the start + * time of the process (a monotonic increasing value representing the + * time since the kernel was started) is used. + */ + +/** + * PolkitUnixProcess: + * + * The #PolkitUnixProcess struct should not be accessed directly. + */ +struct _PolkitUnixProcess +{ + GObject parent_instance; + + gint pid; + guint64 start_time; + gint uid; +}; + +struct _PolkitUnixProcessClass +{ + GObjectClass parent_class; +}; + +enum +{ + PROP_0, + PROP_PID, + PROP_START_TIME, + PROP_UID +}; + +static void subject_iface_init (PolkitSubjectIface *subject_iface); + +static guint64 get_start_time_for_pid (gint pid, + GError **error); + +static gint _polkit_unix_process_get_owner (PolkitUnixProcess *process, + GError **error); + +#ifdef HAVE_FREEBSD +static gboolean get_kinfo_proc (gint pid, struct kinfo_proc *p); +#endif + +G_DEFINE_TYPE_WITH_CODE (PolkitUnixProcess, polkit_unix_process, G_TYPE_OBJECT, + G_IMPLEMENT_INTERFACE (POLKIT_TYPE_SUBJECT, subject_iface_init) + ); + +static void +polkit_unix_process_init (PolkitUnixProcess *unix_process) +{ + unix_process->uid = -1; +} + +static void +polkit_unix_process_get_property (GObject *object, + guint prop_id, + GValue *value, + GParamSpec *pspec) +{ + PolkitUnixProcess *unix_process = POLKIT_UNIX_PROCESS (object); + + switch (prop_id) + { + case PROP_PID: + g_value_set_int (value, unix_process->pid); + break; + + case PROP_UID: + g_value_set_int (value, unix_process->uid); + break; + + case PROP_START_TIME: + g_value_set_uint64 (value, unix_process->start_time); + break; + + default: + G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); + break; + } +} + +static void +polkit_unix_process_set_property (GObject *object, + guint prop_id, + const GValue *value, + GParamSpec *pspec) +{ + PolkitUnixProcess *unix_process = POLKIT_UNIX_PROCESS (object); + + switch (prop_id) + { + case PROP_PID: + polkit_unix_process_set_pid (unix_process, g_value_get_int (value)); + break; + + case PROP_UID: + polkit_unix_process_set_uid (unix_process, g_value_get_int (value)); + break; + + case PROP_START_TIME: + polkit_unix_process_set_start_time (unix_process, g_value_get_uint64 (value)); + break; + + default: + G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); + break; + } +} + +static void +polkit_unix_process_constructed (GObject *object) +{ + PolkitUnixProcess *process = POLKIT_UNIX_PROCESS (object); + + /* sets start_time and uid in case they are unset */ + + if (process->start_time == 0) + process->start_time = get_start_time_for_pid (process->pid, NULL); + + if (process->uid == -1) + { + GError *error; + error = NULL; + process->uid = _polkit_unix_process_get_owner (process, &error); + if (error != NULL) + { + process->uid = -1; + g_error_free (error); + } + } + + if (G_OBJECT_CLASS (polkit_unix_process_parent_class)->constructed != NULL) + G_OBJECT_CLASS (polkit_unix_process_parent_class)->constructed (object); +} + +static void +polkit_unix_process_class_init (PolkitUnixProcessClass *klass) +{ + GObjectClass *gobject_class = G_OBJECT_CLASS (klass); + + gobject_class->get_property = polkit_unix_process_get_property; + gobject_class->set_property = polkit_unix_process_set_property; + gobject_class->constructed = polkit_unix_process_constructed; + + /** + * PolkitUnixProcess:pid: + * + * The UNIX process id. + */ + g_object_class_install_property (gobject_class, + PROP_PID, + g_param_spec_int ("pid", + "Process ID", + "The UNIX process ID", + 0, + G_MAXINT, + 0, + G_PARAM_CONSTRUCT | + G_PARAM_READWRITE | + G_PARAM_STATIC_NAME | + G_PARAM_STATIC_BLURB | + G_PARAM_STATIC_NICK)); + + /** + * PolkitUnixProcess:uid: + * + * The UNIX user id of the process or -1 if unknown. + * + * Note that this is the real user-id, not the effective user-id. + */ + g_object_class_install_property (gobject_class, + PROP_UID, + g_param_spec_int ("uid", + "User ID", + "The UNIX user ID", + -1, + G_MAXINT, + -1, + G_PARAM_CONSTRUCT | + G_PARAM_READWRITE | + G_PARAM_STATIC_NAME | + G_PARAM_STATIC_BLURB | + G_PARAM_STATIC_NICK)); + + /** + * PolkitUnixProcess:start-time: + * + * The start time of the process. + */ + g_object_class_install_property (gobject_class, + PROP_START_TIME, + g_param_spec_uint64 ("start-time", + "Start Time", + "The start time of the process, since the machine booted", + 0, + G_MAXUINT64, + 0, + G_PARAM_CONSTRUCT | + G_PARAM_READWRITE | + G_PARAM_STATIC_NAME | + G_PARAM_STATIC_BLURB | + G_PARAM_STATIC_NICK)); + +} + +/** + * polkit_unix_process_get_uid: + * @process: A #PolkitUnixProcess. + * + * Gets the user id for @process. Note that this is the real user-id, + * not the effective user-id. + * + * Returns: The user id for @process or -1 if unknown. + */ +gint +polkit_unix_process_get_uid (PolkitUnixProcess *process) +{ + g_return_val_if_fail (POLKIT_IS_UNIX_PROCESS (process), -1); + return process->uid; +} + +/** + * polkit_unix_process_set_uid: + * @process: A #PolkitUnixProcess. + * @uid: The user id to set for @process or -1 to unset it. + * + * Sets the (real, not effective) user id for @process. + */ +void +polkit_unix_process_set_uid (PolkitUnixProcess *process, + gint uid) +{ + g_return_if_fail (POLKIT_IS_UNIX_PROCESS (process)); + g_return_if_fail (uid >= -1); + process->uid = uid; +} + +/** + * polkit_unix_process_get_pid: + * @process: A #PolkitUnixProcess. + * + * Gets the process id for @process. + * + * Returns: The process id for @process. + */ +gint +polkit_unix_process_get_pid (PolkitUnixProcess *process) +{ + g_return_val_if_fail (POLKIT_IS_UNIX_PROCESS (process), 0); + return process->pid; +} + +/** + * polkit_unix_process_get_start_time: + * @process: A #PolkitUnixProcess. + * + * Gets the start time of @process. + * + * Returns: The start time of @process. + */ +guint64 +polkit_unix_process_get_start_time (PolkitUnixProcess *process) +{ + g_return_val_if_fail (POLKIT_IS_UNIX_PROCESS (process), 0); + return process->start_time; +} + +/** + * polkit_unix_process_set_start_time: + * @process: A #PolkitUnixProcess. + * @start_time: The start time for @pid. + * + * Set the start time of @process. + */ +void +polkit_unix_process_set_start_time (PolkitUnixProcess *process, + guint64 start_time) +{ + g_return_if_fail (POLKIT_IS_UNIX_PROCESS (process)); + process->start_time = start_time; +} + +/** + * polkit_unix_process_set_pid: + * @process: A #PolkitUnixProcess. + * @pid: A process id. + * + * Sets @pid for @process. + */ +void +polkit_unix_process_set_pid (PolkitUnixProcess *process, + gint pid) +{ + g_return_if_fail (POLKIT_IS_UNIX_PROCESS (process)); + process->pid = pid; +} + +/** + * polkit_unix_process_new: + * @pid: The process id. + * + * Creates a new #PolkitUnixProcess for @pid. + * + * The uid and start time of the process will be looked up in using + * e.g. the /proc filesystem depending on the + * platform in use. + * + * Returns: (transfer full): A #PolkitSubject. Free with g_object_unref(). + */ +PolkitSubject * +polkit_unix_process_new (gint pid) +{ + return POLKIT_SUBJECT (g_object_new (POLKIT_TYPE_UNIX_PROCESS, + "pid", pid, + NULL)); +} + +/** + * polkit_unix_process_new_full: + * @pid: The process id. + * @start_time: The start time for @pid. + * + * Creates a new #PolkitUnixProcess object for @pid and @start_time. + * + * The uid of the process will be looked up in using e.g. the + * /proc filesystem depending on the platform in + * use. + * + * Returns: (transfer full): A #PolkitSubject. Free with g_object_unref(). + */ +PolkitSubject * +polkit_unix_process_new_full (gint pid, + guint64 start_time) +{ + return POLKIT_SUBJECT (g_object_new (POLKIT_TYPE_UNIX_PROCESS, + "pid", pid, + "start_time", start_time, + NULL)); +} + +/** + * polkit_unix_process_new_for_owner: + * @pid: The process id. + * @start_time: The start time for @pid or 0 to look it up in e.g. /proc. + * @uid: The (real, not effective) uid of the owner of @pid or -1 to look it up in e.g. /proc. + * + * Creates a new #PolkitUnixProcess object for @pid, @start_time and @uid. + * + * Returns: (transfer full): A #PolkitSubject. Free with g_object_unref(). + */ +PolkitSubject * +polkit_unix_process_new_for_owner (gint pid, + guint64 start_time, + gint uid) +{ + return POLKIT_SUBJECT (g_object_new (POLKIT_TYPE_UNIX_PROCESS, + "pid", pid, + "start_time", start_time, + "uid", uid, + NULL)); +} + +static guint +polkit_unix_process_hash (PolkitSubject *subject) +{ + PolkitUnixProcess *process = POLKIT_UNIX_PROCESS (subject); + + return g_direct_hash (GSIZE_TO_POINTER ((process->pid + process->start_time))) ; +} + +static gboolean +polkit_unix_process_equal (PolkitSubject *a, + PolkitSubject *b) +{ + PolkitUnixProcess *process_a; + PolkitUnixProcess *process_b; + + process_a = POLKIT_UNIX_PROCESS (a); + process_b = POLKIT_UNIX_PROCESS (b); + + return + (process_a->pid == process_b->pid) && + (process_a->start_time == process_b->start_time); +} + +static gchar * +polkit_unix_process_to_string (PolkitSubject *subject) +{ + PolkitUnixProcess *process = POLKIT_UNIX_PROCESS (subject); + + return g_strdup_printf ("unix-process:%d:%" G_GUINT64_FORMAT, process->pid, process->start_time); +} + +static gboolean +polkit_unix_process_exists_sync (PolkitSubject *subject, + GCancellable *cancellable, + GError **error) +{ + PolkitUnixProcess *process = POLKIT_UNIX_PROCESS (subject); + GError *local_error; + guint64 start_time; + gboolean ret; + + ret = TRUE; + + local_error = NULL; + start_time = get_start_time_for_pid (process->pid, &local_error); + if (local_error != NULL) + { + /* Don't propagate the error - it just means there is no process with this pid */ + g_error_free (local_error); + ret = FALSE; + } + else + { + if (start_time != process->start_time) + { + ret = FALSE; + } + } + + return ret; +} + +static void +polkit_unix_process_exists (PolkitSubject *subject, + GCancellable *cancellable, + GAsyncReadyCallback callback, + gpointer user_data) +{ + GSimpleAsyncResult *simple; + simple = g_simple_async_result_new (G_OBJECT (subject), + callback, + user_data, + polkit_unix_process_exists); + g_simple_async_result_complete (simple); + g_object_unref (simple); +} + +static gboolean +polkit_unix_process_exists_finish (PolkitSubject *subject, + GAsyncResult *res, + GError **error) +{ + GSimpleAsyncResult *simple = G_SIMPLE_ASYNC_RESULT (res); + + g_warn_if_fail (g_simple_async_result_get_source_tag (simple) == polkit_unix_process_exists); + + return polkit_unix_process_exists_sync (subject, + NULL, + error); +} + + +static void +subject_iface_init (PolkitSubjectIface *subject_iface) +{ + subject_iface->hash = polkit_unix_process_hash; + subject_iface->equal = polkit_unix_process_equal; + subject_iface->to_string = polkit_unix_process_to_string; + subject_iface->exists = polkit_unix_process_exists; + subject_iface->exists_finish = polkit_unix_process_exists_finish; + subject_iface->exists_sync = polkit_unix_process_exists_sync; +} + +#ifdef HAVE_SOLARIS +static int +get_pid_psinfo (pid_t pid, struct psinfo *ps) +{ + char pname[32]; + int procfd; + + (void) snprintf(pname, sizeof(pname), "/proc/%d/psinfo", pid); + if ((procfd = open(pname, O_RDONLY)) == -1) + { + return -1; + } + if (read(procfd, ps, sizeof(struct psinfo)) < 0) + { + (void) close(procfd); + return -1; + } + (void) close(procfd); + return 0; +} +#endif + +#ifdef HAVE_FREEBSD +static gboolean +get_kinfo_proc (pid_t pid, struct kinfo_proc *p) +{ + int mib[4]; + size_t len; + + len = 4; + sysctlnametomib ("kern.proc.pid", mib, &len); + + len = sizeof (struct kinfo_proc); + mib[3] = pid; + + if (sysctl (mib, 4, p, &len, NULL, 0) == -1) + return FALSE; + + return TRUE; +} +#endif + +static guint64 +get_start_time_for_pid (pid_t pid, + GError **error) +{ + guint64 start_time; +#ifndef HAVE_FREEBSD + gchar *filename; + gchar *contents; + size_t length; + gchar **tokens; + guint num_tokens; + gchar *p; + gchar *endp; + + start_time = 0; + contents = NULL; + + filename = g_strdup_printf ("/proc/%d/stat", pid); + + if (!g_file_get_contents (filename, &contents, &length, error)) + goto out; + + /* start time is the token at index 19 after the '(process name)' entry - since only this + * field can contain the ')' character, search backwards for this to avoid malicious + * processes trying to fool us + */ + p = strrchr (contents, ')'); + if (p == NULL) + { + g_set_error (error, + POLKIT_ERROR, + POLKIT_ERROR_FAILED, + "Error parsing file %s", + filename); + goto out; + } + p += 2; /* skip ') ' */ + if (p - contents >= (int) length) + { + g_set_error (error, + POLKIT_ERROR, + POLKIT_ERROR_FAILED, + "Error parsing file %s", + filename); + goto out; + } + + tokens = g_strsplit (p, " ", 0); + + num_tokens = g_strv_length (tokens); + + if (num_tokens < 20) + { + g_set_error (error, + POLKIT_ERROR, + POLKIT_ERROR_FAILED, + "Error parsing file %s", + filename); + goto out; + } + + start_time = strtoull (tokens[19], &endp, 10); + if (endp == tokens[19]) + { + g_set_error (error, + POLKIT_ERROR, + POLKIT_ERROR_FAILED, + "Error parsing file %s", + filename); + goto out; + } + + g_strfreev (tokens); + + out: + g_free (filename); + g_free (contents); +#else + struct kinfo_proc p; + + start_time = 0; + + if (! get_kinfo_proc (pid, &p)) + { + g_set_error (error, + POLKIT_ERROR, + POLKIT_ERROR_FAILED, + "Error obtaining start time for %d (%s)", + (gint) pid, + g_strerror (errno)); + goto out; + } + + start_time = (guint64) p.ki_start.tv_sec; + +out: +#endif + + return start_time; +} + +static gint +_polkit_unix_process_get_owner (PolkitUnixProcess *process, + GError **error) +{ + gint result; + gchar *contents; + gchar **lines; +#ifdef HAVE_FREEBSD + struct kinfo_proc p; +#else + gchar filename[64]; + guint n; +#endif + + g_return_val_if_fail (POLKIT_IS_UNIX_PROCESS (process), 0); + g_return_val_if_fail (error == NULL || *error == NULL, 0); + + result = 0; + lines = NULL; + contents = NULL; + +#ifdef HAVE_FREEBSD + if (get_kinfo_proc (process->pid, &p) == 0) + { + g_set_error (error, + POLKIT_ERROR, + POLKIT_ERROR_FAILED, + "get_kinfo_proc() failed for pid %d: %s", + process->pid, + g_strerror (errno)); + goto out; + } + + result = p.ki_uid; +#else + + /* see 'man proc' for layout of the status file + * + * Uid, Gid: Real, effective, saved set, and file system UIDs (GIDs). + */ + g_snprintf (filename, sizeof filename, "/proc/%d/status", process->pid); + if (!g_file_get_contents (filename, + &contents, + NULL, + error)) + { + goto out; + } + lines = g_strsplit (contents, "\n", -1); + for (n = 0; lines != NULL && lines[n] != NULL; n++) + { + gint real_uid, effective_uid; + if (!g_str_has_prefix (lines[n], "Uid:")) + continue; + if (sscanf (lines[n] + 4, "%d %d", &real_uid, &effective_uid) != 2) + { + g_set_error (error, + POLKIT_ERROR, + POLKIT_ERROR_FAILED, + "Unexpected line `%s' in file %s", + lines[n], + filename); + goto out; + } + else + { + result = real_uid; + goto out; + } + } + + g_set_error (error, + POLKIT_ERROR, + POLKIT_ERROR_FAILED, + "Didn't find any line starting with `Uid:' in file %s", + filename); +#endif + +out: + g_strfreev (lines); + g_free (contents); + return result; +} + +/* deprecated public method */ +gint +polkit_unix_process_get_owner (PolkitUnixProcess *process, + GError **error) +{ + return _polkit_unix_process_get_owner (process, error); +} diff --git a/src/polkit/polkitunixprocess.h b/src/polkit/polkitunixprocess.h new file mode 100644 index 00000000..531a57d6 --- /dev/null +++ b/src/polkit/polkitunixprocess.h @@ -0,0 +1,71 @@ +/* + * Copyright (C) 2008 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, write to the + * Free Software Foundation, Inc., 59 Temple Place, Suite 330, + * Boston, MA 02111-1307, USA. + * + * Author: David Zeuthen + */ + +#if !defined (_POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H) +#error "Only can be included directly, this file may disappear or change contents." +#endif + +#ifndef __POLKIT_UNIX_PROCESS_H +#define __POLKIT_UNIX_PROCESS_H + +#include +#include +#include +#include +#include + +G_BEGIN_DECLS + +#define POLKIT_TYPE_UNIX_PROCESS (polkit_unix_process_get_type()) +#define POLKIT_UNIX_PROCESS(o) (G_TYPE_CHECK_INSTANCE_CAST ((o), POLKIT_TYPE_UNIX_PROCESS, PolkitUnixProcess)) +#define POLKIT_UNIX_PROCESS_CLASS(k) (G_TYPE_CHECK_CLASS_CAST((k), POLKIT_TYPE_UNIX_PROCESS, PolkitUnixProcessClass)) +#define POLKIT_UNIX_PROCESS_GET_CLASS(o) (G_TYPE_INSTANCE_GET_CLASS ((o), POLKIT_TYPE_UNIX_PROCESS, PolkitUnixProcessClass)) +#define POLKIT_IS_UNIX_PROCESS(o) (G_TYPE_CHECK_INSTANCE_TYPE ((o), POLKIT_TYPE_UNIX_PROCESS)) +#define POLKIT_IS_UNIX_PROCESS_CLASS(k) (G_TYPE_CHECK_CLASS_TYPE ((k), POLKIT_TYPE_UNIX_PROCESS)) + +#if 0 +typedef struct _PolkitUnixProcess PolkitUnixProcess; +#endif +typedef struct _PolkitUnixProcessClass PolkitUnixProcessClass; + +GType polkit_unix_process_get_type (void) G_GNUC_CONST; +PolkitSubject *polkit_unix_process_new (gint pid); +PolkitSubject *polkit_unix_process_new_full (gint pid, + guint64 start_time); +PolkitSubject *polkit_unix_process_new_for_owner (gint pid, + guint64 start_time, + gint uid); +gint polkit_unix_process_get_pid (PolkitUnixProcess *process); +guint64 polkit_unix_process_get_start_time (PolkitUnixProcess *process); +gint polkit_unix_process_get_uid (PolkitUnixProcess *process); +void polkit_unix_process_set_pid (PolkitUnixProcess *process, + gint pid); +void polkit_unix_process_set_uid (PolkitUnixProcess *process, + gint uid); +void polkit_unix_process_set_start_time (PolkitUnixProcess *process, + guint64 start_time); + +gint polkit_unix_process_get_owner (PolkitUnixProcess *process, + GError **error) G_GNUC_DEPRECATED_FOR (polkit_unix_process_get_uid); + +G_END_DECLS + +#endif /* __POLKIT_UNIX_PROCESS_H */ diff --git a/src/polkit/polkitunixsession-systemd.c b/src/polkit/polkitunixsession-systemd.c new file mode 100644 index 00000000..8a8bf65b --- /dev/null +++ b/src/polkit/polkitunixsession-systemd.c @@ -0,0 +1,490 @@ +/* + * Copyright (C) 2011 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, write to the + * Free Software Foundation, Inc., 59 Temple Place, Suite 330, + * Boston, MA 02111-1307, USA. + * + * Author: Matthias Clasen + */ + +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + +#include +#include +#include "polkitunixsession.h" +#include "polkitsubject.h" +#include "polkiterror.h" +#include "polkitprivate.h" + +#include + +/** + * SECTION:polkitunixsession + * @title: PolkitUnixSession + * @short_description: Unix sessions + * + * An object that represents an user session. + * + * The session id is an opaque string obtained from ConsoleKit. + */ + +/** + * PolkitUnixSession: + * + * The #PolkitUnixSession struct should not be accessed directly. + */ +struct _PolkitUnixSession +{ + GObject parent_instance; + + gchar *session_id; + + gint pid; +}; + +struct _PolkitUnixSessionClass +{ + GObjectClass parent_class; +}; + +enum +{ + PROP_0, + PROP_SESSION_ID, + PROP_PID, +}; + +static void subject_iface_init (PolkitSubjectIface *subject_iface); +static void initable_iface_init (GInitableIface *initable_iface); +static void async_initable_iface_init (GAsyncInitableIface *async_initable_iface); + +G_DEFINE_TYPE_WITH_CODE (PolkitUnixSession, polkit_unix_session, G_TYPE_OBJECT, + G_IMPLEMENT_INTERFACE (POLKIT_TYPE_SUBJECT, subject_iface_init) + G_IMPLEMENT_INTERFACE (G_TYPE_INITABLE, initable_iface_init) + G_IMPLEMENT_INTERFACE (G_TYPE_ASYNC_INITABLE, async_initable_iface_init) + ); + +static void +polkit_unix_session_init (PolkitUnixSession *session) +{ +} + +static void +polkit_unix_session_finalize (GObject *object) +{ + PolkitUnixSession *session = POLKIT_UNIX_SESSION (object); + + g_free (session->session_id); + + if (G_OBJECT_CLASS (polkit_unix_session_parent_class)->finalize != NULL) + G_OBJECT_CLASS (polkit_unix_session_parent_class)->finalize (object); +} + +static void +polkit_unix_session_get_property (GObject *object, + guint prop_id, + GValue *value, + GParamSpec *pspec) +{ + PolkitUnixSession *session = POLKIT_UNIX_SESSION (object); + + switch (prop_id) + { + case PROP_SESSION_ID: + g_value_set_string (value, session->session_id); + break; + + default: + G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); + break; + } +} + +static void +polkit_unix_session_set_property (GObject *object, + guint prop_id, + const GValue *value, + GParamSpec *pspec) +{ + PolkitUnixSession *session = POLKIT_UNIX_SESSION (object); + + switch (prop_id) + { + case PROP_SESSION_ID: + polkit_unix_session_set_session_id (session, g_value_get_string (value)); + break; + + case PROP_PID: + session->pid = g_value_get_int (value); + break; + + default: + G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); + break; + } +} + +static void +polkit_unix_session_class_init (PolkitUnixSessionClass *klass) +{ + GObjectClass *gobject_class = G_OBJECT_CLASS (klass); + + gobject_class->finalize = polkit_unix_session_finalize; + gobject_class->get_property = polkit_unix_session_get_property; + gobject_class->set_property = polkit_unix_session_set_property; + + /** + * PolkitUnixSession:session-id: + * + * The UNIX session id. + */ + g_object_class_install_property (gobject_class, + PROP_SESSION_ID, + g_param_spec_string ("session-id", + "Session ID", + "The UNIX session ID", + NULL, + G_PARAM_CONSTRUCT | + G_PARAM_READWRITE | + G_PARAM_STATIC_NAME | + G_PARAM_STATIC_BLURB | + G_PARAM_STATIC_NICK)); + + + /** + * PolkitUnixSession:pid: + * + * The UNIX process id to look up the session. + */ + g_object_class_install_property (gobject_class, + PROP_PID, + g_param_spec_int ("pid", + "Process ID", + "Process ID to use for looking up the session", + 0, + G_MAXINT, + 0, + G_PARAM_CONSTRUCT_ONLY | + G_PARAM_WRITABLE | + G_PARAM_STATIC_NAME | + G_PARAM_STATIC_BLURB | + G_PARAM_STATIC_NICK)); + +} + +/** + * polkit_unix_session_get_session_id: + * @session: A #PolkitUnixSession. + * + * Gets the session id for @session. + * + * Returns: The session id for @session. Do not free this string, it + * is owned by @session. + **/ +const gchar * +polkit_unix_session_get_session_id (PolkitUnixSession *session) +{ + g_return_val_if_fail (POLKIT_IS_UNIX_SESSION (session), NULL); + return session->session_id; +} + +/** + * polkit_unix_session_set_session_id: + * @session: A #PolkitUnixSession. + * @session_id: The session id. + * + * Sets the session id for @session to @session_id. + **/ +void +polkit_unix_session_set_session_id (PolkitUnixSession *session, + const gchar *session_id) +{ + g_return_if_fail (POLKIT_IS_UNIX_SESSION (session)); + /*g_return_if_fail (session_id != NULL);*/ + g_free (session->session_id); + session->session_id = g_strdup (session_id); +} + +/** + * polkit_unix_session_new: + * @session_id: The session id. + * + * Creates a new #PolkitUnixSession for @session_id. + * + * Returns: (transfer full): A #PolkitUnixSession. Free with g_object_unref(). + **/ +PolkitSubject * +polkit_unix_session_new (const gchar *session_id) +{ + return POLKIT_SUBJECT (g_object_new (POLKIT_TYPE_UNIX_SESSION, + "session-id", session_id, + NULL)); +} + +/** + * polkit_unix_session_new_for_process: + * @pid: The process id of the process to get the session for. + * @cancellable: (allow-none): A #GCancellable or %NULL. + * @callback: A #GAsyncReadyCallback to call when the request is satisfied + * @user_data: The data to pass to @callback. + * + * Asynchronously creates a new #PolkitUnixSession object for the + * process with process id @pid. + * + * When the operation is finished, @callback will be invoked in the + * thread-default + * main loop of the thread you are calling this method + * from. You can then call + * polkit_unix_session_new_for_process_finish() to get the result of + * the operation. + * + * This method constructs the object asynchronously, for the synchronous and blocking version + * use polkit_unix_session_new_for_process_sync(). + **/ +void +polkit_unix_session_new_for_process (gint pid, + GCancellable *cancellable, + GAsyncReadyCallback callback, + gpointer user_data) +{ + g_async_initable_new_async (POLKIT_TYPE_UNIX_SESSION, + G_PRIORITY_DEFAULT, + cancellable, + callback, + user_data, + "pid", pid, + NULL); +} + +/** + * polkit_unix_session_new_for_process_finish: + * @res: A #GAsyncResult obtained from the #GAsyncReadyCallback passed to polkit_unix_session_new_for_process(). + * @error: (allow-none): Return location for error. + * + * Finishes constructing a #PolkitSubject for a process id. + * + * Returns: (transfer full) (allow-none): A #PolkitUnixSession for the @pid passed to + * polkit_unix_session_new_for_process() or %NULL if @error is + * set. Free with g_object_unref(). + **/ +PolkitSubject * +polkit_unix_session_new_for_process_finish (GAsyncResult *res, + GError **error) +{ + GObject *object; + GObject *source_object; + + source_object = g_async_result_get_source_object (res); + g_assert (source_object != NULL); + + object = g_async_initable_new_finish (G_ASYNC_INITABLE (source_object), + res, + error); + g_object_unref (source_object); + + if (object != NULL) + return POLKIT_SUBJECT (object); + else + return NULL; +} + + +/** + * polkit_unix_session_new_for_process_sync: + * @pid: The process id of the process to get the session for. + * @cancellable: (allow-none): A #GCancellable or %NULL. + * @error: (allow-none): Return location for error. + * + * Creates a new #PolkitUnixSession for the process with process id @pid. + * + * This is a synchronous call - the calling thread is blocked until a + * reply is received. For the asynchronous version, see + * polkit_unix_session_new_for_process(). + * + * Returns: (allow-none) (transfer full): A #PolkitUnixSession for + * @pid or %NULL if @error is set. Free with g_object_unref(). + **/ +PolkitSubject * +polkit_unix_session_new_for_process_sync (gint pid, + GCancellable *cancellable, + GError **error) +{ + return POLKIT_SUBJECT (g_initable_new (POLKIT_TYPE_UNIX_SESSION, + cancellable, + error, + "pid", pid, + NULL)); +} + +static guint +polkit_unix_session_hash (PolkitSubject *subject) +{ + PolkitUnixSession *session = POLKIT_UNIX_SESSION (subject); + + return g_str_hash (session->session_id); +} + +static gboolean +polkit_unix_session_equal (PolkitSubject *a, + PolkitSubject *b) +{ + PolkitUnixSession *session_a; + PolkitUnixSession *session_b; + + session_a = POLKIT_UNIX_SESSION (a); + session_b = POLKIT_UNIX_SESSION (b); + + return g_strcmp0 (session_a->session_id, session_b->session_id) == 0; +} + +static gchar * +polkit_unix_session_to_string (PolkitSubject *subject) +{ + PolkitUnixSession *session = POLKIT_UNIX_SESSION (subject); + + return g_strdup_printf ("unix-session:%s", session->session_id); +} + +static gboolean +polkit_unix_session_exists_sync (PolkitSubject *subject, + GCancellable *cancellable, + GError **error) +{ + PolkitUnixSession *session = POLKIT_UNIX_SESSION (subject); + gboolean ret = FALSE; + uid_t uid; + + if (sd_session_get_uid (session->session_id, &uid) == 0) + ret = TRUE; + + return ret; +} + +static void +exists_in_thread_func (GSimpleAsyncResult *res, + GObject *object, + GCancellable *cancellable) +{ + GError *error; + error = NULL; + if (!polkit_unix_session_exists_sync (POLKIT_SUBJECT (object), + cancellable, + &error)) + { + g_simple_async_result_set_from_error (res, error); + g_error_free (error); + } +} + +static void +polkit_unix_session_exists (PolkitSubject *subject, + GCancellable *cancellable, + GAsyncReadyCallback callback, + gpointer user_data) +{ + GSimpleAsyncResult *simple; + + g_return_if_fail (POLKIT_IS_UNIX_SESSION (subject)); + + simple = g_simple_async_result_new (G_OBJECT (subject), + callback, + user_data, + polkit_unix_session_exists); + g_simple_async_result_run_in_thread (simple, + exists_in_thread_func, + G_PRIORITY_DEFAULT, + cancellable); + g_object_unref (simple); +} + +static gboolean +polkit_unix_session_exists_finish (PolkitSubject *subject, + GAsyncResult *res, + GError **error) +{ + GSimpleAsyncResult *simple = G_SIMPLE_ASYNC_RESULT (res); + gboolean ret; + + g_warn_if_fail (g_simple_async_result_get_source_tag (simple) == polkit_unix_session_exists); + + ret = FALSE; + + if (g_simple_async_result_propagate_error (simple, error)) + goto out; + + ret = g_simple_async_result_get_op_res_gboolean (simple); + + out: + return ret; +} + +static void +subject_iface_init (PolkitSubjectIface *subject_iface) +{ + subject_iface->hash = polkit_unix_session_hash; + subject_iface->equal = polkit_unix_session_equal; + subject_iface->to_string = polkit_unix_session_to_string; + subject_iface->exists = polkit_unix_session_exists; + subject_iface->exists_finish = polkit_unix_session_exists_finish; + subject_iface->exists_sync = polkit_unix_session_exists_sync; +} + +static gboolean +polkit_unix_session_initable_init (GInitable *initable, + GCancellable *cancellable, + GError **error) +{ + PolkitUnixSession *session = POLKIT_UNIX_SESSION (initable); + gboolean ret = FALSE; + char *s; + + if (session->session_id != NULL) + { + /* already set, nothing to do */ + ret = TRUE; + goto out; + } + + if (sd_pid_get_session (session->pid, &s) == 0) + { + session->session_id = g_strdup (s); + free (s); + ret = TRUE; + goto out; + } + + g_set_error (error, + POLKIT_ERROR, + POLKIT_ERROR_FAILED, + "No session for pid %d", + (gint) session->pid); + +out: + return ret; +} + +static void +initable_iface_init (GInitableIface *initable_iface) +{ + initable_iface->init = polkit_unix_session_initable_init; +} + +static void +async_initable_iface_init (GAsyncInitableIface *async_initable_iface) +{ + /* use default implementation to run GInitable code in a thread */ +} diff --git a/src/polkit/polkitunixsession.c b/src/polkit/polkitunixsession.c new file mode 100644 index 00000000..40817de5 --- /dev/null +++ b/src/polkit/polkitunixsession.c @@ -0,0 +1,527 @@ +/* + * Copyright (C) 2008 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, write to the + * Free Software Foundation, Inc., 59 Temple Place, Suite 330, + * Boston, MA 02111-1307, USA. + * + * Author: David Zeuthen + */ + +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + +#include +#include "polkitunixsession.h" +#include "polkitsubject.h" +#include "polkiterror.h" +#include "polkitprivate.h" + +/** + * SECTION:polkitunixsession + * @title: PolkitUnixSession + * @short_description: Unix sessions + * + * An object that represents an user session. + * + * The session id is an opaque string obtained from ConsoleKit. + */ + +/** + * PolkitUnixSession: + * + * The #PolkitUnixSession struct should not be accessed directly. + */ +struct _PolkitUnixSession +{ + GObject parent_instance; + + gchar *session_id; + + gint pid; +}; + +struct _PolkitUnixSessionClass +{ + GObjectClass parent_class; +}; + +enum +{ + PROP_0, + PROP_SESSION_ID, + PROP_PID, +}; + +static void subject_iface_init (PolkitSubjectIface *subject_iface); +static void initable_iface_init (GInitableIface *initable_iface); +static void async_initable_iface_init (GAsyncInitableIface *async_initable_iface); + +G_DEFINE_TYPE_WITH_CODE (PolkitUnixSession, polkit_unix_session, G_TYPE_OBJECT, + G_IMPLEMENT_INTERFACE (POLKIT_TYPE_SUBJECT, subject_iface_init) + G_IMPLEMENT_INTERFACE (G_TYPE_INITABLE, initable_iface_init) + G_IMPLEMENT_INTERFACE (G_TYPE_ASYNC_INITABLE, async_initable_iface_init) + ); + +static void +polkit_unix_session_init (PolkitUnixSession *session) +{ +} + +static void +polkit_unix_session_finalize (GObject *object) +{ + PolkitUnixSession *session = POLKIT_UNIX_SESSION (object); + + g_free (session->session_id); + + if (G_OBJECT_CLASS (polkit_unix_session_parent_class)->finalize != NULL) + G_OBJECT_CLASS (polkit_unix_session_parent_class)->finalize (object); +} + +static void +polkit_unix_session_get_property (GObject *object, + guint prop_id, + GValue *value, + GParamSpec *pspec) +{ + PolkitUnixSession *session = POLKIT_UNIX_SESSION (object); + + switch (prop_id) + { + case PROP_SESSION_ID: + g_value_set_string (value, session->session_id); + break; + + default: + G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); + break; + } +} + +static void +polkit_unix_session_set_property (GObject *object, + guint prop_id, + const GValue *value, + GParamSpec *pspec) +{ + PolkitUnixSession *session = POLKIT_UNIX_SESSION (object); + + switch (prop_id) + { + case PROP_SESSION_ID: + polkit_unix_session_set_session_id (session, g_value_get_string (value)); + break; + + case PROP_PID: + session->pid = g_value_get_int (value); + break; + + default: + G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); + break; + } +} + +static void +polkit_unix_session_class_init (PolkitUnixSessionClass *klass) +{ + GObjectClass *gobject_class = G_OBJECT_CLASS (klass); + + gobject_class->finalize = polkit_unix_session_finalize; + gobject_class->get_property = polkit_unix_session_get_property; + gobject_class->set_property = polkit_unix_session_set_property; + + /** + * PolkitUnixSession:session-id: + * + * The UNIX session id. + */ + g_object_class_install_property (gobject_class, + PROP_SESSION_ID, + g_param_spec_string ("session-id", + "Session ID", + "The UNIX session ID", + NULL, + G_PARAM_CONSTRUCT | + G_PARAM_READWRITE | + G_PARAM_STATIC_NAME | + G_PARAM_STATIC_BLURB | + G_PARAM_STATIC_NICK)); + + + /** + * PolkitUnixSession:pid: + * + * The UNIX process id to look up the session. + */ + g_object_class_install_property (gobject_class, + PROP_PID, + g_param_spec_int ("pid", + "Process ID", + "Process ID to use for looking up the session", + 0, + G_MAXINT, + 0, + G_PARAM_CONSTRUCT_ONLY | + G_PARAM_WRITABLE | + G_PARAM_STATIC_NAME | + G_PARAM_STATIC_BLURB | + G_PARAM_STATIC_NICK)); + +} + +/** + * polkit_unix_session_get_session_id: + * @session: A #PolkitUnixSession. + * + * Gets the session id for @session. + * + * Returns: The session id for @session. Do not free this string, it + * is owned by @session. + **/ +const gchar * +polkit_unix_session_get_session_id (PolkitUnixSession *session) +{ + g_return_val_if_fail (POLKIT_IS_UNIX_SESSION (session), NULL); + return session->session_id; +} + +/** + * polkit_unix_session_set_session_id: + * @session: A #PolkitUnixSession. + * @session_id: The session id. + * + * Sets the session id for @session to @session_id. + **/ +void +polkit_unix_session_set_session_id (PolkitUnixSession *session, + const gchar *session_id) +{ + g_return_if_fail (POLKIT_IS_UNIX_SESSION (session)); + /*g_return_if_fail (session_id != NULL);*/ + g_free (session->session_id); + session->session_id = g_strdup (session_id); +} + +/** + * polkit_unix_session_new: + * @session_id: The session id. + * + * Creates a new #PolkitUnixSession for @session_id. + * + * Returns: (transfer full): A #PolkitUnixSession. Free with g_object_unref(). + **/ +PolkitSubject * +polkit_unix_session_new (const gchar *session_id) +{ + return POLKIT_SUBJECT (g_object_new (POLKIT_TYPE_UNIX_SESSION, + "session-id", session_id, + NULL)); +} + +/** + * polkit_unix_session_new_for_process: + * @pid: The process id of the process to get the session for. + * @cancellable: (allow-none): A #GCancellable or %NULL. + * @callback: A #GAsyncReadyCallback to call when the request is satisfied + * @user_data: The data to pass to @callback. + * + * Asynchronously creates a new #PolkitUnixSession object for the + * process with process id @pid. + * + * When the operation is finished, @callback will be invoked in the + * thread-default + * main loop of the thread you are calling this method + * from. You can then call + * polkit_unix_session_new_for_process_finish() to get the result of + * the operation. + * + * This method constructs the object asynchronously, for the synchronous and blocking version + * use polkit_unix_session_new_for_process_sync(). + **/ +void +polkit_unix_session_new_for_process (gint pid, + GCancellable *cancellable, + GAsyncReadyCallback callback, + gpointer user_data) +{ + g_async_initable_new_async (POLKIT_TYPE_UNIX_SESSION, + G_PRIORITY_DEFAULT, + cancellable, + callback, + user_data, + "pid", pid, + NULL); +} + +/** + * polkit_unix_session_new_for_process_finish: + * @res: A #GAsyncResult obtained from the #GAsyncReadyCallback passed to polkit_unix_session_new_for_process(). + * @error: (allow-none): Return location for error. + * + * Finishes constructing a #PolkitSubject for a process id. + * + * Returns: (transfer full) (allow-none): A #PolkitUnixSession for the @pid passed to + * polkit_unix_session_new_for_process() or %NULL if @error is + * set. Free with g_object_unref(). + **/ +PolkitSubject * +polkit_unix_session_new_for_process_finish (GAsyncResult *res, + GError **error) +{ + GObject *object; + GObject *source_object; + + source_object = g_async_result_get_source_object (res); + g_assert (source_object != NULL); + + object = g_async_initable_new_finish (G_ASYNC_INITABLE (source_object), + res, + error); + g_object_unref (source_object); + + if (object != NULL) + return POLKIT_SUBJECT (object); + else + return NULL; +} + + +/** + * polkit_unix_session_new_for_process_sync: + * @pid: The process id of the process to get the session for. + * @cancellable: (allow-none): A #GCancellable or %NULL. + * @error: (allow-none): Return location for error. + * + * Creates a new #PolkitUnixSession for the process with process id @pid. + * + * This is a synchronous call - the calling thread is blocked until a + * reply is received. For the asynchronous version, see + * polkit_unix_session_new_for_process(). + * + * Returns: (allow-none) (transfer full): A #PolkitUnixSession for + * @pid or %NULL if @error is set. Free with g_object_unref(). + **/ +PolkitSubject * +polkit_unix_session_new_for_process_sync (gint pid, + GCancellable *cancellable, + GError **error) +{ + return POLKIT_SUBJECT (g_initable_new (POLKIT_TYPE_UNIX_SESSION, + cancellable, + error, + "pid", pid, + NULL)); +} + +static guint +polkit_unix_session_hash (PolkitSubject *subject) +{ + PolkitUnixSession *session = POLKIT_UNIX_SESSION (subject); + + return g_str_hash (session->session_id); +} + +static gboolean +polkit_unix_session_equal (PolkitSubject *a, + PolkitSubject *b) +{ + PolkitUnixSession *session_a; + PolkitUnixSession *session_b; + + session_a = POLKIT_UNIX_SESSION (a); + session_b = POLKIT_UNIX_SESSION (b); + + return g_strcmp0 (session_a->session_id, session_b->session_id) == 0; +} + +static gchar * +polkit_unix_session_to_string (PolkitSubject *subject) +{ + PolkitUnixSession *session = POLKIT_UNIX_SESSION (subject); + + return g_strdup_printf ("unix-session:%s", session->session_id); +} + +static gboolean +polkit_unix_session_exists_sync (PolkitSubject *subject, + GCancellable *cancellable, + GError **error) +{ + PolkitUnixSession *session = POLKIT_UNIX_SESSION (subject); + GDBusConnection *connection; + GVariant *result; + gboolean ret; + + ret = FALSE; + + connection = g_bus_get_sync (G_BUS_TYPE_SYSTEM, cancellable, error); + if (connection == NULL) + goto out; + + result = g_dbus_connection_call_sync (connection, + "org.freedesktop.ConsoleKit", /* name */ + session->session_id, /* object path */ + "org.freedesktop.ConsoleKit.Session", /* interface name */ + "GetUser", /* method */ + NULL, /* parameters */ + G_VARIANT_TYPE ("(u)"), + G_DBUS_CALL_FLAGS_NONE, + -1, + cancellable, + error); + if (result == NULL) + goto out; + + ret = TRUE; + g_variant_unref (result); + + out: + if (connection != NULL) + g_object_unref (connection); + return ret; +} + +static void +exists_in_thread_func (GSimpleAsyncResult *res, + GObject *object, + GCancellable *cancellable) +{ + GError *error; + error = NULL; + if (!polkit_unix_session_exists_sync (POLKIT_SUBJECT (object), + cancellable, + &error)) + { + g_simple_async_result_set_from_error (res, error); + g_error_free (error); + } +} + +static void +polkit_unix_session_exists (PolkitSubject *subject, + GCancellable *cancellable, + GAsyncReadyCallback callback, + gpointer user_data) +{ + GSimpleAsyncResult *simple; + + g_return_if_fail (POLKIT_IS_UNIX_SESSION (subject)); + + simple = g_simple_async_result_new (G_OBJECT (subject), + callback, + user_data, + polkit_unix_session_exists); + g_simple_async_result_run_in_thread (simple, + exists_in_thread_func, + G_PRIORITY_DEFAULT, + cancellable); + g_object_unref (simple); +} + +static gboolean +polkit_unix_session_exists_finish (PolkitSubject *subject, + GAsyncResult *res, + GError **error) +{ + GSimpleAsyncResult *simple = G_SIMPLE_ASYNC_RESULT (res); + gboolean ret; + + g_warn_if_fail (g_simple_async_result_get_source_tag (simple) == polkit_unix_session_exists); + + ret = FALSE; + + if (g_simple_async_result_propagate_error (simple, error)) + goto out; + + ret = g_simple_async_result_get_op_res_gboolean (simple); + + out: + return ret; +} + +static void +subject_iface_init (PolkitSubjectIface *subject_iface) +{ + subject_iface->hash = polkit_unix_session_hash; + subject_iface->equal = polkit_unix_session_equal; + subject_iface->to_string = polkit_unix_session_to_string; + subject_iface->exists = polkit_unix_session_exists; + subject_iface->exists_finish = polkit_unix_session_exists_finish; + subject_iface->exists_sync = polkit_unix_session_exists_sync; +} + +static gboolean +polkit_unix_session_initable_init (GInitable *initable, + GCancellable *cancellable, + GError **error) +{ + PolkitUnixSession *session = POLKIT_UNIX_SESSION (initable); + GDBusConnection *connection; + GVariant *result; + gboolean ret; + + connection = NULL; + ret = FALSE; + + if (session->session_id != NULL) + { + /* already set, nothing to do */ + ret = TRUE; + goto out; + } + + connection = g_bus_get_sync (G_BUS_TYPE_SYSTEM, cancellable, error); + if (connection == NULL) + goto out; + + result = g_dbus_connection_call_sync (connection, + "org.freedesktop.ConsoleKit", /* name */ + "/org/freedesktop/ConsoleKit/Manager", /* object path */ + "org.freedesktop.ConsoleKit.Manager", /* interface name */ + "GetSessionForUnixProcess", /* method */ + g_variant_new ("(u)", session->pid), /* parameters */ + G_VARIANT_TYPE ("(o)"), + G_DBUS_CALL_FLAGS_NONE, + -1, + cancellable, + error); + if (result == NULL) + goto out; + + g_variant_get (result, "(o)", &session->session_id); + g_variant_unref (result); + + ret = TRUE; + + out: + if (connection != NULL) + g_object_unref (connection); + + return ret; +} + +static void +initable_iface_init (GInitableIface *initable_iface) +{ + initable_iface->init = polkit_unix_session_initable_init; +} + +static void +async_initable_iface_init (GAsyncInitableIface *async_initable_iface) +{ + /* use default implementation to run GInitable code in a thread */ +} diff --git a/src/polkit/polkitunixsession.h b/src/polkit/polkitunixsession.h new file mode 100644 index 00000000..2674abe5 --- /dev/null +++ b/src/polkit/polkitunixsession.h @@ -0,0 +1,64 @@ +/* + * Copyright (C) 2008 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, write to the + * Free Software Foundation, Inc., 59 Temple Place, Suite 330, + * Boston, MA 02111-1307, USA. + * + * Author: David Zeuthen + */ + +#if !defined (_POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H) +#error "Only can be included directly, this file may disappear or change contents." +#endif + +#ifndef __POLKIT_UNIX_SESSION_H +#define __POLKIT_UNIX_SESSION_H + +#include +#include +#include + +G_BEGIN_DECLS + +#define POLKIT_TYPE_UNIX_SESSION (polkit_unix_session_get_type()) +#define POLKIT_UNIX_SESSION(o) (G_TYPE_CHECK_INSTANCE_CAST ((o), POLKIT_TYPE_UNIX_SESSION, PolkitUnixSession)) +#define POLKIT_UNIX_SESSION_CLASS(k) (G_TYPE_CHECK_CLASS_CAST((k), POLKIT_TYPE_UNIX_SESSION, PolkitUnixSessionClass)) +#define POLKIT_UNIX_SESSION_GET_CLASS(o) (G_TYPE_INSTANCE_GET_CLASS ((o), POLKIT_TYPE_UNIX_SESSION, PolkitUnixSessionClass)) +#define POLKIT_IS_UNIX_SESSION(o) (G_TYPE_CHECK_INSTANCE_TYPE ((o), POLKIT_TYPE_UNIX_SESSION)) +#define POLKIT_IS_UNIX_SESSION_CLASS(k) (G_TYPE_CHECK_CLASS_TYPE ((k), POLKIT_TYPE_UNIX_SESSION)) + +#if 0 +typedef struct _PolkitUnixSession PolkitUnixSession; +#endif +typedef struct _PolkitUnixSessionClass PolkitUnixSessionClass; + +GType polkit_unix_session_get_type (void) G_GNUC_CONST; +PolkitSubject *polkit_unix_session_new (const gchar *session_id); +void polkit_unix_session_new_for_process (gint pid, + GCancellable *cancellable, + GAsyncReadyCallback callback, + gpointer user_data); +PolkitSubject *polkit_unix_session_new_for_process_finish (GAsyncResult *res, + GError **error); +PolkitSubject *polkit_unix_session_new_for_process_sync (gint pid, + GCancellable *cancellable, + GError **error); +const gchar *polkit_unix_session_get_session_id (PolkitUnixSession *session); +void polkit_unix_session_set_session_id (PolkitUnixSession *session, + const gchar *session_id); + +G_END_DECLS + +#endif /* __POLKIT_UNIX_SESSION_H */ diff --git a/src/polkit/polkitunixuser.c b/src/polkit/polkitunixuser.c new file mode 100644 index 00000000..8bfd3a1f --- /dev/null +++ b/src/polkit/polkitunixuser.c @@ -0,0 +1,308 @@ +/* + * Copyright (C) 2008 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, write to the + * Free Software Foundation, Inc., 59 Temple Place, Suite 330, + * Boston, MA 02111-1307, USA. + * + * Author: David Zeuthen + */ + +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + +#include +#include +#include +#include "polkitunixuser.h" +#include "polkitidentity.h" +#include "polkiterror.h" +#include "polkitprivate.h" + +/** + * SECTION:polkitunixuser + * @title: PolkitUnixUser + * @short_description: Unix users + * + * An object representing a user identity on a UNIX system. + */ + +/** + * PolkitUnixUser: + * + * The #PolkitUnixUser struct should not be accessed directly. + */ +struct _PolkitUnixUser +{ + GObject parent_instance; + + gint uid; + gchar *name; +}; + +struct _PolkitUnixUserClass +{ + GObjectClass parent_class; +}; + +enum +{ + PROP_0, + PROP_UID, +}; + +static void identity_iface_init (PolkitIdentityIface *identity_iface); + +G_DEFINE_TYPE_WITH_CODE (PolkitUnixUser, polkit_unix_user, G_TYPE_OBJECT, + G_IMPLEMENT_INTERFACE (POLKIT_TYPE_IDENTITY, identity_iface_init) + ); + +static void +polkit_unix_user_init (PolkitUnixUser *unix_user) +{ + unix_user->name = NULL; +} + +static void +polkit_unix_user_finalize (GObject *object) +{ + PolkitUnixUser *unix_user = POLKIT_UNIX_USER (object); + + g_free(unix_user->name); + + G_OBJECT_CLASS (polkit_unix_user_parent_class)->finalize (object); +} + +static void +polkit_unix_user_get_property (GObject *object, + guint prop_id, + GValue *value, + GParamSpec *pspec) +{ + PolkitUnixUser *unix_user = POLKIT_UNIX_USER (object); + + switch (prop_id) + { + case PROP_UID: + g_value_set_int (value, unix_user->uid); + break; + + default: + G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); + break; + } +} + +static void +polkit_unix_user_set_property (GObject *object, + guint prop_id, + const GValue *value, + GParamSpec *pspec) +{ + PolkitUnixUser *unix_user = POLKIT_UNIX_USER (object); + + switch (prop_id) + { + case PROP_UID: + unix_user->uid = g_value_get_int (value); + break; + + default: + G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); + break; + } +} + +static void +polkit_unix_user_class_init (PolkitUnixUserClass *klass) +{ + GObjectClass *gobject_class = G_OBJECT_CLASS (klass); + + gobject_class->finalize = polkit_unix_user_finalize; + gobject_class->get_property = polkit_unix_user_get_property; + gobject_class->set_property = polkit_unix_user_set_property; + + /** + * PolkitUnixUser:uid: + * + * The UNIX user id. + */ + g_object_class_install_property (gobject_class, + PROP_UID, + g_param_spec_int ("uid", + "User ID", + "The UNIX user ID", + 0, + G_MAXINT, + 0, + G_PARAM_CONSTRUCT | + G_PARAM_READWRITE | + G_PARAM_STATIC_NAME | + G_PARAM_STATIC_BLURB | + G_PARAM_STATIC_NICK)); + +} + +/** + * polkit_unix_user_get_uid: + * @user: A #PolkitUnixUser. + * + * Gets the UNIX user id for @user. + * + * Returns: A UNIX user id. + */ +gint +polkit_unix_user_get_uid (PolkitUnixUser *user) +{ + g_return_val_if_fail (POLKIT_IS_UNIX_USER (user), -1); + return user->uid; +} + +/** + * polkit_unix_user_set_uid: + * @user: A #PolkitUnixUser. + * @uid: A UNIX user id. + * + * Sets @uid for @user. + */ +void +polkit_unix_user_set_uid (PolkitUnixUser *user, + gint uid) +{ + g_return_if_fail (POLKIT_IS_UNIX_USER (user)); + user->uid = uid; +} + +/** + * polkit_unix_user_new: + * @uid: A UNIX user id. + * + * Creates a new #PolkitUnixUser object for @uid. + * + * Returns: (transfer full): A #PolkitUnixUser object. Free with g_object_unref(). + */ +PolkitIdentity * +polkit_unix_user_new (gint uid) +{ + return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_USER, + "uid", uid, + NULL)); +} + +/** + * polkit_unix_user_new_for_name: + * @name: A UNIX user name. + * @error: Return location for error. + * + * Creates a new #PolkitUnixUser object for a user with the user name + * @name. + * + * Returns: (allow-none) (transfer full): A #PolkitUnixUser object or %NULL if @error is set. + */ +PolkitIdentity * +polkit_unix_user_new_for_name (const gchar *name, + GError **error) +{ + struct passwd *passwd; + PolkitIdentity *identity; + + g_return_val_if_fail (name != NULL, NULL); + g_return_val_if_fail (error == NULL || *error == NULL, NULL); + + identity = NULL; + + passwd = getpwnam (name); + if (passwd == NULL) + { + g_set_error (error, + POLKIT_ERROR, + POLKIT_ERROR_FAILED, + "No UNIX user with name %s: %s", + name, + g_strerror (errno)); + goto out; + } + + identity = polkit_unix_user_new (passwd->pw_uid); + + out: + return identity; +} + +/** + * polkit_unix_user_get_name: + * @user: A #PolkitUnixUser. + * + * Get the user's name. + * + * Returns: (allow-none) (transfer none): User name string or %NULL if user uid not found. + */ +const gchar * +polkit_unix_user_get_name (PolkitUnixUser *user) +{ + if (user->name == NULL) + { + struct passwd *passwd; + passwd = getpwuid (user->uid); + + if (passwd != NULL) + user->name = g_strdup(passwd->pw_name); + } + + return user->name; +} + +static gboolean +polkit_unix_user_equal (PolkitIdentity *a, + PolkitIdentity *b) +{ + PolkitUnixUser *user_a; + PolkitUnixUser *user_b; + + user_a = POLKIT_UNIX_USER (a); + user_b = POLKIT_UNIX_USER (b); + + return user_a->uid == user_b->uid; +} + +static guint +polkit_unix_user_hash (PolkitIdentity *identity) +{ + PolkitUnixUser *user; + + user = POLKIT_UNIX_USER (identity); + + return g_direct_hash (GINT_TO_POINTER (((gint) (user->uid)) * 2)); +} + +static gchar * +polkit_unix_user_to_string (PolkitIdentity *identity) +{ + PolkitUnixUser *user = POLKIT_UNIX_USER (identity); + const gchar *user_name = polkit_unix_user_get_name(user); + + if (user_name != NULL) + return g_strdup_printf ("unix-user:%s", user_name); + else + return g_strdup_printf ("unix-user:%d", user->uid); +} + +static void +identity_iface_init (PolkitIdentityIface *identity_iface) +{ + identity_iface->hash = polkit_unix_user_hash; + identity_iface->equal = polkit_unix_user_equal; + identity_iface->to_string = polkit_unix_user_to_string; +} diff --git a/src/polkit/polkitunixuser.h b/src/polkit/polkitunixuser.h new file mode 100644 index 00000000..2f227d4d --- /dev/null +++ b/src/polkit/polkitunixuser.h @@ -0,0 +1,60 @@ +/* + * Copyright (C) 2008 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, write to the + * Free Software Foundation, Inc., 59 Temple Place, Suite 330, + * Boston, MA 02111-1307, USA. + * + * Author: David Zeuthen + */ + +#if !defined (_POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H) +#error "Only can be included directly, this file may disappear or change contents." +#endif + +#ifndef __POLKIT_UNIX_USER_H +#define __POLKIT_UNIX_USER_H + +#include +#include +#include +#include +#include + +G_BEGIN_DECLS + +#define POLKIT_TYPE_UNIX_USER (polkit_unix_user_get_type()) +#define POLKIT_UNIX_USER(o) (G_TYPE_CHECK_INSTANCE_CAST ((o), POLKIT_TYPE_UNIX_USER, PolkitUnixUser)) +#define POLKIT_UNIX_USER_CLASS(k) (G_TYPE_CHECK_CLASS_CAST((k), POLKIT_TYPE_UNIX_USER, PolkitUnixUserClass)) +#define POLKIT_UNIX_USER_GET_CLASS(o) (G_TYPE_INSTANCE_GET_CLASS ((o), POLKIT_TYPE_UNIX_USER, PolkitUnixUserClass)) +#define POLKIT_IS_UNIX_USER(o) (G_TYPE_CHECK_INSTANCE_TYPE ((o), POLKIT_TYPE_UNIX_USER)) +#define POLKIT_IS_UNIX_USER_CLASS(k) (G_TYPE_CHECK_CLASS_TYPE ((k), POLKIT_TYPE_UNIX_USER)) + +#if 0 +typedef struct _PolkitUnixUser PolkitUnixUser; +#endif +typedef struct _PolkitUnixUserClass PolkitUnixUserClass; + +GType polkit_unix_user_get_type (void) G_GNUC_CONST; +PolkitIdentity *polkit_unix_user_new (gint uid); +PolkitIdentity *polkit_unix_user_new_for_name (const gchar *name, + GError **error); +gint polkit_unix_user_get_uid (PolkitUnixUser *user); +void polkit_unix_user_set_uid (PolkitUnixUser *user, + gint uid); +const gchar *polkit_unix_user_get_name (PolkitUnixUser *user); + +G_END_DECLS + +#endif /* __POLKIT_UNIX_USER_H */ diff --git a/src/polkitagent/Makefile.am b/src/polkitagent/Makefile.am new file mode 100644 index 00000000..e8c9fb1a --- /dev/null +++ b/src/polkitagent/Makefile.am @@ -0,0 +1,145 @@ +NULL = + +INCLUDES = \ + -I$(top_builddir)/src \ + -I$(top_srcdir)/src \ + -I$(top_builddir)/src/polkit \ + -I$(top_srcdir)/src/polkit \ + -DPACKAGE_LIBEXEC_DIR=\""$(libexecdir)"\" \ + -DPACKAGE_SYSCONF_DIR=\""$(sysconfdir)"\" \ + -DPACKAGE_DATA_DIR=\""$(datadir)"\" \ + -DPACKAGE_BIN_DIR=\""$(bindir)"\" \ + -DPACKAGE_LOCALSTATE_DIR=\""$(localstatedir)"\" \ + -DPACKAGE_LOCALE_DIR=\""$(localedir)"\" \ + -DPACKAGE_LIB_DIR=\""$(libdir)"\" \ + -D_POSIX_PTHREAD_SEMANTICS \ + -D_REENTRANT \ + $(NULL) + +BUILT_SOURCES = \ + marshal.stamp \ + polkitagentenumtypes.c polkitagentenumtypes.h \ + $(NULL) + +enum_headers = polkitagentlistener.h + +polkitagentenumtypes.h: $(enum_headers) polkitagentenumtypes.h.template + ( top_builddir=`cd $(top_builddir) && pwd`; \ + cd $(srcdir) && glib-mkenums --template polkitagentenumtypes.h.template $(enum_headers)) > \ + polkitagentenumtypes.h.tmp && mv polkitagentenumtypes.h.tmp polkitagentenumtypes.h + +polkitagentenumtypes.c: $(enum_headers) polkitagentenumtypes.c.template + ( top_builddir=`cd $(top_builddir) && pwd`; \ + cd $(srcdir) && glib-mkenums --template polkitagentenumtypes.c.template $(enum_headers)) > \ + polkitagentenumtypes.c.tmp && mv polkitagentenumtypes.c.tmp polkitagentenumtypes.c + +marshal.stamp : Makefile.am $(srcdir)/polkitagentmarshal.list + glib-genmarshal --prefix=_polkit_agent_marshal $(srcdir)/polkitagentmarshal.list --header > polkitagentmarshal.h.tmp && mv polkitagentmarshal.h.tmp polkitagentmarshal.h + (echo "#include \"polkitagentmarshal.h\""; glib-genmarshal --prefix=_polkit_agent_marshal $(srcdir)/polkitagentmarshal.list --body) > polkitagentmarshal.c.tmp && mv polkitagentmarshal.c.tmp polkitagentmarshal.c + touch marshal.stamp + +marshal_built_sources = polkitagentmarshal.h polkitagentmarshal.c + +lib_LTLIBRARIES=libpolkit-agent-1.la + +libpolkit_agent_1includedir=$(includedir)/polkit-1/polkitagent + +libpolkit_agent_1include_HEADERS = \ + polkitagent.h \ + polkitagentenumtypes.h \ + polkitagenttypes.h \ + polkitagentsession.h \ + polkitagentlistener.h \ + polkitagenttextlistener.h \ + $(NULL) + +libpolkit_agent_1_la_SOURCES = \ + $(BUILT_SOURCES) \ + $(marshal_built_sources) \ + polkitagent.h \ + polkitagenttypes.h \ + polkitagentsession.h polkitagentsession.c \ + polkitagentlistener.h polkitagentlistener.c \ + polkitagenttextlistener.h polkitagenttextlistener.c \ + $(NULL) + +libpolkit_agent_1_la_CFLAGS = \ + -D_POLKIT_COMPILATION \ + -D_POLKIT_AGENT_COMPILATION \ + $(GLIB_CFLAGS) \ + $(NULL) + +libpolkit_agent_1_la_LIBADD = \ + $(GLIB_LIBS) \ + $(top_builddir)/src/polkit/libpolkit-gobject-1.la \ + $(EXPAT_LIBS) \ + $(NULL) + +libpolkit_agent_1_la_LDFLAGS = -export-symbols-regex '(^polkit_.*)' + +libexec_PROGRAMS = polkit-agent-helper-1 + +polkit_agent_helper_1_SOURCES = \ + polkitagenthelperprivate.c polkitagenthelperprivate.h \ + $(NULL) + +if POLKIT_AUTHFW_PAM +polkit_agent_helper_1_SOURCES += polkitagenthelper-pam.c +endif +if POLKIT_AUTHFW_SHADOW +polkit_agent_helper_1_SOURCES += polkitagenthelper-shadow.c +endif + +polkit_agent_helper_1_CFLAGS = \ + -D_POLKIT_COMPILATION \ + $(GLIB_CFLAGS) \ + $(NULL) + +polkit_agent_helper_1_LDADD = \ + $(AUTH_LIBS) \ + $(GLIB_LIBS) \ + $(top_builddir)/src/polkit/libpolkit-gobject-1.la \ + $(NULL) + +if HAVE_INTROSPECTION + +girdir = $(INTROSPECTION_GIRDIR) +gir_DATA = PolkitAgent-1.0.gir + +typelibsdir = $(INTROSPECTION_TYPELIBDIR) +typelibs_DATA = PolkitAgent-1.0.typelib + +INTROSPECTION_COMPILER_ARGS = --includedir=../../src/polkit +INTROSPECTION_GIRS = PolkitAgent-1.0.gir +PolkitAgent_1_0_gir_INCLUDES = Gio-2.0 +PolkitAgent_1_0_gir_SCANNERFLAGS = \ + --include-uninstalled=../../src/polkit/Polkit-1.0.gir \ + --c-include='polkitagent/polkitagent.h' +PolkitAgent_1_0_gir_CFLAGS = \ + $(libpolkit_agent_1_la_CFLAGS) \ + -D_POLKIT_COMPILATION \ + -D_POLKIT_AGENT_COMPILATION \ + -I.. -I$(top_srcdir)/src +PolkitAgent_1_0_gir_LIBS = libpolkit-agent-1.la +PolkitAgent_1_0_gir_FILES = $(libpolkit_agent_1_la_SOURCES) +PolkitAgent_1_0_gir_EXPORT_PACKAGES = polkit-agent-1 + +include $(INTROSPECTION_MAKEFILE) + +endif # HAVE_INTROSPECTION + +# polkit-agent-helper-1 need to be setuid root because it's used to +# authenticate not only the invoking user, but possibly also root +# and/or other users. +# +install-exec-hook: + -chown root $(DESTDIR)$(libexecdir)/polkit-agent-helper-1 + -chmod 4755 $(DESTDIR)$(libexecdir)/polkit-agent-helper-1 + +EXTRA_DIST = polkitagentmarshal.list polkitagentenumtypes.h.template polkitagentenumtypes.c.template + +dist-hook : + (for i in $(marshal_built_sources) $(BUILT_SOURCES) ; do rm -f $(distdir)/$$i ; done) + +clean-local : + rm -f *~ $(marshal_built_sources) $(BUILT_SOURCES) diff --git a/src/polkitagent/Makefile.in b/src/polkitagent/Makefile.in new file mode 100644 index 00000000..2feb3f5a --- /dev/null +++ b/src/polkitagent/Makefile.in @@ -0,0 +1,977 @@ +# Makefile.in generated by automake 1.11.3 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software +# Foundation, Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + + + + +VPATH = @srcdir@ +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +libexec_PROGRAMS = polkit-agent-helper-1$(EXEEXT) +@POLKIT_AUTHFW_PAM_TRUE@am__append_1 = polkitagenthelper-pam.c +@POLKIT_AUTHFW_SHADOW_TRUE@am__append_2 = polkitagenthelper-shadow.c +subdir = src/polkitagent +DIST_COMMON = $(libpolkit_agent_1include_HEADERS) \ + $(srcdir)/Makefile.am $(srcdir)/Makefile.in +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/config.h +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__uninstall_files_from_dir = { \ + test -z "$$files" \ + || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ + || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ + $(am__cd) "$$dir" && rm -f $$files; }; \ + } +am__installdirs = "$(DESTDIR)$(libdir)" "$(DESTDIR)$(libexecdir)" \ + "$(DESTDIR)$(girdir)" "$(DESTDIR)$(typelibsdir)" \ + "$(DESTDIR)$(libpolkit_agent_1includedir)" +LTLIBRARIES = $(lib_LTLIBRARIES) +am__DEPENDENCIES_1 = +libpolkit_agent_1_la_DEPENDENCIES = $(am__DEPENDENCIES_1) \ + $(top_builddir)/src/polkit/libpolkit-gobject-1.la \ + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) +am__objects_1 = +am__objects_2 = libpolkit_agent_1_la-polkitagentenumtypes.lo \ + $(am__objects_1) +am__objects_3 = libpolkit_agent_1_la-polkitagentmarshal.lo +am_libpolkit_agent_1_la_OBJECTS = $(am__objects_2) $(am__objects_3) \ + libpolkit_agent_1_la-polkitagentsession.lo \ + libpolkit_agent_1_la-polkitagentlistener.lo \ + libpolkit_agent_1_la-polkitagenttextlistener.lo \ + $(am__objects_1) +libpolkit_agent_1_la_OBJECTS = $(am_libpolkit_agent_1_la_OBJECTS) +AM_V_lt = $(am__v_lt_@AM_V@) +am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) +am__v_lt_0 = --silent +libpolkit_agent_1_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ + $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ + $(libpolkit_agent_1_la_CFLAGS) $(CFLAGS) \ + $(libpolkit_agent_1_la_LDFLAGS) $(LDFLAGS) -o $@ +PROGRAMS = $(libexec_PROGRAMS) +am__polkit_agent_helper_1_SOURCES_DIST = polkitagenthelperprivate.c \ + polkitagenthelperprivate.h polkitagenthelper-pam.c \ + polkitagenthelper-shadow.c +@POLKIT_AUTHFW_PAM_TRUE@am__objects_4 = polkit_agent_helper_1-polkitagenthelper-pam.$(OBJEXT) +@POLKIT_AUTHFW_SHADOW_TRUE@am__objects_5 = polkit_agent_helper_1-polkitagenthelper-shadow.$(OBJEXT) +am_polkit_agent_helper_1_OBJECTS = \ + polkit_agent_helper_1-polkitagenthelperprivate.$(OBJEXT) \ + $(am__objects_1) $(am__objects_4) $(am__objects_5) +polkit_agent_helper_1_OBJECTS = $(am_polkit_agent_helper_1_OBJECTS) +polkit_agent_helper_1_DEPENDENCIES = $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) \ + $(top_builddir)/src/polkit/libpolkit-gobject-1.la \ + $(am__DEPENDENCIES_1) +polkit_agent_helper_1_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ + $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ + $(polkit_agent_helper_1_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ + $(LDFLAGS) -o $@ +DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ + $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ + $(AM_CFLAGS) $(CFLAGS) +AM_V_CC = $(am__v_CC_@AM_V@) +am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) +am__v_CC_0 = @echo " CC " $@; +AM_V_at = $(am__v_at_@AM_V@) +am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) +am__v_at_0 = @ +CCLD = $(CC) +LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(AM_LDFLAGS) $(LDFLAGS) -o $@ +AM_V_CCLD = $(am__v_CCLD_@AM_V@) +am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) +am__v_CCLD_0 = @echo " CCLD " $@; +AM_V_GEN = $(am__v_GEN_@AM_V@) +am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) +am__v_GEN_0 = @echo " GEN " $@; +SOURCES = $(libpolkit_agent_1_la_SOURCES) \ + $(polkit_agent_helper_1_SOURCES) +DIST_SOURCES = $(libpolkit_agent_1_la_SOURCES) \ + $(am__polkit_agent_helper_1_SOURCES_DIST) +DATA = $(gir_DATA) $(typelibs_DATA) +HEADERS = $(libpolkit_agent_1include_HEADERS) +ETAGS = etags +CTAGS = ctags +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +ALL_LINGUAS = @ALL_LINGUAS@ +AMTAR = @AMTAR@ +AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ +AR = @AR@ +AUTH_LIBS = @AUTH_LIBS@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +CATALOGS = @CATALOGS@ +CATOBJEXT = @CATOBJEXT@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DATADIRNAME = @DATADIRNAME@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +EXPAT_LIBS = @EXPAT_LIBS@ +FGREP = @FGREP@ +GETTEXT_PACKAGE = @GETTEXT_PACKAGE@ +GLIB_CFLAGS = @GLIB_CFLAGS@ +GLIB_LIBS = @GLIB_LIBS@ +GMOFILES = @GMOFILES@ +GMSGFMT = @GMSGFMT@ +GREP = @GREP@ +GTKDOC_CHECK = @GTKDOC_CHECK@ +GTKDOC_DEPS_CFLAGS = @GTKDOC_DEPS_CFLAGS@ +GTKDOC_DEPS_LIBS = @GTKDOC_DEPS_LIBS@ +GTKDOC_MKPDF = @GTKDOC_MKPDF@ +GTKDOC_REBASE = @GTKDOC_REBASE@ +HAVE_PAM = @HAVE_PAM@ +HTML_DIR = @HTML_DIR@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +INSTOBJEXT = @INSTOBJEXT@ +INTLLIBS = @INTLLIBS@ +INTLTOOL_EXTRACT = @INTLTOOL_EXTRACT@ +INTLTOOL_MERGE = @INTLTOOL_MERGE@ +INTLTOOL_PERL = @INTLTOOL_PERL@ +INTLTOOL_UPDATE = @INTLTOOL_UPDATE@ +INTLTOOL_V_MERGE = @INTLTOOL_V_MERGE@ +INTLTOOL_V_MERGE_OPTIONS = @INTLTOOL_V_MERGE_OPTIONS@ +INTLTOOL__v_MERGE_ = @INTLTOOL__v_MERGE_@ +INTLTOOL__v_MERGE_0 = @INTLTOOL__v_MERGE_0@ +INTROSPECTION_CFLAGS = @INTROSPECTION_CFLAGS@ +INTROSPECTION_COMPILER = @INTROSPECTION_COMPILER@ +INTROSPECTION_GENERATE = @INTROSPECTION_GENERATE@ +INTROSPECTION_GIRDIR = @INTROSPECTION_GIRDIR@ +INTROSPECTION_LIBS = @INTROSPECTION_LIBS@ +INTROSPECTION_MAKEFILE = @INTROSPECTION_MAKEFILE@ +INTROSPECTION_SCANNER = @INTROSPECTION_SCANNER@ +INTROSPECTION_TYPELIBDIR = @INTROSPECTION_TYPELIBDIR@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +LT_AGE = @LT_AGE@ +LT_CURRENT = @LT_CURRENT@ +LT_REVISION = @LT_REVISION@ +MAINT = @MAINT@ +MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ +MKDIR_P = @MKDIR_P@ +MKINSTALLDIRS = @MKINSTALLDIRS@ +MSGFMT = @MSGFMT@ +MSGFMT_OPTS = @MSGFMT_OPTS@ +MSGMERGE = @MSGMERGE@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PAM_FILE_INCLUDE_ACCOUNT = @PAM_FILE_INCLUDE_ACCOUNT@ +PAM_FILE_INCLUDE_AUTH = @PAM_FILE_INCLUDE_AUTH@ +PAM_FILE_INCLUDE_PASSWORD = @PAM_FILE_INCLUDE_PASSWORD@ +PAM_FILE_INCLUDE_SESSION = @PAM_FILE_INCLUDE_SESSION@ +PAM_MODULE_DIR = @PAM_MODULE_DIR@ +PAM_PREFIX = @PAM_PREFIX@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +POFILES = @POFILES@ +POLKIT_AUTHFW = @POLKIT_AUTHFW@ +POSUB = @POSUB@ +PO_IN_DATADIR_FALSE = @PO_IN_DATADIR_FALSE@ +PO_IN_DATADIR_TRUE = @PO_IN_DATADIR_TRUE@ +RANLIB = @RANLIB@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +STRIP = @STRIP@ +SYSTEMD_CFLAGS = @SYSTEMD_CFLAGS@ +SYSTEMD_LIBS = @SYSTEMD_LIBS@ +USE_NLS = @USE_NLS@ +VERSION = @VERSION@ +XGETTEXT = @XGETTEXT@ +XSLTPROC = @XSLTPROC@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +intltool__v_merge_options_ = @intltool__v_merge_options_@ +intltool__v_merge_options_0 = @intltool__v_merge_options_0@ +libdir = @libdir@ +libexecdir = @libexecdir@ +localedir = @localedir@ +localstatedir = @localstatedir@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +subdirs = @subdirs@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +NULL = +INCLUDES = \ + -I$(top_builddir)/src \ + -I$(top_srcdir)/src \ + -I$(top_builddir)/src/polkit \ + -I$(top_srcdir)/src/polkit \ + -DPACKAGE_LIBEXEC_DIR=\""$(libexecdir)"\" \ + -DPACKAGE_SYSCONF_DIR=\""$(sysconfdir)"\" \ + -DPACKAGE_DATA_DIR=\""$(datadir)"\" \ + -DPACKAGE_BIN_DIR=\""$(bindir)"\" \ + -DPACKAGE_LOCALSTATE_DIR=\""$(localstatedir)"\" \ + -DPACKAGE_LOCALE_DIR=\""$(localedir)"\" \ + -DPACKAGE_LIB_DIR=\""$(libdir)"\" \ + -D_POSIX_PTHREAD_SEMANTICS \ + -D_REENTRANT \ + $(NULL) + +BUILT_SOURCES = \ + marshal.stamp \ + polkitagentenumtypes.c polkitagentenumtypes.h \ + $(NULL) + +enum_headers = polkitagentlistener.h +marshal_built_sources = polkitagentmarshal.h polkitagentmarshal.c +lib_LTLIBRARIES = libpolkit-agent-1.la +libpolkit_agent_1includedir = $(includedir)/polkit-1/polkitagent +libpolkit_agent_1include_HEADERS = \ + polkitagent.h \ + polkitagentenumtypes.h \ + polkitagenttypes.h \ + polkitagentsession.h \ + polkitagentlistener.h \ + polkitagenttextlistener.h \ + $(NULL) + +libpolkit_agent_1_la_SOURCES = \ + $(BUILT_SOURCES) \ + $(marshal_built_sources) \ + polkitagent.h \ + polkitagenttypes.h \ + polkitagentsession.h polkitagentsession.c \ + polkitagentlistener.h polkitagentlistener.c \ + polkitagenttextlistener.h polkitagenttextlistener.c \ + $(NULL) + +libpolkit_agent_1_la_CFLAGS = \ + -D_POLKIT_COMPILATION \ + -D_POLKIT_AGENT_COMPILATION \ + $(GLIB_CFLAGS) \ + $(NULL) + +libpolkit_agent_1_la_LIBADD = \ + $(GLIB_LIBS) \ + $(top_builddir)/src/polkit/libpolkit-gobject-1.la \ + $(EXPAT_LIBS) \ + $(NULL) + +libpolkit_agent_1_la_LDFLAGS = -export-symbols-regex '(^polkit_.*)' +polkit_agent_helper_1_SOURCES = polkitagenthelperprivate.c \ + polkitagenthelperprivate.h $(NULL) $(am__append_1) \ + $(am__append_2) +polkit_agent_helper_1_CFLAGS = \ + -D_POLKIT_COMPILATION \ + $(GLIB_CFLAGS) \ + $(NULL) + +polkit_agent_helper_1_LDADD = \ + $(AUTH_LIBS) \ + $(GLIB_LIBS) \ + $(top_builddir)/src/polkit/libpolkit-gobject-1.la \ + $(NULL) + +@HAVE_INTROSPECTION_TRUE@girdir = $(INTROSPECTION_GIRDIR) +@HAVE_INTROSPECTION_TRUE@gir_DATA = PolkitAgent-1.0.gir +@HAVE_INTROSPECTION_TRUE@typelibsdir = $(INTROSPECTION_TYPELIBDIR) +@HAVE_INTROSPECTION_TRUE@typelibs_DATA = PolkitAgent-1.0.typelib +@HAVE_INTROSPECTION_TRUE@INTROSPECTION_COMPILER_ARGS = --includedir=../../src/polkit +@HAVE_INTROSPECTION_TRUE@INTROSPECTION_GIRS = PolkitAgent-1.0.gir +@HAVE_INTROSPECTION_TRUE@PolkitAgent_1_0_gir_INCLUDES = Gio-2.0 +@HAVE_INTROSPECTION_TRUE@PolkitAgent_1_0_gir_SCANNERFLAGS = \ +@HAVE_INTROSPECTION_TRUE@ --include-uninstalled=../../src/polkit/Polkit-1.0.gir \ +@HAVE_INTROSPECTION_TRUE@ --c-include='polkitagent/polkitagent.h' + +@HAVE_INTROSPECTION_TRUE@PolkitAgent_1_0_gir_CFLAGS = \ +@HAVE_INTROSPECTION_TRUE@ $(libpolkit_agent_1_la_CFLAGS) \ +@HAVE_INTROSPECTION_TRUE@ -D_POLKIT_COMPILATION \ +@HAVE_INTROSPECTION_TRUE@ -D_POLKIT_AGENT_COMPILATION \ +@HAVE_INTROSPECTION_TRUE@ -I.. -I$(top_srcdir)/src + +@HAVE_INTROSPECTION_TRUE@PolkitAgent_1_0_gir_LIBS = libpolkit-agent-1.la +@HAVE_INTROSPECTION_TRUE@PolkitAgent_1_0_gir_FILES = $(libpolkit_agent_1_la_SOURCES) +@HAVE_INTROSPECTION_TRUE@PolkitAgent_1_0_gir_EXPORT_PACKAGES = polkit-agent-1 +EXTRA_DIST = polkitagentmarshal.list polkitagentenumtypes.h.template polkitagentenumtypes.c.template +all: $(BUILT_SOURCES) + $(MAKE) $(AM_MAKEFLAGS) all-am + +.SUFFIXES: +.SUFFIXES: .c .lo .o .obj +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/polkitagent/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/polkitagent/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): +install-libLTLIBRARIES: $(lib_LTLIBRARIES) + @$(NORMAL_INSTALL) + test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)" + @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \ + list2=; for p in $$list; do \ + if test -f $$p; then \ + list2="$$list2 $$p"; \ + else :; fi; \ + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(libdir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(libdir)"; \ + } + +uninstall-libLTLIBRARIES: + @$(NORMAL_UNINSTALL) + @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$f"; \ + done + +clean-libLTLIBRARIES: + -test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES) + @list='$(lib_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done +libpolkit-agent-1.la: $(libpolkit_agent_1_la_OBJECTS) $(libpolkit_agent_1_la_DEPENDENCIES) $(EXTRA_libpolkit_agent_1_la_DEPENDENCIES) + $(AM_V_CCLD)$(libpolkit_agent_1_la_LINK) -rpath $(libdir) $(libpolkit_agent_1_la_OBJECTS) $(libpolkit_agent_1_la_LIBADD) $(LIBS) +install-libexecPROGRAMS: $(libexec_PROGRAMS) + @$(NORMAL_INSTALL) + test -z "$(libexecdir)" || $(MKDIR_P) "$(DESTDIR)$(libexecdir)" + @list='$(libexec_PROGRAMS)'; test -n "$(libexecdir)" || list=; \ + for p in $$list; do echo "$$p $$p"; done | \ + sed 's/$(EXEEXT)$$//' | \ + while read p p1; do if test -f $$p || test -f $$p1; \ + then echo "$$p"; echo "$$p"; else :; fi; \ + done | \ + sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \ + -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \ + sed 'N;N;N;s,\n, ,g' | \ + $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \ + { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ + if ($$2 == $$4) files[d] = files[d] " " $$1; \ + else { print "f", $$3 "/" $$4, $$1; } } \ + END { for (d in files) print "f", d, files[d] }' | \ + while read type dir files; do \ + if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ + test -z "$$files" || { \ + echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(libexecdir)$$dir'"; \ + $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(libexecdir)$$dir" || exit $$?; \ + } \ + ; done + +uninstall-libexecPROGRAMS: + @$(NORMAL_UNINSTALL) + @list='$(libexec_PROGRAMS)'; test -n "$(libexecdir)" || list=; \ + files=`for p in $$list; do echo "$$p"; done | \ + sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \ + -e 's/$$/$(EXEEXT)/' `; \ + test -n "$$list" || exit 0; \ + echo " ( cd '$(DESTDIR)$(libexecdir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(libexecdir)" && rm -f $$files + +clean-libexecPROGRAMS: + @list='$(libexec_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list +polkit-agent-helper-1$(EXEEXT): $(polkit_agent_helper_1_OBJECTS) $(polkit_agent_helper_1_DEPENDENCIES) $(EXTRA_polkit_agent_helper_1_DEPENDENCIES) + @rm -f polkit-agent-helper-1$(EXEEXT) + $(AM_V_CCLD)$(polkit_agent_helper_1_LINK) $(polkit_agent_helper_1_OBJECTS) $(polkit_agent_helper_1_LDADD) $(LIBS) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + +distclean-compile: + -rm -f *.tab.c + +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpolkit_agent_1_la-polkitagentenumtypes.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpolkit_agent_1_la-polkitagentlistener.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpolkit_agent_1_la-polkitagentmarshal.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpolkit_agent_1_la-polkitagentsession.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpolkit_agent_1_la-polkitagenttextlistener.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/polkit_agent_helper_1-polkitagenthelper-pam.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/polkit_agent_helper_1-polkitagenthelper-shadow.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/polkit_agent_helper_1-polkitagenthelperprivate.Po@am__quote@ + +.c.o: +@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $< + +.c.obj: +@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'` + +.c.lo: +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< + +libpolkit_agent_1_la-polkitagentenumtypes.lo: polkitagentenumtypes.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpolkit_agent_1_la_CFLAGS) $(CFLAGS) -MT libpolkit_agent_1_la-polkitagentenumtypes.lo -MD -MP -MF $(DEPDIR)/libpolkit_agent_1_la-polkitagentenumtypes.Tpo -c -o libpolkit_agent_1_la-polkitagentenumtypes.lo `test -f 'polkitagentenumtypes.c' || echo '$(srcdir)/'`polkitagentenumtypes.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpolkit_agent_1_la-polkitagentenumtypes.Tpo $(DEPDIR)/libpolkit_agent_1_la-polkitagentenumtypes.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='polkitagentenumtypes.c' object='libpolkit_agent_1_la-polkitagentenumtypes.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpolkit_agent_1_la_CFLAGS) $(CFLAGS) -c -o libpolkit_agent_1_la-polkitagentenumtypes.lo `test -f 'polkitagentenumtypes.c' || echo '$(srcdir)/'`polkitagentenumtypes.c + +libpolkit_agent_1_la-polkitagentmarshal.lo: polkitagentmarshal.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpolkit_agent_1_la_CFLAGS) $(CFLAGS) -MT libpolkit_agent_1_la-polkitagentmarshal.lo -MD -MP -MF $(DEPDIR)/libpolkit_agent_1_la-polkitagentmarshal.Tpo -c -o libpolkit_agent_1_la-polkitagentmarshal.lo `test -f 'polkitagentmarshal.c' || echo '$(srcdir)/'`polkitagentmarshal.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpolkit_agent_1_la-polkitagentmarshal.Tpo $(DEPDIR)/libpolkit_agent_1_la-polkitagentmarshal.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='polkitagentmarshal.c' object='libpolkit_agent_1_la-polkitagentmarshal.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpolkit_agent_1_la_CFLAGS) $(CFLAGS) -c -o libpolkit_agent_1_la-polkitagentmarshal.lo `test -f 'polkitagentmarshal.c' || echo '$(srcdir)/'`polkitagentmarshal.c + +libpolkit_agent_1_la-polkitagentsession.lo: polkitagentsession.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpolkit_agent_1_la_CFLAGS) $(CFLAGS) -MT libpolkit_agent_1_la-polkitagentsession.lo -MD -MP -MF $(DEPDIR)/libpolkit_agent_1_la-polkitagentsession.Tpo -c -o libpolkit_agent_1_la-polkitagentsession.lo `test -f 'polkitagentsession.c' || echo '$(srcdir)/'`polkitagentsession.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpolkit_agent_1_la-polkitagentsession.Tpo $(DEPDIR)/libpolkit_agent_1_la-polkitagentsession.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='polkitagentsession.c' object='libpolkit_agent_1_la-polkitagentsession.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpolkit_agent_1_la_CFLAGS) $(CFLAGS) -c -o libpolkit_agent_1_la-polkitagentsession.lo `test -f 'polkitagentsession.c' || echo '$(srcdir)/'`polkitagentsession.c + +libpolkit_agent_1_la-polkitagentlistener.lo: polkitagentlistener.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpolkit_agent_1_la_CFLAGS) $(CFLAGS) -MT libpolkit_agent_1_la-polkitagentlistener.lo -MD -MP -MF $(DEPDIR)/libpolkit_agent_1_la-polkitagentlistener.Tpo -c -o libpolkit_agent_1_la-polkitagentlistener.lo `test -f 'polkitagentlistener.c' || echo '$(srcdir)/'`polkitagentlistener.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpolkit_agent_1_la-polkitagentlistener.Tpo $(DEPDIR)/libpolkit_agent_1_la-polkitagentlistener.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='polkitagentlistener.c' object='libpolkit_agent_1_la-polkitagentlistener.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpolkit_agent_1_la_CFLAGS) $(CFLAGS) -c -o libpolkit_agent_1_la-polkitagentlistener.lo `test -f 'polkitagentlistener.c' || echo '$(srcdir)/'`polkitagentlistener.c + +libpolkit_agent_1_la-polkitagenttextlistener.lo: polkitagenttextlistener.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpolkit_agent_1_la_CFLAGS) $(CFLAGS) -MT libpolkit_agent_1_la-polkitagenttextlistener.lo -MD -MP -MF $(DEPDIR)/libpolkit_agent_1_la-polkitagenttextlistener.Tpo -c -o libpolkit_agent_1_la-polkitagenttextlistener.lo `test -f 'polkitagenttextlistener.c' || echo '$(srcdir)/'`polkitagenttextlistener.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpolkit_agent_1_la-polkitagenttextlistener.Tpo $(DEPDIR)/libpolkit_agent_1_la-polkitagenttextlistener.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='polkitagenttextlistener.c' object='libpolkit_agent_1_la-polkitagenttextlistener.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpolkit_agent_1_la_CFLAGS) $(CFLAGS) -c -o libpolkit_agent_1_la-polkitagenttextlistener.lo `test -f 'polkitagenttextlistener.c' || echo '$(srcdir)/'`polkitagenttextlistener.c + +polkit_agent_helper_1-polkitagenthelperprivate.o: polkitagenthelperprivate.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(polkit_agent_helper_1_CFLAGS) $(CFLAGS) -MT polkit_agent_helper_1-polkitagenthelperprivate.o -MD -MP -MF $(DEPDIR)/polkit_agent_helper_1-polkitagenthelperprivate.Tpo -c -o polkit_agent_helper_1-polkitagenthelperprivate.o `test -f 'polkitagenthelperprivate.c' || echo '$(srcdir)/'`polkitagenthelperprivate.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/polkit_agent_helper_1-polkitagenthelperprivate.Tpo $(DEPDIR)/polkit_agent_helper_1-polkitagenthelperprivate.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='polkitagenthelperprivate.c' object='polkit_agent_helper_1-polkitagenthelperprivate.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(polkit_agent_helper_1_CFLAGS) $(CFLAGS) -c -o polkit_agent_helper_1-polkitagenthelperprivate.o `test -f 'polkitagenthelperprivate.c' || echo '$(srcdir)/'`polkitagenthelperprivate.c + +polkit_agent_helper_1-polkitagenthelperprivate.obj: polkitagenthelperprivate.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(polkit_agent_helper_1_CFLAGS) $(CFLAGS) -MT polkit_agent_helper_1-polkitagenthelperprivate.obj -MD -MP -MF $(DEPDIR)/polkit_agent_helper_1-polkitagenthelperprivate.Tpo -c -o polkit_agent_helper_1-polkitagenthelperprivate.obj `if test -f 'polkitagenthelperprivate.c'; then $(CYGPATH_W) 'polkitagenthelperprivate.c'; else $(CYGPATH_W) '$(srcdir)/polkitagenthelperprivate.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/polkit_agent_helper_1-polkitagenthelperprivate.Tpo $(DEPDIR)/polkit_agent_helper_1-polkitagenthelperprivate.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='polkitagenthelperprivate.c' object='polkit_agent_helper_1-polkitagenthelperprivate.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(polkit_agent_helper_1_CFLAGS) $(CFLAGS) -c -o polkit_agent_helper_1-polkitagenthelperprivate.obj `if test -f 'polkitagenthelperprivate.c'; then $(CYGPATH_W) 'polkitagenthelperprivate.c'; else $(CYGPATH_W) '$(srcdir)/polkitagenthelperprivate.c'; fi` + +polkit_agent_helper_1-polkitagenthelper-pam.o: polkitagenthelper-pam.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(polkit_agent_helper_1_CFLAGS) $(CFLAGS) -MT polkit_agent_helper_1-polkitagenthelper-pam.o -MD -MP -MF $(DEPDIR)/polkit_agent_helper_1-polkitagenthelper-pam.Tpo -c -o polkit_agent_helper_1-polkitagenthelper-pam.o `test -f 'polkitagenthelper-pam.c' || echo '$(srcdir)/'`polkitagenthelper-pam.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/polkit_agent_helper_1-polkitagenthelper-pam.Tpo $(DEPDIR)/polkit_agent_helper_1-polkitagenthelper-pam.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='polkitagenthelper-pam.c' object='polkit_agent_helper_1-polkitagenthelper-pam.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(polkit_agent_helper_1_CFLAGS) $(CFLAGS) -c -o polkit_agent_helper_1-polkitagenthelper-pam.o `test -f 'polkitagenthelper-pam.c' || echo '$(srcdir)/'`polkitagenthelper-pam.c + +polkit_agent_helper_1-polkitagenthelper-pam.obj: polkitagenthelper-pam.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(polkit_agent_helper_1_CFLAGS) $(CFLAGS) -MT polkit_agent_helper_1-polkitagenthelper-pam.obj -MD -MP -MF $(DEPDIR)/polkit_agent_helper_1-polkitagenthelper-pam.Tpo -c -o polkit_agent_helper_1-polkitagenthelper-pam.obj `if test -f 'polkitagenthelper-pam.c'; then $(CYGPATH_W) 'polkitagenthelper-pam.c'; else $(CYGPATH_W) '$(srcdir)/polkitagenthelper-pam.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/polkit_agent_helper_1-polkitagenthelper-pam.Tpo $(DEPDIR)/polkit_agent_helper_1-polkitagenthelper-pam.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='polkitagenthelper-pam.c' object='polkit_agent_helper_1-polkitagenthelper-pam.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(polkit_agent_helper_1_CFLAGS) $(CFLAGS) -c -o polkit_agent_helper_1-polkitagenthelper-pam.obj `if test -f 'polkitagenthelper-pam.c'; then $(CYGPATH_W) 'polkitagenthelper-pam.c'; else $(CYGPATH_W) '$(srcdir)/polkitagenthelper-pam.c'; fi` + +polkit_agent_helper_1-polkitagenthelper-shadow.o: polkitagenthelper-shadow.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(polkit_agent_helper_1_CFLAGS) $(CFLAGS) -MT polkit_agent_helper_1-polkitagenthelper-shadow.o -MD -MP -MF $(DEPDIR)/polkit_agent_helper_1-polkitagenthelper-shadow.Tpo -c -o polkit_agent_helper_1-polkitagenthelper-shadow.o `test -f 'polkitagenthelper-shadow.c' || echo '$(srcdir)/'`polkitagenthelper-shadow.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/polkit_agent_helper_1-polkitagenthelper-shadow.Tpo $(DEPDIR)/polkit_agent_helper_1-polkitagenthelper-shadow.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='polkitagenthelper-shadow.c' object='polkit_agent_helper_1-polkitagenthelper-shadow.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(polkit_agent_helper_1_CFLAGS) $(CFLAGS) -c -o polkit_agent_helper_1-polkitagenthelper-shadow.o `test -f 'polkitagenthelper-shadow.c' || echo '$(srcdir)/'`polkitagenthelper-shadow.c + +polkit_agent_helper_1-polkitagenthelper-shadow.obj: polkitagenthelper-shadow.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(polkit_agent_helper_1_CFLAGS) $(CFLAGS) -MT polkit_agent_helper_1-polkitagenthelper-shadow.obj -MD -MP -MF $(DEPDIR)/polkit_agent_helper_1-polkitagenthelper-shadow.Tpo -c -o polkit_agent_helper_1-polkitagenthelper-shadow.obj `if test -f 'polkitagenthelper-shadow.c'; then $(CYGPATH_W) 'polkitagenthelper-shadow.c'; else $(CYGPATH_W) '$(srcdir)/polkitagenthelper-shadow.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/polkit_agent_helper_1-polkitagenthelper-shadow.Tpo $(DEPDIR)/polkit_agent_helper_1-polkitagenthelper-shadow.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='polkitagenthelper-shadow.c' object='polkit_agent_helper_1-polkitagenthelper-shadow.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(polkit_agent_helper_1_CFLAGS) $(CFLAGS) -c -o polkit_agent_helper_1-polkitagenthelper-shadow.obj `if test -f 'polkitagenthelper-shadow.c'; then $(CYGPATH_W) 'polkitagenthelper-shadow.c'; else $(CYGPATH_W) '$(srcdir)/polkitagenthelper-shadow.c'; fi` + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs +install-girDATA: $(gir_DATA) + @$(NORMAL_INSTALL) + test -z "$(girdir)" || $(MKDIR_P) "$(DESTDIR)$(girdir)" + @list='$(gir_DATA)'; test -n "$(girdir)" || list=; \ + for p in $$list; do \ + if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; \ + done | $(am__base_list) | \ + while read files; do \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(girdir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(girdir)" || exit $$?; \ + done + +uninstall-girDATA: + @$(NORMAL_UNINSTALL) + @list='$(gir_DATA)'; test -n "$(girdir)" || list=; \ + files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ + dir='$(DESTDIR)$(girdir)'; $(am__uninstall_files_from_dir) +install-typelibsDATA: $(typelibs_DATA) + @$(NORMAL_INSTALL) + test -z "$(typelibsdir)" || $(MKDIR_P) "$(DESTDIR)$(typelibsdir)" + @list='$(typelibs_DATA)'; test -n "$(typelibsdir)" || list=; \ + for p in $$list; do \ + if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; \ + done | $(am__base_list) | \ + while read files; do \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(typelibsdir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(typelibsdir)" || exit $$?; \ + done + +uninstall-typelibsDATA: + @$(NORMAL_UNINSTALL) + @list='$(typelibs_DATA)'; test -n "$(typelibsdir)" || list=; \ + files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ + dir='$(DESTDIR)$(typelibsdir)'; $(am__uninstall_files_from_dir) +install-libpolkit_agent_1includeHEADERS: $(libpolkit_agent_1include_HEADERS) + @$(NORMAL_INSTALL) + test -z "$(libpolkit_agent_1includedir)" || $(MKDIR_P) "$(DESTDIR)$(libpolkit_agent_1includedir)" + @list='$(libpolkit_agent_1include_HEADERS)'; test -n "$(libpolkit_agent_1includedir)" || list=; \ + for p in $$list; do \ + if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; \ + done | $(am__base_list) | \ + while read files; do \ + echo " $(INSTALL_HEADER) $$files '$(DESTDIR)$(libpolkit_agent_1includedir)'"; \ + $(INSTALL_HEADER) $$files "$(DESTDIR)$(libpolkit_agent_1includedir)" || exit $$?; \ + done + +uninstall-libpolkit_agent_1includeHEADERS: + @$(NORMAL_UNINSTALL) + @list='$(libpolkit_agent_1include_HEADERS)'; test -n "$(libpolkit_agent_1includedir)" || list=; \ + files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ + dir='$(DESTDIR)$(libpolkit_agent_1includedir)'; $(am__uninstall_files_from_dir) + +ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + mkid -fID $$unique +tags: TAGS + +TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + set x; \ + here=`pwd`; \ + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: CTAGS +CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done + $(MAKE) $(AM_MAKEFLAGS) \ + top_distdir="$(top_distdir)" distdir="$(distdir)" \ + dist-hook +check-am: all-am +check: $(BUILT_SOURCES) + $(MAKE) $(AM_MAKEFLAGS) check-am +all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) $(DATA) $(HEADERS) +installdirs: + for dir in "$(DESTDIR)$(libdir)" "$(DESTDIR)$(libexecdir)" "$(DESTDIR)$(girdir)" "$(DESTDIR)$(typelibsdir)" "$(DESTDIR)$(libpolkit_agent_1includedir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: $(BUILT_SOURCES) + $(MAKE) $(AM_MAKEFLAGS) install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + if test -z '$(STRIP)'; then \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + install; \ + else \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ + fi +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." + -test -z "$(BUILT_SOURCES)" || rm -f $(BUILT_SOURCES) +clean: clean-am + +clean-am: clean-generic clean-libLTLIBRARIES clean-libexecPROGRAMS \ + clean-libtool clean-local mostlyclean-am + +distclean: distclean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-tags + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: install-girDATA \ + install-libpolkit_agent_1includeHEADERS install-typelibsDATA + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: install-libLTLIBRARIES install-libexecPROGRAMS + @$(NORMAL_INSTALL) + $(MAKE) $(AM_MAKEFLAGS) install-exec-hook +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-girDATA uninstall-libLTLIBRARIES \ + uninstall-libexecPROGRAMS \ + uninstall-libpolkit_agent_1includeHEADERS \ + uninstall-typelibsDATA + +.MAKE: all check install install-am install-exec-am install-strip + +.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ + clean-libLTLIBRARIES clean-libexecPROGRAMS clean-libtool \ + clean-local ctags dist-hook distclean distclean-compile \ + distclean-generic distclean-libtool distclean-tags distdir dvi \ + dvi-am html html-am info info-am install install-am \ + install-data install-data-am install-dvi install-dvi-am \ + install-exec install-exec-am install-exec-hook install-girDATA \ + install-html install-html-am install-info install-info-am \ + install-libLTLIBRARIES install-libexecPROGRAMS \ + install-libpolkit_agent_1includeHEADERS install-man \ + install-pdf install-pdf-am install-ps install-ps-am \ + install-strip install-typelibsDATA installcheck \ + installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-compile \ + mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ + tags uninstall uninstall-am uninstall-girDATA \ + uninstall-libLTLIBRARIES uninstall-libexecPROGRAMS \ + uninstall-libpolkit_agent_1includeHEADERS \ + uninstall-typelibsDATA + + +polkitagentenumtypes.h: $(enum_headers) polkitagentenumtypes.h.template + ( top_builddir=`cd $(top_builddir) && pwd`; \ + cd $(srcdir) && glib-mkenums --template polkitagentenumtypes.h.template $(enum_headers)) > \ + polkitagentenumtypes.h.tmp && mv polkitagentenumtypes.h.tmp polkitagentenumtypes.h + +polkitagentenumtypes.c: $(enum_headers) polkitagentenumtypes.c.template + ( top_builddir=`cd $(top_builddir) && pwd`; \ + cd $(srcdir) && glib-mkenums --template polkitagentenumtypes.c.template $(enum_headers)) > \ + polkitagentenumtypes.c.tmp && mv polkitagentenumtypes.c.tmp polkitagentenumtypes.c + +marshal.stamp : Makefile.am $(srcdir)/polkitagentmarshal.list + glib-genmarshal --prefix=_polkit_agent_marshal $(srcdir)/polkitagentmarshal.list --header > polkitagentmarshal.h.tmp && mv polkitagentmarshal.h.tmp polkitagentmarshal.h + (echo "#include \"polkitagentmarshal.h\""; glib-genmarshal --prefix=_polkit_agent_marshal $(srcdir)/polkitagentmarshal.list --body) > polkitagentmarshal.c.tmp && mv polkitagentmarshal.c.tmp polkitagentmarshal.c + touch marshal.stamp + +@HAVE_INTROSPECTION_TRUE@include $(INTROSPECTION_MAKEFILE) + +# polkit-agent-helper-1 need to be setuid root because it's used to +# authenticate not only the invoking user, but possibly also root +# and/or other users. +# +install-exec-hook: + -chown root $(DESTDIR)$(libexecdir)/polkit-agent-helper-1 + -chmod 4755 $(DESTDIR)$(libexecdir)/polkit-agent-helper-1 + +dist-hook : + (for i in $(marshal_built_sources) $(BUILT_SOURCES) ; do rm -f $(distdir)/$$i ; done) + +clean-local : + rm -f *~ $(marshal_built_sources) $(BUILT_SOURCES) + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/src/polkitagent/polkitagent.h b/src/polkitagent/polkitagent.h new file mode 100644 index 00000000..6f163d1a --- /dev/null +++ b/src/polkitagent/polkitagent.h @@ -0,0 +1,37 @@ +/* + * Copyright (C) 2008 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, write to the + * Free Software Foundation, Inc., 59 Temple Place, Suite 330, + * Boston, MA 02111-1307, USA. + * + * Author: David Zeuthen + */ + +#ifndef __POLKIT_AGENT_H +#define __POLKIT_AGENT_H + +#if !defined (POLKIT_AGENT_I_KNOW_API_IS_SUBJECT_TO_CHANGE) && !defined (_POLKIT_AGENT_COMPILATION) +#error "libpolkitagent is unstable API and subject to change. You must define POLKIT_AGENT_I_KNOW_API_IS_SUBJECT_TO_CHANGE to acknowledge this." +#endif + +#define _POLKIT_AGENT_INSIDE_POLKIT_AGENT_H 1 +#include +#include +#include +#include +#include +#undef _POLKIT_AGENT_INSIDE_POLKIT_AGENT_H + +#endif /* __POLKIT_AGENT_H */ diff --git a/src/polkitagent/polkitagentenumtypes.c.template b/src/polkitagent/polkitagentenumtypes.c.template new file mode 100644 index 00000000..e6cb139b --- /dev/null +++ b/src/polkitagent/polkitagentenumtypes.c.template @@ -0,0 +1,39 @@ +/*** BEGIN file-header ***/ +#include + +/*** END file-header ***/ + +/*** BEGIN file-production ***/ +/* enumerations from "@filename@" */ +/*** END file-production ***/ + +/*** BEGIN value-header ***/ +GType +@enum_name@_get_type (void) +{ + static volatile gsize g_define_type_id__volatile = 0; + + if (g_once_init_enter (&g_define_type_id__volatile)) + { + static const G@Type@Value values[] = { +/*** END value-header ***/ + +/*** BEGIN value-production ***/ + { @VALUENAME@, "@VALUENAME@", "@valuenick@" }, +/*** END value-production ***/ + +/*** BEGIN value-tail ***/ + { 0, NULL, NULL } + }; + GType g_define_type_id = + g_@type@_register_static (g_intern_static_string ("@EnumName@"), values); + g_once_init_leave (&g_define_type_id__volatile, g_define_type_id); + } + + return g_define_type_id__volatile; +} + +/*** END value-tail ***/ + +/*** BEGIN file-tail ***/ +/*** END file-tail ***/ diff --git a/src/polkitagent/polkitagentenumtypes.h.template b/src/polkitagent/polkitagentenumtypes.h.template new file mode 100644 index 00000000..24d6f902 --- /dev/null +++ b/src/polkitagent/polkitagentenumtypes.h.template @@ -0,0 +1,24 @@ +/*** BEGIN file-header ***/ +#ifndef __POLKIT_AGENT_ENUM_TYPES_H__ +#define __POLKIT_AGENT_ENUM_TYPES_H__ + +#include + +G_BEGIN_DECLS +/*** END file-header ***/ + +/*** BEGIN file-production ***/ + +/* enumerations from "@filename@" */ +/*** END file-production ***/ + +/*** BEGIN value-header ***/ +GType @enum_name@_get_type (void) G_GNUC_CONST; +#define @ENUMPREFIX@_TYPE_@ENUMSHORT@ (@enum_name@_get_type ()) +/*** END value-header ***/ + +/*** BEGIN file-tail ***/ +G_END_DECLS + +#endif /* __POLKIT_AGENT_ENUM_TYPES_H__ */ +/*** END file-tail ***/ diff --git a/src/polkitagent/polkitagenthelper-pam.c b/src/polkitagent/polkitagenthelper-pam.c new file mode 100644 index 00000000..85a26718 --- /dev/null +++ b/src/polkitagent/polkitagenthelper-pam.c @@ -0,0 +1,321 @@ +/* + * Copyright (C) 2008, 2010 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, write to the + * Free Software Foundation, Inc., 59 Temple Place, Suite 330, + * Boston, MA 02111-1307, USA. + * + * Author: David Zeuthen + */ + +#include "config.h" +#include "polkitagenthelperprivate.h" + +#include +#include +#include +#include +#include +#include +#include +#include + +#include + +static int conversation_function (int n, const struct pam_message **msg, struct pam_response **resp, void *data); + +static void +send_to_helper (const gchar *str1, + const gchar *str2) +{ +#ifdef PAH_DEBUG + fprintf (stderr, "polkit-agent-helper-1: writing `%s' to stdout\n", str1); +#endif /* PAH_DEBUG */ + fprintf (stdout, "%s", str1); +#ifdef PAH_DEBUG + fprintf (stderr, "polkit-agent-helper-1: writing `%s' to stdout\n", str2); +#endif /* PAH_DEBUG */ + fprintf (stdout, "%s", str2); + if (strlen (str2) > 0 && str2[strlen (str2) - 1] != '\n') + { +#ifdef PAH_DEBUG + fprintf (stderr, "polkit-agent-helper-1: writing newline to stdout\n"); +#endif /* PAH_DEBUG */ + fputc ('\n', stdout); + } +#ifdef PAH_DEBUG + fprintf (stderr, "polkit-agent-helper-1: flushing stdout\n"); +#endif /* PAH_DEBUG */ + fflush (stdout); +} + +int +main (int argc, char *argv[]) +{ + int rc; + const char *user_to_auth; + const char *cookie; + struct pam_conv pam_conversation; + pam_handle_t *pam_h; + const void *authed_user; + + rc = 0; + pam_h = NULL; + + /* clear the entire environment to avoid attacks using with libraries honoring environment variables */ + if (_polkit_clearenv () != 0) + goto error; + + /* set a minimal environment */ + setenv ("PATH", "/usr/sbin:/usr/bin:/sbin:/bin", 1); + + /* check that we are setuid root */ + if (geteuid () != 0) + { + gchar *s; + + fprintf (stderr, "polkit-agent-helper-1: needs to be setuid root\n"); + + /* Special-case a very common error triggered in jhbuild setups */ + s = g_strdup_printf ("Incorrect permissions on %s (needs to be setuid root)", argv[0]); + send_to_helper ("PAM_ERROR_MSG ", s); + g_free (s); + goto error; + } + + openlog ("polkit-agent-helper-1", LOG_CONS | LOG_PID, LOG_AUTHPRIV); + + /* check for correct invocation */ + if (argc != 3) + { + syslog (LOG_NOTICE, "inappropriate use of helper, wrong number of arguments [uid=%d]", getuid ()); + fprintf (stderr, "polkit-agent-helper-1: wrong number of arguments. This incident has been logged.\n"); + goto error; + } + + user_to_auth = argv[1]; + cookie = argv[2]; + + if (getuid () != 0) + { + /* check we're running with a non-tty stdin */ + if (isatty (STDIN_FILENO) != 0) + { + syslog (LOG_NOTICE, "inappropriate use of helper, stdin is a tty [uid=%d]", getuid ()); + fprintf (stderr, "polkit-agent-helper-1: inappropriate use of helper, stdin is a tty. This incident has been logged.\n"); + goto error; + } + } + +#ifdef PAH_DEBUG + fprintf (stderr, "polkit-agent-helper-1: user to auth is '%s'.\n", user_to_auth); +#endif /* PAH_DEBUG */ + + pam_conversation.conv = conversation_function; + pam_conversation.appdata_ptr = NULL; + + /* start the pam stack */ + rc = pam_start ("polkit-1", + user_to_auth, + &pam_conversation, + &pam_h); + if (rc != PAM_SUCCESS) + { + fprintf (stderr, "polkit-agent-helper-1: pam_start failed: %s\n", pam_strerror (pam_h, rc)); + goto error; + } + + /* set the requesting user */ + rc = pam_set_item (pam_h, PAM_RUSER, user_to_auth); + if (rc != PAM_SUCCESS) + { + fprintf (stderr, "polkit-agent-helper-1: pam_set_item failed: %s\n", pam_strerror (pam_h, rc)); + goto error; + } + + /* is user really user? */ + rc = pam_authenticate (pam_h, 0); + if (rc != PAM_SUCCESS) + { + const char *err; + err = pam_strerror (pam_h, rc); + fprintf (stderr, "polkit-agent-helper-1: pam_authenticate failed: %s\n", err); + goto error; + } + + /* permitted access? */ + rc = pam_acct_mgmt (pam_h, 0); + if (rc != PAM_SUCCESS) + { + const char *err; + err = pam_strerror (pam_h, rc); + fprintf (stderr, "polkit-agent-helper-1: pam_acct_mgmt failed: %s\n", err); + goto error; + } + + /* did we auth the right user? */ + rc = pam_get_item (pam_h, PAM_USER, &authed_user); + if (rc != PAM_SUCCESS) + { + const char *err; + err = pam_strerror (pam_h, rc); + fprintf (stderr, "polkit-agent-helper-1: pam_get_item failed: %s\n", err); + goto error; + } + + if (strcmp (authed_user, user_to_auth) != 0) + { + fprintf (stderr, "polkit-agent-helper-1: Tried to auth user '%s' but we got auth for user '%s' instead", + user_to_auth, (const char *) authed_user); + goto error; + } + +#ifdef PAH_DEBUG + fprintf (stderr, "polkit-agent-helper-1: successfully authenticated user '%s'.\n", user_to_auth); +#endif /* PAH_DEBUG */ + + pam_end (pam_h, rc); + pam_h = NULL; + +#ifdef PAH_DEBUG + fprintf (stderr, "polkit-agent-helper-1: sending D-Bus message to PolicyKit daemon\n"); +#endif /* PAH_DEBUG */ + + /* now send a D-Bus message to the PolicyKit daemon that + * includes a) the cookie; and b) the user we authenticated + */ + if (!send_dbus_message (cookie, user_to_auth)) + { +#ifdef PAH_DEBUG + fprintf (stderr, "polkit-agent-helper-1: error sending D-Bus message to PolicyKit daemon\n"); +#endif /* PAH_DEBUG */ + goto error; + } + +#ifdef PAH_DEBUG + fprintf (stderr, "polkit-agent-helper-1: successfully sent D-Bus message to PolicyKit daemon\n"); +#endif /* PAH_DEBUG */ + + fprintf (stdout, "SUCCESS\n"); + flush_and_wait(); + return 0; + +error: + if (pam_h != NULL) + pam_end (pam_h, rc); + + fprintf (stdout, "FAILURE\n"); + flush_and_wait(); + return 1; +} + +static int +conversation_function (int n, const struct pam_message **msg, struct pam_response **resp, void *data) +{ + struct pam_response *aresp; + char buf[PAM_MAX_RESP_SIZE]; + int i; + gchar *escaped = NULL; + + data = data; + if (n <= 0 || n > PAM_MAX_NUM_MSG) + return PAM_CONV_ERR; + + if ((aresp = calloc(n, sizeof *aresp)) == NULL) + return PAM_BUF_ERR; + + for (i = 0; i < n; ++i) + { + aresp[i].resp_retcode = 0; + aresp[i].resp = NULL; + switch (msg[i]->msg_style) + { + + case PAM_PROMPT_ECHO_OFF: +#ifdef PAH_DEBUG + fprintf (stderr, "polkit-agent-helper-1: writing `PAM_PROMPT_ECHO_OFF ' to stdout\n"); +#endif /* PAH_DEBUG */ + fprintf (stdout, "PAM_PROMPT_ECHO_OFF "); + goto conv1; + + case PAM_PROMPT_ECHO_ON: +#ifdef PAH_DEBUG + fprintf (stderr, "polkit-agent-helper-1: writing `PAM_PROMPT_ECHO_ON ' to stdout\n"); +#endif /* PAH_DEBUG */ + fprintf (stdout, "PAM_PROMPT_ECHO_ON "); + conv1: +#ifdef PAH_DEBUG + fprintf (stderr, "polkit-agent-helper-1: writing `%s' to stdout\n", msg[i]->msg); +#endif /* PAH_DEBUG */ + if (strlen (msg[i]->msg) > 0 && msg[i]->msg[strlen (msg[i]->msg) - 1] == '\n') + msg[i]->msg[strlen (msg[i]->msg) - 1] == '\0'; + escaped = g_strescape (msg[i]->msg, NULL); + fputs (escaped, stdout); + g_free (escaped); +#ifdef PAH_DEBUG + fprintf (stderr, "polkit-agent-helper-1: writing newline to stdout\n"); +#endif /* PAH_DEBUG */ + fputc ('\n', stdout); +#ifdef PAH_DEBUG + fprintf (stderr, "polkit-agent-helper-1: flushing stdout\n"); +#endif /* PAH_DEBUG */ + fflush (stdout); + + if (fgets (buf, sizeof buf, stdin) == NULL) + goto error; + + if (strlen (buf) > 0 && + buf[strlen (buf) - 1] == '\n') + buf[strlen (buf) - 1] = '\0'; + + aresp[i].resp = strdup (buf); + if (aresp[i].resp == NULL) + goto error; + break; + + case PAM_ERROR_MSG: + fprintf (stdout, "PAM_ERROR_MSG "); + goto conv2; + + case PAM_TEXT_INFO: + fprintf (stdout, "PAM_TEXT_INFO "); + conv2: + fputs (msg[i]->msg, stdout); + if (strlen (msg[i]->msg) > 0 && + msg[i]->msg[strlen (msg[i]->msg) - 1] != '\n') + fputc ('\n', stdout); + fflush (stdout); + break; + + default: + goto error; + } + } + + *resp = aresp; + return PAM_SUCCESS; + +error: + + for (i = 0; i < n; ++i) + { + if (aresp[i].resp != NULL) { + memset (aresp[i].resp, 0, strlen(aresp[i].resp)); + free (aresp[i].resp); + } + } + memset (aresp, 0, n * sizeof *aresp); + *resp = NULL; + return PAM_CONV_ERR; +} diff --git a/src/polkitagent/polkitagenthelper-shadow.c b/src/polkitagent/polkitagenthelper-shadow.c new file mode 100644 index 00000000..a4f73acf --- /dev/null +++ b/src/polkitagent/polkitagenthelper-shadow.c @@ -0,0 +1,198 @@ +/* + * Copyright (C) 2008 Red Hat, Inc. + * Copyright (C) 2009-2010 Andrew Psaltis + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, write to the + * Free Software Foundation, Inc., 59 Temple Place, Suite 330, + * Boston, MA 02111-1307, USA. + * + * Authors: Andrew Psaltis , based on + * polkitagenthelper.c which was written by + * David Zeuthen + */ + +#include "config.h" +#include "polkitagenthelperprivate.h" + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include + +static gboolean shadow_authenticate (struct spwd *shadow); + +int +main (int argc, char *argv[]) +{ + struct spwd *shadow; + const char *user_to_auth; + const char *cookie; + time_t now; + + /* clear the entire environment to avoid attacks with + libraries honoring environment variables */ + if (_polkit_clearenv () != 0) + goto error; + + /* set a minimal environment */ + setenv ("PATH", "/usr/sbin:/usr/bin:/sbin:/bin", 1); + + /* check that we are setuid root */ + if (geteuid () != 0) + { + fprintf (stderr, "polkit-agent-helper-1: needs to be setuid root\n"); + goto error; + } + + openlog ("polkit-agent-helper-1", LOG_CONS | LOG_PID, LOG_AUTHPRIV); + + /* check for correct invocation */ + if (argc != 3) + { + syslog (LOG_NOTICE, "inappropriate use of helper, wrong number of arguments [uid=%d]", getuid ()); + fprintf (stderr, "polkit-agent-helper-1: wrong number of arguments. This incident has been logged.\n"); + goto error; + } + + if (getuid () != 0) + { + /* check we're running with a non-tty stdin */ + if (isatty (STDIN_FILENO) != 0) + { + syslog (LOG_NOTICE, "inappropriate use of helper, stdin is a tty [uid=%d]", getuid ()); + fprintf (stderr, "polkit-agent-helper-1: inappropriate use of helper, stdin is a tty. This incident has been logged.\n"); + goto error; + } + } + + user_to_auth = argv[1]; + cookie = argv[2]; + +#ifdef PAH_DEBUG + fprintf (stderr, "polkit-agent-helper-1: user to auth is '%s'.\n", user_to_auth); +#endif /* PAH_DEBUG */ + + + /* Ask shadow about the user requesting authentication */ + shadow = getspnam (user_to_auth); + + if (shadow == NULL) + { + syslog (LOG_NOTICE, "shadow file data information request for user '%s' [uid=%d] failed", user_to_auth, getuid ()); + fprintf(stderr, "polkit-agent-helper-1: could not get shadow information for '%s'", user_to_auth); + goto error; + } + + /* Check the user's identity */ + if (shadow_authenticate (shadow) == FALSE) + { + syslog (LOG_NOTICE, "authentication failure [uid=%d] trying to authenticate '%s'", getuid (), user_to_auth); + fprintf (stderr, "polkit-agent-helper-1: authentication failure. This incident has been logged.\n"); + goto error; + } + + /* Check whether the user's password has expired */ + now = time (NULL); + if (shadow->sp_max >= 0 && (shadow->sp_lstchg + shadow->sp_max) * 60 * 60 * 24 <= now) + { + syslog (LOG_NOTICE, "password expired for user '%s' [uid=%d] trying to authenticate", user_to_auth, getuid ()); + fprintf (stderr, "polkit-agent-helper-1: authorization failure. This incident has been logged.\n"); + goto error; + } + + /* Check whether the user's password has aged (and account expired along + * with it) + */ + if (shadow->sp_inact >= 0 && (shadow->sp_lstchg + shadow->sp_max + shadow->sp_inact) * 60 * 60 * 24 <= now) + { + syslog (LOG_NOTICE, "password aged for user '%s' [uid=%d] trying to authenticate", user_to_auth, getuid ()); + fprintf (stderr, "polkit-agent-helper-1: authorization failure. This incident has been logged.\n"); + goto error; + } + + /* Check whether the user's account has expired */ + if (shadow->sp_expire >= 0 && shadow->sp_expire * 60 * 60 * 24 <= now) + { + syslog (LOG_NOTICE, "account expired for user '%s' [uid=%d] trying to authenticate", user_to_auth, getuid ()); + fprintf (stderr, "polkit-agent-helper-1: authorization failure. This incident has been logged.\n"); + goto error; + } + +#ifdef PAH_DEBUG + fprintf (stderr, "polkit-agent-helper-1: sending D-Bus message to PolicyKit daemon\n"); +#endif /* PAH_DEBUG */ + + /* now send a D-Bus message to the PolicyKit daemon that + * includes a) the cookie; and b) the user we authenticated + */ + if (!send_dbus_message (cookie, user_to_auth)) + { +#ifdef PAH_DEBUG + fprintf (stderr, "polkit-agent-helper-1: error sending D-Bus message to PolicyKit daemon\n"); +#endif /* PAH_DEBUG */ + goto error; + } + +#ifdef PAH_DEBUG + fprintf (stderr, "polkit-agent-helper-1: successfully sent D-Bus message to PolicyKit daemon\n"); +#endif /* PAH_DEBUG */ + + fprintf (stdout, "SUCCESS\n"); + flush_and_wait (); + return 0; + +error: + fprintf (stdout, "FAILURE\n"); + flush_and_wait (); + return 1; +} + +static gboolean +shadow_authenticate (struct spwd *shadow) +{ + char passwd[512], *crypt_pass; + + fprintf (stdout, "PAM_PROMPT_ECHO_OFF password:\n"); + fflush (stdout); + usleep (10 * 1000); /* since fflush(3) seems buggy */ + + if (fgets (passwd, sizeof (passwd), stdin) == NULL) + goto error; + + if (strlen (passwd) > 0 && passwd[strlen (passwd) - 1] == '\n') + passwd[strlen (passwd) - 1] = '\0'; + + /* Use the encrypted password as the salt, according to the crypt(3) man page, + * it will perform whatever encryption method is specified in /etc/shadow + */ + crypt_pass = crypt (passwd, shadow->sp_pwdp); + + if (crypt_pass == NULL) + goto error; + + if (strcmp (shadow->sp_pwdp, crypt (passwd, shadow->sp_pwdp)) != 0) + goto error; + return 1; +error: + return 0; +} diff --git a/src/polkitagent/polkitagenthelperprivate.c b/src/polkitagent/polkitagenthelperprivate.c new file mode 100644 index 00000000..4417e70f --- /dev/null +++ b/src/polkitagent/polkitagenthelperprivate.c @@ -0,0 +1,109 @@ +/* + * Copyright (C) 2009-2010 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, write to the + * Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, + * Boston, MA 02110-1301, USA. + * + * Authors: David Zeuthen , + * Andrew Psaltis + */ + +#include "config.h" +#include "polkitagenthelperprivate.h" +#include +#include +#include + +#ifndef HAVE_CLEARENV +extern char **environ; + +int +_polkit_clearenv (void) +{ + if (environ != NULL) + environ[0] = NULL; + return 0; +} +#else +int +_polkit_clearenv (void) +{ + return clearenv (); +} +#endif + + +gboolean +send_dbus_message (const char *cookie, const char *user) +{ + PolkitAuthority *authority = NULL; + PolkitIdentity *identity = NULL; + GError *error; + gboolean ret; + + ret = FALSE; + + g_type_init (); + + error = NULL; + authority = polkit_authority_get_sync (NULL /* GCancellable* */, &error); + if (authority == NULL) + { + g_printerr ("Error getting authority: %s\n", error->message); + g_error_free (error); + goto out; + } + + identity = polkit_unix_user_new_for_name (user, &error); + if (identity == NULL) + { + g_printerr ("Error constructing identity: %s\n", error->message); + g_error_free (error); + goto out; + } + + if (!polkit_authority_authentication_agent_response_sync (authority, + cookie, + identity, + NULL, + &error)) + { + g_printerr ("polkit-agent-helper-1: error response to PolicyKit daemon: %s\n", error->message); + g_error_free (error); + goto out; + } + + ret = TRUE; + + out: + + if (identity != NULL) + g_object_unref (identity); + + if (authority != NULL) + g_object_unref (authority); + + return ret; +} + +void +flush_and_wait () +{ + fflush (stdout); + fflush (stderr); + fdatasync (fileno(stdout)); + fdatasync (fileno(stderr)); + usleep (100 * 1000); +} diff --git a/src/polkitagent/polkitagenthelperprivate.h b/src/polkitagent/polkitagenthelperprivate.h new file mode 100644 index 00000000..aeca2c74 --- /dev/null +++ b/src/polkitagent/polkitagenthelperprivate.h @@ -0,0 +1,45 @@ +/* + * Copyright (C) 2009-2010 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, write to the + * Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, + * Boston, MA 02110-1301, USA. + * + * Authors: David Zeuthen , + * Andrew Psaltis + */ +#ifndef __POLKIT_AGENT_HELPER_PRIVATE_H +#define __POLKIT_AGENT_HELPER_PRIVATE_H + +#define _GNU_SOURCE +#include + +/* Development aid: define PAH_DEBUG to get debugging output. Do _NOT_ + * enable this in production builds; it may leak passwords and other + * sensitive information. + */ +#undef PAH_DEBUG +/* #define PAH_DEBUG */ + +#ifdef HAVE_SOLARIS +# define LOG_AUTHPRIV (10<<3) +#endif + +int _polkit_clearenv (void); + +gboolean send_dbus_message (const char *cookie, const char *user); + +void flush_and_wait (); + +#endif /* __POLKIT_AGENT_HELPER_PRIVATE_H */ diff --git a/src/polkitagent/polkitagentlistener.c b/src/polkitagent/polkitagentlistener.c new file mode 100644 index 00000000..0d97501a --- /dev/null +++ b/src/polkitagent/polkitagentlistener.c @@ -0,0 +1,821 @@ +/* + * Copyright (C) 2008 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, write to the + * Free Software Foundation, Inc., 59 Temple Place, Suite 330, + * Boston, MA 02111-1307, USA. + * + * Author: David Zeuthen + */ + +#include "config.h" + +#include + +#include "polkitagentlistener.h" + +/** + * SECTION:polkitagentlistener + * @title: PolkitAgentListener + * @short_description: Abstract base class for Authentication Agents + * @stability: Unstable + * + * #PolkitAgentListener is an abstract base class used for implementing authentication + * agents. To implement an authentication agent, simply subclass #PolkitAgentListener and + * implement the @initiate_authentication and @initiate_authentication_finish methods. + * + * Typically authentication agents use #PolkitAgentSession to + * authenticate users (via passwords) and communicate back the + * authentication result to the PolicyKit daemon. This is however not + * requirement. Depending on the system an authentication agent may + * use other means (such as a Yes/No dialog) to obtain sufficient + * evidence that the user is one of the requested identities. + * + * To register a #PolkitAgentListener with the PolicyKit daemon, use + * polkit_agent_listener_register() or + * polkit_agent_listener_register_with_options(). + */ + +typedef struct +{ + GObject parent_instance; + + GDBusConnection *system_bus; + guint auth_agent_registration_id; + + GDBusInterfaceInfo *interface_info; + + PolkitAuthority *authority; + gulong notify_owner_handler_id; + + gboolean is_registered; + + PolkitAgentListener *listener; + + GVariant *registration_options; + + PolkitSubject *subject; + gchar *object_path; + + GHashTable *cookie_to_pending_auth; + + GThread *thread; + GError *thread_initialization_error; + gboolean thread_initialized; + GMainContext *thread_context; + GMainLoop *thread_loop; +} Server; + +static void +server_free (Server *server) +{ + if (server->is_registered) + { + GError *error; + error = NULL; + if (!polkit_authority_unregister_authentication_agent_sync (server->authority, + server->subject, + server->object_path, + NULL, + &error)) + { + g_warning ("Error unregistering authentication agent: %s", error->message); + g_error_free (error); + } + } + + if (server->thread_initialization_error != NULL) + g_error_free (server->thread_initialization_error); + + if (server->thread_context != NULL) + g_main_context_unref (server->thread_context); + + if (server->thread_loop != NULL) + g_main_loop_unref (server->thread_loop); + + if (server->interface_info != NULL) + g_dbus_interface_info_unref (server->interface_info); + + if (server->registration_options != NULL) + g_variant_unref (server->registration_options); + + if (server->listener != NULL) + g_object_unref (server->listener); + + if (server->auth_agent_registration_id > 0) + g_dbus_connection_unregister_object (server->system_bus, server->auth_agent_registration_id); + + if (server->notify_owner_handler_id > 0) + g_signal_handler_disconnect (server->authority, server->notify_owner_handler_id); + + if (server->authority != NULL) + g_object_unref (server->authority); + + if (server->system_bus != NULL) + g_object_unref (server->system_bus); + + if (server->cookie_to_pending_auth != NULL) + g_hash_table_unref (server->cookie_to_pending_auth); + + if (server->subject != NULL) + g_object_unref (server->subject); + + g_free (server->object_path); +} + +static gboolean +server_register (Server *server, + GError **error) +{ + GError *local_error; + gboolean ret; + const gchar *locale; + + ret = FALSE; + + locale = g_getenv ("LANG"); + if (locale == NULL) + locale = "en_US.UTF-8"; + + local_error = NULL; + if (!polkit_authority_register_authentication_agent_with_options_sync (server->authority, + server->subject, + locale, + server->object_path, + server->registration_options, + NULL, + &local_error)) + { + g_warning ("Unable to register authentication agent: %s", local_error->message); + g_propagate_error (error, local_error); + } + else + { + server->is_registered = TRUE; + ret = TRUE; + } + + return ret; +} + +static void +on_notify_authority_owner (GObject *object, + GParamSpec *pspec, + gpointer user_data) +{ + Server *server = user_data; + gchar *owner; + + owner = polkit_authority_get_owner (server->authority); + if (owner == NULL) + { + g_printerr ("PolicyKit daemon disconnected from the bus.\n"); + + if (server->is_registered) + g_printerr ("We are no longer a registered authentication agent.\n"); + + server->is_registered = FALSE; + } + else + { + /* only register if there is a name owner */ + if (!server->is_registered) + { + GError *error; + + g_printerr ("PolicyKit daemon reconnected to bus.\n"); + g_printerr ("Attempting to re-register as an authentication agent.\n"); + + error = NULL; + if (server_register (server, &error)) + { + g_printerr ("We are now a registered authentication agent.\n"); + } + else + { + g_printerr ("Failed to register as an authentication agent: %s\n", error->message); + g_error_free (error); + } + } + } + g_free (owner); +} + +static gboolean +server_init_sync (Server *server, + GCancellable *cancellable, + GError **error) +{ + gboolean ret; + + ret = FALSE; + + server->system_bus = g_bus_get_sync (G_BUS_TYPE_SYSTEM, cancellable, error); + if (server->system_bus == NULL) + goto out; + + server->authority = polkit_authority_get_sync (cancellable, error); + if (server->authority == NULL) + goto out; + + /* the only use of this proxy is to re-register with the polkit daemon + * if it jumps off the bus and comes back (which is useful for debugging) + */ + server->notify_owner_handler_id = g_signal_connect (server->authority, + "notify::owner", + G_CALLBACK (on_notify_authority_owner), + server); + + ret = TRUE; + + out: + return ret; +} + +static Server * +server_new (PolkitSubject *subject, + const gchar *object_path, + GCancellable *cancellable, + GError **error) +{ + Server *server; + + server = g_new0 (Server, 1); + server->subject = g_object_ref (subject); + server->object_path = object_path != NULL ? g_strdup (object_path) : + g_strdup ("/org/freedesktop/PolicyKit1/AuthenticationAgent"); + server->cookie_to_pending_auth = g_hash_table_new (g_str_hash, g_str_equal); + + if (!server_init_sync (server, cancellable, error)) + { + server_free (server); + goto out; + } + + out: + return server; +} + +static void auth_agent_handle_begin_authentication (Server *server, + GVariant *parameters, + GDBusMethodInvocation *invocation); + +static void auth_agent_handle_cancel_authentication (Server *server, + GVariant *parameters, + GDBusMethodInvocation *invocation); + +static void +auth_agent_handle_method_call (GDBusConnection *connection, + const gchar *sender, + const gchar *object_path, + const gchar *interface_name, + const gchar *method_name, + GVariant *parameters, + GDBusMethodInvocation *invocation, + gpointer user_data) +{ + Server *server = user_data; + + /* The shipped D-Bus policy also ensures that only uid 0 can invoke + * methods on our interface. So no need to check the caller. + */ + + if (g_strcmp0 (method_name, "BeginAuthentication") == 0) + auth_agent_handle_begin_authentication (server, parameters, invocation); + else if (g_strcmp0 (method_name, "CancelAuthentication") == 0) + auth_agent_handle_cancel_authentication (server, parameters, invocation); + else + g_assert_not_reached (); +} + +static const gchar *auth_agent_introspection_data = + "" + " " + " " + " " + " " + " " + " " + " " + " " + " " + " " + " " + " " + " " + ""; + +static const GDBusInterfaceVTable auth_agent_vtable = +{ + auth_agent_handle_method_call, + NULL, /* _handle_get_property */ + NULL /* _handle_set_property */ +}; + +static gboolean +server_export_object (Server *server, + GError **error) +{ + gboolean ret; + ret = FALSE; + server->auth_agent_registration_id = g_dbus_connection_register_object (server->system_bus, + server->object_path, + server->interface_info, + &auth_agent_vtable, + server, + NULL, /* user_data GDestroyNotify */ + error); + if (server->auth_agent_registration_id > 0) + ret = TRUE; + return ret; +} + +static gpointer +server_thread_func (gpointer user_data) +{ + Server *server = user_data; + + server->thread_context = g_main_context_new (); + server->thread_loop = g_main_loop_new (server->thread_context, FALSE); + + g_main_context_push_thread_default (server->thread_context); + + if (!server_export_object (server, &server->thread_initialization_error)) + { + server->thread_initialized = TRUE; + goto out; + } + + server->thread_initialized = TRUE; + + g_main_loop_run (server->thread_loop); + + out: + g_main_context_pop_thread_default (server->thread_context); + return NULL; +} + +/** + * polkit_agent_listener_register_with_options: + * @listener: A #PolkitAgentListener. + * @flags: A set of flags from the #PolkitAgentRegisterFlags enumeration. + * @subject: The subject to become an authentication agent for, typically a #PolkitUnixSession object. + * @object_path: The D-Bus object path to use for the authentication agent or %NULL for the default object path. + * @options: (allow-none): A #GVariant with options or %NULL. + * @cancellable: A #GCancellable or %NULL. + * @error: Return location for error. + * + * Like polkit_agent_listener_register() but takes options to influence registration. See the + * RegisterAuthenticationAgentWithOptions() D-Bus method for details. + * + * Returns: (transfer full): %NULL if @error is set, otherwise a + * registration handle that can be used with + * polkit_agent_listener_unregister(). + */ +gpointer +polkit_agent_listener_register_with_options (PolkitAgentListener *listener, + PolkitAgentRegisterFlags flags, + PolkitSubject *subject, + const gchar *object_path, + GVariant *options, + GCancellable *cancellable, + GError **error) +{ + Server *server; + GDBusNodeInfo *node_info; + + g_return_val_if_fail (POLKIT_AGENT_IS_LISTENER (listener), NULL); + g_return_val_if_fail (POLKIT_IS_SUBJECT (subject), NULL); + g_return_val_if_fail (object_path == NULL || g_variant_is_object_path (object_path), NULL); + g_return_val_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable), NULL); + g_return_val_if_fail (error == NULL || *error == NULL, NULL); + + if (object_path == NULL) + object_path = "/org/freedesktop/PolicyKit1/AuthenticationAgent"; + + server = server_new (subject, object_path, cancellable, error); + if (server == NULL) + goto out; + + node_info = g_dbus_node_info_new_for_xml (auth_agent_introspection_data, error); + if (node_info == NULL) + { + server_free (server); + server = NULL; + goto out; + } + server->interface_info = g_dbus_interface_info_ref (g_dbus_node_info_lookup_interface (node_info, "org.freedesktop.PolicyKit1.AuthenticationAgent")); + g_dbus_node_info_unref (node_info); + + server->listener = g_object_ref (listener); + + server->registration_options = options != NULL ? g_variant_ref_sink (options) : NULL; + + if (flags & POLKIT_AGENT_REGISTER_FLAGS_RUN_IN_THREAD) + { + server->thread = g_thread_create (server_thread_func, + server, + TRUE, + error); + if (server->thread == NULL) + { + server_free (server); + server = NULL; + goto out; + } + + /* wait for the thread to export and object (TODO: probably use a condition variable instead) */ + while (!server->thread_initialized) + g_thread_yield (); + if (server->thread_initialization_error != NULL) + { + g_propagate_error (error, server->thread_initialization_error); + server->thread_initialization_error = NULL; + g_thread_join (server->thread); + server_free (server); + goto out; + } + } + else + { + if (!server_export_object (server, error)) + { + server_free (server); + server = NULL; + goto out; + } + } + + if (!server_register (server, error)) + { + server_free (server); + server = NULL; + goto out; + } + + out: + return server; +} + +/** + * polkit_agent_listener_register: + * @listener: A #PolkitAgentListener. + * @flags: A set of flags from the #PolkitAgentRegisterFlags enumeration. + * @subject: The subject to become an authentication agent for, typically a #PolkitUnixSession object. + * @object_path: The D-Bus object path to use for the authentication agent or %NULL for the default object path. + * @cancellable: A #GCancellable or %NULL. + * @error: Return location for error. + * + * Registers @listener with the PolicyKit daemon as an authentication + * agent for @subject. This is implemented by registering a D-Bus + * object at @object_path on the unique name assigned by the system + * message bus. + * + * Whenever the PolicyKit daemon needs to authenticate a processes + * that is related to @subject, the methods + * polkit_agent_listener_initiate_authentication() and + * polkit_agent_listener_initiate_authentication_finish() will be + * invoked on @listener. + * + * Note that registration of an authentication agent can fail; for + * example another authentication agent may already be registered for + * @subject. + * + * Note that the calling thread is blocked until a reply is received. + * + * Returns: (transfer full): %NULL if @error is set, otherwise a + * registration handle that can be used with + * polkit_agent_listener_unregister(). + */ +gpointer +polkit_agent_listener_register (PolkitAgentListener *listener, + PolkitAgentRegisterFlags flags, + PolkitSubject *subject, + const gchar *object_path, + GCancellable *cancellable, + GError **error) +{ + return polkit_agent_listener_register_with_options (listener, flags, subject, object_path, NULL, cancellable, error); +} + +/** + * polkit_agent_listener_unregister: + * @registration_handle: A handle obtained from polkit_agent_listener_register(). + * + * Unregisters @listener. + */ +void +polkit_agent_listener_unregister (gpointer registration_handle) +{ + Server *server = registration_handle; + if (server->thread != NULL) + { + g_main_loop_quit (server->thread_loop); + g_thread_join (server->thread); + } + server_free (server); +} + + +static void +listener_died (gpointer user_data, + GObject *where_the_object_was) +{ + Server *server = user_data; + server_free (server); +} + +gboolean +polkit_agent_register_listener (PolkitAgentListener *listener, + PolkitSubject *subject, + const gchar *object_path, + GError **error) +{ + Server *server; + gboolean ret; + + ret = FALSE; + + server = polkit_agent_listener_register (listener, POLKIT_AGENT_REGISTER_FLAGS_NONE, subject, object_path, NULL, error); + if (server == NULL) + goto out; + + /* drop the ref that server took */ + g_object_unref (server->listener); + /* take a weak ref and kill server when listener dies */ + g_object_weak_ref (G_OBJECT (server->listener), listener_died, server); + + ret = TRUE; + + out: + return ret; +} + +typedef struct +{ + Server *server; + gchar *cookie; + GDBusMethodInvocation *invocation; + GCancellable *cancellable; +} AuthData; + +static void +auth_data_free (AuthData *data) +{ + g_free (data->cookie); + g_object_unref (data->invocation); + g_object_unref (data->cancellable); + g_free (data); +} + +/* ---------------------------------------------------------------------------------------------------- */ + +static void +auth_cb (GObject *source_object, + GAsyncResult *res, + gpointer user_data) +{ + AuthData *data = user_data; + GError *error; + + error = NULL; + if (!polkit_agent_listener_initiate_authentication_finish (POLKIT_AGENT_LISTENER (source_object), + res, + &error)) + { + g_dbus_method_invocation_return_gerror (data->invocation, error); + g_error_free (error); + } + else + { + g_dbus_method_invocation_return_value (data->invocation, NULL); + } + + g_hash_table_remove (data->server->cookie_to_pending_auth, data->cookie); + + auth_data_free (data); +} + +static void +auth_agent_handle_begin_authentication (Server *server, + GVariant *parameters, + GDBusMethodInvocation *invocation) +{ + const gchar *action_id; + const gchar *message; + const gchar *icon_name; + GVariant *details_gvariant; + const gchar *cookie; + GVariant *identities_gvariant; + GList *identities; + PolkitDetails *details; + GVariantIter iter; + GVariant *child; + guint n; + AuthData *data; + + identities = NULL; + details = NULL; + + g_variant_get (parameters, + "(&s&s&s@a{ss}&s@a(sa{sv}))", + &action_id, + &message, + &icon_name, + &details_gvariant, + &cookie, + &identities_gvariant); + + details = polkit_details_new_for_gvariant (details_gvariant); + + g_variant_iter_init (&iter, identities_gvariant); + n = 0; + while ((child = g_variant_iter_next_value (&iter)) != NULL) + { + PolkitIdentity *identity; + GError *error; + error = NULL; + identity = polkit_identity_new_for_gvariant (child, &error); + g_variant_unref (child); + + if (identity == NULL) + { + g_prefix_error (&error, "Error extracting identity %d: ", n); + g_dbus_method_invocation_return_gerror (invocation, error); + g_error_free (error); + goto out; + } + n++; + + identities = g_list_prepend (identities, identity); + } + identities = g_list_reverse (identities); + + data = g_new0 (AuthData, 1); + data->server = server; + data->cookie = g_strdup (cookie); + data->invocation = g_object_ref (invocation); + data->cancellable = g_cancellable_new (); + + g_hash_table_insert (server->cookie_to_pending_auth, (gpointer) cookie, data); + + polkit_agent_listener_initiate_authentication (server->listener, + action_id, + message, + icon_name, + details, + cookie, + identities, + data->cancellable, + auth_cb, + data); + + out: + g_list_foreach (identities, (GFunc) g_object_unref, NULL); + g_list_free (identities); + g_object_unref (details); + g_variant_unref (details_gvariant); + g_variant_unref (identities_gvariant); +} + +/* ---------------------------------------------------------------------------------------------------- */ + +static void +auth_agent_handle_cancel_authentication (Server *server, + GVariant *parameters, + GDBusMethodInvocation *invocation) +{ + AuthData *data; + const gchar *cookie; + + g_variant_get (parameters, + "(&s)", + &cookie); + + data = g_hash_table_lookup (server->cookie_to_pending_auth, cookie); + if (data == NULL) + { + g_dbus_method_invocation_return_error (invocation, + POLKIT_ERROR, + POLKIT_ERROR_FAILED, + "No pending authentication request for cookie '%s'", + cookie); + } + else + { + g_cancellable_cancel (data->cancellable); + g_dbus_method_invocation_return_value (invocation, NULL); + } +} + +/* ---------------------------------------------------------------------------------------------------- */ + +G_DEFINE_ABSTRACT_TYPE (PolkitAgentListener, polkit_agent_listener, G_TYPE_OBJECT); + +static void +polkit_agent_listener_init (PolkitAgentListener *listener) +{ +} + +static void +polkit_agent_listener_class_init (PolkitAgentListenerClass *klass) +{ +} + +/** + * polkit_agent_listener_initiate_authentication: + * @listener: A #PolkitAgentListener. + * @action_id: The action to authenticate for. + * @message: The message to present to the user. + * @icon_name: A themed icon name representing the action or %NULL. + * @details: Details describing the action. + * @cookie: The cookie for the authentication request. + * @identities: A list of #PolkitIdentity objects that the user can choose to authenticate as. + * @cancellable: A #GCancellable. + * @callback: Function to call when the user is done authenticating. + * @user_data: Data to pass to @callback. + * + * Called on a registered authentication agent (see + * polkit_agent_listener_register()) when the user owning the session + * needs to prove he is one of the identities listed in @identities. + * + * When the user is done authenticating (for example by dismissing an + * authentication dialog or by successfully entering a password or + * otherwise proving the user is one of the identities in + * @identities), @callback will be invoked. The caller then calls + * polkit_agent_listener_initiate_authentication_finish() to get the + * result. + * + * #PolkitAgentListener derived subclasses imlementing this method + * MUST not ignore @cancellable; callers of this + * function can and will use it. Additionally, @callback must be + * invoked in the thread-default main + * loop of the thread that this method is called from. + */ +void +polkit_agent_listener_initiate_authentication (PolkitAgentListener *listener, + const gchar *action_id, + const gchar *message, + const gchar *icon_name, + PolkitDetails *details, + const gchar *cookie, + GList *identities, + GCancellable *cancellable, + GAsyncReadyCallback callback, + gpointer user_data) +{ + g_return_if_fail (POLKIT_AGENT_IS_LISTENER (listener)); + g_return_if_fail (details == NULL || POLKIT_IS_DETAILS (details)); + g_return_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable)); + g_return_if_fail (action_id != NULL); + g_return_if_fail (message != NULL); + g_return_if_fail (cookie != NULL); + g_return_if_fail (identities != NULL); + POLKIT_AGENT_LISTENER_GET_CLASS (listener)->initiate_authentication (listener, + action_id, + message, + icon_name, + details, + cookie, + identities, + cancellable, + callback, + user_data); +} + +/** + * polkit_agent_listener_initiate_authentication_finish: + * @listener: A #PolkitAgentListener. + * @res: A #GAsyncResult obtained from the #GAsyncReadyCallback function passed to polkit_agent_listener_initiate_authentication(). + * @error: Return location for error. + * + * Finishes an authentication request from the PolicyKit daemon, see + * polkit_agent_listener_initiate_authentication() for details. + * + * Returns: %TRUE if @error is set. + **/ +gboolean +polkit_agent_listener_initiate_authentication_finish (PolkitAgentListener *listener, + GAsyncResult *res, + GError **error) +{ + g_return_val_if_fail (POLKIT_AGENT_IS_LISTENER (listener), FALSE); + g_return_val_if_fail (G_IS_ASYNC_RESULT (res), FALSE); + g_return_val_if_fail (error == NULL || *error == NULL, FALSE); + return POLKIT_AGENT_LISTENER_GET_CLASS (listener)->initiate_authentication_finish (listener, + res, + error); +} + diff --git a/src/polkitagent/polkitagentlistener.h b/src/polkitagent/polkitagentlistener.h new file mode 100644 index 00000000..c3cbcfb8 --- /dev/null +++ b/src/polkitagent/polkitagentlistener.h @@ -0,0 +1,149 @@ +/* + * Copyright (C) 2008 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, write to the + * Free Software Foundation, Inc., 59 Temple Place, Suite 330, + * Boston, MA 02111-1307, USA. + * + * Author: David Zeuthen + */ + +#if !defined(_POLKIT_AGENT_INSIDE_POLKIT_AGENT_H) && !defined (_POLKIT_AGENT_COMPILATION) +#error "Only can be included directly, this file may disappear or change contents" +#endif + +#ifndef __POLKIT_AGENT_LISTENER_H +#define __POLKIT_AGENT_LISTENER_H + +#include +#include + +G_BEGIN_DECLS + +#define POLKIT_AGENT_TYPE_LISTENER (polkit_agent_listener_get_type ()) +#define POLKIT_AGENT_LISTENER(o) (G_TYPE_CHECK_INSTANCE_CAST ((o), POLKIT_AGENT_TYPE_LISTENER, PolkitAgentListener)) +#define POLKIT_AGENT_LISTENER_CLASS(k) (G_TYPE_CHECK_CLASS_CAST ((k), POLKIT_AGENT_TYPE_LISTENER, PolkitAgentListenerClass)) +#define POLKIT_AGENT_LISTENER_GET_CLASS(o) (G_TYPE_INSTANCE_GET_CLASS ((o), POLKIT_AGENT_TYPE_LISTENER,PolkitAgentListenerClass)) +#define POLKIT_AGENT_IS_LISTENER(o) (G_TYPE_CHECK_INSTANCE_TYPE ((o), POLKIT_AGENT_TYPE_LISTENER)) +#define POLKIT_AGENT_IS_LISTENER_CLASS(k) (G_TYPE_CHECK_CLASS_TYPE ((k), POLKIT_AGENT_TYPE_LISTENER)) + +struct _PolkitAgentListenerClass; +typedef struct _PolkitAgentListenerClass PolkitAgentListenerClass; + +/** + * PolkitAgentListener: + * + * The #PolkitAgentListener struct should not be accessed directly. + */ +struct _PolkitAgentListener +{ + GObject parent_instance; +}; + +/** + * PolkitAgentListenerClass: + * @parent_class: The parent class. + * @initiate_authentication: Handle an authentication request, see polkit_agent_listener_initiate_authentication(). + * @initiate_authentication_finish: Finishes handling an authentication request, see polkit_agent_listener_initiate_authentication_finish(). + * + * VFuncs that authentication agents needs to implement. + */ +struct _PolkitAgentListenerClass +{ + /*< public >*/ + GObjectClass parent_class; + + /* Vtable */ + void (*initiate_authentication) (PolkitAgentListener *listener, + const gchar *action_id, + const gchar *message, + const gchar *icon_name, + PolkitDetails *details, + const gchar *cookie, + GList *identities, + GCancellable *cancellable, + GAsyncReadyCallback callback, + gpointer user_data); + + gboolean (*initiate_authentication_finish) (PolkitAgentListener *listener, + GAsyncResult *res, + GError **error); + + /*< private >*/ + /* Padding for future expansion */ + void (*_polkit_reserved0) (void); + void (*_polkit_reserved1) (void); + void (*_polkit_reserved2) (void); + void (*_polkit_reserved3) (void); + void (*_polkit_reserved4) (void); + void (*_polkit_reserved5) (void); + void (*_polkit_reserved6) (void); + void (*_polkit_reserved7) (void); +}; + +GType polkit_agent_listener_get_type (void) G_GNUC_CONST; + +void polkit_agent_listener_initiate_authentication (PolkitAgentListener *listener, + const gchar *action_id, + const gchar *message, + const gchar *icon_name, + PolkitDetails *details, + const gchar *cookie, + GList *identities, + GCancellable *cancellable, + GAsyncReadyCallback callback, + gpointer user_data); + +gboolean polkit_agent_listener_initiate_authentication_finish (PolkitAgentListener *listener, + GAsyncResult *res, + GError **error); + +gboolean polkit_agent_register_listener (PolkitAgentListener *listener, + PolkitSubject *subject, + const gchar *object_path, + GError **error) G_GNUC_DEPRECATED_FOR (polkit_authority_listener_register); + +/** + * PolkitAgentRegisterFlags: + * @POLKIT_AGENT_REGISTER_FLAGS_NONE: No flags are set. + * @POLKIT_AGENT_REGISTER_FLAGS_RUN_IN_THREAD: Run the listener in a dedicated thread. + * + * Flags used in polkit_agent_listener_register(). + */ +typedef enum +{ + POLKIT_AGENT_REGISTER_FLAGS_NONE = 0, + POLKIT_AGENT_REGISTER_FLAGS_RUN_IN_THREAD = (1<<0) +} PolkitAgentRegisterFlags; + +gpointer polkit_agent_listener_register (PolkitAgentListener *listener, + PolkitAgentRegisterFlags flags, + PolkitSubject *subject, + const gchar *object_path, + GCancellable *cancellable, + GError **error); + +gpointer polkit_agent_listener_register_with_options (PolkitAgentListener *listener, + PolkitAgentRegisterFlags flags, + PolkitSubject *subject, + const gchar *object_path, + GVariant *options, + GCancellable *cancellable, + GError **error); + +void polkit_agent_listener_unregister (gpointer registration_handle); + +G_END_DECLS + +#endif /* __POLKIT_AGENT_LISTENER_H */ diff --git a/src/polkitagent/polkitagentmarshal.list b/src/polkitagent/polkitagentmarshal.list new file mode 100644 index 00000000..c4effb63 --- /dev/null +++ b/src/polkitagent/polkitagentmarshal.list @@ -0,0 +1 @@ +VOID:STRING,BOOLEAN diff --git a/src/polkitagent/polkitagentsession.c b/src/polkitagent/polkitagentsession.c new file mode 100644 index 00000000..8129cd9f --- /dev/null +++ b/src/polkitagent/polkitagentsession.c @@ -0,0 +1,690 @@ +/* + * Copyright (C) 2008 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, write to the + * Free Software Foundation, Inc., 59 Temple Place, Suite 330, + * Boston, MA 02111-1307, USA. + * + * Author: David Zeuthen + */ + +/** + * SECTION:polkitagentsession + * @title: PolkitAgentSession + * @short_description: Authentication Session + * @stability: Unstable + * + * The #PolkitAgentSession class is an abstraction used for interacting with the + * native authentication system (for example PAM) for obtaining authorizations. + * This class is typically used together with instances that are derived from + * the #PolkitAgentListener abstract base class. + * + * To perform the actual authentication, #PolkitAgentSession uses a trusted suid helper. + * The authentication conversation is done through a pipe. This is transparent; the user + * only need to handle the + * #PolkitAgentSession::request, + * #PolkitAgentSession::show-info, + * #PolkitAgentSession::show-error and + * #PolkitAgentSession::completed + * signals and invoke polkit_agent_session_response() in response to requests. + * + * If the user successfully authenticates, the authentication helper will invoke + * a method on the PolicyKit daemon (see polkit_authority_authentication_agent_response_sync()) + * with the given @cookie. Upon receiving a positive response from the PolicyKit daemon (via + * the authentication helper), the #PolkitAgentSession::completed signal will be emitted + * with the @gained_authorization paramter set to %TRUE. + * + * If the user is unable to authenticate, the #PolkitAgentSession::completed signal will + * be emitted with the @gained_authorization paramter set to %FALSE. + */ + +#include "config.h" +#include +#include +#include +#include +#include +#include + +#include "polkitagentmarshal.h" +#include "polkitagentsession.h" + +static gboolean +_show_debug (void) +{ + static volatile gsize has_show_debug = 0; + static gboolean show_debug_value = FALSE; + + if (g_once_init_enter (&has_show_debug)) + { + show_debug_value = (g_getenv ("POLKIT_DEBUG") != NULL); + g_once_init_leave (&has_show_debug, 1); + } + return show_debug_value; +} + +/** + * PolkitAgentSession: + * + * The #PolkitAgentSession struct should not be accessed directly. + */ +struct _PolkitAgentSession +{ + /*< private >*/ + + GObject parent_instance; + + gchar *cookie; + PolkitIdentity *identity; + + int child_stdin; + int child_stdout; + GPid child_pid; + + GSource *child_watch_source; + GSource *child_stdout_watch_source; + GIOChannel *child_stdout_channel; + + gboolean success; + gboolean helper_is_running; + gboolean have_emitted_completed; +}; + +struct _PolkitAgentSessionClass +{ + GObjectClass parent_class; + +}; + +enum +{ + PROP_0, + PROP_IDENTITY, + PROP_COOKIE +}; + +enum +{ + REQUEST_SIGNAL, + SHOW_INFO_SIGNAL, + SHOW_ERROR_SIGNAL, + COMPLETED_SIGNAL, + LAST_SIGNAL, +}; + +static guint signals[LAST_SIGNAL] = {0}; + +G_DEFINE_TYPE (PolkitAgentSession, polkit_agent_session, G_TYPE_OBJECT); + +static void +polkit_agent_session_init (PolkitAgentSession *session) +{ + session->child_stdin = -1; + session->child_stdout = -1; +} + +static void kill_helper (PolkitAgentSession *session); + +static void +polkit_agent_session_finalize (GObject *object) +{ + PolkitAgentSession *session; + + session = POLKIT_AGENT_SESSION (object); + + /* this releases resources related to the helper */ + kill_helper (session); + + g_free (session->cookie); + if (session->identity != NULL) + g_object_unref (session->identity); + + if (G_OBJECT_CLASS (polkit_agent_session_parent_class)->finalize != NULL) + G_OBJECT_CLASS (polkit_agent_session_parent_class)->finalize (object); +} + +static void +polkit_agent_session_get_property (GObject *object, + guint prop_id, + GValue *value, + GParamSpec *pspec) +{ + PolkitAgentSession *session = POLKIT_AGENT_SESSION (object); + + switch (prop_id) + { + case PROP_IDENTITY: + g_value_set_object (value, session->identity); + break; + + case PROP_COOKIE: + g_value_set_string (value, session->cookie); + break; + + default: + G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); + break; + } +} + +static void +polkit_agent_session_set_property (GObject *object, + guint prop_id, + const GValue *value, + GParamSpec *pspec) +{ + PolkitAgentSession *session = POLKIT_AGENT_SESSION (object); + + switch (prop_id) + { + case PROP_IDENTITY: + session->identity = g_value_dup_object (value); + break; + + case PROP_COOKIE: + session->cookie = g_value_dup_string (value); + break; + + default: + G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); + break; + } +} + +static void +polkit_agent_session_class_init (PolkitAgentSessionClass *klass) +{ + GObjectClass *gobject_class; + + gobject_class = G_OBJECT_CLASS (klass); + + gobject_class->finalize = polkit_agent_session_finalize; + gobject_class->get_property = polkit_agent_session_get_property; + gobject_class->set_property = polkit_agent_session_set_property; + + /** + * PolkitAgentSession:identity: + * + * The identity to authenticate. + */ + g_object_class_install_property (gobject_class, + PROP_IDENTITY, + g_param_spec_object ("identity", + "Identity", + "The identity to authenticate", + POLKIT_TYPE_IDENTITY, + G_PARAM_CONSTRUCT_ONLY | + G_PARAM_READWRITE | + G_PARAM_STATIC_NAME | + G_PARAM_STATIC_BLURB | + G_PARAM_STATIC_NICK)); + + /** + * PolkitAgentSession:cookie: + * + * The cookie obtained from the PolicyKit daemon + */ + g_object_class_install_property (gobject_class, + PROP_COOKIE, + g_param_spec_string ("cookie", + "Cookie", + "The cookie obtained from the PolicyKit daemon", + NULL, + G_PARAM_CONSTRUCT_ONLY | + G_PARAM_READWRITE | + G_PARAM_STATIC_NAME | + G_PARAM_STATIC_BLURB | + G_PARAM_STATIC_NICK)); + + /** + * PolkitAgentSession::request: + * @session: A #PolkitAgentSession. + * @request: The request to show the user, e.g. "name: " or "password: ". + * @echo_on: %TRUE if the response to the request SHOULD be echoed on the + * screen, %FALSE if the response MUST NOT be echoed to the screen. + * + * Emitted when the user is requested to answer a question. + * + * When the response has been collected from the user, call polkit_agent_session_response(). + */ + signals[REQUEST_SIGNAL] = g_signal_new ("request", + POLKIT_AGENT_TYPE_SESSION, + G_SIGNAL_RUN_LAST, + 0, /* class offset */ + NULL, /* accumulator */ + NULL, /* accumulator data */ + _polkit_agent_marshal_VOID__STRING_BOOLEAN, + G_TYPE_NONE, + 2, + G_TYPE_STRING, + G_TYPE_BOOLEAN); + + /** + * PolkitAgentSession::show-info: + * @session: A #PolkitAgentSession. + * @text: A string to display to the user. + * + * Emitted when there is information to be displayed to the user. + */ + signals[SHOW_INFO_SIGNAL] = g_signal_new ("show-info", + POLKIT_AGENT_TYPE_SESSION, + G_SIGNAL_RUN_LAST, + 0, /* class offset */ + NULL, /* accumulator */ + NULL, /* accumulator data */ + g_cclosure_marshal_VOID__STRING, + G_TYPE_NONE, + 1, + G_TYPE_STRING); + + /** + * PolkitAgentSession::show-error: + * @session: A #PolkitAgentSession. + * @text: An error string to display to the user. + * + * Emitted when there is information related to an error condition to be displayed to the user. + */ + signals[SHOW_ERROR_SIGNAL] = g_signal_new ("show-error", + POLKIT_AGENT_TYPE_SESSION, + G_SIGNAL_RUN_LAST, + 0, /* class offset */ + NULL, /* accumulator */ + NULL, /* accumulator data */ + g_cclosure_marshal_VOID__STRING, + G_TYPE_NONE, + 1, + G_TYPE_STRING); + + /** + * PolkitAgentSession::completed: + * @session: A #PolkitAgentSession. + * @gained_authorization: %TRUE only if the authorization was successfully obtained. + * + * Emitted when the authentication session has been completed or + * cancelled. The @gained_authorization parameter is %TRUE only if + * the user successfully authenticated. + * + * Upon receiving this signal, the user should free @session using g_object_unref(). + */ + signals[COMPLETED_SIGNAL] = g_signal_new ("completed", + POLKIT_AGENT_TYPE_SESSION, + G_SIGNAL_RUN_LAST, + 0, /* class offset */ + NULL, /* accumulator */ + NULL, /* accumulator data */ + g_cclosure_marshal_VOID__BOOLEAN, + G_TYPE_NONE, + 1, + G_TYPE_BOOLEAN); +} + +/** + * polkit_agent_session_new: + * @identity: The identity to authenticate. + * @cookie: The cookie obtained from the PolicyKit daemon + * + * Creates a new authentication session. + * + * The caller should connect to the + * #PolkitAgentSession::request, + * #PolkitAgentSession::show-info, + * #PolkitAgentSession::show-error and + * #PolkitAgentSession::completed + * signals and then call polkit_agent_session_initiate() to initiate the authentication session. + * + * Returns: A #PolkitAgentSession. Free with g_object_unref(). + **/ +PolkitAgentSession * +polkit_agent_session_new (PolkitIdentity *identity, + const gchar *cookie) +{ + PolkitAgentSession *session; + + g_return_val_if_fail (POLKIT_IS_IDENTITY (identity), NULL); + g_return_val_if_fail (cookie != NULL, NULL); + + session = POLKIT_AGENT_SESSION (g_object_new (POLKIT_AGENT_TYPE_SESSION, + "identity", identity, + "cookie", cookie, + NULL)); + + return session; +} + +static void +kill_helper (PolkitAgentSession *session) +{ + if (!session->helper_is_running) + goto out; + + if (session->child_pid > 0) + { + gint status; + //g_debug ("Sending SIGTERM to helper"); + kill (session->child_pid, SIGTERM); + waitpid (session->child_pid, &status, 0); + session->child_pid = 0; + } + + if (session->child_watch_source != NULL) + { + g_source_destroy (session->child_watch_source); + g_source_unref (session->child_watch_source); + session->child_watch_source = NULL; + } + + if (session->child_stdout_watch_source != NULL) + { + g_source_destroy (session->child_stdout_watch_source); + g_source_unref (session->child_stdout_watch_source); + session->child_stdout_watch_source = NULL; + } + + if (session->child_stdout_channel != NULL) + { + g_io_channel_unref (session->child_stdout_channel); + session->child_stdout_channel = NULL; + } + + if (session->child_stdout != -1) + { + g_warn_if_fail (close (session->child_stdout) == 0); + session->child_stdout = -1; + } + + if (session->child_stdin != -1) + { + g_warn_if_fail (close (session->child_stdin) == 0); + session->child_stdin = -1; + } + + session->helper_is_running = FALSE; + + out: + ; +} + +static void +complete_session (PolkitAgentSession *session, + gboolean result) +{ + kill_helper (session); + if (!session->have_emitted_completed) + { + if (G_UNLIKELY (_show_debug ())) + g_print ("PolkitAgentSession: emitting ::completed(%s)\n", result ? "TRUE" : "FALSE"); + g_signal_emit_by_name (session, "completed", result); + session->have_emitted_completed = TRUE; + } +} + +static void +child_watch_func (GPid pid, + gint status, + gpointer user_data) +{ + PolkitAgentSession *session = POLKIT_AGENT_SESSION (user_data); + + if (G_UNLIKELY (_show_debug ())) + { + g_print ("PolkitAgentSession: in child_watch_func for pid %d (WIFEXITED=%d WEXITSTATUS=%d)\n", + (gint) pid, + WIFEXITED(status), + WEXITSTATUS(status)); + } + + /* kill all the watches we have set up, except for the child since it has exited already */ + session->child_pid = 0; + complete_session (session, FALSE); +} + +static gboolean +io_watch_have_data (GIOChannel *channel, + GIOCondition condition, + gpointer user_data) +{ + PolkitAgentSession *session = POLKIT_AGENT_SESSION (user_data); + gchar *line, *unescaped; + GError *error; + + error = NULL; + line = NULL; + unescaped = NULL; + + if (!session->helper_is_running) + { + g_warning ("in io_watch_have_data() but helper is not supposed to be running"); + + complete_session (session, FALSE); + goto out; + } + + g_io_channel_read_line (channel, + &line, + NULL, + NULL, + &error); + if (error != NULL) + { + g_warning ("Error reading line from helper: %s", error->message); + g_error_free (error); + + complete_session (session, FALSE); + goto out; + } + + /* remove terminator */ + if (strlen (line) > 0 && line[strlen (line) - 1] == '\n') + line[strlen (line) - 1] = '\0'; + + unescaped = g_strcompress (line); + + if (G_UNLIKELY (_show_debug ())) + g_print ("PolkitAgentSession: read `%s' from helper\n", unescaped); + + if (g_str_has_prefix (unescaped, "PAM_PROMPT_ECHO_OFF ")) + { + const gchar *s = unescaped + sizeof "PAM_PROMPT_ECHO_OFF " - 1; + if (G_UNLIKELY (_show_debug ())) + g_print ("PolkitAgentSession: emitting ::request('%s', FALSE)\n", s); + g_signal_emit_by_name (session, "request", s, FALSE); + } + else if (g_str_has_prefix (unescaped, "PAM_PROMPT_ECHO_ON ")) + { + const gchar *s = unescaped + sizeof "PAM_PROMPT_ECHO_ON " - 1; + if (G_UNLIKELY (_show_debug ())) + g_print ("PolkitAgentSession: emitting ::request('%s', TRUE)\n", s); + g_signal_emit_by_name (session, "request", s, TRUE); + } + else if (g_str_has_prefix (unescaped, "PAM_ERROR_MSG ")) + { + const gchar *s = unescaped + sizeof "PAM_ERROR_MSG " - 1; + if (G_UNLIKELY (_show_debug ())) + g_print ("PolkitAgentSession: emitting ::show-error('%s')\n", s); + g_signal_emit_by_name (session, "show-error", s); + } + else if (g_str_has_prefix (unescaped, "PAM_TEXT_INFO ")) + { + const gchar *s = unescaped + sizeof "PAM_TEXT_INFO " - 1; + if (G_UNLIKELY (_show_debug ())) + g_print ("PolkitAgentSession: emitting ::show-info('%s')\n", s); + g_signal_emit_by_name (session, "show-info", s); + } + else if (g_str_has_prefix (unescaped, "SUCCESS")) + { + complete_session (session, TRUE); + } + else if (g_str_has_prefix (unescaped, "FAILURE")) + { + complete_session (session, FALSE); + } + else + { + g_warning ("Unknown line '%s' from helper", line); + complete_session (session, FALSE); + goto out; + } + + out: + g_free (line); + g_free (unescaped); + + /* keep the IOChannel around */ + return TRUE; +} + +/** + * polkit_agent_session_response: + * @session: A #PolkitAgentSession. + * @response: Response from the user, typically a password. + * + * Function for providing response to requests received + * via the #PolkitAgentSession::request signal. + **/ +void +polkit_agent_session_response (PolkitAgentSession *session, + const gchar *response) +{ + gboolean add_newline; + size_t response_len; + const char newline[] = "\n"; + + g_return_if_fail (POLKIT_AGENT_IS_SESSION (session)); + g_return_if_fail (response != NULL); + + response_len = strlen (response); + + add_newline = (response[response_len] != '\n'); + + write (session->child_stdin, response, response_len); + if (add_newline) + write (session->child_stdin, newline, 1); +} + +/** + * polkit_agent_session_initiate: + * @session: A #PolkitAgentSession. + * + * Initiates the authentication session. Before calling this method, + * make sure to connect to the various signals. The signals will be + * emitted in the thread-default main + * loop that this method is invoked from. + * + * Use polkit_agent_session_cancel() to cancel the session. + **/ +void +polkit_agent_session_initiate (PolkitAgentSession *session) +{ + uid_t uid; + GError *error; + gchar *helper_argv[4]; + struct passwd *passwd; + + g_return_if_fail (POLKIT_AGENT_IS_SESSION (session)); + + if (G_UNLIKELY (_show_debug ())) + { + gchar *s; + s = polkit_identity_to_string (session->identity); + g_print ("PolkitAgentSession: initiating authentication for identity `%s', cookie %s\n", + s, + session->cookie); + g_free (s); + } + + /* TODO: also support authorization for other kinds of identities */ + if (!POLKIT_IS_UNIX_USER (session->identity)) + { + g_warning ("Unsupported identity type"); + goto error; + } + + uid = polkit_unix_user_get_uid (POLKIT_UNIX_USER (session->identity)); + + passwd = getpwuid (uid); + if (passwd == NULL) + { + g_warning ("No user with uid %d", uid); + goto error; + } + + helper_argv[0] = PACKAGE_LIBEXEC_DIR "/polkit-agent-helper-1"; + helper_argv[1] = passwd->pw_name; + helper_argv[2] = session->cookie; + helper_argv[3] = NULL; + + session->child_stdin = -1; + session->child_stdout = -1; + + error = NULL; + if (!g_spawn_async_with_pipes (NULL, + (char **) helper_argv, + NULL, + G_SPAWN_DO_NOT_REAP_CHILD | + 0,//G_SPAWN_STDERR_TO_DEV_NULL, + NULL, + NULL, + &session->child_pid, + &session->child_stdin, + &session->child_stdout, + NULL, + &error)) + { + g_warning ("Cannot spawn helper: %s\n", error->message); + g_error_free (error); + goto error; + } + + if (G_UNLIKELY (_show_debug ())) + g_print ("PolkitAgentSession: spawned helper with pid %d\n", (gint) session->child_pid); + + session->child_watch_source = g_child_watch_source_new (session->child_pid); + g_source_set_callback (session->child_watch_source, (GSourceFunc) child_watch_func, session, NULL); + g_source_attach (session->child_watch_source, g_main_context_get_thread_default ()); + + session->child_stdout_channel = g_io_channel_unix_new (session->child_stdout); + session->child_stdout_watch_source = g_io_create_watch (session->child_stdout_channel, G_IO_IN); + g_source_set_callback (session->child_stdout_watch_source, (GSourceFunc) io_watch_have_data, session, NULL); + g_source_attach (session->child_stdout_watch_source, g_main_context_get_thread_default ()); + + + session->success = FALSE; + + session->helper_is_running = TRUE; + + return; + +error: + complete_session (session, FALSE); +} + + +/** + * polkit_agent_session_cancel: + * @session: A #PolkitAgentSession. + * + * Cancels an authentication session. This will make @session emit the #PolkitAgentSession::completed + * signal. + **/ +void +polkit_agent_session_cancel (PolkitAgentSession *session) +{ + g_return_if_fail (POLKIT_AGENT_IS_SESSION (session)); + + if (G_UNLIKELY (_show_debug ())) + g_print ("PolkitAgentSession: canceling authentication\n"); + + complete_session (session, FALSE); +} diff --git a/src/polkitagent/polkitagentsession.h b/src/polkitagent/polkitagentsession.h new file mode 100644 index 00000000..4123c2d6 --- /dev/null +++ b/src/polkitagent/polkitagentsession.h @@ -0,0 +1,54 @@ +/* + * Copyright (C) 2008 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, write to the + * Free Software Foundation, Inc., 59 Temple Place, Suite 330, + * Boston, MA 02111-1307, USA. + * + * Author: David Zeuthen + */ + +#if !defined(_POLKIT_AGENT_INSIDE_POLKIT_AGENT_H) && !defined (_POLKIT_AGENT_COMPILATION) +#error "Only can be included directly, this file may disappear or change contents" +#endif + +#ifndef __POLKIT_AGENT_SESSION_H +#define __POLKIT_AGENT_SESSION_H + +#include +#include + +G_BEGIN_DECLS + +#define POLKIT_AGENT_TYPE_SESSION (polkit_agent_session_get_type()) +#define POLKIT_AGENT_SESSION(o) (G_TYPE_CHECK_INSTANCE_CAST ((o), POLKIT_AGENT_TYPE_SESSION, PolkitAgentSession)) +#define POLKIT_AGENT_SESSION_CLASS(k) (G_TYPE_CHECK_CLASS_CAST((k), POLKIT_AGENT_TYPE_SESSION, PolkitAgentSessionClass)) +#define POLKIT_AGENT_SESSION_GET_CLASS(o) (G_TYPE_INSTANCE_GET_CLASS ((o), POLKIT_AGENT_TYPE_SESSION, PolkitAgentSessionClass)) +#define POLKIT_AGENT_IS_SESSION(o) (G_TYPE_CHECK_INSTANCE_TYPE ((o), POLKIT_AGENT_TYPE_SESSION)) +#define POLKIT_AGENT_IS_SESSION_CLASS(k) (G_TYPE_CHECK_CLASS_TYPE ((k), POLKIT_AGENT_TYPE_SESSION)) + +struct _PolkitAgentSessionClass; +typedef struct _PolkitAgentSessionClass PolkitAgentSessionClass; + +GType polkit_agent_session_get_type (void) G_GNUC_CONST; +PolkitAgentSession *polkit_agent_session_new (PolkitIdentity *identity, + const gchar *cookie); +void polkit_agent_session_initiate (PolkitAgentSession *session); +void polkit_agent_session_response (PolkitAgentSession *session, + const gchar *response); +void polkit_agent_session_cancel (PolkitAgentSession *session); + +G_END_DECLS + +#endif /* __POLKIT_AGENT_SESSION_H */ diff --git a/src/polkitagent/polkitagenttextlistener.c b/src/polkitagent/polkitagenttextlistener.c new file mode 100644 index 00000000..b5c8a3f3 --- /dev/null +++ b/src/polkitagent/polkitagenttextlistener.c @@ -0,0 +1,565 @@ +/* + * Copyright (C) 2008 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, write to the + * Free Software Foundation, Inc., 59 Temple Place, Suite 330, + * Boston, MA 02111-1307, USA. + * + * Author: David Zeuthen + */ + +#include "config.h" + +#include +#include +#include +#include +#include +#include + +#include +#include + +#include + +#include "polkitagentlistener.h" +#include "polkitagenttextlistener.h" +#include "polkitagentsession.h" + +/** + * SECTION:polkitagenttextlistener + * @title: PolkitAgentTextListener + * @short_description: Text-based Authentication Agent + * @stability: Unstable + * + * #PolkitAgentTextListener is an #PolkitAgentListener implementation + * that interacts with the user using a textual interface. + */ + +/** + * PolkitAgentTextListener: + * + * The #PolkitAgentTextListener struct should not be accessed directly. + */ +struct _PolkitAgentTextListener +{ + PolkitAgentListener parent_instance; + + GSimpleAsyncResult *simple; + PolkitAgentSession *active_session; + gulong cancel_id; + GCancellable *cancellable; + + FILE *tty; +}; + +typedef struct +{ + PolkitAgentListenerClass parent_class; +} PolkitAgentTextListenerClass; + +static void polkit_agent_text_listener_initiate_authentication (PolkitAgentListener *_listener, + const gchar *action_id, + const gchar *message, + const gchar *icon_name, + PolkitDetails *details, + const gchar *cookie, + GList *identities, + GCancellable *cancellable, + GAsyncReadyCallback callback, + gpointer user_data); + +static gboolean polkit_agent_text_listener_initiate_authentication_finish (PolkitAgentListener *_listener, + GAsyncResult *res, + GError **error); + +static void initable_iface_init (GInitableIface *initable_iface); + +G_DEFINE_TYPE_WITH_CODE (PolkitAgentTextListener, polkit_agent_text_listener, POLKIT_AGENT_TYPE_LISTENER, + G_IMPLEMENT_INTERFACE (G_TYPE_INITABLE, initable_iface_init)); + +static void +polkit_agent_text_listener_init (PolkitAgentTextListener *listener) +{ +} + +static void +polkit_agent_text_listener_finalize (GObject *object) +{ + PolkitAgentTextListener *listener = POLKIT_AGENT_TEXT_LISTENER (object); + + if (listener->tty != NULL) + fclose (listener->tty); + + if (listener->active_session != NULL) + g_object_unref (listener->active_session); + + if (G_OBJECT_CLASS (polkit_agent_text_listener_parent_class)->finalize != NULL) + G_OBJECT_CLASS (polkit_agent_text_listener_parent_class)->finalize (object); +} + +static void +polkit_agent_text_listener_class_init (PolkitAgentTextListenerClass *klass) +{ + GObjectClass *gobject_class; + PolkitAgentListenerClass *listener_class; + + gobject_class = G_OBJECT_CLASS (klass); + gobject_class->finalize = polkit_agent_text_listener_finalize; + + listener_class = POLKIT_AGENT_LISTENER_CLASS (klass); + listener_class->initiate_authentication = polkit_agent_text_listener_initiate_authentication; + listener_class->initiate_authentication_finish = polkit_agent_text_listener_initiate_authentication_finish; +} + +/** + * polkit_agent_text_listener_new: + * @cancellable: A #GCancellable or %NULL. + * @error: Return location for error or %NULL. + * + * Creates a new #PolkitAgentTextListener for authenticating the user + * via an textual interface on the controlling terminal + * (e.g. /dev/tty). This can fail if e.g. the + * current process has no controlling terminal. + * + * Returns: A #PolkitAgentTextListener or %NULL if @error is set. Free with g_object_unref() when done with it. + */ +PolkitAgentListener * +polkit_agent_text_listener_new (GCancellable *cancellable, + GError **error) +{ + g_return_val_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable), NULL); + g_return_val_if_fail (error == NULL || *error == NULL, NULL); + return POLKIT_AGENT_LISTENER (g_initable_new (POLKIT_AGENT_TYPE_TEXT_LISTENER, + cancellable, + error, + NULL)); +} + +/* ---------------------------------------------------------------------------------------------------- */ + +static gboolean +initable_init (GInitable *initable, + GCancellable *cancellable, + GError **error) +{ + PolkitAgentTextListener *listener = POLKIT_AGENT_TEXT_LISTENER (initable); + gboolean ret; + const gchar *tty_name; + + ret = FALSE; + + tty_name = ctermid (NULL); + if (tty_name == NULL) + { + g_set_error (error, + POLKIT_ERROR, + POLKIT_ERROR_FAILED, + "Cannot determine pathname for current controlling terminal for the process: %s", + strerror (errno)); + goto out; + } + + listener->tty = fopen (tty_name, "r+"); + if (listener->tty == NULL) + { + g_set_error (error, + POLKIT_ERROR, + POLKIT_ERROR_FAILED, + "Error opening current controlling terminal for the process (`%s'): %s", + tty_name, + strerror (errno)); + goto out; + } + + ret = TRUE; + + out: + return ret; +} + +static void +initable_iface_init (GInitableIface *initable_iface) +{ + initable_iface->init = initable_init; +} + +/* ---------------------------------------------------------------------------------------------------- */ + +static void +on_completed (PolkitAgentSession *session, + gboolean gained_authorization, + gpointer user_data) +{ + PolkitAgentTextListener *listener = POLKIT_AGENT_TEXT_LISTENER (user_data); + + fprintf (listener->tty, "\x1B[1;31m"); + if (gained_authorization) + fprintf (listener->tty, "==== AUTHENTICATION COMPLETE ===\n"); + else + fprintf (listener->tty, "==== AUTHENTICATION FAILED ===\n"); + fprintf (listener->tty, "\x1B[0m"); + fflush (listener->tty); + + g_simple_async_result_complete_in_idle (listener->simple); + + g_object_unref (listener->simple); + g_object_unref (listener->active_session); + g_cancellable_disconnect (listener->cancellable, listener->cancel_id); + g_object_unref (listener->cancellable); + + listener->simple = NULL; + listener->active_session = NULL; + listener->cancel_id = 0; +} + +static void +on_request (PolkitAgentSession *session, + const gchar *request, + gboolean echo_on, + gpointer user_data) +{ + PolkitAgentTextListener *listener = POLKIT_AGENT_TEXT_LISTENER (user_data); + struct termios ts, ots; + GString *str; + + fprintf (listener->tty, "%s", request); + fflush (listener->tty); + + setbuf (listener->tty, NULL); + + /* TODO: We really ought to block SIGINT and STGSTP (and probably + * other signals too) so we can restore the terminal (since we + * turn off echoing). See e.g. Advanced Programming in the + * UNIX Environment 2nd edition (Steves and Rago) section + * 18.10, pg 660 where this is suggested. See also various + * getpass(3) implementations + * + * However, since we are a library routine the user could have + * multiple threads - in fact, typical usage of + * PolkitAgentTextListener is to run it in a thread. And + * unfortunately threads and POSIX signals is a royal PITA. + * + * Maybe we could fork(2) and ask for the password in the + * child and send it back to the parent over a pipe? (we are + * guaranteed that there is only one thread in the child + * process). + * + * (Side benefit of doing this in a child process is that we + * could avoid blocking the thread where the + * PolkitAgentTextListener object is being serviced from. But + * since this class is normally used in a dedicated thread + * it doesn't really matter *anyway*.) + * + * Anyway, On modern Linux not doing this doesn't seem to be a + * problem - looks like modern shells restore echoing anyway + * on the first input. So maybe it's not even worth solving + * the problem. + */ + + tcgetattr (fileno (listener->tty), &ts); + ots = ts; + ts.c_lflag &= ~(ECHO | ECHOE | ECHOK | ECHONL); + tcsetattr (fileno (listener->tty), TCSAFLUSH, &ts); + + str = g_string_new (NULL); + while (TRUE) + { + gint c; + c = getc (listener->tty); + if (c == '\n') + { + /* ok, done */ + break; + } + else if (c == EOF) + { + tcsetattr (fileno (listener->tty), TCSAFLUSH, &ots); + g_error ("Got unexpected EOF while reading from controlling terminal."); + abort (); + break; + } + else + { + g_string_append_c (str, c); + } + } + tcsetattr (fileno (listener->tty), TCSAFLUSH, &ots); + putc ('\n', listener->tty); + + polkit_agent_session_response (session, str->str); + memset (str->str, '\0', str->len); + g_string_free (str, TRUE); +} + +static void +on_show_error (PolkitAgentSession *session, + const gchar *text, + gpointer user_data) +{ + PolkitAgentTextListener *listener = POLKIT_AGENT_TEXT_LISTENER (user_data); + fprintf (listener->tty, "Error: %s\n", text); + fflush (listener->tty); +} + +static void +on_show_info (PolkitAgentSession *session, + const gchar *text, + gpointer user_data) +{ + PolkitAgentTextListener *listener = POLKIT_AGENT_TEXT_LISTENER (user_data); + fprintf (listener->tty, "Info: %s\n", text); + fflush (listener->tty); +} + +static void +on_cancelled (GCancellable *cancellable, + gpointer user_data) +{ + PolkitAgentTextListener *listener = POLKIT_AGENT_TEXT_LISTENER (user_data); + fprintf (listener->tty, "Cancelled\n"); + fflush (listener->tty); + polkit_agent_session_cancel (listener->active_session); +} + +static gchar * +identity_to_human_readable_string (PolkitIdentity *identity) +{ + gchar *ret; + + g_return_val_if_fail (POLKIT_IS_IDENTITY (identity), NULL); + + ret = NULL; + if (POLKIT_IS_UNIX_USER (identity)) + { + struct passwd pw; + struct passwd *ppw; + char buf[2048]; + int res; + + res = getpwuid_r (polkit_unix_user_get_uid (POLKIT_UNIX_USER (identity)), + &pw, + buf, + sizeof buf, + &ppw); + if (res != 0) + { + g_warning ("Error calling getpwuid_r: %s", strerror (res)); + } + else + { + if (ppw->pw_gecos == NULL || strlen (ppw->pw_gecos) == 0 || strcmp (ppw->pw_gecos, ppw->pw_name) == 0) + { + ret = g_strdup_printf ("%s", ppw->pw_name); + } + else + { + ret = g_strdup_printf ("%s (%s)", ppw->pw_gecos, ppw->pw_name); + } + } + } + if (ret == NULL) + ret = polkit_identity_to_string (identity); + return ret; +} + +static PolkitIdentity * +choose_identity (PolkitAgentTextListener *listener, + GList *identities) +{ + GList *l; + guint n; + guint num_identities; + GString *str; + PolkitIdentity *ret; + guint num; + gchar *endp; + + ret = NULL; + + fprintf (listener->tty, "Multiple identities can be used for authentication:\n"); + for (l = identities, n = 0; l != NULL; l = l->next, n++) + { + PolkitIdentity *identity = POLKIT_IDENTITY (l->data); + gchar *s; + s = identity_to_human_readable_string (identity); + fprintf (listener->tty, " %d. %s\n", n + 1, s); + g_free (s); + } + num_identities = n; + fprintf (listener->tty, "Choose identity to authenticate as (1-%d): ", num_identities); + fflush (listener->tty); + + str = g_string_new (NULL); + while (TRUE) + { + gint c; + c = getc (listener->tty); + if (c == '\n') + { + /* ok, done */ + break; + } + else if (c == EOF) + { + g_error ("Got unexpected EOF while reading from controlling terminal."); + abort (); + break; + } + else + { + g_string_append_c (str, c); + } + } + + num = strtol (str->str, &endp, 10); + if (str->len == 0 || *endp != '\0' || (num < 1 || num > num_identities)) + { + fprintf (listener->tty, "Invalid response `%s'.\n", str->str); + goto out; + } + + ret = g_list_nth_data (identities, num-1); + + out: + g_string_free (str, TRUE); + return ret; +} + + +static void +polkit_agent_text_listener_initiate_authentication (PolkitAgentListener *_listener, + const gchar *action_id, + const gchar *message, + const gchar *icon_name, + PolkitDetails *details, + const gchar *cookie, + GList *identities, + GCancellable *cancellable, + GAsyncReadyCallback callback, + gpointer user_data) +{ + PolkitAgentTextListener *listener = POLKIT_AGENT_TEXT_LISTENER (_listener); + GSimpleAsyncResult *simple; + PolkitIdentity *identity; + + simple = g_simple_async_result_new (G_OBJECT (listener), + callback, + user_data, + polkit_agent_text_listener_initiate_authentication); + if (listener->active_session != NULL) + { + g_simple_async_result_set_error (simple, + POLKIT_ERROR, + POLKIT_ERROR_FAILED, + "An authentication session is already underway."); + g_simple_async_result_complete_in_idle (simple); + g_object_unref (simple); + goto out; + } + + g_assert (g_list_length (identities) >= 1); + + fprintf (listener->tty, "\x1B[1;31m"); + fprintf (listener->tty, + "==== AUTHENTICATING FOR %s ===\n", + action_id); + fprintf (listener->tty, "\x1B[0m"); + fprintf (listener->tty, + "%s\n", + message); + + /* handle multiple identies by asking which one to use */ + if (g_list_length (identities) > 1) + { + identity = choose_identity (listener, identities); + if (identity == NULL) + { + fprintf (listener->tty, "\x1B[1;31m"); + fprintf (listener->tty, "==== AUTHENTICATION CANCELED ===\n"); + fprintf (listener->tty, "\x1B[0m"); + fflush (listener->tty); + g_simple_async_result_set_error (simple, + POLKIT_ERROR, + POLKIT_ERROR_FAILED, + "Authentication was canceled."); + g_simple_async_result_complete_in_idle (simple); + g_object_unref (simple); + goto out; + } + } + else + { + gchar *s; + identity = identities->data; + s = identity_to_human_readable_string (identity); + fprintf (listener->tty, + "Authenticating as: %s\n", + s); + g_free (s); + } + + listener->active_session = polkit_agent_session_new (identity, cookie); + g_signal_connect (listener->active_session, + "completed", + G_CALLBACK (on_completed), + listener); + g_signal_connect (listener->active_session, + "request", + G_CALLBACK (on_request), + listener); + g_signal_connect (listener->active_session, + "show-info", + G_CALLBACK (on_show_info), + listener); + g_signal_connect (listener->active_session, + "show-error", + G_CALLBACK (on_show_error), + listener); + + listener->simple = simple; + listener->cancellable = g_object_ref (cancellable); + listener->cancel_id = g_cancellable_connect (cancellable, + G_CALLBACK (on_cancelled), + listener, + NULL); + + polkit_agent_session_initiate (listener->active_session); + + out: + ; +} + +static gboolean +polkit_agent_text_listener_initiate_authentication_finish (PolkitAgentListener *_listener, + GAsyncResult *res, + GError **error) +{ + PolkitAgentTextListener *listener = POLKIT_AGENT_TEXT_LISTENER (_listener); + gboolean ret; + + g_warn_if_fail (g_simple_async_result_get_source_tag (G_SIMPLE_ASYNC_RESULT (res)) == + polkit_agent_text_listener_initiate_authentication); + g_assert (listener->active_session == NULL); + + ret = FALSE; + + if (g_simple_async_result_propagate_error (G_SIMPLE_ASYNC_RESULT (res), error)) + goto out; + + ret = TRUE; + + out: + return ret; +} diff --git a/src/polkitagent/polkitagenttextlistener.h b/src/polkitagent/polkitagenttextlistener.h new file mode 100644 index 00000000..87aa5031 --- /dev/null +++ b/src/polkitagent/polkitagenttextlistener.h @@ -0,0 +1,45 @@ +/* + * Copyright (C) 2008 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, write to the + * Free Software Foundation, Inc., 59 Temple Place, Suite 330, + * Boston, MA 02111-1307, USA. + * + * Author: David Zeuthen + */ + +#if !defined(_POLKIT_AGENT_INSIDE_POLKIT_AGENT_H) && !defined (_POLKIT_AGENT_COMPILATION) +#error "Only can be included directly, this file may disappear or change contents" +#endif + +#ifndef __POLKIT_AGENT_TEXT_LISTENER_H +#define __POLKIT_AGENT_TEXT_LISTENER_H + +#include +#include + +G_BEGIN_DECLS + +#define POLKIT_AGENT_TYPE_TEXT_LISTENER (polkit_agent_text_listener_get_type()) +#define POLKIT_AGENT_TEXT_LISTENER(o) (G_TYPE_CHECK_INSTANCE_CAST ((o), POLKIT_AGENT_TYPE_TEXT_LISTENER, PolkitAgentTextListener)) +#define POLKIT_AGENT_IS_TEXT_LISTENER(o) (G_TYPE_CHECK_INSTANCE_TYPE ((o), POLKIT_AGENT_TYPE_TEXT_LISTENER)) + +GType polkit_agent_text_listener_get_type (void) G_GNUC_CONST; +PolkitAgentListener *polkit_agent_text_listener_new (GCancellable *cancellable, + GError **error); + + +G_END_DECLS + +#endif /* __POLKIT_AGENT_TEXT_LISTENER_H */ diff --git a/src/polkitagent/polkitagenttypes.h b/src/polkitagent/polkitagenttypes.h new file mode 100644 index 00000000..1de03c69 --- /dev/null +++ b/src/polkitagent/polkitagenttypes.h @@ -0,0 +1,44 @@ +/* + * Copyright (C) 2008 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, write to the + * Free Software Foundation, Inc., 59 Temple Place, Suite 330, + * Boston, MA 02111-1307, USA. + * + * Author: David Zeuthen + */ + +#if !defined(_POLKIT_AGENT_INSIDE_POLKIT_AGENT_H) && !defined (_POLKIT_AGENT_COMPILATION) +#error "Only can be included directly, this file may disappear or change contents" +#endif + +#ifndef __POLKIT_AGENT_TYPES_H +#define __POLKIT_AGENT_TYPES_H + +#include + +G_BEGIN_DECLS + +struct _PolkitAgentListener; +typedef struct _PolkitAgentListener PolkitAgentListener; + +struct _PolkitAgentTextListener; +typedef struct _PolkitAgentTextListener PolkitAgentTextListener; + +struct _PolkitAgentSession; +typedef struct _PolkitAgentSession PolkitAgentSession; + +G_END_DECLS + +#endif /* __POLKIT_AGENT_TYPES_H */ diff --git a/src/polkitbackend/50-localauthority.conf b/src/polkitbackend/50-localauthority.conf new file mode 100644 index 00000000..5e44bde0 --- /dev/null +++ b/src/polkitbackend/50-localauthority.conf @@ -0,0 +1,10 @@ +# Configuration file for the PolicyKit Local Authority. +# +# DO NOT EDIT THIS FILE, it will be overwritten on update. +# +# See the pklocalauthority(8) man page for more information +# about configuring the Local Authority. +# + +[Configuration] +AdminIdentities=unix-group:wheel diff --git a/src/polkitbackend/Makefile.am b/src/polkitbackend/Makefile.am new file mode 100644 index 00000000..b91cafa9 --- /dev/null +++ b/src/polkitbackend/Makefile.am @@ -0,0 +1,92 @@ +NULL = + +INCLUDES = \ + -I$(top_builddir)/src \ + -I$(top_srcdir)/src \ + -I$(top_builddir)/src/polkit \ + -I$(top_srcdir)/src/polkit \ + -DPACKAGE_LIBEXEC_DIR=\""$(libexecdir)"\" \ + -DPACKAGE_SYSCONF_DIR=\""$(sysconfdir)"\" \ + -DPACKAGE_DATA_DIR=\""$(datadir)"\" \ + -DPACKAGE_BIN_DIR=\""$(bindir)"\" \ + -DPACKAGE_LOCALSTATE_DIR=\""$(localstatedir)"\" \ + -DPACKAGE_LOCALE_DIR=\""$(localedir)"\" \ + -DPACKAGE_LIB_DIR=\""$(libdir)"\" \ + -D_POSIX_PTHREAD_SEMANTICS \ + -D_REENTRANT \ + $(NULL) + +lib_LTLIBRARIES=libpolkit-backend-1.la + +libpolkit_backend_1includedir=$(includedir)/polkit-1/polkitbackend + +libpolkit_backend_1include_HEADERS = \ + polkitbackend.h \ + polkitbackendtypes.h \ + polkitbackendauthority.h \ + polkitbackendinteractiveauthority.h \ + polkitbackendlocalauthority.h \ + polkitbackendactionlookup.h \ + $(NULL) + +libpolkit_backend_1_la_SOURCES = \ + $(BUILT_SOURCES) \ + polkitbackend.h \ + polkitbackendtypes.h \ + polkitbackendprivate.h \ + polkitbackendauthority.h polkitbackendauthority.c \ + polkitbackendinteractiveauthority.h polkitbackendinteractiveauthority.c \ + polkitbackendlocalauthority.h polkitbackendlocalauthority.c \ + polkitbackendactionpool.h polkitbackendactionpool.c \ + polkitbackendconfigsource.h polkitbackendconfigsource.c \ + polkitbackendactionlookup.h polkitbackendactionlookup.c \ + polkitbackendlocalauthorizationstore.h polkitbackendlocalauthorizationstore.c \ + $(NULL) + +if HAVE_SYSTEMD +libpolkit_backend_1_la_SOURCES += \ + polkitbackendsessionmonitor.h polkitbackendsessionmonitor-systemd.c +else +libpolkit_backend_1_la_SOURCES += \ + polkitbackendsessionmonitor.h polkitbackendsessionmonitor.c +endif + +libpolkit_backend_1_la_CFLAGS = \ + -D_POLKIT_COMPILATION \ + -D_POLKIT_BACKEND_COMPILATION \ + $(GLIB_CFLAGS) \ + $(SYSTEMD_CFLAGS) \ + $(NULL) + +libpolkit_backend_1_la_LIBADD = \ + $(GLIB_LIBS) \ + $(SYSTEMD_LIBS) \ + $(top_builddir)/src/polkit/libpolkit-gobject-1.la \ + $(EXPAT_LIBS) \ + $(NULL) + +libpolkit_backend_1_la_LDFLAGS = -export-symbols-regex '(^polkit_.*)' + +CLEANFILES = $(BUILT_SOURCES) + +localauthorityconfigdir = $(sysconfdir)/polkit-1/localauthority.conf.d +localauthorityconfig_DATA = 50-localauthority.conf + +EXTRA_DIST = \ + $(localauthorityconfig_DATA) \ + $(NULL) + +dist-hook : + (for i in $(BUILT_SOURCES) ; do rm -f $(distdir)/$$i ; done) + +clean-local : + rm -f *~ $(BUILT_SOURCES) + +install-exec-hook: + mkdir -p $(DESTDIR)$(localstatedir)/lib/polkit-1 + mkdir -p $(DESTDIR)$(localstatedir)/lib/polkit-1/localauthority/{10-vendor.d,20-org.d,30-site.d,50-local.d,90-mandatory.d} + -chmod 700 $(DESTDIR)$(localstatedir)/lib/polkit-1 + mkdir -p $(DESTDIR)$(sysconfdir)/polkit-1 + mkdir -p $(DESTDIR)$(sysconfdir)/polkit-1/localauthority/{10-vendor.d,20-org.d,30-site.d,50-local.d,90-mandatory.d} + -chmod 700 $(DESTDIR)$(sysconfdir)/polkit-1/localauthority + mkdir -p $(DESTDIR)$(libdir)/polkit-1/extensions diff --git a/src/polkitbackend/Makefile.in b/src/polkitbackend/Makefile.in new file mode 100644 index 00000000..eed114ca --- /dev/null +++ b/src/polkitbackend/Makefile.in @@ -0,0 +1,847 @@ +# Makefile.in generated by automake 1.11.3 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software +# Foundation, Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + + + +VPATH = @srcdir@ +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +@HAVE_SYSTEMD_TRUE@am__append_1 = \ +@HAVE_SYSTEMD_TRUE@ polkitbackendsessionmonitor.h polkitbackendsessionmonitor-systemd.c + +@HAVE_SYSTEMD_FALSE@am__append_2 = \ +@HAVE_SYSTEMD_FALSE@ polkitbackendsessionmonitor.h polkitbackendsessionmonitor.c + +subdir = src/polkitbackend +DIST_COMMON = $(libpolkit_backend_1include_HEADERS) \ + $(srcdir)/Makefile.am $(srcdir)/Makefile.in +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/config.h +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__uninstall_files_from_dir = { \ + test -z "$$files" \ + || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ + || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ + $(am__cd) "$$dir" && rm -f $$files; }; \ + } +am__installdirs = "$(DESTDIR)$(libdir)" \ + "$(DESTDIR)$(localauthorityconfigdir)" \ + "$(DESTDIR)$(libpolkit_backend_1includedir)" +LTLIBRARIES = $(lib_LTLIBRARIES) +am__DEPENDENCIES_1 = +libpolkit_backend_1_la_DEPENDENCIES = $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) \ + $(top_builddir)/src/polkit/libpolkit-gobject-1.la \ + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) +am__libpolkit_backend_1_la_SOURCES_DIST = polkitbackend.h \ + polkitbackendtypes.h polkitbackendprivate.h \ + polkitbackendauthority.h polkitbackendauthority.c \ + polkitbackendinteractiveauthority.h \ + polkitbackendinteractiveauthority.c \ + polkitbackendlocalauthority.h polkitbackendlocalauthority.c \ + polkitbackendactionpool.h polkitbackendactionpool.c \ + polkitbackendconfigsource.h polkitbackendconfigsource.c \ + polkitbackendactionlookup.h polkitbackendactionlookup.c \ + polkitbackendlocalauthorizationstore.h \ + polkitbackendlocalauthorizationstore.c \ + polkitbackendsessionmonitor.h \ + polkitbackendsessionmonitor-systemd.c \ + polkitbackendsessionmonitor.c +am__objects_1 = +@HAVE_SYSTEMD_TRUE@am__objects_2 = libpolkit_backend_1_la-polkitbackendsessionmonitor-systemd.lo +@HAVE_SYSTEMD_FALSE@am__objects_3 = libpolkit_backend_1_la-polkitbackendsessionmonitor.lo +am_libpolkit_backend_1_la_OBJECTS = \ + libpolkit_backend_1_la-polkitbackendauthority.lo \ + libpolkit_backend_1_la-polkitbackendinteractiveauthority.lo \ + libpolkit_backend_1_la-polkitbackendlocalauthority.lo \ + libpolkit_backend_1_la-polkitbackendactionpool.lo \ + libpolkit_backend_1_la-polkitbackendconfigsource.lo \ + libpolkit_backend_1_la-polkitbackendactionlookup.lo \ + libpolkit_backend_1_la-polkitbackendlocalauthorizationstore.lo \ + $(am__objects_1) $(am__objects_2) $(am__objects_3) +libpolkit_backend_1_la_OBJECTS = $(am_libpolkit_backend_1_la_OBJECTS) +AM_V_lt = $(am__v_lt_@AM_V@) +am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) +am__v_lt_0 = --silent +libpolkit_backend_1_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ + $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ + $(libpolkit_backend_1_la_CFLAGS) $(CFLAGS) \ + $(libpolkit_backend_1_la_LDFLAGS) $(LDFLAGS) -o $@ +DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ + $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ + $(AM_CFLAGS) $(CFLAGS) +AM_V_CC = $(am__v_CC_@AM_V@) +am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) +am__v_CC_0 = @echo " CC " $@; +AM_V_at = $(am__v_at_@AM_V@) +am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) +am__v_at_0 = @ +CCLD = $(CC) +LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(AM_LDFLAGS) $(LDFLAGS) -o $@ +AM_V_CCLD = $(am__v_CCLD_@AM_V@) +am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) +am__v_CCLD_0 = @echo " CCLD " $@; +AM_V_GEN = $(am__v_GEN_@AM_V@) +am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) +am__v_GEN_0 = @echo " GEN " $@; +SOURCES = $(libpolkit_backend_1_la_SOURCES) +DIST_SOURCES = $(am__libpolkit_backend_1_la_SOURCES_DIST) +DATA = $(localauthorityconfig_DATA) +HEADERS = $(libpolkit_backend_1include_HEADERS) +ETAGS = etags +CTAGS = ctags +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +ALL_LINGUAS = @ALL_LINGUAS@ +AMTAR = @AMTAR@ +AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ +AR = @AR@ +AUTH_LIBS = @AUTH_LIBS@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +CATALOGS = @CATALOGS@ +CATOBJEXT = @CATOBJEXT@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DATADIRNAME = @DATADIRNAME@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +EXPAT_LIBS = @EXPAT_LIBS@ +FGREP = @FGREP@ +GETTEXT_PACKAGE = @GETTEXT_PACKAGE@ +GLIB_CFLAGS = @GLIB_CFLAGS@ +GLIB_LIBS = @GLIB_LIBS@ +GMOFILES = @GMOFILES@ +GMSGFMT = @GMSGFMT@ +GREP = @GREP@ +GTKDOC_CHECK = @GTKDOC_CHECK@ +GTKDOC_DEPS_CFLAGS = @GTKDOC_DEPS_CFLAGS@ +GTKDOC_DEPS_LIBS = @GTKDOC_DEPS_LIBS@ +GTKDOC_MKPDF = @GTKDOC_MKPDF@ +GTKDOC_REBASE = @GTKDOC_REBASE@ +HAVE_PAM = @HAVE_PAM@ +HTML_DIR = @HTML_DIR@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +INSTOBJEXT = @INSTOBJEXT@ +INTLLIBS = @INTLLIBS@ +INTLTOOL_EXTRACT = @INTLTOOL_EXTRACT@ +INTLTOOL_MERGE = @INTLTOOL_MERGE@ +INTLTOOL_PERL = @INTLTOOL_PERL@ +INTLTOOL_UPDATE = @INTLTOOL_UPDATE@ +INTLTOOL_V_MERGE = @INTLTOOL_V_MERGE@ +INTLTOOL_V_MERGE_OPTIONS = @INTLTOOL_V_MERGE_OPTIONS@ +INTLTOOL__v_MERGE_ = @INTLTOOL__v_MERGE_@ +INTLTOOL__v_MERGE_0 = @INTLTOOL__v_MERGE_0@ +INTROSPECTION_CFLAGS = @INTROSPECTION_CFLAGS@ +INTROSPECTION_COMPILER = @INTROSPECTION_COMPILER@ +INTROSPECTION_GENERATE = @INTROSPECTION_GENERATE@ +INTROSPECTION_GIRDIR = @INTROSPECTION_GIRDIR@ +INTROSPECTION_LIBS = @INTROSPECTION_LIBS@ +INTROSPECTION_MAKEFILE = @INTROSPECTION_MAKEFILE@ +INTROSPECTION_SCANNER = @INTROSPECTION_SCANNER@ +INTROSPECTION_TYPELIBDIR = @INTROSPECTION_TYPELIBDIR@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +LT_AGE = @LT_AGE@ +LT_CURRENT = @LT_CURRENT@ +LT_REVISION = @LT_REVISION@ +MAINT = @MAINT@ +MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ +MKDIR_P = @MKDIR_P@ +MKINSTALLDIRS = @MKINSTALLDIRS@ +MSGFMT = @MSGFMT@ +MSGFMT_OPTS = @MSGFMT_OPTS@ +MSGMERGE = @MSGMERGE@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PAM_FILE_INCLUDE_ACCOUNT = @PAM_FILE_INCLUDE_ACCOUNT@ +PAM_FILE_INCLUDE_AUTH = @PAM_FILE_INCLUDE_AUTH@ +PAM_FILE_INCLUDE_PASSWORD = @PAM_FILE_INCLUDE_PASSWORD@ +PAM_FILE_INCLUDE_SESSION = @PAM_FILE_INCLUDE_SESSION@ +PAM_MODULE_DIR = @PAM_MODULE_DIR@ +PAM_PREFIX = @PAM_PREFIX@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +POFILES = @POFILES@ +POLKIT_AUTHFW = @POLKIT_AUTHFW@ +POSUB = @POSUB@ +PO_IN_DATADIR_FALSE = @PO_IN_DATADIR_FALSE@ +PO_IN_DATADIR_TRUE = @PO_IN_DATADIR_TRUE@ +RANLIB = @RANLIB@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +STRIP = @STRIP@ +SYSTEMD_CFLAGS = @SYSTEMD_CFLAGS@ +SYSTEMD_LIBS = @SYSTEMD_LIBS@ +USE_NLS = @USE_NLS@ +VERSION = @VERSION@ +XGETTEXT = @XGETTEXT@ +XSLTPROC = @XSLTPROC@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +intltool__v_merge_options_ = @intltool__v_merge_options_@ +intltool__v_merge_options_0 = @intltool__v_merge_options_0@ +libdir = @libdir@ +libexecdir = @libexecdir@ +localedir = @localedir@ +localstatedir = @localstatedir@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +subdirs = @subdirs@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +NULL = +INCLUDES = \ + -I$(top_builddir)/src \ + -I$(top_srcdir)/src \ + -I$(top_builddir)/src/polkit \ + -I$(top_srcdir)/src/polkit \ + -DPACKAGE_LIBEXEC_DIR=\""$(libexecdir)"\" \ + -DPACKAGE_SYSCONF_DIR=\""$(sysconfdir)"\" \ + -DPACKAGE_DATA_DIR=\""$(datadir)"\" \ + -DPACKAGE_BIN_DIR=\""$(bindir)"\" \ + -DPACKAGE_LOCALSTATE_DIR=\""$(localstatedir)"\" \ + -DPACKAGE_LOCALE_DIR=\""$(localedir)"\" \ + -DPACKAGE_LIB_DIR=\""$(libdir)"\" \ + -D_POSIX_PTHREAD_SEMANTICS \ + -D_REENTRANT \ + $(NULL) + +lib_LTLIBRARIES = libpolkit-backend-1.la +libpolkit_backend_1includedir = $(includedir)/polkit-1/polkitbackend +libpolkit_backend_1include_HEADERS = \ + polkitbackend.h \ + polkitbackendtypes.h \ + polkitbackendauthority.h \ + polkitbackendinteractiveauthority.h \ + polkitbackendlocalauthority.h \ + polkitbackendactionlookup.h \ + $(NULL) + +libpolkit_backend_1_la_SOURCES = $(BUILT_SOURCES) polkitbackend.h \ + polkitbackendtypes.h polkitbackendprivate.h \ + polkitbackendauthority.h polkitbackendauthority.c \ + polkitbackendinteractiveauthority.h \ + polkitbackendinteractiveauthority.c \ + polkitbackendlocalauthority.h polkitbackendlocalauthority.c \ + polkitbackendactionpool.h polkitbackendactionpool.c \ + polkitbackendconfigsource.h polkitbackendconfigsource.c \ + polkitbackendactionlookup.h polkitbackendactionlookup.c \ + polkitbackendlocalauthorizationstore.h \ + polkitbackendlocalauthorizationstore.c $(NULL) $(am__append_1) \ + $(am__append_2) +libpolkit_backend_1_la_CFLAGS = \ + -D_POLKIT_COMPILATION \ + -D_POLKIT_BACKEND_COMPILATION \ + $(GLIB_CFLAGS) \ + $(SYSTEMD_CFLAGS) \ + $(NULL) + +libpolkit_backend_1_la_LIBADD = \ + $(GLIB_LIBS) \ + $(SYSTEMD_LIBS) \ + $(top_builddir)/src/polkit/libpolkit-gobject-1.la \ + $(EXPAT_LIBS) \ + $(NULL) + +libpolkit_backend_1_la_LDFLAGS = -export-symbols-regex '(^polkit_.*)' +CLEANFILES = $(BUILT_SOURCES) +localauthorityconfigdir = $(sysconfdir)/polkit-1/localauthority.conf.d +localauthorityconfig_DATA = 50-localauthority.conf +EXTRA_DIST = \ + $(localauthorityconfig_DATA) \ + $(NULL) + +all: all-am + +.SUFFIXES: +.SUFFIXES: .c .lo .o .obj +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/polkitbackend/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/polkitbackend/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): +install-libLTLIBRARIES: $(lib_LTLIBRARIES) + @$(NORMAL_INSTALL) + test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)" + @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \ + list2=; for p in $$list; do \ + if test -f $$p; then \ + list2="$$list2 $$p"; \ + else :; fi; \ + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(libdir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(libdir)"; \ + } + +uninstall-libLTLIBRARIES: + @$(NORMAL_UNINSTALL) + @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$f"; \ + done + +clean-libLTLIBRARIES: + -test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES) + @list='$(lib_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done +libpolkit-backend-1.la: $(libpolkit_backend_1_la_OBJECTS) $(libpolkit_backend_1_la_DEPENDENCIES) $(EXTRA_libpolkit_backend_1_la_DEPENDENCIES) + $(AM_V_CCLD)$(libpolkit_backend_1_la_LINK) -rpath $(libdir) $(libpolkit_backend_1_la_OBJECTS) $(libpolkit_backend_1_la_LIBADD) $(LIBS) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + +distclean-compile: + -rm -f *.tab.c + +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpolkit_backend_1_la-polkitbackendactionlookup.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpolkit_backend_1_la-polkitbackendactionpool.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpolkit_backend_1_la-polkitbackendauthority.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpolkit_backend_1_la-polkitbackendconfigsource.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpolkit_backend_1_la-polkitbackendinteractiveauthority.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpolkit_backend_1_la-polkitbackendlocalauthority.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpolkit_backend_1_la-polkitbackendlocalauthorizationstore.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpolkit_backend_1_la-polkitbackendsessionmonitor-systemd.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libpolkit_backend_1_la-polkitbackendsessionmonitor.Plo@am__quote@ + +.c.o: +@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $< + +.c.obj: +@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'` + +.c.lo: +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< + +libpolkit_backend_1_la-polkitbackendauthority.lo: polkitbackendauthority.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpolkit_backend_1_la_CFLAGS) $(CFLAGS) -MT libpolkit_backend_1_la-polkitbackendauthority.lo -MD -MP -MF $(DEPDIR)/libpolkit_backend_1_la-polkitbackendauthority.Tpo -c -o libpolkit_backend_1_la-polkitbackendauthority.lo `test -f 'polkitbackendauthority.c' || echo '$(srcdir)/'`polkitbackendauthority.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpolkit_backend_1_la-polkitbackendauthority.Tpo $(DEPDIR)/libpolkit_backend_1_la-polkitbackendauthority.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='polkitbackendauthority.c' object='libpolkit_backend_1_la-polkitbackendauthority.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpolkit_backend_1_la_CFLAGS) $(CFLAGS) -c -o libpolkit_backend_1_la-polkitbackendauthority.lo `test -f 'polkitbackendauthority.c' || echo '$(srcdir)/'`polkitbackendauthority.c + +libpolkit_backend_1_la-polkitbackendinteractiveauthority.lo: polkitbackendinteractiveauthority.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpolkit_backend_1_la_CFLAGS) $(CFLAGS) -MT libpolkit_backend_1_la-polkitbackendinteractiveauthority.lo -MD -MP -MF $(DEPDIR)/libpolkit_backend_1_la-polkitbackendinteractiveauthority.Tpo -c -o libpolkit_backend_1_la-polkitbackendinteractiveauthority.lo `test -f 'polkitbackendinteractiveauthority.c' || echo '$(srcdir)/'`polkitbackendinteractiveauthority.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpolkit_backend_1_la-polkitbackendinteractiveauthority.Tpo $(DEPDIR)/libpolkit_backend_1_la-polkitbackendinteractiveauthority.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='polkitbackendinteractiveauthority.c' object='libpolkit_backend_1_la-polkitbackendinteractiveauthority.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpolkit_backend_1_la_CFLAGS) $(CFLAGS) -c -o libpolkit_backend_1_la-polkitbackendinteractiveauthority.lo `test -f 'polkitbackendinteractiveauthority.c' || echo '$(srcdir)/'`polkitbackendinteractiveauthority.c + +libpolkit_backend_1_la-polkitbackendlocalauthority.lo: polkitbackendlocalauthority.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpolkit_backend_1_la_CFLAGS) $(CFLAGS) -MT libpolkit_backend_1_la-polkitbackendlocalauthority.lo -MD -MP -MF $(DEPDIR)/libpolkit_backend_1_la-polkitbackendlocalauthority.Tpo -c -o libpolkit_backend_1_la-polkitbackendlocalauthority.lo `test -f 'polkitbackendlocalauthority.c' || echo '$(srcdir)/'`polkitbackendlocalauthority.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpolkit_backend_1_la-polkitbackendlocalauthority.Tpo $(DEPDIR)/libpolkit_backend_1_la-polkitbackendlocalauthority.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='polkitbackendlocalauthority.c' object='libpolkit_backend_1_la-polkitbackendlocalauthority.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpolkit_backend_1_la_CFLAGS) $(CFLAGS) -c -o libpolkit_backend_1_la-polkitbackendlocalauthority.lo `test -f 'polkitbackendlocalauthority.c' || echo '$(srcdir)/'`polkitbackendlocalauthority.c + +libpolkit_backend_1_la-polkitbackendactionpool.lo: polkitbackendactionpool.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpolkit_backend_1_la_CFLAGS) $(CFLAGS) -MT libpolkit_backend_1_la-polkitbackendactionpool.lo -MD -MP -MF $(DEPDIR)/libpolkit_backend_1_la-polkitbackendactionpool.Tpo -c -o libpolkit_backend_1_la-polkitbackendactionpool.lo `test -f 'polkitbackendactionpool.c' || echo '$(srcdir)/'`polkitbackendactionpool.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpolkit_backend_1_la-polkitbackendactionpool.Tpo $(DEPDIR)/libpolkit_backend_1_la-polkitbackendactionpool.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='polkitbackendactionpool.c' object='libpolkit_backend_1_la-polkitbackendactionpool.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpolkit_backend_1_la_CFLAGS) $(CFLAGS) -c -o libpolkit_backend_1_la-polkitbackendactionpool.lo `test -f 'polkitbackendactionpool.c' || echo '$(srcdir)/'`polkitbackendactionpool.c + +libpolkit_backend_1_la-polkitbackendconfigsource.lo: polkitbackendconfigsource.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpolkit_backend_1_la_CFLAGS) $(CFLAGS) -MT libpolkit_backend_1_la-polkitbackendconfigsource.lo -MD -MP -MF $(DEPDIR)/libpolkit_backend_1_la-polkitbackendconfigsource.Tpo -c -o libpolkit_backend_1_la-polkitbackendconfigsource.lo `test -f 'polkitbackendconfigsource.c' || echo '$(srcdir)/'`polkitbackendconfigsource.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpolkit_backend_1_la-polkitbackendconfigsource.Tpo $(DEPDIR)/libpolkit_backend_1_la-polkitbackendconfigsource.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='polkitbackendconfigsource.c' object='libpolkit_backend_1_la-polkitbackendconfigsource.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpolkit_backend_1_la_CFLAGS) $(CFLAGS) -c -o libpolkit_backend_1_la-polkitbackendconfigsource.lo `test -f 'polkitbackendconfigsource.c' || echo '$(srcdir)/'`polkitbackendconfigsource.c + +libpolkit_backend_1_la-polkitbackendactionlookup.lo: polkitbackendactionlookup.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpolkit_backend_1_la_CFLAGS) $(CFLAGS) -MT libpolkit_backend_1_la-polkitbackendactionlookup.lo -MD -MP -MF $(DEPDIR)/libpolkit_backend_1_la-polkitbackendactionlookup.Tpo -c -o libpolkit_backend_1_la-polkitbackendactionlookup.lo `test -f 'polkitbackendactionlookup.c' || echo '$(srcdir)/'`polkitbackendactionlookup.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpolkit_backend_1_la-polkitbackendactionlookup.Tpo $(DEPDIR)/libpolkit_backend_1_la-polkitbackendactionlookup.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='polkitbackendactionlookup.c' object='libpolkit_backend_1_la-polkitbackendactionlookup.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpolkit_backend_1_la_CFLAGS) $(CFLAGS) -c -o libpolkit_backend_1_la-polkitbackendactionlookup.lo `test -f 'polkitbackendactionlookup.c' || echo '$(srcdir)/'`polkitbackendactionlookup.c + +libpolkit_backend_1_la-polkitbackendlocalauthorizationstore.lo: polkitbackendlocalauthorizationstore.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpolkit_backend_1_la_CFLAGS) $(CFLAGS) -MT libpolkit_backend_1_la-polkitbackendlocalauthorizationstore.lo -MD -MP -MF $(DEPDIR)/libpolkit_backend_1_la-polkitbackendlocalauthorizationstore.Tpo -c -o libpolkit_backend_1_la-polkitbackendlocalauthorizationstore.lo `test -f 'polkitbackendlocalauthorizationstore.c' || echo '$(srcdir)/'`polkitbackendlocalauthorizationstore.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpolkit_backend_1_la-polkitbackendlocalauthorizationstore.Tpo $(DEPDIR)/libpolkit_backend_1_la-polkitbackendlocalauthorizationstore.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='polkitbackendlocalauthorizationstore.c' object='libpolkit_backend_1_la-polkitbackendlocalauthorizationstore.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpolkit_backend_1_la_CFLAGS) $(CFLAGS) -c -o libpolkit_backend_1_la-polkitbackendlocalauthorizationstore.lo `test -f 'polkitbackendlocalauthorizationstore.c' || echo '$(srcdir)/'`polkitbackendlocalauthorizationstore.c + +libpolkit_backend_1_la-polkitbackendsessionmonitor-systemd.lo: polkitbackendsessionmonitor-systemd.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpolkit_backend_1_la_CFLAGS) $(CFLAGS) -MT libpolkit_backend_1_la-polkitbackendsessionmonitor-systemd.lo -MD -MP -MF $(DEPDIR)/libpolkit_backend_1_la-polkitbackendsessionmonitor-systemd.Tpo -c -o libpolkit_backend_1_la-polkitbackendsessionmonitor-systemd.lo `test -f 'polkitbackendsessionmonitor-systemd.c' || echo '$(srcdir)/'`polkitbackendsessionmonitor-systemd.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpolkit_backend_1_la-polkitbackendsessionmonitor-systemd.Tpo $(DEPDIR)/libpolkit_backend_1_la-polkitbackendsessionmonitor-systemd.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='polkitbackendsessionmonitor-systemd.c' object='libpolkit_backend_1_la-polkitbackendsessionmonitor-systemd.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpolkit_backend_1_la_CFLAGS) $(CFLAGS) -c -o libpolkit_backend_1_la-polkitbackendsessionmonitor-systemd.lo `test -f 'polkitbackendsessionmonitor-systemd.c' || echo '$(srcdir)/'`polkitbackendsessionmonitor-systemd.c + +libpolkit_backend_1_la-polkitbackendsessionmonitor.lo: polkitbackendsessionmonitor.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpolkit_backend_1_la_CFLAGS) $(CFLAGS) -MT libpolkit_backend_1_la-polkitbackendsessionmonitor.lo -MD -MP -MF $(DEPDIR)/libpolkit_backend_1_la-polkitbackendsessionmonitor.Tpo -c -o libpolkit_backend_1_la-polkitbackendsessionmonitor.lo `test -f 'polkitbackendsessionmonitor.c' || echo '$(srcdir)/'`polkitbackendsessionmonitor.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libpolkit_backend_1_la-polkitbackendsessionmonitor.Tpo $(DEPDIR)/libpolkit_backend_1_la-polkitbackendsessionmonitor.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='polkitbackendsessionmonitor.c' object='libpolkit_backend_1_la-polkitbackendsessionmonitor.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libpolkit_backend_1_la_CFLAGS) $(CFLAGS) -c -o libpolkit_backend_1_la-polkitbackendsessionmonitor.lo `test -f 'polkitbackendsessionmonitor.c' || echo '$(srcdir)/'`polkitbackendsessionmonitor.c + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs +install-localauthorityconfigDATA: $(localauthorityconfig_DATA) + @$(NORMAL_INSTALL) + test -z "$(localauthorityconfigdir)" || $(MKDIR_P) "$(DESTDIR)$(localauthorityconfigdir)" + @list='$(localauthorityconfig_DATA)'; test -n "$(localauthorityconfigdir)" || list=; \ + for p in $$list; do \ + if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; \ + done | $(am__base_list) | \ + while read files; do \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(localauthorityconfigdir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(localauthorityconfigdir)" || exit $$?; \ + done + +uninstall-localauthorityconfigDATA: + @$(NORMAL_UNINSTALL) + @list='$(localauthorityconfig_DATA)'; test -n "$(localauthorityconfigdir)" || list=; \ + files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ + dir='$(DESTDIR)$(localauthorityconfigdir)'; $(am__uninstall_files_from_dir) +install-libpolkit_backend_1includeHEADERS: $(libpolkit_backend_1include_HEADERS) + @$(NORMAL_INSTALL) + test -z "$(libpolkit_backend_1includedir)" || $(MKDIR_P) "$(DESTDIR)$(libpolkit_backend_1includedir)" + @list='$(libpolkit_backend_1include_HEADERS)'; test -n "$(libpolkit_backend_1includedir)" || list=; \ + for p in $$list; do \ + if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; \ + done | $(am__base_list) | \ + while read files; do \ + echo " $(INSTALL_HEADER) $$files '$(DESTDIR)$(libpolkit_backend_1includedir)'"; \ + $(INSTALL_HEADER) $$files "$(DESTDIR)$(libpolkit_backend_1includedir)" || exit $$?; \ + done + +uninstall-libpolkit_backend_1includeHEADERS: + @$(NORMAL_UNINSTALL) + @list='$(libpolkit_backend_1include_HEADERS)'; test -n "$(libpolkit_backend_1includedir)" || list=; \ + files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ + dir='$(DESTDIR)$(libpolkit_backend_1includedir)'; $(am__uninstall_files_from_dir) + +ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + mkid -fID $$unique +tags: TAGS + +TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + set x; \ + here=`pwd`; \ + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: CTAGS +CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done + $(MAKE) $(AM_MAKEFLAGS) \ + top_distdir="$(top_distdir)" distdir="$(distdir)" \ + dist-hook +check-am: all-am +check: check-am +all-am: Makefile $(LTLIBRARIES) $(DATA) $(HEADERS) +installdirs: + for dir in "$(DESTDIR)$(libdir)" "$(DESTDIR)$(localauthorityconfigdir)" "$(DESTDIR)$(libpolkit_backend_1includedir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + if test -z '$(STRIP)'; then \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + install; \ + else \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ + fi +mostlyclean-generic: + +clean-generic: + -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic clean-libLTLIBRARIES clean-libtool clean-local \ + mostlyclean-am + +distclean: distclean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-tags + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: install-libpolkit_backend_1includeHEADERS \ + install-localauthorityconfigDATA + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: install-libLTLIBRARIES + @$(NORMAL_INSTALL) + $(MAKE) $(AM_MAKEFLAGS) install-exec-hook +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-libLTLIBRARIES \ + uninstall-libpolkit_backend_1includeHEADERS \ + uninstall-localauthorityconfigDATA + +.MAKE: install-am install-exec-am install-strip + +.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ + clean-libLTLIBRARIES clean-libtool clean-local ctags dist-hook \ + distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-exec-hook install-html install-html-am \ + install-info install-info-am install-libLTLIBRARIES \ + install-libpolkit_backend_1includeHEADERS \ + install-localauthorityconfigDATA install-man install-pdf \ + install-pdf-am install-ps install-ps-am install-strip \ + installcheck installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-compile \ + mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ + tags uninstall uninstall-am uninstall-libLTLIBRARIES \ + uninstall-libpolkit_backend_1includeHEADERS \ + uninstall-localauthorityconfigDATA + + +dist-hook : + (for i in $(BUILT_SOURCES) ; do rm -f $(distdir)/$$i ; done) + +clean-local : + rm -f *~ $(BUILT_SOURCES) + +install-exec-hook: + mkdir -p $(DESTDIR)$(localstatedir)/lib/polkit-1 + mkdir -p $(DESTDIR)$(localstatedir)/lib/polkit-1/localauthority/{10-vendor.d,20-org.d,30-site.d,50-local.d,90-mandatory.d} + -chmod 700 $(DESTDIR)$(localstatedir)/lib/polkit-1 + mkdir -p $(DESTDIR)$(sysconfdir)/polkit-1 + mkdir -p $(DESTDIR)$(sysconfdir)/polkit-1/localauthority/{10-vendor.d,20-org.d,30-site.d,50-local.d,90-mandatory.d} + -chmod 700 $(DESTDIR)$(sysconfdir)/polkit-1/localauthority + mkdir -p $(DESTDIR)$(libdir)/polkit-1/extensions + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/src/polkitbackend/polkitbackend.h b/src/polkitbackend/polkitbackend.h new file mode 100644 index 00000000..9b79d141 --- /dev/null +++ b/src/polkitbackend/polkitbackend.h @@ -0,0 +1,41 @@ +/* + * Copyright (C) 2008 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, write to the + * Free Software Foundation, Inc., 59 Temple Place, Suite 330, + * Boston, MA 02111-1307, USA. + * + * Author: David Zeuthen + */ + +#ifndef __POLKIT_BACKEND_H +#define __POLKIT_BACKEND_H + +#include + +#if !defined (POLKIT_BACKEND_I_KNOW_API_IS_SUBJECT_TO_CHANGE) && !defined (_POLKIT_BACKEND_COMPILATION) +#error "libpolkitbackend is unstable API and subject to change. You must define POLKIT_BACKEND_I_KNOW_API_IS_SUBJECT_TO_CHANGE to acknowledge this." +#endif + +#define _POLKIT_BACKEND_INSIDE_POLKIT_BACKEND_H 1 +#include +#include +#include +#include +#include +#undef _POLKIT_BACKEND_INSIDE_POLKIT_BACKEND_H + +#endif /* __POLKIT_BACKEND_H */ + + diff --git a/src/polkitbackend/polkitbackendactionlookup.c b/src/polkitbackend/polkitbackendactionlookup.c new file mode 100644 index 00000000..5a1a228a --- /dev/null +++ b/src/polkitbackend/polkitbackendactionlookup.c @@ -0,0 +1,180 @@ +/* + * Copyright (C) 2008 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, write to the + * Free Software Foundation, Inc., 59 Temple Place, Suite 330, + * Boston, MA 02111-1307, USA. + * + * Author: David Zeuthen + */ + +#include "config.h" +#include +#include +#include + +#define _POLKIT_BACKEND_ACTION_LOOKUP_NO_DEPRECATED_WARNING + +#include +#include +#include "polkitbackendactionlookup.h" + +#include "polkitbackendprivate.h" + +/** + * SECTION:polkitbackendactionlookup + * @title: PolkitBackendActionLookup + * @short_description: Interface used to provide data to authentication dialogs + * @stability: Unstable + * + * An interface that is used by backends to provide localized data + * shown in authentication dialogs. + * + * This inteface is intended for mechanisms to customize the message + * to show - a mechanism can provide a #GIOModule that registers one + * or more extensions that implement this interface. Every time an + * authentication dialog is shown, the registered extensions are + * consulted in priority order. + * + * This is useful if your mechanism wants to put up a message such as + * "Authentication is required to install 'Totem Movie Player'", + * e.g. messages that include more information than just the action + * name. + * + * Code implementing this interface cannot block + * or do any IO when methods are invoked. If information is needed to + * format the message or details, prepare it in advance and pass it as + * part of the @details object when doing the + * polkit_authority_check_authorization() call. Then the code in this + * interface can use that information to return localized data. + * + * Note that setlocale() and the LANG environment + * variable will be set up to match the locale of the authentication + * agent that is the receiver of the information. This means that code + * implementing this interface can use dgettext() or similar machinery + * to look up translations. + */ + +static void +base_init (gpointer g_iface) +{ +} + +GType +polkit_backend_action_lookup_get_type (void) +{ + static GType iface_type = 0; + + if (iface_type == 0) + { + static const GTypeInfo info = + { + sizeof (PolkitBackendActionLookupIface), + base_init, /* base_init */ + NULL, /* base_finalize */ + NULL, /* class_init */ + NULL, /* class_finalize */ + NULL, /* class_data */ + 0, /* instance_size */ + 0, /* n_preallocs */ + NULL, /* instance_init */ + NULL /* value_table */ + }; + + iface_type = g_type_register_static (G_TYPE_INTERFACE, "PolkitBackendActionLookup", &info, 0); + + g_type_interface_add_prerequisite (iface_type, G_TYPE_OBJECT); + } + + return iface_type; +} + +/** + * polkit_backend_action_lookup_get_message: + * @lookup: A #PolkitBackendActionLookup. + * @action_id: The action to get the message for. + * @details: Details passed to polkit_authority_check_authorization(). + * @action_description: A #PolkitActionDescription object for @action_id. + * + * Computes a message to show in an authentication dialog for + * @action_id and @details. + * + * Returns: A localized string to show in the authentication dialog or %NULL. Caller must free this string. + **/ +gchar * +polkit_backend_action_lookup_get_message (PolkitBackendActionLookup *lookup, + const gchar *action_id, + PolkitDetails *details, + PolkitActionDescription *action_description) +{ + PolkitBackendActionLookupIface *iface = POLKIT_BACKEND_ACTION_LOOKUP_GET_IFACE (lookup); + + if (iface->get_message == NULL) + return NULL; + else + return iface->get_message (lookup, action_id, details, action_description); +} + +/** + * polkit_backend_action_lookup_get_icon_name: + * @lookup: A #PolkitBackendActionLookup. + * @action_id: The action to get the themed icon for. + * @details: Details passed to polkit_authority_check_authorization(). + * @action_description: A #PolkitActionDescription object for @action_id. + * + * Computes a themed icon name to show in an authentication dialog for + * @action_id and @details. + * + * Returns: A themed icon name or %NULL. Caller must free this string. + **/ +gchar * +polkit_backend_action_lookup_get_icon_name (PolkitBackendActionLookup *lookup, + const gchar *action_id, + PolkitDetails *details, + PolkitActionDescription *action_description) +{ + PolkitBackendActionLookupIface *iface = POLKIT_BACKEND_ACTION_LOOKUP_GET_IFACE (lookup); + + if (iface->get_icon_name == NULL) + return NULL; + else + return iface->get_icon_name (lookup, action_id, details, action_description); +} + +/** + * polkit_backend_action_lookup_get_details: + * @lookup: A #PolkitBackendActionLookup. + * @action_id: The action to get the details for. + * @details: Details passed to polkit_authority_check_authorization(). + * @action_description: A #PolkitActionDescription object for @action_id. + * + * Computes localized details to show in an authentication dialog for + * @action_id and @details. + * + * Returns: A #PolkitDetails object with localized details or %NULL. Caller must free the result. + **/ +PolkitDetails * +polkit_backend_action_lookup_get_details (PolkitBackendActionLookup *lookup, + const gchar *action_id, + PolkitDetails *details, + PolkitActionDescription *action_description) +{ + PolkitBackendActionLookupIface *iface = POLKIT_BACKEND_ACTION_LOOKUP_GET_IFACE (lookup); + + if (iface->get_details == NULL) + return NULL; + else + return iface->get_details (lookup, action_id, details, action_description); +} + diff --git a/src/polkitbackend/polkitbackendactionlookup.h b/src/polkitbackend/polkitbackendactionlookup.h new file mode 100644 index 00000000..254507b9 --- /dev/null +++ b/src/polkitbackend/polkitbackendactionlookup.h @@ -0,0 +1,123 @@ +/* + * Copyright (C) 2008 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, write to the + * Free Software Foundation, Inc., 59 Temple Place, Suite 330, + * Boston, MA 02111-1307, USA. + * + * Author: David Zeuthen + */ + +#if !defined (_POLKIT_BACKEND_COMPILATION) && !defined(_POLKIT_BACKEND_INSIDE_POLKIT_BACKEND_H) +#error "Only can be included directly, this file may disappear or change contents." +#endif + +#ifndef __POLKIT_BACKEND_ACTION_LOOKUP_H +#define __POLKIT_BACKEND_ACTION_LOOKUP_H + +#include + +#include +#include + +G_BEGIN_DECLS + +/** + * POLKIT_BACKEND_ACTION_LOOKUP_EXTENSION_POINT_NAME: + * + * Extension point name for looking up action information. + */ +#define POLKIT_BACKEND_ACTION_LOOKUP_EXTENSION_POINT_NAME "polkit-backend-action-lookup-1" + +#define POLKIT_BACKEND_TYPE_ACTION_LOOKUP (polkit_backend_action_lookup_get_type()) +#define POLKIT_BACKEND_ACTION_LOOKUP(o) (G_TYPE_CHECK_INSTANCE_CAST ((o), POLKIT_BACKEND_TYPE_ACTION_LOOKUP, PolkitBackendActionLookup)) +#define POLKIT_BACKEND_IS_ACTION_LOOKUP(o) (G_TYPE_CHECK_INSTANCE_TYPE ((o), POLKIT_BACKEND_TYPE_ACTION_LOOKUP)) +#define POLKIT_BACKEND_ACTION_LOOKUP_GET_IFACE(o) (G_TYPE_INSTANCE_GET_INTERFACE((o), POLKIT_BACKEND_TYPE_ACTION_LOOKUP, PolkitBackendActionLookupIface)) + +#if 0 +/** + * PolkitBackendActionLookup: + * + * Opaque object for #PolkitBackendActionLookupIface. + */ +typedef struct _PolkitBackendActionLookup PolkitBackendActionLookup; /* Dummy typedef */ +#endif +typedef struct _PolkitBackendActionLookupIface PolkitBackendActionLookupIface; + +/** + * PolkitBackendActionLookupIface: + * @get_message: See polkit_backend_action_lookup_get_message(). + * @get_icon_name: See polkit_backend_action_lookup_get_icon_name(). + * @get_details: See polkit_backend_action_lookup_get_details(). + * + * Interface that is used by backends to provide localized data shown + * in authentication dialogs. + */ +struct _PolkitBackendActionLookupIface +{ + /*< private >*/ + GTypeInterface parent_iface; + + /*< public >*/ + /* VTable */ + + gchar * (*get_message) (PolkitBackendActionLookup *lookup, + const gchar *action_id, + PolkitDetails *details, + PolkitActionDescription *action_description); + + gchar * (*get_icon_name) (PolkitBackendActionLookup *lookup, + const gchar *action_id, + PolkitDetails *details, + PolkitActionDescription *action_description); + + PolkitDetails * (*get_details) (PolkitBackendActionLookup *lookup, + const gchar *action_id, + PolkitDetails *details, + PolkitActionDescription *action_description); +}; + +#ifdef _POLKIT_BACKEND_ACTION_LOOKUP_NO_DEPRECATED_WARNING +GType polkit_backend_action_lookup_get_type (void) G_GNUC_CONST; +gchar *polkit_backend_action_lookup_get_message (PolkitBackendActionLookup *lookup, + const gchar *action_id, + PolkitDetails *details, + PolkitActionDescription *action_description); +gchar *polkit_backend_action_lookup_get_icon_name (PolkitBackendActionLookup *lookup, + const gchar *action_id, + PolkitDetails *details, + PolkitActionDescription *action_description); +PolkitDetails *polkit_backend_action_lookup_get_details (PolkitBackendActionLookup *lookup, + const gchar *action_id, + PolkitDetails *details, + PolkitActionDescription *action_description); +#else +GType polkit_backend_action_lookup_get_type (void) G_GNUC_CONST G_GNUC_DEPRECATED_FOR (use_PolkitDetails_instead); +gchar *polkit_backend_action_lookup_get_message (PolkitBackendActionLookup *lookup, + const gchar *action_id, + PolkitDetails *details, + PolkitActionDescription *action_description) G_GNUC_DEPRECATED_FOR (use_PolkitDetails_instead); +gchar *polkit_backend_action_lookup_get_icon_name (PolkitBackendActionLookup *lookup, + const gchar *action_id, + PolkitDetails *details, + PolkitActionDescription *action_description) G_GNUC_DEPRECATED_FOR (use_PolkitDetails_instead); +PolkitDetails *polkit_backend_action_lookup_get_details (PolkitBackendActionLookup *lookup, + const gchar *action_id, + PolkitDetails *details, + PolkitActionDescription *action_description) G_GNUC_DEPRECATED_FOR (use_PolkitDetails_instead); +#endif + +G_END_DECLS + +#endif /* __POLKIT_BACKEND_ACTION_LOOKUP_H */ diff --git a/src/polkitbackend/polkitbackendactionpool.c b/src/polkitbackend/polkitbackendactionpool.c new file mode 100644 index 00000000..e3ed38d4 --- /dev/null +++ b/src/polkitbackend/polkitbackendactionpool.c @@ -0,0 +1,1144 @@ +/* + * Copyright (C) 2008 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, write to the + * Free Software Foundation, Inc., 59 Temple Place, Suite 330, + * Boston, MA 02111-1307, USA. + * + * Author: David Zeuthen + */ + +#include "config.h" +#include +#include +#include +#include + +#include +#include + +#include "polkitbackendactionpool.h" + +/* + * SECTION:polkitbackendactionpool + * @title: PolkitBackendActionPool + * @short_description: Registered actions + * + * The #PolkitBackendActionPool class is a utility class to look up registered PolicyKit actions. + */ + +typedef struct +{ + gchar *action_id; + gchar *vendor_name; + gchar *vendor_url; + gchar *icon_name; + gchar *description; + gchar *message; + + PolkitImplicitAuthorization implicit_authorization_any; + PolkitImplicitAuthorization implicit_authorization_inactive; + PolkitImplicitAuthorization implicit_authorization_active; + + /* each of these map from the locale identifer (e.g. da_DK) to the localized value */ + GHashTable *localized_description; + GHashTable *localized_message; + + /* this maps from annotation key (string) to annotation value (also a string) */ + GHashTable *annotations; +} ParsedAction; + +static void +parsed_action_free (ParsedAction *action) +{ + g_free (action->action_id); + g_free (action->vendor_name); + g_free (action->vendor_url); + g_free (action->icon_name); + g_free (action->description); + g_free (action->message); + + g_hash_table_unref (action->localized_description); + g_hash_table_unref (action->localized_message); + + g_hash_table_unref (action->annotations); + g_free (action); +} + +static gboolean process_policy_file (PolkitBackendActionPool *pool, + const gchar *xml, + GError **error); + +static void ensure_file (PolkitBackendActionPool *pool, + GFile *file); + +static void ensure_all_files (PolkitBackendActionPool *pool); + +static const gchar *_localize (GHashTable *translations, + const gchar *untranslated, + const gchar *lang); + +typedef struct +{ + /* directory with .policy files, e.g. /usr/share/polkit-1/actions */ + GFile *directory; + + GFileMonitor *dir_monitor; + + /* maps from action_id to a ParsedAction struct */ + GHashTable *parsed_actions; + + /* maps from URI of parsed file to nothing */ + GHashTable *parsed_files; + + /* is TRUE only when we've read all files */ + gboolean has_loaded_all_files; + +} PolkitBackendActionPoolPrivate; + +enum +{ + PROP_0, + PROP_DIRECTORY, +}; + +#define POLKIT_BACKEND_ACTION_POOL_GET_PRIVATE(o) (G_TYPE_INSTANCE_GET_PRIVATE ((o), POLKIT_BACKEND_TYPE_ACTION_POOL, PolkitBackendActionPoolPrivate)) + +enum +{ + CHANGED_SIGNAL, + LAST_SIGNAL, +}; + +static guint signals[LAST_SIGNAL] = {0}; + +G_DEFINE_TYPE (PolkitBackendActionPool, polkit_backend_action_pool, G_TYPE_OBJECT); + +static void +polkit_backend_action_pool_init (PolkitBackendActionPool *pool) +{ + PolkitBackendActionPoolPrivate *priv; + + priv = POLKIT_BACKEND_ACTION_POOL_GET_PRIVATE (pool); + + priv->parsed_actions = g_hash_table_new_full (g_str_hash, + g_str_equal, + NULL, + (GDestroyNotify) parsed_action_free); + + priv->parsed_files = g_hash_table_new_full (g_str_hash, + g_str_equal, + g_free, + NULL); +} + +static void +polkit_backend_action_pool_finalize (GObject *object) +{ + PolkitBackendActionPool *pool; + PolkitBackendActionPoolPrivate *priv; + + pool = POLKIT_BACKEND_ACTION_POOL (object); + priv = POLKIT_BACKEND_ACTION_POOL_GET_PRIVATE (pool); + + if (priv->directory != NULL) + g_object_unref (priv->directory); + + if (priv->dir_monitor != NULL) + g_object_unref (priv->dir_monitor); + + if (priv->parsed_actions != NULL) + g_hash_table_unref (priv->parsed_actions); + + if (priv->parsed_files != NULL) + g_hash_table_unref (priv->parsed_files); + + G_OBJECT_CLASS (polkit_backend_action_pool_parent_class)->finalize (object); +} + +static void +polkit_backend_action_pool_get_property (GObject *object, + guint prop_id, + GValue *value, + GParamSpec *pspec) +{ + PolkitBackendActionPool *pool; + PolkitBackendActionPoolPrivate *priv; + + pool = POLKIT_BACKEND_ACTION_POOL (object); + priv = POLKIT_BACKEND_ACTION_POOL_GET_PRIVATE (pool); + + switch (prop_id) + { + case PROP_DIRECTORY: + g_value_set_object (value, priv->directory); + break; + + default: + G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); + break; + } +} + +static void +dir_monitor_changed (GFileMonitor *monitor, + GFile *file, + GFile *other_file, + GFileMonitorEvent event_type, + gpointer user_data) +{ + PolkitBackendActionPool *pool; + PolkitBackendActionPoolPrivate *priv; + + pool = POLKIT_BACKEND_ACTION_POOL (user_data); + priv = POLKIT_BACKEND_ACTION_POOL_GET_PRIVATE (pool); + + /* TODO: maybe rate-limit so storms of events are collapsed into one with a 500ms resolution? + * Because when editing a file with emacs we get 4-8 events.. + */ + + if (file != NULL) + { + gchar *name; + + name = g_file_get_basename (file); + + //g_debug ("event_type=%d file=%p name=%s", event_type, file, name); + + if (!g_str_has_prefix (name, ".") && + !g_str_has_prefix (name, "#") && + g_str_has_suffix (name, ".policy") && + (event_type == G_FILE_MONITOR_EVENT_CREATED || + event_type == G_FILE_MONITOR_EVENT_DELETED || + event_type == G_FILE_MONITOR_EVENT_CHANGES_DONE_HINT)) + { + + //g_debug ("match"); + + /* now throw away all caches */ + g_hash_table_remove_all (priv->parsed_files); + g_hash_table_remove_all (priv->parsed_actions); + priv->has_loaded_all_files = FALSE; + + g_signal_emit_by_name (pool, "changed"); + } + + g_free (name); + } +} + + +static void +polkit_backend_action_pool_set_property (GObject *object, + guint prop_id, + const GValue *value, + GParamSpec *pspec) +{ + PolkitBackendActionPool *pool; + PolkitBackendActionPoolPrivate *priv; + GError *error; + + pool = POLKIT_BACKEND_ACTION_POOL (object); + priv = POLKIT_BACKEND_ACTION_POOL_GET_PRIVATE (pool); + + switch (prop_id) + { + case PROP_DIRECTORY: + priv->directory = g_value_dup_object (value); + + error = NULL; + priv->dir_monitor = g_file_monitor_directory (priv->directory, + G_FILE_MONITOR_NONE, + NULL, + &error); + if (priv->dir_monitor == NULL) + { + g_warning ("Error monitoring actions directory: %s", error->message); + g_error_free (error); + } + else + { + g_signal_connect (priv->dir_monitor, + "changed", + (GCallback) dir_monitor_changed, + pool); + } + break; + + default: + G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); + break; + } +} + +static void +polkit_backend_action_pool_class_init (PolkitBackendActionPoolClass *klass) +{ + GObjectClass *gobject_class = G_OBJECT_CLASS (klass); + + gobject_class->get_property = polkit_backend_action_pool_get_property; + gobject_class->set_property = polkit_backend_action_pool_set_property; + gobject_class->finalize = polkit_backend_action_pool_finalize; + + g_type_class_add_private (klass, sizeof (PolkitBackendActionPoolPrivate)); + + /** + * PolkitBackendActionPool:directory: + * + * The directory to load action description files from. + */ + g_object_class_install_property (gobject_class, + PROP_DIRECTORY, + g_param_spec_object ("directory", + "Directory", + "Directory to load action description files from", + G_TYPE_FILE, + G_PARAM_READWRITE | + G_PARAM_CONSTRUCT_ONLY | + G_PARAM_STATIC_NAME | + G_PARAM_STATIC_NICK | + G_PARAM_STATIC_BLURB)); + + /** + * PolkitBackendActionPool::changed: + * @action_pool: A #PolkitBackendActionPool. + * + * Emitted when action files in the supplied directory changes. + */ + signals[CHANGED_SIGNAL] = g_signal_new ("changed", + POLKIT_BACKEND_TYPE_ACTION_POOL, + G_SIGNAL_RUN_LAST, + 0, /* class offset */ + NULL, /* accumulator */ + NULL, /* accumulator data */ + g_cclosure_marshal_VOID__VOID, + G_TYPE_NONE, + 0); +} + +/** + * polkit_backend_action_pool_new: + * @directory: A #GFile for the directory holding PolicyKit action description files. + * + * Creates a new #PolkitBackendPool that can be used for looking up #PolkitActionDescription objects. + * + * Returns: A #PolkitBackendActionPool. Free with g_object_unref(). + **/ +PolkitBackendActionPool * +polkit_backend_action_pool_new (GFile *directory) +{ + PolkitBackendActionPool *pool; + + pool = POLKIT_BACKEND_ACTION_POOL (g_object_new (POLKIT_BACKEND_TYPE_ACTION_POOL, + "directory", directory, + NULL)); + + return pool; +} + +/** + * polkit_backend_action_pool_get_action: + * @pool: A #PolkitBackendActionPool. + * @action_id: A PolicyKit action identifier. + * @locale: The locale to get descriptions for or %NULL for system locale. + * + * Gets a #PolkitActionDescription object describing the action with identifier @action_id. + * + * Returns: A #PolkitActionDescription (free with g_object_unref()) or %NULL + * if @action_id isn't registered or valid. + **/ +PolkitActionDescription * +polkit_backend_action_pool_get_action (PolkitBackendActionPool *pool, + const gchar *action_id, + const gchar *locale) +{ + PolkitBackendActionPoolPrivate *priv; + PolkitActionDescription *ret; + ParsedAction *parsed_action; + const gchar *description; + const gchar *message; + + g_return_val_if_fail (POLKIT_BACKEND_IS_ACTION_POOL (pool), NULL); + + priv = POLKIT_BACKEND_ACTION_POOL_GET_PRIVATE (pool); + + /* TODO: just compute the name of the expected file and ensure it's parsed */ + ensure_all_files (pool); + + ret = NULL; + + parsed_action = g_hash_table_lookup (priv->parsed_actions, action_id); + if (parsed_action == NULL) + { + g_warning ("Unknown action_id '%s'", action_id); + goto out; + } + + description = _localize (parsed_action->localized_description, + parsed_action->description, + locale); + message = _localize (parsed_action->localized_message, + parsed_action->message, + locale); + + ret = polkit_action_description_new (action_id, + description, + message, + parsed_action->vendor_name, + parsed_action->vendor_url, + parsed_action->icon_name, + parsed_action->implicit_authorization_any, + parsed_action->implicit_authorization_inactive, + parsed_action->implicit_authorization_active, + parsed_action->annotations); + + out: + return ret; +} + +/** + * polkit_backend_action_pool_get_all_actions: + * @pool: A #PolkitBackendActionPool. + * @locale: The locale to get descriptions for or %NULL for system locale. + * + * Gets all registered PolicyKit action descriptions from @pool with strings for @locale. + * + * Returns: A #GList of #PolkitActionDescription objects. This list + * should be freed with g_list_free() after each element have + * been unreffed with g_object_unref(). + **/ +GList * +polkit_backend_action_pool_get_all_actions (PolkitBackendActionPool *pool, + const gchar *locale) +{ + GList *ret; + PolkitBackendActionPoolPrivate *priv; + GHashTableIter hash_iter; + const gchar *action_id; + + g_return_val_if_fail (POLKIT_BACKEND_IS_ACTION_POOL (pool), NULL); + + priv = POLKIT_BACKEND_ACTION_POOL_GET_PRIVATE (pool); + + ensure_all_files (pool); + + ret = NULL; + + g_hash_table_iter_init (&hash_iter, priv->parsed_actions); + while (g_hash_table_iter_next (&hash_iter, (gpointer) &action_id, NULL)) + { + PolkitActionDescription *action_desc; + + action_desc = polkit_backend_action_pool_get_action (pool, + action_id, + locale); + + if (action_desc != NULL) + ret = g_list_prepend (ret, action_desc); + } + + ret = g_list_reverse (ret); + + return ret; +} + +/* ---------------------------------------------------------------------------------------------------- */ + +static void +ensure_file (PolkitBackendActionPool *pool, + GFile *file) +{ + PolkitBackendActionPoolPrivate *priv; + gchar *contents; + GError *error; + gchar *uri; + + priv = POLKIT_BACKEND_ACTION_POOL_GET_PRIVATE (pool); + + uri = g_file_get_uri (file); + + if (g_hash_table_lookup (priv->parsed_files, uri) != NULL) + goto out; + + error = NULL; + if (!g_file_load_contents (file, + NULL, + &contents, + NULL, + NULL, + &error)) + { + g_warning ("Error loading file with URI '%s': %s", uri, error->message); + goto out; + } + + if (!process_policy_file (pool, + contents, + &error)) + { + g_warning ("Error parsing file with URI '%s': %s", uri, error->message); + g_free (contents); + goto out; + } + + g_free (contents); + + /* steal uri */ + g_hash_table_insert (priv->parsed_files, uri, NULL); + uri = NULL; + + out: + g_free (uri); +} + +static void +ensure_all_files (PolkitBackendActionPool *pool) +{ + PolkitBackendActionPoolPrivate *priv; + GFileEnumerator *e; + GFileInfo *file_info; + GError *error; + + priv = POLKIT_BACKEND_ACTION_POOL_GET_PRIVATE (pool); + + e = NULL; + + if (priv->has_loaded_all_files) + goto out; + + error = NULL; + e = g_file_enumerate_children (priv->directory, + "standard::name", + G_FILE_QUERY_INFO_NONE, + NULL, + &error); + if (error != NULL) + { + g_warning ("Error enumerating files: %s", error->message); + goto out; + } + + while ((file_info = g_file_enumerator_next_file (e, NULL, &error)) != NULL) + { + const gchar *name; + + name = g_file_info_get_name (file_info); + /* only consider files with the right suffix */ + if (g_str_has_suffix (name, ".policy")) + { + GFile *file; + + file = g_file_get_child (priv->directory, name); + + ensure_file (pool, file); + + g_object_unref (file); + } + + g_object_unref (file_info); + + } /* for all files */ + + priv->has_loaded_all_files = TRUE; + + out: + + if (e != NULL) + g_object_unref (e); +} + +/* ---------------------------------------------------------------------------------------------------- */ + +enum { + STATE_NONE, + STATE_UNKNOWN_TAG, + STATE_IN_POLICY_CONFIG, + STATE_IN_POLICY_VENDOR, + STATE_IN_POLICY_VENDOR_URL, + STATE_IN_POLICY_ICON_NAME, + STATE_IN_ACTION, + STATE_IN_ACTION_DESCRIPTION, + STATE_IN_ACTION_MESSAGE, + STATE_IN_ACTION_VENDOR, + STATE_IN_ACTION_VENDOR_URL, + STATE_IN_ACTION_ICON_NAME, + STATE_IN_DEFAULTS, + STATE_IN_DEFAULTS_ALLOW_ANY, + STATE_IN_DEFAULTS_ALLOW_INACTIVE, + STATE_IN_DEFAULTS_ALLOW_ACTIVE, + STATE_IN_ANNOTATE +}; + +#define PARSER_MAX_DEPTH 32 + +typedef struct { + XML_Parser parser; + int state; + int state_stack[PARSER_MAX_DEPTH]; + int stack_depth; + + char *global_vendor; + char *global_vendor_url; + char *global_icon_name; + + char *action_id; + char *vendor; + char *vendor_url; + char *icon_name; + + PolkitImplicitAuthorization implicit_authorization_any; + PolkitImplicitAuthorization implicit_authorization_inactive; + PolkitImplicitAuthorization implicit_authorization_active; + + GHashTable *policy_descriptions; + GHashTable *policy_messages; + + char *policy_description_nolang; + char *policy_message_nolang; + + /* the value of xml:lang for the thing we're reading in _cdata() */ + char *elem_lang; + + char *annotate_key; + GHashTable *annotations; + + PolkitBackendActionPool *pool; +} ParserData; + +static void +pd_unref_action_data (ParserData *pd) +{ + g_free (pd->action_id); + pd->action_id = NULL; + + g_free (pd->vendor); + pd->vendor = NULL; + g_free (pd->vendor_url); + pd->vendor_url = NULL; + g_free (pd->icon_name); + pd->icon_name = NULL; + + g_free (pd->policy_description_nolang); + pd->policy_description_nolang = NULL; + g_free (pd->policy_message_nolang); + pd->policy_message_nolang = NULL; + if (pd->policy_descriptions != NULL) + { + g_hash_table_unref (pd->policy_descriptions); + pd->policy_descriptions = NULL; + } + if (pd->policy_messages != NULL) + { + g_hash_table_unref (pd->policy_messages); + pd->policy_messages = NULL; + } + g_free (pd->annotate_key); + pd->annotate_key = NULL; + if (pd->annotations != NULL) + { + g_hash_table_unref (pd->annotations); + pd->annotations = NULL; + } + g_free (pd->elem_lang); + pd->elem_lang = NULL; +} + +static void +pd_unref_data (ParserData *pd) +{ + pd_unref_action_data (pd); + + g_free (pd->global_vendor); + pd->global_vendor = NULL; + g_free (pd->global_vendor_url); + pd->global_vendor_url = NULL; + g_free (pd->global_icon_name); + pd->global_icon_name = NULL; +} + +static void +_start (void *data, const char *el, const char **attr) +{ + guint state; + guint num_attr; + ParserData *pd = data; + + for (num_attr = 0; attr[num_attr] != NULL; num_attr++) + ; + + state = STATE_NONE; + + switch (pd->state) + { + case STATE_NONE: + if (strcmp (el, "policyconfig") == 0) + { + state = STATE_IN_POLICY_CONFIG; + } + break; + + case STATE_IN_POLICY_CONFIG: + if (strcmp (el, "action") == 0) + { + if (num_attr != 2 || strcmp (attr[0], "id") != 0) + goto error; + state = STATE_IN_ACTION; + + //if (!polkit_action_validate_id (attr[1])) + // goto error; + + pd_unref_action_data (pd); + pd->action_id = g_strdup (attr[1]); + pd->policy_descriptions = g_hash_table_new_full (g_str_hash, + g_str_equal, + g_free, + g_free); + pd->policy_messages = g_hash_table_new_full (g_str_hash, + g_str_equal, + g_free, + g_free); + pd->annotations = g_hash_table_new_full (g_str_hash, g_str_equal, g_free, g_free); + /* initialize defaults */ + pd->implicit_authorization_any = POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED; + pd->implicit_authorization_inactive = POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED; + pd->implicit_authorization_active = POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED; + } + else if (strcmp (el, "vendor") == 0 && num_attr == 0) + { + state = STATE_IN_POLICY_VENDOR; + } + else if (strcmp (el, "vendor_url") == 0 && num_attr == 0) + { + state = STATE_IN_POLICY_VENDOR_URL; + } + else if (strcmp (el, "icon_name") == 0 && num_attr == 0) + { + state = STATE_IN_POLICY_ICON_NAME; + } + break; + + case STATE_IN_ACTION: + if (strcmp (el, "defaults") == 0) + { + state = STATE_IN_DEFAULTS; + } + else if (strcmp (el, "description") == 0) + { + if (num_attr == 2 && strcmp (attr[0], "xml:lang") == 0) + { + pd->elem_lang = g_strdup (attr[1]); + } + state = STATE_IN_ACTION_DESCRIPTION; + } + else if (strcmp (el, "message") == 0) + { + if (num_attr == 2 && strcmp (attr[0], "xml:lang") == 0) + { + pd->elem_lang = g_strdup (attr[1]); + } + state = STATE_IN_ACTION_MESSAGE; + } + else if (strcmp (el, "vendor") == 0 && num_attr == 0) + { + state = STATE_IN_ACTION_VENDOR; + } + else if (strcmp (el, "vendor_url") == 0 && num_attr == 0) + { + state = STATE_IN_ACTION_VENDOR_URL; + } + else if (strcmp (el, "icon_name") == 0 && num_attr == 0) + { + state = STATE_IN_ACTION_ICON_NAME; + } + else if (strcmp (el, "annotate") == 0) + { + if (num_attr != 2 || strcmp (attr[0], "key") != 0) + goto error; + + state = STATE_IN_ANNOTATE; + + g_free (pd->annotate_key); + pd->annotate_key = g_strdup (attr[1]); + } + break; + + case STATE_IN_DEFAULTS: + if (strcmp (el, "allow_any") == 0) + state = STATE_IN_DEFAULTS_ALLOW_ANY; + else if (strcmp (el, "allow_inactive") == 0) + state = STATE_IN_DEFAULTS_ALLOW_INACTIVE; + else if (strcmp (el, "allow_active") == 0) + state = STATE_IN_DEFAULTS_ALLOW_ACTIVE; + break; + + default: + break; + } + + if (state == STATE_NONE) + { + g_warning ("skipping unknown tag <%s> at line %d", + el, (int) XML_GetCurrentLineNumber (pd->parser)); + state = STATE_UNKNOWN_TAG; + } + + pd->state = state; + pd->state_stack[pd->stack_depth] = pd->state; + pd->stack_depth++; + return; + +error: + XML_StopParser (pd->parser, FALSE); +} + +static gboolean +_validate_icon_name (const gchar *icon_name) +{ + guint n; + gboolean ret; + gsize len; + + ret = FALSE; + + len = strlen (icon_name); + + /* check for common suffixes */ + if (g_str_has_suffix (icon_name, ".png")) + goto out; + if (g_str_has_suffix (icon_name, ".jpg")) + goto out; + + /* icon name cannot be a path */ + for (n = 0; n < len; n++) + { + if (icon_name [n] == '/') + { + goto out; + } + } + + ret = TRUE; + +out: + return ret; +} + +static void +_cdata (void *data, const char *s, int len) +{ + gchar *str; + ParserData *pd = data; + + str = g_strndup (s, len); + + switch (pd->state) + { + case STATE_IN_ACTION_DESCRIPTION: + if (pd->elem_lang == NULL) + { + g_free (pd->policy_description_nolang); + pd->policy_description_nolang = str; + str = NULL; + } + else + { + g_hash_table_insert (pd->policy_descriptions, + g_strdup (pd->elem_lang), + str); + str = NULL; + } + break; + + case STATE_IN_ACTION_MESSAGE: + if (pd->elem_lang == NULL) + { + g_free (pd->policy_message_nolang); + pd->policy_message_nolang = str; + str = NULL; + } + else + { + g_hash_table_insert (pd->policy_messages, + g_strdup (pd->elem_lang), + str); + str = NULL; + } + break; + + case STATE_IN_POLICY_VENDOR: + g_free (pd->global_vendor); + pd->global_vendor = str; + str = NULL; + break; + + case STATE_IN_POLICY_VENDOR_URL: + g_free (pd->global_vendor_url); + pd->global_vendor_url = str; + str = NULL; + break; + + case STATE_IN_POLICY_ICON_NAME: + if (! _validate_icon_name (str)) + { + g_warning ("Icon name '%s' is invalid", str); + goto error; + } + g_free (pd->global_icon_name); + pd->global_icon_name = str; + str = NULL; + break; + + case STATE_IN_ACTION_VENDOR: + g_free (pd->vendor); + pd->vendor = str; + str = NULL; + break; + + case STATE_IN_ACTION_VENDOR_URL: + g_free (pd->vendor_url); + pd->vendor_url = str; + str = NULL; + break; + + case STATE_IN_ACTION_ICON_NAME: + if (! _validate_icon_name (str)) + { + g_warning ("Icon name '%s' is invalid", str); + goto error; + } + + g_free (pd->icon_name); + pd->icon_name = str; + str = NULL; + break; + + case STATE_IN_DEFAULTS_ALLOW_ANY: + if (!polkit_implicit_authorization_from_string (str, &pd->implicit_authorization_any)) + goto error; + break; + + case STATE_IN_DEFAULTS_ALLOW_INACTIVE: + if (!polkit_implicit_authorization_from_string (str, &pd->implicit_authorization_inactive)) + goto error; + break; + + case STATE_IN_DEFAULTS_ALLOW_ACTIVE: + if (!polkit_implicit_authorization_from_string (str, &pd->implicit_authorization_active)) + goto error; + break; + + case STATE_IN_ANNOTATE: + g_hash_table_insert (pd->annotations, g_strdup (pd->annotate_key), str); + str = NULL; + break; + + default: + break; + } + + g_free (str); + return; + +error: + g_free (str); + XML_StopParser (pd->parser, FALSE); +} + +static void +_end (void *data, const char *el) +{ + ParserData *pd = data; + + g_free (pd->elem_lang); + pd->elem_lang = NULL; + + switch (pd->state) + { + case STATE_IN_ACTION: + { + gchar *vendor; + gchar *vendor_url; + gchar *icon_name; + ParsedAction *action; + PolkitBackendActionPoolPrivate *priv; + + priv = POLKIT_BACKEND_ACTION_POOL_GET_PRIVATE (pd->pool); + + vendor = pd->vendor; + if (vendor == NULL) + vendor = pd->global_vendor; + + vendor_url = pd->vendor_url; + if (vendor_url == NULL) + vendor_url = pd->global_vendor_url; + + icon_name = pd->icon_name; + if (icon_name == NULL) + icon_name = pd->global_icon_name; + + action = g_new0 (ParsedAction, 1); + action->action_id = g_strdup (pd->action_id); + action->vendor_name = g_strdup (vendor); + action->vendor_url = g_strdup (vendor_url); + action->icon_name = g_strdup (icon_name); + action->description = g_strdup (pd->policy_description_nolang); + action->message = g_strdup (pd->policy_message_nolang); + + action->localized_description = pd->policy_descriptions; + action->localized_message = pd->policy_messages; + action->annotations = pd->annotations; + + action->implicit_authorization_any = pd->implicit_authorization_any; + action->implicit_authorization_inactive = pd->implicit_authorization_inactive; + action->implicit_authorization_active = pd->implicit_authorization_active; + + g_hash_table_insert (priv->parsed_actions, action->action_id, action); + + /* we steal these hash tables */ + pd->annotations = NULL; + pd->policy_descriptions = NULL; + pd->policy_messages = NULL; + + break; + } + + default: + break; + } + + --pd->stack_depth; + if (pd->stack_depth < 0 || pd->stack_depth >= PARSER_MAX_DEPTH) + { + g_warning ("reached max depth?"); + goto error; + } + + if (pd->stack_depth > 0) + pd->state = pd->state_stack[pd->stack_depth - 1]; + else + pd->state = STATE_NONE; + + return; + +error: + XML_StopParser (pd->parser, FALSE); +} + + +/* ---------------------------------------------------------------------------------------------------- */ + +static gboolean +process_policy_file (PolkitBackendActionPool *pool, + const gchar *xml, + GError **error) +{ + ParserData pd; + int xml_res; + + /* clear parser data */ + memset (&pd, 0, sizeof (ParserData)); + + pd.pool = pool; + + pd.parser = XML_ParserCreate_MM (NULL, NULL, NULL); + pd.parser = XML_ParserCreate (NULL); + pd.stack_depth = 0; + XML_SetUserData (pd.parser, &pd); + XML_SetElementHandler (pd.parser, _start, _end); + XML_SetCharacterDataHandler (pd.parser, _cdata); + + /* init parser data */ + pd.state = STATE_NONE; + + xml_res = XML_Parse (pd.parser, xml, strlen (xml), 1); + + if (xml_res == 0) + { + if (XML_GetErrorCode (pd.parser) == XML_ERROR_NO_MEMORY) + { + abort (); + } + else + { + g_set_error (error, + POLKIT_ERROR, + POLKIT_ERROR_FAILED, + "%d: parse error: %s", + (int) XML_GetCurrentLineNumber (pd.parser), + XML_ErrorString (XML_GetErrorCode (pd.parser))); + } + XML_ParserFree (pd.parser); + goto error; + } + + XML_ParserFree (pd.parser); + + return TRUE; + +error: + pd_unref_data (&pd); + return FALSE; +} + +/** + * _localize: + * @translations: a mapping from xml:lang to the value, e.g. 'da' -> 'Smadre', 'en_CA' -> 'Punch, Aye!' + * @untranslated: the untranslated value, e.g. 'Punch' + * @lang: the locale we're interested in, e.g. 'da_DK', 'da', 'en_CA', 'en_US'; basically just $LANG + * with the encoding cut off. Maybe be NULL. + * + * Pick the correct translation to use. + * + * Returns: the localized string to use + */ +static const gchar * +_localize (GHashTable *translations, + const gchar *untranslated, + const gchar *lang) +{ + const gchar *result; + gchar lang2[256]; + guint n; + + if (lang == NULL) + { + result = untranslated; + goto out; + } + + /* first see if we have the translation */ + result = (const char *) g_hash_table_lookup (translations, (void *) lang); + if (result != NULL) + goto out; + + /* we could have a translation for 'da' but lang=='da_DK'; cut off the last part and try again */ + strncpy (lang2, lang, sizeof (lang2)); + for (n = 0; lang2[n] != '\0'; n++) + { + if (lang2[n] == '_') + { + lang2[n] = '\0'; + break; + } + } + result = (const char *) g_hash_table_lookup (translations, (void *) lang2); + if (result != NULL) + goto out; + + /* fall back to untranslated */ + result = untranslated; + +out: + return result; +} diff --git a/src/polkitbackend/polkitbackendactionpool.h b/src/polkitbackend/polkitbackendactionpool.h new file mode 100644 index 00000000..e992eea6 --- /dev/null +++ b/src/polkitbackend/polkitbackendactionpool.h @@ -0,0 +1,78 @@ +/* + * Copyright (C) 2008 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, write to the + * Free Software Foundation, Inc., 59 Temple Place, Suite 330, + * Boston, MA 02111-1307, USA. + * + * Author: David Zeuthen + */ + +#if !defined (_POLKIT_BACKEND_COMPILATION) || defined(_POLKIT_BACKEND_INSIDE_POLKIT_BACKEND_H) +#error "This is a private header file." +#endif + +#include + +#ifndef __POLKIT_BACKEND_ACTION_POOL_H +#define __POLKIT_BACKEND_ACTION_POOL_H + +G_BEGIN_DECLS + +#define POLKIT_BACKEND_TYPE_ACTION_POOL (polkit_backend_action_pool_get_type ()) +#define POLKIT_BACKEND_ACTION_POOL(o) (G_TYPE_CHECK_INSTANCE_CAST ((o), POLKIT_BACKEND_TYPE_ACTION_POOL, PolkitBackendActionPool)) +#define POLKIT_BACKEND_ACTION_POOL_CLASS(k) (G_TYPE_CHECK_CLASS_CAST ((k), POLKIT_BACKEND_TYPE_ACTION_POOL, PolkitBackendActionPoolClass)) +#define POLKIT_BACKEND_ACTION_POOL_GET_CLASS(o) (G_TYPE_INSTANCE_GET_CLASS ((o), POLKIT_BACKEND_TYPE_ACTION_POOL,PolkitBackendActionPoolClass)) +#define POLKIT_BACKEND_IS_ACTION_POOL(o) (G_TYPE_CHECK_INSTANCE_TYPE ((o), POLKIT_BACKEND_TYPE_ACTION_POOL)) +#define POLKIT_BACKEND_IS_ACTION_POOL_CLASS(k) (G_TYPE_CHECK_CLASS_TYPE ((k), POLKIT_BACKEND_TYPE_ACTION_POOL)) + +typedef struct _PolkitBackendActionPool PolkitBackendActionPool; +typedef struct _PolkitBackendActionPoolClass PolkitBackendActionPoolClass; + +struct _PolkitBackendActionPool +{ + GObject parent_instance; +}; + +struct _PolkitBackendActionPoolClass +{ + GObjectClass parent_class; + + /*< public >*/ + + /*< private >*/ + /* Padding for future expansion */ + void (*_polkit_reserved1) (void); + void (*_polkit_reserved2) (void); + void (*_polkit_reserved3) (void); + void (*_polkit_reserved4) (void); + void (*_polkit_reserved5) (void); + void (*_polkit_reserved6) (void); + void (*_polkit_reserved7) (void); + void (*_polkit_reserved8) (void); +}; + +GType polkit_backend_action_pool_get_type (void) G_GNUC_CONST; +PolkitBackendActionPool *polkit_backend_action_pool_new (GFile *directory); +GList *polkit_backend_action_pool_get_all_actions (PolkitBackendActionPool *pool, + const gchar *locale); + +PolkitActionDescription *polkit_backend_action_pool_get_action (PolkitBackendActionPool *pool, + const gchar *action_id, + const gchar *locale); + +G_END_DECLS + +#endif /* __POLKIT_BACKEND_ACTION_POOL_H */ + diff --git a/src/polkitbackend/polkitbackendauthority.c b/src/polkitbackend/polkitbackendauthority.c new file mode 100644 index 00000000..fd4f161c --- /dev/null +++ b/src/polkitbackend/polkitbackendauthority.c @@ -0,0 +1,1432 @@ +/* + * Copyright (C) 2008 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, write to the + * Free Software Foundation, Inc., 59 Temple Place, Suite 330, + * Boston, MA 02111-1307, USA. + * + * Author: David Zeuthen + */ + +#include "config.h" +#include +#include +#include +#include +#include + +#include +#include + +#include "polkitbackendauthority.h" +#include "polkitbackendlocalauthority.h" + +#include "polkitbackendprivate.h" + +/** + * SECTION:polkitbackendauthority + * @title: PolkitBackendAuthority + * @short_description: Abstract base class for authority backends + * @stability: Unstable + * @see_also: PolkitBackendLocalAuthority + * + * To implement an authority backend, simply subclass #PolkitBackendAuthority + * and implement the required VFuncs. + */ + +enum +{ + CHANGED_SIGNAL, + LAST_SIGNAL, +}; + +static guint signals[LAST_SIGNAL] = {0}; + +G_DEFINE_ABSTRACT_TYPE (PolkitBackendAuthority, polkit_backend_authority, G_TYPE_OBJECT); + +static void +polkit_backend_authority_init (PolkitBackendAuthority *local_authority) +{ +} + +static void +polkit_backend_authority_class_init (PolkitBackendAuthorityClass *klass) +{ + /** + * PolkitBackendAuthority::changed: + * @authority: A #PolkitBackendAuthority. + * + * Emitted when actions and/or authorizations change. + */ + signals[CHANGED_SIGNAL] = g_signal_new ("changed", + POLKIT_BACKEND_TYPE_AUTHORITY, + G_SIGNAL_RUN_LAST, + G_STRUCT_OFFSET (PolkitBackendAuthorityClass, changed), + NULL, /* accumulator */ + NULL, /* accumulator data */ + g_cclosure_marshal_VOID__VOID, + G_TYPE_NONE, + 0); +} + +/** + * polkit_backend_authority_get_name: + * @authority: A #PolkitBackendAuthority. + * + * Gets the name of the authority backend. + * + * Returns: The name of the backend. + */ +const gchar * +polkit_backend_authority_get_name (PolkitBackendAuthority *authority) +{ + PolkitBackendAuthorityClass *klass; + klass = POLKIT_BACKEND_AUTHORITY_GET_CLASS (authority); + if (klass->get_name == NULL) + return "(not set)"; + return klass->get_name (authority); +} + +/** + * polkit_backend_authority_get_version: + * @authority: A #PolkitBackendAuthority. + * + * Gets the version of the authority backend. + * + * Returns: The name of the backend. + */ +const gchar * +polkit_backend_authority_get_version (PolkitBackendAuthority *authority) +{ + PolkitBackendAuthorityClass *klass; + klass = POLKIT_BACKEND_AUTHORITY_GET_CLASS (authority); + if (klass->get_version == NULL) + return "(not set)"; + return klass->get_version (authority); +} + +/** + * polkit_backend_authority_get_features: + * @authority: A #PolkitBackendAuthority. + * + * Gets the features supported by the authority backend. + * + * Returns: Flags from #PolkitAuthorityFeatures. + */ +PolkitAuthorityFeatures +polkit_backend_authority_get_features (PolkitBackendAuthority *authority) +{ + PolkitBackendAuthorityClass *klass; + klass = POLKIT_BACKEND_AUTHORITY_GET_CLASS (authority); + if (klass->get_features == NULL) + return POLKIT_AUTHORITY_FEATURES_NONE; + return klass->get_features (authority); +} + +/** + * polkit_backend_authority_enumerate_actions: + * @authority: A #PolkitBackendAuthority. + * @caller: The system bus name that initiated the query. + * @locale: The locale to retrieve descriptions for. + * @error: Return location for error or %NULL. + * + * Retrieves all registered actions. + * + * Returns: A list of #PolkitActionDescription objects or %NULL if @error is set. The returned list + * should be freed with g_list_free() after each element have been freed with g_object_unref(). + **/ +GList * +polkit_backend_authority_enumerate_actions (PolkitBackendAuthority *authority, + PolkitSubject *caller, + const gchar *locale, + GError **error) +{ + PolkitBackendAuthorityClass *klass; + + klass = POLKIT_BACKEND_AUTHORITY_GET_CLASS (authority); + + if (klass->enumerate_actions == NULL) + { + g_warning ("enumerate_actions is not implemented (it is not optional)"); + g_set_error (error, + POLKIT_ERROR, + POLKIT_ERROR_NOT_SUPPORTED, + "Operation not supported (bug in backend)"); + return NULL; + } + else + { + return klass->enumerate_actions (authority, caller, locale, error); + } +} + +/* ---------------------------------------------------------------------------------------------------- */ + +/** + * polkit_backend_authority_check_authorization: + * @authority: A #PolkitBackendAuthority. + * @caller: The system bus name that initiated the query. + * @subject: A #PolkitSubject. + * @action_id: The action to check for. + * @details: Details about the action or %NULL. + * @flags: A set of #PolkitCheckAuthorizationFlags. + * @cancellable: A #GCancellable. + * @callback: A #GAsyncReadyCallback to call when the request is satisfied. + * @user_data: The data to pass to @callback. + * + * Asynchronously checks if @subject is authorized to perform the action represented + * by @action_id. + * + * When the operation is finished, @callback will be invoked. You can then + * call polkit_backend_authority_check_authorization_finish() to get the result of + * the operation. + **/ +void +polkit_backend_authority_check_authorization (PolkitBackendAuthority *authority, + PolkitSubject *caller, + PolkitSubject *subject, + const gchar *action_id, + PolkitDetails *details, + PolkitCheckAuthorizationFlags flags, + GCancellable *cancellable, + GAsyncReadyCallback callback, + gpointer user_data) +{ + PolkitBackendAuthorityClass *klass; + + klass = POLKIT_BACKEND_AUTHORITY_GET_CLASS (authority); + + if (klass->check_authorization == NULL) + { + GSimpleAsyncResult *simple; + + g_warning ("check_authorization is not implemented (it is not optional)"); + + simple = g_simple_async_result_new_error (G_OBJECT (authority), + callback, + user_data, + POLKIT_ERROR, + POLKIT_ERROR_NOT_SUPPORTED, + "Operation not supported (bug in backend)"); + g_simple_async_result_complete (simple); + g_object_unref (simple); + } + else + { + klass->check_authorization (authority, caller, subject, action_id, details, flags, cancellable, callback, user_data); + } +} + +/** + * polkit_backend_authority_check_authorization_finish: + * @authority: A #PolkitBackendAuthority. + * @res: A #GAsyncResult obtained from the callback. + * @error: Return location for error or %NULL. + * + * Finishes checking if a subject is authorized for an action. + * + * Returns: A #PolkitAuthorizationResult or %NULL if @error is set. Free with g_object_unref(). + **/ +PolkitAuthorizationResult * +polkit_backend_authority_check_authorization_finish (PolkitBackendAuthority *authority, + GAsyncResult *res, + GError **error) +{ + PolkitBackendAuthorityClass *klass; + + klass = POLKIT_BACKEND_AUTHORITY_GET_CLASS (authority); + + if (klass->check_authorization_finish == NULL) + { + g_warning ("check_authorization_finish is not implemented (it is not optional)"); + g_simple_async_result_propagate_error (G_SIMPLE_ASYNC_RESULT (res), error); + return NULL; + } + else + { + return klass->check_authorization_finish (authority, res, error); + } +} + +/* ---------------------------------------------------------------------------------------------------- */ + +/** + * polkit_backend_authority_register_authentication_agent: + * @authority: A #PolkitBackendAuthority. + * @caller: The system bus name that initiated the query. + * @subject: The subject the authentication agent wants to register for. + * @locale: The locale of the authentication agent. + * @object_path: The object path for the authentication agent. + * @options: A #GVariant with options or %NULL. + * @error: Return location for error or %NULL. + * + * Registers an authentication agent. + * + * Returns: %TRUE if the authentication agent was successfully registered, %FALSE if @error is set. + **/ +gboolean +polkit_backend_authority_register_authentication_agent (PolkitBackendAuthority *authority, + PolkitSubject *caller, + PolkitSubject *subject, + const gchar *locale, + const gchar *object_path, + GVariant *options, + GError **error) +{ + PolkitBackendAuthorityClass *klass; + + klass = POLKIT_BACKEND_AUTHORITY_GET_CLASS (authority); + + if (klass->register_authentication_agent == NULL) + { + g_set_error (error, + POLKIT_ERROR, + POLKIT_ERROR_NOT_SUPPORTED, + "Operation not supported"); + return FALSE; + } + else + { + return klass->register_authentication_agent (authority, caller, subject, locale, object_path, options, error); + } +} + +/** + * polkit_backend_authority_unregister_authentication_agent: + * @authority: A #PolkitBackendAuthority. + * @caller: The system bus name that initiated the query. + * @subject: The subject the agent claims to be registered at. + * @object_path: The object path that the authentication agent is registered at. + * @error: Return location for error or %NULL. + * + * Unregisters an authentication agent. + * + * Returns: %TRUE if the authentication agent was successfully unregistered, %FALSE if @error is set. + **/ +gboolean +polkit_backend_authority_unregister_authentication_agent (PolkitBackendAuthority *authority, + PolkitSubject *caller, + PolkitSubject *subject, + const gchar *object_path, + GError **error) +{ + PolkitBackendAuthorityClass *klass; + + klass = POLKIT_BACKEND_AUTHORITY_GET_CLASS (authority); + + if (klass->unregister_authentication_agent == NULL) + { + g_set_error (error, + POLKIT_ERROR, + POLKIT_ERROR_NOT_SUPPORTED, + "Operation not supported"); + return FALSE; + } + else + { + return klass->unregister_authentication_agent (authority, caller, subject, object_path, error); + } +} + +/** + * polkit_backend_authority_authentication_agent_response: + * @authority: A #PolkitBackendAuthority. + * @caller: The system bus name that initiated the query. + * @cookie: The cookie passed to the authentication agent from the authority. + * @identity: The identity that was authenticated. + * @error: Return location for error or %NULL. + * + * Provide response that @identity successfully authenticated for the + * authentication request identified by @cookie. + * + * Returns: %TRUE if @authority acknowledged the call, %FALSE if @error is set. + **/ +gboolean +polkit_backend_authority_authentication_agent_response (PolkitBackendAuthority *authority, + PolkitSubject *caller, + const gchar *cookie, + PolkitIdentity *identity, + GError **error) +{ + PolkitBackendAuthorityClass *klass; + + klass = POLKIT_BACKEND_AUTHORITY_GET_CLASS (authority); + + if (klass->authentication_agent_response == NULL) + { + g_set_error (error, + POLKIT_ERROR, + POLKIT_ERROR_NOT_SUPPORTED, + "Operation not supported"); + return FALSE; + } + else + { + return klass->authentication_agent_response (authority, caller, cookie, identity, error); + } +} + +/* ---------------------------------------------------------------------------------------------------- */ + +/** + * polkit_backend_authority_enumerate_temporary_authorizations: + * @authority: A #PolkitBackendAuthority. + * @caller: The system bus name that initiated the query. + * @subject: The subject to get temporary authorizations for. + * @error: Return location for error. + * + * Gets temporary authorizations for @subject. + * + * Returns: A list of #PolkitTemporaryAuthorization objects or %NULL if @error is set. The returned list + * should be freed with g_list_free() after each element have been freed with g_object_unref(). + */ +GList * +polkit_backend_authority_enumerate_temporary_authorizations (PolkitBackendAuthority *authority, + PolkitSubject *caller, + PolkitSubject *subject, + GError **error) +{ + PolkitBackendAuthorityClass *klass; + + klass = POLKIT_BACKEND_AUTHORITY_GET_CLASS (authority); + + if (klass->enumerate_temporary_authorizations == NULL) + { + g_set_error (error, + POLKIT_ERROR, + POLKIT_ERROR_NOT_SUPPORTED, + "Operation not supported"); + return NULL; + } + else + { + return klass->enumerate_temporary_authorizations (authority, caller, subject, error); + } +} + +/** + * polkit_backend_authority_revoke_temporary_authorizations: + * @authority: A #PolkitBackendAuthority. + * @caller: The system bus name that initiated the query. + * @subject: The subject to revoke temporary authorizations for. + * @error: Return location for error. + * + * Revokes temporary authorizations for @subject. + * + * Returns: %TRUE if the operation succeeded, %FALSE if @error is set. + **/ +gboolean +polkit_backend_authority_revoke_temporary_authorizations (PolkitBackendAuthority *authority, + PolkitSubject *caller, + PolkitSubject *subject, + GError **error) +{ + PolkitBackendAuthorityClass *klass; + + klass = POLKIT_BACKEND_AUTHORITY_GET_CLASS (authority); + + if (klass->revoke_temporary_authorizations == NULL) + { + g_set_error (error, + POLKIT_ERROR, + POLKIT_ERROR_NOT_SUPPORTED, + "Operation not supported"); + return FALSE; + } + else + { + return klass->revoke_temporary_authorizations (authority, caller, subject, error); + } +} + +/** + * polkit_backend_authority_revoke_temporary_authorization_by_id: + * @authority: A #PolkitBackendAuthority. + * @caller: The system bus name that initiated the query. + * @id: The opaque identifier of the temporary authorization. + * @error: Return location for error. + * + * Revokes a temporary authorizations with opaque identifier @id. + * + * Returns: %TRUE if the operation succeeded, %FALSE if @error is set. + **/ +gboolean +polkit_backend_authority_revoke_temporary_authorization_by_id (PolkitBackendAuthority *authority, + PolkitSubject *caller, + const gchar *id, + GError **error) +{ + PolkitBackendAuthorityClass *klass; + + klass = POLKIT_BACKEND_AUTHORITY_GET_CLASS (authority); + + if (klass->revoke_temporary_authorization_by_id == NULL) + { + g_set_error (error, + POLKIT_ERROR, + POLKIT_ERROR_NOT_SUPPORTED, + "Operation not supported"); + return FALSE; + } + else + { + return klass->revoke_temporary_authorization_by_id (authority, caller, id, error); + } +} + +/* ---------------------------------------------------------------------------------------------------- */ + +typedef struct +{ + guint authority_registration_id; + + GDBusNodeInfo *introspection_info; + + PolkitBackendAuthority *authority; + + GDBusConnection *connection; + + gulong authority_changed_id; + + gchar *object_path; + + GHashTable *cancellation_id_to_check_auth_data; +} Server; + +static void +server_free (Server *server) +{ + g_free (server->object_path); + + if (server->authority_registration_id > 0) + g_dbus_connection_unregister_object (server->connection, server->authority_registration_id); + + if (server->connection != NULL) + g_object_unref (server->connection); + + if (server->introspection_info != NULL) + g_dbus_node_info_unref (server->introspection_info); + + if (server->authority != NULL && server->authority_changed_id > 0) + g_signal_handler_disconnect (server->authority, server->authority_changed_id); + + if (server->cancellation_id_to_check_auth_data != NULL) + g_hash_table_unref (server->cancellation_id_to_check_auth_data); + + g_object_unref (server->authority); + + g_free (server); +} + +static void +on_authority_changed (PolkitBackendAuthority *authority, + gpointer user_data) +{ + Server *server = user_data; + GError *error; + + error = NULL; + if (!g_dbus_connection_emit_signal (server->connection, + NULL, /* destination bus name */ + server->object_path, + "org.freedesktop.PolicyKit1.Authority", + "Changed", + NULL, + &error)) + { + g_warning ("Error emitting Changed() signal: %s", error->message); + g_error_free (error); + } +} + +static const gchar *server_introspection_data = + "" + " " + " " + " " + " " + " " + " " + " " + " " + " " + " " + " " + " " + " " + " " + " " + " " + " " + " " + " " + " " + " " + " " + " " + " " + " " + " " + " " + " " + " " + " " + " " + " " + " " + " " + " " + " " + " " + " " + " " + " " + " " + " " + " " + " " + " " + " " + " " + " " + " " + " " + ""; + +/* ---------------------------------------------------------------------------------------------------- */ + +static void +server_handle_enumerate_actions (Server *server, + GVariant *parameters, + PolkitSubject *caller, + GDBusMethodInvocation *invocation) +{ + GVariantBuilder builder; + GError *error; + GList *actions; + GList *l; + const gchar *locale; + + actions = NULL; + + g_variant_get (parameters, "(&s)", &locale); + + error = NULL; + actions = polkit_backend_authority_enumerate_actions (server->authority, + caller, + locale, + &error); + if (error != NULL) + { + g_dbus_method_invocation_return_gerror (invocation, error); + g_error_free (error); + goto out; + } + + g_variant_builder_init (&builder, G_VARIANT_TYPE ("a(ssssssuuua{ss})")); + for (l = actions; l != NULL; l = l->next) + { + PolkitActionDescription *ad = POLKIT_ACTION_DESCRIPTION (l->data); + GVariant *value; + value = polkit_action_description_to_gvariant (ad); + g_variant_ref_sink (value); + g_variant_builder_add_value (&builder, value); + g_variant_unref (value); + } + g_dbus_method_invocation_return_value (invocation, g_variant_new ("(a(ssssssuuua{ss}))", &builder)); + + out: + g_list_foreach (actions, (GFunc) g_object_unref, NULL); + g_list_free (actions); +} + +/* ---------------------------------------------------------------------------------------------------- */ + +typedef struct +{ + GDBusMethodInvocation *invocation; + Server *server; + PolkitSubject *caller; + PolkitSubject *subject; + GCancellable *cancellable; + gchar *cancellation_id; +} CheckAuthData; + +static void +check_auth_data_free (CheckAuthData *data) +{ + if (data->invocation != NULL) + g_object_unref (data->invocation); + if (data->caller != NULL) + g_object_unref (data->caller); + if (data->subject != NULL) + g_object_unref (data->subject); + if (data->cancellable != NULL) + g_object_unref (data->cancellable); + g_free (data->cancellation_id); + g_free (data); +} + +static void +check_auth_cb (GObject *source_object, + GAsyncResult *res, + gpointer user_data) +{ + CheckAuthData *data = user_data; + PolkitAuthorizationResult *result; + GError *error; + + error = NULL; + result = polkit_backend_authority_check_authorization_finish (POLKIT_BACKEND_AUTHORITY (source_object), + res, + &error); + + if (data->cancellation_id != NULL) + g_hash_table_remove (data->server->cancellation_id_to_check_auth_data, data->cancellation_id); + + if (error != NULL) + { + g_dbus_method_invocation_return_gerror (data->invocation, error); + g_error_free (error); + } + else + { + GVariant *value; + value = polkit_authorization_result_to_gvariant (result); + g_variant_ref_sink (value); + g_dbus_method_invocation_return_value (data->invocation, g_variant_new ("(@(bba{ss}))", value)); + g_variant_unref (value); + } + + check_auth_data_free (data); +} + +static void +server_handle_check_authorization (Server *server, + GVariant *parameters, + PolkitSubject *caller, + GDBusMethodInvocation *invocation) +{ + GVariant *subject_gvariant; + const gchar *action_id; + GVariant *details_gvariant; + guint32 flags; + const gchar *cancellation_id; + GError *error; + PolkitSubject *subject; + PolkitDetails *details; + + subject = NULL; + details = NULL; + + g_variant_get (parameters, + "(@(sa{sv})&s@a{ss}u&s)", + &subject_gvariant, + &action_id, + &details_gvariant, + &flags, + &cancellation_id); + + error = NULL; + subject = polkit_subject_new_for_gvariant (subject_gvariant, &error); + if (subject == NULL) + { + g_prefix_error (&error, "Error getting subject: "); + g_dbus_method_invocation_return_gerror (invocation, error); + g_error_free (error); + goto out; + } + + details = polkit_details_new_for_gvariant (details_gvariant); + + CheckAuthData *data; + data = g_new0 (CheckAuthData, 1); + + data->server = server; + data->caller = g_object_ref (caller); + data->subject = g_object_ref (subject); + data->invocation = g_object_ref (invocation); + + if (strlen (cancellation_id) > 0) + { + data->cancellation_id = g_strdup_printf ("%s-%s", + g_dbus_method_invocation_get_sender (invocation), + cancellation_id); + if (g_hash_table_lookup (server->cancellation_id_to_check_auth_data, data->cancellation_id) != NULL) + { + gchar *message; + message = g_strdup_printf ("Given cancellation_id %s is already in use for name %s", + cancellation_id, + g_dbus_method_invocation_get_sender (invocation)); + /* Don't want this error in our GError enum since libpolkit-gobject-1 users will never see it */ + g_dbus_method_invocation_return_dbus_error (invocation, + "org.freedesktop.PolicyKit1.Error.CancellationIdNotUnique", + message); + g_free (message); + check_auth_data_free (data); + goto out; + } + + data->cancellable = g_cancellable_new (); + g_hash_table_insert (server->cancellation_id_to_check_auth_data, + data->cancellation_id, + data); + } + + polkit_backend_authority_check_authorization (server->authority, + caller, + subject, + action_id, + details, + flags, + data->cancellable, + check_auth_cb, + data); + + out: + + g_variant_unref (subject_gvariant); + g_variant_unref (details_gvariant); + + if (details != NULL) + g_object_unref (details); + if (subject != NULL) + g_object_unref (subject); +} + +/* ---------------------------------------------------------------------------------------------------- */ + +static void +server_handle_cancel_check_authorization (Server *server, + GVariant *parameters, + PolkitSubject *caller, + GDBusMethodInvocation *invocation) +{ + CheckAuthData *data; + const gchar *cancellation_id; + gchar *full_cancellation_id; + + g_variant_get (parameters, "(&s)", &cancellation_id); + + full_cancellation_id = g_strdup_printf ("%s-%s", + g_dbus_method_invocation_get_sender (invocation), + cancellation_id); + + data = g_hash_table_lookup (server->cancellation_id_to_check_auth_data, full_cancellation_id); + if (data == NULL) + { + g_dbus_method_invocation_return_error (invocation, + POLKIT_ERROR, + POLKIT_ERROR_FAILED, + "No such cancellation_id `%s' for name %s", + cancellation_id, + g_dbus_method_invocation_get_sender (invocation)); + goto out; + } + + g_cancellable_cancel (data->cancellable); + + g_dbus_method_invocation_return_value (invocation, g_variant_new ("()")); + + out: + g_free (full_cancellation_id); +} + +/* ---------------------------------------------------------------------------------------------------- */ + +static void +server_handle_register_authentication_agent (Server *server, + GVariant *parameters, + PolkitSubject *caller, + GDBusMethodInvocation *invocation) +{ + GVariant *subject_gvariant; + GError *error; + PolkitSubject *subject; + const gchar *locale; + const gchar *object_path; + + subject = NULL; + + g_variant_get (parameters, + "(@(sa{sv})&s&s)", + &subject_gvariant, + &locale, + &object_path); + + error = NULL; + subject = polkit_subject_new_for_gvariant (subject_gvariant, &error); + if (subject == NULL) + { + g_prefix_error (&error, "Error getting subject: "); + g_dbus_method_invocation_return_gerror (invocation, error); + g_error_free (error); + goto out; + } + + error = NULL; + if (!polkit_backend_authority_register_authentication_agent (server->authority, + caller, + subject, + locale, + object_path, + NULL, + &error)) + { + g_dbus_method_invocation_return_gerror (invocation, error); + g_error_free (error); + goto out; + } + + g_dbus_method_invocation_return_value (invocation, g_variant_new ("()")); + + out: + if (subject != NULL) + g_object_unref (subject); +} + +/* ---------------------------------------------------------------------------------------------------- */ + +static void +server_handle_register_authentication_agent_with_options (Server *server, + GVariant *parameters, + PolkitSubject *caller, + GDBusMethodInvocation *invocation) +{ + GVariant *subject_gvariant; + GError *error; + PolkitSubject *subject; + const gchar *locale; + const gchar *object_path; + GVariant *options; + + subject = NULL; + + g_variant_get (parameters, + "(@(sa{sv})&s&s@a{sv})", + &subject_gvariant, + &locale, + &object_path, + &options); + + error = NULL; + subject = polkit_subject_new_for_gvariant (subject_gvariant, &error); + if (subject == NULL) + { + g_prefix_error (&error, "Error getting subject: "); + g_dbus_method_invocation_return_gerror (invocation, error); + g_error_free (error); + goto out; + } + + error = NULL; + if (!polkit_backend_authority_register_authentication_agent (server->authority, + caller, + subject, + locale, + object_path, + options, + &error)) + { + g_dbus_method_invocation_return_gerror (invocation, error); + g_error_free (error); + goto out; + } + + g_dbus_method_invocation_return_value (invocation, g_variant_new ("()")); + + out: + if (options != NULL) + g_variant_unref (options); + if (subject != NULL) + g_object_unref (subject); +} + +/* ---------------------------------------------------------------------------------------------------- */ + +static void +server_handle_unregister_authentication_agent (Server *server, + GVariant *parameters, + PolkitSubject *caller, + GDBusMethodInvocation *invocation) +{ + GVariant *subject_gvariant; + GError *error; + PolkitSubject *subject; + const gchar *object_path; + + subject = NULL; + + g_variant_get (parameters, + "(@(sa{sv})&s)", + &subject_gvariant, + &object_path); + + error = NULL; + subject = polkit_subject_new_for_gvariant (subject_gvariant, &error); + if (subject == NULL) + { + g_prefix_error (&error, "Error getting subject: "); + g_dbus_method_invocation_return_gerror (invocation, error); + g_error_free (error); + goto out; + } + + error = NULL; + if (!polkit_backend_authority_unregister_authentication_agent (server->authority, + caller, + subject, + object_path, + &error)) + { + g_dbus_method_invocation_return_gerror (invocation, error); + g_error_free (error); + goto out; + } + + g_dbus_method_invocation_return_value (invocation, g_variant_new ("()")); + + out: + if (subject != NULL) + g_object_unref (subject); +} + +/* ---------------------------------------------------------------------------------------------------- */ + +static void +server_handle_authentication_agent_response (Server *server, + GVariant *parameters, + PolkitSubject *caller, + GDBusMethodInvocation *invocation) +{ + const gchar *cookie; + GVariant *identity_gvariant; + PolkitIdentity *identity; + GError *error; + + identity = NULL; + + g_variant_get (parameters, + "(&s@(sa{sv}))", + &cookie, + &identity_gvariant); + + error = NULL; + identity = polkit_identity_new_for_gvariant (identity_gvariant, &error); + if (identity == NULL) + { + g_prefix_error (&error, "Error getting identity: "); + g_dbus_method_invocation_return_gerror (invocation, error); + g_error_free (error); + goto out; + } + + error = NULL; + if (!polkit_backend_authority_authentication_agent_response (server->authority, + caller, + cookie, + identity, + &error)) + { + g_dbus_method_invocation_return_gerror (invocation, error); + g_error_free (error); + goto out; + } + + g_dbus_method_invocation_return_value (invocation, g_variant_new ("()")); + + out: + if (identity != NULL) + g_object_unref (identity); +} + +/* ---------------------------------------------------------------------------------------------------- */ + +static void +server_handle_enumerate_temporary_authorizations (Server *server, + GVariant *parameters, + PolkitSubject *caller, + GDBusMethodInvocation *invocation) +{ + GVariant *subject_gvariant; + GError *error; + PolkitSubject *subject; + GList *authorizations; + GList *l; + GVariantBuilder builder; + + subject = NULL; + + g_variant_get (parameters, + "(@(sa{sv}))", + &subject_gvariant); + + error = NULL; + subject = polkit_subject_new_for_gvariant (subject_gvariant, &error); + if (subject == NULL) + { + g_prefix_error (&error, "Error getting subject: "); + g_dbus_method_invocation_return_gerror (invocation, error); + g_error_free (error); + goto out; + } + + error = NULL; + authorizations = polkit_backend_authority_enumerate_temporary_authorizations (server->authority, + caller, + subject, + &error); + if (error != NULL) + { + g_dbus_method_invocation_return_gerror (invocation, error); + g_error_free (error); + goto out; + } + + g_variant_builder_init (&builder, G_VARIANT_TYPE ("a(ss(sa{sv})tt)")); + for (l = authorizations; l != NULL; l = l->next) + { + PolkitTemporaryAuthorization *a = POLKIT_TEMPORARY_AUTHORIZATION (l->data); + GVariant *value; + value = polkit_temporary_authorization_to_gvariant (a); + g_variant_ref_sink (value); + g_variant_builder_add_value (&builder, value); + g_variant_unref (value); + } + g_list_foreach (authorizations, (GFunc) g_object_unref, NULL); + g_list_free (authorizations); + g_dbus_method_invocation_return_value (invocation, g_variant_new ("(a(ss(sa{sv})tt))", &builder)); + + out: + if (subject != NULL) + g_object_unref (subject); +} + +/* ---------------------------------------------------------------------------------------------------- */ + +static void +server_handle_revoke_temporary_authorizations (Server *server, + GVariant *parameters, + PolkitSubject *caller, + GDBusMethodInvocation *invocation) +{ + GVariant *subject_gvariant; + GError *error; + PolkitSubject *subject; + + subject = NULL; + + g_variant_get (parameters, + "(@(sa{sv}))", + &subject_gvariant); + + error = NULL; + subject = polkit_subject_new_for_gvariant (subject_gvariant, &error); + if (subject == NULL) + { + g_prefix_error (&error, "Error getting subject: "); + g_dbus_method_invocation_return_gerror (invocation, error); + g_error_free (error); + goto out; + } + + error = NULL; + if (!polkit_backend_authority_revoke_temporary_authorizations (server->authority, + caller, + subject, + &error)) + { + g_dbus_method_invocation_return_gerror (invocation, error); + g_error_free (error); + goto out; + } + + g_dbus_method_invocation_return_value (invocation, g_variant_new ("()")); + + out: + if (subject != NULL) + g_object_unref (subject); +} + +/* ---------------------------------------------------------------------------------------------------- */ + +static void +server_handle_revoke_temporary_authorization_by_id (Server *server, + GVariant *parameters, + PolkitSubject *caller, + GDBusMethodInvocation *invocation) +{ + GError *error; + const gchar *id; + + g_variant_get (parameters, + "(&s)", + &id); + + error = NULL; + if (!polkit_backend_authority_revoke_temporary_authorization_by_id (server->authority, + caller, + id, + &error)) + { + g_dbus_method_invocation_return_gerror (invocation, error); + g_error_free (error); + goto out; + } + + g_dbus_method_invocation_return_value (invocation, g_variant_new ("()")); + + out: + ; +} + +/* ---------------------------------------------------------------------------------------------------- */ + +static void +server_handle_method_call (GDBusConnection *connection, + const gchar *sender, + const gchar *object_path, + const gchar *interface_name, + const gchar *method_name, + GVariant *parameters, + GDBusMethodInvocation *invocation, + gpointer user_data) +{ + Server *server = user_data; + PolkitSubject *caller; + + caller = polkit_system_bus_name_new (g_dbus_method_invocation_get_sender (invocation)); + + if (g_strcmp0 (method_name, "EnumerateActions") == 0) + server_handle_enumerate_actions (server, parameters, caller, invocation); + else if (g_strcmp0 (method_name, "CheckAuthorization") == 0) + server_handle_check_authorization (server, parameters, caller, invocation); + else if (g_strcmp0 (method_name, "CancelCheckAuthorization") == 0) + server_handle_cancel_check_authorization (server, parameters, caller, invocation); + else if (g_strcmp0 (method_name, "RegisterAuthenticationAgent") == 0) + server_handle_register_authentication_agent (server, parameters, caller, invocation); + else if (g_strcmp0 (method_name, "RegisterAuthenticationAgentWithOptions") == 0) + server_handle_register_authentication_agent_with_options (server, parameters, caller, invocation); + else if (g_strcmp0 (method_name, "UnregisterAuthenticationAgent") == 0) + server_handle_unregister_authentication_agent (server, parameters, caller, invocation); + else if (g_strcmp0 (method_name, "AuthenticationAgentResponse") == 0) + server_handle_authentication_agent_response (server, parameters, caller, invocation); + else if (g_strcmp0 (method_name, "EnumerateTemporaryAuthorizations") == 0) + server_handle_enumerate_temporary_authorizations (server, parameters, caller, invocation); + else if (g_strcmp0 (method_name, "RevokeTemporaryAuthorizations") == 0) + server_handle_revoke_temporary_authorizations (server, parameters, caller, invocation); + else if (g_strcmp0 (method_name, "RevokeTemporaryAuthorizationById") == 0) + server_handle_revoke_temporary_authorization_by_id (server, parameters, caller, invocation); + else + g_assert_not_reached (); + + g_object_unref (caller); +} + +static GVariant * +server_handle_get_property (GDBusConnection *connection, + const gchar *sender, + const gchar *object_path, + const gchar *interface_name, + const gchar *property_name, + GError **error, + gpointer user_data) +{ + Server *server = user_data; + GVariant *result; + + result = NULL; + + if (g_strcmp0 (property_name, "BackendName") == 0) + { + result = g_variant_new_string (polkit_backend_authority_get_name (server->authority)); + } + else if (g_strcmp0 (property_name, "BackendVersion") == 0) + { + result = g_variant_new_string (polkit_backend_authority_get_version (server->authority)); + } + else if (g_strcmp0 (property_name, "BackendFeatures") == 0) + { + result = g_variant_new_uint32 (polkit_backend_authority_get_features (server->authority)); + } + else + g_assert_not_reached (); + + return result; +} + +/* ---------------------------------------------------------------------------------------------------- */ + +static const GDBusInterfaceVTable server_vtable = +{ + server_handle_method_call, + server_handle_get_property, + NULL, /* server_handle_set_property */ +}; + +/** + * polkit_backend_authority_unregister: + * @registration_id: A #gpointer obtained from polkit_backend_authority_register(). + * + * Unregisters a #PolkitBackendAuthority registered with polkit_backend_authority_register(). + */ +void +polkit_backend_authority_unregister (gpointer registration_id) +{ + Server *server = registration_id; + server_free (server); +} + +/** + * polkit_backend_authority_register: + * @connection: The #GDBusConnection to register the authority on. + * @authority: A #PolkitBackendAuthority. + * @object_path: Object path of the authority. + * @error: Return location for error. + * + * Registers @authority on a #GDBusConnection. + * + * Returns: A #gpointer that can be used with polkit_backend_authority_unregister() or %NULL if @error is set. + */ +gpointer +polkit_backend_authority_register (PolkitBackendAuthority *authority, + GDBusConnection *connection, + const gchar *object_path, + GError **error) +{ + Server *server; + + server = g_new0 (Server, 1); + + server->cancellation_id_to_check_auth_data = g_hash_table_new (g_str_hash, g_str_equal); + + server->connection = g_object_ref (connection); + server->object_path = g_strdup (object_path); + + server->introspection_info = g_dbus_node_info_new_for_xml (server_introspection_data, error); + if (server->introspection_info == NULL) + goto error; + + server->authority_registration_id = g_dbus_connection_register_object (server->connection, + object_path, + g_dbus_node_info_lookup_interface (server->introspection_info, "org.freedesktop.PolicyKit1.Authority"), + &server_vtable, + server, + NULL, + error); + if (server->authority_registration_id == 0) + { + goto error; + } + + server->authority = g_object_ref (authority); + + server->authority_changed_id = g_signal_connect (server->authority, + "changed", + G_CALLBACK (on_authority_changed), + server); + + return server; + + error: + server_free (server); + return NULL; +} + + +/** + * polkit_backend_authority_get: + * + * Loads all #GIOModules from $(libdir)/polkit-1/extensions to determine + * what implementation of #PolkitBackendAuthority to use. Then instantiates an object of the + * implementation with the highest priority and unloads all other modules. + * + * Returns: A #PolkitBackendAuthority. Free with g_object_unref(). + **/ +PolkitBackendAuthority * +polkit_backend_authority_get (void) +{ + static GIOExtensionPoint *ep = NULL; + static volatile GType local_authority_type = G_TYPE_INVALID; + GList *modules; + GList *authority_implementations; + GType authority_type; + PolkitBackendAuthority *authority; + gchar *s; + + /* define extension points */ + if (ep == NULL) + { + ep = g_io_extension_point_register (POLKIT_BACKEND_AUTHORITY_EXTENSION_POINT_NAME); + g_io_extension_point_set_required_type (ep, POLKIT_BACKEND_TYPE_AUTHORITY); + } + + /* make sure local types are registered */ + if (local_authority_type == G_TYPE_INVALID) + { + local_authority_type = POLKIT_BACKEND_TYPE_LOCAL_AUTHORITY; + } + + /* load all modules */ + modules = g_io_modules_load_all_in_directory (PACKAGE_LIB_DIR "/polkit-1/extensions"); + + /* find all extensions; we have at least one here since we've registered the local backend */ + authority_implementations = g_io_extension_point_get_extensions (ep); + + /* the returned list is sorted according to priority so just take the highest one */ + authority_type = g_io_extension_get_type ((GIOExtension*) authority_implementations->data); + authority = POLKIT_BACKEND_AUTHORITY (g_object_new (authority_type, NULL)); + + /* unload all modules; the module our instantiated authority is in won't be unloaded because + * we've instantiated a reference to a type in this module + */ + g_list_foreach (modules, (GFunc) g_type_module_unuse, NULL); + g_list_free (modules); + + /* First announce that we've started in the generic log */ + openlog ("polkitd", + LOG_PID, + LOG_DAEMON); /* system daemons without separate facility value */ + syslog (LOG_INFO, + "started daemon version %s using authority implementation `%s' version `%s'", + VERSION, + polkit_backend_authority_get_name (authority), + polkit_backend_authority_get_version (authority)); + closelog (); + + /* and then log to the secure log */ + s = g_strdup_printf ("polkitd(authority=%s)", polkit_backend_authority_get_name (authority)); + openlog (s, + 0, + LOG_AUTHPRIV); /* security/authorization messages (private) */ + /* Ugh, can't free the string - gah, thanks openlog(3) */ + /*g_free (s);*/ + + return authority; +} + +void +polkit_backend_authority_log (PolkitBackendAuthority *authority, + const gchar *format, + ...) +{ + va_list var_args; + + g_return_if_fail (POLKIT_BACKEND_IS_AUTHORITY (authority)); + + va_start (var_args, format); + vsyslog (LOG_NOTICE, format, var_args); + + va_end (var_args); +} diff --git a/src/polkitbackend/polkitbackendauthority.h b/src/polkitbackend/polkitbackendauthority.h new file mode 100644 index 00000000..a564054f --- /dev/null +++ b/src/polkitbackend/polkitbackendauthority.h @@ -0,0 +1,291 @@ +/* + * Copyright (C) 2008 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, write to the + * Free Software Foundation, Inc., 59 Temple Place, Suite 330, + * Boston, MA 02111-1307, USA. + * + * Author: David Zeuthen + */ + +#if !defined (_POLKIT_BACKEND_COMPILATION) && !defined(_POLKIT_BACKEND_INSIDE_POLKIT_BACKEND_H) +#error "Only can be included directly, this file may disappear or change contents." +#endif + +#ifndef __POLKIT_BACKEND_AUTHORITY_H +#define __POLKIT_BACKEND_AUTHORITY_H + +#include + +#include +#include + +G_BEGIN_DECLS + +#define POLKIT_BACKEND_TYPE_AUTHORITY (polkit_backend_authority_get_type ()) +#define POLKIT_BACKEND_AUTHORITY(o) (G_TYPE_CHECK_INSTANCE_CAST ((o), POLKIT_BACKEND_TYPE_AUTHORITY, PolkitBackendAuthority)) +#define POLKIT_BACKEND_AUTHORITY_CLASS(k) (G_TYPE_CHECK_CLASS_CAST ((k), POLKIT_BACKEND_TYPE_AUTHORITY, PolkitBackendAuthorityClass)) +#define POLKIT_BACKEND_AUTHORITY_GET_CLASS(o) (G_TYPE_INSTANCE_GET_CLASS ((o), POLKIT_BACKEND_TYPE_AUTHORITY,PolkitBackendAuthorityClass)) +#define POLKIT_BACKEND_IS_AUTHORITY(o) (G_TYPE_CHECK_INSTANCE_TYPE ((o), POLKIT_BACKEND_TYPE_AUTHORITY)) +#define POLKIT_BACKEND_IS_AUTHORITY_CLASS(k) (G_TYPE_CHECK_CLASS_TYPE ((k), POLKIT_BACKEND_TYPE_AUTHORITY)) + +typedef struct _PolkitBackendAuthorityClass PolkitBackendAuthorityClass; + +/** + * POLKIT_BACKEND_AUTHORITY_EXTENSION_POINT_NAME: + * + * Extension point name for authority backend implementations. + */ +#define POLKIT_BACKEND_AUTHORITY_EXTENSION_POINT_NAME "polkit-backend-authority-1" + +/** + * PolkitBackendAuthority: + * + * The #PolkitBackendAuthority struct should not be accessed directly. + */ +struct _PolkitBackendAuthority +{ + GObject parent_instance; +}; + +/** + * PolkitBackendAuthorityClass: + * @parent_class: The parent class. + * @get_name: Function pointer for the polkit_backend_authority_get_name() function. + * @get_version: Function pointer for the polkit_backend_authority_get_version() function. + * @get_features: Function pointer for the polkit_backend_authority_get_features() function. + * @changed: Function pointer for #PolkitBackendAuthority::changed signal. + * @enumerate_actions: Enumerates registered actions on the + * system. See polkit_backend_authority_enumerate_actions() for + * details. + * @check_authorization: Called to initiate an asynchronous + * authorization check. See + * polkit_backend_authority_check_authorization() for details. + * @check_authorization_finish: Called when finishing an authorization + * check. See polkit_backend_authority_check_authorization_finish() + * for details. + * @register_authentication_agent: Called when an authentication agent + * is attempting to register or %NULL if the backend doesn't support + * the operation. See + * polkit_backend_authority_register_authentication_agent() for + * details. + * @unregister_authentication_agent: Called when an authentication + * agent is attempting to unregister or %NULL if the backend doesn't + * support the operation. See + * polkit_backend_authority_unregister_authentication_agent() for + * details. + * @authentication_agent_response: Called by an authentication agent + * when the user successfully authenticates or %NULL if the backend + * doesn't support the operation. See + * polkit_backend_authority_authentication_agent_response() for + * details. + * @enumerate_temporary_authorizations: Called to enumerate temporary + * authorizations or %NULL if the backend doesn't support the operation. + * See polkit_backend_authority_enumerate_temporary_authorizations() + * for details. + * @revoke_temporary_authorizations: Called to revoke temporary + * authorizations or %NULL if the backend doesn't support the operation. + * See polkit_backend_authority_revoke_temporary_authorizations() + * for details. + * @revoke_temporary_authorization_by_id: Called to revoke a temporary + * authorization identified by id or %NULL if the backend doesn't support + * the operation. See polkit_backend_authority_revoke_temporary_authorization_by_id() + * for details. + * + * Class structure for #PolkitBackendAuthority. + */ +struct _PolkitBackendAuthorityClass +{ + /*< public >*/ + GObjectClass parent_class; + + /* Signals */ + void (*changed) (PolkitBackendAuthority *authority); + + /* VTable */ + + const gchar *(*get_name) (PolkitBackendAuthority *authority); + const gchar *(*get_version) (PolkitBackendAuthority *authority); + PolkitAuthorityFeatures (*get_features) (PolkitBackendAuthority *authority); + + GList *(*enumerate_actions) (PolkitBackendAuthority *authority, + PolkitSubject *caller, + const gchar *locale, + GError **error); + + void (*check_authorization) (PolkitBackendAuthority *authority, + PolkitSubject *caller, + PolkitSubject *subject, + const gchar *action_id, + PolkitDetails *details, + PolkitCheckAuthorizationFlags flags, + GCancellable *cancellable, + GAsyncReadyCallback callback, + gpointer user_data); + + PolkitAuthorizationResult * (*check_authorization_finish) (PolkitBackendAuthority *authority, + GAsyncResult *res, + GError **error); + + gboolean (*register_authentication_agent) (PolkitBackendAuthority *authority, + PolkitSubject *caller, + PolkitSubject *subject, + const gchar *locale, + const gchar *object_path, + GVariant *options, + GError **error); + + gboolean (*unregister_authentication_agent) (PolkitBackendAuthority *authority, + PolkitSubject *caller, + PolkitSubject *subject, + const gchar *object_path, + GError **error); + + gboolean (*authentication_agent_response) (PolkitBackendAuthority *authority, + PolkitSubject *caller, + const gchar *cookie, + PolkitIdentity *identity, + GError **error); + + GList *(*enumerate_temporary_authorizations) (PolkitBackendAuthority *authority, + PolkitSubject *caller, + PolkitSubject *subject, + GError **error); + + gboolean (*revoke_temporary_authorizations) (PolkitBackendAuthority *authority, + PolkitSubject *caller, + PolkitSubject *subject, + GError **error); + + gboolean (*revoke_temporary_authorization_by_id) (PolkitBackendAuthority *authority, + PolkitSubject *caller, + const gchar *id, + GError **error); + + /*< private >*/ + /* Padding for future expansion */ + void (*_polkit_reserved1) (void); + void (*_polkit_reserved2) (void); + void (*_polkit_reserved3) (void); + void (*_polkit_reserved4) (void); + void (*_polkit_reserved5) (void); + void (*_polkit_reserved6) (void); + void (*_polkit_reserved7) (void); + void (*_polkit_reserved8) (void); + void (*_polkit_reserved9) (void); + void (*_polkit_reserved10) (void); + void (*_polkit_reserved11) (void); + void (*_polkit_reserved12) (void); + void (*_polkit_reserved13) (void); + void (*_polkit_reserved14) (void); + void (*_polkit_reserved15) (void); + void (*_polkit_reserved16) (void); + void (*_polkit_reserved17) (void); + void (*_polkit_reserved18) (void); + void (*_polkit_reserved19) (void); + void (*_polkit_reserved20) (void); + void (*_polkit_reserved21) (void); + void (*_polkit_reserved22) (void); + void (*_polkit_reserved23) (void); + void (*_polkit_reserved24) (void); + void (*_polkit_reserved25) (void); + void (*_polkit_reserved26) (void); + void (*_polkit_reserved27) (void); + void (*_polkit_reserved28) (void); + void (*_polkit_reserved29) (void); + void (*_polkit_reserved30) (void); + void (*_polkit_reserved31) (void); + void (*_polkit_reserved32) (void); +}; + +GType polkit_backend_authority_get_type (void) G_GNUC_CONST; + +/* --- */ + +const gchar *polkit_backend_authority_get_name (PolkitBackendAuthority *authority); +const gchar *polkit_backend_authority_get_version (PolkitBackendAuthority *authority); +PolkitAuthorityFeatures polkit_backend_authority_get_features (PolkitBackendAuthority *authority); + +void polkit_backend_authority_log (PolkitBackendAuthority *authority, + const gchar *format, + ...); + +GList *polkit_backend_authority_enumerate_actions (PolkitBackendAuthority *authority, + PolkitSubject *caller, + const gchar *locale, + GError **error); + +void polkit_backend_authority_check_authorization (PolkitBackendAuthority *authority, + PolkitSubject *caller, + PolkitSubject *subject, + const gchar *action_id, + PolkitDetails *details, + PolkitCheckAuthorizationFlags flags, + GCancellable *cancellable, + GAsyncReadyCallback callback, + gpointer user_data); + +PolkitAuthorizationResult *polkit_backend_authority_check_authorization_finish (PolkitBackendAuthority *authority, + GAsyncResult *res, + GError **error); + +gboolean polkit_backend_authority_register_authentication_agent (PolkitBackendAuthority *authority, + PolkitSubject *caller, + PolkitSubject *subject, + const gchar *locale, + const gchar *object_path, + GVariant *options, + GError **error); + +gboolean polkit_backend_authority_unregister_authentication_agent (PolkitBackendAuthority *authority, + PolkitSubject *caller, + PolkitSubject *subject, + const gchar *object_path, + GError **error); + +gboolean polkit_backend_authority_authentication_agent_response (PolkitBackendAuthority *authority, + PolkitSubject *caller, + const gchar *cookie, + PolkitIdentity *identity, + GError **error); + +GList *polkit_backend_authority_enumerate_temporary_authorizations (PolkitBackendAuthority *authority, + PolkitSubject *caller, + PolkitSubject *subject, + GError **error); + +gboolean polkit_backend_authority_revoke_temporary_authorizations (PolkitBackendAuthority *authority, + PolkitSubject *caller, + PolkitSubject *subject, + GError **error); + +gboolean polkit_backend_authority_revoke_temporary_authorization_by_id (PolkitBackendAuthority *authority, + PolkitSubject *caller, + const gchar *id, + GError **error); + +/* --- */ + +PolkitBackendAuthority *polkit_backend_authority_get (void); + +gpointer polkit_backend_authority_register (PolkitBackendAuthority *authority, + GDBusConnection *connection, + const gchar *object_path, + GError **error); + +void polkit_backend_authority_unregister (gpointer registration_id); + +G_END_DECLS + +#endif /* __POLKIT_BACKEND_AUTHORITY_H */ diff --git a/src/polkitbackend/polkitbackendconfigsource.c b/src/polkitbackend/polkitbackendconfigsource.c new file mode 100644 index 00000000..838bc6a3 --- /dev/null +++ b/src/polkitbackend/polkitbackendconfigsource.c @@ -0,0 +1,565 @@ +/* + * Copyright (C) 2008 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, write to the + * Free Software Foundation, Inc., 59 Temple Place, Suite 330, + * Boston, MA 02111-1307, USA. + * + * Author: David Zeuthen + */ + +#include "config.h" + +#include +#include "polkitbackendconfigsource.h" + +/* + * SECTION:polkitbackendconfigsource + * @title: PolkitBackendConfigSource + * @short_description: Access configuration files + * + * The #PolkitBackendConfigSource class is a utility class to read + * configuration data from a set of prioritized key-value files in a + * given directory. + */ + +struct _PolkitBackendConfigSourcePrivate +{ + GFile *directory; + + GFileMonitor *directory_monitor; + + /* sorted according to priority, higher priority is first */ + GList *key_files; + + gboolean has_data; +}; + +enum +{ + PROP_0, + PROP_DIRECTORY, +}; + +enum +{ + CHANGED_SIGNAL, + LAST_SIGNAL, +}; + +static guint signals[LAST_SIGNAL] = {0}; + +static void polkit_backend_config_source_purge (PolkitBackendConfigSource *source); + +static void polkit_backend_config_source_ensure (PolkitBackendConfigSource *source); + +G_DEFINE_TYPE (PolkitBackendConfigSource, polkit_backend_config_source, G_TYPE_OBJECT); + +/* ---------------------------------------------------------------------------------------------------- */ + +static void +polkit_backend_config_source_init (PolkitBackendConfigSource *source) +{ + source->priv = G_TYPE_INSTANCE_GET_PRIVATE (source, + POLKIT_BACKEND_TYPE_CONFIG_SOURCE, + PolkitBackendConfigSourcePrivate); +} + +static void +polkit_backend_config_source_finalize (GObject *object) +{ + PolkitBackendConfigSource *source = POLKIT_BACKEND_CONFIG_SOURCE (object); + + if (source->priv->directory != NULL) + g_object_unref (source->priv->directory); + + if (source->priv->directory_monitor != NULL) + g_object_unref (source->priv->directory_monitor); + + g_list_foreach (source->priv->key_files, (GFunc) g_key_file_free, NULL); + g_list_free (source->priv->key_files); + + if (G_OBJECT_CLASS (polkit_backend_config_source_parent_class)->finalize != NULL) + G_OBJECT_CLASS (polkit_backend_config_source_parent_class)->finalize (object); +} + + +static void +polkit_backend_config_source_get_property (GObject *object, + guint prop_id, + GValue *value, + GParamSpec *pspec) +{ + PolkitBackendConfigSource *source = POLKIT_BACKEND_CONFIG_SOURCE (object); + + switch (prop_id) + { + case PROP_DIRECTORY: + g_value_set_object (value, source->priv->directory); + break; + + default: + G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); + break; + } +} + +static void +polkit_backend_config_source_set_property (GObject *object, + guint prop_id, + const GValue *value, + GParamSpec *pspec) +{ + PolkitBackendConfigSource *source = POLKIT_BACKEND_CONFIG_SOURCE (object); + + switch (prop_id) + { + case PROP_DIRECTORY: + source->priv->directory = g_value_dup_object (value); + break; + + default: + G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); + break; + } +} + +static void +directory_monitor_changed (GFileMonitor *monitor, + GFile *file, + GFile *other_file, + GFileMonitorEvent event_type, + gpointer user_data) +{ + PolkitBackendConfigSource *source; + + source = POLKIT_BACKEND_CONFIG_SOURCE (user_data); + + if (file != NULL) + { + gchar *name; + + name = g_file_get_basename (file); + + //g_debug ("event_type=%d file=%p name=%s", event_type, file, name); + + if (!g_str_has_prefix (name, ".") && + !g_str_has_prefix (name, "#") && + g_str_has_suffix (name, ".conf") && + (event_type == G_FILE_MONITOR_EVENT_CREATED || + event_type == G_FILE_MONITOR_EVENT_DELETED || + event_type == G_FILE_MONITOR_EVENT_CHANGES_DONE_HINT)) + { + + //g_debug ("match"); + + /* now throw away all caches */ + polkit_backend_config_source_purge (source); + g_signal_emit_by_name (source, "changed"); + } + + g_free (name); + } +} + +static void +polkit_backend_config_source_constructed (GObject *object) +{ + PolkitBackendConfigSource *source = POLKIT_BACKEND_CONFIG_SOURCE (object); + GError *error; + + error = NULL; + source->priv->directory_monitor = g_file_monitor_directory (source->priv->directory, + G_FILE_MONITOR_NONE, + NULL, + &error); + if (source->priv->directory_monitor == NULL) + { + gchar *dir_name; + dir_name = g_file_get_uri (source->priv->directory); + g_warning ("Error monitoring directory %s: %s", dir_name, error->message); + g_free (dir_name); + g_error_free (error); + } + else + { + g_signal_connect (source->priv->directory_monitor, + "changed", + (GCallback) directory_monitor_changed, + source); + } + + if (G_OBJECT_CLASS (polkit_backend_config_source_parent_class)->constructed != NULL) + G_OBJECT_CLASS (polkit_backend_config_source_parent_class)->constructed (object); +} + +static void +polkit_backend_config_source_class_init (PolkitBackendConfigSourceClass *klass) +{ + GObjectClass *gobject_class; + + gobject_class = G_OBJECT_CLASS (klass); + + gobject_class->get_property = polkit_backend_config_source_get_property; + gobject_class->set_property = polkit_backend_config_source_set_property; + gobject_class->constructed = polkit_backend_config_source_constructed; + gobject_class->finalize = polkit_backend_config_source_finalize; + + g_type_class_add_private (klass, sizeof (PolkitBackendConfigSourcePrivate)); + + /** + * PolkitBackendConfigSource:directory: + * + * The directory to watch for configuration files. + */ + g_object_class_install_property (gobject_class, + PROP_DIRECTORY, + g_param_spec_object ("directory", + "Directory", + "The directory to watch for configuration files", + G_TYPE_FILE, + G_PARAM_CONSTRUCT_ONLY | + G_PARAM_READWRITE | + G_PARAM_STATIC_NAME | + G_PARAM_STATIC_BLURB | + G_PARAM_STATIC_NICK)); + + /** + * PolkitBackendConfiguSource::changed: + * @source: A #PolkitBackendConfigSource. + * + * Emitted when configuration files in #PolkitBackendConfiguSource:directory changes. + */ + signals[CHANGED_SIGNAL] = g_signal_new ("changed", + POLKIT_BACKEND_TYPE_CONFIG_SOURCE, + G_SIGNAL_RUN_LAST, + G_STRUCT_OFFSET (PolkitBackendConfigSourceClass, changed), + NULL, + NULL, + g_cclosure_marshal_VOID__VOID, + G_TYPE_NONE, + 0); +} + +/** + * polkit_backend_config_source_new: + * @directory: The directory to watch. + * + * Creates a new #PolkitBackendConfigSource object that reads + * configuration from @directory. To watch for configuration changes, + * connect to the #PolkitBackendConfigSource::changed signal. + * + * Returns: A #PolkitBackendConfigSource for @directory. Free with + * g_object_unref(). + **/ +PolkitBackendConfigSource * +polkit_backend_config_source_new (GFile *directory) +{ + PolkitBackendConfigSource *source; + + source = POLKIT_BACKEND_CONFIG_SOURCE (g_object_new (POLKIT_BACKEND_TYPE_CONFIG_SOURCE, + "directory", directory, + NULL)); + + return source; +} + +static void +polkit_backend_config_source_purge (PolkitBackendConfigSource *source) +{ + g_list_foreach (source->priv->key_files, (GFunc) g_key_file_free, NULL); + g_list_free (source->priv->key_files); + source->priv->key_files = NULL; + + source->priv->has_data = FALSE; +} + +static gint +compare_filename (GFile *a, GFile *b) +{ + gchar *a_uri; + gchar *b_uri; + gint ret; + + a_uri = g_file_get_uri (a); + b_uri = g_file_get_uri (b); + + /* TODO: use ASCII sort function? */ + ret = -g_strcmp0 (a_uri, b_uri); + + return ret; +} + +static void +polkit_backend_config_source_ensure (PolkitBackendConfigSource *source) +{ + GFileEnumerator *enumerator; + GFileInfo *file_info; + GError *error; + GList *files; + GList *l; + + files = NULL; + + if (source->priv->has_data) + goto out; + + polkit_backend_config_source_purge (source); + + error = NULL; + enumerator = g_file_enumerate_children (source->priv->directory, + "standard::name", + G_FILE_QUERY_INFO_NONE, + NULL, + &error); + if (enumerator == NULL) + { + gchar *dir_name; + dir_name = g_file_get_uri (source->priv->directory); + g_warning ("Error enumerating files in %s: %s", dir_name, error->message); + g_free (dir_name); + g_error_free (error); + goto out; + } + + while ((file_info = g_file_enumerator_next_file (enumerator, NULL, &error)) != NULL) + { + const gchar *name; + + name = g_file_info_get_name (file_info); + + /* only consider files ending in .conf */ + if (g_str_has_suffix (name, ".conf")) + files = g_list_prepend (files, g_file_get_child (source->priv->directory, name)); + + g_object_unref (file_info); + } + g_object_unref (enumerator); + if (error != NULL) + { + g_warning ("Error enumerating files: %s", error->message); + g_error_free (error); + goto out; + } + + files = g_list_sort (files, (GCompareFunc) compare_filename); + + /* process files; highest priority comes first */ + for (l = files; l != NULL; l = l->next) + { + GFile *file = G_FILE (l->data); + gchar *filename; + GKeyFile *key_file; + + filename = g_file_get_path (file); + + key_file = g_key_file_new (); + + error = NULL; + if (!g_key_file_load_from_file (key_file, + filename, + G_KEY_FILE_NONE, + NULL)) + { + g_warning ("Error loading key-file %s: %s", filename, error->message); + g_error_free (error); + error = NULL; + g_key_file_free (key_file); + } + else + { + source->priv->key_files = g_list_prepend (source->priv->key_files, key_file); + } + + g_free (filename); + } + + source->priv->key_files = g_list_reverse (source->priv->key_files); + source->priv->has_data = TRUE; + + out: + g_list_foreach (files, (GFunc) g_object_unref, NULL); + g_list_free (files); +} + +static GKeyFile * +find_key_file (PolkitBackendConfigSource *source, + const gchar *group, + const gchar *key, + GError **error) +{ + GList *l; + GKeyFile *ret; + + ret = NULL; + + for (l = source->priv->key_files; l != NULL; l = l->next) + { + GKeyFile *key_file = l->data; + + if (g_key_file_has_key (key_file, group, key, NULL)) + { + ret = key_file; + goto out; + } + } + + out: + if (ret == NULL) + g_set_error_literal (error, + G_KEY_FILE_ERROR, + G_KEY_FILE_ERROR_NOT_FOUND, + "Group/Key combo not found in any config file"); + return ret; +} + +/** + * polkit_backend_config_source_get_integer: + * @source: A PolkitBackendConfigSource. + * @group: A group name. + * @key: A key name. + * @error: Return location for error or %NULL. + * + * Gets the value associated with @key under @group_name. + * + * Returns: The value or 0 if @error is set. + **/ +gint +polkit_backend_config_source_get_integer (PolkitBackendConfigSource *source, + const gchar *group, + const gchar *key, + GError **error) +{ + GKeyFile *key_file; + + polkit_backend_config_source_ensure (source); + + key_file = find_key_file (source, group, key, error); + if (key_file == NULL) + return 0; + + return g_key_file_get_integer (key_file, group, key, error); +} + +/** + * polkit_backend_config_source_get_boolean: + * @source: A PolkitBackendConfigSource. + * @group: A group name. + * @key: A key name. + * @error: Return location for error or %NULL. + * + * Gets the value associated with @key under @group_name. + * + * Returns: The value or %FALSE if @error is set. + **/ +gboolean +polkit_backend_config_source_get_boolean (PolkitBackendConfigSource *source, + const gchar *group, + const gchar *key, + GError **error) +{ + GKeyFile *key_file; + + polkit_backend_config_source_ensure (source); + + key_file = find_key_file (source, group, key, error); + if (key_file == NULL) + return FALSE; + + return g_key_file_get_boolean (key_file, group, key, error); +} + +/** + * polkit_backend_config_source_get_double: + * @source: A PolkitBackendConfigSource. + * @group: A group name. + * @key: A key name. + * @error: Return location for error or %NULL. + * + * Gets the value associated with @key under @group_name. + * + * Returns: The value or 0.0 if @error is set. + **/ +gdouble +polkit_backend_config_source_get_double (PolkitBackendConfigSource *source, + const gchar *group, + const gchar *key, + GError **error) +{ + GKeyFile *key_file; + + polkit_backend_config_source_ensure (source); + + key_file = find_key_file (source, group, key, error); + if (key_file == NULL) + return 0.0; + + return g_key_file_get_double (key_file, group, key, error); +} + +/** + * polkit_backend_config_source_get_string: + * @source: A PolkitBackendConfigSource. + * @group: A group name. + * @key: A key name. + * @error: Return location for error or %NULL. + * + * Gets the value associated with @key under @group_name. + * + * Returns: The value or %NULL if @error is set. + **/ +gchar * +polkit_backend_config_source_get_string (PolkitBackendConfigSource *source, + const gchar *group, + const gchar *key, + GError **error) +{ + GKeyFile *key_file; + + polkit_backend_config_source_ensure (source); + + key_file = find_key_file (source, group, key, error); + if (key_file == NULL) + return NULL; + + return g_key_file_get_string (key_file, group, key, error); +} + +/** + * polkit_backend_config_source_get_string_list: + * @source: A PolkitBackendConfigSource. + * @group: A group name. + * @key: A key name. + * @error: Return location for error or %NULL. + * + * Gets the values associated with @key under @group_name. + * + * Returns: The value or %NULL if @error is set. + **/ +gchar ** +polkit_backend_config_source_get_string_list (PolkitBackendConfigSource *source, + const gchar *group, + const gchar *key, + GError **error) +{ + GKeyFile *key_file; + + polkit_backend_config_source_ensure (source); + + key_file = find_key_file (source, group, key, error); + if (key_file == NULL) + return NULL; + + return g_key_file_get_string_list (key_file, group, key, NULL, error); +} diff --git a/src/polkitbackend/polkitbackendconfigsource.h b/src/polkitbackend/polkitbackendconfigsource.h new file mode 100644 index 00000000..f9a48c80 --- /dev/null +++ b/src/polkitbackend/polkitbackendconfigsource.h @@ -0,0 +1,98 @@ +/* + * Copyright (C) 2008 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, write to the + * Free Software Foundation, Inc., 59 Temple Place, Suite 330, + * Boston, MA 02111-1307, USA. + * + * Author: David Zeuthen + */ + +#if !defined (_POLKIT_BACKEND_COMPILATION) || defined(_POLKIT_BACKEND_INSIDE_POLKIT_BACKEND_H) +#error "This is a private header file." +#endif + +#ifndef __POLKIT_BACKEND_CONFIG_SOURCE_H +#define __POLKIT_BACKEND_CONFIG_SOURCE_H + +#include +#include +#include + +G_BEGIN_DECLS + +#define POLKIT_BACKEND_TYPE_CONFIG_SOURCE (polkit_backend_config_source_get_type ()) +#define POLKIT_BACKEND_CONFIG_SOURCE(o) (G_TYPE_CHECK_INSTANCE_CAST ((o), POLKIT_BACKEND_TYPE_CONFIG_SOURCE, PolkitBackendConfigSource)) +#define POLKIT_BACKEND_CONFIG_SOURCE_CLASS(k) (G_TYPE_CHECK_CLASS_CAST ((k), POLKIT_BACKEND_TYPE_CONFIG_SOURCE, PolkitBackendConfigSourceClass)) +#define POLKIT_BACKEND_CONFIG_SOURCE_GET_CLASS(o) (G_TYPE_INSTANCE_GET_CLASS ((o), POLKIT_BACKEND_TYPE_CONFIG_SOURCE,PolkitBackendConfigSourceClass)) +#define POLKIT_BACKEND_IS_CONFIG_SOURCE(o) (G_TYPE_CHECK_INSTANCE_TYPE ((o), POLKIT_BACKEND_TYPE_CONFIG_SOURCE)) +#define POLKIT_BACKEND_IS_CONFIG_SOURCE_CLASS(k) (G_TYPE_CHECK_CLASS_TYPE ((k), POLKIT_BACKEND_TYPE_CONFIG_SOURCE)) + +typedef struct _PolkitBackendConfigSource PolkitBackendConfigSource; +typedef struct _PolkitBackendConfigSourceClass PolkitBackendConfigSourceClass; +typedef struct _PolkitBackendConfigSourcePrivate PolkitBackendConfigSourcePrivate; + +struct _PolkitBackendConfigSource +{ + GObject parent_instance; + PolkitBackendConfigSourcePrivate *priv; +}; + +struct _PolkitBackendConfigSourceClass +{ + /*< public >*/ + GObjectClass parent_class; + + /* Signals */ + void (*changed) (PolkitBackendConfigSource *config_source); + + /*< private >*/ + /* Padding for future expansion */ + void (*_polkit_reserved1) (void); + void (*_polkit_reserved2) (void); + void (*_polkit_reserved3) (void); + void (*_polkit_reserved4) (void); + void (*_polkit_reserved5) (void); + void (*_polkit_reserved6) (void); + void (*_polkit_reserved7) (void); + void (*_polkit_reserved8) (void); +}; + +GType polkit_backend_config_source_get_type (void) G_GNUC_CONST; +PolkitBackendConfigSource *polkit_backend_config_source_new (GFile *directory); +gint polkit_backend_config_source_get_integer (PolkitBackendConfigSource *source, + const gchar *group, + const gchar *key, + GError **error); +gboolean polkit_backend_config_source_get_boolean (PolkitBackendConfigSource *source, + const gchar *group, + const gchar *key, + GError **error); +gdouble polkit_backend_config_source_get_double (PolkitBackendConfigSource *source, + const gchar *group, + const gchar *key, + GError **error); +gchar *polkit_backend_config_source_get_string (PolkitBackendConfigSource *source, + const gchar *group, + const gchar *key, + GError **error); +gchar **polkit_backend_config_source_get_string_list (PolkitBackendConfigSource *source, + const gchar *group, + const gchar *key, + GError **error); + +G_END_DECLS + +#endif /* __POLKIT_BACKEND_CONFIG_SOURCE_H */ + diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c new file mode 100644 index 00000000..b237e9db --- /dev/null +++ b/src/polkitbackend/polkitbackendinteractiveauthority.c @@ -0,0 +1,3259 @@ +/* + * Copyright (C) 2008 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, write to the + * Free Software Foundation, Inc., 59 Temple Place, Suite 330, + * Boston, MA 02111-1307, USA. + * + * Author: David Zeuthen + */ + +#include "config.h" +#include +#include +#include +#include +#include +#include + +#include +#include "polkitbackendinteractiveauthority.h" +#include "polkitbackendactionpool.h" +#include "polkitbackendsessionmonitor.h" +#include "polkitbackendconfigsource.h" + +#include + +/** + * SECTION:polkitbackendinteractiveauthority + * @title: PolkitBackendInteractiveAuthority + * @short_description: Interactive Authority + * @stability: Unstable + * + * An subclass of #PolkitBackendAuthority that supports interaction + * with authentication agents. + */ + +/* ---------------------------------------------------------------------------------------------------- */ + +typedef struct TemporaryAuthorizationStore TemporaryAuthorizationStore; + +static TemporaryAuthorizationStore *temporary_authorization_store_new (PolkitBackendInteractiveAuthority *authority); +static void temporary_authorization_store_free (TemporaryAuthorizationStore *store); + +static gboolean temporary_authorization_store_has_authorization (TemporaryAuthorizationStore *store, + PolkitSubject *subject, + const gchar *action_id, + const gchar **out_tmp_authz_id); + +static const gchar *temporary_authorization_store_add_authorization (TemporaryAuthorizationStore *store, + PolkitSubject *subject, + PolkitSubject *session, + const gchar *action_id); + +static void temporary_authorization_store_remove_authorizations_for_system_bus_name (TemporaryAuthorizationStore *store, + const gchar *name); + +/* ---------------------------------------------------------------------------------------------------- */ + +struct AuthenticationAgent; +typedef struct AuthenticationAgent AuthenticationAgent; + +struct AuthenticationSession; +typedef struct AuthenticationSession AuthenticationSession; + +typedef void (*AuthenticationAgentCallback) (AuthenticationAgent *agent, + PolkitSubject *subject, + PolkitIdentity *user_of_subject, + PolkitSubject *caller, + PolkitBackendInteractiveAuthority *authority, + const gchar *action_id, + PolkitImplicitAuthorization implicit_authorization, + gboolean authentication_success, + gboolean was_dismissed, + PolkitIdentity *authenticated_identity, + gpointer user_data); + +static AuthenticationAgent *authentication_agent_ref (AuthenticationAgent *agent); +static void authentication_agent_unref (AuthenticationAgent *agent); + +static void authentication_agent_initiate_challenge (AuthenticationAgent *agent, + PolkitSubject *subject, + PolkitIdentity *user_of_subject, + PolkitBackendInteractiveAuthority *authority, + const gchar *action_id, + PolkitDetails *details, + PolkitSubject *caller, + PolkitImplicitAuthorization implicit_authorization, + GCancellable *cancellable, + AuthenticationAgentCallback callback, + gpointer user_data); + +static PolkitSubject *authentication_agent_get_scope (AuthenticationAgent *agent); + +static AuthenticationAgent *get_authentication_agent_for_subject (PolkitBackendInteractiveAuthority *authority, + PolkitSubject *subject); + + +static AuthenticationSession *get_authentication_session_for_cookie (PolkitBackendInteractiveAuthority *authority, + const gchar *cookie); + +static GList *get_authentication_sessions_initiated_by_system_bus_unique_name (PolkitBackendInteractiveAuthority *authority, + const gchar *system_bus_unique_name); + +static void authentication_session_cancel (AuthenticationSession *session); + +/* ---------------------------------------------------------------------------------------------------- */ + +static void polkit_backend_interactive_authority_system_bus_name_owner_changed (PolkitBackendInteractiveAuthority *authority, + const gchar *name, + const gchar *old_owner, + const gchar *new_owner); + +static GList *polkit_backend_interactive_authority_enumerate_actions (PolkitBackendAuthority *authority, + PolkitSubject *caller, + const gchar *locale, + GError **error); + +static void polkit_backend_interactive_authority_check_authorization (PolkitBackendAuthority *authority, + PolkitSubject *caller, + PolkitSubject *subject, + const gchar *action_id, + PolkitDetails *details, + PolkitCheckAuthorizationFlags flags, + GCancellable *cancellable, + GAsyncReadyCallback callback, + gpointer user_data); + +static PolkitAuthorizationResult *polkit_backend_interactive_authority_check_authorization_finish ( + PolkitBackendAuthority *authority, + GAsyncResult *res, + GError **error); + +static PolkitAuthorizationResult *check_authorization_sync (PolkitBackendAuthority *authority, + PolkitSubject *caller, + PolkitSubject *subject, + const gchar *action_id, + PolkitDetails *details, + PolkitCheckAuthorizationFlags flags, + PolkitImplicitAuthorization *out_implicit_authorization, + gboolean checking_imply, + GError **error); + +static gboolean polkit_backend_interactive_authority_register_authentication_agent (PolkitBackendAuthority *authority, + PolkitSubject *caller, + PolkitSubject *subject, + const gchar *locale, + const gchar *object_path, + GVariant *options, + GError **error); + +static gboolean polkit_backend_interactive_authority_unregister_authentication_agent (PolkitBackendAuthority *authority, + PolkitSubject *caller, + PolkitSubject *subject, + const gchar *object_path, + GError **error); + +static gboolean polkit_backend_interactive_authority_authentication_agent_response (PolkitBackendAuthority *authority, + PolkitSubject *caller, + const gchar *cookie, + PolkitIdentity *identity, + GError **error); + +static GList *polkit_backend_interactive_authority_enumerate_temporary_authorizations (PolkitBackendAuthority *authority, + PolkitSubject *caller, + PolkitSubject *subject, + GError **error); + + +static gboolean polkit_backend_interactive_authority_revoke_temporary_authorizations (PolkitBackendAuthority *authority, + PolkitSubject *caller, + PolkitSubject *subject, + GError **error); + +static gboolean polkit_backend_interactive_authority_revoke_temporary_authorization_by_id (PolkitBackendAuthority *authority, + PolkitSubject *caller, + const gchar *id, + GError **error); + + +/* ---------------------------------------------------------------------------------------------------- */ + +typedef struct +{ + PolkitBackendActionPool *action_pool; + + PolkitBackendSessionMonitor *session_monitor; + + TemporaryAuthorizationStore *temporary_authorization_store; + + /* Maps from PolkitSubject* to AuthenticationAgent* - currently the + * following PolkitSubject-derived types are used + * + * - PolkitSystemBusName - for authentication agents handling interaction for a single well-known name + * - typically pkexec(1) launched via e.g. ssh(1) or login(1) + * + * - PolkitUnixSession - for authentication agents handling interaction for a whole login session + * - typically a desktop environment session + * + */ + GHashTable *hash_scope_to_authentication_agent; + + GDBusConnection *system_bus_connection; + guint name_owner_changed_signal_id; +} PolkitBackendInteractiveAuthorityPrivate; + +/* ---------------------------------------------------------------------------------------------------- */ + +G_DEFINE_TYPE (PolkitBackendInteractiveAuthority, + polkit_backend_interactive_authority, + POLKIT_BACKEND_TYPE_AUTHORITY); + +#define POLKIT_BACKEND_INTERACTIVE_AUTHORITY_GET_PRIVATE(o) (G_TYPE_INSTANCE_GET_PRIVATE ((o), POLKIT_BACKEND_TYPE_INTERACTIVE_AUTHORITY, PolkitBackendInteractiveAuthorityPrivate)) + +/* ---------------------------------------------------------------------------------------------------- */ + +static void +action_pool_changed (PolkitBackendActionPool *action_pool, + PolkitBackendInteractiveAuthority *authority) +{ + g_signal_emit_by_name (authority, "changed"); +} + + +/* ---------------------------------------------------------------------------------------------------- */ + +static void +on_name_owner_changed_signal (GDBusConnection *connection, + const gchar *sender_name, + const gchar *object_path, + const gchar *interface_name, + const gchar *signal_name, + GVariant *parameters, + gpointer user_data) +{ + PolkitBackendInteractiveAuthority *authority = POLKIT_BACKEND_INTERACTIVE_AUTHORITY (user_data); + const gchar *name; + const gchar *old_owner; + const gchar *new_owner; + + g_variant_get (parameters, + "(&s&s&s)", + &name, + &old_owner, + &new_owner); + + polkit_backend_interactive_authority_system_bus_name_owner_changed (authority, + name, + old_owner, + new_owner); +} + +/* ---------------------------------------------------------------------------------------------------- */ + +static void +on_session_monitor_changed (PolkitBackendSessionMonitor *monitor, + gpointer user_data) +{ + PolkitBackendInteractiveAuthority *authority = POLKIT_BACKEND_INTERACTIVE_AUTHORITY (user_data); + g_signal_emit_by_name (authority, "changed"); +} + +static void +polkit_backend_interactive_authority_init (PolkitBackendInteractiveAuthority *authority) +{ + PolkitBackendInteractiveAuthorityPrivate *priv; + GFile *directory; + GError *error; + static volatile GQuark domain = 0; + + /* Force registering error domain */ + domain = POLKIT_ERROR; domain; + + priv = POLKIT_BACKEND_INTERACTIVE_AUTHORITY_GET_PRIVATE (authority); + + directory = g_file_new_for_path (PACKAGE_DATA_DIR "/polkit-1/actions"); + priv->action_pool = polkit_backend_action_pool_new (directory); + g_object_unref (directory); + g_signal_connect (priv->action_pool, + "changed", + (GCallback) action_pool_changed, + authority); + + priv->temporary_authorization_store = temporary_authorization_store_new (authority); + + priv->hash_scope_to_authentication_agent = g_hash_table_new_full ((GHashFunc) polkit_subject_hash, + (GEqualFunc) polkit_subject_equal, + (GDestroyNotify) g_object_unref, + (GDestroyNotify) authentication_agent_unref); + + priv->session_monitor = polkit_backend_session_monitor_new (); + g_signal_connect (priv->session_monitor, + "changed", + G_CALLBACK (on_session_monitor_changed), + authority); + + error = NULL; + priv->system_bus_connection = g_bus_get_sync (G_BUS_TYPE_SYSTEM, NULL, &error); + if (priv->system_bus_connection == NULL) + { + g_warning ("Error getting system bus: %s", error->message); + g_error_free (error); + } + else + { + /* TODO: this is a bit inefficient */ + priv->name_owner_changed_signal_id = + g_dbus_connection_signal_subscribe (priv->system_bus_connection, + "org.freedesktop.DBus", /* sender */ + "org.freedesktop.DBus", /* interface */ + "NameOwnerChanged", /* member */ + "/org/freedesktop/DBus", /* path */ + NULL, /* arg0 */ + G_DBUS_SIGNAL_FLAGS_NONE, + on_name_owner_changed_signal, + authority, + NULL); /* GDestroyNotify */ + } +} + +static void +polkit_backend_interactive_authority_finalize (GObject *object) +{ + PolkitBackendInteractiveAuthority *interactive_authority; + PolkitBackendInteractiveAuthorityPrivate *priv; + + interactive_authority = POLKIT_BACKEND_INTERACTIVE_AUTHORITY (object); + priv = POLKIT_BACKEND_INTERACTIVE_AUTHORITY_GET_PRIVATE (interactive_authority); + + if (priv->name_owner_changed_signal_id > 0) + g_dbus_connection_signal_unsubscribe (priv->system_bus_connection, priv->name_owner_changed_signal_id); + + if (priv->system_bus_connection != NULL) + g_object_unref (priv->system_bus_connection); + + if (priv->action_pool != NULL) + g_object_unref (priv->action_pool); + + if (priv->session_monitor != NULL) + g_object_unref (priv->session_monitor); + + temporary_authorization_store_free (priv->temporary_authorization_store); + + g_hash_table_unref (priv->hash_scope_to_authentication_agent); + + G_OBJECT_CLASS (polkit_backend_interactive_authority_parent_class)->finalize (object); +} + +static const gchar * +polkit_backend_interactive_authority_get_name (PolkitBackendAuthority *authority) +{ + return "interactive"; +} + +static const gchar * +polkit_backend_interactive_authority_get_version (PolkitBackendAuthority *authority) +{ + return PACKAGE_VERSION; +} + +static PolkitAuthorityFeatures +polkit_backend_interactive_authority_get_features (PolkitBackendAuthority *authority) +{ + return POLKIT_AUTHORITY_FEATURES_TEMPORARY_AUTHORIZATION; +} + +static void +polkit_backend_interactive_authority_class_init (PolkitBackendInteractiveAuthorityClass *klass) +{ + GObjectClass *gobject_class; + PolkitBackendAuthorityClass *authority_class; + + gobject_class = G_OBJECT_CLASS (klass); + authority_class = POLKIT_BACKEND_AUTHORITY_CLASS (klass); + + gobject_class->finalize = polkit_backend_interactive_authority_finalize; + + authority_class->get_name = polkit_backend_interactive_authority_get_name; + authority_class->get_version = polkit_backend_interactive_authority_get_version; + authority_class->get_features = polkit_backend_interactive_authority_get_features; + authority_class->enumerate_actions = polkit_backend_interactive_authority_enumerate_actions; + authority_class->check_authorization = polkit_backend_interactive_authority_check_authorization; + authority_class->check_authorization_finish = polkit_backend_interactive_authority_check_authorization_finish; + authority_class->register_authentication_agent = polkit_backend_interactive_authority_register_authentication_agent; + authority_class->unregister_authentication_agent = polkit_backend_interactive_authority_unregister_authentication_agent; + authority_class->authentication_agent_response = polkit_backend_interactive_authority_authentication_agent_response; + authority_class->enumerate_temporary_authorizations = polkit_backend_interactive_authority_enumerate_temporary_authorizations; + authority_class->revoke_temporary_authorizations = polkit_backend_interactive_authority_revoke_temporary_authorizations; + authority_class->revoke_temporary_authorization_by_id = polkit_backend_interactive_authority_revoke_temporary_authorization_by_id; + + + + g_type_class_add_private (klass, sizeof (PolkitBackendInteractiveAuthorityPrivate)); +} + +/* ---------------------------------------------------------------------------------------------------- */ + +static GList * +polkit_backend_interactive_authority_enumerate_actions (PolkitBackendAuthority *authority, + PolkitSubject *caller, + const gchar *interactivee, + GError **error) +{ + PolkitBackendInteractiveAuthority *interactive_authority; + PolkitBackendInteractiveAuthorityPrivate *priv; + GList *actions; + + interactive_authority = POLKIT_BACKEND_INTERACTIVE_AUTHORITY (authority); + priv = POLKIT_BACKEND_INTERACTIVE_AUTHORITY_GET_PRIVATE (interactive_authority); + + actions = polkit_backend_action_pool_get_all_actions (priv->action_pool, interactivee); + + return actions; +} + +/* ---------------------------------------------------------------------------------------------------- */ + +struct AuthenticationAgent +{ + volatile gint ref_count; + + PolkitSubject *scope; + + gchar *locale; + GVariant *registration_options; + gchar *object_path; + gchar *unique_system_bus_name; + + GDBusProxy *proxy; + + GList *active_sessions; +}; + +/* TODO: should probably move to PolkitSubject + * (also see copy in src/programs/pkcheck.c) + * + * Also, can't really trust the cmdline... but might be useful in the logs anyway. + */ +static gchar * +_polkit_subject_get_cmdline (PolkitSubject *subject) +{ + PolkitSubject *process; + gchar *ret; + gint pid; + gchar *filename; + gchar *contents; + gsize contents_len; + GError *error; + guint n; + + g_return_val_if_fail (subject != NULL, NULL); + + error = NULL; + + ret = NULL; + process = NULL; + filename = NULL; + contents = NULL; + + if (POLKIT_IS_UNIX_PROCESS (subject)) + { + process = g_object_ref (subject); + } + else if (POLKIT_IS_SYSTEM_BUS_NAME (subject)) + { + process = polkit_system_bus_name_get_process_sync (POLKIT_SYSTEM_BUS_NAME (subject), + NULL, + &error); + if (process == NULL) + { + g_printerr ("Error getting process for system bus name `%s': %s\n", + polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (subject)), + error->message); + g_error_free (error); + goto out; + } + } + else + { + g_warning ("Unknown subject type passed to _polkit_subject_get_cmdline()"); + goto out; + } + + pid = polkit_unix_process_get_pid (POLKIT_UNIX_PROCESS (process)); + + filename = g_strdup_printf ("/proc/%d/cmdline", pid); + + if (!g_file_get_contents (filename, + &contents, + &contents_len, + &error)) + { + g_printerr ("Error opening `%s': %s\n", + filename, + error->message); + g_error_free (error); + goto out; + } + + if (contents == NULL || contents_len == 0) + { + goto out; + } + else + { + /* The kernel uses '\0' to separate arguments - replace those with a space. */ + for (n = 0; n < contents_len - 1; n++) + { + if (contents[n] == '\0') + contents[n] = ' '; + } + ret = g_strdup (contents); + g_strstrip (ret); + } + + out: + g_free (filename); + g_free (contents); + if (process != NULL) + g_object_unref (process); + return ret; +} + +/* TODO: possibly remove this function altogether */ +G_GNUC_UNUSED static void +log_result (PolkitBackendInteractiveAuthority *authority, + const gchar *action_id, + PolkitSubject *subject, + PolkitSubject *caller, + PolkitAuthorizationResult *result) +{ + PolkitBackendInteractiveAuthorityPrivate *priv; + PolkitIdentity *user_of_subject; + const gchar *log_result_str; + gchar *subject_str; + gchar *user_of_subject_str; + gchar *caller_str; + gchar *subject_cmdline; + gchar *caller_cmdline; + + priv = POLKIT_BACKEND_INTERACTIVE_AUTHORITY_GET_PRIVATE (authority); + + log_result_str = "DENYING"; + if (polkit_authorization_result_get_is_authorized (result)) + log_result_str = "ALLOWING"; + + user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, subject, NULL); + + subject_str = polkit_subject_to_string (subject); + user_of_subject_str = polkit_identity_to_string (user_of_subject); + caller_str = polkit_subject_to_string (caller); + + subject_cmdline = _polkit_subject_get_cmdline (subject); + if (subject_cmdline == NULL) + subject_cmdline = g_strdup (""); + + caller_cmdline = _polkit_subject_get_cmdline (caller); + if (caller_cmdline == NULL) + caller_cmdline = g_strdup (""); + + polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority), + "%s action %s for %s [%s] owned by %s (check requested by %s [%s])", + log_result_str, + action_id, + subject_str, + subject_cmdline, + user_of_subject_str, + caller_str, + caller_cmdline); + + if (user_of_subject != NULL) + g_object_unref (user_of_subject); + g_free (subject_str); + g_free (user_of_subject_str); + g_free (caller_str); + g_free (subject_cmdline); + g_free (caller_cmdline); +} + +static void +check_authorization_challenge_cb (AuthenticationAgent *agent, + PolkitSubject *subject, + PolkitIdentity *user_of_subject, + PolkitSubject *caller, + PolkitBackendInteractiveAuthority *authority, + const gchar *action_id, + PolkitImplicitAuthorization implicit_authorization, + gboolean authentication_success, + gboolean was_dismissed, + PolkitIdentity *authenticated_identity, + gpointer user_data) +{ + GSimpleAsyncResult *simple = G_SIMPLE_ASYNC_RESULT (user_data); + PolkitBackendInteractiveAuthorityPrivate *priv; + PolkitAuthorizationResult *result; + gchar *scope_str; + gchar *subject_str; + gchar *user_of_subject_str; + gchar *authenticated_identity_str; + gchar *subject_cmdline; + gboolean is_temp; + PolkitDetails *details; + + priv = POLKIT_BACKEND_INTERACTIVE_AUTHORITY_GET_PRIVATE (authority); + + result = NULL; + + scope_str = polkit_subject_to_string (agent->scope); + subject_str = polkit_subject_to_string (subject); + user_of_subject_str = polkit_identity_to_string (user_of_subject); + authenticated_identity_str = NULL; + if (authenticated_identity != NULL) + authenticated_identity_str = polkit_identity_to_string (authenticated_identity); + + subject_cmdline = _polkit_subject_get_cmdline (subject); + if (subject_cmdline == NULL) + subject_cmdline = g_strdup (""); + + g_debug ("In check_authorization_challenge_cb\n" + " subject %s\n" + " action_id %s\n" + " was_dismissed %d\n" + " authentication_success %d\n", + subject_str, + action_id, + was_dismissed, + authentication_success); + + details = polkit_details_new (); + if (implicit_authorization == POLKIT_IMPLICIT_AUTHORIZATION_AUTHENTICATION_REQUIRED_RETAINED || + implicit_authorization == POLKIT_IMPLICIT_AUTHORIZATION_ADMINISTRATOR_AUTHENTICATION_REQUIRED_RETAINED) + polkit_details_insert (details, "polkit.retains_authorization_after_challenge", "true"); + + is_temp = FALSE; + if (authentication_success) + { + /* store temporary authorization depending on value of implicit_authorization */ + if (implicit_authorization == POLKIT_IMPLICIT_AUTHORIZATION_AUTHENTICATION_REQUIRED_RETAINED || + implicit_authorization == POLKIT_IMPLICIT_AUTHORIZATION_ADMINISTRATOR_AUTHENTICATION_REQUIRED_RETAINED) + { + const gchar *id; + + is_temp = TRUE; + + id = temporary_authorization_store_add_authorization (priv->temporary_authorization_store, + subject, + authentication_agent_get_scope (agent), + action_id); + + polkit_details_insert (details, "polkit.temporary_authorization_id", id); + + /* we've added a temporary authorization, let the user know */ + g_signal_emit_by_name (authority, "changed"); + } + result = polkit_authorization_result_new (TRUE, FALSE, details); + } + else + { + /* TODO: maybe return set is_challenge? */ + if (was_dismissed) + polkit_details_insert (details, "polkit.dismissed", "true"); + result = polkit_authorization_result_new (FALSE, FALSE, details); + } + + /* Log the event */ + if (authentication_success) + { + if (is_temp) + { + polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority), + "Operator of %s successfully authenticated as %s to gain " + "TEMPORARY authorization for action %s for %s [%s] (owned by %s)", + scope_str, + authenticated_identity_str, + action_id, + subject_str, + subject_cmdline, + user_of_subject_str); + } + else + { + polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority), + "Operator of %s successfully authenticated as %s to gain " + "ONE-SHOT authorization for action %s for %s [%s] (owned by %s)", + scope_str, + authenticated_identity_str, + action_id, + subject_str, + subject_cmdline, + user_of_subject_str); + } + } + else + { + polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority), + "Operator of %s FAILED to authenticate to gain " + "authorization for action %s for %s [%s] (owned by %s)", + scope_str, + action_id, + subject_str, + subject_cmdline, + user_of_subject_str); + } + + /* log_result (authority, action_id, subject, caller, result); */ + + g_object_unref (details); + g_simple_async_result_set_op_res_gpointer (simple, + result, + g_object_unref); + g_simple_async_result_complete (simple); + g_object_unref (simple); + + g_free (subject_cmdline); + g_free (authenticated_identity_str); + g_free (user_of_subject_str); + g_free (subject_str); + g_free (scope_str); +} + +static PolkitAuthorizationResult * +polkit_backend_interactive_authority_check_authorization_finish (PolkitBackendAuthority *authority, + GAsyncResult *res, + GError **error) +{ + GSimpleAsyncResult *simple; + PolkitAuthorizationResult *result; + + simple = G_SIMPLE_ASYNC_RESULT (res); + + g_warn_if_fail (g_simple_async_result_get_source_tag (simple) == polkit_backend_interactive_authority_check_authorization); + + result = NULL; + + if (g_simple_async_result_propagate_error (simple, error)) + goto out; + + result = g_object_ref (g_simple_async_result_get_op_res_gpointer (simple)); + + out: + return result; +} + +static gboolean +may_identity_check_authorization (PolkitBackendInteractiveAuthority *interactive_authority, + const gchar *action_id, + PolkitIdentity *identity) +{ + PolkitBackendInteractiveAuthorityPrivate *priv = POLKIT_BACKEND_INTERACTIVE_AUTHORITY_GET_PRIVATE (interactive_authority); + gboolean ret = FALSE; + PolkitActionDescription *action_desc = NULL; + const gchar *owners = NULL; + gchar **tokens = NULL; + guint n; + + /* uid 0 may check anything */ + if (POLKIT_IS_UNIX_USER (identity) && polkit_unix_user_get_uid (POLKIT_UNIX_USER (identity)) == 0) + { + ret = TRUE; + goto out; + } + + action_desc = polkit_backend_action_pool_get_action (priv->action_pool, action_id, NULL); + if (action_desc == NULL) + goto out; + + owners = polkit_action_description_get_annotation (action_desc, "org.freedesktop.policykit.owner"); + if (owners == NULL) + goto out; + + tokens = g_strsplit (owners, " ", 0); + for (n = 0; tokens != NULL && tokens[n] != NULL; n++) + { + PolkitIdentity *owner_identity; + GError *error = NULL; + owner_identity = polkit_identity_from_string (tokens[n], &error); + if (owner_identity == NULL) + { + g_warning ("Error parsing owner identity %d of action_id %s: %s (%s, %d)", + n, action_id, error->message, g_quark_to_string (error->domain), error->code); + g_error_free (error); + continue; + } + if (polkit_identity_equal (identity, owner_identity)) + { + ret = TRUE; + g_object_unref (owner_identity); + goto out; + } + g_object_unref (owner_identity); + } + + out: + g_clear_object (&action_desc); + g_strfreev (tokens); + + return ret; +} + +static void +polkit_backend_interactive_authority_check_authorization (PolkitBackendAuthority *authority, + PolkitSubject *caller, + PolkitSubject *subject, + const gchar *action_id, + PolkitDetails *details, + PolkitCheckAuthorizationFlags flags, + GCancellable *cancellable, + GAsyncReadyCallback callback, + gpointer user_data) +{ + PolkitBackendInteractiveAuthority *interactive_authority; + PolkitBackendInteractiveAuthorityPrivate *priv; + gchar *caller_str; + gchar *subject_str; + PolkitIdentity *user_of_caller; + PolkitIdentity *user_of_subject; + gchar *user_of_caller_str; + gchar *user_of_subject_str; + PolkitAuthorizationResult *result; + PolkitImplicitAuthorization implicit_authorization; + GError *error; + GSimpleAsyncResult *simple; + gboolean has_details; + gchar **detail_keys; + + interactive_authority = POLKIT_BACKEND_INTERACTIVE_AUTHORITY (authority); + priv = POLKIT_BACKEND_INTERACTIVE_AUTHORITY_GET_PRIVATE (interactive_authority); + + error = NULL; + caller_str = NULL; + subject_str = NULL; + user_of_caller = NULL; + user_of_subject = NULL; + user_of_caller_str = NULL; + user_of_subject_str = NULL; + result = NULL; + + simple = g_simple_async_result_new (G_OBJECT (authority), + callback, + user_data, + polkit_backend_interactive_authority_check_authorization); + + /* handle being called from ourselves */ + if (caller == NULL) + { + /* TODO: this is kind of a hack */ + GDBusConnection *system_bus; + system_bus = g_bus_get_sync (G_BUS_TYPE_SYSTEM, NULL, NULL); + caller = polkit_system_bus_name_new (g_dbus_connection_get_unique_name (system_bus)); + g_object_unref (system_bus); + } + + caller_str = polkit_subject_to_string (caller); + subject_str = polkit_subject_to_string (subject); + + g_debug ("%s is inquiring whether %s is authorized for %s", + caller_str, + subject_str, + action_id); + + user_of_caller = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, + caller, + &error); + if (error != NULL) + { + g_simple_async_result_set_from_error (simple, error); + g_simple_async_result_complete (simple); + g_object_unref (simple); + g_error_free (error); + goto out; + } + + user_of_caller_str = polkit_identity_to_string (user_of_caller); + g_debug (" user of caller is %s", user_of_caller_str); + + user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, + subject, + &error); + if (error != NULL) + { + g_simple_async_result_set_from_error (simple, error); + g_simple_async_result_complete (simple); + g_object_unref (simple); + g_error_free (error); + goto out; + } + + user_of_subject_str = polkit_identity_to_string (user_of_subject); + g_debug (" user of subject is %s", user_of_subject_str); + + has_details = FALSE; + if (details != NULL) + { + detail_keys = polkit_details_get_keys (details); + if (detail_keys != NULL) + { + if (g_strv_length (detail_keys) > 0) + has_details = TRUE; + g_strfreev (detail_keys); + } + } + + /* Not anyone is allowed to check that process XYZ is allowed to do ABC. + * We only allow this if, and only if, + * + * - processes may check for another process owned by the *same* user but not + * if details are passed (otherwise you'd be able to spoof the dialog) + * + * - processes running as uid 0 may check anything and pass any details + * + * - if the action_id has the "org.freedesktop.policykit.owner" annotation + * then any uid referenced by that annotation is also allowed to check + * to check anything and pass any details + */ + if (!polkit_identity_equal (user_of_caller, user_of_subject) || has_details) + { + if (!may_identity_check_authorization (interactive_authority, action_id, user_of_caller)) + { + if (has_details) + { + g_simple_async_result_set_error (simple, + POLKIT_ERROR, + POLKIT_ERROR_NOT_AUTHORIZED, + "Only trusted callers (e.g. uid 0 or an action owner) can use CheckAuthorization() and " + "pass details"); + } + else + { + g_simple_async_result_set_error (simple, + POLKIT_ERROR, + POLKIT_ERROR_NOT_AUTHORIZED, + "Only trusted callers (e.g. uid 0 or an action owner) can use CheckAuthorization() for " + "subjects belonging to other identities"); + } + g_simple_async_result_complete (simple); + g_object_unref (simple); + goto out; + } + } + + implicit_authorization = POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED; + result = check_authorization_sync (authority, + caller, + subject, + action_id, + details, + flags, + &implicit_authorization, + FALSE, /* checking_imply */ + &error); + if (error != NULL) + { + g_simple_async_result_set_from_error (simple, error); + g_simple_async_result_complete (simple); + g_object_unref (simple); + g_error_free (error); + goto out; + } + + /* Caller is up for a challenge! With light sabers! Use an authentication agent if one exists... */ + if (polkit_authorization_result_get_is_challenge (result) && + (flags & POLKIT_CHECK_AUTHORIZATION_FLAGS_ALLOW_USER_INTERACTION)) + { + AuthenticationAgent *agent; + + agent = get_authentication_agent_for_subject (interactive_authority, subject); + if (agent != NULL) + { + g_object_unref (result); + result = NULL; + + g_debug (" using authentication agent for challenge"); + + authentication_agent_initiate_challenge (agent, + subject, + user_of_subject, + interactive_authority, + action_id, + details, + caller, + implicit_authorization, + cancellable, + check_authorization_challenge_cb, + simple); + + /* keep going */ + goto out; + } + } + + /* log_result (interactive_authority, action_id, subject, caller, result); */ + + /* Otherwise just return the result */ + g_simple_async_result_set_op_res_gpointer (simple, + result, + g_object_unref); + g_simple_async_result_complete (simple); + g_object_unref (simple); + + out: + + if (user_of_caller != NULL) + g_object_unref (user_of_caller); + + if (user_of_subject != NULL) + g_object_unref (user_of_subject); + + g_free (caller_str); + g_free (subject_str); + g_free (user_of_caller_str); + g_free (user_of_subject_str); +} + +/* ---------------------------------------------------------------------------------------------------- */ + +static PolkitAuthorizationResult * +check_authorization_sync (PolkitBackendAuthority *authority, + PolkitSubject *caller, + PolkitSubject *subject, + const gchar *action_id, + PolkitDetails *details, + PolkitCheckAuthorizationFlags flags, + PolkitImplicitAuthorization *out_implicit_authorization, + gboolean checking_imply, + GError **error) +{ + PolkitBackendInteractiveAuthority *interactive_authority; + PolkitBackendInteractiveAuthorityPrivate *priv; + PolkitAuthorizationResult *result; + PolkitIdentity *user_of_subject; + PolkitSubject *session_for_subject; + gchar *subject_str; + GList *groups_of_user; + PolkitActionDescription *action_desc; + gboolean session_is_local; + gboolean session_is_active; + PolkitImplicitAuthorization implicit_authorization; + const gchar *tmp_authz_id; + PolkitDetails *result_details; + GList *actions; + GList *l; + + interactive_authority = POLKIT_BACKEND_INTERACTIVE_AUTHORITY (authority); + priv = POLKIT_BACKEND_INTERACTIVE_AUTHORITY_GET_PRIVATE (interactive_authority); + + result = NULL; + + actions = NULL; + user_of_subject = NULL; + groups_of_user = NULL; + subject_str = NULL; + session_for_subject = NULL; + result_details = NULL; + + session_is_local = FALSE; + session_is_active = FALSE; + + subject_str = polkit_subject_to_string (subject); + + g_debug ("checking whether %s is authorized for %s", + subject_str, + action_id); + + /* get the action description */ + action_desc = polkit_backend_action_pool_get_action (priv->action_pool, + action_id, + NULL); + + if (action_desc == NULL) + { + g_set_error (error, + POLKIT_ERROR, + POLKIT_ERROR_FAILED, + "Action %s is not registered", + action_id); + goto out; + } + + /* every subject has a user */ + user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, + subject, + error); + if (user_of_subject == NULL) + goto out; + + /* special case: uid 0, root, is _always_ authorized for anything */ + if (POLKIT_IS_UNIX_USER (user_of_subject) && polkit_unix_user_get_uid (POLKIT_UNIX_USER (user_of_subject)) == 0) + { + result = polkit_authorization_result_new (TRUE, FALSE, NULL); + goto out; + } + + /* a subject *may* be in a session */ + session_for_subject = polkit_backend_session_monitor_get_session_for_subject (priv->session_monitor, + subject, + NULL); + g_debug (" %p", session_for_subject); + if (session_for_subject != NULL) + { + session_is_local = polkit_backend_session_monitor_is_session_local (priv->session_monitor, session_for_subject); + session_is_active = polkit_backend_session_monitor_is_session_active (priv->session_monitor, session_for_subject); + + g_debug (" subject is in session %s (local=%d active=%d)", + polkit_unix_session_get_session_id (POLKIT_UNIX_SESSION (session_for_subject)), + session_is_local, + session_is_active); + } + + /* find the implicit authorization to use; it depends on is_local and is_active */ + if (session_is_local) + { + if (session_is_active) + implicit_authorization = polkit_action_description_get_implicit_active (action_desc); + else + implicit_authorization = polkit_action_description_get_implicit_inactive (action_desc); + } + else + { + implicit_authorization = polkit_action_description_get_implicit_any (action_desc); + } + + result_details = polkit_details_new (); + + /* allow subclasses to rewrite implicit_authorization */ + implicit_authorization = polkit_backend_interactive_authority_check_authorization_sync (interactive_authority, + caller, + subject, + user_of_subject, + session_is_local, + session_is_active, + action_id, + details, + implicit_authorization, + result_details); + + /* first see if there's an implicit authorization for subject available */ + if (implicit_authorization == POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED) + { + g_debug (" is authorized (has implicit authorization local=%d active=%d)", + session_is_local, + session_is_active); + result = polkit_authorization_result_new (TRUE, FALSE, result_details); + goto out; + } + + /* then see if there's a temporary authorization for the subject */ + if (temporary_authorization_store_has_authorization (priv->temporary_authorization_store, + subject, + action_id, + &tmp_authz_id)) + { + + g_debug (" is authorized (has temporary authorization)"); + polkit_details_insert (result_details, "polkit.temporary_authorization_id", tmp_authz_id); + result = polkit_authorization_result_new (TRUE, FALSE, result_details); + goto out; + } + + /* then see if implied by another action that the subject is authorized for + * (but only one level deep to avoid infinite recursion) + * + * TODO: if this is slow, we can maintain a hash table for looking up what + * actions implies a given action + */ + if (!checking_imply) + { + actions = polkit_backend_action_pool_get_all_actions (priv->action_pool, NULL); + for (l = actions; l != NULL; l = l->next) + { + PolkitActionDescription *imply_ad = POLKIT_ACTION_DESCRIPTION (l->data); + const gchar *imply; + imply = polkit_action_description_get_annotation (imply_ad, "org.freedesktop.policykit.imply"); + if (imply != NULL) + { + gchar **tokens; + guint n; + tokens = g_strsplit (imply, " ", 0); + for (n = 0; tokens[n] != NULL; n++) + { + if (g_strcmp0 (tokens[n], action_id) == 0) + { + PolkitAuthorizationResult *implied_result = NULL; + PolkitImplicitAuthorization implied_implicit_authorization; + GError *implied_error = NULL; + const gchar *imply_action_id; + + imply_action_id = polkit_action_description_get_action_id (imply_ad); + + /* g_debug ("%s is implied by %s, checking", action_id, imply_action_id); */ + implied_result = check_authorization_sync (authority, caller, subject, + imply_action_id, + details, flags, + &implied_implicit_authorization, TRUE, + &implied_error); + if (implied_result != NULL) + { + if (polkit_authorization_result_get_is_authorized (implied_result)) + { + g_debug (" is authorized (implied by %s)", imply_action_id); + result = implied_result; + /* cleanup */ + g_object_unref (result_details); + g_strfreev (tokens); + goto out; + } + g_object_unref (implied_result); + } + if (implied_error != NULL) + g_error_free (implied_error); + } + } + g_strfreev (tokens); + } + } + } + + if (implicit_authorization != POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED) + { + if (implicit_authorization == POLKIT_IMPLICIT_AUTHORIZATION_AUTHENTICATION_REQUIRED_RETAINED || + implicit_authorization == POLKIT_IMPLICIT_AUTHORIZATION_ADMINISTRATOR_AUTHENTICATION_REQUIRED_RETAINED) + { + polkit_details_insert (result_details, "polkit.retains_authorization_after_challenge", "1"); + } + + result = polkit_authorization_result_new (FALSE, TRUE, result_details); + + /* return implicit_authorization so the caller can use an authentication agent if applicable */ + if (out_implicit_authorization != NULL) + *out_implicit_authorization = implicit_authorization; + + g_debug (" challenge (implicit_authorization = %s)", + polkit_implicit_authorization_to_string (implicit_authorization)); + } + else + { + result = polkit_authorization_result_new (FALSE, FALSE, result_details); + g_debug (" not authorized"); + } + out: + g_list_foreach (actions, (GFunc) g_object_unref, NULL); + g_list_free (actions); + + g_free (subject_str); + + g_list_foreach (groups_of_user, (GFunc) g_object_unref, NULL); + g_list_free (groups_of_user); + + if (user_of_subject != NULL) + g_object_unref (user_of_subject); + + if (session_for_subject != NULL) + g_object_unref (session_for_subject); + + if (action_desc != NULL) + g_object_unref (action_desc); + + if (result_details != NULL) + g_object_unref (result_details); + + g_debug (" "); + + return result; +} + +/* ---------------------------------------------------------------------------------------------------- */ + +/** + * polkit_backend_interactive_authority_get_admin_identities: + * @authority: A #PolkitBackendInteractiveAuthority. + * @caller: The subject that is inquiring whether @subject is authorized. + * @subject: The subject we are about to authenticate for. + * @user_for_subject: The user of the subject we are about to authenticate for. + * @action_id: The action we are about to authenticate for. + * @details: Details about the action. + * + * Gets a list of identities to use for administrator authentication. + * + * The default implementation returns a list with a single element for the super user. + * + * Returns: A list of #PolkitIdentity objects. Free each element + * g_object_unref(), then free the list with g_list_free(). + */ +GList * +polkit_backend_interactive_authority_get_admin_identities (PolkitBackendInteractiveAuthority *authority, + PolkitSubject *caller, + PolkitSubject *subject, + PolkitIdentity *user_for_subject, + const gchar *action_id, + PolkitDetails *details) +{ + PolkitBackendInteractiveAuthorityClass *klass; + GList *ret; + + klass = POLKIT_BACKEND_INTERACTIVE_AUTHORITY_GET_CLASS (authority); + + if (klass->get_admin_identities == NULL) + { + ret = g_list_prepend (NULL, polkit_unix_user_new (0)); + } + else + { + ret = klass->get_admin_identities (authority, + caller, + subject, + user_for_subject, + action_id, + details); + } + + return ret; +} + +/** + * polkit_backend_interactive_authority_check_authorization_sync: + * @authority: A #PolkitBackendInteractiveAuthority. + * @caller: The subject that is inquiring whether @subject is authorized. + * @subject: The subject we are checking an authorization for. + * @user_for_subject: The user of the subject we are checking an authorization for. + * @subject_is_local: %TRUE if the session for @subject is local. + * @subject_is_active: %TRUE if the session for @subject is active. + * @action_id: The action we are checking an authorization for. + * @details: Details about the action. + * @implicit: A #PolkitImplicitAuthorization value computed from the policy file and @subject. + * @out_details: A #PolkitDetails object that will be return to @caller. + * + * Checks whether @subject is authorized to perform the action + * specified by @action_id and @details. The implementation may + * append key/value pairs to @out_details to return extra information + * to @caller. + * + * The default implementation of this method simply returns @implicit. + * + * Returns: A #PolkitImplicitAuthorization that specifies if the subject is authorized or whether + * authentication is required. + */ +PolkitImplicitAuthorization +polkit_backend_interactive_authority_check_authorization_sync (PolkitBackendInteractiveAuthority *authority, + PolkitSubject *caller, + PolkitSubject *subject, + PolkitIdentity *user_for_subject, + gboolean subject_is_local, + gboolean subject_is_active, + const gchar *action_id, + PolkitDetails *details, + PolkitImplicitAuthorization implicit, + PolkitDetails *out_details) +{ + PolkitBackendInteractiveAuthorityClass *klass; + PolkitImplicitAuthorization ret; + + klass = POLKIT_BACKEND_INTERACTIVE_AUTHORITY_GET_CLASS (authority); + + if (klass->check_authorization_sync == NULL) + { + ret = implicit; + } + else + { + ret = klass->check_authorization_sync (authority, + caller, + subject, + user_for_subject, + subject_is_local, + subject_is_active, + action_id, + details, + implicit, + out_details); + } + + return ret; +} + +/* ---------------------------------------------------------------------------------------------------- */ + +struct AuthenticationSession +{ + AuthenticationAgent *agent; + + gchar *cookie; + + PolkitSubject *subject; + + PolkitIdentity *user_of_subject; + + PolkitSubject *caller; + + PolkitBackendInteractiveAuthority *authority; + + GList *identities; + + gchar *action_id; + + gchar *initiated_by_system_bus_unique_name; + + PolkitImplicitAuthorization implicit_authorization; + + AuthenticationAgentCallback callback; + + gpointer user_data; + + guint call_id; + + gboolean is_authenticated; + PolkitIdentity *authenticated_identity; + + GCancellable *cancellable; + + gulong cancellable_signal_handler_id; +}; + +static void +authentication_session_cancelled_cb (GCancellable *cancellable, + AuthenticationSession *session) +{ + authentication_session_cancel (session); +} + +static AuthenticationSession * +authentication_session_new (AuthenticationAgent *agent, + const gchar *cookie, + PolkitSubject *subject, + PolkitIdentity *user_of_subject, + PolkitSubject *caller, + PolkitBackendInteractiveAuthority *authority, + GList *identities, + const gchar *action_id, + const gchar *initiated_by_system_bus_unique_name, + PolkitImplicitAuthorization implicit_authorization, + GCancellable *cancellable, + AuthenticationAgentCallback callback, + gpointer user_data) +{ + AuthenticationSession *session; + + session = g_new0 (AuthenticationSession, 1); + session->agent = authentication_agent_ref (agent); + session->cookie = g_strdup (cookie); + session->subject = g_object_ref (subject); + session->user_of_subject = g_object_ref (user_of_subject); + session->caller = g_object_ref (caller); + session->authority = g_object_ref (authority); + session->identities = g_list_copy (identities); + g_list_foreach (session->identities, (GFunc) g_object_ref, NULL); + session->action_id = g_strdup (action_id); + session->initiated_by_system_bus_unique_name = g_strdup (initiated_by_system_bus_unique_name); + session->implicit_authorization = implicit_authorization; + session->cancellable = cancellable != NULL ? g_object_ref (cancellable) : NULL; + session->callback = callback; + session->user_data = user_data; + + if (session->cancellable != NULL) + { + session->cancellable_signal_handler_id = g_signal_connect (session->cancellable, + "cancelled", + G_CALLBACK (authentication_session_cancelled_cb), + session); + } + + return session; +} + +static void +authentication_session_free (AuthenticationSession *session) +{ + authentication_agent_unref (session->agent); + g_free (session->cookie); + g_list_foreach (session->identities, (GFunc) g_object_unref, NULL); + g_list_free (session->identities); + g_object_unref (session->subject); + g_object_unref (session->user_of_subject); + g_object_unref (session->caller); + g_object_unref (session->authority); + g_free (session->action_id); + g_free (session->initiated_by_system_bus_unique_name); + if (session->cancellable_signal_handler_id > 0) + g_signal_handler_disconnect (session->cancellable, session->cancellable_signal_handler_id); + if (session->authenticated_identity != NULL) + g_object_unref (session->authenticated_identity); + if (session->cancellable != NULL) + g_object_unref (session->cancellable); + g_free (session); +} + +static gchar * +authentication_agent_new_cookie (AuthenticationAgent *agent) +{ + static gint counter = 0; + + /* TODO: use a more random-looking cookie */ + + return g_strdup_printf ("cookie%d", counter++); +} + +static PolkitSubject * +authentication_agent_get_scope (AuthenticationAgent *agent) +{ + return agent->scope; +} + +static void +authentication_agent_cancel_all_sessions (AuthenticationAgent *agent) +{ + /* cancel all active authentication sessions; use a copy of the list since + * callbacks will modify the list + */ + if (agent->active_sessions != NULL) + { + GList *l; + GList *active_sessions; + + active_sessions = g_list_copy (agent->active_sessions); + for (l = active_sessions; l != NULL; l = l->next) + { + AuthenticationSession *session = l->data; + authentication_session_cancel (session); + } + g_list_free (active_sessions); + } +} + +static AuthenticationAgent * +authentication_agent_ref (AuthenticationAgent *agent) +{ + g_atomic_int_inc (&agent->ref_count); + return agent; +} + +static void +authentication_agent_unref (AuthenticationAgent *agent) +{ + if (g_atomic_int_dec_and_test (&agent->ref_count)) + { + if (agent->proxy != NULL) + g_object_unref (agent->proxy); + g_object_unref (agent->scope); + g_free (agent->locale); + g_free (agent->object_path); + g_free (agent->unique_system_bus_name); + if (agent->registration_options != NULL) + g_variant_unref (agent->registration_options); + g_free (agent); + } +} + +static AuthenticationAgent * +authentication_agent_new (PolkitSubject *scope, + const gchar *unique_system_bus_name, + const gchar *locale, + const gchar *object_path, + GVariant *registration_options) +{ + AuthenticationAgent *agent; + GError *error; + + agent = g_new0 (AuthenticationAgent, 1); + + agent->ref_count = 1; + agent->scope = g_object_ref (scope); + agent->object_path = g_strdup (object_path); + agent->unique_system_bus_name = g_strdup (unique_system_bus_name); + agent->locale = g_strdup (locale); + agent->registration_options = registration_options != NULL ? g_variant_ref (registration_options) : NULL; + + error = NULL; + agent->proxy = g_dbus_proxy_new_for_bus_sync (G_BUS_TYPE_SYSTEM, + G_DBUS_PROXY_FLAGS_DO_NOT_LOAD_PROPERTIES | + G_DBUS_PROXY_FLAGS_DO_NOT_CONNECT_SIGNALS, + NULL, /* GDBusInterfaceInfo* */ + agent->unique_system_bus_name, + agent->object_path, + "org.freedesktop.PolicyKit1.AuthenticationAgent", + NULL, /* GCancellable* */ + &error); + if (agent->proxy == NULL) + { + g_warning ("Error constructing proxy for agent: %s", error->message); + g_error_free (error); + /* TODO: Make authentication_agent_new() return NULL and set a GError */ + } + + return agent; +} + +static AuthenticationAgent * +get_authentication_agent_for_subject (PolkitBackendInteractiveAuthority *authority, + PolkitSubject *subject) +{ + PolkitBackendInteractiveAuthorityPrivate *priv; + PolkitSubject *session_for_subject = NULL; + AuthenticationAgent *agent = NULL; + AuthenticationAgent *agent_fallback = NULL; + gboolean fallback = FALSE; + + priv = POLKIT_BACKEND_INTERACTIVE_AUTHORITY_GET_PRIVATE (authority); + + agent = g_hash_table_lookup (priv->hash_scope_to_authentication_agent, subject); + + if (agent == NULL && POLKIT_IS_SYSTEM_BUS_NAME (subject)) + { + PolkitSubject *process; + process = polkit_system_bus_name_get_process_sync (POLKIT_SYSTEM_BUS_NAME (subject), + NULL, + NULL); + if (process != NULL) + { + agent = g_hash_table_lookup (priv->hash_scope_to_authentication_agent, process); + g_object_unref (process); + } + } + + if (agent != NULL) + { + /* We have an agent! Now see if we should use this as a fallback only */ + if (agent->registration_options != NULL && + g_variant_lookup (agent->registration_options, "fallback", "b", &fallback) && + fallback) + { + agent_fallback = agent; + agent = NULL; + } + else + { + /* Nope, use it */ + goto out; + } + } + + /* Now, we should also cover the case where @subject is a + * UnixProcess but the agent is a SystemBusName. However, this can't + * happen because we only allow registering agents for UnixProcess + * and UnixSession subjects! + */ + + session_for_subject = polkit_backend_session_monitor_get_session_for_subject (priv->session_monitor, + subject, + NULL); + if (session_for_subject == NULL) + goto out; + + agent = g_hash_table_lookup (priv->hash_scope_to_authentication_agent, session_for_subject); + + /* use fallback, if available */ + if (agent == NULL && agent_fallback != NULL) + agent = agent_fallback; + + out: + if (session_for_subject != NULL) + g_object_unref (session_for_subject); + + return agent; +} + +static AuthenticationSession * +get_authentication_session_for_cookie (PolkitBackendInteractiveAuthority *authority, + const gchar *cookie) +{ + PolkitBackendInteractiveAuthorityPrivate *priv; + GHashTableIter hash_iter; + AuthenticationAgent *agent; + AuthenticationSession *result; + + result = NULL; + + /* TODO: perhaps use a hash on the cookie to speed this up */ + + priv = POLKIT_BACKEND_INTERACTIVE_AUTHORITY_GET_PRIVATE (authority); + + g_hash_table_iter_init (&hash_iter, priv->hash_scope_to_authentication_agent); + while (g_hash_table_iter_next (&hash_iter, NULL, (gpointer) &agent)) + { + GList *l; + + for (l = agent->active_sessions; l != NULL; l = l->next) + { + AuthenticationSession *session = l->data; + + if (strcmp (session->cookie, cookie) == 0) + { + result = session; + goto out; + } + } + } + + out: + return result; +} + +static GList * +get_authentication_sessions_initiated_by_system_bus_unique_name (PolkitBackendInteractiveAuthority *authority, + const gchar *system_bus_unique_name) +{ + PolkitBackendInteractiveAuthorityPrivate *priv; + GHashTableIter hash_iter; + AuthenticationAgent *agent; + GList *result; + + result = NULL; + + /* TODO: perhaps use a hash on the cookie to speed this up */ + + priv = POLKIT_BACKEND_INTERACTIVE_AUTHORITY_GET_PRIVATE (authority); + + g_hash_table_iter_init (&hash_iter, priv->hash_scope_to_authentication_agent); + while (g_hash_table_iter_next (&hash_iter, NULL, (gpointer) &agent)) + { + GList *l; + + for (l = agent->active_sessions; l != NULL; l = l->next) + { + AuthenticationSession *session = l->data; + + if (strcmp (session->initiated_by_system_bus_unique_name, system_bus_unique_name) == 0) + { + result = g_list_prepend (result, session); + } + } + } + + return result; +} + +static GList * +get_authentication_sessions_for_system_bus_unique_name_subject (PolkitBackendInteractiveAuthority *authority, + const gchar *system_bus_unique_name) +{ + PolkitBackendInteractiveAuthorityPrivate *priv; + GHashTableIter hash_iter; + AuthenticationAgent *agent; + GList *result; + + result = NULL; + + /* TODO: perhaps use a hash on the cookie to speed this up */ + + priv = POLKIT_BACKEND_INTERACTIVE_AUTHORITY_GET_PRIVATE (authority); + + g_hash_table_iter_init (&hash_iter, priv->hash_scope_to_authentication_agent); + while (g_hash_table_iter_next (&hash_iter, NULL, (gpointer) &agent)) + { + GList *l; + + for (l = agent->active_sessions; l != NULL; l = l->next) + { + AuthenticationSession *session = l->data; + + if (POLKIT_IS_SYSTEM_BUS_NAME (session->subject) && + strcmp (polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (session->subject)), + system_bus_unique_name) == 0) + { + result = g_list_prepend (result, session); + } + } + } + + return result; +} + + +static AuthenticationAgent * +get_authentication_agent_by_unique_system_bus_name (PolkitBackendInteractiveAuthority *authority, + const gchar *unique_system_bus_name) +{ + PolkitBackendInteractiveAuthorityPrivate *priv; + GHashTableIter hash_iter; + AuthenticationAgent *agent; + + priv = POLKIT_BACKEND_INTERACTIVE_AUTHORITY_GET_PRIVATE (authority); + + g_hash_table_iter_init (&hash_iter, priv->hash_scope_to_authentication_agent); + while (g_hash_table_iter_next (&hash_iter, NULL, (gpointer) &agent)) + { + if (strcmp (agent->unique_system_bus_name, unique_system_bus_name) == 0) + goto out; + } + + agent = NULL; + + out: + return agent; +} + +static void +authentication_agent_begin_cb (GDBusProxy *proxy, + GAsyncResult *res, + gpointer user_data) +{ + AuthenticationSession *session = user_data; + gboolean gained_authorization; + gboolean was_dismissed; + GError *error; + + was_dismissed = FALSE; + gained_authorization = FALSE; + + error = NULL; + if (!g_dbus_proxy_call_finish (proxy, + res, + &error)) + { + g_printerr ("Error performing authentication: %s (%s %d)\n", + error->message, + g_quark_to_string (error->domain), + error->code); + if (error->domain == POLKIT_ERROR && error->code == POLKIT_ERROR_CANCELLED) + was_dismissed = TRUE; + g_error_free (error); + } + else + { + gained_authorization = session->is_authenticated; + g_debug ("Authentication complete, is_authenticated = %d", session->is_authenticated); + } + + session->agent->active_sessions = g_list_remove (session->agent->active_sessions, session); + + session->callback (session->agent, + session->subject, + session->user_of_subject, + session->caller, + session->authority, + session->action_id, + session->implicit_authorization, + gained_authorization, + was_dismissed, + session->authenticated_identity, + session->user_data); + + authentication_session_free (session); +} + +static void +append_property (GString *dest, + PolkitDetails *details, + const gchar *key, + PolkitBackendInteractiveAuthority *authority, + const gchar *message, + const gchar *action_id) +{ + const gchar *value; + + value = polkit_details_lookup (details, key); + if (value != NULL) + { + g_string_append (dest, value); + } + else + { + polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority), + "Error substituting value for property $(%s) when preparing message `%s' for action-id %s", + key, + message, + action_id); + g_string_append (dest, "$("); + g_string_append (dest, key); + g_string_append (dest, ")"); + } +} + +static gchar * +expand_properties (const gchar *message, + PolkitDetails *details, + PolkitBackendInteractiveAuthority *authority, + const gchar *action_id) +{ + GString *ret; + GString *var; + guint n; + gboolean in_resolve; + + ret = g_string_new (NULL); + var = g_string_new (NULL); + + in_resolve = FALSE; + for (n = 0; message[n] != '\0'; n++) + { + gint c = message[n]; + if (c == '$' && message[n+1] == '(') + { + in_resolve = TRUE; + n += 1; + } + else + { + if (in_resolve) + { + if (c == ')') + { + append_property (ret, details, var->str, authority, message, action_id); + g_string_set_size (var, 0); + in_resolve = FALSE; + } + else + { + g_string_append_c (var, c); + } + } + else + { + g_string_append_c (ret, c); + } + } + } + g_string_free (var, TRUE); + + return g_string_free (ret, FALSE); +} + +static void +get_localized_data_for_challenge (PolkitBackendInteractiveAuthority *authority, + PolkitSubject *caller, + PolkitSubject *subject, + PolkitIdentity *user_of_subject, + const gchar *action_id, + PolkitDetails *details, + const gchar *locale, + gchar **out_localized_message, + gchar **out_localized_icon_name, + PolkitDetails **out_localized_details) +{ + PolkitBackendInteractiveAuthorityPrivate *priv; + PolkitActionDescription *action_desc; + gchar *message; + gchar *icon_name; + PolkitDetails *localized_details; + const gchar *message_to_use; + const gchar *gettext_domain; + gchar *s; + + priv = POLKIT_BACKEND_INTERACTIVE_AUTHORITY_GET_PRIVATE (authority); + + message = NULL; + icon_name = NULL; + localized_details = NULL; + action_desc = NULL; + + *out_localized_message = NULL; + *out_localized_icon_name = NULL; + *out_localized_details = NULL; + + action_desc = polkit_backend_action_pool_get_action (priv->action_pool, + action_id, + locale); + if (action_desc == NULL) + goto out; + + /* Set LANG and locale so g_dgettext() + friends work below */ + if (setlocale (LC_ALL, locale) == NULL) + { + g_printerr ("Invalid locale '%s'\n", locale); + } + g_setenv ("LANG", locale, TRUE); + + gettext_domain = polkit_details_lookup (details, "polkit.gettext_domain"); + message_to_use = polkit_details_lookup (details, "polkit.message"); + if (message_to_use != NULL) + { + message = g_strdup (g_dgettext (gettext_domain, message_to_use)); + /* g_print ("locale=%s, domain=%s, msg=`%s' -> `%s'\n", locale, gettext_domain, message_to_use, message); */ + } + icon_name = g_strdup (polkit_details_lookup (details, "polkit.icon_name")); + + /* fall back to action description */ + if (message == NULL) + { + message = g_strdup (polkit_action_description_get_message (action_desc)); + } + if (icon_name == NULL) + { + icon_name = g_strdup (polkit_action_description_get_icon_name (action_desc)); + } + + /* replace $(property) with values */ + if (message != NULL) + { + s = message; + message = expand_properties (message, details, authority, action_id); + g_free (s); + } + + /* Back to C! */ + setlocale (LC_ALL, "C"); + g_setenv ("LANG", "C", TRUE); + + out: + if (message == NULL) + message = g_strdup (""); + if (icon_name == NULL) + icon_name = g_strdup (""); + *out_localized_message = message; + *out_localized_icon_name = icon_name; + *out_localized_details = localized_details; + if (action_desc != NULL) + g_object_unref (action_desc); +} + +static void +add_pid (PolkitDetails *details, + PolkitSubject *subject, + const gchar *key) +{ + gchar buf[32]; + gint pid; + + if (POLKIT_IS_UNIX_PROCESS (subject)) + { + pid = polkit_unix_process_get_pid (POLKIT_UNIX_PROCESS (subject)); + } + else if (POLKIT_IS_SYSTEM_BUS_NAME (subject)) + { + PolkitSubject *process; + GError *error; + + error = NULL; + process = polkit_system_bus_name_get_process_sync (POLKIT_SYSTEM_BUS_NAME (subject), + NULL, + &error); + if (process == NULL) + { + g_printerr ("Error getting process for system bus name `%s': %s\n", + polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (subject)), + error->message); + g_error_free (error); + goto out; + } + pid = polkit_unix_process_get_pid (POLKIT_UNIX_PROCESS (process)); + g_object_unref (process); + } + else if (POLKIT_IS_UNIX_SESSION (subject)) + { + goto out; + } + else + { + gchar *s; + s = polkit_subject_to_string (subject); + g_printerr ("Don't know how to get pid from subject of type %s: %s\n", + g_type_name (G_TYPE_FROM_INSTANCE (subject)), + s); + g_free (s); + goto out; + } + + g_snprintf (buf, sizeof (buf), "%d", pid); + polkit_details_insert (details, key, buf); + + out: + ; +} + +static void +authentication_agent_initiate_challenge (AuthenticationAgent *agent, + PolkitSubject *subject, + PolkitIdentity *user_of_subject, + PolkitBackendInteractiveAuthority *authority, + const gchar *action_id, + PolkitDetails *details, + PolkitSubject *caller, + PolkitImplicitAuthorization implicit_authorization, + GCancellable *cancellable, + AuthenticationAgentCallback callback, + gpointer user_data) +{ + AuthenticationSession *session; + gchar *cookie; + GList *l; + GList *identities; + gchar *localized_message; + gchar *localized_icon_name; + PolkitDetails *localized_details; + GVariant *details_gvariant; + GVariantBuilder identities_builder; + GVariant *parameters; + + get_localized_data_for_challenge (authority, + caller, + subject, + user_of_subject, + action_id, + details, + agent->locale, + &localized_message, + &localized_icon_name, + &localized_details); + + cookie = authentication_agent_new_cookie (agent); + + identities = NULL; + + /* select admin user if required by the implicit authorization */ + if (implicit_authorization == POLKIT_IMPLICIT_AUTHORIZATION_ADMINISTRATOR_AUTHENTICATION_REQUIRED || + implicit_authorization == POLKIT_IMPLICIT_AUTHORIZATION_ADMINISTRATOR_AUTHENTICATION_REQUIRED_RETAINED) + { + identities = polkit_backend_interactive_authority_get_admin_identities (authority, + caller, + subject, + user_of_subject, + action_id, + details); + } + else + { + identities = g_list_prepend (identities, g_object_ref (user_of_subject)); + } + + session = authentication_session_new (agent, + cookie, + subject, + user_of_subject, + caller, + authority, + identities, + action_id, + polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (caller)), + implicit_authorization, + cancellable, + callback, + user_data); + + agent->active_sessions = g_list_prepend (agent->active_sessions, session); + + if (localized_details == NULL) + localized_details = polkit_details_new (); + add_pid (localized_details, caller, "polkit.caller-pid"); + add_pid (localized_details, subject, "polkit.subject-pid"); + + details_gvariant = polkit_details_to_gvariant (localized_details); + g_variant_ref_sink (details_gvariant); + + g_variant_builder_init (&identities_builder, G_VARIANT_TYPE ("a(sa{sv})")); + for (l = identities; l != NULL; l = l->next) + { + PolkitIdentity *identity = POLKIT_IDENTITY (l->data); + GVariant *value; + value = polkit_identity_to_gvariant (identity); + g_variant_ref_sink (value); + g_variant_builder_add_value (&identities_builder, value); + g_variant_unref (value); + } + + parameters = g_variant_new ("(sss@a{ss}sa(sa{sv}))", + action_id, + localized_message, + localized_icon_name, + details_gvariant, + session->cookie, + &identities_builder); + g_variant_unref (details_gvariant); + + g_dbus_proxy_call (agent->proxy, + "BeginAuthentication", + parameters, /* consumes the floating GVariant */ + G_DBUS_CALL_FLAGS_NONE, + G_MAXINT, /* timeout_msec - no timeout */ + session->cancellable, + (GAsyncReadyCallback) authentication_agent_begin_cb, + session); + + g_list_foreach (identities, (GFunc) g_object_unref, NULL); + g_list_free (identities); + g_free (cookie); + + g_free (localized_message); + g_free (localized_icon_name); + if (localized_details != NULL) + g_object_unref (localized_details); +} + +static void +authentication_agent_cancel_cb (GDBusProxy *proxy, + GAsyncResult *res, + gpointer user_data) +{ + GError *error; + error = NULL; + if (!g_dbus_proxy_call_finish (proxy, res, &error)) + { + g_printerr ("Error cancelling authentication: %s\n", error->message); + g_error_free (error); + } +} + +static void +authentication_session_cancel (AuthenticationSession *session) +{ + g_dbus_proxy_call (session->agent->proxy, + "CancelAuthentication", + g_variant_new ("(s)", session->cookie), + G_DBUS_CALL_FLAGS_NONE, + -1, /* timeout_msec */ + NULL, /* GCancellable* */ + (GAsyncReadyCallback) authentication_agent_cancel_cb, + NULL); +} + +/* ---------------------------------------------------------------------------------------------------- */ + +static gboolean +polkit_backend_interactive_authority_register_authentication_agent (PolkitBackendAuthority *authority, + PolkitSubject *caller, + PolkitSubject *subject, + const gchar *locale, + const gchar *object_path, + GVariant *options, + GError **error) +{ + PolkitBackendInteractiveAuthority *interactive_authority; + PolkitBackendInteractiveAuthorityPrivate *priv; + PolkitSubject *session_for_caller; + PolkitIdentity *user_of_caller; + PolkitIdentity *user_of_subject; + AuthenticationAgent *agent; + gboolean ret; + gchar *caller_cmdline; + gchar *subject_as_string; + + ret = FALSE; + + session_for_caller = NULL; + user_of_caller = NULL; + user_of_subject = NULL; + subject_as_string = NULL; + caller_cmdline = NULL; + agent = NULL; + + /* TODO: validate that object path is well-formed */ + + interactive_authority = POLKIT_BACKEND_INTERACTIVE_AUTHORITY (authority); + priv = POLKIT_BACKEND_INTERACTIVE_AUTHORITY_GET_PRIVATE (interactive_authority); + + if (POLKIT_IS_UNIX_SESSION (subject)) + { + session_for_caller = polkit_backend_session_monitor_get_session_for_subject (priv->session_monitor, + caller, + NULL); + if (session_for_caller == NULL) + { + g_set_error (error, + POLKIT_ERROR, + POLKIT_ERROR_FAILED, + "Cannot determine session the caller is in"); + goto out; + } + if (!polkit_subject_equal (session_for_caller, subject)) + { + g_set_error (error, + POLKIT_ERROR, + POLKIT_ERROR_FAILED, + "Passed session and the session the caller is in differs. They must be equal for now."); + goto out; + } + } + else if (POLKIT_IS_UNIX_PROCESS (subject)) + { + /* explicitly OK */ + } + else + { + g_set_error (error, + POLKIT_ERROR, + POLKIT_ERROR_FAILED, + "Only unix-process and unix-session subjects can be used for authentication agents."); + goto out; + } + + user_of_caller = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, caller, NULL); + if (user_of_caller == NULL) + { + g_set_error (error, + POLKIT_ERROR, + POLKIT_ERROR_FAILED, + "Cannot determine user of caller"); + goto out; + } + user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, subject, NULL); + if (user_of_subject == NULL) + { + g_set_error (error, + POLKIT_ERROR, + POLKIT_ERROR_FAILED, + "Cannot determine user of subject"); + goto out; + } + if (!polkit_identity_equal (user_of_caller, user_of_subject)) + { + if (POLKIT_IS_UNIX_USER (user_of_caller) && polkit_unix_user_get_uid (POLKIT_UNIX_USER (user_of_caller)) == 0) + { + /* explicitly allow uid 0 to register for other users */ + } + else + { + g_set_error (error, + POLKIT_ERROR, + POLKIT_ERROR_FAILED, + "User of caller and user of subject differs."); + goto out; + } + } + + agent = g_hash_table_lookup (priv->hash_scope_to_authentication_agent, subject); + if (agent != NULL) + { + g_set_error (error, + POLKIT_ERROR, + POLKIT_ERROR_FAILED, + "An authentication agent already exists for the given subject"); + goto out; + } + + agent = authentication_agent_new (subject, + polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (caller)), + locale, + object_path, + options); + + g_hash_table_insert (priv->hash_scope_to_authentication_agent, + g_object_ref (subject), + agent); + + caller_cmdline = _polkit_subject_get_cmdline (caller); + if (caller_cmdline == NULL) + caller_cmdline = g_strdup (""); + + subject_as_string = polkit_subject_to_string (subject); + + g_debug ("Added authentication agent for %s at name %s [%s], object path %s, locale %s", + subject_as_string, + polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (caller)), + caller_cmdline, + object_path, + locale); + + polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority), + "Registered Authentication Agent for %s " + "(system bus name %s [%s], object path %s, locale %s)", + subject_as_string, + polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (caller)), + caller_cmdline, + object_path, + locale); + + g_signal_emit_by_name (authority, "changed"); + + ret = TRUE; + + out: + g_free (caller_cmdline); + g_free (subject_as_string); + if (user_of_caller != NULL) + g_object_unref (user_of_caller); + if (user_of_subject != NULL) + g_object_unref (user_of_subject); + if (session_for_caller != NULL) + g_object_unref (session_for_caller); + + return ret; +} + +static gboolean +polkit_backend_interactive_authority_unregister_authentication_agent (PolkitBackendAuthority *authority, + PolkitSubject *caller, + PolkitSubject *subject, + const gchar *object_path, + GError **error) +{ + PolkitBackendInteractiveAuthority *interactive_authority; + PolkitBackendInteractiveAuthorityPrivate *priv; + PolkitSubject *session_for_caller; + PolkitIdentity *user_of_caller; + PolkitIdentity *user_of_subject; + AuthenticationAgent *agent; + gboolean ret; + gchar *scope_str; + + interactive_authority = POLKIT_BACKEND_INTERACTIVE_AUTHORITY (authority); + priv = POLKIT_BACKEND_INTERACTIVE_AUTHORITY_GET_PRIVATE (interactive_authority); + + ret = FALSE; + session_for_caller = NULL; + user_of_caller = NULL; + user_of_subject = NULL; + + if (POLKIT_IS_UNIX_SESSION (subject)) + { + session_for_caller = polkit_backend_session_monitor_get_session_for_subject (priv->session_monitor, + caller, + NULL); + if (session_for_caller == NULL) + { + g_set_error (error, + POLKIT_ERROR, + POLKIT_ERROR_FAILED, + "Cannot determine session the caller is in"); + goto out; + } + + if (!polkit_subject_equal (session_for_caller, subject)) + { + g_set_error (error, + POLKIT_ERROR, + POLKIT_ERROR_FAILED, + "Passed session and the session the caller is in differs. They must be equal for now."); + goto out; + } + } + else if (POLKIT_IS_UNIX_PROCESS (subject)) + { + /* explicitly OK */ + } + else + { + g_set_error (error, + POLKIT_ERROR, + POLKIT_ERROR_FAILED, + "Only unix-process and unix-session subjects can be used for authentication agents."); + goto out; + } + + user_of_caller = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, caller, NULL); + if (user_of_caller == NULL) + { + g_set_error (error, + POLKIT_ERROR, + POLKIT_ERROR_FAILED, + "Cannot determine user of caller"); + goto out; + } + user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, subject, NULL); + if (user_of_subject == NULL) + { + g_set_error (error, + POLKIT_ERROR, + POLKIT_ERROR_FAILED, + "Cannot determine user of subject"); + goto out; + } + if (!polkit_identity_equal (user_of_caller, user_of_subject)) + { + if (POLKIT_IS_UNIX_USER (user_of_caller) && polkit_unix_user_get_uid (POLKIT_UNIX_USER (user_of_caller)) == 0) + { + /* explicitly allow uid 0 to register for other users */ + } + else + { + g_set_error (error, + POLKIT_ERROR, + POLKIT_ERROR_FAILED, + "User of caller and user of subject differs."); + goto out; + } + } + + agent = g_hash_table_lookup (priv->hash_scope_to_authentication_agent, subject); + if (agent == NULL) + { + g_set_error (error, + POLKIT_ERROR, + POLKIT_ERROR_FAILED, + "No such agent registered"); + goto out; + } + + if (g_strcmp0 (agent->unique_system_bus_name, polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (caller))) != 0) + { + g_set_error (error, + POLKIT_ERROR, + POLKIT_ERROR_FAILED, + "System bus names do not match"); + goto out; + } + + if (g_strcmp0 (agent->object_path, object_path) != 0) + { + g_set_error (error, + POLKIT_ERROR, + POLKIT_ERROR_FAILED, + "Object paths do not match"); + goto out; + } + + scope_str = polkit_subject_to_string (agent->scope); + g_debug ("Removing authentication agent for %s at name %s, object path %s, locale %s", + scope_str, + agent->unique_system_bus_name, + agent->object_path, + agent->locale); + + polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority), + "Unregistered Authentication Agent for %s " + "(system bus name %s, object path %s, locale %s)", + scope_str, + agent->unique_system_bus_name, + agent->object_path, + agent->locale); + g_free (scope_str); + + authentication_agent_cancel_all_sessions (agent); + /* this works because we have exactly one agent per session */ + /* this frees agent... */ + g_hash_table_remove (priv->hash_scope_to_authentication_agent, agent->scope); + + g_signal_emit_by_name (authority, "changed"); + + ret = TRUE; + + out: + if (user_of_caller != NULL) + g_object_unref (user_of_caller); + if (user_of_subject != NULL) + g_object_unref (user_of_subject); + if (session_for_caller != NULL) + g_object_unref (session_for_caller); + return ret; +} + +/* ---------------------------------------------------------------------------------------------------- */ + +static gboolean +polkit_backend_interactive_authority_authentication_agent_response (PolkitBackendAuthority *authority, + PolkitSubject *caller, + const gchar *cookie, + PolkitIdentity *identity, + GError **error) +{ + PolkitBackendInteractiveAuthority *interactive_authority; + PolkitBackendInteractiveAuthorityPrivate *priv; + PolkitIdentity *user_of_caller; + gchar *identity_str; + AuthenticationSession *session; + GList *l; + gboolean ret; + + interactive_authority = POLKIT_BACKEND_INTERACTIVE_AUTHORITY (authority); + priv = POLKIT_BACKEND_INTERACTIVE_AUTHORITY_GET_PRIVATE (interactive_authority); + + ret = FALSE; + user_of_caller = NULL; + + identity_str = polkit_identity_to_string (identity); + + g_debug ("In authentication_agent_response for cookie '%s' and identity %s", + cookie, + identity_str); + + user_of_caller = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, + caller, + error); + if (user_of_caller == NULL) + goto out; + + /* only uid 0 is allowed to invoke this method */ + if (!POLKIT_IS_UNIX_USER (user_of_caller) || polkit_unix_user_get_uid (POLKIT_UNIX_USER (user_of_caller)) != 0) + { + g_set_error (error, + POLKIT_ERROR, + POLKIT_ERROR_FAILED, + "Only uid 0 may invoke this method. This incident has been logged."); + /* TODO: actually log this */ + goto out; + } + + /* find the authentication session */ + session = get_authentication_session_for_cookie (interactive_authority, cookie); + if (session == NULL) + { + g_set_error (error, + POLKIT_ERROR, + POLKIT_ERROR_FAILED, + "No session for cookie"); + goto out; + } + + /* check that the authentication identity was one of the possibilities we allowed */ + for (l = session->identities; l != NULL; l = l->next) + { + PolkitIdentity *i = POLKIT_IDENTITY (l->data); + + if (polkit_identity_equal (i, identity)) + break; + } + + if (l == NULL) + { + g_set_error (error, + POLKIT_ERROR, + POLKIT_ERROR_FAILED, + "The authenticated identity is wrong"); + goto out; + } + + /* checks out, mark the session as authenticated */ + session->is_authenticated = TRUE; + session->authenticated_identity = g_object_ref (identity); + + ret = TRUE; + + out: + g_free (identity_str); + + if (user_of_caller != NULL) + g_object_unref (user_of_caller); + + return ret; +} + +/* ---------------------------------------------------------------------------------------------------- */ + +static void +polkit_backend_interactive_authority_system_bus_name_owner_changed (PolkitBackendInteractiveAuthority *authority, + const gchar *name, + const gchar *old_owner, + const gchar *new_owner) +{ + PolkitBackendInteractiveAuthority *interactive_authority; + PolkitBackendInteractiveAuthorityPrivate *priv; + + interactive_authority = POLKIT_BACKEND_INTERACTIVE_AUTHORITY (authority); + priv = POLKIT_BACKEND_INTERACTIVE_AUTHORITY_GET_PRIVATE (interactive_authority); + + //g_debug ("name-owner-changed: '%s' '%s' '%s'", name, old_owner, new_owner); + + if (name[0] == ':' && strlen (new_owner) == 0) + { + AuthenticationAgent *agent; + GList *sessions; + GList *l; + + agent = get_authentication_agent_by_unique_system_bus_name (interactive_authority, name); + if (agent != NULL) + { + gchar *scope_str; + + scope_str = polkit_subject_to_string (agent->scope); + g_debug ("Removing authentication agent for %s at name %s, object path %s (disconnected from bus)", + scope_str, + agent->unique_system_bus_name, + agent->object_path); + + polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority), + "Unregistered Authentication Agent for %s " + "(system bus name %s, object path %s, locale %s) (disconnected from bus)", + scope_str, + agent->unique_system_bus_name, + agent->object_path, + agent->locale); + g_free (scope_str); + + authentication_agent_cancel_all_sessions (agent); + /* this works because we have exactly one agent per session */ + /* this frees agent... */ + g_hash_table_remove (priv->hash_scope_to_authentication_agent, agent->scope); + + g_signal_emit_by_name (authority, "changed"); + } + + /* cancel all authentication sessions initiated by the process owning the vanished name */ + sessions = get_authentication_sessions_initiated_by_system_bus_unique_name (interactive_authority, name); + for (l = sessions; l != NULL; l = l->next) + { + AuthenticationSession *session = l->data; + + authentication_session_cancel (session); + } + g_list_free (sessions); + + /* cancel all authentication sessions that is about the vanished name */ + sessions = get_authentication_sessions_for_system_bus_unique_name_subject (interactive_authority, name); + for (l = sessions; l != NULL; l = l->next) + { + AuthenticationSession *session = l->data; + + authentication_session_cancel (session); + } + g_list_free (sessions); + + /* remove all temporary authorizations that applies to the vanished name + * (temporary_authorization_store_add_authorization for the code path for handling processes) + */ + temporary_authorization_store_remove_authorizations_for_system_bus_name (priv->temporary_authorization_store, + name); + + } + +} + +/* ---------------------------------------------------------------------------------------------------- */ + +typedef struct TemporaryAuthorization TemporaryAuthorization; + +struct TemporaryAuthorizationStore +{ + GList *authorizations; + PolkitBackendInteractiveAuthority *authority; + guint64 serial; +}; + +struct TemporaryAuthorization +{ + TemporaryAuthorizationStore *store; + PolkitSubject *subject; + PolkitSubject *scope; + gchar *id; + gchar *action_id; + /* both of these are obtained using g_get_monotonic_time(), + * so the resolution is usec + */ + gint64 time_granted; + gint64 time_expires; + guint expiration_timeout_id; + guint check_vanished_timeout_id; +}; + +static void +temporary_authorization_free (TemporaryAuthorization *authorization) +{ + g_free (authorization->id); + g_object_unref (authorization->subject); + g_object_unref (authorization->scope); + g_free (authorization->action_id); + if (authorization->expiration_timeout_id > 0) + g_source_remove (authorization->expiration_timeout_id); + if (authorization->check_vanished_timeout_id > 0) + g_source_remove (authorization->check_vanished_timeout_id); + g_free (authorization); +} + +static TemporaryAuthorizationStore * +temporary_authorization_store_new (PolkitBackendInteractiveAuthority *authority) +{ + TemporaryAuthorizationStore *store; + + store = g_new0 (TemporaryAuthorizationStore, 1); + store->authority = authority; + store->authorizations = NULL; + + return store; +} + +static void +temporary_authorization_store_free (TemporaryAuthorizationStore *store) +{ + g_list_foreach (store->authorizations, (GFunc) temporary_authorization_free, NULL); + g_list_free (store->authorizations); + g_free (store); +} + +static gboolean +temporary_authorization_store_has_authorization (TemporaryAuthorizationStore *store, + PolkitSubject *subject, + const gchar *action_id, + const gchar **out_tmp_authz_id) +{ + GList *l; + gboolean ret; + PolkitSubject *subject_to_use; + + g_return_val_if_fail (store != NULL, FALSE); + g_return_val_if_fail (POLKIT_IS_SUBJECT (subject), FALSE); + g_return_val_if_fail (action_id != NULL, FALSE); + + /* XXX: for now, prefer to store the process */ + if (POLKIT_IS_SYSTEM_BUS_NAME (subject)) + { + GError *error; + error = NULL; + subject_to_use = polkit_system_bus_name_get_process_sync (POLKIT_SYSTEM_BUS_NAME (subject), + NULL, + &error); + if (subject_to_use == NULL) + { + g_printerr ("Error getting process for system bus name `%s': %s\n", + polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (subject)), + error->message); + g_error_free (error); + subject_to_use = g_object_ref (subject); + } + } + else + { + subject_to_use = g_object_ref (subject); + } + + ret = FALSE; + + for (l = store->authorizations; l != NULL; l = l->next) { + TemporaryAuthorization *authorization = l->data; + + if (strcmp (action_id, authorization->action_id) == 0 && + polkit_subject_equal (subject_to_use, authorization->subject)) + { + ret = TRUE; + if (out_tmp_authz_id != NULL) + *out_tmp_authz_id = authorization->id; + goto out; + } + } + + out: + g_object_unref (subject_to_use); + return ret; +} + +static gboolean +on_expiration_timeout (gpointer user_data) +{ + TemporaryAuthorization *authorization = user_data; + gchar *s; + + s = polkit_subject_to_string (authorization->subject); + g_debug ("Removing tempoary authorization with id `%s' for action-id `%s' for subject `%s': " + "authorization has expired", + authorization->id, + authorization->action_id, + s); + g_free (s); + + authorization->store->authorizations = g_list_remove (authorization->store->authorizations, + authorization); + authorization->expiration_timeout_id = 0; + g_signal_emit_by_name (authorization->store->authority, "changed"); + temporary_authorization_free (authorization); + + /* remove source */ + return FALSE; +} + +static gboolean +on_unix_process_check_vanished_timeout (gpointer user_data) +{ + TemporaryAuthorization *authorization = user_data; + GError *error; + + /* we know that this is a PolkitUnixProcess so the check is fast (no IPC involved) */ + error = NULL; + if (!polkit_subject_exists_sync (authorization->subject, + NULL, + &error)) + { + if (error != NULL) + { + g_printerr ("Error checking if process exists: %s\n", error->message); + g_error_free (error); + } + else + { + gchar *s; + + s = polkit_subject_to_string (authorization->subject); + g_debug ("Removing tempoary authorization with id `%s' for action-id `%s' for subject `%s': " + "subject has vanished", + authorization->id, + authorization->action_id, + s); + g_free (s); + + authorization->store->authorizations = g_list_remove (authorization->store->authorizations, + authorization); + g_signal_emit_by_name (authorization->store->authority, "changed"); + temporary_authorization_free (authorization); + } + } + + /* keep source around */ + return TRUE; +} + +static void +temporary_authorization_store_remove_authorizations_for_system_bus_name (TemporaryAuthorizationStore *store, + const gchar *name) +{ + guint num_removed; + GList *l, *ll; + + num_removed = 0; + for (l = store->authorizations; l != NULL; l = ll) + { + TemporaryAuthorization *ta = l->data; + gchar *s; + + ll = l->next; + + if (!POLKIT_IS_SYSTEM_BUS_NAME (ta->subject)) + continue; + + if (g_strcmp0 (name, polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (ta->subject))) != 0) + continue; + + + s = polkit_subject_to_string (ta->subject); + g_debug ("Removing tempoary authorization with id `%s' for action-id `%s' for subject `%s': " + "subject has vanished", + ta->id, + ta->action_id, + s); + g_free (s); + + store->authorizations = g_list_remove (store->authorizations, ta); + temporary_authorization_free (ta); + + num_removed++; + } + + if (num_removed > 0) + g_signal_emit_by_name (store->authority, "changed"); +} + +static const gchar * +temporary_authorization_store_add_authorization (TemporaryAuthorizationStore *store, + PolkitSubject *subject, + PolkitSubject *scope, + const gchar *action_id) +{ + TemporaryAuthorization *authorization; + guint expiration_seconds; + PolkitSubject *subject_to_use; + + g_return_val_if_fail (store != NULL, NULL); + g_return_val_if_fail (POLKIT_IS_SUBJECT (subject), NULL); + g_return_val_if_fail (action_id != NULL, NULL); + g_return_val_if_fail (!temporary_authorization_store_has_authorization (store, subject, action_id, NULL), NULL); + + /* XXX: for now, prefer to store the process */ + if (POLKIT_IS_SYSTEM_BUS_NAME (subject)) + { + GError *error; + error = NULL; + subject_to_use = polkit_system_bus_name_get_process_sync (POLKIT_SYSTEM_BUS_NAME (subject), + NULL, + &error); + if (subject_to_use == NULL) + { + g_printerr ("Error getting process for system bus name `%s': %s\n", + polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (subject)), + error->message); + g_error_free (error); + subject_to_use = g_object_ref (subject); + } + } + else + { + subject_to_use = g_object_ref (subject); + } + + /* TODO: right now the time the temporary authorization is kept is hard-coded - we + * could make it a propery on the PolkitBackendInteractiveAuthority class (so + * the local authority could read it from a config file) or a vfunc + * (so the local authority could read it from an annotation on the action). + */ + expiration_seconds = 5 * 60; + + authorization = g_new0 (TemporaryAuthorization, 1); + authorization->id = g_strdup_printf ("tmpauthz%" G_GUINT64_FORMAT, store->serial++); + authorization->store = store; + authorization->subject = g_object_ref (subject_to_use); + authorization->scope = g_object_ref (scope); + authorization->action_id = g_strdup (action_id); + /* store monotonic time and convert to secs-since-epoch when returning TemporaryAuthorization structs */ + authorization->time_granted = g_get_monotonic_time (); + authorization->time_expires = authorization->time_granted + expiration_seconds * G_USEC_PER_SEC; + /* g_timeout_add() is using monotonic time since 2.28 */ + authorization->expiration_timeout_id = g_timeout_add (expiration_seconds * 1000, + on_expiration_timeout, + authorization); + + if (POLKIT_IS_UNIX_PROCESS (authorization->subject)) + { + /* For now, set up a timer to poll every two seconds - this is used to determine + * when the process vanishes. We want to do this so we can remove the temporary + * authorization - this is because we want agents to update e.g. a notification + * area icon saying the user has temporary authorizations (e.g. remove the icon). + * + * Ideally we'd just do + * + * g_signal_connect (kernel, "process-exited", G_CALLBACK (on_process_exited), user_data); + * + * but that is not how things work right now (and, hey, it's not like the kernel + * is a GObject either!) - so we poll. + * + * TODO: On Linux, it might be possible to obtain notifications by connecting + * to the netlink socket. Needs looking into. + */ + + authorization->check_vanished_timeout_id = g_timeout_add_seconds (2, + on_unix_process_check_vanished_timeout, + authorization); + } +#if 0 + else if (POLKIT_IS_SYSTEM_BUS_NAME (authorization->subject)) + { + /* This is currently handled in polkit_backend_interactive_authority_system_bus_name_owner_changed() */ + } +#endif + + + store->authorizations = g_list_prepend (store->authorizations, authorization); + + g_object_unref (subject_to_use); + + return authorization->id; +} + +/* ---------------------------------------------------------------------------------------------------- */ + +static GList * +polkit_backend_interactive_authority_enumerate_temporary_authorizations (PolkitBackendAuthority *authority, + PolkitSubject *caller, + PolkitSubject *subject, + GError **error) +{ + PolkitBackendInteractiveAuthority *interactive_authority; + PolkitBackendInteractiveAuthorityPrivate *priv; + PolkitSubject *session_for_caller; + GList *ret; + GList *l; + gint64 monotonic_now; + GTimeVal real_now; + + interactive_authority = POLKIT_BACKEND_INTERACTIVE_AUTHORITY (authority); + priv = POLKIT_BACKEND_INTERACTIVE_AUTHORITY_GET_PRIVATE (interactive_authority); + + ret = NULL; + session_for_caller = NULL; + + if (!POLKIT_IS_UNIX_SESSION (subject)) + { + g_set_error (error, + POLKIT_ERROR, + POLKIT_ERROR_FAILED, + "Can only handle PolkitUnixSession objects for now."); + goto out; + } + + session_for_caller = polkit_backend_session_monitor_get_session_for_subject (priv->session_monitor, + caller, + NULL); + if (session_for_caller == NULL) + { + g_set_error (error, + POLKIT_ERROR, + POLKIT_ERROR_FAILED, + "Cannot determine session the caller is in"); + goto out; + } + + if (!polkit_subject_equal (session_for_caller, subject)) + { + g_set_error (error, + POLKIT_ERROR, + POLKIT_ERROR_FAILED, + "Passed session and the session the caller is in differs. They must be equal for now."); + goto out; + } + + monotonic_now = g_get_monotonic_time (); + g_get_current_time (&real_now); + + for (l = priv->temporary_authorization_store->authorizations; l != NULL; l = l->next) + { + TemporaryAuthorization *ta = l->data; + PolkitTemporaryAuthorization *tmp_authz; + guint64 real_granted; + guint64 real_expires; + + if (!polkit_subject_equal (ta->scope, subject)) + continue; + + real_granted = (ta->time_granted - monotonic_now) / G_USEC_PER_SEC + real_now.tv_sec; + real_expires = (ta->time_expires - monotonic_now) / G_USEC_PER_SEC + real_now.tv_sec; + + tmp_authz = polkit_temporary_authorization_new (ta->id, + ta->action_id, + ta->subject, + real_granted, + real_expires); + + ret = g_list_prepend (ret, tmp_authz); + } + + out: + if (session_for_caller != NULL) + g_object_unref (session_for_caller); + + return ret; +} + +/* ---------------------------------------------------------------------------------------------------- */ + +static gboolean +polkit_backend_interactive_authority_revoke_temporary_authorizations (PolkitBackendAuthority *authority, + PolkitSubject *caller, + PolkitSubject *subject, + GError **error) +{ + PolkitBackendInteractiveAuthority *interactive_authority; + PolkitBackendInteractiveAuthorityPrivate *priv; + PolkitSubject *session_for_caller; + gboolean ret; + GList *l; + GList *ll; + guint num_removed; + + interactive_authority = POLKIT_BACKEND_INTERACTIVE_AUTHORITY (authority); + priv = POLKIT_BACKEND_INTERACTIVE_AUTHORITY_GET_PRIVATE (interactive_authority); + + ret = FALSE; + session_for_caller = NULL; + + if (!POLKIT_IS_UNIX_SESSION (subject)) + { + g_set_error (error, + POLKIT_ERROR, + POLKIT_ERROR_FAILED, + "Can only handle PolkitUnixSession objects for now."); + goto out; + } + + session_for_caller = polkit_backend_session_monitor_get_session_for_subject (priv->session_monitor, + caller, + NULL); + if (session_for_caller == NULL) + { + g_set_error (error, + POLKIT_ERROR, + POLKIT_ERROR_FAILED, + "Cannot determine session the caller is in"); + goto out; + } + + if (!polkit_subject_equal (session_for_caller, subject)) + { + g_set_error (error, + POLKIT_ERROR, + POLKIT_ERROR_FAILED, + "Passed session and the session the caller is in differs. They must be equal for now."); + goto out; + } + + num_removed = 0; + for (l = priv->temporary_authorization_store->authorizations; l != NULL; l = ll) + { + TemporaryAuthorization *ta = l->data; + + ll = l->next; + + if (!polkit_subject_equal (ta->scope, subject)) + continue; + + priv->temporary_authorization_store->authorizations = g_list_remove (priv->temporary_authorization_store->authorizations, ta); + temporary_authorization_free (ta); + + num_removed++; + } + + if (num_removed > 0) + g_signal_emit_by_name (authority, "changed"); + + ret = TRUE; + + out: + if (session_for_caller != NULL) + g_object_unref (session_for_caller); + + return ret; +} + +/* ---------------------------------------------------------------------------------------------------- */ + +static gboolean +polkit_backend_interactive_authority_revoke_temporary_authorization_by_id (PolkitBackendAuthority *authority, + PolkitSubject *caller, + const gchar *id, + GError **error) +{ + PolkitBackendInteractiveAuthority *interactive_authority; + PolkitBackendInteractiveAuthorityPrivate *priv; + PolkitSubject *session_for_caller; + gboolean ret; + GList *l; + GList *ll; + guint num_removed; + + interactive_authority = POLKIT_BACKEND_INTERACTIVE_AUTHORITY (authority); + priv = POLKIT_BACKEND_INTERACTIVE_AUTHORITY_GET_PRIVATE (interactive_authority); + + ret = FALSE; + session_for_caller = NULL; + + session_for_caller = polkit_backend_session_monitor_get_session_for_subject (priv->session_monitor, + caller, + NULL); + if (session_for_caller == NULL) + { + g_set_error (error, + POLKIT_ERROR, + POLKIT_ERROR_FAILED, + "Cannot determine session the caller is in"); + goto out; + } + + num_removed = 0; + for (l = priv->temporary_authorization_store->authorizations; l != NULL; l = ll) + { + TemporaryAuthorization *ta = l->data; + + ll = l->next; + + if (strcmp (ta->id, id) != 0) + continue; + + if (!polkit_subject_equal (session_for_caller, ta->scope)) + { + g_set_error (error, + POLKIT_ERROR, + POLKIT_ERROR_FAILED, + "Cannot remove a temporary authorization belonging to another subject."); + goto out; + } + + priv->temporary_authorization_store->authorizations = g_list_remove (priv->temporary_authorization_store->authorizations, ta); + temporary_authorization_free (ta); + + num_removed++; + } + + if (num_removed > 0) + { + g_signal_emit_by_name (authority, "changed"); + } + else + { + g_set_error (error, + POLKIT_ERROR, + POLKIT_ERROR_FAILED, + "No such authorization with id `%s'", + id); + goto out; + } + + ret = TRUE; + + out: + if (session_for_caller != NULL) + g_object_unref (session_for_caller); + + return ret; +} + +/* ---------------------------------------------------------------------------------------------------- */ diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.h b/src/polkitbackend/polkitbackendinteractiveauthority.h new file mode 100644 index 00000000..408c3e4e --- /dev/null +++ b/src/polkitbackend/polkitbackendinteractiveauthority.h @@ -0,0 +1,148 @@ +/* + * Copyright (C) 2008 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, write to the + * Free Software Foundation, Inc., 59 Temple Place, Suite 330, + * Boston, MA 02111-1307, USA. + * + * Author: David Zeuthen + */ + +#if !defined (_POLKIT_BACKEND_COMPILATION) && !defined(_POLKIT_BACKEND_INSIDE_POLKIT_BACKEND_H) +#error "Only can be included directly, this file may disappear or change contents." +#endif + +#ifndef __POLKIT_BACKEND_INTERACTIVE_AUTHORITY_H +#define __POLKIT_BACKEND_INTERACTIVE_AUTHORITY_H + +#include +#include +#include + +G_BEGIN_DECLS + +#define POLKIT_BACKEND_TYPE_INTERACTIVE_AUTHORITY (polkit_backend_interactive_authority_get_type ()) +#define POLKIT_BACKEND_INTERACTIVE_AUTHORITY(o) (G_TYPE_CHECK_INSTANCE_CAST ((o), POLKIT_BACKEND_TYPE_INTERACTIVE_AUTHORITY, PolkitBackendInteractiveAuthority)) +#define POLKIT_BACKEND_INTERACTIVE_AUTHORITY_CLASS(k) (G_TYPE_CHECK_CLASS_CAST ((k), POLKIT_BACKEND_TYPE_INTERACTIVE_AUTHORITY, PolkitBackendInteractiveAuthorityClass)) +#define POLKIT_BACKEND_INTERACTIVE_AUTHORITY_GET_CLASS(o) (G_TYPE_INSTANCE_GET_CLASS ((o), POLKIT_BACKEND_TYPE_INTERACTIVE_AUTHORITY,PolkitBackendInteractiveAuthorityClass)) +#define POLKIT_BACKEND_IS_INTERACTIVE_AUTHORITY(o) (G_TYPE_CHECK_INSTANCE_TYPE ((o), POLKIT_BACKEND_TYPE_INTERACTIVE_AUTHORITY)) +#define POLKIT_BACKEND_IS_INTERACTIVE_AUTHORITY_CLASS(k) (G_TYPE_CHECK_CLASS_TYPE ((k), POLKIT_BACKEND_TYPE_INTERACTIVE_AUTHORITY)) + +typedef struct _PolkitBackendInteractiveAuthorityClass PolkitBackendInteractiveAuthorityClass; + +/** + * PolkitBackendInteractiveAuthority: + * + * The #PolkitBackendInteractiveAuthority struct should not be accessed directly. + */ +struct _PolkitBackendInteractiveAuthority +{ + /*< private >*/ + PolkitBackendAuthority parent_instance; +}; + +/** + * PolkitBackendInteractiveAuthorityClass: + * @parent_class: The parent class. + * @get_admin_identities: Returns list of identities for administrator authentication or %NULL to use the default + * implementation. See polkit_backend_interactive_authority_get_admin_identities() for details. + * @check_authorization_sync: Checks for an authorization or %NULL to use the default implementation. + * See polkit_backend_interactive_authority_check_authorization_sync() for details. + * + * Class structure for #PolkitBackendInteractiveAuthority. + */ +struct _PolkitBackendInteractiveAuthorityClass +{ + /*< public >*/ + PolkitBackendAuthorityClass parent_class; + + /* VTable */ + GList * (*get_admin_identities) (PolkitBackendInteractiveAuthority *authority, + PolkitSubject *caller, + PolkitSubject *subject, + PolkitIdentity *user_for_subject, + const gchar *action_id, + PolkitDetails *details); + + PolkitImplicitAuthorization (*check_authorization_sync) (PolkitBackendInteractiveAuthority *authority, + PolkitSubject *caller, + PolkitSubject *subject, + PolkitIdentity *user_for_subject, + gboolean subject_is_local, + gboolean subject_is_active, + const gchar *action_id, + PolkitDetails *details, + PolkitImplicitAuthorization implicit, + PolkitDetails *out_details); + + /*< private >*/ + /* Padding for future expansion */ + void (*_polkit_reserved1) (void); + void (*_polkit_reserved2) (void); + void (*_polkit_reserved3) (void); + void (*_polkit_reserved4) (void); + void (*_polkit_reserved5) (void); + void (*_polkit_reserved6) (void); + void (*_polkit_reserved7) (void); + void (*_polkit_reserved8) (void); + void (*_polkit_reserved9) (void); + void (*_polkit_reserved10) (void); + void (*_polkit_reserved11) (void); + void (*_polkit_reserved12) (void); + void (*_polkit_reserved13) (void); + void (*_polkit_reserved14) (void); + void (*_polkit_reserved15) (void); + void (*_polkit_reserved16) (void); + void (*_polkit_reserved17) (void); + void (*_polkit_reserved18) (void); + void (*_polkit_reserved19) (void); + void (*_polkit_reserved20) (void); + void (*_polkit_reserved21) (void); + void (*_polkit_reserved22) (void); + void (*_polkit_reserved23) (void); + void (*_polkit_reserved24) (void); + void (*_polkit_reserved25) (void); + void (*_polkit_reserved26) (void); + void (*_polkit_reserved27) (void); + void (*_polkit_reserved28) (void); + void (*_polkit_reserved29) (void); + void (*_polkit_reserved30) (void); + void (*_polkit_reserved31) (void); + void (*_polkit_reserved32) (void); +}; + +GType polkit_backend_interactive_authority_get_type (void) G_GNUC_CONST; +GList *polkit_backend_interactive_authority_get_admin_identities (PolkitBackendInteractiveAuthority *authority, + PolkitSubject *caller, + PolkitSubject *subject, + PolkitIdentity *user_for_subject, + const gchar *action_id, + PolkitDetails *details); + +PolkitImplicitAuthorization polkit_backend_interactive_authority_check_authorization_sync ( + PolkitBackendInteractiveAuthority *authority, + PolkitSubject *caller, + PolkitSubject *subject, + PolkitIdentity *user_for_subject, + gboolean subject_is_local, + gboolean subject_is_active, + const gchar *action_id, + PolkitDetails *details, + PolkitImplicitAuthorization implicit, + PolkitDetails *out_details); + +G_END_DECLS + +#endif /* __POLKIT_BACKEND_INTERACTIVE_AUTHORITY_H */ + diff --git a/src/polkitbackend/polkitbackendlocalauthority.c b/src/polkitbackend/polkitbackendlocalauthority.c new file mode 100644 index 00000000..b53eda3a --- /dev/null +++ b/src/polkitbackend/polkitbackendlocalauthority.c @@ -0,0 +1,787 @@ +/* + * Copyright (C) 2008 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, write to the + * Free Software Foundation, Inc., 59 Temple Place, Suite 330, + * Boston, MA 02111-1307, USA. + * + * Author: David Zeuthen + */ + +#include "config.h" +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include "polkitbackendconfigsource.h" +#include "polkitbackendlocalauthority.h" +#include "polkitbackendlocalauthorizationstore.h" + +#include + +/** + * SECTION:polkitbackendlocalauthority + * @title: PolkitBackendLocalAuthority + * @short_description: Local Authority + * @stability: Unstable + * + * An implementation of #PolkitBackendAuthority that stores + * authorizations on the local file system, supports interaction with + * authentication agents (virtue of being based on + * #PolkitBackendInteractiveAuthority). + */ + +/* ---------------------------------------------------------------------------------------------------- */ + +static GList *get_users_in_group (PolkitIdentity *group, + gboolean include_root); + +static GList *get_users_in_net_group (PolkitIdentity *group, + gboolean include_root); + +static GList *get_groups_for_user (PolkitIdentity *user); + +/* ---------------------------------------------------------------------------------------------------- */ + +typedef struct +{ + gchar *config_path; + PolkitBackendConfigSource *config_source; + + gchar **authorization_store_paths; + GList *authorization_stores; + GList *authorization_store_monitors; + +} PolkitBackendLocalAuthorityPrivate; + +/* ---------------------------------------------------------------------------------------------------- */ + +enum +{ + PROP_0, + + // Path overrides used for unit testing + PROP_CONFIG_PATH, + PROP_AUTH_STORE_PATHS, +}; + +/* ---------------------------------------------------------------------------------------------------- */ + +static GList *polkit_backend_local_authority_get_admin_auth_identities (PolkitBackendInteractiveAuthority *authority, + PolkitSubject *caller, + PolkitSubject *subject, + PolkitIdentity *user_for_subject, + const gchar *action_id, + PolkitDetails *details); + +static PolkitImplicitAuthorization polkit_backend_local_authority_check_authorization_sync ( + PolkitBackendInteractiveAuthority *authority, + PolkitSubject *caller, + PolkitSubject *subject, + PolkitIdentity *user_for_subject, + gboolean subject_is_local, + gboolean subject_is_active, + const gchar *action_id, + PolkitDetails *details, + PolkitImplicitAuthorization implicit, + PolkitDetails *out_details); + +G_DEFINE_TYPE_WITH_CODE (PolkitBackendLocalAuthority, + polkit_backend_local_authority, + POLKIT_BACKEND_TYPE_INTERACTIVE_AUTHORITY, + g_io_extension_point_implement (POLKIT_BACKEND_AUTHORITY_EXTENSION_POINT_NAME, + g_define_type_id, + "local-authority" PACKAGE_VERSION, + 0)); + +#define POLKIT_BACKEND_LOCAL_AUTHORITY_GET_PRIVATE(o) (G_TYPE_INSTANCE_GET_PRIVATE ((o), POLKIT_BACKEND_TYPE_LOCAL_AUTHORITY, PolkitBackendLocalAuthorityPrivate)) + +/* ---------------------------------------------------------------------------------------------------- */ + +static void +on_store_changed (PolkitBackendLocalAuthorizationStore *store, + gpointer user_data) +{ + PolkitBackendLocalAuthority *authority = POLKIT_BACKEND_LOCAL_AUTHORITY (user_data); + + g_signal_emit_by_name (authority, "changed"); +} + +/* ---------------------------------------------------------------------------------------------------- */ + +static void +purge_all_authorization_stores (PolkitBackendLocalAuthority *authority) +{ + PolkitBackendLocalAuthorityPrivate *priv; + GList *l; + + priv = POLKIT_BACKEND_LOCAL_AUTHORITY_GET_PRIVATE (authority); + + for (l = priv->authorization_stores; l != NULL; l = l->next) + { + PolkitBackendLocalAuthorizationStore *store = POLKIT_BACKEND_LOCAL_AUTHORIZATION_STORE (l->data); + g_signal_handlers_disconnect_by_func (store, + G_CALLBACK (on_store_changed), + authority); + g_object_unref (store); + } + g_list_free (priv->authorization_stores); + priv->authorization_stores = NULL; + + g_debug ("Purged all local authorization stores"); +} + +/* ---------------------------------------------------------------------------------------------------- */ + +static void +add_one_authorization_store (PolkitBackendLocalAuthority *authority, + GFile *directory) +{ + PolkitBackendLocalAuthorizationStore *store; + PolkitBackendLocalAuthorityPrivate *priv; + + priv = POLKIT_BACKEND_LOCAL_AUTHORITY_GET_PRIVATE (authority); + + store = polkit_backend_local_authorization_store_new (directory, ".pkla"); + priv->authorization_stores = g_list_append (priv->authorization_stores, store); + + g_signal_connect (store, + "changed", + G_CALLBACK (on_store_changed), + authority); +} + +static gint +authorization_store_path_compare_func (GFile *file_a, + GFile *file_b) +{ + const gchar *a; + const gchar *b; + + a = g_object_get_data (G_OBJECT (file_a), "sort-key"); + b = g_object_get_data (G_OBJECT (file_b), "sort-key"); + + return g_strcmp0 (a, b); +} + +static void +add_all_authorization_stores (PolkitBackendLocalAuthority *authority) +{ + PolkitBackendLocalAuthorityPrivate *priv; + guint n; + GList *directories; + GList *l; + + priv = POLKIT_BACKEND_LOCAL_AUTHORITY_GET_PRIVATE (authority); + directories = NULL; + + for (n = 0; priv->authorization_store_paths && priv->authorization_store_paths[n]; n++) + { + const gchar *toplevel_path; + GFile *toplevel_directory; + GFileEnumerator *directory_enumerator; + GFileInfo *file_info; + GError *error; + + error = NULL; + + toplevel_path = priv->authorization_store_paths[n]; + toplevel_directory = g_file_new_for_path (toplevel_path); + directory_enumerator = g_file_enumerate_children (toplevel_directory, + "standard::name,standard::type", + G_FILE_QUERY_INFO_NONE, + NULL, + &error); + if (directory_enumerator == NULL) + { + g_warning ("Error getting enumerator for %s: %s", toplevel_path, error->message); + g_error_free (error); + g_object_unref (toplevel_directory); + continue; + } + + while ((file_info = g_file_enumerator_next_file (directory_enumerator, NULL, &error)) != NULL) + { + /* only consider directories */ + if (g_file_info_get_file_type (file_info) == G_FILE_TYPE_DIRECTORY) + { + const gchar *name; + GFile *directory; + gchar *sort_key; + + name = g_file_info_get_name (file_info); + + /* This makes entries in directories in /etc take precedence to entries in directories in /var */ + sort_key = g_strdup_printf ("%s-%d", name, n); + + directory = g_file_get_child (toplevel_directory, name); + g_object_set_data_full (G_OBJECT (directory), "sort-key", sort_key, g_free); + + directories = g_list_prepend (directories, directory); + } + g_object_unref (file_info); + } + if (error != NULL) + { + g_warning ("Error enumerating files in %s: %s", toplevel_path, error->message); + g_error_free (error); + g_object_unref (toplevel_directory); + g_object_unref (directory_enumerator); + continue; + } + g_object_unref (directory_enumerator); + g_object_unref (toplevel_directory); + } + + /* Sort directories */ + directories = g_list_sort (directories, (GCompareFunc) authorization_store_path_compare_func); + + /* And now add an authorization store for each one */ + for (l = directories; l != NULL; l = l->next) + { + GFile *directory = G_FILE (l->data); + gchar *name; + + name = g_file_get_path (directory); + g_debug ("Added `%s' as a local authorization store", name); + g_free (name); + + add_one_authorization_store (authority, directory); + } + + g_list_foreach (directories, (GFunc) g_object_unref, NULL); + g_list_free (directories); +} + +/* ---------------------------------------------------------------------------------------------------- */ + +static void +on_toplevel_authority_store_monitor_changed (GFileMonitor *monitor, + GFile *file, + GFile *other_file, + GFileMonitorEvent event_type, + gpointer user_data) +{ + PolkitBackendLocalAuthority *authority = POLKIT_BACKEND_LOCAL_AUTHORITY (user_data); + + purge_all_authorization_stores (authority); + add_all_authorization_stores (authority); +} + +static void +polkit_backend_local_authority_init (PolkitBackendLocalAuthority *authority) +{ + PolkitBackendLocalAuthorityPrivate *priv; + + priv = POLKIT_BACKEND_LOCAL_AUTHORITY_GET_PRIVATE (authority); + + priv->config_path = NULL; + priv->authorization_store_paths = NULL; +} + +static void +polkit_backend_local_authority_constructed (GObject *object) +{ + PolkitBackendLocalAuthority *authority; + PolkitBackendLocalAuthorityPrivate *priv; + GFile *config_directory; + guint n; + + authority = POLKIT_BACKEND_LOCAL_AUTHORITY (object); + priv = POLKIT_BACKEND_LOCAL_AUTHORITY_GET_PRIVATE (authority); + + g_debug ("Using config directory `%s'", priv->config_path); + config_directory = g_file_new_for_path (priv->config_path); + priv->config_source = polkit_backend_config_source_new (config_directory); + g_object_unref (config_directory); + + add_all_authorization_stores (authority); + + /* Monitor the toplevels */ + priv->authorization_store_monitors = NULL; + for (n = 0; priv->authorization_store_paths && priv->authorization_store_paths[n]; n++) + { + const gchar *toplevel_path; + GFile *toplevel_directory; + GFileMonitor *monitor; + GError *error; + + toplevel_path = priv->authorization_store_paths[n]; + toplevel_directory = g_file_new_for_path (toplevel_path); + + error = NULL; + monitor = g_file_monitor_directory (toplevel_directory, + G_FILE_MONITOR_NONE, + NULL, + &error); + if (monitor == NULL) + { + g_warning ("Error creating file monitor for %s: %s", toplevel_path, error->message); + g_error_free (error); + g_object_unref (toplevel_directory); + continue; + } + + g_debug ("Monitoring `%s' for changes", toplevel_path); + + g_signal_connect (monitor, + "changed", + G_CALLBACK (on_toplevel_authority_store_monitor_changed), + authority); + + priv->authorization_store_monitors = g_list_append (priv->authorization_store_monitors, monitor); + + g_object_unref (toplevel_directory); + } + + G_OBJECT_CLASS (polkit_backend_local_authority_parent_class)->constructed (object); +} + +static void +polkit_backend_local_authority_finalize (GObject *object) +{ + PolkitBackendLocalAuthority *local_authority; + PolkitBackendLocalAuthorityPrivate *priv; + + local_authority = POLKIT_BACKEND_LOCAL_AUTHORITY (object); + priv = POLKIT_BACKEND_LOCAL_AUTHORITY_GET_PRIVATE (local_authority); + + purge_all_authorization_stores (local_authority); + + g_list_free_full (priv->authorization_store_monitors, g_object_unref); + + if (priv->config_source != NULL) + g_object_unref (priv->config_source); + + g_free (priv->config_path); + g_strfreev (priv->authorization_store_paths); + + G_OBJECT_CLASS (polkit_backend_local_authority_parent_class)->finalize (object); +} + +static const gchar * +polkit_backend_local_authority_get_name (PolkitBackendAuthority *authority) +{ + return "local"; +} + +static const gchar * +polkit_backend_local_authority_get_version (PolkitBackendAuthority *authority) +{ + return PACKAGE_VERSION; +} + +static PolkitAuthorityFeatures +polkit_backend_local_authority_get_features (PolkitBackendAuthority *authority) +{ + return POLKIT_AUTHORITY_FEATURES_TEMPORARY_AUTHORIZATION; +} + +static void +polkit_backend_local_authority_set_property (GObject *object, guint property_id, const GValue *value, GParamSpec *pspec) +{ + PolkitBackendLocalAuthority *local_authority; + PolkitBackendLocalAuthorityPrivate *priv; + + local_authority = POLKIT_BACKEND_LOCAL_AUTHORITY (object); + priv = POLKIT_BACKEND_LOCAL_AUTHORITY_GET_PRIVATE (local_authority); + + switch (property_id) + { + case PROP_CONFIG_PATH: + g_free (priv->config_path); + priv->config_path = g_value_dup_string (value); + break; + case PROP_AUTH_STORE_PATHS: + g_strfreev (priv->authorization_store_paths); + priv->authorization_store_paths = g_strsplit (g_value_get_string (value), ";", 0); + break; + default: + G_OBJECT_WARN_INVALID_PROPERTY_ID (object, property_id, pspec); + break; + } +} + +static void +polkit_backend_local_authority_class_init (PolkitBackendLocalAuthorityClass *klass) +{ + GObjectClass *gobject_class; + PolkitBackendAuthorityClass *authority_class; + PolkitBackendInteractiveAuthorityClass *interactive_authority_class; + GParamSpec *pspec; + + gobject_class = G_OBJECT_CLASS (klass); + authority_class = POLKIT_BACKEND_AUTHORITY_CLASS (klass); + interactive_authority_class = POLKIT_BACKEND_INTERACTIVE_AUTHORITY_CLASS (klass); + + gobject_class->set_property = polkit_backend_local_authority_set_property; + gobject_class->finalize = polkit_backend_local_authority_finalize; + gobject_class->constructed = polkit_backend_local_authority_constructed; + authority_class->get_name = polkit_backend_local_authority_get_name; + authority_class->get_version = polkit_backend_local_authority_get_version; + authority_class->get_features = polkit_backend_local_authority_get_features; + interactive_authority_class->get_admin_identities = polkit_backend_local_authority_get_admin_auth_identities; + interactive_authority_class->check_authorization_sync = polkit_backend_local_authority_check_authorization_sync; + + pspec = g_param_spec_string ("config-path", + "Local Authority Configuration Path", + "Path to directory of LocalAuthority config files.", + PACKAGE_SYSCONF_DIR "/polkit-1/localauthority.conf.d", + G_PARAM_CONSTRUCT_ONLY | G_PARAM_WRITABLE); + g_object_class_install_property (gobject_class, PROP_CONFIG_PATH, pspec); + + pspec = g_param_spec_string ("auth-store-paths", + "Local Authorization Store Paths", + "Semi-colon separated list of Authorization Store 'top' directories.", + PACKAGE_LOCALSTATE_DIR "/lib/polkit-1/localauthority;" + PACKAGE_SYSCONF_DIR "/polkit-1/localauthority", + G_PARAM_CONSTRUCT_ONLY | G_PARAM_WRITABLE); + g_object_class_install_property (gobject_class, PROP_AUTH_STORE_PATHS, pspec); + + g_type_class_add_private (klass, sizeof (PolkitBackendLocalAuthorityPrivate)); +} + +static GList * +polkit_backend_local_authority_get_admin_auth_identities (PolkitBackendInteractiveAuthority *authority, + PolkitSubject *caller, + PolkitSubject *subject, + PolkitIdentity *user_for_subject, + const gchar *action_id, + PolkitDetails *details) +{ + PolkitBackendLocalAuthority *local_authority; + PolkitBackendLocalAuthorityPrivate *priv; + GList *ret; + guint n; + gchar **admin_identities; + GError *error; + + local_authority = POLKIT_BACKEND_LOCAL_AUTHORITY (authority); + priv = POLKIT_BACKEND_LOCAL_AUTHORITY_GET_PRIVATE (local_authority); + + ret = NULL; + + error = NULL; + admin_identities = polkit_backend_config_source_get_string_list (priv->config_source, + "Configuration", + "AdminIdentities", + &error); + if (admin_identities == NULL) + { + g_warning ("Error getting admin_identities configuration item: %s", error->message); + g_error_free (error); + goto out; + } + + for (n = 0; admin_identities[n] != NULL; n++) + { + PolkitIdentity *identity; + + error = NULL; + identity = polkit_identity_from_string (admin_identities[n], &error); + if (identity == NULL) + { + g_warning ("Error parsing identity %s: %s", admin_identities[n], error->message); + g_error_free (error); + continue; + } + + if (POLKIT_IS_UNIX_USER (identity)) + { + ret = g_list_append (ret, identity); + } + else if (POLKIT_IS_UNIX_GROUP (identity)) + { + ret = g_list_concat (ret, get_users_in_group (identity, FALSE)); + } + else if (POLKIT_IS_UNIX_NETGROUP (identity)) + { + ret = g_list_concat (ret, get_users_in_net_group (identity, FALSE)); + } + else + { + g_warning ("Unsupported identity %s", admin_identities[n]); + } + } + + g_strfreev (admin_identities); + + out: + + /* default to uid 0 if no admin identities has been found */ + if (ret == NULL) + ret = g_list_prepend (ret, polkit_unix_user_new (0)); + + return ret; +} + +/* ---------------------------------------------------------------------------------------------------- */ + +static PolkitImplicitAuthorization +polkit_backend_local_authority_check_authorization_sync (PolkitBackendInteractiveAuthority *authority, + PolkitSubject *caller, + PolkitSubject *subject, + PolkitIdentity *user_for_subject, + gboolean subject_is_local, + gboolean subject_is_active, + const gchar *action_id, + PolkitDetails *details, + PolkitImplicitAuthorization implicit, + PolkitDetails *out_details) +{ + PolkitBackendLocalAuthority *local_authority; + PolkitBackendLocalAuthorityPrivate *priv; + PolkitImplicitAuthorization ret; + PolkitImplicitAuthorization ret_any; + PolkitImplicitAuthorization ret_inactive; + PolkitImplicitAuthorization ret_active; + GList *groups; + GList *l, *ll; + + ret = implicit; + + local_authority = POLKIT_BACKEND_LOCAL_AUTHORITY (authority); + priv = POLKIT_BACKEND_LOCAL_AUTHORITY_GET_PRIVATE (local_authority); + +#if 0 + g_debug ("local: checking `%s' for subject `%s' (user `%s')", + action_id, + polkit_subject_to_string (subject), + polkit_identity_to_string (user_for_subject)); +#endif + + /* First lookup for all groups the user belong to */ + groups = get_groups_for_user (user_for_subject); + for (ll = groups; ll != NULL; ll = ll->next) + { + PolkitIdentity *group = POLKIT_IDENTITY (ll->data); + + for (l = priv->authorization_stores; l != NULL; l = l->next) + { + PolkitBackendLocalAuthorizationStore *store = POLKIT_BACKEND_LOCAL_AUTHORIZATION_STORE (l->data); + + if (polkit_backend_local_authorization_store_lookup (store, + group, + action_id, + details, + &ret_any, + &ret_inactive, + &ret_active, + out_details)) + { + if (subject_is_local && subject_is_active) + { + if (ret_active != POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN) + ret = ret_active; + } + else if (subject_is_local) + { + if (ret_inactive != POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN) + ret = ret_inactive; + } + else + { + if (ret_any != POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN) + ret = ret_any; + } + } + } + } + g_list_foreach (groups, (GFunc) g_object_unref, NULL); + g_list_free (groups); + + /* Then do it for the user */ + for (l = priv->authorization_stores; l != NULL; l = l->next) + { + PolkitBackendLocalAuthorizationStore *store = POLKIT_BACKEND_LOCAL_AUTHORIZATION_STORE (l->data); + + if (polkit_backend_local_authorization_store_lookup (store, + user_for_subject, + action_id, + details, + &ret_any, + &ret_inactive, + &ret_active, + out_details)) + { + if (subject_is_local && subject_is_active) + { + if (ret_active != POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN) + ret = ret_active; + } + else if (subject_is_local) + { + if (ret_inactive != POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN) + ret = ret_inactive; + } + else + { + if (ret_any != POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN) + ret = ret_any; + } + } + } + + return ret; +} + +/* ---------------------------------------------------------------------------------------------------- */ + +static GList * +get_users_in_group (PolkitIdentity *group, + gboolean include_root) +{ + gid_t gid; + struct group *grp; + GList *ret; + guint n; + + ret = NULL; + + gid = polkit_unix_group_get_gid (POLKIT_UNIX_GROUP (group)); + grp = getgrgid (gid); + if (grp == NULL) + { + g_warning ("Error looking up group with gid %d: %s", gid, g_strerror (errno)); + goto out; + } + + for (n = 0; grp->gr_mem != NULL && grp->gr_mem[n] != NULL; n++) + { + PolkitIdentity *user; + GError *error; + + if (!include_root && g_strcmp0 (grp->gr_mem[n], "root") == 0) + continue; + + error = NULL; + user = polkit_unix_user_new_for_name (grp->gr_mem[n], &error); + if (user == NULL) + { + g_warning ("Unknown username '%s' in group: %s", grp->gr_mem[n], error->message); + g_error_free (error); + } + else + { + ret = g_list_prepend (ret, user); + } + } + + ret = g_list_reverse (ret); + + out: + return ret; +} + +static GList * +get_users_in_net_group (PolkitIdentity *group, + gboolean include_root) +{ + const gchar *name; + GList *ret; + + ret = NULL; + name = polkit_unix_netgroup_get_name (POLKIT_UNIX_NETGROUP (group)); + + if (setnetgrent (name) == 0) + { + g_warning ("Error looking up net group with name %s: %s", name, g_strerror (errno)); + goto out; + } + + for (;;) + { + char *hostname, *username, *domainname; + PolkitIdentity *user; + GError *error = NULL; + + if (getnetgrent (&hostname, &username, &domainname) == 0) + break; + + /* Skip NULL entries since we never want to make everyone an admin + * Skip "-" entries which mean "no match ever" in netgroup land */ + if (username == NULL || g_strcmp0 (username, "-") == 0) + continue; + + /* TODO: Should we match on hostname? Maybe only allow "-" as a hostname + * for safety. */ + + user = polkit_unix_user_new_for_name (username, &error); + if (user == NULL) + { + g_warning ("Unknown username '%s' in unix-netgroup: %s", username, error->message); + g_error_free (error); + } + else + { + ret = g_list_prepend (ret, user); + } + } + + ret = g_list_reverse (ret); + + out: + endnetgrent (); + return ret; +} + + +static GList * +get_groups_for_user (PolkitIdentity *user) +{ + uid_t uid; + struct passwd *passwd; + GList *result; + gid_t groups[512]; + int num_groups = 512; + int n; + + result = NULL; + + /* TODO: it would be, uhm, good to cache this information */ + + uid = polkit_unix_user_get_uid (POLKIT_UNIX_USER (user)); + passwd = getpwuid (uid); + if (passwd == NULL) + { + g_warning ("No user with uid %d", uid); + goto out; + } + + /* TODO: should resize etc etc etc */ + + if (getgrouplist (passwd->pw_name, + passwd->pw_gid, + groups, + &num_groups) < 0) + { + g_warning ("Error looking up groups for uid %d: %s", uid, g_strerror (errno)); + goto out; + } + + for (n = 0; n < num_groups; n++) + result = g_list_prepend (result, polkit_unix_group_new (groups[n])); + + out: + + return result; +} + +/* ---------------------------------------------------------------------------------------------------- */ diff --git a/src/polkitbackend/polkitbackendlocalauthority.h b/src/polkitbackend/polkitbackendlocalauthority.h new file mode 100644 index 00000000..553da3b6 --- /dev/null +++ b/src/polkitbackend/polkitbackendlocalauthority.h @@ -0,0 +1,107 @@ +/* + * Copyright (C) 2008 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, write to the + * Free Software Foundation, Inc., 59 Temple Place, Suite 330, + * Boston, MA 02111-1307, USA. + * + * Author: David Zeuthen + */ + +#if !defined (_POLKIT_BACKEND_COMPILATION) && !defined(_POLKIT_BACKEND_INSIDE_POLKIT_BACKEND_H) +#error "Only can be included directly, this file may disappear or change contents." +#endif + +#ifndef __POLKIT_BACKEND_LOCAL_AUTHORITY_H +#define __POLKIT_BACKEND_LOCAL_AUTHORITY_H + +#include +#include +#include + +G_BEGIN_DECLS + +#define POLKIT_BACKEND_TYPE_LOCAL_AUTHORITY (polkit_backend_local_authority_get_type ()) +#define POLKIT_BACKEND_LOCAL_AUTHORITY(o) (G_TYPE_CHECK_INSTANCE_CAST ((o), POLKIT_BACKEND_TYPE_LOCAL_AUTHORITY, PolkitBackendLocalAuthority)) +#define POLKIT_BACKEND_LOCAL_AUTHORITY_CLASS(k) (G_TYPE_CHECK_CLASS_CAST ((k), POLKIT_BACKEND_TYPE_LOCAL_AUTHORITY, PolkitBackendLocalAuthorityClass)) +#define POLKIT_BACKEND_LOCAL_AUTHORITY_GET_CLASS(o) (G_TYPE_INSTANCE_GET_CLASS ((o), POLKIT_BACKEND_TYPE_LOCAL_AUTHORITY,PolkitBackendLocalAuthorityClass)) +#define POLKIT_BACKEND_IS_LOCAL_AUTHORITY(o) (G_TYPE_CHECK_INSTANCE_TYPE ((o), POLKIT_BACKEND_TYPE_LOCAL_AUTHORITY)) +#define POLKIT_BACKEND_IS_LOCAL_AUTHORITY_CLASS(k) (G_TYPE_CHECK_CLASS_TYPE ((k), POLKIT_BACKEND_TYPE_LOCAL_AUTHORITY)) + +typedef struct _PolkitBackendLocalAuthorityClass PolkitBackendLocalAuthorityClass; + +/** + * PolkitBackendLocalAuthority: + * + * The #PolkitBackendLocalAuthority struct should not be accessed directly. + */ +struct _PolkitBackendLocalAuthority +{ + /*< private >*/ + PolkitBackendInteractiveAuthority parent_instance; +}; + +/** + * PolkitBackendLocalAuthorityClass: + * @parent_class: The parent class. + * + * Class structure for #PolkitBackendLocalAuthority. + */ +struct _PolkitBackendLocalAuthorityClass +{ + /*< public >*/ + PolkitBackendInteractiveAuthorityClass parent_class; + + /*< private >*/ + /* Padding for future expansion */ + void (*_polkit_reserved1) (void); + void (*_polkit_reserved2) (void); + void (*_polkit_reserved3) (void); + void (*_polkit_reserved4) (void); + void (*_polkit_reserved5) (void); + void (*_polkit_reserved6) (void); + void (*_polkit_reserved7) (void); + void (*_polkit_reserved8) (void); + void (*_polkit_reserved9) (void); + void (*_polkit_reserved10) (void); + void (*_polkit_reserved11) (void); + void (*_polkit_reserved12) (void); + void (*_polkit_reserved13) (void); + void (*_polkit_reserved14) (void); + void (*_polkit_reserved15) (void); + void (*_polkit_reserved16) (void); + void (*_polkit_reserved17) (void); + void (*_polkit_reserved18) (void); + void (*_polkit_reserved19) (void); + void (*_polkit_reserved20) (void); + void (*_polkit_reserved21) (void); + void (*_polkit_reserved22) (void); + void (*_polkit_reserved23) (void); + void (*_polkit_reserved24) (void); + void (*_polkit_reserved25) (void); + void (*_polkit_reserved26) (void); + void (*_polkit_reserved27) (void); + void (*_polkit_reserved28) (void); + void (*_polkit_reserved29) (void); + void (*_polkit_reserved30) (void); + void (*_polkit_reserved31) (void); + void (*_polkit_reserved32) (void); +}; + +GType polkit_backend_local_authority_get_type (void) G_GNUC_CONST; + +G_END_DECLS + +#endif /* __POLKIT_BACKEND_LOCAL_AUTHORITY_H */ + diff --git a/src/polkitbackend/polkitbackendlocalauthorizationstore.c b/src/polkitbackend/polkitbackendlocalauthorizationstore.c new file mode 100644 index 00000000..2ddfe750 --- /dev/null +++ b/src/polkitbackend/polkitbackendlocalauthorizationstore.c @@ -0,0 +1,776 @@ +/* + * Copyright (C) 2008 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, write to the + * Free Software Foundation, Inc., 59 Temple Place, Suite 330, + * Boston, MA 02111-1307, USA. + * + * Author: David Zeuthen + */ + +#include "config.h" + +#include +#include +#include +#include "polkitbackendlocalauthorizationstore.h" + +/* + * SECTION:polkitbackendlocalauthorizationstore + * @title: PolkitBackendLocalAuthorizationStore + * @short_description: Watches a directory for authorization files + * + * #PolkitBackendLocalAuthorizationStore is a utility class to watch + * and read authorization files from a directory. + */ + +struct _PolkitBackendLocalAuthorizationStorePrivate +{ + GFile *directory; + gchar *extension; + + GFileMonitor *directory_monitor; + + /* List of LocalAuthorization objects */ + GList *authorizations; + + gboolean has_data; +}; + +enum +{ + PROP_0, + PROP_DIRECTORY, + PROP_EXTENSION, +}; + +enum +{ + CHANGED_SIGNAL, + LAST_SIGNAL, +}; + +static guint signals[LAST_SIGNAL] = {0}; + +static void polkit_backend_local_authorization_store_purge (PolkitBackendLocalAuthorizationStore *store); + +static void polkit_backend_local_authorization_store_ensure (PolkitBackendLocalAuthorizationStore *store); + +G_DEFINE_TYPE (PolkitBackendLocalAuthorizationStore, polkit_backend_local_authorization_store, G_TYPE_OBJECT); + +/* ---------------------------------------------------------------------------------------------------- */ + +typedef struct +{ + gchar *id; + + /* Identities with glob support */ + GList *identity_specs; + + /* Netgroup identity strings, which can not support glob syntax */ + GList *netgroup_identities; + + GList *action_specs; + + PolkitImplicitAuthorization result_any; + PolkitImplicitAuthorization result_inactive; + PolkitImplicitAuthorization result_active; + + GHashTable *return_value; +} LocalAuthorization; + +static void +local_authorization_free (LocalAuthorization *authorization) +{ + g_free (authorization->id); + g_list_foreach (authorization->identity_specs, (GFunc) g_pattern_spec_free, NULL); + g_list_free (authorization->identity_specs); + g_list_free_full (authorization->netgroup_identities, g_free); + g_list_foreach (authorization->action_specs, (GFunc) g_pattern_spec_free, NULL); + g_list_free (authorization->action_specs); + if (authorization->return_value != NULL) + g_hash_table_unref (authorization->return_value); + g_free (authorization); +} + + +static LocalAuthorization * +local_authorization_new (GKeyFile *key_file, + const gchar *filename, + const gchar *group, + GError **error) +{ + LocalAuthorization *authorization; + gchar **identity_strings; + gchar **action_strings; + gchar *result_any_string; + gchar *result_inactive_string; + gchar *result_active_string; + gchar **return_value_strings; + guint n; + + identity_strings = NULL; + action_strings = NULL; + result_any_string = NULL; + result_inactive_string = NULL; + result_active_string = NULL; + return_value_strings = NULL; + + authorization = g_new0 (LocalAuthorization, 1); + + identity_strings = g_key_file_get_string_list (key_file, + group, + "Identity", + NULL, + error); + if (identity_strings == NULL) + { + local_authorization_free (authorization); + authorization = NULL; + goto out; + } + for (n = 0; identity_strings[n] != NULL; n++) + { + /* Put netgroup entries in a seperate list from other identities who support glob syntax */ + if (g_str_has_prefix (identity_strings[n], "unix-netgroup:")) + authorization->netgroup_identities = g_list_prepend (authorization->netgroup_identities, + g_strdup (identity_strings[n] + sizeof "unix-netgroup:" - 1)); + else + authorization->identity_specs = g_list_prepend (authorization->identity_specs, + g_pattern_spec_new (identity_strings[n])); + } + + action_strings = g_key_file_get_string_list (key_file, + group, + "Action", + NULL, + error); + if (action_strings == NULL) + { + local_authorization_free (authorization); + authorization = NULL; + goto out; + } + for (n = 0; action_strings[n] != NULL; n++) + { + authorization->action_specs = g_list_prepend (authorization->action_specs, + g_pattern_spec_new (action_strings[n])); + } + + authorization->result_any = POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN; + authorization->result_inactive = POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN; + authorization->result_active = POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN; + + result_any_string = g_key_file_get_string (key_file, + group, + "ResultAny", + NULL); + if (result_any_string != NULL) + { + if (!polkit_implicit_authorization_from_string (result_any_string, + &authorization->result_any)) + { + g_set_error (error, + POLKIT_ERROR, + POLKIT_ERROR_FAILED, + "Cannot parse ResultAny string `%s'", result_any_string); + local_authorization_free (authorization); + authorization = NULL; + goto out; + } + } + + result_inactive_string = g_key_file_get_string (key_file, + group, + "ResultInactive", + NULL); + if (result_inactive_string != NULL) + { + if (!polkit_implicit_authorization_from_string (result_inactive_string, + &authorization->result_inactive)) + { + g_set_error (error, + POLKIT_ERROR, + POLKIT_ERROR_FAILED, + "Cannot parse ResultInactive string `%s'", result_inactive_string); + local_authorization_free (authorization); + authorization = NULL; + goto out; + } + } + + result_active_string = g_key_file_get_string (key_file, + group, + "ResultActive", + NULL); + if (result_active_string != NULL) + { + if (!polkit_implicit_authorization_from_string (result_active_string, + &authorization->result_active)) + { + g_set_error (error, + POLKIT_ERROR, + POLKIT_ERROR_FAILED, + "Cannot parse ResultActive string `%s'", result_active_string); + local_authorization_free (authorization); + authorization = NULL; + goto out; + } + } + + if (result_any_string == NULL && result_inactive_string == NULL && result_active_string == NULL) + { + g_set_error (error, + POLKIT_ERROR, + POLKIT_ERROR_FAILED, + "Must have at least one of ResultAny, ResultInactive and ResultActive"); + local_authorization_free (authorization); + authorization = NULL; + goto out; + } + + return_value_strings = g_key_file_get_string_list (key_file, + group, + "ReturnValue", + NULL, + error); + if (return_value_strings != NULL) + { + for (n = 0; return_value_strings[n] != NULL; n++) + { + gchar *p; + const gchar *key; + const gchar *value; + + p = strchr (return_value_strings[n], '='); + if (p == NULL) + { + g_warning ("Item `%s' in ReturnValue is malformed. Ignoring.", + return_value_strings[n]); + continue; + } + + *p = '\0'; + key = return_value_strings[n]; + value = p + 1; + + if (authorization->return_value == NULL) + { + authorization->return_value = g_hash_table_new_full (g_str_hash, + g_str_equal, + g_free, + g_free); + } + g_hash_table_insert (authorization->return_value, g_strdup (key), g_strdup (value)); + } + } + + authorization->id = g_strdup_printf ("%s::%s", filename, group); + + out: + g_strfreev (identity_strings); + g_free (action_strings); + g_free (result_any_string); + g_free (result_inactive_string); + g_free (result_active_string); + g_strfreev (return_value_strings); + return authorization; +} + +/* ---------------------------------------------------------------------------------------------------- */ + +static void +polkit_backend_local_authorization_store_init (PolkitBackendLocalAuthorizationStore *store) +{ + store->priv = G_TYPE_INSTANCE_GET_PRIVATE (store, + POLKIT_BACKEND_TYPE_LOCAL_AUTHORIZATION_STORE, + PolkitBackendLocalAuthorizationStorePrivate); +} + +static void +polkit_backend_local_authorization_store_finalize (GObject *object) +{ + PolkitBackendLocalAuthorizationStore *store = POLKIT_BACKEND_LOCAL_AUTHORIZATION_STORE (object); + + if (store->priv->directory != NULL) + g_object_unref (store->priv->directory); + g_free (store->priv->extension); + + if (store->priv->directory_monitor != NULL) + g_object_unref (store->priv->directory_monitor); + + g_list_foreach (store->priv->authorizations, (GFunc) local_authorization_free, NULL); + g_list_free (store->priv->authorizations); + + if (G_OBJECT_CLASS (polkit_backend_local_authorization_store_parent_class)->finalize != NULL) + G_OBJECT_CLASS (polkit_backend_local_authorization_store_parent_class)->finalize (object); +} + + +static void +polkit_backend_local_authorization_store_get_property (GObject *object, + guint prop_id, + GValue *value, + GParamSpec *pspec) +{ + PolkitBackendLocalAuthorizationStore *store = POLKIT_BACKEND_LOCAL_AUTHORIZATION_STORE (object); + + switch (prop_id) + { + case PROP_DIRECTORY: + g_value_set_object (value, store->priv->directory); + break; + + case PROP_EXTENSION: + g_value_set_string (value, store->priv->extension); + break; + + default: + G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); + break; + } +} + +static void +polkit_backend_local_authorization_store_set_property (GObject *object, + guint prop_id, + const GValue *value, + GParamSpec *pspec) +{ + PolkitBackendLocalAuthorizationStore *store = POLKIT_BACKEND_LOCAL_AUTHORIZATION_STORE (object); + + switch (prop_id) + { + case PROP_DIRECTORY: + store->priv->directory = g_value_dup_object (value); + break; + + case PROP_EXTENSION: + store->priv->extension = g_value_dup_string (value); + break; + + default: + G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec); + break; + } +} + +static void +directory_monitor_changed (GFileMonitor *monitor, + GFile *file, + GFile *other_file, + GFileMonitorEvent event_type, + gpointer user_data) +{ + PolkitBackendLocalAuthorizationStore *store; + + store = POLKIT_BACKEND_LOCAL_AUTHORIZATION_STORE (user_data); + + if (file != NULL) + { + gchar *name; + + name = g_file_get_basename (file); + + //g_debug ("event_type=%d file=%p name=%s", event_type, file, name); + + if (!g_str_has_prefix (name, ".") && + !g_str_has_prefix (name, "#") && + g_str_has_suffix (name, store->priv->extension) && + (event_type == G_FILE_MONITOR_EVENT_CREATED || + event_type == G_FILE_MONITOR_EVENT_DELETED || + event_type == G_FILE_MONITOR_EVENT_CHANGES_DONE_HINT)) + { + + //g_debug ("match"); + + /* now throw away all caches */ + polkit_backend_local_authorization_store_purge (store); + g_signal_emit_by_name (store, "changed"); + } + + g_free (name); + } +} + +static void +polkit_backend_local_authorization_store_constructed (GObject *object) +{ + PolkitBackendLocalAuthorizationStore *store = POLKIT_BACKEND_LOCAL_AUTHORIZATION_STORE (object); + GError *error; + + error = NULL; + store->priv->directory_monitor = g_file_monitor_directory (store->priv->directory, + G_FILE_MONITOR_NONE, + NULL, + &error); + if (store->priv->directory_monitor == NULL) + { + gchar *dir_name; + dir_name = g_file_get_uri (store->priv->directory); + g_warning ("Error monitoring directory %s: %s", dir_name, error->message); + g_free (dir_name); + g_error_free (error); + } + else + { + g_signal_connect (store->priv->directory_monitor, + "changed", + (GCallback) directory_monitor_changed, + store); + } + + if (G_OBJECT_CLASS (polkit_backend_local_authorization_store_parent_class)->constructed != NULL) + G_OBJECT_CLASS (polkit_backend_local_authorization_store_parent_class)->constructed (object); +} + +static void +polkit_backend_local_authorization_store_class_init (PolkitBackendLocalAuthorizationStoreClass *klass) +{ + GObjectClass *gobject_class; + + gobject_class = G_OBJECT_CLASS (klass); + + gobject_class->get_property = polkit_backend_local_authorization_store_get_property; + gobject_class->set_property = polkit_backend_local_authorization_store_set_property; + gobject_class->constructed = polkit_backend_local_authorization_store_constructed; + gobject_class->finalize = polkit_backend_local_authorization_store_finalize; + + g_type_class_add_private (klass, sizeof (PolkitBackendLocalAuthorizationStorePrivate)); + + /** + * PolkitBackendLocalAuthorizationStore:directory: + * + * The directory to watch for authorization files. + */ + g_object_class_install_property (gobject_class, + PROP_DIRECTORY, + g_param_spec_object ("directory", + "Directory", + "The directory to watch for configuration files", + G_TYPE_FILE, + G_PARAM_CONSTRUCT_ONLY | + G_PARAM_READWRITE | + G_PARAM_STATIC_NAME | + G_PARAM_STATIC_BLURB | + G_PARAM_STATIC_NICK)); + + /** + * PolkitBackendLocalAuthorizationStore:extension: + * + * The file extension for files to consider, e.g. .pkla. + */ + g_object_class_install_property (gobject_class, + PROP_EXTENSION, + g_param_spec_string ("extension", + "Extension", + "The extension of files to consider", + NULL, + G_PARAM_CONSTRUCT_ONLY | + G_PARAM_READWRITE | + G_PARAM_STATIC_NAME | + G_PARAM_STATIC_BLURB | + G_PARAM_STATIC_NICK)); + + /** + * PolkitBackendConfiguStore::changed: + * @store: A #PolkitBackendLocalAuthorizationStore. + * + * Emitted when configuration files in #PolkitBackendConfiguStore:directory changes. + */ + signals[CHANGED_SIGNAL] = g_signal_new ("changed", + POLKIT_BACKEND_TYPE_LOCAL_AUTHORIZATION_STORE, + G_SIGNAL_RUN_LAST, + G_STRUCT_OFFSET (PolkitBackendLocalAuthorizationStoreClass, changed), + NULL, + NULL, + g_cclosure_marshal_VOID__VOID, + G_TYPE_NONE, + 0); +} + +/** + * polkit_backend_local_authorization_store_new: + * @directory: The directory to watch. + * @extension: The extension of files to consider e.g. .pkla. + * + * Creates a new #PolkitBackendLocalAuthorizationStore object that + * reads authorizations from @directory with file extension + * @extension. To watch for configuration changes, connect to the + * #PolkitBackendLocalAuthorizationStore::changed signal. + * + * Returns: A #PolkitBackendLocalAuthorizationStore. Free with + * g_object_unref(). + **/ +PolkitBackendLocalAuthorizationStore * +polkit_backend_local_authorization_store_new (GFile *directory, + const gchar *extension) +{ + PolkitBackendLocalAuthorizationStore *store; + + store = POLKIT_BACKEND_LOCAL_AUTHORIZATION_STORE (g_object_new (POLKIT_BACKEND_TYPE_LOCAL_AUTHORIZATION_STORE, + "directory", directory, + "extension", extension, + NULL)); + + return store; +} + +static void +polkit_backend_local_authorization_store_purge (PolkitBackendLocalAuthorizationStore *store) +{ + gchar *path; + + path = g_file_get_path (store->priv->directory); + g_debug ("Dropping all .pkla caches for directory `%s'", path); + g_free (path); + + g_list_foreach (store->priv->authorizations, (GFunc) local_authorization_free, NULL); + g_list_free (store->priv->authorizations); + store->priv->authorizations = NULL; + + store->priv->has_data = FALSE; +} + +static void +polkit_backend_local_authorization_store_ensure (PolkitBackendLocalAuthorizationStore *store) +{ + GFileEnumerator *enumerator; + GFileInfo *file_info; + GError *error; + GList *files; + GList *l; + + files = NULL; + + if (store->priv->has_data) + goto out; + + polkit_backend_local_authorization_store_purge (store); + + error = NULL; + enumerator = g_file_enumerate_children (store->priv->directory, + "standard::name", + G_FILE_QUERY_INFO_NONE, + NULL, + &error); + if (enumerator == NULL) + { + gchar *dir_name; + dir_name = g_file_get_uri (store->priv->directory); + g_warning ("Error enumerating files in %s: %s", dir_name, error->message); + g_free (dir_name); + g_error_free (error); + goto out; + } + + while ((file_info = g_file_enumerator_next_file (enumerator, NULL, &error)) != NULL) + { + const gchar *name; + + name = g_file_info_get_name (file_info); + + /* only consider files with the appropriate extension */ + if (g_str_has_suffix (name, store->priv->extension) && name[0] != '.') + files = g_list_prepend (files, g_file_get_child (store->priv->directory, name)); + + g_object_unref (file_info); + } + g_object_unref (enumerator); + if (error != NULL) + { + g_warning ("Error enumerating files: %s", error->message); + g_error_free (error); + goto out; + } + + /* process files; highest priority comes first */ + for (l = files; l != NULL; l = l->next) + { + GFile *file = G_FILE (l->data); + gchar *filename; + GKeyFile *key_file; + + filename = g_file_get_path (file); + + key_file = g_key_file_new (); + + error = NULL; + if (!g_key_file_load_from_file (key_file, + filename, + G_KEY_FILE_NONE, + &error)) + { + g_warning ("Error loading key-file %s: %s", filename, error->message); + g_error_free (error); + error = NULL; + g_key_file_free (key_file); + } + else + { + gchar **groups; + guint n; + + groups = g_key_file_get_groups (key_file, NULL); + for (n = 0; groups[n] != NULL; n++) + { + LocalAuthorization *authorization; + + error = NULL; + authorization = local_authorization_new (key_file, filename, groups[n], &error); + if (authorization == NULL) + { + g_warning ("Error parsing group `%s' in file `%s': %s", + groups[n], + filename, + error->message); + g_error_free (error); + } + else + { + store->priv->authorizations = g_list_prepend (store->priv->authorizations, + authorization); + } + } + g_strfreev (groups); + + store->priv->authorizations = g_list_reverse (store->priv->authorizations); + + g_key_file_free (key_file); + } + + g_free (filename); + } + + store->priv->has_data = TRUE; + + out: + g_list_foreach (files, (GFunc) g_object_unref, NULL); + g_list_free (files); +} + +/** + * polkit_backend_local_authorization_store_lookup: + * @store: A #PolkitBackendLocalAuthorizationStore. + * @identity: The identity to check for. + * @action_id: The action id to check for. + * @details: Details for @action. + * @out_result_any: Return location for the result for any subjects if the look up matched. + * @out_result_inactive: Return location for the result for subjects in local inactive sessions if the look up matched. + * @out_result_active: Return location for the result for subjects in local active sessions if the look up matched. + * @out_details: %NULL or a #PolkitDetails object to append key/value pairs to on a positive match. + * + * Checks if an authorization entry from @store matches @identity, @action_id and @details. + * + * Returns: %TRUE if @store has an authorization entry that matches + * @identity, @action_id and @details. Otherwise %FALSE. + */ +gboolean +polkit_backend_local_authorization_store_lookup (PolkitBackendLocalAuthorizationStore *store, + PolkitIdentity *identity, + const gchar *action_id, + PolkitDetails *details, + PolkitImplicitAuthorization *out_result_any, + PolkitImplicitAuthorization *out_result_inactive, + PolkitImplicitAuthorization *out_result_active, + PolkitDetails *out_details) +{ + GList *l, *ll; + gboolean ret; + gchar *identity_string; + + g_return_val_if_fail (POLKIT_BACKEND_IS_LOCAL_AUTHORIZATION_STORE (store), FALSE); + g_return_val_if_fail (POLKIT_IS_IDENTITY (identity), FALSE); + g_return_val_if_fail (action_id != NULL, FALSE); + g_return_val_if_fail (POLKIT_IS_DETAILS (details), FALSE); + g_return_val_if_fail (out_result_any != NULL, FALSE); + g_return_val_if_fail (out_result_inactive != NULL, FALSE); + g_return_val_if_fail (out_result_active != NULL, FALSE); + + ret = FALSE; + identity_string = NULL; + + polkit_backend_local_authorization_store_ensure (store); + + for (l = store->priv->authorizations; l != NULL; l = l->next) + { + LocalAuthorization *authorization = l->data; + + /* first match the action */ + for (ll = authorization->action_specs; ll != NULL; ll = ll->next) + { + if (g_pattern_match_string ((GPatternSpec *) ll->data, action_id)) + break; + } + if (ll == NULL) + continue; + + /* then match the identity against identity specs */ + if (identity_string == NULL) + identity_string = polkit_identity_to_string (identity); + for (ll = authorization->identity_specs; ll != NULL; ll = ll->next) + { + if (g_pattern_match_string ((GPatternSpec *) ll->data, identity_string)) + break; + } + + /* if no identity specs matched and identity is a user, match against netgroups */ + if (ll == NULL && POLKIT_IS_UNIX_USER (identity)) + { + PolkitUnixUser *user_identity = POLKIT_UNIX_USER (identity); + const gchar *user_name = polkit_unix_user_get_name (user_identity); + if (!user_name) + continue; + + for (ll = authorization->netgroup_identities; ll != NULL; ll = ll->next) + { + if (innetgr ((const gchar *) ll->data, NULL, user_name, NULL)) + break; + } + } + + if (ll == NULL) + continue; + + /* Yay, a match! However, keep going since subsequent authorization entries may modify the result */ + *out_result_any = authorization->result_any; + *out_result_inactive = authorization->result_inactive; + *out_result_active = authorization->result_active; + ret = TRUE; + + if (out_details != NULL && authorization->return_value != NULL) + { + GHashTableIter iter; + const gchar *key; + const gchar *value; + + g_hash_table_iter_init (&iter, authorization->return_value); + while (g_hash_table_iter_next (&iter, (gpointer *) &key, (gpointer *) &value)) + { + polkit_details_insert (out_details, key, value); + } + } + +#if 0 + g_debug ("authorization with id `%s' matched action_id `%s' for identity `%s'", + authorization->id, + action_id, + polkit_identity_to_string (identity)); +#endif + } + + g_free (identity_string); + + return ret; +} diff --git a/src/polkitbackend/polkitbackendlocalauthorizationstore.h b/src/polkitbackend/polkitbackendlocalauthorizationstore.h new file mode 100644 index 00000000..c15d9a67 --- /dev/null +++ b/src/polkitbackend/polkitbackendlocalauthorizationstore.h @@ -0,0 +1,87 @@ +/* + * Copyright (C) 2008 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, write to the + * Free Software Foundation, Inc., 59 Temple Place, Suite 330, + * Boston, MA 02111-1307, USA. + * + * Author: David Zeuthen + */ + +#if !defined (_POLKIT_BACKEND_COMPILATION) || defined(_POLKIT_BACKEND_INSIDE_POLKIT_BACKEND_H) +#error "This is a private header file." +#endif + +#ifndef __POLKIT_BACKEND_LOCAL_AUTHORIZATION_STORE_H +#define __POLKIT_BACKEND_LOCAL_AUTHORIZATION_STORE_H + +#include +#include +#include + +G_BEGIN_DECLS + +#define POLKIT_BACKEND_TYPE_LOCAL_AUTHORIZATION_STORE (polkit_backend_local_authorization_store_get_type ()) +#define POLKIT_BACKEND_LOCAL_AUTHORIZATION_STORE(o) (G_TYPE_CHECK_INSTANCE_CAST ((o), POLKIT_BACKEND_TYPE_LOCAL_AUTHORIZATION_STORE, PolkitBackendLocalAuthorizationStore)) +#define POLKIT_BACKEND_LOCAL_AUTHORIZATION_STORE_CLASS(k) (G_TYPE_CHECK_CLASS_CAST ((k), POLKIT_BACKEND_TYPE_LOCAL_AUTHORIZATION_STORE, PolkitBackendLocalAuthorizationStoreClass)) +#define POLKIT_BACKEND_LOCAL_AUTHORIZATION_STORE_GET_CLASS(o) (G_TYPE_INSTANCE_GET_CLASS ((o), POLKIT_BACKEND_TYPE_LOCAL_AUTHORIZATION_STORE,PolkitBackendLocalAuthorizationStoreClass)) +#define POLKIT_BACKEND_IS_LOCAL_AUTHORIZATION_STORE(o) (G_TYPE_CHECK_INSTANCE_TYPE ((o), POLKIT_BACKEND_TYPE_LOCAL_AUTHORIZATION_STORE)) +#define POLKIT_BACKEND_IS_LOCAL_AUTHORIZATION_STORE_CLASS(k) (G_TYPE_CHECK_CLASS_TYPE ((k), POLKIT_BACKEND_TYPE_LOCAL_AUTHORIZATION_STORE)) + +typedef struct _PolkitBackendLocalAuthorizationStore PolkitBackendLocalAuthorizationStore; +typedef struct _PolkitBackendLocalAuthorizationStoreClass PolkitBackendLocalAuthorizationStoreClass; +typedef struct _PolkitBackendLocalAuthorizationStorePrivate PolkitBackendLocalAuthorizationStorePrivate; + +struct _PolkitBackendLocalAuthorizationStore +{ + GObject parent_instance; + PolkitBackendLocalAuthorizationStorePrivate *priv; +}; + +struct _PolkitBackendLocalAuthorizationStoreClass +{ + /*< public >*/ + GObjectClass parent_class; + + /* Signals */ + void (*changed) (PolkitBackendLocalAuthorizationStore *store); + + /*< private >*/ + /* Padding for future expansion */ + void (*_polkit_reserved1) (void); + void (*_polkit_reserved2) (void); + void (*_polkit_reserved3) (void); + void (*_polkit_reserved4) (void); + void (*_polkit_reserved5) (void); + void (*_polkit_reserved6) (void); + void (*_polkit_reserved7) (void); + void (*_polkit_reserved8) (void); +}; + +GType polkit_backend_local_authorization_store_get_type (void) G_GNUC_CONST; +PolkitBackendLocalAuthorizationStore *polkit_backend_local_authorization_store_new (GFile *directory, + const gchar *extension); +gboolean polkit_backend_local_authorization_store_lookup (PolkitBackendLocalAuthorizationStore *store, + PolkitIdentity *identity, + const gchar *action_id, + PolkitDetails *details, + PolkitImplicitAuthorization *out_result_any, + PolkitImplicitAuthorization *out_result_inactive, + PolkitImplicitAuthorization *out_result_active, + PolkitDetails *out_details); + +G_END_DECLS + +#endif /* __POLKIT_BACKEND_LOCAL_AUTHORIZATION_STORE_H */ + diff --git a/src/polkitbackend/polkitbackendprivate.h b/src/polkitbackend/polkitbackendprivate.h new file mode 100644 index 00000000..d6fcdbff --- /dev/null +++ b/src/polkitbackend/polkitbackendprivate.h @@ -0,0 +1,29 @@ +/* + * Copyright (C) 2008 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, write to the + * Free Software Foundation, Inc., 59 Temple Place, Suite 330, + * Boston, MA 02111-1307, USA. + * + * Author: David Zeuthen + */ + +#if !defined (_POLKIT_BACKEND_COMPILATION) || defined(_POLKIT_BACKEND_INSIDE_POLKIT_BACKEND_H) +#error "This is a private header file." +#endif + +#ifndef __POLKIT_BACKEND_PRIVATE_H +#define __POLKIT_BACKEND_PRIVATE_H + +#endif /* __POLKIT_BACKEND_PRIVATE_H */ diff --git a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c new file mode 100644 index 00000000..58593c32 --- /dev/null +++ b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c @@ -0,0 +1,414 @@ +/* + * Copyright (C) 2011 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, write to the + * Free Software Foundation, Inc., 59 Temple Place, Suite 330, + * Boston, MA 02111-1307, USA. + * + * Author: Matthias Clasen + */ + +#include "config.h" +#include +#include +#include +#include +#include +#include +#include + +#include +#include "polkitbackendsessionmonitor.h" + +/* + * SECTION:polkitbackendsessionmonitor + * @title: PolkitBackendSessionMonitor + * @short_description: Monitor sessions + * + * The #PolkitBackendSessionMonitor class is a utility class to track and monitor sessions. + */ + +typedef struct +{ + GSource source; + GPollFD pollfd; + sd_login_monitor *monitor; +} SdSource; + +static gboolean +sd_source_prepare (GSource *source, + gint *timeout) +{ + *timeout = -1; + return FALSE; +} + +static gboolean +sd_source_check (GSource *source) +{ + SdSource *sd_source = (SdSource *)source; + + return sd_source->pollfd.revents != 0; +} + +static gboolean +sd_source_dispatch (GSource *source, + GSourceFunc callback, + gpointer user_data) + +{ + SdSource *sd_source = (SdSource *)source; + gboolean ret; + + g_warn_if_fail (callback != NULL); + + ret = (*callback) (user_data); + + sd_login_monitor_flush (sd_source->monitor); + + return ret; +} + +static void +sd_source_finalize (GSource *source) +{ + SdSource *sd_source = (SdSource*)source; + + sd_login_monitor_unref (sd_source->monitor); +} + +static GSourceFuncs sd_source_funcs = { + sd_source_prepare, + sd_source_check, + sd_source_dispatch, + sd_source_finalize +}; + +static GSource * +sd_source_new (void) +{ + GSource *source; + SdSource *sd_source; + int ret; + + source = g_source_new (&sd_source_funcs, sizeof (SdSource)); + sd_source = (SdSource *)source; + + if ((ret = sd_login_monitor_new (NULL, &sd_source->monitor)) < 0) + { + g_printerr ("Error getting login monitor: %d", ret); + } + else + { + sd_source->pollfd.fd = sd_login_monitor_get_fd (sd_source->monitor); + sd_source->pollfd.events = G_IO_IN; + g_source_add_poll (source, &sd_source->pollfd); + } + + return source; +} + +struct _PolkitBackendSessionMonitor +{ + GObject parent_instance; + + GDBusConnection *system_bus; + + GSource *sd_source; +}; + +struct _PolkitBackendSessionMonitorClass +{ + GObjectClass parent_class; + + void (*changed) (PolkitBackendSessionMonitor *monitor); +}; + + +enum +{ + CHANGED_SIGNAL, + LAST_SIGNAL, +}; + +static guint signals[LAST_SIGNAL] = {0}; + +G_DEFINE_TYPE (PolkitBackendSessionMonitor, polkit_backend_session_monitor, G_TYPE_OBJECT); + +/* ---------------------------------------------------------------------------------------------------- */ + +static gboolean +sessions_changed (gpointer user_data) +{ + PolkitBackendSessionMonitor *monitor = POLKIT_BACKEND_SESSION_MONITOR (user_data); + + g_signal_emit (monitor, signals[CHANGED_SIGNAL], 0); + + return TRUE; +} + + +static void +polkit_backend_session_monitor_init (PolkitBackendSessionMonitor *monitor) +{ + GError *error; + + error = NULL; + monitor->system_bus = g_bus_get_sync (G_BUS_TYPE_SYSTEM, NULL, &error); + if (monitor->system_bus == NULL) + { + g_printerr ("Error getting system bus: %s", error->message); + g_error_free (error); + } + + monitor->sd_source = sd_source_new (); + g_source_set_callback (monitor->sd_source, sessions_changed, monitor, NULL); + g_source_attach (monitor->sd_source, NULL); +} + +static void +polkit_backend_session_monitor_finalize (GObject *object) +{ + PolkitBackendSessionMonitor *monitor = POLKIT_BACKEND_SESSION_MONITOR (object); + + if (monitor->system_bus != NULL) + g_object_unref (monitor->system_bus); + + if (monitor->sd_source != NULL) + { + g_source_destroy (monitor->sd_source); + g_source_unref (monitor->sd_source); + } + + if (G_OBJECT_CLASS (polkit_backend_session_monitor_parent_class)->finalize != NULL) + G_OBJECT_CLASS (polkit_backend_session_monitor_parent_class)->finalize (object); +} + +static void +polkit_backend_session_monitor_class_init (PolkitBackendSessionMonitorClass *klass) +{ + GObjectClass *gobject_class; + + gobject_class = G_OBJECT_CLASS (klass); + + gobject_class->finalize = polkit_backend_session_monitor_finalize; + + /** + * PolkitBackendSessionMonitor::changed: + * @monitor: A #PolkitBackendSessionMonitor + * + * Emitted when something changes. + */ + signals[CHANGED_SIGNAL] = g_signal_new ("changed", + POLKIT_BACKEND_TYPE_SESSION_MONITOR, + G_SIGNAL_RUN_LAST, + G_STRUCT_OFFSET (PolkitBackendSessionMonitorClass, changed), + NULL, /* accumulator */ + NULL, /* accumulator data */ + g_cclosure_marshal_VOID__VOID, + G_TYPE_NONE, + 0); +} + +PolkitBackendSessionMonitor * +polkit_backend_session_monitor_new (void) +{ + PolkitBackendSessionMonitor *monitor; + + monitor = POLKIT_BACKEND_SESSION_MONITOR (g_object_new (POLKIT_BACKEND_TYPE_SESSION_MONITOR, NULL)); + + return monitor; +} + +/* ---------------------------------------------------------------------------------------------------- */ + +GList * +polkit_backend_session_monitor_get_sessions (PolkitBackendSessionMonitor *monitor) +{ + /* TODO */ + return NULL; +} + +/* ---------------------------------------------------------------------------------------------------- */ + +/** + * polkit_backend_session_monitor_get_user: + * @monitor: A #PolkitBackendSessionMonitor. + * @subject: A #PolkitSubject. + * @error: Return location for error. + * + * Gets the user corresponding to @subject or %NULL if no user exists. + * + * Returns: %NULL if @error is set otherwise a #PolkitUnixUser that should be freed with g_object_unref(). + */ +PolkitIdentity * +polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor *monitor, + PolkitSubject *subject, + GError **error) +{ + PolkitIdentity *ret; + guint32 uid; + + ret = NULL; + + if (POLKIT_IS_UNIX_PROCESS (subject)) + { + uid = polkit_unix_process_get_uid (POLKIT_UNIX_PROCESS (subject)); + if ((gint) uid == -1) + { + g_set_error (error, + POLKIT_ERROR, + POLKIT_ERROR_FAILED, + "Unix process subject does not have uid set"); + goto out; + } + ret = polkit_unix_user_new (uid); + } + else if (POLKIT_IS_SYSTEM_BUS_NAME (subject)) + { + GVariant *result; + + result = g_dbus_connection_call_sync (monitor->system_bus, + "org.freedesktop.DBus", + "/org/freedesktop/DBus", + "org.freedesktop.DBus", + "GetConnectionUnixUser", + g_variant_new ("(s)", polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (subject))), + G_VARIANT_TYPE ("(u)"), + G_DBUS_CALL_FLAGS_NONE, + -1, /* timeout_msec */ + NULL, /* GCancellable */ + error); + if (result == NULL) + goto out; + g_variant_get (result, "(u)", &uid); + g_variant_unref (result); + + ret = polkit_unix_user_new (uid); + } + else if (POLKIT_IS_UNIX_SESSION (subject)) + { + + if (sd_session_get_uid (polkit_unix_session_get_session_id (POLKIT_UNIX_SESSION (subject)), &uid) < 0) + { + g_set_error (error, + POLKIT_ERROR, + POLKIT_ERROR_FAILED, + "Error getting uid for session"); + goto out; + } + + ret = polkit_unix_user_new (uid); + } + + out: + return ret; +} + +/** + * polkit_backend_session_monitor_get_session_for_subject: + * @monitor: A #PolkitBackendSessionMonitor. + * @subject: A #PolkitSubject. + * @error: Return location for error. + * + * Gets the session corresponding to @subject or %NULL if no session exists. + * + * Returns: %NULL if @error is set otherwise a #PolkitUnixSession that should be freed with g_object_unref(). + */ +PolkitSubject * +polkit_backend_session_monitor_get_session_for_subject (PolkitBackendSessionMonitor *monitor, + PolkitSubject *subject, + GError **error) +{ + PolkitSubject *session; + + session = NULL; + + if (POLKIT_IS_UNIX_PROCESS (subject)) + { + gchar *session_id; + pid_t pid; + + pid = polkit_unix_process_get_pid (POLKIT_UNIX_PROCESS (subject)); + if (sd_pid_get_session (pid, &session_id) < 0) + goto out; + + session = polkit_unix_session_new (session_id); + free (session_id); + } + else if (POLKIT_IS_SYSTEM_BUS_NAME (subject)) + { + guint32 pid; + gchar *session_id; + GVariant *result; + + result = g_dbus_connection_call_sync (monitor->system_bus, + "org.freedesktop.DBus", + "/org/freedesktop/DBus", + "org.freedesktop.DBus", + "GetConnectionUnixProcessID", + g_variant_new ("(s)", polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (subject))), + G_VARIANT_TYPE ("(u)"), + G_DBUS_CALL_FLAGS_NONE, + -1, /* timeout_msec */ + NULL, /* GCancellable */ + error); + if (result == NULL) + goto out; + g_variant_get (result, "(u)", &pid); + g_variant_unref (result); + + if (sd_pid_get_session (pid, &session_id) < 0) + goto out; + + session = polkit_unix_session_new (session_id); + free (session_id); + } + else + { + g_set_error (error, + POLKIT_ERROR, + POLKIT_ERROR_NOT_SUPPORTED, + "Cannot get user for subject of type %s", + g_type_name (G_TYPE_FROM_INSTANCE (subject))); + } + + out: + + return session; +} + +gboolean +polkit_backend_session_monitor_is_session_local (PolkitBackendSessionMonitor *monitor, + PolkitSubject *session) +{ + char *seat; + + if (!sd_session_get_seat (polkit_unix_session_get_session_id (POLKIT_UNIX_SESSION (session)), &seat)) + { + free (seat); + return TRUE; + } + + return FALSE; +} + + +gboolean +polkit_backend_session_monitor_is_session_active (PolkitBackendSessionMonitor *monitor, + PolkitSubject *session) +{ + return sd_session_is_active (polkit_unix_session_get_session_id (POLKIT_UNIX_SESSION (session))); +} + diff --git a/src/polkitbackend/polkitbackendsessionmonitor.c b/src/polkitbackend/polkitbackendsessionmonitor.c new file mode 100644 index 00000000..9c331b64 --- /dev/null +++ b/src/polkitbackend/polkitbackendsessionmonitor.c @@ -0,0 +1,503 @@ +/* + * Copyright (C) 2008 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, write to the + * Free Software Foundation, Inc., 59 Temple Place, Suite 330, + * Boston, MA 02111-1307, USA. + * + * Author: David Zeuthen + */ + +#include "config.h" +#include +#include +#include +#include +#include + +#include +#include "polkitbackendsessionmonitor.h" + +#define CKDB_PATH "/var/run/ConsoleKit/database" + +/* + * SECTION:polkitbackendsessionmonitor + * @title: PolkitBackendSessionMonitor + * @short_description: Monitor sessions + * + * The #PolkitBackendSessionMonitor class is a utility class to track and monitor sessions. + */ + +struct _PolkitBackendSessionMonitor +{ + GObject parent_instance; + + GDBusConnection *system_bus; + + GKeyFile *database; + GFileMonitor *database_monitor; + time_t database_mtime; +}; + +struct _PolkitBackendSessionMonitorClass +{ + GObjectClass parent_class; + + void (*changed) (PolkitBackendSessionMonitor *monitor); +}; + + +enum +{ + CHANGED_SIGNAL, + LAST_SIGNAL, +}; + +static guint signals[LAST_SIGNAL] = {0}; + +G_DEFINE_TYPE (PolkitBackendSessionMonitor, polkit_backend_session_monitor, G_TYPE_OBJECT); + +/* ---------------------------------------------------------------------------------------------------- */ + +static gboolean +reload_database (PolkitBackendSessionMonitor *monitor, + GError **error) +{ + gboolean ret; + struct stat statbuf; + + ret = FALSE; + + if (monitor->database != NULL) + { + g_key_file_free (monitor->database); + monitor->database = NULL; + } + + if (stat (CKDB_PATH, &statbuf) != 0) + { + g_set_error (error, + G_IO_ERROR, + g_io_error_from_errno (errno), + "Error statting file " CKDB_PATH ": %s", + strerror (errno)); + goto out; + } + + monitor->database_mtime = statbuf.st_mtime; + + monitor->database = g_key_file_new (); + if (!g_key_file_load_from_file (monitor->database, + CKDB_PATH, + G_KEY_FILE_NONE, + error)) + { + goto out; + } + + ret = TRUE; + + out: + return ret; +} + +static gboolean +ensure_database (PolkitBackendSessionMonitor *monitor, + GError **error) +{ + gboolean ret = FALSE; + + if (monitor->database != NULL) + { + struct stat statbuf; + + if (stat (CKDB_PATH, &statbuf) != 0) + { + g_set_error (error, + G_IO_ERROR, + g_io_error_from_errno (errno), + "Error statting file " CKDB_PATH " to check timestamp: %s", + strerror (errno)); + goto out; + } + if (statbuf.st_mtime == monitor->database_mtime) + { + ret = TRUE; + goto out; + } + } + + ret = reload_database (monitor, error); + + out: + return ret; +} + +static void +on_file_monitor_changed (GFileMonitor *file_monitor, + GFile *file, + GFile *other_file, + GFileMonitorEvent event_type, + gpointer user_data) +{ + PolkitBackendSessionMonitor *monitor = POLKIT_BACKEND_SESSION_MONITOR (user_data); + + /* throw away cache */ + if (monitor->database != NULL) + { + g_key_file_free (monitor->database); + monitor->database = NULL; + } + g_signal_emit (monitor, signals[CHANGED_SIGNAL], 0); +} + +static void +polkit_backend_session_monitor_init (PolkitBackendSessionMonitor *monitor) +{ + GError *error; + GFile *file; + + error = NULL; + monitor->system_bus = g_bus_get_sync (G_BUS_TYPE_SYSTEM, NULL, &error); + if (monitor->system_bus == NULL) + { + g_printerr ("Error getting system bus: %s", error->message); + g_error_free (error); + } + + error = NULL; + if (!ensure_database (monitor, &error)) + { + g_printerr ("Error loading " CKDB_PATH ": %s", error->message); + g_error_free (error); + } + + error = NULL; + file = g_file_new_for_path (CKDB_PATH); + monitor->database_monitor = g_file_monitor_file (file, + G_FILE_MONITOR_NONE, + NULL, + &error); + g_object_unref (file); + if (monitor->database_monitor == NULL) + { + g_printerr ("Error monitoring " CKDB_PATH ": %s", error->message); + g_error_free (error); + } + else + { + g_signal_connect (monitor->database_monitor, + "changed", + G_CALLBACK (on_file_monitor_changed), + monitor); + } +} + +static void +polkit_backend_session_monitor_finalize (GObject *object) +{ + PolkitBackendSessionMonitor *monitor = POLKIT_BACKEND_SESSION_MONITOR (object); + + if (monitor->system_bus != NULL) + g_object_unref (monitor->system_bus); + + if (monitor->database_monitor != NULL) + g_object_unref (monitor->database_monitor); + + if (monitor->database != NULL) + g_key_file_free (monitor->database); + + if (G_OBJECT_CLASS (polkit_backend_session_monitor_parent_class)->finalize != NULL) + G_OBJECT_CLASS (polkit_backend_session_monitor_parent_class)->finalize (object); +} + +static void +polkit_backend_session_monitor_class_init (PolkitBackendSessionMonitorClass *klass) +{ + GObjectClass *gobject_class; + + gobject_class = G_OBJECT_CLASS (klass); + + gobject_class->finalize = polkit_backend_session_monitor_finalize; + + /** + * PolkitBackendSessionMonitor::changed: + * @monitor: A #PolkitBackendSessionMonitor + * + * Emitted when something changes. + */ + signals[CHANGED_SIGNAL] = g_signal_new ("changed", + POLKIT_BACKEND_TYPE_SESSION_MONITOR, + G_SIGNAL_RUN_LAST, + G_STRUCT_OFFSET (PolkitBackendSessionMonitorClass, changed), + NULL, /* accumulator */ + NULL, /* accumulator data */ + g_cclosure_marshal_VOID__VOID, + G_TYPE_NONE, + 0); +} + +PolkitBackendSessionMonitor * +polkit_backend_session_monitor_new (void) +{ + PolkitBackendSessionMonitor *monitor; + + monitor = POLKIT_BACKEND_SESSION_MONITOR (g_object_new (POLKIT_BACKEND_TYPE_SESSION_MONITOR, NULL)); + + return monitor; +} + +/* ---------------------------------------------------------------------------------------------------- */ + +GList * +polkit_backend_session_monitor_get_sessions (PolkitBackendSessionMonitor *monitor) +{ + /* TODO */ + return NULL; +} + +/* ---------------------------------------------------------------------------------------------------- */ + +/** + * polkit_backend_session_monitor_get_user: + * @monitor: A #PolkitBackendSessionMonitor. + * @subject: A #PolkitSubject. + * @error: Return location for error. + * + * Gets the user corresponding to @subject or %NULL if no user exists. + * + * Returns: %NULL if @error is set otherwise a #PolkitUnixUser that should be freed with g_object_unref(). + */ +PolkitIdentity * +polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor *monitor, + PolkitSubject *subject, + GError **error) +{ + PolkitIdentity *ret; + GError *local_error; + gchar *group; + guint32 uid; + + ret = NULL; + + if (POLKIT_IS_UNIX_PROCESS (subject)) + { + uid = polkit_unix_process_get_uid (POLKIT_UNIX_PROCESS (subject)); + if ((gint) uid == -1) + { + g_set_error (error, + POLKIT_ERROR, + POLKIT_ERROR_FAILED, + "Unix process subject does not have uid set"); + goto out; + } + ret = polkit_unix_user_new (uid); + } + else if (POLKIT_IS_SYSTEM_BUS_NAME (subject)) + { + GVariant *result; + + result = g_dbus_connection_call_sync (monitor->system_bus, + "org.freedesktop.DBus", + "/org/freedesktop/DBus", + "org.freedesktop.DBus", + "GetConnectionUnixUser", + g_variant_new ("(s)", polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (subject))), + G_VARIANT_TYPE ("(u)"), + G_DBUS_CALL_FLAGS_NONE, + -1, /* timeout_msec */ + NULL, /* GCancellable */ + error); + if (result == NULL) + goto out; + g_variant_get (result, "(u)", &uid); + g_variant_unref (result); + + ret = polkit_unix_user_new (uid); + } + else if (POLKIT_IS_UNIX_SESSION (subject)) + { + if (!ensure_database (monitor, error)) + { + g_prefix_error (error, "Error getting user for session: Error ensuring CK database at " CKDB_PATH ": "); + goto out; + } + + group = g_strdup_printf ("Session %s", polkit_unix_session_get_session_id (POLKIT_UNIX_SESSION (subject))); + local_error = NULL; + uid = g_key_file_get_integer (monitor->database, group, "uid", &local_error); + if (local_error != NULL) + { + g_propagate_prefixed_error (error, local_error, "Error getting uid using " CKDB_PATH ": "); + g_free (group); + goto out; + } + g_free (group); + + ret = polkit_unix_user_new (uid); + } + + out: + return ret; +} + +/** + * polkit_backend_session_monitor_get_session_for_subject: + * @monitor: A #PolkitBackendSessionMonitor. + * @subject: A #PolkitSubject. + * @error: Return location for error. + * + * Gets the session corresponding to @subject or %NULL if no session exists. + * + * Returns: %NULL if @error is set otherwise a #PolkitUnixSession that should be freed with g_object_unref(). + */ +PolkitSubject * +polkit_backend_session_monitor_get_session_for_subject (PolkitBackendSessionMonitor *monitor, + PolkitSubject *subject, + GError **error) +{ + PolkitSubject *session; + + session = NULL; + + if (POLKIT_IS_UNIX_PROCESS (subject)) + { + const gchar *session_id; + GVariant *result; + result = g_dbus_connection_call_sync (monitor->system_bus, + "org.freedesktop.ConsoleKit", + "/org/freedesktop/ConsoleKit/Manager", + "org.freedesktop.ConsoleKit.Manager", + "GetSessionForUnixProcess", + g_variant_new ("(u)", polkit_unix_process_get_pid (POLKIT_UNIX_PROCESS (subject))), + G_VARIANT_TYPE ("(o)"), + G_DBUS_CALL_FLAGS_NONE, + -1, /* timeout_msec */ + NULL, /* GCancellable */ + error); + if (result == NULL) + goto out; + g_variant_get (result, "(&o)", &session_id); + session = polkit_unix_session_new (session_id); + g_variant_unref (result); + } + else if (POLKIT_IS_SYSTEM_BUS_NAME (subject)) + { + guint32 pid; + const gchar *session_id; + GVariant *result; + + result = g_dbus_connection_call_sync (monitor->system_bus, + "org.freedesktop.DBus", + "/org/freedesktop/DBus", + "org.freedesktop.DBus", + "GetConnectionUnixProcessID", + g_variant_new ("(s)", polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (subject))), + G_VARIANT_TYPE ("(u)"), + G_DBUS_CALL_FLAGS_NONE, + -1, /* timeout_msec */ + NULL, /* GCancellable */ + error); + if (result == NULL) + goto out; + g_variant_get (result, "(u)", &pid); + g_variant_unref (result); + + result = g_dbus_connection_call_sync (monitor->system_bus, + "org.freedesktop.ConsoleKit", + "/org/freedesktop/ConsoleKit/Manager", + "org.freedesktop.ConsoleKit.Manager", + "GetSessionForUnixProcess", + g_variant_new ("(u)", pid), + G_VARIANT_TYPE ("(o)"), + G_DBUS_CALL_FLAGS_NONE, + -1, /* timeout_msec */ + NULL, /* GCancellable */ + error); + if (result == NULL) + goto out; + g_variant_get (result, "(&o)", &session_id); + session = polkit_unix_session_new (session_id); + g_variant_unref (result); + } + else + { + g_set_error (error, + POLKIT_ERROR, + POLKIT_ERROR_NOT_SUPPORTED, + "Cannot get user for subject of type %s", + g_type_name (G_TYPE_FROM_INSTANCE (subject))); + } + + out: + + return session; +} + +static gboolean +get_boolean (PolkitBackendSessionMonitor *monitor, + PolkitSubject *session, + const gchar *key_name) +{ + gboolean ret; + gchar *group; + GError *error; + + ret = FALSE; + + group = g_strdup_printf ("Session %s", polkit_unix_session_get_session_id (POLKIT_UNIX_SESSION (session))); + + error = NULL; + if (!ensure_database (monitor, &error)) + { + g_printerr ("Error getting boolean `%s' in group `%s': Error ensuring CK database at " CKDB_PATH ": %s", + key_name, + group, + error->message); + g_error_free (error); + goto out; + } + + error = NULL; + ret = g_key_file_get_boolean (monitor->database, group, key_name, &error); + if (error != NULL) + { + g_printerr ("Error looking %s using " CKDB_PATH " for %s: %s\n", + key_name, + group, + error->message); + g_error_free (error); + goto out; + } + + out: + g_free (group); + return ret; +} + +gboolean +polkit_backend_session_monitor_is_session_local (PolkitBackendSessionMonitor *monitor, + PolkitSubject *session) +{ + return get_boolean (monitor, session, "is_local"); +} + + +gboolean +polkit_backend_session_monitor_is_session_active (PolkitBackendSessionMonitor *monitor, + PolkitSubject *session) +{ + return get_boolean (monitor, session, "is_active"); +} + diff --git a/src/polkitbackend/polkitbackendsessionmonitor.h b/src/polkitbackend/polkitbackendsessionmonitor.h new file mode 100644 index 00000000..8f8a2cae --- /dev/null +++ b/src/polkitbackend/polkitbackendsessionmonitor.h @@ -0,0 +1,65 @@ +/* + * Copyright (C) 2008 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, write to the + * Free Software Foundation, Inc., 59 Temple Place, Suite 330, + * Boston, MA 02111-1307, USA. + * + * Author: David Zeuthen + */ + +#if !defined (_POLKIT_BACKEND_COMPILATION) || defined(_POLKIT_BACKEND_INSIDE_POLKIT_BACKEND_H) +#error "This is a private header file." +#endif + +#ifndef __POLKIT_BACKEND_SESSION_MONITOR_H +#define __POLKIT_BACKEND_SESSION_MONITOR_H + +#include +#include + +G_BEGIN_DECLS + +#define POLKIT_BACKEND_TYPE_SESSION_MONITOR (polkit_backend_session_monitor_get_type ()) +#define POLKIT_BACKEND_SESSION_MONITOR(o) (G_TYPE_CHECK_INSTANCE_CAST ((o), POLKIT_BACKEND_TYPE_SESSION_MONITOR, PolkitBackendSessionMonitor)) +#define POLKIT_BACKEND_SESSION_MONITOR_CLASS(k) (G_TYPE_CHECK_CLASS_CAST ((k), POLKIT_BACKEND_TYPE_SESSION_MONITOR, PolkitBackendSessionMonitorClass)) +#define POLKIT_BACKEND_SESSION_MONITOR_GET_CLASS(o) (G_TYPE_INSTANCE_GET_CLASS ((o), POLKIT_BACKEND_TYPE_SESSION_MONITOR,PolkitBackendSessionMonitorClass)) +#define POLKIT_BACKEND_IS_SESSION_MONITOR(o) (G_TYPE_CHECK_INSTANCE_TYPE ((o), POLKIT_BACKEND_TYPE_SESSION_MONITOR)) +#define POLKIT_BACKEND_IS_SESSION_MONITOR_CLASS(k) (G_TYPE_CHECK_CLASS_TYPE ((k), POLKIT_BACKEND_TYPE_SESSION_MONITOR)) + +typedef struct _PolkitBackendSessionMonitor PolkitBackendSessionMonitor; +typedef struct _PolkitBackendSessionMonitorClass PolkitBackendSessionMonitorClass; + +GType polkit_backend_session_monitor_get_type (void) G_GNUC_CONST; +PolkitBackendSessionMonitor *polkit_backend_session_monitor_new (void); +GList *polkit_backend_session_monitor_get_sessions (PolkitBackendSessionMonitor *monitor); + +PolkitIdentity *polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor *monitor, + PolkitSubject *subject, + GError **error); + +PolkitSubject *polkit_backend_session_monitor_get_session_for_subject (PolkitBackendSessionMonitor *monitor, + PolkitSubject *subject, + GError **error); + +gboolean polkit_backend_session_monitor_is_session_local (PolkitBackendSessionMonitor *monitor, + PolkitSubject *session); + +gboolean polkit_backend_session_monitor_is_session_active (PolkitBackendSessionMonitor *monitor, + PolkitSubject *session); + +G_END_DECLS + +#endif /* __POLKIT_BACKEND_SESSION_MONITOR_H */ + diff --git a/src/polkitbackend/polkitbackendtypes.h b/src/polkitbackend/polkitbackendtypes.h new file mode 100644 index 00000000..d06f62a5 --- /dev/null +++ b/src/polkitbackend/polkitbackendtypes.h @@ -0,0 +1,40 @@ +/* + * Copyright (C) 2008 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, write to the + * Free Software Foundation, Inc., 59 Temple Place, Suite 330, + * Boston, MA 02111-1307, USA. + * + * Author: David Zeuthen + */ + +#ifndef __POLKIT_BACKEND_TYPES_H +#define __POLKIT_BACKEND_TYPES_H + +#include + +struct _PolkitBackendActionLookup; +typedef struct _PolkitBackendActionLookup PolkitBackendActionLookup; /* Dummy typedef */ + +struct _PolkitBackendAuthority; +typedef struct _PolkitBackendAuthority PolkitBackendAuthority; + +struct _PolkitBackendInteractiveAuthority; +typedef struct _PolkitBackendInteractiveAuthority PolkitBackendInteractiveAuthority; + +struct _PolkitBackendLocalAuthority; +typedef struct _PolkitBackendLocalAuthority PolkitBackendLocalAuthority; + +#endif /* __POLKIT_BACKEND_TYPES_H */ + diff --git a/src/polkitd/Makefile.am b/src/polkitd/Makefile.am new file mode 100644 index 00000000..5ea3e95f --- /dev/null +++ b/src/polkitd/Makefile.am @@ -0,0 +1,40 @@ +NULL = + +INCLUDES = \ + -I$(top_builddir)/src \ + -I$(top_srcdir)/src \ + -DPACKAGE_LIBEXEC_DIR=\""$(libexecdir)"\" \ + -DPACKAGE_SYSCONF_DIR=\""$(sysconfdir)"\" \ + -DPACKAGE_DATA_DIR=\""$(datadir)"\" \ + -DPACKAGE_BIN_DIR=\""$(bindir)"\" \ + -DPACKAGE_LOCALSTATE_DIR=\""$(localstatedir)"\" \ + -DPACKAGE_LOCALE_DIR=\""$(localedir)"\" \ + -DPACKAGE_LIB_DIR=\""$(libdir)"\" \ + -D_POSIX_PTHREAD_SEMANTICS \ + -D_REENTRANT \ + $(NULL) + +libexec_PROGRAMS = polkitd + +polkitd_SOURCES = \ + main.c \ + gposixsignal.h gposixsignal.c \ + $(NULL) + +polkitd_CFLAGS = \ + -DPOLKIT_BACKEND_I_KNOW_API_IS_SUBJECT_TO_CHANGE \ + -DG_LOG_DOMAIN=\"polkitd-1\" \ + $(GLIB_CFLAGS) \ + $(NULL) + +polkitd_LDADD = \ + $(DBUS_GLIB_LIBS) \ + $(GLIB_LIBS) \ + $(top_builddir)/src/polkit/libpolkit-gobject-1.la \ + $(top_builddir)/src/polkitbackend/libpolkit-backend-1.la \ + $(NULL) + +CLEANFILES = $(BUILT_SOURCES) + +clean-local : + rm -f *~ diff --git a/src/polkitd/Makefile.in b/src/polkitd/Makefile.in new file mode 100644 index 00000000..04ee6a24 --- /dev/null +++ b/src/polkitd/Makefile.in @@ -0,0 +1,669 @@ +# Makefile.in generated by automake 1.11.3 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software +# Foundation, Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +VPATH = @srcdir@ +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +libexec_PROGRAMS = polkitd$(EXEEXT) +subdir = src/polkitd +DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/config.h +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +am__installdirs = "$(DESTDIR)$(libexecdir)" +PROGRAMS = $(libexec_PROGRAMS) +am__objects_1 = +am_polkitd_OBJECTS = polkitd-main.$(OBJEXT) \ + polkitd-gposixsignal.$(OBJEXT) $(am__objects_1) +polkitd_OBJECTS = $(am_polkitd_OBJECTS) +am__DEPENDENCIES_1 = +polkitd_DEPENDENCIES = $(am__DEPENDENCIES_1) \ + $(top_builddir)/src/polkit/libpolkit-gobject-1.la \ + $(top_builddir)/src/polkitbackend/libpolkit-backend-1.la \ + $(am__DEPENDENCIES_1) +AM_V_lt = $(am__v_lt_@AM_V@) +am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) +am__v_lt_0 = --silent +polkitd_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(polkitd_CFLAGS) \ + $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ +DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ + $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ + $(AM_CFLAGS) $(CFLAGS) +AM_V_CC = $(am__v_CC_@AM_V@) +am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) +am__v_CC_0 = @echo " CC " $@; +AM_V_at = $(am__v_at_@AM_V@) +am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) +am__v_at_0 = @ +CCLD = $(CC) +LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(AM_LDFLAGS) $(LDFLAGS) -o $@ +AM_V_CCLD = $(am__v_CCLD_@AM_V@) +am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) +am__v_CCLD_0 = @echo " CCLD " $@; +AM_V_GEN = $(am__v_GEN_@AM_V@) +am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) +am__v_GEN_0 = @echo " GEN " $@; +SOURCES = $(polkitd_SOURCES) +DIST_SOURCES = $(polkitd_SOURCES) +ETAGS = etags +CTAGS = ctags +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +ALL_LINGUAS = @ALL_LINGUAS@ +AMTAR = @AMTAR@ +AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ +AR = @AR@ +AUTH_LIBS = @AUTH_LIBS@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +CATALOGS = @CATALOGS@ +CATOBJEXT = @CATOBJEXT@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DATADIRNAME = @DATADIRNAME@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +EXPAT_LIBS = @EXPAT_LIBS@ +FGREP = @FGREP@ +GETTEXT_PACKAGE = @GETTEXT_PACKAGE@ +GLIB_CFLAGS = @GLIB_CFLAGS@ +GLIB_LIBS = @GLIB_LIBS@ +GMOFILES = @GMOFILES@ +GMSGFMT = @GMSGFMT@ +GREP = @GREP@ +GTKDOC_CHECK = @GTKDOC_CHECK@ +GTKDOC_DEPS_CFLAGS = @GTKDOC_DEPS_CFLAGS@ +GTKDOC_DEPS_LIBS = @GTKDOC_DEPS_LIBS@ +GTKDOC_MKPDF = @GTKDOC_MKPDF@ +GTKDOC_REBASE = @GTKDOC_REBASE@ +HAVE_PAM = @HAVE_PAM@ +HTML_DIR = @HTML_DIR@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +INSTOBJEXT = @INSTOBJEXT@ +INTLLIBS = @INTLLIBS@ +INTLTOOL_EXTRACT = @INTLTOOL_EXTRACT@ +INTLTOOL_MERGE = @INTLTOOL_MERGE@ +INTLTOOL_PERL = @INTLTOOL_PERL@ +INTLTOOL_UPDATE = @INTLTOOL_UPDATE@ +INTLTOOL_V_MERGE = @INTLTOOL_V_MERGE@ +INTLTOOL_V_MERGE_OPTIONS = @INTLTOOL_V_MERGE_OPTIONS@ +INTLTOOL__v_MERGE_ = @INTLTOOL__v_MERGE_@ +INTLTOOL__v_MERGE_0 = @INTLTOOL__v_MERGE_0@ +INTROSPECTION_CFLAGS = @INTROSPECTION_CFLAGS@ +INTROSPECTION_COMPILER = @INTROSPECTION_COMPILER@ +INTROSPECTION_GENERATE = @INTROSPECTION_GENERATE@ +INTROSPECTION_GIRDIR = @INTROSPECTION_GIRDIR@ +INTROSPECTION_LIBS = @INTROSPECTION_LIBS@ +INTROSPECTION_MAKEFILE = @INTROSPECTION_MAKEFILE@ +INTROSPECTION_SCANNER = @INTROSPECTION_SCANNER@ +INTROSPECTION_TYPELIBDIR = @INTROSPECTION_TYPELIBDIR@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +LT_AGE = @LT_AGE@ +LT_CURRENT = @LT_CURRENT@ +LT_REVISION = @LT_REVISION@ +MAINT = @MAINT@ +MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ +MKDIR_P = @MKDIR_P@ +MKINSTALLDIRS = @MKINSTALLDIRS@ +MSGFMT = @MSGFMT@ +MSGFMT_OPTS = @MSGFMT_OPTS@ +MSGMERGE = @MSGMERGE@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PAM_FILE_INCLUDE_ACCOUNT = @PAM_FILE_INCLUDE_ACCOUNT@ +PAM_FILE_INCLUDE_AUTH = @PAM_FILE_INCLUDE_AUTH@ +PAM_FILE_INCLUDE_PASSWORD = @PAM_FILE_INCLUDE_PASSWORD@ +PAM_FILE_INCLUDE_SESSION = @PAM_FILE_INCLUDE_SESSION@ +PAM_MODULE_DIR = @PAM_MODULE_DIR@ +PAM_PREFIX = @PAM_PREFIX@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +POFILES = @POFILES@ +POLKIT_AUTHFW = @POLKIT_AUTHFW@ +POSUB = @POSUB@ +PO_IN_DATADIR_FALSE = @PO_IN_DATADIR_FALSE@ +PO_IN_DATADIR_TRUE = @PO_IN_DATADIR_TRUE@ +RANLIB = @RANLIB@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +STRIP = @STRIP@ +SYSTEMD_CFLAGS = @SYSTEMD_CFLAGS@ +SYSTEMD_LIBS = @SYSTEMD_LIBS@ +USE_NLS = @USE_NLS@ +VERSION = @VERSION@ +XGETTEXT = @XGETTEXT@ +XSLTPROC = @XSLTPROC@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +intltool__v_merge_options_ = @intltool__v_merge_options_@ +intltool__v_merge_options_0 = @intltool__v_merge_options_0@ +libdir = @libdir@ +libexecdir = @libexecdir@ +localedir = @localedir@ +localstatedir = @localstatedir@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +subdirs = @subdirs@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +NULL = +INCLUDES = \ + -I$(top_builddir)/src \ + -I$(top_srcdir)/src \ + -DPACKAGE_LIBEXEC_DIR=\""$(libexecdir)"\" \ + -DPACKAGE_SYSCONF_DIR=\""$(sysconfdir)"\" \ + -DPACKAGE_DATA_DIR=\""$(datadir)"\" \ + -DPACKAGE_BIN_DIR=\""$(bindir)"\" \ + -DPACKAGE_LOCALSTATE_DIR=\""$(localstatedir)"\" \ + -DPACKAGE_LOCALE_DIR=\""$(localedir)"\" \ + -DPACKAGE_LIB_DIR=\""$(libdir)"\" \ + -D_POSIX_PTHREAD_SEMANTICS \ + -D_REENTRANT \ + $(NULL) + +polkitd_SOURCES = \ + main.c \ + gposixsignal.h gposixsignal.c \ + $(NULL) + +polkitd_CFLAGS = \ + -DPOLKIT_BACKEND_I_KNOW_API_IS_SUBJECT_TO_CHANGE \ + -DG_LOG_DOMAIN=\"polkitd-1\" \ + $(GLIB_CFLAGS) \ + $(NULL) + +polkitd_LDADD = \ + $(DBUS_GLIB_LIBS) \ + $(GLIB_LIBS) \ + $(top_builddir)/src/polkit/libpolkit-gobject-1.la \ + $(top_builddir)/src/polkitbackend/libpolkit-backend-1.la \ + $(NULL) + +CLEANFILES = $(BUILT_SOURCES) +all: all-am + +.SUFFIXES: +.SUFFIXES: .c .lo .o .obj +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/polkitd/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/polkitd/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): +install-libexecPROGRAMS: $(libexec_PROGRAMS) + @$(NORMAL_INSTALL) + test -z "$(libexecdir)" || $(MKDIR_P) "$(DESTDIR)$(libexecdir)" + @list='$(libexec_PROGRAMS)'; test -n "$(libexecdir)" || list=; \ + for p in $$list; do echo "$$p $$p"; done | \ + sed 's/$(EXEEXT)$$//' | \ + while read p p1; do if test -f $$p || test -f $$p1; \ + then echo "$$p"; echo "$$p"; else :; fi; \ + done | \ + sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \ + -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \ + sed 'N;N;N;s,\n, ,g' | \ + $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \ + { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ + if ($$2 == $$4) files[d] = files[d] " " $$1; \ + else { print "f", $$3 "/" $$4, $$1; } } \ + END { for (d in files) print "f", d, files[d] }' | \ + while read type dir files; do \ + if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ + test -z "$$files" || { \ + echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(libexecdir)$$dir'"; \ + $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(libexecdir)$$dir" || exit $$?; \ + } \ + ; done + +uninstall-libexecPROGRAMS: + @$(NORMAL_UNINSTALL) + @list='$(libexec_PROGRAMS)'; test -n "$(libexecdir)" || list=; \ + files=`for p in $$list; do echo "$$p"; done | \ + sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \ + -e 's/$$/$(EXEEXT)/' `; \ + test -n "$$list" || exit 0; \ + echo " ( cd '$(DESTDIR)$(libexecdir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(libexecdir)" && rm -f $$files + +clean-libexecPROGRAMS: + @list='$(libexec_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list +polkitd$(EXEEXT): $(polkitd_OBJECTS) $(polkitd_DEPENDENCIES) $(EXTRA_polkitd_DEPENDENCIES) + @rm -f polkitd$(EXEEXT) + $(AM_V_CCLD)$(polkitd_LINK) $(polkitd_OBJECTS) $(polkitd_LDADD) $(LIBS) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + +distclean-compile: + -rm -f *.tab.c + +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/polkitd-gposixsignal.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/polkitd-main.Po@am__quote@ + +.c.o: +@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $< + +.c.obj: +@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'` + +.c.lo: +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< + +polkitd-main.o: main.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(polkitd_CFLAGS) $(CFLAGS) -MT polkitd-main.o -MD -MP -MF $(DEPDIR)/polkitd-main.Tpo -c -o polkitd-main.o `test -f 'main.c' || echo '$(srcdir)/'`main.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/polkitd-main.Tpo $(DEPDIR)/polkitd-main.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='main.c' object='polkitd-main.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(polkitd_CFLAGS) $(CFLAGS) -c -o polkitd-main.o `test -f 'main.c' || echo '$(srcdir)/'`main.c + +polkitd-main.obj: main.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(polkitd_CFLAGS) $(CFLAGS) -MT polkitd-main.obj -MD -MP -MF $(DEPDIR)/polkitd-main.Tpo -c -o polkitd-main.obj `if test -f 'main.c'; then $(CYGPATH_W) 'main.c'; else $(CYGPATH_W) '$(srcdir)/main.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/polkitd-main.Tpo $(DEPDIR)/polkitd-main.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='main.c' object='polkitd-main.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(polkitd_CFLAGS) $(CFLAGS) -c -o polkitd-main.obj `if test -f 'main.c'; then $(CYGPATH_W) 'main.c'; else $(CYGPATH_W) '$(srcdir)/main.c'; fi` + +polkitd-gposixsignal.o: gposixsignal.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(polkitd_CFLAGS) $(CFLAGS) -MT polkitd-gposixsignal.o -MD -MP -MF $(DEPDIR)/polkitd-gposixsignal.Tpo -c -o polkitd-gposixsignal.o `test -f 'gposixsignal.c' || echo '$(srcdir)/'`gposixsignal.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/polkitd-gposixsignal.Tpo $(DEPDIR)/polkitd-gposixsignal.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='gposixsignal.c' object='polkitd-gposixsignal.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(polkitd_CFLAGS) $(CFLAGS) -c -o polkitd-gposixsignal.o `test -f 'gposixsignal.c' || echo '$(srcdir)/'`gposixsignal.c + +polkitd-gposixsignal.obj: gposixsignal.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(polkitd_CFLAGS) $(CFLAGS) -MT polkitd-gposixsignal.obj -MD -MP -MF $(DEPDIR)/polkitd-gposixsignal.Tpo -c -o polkitd-gposixsignal.obj `if test -f 'gposixsignal.c'; then $(CYGPATH_W) 'gposixsignal.c'; else $(CYGPATH_W) '$(srcdir)/gposixsignal.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/polkitd-gposixsignal.Tpo $(DEPDIR)/polkitd-gposixsignal.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='gposixsignal.c' object='polkitd-gposixsignal.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(polkitd_CFLAGS) $(CFLAGS) -c -o polkitd-gposixsignal.obj `if test -f 'gposixsignal.c'; then $(CYGPATH_W) 'gposixsignal.c'; else $(CYGPATH_W) '$(srcdir)/gposixsignal.c'; fi` + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + mkid -fID $$unique +tags: TAGS + +TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + set x; \ + here=`pwd`; \ + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: CTAGS +CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile $(PROGRAMS) +installdirs: + for dir in "$(DESTDIR)$(libexecdir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + if test -z '$(STRIP)'; then \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + install; \ + else \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ + fi +mostlyclean-generic: + +clean-generic: + -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic clean-libexecPROGRAMS clean-libtool \ + clean-local mostlyclean-am + +distclean: distclean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-tags + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: install-libexecPROGRAMS + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-libexecPROGRAMS + +.MAKE: install-am install-strip + +.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ + clean-libexecPROGRAMS clean-libtool clean-local ctags \ + distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-libexecPROGRAMS install-man \ + install-pdf install-pdf-am install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ + pdf pdf-am ps ps-am tags uninstall uninstall-am \ + uninstall-libexecPROGRAMS + + +clean-local : + rm -f *~ + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/src/polkitd/gposixsignal.c b/src/polkitd/gposixsignal.c new file mode 100644 index 00000000..0dbd8e8a --- /dev/null +++ b/src/polkitd/gposixsignal.c @@ -0,0 +1,148 @@ +/* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- */ +/* + * Copyright (C) 2010 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, write to the + * Free Software Foundation, Inc., 59 Temple Place, Suite 330, + * Boston, MA 02111-1307, USA. + * + * Author: David Zeuthen + */ + +#include "config.h" + +#include "gposixsignal.h" + +#if defined(__linux__) +#include +#include +#include + +typedef struct +{ + GSource source; + GPollFD pollfd; + gint signum; +} _GPosixSignalSource; + +static gboolean +_g_posix_signal_source_prepare (GSource *_source, + gint *timeout) +{ + *timeout = -1; + return FALSE; +} + +static gboolean +_g_posix_signal_source_check (GSource *_source) +{ + _GPosixSignalSource *source = (_GPosixSignalSource *) _source; + return source->pollfd.revents != 0; +} + +static gboolean +_g_posix_signal_source_dispatch (GSource *_source, + GSourceFunc callback, + gpointer user_data) + +{ + _GPosixSignalWatchFunc func = (_GPosixSignalWatchFunc) callback; + g_warn_if_fail (func != NULL); + return (*func) (user_data); +} + +static void +_g_posix_signal_source_finalize (GSource *_source) +{ + _GPosixSignalSource *source = (_GPosixSignalSource *) _source; + close (source->pollfd.fd); +} + +static GSourceFuncs _g_posix_signal_source_funcs = +{ + _g_posix_signal_source_prepare, + _g_posix_signal_source_check, + _g_posix_signal_source_dispatch, + _g_posix_signal_source_finalize +}; + +GSource * +_g_posix_signal_source_new (gint signum) +{ + sigset_t sigset; + gint fd; + GSource *_source; + _GPosixSignalSource *source; + + _source = NULL; + + sigemptyset (&sigset); + sigaddset (&sigset, signum); + + if (sigprocmask (SIG_BLOCK, &sigset, NULL) == -1) + g_assert_not_reached (); + + fd = signalfd (-1, &sigset, SFD_NONBLOCK | SFD_CLOEXEC); + + _source = g_source_new (&_g_posix_signal_source_funcs, sizeof (_GPosixSignalSource)); + source = (_GPosixSignalSource *) _source; + + source->pollfd.fd = fd; + source->pollfd.events = G_IO_IN; + g_source_add_poll (_source, &source->pollfd); + + source->signum = signum; + return _source; +} + +guint +_g_posix_signal_watch_add (gint signum, + gint priority, + _GPosixSignalWatchFunc function, + gpointer user_data, + GDestroyNotify notify) +{ + GSource *source; + guint id; + + g_return_val_if_fail (function != NULL, 0); + + source = _g_posix_signal_source_new (signum); + if (priority != G_PRIORITY_DEFAULT_IDLE) + g_source_set_priority (source, priority); + g_source_set_callback (source, (GSourceFunc) function, user_data, notify); + id = g_source_attach (source, NULL); + g_source_unref (source); + + return id; +} +#else /* __linux__ */ + +GSource * +_g_posix_signal_source_new (gint signum) +{ + return NULL; +} + +guint +_g_posix_signal_watch_add (gint signum, + gint priority, + _GPosixSignalWatchFunc function, + gpointer user_data, + GDestroyNotify notify) +{ + return 0; +} + +#endif /* __linux__ */ diff --git a/src/polkitd/gposixsignal.h b/src/polkitd/gposixsignal.h new file mode 100644 index 00000000..f9b3249c --- /dev/null +++ b/src/polkitd/gposixsignal.h @@ -0,0 +1,42 @@ +/* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- */ +/* + * Copyright (C) 2010 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, write to the + * Free Software Foundation, Inc., 59 Temple Place, Suite 330, + * Boston, MA 02111-1307, USA. + * + * Author: David Zeuthen + */ + +#ifndef ___G_POSIX_SIGNAL_H__ +#define ___G_POSIX_SIGNAL_H__ + +#include + +G_BEGIN_DECLS + +typedef gboolean (*_GPosixSignalWatchFunc) (gpointer user_data); + +GSource *_g_posix_signal_source_new (gint signum); + +guint _g_posix_signal_watch_add (gint signum, + gint priority, + _GPosixSignalWatchFunc function, + gpointer user_data, + GDestroyNotify notify); + +G_END_DECLS + +#endif /* ___G_POSIX_SIGNAL_H__ */ diff --git a/src/polkitd/main.c b/src/polkitd/main.c new file mode 100644 index 00000000..b21723f6 --- /dev/null +++ b/src/polkitd/main.c @@ -0,0 +1,188 @@ +/* + * Copyright (C) 2008-2010 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, write to the + * Free Software Foundation, Inc., 59 Temple Place, Suite 330, + * Boston, MA 02111-1307, USA. + * + * Author: David Zeuthen + */ + +#include "config.h" + +#include + +#include + +#include +#include + +#include "gposixsignal.h" + +/* ---------------------------------------------------------------------------------------------------- */ + +static PolkitBackendAuthority *authority = NULL; +static gpointer registration_id = NULL; +static GMainLoop *loop = NULL; +static gboolean opt_replace = FALSE; +static gboolean opt_no_debug = FALSE; +static GOptionEntry opt_entries[] = { + {"replace", 'r', 0, G_OPTION_ARG_NONE, &opt_replace, "Replace existing daemon", NULL}, + {"no-debug", 'n', 0, G_OPTION_ARG_NONE, &opt_no_debug, "Don't print debug information", NULL}, + {NULL } +}; + +static void +on_bus_acquired (GDBusConnection *connection, + const gchar *name, + gpointer user_data) +{ + GError *error; + + g_print ("Connected to the system bus\n"); + + g_assert (authority == NULL); + g_assert (registration_id == NULL); + + authority = polkit_backend_authority_get (); + g_print ("Using authority class %s\n", g_type_name (G_TYPE_FROM_INSTANCE (authority))); + + error = NULL; + registration_id = polkit_backend_authority_register (authority, + connection, + "/org/freedesktop/PolicyKit1/Authority", + &error); + if (registration_id == NULL) + { + g_printerr ("Error registering authority: %s\n", error->message); + g_error_free (error); + g_main_loop_quit (loop); /* exit */ + } +} + +static void +on_name_lost (GDBusConnection *connection, + const gchar *name, + gpointer user_data) +{ + g_print ("Lost the name org.freedesktop.PolicyKit1 - exiting\n"); + g_main_loop_quit (loop); +} + +static void +on_name_acquired (GDBusConnection *connection, + const gchar *name, + gpointer user_data) +{ + g_print ("Acquired the name org.freedesktop.PolicyKit1\n"); +} + +static gboolean +on_sigint (gpointer user_data) +{ + g_print ("Handling SIGINT\n"); + g_main_loop_quit (loop); + return FALSE; +} + +int +main (int argc, + char **argv) +{ + GError *error; + GOptionContext *opt_context; + gint ret; + guint name_owner_id; + guint sigint_id; + + ret = 1; + loop = NULL; + opt_context = NULL; + name_owner_id = 0; + sigint_id = 0; + registration_id = NULL; + + g_type_init (); + + opt_context = g_option_context_new ("polkit authority"); + g_option_context_add_main_entries (opt_context, opt_entries, NULL); + error = NULL; + if (!g_option_context_parse (opt_context, &argc, &argv, &error)) + { + g_printerr ("Error parsing options: %s", error->message); + g_error_free (error); + goto out; + } + + /* If --no-debug is requested don't clutter stdout/stderr etc. + */ + if (opt_no_debug) + { + gint dev_null_fd; + dev_null_fd = open ("/dev/null", O_RDWR); + if (dev_null_fd >= 0) + { + dup2 (dev_null_fd, STDIN_FILENO); + dup2 (dev_null_fd, STDOUT_FILENO); + dup2 (dev_null_fd, STDERR_FILENO); + close (dev_null_fd); + } + else + { + g_warning ("Error opening /dev/null: %m"); + } + } + + + loop = g_main_loop_new (NULL, FALSE); + + sigint_id = _g_posix_signal_watch_add (SIGINT, + G_PRIORITY_DEFAULT, + on_sigint, + NULL, + NULL); + + name_owner_id = g_bus_own_name (G_BUS_TYPE_SYSTEM, + "org.freedesktop.PolicyKit1", + G_BUS_NAME_OWNER_FLAGS_ALLOW_REPLACEMENT | + (opt_replace ? G_BUS_NAME_OWNER_FLAGS_REPLACE : 0), + on_bus_acquired, + on_name_acquired, + on_name_lost, + NULL, + NULL); + + g_print ("Entering main event loop\n"); + g_main_loop_run (loop); + + ret = 0; + + g_print ("Shutting down\n"); + out: + if (sigint_id > 0) + g_source_remove (sigint_id); + if (name_owner_id != 0) + g_bus_unown_name (name_owner_id); + if (registration_id != NULL) + polkit_backend_authority_unregister (registration_id); + if (authority != NULL) + g_object_unref (authority); + if (loop != NULL) + g_main_loop_unref (loop); + if (opt_context != NULL) + g_option_context_free (opt_context); + + g_print ("Exiting with code %d\n", ret); + return ret; +} diff --git a/src/programs/Makefile.am b/src/programs/Makefile.am new file mode 100644 index 00000000..bc1b5a88 --- /dev/null +++ b/src/programs/Makefile.am @@ -0,0 +1,84 @@ + +NULL = + +INCLUDES = \ + -I$(top_builddir)/src \ + -I$(top_srcdir)/src \ + -DPACKAGE_LIBEXEC_DIR=\""$(libexecdir)"\" \ + -DPACKAGE_SYSCONF_DIR=\""$(sysconfdir)"\" \ + -DPACKAGE_DATA_DIR=\""$(datadir)"\" \ + -DPACKAGE_BIN_DIR=\""$(bindir)"\" \ + -DPACKAGE_LOCALSTATE_DIR=\""$(localstatedir)"\" \ + -DPACKAGE_LOCALE_DIR=\""$(localedir)"\" \ + -DPACKAGE_LIB_DIR=\""$(libdir)"\" \ + -D_POSIX_PTHREAD_SEMANTICS \ + -D_REENTRANT \ + $(NULL) + +# ---------------------------------------------------------------------------------------------------- + +bin_PROGRAMS = pkexec pkcheck pkaction pkttyagent + +# ---------------------------------------------------------------------------------------------------- + +pkexec_SOURCES = pkexec.c + +pkexec_CFLAGS = \ + $(GLIB_CFLAGS) \ + $(AUTH_LIBS) \ + $(NULL) + +pkexec_LDADD = \ + $(GLIB_LIBS) \ + $(top_builddir)/src/polkit/libpolkit-gobject-1.la \ + $(top_builddir)/src/polkitagent/libpolkit-agent-1.la \ + $(NULL) + +# ---------------------------------------------------------------------------------------------------- + +pkcheck_SOURCES = pkcheck.c + +pkcheck_CFLAGS = \ + $(GLIB_CFLAGS) \ + $(NULL) + +pkcheck_LDADD = \ + $(GLIB_LIBS) \ + $(top_builddir)/src/polkit/libpolkit-gobject-1.la \ + $(top_builddir)/src/polkitagent/libpolkit-agent-1.la \ + $(NULL) + +# ---------------------------------------------------------------------------------------------------- + +pkttyagent_SOURCES = pkttyagent.c + +pkttyagent_CFLAGS = \ + $(GLIB_CFLAGS) \ + $(NULL) + +pkttyagent_LDADD = \ + $(GLIB_LIBS) \ + $(top_builddir)/src/polkit/libpolkit-gobject-1.la \ + $(top_builddir)/src/polkitagent/libpolkit-agent-1.la \ + $(NULL) + +# ---------------------------------------------------------------------------------------------------- + +pkaction_SOURCES = pkaction.c + +pkaction_CFLAGS = \ + $(GLIB_CFLAGS) \ + $(NULL) + +pkaction_LDADD = \ + $(GLIB_LIBS) \ + $(top_builddir)/src/polkit/libpolkit-gobject-1.la \ + $(NULL) + +# ---------------------------------------------------------------------------------------------------- + +clean-local : + rm -f *~ + +install-exec-hook : + -chmod 4755 $(DESTDIR)$(bindir)/pkexec diff --git a/src/programs/Makefile.in b/src/programs/Makefile.in new file mode 100644 index 00000000..f27badb5 --- /dev/null +++ b/src/programs/Makefile.in @@ -0,0 +1,772 @@ +# Makefile.in generated by automake 1.11.3 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software +# Foundation, Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +VPATH = @srcdir@ +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +bin_PROGRAMS = pkexec$(EXEEXT) pkcheck$(EXEEXT) pkaction$(EXEEXT) \ + pkttyagent$(EXEEXT) +subdir = src/programs +DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/config.h +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +am__installdirs = "$(DESTDIR)$(bindir)" +PROGRAMS = $(bin_PROGRAMS) +am_pkaction_OBJECTS = pkaction-pkaction.$(OBJEXT) +pkaction_OBJECTS = $(am_pkaction_OBJECTS) +am__DEPENDENCIES_1 = +pkaction_DEPENDENCIES = $(am__DEPENDENCIES_1) \ + $(top_builddir)/src/polkit/libpolkit-gobject-1.la \ + $(am__DEPENDENCIES_1) +AM_V_lt = $(am__v_lt_@AM_V@) +am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) +am__v_lt_0 = --silent +pkaction_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(pkaction_CFLAGS) \ + $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ +am_pkcheck_OBJECTS = pkcheck-pkcheck.$(OBJEXT) +pkcheck_OBJECTS = $(am_pkcheck_OBJECTS) +pkcheck_DEPENDENCIES = $(am__DEPENDENCIES_1) \ + $(top_builddir)/src/polkit/libpolkit-gobject-1.la \ + $(top_builddir)/src/polkitagent/libpolkit-agent-1.la \ + $(am__DEPENDENCIES_1) +pkcheck_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(pkcheck_CFLAGS) \ + $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ +am_pkexec_OBJECTS = pkexec-pkexec.$(OBJEXT) +pkexec_OBJECTS = $(am_pkexec_OBJECTS) +pkexec_DEPENDENCIES = $(am__DEPENDENCIES_1) \ + $(top_builddir)/src/polkit/libpolkit-gobject-1.la \ + $(top_builddir)/src/polkitagent/libpolkit-agent-1.la \ + $(am__DEPENDENCIES_1) +pkexec_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(pkexec_CFLAGS) $(CFLAGS) \ + $(AM_LDFLAGS) $(LDFLAGS) -o $@ +am_pkttyagent_OBJECTS = pkttyagent-pkttyagent.$(OBJEXT) +pkttyagent_OBJECTS = $(am_pkttyagent_OBJECTS) +pkttyagent_DEPENDENCIES = $(am__DEPENDENCIES_1) \ + $(top_builddir)/src/polkit/libpolkit-gobject-1.la \ + $(top_builddir)/src/polkitagent/libpolkit-agent-1.la \ + $(am__DEPENDENCIES_1) +pkttyagent_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(pkttyagent_CFLAGS) \ + $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ +DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ + $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ + $(AM_CFLAGS) $(CFLAGS) +AM_V_CC = $(am__v_CC_@AM_V@) +am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) +am__v_CC_0 = @echo " CC " $@; +AM_V_at = $(am__v_at_@AM_V@) +am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) +am__v_at_0 = @ +CCLD = $(CC) +LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(AM_LDFLAGS) $(LDFLAGS) -o $@ +AM_V_CCLD = $(am__v_CCLD_@AM_V@) +am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) +am__v_CCLD_0 = @echo " CCLD " $@; +AM_V_GEN = $(am__v_GEN_@AM_V@) +am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) +am__v_GEN_0 = @echo " GEN " $@; +SOURCES = $(pkaction_SOURCES) $(pkcheck_SOURCES) $(pkexec_SOURCES) \ + $(pkttyagent_SOURCES) +DIST_SOURCES = $(pkaction_SOURCES) $(pkcheck_SOURCES) \ + $(pkexec_SOURCES) $(pkttyagent_SOURCES) +ETAGS = etags +CTAGS = ctags +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +ALL_LINGUAS = @ALL_LINGUAS@ +AMTAR = @AMTAR@ +AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ +AR = @AR@ +AUTH_LIBS = @AUTH_LIBS@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +CATALOGS = @CATALOGS@ +CATOBJEXT = @CATOBJEXT@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DATADIRNAME = @DATADIRNAME@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +EXPAT_LIBS = @EXPAT_LIBS@ +FGREP = @FGREP@ +GETTEXT_PACKAGE = @GETTEXT_PACKAGE@ +GLIB_CFLAGS = @GLIB_CFLAGS@ +GLIB_LIBS = @GLIB_LIBS@ +GMOFILES = @GMOFILES@ +GMSGFMT = @GMSGFMT@ +GREP = @GREP@ +GTKDOC_CHECK = @GTKDOC_CHECK@ +GTKDOC_DEPS_CFLAGS = @GTKDOC_DEPS_CFLAGS@ +GTKDOC_DEPS_LIBS = @GTKDOC_DEPS_LIBS@ +GTKDOC_MKPDF = @GTKDOC_MKPDF@ +GTKDOC_REBASE = @GTKDOC_REBASE@ +HAVE_PAM = @HAVE_PAM@ +HTML_DIR = @HTML_DIR@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +INSTOBJEXT = @INSTOBJEXT@ +INTLLIBS = @INTLLIBS@ +INTLTOOL_EXTRACT = @INTLTOOL_EXTRACT@ +INTLTOOL_MERGE = @INTLTOOL_MERGE@ +INTLTOOL_PERL = @INTLTOOL_PERL@ +INTLTOOL_UPDATE = @INTLTOOL_UPDATE@ +INTLTOOL_V_MERGE = @INTLTOOL_V_MERGE@ +INTLTOOL_V_MERGE_OPTIONS = @INTLTOOL_V_MERGE_OPTIONS@ +INTLTOOL__v_MERGE_ = @INTLTOOL__v_MERGE_@ +INTLTOOL__v_MERGE_0 = @INTLTOOL__v_MERGE_0@ +INTROSPECTION_CFLAGS = @INTROSPECTION_CFLAGS@ +INTROSPECTION_COMPILER = @INTROSPECTION_COMPILER@ +INTROSPECTION_GENERATE = @INTROSPECTION_GENERATE@ +INTROSPECTION_GIRDIR = @INTROSPECTION_GIRDIR@ +INTROSPECTION_LIBS = @INTROSPECTION_LIBS@ +INTROSPECTION_MAKEFILE = @INTROSPECTION_MAKEFILE@ +INTROSPECTION_SCANNER = @INTROSPECTION_SCANNER@ +INTROSPECTION_TYPELIBDIR = @INTROSPECTION_TYPELIBDIR@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +LT_AGE = @LT_AGE@ +LT_CURRENT = @LT_CURRENT@ +LT_REVISION = @LT_REVISION@ +MAINT = @MAINT@ +MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ +MKDIR_P = @MKDIR_P@ +MKINSTALLDIRS = @MKINSTALLDIRS@ +MSGFMT = @MSGFMT@ +MSGFMT_OPTS = @MSGFMT_OPTS@ +MSGMERGE = @MSGMERGE@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PAM_FILE_INCLUDE_ACCOUNT = @PAM_FILE_INCLUDE_ACCOUNT@ +PAM_FILE_INCLUDE_AUTH = @PAM_FILE_INCLUDE_AUTH@ +PAM_FILE_INCLUDE_PASSWORD = @PAM_FILE_INCLUDE_PASSWORD@ +PAM_FILE_INCLUDE_SESSION = @PAM_FILE_INCLUDE_SESSION@ +PAM_MODULE_DIR = @PAM_MODULE_DIR@ +PAM_PREFIX = @PAM_PREFIX@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +POFILES = @POFILES@ +POLKIT_AUTHFW = @POLKIT_AUTHFW@ +POSUB = @POSUB@ +PO_IN_DATADIR_FALSE = @PO_IN_DATADIR_FALSE@ +PO_IN_DATADIR_TRUE = @PO_IN_DATADIR_TRUE@ +RANLIB = @RANLIB@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +STRIP = @STRIP@ +SYSTEMD_CFLAGS = @SYSTEMD_CFLAGS@ +SYSTEMD_LIBS = @SYSTEMD_LIBS@ +USE_NLS = @USE_NLS@ +VERSION = @VERSION@ +XGETTEXT = @XGETTEXT@ +XSLTPROC = @XSLTPROC@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +intltool__v_merge_options_ = @intltool__v_merge_options_@ +intltool__v_merge_options_0 = @intltool__v_merge_options_0@ +libdir = @libdir@ +libexecdir = @libexecdir@ +localedir = @localedir@ +localstatedir = @localstatedir@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +subdirs = @subdirs@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +NULL = +INCLUDES = \ + -I$(top_builddir)/src \ + -I$(top_srcdir)/src \ + -DPACKAGE_LIBEXEC_DIR=\""$(libexecdir)"\" \ + -DPACKAGE_SYSCONF_DIR=\""$(sysconfdir)"\" \ + -DPACKAGE_DATA_DIR=\""$(datadir)"\" \ + -DPACKAGE_BIN_DIR=\""$(bindir)"\" \ + -DPACKAGE_LOCALSTATE_DIR=\""$(localstatedir)"\" \ + -DPACKAGE_LOCALE_DIR=\""$(localedir)"\" \ + -DPACKAGE_LIB_DIR=\""$(libdir)"\" \ + -D_POSIX_PTHREAD_SEMANTICS \ + -D_REENTRANT \ + $(NULL) + + +# ---------------------------------------------------------------------------------------------------- +pkexec_SOURCES = pkexec.c +pkexec_CFLAGS = \ + $(GLIB_CFLAGS) \ + $(AUTH_LIBS) \ + $(NULL) + +pkexec_LDADD = \ + $(GLIB_LIBS) \ + $(top_builddir)/src/polkit/libpolkit-gobject-1.la \ + $(top_builddir)/src/polkitagent/libpolkit-agent-1.la \ + $(NULL) + + +# ---------------------------------------------------------------------------------------------------- +pkcheck_SOURCES = pkcheck.c +pkcheck_CFLAGS = \ + $(GLIB_CFLAGS) \ + $(NULL) + +pkcheck_LDADD = \ + $(GLIB_LIBS) \ + $(top_builddir)/src/polkit/libpolkit-gobject-1.la \ + $(top_builddir)/src/polkitagent/libpolkit-agent-1.la \ + $(NULL) + + +# ---------------------------------------------------------------------------------------------------- +pkttyagent_SOURCES = pkttyagent.c +pkttyagent_CFLAGS = \ + $(GLIB_CFLAGS) \ + $(NULL) + +pkttyagent_LDADD = \ + $(GLIB_LIBS) \ + $(top_builddir)/src/polkit/libpolkit-gobject-1.la \ + $(top_builddir)/src/polkitagent/libpolkit-agent-1.la \ + $(NULL) + + +# ---------------------------------------------------------------------------------------------------- +pkaction_SOURCES = pkaction.c +pkaction_CFLAGS = \ + $(GLIB_CFLAGS) \ + $(NULL) + +pkaction_LDADD = \ + $(GLIB_LIBS) \ + $(top_builddir)/src/polkit/libpolkit-gobject-1.la \ + $(NULL) + +all: all-am + +.SUFFIXES: +.SUFFIXES: .c .lo .o .obj +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/programs/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/programs/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): +install-binPROGRAMS: $(bin_PROGRAMS) + @$(NORMAL_INSTALL) + test -z "$(bindir)" || $(MKDIR_P) "$(DESTDIR)$(bindir)" + @list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \ + for p in $$list; do echo "$$p $$p"; done | \ + sed 's/$(EXEEXT)$$//' | \ + while read p p1; do if test -f $$p || test -f $$p1; \ + then echo "$$p"; echo "$$p"; else :; fi; \ + done | \ + sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \ + -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \ + sed 'N;N;N;s,\n, ,g' | \ + $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \ + { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ + if ($$2 == $$4) files[d] = files[d] " " $$1; \ + else { print "f", $$3 "/" $$4, $$1; } } \ + END { for (d in files) print "f", d, files[d] }' | \ + while read type dir files; do \ + if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ + test -z "$$files" || { \ + echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(bindir)$$dir'"; \ + $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(bindir)$$dir" || exit $$?; \ + } \ + ; done + +uninstall-binPROGRAMS: + @$(NORMAL_UNINSTALL) + @list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \ + files=`for p in $$list; do echo "$$p"; done | \ + sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \ + -e 's/$$/$(EXEEXT)/' `; \ + test -n "$$list" || exit 0; \ + echo " ( cd '$(DESTDIR)$(bindir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(bindir)" && rm -f $$files + +clean-binPROGRAMS: + @list='$(bin_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list +pkaction$(EXEEXT): $(pkaction_OBJECTS) $(pkaction_DEPENDENCIES) $(EXTRA_pkaction_DEPENDENCIES) + @rm -f pkaction$(EXEEXT) + $(AM_V_CCLD)$(pkaction_LINK) $(pkaction_OBJECTS) $(pkaction_LDADD) $(LIBS) +pkcheck$(EXEEXT): $(pkcheck_OBJECTS) $(pkcheck_DEPENDENCIES) $(EXTRA_pkcheck_DEPENDENCIES) + @rm -f pkcheck$(EXEEXT) + $(AM_V_CCLD)$(pkcheck_LINK) $(pkcheck_OBJECTS) $(pkcheck_LDADD) $(LIBS) +pkexec$(EXEEXT): $(pkexec_OBJECTS) $(pkexec_DEPENDENCIES) $(EXTRA_pkexec_DEPENDENCIES) + @rm -f pkexec$(EXEEXT) + $(AM_V_CCLD)$(pkexec_LINK) $(pkexec_OBJECTS) $(pkexec_LDADD) $(LIBS) +pkttyagent$(EXEEXT): $(pkttyagent_OBJECTS) $(pkttyagent_DEPENDENCIES) $(EXTRA_pkttyagent_DEPENDENCIES) + @rm -f pkttyagent$(EXEEXT) + $(AM_V_CCLD)$(pkttyagent_LINK) $(pkttyagent_OBJECTS) $(pkttyagent_LDADD) $(LIBS) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + +distclean-compile: + -rm -f *.tab.c + +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkaction-pkaction.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcheck-pkcheck.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkexec-pkexec.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkttyagent-pkttyagent.Po@am__quote@ + +.c.o: +@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $< + +.c.obj: +@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'` + +.c.lo: +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< + +pkaction-pkaction.o: pkaction.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pkaction_CFLAGS) $(CFLAGS) -MT pkaction-pkaction.o -MD -MP -MF $(DEPDIR)/pkaction-pkaction.Tpo -c -o pkaction-pkaction.o `test -f 'pkaction.c' || echo '$(srcdir)/'`pkaction.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/pkaction-pkaction.Tpo $(DEPDIR)/pkaction-pkaction.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='pkaction.c' object='pkaction-pkaction.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pkaction_CFLAGS) $(CFLAGS) -c -o pkaction-pkaction.o `test -f 'pkaction.c' || echo '$(srcdir)/'`pkaction.c + +pkaction-pkaction.obj: pkaction.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pkaction_CFLAGS) $(CFLAGS) -MT pkaction-pkaction.obj -MD -MP -MF $(DEPDIR)/pkaction-pkaction.Tpo -c -o pkaction-pkaction.obj `if test -f 'pkaction.c'; then $(CYGPATH_W) 'pkaction.c'; else $(CYGPATH_W) '$(srcdir)/pkaction.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/pkaction-pkaction.Tpo $(DEPDIR)/pkaction-pkaction.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='pkaction.c' object='pkaction-pkaction.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pkaction_CFLAGS) $(CFLAGS) -c -o pkaction-pkaction.obj `if test -f 'pkaction.c'; then $(CYGPATH_W) 'pkaction.c'; else $(CYGPATH_W) '$(srcdir)/pkaction.c'; fi` + +pkcheck-pkcheck.o: pkcheck.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pkcheck_CFLAGS) $(CFLAGS) -MT pkcheck-pkcheck.o -MD -MP -MF $(DEPDIR)/pkcheck-pkcheck.Tpo -c -o pkcheck-pkcheck.o `test -f 'pkcheck.c' || echo '$(srcdir)/'`pkcheck.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/pkcheck-pkcheck.Tpo $(DEPDIR)/pkcheck-pkcheck.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='pkcheck.c' object='pkcheck-pkcheck.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pkcheck_CFLAGS) $(CFLAGS) -c -o pkcheck-pkcheck.o `test -f 'pkcheck.c' || echo '$(srcdir)/'`pkcheck.c + +pkcheck-pkcheck.obj: pkcheck.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pkcheck_CFLAGS) $(CFLAGS) -MT pkcheck-pkcheck.obj -MD -MP -MF $(DEPDIR)/pkcheck-pkcheck.Tpo -c -o pkcheck-pkcheck.obj `if test -f 'pkcheck.c'; then $(CYGPATH_W) 'pkcheck.c'; else $(CYGPATH_W) '$(srcdir)/pkcheck.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/pkcheck-pkcheck.Tpo $(DEPDIR)/pkcheck-pkcheck.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='pkcheck.c' object='pkcheck-pkcheck.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pkcheck_CFLAGS) $(CFLAGS) -c -o pkcheck-pkcheck.obj `if test -f 'pkcheck.c'; then $(CYGPATH_W) 'pkcheck.c'; else $(CYGPATH_W) '$(srcdir)/pkcheck.c'; fi` + +pkexec-pkexec.o: pkexec.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pkexec_CFLAGS) $(CFLAGS) -MT pkexec-pkexec.o -MD -MP -MF $(DEPDIR)/pkexec-pkexec.Tpo -c -o pkexec-pkexec.o `test -f 'pkexec.c' || echo '$(srcdir)/'`pkexec.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/pkexec-pkexec.Tpo $(DEPDIR)/pkexec-pkexec.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='pkexec.c' object='pkexec-pkexec.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pkexec_CFLAGS) $(CFLAGS) -c -o pkexec-pkexec.o `test -f 'pkexec.c' || echo '$(srcdir)/'`pkexec.c + +pkexec-pkexec.obj: pkexec.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pkexec_CFLAGS) $(CFLAGS) -MT pkexec-pkexec.obj -MD -MP -MF $(DEPDIR)/pkexec-pkexec.Tpo -c -o pkexec-pkexec.obj `if test -f 'pkexec.c'; then $(CYGPATH_W) 'pkexec.c'; else $(CYGPATH_W) '$(srcdir)/pkexec.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/pkexec-pkexec.Tpo $(DEPDIR)/pkexec-pkexec.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='pkexec.c' object='pkexec-pkexec.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pkexec_CFLAGS) $(CFLAGS) -c -o pkexec-pkexec.obj `if test -f 'pkexec.c'; then $(CYGPATH_W) 'pkexec.c'; else $(CYGPATH_W) '$(srcdir)/pkexec.c'; fi` + +pkttyagent-pkttyagent.o: pkttyagent.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pkttyagent_CFLAGS) $(CFLAGS) -MT pkttyagent-pkttyagent.o -MD -MP -MF $(DEPDIR)/pkttyagent-pkttyagent.Tpo -c -o pkttyagent-pkttyagent.o `test -f 'pkttyagent.c' || echo '$(srcdir)/'`pkttyagent.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/pkttyagent-pkttyagent.Tpo $(DEPDIR)/pkttyagent-pkttyagent.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='pkttyagent.c' object='pkttyagent-pkttyagent.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pkttyagent_CFLAGS) $(CFLAGS) -c -o pkttyagent-pkttyagent.o `test -f 'pkttyagent.c' || echo '$(srcdir)/'`pkttyagent.c + +pkttyagent-pkttyagent.obj: pkttyagent.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pkttyagent_CFLAGS) $(CFLAGS) -MT pkttyagent-pkttyagent.obj -MD -MP -MF $(DEPDIR)/pkttyagent-pkttyagent.Tpo -c -o pkttyagent-pkttyagent.obj `if test -f 'pkttyagent.c'; then $(CYGPATH_W) 'pkttyagent.c'; else $(CYGPATH_W) '$(srcdir)/pkttyagent.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/pkttyagent-pkttyagent.Tpo $(DEPDIR)/pkttyagent-pkttyagent.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='pkttyagent.c' object='pkttyagent-pkttyagent.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pkttyagent_CFLAGS) $(CFLAGS) -c -o pkttyagent-pkttyagent.obj `if test -f 'pkttyagent.c'; then $(CYGPATH_W) 'pkttyagent.c'; else $(CYGPATH_W) '$(srcdir)/pkttyagent.c'; fi` + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + mkid -fID $$unique +tags: TAGS + +TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + set x; \ + here=`pwd`; \ + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: CTAGS +CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile $(PROGRAMS) +installdirs: + for dir in "$(DESTDIR)$(bindir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + if test -z '$(STRIP)'; then \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + install; \ + else \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ + fi +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-binPROGRAMS clean-generic clean-libtool clean-local \ + mostlyclean-am + +distclean: distclean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-tags + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: install-binPROGRAMS + @$(NORMAL_INSTALL) + $(MAKE) $(AM_MAKEFLAGS) install-exec-hook +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-binPROGRAMS + +.MAKE: install-am install-exec-am install-strip + +.PHONY: CTAGS GTAGS all all-am check check-am clean clean-binPROGRAMS \ + clean-generic clean-libtool clean-local ctags distclean \ + distclean-compile distclean-generic distclean-libtool \ + distclean-tags distdir dvi dvi-am html html-am info info-am \ + install install-am install-binPROGRAMS install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-exec-hook install-html install-html-am \ + install-info install-info-am install-man install-pdf \ + install-pdf-am install-ps install-ps-am install-strip \ + installcheck installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-compile \ + mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ + tags uninstall uninstall-am uninstall-binPROGRAMS + + +# ---------------------------------------------------------------------------------------------------- + +clean-local : + rm -f *~ + +install-exec-hook : + -chmod 4755 $(DESTDIR)$(bindir)/pkexec + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/src/programs/pkaction.c b/src/programs/pkaction.c new file mode 100644 index 00000000..2d8c90de --- /dev/null +++ b/src/programs/pkaction.c @@ -0,0 +1,239 @@ +/* + * Copyright (C) 2009 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, write to the + * Free Software Foundation, Inc., 59 Temple Place, Suite 330, + * Boston, MA 02111-1307, USA. + * + * Author: David Zeuthen + */ + +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + +#include +#include + +static void +usage (int argc, char *argv[]) +{ + GError *error; + + error = NULL; + if (!g_spawn_command_line_sync ("man pkaction", + NULL, + NULL, + NULL, + &error)) + { + g_printerr ("Cannot show manual page: %s\n", error->message); + g_error_free (error); + } +} + +static void +print_action (PolkitActionDescription *action, + gboolean opt_verbose) +{ + + if (!opt_verbose) + { + g_print ("%s\n", polkit_action_description_get_action_id (action)); + } + else + { + const gchar *vendor; + const gchar *vendor_url; + const gchar *icon_name; + const gchar* const *annotation_keys; + guint n; + + vendor = polkit_action_description_get_vendor_name (action); + vendor_url = polkit_action_description_get_vendor_url (action); + icon_name = polkit_action_description_get_icon_name (action); + + g_print ("%s:\n", polkit_action_description_get_action_id (action)); + g_print (" description: %s\n", polkit_action_description_get_description (action)); + g_print (" message: %s\n", polkit_action_description_get_message (action)); + if (vendor != NULL) + g_print (" vendor: %s\n", vendor); + if (vendor_url != NULL) + g_print (" vendor_url: %s\n", vendor_url); + + if (icon_name != NULL) + g_print (" icon: %s\n", icon_name); + + g_print (" implicit any: %s\n", polkit_implicit_authorization_to_string (polkit_action_description_get_implicit_any (action))); + g_print (" implicit inactive: %s\n", polkit_implicit_authorization_to_string (polkit_action_description_get_implicit_inactive (action))); + g_print (" implicit active: %s\n", polkit_implicit_authorization_to_string (polkit_action_description_get_implicit_active (action))); + + annotation_keys = polkit_action_description_get_annotation_keys (action); + for (n = 0; annotation_keys[n] != NULL; n++) + { + const gchar *key; + const gchar *value; + + key = annotation_keys[n]; + value = polkit_action_description_get_annotation (action, key); + g_print (" annotation: %s -> %s\n", key, value); + } + g_print ("\n"); + } +} + +static gint +action_desc_compare_by_action_id_func (PolkitActionDescription *a, + PolkitActionDescription *b) +{ + return g_strcmp0 (polkit_action_description_get_action_id (a), + polkit_action_description_get_action_id (b)); +} + +int +main (int argc, char *argv[]) +{ + guint n; + guint ret; + gchar *action_id; + gboolean opt_show_help; + gboolean opt_show_version; + gboolean opt_verbose; + PolkitAuthority *authority; + GList *l; + GList *actions; + PolkitActionDescription *description; + GError *error; + + action_id = NULL; + authority = NULL; + actions = NULL; + description = NULL; + ret = 1; + + g_type_init (); + + opt_show_help = FALSE; + opt_show_version = FALSE; + opt_verbose = FALSE; + for (n = 1; n < (guint) argc; n++) + { + if (g_strcmp0 (argv[n], "--help") == 0) + { + opt_show_help = TRUE; + } + else if (g_strcmp0 (argv[n], "--version") == 0) + { + opt_show_version = TRUE; + } + else if (g_strcmp0 (argv[n], "--action-id") == 0 || g_strcmp0 (argv[n], "-a") == 0) + { + n++; + if (n >= (guint) argc) + { + usage (argc, argv); + goto out; + } + + action_id = g_strdup (argv[n]); + } + else if (g_strcmp0 (argv[n], "--verbose") == 0 || g_strcmp0 (argv[n], "-v") == 0) + { + opt_verbose = TRUE; + } + } + + if (opt_show_help) + { + usage (argc, argv); + ret = 0; + goto out; + } + else if (opt_show_version) + { + g_print ("pkaction version %s\n", PACKAGE_VERSION); + ret = 0; + goto out; + } + + error = NULL; + authority = polkit_authority_get_sync (NULL /* GCancellable* */, &error); + if (authority == NULL) + { + g_printerr ("Error getting authority: %s\n", error->message); + g_error_free (error); + goto out; + } + + error = NULL; + actions = polkit_authority_enumerate_actions_sync (authority, + NULL, /* GCancellable */ + &error); + if (error != NULL) + { + g_printerr ("Error enumerating actions: %s\n", error->message); + g_error_free (error); + goto out; + } + + if (action_id != NULL) + { + for (l = actions; l != NULL; l = l->next) + { + PolkitActionDescription *action = POLKIT_ACTION_DESCRIPTION (l->data); + const gchar *id; + + id = polkit_action_description_get_action_id (action); + + if (g_strcmp0 (id, action_id) == 0) + { + print_action (action, opt_verbose); + break; + } + } + + if (l == NULL) + { + g_printerr ("No action with action id %s\n", action_id); + goto out; + } + } + else + { + actions = g_list_sort (actions, + (GCompareFunc) action_desc_compare_by_action_id_func); + + for (l = actions; l != NULL; l = l->next) + { + PolkitActionDescription *action = POLKIT_ACTION_DESCRIPTION (l->data); + + print_action (action, opt_verbose); + } + } + + out: + g_list_foreach (actions, (GFunc) g_object_unref, NULL); + g_list_free (actions); + + if (description != NULL) + g_object_unref (description); + + g_free (action_id); + + if (authority != NULL) + g_object_unref (authority); + + return ret; +} + diff --git a/src/programs/pkcheck.c b/src/programs/pkcheck.c new file mode 100644 index 00000000..719a36c4 --- /dev/null +++ b/src/programs/pkcheck.c @@ -0,0 +1,631 @@ +/* + * Copyright (C) 2009 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, write to the + * Free Software Foundation, Inc., 59 Temple Place, Suite 330, + * Boston, MA 02111-1307, USA. + * + * Author: David Zeuthen + */ + +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + +#include +#include +#define POLKIT_AGENT_I_KNOW_API_IS_SUBJECT_TO_CHANGE +#include + +static void +usage (int argc, char *argv[]) +{ + GError *error; + + error = NULL; + if (!g_spawn_command_line_sync ("man pkcheck", + NULL, + NULL, + NULL, + &error)) + { + g_printerr ("Cannot show manual page: %s\n", error->message); + g_error_free (error); + } +} + +static gchar * +escape_str (const gchar *str) +{ + GString *s; + guint n; + + s = g_string_new (NULL); + if (str == NULL) + goto out; + + for (n = 0; str[n] != '\0'; n++) + { + guint c = str[n] & 0xff; + + if (g_ascii_isalnum (c) || c=='_') + g_string_append_c (s, c); + else + g_string_append_printf (s, "\\%o", c); + } + + out: + return g_string_free (s, FALSE); +} + +static gchar * +format_reltime (gint seconds) +{ + gint magnitude; + const gchar *ending; + gchar *ret; + + if (seconds >= 0) + { + magnitude = seconds; + ending = "from now"; + } + else + { + magnitude = -seconds; + ending = "ago"; + } + + if (magnitude >= 60) + { + ret = g_strdup_printf ("%d min %d sec %s", magnitude/60, magnitude%60, ending); + } + else + { + ret = g_strdup_printf ("%d sec %s", magnitude, ending); + } + + return ret; +} + +/* TODO: should probably move to PolkitSubject + * (also see copy in src/polkitbackend/polkitbackendinteractiveauthority.c) + * + * Also, can't really trust the cmdline... but might be useful in the logs anyway. + */ +static gchar * +_polkit_subject_get_cmdline (PolkitSubject *subject) +{ + PolkitSubject *process; + gchar *ret; + gint pid; + gchar *filename; + gchar *contents; + gsize contents_len; + GError *error; + guint n; + + g_return_val_if_fail (subject != NULL, NULL); + + error = NULL; + + ret = NULL; + process = NULL; + filename = NULL; + contents = NULL; + + if (POLKIT_IS_UNIX_PROCESS (subject)) + { + process = g_object_ref (subject); + } + else if (POLKIT_IS_SYSTEM_BUS_NAME (subject)) + { + process = polkit_system_bus_name_get_process_sync (POLKIT_SYSTEM_BUS_NAME (subject), + NULL, + &error); + if (process == NULL) + { + g_printerr ("Error getting process for system bus name `%s': %s\n", + polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (subject)), + error->message); + g_error_free (error); + goto out; + } + } + else + { + g_warning ("Unknown subject type passed to _polkit_subject_get_cmdline()"); + goto out; + } + + pid = polkit_unix_process_get_pid (POLKIT_UNIX_PROCESS (process)); + + filename = g_strdup_printf ("/proc/%d/cmdline", pid); + + if (!g_file_get_contents (filename, + &contents, + &contents_len, + &error)) + { + g_printerr ("Error opening `%s': %s\n", + filename, + error->message); + g_error_free (error); + goto out; + } + + if (contents == NULL || contents_len == 0) + { + goto out; + } + else + { + /* The kernel uses '\0' to separate arguments - replace those with a space. */ + for (n = 0; n < contents_len - 1; n++) + { + if (contents[n] == '\0') + contents[n] = ' '; + } + ret = g_strdup (contents); + g_strstrip (ret); + } + + out: + g_free (filename); + g_free (contents); + if (process != NULL) + g_object_unref (process); + return ret; +} + +static gint +do_list_or_revoke_temp_authz (gboolean revoke) +{ + gint ret; + PolkitAuthority *authority; + PolkitSubject *session; + GError *error; + + ret = 1; + authority = NULL; + session = NULL; + + error = NULL; + authority = polkit_authority_get_sync (NULL /* GCancellable* */, &error); + if (authority == NULL) + { + g_printerr ("Error getting authority: %s\n", error->message); + g_error_free (error); + goto out; + } + + error = NULL; + session = polkit_unix_session_new_for_process_sync (getpid (), + NULL, /* GCancellable */ + &error); + if (session == NULL) + { + g_printerr ("Error getting session: %s\n", error->message); + g_error_free (error); + goto out; + } + + if (revoke) + { + if (!polkit_authority_revoke_temporary_authorizations_sync (authority, + session, + NULL, /* GCancellable */ + &error)) + { + g_printerr ("Error revoking temporary authorizations: %s\n", error->message); + g_error_free (error); + goto out; + } + + ret = 0; + } + else + { + GList *authorizations; + GList *l; + + error = NULL; + authorizations = polkit_authority_enumerate_temporary_authorizations_sync (authority, + session, + NULL, /* GCancellable */ + &error); + if (error != NULL) + { + g_printerr ("Error getting temporary authorizations: %s\n", error->message); + g_error_free (error); + goto out; + } + + for (l = authorizations; l != NULL; l = l->next) + { + PolkitTemporaryAuthorization *a = POLKIT_TEMPORARY_AUTHORIZATION (l->data); + const gchar *id; + const gchar *action_id; + PolkitSubject *subject; + gchar *subject_cmdline; + time_t obtained; + time_t expires; + GTimeVal now; + gchar *subject_str; + gchar obtained_str[64]; + gchar expires_str[64]; + gchar *obtained_rel_str; + gchar *expires_rel_str; + struct tm *broken_down; + + id = polkit_temporary_authorization_get_id (a); + action_id = polkit_temporary_authorization_get_action_id (a); + subject = polkit_temporary_authorization_get_subject (a); + subject_str = polkit_subject_to_string (subject); + subject_cmdline = _polkit_subject_get_cmdline (subject); + obtained = polkit_temporary_authorization_get_time_obtained (a); + expires = polkit_temporary_authorization_get_time_expires (a); + + g_get_current_time (&now); + + broken_down = localtime (&obtained); + strftime (obtained_str, sizeof (obtained_str), "%c", broken_down); + broken_down = localtime (&expires); + strftime (expires_str, sizeof (expires_str), "%c", broken_down); + + obtained_rel_str = format_reltime (obtained - now.tv_sec); + expires_rel_str = format_reltime (expires - now.tv_sec); + + g_print ("authorization id: %s\n" + "action: %s\n" + "subject: %s (%s)\n" + "obtained: %s (%s)\n" + "expires: %s (%s)\n" + "\n", + id, + action_id, + subject_str, subject_cmdline != NULL ? subject_cmdline : "cannot read cmdline", + obtained_rel_str, obtained_str, + expires_rel_str, expires_str); + + g_object_unref (subject); + g_free (subject_str); + g_free (subject_cmdline); + g_free (obtained_rel_str); + g_free (expires_rel_str); + } + g_list_foreach (authorizations, (GFunc) g_object_unref, NULL); + g_list_free (authorizations); + + ret = 0; + } + + out: + if (authority != NULL) + g_object_unref (authority); + if (session != NULL) + g_object_unref (session); + + return ret; +} + +int +main (int argc, char *argv[]) +{ + guint n; + guint ret; + gchar *action_id; + gboolean opt_show_help; + gboolean opt_show_version; + gboolean allow_user_interaction; + gboolean enable_internal_agent; + gboolean list_temp; + gboolean revoke_temp; + PolkitAuthority *authority; + PolkitAuthorizationResult *result; + PolkitSubject *subject; + PolkitDetails *details; + PolkitCheckAuthorizationFlags flags; + PolkitDetails *result_details; + GError *error; + gpointer local_agent_handle; + + subject = NULL; + action_id = NULL; + details = NULL; + authority = NULL; + result = NULL; + allow_user_interaction = FALSE; + enable_internal_agent = FALSE; + list_temp = FALSE; + revoke_temp = FALSE; + local_agent_handle = NULL; + ret = 126; + + g_type_init (); + + details = polkit_details_new (); + + opt_show_help = FALSE; + opt_show_version = FALSE; + for (n = 1; n < (guint) argc; n++) + { + if (g_strcmp0 (argv[n], "--help") == 0) + { + opt_show_help = TRUE; + } + else if (g_strcmp0 (argv[n], "--version") == 0) + { + opt_show_version = TRUE; + } + else if (g_strcmp0 (argv[n], "--process") == 0 || g_strcmp0 (argv[n], "-p") == 0) + { + gint pid; + guint64 pid_start_time; + + n++; + if (n >= (guint) argc) + { + usage (argc, argv); + goto out; + } + + if (sscanf (argv[n], "%i,%" G_GUINT64_FORMAT, &pid, &pid_start_time) == 2) + { + subject = polkit_unix_process_new_full (pid, pid_start_time); + } + else if (sscanf (argv[n], "%i", &pid) == 1) + { + subject = polkit_unix_process_new (pid); + } + else + { + usage (argc, argv); + goto out; + } + } + else if (g_strcmp0 (argv[n], "--system-bus-name") == 0 || g_strcmp0 (argv[n], "-s") == 0) + { + n++; + if (n >= (guint) argc) + { + usage (argc, argv); + goto out; + } + + subject = polkit_system_bus_name_new (argv[n]); + } + else if (g_strcmp0 (argv[n], "--action-id") == 0 || g_strcmp0 (argv[n], "-a") == 0) + { + n++; + if (n >= (guint) argc) + { + usage (argc, argv); + goto out; + } + + action_id = g_strdup (argv[n]); + } + else if (g_strcmp0 (argv[n], "--detail") == 0 || g_strcmp0 (argv[n], "-d") == 0) + { + const gchar *key; + const gchar *value; + + n++; + if (n >= (guint) argc) + { + usage (argc, argv); + goto out; + } + key = argv[n]; + + n++; + if (n >= (guint) argc) + { + usage (argc, argv); + goto out; + } + value = argv[n]; + + polkit_details_insert (details, key, value); + } + else if (g_strcmp0 (argv[n], "--allow-user-interaction") == 0 || g_strcmp0 (argv[n], "-u") == 0) + { + allow_user_interaction = TRUE; + } + else if (g_strcmp0 (argv[n], "--enable-internal-agent") == 0) + { + enable_internal_agent = TRUE; + } + else if (g_strcmp0 (argv[n], "--list-temp") == 0) + { + list_temp = TRUE; + } + else if (g_strcmp0 (argv[n], "--revoke-temp") == 0) + { + revoke_temp = TRUE; + } + else + { + break; + } + } + + if (opt_show_help) + { + usage (argc, argv); + ret = 0; + goto out; + } + else if (opt_show_version) + { + g_print ("pkcheck version %s\n", PACKAGE_VERSION); + ret = 0; + goto out; + } + + if (list_temp) + { + ret = do_list_or_revoke_temp_authz (FALSE); + goto out; + } + else if (revoke_temp) + { + ret = do_list_or_revoke_temp_authz (TRUE); + goto out; + } + else if (subject == NULL) + { + usage (argc, argv); + goto out; + } + + error = NULL; + authority = polkit_authority_get_sync (NULL /* GCancellable* */, &error); + if (authority == NULL) + { + g_printerr ("Error getting authority: %s\n", error->message); + g_error_free (error); + goto out; + } + + try_again: + error = NULL; + flags = POLKIT_CHECK_AUTHORIZATION_FLAGS_NONE; + if (allow_user_interaction) + flags |= POLKIT_CHECK_AUTHORIZATION_FLAGS_ALLOW_USER_INTERACTION; + result = polkit_authority_check_authorization_sync (authority, + subject, + action_id, + details, + flags, + NULL, + &error); + if (result == NULL) + { + g_printerr ("Error checking for authorization %s: %s\n", + action_id, + error->message); + ret = 127; + goto out; + } + + result_details = polkit_authorization_result_get_details (result); + if (result_details != NULL) + { + gchar **keys; + + keys = polkit_details_get_keys (result_details); + for (n = 0; keys != NULL && keys[n] != NULL; n++) + { + const gchar *key; + const gchar *value; + gchar *s; + + key = keys[n]; + value = polkit_details_lookup (result_details, key); + + s = escape_str (key); + g_print ("%s", s); + g_free (s); + g_print ("="); + s = escape_str (value); + g_print ("%s", s); + g_free (s); + g_print ("\n"); + } + + g_strfreev (keys); + } + + if (polkit_authorization_result_get_is_authorized (result)) + { + ret = 0; + } + else if (polkit_authorization_result_get_is_challenge (result)) + { + if (allow_user_interaction) + { + if (local_agent_handle == NULL && enable_internal_agent) + { + PolkitAgentListener *listener; + error = NULL; + /* this will fail if we can't find a controlling terminal */ + listener = polkit_agent_text_listener_new (NULL, &error); + if (listener == NULL) + { + g_printerr ("Error creating textual authentication agent: %s\n", error->message); + g_error_free (error); + goto out; + } + local_agent_handle = polkit_agent_listener_register (listener, + POLKIT_AGENT_REGISTER_FLAGS_RUN_IN_THREAD, + subject, + NULL, /* object_path */ + NULL, /* GCancellable */ + &error); + g_object_unref (listener); + if (local_agent_handle == NULL) + { + g_printerr ("Error registering local authentication agent: %s\n", error->message); + g_error_free (error); + goto out; + } + g_object_unref (result); + result = NULL; + goto try_again; + } + else + { + g_printerr ("Authorization requires authentication but no agent is available.\n"); + } + } + else + { + g_printerr ("Authorization requires authentication and -u wasn't passed.\n"); + } + ret = 2; + } + else if (polkit_authorization_result_get_dismissed (result)) + { + g_printerr ("Authentication request was dismissed.\n"); + ret = 3; + } + else + { + g_printerr ("Not authorized.\n"); + ret = 1; + } + + out: + /* if applicable, nuke the local authentication agent */ + if (local_agent_handle != NULL) + polkit_agent_listener_unregister (local_agent_handle); + + if (result != NULL) + g_object_unref (result); + + g_free (action_id); + + if (details != NULL) + g_object_unref (details); + + if (subject != NULL) + g_object_unref (subject); + + if (authority != NULL) + g_object_unref (authority); + + return ret; +} diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c new file mode 100644 index 00000000..373977b8 --- /dev/null +++ b/src/programs/pkexec.c @@ -0,0 +1,941 @@ +/* + * Copyright (C) 2008 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, write to the + * Free Software Foundation, Inc., 59 Temple Place, Suite 330, + * Boston, MA 02111-1307, USA. + * + * Author: David Zeuthen + */ + +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + +#define _GNU_SOURCE + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#ifdef __linux__ +#include +#endif + +#include + +#ifdef POLKIT_AUTHFW_PAM +#include +#endif /* POLKIT_AUTHFW_PAM */ + +#include +#include + +#include +#define POLKIT_AGENT_I_KNOW_API_IS_SUBJECT_TO_CHANGE +#include + +static gchar *original_user_name = NULL; +static gchar original_cwd[PATH_MAX]; +static gchar *command_line = NULL; +static struct passwd *pw; + +#ifndef HAVE_CLEARENV +extern char **environ; + +static int +clearenv (void) +{ + if (environ != NULL) + environ[0] = NULL; + return 0; +} +#endif + +static void +usage (int argc, char *argv[]) +{ + g_printerr ("pkexec --version |\n" + " --help |\n" + " --disable-internal-agent |\n" + " [--user username] PROGRAM [ARGUMENTS...]\n" + "\n" + "See the pkexec manual page for more details.\n"); +} + +/* ---------------------------------------------------------------------------------------------------- */ + +static void +log_message (gint level, + gboolean print_to_stderr, + const gchar *format, + ...) +{ + static gboolean is_log_open = FALSE; + va_list var_args; + gchar *s; + const gchar *tty; + + if (!is_log_open) + { + openlog ("pkexec", + LOG_PID, + LOG_AUTHPRIV); /* security/authorization messages (private) */ + is_log_open = TRUE; + } + + va_start (var_args, format); + s = g_strdup_vprintf (format, var_args); + va_end (var_args); + + tty = ttyname (0); + if (tty == NULL) + tty = "unknown"; + + /* first complain to syslog */ + syslog (level, + "%s: %s [USER=%s] [TTY=%s] [CWD=%s] [COMMAND=%s]", + original_user_name, + s, + pw->pw_name, + tty, + original_cwd, + command_line); + + /* and then on stderr */ + if (print_to_stderr) + g_printerr ("%s\n", s); + + g_free (s); +} + +/* ---------------------------------------------------------------------------------------------------- */ + +#ifdef POLKIT_AUTHFW_PAM +static int +pam_conversation_function (int n, + const struct pam_message **msg, + struct pam_response **resp, + void *data) +{ + g_assert_not_reached (); + return PAM_CONV_ERR; +} + +static gboolean +open_session (const gchar *user_to_auth) +{ + gboolean ret; + gint rc; + pam_handle_t *pam_h; + struct pam_conv conversation; + + ret = FALSE; + + pam_h = NULL; + + conversation.conv = pam_conversation_function; + conversation.appdata_ptr = NULL; + + /* start the pam stack */ + rc = pam_start ("polkit-1", + user_to_auth, + &conversation, + &pam_h); + if (rc != PAM_SUCCESS) + { + g_printerr ("pam_start() failed: %s\n", pam_strerror (pam_h, rc)); + goto out; + } + + /* open a session */ + rc = pam_open_session (pam_h, + 0); /* flags */ + if (rc != PAM_SUCCESS) + { + g_printerr ("pam_open_session() failed: %s\n", pam_strerror (pam_h, rc)); + goto out; + } + + ret = TRUE; + +out: + if (pam_h != NULL) + pam_end (pam_h, rc); + return ret; +} +#endif /* POLKIT_AUTHFW_PAM */ + +/* ---------------------------------------------------------------------------------------------------- */ + +typedef gboolean (*FdCallback) (gint fd, gpointer user_data); + +static gboolean +set_close_on_exec (gint fd, + gpointer user_data) +{ + gint fd_bottom; + + fd_bottom = GPOINTER_TO_INT (user_data); + + if (fd >= fd_bottom) + { + if (fcntl (fd, F_SETFD, FD_CLOEXEC) != 0 && errno != EBADF) + { + return FALSE; + } + } + + return TRUE; +} + +static gboolean +fdwalk (FdCallback callback, + gpointer user_data) +{ + gint fd; + gint max_fd; + + g_return_val_if_fail (callback != NULL, FALSE); + + max_fd = sysconf (_SC_OPEN_MAX); + for (fd = 0; fd < max_fd; fd++) + { + if (!callback (fd, user_data)) + return FALSE; + } + + return TRUE; +} + +/* ---------------------------------------------------------------------------------------------------- */ + +static gchar * +find_action_for_path (PolkitAuthority *authority, + const gchar *path, + gboolean *allow_gui) +{ + GList *l; + GList *actions; + gchar *action_id; + GError *error; + + actions = NULL; + action_id = NULL; + error = NULL; + *allow_gui = FALSE; + + actions = polkit_authority_enumerate_actions_sync (authority, + NULL, + &error); + if (actions == NULL) + { + g_warning ("Error enumerating actions: %s", error->message); + g_error_free (error); + goto out; + } + + for (l = actions; l != NULL; l = l->next) + { + PolkitActionDescription *action_desc = POLKIT_ACTION_DESCRIPTION (l->data); + const gchar *path_for_action; + const gchar *allow_gui_annotation; + + path_for_action = polkit_action_description_get_annotation (action_desc, "org.freedesktop.policykit.exec.path"); + if (path_for_action == NULL) + continue; + + if (g_strcmp0 (path_for_action, path) == 0) + { + action_id = g_strdup (polkit_action_description_get_action_id (action_desc)); + + allow_gui_annotation = polkit_action_description_get_annotation (action_desc, "org.freedesktop.policykit.exec.allow_gui"); + + if (allow_gui_annotation != NULL && strlen (allow_gui_annotation) > 0) + *allow_gui = TRUE; + + goto out; + } + } + + out: + g_list_foreach (actions, (GFunc) g_object_unref, NULL); + g_list_free (actions); + + /* Fall back to org.freedesktop.policykit.exec */ + + if (action_id == NULL) + action_id = g_strdup ("org.freedesktop.policykit.exec"); + + return action_id; +} + +/* ---------------------------------------------------------------------------------------------------- */ + +static gboolean +is_valid_shell (const gchar *shell) +{ + gboolean ret; + gchar *contents; + gchar **shells; + GError *error; + guint n; + + ret = FALSE; + + contents = NULL; + shells = NULL; + + error = NULL; + if (!g_file_get_contents ("/etc/shells", + &contents, + NULL, /* gsize *length */ + &error)) + { + g_printerr ("Error getting contents of /etc/shells: %s\n", error->message); + g_error_free (error); + goto out; + } + + shells = g_strsplit (contents, "\n", 0); + for (n = 0; shells != NULL && shells[n] != NULL; n++) + { + if (g_strcmp0 (shell, shells[n]) == 0) + { + ret = TRUE; + goto out; + } + } + + out: + g_free (contents); + g_strfreev (shells); + return ret; +} + +static gboolean +validate_environment_variable (const gchar *key, + const gchar *value) +{ + gboolean ret; + + /* Generally we bail if any environment variable value contains + * + * - '/' characters + * - '%' characters + * - '..' substrings + */ + + g_return_val_if_fail (key != NULL, FALSE); + g_return_val_if_fail (value != NULL, FALSE); + + ret = FALSE; + + /* special case $SHELL */ + if (g_strcmp0 (key, "SHELL") == 0) + { + /* check if it's in /etc/shells */ + if (!is_valid_shell (value)) + { + log_message (LOG_CRIT, TRUE, + "The value for the SHELL variable was not found the /etc/shells file"); + g_printerr ("\n" + "This incident has been reported.\n"); + goto out; + } + } + else if ((g_strcmp0 (key, "XAUTHORITY") != 0 && strstr (value, "/") != NULL) || + strstr (value, "%") != NULL || + strstr (value, "..") != NULL) + { + log_message (LOG_CRIT, TRUE, + "The value for environment variable %s contains suscipious content", + key); + g_printerr ("\n" + "This incident has been reported.\n"); + goto out; + } + + ret = TRUE; + + out: + return ret; +} + + +/* ---------------------------------------------------------------------------------------------------- */ + +int +main (int argc, char *argv[]) +{ + guint n; + guint ret; + gint rc; + gboolean opt_show_help; + gboolean opt_show_version; + gboolean opt_disable_internal_agent; + PolkitAuthority *authority; + PolkitAuthorizationResult *result; + PolkitSubject *subject; + PolkitDetails *details; + GError *error; + gchar *action_id; + gboolean allow_gui; + gchar **exec_argv; + gchar *path; + struct passwd pwstruct; + gchar pwbuf[8192]; + gchar *s; + const gchar *environment_variables_to_save[] = { + "SHELL", + "LANG", + "LINGUAS", + "LANGUAGE", + "LC_COLLATE", + "LC_CTYPE", + "LC_MESSAGES", + "LC_MONETARY", + "LC_NUMERIC", + "LC_TIME", + "LC_ALL", + "TERM", + "COLORTERM", + + /* By default we don't allow running X11 apps, as it does not work in the + * general case. See + * + * https://bugs.freedesktop.org/show_bug.cgi?id=17970#c26 + * + * and surrounding comments for a lot of discussion about this. + * + * However, it can be enabled for some selected and tested legacy programs + * which previously used e. g. gksu, by setting the + * org.freedesktop.policykit.exec.allow_gui annotation to a nonempty value. + * See https://bugs.freedesktop.org/show_bug.cgi?id=38769 for details. + */ + "DISPLAY", + "XAUTHORITY", + NULL + }; + GPtrArray *saved_env; + gchar *opt_user; + pid_t pid_of_caller; + gpointer local_agent_handle; + + ret = 127; + authority = NULL; + subject = NULL; + details = NULL; + result = NULL; + action_id = NULL; + saved_env = NULL; + path = NULL; + command_line = NULL; + opt_user = NULL; + local_agent_handle = NULL; + + /* check for correct invocation */ + if (geteuid () != 0) + { + g_printerr ("pkexec must be setuid root\n"); + goto out; + } + + original_user_name = g_strdup (g_get_user_name ()); + if (original_user_name == NULL) + { + g_printerr ("Error getting user name.\n"); + goto out; + } + + if (getcwd (original_cwd, sizeof (original_cwd)) == NULL) + { + g_printerr ("Error getting cwd: %s\n", + g_strerror (errno)); + goto out; + } + + /* First process options and find the command-line to invoke. Avoid using fancy library routines + * that depend on environtment variables since we haven't cleared the environment just yet. + */ + opt_show_help = FALSE; + opt_show_version = FALSE; + opt_disable_internal_agent = FALSE; + for (n = 1; n < (guint) argc; n++) + { + if (strcmp (argv[n], "--help") == 0) + { + opt_show_help = TRUE; + } + else if (strcmp (argv[n], "--version") == 0) + { + opt_show_version = TRUE; + } + else if (strcmp (argv[n], "--user") == 0 || strcmp (argv[n], "-u") == 0) + { + n++; + if (n >= (guint) argc) + { + usage (argc, argv); + goto out; + } + + opt_user = g_strdup (argv[n]); + } + else if (strcmp (argv[n], "--disable-internal-agent") == 0) + { + opt_disable_internal_agent = TRUE; + } + else + { + break; + } + } + + if (opt_show_help) + { + usage (argc, argv); + ret = 0; + goto out; + } + else if (opt_show_version) + { + g_print ("pkexec version %s\n", PACKAGE_VERSION); + ret = 0; + goto out; + } + + if (opt_user == NULL) + opt_user = g_strdup ("root"); + + /* Now figure out the command-line to run - argv is guaranteed to be NULL-terminated, see + * + * http://lkml.indiana.edu/hypermail/linux/kernel/0409.2/0287.html + * + * but do check this is the case. + * + * We also try to locate the program in the path if a non-absolute path is given. + */ + g_assert (argv[argc] == NULL); + path = g_strdup (argv[n]); + if (path == NULL) + { + usage (argc, argv); + goto out; + } + if (path[0] != '/') + { + /* g_find_program_in_path() is not suspectible to attacks via the environment */ + s = g_find_program_in_path (path); + if (s == NULL) + { + g_printerr ("Cannot run program %s: %s\n", path, strerror (ENOENT)); + goto out; + } + g_free (path); + argv[n] = path = s; + } + if (access (path, F_OK) != 0) + { + g_printerr ("Error accessing %s: %s\n", path, g_strerror (errno)); + goto out; + } + command_line = g_strjoinv (" ", argv + n); + exec_argv = argv + n; + + /* Look up information about the user we care about - yes, the return + * value of this function is a bit funky + */ + rc = getpwnam_r (opt_user, &pwstruct, pwbuf, sizeof pwbuf, &pw); + if (rc == 0 && pw == NULL) + { + g_printerr ("User `%s' does not exist.\n", opt_user); + goto out; + } + else if (pw == NULL) + { + g_printerr ("Error getting information for user `%s': %s\n", opt_user, g_strerror (rc)); + goto out; + } + + /* now save the environment variables we care about */ + saved_env = g_ptr_array_new (); + for (n = 0; environment_variables_to_save[n] != NULL; n++) + { + const gchar *key = environment_variables_to_save[n]; + const gchar *value; + + value = g_getenv (key); + if (value == NULL) + continue; + + /* To qualify for the paranoia goldstar - we validate the value of each + * environment variable passed through - this is to attempt to avoid + * exploits in (potentially broken) programs launched via pkexec(1). + */ + if (!validate_environment_variable (key, value)) + goto out; + + g_ptr_array_add (saved_env, g_strdup (key)); + g_ptr_array_add (saved_env, g_strdup (value)); + } + + /* Nuke the environment to get a well-known and sanitized environment to avoid attacks + * via e.g. the DBUS_SYSTEM_BUS_ADDRESS environment variable and similar. + */ + if (clearenv () != 0) + { + g_printerr ("Error clearing environment: %s\n", g_strerror (errno)); + goto out; + } + + /* Initialize the GLib type system - this is needed to interact with the + * PolicyKit daemon + */ + g_type_init (); + + /* make sure we are nuked if the parent process dies */ +#ifdef __linux__ + if (prctl (PR_SET_PDEATHSIG, SIGTERM) != 0) + { + g_printerr ("prctl(PR_SET_PDEATHSIG, SIGTERM) failed: %s\n", g_strerror (errno)); + goto out; + } +#else +#warning "Please add OS specific code to catch when the parent dies" +#endif + + /* Figure out the parent process */ + pid_of_caller = getppid (); + if (pid_of_caller == 1) + { + /* getppid() can return 1 if the parent died (meaning that we are reaped + * by /sbin/init); In that case we simpy bail. + */ + g_printerr ("Refusing to render service to dead parents.\n"); + goto out; + } + + /* This process we want to check an authorization for is the process + * that launched us - our parent process. + * + * At the time the parent process fork()'ed and exec()'ed us, the + * process had the same real-uid that we have now. So we use this + * real-uid instead of of looking it up to avoid TOCTTOU issues + * (consider the parent process exec()'ing a setuid helper). + * + * On the other hand, the monotonic process start-time is guaranteed + * to never change so it's safe to look that up given only the PID + * since we are guaranteed to be nuked if the parent goes away + * (cf. the prctl(2) call above). + */ + subject = polkit_unix_process_new_for_owner (pid_of_caller, + 0, /* 0 means "look up start-time in /proc" */ + getuid ()); + /* really double-check the invariants guaranteed by the PolkitUnixProcess class */ + g_assert (subject != NULL); + g_assert (polkit_unix_process_get_pid (POLKIT_UNIX_PROCESS (subject)) == pid_of_caller); + g_assert (polkit_unix_process_get_uid (POLKIT_UNIX_PROCESS (subject)) >= 0); + g_assert (polkit_unix_process_get_start_time (POLKIT_UNIX_PROCESS (subject)) > 0); + + error = NULL; + authority = polkit_authority_get_sync (NULL /* GCancellable* */, &error); + if (authority == NULL) + { + g_printerr ("Error getting authority: %s\n", error->message); + g_error_free (error); + goto out; + } + + action_id = find_action_for_path (authority, path, &allow_gui); + g_assert (action_id != NULL); + + details = polkit_details_new (); + if (pw->pw_gecos != NULL && strlen (pw->pw_gecos) > 0) + s = g_strdup_printf ("%s (%s)", pw->pw_gecos, pw->pw_name); + else + s = g_strdup_printf ("%s", pw->pw_name); + polkit_details_insert (details, "user", s); + g_free (s); + polkit_details_insert (details, "program", path); + polkit_details_insert (details, "command_line", command_line); + if (g_strcmp0 (action_id, "org.freedesktop.policykit.exec") == 0) + { + if (pw->pw_uid == 0) + { + polkit_details_insert (details, "polkit.message", + /* Translators: message shown when trying to run a program as root. Do not + * translate the $(program) fragment - it will be expanded to the path + * of the program e.g. /bin/bash. + */ + N_("Authentication is needed to run `$(program)' as the super user")); + } + else + { + polkit_details_insert (details, "polkit.message", + /* Translators: message shown when trying to run a program as another user. + * Do not translate the $(program) or $(user) fragments - the former will + * be expanded to the path of the program e.g. "/bin/bash" and the latter + * to the user e.g. "John Doe (johndoe)" or "johndoe". + */ + N_("Authentication is needed to run `$(program)' as user $(user)")); + } + } + polkit_details_insert (details, "polkit.gettext_domain", GETTEXT_PACKAGE); + + try_again: + error = NULL; + result = polkit_authority_check_authorization_sync (authority, + subject, + action_id, + details, + POLKIT_CHECK_AUTHORIZATION_FLAGS_ALLOW_USER_INTERACTION, + NULL, + &error); + if (result == NULL) + { + g_printerr ("Error checking for authorization %s: %s\n", + action_id, + error->message); + goto out; + } + + if (polkit_authorization_result_get_is_authorized (result)) + { + /* do nothing */ + } + else if (polkit_authorization_result_get_is_challenge (result)) + { + if (local_agent_handle == NULL && !opt_disable_internal_agent) + { + PolkitAgentListener *listener; + error = NULL; + /* this will fail if we can't find a controlling terminal */ + listener = polkit_agent_text_listener_new (NULL, &error); + if (listener == NULL) + { + g_printerr ("Error creating textual authentication agent: %s\n", error->message); + g_error_free (error); + goto out; + } + local_agent_handle = polkit_agent_listener_register (listener, + POLKIT_AGENT_REGISTER_FLAGS_RUN_IN_THREAD, + subject, + NULL, /* object_path */ + NULL, /* GCancellable */ + &error); + g_object_unref (listener); + if (local_agent_handle == NULL) + { + g_printerr ("Error registering local authentication agent: %s\n", error->message); + g_error_free (error); + goto out; + } + g_object_unref (result); + result = NULL; + goto try_again; + } + else + { + g_printerr ("Error executing command as another user: No authentication agent found.\n"); + goto out; + } + } + else + { + if (polkit_authorization_result_get_dismissed (result)) + { + log_message (LOG_WARNING, TRUE, + "Error executing command as another user: Request dismissed"); + ret = 126; + } + else + { + log_message (LOG_WARNING, TRUE, + "Error executing command as another user: Not authorized"); + g_printerr ("\n" + "This incident has been reported.\n"); + } + goto out; + } + + /* Set PATH to a safe list */ + g_ptr_array_add (saved_env, g_strdup ("PATH")); + if (pw->pw_uid != 0) + s = g_strdup_printf ("/usr/bin:/bin:/usr/sbin:/sbin:%s/bin", pw->pw_dir); + else + s = g_strdup_printf ("/usr/sbin:/usr/bin:/sbin:/bin:%s/bin", pw->pw_dir); + g_ptr_array_add (saved_env, s); + g_ptr_array_add (saved_env, g_strdup ("LOGNAME")); + g_ptr_array_add (saved_env, g_strdup (pw->pw_name)); + g_ptr_array_add (saved_env, g_strdup ("USER")); + g_ptr_array_add (saved_env, g_strdup (pw->pw_name)); + g_ptr_array_add (saved_env, g_strdup ("HOME")); + g_ptr_array_add (saved_env, g_strdup (pw->pw_dir)); + + s = g_strdup_printf ("%d", getuid ()); + g_ptr_array_add (saved_env, g_strdup ("PKEXEC_UID")); + g_ptr_array_add (saved_env, s); + + /* set the environment */ + for (n = 0; n < saved_env->len - 1; n += 2) + { + const gchar *key = saved_env->pdata[n]; + const gchar *value = saved_env->pdata[n + 1]; + + /* Only set $DISPLAY and $XAUTHORITY when explicitly allowed in the .policy */ + if (!allow_gui && + (strcmp (key, "DISPLAY") == 0 || strcmp (key, "XAUTHORITY") == 0)) + continue; + + if (!g_setenv (key, value, TRUE)) + { + g_printerr ("Error setting environment variable %s to '%s': %s\n", + key, + value, + g_strerror (errno)); + goto out; + } + } + + /* set close_on_exec on all file descriptors except stdin, stdout, stderr */ + if (!fdwalk (set_close_on_exec, GINT_TO_POINTER (3))) + { + g_printerr ("Error setting close-on-exec for file desriptors\n"); + goto out; + } + + /* if not changing to uid 0, become uid 0 before changing to the user */ + if (pw->pw_uid != 0) + { + setreuid (0, 0); + if ((geteuid () != 0) || (getuid () != 0)) + { + g_printerr ("Error becoming uid 0: %s\n", g_strerror (errno)); + goto out; + } + } + + /* open session - with PAM enabled, this runs the open_session() part of the PAM + * stack - this includes applying limits via pam_limits.so but also other things + * requested via the current PAM configuration. + * + * NOTE NOTE NOTE: pam_limits.so doesn't seem to clear existing limits - e.g. + * + * $ ulimit -t + * unlimited + * + * $ su - + * Password: + * # ulimit -t + * unlimited + * # logout + * + * $ ulimit -t 1000 + * $ ulimit -t + * 1000 + * $ su - + * Password: + * # ulimit -t + * 1000 + * + * TODO: The question here is whether we should clear the limits before applying them? + * As evident above, neither su(1) (and, for that matter, nor sudo(8)) does this. + */ +#ifdef POLKIT_AUTHFW_PAM + if (!open_session (pw->pw_name)) + { + goto out; + } +#endif /* POLKIT_AUTHFW_PAM */ + + /* become the user */ + if (setgroups (0, NULL) != 0) + { + g_printerr ("Error setting groups: %s\n", g_strerror (errno)); + goto out; + } + if (initgroups (pw->pw_name, pw->pw_gid) != 0) + { + g_printerr ("Error initializing groups for %s: %s\n", pw->pw_name, g_strerror (errno)); + goto out; + } + setregid (pw->pw_gid, pw->pw_gid); + setreuid (pw->pw_uid, pw->pw_uid); + if ((geteuid () != pw->pw_uid) || (getuid () != pw->pw_uid) || + (getegid () != pw->pw_gid) || (getgid () != pw->pw_gid)) + { + g_printerr ("Error becoming real+effective uid %d and gid %d: %s\n", pw->pw_uid, pw->pw_gid, g_strerror (errno)); + goto out; + } + + /* change to home directory */ + if (chdir (pw->pw_dir) != 0) + { + g_printerr ("Error changing to home directory %s: %s\n", pw->pw_dir, g_strerror (errno)); + goto out; + } + + /* Log the fact that we're executing a command */ + log_message (LOG_NOTICE, FALSE, "Executing command"); + + /* exec the program */ + if (execv (path, exec_argv) != 0) + { + g_printerr ("Error executing %s: %s\n", path, g_strerror (errno)); + goto out; + } + + /* if exec doesn't fail, it never returns... */ + g_assert_not_reached (); + + out: + /* if applicable, nuke the local authentication agent */ + if (local_agent_handle != NULL) + polkit_agent_listener_unregister (local_agent_handle); + + if (result != NULL) + g_object_unref (result); + + g_free (action_id); + + if (details != NULL) + g_object_unref (details); + + if (subject != NULL) + g_object_unref (subject); + + if (authority != NULL) + g_object_unref (authority); + + if (saved_env != NULL) + { + g_ptr_array_foreach (saved_env, (GFunc) g_free, NULL); + g_ptr_array_free (saved_env, TRUE); + } + + g_free (path); + g_free (command_line); + g_free (opt_user); + g_free (original_user_name); + + return ret; +} + diff --git a/src/programs/pkttyagent.c b/src/programs/pkttyagent.c new file mode 100644 index 00000000..488ca8b2 --- /dev/null +++ b/src/programs/pkttyagent.c @@ -0,0 +1,254 @@ +/* + * Copyright (C) 2009-2012 Red Hat, Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, write to the + * Free Software Foundation, Inc., 59 Temple Place, Suite 330, + * Boston, MA 02111-1307, USA. + * + * Author: David Zeuthen + */ + +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + +#include +#include +#define POLKIT_AGENT_I_KNOW_API_IS_SUBJECT_TO_CHANGE +#include + +static void +usage (int argc, char *argv[]) +{ + GError *error; + + error = NULL; + if (!g_spawn_command_line_sync ("man pkttyagent", + NULL, + NULL, + NULL, + &error)) + { + g_printerr ("Cannot show manual page: %s (%s, %d)\n", + error->message, g_quark_to_string (error->domain), error->code); + g_error_free (error); + } +} + + +int +main (int argc, char *argv[]) +{ + gboolean opt_show_help = FALSE; + gboolean opt_show_version = FALSE; + gboolean opt_fallback = FALSE; + PolkitAuthority *authority = NULL; + PolkitSubject *subject = NULL; + gpointer local_agent_handle = NULL; + PolkitAgentListener *listener = NULL; + GVariant *options = NULL; + GError *error; + GMainLoop *loop = NULL; + guint n; + guint ret = 126; + gint notify_fd = -1; + GVariantBuilder builder; + + g_type_init (); + + for (n = 1; n < (guint) argc; n++) + { + if (g_strcmp0 (argv[n], "--help") == 0) + { + opt_show_help = TRUE; + } + else if (g_strcmp0 (argv[n], "--version") == 0) + { + opt_show_version = TRUE; + } + else if (g_strcmp0 (argv[n], "--fallback") == 0) + { + opt_fallback = TRUE; + } + else if (g_strcmp0 (argv[n], "--notify-fd") == 0) + { + n++; + if (n >= (guint) argc) + { + usage (argc, argv); + goto out; + } + + if (sscanf (argv[n], "%i", ¬ify_fd) != 1) + { + usage (argc, argv); + goto out; + } + } + else if (g_strcmp0 (argv[n], "--process") == 0 || g_strcmp0 (argv[n], "-p") == 0) + { + gint pid; + guint64 pid_start_time; + + n++; + if (n >= (guint) argc) + { + usage (argc, argv); + goto out; + } + + if (sscanf (argv[n], "%i,%" G_GUINT64_FORMAT, &pid, &pid_start_time) == 2) + { + subject = polkit_unix_process_new_full (pid, pid_start_time); + } + else if (sscanf (argv[n], "%i", &pid) == 1) + { + subject = polkit_unix_process_new (pid); + } + else + { + usage (argc, argv); + goto out; + } + } + else if (g_strcmp0 (argv[n], "--system-bus-name") == 0 || g_strcmp0 (argv[n], "-s") == 0) + { + n++; + if (n >= (guint) argc) + { + usage (argc, argv); + goto out; + } + + subject = polkit_system_bus_name_new (argv[n]); + } + else + { + break; + } + } + + if (opt_show_help) + { + usage (argc, argv); + ret = 0; + goto out; + } + else if (opt_show_version) + { + g_print ("pkttyagent version %s\n", PACKAGE_VERSION); + ret = 0; + goto out; + } + + /* Use parent process, if no subject has been specified */ + if (subject == NULL) + { + pid_t pid_of_caller; + pid_of_caller = getppid (); + if (pid_of_caller == 1) + { + /* getppid() can return 1 if the parent died (meaning that we are reaped + * by /sbin/init); In that case we simpy bail. + */ + g_printerr ("Refusing to render service to dead parents.\n"); + goto out; + } + + subject = polkit_unix_process_new_for_owner (pid_of_caller, + 0, /* 0 means "look up start-time in /proc" */ + getuid ()); + /* really double-check the invariants guaranteed by the PolkitUnixProcess class */ + g_assert (subject != NULL); + g_assert (polkit_unix_process_get_pid (POLKIT_UNIX_PROCESS (subject)) == pid_of_caller); + g_assert (polkit_unix_process_get_uid (POLKIT_UNIX_PROCESS (subject)) >= 0); + g_assert (polkit_unix_process_get_start_time (POLKIT_UNIX_PROCESS (subject)) > 0); + } + + error = NULL; + authority = polkit_authority_get_sync (NULL /* GCancellable* */, &error); + if (authority == NULL) + { + g_printerr ("Error getting authority: %s (%s, %d)\n", + error->message, g_quark_to_string (error->domain), error->code); + g_error_free (error); + ret = 127; + goto out; + } + + if (opt_fallback) + { + g_variant_builder_init (&builder, G_VARIANT_TYPE_VARDICT); + g_variant_builder_add (&builder, "{sv}", "fallback", g_variant_new_boolean (TRUE)); + options = g_variant_builder_end (&builder); + } + + error = NULL; + /* this will fail if we can't find a controlling terminal */ + listener = polkit_agent_text_listener_new (NULL, &error); + if (listener == NULL) + { + g_printerr ("Error creating textual authentication agent: %s (%s, %d)\n", + error->message, g_quark_to_string (error->domain), error->code); + g_error_free (error); + ret = 127; + goto out; + } + local_agent_handle = polkit_agent_listener_register_with_options (listener, + POLKIT_AGENT_REGISTER_FLAGS_RUN_IN_THREAD, + subject, + NULL, /* object_path */ + options, + NULL, /* GCancellable */ + &error); + options = NULL; /* consumed */ + g_object_unref (listener); + if (local_agent_handle == NULL) + { + g_printerr ("Error registering authentication agent: %s (%s, %d)\n", + error->message, g_quark_to_string (error->domain), error->code); + g_error_free (error); + goto out; + } + + if (notify_fd != -1) + { + if (close (notify_fd) != 0) + { + g_printerr ("Error closing notify-fd %d: %m\n", notify_fd); + goto out; + } + } + + loop = g_main_loop_new (NULL, FALSE); + g_main_loop_run (loop); + + out: + if (loop != NULL) + g_main_loop_unref (loop); + + if (local_agent_handle != NULL) + polkit_agent_listener_unregister (local_agent_handle); + + if (options != NULL) + g_variant_unref (options); + + if (subject != NULL) + g_object_unref (subject); + + if (authority != NULL) + g_object_unref (authority); + + return ret; +} diff --git a/test/Makefile.am b/test/Makefile.am new file mode 100644 index 00000000..84269778 --- /dev/null +++ b/test/Makefile.am @@ -0,0 +1,30 @@ + +SUBDIRS = mocklibc . polkit polkitbackend +AM_CFLAGS = $(GLIB_CFLAGS) + +check_LTLIBRARIES = libpolkit-test-helper.la +libpolkit_test_helper_la_SOURCES = polkittesthelper.c polkittesthelper.h +libpolkit_test_helper_la_LIBADD = $(GLIB_LIBS) + +EXTRA_DIST = data + +# Use mocklibc to override NSS services for tests +export MOCK_PASSWD := $(abs_top_srcdir)/test/data/etc/passwd +export MOCK_GROUP := $(abs_top_srcdir)/test/data/etc/group +export MOCK_NETGROUP := $(abs_top_srcdir)/test/data/etc/netgroup +export TESTS_ENVIRONMENT := $(abs_top_builddir)/test/mocklibc/bin/mocklibc + +# Include path to mock config files +export POLKIT_TEST_DATA := $(abs_top_srcdir)/test/data + + +clean-local : + rm -f *~ + + +# Never install anything in this dir (specifically MockLibc) +install:; @: +install-exec:; @: +install-data:; @: +uninstall:; @: + diff --git a/test/Makefile.in b/test/Makefile.in new file mode 100644 index 00000000..5b561dec --- /dev/null +++ b/test/Makefile.in @@ -0,0 +1,725 @@ +# Makefile.in generated by automake 1.11.3 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software +# Foundation, Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ +VPATH = @srcdir@ +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +subdir = test +DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/config.h +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +am__DEPENDENCIES_1 = +libpolkit_test_helper_la_DEPENDENCIES = $(am__DEPENDENCIES_1) +am_libpolkit_test_helper_la_OBJECTS = polkittesthelper.lo +libpolkit_test_helper_la_OBJECTS = \ + $(am_libpolkit_test_helper_la_OBJECTS) +AM_V_lt = $(am__v_lt_@AM_V@) +am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) +am__v_lt_0 = --silent +DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ + $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ + $(AM_CFLAGS) $(CFLAGS) +AM_V_CC = $(am__v_CC_@AM_V@) +am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) +am__v_CC_0 = @echo " CC " $@; +AM_V_at = $(am__v_at_@AM_V@) +am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) +am__v_at_0 = @ +CCLD = $(CC) +LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(AM_LDFLAGS) $(LDFLAGS) -o $@ +AM_V_CCLD = $(am__v_CCLD_@AM_V@) +am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) +am__v_CCLD_0 = @echo " CCLD " $@; +AM_V_GEN = $(am__v_GEN_@AM_V@) +am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) +am__v_GEN_0 = @echo " GEN " $@; +SOURCES = $(libpolkit_test_helper_la_SOURCES) +DIST_SOURCES = $(libpolkit_test_helper_la_SOURCES) +RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \ + html-recursive info-recursive install-data-recursive \ + install-dvi-recursive install-exec-recursive \ + install-html-recursive install-info-recursive \ + install-pdf-recursive install-ps-recursive install-recursive \ + installcheck-recursive installdirs-recursive pdf-recursive \ + ps-recursive uninstall-recursive +RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \ + distclean-recursive maintainer-clean-recursive +AM_RECURSIVE_TARGETS = $(RECURSIVE_TARGETS:-recursive=) \ + $(RECURSIVE_CLEAN_TARGETS:-recursive=) tags TAGS ctags CTAGS \ + distdir +ETAGS = etags +CTAGS = ctags +DIST_SUBDIRS = $(SUBDIRS) +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +am__relativize = \ + dir0=`pwd`; \ + sed_first='s,^\([^/]*\)/.*$$,\1,'; \ + sed_rest='s,^[^/]*/*,,'; \ + sed_last='s,^.*/\([^/]*\)$$,\1,'; \ + sed_butlast='s,/*[^/]*$$,,'; \ + while test -n "$$dir1"; do \ + first=`echo "$$dir1" | sed -e "$$sed_first"`; \ + if test "$$first" != "."; then \ + if test "$$first" = ".."; then \ + dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \ + dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \ + else \ + first2=`echo "$$dir2" | sed -e "$$sed_first"`; \ + if test "$$first2" = "$$first"; then \ + dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \ + else \ + dir2="../$$dir2"; \ + fi; \ + dir0="$$dir0"/"$$first"; \ + fi; \ + fi; \ + dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \ + done; \ + reldir="$$dir2" +ACLOCAL = @ACLOCAL@ +ALL_LINGUAS = @ALL_LINGUAS@ +AMTAR = @AMTAR@ +AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ +AR = @AR@ +AUTH_LIBS = @AUTH_LIBS@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +CATALOGS = @CATALOGS@ +CATOBJEXT = @CATOBJEXT@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DATADIRNAME = @DATADIRNAME@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +EXPAT_LIBS = @EXPAT_LIBS@ +FGREP = @FGREP@ +GETTEXT_PACKAGE = @GETTEXT_PACKAGE@ +GLIB_CFLAGS = @GLIB_CFLAGS@ +GLIB_LIBS = @GLIB_LIBS@ +GMOFILES = @GMOFILES@ +GMSGFMT = @GMSGFMT@ +GREP = @GREP@ +GTKDOC_CHECK = @GTKDOC_CHECK@ +GTKDOC_DEPS_CFLAGS = @GTKDOC_DEPS_CFLAGS@ +GTKDOC_DEPS_LIBS = @GTKDOC_DEPS_LIBS@ +GTKDOC_MKPDF = @GTKDOC_MKPDF@ +GTKDOC_REBASE = @GTKDOC_REBASE@ +HAVE_PAM = @HAVE_PAM@ +HTML_DIR = @HTML_DIR@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +INSTOBJEXT = @INSTOBJEXT@ +INTLLIBS = @INTLLIBS@ +INTLTOOL_EXTRACT = @INTLTOOL_EXTRACT@ +INTLTOOL_MERGE = @INTLTOOL_MERGE@ +INTLTOOL_PERL = @INTLTOOL_PERL@ +INTLTOOL_UPDATE = @INTLTOOL_UPDATE@ +INTLTOOL_V_MERGE = @INTLTOOL_V_MERGE@ +INTLTOOL_V_MERGE_OPTIONS = @INTLTOOL_V_MERGE_OPTIONS@ +INTLTOOL__v_MERGE_ = @INTLTOOL__v_MERGE_@ +INTLTOOL__v_MERGE_0 = @INTLTOOL__v_MERGE_0@ +INTROSPECTION_CFLAGS = @INTROSPECTION_CFLAGS@ +INTROSPECTION_COMPILER = @INTROSPECTION_COMPILER@ +INTROSPECTION_GENERATE = @INTROSPECTION_GENERATE@ +INTROSPECTION_GIRDIR = @INTROSPECTION_GIRDIR@ +INTROSPECTION_LIBS = @INTROSPECTION_LIBS@ +INTROSPECTION_MAKEFILE = @INTROSPECTION_MAKEFILE@ +INTROSPECTION_SCANNER = @INTROSPECTION_SCANNER@ +INTROSPECTION_TYPELIBDIR = @INTROSPECTION_TYPELIBDIR@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +LT_AGE = @LT_AGE@ +LT_CURRENT = @LT_CURRENT@ +LT_REVISION = @LT_REVISION@ +MAINT = @MAINT@ +MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ +MKDIR_P = @MKDIR_P@ +MKINSTALLDIRS = @MKINSTALLDIRS@ +MSGFMT = @MSGFMT@ +MSGFMT_OPTS = @MSGFMT_OPTS@ +MSGMERGE = @MSGMERGE@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PAM_FILE_INCLUDE_ACCOUNT = @PAM_FILE_INCLUDE_ACCOUNT@ +PAM_FILE_INCLUDE_AUTH = @PAM_FILE_INCLUDE_AUTH@ +PAM_FILE_INCLUDE_PASSWORD = @PAM_FILE_INCLUDE_PASSWORD@ +PAM_FILE_INCLUDE_SESSION = @PAM_FILE_INCLUDE_SESSION@ +PAM_MODULE_DIR = @PAM_MODULE_DIR@ +PAM_PREFIX = @PAM_PREFIX@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +POFILES = @POFILES@ +POLKIT_AUTHFW = @POLKIT_AUTHFW@ +POSUB = @POSUB@ +PO_IN_DATADIR_FALSE = @PO_IN_DATADIR_FALSE@ +PO_IN_DATADIR_TRUE = @PO_IN_DATADIR_TRUE@ +RANLIB = @RANLIB@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +STRIP = @STRIP@ +SYSTEMD_CFLAGS = @SYSTEMD_CFLAGS@ +SYSTEMD_LIBS = @SYSTEMD_LIBS@ +USE_NLS = @USE_NLS@ +VERSION = @VERSION@ +XGETTEXT = @XGETTEXT@ +XSLTPROC = @XSLTPROC@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +intltool__v_merge_options_ = @intltool__v_merge_options_@ +intltool__v_merge_options_0 = @intltool__v_merge_options_0@ +libdir = @libdir@ +libexecdir = @libexecdir@ +localedir = @localedir@ +localstatedir = @localstatedir@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +subdirs = @subdirs@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +SUBDIRS = mocklibc . polkit polkitbackend +AM_CFLAGS = $(GLIB_CFLAGS) +check_LTLIBRARIES = libpolkit-test-helper.la +libpolkit_test_helper_la_SOURCES = polkittesthelper.c polkittesthelper.h +libpolkit_test_helper_la_LIBADD = $(GLIB_LIBS) +EXTRA_DIST = data +all: all-recursive + +.SUFFIXES: +.SUFFIXES: .c .lo .o .obj +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu test/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu test/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): + +clean-checkLTLIBRARIES: + -test -z "$(check_LTLIBRARIES)" || rm -f $(check_LTLIBRARIES) + @list='$(check_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done +libpolkit-test-helper.la: $(libpolkit_test_helper_la_OBJECTS) $(libpolkit_test_helper_la_DEPENDENCIES) $(EXTRA_libpolkit_test_helper_la_DEPENDENCIES) + $(AM_V_CCLD)$(LINK) $(libpolkit_test_helper_la_OBJECTS) $(libpolkit_test_helper_la_LIBADD) $(LIBS) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + +distclean-compile: + -rm -f *.tab.c + +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/polkittesthelper.Plo@am__quote@ + +.c.o: +@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $< + +.c.obj: +@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'` + +.c.lo: +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +# This directory's subdirectories are mostly independent; you can cd +# into them and run `make' without going through this Makefile. +# To change the values of `make' variables: instead of editing Makefiles, +# (1) if the variable is set in `config.status', edit `config.status' +# (which will cause the Makefiles to be regenerated when you run `make'); +# (2) otherwise, pass the desired values on the `make' command line. +$(RECURSIVE_TARGETS): + @fail= failcom='exit 1'; \ + for f in x $$MAKEFLAGS; do \ + case $$f in \ + *=* | --[!k]*);; \ + *k*) failcom='fail=yes';; \ + esac; \ + done; \ + dot_seen=no; \ + target=`echo $@ | sed s/-recursive//`; \ + list='$(SUBDIRS)'; for subdir in $$list; do \ + echo "Making $$target in $$subdir"; \ + if test "$$subdir" = "."; then \ + dot_seen=yes; \ + local_target="$$target-am"; \ + else \ + local_target="$$target"; \ + fi; \ + ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ + || eval $$failcom; \ + done; \ + if test "$$dot_seen" = "no"; then \ + $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \ + fi; test -z "$$fail" + +$(RECURSIVE_CLEAN_TARGETS): + @fail= failcom='exit 1'; \ + for f in x $$MAKEFLAGS; do \ + case $$f in \ + *=* | --[!k]*);; \ + *k*) failcom='fail=yes';; \ + esac; \ + done; \ + dot_seen=no; \ + case "$@" in \ + distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \ + *) list='$(SUBDIRS)' ;; \ + esac; \ + rev=''; for subdir in $$list; do \ + if test "$$subdir" = "."; then :; else \ + rev="$$subdir $$rev"; \ + fi; \ + done; \ + rev="$$rev ."; \ + target=`echo $@ | sed s/-recursive//`; \ + for subdir in $$rev; do \ + echo "Making $$target in $$subdir"; \ + if test "$$subdir" = "."; then \ + local_target="$$target-am"; \ + else \ + local_target="$$target"; \ + fi; \ + ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ + || eval $$failcom; \ + done && test -z "$$fail" +tags-recursive: + list='$(SUBDIRS)'; for subdir in $$list; do \ + test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \ + done +ctags-recursive: + list='$(SUBDIRS)'; for subdir in $$list; do \ + test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \ + done + +ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + mkid -fID $$unique +tags: TAGS + +TAGS: tags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + set x; \ + here=`pwd`; \ + if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \ + include_option=--etags-include; \ + empty_fix=.; \ + else \ + include_option=--include; \ + empty_fix=; \ + fi; \ + list='$(SUBDIRS)'; for subdir in $$list; do \ + if test "$$subdir" = .; then :; else \ + test ! -f $$subdir/TAGS || \ + set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \ + fi; \ + done; \ + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: CTAGS +CTAGS: ctags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done + @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ + if test "$$subdir" = .; then :; else \ + test -d "$(distdir)/$$subdir" \ + || $(MKDIR_P) "$(distdir)/$$subdir" \ + || exit 1; \ + fi; \ + done + @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ + if test "$$subdir" = .; then :; else \ + dir1=$$subdir; dir2="$(distdir)/$$subdir"; \ + $(am__relativize); \ + new_distdir=$$reldir; \ + dir1=$$subdir; dir2="$(top_distdir)"; \ + $(am__relativize); \ + new_top_distdir=$$reldir; \ + echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \ + echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \ + ($(am__cd) $$subdir && \ + $(MAKE) $(AM_MAKEFLAGS) \ + top_distdir="$$new_top_distdir" \ + distdir="$$new_distdir" \ + am__remove_distdir=: \ + am__skip_length_check=: \ + am__skip_mode_fix=: \ + distdir) \ + || exit 1; \ + fi; \ + done +check-am: all-am + $(MAKE) $(AM_MAKEFLAGS) $(check_LTLIBRARIES) +check: check-recursive +all-am: Makefile +installdirs: installdirs-recursive +installdirs-am: + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-recursive +install-strip: + if test -z '$(STRIP)'; then \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + install; \ + else \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ + fi +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-recursive + +clean-am: clean-checkLTLIBRARIES clean-generic clean-libtool \ + clean-local mostlyclean-am + +distclean: distclean-recursive + -rm -rf ./$(DEPDIR) + -rm -f Makefile +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-tags + +dvi: dvi-recursive + +dvi-am: + +html: html-recursive + +html-am: + +info: info-recursive + +info-am: + +install-data-am: + +install-dvi: install-dvi-recursive + +install-dvi-am: + +install-exec-am: + +install-html: install-html-recursive + +install-html-am: + +install-info: install-info-recursive + +install-info-am: + +install-man: + +install-pdf: install-pdf-recursive + +install-pdf-am: + +install-ps: install-ps-recursive + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-recursive + -rm -rf ./$(DEPDIR) + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-recursive + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool + +pdf: pdf-recursive + +pdf-am: + +ps: ps-recursive + +ps-am: + +uninstall-am: + +.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) check-am \ + ctags-recursive install-am install-strip tags-recursive + +.PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \ + all all-am check check-am clean clean-checkLTLIBRARIES \ + clean-generic clean-libtool clean-local ctags ctags-recursive \ + distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-man install-pdf install-pdf-am \ + install-ps install-ps-am install-strip installcheck \ + installcheck-am installdirs installdirs-am maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-compile \ + mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ + tags tags-recursive uninstall uninstall-am + + +# Use mocklibc to override NSS services for tests +export MOCK_PASSWD := $(abs_top_srcdir)/test/data/etc/passwd +export MOCK_GROUP := $(abs_top_srcdir)/test/data/etc/group +export MOCK_NETGROUP := $(abs_top_srcdir)/test/data/etc/netgroup +export TESTS_ENVIRONMENT := $(abs_top_builddir)/test/mocklibc/bin/mocklibc + +# Include path to mock config files +export POLKIT_TEST_DATA := $(abs_top_srcdir)/test/data + +clean-local : + rm -f *~ + +# Never install anything in this dir (specifically MockLibc) +install:; @: +install-exec:; @: +install-data:; @: +uninstall:; @: + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/test/data/etc/group b/test/data/etc/group new file mode 100644 index 00000000..12ef328b --- /dev/null +++ b/test/data/etc/group @@ -0,0 +1,7 @@ +root:x:0: +users:x:100:john,jane +admin:x:101:sally,henry +john:x:500: +jane:x:501: +sally:x:502: +henry:x:503: diff --git a/test/data/etc/netgroup b/test/data/etc/netgroup new file mode 100644 index 00000000..21a27f97 --- /dev/null +++ b/test/data/etc/netgroup @@ -0,0 +1,5 @@ +foo (-,john,) +bar (-,jane,) +baz foo bar +all (,,) +none diff --git a/test/data/etc/passwd b/test/data/etc/passwd new file mode 100644 index 00000000..8544febc --- /dev/null +++ b/test/data/etc/passwd @@ -0,0 +1,5 @@ +root:x:0:0:root:/root:/bin/bash +john:x:500:500:John Done:/home/john:/bin/bash +jane:x:501:501:Jane Smith:/home/jane:/bin/bash +sally:x:502:502:Sally Derp:/home/sally:/bin/bash +henry:x:503:503:Henry Herp:/home/henry:/bin/bash diff --git a/test/data/etc/polkit-1/localauthority.conf.d/10-test.conf b/test/data/etc/polkit-1/localauthority.conf.d/10-test.conf new file mode 100644 index 00000000..d7a98246 --- /dev/null +++ b/test/data/etc/polkit-1/localauthority.conf.d/10-test.conf @@ -0,0 +1,2 @@ +[Configuration] +AdminIdentities=unix-user:root;unix-netgroup:bar;unix-group:admin diff --git a/test/data/etc/polkit-1/localauthority/10-test/com.example.pkla b/test/data/etc/polkit-1/localauthority/10-test/com.example.pkla new file mode 100644 index 00000000..bc64c5e9 --- /dev/null +++ b/test/data/etc/polkit-1/localauthority/10-test/com.example.pkla @@ -0,0 +1,14 @@ +[Users and Root can do Foo] +Identity=unix-group:users;unix-user:root +Action=com.example.awesomeproduct.foo +ResultAny=no +ResultInactive=auth_self +ResultActive=yes + +[Users in netgroup baz can do Bar] +Identity=unix-netgroup:baz +Action=com.example.awesomeproduct.bar +ResultAny=no +ResultInactive=auth_self +ResultActive=yes + diff --git a/test/data/var/lib/polkit-1/localauthority/10-test/com.example.pkla b/test/data/var/lib/polkit-1/localauthority/10-test/com.example.pkla new file mode 100644 index 00000000..f013c5b9 --- /dev/null +++ b/test/data/var/lib/polkit-1/localauthority/10-test/com.example.pkla @@ -0,0 +1,6 @@ +[Super Secret Project Permissions] +Identity=unix-user:root +Action=com.example.restrictedproduct.* +ResultAny=no +ResultInactive=no +ResultActive=auth_self diff --git a/test/mocklibc/AUTHORS b/test/mocklibc/AUTHORS new file mode 100644 index 00000000..c2347f6f --- /dev/null +++ b/test/mocklibc/AUTHORS @@ -0,0 +1 @@ +Nikki VonHollen diff --git a/test/mocklibc/COPYING b/test/mocklibc/COPYING new file mode 100644 index 00000000..d6456956 --- /dev/null +++ b/test/mocklibc/COPYING @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/test/mocklibc/ChangeLog b/test/mocklibc/ChangeLog new file mode 100644 index 00000000..00dd245b --- /dev/null +++ b/test/mocklibc/ChangeLog @@ -0,0 +1,10 @@ +2011-12-19 Nikki VonHollen + +* Added check for 'id' and 'innetgr' commands before running tests that depend + on them. 'make check' now passes without them, without running tests. + + +2011-12-14 Nikki VonHollen + +* Released version 1.0 with basic NSS passwd, group, and netgroup mocks. + diff --git a/test/mocklibc/INSTALL b/test/mocklibc/INSTALL new file mode 100644 index 00000000..7d1c323b --- /dev/null +++ b/test/mocklibc/INSTALL @@ -0,0 +1,365 @@ +Installation Instructions +************************* + +Copyright (C) 1994, 1995, 1996, 1999, 2000, 2001, 2002, 2004, 2005, +2006, 2007, 2008, 2009 Free Software Foundation, Inc. + + Copying and distribution of this file, with or without modification, +are permitted in any medium without royalty provided the copyright +notice and this notice are preserved. This file is offered as-is, +without warranty of any kind. + +Basic Installation +================== + + Briefly, the shell commands `./configure; make; make install' should +configure, build, and install this package. The following +more-detailed instructions are generic; see the `README' file for +instructions specific to this package. Some packages provide this +`INSTALL' file but do not implement all of the features documented +below. The lack of an optional feature in a given package is not +necessarily a bug. More recommendations for GNU packages can be found +in *note Makefile Conventions: (standards)Makefile Conventions. + + The `configure' shell script attempts to guess correct values for +various system-dependent variables used during compilation. It uses +those values to create a `Makefile' in each directory of the package. +It may also create one or more `.h' files containing system-dependent +definitions. Finally, it creates a shell script `config.status' that +you can run in the future to recreate the current configuration, and a +file `config.log' containing compiler output (useful mainly for +debugging `configure'). + + It can also use an optional file (typically called `config.cache' +and enabled with `--cache-file=config.cache' or simply `-C') that saves +the results of its tests to speed up reconfiguring. Caching is +disabled by default to prevent problems with accidental use of stale +cache files. + + If you need to do unusual things to compile the package, please try +to figure out how `configure' could check whether to do them, and mail +diffs or instructions to the address given in the `README' so they can +be considered for the next release. If you are using the cache, and at +some point `config.cache' contains results you don't want to keep, you +may remove or edit it. + + The file `configure.ac' (or `configure.in') is used to create +`configure' by a program called `autoconf'. You need `configure.ac' if +you want to change it or regenerate `configure' using a newer version +of `autoconf'. + + The simplest way to compile this package is: + + 1. `cd' to the directory containing the package's source code and type + `./configure' to configure the package for your system. + + Running `configure' might take a while. While running, it prints + some messages telling which features it is checking for. + + 2. Type `make' to compile the package. + + 3. Optionally, type `make check' to run any self-tests that come with + the package, generally using the just-built uninstalled binaries. + + 4. Type `make install' to install the programs and any data files and + documentation. When installing into a prefix owned by root, it is + recommended that the package be configured and built as a regular + user, and only the `make install' phase executed with root + privileges. + + 5. Optionally, type `make installcheck' to repeat any self-tests, but + this time using the binaries in their final installed location. + This target does not install anything. Running this target as a + regular user, particularly if the prior `make install' required + root privileges, verifies that the installation completed + correctly. + + 6. You can remove the program binaries and object files from the + source code directory by typing `make clean'. To also remove the + files that `configure' created (so you can compile the package for + a different kind of computer), type `make distclean'. There is + also a `make maintainer-clean' target, but that is intended mainly + for the package's developers. If you use it, you may have to get + all sorts of other programs in order to regenerate files that came + with the distribution. + + 7. Often, you can also type `make uninstall' to remove the installed + files again. In practice, not all packages have tested that + uninstallation works correctly, even though it is required by the + GNU Coding Standards. + + 8. Some packages, particularly those that use Automake, provide `make + distcheck', which can by used by developers to test that all other + targets like `make install' and `make uninstall' work correctly. + This target is generally not run by end users. + +Compilers and Options +===================== + + Some systems require unusual options for compilation or linking that +the `configure' script does not know about. Run `./configure --help' +for details on some of the pertinent environment variables. + + You can give `configure' initial values for configuration parameters +by setting variables in the command line or in the environment. Here +is an example: + + ./configure CC=c99 CFLAGS=-g LIBS=-lposix + + *Note Defining Variables::, for more details. + +Compiling For Multiple Architectures +==================================== + + You can compile the package for more than one kind of computer at the +same time, by placing the object files for each architecture in their +own directory. To do this, you can use GNU `make'. `cd' to the +directory where you want the object files and executables to go and run +the `configure' script. `configure' automatically checks for the +source code in the directory that `configure' is in and in `..'. This +is known as a "VPATH" build. + + With a non-GNU `make', it is safer to compile the package for one +architecture at a time in the source code directory. After you have +installed the package for one architecture, use `make distclean' before +reconfiguring for another architecture. + + On MacOS X 10.5 and later systems, you can create libraries and +executables that work on multiple system types--known as "fat" or +"universal" binaries--by specifying multiple `-arch' options to the +compiler but only a single `-arch' option to the preprocessor. Like +this: + + ./configure CC="gcc -arch i386 -arch x86_64 -arch ppc -arch ppc64" \ + CXX="g++ -arch i386 -arch x86_64 -arch ppc -arch ppc64" \ + CPP="gcc -E" CXXCPP="g++ -E" + + This is not guaranteed to produce working output in all cases, you +may have to build one architecture at a time and combine the results +using the `lipo' tool if you have problems. + +Installation Names +================== + + By default, `make install' installs the package's commands under +`/usr/local/bin', include files under `/usr/local/include', etc. You +can specify an installation prefix other than `/usr/local' by giving +`configure' the option `--prefix=PREFIX', where PREFIX must be an +absolute file name. + + You can specify separate installation prefixes for +architecture-specific files and architecture-independent files. If you +pass the option `--exec-prefix=PREFIX' to `configure', the package uses +PREFIX as the prefix for installing programs and libraries. +Documentation and other data files still use the regular prefix. + + In addition, if you use an unusual directory layout you can give +options like `--bindir=DIR' to specify different values for particular +kinds of files. Run `configure --help' for a list of the directories +you can set and what kinds of files go in them. In general, the +default for these options is expressed in terms of `${prefix}', so that +specifying just `--prefix' will affect all of the other directory +specifications that were not explicitly provided. + + The most portable way to affect installation locations is to pass the +correct locations to `configure'; however, many packages provide one or +both of the following shortcuts of passing variable assignments to the +`make install' command line to change installation locations without +having to reconfigure or recompile. + + The first method involves providing an override variable for each +affected directory. For example, `make install +prefix=/alternate/directory' will choose an alternate location for all +directory configuration variables that were expressed in terms of +`${prefix}'. Any directories that were specified during `configure', +but not in terms of `${prefix}', must each be overridden at install +time for the entire installation to be relocated. The approach of +makefile variable overrides for each directory variable is required by +the GNU Coding Standards, and ideally causes no recompilation. +However, some platforms have known limitations with the semantics of +shared libraries that end up requiring recompilation when using this +method, particularly noticeable in packages that use GNU Libtool. + + The second method involves providing the `DESTDIR' variable. For +example, `make install DESTDIR=/alternate/directory' will prepend +`/alternate/directory' before all installation names. The approach of +`DESTDIR' overrides is not required by the GNU Coding Standards, and +does not work on platforms that have drive letters. On the other hand, +it does better at avoiding recompilation issues, and works well even +when some directory options were not specified in terms of `${prefix}' +at `configure' time. + +Optional Features +================= + + If the package supports it, you can cause programs to be installed +with an extra prefix or suffix on their names by giving `configure' the +option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'. + + Some packages pay attention to `--enable-FEATURE' options to +`configure', where FEATURE indicates an optional part of the package. +They may also pay attention to `--with-PACKAGE' options, where PACKAGE +is something like `gnu-as' or `x' (for the X Window System). The +`README' should mention any `--enable-' and `--with-' options that the +package recognizes. + + For packages that use the X Window System, `configure' can usually +find the X include and library files automatically, but if it doesn't, +you can use the `configure' options `--x-includes=DIR' and +`--x-libraries=DIR' to specify their locations. + + Some packages offer the ability to configure how verbose the +execution of `make' will be. For these packages, running `./configure +--enable-silent-rules' sets the default to minimal output, which can be +overridden with `make V=1'; while running `./configure +--disable-silent-rules' sets the default to verbose, which can be +overridden with `make V=0'. + +Particular systems +================== + + On HP-UX, the default C compiler is not ANSI C compatible. If GNU +CC is not installed, it is recommended to use the following options in +order to use an ANSI C compiler: + + ./configure CC="cc -Ae -D_XOPEN_SOURCE=500" + +and if that doesn't work, install pre-built binaries of GCC for HP-UX. + + On OSF/1 a.k.a. Tru64, some versions of the default C compiler cannot +parse its `' header file. The option `-nodtk' can be used as +a workaround. If GNU CC is not installed, it is therefore recommended +to try + + ./configure CC="cc" + +and if that doesn't work, try + + ./configure CC="cc -nodtk" + + On Solaris, don't put `/usr/ucb' early in your `PATH'. This +directory contains several dysfunctional programs; working variants of +these programs are available in `/usr/bin'. So, if you need `/usr/ucb' +in your `PATH', put it _after_ `/usr/bin'. + + On Haiku, software installed for all users goes in `/boot/common', +not `/usr/local'. It is recommended to use the following options: + + ./configure --prefix=/boot/common + +Specifying the System Type +========================== + + There may be some features `configure' cannot figure out +automatically, but needs to determine by the type of machine the package +will run on. Usually, assuming the package is built to be run on the +_same_ architectures, `configure' can figure that out, but if it prints +a message saying it cannot guess the machine type, give it the +`--build=TYPE' option. TYPE can either be a short name for the system +type, such as `sun4', or a canonical name which has the form: + + CPU-COMPANY-SYSTEM + +where SYSTEM can have one of these forms: + + OS + KERNEL-OS + + See the file `config.sub' for the possible values of each field. If +`config.sub' isn't included in this package, then this package doesn't +need to know the machine type. + + If you are _building_ compiler tools for cross-compiling, you should +use the option `--target=TYPE' to select the type of system they will +produce code for. + + If you want to _use_ a cross compiler, that generates code for a +platform different from the build platform, you should specify the +"host" platform (i.e., that on which the generated programs will +eventually be run) with `--host=TYPE'. + +Sharing Defaults +================ + + If you want to set default values for `configure' scripts to share, +you can create a site shell script called `config.site' that gives +default values for variables like `CC', `cache_file', and `prefix'. +`configure' looks for `PREFIX/share/config.site' if it exists, then +`PREFIX/etc/config.site' if it exists. Or, you can set the +`CONFIG_SITE' environment variable to the location of the site script. +A warning: not all `configure' scripts look for a site script. + +Defining Variables +================== + + Variables not defined in a site shell script can be set in the +environment passed to `configure'. However, some packages may run +configure again during the build, and the customized values of these +variables may be lost. In order to avoid this problem, you should set +them in the `configure' command line, using `VAR=value'. For example: + + ./configure CC=/usr/local2/bin/gcc + +causes the specified `gcc' to be used as the C compiler (unless it is +overridden in the site shell script). + +Unfortunately, this technique does not work for `CONFIG_SHELL' due to +an Autoconf bug. Until the bug is fixed you can use this workaround: + + CONFIG_SHELL=/bin/bash /bin/bash ./configure CONFIG_SHELL=/bin/bash + +`configure' Invocation +====================== + + `configure' recognizes the following options to control how it +operates. + +`--help' +`-h' + Print a summary of all of the options to `configure', and exit. + +`--help=short' +`--help=recursive' + Print a summary of the options unique to this package's + `configure', and exit. The `short' variant lists options used + only in the top level, while the `recursive' variant lists options + also present in any nested packages. + +`--version' +`-V' + Print the version of Autoconf used to generate the `configure' + script, and exit. + +`--cache-file=FILE' + Enable the cache: use and save the results of the tests in FILE, + traditionally `config.cache'. FILE defaults to `/dev/null' to + disable caching. + +`--config-cache' +`-C' + Alias for `--cache-file=config.cache'. + +`--quiet' +`--silent' +`-q' + Do not print messages saying which checks are being made. To + suppress all normal output, redirect it to `/dev/null' (any error + messages will still be shown). + +`--srcdir=DIR' + Look for the package's source code in directory DIR. Usually + `configure' can determine that directory automatically. + +`--prefix=DIR' + Use DIR as the installation prefix. *note Installation Names:: + for more details, including other options available for fine-tuning + the installation locations. + +`--no-create' +`-n' + Run the configure checks, but stop before creating any output + files. + +`configure' also accepts some other, not widely useful, options. Run +`configure --help' for more details. + diff --git a/test/mocklibc/Makefile.am b/test/mocklibc/Makefile.am new file mode 100644 index 00000000..3508ecd9 --- /dev/null +++ b/test/mocklibc/Makefile.am @@ -0,0 +1,3 @@ + +SUBDIRS = src bin +EXTRA_DIST = example diff --git a/test/mocklibc/Makefile.in b/test/mocklibc/Makefile.in new file mode 100644 index 00000000..935f4db2 --- /dev/null +++ b/test/mocklibc/Makefile.in @@ -0,0 +1,739 @@ +# Makefile.in generated by automake 1.11.3 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software +# Foundation, Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ +VPATH = @srcdir@ +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +subdir = . +DIST_COMMON = README $(am__configure_deps) $(srcdir)/Makefile.am \ + $(srcdir)/Makefile.in $(srcdir)/config.h.in \ + $(top_srcdir)/configure AUTHORS COPYING ChangeLog INSTALL NEWS \ + config.guess config.sub depcomp install-sh ltmain.sh missing +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \ + configure.lineno config.status.lineno +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = config.h +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +SOURCES = +DIST_SOURCES = +RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \ + html-recursive info-recursive install-data-recursive \ + install-dvi-recursive install-exec-recursive \ + install-html-recursive install-info-recursive \ + install-pdf-recursive install-ps-recursive install-recursive \ + installcheck-recursive installdirs-recursive pdf-recursive \ + ps-recursive uninstall-recursive +RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \ + distclean-recursive maintainer-clean-recursive +AM_RECURSIVE_TARGETS = $(RECURSIVE_TARGETS:-recursive=) \ + $(RECURSIVE_CLEAN_TARGETS:-recursive=) tags TAGS ctags CTAGS \ + distdir dist dist-all distcheck +ETAGS = etags +CTAGS = ctags +DIST_SUBDIRS = $(SUBDIRS) +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +distdir = $(PACKAGE)-$(VERSION) +top_distdir = $(distdir) +am__remove_distdir = \ + if test -d "$(distdir)"; then \ + find "$(distdir)" -type d ! -perm -200 -exec chmod u+w {} ';' \ + && rm -rf "$(distdir)" \ + || { sleep 5 && rm -rf "$(distdir)"; }; \ + else :; fi +am__relativize = \ + dir0=`pwd`; \ + sed_first='s,^\([^/]*\)/.*$$,\1,'; \ + sed_rest='s,^[^/]*/*,,'; \ + sed_last='s,^.*/\([^/]*\)$$,\1,'; \ + sed_butlast='s,/*[^/]*$$,,'; \ + while test -n "$$dir1"; do \ + first=`echo "$$dir1" | sed -e "$$sed_first"`; \ + if test "$$first" != "."; then \ + if test "$$first" = ".."; then \ + dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \ + dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \ + else \ + first2=`echo "$$dir2" | sed -e "$$sed_first"`; \ + if test "$$first2" = "$$first"; then \ + dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \ + else \ + dir2="../$$dir2"; \ + fi; \ + dir0="$$dir0"/"$$first"; \ + fi; \ + fi; \ + dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \ + done; \ + reldir="$$dir2" +DIST_ARCHIVES = $(distdir).tar.gz +GZIP_ENV = --best +distuninstallcheck_listfiles = find . -type f -print +am__distuninstallcheck_listfiles = $(distuninstallcheck_listfiles) \ + | sed 's|^\./|$(prefix)/|' | grep -v '$(infodir)/dir$$' +distcleancheck_listfiles = find . -type f -print +ACLOCAL = @ACLOCAL@ +AMTAR = @AMTAR@ +AR = @AR@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +GREP = @GREP@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ +MKDIR_P = @MKDIR_P@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +RANLIB = @RANLIB@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +STRIP = @STRIP@ +VERSION = @VERSION@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +libdir = @libdir@ +libexecdir = @libexecdir@ +libname = @libname@ +localedir = @localedir@ +localstatedir = @localstatedir@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +SUBDIRS = src bin +EXTRA_DIST = example +all: config.h + $(MAKE) $(AM_MAKEFLAGS) all-recursive + +.SUFFIXES: +am--refresh: Makefile + @: +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + echo ' cd $(srcdir) && $(AUTOMAKE) --gnu'; \ + $(am__cd) $(srcdir) && $(AUTOMAKE) --gnu \ + && exit 0; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + echo ' $(SHELL) ./config.status'; \ + $(SHELL) ./config.status;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + $(SHELL) ./config.status --recheck + +$(top_srcdir)/configure: $(am__configure_deps) + $(am__cd) $(srcdir) && $(AUTOCONF) +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + $(am__cd) $(srcdir) && $(ACLOCAL) $(ACLOCAL_AMFLAGS) +$(am__aclocal_m4_deps): + +config.h: stamp-h1 + @if test ! -f $@; then rm -f stamp-h1; else :; fi + @if test ! -f $@; then $(MAKE) $(AM_MAKEFLAGS) stamp-h1; else :; fi + +stamp-h1: $(srcdir)/config.h.in $(top_builddir)/config.status + @rm -f stamp-h1 + cd $(top_builddir) && $(SHELL) ./config.status config.h +$(srcdir)/config.h.in: $(am__configure_deps) + ($(am__cd) $(top_srcdir) && $(AUTOHEADER)) + rm -f stamp-h1 + touch $@ + +distclean-hdr: + -rm -f config.h stamp-h1 + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +distclean-libtool: + -rm -f libtool config.lt + +# This directory's subdirectories are mostly independent; you can cd +# into them and run `make' without going through this Makefile. +# To change the values of `make' variables: instead of editing Makefiles, +# (1) if the variable is set in `config.status', edit `config.status' +# (which will cause the Makefiles to be regenerated when you run `make'); +# (2) otherwise, pass the desired values on the `make' command line. +$(RECURSIVE_TARGETS): + @fail= failcom='exit 1'; \ + for f in x $$MAKEFLAGS; do \ + case $$f in \ + *=* | --[!k]*);; \ + *k*) failcom='fail=yes';; \ + esac; \ + done; \ + dot_seen=no; \ + target=`echo $@ | sed s/-recursive//`; \ + list='$(SUBDIRS)'; for subdir in $$list; do \ + echo "Making $$target in $$subdir"; \ + if test "$$subdir" = "."; then \ + dot_seen=yes; \ + local_target="$$target-am"; \ + else \ + local_target="$$target"; \ + fi; \ + ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ + || eval $$failcom; \ + done; \ + if test "$$dot_seen" = "no"; then \ + $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \ + fi; test -z "$$fail" + +$(RECURSIVE_CLEAN_TARGETS): + @fail= failcom='exit 1'; \ + for f in x $$MAKEFLAGS; do \ + case $$f in \ + *=* | --[!k]*);; \ + *k*) failcom='fail=yes';; \ + esac; \ + done; \ + dot_seen=no; \ + case "$@" in \ + distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \ + *) list='$(SUBDIRS)' ;; \ + esac; \ + rev=''; for subdir in $$list; do \ + if test "$$subdir" = "."; then :; else \ + rev="$$subdir $$rev"; \ + fi; \ + done; \ + rev="$$rev ."; \ + target=`echo $@ | sed s/-recursive//`; \ + for subdir in $$rev; do \ + echo "Making $$target in $$subdir"; \ + if test "$$subdir" = "."; then \ + local_target="$$target-am"; \ + else \ + local_target="$$target"; \ + fi; \ + ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ + || eval $$failcom; \ + done && test -z "$$fail" +tags-recursive: + list='$(SUBDIRS)'; for subdir in $$list; do \ + test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \ + done +ctags-recursive: + list='$(SUBDIRS)'; for subdir in $$list; do \ + test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \ + done + +ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + mkid -fID $$unique +tags: TAGS + +TAGS: tags-recursive $(HEADERS) $(SOURCES) config.h.in $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + set x; \ + here=`pwd`; \ + if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \ + include_option=--etags-include; \ + empty_fix=.; \ + else \ + include_option=--include; \ + empty_fix=; \ + fi; \ + list='$(SUBDIRS)'; for subdir in $$list; do \ + if test "$$subdir" = .; then :; else \ + test ! -f $$subdir/TAGS || \ + set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \ + fi; \ + done; \ + list='$(SOURCES) $(HEADERS) config.h.in $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: CTAGS +CTAGS: ctags-recursive $(HEADERS) $(SOURCES) config.h.in $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + list='$(SOURCES) $(HEADERS) config.h.in $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(DISTFILES) + $(am__remove_distdir) + test -d "$(distdir)" || mkdir "$(distdir)" + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done + @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ + if test "$$subdir" = .; then :; else \ + test -d "$(distdir)/$$subdir" \ + || $(MKDIR_P) "$(distdir)/$$subdir" \ + || exit 1; \ + fi; \ + done + @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ + if test "$$subdir" = .; then :; else \ + dir1=$$subdir; dir2="$(distdir)/$$subdir"; \ + $(am__relativize); \ + new_distdir=$$reldir; \ + dir1=$$subdir; dir2="$(top_distdir)"; \ + $(am__relativize); \ + new_top_distdir=$$reldir; \ + echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \ + echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \ + ($(am__cd) $$subdir && \ + $(MAKE) $(AM_MAKEFLAGS) \ + top_distdir="$$new_top_distdir" \ + distdir="$$new_distdir" \ + am__remove_distdir=: \ + am__skip_length_check=: \ + am__skip_mode_fix=: \ + distdir) \ + || exit 1; \ + fi; \ + done + -test -n "$(am__skip_mode_fix)" \ + || find "$(distdir)" -type d ! -perm -755 \ + -exec chmod u+rwx,go+rx {} \; -o \ + ! -type d ! -perm -444 -links 1 -exec chmod a+r {} \; -o \ + ! -type d ! -perm -400 -exec chmod a+r {} \; -o \ + ! -type d ! -perm -444 -exec $(install_sh) -c -m a+r {} {} \; \ + || chmod -R a+r "$(distdir)" +dist-gzip: distdir + tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz + $(am__remove_distdir) + +dist-bzip2: distdir + tardir=$(distdir) && $(am__tar) | BZIP2=$${BZIP2--9} bzip2 -c >$(distdir).tar.bz2 + $(am__remove_distdir) + +dist-lzip: distdir + tardir=$(distdir) && $(am__tar) | lzip -c $${LZIP_OPT--9} >$(distdir).tar.lz + $(am__remove_distdir) + +dist-lzma: distdir + tardir=$(distdir) && $(am__tar) | lzma -9 -c >$(distdir).tar.lzma + $(am__remove_distdir) + +dist-xz: distdir + tardir=$(distdir) && $(am__tar) | XZ_OPT=$${XZ_OPT--e} xz -c >$(distdir).tar.xz + $(am__remove_distdir) + +dist-tarZ: distdir + tardir=$(distdir) && $(am__tar) | compress -c >$(distdir).tar.Z + $(am__remove_distdir) + +dist-shar: distdir + shar $(distdir) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).shar.gz + $(am__remove_distdir) + +dist-zip: distdir + -rm -f $(distdir).zip + zip -rq $(distdir).zip $(distdir) + $(am__remove_distdir) + +dist dist-all: distdir + tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz + $(am__remove_distdir) + +# This target untars the dist file and tries a VPATH configuration. Then +# it guarantees that the distribution is self-contained by making another +# tarfile. +distcheck: dist + case '$(DIST_ARCHIVES)' in \ + *.tar.gz*) \ + GZIP=$(GZIP_ENV) gzip -dc $(distdir).tar.gz | $(am__untar) ;;\ + *.tar.bz2*) \ + bzip2 -dc $(distdir).tar.bz2 | $(am__untar) ;;\ + *.tar.lzma*) \ + lzma -dc $(distdir).tar.lzma | $(am__untar) ;;\ + *.tar.lz*) \ + lzip -dc $(distdir).tar.lz | $(am__untar) ;;\ + *.tar.xz*) \ + xz -dc $(distdir).tar.xz | $(am__untar) ;;\ + *.tar.Z*) \ + uncompress -c $(distdir).tar.Z | $(am__untar) ;;\ + *.shar.gz*) \ + GZIP=$(GZIP_ENV) gzip -dc $(distdir).shar.gz | unshar ;;\ + *.zip*) \ + unzip $(distdir).zip ;;\ + esac + chmod -R a-w $(distdir); chmod a+w $(distdir) + mkdir $(distdir)/_build + mkdir $(distdir)/_inst + chmod a-w $(distdir) + test -d $(distdir)/_build || exit 0; \ + dc_install_base=`$(am__cd) $(distdir)/_inst && pwd | sed -e 's,^[^:\\/]:[\\/],/,'` \ + && dc_destdir="$${TMPDIR-/tmp}/am-dc-$$$$/" \ + && am__cwd=`pwd` \ + && $(am__cd) $(distdir)/_build \ + && ../configure --srcdir=.. --prefix="$$dc_install_base" \ + $(AM_DISTCHECK_CONFIGURE_FLAGS) \ + $(DISTCHECK_CONFIGURE_FLAGS) \ + && $(MAKE) $(AM_MAKEFLAGS) \ + && $(MAKE) $(AM_MAKEFLAGS) dvi \ + && $(MAKE) $(AM_MAKEFLAGS) check \ + && $(MAKE) $(AM_MAKEFLAGS) install \ + && $(MAKE) $(AM_MAKEFLAGS) installcheck \ + && $(MAKE) $(AM_MAKEFLAGS) uninstall \ + && $(MAKE) $(AM_MAKEFLAGS) distuninstallcheck_dir="$$dc_install_base" \ + distuninstallcheck \ + && chmod -R a-w "$$dc_install_base" \ + && ({ \ + (cd ../.. && umask 077 && mkdir "$$dc_destdir") \ + && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" install \ + && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" uninstall \ + && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" \ + distuninstallcheck_dir="$$dc_destdir" distuninstallcheck; \ + } || { rm -rf "$$dc_destdir"; exit 1; }) \ + && rm -rf "$$dc_destdir" \ + && $(MAKE) $(AM_MAKEFLAGS) dist \ + && rm -rf $(DIST_ARCHIVES) \ + && $(MAKE) $(AM_MAKEFLAGS) distcleancheck \ + && cd "$$am__cwd" \ + || exit 1 + $(am__remove_distdir) + @(echo "$(distdir) archives ready for distribution: "; \ + list='$(DIST_ARCHIVES)'; for i in $$list; do echo $$i; done) | \ + sed -e 1h -e 1s/./=/g -e 1p -e 1x -e '$$p' -e '$$x' +distuninstallcheck: + @test -n '$(distuninstallcheck_dir)' || { \ + echo 'ERROR: trying to run $@ with an empty' \ + '$$(distuninstallcheck_dir)' >&2; \ + exit 1; \ + }; \ + $(am__cd) '$(distuninstallcheck_dir)' || { \ + echo 'ERROR: cannot chdir into $(distuninstallcheck_dir)' >&2; \ + exit 1; \ + }; \ + test `$(am__distuninstallcheck_listfiles) | wc -l` -eq 0 \ + || { echo "ERROR: files left after uninstall:" ; \ + if test -n "$(DESTDIR)"; then \ + echo " (check DESTDIR support)"; \ + fi ; \ + $(distuninstallcheck_listfiles) ; \ + exit 1; } >&2 +distcleancheck: distclean + @if test '$(srcdir)' = . ; then \ + echo "ERROR: distcleancheck can only run from a VPATH build" ; \ + exit 1 ; \ + fi + @test `$(distcleancheck_listfiles) | wc -l` -eq 0 \ + || { echo "ERROR: files left in build directory after distclean:" ; \ + $(distcleancheck_listfiles) ; \ + exit 1; } >&2 +check-am: all-am +check: check-recursive +all-am: Makefile config.h +installdirs: installdirs-recursive +installdirs-am: +install: install-recursive +install-exec: install-exec-recursive +install-data: install-data-recursive +uninstall: uninstall-recursive + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-recursive +install-strip: + if test -z '$(STRIP)'; then \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + install; \ + else \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ + fi +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-recursive + +clean-am: clean-generic clean-libtool mostlyclean-am + +distclean: distclean-recursive + -rm -f $(am__CONFIG_DISTCLEAN_FILES) + -rm -f Makefile +distclean-am: clean-am distclean-generic distclean-hdr \ + distclean-libtool distclean-tags + +dvi: dvi-recursive + +dvi-am: + +html: html-recursive + +html-am: + +info: info-recursive + +info-am: + +install-data-am: + +install-dvi: install-dvi-recursive + +install-dvi-am: + +install-exec-am: + +install-html: install-html-recursive + +install-html-am: + +install-info: install-info-recursive + +install-info-am: + +install-man: + +install-pdf: install-pdf-recursive + +install-pdf-am: + +install-ps: install-ps-recursive + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-recursive + -rm -f $(am__CONFIG_DISTCLEAN_FILES) + -rm -rf $(top_srcdir)/autom4te.cache + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-recursive + +mostlyclean-am: mostlyclean-generic mostlyclean-libtool + +pdf: pdf-recursive + +pdf-am: + +ps: ps-recursive + +ps-am: + +uninstall-am: + +.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) all \ + ctags-recursive install-am install-strip tags-recursive + +.PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \ + all all-am am--refresh check check-am clean clean-generic \ + clean-libtool ctags ctags-recursive dist dist-all dist-bzip2 \ + dist-gzip dist-lzip dist-lzma dist-shar dist-tarZ dist-xz \ + dist-zip distcheck distclean distclean-generic distclean-hdr \ + distclean-libtool distclean-tags distcleancheck distdir \ + distuninstallcheck dvi dvi-am html html-am info info-am \ + install install-am install-data install-data-am install-dvi \ + install-dvi-am install-exec install-exec-am install-html \ + install-html-am install-info install-info-am install-man \ + install-pdf install-pdf-am install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + installdirs-am maintainer-clean maintainer-clean-generic \ + mostlyclean mostlyclean-generic mostlyclean-libtool pdf pdf-am \ + ps ps-am tags tags-recursive uninstall uninstall-am + + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/test/mocklibc/NEWS b/test/mocklibc/NEWS new file mode 100644 index 00000000..e69de29b diff --git a/test/mocklibc/README b/test/mocklibc/README new file mode 100644 index 00000000..2bd44efa --- /dev/null +++ b/test/mocklibc/README @@ -0,0 +1,121 @@ += MockLibc 1.1 = + +Mocks of common libc functions who have global state. Version 1.1 focuses on +NSS related methods (user, group, and netgroup queries). + +This library is a re-implementation of specific libc methods, not a tool for +creating mock functions. Use MockLibc to create a consistent environment for +your unit tests, when they need to query system information. + + +== Requirements == + +* Tests require the 'id' and 'innetgr' commands in the PATH + + +== Build == + +$ cd mocklibc-1.1 +$ ./configure +$ make +$ make check + + +== Install == + +$ make install + + +== Example Usage == + +$ id foo +id: foo: No such user +$ export MOCK_PASSWD=./testdata/passwd +$ export MOCK_GROUP=./testdata/group +$ mkdir ./testdata +$ echo “foo:x:9000:9000::/home/foo:/bin/bash” > “$MOCK_PASSWD” +$ echo “mockusers:x:9001:foo” > “$MOCK_GROUP” +$ mocklibc id foo +uid=9000(foo) gid=9000(foo) groups=9000(foo),9001(mockusers) + + +== Use without install == + +mocklibc can be used directly from the bin directory, without being installed: +$ cd mocklibc-1.1 +$ ./configure +$ make +$ bin/mocklibc id foo + + +== Hacking == + +If using a git checkout instead of a source tarball, always run +'autogen --install' before './configure'. Whenever a Makefile.am or +configure.ac is modified, run 'autogen' again without --install. + + +== Mocked Functions == + +NSS Methods completely disregard /etc/nsswitch.conf, similar to using just +"files", but with modified paths. DNS is not modified and no *_r methods will +be implemented in this version. + +* pwd.h (NSS users, configured with MOCK_PASSWD) + * setpwent + * getpwent + * endpwent + * getpwnam + * getpwuid +* grp.h (NSS groups, configured with MOCK_GROUP) + * setpwent + * getpwent + * endpwent + * getpwnam + * getpwuid +* netdb.h (NSS netgroups, no DNS, configured with MOCK_NETGROUP) + * setnetgrent + * getnetgrent + * endnetgrent + * innetgr + + +== Configuration == + +All configuration is handled through environment variables, though specific +mocklibc_* methods may be added in the future for things like time and random +number generation. + +Environment Variables: +* MOCK_PASSWD - Path to /etc/passwd replacement +* MOCK_GROUP - Path to /etc/group replacement +* MOCK_NETGROUP - Path to /etc/netgroup replacement + + +== F.A.Q. == + +* Why not use a chroot? Chroot requires root, and forcing unit tests to run as + root is not desirable. +* Is there something that already does this? There are mock frameworks for C, + but this library is an implementation of specific common mocks C developers + need. A mock of set/get/endgrent still requires some basic code for iterating + group objects. This library provides that. + + +== TODO == + +* Add functions to free unused memory in 'netdb_netgroup.c'. It leaks a ton of + memory every call. See TODO comments in code. + + +== Future == + +The following may be supported in the future, and I'm taking requests for other +functionality at 'vonhollen@gmail.com'. + +Features: +* Redirect syslog messages to file at $MOCK_SYSLOG +* '*_r' methods in pwd.h, grp.h, and netdb.h +* netdb.h: gethostbyname, gethostbyaddr, getaddrinfo, get/freeaddrinfo +* Whitelist apps with $MOCK_ONLY (includes list of argv[0] names) + diff --git a/test/mocklibc/aclocal.m4 b/test/mocklibc/aclocal.m4 new file mode 100644 index 00000000..2467960e --- /dev/null +++ b/test/mocklibc/aclocal.m4 @@ -0,0 +1,9562 @@ +# generated automatically by aclocal 1.11.3 -*- Autoconf -*- + +# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, +# 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software Foundation, +# Inc. +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +m4_ifndef([AC_AUTOCONF_VERSION], + [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl +m4_if(m4_defn([AC_AUTOCONF_VERSION]), [2.68],, +[m4_warning([this file was generated for autoconf 2.68. +You have another version of autoconf. It may work, but is not guaranteed to. +If you have problems, you may need to regenerate the build system entirely. +To do so, use the procedure documented by the package, typically `autoreconf'.])]) + +# libtool.m4 - Configure libtool for the host system. -*-Autoconf-*- +# +# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005, +# 2006, 2007, 2008, 2009, 2010, 2011 Free Software +# Foundation, Inc. +# Written by Gordon Matzigkeit, 1996 +# +# This file is free software; the Free Software Foundation gives +# unlimited permission to copy and/or distribute it, with or without +# modifications, as long as this notice is preserved. + +m4_define([_LT_COPYING], [dnl +# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005, +# 2006, 2007, 2008, 2009, 2010, 2011 Free Software +# Foundation, Inc. +# Written by Gordon Matzigkeit, 1996 +# +# This file is part of GNU Libtool. +# +# GNU Libtool is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License as +# published by the Free Software Foundation; either version 2 of +# the License, or (at your option) any later version. +# +# As a special exception to the GNU General Public License, +# if you distribute this file as part of a program or library that +# is built using GNU Libtool, you may include this file under the +# same distribution terms that you use for the rest of that program. +# +# GNU Libtool is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GNU Libtool; see the file COPYING. If not, a copy +# can be downloaded from http://www.gnu.org/licenses/gpl.html, or +# obtained by writing to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. +]) + +# serial 57 LT_INIT + + +# LT_PREREQ(VERSION) +# ------------------ +# Complain and exit if this libtool version is less that VERSION. +m4_defun([LT_PREREQ], +[m4_if(m4_version_compare(m4_defn([LT_PACKAGE_VERSION]), [$1]), -1, + [m4_default([$3], + [m4_fatal([Libtool version $1 or higher is required], + 63)])], + [$2])]) + + +# _LT_CHECK_BUILDDIR +# ------------------ +# Complain if the absolute build directory name contains unusual characters +m4_defun([_LT_CHECK_BUILDDIR], +[case `pwd` in + *\ * | *\ *) + AC_MSG_WARN([Libtool does not cope well with whitespace in `pwd`]) ;; +esac +]) + + +# LT_INIT([OPTIONS]) +# ------------------ +AC_DEFUN([LT_INIT], +[AC_PREREQ([2.58])dnl We use AC_INCLUDES_DEFAULT +AC_REQUIRE([AC_CONFIG_AUX_DIR_DEFAULT])dnl +AC_BEFORE([$0], [LT_LANG])dnl +AC_BEFORE([$0], [LT_OUTPUT])dnl +AC_BEFORE([$0], [LTDL_INIT])dnl +m4_require([_LT_CHECK_BUILDDIR])dnl + +dnl Autoconf doesn't catch unexpanded LT_ macros by default: +m4_pattern_forbid([^_?LT_[A-Z_]+$])dnl +m4_pattern_allow([^(_LT_EOF|LT_DLGLOBAL|LT_DLLAZY_OR_NOW|LT_MULTI_MODULE)$])dnl +dnl aclocal doesn't pull ltoptions.m4, ltsugar.m4, or ltversion.m4 +dnl unless we require an AC_DEFUNed macro: +AC_REQUIRE([LTOPTIONS_VERSION])dnl +AC_REQUIRE([LTSUGAR_VERSION])dnl +AC_REQUIRE([LTVERSION_VERSION])dnl +AC_REQUIRE([LTOBSOLETE_VERSION])dnl +m4_require([_LT_PROG_LTMAIN])dnl + +_LT_SHELL_INIT([SHELL=${CONFIG_SHELL-/bin/sh}]) + +dnl Parse OPTIONS +_LT_SET_OPTIONS([$0], [$1]) + +# This can be used to rebuild libtool when needed +LIBTOOL_DEPS="$ltmain" + +# Always use our own libtool. +LIBTOOL='$(SHELL) $(top_builddir)/libtool' +AC_SUBST(LIBTOOL)dnl + +_LT_SETUP + +# Only expand once: +m4_define([LT_INIT]) +])# LT_INIT + +# Old names: +AU_ALIAS([AC_PROG_LIBTOOL], [LT_INIT]) +AU_ALIAS([AM_PROG_LIBTOOL], [LT_INIT]) +dnl aclocal-1.4 backwards compatibility: +dnl AC_DEFUN([AC_PROG_LIBTOOL], []) +dnl AC_DEFUN([AM_PROG_LIBTOOL], []) + + +# _LT_CC_BASENAME(CC) +# ------------------- +# Calculate cc_basename. Skip known compiler wrappers and cross-prefix. +m4_defun([_LT_CC_BASENAME], +[for cc_temp in $1""; do + case $cc_temp in + compile | *[[\\/]]compile | ccache | *[[\\/]]ccache ) ;; + distcc | *[[\\/]]distcc | purify | *[[\\/]]purify ) ;; + \-*) ;; + *) break;; + esac +done +cc_basename=`$ECHO "$cc_temp" | $SED "s%.*/%%; s%^$host_alias-%%"` +]) + + +# _LT_FILEUTILS_DEFAULTS +# ---------------------- +# It is okay to use these file commands and assume they have been set +# sensibly after `m4_require([_LT_FILEUTILS_DEFAULTS])'. +m4_defun([_LT_FILEUTILS_DEFAULTS], +[: ${CP="cp -f"} +: ${MV="mv -f"} +: ${RM="rm -f"} +])# _LT_FILEUTILS_DEFAULTS + + +# _LT_SETUP +# --------- +m4_defun([_LT_SETUP], +[AC_REQUIRE([AC_CANONICAL_HOST])dnl +AC_REQUIRE([AC_CANONICAL_BUILD])dnl +AC_REQUIRE([_LT_PREPARE_SED_QUOTE_VARS])dnl +AC_REQUIRE([_LT_PROG_ECHO_BACKSLASH])dnl + +_LT_DECL([], [PATH_SEPARATOR], [1], [The PATH separator for the build system])dnl +dnl +_LT_DECL([], [host_alias], [0], [The host system])dnl +_LT_DECL([], [host], [0])dnl +_LT_DECL([], [host_os], [0])dnl +dnl +_LT_DECL([], [build_alias], [0], [The build system])dnl +_LT_DECL([], [build], [0])dnl +_LT_DECL([], [build_os], [0])dnl +dnl +AC_REQUIRE([AC_PROG_CC])dnl +AC_REQUIRE([LT_PATH_LD])dnl +AC_REQUIRE([LT_PATH_NM])dnl +dnl +AC_REQUIRE([AC_PROG_LN_S])dnl +test -z "$LN_S" && LN_S="ln -s" +_LT_DECL([], [LN_S], [1], [Whether we need soft or hard links])dnl +dnl +AC_REQUIRE([LT_CMD_MAX_LEN])dnl +_LT_DECL([objext], [ac_objext], [0], [Object file suffix (normally "o")])dnl +_LT_DECL([], [exeext], [0], [Executable file suffix (normally "")])dnl +dnl +m4_require([_LT_FILEUTILS_DEFAULTS])dnl +m4_require([_LT_CHECK_SHELL_FEATURES])dnl +m4_require([_LT_PATH_CONVERSION_FUNCTIONS])dnl +m4_require([_LT_CMD_RELOAD])dnl +m4_require([_LT_CHECK_MAGIC_METHOD])dnl +m4_require([_LT_CHECK_SHAREDLIB_FROM_LINKLIB])dnl +m4_require([_LT_CMD_OLD_ARCHIVE])dnl +m4_require([_LT_CMD_GLOBAL_SYMBOLS])dnl +m4_require([_LT_WITH_SYSROOT])dnl + +_LT_CONFIG_LIBTOOL_INIT([ +# See if we are running on zsh, and set the options which allow our +# commands through without removal of \ escapes INIT. +if test -n "\${ZSH_VERSION+set}" ; then + setopt NO_GLOB_SUBST +fi +]) +if test -n "${ZSH_VERSION+set}" ; then + setopt NO_GLOB_SUBST +fi + +_LT_CHECK_OBJDIR + +m4_require([_LT_TAG_COMPILER])dnl + +case $host_os in +aix3*) + # AIX sometimes has problems with the GCC collect2 program. For some + # reason, if we set the COLLECT_NAMES environment variable, the problems + # vanish in a puff of smoke. + if test "X${COLLECT_NAMES+set}" != Xset; then + COLLECT_NAMES= + export COLLECT_NAMES + fi + ;; +esac + +# Global variables: +ofile=libtool +can_build_shared=yes + +# All known linkers require a `.a' archive for static linking (except MSVC, +# which needs '.lib'). +libext=a + +with_gnu_ld="$lt_cv_prog_gnu_ld" + +old_CC="$CC" +old_CFLAGS="$CFLAGS" + +# Set sane defaults for various variables +test -z "$CC" && CC=cc +test -z "$LTCC" && LTCC=$CC +test -z "$LTCFLAGS" && LTCFLAGS=$CFLAGS +test -z "$LD" && LD=ld +test -z "$ac_objext" && ac_objext=o + +_LT_CC_BASENAME([$compiler]) + +# Only perform the check for file, if the check method requires it +test -z "$MAGIC_CMD" && MAGIC_CMD=file +case $deplibs_check_method in +file_magic*) + if test "$file_magic_cmd" = '$MAGIC_CMD'; then + _LT_PATH_MAGIC + fi + ;; +esac + +# Use C for the default configuration in the libtool script +LT_SUPPORTED_TAG([CC]) +_LT_LANG_C_CONFIG +_LT_LANG_DEFAULT_CONFIG +_LT_CONFIG_COMMANDS +])# _LT_SETUP + + +# _LT_PREPARE_SED_QUOTE_VARS +# -------------------------- +# Define a few sed substitution that help us do robust quoting. +m4_defun([_LT_PREPARE_SED_QUOTE_VARS], +[# Backslashify metacharacters that are still active within +# double-quoted strings. +sed_quote_subst='s/\([["`$\\]]\)/\\\1/g' + +# Same as above, but do not quote variable references. +double_quote_subst='s/\([["`\\]]\)/\\\1/g' + +# Sed substitution to delay expansion of an escaped shell variable in a +# double_quote_subst'ed string. +delay_variable_subst='s/\\\\\\\\\\\$/\\\\\\$/g' + +# Sed substitution to delay expansion of an escaped single quote. +delay_single_quote_subst='s/'\''/'\'\\\\\\\'\''/g' + +# Sed substitution to avoid accidental globbing in evaled expressions +no_glob_subst='s/\*/\\\*/g' +]) + +# _LT_PROG_LTMAIN +# --------------- +# Note that this code is called both from `configure', and `config.status' +# now that we use AC_CONFIG_COMMANDS to generate libtool. Notably, +# `config.status' has no value for ac_aux_dir unless we are using Automake, +# so we pass a copy along to make sure it has a sensible value anyway. +m4_defun([_LT_PROG_LTMAIN], +[m4_ifdef([AC_REQUIRE_AUX_FILE], [AC_REQUIRE_AUX_FILE([ltmain.sh])])dnl +_LT_CONFIG_LIBTOOL_INIT([ac_aux_dir='$ac_aux_dir']) +ltmain="$ac_aux_dir/ltmain.sh" +])# _LT_PROG_LTMAIN + + + +# So that we can recreate a full libtool script including additional +# tags, we accumulate the chunks of code to send to AC_CONFIG_COMMANDS +# in macros and then make a single call at the end using the `libtool' +# label. + + +# _LT_CONFIG_LIBTOOL_INIT([INIT-COMMANDS]) +# ---------------------------------------- +# Register INIT-COMMANDS to be passed to AC_CONFIG_COMMANDS later. +m4_define([_LT_CONFIG_LIBTOOL_INIT], +[m4_ifval([$1], + [m4_append([_LT_OUTPUT_LIBTOOL_INIT], + [$1 +])])]) + +# Initialize. +m4_define([_LT_OUTPUT_LIBTOOL_INIT]) + + +# _LT_CONFIG_LIBTOOL([COMMANDS]) +# ------------------------------ +# Register COMMANDS to be passed to AC_CONFIG_COMMANDS later. +m4_define([_LT_CONFIG_LIBTOOL], +[m4_ifval([$1], + [m4_append([_LT_OUTPUT_LIBTOOL_COMMANDS], + [$1 +])])]) + +# Initialize. +m4_define([_LT_OUTPUT_LIBTOOL_COMMANDS]) + + +# _LT_CONFIG_SAVE_COMMANDS([COMMANDS], [INIT_COMMANDS]) +# ----------------------------------------------------- +m4_defun([_LT_CONFIG_SAVE_COMMANDS], +[_LT_CONFIG_LIBTOOL([$1]) +_LT_CONFIG_LIBTOOL_INIT([$2]) +]) + + +# _LT_FORMAT_COMMENT([COMMENT]) +# ----------------------------- +# Add leading comment marks to the start of each line, and a trailing +# full-stop to the whole comment if one is not present already. +m4_define([_LT_FORMAT_COMMENT], +[m4_ifval([$1], [ +m4_bpatsubst([m4_bpatsubst([$1], [^ *], [# ])], + [['`$\]], [\\\&])]m4_bmatch([$1], [[!?.]$], [], [.]) +)]) + + + + + +# _LT_DECL([CONFIGNAME], VARNAME, VALUE, [DESCRIPTION], [IS-TAGGED?]) +# ------------------------------------------------------------------- +# CONFIGNAME is the name given to the value in the libtool script. +# VARNAME is the (base) name used in the configure script. +# VALUE may be 0, 1 or 2 for a computed quote escaped value based on +# VARNAME. Any other value will be used directly. +m4_define([_LT_DECL], +[lt_if_append_uniq([lt_decl_varnames], [$2], [, ], + [lt_dict_add_subkey([lt_decl_dict], [$2], [libtool_name], + [m4_ifval([$1], [$1], [$2])]) + lt_dict_add_subkey([lt_decl_dict], [$2], [value], [$3]) + m4_ifval([$4], + [lt_dict_add_subkey([lt_decl_dict], [$2], [description], [$4])]) + lt_dict_add_subkey([lt_decl_dict], [$2], + [tagged?], [m4_ifval([$5], [yes], [no])])]) +]) + + +# _LT_TAGDECL([CONFIGNAME], VARNAME, VALUE, [DESCRIPTION]) +# -------------------------------------------------------- +m4_define([_LT_TAGDECL], [_LT_DECL([$1], [$2], [$3], [$4], [yes])]) + + +# lt_decl_tag_varnames([SEPARATOR], [VARNAME1...]) +# ------------------------------------------------ +m4_define([lt_decl_tag_varnames], +[_lt_decl_filter([tagged?], [yes], $@)]) + + +# _lt_decl_filter(SUBKEY, VALUE, [SEPARATOR], [VARNAME1..]) +# --------------------------------------------------------- +m4_define([_lt_decl_filter], +[m4_case([$#], + [0], [m4_fatal([$0: too few arguments: $#])], + [1], [m4_fatal([$0: too few arguments: $#: $1])], + [2], [lt_dict_filter([lt_decl_dict], [$1], [$2], [], lt_decl_varnames)], + [3], [lt_dict_filter([lt_decl_dict], [$1], [$2], [$3], lt_decl_varnames)], + [lt_dict_filter([lt_decl_dict], $@)])[]dnl +]) + + +# lt_decl_quote_varnames([SEPARATOR], [VARNAME1...]) +# -------------------------------------------------- +m4_define([lt_decl_quote_varnames], +[_lt_decl_filter([value], [1], $@)]) + + +# lt_decl_dquote_varnames([SEPARATOR], [VARNAME1...]) +# --------------------------------------------------- +m4_define([lt_decl_dquote_varnames], +[_lt_decl_filter([value], [2], $@)]) + + +# lt_decl_varnames_tagged([SEPARATOR], [VARNAME1...]) +# --------------------------------------------------- +m4_define([lt_decl_varnames_tagged], +[m4_assert([$# <= 2])dnl +_$0(m4_quote(m4_default([$1], [[, ]])), + m4_ifval([$2], [[$2]], [m4_dquote(lt_decl_tag_varnames)]), + m4_split(m4_normalize(m4_quote(_LT_TAGS)), [ ]))]) +m4_define([_lt_decl_varnames_tagged], +[m4_ifval([$3], [lt_combine([$1], [$2], [_], $3)])]) + + +# lt_decl_all_varnames([SEPARATOR], [VARNAME1...]) +# ------------------------------------------------ +m4_define([lt_decl_all_varnames], +[_$0(m4_quote(m4_default([$1], [[, ]])), + m4_if([$2], [], + m4_quote(lt_decl_varnames), + m4_quote(m4_shift($@))))[]dnl +]) +m4_define([_lt_decl_all_varnames], +[lt_join($@, lt_decl_varnames_tagged([$1], + lt_decl_tag_varnames([[, ]], m4_shift($@))))dnl +]) + + +# _LT_CONFIG_STATUS_DECLARE([VARNAME]) +# ------------------------------------ +# Quote a variable value, and forward it to `config.status' so that its +# declaration there will have the same value as in `configure'. VARNAME +# must have a single quote delimited value for this to work. +m4_define([_LT_CONFIG_STATUS_DECLARE], +[$1='`$ECHO "$][$1" | $SED "$delay_single_quote_subst"`']) + + +# _LT_CONFIG_STATUS_DECLARATIONS +# ------------------------------ +# We delimit libtool config variables with single quotes, so when +# we write them to config.status, we have to be sure to quote all +# embedded single quotes properly. In configure, this macro expands +# each variable declared with _LT_DECL (and _LT_TAGDECL) into: +# +# ='`$ECHO "$" | $SED "$delay_single_quote_subst"`' +m4_defun([_LT_CONFIG_STATUS_DECLARATIONS], +[m4_foreach([_lt_var], m4_quote(lt_decl_all_varnames), + [m4_n([_LT_CONFIG_STATUS_DECLARE(_lt_var)])])]) + + +# _LT_LIBTOOL_TAGS +# ---------------- +# Output comment and list of tags supported by the script +m4_defun([_LT_LIBTOOL_TAGS], +[_LT_FORMAT_COMMENT([The names of the tagged configurations supported by this script])dnl +available_tags="_LT_TAGS"dnl +]) + + +# _LT_LIBTOOL_DECLARE(VARNAME, [TAG]) +# ----------------------------------- +# Extract the dictionary values for VARNAME (optionally with TAG) and +# expand to a commented shell variable setting: +# +# # Some comment about what VAR is for. +# visible_name=$lt_internal_name +m4_define([_LT_LIBTOOL_DECLARE], +[_LT_FORMAT_COMMENT(m4_quote(lt_dict_fetch([lt_decl_dict], [$1], + [description])))[]dnl +m4_pushdef([_libtool_name], + m4_quote(lt_dict_fetch([lt_decl_dict], [$1], [libtool_name])))[]dnl +m4_case(m4_quote(lt_dict_fetch([lt_decl_dict], [$1], [value])), + [0], [_libtool_name=[$]$1], + [1], [_libtool_name=$lt_[]$1], + [2], [_libtool_name=$lt_[]$1], + [_libtool_name=lt_dict_fetch([lt_decl_dict], [$1], [value])])[]dnl +m4_ifval([$2], [_$2])[]m4_popdef([_libtool_name])[]dnl +]) + + +# _LT_LIBTOOL_CONFIG_VARS +# ----------------------- +# Produce commented declarations of non-tagged libtool config variables +# suitable for insertion in the LIBTOOL CONFIG section of the `libtool' +# script. Tagged libtool config variables (even for the LIBTOOL CONFIG +# section) are produced by _LT_LIBTOOL_TAG_VARS. +m4_defun([_LT_LIBTOOL_CONFIG_VARS], +[m4_foreach([_lt_var], + m4_quote(_lt_decl_filter([tagged?], [no], [], lt_decl_varnames)), + [m4_n([_LT_LIBTOOL_DECLARE(_lt_var)])])]) + + +# _LT_LIBTOOL_TAG_VARS(TAG) +# ------------------------- +m4_define([_LT_LIBTOOL_TAG_VARS], +[m4_foreach([_lt_var], m4_quote(lt_decl_tag_varnames), + [m4_n([_LT_LIBTOOL_DECLARE(_lt_var, [$1])])])]) + + +# _LT_TAGVAR(VARNAME, [TAGNAME]) +# ------------------------------ +m4_define([_LT_TAGVAR], [m4_ifval([$2], [$1_$2], [$1])]) + + +# _LT_CONFIG_COMMANDS +# ------------------- +# Send accumulated output to $CONFIG_STATUS. Thanks to the lists of +# variables for single and double quote escaping we saved from calls +# to _LT_DECL, we can put quote escaped variables declarations +# into `config.status', and then the shell code to quote escape them in +# for loops in `config.status'. Finally, any additional code accumulated +# from calls to _LT_CONFIG_LIBTOOL_INIT is expanded. +m4_defun([_LT_CONFIG_COMMANDS], +[AC_PROVIDE_IFELSE([LT_OUTPUT], + dnl If the libtool generation code has been placed in $CONFIG_LT, + dnl instead of duplicating it all over again into config.status, + dnl then we will have config.status run $CONFIG_LT later, so it + dnl needs to know what name is stored there: + [AC_CONFIG_COMMANDS([libtool], + [$SHELL $CONFIG_LT || AS_EXIT(1)], [CONFIG_LT='$CONFIG_LT'])], + dnl If the libtool generation code is destined for config.status, + dnl expand the accumulated commands and init code now: + [AC_CONFIG_COMMANDS([libtool], + [_LT_OUTPUT_LIBTOOL_COMMANDS], [_LT_OUTPUT_LIBTOOL_COMMANDS_INIT])]) +])#_LT_CONFIG_COMMANDS + + +# Initialize. +m4_define([_LT_OUTPUT_LIBTOOL_COMMANDS_INIT], +[ + +# The HP-UX ksh and POSIX shell print the target directory to stdout +# if CDPATH is set. +(unset CDPATH) >/dev/null 2>&1 && unset CDPATH + +sed_quote_subst='$sed_quote_subst' +double_quote_subst='$double_quote_subst' +delay_variable_subst='$delay_variable_subst' +_LT_CONFIG_STATUS_DECLARATIONS +LTCC='$LTCC' +LTCFLAGS='$LTCFLAGS' +compiler='$compiler_DEFAULT' + +# A function that is used when there is no print builtin or printf. +func_fallback_echo () +{ + eval 'cat <<_LTECHO_EOF +\$[]1 +_LTECHO_EOF' +} + +# Quote evaled strings. +for var in lt_decl_all_varnames([[ \ +]], lt_decl_quote_varnames); do + case \`eval \\\\\$ECHO \\\\""\\\\\$\$var"\\\\"\` in + *[[\\\\\\\`\\"\\\$]]*) + eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"\\\$\$var\\" | \\\$SED \\"\\\$sed_quote_subst\\"\\\`\\\\\\"" + ;; + *) + eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\"" + ;; + esac +done + +# Double-quote double-evaled strings. +for var in lt_decl_all_varnames([[ \ +]], lt_decl_dquote_varnames); do + case \`eval \\\\\$ECHO \\\\""\\\\\$\$var"\\\\"\` in + *[[\\\\\\\`\\"\\\$]]*) + eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"\\\$\$var\\" | \\\$SED -e \\"\\\$double_quote_subst\\" -e \\"\\\$sed_quote_subst\\" -e \\"\\\$delay_variable_subst\\"\\\`\\\\\\"" + ;; + *) + eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\"" + ;; + esac +done + +_LT_OUTPUT_LIBTOOL_INIT +]) + +# _LT_GENERATED_FILE_INIT(FILE, [COMMENT]) +# ------------------------------------ +# Generate a child script FILE with all initialization necessary to +# reuse the environment learned by the parent script, and make the +# file executable. If COMMENT is supplied, it is inserted after the +# `#!' sequence but before initialization text begins. After this +# macro, additional text can be appended to FILE to form the body of +# the child script. The macro ends with non-zero status if the +# file could not be fully written (such as if the disk is full). +m4_ifdef([AS_INIT_GENERATED], +[m4_defun([_LT_GENERATED_FILE_INIT],[AS_INIT_GENERATED($@)])], +[m4_defun([_LT_GENERATED_FILE_INIT], +[m4_require([AS_PREPARE])]dnl +[m4_pushdef([AS_MESSAGE_LOG_FD])]dnl +[lt_write_fail=0 +cat >$1 <<_ASEOF || lt_write_fail=1 +#! $SHELL +# Generated by $as_me. +$2 +SHELL=\${CONFIG_SHELL-$SHELL} +export SHELL +_ASEOF +cat >>$1 <<\_ASEOF || lt_write_fail=1 +AS_SHELL_SANITIZE +_AS_PREPARE +exec AS_MESSAGE_FD>&1 +_ASEOF +test $lt_write_fail = 0 && chmod +x $1[]dnl +m4_popdef([AS_MESSAGE_LOG_FD])])])# _LT_GENERATED_FILE_INIT + +# LT_OUTPUT +# --------- +# This macro allows early generation of the libtool script (before +# AC_OUTPUT is called), incase it is used in configure for compilation +# tests. +AC_DEFUN([LT_OUTPUT], +[: ${CONFIG_LT=./config.lt} +AC_MSG_NOTICE([creating $CONFIG_LT]) +_LT_GENERATED_FILE_INIT(["$CONFIG_LT"], +[# Run this file to recreate a libtool stub with the current configuration.]) + +cat >>"$CONFIG_LT" <<\_LTEOF +lt_cl_silent=false +exec AS_MESSAGE_LOG_FD>>config.log +{ + echo + AS_BOX([Running $as_me.]) +} >&AS_MESSAGE_LOG_FD + +lt_cl_help="\ +\`$as_me' creates a local libtool stub from the current configuration, +for use in further configure time tests before the real libtool is +generated. + +Usage: $[0] [[OPTIONS]] + + -h, --help print this help, then exit + -V, --version print version number, then exit + -q, --quiet do not print progress messages + -d, --debug don't remove temporary files + +Report bugs to ." + +lt_cl_version="\ +m4_ifset([AC_PACKAGE_NAME], [AC_PACKAGE_NAME ])config.lt[]dnl +m4_ifset([AC_PACKAGE_VERSION], [ AC_PACKAGE_VERSION]) +configured by $[0], generated by m4_PACKAGE_STRING. + +Copyright (C) 2011 Free Software Foundation, Inc. +This config.lt script is free software; the Free Software Foundation +gives unlimited permision to copy, distribute and modify it." + +while test $[#] != 0 +do + case $[1] in + --version | --v* | -V ) + echo "$lt_cl_version"; exit 0 ;; + --help | --h* | -h ) + echo "$lt_cl_help"; exit 0 ;; + --debug | --d* | -d ) + debug=: ;; + --quiet | --q* | --silent | --s* | -q ) + lt_cl_silent=: ;; + + -*) AC_MSG_ERROR([unrecognized option: $[1] +Try \`$[0] --help' for more information.]) ;; + + *) AC_MSG_ERROR([unrecognized argument: $[1] +Try \`$[0] --help' for more information.]) ;; + esac + shift +done + +if $lt_cl_silent; then + exec AS_MESSAGE_FD>/dev/null +fi +_LTEOF + +cat >>"$CONFIG_LT" <<_LTEOF +_LT_OUTPUT_LIBTOOL_COMMANDS_INIT +_LTEOF + +cat >>"$CONFIG_LT" <<\_LTEOF +AC_MSG_NOTICE([creating $ofile]) +_LT_OUTPUT_LIBTOOL_COMMANDS +AS_EXIT(0) +_LTEOF +chmod +x "$CONFIG_LT" + +# configure is writing to config.log, but config.lt does its own redirection, +# appending to config.log, which fails on DOS, as config.log is still kept +# open by configure. Here we exec the FD to /dev/null, effectively closing +# config.log, so it can be properly (re)opened and appended to by config.lt. +lt_cl_success=: +test "$silent" = yes && + lt_config_lt_args="$lt_config_lt_args --quiet" +exec AS_MESSAGE_LOG_FD>/dev/null +$SHELL "$CONFIG_LT" $lt_config_lt_args || lt_cl_success=false +exec AS_MESSAGE_LOG_FD>>config.log +$lt_cl_success || AS_EXIT(1) +])# LT_OUTPUT + + +# _LT_CONFIG(TAG) +# --------------- +# If TAG is the built-in tag, create an initial libtool script with a +# default configuration from the untagged config vars. Otherwise add code +# to config.status for appending the configuration named by TAG from the +# matching tagged config vars. +m4_defun([_LT_CONFIG], +[m4_require([_LT_FILEUTILS_DEFAULTS])dnl +_LT_CONFIG_SAVE_COMMANDS([ + m4_define([_LT_TAG], m4_if([$1], [], [C], [$1]))dnl + m4_if(_LT_TAG, [C], [ + # See if we are running on zsh, and set the options which allow our + # commands through without removal of \ escapes. + if test -n "${ZSH_VERSION+set}" ; then + setopt NO_GLOB_SUBST + fi + + cfgfile="${ofile}T" + trap "$RM \"$cfgfile\"; exit 1" 1 2 15 + $RM "$cfgfile" + + cat <<_LT_EOF >> "$cfgfile" +#! $SHELL + +# `$ECHO "$ofile" | sed 's%^.*/%%'` - Provide generalized library-building support services. +# Generated automatically by $as_me ($PACKAGE$TIMESTAMP) $VERSION +# Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`: +# NOTE: Changes made to this file will be lost: look at ltmain.sh. +# +_LT_COPYING +_LT_LIBTOOL_TAGS + +# ### BEGIN LIBTOOL CONFIG +_LT_LIBTOOL_CONFIG_VARS +_LT_LIBTOOL_TAG_VARS +# ### END LIBTOOL CONFIG + +_LT_EOF + + case $host_os in + aix3*) + cat <<\_LT_EOF >> "$cfgfile" +# AIX sometimes has problems with the GCC collect2 program. For some +# reason, if we set the COLLECT_NAMES environment variable, the problems +# vanish in a puff of smoke. +if test "X${COLLECT_NAMES+set}" != Xset; then + COLLECT_NAMES= + export COLLECT_NAMES +fi +_LT_EOF + ;; + esac + + _LT_PROG_LTMAIN + + # We use sed instead of cat because bash on DJGPP gets confused if + # if finds mixed CR/LF and LF-only lines. Since sed operates in + # text mode, it properly converts lines to CR/LF. This bash problem + # is reportedly fixed, but why not run on old versions too? + sed '$q' "$ltmain" >> "$cfgfile" \ + || (rm -f "$cfgfile"; exit 1) + + _LT_PROG_REPLACE_SHELLFNS + + mv -f "$cfgfile" "$ofile" || + (rm -f "$ofile" && cp "$cfgfile" "$ofile" && rm -f "$cfgfile") + chmod +x "$ofile" +], +[cat <<_LT_EOF >> "$ofile" + +dnl Unfortunately we have to use $1 here, since _LT_TAG is not expanded +dnl in a comment (ie after a #). +# ### BEGIN LIBTOOL TAG CONFIG: $1 +_LT_LIBTOOL_TAG_VARS(_LT_TAG) +# ### END LIBTOOL TAG CONFIG: $1 +_LT_EOF +])dnl /m4_if +], +[m4_if([$1], [], [ + PACKAGE='$PACKAGE' + VERSION='$VERSION' + TIMESTAMP='$TIMESTAMP' + RM='$RM' + ofile='$ofile'], []) +])dnl /_LT_CONFIG_SAVE_COMMANDS +])# _LT_CONFIG + + +# LT_SUPPORTED_TAG(TAG) +# --------------------- +# Trace this macro to discover what tags are supported by the libtool +# --tag option, using: +# autoconf --trace 'LT_SUPPORTED_TAG:$1' +AC_DEFUN([LT_SUPPORTED_TAG], []) + + +# C support is built-in for now +m4_define([_LT_LANG_C_enabled], []) +m4_define([_LT_TAGS], []) + + +# LT_LANG(LANG) +# ------------- +# Enable libtool support for the given language if not already enabled. +AC_DEFUN([LT_LANG], +[AC_BEFORE([$0], [LT_OUTPUT])dnl +m4_case([$1], + [C], [_LT_LANG(C)], + [C++], [_LT_LANG(CXX)], + [Go], [_LT_LANG(GO)], + [Java], [_LT_LANG(GCJ)], + [Fortran 77], [_LT_LANG(F77)], + [Fortran], [_LT_LANG(FC)], + [Windows Resource], [_LT_LANG(RC)], + [m4_ifdef([_LT_LANG_]$1[_CONFIG], + [_LT_LANG($1)], + [m4_fatal([$0: unsupported language: "$1"])])])dnl +])# LT_LANG + + +# _LT_LANG(LANGNAME) +# ------------------ +m4_defun([_LT_LANG], +[m4_ifdef([_LT_LANG_]$1[_enabled], [], + [LT_SUPPORTED_TAG([$1])dnl + m4_append([_LT_TAGS], [$1 ])dnl + m4_define([_LT_LANG_]$1[_enabled], [])dnl + _LT_LANG_$1_CONFIG($1)])dnl +])# _LT_LANG + + +m4_ifndef([AC_PROG_GO], [ +# NOTE: This macro has been submitted for inclusion into # +# GNU Autoconf as AC_PROG_GO. When it is available in # +# a released version of Autoconf we should remove this # +# macro and use it instead. # +m4_defun([AC_PROG_GO], +[AC_LANG_PUSH(Go)dnl +AC_ARG_VAR([GOC], [Go compiler command])dnl +AC_ARG_VAR([GOFLAGS], [Go compiler flags])dnl +_AC_ARG_VAR_LDFLAGS()dnl +AC_CHECK_TOOL(GOC, gccgo) +if test -z "$GOC"; then + if test -n "$ac_tool_prefix"; then + AC_CHECK_PROG(GOC, [${ac_tool_prefix}gccgo], [${ac_tool_prefix}gccgo]) + fi +fi +if test -z "$GOC"; then + AC_CHECK_PROG(GOC, gccgo, gccgo, false) +fi +])#m4_defun +])#m4_ifndef + + +# _LT_LANG_DEFAULT_CONFIG +# ----------------------- +m4_defun([_LT_LANG_DEFAULT_CONFIG], +[AC_PROVIDE_IFELSE([AC_PROG_CXX], + [LT_LANG(CXX)], + [m4_define([AC_PROG_CXX], defn([AC_PROG_CXX])[LT_LANG(CXX)])]) + +AC_PROVIDE_IFELSE([AC_PROG_F77], + [LT_LANG(F77)], + [m4_define([AC_PROG_F77], defn([AC_PROG_F77])[LT_LANG(F77)])]) + +AC_PROVIDE_IFELSE([AC_PROG_FC], + [LT_LANG(FC)], + [m4_define([AC_PROG_FC], defn([AC_PROG_FC])[LT_LANG(FC)])]) + +dnl The call to [A][M_PROG_GCJ] is quoted like that to stop aclocal +dnl pulling things in needlessly. +AC_PROVIDE_IFELSE([AC_PROG_GCJ], + [LT_LANG(GCJ)], + [AC_PROVIDE_IFELSE([A][M_PROG_GCJ], + [LT_LANG(GCJ)], + [AC_PROVIDE_IFELSE([LT_PROG_GCJ], + [LT_LANG(GCJ)], + [m4_ifdef([AC_PROG_GCJ], + [m4_define([AC_PROG_GCJ], defn([AC_PROG_GCJ])[LT_LANG(GCJ)])]) + m4_ifdef([A][M_PROG_GCJ], + [m4_define([A][M_PROG_GCJ], defn([A][M_PROG_GCJ])[LT_LANG(GCJ)])]) + m4_ifdef([LT_PROG_GCJ], + [m4_define([LT_PROG_GCJ], defn([LT_PROG_GCJ])[LT_LANG(GCJ)])])])])]) + +AC_PROVIDE_IFELSE([AC_PROG_GO], + [LT_LANG(GO)], + [m4_define([AC_PROG_GO], defn([AC_PROG_GO])[LT_LANG(GO)])]) + +AC_PROVIDE_IFELSE([LT_PROG_RC], + [LT_LANG(RC)], + [m4_define([LT_PROG_RC], defn([LT_PROG_RC])[LT_LANG(RC)])]) +])# _LT_LANG_DEFAULT_CONFIG + +# Obsolete macros: +AU_DEFUN([AC_LIBTOOL_CXX], [LT_LANG(C++)]) +AU_DEFUN([AC_LIBTOOL_F77], [LT_LANG(Fortran 77)]) +AU_DEFUN([AC_LIBTOOL_FC], [LT_LANG(Fortran)]) +AU_DEFUN([AC_LIBTOOL_GCJ], [LT_LANG(Java)]) +AU_DEFUN([AC_LIBTOOL_RC], [LT_LANG(Windows Resource)]) +dnl aclocal-1.4 backwards compatibility: +dnl AC_DEFUN([AC_LIBTOOL_CXX], []) +dnl AC_DEFUN([AC_LIBTOOL_F77], []) +dnl AC_DEFUN([AC_LIBTOOL_FC], []) +dnl AC_DEFUN([AC_LIBTOOL_GCJ], []) +dnl AC_DEFUN([AC_LIBTOOL_RC], []) + + +# _LT_TAG_COMPILER +# ---------------- +m4_defun([_LT_TAG_COMPILER], +[AC_REQUIRE([AC_PROG_CC])dnl + +_LT_DECL([LTCC], [CC], [1], [A C compiler])dnl +_LT_DECL([LTCFLAGS], [CFLAGS], [1], [LTCC compiler flags])dnl +_LT_TAGDECL([CC], [compiler], [1], [A language specific compiler])dnl +_LT_TAGDECL([with_gcc], [GCC], [0], [Is the compiler the GNU compiler?])dnl + +# If no C compiler was specified, use CC. +LTCC=${LTCC-"$CC"} + +# If no C compiler flags were specified, use CFLAGS. +LTCFLAGS=${LTCFLAGS-"$CFLAGS"} + +# Allow CC to be a program name with arguments. +compiler=$CC +])# _LT_TAG_COMPILER + + +# _LT_COMPILER_BOILERPLATE +# ------------------------ +# Check for compiler boilerplate output or warnings with +# the simple compiler test code. +m4_defun([_LT_COMPILER_BOILERPLATE], +[m4_require([_LT_DECL_SED])dnl +ac_outfile=conftest.$ac_objext +echo "$lt_simple_compile_test_code" >conftest.$ac_ext +eval "$ac_compile" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err +_lt_compiler_boilerplate=`cat conftest.err` +$RM conftest* +])# _LT_COMPILER_BOILERPLATE + + +# _LT_LINKER_BOILERPLATE +# ---------------------- +# Check for linker boilerplate output or warnings with +# the simple link test code. +m4_defun([_LT_LINKER_BOILERPLATE], +[m4_require([_LT_DECL_SED])dnl +ac_outfile=conftest.$ac_objext +echo "$lt_simple_link_test_code" >conftest.$ac_ext +eval "$ac_link" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err +_lt_linker_boilerplate=`cat conftest.err` +$RM -r conftest* +])# _LT_LINKER_BOILERPLATE + +# _LT_REQUIRED_DARWIN_CHECKS +# ------------------------- +m4_defun_once([_LT_REQUIRED_DARWIN_CHECKS],[ + case $host_os in + rhapsody* | darwin*) + AC_CHECK_TOOL([DSYMUTIL], [dsymutil], [:]) + AC_CHECK_TOOL([NMEDIT], [nmedit], [:]) + AC_CHECK_TOOL([LIPO], [lipo], [:]) + AC_CHECK_TOOL([OTOOL], [otool], [:]) + AC_CHECK_TOOL([OTOOL64], [otool64], [:]) + _LT_DECL([], [DSYMUTIL], [1], + [Tool to manipulate archived DWARF debug symbol files on Mac OS X]) + _LT_DECL([], [NMEDIT], [1], + [Tool to change global to local symbols on Mac OS X]) + _LT_DECL([], [LIPO], [1], + [Tool to manipulate fat objects and archives on Mac OS X]) + _LT_DECL([], [OTOOL], [1], + [ldd/readelf like tool for Mach-O binaries on Mac OS X]) + _LT_DECL([], [OTOOL64], [1], + [ldd/readelf like tool for 64 bit Mach-O binaries on Mac OS X 10.4]) + + AC_CACHE_CHECK([for -single_module linker flag],[lt_cv_apple_cc_single_mod], + [lt_cv_apple_cc_single_mod=no + if test -z "${LT_MULTI_MODULE}"; then + # By default we will add the -single_module flag. You can override + # by either setting the environment variable LT_MULTI_MODULE + # non-empty at configure time, or by adding -multi_module to the + # link flags. + rm -rf libconftest.dylib* + echo "int foo(void){return 1;}" > conftest.c + echo "$LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \ +-dynamiclib -Wl,-single_module conftest.c" >&AS_MESSAGE_LOG_FD + $LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \ + -dynamiclib -Wl,-single_module conftest.c 2>conftest.err + _lt_result=$? + # If there is a non-empty error log, and "single_module" + # appears in it, assume the flag caused a linker warning + if test -s conftest.err && $GREP single_module conftest.err; then + cat conftest.err >&AS_MESSAGE_LOG_FD + # Otherwise, if the output was created with a 0 exit code from + # the compiler, it worked. + elif test -f libconftest.dylib && test $_lt_result -eq 0; then + lt_cv_apple_cc_single_mod=yes + else + cat conftest.err >&AS_MESSAGE_LOG_FD + fi + rm -rf libconftest.dylib* + rm -f conftest.* + fi]) + + AC_CACHE_CHECK([for -exported_symbols_list linker flag], + [lt_cv_ld_exported_symbols_list], + [lt_cv_ld_exported_symbols_list=no + save_LDFLAGS=$LDFLAGS + echo "_main" > conftest.sym + LDFLAGS="$LDFLAGS -Wl,-exported_symbols_list,conftest.sym" + AC_LINK_IFELSE([AC_LANG_PROGRAM([],[])], + [lt_cv_ld_exported_symbols_list=yes], + [lt_cv_ld_exported_symbols_list=no]) + LDFLAGS="$save_LDFLAGS" + ]) + + AC_CACHE_CHECK([for -force_load linker flag],[lt_cv_ld_force_load], + [lt_cv_ld_force_load=no + cat > conftest.c << _LT_EOF +int forced_loaded() { return 2;} +_LT_EOF + echo "$LTCC $LTCFLAGS -c -o conftest.o conftest.c" >&AS_MESSAGE_LOG_FD + $LTCC $LTCFLAGS -c -o conftest.o conftest.c 2>&AS_MESSAGE_LOG_FD + echo "$AR cru libconftest.a conftest.o" >&AS_MESSAGE_LOG_FD + $AR cru libconftest.a conftest.o 2>&AS_MESSAGE_LOG_FD + echo "$RANLIB libconftest.a" >&AS_MESSAGE_LOG_FD + $RANLIB libconftest.a 2>&AS_MESSAGE_LOG_FD + cat > conftest.c << _LT_EOF +int main() { return 0;} +_LT_EOF + echo "$LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a" >&AS_MESSAGE_LOG_FD + $LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a 2>conftest.err + _lt_result=$? + if test -s conftest.err && $GREP force_load conftest.err; then + cat conftest.err >&AS_MESSAGE_LOG_FD + elif test -f conftest && test $_lt_result -eq 0 && $GREP forced_load conftest >/dev/null 2>&1 ; then + lt_cv_ld_force_load=yes + else + cat conftest.err >&AS_MESSAGE_LOG_FD + fi + rm -f conftest.err libconftest.a conftest conftest.c + rm -rf conftest.dSYM + ]) + case $host_os in + rhapsody* | darwin1.[[012]]) + _lt_dar_allow_undefined='${wl}-undefined ${wl}suppress' ;; + darwin1.*) + _lt_dar_allow_undefined='${wl}-flat_namespace ${wl}-undefined ${wl}suppress' ;; + darwin*) # darwin 5.x on + # if running on 10.5 or later, the deployment target defaults + # to the OS version, if on x86, and 10.4, the deployment + # target defaults to 10.4. Don't you love it? + case ${MACOSX_DEPLOYMENT_TARGET-10.0},$host in + 10.0,*86*-darwin8*|10.0,*-darwin[[91]]*) + _lt_dar_allow_undefined='${wl}-undefined ${wl}dynamic_lookup' ;; + 10.[[012]]*) + _lt_dar_allow_undefined='${wl}-flat_namespace ${wl}-undefined ${wl}suppress' ;; + 10.*) + _lt_dar_allow_undefined='${wl}-undefined ${wl}dynamic_lookup' ;; + esac + ;; + esac + if test "$lt_cv_apple_cc_single_mod" = "yes"; then + _lt_dar_single_mod='$single_module' + fi + if test "$lt_cv_ld_exported_symbols_list" = "yes"; then + _lt_dar_export_syms=' ${wl}-exported_symbols_list,$output_objdir/${libname}-symbols.expsym' + else + _lt_dar_export_syms='~$NMEDIT -s $output_objdir/${libname}-symbols.expsym ${lib}' + fi + if test "$DSYMUTIL" != ":" && test "$lt_cv_ld_force_load" = "no"; then + _lt_dsymutil='~$DSYMUTIL $lib || :' + else + _lt_dsymutil= + fi + ;; + esac +]) + + +# _LT_DARWIN_LINKER_FEATURES([TAG]) +# --------------------------------- +# Checks for linker and compiler features on darwin +m4_defun([_LT_DARWIN_LINKER_FEATURES], +[ + m4_require([_LT_REQUIRED_DARWIN_CHECKS]) + _LT_TAGVAR(archive_cmds_need_lc, $1)=no + _LT_TAGVAR(hardcode_direct, $1)=no + _LT_TAGVAR(hardcode_automatic, $1)=yes + _LT_TAGVAR(hardcode_shlibpath_var, $1)=unsupported + if test "$lt_cv_ld_force_load" = "yes"; then + _LT_TAGVAR(whole_archive_flag_spec, $1)='`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience ${wl}-force_load,$conv\"; done; func_echo_all \"$new_convenience\"`' + m4_case([$1], [F77], [_LT_TAGVAR(compiler_needs_object, $1)=yes], + [FC], [_LT_TAGVAR(compiler_needs_object, $1)=yes]) + else + _LT_TAGVAR(whole_archive_flag_spec, $1)='' + fi + _LT_TAGVAR(link_all_deplibs, $1)=yes + _LT_TAGVAR(allow_undefined_flag, $1)="$_lt_dar_allow_undefined" + case $cc_basename in + ifort*) _lt_dar_can_shared=yes ;; + *) _lt_dar_can_shared=$GCC ;; + esac + if test "$_lt_dar_can_shared" = "yes"; then + output_verbose_link_cmd=func_echo_all + _LT_TAGVAR(archive_cmds, $1)="\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod${_lt_dsymutil}" + _LT_TAGVAR(module_cmds, $1)="\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags${_lt_dsymutil}" + _LT_TAGVAR(archive_expsym_cmds, $1)="sed 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring ${_lt_dar_single_mod}${_lt_dar_export_syms}${_lt_dsymutil}" + _LT_TAGVAR(module_expsym_cmds, $1)="sed -e 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags${_lt_dar_export_syms}${_lt_dsymutil}" + m4_if([$1], [CXX], +[ if test "$lt_cv_apple_cc_single_mod" != "yes"; then + _LT_TAGVAR(archive_cmds, $1)="\$CC -r -keep_private_externs -nostdlib -o \${lib}-master.o \$libobjs~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \${lib}-master.o \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring${_lt_dsymutil}" + _LT_TAGVAR(archive_expsym_cmds, $1)="sed 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC -r -keep_private_externs -nostdlib -o \${lib}-master.o \$libobjs~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \${lib}-master.o \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring${_lt_dar_export_syms}${_lt_dsymutil}" + fi +],[]) + else + _LT_TAGVAR(ld_shlibs, $1)=no + fi +]) + +# _LT_SYS_MODULE_PATH_AIX([TAGNAME]) +# ---------------------------------- +# Links a minimal program and checks the executable +# for the system default hardcoded library path. In most cases, +# this is /usr/lib:/lib, but when the MPI compilers are used +# the location of the communication and MPI libs are included too. +# If we don't find anything, use the default library path according +# to the aix ld manual. +# Store the results from the different compilers for each TAGNAME. +# Allow to override them for all tags through lt_cv_aix_libpath. +m4_defun([_LT_SYS_MODULE_PATH_AIX], +[m4_require([_LT_DECL_SED])dnl +if test "${lt_cv_aix_libpath+set}" = set; then + aix_libpath=$lt_cv_aix_libpath +else + AC_CACHE_VAL([_LT_TAGVAR([lt_cv_aix_libpath_], [$1])], + [AC_LINK_IFELSE([AC_LANG_PROGRAM],[ + lt_aix_libpath_sed='[ + /Import File Strings/,/^$/ { + /^0/ { + s/^0 *\([^ ]*\) *$/\1/ + p + } + }]' + _LT_TAGVAR([lt_cv_aix_libpath_], [$1])=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` + # Check for a 64-bit object if we didn't find anything. + if test -z "$_LT_TAGVAR([lt_cv_aix_libpath_], [$1])"; then + _LT_TAGVAR([lt_cv_aix_libpath_], [$1])=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` + fi],[]) + if test -z "$_LT_TAGVAR([lt_cv_aix_libpath_], [$1])"; then + _LT_TAGVAR([lt_cv_aix_libpath_], [$1])="/usr/lib:/lib" + fi + ]) + aix_libpath=$_LT_TAGVAR([lt_cv_aix_libpath_], [$1]) +fi +])# _LT_SYS_MODULE_PATH_AIX + + +# _LT_SHELL_INIT(ARG) +# ------------------- +m4_define([_LT_SHELL_INIT], +[m4_divert_text([M4SH-INIT], [$1 +])])# _LT_SHELL_INIT + + + +# _LT_PROG_ECHO_BACKSLASH +# ----------------------- +# Find how we can fake an echo command that does not interpret backslash. +# In particular, with Autoconf 2.60 or later we add some code to the start +# of the generated configure script which will find a shell with a builtin +# printf (which we can use as an echo command). +m4_defun([_LT_PROG_ECHO_BACKSLASH], +[ECHO='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' +ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO +ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO$ECHO + +AC_MSG_CHECKING([how to print strings]) +# Test print first, because it will be a builtin if present. +if test "X`( print -r -- -n ) 2>/dev/null`" = X-n && \ + test "X`print -r -- $ECHO 2>/dev/null`" = "X$ECHO"; then + ECHO='print -r --' +elif test "X`printf %s $ECHO 2>/dev/null`" = "X$ECHO"; then + ECHO='printf %s\n' +else + # Use this function as a fallback that always works. + func_fallback_echo () + { + eval 'cat <<_LTECHO_EOF +$[]1 +_LTECHO_EOF' + } + ECHO='func_fallback_echo' +fi + +# func_echo_all arg... +# Invoke $ECHO with all args, space-separated. +func_echo_all () +{ + $ECHO "$*" +} + +case "$ECHO" in + printf*) AC_MSG_RESULT([printf]) ;; + print*) AC_MSG_RESULT([print -r]) ;; + *) AC_MSG_RESULT([cat]) ;; +esac + +m4_ifdef([_AS_DETECT_SUGGESTED], +[_AS_DETECT_SUGGESTED([ + test -n "${ZSH_VERSION+set}${BASH_VERSION+set}" || ( + ECHO='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' + ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO + ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO$ECHO + PATH=/empty FPATH=/empty; export PATH FPATH + test "X`printf %s $ECHO`" = "X$ECHO" \ + || test "X`print -r -- $ECHO`" = "X$ECHO" )])]) + +_LT_DECL([], [SHELL], [1], [Shell to use when invoking shell scripts]) +_LT_DECL([], [ECHO], [1], [An echo program that protects backslashes]) +])# _LT_PROG_ECHO_BACKSLASH + + +# _LT_WITH_SYSROOT +# ---------------- +AC_DEFUN([_LT_WITH_SYSROOT], +[AC_MSG_CHECKING([for sysroot]) +AC_ARG_WITH([sysroot], +[ --with-sysroot[=DIR] Search for dependent libraries within DIR + (or the compiler's sysroot if not specified).], +[], [with_sysroot=no]) + +dnl lt_sysroot will always be passed unquoted. We quote it here +dnl in case the user passed a directory name. +lt_sysroot= +case ${with_sysroot} in #( + yes) + if test "$GCC" = yes; then + lt_sysroot=`$CC --print-sysroot 2>/dev/null` + fi + ;; #( + /*) + lt_sysroot=`echo "$with_sysroot" | sed -e "$sed_quote_subst"` + ;; #( + no|'') + ;; #( + *) + AC_MSG_RESULT([${with_sysroot}]) + AC_MSG_ERROR([The sysroot must be an absolute path.]) + ;; +esac + + AC_MSG_RESULT([${lt_sysroot:-no}]) +_LT_DECL([], [lt_sysroot], [0], [The root where to search for ]dnl +[dependent libraries, and in which our libraries should be installed.])]) + +# _LT_ENABLE_LOCK +# --------------- +m4_defun([_LT_ENABLE_LOCK], +[AC_ARG_ENABLE([libtool-lock], + [AS_HELP_STRING([--disable-libtool-lock], + [avoid locking (might break parallel builds)])]) +test "x$enable_libtool_lock" != xno && enable_libtool_lock=yes + +# Some flags need to be propagated to the compiler or linker for good +# libtool support. +case $host in +ia64-*-hpux*) + # Find out which ABI we are using. + echo 'int i;' > conftest.$ac_ext + if AC_TRY_EVAL(ac_compile); then + case `/usr/bin/file conftest.$ac_objext` in + *ELF-32*) + HPUX_IA64_MODE="32" + ;; + *ELF-64*) + HPUX_IA64_MODE="64" + ;; + esac + fi + rm -rf conftest* + ;; +*-*-irix6*) + # Find out which ABI we are using. + echo '[#]line '$LINENO' "configure"' > conftest.$ac_ext + if AC_TRY_EVAL(ac_compile); then + if test "$lt_cv_prog_gnu_ld" = yes; then + case `/usr/bin/file conftest.$ac_objext` in + *32-bit*) + LD="${LD-ld} -melf32bsmip" + ;; + *N32*) + LD="${LD-ld} -melf32bmipn32" + ;; + *64-bit*) + LD="${LD-ld} -melf64bmip" + ;; + esac + else + case `/usr/bin/file conftest.$ac_objext` in + *32-bit*) + LD="${LD-ld} -32" + ;; + *N32*) + LD="${LD-ld} -n32" + ;; + *64-bit*) + LD="${LD-ld} -64" + ;; + esac + fi + fi + rm -rf conftest* + ;; + +x86_64-*kfreebsd*-gnu|x86_64-*linux*|ppc*-*linux*|powerpc*-*linux*| \ +s390*-*linux*|s390*-*tpf*|sparc*-*linux*) + # Find out which ABI we are using. + echo 'int i;' > conftest.$ac_ext + if AC_TRY_EVAL(ac_compile); then + case `/usr/bin/file conftest.o` in + *32-bit*) + case $host in + x86_64-*kfreebsd*-gnu) + LD="${LD-ld} -m elf_i386_fbsd" + ;; + x86_64-*linux*) + LD="${LD-ld} -m elf_i386" + ;; + ppc64-*linux*|powerpc64-*linux*) + LD="${LD-ld} -m elf32ppclinux" + ;; + s390x-*linux*) + LD="${LD-ld} -m elf_s390" + ;; + sparc64-*linux*) + LD="${LD-ld} -m elf32_sparc" + ;; + esac + ;; + *64-bit*) + case $host in + x86_64-*kfreebsd*-gnu) + LD="${LD-ld} -m elf_x86_64_fbsd" + ;; + x86_64-*linux*) + LD="${LD-ld} -m elf_x86_64" + ;; + ppc*-*linux*|powerpc*-*linux*) + LD="${LD-ld} -m elf64ppc" + ;; + s390*-*linux*|s390*-*tpf*) + LD="${LD-ld} -m elf64_s390" + ;; + sparc*-*linux*) + LD="${LD-ld} -m elf64_sparc" + ;; + esac + ;; + esac + fi + rm -rf conftest* + ;; + +*-*-sco3.2v5*) + # On SCO OpenServer 5, we need -belf to get full-featured binaries. + SAVE_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS -belf" + AC_CACHE_CHECK([whether the C compiler needs -belf], lt_cv_cc_needs_belf, + [AC_LANG_PUSH(C) + AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],[[]])],[lt_cv_cc_needs_belf=yes],[lt_cv_cc_needs_belf=no]) + AC_LANG_POP]) + if test x"$lt_cv_cc_needs_belf" != x"yes"; then + # this is probably gcc 2.8.0, egcs 1.0 or newer; no need for -belf + CFLAGS="$SAVE_CFLAGS" + fi + ;; +*-*solaris*) + # Find out which ABI we are using. + echo 'int i;' > conftest.$ac_ext + if AC_TRY_EVAL(ac_compile); then + case `/usr/bin/file conftest.o` in + *64-bit*) + case $lt_cv_prog_gnu_ld in + yes*) + case $host in + i?86-*-solaris*) + LD="${LD-ld} -m elf_x86_64" + ;; + sparc*-*-solaris*) + LD="${LD-ld} -m elf64_sparc" + ;; + esac + # GNU ld 2.21 introduced _sol2 emulations. Use them if available. + if ${LD-ld} -V | grep _sol2 >/dev/null 2>&1; then + LD="${LD-ld}_sol2" + fi + ;; + *) + if ${LD-ld} -64 -r -o conftest2.o conftest.o >/dev/null 2>&1; then + LD="${LD-ld} -64" + fi + ;; + esac + ;; + esac + fi + rm -rf conftest* + ;; +esac + +need_locks="$enable_libtool_lock" +])# _LT_ENABLE_LOCK + + +# _LT_PROG_AR +# ----------- +m4_defun([_LT_PROG_AR], +[AC_CHECK_TOOLS(AR, [ar], false) +: ${AR=ar} +: ${AR_FLAGS=cru} +_LT_DECL([], [AR], [1], [The archiver]) +_LT_DECL([], [AR_FLAGS], [1], [Flags to create an archive]) + +AC_CACHE_CHECK([for archiver @FILE support], [lt_cv_ar_at_file], + [lt_cv_ar_at_file=no + AC_COMPILE_IFELSE([AC_LANG_PROGRAM], + [echo conftest.$ac_objext > conftest.lst + lt_ar_try='$AR $AR_FLAGS libconftest.a @conftest.lst >&AS_MESSAGE_LOG_FD' + AC_TRY_EVAL([lt_ar_try]) + if test "$ac_status" -eq 0; then + # Ensure the archiver fails upon bogus file names. + rm -f conftest.$ac_objext libconftest.a + AC_TRY_EVAL([lt_ar_try]) + if test "$ac_status" -ne 0; then + lt_cv_ar_at_file=@ + fi + fi + rm -f conftest.* libconftest.a + ]) + ]) + +if test "x$lt_cv_ar_at_file" = xno; then + archiver_list_spec= +else + archiver_list_spec=$lt_cv_ar_at_file +fi +_LT_DECL([], [archiver_list_spec], [1], + [How to feed a file listing to the archiver]) +])# _LT_PROG_AR + + +# _LT_CMD_OLD_ARCHIVE +# ------------------- +m4_defun([_LT_CMD_OLD_ARCHIVE], +[_LT_PROG_AR + +AC_CHECK_TOOL(STRIP, strip, :) +test -z "$STRIP" && STRIP=: +_LT_DECL([], [STRIP], [1], [A symbol stripping program]) + +AC_CHECK_TOOL(RANLIB, ranlib, :) +test -z "$RANLIB" && RANLIB=: +_LT_DECL([], [RANLIB], [1], + [Commands used to install an old-style archive]) + +# Determine commands to create old-style static archives. +old_archive_cmds='$AR $AR_FLAGS $oldlib$oldobjs' +old_postinstall_cmds='chmod 644 $oldlib' +old_postuninstall_cmds= + +if test -n "$RANLIB"; then + case $host_os in + openbsd*) + old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB -t \$tool_oldlib" + ;; + *) + old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB \$tool_oldlib" + ;; + esac + old_archive_cmds="$old_archive_cmds~\$RANLIB \$tool_oldlib" +fi + +case $host_os in + darwin*) + lock_old_archive_extraction=yes ;; + *) + lock_old_archive_extraction=no ;; +esac +_LT_DECL([], [old_postinstall_cmds], [2]) +_LT_DECL([], [old_postuninstall_cmds], [2]) +_LT_TAGDECL([], [old_archive_cmds], [2], + [Commands used to build an old-style archive]) +_LT_DECL([], [lock_old_archive_extraction], [0], + [Whether to use a lock for old archive extraction]) +])# _LT_CMD_OLD_ARCHIVE + + +# _LT_COMPILER_OPTION(MESSAGE, VARIABLE-NAME, FLAGS, +# [OUTPUT-FILE], [ACTION-SUCCESS], [ACTION-FAILURE]) +# ---------------------------------------------------------------- +# Check whether the given compiler option works +AC_DEFUN([_LT_COMPILER_OPTION], +[m4_require([_LT_FILEUTILS_DEFAULTS])dnl +m4_require([_LT_DECL_SED])dnl +AC_CACHE_CHECK([$1], [$2], + [$2=no + m4_if([$4], , [ac_outfile=conftest.$ac_objext], [ac_outfile=$4]) + echo "$lt_simple_compile_test_code" > conftest.$ac_ext + lt_compiler_flag="$3" + # Insert the option either (1) after the last *FLAGS variable, or + # (2) before a word containing "conftest.", or (3) at the end. + # Note that $ac_compile itself does not contain backslashes and begins + # with a dollar sign (not a hyphen), so the echo should work correctly. + # The option is referenced via a variable to avoid confusing sed. + lt_compile=`echo "$ac_compile" | $SED \ + -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ + -e 's: [[^ ]]*conftest\.: $lt_compiler_flag&:; t' \ + -e 's:$: $lt_compiler_flag:'` + (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&AS_MESSAGE_LOG_FD) + (eval "$lt_compile" 2>conftest.err) + ac_status=$? + cat conftest.err >&AS_MESSAGE_LOG_FD + echo "$as_me:$LINENO: \$? = $ac_status" >&AS_MESSAGE_LOG_FD + if (exit $ac_status) && test -s "$ac_outfile"; then + # The compiler can only warn and ignore the option if not recognized + # So say no if there are warnings other than the usual output. + $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' >conftest.exp + $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 + if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then + $2=yes + fi + fi + $RM conftest* +]) + +if test x"[$]$2" = xyes; then + m4_if([$5], , :, [$5]) +else + m4_if([$6], , :, [$6]) +fi +])# _LT_COMPILER_OPTION + +# Old name: +AU_ALIAS([AC_LIBTOOL_COMPILER_OPTION], [_LT_COMPILER_OPTION]) +dnl aclocal-1.4 backwards compatibility: +dnl AC_DEFUN([AC_LIBTOOL_COMPILER_OPTION], []) + + +# _LT_LINKER_OPTION(MESSAGE, VARIABLE-NAME, FLAGS, +# [ACTION-SUCCESS], [ACTION-FAILURE]) +# ---------------------------------------------------- +# Check whether the given linker option works +AC_DEFUN([_LT_LINKER_OPTION], +[m4_require([_LT_FILEUTILS_DEFAULTS])dnl +m4_require([_LT_DECL_SED])dnl +AC_CACHE_CHECK([$1], [$2], + [$2=no + save_LDFLAGS="$LDFLAGS" + LDFLAGS="$LDFLAGS $3" + echo "$lt_simple_link_test_code" > conftest.$ac_ext + if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then + # The linker can only warn and ignore the option if not recognized + # So say no if there are warnings + if test -s conftest.err; then + # Append any errors to the config.log. + cat conftest.err 1>&AS_MESSAGE_LOG_FD + $ECHO "$_lt_linker_boilerplate" | $SED '/^$/d' > conftest.exp + $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 + if diff conftest.exp conftest.er2 >/dev/null; then + $2=yes + fi + else + $2=yes + fi + fi + $RM -r conftest* + LDFLAGS="$save_LDFLAGS" +]) + +if test x"[$]$2" = xyes; then + m4_if([$4], , :, [$4]) +else + m4_if([$5], , :, [$5]) +fi +])# _LT_LINKER_OPTION + +# Old name: +AU_ALIAS([AC_LIBTOOL_LINKER_OPTION], [_LT_LINKER_OPTION]) +dnl aclocal-1.4 backwards compatibility: +dnl AC_DEFUN([AC_LIBTOOL_LINKER_OPTION], []) + + +# LT_CMD_MAX_LEN +#--------------- +AC_DEFUN([LT_CMD_MAX_LEN], +[AC_REQUIRE([AC_CANONICAL_HOST])dnl +# find the maximum length of command line arguments +AC_MSG_CHECKING([the maximum length of command line arguments]) +AC_CACHE_VAL([lt_cv_sys_max_cmd_len], [dnl + i=0 + teststring="ABCD" + + case $build_os in + msdosdjgpp*) + # On DJGPP, this test can blow up pretty badly due to problems in libc + # (any single argument exceeding 2000 bytes causes a buffer overrun + # during glob expansion). Even if it were fixed, the result of this + # check would be larger than it should be. + lt_cv_sys_max_cmd_len=12288; # 12K is about right + ;; + + gnu*) + # Under GNU Hurd, this test is not required because there is + # no limit to the length of command line arguments. + # Libtool will interpret -1 as no limit whatsoever + lt_cv_sys_max_cmd_len=-1; + ;; + + cygwin* | mingw* | cegcc*) + # On Win9x/ME, this test blows up -- it succeeds, but takes + # about 5 minutes as the teststring grows exponentially. + # Worse, since 9x/ME are not pre-emptively multitasking, + # you end up with a "frozen" computer, even though with patience + # the test eventually succeeds (with a max line length of 256k). + # Instead, let's just punt: use the minimum linelength reported by + # all of the supported platforms: 8192 (on NT/2K/XP). + lt_cv_sys_max_cmd_len=8192; + ;; + + mint*) + # On MiNT this can take a long time and run out of memory. + lt_cv_sys_max_cmd_len=8192; + ;; + + amigaos*) + # On AmigaOS with pdksh, this test takes hours, literally. + # So we just punt and use a minimum line length of 8192. + lt_cv_sys_max_cmd_len=8192; + ;; + + netbsd* | freebsd* | openbsd* | darwin* | dragonfly*) + # This has been around since 386BSD, at least. Likely further. + if test -x /sbin/sysctl; then + lt_cv_sys_max_cmd_len=`/sbin/sysctl -n kern.argmax` + elif test -x /usr/sbin/sysctl; then + lt_cv_sys_max_cmd_len=`/usr/sbin/sysctl -n kern.argmax` + else + lt_cv_sys_max_cmd_len=65536 # usable default for all BSDs + fi + # And add a safety zone + lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4` + lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3` + ;; + + interix*) + # We know the value 262144 and hardcode it with a safety zone (like BSD) + lt_cv_sys_max_cmd_len=196608 + ;; + + os2*) + # The test takes a long time on OS/2. + lt_cv_sys_max_cmd_len=8192 + ;; + + osf*) + # Dr. Hans Ekkehard Plesser reports seeing a kernel panic running configure + # due to this test when exec_disable_arg_limit is 1 on Tru64. It is not + # nice to cause kernel panics so lets avoid the loop below. + # First set a reasonable default. + lt_cv_sys_max_cmd_len=16384 + # + if test -x /sbin/sysconfig; then + case `/sbin/sysconfig -q proc exec_disable_arg_limit` in + *1*) lt_cv_sys_max_cmd_len=-1 ;; + esac + fi + ;; + sco3.2v5*) + lt_cv_sys_max_cmd_len=102400 + ;; + sysv5* | sco5v6* | sysv4.2uw2*) + kargmax=`grep ARG_MAX /etc/conf/cf.d/stune 2>/dev/null` + if test -n "$kargmax"; then + lt_cv_sys_max_cmd_len=`echo $kargmax | sed 's/.*[[ ]]//'` + else + lt_cv_sys_max_cmd_len=32768 + fi + ;; + *) + lt_cv_sys_max_cmd_len=`(getconf ARG_MAX) 2> /dev/null` + if test -n "$lt_cv_sys_max_cmd_len"; then + lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4` + lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3` + else + # Make teststring a little bigger before we do anything with it. + # a 1K string should be a reasonable start. + for i in 1 2 3 4 5 6 7 8 ; do + teststring=$teststring$teststring + done + SHELL=${SHELL-${CONFIG_SHELL-/bin/sh}} + # If test is not a shell built-in, we'll probably end up computing a + # maximum length that is only half of the actual maximum length, but + # we can't tell. + while { test "X"`env echo "$teststring$teststring" 2>/dev/null` \ + = "X$teststring$teststring"; } >/dev/null 2>&1 && + test $i != 17 # 1/2 MB should be enough + do + i=`expr $i + 1` + teststring=$teststring$teststring + done + # Only check the string length outside the loop. + lt_cv_sys_max_cmd_len=`expr "X$teststring" : ".*" 2>&1` + teststring= + # Add a significant safety factor because C++ compilers can tack on + # massive amounts of additional arguments before passing them to the + # linker. It appears as though 1/2 is a usable value. + lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 2` + fi + ;; + esac +]) +if test -n $lt_cv_sys_max_cmd_len ; then + AC_MSG_RESULT($lt_cv_sys_max_cmd_len) +else + AC_MSG_RESULT(none) +fi +max_cmd_len=$lt_cv_sys_max_cmd_len +_LT_DECL([], [max_cmd_len], [0], + [What is the maximum length of a command?]) +])# LT_CMD_MAX_LEN + +# Old name: +AU_ALIAS([AC_LIBTOOL_SYS_MAX_CMD_LEN], [LT_CMD_MAX_LEN]) +dnl aclocal-1.4 backwards compatibility: +dnl AC_DEFUN([AC_LIBTOOL_SYS_MAX_CMD_LEN], []) + + +# _LT_HEADER_DLFCN +# ---------------- +m4_defun([_LT_HEADER_DLFCN], +[AC_CHECK_HEADERS([dlfcn.h], [], [], [AC_INCLUDES_DEFAULT])dnl +])# _LT_HEADER_DLFCN + + +# _LT_TRY_DLOPEN_SELF (ACTION-IF-TRUE, ACTION-IF-TRUE-W-USCORE, +# ACTION-IF-FALSE, ACTION-IF-CROSS-COMPILING) +# ---------------------------------------------------------------- +m4_defun([_LT_TRY_DLOPEN_SELF], +[m4_require([_LT_HEADER_DLFCN])dnl +if test "$cross_compiling" = yes; then : + [$4] +else + lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 + lt_status=$lt_dlunknown + cat > conftest.$ac_ext <<_LT_EOF +[#line $LINENO "configure" +#include "confdefs.h" + +#if HAVE_DLFCN_H +#include +#endif + +#include + +#ifdef RTLD_GLOBAL +# define LT_DLGLOBAL RTLD_GLOBAL +#else +# ifdef DL_GLOBAL +# define LT_DLGLOBAL DL_GLOBAL +# else +# define LT_DLGLOBAL 0 +# endif +#endif + +/* We may have to define LT_DLLAZY_OR_NOW in the command line if we + find out it does not work in some platform. */ +#ifndef LT_DLLAZY_OR_NOW +# ifdef RTLD_LAZY +# define LT_DLLAZY_OR_NOW RTLD_LAZY +# else +# ifdef DL_LAZY +# define LT_DLLAZY_OR_NOW DL_LAZY +# else +# ifdef RTLD_NOW +# define LT_DLLAZY_OR_NOW RTLD_NOW +# else +# ifdef DL_NOW +# define LT_DLLAZY_OR_NOW DL_NOW +# else +# define LT_DLLAZY_OR_NOW 0 +# endif +# endif +# endif +# endif +#endif + +/* When -fvisbility=hidden is used, assume the code has been annotated + correspondingly for the symbols needed. */ +#if defined(__GNUC__) && (((__GNUC__ == 3) && (__GNUC_MINOR__ >= 3)) || (__GNUC__ > 3)) +int fnord () __attribute__((visibility("default"))); +#endif + +int fnord () { return 42; } +int main () +{ + void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW); + int status = $lt_dlunknown; + + if (self) + { + if (dlsym (self,"fnord")) status = $lt_dlno_uscore; + else + { + if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore; + else puts (dlerror ()); + } + /* dlclose (self); */ + } + else + puts (dlerror ()); + + return status; +}] +_LT_EOF + if AC_TRY_EVAL(ac_link) && test -s conftest${ac_exeext} 2>/dev/null; then + (./conftest; exit; ) >&AS_MESSAGE_LOG_FD 2>/dev/null + lt_status=$? + case x$lt_status in + x$lt_dlno_uscore) $1 ;; + x$lt_dlneed_uscore) $2 ;; + x$lt_dlunknown|x*) $3 ;; + esac + else : + # compilation failed + $3 + fi +fi +rm -fr conftest* +])# _LT_TRY_DLOPEN_SELF + + +# LT_SYS_DLOPEN_SELF +# ------------------ +AC_DEFUN([LT_SYS_DLOPEN_SELF], +[m4_require([_LT_HEADER_DLFCN])dnl +if test "x$enable_dlopen" != xyes; then + enable_dlopen=unknown + enable_dlopen_self=unknown + enable_dlopen_self_static=unknown +else + lt_cv_dlopen=no + lt_cv_dlopen_libs= + + case $host_os in + beos*) + lt_cv_dlopen="load_add_on" + lt_cv_dlopen_libs= + lt_cv_dlopen_self=yes + ;; + + mingw* | pw32* | cegcc*) + lt_cv_dlopen="LoadLibrary" + lt_cv_dlopen_libs= + ;; + + cygwin*) + lt_cv_dlopen="dlopen" + lt_cv_dlopen_libs= + ;; + + darwin*) + # if libdl is installed we need to link against it + AC_CHECK_LIB([dl], [dlopen], + [lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl"],[ + lt_cv_dlopen="dyld" + lt_cv_dlopen_libs= + lt_cv_dlopen_self=yes + ]) + ;; + + *) + AC_CHECK_FUNC([shl_load], + [lt_cv_dlopen="shl_load"], + [AC_CHECK_LIB([dld], [shl_load], + [lt_cv_dlopen="shl_load" lt_cv_dlopen_libs="-ldld"], + [AC_CHECK_FUNC([dlopen], + [lt_cv_dlopen="dlopen"], + [AC_CHECK_LIB([dl], [dlopen], + [lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl"], + [AC_CHECK_LIB([svld], [dlopen], + [lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-lsvld"], + [AC_CHECK_LIB([dld], [dld_link], + [lt_cv_dlopen="dld_link" lt_cv_dlopen_libs="-ldld"]) + ]) + ]) + ]) + ]) + ]) + ;; + esac + + if test "x$lt_cv_dlopen" != xno; then + enable_dlopen=yes + else + enable_dlopen=no + fi + + case $lt_cv_dlopen in + dlopen) + save_CPPFLAGS="$CPPFLAGS" + test "x$ac_cv_header_dlfcn_h" = xyes && CPPFLAGS="$CPPFLAGS -DHAVE_DLFCN_H" + + save_LDFLAGS="$LDFLAGS" + wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $export_dynamic_flag_spec\" + + save_LIBS="$LIBS" + LIBS="$lt_cv_dlopen_libs $LIBS" + + AC_CACHE_CHECK([whether a program can dlopen itself], + lt_cv_dlopen_self, [dnl + _LT_TRY_DLOPEN_SELF( + lt_cv_dlopen_self=yes, lt_cv_dlopen_self=yes, + lt_cv_dlopen_self=no, lt_cv_dlopen_self=cross) + ]) + + if test "x$lt_cv_dlopen_self" = xyes; then + wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $lt_prog_compiler_static\" + AC_CACHE_CHECK([whether a statically linked program can dlopen itself], + lt_cv_dlopen_self_static, [dnl + _LT_TRY_DLOPEN_SELF( + lt_cv_dlopen_self_static=yes, lt_cv_dlopen_self_static=yes, + lt_cv_dlopen_self_static=no, lt_cv_dlopen_self_static=cross) + ]) + fi + + CPPFLAGS="$save_CPPFLAGS" + LDFLAGS="$save_LDFLAGS" + LIBS="$save_LIBS" + ;; + esac + + case $lt_cv_dlopen_self in + yes|no) enable_dlopen_self=$lt_cv_dlopen_self ;; + *) enable_dlopen_self=unknown ;; + esac + + case $lt_cv_dlopen_self_static in + yes|no) enable_dlopen_self_static=$lt_cv_dlopen_self_static ;; + *) enable_dlopen_self_static=unknown ;; + esac +fi +_LT_DECL([dlopen_support], [enable_dlopen], [0], + [Whether dlopen is supported]) +_LT_DECL([dlopen_self], [enable_dlopen_self], [0], + [Whether dlopen of programs is supported]) +_LT_DECL([dlopen_self_static], [enable_dlopen_self_static], [0], + [Whether dlopen of statically linked programs is supported]) +])# LT_SYS_DLOPEN_SELF + +# Old name: +AU_ALIAS([AC_LIBTOOL_DLOPEN_SELF], [LT_SYS_DLOPEN_SELF]) +dnl aclocal-1.4 backwards compatibility: +dnl AC_DEFUN([AC_LIBTOOL_DLOPEN_SELF], []) + + +# _LT_COMPILER_C_O([TAGNAME]) +# --------------------------- +# Check to see if options -c and -o are simultaneously supported by compiler. +# This macro does not hard code the compiler like AC_PROG_CC_C_O. +m4_defun([_LT_COMPILER_C_O], +[m4_require([_LT_DECL_SED])dnl +m4_require([_LT_FILEUTILS_DEFAULTS])dnl +m4_require([_LT_TAG_COMPILER])dnl +AC_CACHE_CHECK([if $compiler supports -c -o file.$ac_objext], + [_LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)], + [_LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)=no + $RM -r conftest 2>/dev/null + mkdir conftest + cd conftest + mkdir out + echo "$lt_simple_compile_test_code" > conftest.$ac_ext + + lt_compiler_flag="-o out/conftest2.$ac_objext" + # Insert the option either (1) after the last *FLAGS variable, or + # (2) before a word containing "conftest.", or (3) at the end. + # Note that $ac_compile itself does not contain backslashes and begins + # with a dollar sign (not a hyphen), so the echo should work correctly. + lt_compile=`echo "$ac_compile" | $SED \ + -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ + -e 's: [[^ ]]*conftest\.: $lt_compiler_flag&:; t' \ + -e 's:$: $lt_compiler_flag:'` + (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&AS_MESSAGE_LOG_FD) + (eval "$lt_compile" 2>out/conftest.err) + ac_status=$? + cat out/conftest.err >&AS_MESSAGE_LOG_FD + echo "$as_me:$LINENO: \$? = $ac_status" >&AS_MESSAGE_LOG_FD + if (exit $ac_status) && test -s out/conftest2.$ac_objext + then + # The compiler can only warn and ignore the option if not recognized + # So say no if there are warnings + $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' > out/conftest.exp + $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2 + if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then + _LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)=yes + fi + fi + chmod u+w . 2>&AS_MESSAGE_LOG_FD + $RM conftest* + # SGI C++ compiler will create directory out/ii_files/ for + # template instantiation + test -d out/ii_files && $RM out/ii_files/* && rmdir out/ii_files + $RM out/* && rmdir out + cd .. + $RM -r conftest + $RM conftest* +]) +_LT_TAGDECL([compiler_c_o], [lt_cv_prog_compiler_c_o], [1], + [Does compiler simultaneously support -c and -o options?]) +])# _LT_COMPILER_C_O + + +# _LT_COMPILER_FILE_LOCKS([TAGNAME]) +# ---------------------------------- +# Check to see if we can do hard links to lock some files if needed +m4_defun([_LT_COMPILER_FILE_LOCKS], +[m4_require([_LT_ENABLE_LOCK])dnl +m4_require([_LT_FILEUTILS_DEFAULTS])dnl +_LT_COMPILER_C_O([$1]) + +hard_links="nottested" +if test "$_LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)" = no && test "$need_locks" != no; then + # do not overwrite the value of need_locks provided by the user + AC_MSG_CHECKING([if we can lock with hard links]) + hard_links=yes + $RM conftest* + ln conftest.a conftest.b 2>/dev/null && hard_links=no + touch conftest.a + ln conftest.a conftest.b 2>&5 || hard_links=no + ln conftest.a conftest.b 2>/dev/null && hard_links=no + AC_MSG_RESULT([$hard_links]) + if test "$hard_links" = no; then + AC_MSG_WARN([`$CC' does not support `-c -o', so `make -j' may be unsafe]) + need_locks=warn + fi +else + need_locks=no +fi +_LT_DECL([], [need_locks], [1], [Must we lock files when doing compilation?]) +])# _LT_COMPILER_FILE_LOCKS + + +# _LT_CHECK_OBJDIR +# ---------------- +m4_defun([_LT_CHECK_OBJDIR], +[AC_CACHE_CHECK([for objdir], [lt_cv_objdir], +[rm -f .libs 2>/dev/null +mkdir .libs 2>/dev/null +if test -d .libs; then + lt_cv_objdir=.libs +else + # MS-DOS does not allow filenames that begin with a dot. + lt_cv_objdir=_libs +fi +rmdir .libs 2>/dev/null]) +objdir=$lt_cv_objdir +_LT_DECL([], [objdir], [0], + [The name of the directory that contains temporary libtool files])dnl +m4_pattern_allow([LT_OBJDIR])dnl +AC_DEFINE_UNQUOTED(LT_OBJDIR, "$lt_cv_objdir/", + [Define to the sub-directory in which libtool stores uninstalled libraries.]) +])# _LT_CHECK_OBJDIR + + +# _LT_LINKER_HARDCODE_LIBPATH([TAGNAME]) +# -------------------------------------- +# Check hardcoding attributes. +m4_defun([_LT_LINKER_HARDCODE_LIBPATH], +[AC_MSG_CHECKING([how to hardcode library paths into programs]) +_LT_TAGVAR(hardcode_action, $1)= +if test -n "$_LT_TAGVAR(hardcode_libdir_flag_spec, $1)" || + test -n "$_LT_TAGVAR(runpath_var, $1)" || + test "X$_LT_TAGVAR(hardcode_automatic, $1)" = "Xyes" ; then + + # We can hardcode non-existent directories. + if test "$_LT_TAGVAR(hardcode_direct, $1)" != no && + # If the only mechanism to avoid hardcoding is shlibpath_var, we + # have to relink, otherwise we might link with an installed library + # when we should be linking with a yet-to-be-installed one + ## test "$_LT_TAGVAR(hardcode_shlibpath_var, $1)" != no && + test "$_LT_TAGVAR(hardcode_minus_L, $1)" != no; then + # Linking always hardcodes the temporary library directory. + _LT_TAGVAR(hardcode_action, $1)=relink + else + # We can link without hardcoding, and we can hardcode nonexisting dirs. + _LT_TAGVAR(hardcode_action, $1)=immediate + fi +else + # We cannot hardcode anything, or else we can only hardcode existing + # directories. + _LT_TAGVAR(hardcode_action, $1)=unsupported +fi +AC_MSG_RESULT([$_LT_TAGVAR(hardcode_action, $1)]) + +if test "$_LT_TAGVAR(hardcode_action, $1)" = relink || + test "$_LT_TAGVAR(inherit_rpath, $1)" = yes; then + # Fast installation is not supported + enable_fast_install=no +elif test "$shlibpath_overrides_runpath" = yes || + test "$enable_shared" = no; then + # Fast installation is not necessary + enable_fast_install=needless +fi +_LT_TAGDECL([], [hardcode_action], [0], + [How to hardcode a shared library path into an executable]) +])# _LT_LINKER_HARDCODE_LIBPATH + + +# _LT_CMD_STRIPLIB +# ---------------- +m4_defun([_LT_CMD_STRIPLIB], +[m4_require([_LT_DECL_EGREP]) +striplib= +old_striplib= +AC_MSG_CHECKING([whether stripping libraries is possible]) +if test -n "$STRIP" && $STRIP -V 2>&1 | $GREP "GNU strip" >/dev/null; then + test -z "$old_striplib" && old_striplib="$STRIP --strip-debug" + test -z "$striplib" && striplib="$STRIP --strip-unneeded" + AC_MSG_RESULT([yes]) +else +# FIXME - insert some real tests, host_os isn't really good enough + case $host_os in + darwin*) + if test -n "$STRIP" ; then + striplib="$STRIP -x" + old_striplib="$STRIP -S" + AC_MSG_RESULT([yes]) + else + AC_MSG_RESULT([no]) + fi + ;; + *) + AC_MSG_RESULT([no]) + ;; + esac +fi +_LT_DECL([], [old_striplib], [1], [Commands to strip libraries]) +_LT_DECL([], [striplib], [1]) +])# _LT_CMD_STRIPLIB + + +# _LT_SYS_DYNAMIC_LINKER([TAG]) +# ----------------------------- +# PORTME Fill in your ld.so characteristics +m4_defun([_LT_SYS_DYNAMIC_LINKER], +[AC_REQUIRE([AC_CANONICAL_HOST])dnl +m4_require([_LT_DECL_EGREP])dnl +m4_require([_LT_FILEUTILS_DEFAULTS])dnl +m4_require([_LT_DECL_OBJDUMP])dnl +m4_require([_LT_DECL_SED])dnl +m4_require([_LT_CHECK_SHELL_FEATURES])dnl +AC_MSG_CHECKING([dynamic linker characteristics]) +m4_if([$1], + [], [ +if test "$GCC" = yes; then + case $host_os in + darwin*) lt_awk_arg="/^libraries:/,/LR/" ;; + *) lt_awk_arg="/^libraries:/" ;; + esac + case $host_os in + mingw* | cegcc*) lt_sed_strip_eq="s,=\([[A-Za-z]]:\),\1,g" ;; + *) lt_sed_strip_eq="s,=/,/,g" ;; + esac + lt_search_path_spec=`$CC -print-search-dirs | awk $lt_awk_arg | $SED -e "s/^libraries://" -e $lt_sed_strip_eq` + case $lt_search_path_spec in + *\;*) + # if the path contains ";" then we assume it to be the separator + # otherwise default to the standard path separator (i.e. ":") - it is + # assumed that no part of a normal pathname contains ";" but that should + # okay in the real world where ";" in dirpaths is itself problematic. + lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED 's/;/ /g'` + ;; + *) + lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED "s/$PATH_SEPARATOR/ /g"` + ;; + esac + # Ok, now we have the path, separated by spaces, we can step through it + # and add multilib dir if necessary. + lt_tmp_lt_search_path_spec= + lt_multi_os_dir=`$CC $CPPFLAGS $CFLAGS $LDFLAGS -print-multi-os-directory 2>/dev/null` + for lt_sys_path in $lt_search_path_spec; do + if test -d "$lt_sys_path/$lt_multi_os_dir"; then + lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path/$lt_multi_os_dir" + else + test -d "$lt_sys_path" && \ + lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path" + fi + done + lt_search_path_spec=`$ECHO "$lt_tmp_lt_search_path_spec" | awk ' +BEGIN {RS=" "; FS="/|\n";} { + lt_foo=""; + lt_count=0; + for (lt_i = NF; lt_i > 0; lt_i--) { + if ($lt_i != "" && $lt_i != ".") { + if ($lt_i == "..") { + lt_count++; + } else { + if (lt_count == 0) { + lt_foo="/" $lt_i lt_foo; + } else { + lt_count--; + } + } + } + } + if (lt_foo != "") { lt_freq[[lt_foo]]++; } + if (lt_freq[[lt_foo]] == 1) { print lt_foo; } +}'` + # AWK program above erroneously prepends '/' to C:/dos/paths + # for these hosts. + case $host_os in + mingw* | cegcc*) lt_search_path_spec=`$ECHO "$lt_search_path_spec" |\ + $SED 's,/\([[A-Za-z]]:\),\1,g'` ;; + esac + sys_lib_search_path_spec=`$ECHO "$lt_search_path_spec" | $lt_NL2SP` +else + sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib" +fi]) +library_names_spec= +libname_spec='lib$name' +soname_spec= +shrext_cmds=".so" +postinstall_cmds= +postuninstall_cmds= +finish_cmds= +finish_eval= +shlibpath_var= +shlibpath_overrides_runpath=unknown +version_type=none +dynamic_linker="$host_os ld.so" +sys_lib_dlsearch_path_spec="/lib /usr/lib" +need_lib_prefix=unknown +hardcode_into_libs=no + +# when you set need_version to no, make sure it does not cause -set_version +# flags to be left without arguments +need_version=unknown + +case $host_os in +aix3*) + version_type=linux # correct to gnu/linux during the next big refactor + library_names_spec='${libname}${release}${shared_ext}$versuffix $libname.a' + shlibpath_var=LIBPATH + + # AIX 3 has no versioning support, so we append a major version to the name. + soname_spec='${libname}${release}${shared_ext}$major' + ;; + +aix[[4-9]]*) + version_type=linux # correct to gnu/linux during the next big refactor + need_lib_prefix=no + need_version=no + hardcode_into_libs=yes + if test "$host_cpu" = ia64; then + # AIX 5 supports IA64 + library_names_spec='${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext}$versuffix $libname${shared_ext}' + shlibpath_var=LD_LIBRARY_PATH + else + # With GCC up to 2.95.x, collect2 would create an import file + # for dependence libraries. The import file would start with + # the line `#! .'. This would cause the generated library to + # depend on `.', always an invalid library. This was fixed in + # development snapshots of GCC prior to 3.0. + case $host_os in + aix4 | aix4.[[01]] | aix4.[[01]].*) + if { echo '#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 97)' + echo ' yes ' + echo '#endif'; } | ${CC} -E - | $GREP yes > /dev/null; then + : + else + can_build_shared=no + fi + ;; + esac + # AIX (on Power*) has no versioning support, so currently we can not hardcode correct + # soname into executable. Probably we can add versioning support to + # collect2, so additional links can be useful in future. + if test "$aix_use_runtimelinking" = yes; then + # If using run time linking (on AIX 4.2 or later) use lib.so + # instead of lib.a to let people know that these are not + # typical AIX shared libraries. + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + else + # We preserve .a as extension for shared libraries through AIX4.2 + # and later when we are not doing run time linking. + library_names_spec='${libname}${release}.a $libname.a' + soname_spec='${libname}${release}${shared_ext}$major' + fi + shlibpath_var=LIBPATH + fi + ;; + +amigaos*) + case $host_cpu in + powerpc) + # Since July 2007 AmigaOS4 officially supports .so libraries. + # When compiling the executable, add -use-dynld -Lsobjs: to the compileline. + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + ;; + m68k) + library_names_spec='$libname.ixlibrary $libname.a' + # Create ${libname}_ixlibrary.a entries in /sys/libs. + finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`func_echo_all "$lib" | $SED '\''s%^.*/\([[^/]]*\)\.ixlibrary$%\1%'\''`; test $RM /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done' + ;; + esac + ;; + +beos*) + library_names_spec='${libname}${shared_ext}' + dynamic_linker="$host_os ld.so" + shlibpath_var=LIBRARY_PATH + ;; + +bsdi[[45]]*) + version_type=linux # correct to gnu/linux during the next big refactor + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + finish_cmds='PATH="\$PATH:/sbin" ldconfig $libdir' + shlibpath_var=LD_LIBRARY_PATH + sys_lib_search_path_spec="/shlib /usr/lib /usr/X11/lib /usr/contrib/lib /lib /usr/local/lib" + sys_lib_dlsearch_path_spec="/shlib /usr/lib /usr/local/lib" + # the default ld.so.conf also contains /usr/contrib/lib and + # /usr/X11R6/lib (/usr/X11 is a link to /usr/X11R6), but let us allow + # libtool to hard-code these into programs + ;; + +cygwin* | mingw* | pw32* | cegcc*) + version_type=windows + shrext_cmds=".dll" + need_version=no + need_lib_prefix=no + + case $GCC,$cc_basename in + yes,*) + # gcc + library_names_spec='$libname.dll.a' + # DLL is installed to $(libdir)/../bin by postinstall_cmds + postinstall_cmds='base_file=`basename \${file}`~ + dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\${base_file}'\''i; echo \$dlname'\''`~ + dldir=$destdir/`dirname \$dlpath`~ + test -d \$dldir || mkdir -p \$dldir~ + $install_prog $dir/$dlname \$dldir/$dlname~ + chmod a+x \$dldir/$dlname~ + if test -n '\''$stripme'\'' && test -n '\''$striplib'\''; then + eval '\''$striplib \$dldir/$dlname'\'' || exit \$?; + fi' + postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~ + dlpath=$dir/\$dldll~ + $RM \$dlpath' + shlibpath_overrides_runpath=yes + + case $host_os in + cygwin*) + # Cygwin DLLs use 'cyg' prefix rather than 'lib' + soname_spec='`echo ${libname} | sed -e 's/^lib/cyg/'``echo ${release} | $SED -e 's/[[.]]/-/g'`${versuffix}${shared_ext}' +m4_if([$1], [],[ + sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/lib/w32api"]) + ;; + mingw* | cegcc*) + # MinGW DLLs use traditional 'lib' prefix + soname_spec='${libname}`echo ${release} | $SED -e 's/[[.]]/-/g'`${versuffix}${shared_ext}' + ;; + pw32*) + # pw32 DLLs use 'pw' prefix rather than 'lib' + library_names_spec='`echo ${libname} | sed -e 's/^lib/pw/'``echo ${release} | $SED -e 's/[[.]]/-/g'`${versuffix}${shared_ext}' + ;; + esac + dynamic_linker='Win32 ld.exe' + ;; + + *,cl*) + # Native MSVC + libname_spec='$name' + soname_spec='${libname}`echo ${release} | $SED -e 's/[[.]]/-/g'`${versuffix}${shared_ext}' + library_names_spec='${libname}.dll.lib' + + case $build_os in + mingw*) + sys_lib_search_path_spec= + lt_save_ifs=$IFS + IFS=';' + for lt_path in $LIB + do + IFS=$lt_save_ifs + # Let DOS variable expansion print the short 8.3 style file name. + lt_path=`cd "$lt_path" 2>/dev/null && cmd //C "for %i in (".") do @echo %~si"` + sys_lib_search_path_spec="$sys_lib_search_path_spec $lt_path" + done + IFS=$lt_save_ifs + # Convert to MSYS style. + sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | sed -e 's|\\\\|/|g' -e 's| \\([[a-zA-Z]]\\):| /\\1|g' -e 's|^ ||'` + ;; + cygwin*) + # Convert to unix form, then to dos form, then back to unix form + # but this time dos style (no spaces!) so that the unix form looks + # like /cygdrive/c/PROGRA~1:/cygdr... + sys_lib_search_path_spec=`cygpath --path --unix "$LIB"` + sys_lib_search_path_spec=`cygpath --path --dos "$sys_lib_search_path_spec" 2>/dev/null` + sys_lib_search_path_spec=`cygpath --path --unix "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"` + ;; + *) + sys_lib_search_path_spec="$LIB" + if $ECHO "$sys_lib_search_path_spec" | [$GREP ';[c-zC-Z]:/' >/dev/null]; then + # It is most probably a Windows format PATH. + sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'` + else + sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"` + fi + # FIXME: find the short name or the path components, as spaces are + # common. (e.g. "Program Files" -> "PROGRA~1") + ;; + esac + + # DLL is installed to $(libdir)/../bin by postinstall_cmds + postinstall_cmds='base_file=`basename \${file}`~ + dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\${base_file}'\''i; echo \$dlname'\''`~ + dldir=$destdir/`dirname \$dlpath`~ + test -d \$dldir || mkdir -p \$dldir~ + $install_prog $dir/$dlname \$dldir/$dlname' + postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~ + dlpath=$dir/\$dldll~ + $RM \$dlpath' + shlibpath_overrides_runpath=yes + dynamic_linker='Win32 link.exe' + ;; + + *) + # Assume MSVC wrapper + library_names_spec='${libname}`echo ${release} | $SED -e 's/[[.]]/-/g'`${versuffix}${shared_ext} $libname.lib' + dynamic_linker='Win32 ld.exe' + ;; + esac + # FIXME: first we should search . and the directory the executable is in + shlibpath_var=PATH + ;; + +darwin* | rhapsody*) + dynamic_linker="$host_os dyld" + version_type=darwin + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${major}$shared_ext ${libname}$shared_ext' + soname_spec='${libname}${release}${major}$shared_ext' + shlibpath_overrides_runpath=yes + shlibpath_var=DYLD_LIBRARY_PATH + shrext_cmds='`test .$module = .yes && echo .so || echo .dylib`' +m4_if([$1], [],[ + sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/local/lib"]) + sys_lib_dlsearch_path_spec='/usr/local/lib /lib /usr/lib' + ;; + +dgux*) + version_type=linux # correct to gnu/linux during the next big refactor + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname$shared_ext' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + ;; + +freebsd* | dragonfly*) + # DragonFly does not have aout. When/if they implement a new + # versioning mechanism, adjust this. + if test -x /usr/bin/objformat; then + objformat=`/usr/bin/objformat` + else + case $host_os in + freebsd[[23]].*) objformat=aout ;; + *) objformat=elf ;; + esac + fi + version_type=freebsd-$objformat + case $version_type in + freebsd-elf*) + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}' + need_version=no + need_lib_prefix=no + ;; + freebsd-*) + library_names_spec='${libname}${release}${shared_ext}$versuffix $libname${shared_ext}$versuffix' + need_version=yes + ;; + esac + shlibpath_var=LD_LIBRARY_PATH + case $host_os in + freebsd2.*) + shlibpath_overrides_runpath=yes + ;; + freebsd3.[[01]]* | freebsdelf3.[[01]]*) + shlibpath_overrides_runpath=yes + hardcode_into_libs=yes + ;; + freebsd3.[[2-9]]* | freebsdelf3.[[2-9]]* | \ + freebsd4.[[0-5]] | freebsdelf4.[[0-5]] | freebsd4.1.1 | freebsdelf4.1.1) + shlibpath_overrides_runpath=no + hardcode_into_libs=yes + ;; + *) # from 4.6 on, and DragonFly + shlibpath_overrides_runpath=yes + hardcode_into_libs=yes + ;; + esac + ;; + +gnu*) + version_type=linux # correct to gnu/linux during the next big refactor + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}${major} ${libname}${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no + hardcode_into_libs=yes + ;; + +haiku*) + version_type=linux # correct to gnu/linux during the next big refactor + need_lib_prefix=no + need_version=no + dynamic_linker="$host_os runtime_loader" + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}${major} ${libname}${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LIBRARY_PATH + shlibpath_overrides_runpath=yes + sys_lib_dlsearch_path_spec='/boot/home/config/lib /boot/common/lib /boot/system/lib' + hardcode_into_libs=yes + ;; + +hpux9* | hpux10* | hpux11*) + # Give a soname corresponding to the major version so that dld.sl refuses to + # link against other versions. + version_type=sunos + need_lib_prefix=no + need_version=no + case $host_cpu in + ia64*) + shrext_cmds='.so' + hardcode_into_libs=yes + dynamic_linker="$host_os dld.so" + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + if test "X$HPUX_IA64_MODE" = X32; then + sys_lib_search_path_spec="/usr/lib/hpux32 /usr/local/lib/hpux32 /usr/local/lib" + else + sys_lib_search_path_spec="/usr/lib/hpux64 /usr/local/lib/hpux64" + fi + sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec + ;; + hppa*64*) + shrext_cmds='.sl' + hardcode_into_libs=yes + dynamic_linker="$host_os dld.sl" + shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH + shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + sys_lib_search_path_spec="/usr/lib/pa20_64 /usr/ccs/lib/pa20_64" + sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec + ;; + *) + shrext_cmds='.sl' + dynamic_linker="$host_os dld.sl" + shlibpath_var=SHLIB_PATH + shlibpath_overrides_runpath=no # +s is required to enable SHLIB_PATH + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + ;; + esac + # HP-UX runs *really* slowly unless shared libraries are mode 555, ... + postinstall_cmds='chmod 555 $lib' + # or fails outright, so override atomically: + install_override_mode=555 + ;; + +interix[[3-9]]*) + version_type=linux # correct to gnu/linux during the next big refactor + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + dynamic_linker='Interix 3.x ld.so.1 (PE, like ELF)' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no + hardcode_into_libs=yes + ;; + +irix5* | irix6* | nonstopux*) + case $host_os in + nonstopux*) version_type=nonstopux ;; + *) + if test "$lt_cv_prog_gnu_ld" = yes; then + version_type=linux # correct to gnu/linux during the next big refactor + else + version_type=irix + fi ;; + esac + need_lib_prefix=no + need_version=no + soname_spec='${libname}${release}${shared_ext}$major' + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext} $libname${shared_ext}' + case $host_os in + irix5* | nonstopux*) + libsuff= shlibsuff= + ;; + *) + case $LD in # libtool.m4 will add one of these switches to LD + *-32|*"-32 "|*-melf32bsmip|*"-melf32bsmip ") + libsuff= shlibsuff= libmagic=32-bit;; + *-n32|*"-n32 "|*-melf32bmipn32|*"-melf32bmipn32 ") + libsuff=32 shlibsuff=N32 libmagic=N32;; + *-64|*"-64 "|*-melf64bmip|*"-melf64bmip ") + libsuff=64 shlibsuff=64 libmagic=64-bit;; + *) libsuff= shlibsuff= libmagic=never-match;; + esac + ;; + esac + shlibpath_var=LD_LIBRARY${shlibsuff}_PATH + shlibpath_overrides_runpath=no + sys_lib_search_path_spec="/usr/lib${libsuff} /lib${libsuff} /usr/local/lib${libsuff}" + sys_lib_dlsearch_path_spec="/usr/lib${libsuff} /lib${libsuff}" + hardcode_into_libs=yes + ;; + +# No shared lib support for Linux oldld, aout, or coff. +linux*oldld* | linux*aout* | linux*coff*) + dynamic_linker=no + ;; + +# This must be glibc/ELF. +linux* | k*bsd*-gnu | kopensolaris*-gnu) + version_type=linux # correct to gnu/linux during the next big refactor + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + finish_cmds='PATH="\$PATH:/sbin" ldconfig -n $libdir' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no + + # Some binutils ld are patched to set DT_RUNPATH + AC_CACHE_VAL([lt_cv_shlibpath_overrides_runpath], + [lt_cv_shlibpath_overrides_runpath=no + save_LDFLAGS=$LDFLAGS + save_libdir=$libdir + eval "libdir=/foo; wl=\"$_LT_TAGVAR(lt_prog_compiler_wl, $1)\"; \ + LDFLAGS=\"\$LDFLAGS $_LT_TAGVAR(hardcode_libdir_flag_spec, $1)\"" + AC_LINK_IFELSE([AC_LANG_PROGRAM([],[])], + [AS_IF([ ($OBJDUMP -p conftest$ac_exeext) 2>/dev/null | grep "RUNPATH.*$libdir" >/dev/null], + [lt_cv_shlibpath_overrides_runpath=yes])]) + LDFLAGS=$save_LDFLAGS + libdir=$save_libdir + ]) + shlibpath_overrides_runpath=$lt_cv_shlibpath_overrides_runpath + + # This implies no fast_install, which is unacceptable. + # Some rework will be needed to allow for fast_install + # before this can be enabled. + hardcode_into_libs=yes + + # Add ABI-specific directories to the system library path. + sys_lib_dlsearch_path_spec="/lib64 /usr/lib64 /lib /usr/lib" + + # Append ld.so.conf contents to the search path + if test -f /etc/ld.so.conf; then + lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \[$]2)); skip = 1; } { if (!skip) print \[$]0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[ ]*hwcap[ ]/d;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;s/"//g;/^$/d' | tr '\n' ' '` + sys_lib_dlsearch_path_spec="$sys_lib_dlsearch_path_spec $lt_ld_extra" + + fi + + # We used to test for /lib/ld.so.1 and disable shared libraries on + # powerpc, because MkLinux only supported shared libraries with the + # GNU dynamic linker. Since this was broken with cross compilers, + # most powerpc-linux boxes support dynamic linking these days and + # people can always --disable-shared, the test was removed, and we + # assume the GNU/Linux dynamic linker is in use. + dynamic_linker='GNU/Linux ld.so' + ;; + +netbsd*) + version_type=sunos + need_lib_prefix=no + need_version=no + if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix' + finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir' + dynamic_linker='NetBSD (a.out) ld.so' + else + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + dynamic_linker='NetBSD ld.elf_so' + fi + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + hardcode_into_libs=yes + ;; + +newsos6) + version_type=linux # correct to gnu/linux during the next big refactor + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + ;; + +*nto* | *qnx*) + version_type=qnx + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no + hardcode_into_libs=yes + dynamic_linker='ldqnx.so' + ;; + +openbsd*) + version_type=sunos + sys_lib_dlsearch_path_spec="/usr/lib" + need_lib_prefix=no + # Some older versions of OpenBSD (3.3 at least) *do* need versioned libs. + case $host_os in + openbsd3.3 | openbsd3.3.*) need_version=yes ;; + *) need_version=no ;; + esac + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix' + finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir' + shlibpath_var=LD_LIBRARY_PATH + if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then + case $host_os in + openbsd2.[[89]] | openbsd2.[[89]].*) + shlibpath_overrides_runpath=no + ;; + *) + shlibpath_overrides_runpath=yes + ;; + esac + else + shlibpath_overrides_runpath=yes + fi + ;; + +os2*) + libname_spec='$name' + shrext_cmds=".dll" + need_lib_prefix=no + library_names_spec='$libname${shared_ext} $libname.a' + dynamic_linker='OS/2 ld.exe' + shlibpath_var=LIBPATH + ;; + +osf3* | osf4* | osf5*) + version_type=osf + need_lib_prefix=no + need_version=no + soname_spec='${libname}${release}${shared_ext}$major' + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + shlibpath_var=LD_LIBRARY_PATH + sys_lib_search_path_spec="/usr/shlib /usr/ccs/lib /usr/lib/cmplrs/cc /usr/lib /usr/local/lib /var/shlib" + sys_lib_dlsearch_path_spec="$sys_lib_search_path_spec" + ;; + +rdos*) + dynamic_linker=no + ;; + +solaris*) + version_type=linux # correct to gnu/linux during the next big refactor + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + hardcode_into_libs=yes + # ldd complains unless libraries are executable + postinstall_cmds='chmod +x $lib' + ;; + +sunos4*) + version_type=sunos + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix' + finish_cmds='PATH="\$PATH:/usr/etc" ldconfig $libdir' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + if test "$with_gnu_ld" = yes; then + need_lib_prefix=no + fi + need_version=yes + ;; + +sysv4 | sysv4.3*) + version_type=linux # correct to gnu/linux during the next big refactor + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + case $host_vendor in + sni) + shlibpath_overrides_runpath=no + need_lib_prefix=no + runpath_var=LD_RUN_PATH + ;; + siemens) + need_lib_prefix=no + ;; + motorola) + need_lib_prefix=no + need_version=no + shlibpath_overrides_runpath=no + sys_lib_search_path_spec='/lib /usr/lib /usr/ccs/lib' + ;; + esac + ;; + +sysv4*MP*) + if test -d /usr/nec ;then + version_type=linux # correct to gnu/linux during the next big refactor + library_names_spec='$libname${shared_ext}.$versuffix $libname${shared_ext}.$major $libname${shared_ext}' + soname_spec='$libname${shared_ext}.$major' + shlibpath_var=LD_LIBRARY_PATH + fi + ;; + +sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*) + version_type=freebsd-elf + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + hardcode_into_libs=yes + if test "$with_gnu_ld" = yes; then + sys_lib_search_path_spec='/usr/local/lib /usr/gnu/lib /usr/ccs/lib /usr/lib /lib' + else + sys_lib_search_path_spec='/usr/ccs/lib /usr/lib' + case $host_os in + sco3.2v5*) + sys_lib_search_path_spec="$sys_lib_search_path_spec /lib" + ;; + esac + fi + sys_lib_dlsearch_path_spec='/usr/lib' + ;; + +tpf*) + # TPF is a cross-target only. Preferred cross-host = GNU/Linux. + version_type=linux # correct to gnu/linux during the next big refactor + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no + hardcode_into_libs=yes + ;; + +uts4*) + version_type=linux # correct to gnu/linux during the next big refactor + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + ;; + +*) + dynamic_linker=no + ;; +esac +AC_MSG_RESULT([$dynamic_linker]) +test "$dynamic_linker" = no && can_build_shared=no + +variables_saved_for_relink="PATH $shlibpath_var $runpath_var" +if test "$GCC" = yes; then + variables_saved_for_relink="$variables_saved_for_relink GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH" +fi + +if test "${lt_cv_sys_lib_search_path_spec+set}" = set; then + sys_lib_search_path_spec="$lt_cv_sys_lib_search_path_spec" +fi +if test "${lt_cv_sys_lib_dlsearch_path_spec+set}" = set; then + sys_lib_dlsearch_path_spec="$lt_cv_sys_lib_dlsearch_path_spec" +fi + +_LT_DECL([], [variables_saved_for_relink], [1], + [Variables whose values should be saved in libtool wrapper scripts and + restored at link time]) +_LT_DECL([], [need_lib_prefix], [0], + [Do we need the "lib" prefix for modules?]) +_LT_DECL([], [need_version], [0], [Do we need a version for libraries?]) +_LT_DECL([], [version_type], [0], [Library versioning type]) +_LT_DECL([], [runpath_var], [0], [Shared library runtime path variable]) +_LT_DECL([], [shlibpath_var], [0],[Shared library path variable]) +_LT_DECL([], [shlibpath_overrides_runpath], [0], + [Is shlibpath searched before the hard-coded library search path?]) +_LT_DECL([], [libname_spec], [1], [Format of library name prefix]) +_LT_DECL([], [library_names_spec], [1], + [[List of archive names. First name is the real one, the rest are links. + The last name is the one that the linker finds with -lNAME]]) +_LT_DECL([], [soname_spec], [1], + [[The coded name of the library, if different from the real name]]) +_LT_DECL([], [install_override_mode], [1], + [Permission mode override for installation of shared libraries]) +_LT_DECL([], [postinstall_cmds], [2], + [Command to use after installation of a shared archive]) +_LT_DECL([], [postuninstall_cmds], [2], + [Command to use after uninstallation of a shared archive]) +_LT_DECL([], [finish_cmds], [2], + [Commands used to finish a libtool library installation in a directory]) +_LT_DECL([], [finish_eval], [1], + [[As "finish_cmds", except a single script fragment to be evaled but + not shown]]) +_LT_DECL([], [hardcode_into_libs], [0], + [Whether we should hardcode library paths into libraries]) +_LT_DECL([], [sys_lib_search_path_spec], [2], + [Compile-time system search path for libraries]) +_LT_DECL([], [sys_lib_dlsearch_path_spec], [2], + [Run-time system search path for libraries]) +])# _LT_SYS_DYNAMIC_LINKER + + +# _LT_PATH_TOOL_PREFIX(TOOL) +# -------------------------- +# find a file program which can recognize shared library +AC_DEFUN([_LT_PATH_TOOL_PREFIX], +[m4_require([_LT_DECL_EGREP])dnl +AC_MSG_CHECKING([for $1]) +AC_CACHE_VAL(lt_cv_path_MAGIC_CMD, +[case $MAGIC_CMD in +[[\\/*] | ?:[\\/]*]) + lt_cv_path_MAGIC_CMD="$MAGIC_CMD" # Let the user override the test with a path. + ;; +*) + lt_save_MAGIC_CMD="$MAGIC_CMD" + lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR +dnl $ac_dummy forces splitting on constant user-supplied paths. +dnl POSIX.2 word splitting is done only on the output of word expansions, +dnl not every word. This closes a longstanding sh security hole. + ac_dummy="m4_if([$2], , $PATH, [$2])" + for ac_dir in $ac_dummy; do + IFS="$lt_save_ifs" + test -z "$ac_dir" && ac_dir=. + if test -f $ac_dir/$1; then + lt_cv_path_MAGIC_CMD="$ac_dir/$1" + if test -n "$file_magic_test_file"; then + case $deplibs_check_method in + "file_magic "*) + file_magic_regex=`expr "$deplibs_check_method" : "file_magic \(.*\)"` + MAGIC_CMD="$lt_cv_path_MAGIC_CMD" + if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null | + $EGREP "$file_magic_regex" > /dev/null; then + : + else + cat <<_LT_EOF 1>&2 + +*** Warning: the command libtool uses to detect shared libraries, +*** $file_magic_cmd, produces output that libtool cannot recognize. +*** The result is that libtool may fail to recognize shared libraries +*** as such. This will affect the creation of libtool libraries that +*** depend on shared libraries, but programs linked with such libtool +*** libraries will work regardless of this problem. Nevertheless, you +*** may want to report the problem to your system manager and/or to +*** bug-libtool@gnu.org + +_LT_EOF + fi ;; + esac + fi + break + fi + done + IFS="$lt_save_ifs" + MAGIC_CMD="$lt_save_MAGIC_CMD" + ;; +esac]) +MAGIC_CMD="$lt_cv_path_MAGIC_CMD" +if test -n "$MAGIC_CMD"; then + AC_MSG_RESULT($MAGIC_CMD) +else + AC_MSG_RESULT(no) +fi +_LT_DECL([], [MAGIC_CMD], [0], + [Used to examine libraries when file_magic_cmd begins with "file"])dnl +])# _LT_PATH_TOOL_PREFIX + +# Old name: +AU_ALIAS([AC_PATH_TOOL_PREFIX], [_LT_PATH_TOOL_PREFIX]) +dnl aclocal-1.4 backwards compatibility: +dnl AC_DEFUN([AC_PATH_TOOL_PREFIX], []) + + +# _LT_PATH_MAGIC +# -------------- +# find a file program which can recognize a shared library +m4_defun([_LT_PATH_MAGIC], +[_LT_PATH_TOOL_PREFIX(${ac_tool_prefix}file, /usr/bin$PATH_SEPARATOR$PATH) +if test -z "$lt_cv_path_MAGIC_CMD"; then + if test -n "$ac_tool_prefix"; then + _LT_PATH_TOOL_PREFIX(file, /usr/bin$PATH_SEPARATOR$PATH) + else + MAGIC_CMD=: + fi +fi +])# _LT_PATH_MAGIC + + +# LT_PATH_LD +# ---------- +# find the pathname to the GNU or non-GNU linker +AC_DEFUN([LT_PATH_LD], +[AC_REQUIRE([AC_PROG_CC])dnl +AC_REQUIRE([AC_CANONICAL_HOST])dnl +AC_REQUIRE([AC_CANONICAL_BUILD])dnl +m4_require([_LT_DECL_SED])dnl +m4_require([_LT_DECL_EGREP])dnl +m4_require([_LT_PROG_ECHO_BACKSLASH])dnl + +AC_ARG_WITH([gnu-ld], + [AS_HELP_STRING([--with-gnu-ld], + [assume the C compiler uses GNU ld @<:@default=no@:>@])], + [test "$withval" = no || with_gnu_ld=yes], + [with_gnu_ld=no])dnl + +ac_prog=ld +if test "$GCC" = yes; then + # Check if gcc -print-prog-name=ld gives a path. + AC_MSG_CHECKING([for ld used by $CC]) + case $host in + *-*-mingw*) + # gcc leaves a trailing carriage return which upsets mingw + ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;; + *) + ac_prog=`($CC -print-prog-name=ld) 2>&5` ;; + esac + case $ac_prog in + # Accept absolute paths. + [[\\/]]* | ?:[[\\/]]*) + re_direlt='/[[^/]][[^/]]*/\.\./' + # Canonicalize the pathname of ld + ac_prog=`$ECHO "$ac_prog"| $SED 's%\\\\%/%g'` + while $ECHO "$ac_prog" | $GREP "$re_direlt" > /dev/null 2>&1; do + ac_prog=`$ECHO $ac_prog| $SED "s%$re_direlt%/%"` + done + test -z "$LD" && LD="$ac_prog" + ;; + "") + # If it fails, then pretend we aren't using GCC. + ac_prog=ld + ;; + *) + # If it is relative, then search for the first ld in PATH. + with_gnu_ld=unknown + ;; + esac +elif test "$with_gnu_ld" = yes; then + AC_MSG_CHECKING([for GNU ld]) +else + AC_MSG_CHECKING([for non-GNU ld]) +fi +AC_CACHE_VAL(lt_cv_path_LD, +[if test -z "$LD"; then + lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR + for ac_dir in $PATH; do + IFS="$lt_save_ifs" + test -z "$ac_dir" && ac_dir=. + if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then + lt_cv_path_LD="$ac_dir/$ac_prog" + # Check to see if the program is GNU ld. I'd rather use --version, + # but apparently some variants of GNU ld only accept -v. + # Break only if it was the GNU/non-GNU ld that we prefer. + case `"$lt_cv_path_LD" -v 2>&1 &1 /dev/null 2>&1; then + lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL' + lt_cv_file_magic_cmd='func_win32_libid' + else + # Keep this pattern in sync with the one in func_win32_libid. + lt_cv_deplibs_check_method='file_magic file format (pei*-i386(.*architecture: i386)?|pe-arm-wince|pe-x86-64)' + lt_cv_file_magic_cmd='$OBJDUMP -f' + fi + ;; + +cegcc*) + # use the weaker test based on 'objdump'. See mingw*. + lt_cv_deplibs_check_method='file_magic file format pe-arm-.*little(.*architecture: arm)?' + lt_cv_file_magic_cmd='$OBJDUMP -f' + ;; + +darwin* | rhapsody*) + lt_cv_deplibs_check_method=pass_all + ;; + +freebsd* | dragonfly*) + if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then + case $host_cpu in + i*86 ) + # Not sure whether the presence of OpenBSD here was a mistake. + # Let's accept both of them until this is cleared up. + lt_cv_deplibs_check_method='file_magic (FreeBSD|OpenBSD|DragonFly)/i[[3-9]]86 (compact )?demand paged shared library' + lt_cv_file_magic_cmd=/usr/bin/file + lt_cv_file_magic_test_file=`echo /usr/lib/libc.so.*` + ;; + esac + else + lt_cv_deplibs_check_method=pass_all + fi + ;; + +gnu*) + lt_cv_deplibs_check_method=pass_all + ;; + +haiku*) + lt_cv_deplibs_check_method=pass_all + ;; + +hpux10.20* | hpux11*) + lt_cv_file_magic_cmd=/usr/bin/file + case $host_cpu in + ia64*) + lt_cv_deplibs_check_method='file_magic (s[[0-9]][[0-9]][[0-9]]|ELF-[[0-9]][[0-9]]) shared object file - IA64' + lt_cv_file_magic_test_file=/usr/lib/hpux32/libc.so + ;; + hppa*64*) + [lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF[ -][0-9][0-9])(-bit)?( [LM]SB)? shared object( file)?[, -]* PA-RISC [0-9]\.[0-9]'] + lt_cv_file_magic_test_file=/usr/lib/pa20_64/libc.sl + ;; + *) + lt_cv_deplibs_check_method='file_magic (s[[0-9]][[0-9]][[0-9]]|PA-RISC[[0-9]]\.[[0-9]]) shared library' + lt_cv_file_magic_test_file=/usr/lib/libc.sl + ;; + esac + ;; + +interix[[3-9]]*) + # PIC code is broken on Interix 3.x, that's why |\.a not |_pic\.a here + lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so|\.a)$' + ;; + +irix5* | irix6* | nonstopux*) + case $LD in + *-32|*"-32 ") libmagic=32-bit;; + *-n32|*"-n32 ") libmagic=N32;; + *-64|*"-64 ") libmagic=64-bit;; + *) libmagic=never-match;; + esac + lt_cv_deplibs_check_method=pass_all + ;; + +# This must be glibc/ELF. +linux* | k*bsd*-gnu | kopensolaris*-gnu) + lt_cv_deplibs_check_method=pass_all + ;; + +netbsd*) + if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then + lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|_pic\.a)$' + else + lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so|_pic\.a)$' + fi + ;; + +newos6*) + lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[ML]]SB (executable|dynamic lib)' + lt_cv_file_magic_cmd=/usr/bin/file + lt_cv_file_magic_test_file=/usr/lib/libnls.so + ;; + +*nto* | *qnx*) + lt_cv_deplibs_check_method=pass_all + ;; + +openbsd*) + if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then + lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|\.so|_pic\.a)$' + else + lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|_pic\.a)$' + fi + ;; + +osf3* | osf4* | osf5*) + lt_cv_deplibs_check_method=pass_all + ;; + +rdos*) + lt_cv_deplibs_check_method=pass_all + ;; + +solaris*) + lt_cv_deplibs_check_method=pass_all + ;; + +sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*) + lt_cv_deplibs_check_method=pass_all + ;; + +sysv4 | sysv4.3*) + case $host_vendor in + motorola) + lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[ML]]SB (shared object|dynamic lib) M[[0-9]][[0-9]]* Version [[0-9]]' + lt_cv_file_magic_test_file=`echo /usr/lib/libc.so*` + ;; + ncr) + lt_cv_deplibs_check_method=pass_all + ;; + sequent) + lt_cv_file_magic_cmd='/bin/file' + lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[LM]]SB (shared object|dynamic lib )' + ;; + sni) + lt_cv_file_magic_cmd='/bin/file' + lt_cv_deplibs_check_method="file_magic ELF [[0-9]][[0-9]]*-bit [[LM]]SB dynamic lib" + lt_cv_file_magic_test_file=/lib/libc.so + ;; + siemens) + lt_cv_deplibs_check_method=pass_all + ;; + pc) + lt_cv_deplibs_check_method=pass_all + ;; + esac + ;; + +tpf*) + lt_cv_deplibs_check_method=pass_all + ;; +esac +]) + +file_magic_glob= +want_nocaseglob=no +if test "$build" = "$host"; then + case $host_os in + mingw* | pw32*) + if ( shopt | grep nocaseglob ) >/dev/null 2>&1; then + want_nocaseglob=yes + else + file_magic_glob=`echo aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ | $SED -e "s/\(..\)/s\/[[\1]]\/[[\1]]\/g;/g"` + fi + ;; + esac +fi + +file_magic_cmd=$lt_cv_file_magic_cmd +deplibs_check_method=$lt_cv_deplibs_check_method +test -z "$deplibs_check_method" && deplibs_check_method=unknown + +_LT_DECL([], [deplibs_check_method], [1], + [Method to check whether dependent libraries are shared objects]) +_LT_DECL([], [file_magic_cmd], [1], + [Command to use when deplibs_check_method = "file_magic"]) +_LT_DECL([], [file_magic_glob], [1], + [How to find potential files when deplibs_check_method = "file_magic"]) +_LT_DECL([], [want_nocaseglob], [1], + [Find potential files using nocaseglob when deplibs_check_method = "file_magic"]) +])# _LT_CHECK_MAGIC_METHOD + + +# LT_PATH_NM +# ---------- +# find the pathname to a BSD- or MS-compatible name lister +AC_DEFUN([LT_PATH_NM], +[AC_REQUIRE([AC_PROG_CC])dnl +AC_CACHE_CHECK([for BSD- or MS-compatible name lister (nm)], lt_cv_path_NM, +[if test -n "$NM"; then + # Let the user override the test. + lt_cv_path_NM="$NM" +else + lt_nm_to_check="${ac_tool_prefix}nm" + if test -n "$ac_tool_prefix" && test "$build" = "$host"; then + lt_nm_to_check="$lt_nm_to_check nm" + fi + for lt_tmp_nm in $lt_nm_to_check; do + lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR + for ac_dir in $PATH /usr/ccs/bin/elf /usr/ccs/bin /usr/ucb /bin; do + IFS="$lt_save_ifs" + test -z "$ac_dir" && ac_dir=. + tmp_nm="$ac_dir/$lt_tmp_nm" + if test -f "$tmp_nm" || test -f "$tmp_nm$ac_exeext" ; then + # Check to see if the nm accepts a BSD-compat flag. + # Adding the `sed 1q' prevents false positives on HP-UX, which says: + # nm: unknown option "B" ignored + # Tru64's nm complains that /dev/null is an invalid object file + case `"$tmp_nm" -B /dev/null 2>&1 | sed '1q'` in + */dev/null* | *'Invalid file or object type'*) + lt_cv_path_NM="$tmp_nm -B" + break + ;; + *) + case `"$tmp_nm" -p /dev/null 2>&1 | sed '1q'` in + */dev/null*) + lt_cv_path_NM="$tmp_nm -p" + break + ;; + *) + lt_cv_path_NM=${lt_cv_path_NM="$tmp_nm"} # keep the first match, but + continue # so that we can try to find one that supports BSD flags + ;; + esac + ;; + esac + fi + done + IFS="$lt_save_ifs" + done + : ${lt_cv_path_NM=no} +fi]) +if test "$lt_cv_path_NM" != "no"; then + NM="$lt_cv_path_NM" +else + # Didn't find any BSD compatible name lister, look for dumpbin. + if test -n "$DUMPBIN"; then : + # Let the user override the test. + else + AC_CHECK_TOOLS(DUMPBIN, [dumpbin "link -dump"], :) + case `$DUMPBIN -symbols /dev/null 2>&1 | sed '1q'` in + *COFF*) + DUMPBIN="$DUMPBIN -symbols" + ;; + *) + DUMPBIN=: + ;; + esac + fi + AC_SUBST([DUMPBIN]) + if test "$DUMPBIN" != ":"; then + NM="$DUMPBIN" + fi +fi +test -z "$NM" && NM=nm +AC_SUBST([NM]) +_LT_DECL([], [NM], [1], [A BSD- or MS-compatible name lister])dnl + +AC_CACHE_CHECK([the name lister ($NM) interface], [lt_cv_nm_interface], + [lt_cv_nm_interface="BSD nm" + echo "int some_variable = 0;" > conftest.$ac_ext + (eval echo "\"\$as_me:$LINENO: $ac_compile\"" >&AS_MESSAGE_LOG_FD) + (eval "$ac_compile" 2>conftest.err) + cat conftest.err >&AS_MESSAGE_LOG_FD + (eval echo "\"\$as_me:$LINENO: $NM \\\"conftest.$ac_objext\\\"\"" >&AS_MESSAGE_LOG_FD) + (eval "$NM \"conftest.$ac_objext\"" 2>conftest.err > conftest.out) + cat conftest.err >&AS_MESSAGE_LOG_FD + (eval echo "\"\$as_me:$LINENO: output\"" >&AS_MESSAGE_LOG_FD) + cat conftest.out >&AS_MESSAGE_LOG_FD + if $GREP 'External.*some_variable' conftest.out > /dev/null; then + lt_cv_nm_interface="MS dumpbin" + fi + rm -f conftest*]) +])# LT_PATH_NM + +# Old names: +AU_ALIAS([AM_PROG_NM], [LT_PATH_NM]) +AU_ALIAS([AC_PROG_NM], [LT_PATH_NM]) +dnl aclocal-1.4 backwards compatibility: +dnl AC_DEFUN([AM_PROG_NM], []) +dnl AC_DEFUN([AC_PROG_NM], []) + +# _LT_CHECK_SHAREDLIB_FROM_LINKLIB +# -------------------------------- +# how to determine the name of the shared library +# associated with a specific link library. +# -- PORTME fill in with the dynamic library characteristics +m4_defun([_LT_CHECK_SHAREDLIB_FROM_LINKLIB], +[m4_require([_LT_DECL_EGREP]) +m4_require([_LT_DECL_OBJDUMP]) +m4_require([_LT_DECL_DLLTOOL]) +AC_CACHE_CHECK([how to associate runtime and link libraries], +lt_cv_sharedlib_from_linklib_cmd, +[lt_cv_sharedlib_from_linklib_cmd='unknown' + +case $host_os in +cygwin* | mingw* | pw32* | cegcc*) + # two different shell functions defined in ltmain.sh + # decide which to use based on capabilities of $DLLTOOL + case `$DLLTOOL --help 2>&1` in + *--identify-strict*) + lt_cv_sharedlib_from_linklib_cmd=func_cygming_dll_for_implib + ;; + *) + lt_cv_sharedlib_from_linklib_cmd=func_cygming_dll_for_implib_fallback + ;; + esac + ;; +*) + # fallback: assume linklib IS sharedlib + lt_cv_sharedlib_from_linklib_cmd="$ECHO" + ;; +esac +]) +sharedlib_from_linklib_cmd=$lt_cv_sharedlib_from_linklib_cmd +test -z "$sharedlib_from_linklib_cmd" && sharedlib_from_linklib_cmd=$ECHO + +_LT_DECL([], [sharedlib_from_linklib_cmd], [1], + [Command to associate shared and link libraries]) +])# _LT_CHECK_SHAREDLIB_FROM_LINKLIB + + +# _LT_PATH_MANIFEST_TOOL +# ---------------------- +# locate the manifest tool +m4_defun([_LT_PATH_MANIFEST_TOOL], +[AC_CHECK_TOOL(MANIFEST_TOOL, mt, :) +test -z "$MANIFEST_TOOL" && MANIFEST_TOOL=mt +AC_CACHE_CHECK([if $MANIFEST_TOOL is a manifest tool], [lt_cv_path_mainfest_tool], + [lt_cv_path_mainfest_tool=no + echo "$as_me:$LINENO: $MANIFEST_TOOL '-?'" >&AS_MESSAGE_LOG_FD + $MANIFEST_TOOL '-?' 2>conftest.err > conftest.out + cat conftest.err >&AS_MESSAGE_LOG_FD + if $GREP 'Manifest Tool' conftest.out > /dev/null; then + lt_cv_path_mainfest_tool=yes + fi + rm -f conftest*]) +if test "x$lt_cv_path_mainfest_tool" != xyes; then + MANIFEST_TOOL=: +fi +_LT_DECL([], [MANIFEST_TOOL], [1], [Manifest tool])dnl +])# _LT_PATH_MANIFEST_TOOL + + +# LT_LIB_M +# -------- +# check for math library +AC_DEFUN([LT_LIB_M], +[AC_REQUIRE([AC_CANONICAL_HOST])dnl +LIBM= +case $host in +*-*-beos* | *-*-cegcc* | *-*-cygwin* | *-*-haiku* | *-*-pw32* | *-*-darwin*) + # These system don't have libm, or don't need it + ;; +*-ncr-sysv4.3*) + AC_CHECK_LIB(mw, _mwvalidcheckl, LIBM="-lmw") + AC_CHECK_LIB(m, cos, LIBM="$LIBM -lm") + ;; +*) + AC_CHECK_LIB(m, cos, LIBM="-lm") + ;; +esac +AC_SUBST([LIBM]) +])# LT_LIB_M + +# Old name: +AU_ALIAS([AC_CHECK_LIBM], [LT_LIB_M]) +dnl aclocal-1.4 backwards compatibility: +dnl AC_DEFUN([AC_CHECK_LIBM], []) + + +# _LT_COMPILER_NO_RTTI([TAGNAME]) +# ------------------------------- +m4_defun([_LT_COMPILER_NO_RTTI], +[m4_require([_LT_TAG_COMPILER])dnl + +_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)= + +if test "$GCC" = yes; then + case $cc_basename in + nvcc*) + _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=' -Xcompiler -fno-builtin' ;; + *) + _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=' -fno-builtin' ;; + esac + + _LT_COMPILER_OPTION([if $compiler supports -fno-rtti -fno-exceptions], + lt_cv_prog_compiler_rtti_exceptions, + [-fno-rtti -fno-exceptions], [], + [_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)="$_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1) -fno-rtti -fno-exceptions"]) +fi +_LT_TAGDECL([no_builtin_flag], [lt_prog_compiler_no_builtin_flag], [1], + [Compiler flag to turn off builtin functions]) +])# _LT_COMPILER_NO_RTTI + + +# _LT_CMD_GLOBAL_SYMBOLS +# ---------------------- +m4_defun([_LT_CMD_GLOBAL_SYMBOLS], +[AC_REQUIRE([AC_CANONICAL_HOST])dnl +AC_REQUIRE([AC_PROG_CC])dnl +AC_REQUIRE([AC_PROG_AWK])dnl +AC_REQUIRE([LT_PATH_NM])dnl +AC_REQUIRE([LT_PATH_LD])dnl +m4_require([_LT_DECL_SED])dnl +m4_require([_LT_DECL_EGREP])dnl +m4_require([_LT_TAG_COMPILER])dnl + +# Check for command to grab the raw symbol name followed by C symbol from nm. +AC_MSG_CHECKING([command to parse $NM output from $compiler object]) +AC_CACHE_VAL([lt_cv_sys_global_symbol_pipe], +[ +# These are sane defaults that work on at least a few old systems. +# [They come from Ultrix. What could be older than Ultrix?!! ;)] + +# Character class describing NM global symbol codes. +symcode='[[BCDEGRST]]' + +# Regexp to match symbols that can be accessed directly from C. +sympat='\([[_A-Za-z]][[_A-Za-z0-9]]*\)' + +# Define system-specific variables. +case $host_os in +aix*) + symcode='[[BCDT]]' + ;; +cygwin* | mingw* | pw32* | cegcc*) + symcode='[[ABCDGISTW]]' + ;; +hpux*) + if test "$host_cpu" = ia64; then + symcode='[[ABCDEGRST]]' + fi + ;; +irix* | nonstopux*) + symcode='[[BCDEGRST]]' + ;; +osf*) + symcode='[[BCDEGQRST]]' + ;; +solaris*) + symcode='[[BDRT]]' + ;; +sco3.2v5*) + symcode='[[DT]]' + ;; +sysv4.2uw2*) + symcode='[[DT]]' + ;; +sysv5* | sco5v6* | unixware* | OpenUNIX*) + symcode='[[ABDT]]' + ;; +sysv4) + symcode='[[DFNSTU]]' + ;; +esac + +# If we're using GNU nm, then use its standard symbol codes. +case `$NM -V 2>&1` in +*GNU* | *'with BFD'*) + symcode='[[ABCDGIRSTW]]' ;; +esac + +# Transform an extracted symbol line into a proper C declaration. +# Some systems (esp. on ia64) link data and code symbols differently, +# so use this general approach. +lt_cv_sys_global_symbol_to_cdecl="sed -n -e 's/^T .* \(.*\)$/extern int \1();/p' -e 's/^$symcode* .* \(.*\)$/extern char \1;/p'" + +# Transform an extracted symbol line into symbol name and symbol address +lt_cv_sys_global_symbol_to_c_name_address="sed -n -e 's/^: \([[^ ]]*\)[[ ]]*$/ {\\\"\1\\\", (void *) 0},/p' -e 's/^$symcode* \([[^ ]]*\) \([[^ ]]*\)$/ {\"\2\", (void *) \&\2},/p'" +lt_cv_sys_global_symbol_to_c_name_address_lib_prefix="sed -n -e 's/^: \([[^ ]]*\)[[ ]]*$/ {\\\"\1\\\", (void *) 0},/p' -e 's/^$symcode* \([[^ ]]*\) \(lib[[^ ]]*\)$/ {\"\2\", (void *) \&\2},/p' -e 's/^$symcode* \([[^ ]]*\) \([[^ ]]*\)$/ {\"lib\2\", (void *) \&\2},/p'" + +# Handle CRLF in mingw tool chain +opt_cr= +case $build_os in +mingw*) + opt_cr=`$ECHO 'x\{0,1\}' | tr x '\015'` # option cr in regexp + ;; +esac + +# Try without a prefix underscore, then with it. +for ac_symprfx in "" "_"; do + + # Transform symcode, sympat, and symprfx into a raw symbol and a C symbol. + symxfrm="\\1 $ac_symprfx\\2 \\2" + + # Write the raw and C identifiers. + if test "$lt_cv_nm_interface" = "MS dumpbin"; then + # Fake it for dumpbin and say T for any non-static function + # and D for any global variable. + # Also find C++ and __fastcall symbols from MSVC++, + # which start with @ or ?. + lt_cv_sys_global_symbol_pipe="$AWK ['"\ +" {last_section=section; section=\$ 3};"\ +" /^COFF SYMBOL TABLE/{for(i in hide) delete hide[i]};"\ +" /Section length .*#relocs.*(pick any)/{hide[last_section]=1};"\ +" \$ 0!~/External *\|/{next};"\ +" / 0+ UNDEF /{next}; / UNDEF \([^|]\)*()/{next};"\ +" {if(hide[section]) next};"\ +" {f=0}; \$ 0~/\(\).*\|/{f=1}; {printf f ? \"T \" : \"D \"};"\ +" {split(\$ 0, a, /\||\r/); split(a[2], s)};"\ +" s[1]~/^[@?]/{print s[1], s[1]; next};"\ +" s[1]~prfx {split(s[1],t,\"@\"); print t[1], substr(t[1],length(prfx))}"\ +" ' prfx=^$ac_symprfx]" + else + lt_cv_sys_global_symbol_pipe="sed -n -e 's/^.*[[ ]]\($symcode$symcode*\)[[ ]][[ ]]*$ac_symprfx$sympat$opt_cr$/$symxfrm/p'" + fi + lt_cv_sys_global_symbol_pipe="$lt_cv_sys_global_symbol_pipe | sed '/ __gnu_lto/d'" + + # Check to see that the pipe works correctly. + pipe_works=no + + rm -f conftest* + cat > conftest.$ac_ext <<_LT_EOF +#ifdef __cplusplus +extern "C" { +#endif +char nm_test_var; +void nm_test_func(void); +void nm_test_func(void){} +#ifdef __cplusplus +} +#endif +int main(){nm_test_var='a';nm_test_func();return(0);} +_LT_EOF + + if AC_TRY_EVAL(ac_compile); then + # Now try to grab the symbols. + nlist=conftest.nm + if AC_TRY_EVAL(NM conftest.$ac_objext \| "$lt_cv_sys_global_symbol_pipe" \> $nlist) && test -s "$nlist"; then + # Try sorting and uniquifying the output. + if sort "$nlist" | uniq > "$nlist"T; then + mv -f "$nlist"T "$nlist" + else + rm -f "$nlist"T + fi + + # Make sure that we snagged all the symbols we need. + if $GREP ' nm_test_var$' "$nlist" >/dev/null; then + if $GREP ' nm_test_func$' "$nlist" >/dev/null; then + cat <<_LT_EOF > conftest.$ac_ext +/* Keep this code in sync between libtool.m4, ltmain, lt_system.h, and tests. */ +#if defined(_WIN32) || defined(__CYGWIN__) || defined(_WIN32_WCE) +/* DATA imports from DLLs on WIN32 con't be const, because runtime + relocations are performed -- see ld's documentation on pseudo-relocs. */ +# define LT@&t@_DLSYM_CONST +#elif defined(__osf__) +/* This system does not cope well with relocations in const data. */ +# define LT@&t@_DLSYM_CONST +#else +# define LT@&t@_DLSYM_CONST const +#endif + +#ifdef __cplusplus +extern "C" { +#endif + +_LT_EOF + # Now generate the symbol file. + eval "$lt_cv_sys_global_symbol_to_cdecl"' < "$nlist" | $GREP -v main >> conftest.$ac_ext' + + cat <<_LT_EOF >> conftest.$ac_ext + +/* The mapping between symbol names and symbols. */ +LT@&t@_DLSYM_CONST struct { + const char *name; + void *address; +} +lt__PROGRAM__LTX_preloaded_symbols[[]] = +{ + { "@PROGRAM@", (void *) 0 }, +_LT_EOF + $SED "s/^$symcode$symcode* \(.*\) \(.*\)$/ {\"\2\", (void *) \&\2},/" < "$nlist" | $GREP -v main >> conftest.$ac_ext + cat <<\_LT_EOF >> conftest.$ac_ext + {0, (void *) 0} +}; + +/* This works around a problem in FreeBSD linker */ +#ifdef FREEBSD_WORKAROUND +static const void *lt_preloaded_setup() { + return lt__PROGRAM__LTX_preloaded_symbols; +} +#endif + +#ifdef __cplusplus +} +#endif +_LT_EOF + # Now try linking the two files. + mv conftest.$ac_objext conftstm.$ac_objext + lt_globsym_save_LIBS=$LIBS + lt_globsym_save_CFLAGS=$CFLAGS + LIBS="conftstm.$ac_objext" + CFLAGS="$CFLAGS$_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)" + if AC_TRY_EVAL(ac_link) && test -s conftest${ac_exeext}; then + pipe_works=yes + fi + LIBS=$lt_globsym_save_LIBS + CFLAGS=$lt_globsym_save_CFLAGS + else + echo "cannot find nm_test_func in $nlist" >&AS_MESSAGE_LOG_FD + fi + else + echo "cannot find nm_test_var in $nlist" >&AS_MESSAGE_LOG_FD + fi + else + echo "cannot run $lt_cv_sys_global_symbol_pipe" >&AS_MESSAGE_LOG_FD + fi + else + echo "$progname: failed program was:" >&AS_MESSAGE_LOG_FD + cat conftest.$ac_ext >&5 + fi + rm -rf conftest* conftst* + + # Do not use the global_symbol_pipe unless it works. + if test "$pipe_works" = yes; then + break + else + lt_cv_sys_global_symbol_pipe= + fi +done +]) +if test -z "$lt_cv_sys_global_symbol_pipe"; then + lt_cv_sys_global_symbol_to_cdecl= +fi +if test -z "$lt_cv_sys_global_symbol_pipe$lt_cv_sys_global_symbol_to_cdecl"; then + AC_MSG_RESULT(failed) +else + AC_MSG_RESULT(ok) +fi + +# Response file support. +if test "$lt_cv_nm_interface" = "MS dumpbin"; then + nm_file_list_spec='@' +elif $NM --help 2>/dev/null | grep '[[@]]FILE' >/dev/null; then + nm_file_list_spec='@' +fi + +_LT_DECL([global_symbol_pipe], [lt_cv_sys_global_symbol_pipe], [1], + [Take the output of nm and produce a listing of raw symbols and C names]) +_LT_DECL([global_symbol_to_cdecl], [lt_cv_sys_global_symbol_to_cdecl], [1], + [Transform the output of nm in a proper C declaration]) +_LT_DECL([global_symbol_to_c_name_address], + [lt_cv_sys_global_symbol_to_c_name_address], [1], + [Transform the output of nm in a C name address pair]) +_LT_DECL([global_symbol_to_c_name_address_lib_prefix], + [lt_cv_sys_global_symbol_to_c_name_address_lib_prefix], [1], + [Transform the output of nm in a C name address pair when lib prefix is needed]) +_LT_DECL([], [nm_file_list_spec], [1], + [Specify filename containing input files for $NM]) +]) # _LT_CMD_GLOBAL_SYMBOLS + + +# _LT_COMPILER_PIC([TAGNAME]) +# --------------------------- +m4_defun([_LT_COMPILER_PIC], +[m4_require([_LT_TAG_COMPILER])dnl +_LT_TAGVAR(lt_prog_compiler_wl, $1)= +_LT_TAGVAR(lt_prog_compiler_pic, $1)= +_LT_TAGVAR(lt_prog_compiler_static, $1)= + +m4_if([$1], [CXX], [ + # C++ specific cases for pic, static, wl, etc. + if test "$GXX" = yes; then + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-static' + + case $host_os in + aix*) + # All AIX code is PIC. + if test "$host_cpu" = ia64; then + # AIX 5 now supports IA64 processor + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + fi + ;; + + amigaos*) + case $host_cpu in + powerpc) + # see comment about AmigaOS4 .so support + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' + ;; + m68k) + # FIXME: we need at least 68020 code to build shared libraries, but + # adding the `-m68020' flag to GCC prevents building anything better, + # like `-m68040'. + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-m68020 -resident32 -malways-restore-a4' + ;; + esac + ;; + + beos* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*) + # PIC is the default for these OSes. + ;; + mingw* | cygwin* | os2* | pw32* | cegcc*) + # This hack is so that the source file can tell whether it is being + # built for inclusion in a dll (and should export symbols for example). + # Although the cygwin gcc ignores -fPIC, still need this for old-style + # (--disable-auto-import) libraries + m4_if([$1], [GCJ], [], + [_LT_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT']) + ;; + darwin* | rhapsody*) + # PIC is the default on this platform + # Common symbols not allowed in MH_DYLIB files + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fno-common' + ;; + *djgpp*) + # DJGPP does not support shared libraries at all + _LT_TAGVAR(lt_prog_compiler_pic, $1)= + ;; + haiku*) + # PIC is the default for Haiku. + # The "-static" flag exists, but is broken. + _LT_TAGVAR(lt_prog_compiler_static, $1)= + ;; + interix[[3-9]]*) + # Interix 3.x gcc -fpic/-fPIC options generate broken code. + # Instead, we relocate shared libraries at runtime. + ;; + sysv4*MP*) + if test -d /usr/nec; then + _LT_TAGVAR(lt_prog_compiler_pic, $1)=-Kconform_pic + fi + ;; + hpux*) + # PIC is the default for 64-bit PA HP-UX, but not for 32-bit + # PA HP-UX. On IA64 HP-UX, PIC is the default but the pic flag + # sets the default TLS model and affects inlining. + case $host_cpu in + hppa*64*) + ;; + *) + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' + ;; + esac + ;; + *qnx* | *nto*) + # QNX uses GNU C++, but need to define -shared option too, otherwise + # it will coredump. + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC -shared' + ;; + *) + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' + ;; + esac + else + case $host_os in + aix[[4-9]]*) + # All AIX code is PIC. + if test "$host_cpu" = ia64; then + # AIX 5 now supports IA64 processor + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + else + _LT_TAGVAR(lt_prog_compiler_static, $1)='-bnso -bI:/lib/syscalls.exp' + fi + ;; + chorus*) + case $cc_basename in + cxch68*) + # Green Hills C++ Compiler + # _LT_TAGVAR(lt_prog_compiler_static, $1)="--no_auto_instantiation -u __main -u __premain -u _abort -r $COOL_DIR/lib/libOrb.a $MVME_DIR/lib/CC/libC.a $MVME_DIR/lib/classix/libcx.s.a" + ;; + esac + ;; + mingw* | cygwin* | os2* | pw32* | cegcc*) + # This hack is so that the source file can tell whether it is being + # built for inclusion in a dll (and should export symbols for example). + m4_if([$1], [GCJ], [], + [_LT_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT']) + ;; + dgux*) + case $cc_basename in + ec++*) + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' + ;; + ghcx*) + # Green Hills C++ Compiler + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic' + ;; + *) + ;; + esac + ;; + freebsd* | dragonfly*) + # FreeBSD uses GNU C++ + ;; + hpux9* | hpux10* | hpux11*) + case $cc_basename in + CC*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_static, $1)='${wl}-a ${wl}archive' + if test "$host_cpu" != ia64; then + _LT_TAGVAR(lt_prog_compiler_pic, $1)='+Z' + fi + ;; + aCC*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_static, $1)='${wl}-a ${wl}archive' + case $host_cpu in + hppa*64*|ia64*) + # +Z the default + ;; + *) + _LT_TAGVAR(lt_prog_compiler_pic, $1)='+Z' + ;; + esac + ;; + *) + ;; + esac + ;; + interix*) + # This is c89, which is MS Visual C++ (no shared libs) + # Anyone wants to do a port? + ;; + irix5* | irix6* | nonstopux*) + case $cc_basename in + CC*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' + # CC pic flag -KPIC is the default. + ;; + *) + ;; + esac + ;; + linux* | k*bsd*-gnu | kopensolaris*-gnu) + case $cc_basename in + KCC*) + # KAI C++ Compiler + _LT_TAGVAR(lt_prog_compiler_wl, $1)='--backend -Wl,' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' + ;; + ecpc* ) + # old Intel C++ for x86_64 which still supported -KPIC. + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-static' + ;; + icpc* ) + # Intel C++, used to be incompatible with GCC. + # ICC 10 doesn't accept -KPIC any more. + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-static' + ;; + pgCC* | pgcpp*) + # Portland Group C++ compiler + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fpic' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + ;; + cxx*) + # Compaq C++ + # Make sure the PIC flag is empty. It appears that all Alpha + # Linux and Compaq Tru64 Unix objects are PIC. + _LT_TAGVAR(lt_prog_compiler_pic, $1)= + _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' + ;; + xlc* | xlC* | bgxl[[cC]]* | mpixl[[cC]]*) + # IBM XL 8.0, 9.0 on PPC and BlueGene + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-qpic' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-qstaticlink' + ;; + *) + case `$CC -V 2>&1 | sed 5q` in + *Sun\ C*) + # Sun C++ 5.9 + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld ' + ;; + esac + ;; + esac + ;; + lynxos*) + ;; + m88k*) + ;; + mvs*) + case $cc_basename in + cxx*) + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-W c,exportall' + ;; + *) + ;; + esac + ;; + netbsd*) + ;; + *qnx* | *nto*) + # QNX uses GNU C++, but need to define -shared option too, otherwise + # it will coredump. + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC -shared' + ;; + osf3* | osf4* | osf5*) + case $cc_basename in + KCC*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='--backend -Wl,' + ;; + RCC*) + # Rational C++ 2.4.1 + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic' + ;; + cxx*) + # Digital/Compaq C++ + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + # Make sure the PIC flag is empty. It appears that all Alpha + # Linux and Compaq Tru64 Unix objects are PIC. + _LT_TAGVAR(lt_prog_compiler_pic, $1)= + _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' + ;; + *) + ;; + esac + ;; + psos*) + ;; + solaris*) + case $cc_basename in + CC* | sunCC*) + # Sun C++ 4.2, 5.x and Centerline C++ + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld ' + ;; + gcx*) + # Green Hills C++ Compiler + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-PIC' + ;; + *) + ;; + esac + ;; + sunos4*) + case $cc_basename in + CC*) + # Sun C++ 4.x + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + ;; + lcc*) + # Lucid + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic' + ;; + *) + ;; + esac + ;; + sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*) + case $cc_basename in + CC*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + ;; + esac + ;; + tandem*) + case $cc_basename in + NCC*) + # NonStop-UX NCC 3.20 + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' + ;; + *) + ;; + esac + ;; + vxworks*) + ;; + *) + _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no + ;; + esac + fi +], +[ + if test "$GCC" = yes; then + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-static' + + case $host_os in + aix*) + # All AIX code is PIC. + if test "$host_cpu" = ia64; then + # AIX 5 now supports IA64 processor + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + fi + ;; + + amigaos*) + case $host_cpu in + powerpc) + # see comment about AmigaOS4 .so support + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' + ;; + m68k) + # FIXME: we need at least 68020 code to build shared libraries, but + # adding the `-m68020' flag to GCC prevents building anything better, + # like `-m68040'. + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-m68020 -resident32 -malways-restore-a4' + ;; + esac + ;; + + beos* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*) + # PIC is the default for these OSes. + ;; + + mingw* | cygwin* | pw32* | os2* | cegcc*) + # This hack is so that the source file can tell whether it is being + # built for inclusion in a dll (and should export symbols for example). + # Although the cygwin gcc ignores -fPIC, still need this for old-style + # (--disable-auto-import) libraries + m4_if([$1], [GCJ], [], + [_LT_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT']) + ;; + + darwin* | rhapsody*) + # PIC is the default on this platform + # Common symbols not allowed in MH_DYLIB files + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fno-common' + ;; + + haiku*) + # PIC is the default for Haiku. + # The "-static" flag exists, but is broken. + _LT_TAGVAR(lt_prog_compiler_static, $1)= + ;; + + hpux*) + # PIC is the default for 64-bit PA HP-UX, but not for 32-bit + # PA HP-UX. On IA64 HP-UX, PIC is the default but the pic flag + # sets the default TLS model and affects inlining. + case $host_cpu in + hppa*64*) + # +Z the default + ;; + *) + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' + ;; + esac + ;; + + interix[[3-9]]*) + # Interix 3.x gcc -fpic/-fPIC options generate broken code. + # Instead, we relocate shared libraries at runtime. + ;; + + msdosdjgpp*) + # Just because we use GCC doesn't mean we suddenly get shared libraries + # on systems that don't support them. + _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no + enable_shared=no + ;; + + *nto* | *qnx*) + # QNX uses GNU C++, but need to define -shared option too, otherwise + # it will coredump. + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC -shared' + ;; + + sysv4*MP*) + if test -d /usr/nec; then + _LT_TAGVAR(lt_prog_compiler_pic, $1)=-Kconform_pic + fi + ;; + + *) + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' + ;; + esac + + case $cc_basename in + nvcc*) # Cuda Compiler Driver 2.2 + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Xlinker ' + if test -n "$_LT_TAGVAR(lt_prog_compiler_pic, $1)"; then + _LT_TAGVAR(lt_prog_compiler_pic, $1)="-Xcompiler $_LT_TAGVAR(lt_prog_compiler_pic, $1)" + fi + ;; + esac + else + # PORTME Check for flag to pass linker flags through the system compiler. + case $host_os in + aix*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + if test "$host_cpu" = ia64; then + # AIX 5 now supports IA64 processor + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + else + _LT_TAGVAR(lt_prog_compiler_static, $1)='-bnso -bI:/lib/syscalls.exp' + fi + ;; + + mingw* | cygwin* | pw32* | os2* | cegcc*) + # This hack is so that the source file can tell whether it is being + # built for inclusion in a dll (and should export symbols for example). + m4_if([$1], [GCJ], [], + [_LT_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT']) + ;; + + hpux9* | hpux10* | hpux11*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but + # not for PA HP-UX. + case $host_cpu in + hppa*64*|ia64*) + # +Z the default + ;; + *) + _LT_TAGVAR(lt_prog_compiler_pic, $1)='+Z' + ;; + esac + # Is there a better lt_prog_compiler_static that works with the bundled CC? + _LT_TAGVAR(lt_prog_compiler_static, $1)='${wl}-a ${wl}archive' + ;; + + irix5* | irix6* | nonstopux*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + # PIC (with -KPIC) is the default. + _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' + ;; + + linux* | k*bsd*-gnu | kopensolaris*-gnu) + case $cc_basename in + # old Intel for x86_64 which still supported -KPIC. + ecc*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-static' + ;; + # icc used to be incompatible with GCC. + # ICC 10 doesn't accept -KPIC any more. + icc* | ifort*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-static' + ;; + # Lahey Fortran 8.1. + lf95*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='--shared' + _LT_TAGVAR(lt_prog_compiler_static, $1)='--static' + ;; + nagfor*) + # NAG Fortran compiler + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,-Wl,,' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-PIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + ;; + pgcc* | pgf77* | pgf90* | pgf95* | pgfortran*) + # Portland Group compilers (*not* the Pentium gcc compiler, + # which looks to be a dead project) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fpic' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + ;; + ccc*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + # All Alpha code is PIC. + _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' + ;; + xl* | bgxl* | bgf* | mpixl*) + # IBM XL C 8.0/Fortran 10.1, 11.1 on PPC and BlueGene + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-qpic' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-qstaticlink' + ;; + *) + case `$CC -V 2>&1 | sed 5q` in + *Sun\ Ceres\ Fortran* | *Sun*Fortran*\ [[1-7]].* | *Sun*Fortran*\ 8.[[0-3]]*) + # Sun Fortran 8.3 passes all unrecognized flags to the linker + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + _LT_TAGVAR(lt_prog_compiler_wl, $1)='' + ;; + *Sun\ F* | *Sun*Fortran*) + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld ' + ;; + *Sun\ C*) + # Sun C 5.9 + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + ;; + *Intel*\ [[CF]]*Compiler*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-static' + ;; + *Portland\ Group*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fpic' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + ;; + esac + ;; + esac + ;; + + newsos6) + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + ;; + + *nto* | *qnx*) + # QNX uses GNU C++, but need to define -shared option too, otherwise + # it will coredump. + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC -shared' + ;; + + osf3* | osf4* | osf5*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + # All OSF/1 code is PIC. + _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' + ;; + + rdos*) + _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' + ;; + + solaris*) + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + case $cc_basename in + f77* | f90* | f95* | sunf77* | sunf90* | sunf95*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld ';; + *) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,';; + esac + ;; + + sunos4*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld ' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-PIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + ;; + + sysv4 | sysv4.2uw2* | sysv4.3*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + ;; + + sysv4*MP*) + if test -d /usr/nec ;then + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-Kconform_pic' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + fi + ;; + + sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + ;; + + unicos*) + _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' + _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no + ;; + + uts4*) + _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic' + _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' + ;; + + *) + _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no + ;; + esac + fi +]) +case $host_os in + # For platforms which do not support PIC, -DPIC is meaningless: + *djgpp*) + _LT_TAGVAR(lt_prog_compiler_pic, $1)= + ;; + *) + _LT_TAGVAR(lt_prog_compiler_pic, $1)="$_LT_TAGVAR(lt_prog_compiler_pic, $1)@&t@m4_if([$1],[],[ -DPIC],[m4_if([$1],[CXX],[ -DPIC],[])])" + ;; +esac + +AC_CACHE_CHECK([for $compiler option to produce PIC], + [_LT_TAGVAR(lt_cv_prog_compiler_pic, $1)], + [_LT_TAGVAR(lt_cv_prog_compiler_pic, $1)=$_LT_TAGVAR(lt_prog_compiler_pic, $1)]) +_LT_TAGVAR(lt_prog_compiler_pic, $1)=$_LT_TAGVAR(lt_cv_prog_compiler_pic, $1) + +# +# Check to make sure the PIC flag actually works. +# +if test -n "$_LT_TAGVAR(lt_prog_compiler_pic, $1)"; then + _LT_COMPILER_OPTION([if $compiler PIC flag $_LT_TAGVAR(lt_prog_compiler_pic, $1) works], + [_LT_TAGVAR(lt_cv_prog_compiler_pic_works, $1)], + [$_LT_TAGVAR(lt_prog_compiler_pic, $1)@&t@m4_if([$1],[],[ -DPIC],[m4_if([$1],[CXX],[ -DPIC],[])])], [], + [case $_LT_TAGVAR(lt_prog_compiler_pic, $1) in + "" | " "*) ;; + *) _LT_TAGVAR(lt_prog_compiler_pic, $1)=" $_LT_TAGVAR(lt_prog_compiler_pic, $1)" ;; + esac], + [_LT_TAGVAR(lt_prog_compiler_pic, $1)= + _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no]) +fi +_LT_TAGDECL([pic_flag], [lt_prog_compiler_pic], [1], + [Additional compiler flags for building library objects]) + +_LT_TAGDECL([wl], [lt_prog_compiler_wl], [1], + [How to pass a linker flag through the compiler]) +# +# Check to make sure the static flag actually works. +# +wl=$_LT_TAGVAR(lt_prog_compiler_wl, $1) eval lt_tmp_static_flag=\"$_LT_TAGVAR(lt_prog_compiler_static, $1)\" +_LT_LINKER_OPTION([if $compiler static flag $lt_tmp_static_flag works], + _LT_TAGVAR(lt_cv_prog_compiler_static_works, $1), + $lt_tmp_static_flag, + [], + [_LT_TAGVAR(lt_prog_compiler_static, $1)=]) +_LT_TAGDECL([link_static_flag], [lt_prog_compiler_static], [1], + [Compiler flag to prevent dynamic linking]) +])# _LT_COMPILER_PIC + + +# _LT_LINKER_SHLIBS([TAGNAME]) +# ---------------------------- +# See if the linker supports building shared libraries. +m4_defun([_LT_LINKER_SHLIBS], +[AC_REQUIRE([LT_PATH_LD])dnl +AC_REQUIRE([LT_PATH_NM])dnl +m4_require([_LT_PATH_MANIFEST_TOOL])dnl +m4_require([_LT_FILEUTILS_DEFAULTS])dnl +m4_require([_LT_DECL_EGREP])dnl +m4_require([_LT_DECL_SED])dnl +m4_require([_LT_CMD_GLOBAL_SYMBOLS])dnl +m4_require([_LT_TAG_COMPILER])dnl +AC_MSG_CHECKING([whether the $compiler linker ($LD) supports shared libraries]) +m4_if([$1], [CXX], [ + _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols' + _LT_TAGVAR(exclude_expsyms, $1)=['_GLOBAL_OFFSET_TABLE_|_GLOBAL__F[ID]_.*'] + case $host_os in + aix[[4-9]]*) + # If we're using GNU nm, then we don't want the "-C" option. + # -C means demangle to AIX nm, but means don't demangle with GNU nm + # Also, AIX nm treats weak defined symbols like other global defined + # symbols, whereas GNU nm marks them as "W". + if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then + _LT_TAGVAR(export_symbols_cmds, $1)='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W")) && ([substr](\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols' + else + _LT_TAGVAR(export_symbols_cmds, $1)='$NM -BCpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B")) && ([substr](\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols' + fi + ;; + pw32*) + _LT_TAGVAR(export_symbols_cmds, $1)="$ltdll_cmds" + ;; + cygwin* | mingw* | cegcc*) + case $cc_basename in + cl*) + _LT_TAGVAR(exclude_expsyms, $1)='_NULL_IMPORT_DESCRIPTOR|_IMPORT_DESCRIPTOR_.*' + ;; + *) + _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]][[ ]]/s/.*[[ ]]\([[^ ]]*\)/\1 DATA/;s/^.*[[ ]]__nm__\([[^ ]]*\)[[ ]][[^ ]]*/\1 DATA/;/^I[[ ]]/d;/^[[AITW]][[ ]]/s/.* //'\'' | sort | uniq > $export_symbols' + _LT_TAGVAR(exclude_expsyms, $1)=['[_]+GLOBAL_OFFSET_TABLE_|[_]+GLOBAL__[FID]_.*|[_]+head_[A-Za-z0-9_]+_dll|[A-Za-z0-9_]+_dll_iname'] + ;; + esac + ;; + *) + _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols' + ;; + esac +], [ + runpath_var= + _LT_TAGVAR(allow_undefined_flag, $1)= + _LT_TAGVAR(always_export_symbols, $1)=no + _LT_TAGVAR(archive_cmds, $1)= + _LT_TAGVAR(archive_expsym_cmds, $1)= + _LT_TAGVAR(compiler_needs_object, $1)=no + _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no + _LT_TAGVAR(export_dynamic_flag_spec, $1)= + _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols' + _LT_TAGVAR(hardcode_automatic, $1)=no + _LT_TAGVAR(hardcode_direct, $1)=no + _LT_TAGVAR(hardcode_direct_absolute, $1)=no + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)= + _LT_TAGVAR(hardcode_libdir_separator, $1)= + _LT_TAGVAR(hardcode_minus_L, $1)=no + _LT_TAGVAR(hardcode_shlibpath_var, $1)=unsupported + _LT_TAGVAR(inherit_rpath, $1)=no + _LT_TAGVAR(link_all_deplibs, $1)=unknown + _LT_TAGVAR(module_cmds, $1)= + _LT_TAGVAR(module_expsym_cmds, $1)= + _LT_TAGVAR(old_archive_from_new_cmds, $1)= + _LT_TAGVAR(old_archive_from_expsyms_cmds, $1)= + _LT_TAGVAR(thread_safe_flag_spec, $1)= + _LT_TAGVAR(whole_archive_flag_spec, $1)= + # include_expsyms should be a list of space-separated symbols to be *always* + # included in the symbol list + _LT_TAGVAR(include_expsyms, $1)= + # exclude_expsyms can be an extended regexp of symbols to exclude + # it will be wrapped by ` (' and `)$', so one must not match beginning or + # end of line. Example: `a|bc|.*d.*' will exclude the symbols `a' and `bc', + # as well as any symbol that contains `d'. + _LT_TAGVAR(exclude_expsyms, $1)=['_GLOBAL_OFFSET_TABLE_|_GLOBAL__F[ID]_.*'] + # Although _GLOBAL_OFFSET_TABLE_ is a valid symbol C name, most a.out + # platforms (ab)use it in PIC code, but their linkers get confused if + # the symbol is explicitly referenced. Since portable code cannot + # rely on this symbol name, it's probably fine to never include it in + # preloaded symbol tables. + # Exclude shared library initialization/finalization symbols. +dnl Note also adjust exclude_expsyms for C++ above. + extract_expsyms_cmds= + + case $host_os in + cygwin* | mingw* | pw32* | cegcc*) + # FIXME: the MSVC++ port hasn't been tested in a loooong time + # When not using gcc, we currently assume that we are using + # Microsoft Visual C++. + if test "$GCC" != yes; then + with_gnu_ld=no + fi + ;; + interix*) + # we just hope/assume this is gcc and not c89 (= MSVC++) + with_gnu_ld=yes + ;; + openbsd*) + with_gnu_ld=no + ;; + esac + + _LT_TAGVAR(ld_shlibs, $1)=yes + + # On some targets, GNU ld is compatible enough with the native linker + # that we're better off using the native interface for both. + lt_use_gnu_ld_interface=no + if test "$with_gnu_ld" = yes; then + case $host_os in + aix*) + # The AIX port of GNU ld has always aspired to compatibility + # with the native linker. However, as the warning in the GNU ld + # block says, versions before 2.19.5* couldn't really create working + # shared libraries, regardless of the interface used. + case `$LD -v 2>&1` in + *\ \(GNU\ Binutils\)\ 2.19.5*) ;; + *\ \(GNU\ Binutils\)\ 2.[[2-9]]*) ;; + *\ \(GNU\ Binutils\)\ [[3-9]]*) ;; + *) + lt_use_gnu_ld_interface=yes + ;; + esac + ;; + *) + lt_use_gnu_ld_interface=yes + ;; + esac + fi + + if test "$lt_use_gnu_ld_interface" = yes; then + # If archive_cmds runs LD, not CC, wlarc should be empty + wlarc='${wl}' + + # Set some defaults for GNU ld with shared library support. These + # are reset later if shared libraries are not supported. Putting them + # here allows them to be overridden if necessary. + runpath_var=LD_RUN_PATH + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic' + # ancient GNU ld didn't support --whole-archive et. al. + if $LD --help 2>&1 | $GREP 'no-whole-archive' > /dev/null; then + _LT_TAGVAR(whole_archive_flag_spec, $1)="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive' + else + _LT_TAGVAR(whole_archive_flag_spec, $1)= + fi + supports_anon_versioning=no + case `$LD -v 2>&1` in + *GNU\ gold*) supports_anon_versioning=yes ;; + *\ [[01]].* | *\ 2.[[0-9]].* | *\ 2.10.*) ;; # catch versions < 2.11 + *\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ... + *\ 2.11.92.0.12\ *) supports_anon_versioning=yes ;; # Mandrake 8.2 ... + *\ 2.11.*) ;; # other 2.11 versions + *) supports_anon_versioning=yes ;; + esac + + # See if GNU ld supports shared libraries. + case $host_os in + aix[[3-9]]*) + # On AIX/PPC, the GNU linker is very broken + if test "$host_cpu" != ia64; then + _LT_TAGVAR(ld_shlibs, $1)=no + cat <<_LT_EOF 1>&2 + +*** Warning: the GNU linker, at least up to release 2.19, is reported +*** to be unable to reliably create shared libraries on AIX. +*** Therefore, libtool is disabling shared libraries support. If you +*** really care for shared libraries, you may want to install binutils +*** 2.20 or above, or modify your PATH so that a non-GNU linker is found. +*** You will then need to restart the configuration process. + +_LT_EOF + fi + ;; + + amigaos*) + case $host_cpu in + powerpc) + # see comment about AmigaOS4 .so support + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='' + ;; + m68k) + _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/a2ixlibrary.data~$ECHO "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$ECHO "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$ECHO "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$ECHO "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' + _LT_TAGVAR(hardcode_minus_L, $1)=yes + ;; + esac + ;; + + beos*) + if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then + _LT_TAGVAR(allow_undefined_flag, $1)=unsupported + # Joseph Beckenbach says some releases of gcc + # support --undefined. This deserves some investigation. FIXME + _LT_TAGVAR(archive_cmds, $1)='$CC -nostart $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + else + _LT_TAGVAR(ld_shlibs, $1)=no + fi + ;; + + cygwin* | mingw* | pw32* | cegcc*) + # _LT_TAGVAR(hardcode_libdir_flag_spec, $1) is actually meaningless, + # as there is no search path for DLLs. + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-all-symbols' + _LT_TAGVAR(allow_undefined_flag, $1)=unsupported + _LT_TAGVAR(always_export_symbols, $1)=no + _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes + _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]][[ ]]/s/.*[[ ]]\([[^ ]]*\)/\1 DATA/;s/^.*[[ ]]__nm__\([[^ ]]*\)[[ ]][[^ ]]*/\1 DATA/;/^I[[ ]]/d;/^[[AITW]][[ ]]/s/.* //'\'' | sort | uniq > $export_symbols' + _LT_TAGVAR(exclude_expsyms, $1)=['[_]+GLOBAL_OFFSET_TABLE_|[_]+GLOBAL__[FID]_.*|[_]+head_[A-Za-z0-9_]+_dll|[A-Za-z0-9_]+_dll_iname'] + + if $LD --help 2>&1 | $GREP 'auto-import' > /dev/null; then + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' + # If the export-symbols file already is a .def file (1st line + # is EXPORTS), use it as is; otherwise, prepend... + _LT_TAGVAR(archive_expsym_cmds, $1)='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then + cp $export_symbols $output_objdir/$soname.def; + else + echo EXPORTS > $output_objdir/$soname.def; + cat $export_symbols >> $output_objdir/$soname.def; + fi~ + $CC -shared $output_objdir/$soname.def $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' + else + _LT_TAGVAR(ld_shlibs, $1)=no + fi + ;; + + haiku*) + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + _LT_TAGVAR(link_all_deplibs, $1)=yes + ;; + + interix[[3-9]]*) + _LT_TAGVAR(hardcode_direct, $1)=no + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' + # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc. + # Instead, shared libraries are loaded at an image base (0x10000000 by + # default) and relocated if they conflict, which is a slow very memory + # consuming and fragmenting process. To avoid this, we pick a random, + # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link + # time. Moving up from 0x10000000 also allows more sbrk(2) space. + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='sed "s,^,_," $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--retain-symbols-file,$output_objdir/$soname.expsym ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' + ;; + + gnu* | linux* | tpf* | k*bsd*-gnu | kopensolaris*-gnu) + tmp_diet=no + if test "$host_os" = linux-dietlibc; then + case $cc_basename in + diet\ *) tmp_diet=yes;; # linux-dietlibc with static linking (!diet-dyn) + esac + fi + if $LD --help 2>&1 | $EGREP ': supported targets:.* elf' > /dev/null \ + && test "$tmp_diet" = no + then + tmp_addflag=' $pic_flag' + tmp_sharedflag='-shared' + case $cc_basename,$host_cpu in + pgcc*) # Portland Group C compiler + _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` ${wl}--no-whole-archive' + tmp_addflag=' $pic_flag' + ;; + pgf77* | pgf90* | pgf95* | pgfortran*) + # Portland Group f77 and f90 compilers + _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` ${wl}--no-whole-archive' + tmp_addflag=' $pic_flag -Mnomain' ;; + ecc*,ia64* | icc*,ia64*) # Intel C compiler on ia64 + tmp_addflag=' -i_dynamic' ;; + efc*,ia64* | ifort*,ia64*) # Intel Fortran compiler on ia64 + tmp_addflag=' -i_dynamic -nofor_main' ;; + ifc* | ifort*) # Intel Fortran compiler + tmp_addflag=' -nofor_main' ;; + lf95*) # Lahey Fortran 8.1 + _LT_TAGVAR(whole_archive_flag_spec, $1)= + tmp_sharedflag='--shared' ;; + xl[[cC]]* | bgxl[[cC]]* | mpixl[[cC]]*) # IBM XL C 8.0 on PPC (deal with xlf below) + tmp_sharedflag='-qmkshrobj' + tmp_addflag= ;; + nvcc*) # Cuda Compiler Driver 2.2 + _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` ${wl}--no-whole-archive' + _LT_TAGVAR(compiler_needs_object, $1)=yes + ;; + esac + case `$CC -V 2>&1 | sed 5q` in + *Sun\ C*) # Sun C 5.9 + _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` ${wl}--no-whole-archive' + _LT_TAGVAR(compiler_needs_object, $1)=yes + tmp_sharedflag='-G' ;; + *Sun\ F*) # Sun Fortran 8.3 + tmp_sharedflag='-G' ;; + esac + _LT_TAGVAR(archive_cmds, $1)='$CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + + if test "x$supports_anon_versioning" = xyes; then + _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~ + cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ + echo "local: *; };" >> $output_objdir/$libname.ver~ + $CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-version-script ${wl}$output_objdir/$libname.ver -o $lib' + fi + + case $cc_basename in + xlf* | bgf* | bgxlf* | mpixlf*) + # IBM XL Fortran 10.1 on PPC cannot create shared libs itself + _LT_TAGVAR(whole_archive_flag_spec, $1)='--whole-archive$convenience --no-whole-archive' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' + _LT_TAGVAR(archive_cmds, $1)='$LD -shared $libobjs $deplibs $linker_flags -soname $soname -o $lib' + if test "x$supports_anon_versioning" = xyes; then + _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~ + cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ + echo "local: *; };" >> $output_objdir/$libname.ver~ + $LD -shared $libobjs $deplibs $linker_flags -soname $soname -version-script $output_objdir/$libname.ver -o $lib' + fi + ;; + esac + else + _LT_TAGVAR(ld_shlibs, $1)=no + fi + ;; + + netbsd*) + if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then + _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib' + wlarc= + else + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' + fi + ;; + + solaris*) + if $LD -v 2>&1 | $GREP 'BFD 2\.8' > /dev/null; then + _LT_TAGVAR(ld_shlibs, $1)=no + cat <<_LT_EOF 1>&2 + +*** Warning: The releases 2.8.* of the GNU linker cannot reliably +*** create shared libraries on Solaris systems. Therefore, libtool +*** is disabling shared libraries support. We urge you to upgrade GNU +*** binutils to release 2.9.1 or newer. Another option is to modify +*** your PATH or compiler configuration so that the native linker is +*** used, and then restart. + +_LT_EOF + elif $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' + else + _LT_TAGVAR(ld_shlibs, $1)=no + fi + ;; + + sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX*) + case `$LD -v 2>&1` in + *\ [[01]].* | *\ 2.[[0-9]].* | *\ 2.1[[0-5]].*) + _LT_TAGVAR(ld_shlibs, $1)=no + cat <<_LT_EOF 1>&2 + +*** Warning: Releases of the GNU linker prior to 2.16.91.0.3 can not +*** reliably create shared libraries on SCO systems. Therefore, libtool +*** is disabling shared libraries support. We urge you to upgrade GNU +*** binutils to release 2.16.91.0.3 or newer. Another option is to modify +*** your PATH or compiler configuration so that the native linker is +*** used, and then restart. + +_LT_EOF + ;; + *) + # For security reasons, it is highly recommended that you always + # use absolute paths for naming shared libraries, and exclude the + # DT_RUNPATH tag from executables and libraries. But doing so + # requires that you compile everything twice, which is a pain. + if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' + else + _LT_TAGVAR(ld_shlibs, $1)=no + fi + ;; + esac + ;; + + sunos4*) + _LT_TAGVAR(archive_cmds, $1)='$LD -assert pure-text -Bshareable -o $lib $libobjs $deplibs $linker_flags' + wlarc= + _LT_TAGVAR(hardcode_direct, $1)=yes + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + ;; + + *) + if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' + else + _LT_TAGVAR(ld_shlibs, $1)=no + fi + ;; + esac + + if test "$_LT_TAGVAR(ld_shlibs, $1)" = no; then + runpath_var= + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)= + _LT_TAGVAR(export_dynamic_flag_spec, $1)= + _LT_TAGVAR(whole_archive_flag_spec, $1)= + fi + else + # PORTME fill in a description of your system's linker (not GNU ld) + case $host_os in + aix3*) + _LT_TAGVAR(allow_undefined_flag, $1)=unsupported + _LT_TAGVAR(always_export_symbols, $1)=yes + _LT_TAGVAR(archive_expsym_cmds, $1)='$LD -o $output_objdir/$soname $libobjs $deplibs $linker_flags -bE:$export_symbols -T512 -H512 -bM:SRE~$AR $AR_FLAGS $lib $output_objdir/$soname' + # Note: this linker hardcodes the directories in LIBPATH if there + # are no directories specified by -L. + _LT_TAGVAR(hardcode_minus_L, $1)=yes + if test "$GCC" = yes && test -z "$lt_prog_compiler_static"; then + # Neither direct hardcoding nor static linking is supported with a + # broken collect2. + _LT_TAGVAR(hardcode_direct, $1)=unsupported + fi + ;; + + aix[[4-9]]*) + if test "$host_cpu" = ia64; then + # On IA64, the linker does run time linking by default, so we don't + # have to do anything special. + aix_use_runtimelinking=no + exp_sym_flag='-Bexport' + no_entry_flag="" + else + # If we're using GNU nm, then we don't want the "-C" option. + # -C means demangle to AIX nm, but means don't demangle with GNU nm + # Also, AIX nm treats weak defined symbols like other global + # defined symbols, whereas GNU nm marks them as "W". + if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then + _LT_TAGVAR(export_symbols_cmds, $1)='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W")) && ([substr](\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols' + else + _LT_TAGVAR(export_symbols_cmds, $1)='$NM -BCpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B")) && ([substr](\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols' + fi + aix_use_runtimelinking=no + + # Test if we are trying to use run time linking or normal + # AIX style linking. If -brtl is somewhere in LDFLAGS, we + # need to do runtime linking. + case $host_os in aix4.[[23]]|aix4.[[23]].*|aix[[5-9]]*) + for ld_flag in $LDFLAGS; do + if (test $ld_flag = "-brtl" || test $ld_flag = "-Wl,-brtl"); then + aix_use_runtimelinking=yes + break + fi + done + ;; + esac + + exp_sym_flag='-bexport' + no_entry_flag='-bnoentry' + fi + + # When large executables or shared objects are built, AIX ld can + # have problems creating the table of contents. If linking a library + # or program results in "error TOC overflow" add -mminimal-toc to + # CXXFLAGS/CFLAGS for g++/gcc. In the cases where that is not + # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS. + + _LT_TAGVAR(archive_cmds, $1)='' + _LT_TAGVAR(hardcode_direct, $1)=yes + _LT_TAGVAR(hardcode_direct_absolute, $1)=yes + _LT_TAGVAR(hardcode_libdir_separator, $1)=':' + _LT_TAGVAR(link_all_deplibs, $1)=yes + _LT_TAGVAR(file_list_spec, $1)='${wl}-f,' + + if test "$GCC" = yes; then + case $host_os in aix4.[[012]]|aix4.[[012]].*) + # We only want to do this on AIX 4.2 and lower, the check + # below for broken collect2 doesn't work under 4.3+ + collect2name=`${CC} -print-prog-name=collect2` + if test -f "$collect2name" && + strings "$collect2name" | $GREP resolve_lib_name >/dev/null + then + # We have reworked collect2 + : + else + # We have old collect2 + _LT_TAGVAR(hardcode_direct, $1)=unsupported + # It fails to find uninstalled libraries when the uninstalled + # path is not listed in the libpath. Setting hardcode_minus_L + # to unsupported forces relinking + _LT_TAGVAR(hardcode_minus_L, $1)=yes + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' + _LT_TAGVAR(hardcode_libdir_separator, $1)= + fi + ;; + esac + shared_flag='-shared' + if test "$aix_use_runtimelinking" = yes; then + shared_flag="$shared_flag "'${wl}-G' + fi + else + # not using gcc + if test "$host_cpu" = ia64; then + # VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release + # chokes on -Wl,-G. The following line is correct: + shared_flag='-G' + else + if test "$aix_use_runtimelinking" = yes; then + shared_flag='${wl}-G' + else + shared_flag='${wl}-bM:SRE' + fi + fi + fi + + _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-bexpall' + # It seems that -bexpall does not export symbols beginning with + # underscore (_), so it is better to generate a list of symbols to export. + _LT_TAGVAR(always_export_symbols, $1)=yes + if test "$aix_use_runtimelinking" = yes; then + # Warning - without using the other runtime loading flags (-brtl), + # -berok will link without error, but may produce a broken library. + _LT_TAGVAR(allow_undefined_flag, $1)='-berok' + # Determine the default libpath from the value encoded in an + # empty executable. + _LT_SYS_MODULE_PATH_AIX([$1]) + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-blibpath:$libdir:'"$aix_libpath" + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then func_echo_all "${wl}${allow_undefined_flag}"; else :; fi` '"\${wl}$exp_sym_flag:\$export_symbols $shared_flag" + else + if test "$host_cpu" = ia64; then + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-R $libdir:/usr/lib:/lib' + _LT_TAGVAR(allow_undefined_flag, $1)="-z nodefs" + _LT_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags ${wl}${allow_undefined_flag} '"\${wl}$exp_sym_flag:\$export_symbols" + else + # Determine the default libpath from the value encoded in an + # empty executable. + _LT_SYS_MODULE_PATH_AIX([$1]) + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-blibpath:$libdir:'"$aix_libpath" + # Warning - without using the other run time loading flags, + # -berok will link without error, but may produce a broken library. + _LT_TAGVAR(no_undefined_flag, $1)=' ${wl}-bernotok' + _LT_TAGVAR(allow_undefined_flag, $1)=' ${wl}-berok' + if test "$with_gnu_ld" = yes; then + # We only use this code for GNU lds that support --whole-archive. + _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive$convenience ${wl}--no-whole-archive' + else + # Exported symbols can be pulled into shared objects from archives + _LT_TAGVAR(whole_archive_flag_spec, $1)='$convenience' + fi + _LT_TAGVAR(archive_cmds_need_lc, $1)=yes + # This is similar to how AIX traditionally builds its shared libraries. + _LT_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs ${wl}-bnoentry $compiler_flags ${wl}-bE:$export_symbols${allow_undefined_flag}~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$soname' + fi + fi + ;; + + amigaos*) + case $host_cpu in + powerpc) + # see comment about AmigaOS4 .so support + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='' + ;; + m68k) + _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/a2ixlibrary.data~$ECHO "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$ECHO "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$ECHO "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$ECHO "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' + _LT_TAGVAR(hardcode_minus_L, $1)=yes + ;; + esac + ;; + + bsdi[[45]]*) + _LT_TAGVAR(export_dynamic_flag_spec, $1)=-rdynamic + ;; + + cygwin* | mingw* | pw32* | cegcc*) + # When not using gcc, we currently assume that we are using + # Microsoft Visual C++. + # hardcode_libdir_flag_spec is actually meaningless, as there is + # no search path for DLLs. + case $cc_basename in + cl*) + # Native MSVC + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=' ' + _LT_TAGVAR(allow_undefined_flag, $1)=unsupported + _LT_TAGVAR(always_export_symbols, $1)=yes + _LT_TAGVAR(file_list_spec, $1)='@' + # Tell ltmain to make .lib files, not .a files. + libext=lib + # Tell ltmain to make .dll files, not .so files. + shrext_cmds=".dll" + # FIXME: Setting linknames here is a bad hack. + _LT_TAGVAR(archive_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $compiler_flags $deplibs -Wl,-dll~linknames=' + _LT_TAGVAR(archive_expsym_cmds, $1)='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then + sed -n -e 's/\\\\\\\(.*\\\\\\\)/-link\\\ -EXPORT:\\\\\\\1/' -e '1\\\!p' < $export_symbols > $output_objdir/$soname.exp; + else + sed -e 's/\\\\\\\(.*\\\\\\\)/-link\\\ -EXPORT:\\\\\\\1/' < $export_symbols > $output_objdir/$soname.exp; + fi~ + $CC -o $tool_output_objdir$soname $libobjs $compiler_flags $deplibs "@$tool_output_objdir$soname.exp" -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~ + linknames=' + # The linker will not automatically build a static lib if we build a DLL. + # _LT_TAGVAR(old_archive_from_new_cmds, $1)='true' + _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes + _LT_TAGVAR(exclude_expsyms, $1)='_NULL_IMPORT_DESCRIPTOR|_IMPORT_DESCRIPTOR_.*' + _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]][[ ]]/s/.*[[ ]]\([[^ ]]*\)/\1,DATA/'\'' | $SED -e '\''/^[[AITW]][[ ]]/s/.*[[ ]]//'\'' | sort | uniq > $export_symbols' + # Don't use ranlib + _LT_TAGVAR(old_postinstall_cmds, $1)='chmod 644 $oldlib' + _LT_TAGVAR(postlink_cmds, $1)='lt_outputfile="@OUTPUT@"~ + lt_tool_outputfile="@TOOL_OUTPUT@"~ + case $lt_outputfile in + *.exe|*.EXE) ;; + *) + lt_outputfile="$lt_outputfile.exe" + lt_tool_outputfile="$lt_tool_outputfile.exe" + ;; + esac~ + if test "$MANIFEST_TOOL" != ":" && test -f "$lt_outputfile.manifest"; then + $MANIFEST_TOOL -manifest "$lt_tool_outputfile.manifest" -outputresource:"$lt_tool_outputfile" || exit 1; + $RM "$lt_outputfile.manifest"; + fi' + ;; + *) + # Assume MSVC wrapper + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=' ' + _LT_TAGVAR(allow_undefined_flag, $1)=unsupported + # Tell ltmain to make .lib files, not .a files. + libext=lib + # Tell ltmain to make .dll files, not .so files. + shrext_cmds=".dll" + # FIXME: Setting linknames here is a bad hack. + _LT_TAGVAR(archive_cmds, $1)='$CC -o $lib $libobjs $compiler_flags `func_echo_all "$deplibs" | $SED '\''s/ -lc$//'\''` -link -dll~linknames=' + # The linker will automatically build a .lib file if we build a DLL. + _LT_TAGVAR(old_archive_from_new_cmds, $1)='true' + # FIXME: Should let the user specify the lib program. + _LT_TAGVAR(old_archive_cmds, $1)='lib -OUT:$oldlib$oldobjs$old_deplibs' + _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes + ;; + esac + ;; + + darwin* | rhapsody*) + _LT_DARWIN_LINKER_FEATURES($1) + ;; + + dgux*) + _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + ;; + + # FreeBSD 2.2.[012] allows us to include c++rt0.o to get C++ constructor + # support. Future versions do this automatically, but an explicit c++rt0.o + # does not break anything, and helps significantly (at the cost of a little + # extra space). + freebsd2.2*) + _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags /usr/lib/c++rt0.o' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' + _LT_TAGVAR(hardcode_direct, $1)=yes + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + ;; + + # Unfortunately, older versions of FreeBSD 2 do not have this feature. + freebsd2.*) + _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' + _LT_TAGVAR(hardcode_direct, $1)=yes + _LT_TAGVAR(hardcode_minus_L, $1)=yes + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + ;; + + # FreeBSD 3 and greater uses gcc -shared to do shared libraries. + freebsd* | dragonfly*) + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' + _LT_TAGVAR(hardcode_direct, $1)=yes + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + ;; + + hpux9*) + if test "$GCC" = yes; then + _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$CC -shared $pic_flag ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $libobjs $deplibs $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib' + else + _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$LD -b +b $install_libdir -o $output_objdir/$soname $libobjs $deplibs $linker_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib' + fi + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir' + _LT_TAGVAR(hardcode_libdir_separator, $1)=: + _LT_TAGVAR(hardcode_direct, $1)=yes + + # hardcode_minus_L: Not really in the search PATH, + # but as the default location of the library. + _LT_TAGVAR(hardcode_minus_L, $1)=yes + _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' + ;; + + hpux10*) + if test "$GCC" = yes && test "$with_gnu_ld" = no; then + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags' + else + _LT_TAGVAR(archive_cmds, $1)='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags' + fi + if test "$with_gnu_ld" = no; then + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir' + _LT_TAGVAR(hardcode_libdir_separator, $1)=: + _LT_TAGVAR(hardcode_direct, $1)=yes + _LT_TAGVAR(hardcode_direct_absolute, $1)=yes + _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' + # hardcode_minus_L: Not really in the search PATH, + # but as the default location of the library. + _LT_TAGVAR(hardcode_minus_L, $1)=yes + fi + ;; + + hpux11*) + if test "$GCC" = yes && test "$with_gnu_ld" = no; then + case $host_cpu in + hppa*64*) + _LT_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags' + ;; + ia64*) + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags' + ;; + *) + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags' + ;; + esac + else + case $host_cpu in + hppa*64*) + _LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags' + ;; + ia64*) + _LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags' + ;; + *) + m4_if($1, [], [ + # Older versions of the 11.00 compiler do not understand -b yet + # (HP92453-01 A.11.01.20 doesn't, HP92453-01 B.11.X.35175-35176.GP does) + _LT_LINKER_OPTION([if $CC understands -b], + _LT_TAGVAR(lt_cv_prog_compiler__b, $1), [-b], + [_LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags'], + [_LT_TAGVAR(archive_cmds, $1)='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags'])], + [_LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags']) + ;; + esac + fi + if test "$with_gnu_ld" = no; then + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir' + _LT_TAGVAR(hardcode_libdir_separator, $1)=: + + case $host_cpu in + hppa*64*|ia64*) + _LT_TAGVAR(hardcode_direct, $1)=no + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + ;; + *) + _LT_TAGVAR(hardcode_direct, $1)=yes + _LT_TAGVAR(hardcode_direct_absolute, $1)=yes + _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' + + # hardcode_minus_L: Not really in the search PATH, + # but as the default location of the library. + _LT_TAGVAR(hardcode_minus_L, $1)=yes + ;; + esac + fi + ;; + + irix5* | irix6* | nonstopux*) + if test "$GCC" = yes; then + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' + # Try to use the -exported_symbol ld option, if it does not + # work, assume that -exports_file does not work either and + # implicitly export all symbols. + # This should be the same for all languages, so no per-tag cache variable. + AC_CACHE_CHECK([whether the $host_os linker accepts -exported_symbol], + [lt_cv_irix_exported_symbol], + [save_LDFLAGS="$LDFLAGS" + LDFLAGS="$LDFLAGS -shared ${wl}-exported_symbol ${wl}foo ${wl}-update_registry ${wl}/dev/null" + AC_LINK_IFELSE( + [AC_LANG_SOURCE( + [AC_LANG_CASE([C], [[int foo (void) { return 0; }]], + [C++], [[int foo (void) { return 0; }]], + [Fortran 77], [[ + subroutine foo + end]], + [Fortran], [[ + subroutine foo + end]])])], + [lt_cv_irix_exported_symbol=yes], + [lt_cv_irix_exported_symbol=no]) + LDFLAGS="$save_LDFLAGS"]) + if test "$lt_cv_irix_exported_symbol" = yes; then + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations ${wl}-exports_file ${wl}$export_symbols -o $lib' + fi + else + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -exports_file $export_symbols -o $lib' + fi + _LT_TAGVAR(archive_cmds_need_lc, $1)='no' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' + _LT_TAGVAR(hardcode_libdir_separator, $1)=: + _LT_TAGVAR(inherit_rpath, $1)=yes + _LT_TAGVAR(link_all_deplibs, $1)=yes + ;; + + netbsd*) + if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then + _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' # a.out + else + _LT_TAGVAR(archive_cmds, $1)='$LD -shared -o $lib $libobjs $deplibs $linker_flags' # ELF + fi + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' + _LT_TAGVAR(hardcode_direct, $1)=yes + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + ;; + + newsos6) + _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' + _LT_TAGVAR(hardcode_direct, $1)=yes + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' + _LT_TAGVAR(hardcode_libdir_separator, $1)=: + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + ;; + + *nto* | *qnx*) + ;; + + openbsd*) + if test -f /usr/libexec/ld.so; then + _LT_TAGVAR(hardcode_direct, $1)=yes + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + _LT_TAGVAR(hardcode_direct_absolute, $1)=yes + if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-retain-symbols-file,$export_symbols' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' + else + case $host_os in + openbsd[[01]].* | openbsd2.[[0-7]] | openbsd2.[[0-7]].*) + _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' + ;; + *) + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' + ;; + esac + fi + else + _LT_TAGVAR(ld_shlibs, $1)=no + fi + ;; + + os2*) + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' + _LT_TAGVAR(hardcode_minus_L, $1)=yes + _LT_TAGVAR(allow_undefined_flag, $1)=unsupported + _LT_TAGVAR(archive_cmds, $1)='$ECHO "LIBRARY $libname INITINSTANCE" > $output_objdir/$libname.def~$ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~echo DATA >> $output_objdir/$libname.def~echo " SINGLE NONSHARED" >> $output_objdir/$libname.def~echo EXPORTS >> $output_objdir/$libname.def~emxexp $libobjs >> $output_objdir/$libname.def~$CC -Zdll -Zcrtdll -o $lib $libobjs $deplibs $compiler_flags $output_objdir/$libname.def' + _LT_TAGVAR(old_archive_from_new_cmds, $1)='emximp -o $output_objdir/$libname.a $output_objdir/$libname.def' + ;; + + osf3*) + if test "$GCC" = yes; then + _LT_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' + else + _LT_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib' + fi + _LT_TAGVAR(archive_cmds_need_lc, $1)='no' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' + _LT_TAGVAR(hardcode_libdir_separator, $1)=: + ;; + + osf4* | osf5*) # as osf3* with the addition of -msym flag + if test "$GCC" = yes; then + _LT_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $pic_flag $libobjs $deplibs $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' + else + _LT_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags -msym -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done; printf "%s\\n" "-hidden">> $lib.exp~ + $CC -shared${allow_undefined_flag} ${wl}-input ${wl}$lib.exp $compiler_flags $libobjs $deplibs -soname $soname `test -n "$verstring" && $ECHO "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib~$RM $lib.exp' + + # Both c and cxx compiler support -rpath directly + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir' + fi + _LT_TAGVAR(archive_cmds_need_lc, $1)='no' + _LT_TAGVAR(hardcode_libdir_separator, $1)=: + ;; + + solaris*) + _LT_TAGVAR(no_undefined_flag, $1)=' -z defs' + if test "$GCC" = yes; then + wlarc='${wl}' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag ${wl}-z ${wl}text ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ + $CC -shared $pic_flag ${wl}-z ${wl}text ${wl}-M ${wl}$lib.exp ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp' + else + case `$CC -V 2>&1` in + *"Compilers 5.0"*) + wlarc='' + _LT_TAGVAR(archive_cmds, $1)='$LD -G${allow_undefined_flag} -h $soname -o $lib $libobjs $deplibs $linker_flags' + _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ + $LD -G${allow_undefined_flag} -M $lib.exp -h $soname -o $lib $libobjs $deplibs $linker_flags~$RM $lib.exp' + ;; + *) + wlarc='${wl}' + _LT_TAGVAR(archive_cmds, $1)='$CC -G${allow_undefined_flag} -h $soname -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ + $CC -G${allow_undefined_flag} -M $lib.exp -h $soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp' + ;; + esac + fi + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + case $host_os in + solaris2.[[0-5]] | solaris2.[[0-5]].*) ;; + *) + # The compiler driver will combine and reorder linker options, + # but understands `-z linker_flag'. GCC discards it without `$wl', + # but is careful enough not to reorder. + # Supported since Solaris 2.6 (maybe 2.5.1?) + if test "$GCC" = yes; then + _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}-z ${wl}allextract$convenience ${wl}-z ${wl}defaultextract' + else + _LT_TAGVAR(whole_archive_flag_spec, $1)='-z allextract$convenience -z defaultextract' + fi + ;; + esac + _LT_TAGVAR(link_all_deplibs, $1)=yes + ;; + + sunos4*) + if test "x$host_vendor" = xsequent; then + # Use $CC to link under sequent, because it throws in some extra .o + # files that make .init and .fini sections work. + _LT_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h $soname -o $lib $libobjs $deplibs $compiler_flags' + else + _LT_TAGVAR(archive_cmds, $1)='$LD -assert pure-text -Bstatic -o $lib $libobjs $deplibs $linker_flags' + fi + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' + _LT_TAGVAR(hardcode_direct, $1)=yes + _LT_TAGVAR(hardcode_minus_L, $1)=yes + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + ;; + + sysv4) + case $host_vendor in + sni) + _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' + _LT_TAGVAR(hardcode_direct, $1)=yes # is this really true??? + ;; + siemens) + ## LD is ld it makes a PLAMLIB + ## CC just makes a GrossModule. + _LT_TAGVAR(archive_cmds, $1)='$LD -G -o $lib $libobjs $deplibs $linker_flags' + _LT_TAGVAR(reload_cmds, $1)='$CC -r -o $output$reload_objs' + _LT_TAGVAR(hardcode_direct, $1)=no + ;; + motorola) + _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' + _LT_TAGVAR(hardcode_direct, $1)=no #Motorola manual says yes, but my tests say they lie + ;; + esac + runpath_var='LD_RUN_PATH' + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + ;; + + sysv4.3*) + _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + _LT_TAGVAR(export_dynamic_flag_spec, $1)='-Bexport' + ;; + + sysv4*MP*) + if test -d /usr/nec; then + _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + runpath_var=LD_RUN_PATH + hardcode_runpath_var=yes + _LT_TAGVAR(ld_shlibs, $1)=yes + fi + ;; + + sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[[01]].[[10]]* | unixware7* | sco3.2v5.0.[[024]]*) + _LT_TAGVAR(no_undefined_flag, $1)='${wl}-z,text' + _LT_TAGVAR(archive_cmds_need_lc, $1)=no + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + runpath_var='LD_RUN_PATH' + + if test "$GCC" = yes; then + _LT_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + else + _LT_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + fi + ;; + + sysv5* | sco3.2v5* | sco5v6*) + # Note: We can NOT use -z defs as we might desire, because we do not + # link with -lc, and that would cause any symbols used from libc to + # always be unresolved, which means just about no library would + # ever link correctly. If we're not using GNU ld we use -z text + # though, which does catch some bad symbols but isn't as heavy-handed + # as -z defs. + _LT_TAGVAR(no_undefined_flag, $1)='${wl}-z,text' + _LT_TAGVAR(allow_undefined_flag, $1)='${wl}-z,nodefs' + _LT_TAGVAR(archive_cmds_need_lc, $1)=no + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-R,$libdir' + _LT_TAGVAR(hardcode_libdir_separator, $1)=':' + _LT_TAGVAR(link_all_deplibs, $1)=yes + _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-Bexport' + runpath_var='LD_RUN_PATH' + + if test "$GCC" = yes; then + _LT_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + else + _LT_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + fi + ;; + + uts4*) + _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + ;; + + *) + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + esac + + if test x$host_vendor = xsni; then + case $host in + sysv4 | sysv4.2uw2* | sysv4.3* | sysv5*) + _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-Blargedynsym' + ;; + esac + fi + fi +]) +AC_MSG_RESULT([$_LT_TAGVAR(ld_shlibs, $1)]) +test "$_LT_TAGVAR(ld_shlibs, $1)" = no && can_build_shared=no + +_LT_TAGVAR(with_gnu_ld, $1)=$with_gnu_ld + +_LT_DECL([], [libext], [0], [Old archive suffix (normally "a")])dnl +_LT_DECL([], [shrext_cmds], [1], [Shared library suffix (normally ".so")])dnl +_LT_DECL([], [extract_expsyms_cmds], [2], + [The commands to extract the exported symbol list from a shared archive]) + +# +# Do we need to explicitly link libc? +# +case "x$_LT_TAGVAR(archive_cmds_need_lc, $1)" in +x|xyes) + # Assume -lc should be added + _LT_TAGVAR(archive_cmds_need_lc, $1)=yes + + if test "$enable_shared" = yes && test "$GCC" = yes; then + case $_LT_TAGVAR(archive_cmds, $1) in + *'~'*) + # FIXME: we may have to deal with multi-command sequences. + ;; + '$CC '*) + # Test whether the compiler implicitly links with -lc since on some + # systems, -lgcc has to come before -lc. If gcc already passes -lc + # to ld, don't add -lc before -lgcc. + AC_CACHE_CHECK([whether -lc should be explicitly linked in], + [lt_cv_]_LT_TAGVAR(archive_cmds_need_lc, $1), + [$RM conftest* + echo "$lt_simple_compile_test_code" > conftest.$ac_ext + + if AC_TRY_EVAL(ac_compile) 2>conftest.err; then + soname=conftest + lib=conftest + libobjs=conftest.$ac_objext + deplibs= + wl=$_LT_TAGVAR(lt_prog_compiler_wl, $1) + pic_flag=$_LT_TAGVAR(lt_prog_compiler_pic, $1) + compiler_flags=-v + linker_flags=-v + verstring= + output_objdir=. + libname=conftest + lt_save_allow_undefined_flag=$_LT_TAGVAR(allow_undefined_flag, $1) + _LT_TAGVAR(allow_undefined_flag, $1)= + if AC_TRY_EVAL(_LT_TAGVAR(archive_cmds, $1) 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1) + then + lt_cv_[]_LT_TAGVAR(archive_cmds_need_lc, $1)=no + else + lt_cv_[]_LT_TAGVAR(archive_cmds_need_lc, $1)=yes + fi + _LT_TAGVAR(allow_undefined_flag, $1)=$lt_save_allow_undefined_flag + else + cat conftest.err 1>&5 + fi + $RM conftest* + ]) + _LT_TAGVAR(archive_cmds_need_lc, $1)=$lt_cv_[]_LT_TAGVAR(archive_cmds_need_lc, $1) + ;; + esac + fi + ;; +esac + +_LT_TAGDECL([build_libtool_need_lc], [archive_cmds_need_lc], [0], + [Whether or not to add -lc for building shared libraries]) +_LT_TAGDECL([allow_libtool_libs_with_static_runtimes], + [enable_shared_with_static_runtimes], [0], + [Whether or not to disallow shared libs when runtime libs are static]) +_LT_TAGDECL([], [export_dynamic_flag_spec], [1], + [Compiler flag to allow reflexive dlopens]) +_LT_TAGDECL([], [whole_archive_flag_spec], [1], + [Compiler flag to generate shared objects directly from archives]) +_LT_TAGDECL([], [compiler_needs_object], [1], + [Whether the compiler copes with passing no objects directly]) +_LT_TAGDECL([], [old_archive_from_new_cmds], [2], + [Create an old-style archive from a shared archive]) +_LT_TAGDECL([], [old_archive_from_expsyms_cmds], [2], + [Create a temporary old-style archive to link instead of a shared archive]) +_LT_TAGDECL([], [archive_cmds], [2], [Commands used to build a shared archive]) +_LT_TAGDECL([], [archive_expsym_cmds], [2]) +_LT_TAGDECL([], [module_cmds], [2], + [Commands used to build a loadable module if different from building + a shared archive.]) +_LT_TAGDECL([], [module_expsym_cmds], [2]) +_LT_TAGDECL([], [with_gnu_ld], [1], + [Whether we are building with GNU ld or not]) +_LT_TAGDECL([], [allow_undefined_flag], [1], + [Flag that allows shared libraries with undefined symbols to be built]) +_LT_TAGDECL([], [no_undefined_flag], [1], + [Flag that enforces no undefined symbols]) +_LT_TAGDECL([], [hardcode_libdir_flag_spec], [1], + [Flag to hardcode $libdir into a binary during linking. + This must work even if $libdir does not exist]) +_LT_TAGDECL([], [hardcode_libdir_separator], [1], + [Whether we need a single "-rpath" flag with a separated argument]) +_LT_TAGDECL([], [hardcode_direct], [0], + [Set to "yes" if using DIR/libNAME${shared_ext} during linking hardcodes + DIR into the resulting binary]) +_LT_TAGDECL([], [hardcode_direct_absolute], [0], + [Set to "yes" if using DIR/libNAME${shared_ext} during linking hardcodes + DIR into the resulting binary and the resulting library dependency is + "absolute", i.e impossible to change by setting ${shlibpath_var} if the + library is relocated]) +_LT_TAGDECL([], [hardcode_minus_L], [0], + [Set to "yes" if using the -LDIR flag during linking hardcodes DIR + into the resulting binary]) +_LT_TAGDECL([], [hardcode_shlibpath_var], [0], + [Set to "yes" if using SHLIBPATH_VAR=DIR during linking hardcodes DIR + into the resulting binary]) +_LT_TAGDECL([], [hardcode_automatic], [0], + [Set to "yes" if building a shared library automatically hardcodes DIR + into the library and all subsequent libraries and executables linked + against it]) +_LT_TAGDECL([], [inherit_rpath], [0], + [Set to yes if linker adds runtime paths of dependent libraries + to runtime path list]) +_LT_TAGDECL([], [link_all_deplibs], [0], + [Whether libtool must link a program against all its dependency libraries]) +_LT_TAGDECL([], [always_export_symbols], [0], + [Set to "yes" if exported symbols are required]) +_LT_TAGDECL([], [export_symbols_cmds], [2], + [The commands to list exported symbols]) +_LT_TAGDECL([], [exclude_expsyms], [1], + [Symbols that should not be listed in the preloaded symbols]) +_LT_TAGDECL([], [include_expsyms], [1], + [Symbols that must always be exported]) +_LT_TAGDECL([], [prelink_cmds], [2], + [Commands necessary for linking programs (against libraries) with templates]) +_LT_TAGDECL([], [postlink_cmds], [2], + [Commands necessary for finishing linking programs]) +_LT_TAGDECL([], [file_list_spec], [1], + [Specify filename containing input files]) +dnl FIXME: Not yet implemented +dnl _LT_TAGDECL([], [thread_safe_flag_spec], [1], +dnl [Compiler flag to generate thread safe objects]) +])# _LT_LINKER_SHLIBS + + +# _LT_LANG_C_CONFIG([TAG]) +# ------------------------ +# Ensure that the configuration variables for a C compiler are suitably +# defined. These variables are subsequently used by _LT_CONFIG to write +# the compiler configuration to `libtool'. +m4_defun([_LT_LANG_C_CONFIG], +[m4_require([_LT_DECL_EGREP])dnl +lt_save_CC="$CC" +AC_LANG_PUSH(C) + +# Source file extension for C test sources. +ac_ext=c + +# Object file extension for compiled C test sources. +objext=o +_LT_TAGVAR(objext, $1)=$objext + +# Code to be used in simple compile tests +lt_simple_compile_test_code="int some_variable = 0;" + +# Code to be used in simple link tests +lt_simple_link_test_code='int main(){return(0);}' + +_LT_TAG_COMPILER +# Save the default compiler, since it gets overwritten when the other +# tags are being tested, and _LT_TAGVAR(compiler, []) is a NOP. +compiler_DEFAULT=$CC + +# save warnings/boilerplate of simple test code +_LT_COMPILER_BOILERPLATE +_LT_LINKER_BOILERPLATE + +if test -n "$compiler"; then + _LT_COMPILER_NO_RTTI($1) + _LT_COMPILER_PIC($1) + _LT_COMPILER_C_O($1) + _LT_COMPILER_FILE_LOCKS($1) + _LT_LINKER_SHLIBS($1) + _LT_SYS_DYNAMIC_LINKER($1) + _LT_LINKER_HARDCODE_LIBPATH($1) + LT_SYS_DLOPEN_SELF + _LT_CMD_STRIPLIB + + # Report which library types will actually be built + AC_MSG_CHECKING([if libtool supports shared libraries]) + AC_MSG_RESULT([$can_build_shared]) + + AC_MSG_CHECKING([whether to build shared libraries]) + test "$can_build_shared" = "no" && enable_shared=no + + # On AIX, shared libraries and static libraries use the same namespace, and + # are all built from PIC. + case $host_os in + aix3*) + test "$enable_shared" = yes && enable_static=no + if test -n "$RANLIB"; then + archive_cmds="$archive_cmds~\$RANLIB \$lib" + postinstall_cmds='$RANLIB $lib' + fi + ;; + + aix[[4-9]]*) + if test "$host_cpu" != ia64 && test "$aix_use_runtimelinking" = no ; then + test "$enable_shared" = yes && enable_static=no + fi + ;; + esac + AC_MSG_RESULT([$enable_shared]) + + AC_MSG_CHECKING([whether to build static libraries]) + # Make sure either enable_shared or enable_static is yes. + test "$enable_shared" = yes || enable_static=yes + AC_MSG_RESULT([$enable_static]) + + _LT_CONFIG($1) +fi +AC_LANG_POP +CC="$lt_save_CC" +])# _LT_LANG_C_CONFIG + + +# _LT_LANG_CXX_CONFIG([TAG]) +# -------------------------- +# Ensure that the configuration variables for a C++ compiler are suitably +# defined. These variables are subsequently used by _LT_CONFIG to write +# the compiler configuration to `libtool'. +m4_defun([_LT_LANG_CXX_CONFIG], +[m4_require([_LT_FILEUTILS_DEFAULTS])dnl +m4_require([_LT_DECL_EGREP])dnl +m4_require([_LT_PATH_MANIFEST_TOOL])dnl +if test -n "$CXX" && ( test "X$CXX" != "Xno" && + ( (test "X$CXX" = "Xg++" && `g++ -v >/dev/null 2>&1` ) || + (test "X$CXX" != "Xg++"))) ; then + AC_PROG_CXXCPP +else + _lt_caught_CXX_error=yes +fi + +AC_LANG_PUSH(C++) +_LT_TAGVAR(archive_cmds_need_lc, $1)=no +_LT_TAGVAR(allow_undefined_flag, $1)= +_LT_TAGVAR(always_export_symbols, $1)=no +_LT_TAGVAR(archive_expsym_cmds, $1)= +_LT_TAGVAR(compiler_needs_object, $1)=no +_LT_TAGVAR(export_dynamic_flag_spec, $1)= +_LT_TAGVAR(hardcode_direct, $1)=no +_LT_TAGVAR(hardcode_direct_absolute, $1)=no +_LT_TAGVAR(hardcode_libdir_flag_spec, $1)= +_LT_TAGVAR(hardcode_libdir_separator, $1)= +_LT_TAGVAR(hardcode_minus_L, $1)=no +_LT_TAGVAR(hardcode_shlibpath_var, $1)=unsupported +_LT_TAGVAR(hardcode_automatic, $1)=no +_LT_TAGVAR(inherit_rpath, $1)=no +_LT_TAGVAR(module_cmds, $1)= +_LT_TAGVAR(module_expsym_cmds, $1)= +_LT_TAGVAR(link_all_deplibs, $1)=unknown +_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds +_LT_TAGVAR(reload_flag, $1)=$reload_flag +_LT_TAGVAR(reload_cmds, $1)=$reload_cmds +_LT_TAGVAR(no_undefined_flag, $1)= +_LT_TAGVAR(whole_archive_flag_spec, $1)= +_LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no + +# Source file extension for C++ test sources. +ac_ext=cpp + +# Object file extension for compiled C++ test sources. +objext=o +_LT_TAGVAR(objext, $1)=$objext + +# No sense in running all these tests if we already determined that +# the CXX compiler isn't working. Some variables (like enable_shared) +# are currently assumed to apply to all compilers on this platform, +# and will be corrupted by setting them based on a non-working compiler. +if test "$_lt_caught_CXX_error" != yes; then + # Code to be used in simple compile tests + lt_simple_compile_test_code="int some_variable = 0;" + + # Code to be used in simple link tests + lt_simple_link_test_code='int main(int, char *[[]]) { return(0); }' + + # ltmain only uses $CC for tagged configurations so make sure $CC is set. + _LT_TAG_COMPILER + + # save warnings/boilerplate of simple test code + _LT_COMPILER_BOILERPLATE + _LT_LINKER_BOILERPLATE + + # Allow CC to be a program name with arguments. + lt_save_CC=$CC + lt_save_CFLAGS=$CFLAGS + lt_save_LD=$LD + lt_save_GCC=$GCC + GCC=$GXX + lt_save_with_gnu_ld=$with_gnu_ld + lt_save_path_LD=$lt_cv_path_LD + if test -n "${lt_cv_prog_gnu_ldcxx+set}"; then + lt_cv_prog_gnu_ld=$lt_cv_prog_gnu_ldcxx + else + $as_unset lt_cv_prog_gnu_ld + fi + if test -n "${lt_cv_path_LDCXX+set}"; then + lt_cv_path_LD=$lt_cv_path_LDCXX + else + $as_unset lt_cv_path_LD + fi + test -z "${LDCXX+set}" || LD=$LDCXX + CC=${CXX-"c++"} + CFLAGS=$CXXFLAGS + compiler=$CC + _LT_TAGVAR(compiler, $1)=$CC + _LT_CC_BASENAME([$compiler]) + + if test -n "$compiler"; then + # We don't want -fno-exception when compiling C++ code, so set the + # no_builtin_flag separately + if test "$GXX" = yes; then + _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=' -fno-builtin' + else + _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)= + fi + + if test "$GXX" = yes; then + # Set up default GNU C++ configuration + + LT_PATH_LD + + # Check if GNU C++ uses GNU ld as the underlying linker, since the + # archiving commands below assume that GNU ld is being used. + if test "$with_gnu_ld" = yes; then + _LT_TAGVAR(archive_cmds, $1)='$CC $pic_flag -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC $pic_flag -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' + + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic' + + # If archive_cmds runs LD, not CC, wlarc should be empty + # XXX I think wlarc can be eliminated in ltcf-cxx, but I need to + # investigate it a little bit more. (MM) + wlarc='${wl}' + + # ancient GNU ld didn't support --whole-archive et. al. + if eval "`$CC -print-prog-name=ld` --help 2>&1" | + $GREP 'no-whole-archive' > /dev/null; then + _LT_TAGVAR(whole_archive_flag_spec, $1)="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive' + else + _LT_TAGVAR(whole_archive_flag_spec, $1)= + fi + else + with_gnu_ld=no + wlarc= + + # A generic and very simple default shared library creation + # command for GNU C++ for the case where it uses the native + # linker, instead of GNU ld. If possible, this setting should + # overridden to take advantage of the native linker features on + # the platform it is being used on. + _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $lib' + fi + + # Commands to make compiler produce verbose output that lists + # what "hidden" libraries, object files and flags are used when + # linking a shared library. + output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"' + + else + GXX=no + with_gnu_ld=no + wlarc= + fi + + # PORTME: fill in a description of your system's C++ link characteristics + AC_MSG_CHECKING([whether the $compiler linker ($LD) supports shared libraries]) + _LT_TAGVAR(ld_shlibs, $1)=yes + case $host_os in + aix3*) + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + aix[[4-9]]*) + if test "$host_cpu" = ia64; then + # On IA64, the linker does run time linking by default, so we don't + # have to do anything special. + aix_use_runtimelinking=no + exp_sym_flag='-Bexport' + no_entry_flag="" + else + aix_use_runtimelinking=no + + # Test if we are trying to use run time linking or normal + # AIX style linking. If -brtl is somewhere in LDFLAGS, we + # need to do runtime linking. + case $host_os in aix4.[[23]]|aix4.[[23]].*|aix[[5-9]]*) + for ld_flag in $LDFLAGS; do + case $ld_flag in + *-brtl*) + aix_use_runtimelinking=yes + break + ;; + esac + done + ;; + esac + + exp_sym_flag='-bexport' + no_entry_flag='-bnoentry' + fi + + # When large executables or shared objects are built, AIX ld can + # have problems creating the table of contents. If linking a library + # or program results in "error TOC overflow" add -mminimal-toc to + # CXXFLAGS/CFLAGS for g++/gcc. In the cases where that is not + # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS. + + _LT_TAGVAR(archive_cmds, $1)='' + _LT_TAGVAR(hardcode_direct, $1)=yes + _LT_TAGVAR(hardcode_direct_absolute, $1)=yes + _LT_TAGVAR(hardcode_libdir_separator, $1)=':' + _LT_TAGVAR(link_all_deplibs, $1)=yes + _LT_TAGVAR(file_list_spec, $1)='${wl}-f,' + + if test "$GXX" = yes; then + case $host_os in aix4.[[012]]|aix4.[[012]].*) + # We only want to do this on AIX 4.2 and lower, the check + # below for broken collect2 doesn't work under 4.3+ + collect2name=`${CC} -print-prog-name=collect2` + if test -f "$collect2name" && + strings "$collect2name" | $GREP resolve_lib_name >/dev/null + then + # We have reworked collect2 + : + else + # We have old collect2 + _LT_TAGVAR(hardcode_direct, $1)=unsupported + # It fails to find uninstalled libraries when the uninstalled + # path is not listed in the libpath. Setting hardcode_minus_L + # to unsupported forces relinking + _LT_TAGVAR(hardcode_minus_L, $1)=yes + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' + _LT_TAGVAR(hardcode_libdir_separator, $1)= + fi + esac + shared_flag='-shared' + if test "$aix_use_runtimelinking" = yes; then + shared_flag="$shared_flag "'${wl}-G' + fi + else + # not using gcc + if test "$host_cpu" = ia64; then + # VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release + # chokes on -Wl,-G. The following line is correct: + shared_flag='-G' + else + if test "$aix_use_runtimelinking" = yes; then + shared_flag='${wl}-G' + else + shared_flag='${wl}-bM:SRE' + fi + fi + fi + + _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-bexpall' + # It seems that -bexpall does not export symbols beginning with + # underscore (_), so it is better to generate a list of symbols to + # export. + _LT_TAGVAR(always_export_symbols, $1)=yes + if test "$aix_use_runtimelinking" = yes; then + # Warning - without using the other runtime loading flags (-brtl), + # -berok will link without error, but may produce a broken library. + _LT_TAGVAR(allow_undefined_flag, $1)='-berok' + # Determine the default libpath from the value encoded in an empty + # executable. + _LT_SYS_MODULE_PATH_AIX([$1]) + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-blibpath:$libdir:'"$aix_libpath" + + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then func_echo_all "${wl}${allow_undefined_flag}"; else :; fi` '"\${wl}$exp_sym_flag:\$export_symbols $shared_flag" + else + if test "$host_cpu" = ia64; then + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-R $libdir:/usr/lib:/lib' + _LT_TAGVAR(allow_undefined_flag, $1)="-z nodefs" + _LT_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags ${wl}${allow_undefined_flag} '"\${wl}$exp_sym_flag:\$export_symbols" + else + # Determine the default libpath from the value encoded in an + # empty executable. + _LT_SYS_MODULE_PATH_AIX([$1]) + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-blibpath:$libdir:'"$aix_libpath" + # Warning - without using the other run time loading flags, + # -berok will link without error, but may produce a broken library. + _LT_TAGVAR(no_undefined_flag, $1)=' ${wl}-bernotok' + _LT_TAGVAR(allow_undefined_flag, $1)=' ${wl}-berok' + if test "$with_gnu_ld" = yes; then + # We only use this code for GNU lds that support --whole-archive. + _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive$convenience ${wl}--no-whole-archive' + else + # Exported symbols can be pulled into shared objects from archives + _LT_TAGVAR(whole_archive_flag_spec, $1)='$convenience' + fi + _LT_TAGVAR(archive_cmds_need_lc, $1)=yes + # This is similar to how AIX traditionally builds its shared + # libraries. + _LT_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs ${wl}-bnoentry $compiler_flags ${wl}-bE:$export_symbols${allow_undefined_flag}~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$soname' + fi + fi + ;; + + beos*) + if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then + _LT_TAGVAR(allow_undefined_flag, $1)=unsupported + # Joseph Beckenbach says some releases of gcc + # support --undefined. This deserves some investigation. FIXME + _LT_TAGVAR(archive_cmds, $1)='$CC -nostart $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + else + _LT_TAGVAR(ld_shlibs, $1)=no + fi + ;; + + chorus*) + case $cc_basename in + *) + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + esac + ;; + + cygwin* | mingw* | pw32* | cegcc*) + case $GXX,$cc_basename in + ,cl* | no,cl*) + # Native MSVC + # hardcode_libdir_flag_spec is actually meaningless, as there is + # no search path for DLLs. + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=' ' + _LT_TAGVAR(allow_undefined_flag, $1)=unsupported + _LT_TAGVAR(always_export_symbols, $1)=yes + _LT_TAGVAR(file_list_spec, $1)='@' + # Tell ltmain to make .lib files, not .a files. + libext=lib + # Tell ltmain to make .dll files, not .so files. + shrext_cmds=".dll" + # FIXME: Setting linknames here is a bad hack. + _LT_TAGVAR(archive_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $compiler_flags $deplibs -Wl,-dll~linknames=' + _LT_TAGVAR(archive_expsym_cmds, $1)='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then + $SED -n -e 's/\\\\\\\(.*\\\\\\\)/-link\\\ -EXPORT:\\\\\\\1/' -e '1\\\!p' < $export_symbols > $output_objdir/$soname.exp; + else + $SED -e 's/\\\\\\\(.*\\\\\\\)/-link\\\ -EXPORT:\\\\\\\1/' < $export_symbols > $output_objdir/$soname.exp; + fi~ + $CC -o $tool_output_objdir$soname $libobjs $compiler_flags $deplibs "@$tool_output_objdir$soname.exp" -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~ + linknames=' + # The linker will not automatically build a static lib if we build a DLL. + # _LT_TAGVAR(old_archive_from_new_cmds, $1)='true' + _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes + # Don't use ranlib + _LT_TAGVAR(old_postinstall_cmds, $1)='chmod 644 $oldlib' + _LT_TAGVAR(postlink_cmds, $1)='lt_outputfile="@OUTPUT@"~ + lt_tool_outputfile="@TOOL_OUTPUT@"~ + case $lt_outputfile in + *.exe|*.EXE) ;; + *) + lt_outputfile="$lt_outputfile.exe" + lt_tool_outputfile="$lt_tool_outputfile.exe" + ;; + esac~ + func_to_tool_file "$lt_outputfile"~ + if test "$MANIFEST_TOOL" != ":" && test -f "$lt_outputfile.manifest"; then + $MANIFEST_TOOL -manifest "$lt_tool_outputfile.manifest" -outputresource:"$lt_tool_outputfile" || exit 1; + $RM "$lt_outputfile.manifest"; + fi' + ;; + *) + # g++ + # _LT_TAGVAR(hardcode_libdir_flag_spec, $1) is actually meaningless, + # as there is no search path for DLLs. + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-all-symbols' + _LT_TAGVAR(allow_undefined_flag, $1)=unsupported + _LT_TAGVAR(always_export_symbols, $1)=no + _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes + + if $LD --help 2>&1 | $GREP 'auto-import' > /dev/null; then + _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' + # If the export-symbols file already is a .def file (1st line + # is EXPORTS), use it as is; otherwise, prepend... + _LT_TAGVAR(archive_expsym_cmds, $1)='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then + cp $export_symbols $output_objdir/$soname.def; + else + echo EXPORTS > $output_objdir/$soname.def; + cat $export_symbols >> $output_objdir/$soname.def; + fi~ + $CC -shared -nostdlib $output_objdir/$soname.def $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' + else + _LT_TAGVAR(ld_shlibs, $1)=no + fi + ;; + esac + ;; + darwin* | rhapsody*) + _LT_DARWIN_LINKER_FEATURES($1) + ;; + + dgux*) + case $cc_basename in + ec++*) + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + ghcx*) + # Green Hills C++ Compiler + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + *) + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + esac + ;; + + freebsd2.*) + # C++ shared libraries reported to be fairly broken before + # switch to ELF + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + + freebsd-elf*) + _LT_TAGVAR(archive_cmds_need_lc, $1)=no + ;; + + freebsd* | dragonfly*) + # FreeBSD 3 and later use GNU C++ and GNU ld with standard ELF + # conventions + _LT_TAGVAR(ld_shlibs, $1)=yes + ;; + + gnu*) + ;; + + haiku*) + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + _LT_TAGVAR(link_all_deplibs, $1)=yes + ;; + + hpux9*) + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir' + _LT_TAGVAR(hardcode_libdir_separator, $1)=: + _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' + _LT_TAGVAR(hardcode_direct, $1)=yes + _LT_TAGVAR(hardcode_minus_L, $1)=yes # Not in the search PATH, + # but as the default + # location of the library. + + case $cc_basename in + CC*) + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + aCC*) + _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$CC -b ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib' + # Commands to make compiler produce verbose output that lists + # what "hidden" libraries, object files and flags are used when + # linking a shared library. + # + # There doesn't appear to be a way to prevent this compiler from + # explicitly linking system object files so we need to strip them + # from the output so that they don't get included in the library + # dependencies. + output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $EGREP "\-L"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"' + ;; + *) + if test "$GXX" = yes; then + _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$CC -shared -nostdlib $pic_flag ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib' + else + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + fi + ;; + esac + ;; + + hpux10*|hpux11*) + if test $with_gnu_ld = no; then + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir' + _LT_TAGVAR(hardcode_libdir_separator, $1)=: + + case $host_cpu in + hppa*64*|ia64*) + ;; + *) + _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' + ;; + esac + fi + case $host_cpu in + hppa*64*|ia64*) + _LT_TAGVAR(hardcode_direct, $1)=no + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + ;; + *) + _LT_TAGVAR(hardcode_direct, $1)=yes + _LT_TAGVAR(hardcode_direct_absolute, $1)=yes + _LT_TAGVAR(hardcode_minus_L, $1)=yes # Not in the search PATH, + # but as the default + # location of the library. + ;; + esac + + case $cc_basename in + CC*) + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + aCC*) + case $host_cpu in + hppa*64*) + _LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' + ;; + ia64*) + _LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' + ;; + *) + _LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' + ;; + esac + # Commands to make compiler produce verbose output that lists + # what "hidden" libraries, object files and flags are used when + # linking a shared library. + # + # There doesn't appear to be a way to prevent this compiler from + # explicitly linking system object files so we need to strip them + # from the output so that they don't get included in the library + # dependencies. + output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $GREP "\-L"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"' + ;; + *) + if test "$GXX" = yes; then + if test $with_gnu_ld = no; then + case $host_cpu in + hppa*64*) + _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib -fPIC ${wl}+h ${wl}$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' + ;; + ia64*) + _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $pic_flag ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' + ;; + *) + _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $pic_flag ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' + ;; + esac + fi + else + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + fi + ;; + esac + ;; + + interix[[3-9]]*) + _LT_TAGVAR(hardcode_direct, $1)=no + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' + # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc. + # Instead, shared libraries are loaded at an image base (0x10000000 by + # default) and relocated if they conflict, which is a slow very memory + # consuming and fragmenting process. To avoid this, we pick a random, + # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link + # time. Moving up from 0x10000000 also allows more sbrk(2) space. + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='sed "s,^,_," $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--retain-symbols-file,$output_objdir/$soname.expsym ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' + ;; + irix5* | irix6*) + case $cc_basename in + CC*) + # SGI C++ + _LT_TAGVAR(archive_cmds, $1)='$CC -shared -all -multigot $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib' + + # Archives containing C++ object files must be created using + # "CC -ar", where "CC" is the IRIX C++ compiler. This is + # necessary to make sure instantiated templates are included + # in the archive. + _LT_TAGVAR(old_archive_cmds, $1)='$CC -ar -WR,-u -o $oldlib $oldobjs' + ;; + *) + if test "$GXX" = yes; then + if test "$with_gnu_ld" = no; then + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' + else + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` -o $lib' + fi + fi + _LT_TAGVAR(link_all_deplibs, $1)=yes + ;; + esac + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' + _LT_TAGVAR(hardcode_libdir_separator, $1)=: + _LT_TAGVAR(inherit_rpath, $1)=yes + ;; + + linux* | k*bsd*-gnu | kopensolaris*-gnu) + case $cc_basename in + KCC*) + # Kuck and Associates, Inc. (KAI) C++ Compiler + + # KCC will only create a shared library if the output file + # ends with ".so" (or ".sl" for HP-UX), so rename the library + # to its proper name (with version) after linking. + _LT_TAGVAR(archive_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib ${wl}-retain-symbols-file,$export_symbols; mv \$templib $lib' + # Commands to make compiler produce verbose output that lists + # what "hidden" libraries, object files and flags are used when + # linking a shared library. + # + # There doesn't appear to be a way to prevent this compiler from + # explicitly linking system object files so we need to strip them + # from the output so that they don't get included in the library + # dependencies. + output_verbose_link_cmd='templist=`$CC $CFLAGS -v conftest.$objext -o libconftest$shared_ext 2>&1 | $GREP "ld"`; rm -f libconftest$shared_ext; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"' + + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic' + + # Archives containing C++ object files must be created using + # "CC -Bstatic", where "CC" is the KAI C++ compiler. + _LT_TAGVAR(old_archive_cmds, $1)='$CC -Bstatic -o $oldlib $oldobjs' + ;; + icpc* | ecpc* ) + # Intel C++ + with_gnu_ld=yes + # version 8.0 and above of icpc choke on multiply defined symbols + # if we add $predep_objects and $postdep_objects, however 7.1 and + # earlier do not add the objects themselves. + case `$CC -V 2>&1` in + *"Version 7."*) + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' + ;; + *) # Version 8.0 or newer + tmp_idyn= + case $host_cpu in + ia64*) tmp_idyn=' -i_dynamic';; + esac + _LT_TAGVAR(archive_cmds, $1)='$CC -shared'"$tmp_idyn"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared'"$tmp_idyn"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' + ;; + esac + _LT_TAGVAR(archive_cmds_need_lc, $1)=no + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic' + _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive$convenience ${wl}--no-whole-archive' + ;; + pgCC* | pgcpp*) + # Portland Group C++ compiler + case `$CC -V` in + *pgCC\ [[1-5]].* | *pgcpp\ [[1-5]].*) + _LT_TAGVAR(prelink_cmds, $1)='tpldir=Template.dir~ + rm -rf $tpldir~ + $CC --prelink_objects --instantiation_dir $tpldir $objs $libobjs $compile_deplibs~ + compile_command="$compile_command `find $tpldir -name \*.o | sort | $NL2SP`"' + _LT_TAGVAR(old_archive_cmds, $1)='tpldir=Template.dir~ + rm -rf $tpldir~ + $CC --prelink_objects --instantiation_dir $tpldir $oldobjs$old_deplibs~ + $AR $AR_FLAGS $oldlib$oldobjs$old_deplibs `find $tpldir -name \*.o | sort | $NL2SP`~ + $RANLIB $oldlib' + _LT_TAGVAR(archive_cmds, $1)='tpldir=Template.dir~ + rm -rf $tpldir~ + $CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~ + $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | sort | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='tpldir=Template.dir~ + rm -rf $tpldir~ + $CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~ + $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | sort | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname ${wl}-retain-symbols-file ${wl}$export_symbols -o $lib' + ;; + *) # Version 6 and above use weak symbols + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname ${wl}-retain-symbols-file ${wl}$export_symbols -o $lib' + ;; + esac + + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}--rpath ${wl}$libdir' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic' + _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` ${wl}--no-whole-archive' + ;; + cxx*) + # Compaq C++ + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib ${wl}-retain-symbols-file $wl$export_symbols' + + runpath_var=LD_RUN_PATH + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir' + _LT_TAGVAR(hardcode_libdir_separator, $1)=: + + # Commands to make compiler produce verbose output that lists + # what "hidden" libraries, object files and flags are used when + # linking a shared library. + # + # There doesn't appear to be a way to prevent this compiler from + # explicitly linking system object files so we need to strip them + # from the output so that they don't get included in the library + # dependencies. + output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "ld"`; templist=`func_echo_all "$templist" | $SED "s/\(^.*ld.*\)\( .*ld .*$\)/\1/"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "X$list" | $Xsed' + ;; + xl* | mpixl* | bgxl*) + # IBM XL 8.0 on PPC, with GNU ld + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic' + _LT_TAGVAR(archive_cmds, $1)='$CC -qmkshrobj $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + if test "x$supports_anon_versioning" = xyes; then + _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~ + cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ + echo "local: *; };" >> $output_objdir/$libname.ver~ + $CC -qmkshrobj $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-version-script ${wl}$output_objdir/$libname.ver -o $lib' + fi + ;; + *) + case `$CC -V 2>&1 | sed 5q` in + *Sun\ C*) + # Sun C++ 5.9 + _LT_TAGVAR(no_undefined_flag, $1)=' -zdefs' + _LT_TAGVAR(archive_cmds, $1)='$CC -G${allow_undefined_flag} -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G${allow_undefined_flag} -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-retain-symbols-file ${wl}$export_symbols' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' + _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` ${wl}--no-whole-archive' + _LT_TAGVAR(compiler_needs_object, $1)=yes + + # Not sure whether something based on + # $CC $CFLAGS -v conftest.$objext -o libconftest$shared_ext 2>&1 + # would be better. + output_verbose_link_cmd='func_echo_all' + + # Archives containing C++ object files must be created using + # "CC -xar", where "CC" is the Sun C++ compiler. This is + # necessary to make sure instantiated templates are included + # in the archive. + _LT_TAGVAR(old_archive_cmds, $1)='$CC -xar -o $oldlib $oldobjs' + ;; + esac + ;; + esac + ;; + + lynxos*) + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + + m88k*) + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + + mvs*) + case $cc_basename in + cxx*) + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + *) + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + esac + ;; + + netbsd*) + if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then + _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $predep_objects $libobjs $deplibs $postdep_objects $linker_flags' + wlarc= + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' + _LT_TAGVAR(hardcode_direct, $1)=yes + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + fi + # Workaround some broken pre-1.5 toolchains + output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP conftest.$objext | $SED -e "s:-lgcc -lc -lgcc::"' + ;; + + *nto* | *qnx*) + _LT_TAGVAR(ld_shlibs, $1)=yes + ;; + + openbsd2*) + # C++ shared libraries are fairly broken + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + + openbsd*) + if test -f /usr/libexec/ld.so; then + _LT_TAGVAR(hardcode_direct, $1)=yes + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + _LT_TAGVAR(hardcode_direct_absolute, $1)=yes + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $lib' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' + if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-retain-symbols-file,$export_symbols -o $lib' + _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' + _LT_TAGVAR(whole_archive_flag_spec, $1)="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive' + fi + output_verbose_link_cmd=func_echo_all + else + _LT_TAGVAR(ld_shlibs, $1)=no + fi + ;; + + osf3* | osf4* | osf5*) + case $cc_basename in + KCC*) + # Kuck and Associates, Inc. (KAI) C++ Compiler + + # KCC will only create a shared library if the output file + # ends with ".so" (or ".sl" for HP-UX), so rename the library + # to its proper name (with version) after linking. + _LT_TAGVAR(archive_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo "$lib" | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib' + + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' + _LT_TAGVAR(hardcode_libdir_separator, $1)=: + + # Archives containing C++ object files must be created using + # the KAI C++ compiler. + case $host in + osf3*) _LT_TAGVAR(old_archive_cmds, $1)='$CC -Bstatic -o $oldlib $oldobjs' ;; + *) _LT_TAGVAR(old_archive_cmds, $1)='$CC -o $oldlib $oldobjs' ;; + esac + ;; + RCC*) + # Rational C++ 2.4.1 + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + cxx*) + case $host in + osf3*) + _LT_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $soname `test -n "$verstring" && func_echo_all "${wl}-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' + ;; + *) + _LT_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*' + _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done~ + echo "-hidden">> $lib.exp~ + $CC -shared$allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname ${wl}-input ${wl}$lib.exp `test -n "$verstring" && $ECHO "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib~ + $RM $lib.exp' + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir' + ;; + esac + + _LT_TAGVAR(hardcode_libdir_separator, $1)=: + + # Commands to make compiler produce verbose output that lists + # what "hidden" libraries, object files and flags are used when + # linking a shared library. + # + # There doesn't appear to be a way to prevent this compiler from + # explicitly linking system object files so we need to strip them + # from the output so that they don't get included in the library + # dependencies. + output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "ld" | $GREP -v "ld:"`; templist=`func_echo_all "$templist" | $SED "s/\(^.*ld.*\)\( .*ld.*$\)/\1/"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"' + ;; + *) + if test "$GXX" = yes && test "$with_gnu_ld" = no; then + _LT_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*' + case $host in + osf3*) + _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib ${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' + ;; + *) + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -nostdlib ${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' + ;; + esac + + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' + _LT_TAGVAR(hardcode_libdir_separator, $1)=: + + # Commands to make compiler produce verbose output that lists + # what "hidden" libraries, object files and flags are used when + # linking a shared library. + output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"' + + else + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + fi + ;; + esac + ;; + + psos*) + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + + sunos4*) + case $cc_basename in + CC*) + # Sun C++ 4.x + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + lcc*) + # Lucid + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + *) + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + esac + ;; + + solaris*) + case $cc_basename in + CC* | sunCC*) + # Sun C++ 4.2, 5.x and Centerline C++ + _LT_TAGVAR(archive_cmds_need_lc,$1)=yes + _LT_TAGVAR(no_undefined_flag, $1)=' -zdefs' + _LT_TAGVAR(archive_cmds, $1)='$CC -G${allow_undefined_flag} -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' + _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ + $CC -G${allow_undefined_flag} ${wl}-M ${wl}$lib.exp -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp' + + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + case $host_os in + solaris2.[[0-5]] | solaris2.[[0-5]].*) ;; + *) + # The compiler driver will combine and reorder linker options, + # but understands `-z linker_flag'. + # Supported since Solaris 2.6 (maybe 2.5.1?) + _LT_TAGVAR(whole_archive_flag_spec, $1)='-z allextract$convenience -z defaultextract' + ;; + esac + _LT_TAGVAR(link_all_deplibs, $1)=yes + + output_verbose_link_cmd='func_echo_all' + + # Archives containing C++ object files must be created using + # "CC -xar", where "CC" is the Sun C++ compiler. This is + # necessary to make sure instantiated templates are included + # in the archive. + _LT_TAGVAR(old_archive_cmds, $1)='$CC -xar -o $oldlib $oldobjs' + ;; + gcx*) + # Green Hills C++ Compiler + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-h $wl$soname -o $lib' + + # The C++ compiler must be used to create the archive. + _LT_TAGVAR(old_archive_cmds, $1)='$CC $LDFLAGS -archive -o $oldlib $oldobjs' + ;; + *) + # GNU C++ compiler with Solaris linker + if test "$GXX" = yes && test "$with_gnu_ld" = no; then + _LT_TAGVAR(no_undefined_flag, $1)=' ${wl}-z ${wl}defs' + if $CC --version | $GREP -v '^2\.7' > /dev/null; then + _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -nostdlib $LDFLAGS $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-h $wl$soname -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ + $CC -shared $pic_flag -nostdlib ${wl}-M $wl$lib.exp -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp' + + # Commands to make compiler produce verbose output that lists + # what "hidden" libraries, object files and flags are used when + # linking a shared library. + output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"' + else + # g++ 2.7 appears to require `-G' NOT `-shared' on this + # platform. + _LT_TAGVAR(archive_cmds, $1)='$CC -G -nostdlib $LDFLAGS $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-h $wl$soname -o $lib' + _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ + $CC -G -nostdlib ${wl}-M $wl$lib.exp -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp' + + # Commands to make compiler produce verbose output that lists + # what "hidden" libraries, object files and flags are used when + # linking a shared library. + output_verbose_link_cmd='$CC -G $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"' + fi + + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-R $wl$libdir' + case $host_os in + solaris2.[[0-5]] | solaris2.[[0-5]].*) ;; + *) + _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}-z ${wl}allextract$convenience ${wl}-z ${wl}defaultextract' + ;; + esac + fi + ;; + esac + ;; + + sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[[01]].[[10]]* | unixware7* | sco3.2v5.0.[[024]]*) + _LT_TAGVAR(no_undefined_flag, $1)='${wl}-z,text' + _LT_TAGVAR(archive_cmds_need_lc, $1)=no + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + runpath_var='LD_RUN_PATH' + + case $cc_basename in + CC*) + _LT_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + ;; + *) + _LT_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + ;; + esac + ;; + + sysv5* | sco3.2v5* | sco5v6*) + # Note: We can NOT use -z defs as we might desire, because we do not + # link with -lc, and that would cause any symbols used from libc to + # always be unresolved, which means just about no library would + # ever link correctly. If we're not using GNU ld we use -z text + # though, which does catch some bad symbols but isn't as heavy-handed + # as -z defs. + _LT_TAGVAR(no_undefined_flag, $1)='${wl}-z,text' + _LT_TAGVAR(allow_undefined_flag, $1)='${wl}-z,nodefs' + _LT_TAGVAR(archive_cmds_need_lc, $1)=no + _LT_TAGVAR(hardcode_shlibpath_var, $1)=no + _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-R,$libdir' + _LT_TAGVAR(hardcode_libdir_separator, $1)=':' + _LT_TAGVAR(link_all_deplibs, $1)=yes + _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-Bexport' + runpath_var='LD_RUN_PATH' + + case $cc_basename in + CC*) + _LT_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(old_archive_cmds, $1)='$CC -Tprelink_objects $oldobjs~ + '"$_LT_TAGVAR(old_archive_cmds, $1)" + _LT_TAGVAR(reload_cmds, $1)='$CC -Tprelink_objects $reload_objs~ + '"$_LT_TAGVAR(reload_cmds, $1)" + ;; + *) + _LT_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + ;; + esac + ;; + + tandem*) + case $cc_basename in + NCC*) + # NonStop-UX NCC 3.20 + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + *) + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + esac + ;; + + vxworks*) + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + + *) + # FIXME: insert proper C++ library support + _LT_TAGVAR(ld_shlibs, $1)=no + ;; + esac + + AC_MSG_RESULT([$_LT_TAGVAR(ld_shlibs, $1)]) + test "$_LT_TAGVAR(ld_shlibs, $1)" = no && can_build_shared=no + + _LT_TAGVAR(GCC, $1)="$GXX" + _LT_TAGVAR(LD, $1)="$LD" + + ## CAVEAT EMPTOR: + ## There is no encapsulation within the following macros, do not change + ## the running order or otherwise move them around unless you know exactly + ## what you are doing... + _LT_SYS_HIDDEN_LIBDEPS($1) + _LT_COMPILER_PIC($1) + _LT_COMPILER_C_O($1) + _LT_COMPILER_FILE_LOCKS($1) + _LT_LINKER_SHLIBS($1) + _LT_SYS_DYNAMIC_LINKER($1) + _LT_LINKER_HARDCODE_LIBPATH($1) + + _LT_CONFIG($1) + fi # test -n "$compiler" + + CC=$lt_save_CC + CFLAGS=$lt_save_CFLAGS + LDCXX=$LD + LD=$lt_save_LD + GCC=$lt_save_GCC + with_gnu_ld=$lt_save_with_gnu_ld + lt_cv_path_LDCXX=$lt_cv_path_LD + lt_cv_path_LD=$lt_save_path_LD + lt_cv_prog_gnu_ldcxx=$lt_cv_prog_gnu_ld + lt_cv_prog_gnu_ld=$lt_save_with_gnu_ld +fi # test "$_lt_caught_CXX_error" != yes + +AC_LANG_POP +])# _LT_LANG_CXX_CONFIG + + +# _LT_FUNC_STRIPNAME_CNF +# ---------------------- +# func_stripname_cnf prefix suffix name +# strip PREFIX and SUFFIX off of NAME. +# PREFIX and SUFFIX must not contain globbing or regex special +# characters, hashes, percent signs, but SUFFIX may contain a leading +# dot (in which case that matches only a dot). +# +# This function is identical to the (non-XSI) version of func_stripname, +# except this one can be used by m4 code that may be executed by configure, +# rather than the libtool script. +m4_defun([_LT_FUNC_STRIPNAME_CNF],[dnl +AC_REQUIRE([_LT_DECL_SED]) +AC_REQUIRE([_LT_PROG_ECHO_BACKSLASH]) +func_stripname_cnf () +{ + case ${2} in + .*) func_stripname_result=`$ECHO "${3}" | $SED "s%^${1}%%; s%\\\\${2}\$%%"`;; + *) func_stripname_result=`$ECHO "${3}" | $SED "s%^${1}%%; s%${2}\$%%"`;; + esac +} # func_stripname_cnf +])# _LT_FUNC_STRIPNAME_CNF + +# _LT_SYS_HIDDEN_LIBDEPS([TAGNAME]) +# --------------------------------- +# Figure out "hidden" library dependencies from verbose +# compiler output when linking a shared library. +# Parse the compiler output and extract the necessary +# objects, libraries and library flags. +m4_defun([_LT_SYS_HIDDEN_LIBDEPS], +[m4_require([_LT_FILEUTILS_DEFAULTS])dnl +AC_REQUIRE([_LT_FUNC_STRIPNAME_CNF])dnl +# Dependencies to place before and after the object being linked: +_LT_TAGVAR(predep_objects, $1)= +_LT_TAGVAR(postdep_objects, $1)= +_LT_TAGVAR(predeps, $1)= +_LT_TAGVAR(postdeps, $1)= +_LT_TAGVAR(compiler_lib_search_path, $1)= + +dnl we can't use the lt_simple_compile_test_code here, +dnl because it contains code intended for an executable, +dnl not a library. It's possible we should let each +dnl tag define a new lt_????_link_test_code variable, +dnl but it's only used here... +m4_if([$1], [], [cat > conftest.$ac_ext <<_LT_EOF +int a; +void foo (void) { a = 0; } +_LT_EOF +], [$1], [CXX], [cat > conftest.$ac_ext <<_LT_EOF +class Foo +{ +public: + Foo (void) { a = 0; } +private: + int a; +}; +_LT_EOF +], [$1], [F77], [cat > conftest.$ac_ext <<_LT_EOF + subroutine foo + implicit none + integer*4 a + a=0 + return + end +_LT_EOF +], [$1], [FC], [cat > conftest.$ac_ext <<_LT_EOF + subroutine foo + implicit none + integer a + a=0 + return + end +_LT_EOF +], [$1], [GCJ], [cat > conftest.$ac_ext <<_LT_EOF +public class foo { + private int a; + public void bar (void) { + a = 0; + } +}; +_LT_EOF +], [$1], [GO], [cat > conftest.$ac_ext <<_LT_EOF +package foo +func foo() { +} +_LT_EOF +]) + +_lt_libdeps_save_CFLAGS=$CFLAGS +case "$CC $CFLAGS " in #( +*\ -flto*\ *) CFLAGS="$CFLAGS -fno-lto" ;; +*\ -fwhopr*\ *) CFLAGS="$CFLAGS -fno-whopr" ;; +*\ -fuse-linker-plugin*\ *) CFLAGS="$CFLAGS -fno-use-linker-plugin" ;; +esac + +dnl Parse the compiler output and extract the necessary +dnl objects, libraries and library flags. +if AC_TRY_EVAL(ac_compile); then + # Parse the compiler output and extract the necessary + # objects, libraries and library flags. + + # Sentinel used to keep track of whether or not we are before + # the conftest object file. + pre_test_object_deps_done=no + + for p in `eval "$output_verbose_link_cmd"`; do + case ${prev}${p} in + + -L* | -R* | -l*) + # Some compilers place space between "-{L,R}" and the path. + # Remove the space. + if test $p = "-L" || + test $p = "-R"; then + prev=$p + continue + fi + + # Expand the sysroot to ease extracting the directories later. + if test -z "$prev"; then + case $p in + -L*) func_stripname_cnf '-L' '' "$p"; prev=-L; p=$func_stripname_result ;; + -R*) func_stripname_cnf '-R' '' "$p"; prev=-R; p=$func_stripname_result ;; + -l*) func_stripname_cnf '-l' '' "$p"; prev=-l; p=$func_stripname_result ;; + esac + fi + case $p in + =*) func_stripname_cnf '=' '' "$p"; p=$lt_sysroot$func_stripname_result ;; + esac + if test "$pre_test_object_deps_done" = no; then + case ${prev} in + -L | -R) + # Internal compiler library paths should come after those + # provided the user. The postdeps already come after the + # user supplied libs so there is no need to process them. + if test -z "$_LT_TAGVAR(compiler_lib_search_path, $1)"; then + _LT_TAGVAR(compiler_lib_search_path, $1)="${prev}${p}" + else + _LT_TAGVAR(compiler_lib_search_path, $1)="${_LT_TAGVAR(compiler_lib_search_path, $1)} ${prev}${p}" + fi + ;; + # The "-l" case would never come before the object being + # linked, so don't bother handling this case. + esac + else + if test -z "$_LT_TAGVAR(postdeps, $1)"; then + _LT_TAGVAR(postdeps, $1)="${prev}${p}" + else + _LT_TAGVAR(postdeps, $1)="${_LT_TAGVAR(postdeps, $1)} ${prev}${p}" + fi + fi + prev= + ;; + + *.lto.$objext) ;; # Ignore GCC LTO objects + *.$objext) + # This assumes that the test object file only shows up + # once in the compiler output. + if test "$p" = "conftest.$objext"; then + pre_test_object_deps_done=yes + continue + fi + + if test "$pre_test_object_deps_done" = no; then + if test -z "$_LT_TAGVAR(predep_objects, $1)"; then + _LT_TAGVAR(predep_objects, $1)="$p" + else + _LT_TAGVAR(predep_objects, $1)="$_LT_TAGVAR(predep_objects, $1) $p" + fi + else + if test -z "$_LT_TAGVAR(postdep_objects, $1)"; then + _LT_TAGVAR(postdep_objects, $1)="$p" + else + _LT_TAGVAR(postdep_objects, $1)="$_LT_TAGVAR(postdep_objects, $1) $p" + fi + fi + ;; + + *) ;; # Ignore the rest. + + esac + done + + # Clean up. + rm -f a.out a.exe +else + echo "libtool.m4: error: problem compiling $1 test program" +fi + +$RM -f confest.$objext +CFLAGS=$_lt_libdeps_save_CFLAGS + +# PORTME: override above test on systems where it is broken +m4_if([$1], [CXX], +[case $host_os in +interix[[3-9]]*) + # Interix 3.5 installs completely hosed .la files for C++, so rather than + # hack all around it, let's just trust "g++" to DTRT. + _LT_TAGVAR(predep_objects,$1)= + _LT_TAGVAR(postdep_objects,$1)= + _LT_TAGVAR(postdeps,$1)= + ;; + +linux*) + case `$CC -V 2>&1 | sed 5q` in + *Sun\ C*) + # Sun C++ 5.9 + + # The more standards-conforming stlport4 library is + # incompatible with the Cstd library. Avoid specifying + # it if it's in CXXFLAGS. Ignore libCrun as + # -library=stlport4 depends on it. + case " $CXX $CXXFLAGS " in + *" -library=stlport4 "*) + solaris_use_stlport4=yes + ;; + esac + + if test "$solaris_use_stlport4" != yes; then + _LT_TAGVAR(postdeps,$1)='-library=Cstd -library=Crun' + fi + ;; + esac + ;; + +solaris*) + case $cc_basename in + CC* | sunCC*) + # The more standards-conforming stlport4 library is + # incompatible with the Cstd library. Avoid specifying + # it if it's in CXXFLAGS. Ignore libCrun as + # -library=stlport4 depends on it. + case " $CXX $CXXFLAGS " in + *" -library=stlport4 "*) + solaris_use_stlport4=yes + ;; + esac + + # Adding this requires a known-good setup of shared libraries for + # Sun compiler versions before 5.6, else PIC objects from an old + # archive will be linked into the output, leading to subtle bugs. + if test "$solaris_use_stlport4" != yes; then + _LT_TAGVAR(postdeps,$1)='-library=Cstd -library=Crun' + fi + ;; + esac + ;; +esac +]) + +case " $_LT_TAGVAR(postdeps, $1) " in +*" -lc "*) _LT_TAGVAR(archive_cmds_need_lc, $1)=no ;; +esac + _LT_TAGVAR(compiler_lib_search_dirs, $1)= +if test -n "${_LT_TAGVAR(compiler_lib_search_path, $1)}"; then + _LT_TAGVAR(compiler_lib_search_dirs, $1)=`echo " ${_LT_TAGVAR(compiler_lib_search_path, $1)}" | ${SED} -e 's! -L! !g' -e 's!^ !!'` +fi +_LT_TAGDECL([], [compiler_lib_search_dirs], [1], + [The directories searched by this compiler when creating a shared library]) +_LT_TAGDECL([], [predep_objects], [1], + [Dependencies to place before and after the objects being linked to + create a shared library]) +_LT_TAGDECL([], [postdep_objects], [1]) +_LT_TAGDECL([], [predeps], [1]) +_LT_TAGDECL([], [postdeps], [1]) +_LT_TAGDECL([], [compiler_lib_search_path], [1], + [The library search path used internally by the compiler when linking + a shared library]) +])# _LT_SYS_HIDDEN_LIBDEPS + + +# _LT_LANG_F77_CONFIG([TAG]) +# -------------------------- +# Ensure that the configuration variables for a Fortran 77 compiler are +# suitably defined. These variables are subsequently used by _LT_CONFIG +# to write the compiler configuration to `libtool'. +m4_defun([_LT_LANG_F77_CONFIG], +[AC_LANG_PUSH(Fortran 77) +if test -z "$F77" || test "X$F77" = "Xno"; then + _lt_disable_F77=yes +fi + +_LT_TAGVAR(archive_cmds_need_lc, $1)=no +_LT_TAGVAR(allow_undefined_flag, $1)= +_LT_TAGVAR(always_export_symbols, $1)=no +_LT_TAGVAR(archive_expsym_cmds, $1)= +_LT_TAGVAR(export_dynamic_flag_spec, $1)= +_LT_TAGVAR(hardcode_direct, $1)=no +_LT_TAGVAR(hardcode_direct_absolute, $1)=no +_LT_TAGVAR(hardcode_libdir_flag_spec, $1)= +_LT_TAGVAR(hardcode_libdir_separator, $1)= +_LT_TAGVAR(hardcode_minus_L, $1)=no +_LT_TAGVAR(hardcode_automatic, $1)=no +_LT_TAGVAR(inherit_rpath, $1)=no +_LT_TAGVAR(module_cmds, $1)= +_LT_TAGVAR(module_expsym_cmds, $1)= +_LT_TAGVAR(link_all_deplibs, $1)=unknown +_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds +_LT_TAGVAR(reload_flag, $1)=$reload_flag +_LT_TAGVAR(reload_cmds, $1)=$reload_cmds +_LT_TAGVAR(no_undefined_flag, $1)= +_LT_TAGVAR(whole_archive_flag_spec, $1)= +_LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no + +# Source file extension for f77 test sources. +ac_ext=f + +# Object file extension for compiled f77 test sources. +objext=o +_LT_TAGVAR(objext, $1)=$objext + +# No sense in running all these tests if we already determined that +# the F77 compiler isn't working. Some variables (like enable_shared) +# are currently assumed to apply to all compilers on this platform, +# and will be corrupted by setting them based on a non-working compiler. +if test "$_lt_disable_F77" != yes; then + # Code to be used in simple compile tests + lt_simple_compile_test_code="\ + subroutine t + return + end +" + + # Code to be used in simple link tests + lt_simple_link_test_code="\ + program t + end +" + + # ltmain only uses $CC for tagged configurations so make sure $CC is set. + _LT_TAG_COMPILER + + # save warnings/boilerplate of simple test code + _LT_COMPILER_BOILERPLATE + _LT_LINKER_BOILERPLATE + + # Allow CC to be a program name with arguments. + lt_save_CC="$CC" + lt_save_GCC=$GCC + lt_save_CFLAGS=$CFLAGS + CC=${F77-"f77"} + CFLAGS=$FFLAGS + compiler=$CC + _LT_TAGVAR(compiler, $1)=$CC + _LT_CC_BASENAME([$compiler]) + GCC=$G77 + if test -n "$compiler"; then + AC_MSG_CHECKING([if libtool supports shared libraries]) + AC_MSG_RESULT([$can_build_shared]) + + AC_MSG_CHECKING([whether to build shared libraries]) + test "$can_build_shared" = "no" && enable_shared=no + + # On AIX, shared libraries and static libraries use the same namespace, and + # are all built from PIC. + case $host_os in + aix3*) + test "$enable_shared" = yes && enable_static=no + if test -n "$RANLIB"; then + archive_cmds="$archive_cmds~\$RANLIB \$lib" + postinstall_cmds='$RANLIB $lib' + fi + ;; + aix[[4-9]]*) + if test "$host_cpu" != ia64 && test "$aix_use_runtimelinking" = no ; then + test "$enable_shared" = yes && enable_static=no + fi + ;; + esac + AC_MSG_RESULT([$enable_shared]) + + AC_MSG_CHECKING([whether to build static libraries]) + # Make sure either enable_shared or enable_static is yes. + test "$enable_shared" = yes || enable_static=yes + AC_MSG_RESULT([$enable_static]) + + _LT_TAGVAR(GCC, $1)="$G77" + _LT_TAGVAR(LD, $1)="$LD" + + ## CAVEAT EMPTOR: + ## There is no encapsulation within the following macros, do not change + ## the running order or otherwise move them around unless you know exactly + ## what you are doing... + _LT_COMPILER_PIC($1) + _LT_COMPILER_C_O($1) + _LT_COMPILER_FILE_LOCKS($1) + _LT_LINKER_SHLIBS($1) + _LT_SYS_DYNAMIC_LINKER($1) + _LT_LINKER_HARDCODE_LIBPATH($1) + + _LT_CONFIG($1) + fi # test -n "$compiler" + + GCC=$lt_save_GCC + CC="$lt_save_CC" + CFLAGS="$lt_save_CFLAGS" +fi # test "$_lt_disable_F77" != yes + +AC_LANG_POP +])# _LT_LANG_F77_CONFIG + + +# _LT_LANG_FC_CONFIG([TAG]) +# ------------------------- +# Ensure that the configuration variables for a Fortran compiler are +# suitably defined. These variables are subsequently used by _LT_CONFIG +# to write the compiler configuration to `libtool'. +m4_defun([_LT_LANG_FC_CONFIG], +[AC_LANG_PUSH(Fortran) + +if test -z "$FC" || test "X$FC" = "Xno"; then + _lt_disable_FC=yes +fi + +_LT_TAGVAR(archive_cmds_need_lc, $1)=no +_LT_TAGVAR(allow_undefined_flag, $1)= +_LT_TAGVAR(always_export_symbols, $1)=no +_LT_TAGVAR(archive_expsym_cmds, $1)= +_LT_TAGVAR(export_dynamic_flag_spec, $1)= +_LT_TAGVAR(hardcode_direct, $1)=no +_LT_TAGVAR(hardcode_direct_absolute, $1)=no +_LT_TAGVAR(hardcode_libdir_flag_spec, $1)= +_LT_TAGVAR(hardcode_libdir_separator, $1)= +_LT_TAGVAR(hardcode_minus_L, $1)=no +_LT_TAGVAR(hardcode_automatic, $1)=no +_LT_TAGVAR(inherit_rpath, $1)=no +_LT_TAGVAR(module_cmds, $1)= +_LT_TAGVAR(module_expsym_cmds, $1)= +_LT_TAGVAR(link_all_deplibs, $1)=unknown +_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds +_LT_TAGVAR(reload_flag, $1)=$reload_flag +_LT_TAGVAR(reload_cmds, $1)=$reload_cmds +_LT_TAGVAR(no_undefined_flag, $1)= +_LT_TAGVAR(whole_archive_flag_spec, $1)= +_LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no + +# Source file extension for fc test sources. +ac_ext=${ac_fc_srcext-f} + +# Object file extension for compiled fc test sources. +objext=o +_LT_TAGVAR(objext, $1)=$objext + +# No sense in running all these tests if we already determined that +# the FC compiler isn't working. Some variables (like enable_shared) +# are currently assumed to apply to all compilers on this platform, +# and will be corrupted by setting them based on a non-working compiler. +if test "$_lt_disable_FC" != yes; then + # Code to be used in simple compile tests + lt_simple_compile_test_code="\ + subroutine t + return + end +" + + # Code to be used in simple link tests + lt_simple_link_test_code="\ + program t + end +" + + # ltmain only uses $CC for tagged configurations so make sure $CC is set. + _LT_TAG_COMPILER + + # save warnings/boilerplate of simple test code + _LT_COMPILER_BOILERPLATE + _LT_LINKER_BOILERPLATE + + # Allow CC to be a program name with arguments. + lt_save_CC="$CC" + lt_save_GCC=$GCC + lt_save_CFLAGS=$CFLAGS + CC=${FC-"f95"} + CFLAGS=$FCFLAGS + compiler=$CC + GCC=$ac_cv_fc_compiler_gnu + + _LT_TAGVAR(compiler, $1)=$CC + _LT_CC_BASENAME([$compiler]) + + if test -n "$compiler"; then + AC_MSG_CHECKING([if libtool supports shared libraries]) + AC_MSG_RESULT([$can_build_shared]) + + AC_MSG_CHECKING([whether to build shared libraries]) + test "$can_build_shared" = "no" && enable_shared=no + + # On AIX, shared libraries and static libraries use the same namespace, and + # are all built from PIC. + case $host_os in + aix3*) + test "$enable_shared" = yes && enable_static=no + if test -n "$RANLIB"; then + archive_cmds="$archive_cmds~\$RANLIB \$lib" + postinstall_cmds='$RANLIB $lib' + fi + ;; + aix[[4-9]]*) + if test "$host_cpu" != ia64 && test "$aix_use_runtimelinking" = no ; then + test "$enable_shared" = yes && enable_static=no + fi + ;; + esac + AC_MSG_RESULT([$enable_shared]) + + AC_MSG_CHECKING([whether to build static libraries]) + # Make sure either enable_shared or enable_static is yes. + test "$enable_shared" = yes || enable_static=yes + AC_MSG_RESULT([$enable_static]) + + _LT_TAGVAR(GCC, $1)="$ac_cv_fc_compiler_gnu" + _LT_TAGVAR(LD, $1)="$LD" + + ## CAVEAT EMPTOR: + ## There is no encapsulation within the following macros, do not change + ## the running order or otherwise move them around unless you know exactly + ## what you are doing... + _LT_SYS_HIDDEN_LIBDEPS($1) + _LT_COMPILER_PIC($1) + _LT_COMPILER_C_O($1) + _LT_COMPILER_FILE_LOCKS($1) + _LT_LINKER_SHLIBS($1) + _LT_SYS_DYNAMIC_LINKER($1) + _LT_LINKER_HARDCODE_LIBPATH($1) + + _LT_CONFIG($1) + fi # test -n "$compiler" + + GCC=$lt_save_GCC + CC=$lt_save_CC + CFLAGS=$lt_save_CFLAGS +fi # test "$_lt_disable_FC" != yes + +AC_LANG_POP +])# _LT_LANG_FC_CONFIG + + +# _LT_LANG_GCJ_CONFIG([TAG]) +# -------------------------- +# Ensure that the configuration variables for the GNU Java Compiler compiler +# are suitably defined. These variables are subsequently used by _LT_CONFIG +# to write the compiler configuration to `libtool'. +m4_defun([_LT_LANG_GCJ_CONFIG], +[AC_REQUIRE([LT_PROG_GCJ])dnl +AC_LANG_SAVE + +# Source file extension for Java test sources. +ac_ext=java + +# Object file extension for compiled Java test sources. +objext=o +_LT_TAGVAR(objext, $1)=$objext + +# Code to be used in simple compile tests +lt_simple_compile_test_code="class foo {}" + +# Code to be used in simple link tests +lt_simple_link_test_code='public class conftest { public static void main(String[[]] argv) {}; }' + +# ltmain only uses $CC for tagged configurations so make sure $CC is set. +_LT_TAG_COMPILER + +# save warnings/boilerplate of simple test code +_LT_COMPILER_BOILERPLATE +_LT_LINKER_BOILERPLATE + +# Allow CC to be a program name with arguments. +lt_save_CC=$CC +lt_save_CFLAGS=$CFLAGS +lt_save_GCC=$GCC +GCC=yes +CC=${GCJ-"gcj"} +CFLAGS=$GCJFLAGS +compiler=$CC +_LT_TAGVAR(compiler, $1)=$CC +_LT_TAGVAR(LD, $1)="$LD" +_LT_CC_BASENAME([$compiler]) + +# GCJ did not exist at the time GCC didn't implicitly link libc in. +_LT_TAGVAR(archive_cmds_need_lc, $1)=no + +_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds +_LT_TAGVAR(reload_flag, $1)=$reload_flag +_LT_TAGVAR(reload_cmds, $1)=$reload_cmds + +if test -n "$compiler"; then + _LT_COMPILER_NO_RTTI($1) + _LT_COMPILER_PIC($1) + _LT_COMPILER_C_O($1) + _LT_COMPILER_FILE_LOCKS($1) + _LT_LINKER_SHLIBS($1) + _LT_LINKER_HARDCODE_LIBPATH($1) + + _LT_CONFIG($1) +fi + +AC_LANG_RESTORE + +GCC=$lt_save_GCC +CC=$lt_save_CC +CFLAGS=$lt_save_CFLAGS +])# _LT_LANG_GCJ_CONFIG + + +# _LT_LANG_GO_CONFIG([TAG]) +# -------------------------- +# Ensure that the configuration variables for the GNU Go compiler +# are suitably defined. These variables are subsequently used by _LT_CONFIG +# to write the compiler configuration to `libtool'. +m4_defun([_LT_LANG_GO_CONFIG], +[AC_REQUIRE([LT_PROG_GO])dnl +AC_LANG_SAVE + +# Source file extension for Go test sources. +ac_ext=go + +# Object file extension for compiled Go test sources. +objext=o +_LT_TAGVAR(objext, $1)=$objext + +# Code to be used in simple compile tests +lt_simple_compile_test_code="package main; func main() { }" + +# Code to be used in simple link tests +lt_simple_link_test_code='package main; func main() { }' + +# ltmain only uses $CC for tagged configurations so make sure $CC is set. +_LT_TAG_COMPILER + +# save warnings/boilerplate of simple test code +_LT_COMPILER_BOILERPLATE +_LT_LINKER_BOILERPLATE + +# Allow CC to be a program name with arguments. +lt_save_CC=$CC +lt_save_CFLAGS=$CFLAGS +lt_save_GCC=$GCC +GCC=yes +CC=${GOC-"gccgo"} +CFLAGS=$GOFLAGS +compiler=$CC +_LT_TAGVAR(compiler, $1)=$CC +_LT_TAGVAR(LD, $1)="$LD" +_LT_CC_BASENAME([$compiler]) + +# Go did not exist at the time GCC didn't implicitly link libc in. +_LT_TAGVAR(archive_cmds_need_lc, $1)=no + +_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds +_LT_TAGVAR(reload_flag, $1)=$reload_flag +_LT_TAGVAR(reload_cmds, $1)=$reload_cmds + +if test -n "$compiler"; then + _LT_COMPILER_NO_RTTI($1) + _LT_COMPILER_PIC($1) + _LT_COMPILER_C_O($1) + _LT_COMPILER_FILE_LOCKS($1) + _LT_LINKER_SHLIBS($1) + _LT_LINKER_HARDCODE_LIBPATH($1) + + _LT_CONFIG($1) +fi + +AC_LANG_RESTORE + +GCC=$lt_save_GCC +CC=$lt_save_CC +CFLAGS=$lt_save_CFLAGS +])# _LT_LANG_GO_CONFIG + + +# _LT_LANG_RC_CONFIG([TAG]) +# ------------------------- +# Ensure that the configuration variables for the Windows resource compiler +# are suitably defined. These variables are subsequently used by _LT_CONFIG +# to write the compiler configuration to `libtool'. +m4_defun([_LT_LANG_RC_CONFIG], +[AC_REQUIRE([LT_PROG_RC])dnl +AC_LANG_SAVE + +# Source file extension for RC test sources. +ac_ext=rc + +# Object file extension for compiled RC test sources. +objext=o +_LT_TAGVAR(objext, $1)=$objext + +# Code to be used in simple compile tests +lt_simple_compile_test_code='sample MENU { MENUITEM "&Soup", 100, CHECKED }' + +# Code to be used in simple link tests +lt_simple_link_test_code="$lt_simple_compile_test_code" + +# ltmain only uses $CC for tagged configurations so make sure $CC is set. +_LT_TAG_COMPILER + +# save warnings/boilerplate of simple test code +_LT_COMPILER_BOILERPLATE +_LT_LINKER_BOILERPLATE + +# Allow CC to be a program name with arguments. +lt_save_CC="$CC" +lt_save_CFLAGS=$CFLAGS +lt_save_GCC=$GCC +GCC= +CC=${RC-"windres"} +CFLAGS= +compiler=$CC +_LT_TAGVAR(compiler, $1)=$CC +_LT_CC_BASENAME([$compiler]) +_LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)=yes + +if test -n "$compiler"; then + : + _LT_CONFIG($1) +fi + +GCC=$lt_save_GCC +AC_LANG_RESTORE +CC=$lt_save_CC +CFLAGS=$lt_save_CFLAGS +])# _LT_LANG_RC_CONFIG + + +# LT_PROG_GCJ +# ----------- +AC_DEFUN([LT_PROG_GCJ], +[m4_ifdef([AC_PROG_GCJ], [AC_PROG_GCJ], + [m4_ifdef([A][M_PROG_GCJ], [A][M_PROG_GCJ], + [AC_CHECK_TOOL(GCJ, gcj,) + test "x${GCJFLAGS+set}" = xset || GCJFLAGS="-g -O2" + AC_SUBST(GCJFLAGS)])])[]dnl +]) + +# Old name: +AU_ALIAS([LT_AC_PROG_GCJ], [LT_PROG_GCJ]) +dnl aclocal-1.4 backwards compatibility: +dnl AC_DEFUN([LT_AC_PROG_GCJ], []) + + +# LT_PROG_GO +# ---------- +AC_DEFUN([LT_PROG_GO], +[AC_CHECK_TOOL(GOC, gccgo,) +]) + + +# LT_PROG_RC +# ---------- +AC_DEFUN([LT_PROG_RC], +[AC_CHECK_TOOL(RC, windres,) +]) + +# Old name: +AU_ALIAS([LT_AC_PROG_RC], [LT_PROG_RC]) +dnl aclocal-1.4 backwards compatibility: +dnl AC_DEFUN([LT_AC_PROG_RC], []) + + +# _LT_DECL_EGREP +# -------------- +# If we don't have a new enough Autoconf to choose the best grep +# available, choose the one first in the user's PATH. +m4_defun([_LT_DECL_EGREP], +[AC_REQUIRE([AC_PROG_EGREP])dnl +AC_REQUIRE([AC_PROG_FGREP])dnl +test -z "$GREP" && GREP=grep +_LT_DECL([], [GREP], [1], [A grep program that handles long lines]) +_LT_DECL([], [EGREP], [1], [An ERE matcher]) +_LT_DECL([], [FGREP], [1], [A literal string matcher]) +dnl Non-bleeding-edge autoconf doesn't subst GREP, so do it here too +AC_SUBST([GREP]) +]) + + +# _LT_DECL_OBJDUMP +# -------------- +# If we don't have a new enough Autoconf to choose the best objdump +# available, choose the one first in the user's PATH. +m4_defun([_LT_DECL_OBJDUMP], +[AC_CHECK_TOOL(OBJDUMP, objdump, false) +test -z "$OBJDUMP" && OBJDUMP=objdump +_LT_DECL([], [OBJDUMP], [1], [An object symbol dumper]) +AC_SUBST([OBJDUMP]) +]) + +# _LT_DECL_DLLTOOL +# ---------------- +# Ensure DLLTOOL variable is set. +m4_defun([_LT_DECL_DLLTOOL], +[AC_CHECK_TOOL(DLLTOOL, dlltool, false) +test -z "$DLLTOOL" && DLLTOOL=dlltool +_LT_DECL([], [DLLTOOL], [1], [DLL creation program]) +AC_SUBST([DLLTOOL]) +]) + +# _LT_DECL_SED +# ------------ +# Check for a fully-functional sed program, that truncates +# as few characters as possible. Prefer GNU sed if found. +m4_defun([_LT_DECL_SED], +[AC_PROG_SED +test -z "$SED" && SED=sed +Xsed="$SED -e 1s/^X//" +_LT_DECL([], [SED], [1], [A sed program that does not truncate output]) +_LT_DECL([], [Xsed], ["\$SED -e 1s/^X//"], + [Sed that helps us avoid accidentally triggering echo(1) options like -n]) +])# _LT_DECL_SED + +m4_ifndef([AC_PROG_SED], [ +# NOTE: This macro has been submitted for inclusion into # +# GNU Autoconf as AC_PROG_SED. When it is available in # +# a released version of Autoconf we should remove this # +# macro and use it instead. # + +m4_defun([AC_PROG_SED], +[AC_MSG_CHECKING([for a sed that does not truncate output]) +AC_CACHE_VAL(lt_cv_path_SED, +[# Loop through the user's path and test for sed and gsed. +# Then use that list of sed's as ones to test for truncation. +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for lt_ac_prog in sed gsed; do + for ac_exec_ext in '' $ac_executable_extensions; do + if $as_executable_p "$as_dir/$lt_ac_prog$ac_exec_ext"; then + lt_ac_sed_list="$lt_ac_sed_list $as_dir/$lt_ac_prog$ac_exec_ext" + fi + done + done +done +IFS=$as_save_IFS +lt_ac_max=0 +lt_ac_count=0 +# Add /usr/xpg4/bin/sed as it is typically found on Solaris +# along with /bin/sed that truncates output. +for lt_ac_sed in $lt_ac_sed_list /usr/xpg4/bin/sed; do + test ! -f $lt_ac_sed && continue + cat /dev/null > conftest.in + lt_ac_count=0 + echo $ECHO_N "0123456789$ECHO_C" >conftest.in + # Check for GNU sed and select it if it is found. + if "$lt_ac_sed" --version 2>&1 < /dev/null | grep 'GNU' > /dev/null; then + lt_cv_path_SED=$lt_ac_sed + break + fi + while true; do + cat conftest.in conftest.in >conftest.tmp + mv conftest.tmp conftest.in + cp conftest.in conftest.nl + echo >>conftest.nl + $lt_ac_sed -e 's/a$//' < conftest.nl >conftest.out || break + cmp -s conftest.out conftest.nl || break + # 10000 chars as input seems more than enough + test $lt_ac_count -gt 10 && break + lt_ac_count=`expr $lt_ac_count + 1` + if test $lt_ac_count -gt $lt_ac_max; then + lt_ac_max=$lt_ac_count + lt_cv_path_SED=$lt_ac_sed + fi + done +done +]) +SED=$lt_cv_path_SED +AC_SUBST([SED]) +AC_MSG_RESULT([$SED]) +])#AC_PROG_SED +])#m4_ifndef + +# Old name: +AU_ALIAS([LT_AC_PROG_SED], [AC_PROG_SED]) +dnl aclocal-1.4 backwards compatibility: +dnl AC_DEFUN([LT_AC_PROG_SED], []) + + +# _LT_CHECK_SHELL_FEATURES +# ------------------------ +# Find out whether the shell is Bourne or XSI compatible, +# or has some other useful features. +m4_defun([_LT_CHECK_SHELL_FEATURES], +[AC_MSG_CHECKING([whether the shell understands some XSI constructs]) +# Try some XSI features +xsi_shell=no +( _lt_dummy="a/b/c" + test "${_lt_dummy##*/},${_lt_dummy%/*},${_lt_dummy#??}"${_lt_dummy%"$_lt_dummy"}, \ + = c,a/b,b/c, \ + && eval 'test $(( 1 + 1 )) -eq 2 \ + && test "${#_lt_dummy}" -eq 5' ) >/dev/null 2>&1 \ + && xsi_shell=yes +AC_MSG_RESULT([$xsi_shell]) +_LT_CONFIG_LIBTOOL_INIT([xsi_shell='$xsi_shell']) + +AC_MSG_CHECKING([whether the shell understands "+="]) +lt_shell_append=no +( foo=bar; set foo baz; eval "$[1]+=\$[2]" && test "$foo" = barbaz ) \ + >/dev/null 2>&1 \ + && lt_shell_append=yes +AC_MSG_RESULT([$lt_shell_append]) +_LT_CONFIG_LIBTOOL_INIT([lt_shell_append='$lt_shell_append']) + +if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then + lt_unset=unset +else + lt_unset=false +fi +_LT_DECL([], [lt_unset], [0], [whether the shell understands "unset"])dnl + +# test EBCDIC or ASCII +case `echo X|tr X '\101'` in + A) # ASCII based system + # \n is not interpreted correctly by Solaris 8 /usr/ucb/tr + lt_SP2NL='tr \040 \012' + lt_NL2SP='tr \015\012 \040\040' + ;; + *) # EBCDIC based system + lt_SP2NL='tr \100 \n' + lt_NL2SP='tr \r\n \100\100' + ;; +esac +_LT_DECL([SP2NL], [lt_SP2NL], [1], [turn spaces into newlines])dnl +_LT_DECL([NL2SP], [lt_NL2SP], [1], [turn newlines into spaces])dnl +])# _LT_CHECK_SHELL_FEATURES + + +# _LT_PROG_FUNCTION_REPLACE (FUNCNAME, REPLACEMENT-BODY) +# ------------------------------------------------------ +# In `$cfgfile', look for function FUNCNAME delimited by `^FUNCNAME ()$' and +# '^} FUNCNAME ', and replace its body with REPLACEMENT-BODY. +m4_defun([_LT_PROG_FUNCTION_REPLACE], +[dnl { +sed -e '/^$1 ()$/,/^} # $1 /c\ +$1 ()\ +{\ +m4_bpatsubsts([$2], [$], [\\], [^\([ ]\)], [\\\1]) +} # Extended-shell $1 implementation' "$cfgfile" > $cfgfile.tmp \ + && mv -f "$cfgfile.tmp" "$cfgfile" \ + || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") +test 0 -eq $? || _lt_function_replace_fail=: +]) + + +# _LT_PROG_REPLACE_SHELLFNS +# ------------------------- +# Replace existing portable implementations of several shell functions with +# equivalent extended shell implementations where those features are available.. +m4_defun([_LT_PROG_REPLACE_SHELLFNS], +[if test x"$xsi_shell" = xyes; then + _LT_PROG_FUNCTION_REPLACE([func_dirname], [dnl + case ${1} in + */*) func_dirname_result="${1%/*}${2}" ;; + * ) func_dirname_result="${3}" ;; + esac]) + + _LT_PROG_FUNCTION_REPLACE([func_basename], [dnl + func_basename_result="${1##*/}"]) + + _LT_PROG_FUNCTION_REPLACE([func_dirname_and_basename], [dnl + case ${1} in + */*) func_dirname_result="${1%/*}${2}" ;; + * ) func_dirname_result="${3}" ;; + esac + func_basename_result="${1##*/}"]) + + _LT_PROG_FUNCTION_REPLACE([func_stripname], [dnl + # pdksh 5.2.14 does not do ${X%$Y} correctly if both X and Y are + # positional parameters, so assign one to ordinary parameter first. + func_stripname_result=${3} + func_stripname_result=${func_stripname_result#"${1}"} + func_stripname_result=${func_stripname_result%"${2}"}]) + + _LT_PROG_FUNCTION_REPLACE([func_split_long_opt], [dnl + func_split_long_opt_name=${1%%=*} + func_split_long_opt_arg=${1#*=}]) + + _LT_PROG_FUNCTION_REPLACE([func_split_short_opt], [dnl + func_split_short_opt_arg=${1#??} + func_split_short_opt_name=${1%"$func_split_short_opt_arg"}]) + + _LT_PROG_FUNCTION_REPLACE([func_lo2o], [dnl + case ${1} in + *.lo) func_lo2o_result=${1%.lo}.${objext} ;; + *) func_lo2o_result=${1} ;; + esac]) + + _LT_PROG_FUNCTION_REPLACE([func_xform], [ func_xform_result=${1%.*}.lo]) + + _LT_PROG_FUNCTION_REPLACE([func_arith], [ func_arith_result=$(( $[*] ))]) + + _LT_PROG_FUNCTION_REPLACE([func_len], [ func_len_result=${#1}]) +fi + +if test x"$lt_shell_append" = xyes; then + _LT_PROG_FUNCTION_REPLACE([func_append], [ eval "${1}+=\\${2}"]) + + _LT_PROG_FUNCTION_REPLACE([func_append_quoted], [dnl + func_quote_for_eval "${2}" +dnl m4 expansion turns \\\\ into \\, and then the shell eval turns that into \ + eval "${1}+=\\\\ \\$func_quote_for_eval_result"]) + + # Save a `func_append' function call where possible by direct use of '+=' + sed -e 's%func_append \([[a-zA-Z_]]\{1,\}\) "%\1+="%g' $cfgfile > $cfgfile.tmp \ + && mv -f "$cfgfile.tmp" "$cfgfile" \ + || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") + test 0 -eq $? || _lt_function_replace_fail=: +else + # Save a `func_append' function call even when '+=' is not available + sed -e 's%func_append \([[a-zA-Z_]]\{1,\}\) "%\1="$\1%g' $cfgfile > $cfgfile.tmp \ + && mv -f "$cfgfile.tmp" "$cfgfile" \ + || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") + test 0 -eq $? || _lt_function_replace_fail=: +fi + +if test x"$_lt_function_replace_fail" = x":"; then + AC_MSG_WARN([Unable to substitute extended shell functions in $ofile]) +fi +]) + +# _LT_PATH_CONVERSION_FUNCTIONS +# ----------------------------- +# Determine which file name conversion functions should be used by +# func_to_host_file (and, implicitly, by func_to_host_path). These are needed +# for certain cross-compile configurations and native mingw. +m4_defun([_LT_PATH_CONVERSION_FUNCTIONS], +[AC_REQUIRE([AC_CANONICAL_HOST])dnl +AC_REQUIRE([AC_CANONICAL_BUILD])dnl +AC_MSG_CHECKING([how to convert $build file names to $host format]) +AC_CACHE_VAL(lt_cv_to_host_file_cmd, +[case $host in + *-*-mingw* ) + case $build in + *-*-mingw* ) # actually msys + lt_cv_to_host_file_cmd=func_convert_file_msys_to_w32 + ;; + *-*-cygwin* ) + lt_cv_to_host_file_cmd=func_convert_file_cygwin_to_w32 + ;; + * ) # otherwise, assume *nix + lt_cv_to_host_file_cmd=func_convert_file_nix_to_w32 + ;; + esac + ;; + *-*-cygwin* ) + case $build in + *-*-mingw* ) # actually msys + lt_cv_to_host_file_cmd=func_convert_file_msys_to_cygwin + ;; + *-*-cygwin* ) + lt_cv_to_host_file_cmd=func_convert_file_noop + ;; + * ) # otherwise, assume *nix + lt_cv_to_host_file_cmd=func_convert_file_nix_to_cygwin + ;; + esac + ;; + * ) # unhandled hosts (and "normal" native builds) + lt_cv_to_host_file_cmd=func_convert_file_noop + ;; +esac +]) +to_host_file_cmd=$lt_cv_to_host_file_cmd +AC_MSG_RESULT([$lt_cv_to_host_file_cmd]) +_LT_DECL([to_host_file_cmd], [lt_cv_to_host_file_cmd], + [0], [convert $build file names to $host format])dnl + +AC_MSG_CHECKING([how to convert $build file names to toolchain format]) +AC_CACHE_VAL(lt_cv_to_tool_file_cmd, +[#assume ordinary cross tools, or native build. +lt_cv_to_tool_file_cmd=func_convert_file_noop +case $host in + *-*-mingw* ) + case $build in + *-*-mingw* ) # actually msys + lt_cv_to_tool_file_cmd=func_convert_file_msys_to_w32 + ;; + esac + ;; +esac +]) +to_tool_file_cmd=$lt_cv_to_tool_file_cmd +AC_MSG_RESULT([$lt_cv_to_tool_file_cmd]) +_LT_DECL([to_tool_file_cmd], [lt_cv_to_tool_file_cmd], + [0], [convert $build files to toolchain format])dnl +])# _LT_PATH_CONVERSION_FUNCTIONS + +# Helper functions for option handling. -*- Autoconf -*- +# +# Copyright (C) 2004, 2005, 2007, 2008, 2009 Free Software Foundation, +# Inc. +# Written by Gary V. Vaughan, 2004 +# +# This file is free software; the Free Software Foundation gives +# unlimited permission to copy and/or distribute it, with or without +# modifications, as long as this notice is preserved. + +# serial 7 ltoptions.m4 + +# This is to help aclocal find these macros, as it can't see m4_define. +AC_DEFUN([LTOPTIONS_VERSION], [m4_if([1])]) + + +# _LT_MANGLE_OPTION(MACRO-NAME, OPTION-NAME) +# ------------------------------------------ +m4_define([_LT_MANGLE_OPTION], +[[_LT_OPTION_]m4_bpatsubst($1__$2, [[^a-zA-Z0-9_]], [_])]) + + +# _LT_SET_OPTION(MACRO-NAME, OPTION-NAME) +# --------------------------------------- +# Set option OPTION-NAME for macro MACRO-NAME, and if there is a +# matching handler defined, dispatch to it. Other OPTION-NAMEs are +# saved as a flag. +m4_define([_LT_SET_OPTION], +[m4_define(_LT_MANGLE_OPTION([$1], [$2]))dnl +m4_ifdef(_LT_MANGLE_DEFUN([$1], [$2]), + _LT_MANGLE_DEFUN([$1], [$2]), + [m4_warning([Unknown $1 option `$2'])])[]dnl +]) + + +# _LT_IF_OPTION(MACRO-NAME, OPTION-NAME, IF-SET, [IF-NOT-SET]) +# ------------------------------------------------------------ +# Execute IF-SET if OPTION is set, IF-NOT-SET otherwise. +m4_define([_LT_IF_OPTION], +[m4_ifdef(_LT_MANGLE_OPTION([$1], [$2]), [$3], [$4])]) + + +# _LT_UNLESS_OPTIONS(MACRO-NAME, OPTION-LIST, IF-NOT-SET) +# ------------------------------------------------------- +# Execute IF-NOT-SET unless all options in OPTION-LIST for MACRO-NAME +# are set. +m4_define([_LT_UNLESS_OPTIONS], +[m4_foreach([_LT_Option], m4_split(m4_normalize([$2])), + [m4_ifdef(_LT_MANGLE_OPTION([$1], _LT_Option), + [m4_define([$0_found])])])[]dnl +m4_ifdef([$0_found], [m4_undefine([$0_found])], [$3 +])[]dnl +]) + + +# _LT_SET_OPTIONS(MACRO-NAME, OPTION-LIST) +# ---------------------------------------- +# OPTION-LIST is a space-separated list of Libtool options associated +# with MACRO-NAME. If any OPTION has a matching handler declared with +# LT_OPTION_DEFINE, dispatch to that macro; otherwise complain about +# the unknown option and exit. +m4_defun([_LT_SET_OPTIONS], +[# Set options +m4_foreach([_LT_Option], m4_split(m4_normalize([$2])), + [_LT_SET_OPTION([$1], _LT_Option)]) + +m4_if([$1],[LT_INIT],[ + dnl + dnl Simply set some default values (i.e off) if boolean options were not + dnl specified: + _LT_UNLESS_OPTIONS([LT_INIT], [dlopen], [enable_dlopen=no + ]) + _LT_UNLESS_OPTIONS([LT_INIT], [win32-dll], [enable_win32_dll=no + ]) + dnl + dnl If no reference was made to various pairs of opposing options, then + dnl we run the default mode handler for the pair. For example, if neither + dnl `shared' nor `disable-shared' was passed, we enable building of shared + dnl archives by default: + _LT_UNLESS_OPTIONS([LT_INIT], [shared disable-shared], [_LT_ENABLE_SHARED]) + _LT_UNLESS_OPTIONS([LT_INIT], [static disable-static], [_LT_ENABLE_STATIC]) + _LT_UNLESS_OPTIONS([LT_INIT], [pic-only no-pic], [_LT_WITH_PIC]) + _LT_UNLESS_OPTIONS([LT_INIT], [fast-install disable-fast-install], + [_LT_ENABLE_FAST_INSTALL]) + ]) +])# _LT_SET_OPTIONS + + + +# _LT_MANGLE_DEFUN(MACRO-NAME, OPTION-NAME) +# ----------------------------------------- +m4_define([_LT_MANGLE_DEFUN], +[[_LT_OPTION_DEFUN_]m4_bpatsubst(m4_toupper([$1__$2]), [[^A-Z0-9_]], [_])]) + + +# LT_OPTION_DEFINE(MACRO-NAME, OPTION-NAME, CODE) +# ----------------------------------------------- +m4_define([LT_OPTION_DEFINE], +[m4_define(_LT_MANGLE_DEFUN([$1], [$2]), [$3])[]dnl +])# LT_OPTION_DEFINE + + +# dlopen +# ------ +LT_OPTION_DEFINE([LT_INIT], [dlopen], [enable_dlopen=yes +]) + +AU_DEFUN([AC_LIBTOOL_DLOPEN], +[_LT_SET_OPTION([LT_INIT], [dlopen]) +AC_DIAGNOSE([obsolete], +[$0: Remove this warning and the call to _LT_SET_OPTION when you +put the `dlopen' option into LT_INIT's first parameter.]) +]) + +dnl aclocal-1.4 backwards compatibility: +dnl AC_DEFUN([AC_LIBTOOL_DLOPEN], []) + + +# win32-dll +# --------- +# Declare package support for building win32 dll's. +LT_OPTION_DEFINE([LT_INIT], [win32-dll], +[enable_win32_dll=yes + +case $host in +*-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-cegcc*) + AC_CHECK_TOOL(AS, as, false) + AC_CHECK_TOOL(DLLTOOL, dlltool, false) + AC_CHECK_TOOL(OBJDUMP, objdump, false) + ;; +esac + +test -z "$AS" && AS=as +_LT_DECL([], [AS], [1], [Assembler program])dnl + +test -z "$DLLTOOL" && DLLTOOL=dlltool +_LT_DECL([], [DLLTOOL], [1], [DLL creation program])dnl + +test -z "$OBJDUMP" && OBJDUMP=objdump +_LT_DECL([], [OBJDUMP], [1], [Object dumper program])dnl +])# win32-dll + +AU_DEFUN([AC_LIBTOOL_WIN32_DLL], +[AC_REQUIRE([AC_CANONICAL_HOST])dnl +_LT_SET_OPTION([LT_INIT], [win32-dll]) +AC_DIAGNOSE([obsolete], +[$0: Remove this warning and the call to _LT_SET_OPTION when you +put the `win32-dll' option into LT_INIT's first parameter.]) +]) + +dnl aclocal-1.4 backwards compatibility: +dnl AC_DEFUN([AC_LIBTOOL_WIN32_DLL], []) + + +# _LT_ENABLE_SHARED([DEFAULT]) +# ---------------------------- +# implement the --enable-shared flag, and supports the `shared' and +# `disable-shared' LT_INIT options. +# DEFAULT is either `yes' or `no'. If omitted, it defaults to `yes'. +m4_define([_LT_ENABLE_SHARED], +[m4_define([_LT_ENABLE_SHARED_DEFAULT], [m4_if($1, no, no, yes)])dnl +AC_ARG_ENABLE([shared], + [AS_HELP_STRING([--enable-shared@<:@=PKGS@:>@], + [build shared libraries @<:@default=]_LT_ENABLE_SHARED_DEFAULT[@:>@])], + [p=${PACKAGE-default} + case $enableval in + yes) enable_shared=yes ;; + no) enable_shared=no ;; + *) + enable_shared=no + # Look at the argument we got. We use all the common list separators. + lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR," + for pkg in $enableval; do + IFS="$lt_save_ifs" + if test "X$pkg" = "X$p"; then + enable_shared=yes + fi + done + IFS="$lt_save_ifs" + ;; + esac], + [enable_shared=]_LT_ENABLE_SHARED_DEFAULT) + + _LT_DECL([build_libtool_libs], [enable_shared], [0], + [Whether or not to build shared libraries]) +])# _LT_ENABLE_SHARED + +LT_OPTION_DEFINE([LT_INIT], [shared], [_LT_ENABLE_SHARED([yes])]) +LT_OPTION_DEFINE([LT_INIT], [disable-shared], [_LT_ENABLE_SHARED([no])]) + +# Old names: +AC_DEFUN([AC_ENABLE_SHARED], +[_LT_SET_OPTION([LT_INIT], m4_if([$1], [no], [disable-])[shared]) +]) + +AC_DEFUN([AC_DISABLE_SHARED], +[_LT_SET_OPTION([LT_INIT], [disable-shared]) +]) + +AU_DEFUN([AM_ENABLE_SHARED], [AC_ENABLE_SHARED($@)]) +AU_DEFUN([AM_DISABLE_SHARED], [AC_DISABLE_SHARED($@)]) + +dnl aclocal-1.4 backwards compatibility: +dnl AC_DEFUN([AM_ENABLE_SHARED], []) +dnl AC_DEFUN([AM_DISABLE_SHARED], []) + + + +# _LT_ENABLE_STATIC([DEFAULT]) +# ---------------------------- +# implement the --enable-static flag, and support the `static' and +# `disable-static' LT_INIT options. +# DEFAULT is either `yes' or `no'. If omitted, it defaults to `yes'. +m4_define([_LT_ENABLE_STATIC], +[m4_define([_LT_ENABLE_STATIC_DEFAULT], [m4_if($1, no, no, yes)])dnl +AC_ARG_ENABLE([static], + [AS_HELP_STRING([--enable-static@<:@=PKGS@:>@], + [build static libraries @<:@default=]_LT_ENABLE_STATIC_DEFAULT[@:>@])], + [p=${PACKAGE-default} + case $enableval in + yes) enable_static=yes ;; + no) enable_static=no ;; + *) + enable_static=no + # Look at the argument we got. We use all the common list separators. + lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR," + for pkg in $enableval; do + IFS="$lt_save_ifs" + if test "X$pkg" = "X$p"; then + enable_static=yes + fi + done + IFS="$lt_save_ifs" + ;; + esac], + [enable_static=]_LT_ENABLE_STATIC_DEFAULT) + + _LT_DECL([build_old_libs], [enable_static], [0], + [Whether or not to build static libraries]) +])# _LT_ENABLE_STATIC + +LT_OPTION_DEFINE([LT_INIT], [static], [_LT_ENABLE_STATIC([yes])]) +LT_OPTION_DEFINE([LT_INIT], [disable-static], [_LT_ENABLE_STATIC([no])]) + +# Old names: +AC_DEFUN([AC_ENABLE_STATIC], +[_LT_SET_OPTION([LT_INIT], m4_if([$1], [no], [disable-])[static]) +]) + +AC_DEFUN([AC_DISABLE_STATIC], +[_LT_SET_OPTION([LT_INIT], [disable-static]) +]) + +AU_DEFUN([AM_ENABLE_STATIC], [AC_ENABLE_STATIC($@)]) +AU_DEFUN([AM_DISABLE_STATIC], [AC_DISABLE_STATIC($@)]) + +dnl aclocal-1.4 backwards compatibility: +dnl AC_DEFUN([AM_ENABLE_STATIC], []) +dnl AC_DEFUN([AM_DISABLE_STATIC], []) + + + +# _LT_ENABLE_FAST_INSTALL([DEFAULT]) +# ---------------------------------- +# implement the --enable-fast-install flag, and support the `fast-install' +# and `disable-fast-install' LT_INIT options. +# DEFAULT is either `yes' or `no'. If omitted, it defaults to `yes'. +m4_define([_LT_ENABLE_FAST_INSTALL], +[m4_define([_LT_ENABLE_FAST_INSTALL_DEFAULT], [m4_if($1, no, no, yes)])dnl +AC_ARG_ENABLE([fast-install], + [AS_HELP_STRING([--enable-fast-install@<:@=PKGS@:>@], + [optimize for fast installation @<:@default=]_LT_ENABLE_FAST_INSTALL_DEFAULT[@:>@])], + [p=${PACKAGE-default} + case $enableval in + yes) enable_fast_install=yes ;; + no) enable_fast_install=no ;; + *) + enable_fast_install=no + # Look at the argument we got. We use all the common list separators. + lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR," + for pkg in $enableval; do + IFS="$lt_save_ifs" + if test "X$pkg" = "X$p"; then + enable_fast_install=yes + fi + done + IFS="$lt_save_ifs" + ;; + esac], + [enable_fast_install=]_LT_ENABLE_FAST_INSTALL_DEFAULT) + +_LT_DECL([fast_install], [enable_fast_install], [0], + [Whether or not to optimize for fast installation])dnl +])# _LT_ENABLE_FAST_INSTALL + +LT_OPTION_DEFINE([LT_INIT], [fast-install], [_LT_ENABLE_FAST_INSTALL([yes])]) +LT_OPTION_DEFINE([LT_INIT], [disable-fast-install], [_LT_ENABLE_FAST_INSTALL([no])]) + +# Old names: +AU_DEFUN([AC_ENABLE_FAST_INSTALL], +[_LT_SET_OPTION([LT_INIT], m4_if([$1], [no], [disable-])[fast-install]) +AC_DIAGNOSE([obsolete], +[$0: Remove this warning and the call to _LT_SET_OPTION when you put +the `fast-install' option into LT_INIT's first parameter.]) +]) + +AU_DEFUN([AC_DISABLE_FAST_INSTALL], +[_LT_SET_OPTION([LT_INIT], [disable-fast-install]) +AC_DIAGNOSE([obsolete], +[$0: Remove this warning and the call to _LT_SET_OPTION when you put +the `disable-fast-install' option into LT_INIT's first parameter.]) +]) + +dnl aclocal-1.4 backwards compatibility: +dnl AC_DEFUN([AC_ENABLE_FAST_INSTALL], []) +dnl AC_DEFUN([AM_DISABLE_FAST_INSTALL], []) + + +# _LT_WITH_PIC([MODE]) +# -------------------- +# implement the --with-pic flag, and support the `pic-only' and `no-pic' +# LT_INIT options. +# MODE is either `yes' or `no'. If omitted, it defaults to `both'. +m4_define([_LT_WITH_PIC], +[AC_ARG_WITH([pic], + [AS_HELP_STRING([--with-pic@<:@=PKGS@:>@], + [try to use only PIC/non-PIC objects @<:@default=use both@:>@])], + [lt_p=${PACKAGE-default} + case $withval in + yes|no) pic_mode=$withval ;; + *) + pic_mode=default + # Look at the argument we got. We use all the common list separators. + lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR," + for lt_pkg in $withval; do + IFS="$lt_save_ifs" + if test "X$lt_pkg" = "X$lt_p"; then + pic_mode=yes + fi + done + IFS="$lt_save_ifs" + ;; + esac], + [pic_mode=default]) + +test -z "$pic_mode" && pic_mode=m4_default([$1], [default]) + +_LT_DECL([], [pic_mode], [0], [What type of objects to build])dnl +])# _LT_WITH_PIC + +LT_OPTION_DEFINE([LT_INIT], [pic-only], [_LT_WITH_PIC([yes])]) +LT_OPTION_DEFINE([LT_INIT], [no-pic], [_LT_WITH_PIC([no])]) + +# Old name: +AU_DEFUN([AC_LIBTOOL_PICMODE], +[_LT_SET_OPTION([LT_INIT], [pic-only]) +AC_DIAGNOSE([obsolete], +[$0: Remove this warning and the call to _LT_SET_OPTION when you +put the `pic-only' option into LT_INIT's first parameter.]) +]) + +dnl aclocal-1.4 backwards compatibility: +dnl AC_DEFUN([AC_LIBTOOL_PICMODE], []) + + +m4_define([_LTDL_MODE], []) +LT_OPTION_DEFINE([LTDL_INIT], [nonrecursive], + [m4_define([_LTDL_MODE], [nonrecursive])]) +LT_OPTION_DEFINE([LTDL_INIT], [recursive], + [m4_define([_LTDL_MODE], [recursive])]) +LT_OPTION_DEFINE([LTDL_INIT], [subproject], + [m4_define([_LTDL_MODE], [subproject])]) + +m4_define([_LTDL_TYPE], []) +LT_OPTION_DEFINE([LTDL_INIT], [installable], + [m4_define([_LTDL_TYPE], [installable])]) +LT_OPTION_DEFINE([LTDL_INIT], [convenience], + [m4_define([_LTDL_TYPE], [convenience])]) + +# ltsugar.m4 -- libtool m4 base layer. -*-Autoconf-*- +# +# Copyright (C) 2004, 2005, 2007, 2008 Free Software Foundation, Inc. +# Written by Gary V. Vaughan, 2004 +# +# This file is free software; the Free Software Foundation gives +# unlimited permission to copy and/or distribute it, with or without +# modifications, as long as this notice is preserved. + +# serial 6 ltsugar.m4 + +# This is to help aclocal find these macros, as it can't see m4_define. +AC_DEFUN([LTSUGAR_VERSION], [m4_if([0.1])]) + + +# lt_join(SEP, ARG1, [ARG2...]) +# ----------------------------- +# Produce ARG1SEPARG2...SEPARGn, omitting [] arguments and their +# associated separator. +# Needed until we can rely on m4_join from Autoconf 2.62, since all earlier +# versions in m4sugar had bugs. +m4_define([lt_join], +[m4_if([$#], [1], [], + [$#], [2], [[$2]], + [m4_if([$2], [], [], [[$2]_])$0([$1], m4_shift(m4_shift($@)))])]) +m4_define([_lt_join], +[m4_if([$#$2], [2], [], + [m4_if([$2], [], [], [[$1$2]])$0([$1], m4_shift(m4_shift($@)))])]) + + +# lt_car(LIST) +# lt_cdr(LIST) +# ------------ +# Manipulate m4 lists. +# These macros are necessary as long as will still need to support +# Autoconf-2.59 which quotes differently. +m4_define([lt_car], [[$1]]) +m4_define([lt_cdr], +[m4_if([$#], 0, [m4_fatal([$0: cannot be called without arguments])], + [$#], 1, [], + [m4_dquote(m4_shift($@))])]) +m4_define([lt_unquote], $1) + + +# lt_append(MACRO-NAME, STRING, [SEPARATOR]) +# ------------------------------------------ +# Redefine MACRO-NAME to hold its former content plus `SEPARATOR'`STRING'. +# Note that neither SEPARATOR nor STRING are expanded; they are appended +# to MACRO-NAME as is (leaving the expansion for when MACRO-NAME is invoked). +# No SEPARATOR is output if MACRO-NAME was previously undefined (different +# than defined and empty). +# +# This macro is needed until we can rely on Autoconf 2.62, since earlier +# versions of m4sugar mistakenly expanded SEPARATOR but not STRING. +m4_define([lt_append], +[m4_define([$1], + m4_ifdef([$1], [m4_defn([$1])[$3]])[$2])]) + + + +# lt_combine(SEP, PREFIX-LIST, INFIX, SUFFIX1, [SUFFIX2...]) +# ---------------------------------------------------------- +# Produce a SEP delimited list of all paired combinations of elements of +# PREFIX-LIST with SUFFIX1 through SUFFIXn. Each element of the list +# has the form PREFIXmINFIXSUFFIXn. +# Needed until we can rely on m4_combine added in Autoconf 2.62. +m4_define([lt_combine], +[m4_if(m4_eval([$# > 3]), [1], + [m4_pushdef([_Lt_sep], [m4_define([_Lt_sep], m4_defn([lt_car]))])]]dnl +[[m4_foreach([_Lt_prefix], [$2], + [m4_foreach([_Lt_suffix], + ]m4_dquote(m4_dquote(m4_shift(m4_shift(m4_shift($@)))))[, + [_Lt_sep([$1])[]m4_defn([_Lt_prefix])[$3]m4_defn([_Lt_suffix])])])])]) + + +# lt_if_append_uniq(MACRO-NAME, VARNAME, [SEPARATOR], [UNIQ], [NOT-UNIQ]) +# ----------------------------------------------------------------------- +# Iff MACRO-NAME does not yet contain VARNAME, then append it (delimited +# by SEPARATOR if supplied) and expand UNIQ, else NOT-UNIQ. +m4_define([lt_if_append_uniq], +[m4_ifdef([$1], + [m4_if(m4_index([$3]m4_defn([$1])[$3], [$3$2$3]), [-1], + [lt_append([$1], [$2], [$3])$4], + [$5])], + [lt_append([$1], [$2], [$3])$4])]) + + +# lt_dict_add(DICT, KEY, VALUE) +# ----------------------------- +m4_define([lt_dict_add], +[m4_define([$1($2)], [$3])]) + + +# lt_dict_add_subkey(DICT, KEY, SUBKEY, VALUE) +# -------------------------------------------- +m4_define([lt_dict_add_subkey], +[m4_define([$1($2:$3)], [$4])]) + + +# lt_dict_fetch(DICT, KEY, [SUBKEY]) +# ---------------------------------- +m4_define([lt_dict_fetch], +[m4_ifval([$3], + m4_ifdef([$1($2:$3)], [m4_defn([$1($2:$3)])]), + m4_ifdef([$1($2)], [m4_defn([$1($2)])]))]) + + +# lt_if_dict_fetch(DICT, KEY, [SUBKEY], VALUE, IF-TRUE, [IF-FALSE]) +# ----------------------------------------------------------------- +m4_define([lt_if_dict_fetch], +[m4_if(lt_dict_fetch([$1], [$2], [$3]), [$4], + [$5], + [$6])]) + + +# lt_dict_filter(DICT, [SUBKEY], VALUE, [SEPARATOR], KEY, [...]) +# -------------------------------------------------------------- +m4_define([lt_dict_filter], +[m4_if([$5], [], [], + [lt_join(m4_quote(m4_default([$4], [[, ]])), + lt_unquote(m4_split(m4_normalize(m4_foreach(_Lt_key, lt_car([m4_shiftn(4, $@)]), + [lt_if_dict_fetch([$1], _Lt_key, [$2], [$3], [_Lt_key ])])))))])[]dnl +]) + +# ltversion.m4 -- version numbers -*- Autoconf -*- +# +# Copyright (C) 2004 Free Software Foundation, Inc. +# Written by Scott James Remnant, 2004 +# +# This file is free software; the Free Software Foundation gives +# unlimited permission to copy and/or distribute it, with or without +# modifications, as long as this notice is preserved. + +# @configure_input@ + +# serial 3337 ltversion.m4 +# This file is part of GNU Libtool + +m4_define([LT_PACKAGE_VERSION], [2.4.2]) +m4_define([LT_PACKAGE_REVISION], [1.3337]) + +AC_DEFUN([LTVERSION_VERSION], +[macro_version='2.4.2' +macro_revision='1.3337' +_LT_DECL(, macro_version, 0, [Which release of libtool.m4 was used?]) +_LT_DECL(, macro_revision, 0) +]) + +# lt~obsolete.m4 -- aclocal satisfying obsolete definitions. -*-Autoconf-*- +# +# Copyright (C) 2004, 2005, 2007, 2009 Free Software Foundation, Inc. +# Written by Scott James Remnant, 2004. +# +# This file is free software; the Free Software Foundation gives +# unlimited permission to copy and/or distribute it, with or without +# modifications, as long as this notice is preserved. + +# serial 5 lt~obsolete.m4 + +# These exist entirely to fool aclocal when bootstrapping libtool. +# +# In the past libtool.m4 has provided macros via AC_DEFUN (or AU_DEFUN) +# which have later been changed to m4_define as they aren't part of the +# exported API, or moved to Autoconf or Automake where they belong. +# +# The trouble is, aclocal is a bit thick. It'll see the old AC_DEFUN +# in /usr/share/aclocal/libtool.m4 and remember it, then when it sees us +# using a macro with the same name in our local m4/libtool.m4 it'll +# pull the old libtool.m4 in (it doesn't see our shiny new m4_define +# and doesn't know about Autoconf macros at all.) +# +# So we provide this file, which has a silly filename so it's always +# included after everything else. This provides aclocal with the +# AC_DEFUNs it wants, but when m4 processes it, it doesn't do anything +# because those macros already exist, or will be overwritten later. +# We use AC_DEFUN over AU_DEFUN for compatibility with aclocal-1.6. +# +# Anytime we withdraw an AC_DEFUN or AU_DEFUN, remember to add it here. +# Yes, that means every name once taken will need to remain here until +# we give up compatibility with versions before 1.7, at which point +# we need to keep only those names which we still refer to. + +# This is to help aclocal find these macros, as it can't see m4_define. +AC_DEFUN([LTOBSOLETE_VERSION], [m4_if([1])]) + +m4_ifndef([AC_LIBTOOL_LINKER_OPTION], [AC_DEFUN([AC_LIBTOOL_LINKER_OPTION])]) +m4_ifndef([AC_PROG_EGREP], [AC_DEFUN([AC_PROG_EGREP])]) +m4_ifndef([_LT_AC_PROG_ECHO_BACKSLASH], [AC_DEFUN([_LT_AC_PROG_ECHO_BACKSLASH])]) +m4_ifndef([_LT_AC_SHELL_INIT], [AC_DEFUN([_LT_AC_SHELL_INIT])]) +m4_ifndef([_LT_AC_SYS_LIBPATH_AIX], [AC_DEFUN([_LT_AC_SYS_LIBPATH_AIX])]) +m4_ifndef([_LT_PROG_LTMAIN], [AC_DEFUN([_LT_PROG_LTMAIN])]) +m4_ifndef([_LT_AC_TAGVAR], [AC_DEFUN([_LT_AC_TAGVAR])]) +m4_ifndef([AC_LTDL_ENABLE_INSTALL], [AC_DEFUN([AC_LTDL_ENABLE_INSTALL])]) +m4_ifndef([AC_LTDL_PREOPEN], [AC_DEFUN([AC_LTDL_PREOPEN])]) +m4_ifndef([_LT_AC_SYS_COMPILER], [AC_DEFUN([_LT_AC_SYS_COMPILER])]) +m4_ifndef([_LT_AC_LOCK], [AC_DEFUN([_LT_AC_LOCK])]) +m4_ifndef([AC_LIBTOOL_SYS_OLD_ARCHIVE], [AC_DEFUN([AC_LIBTOOL_SYS_OLD_ARCHIVE])]) +m4_ifndef([_LT_AC_TRY_DLOPEN_SELF], [AC_DEFUN([_LT_AC_TRY_DLOPEN_SELF])]) +m4_ifndef([AC_LIBTOOL_PROG_CC_C_O], [AC_DEFUN([AC_LIBTOOL_PROG_CC_C_O])]) +m4_ifndef([AC_LIBTOOL_SYS_HARD_LINK_LOCKS], [AC_DEFUN([AC_LIBTOOL_SYS_HARD_LINK_LOCKS])]) +m4_ifndef([AC_LIBTOOL_OBJDIR], [AC_DEFUN([AC_LIBTOOL_OBJDIR])]) +m4_ifndef([AC_LTDL_OBJDIR], [AC_DEFUN([AC_LTDL_OBJDIR])]) +m4_ifndef([AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH], [AC_DEFUN([AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH])]) +m4_ifndef([AC_LIBTOOL_SYS_LIB_STRIP], [AC_DEFUN([AC_LIBTOOL_SYS_LIB_STRIP])]) +m4_ifndef([AC_PATH_MAGIC], [AC_DEFUN([AC_PATH_MAGIC])]) +m4_ifndef([AC_PROG_LD_GNU], [AC_DEFUN([AC_PROG_LD_GNU])]) +m4_ifndef([AC_PROG_LD_RELOAD_FLAG], [AC_DEFUN([AC_PROG_LD_RELOAD_FLAG])]) +m4_ifndef([AC_DEPLIBS_CHECK_METHOD], [AC_DEFUN([AC_DEPLIBS_CHECK_METHOD])]) +m4_ifndef([AC_LIBTOOL_PROG_COMPILER_NO_RTTI], [AC_DEFUN([AC_LIBTOOL_PROG_COMPILER_NO_RTTI])]) +m4_ifndef([AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE], [AC_DEFUN([AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE])]) +m4_ifndef([AC_LIBTOOL_PROG_COMPILER_PIC], [AC_DEFUN([AC_LIBTOOL_PROG_COMPILER_PIC])]) +m4_ifndef([AC_LIBTOOL_PROG_LD_SHLIBS], [AC_DEFUN([AC_LIBTOOL_PROG_LD_SHLIBS])]) +m4_ifndef([AC_LIBTOOL_POSTDEP_PREDEP], [AC_DEFUN([AC_LIBTOOL_POSTDEP_PREDEP])]) +m4_ifndef([LT_AC_PROG_EGREP], [AC_DEFUN([LT_AC_PROG_EGREP])]) +m4_ifndef([LT_AC_PROG_SED], [AC_DEFUN([LT_AC_PROG_SED])]) +m4_ifndef([_LT_CC_BASENAME], [AC_DEFUN([_LT_CC_BASENAME])]) +m4_ifndef([_LT_COMPILER_BOILERPLATE], [AC_DEFUN([_LT_COMPILER_BOILERPLATE])]) +m4_ifndef([_LT_LINKER_BOILERPLATE], [AC_DEFUN([_LT_LINKER_BOILERPLATE])]) +m4_ifndef([_AC_PROG_LIBTOOL], [AC_DEFUN([_AC_PROG_LIBTOOL])]) +m4_ifndef([AC_LIBTOOL_SETUP], [AC_DEFUN([AC_LIBTOOL_SETUP])]) +m4_ifndef([_LT_AC_CHECK_DLFCN], [AC_DEFUN([_LT_AC_CHECK_DLFCN])]) +m4_ifndef([AC_LIBTOOL_SYS_DYNAMIC_LINKER], [AC_DEFUN([AC_LIBTOOL_SYS_DYNAMIC_LINKER])]) +m4_ifndef([_LT_AC_TAGCONFIG], [AC_DEFUN([_LT_AC_TAGCONFIG])]) +m4_ifndef([AC_DISABLE_FAST_INSTALL], [AC_DEFUN([AC_DISABLE_FAST_INSTALL])]) +m4_ifndef([_LT_AC_LANG_CXX], [AC_DEFUN([_LT_AC_LANG_CXX])]) +m4_ifndef([_LT_AC_LANG_F77], [AC_DEFUN([_LT_AC_LANG_F77])]) +m4_ifndef([_LT_AC_LANG_GCJ], [AC_DEFUN([_LT_AC_LANG_GCJ])]) +m4_ifndef([AC_LIBTOOL_LANG_C_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_C_CONFIG])]) +m4_ifndef([_LT_AC_LANG_C_CONFIG], [AC_DEFUN([_LT_AC_LANG_C_CONFIG])]) +m4_ifndef([AC_LIBTOOL_LANG_CXX_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_CXX_CONFIG])]) +m4_ifndef([_LT_AC_LANG_CXX_CONFIG], [AC_DEFUN([_LT_AC_LANG_CXX_CONFIG])]) +m4_ifndef([AC_LIBTOOL_LANG_F77_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_F77_CONFIG])]) +m4_ifndef([_LT_AC_LANG_F77_CONFIG], [AC_DEFUN([_LT_AC_LANG_F77_CONFIG])]) +m4_ifndef([AC_LIBTOOL_LANG_GCJ_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_GCJ_CONFIG])]) +m4_ifndef([_LT_AC_LANG_GCJ_CONFIG], [AC_DEFUN([_LT_AC_LANG_GCJ_CONFIG])]) +m4_ifndef([AC_LIBTOOL_LANG_RC_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_RC_CONFIG])]) +m4_ifndef([_LT_AC_LANG_RC_CONFIG], [AC_DEFUN([_LT_AC_LANG_RC_CONFIG])]) +m4_ifndef([AC_LIBTOOL_CONFIG], [AC_DEFUN([AC_LIBTOOL_CONFIG])]) +m4_ifndef([_LT_AC_FILE_LTDLL_C], [AC_DEFUN([_LT_AC_FILE_LTDLL_C])]) +m4_ifndef([_LT_REQUIRED_DARWIN_CHECKS], [AC_DEFUN([_LT_REQUIRED_DARWIN_CHECKS])]) +m4_ifndef([_LT_AC_PROG_CXXCPP], [AC_DEFUN([_LT_AC_PROG_CXXCPP])]) +m4_ifndef([_LT_PREPARE_SED_QUOTE_VARS], [AC_DEFUN([_LT_PREPARE_SED_QUOTE_VARS])]) +m4_ifndef([_LT_PROG_ECHO_BACKSLASH], [AC_DEFUN([_LT_PROG_ECHO_BACKSLASH])]) +m4_ifndef([_LT_PROG_F77], [AC_DEFUN([_LT_PROG_F77])]) +m4_ifndef([_LT_PROG_FC], [AC_DEFUN([_LT_PROG_FC])]) +m4_ifndef([_LT_PROG_CXX], [AC_DEFUN([_LT_PROG_CXX])]) + +# Copyright (C) 2002, 2003, 2005, 2006, 2007, 2008, 2011 Free Software +# Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# serial 1 + +# AM_AUTOMAKE_VERSION(VERSION) +# ---------------------------- +# Automake X.Y traces this macro to ensure aclocal.m4 has been +# generated from the m4 files accompanying Automake X.Y. +# (This private macro should not be called outside this file.) +AC_DEFUN([AM_AUTOMAKE_VERSION], +[am__api_version='1.11' +dnl Some users find AM_AUTOMAKE_VERSION and mistake it for a way to +dnl require some minimum version. Point them to the right macro. +m4_if([$1], [1.11.3], [], + [AC_FATAL([Do not call $0, use AM_INIT_AUTOMAKE([$1]).])])dnl +]) + +# _AM_AUTOCONF_VERSION(VERSION) +# ----------------------------- +# aclocal traces this macro to find the Autoconf version. +# This is a private macro too. Using m4_define simplifies +# the logic in aclocal, which can simply ignore this definition. +m4_define([_AM_AUTOCONF_VERSION], []) + +# AM_SET_CURRENT_AUTOMAKE_VERSION +# ------------------------------- +# Call AM_AUTOMAKE_VERSION and AM_AUTOMAKE_VERSION so they can be traced. +# This function is AC_REQUIREd by AM_INIT_AUTOMAKE. +AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION], +[AM_AUTOMAKE_VERSION([1.11.3])dnl +m4_ifndef([AC_AUTOCONF_VERSION], + [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl +_AM_AUTOCONF_VERSION(m4_defn([AC_AUTOCONF_VERSION]))]) + +# AM_AUX_DIR_EXPAND -*- Autoconf -*- + +# Copyright (C) 2001, 2003, 2005, 2011 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# serial 1 + +# For projects using AC_CONFIG_AUX_DIR([foo]), Autoconf sets +# $ac_aux_dir to `$srcdir/foo'. In other projects, it is set to +# `$srcdir', `$srcdir/..', or `$srcdir/../..'. +# +# Of course, Automake must honor this variable whenever it calls a +# tool from the auxiliary directory. The problem is that $srcdir (and +# therefore $ac_aux_dir as well) can be either absolute or relative, +# depending on how configure is run. This is pretty annoying, since +# it makes $ac_aux_dir quite unusable in subdirectories: in the top +# source directory, any form will work fine, but in subdirectories a +# relative path needs to be adjusted first. +# +# $ac_aux_dir/missing +# fails when called from a subdirectory if $ac_aux_dir is relative +# $top_srcdir/$ac_aux_dir/missing +# fails if $ac_aux_dir is absolute, +# fails when called from a subdirectory in a VPATH build with +# a relative $ac_aux_dir +# +# The reason of the latter failure is that $top_srcdir and $ac_aux_dir +# are both prefixed by $srcdir. In an in-source build this is usually +# harmless because $srcdir is `.', but things will broke when you +# start a VPATH build or use an absolute $srcdir. +# +# So we could use something similar to $top_srcdir/$ac_aux_dir/missing, +# iff we strip the leading $srcdir from $ac_aux_dir. That would be: +# am_aux_dir='\$(top_srcdir)/'`expr "$ac_aux_dir" : "$srcdir//*\(.*\)"` +# and then we would define $MISSING as +# MISSING="\${SHELL} $am_aux_dir/missing" +# This will work as long as MISSING is not called from configure, because +# unfortunately $(top_srcdir) has no meaning in configure. +# However there are other variables, like CC, which are often used in +# configure, and could therefore not use this "fixed" $ac_aux_dir. +# +# Another solution, used here, is to always expand $ac_aux_dir to an +# absolute PATH. The drawback is that using absolute paths prevent a +# configured tree to be moved without reconfiguration. + +AC_DEFUN([AM_AUX_DIR_EXPAND], +[dnl Rely on autoconf to set up CDPATH properly. +AC_PREREQ([2.50])dnl +# expand $ac_aux_dir to an absolute path +am_aux_dir=`cd $ac_aux_dir && pwd` +]) + +# AM_CONDITIONAL -*- Autoconf -*- + +# Copyright (C) 1997, 2000, 2001, 2003, 2004, 2005, 2006, 2008 +# Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# serial 9 + +# AM_CONDITIONAL(NAME, SHELL-CONDITION) +# ------------------------------------- +# Define a conditional. +AC_DEFUN([AM_CONDITIONAL], +[AC_PREREQ(2.52)dnl + ifelse([$1], [TRUE], [AC_FATAL([$0: invalid condition: $1])], + [$1], [FALSE], [AC_FATAL([$0: invalid condition: $1])])dnl +AC_SUBST([$1_TRUE])dnl +AC_SUBST([$1_FALSE])dnl +_AM_SUBST_NOTMAKE([$1_TRUE])dnl +_AM_SUBST_NOTMAKE([$1_FALSE])dnl +m4_define([_AM_COND_VALUE_$1], [$2])dnl +if $2; then + $1_TRUE= + $1_FALSE='#' +else + $1_TRUE='#' + $1_FALSE= +fi +AC_CONFIG_COMMANDS_PRE( +[if test -z "${$1_TRUE}" && test -z "${$1_FALSE}"; then + AC_MSG_ERROR([[conditional "$1" was never defined. +Usually this means the macro was only invoked conditionally.]]) +fi])]) + +# Copyright (C) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2009, +# 2010, 2011 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# serial 12 + +# There are a few dirty hacks below to avoid letting `AC_PROG_CC' be +# written in clear, in which case automake, when reading aclocal.m4, +# will think it sees a *use*, and therefore will trigger all it's +# C support machinery. Also note that it means that autoscan, seeing +# CC etc. in the Makefile, will ask for an AC_PROG_CC use... + + +# _AM_DEPENDENCIES(NAME) +# ---------------------- +# See how the compiler implements dependency checking. +# NAME is "CC", "CXX", "GCJ", or "OBJC". +# We try a few techniques and use that to set a single cache variable. +# +# We don't AC_REQUIRE the corresponding AC_PROG_CC since the latter was +# modified to invoke _AM_DEPENDENCIES(CC); we would have a circular +# dependency, and given that the user is not expected to run this macro, +# just rely on AC_PROG_CC. +AC_DEFUN([_AM_DEPENDENCIES], +[AC_REQUIRE([AM_SET_DEPDIR])dnl +AC_REQUIRE([AM_OUTPUT_DEPENDENCY_COMMANDS])dnl +AC_REQUIRE([AM_MAKE_INCLUDE])dnl +AC_REQUIRE([AM_DEP_TRACK])dnl + +ifelse([$1], CC, [depcc="$CC" am_compiler_list=], + [$1], CXX, [depcc="$CXX" am_compiler_list=], + [$1], OBJC, [depcc="$OBJC" am_compiler_list='gcc3 gcc'], + [$1], UPC, [depcc="$UPC" am_compiler_list=], + [$1], GCJ, [depcc="$GCJ" am_compiler_list='gcc3 gcc'], + [depcc="$$1" am_compiler_list=]) + +AC_CACHE_CHECK([dependency style of $depcc], + [am_cv_$1_dependencies_compiler_type], +[if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then + # We make a subdir and do the tests there. Otherwise we can end up + # making bogus files that we don't know about and never remove. For + # instance it was reported that on HP-UX the gcc test will end up + # making a dummy file named `D' -- because `-MD' means `put the output + # in D'. + rm -rf conftest.dir + mkdir conftest.dir + # Copy depcomp to subdir because otherwise we won't find it if we're + # using a relative directory. + cp "$am_depcomp" conftest.dir + cd conftest.dir + # We will build objects and dependencies in a subdirectory because + # it helps to detect inapplicable dependency modes. For instance + # both Tru64's cc and ICC support -MD to output dependencies as a + # side effect of compilation, but ICC will put the dependencies in + # the current directory while Tru64 will put them in the object + # directory. + mkdir sub + + am_cv_$1_dependencies_compiler_type=none + if test "$am_compiler_list" = ""; then + am_compiler_list=`sed -n ['s/^#*\([a-zA-Z0-9]*\))$/\1/p'] < ./depcomp` + fi + am__universal=false + m4_case([$1], [CC], + [case " $depcc " in #( + *\ -arch\ *\ -arch\ *) am__universal=true ;; + esac], + [CXX], + [case " $depcc " in #( + *\ -arch\ *\ -arch\ *) am__universal=true ;; + esac]) + + for depmode in $am_compiler_list; do + # Setup a source with many dependencies, because some compilers + # like to wrap large dependency lists on column 80 (with \), and + # we should not choose a depcomp mode which is confused by this. + # + # We need to recreate these files for each test, as the compiler may + # overwrite some of them when testing with obscure command lines. + # This happens at least with the AIX C compiler. + : > sub/conftest.c + for i in 1 2 3 4 5 6; do + echo '#include "conftst'$i'.h"' >> sub/conftest.c + # Using `: > sub/conftst$i.h' creates only sub/conftst1.h with + # Solaris 8's {/usr,}/bin/sh. + touch sub/conftst$i.h + done + echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf + + # We check with `-c' and `-o' for the sake of the "dashmstdout" + # mode. It turns out that the SunPro C++ compiler does not properly + # handle `-M -o', and we need to detect this. Also, some Intel + # versions had trouble with output in subdirs + am__obj=sub/conftest.${OBJEXT-o} + am__minus_obj="-o $am__obj" + case $depmode in + gcc) + # This depmode causes a compiler race in universal mode. + test "$am__universal" = false || continue + ;; + nosideeffect) + # after this tag, mechanisms are not by side-effect, so they'll + # only be used when explicitly requested + if test "x$enable_dependency_tracking" = xyes; then + continue + else + break + fi + ;; + msvc7 | msvc7msys | msvisualcpp | msvcmsys) + # This compiler won't grok `-c -o', but also, the minuso test has + # not run yet. These depmodes are late enough in the game, and + # so weak that their functioning should not be impacted. + am__obj=conftest.${OBJEXT-o} + am__minus_obj= + ;; + none) break ;; + esac + if depmode=$depmode \ + source=sub/conftest.c object=$am__obj \ + depfile=sub/conftest.Po tmpdepfile=sub/conftest.TPo \ + $SHELL ./depcomp $depcc -c $am__minus_obj sub/conftest.c \ + >/dev/null 2>conftest.err && + grep sub/conftst1.h sub/conftest.Po > /dev/null 2>&1 && + grep sub/conftst6.h sub/conftest.Po > /dev/null 2>&1 && + grep $am__obj sub/conftest.Po > /dev/null 2>&1 && + ${MAKE-make} -s -f confmf > /dev/null 2>&1; then + # icc doesn't choke on unknown options, it will just issue warnings + # or remarks (even with -Werror). So we grep stderr for any message + # that says an option was ignored or not supported. + # When given -MP, icc 7.0 and 7.1 complain thusly: + # icc: Command line warning: ignoring option '-M'; no argument required + # The diagnosis changed in icc 8.0: + # icc: Command line remark: option '-MP' not supported + if (grep 'ignoring option' conftest.err || + grep 'not supported' conftest.err) >/dev/null 2>&1; then :; else + am_cv_$1_dependencies_compiler_type=$depmode + break + fi + fi + done + + cd .. + rm -rf conftest.dir +else + am_cv_$1_dependencies_compiler_type=none +fi +]) +AC_SUBST([$1DEPMODE], [depmode=$am_cv_$1_dependencies_compiler_type]) +AM_CONDITIONAL([am__fastdep$1], [ + test "x$enable_dependency_tracking" != xno \ + && test "$am_cv_$1_dependencies_compiler_type" = gcc3]) +]) + + +# AM_SET_DEPDIR +# ------------- +# Choose a directory name for dependency files. +# This macro is AC_REQUIREd in _AM_DEPENDENCIES +AC_DEFUN([AM_SET_DEPDIR], +[AC_REQUIRE([AM_SET_LEADING_DOT])dnl +AC_SUBST([DEPDIR], ["${am__leading_dot}deps"])dnl +]) + + +# AM_DEP_TRACK +# ------------ +AC_DEFUN([AM_DEP_TRACK], +[AC_ARG_ENABLE(dependency-tracking, +[ --disable-dependency-tracking speeds up one-time build + --enable-dependency-tracking do not reject slow dependency extractors]) +if test "x$enable_dependency_tracking" != xno; then + am_depcomp="$ac_aux_dir/depcomp" + AMDEPBACKSLASH='\' + am__nodep='_no' +fi +AM_CONDITIONAL([AMDEP], [test "x$enable_dependency_tracking" != xno]) +AC_SUBST([AMDEPBACKSLASH])dnl +_AM_SUBST_NOTMAKE([AMDEPBACKSLASH])dnl +AC_SUBST([am__nodep])dnl +_AM_SUBST_NOTMAKE([am__nodep])dnl +]) + +# Generate code to set up dependency tracking. -*- Autoconf -*- + +# Copyright (C) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2008 +# Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +#serial 5 + +# _AM_OUTPUT_DEPENDENCY_COMMANDS +# ------------------------------ +AC_DEFUN([_AM_OUTPUT_DEPENDENCY_COMMANDS], +[{ + # Autoconf 2.62 quotes --file arguments for eval, but not when files + # are listed without --file. Let's play safe and only enable the eval + # if we detect the quoting. + case $CONFIG_FILES in + *\'*) eval set x "$CONFIG_FILES" ;; + *) set x $CONFIG_FILES ;; + esac + shift + for mf + do + # Strip MF so we end up with the name of the file. + mf=`echo "$mf" | sed -e 's/:.*$//'` + # Check whether this is an Automake generated Makefile or not. + # We used to match only the files named `Makefile.in', but + # some people rename them; so instead we look at the file content. + # Grep'ing the first line is not enough: some people post-process + # each Makefile.in and add a new line on top of each file to say so. + # Grep'ing the whole file is not good either: AIX grep has a line + # limit of 2048, but all sed's we know have understand at least 4000. + if sed -n 's,^#.*generated by automake.*,X,p' "$mf" | grep X >/dev/null 2>&1; then + dirpart=`AS_DIRNAME("$mf")` + else + continue + fi + # Extract the definition of DEPDIR, am__include, and am__quote + # from the Makefile without running `make'. + DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"` + test -z "$DEPDIR" && continue + am__include=`sed -n 's/^am__include = //p' < "$mf"` + test -z "am__include" && continue + am__quote=`sed -n 's/^am__quote = //p' < "$mf"` + # When using ansi2knr, U may be empty or an underscore; expand it + U=`sed -n 's/^U = //p' < "$mf"` + # Find all dependency output files, they are included files with + # $(DEPDIR) in their names. We invoke sed twice because it is the + # simplest approach to changing $(DEPDIR) to its actual value in the + # expansion. + for file in `sed -n " + s/^$am__include $am__quote\(.*(DEPDIR).*\)$am__quote"'$/\1/p' <"$mf" | \ + sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g' -e 's/\$U/'"$U"'/g'`; do + # Make sure the directory exists. + test -f "$dirpart/$file" && continue + fdir=`AS_DIRNAME(["$file"])` + AS_MKDIR_P([$dirpart/$fdir]) + # echo "creating $dirpart/$file" + echo '# dummy' > "$dirpart/$file" + done + done +} +])# _AM_OUTPUT_DEPENDENCY_COMMANDS + + +# AM_OUTPUT_DEPENDENCY_COMMANDS +# ----------------------------- +# This macro should only be invoked once -- use via AC_REQUIRE. +# +# This code is only required when automatic dependency tracking +# is enabled. FIXME. This creates each `.P' file that we will +# need in order to bootstrap the dependency handling code. +AC_DEFUN([AM_OUTPUT_DEPENDENCY_COMMANDS], +[AC_CONFIG_COMMANDS([depfiles], + [test x"$AMDEP_TRUE" != x"" || _AM_OUTPUT_DEPENDENCY_COMMANDS], + [AMDEP_TRUE="$AMDEP_TRUE" ac_aux_dir="$ac_aux_dir"]) +]) + +# Do all the work for Automake. -*- Autoconf -*- + +# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, +# 2005, 2006, 2008, 2009 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# serial 16 + +# This macro actually does too much. Some checks are only needed if +# your package does certain things. But this isn't really a big deal. + +# AM_INIT_AUTOMAKE(PACKAGE, VERSION, [NO-DEFINE]) +# AM_INIT_AUTOMAKE([OPTIONS]) +# ----------------------------------------------- +# The call with PACKAGE and VERSION arguments is the old style +# call (pre autoconf-2.50), which is being phased out. PACKAGE +# and VERSION should now be passed to AC_INIT and removed from +# the call to AM_INIT_AUTOMAKE. +# We support both call styles for the transition. After +# the next Automake release, Autoconf can make the AC_INIT +# arguments mandatory, and then we can depend on a new Autoconf +# release and drop the old call support. +AC_DEFUN([AM_INIT_AUTOMAKE], +[AC_PREREQ([2.62])dnl +dnl Autoconf wants to disallow AM_ names. We explicitly allow +dnl the ones we care about. +m4_pattern_allow([^AM_[A-Z]+FLAGS$])dnl +AC_REQUIRE([AM_SET_CURRENT_AUTOMAKE_VERSION])dnl +AC_REQUIRE([AC_PROG_INSTALL])dnl +if test "`cd $srcdir && pwd`" != "`pwd`"; then + # Use -I$(srcdir) only when $(srcdir) != ., so that make's output + # is not polluted with repeated "-I." + AC_SUBST([am__isrc], [' -I$(srcdir)'])_AM_SUBST_NOTMAKE([am__isrc])dnl + # test to see if srcdir already configured + if test -f $srcdir/config.status; then + AC_MSG_ERROR([source directory already configured; run "make distclean" there first]) + fi +fi + +# test whether we have cygpath +if test -z "$CYGPATH_W"; then + if (cygpath --version) >/dev/null 2>/dev/null; then + CYGPATH_W='cygpath -w' + else + CYGPATH_W=echo + fi +fi +AC_SUBST([CYGPATH_W]) + +# Define the identity of the package. +dnl Distinguish between old-style and new-style calls. +m4_ifval([$2], +[m4_ifval([$3], [_AM_SET_OPTION([no-define])])dnl + AC_SUBST([PACKAGE], [$1])dnl + AC_SUBST([VERSION], [$2])], +[_AM_SET_OPTIONS([$1])dnl +dnl Diagnose old-style AC_INIT with new-style AM_AUTOMAKE_INIT. +m4_if(m4_ifdef([AC_PACKAGE_NAME], 1)m4_ifdef([AC_PACKAGE_VERSION], 1), 11,, + [m4_fatal([AC_INIT should be called with package and version arguments])])dnl + AC_SUBST([PACKAGE], ['AC_PACKAGE_TARNAME'])dnl + AC_SUBST([VERSION], ['AC_PACKAGE_VERSION'])])dnl + +_AM_IF_OPTION([no-define],, +[AC_DEFINE_UNQUOTED(PACKAGE, "$PACKAGE", [Name of package]) + AC_DEFINE_UNQUOTED(VERSION, "$VERSION", [Version number of package])])dnl + +# Some tools Automake needs. +AC_REQUIRE([AM_SANITY_CHECK])dnl +AC_REQUIRE([AC_ARG_PROGRAM])dnl +AM_MISSING_PROG(ACLOCAL, aclocal-${am__api_version}) +AM_MISSING_PROG(AUTOCONF, autoconf) +AM_MISSING_PROG(AUTOMAKE, automake-${am__api_version}) +AM_MISSING_PROG(AUTOHEADER, autoheader) +AM_MISSING_PROG(MAKEINFO, makeinfo) +AC_REQUIRE([AM_PROG_INSTALL_SH])dnl +AC_REQUIRE([AM_PROG_INSTALL_STRIP])dnl +AC_REQUIRE([AM_PROG_MKDIR_P])dnl +# We need awk for the "check" target. The system "awk" is bad on +# some platforms. +AC_REQUIRE([AC_PROG_AWK])dnl +AC_REQUIRE([AC_PROG_MAKE_SET])dnl +AC_REQUIRE([AM_SET_LEADING_DOT])dnl +_AM_IF_OPTION([tar-ustar], [_AM_PROG_TAR([ustar])], + [_AM_IF_OPTION([tar-pax], [_AM_PROG_TAR([pax])], + [_AM_PROG_TAR([v7])])]) +_AM_IF_OPTION([no-dependencies],, +[AC_PROVIDE_IFELSE([AC_PROG_CC], + [_AM_DEPENDENCIES(CC)], + [define([AC_PROG_CC], + defn([AC_PROG_CC])[_AM_DEPENDENCIES(CC)])])dnl +AC_PROVIDE_IFELSE([AC_PROG_CXX], + [_AM_DEPENDENCIES(CXX)], + [define([AC_PROG_CXX], + defn([AC_PROG_CXX])[_AM_DEPENDENCIES(CXX)])])dnl +AC_PROVIDE_IFELSE([AC_PROG_OBJC], + [_AM_DEPENDENCIES(OBJC)], + [define([AC_PROG_OBJC], + defn([AC_PROG_OBJC])[_AM_DEPENDENCIES(OBJC)])])dnl +]) +_AM_IF_OPTION([silent-rules], [AC_REQUIRE([AM_SILENT_RULES])])dnl +dnl The `parallel-tests' driver may need to know about EXEEXT, so add the +dnl `am__EXEEXT' conditional if _AM_COMPILER_EXEEXT was seen. This macro +dnl is hooked onto _AC_COMPILER_EXEEXT early, see below. +AC_CONFIG_COMMANDS_PRE(dnl +[m4_provide_if([_AM_COMPILER_EXEEXT], + [AM_CONDITIONAL([am__EXEEXT], [test -n "$EXEEXT"])])])dnl +]) + +dnl Hook into `_AC_COMPILER_EXEEXT' early to learn its expansion. Do not +dnl add the conditional right here, as _AC_COMPILER_EXEEXT may be further +dnl mangled by Autoconf and run in a shell conditional statement. +m4_define([_AC_COMPILER_EXEEXT], +m4_defn([_AC_COMPILER_EXEEXT])[m4_provide([_AM_COMPILER_EXEEXT])]) + + +# When config.status generates a header, we must update the stamp-h file. +# This file resides in the same directory as the config header +# that is generated. The stamp files are numbered to have different names. + +# Autoconf calls _AC_AM_CONFIG_HEADER_HOOK (when defined) in the +# loop where config.status creates the headers, so we can generate +# our stamp files there. +AC_DEFUN([_AC_AM_CONFIG_HEADER_HOOK], +[# Compute $1's index in $config_headers. +_am_arg=$1 +_am_stamp_count=1 +for _am_header in $config_headers :; do + case $_am_header in + $_am_arg | $_am_arg:* ) + break ;; + * ) + _am_stamp_count=`expr $_am_stamp_count + 1` ;; + esac +done +echo "timestamp for $_am_arg" >`AS_DIRNAME(["$_am_arg"])`/stamp-h[]$_am_stamp_count]) + +# Copyright (C) 2001, 2003, 2005, 2008, 2011 Free Software Foundation, +# Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# serial 1 + +# AM_PROG_INSTALL_SH +# ------------------ +# Define $install_sh. +AC_DEFUN([AM_PROG_INSTALL_SH], +[AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl +if test x"${install_sh}" != xset; then + case $am_aux_dir in + *\ * | *\ *) + install_sh="\${SHELL} '$am_aux_dir/install-sh'" ;; + *) + install_sh="\${SHELL} $am_aux_dir/install-sh" + esac +fi +AC_SUBST(install_sh)]) + +# Copyright (C) 2003, 2005 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# serial 2 + +# Check whether the underlying file-system supports filenames +# with a leading dot. For instance MS-DOS doesn't. +AC_DEFUN([AM_SET_LEADING_DOT], +[rm -rf .tst 2>/dev/null +mkdir .tst 2>/dev/null +if test -d .tst; then + am__leading_dot=. +else + am__leading_dot=_ +fi +rmdir .tst 2>/dev/null +AC_SUBST([am__leading_dot])]) + +# Check to see how 'make' treats includes. -*- Autoconf -*- + +# Copyright (C) 2001, 2002, 2003, 2005, 2009 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# serial 4 + +# AM_MAKE_INCLUDE() +# ----------------- +# Check to see how make treats includes. +AC_DEFUN([AM_MAKE_INCLUDE], +[am_make=${MAKE-make} +cat > confinc << 'END' +am__doit: + @echo this is the am__doit target +.PHONY: am__doit +END +# If we don't find an include directive, just comment out the code. +AC_MSG_CHECKING([for style of include used by $am_make]) +am__include="#" +am__quote= +_am_result=none +# First try GNU make style include. +echo "include confinc" > confmf +# Ignore all kinds of additional output from `make'. +case `$am_make -s -f confmf 2> /dev/null` in #( +*the\ am__doit\ target*) + am__include=include + am__quote= + _am_result=GNU + ;; +esac +# Now try BSD make style include. +if test "$am__include" = "#"; then + echo '.include "confinc"' > confmf + case `$am_make -s -f confmf 2> /dev/null` in #( + *the\ am__doit\ target*) + am__include=.include + am__quote="\"" + _am_result=BSD + ;; + esac +fi +AC_SUBST([am__include]) +AC_SUBST([am__quote]) +AC_MSG_RESULT([$_am_result]) +rm -f confinc confmf +]) + +# Fake the existence of programs that GNU maintainers use. -*- Autoconf -*- + +# Copyright (C) 1997, 1999, 2000, 2001, 2003, 2004, 2005, 2008 +# Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# serial 6 + +# AM_MISSING_PROG(NAME, PROGRAM) +# ------------------------------ +AC_DEFUN([AM_MISSING_PROG], +[AC_REQUIRE([AM_MISSING_HAS_RUN]) +$1=${$1-"${am_missing_run}$2"} +AC_SUBST($1)]) + + +# AM_MISSING_HAS_RUN +# ------------------ +# Define MISSING if not defined so far and test if it supports --run. +# If it does, set am_missing_run to use it, otherwise, to nothing. +AC_DEFUN([AM_MISSING_HAS_RUN], +[AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl +AC_REQUIRE_AUX_FILE([missing])dnl +if test x"${MISSING+set}" != xset; then + case $am_aux_dir in + *\ * | *\ *) + MISSING="\${SHELL} \"$am_aux_dir/missing\"" ;; + *) + MISSING="\${SHELL} $am_aux_dir/missing" ;; + esac +fi +# Use eval to expand $SHELL +if eval "$MISSING --run true"; then + am_missing_run="$MISSING --run " +else + am_missing_run= + AC_MSG_WARN([`missing' script is too old or missing]) +fi +]) + +# Copyright (C) 2003, 2004, 2005, 2006, 2011 Free Software Foundation, +# Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# serial 1 + +# AM_PROG_MKDIR_P +# --------------- +# Check for `mkdir -p'. +AC_DEFUN([AM_PROG_MKDIR_P], +[AC_PREREQ([2.60])dnl +AC_REQUIRE([AC_PROG_MKDIR_P])dnl +dnl Automake 1.8 to 1.9.6 used to define mkdir_p. We now use MKDIR_P, +dnl while keeping a definition of mkdir_p for backward compatibility. +dnl @MKDIR_P@ is magic: AC_OUTPUT adjusts its value for each Makefile. +dnl However we cannot define mkdir_p as $(MKDIR_P) for the sake of +dnl Makefile.ins that do not define MKDIR_P, so we do our own +dnl adjustment using top_builddir (which is defined more often than +dnl MKDIR_P). +AC_SUBST([mkdir_p], ["$MKDIR_P"])dnl +case $mkdir_p in + [[\\/$]]* | ?:[[\\/]]*) ;; + */*) mkdir_p="\$(top_builddir)/$mkdir_p" ;; +esac +]) + +# Helper functions for option handling. -*- Autoconf -*- + +# Copyright (C) 2001, 2002, 2003, 2005, 2008, 2010 Free Software +# Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# serial 5 + +# _AM_MANGLE_OPTION(NAME) +# ----------------------- +AC_DEFUN([_AM_MANGLE_OPTION], +[[_AM_OPTION_]m4_bpatsubst($1, [[^a-zA-Z0-9_]], [_])]) + +# _AM_SET_OPTION(NAME) +# -------------------- +# Set option NAME. Presently that only means defining a flag for this option. +AC_DEFUN([_AM_SET_OPTION], +[m4_define(_AM_MANGLE_OPTION([$1]), 1)]) + +# _AM_SET_OPTIONS(OPTIONS) +# ------------------------ +# OPTIONS is a space-separated list of Automake options. +AC_DEFUN([_AM_SET_OPTIONS], +[m4_foreach_w([_AM_Option], [$1], [_AM_SET_OPTION(_AM_Option)])]) + +# _AM_IF_OPTION(OPTION, IF-SET, [IF-NOT-SET]) +# ------------------------------------------- +# Execute IF-SET if OPTION is set, IF-NOT-SET otherwise. +AC_DEFUN([_AM_IF_OPTION], +[m4_ifset(_AM_MANGLE_OPTION([$1]), [$2], [$3])]) + +# Check to make sure that the build environment is sane. -*- Autoconf -*- + +# Copyright (C) 1996, 1997, 2000, 2001, 2003, 2005, 2008 +# Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# serial 5 + +# AM_SANITY_CHECK +# --------------- +AC_DEFUN([AM_SANITY_CHECK], +[AC_MSG_CHECKING([whether build environment is sane]) +# Just in case +sleep 1 +echo timestamp > conftest.file +# Reject unsafe characters in $srcdir or the absolute working directory +# name. Accept space and tab only in the latter. +am_lf=' +' +case `pwd` in + *[[\\\"\#\$\&\'\`$am_lf]]*) + AC_MSG_ERROR([unsafe absolute working directory name]);; +esac +case $srcdir in + *[[\\\"\#\$\&\'\`$am_lf\ \ ]]*) + AC_MSG_ERROR([unsafe srcdir value: `$srcdir']);; +esac + +# Do `set' in a subshell so we don't clobber the current shell's +# arguments. Must try -L first in case configure is actually a +# symlink; some systems play weird games with the mod time of symlinks +# (eg FreeBSD returns the mod time of the symlink's containing +# directory). +if ( + set X `ls -Lt "$srcdir/configure" conftest.file 2> /dev/null` + if test "$[*]" = "X"; then + # -L didn't work. + set X `ls -t "$srcdir/configure" conftest.file` + fi + rm -f conftest.file + if test "$[*]" != "X $srcdir/configure conftest.file" \ + && test "$[*]" != "X conftest.file $srcdir/configure"; then + + # If neither matched, then we have a broken ls. This can happen + # if, for instance, CONFIG_SHELL is bash and it inherits a + # broken ls alias from the environment. This has actually + # happened. Such a system could not be considered "sane". + AC_MSG_ERROR([ls -t appears to fail. Make sure there is not a broken +alias in your environment]) + fi + + test "$[2]" = conftest.file + ) +then + # Ok. + : +else + AC_MSG_ERROR([newly created file is older than distributed files! +Check your system clock]) +fi +AC_MSG_RESULT(yes)]) + +# Copyright (C) 2001, 2003, 2005, 2011 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# serial 1 + +# AM_PROG_INSTALL_STRIP +# --------------------- +# One issue with vendor `install' (even GNU) is that you can't +# specify the program used to strip binaries. This is especially +# annoying in cross-compiling environments, where the build's strip +# is unlikely to handle the host's binaries. +# Fortunately install-sh will honor a STRIPPROG variable, so we +# always use install-sh in `make install-strip', and initialize +# STRIPPROG with the value of the STRIP variable (set by the user). +AC_DEFUN([AM_PROG_INSTALL_STRIP], +[AC_REQUIRE([AM_PROG_INSTALL_SH])dnl +# Installed binaries are usually stripped using `strip' when the user +# run `make install-strip'. However `strip' might not be the right +# tool to use in cross-compilation environments, therefore Automake +# will honor the `STRIP' environment variable to overrule this program. +dnl Don't test for $cross_compiling = yes, because it might be `maybe'. +if test "$cross_compiling" != no; then + AC_CHECK_TOOL([STRIP], [strip], :) +fi +INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s" +AC_SUBST([INSTALL_STRIP_PROGRAM])]) + +# Copyright (C) 2006, 2008, 2010 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# serial 3 + +# _AM_SUBST_NOTMAKE(VARIABLE) +# --------------------------- +# Prevent Automake from outputting VARIABLE = @VARIABLE@ in Makefile.in. +# This macro is traced by Automake. +AC_DEFUN([_AM_SUBST_NOTMAKE]) + +# AM_SUBST_NOTMAKE(VARIABLE) +# -------------------------- +# Public sister of _AM_SUBST_NOTMAKE. +AC_DEFUN([AM_SUBST_NOTMAKE], [_AM_SUBST_NOTMAKE($@)]) + +# Check how to create a tarball. -*- Autoconf -*- + +# Copyright (C) 2004, 2005, 2012 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# serial 2 + +# _AM_PROG_TAR(FORMAT) +# -------------------- +# Check how to create a tarball in format FORMAT. +# FORMAT should be one of `v7', `ustar', or `pax'. +# +# Substitute a variable $(am__tar) that is a command +# writing to stdout a FORMAT-tarball containing the directory +# $tardir. +# tardir=directory && $(am__tar) > result.tar +# +# Substitute a variable $(am__untar) that extract such +# a tarball read from stdin. +# $(am__untar) < result.tar +AC_DEFUN([_AM_PROG_TAR], +[# Always define AMTAR for backward compatibility. Yes, it's still used +# in the wild :-( We should find a proper way to deprecate it ... +AC_SUBST([AMTAR], ['$${TAR-tar}']) +m4_if([$1], [v7], + [am__tar='$${TAR-tar} chof - "$$tardir"' am__untar='$${TAR-tar} xf -'], + [m4_case([$1], [ustar],, [pax],, + [m4_fatal([Unknown tar format])]) +AC_MSG_CHECKING([how to create a $1 tar archive]) +# Loop over all known methods to create a tar archive until one works. +_am_tools='gnutar m4_if([$1], [ustar], [plaintar]) pax cpio none' +_am_tools=${am_cv_prog_tar_$1-$_am_tools} +# Do not fold the above two line into one, because Tru64 sh and +# Solaris sh will not grok spaces in the rhs of `-'. +for _am_tool in $_am_tools +do + case $_am_tool in + gnutar) + for _am_tar in tar gnutar gtar; + do + AM_RUN_LOG([$_am_tar --version]) && break + done + am__tar="$_am_tar --format=m4_if([$1], [pax], [posix], [$1]) -chf - "'"$$tardir"' + am__tar_="$_am_tar --format=m4_if([$1], [pax], [posix], [$1]) -chf - "'"$tardir"' + am__untar="$_am_tar -xf -" + ;; + plaintar) + # Must skip GNU tar: if it does not support --format= it doesn't create + # ustar tarball either. + (tar --version) >/dev/null 2>&1 && continue + am__tar='tar chf - "$$tardir"' + am__tar_='tar chf - "$tardir"' + am__untar='tar xf -' + ;; + pax) + am__tar='pax -L -x $1 -w "$$tardir"' + am__tar_='pax -L -x $1 -w "$tardir"' + am__untar='pax -r' + ;; + cpio) + am__tar='find "$$tardir" -print | cpio -o -H $1 -L' + am__tar_='find "$tardir" -print | cpio -o -H $1 -L' + am__untar='cpio -i -H $1 -d' + ;; + none) + am__tar=false + am__tar_=false + am__untar=false + ;; + esac + + # If the value was cached, stop now. We just wanted to have am__tar + # and am__untar set. + test -n "${am_cv_prog_tar_$1}" && break + + # tar/untar a dummy directory, and stop if the command works + rm -rf conftest.dir + mkdir conftest.dir + echo GrepMe > conftest.dir/file + AM_RUN_LOG([tardir=conftest.dir && eval $am__tar_ >conftest.tar]) + rm -rf conftest.dir + if test -s conftest.tar; then + AM_RUN_LOG([$am__untar /dev/null 2>&1 && break + fi +done +rm -rf conftest.dir + +AC_CACHE_VAL([am_cv_prog_tar_$1], [am_cv_prog_tar_$1=$_am_tool]) +AC_MSG_RESULT([$am_cv_prog_tar_$1])]) +AC_SUBST([am__tar]) +AC_SUBST([am__untar]) +]) # _AM_PROG_TAR + diff --git a/test/mocklibc/bin/Makefile.am b/test/mocklibc/bin/Makefile.am new file mode 100644 index 00000000..a2e65e09 --- /dev/null +++ b/test/mocklibc/bin/Makefile.am @@ -0,0 +1,25 @@ + +bin_SCRIPTS = mocklibc + +check_SCRIPTS = mocklibc-test +TESTS = mocklibc-test + +EXTRA_DIST = mocklibc.in mocklibc-test.in +CLEANFILES = mocklibc mocklibc-test + + +# Substitute build variables in shell scripts +# See section "4.8.2 Installation Directory Variables" in autoconf manual + +edit = sed \ + -e 's|@libdir[@]|$(libdir)|g' \ + -e 's|@libname[@]|$(libname)|g' \ + -e 's|@top_srcdir[@]|$(top_srcdir)|g' \ + -e 's|@top_builddir[@]|$(top_builddir)|g' + +mocklibc mocklibc-test: Makefile + $(edit) $(srcdir)/$@.in > $@ + chmod a+x $@ + +mocklibc: $(srcdir)/mocklibc.in +mocklibc-test: $(srcdir)/mocklibc-test.in diff --git a/test/mocklibc/bin/Makefile.in b/test/mocklibc/bin/Makefile.in new file mode 100644 index 00000000..3a25a660 --- /dev/null +++ b/test/mocklibc/bin/Makefile.in @@ -0,0 +1,540 @@ +# Makefile.in generated by automake 1.11.3 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software +# Foundation, Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +VPATH = @srcdir@ +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +subdir = bin +DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/config.h +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__uninstall_files_from_dir = { \ + test -z "$$files" \ + || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ + || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ + $(am__cd) "$$dir" && rm -f $$files; }; \ + } +am__installdirs = "$(DESTDIR)$(bindir)" +SCRIPTS = $(bin_SCRIPTS) +SOURCES = +DIST_SOURCES = +am__tty_colors = \ +red=; grn=; lgn=; blu=; std= +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +AMTAR = @AMTAR@ +AR = @AR@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +GREP = @GREP@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ +MKDIR_P = @MKDIR_P@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +RANLIB = @RANLIB@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +STRIP = @STRIP@ +VERSION = @VERSION@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +libdir = @libdir@ +libexecdir = @libexecdir@ +libname = @libname@ +localedir = @localedir@ +localstatedir = @localstatedir@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +bin_SCRIPTS = mocklibc +check_SCRIPTS = mocklibc-test +TESTS = mocklibc-test +EXTRA_DIST = mocklibc.in mocklibc-test.in +CLEANFILES = mocklibc mocklibc-test + +# Substitute build variables in shell scripts +# See section "4.8.2 Installation Directory Variables" in autoconf manual +edit = sed \ + -e 's|@libdir[@]|$(libdir)|g' \ + -e 's|@libname[@]|$(libname)|g' \ + -e 's|@top_srcdir[@]|$(top_srcdir)|g' \ + -e 's|@top_builddir[@]|$(top_builddir)|g' + +all: all-am + +.SUFFIXES: +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu bin/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu bin/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): +install-binSCRIPTS: $(bin_SCRIPTS) + @$(NORMAL_INSTALL) + test -z "$(bindir)" || $(MKDIR_P) "$(DESTDIR)$(bindir)" + @list='$(bin_SCRIPTS)'; test -n "$(bindir)" || list=; \ + for p in $$list; do \ + if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ + if test -f "$$d$$p"; then echo "$$d$$p"; echo "$$p"; else :; fi; \ + done | \ + sed -e 'p;s,.*/,,;n' \ + -e 'h;s|.*|.|' \ + -e 'p;x;s,.*/,,;$(transform)' | sed 'N;N;N;s,\n, ,g' | \ + $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1; } \ + { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ + if ($$2 == $$4) { files[d] = files[d] " " $$1; \ + if (++n[d] == $(am__install_max)) { \ + print "f", d, files[d]; n[d] = 0; files[d] = "" } } \ + else { print "f", d "/" $$4, $$1 } } \ + END { for (d in files) print "f", d, files[d] }' | \ + while read type dir files; do \ + if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ + test -z "$$files" || { \ + echo " $(INSTALL_SCRIPT) $$files '$(DESTDIR)$(bindir)$$dir'"; \ + $(INSTALL_SCRIPT) $$files "$(DESTDIR)$(bindir)$$dir" || exit $$?; \ + } \ + ; done + +uninstall-binSCRIPTS: + @$(NORMAL_UNINSTALL) + @list='$(bin_SCRIPTS)'; test -n "$(bindir)" || exit 0; \ + files=`for p in $$list; do echo "$$p"; done | \ + sed -e 's,.*/,,;$(transform)'`; \ + dir='$(DESTDIR)$(bindir)'; $(am__uninstall_files_from_dir) + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs +tags: TAGS +TAGS: + +ctags: CTAGS +CTAGS: + + +check-TESTS: $(TESTS) + @failed=0; all=0; xfail=0; xpass=0; skip=0; \ + srcdir=$(srcdir); export srcdir; \ + list=' $(TESTS) '; \ + $(am__tty_colors); \ + if test -n "$$list"; then \ + for tst in $$list; do \ + if test -f ./$$tst; then dir=./; \ + elif test -f $$tst; then dir=; \ + else dir="$(srcdir)/"; fi; \ + if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \ + all=`expr $$all + 1`; \ + case " $(XFAIL_TESTS) " in \ + *[\ \ ]$$tst[\ \ ]*) \ + xpass=`expr $$xpass + 1`; \ + failed=`expr $$failed + 1`; \ + col=$$red; res=XPASS; \ + ;; \ + *) \ + col=$$grn; res=PASS; \ + ;; \ + esac; \ + elif test $$? -ne 77; then \ + all=`expr $$all + 1`; \ + case " $(XFAIL_TESTS) " in \ + *[\ \ ]$$tst[\ \ ]*) \ + xfail=`expr $$xfail + 1`; \ + col=$$lgn; res=XFAIL; \ + ;; \ + *) \ + failed=`expr $$failed + 1`; \ + col=$$red; res=FAIL; \ + ;; \ + esac; \ + else \ + skip=`expr $$skip + 1`; \ + col=$$blu; res=SKIP; \ + fi; \ + echo "$${col}$$res$${std}: $$tst"; \ + done; \ + if test "$$all" -eq 1; then \ + tests="test"; \ + All=""; \ + else \ + tests="tests"; \ + All="All "; \ + fi; \ + if test "$$failed" -eq 0; then \ + if test "$$xfail" -eq 0; then \ + banner="$$All$$all $$tests passed"; \ + else \ + if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ + banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ + fi; \ + else \ + if test "$$xpass" -eq 0; then \ + banner="$$failed of $$all $$tests failed"; \ + else \ + if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ + banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ + fi; \ + fi; \ + dashes="$$banner"; \ + skipped=""; \ + if test "$$skip" -ne 0; then \ + if test "$$skip" -eq 1; then \ + skipped="($$skip test was not run)"; \ + else \ + skipped="($$skip tests were not run)"; \ + fi; \ + test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ + dashes="$$skipped"; \ + fi; \ + report=""; \ + if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \ + report="Please report to $(PACKAGE_BUGREPORT)"; \ + test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \ + dashes="$$report"; \ + fi; \ + dashes=`echo "$$dashes" | sed s/./=/g`; \ + if test "$$failed" -eq 0; then \ + col="$$grn"; \ + else \ + col="$$red"; \ + fi; \ + echo "$${col}$$dashes$${std}"; \ + echo "$${col}$$banner$${std}"; \ + test -z "$$skipped" || echo "$${col}$$skipped$${std}"; \ + test -z "$$report" || echo "$${col}$$report$${std}"; \ + echo "$${col}$$dashes$${std}"; \ + test "$$failed" -eq 0; \ + else :; fi + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am + $(MAKE) $(AM_MAKEFLAGS) $(check_SCRIPTS) + $(MAKE) $(AM_MAKEFLAGS) check-TESTS +check: check-am +all-am: Makefile $(SCRIPTS) +installdirs: + for dir in "$(DESTDIR)$(bindir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + if test -z '$(STRIP)'; then \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + install; \ + else \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ + fi +mostlyclean-generic: + +clean-generic: + -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic clean-libtool mostlyclean-am + +distclean: distclean-am + -rm -f Makefile +distclean-am: clean-am distclean-generic + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: install-binSCRIPTS + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-generic mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-binSCRIPTS + +.MAKE: check-am install-am install-strip + +.PHONY: all all-am check check-TESTS check-am clean clean-generic \ + clean-libtool distclean distclean-generic distclean-libtool \ + distdir dvi dvi-am html html-am info info-am install \ + install-am install-binSCRIPTS install-data install-data-am \ + install-dvi install-dvi-am install-exec install-exec-am \ + install-html install-html-am install-info install-info-am \ + install-man install-pdf install-pdf-am install-ps \ + install-ps-am install-strip installcheck installcheck-am \ + installdirs maintainer-clean maintainer-clean-generic \ + mostlyclean mostlyclean-generic mostlyclean-libtool pdf pdf-am \ + ps ps-am uninstall uninstall-am uninstall-binSCRIPTS + + +mocklibc mocklibc-test: Makefile + $(edit) $(srcdir)/$@.in > $@ + chmod a+x $@ + +mocklibc: $(srcdir)/mocklibc.in +mocklibc-test: $(srcdir)/mocklibc-test.in + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/test/mocklibc/bin/mocklibc-test.in b/test/mocklibc/bin/mocklibc-test.in new file mode 100644 index 00000000..9f00a77d --- /dev/null +++ b/test/mocklibc/bin/mocklibc-test.in @@ -0,0 +1,136 @@ +#!/bin/bash + +# Copyright 2011 Google Inc. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Author: Nikki VonHollen + + +# Figure out where everything is + +MOCKLIBC="@top_builddir@/bin/mocklibc" +ETCDIR="@top_srcdir@/example" + + +# Setup the mock environment + +export MOCK_PASSWD="${ETCDIR}/passwd" +export MOCK_GROUP="${ETCDIR}/group" +export MOCK_NETGROUP="${ETCDIR}/netgroup" + + +# Test helper definitions + +TESTCOUNT=0 +FAILCOUNT=0 + +fail () { + echo "Test Failed:" + echo $@ >&2 + echo + FAILCOUNT=$((FAILCOUNT+1)) +} + +finish () { + if [[ $FAILCOUNT -gt 0 ]] + then + echo "Failed $FAILCOUNT of $TESTCOUNT tests." + exit 1 + else + echo "Passed $TESTCOUNT tests." + exit 0 + fi +} + +assert_true () { + $MOCKLIBC $@ || fail "assert true: $@" + TESTCOUNT=$((TESTCOUNT+1)) +} + +assert_false () { + $MOCKLIBC $@ && fail "assert false: $@" + TESTCOUNT=$((TESTCOUNT+1)) +} + +assert_grep () { + $MOCKLIBC ${@:2} | grep -q "^${1}\$" || fail "'$1' doesn't match output of: ${@:2}" + TESTCOUNT=$((TESTCOUNT+1)) +} + + +# Test implementations + +test_passwd () { + # Test user ids + assert_grep "0" id -u root + assert_grep "500" id -u john + assert_grep "501" id -u jane + + # Test primary groups + assert_grep "root" id -gn root + assert_grep "john" id -gn john + assert_grep "jane" id -gn jane +} + +test_group () { + # Test group lists for users + assert_grep "root" id -Gn root + assert_grep "john users" id -Gn john + assert_grep "jane users" id -Gn jane +} + +test_netgroup () { + # Test whether each user is each netgroup + assert_true innetgr foo -u john + assert_false innetgr foo -u jane + + assert_true innetgr bar -u jane + assert_false innetgr bar -u john + + assert_true innetgr baz -u john + assert_true innetgr baz -u jane + assert_false innetgr baz -u henry + + assert_true innetgr all -u john + assert_true innetgr all -u jane + assert_true innetgr all -u henry + + assert_false innetgr none -u john + assert_false innetgr none -u jane + assert_false innetgr none -u henry + + assert_false innetgr fake -u john +} + + +# Run the tests and print a report + +if (which id >/dev/null 2>&1) +then + test_passwd + test_group +else + echo "No 'id' command found, skipping passwd and group tests." >&2 +fi + +if (which innetgr >/dev/null 2>&1) +then + test_netgroup +else + echo "No 'innetgr' command found, skipping netgroup tests." >&2 +fi + + +finish + diff --git a/test/mocklibc/bin/mocklibc.in b/test/mocklibc/bin/mocklibc.in new file mode 100644 index 00000000..dc18855a --- /dev/null +++ b/test/mocklibc/bin/mocklibc.in @@ -0,0 +1,34 @@ +#!/bin/bash + +# Copyright 2011 Google Inc. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Author: Nikki VonHollen + + +BASEDIR=`dirname $0` +LIBDIR="${BASEDIR}/../src/.libs" +LIBPATH="${LIBDIR}/@libname@" + +if [[ -f "$LIBPATH" ]] +then + # Include Mocklibc's project build dir if we can find it + export LD_LIBRARY_PATH="${LIBDIR}:${LD_LIBRARY_PATH}" +else + # Use the system version instead, w/o requiring ldconfig + export LD_LIBRARY_PATH="@libdir@:${LD_LIBRARY_PATH}" +fi + +# Exec the requested app, replacing this one +LD_PRELOAD="@libname@" exec $@ diff --git a/test/mocklibc/config.guess b/test/mocklibc/config.guess new file mode 100755 index 00000000..49ba16f1 --- /dev/null +++ b/test/mocklibc/config.guess @@ -0,0 +1,1522 @@ +#! /bin/sh +# Attempt to guess a canonical system name. +# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, +# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, +# 2011, 2012 Free Software Foundation, Inc. + +timestamp='2012-01-01' + +# This file is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA +# 02110-1301, USA. +# +# As a special exception to the GNU General Public License, if you +# distribute this file as part of a program that contains a +# configuration script generated by Autoconf, you may include it under +# the same distribution terms that you use for the rest of that program. + + +# Originally written by Per Bothner. Please send patches (context +# diff format) to and include a ChangeLog +# entry. +# +# This script attempts to guess a canonical system name similar to +# config.sub. If it succeeds, it prints the system name on stdout, and +# exits with 0. Otherwise, it exits with 1. +# +# You can get the latest version of this script from: +# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD + +me=`echo "$0" | sed -e 's,.*/,,'` + +usage="\ +Usage: $0 [OPTION] + +Output the configuration name of the system \`$me' is run on. + +Operation modes: + -h, --help print this help, then exit + -t, --time-stamp print date of last modification, then exit + -v, --version print version number, then exit + +Report bugs and patches to ." + +version="\ +GNU config.guess ($timestamp) + +Originally written by Per Bothner. +Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, +2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012 +Free Software Foundation, Inc. + +This is free software; see the source for copying conditions. There is NO +warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." + +help=" +Try \`$me --help' for more information." + +# Parse command line +while test $# -gt 0 ; do + case $1 in + --time-stamp | --time* | -t ) + echo "$timestamp" ; exit ;; + --version | -v ) + echo "$version" ; exit ;; + --help | --h* | -h ) + echo "$usage"; exit ;; + -- ) # Stop option processing + shift; break ;; + - ) # Use stdin as input. + break ;; + -* ) + echo "$me: invalid option $1$help" >&2 + exit 1 ;; + * ) + break ;; + esac +done + +if test $# != 0; then + echo "$me: too many arguments$help" >&2 + exit 1 +fi + +trap 'exit 1' 1 2 15 + +# CC_FOR_BUILD -- compiler used by this script. Note that the use of a +# compiler to aid in system detection is discouraged as it requires +# temporary files to be created and, as you can see below, it is a +# headache to deal with in a portable fashion. + +# Historically, `CC_FOR_BUILD' used to be named `HOST_CC'. We still +# use `HOST_CC' if defined, but it is deprecated. + +# Portable tmp directory creation inspired by the Autoconf team. + +set_cc_for_build=' +trap "exitcode=\$?; (rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null) && exit \$exitcode" 0 ; +trap "rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null; exit 1" 1 2 13 15 ; +: ${TMPDIR=/tmp} ; + { tmp=`(umask 077 && mktemp -d "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } || + { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir $tmp) ; } || + { tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir $tmp) && echo "Warning: creating insecure temp directory" >&2 ; } || + { echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; } ; +dummy=$tmp/dummy ; +tmpfiles="$dummy.c $dummy.o $dummy.rel $dummy" ; +case $CC_FOR_BUILD,$HOST_CC,$CC in + ,,) echo "int x;" > $dummy.c ; + for c in cc gcc c89 c99 ; do + if ($c -c -o $dummy.o $dummy.c) >/dev/null 2>&1 ; then + CC_FOR_BUILD="$c"; break ; + fi ; + done ; + if test x"$CC_FOR_BUILD" = x ; then + CC_FOR_BUILD=no_compiler_found ; + fi + ;; + ,,*) CC_FOR_BUILD=$CC ;; + ,*,*) CC_FOR_BUILD=$HOST_CC ;; +esac ; set_cc_for_build= ;' + +# This is needed to find uname on a Pyramid OSx when run in the BSD universe. +# (ghazi@noc.rutgers.edu 1994-08-24) +if (test -f /.attbin/uname) >/dev/null 2>&1 ; then + PATH=$PATH:/.attbin ; export PATH +fi + +UNAME_MACHINE=`(uname -m) 2>/dev/null` || UNAME_MACHINE=unknown +UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown +UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown +UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown + +# Note: order is significant - the case branches are not exclusive. + +case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in + *:NetBSD:*:*) + # NetBSD (nbsd) targets should (where applicable) match one or + # more of the tuples: *-*-netbsdelf*, *-*-netbsdaout*, + # *-*-netbsdecoff* and *-*-netbsd*. For targets that recently + # switched to ELF, *-*-netbsd* would select the old + # object file format. This provides both forward + # compatibility and a consistent mechanism for selecting the + # object file format. + # + # Note: NetBSD doesn't particularly care about the vendor + # portion of the name. We always set it to "unknown". + sysctl="sysctl -n hw.machine_arch" + UNAME_MACHINE_ARCH=`(/sbin/$sysctl 2>/dev/null || \ + /usr/sbin/$sysctl 2>/dev/null || echo unknown)` + case "${UNAME_MACHINE_ARCH}" in + armeb) machine=armeb-unknown ;; + arm*) machine=arm-unknown ;; + sh3el) machine=shl-unknown ;; + sh3eb) machine=sh-unknown ;; + sh5el) machine=sh5le-unknown ;; + *) machine=${UNAME_MACHINE_ARCH}-unknown ;; + esac + # The Operating System including object format, if it has switched + # to ELF recently, or will in the future. + case "${UNAME_MACHINE_ARCH}" in + arm*|i386|m68k|ns32k|sh3*|sparc|vax) + eval $set_cc_for_build + if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \ + | grep -q __ELF__ + then + # Once all utilities can be ECOFF (netbsdecoff) or a.out (netbsdaout). + # Return netbsd for either. FIX? + os=netbsd + else + os=netbsdelf + fi + ;; + *) + os=netbsd + ;; + esac + # The OS release + # Debian GNU/NetBSD machines have a different userland, and + # thus, need a distinct triplet. However, they do not need + # kernel version information, so it can be replaced with a + # suitable tag, in the style of linux-gnu. + case "${UNAME_VERSION}" in + Debian*) + release='-gnu' + ;; + *) + release=`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'` + ;; + esac + # Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM: + # contains redundant information, the shorter form: + # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used. + echo "${machine}-${os}${release}" + exit ;; + *:OpenBSD:*:*) + UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'` + echo ${UNAME_MACHINE_ARCH}-unknown-openbsd${UNAME_RELEASE} + exit ;; + *:ekkoBSD:*:*) + echo ${UNAME_MACHINE}-unknown-ekkobsd${UNAME_RELEASE} + exit ;; + *:SolidBSD:*:*) + echo ${UNAME_MACHINE}-unknown-solidbsd${UNAME_RELEASE} + exit ;; + macppc:MirBSD:*:*) + echo powerpc-unknown-mirbsd${UNAME_RELEASE} + exit ;; + *:MirBSD:*:*) + echo ${UNAME_MACHINE}-unknown-mirbsd${UNAME_RELEASE} + exit ;; + alpha:OSF1:*:*) + case $UNAME_RELEASE in + *4.0) + UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'` + ;; + *5.*) + UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $4}'` + ;; + esac + # According to Compaq, /usr/sbin/psrinfo has been available on + # OSF/1 and Tru64 systems produced since 1995. I hope that + # covers most systems running today. This code pipes the CPU + # types through head -n 1, so we only detect the type of CPU 0. + ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^ The alpha \(.*\) processor.*$/\1/p' | head -n 1` + case "$ALPHA_CPU_TYPE" in + "EV4 (21064)") + UNAME_MACHINE="alpha" ;; + "EV4.5 (21064)") + UNAME_MACHINE="alpha" ;; + "LCA4 (21066/21068)") + UNAME_MACHINE="alpha" ;; + "EV5 (21164)") + UNAME_MACHINE="alphaev5" ;; + "EV5.6 (21164A)") + UNAME_MACHINE="alphaev56" ;; + "EV5.6 (21164PC)") + UNAME_MACHINE="alphapca56" ;; + "EV5.7 (21164PC)") + UNAME_MACHINE="alphapca57" ;; + "EV6 (21264)") + UNAME_MACHINE="alphaev6" ;; + "EV6.7 (21264A)") + UNAME_MACHINE="alphaev67" ;; + "EV6.8CB (21264C)") + UNAME_MACHINE="alphaev68" ;; + "EV6.8AL (21264B)") + UNAME_MACHINE="alphaev68" ;; + "EV6.8CX (21264D)") + UNAME_MACHINE="alphaev68" ;; + "EV6.9A (21264/EV69A)") + UNAME_MACHINE="alphaev69" ;; + "EV7 (21364)") + UNAME_MACHINE="alphaev7" ;; + "EV7.9 (21364A)") + UNAME_MACHINE="alphaev79" ;; + esac + # A Pn.n version is a patched version. + # A Vn.n version is a released version. + # A Tn.n version is a released field test version. + # A Xn.n version is an unreleased experimental baselevel. + # 1.2 uses "1.2" for uname -r. + echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` + # Reset EXIT trap before exiting to avoid spurious non-zero exit code. + exitcode=$? + trap '' 0 + exit $exitcode ;; + Alpha\ *:Windows_NT*:*) + # How do we know it's Interix rather than the generic POSIX subsystem? + # Should we change UNAME_MACHINE based on the output of uname instead + # of the specific Alpha model? + echo alpha-pc-interix + exit ;; + 21064:Windows_NT:50:3) + echo alpha-dec-winnt3.5 + exit ;; + Amiga*:UNIX_System_V:4.0:*) + echo m68k-unknown-sysv4 + exit ;; + *:[Aa]miga[Oo][Ss]:*:*) + echo ${UNAME_MACHINE}-unknown-amigaos + exit ;; + *:[Mm]orph[Oo][Ss]:*:*) + echo ${UNAME_MACHINE}-unknown-morphos + exit ;; + *:OS/390:*:*) + echo i370-ibm-openedition + exit ;; + *:z/VM:*:*) + echo s390-ibm-zvmoe + exit ;; + *:OS400:*:*) + echo powerpc-ibm-os400 + exit ;; + arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*) + echo arm-acorn-riscix${UNAME_RELEASE} + exit ;; + arm:riscos:*:*|arm:RISCOS:*:*) + echo arm-unknown-riscos + exit ;; + SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*) + echo hppa1.1-hitachi-hiuxmpp + exit ;; + Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*) + # akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE. + if test "`(/bin/universe) 2>/dev/null`" = att ; then + echo pyramid-pyramid-sysv3 + else + echo pyramid-pyramid-bsd + fi + exit ;; + NILE*:*:*:dcosx) + echo pyramid-pyramid-svr4 + exit ;; + DRS?6000:unix:4.0:6*) + echo sparc-icl-nx6 + exit ;; + DRS?6000:UNIX_SV:4.2*:7* | DRS?6000:isis:4.2*:7*) + case `/usr/bin/uname -p` in + sparc) echo sparc-icl-nx7; exit ;; + esac ;; + s390x:SunOS:*:*) + echo ${UNAME_MACHINE}-ibm-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + exit ;; + sun4H:SunOS:5.*:*) + echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + exit ;; + sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*) + echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + exit ;; + i86pc:AuroraUX:5.*:* | i86xen:AuroraUX:5.*:*) + echo i386-pc-auroraux${UNAME_RELEASE} + exit ;; + i86pc:SunOS:5.*:* | i86xen:SunOS:5.*:*) + eval $set_cc_for_build + SUN_ARCH="i386" + # If there is a compiler, see if it is configured for 64-bit objects. + # Note that the Sun cc does not turn __LP64__ into 1 like gcc does. + # This test works for both compilers. + if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then + if (echo '#ifdef __amd64'; echo IS_64BIT_ARCH; echo '#endif') | \ + (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \ + grep IS_64BIT_ARCH >/dev/null + then + SUN_ARCH="x86_64" + fi + fi + echo ${SUN_ARCH}-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + exit ;; + sun4*:SunOS:6*:*) + # According to config.sub, this is the proper way to canonicalize + # SunOS6. Hard to guess exactly what SunOS6 will be like, but + # it's likely to be more like Solaris than SunOS4. + echo sparc-sun-solaris3`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + exit ;; + sun4*:SunOS:*:*) + case "`/usr/bin/arch -k`" in + Series*|S4*) + UNAME_RELEASE=`uname -v` + ;; + esac + # Japanese Language versions have a version number like `4.1.3-JL'. + echo sparc-sun-sunos`echo ${UNAME_RELEASE}|sed -e 's/-/_/'` + exit ;; + sun3*:SunOS:*:*) + echo m68k-sun-sunos${UNAME_RELEASE} + exit ;; + sun*:*:4.2BSD:*) + UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null` + test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3 + case "`/bin/arch`" in + sun3) + echo m68k-sun-sunos${UNAME_RELEASE} + ;; + sun4) + echo sparc-sun-sunos${UNAME_RELEASE} + ;; + esac + exit ;; + aushp:SunOS:*:*) + echo sparc-auspex-sunos${UNAME_RELEASE} + exit ;; + # The situation for MiNT is a little confusing. The machine name + # can be virtually everything (everything which is not + # "atarist" or "atariste" at least should have a processor + # > m68000). The system name ranges from "MiNT" over "FreeMiNT" + # to the lowercase version "mint" (or "freemint"). Finally + # the system name "TOS" denotes a system which is actually not + # MiNT. But MiNT is downward compatible to TOS, so this should + # be no problem. + atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*) + echo m68k-atari-mint${UNAME_RELEASE} + exit ;; + atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*) + echo m68k-atari-mint${UNAME_RELEASE} + exit ;; + *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*) + echo m68k-atari-mint${UNAME_RELEASE} + exit ;; + milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*) + echo m68k-milan-mint${UNAME_RELEASE} + exit ;; + hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*) + echo m68k-hades-mint${UNAME_RELEASE} + exit ;; + *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*) + echo m68k-unknown-mint${UNAME_RELEASE} + exit ;; + m68k:machten:*:*) + echo m68k-apple-machten${UNAME_RELEASE} + exit ;; + powerpc:machten:*:*) + echo powerpc-apple-machten${UNAME_RELEASE} + exit ;; + RISC*:Mach:*:*) + echo mips-dec-mach_bsd4.3 + exit ;; + RISC*:ULTRIX:*:*) + echo mips-dec-ultrix${UNAME_RELEASE} + exit ;; + VAX*:ULTRIX*:*:*) + echo vax-dec-ultrix${UNAME_RELEASE} + exit ;; + 2020:CLIX:*:* | 2430:CLIX:*:*) + echo clipper-intergraph-clix${UNAME_RELEASE} + exit ;; + mips:*:*:UMIPS | mips:*:*:RISCos) + eval $set_cc_for_build + sed 's/^ //' << EOF >$dummy.c +#ifdef __cplusplus +#include /* for printf() prototype */ + int main (int argc, char *argv[]) { +#else + int main (argc, argv) int argc; char *argv[]; { +#endif + #if defined (host_mips) && defined (MIPSEB) + #if defined (SYSTYPE_SYSV) + printf ("mips-mips-riscos%ssysv\n", argv[1]); exit (0); + #endif + #if defined (SYSTYPE_SVR4) + printf ("mips-mips-riscos%ssvr4\n", argv[1]); exit (0); + #endif + #if defined (SYSTYPE_BSD43) || defined(SYSTYPE_BSD) + printf ("mips-mips-riscos%sbsd\n", argv[1]); exit (0); + #endif + #endif + exit (-1); + } +EOF + $CC_FOR_BUILD -o $dummy $dummy.c && + dummyarg=`echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` && + SYSTEM_NAME=`$dummy $dummyarg` && + { echo "$SYSTEM_NAME"; exit; } + echo mips-mips-riscos${UNAME_RELEASE} + exit ;; + Motorola:PowerMAX_OS:*:*) + echo powerpc-motorola-powermax + exit ;; + Motorola:*:4.3:PL8-*) + echo powerpc-harris-powermax + exit ;; + Night_Hawk:*:*:PowerMAX_OS | Synergy:PowerMAX_OS:*:*) + echo powerpc-harris-powermax + exit ;; + Night_Hawk:Power_UNIX:*:*) + echo powerpc-harris-powerunix + exit ;; + m88k:CX/UX:7*:*) + echo m88k-harris-cxux7 + exit ;; + m88k:*:4*:R4*) + echo m88k-motorola-sysv4 + exit ;; + m88k:*:3*:R3*) + echo m88k-motorola-sysv3 + exit ;; + AViiON:dgux:*:*) + # DG/UX returns AViiON for all architectures + UNAME_PROCESSOR=`/usr/bin/uname -p` + if [ $UNAME_PROCESSOR = mc88100 ] || [ $UNAME_PROCESSOR = mc88110 ] + then + if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx ] || \ + [ ${TARGET_BINARY_INTERFACE}x = x ] + then + echo m88k-dg-dgux${UNAME_RELEASE} + else + echo m88k-dg-dguxbcs${UNAME_RELEASE} + fi + else + echo i586-dg-dgux${UNAME_RELEASE} + fi + exit ;; + M88*:DolphinOS:*:*) # DolphinOS (SVR3) + echo m88k-dolphin-sysv3 + exit ;; + M88*:*:R3*:*) + # Delta 88k system running SVR3 + echo m88k-motorola-sysv3 + exit ;; + XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3) + echo m88k-tektronix-sysv3 + exit ;; + Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD) + echo m68k-tektronix-bsd + exit ;; + *:IRIX*:*:*) + echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'` + exit ;; + ????????:AIX?:[12].1:2) # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX. + echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id + exit ;; # Note that: echo "'`uname -s`'" gives 'AIX ' + i*86:AIX:*:*) + echo i386-ibm-aix + exit ;; + ia64:AIX:*:*) + if [ -x /usr/bin/oslevel ] ; then + IBM_REV=`/usr/bin/oslevel` + else + IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE} + fi + echo ${UNAME_MACHINE}-ibm-aix${IBM_REV} + exit ;; + *:AIX:2:3) + if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then + eval $set_cc_for_build + sed 's/^ //' << EOF >$dummy.c + #include + + main() + { + if (!__power_pc()) + exit(1); + puts("powerpc-ibm-aix3.2.5"); + exit(0); + } +EOF + if $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` + then + echo "$SYSTEM_NAME" + else + echo rs6000-ibm-aix3.2.5 + fi + elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then + echo rs6000-ibm-aix3.2.4 + else + echo rs6000-ibm-aix3.2 + fi + exit ;; + *:AIX:*:[4567]) + IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'` + if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then + IBM_ARCH=rs6000 + else + IBM_ARCH=powerpc + fi + if [ -x /usr/bin/oslevel ] ; then + IBM_REV=`/usr/bin/oslevel` + else + IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE} + fi + echo ${IBM_ARCH}-ibm-aix${IBM_REV} + exit ;; + *:AIX:*:*) + echo rs6000-ibm-aix + exit ;; + ibmrt:4.4BSD:*|romp-ibm:BSD:*) + echo romp-ibm-bsd4.4 + exit ;; + ibmrt:*BSD:*|romp-ibm:BSD:*) # covers RT/PC BSD and + echo romp-ibm-bsd${UNAME_RELEASE} # 4.3 with uname added to + exit ;; # report: romp-ibm BSD 4.3 + *:BOSX:*:*) + echo rs6000-bull-bosx + exit ;; + DPX/2?00:B.O.S.:*:*) + echo m68k-bull-sysv3 + exit ;; + 9000/[34]??:4.3bsd:1.*:*) + echo m68k-hp-bsd + exit ;; + hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*) + echo m68k-hp-bsd4.4 + exit ;; + 9000/[34678]??:HP-UX:*:*) + HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'` + case "${UNAME_MACHINE}" in + 9000/31? ) HP_ARCH=m68000 ;; + 9000/[34]?? ) HP_ARCH=m68k ;; + 9000/[678][0-9][0-9]) + if [ -x /usr/bin/getconf ]; then + sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null` + sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null` + case "${sc_cpu_version}" in + 523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0 + 528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1 + 532) # CPU_PA_RISC2_0 + case "${sc_kernel_bits}" in + 32) HP_ARCH="hppa2.0n" ;; + 64) HP_ARCH="hppa2.0w" ;; + '') HP_ARCH="hppa2.0" ;; # HP-UX 10.20 + esac ;; + esac + fi + if [ "${HP_ARCH}" = "" ]; then + eval $set_cc_for_build + sed 's/^ //' << EOF >$dummy.c + + #define _HPUX_SOURCE + #include + #include + + int main () + { + #if defined(_SC_KERNEL_BITS) + long bits = sysconf(_SC_KERNEL_BITS); + #endif + long cpu = sysconf (_SC_CPU_VERSION); + + switch (cpu) + { + case CPU_PA_RISC1_0: puts ("hppa1.0"); break; + case CPU_PA_RISC1_1: puts ("hppa1.1"); break; + case CPU_PA_RISC2_0: + #if defined(_SC_KERNEL_BITS) + switch (bits) + { + case 64: puts ("hppa2.0w"); break; + case 32: puts ("hppa2.0n"); break; + default: puts ("hppa2.0"); break; + } break; + #else /* !defined(_SC_KERNEL_BITS) */ + puts ("hppa2.0"); break; + #endif + default: puts ("hppa1.0"); break; + } + exit (0); + } +EOF + (CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy` + test -z "$HP_ARCH" && HP_ARCH=hppa + fi ;; + esac + if [ ${HP_ARCH} = "hppa2.0w" ] + then + eval $set_cc_for_build + + # hppa2.0w-hp-hpux* has a 64-bit kernel and a compiler generating + # 32-bit code. hppa64-hp-hpux* has the same kernel and a compiler + # generating 64-bit code. GNU and HP use different nomenclature: + # + # $ CC_FOR_BUILD=cc ./config.guess + # => hppa2.0w-hp-hpux11.23 + # $ CC_FOR_BUILD="cc +DA2.0w" ./config.guess + # => hppa64-hp-hpux11.23 + + if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | + grep -q __LP64__ + then + HP_ARCH="hppa2.0w" + else + HP_ARCH="hppa64" + fi + fi + echo ${HP_ARCH}-hp-hpux${HPUX_REV} + exit ;; + ia64:HP-UX:*:*) + HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'` + echo ia64-hp-hpux${HPUX_REV} + exit ;; + 3050*:HI-UX:*:*) + eval $set_cc_for_build + sed 's/^ //' << EOF >$dummy.c + #include + int + main () + { + long cpu = sysconf (_SC_CPU_VERSION); + /* The order matters, because CPU_IS_HP_MC68K erroneously returns + true for CPU_PA_RISC1_0. CPU_IS_PA_RISC returns correct + results, however. */ + if (CPU_IS_PA_RISC (cpu)) + { + switch (cpu) + { + case CPU_PA_RISC1_0: puts ("hppa1.0-hitachi-hiuxwe2"); break; + case CPU_PA_RISC1_1: puts ("hppa1.1-hitachi-hiuxwe2"); break; + case CPU_PA_RISC2_0: puts ("hppa2.0-hitachi-hiuxwe2"); break; + default: puts ("hppa-hitachi-hiuxwe2"); break; + } + } + else if (CPU_IS_HP_MC68K (cpu)) + puts ("m68k-hitachi-hiuxwe2"); + else puts ("unknown-hitachi-hiuxwe2"); + exit (0); + } +EOF + $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` && + { echo "$SYSTEM_NAME"; exit; } + echo unknown-hitachi-hiuxwe2 + exit ;; + 9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* ) + echo hppa1.1-hp-bsd + exit ;; + 9000/8??:4.3bsd:*:*) + echo hppa1.0-hp-bsd + exit ;; + *9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*) + echo hppa1.0-hp-mpeix + exit ;; + hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* ) + echo hppa1.1-hp-osf + exit ;; + hp8??:OSF1:*:*) + echo hppa1.0-hp-osf + exit ;; + i*86:OSF1:*:*) + if [ -x /usr/sbin/sysversion ] ; then + echo ${UNAME_MACHINE}-unknown-osf1mk + else + echo ${UNAME_MACHINE}-unknown-osf1 + fi + exit ;; + parisc*:Lites*:*:*) + echo hppa1.1-hp-lites + exit ;; + C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*) + echo c1-convex-bsd + exit ;; + C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*) + if getsysinfo -f scalar_acc + then echo c32-convex-bsd + else echo c2-convex-bsd + fi + exit ;; + C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*) + echo c34-convex-bsd + exit ;; + C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*) + echo c38-convex-bsd + exit ;; + C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*) + echo c4-convex-bsd + exit ;; + CRAY*Y-MP:*:*:*) + echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' + exit ;; + CRAY*[A-Z]90:*:*:*) + echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \ + | sed -e 's/CRAY.*\([A-Z]90\)/\1/' \ + -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ \ + -e 's/\.[^.]*$/.X/' + exit ;; + CRAY*TS:*:*:*) + echo t90-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' + exit ;; + CRAY*T3E:*:*:*) + echo alphaev5-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' + exit ;; + CRAY*SV1:*:*:*) + echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' + exit ;; + *:UNICOS/mp:*:*) + echo craynv-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' + exit ;; + F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*) + FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` + FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` + FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'` + echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" + exit ;; + 5000:UNIX_System_V:4.*:*) + FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` + FUJITSU_REL=`echo ${UNAME_RELEASE} | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/ /_/'` + echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" + exit ;; + i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*) + echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE} + exit ;; + sparc*:BSD/OS:*:*) + echo sparc-unknown-bsdi${UNAME_RELEASE} + exit ;; + *:BSD/OS:*:*) + echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE} + exit ;; + *:FreeBSD:*:*) + UNAME_PROCESSOR=`/usr/bin/uname -p` + case ${UNAME_PROCESSOR} in + amd64) + echo x86_64-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; + *) + echo ${UNAME_PROCESSOR}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; + esac + exit ;; + i*:CYGWIN*:*) + echo ${UNAME_MACHINE}-pc-cygwin + exit ;; + *:MINGW*:*) + echo ${UNAME_MACHINE}-pc-mingw32 + exit ;; + i*:MSYS*:*) + echo ${UNAME_MACHINE}-pc-msys + exit ;; + i*:windows32*:*) + # uname -m includes "-pc" on this system. + echo ${UNAME_MACHINE}-mingw32 + exit ;; + i*:PW*:*) + echo ${UNAME_MACHINE}-pc-pw32 + exit ;; + *:Interix*:*) + case ${UNAME_MACHINE} in + x86) + echo i586-pc-interix${UNAME_RELEASE} + exit ;; + authenticamd | genuineintel | EM64T) + echo x86_64-unknown-interix${UNAME_RELEASE} + exit ;; + IA64) + echo ia64-unknown-interix${UNAME_RELEASE} + exit ;; + esac ;; + [345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*) + echo i${UNAME_MACHINE}-pc-mks + exit ;; + 8664:Windows_NT:*) + echo x86_64-pc-mks + exit ;; + i*:Windows_NT*:* | Pentium*:Windows_NT*:*) + # How do we know it's Interix rather than the generic POSIX subsystem? + # It also conflicts with pre-2.0 versions of AT&T UWIN. Should we + # UNAME_MACHINE based on the output of uname instead of i386? + echo i586-pc-interix + exit ;; + i*:UWIN*:*) + echo ${UNAME_MACHINE}-pc-uwin + exit ;; + amd64:CYGWIN*:*:* | x86_64:CYGWIN*:*:*) + echo x86_64-unknown-cygwin + exit ;; + p*:CYGWIN*:*) + echo powerpcle-unknown-cygwin + exit ;; + prep*:SunOS:5.*:*) + echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + exit ;; + *:GNU:*:*) + # the GNU system + echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'` + exit ;; + *:GNU/*:*:*) + # other systems with GNU libc and userland + echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-gnu + exit ;; + i*86:Minix:*:*) + echo ${UNAME_MACHINE}-pc-minix + exit ;; + alpha:Linux:*:*) + case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in + EV5) UNAME_MACHINE=alphaev5 ;; + EV56) UNAME_MACHINE=alphaev56 ;; + PCA56) UNAME_MACHINE=alphapca56 ;; + PCA57) UNAME_MACHINE=alphapca56 ;; + EV6) UNAME_MACHINE=alphaev6 ;; + EV67) UNAME_MACHINE=alphaev67 ;; + EV68*) UNAME_MACHINE=alphaev68 ;; + esac + objdump --private-headers /bin/sh | grep -q ld.so.1 + if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi + echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC} + exit ;; + arm*:Linux:*:*) + eval $set_cc_for_build + if echo __ARM_EABI__ | $CC_FOR_BUILD -E - 2>/dev/null \ + | grep -q __ARM_EABI__ + then + echo ${UNAME_MACHINE}-unknown-linux-gnu + else + if echo __ARM_PCS_VFP | $CC_FOR_BUILD -E - 2>/dev/null \ + | grep -q __ARM_PCS_VFP + then + echo ${UNAME_MACHINE}-unknown-linux-gnueabi + else + echo ${UNAME_MACHINE}-unknown-linux-gnueabihf + fi + fi + exit ;; + avr32*:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit ;; + cris:Linux:*:*) + echo ${UNAME_MACHINE}-axis-linux-gnu + exit ;; + crisv32:Linux:*:*) + echo ${UNAME_MACHINE}-axis-linux-gnu + exit ;; + frv:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit ;; + hexagon:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit ;; + i*86:Linux:*:*) + LIBC=gnu + eval $set_cc_for_build + sed 's/^ //' << EOF >$dummy.c + #ifdef __dietlibc__ + LIBC=dietlibc + #endif +EOF + eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^LIBC'` + echo "${UNAME_MACHINE}-pc-linux-${LIBC}" + exit ;; + ia64:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit ;; + m32r*:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit ;; + m68*:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit ;; + mips:Linux:*:* | mips64:Linux:*:*) + eval $set_cc_for_build + sed 's/^ //' << EOF >$dummy.c + #undef CPU + #undef ${UNAME_MACHINE} + #undef ${UNAME_MACHINE}el + #if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL) + CPU=${UNAME_MACHINE}el + #else + #if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB) + CPU=${UNAME_MACHINE} + #else + CPU= + #endif + #endif +EOF + eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^CPU'` + test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; } + ;; + or32:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit ;; + padre:Linux:*:*) + echo sparc-unknown-linux-gnu + exit ;; + parisc64:Linux:*:* | hppa64:Linux:*:*) + echo hppa64-unknown-linux-gnu + exit ;; + parisc:Linux:*:* | hppa:Linux:*:*) + # Look for CPU level + case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in + PA7*) echo hppa1.1-unknown-linux-gnu ;; + PA8*) echo hppa2.0-unknown-linux-gnu ;; + *) echo hppa-unknown-linux-gnu ;; + esac + exit ;; + ppc64:Linux:*:*) + echo powerpc64-unknown-linux-gnu + exit ;; + ppc:Linux:*:*) + echo powerpc-unknown-linux-gnu + exit ;; + s390:Linux:*:* | s390x:Linux:*:*) + echo ${UNAME_MACHINE}-ibm-linux + exit ;; + sh64*:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit ;; + sh*:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit ;; + sparc:Linux:*:* | sparc64:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit ;; + tile*:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit ;; + vax:Linux:*:*) + echo ${UNAME_MACHINE}-dec-linux-gnu + exit ;; + x86_64:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit ;; + xtensa*:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit ;; + i*86:DYNIX/ptx:4*:*) + # ptx 4.0 does uname -s correctly, with DYNIX/ptx in there. + # earlier versions are messed up and put the nodename in both + # sysname and nodename. + echo i386-sequent-sysv4 + exit ;; + i*86:UNIX_SV:4.2MP:2.*) + # Unixware is an offshoot of SVR4, but it has its own version + # number series starting with 2... + # I am not positive that other SVR4 systems won't match this, + # I just have to hope. -- rms. + # Use sysv4.2uw... so that sysv4* matches it. + echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION} + exit ;; + i*86:OS/2:*:*) + # If we were able to find `uname', then EMX Unix compatibility + # is probably installed. + echo ${UNAME_MACHINE}-pc-os2-emx + exit ;; + i*86:XTS-300:*:STOP) + echo ${UNAME_MACHINE}-unknown-stop + exit ;; + i*86:atheos:*:*) + echo ${UNAME_MACHINE}-unknown-atheos + exit ;; + i*86:syllable:*:*) + echo ${UNAME_MACHINE}-pc-syllable + exit ;; + i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.[02]*:*) + echo i386-unknown-lynxos${UNAME_RELEASE} + exit ;; + i*86:*DOS:*:*) + echo ${UNAME_MACHINE}-pc-msdosdjgpp + exit ;; + i*86:*:4.*:* | i*86:SYSTEM_V:4.*:*) + UNAME_REL=`echo ${UNAME_RELEASE} | sed 's/\/MP$//'` + if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then + echo ${UNAME_MACHINE}-univel-sysv${UNAME_REL} + else + echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL} + fi + exit ;; + i*86:*:5:[678]*) + # UnixWare 7.x, OpenUNIX and OpenServer 6. + case `/bin/uname -X | grep "^Machine"` in + *486*) UNAME_MACHINE=i486 ;; + *Pentium) UNAME_MACHINE=i586 ;; + *Pent*|*Celeron) UNAME_MACHINE=i686 ;; + esac + echo ${UNAME_MACHINE}-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION} + exit ;; + i*86:*:3.2:*) + if test -f /usr/options/cb.name; then + UNAME_REL=`sed -n 's/.*Version //p' /dev/null >/dev/null ; then + UNAME_REL=`(/bin/uname -X|grep Release|sed -e 's/.*= //')` + (/bin/uname -X|grep i80486 >/dev/null) && UNAME_MACHINE=i486 + (/bin/uname -X|grep '^Machine.*Pentium' >/dev/null) \ + && UNAME_MACHINE=i586 + (/bin/uname -X|grep '^Machine.*Pent *II' >/dev/null) \ + && UNAME_MACHINE=i686 + (/bin/uname -X|grep '^Machine.*Pentium Pro' >/dev/null) \ + && UNAME_MACHINE=i686 + echo ${UNAME_MACHINE}-pc-sco$UNAME_REL + else + echo ${UNAME_MACHINE}-pc-sysv32 + fi + exit ;; + pc:*:*:*) + # Left here for compatibility: + # uname -m prints for DJGPP always 'pc', but it prints nothing about + # the processor, so we play safe by assuming i586. + # Note: whatever this is, it MUST be the same as what config.sub + # prints for the "djgpp" host, or else GDB configury will decide that + # this is a cross-build. + echo i586-pc-msdosdjgpp + exit ;; + Intel:Mach:3*:*) + echo i386-pc-mach3 + exit ;; + paragon:*:*:*) + echo i860-intel-osf1 + exit ;; + i860:*:4.*:*) # i860-SVR4 + if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then + echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4 + else # Add other i860-SVR4 vendors below as they are discovered. + echo i860-unknown-sysv${UNAME_RELEASE} # Unknown i860-SVR4 + fi + exit ;; + mini*:CTIX:SYS*5:*) + # "miniframe" + echo m68010-convergent-sysv + exit ;; + mc68k:UNIX:SYSTEM5:3.51m) + echo m68k-convergent-sysv + exit ;; + M680?0:D-NIX:5.3:*) + echo m68k-diab-dnix + exit ;; + M68*:*:R3V[5678]*:*) + test -r /sysV68 && { echo 'm68k-motorola-sysv'; exit; } ;; + 3[345]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0 | SHG2:*:4.0:3.0 | S7501*:*:4.0:3.0) + OS_REL='' + test -r /etc/.relid \ + && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid` + /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ + && { echo i486-ncr-sysv4.3${OS_REL}; exit; } + /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ + && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;; + 3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*) + /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ + && { echo i486-ncr-sysv4; exit; } ;; + NCR*:*:4.2:* | MPRAS*:*:4.2:*) + OS_REL='.3' + test -r /etc/.relid \ + && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid` + /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ + && { echo i486-ncr-sysv4.3${OS_REL}; exit; } + /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ + && { echo i586-ncr-sysv4.3${OS_REL}; exit; } + /bin/uname -p 2>/dev/null | /bin/grep pteron >/dev/null \ + && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;; + m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*) + echo m68k-unknown-lynxos${UNAME_RELEASE} + exit ;; + mc68030:UNIX_System_V:4.*:*) + echo m68k-atari-sysv4 + exit ;; + TSUNAMI:LynxOS:2.*:*) + echo sparc-unknown-lynxos${UNAME_RELEASE} + exit ;; + rs6000:LynxOS:2.*:*) + echo rs6000-unknown-lynxos${UNAME_RELEASE} + exit ;; + PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.[02]*:*) + echo powerpc-unknown-lynxos${UNAME_RELEASE} + exit ;; + SM[BE]S:UNIX_SV:*:*) + echo mips-dde-sysv${UNAME_RELEASE} + exit ;; + RM*:ReliantUNIX-*:*:*) + echo mips-sni-sysv4 + exit ;; + RM*:SINIX-*:*:*) + echo mips-sni-sysv4 + exit ;; + *:SINIX-*:*:*) + if uname -p 2>/dev/null >/dev/null ; then + UNAME_MACHINE=`(uname -p) 2>/dev/null` + echo ${UNAME_MACHINE}-sni-sysv4 + else + echo ns32k-sni-sysv + fi + exit ;; + PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort + # says + echo i586-unisys-sysv4 + exit ;; + *:UNIX_System_V:4*:FTX*) + # From Gerald Hewes . + # How about differentiating between stratus architectures? -djm + echo hppa1.1-stratus-sysv4 + exit ;; + *:*:*:FTX*) + # From seanf@swdc.stratus.com. + echo i860-stratus-sysv4 + exit ;; + i*86:VOS:*:*) + # From Paul.Green@stratus.com. + echo ${UNAME_MACHINE}-stratus-vos + exit ;; + *:VOS:*:*) + # From Paul.Green@stratus.com. + echo hppa1.1-stratus-vos + exit ;; + mc68*:A/UX:*:*) + echo m68k-apple-aux${UNAME_RELEASE} + exit ;; + news*:NEWS-OS:6*:*) + echo mips-sony-newsos6 + exit ;; + R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*) + if [ -d /usr/nec ]; then + echo mips-nec-sysv${UNAME_RELEASE} + else + echo mips-unknown-sysv${UNAME_RELEASE} + fi + exit ;; + BeBox:BeOS:*:*) # BeOS running on hardware made by Be, PPC only. + echo powerpc-be-beos + exit ;; + BeMac:BeOS:*:*) # BeOS running on Mac or Mac clone, PPC only. + echo powerpc-apple-beos + exit ;; + BePC:BeOS:*:*) # BeOS running on Intel PC compatible. + echo i586-pc-beos + exit ;; + BePC:Haiku:*:*) # Haiku running on Intel PC compatible. + echo i586-pc-haiku + exit ;; + SX-4:SUPER-UX:*:*) + echo sx4-nec-superux${UNAME_RELEASE} + exit ;; + SX-5:SUPER-UX:*:*) + echo sx5-nec-superux${UNAME_RELEASE} + exit ;; + SX-6:SUPER-UX:*:*) + echo sx6-nec-superux${UNAME_RELEASE} + exit ;; + SX-7:SUPER-UX:*:*) + echo sx7-nec-superux${UNAME_RELEASE} + exit ;; + SX-8:SUPER-UX:*:*) + echo sx8-nec-superux${UNAME_RELEASE} + exit ;; + SX-8R:SUPER-UX:*:*) + echo sx8r-nec-superux${UNAME_RELEASE} + exit ;; + Power*:Rhapsody:*:*) + echo powerpc-apple-rhapsody${UNAME_RELEASE} + exit ;; + *:Rhapsody:*:*) + echo ${UNAME_MACHINE}-apple-rhapsody${UNAME_RELEASE} + exit ;; + *:Darwin:*:*) + UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown + case $UNAME_PROCESSOR in + i386) + eval $set_cc_for_build + if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then + if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \ + (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \ + grep IS_64BIT_ARCH >/dev/null + then + UNAME_PROCESSOR="x86_64" + fi + fi ;; + unknown) UNAME_PROCESSOR=powerpc ;; + esac + echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE} + exit ;; + *:procnto*:*:* | *:QNX:[0123456789]*:*) + UNAME_PROCESSOR=`uname -p` + if test "$UNAME_PROCESSOR" = "x86"; then + UNAME_PROCESSOR=i386 + UNAME_MACHINE=pc + fi + echo ${UNAME_PROCESSOR}-${UNAME_MACHINE}-nto-qnx${UNAME_RELEASE} + exit ;; + *:QNX:*:4*) + echo i386-pc-qnx + exit ;; + NEO-?:NONSTOP_KERNEL:*:*) + echo neo-tandem-nsk${UNAME_RELEASE} + exit ;; + NSE-?:NONSTOP_KERNEL:*:*) + echo nse-tandem-nsk${UNAME_RELEASE} + exit ;; + NSR-?:NONSTOP_KERNEL:*:*) + echo nsr-tandem-nsk${UNAME_RELEASE} + exit ;; + *:NonStop-UX:*:*) + echo mips-compaq-nonstopux + exit ;; + BS2000:POSIX*:*:*) + echo bs2000-siemens-sysv + exit ;; + DS/*:UNIX_System_V:*:*) + echo ${UNAME_MACHINE}-${UNAME_SYSTEM}-${UNAME_RELEASE} + exit ;; + *:Plan9:*:*) + # "uname -m" is not consistent, so use $cputype instead. 386 + # is converted to i386 for consistency with other x86 + # operating systems. + if test "$cputype" = "386"; then + UNAME_MACHINE=i386 + else + UNAME_MACHINE="$cputype" + fi + echo ${UNAME_MACHINE}-unknown-plan9 + exit ;; + *:TOPS-10:*:*) + echo pdp10-unknown-tops10 + exit ;; + *:TENEX:*:*) + echo pdp10-unknown-tenex + exit ;; + KS10:TOPS-20:*:* | KL10:TOPS-20:*:* | TYPE4:TOPS-20:*:*) + echo pdp10-dec-tops20 + exit ;; + XKL-1:TOPS-20:*:* | TYPE5:TOPS-20:*:*) + echo pdp10-xkl-tops20 + exit ;; + *:TOPS-20:*:*) + echo pdp10-unknown-tops20 + exit ;; + *:ITS:*:*) + echo pdp10-unknown-its + exit ;; + SEI:*:*:SEIUX) + echo mips-sei-seiux${UNAME_RELEASE} + exit ;; + *:DragonFly:*:*) + echo ${UNAME_MACHINE}-unknown-dragonfly`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` + exit ;; + *:*VMS:*:*) + UNAME_MACHINE=`(uname -p) 2>/dev/null` + case "${UNAME_MACHINE}" in + A*) echo alpha-dec-vms ; exit ;; + I*) echo ia64-dec-vms ; exit ;; + V*) echo vax-dec-vms ; exit ;; + esac ;; + *:XENIX:*:SysV) + echo i386-pc-xenix + exit ;; + i*86:skyos:*:*) + echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE}` | sed -e 's/ .*$//' + exit ;; + i*86:rdos:*:*) + echo ${UNAME_MACHINE}-pc-rdos + exit ;; + i*86:AROS:*:*) + echo ${UNAME_MACHINE}-pc-aros + exit ;; +esac + +#echo '(No uname command or uname output not recognized.)' 1>&2 +#echo "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" 1>&2 + +eval $set_cc_for_build +cat >$dummy.c < +# include +#endif +main () +{ +#if defined (sony) +#if defined (MIPSEB) + /* BFD wants "bsd" instead of "newsos". Perhaps BFD should be changed, + I don't know.... */ + printf ("mips-sony-bsd\n"); exit (0); +#else +#include + printf ("m68k-sony-newsos%s\n", +#ifdef NEWSOS4 + "4" +#else + "" +#endif + ); exit (0); +#endif +#endif + +#if defined (__arm) && defined (__acorn) && defined (__unix) + printf ("arm-acorn-riscix\n"); exit (0); +#endif + +#if defined (hp300) && !defined (hpux) + printf ("m68k-hp-bsd\n"); exit (0); +#endif + +#if defined (NeXT) +#if !defined (__ARCHITECTURE__) +#define __ARCHITECTURE__ "m68k" +#endif + int version; + version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`; + if (version < 4) + printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version); + else + printf ("%s-next-openstep%d\n", __ARCHITECTURE__, version); + exit (0); +#endif + +#if defined (MULTIMAX) || defined (n16) +#if defined (UMAXV) + printf ("ns32k-encore-sysv\n"); exit (0); +#else +#if defined (CMU) + printf ("ns32k-encore-mach\n"); exit (0); +#else + printf ("ns32k-encore-bsd\n"); exit (0); +#endif +#endif +#endif + +#if defined (__386BSD__) + printf ("i386-pc-bsd\n"); exit (0); +#endif + +#if defined (sequent) +#if defined (i386) + printf ("i386-sequent-dynix\n"); exit (0); +#endif +#if defined (ns32000) + printf ("ns32k-sequent-dynix\n"); exit (0); +#endif +#endif + +#if defined (_SEQUENT_) + struct utsname un; + + uname(&un); + + if (strncmp(un.version, "V2", 2) == 0) { + printf ("i386-sequent-ptx2\n"); exit (0); + } + if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */ + printf ("i386-sequent-ptx1\n"); exit (0); + } + printf ("i386-sequent-ptx\n"); exit (0); + +#endif + +#if defined (vax) +# if !defined (ultrix) +# include +# if defined (BSD) +# if BSD == 43 + printf ("vax-dec-bsd4.3\n"); exit (0); +# else +# if BSD == 199006 + printf ("vax-dec-bsd4.3reno\n"); exit (0); +# else + printf ("vax-dec-bsd\n"); exit (0); +# endif +# endif +# else + printf ("vax-dec-bsd\n"); exit (0); +# endif +# else + printf ("vax-dec-ultrix\n"); exit (0); +# endif +#endif + +#if defined (alliant) && defined (i860) + printf ("i860-alliant-bsd\n"); exit (0); +#endif + + exit (1); +} +EOF + +$CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && SYSTEM_NAME=`$dummy` && + { echo "$SYSTEM_NAME"; exit; } + +# Apollos put the system type in the environment. + +test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit; } + +# Convex versions that predate uname can use getsysinfo(1) + +if [ -x /usr/convex/getsysinfo ] +then + case `getsysinfo -f cpu_type` in + c1*) + echo c1-convex-bsd + exit ;; + c2*) + if getsysinfo -f scalar_acc + then echo c32-convex-bsd + else echo c2-convex-bsd + fi + exit ;; + c34*) + echo c34-convex-bsd + exit ;; + c38*) + echo c38-convex-bsd + exit ;; + c4*) + echo c4-convex-bsd + exit ;; + esac +fi + +cat >&2 < in order to provide the needed +information to handle your system. + +config.guess timestamp = $timestamp + +uname -m = `(uname -m) 2>/dev/null || echo unknown` +uname -r = `(uname -r) 2>/dev/null || echo unknown` +uname -s = `(uname -s) 2>/dev/null || echo unknown` +uname -v = `(uname -v) 2>/dev/null || echo unknown` + +/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null` +/bin/uname -X = `(/bin/uname -X) 2>/dev/null` + +hostinfo = `(hostinfo) 2>/dev/null` +/bin/universe = `(/bin/universe) 2>/dev/null` +/usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null` +/bin/arch = `(/bin/arch) 2>/dev/null` +/usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null` +/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null` + +UNAME_MACHINE = ${UNAME_MACHINE} +UNAME_RELEASE = ${UNAME_RELEASE} +UNAME_SYSTEM = ${UNAME_SYSTEM} +UNAME_VERSION = ${UNAME_VERSION} +EOF + +exit 1 + +# Local variables: +# eval: (add-hook 'write-file-hooks 'time-stamp) +# time-stamp-start: "timestamp='" +# time-stamp-format: "%:y-%02m-%02d" +# time-stamp-end: "'" +# End: diff --git a/test/mocklibc/config.h.in b/test/mocklibc/config.h.in new file mode 100644 index 00000000..b3b71ef9 --- /dev/null +++ b/test/mocklibc/config.h.in @@ -0,0 +1,99 @@ +/* config.h.in. Generated from configure.ac by autoheader. */ + +/* Define to 1 if you have the header file. */ +#undef HAVE_DLFCN_H + +/* Define to 1 if you have the `endgrent' function. */ +#undef HAVE_ENDGRENT + +/* Define to 1 if you have the `endpwent' function. */ +#undef HAVE_ENDPWENT + +/* Define to 1 if you have the header file. */ +#undef HAVE_INTTYPES_H + +/* Define to 1 if your system has a GNU libc compatible `malloc' function, and + to 0 otherwise. */ +#undef HAVE_MALLOC + +/* Define to 1 if you have the header file. */ +#undef HAVE_MEMORY_H + +/* Define to 1 if you have the `memset' function. */ +#undef HAVE_MEMSET + +/* Define to 1 if you have the header file. */ +#undef HAVE_NETDB_H + +/* Define to 1 if you have the `regcomp' function. */ +#undef HAVE_REGCOMP + +/* Define to 1 if you have the header file. */ +#undef HAVE_STDINT_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_STDLIB_H + +/* Define to 1 if you have the `strdup' function. */ +#undef HAVE_STRDUP + +/* Define to 1 if you have the header file. */ +#undef HAVE_STRINGS_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_STRING_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_STAT_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_TYPES_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_UNISTD_H + +/* Define to the sub-directory in which libtool stores uninstalled libraries. + */ +#undef LT_OBJDIR + +/* Name of package */ +#undef PACKAGE + +/* Define to the address where bug reports for this package should be sent. */ +#undef PACKAGE_BUGREPORT + +/* Define to the full name of this package. */ +#undef PACKAGE_NAME + +/* Define to the full name and version of this package. */ +#undef PACKAGE_STRING + +/* Define to the one symbol short name of this package. */ +#undef PACKAGE_TARNAME + +/* Define to the home page for this package. */ +#undef PACKAGE_URL + +/* Define to the version of this package. */ +#undef PACKAGE_VERSION + +/* Define to 1 if you have the ANSI C header files. */ +#undef STDC_HEADERS + +/* Version number of package */ +#undef VERSION + +/* Define to `int' if doesn't define. */ +#undef gid_t + +/* Define to rpl_malloc if the replacement function should be used. */ +#undef malloc + +/* Define to `unsigned int' if does not define. */ +#undef size_t + +/* Define to `int' if does not define. */ +#undef ssize_t + +/* Define to `int' if doesn't define. */ +#undef uid_t diff --git a/test/mocklibc/config.sub b/test/mocklibc/config.sub new file mode 100755 index 00000000..d6b6b3c7 --- /dev/null +++ b/test/mocklibc/config.sub @@ -0,0 +1,1766 @@ +#! /bin/sh +# Configuration validation subroutine script. +# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, +# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, +# 2011, 2012 Free Software Foundation, Inc. + +timestamp='2012-01-01' + +# This file is (in principle) common to ALL GNU software. +# The presence of a machine in this file suggests that SOME GNU software +# can handle that machine. It does not imply ALL GNU software can. +# +# This file is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA +# 02110-1301, USA. +# +# As a special exception to the GNU General Public License, if you +# distribute this file as part of a program that contains a +# configuration script generated by Autoconf, you may include it under +# the same distribution terms that you use for the rest of that program. + + +# Please send patches to . Submit a context +# diff and a properly formatted GNU ChangeLog entry. +# +# Configuration subroutine to validate and canonicalize a configuration type. +# Supply the specified configuration type as an argument. +# If it is invalid, we print an error message on stderr and exit with code 1. +# Otherwise, we print the canonical config type on stdout and succeed. + +# You can get the latest version of this script from: +# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD + +# This file is supposed to be the same for all GNU packages +# and recognize all the CPU types, system types and aliases +# that are meaningful with *any* GNU software. +# Each package is responsible for reporting which valid configurations +# it does not support. The user should be able to distinguish +# a failure to support a valid configuration from a meaningless +# configuration. + +# The goal of this file is to map all the various variations of a given +# machine specification into a single specification in the form: +# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM +# or in some cases, the newer four-part form: +# CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM +# It is wrong to echo any other type of specification. + +me=`echo "$0" | sed -e 's,.*/,,'` + +usage="\ +Usage: $0 [OPTION] CPU-MFR-OPSYS + $0 [OPTION] ALIAS + +Canonicalize a configuration name. + +Operation modes: + -h, --help print this help, then exit + -t, --time-stamp print date of last modification, then exit + -v, --version print version number, then exit + +Report bugs and patches to ." + +version="\ +GNU config.sub ($timestamp) + +Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, +2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012 +Free Software Foundation, Inc. + +This is free software; see the source for copying conditions. There is NO +warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." + +help=" +Try \`$me --help' for more information." + +# Parse command line +while test $# -gt 0 ; do + case $1 in + --time-stamp | --time* | -t ) + echo "$timestamp" ; exit ;; + --version | -v ) + echo "$version" ; exit ;; + --help | --h* | -h ) + echo "$usage"; exit ;; + -- ) # Stop option processing + shift; break ;; + - ) # Use stdin as input. + break ;; + -* ) + echo "$me: invalid option $1$help" + exit 1 ;; + + *local*) + # First pass through any local machine types. + echo $1 + exit ;; + + * ) + break ;; + esac +done + +case $# in + 0) echo "$me: missing argument$help" >&2 + exit 1;; + 1) ;; + *) echo "$me: too many arguments$help" >&2 + exit 1;; +esac + +# Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any). +# Here we must recognize all the valid KERNEL-OS combinations. +maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'` +case $maybe_os in + nto-qnx* | linux-gnu* | linux-android* | linux-dietlibc | linux-newlib* | \ + linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | \ + knetbsd*-gnu* | netbsd*-gnu* | \ + kopensolaris*-gnu* | \ + storm-chaos* | os2-emx* | rtmk-nova*) + os=-$maybe_os + basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'` + ;; + *) + basic_machine=`echo $1 | sed 's/-[^-]*$//'` + if [ $basic_machine != $1 ] + then os=`echo $1 | sed 's/.*-/-/'` + else os=; fi + ;; +esac + +### Let's recognize common machines as not being operating systems so +### that things like config.sub decstation-3100 work. We also +### recognize some manufacturers as not being operating systems, so we +### can provide default operating systems below. +case $os in + -sun*os*) + # Prevent following clause from handling this invalid input. + ;; + -dec* | -mips* | -sequent* | -encore* | -pc532* | -sgi* | -sony* | \ + -att* | -7300* | -3300* | -delta* | -motorola* | -sun[234]* | \ + -unicom* | -ibm* | -next | -hp | -isi* | -apollo | -altos* | \ + -convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\ + -c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \ + -harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \ + -apple | -axis | -knuth | -cray | -microblaze) + os= + basic_machine=$1 + ;; + -bluegene*) + os=-cnk + ;; + -sim | -cisco | -oki | -wec | -winbond) + os= + basic_machine=$1 + ;; + -scout) + ;; + -wrs) + os=-vxworks + basic_machine=$1 + ;; + -chorusos*) + os=-chorusos + basic_machine=$1 + ;; + -chorusrdb) + os=-chorusrdb + basic_machine=$1 + ;; + -hiux*) + os=-hiuxwe2 + ;; + -sco6) + os=-sco5v6 + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -sco5) + os=-sco3.2v5 + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -sco4) + os=-sco3.2v4 + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -sco3.2.[4-9]*) + os=`echo $os | sed -e 's/sco3.2./sco3.2v/'` + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -sco3.2v[4-9]*) + # Don't forget version if it is 3.2v4 or newer. + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -sco5v6*) + # Don't forget version if it is 3.2v4 or newer. + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -sco*) + os=-sco3.2v2 + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -udk*) + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -isc) + os=-isc2.2 + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -clix*) + basic_machine=clipper-intergraph + ;; + -isc*) + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -lynx*) + os=-lynxos + ;; + -ptx*) + basic_machine=`echo $1 | sed -e 's/86-.*/86-sequent/'` + ;; + -windowsnt*) + os=`echo $os | sed -e 's/windowsnt/winnt/'` + ;; + -psos*) + os=-psos + ;; + -mint | -mint[0-9]*) + basic_machine=m68k-atari + os=-mint + ;; +esac + +# Decode aliases for certain CPU-COMPANY combinations. +case $basic_machine in + # Recognize the basic CPU types without company name. + # Some are omitted here because they have special meanings below. + 1750a | 580 \ + | a29k \ + | alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \ + | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \ + | am33_2.0 \ + | arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr | avr32 \ + | be32 | be64 \ + | bfin \ + | c4x | clipper \ + | d10v | d30v | dlx | dsp16xx \ + | epiphany \ + | fido | fr30 | frv \ + | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \ + | hexagon \ + | i370 | i860 | i960 | ia64 \ + | ip2k | iq2000 \ + | le32 | le64 \ + | lm32 \ + | m32c | m32r | m32rle | m68000 | m68k | m88k \ + | maxq | mb | microblaze | mcore | mep | metag \ + | mips | mipsbe | mipseb | mipsel | mipsle \ + | mips16 \ + | mips64 | mips64el \ + | mips64octeon | mips64octeonel \ + | mips64orion | mips64orionel \ + | mips64r5900 | mips64r5900el \ + | mips64vr | mips64vrel \ + | mips64vr4100 | mips64vr4100el \ + | mips64vr4300 | mips64vr4300el \ + | mips64vr5000 | mips64vr5000el \ + | mips64vr5900 | mips64vr5900el \ + | mipsisa32 | mipsisa32el \ + | mipsisa32r2 | mipsisa32r2el \ + | mipsisa64 | mipsisa64el \ + | mipsisa64r2 | mipsisa64r2el \ + | mipsisa64sb1 | mipsisa64sb1el \ + | mipsisa64sr71k | mipsisa64sr71kel \ + | mipstx39 | mipstx39el \ + | mn10200 | mn10300 \ + | moxie \ + | mt \ + | msp430 \ + | nds32 | nds32le | nds32be \ + | nios | nios2 \ + | ns16k | ns32k \ + | open8 \ + | or32 \ + | pdp10 | pdp11 | pj | pjl \ + | powerpc | powerpc64 | powerpc64le | powerpcle \ + | pyramid \ + | rl78 | rx \ + | score \ + | sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \ + | sh64 | sh64le \ + | sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \ + | sparcv8 | sparcv9 | sparcv9b | sparcv9v \ + | spu \ + | tahoe | tic4x | tic54x | tic55x | tic6x | tic80 | tron \ + | ubicom32 \ + | v850 | v850e | v850e1 | v850e2 | v850es | v850e2v3 \ + | we32k \ + | x86 | xc16x | xstormy16 | xtensa \ + | z8k | z80) + basic_machine=$basic_machine-unknown + ;; + c54x) + basic_machine=tic54x-unknown + ;; + c55x) + basic_machine=tic55x-unknown + ;; + c6x) + basic_machine=tic6x-unknown + ;; + m6811 | m68hc11 | m6812 | m68hc12 | picochip) + basic_machine=$basic_machine-unknown + os=-none + ;; + m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | v70 | w65 | z8k) + ;; + ms1) + basic_machine=mt-unknown + ;; + + strongarm | thumb | xscale) + basic_machine=arm-unknown + ;; + + xscaleeb) + basic_machine=armeb-unknown + ;; + + xscaleel) + basic_machine=armel-unknown + ;; + + # We use `pc' rather than `unknown' + # because (1) that's what they normally are, and + # (2) the word "unknown" tends to confuse beginning users. + i*86 | x86_64) + basic_machine=$basic_machine-pc + ;; + # Object if more than one company name word. + *-*-*) + echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2 + exit 1 + ;; + # Recognize the basic CPU types with company name. + 580-* \ + | a29k-* \ + | alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \ + | alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \ + | alphapca5[67]-* | alpha64pca5[67]-* | arc-* \ + | arm-* | armbe-* | armle-* | armeb-* | armv*-* \ + | avr-* | avr32-* \ + | be32-* | be64-* \ + | bfin-* | bs2000-* \ + | c[123]* | c30-* | [cjt]90-* | c4x-* \ + | clipper-* | craynv-* | cydra-* \ + | d10v-* | d30v-* | dlx-* \ + | elxsi-* \ + | f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \ + | h8300-* | h8500-* \ + | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \ + | hexagon-* \ + | i*86-* | i860-* | i960-* | ia64-* \ + | ip2k-* | iq2000-* \ + | le32-* | le64-* \ + | lm32-* \ + | m32c-* | m32r-* | m32rle-* \ + | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \ + | m88110-* | m88k-* | maxq-* | mcore-* | metag-* | microblaze-* \ + | mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \ + | mips16-* \ + | mips64-* | mips64el-* \ + | mips64octeon-* | mips64octeonel-* \ + | mips64orion-* | mips64orionel-* \ + | mips64r5900-* | mips64r5900el-* \ + | mips64vr-* | mips64vrel-* \ + | mips64vr4100-* | mips64vr4100el-* \ + | mips64vr4300-* | mips64vr4300el-* \ + | mips64vr5000-* | mips64vr5000el-* \ + | mips64vr5900-* | mips64vr5900el-* \ + | mipsisa32-* | mipsisa32el-* \ + | mipsisa32r2-* | mipsisa32r2el-* \ + | mipsisa64-* | mipsisa64el-* \ + | mipsisa64r2-* | mipsisa64r2el-* \ + | mipsisa64sb1-* | mipsisa64sb1el-* \ + | mipsisa64sr71k-* | mipsisa64sr71kel-* \ + | mipstx39-* | mipstx39el-* \ + | mmix-* \ + | mt-* \ + | msp430-* \ + | nds32-* | nds32le-* | nds32be-* \ + | nios-* | nios2-* \ + | none-* | np1-* | ns16k-* | ns32k-* \ + | open8-* \ + | orion-* \ + | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \ + | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* \ + | pyramid-* \ + | rl78-* | romp-* | rs6000-* | rx-* \ + | sh-* | sh[1234]-* | sh[24]a-* | sh[24]aeb-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \ + | shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \ + | sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \ + | sparclite-* \ + | sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | sv1-* | sx?-* \ + | tahoe-* \ + | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \ + | tile*-* \ + | tron-* \ + | ubicom32-* \ + | v850-* | v850e-* | v850e1-* | v850es-* | v850e2-* | v850e2v3-* \ + | vax-* \ + | we32k-* \ + | x86-* | x86_64-* | xc16x-* | xps100-* \ + | xstormy16-* | xtensa*-* \ + | ymp-* \ + | z8k-* | z80-*) + ;; + # Recognize the basic CPU types without company name, with glob match. + xtensa*) + basic_machine=$basic_machine-unknown + ;; + # Recognize the various machine names and aliases which stand + # for a CPU type and a company and sometimes even an OS. + 386bsd) + basic_machine=i386-unknown + os=-bsd + ;; + 3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc) + basic_machine=m68000-att + ;; + 3b*) + basic_machine=we32k-att + ;; + a29khif) + basic_machine=a29k-amd + os=-udi + ;; + abacus) + basic_machine=abacus-unknown + ;; + adobe68k) + basic_machine=m68010-adobe + os=-scout + ;; + alliant | fx80) + basic_machine=fx80-alliant + ;; + altos | altos3068) + basic_machine=m68k-altos + ;; + am29k) + basic_machine=a29k-none + os=-bsd + ;; + amd64) + basic_machine=x86_64-pc + ;; + amd64-*) + basic_machine=x86_64-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + amdahl) + basic_machine=580-amdahl + os=-sysv + ;; + amiga | amiga-*) + basic_machine=m68k-unknown + ;; + amigaos | amigados) + basic_machine=m68k-unknown + os=-amigaos + ;; + amigaunix | amix) + basic_machine=m68k-unknown + os=-sysv4 + ;; + apollo68) + basic_machine=m68k-apollo + os=-sysv + ;; + apollo68bsd) + basic_machine=m68k-apollo + os=-bsd + ;; + aros) + basic_machine=i386-pc + os=-aros + ;; + aux) + basic_machine=m68k-apple + os=-aux + ;; + balance) + basic_machine=ns32k-sequent + os=-dynix + ;; + blackfin) + basic_machine=bfin-unknown + os=-linux + ;; + blackfin-*) + basic_machine=bfin-`echo $basic_machine | sed 's/^[^-]*-//'` + os=-linux + ;; + bluegene*) + basic_machine=powerpc-ibm + os=-cnk + ;; + c54x-*) + basic_machine=tic54x-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + c55x-*) + basic_machine=tic55x-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + c6x-*) + basic_machine=tic6x-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + c90) + basic_machine=c90-cray + os=-unicos + ;; + cegcc) + basic_machine=arm-unknown + os=-cegcc + ;; + convex-c1) + basic_machine=c1-convex + os=-bsd + ;; + convex-c2) + basic_machine=c2-convex + os=-bsd + ;; + convex-c32) + basic_machine=c32-convex + os=-bsd + ;; + convex-c34) + basic_machine=c34-convex + os=-bsd + ;; + convex-c38) + basic_machine=c38-convex + os=-bsd + ;; + cray | j90) + basic_machine=j90-cray + os=-unicos + ;; + craynv) + basic_machine=craynv-cray + os=-unicosmp + ;; + cr16 | cr16-*) + basic_machine=cr16-unknown + os=-elf + ;; + crds | unos) + basic_machine=m68k-crds + ;; + crisv32 | crisv32-* | etraxfs*) + basic_machine=crisv32-axis + ;; + cris | cris-* | etrax*) + basic_machine=cris-axis + ;; + crx) + basic_machine=crx-unknown + os=-elf + ;; + da30 | da30-*) + basic_machine=m68k-da30 + ;; + decstation | decstation-3100 | pmax | pmax-* | pmin | dec3100 | decstatn) + basic_machine=mips-dec + ;; + decsystem10* | dec10*) + basic_machine=pdp10-dec + os=-tops10 + ;; + decsystem20* | dec20*) + basic_machine=pdp10-dec + os=-tops20 + ;; + delta | 3300 | motorola-3300 | motorola-delta \ + | 3300-motorola | delta-motorola) + basic_machine=m68k-motorola + ;; + delta88) + basic_machine=m88k-motorola + os=-sysv3 + ;; + dicos) + basic_machine=i686-pc + os=-dicos + ;; + djgpp) + basic_machine=i586-pc + os=-msdosdjgpp + ;; + dpx20 | dpx20-*) + basic_machine=rs6000-bull + os=-bosx + ;; + dpx2* | dpx2*-bull) + basic_machine=m68k-bull + os=-sysv3 + ;; + ebmon29k) + basic_machine=a29k-amd + os=-ebmon + ;; + elxsi) + basic_machine=elxsi-elxsi + os=-bsd + ;; + encore | umax | mmax) + basic_machine=ns32k-encore + ;; + es1800 | OSE68k | ose68k | ose | OSE) + basic_machine=m68k-ericsson + os=-ose + ;; + fx2800) + basic_machine=i860-alliant + ;; + genix) + basic_machine=ns32k-ns + ;; + gmicro) + basic_machine=tron-gmicro + os=-sysv + ;; + go32) + basic_machine=i386-pc + os=-go32 + ;; + h3050r* | hiux*) + basic_machine=hppa1.1-hitachi + os=-hiuxwe2 + ;; + h8300hms) + basic_machine=h8300-hitachi + os=-hms + ;; + h8300xray) + basic_machine=h8300-hitachi + os=-xray + ;; + h8500hms) + basic_machine=h8500-hitachi + os=-hms + ;; + harris) + basic_machine=m88k-harris + os=-sysv3 + ;; + hp300-*) + basic_machine=m68k-hp + ;; + hp300bsd) + basic_machine=m68k-hp + os=-bsd + ;; + hp300hpux) + basic_machine=m68k-hp + os=-hpux + ;; + hp3k9[0-9][0-9] | hp9[0-9][0-9]) + basic_machine=hppa1.0-hp + ;; + hp9k2[0-9][0-9] | hp9k31[0-9]) + basic_machine=m68000-hp + ;; + hp9k3[2-9][0-9]) + basic_machine=m68k-hp + ;; + hp9k6[0-9][0-9] | hp6[0-9][0-9]) + basic_machine=hppa1.0-hp + ;; + hp9k7[0-79][0-9] | hp7[0-79][0-9]) + basic_machine=hppa1.1-hp + ;; + hp9k78[0-9] | hp78[0-9]) + # FIXME: really hppa2.0-hp + basic_machine=hppa1.1-hp + ;; + hp9k8[67]1 | hp8[67]1 | hp9k80[24] | hp80[24] | hp9k8[78]9 | hp8[78]9 | hp9k893 | hp893) + # FIXME: really hppa2.0-hp + basic_machine=hppa1.1-hp + ;; + hp9k8[0-9][13679] | hp8[0-9][13679]) + basic_machine=hppa1.1-hp + ;; + hp9k8[0-9][0-9] | hp8[0-9][0-9]) + basic_machine=hppa1.0-hp + ;; + hppa-next) + os=-nextstep3 + ;; + hppaosf) + basic_machine=hppa1.1-hp + os=-osf + ;; + hppro) + basic_machine=hppa1.1-hp + os=-proelf + ;; + i370-ibm* | ibm*) + basic_machine=i370-ibm + ;; + i*86v32) + basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` + os=-sysv32 + ;; + i*86v4*) + basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` + os=-sysv4 + ;; + i*86v) + basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` + os=-sysv + ;; + i*86sol2) + basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` + os=-solaris2 + ;; + i386mach) + basic_machine=i386-mach + os=-mach + ;; + i386-vsta | vsta) + basic_machine=i386-unknown + os=-vsta + ;; + iris | iris4d) + basic_machine=mips-sgi + case $os in + -irix*) + ;; + *) + os=-irix4 + ;; + esac + ;; + isi68 | isi) + basic_machine=m68k-isi + os=-sysv + ;; + m68knommu) + basic_machine=m68k-unknown + os=-linux + ;; + m68knommu-*) + basic_machine=m68k-`echo $basic_machine | sed 's/^[^-]*-//'` + os=-linux + ;; + m88k-omron*) + basic_machine=m88k-omron + ;; + magnum | m3230) + basic_machine=mips-mips + os=-sysv + ;; + merlin) + basic_machine=ns32k-utek + os=-sysv + ;; + microblaze) + basic_machine=microblaze-xilinx + ;; + mingw32) + basic_machine=i386-pc + os=-mingw32 + ;; + mingw32ce) + basic_machine=arm-unknown + os=-mingw32ce + ;; + miniframe) + basic_machine=m68000-convergent + ;; + *mint | -mint[0-9]* | *MiNT | *MiNT[0-9]*) + basic_machine=m68k-atari + os=-mint + ;; + mips3*-*) + basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'` + ;; + mips3*) + basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown + ;; + monitor) + basic_machine=m68k-rom68k + os=-coff + ;; + morphos) + basic_machine=powerpc-unknown + os=-morphos + ;; + msdos) + basic_machine=i386-pc + os=-msdos + ;; + ms1-*) + basic_machine=`echo $basic_machine | sed -e 's/ms1-/mt-/'` + ;; + msys) + basic_machine=i386-pc + os=-msys + ;; + mvs) + basic_machine=i370-ibm + os=-mvs + ;; + nacl) + basic_machine=le32-unknown + os=-nacl + ;; + ncr3000) + basic_machine=i486-ncr + os=-sysv4 + ;; + netbsd386) + basic_machine=i386-unknown + os=-netbsd + ;; + netwinder) + basic_machine=armv4l-rebel + os=-linux + ;; + news | news700 | news800 | news900) + basic_machine=m68k-sony + os=-newsos + ;; + news1000) + basic_machine=m68030-sony + os=-newsos + ;; + news-3600 | risc-news) + basic_machine=mips-sony + os=-newsos + ;; + necv70) + basic_machine=v70-nec + os=-sysv + ;; + next | m*-next ) + basic_machine=m68k-next + case $os in + -nextstep* ) + ;; + -ns2*) + os=-nextstep2 + ;; + *) + os=-nextstep3 + ;; + esac + ;; + nh3000) + basic_machine=m68k-harris + os=-cxux + ;; + nh[45]000) + basic_machine=m88k-harris + os=-cxux + ;; + nindy960) + basic_machine=i960-intel + os=-nindy + ;; + mon960) + basic_machine=i960-intel + os=-mon960 + ;; + nonstopux) + basic_machine=mips-compaq + os=-nonstopux + ;; + np1) + basic_machine=np1-gould + ;; + neo-tandem) + basic_machine=neo-tandem + ;; + nse-tandem) + basic_machine=nse-tandem + ;; + nsr-tandem) + basic_machine=nsr-tandem + ;; + op50n-* | op60c-*) + basic_machine=hppa1.1-oki + os=-proelf + ;; + openrisc | openrisc-*) + basic_machine=or32-unknown + ;; + os400) + basic_machine=powerpc-ibm + os=-os400 + ;; + OSE68000 | ose68000) + basic_machine=m68000-ericsson + os=-ose + ;; + os68k) + basic_machine=m68k-none + os=-os68k + ;; + pa-hitachi) + basic_machine=hppa1.1-hitachi + os=-hiuxwe2 + ;; + paragon) + basic_machine=i860-intel + os=-osf + ;; + parisc) + basic_machine=hppa-unknown + os=-linux + ;; + parisc-*) + basic_machine=hppa-`echo $basic_machine | sed 's/^[^-]*-//'` + os=-linux + ;; + pbd) + basic_machine=sparc-tti + ;; + pbb) + basic_machine=m68k-tti + ;; + pc532 | pc532-*) + basic_machine=ns32k-pc532 + ;; + pc98) + basic_machine=i386-pc + ;; + pc98-*) + basic_machine=i386-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + pentium | p5 | k5 | k6 | nexgen | viac3) + basic_machine=i586-pc + ;; + pentiumpro | p6 | 6x86 | athlon | athlon_*) + basic_machine=i686-pc + ;; + pentiumii | pentium2 | pentiumiii | pentium3) + basic_machine=i686-pc + ;; + pentium4) + basic_machine=i786-pc + ;; + pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*) + basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + pentiumpro-* | p6-* | 6x86-* | athlon-*) + basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + pentiumii-* | pentium2-* | pentiumiii-* | pentium3-*) + basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + pentium4-*) + basic_machine=i786-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + pn) + basic_machine=pn-gould + ;; + power) basic_machine=power-ibm + ;; + ppc | ppcbe) basic_machine=powerpc-unknown + ;; + ppc-* | ppcbe-*) + basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + ppcle | powerpclittle | ppc-le | powerpc-little) + basic_machine=powerpcle-unknown + ;; + ppcle-* | powerpclittle-*) + basic_machine=powerpcle-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + ppc64) basic_machine=powerpc64-unknown + ;; + ppc64-*) basic_machine=powerpc64-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + ppc64le | powerpc64little | ppc64-le | powerpc64-little) + basic_machine=powerpc64le-unknown + ;; + ppc64le-* | powerpc64little-*) + basic_machine=powerpc64le-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + ps2) + basic_machine=i386-ibm + ;; + pw32) + basic_machine=i586-unknown + os=-pw32 + ;; + rdos) + basic_machine=i386-pc + os=-rdos + ;; + rom68k) + basic_machine=m68k-rom68k + os=-coff + ;; + rm[46]00) + basic_machine=mips-siemens + ;; + rtpc | rtpc-*) + basic_machine=romp-ibm + ;; + s390 | s390-*) + basic_machine=s390-ibm + ;; + s390x | s390x-*) + basic_machine=s390x-ibm + ;; + sa29200) + basic_machine=a29k-amd + os=-udi + ;; + sb1) + basic_machine=mipsisa64sb1-unknown + ;; + sb1el) + basic_machine=mipsisa64sb1el-unknown + ;; + sde) + basic_machine=mipsisa32-sde + os=-elf + ;; + sei) + basic_machine=mips-sei + os=-seiux + ;; + sequent) + basic_machine=i386-sequent + ;; + sh) + basic_machine=sh-hitachi + os=-hms + ;; + sh5el) + basic_machine=sh5le-unknown + ;; + sh64) + basic_machine=sh64-unknown + ;; + sparclite-wrs | simso-wrs) + basic_machine=sparclite-wrs + os=-vxworks + ;; + sps7) + basic_machine=m68k-bull + os=-sysv2 + ;; + spur) + basic_machine=spur-unknown + ;; + st2000) + basic_machine=m68k-tandem + ;; + stratus) + basic_machine=i860-stratus + os=-sysv4 + ;; + strongarm-* | thumb-*) + basic_machine=arm-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + sun2) + basic_machine=m68000-sun + ;; + sun2os3) + basic_machine=m68000-sun + os=-sunos3 + ;; + sun2os4) + basic_machine=m68000-sun + os=-sunos4 + ;; + sun3os3) + basic_machine=m68k-sun + os=-sunos3 + ;; + sun3os4) + basic_machine=m68k-sun + os=-sunos4 + ;; + sun4os3) + basic_machine=sparc-sun + os=-sunos3 + ;; + sun4os4) + basic_machine=sparc-sun + os=-sunos4 + ;; + sun4sol2) + basic_machine=sparc-sun + os=-solaris2 + ;; + sun3 | sun3-*) + basic_machine=m68k-sun + ;; + sun4) + basic_machine=sparc-sun + ;; + sun386 | sun386i | roadrunner) + basic_machine=i386-sun + ;; + sv1) + basic_machine=sv1-cray + os=-unicos + ;; + symmetry) + basic_machine=i386-sequent + os=-dynix + ;; + t3e) + basic_machine=alphaev5-cray + os=-unicos + ;; + t90) + basic_machine=t90-cray + os=-unicos + ;; + tile*) + basic_machine=$basic_machine-unknown + os=-linux-gnu + ;; + tx39) + basic_machine=mipstx39-unknown + ;; + tx39el) + basic_machine=mipstx39el-unknown + ;; + toad1) + basic_machine=pdp10-xkl + os=-tops20 + ;; + tower | tower-32) + basic_machine=m68k-ncr + ;; + tpf) + basic_machine=s390x-ibm + os=-tpf + ;; + udi29k) + basic_machine=a29k-amd + os=-udi + ;; + ultra3) + basic_machine=a29k-nyu + os=-sym1 + ;; + v810 | necv810) + basic_machine=v810-nec + os=-none + ;; + vaxv) + basic_machine=vax-dec + os=-sysv + ;; + vms) + basic_machine=vax-dec + os=-vms + ;; + vpp*|vx|vx-*) + basic_machine=f301-fujitsu + ;; + vxworks960) + basic_machine=i960-wrs + os=-vxworks + ;; + vxworks68) + basic_machine=m68k-wrs + os=-vxworks + ;; + vxworks29k) + basic_machine=a29k-wrs + os=-vxworks + ;; + w65*) + basic_machine=w65-wdc + os=-none + ;; + w89k-*) + basic_machine=hppa1.1-winbond + os=-proelf + ;; + xbox) + basic_machine=i686-pc + os=-mingw32 + ;; + xps | xps100) + basic_machine=xps100-honeywell + ;; + xscale-* | xscalee[bl]-*) + basic_machine=`echo $basic_machine | sed 's/^xscale/arm/'` + ;; + ymp) + basic_machine=ymp-cray + os=-unicos + ;; + z8k-*-coff) + basic_machine=z8k-unknown + os=-sim + ;; + z80-*-coff) + basic_machine=z80-unknown + os=-sim + ;; + none) + basic_machine=none-none + os=-none + ;; + +# Here we handle the default manufacturer of certain CPU types. It is in +# some cases the only manufacturer, in others, it is the most popular. + w89k) + basic_machine=hppa1.1-winbond + ;; + op50n) + basic_machine=hppa1.1-oki + ;; + op60c) + basic_machine=hppa1.1-oki + ;; + romp) + basic_machine=romp-ibm + ;; + mmix) + basic_machine=mmix-knuth + ;; + rs6000) + basic_machine=rs6000-ibm + ;; + vax) + basic_machine=vax-dec + ;; + pdp10) + # there are many clones, so DEC is not a safe bet + basic_machine=pdp10-unknown + ;; + pdp11) + basic_machine=pdp11-dec + ;; + we32k) + basic_machine=we32k-att + ;; + sh[1234] | sh[24]a | sh[24]aeb | sh[34]eb | sh[1234]le | sh[23]ele) + basic_machine=sh-unknown + ;; + sparc | sparcv8 | sparcv9 | sparcv9b | sparcv9v) + basic_machine=sparc-sun + ;; + cydra) + basic_machine=cydra-cydrome + ;; + orion) + basic_machine=orion-highlevel + ;; + orion105) + basic_machine=clipper-highlevel + ;; + mac | mpw | mac-mpw) + basic_machine=m68k-apple + ;; + pmac | pmac-mpw) + basic_machine=powerpc-apple + ;; + *-unknown) + # Make sure to match an already-canonicalized machine name. + ;; + *) + echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2 + exit 1 + ;; +esac + +# Here we canonicalize certain aliases for manufacturers. +case $basic_machine in + *-digital*) + basic_machine=`echo $basic_machine | sed 's/digital.*/dec/'` + ;; + *-commodore*) + basic_machine=`echo $basic_machine | sed 's/commodore.*/cbm/'` + ;; + *) + ;; +esac + +# Decode manufacturer-specific aliases for certain operating systems. + +if [ x"$os" != x"" ] +then +case $os in + # First match some system type aliases + # that might get confused with valid system types. + # -solaris* is a basic system type, with this one exception. + -auroraux) + os=-auroraux + ;; + -solaris1 | -solaris1.*) + os=`echo $os | sed -e 's|solaris1|sunos4|'` + ;; + -solaris) + os=-solaris2 + ;; + -svr4*) + os=-sysv4 + ;; + -unixware*) + os=-sysv4.2uw + ;; + -gnu/linux*) + os=`echo $os | sed -e 's|gnu/linux|linux-gnu|'` + ;; + # First accept the basic system types. + # The portable systems comes first. + # Each alternative MUST END IN A *, to match a version number. + # -sysv* is not here because it comes later, after sysvr4. + -gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \ + | -*vms* | -sco* | -esix* | -isc* | -aix* | -cnk* | -sunos | -sunos[34]*\ + | -hpux* | -unos* | -osf* | -luna* | -dgux* | -auroraux* | -solaris* \ + | -sym* | -kopensolaris* \ + | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \ + | -aos* | -aros* \ + | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \ + | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \ + | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \ + | -openbsd* | -solidbsd* \ + | -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \ + | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \ + | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \ + | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \ + | -chorusos* | -chorusrdb* | -cegcc* \ + | -cygwin* | -msys* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ + | -mingw32* | -linux-gnu* | -linux-android* \ + | -linux-newlib* | -linux-uclibc* \ + | -uxpv* | -beos* | -mpeix* | -udk* \ + | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \ + | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \ + | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \ + | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \ + | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \ + | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \ + | -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es*) + # Remember, each alternative MUST END IN *, to match a version number. + ;; + -qnx*) + case $basic_machine in + x86-* | i*86-*) + ;; + *) + os=-nto$os + ;; + esac + ;; + -nto-qnx*) + ;; + -nto*) + os=`echo $os | sed -e 's|nto|nto-qnx|'` + ;; + -sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \ + | -windows* | -osx | -abug | -netware* | -os9* | -beos* | -haiku* \ + | -macos* | -mpw* | -magic* | -mmixware* | -mon960* | -lnews*) + ;; + -mac*) + os=`echo $os | sed -e 's|mac|macos|'` + ;; + -linux-dietlibc) + os=-linux-dietlibc + ;; + -linux*) + os=`echo $os | sed -e 's|linux|linux-gnu|'` + ;; + -sunos5*) + os=`echo $os | sed -e 's|sunos5|solaris2|'` + ;; + -sunos6*) + os=`echo $os | sed -e 's|sunos6|solaris3|'` + ;; + -opened*) + os=-openedition + ;; + -os400*) + os=-os400 + ;; + -wince*) + os=-wince + ;; + -osfrose*) + os=-osfrose + ;; + -osf*) + os=-osf + ;; + -utek*) + os=-bsd + ;; + -dynix*) + os=-bsd + ;; + -acis*) + os=-aos + ;; + -atheos*) + os=-atheos + ;; + -syllable*) + os=-syllable + ;; + -386bsd) + os=-bsd + ;; + -ctix* | -uts*) + os=-sysv + ;; + -nova*) + os=-rtmk-nova + ;; + -ns2 ) + os=-nextstep2 + ;; + -nsk*) + os=-nsk + ;; + # Preserve the version number of sinix5. + -sinix5.*) + os=`echo $os | sed -e 's|sinix|sysv|'` + ;; + -sinix*) + os=-sysv4 + ;; + -tpf*) + os=-tpf + ;; + -triton*) + os=-sysv3 + ;; + -oss*) + os=-sysv3 + ;; + -svr4) + os=-sysv4 + ;; + -svr3) + os=-sysv3 + ;; + -sysvr4) + os=-sysv4 + ;; + # This must come after -sysvr4. + -sysv*) + ;; + -ose*) + os=-ose + ;; + -es1800*) + os=-ose + ;; + -xenix) + os=-xenix + ;; + -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*) + os=-mint + ;; + -aros*) + os=-aros + ;; + -kaos*) + os=-kaos + ;; + -zvmoe) + os=-zvmoe + ;; + -dicos*) + os=-dicos + ;; + -nacl*) + ;; + -none) + ;; + *) + # Get rid of the `-' at the beginning of $os. + os=`echo $os | sed 's/[^-]*-//'` + echo Invalid configuration \`$1\': system \`$os\' not recognized 1>&2 + exit 1 + ;; +esac +else + +# Here we handle the default operating systems that come with various machines. +# The value should be what the vendor currently ships out the door with their +# machine or put another way, the most popular os provided with the machine. + +# Note that if you're going to try to match "-MANUFACTURER" here (say, +# "-sun"), then you have to tell the case statement up towards the top +# that MANUFACTURER isn't an operating system. Otherwise, code above +# will signal an error saying that MANUFACTURER isn't an operating +# system, and we'll never get to this point. + +case $basic_machine in + score-*) + os=-elf + ;; + spu-*) + os=-elf + ;; + *-acorn) + os=-riscix1.2 + ;; + arm*-rebel) + os=-linux + ;; + arm*-semi) + os=-aout + ;; + c4x-* | tic4x-*) + os=-coff + ;; + tic54x-*) + os=-coff + ;; + tic55x-*) + os=-coff + ;; + tic6x-*) + os=-coff + ;; + # This must come before the *-dec entry. + pdp10-*) + os=-tops20 + ;; + pdp11-*) + os=-none + ;; + *-dec | vax-*) + os=-ultrix4.2 + ;; + m68*-apollo) + os=-domain + ;; + i386-sun) + os=-sunos4.0.2 + ;; + m68000-sun) + os=-sunos3 + ;; + m68*-cisco) + os=-aout + ;; + mep-*) + os=-elf + ;; + mips*-cisco) + os=-elf + ;; + mips*-*) + os=-elf + ;; + or32-*) + os=-coff + ;; + *-tti) # must be before sparc entry or we get the wrong os. + os=-sysv3 + ;; + sparc-* | *-sun) + os=-sunos4.1.1 + ;; + *-be) + os=-beos + ;; + *-haiku) + os=-haiku + ;; + *-ibm) + os=-aix + ;; + *-knuth) + os=-mmixware + ;; + *-wec) + os=-proelf + ;; + *-winbond) + os=-proelf + ;; + *-oki) + os=-proelf + ;; + *-hp) + os=-hpux + ;; + *-hitachi) + os=-hiux + ;; + i860-* | *-att | *-ncr | *-altos | *-motorola | *-convergent) + os=-sysv + ;; + *-cbm) + os=-amigaos + ;; + *-dg) + os=-dgux + ;; + *-dolphin) + os=-sysv3 + ;; + m68k-ccur) + os=-rtu + ;; + m88k-omron*) + os=-luna + ;; + *-next ) + os=-nextstep + ;; + *-sequent) + os=-ptx + ;; + *-crds) + os=-unos + ;; + *-ns) + os=-genix + ;; + i370-*) + os=-mvs + ;; + *-next) + os=-nextstep3 + ;; + *-gould) + os=-sysv + ;; + *-highlevel) + os=-bsd + ;; + *-encore) + os=-bsd + ;; + *-sgi) + os=-irix + ;; + *-siemens) + os=-sysv4 + ;; + *-masscomp) + os=-rtu + ;; + f30[01]-fujitsu | f700-fujitsu) + os=-uxpv + ;; + *-rom68k) + os=-coff + ;; + *-*bug) + os=-coff + ;; + *-apple) + os=-macos + ;; + *-atari*) + os=-mint + ;; + *) + os=-none + ;; +esac +fi + +# Here we handle the case where we know the os, and the CPU type, but not the +# manufacturer. We pick the logical manufacturer. +vendor=unknown +case $basic_machine in + *-unknown) + case $os in + -riscix*) + vendor=acorn + ;; + -sunos*) + vendor=sun + ;; + -cnk*|-aix*) + vendor=ibm + ;; + -beos*) + vendor=be + ;; + -hpux*) + vendor=hp + ;; + -mpeix*) + vendor=hp + ;; + -hiux*) + vendor=hitachi + ;; + -unos*) + vendor=crds + ;; + -dgux*) + vendor=dg + ;; + -luna*) + vendor=omron + ;; + -genix*) + vendor=ns + ;; + -mvs* | -opened*) + vendor=ibm + ;; + -os400*) + vendor=ibm + ;; + -ptx*) + vendor=sequent + ;; + -tpf*) + vendor=ibm + ;; + -vxsim* | -vxworks* | -windiss*) + vendor=wrs + ;; + -aux*) + vendor=apple + ;; + -hms*) + vendor=hitachi + ;; + -mpw* | -macos*) + vendor=apple + ;; + -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*) + vendor=atari + ;; + -vos*) + vendor=stratus + ;; + esac + basic_machine=`echo $basic_machine | sed "s/unknown/$vendor/"` + ;; +esac + +echo $basic_machine$os +exit + +# Local variables: +# eval: (add-hook 'write-file-hooks 'time-stamp) +# time-stamp-start: "timestamp='" +# time-stamp-format: "%:y-%02m-%02d" +# time-stamp-end: "'" +# End: diff --git a/test/mocklibc/configure b/test/mocklibc/configure new file mode 100755 index 00000000..8c292b96 --- /dev/null +++ b/test/mocklibc/configure @@ -0,0 +1,13839 @@ +#! /bin/sh +# Guess values for system-dependent variables and create Makefiles. +# Generated by GNU Autoconf 2.68 for MockLibc 1.1. +# +# Report bugs to . +# +# +# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001, +# 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 Free Software +# Foundation, Inc. +# +# +# This configure script is free software; the Free Software Foundation +# gives unlimited permission to copy, distribute and modify it. +## -------------------- ## +## M4sh Initialization. ## +## -------------------- ## + +# Be more Bourne compatible +DUALCASE=1; export DUALCASE # for MKS sh +if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then : + emulate sh + NULLCMD=: + # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which + # is contrary to our usage. Disable this feature. + alias -g '${1+"$@"}'='"$@"' + setopt NO_GLOB_SUBST +else + case `(set -o) 2>/dev/null` in #( + *posix*) : + set -o posix ;; #( + *) : + ;; +esac +fi + + +as_nl=' +' +export as_nl +# Printing a long string crashes Solaris 7 /usr/bin/printf. +as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' +as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo +as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo +# Prefer a ksh shell builtin over an external printf program on Solaris, +# but without wasting forks for bash or zsh. +if test -z "$BASH_VERSION$ZSH_VERSION" \ + && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then + as_echo='print -r --' + as_echo_n='print -rn --' +elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then + as_echo='printf %s\n' + as_echo_n='printf %s' +else + if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then + as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"' + as_echo_n='/usr/ucb/echo -n' + else + as_echo_body='eval expr "X$1" : "X\\(.*\\)"' + as_echo_n_body='eval + arg=$1; + case $arg in #( + *"$as_nl"*) + expr "X$arg" : "X\\(.*\\)$as_nl"; + arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;; + esac; + expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl" + ' + export as_echo_n_body + as_echo_n='sh -c $as_echo_n_body as_echo' + fi + export as_echo_body + as_echo='sh -c $as_echo_body as_echo' +fi + +# The user is always right. +if test "${PATH_SEPARATOR+set}" != set; then + PATH_SEPARATOR=: + (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && { + (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 || + PATH_SEPARATOR=';' + } +fi + + +# IFS +# We need space, tab and new line, in precisely that order. Quoting is +# there to prevent editors from complaining about space-tab. +# (If _AS_PATH_WALK were called with IFS unset, it would disable word +# splitting by setting IFS to empty value.) +IFS=" "" $as_nl" + +# Find who we are. Look in the path if we contain no directory separator. +as_myself= +case $0 in #(( + *[\\/]* ) as_myself=$0 ;; + *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break + done +IFS=$as_save_IFS + + ;; +esac +# We did not find ourselves, most probably we were run as `sh COMMAND' +# in which case we are not to be found in the path. +if test "x$as_myself" = x; then + as_myself=$0 +fi +if test ! -f "$as_myself"; then + $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 + exit 1 +fi + +# Unset variables that we do not need and which cause bugs (e.g. in +# pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1" +# suppresses any "Segmentation fault" message there. '((' could +# trigger a bug in pdksh 5.2.14. +for as_var in BASH_ENV ENV MAIL MAILPATH +do eval test x\${$as_var+set} = xset \ + && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || : +done +PS1='$ ' +PS2='> ' +PS4='+ ' + +# NLS nuisances. +LC_ALL=C +export LC_ALL +LANGUAGE=C +export LANGUAGE + +# CDPATH. +(unset CDPATH) >/dev/null 2>&1 && unset CDPATH + +if test "x$CONFIG_SHELL" = x; then + as_bourne_compatible="if test -n \"\${ZSH_VERSION+set}\" && (emulate sh) >/dev/null 2>&1; then : + emulate sh + NULLCMD=: + # Pre-4.2 versions of Zsh do word splitting on \${1+\"\$@\"}, which + # is contrary to our usage. Disable this feature. + alias -g '\${1+\"\$@\"}'='\"\$@\"' + setopt NO_GLOB_SUBST +else + case \`(set -o) 2>/dev/null\` in #( + *posix*) : + set -o posix ;; #( + *) : + ;; +esac +fi +" + as_required="as_fn_return () { (exit \$1); } +as_fn_success () { as_fn_return 0; } +as_fn_failure () { as_fn_return 1; } +as_fn_ret_success () { return 0; } +as_fn_ret_failure () { return 1; } + +exitcode=0 +as_fn_success || { exitcode=1; echo as_fn_success failed.; } +as_fn_failure && { exitcode=1; echo as_fn_failure succeeded.; } +as_fn_ret_success || { exitcode=1; echo as_fn_ret_success failed.; } +as_fn_ret_failure && { exitcode=1; echo as_fn_ret_failure succeeded.; } +if ( set x; as_fn_ret_success y && test x = \"\$1\" ); then : + +else + exitcode=1; echo positional parameters were not saved. +fi +test x\$exitcode = x0 || exit 1" + as_suggested=" as_lineno_1=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_1a=\$LINENO + as_lineno_2=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_2a=\$LINENO + eval 'test \"x\$as_lineno_1'\$as_run'\" != \"x\$as_lineno_2'\$as_run'\" && + test \"x\`expr \$as_lineno_1'\$as_run' + 1\`\" = \"x\$as_lineno_2'\$as_run'\"' || exit 1 + + test -n \"\${ZSH_VERSION+set}\${BASH_VERSION+set}\" || ( + ECHO='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' + ECHO=\$ECHO\$ECHO\$ECHO\$ECHO\$ECHO + ECHO=\$ECHO\$ECHO\$ECHO\$ECHO\$ECHO\$ECHO + PATH=/empty FPATH=/empty; export PATH FPATH + test \"X\`printf %s \$ECHO\`\" = \"X\$ECHO\" \\ + || test \"X\`print -r -- \$ECHO\`\" = \"X\$ECHO\" ) || exit 1 +test \$(( 1 + 1 )) = 2 || exit 1" + if (eval "$as_required") 2>/dev/null; then : + as_have_required=yes +else + as_have_required=no +fi + if test x$as_have_required = xyes && (eval "$as_suggested") 2>/dev/null; then : + +else + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +as_found=false +for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + as_found=: + case $as_dir in #( + /*) + for as_base in sh bash ksh sh5; do + # Try only shells that exist, to save several forks. + as_shell=$as_dir/$as_base + if { test -f "$as_shell" || test -f "$as_shell.exe"; } && + { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$as_shell"; } 2>/dev/null; then : + CONFIG_SHELL=$as_shell as_have_required=yes + if { $as_echo "$as_bourne_compatible""$as_suggested" | as_run=a "$as_shell"; } 2>/dev/null; then : + break 2 +fi +fi + done;; + esac + as_found=false +done +$as_found || { if { test -f "$SHELL" || test -f "$SHELL.exe"; } && + { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$SHELL"; } 2>/dev/null; then : + CONFIG_SHELL=$SHELL as_have_required=yes +fi; } +IFS=$as_save_IFS + + + if test "x$CONFIG_SHELL" != x; then : + # We cannot yet assume a decent shell, so we have to provide a + # neutralization value for shells without unset; and this also + # works around shells that cannot unset nonexistent variables. + # Preserve -v and -x to the replacement shell. + BASH_ENV=/dev/null + ENV=/dev/null + (unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV + export CONFIG_SHELL + case $- in # (((( + *v*x* | *x*v* ) as_opts=-vx ;; + *v* ) as_opts=-v ;; + *x* ) as_opts=-x ;; + * ) as_opts= ;; + esac + exec "$CONFIG_SHELL" $as_opts "$as_myself" ${1+"$@"} +fi + + if test x$as_have_required = xno; then : + $as_echo "$0: This script requires a shell more modern than all" + $as_echo "$0: the shells that I found on your system." + if test x${ZSH_VERSION+set} = xset ; then + $as_echo "$0: In particular, zsh $ZSH_VERSION has bugs and should" + $as_echo "$0: be upgraded to zsh 4.3.4 or later." + else + $as_echo "$0: Please tell bug-autoconf@gnu.org and +$0: vonhollen@google.com about your system, including any +$0: error possibly output before this message. Then install +$0: a modern shell, or manually run the script under such a +$0: shell if you do have one." + fi + exit 1 +fi +fi +fi +SHELL=${CONFIG_SHELL-/bin/sh} +export SHELL +# Unset more variables known to interfere with behavior of common tools. +CLICOLOR_FORCE= GREP_OPTIONS= +unset CLICOLOR_FORCE GREP_OPTIONS + +## --------------------- ## +## M4sh Shell Functions. ## +## --------------------- ## +# as_fn_unset VAR +# --------------- +# Portably unset VAR. +as_fn_unset () +{ + { eval $1=; unset $1;} +} +as_unset=as_fn_unset + +# as_fn_set_status STATUS +# ----------------------- +# Set $? to STATUS, without forking. +as_fn_set_status () +{ + return $1 +} # as_fn_set_status + +# as_fn_exit STATUS +# ----------------- +# Exit the shell with STATUS, even in a "trap 0" or "set -e" context. +as_fn_exit () +{ + set +e + as_fn_set_status $1 + exit $1 +} # as_fn_exit + +# as_fn_mkdir_p +# ------------- +# Create "$as_dir" as a directory, including parents if necessary. +as_fn_mkdir_p () +{ + + case $as_dir in #( + -*) as_dir=./$as_dir;; + esac + test -d "$as_dir" || eval $as_mkdir_p || { + as_dirs= + while :; do + case $as_dir in #( + *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'( + *) as_qdir=$as_dir;; + esac + as_dirs="'$as_qdir' $as_dirs" + as_dir=`$as_dirname -- "$as_dir" || +$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$as_dir" : 'X\(//\)[^/]' \| \ + X"$as_dir" : 'X\(//\)$' \| \ + X"$as_dir" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X"$as_dir" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + test -d "$as_dir" && break + done + test -z "$as_dirs" || eval "mkdir $as_dirs" + } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir" + + +} # as_fn_mkdir_p +# as_fn_append VAR VALUE +# ---------------------- +# Append the text in VALUE to the end of the definition contained in VAR. Take +# advantage of any shell optimizations that allow amortized linear growth over +# repeated appends, instead of the typical quadratic growth present in naive +# implementations. +if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then : + eval 'as_fn_append () + { + eval $1+=\$2 + }' +else + as_fn_append () + { + eval $1=\$$1\$2 + } +fi # as_fn_append + +# as_fn_arith ARG... +# ------------------ +# Perform arithmetic evaluation on the ARGs, and store the result in the +# global $as_val. Take advantage of shells that can avoid forks. The arguments +# must be portable across $(()) and expr. +if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then : + eval 'as_fn_arith () + { + as_val=$(( $* )) + }' +else + as_fn_arith () + { + as_val=`expr "$@" || test $? -eq 1` + } +fi # as_fn_arith + + +# as_fn_error STATUS ERROR [LINENO LOG_FD] +# ---------------------------------------- +# Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are +# provided, also output the error to LOG_FD, referencing LINENO. Then exit the +# script with STATUS, using 1 if that was 0. +as_fn_error () +{ + as_status=$1; test $as_status -eq 0 && as_status=1 + if test "$4"; then + as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4 + fi + $as_echo "$as_me: error: $2" >&2 + as_fn_exit $as_status +} # as_fn_error + +if expr a : '\(a\)' >/dev/null 2>&1 && + test "X`expr 00001 : '.*\(...\)'`" = X001; then + as_expr=expr +else + as_expr=false +fi + +if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then + as_basename=basename +else + as_basename=false +fi + +if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then + as_dirname=dirname +else + as_dirname=false +fi + +as_me=`$as_basename -- "$0" || +$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ + X"$0" : 'X\(//\)$' \| \ + X"$0" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X/"$0" | + sed '/^.*\/\([^/][^/]*\)\/*$/{ + s//\1/ + q + } + /^X\/\(\/\/\)$/{ + s//\1/ + q + } + /^X\/\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + +# Avoid depending upon Character Ranges. +as_cr_letters='abcdefghijklmnopqrstuvwxyz' +as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' +as_cr_Letters=$as_cr_letters$as_cr_LETTERS +as_cr_digits='0123456789' +as_cr_alnum=$as_cr_Letters$as_cr_digits + + + as_lineno_1=$LINENO as_lineno_1a=$LINENO + as_lineno_2=$LINENO as_lineno_2a=$LINENO + eval 'test "x$as_lineno_1'$as_run'" != "x$as_lineno_2'$as_run'" && + test "x`expr $as_lineno_1'$as_run' + 1`" = "x$as_lineno_2'$as_run'"' || { + # Blame Lee E. McMahon (1931-1989) for sed's syntax. :-) + sed -n ' + p + /[$]LINENO/= + ' <$as_myself | + sed ' + s/[$]LINENO.*/&-/ + t lineno + b + :lineno + N + :loop + s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/ + t loop + s/-\n.*// + ' >$as_me.lineno && + chmod +x "$as_me.lineno" || + { $as_echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2; as_fn_exit 1; } + + # Don't try to exec as it changes $[0], causing all sort of problems + # (the dirname of $[0] is not the place where we might find the + # original and so on. Autoconf is especially sensitive to this). + . "./$as_me.lineno" + # Exit status is that of the last command. + exit +} + +ECHO_C= ECHO_N= ECHO_T= +case `echo -n x` in #((((( +-n*) + case `echo 'xy\c'` in + *c*) ECHO_T=' ';; # ECHO_T is single tab character. + xy) ECHO_C='\c';; + *) echo `echo ksh88 bug on AIX 6.1` > /dev/null + ECHO_T=' ';; + esac;; +*) + ECHO_N='-n';; +esac + +rm -f conf$$ conf$$.exe conf$$.file +if test -d conf$$.dir; then + rm -f conf$$.dir/conf$$.file +else + rm -f conf$$.dir + mkdir conf$$.dir 2>/dev/null +fi +if (echo >conf$$.file) 2>/dev/null; then + if ln -s conf$$.file conf$$ 2>/dev/null; then + as_ln_s='ln -s' + # ... but there are two gotchas: + # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. + # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. + # In both cases, we have to default to `cp -p'. + ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || + as_ln_s='cp -p' + elif ln conf$$.file conf$$ 2>/dev/null; then + as_ln_s=ln + else + as_ln_s='cp -p' + fi +else + as_ln_s='cp -p' +fi +rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file +rmdir conf$$.dir 2>/dev/null + +if mkdir -p . 2>/dev/null; then + as_mkdir_p='mkdir -p "$as_dir"' +else + test -d ./-p && rmdir ./-p + as_mkdir_p=false +fi + +if test -x / >/dev/null 2>&1; then + as_test_x='test -x' +else + if ls -dL / >/dev/null 2>&1; then + as_ls_L_option=L + else + as_ls_L_option= + fi + as_test_x=' + eval sh -c '\'' + if test -d "$1"; then + test -d "$1/."; + else + case $1 in #( + -*)set "./$1";; + esac; + case `ls -ld'$as_ls_L_option' "$1" 2>/dev/null` in #(( + ???[sx]*):;;*)false;;esac;fi + '\'' sh + ' +fi +as_executable_p=$as_test_x + +# Sed expression to map a string onto a valid CPP name. +as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" + +# Sed expression to map a string onto a valid variable name. +as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" + +SHELL=${CONFIG_SHELL-/bin/sh} + + +test -n "$DJDIR" || exec 7<&0 &1 + +# Name of the host. +# hostname on some systems (SVR3.2, old GNU/Linux) returns a bogus exit status, +# so uname gets run too. +ac_hostname=`(hostname || uname -n) 2>/dev/null | sed 1q` + +# +# Initializations. +# +ac_default_prefix=/usr/local +ac_clean_files= +ac_config_libobj_dir=. +LIBOBJS= +cross_compiling=no +subdirs= +MFLAGS= +MAKEFLAGS= + +# Identity of this package. +PACKAGE_NAME='MockLibc' +PACKAGE_TARNAME='mocklibc' +PACKAGE_VERSION='1.1' +PACKAGE_STRING='MockLibc 1.1' +PACKAGE_BUGREPORT='vonhollen@google.com' +PACKAGE_URL='' + +ac_unique_file="src" +# Factoring default headers for most tests. +ac_includes_default="\ +#include +#ifdef HAVE_SYS_TYPES_H +# include +#endif +#ifdef HAVE_SYS_STAT_H +# include +#endif +#ifdef STDC_HEADERS +# include +# include +#else +# ifdef HAVE_STDLIB_H +# include +# endif +#endif +#ifdef HAVE_STRING_H +# if !defined STDC_HEADERS && defined HAVE_MEMORY_H +# include +# endif +# include +#endif +#ifdef HAVE_STRINGS_H +# include +#endif +#ifdef HAVE_INTTYPES_H +# include +#endif +#ifdef HAVE_STDINT_H +# include +#endif +#ifdef HAVE_UNISTD_H +# include +#endif" + +ac_subst_vars='am__EXEEXT_FALSE +am__EXEEXT_TRUE +LTLIBOBJS +libname +LIBOBJS +CPP +OTOOL64 +OTOOL +LIPO +NMEDIT +DSYMUTIL +MANIFEST_TOOL +RANLIB +ac_ct_AR +AR +DLLTOOL +OBJDUMP +LN_S +NM +ac_ct_DUMPBIN +DUMPBIN +LD +FGREP +EGREP +GREP +SED +host_os +host_vendor +host_cpu +host +build_os +build_vendor +build_cpu +build +LIBTOOL +am__fastdepCC_FALSE +am__fastdepCC_TRUE +CCDEPMODE +am__nodep +AMDEPBACKSLASH +AMDEP_FALSE +AMDEP_TRUE +am__quote +am__include +DEPDIR +OBJEXT +EXEEXT +ac_ct_CC +CPPFLAGS +LDFLAGS +CFLAGS +CC +am__untar +am__tar +AMTAR +am__leading_dot +SET_MAKE +AWK +mkdir_p +MKDIR_P +INSTALL_STRIP_PROGRAM +STRIP +install_sh +MAKEINFO +AUTOHEADER +AUTOMAKE +AUTOCONF +ACLOCAL +VERSION +PACKAGE +CYGPATH_W +am__isrc +INSTALL_DATA +INSTALL_SCRIPT +INSTALL_PROGRAM +target_alias +host_alias +build_alias +LIBS +ECHO_T +ECHO_N +ECHO_C +DEFS +mandir +localedir +libdir +psdir +pdfdir +dvidir +htmldir +infodir +docdir +oldincludedir +includedir +localstatedir +sharedstatedir +sysconfdir +datadir +datarootdir +libexecdir +sbindir +bindir +program_transform_name +prefix +exec_prefix +PACKAGE_URL +PACKAGE_BUGREPORT +PACKAGE_STRING +PACKAGE_VERSION +PACKAGE_TARNAME +PACKAGE_NAME +PATH_SEPARATOR +SHELL' +ac_subst_files='' +ac_user_opts=' +enable_option_checking +enable_dependency_tracking +enable_shared +enable_static +with_pic +enable_fast_install +with_gnu_ld +with_sysroot +enable_libtool_lock +' + ac_precious_vars='build_alias +host_alias +target_alias +CC +CFLAGS +LDFLAGS +LIBS +CPPFLAGS +CPP' + + +# Initialize some variables set by options. +ac_init_help= +ac_init_version=false +ac_unrecognized_opts= +ac_unrecognized_sep= +# The variables have the same names as the options, with +# dashes changed to underlines. +cache_file=/dev/null +exec_prefix=NONE +no_create= +no_recursion= +prefix=NONE +program_prefix=NONE +program_suffix=NONE +program_transform_name=s,x,x, +silent= +site= +srcdir= +verbose= +x_includes=NONE +x_libraries=NONE + +# Installation directory options. +# These are left unexpanded so users can "make install exec_prefix=/foo" +# and all the variables that are supposed to be based on exec_prefix +# by default will actually change. +# Use braces instead of parens because sh, perl, etc. also accept them. +# (The list follows the same order as the GNU Coding Standards.) +bindir='${exec_prefix}/bin' +sbindir='${exec_prefix}/sbin' +libexecdir='${exec_prefix}/libexec' +datarootdir='${prefix}/share' +datadir='${datarootdir}' +sysconfdir='${prefix}/etc' +sharedstatedir='${prefix}/com' +localstatedir='${prefix}/var' +includedir='${prefix}/include' +oldincludedir='/usr/include' +docdir='${datarootdir}/doc/${PACKAGE_TARNAME}' +infodir='${datarootdir}/info' +htmldir='${docdir}' +dvidir='${docdir}' +pdfdir='${docdir}' +psdir='${docdir}' +libdir='${exec_prefix}/lib' +localedir='${datarootdir}/locale' +mandir='${datarootdir}/man' + +ac_prev= +ac_dashdash= +for ac_option +do + # If the previous option needs an argument, assign it. + if test -n "$ac_prev"; then + eval $ac_prev=\$ac_option + ac_prev= + continue + fi + + case $ac_option in + *=?*) ac_optarg=`expr "X$ac_option" : '[^=]*=\(.*\)'` ;; + *=) ac_optarg= ;; + *) ac_optarg=yes ;; + esac + + # Accept the important Cygnus configure options, so we can diagnose typos. + + case $ac_dashdash$ac_option in + --) + ac_dashdash=yes ;; + + -bindir | --bindir | --bindi | --bind | --bin | --bi) + ac_prev=bindir ;; + -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*) + bindir=$ac_optarg ;; + + -build | --build | --buil | --bui | --bu) + ac_prev=build_alias ;; + -build=* | --build=* | --buil=* | --bui=* | --bu=*) + build_alias=$ac_optarg ;; + + -cache-file | --cache-file | --cache-fil | --cache-fi \ + | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c) + ac_prev=cache_file ;; + -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \ + | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*) + cache_file=$ac_optarg ;; + + --config-cache | -C) + cache_file=config.cache ;; + + -datadir | --datadir | --datadi | --datad) + ac_prev=datadir ;; + -datadir=* | --datadir=* | --datadi=* | --datad=*) + datadir=$ac_optarg ;; + + -datarootdir | --datarootdir | --datarootdi | --datarootd | --dataroot \ + | --dataroo | --dataro | --datar) + ac_prev=datarootdir ;; + -datarootdir=* | --datarootdir=* | --datarootdi=* | --datarootd=* \ + | --dataroot=* | --dataroo=* | --dataro=* | --datar=*) + datarootdir=$ac_optarg ;; + + -disable-* | --disable-*) + ac_useropt=`expr "x$ac_option" : 'x-*disable-\(.*\)'` + # Reject names that are not valid shell variable names. + expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && + as_fn_error $? "invalid feature name: $ac_useropt" + ac_useropt_orig=$ac_useropt + ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` + case $ac_user_opts in + *" +"enable_$ac_useropt" +"*) ;; + *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--disable-$ac_useropt_orig" + ac_unrecognized_sep=', ';; + esac + eval enable_$ac_useropt=no ;; + + -docdir | --docdir | --docdi | --doc | --do) + ac_prev=docdir ;; + -docdir=* | --docdir=* | --docdi=* | --doc=* | --do=*) + docdir=$ac_optarg ;; + + -dvidir | --dvidir | --dvidi | --dvid | --dvi | --dv) + ac_prev=dvidir ;; + -dvidir=* | --dvidir=* | --dvidi=* | --dvid=* | --dvi=* | --dv=*) + dvidir=$ac_optarg ;; + + -enable-* | --enable-*) + ac_useropt=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'` + # Reject names that are not valid shell variable names. + expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && + as_fn_error $? "invalid feature name: $ac_useropt" + ac_useropt_orig=$ac_useropt + ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` + case $ac_user_opts in + *" +"enable_$ac_useropt" +"*) ;; + *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--enable-$ac_useropt_orig" + ac_unrecognized_sep=', ';; + esac + eval enable_$ac_useropt=\$ac_optarg ;; + + -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \ + | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \ + | --exec | --exe | --ex) + ac_prev=exec_prefix ;; + -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \ + | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \ + | --exec=* | --exe=* | --ex=*) + exec_prefix=$ac_optarg ;; + + -gas | --gas | --ga | --g) + # Obsolete; use --with-gas. + with_gas=yes ;; + + -help | --help | --hel | --he | -h) + ac_init_help=long ;; + -help=r* | --help=r* | --hel=r* | --he=r* | -hr*) + ac_init_help=recursive ;; + -help=s* | --help=s* | --hel=s* | --he=s* | -hs*) + ac_init_help=short ;; + + -host | --host | --hos | --ho) + ac_prev=host_alias ;; + -host=* | --host=* | --hos=* | --ho=*) + host_alias=$ac_optarg ;; + + -htmldir | --htmldir | --htmldi | --htmld | --html | --htm | --ht) + ac_prev=htmldir ;; + -htmldir=* | --htmldir=* | --htmldi=* | --htmld=* | --html=* | --htm=* \ + | --ht=*) + htmldir=$ac_optarg ;; + + -includedir | --includedir | --includedi | --included | --include \ + | --includ | --inclu | --incl | --inc) + ac_prev=includedir ;; + -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \ + | --includ=* | --inclu=* | --incl=* | --inc=*) + includedir=$ac_optarg ;; + + -infodir | --infodir | --infodi | --infod | --info | --inf) + ac_prev=infodir ;; + -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*) + infodir=$ac_optarg ;; + + -libdir | --libdir | --libdi | --libd) + ac_prev=libdir ;; + -libdir=* | --libdir=* | --libdi=* | --libd=*) + libdir=$ac_optarg ;; + + -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \ + | --libexe | --libex | --libe) + ac_prev=libexecdir ;; + -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \ + | --libexe=* | --libex=* | --libe=*) + libexecdir=$ac_optarg ;; + + -localedir | --localedir | --localedi | --localed | --locale) + ac_prev=localedir ;; + -localedir=* | --localedir=* | --localedi=* | --localed=* | --locale=*) + localedir=$ac_optarg ;; + + -localstatedir | --localstatedir | --localstatedi | --localstated \ + | --localstate | --localstat | --localsta | --localst | --locals) + ac_prev=localstatedir ;; + -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \ + | --localstate=* | --localstat=* | --localsta=* | --localst=* | --locals=*) + localstatedir=$ac_optarg ;; + + -mandir | --mandir | --mandi | --mand | --man | --ma | --m) + ac_prev=mandir ;; + -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*) + mandir=$ac_optarg ;; + + -nfp | --nfp | --nf) + # Obsolete; use --without-fp. + with_fp=no ;; + + -no-create | --no-create | --no-creat | --no-crea | --no-cre \ + | --no-cr | --no-c | -n) + no_create=yes ;; + + -no-recursion | --no-recursion | --no-recursio | --no-recursi \ + | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r) + no_recursion=yes ;; + + -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \ + | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \ + | --oldin | --oldi | --old | --ol | --o) + ac_prev=oldincludedir ;; + -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \ + | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \ + | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*) + oldincludedir=$ac_optarg ;; + + -prefix | --prefix | --prefi | --pref | --pre | --pr | --p) + ac_prev=prefix ;; + -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*) + prefix=$ac_optarg ;; + + -program-prefix | --program-prefix | --program-prefi | --program-pref \ + | --program-pre | --program-pr | --program-p) + ac_prev=program_prefix ;; + -program-prefix=* | --program-prefix=* | --program-prefi=* \ + | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*) + program_prefix=$ac_optarg ;; + + -program-suffix | --program-suffix | --program-suffi | --program-suff \ + | --program-suf | --program-su | --program-s) + ac_prev=program_suffix ;; + -program-suffix=* | --program-suffix=* | --program-suffi=* \ + | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*) + program_suffix=$ac_optarg ;; + + -program-transform-name | --program-transform-name \ + | --program-transform-nam | --program-transform-na \ + | --program-transform-n | --program-transform- \ + | --program-transform | --program-transfor \ + | --program-transfo | --program-transf \ + | --program-trans | --program-tran \ + | --progr-tra | --program-tr | --program-t) + ac_prev=program_transform_name ;; + -program-transform-name=* | --program-transform-name=* \ + | --program-transform-nam=* | --program-transform-na=* \ + | --program-transform-n=* | --program-transform-=* \ + | --program-transform=* | --program-transfor=* \ + | --program-transfo=* | --program-transf=* \ + | --program-trans=* | --program-tran=* \ + | --progr-tra=* | --program-tr=* | --program-t=*) + program_transform_name=$ac_optarg ;; + + -pdfdir | --pdfdir | --pdfdi | --pdfd | --pdf | --pd) + ac_prev=pdfdir ;; + -pdfdir=* | --pdfdir=* | --pdfdi=* | --pdfd=* | --pdf=* | --pd=*) + pdfdir=$ac_optarg ;; + + -psdir | --psdir | --psdi | --psd | --ps) + ac_prev=psdir ;; + -psdir=* | --psdir=* | --psdi=* | --psd=* | --ps=*) + psdir=$ac_optarg ;; + + -q | -quiet | --quiet | --quie | --qui | --qu | --q \ + | -silent | --silent | --silen | --sile | --sil) + silent=yes ;; + + -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb) + ac_prev=sbindir ;; + -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \ + | --sbi=* | --sb=*) + sbindir=$ac_optarg ;; + + -sharedstatedir | --sharedstatedir | --sharedstatedi \ + | --sharedstated | --sharedstate | --sharedstat | --sharedsta \ + | --sharedst | --shareds | --shared | --share | --shar \ + | --sha | --sh) + ac_prev=sharedstatedir ;; + -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \ + | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \ + | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \ + | --sha=* | --sh=*) + sharedstatedir=$ac_optarg ;; + + -site | --site | --sit) + ac_prev=site ;; + -site=* | --site=* | --sit=*) + site=$ac_optarg ;; + + -srcdir | --srcdir | --srcdi | --srcd | --src | --sr) + ac_prev=srcdir ;; + -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*) + srcdir=$ac_optarg ;; + + -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \ + | --syscon | --sysco | --sysc | --sys | --sy) + ac_prev=sysconfdir ;; + -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \ + | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*) + sysconfdir=$ac_optarg ;; + + -target | --target | --targe | --targ | --tar | --ta | --t) + ac_prev=target_alias ;; + -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*) + target_alias=$ac_optarg ;; + + -v | -verbose | --verbose | --verbos | --verbo | --verb) + verbose=yes ;; + + -version | --version | --versio | --versi | --vers | -V) + ac_init_version=: ;; + + -with-* | --with-*) + ac_useropt=`expr "x$ac_option" : 'x-*with-\([^=]*\)'` + # Reject names that are not valid shell variable names. + expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && + as_fn_error $? "invalid package name: $ac_useropt" + ac_useropt_orig=$ac_useropt + ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` + case $ac_user_opts in + *" +"with_$ac_useropt" +"*) ;; + *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--with-$ac_useropt_orig" + ac_unrecognized_sep=', ';; + esac + eval with_$ac_useropt=\$ac_optarg ;; + + -without-* | --without-*) + ac_useropt=`expr "x$ac_option" : 'x-*without-\(.*\)'` + # Reject names that are not valid shell variable names. + expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && + as_fn_error $? "invalid package name: $ac_useropt" + ac_useropt_orig=$ac_useropt + ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` + case $ac_user_opts in + *" +"with_$ac_useropt" +"*) ;; + *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--without-$ac_useropt_orig" + ac_unrecognized_sep=', ';; + esac + eval with_$ac_useropt=no ;; + + --x) + # Obsolete; use --with-x. + with_x=yes ;; + + -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \ + | --x-incl | --x-inc | --x-in | --x-i) + ac_prev=x_includes ;; + -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \ + | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*) + x_includes=$ac_optarg ;; + + -x-libraries | --x-libraries | --x-librarie | --x-librari \ + | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l) + ac_prev=x_libraries ;; + -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \ + | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*) + x_libraries=$ac_optarg ;; + + -*) as_fn_error $? "unrecognized option: \`$ac_option' +Try \`$0 --help' for more information" + ;; + + *=*) + ac_envvar=`expr "x$ac_option" : 'x\([^=]*\)='` + # Reject names that are not valid shell variable names. + case $ac_envvar in #( + '' | [0-9]* | *[!_$as_cr_alnum]* ) + as_fn_error $? "invalid variable name: \`$ac_envvar'" ;; + esac + eval $ac_envvar=\$ac_optarg + export $ac_envvar ;; + + *) + # FIXME: should be removed in autoconf 3.0. + $as_echo "$as_me: WARNING: you should use --build, --host, --target" >&2 + expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null && + $as_echo "$as_me: WARNING: invalid host type: $ac_option" >&2 + : "${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option}" + ;; + + esac +done + +if test -n "$ac_prev"; then + ac_option=--`echo $ac_prev | sed 's/_/-/g'` + as_fn_error $? "missing argument to $ac_option" +fi + +if test -n "$ac_unrecognized_opts"; then + case $enable_option_checking in + no) ;; + fatal) as_fn_error $? "unrecognized options: $ac_unrecognized_opts" ;; + *) $as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2 ;; + esac +fi + +# Check all directory arguments for consistency. +for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \ + datadir sysconfdir sharedstatedir localstatedir includedir \ + oldincludedir docdir infodir htmldir dvidir pdfdir psdir \ + libdir localedir mandir +do + eval ac_val=\$$ac_var + # Remove trailing slashes. + case $ac_val in + */ ) + ac_val=`expr "X$ac_val" : 'X\(.*[^/]\)' \| "X$ac_val" : 'X\(.*\)'` + eval $ac_var=\$ac_val;; + esac + # Be sure to have absolute directory names. + case $ac_val in + [\\/$]* | ?:[\\/]* ) continue;; + NONE | '' ) case $ac_var in *prefix ) continue;; esac;; + esac + as_fn_error $? "expected an absolute directory name for --$ac_var: $ac_val" +done + +# There might be people who depend on the old broken behavior: `$host' +# used to hold the argument of --host etc. +# FIXME: To remove some day. +build=$build_alias +host=$host_alias +target=$target_alias + +# FIXME: To remove some day. +if test "x$host_alias" != x; then + if test "x$build_alias" = x; then + cross_compiling=maybe + $as_echo "$as_me: WARNING: if you wanted to set the --build type, don't use --host. + If a cross compiler is detected then cross compile mode will be used" >&2 + elif test "x$build_alias" != "x$host_alias"; then + cross_compiling=yes + fi +fi + +ac_tool_prefix= +test -n "$host_alias" && ac_tool_prefix=$host_alias- + +test "$silent" = yes && exec 6>/dev/null + + +ac_pwd=`pwd` && test -n "$ac_pwd" && +ac_ls_di=`ls -di .` && +ac_pwd_ls_di=`cd "$ac_pwd" && ls -di .` || + as_fn_error $? "working directory cannot be determined" +test "X$ac_ls_di" = "X$ac_pwd_ls_di" || + as_fn_error $? "pwd does not report name of working directory" + + +# Find the source files, if location was not specified. +if test -z "$srcdir"; then + ac_srcdir_defaulted=yes + # Try the directory containing this script, then the parent directory. + ac_confdir=`$as_dirname -- "$as_myself" || +$as_expr X"$as_myself" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$as_myself" : 'X\(//\)[^/]' \| \ + X"$as_myself" : 'X\(//\)$' \| \ + X"$as_myself" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X"$as_myself" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + srcdir=$ac_confdir + if test ! -r "$srcdir/$ac_unique_file"; then + srcdir=.. + fi +else + ac_srcdir_defaulted=no +fi +if test ! -r "$srcdir/$ac_unique_file"; then + test "$ac_srcdir_defaulted" = yes && srcdir="$ac_confdir or .." + as_fn_error $? "cannot find sources ($ac_unique_file) in $srcdir" +fi +ac_msg="sources are in $srcdir, but \`cd $srcdir' does not work" +ac_abs_confdir=`( + cd "$srcdir" && test -r "./$ac_unique_file" || as_fn_error $? "$ac_msg" + pwd)` +# When building in place, set srcdir=. +if test "$ac_abs_confdir" = "$ac_pwd"; then + srcdir=. +fi +# Remove unnecessary trailing slashes from srcdir. +# Double slashes in file names in object file debugging info +# mess up M-x gdb in Emacs. +case $srcdir in +*/) srcdir=`expr "X$srcdir" : 'X\(.*[^/]\)' \| "X$srcdir" : 'X\(.*\)'`;; +esac +for ac_var in $ac_precious_vars; do + eval ac_env_${ac_var}_set=\${${ac_var}+set} + eval ac_env_${ac_var}_value=\$${ac_var} + eval ac_cv_env_${ac_var}_set=\${${ac_var}+set} + eval ac_cv_env_${ac_var}_value=\$${ac_var} +done + +# +# Report the --help message. +# +if test "$ac_init_help" = "long"; then + # Omit some internal or obsolete options to make the list less imposing. + # This message is too long to be a string in the A/UX 3.1 sh. + cat <<_ACEOF +\`configure' configures MockLibc 1.1 to adapt to many kinds of systems. + +Usage: $0 [OPTION]... [VAR=VALUE]... + +To assign environment variables (e.g., CC, CFLAGS...), specify them as +VAR=VALUE. See below for descriptions of some of the useful variables. + +Defaults for the options are specified in brackets. + +Configuration: + -h, --help display this help and exit + --help=short display options specific to this package + --help=recursive display the short help of all the included packages + -V, --version display version information and exit + -q, --quiet, --silent do not print \`checking ...' messages + --cache-file=FILE cache test results in FILE [disabled] + -C, --config-cache alias for \`--cache-file=config.cache' + -n, --no-create do not create output files + --srcdir=DIR find the sources in DIR [configure dir or \`..'] + +Installation directories: + --prefix=PREFIX install architecture-independent files in PREFIX + [$ac_default_prefix] + --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX + [PREFIX] + +By default, \`make install' will install all the files in +\`$ac_default_prefix/bin', \`$ac_default_prefix/lib' etc. You can specify +an installation prefix other than \`$ac_default_prefix' using \`--prefix', +for instance \`--prefix=\$HOME'. + +For better control, use the options below. + +Fine tuning of the installation directories: + --bindir=DIR user executables [EPREFIX/bin] + --sbindir=DIR system admin executables [EPREFIX/sbin] + --libexecdir=DIR program executables [EPREFIX/libexec] + --sysconfdir=DIR read-only single-machine data [PREFIX/etc] + --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] + --localstatedir=DIR modifiable single-machine data [PREFIX/var] + --libdir=DIR object code libraries [EPREFIX/lib] + --includedir=DIR C header files [PREFIX/include] + --oldincludedir=DIR C header files for non-gcc [/usr/include] + --datarootdir=DIR read-only arch.-independent data root [PREFIX/share] + --datadir=DIR read-only architecture-independent data [DATAROOTDIR] + --infodir=DIR info documentation [DATAROOTDIR/info] + --localedir=DIR locale-dependent data [DATAROOTDIR/locale] + --mandir=DIR man documentation [DATAROOTDIR/man] + --docdir=DIR documentation root [DATAROOTDIR/doc/mocklibc] + --htmldir=DIR html documentation [DOCDIR] + --dvidir=DIR dvi documentation [DOCDIR] + --pdfdir=DIR pdf documentation [DOCDIR] + --psdir=DIR ps documentation [DOCDIR] +_ACEOF + + cat <<\_ACEOF + +Program names: + --program-prefix=PREFIX prepend PREFIX to installed program names + --program-suffix=SUFFIX append SUFFIX to installed program names + --program-transform-name=PROGRAM run sed PROGRAM on installed program names + +System types: + --build=BUILD configure for building on BUILD [guessed] + --host=HOST cross-compile to build programs to run on HOST [BUILD] +_ACEOF +fi + +if test -n "$ac_init_help"; then + case $ac_init_help in + short | recursive ) echo "Configuration of MockLibc 1.1:";; + esac + cat <<\_ACEOF + +Optional Features: + --disable-option-checking ignore unrecognized --enable/--with options + --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no) + --enable-FEATURE[=ARG] include FEATURE [ARG=yes] + --disable-dependency-tracking speeds up one-time build + --enable-dependency-tracking do not reject slow dependency extractors + --enable-shared[=PKGS] build shared libraries [default=yes] + --enable-static[=PKGS] build static libraries [default=yes] + --enable-fast-install[=PKGS] + optimize for fast installation [default=yes] + --disable-libtool-lock avoid locking (might break parallel builds) + +Optional Packages: + --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] + --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no) + --with-pic[=PKGS] try to use only PIC/non-PIC objects [default=use + both] + --with-gnu-ld assume the C compiler uses GNU ld [default=no] + --with-sysroot=DIR Search for dependent libraries within DIR + (or the compiler's sysroot if not specified). + +Some influential environment variables: + CC C compiler command + CFLAGS C compiler flags + LDFLAGS linker flags, e.g. -L if you have libraries in a + nonstandard directory + LIBS libraries to pass to the linker, e.g. -l + CPPFLAGS (Objective) C/C++ preprocessor flags, e.g. -I if + you have headers in a nonstandard directory + CPP C preprocessor + +Use these variables to override the choices made by `configure' or to help +it to find libraries and programs with nonstandard names/locations. + +Report bugs to . +_ACEOF +ac_status=$? +fi + +if test "$ac_init_help" = "recursive"; then + # If there are subdirs, report their specific --help. + for ac_dir in : $ac_subdirs_all; do test "x$ac_dir" = x: && continue + test -d "$ac_dir" || + { cd "$srcdir" && ac_pwd=`pwd` && srcdir=. && test -d "$ac_dir"; } || + continue + ac_builddir=. + +case "$ac_dir" in +.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;; +*) + ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'` + # A ".." for each directory in $ac_dir_suffix. + ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'` + case $ac_top_builddir_sub in + "") ac_top_builddir_sub=. ac_top_build_prefix= ;; + *) ac_top_build_prefix=$ac_top_builddir_sub/ ;; + esac ;; +esac +ac_abs_top_builddir=$ac_pwd +ac_abs_builddir=$ac_pwd$ac_dir_suffix +# for backward compatibility: +ac_top_builddir=$ac_top_build_prefix + +case $srcdir in + .) # We are building in place. + ac_srcdir=. + ac_top_srcdir=$ac_top_builddir_sub + ac_abs_top_srcdir=$ac_pwd ;; + [\\/]* | ?:[\\/]* ) # Absolute name. + ac_srcdir=$srcdir$ac_dir_suffix; + ac_top_srcdir=$srcdir + ac_abs_top_srcdir=$srcdir ;; + *) # Relative name. + ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix + ac_top_srcdir=$ac_top_build_prefix$srcdir + ac_abs_top_srcdir=$ac_pwd/$srcdir ;; +esac +ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix + + cd "$ac_dir" || { ac_status=$?; continue; } + # Check for guested configure. + if test -f "$ac_srcdir/configure.gnu"; then + echo && + $SHELL "$ac_srcdir/configure.gnu" --help=recursive + elif test -f "$ac_srcdir/configure"; then + echo && + $SHELL "$ac_srcdir/configure" --help=recursive + else + $as_echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2 + fi || ac_status=$? + cd "$ac_pwd" || { ac_status=$?; break; } + done +fi + +test -n "$ac_init_help" && exit $ac_status +if $ac_init_version; then + cat <<\_ACEOF +MockLibc configure 1.1 +generated by GNU Autoconf 2.68 + +Copyright (C) 2010 Free Software Foundation, Inc. +This configure script is free software; the Free Software Foundation +gives unlimited permission to copy, distribute and modify it. +_ACEOF + exit +fi + +## ------------------------ ## +## Autoconf initialization. ## +## ------------------------ ## + +# ac_fn_c_try_compile LINENO +# -------------------------- +# Try to compile conftest.$ac_ext, and return whether this succeeded. +ac_fn_c_try_compile () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + rm -f conftest.$ac_objext + if { { ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_compile") 2>conftest.err + ac_status=$? + if test -s conftest.err; then + grep -v '^ *+' conftest.err >conftest.er1 + cat conftest.er1 >&5 + mv -f conftest.er1 conftest.err + fi + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest.$ac_objext; then : + ac_retval=0 +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_retval=1 +fi + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + as_fn_set_status $ac_retval + +} # ac_fn_c_try_compile + +# ac_fn_c_try_link LINENO +# ----------------------- +# Try to link conftest.$ac_ext, and return whether this succeeded. +ac_fn_c_try_link () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + rm -f conftest.$ac_objext conftest$ac_exeext + if { { ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_link") 2>conftest.err + ac_status=$? + if test -s conftest.err; then + grep -v '^ *+' conftest.err >conftest.er1 + cat conftest.er1 >&5 + mv -f conftest.er1 conftest.err + fi + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest$ac_exeext && { + test "$cross_compiling" = yes || + $as_test_x conftest$ac_exeext + }; then : + ac_retval=0 +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_retval=1 +fi + # Delete the IPA/IPO (Inter Procedural Analysis/Optimization) information + # created by the PGI compiler (conftest_ipa8_conftest.oo), as it would + # interfere with the next link command; also delete a directory that is + # left behind by Apple's compiler. We do this before executing the actions. + rm -rf conftest.dSYM conftest_ipa8_conftest.oo + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + as_fn_set_status $ac_retval + +} # ac_fn_c_try_link + +# ac_fn_c_check_header_compile LINENO HEADER VAR INCLUDES +# ------------------------------------------------------- +# Tests whether HEADER exists and can be compiled using the include files in +# INCLUDES, setting the cache variable VAR accordingly. +ac_fn_c_check_header_compile () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 +$as_echo_n "checking for $2... " >&6; } +if eval \${$3+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$4 +#include <$2> +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + eval "$3=yes" +else + eval "$3=no" +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +eval ac_res=\$$3 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + +} # ac_fn_c_check_header_compile + +# ac_fn_c_try_cpp LINENO +# ---------------------- +# Try to preprocess conftest.$ac_ext, and return whether this succeeded. +ac_fn_c_try_cpp () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + if { { ac_try="$ac_cpp conftest.$ac_ext" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_cpp conftest.$ac_ext") 2>conftest.err + ac_status=$? + if test -s conftest.err; then + grep -v '^ *+' conftest.err >conftest.er1 + cat conftest.er1 >&5 + mv -f conftest.er1 conftest.err + fi + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } > conftest.i && { + test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || + test ! -s conftest.err + }; then : + ac_retval=0 +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_retval=1 +fi + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + as_fn_set_status $ac_retval + +} # ac_fn_c_try_cpp + +# ac_fn_c_try_run LINENO +# ---------------------- +# Try to link conftest.$ac_ext, and return whether this succeeded. Assumes +# that executables *can* be run. +ac_fn_c_try_run () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + if { { ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_link") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } && { ac_try='./conftest$ac_exeext' + { { case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_try") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; }; then : + ac_retval=0 +else + $as_echo "$as_me: program exited with status $ac_status" >&5 + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_retval=$ac_status +fi + rm -rf conftest.dSYM conftest_ipa8_conftest.oo + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + as_fn_set_status $ac_retval + +} # ac_fn_c_try_run + +# ac_fn_c_check_func LINENO FUNC VAR +# ---------------------------------- +# Tests whether FUNC exists, setting the cache variable VAR accordingly +ac_fn_c_check_func () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 +$as_echo_n "checking for $2... " >&6; } +if eval \${$3+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +/* Define $2 to an innocuous variant, in case declares $2. + For example, HP-UX 11i declares gettimeofday. */ +#define $2 innocuous_$2 + +/* System header to define __stub macros and hopefully few prototypes, + which can conflict with char $2 (); below. + Prefer to if __STDC__ is defined, since + exists even on freestanding compilers. */ + +#ifdef __STDC__ +# include +#else +# include +#endif + +#undef $2 + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char $2 (); +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined __stub_$2 || defined __stub___$2 +choke me +#endif + +int +main () +{ +return $2 (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + eval "$3=yes" +else + eval "$3=no" +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +fi +eval ac_res=\$$3 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + +} # ac_fn_c_check_func + +# ac_fn_c_check_header_mongrel LINENO HEADER VAR INCLUDES +# ------------------------------------------------------- +# Tests whether HEADER exists, giving a warning if it cannot be compiled using +# the include files in INCLUDES and setting the cache variable VAR +# accordingly. +ac_fn_c_check_header_mongrel () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + if eval \${$3+:} false; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 +$as_echo_n "checking for $2... " >&6; } +if eval \${$3+:} false; then : + $as_echo_n "(cached) " >&6 +fi +eval ac_res=\$$3 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } +else + # Is the header compilable? +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking $2 usability" >&5 +$as_echo_n "checking $2 usability... " >&6; } +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$4 +#include <$2> +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_header_compiler=yes +else + ac_header_compiler=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_header_compiler" >&5 +$as_echo "$ac_header_compiler" >&6; } + +# Is the header present? +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking $2 presence" >&5 +$as_echo_n "checking $2 presence... " >&6; } +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include <$2> +_ACEOF +if ac_fn_c_try_cpp "$LINENO"; then : + ac_header_preproc=yes +else + ac_header_preproc=no +fi +rm -f conftest.err conftest.i conftest.$ac_ext +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_header_preproc" >&5 +$as_echo "$ac_header_preproc" >&6; } + +# So? What about this header? +case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in #(( + yes:no: ) + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: accepted by the compiler, rejected by the preprocessor!" >&5 +$as_echo "$as_me: WARNING: $2: accepted by the compiler, rejected by the preprocessor!" >&2;} + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5 +$as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;} + ;; + no:yes:* ) + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: present but cannot be compiled" >&5 +$as_echo "$as_me: WARNING: $2: present but cannot be compiled" >&2;} + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: check for missing prerequisite headers?" >&5 +$as_echo "$as_me: WARNING: $2: check for missing prerequisite headers?" >&2;} + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: see the Autoconf documentation" >&5 +$as_echo "$as_me: WARNING: $2: see the Autoconf documentation" >&2;} + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: section \"Present But Cannot Be Compiled\"" >&5 +$as_echo "$as_me: WARNING: $2: section \"Present But Cannot Be Compiled\"" >&2;} + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5 +$as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;} +( $as_echo "## ----------------------------------- ## +## Report this to vonhollen@google.com ## +## ----------------------------------- ##" + ) | sed "s/^/$as_me: WARNING: /" >&2 + ;; +esac + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 +$as_echo_n "checking for $2... " >&6; } +if eval \${$3+:} false; then : + $as_echo_n "(cached) " >&6 +else + eval "$3=\$ac_header_compiler" +fi +eval ac_res=\$$3 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } +fi + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + +} # ac_fn_c_check_header_mongrel + +# ac_fn_c_check_type LINENO TYPE VAR INCLUDES +# ------------------------------------------- +# Tests whether TYPE exists after having included INCLUDES, setting cache +# variable VAR accordingly. +ac_fn_c_check_type () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 +$as_echo_n "checking for $2... " >&6; } +if eval \${$3+:} false; then : + $as_echo_n "(cached) " >&6 +else + eval "$3=no" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$4 +int +main () +{ +if (sizeof ($2)) + return 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$4 +int +main () +{ +if (sizeof (($2))) + return 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + +else + eval "$3=yes" +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +eval ac_res=\$$3 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + +} # ac_fn_c_check_type +cat >config.log <<_ACEOF +This file contains any messages produced by compilers while +running configure, to aid debugging if configure makes a mistake. + +It was created by MockLibc $as_me 1.1, which was +generated by GNU Autoconf 2.68. Invocation command line was + + $ $0 $@ + +_ACEOF +exec 5>>config.log +{ +cat <<_ASUNAME +## --------- ## +## Platform. ## +## --------- ## + +hostname = `(hostname || uname -n) 2>/dev/null | sed 1q` +uname -m = `(uname -m) 2>/dev/null || echo unknown` +uname -r = `(uname -r) 2>/dev/null || echo unknown` +uname -s = `(uname -s) 2>/dev/null || echo unknown` +uname -v = `(uname -v) 2>/dev/null || echo unknown` + +/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null || echo unknown` +/bin/uname -X = `(/bin/uname -X) 2>/dev/null || echo unknown` + +/bin/arch = `(/bin/arch) 2>/dev/null || echo unknown` +/usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null || echo unknown` +/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null || echo unknown` +/usr/bin/hostinfo = `(/usr/bin/hostinfo) 2>/dev/null || echo unknown` +/bin/machine = `(/bin/machine) 2>/dev/null || echo unknown` +/usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null || echo unknown` +/bin/universe = `(/bin/universe) 2>/dev/null || echo unknown` + +_ASUNAME + +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + $as_echo "PATH: $as_dir" + done +IFS=$as_save_IFS + +} >&5 + +cat >&5 <<_ACEOF + + +## ----------- ## +## Core tests. ## +## ----------- ## + +_ACEOF + + +# Keep a trace of the command line. +# Strip out --no-create and --no-recursion so they do not pile up. +# Strip out --silent because we don't want to record it for future runs. +# Also quote any args containing shell meta-characters. +# Make two passes to allow for proper duplicate-argument suppression. +ac_configure_args= +ac_configure_args0= +ac_configure_args1= +ac_must_keep_next=false +for ac_pass in 1 2 +do + for ac_arg + do + case $ac_arg in + -no-create | --no-c* | -n | -no-recursion | --no-r*) continue ;; + -q | -quiet | --quiet | --quie | --qui | --qu | --q \ + | -silent | --silent | --silen | --sile | --sil) + continue ;; + *\'*) + ac_arg=`$as_echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;; + esac + case $ac_pass in + 1) as_fn_append ac_configure_args0 " '$ac_arg'" ;; + 2) + as_fn_append ac_configure_args1 " '$ac_arg'" + if test $ac_must_keep_next = true; then + ac_must_keep_next=false # Got value, back to normal. + else + case $ac_arg in + *=* | --config-cache | -C | -disable-* | --disable-* \ + | -enable-* | --enable-* | -gas | --g* | -nfp | --nf* \ + | -q | -quiet | --q* | -silent | --sil* | -v | -verb* \ + | -with-* | --with-* | -without-* | --without-* | --x) + case "$ac_configure_args0 " in + "$ac_configure_args1"*" '$ac_arg' "* ) continue ;; + esac + ;; + -* ) ac_must_keep_next=true ;; + esac + fi + as_fn_append ac_configure_args " '$ac_arg'" + ;; + esac + done +done +{ ac_configure_args0=; unset ac_configure_args0;} +{ ac_configure_args1=; unset ac_configure_args1;} + +# When interrupted or exit'd, cleanup temporary files, and complete +# config.log. We remove comments because anyway the quotes in there +# would cause problems or look ugly. +# WARNING: Use '\'' to represent an apostrophe within the trap. +# WARNING: Do not start the trap code with a newline, due to a FreeBSD 4.0 bug. +trap 'exit_status=$? + # Save into config.log some information that might help in debugging. + { + echo + + $as_echo "## ---------------- ## +## Cache variables. ## +## ---------------- ##" + echo + # The following way of writing the cache mishandles newlines in values, +( + for ac_var in `(set) 2>&1 | sed -n '\''s/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'\''`; do + eval ac_val=\$$ac_var + case $ac_val in #( + *${as_nl}*) + case $ac_var in #( + *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5 +$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; + esac + case $ac_var in #( + _ | IFS | as_nl) ;; #( + BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #( + *) { eval $ac_var=; unset $ac_var;} ;; + esac ;; + esac + done + (set) 2>&1 | + case $as_nl`(ac_space='\'' '\''; set) 2>&1` in #( + *${as_nl}ac_space=\ *) + sed -n \ + "s/'\''/'\''\\\\'\'''\''/g; + s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\''\\2'\''/p" + ;; #( + *) + sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p" + ;; + esac | + sort +) + echo + + $as_echo "## ----------------- ## +## Output variables. ## +## ----------------- ##" + echo + for ac_var in $ac_subst_vars + do + eval ac_val=\$$ac_var + case $ac_val in + *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;; + esac + $as_echo "$ac_var='\''$ac_val'\''" + done | sort + echo + + if test -n "$ac_subst_files"; then + $as_echo "## ------------------- ## +## File substitutions. ## +## ------------------- ##" + echo + for ac_var in $ac_subst_files + do + eval ac_val=\$$ac_var + case $ac_val in + *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;; + esac + $as_echo "$ac_var='\''$ac_val'\''" + done | sort + echo + fi + + if test -s confdefs.h; then + $as_echo "## ----------- ## +## confdefs.h. ## +## ----------- ##" + echo + cat confdefs.h + echo + fi + test "$ac_signal" != 0 && + $as_echo "$as_me: caught signal $ac_signal" + $as_echo "$as_me: exit $exit_status" + } >&5 + rm -f core *.core core.conftest.* && + rm -f -r conftest* confdefs* conf$$* $ac_clean_files && + exit $exit_status +' 0 +for ac_signal in 1 2 13 15; do + trap 'ac_signal='$ac_signal'; as_fn_exit 1' $ac_signal +done +ac_signal=0 + +# confdefs.h avoids OS command line length limits that DEFS can exceed. +rm -f -r conftest* confdefs.h + +$as_echo "/* confdefs.h */" > confdefs.h + +# Predefined preprocessor variables. + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_NAME "$PACKAGE_NAME" +_ACEOF + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_TARNAME "$PACKAGE_TARNAME" +_ACEOF + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_VERSION "$PACKAGE_VERSION" +_ACEOF + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_STRING "$PACKAGE_STRING" +_ACEOF + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_BUGREPORT "$PACKAGE_BUGREPORT" +_ACEOF + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_URL "$PACKAGE_URL" +_ACEOF + + +# Let the site file select an alternate cache file if it wants to. +# Prefer an explicitly selected file to automatically selected ones. +ac_site_file1=NONE +ac_site_file2=NONE +if test -n "$CONFIG_SITE"; then + # We do not want a PATH search for config.site. + case $CONFIG_SITE in #(( + -*) ac_site_file1=./$CONFIG_SITE;; + */*) ac_site_file1=$CONFIG_SITE;; + *) ac_site_file1=./$CONFIG_SITE;; + esac +elif test "x$prefix" != xNONE; then + ac_site_file1=$prefix/share/config.site + ac_site_file2=$prefix/etc/config.site +else + ac_site_file1=$ac_default_prefix/share/config.site + ac_site_file2=$ac_default_prefix/etc/config.site +fi +for ac_site_file in "$ac_site_file1" "$ac_site_file2" +do + test "x$ac_site_file" = xNONE && continue + if test /dev/null != "$ac_site_file" && test -r "$ac_site_file"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: loading site script $ac_site_file" >&5 +$as_echo "$as_me: loading site script $ac_site_file" >&6;} + sed 's/^/| /' "$ac_site_file" >&5 + . "$ac_site_file" \ + || { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "failed to load site script $ac_site_file +See \`config.log' for more details" "$LINENO" 5; } + fi +done + +if test -r "$cache_file"; then + # Some versions of bash will fail to source /dev/null (special files + # actually), so we avoid doing that. DJGPP emulates it as a regular file. + if test /dev/null != "$cache_file" && test -f "$cache_file"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: loading cache $cache_file" >&5 +$as_echo "$as_me: loading cache $cache_file" >&6;} + case $cache_file in + [\\/]* | ?:[\\/]* ) . "$cache_file";; + *) . "./$cache_file";; + esac + fi +else + { $as_echo "$as_me:${as_lineno-$LINENO}: creating cache $cache_file" >&5 +$as_echo "$as_me: creating cache $cache_file" >&6;} + >$cache_file +fi + +# Check that the precious variables saved in the cache have kept the same +# value. +ac_cache_corrupted=false +for ac_var in $ac_precious_vars; do + eval ac_old_set=\$ac_cv_env_${ac_var}_set + eval ac_new_set=\$ac_env_${ac_var}_set + eval ac_old_val=\$ac_cv_env_${ac_var}_value + eval ac_new_val=\$ac_env_${ac_var}_value + case $ac_old_set,$ac_new_set in + set,) + { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5 +$as_echo "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;} + ac_cache_corrupted=: ;; + ,set) + { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was not set in the previous run" >&5 +$as_echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;} + ac_cache_corrupted=: ;; + ,);; + *) + if test "x$ac_old_val" != "x$ac_new_val"; then + # differences in whitespace do not lead to failure. + ac_old_val_w=`echo x $ac_old_val` + ac_new_val_w=`echo x $ac_new_val` + if test "$ac_old_val_w" != "$ac_new_val_w"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' has changed since the previous run:" >&5 +$as_echo "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;} + ac_cache_corrupted=: + else + { $as_echo "$as_me:${as_lineno-$LINENO}: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&5 +$as_echo "$as_me: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&2;} + eval $ac_var=\$ac_old_val + fi + { $as_echo "$as_me:${as_lineno-$LINENO}: former value: \`$ac_old_val'" >&5 +$as_echo "$as_me: former value: \`$ac_old_val'" >&2;} + { $as_echo "$as_me:${as_lineno-$LINENO}: current value: \`$ac_new_val'" >&5 +$as_echo "$as_me: current value: \`$ac_new_val'" >&2;} + fi;; + esac + # Pass precious variables to config.status. + if test "$ac_new_set" = set; then + case $ac_new_val in + *\'*) ac_arg=$ac_var=`$as_echo "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;; + *) ac_arg=$ac_var=$ac_new_val ;; + esac + case " $ac_configure_args " in + *" '$ac_arg' "*) ;; # Avoid dups. Use of quotes ensures accuracy. + *) as_fn_append ac_configure_args " '$ac_arg'" ;; + esac + fi +done +if $ac_cache_corrupted; then + { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} + { $as_echo "$as_me:${as_lineno-$LINENO}: error: changes in the environment can compromise the build" >&5 +$as_echo "$as_me: error: changes in the environment can compromise the build" >&2;} + as_fn_error $? "run \`make distclean' and/or \`rm $cache_file' and start over" "$LINENO" 5 +fi +## -------------------- ## +## Main body of script. ## +## -------------------- ## + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + + + +ac_config_headers="$ac_config_headers config.h" + +am__api_version='1.11' + +ac_aux_dir= +for ac_dir in "$srcdir" "$srcdir/.." "$srcdir/../.."; do + if test -f "$ac_dir/install-sh"; then + ac_aux_dir=$ac_dir + ac_install_sh="$ac_aux_dir/install-sh -c" + break + elif test -f "$ac_dir/install.sh"; then + ac_aux_dir=$ac_dir + ac_install_sh="$ac_aux_dir/install.sh -c" + break + elif test -f "$ac_dir/shtool"; then + ac_aux_dir=$ac_dir + ac_install_sh="$ac_aux_dir/shtool install -c" + break + fi +done +if test -z "$ac_aux_dir"; then + as_fn_error $? "cannot find install-sh, install.sh, or shtool in \"$srcdir\" \"$srcdir/..\" \"$srcdir/../..\"" "$LINENO" 5 +fi + +# These three variables are undocumented and unsupported, +# and are intended to be withdrawn in a future Autoconf release. +# They can cause serious problems if a builder's source tree is in a directory +# whose full name contains unusual characters. +ac_config_guess="$SHELL $ac_aux_dir/config.guess" # Please don't use this var. +ac_config_sub="$SHELL $ac_aux_dir/config.sub" # Please don't use this var. +ac_configure="$SHELL $ac_aux_dir/configure" # Please don't use this var. + + +# Find a good install program. We prefer a C program (faster), +# so one script is as good as another. But avoid the broken or +# incompatible versions: +# SysV /etc/install, /usr/sbin/install +# SunOS /usr/etc/install +# IRIX /sbin/install +# AIX /bin/install +# AmigaOS /C/install, which installs bootblocks on floppy discs +# AIX 4 /usr/bin/installbsd, which doesn't work without a -g flag +# AFS /usr/afsws/bin/install, which mishandles nonexistent args +# SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff" +# OS/2's system install, which has a completely different semantic +# ./install, which can be erroneously created by make from ./install.sh. +# Reject install programs that cannot install multiple files. +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a BSD-compatible install" >&5 +$as_echo_n "checking for a BSD-compatible install... " >&6; } +if test -z "$INSTALL"; then +if ${ac_cv_path_install+:} false; then : + $as_echo_n "(cached) " >&6 +else + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + # Account for people who put trailing slashes in PATH elements. +case $as_dir/ in #(( + ./ | .// | /[cC]/* | \ + /etc/* | /usr/sbin/* | /usr/etc/* | /sbin/* | /usr/afsws/bin/* | \ + ?:[\\/]os2[\\/]install[\\/]* | ?:[\\/]OS2[\\/]INSTALL[\\/]* | \ + /usr/ucb/* ) ;; + *) + # OSF1 and SCO ODT 3.0 have their own names for install. + # Don't use installbsd from OSF since it installs stuff as root + # by default. + for ac_prog in ginstall scoinst install; do + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_prog$ac_exec_ext" && $as_test_x "$as_dir/$ac_prog$ac_exec_ext"; }; then + if test $ac_prog = install && + grep dspmsg "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then + # AIX install. It has an incompatible calling convention. + : + elif test $ac_prog = install && + grep pwplus "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then + # program-specific install script used by HP pwplus--don't use. + : + else + rm -rf conftest.one conftest.two conftest.dir + echo one > conftest.one + echo two > conftest.two + mkdir conftest.dir + if "$as_dir/$ac_prog$ac_exec_ext" -c conftest.one conftest.two "`pwd`/conftest.dir" && + test -s conftest.one && test -s conftest.two && + test -s conftest.dir/conftest.one && + test -s conftest.dir/conftest.two + then + ac_cv_path_install="$as_dir/$ac_prog$ac_exec_ext -c" + break 3 + fi + fi + fi + done + done + ;; +esac + + done +IFS=$as_save_IFS + +rm -rf conftest.one conftest.two conftest.dir + +fi + if test "${ac_cv_path_install+set}" = set; then + INSTALL=$ac_cv_path_install + else + # As a last resort, use the slow shell script. Don't cache a + # value for INSTALL within a source directory, because that will + # break other packages using the cache if that directory is + # removed, or if the value is a relative name. + INSTALL=$ac_install_sh + fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $INSTALL" >&5 +$as_echo "$INSTALL" >&6; } + +# Use test -z because SunOS4 sh mishandles braces in ${var-val}. +# It thinks the first close brace ends the variable substitution. +test -z "$INSTALL_PROGRAM" && INSTALL_PROGRAM='${INSTALL}' + +test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL}' + +test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644' + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether build environment is sane" >&5 +$as_echo_n "checking whether build environment is sane... " >&6; } +# Just in case +sleep 1 +echo timestamp > conftest.file +# Reject unsafe characters in $srcdir or the absolute working directory +# name. Accept space and tab only in the latter. +am_lf=' +' +case `pwd` in + *[\\\"\#\$\&\'\`$am_lf]*) + as_fn_error $? "unsafe absolute working directory name" "$LINENO" 5;; +esac +case $srcdir in + *[\\\"\#\$\&\'\`$am_lf\ \ ]*) + as_fn_error $? "unsafe srcdir value: \`$srcdir'" "$LINENO" 5;; +esac + +# Do `set' in a subshell so we don't clobber the current shell's +# arguments. Must try -L first in case configure is actually a +# symlink; some systems play weird games with the mod time of symlinks +# (eg FreeBSD returns the mod time of the symlink's containing +# directory). +if ( + set X `ls -Lt "$srcdir/configure" conftest.file 2> /dev/null` + if test "$*" = "X"; then + # -L didn't work. + set X `ls -t "$srcdir/configure" conftest.file` + fi + rm -f conftest.file + if test "$*" != "X $srcdir/configure conftest.file" \ + && test "$*" != "X conftest.file $srcdir/configure"; then + + # If neither matched, then we have a broken ls. This can happen + # if, for instance, CONFIG_SHELL is bash and it inherits a + # broken ls alias from the environment. This has actually + # happened. Such a system could not be considered "sane". + as_fn_error $? "ls -t appears to fail. Make sure there is not a broken +alias in your environment" "$LINENO" 5 + fi + + test "$2" = conftest.file + ) +then + # Ok. + : +else + as_fn_error $? "newly created file is older than distributed files! +Check your system clock" "$LINENO" 5 +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } +test "$program_prefix" != NONE && + program_transform_name="s&^&$program_prefix&;$program_transform_name" +# Use a double $ so make ignores it. +test "$program_suffix" != NONE && + program_transform_name="s&\$&$program_suffix&;$program_transform_name" +# Double any \ or $. +# By default was `s,x,x', remove it if useless. +ac_script='s/[\\$]/&&/g;s/;s,x,x,$//' +program_transform_name=`$as_echo "$program_transform_name" | sed "$ac_script"` + +# expand $ac_aux_dir to an absolute path +am_aux_dir=`cd $ac_aux_dir && pwd` + +if test x"${MISSING+set}" != xset; then + case $am_aux_dir in + *\ * | *\ *) + MISSING="\${SHELL} \"$am_aux_dir/missing\"" ;; + *) + MISSING="\${SHELL} $am_aux_dir/missing" ;; + esac +fi +# Use eval to expand $SHELL +if eval "$MISSING --run true"; then + am_missing_run="$MISSING --run " +else + am_missing_run= + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: \`missing' script is too old or missing" >&5 +$as_echo "$as_me: WARNING: \`missing' script is too old or missing" >&2;} +fi + +if test x"${install_sh}" != xset; then + case $am_aux_dir in + *\ * | *\ *) + install_sh="\${SHELL} '$am_aux_dir/install-sh'" ;; + *) + install_sh="\${SHELL} $am_aux_dir/install-sh" + esac +fi + +# Installed binaries are usually stripped using `strip' when the user +# run `make install-strip'. However `strip' might not be the right +# tool to use in cross-compilation environments, therefore Automake +# will honor the `STRIP' environment variable to overrule this program. +if test "$cross_compiling" != no; then + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args. +set dummy ${ac_tool_prefix}strip; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_STRIP+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$STRIP"; then + ac_cv_prog_STRIP="$STRIP" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_STRIP="${ac_tool_prefix}strip" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +STRIP=$ac_cv_prog_STRIP +if test -n "$STRIP"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $STRIP" >&5 +$as_echo "$STRIP" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_STRIP"; then + ac_ct_STRIP=$STRIP + # Extract the first word of "strip", so it can be a program name with args. +set dummy strip; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_STRIP+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_STRIP"; then + ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_ac_ct_STRIP="strip" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP +if test -n "$ac_ct_STRIP"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_STRIP" >&5 +$as_echo "$ac_ct_STRIP" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_ct_STRIP" = x; then + STRIP=":" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + STRIP=$ac_ct_STRIP + fi +else + STRIP="$ac_cv_prog_STRIP" +fi + +fi +INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s" + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a thread-safe mkdir -p" >&5 +$as_echo_n "checking for a thread-safe mkdir -p... " >&6; } +if test -z "$MKDIR_P"; then + if ${ac_cv_path_mkdir+:} false; then : + $as_echo_n "(cached) " >&6 +else + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH$PATH_SEPARATOR/opt/sfw/bin +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_prog in mkdir gmkdir; do + for ac_exec_ext in '' $ac_executable_extensions; do + { test -f "$as_dir/$ac_prog$ac_exec_ext" && $as_test_x "$as_dir/$ac_prog$ac_exec_ext"; } || continue + case `"$as_dir/$ac_prog$ac_exec_ext" --version 2>&1` in #( + 'mkdir (GNU coreutils) '* | \ + 'mkdir (coreutils) '* | \ + 'mkdir (fileutils) '4.1*) + ac_cv_path_mkdir=$as_dir/$ac_prog$ac_exec_ext + break 3;; + esac + done + done + done +IFS=$as_save_IFS + +fi + + test -d ./--version && rmdir ./--version + if test "${ac_cv_path_mkdir+set}" = set; then + MKDIR_P="$ac_cv_path_mkdir -p" + else + # As a last resort, use the slow shell script. Don't cache a + # value for MKDIR_P within a source directory, because that will + # break other packages using the cache if that directory is + # removed, or if the value is a relative name. + MKDIR_P="$ac_install_sh -d" + fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $MKDIR_P" >&5 +$as_echo "$MKDIR_P" >&6; } + +mkdir_p="$MKDIR_P" +case $mkdir_p in + [\\/$]* | ?:[\\/]*) ;; + */*) mkdir_p="\$(top_builddir)/$mkdir_p" ;; +esac + +for ac_prog in gawk mawk nawk awk +do + # Extract the first word of "$ac_prog", so it can be a program name with args. +set dummy $ac_prog; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_AWK+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$AWK"; then + ac_cv_prog_AWK="$AWK" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_AWK="$ac_prog" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +AWK=$ac_cv_prog_AWK +if test -n "$AWK"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $AWK" >&5 +$as_echo "$AWK" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + test -n "$AWK" && break +done + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ${MAKE-make} sets \$(MAKE)" >&5 +$as_echo_n "checking whether ${MAKE-make} sets \$(MAKE)... " >&6; } +set x ${MAKE-make} +ac_make=`$as_echo "$2" | sed 's/+/p/g; s/[^a-zA-Z0-9_]/_/g'` +if eval \${ac_cv_prog_make_${ac_make}_set+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat >conftest.make <<\_ACEOF +SHELL = /bin/sh +all: + @echo '@@@%%%=$(MAKE)=@@@%%%' +_ACEOF +# GNU make sometimes prints "make[1]: Entering ...", which would confuse us. +case `${MAKE-make} -f conftest.make 2>/dev/null` in + *@@@%%%=?*=@@@%%%*) + eval ac_cv_prog_make_${ac_make}_set=yes;; + *) + eval ac_cv_prog_make_${ac_make}_set=no;; +esac +rm -f conftest.make +fi +if eval test \$ac_cv_prog_make_${ac_make}_set = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + SET_MAKE= +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + SET_MAKE="MAKE=${MAKE-make}" +fi + +rm -rf .tst 2>/dev/null +mkdir .tst 2>/dev/null +if test -d .tst; then + am__leading_dot=. +else + am__leading_dot=_ +fi +rmdir .tst 2>/dev/null + +if test "`cd $srcdir && pwd`" != "`pwd`"; then + # Use -I$(srcdir) only when $(srcdir) != ., so that make's output + # is not polluted with repeated "-I." + am__isrc=' -I$(srcdir)' + # test to see if srcdir already configured + if test -f $srcdir/config.status; then + as_fn_error $? "source directory already configured; run \"make distclean\" there first" "$LINENO" 5 + fi +fi + +# test whether we have cygpath +if test -z "$CYGPATH_W"; then + if (cygpath --version) >/dev/null 2>/dev/null; then + CYGPATH_W='cygpath -w' + else + CYGPATH_W=echo + fi +fi + + +# Define the identity of the package. + PACKAGE='mocklibc' + VERSION='1.1' + + +cat >>confdefs.h <<_ACEOF +#define PACKAGE "$PACKAGE" +_ACEOF + + +cat >>confdefs.h <<_ACEOF +#define VERSION "$VERSION" +_ACEOF + +# Some tools Automake needs. + +ACLOCAL=${ACLOCAL-"${am_missing_run}aclocal-${am__api_version}"} + + +AUTOCONF=${AUTOCONF-"${am_missing_run}autoconf"} + + +AUTOMAKE=${AUTOMAKE-"${am_missing_run}automake-${am__api_version}"} + + +AUTOHEADER=${AUTOHEADER-"${am_missing_run}autoheader"} + + +MAKEINFO=${MAKEINFO-"${am_missing_run}makeinfo"} + +# We need awk for the "check" target. The system "awk" is bad on +# some platforms. +# Always define AMTAR for backward compatibility. Yes, it's still used +# in the wild :-( We should find a proper way to deprecate it ... +AMTAR='$${TAR-tar}' + +am__tar='$${TAR-tar} chof - "$$tardir"' am__untar='$${TAR-tar} xf -' + + + + + + +# Checks for programs. +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu +if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args. +set dummy ${ac_tool_prefix}gcc; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_CC+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_CC="${ac_tool_prefix}gcc" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 +$as_echo "$CC" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_CC"; then + ac_ct_CC=$CC + # Extract the first word of "gcc", so it can be a program name with args. +set dummy gcc; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_CC+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_CC"; then + ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_ac_ct_CC="gcc" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_CC=$ac_cv_prog_ac_ct_CC +if test -n "$ac_ct_CC"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 +$as_echo "$ac_ct_CC" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_ct_CC" = x; then + CC="" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + CC=$ac_ct_CC + fi +else + CC="$ac_cv_prog_CC" +fi + +if test -z "$CC"; then + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args. +set dummy ${ac_tool_prefix}cc; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_CC+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_CC="${ac_tool_prefix}cc" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 +$as_echo "$CC" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + fi +fi +if test -z "$CC"; then + # Extract the first word of "cc", so it can be a program name with args. +set dummy cc; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_CC+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else + ac_prog_rejected=no +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then + ac_prog_rejected=yes + continue + fi + ac_cv_prog_CC="cc" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +if test $ac_prog_rejected = yes; then + # We found a bogon in the path, so make sure we never use it. + set dummy $ac_cv_prog_CC + shift + if test $# != 0; then + # We chose a different compiler from the bogus one. + # However, it has the same basename, so the bogon will be chosen + # first if we set CC to just the basename; use the full file name. + shift + ac_cv_prog_CC="$as_dir/$ac_word${1+' '}$@" + fi +fi +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 +$as_echo "$CC" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$CC"; then + if test -n "$ac_tool_prefix"; then + for ac_prog in cl.exe + do + # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. +set dummy $ac_tool_prefix$ac_prog; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_CC+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_CC="$ac_tool_prefix$ac_prog" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 +$as_echo "$CC" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + test -n "$CC" && break + done +fi +if test -z "$CC"; then + ac_ct_CC=$CC + for ac_prog in cl.exe +do + # Extract the first word of "$ac_prog", so it can be a program name with args. +set dummy $ac_prog; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_CC+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_CC"; then + ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_ac_ct_CC="$ac_prog" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_CC=$ac_cv_prog_ac_ct_CC +if test -n "$ac_ct_CC"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 +$as_echo "$ac_ct_CC" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + test -n "$ac_ct_CC" && break +done + + if test "x$ac_ct_CC" = x; then + CC="" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + CC=$ac_ct_CC + fi +fi + +fi + + +test -z "$CC" && { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "no acceptable C compiler found in \$PATH +See \`config.log' for more details" "$LINENO" 5; } + +# Provide some information about the compiler. +$as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5 +set X $ac_compile +ac_compiler=$2 +for ac_option in --version -v -V -qversion; do + { { ac_try="$ac_compiler $ac_option >&5" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_compiler $ac_option >&5") 2>conftest.err + ac_status=$? + if test -s conftest.err; then + sed '10a\ +... rest of stderr output deleted ... + 10q' conftest.err >conftest.er1 + cat conftest.er1 >&5 + fi + rm -f conftest.er1 conftest.err + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } +done + +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +ac_clean_files_save=$ac_clean_files +ac_clean_files="$ac_clean_files a.out a.out.dSYM a.exe b.out" +# Try to create an executable without -o first, disregard a.out. +# It will help us diagnose broken compilers, and finding out an intuition +# of exeext. +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the C compiler works" >&5 +$as_echo_n "checking whether the C compiler works... " >&6; } +ac_link_default=`$as_echo "$ac_link" | sed 's/ -o *conftest[^ ]*//'` + +# The possible output files: +ac_files="a.out conftest.exe conftest a.exe a_out.exe b.out conftest.*" + +ac_rmfiles= +for ac_file in $ac_files +do + case $ac_file in + *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;; + * ) ac_rmfiles="$ac_rmfiles $ac_file";; + esac +done +rm -f $ac_rmfiles + +if { { ac_try="$ac_link_default" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_link_default") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then : + # Autoconf-2.13 could set the ac_cv_exeext variable to `no'. +# So ignore a value of `no', otherwise this would lead to `EXEEXT = no' +# in a Makefile. We should not override ac_cv_exeext if it was cached, +# so that the user can short-circuit this test for compilers unknown to +# Autoconf. +for ac_file in $ac_files '' +do + test -f "$ac_file" || continue + case $ac_file in + *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) + ;; + [ab].out ) + # We found the default executable, but exeext='' is most + # certainly right. + break;; + *.* ) + if test "${ac_cv_exeext+set}" = set && test "$ac_cv_exeext" != no; + then :; else + ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` + fi + # We set ac_cv_exeext here because the later test for it is not + # safe: cross compilers may not add the suffix if given an `-o' + # argument, so we may need to know it at that point already. + # Even if this section looks crufty: it has the advantage of + # actually working. + break;; + * ) + break;; + esac +done +test "$ac_cv_exeext" = no && ac_cv_exeext= + +else + ac_file='' +fi +if test -z "$ac_file"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +$as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error 77 "C compiler cannot create executables +See \`config.log' for more details" "$LINENO" 5; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler default output file name" >&5 +$as_echo_n "checking for C compiler default output file name... " >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_file" >&5 +$as_echo "$ac_file" >&6; } +ac_exeext=$ac_cv_exeext + +rm -f -r a.out a.out.dSYM a.exe conftest$ac_cv_exeext b.out +ac_clean_files=$ac_clean_files_save +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of executables" >&5 +$as_echo_n "checking for suffix of executables... " >&6; } +if { { ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_link") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then : + # If both `conftest.exe' and `conftest' are `present' (well, observable) +# catch `conftest.exe'. For instance with Cygwin, `ls conftest' will +# work properly (i.e., refer to `conftest.exe'), while it won't with +# `rm'. +for ac_file in conftest.exe conftest conftest.*; do + test -f "$ac_file" || continue + case $ac_file in + *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;; + *.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` + break;; + * ) break;; + esac +done +else + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "cannot compute suffix of executables: cannot compile and link +See \`config.log' for more details" "$LINENO" 5; } +fi +rm -f conftest conftest$ac_cv_exeext +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_exeext" >&5 +$as_echo "$ac_cv_exeext" >&6; } + +rm -f conftest.$ac_ext +EXEEXT=$ac_cv_exeext +ac_exeext=$EXEEXT +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +int +main () +{ +FILE *f = fopen ("conftest.out", "w"); + return ferror (f) || fclose (f) != 0; + + ; + return 0; +} +_ACEOF +ac_clean_files="$ac_clean_files conftest.out" +# Check that the compiler produces executables we can run. If not, either +# the compiler is broken, or we cross compile. +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are cross compiling" >&5 +$as_echo_n "checking whether we are cross compiling... " >&6; } +if test "$cross_compiling" != yes; then + { { ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_link") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + if { ac_try='./conftest$ac_cv_exeext' + { { case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_try") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; }; then + cross_compiling=no + else + if test "$cross_compiling" = maybe; then + cross_compiling=yes + else + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "cannot run C compiled programs. +If you meant to cross compile, use \`--host'. +See \`config.log' for more details" "$LINENO" 5; } + fi + fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $cross_compiling" >&5 +$as_echo "$cross_compiling" >&6; } + +rm -f conftest.$ac_ext conftest$ac_cv_exeext conftest.out +ac_clean_files=$ac_clean_files_save +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of object files" >&5 +$as_echo_n "checking for suffix of object files... " >&6; } +if ${ac_cv_objext+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +rm -f conftest.o conftest.obj +if { { ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_compile") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then : + for ac_file in conftest.o conftest.obj conftest.*; do + test -f "$ac_file" || continue; + case $ac_file in + *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM ) ;; + *) ac_cv_objext=`expr "$ac_file" : '.*\.\(.*\)'` + break;; + esac +done +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "cannot compute suffix of object files: cannot compile +See \`config.log' for more details" "$LINENO" 5; } +fi +rm -f conftest.$ac_cv_objext conftest.$ac_ext +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_objext" >&5 +$as_echo "$ac_cv_objext" >&6; } +OBJEXT=$ac_cv_objext +ac_objext=$OBJEXT +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using the GNU C compiler" >&5 +$as_echo_n "checking whether we are using the GNU C compiler... " >&6; } +if ${ac_cv_c_compiler_gnu+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ +#ifndef __GNUC__ + choke me +#endif + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_compiler_gnu=yes +else + ac_compiler_gnu=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +ac_cv_c_compiler_gnu=$ac_compiler_gnu + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_compiler_gnu" >&5 +$as_echo "$ac_cv_c_compiler_gnu" >&6; } +if test $ac_compiler_gnu = yes; then + GCC=yes +else + GCC= +fi +ac_test_CFLAGS=${CFLAGS+set} +ac_save_CFLAGS=$CFLAGS +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC accepts -g" >&5 +$as_echo_n "checking whether $CC accepts -g... " >&6; } +if ${ac_cv_prog_cc_g+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_save_c_werror_flag=$ac_c_werror_flag + ac_c_werror_flag=yes + ac_cv_prog_cc_g=no + CFLAGS="-g" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_prog_cc_g=yes +else + CFLAGS="" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + +else + ac_c_werror_flag=$ac_save_c_werror_flag + CFLAGS="-g" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_prog_cc_g=yes +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + ac_c_werror_flag=$ac_save_c_werror_flag +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_g" >&5 +$as_echo "$ac_cv_prog_cc_g" >&6; } +if test "$ac_test_CFLAGS" = set; then + CFLAGS=$ac_save_CFLAGS +elif test $ac_cv_prog_cc_g = yes; then + if test "$GCC" = yes; then + CFLAGS="-g -O2" + else + CFLAGS="-g" + fi +else + if test "$GCC" = yes; then + CFLAGS="-O2" + else + CFLAGS= + fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $CC option to accept ISO C89" >&5 +$as_echo_n "checking for $CC option to accept ISO C89... " >&6; } +if ${ac_cv_prog_cc_c89+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_cv_prog_cc_c89=no +ac_save_CC=$CC +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +#include +#include +#include +/* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */ +struct buf { int x; }; +FILE * (*rcsopen) (struct buf *, struct stat *, int); +static char *e (p, i) + char **p; + int i; +{ + return p[i]; +} +static char *f (char * (*g) (char **, int), char **p, ...) +{ + char *s; + va_list v; + va_start (v,p); + s = g (p, va_arg (v,int)); + va_end (v); + return s; +} + +/* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has + function prototypes and stuff, but not '\xHH' hex character constants. + These don't provoke an error unfortunately, instead are silently treated + as 'x'. The following induces an error, until -std is added to get + proper ANSI mode. Curiously '\x00'!='x' always comes out true, for an + array size at least. It's necessary to write '\x00'==0 to get something + that's true only with -std. */ +int osf4_cc_array ['\x00' == 0 ? 1 : -1]; + +/* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters + inside strings and character constants. */ +#define FOO(x) 'x' +int xlc6_cc_array[FOO(a) == 'x' ? 1 : -1]; + +int test (int i, double x); +struct s1 {int (*f) (int a);}; +struct s2 {int (*f) (double a);}; +int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int); +int argc; +char **argv; +int +main () +{ +return f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1]; + ; + return 0; +} +_ACEOF +for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std \ + -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__" +do + CC="$ac_save_CC $ac_arg" + if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_prog_cc_c89=$ac_arg +fi +rm -f core conftest.err conftest.$ac_objext + test "x$ac_cv_prog_cc_c89" != "xno" && break +done +rm -f conftest.$ac_ext +CC=$ac_save_CC + +fi +# AC_CACHE_VAL +case "x$ac_cv_prog_cc_c89" in + x) + { $as_echo "$as_me:${as_lineno-$LINENO}: result: none needed" >&5 +$as_echo "none needed" >&6; } ;; + xno) + { $as_echo "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5 +$as_echo "unsupported" >&6; } ;; + *) + CC="$CC $ac_cv_prog_cc_c89" + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5 +$as_echo "$ac_cv_prog_cc_c89" >&6; } ;; +esac +if test "x$ac_cv_prog_cc_c89" != xno; then : + +fi + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu +DEPDIR="${am__leading_dot}deps" + +ac_config_commands="$ac_config_commands depfiles" + + +am_make=${MAKE-make} +cat > confinc << 'END' +am__doit: + @echo this is the am__doit target +.PHONY: am__doit +END +# If we don't find an include directive, just comment out the code. +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for style of include used by $am_make" >&5 +$as_echo_n "checking for style of include used by $am_make... " >&6; } +am__include="#" +am__quote= +_am_result=none +# First try GNU make style include. +echo "include confinc" > confmf +# Ignore all kinds of additional output from `make'. +case `$am_make -s -f confmf 2> /dev/null` in #( +*the\ am__doit\ target*) + am__include=include + am__quote= + _am_result=GNU + ;; +esac +# Now try BSD make style include. +if test "$am__include" = "#"; then + echo '.include "confinc"' > confmf + case `$am_make -s -f confmf 2> /dev/null` in #( + *the\ am__doit\ target*) + am__include=.include + am__quote="\"" + _am_result=BSD + ;; + esac +fi + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $_am_result" >&5 +$as_echo "$_am_result" >&6; } +rm -f confinc confmf + +# Check whether --enable-dependency-tracking was given. +if test "${enable_dependency_tracking+set}" = set; then : + enableval=$enable_dependency_tracking; +fi + +if test "x$enable_dependency_tracking" != xno; then + am_depcomp="$ac_aux_dir/depcomp" + AMDEPBACKSLASH='\' + am__nodep='_no' +fi + if test "x$enable_dependency_tracking" != xno; then + AMDEP_TRUE= + AMDEP_FALSE='#' +else + AMDEP_TRUE='#' + AMDEP_FALSE= +fi + + + +depcc="$CC" am_compiler_list= + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking dependency style of $depcc" >&5 +$as_echo_n "checking dependency style of $depcc... " >&6; } +if ${am_cv_CC_dependencies_compiler_type+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then + # We make a subdir and do the tests there. Otherwise we can end up + # making bogus files that we don't know about and never remove. For + # instance it was reported that on HP-UX the gcc test will end up + # making a dummy file named `D' -- because `-MD' means `put the output + # in D'. + rm -rf conftest.dir + mkdir conftest.dir + # Copy depcomp to subdir because otherwise we won't find it if we're + # using a relative directory. + cp "$am_depcomp" conftest.dir + cd conftest.dir + # We will build objects and dependencies in a subdirectory because + # it helps to detect inapplicable dependency modes. For instance + # both Tru64's cc and ICC support -MD to output dependencies as a + # side effect of compilation, but ICC will put the dependencies in + # the current directory while Tru64 will put them in the object + # directory. + mkdir sub + + am_cv_CC_dependencies_compiler_type=none + if test "$am_compiler_list" = ""; then + am_compiler_list=`sed -n 's/^#*\([a-zA-Z0-9]*\))$/\1/p' < ./depcomp` + fi + am__universal=false + case " $depcc " in #( + *\ -arch\ *\ -arch\ *) am__universal=true ;; + esac + + for depmode in $am_compiler_list; do + # Setup a source with many dependencies, because some compilers + # like to wrap large dependency lists on column 80 (with \), and + # we should not choose a depcomp mode which is confused by this. + # + # We need to recreate these files for each test, as the compiler may + # overwrite some of them when testing with obscure command lines. + # This happens at least with the AIX C compiler. + : > sub/conftest.c + for i in 1 2 3 4 5 6; do + echo '#include "conftst'$i'.h"' >> sub/conftest.c + # Using `: > sub/conftst$i.h' creates only sub/conftst1.h with + # Solaris 8's {/usr,}/bin/sh. + touch sub/conftst$i.h + done + echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf + + # We check with `-c' and `-o' for the sake of the "dashmstdout" + # mode. It turns out that the SunPro C++ compiler does not properly + # handle `-M -o', and we need to detect this. Also, some Intel + # versions had trouble with output in subdirs + am__obj=sub/conftest.${OBJEXT-o} + am__minus_obj="-o $am__obj" + case $depmode in + gcc) + # This depmode causes a compiler race in universal mode. + test "$am__universal" = false || continue + ;; + nosideeffect) + # after this tag, mechanisms are not by side-effect, so they'll + # only be used when explicitly requested + if test "x$enable_dependency_tracking" = xyes; then + continue + else + break + fi + ;; + msvc7 | msvc7msys | msvisualcpp | msvcmsys) + # This compiler won't grok `-c -o', but also, the minuso test has + # not run yet. These depmodes are late enough in the game, and + # so weak that their functioning should not be impacted. + am__obj=conftest.${OBJEXT-o} + am__minus_obj= + ;; + none) break ;; + esac + if depmode=$depmode \ + source=sub/conftest.c object=$am__obj \ + depfile=sub/conftest.Po tmpdepfile=sub/conftest.TPo \ + $SHELL ./depcomp $depcc -c $am__minus_obj sub/conftest.c \ + >/dev/null 2>conftest.err && + grep sub/conftst1.h sub/conftest.Po > /dev/null 2>&1 && + grep sub/conftst6.h sub/conftest.Po > /dev/null 2>&1 && + grep $am__obj sub/conftest.Po > /dev/null 2>&1 && + ${MAKE-make} -s -f confmf > /dev/null 2>&1; then + # icc doesn't choke on unknown options, it will just issue warnings + # or remarks (even with -Werror). So we grep stderr for any message + # that says an option was ignored or not supported. + # When given -MP, icc 7.0 and 7.1 complain thusly: + # icc: Command line warning: ignoring option '-M'; no argument required + # The diagnosis changed in icc 8.0: + # icc: Command line remark: option '-MP' not supported + if (grep 'ignoring option' conftest.err || + grep 'not supported' conftest.err) >/dev/null 2>&1; then :; else + am_cv_CC_dependencies_compiler_type=$depmode + break + fi + fi + done + + cd .. + rm -rf conftest.dir +else + am_cv_CC_dependencies_compiler_type=none +fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_CC_dependencies_compiler_type" >&5 +$as_echo "$am_cv_CC_dependencies_compiler_type" >&6; } +CCDEPMODE=depmode=$am_cv_CC_dependencies_compiler_type + + if + test "x$enable_dependency_tracking" != xno \ + && test "$am_cv_CC_dependencies_compiler_type" = gcc3; then + am__fastdepCC_TRUE= + am__fastdepCC_FALSE='#' +else + am__fastdepCC_TRUE='#' + am__fastdepCC_FALSE= +fi + + + +# Checks for libraries. +case `pwd` in + *\ * | *\ *) + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Libtool does not cope well with whitespace in \`pwd\`" >&5 +$as_echo "$as_me: WARNING: Libtool does not cope well with whitespace in \`pwd\`" >&2;} ;; +esac + + + +macro_version='2.4.2' +macro_revision='1.3337' + + + + + + + + + + + + + +ltmain="$ac_aux_dir/ltmain.sh" + +# Make sure we can run config.sub. +$SHELL "$ac_aux_dir/config.sub" sun4 >/dev/null 2>&1 || + as_fn_error $? "cannot run $SHELL $ac_aux_dir/config.sub" "$LINENO" 5 + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking build system type" >&5 +$as_echo_n "checking build system type... " >&6; } +if ${ac_cv_build+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_build_alias=$build_alias +test "x$ac_build_alias" = x && + ac_build_alias=`$SHELL "$ac_aux_dir/config.guess"` +test "x$ac_build_alias" = x && + as_fn_error $? "cannot guess build type; you must specify one" "$LINENO" 5 +ac_cv_build=`$SHELL "$ac_aux_dir/config.sub" $ac_build_alias` || + as_fn_error $? "$SHELL $ac_aux_dir/config.sub $ac_build_alias failed" "$LINENO" 5 + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_build" >&5 +$as_echo "$ac_cv_build" >&6; } +case $ac_cv_build in +*-*-*) ;; +*) as_fn_error $? "invalid value of canonical build" "$LINENO" 5;; +esac +build=$ac_cv_build +ac_save_IFS=$IFS; IFS='-' +set x $ac_cv_build +shift +build_cpu=$1 +build_vendor=$2 +shift; shift +# Remember, the first character of IFS is used to create $*, +# except with old shells: +build_os=$* +IFS=$ac_save_IFS +case $build_os in *\ *) build_os=`echo "$build_os" | sed 's/ /-/g'`;; esac + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking host system type" >&5 +$as_echo_n "checking host system type... " >&6; } +if ${ac_cv_host+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test "x$host_alias" = x; then + ac_cv_host=$ac_cv_build +else + ac_cv_host=`$SHELL "$ac_aux_dir/config.sub" $host_alias` || + as_fn_error $? "$SHELL $ac_aux_dir/config.sub $host_alias failed" "$LINENO" 5 +fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_host" >&5 +$as_echo "$ac_cv_host" >&6; } +case $ac_cv_host in +*-*-*) ;; +*) as_fn_error $? "invalid value of canonical host" "$LINENO" 5;; +esac +host=$ac_cv_host +ac_save_IFS=$IFS; IFS='-' +set x $ac_cv_host +shift +host_cpu=$1 +host_vendor=$2 +shift; shift +# Remember, the first character of IFS is used to create $*, +# except with old shells: +host_os=$* +IFS=$ac_save_IFS +case $host_os in *\ *) host_os=`echo "$host_os" | sed 's/ /-/g'`;; esac + + +# Backslashify metacharacters that are still active within +# double-quoted strings. +sed_quote_subst='s/\(["`$\\]\)/\\\1/g' + +# Same as above, but do not quote variable references. +double_quote_subst='s/\(["`\\]\)/\\\1/g' + +# Sed substitution to delay expansion of an escaped shell variable in a +# double_quote_subst'ed string. +delay_variable_subst='s/\\\\\\\\\\\$/\\\\\\$/g' + +# Sed substitution to delay expansion of an escaped single quote. +delay_single_quote_subst='s/'\''/'\'\\\\\\\'\''/g' + +# Sed substitution to avoid accidental globbing in evaled expressions +no_glob_subst='s/\*/\\\*/g' + +ECHO='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' +ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO +ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO$ECHO + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to print strings" >&5 +$as_echo_n "checking how to print strings... " >&6; } +# Test print first, because it will be a builtin if present. +if test "X`( print -r -- -n ) 2>/dev/null`" = X-n && \ + test "X`print -r -- $ECHO 2>/dev/null`" = "X$ECHO"; then + ECHO='print -r --' +elif test "X`printf %s $ECHO 2>/dev/null`" = "X$ECHO"; then + ECHO='printf %s\n' +else + # Use this function as a fallback that always works. + func_fallback_echo () + { + eval 'cat <<_LTECHO_EOF +$1 +_LTECHO_EOF' + } + ECHO='func_fallback_echo' +fi + +# func_echo_all arg... +# Invoke $ECHO with all args, space-separated. +func_echo_all () +{ + $ECHO "" +} + +case "$ECHO" in + printf*) { $as_echo "$as_me:${as_lineno-$LINENO}: result: printf" >&5 +$as_echo "printf" >&6; } ;; + print*) { $as_echo "$as_me:${as_lineno-$LINENO}: result: print -r" >&5 +$as_echo "print -r" >&6; } ;; + *) { $as_echo "$as_me:${as_lineno-$LINENO}: result: cat" >&5 +$as_echo "cat" >&6; } ;; +esac + + + + + + + + + + + + + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a sed that does not truncate output" >&5 +$as_echo_n "checking for a sed that does not truncate output... " >&6; } +if ${ac_cv_path_SED+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_script=s/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb/ + for ac_i in 1 2 3 4 5 6 7; do + ac_script="$ac_script$as_nl$ac_script" + done + echo "$ac_script" 2>/dev/null | sed 99q >conftest.sed + { ac_script=; unset ac_script;} + if test -z "$SED"; then + ac_path_SED_found=false + # Loop through the user's path and test for each of PROGNAME-LIST + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_prog in sed gsed; do + for ac_exec_ext in '' $ac_executable_extensions; do + ac_path_SED="$as_dir/$ac_prog$ac_exec_ext" + { test -f "$ac_path_SED" && $as_test_x "$ac_path_SED"; } || continue +# Check for GNU ac_path_SED and select it if it is found. + # Check for GNU $ac_path_SED +case `"$ac_path_SED" --version 2>&1` in +*GNU*) + ac_cv_path_SED="$ac_path_SED" ac_path_SED_found=:;; +*) + ac_count=0 + $as_echo_n 0123456789 >"conftest.in" + while : + do + cat "conftest.in" "conftest.in" >"conftest.tmp" + mv "conftest.tmp" "conftest.in" + cp "conftest.in" "conftest.nl" + $as_echo '' >> "conftest.nl" + "$ac_path_SED" -f conftest.sed < "conftest.nl" >"conftest.out" 2>/dev/null || break + diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break + as_fn_arith $ac_count + 1 && ac_count=$as_val + if test $ac_count -gt ${ac_path_SED_max-0}; then + # Best one so far, save it but keep looking for a better one + ac_cv_path_SED="$ac_path_SED" + ac_path_SED_max=$ac_count + fi + # 10*(2^10) chars as input seems more than enough + test $ac_count -gt 10 && break + done + rm -f conftest.in conftest.tmp conftest.nl conftest.out;; +esac + + $ac_path_SED_found && break 3 + done + done + done +IFS=$as_save_IFS + if test -z "$ac_cv_path_SED"; then + as_fn_error $? "no acceptable sed could be found in \$PATH" "$LINENO" 5 + fi +else + ac_cv_path_SED=$SED +fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_SED" >&5 +$as_echo "$ac_cv_path_SED" >&6; } + SED="$ac_cv_path_SED" + rm -f conftest.sed + +test -z "$SED" && SED=sed +Xsed="$SED -e 1s/^X//" + + + + + + + + + + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for grep that handles long lines and -e" >&5 +$as_echo_n "checking for grep that handles long lines and -e... " >&6; } +if ${ac_cv_path_GREP+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -z "$GREP"; then + ac_path_GREP_found=false + # Loop through the user's path and test for each of PROGNAME-LIST + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_prog in grep ggrep; do + for ac_exec_ext in '' $ac_executable_extensions; do + ac_path_GREP="$as_dir/$ac_prog$ac_exec_ext" + { test -f "$ac_path_GREP" && $as_test_x "$ac_path_GREP"; } || continue +# Check for GNU ac_path_GREP and select it if it is found. + # Check for GNU $ac_path_GREP +case `"$ac_path_GREP" --version 2>&1` in +*GNU*) + ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_found=:;; +*) + ac_count=0 + $as_echo_n 0123456789 >"conftest.in" + while : + do + cat "conftest.in" "conftest.in" >"conftest.tmp" + mv "conftest.tmp" "conftest.in" + cp "conftest.in" "conftest.nl" + $as_echo 'GREP' >> "conftest.nl" + "$ac_path_GREP" -e 'GREP$' -e '-(cannot match)-' < "conftest.nl" >"conftest.out" 2>/dev/null || break + diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break + as_fn_arith $ac_count + 1 && ac_count=$as_val + if test $ac_count -gt ${ac_path_GREP_max-0}; then + # Best one so far, save it but keep looking for a better one + ac_cv_path_GREP="$ac_path_GREP" + ac_path_GREP_max=$ac_count + fi + # 10*(2^10) chars as input seems more than enough + test $ac_count -gt 10 && break + done + rm -f conftest.in conftest.tmp conftest.nl conftest.out;; +esac + + $ac_path_GREP_found && break 3 + done + done + done +IFS=$as_save_IFS + if test -z "$ac_cv_path_GREP"; then + as_fn_error $? "no acceptable grep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 + fi +else + ac_cv_path_GREP=$GREP +fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_GREP" >&5 +$as_echo "$ac_cv_path_GREP" >&6; } + GREP="$ac_cv_path_GREP" + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for egrep" >&5 +$as_echo_n "checking for egrep... " >&6; } +if ${ac_cv_path_EGREP+:} false; then : + $as_echo_n "(cached) " >&6 +else + if echo a | $GREP -E '(a|b)' >/dev/null 2>&1 + then ac_cv_path_EGREP="$GREP -E" + else + if test -z "$EGREP"; then + ac_path_EGREP_found=false + # Loop through the user's path and test for each of PROGNAME-LIST + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_prog in egrep; do + for ac_exec_ext in '' $ac_executable_extensions; do + ac_path_EGREP="$as_dir/$ac_prog$ac_exec_ext" + { test -f "$ac_path_EGREP" && $as_test_x "$ac_path_EGREP"; } || continue +# Check for GNU ac_path_EGREP and select it if it is found. + # Check for GNU $ac_path_EGREP +case `"$ac_path_EGREP" --version 2>&1` in +*GNU*) + ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_found=:;; +*) + ac_count=0 + $as_echo_n 0123456789 >"conftest.in" + while : + do + cat "conftest.in" "conftest.in" >"conftest.tmp" + mv "conftest.tmp" "conftest.in" + cp "conftest.in" "conftest.nl" + $as_echo 'EGREP' >> "conftest.nl" + "$ac_path_EGREP" 'EGREP$' < "conftest.nl" >"conftest.out" 2>/dev/null || break + diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break + as_fn_arith $ac_count + 1 && ac_count=$as_val + if test $ac_count -gt ${ac_path_EGREP_max-0}; then + # Best one so far, save it but keep looking for a better one + ac_cv_path_EGREP="$ac_path_EGREP" + ac_path_EGREP_max=$ac_count + fi + # 10*(2^10) chars as input seems more than enough + test $ac_count -gt 10 && break + done + rm -f conftest.in conftest.tmp conftest.nl conftest.out;; +esac + + $ac_path_EGREP_found && break 3 + done + done + done +IFS=$as_save_IFS + if test -z "$ac_cv_path_EGREP"; then + as_fn_error $? "no acceptable egrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 + fi +else + ac_cv_path_EGREP=$EGREP +fi + + fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_EGREP" >&5 +$as_echo "$ac_cv_path_EGREP" >&6; } + EGREP="$ac_cv_path_EGREP" + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for fgrep" >&5 +$as_echo_n "checking for fgrep... " >&6; } +if ${ac_cv_path_FGREP+:} false; then : + $as_echo_n "(cached) " >&6 +else + if echo 'ab*c' | $GREP -F 'ab*c' >/dev/null 2>&1 + then ac_cv_path_FGREP="$GREP -F" + else + if test -z "$FGREP"; then + ac_path_FGREP_found=false + # Loop through the user's path and test for each of PROGNAME-LIST + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_prog in fgrep; do + for ac_exec_ext in '' $ac_executable_extensions; do + ac_path_FGREP="$as_dir/$ac_prog$ac_exec_ext" + { test -f "$ac_path_FGREP" && $as_test_x "$ac_path_FGREP"; } || continue +# Check for GNU ac_path_FGREP and select it if it is found. + # Check for GNU $ac_path_FGREP +case `"$ac_path_FGREP" --version 2>&1` in +*GNU*) + ac_cv_path_FGREP="$ac_path_FGREP" ac_path_FGREP_found=:;; +*) + ac_count=0 + $as_echo_n 0123456789 >"conftest.in" + while : + do + cat "conftest.in" "conftest.in" >"conftest.tmp" + mv "conftest.tmp" "conftest.in" + cp "conftest.in" "conftest.nl" + $as_echo 'FGREP' >> "conftest.nl" + "$ac_path_FGREP" FGREP < "conftest.nl" >"conftest.out" 2>/dev/null || break + diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break + as_fn_arith $ac_count + 1 && ac_count=$as_val + if test $ac_count -gt ${ac_path_FGREP_max-0}; then + # Best one so far, save it but keep looking for a better one + ac_cv_path_FGREP="$ac_path_FGREP" + ac_path_FGREP_max=$ac_count + fi + # 10*(2^10) chars as input seems more than enough + test $ac_count -gt 10 && break + done + rm -f conftest.in conftest.tmp conftest.nl conftest.out;; +esac + + $ac_path_FGREP_found && break 3 + done + done + done +IFS=$as_save_IFS + if test -z "$ac_cv_path_FGREP"; then + as_fn_error $? "no acceptable fgrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 + fi +else + ac_cv_path_FGREP=$FGREP +fi + + fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_FGREP" >&5 +$as_echo "$ac_cv_path_FGREP" >&6; } + FGREP="$ac_cv_path_FGREP" + + +test -z "$GREP" && GREP=grep + + + + + + + + + + + + + + + + + + + +# Check whether --with-gnu-ld was given. +if test "${with_gnu_ld+set}" = set; then : + withval=$with_gnu_ld; test "$withval" = no || with_gnu_ld=yes +else + with_gnu_ld=no +fi + +ac_prog=ld +if test "$GCC" = yes; then + # Check if gcc -print-prog-name=ld gives a path. + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ld used by $CC" >&5 +$as_echo_n "checking for ld used by $CC... " >&6; } + case $host in + *-*-mingw*) + # gcc leaves a trailing carriage return which upsets mingw + ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;; + *) + ac_prog=`($CC -print-prog-name=ld) 2>&5` ;; + esac + case $ac_prog in + # Accept absolute paths. + [\\/]* | ?:[\\/]*) + re_direlt='/[^/][^/]*/\.\./' + # Canonicalize the pathname of ld + ac_prog=`$ECHO "$ac_prog"| $SED 's%\\\\%/%g'` + while $ECHO "$ac_prog" | $GREP "$re_direlt" > /dev/null 2>&1; do + ac_prog=`$ECHO $ac_prog| $SED "s%$re_direlt%/%"` + done + test -z "$LD" && LD="$ac_prog" + ;; + "") + # If it fails, then pretend we aren't using GCC. + ac_prog=ld + ;; + *) + # If it is relative, then search for the first ld in PATH. + with_gnu_ld=unknown + ;; + esac +elif test "$with_gnu_ld" = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for GNU ld" >&5 +$as_echo_n "checking for GNU ld... " >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for non-GNU ld" >&5 +$as_echo_n "checking for non-GNU ld... " >&6; } +fi +if ${lt_cv_path_LD+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -z "$LD"; then + lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR + for ac_dir in $PATH; do + IFS="$lt_save_ifs" + test -z "$ac_dir" && ac_dir=. + if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then + lt_cv_path_LD="$ac_dir/$ac_prog" + # Check to see if the program is GNU ld. I'd rather use --version, + # but apparently some variants of GNU ld only accept -v. + # Break only if it was the GNU/non-GNU ld that we prefer. + case `"$lt_cv_path_LD" -v 2>&1 &5 +$as_echo "$LD" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi +test -z "$LD" && as_fn_error $? "no acceptable ld found in \$PATH" "$LINENO" 5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if the linker ($LD) is GNU ld" >&5 +$as_echo_n "checking if the linker ($LD) is GNU ld... " >&6; } +if ${lt_cv_prog_gnu_ld+:} false; then : + $as_echo_n "(cached) " >&6 +else + # I'd rather use --version here, but apparently some GNU lds only accept -v. +case `$LD -v 2>&1 &5 +$as_echo "$lt_cv_prog_gnu_ld" >&6; } +with_gnu_ld=$lt_cv_prog_gnu_ld + + + + + + + + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for BSD- or MS-compatible name lister (nm)" >&5 +$as_echo_n "checking for BSD- or MS-compatible name lister (nm)... " >&6; } +if ${lt_cv_path_NM+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$NM"; then + # Let the user override the test. + lt_cv_path_NM="$NM" +else + lt_nm_to_check="${ac_tool_prefix}nm" + if test -n "$ac_tool_prefix" && test "$build" = "$host"; then + lt_nm_to_check="$lt_nm_to_check nm" + fi + for lt_tmp_nm in $lt_nm_to_check; do + lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR + for ac_dir in $PATH /usr/ccs/bin/elf /usr/ccs/bin /usr/ucb /bin; do + IFS="$lt_save_ifs" + test -z "$ac_dir" && ac_dir=. + tmp_nm="$ac_dir/$lt_tmp_nm" + if test -f "$tmp_nm" || test -f "$tmp_nm$ac_exeext" ; then + # Check to see if the nm accepts a BSD-compat flag. + # Adding the `sed 1q' prevents false positives on HP-UX, which says: + # nm: unknown option "B" ignored + # Tru64's nm complains that /dev/null is an invalid object file + case `"$tmp_nm" -B /dev/null 2>&1 | sed '1q'` in + */dev/null* | *'Invalid file or object type'*) + lt_cv_path_NM="$tmp_nm -B" + break + ;; + *) + case `"$tmp_nm" -p /dev/null 2>&1 | sed '1q'` in + */dev/null*) + lt_cv_path_NM="$tmp_nm -p" + break + ;; + *) + lt_cv_path_NM=${lt_cv_path_NM="$tmp_nm"} # keep the first match, but + continue # so that we can try to find one that supports BSD flags + ;; + esac + ;; + esac + fi + done + IFS="$lt_save_ifs" + done + : ${lt_cv_path_NM=no} +fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_path_NM" >&5 +$as_echo "$lt_cv_path_NM" >&6; } +if test "$lt_cv_path_NM" != "no"; then + NM="$lt_cv_path_NM" +else + # Didn't find any BSD compatible name lister, look for dumpbin. + if test -n "$DUMPBIN"; then : + # Let the user override the test. + else + if test -n "$ac_tool_prefix"; then + for ac_prog in dumpbin "link -dump" + do + # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. +set dummy $ac_tool_prefix$ac_prog; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_DUMPBIN+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$DUMPBIN"; then + ac_cv_prog_DUMPBIN="$DUMPBIN" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_DUMPBIN="$ac_tool_prefix$ac_prog" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +DUMPBIN=$ac_cv_prog_DUMPBIN +if test -n "$DUMPBIN"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $DUMPBIN" >&5 +$as_echo "$DUMPBIN" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + test -n "$DUMPBIN" && break + done +fi +if test -z "$DUMPBIN"; then + ac_ct_DUMPBIN=$DUMPBIN + for ac_prog in dumpbin "link -dump" +do + # Extract the first word of "$ac_prog", so it can be a program name with args. +set dummy $ac_prog; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_DUMPBIN+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_DUMPBIN"; then + ac_cv_prog_ac_ct_DUMPBIN="$ac_ct_DUMPBIN" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_ac_ct_DUMPBIN="$ac_prog" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_DUMPBIN=$ac_cv_prog_ac_ct_DUMPBIN +if test -n "$ac_ct_DUMPBIN"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_DUMPBIN" >&5 +$as_echo "$ac_ct_DUMPBIN" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + test -n "$ac_ct_DUMPBIN" && break +done + + if test "x$ac_ct_DUMPBIN" = x; then + DUMPBIN=":" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + DUMPBIN=$ac_ct_DUMPBIN + fi +fi + + case `$DUMPBIN -symbols /dev/null 2>&1 | sed '1q'` in + *COFF*) + DUMPBIN="$DUMPBIN -symbols" + ;; + *) + DUMPBIN=: + ;; + esac + fi + + if test "$DUMPBIN" != ":"; then + NM="$DUMPBIN" + fi +fi +test -z "$NM" && NM=nm + + + + + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking the name lister ($NM) interface" >&5 +$as_echo_n "checking the name lister ($NM) interface... " >&6; } +if ${lt_cv_nm_interface+:} false; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_nm_interface="BSD nm" + echo "int some_variable = 0;" > conftest.$ac_ext + (eval echo "\"\$as_me:$LINENO: $ac_compile\"" >&5) + (eval "$ac_compile" 2>conftest.err) + cat conftest.err >&5 + (eval echo "\"\$as_me:$LINENO: $NM \\\"conftest.$ac_objext\\\"\"" >&5) + (eval "$NM \"conftest.$ac_objext\"" 2>conftest.err > conftest.out) + cat conftest.err >&5 + (eval echo "\"\$as_me:$LINENO: output\"" >&5) + cat conftest.out >&5 + if $GREP 'External.*some_variable' conftest.out > /dev/null; then + lt_cv_nm_interface="MS dumpbin" + fi + rm -f conftest* +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_nm_interface" >&5 +$as_echo "$lt_cv_nm_interface" >&6; } + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ln -s works" >&5 +$as_echo_n "checking whether ln -s works... " >&6; } +LN_S=$as_ln_s +if test "$LN_S" = "ln -s"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no, using $LN_S" >&5 +$as_echo "no, using $LN_S" >&6; } +fi + +# find the maximum length of command line arguments +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking the maximum length of command line arguments" >&5 +$as_echo_n "checking the maximum length of command line arguments... " >&6; } +if ${lt_cv_sys_max_cmd_len+:} false; then : + $as_echo_n "(cached) " >&6 +else + i=0 + teststring="ABCD" + + case $build_os in + msdosdjgpp*) + # On DJGPP, this test can blow up pretty badly due to problems in libc + # (any single argument exceeding 2000 bytes causes a buffer overrun + # during glob expansion). Even if it were fixed, the result of this + # check would be larger than it should be. + lt_cv_sys_max_cmd_len=12288; # 12K is about right + ;; + + gnu*) + # Under GNU Hurd, this test is not required because there is + # no limit to the length of command line arguments. + # Libtool will interpret -1 as no limit whatsoever + lt_cv_sys_max_cmd_len=-1; + ;; + + cygwin* | mingw* | cegcc*) + # On Win9x/ME, this test blows up -- it succeeds, but takes + # about 5 minutes as the teststring grows exponentially. + # Worse, since 9x/ME are not pre-emptively multitasking, + # you end up with a "frozen" computer, even though with patience + # the test eventually succeeds (with a max line length of 256k). + # Instead, let's just punt: use the minimum linelength reported by + # all of the supported platforms: 8192 (on NT/2K/XP). + lt_cv_sys_max_cmd_len=8192; + ;; + + mint*) + # On MiNT this can take a long time and run out of memory. + lt_cv_sys_max_cmd_len=8192; + ;; + + amigaos*) + # On AmigaOS with pdksh, this test takes hours, literally. + # So we just punt and use a minimum line length of 8192. + lt_cv_sys_max_cmd_len=8192; + ;; + + netbsd* | freebsd* | openbsd* | darwin* | dragonfly*) + # This has been around since 386BSD, at least. Likely further. + if test -x /sbin/sysctl; then + lt_cv_sys_max_cmd_len=`/sbin/sysctl -n kern.argmax` + elif test -x /usr/sbin/sysctl; then + lt_cv_sys_max_cmd_len=`/usr/sbin/sysctl -n kern.argmax` + else + lt_cv_sys_max_cmd_len=65536 # usable default for all BSDs + fi + # And add a safety zone + lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4` + lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3` + ;; + + interix*) + # We know the value 262144 and hardcode it with a safety zone (like BSD) + lt_cv_sys_max_cmd_len=196608 + ;; + + os2*) + # The test takes a long time on OS/2. + lt_cv_sys_max_cmd_len=8192 + ;; + + osf*) + # Dr. Hans Ekkehard Plesser reports seeing a kernel panic running configure + # due to this test when exec_disable_arg_limit is 1 on Tru64. It is not + # nice to cause kernel panics so lets avoid the loop below. + # First set a reasonable default. + lt_cv_sys_max_cmd_len=16384 + # + if test -x /sbin/sysconfig; then + case `/sbin/sysconfig -q proc exec_disable_arg_limit` in + *1*) lt_cv_sys_max_cmd_len=-1 ;; + esac + fi + ;; + sco3.2v5*) + lt_cv_sys_max_cmd_len=102400 + ;; + sysv5* | sco5v6* | sysv4.2uw2*) + kargmax=`grep ARG_MAX /etc/conf/cf.d/stune 2>/dev/null` + if test -n "$kargmax"; then + lt_cv_sys_max_cmd_len=`echo $kargmax | sed 's/.*[ ]//'` + else + lt_cv_sys_max_cmd_len=32768 + fi + ;; + *) + lt_cv_sys_max_cmd_len=`(getconf ARG_MAX) 2> /dev/null` + if test -n "$lt_cv_sys_max_cmd_len"; then + lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4` + lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3` + else + # Make teststring a little bigger before we do anything with it. + # a 1K string should be a reasonable start. + for i in 1 2 3 4 5 6 7 8 ; do + teststring=$teststring$teststring + done + SHELL=${SHELL-${CONFIG_SHELL-/bin/sh}} + # If test is not a shell built-in, we'll probably end up computing a + # maximum length that is only half of the actual maximum length, but + # we can't tell. + while { test "X"`env echo "$teststring$teststring" 2>/dev/null` \ + = "X$teststring$teststring"; } >/dev/null 2>&1 && + test $i != 17 # 1/2 MB should be enough + do + i=`expr $i + 1` + teststring=$teststring$teststring + done + # Only check the string length outside the loop. + lt_cv_sys_max_cmd_len=`expr "X$teststring" : ".*" 2>&1` + teststring= + # Add a significant safety factor because C++ compilers can tack on + # massive amounts of additional arguments before passing them to the + # linker. It appears as though 1/2 is a usable value. + lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 2` + fi + ;; + esac + +fi + +if test -n $lt_cv_sys_max_cmd_len ; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_sys_max_cmd_len" >&5 +$as_echo "$lt_cv_sys_max_cmd_len" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: none" >&5 +$as_echo "none" >&6; } +fi +max_cmd_len=$lt_cv_sys_max_cmd_len + + + + + + +: ${CP="cp -f"} +: ${MV="mv -f"} +: ${RM="rm -f"} + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the shell understands some XSI constructs" >&5 +$as_echo_n "checking whether the shell understands some XSI constructs... " >&6; } +# Try some XSI features +xsi_shell=no +( _lt_dummy="a/b/c" + test "${_lt_dummy##*/},${_lt_dummy%/*},${_lt_dummy#??}"${_lt_dummy%"$_lt_dummy"}, \ + = c,a/b,b/c, \ + && eval 'test $(( 1 + 1 )) -eq 2 \ + && test "${#_lt_dummy}" -eq 5' ) >/dev/null 2>&1 \ + && xsi_shell=yes +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $xsi_shell" >&5 +$as_echo "$xsi_shell" >&6; } + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the shell understands \"+=\"" >&5 +$as_echo_n "checking whether the shell understands \"+=\"... " >&6; } +lt_shell_append=no +( foo=bar; set foo baz; eval "$1+=\$2" && test "$foo" = barbaz ) \ + >/dev/null 2>&1 \ + && lt_shell_append=yes +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_shell_append" >&5 +$as_echo "$lt_shell_append" >&6; } + + +if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then + lt_unset=unset +else + lt_unset=false +fi + + + + + +# test EBCDIC or ASCII +case `echo X|tr X '\101'` in + A) # ASCII based system + # \n is not interpreted correctly by Solaris 8 /usr/ucb/tr + lt_SP2NL='tr \040 \012' + lt_NL2SP='tr \015\012 \040\040' + ;; + *) # EBCDIC based system + lt_SP2NL='tr \100 \n' + lt_NL2SP='tr \r\n \100\100' + ;; +esac + + + + + + + + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to convert $build file names to $host format" >&5 +$as_echo_n "checking how to convert $build file names to $host format... " >&6; } +if ${lt_cv_to_host_file_cmd+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $host in + *-*-mingw* ) + case $build in + *-*-mingw* ) # actually msys + lt_cv_to_host_file_cmd=func_convert_file_msys_to_w32 + ;; + *-*-cygwin* ) + lt_cv_to_host_file_cmd=func_convert_file_cygwin_to_w32 + ;; + * ) # otherwise, assume *nix + lt_cv_to_host_file_cmd=func_convert_file_nix_to_w32 + ;; + esac + ;; + *-*-cygwin* ) + case $build in + *-*-mingw* ) # actually msys + lt_cv_to_host_file_cmd=func_convert_file_msys_to_cygwin + ;; + *-*-cygwin* ) + lt_cv_to_host_file_cmd=func_convert_file_noop + ;; + * ) # otherwise, assume *nix + lt_cv_to_host_file_cmd=func_convert_file_nix_to_cygwin + ;; + esac + ;; + * ) # unhandled hosts (and "normal" native builds) + lt_cv_to_host_file_cmd=func_convert_file_noop + ;; +esac + +fi + +to_host_file_cmd=$lt_cv_to_host_file_cmd +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_to_host_file_cmd" >&5 +$as_echo "$lt_cv_to_host_file_cmd" >&6; } + + + + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to convert $build file names to toolchain format" >&5 +$as_echo_n "checking how to convert $build file names to toolchain format... " >&6; } +if ${lt_cv_to_tool_file_cmd+:} false; then : + $as_echo_n "(cached) " >&6 +else + #assume ordinary cross tools, or native build. +lt_cv_to_tool_file_cmd=func_convert_file_noop +case $host in + *-*-mingw* ) + case $build in + *-*-mingw* ) # actually msys + lt_cv_to_tool_file_cmd=func_convert_file_msys_to_w32 + ;; + esac + ;; +esac + +fi + +to_tool_file_cmd=$lt_cv_to_tool_file_cmd +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_to_tool_file_cmd" >&5 +$as_echo "$lt_cv_to_tool_file_cmd" >&6; } + + + + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $LD option to reload object files" >&5 +$as_echo_n "checking for $LD option to reload object files... " >&6; } +if ${lt_cv_ld_reload_flag+:} false; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_ld_reload_flag='-r' +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_reload_flag" >&5 +$as_echo "$lt_cv_ld_reload_flag" >&6; } +reload_flag=$lt_cv_ld_reload_flag +case $reload_flag in +"" | " "*) ;; +*) reload_flag=" $reload_flag" ;; +esac +reload_cmds='$LD$reload_flag -o $output$reload_objs' +case $host_os in + cygwin* | mingw* | pw32* | cegcc*) + if test "$GCC" != yes; then + reload_cmds=false + fi + ;; + darwin*) + if test "$GCC" = yes; then + reload_cmds='$LTCC $LTCFLAGS -nostdlib ${wl}-r -o $output$reload_objs' + else + reload_cmds='$LD$reload_flag -o $output$reload_objs' + fi + ;; +esac + + + + + + + + + +if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}objdump", so it can be a program name with args. +set dummy ${ac_tool_prefix}objdump; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_OBJDUMP+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$OBJDUMP"; then + ac_cv_prog_OBJDUMP="$OBJDUMP" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_OBJDUMP="${ac_tool_prefix}objdump" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +OBJDUMP=$ac_cv_prog_OBJDUMP +if test -n "$OBJDUMP"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $OBJDUMP" >&5 +$as_echo "$OBJDUMP" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_OBJDUMP"; then + ac_ct_OBJDUMP=$OBJDUMP + # Extract the first word of "objdump", so it can be a program name with args. +set dummy objdump; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_OBJDUMP+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_OBJDUMP"; then + ac_cv_prog_ac_ct_OBJDUMP="$ac_ct_OBJDUMP" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_ac_ct_OBJDUMP="objdump" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_OBJDUMP=$ac_cv_prog_ac_ct_OBJDUMP +if test -n "$ac_ct_OBJDUMP"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OBJDUMP" >&5 +$as_echo "$ac_ct_OBJDUMP" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_ct_OBJDUMP" = x; then + OBJDUMP="false" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + OBJDUMP=$ac_ct_OBJDUMP + fi +else + OBJDUMP="$ac_cv_prog_OBJDUMP" +fi + +test -z "$OBJDUMP" && OBJDUMP=objdump + + + + + + + + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to recognize dependent libraries" >&5 +$as_echo_n "checking how to recognize dependent libraries... " >&6; } +if ${lt_cv_deplibs_check_method+:} false; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_file_magic_cmd='$MAGIC_CMD' +lt_cv_file_magic_test_file= +lt_cv_deplibs_check_method='unknown' +# Need to set the preceding variable on all platforms that support +# interlibrary dependencies. +# 'none' -- dependencies not supported. +# `unknown' -- same as none, but documents that we really don't know. +# 'pass_all' -- all dependencies passed with no checks. +# 'test_compile' -- check by making test program. +# 'file_magic [[regex]]' -- check by looking for files in library path +# which responds to the $file_magic_cmd with a given extended regex. +# If you have `file' or equivalent on your system and you're not sure +# whether `pass_all' will *always* work, you probably want this one. + +case $host_os in +aix[4-9]*) + lt_cv_deplibs_check_method=pass_all + ;; + +beos*) + lt_cv_deplibs_check_method=pass_all + ;; + +bsdi[45]*) + lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (shared object|dynamic lib)' + lt_cv_file_magic_cmd='/usr/bin/file -L' + lt_cv_file_magic_test_file=/shlib/libc.so + ;; + +cygwin*) + # func_win32_libid is a shell function defined in ltmain.sh + lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL' + lt_cv_file_magic_cmd='func_win32_libid' + ;; + +mingw* | pw32*) + # Base MSYS/MinGW do not provide the 'file' command needed by + # func_win32_libid shell function, so use a weaker test based on 'objdump', + # unless we find 'file', for example because we are cross-compiling. + # func_win32_libid assumes BSD nm, so disallow it if using MS dumpbin. + if ( test "$lt_cv_nm_interface" = "BSD nm" && file / ) >/dev/null 2>&1; then + lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL' + lt_cv_file_magic_cmd='func_win32_libid' + else + # Keep this pattern in sync with the one in func_win32_libid. + lt_cv_deplibs_check_method='file_magic file format (pei*-i386(.*architecture: i386)?|pe-arm-wince|pe-x86-64)' + lt_cv_file_magic_cmd='$OBJDUMP -f' + fi + ;; + +cegcc*) + # use the weaker test based on 'objdump'. See mingw*. + lt_cv_deplibs_check_method='file_magic file format pe-arm-.*little(.*architecture: arm)?' + lt_cv_file_magic_cmd='$OBJDUMP -f' + ;; + +darwin* | rhapsody*) + lt_cv_deplibs_check_method=pass_all + ;; + +freebsd* | dragonfly*) + if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then + case $host_cpu in + i*86 ) + # Not sure whether the presence of OpenBSD here was a mistake. + # Let's accept both of them until this is cleared up. + lt_cv_deplibs_check_method='file_magic (FreeBSD|OpenBSD|DragonFly)/i[3-9]86 (compact )?demand paged shared library' + lt_cv_file_magic_cmd=/usr/bin/file + lt_cv_file_magic_test_file=`echo /usr/lib/libc.so.*` + ;; + esac + else + lt_cv_deplibs_check_method=pass_all + fi + ;; + +gnu*) + lt_cv_deplibs_check_method=pass_all + ;; + +haiku*) + lt_cv_deplibs_check_method=pass_all + ;; + +hpux10.20* | hpux11*) + lt_cv_file_magic_cmd=/usr/bin/file + case $host_cpu in + ia64*) + lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF-[0-9][0-9]) shared object file - IA64' + lt_cv_file_magic_test_file=/usr/lib/hpux32/libc.so + ;; + hppa*64*) + lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF[ -][0-9][0-9])(-bit)?( [LM]SB)? shared object( file)?[, -]* PA-RISC [0-9]\.[0-9]' + lt_cv_file_magic_test_file=/usr/lib/pa20_64/libc.sl + ;; + *) + lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|PA-RISC[0-9]\.[0-9]) shared library' + lt_cv_file_magic_test_file=/usr/lib/libc.sl + ;; + esac + ;; + +interix[3-9]*) + # PIC code is broken on Interix 3.x, that's why |\.a not |_pic\.a here + lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so|\.a)$' + ;; + +irix5* | irix6* | nonstopux*) + case $LD in + *-32|*"-32 ") libmagic=32-bit;; + *-n32|*"-n32 ") libmagic=N32;; + *-64|*"-64 ") libmagic=64-bit;; + *) libmagic=never-match;; + esac + lt_cv_deplibs_check_method=pass_all + ;; + +# This must be glibc/ELF. +linux* | k*bsd*-gnu | kopensolaris*-gnu) + lt_cv_deplibs_check_method=pass_all + ;; + +netbsd*) + if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then + lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|_pic\.a)$' + else + lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so|_pic\.a)$' + fi + ;; + +newos6*) + lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (executable|dynamic lib)' + lt_cv_file_magic_cmd=/usr/bin/file + lt_cv_file_magic_test_file=/usr/lib/libnls.so + ;; + +*nto* | *qnx*) + lt_cv_deplibs_check_method=pass_all + ;; + +openbsd*) + if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then + lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|\.so|_pic\.a)$' + else + lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|_pic\.a)$' + fi + ;; + +osf3* | osf4* | osf5*) + lt_cv_deplibs_check_method=pass_all + ;; + +rdos*) + lt_cv_deplibs_check_method=pass_all + ;; + +solaris*) + lt_cv_deplibs_check_method=pass_all + ;; + +sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*) + lt_cv_deplibs_check_method=pass_all + ;; + +sysv4 | sysv4.3*) + case $host_vendor in + motorola) + lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (shared object|dynamic lib) M[0-9][0-9]* Version [0-9]' + lt_cv_file_magic_test_file=`echo /usr/lib/libc.so*` + ;; + ncr) + lt_cv_deplibs_check_method=pass_all + ;; + sequent) + lt_cv_file_magic_cmd='/bin/file' + lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [LM]SB (shared object|dynamic lib )' + ;; + sni) + lt_cv_file_magic_cmd='/bin/file' + lt_cv_deplibs_check_method="file_magic ELF [0-9][0-9]*-bit [LM]SB dynamic lib" + lt_cv_file_magic_test_file=/lib/libc.so + ;; + siemens) + lt_cv_deplibs_check_method=pass_all + ;; + pc) + lt_cv_deplibs_check_method=pass_all + ;; + esac + ;; + +tpf*) + lt_cv_deplibs_check_method=pass_all + ;; +esac + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_deplibs_check_method" >&5 +$as_echo "$lt_cv_deplibs_check_method" >&6; } + +file_magic_glob= +want_nocaseglob=no +if test "$build" = "$host"; then + case $host_os in + mingw* | pw32*) + if ( shopt | grep nocaseglob ) >/dev/null 2>&1; then + want_nocaseglob=yes + else + file_magic_glob=`echo aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ | $SED -e "s/\(..\)/s\/[\1]\/[\1]\/g;/g"` + fi + ;; + esac +fi + +file_magic_cmd=$lt_cv_file_magic_cmd +deplibs_check_method=$lt_cv_deplibs_check_method +test -z "$deplibs_check_method" && deplibs_check_method=unknown + + + + + + + + + + + + + + + + + + + + + + +if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}dlltool", so it can be a program name with args. +set dummy ${ac_tool_prefix}dlltool; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_DLLTOOL+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$DLLTOOL"; then + ac_cv_prog_DLLTOOL="$DLLTOOL" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_DLLTOOL="${ac_tool_prefix}dlltool" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +DLLTOOL=$ac_cv_prog_DLLTOOL +if test -n "$DLLTOOL"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $DLLTOOL" >&5 +$as_echo "$DLLTOOL" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_DLLTOOL"; then + ac_ct_DLLTOOL=$DLLTOOL + # Extract the first word of "dlltool", so it can be a program name with args. +set dummy dlltool; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_DLLTOOL+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_DLLTOOL"; then + ac_cv_prog_ac_ct_DLLTOOL="$ac_ct_DLLTOOL" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_ac_ct_DLLTOOL="dlltool" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_DLLTOOL=$ac_cv_prog_ac_ct_DLLTOOL +if test -n "$ac_ct_DLLTOOL"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_DLLTOOL" >&5 +$as_echo "$ac_ct_DLLTOOL" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_ct_DLLTOOL" = x; then + DLLTOOL="false" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + DLLTOOL=$ac_ct_DLLTOOL + fi +else + DLLTOOL="$ac_cv_prog_DLLTOOL" +fi + +test -z "$DLLTOOL" && DLLTOOL=dlltool + + + + + + + + + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to associate runtime and link libraries" >&5 +$as_echo_n "checking how to associate runtime and link libraries... " >&6; } +if ${lt_cv_sharedlib_from_linklib_cmd+:} false; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_sharedlib_from_linklib_cmd='unknown' + +case $host_os in +cygwin* | mingw* | pw32* | cegcc*) + # two different shell functions defined in ltmain.sh + # decide which to use based on capabilities of $DLLTOOL + case `$DLLTOOL --help 2>&1` in + *--identify-strict*) + lt_cv_sharedlib_from_linklib_cmd=func_cygming_dll_for_implib + ;; + *) + lt_cv_sharedlib_from_linklib_cmd=func_cygming_dll_for_implib_fallback + ;; + esac + ;; +*) + # fallback: assume linklib IS sharedlib + lt_cv_sharedlib_from_linklib_cmd="$ECHO" + ;; +esac + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_sharedlib_from_linklib_cmd" >&5 +$as_echo "$lt_cv_sharedlib_from_linklib_cmd" >&6; } +sharedlib_from_linklib_cmd=$lt_cv_sharedlib_from_linklib_cmd +test -z "$sharedlib_from_linklib_cmd" && sharedlib_from_linklib_cmd=$ECHO + + + + + + + + +if test -n "$ac_tool_prefix"; then + for ac_prog in ar + do + # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. +set dummy $ac_tool_prefix$ac_prog; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_AR+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$AR"; then + ac_cv_prog_AR="$AR" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_AR="$ac_tool_prefix$ac_prog" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +AR=$ac_cv_prog_AR +if test -n "$AR"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $AR" >&5 +$as_echo "$AR" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + test -n "$AR" && break + done +fi +if test -z "$AR"; then + ac_ct_AR=$AR + for ac_prog in ar +do + # Extract the first word of "$ac_prog", so it can be a program name with args. +set dummy $ac_prog; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_AR+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_AR"; then + ac_cv_prog_ac_ct_AR="$ac_ct_AR" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_ac_ct_AR="$ac_prog" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_AR=$ac_cv_prog_ac_ct_AR +if test -n "$ac_ct_AR"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_AR" >&5 +$as_echo "$ac_ct_AR" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + test -n "$ac_ct_AR" && break +done + + if test "x$ac_ct_AR" = x; then + AR="false" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + AR=$ac_ct_AR + fi +fi + +: ${AR=ar} +: ${AR_FLAGS=cru} + + + + + + + + + + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for archiver @FILE support" >&5 +$as_echo_n "checking for archiver @FILE support... " >&6; } +if ${lt_cv_ar_at_file+:} false; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_ar_at_file=no + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + echo conftest.$ac_objext > conftest.lst + lt_ar_try='$AR $AR_FLAGS libconftest.a @conftest.lst >&5' + { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$lt_ar_try\""; } >&5 + (eval $lt_ar_try) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + if test "$ac_status" -eq 0; then + # Ensure the archiver fails upon bogus file names. + rm -f conftest.$ac_objext libconftest.a + { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$lt_ar_try\""; } >&5 + (eval $lt_ar_try) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + if test "$ac_status" -ne 0; then + lt_cv_ar_at_file=@ + fi + fi + rm -f conftest.* libconftest.a + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ar_at_file" >&5 +$as_echo "$lt_cv_ar_at_file" >&6; } + +if test "x$lt_cv_ar_at_file" = xno; then + archiver_list_spec= +else + archiver_list_spec=$lt_cv_ar_at_file +fi + + + + + + + +if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args. +set dummy ${ac_tool_prefix}strip; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_STRIP+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$STRIP"; then + ac_cv_prog_STRIP="$STRIP" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_STRIP="${ac_tool_prefix}strip" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +STRIP=$ac_cv_prog_STRIP +if test -n "$STRIP"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $STRIP" >&5 +$as_echo "$STRIP" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_STRIP"; then + ac_ct_STRIP=$STRIP + # Extract the first word of "strip", so it can be a program name with args. +set dummy strip; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_STRIP+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_STRIP"; then + ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_ac_ct_STRIP="strip" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP +if test -n "$ac_ct_STRIP"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_STRIP" >&5 +$as_echo "$ac_ct_STRIP" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_ct_STRIP" = x; then + STRIP=":" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + STRIP=$ac_ct_STRIP + fi +else + STRIP="$ac_cv_prog_STRIP" +fi + +test -z "$STRIP" && STRIP=: + + + + + + +if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}ranlib", so it can be a program name with args. +set dummy ${ac_tool_prefix}ranlib; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_RANLIB+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$RANLIB"; then + ac_cv_prog_RANLIB="$RANLIB" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_RANLIB="${ac_tool_prefix}ranlib" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +RANLIB=$ac_cv_prog_RANLIB +if test -n "$RANLIB"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $RANLIB" >&5 +$as_echo "$RANLIB" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_RANLIB"; then + ac_ct_RANLIB=$RANLIB + # Extract the first word of "ranlib", so it can be a program name with args. +set dummy ranlib; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_RANLIB+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_RANLIB"; then + ac_cv_prog_ac_ct_RANLIB="$ac_ct_RANLIB" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_ac_ct_RANLIB="ranlib" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_RANLIB=$ac_cv_prog_ac_ct_RANLIB +if test -n "$ac_ct_RANLIB"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_RANLIB" >&5 +$as_echo "$ac_ct_RANLIB" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_ct_RANLIB" = x; then + RANLIB=":" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + RANLIB=$ac_ct_RANLIB + fi +else + RANLIB="$ac_cv_prog_RANLIB" +fi + +test -z "$RANLIB" && RANLIB=: + + + + + + +# Determine commands to create old-style static archives. +old_archive_cmds='$AR $AR_FLAGS $oldlib$oldobjs' +old_postinstall_cmds='chmod 644 $oldlib' +old_postuninstall_cmds= + +if test -n "$RANLIB"; then + case $host_os in + openbsd*) + old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB -t \$tool_oldlib" + ;; + *) + old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB \$tool_oldlib" + ;; + esac + old_archive_cmds="$old_archive_cmds~\$RANLIB \$tool_oldlib" +fi + +case $host_os in + darwin*) + lock_old_archive_extraction=yes ;; + *) + lock_old_archive_extraction=no ;; +esac + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +# If no C compiler was specified, use CC. +LTCC=${LTCC-"$CC"} + +# If no C compiler flags were specified, use CFLAGS. +LTCFLAGS=${LTCFLAGS-"$CFLAGS"} + +# Allow CC to be a program name with arguments. +compiler=$CC + + +# Check for command to grab the raw symbol name followed by C symbol from nm. +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking command to parse $NM output from $compiler object" >&5 +$as_echo_n "checking command to parse $NM output from $compiler object... " >&6; } +if ${lt_cv_sys_global_symbol_pipe+:} false; then : + $as_echo_n "(cached) " >&6 +else + +# These are sane defaults that work on at least a few old systems. +# [They come from Ultrix. What could be older than Ultrix?!! ;)] + +# Character class describing NM global symbol codes. +symcode='[BCDEGRST]' + +# Regexp to match symbols that can be accessed directly from C. +sympat='\([_A-Za-z][_A-Za-z0-9]*\)' + +# Define system-specific variables. +case $host_os in +aix*) + symcode='[BCDT]' + ;; +cygwin* | mingw* | pw32* | cegcc*) + symcode='[ABCDGISTW]' + ;; +hpux*) + if test "$host_cpu" = ia64; then + symcode='[ABCDEGRST]' + fi + ;; +irix* | nonstopux*) + symcode='[BCDEGRST]' + ;; +osf*) + symcode='[BCDEGQRST]' + ;; +solaris*) + symcode='[BDRT]' + ;; +sco3.2v5*) + symcode='[DT]' + ;; +sysv4.2uw2*) + symcode='[DT]' + ;; +sysv5* | sco5v6* | unixware* | OpenUNIX*) + symcode='[ABDT]' + ;; +sysv4) + symcode='[DFNSTU]' + ;; +esac + +# If we're using GNU nm, then use its standard symbol codes. +case `$NM -V 2>&1` in +*GNU* | *'with BFD'*) + symcode='[ABCDGIRSTW]' ;; +esac + +# Transform an extracted symbol line into a proper C declaration. +# Some systems (esp. on ia64) link data and code symbols differently, +# so use this general approach. +lt_cv_sys_global_symbol_to_cdecl="sed -n -e 's/^T .* \(.*\)$/extern int \1();/p' -e 's/^$symcode* .* \(.*\)$/extern char \1;/p'" + +# Transform an extracted symbol line into symbol name and symbol address +lt_cv_sys_global_symbol_to_c_name_address="sed -n -e 's/^: \([^ ]*\)[ ]*$/ {\\\"\1\\\", (void *) 0},/p' -e 's/^$symcode* \([^ ]*\) \([^ ]*\)$/ {\"\2\", (void *) \&\2},/p'" +lt_cv_sys_global_symbol_to_c_name_address_lib_prefix="sed -n -e 's/^: \([^ ]*\)[ ]*$/ {\\\"\1\\\", (void *) 0},/p' -e 's/^$symcode* \([^ ]*\) \(lib[^ ]*\)$/ {\"\2\", (void *) \&\2},/p' -e 's/^$symcode* \([^ ]*\) \([^ ]*\)$/ {\"lib\2\", (void *) \&\2},/p'" + +# Handle CRLF in mingw tool chain +opt_cr= +case $build_os in +mingw*) + opt_cr=`$ECHO 'x\{0,1\}' | tr x '\015'` # option cr in regexp + ;; +esac + +# Try without a prefix underscore, then with it. +for ac_symprfx in "" "_"; do + + # Transform symcode, sympat, and symprfx into a raw symbol and a C symbol. + symxfrm="\\1 $ac_symprfx\\2 \\2" + + # Write the raw and C identifiers. + if test "$lt_cv_nm_interface" = "MS dumpbin"; then + # Fake it for dumpbin and say T for any non-static function + # and D for any global variable. + # Also find C++ and __fastcall symbols from MSVC++, + # which start with @ or ?. + lt_cv_sys_global_symbol_pipe="$AWK '"\ +" {last_section=section; section=\$ 3};"\ +" /^COFF SYMBOL TABLE/{for(i in hide) delete hide[i]};"\ +" /Section length .*#relocs.*(pick any)/{hide[last_section]=1};"\ +" \$ 0!~/External *\|/{next};"\ +" / 0+ UNDEF /{next}; / UNDEF \([^|]\)*()/{next};"\ +" {if(hide[section]) next};"\ +" {f=0}; \$ 0~/\(\).*\|/{f=1}; {printf f ? \"T \" : \"D \"};"\ +" {split(\$ 0, a, /\||\r/); split(a[2], s)};"\ +" s[1]~/^[@?]/{print s[1], s[1]; next};"\ +" s[1]~prfx {split(s[1],t,\"@\"); print t[1], substr(t[1],length(prfx))}"\ +" ' prfx=^$ac_symprfx" + else + lt_cv_sys_global_symbol_pipe="sed -n -e 's/^.*[ ]\($symcode$symcode*\)[ ][ ]*$ac_symprfx$sympat$opt_cr$/$symxfrm/p'" + fi + lt_cv_sys_global_symbol_pipe="$lt_cv_sys_global_symbol_pipe | sed '/ __gnu_lto/d'" + + # Check to see that the pipe works correctly. + pipe_works=no + + rm -f conftest* + cat > conftest.$ac_ext <<_LT_EOF +#ifdef __cplusplus +extern "C" { +#endif +char nm_test_var; +void nm_test_func(void); +void nm_test_func(void){} +#ifdef __cplusplus +} +#endif +int main(){nm_test_var='a';nm_test_func();return(0);} +_LT_EOF + + if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + # Now try to grab the symbols. + nlist=conftest.nm + if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$NM conftest.$ac_objext \| "$lt_cv_sys_global_symbol_pipe" \> $nlist\""; } >&5 + (eval $NM conftest.$ac_objext \| "$lt_cv_sys_global_symbol_pipe" \> $nlist) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } && test -s "$nlist"; then + # Try sorting and uniquifying the output. + if sort "$nlist" | uniq > "$nlist"T; then + mv -f "$nlist"T "$nlist" + else + rm -f "$nlist"T + fi + + # Make sure that we snagged all the symbols we need. + if $GREP ' nm_test_var$' "$nlist" >/dev/null; then + if $GREP ' nm_test_func$' "$nlist" >/dev/null; then + cat <<_LT_EOF > conftest.$ac_ext +/* Keep this code in sync between libtool.m4, ltmain, lt_system.h, and tests. */ +#if defined(_WIN32) || defined(__CYGWIN__) || defined(_WIN32_WCE) +/* DATA imports from DLLs on WIN32 con't be const, because runtime + relocations are performed -- see ld's documentation on pseudo-relocs. */ +# define LT_DLSYM_CONST +#elif defined(__osf__) +/* This system does not cope well with relocations in const data. */ +# define LT_DLSYM_CONST +#else +# define LT_DLSYM_CONST const +#endif + +#ifdef __cplusplus +extern "C" { +#endif + +_LT_EOF + # Now generate the symbol file. + eval "$lt_cv_sys_global_symbol_to_cdecl"' < "$nlist" | $GREP -v main >> conftest.$ac_ext' + + cat <<_LT_EOF >> conftest.$ac_ext + +/* The mapping between symbol names and symbols. */ +LT_DLSYM_CONST struct { + const char *name; + void *address; +} +lt__PROGRAM__LTX_preloaded_symbols[] = +{ + { "@PROGRAM@", (void *) 0 }, +_LT_EOF + $SED "s/^$symcode$symcode* \(.*\) \(.*\)$/ {\"\2\", (void *) \&\2},/" < "$nlist" | $GREP -v main >> conftest.$ac_ext + cat <<\_LT_EOF >> conftest.$ac_ext + {0, (void *) 0} +}; + +/* This works around a problem in FreeBSD linker */ +#ifdef FREEBSD_WORKAROUND +static const void *lt_preloaded_setup() { + return lt__PROGRAM__LTX_preloaded_symbols; +} +#endif + +#ifdef __cplusplus +} +#endif +_LT_EOF + # Now try linking the two files. + mv conftest.$ac_objext conftstm.$ac_objext + lt_globsym_save_LIBS=$LIBS + lt_globsym_save_CFLAGS=$CFLAGS + LIBS="conftstm.$ac_objext" + CFLAGS="$CFLAGS$lt_prog_compiler_no_builtin_flag" + if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_link\""; } >&5 + (eval $ac_link) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } && test -s conftest${ac_exeext}; then + pipe_works=yes + fi + LIBS=$lt_globsym_save_LIBS + CFLAGS=$lt_globsym_save_CFLAGS + else + echo "cannot find nm_test_func in $nlist" >&5 + fi + else + echo "cannot find nm_test_var in $nlist" >&5 + fi + else + echo "cannot run $lt_cv_sys_global_symbol_pipe" >&5 + fi + else + echo "$progname: failed program was:" >&5 + cat conftest.$ac_ext >&5 + fi + rm -rf conftest* conftst* + + # Do not use the global_symbol_pipe unless it works. + if test "$pipe_works" = yes; then + break + else + lt_cv_sys_global_symbol_pipe= + fi +done + +fi + +if test -z "$lt_cv_sys_global_symbol_pipe"; then + lt_cv_sys_global_symbol_to_cdecl= +fi +if test -z "$lt_cv_sys_global_symbol_pipe$lt_cv_sys_global_symbol_to_cdecl"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: failed" >&5 +$as_echo "failed" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: ok" >&5 +$as_echo "ok" >&6; } +fi + +# Response file support. +if test "$lt_cv_nm_interface" = "MS dumpbin"; then + nm_file_list_spec='@' +elif $NM --help 2>/dev/null | grep '[@]FILE' >/dev/null; then + nm_file_list_spec='@' +fi + + + + + + + + + + + + + + + + + + + + + + + + + + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for sysroot" >&5 +$as_echo_n "checking for sysroot... " >&6; } + +# Check whether --with-sysroot was given. +if test "${with_sysroot+set}" = set; then : + withval=$with_sysroot; +else + with_sysroot=no +fi + + +lt_sysroot= +case ${with_sysroot} in #( + yes) + if test "$GCC" = yes; then + lt_sysroot=`$CC --print-sysroot 2>/dev/null` + fi + ;; #( + /*) + lt_sysroot=`echo "$with_sysroot" | sed -e "$sed_quote_subst"` + ;; #( + no|'') + ;; #( + *) + { $as_echo "$as_me:${as_lineno-$LINENO}: result: ${with_sysroot}" >&5 +$as_echo "${with_sysroot}" >&6; } + as_fn_error $? "The sysroot must be an absolute path." "$LINENO" 5 + ;; +esac + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: ${lt_sysroot:-no}" >&5 +$as_echo "${lt_sysroot:-no}" >&6; } + + + + + +# Check whether --enable-libtool-lock was given. +if test "${enable_libtool_lock+set}" = set; then : + enableval=$enable_libtool_lock; +fi + +test "x$enable_libtool_lock" != xno && enable_libtool_lock=yes + +# Some flags need to be propagated to the compiler or linker for good +# libtool support. +case $host in +ia64-*-hpux*) + # Find out which ABI we are using. + echo 'int i;' > conftest.$ac_ext + if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + case `/usr/bin/file conftest.$ac_objext` in + *ELF-32*) + HPUX_IA64_MODE="32" + ;; + *ELF-64*) + HPUX_IA64_MODE="64" + ;; + esac + fi + rm -rf conftest* + ;; +*-*-irix6*) + # Find out which ABI we are using. + echo '#line '$LINENO' "configure"' > conftest.$ac_ext + if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + if test "$lt_cv_prog_gnu_ld" = yes; then + case `/usr/bin/file conftest.$ac_objext` in + *32-bit*) + LD="${LD-ld} -melf32bsmip" + ;; + *N32*) + LD="${LD-ld} -melf32bmipn32" + ;; + *64-bit*) + LD="${LD-ld} -melf64bmip" + ;; + esac + else + case `/usr/bin/file conftest.$ac_objext` in + *32-bit*) + LD="${LD-ld} -32" + ;; + *N32*) + LD="${LD-ld} -n32" + ;; + *64-bit*) + LD="${LD-ld} -64" + ;; + esac + fi + fi + rm -rf conftest* + ;; + +x86_64-*kfreebsd*-gnu|x86_64-*linux*|ppc*-*linux*|powerpc*-*linux*| \ +s390*-*linux*|s390*-*tpf*|sparc*-*linux*) + # Find out which ABI we are using. + echo 'int i;' > conftest.$ac_ext + if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + case `/usr/bin/file conftest.o` in + *32-bit*) + case $host in + x86_64-*kfreebsd*-gnu) + LD="${LD-ld} -m elf_i386_fbsd" + ;; + x86_64-*linux*) + LD="${LD-ld} -m elf_i386" + ;; + ppc64-*linux*|powerpc64-*linux*) + LD="${LD-ld} -m elf32ppclinux" + ;; + s390x-*linux*) + LD="${LD-ld} -m elf_s390" + ;; + sparc64-*linux*) + LD="${LD-ld} -m elf32_sparc" + ;; + esac + ;; + *64-bit*) + case $host in + x86_64-*kfreebsd*-gnu) + LD="${LD-ld} -m elf_x86_64_fbsd" + ;; + x86_64-*linux*) + LD="${LD-ld} -m elf_x86_64" + ;; + ppc*-*linux*|powerpc*-*linux*) + LD="${LD-ld} -m elf64ppc" + ;; + s390*-*linux*|s390*-*tpf*) + LD="${LD-ld} -m elf64_s390" + ;; + sparc*-*linux*) + LD="${LD-ld} -m elf64_sparc" + ;; + esac + ;; + esac + fi + rm -rf conftest* + ;; + +*-*-sco3.2v5*) + # On SCO OpenServer 5, we need -belf to get full-featured binaries. + SAVE_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS -belf" + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the C compiler needs -belf" >&5 +$as_echo_n "checking whether the C compiler needs -belf... " >&6; } +if ${lt_cv_cc_needs_belf+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + lt_cv_cc_needs_belf=yes +else + lt_cv_cc_needs_belf=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_cc_needs_belf" >&5 +$as_echo "$lt_cv_cc_needs_belf" >&6; } + if test x"$lt_cv_cc_needs_belf" != x"yes"; then + # this is probably gcc 2.8.0, egcs 1.0 or newer; no need for -belf + CFLAGS="$SAVE_CFLAGS" + fi + ;; +*-*solaris*) + # Find out which ABI we are using. + echo 'int i;' > conftest.$ac_ext + if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + case `/usr/bin/file conftest.o` in + *64-bit*) + case $lt_cv_prog_gnu_ld in + yes*) + case $host in + i?86-*-solaris*) + LD="${LD-ld} -m elf_x86_64" + ;; + sparc*-*-solaris*) + LD="${LD-ld} -m elf64_sparc" + ;; + esac + # GNU ld 2.21 introduced _sol2 emulations. Use them if available. + if ${LD-ld} -V | grep _sol2 >/dev/null 2>&1; then + LD="${LD-ld}_sol2" + fi + ;; + *) + if ${LD-ld} -64 -r -o conftest2.o conftest.o >/dev/null 2>&1; then + LD="${LD-ld} -64" + fi + ;; + esac + ;; + esac + fi + rm -rf conftest* + ;; +esac + +need_locks="$enable_libtool_lock" + +if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}mt", so it can be a program name with args. +set dummy ${ac_tool_prefix}mt; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_MANIFEST_TOOL+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$MANIFEST_TOOL"; then + ac_cv_prog_MANIFEST_TOOL="$MANIFEST_TOOL" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_MANIFEST_TOOL="${ac_tool_prefix}mt" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +MANIFEST_TOOL=$ac_cv_prog_MANIFEST_TOOL +if test -n "$MANIFEST_TOOL"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MANIFEST_TOOL" >&5 +$as_echo "$MANIFEST_TOOL" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_MANIFEST_TOOL"; then + ac_ct_MANIFEST_TOOL=$MANIFEST_TOOL + # Extract the first word of "mt", so it can be a program name with args. +set dummy mt; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_MANIFEST_TOOL+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_MANIFEST_TOOL"; then + ac_cv_prog_ac_ct_MANIFEST_TOOL="$ac_ct_MANIFEST_TOOL" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_ac_ct_MANIFEST_TOOL="mt" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_MANIFEST_TOOL=$ac_cv_prog_ac_ct_MANIFEST_TOOL +if test -n "$ac_ct_MANIFEST_TOOL"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_MANIFEST_TOOL" >&5 +$as_echo "$ac_ct_MANIFEST_TOOL" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_ct_MANIFEST_TOOL" = x; then + MANIFEST_TOOL=":" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + MANIFEST_TOOL=$ac_ct_MANIFEST_TOOL + fi +else + MANIFEST_TOOL="$ac_cv_prog_MANIFEST_TOOL" +fi + +test -z "$MANIFEST_TOOL" && MANIFEST_TOOL=mt +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if $MANIFEST_TOOL is a manifest tool" >&5 +$as_echo_n "checking if $MANIFEST_TOOL is a manifest tool... " >&6; } +if ${lt_cv_path_mainfest_tool+:} false; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_path_mainfest_tool=no + echo "$as_me:$LINENO: $MANIFEST_TOOL '-?'" >&5 + $MANIFEST_TOOL '-?' 2>conftest.err > conftest.out + cat conftest.err >&5 + if $GREP 'Manifest Tool' conftest.out > /dev/null; then + lt_cv_path_mainfest_tool=yes + fi + rm -f conftest* +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_path_mainfest_tool" >&5 +$as_echo "$lt_cv_path_mainfest_tool" >&6; } +if test "x$lt_cv_path_mainfest_tool" != xyes; then + MANIFEST_TOOL=: +fi + + + + + + + case $host_os in + rhapsody* | darwin*) + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}dsymutil", so it can be a program name with args. +set dummy ${ac_tool_prefix}dsymutil; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_DSYMUTIL+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$DSYMUTIL"; then + ac_cv_prog_DSYMUTIL="$DSYMUTIL" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_DSYMUTIL="${ac_tool_prefix}dsymutil" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +DSYMUTIL=$ac_cv_prog_DSYMUTIL +if test -n "$DSYMUTIL"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $DSYMUTIL" >&5 +$as_echo "$DSYMUTIL" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_DSYMUTIL"; then + ac_ct_DSYMUTIL=$DSYMUTIL + # Extract the first word of "dsymutil", so it can be a program name with args. +set dummy dsymutil; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_DSYMUTIL+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_DSYMUTIL"; then + ac_cv_prog_ac_ct_DSYMUTIL="$ac_ct_DSYMUTIL" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_ac_ct_DSYMUTIL="dsymutil" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_DSYMUTIL=$ac_cv_prog_ac_ct_DSYMUTIL +if test -n "$ac_ct_DSYMUTIL"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_DSYMUTIL" >&5 +$as_echo "$ac_ct_DSYMUTIL" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_ct_DSYMUTIL" = x; then + DSYMUTIL=":" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + DSYMUTIL=$ac_ct_DSYMUTIL + fi +else + DSYMUTIL="$ac_cv_prog_DSYMUTIL" +fi + + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}nmedit", so it can be a program name with args. +set dummy ${ac_tool_prefix}nmedit; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_NMEDIT+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$NMEDIT"; then + ac_cv_prog_NMEDIT="$NMEDIT" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_NMEDIT="${ac_tool_prefix}nmedit" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +NMEDIT=$ac_cv_prog_NMEDIT +if test -n "$NMEDIT"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $NMEDIT" >&5 +$as_echo "$NMEDIT" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_NMEDIT"; then + ac_ct_NMEDIT=$NMEDIT + # Extract the first word of "nmedit", so it can be a program name with args. +set dummy nmedit; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_NMEDIT+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_NMEDIT"; then + ac_cv_prog_ac_ct_NMEDIT="$ac_ct_NMEDIT" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_ac_ct_NMEDIT="nmedit" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_NMEDIT=$ac_cv_prog_ac_ct_NMEDIT +if test -n "$ac_ct_NMEDIT"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_NMEDIT" >&5 +$as_echo "$ac_ct_NMEDIT" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_ct_NMEDIT" = x; then + NMEDIT=":" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + NMEDIT=$ac_ct_NMEDIT + fi +else + NMEDIT="$ac_cv_prog_NMEDIT" +fi + + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}lipo", so it can be a program name with args. +set dummy ${ac_tool_prefix}lipo; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_LIPO+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$LIPO"; then + ac_cv_prog_LIPO="$LIPO" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_LIPO="${ac_tool_prefix}lipo" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +LIPO=$ac_cv_prog_LIPO +if test -n "$LIPO"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LIPO" >&5 +$as_echo "$LIPO" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_LIPO"; then + ac_ct_LIPO=$LIPO + # Extract the first word of "lipo", so it can be a program name with args. +set dummy lipo; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_LIPO+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_LIPO"; then + ac_cv_prog_ac_ct_LIPO="$ac_ct_LIPO" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_ac_ct_LIPO="lipo" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_LIPO=$ac_cv_prog_ac_ct_LIPO +if test -n "$ac_ct_LIPO"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_LIPO" >&5 +$as_echo "$ac_ct_LIPO" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_ct_LIPO" = x; then + LIPO=":" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + LIPO=$ac_ct_LIPO + fi +else + LIPO="$ac_cv_prog_LIPO" +fi + + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}otool", so it can be a program name with args. +set dummy ${ac_tool_prefix}otool; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_OTOOL+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$OTOOL"; then + ac_cv_prog_OTOOL="$OTOOL" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_OTOOL="${ac_tool_prefix}otool" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +OTOOL=$ac_cv_prog_OTOOL +if test -n "$OTOOL"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $OTOOL" >&5 +$as_echo "$OTOOL" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_OTOOL"; then + ac_ct_OTOOL=$OTOOL + # Extract the first word of "otool", so it can be a program name with args. +set dummy otool; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_OTOOL+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_OTOOL"; then + ac_cv_prog_ac_ct_OTOOL="$ac_ct_OTOOL" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_ac_ct_OTOOL="otool" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_OTOOL=$ac_cv_prog_ac_ct_OTOOL +if test -n "$ac_ct_OTOOL"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OTOOL" >&5 +$as_echo "$ac_ct_OTOOL" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_ct_OTOOL" = x; then + OTOOL=":" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + OTOOL=$ac_ct_OTOOL + fi +else + OTOOL="$ac_cv_prog_OTOOL" +fi + + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}otool64", so it can be a program name with args. +set dummy ${ac_tool_prefix}otool64; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_OTOOL64+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$OTOOL64"; then + ac_cv_prog_OTOOL64="$OTOOL64" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_OTOOL64="${ac_tool_prefix}otool64" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +OTOOL64=$ac_cv_prog_OTOOL64 +if test -n "$OTOOL64"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $OTOOL64" >&5 +$as_echo "$OTOOL64" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_OTOOL64"; then + ac_ct_OTOOL64=$OTOOL64 + # Extract the first word of "otool64", so it can be a program name with args. +set dummy otool64; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_OTOOL64+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_OTOOL64"; then + ac_cv_prog_ac_ct_OTOOL64="$ac_ct_OTOOL64" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_prog_ac_ct_OTOOL64="otool64" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_OTOOL64=$ac_cv_prog_ac_ct_OTOOL64 +if test -n "$ac_ct_OTOOL64"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OTOOL64" >&5 +$as_echo "$ac_ct_OTOOL64" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_ct_OTOOL64" = x; then + OTOOL64=":" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + OTOOL64=$ac_ct_OTOOL64 + fi +else + OTOOL64="$ac_cv_prog_OTOOL64" +fi + + + + + + + + + + + + + + + + + + + + + + + + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for -single_module linker flag" >&5 +$as_echo_n "checking for -single_module linker flag... " >&6; } +if ${lt_cv_apple_cc_single_mod+:} false; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_apple_cc_single_mod=no + if test -z "${LT_MULTI_MODULE}"; then + # By default we will add the -single_module flag. You can override + # by either setting the environment variable LT_MULTI_MODULE + # non-empty at configure time, or by adding -multi_module to the + # link flags. + rm -rf libconftest.dylib* + echo "int foo(void){return 1;}" > conftest.c + echo "$LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \ +-dynamiclib -Wl,-single_module conftest.c" >&5 + $LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \ + -dynamiclib -Wl,-single_module conftest.c 2>conftest.err + _lt_result=$? + # If there is a non-empty error log, and "single_module" + # appears in it, assume the flag caused a linker warning + if test -s conftest.err && $GREP single_module conftest.err; then + cat conftest.err >&5 + # Otherwise, if the output was created with a 0 exit code from + # the compiler, it worked. + elif test -f libconftest.dylib && test $_lt_result -eq 0; then + lt_cv_apple_cc_single_mod=yes + else + cat conftest.err >&5 + fi + rm -rf libconftest.dylib* + rm -f conftest.* + fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_apple_cc_single_mod" >&5 +$as_echo "$lt_cv_apple_cc_single_mod" >&6; } + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for -exported_symbols_list linker flag" >&5 +$as_echo_n "checking for -exported_symbols_list linker flag... " >&6; } +if ${lt_cv_ld_exported_symbols_list+:} false; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_ld_exported_symbols_list=no + save_LDFLAGS=$LDFLAGS + echo "_main" > conftest.sym + LDFLAGS="$LDFLAGS -Wl,-exported_symbols_list,conftest.sym" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + lt_cv_ld_exported_symbols_list=yes +else + lt_cv_ld_exported_symbols_list=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + LDFLAGS="$save_LDFLAGS" + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_exported_symbols_list" >&5 +$as_echo "$lt_cv_ld_exported_symbols_list" >&6; } + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for -force_load linker flag" >&5 +$as_echo_n "checking for -force_load linker flag... " >&6; } +if ${lt_cv_ld_force_load+:} false; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_ld_force_load=no + cat > conftest.c << _LT_EOF +int forced_loaded() { return 2;} +_LT_EOF + echo "$LTCC $LTCFLAGS -c -o conftest.o conftest.c" >&5 + $LTCC $LTCFLAGS -c -o conftest.o conftest.c 2>&5 + echo "$AR cru libconftest.a conftest.o" >&5 + $AR cru libconftest.a conftest.o 2>&5 + echo "$RANLIB libconftest.a" >&5 + $RANLIB libconftest.a 2>&5 + cat > conftest.c << _LT_EOF +int main() { return 0;} +_LT_EOF + echo "$LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a" >&5 + $LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a 2>conftest.err + _lt_result=$? + if test -s conftest.err && $GREP force_load conftest.err; then + cat conftest.err >&5 + elif test -f conftest && test $_lt_result -eq 0 && $GREP forced_load conftest >/dev/null 2>&1 ; then + lt_cv_ld_force_load=yes + else + cat conftest.err >&5 + fi + rm -f conftest.err libconftest.a conftest conftest.c + rm -rf conftest.dSYM + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_force_load" >&5 +$as_echo "$lt_cv_ld_force_load" >&6; } + case $host_os in + rhapsody* | darwin1.[012]) + _lt_dar_allow_undefined='${wl}-undefined ${wl}suppress' ;; + darwin1.*) + _lt_dar_allow_undefined='${wl}-flat_namespace ${wl}-undefined ${wl}suppress' ;; + darwin*) # darwin 5.x on + # if running on 10.5 or later, the deployment target defaults + # to the OS version, if on x86, and 10.4, the deployment + # target defaults to 10.4. Don't you love it? + case ${MACOSX_DEPLOYMENT_TARGET-10.0},$host in + 10.0,*86*-darwin8*|10.0,*-darwin[91]*) + _lt_dar_allow_undefined='${wl}-undefined ${wl}dynamic_lookup' ;; + 10.[012]*) + _lt_dar_allow_undefined='${wl}-flat_namespace ${wl}-undefined ${wl}suppress' ;; + 10.*) + _lt_dar_allow_undefined='${wl}-undefined ${wl}dynamic_lookup' ;; + esac + ;; + esac + if test "$lt_cv_apple_cc_single_mod" = "yes"; then + _lt_dar_single_mod='$single_module' + fi + if test "$lt_cv_ld_exported_symbols_list" = "yes"; then + _lt_dar_export_syms=' ${wl}-exported_symbols_list,$output_objdir/${libname}-symbols.expsym' + else + _lt_dar_export_syms='~$NMEDIT -s $output_objdir/${libname}-symbols.expsym ${lib}' + fi + if test "$DSYMUTIL" != ":" && test "$lt_cv_ld_force_load" = "no"; then + _lt_dsymutil='~$DSYMUTIL $lib || :' + else + _lt_dsymutil= + fi + ;; + esac + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to run the C preprocessor" >&5 +$as_echo_n "checking how to run the C preprocessor... " >&6; } +# On Suns, sometimes $CPP names a directory. +if test -n "$CPP" && test -d "$CPP"; then + CPP= +fi +if test -z "$CPP"; then + if ${ac_cv_prog_CPP+:} false; then : + $as_echo_n "(cached) " >&6 +else + # Double quotes because CPP needs to be expanded + for CPP in "$CC -E" "$CC -E -traditional-cpp" "/lib/cpp" + do + ac_preproc_ok=false +for ac_c_preproc_warn_flag in '' yes +do + # Use a header file that comes with gcc, so configuring glibc + # with a fresh cross-compiler works. + # Prefer to if __STDC__ is defined, since + # exists even on freestanding compilers. + # On the NeXT, cc -E runs the code through the compiler's parser, + # not just through cpp. "Syntax error" is here to catch this case. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#ifdef __STDC__ +# include +#else +# include +#endif + Syntax error +_ACEOF +if ac_fn_c_try_cpp "$LINENO"; then : + +else + # Broken: fails on valid input. +continue +fi +rm -f conftest.err conftest.i conftest.$ac_ext + + # OK, works on sane cases. Now check whether nonexistent headers + # can be detected and how. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +_ACEOF +if ac_fn_c_try_cpp "$LINENO"; then : + # Broken: success on invalid input. +continue +else + # Passes both tests. +ac_preproc_ok=: +break +fi +rm -f conftest.err conftest.i conftest.$ac_ext + +done +# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. +rm -f conftest.i conftest.err conftest.$ac_ext +if $ac_preproc_ok; then : + break +fi + + done + ac_cv_prog_CPP=$CPP + +fi + CPP=$ac_cv_prog_CPP +else + ac_cv_prog_CPP=$CPP +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $CPP" >&5 +$as_echo "$CPP" >&6; } +ac_preproc_ok=false +for ac_c_preproc_warn_flag in '' yes +do + # Use a header file that comes with gcc, so configuring glibc + # with a fresh cross-compiler works. + # Prefer to if __STDC__ is defined, since + # exists even on freestanding compilers. + # On the NeXT, cc -E runs the code through the compiler's parser, + # not just through cpp. "Syntax error" is here to catch this case. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#ifdef __STDC__ +# include +#else +# include +#endif + Syntax error +_ACEOF +if ac_fn_c_try_cpp "$LINENO"; then : + +else + # Broken: fails on valid input. +continue +fi +rm -f conftest.err conftest.i conftest.$ac_ext + + # OK, works on sane cases. Now check whether nonexistent headers + # can be detected and how. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +_ACEOF +if ac_fn_c_try_cpp "$LINENO"; then : + # Broken: success on invalid input. +continue +else + # Passes both tests. +ac_preproc_ok=: +break +fi +rm -f conftest.err conftest.i conftest.$ac_ext + +done +# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. +rm -f conftest.i conftest.err conftest.$ac_ext +if $ac_preproc_ok; then : + +else + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "C preprocessor \"$CPP\" fails sanity check +See \`config.log' for more details" "$LINENO" 5; } +fi + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ANSI C header files" >&5 +$as_echo_n "checking for ANSI C header files... " >&6; } +if ${ac_cv_header_stdc+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +#include +#include +#include + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_header_stdc=yes +else + ac_cv_header_stdc=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +if test $ac_cv_header_stdc = yes; then + # SunOS 4.x string.h does not declare mem*, contrary to ANSI. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "memchr" >/dev/null 2>&1; then : + +else + ac_cv_header_stdc=no +fi +rm -f conftest* + +fi + +if test $ac_cv_header_stdc = yes; then + # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "free" >/dev/null 2>&1; then : + +else + ac_cv_header_stdc=no +fi +rm -f conftest* + +fi + +if test $ac_cv_header_stdc = yes; then + # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi. + if test "$cross_compiling" = yes; then : + : +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +#include +#if ((' ' & 0x0FF) == 0x020) +# define ISLOWER(c) ('a' <= (c) && (c) <= 'z') +# define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c)) +#else +# define ISLOWER(c) \ + (('a' <= (c) && (c) <= 'i') \ + || ('j' <= (c) && (c) <= 'r') \ + || ('s' <= (c) && (c) <= 'z')) +# define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c)) +#endif + +#define XOR(e, f) (((e) && !(f)) || (!(e) && (f))) +int +main () +{ + int i; + for (i = 0; i < 256; i++) + if (XOR (islower (i), ISLOWER (i)) + || toupper (i) != TOUPPER (i)) + return 2; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + +else + ac_cv_header_stdc=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_stdc" >&5 +$as_echo "$ac_cv_header_stdc" >&6; } +if test $ac_cv_header_stdc = yes; then + +$as_echo "#define STDC_HEADERS 1" >>confdefs.h + +fi + +# On IRIX 5.3, sys/types and inttypes.h are conflicting. +for ac_header in sys/types.h sys/stat.h stdlib.h string.h memory.h strings.h \ + inttypes.h stdint.h unistd.h +do : + as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` +ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default +" +if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 +_ACEOF + +fi + +done + + +for ac_header in dlfcn.h +do : + ac_fn_c_check_header_compile "$LINENO" "dlfcn.h" "ac_cv_header_dlfcn_h" "$ac_includes_default +" +if test "x$ac_cv_header_dlfcn_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_DLFCN_H 1 +_ACEOF + +fi + +done + + + + + +# Set options + + + + enable_dlopen=no + + + enable_win32_dll=no + + + # Check whether --enable-shared was given. +if test "${enable_shared+set}" = set; then : + enableval=$enable_shared; p=${PACKAGE-default} + case $enableval in + yes) enable_shared=yes ;; + no) enable_shared=no ;; + *) + enable_shared=no + # Look at the argument we got. We use all the common list separators. + lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR," + for pkg in $enableval; do + IFS="$lt_save_ifs" + if test "X$pkg" = "X$p"; then + enable_shared=yes + fi + done + IFS="$lt_save_ifs" + ;; + esac +else + enable_shared=yes +fi + + + + + + + + + + # Check whether --enable-static was given. +if test "${enable_static+set}" = set; then : + enableval=$enable_static; p=${PACKAGE-default} + case $enableval in + yes) enable_static=yes ;; + no) enable_static=no ;; + *) + enable_static=no + # Look at the argument we got. We use all the common list separators. + lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR," + for pkg in $enableval; do + IFS="$lt_save_ifs" + if test "X$pkg" = "X$p"; then + enable_static=yes + fi + done + IFS="$lt_save_ifs" + ;; + esac +else + enable_static=yes +fi + + + + + + + + + + +# Check whether --with-pic was given. +if test "${with_pic+set}" = set; then : + withval=$with_pic; lt_p=${PACKAGE-default} + case $withval in + yes|no) pic_mode=$withval ;; + *) + pic_mode=default + # Look at the argument we got. We use all the common list separators. + lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR," + for lt_pkg in $withval; do + IFS="$lt_save_ifs" + if test "X$lt_pkg" = "X$lt_p"; then + pic_mode=yes + fi + done + IFS="$lt_save_ifs" + ;; + esac +else + pic_mode=default +fi + + +test -z "$pic_mode" && pic_mode=default + + + + + + + + # Check whether --enable-fast-install was given. +if test "${enable_fast_install+set}" = set; then : + enableval=$enable_fast_install; p=${PACKAGE-default} + case $enableval in + yes) enable_fast_install=yes ;; + no) enable_fast_install=no ;; + *) + enable_fast_install=no + # Look at the argument we got. We use all the common list separators. + lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR," + for pkg in $enableval; do + IFS="$lt_save_ifs" + if test "X$pkg" = "X$p"; then + enable_fast_install=yes + fi + done + IFS="$lt_save_ifs" + ;; + esac +else + enable_fast_install=yes +fi + + + + + + + + + + + +# This can be used to rebuild libtool when needed +LIBTOOL_DEPS="$ltmain" + +# Always use our own libtool. +LIBTOOL='$(SHELL) $(top_builddir)/libtool' + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +test -z "$LN_S" && LN_S="ln -s" + + + + + + + + + + + + + + +if test -n "${ZSH_VERSION+set}" ; then + setopt NO_GLOB_SUBST +fi + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for objdir" >&5 +$as_echo_n "checking for objdir... " >&6; } +if ${lt_cv_objdir+:} false; then : + $as_echo_n "(cached) " >&6 +else + rm -f .libs 2>/dev/null +mkdir .libs 2>/dev/null +if test -d .libs; then + lt_cv_objdir=.libs +else + # MS-DOS does not allow filenames that begin with a dot. + lt_cv_objdir=_libs +fi +rmdir .libs 2>/dev/null +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_objdir" >&5 +$as_echo "$lt_cv_objdir" >&6; } +objdir=$lt_cv_objdir + + + + + +cat >>confdefs.h <<_ACEOF +#define LT_OBJDIR "$lt_cv_objdir/" +_ACEOF + + + + +case $host_os in +aix3*) + # AIX sometimes has problems with the GCC collect2 program. For some + # reason, if we set the COLLECT_NAMES environment variable, the problems + # vanish in a puff of smoke. + if test "X${COLLECT_NAMES+set}" != Xset; then + COLLECT_NAMES= + export COLLECT_NAMES + fi + ;; +esac + +# Global variables: +ofile=libtool +can_build_shared=yes + +# All known linkers require a `.a' archive for static linking (except MSVC, +# which needs '.lib'). +libext=a + +with_gnu_ld="$lt_cv_prog_gnu_ld" + +old_CC="$CC" +old_CFLAGS="$CFLAGS" + +# Set sane defaults for various variables +test -z "$CC" && CC=cc +test -z "$LTCC" && LTCC=$CC +test -z "$LTCFLAGS" && LTCFLAGS=$CFLAGS +test -z "$LD" && LD=ld +test -z "$ac_objext" && ac_objext=o + +for cc_temp in $compiler""; do + case $cc_temp in + compile | *[\\/]compile | ccache | *[\\/]ccache ) ;; + distcc | *[\\/]distcc | purify | *[\\/]purify ) ;; + \-*) ;; + *) break;; + esac +done +cc_basename=`$ECHO "$cc_temp" | $SED "s%.*/%%; s%^$host_alias-%%"` + + +# Only perform the check for file, if the check method requires it +test -z "$MAGIC_CMD" && MAGIC_CMD=file +case $deplibs_check_method in +file_magic*) + if test "$file_magic_cmd" = '$MAGIC_CMD'; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ${ac_tool_prefix}file" >&5 +$as_echo_n "checking for ${ac_tool_prefix}file... " >&6; } +if ${lt_cv_path_MAGIC_CMD+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $MAGIC_CMD in +[\\/*] | ?:[\\/]*) + lt_cv_path_MAGIC_CMD="$MAGIC_CMD" # Let the user override the test with a path. + ;; +*) + lt_save_MAGIC_CMD="$MAGIC_CMD" + lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR + ac_dummy="/usr/bin$PATH_SEPARATOR$PATH" + for ac_dir in $ac_dummy; do + IFS="$lt_save_ifs" + test -z "$ac_dir" && ac_dir=. + if test -f $ac_dir/${ac_tool_prefix}file; then + lt_cv_path_MAGIC_CMD="$ac_dir/${ac_tool_prefix}file" + if test -n "$file_magic_test_file"; then + case $deplibs_check_method in + "file_magic "*) + file_magic_regex=`expr "$deplibs_check_method" : "file_magic \(.*\)"` + MAGIC_CMD="$lt_cv_path_MAGIC_CMD" + if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null | + $EGREP "$file_magic_regex" > /dev/null; then + : + else + cat <<_LT_EOF 1>&2 + +*** Warning: the command libtool uses to detect shared libraries, +*** $file_magic_cmd, produces output that libtool cannot recognize. +*** The result is that libtool may fail to recognize shared libraries +*** as such. This will affect the creation of libtool libraries that +*** depend on shared libraries, but programs linked with such libtool +*** libraries will work regardless of this problem. Nevertheless, you +*** may want to report the problem to your system manager and/or to +*** bug-libtool@gnu.org + +_LT_EOF + fi ;; + esac + fi + break + fi + done + IFS="$lt_save_ifs" + MAGIC_CMD="$lt_save_MAGIC_CMD" + ;; +esac +fi + +MAGIC_CMD="$lt_cv_path_MAGIC_CMD" +if test -n "$MAGIC_CMD"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MAGIC_CMD" >&5 +$as_echo "$MAGIC_CMD" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + + + +if test -z "$lt_cv_path_MAGIC_CMD"; then + if test -n "$ac_tool_prefix"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for file" >&5 +$as_echo_n "checking for file... " >&6; } +if ${lt_cv_path_MAGIC_CMD+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $MAGIC_CMD in +[\\/*] | ?:[\\/]*) + lt_cv_path_MAGIC_CMD="$MAGIC_CMD" # Let the user override the test with a path. + ;; +*) + lt_save_MAGIC_CMD="$MAGIC_CMD" + lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR + ac_dummy="/usr/bin$PATH_SEPARATOR$PATH" + for ac_dir in $ac_dummy; do + IFS="$lt_save_ifs" + test -z "$ac_dir" && ac_dir=. + if test -f $ac_dir/file; then + lt_cv_path_MAGIC_CMD="$ac_dir/file" + if test -n "$file_magic_test_file"; then + case $deplibs_check_method in + "file_magic "*) + file_magic_regex=`expr "$deplibs_check_method" : "file_magic \(.*\)"` + MAGIC_CMD="$lt_cv_path_MAGIC_CMD" + if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null | + $EGREP "$file_magic_regex" > /dev/null; then + : + else + cat <<_LT_EOF 1>&2 + +*** Warning: the command libtool uses to detect shared libraries, +*** $file_magic_cmd, produces output that libtool cannot recognize. +*** The result is that libtool may fail to recognize shared libraries +*** as such. This will affect the creation of libtool libraries that +*** depend on shared libraries, but programs linked with such libtool +*** libraries will work regardless of this problem. Nevertheless, you +*** may want to report the problem to your system manager and/or to +*** bug-libtool@gnu.org + +_LT_EOF + fi ;; + esac + fi + break + fi + done + IFS="$lt_save_ifs" + MAGIC_CMD="$lt_save_MAGIC_CMD" + ;; +esac +fi + +MAGIC_CMD="$lt_cv_path_MAGIC_CMD" +if test -n "$MAGIC_CMD"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MAGIC_CMD" >&5 +$as_echo "$MAGIC_CMD" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + else + MAGIC_CMD=: + fi +fi + + fi + ;; +esac + +# Use C for the default configuration in the libtool script + +lt_save_CC="$CC" +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + + +# Source file extension for C test sources. +ac_ext=c + +# Object file extension for compiled C test sources. +objext=o +objext=$objext + +# Code to be used in simple compile tests +lt_simple_compile_test_code="int some_variable = 0;" + +# Code to be used in simple link tests +lt_simple_link_test_code='int main(){return(0);}' + + + + + + + +# If no C compiler was specified, use CC. +LTCC=${LTCC-"$CC"} + +# If no C compiler flags were specified, use CFLAGS. +LTCFLAGS=${LTCFLAGS-"$CFLAGS"} + +# Allow CC to be a program name with arguments. +compiler=$CC + +# Save the default compiler, since it gets overwritten when the other +# tags are being tested, and _LT_TAGVAR(compiler, []) is a NOP. +compiler_DEFAULT=$CC + +# save warnings/boilerplate of simple test code +ac_outfile=conftest.$ac_objext +echo "$lt_simple_compile_test_code" >conftest.$ac_ext +eval "$ac_compile" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err +_lt_compiler_boilerplate=`cat conftest.err` +$RM conftest* + +ac_outfile=conftest.$ac_objext +echo "$lt_simple_link_test_code" >conftest.$ac_ext +eval "$ac_link" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err +_lt_linker_boilerplate=`cat conftest.err` +$RM -r conftest* + + +if test -n "$compiler"; then + +lt_prog_compiler_no_builtin_flag= + +if test "$GCC" = yes; then + case $cc_basename in + nvcc*) + lt_prog_compiler_no_builtin_flag=' -Xcompiler -fno-builtin' ;; + *) + lt_prog_compiler_no_builtin_flag=' -fno-builtin' ;; + esac + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -fno-rtti -fno-exceptions" >&5 +$as_echo_n "checking if $compiler supports -fno-rtti -fno-exceptions... " >&6; } +if ${lt_cv_prog_compiler_rtti_exceptions+:} false; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_prog_compiler_rtti_exceptions=no + ac_outfile=conftest.$ac_objext + echo "$lt_simple_compile_test_code" > conftest.$ac_ext + lt_compiler_flag="-fno-rtti -fno-exceptions" + # Insert the option either (1) after the last *FLAGS variable, or + # (2) before a word containing "conftest.", or (3) at the end. + # Note that $ac_compile itself does not contain backslashes and begins + # with a dollar sign (not a hyphen), so the echo should work correctly. + # The option is referenced via a variable to avoid confusing sed. + lt_compile=`echo "$ac_compile" | $SED \ + -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ + -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ + -e 's:$: $lt_compiler_flag:'` + (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&5) + (eval "$lt_compile" 2>conftest.err) + ac_status=$? + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + if (exit $ac_status) && test -s "$ac_outfile"; then + # The compiler can only warn and ignore the option if not recognized + # So say no if there are warnings other than the usual output. + $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' >conftest.exp + $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 + if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then + lt_cv_prog_compiler_rtti_exceptions=yes + fi + fi + $RM conftest* + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_rtti_exceptions" >&5 +$as_echo "$lt_cv_prog_compiler_rtti_exceptions" >&6; } + +if test x"$lt_cv_prog_compiler_rtti_exceptions" = xyes; then + lt_prog_compiler_no_builtin_flag="$lt_prog_compiler_no_builtin_flag -fno-rtti -fno-exceptions" +else + : +fi + +fi + + + + + + + lt_prog_compiler_wl= +lt_prog_compiler_pic= +lt_prog_compiler_static= + + + if test "$GCC" = yes; then + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_static='-static' + + case $host_os in + aix*) + # All AIX code is PIC. + if test "$host_cpu" = ia64; then + # AIX 5 now supports IA64 processor + lt_prog_compiler_static='-Bstatic' + fi + ;; + + amigaos*) + case $host_cpu in + powerpc) + # see comment about AmigaOS4 .so support + lt_prog_compiler_pic='-fPIC' + ;; + m68k) + # FIXME: we need at least 68020 code to build shared libraries, but + # adding the `-m68020' flag to GCC prevents building anything better, + # like `-m68040'. + lt_prog_compiler_pic='-m68020 -resident32 -malways-restore-a4' + ;; + esac + ;; + + beos* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*) + # PIC is the default for these OSes. + ;; + + mingw* | cygwin* | pw32* | os2* | cegcc*) + # This hack is so that the source file can tell whether it is being + # built for inclusion in a dll (and should export symbols for example). + # Although the cygwin gcc ignores -fPIC, still need this for old-style + # (--disable-auto-import) libraries + lt_prog_compiler_pic='-DDLL_EXPORT' + ;; + + darwin* | rhapsody*) + # PIC is the default on this platform + # Common symbols not allowed in MH_DYLIB files + lt_prog_compiler_pic='-fno-common' + ;; + + haiku*) + # PIC is the default for Haiku. + # The "-static" flag exists, but is broken. + lt_prog_compiler_static= + ;; + + hpux*) + # PIC is the default for 64-bit PA HP-UX, but not for 32-bit + # PA HP-UX. On IA64 HP-UX, PIC is the default but the pic flag + # sets the default TLS model and affects inlining. + case $host_cpu in + hppa*64*) + # +Z the default + ;; + *) + lt_prog_compiler_pic='-fPIC' + ;; + esac + ;; + + interix[3-9]*) + # Interix 3.x gcc -fpic/-fPIC options generate broken code. + # Instead, we relocate shared libraries at runtime. + ;; + + msdosdjgpp*) + # Just because we use GCC doesn't mean we suddenly get shared libraries + # on systems that don't support them. + lt_prog_compiler_can_build_shared=no + enable_shared=no + ;; + + *nto* | *qnx*) + # QNX uses GNU C++, but need to define -shared option too, otherwise + # it will coredump. + lt_prog_compiler_pic='-fPIC -shared' + ;; + + sysv4*MP*) + if test -d /usr/nec; then + lt_prog_compiler_pic=-Kconform_pic + fi + ;; + + *) + lt_prog_compiler_pic='-fPIC' + ;; + esac + + case $cc_basename in + nvcc*) # Cuda Compiler Driver 2.2 + lt_prog_compiler_wl='-Xlinker ' + if test -n "$lt_prog_compiler_pic"; then + lt_prog_compiler_pic="-Xcompiler $lt_prog_compiler_pic" + fi + ;; + esac + else + # PORTME Check for flag to pass linker flags through the system compiler. + case $host_os in + aix*) + lt_prog_compiler_wl='-Wl,' + if test "$host_cpu" = ia64; then + # AIX 5 now supports IA64 processor + lt_prog_compiler_static='-Bstatic' + else + lt_prog_compiler_static='-bnso -bI:/lib/syscalls.exp' + fi + ;; + + mingw* | cygwin* | pw32* | os2* | cegcc*) + # This hack is so that the source file can tell whether it is being + # built for inclusion in a dll (and should export symbols for example). + lt_prog_compiler_pic='-DDLL_EXPORT' + ;; + + hpux9* | hpux10* | hpux11*) + lt_prog_compiler_wl='-Wl,' + # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but + # not for PA HP-UX. + case $host_cpu in + hppa*64*|ia64*) + # +Z the default + ;; + *) + lt_prog_compiler_pic='+Z' + ;; + esac + # Is there a better lt_prog_compiler_static that works with the bundled CC? + lt_prog_compiler_static='${wl}-a ${wl}archive' + ;; + + irix5* | irix6* | nonstopux*) + lt_prog_compiler_wl='-Wl,' + # PIC (with -KPIC) is the default. + lt_prog_compiler_static='-non_shared' + ;; + + linux* | k*bsd*-gnu | kopensolaris*-gnu) + case $cc_basename in + # old Intel for x86_64 which still supported -KPIC. + ecc*) + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_pic='-KPIC' + lt_prog_compiler_static='-static' + ;; + # icc used to be incompatible with GCC. + # ICC 10 doesn't accept -KPIC any more. + icc* | ifort*) + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_pic='-fPIC' + lt_prog_compiler_static='-static' + ;; + # Lahey Fortran 8.1. + lf95*) + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_pic='--shared' + lt_prog_compiler_static='--static' + ;; + nagfor*) + # NAG Fortran compiler + lt_prog_compiler_wl='-Wl,-Wl,,' + lt_prog_compiler_pic='-PIC' + lt_prog_compiler_static='-Bstatic' + ;; + pgcc* | pgf77* | pgf90* | pgf95* | pgfortran*) + # Portland Group compilers (*not* the Pentium gcc compiler, + # which looks to be a dead project) + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_pic='-fpic' + lt_prog_compiler_static='-Bstatic' + ;; + ccc*) + lt_prog_compiler_wl='-Wl,' + # All Alpha code is PIC. + lt_prog_compiler_static='-non_shared' + ;; + xl* | bgxl* | bgf* | mpixl*) + # IBM XL C 8.0/Fortran 10.1, 11.1 on PPC and BlueGene + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_pic='-qpic' + lt_prog_compiler_static='-qstaticlink' + ;; + *) + case `$CC -V 2>&1 | sed 5q` in + *Sun\ Ceres\ Fortran* | *Sun*Fortran*\ [1-7].* | *Sun*Fortran*\ 8.[0-3]*) + # Sun Fortran 8.3 passes all unrecognized flags to the linker + lt_prog_compiler_pic='-KPIC' + lt_prog_compiler_static='-Bstatic' + lt_prog_compiler_wl='' + ;; + *Sun\ F* | *Sun*Fortran*) + lt_prog_compiler_pic='-KPIC' + lt_prog_compiler_static='-Bstatic' + lt_prog_compiler_wl='-Qoption ld ' + ;; + *Sun\ C*) + # Sun C 5.9 + lt_prog_compiler_pic='-KPIC' + lt_prog_compiler_static='-Bstatic' + lt_prog_compiler_wl='-Wl,' + ;; + *Intel*\ [CF]*Compiler*) + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_pic='-fPIC' + lt_prog_compiler_static='-static' + ;; + *Portland\ Group*) + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_pic='-fpic' + lt_prog_compiler_static='-Bstatic' + ;; + esac + ;; + esac + ;; + + newsos6) + lt_prog_compiler_pic='-KPIC' + lt_prog_compiler_static='-Bstatic' + ;; + + *nto* | *qnx*) + # QNX uses GNU C++, but need to define -shared option too, otherwise + # it will coredump. + lt_prog_compiler_pic='-fPIC -shared' + ;; + + osf3* | osf4* | osf5*) + lt_prog_compiler_wl='-Wl,' + # All OSF/1 code is PIC. + lt_prog_compiler_static='-non_shared' + ;; + + rdos*) + lt_prog_compiler_static='-non_shared' + ;; + + solaris*) + lt_prog_compiler_pic='-KPIC' + lt_prog_compiler_static='-Bstatic' + case $cc_basename in + f77* | f90* | f95* | sunf77* | sunf90* | sunf95*) + lt_prog_compiler_wl='-Qoption ld ';; + *) + lt_prog_compiler_wl='-Wl,';; + esac + ;; + + sunos4*) + lt_prog_compiler_wl='-Qoption ld ' + lt_prog_compiler_pic='-PIC' + lt_prog_compiler_static='-Bstatic' + ;; + + sysv4 | sysv4.2uw2* | sysv4.3*) + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_pic='-KPIC' + lt_prog_compiler_static='-Bstatic' + ;; + + sysv4*MP*) + if test -d /usr/nec ;then + lt_prog_compiler_pic='-Kconform_pic' + lt_prog_compiler_static='-Bstatic' + fi + ;; + + sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*) + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_pic='-KPIC' + lt_prog_compiler_static='-Bstatic' + ;; + + unicos*) + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_can_build_shared=no + ;; + + uts4*) + lt_prog_compiler_pic='-pic' + lt_prog_compiler_static='-Bstatic' + ;; + + *) + lt_prog_compiler_can_build_shared=no + ;; + esac + fi + +case $host_os in + # For platforms which do not support PIC, -DPIC is meaningless: + *djgpp*) + lt_prog_compiler_pic= + ;; + *) + lt_prog_compiler_pic="$lt_prog_compiler_pic -DPIC" + ;; +esac + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $compiler option to produce PIC" >&5 +$as_echo_n "checking for $compiler option to produce PIC... " >&6; } +if ${lt_cv_prog_compiler_pic+:} false; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_prog_compiler_pic=$lt_prog_compiler_pic +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_pic" >&5 +$as_echo "$lt_cv_prog_compiler_pic" >&6; } +lt_prog_compiler_pic=$lt_cv_prog_compiler_pic + +# +# Check to make sure the PIC flag actually works. +# +if test -n "$lt_prog_compiler_pic"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler PIC flag $lt_prog_compiler_pic works" >&5 +$as_echo_n "checking if $compiler PIC flag $lt_prog_compiler_pic works... " >&6; } +if ${lt_cv_prog_compiler_pic_works+:} false; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_prog_compiler_pic_works=no + ac_outfile=conftest.$ac_objext + echo "$lt_simple_compile_test_code" > conftest.$ac_ext + lt_compiler_flag="$lt_prog_compiler_pic -DPIC" + # Insert the option either (1) after the last *FLAGS variable, or + # (2) before a word containing "conftest.", or (3) at the end. + # Note that $ac_compile itself does not contain backslashes and begins + # with a dollar sign (not a hyphen), so the echo should work correctly. + # The option is referenced via a variable to avoid confusing sed. + lt_compile=`echo "$ac_compile" | $SED \ + -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ + -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ + -e 's:$: $lt_compiler_flag:'` + (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&5) + (eval "$lt_compile" 2>conftest.err) + ac_status=$? + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + if (exit $ac_status) && test -s "$ac_outfile"; then + # The compiler can only warn and ignore the option if not recognized + # So say no if there are warnings other than the usual output. + $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' >conftest.exp + $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 + if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then + lt_cv_prog_compiler_pic_works=yes + fi + fi + $RM conftest* + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_pic_works" >&5 +$as_echo "$lt_cv_prog_compiler_pic_works" >&6; } + +if test x"$lt_cv_prog_compiler_pic_works" = xyes; then + case $lt_prog_compiler_pic in + "" | " "*) ;; + *) lt_prog_compiler_pic=" $lt_prog_compiler_pic" ;; + esac +else + lt_prog_compiler_pic= + lt_prog_compiler_can_build_shared=no +fi + +fi + + + + + + + + + + + +# +# Check to make sure the static flag actually works. +# +wl=$lt_prog_compiler_wl eval lt_tmp_static_flag=\"$lt_prog_compiler_static\" +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler static flag $lt_tmp_static_flag works" >&5 +$as_echo_n "checking if $compiler static flag $lt_tmp_static_flag works... " >&6; } +if ${lt_cv_prog_compiler_static_works+:} false; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_prog_compiler_static_works=no + save_LDFLAGS="$LDFLAGS" + LDFLAGS="$LDFLAGS $lt_tmp_static_flag" + echo "$lt_simple_link_test_code" > conftest.$ac_ext + if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then + # The linker can only warn and ignore the option if not recognized + # So say no if there are warnings + if test -s conftest.err; then + # Append any errors to the config.log. + cat conftest.err 1>&5 + $ECHO "$_lt_linker_boilerplate" | $SED '/^$/d' > conftest.exp + $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 + if diff conftest.exp conftest.er2 >/dev/null; then + lt_cv_prog_compiler_static_works=yes + fi + else + lt_cv_prog_compiler_static_works=yes + fi + fi + $RM -r conftest* + LDFLAGS="$save_LDFLAGS" + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_static_works" >&5 +$as_echo "$lt_cv_prog_compiler_static_works" >&6; } + +if test x"$lt_cv_prog_compiler_static_works" = xyes; then + : +else + lt_prog_compiler_static= +fi + + + + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -c -o file.$ac_objext" >&5 +$as_echo_n "checking if $compiler supports -c -o file.$ac_objext... " >&6; } +if ${lt_cv_prog_compiler_c_o+:} false; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_prog_compiler_c_o=no + $RM -r conftest 2>/dev/null + mkdir conftest + cd conftest + mkdir out + echo "$lt_simple_compile_test_code" > conftest.$ac_ext + + lt_compiler_flag="-o out/conftest2.$ac_objext" + # Insert the option either (1) after the last *FLAGS variable, or + # (2) before a word containing "conftest.", or (3) at the end. + # Note that $ac_compile itself does not contain backslashes and begins + # with a dollar sign (not a hyphen), so the echo should work correctly. + lt_compile=`echo "$ac_compile" | $SED \ + -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ + -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ + -e 's:$: $lt_compiler_flag:'` + (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&5) + (eval "$lt_compile" 2>out/conftest.err) + ac_status=$? + cat out/conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + if (exit $ac_status) && test -s out/conftest2.$ac_objext + then + # The compiler can only warn and ignore the option if not recognized + # So say no if there are warnings + $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' > out/conftest.exp + $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2 + if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then + lt_cv_prog_compiler_c_o=yes + fi + fi + chmod u+w . 2>&5 + $RM conftest* + # SGI C++ compiler will create directory out/ii_files/ for + # template instantiation + test -d out/ii_files && $RM out/ii_files/* && rmdir out/ii_files + $RM out/* && rmdir out + cd .. + $RM -r conftest + $RM conftest* + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_c_o" >&5 +$as_echo "$lt_cv_prog_compiler_c_o" >&6; } + + + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -c -o file.$ac_objext" >&5 +$as_echo_n "checking if $compiler supports -c -o file.$ac_objext... " >&6; } +if ${lt_cv_prog_compiler_c_o+:} false; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_prog_compiler_c_o=no + $RM -r conftest 2>/dev/null + mkdir conftest + cd conftest + mkdir out + echo "$lt_simple_compile_test_code" > conftest.$ac_ext + + lt_compiler_flag="-o out/conftest2.$ac_objext" + # Insert the option either (1) after the last *FLAGS variable, or + # (2) before a word containing "conftest.", or (3) at the end. + # Note that $ac_compile itself does not contain backslashes and begins + # with a dollar sign (not a hyphen), so the echo should work correctly. + lt_compile=`echo "$ac_compile" | $SED \ + -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ + -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ + -e 's:$: $lt_compiler_flag:'` + (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&5) + (eval "$lt_compile" 2>out/conftest.err) + ac_status=$? + cat out/conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + if (exit $ac_status) && test -s out/conftest2.$ac_objext + then + # The compiler can only warn and ignore the option if not recognized + # So say no if there are warnings + $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' > out/conftest.exp + $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2 + if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then + lt_cv_prog_compiler_c_o=yes + fi + fi + chmod u+w . 2>&5 + $RM conftest* + # SGI C++ compiler will create directory out/ii_files/ for + # template instantiation + test -d out/ii_files && $RM out/ii_files/* && rmdir out/ii_files + $RM out/* && rmdir out + cd .. + $RM -r conftest + $RM conftest* + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_c_o" >&5 +$as_echo "$lt_cv_prog_compiler_c_o" >&6; } + + + + +hard_links="nottested" +if test "$lt_cv_prog_compiler_c_o" = no && test "$need_locks" != no; then + # do not overwrite the value of need_locks provided by the user + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if we can lock with hard links" >&5 +$as_echo_n "checking if we can lock with hard links... " >&6; } + hard_links=yes + $RM conftest* + ln conftest.a conftest.b 2>/dev/null && hard_links=no + touch conftest.a + ln conftest.a conftest.b 2>&5 || hard_links=no + ln conftest.a conftest.b 2>/dev/null && hard_links=no + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $hard_links" >&5 +$as_echo "$hard_links" >&6; } + if test "$hard_links" = no; then + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&5 +$as_echo "$as_me: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&2;} + need_locks=warn + fi +else + need_locks=no +fi + + + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the $compiler linker ($LD) supports shared libraries" >&5 +$as_echo_n "checking whether the $compiler linker ($LD) supports shared libraries... " >&6; } + + runpath_var= + allow_undefined_flag= + always_export_symbols=no + archive_cmds= + archive_expsym_cmds= + compiler_needs_object=no + enable_shared_with_static_runtimes=no + export_dynamic_flag_spec= + export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols' + hardcode_automatic=no + hardcode_direct=no + hardcode_direct_absolute=no + hardcode_libdir_flag_spec= + hardcode_libdir_separator= + hardcode_minus_L=no + hardcode_shlibpath_var=unsupported + inherit_rpath=no + link_all_deplibs=unknown + module_cmds= + module_expsym_cmds= + old_archive_from_new_cmds= + old_archive_from_expsyms_cmds= + thread_safe_flag_spec= + whole_archive_flag_spec= + # include_expsyms should be a list of space-separated symbols to be *always* + # included in the symbol list + include_expsyms= + # exclude_expsyms can be an extended regexp of symbols to exclude + # it will be wrapped by ` (' and `)$', so one must not match beginning or + # end of line. Example: `a|bc|.*d.*' will exclude the symbols `a' and `bc', + # as well as any symbol that contains `d'. + exclude_expsyms='_GLOBAL_OFFSET_TABLE_|_GLOBAL__F[ID]_.*' + # Although _GLOBAL_OFFSET_TABLE_ is a valid symbol C name, most a.out + # platforms (ab)use it in PIC code, but their linkers get confused if + # the symbol is explicitly referenced. Since portable code cannot + # rely on this symbol name, it's probably fine to never include it in + # preloaded symbol tables. + # Exclude shared library initialization/finalization symbols. + extract_expsyms_cmds= + + case $host_os in + cygwin* | mingw* | pw32* | cegcc*) + # FIXME: the MSVC++ port hasn't been tested in a loooong time + # When not using gcc, we currently assume that we are using + # Microsoft Visual C++. + if test "$GCC" != yes; then + with_gnu_ld=no + fi + ;; + interix*) + # we just hope/assume this is gcc and not c89 (= MSVC++) + with_gnu_ld=yes + ;; + openbsd*) + with_gnu_ld=no + ;; + esac + + ld_shlibs=yes + + # On some targets, GNU ld is compatible enough with the native linker + # that we're better off using the native interface for both. + lt_use_gnu_ld_interface=no + if test "$with_gnu_ld" = yes; then + case $host_os in + aix*) + # The AIX port of GNU ld has always aspired to compatibility + # with the native linker. However, as the warning in the GNU ld + # block says, versions before 2.19.5* couldn't really create working + # shared libraries, regardless of the interface used. + case `$LD -v 2>&1` in + *\ \(GNU\ Binutils\)\ 2.19.5*) ;; + *\ \(GNU\ Binutils\)\ 2.[2-9]*) ;; + *\ \(GNU\ Binutils\)\ [3-9]*) ;; + *) + lt_use_gnu_ld_interface=yes + ;; + esac + ;; + *) + lt_use_gnu_ld_interface=yes + ;; + esac + fi + + if test "$lt_use_gnu_ld_interface" = yes; then + # If archive_cmds runs LD, not CC, wlarc should be empty + wlarc='${wl}' + + # Set some defaults for GNU ld with shared library support. These + # are reset later if shared libraries are not supported. Putting them + # here allows them to be overridden if necessary. + runpath_var=LD_RUN_PATH + hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir' + export_dynamic_flag_spec='${wl}--export-dynamic' + # ancient GNU ld didn't support --whole-archive et. al. + if $LD --help 2>&1 | $GREP 'no-whole-archive' > /dev/null; then + whole_archive_flag_spec="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive' + else + whole_archive_flag_spec= + fi + supports_anon_versioning=no + case `$LD -v 2>&1` in + *GNU\ gold*) supports_anon_versioning=yes ;; + *\ [01].* | *\ 2.[0-9].* | *\ 2.10.*) ;; # catch versions < 2.11 + *\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ... + *\ 2.11.92.0.12\ *) supports_anon_versioning=yes ;; # Mandrake 8.2 ... + *\ 2.11.*) ;; # other 2.11 versions + *) supports_anon_versioning=yes ;; + esac + + # See if GNU ld supports shared libraries. + case $host_os in + aix[3-9]*) + # On AIX/PPC, the GNU linker is very broken + if test "$host_cpu" != ia64; then + ld_shlibs=no + cat <<_LT_EOF 1>&2 + +*** Warning: the GNU linker, at least up to release 2.19, is reported +*** to be unable to reliably create shared libraries on AIX. +*** Therefore, libtool is disabling shared libraries support. If you +*** really care for shared libraries, you may want to install binutils +*** 2.20 or above, or modify your PATH so that a non-GNU linker is found. +*** You will then need to restart the configuration process. + +_LT_EOF + fi + ;; + + amigaos*) + case $host_cpu in + powerpc) + # see comment about AmigaOS4 .so support + archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + archive_expsym_cmds='' + ;; + m68k) + archive_cmds='$RM $output_objdir/a2ixlibrary.data~$ECHO "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$ECHO "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$ECHO "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$ECHO "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)' + hardcode_libdir_flag_spec='-L$libdir' + hardcode_minus_L=yes + ;; + esac + ;; + + beos*) + if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then + allow_undefined_flag=unsupported + # Joseph Beckenbach says some releases of gcc + # support --undefined. This deserves some investigation. FIXME + archive_cmds='$CC -nostart $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + else + ld_shlibs=no + fi + ;; + + cygwin* | mingw* | pw32* | cegcc*) + # _LT_TAGVAR(hardcode_libdir_flag_spec, ) is actually meaningless, + # as there is no search path for DLLs. + hardcode_libdir_flag_spec='-L$libdir' + export_dynamic_flag_spec='${wl}--export-all-symbols' + allow_undefined_flag=unsupported + always_export_symbols=no + enable_shared_with_static_runtimes=yes + export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGRS][ ]/s/.*[ ]\([^ ]*\)/\1 DATA/;s/^.*[ ]__nm__\([^ ]*\)[ ][^ ]*/\1 DATA/;/^I[ ]/d;/^[AITW][ ]/s/.* //'\'' | sort | uniq > $export_symbols' + exclude_expsyms='[_]+GLOBAL_OFFSET_TABLE_|[_]+GLOBAL__[FID]_.*|[_]+head_[A-Za-z0-9_]+_dll|[A-Za-z0-9_]+_dll_iname' + + if $LD --help 2>&1 | $GREP 'auto-import' > /dev/null; then + archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' + # If the export-symbols file already is a .def file (1st line + # is EXPORTS), use it as is; otherwise, prepend... + archive_expsym_cmds='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then + cp $export_symbols $output_objdir/$soname.def; + else + echo EXPORTS > $output_objdir/$soname.def; + cat $export_symbols >> $output_objdir/$soname.def; + fi~ + $CC -shared $output_objdir/$soname.def $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' + else + ld_shlibs=no + fi + ;; + + haiku*) + archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + link_all_deplibs=yes + ;; + + interix[3-9]*) + hardcode_direct=no + hardcode_shlibpath_var=no + hardcode_libdir_flag_spec='${wl}-rpath,$libdir' + export_dynamic_flag_spec='${wl}-E' + # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc. + # Instead, shared libraries are loaded at an image base (0x10000000 by + # default) and relocated if they conflict, which is a slow very memory + # consuming and fragmenting process. To avoid this, we pick a random, + # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link + # time. Moving up from 0x10000000 also allows more sbrk(2) space. + archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' + archive_expsym_cmds='sed "s,^,_," $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--retain-symbols-file,$output_objdir/$soname.expsym ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' + ;; + + gnu* | linux* | tpf* | k*bsd*-gnu | kopensolaris*-gnu) + tmp_diet=no + if test "$host_os" = linux-dietlibc; then + case $cc_basename in + diet\ *) tmp_diet=yes;; # linux-dietlibc with static linking (!diet-dyn) + esac + fi + if $LD --help 2>&1 | $EGREP ': supported targets:.* elf' > /dev/null \ + && test "$tmp_diet" = no + then + tmp_addflag=' $pic_flag' + tmp_sharedflag='-shared' + case $cc_basename,$host_cpu in + pgcc*) # Portland Group C compiler + whole_archive_flag_spec='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` ${wl}--no-whole-archive' + tmp_addflag=' $pic_flag' + ;; + pgf77* | pgf90* | pgf95* | pgfortran*) + # Portland Group f77 and f90 compilers + whole_archive_flag_spec='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` ${wl}--no-whole-archive' + tmp_addflag=' $pic_flag -Mnomain' ;; + ecc*,ia64* | icc*,ia64*) # Intel C compiler on ia64 + tmp_addflag=' -i_dynamic' ;; + efc*,ia64* | ifort*,ia64*) # Intel Fortran compiler on ia64 + tmp_addflag=' -i_dynamic -nofor_main' ;; + ifc* | ifort*) # Intel Fortran compiler + tmp_addflag=' -nofor_main' ;; + lf95*) # Lahey Fortran 8.1 + whole_archive_flag_spec= + tmp_sharedflag='--shared' ;; + xl[cC]* | bgxl[cC]* | mpixl[cC]*) # IBM XL C 8.0 on PPC (deal with xlf below) + tmp_sharedflag='-qmkshrobj' + tmp_addflag= ;; + nvcc*) # Cuda Compiler Driver 2.2 + whole_archive_flag_spec='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` ${wl}--no-whole-archive' + compiler_needs_object=yes + ;; + esac + case `$CC -V 2>&1 | sed 5q` in + *Sun\ C*) # Sun C 5.9 + whole_archive_flag_spec='${wl}--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` ${wl}--no-whole-archive' + compiler_needs_object=yes + tmp_sharedflag='-G' ;; + *Sun\ F*) # Sun Fortran 8.3 + tmp_sharedflag='-G' ;; + esac + archive_cmds='$CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + + if test "x$supports_anon_versioning" = xyes; then + archive_expsym_cmds='echo "{ global:" > $output_objdir/$libname.ver~ + cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ + echo "local: *; };" >> $output_objdir/$libname.ver~ + $CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-version-script ${wl}$output_objdir/$libname.ver -o $lib' + fi + + case $cc_basename in + xlf* | bgf* | bgxlf* | mpixlf*) + # IBM XL Fortran 10.1 on PPC cannot create shared libs itself + whole_archive_flag_spec='--whole-archive$convenience --no-whole-archive' + hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir' + archive_cmds='$LD -shared $libobjs $deplibs $linker_flags -soname $soname -o $lib' + if test "x$supports_anon_versioning" = xyes; then + archive_expsym_cmds='echo "{ global:" > $output_objdir/$libname.ver~ + cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ + echo "local: *; };" >> $output_objdir/$libname.ver~ + $LD -shared $libobjs $deplibs $linker_flags -soname $soname -version-script $output_objdir/$libname.ver -o $lib' + fi + ;; + esac + else + ld_shlibs=no + fi + ;; + + netbsd*) + if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then + archive_cmds='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib' + wlarc= + else + archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' + fi + ;; + + solaris*) + if $LD -v 2>&1 | $GREP 'BFD 2\.8' > /dev/null; then + ld_shlibs=no + cat <<_LT_EOF 1>&2 + +*** Warning: The releases 2.8.* of the GNU linker cannot reliably +*** create shared libraries on Solaris systems. Therefore, libtool +*** is disabling shared libraries support. We urge you to upgrade GNU +*** binutils to release 2.9.1 or newer. Another option is to modify +*** your PATH or compiler configuration so that the native linker is +*** used, and then restart. + +_LT_EOF + elif $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then + archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' + else + ld_shlibs=no + fi + ;; + + sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX*) + case `$LD -v 2>&1` in + *\ [01].* | *\ 2.[0-9].* | *\ 2.1[0-5].*) + ld_shlibs=no + cat <<_LT_EOF 1>&2 + +*** Warning: Releases of the GNU linker prior to 2.16.91.0.3 can not +*** reliably create shared libraries on SCO systems. Therefore, libtool +*** is disabling shared libraries support. We urge you to upgrade GNU +*** binutils to release 2.16.91.0.3 or newer. Another option is to modify +*** your PATH or compiler configuration so that the native linker is +*** used, and then restart. + +_LT_EOF + ;; + *) + # For security reasons, it is highly recommended that you always + # use absolute paths for naming shared libraries, and exclude the + # DT_RUNPATH tag from executables and libraries. But doing so + # requires that you compile everything twice, which is a pain. + if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then + hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir' + archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' + else + ld_shlibs=no + fi + ;; + esac + ;; + + sunos4*) + archive_cmds='$LD -assert pure-text -Bshareable -o $lib $libobjs $deplibs $linker_flags' + wlarc= + hardcode_direct=yes + hardcode_shlibpath_var=no + ;; + + *) + if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then + archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' + else + ld_shlibs=no + fi + ;; + esac + + if test "$ld_shlibs" = no; then + runpath_var= + hardcode_libdir_flag_spec= + export_dynamic_flag_spec= + whole_archive_flag_spec= + fi + else + # PORTME fill in a description of your system's linker (not GNU ld) + case $host_os in + aix3*) + allow_undefined_flag=unsupported + always_export_symbols=yes + archive_expsym_cmds='$LD -o $output_objdir/$soname $libobjs $deplibs $linker_flags -bE:$export_symbols -T512 -H512 -bM:SRE~$AR $AR_FLAGS $lib $output_objdir/$soname' + # Note: this linker hardcodes the directories in LIBPATH if there + # are no directories specified by -L. + hardcode_minus_L=yes + if test "$GCC" = yes && test -z "$lt_prog_compiler_static"; then + # Neither direct hardcoding nor static linking is supported with a + # broken collect2. + hardcode_direct=unsupported + fi + ;; + + aix[4-9]*) + if test "$host_cpu" = ia64; then + # On IA64, the linker does run time linking by default, so we don't + # have to do anything special. + aix_use_runtimelinking=no + exp_sym_flag='-Bexport' + no_entry_flag="" + else + # If we're using GNU nm, then we don't want the "-C" option. + # -C means demangle to AIX nm, but means don't demangle with GNU nm + # Also, AIX nm treats weak defined symbols like other global + # defined symbols, whereas GNU nm marks them as "W". + if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then + export_symbols_cmds='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W")) && (substr(\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols' + else + export_symbols_cmds='$NM -BCpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B")) && (substr(\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols' + fi + aix_use_runtimelinking=no + + # Test if we are trying to use run time linking or normal + # AIX style linking. If -brtl is somewhere in LDFLAGS, we + # need to do runtime linking. + case $host_os in aix4.[23]|aix4.[23].*|aix[5-9]*) + for ld_flag in $LDFLAGS; do + if (test $ld_flag = "-brtl" || test $ld_flag = "-Wl,-brtl"); then + aix_use_runtimelinking=yes + break + fi + done + ;; + esac + + exp_sym_flag='-bexport' + no_entry_flag='-bnoentry' + fi + + # When large executables or shared objects are built, AIX ld can + # have problems creating the table of contents. If linking a library + # or program results in "error TOC overflow" add -mminimal-toc to + # CXXFLAGS/CFLAGS for g++/gcc. In the cases where that is not + # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS. + + archive_cmds='' + hardcode_direct=yes + hardcode_direct_absolute=yes + hardcode_libdir_separator=':' + link_all_deplibs=yes + file_list_spec='${wl}-f,' + + if test "$GCC" = yes; then + case $host_os in aix4.[012]|aix4.[012].*) + # We only want to do this on AIX 4.2 and lower, the check + # below for broken collect2 doesn't work under 4.3+ + collect2name=`${CC} -print-prog-name=collect2` + if test -f "$collect2name" && + strings "$collect2name" | $GREP resolve_lib_name >/dev/null + then + # We have reworked collect2 + : + else + # We have old collect2 + hardcode_direct=unsupported + # It fails to find uninstalled libraries when the uninstalled + # path is not listed in the libpath. Setting hardcode_minus_L + # to unsupported forces relinking + hardcode_minus_L=yes + hardcode_libdir_flag_spec='-L$libdir' + hardcode_libdir_separator= + fi + ;; + esac + shared_flag='-shared' + if test "$aix_use_runtimelinking" = yes; then + shared_flag="$shared_flag "'${wl}-G' + fi + else + # not using gcc + if test "$host_cpu" = ia64; then + # VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release + # chokes on -Wl,-G. The following line is correct: + shared_flag='-G' + else + if test "$aix_use_runtimelinking" = yes; then + shared_flag='${wl}-G' + else + shared_flag='${wl}-bM:SRE' + fi + fi + fi + + export_dynamic_flag_spec='${wl}-bexpall' + # It seems that -bexpall does not export symbols beginning with + # underscore (_), so it is better to generate a list of symbols to export. + always_export_symbols=yes + if test "$aix_use_runtimelinking" = yes; then + # Warning - without using the other runtime loading flags (-brtl), + # -berok will link without error, but may produce a broken library. + allow_undefined_flag='-berok' + # Determine the default libpath from the value encoded in an + # empty executable. + if test "${lt_cv_aix_libpath+set}" = set; then + aix_libpath=$lt_cv_aix_libpath +else + if ${lt_cv_aix_libpath_+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + + lt_aix_libpath_sed=' + /Import File Strings/,/^$/ { + /^0/ { + s/^0 *\([^ ]*\) *$/\1/ + p + } + }' + lt_cv_aix_libpath_=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` + # Check for a 64-bit object if we didn't find anything. + if test -z "$lt_cv_aix_libpath_"; then + lt_cv_aix_libpath_=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` + fi +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + if test -z "$lt_cv_aix_libpath_"; then + lt_cv_aix_libpath_="/usr/lib:/lib" + fi + +fi + + aix_libpath=$lt_cv_aix_libpath_ +fi + + hardcode_libdir_flag_spec='${wl}-blibpath:$libdir:'"$aix_libpath" + archive_expsym_cmds='$CC -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then func_echo_all "${wl}${allow_undefined_flag}"; else :; fi` '"\${wl}$exp_sym_flag:\$export_symbols $shared_flag" + else + if test "$host_cpu" = ia64; then + hardcode_libdir_flag_spec='${wl}-R $libdir:/usr/lib:/lib' + allow_undefined_flag="-z nodefs" + archive_expsym_cmds="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags ${wl}${allow_undefined_flag} '"\${wl}$exp_sym_flag:\$export_symbols" + else + # Determine the default libpath from the value encoded in an + # empty executable. + if test "${lt_cv_aix_libpath+set}" = set; then + aix_libpath=$lt_cv_aix_libpath +else + if ${lt_cv_aix_libpath_+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + + lt_aix_libpath_sed=' + /Import File Strings/,/^$/ { + /^0/ { + s/^0 *\([^ ]*\) *$/\1/ + p + } + }' + lt_cv_aix_libpath_=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` + # Check for a 64-bit object if we didn't find anything. + if test -z "$lt_cv_aix_libpath_"; then + lt_cv_aix_libpath_=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` + fi +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + if test -z "$lt_cv_aix_libpath_"; then + lt_cv_aix_libpath_="/usr/lib:/lib" + fi + +fi + + aix_libpath=$lt_cv_aix_libpath_ +fi + + hardcode_libdir_flag_spec='${wl}-blibpath:$libdir:'"$aix_libpath" + # Warning - without using the other run time loading flags, + # -berok will link without error, but may produce a broken library. + no_undefined_flag=' ${wl}-bernotok' + allow_undefined_flag=' ${wl}-berok' + if test "$with_gnu_ld" = yes; then + # We only use this code for GNU lds that support --whole-archive. + whole_archive_flag_spec='${wl}--whole-archive$convenience ${wl}--no-whole-archive' + else + # Exported symbols can be pulled into shared objects from archives + whole_archive_flag_spec='$convenience' + fi + archive_cmds_need_lc=yes + # This is similar to how AIX traditionally builds its shared libraries. + archive_expsym_cmds="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs ${wl}-bnoentry $compiler_flags ${wl}-bE:$export_symbols${allow_undefined_flag}~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$soname' + fi + fi + ;; + + amigaos*) + case $host_cpu in + powerpc) + # see comment about AmigaOS4 .so support + archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' + archive_expsym_cmds='' + ;; + m68k) + archive_cmds='$RM $output_objdir/a2ixlibrary.data~$ECHO "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$ECHO "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$ECHO "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$ECHO "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)' + hardcode_libdir_flag_spec='-L$libdir' + hardcode_minus_L=yes + ;; + esac + ;; + + bsdi[45]*) + export_dynamic_flag_spec=-rdynamic + ;; + + cygwin* | mingw* | pw32* | cegcc*) + # When not using gcc, we currently assume that we are using + # Microsoft Visual C++. + # hardcode_libdir_flag_spec is actually meaningless, as there is + # no search path for DLLs. + case $cc_basename in + cl*) + # Native MSVC + hardcode_libdir_flag_spec=' ' + allow_undefined_flag=unsupported + always_export_symbols=yes + file_list_spec='@' + # Tell ltmain to make .lib files, not .a files. + libext=lib + # Tell ltmain to make .dll files, not .so files. + shrext_cmds=".dll" + # FIXME: Setting linknames here is a bad hack. + archive_cmds='$CC -o $output_objdir/$soname $libobjs $compiler_flags $deplibs -Wl,-dll~linknames=' + archive_expsym_cmds='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then + sed -n -e 's/\\\\\\\(.*\\\\\\\)/-link\\\ -EXPORT:\\\\\\\1/' -e '1\\\!p' < $export_symbols > $output_objdir/$soname.exp; + else + sed -e 's/\\\\\\\(.*\\\\\\\)/-link\\\ -EXPORT:\\\\\\\1/' < $export_symbols > $output_objdir/$soname.exp; + fi~ + $CC -o $tool_output_objdir$soname $libobjs $compiler_flags $deplibs "@$tool_output_objdir$soname.exp" -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~ + linknames=' + # The linker will not automatically build a static lib if we build a DLL. + # _LT_TAGVAR(old_archive_from_new_cmds, )='true' + enable_shared_with_static_runtimes=yes + exclude_expsyms='_NULL_IMPORT_DESCRIPTOR|_IMPORT_DESCRIPTOR_.*' + export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGRS][ ]/s/.*[ ]\([^ ]*\)/\1,DATA/'\'' | $SED -e '\''/^[AITW][ ]/s/.*[ ]//'\'' | sort | uniq > $export_symbols' + # Don't use ranlib + old_postinstall_cmds='chmod 644 $oldlib' + postlink_cmds='lt_outputfile="@OUTPUT@"~ + lt_tool_outputfile="@TOOL_OUTPUT@"~ + case $lt_outputfile in + *.exe|*.EXE) ;; + *) + lt_outputfile="$lt_outputfile.exe" + lt_tool_outputfile="$lt_tool_outputfile.exe" + ;; + esac~ + if test "$MANIFEST_TOOL" != ":" && test -f "$lt_outputfile.manifest"; then + $MANIFEST_TOOL -manifest "$lt_tool_outputfile.manifest" -outputresource:"$lt_tool_outputfile" || exit 1; + $RM "$lt_outputfile.manifest"; + fi' + ;; + *) + # Assume MSVC wrapper + hardcode_libdir_flag_spec=' ' + allow_undefined_flag=unsupported + # Tell ltmain to make .lib files, not .a files. + libext=lib + # Tell ltmain to make .dll files, not .so files. + shrext_cmds=".dll" + # FIXME: Setting linknames here is a bad hack. + archive_cmds='$CC -o $lib $libobjs $compiler_flags `func_echo_all "$deplibs" | $SED '\''s/ -lc$//'\''` -link -dll~linknames=' + # The linker will automatically build a .lib file if we build a DLL. + old_archive_from_new_cmds='true' + # FIXME: Should let the user specify the lib program. + old_archive_cmds='lib -OUT:$oldlib$oldobjs$old_deplibs' + enable_shared_with_static_runtimes=yes + ;; + esac + ;; + + darwin* | rhapsody*) + + + archive_cmds_need_lc=no + hardcode_direct=no + hardcode_automatic=yes + hardcode_shlibpath_var=unsupported + if test "$lt_cv_ld_force_load" = "yes"; then + whole_archive_flag_spec='`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience ${wl}-force_load,$conv\"; done; func_echo_all \"$new_convenience\"`' + + else + whole_archive_flag_spec='' + fi + link_all_deplibs=yes + allow_undefined_flag="$_lt_dar_allow_undefined" + case $cc_basename in + ifort*) _lt_dar_can_shared=yes ;; + *) _lt_dar_can_shared=$GCC ;; + esac + if test "$_lt_dar_can_shared" = "yes"; then + output_verbose_link_cmd=func_echo_all + archive_cmds="\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod${_lt_dsymutil}" + module_cmds="\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags${_lt_dsymutil}" + archive_expsym_cmds="sed 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring ${_lt_dar_single_mod}${_lt_dar_export_syms}${_lt_dsymutil}" + module_expsym_cmds="sed -e 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags${_lt_dar_export_syms}${_lt_dsymutil}" + + else + ld_shlibs=no + fi + + ;; + + dgux*) + archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' + hardcode_libdir_flag_spec='-L$libdir' + hardcode_shlibpath_var=no + ;; + + # FreeBSD 2.2.[012] allows us to include c++rt0.o to get C++ constructor + # support. Future versions do this automatically, but an explicit c++rt0.o + # does not break anything, and helps significantly (at the cost of a little + # extra space). + freebsd2.2*) + archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags /usr/lib/c++rt0.o' + hardcode_libdir_flag_spec='-R$libdir' + hardcode_direct=yes + hardcode_shlibpath_var=no + ;; + + # Unfortunately, older versions of FreeBSD 2 do not have this feature. + freebsd2.*) + archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' + hardcode_direct=yes + hardcode_minus_L=yes + hardcode_shlibpath_var=no + ;; + + # FreeBSD 3 and greater uses gcc -shared to do shared libraries. + freebsd* | dragonfly*) + archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' + hardcode_libdir_flag_spec='-R$libdir' + hardcode_direct=yes + hardcode_shlibpath_var=no + ;; + + hpux9*) + if test "$GCC" = yes; then + archive_cmds='$RM $output_objdir/$soname~$CC -shared $pic_flag ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $libobjs $deplibs $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib' + else + archive_cmds='$RM $output_objdir/$soname~$LD -b +b $install_libdir -o $output_objdir/$soname $libobjs $deplibs $linker_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib' + fi + hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir' + hardcode_libdir_separator=: + hardcode_direct=yes + + # hardcode_minus_L: Not really in the search PATH, + # but as the default location of the library. + hardcode_minus_L=yes + export_dynamic_flag_spec='${wl}-E' + ;; + + hpux10*) + if test "$GCC" = yes && test "$with_gnu_ld" = no; then + archive_cmds='$CC -shared $pic_flag ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags' + else + archive_cmds='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags' + fi + if test "$with_gnu_ld" = no; then + hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir' + hardcode_libdir_separator=: + hardcode_direct=yes + hardcode_direct_absolute=yes + export_dynamic_flag_spec='${wl}-E' + # hardcode_minus_L: Not really in the search PATH, + # but as the default location of the library. + hardcode_minus_L=yes + fi + ;; + + hpux11*) + if test "$GCC" = yes && test "$with_gnu_ld" = no; then + case $host_cpu in + hppa*64*) + archive_cmds='$CC -shared ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags' + ;; + ia64*) + archive_cmds='$CC -shared $pic_flag ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags' + ;; + *) + archive_cmds='$CC -shared $pic_flag ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags' + ;; + esac + else + case $host_cpu in + hppa*64*) + archive_cmds='$CC -b ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags' + ;; + ia64*) + archive_cmds='$CC -b ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags' + ;; + *) + + # Older versions of the 11.00 compiler do not understand -b yet + # (HP92453-01 A.11.01.20 doesn't, HP92453-01 B.11.X.35175-35176.GP does) + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC understands -b" >&5 +$as_echo_n "checking if $CC understands -b... " >&6; } +if ${lt_cv_prog_compiler__b+:} false; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_prog_compiler__b=no + save_LDFLAGS="$LDFLAGS" + LDFLAGS="$LDFLAGS -b" + echo "$lt_simple_link_test_code" > conftest.$ac_ext + if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then + # The linker can only warn and ignore the option if not recognized + # So say no if there are warnings + if test -s conftest.err; then + # Append any errors to the config.log. + cat conftest.err 1>&5 + $ECHO "$_lt_linker_boilerplate" | $SED '/^$/d' > conftest.exp + $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 + if diff conftest.exp conftest.er2 >/dev/null; then + lt_cv_prog_compiler__b=yes + fi + else + lt_cv_prog_compiler__b=yes + fi + fi + $RM -r conftest* + LDFLAGS="$save_LDFLAGS" + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler__b" >&5 +$as_echo "$lt_cv_prog_compiler__b" >&6; } + +if test x"$lt_cv_prog_compiler__b" = xyes; then + archive_cmds='$CC -b ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags' +else + archive_cmds='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags' +fi + + ;; + esac + fi + if test "$with_gnu_ld" = no; then + hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir' + hardcode_libdir_separator=: + + case $host_cpu in + hppa*64*|ia64*) + hardcode_direct=no + hardcode_shlibpath_var=no + ;; + *) + hardcode_direct=yes + hardcode_direct_absolute=yes + export_dynamic_flag_spec='${wl}-E' + + # hardcode_minus_L: Not really in the search PATH, + # but as the default location of the library. + hardcode_minus_L=yes + ;; + esac + fi + ;; + + irix5* | irix6* | nonstopux*) + if test "$GCC" = yes; then + archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' + # Try to use the -exported_symbol ld option, if it does not + # work, assume that -exports_file does not work either and + # implicitly export all symbols. + # This should be the same for all languages, so no per-tag cache variable. + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the $host_os linker accepts -exported_symbol" >&5 +$as_echo_n "checking whether the $host_os linker accepts -exported_symbol... " >&6; } +if ${lt_cv_irix_exported_symbol+:} false; then : + $as_echo_n "(cached) " >&6 +else + save_LDFLAGS="$LDFLAGS" + LDFLAGS="$LDFLAGS -shared ${wl}-exported_symbol ${wl}foo ${wl}-update_registry ${wl}/dev/null" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +int foo (void) { return 0; } +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + lt_cv_irix_exported_symbol=yes +else + lt_cv_irix_exported_symbol=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + LDFLAGS="$save_LDFLAGS" +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_irix_exported_symbol" >&5 +$as_echo "$lt_cv_irix_exported_symbol" >&6; } + if test "$lt_cv_irix_exported_symbol" = yes; then + archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations ${wl}-exports_file ${wl}$export_symbols -o $lib' + fi + else + archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib' + archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -exports_file $export_symbols -o $lib' + fi + archive_cmds_need_lc='no' + hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir' + hardcode_libdir_separator=: + inherit_rpath=yes + link_all_deplibs=yes + ;; + + netbsd*) + if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then + archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' # a.out + else + archive_cmds='$LD -shared -o $lib $libobjs $deplibs $linker_flags' # ELF + fi + hardcode_libdir_flag_spec='-R$libdir' + hardcode_direct=yes + hardcode_shlibpath_var=no + ;; + + newsos6) + archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' + hardcode_direct=yes + hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir' + hardcode_libdir_separator=: + hardcode_shlibpath_var=no + ;; + + *nto* | *qnx*) + ;; + + openbsd*) + if test -f /usr/libexec/ld.so; then + hardcode_direct=yes + hardcode_shlibpath_var=no + hardcode_direct_absolute=yes + if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then + archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' + archive_expsym_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-retain-symbols-file,$export_symbols' + hardcode_libdir_flag_spec='${wl}-rpath,$libdir' + export_dynamic_flag_spec='${wl}-E' + else + case $host_os in + openbsd[01].* | openbsd2.[0-7] | openbsd2.[0-7].*) + archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' + hardcode_libdir_flag_spec='-R$libdir' + ;; + *) + archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' + hardcode_libdir_flag_spec='${wl}-rpath,$libdir' + ;; + esac + fi + else + ld_shlibs=no + fi + ;; + + os2*) + hardcode_libdir_flag_spec='-L$libdir' + hardcode_minus_L=yes + allow_undefined_flag=unsupported + archive_cmds='$ECHO "LIBRARY $libname INITINSTANCE" > $output_objdir/$libname.def~$ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~echo DATA >> $output_objdir/$libname.def~echo " SINGLE NONSHARED" >> $output_objdir/$libname.def~echo EXPORTS >> $output_objdir/$libname.def~emxexp $libobjs >> $output_objdir/$libname.def~$CC -Zdll -Zcrtdll -o $lib $libobjs $deplibs $compiler_flags $output_objdir/$libname.def' + old_archive_from_new_cmds='emximp -o $output_objdir/$libname.a $output_objdir/$libname.def' + ;; + + osf3*) + if test "$GCC" = yes; then + allow_undefined_flag=' ${wl}-expect_unresolved ${wl}\*' + archive_cmds='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' + else + allow_undefined_flag=' -expect_unresolved \*' + archive_cmds='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib' + fi + archive_cmds_need_lc='no' + hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir' + hardcode_libdir_separator=: + ;; + + osf4* | osf5*) # as osf3* with the addition of -msym flag + if test "$GCC" = yes; then + allow_undefined_flag=' ${wl}-expect_unresolved ${wl}\*' + archive_cmds='$CC -shared${allow_undefined_flag} $pic_flag $libobjs $deplibs $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && func_echo_all "${wl}-set_version ${wl}$verstring"` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' + hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir' + else + allow_undefined_flag=' -expect_unresolved \*' + archive_cmds='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags -msym -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib' + archive_expsym_cmds='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done; printf "%s\\n" "-hidden">> $lib.exp~ + $CC -shared${allow_undefined_flag} ${wl}-input ${wl}$lib.exp $compiler_flags $libobjs $deplibs -soname $soname `test -n "$verstring" && $ECHO "-set_version $verstring"` -update_registry ${output_objdir}/so_locations -o $lib~$RM $lib.exp' + + # Both c and cxx compiler support -rpath directly + hardcode_libdir_flag_spec='-rpath $libdir' + fi + archive_cmds_need_lc='no' + hardcode_libdir_separator=: + ;; + + solaris*) + no_undefined_flag=' -z defs' + if test "$GCC" = yes; then + wlarc='${wl}' + archive_cmds='$CC -shared $pic_flag ${wl}-z ${wl}text ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags' + archive_expsym_cmds='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ + $CC -shared $pic_flag ${wl}-z ${wl}text ${wl}-M ${wl}$lib.exp ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp' + else + case `$CC -V 2>&1` in + *"Compilers 5.0"*) + wlarc='' + archive_cmds='$LD -G${allow_undefined_flag} -h $soname -o $lib $libobjs $deplibs $linker_flags' + archive_expsym_cmds='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ + $LD -G${allow_undefined_flag} -M $lib.exp -h $soname -o $lib $libobjs $deplibs $linker_flags~$RM $lib.exp' + ;; + *) + wlarc='${wl}' + archive_cmds='$CC -G${allow_undefined_flag} -h $soname -o $lib $libobjs $deplibs $compiler_flags' + archive_expsym_cmds='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ + $CC -G${allow_undefined_flag} -M $lib.exp -h $soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp' + ;; + esac + fi + hardcode_libdir_flag_spec='-R$libdir' + hardcode_shlibpath_var=no + case $host_os in + solaris2.[0-5] | solaris2.[0-5].*) ;; + *) + # The compiler driver will combine and reorder linker options, + # but understands `-z linker_flag'. GCC discards it without `$wl', + # but is careful enough not to reorder. + # Supported since Solaris 2.6 (maybe 2.5.1?) + if test "$GCC" = yes; then + whole_archive_flag_spec='${wl}-z ${wl}allextract$convenience ${wl}-z ${wl}defaultextract' + else + whole_archive_flag_spec='-z allextract$convenience -z defaultextract' + fi + ;; + esac + link_all_deplibs=yes + ;; + + sunos4*) + if test "x$host_vendor" = xsequent; then + # Use $CC to link under sequent, because it throws in some extra .o + # files that make .init and .fini sections work. + archive_cmds='$CC -G ${wl}-h $soname -o $lib $libobjs $deplibs $compiler_flags' + else + archive_cmds='$LD -assert pure-text -Bstatic -o $lib $libobjs $deplibs $linker_flags' + fi + hardcode_libdir_flag_spec='-L$libdir' + hardcode_direct=yes + hardcode_minus_L=yes + hardcode_shlibpath_var=no + ;; + + sysv4) + case $host_vendor in + sni) + archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' + hardcode_direct=yes # is this really true??? + ;; + siemens) + ## LD is ld it makes a PLAMLIB + ## CC just makes a GrossModule. + archive_cmds='$LD -G -o $lib $libobjs $deplibs $linker_flags' + reload_cmds='$CC -r -o $output$reload_objs' + hardcode_direct=no + ;; + motorola) + archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' + hardcode_direct=no #Motorola manual says yes, but my tests say they lie + ;; + esac + runpath_var='LD_RUN_PATH' + hardcode_shlibpath_var=no + ;; + + sysv4.3*) + archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' + hardcode_shlibpath_var=no + export_dynamic_flag_spec='-Bexport' + ;; + + sysv4*MP*) + if test -d /usr/nec; then + archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' + hardcode_shlibpath_var=no + runpath_var=LD_RUN_PATH + hardcode_runpath_var=yes + ld_shlibs=yes + fi + ;; + + sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[01].[10]* | unixware7* | sco3.2v5.0.[024]*) + no_undefined_flag='${wl}-z,text' + archive_cmds_need_lc=no + hardcode_shlibpath_var=no + runpath_var='LD_RUN_PATH' + + if test "$GCC" = yes; then + archive_cmds='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + archive_expsym_cmds='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + else + archive_cmds='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + archive_expsym_cmds='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + fi + ;; + + sysv5* | sco3.2v5* | sco5v6*) + # Note: We can NOT use -z defs as we might desire, because we do not + # link with -lc, and that would cause any symbols used from libc to + # always be unresolved, which means just about no library would + # ever link correctly. If we're not using GNU ld we use -z text + # though, which does catch some bad symbols but isn't as heavy-handed + # as -z defs. + no_undefined_flag='${wl}-z,text' + allow_undefined_flag='${wl}-z,nodefs' + archive_cmds_need_lc=no + hardcode_shlibpath_var=no + hardcode_libdir_flag_spec='${wl}-R,$libdir' + hardcode_libdir_separator=':' + link_all_deplibs=yes + export_dynamic_flag_spec='${wl}-Bexport' + runpath_var='LD_RUN_PATH' + + if test "$GCC" = yes; then + archive_cmds='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + archive_expsym_cmds='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + else + archive_cmds='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + archive_expsym_cmds='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + fi + ;; + + uts4*) + archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' + hardcode_libdir_flag_spec='-L$libdir' + hardcode_shlibpath_var=no + ;; + + *) + ld_shlibs=no + ;; + esac + + if test x$host_vendor = xsni; then + case $host in + sysv4 | sysv4.2uw2* | sysv4.3* | sysv5*) + export_dynamic_flag_spec='${wl}-Blargedynsym' + ;; + esac + fi + fi + +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ld_shlibs" >&5 +$as_echo "$ld_shlibs" >&6; } +test "$ld_shlibs" = no && can_build_shared=no + +with_gnu_ld=$with_gnu_ld + + + + + + + + + + + + + + + +# +# Do we need to explicitly link libc? +# +case "x$archive_cmds_need_lc" in +x|xyes) + # Assume -lc should be added + archive_cmds_need_lc=yes + + if test "$enable_shared" = yes && test "$GCC" = yes; then + case $archive_cmds in + *'~'*) + # FIXME: we may have to deal with multi-command sequences. + ;; + '$CC '*) + # Test whether the compiler implicitly links with -lc since on some + # systems, -lgcc has to come before -lc. If gcc already passes -lc + # to ld, don't add -lc before -lgcc. + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether -lc should be explicitly linked in" >&5 +$as_echo_n "checking whether -lc should be explicitly linked in... " >&6; } +if ${lt_cv_archive_cmds_need_lc+:} false; then : + $as_echo_n "(cached) " >&6 +else + $RM conftest* + echo "$lt_simple_compile_test_code" > conftest.$ac_ext + + if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } 2>conftest.err; then + soname=conftest + lib=conftest + libobjs=conftest.$ac_objext + deplibs= + wl=$lt_prog_compiler_wl + pic_flag=$lt_prog_compiler_pic + compiler_flags=-v + linker_flags=-v + verstring= + output_objdir=. + libname=conftest + lt_save_allow_undefined_flag=$allow_undefined_flag + allow_undefined_flag= + if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$archive_cmds 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1\""; } >&5 + (eval $archive_cmds 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + then + lt_cv_archive_cmds_need_lc=no + else + lt_cv_archive_cmds_need_lc=yes + fi + allow_undefined_flag=$lt_save_allow_undefined_flag + else + cat conftest.err 1>&5 + fi + $RM conftest* + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_archive_cmds_need_lc" >&5 +$as_echo "$lt_cv_archive_cmds_need_lc" >&6; } + archive_cmds_need_lc=$lt_cv_archive_cmds_need_lc + ;; + esac + fi + ;; +esac + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking dynamic linker characteristics" >&5 +$as_echo_n "checking dynamic linker characteristics... " >&6; } + +if test "$GCC" = yes; then + case $host_os in + darwin*) lt_awk_arg="/^libraries:/,/LR/" ;; + *) lt_awk_arg="/^libraries:/" ;; + esac + case $host_os in + mingw* | cegcc*) lt_sed_strip_eq="s,=\([A-Za-z]:\),\1,g" ;; + *) lt_sed_strip_eq="s,=/,/,g" ;; + esac + lt_search_path_spec=`$CC -print-search-dirs | awk $lt_awk_arg | $SED -e "s/^libraries://" -e $lt_sed_strip_eq` + case $lt_search_path_spec in + *\;*) + # if the path contains ";" then we assume it to be the separator + # otherwise default to the standard path separator (i.e. ":") - it is + # assumed that no part of a normal pathname contains ";" but that should + # okay in the real world where ";" in dirpaths is itself problematic. + lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED 's/;/ /g'` + ;; + *) + lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED "s/$PATH_SEPARATOR/ /g"` + ;; + esac + # Ok, now we have the path, separated by spaces, we can step through it + # and add multilib dir if necessary. + lt_tmp_lt_search_path_spec= + lt_multi_os_dir=`$CC $CPPFLAGS $CFLAGS $LDFLAGS -print-multi-os-directory 2>/dev/null` + for lt_sys_path in $lt_search_path_spec; do + if test -d "$lt_sys_path/$lt_multi_os_dir"; then + lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path/$lt_multi_os_dir" + else + test -d "$lt_sys_path" && \ + lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path" + fi + done + lt_search_path_spec=`$ECHO "$lt_tmp_lt_search_path_spec" | awk ' +BEGIN {RS=" "; FS="/|\n";} { + lt_foo=""; + lt_count=0; + for (lt_i = NF; lt_i > 0; lt_i--) { + if ($lt_i != "" && $lt_i != ".") { + if ($lt_i == "..") { + lt_count++; + } else { + if (lt_count == 0) { + lt_foo="/" $lt_i lt_foo; + } else { + lt_count--; + } + } + } + } + if (lt_foo != "") { lt_freq[lt_foo]++; } + if (lt_freq[lt_foo] == 1) { print lt_foo; } +}'` + # AWK program above erroneously prepends '/' to C:/dos/paths + # for these hosts. + case $host_os in + mingw* | cegcc*) lt_search_path_spec=`$ECHO "$lt_search_path_spec" |\ + $SED 's,/\([A-Za-z]:\),\1,g'` ;; + esac + sys_lib_search_path_spec=`$ECHO "$lt_search_path_spec" | $lt_NL2SP` +else + sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib" +fi +library_names_spec= +libname_spec='lib$name' +soname_spec= +shrext_cmds=".so" +postinstall_cmds= +postuninstall_cmds= +finish_cmds= +finish_eval= +shlibpath_var= +shlibpath_overrides_runpath=unknown +version_type=none +dynamic_linker="$host_os ld.so" +sys_lib_dlsearch_path_spec="/lib /usr/lib" +need_lib_prefix=unknown +hardcode_into_libs=no + +# when you set need_version to no, make sure it does not cause -set_version +# flags to be left without arguments +need_version=unknown + +case $host_os in +aix3*) + version_type=linux # correct to gnu/linux during the next big refactor + library_names_spec='${libname}${release}${shared_ext}$versuffix $libname.a' + shlibpath_var=LIBPATH + + # AIX 3 has no versioning support, so we append a major version to the name. + soname_spec='${libname}${release}${shared_ext}$major' + ;; + +aix[4-9]*) + version_type=linux # correct to gnu/linux during the next big refactor + need_lib_prefix=no + need_version=no + hardcode_into_libs=yes + if test "$host_cpu" = ia64; then + # AIX 5 supports IA64 + library_names_spec='${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext}$versuffix $libname${shared_ext}' + shlibpath_var=LD_LIBRARY_PATH + else + # With GCC up to 2.95.x, collect2 would create an import file + # for dependence libraries. The import file would start with + # the line `#! .'. This would cause the generated library to + # depend on `.', always an invalid library. This was fixed in + # development snapshots of GCC prior to 3.0. + case $host_os in + aix4 | aix4.[01] | aix4.[01].*) + if { echo '#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 97)' + echo ' yes ' + echo '#endif'; } | ${CC} -E - | $GREP yes > /dev/null; then + : + else + can_build_shared=no + fi + ;; + esac + # AIX (on Power*) has no versioning support, so currently we can not hardcode correct + # soname into executable. Probably we can add versioning support to + # collect2, so additional links can be useful in future. + if test "$aix_use_runtimelinking" = yes; then + # If using run time linking (on AIX 4.2 or later) use lib.so + # instead of lib.a to let people know that these are not + # typical AIX shared libraries. + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + else + # We preserve .a as extension for shared libraries through AIX4.2 + # and later when we are not doing run time linking. + library_names_spec='${libname}${release}.a $libname.a' + soname_spec='${libname}${release}${shared_ext}$major' + fi + shlibpath_var=LIBPATH + fi + ;; + +amigaos*) + case $host_cpu in + powerpc) + # Since July 2007 AmigaOS4 officially supports .so libraries. + # When compiling the executable, add -use-dynld -Lsobjs: to the compileline. + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + ;; + m68k) + library_names_spec='$libname.ixlibrary $libname.a' + # Create ${libname}_ixlibrary.a entries in /sys/libs. + finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`func_echo_all "$lib" | $SED '\''s%^.*/\([^/]*\)\.ixlibrary$%\1%'\''`; test $RM /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done' + ;; + esac + ;; + +beos*) + library_names_spec='${libname}${shared_ext}' + dynamic_linker="$host_os ld.so" + shlibpath_var=LIBRARY_PATH + ;; + +bsdi[45]*) + version_type=linux # correct to gnu/linux during the next big refactor + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + finish_cmds='PATH="\$PATH:/sbin" ldconfig $libdir' + shlibpath_var=LD_LIBRARY_PATH + sys_lib_search_path_spec="/shlib /usr/lib /usr/X11/lib /usr/contrib/lib /lib /usr/local/lib" + sys_lib_dlsearch_path_spec="/shlib /usr/lib /usr/local/lib" + # the default ld.so.conf also contains /usr/contrib/lib and + # /usr/X11R6/lib (/usr/X11 is a link to /usr/X11R6), but let us allow + # libtool to hard-code these into programs + ;; + +cygwin* | mingw* | pw32* | cegcc*) + version_type=windows + shrext_cmds=".dll" + need_version=no + need_lib_prefix=no + + case $GCC,$cc_basename in + yes,*) + # gcc + library_names_spec='$libname.dll.a' + # DLL is installed to $(libdir)/../bin by postinstall_cmds + postinstall_cmds='base_file=`basename \${file}`~ + dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\${base_file}'\''i; echo \$dlname'\''`~ + dldir=$destdir/`dirname \$dlpath`~ + test -d \$dldir || mkdir -p \$dldir~ + $install_prog $dir/$dlname \$dldir/$dlname~ + chmod a+x \$dldir/$dlname~ + if test -n '\''$stripme'\'' && test -n '\''$striplib'\''; then + eval '\''$striplib \$dldir/$dlname'\'' || exit \$?; + fi' + postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~ + dlpath=$dir/\$dldll~ + $RM \$dlpath' + shlibpath_overrides_runpath=yes + + case $host_os in + cygwin*) + # Cygwin DLLs use 'cyg' prefix rather than 'lib' + soname_spec='`echo ${libname} | sed -e 's/^lib/cyg/'``echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}' + + sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/lib/w32api" + ;; + mingw* | cegcc*) + # MinGW DLLs use traditional 'lib' prefix + soname_spec='${libname}`echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}' + ;; + pw32*) + # pw32 DLLs use 'pw' prefix rather than 'lib' + library_names_spec='`echo ${libname} | sed -e 's/^lib/pw/'``echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}' + ;; + esac + dynamic_linker='Win32 ld.exe' + ;; + + *,cl*) + # Native MSVC + libname_spec='$name' + soname_spec='${libname}`echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}' + library_names_spec='${libname}.dll.lib' + + case $build_os in + mingw*) + sys_lib_search_path_spec= + lt_save_ifs=$IFS + IFS=';' + for lt_path in $LIB + do + IFS=$lt_save_ifs + # Let DOS variable expansion print the short 8.3 style file name. + lt_path=`cd "$lt_path" 2>/dev/null && cmd //C "for %i in (".") do @echo %~si"` + sys_lib_search_path_spec="$sys_lib_search_path_spec $lt_path" + done + IFS=$lt_save_ifs + # Convert to MSYS style. + sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | sed -e 's|\\\\|/|g' -e 's| \\([a-zA-Z]\\):| /\\1|g' -e 's|^ ||'` + ;; + cygwin*) + # Convert to unix form, then to dos form, then back to unix form + # but this time dos style (no spaces!) so that the unix form looks + # like /cygdrive/c/PROGRA~1:/cygdr... + sys_lib_search_path_spec=`cygpath --path --unix "$LIB"` + sys_lib_search_path_spec=`cygpath --path --dos "$sys_lib_search_path_spec" 2>/dev/null` + sys_lib_search_path_spec=`cygpath --path --unix "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"` + ;; + *) + sys_lib_search_path_spec="$LIB" + if $ECHO "$sys_lib_search_path_spec" | $GREP ';[c-zC-Z]:/' >/dev/null; then + # It is most probably a Windows format PATH. + sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'` + else + sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"` + fi + # FIXME: find the short name or the path components, as spaces are + # common. (e.g. "Program Files" -> "PROGRA~1") + ;; + esac + + # DLL is installed to $(libdir)/../bin by postinstall_cmds + postinstall_cmds='base_file=`basename \${file}`~ + dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\${base_file}'\''i; echo \$dlname'\''`~ + dldir=$destdir/`dirname \$dlpath`~ + test -d \$dldir || mkdir -p \$dldir~ + $install_prog $dir/$dlname \$dldir/$dlname' + postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~ + dlpath=$dir/\$dldll~ + $RM \$dlpath' + shlibpath_overrides_runpath=yes + dynamic_linker='Win32 link.exe' + ;; + + *) + # Assume MSVC wrapper + library_names_spec='${libname}`echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext} $libname.lib' + dynamic_linker='Win32 ld.exe' + ;; + esac + # FIXME: first we should search . and the directory the executable is in + shlibpath_var=PATH + ;; + +darwin* | rhapsody*) + dynamic_linker="$host_os dyld" + version_type=darwin + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${major}$shared_ext ${libname}$shared_ext' + soname_spec='${libname}${release}${major}$shared_ext' + shlibpath_overrides_runpath=yes + shlibpath_var=DYLD_LIBRARY_PATH + shrext_cmds='`test .$module = .yes && echo .so || echo .dylib`' + + sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/local/lib" + sys_lib_dlsearch_path_spec='/usr/local/lib /lib /usr/lib' + ;; + +dgux*) + version_type=linux # correct to gnu/linux during the next big refactor + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname$shared_ext' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + ;; + +freebsd* | dragonfly*) + # DragonFly does not have aout. When/if they implement a new + # versioning mechanism, adjust this. + if test -x /usr/bin/objformat; then + objformat=`/usr/bin/objformat` + else + case $host_os in + freebsd[23].*) objformat=aout ;; + *) objformat=elf ;; + esac + fi + version_type=freebsd-$objformat + case $version_type in + freebsd-elf*) + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}' + need_version=no + need_lib_prefix=no + ;; + freebsd-*) + library_names_spec='${libname}${release}${shared_ext}$versuffix $libname${shared_ext}$versuffix' + need_version=yes + ;; + esac + shlibpath_var=LD_LIBRARY_PATH + case $host_os in + freebsd2.*) + shlibpath_overrides_runpath=yes + ;; + freebsd3.[01]* | freebsdelf3.[01]*) + shlibpath_overrides_runpath=yes + hardcode_into_libs=yes + ;; + freebsd3.[2-9]* | freebsdelf3.[2-9]* | \ + freebsd4.[0-5] | freebsdelf4.[0-5] | freebsd4.1.1 | freebsdelf4.1.1) + shlibpath_overrides_runpath=no + hardcode_into_libs=yes + ;; + *) # from 4.6 on, and DragonFly + shlibpath_overrides_runpath=yes + hardcode_into_libs=yes + ;; + esac + ;; + +gnu*) + version_type=linux # correct to gnu/linux during the next big refactor + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}${major} ${libname}${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no + hardcode_into_libs=yes + ;; + +haiku*) + version_type=linux # correct to gnu/linux during the next big refactor + need_lib_prefix=no + need_version=no + dynamic_linker="$host_os runtime_loader" + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}${major} ${libname}${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LIBRARY_PATH + shlibpath_overrides_runpath=yes + sys_lib_dlsearch_path_spec='/boot/home/config/lib /boot/common/lib /boot/system/lib' + hardcode_into_libs=yes + ;; + +hpux9* | hpux10* | hpux11*) + # Give a soname corresponding to the major version so that dld.sl refuses to + # link against other versions. + version_type=sunos + need_lib_prefix=no + need_version=no + case $host_cpu in + ia64*) + shrext_cmds='.so' + hardcode_into_libs=yes + dynamic_linker="$host_os dld.so" + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + if test "X$HPUX_IA64_MODE" = X32; then + sys_lib_search_path_spec="/usr/lib/hpux32 /usr/local/lib/hpux32 /usr/local/lib" + else + sys_lib_search_path_spec="/usr/lib/hpux64 /usr/local/lib/hpux64" + fi + sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec + ;; + hppa*64*) + shrext_cmds='.sl' + hardcode_into_libs=yes + dynamic_linker="$host_os dld.sl" + shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH + shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + sys_lib_search_path_spec="/usr/lib/pa20_64 /usr/ccs/lib/pa20_64" + sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec + ;; + *) + shrext_cmds='.sl' + dynamic_linker="$host_os dld.sl" + shlibpath_var=SHLIB_PATH + shlibpath_overrides_runpath=no # +s is required to enable SHLIB_PATH + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + ;; + esac + # HP-UX runs *really* slowly unless shared libraries are mode 555, ... + postinstall_cmds='chmod 555 $lib' + # or fails outright, so override atomically: + install_override_mode=555 + ;; + +interix[3-9]*) + version_type=linux # correct to gnu/linux during the next big refactor + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + dynamic_linker='Interix 3.x ld.so.1 (PE, like ELF)' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no + hardcode_into_libs=yes + ;; + +irix5* | irix6* | nonstopux*) + case $host_os in + nonstopux*) version_type=nonstopux ;; + *) + if test "$lt_cv_prog_gnu_ld" = yes; then + version_type=linux # correct to gnu/linux during the next big refactor + else + version_type=irix + fi ;; + esac + need_lib_prefix=no + need_version=no + soname_spec='${libname}${release}${shared_ext}$major' + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext} $libname${shared_ext}' + case $host_os in + irix5* | nonstopux*) + libsuff= shlibsuff= + ;; + *) + case $LD in # libtool.m4 will add one of these switches to LD + *-32|*"-32 "|*-melf32bsmip|*"-melf32bsmip ") + libsuff= shlibsuff= libmagic=32-bit;; + *-n32|*"-n32 "|*-melf32bmipn32|*"-melf32bmipn32 ") + libsuff=32 shlibsuff=N32 libmagic=N32;; + *-64|*"-64 "|*-melf64bmip|*"-melf64bmip ") + libsuff=64 shlibsuff=64 libmagic=64-bit;; + *) libsuff= shlibsuff= libmagic=never-match;; + esac + ;; + esac + shlibpath_var=LD_LIBRARY${shlibsuff}_PATH + shlibpath_overrides_runpath=no + sys_lib_search_path_spec="/usr/lib${libsuff} /lib${libsuff} /usr/local/lib${libsuff}" + sys_lib_dlsearch_path_spec="/usr/lib${libsuff} /lib${libsuff}" + hardcode_into_libs=yes + ;; + +# No shared lib support for Linux oldld, aout, or coff. +linux*oldld* | linux*aout* | linux*coff*) + dynamic_linker=no + ;; + +# This must be glibc/ELF. +linux* | k*bsd*-gnu | kopensolaris*-gnu) + version_type=linux # correct to gnu/linux during the next big refactor + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + finish_cmds='PATH="\$PATH:/sbin" ldconfig -n $libdir' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no + + # Some binutils ld are patched to set DT_RUNPATH + if ${lt_cv_shlibpath_overrides_runpath+:} false; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_shlibpath_overrides_runpath=no + save_LDFLAGS=$LDFLAGS + save_libdir=$libdir + eval "libdir=/foo; wl=\"$lt_prog_compiler_wl\"; \ + LDFLAGS=\"\$LDFLAGS $hardcode_libdir_flag_spec\"" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + if ($OBJDUMP -p conftest$ac_exeext) 2>/dev/null | grep "RUNPATH.*$libdir" >/dev/null; then : + lt_cv_shlibpath_overrides_runpath=yes +fi +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + LDFLAGS=$save_LDFLAGS + libdir=$save_libdir + +fi + + shlibpath_overrides_runpath=$lt_cv_shlibpath_overrides_runpath + + # This implies no fast_install, which is unacceptable. + # Some rework will be needed to allow for fast_install + # before this can be enabled. + hardcode_into_libs=yes + + # Add ABI-specific directories to the system library path. + sys_lib_dlsearch_path_spec="/lib64 /usr/lib64 /lib /usr/lib" + + # Append ld.so.conf contents to the search path + if test -f /etc/ld.so.conf; then + lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[ ]*hwcap[ ]/d;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;s/"//g;/^$/d' | tr '\n' ' '` + sys_lib_dlsearch_path_spec="$sys_lib_dlsearch_path_spec $lt_ld_extra" + + fi + + # We used to test for /lib/ld.so.1 and disable shared libraries on + # powerpc, because MkLinux only supported shared libraries with the + # GNU dynamic linker. Since this was broken with cross compilers, + # most powerpc-linux boxes support dynamic linking these days and + # people can always --disable-shared, the test was removed, and we + # assume the GNU/Linux dynamic linker is in use. + dynamic_linker='GNU/Linux ld.so' + ;; + +netbsd*) + version_type=sunos + need_lib_prefix=no + need_version=no + if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix' + finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir' + dynamic_linker='NetBSD (a.out) ld.so' + else + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + dynamic_linker='NetBSD ld.elf_so' + fi + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + hardcode_into_libs=yes + ;; + +newsos6) + version_type=linux # correct to gnu/linux during the next big refactor + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + ;; + +*nto* | *qnx*) + version_type=qnx + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no + hardcode_into_libs=yes + dynamic_linker='ldqnx.so' + ;; + +openbsd*) + version_type=sunos + sys_lib_dlsearch_path_spec="/usr/lib" + need_lib_prefix=no + # Some older versions of OpenBSD (3.3 at least) *do* need versioned libs. + case $host_os in + openbsd3.3 | openbsd3.3.*) need_version=yes ;; + *) need_version=no ;; + esac + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix' + finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir' + shlibpath_var=LD_LIBRARY_PATH + if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then + case $host_os in + openbsd2.[89] | openbsd2.[89].*) + shlibpath_overrides_runpath=no + ;; + *) + shlibpath_overrides_runpath=yes + ;; + esac + else + shlibpath_overrides_runpath=yes + fi + ;; + +os2*) + libname_spec='$name' + shrext_cmds=".dll" + need_lib_prefix=no + library_names_spec='$libname${shared_ext} $libname.a' + dynamic_linker='OS/2 ld.exe' + shlibpath_var=LIBPATH + ;; + +osf3* | osf4* | osf5*) + version_type=osf + need_lib_prefix=no + need_version=no + soname_spec='${libname}${release}${shared_ext}$major' + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + shlibpath_var=LD_LIBRARY_PATH + sys_lib_search_path_spec="/usr/shlib /usr/ccs/lib /usr/lib/cmplrs/cc /usr/lib /usr/local/lib /var/shlib" + sys_lib_dlsearch_path_spec="$sys_lib_search_path_spec" + ;; + +rdos*) + dynamic_linker=no + ;; + +solaris*) + version_type=linux # correct to gnu/linux during the next big refactor + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + hardcode_into_libs=yes + # ldd complains unless libraries are executable + postinstall_cmds='chmod +x $lib' + ;; + +sunos4*) + version_type=sunos + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix' + finish_cmds='PATH="\$PATH:/usr/etc" ldconfig $libdir' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + if test "$with_gnu_ld" = yes; then + need_lib_prefix=no + fi + need_version=yes + ;; + +sysv4 | sysv4.3*) + version_type=linux # correct to gnu/linux during the next big refactor + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + case $host_vendor in + sni) + shlibpath_overrides_runpath=no + need_lib_prefix=no + runpath_var=LD_RUN_PATH + ;; + siemens) + need_lib_prefix=no + ;; + motorola) + need_lib_prefix=no + need_version=no + shlibpath_overrides_runpath=no + sys_lib_search_path_spec='/lib /usr/lib /usr/ccs/lib' + ;; + esac + ;; + +sysv4*MP*) + if test -d /usr/nec ;then + version_type=linux # correct to gnu/linux during the next big refactor + library_names_spec='$libname${shared_ext}.$versuffix $libname${shared_ext}.$major $libname${shared_ext}' + soname_spec='$libname${shared_ext}.$major' + shlibpath_var=LD_LIBRARY_PATH + fi + ;; + +sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*) + version_type=freebsd-elf + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + hardcode_into_libs=yes + if test "$with_gnu_ld" = yes; then + sys_lib_search_path_spec='/usr/local/lib /usr/gnu/lib /usr/ccs/lib /usr/lib /lib' + else + sys_lib_search_path_spec='/usr/ccs/lib /usr/lib' + case $host_os in + sco3.2v5*) + sys_lib_search_path_spec="$sys_lib_search_path_spec /lib" + ;; + esac + fi + sys_lib_dlsearch_path_spec='/usr/lib' + ;; + +tpf*) + # TPF is a cross-target only. Preferred cross-host = GNU/Linux. + version_type=linux # correct to gnu/linux during the next big refactor + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no + hardcode_into_libs=yes + ;; + +uts4*) + version_type=linux # correct to gnu/linux during the next big refactor + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + ;; + +*) + dynamic_linker=no + ;; +esac +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $dynamic_linker" >&5 +$as_echo "$dynamic_linker" >&6; } +test "$dynamic_linker" = no && can_build_shared=no + +variables_saved_for_relink="PATH $shlibpath_var $runpath_var" +if test "$GCC" = yes; then + variables_saved_for_relink="$variables_saved_for_relink GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH" +fi + +if test "${lt_cv_sys_lib_search_path_spec+set}" = set; then + sys_lib_search_path_spec="$lt_cv_sys_lib_search_path_spec" +fi +if test "${lt_cv_sys_lib_dlsearch_path_spec+set}" = set; then + sys_lib_dlsearch_path_spec="$lt_cv_sys_lib_dlsearch_path_spec" +fi + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to hardcode library paths into programs" >&5 +$as_echo_n "checking how to hardcode library paths into programs... " >&6; } +hardcode_action= +if test -n "$hardcode_libdir_flag_spec" || + test -n "$runpath_var" || + test "X$hardcode_automatic" = "Xyes" ; then + + # We can hardcode non-existent directories. + if test "$hardcode_direct" != no && + # If the only mechanism to avoid hardcoding is shlibpath_var, we + # have to relink, otherwise we might link with an installed library + # when we should be linking with a yet-to-be-installed one + ## test "$_LT_TAGVAR(hardcode_shlibpath_var, )" != no && + test "$hardcode_minus_L" != no; then + # Linking always hardcodes the temporary library directory. + hardcode_action=relink + else + # We can link without hardcoding, and we can hardcode nonexisting dirs. + hardcode_action=immediate + fi +else + # We cannot hardcode anything, or else we can only hardcode existing + # directories. + hardcode_action=unsupported +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $hardcode_action" >&5 +$as_echo "$hardcode_action" >&6; } + +if test "$hardcode_action" = relink || + test "$inherit_rpath" = yes; then + # Fast installation is not supported + enable_fast_install=no +elif test "$shlibpath_overrides_runpath" = yes || + test "$enable_shared" = no; then + # Fast installation is not necessary + enable_fast_install=needless +fi + + + + + + + if test "x$enable_dlopen" != xyes; then + enable_dlopen=unknown + enable_dlopen_self=unknown + enable_dlopen_self_static=unknown +else + lt_cv_dlopen=no + lt_cv_dlopen_libs= + + case $host_os in + beos*) + lt_cv_dlopen="load_add_on" + lt_cv_dlopen_libs= + lt_cv_dlopen_self=yes + ;; + + mingw* | pw32* | cegcc*) + lt_cv_dlopen="LoadLibrary" + lt_cv_dlopen_libs= + ;; + + cygwin*) + lt_cv_dlopen="dlopen" + lt_cv_dlopen_libs= + ;; + + darwin*) + # if libdl is installed we need to link against it + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5 +$as_echo_n "checking for dlopen in -ldl... " >&6; } +if ${ac_cv_lib_dl_dlopen+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-ldl $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char dlopen (); +int +main () +{ +return dlopen (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_dl_dlopen=yes +else + ac_cv_lib_dl_dlopen=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5 +$as_echo "$ac_cv_lib_dl_dlopen" >&6; } +if test "x$ac_cv_lib_dl_dlopen" = xyes; then : + lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl" +else + + lt_cv_dlopen="dyld" + lt_cv_dlopen_libs= + lt_cv_dlopen_self=yes + +fi + + ;; + + *) + ac_fn_c_check_func "$LINENO" "shl_load" "ac_cv_func_shl_load" +if test "x$ac_cv_func_shl_load" = xyes; then : + lt_cv_dlopen="shl_load" +else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for shl_load in -ldld" >&5 +$as_echo_n "checking for shl_load in -ldld... " >&6; } +if ${ac_cv_lib_dld_shl_load+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-ldld $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char shl_load (); +int +main () +{ +return shl_load (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_dld_shl_load=yes +else + ac_cv_lib_dld_shl_load=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dld_shl_load" >&5 +$as_echo "$ac_cv_lib_dld_shl_load" >&6; } +if test "x$ac_cv_lib_dld_shl_load" = xyes; then : + lt_cv_dlopen="shl_load" lt_cv_dlopen_libs="-ldld" +else + ac_fn_c_check_func "$LINENO" "dlopen" "ac_cv_func_dlopen" +if test "x$ac_cv_func_dlopen" = xyes; then : + lt_cv_dlopen="dlopen" +else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5 +$as_echo_n "checking for dlopen in -ldl... " >&6; } +if ${ac_cv_lib_dl_dlopen+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-ldl $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char dlopen (); +int +main () +{ +return dlopen (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_dl_dlopen=yes +else + ac_cv_lib_dl_dlopen=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5 +$as_echo "$ac_cv_lib_dl_dlopen" >&6; } +if test "x$ac_cv_lib_dl_dlopen" = xyes; then : + lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl" +else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -lsvld" >&5 +$as_echo_n "checking for dlopen in -lsvld... " >&6; } +if ${ac_cv_lib_svld_dlopen+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lsvld $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char dlopen (); +int +main () +{ +return dlopen (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_svld_dlopen=yes +else + ac_cv_lib_svld_dlopen=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_svld_dlopen" >&5 +$as_echo "$ac_cv_lib_svld_dlopen" >&6; } +if test "x$ac_cv_lib_svld_dlopen" = xyes; then : + lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-lsvld" +else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dld_link in -ldld" >&5 +$as_echo_n "checking for dld_link in -ldld... " >&6; } +if ${ac_cv_lib_dld_dld_link+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-ldld $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char dld_link (); +int +main () +{ +return dld_link (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_dld_dld_link=yes +else + ac_cv_lib_dld_dld_link=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dld_dld_link" >&5 +$as_echo "$ac_cv_lib_dld_dld_link" >&6; } +if test "x$ac_cv_lib_dld_dld_link" = xyes; then : + lt_cv_dlopen="dld_link" lt_cv_dlopen_libs="-ldld" +fi + + +fi + + +fi + + +fi + + +fi + + +fi + + ;; + esac + + if test "x$lt_cv_dlopen" != xno; then + enable_dlopen=yes + else + enable_dlopen=no + fi + + case $lt_cv_dlopen in + dlopen) + save_CPPFLAGS="$CPPFLAGS" + test "x$ac_cv_header_dlfcn_h" = xyes && CPPFLAGS="$CPPFLAGS -DHAVE_DLFCN_H" + + save_LDFLAGS="$LDFLAGS" + wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $export_dynamic_flag_spec\" + + save_LIBS="$LIBS" + LIBS="$lt_cv_dlopen_libs $LIBS" + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether a program can dlopen itself" >&5 +$as_echo_n "checking whether a program can dlopen itself... " >&6; } +if ${lt_cv_dlopen_self+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test "$cross_compiling" = yes; then : + lt_cv_dlopen_self=cross +else + lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 + lt_status=$lt_dlunknown + cat > conftest.$ac_ext <<_LT_EOF +#line $LINENO "configure" +#include "confdefs.h" + +#if HAVE_DLFCN_H +#include +#endif + +#include + +#ifdef RTLD_GLOBAL +# define LT_DLGLOBAL RTLD_GLOBAL +#else +# ifdef DL_GLOBAL +# define LT_DLGLOBAL DL_GLOBAL +# else +# define LT_DLGLOBAL 0 +# endif +#endif + +/* We may have to define LT_DLLAZY_OR_NOW in the command line if we + find out it does not work in some platform. */ +#ifndef LT_DLLAZY_OR_NOW +# ifdef RTLD_LAZY +# define LT_DLLAZY_OR_NOW RTLD_LAZY +# else +# ifdef DL_LAZY +# define LT_DLLAZY_OR_NOW DL_LAZY +# else +# ifdef RTLD_NOW +# define LT_DLLAZY_OR_NOW RTLD_NOW +# else +# ifdef DL_NOW +# define LT_DLLAZY_OR_NOW DL_NOW +# else +# define LT_DLLAZY_OR_NOW 0 +# endif +# endif +# endif +# endif +#endif + +/* When -fvisbility=hidden is used, assume the code has been annotated + correspondingly for the symbols needed. */ +#if defined(__GNUC__) && (((__GNUC__ == 3) && (__GNUC_MINOR__ >= 3)) || (__GNUC__ > 3)) +int fnord () __attribute__((visibility("default"))); +#endif + +int fnord () { return 42; } +int main () +{ + void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW); + int status = $lt_dlunknown; + + if (self) + { + if (dlsym (self,"fnord")) status = $lt_dlno_uscore; + else + { + if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore; + else puts (dlerror ()); + } + /* dlclose (self); */ + } + else + puts (dlerror ()); + + return status; +} +_LT_EOF + if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_link\""; } >&5 + (eval $ac_link) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } && test -s conftest${ac_exeext} 2>/dev/null; then + (./conftest; exit; ) >&5 2>/dev/null + lt_status=$? + case x$lt_status in + x$lt_dlno_uscore) lt_cv_dlopen_self=yes ;; + x$lt_dlneed_uscore) lt_cv_dlopen_self=yes ;; + x$lt_dlunknown|x*) lt_cv_dlopen_self=no ;; + esac + else : + # compilation failed + lt_cv_dlopen_self=no + fi +fi +rm -fr conftest* + + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_dlopen_self" >&5 +$as_echo "$lt_cv_dlopen_self" >&6; } + + if test "x$lt_cv_dlopen_self" = xyes; then + wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $lt_prog_compiler_static\" + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether a statically linked program can dlopen itself" >&5 +$as_echo_n "checking whether a statically linked program can dlopen itself... " >&6; } +if ${lt_cv_dlopen_self_static+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test "$cross_compiling" = yes; then : + lt_cv_dlopen_self_static=cross +else + lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 + lt_status=$lt_dlunknown + cat > conftest.$ac_ext <<_LT_EOF +#line $LINENO "configure" +#include "confdefs.h" + +#if HAVE_DLFCN_H +#include +#endif + +#include + +#ifdef RTLD_GLOBAL +# define LT_DLGLOBAL RTLD_GLOBAL +#else +# ifdef DL_GLOBAL +# define LT_DLGLOBAL DL_GLOBAL +# else +# define LT_DLGLOBAL 0 +# endif +#endif + +/* We may have to define LT_DLLAZY_OR_NOW in the command line if we + find out it does not work in some platform. */ +#ifndef LT_DLLAZY_OR_NOW +# ifdef RTLD_LAZY +# define LT_DLLAZY_OR_NOW RTLD_LAZY +# else +# ifdef DL_LAZY +# define LT_DLLAZY_OR_NOW DL_LAZY +# else +# ifdef RTLD_NOW +# define LT_DLLAZY_OR_NOW RTLD_NOW +# else +# ifdef DL_NOW +# define LT_DLLAZY_OR_NOW DL_NOW +# else +# define LT_DLLAZY_OR_NOW 0 +# endif +# endif +# endif +# endif +#endif + +/* When -fvisbility=hidden is used, assume the code has been annotated + correspondingly for the symbols needed. */ +#if defined(__GNUC__) && (((__GNUC__ == 3) && (__GNUC_MINOR__ >= 3)) || (__GNUC__ > 3)) +int fnord () __attribute__((visibility("default"))); +#endif + +int fnord () { return 42; } +int main () +{ + void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW); + int status = $lt_dlunknown; + + if (self) + { + if (dlsym (self,"fnord")) status = $lt_dlno_uscore; + else + { + if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore; + else puts (dlerror ()); + } + /* dlclose (self); */ + } + else + puts (dlerror ()); + + return status; +} +_LT_EOF + if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_link\""; } >&5 + (eval $ac_link) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } && test -s conftest${ac_exeext} 2>/dev/null; then + (./conftest; exit; ) >&5 2>/dev/null + lt_status=$? + case x$lt_status in + x$lt_dlno_uscore) lt_cv_dlopen_self_static=yes ;; + x$lt_dlneed_uscore) lt_cv_dlopen_self_static=yes ;; + x$lt_dlunknown|x*) lt_cv_dlopen_self_static=no ;; + esac + else : + # compilation failed + lt_cv_dlopen_self_static=no + fi +fi +rm -fr conftest* + + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_dlopen_self_static" >&5 +$as_echo "$lt_cv_dlopen_self_static" >&6; } + fi + + CPPFLAGS="$save_CPPFLAGS" + LDFLAGS="$save_LDFLAGS" + LIBS="$save_LIBS" + ;; + esac + + case $lt_cv_dlopen_self in + yes|no) enable_dlopen_self=$lt_cv_dlopen_self ;; + *) enable_dlopen_self=unknown ;; + esac + + case $lt_cv_dlopen_self_static in + yes|no) enable_dlopen_self_static=$lt_cv_dlopen_self_static ;; + *) enable_dlopen_self_static=unknown ;; + esac +fi + + + + + + + + + + + + + + + + + +striplib= +old_striplib= +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether stripping libraries is possible" >&5 +$as_echo_n "checking whether stripping libraries is possible... " >&6; } +if test -n "$STRIP" && $STRIP -V 2>&1 | $GREP "GNU strip" >/dev/null; then + test -z "$old_striplib" && old_striplib="$STRIP --strip-debug" + test -z "$striplib" && striplib="$STRIP --strip-unneeded" + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } +else +# FIXME - insert some real tests, host_os isn't really good enough + case $host_os in + darwin*) + if test -n "$STRIP" ; then + striplib="$STRIP -x" + old_striplib="$STRIP -S" + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + fi + ;; + *) + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + ;; + esac +fi + + + + + + + + + + + + + # Report which library types will actually be built + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if libtool supports shared libraries" >&5 +$as_echo_n "checking if libtool supports shared libraries... " >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $can_build_shared" >&5 +$as_echo "$can_build_shared" >&6; } + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to build shared libraries" >&5 +$as_echo_n "checking whether to build shared libraries... " >&6; } + test "$can_build_shared" = "no" && enable_shared=no + + # On AIX, shared libraries and static libraries use the same namespace, and + # are all built from PIC. + case $host_os in + aix3*) + test "$enable_shared" = yes && enable_static=no + if test -n "$RANLIB"; then + archive_cmds="$archive_cmds~\$RANLIB \$lib" + postinstall_cmds='$RANLIB $lib' + fi + ;; + + aix[4-9]*) + if test "$host_cpu" != ia64 && test "$aix_use_runtimelinking" = no ; then + test "$enable_shared" = yes && enable_static=no + fi + ;; + esac + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_shared" >&5 +$as_echo "$enable_shared" >&6; } + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to build static libraries" >&5 +$as_echo_n "checking whether to build static libraries... " >&6; } + # Make sure either enable_shared or enable_static is yes. + test "$enable_shared" = yes || enable_static=yes + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_static" >&5 +$as_echo "$enable_static" >&6; } + + + + +fi +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + +CC="$lt_save_CC" + + + + + + + + + + + + + + + + ac_config_commands="$ac_config_commands libtool" + + + + +# Only expand once: + + + +# Checks for header files. +for ac_header in netdb.h stdlib.h string.h +do : + as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` +ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" +if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 +_ACEOF + +fi + +done + + +# Checks for typedefs, structures, and compiler characteristics. +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for uid_t in sys/types.h" >&5 +$as_echo_n "checking for uid_t in sys/types.h... " >&6; } +if ${ac_cv_type_uid_t+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "uid_t" >/dev/null 2>&1; then : + ac_cv_type_uid_t=yes +else + ac_cv_type_uid_t=no +fi +rm -f conftest* + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_uid_t" >&5 +$as_echo "$ac_cv_type_uid_t" >&6; } +if test $ac_cv_type_uid_t = no; then + +$as_echo "#define uid_t int" >>confdefs.h + + +$as_echo "#define gid_t int" >>confdefs.h + +fi + +ac_fn_c_check_type "$LINENO" "size_t" "ac_cv_type_size_t" "$ac_includes_default" +if test "x$ac_cv_type_size_t" = xyes; then : + +else + +cat >>confdefs.h <<_ACEOF +#define size_t unsigned int +_ACEOF + +fi + +ac_fn_c_check_type "$LINENO" "ssize_t" "ac_cv_type_ssize_t" "$ac_includes_default" +if test "x$ac_cv_type_ssize_t" = xyes; then : + +else + +cat >>confdefs.h <<_ACEOF +#define ssize_t int +_ACEOF + +fi + + +# Checks for library functions. +for ac_header in stdlib.h +do : + ac_fn_c_check_header_mongrel "$LINENO" "stdlib.h" "ac_cv_header_stdlib_h" "$ac_includes_default" +if test "x$ac_cv_header_stdlib_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_STDLIB_H 1 +_ACEOF + +fi + +done + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for GNU libc compatible malloc" >&5 +$as_echo_n "checking for GNU libc compatible malloc... " >&6; } +if ${ac_cv_func_malloc_0_nonnull+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test "$cross_compiling" = yes; then : + ac_cv_func_malloc_0_nonnull=no +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#if defined STDC_HEADERS || defined HAVE_STDLIB_H +# include +#else +char *malloc (); +#endif + +int +main () +{ +return ! malloc (0); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + ac_cv_func_malloc_0_nonnull=yes +else + ac_cv_func_malloc_0_nonnull=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_malloc_0_nonnull" >&5 +$as_echo "$ac_cv_func_malloc_0_nonnull" >&6; } +if test $ac_cv_func_malloc_0_nonnull = yes; then : + +$as_echo "#define HAVE_MALLOC 1" >>confdefs.h + +else + $as_echo "#define HAVE_MALLOC 0" >>confdefs.h + + case " $LIBOBJS " in + *" malloc.$ac_objext "* ) ;; + *) LIBOBJS="$LIBOBJS malloc.$ac_objext" + ;; +esac + + +$as_echo "#define malloc rpl_malloc" >>confdefs.h + +fi + + +for ac_func in endgrent endpwent memset regcomp strdup +do : + as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` +ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" +if eval test \"x\$"$as_ac_var"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 +_ACEOF + +fi +done + + +# Build wrapper scripts from templates +libname=libmocklibc.so + +#AC_CONFIG_FILES([bin/mocklibc], [chmod +x bin/mocklibc], [libname=${libname}]) +#AC_CONFIG_FILES([bin/mocklibc-test], [chmod +x bin/mocklibc-test], +# [libname=${libname}])) + +ac_config_files="$ac_config_files Makefile src/Makefile bin/Makefile" + +cat >confcache <<\_ACEOF +# This file is a shell script that caches the results of configure +# tests run on this system so they can be shared between configure +# scripts and configure runs, see configure's option --config-cache. +# It is not useful on other systems. If it contains results you don't +# want to keep, you may remove or edit it. +# +# config.status only pays attention to the cache file if you give it +# the --recheck option to rerun configure. +# +# `ac_cv_env_foo' variables (set or unset) will be overridden when +# loading this file, other *unset* `ac_cv_foo' will be assigned the +# following values. + +_ACEOF + +# The following way of writing the cache mishandles newlines in values, +# but we know of no workaround that is simple, portable, and efficient. +# So, we kill variables containing newlines. +# Ultrix sh set writes to stderr and can't be redirected directly, +# and sets the high bit in the cache file unless we assign to the vars. +( + for ac_var in `(set) 2>&1 | sed -n 's/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'`; do + eval ac_val=\$$ac_var + case $ac_val in #( + *${as_nl}*) + case $ac_var in #( + *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5 +$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; + esac + case $ac_var in #( + _ | IFS | as_nl) ;; #( + BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #( + *) { eval $ac_var=; unset $ac_var;} ;; + esac ;; + esac + done + + (set) 2>&1 | + case $as_nl`(ac_space=' '; set) 2>&1` in #( + *${as_nl}ac_space=\ *) + # `set' does not quote correctly, so add quotes: double-quote + # substitution turns \\\\ into \\, and sed turns \\ into \. + sed -n \ + "s/'/'\\\\''/g; + s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p" + ;; #( + *) + # `set' quotes correctly as required by POSIX, so do not add quotes. + sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p" + ;; + esac | + sort +) | + sed ' + /^ac_cv_env_/b end + t clear + :clear + s/^\([^=]*\)=\(.*[{}].*\)$/test "${\1+set}" = set || &/ + t end + s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/ + :end' >>confcache +if diff "$cache_file" confcache >/dev/null 2>&1; then :; else + if test -w "$cache_file"; then + if test "x$cache_file" != "x/dev/null"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: updating cache $cache_file" >&5 +$as_echo "$as_me: updating cache $cache_file" >&6;} + if test ! -f "$cache_file" || test -h "$cache_file"; then + cat confcache >"$cache_file" + else + case $cache_file in #( + */* | ?:*) + mv -f confcache "$cache_file"$$ && + mv -f "$cache_file"$$ "$cache_file" ;; #( + *) + mv -f confcache "$cache_file" ;; + esac + fi + fi + else + { $as_echo "$as_me:${as_lineno-$LINENO}: not updating unwritable cache $cache_file" >&5 +$as_echo "$as_me: not updating unwritable cache $cache_file" >&6;} + fi +fi +rm -f confcache + +test "x$prefix" = xNONE && prefix=$ac_default_prefix +# Let make expand exec_prefix. +test "x$exec_prefix" = xNONE && exec_prefix='${prefix}' + +DEFS=-DHAVE_CONFIG_H + +ac_libobjs= +ac_ltlibobjs= +U= +for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue + # 1. Remove the extension, and $U if already installed. + ac_script='s/\$U\././;s/\.o$//;s/\.obj$//' + ac_i=`$as_echo "$ac_i" | sed "$ac_script"` + # 2. Prepend LIBOBJDIR. When used with automake>=1.10 LIBOBJDIR + # will be set to the directory where LIBOBJS objects are built. + as_fn_append ac_libobjs " \${LIBOBJDIR}$ac_i\$U.$ac_objext" + as_fn_append ac_ltlibobjs " \${LIBOBJDIR}$ac_i"'$U.lo' +done +LIBOBJS=$ac_libobjs + +LTLIBOBJS=$ac_ltlibobjs + + + if test -n "$EXEEXT"; then + am__EXEEXT_TRUE= + am__EXEEXT_FALSE='#' +else + am__EXEEXT_TRUE='#' + am__EXEEXT_FALSE= +fi + +if test -z "${AMDEP_TRUE}" && test -z "${AMDEP_FALSE}"; then + as_fn_error $? "conditional \"AMDEP\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${am__fastdepCC_TRUE}" && test -z "${am__fastdepCC_FALSE}"; then + as_fn_error $? "conditional \"am__fastdepCC\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi + +: "${CONFIG_STATUS=./config.status}" +ac_write_fail=0 +ac_clean_files_save=$ac_clean_files +ac_clean_files="$ac_clean_files $CONFIG_STATUS" +{ $as_echo "$as_me:${as_lineno-$LINENO}: creating $CONFIG_STATUS" >&5 +$as_echo "$as_me: creating $CONFIG_STATUS" >&6;} +as_write_fail=0 +cat >$CONFIG_STATUS <<_ASEOF || as_write_fail=1 +#! $SHELL +# Generated by $as_me. +# Run this file to recreate the current configuration. +# Compiler output produced by configure, useful for debugging +# configure, is in config.log if it exists. + +debug=false +ac_cs_recheck=false +ac_cs_silent=false + +SHELL=\${CONFIG_SHELL-$SHELL} +export SHELL +_ASEOF +cat >>$CONFIG_STATUS <<\_ASEOF || as_write_fail=1 +## -------------------- ## +## M4sh Initialization. ## +## -------------------- ## + +# Be more Bourne compatible +DUALCASE=1; export DUALCASE # for MKS sh +if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then : + emulate sh + NULLCMD=: + # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which + # is contrary to our usage. Disable this feature. + alias -g '${1+"$@"}'='"$@"' + setopt NO_GLOB_SUBST +else + case `(set -o) 2>/dev/null` in #( + *posix*) : + set -o posix ;; #( + *) : + ;; +esac +fi + + +as_nl=' +' +export as_nl +# Printing a long string crashes Solaris 7 /usr/bin/printf. +as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' +as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo +as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo +# Prefer a ksh shell builtin over an external printf program on Solaris, +# but without wasting forks for bash or zsh. +if test -z "$BASH_VERSION$ZSH_VERSION" \ + && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then + as_echo='print -r --' + as_echo_n='print -rn --' +elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then + as_echo='printf %s\n' + as_echo_n='printf %s' +else + if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then + as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"' + as_echo_n='/usr/ucb/echo -n' + else + as_echo_body='eval expr "X$1" : "X\\(.*\\)"' + as_echo_n_body='eval + arg=$1; + case $arg in #( + *"$as_nl"*) + expr "X$arg" : "X\\(.*\\)$as_nl"; + arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;; + esac; + expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl" + ' + export as_echo_n_body + as_echo_n='sh -c $as_echo_n_body as_echo' + fi + export as_echo_body + as_echo='sh -c $as_echo_body as_echo' +fi + +# The user is always right. +if test "${PATH_SEPARATOR+set}" != set; then + PATH_SEPARATOR=: + (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && { + (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 || + PATH_SEPARATOR=';' + } +fi + + +# IFS +# We need space, tab and new line, in precisely that order. Quoting is +# there to prevent editors from complaining about space-tab. +# (If _AS_PATH_WALK were called with IFS unset, it would disable word +# splitting by setting IFS to empty value.) +IFS=" "" $as_nl" + +# Find who we are. Look in the path if we contain no directory separator. +as_myself= +case $0 in #(( + *[\\/]* ) as_myself=$0 ;; + *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break + done +IFS=$as_save_IFS + + ;; +esac +# We did not find ourselves, most probably we were run as `sh COMMAND' +# in which case we are not to be found in the path. +if test "x$as_myself" = x; then + as_myself=$0 +fi +if test ! -f "$as_myself"; then + $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 + exit 1 +fi + +# Unset variables that we do not need and which cause bugs (e.g. in +# pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1" +# suppresses any "Segmentation fault" message there. '((' could +# trigger a bug in pdksh 5.2.14. +for as_var in BASH_ENV ENV MAIL MAILPATH +do eval test x\${$as_var+set} = xset \ + && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || : +done +PS1='$ ' +PS2='> ' +PS4='+ ' + +# NLS nuisances. +LC_ALL=C +export LC_ALL +LANGUAGE=C +export LANGUAGE + +# CDPATH. +(unset CDPATH) >/dev/null 2>&1 && unset CDPATH + + +# as_fn_error STATUS ERROR [LINENO LOG_FD] +# ---------------------------------------- +# Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are +# provided, also output the error to LOG_FD, referencing LINENO. Then exit the +# script with STATUS, using 1 if that was 0. +as_fn_error () +{ + as_status=$1; test $as_status -eq 0 && as_status=1 + if test "$4"; then + as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4 + fi + $as_echo "$as_me: error: $2" >&2 + as_fn_exit $as_status +} # as_fn_error + + +# as_fn_set_status STATUS +# ----------------------- +# Set $? to STATUS, without forking. +as_fn_set_status () +{ + return $1 +} # as_fn_set_status + +# as_fn_exit STATUS +# ----------------- +# Exit the shell with STATUS, even in a "trap 0" or "set -e" context. +as_fn_exit () +{ + set +e + as_fn_set_status $1 + exit $1 +} # as_fn_exit + +# as_fn_unset VAR +# --------------- +# Portably unset VAR. +as_fn_unset () +{ + { eval $1=; unset $1;} +} +as_unset=as_fn_unset +# as_fn_append VAR VALUE +# ---------------------- +# Append the text in VALUE to the end of the definition contained in VAR. Take +# advantage of any shell optimizations that allow amortized linear growth over +# repeated appends, instead of the typical quadratic growth present in naive +# implementations. +if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then : + eval 'as_fn_append () + { + eval $1+=\$2 + }' +else + as_fn_append () + { + eval $1=\$$1\$2 + } +fi # as_fn_append + +# as_fn_arith ARG... +# ------------------ +# Perform arithmetic evaluation on the ARGs, and store the result in the +# global $as_val. Take advantage of shells that can avoid forks. The arguments +# must be portable across $(()) and expr. +if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then : + eval 'as_fn_arith () + { + as_val=$(( $* )) + }' +else + as_fn_arith () + { + as_val=`expr "$@" || test $? -eq 1` + } +fi # as_fn_arith + + +if expr a : '\(a\)' >/dev/null 2>&1 && + test "X`expr 00001 : '.*\(...\)'`" = X001; then + as_expr=expr +else + as_expr=false +fi + +if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then + as_basename=basename +else + as_basename=false +fi + +if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then + as_dirname=dirname +else + as_dirname=false +fi + +as_me=`$as_basename -- "$0" || +$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ + X"$0" : 'X\(//\)$' \| \ + X"$0" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X/"$0" | + sed '/^.*\/\([^/][^/]*\)\/*$/{ + s//\1/ + q + } + /^X\/\(\/\/\)$/{ + s//\1/ + q + } + /^X\/\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + +# Avoid depending upon Character Ranges. +as_cr_letters='abcdefghijklmnopqrstuvwxyz' +as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' +as_cr_Letters=$as_cr_letters$as_cr_LETTERS +as_cr_digits='0123456789' +as_cr_alnum=$as_cr_Letters$as_cr_digits + +ECHO_C= ECHO_N= ECHO_T= +case `echo -n x` in #((((( +-n*) + case `echo 'xy\c'` in + *c*) ECHO_T=' ';; # ECHO_T is single tab character. + xy) ECHO_C='\c';; + *) echo `echo ksh88 bug on AIX 6.1` > /dev/null + ECHO_T=' ';; + esac;; +*) + ECHO_N='-n';; +esac + +rm -f conf$$ conf$$.exe conf$$.file +if test -d conf$$.dir; then + rm -f conf$$.dir/conf$$.file +else + rm -f conf$$.dir + mkdir conf$$.dir 2>/dev/null +fi +if (echo >conf$$.file) 2>/dev/null; then + if ln -s conf$$.file conf$$ 2>/dev/null; then + as_ln_s='ln -s' + # ... but there are two gotchas: + # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. + # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. + # In both cases, we have to default to `cp -p'. + ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || + as_ln_s='cp -p' + elif ln conf$$.file conf$$ 2>/dev/null; then + as_ln_s=ln + else + as_ln_s='cp -p' + fi +else + as_ln_s='cp -p' +fi +rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file +rmdir conf$$.dir 2>/dev/null + + +# as_fn_mkdir_p +# ------------- +# Create "$as_dir" as a directory, including parents if necessary. +as_fn_mkdir_p () +{ + + case $as_dir in #( + -*) as_dir=./$as_dir;; + esac + test -d "$as_dir" || eval $as_mkdir_p || { + as_dirs= + while :; do + case $as_dir in #( + *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'( + *) as_qdir=$as_dir;; + esac + as_dirs="'$as_qdir' $as_dirs" + as_dir=`$as_dirname -- "$as_dir" || +$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$as_dir" : 'X\(//\)[^/]' \| \ + X"$as_dir" : 'X\(//\)$' \| \ + X"$as_dir" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X"$as_dir" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + test -d "$as_dir" && break + done + test -z "$as_dirs" || eval "mkdir $as_dirs" + } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir" + + +} # as_fn_mkdir_p +if mkdir -p . 2>/dev/null; then + as_mkdir_p='mkdir -p "$as_dir"' +else + test -d ./-p && rmdir ./-p + as_mkdir_p=false +fi + +if test -x / >/dev/null 2>&1; then + as_test_x='test -x' +else + if ls -dL / >/dev/null 2>&1; then + as_ls_L_option=L + else + as_ls_L_option= + fi + as_test_x=' + eval sh -c '\'' + if test -d "$1"; then + test -d "$1/."; + else + case $1 in #( + -*)set "./$1";; + esac; + case `ls -ld'$as_ls_L_option' "$1" 2>/dev/null` in #(( + ???[sx]*):;;*)false;;esac;fi + '\'' sh + ' +fi +as_executable_p=$as_test_x + +# Sed expression to map a string onto a valid CPP name. +as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" + +# Sed expression to map a string onto a valid variable name. +as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" + + +exec 6>&1 +## ----------------------------------- ## +## Main body of $CONFIG_STATUS script. ## +## ----------------------------------- ## +_ASEOF +test $as_write_fail = 0 && chmod +x $CONFIG_STATUS || ac_write_fail=1 + +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +# Save the log message, to keep $0 and so on meaningful, and to +# report actual input values of CONFIG_FILES etc. instead of their +# values after options handling. +ac_log=" +This file was extended by MockLibc $as_me 1.1, which was +generated by GNU Autoconf 2.68. Invocation command line was + + CONFIG_FILES = $CONFIG_FILES + CONFIG_HEADERS = $CONFIG_HEADERS + CONFIG_LINKS = $CONFIG_LINKS + CONFIG_COMMANDS = $CONFIG_COMMANDS + $ $0 $@ + +on `(hostname || uname -n) 2>/dev/null | sed 1q` +" + +_ACEOF + +case $ac_config_files in *" +"*) set x $ac_config_files; shift; ac_config_files=$*;; +esac + +case $ac_config_headers in *" +"*) set x $ac_config_headers; shift; ac_config_headers=$*;; +esac + + +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +# Files that config.status was made for. +config_files="$ac_config_files" +config_headers="$ac_config_headers" +config_commands="$ac_config_commands" + +_ACEOF + +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +ac_cs_usage="\ +\`$as_me' instantiates files and other configuration actions +from templates according to the current configuration. Unless the files +and actions are specified as TAGs, all are instantiated by default. + +Usage: $0 [OPTION]... [TAG]... + + -h, --help print this help, then exit + -V, --version print version number and configuration settings, then exit + --config print configuration, then exit + -q, --quiet, --silent + do not print progress messages + -d, --debug don't remove temporary files + --recheck update $as_me by reconfiguring in the same conditions + --file=FILE[:TEMPLATE] + instantiate the configuration file FILE + --header=FILE[:TEMPLATE] + instantiate the configuration header FILE + +Configuration files: +$config_files + +Configuration headers: +$config_headers + +Configuration commands: +$config_commands + +Report bugs to ." + +_ACEOF +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" +ac_cs_version="\\ +MockLibc config.status 1.1 +configured by $0, generated by GNU Autoconf 2.68, + with options \\"\$ac_cs_config\\" + +Copyright (C) 2010 Free Software Foundation, Inc. +This config.status script is free software; the Free Software Foundation +gives unlimited permission to copy, distribute and modify it." + +ac_pwd='$ac_pwd' +srcdir='$srcdir' +INSTALL='$INSTALL' +MKDIR_P='$MKDIR_P' +AWK='$AWK' +test -n "\$AWK" || AWK=awk +_ACEOF + +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +# The default lists apply if the user does not specify any file. +ac_need_defaults=: +while test $# != 0 +do + case $1 in + --*=?*) + ac_option=`expr "X$1" : 'X\([^=]*\)='` + ac_optarg=`expr "X$1" : 'X[^=]*=\(.*\)'` + ac_shift=: + ;; + --*=) + ac_option=`expr "X$1" : 'X\([^=]*\)='` + ac_optarg= + ac_shift=: + ;; + *) + ac_option=$1 + ac_optarg=$2 + ac_shift=shift + ;; + esac + + case $ac_option in + # Handling of the options. + -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r) + ac_cs_recheck=: ;; + --version | --versio | --versi | --vers | --ver | --ve | --v | -V ) + $as_echo "$ac_cs_version"; exit ;; + --config | --confi | --conf | --con | --co | --c ) + $as_echo "$ac_cs_config"; exit ;; + --debug | --debu | --deb | --de | --d | -d ) + debug=: ;; + --file | --fil | --fi | --f ) + $ac_shift + case $ac_optarg in + *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;; + '') as_fn_error $? "missing file argument" ;; + esac + as_fn_append CONFIG_FILES " '$ac_optarg'" + ac_need_defaults=false;; + --header | --heade | --head | --hea ) + $ac_shift + case $ac_optarg in + *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;; + esac + as_fn_append CONFIG_HEADERS " '$ac_optarg'" + ac_need_defaults=false;; + --he | --h) + # Conflict between --help and --header + as_fn_error $? "ambiguous option: \`$1' +Try \`$0 --help' for more information.";; + --help | --hel | -h ) + $as_echo "$ac_cs_usage"; exit ;; + -q | -quiet | --quiet | --quie | --qui | --qu | --q \ + | -silent | --silent | --silen | --sile | --sil | --si | --s) + ac_cs_silent=: ;; + + # This is an error. + -*) as_fn_error $? "unrecognized option: \`$1' +Try \`$0 --help' for more information." ;; + + *) as_fn_append ac_config_targets " $1" + ac_need_defaults=false ;; + + esac + shift +done + +ac_configure_extra_args= + +if $ac_cs_silent; then + exec 6>/dev/null + ac_configure_extra_args="$ac_configure_extra_args --silent" +fi + +_ACEOF +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +if \$ac_cs_recheck; then + set X '$SHELL' '$0' $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion + shift + \$as_echo "running CONFIG_SHELL=$SHELL \$*" >&6 + CONFIG_SHELL='$SHELL' + export CONFIG_SHELL + exec "\$@" +fi + +_ACEOF +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +exec 5>>config.log +{ + echo + sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX +## Running $as_me. ## +_ASBOX + $as_echo "$ac_log" +} >&5 + +_ACEOF +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +# +# INIT-COMMANDS +# +AMDEP_TRUE="$AMDEP_TRUE" ac_aux_dir="$ac_aux_dir" + + +# The HP-UX ksh and POSIX shell print the target directory to stdout +# if CDPATH is set. +(unset CDPATH) >/dev/null 2>&1 && unset CDPATH + +sed_quote_subst='$sed_quote_subst' +double_quote_subst='$double_quote_subst' +delay_variable_subst='$delay_variable_subst' +macro_version='`$ECHO "$macro_version" | $SED "$delay_single_quote_subst"`' +macro_revision='`$ECHO "$macro_revision" | $SED "$delay_single_quote_subst"`' +enable_shared='`$ECHO "$enable_shared" | $SED "$delay_single_quote_subst"`' +enable_static='`$ECHO "$enable_static" | $SED "$delay_single_quote_subst"`' +pic_mode='`$ECHO "$pic_mode" | $SED "$delay_single_quote_subst"`' +enable_fast_install='`$ECHO "$enable_fast_install" | $SED "$delay_single_quote_subst"`' +SHELL='`$ECHO "$SHELL" | $SED "$delay_single_quote_subst"`' +ECHO='`$ECHO "$ECHO" | $SED "$delay_single_quote_subst"`' +PATH_SEPARATOR='`$ECHO "$PATH_SEPARATOR" | $SED "$delay_single_quote_subst"`' +host_alias='`$ECHO "$host_alias" | $SED "$delay_single_quote_subst"`' +host='`$ECHO "$host" | $SED "$delay_single_quote_subst"`' +host_os='`$ECHO "$host_os" | $SED "$delay_single_quote_subst"`' +build_alias='`$ECHO "$build_alias" | $SED "$delay_single_quote_subst"`' +build='`$ECHO "$build" | $SED "$delay_single_quote_subst"`' +build_os='`$ECHO "$build_os" | $SED "$delay_single_quote_subst"`' +SED='`$ECHO "$SED" | $SED "$delay_single_quote_subst"`' +Xsed='`$ECHO "$Xsed" | $SED "$delay_single_quote_subst"`' +GREP='`$ECHO "$GREP" | $SED "$delay_single_quote_subst"`' +EGREP='`$ECHO "$EGREP" | $SED "$delay_single_quote_subst"`' +FGREP='`$ECHO "$FGREP" | $SED "$delay_single_quote_subst"`' +LD='`$ECHO "$LD" | $SED "$delay_single_quote_subst"`' +NM='`$ECHO "$NM" | $SED "$delay_single_quote_subst"`' +LN_S='`$ECHO "$LN_S" | $SED "$delay_single_quote_subst"`' +max_cmd_len='`$ECHO "$max_cmd_len" | $SED "$delay_single_quote_subst"`' +ac_objext='`$ECHO "$ac_objext" | $SED "$delay_single_quote_subst"`' +exeext='`$ECHO "$exeext" | $SED "$delay_single_quote_subst"`' +lt_unset='`$ECHO "$lt_unset" | $SED "$delay_single_quote_subst"`' +lt_SP2NL='`$ECHO "$lt_SP2NL" | $SED "$delay_single_quote_subst"`' +lt_NL2SP='`$ECHO "$lt_NL2SP" | $SED "$delay_single_quote_subst"`' +lt_cv_to_host_file_cmd='`$ECHO "$lt_cv_to_host_file_cmd" | $SED "$delay_single_quote_subst"`' +lt_cv_to_tool_file_cmd='`$ECHO "$lt_cv_to_tool_file_cmd" | $SED "$delay_single_quote_subst"`' +reload_flag='`$ECHO "$reload_flag" | $SED "$delay_single_quote_subst"`' +reload_cmds='`$ECHO "$reload_cmds" | $SED "$delay_single_quote_subst"`' +OBJDUMP='`$ECHO "$OBJDUMP" | $SED "$delay_single_quote_subst"`' +deplibs_check_method='`$ECHO "$deplibs_check_method" | $SED "$delay_single_quote_subst"`' +file_magic_cmd='`$ECHO "$file_magic_cmd" | $SED "$delay_single_quote_subst"`' +file_magic_glob='`$ECHO "$file_magic_glob" | $SED "$delay_single_quote_subst"`' +want_nocaseglob='`$ECHO "$want_nocaseglob" | $SED "$delay_single_quote_subst"`' +DLLTOOL='`$ECHO "$DLLTOOL" | $SED "$delay_single_quote_subst"`' +sharedlib_from_linklib_cmd='`$ECHO "$sharedlib_from_linklib_cmd" | $SED "$delay_single_quote_subst"`' +AR='`$ECHO "$AR" | $SED "$delay_single_quote_subst"`' +AR_FLAGS='`$ECHO "$AR_FLAGS" | $SED "$delay_single_quote_subst"`' +archiver_list_spec='`$ECHO "$archiver_list_spec" | $SED "$delay_single_quote_subst"`' +STRIP='`$ECHO "$STRIP" | $SED "$delay_single_quote_subst"`' +RANLIB='`$ECHO "$RANLIB" | $SED "$delay_single_quote_subst"`' +old_postinstall_cmds='`$ECHO "$old_postinstall_cmds" | $SED "$delay_single_quote_subst"`' +old_postuninstall_cmds='`$ECHO "$old_postuninstall_cmds" | $SED "$delay_single_quote_subst"`' +old_archive_cmds='`$ECHO "$old_archive_cmds" | $SED "$delay_single_quote_subst"`' +lock_old_archive_extraction='`$ECHO "$lock_old_archive_extraction" | $SED "$delay_single_quote_subst"`' +CC='`$ECHO "$CC" | $SED "$delay_single_quote_subst"`' +CFLAGS='`$ECHO "$CFLAGS" | $SED "$delay_single_quote_subst"`' +compiler='`$ECHO "$compiler" | $SED "$delay_single_quote_subst"`' +GCC='`$ECHO "$GCC" | $SED "$delay_single_quote_subst"`' +lt_cv_sys_global_symbol_pipe='`$ECHO "$lt_cv_sys_global_symbol_pipe" | $SED "$delay_single_quote_subst"`' +lt_cv_sys_global_symbol_to_cdecl='`$ECHO "$lt_cv_sys_global_symbol_to_cdecl" | $SED "$delay_single_quote_subst"`' +lt_cv_sys_global_symbol_to_c_name_address='`$ECHO "$lt_cv_sys_global_symbol_to_c_name_address" | $SED "$delay_single_quote_subst"`' +lt_cv_sys_global_symbol_to_c_name_address_lib_prefix='`$ECHO "$lt_cv_sys_global_symbol_to_c_name_address_lib_prefix" | $SED "$delay_single_quote_subst"`' +nm_file_list_spec='`$ECHO "$nm_file_list_spec" | $SED "$delay_single_quote_subst"`' +lt_sysroot='`$ECHO "$lt_sysroot" | $SED "$delay_single_quote_subst"`' +objdir='`$ECHO "$objdir" | $SED "$delay_single_quote_subst"`' +MAGIC_CMD='`$ECHO "$MAGIC_CMD" | $SED "$delay_single_quote_subst"`' +lt_prog_compiler_no_builtin_flag='`$ECHO "$lt_prog_compiler_no_builtin_flag" | $SED "$delay_single_quote_subst"`' +lt_prog_compiler_pic='`$ECHO "$lt_prog_compiler_pic" | $SED "$delay_single_quote_subst"`' +lt_prog_compiler_wl='`$ECHO "$lt_prog_compiler_wl" | $SED "$delay_single_quote_subst"`' +lt_prog_compiler_static='`$ECHO "$lt_prog_compiler_static" | $SED "$delay_single_quote_subst"`' +lt_cv_prog_compiler_c_o='`$ECHO "$lt_cv_prog_compiler_c_o" | $SED "$delay_single_quote_subst"`' +need_locks='`$ECHO "$need_locks" | $SED "$delay_single_quote_subst"`' +MANIFEST_TOOL='`$ECHO "$MANIFEST_TOOL" | $SED "$delay_single_quote_subst"`' +DSYMUTIL='`$ECHO "$DSYMUTIL" | $SED "$delay_single_quote_subst"`' +NMEDIT='`$ECHO "$NMEDIT" | $SED "$delay_single_quote_subst"`' +LIPO='`$ECHO "$LIPO" | $SED "$delay_single_quote_subst"`' +OTOOL='`$ECHO "$OTOOL" | $SED "$delay_single_quote_subst"`' +OTOOL64='`$ECHO "$OTOOL64" | $SED "$delay_single_quote_subst"`' +libext='`$ECHO "$libext" | $SED "$delay_single_quote_subst"`' +shrext_cmds='`$ECHO "$shrext_cmds" | $SED "$delay_single_quote_subst"`' +extract_expsyms_cmds='`$ECHO "$extract_expsyms_cmds" | $SED "$delay_single_quote_subst"`' +archive_cmds_need_lc='`$ECHO "$archive_cmds_need_lc" | $SED "$delay_single_quote_subst"`' +enable_shared_with_static_runtimes='`$ECHO "$enable_shared_with_static_runtimes" | $SED "$delay_single_quote_subst"`' +export_dynamic_flag_spec='`$ECHO "$export_dynamic_flag_spec" | $SED "$delay_single_quote_subst"`' +whole_archive_flag_spec='`$ECHO "$whole_archive_flag_spec" | $SED "$delay_single_quote_subst"`' +compiler_needs_object='`$ECHO "$compiler_needs_object" | $SED "$delay_single_quote_subst"`' +old_archive_from_new_cmds='`$ECHO "$old_archive_from_new_cmds" | $SED "$delay_single_quote_subst"`' +old_archive_from_expsyms_cmds='`$ECHO "$old_archive_from_expsyms_cmds" | $SED "$delay_single_quote_subst"`' +archive_cmds='`$ECHO "$archive_cmds" | $SED "$delay_single_quote_subst"`' +archive_expsym_cmds='`$ECHO "$archive_expsym_cmds" | $SED "$delay_single_quote_subst"`' +module_cmds='`$ECHO "$module_cmds" | $SED "$delay_single_quote_subst"`' +module_expsym_cmds='`$ECHO "$module_expsym_cmds" | $SED "$delay_single_quote_subst"`' +with_gnu_ld='`$ECHO "$with_gnu_ld" | $SED "$delay_single_quote_subst"`' +allow_undefined_flag='`$ECHO "$allow_undefined_flag" | $SED "$delay_single_quote_subst"`' +no_undefined_flag='`$ECHO "$no_undefined_flag" | $SED "$delay_single_quote_subst"`' +hardcode_libdir_flag_spec='`$ECHO "$hardcode_libdir_flag_spec" | $SED "$delay_single_quote_subst"`' +hardcode_libdir_separator='`$ECHO "$hardcode_libdir_separator" | $SED "$delay_single_quote_subst"`' +hardcode_direct='`$ECHO "$hardcode_direct" | $SED "$delay_single_quote_subst"`' +hardcode_direct_absolute='`$ECHO "$hardcode_direct_absolute" | $SED "$delay_single_quote_subst"`' +hardcode_minus_L='`$ECHO "$hardcode_minus_L" | $SED "$delay_single_quote_subst"`' +hardcode_shlibpath_var='`$ECHO "$hardcode_shlibpath_var" | $SED "$delay_single_quote_subst"`' +hardcode_automatic='`$ECHO "$hardcode_automatic" | $SED "$delay_single_quote_subst"`' +inherit_rpath='`$ECHO "$inherit_rpath" | $SED "$delay_single_quote_subst"`' +link_all_deplibs='`$ECHO "$link_all_deplibs" | $SED "$delay_single_quote_subst"`' +always_export_symbols='`$ECHO "$always_export_symbols" | $SED "$delay_single_quote_subst"`' +export_symbols_cmds='`$ECHO "$export_symbols_cmds" | $SED "$delay_single_quote_subst"`' +exclude_expsyms='`$ECHO "$exclude_expsyms" | $SED "$delay_single_quote_subst"`' +include_expsyms='`$ECHO "$include_expsyms" | $SED "$delay_single_quote_subst"`' +prelink_cmds='`$ECHO "$prelink_cmds" | $SED "$delay_single_quote_subst"`' +postlink_cmds='`$ECHO "$postlink_cmds" | $SED "$delay_single_quote_subst"`' +file_list_spec='`$ECHO "$file_list_spec" | $SED "$delay_single_quote_subst"`' +variables_saved_for_relink='`$ECHO "$variables_saved_for_relink" | $SED "$delay_single_quote_subst"`' +need_lib_prefix='`$ECHO "$need_lib_prefix" | $SED "$delay_single_quote_subst"`' +need_version='`$ECHO "$need_version" | $SED "$delay_single_quote_subst"`' +version_type='`$ECHO "$version_type" | $SED "$delay_single_quote_subst"`' +runpath_var='`$ECHO "$runpath_var" | $SED "$delay_single_quote_subst"`' +shlibpath_var='`$ECHO "$shlibpath_var" | $SED "$delay_single_quote_subst"`' +shlibpath_overrides_runpath='`$ECHO "$shlibpath_overrides_runpath" | $SED "$delay_single_quote_subst"`' +libname_spec='`$ECHO "$libname_spec" | $SED "$delay_single_quote_subst"`' +library_names_spec='`$ECHO "$library_names_spec" | $SED "$delay_single_quote_subst"`' +soname_spec='`$ECHO "$soname_spec" | $SED "$delay_single_quote_subst"`' +install_override_mode='`$ECHO "$install_override_mode" | $SED "$delay_single_quote_subst"`' +postinstall_cmds='`$ECHO "$postinstall_cmds" | $SED "$delay_single_quote_subst"`' +postuninstall_cmds='`$ECHO "$postuninstall_cmds" | $SED "$delay_single_quote_subst"`' +finish_cmds='`$ECHO "$finish_cmds" | $SED "$delay_single_quote_subst"`' +finish_eval='`$ECHO "$finish_eval" | $SED "$delay_single_quote_subst"`' +hardcode_into_libs='`$ECHO "$hardcode_into_libs" | $SED "$delay_single_quote_subst"`' +sys_lib_search_path_spec='`$ECHO "$sys_lib_search_path_spec" | $SED "$delay_single_quote_subst"`' +sys_lib_dlsearch_path_spec='`$ECHO "$sys_lib_dlsearch_path_spec" | $SED "$delay_single_quote_subst"`' +hardcode_action='`$ECHO "$hardcode_action" | $SED "$delay_single_quote_subst"`' +enable_dlopen='`$ECHO "$enable_dlopen" | $SED "$delay_single_quote_subst"`' +enable_dlopen_self='`$ECHO "$enable_dlopen_self" | $SED "$delay_single_quote_subst"`' +enable_dlopen_self_static='`$ECHO "$enable_dlopen_self_static" | $SED "$delay_single_quote_subst"`' +old_striplib='`$ECHO "$old_striplib" | $SED "$delay_single_quote_subst"`' +striplib='`$ECHO "$striplib" | $SED "$delay_single_quote_subst"`' + +LTCC='$LTCC' +LTCFLAGS='$LTCFLAGS' +compiler='$compiler_DEFAULT' + +# A function that is used when there is no print builtin or printf. +func_fallback_echo () +{ + eval 'cat <<_LTECHO_EOF +\$1 +_LTECHO_EOF' +} + +# Quote evaled strings. +for var in SHELL \ +ECHO \ +PATH_SEPARATOR \ +SED \ +GREP \ +EGREP \ +FGREP \ +LD \ +NM \ +LN_S \ +lt_SP2NL \ +lt_NL2SP \ +reload_flag \ +OBJDUMP \ +deplibs_check_method \ +file_magic_cmd \ +file_magic_glob \ +want_nocaseglob \ +DLLTOOL \ +sharedlib_from_linklib_cmd \ +AR \ +AR_FLAGS \ +archiver_list_spec \ +STRIP \ +RANLIB \ +CC \ +CFLAGS \ +compiler \ +lt_cv_sys_global_symbol_pipe \ +lt_cv_sys_global_symbol_to_cdecl \ +lt_cv_sys_global_symbol_to_c_name_address \ +lt_cv_sys_global_symbol_to_c_name_address_lib_prefix \ +nm_file_list_spec \ +lt_prog_compiler_no_builtin_flag \ +lt_prog_compiler_pic \ +lt_prog_compiler_wl \ +lt_prog_compiler_static \ +lt_cv_prog_compiler_c_o \ +need_locks \ +MANIFEST_TOOL \ +DSYMUTIL \ +NMEDIT \ +LIPO \ +OTOOL \ +OTOOL64 \ +shrext_cmds \ +export_dynamic_flag_spec \ +whole_archive_flag_spec \ +compiler_needs_object \ +with_gnu_ld \ +allow_undefined_flag \ +no_undefined_flag \ +hardcode_libdir_flag_spec \ +hardcode_libdir_separator \ +exclude_expsyms \ +include_expsyms \ +file_list_spec \ +variables_saved_for_relink \ +libname_spec \ +library_names_spec \ +soname_spec \ +install_override_mode \ +finish_eval \ +old_striplib \ +striplib; do + case \`eval \\\\\$ECHO \\\\""\\\\\$\$var"\\\\"\` in + *[\\\\\\\`\\"\\\$]*) + eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"\\\$\$var\\" | \\\$SED \\"\\\$sed_quote_subst\\"\\\`\\\\\\"" + ;; + *) + eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\"" + ;; + esac +done + +# Double-quote double-evaled strings. +for var in reload_cmds \ +old_postinstall_cmds \ +old_postuninstall_cmds \ +old_archive_cmds \ +extract_expsyms_cmds \ +old_archive_from_new_cmds \ +old_archive_from_expsyms_cmds \ +archive_cmds \ +archive_expsym_cmds \ +module_cmds \ +module_expsym_cmds \ +export_symbols_cmds \ +prelink_cmds \ +postlink_cmds \ +postinstall_cmds \ +postuninstall_cmds \ +finish_cmds \ +sys_lib_search_path_spec \ +sys_lib_dlsearch_path_spec; do + case \`eval \\\\\$ECHO \\\\""\\\\\$\$var"\\\\"\` in + *[\\\\\\\`\\"\\\$]*) + eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"\\\$\$var\\" | \\\$SED -e \\"\\\$double_quote_subst\\" -e \\"\\\$sed_quote_subst\\" -e \\"\\\$delay_variable_subst\\"\\\`\\\\\\"" + ;; + *) + eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\"" + ;; + esac +done + +ac_aux_dir='$ac_aux_dir' +xsi_shell='$xsi_shell' +lt_shell_append='$lt_shell_append' + +# See if we are running on zsh, and set the options which allow our +# commands through without removal of \ escapes INIT. +if test -n "\${ZSH_VERSION+set}" ; then + setopt NO_GLOB_SUBST +fi + + + PACKAGE='$PACKAGE' + VERSION='$VERSION' + TIMESTAMP='$TIMESTAMP' + RM='$RM' + ofile='$ofile' + + + + +_ACEOF + +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 + +# Handling of arguments. +for ac_config_target in $ac_config_targets +do + case $ac_config_target in + "config.h") CONFIG_HEADERS="$CONFIG_HEADERS config.h" ;; + "depfiles") CONFIG_COMMANDS="$CONFIG_COMMANDS depfiles" ;; + "libtool") CONFIG_COMMANDS="$CONFIG_COMMANDS libtool" ;; + "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;; + "src/Makefile") CONFIG_FILES="$CONFIG_FILES src/Makefile" ;; + "bin/Makefile") CONFIG_FILES="$CONFIG_FILES bin/Makefile" ;; + + *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;; + esac +done + + +# If the user did not use the arguments to specify the items to instantiate, +# then the envvar interface is used. Set only those that are not. +# We use the long form for the default assignment because of an extremely +# bizarre bug on SunOS 4.1.3. +if $ac_need_defaults; then + test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files + test "${CONFIG_HEADERS+set}" = set || CONFIG_HEADERS=$config_headers + test "${CONFIG_COMMANDS+set}" = set || CONFIG_COMMANDS=$config_commands +fi + +# Have a temporary directory for convenience. Make it in the build tree +# simply because there is no reason against having it here, and in addition, +# creating and moving files from /tmp can sometimes cause problems. +# Hook for its removal unless debugging. +# Note that there is a small window in which the directory will not be cleaned: +# after its creation but before its name has been assigned to `$tmp'. +$debug || +{ + tmp= ac_tmp= + trap 'exit_status=$? + : "${ac_tmp:=$tmp}" + { test ! -d "$ac_tmp" || rm -fr "$ac_tmp"; } && exit $exit_status +' 0 + trap 'as_fn_exit 1' 1 2 13 15 +} +# Create a (secure) tmp directory for tmp files. + +{ + tmp=`(umask 077 && mktemp -d "./confXXXXXX") 2>/dev/null` && + test -d "$tmp" +} || +{ + tmp=./conf$$-$RANDOM + (umask 077 && mkdir "$tmp") +} || as_fn_error $? "cannot create a temporary directory in ." "$LINENO" 5 +ac_tmp=$tmp + +# Set up the scripts for CONFIG_FILES section. +# No need to generate them if there are no CONFIG_FILES. +# This happens for instance with `./config.status config.h'. +if test -n "$CONFIG_FILES"; then + + +ac_cr=`echo X | tr X '\015'` +# On cygwin, bash can eat \r inside `` if the user requested igncr. +# But we know of no other shell where ac_cr would be empty at this +# point, so we can use a bashism as a fallback. +if test "x$ac_cr" = x; then + eval ac_cr=\$\'\\r\' +fi +ac_cs_awk_cr=`$AWK 'BEGIN { print "a\rb" }' /dev/null` +if test "$ac_cs_awk_cr" = "a${ac_cr}b"; then + ac_cs_awk_cr='\\r' +else + ac_cs_awk_cr=$ac_cr +fi + +echo 'BEGIN {' >"$ac_tmp/subs1.awk" && +_ACEOF + + +{ + echo "cat >conf$$subs.awk <<_ACEOF" && + echo "$ac_subst_vars" | sed 's/.*/&!$&$ac_delim/' && + echo "_ACEOF" +} >conf$$subs.sh || + as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 +ac_delim_num=`echo "$ac_subst_vars" | grep -c '^'` +ac_delim='%!_!# ' +for ac_last_try in false false false false false :; do + . ./conf$$subs.sh || + as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 + + ac_delim_n=`sed -n "s/.*$ac_delim\$/X/p" conf$$subs.awk | grep -c X` + if test $ac_delim_n = $ac_delim_num; then + break + elif $ac_last_try; then + as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 + else + ac_delim="$ac_delim!$ac_delim _$ac_delim!! " + fi +done +rm -f conf$$subs.sh + +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +cat >>"\$ac_tmp/subs1.awk" <<\\_ACAWK && +_ACEOF +sed -n ' +h +s/^/S["/; s/!.*/"]=/ +p +g +s/^[^!]*!// +:repl +t repl +s/'"$ac_delim"'$// +t delim +:nl +h +s/\(.\{148\}\)..*/\1/ +t more1 +s/["\\]/\\&/g; s/^/"/; s/$/\\n"\\/ +p +n +b repl +:more1 +s/["\\]/\\&/g; s/^/"/; s/$/"\\/ +p +g +s/.\{148\}// +t nl +:delim +h +s/\(.\{148\}\)..*/\1/ +t more2 +s/["\\]/\\&/g; s/^/"/; s/$/"/ +p +b +:more2 +s/["\\]/\\&/g; s/^/"/; s/$/"\\/ +p +g +s/.\{148\}// +t delim +' >$CONFIG_STATUS || ac_write_fail=1 +rm -f conf$$subs.awk +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +_ACAWK +cat >>"\$ac_tmp/subs1.awk" <<_ACAWK && + for (key in S) S_is_set[key] = 1 + FS = "" + +} +{ + line = $ 0 + nfields = split(line, field, "@") + substed = 0 + len = length(field[1]) + for (i = 2; i < nfields; i++) { + key = field[i] + keylen = length(key) + if (S_is_set[key]) { + value = S[key] + line = substr(line, 1, len) "" value "" substr(line, len + keylen + 3) + len += length(value) + length(field[++i]) + substed = 1 + } else + len += 1 + keylen + } + + print line +} + +_ACAWK +_ACEOF +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +if sed "s/$ac_cr//" < /dev/null > /dev/null 2>&1; then + sed "s/$ac_cr\$//; s/$ac_cr/$ac_cs_awk_cr/g" +else + cat +fi < "$ac_tmp/subs1.awk" > "$ac_tmp/subs.awk" \ + || as_fn_error $? "could not setup config files machinery" "$LINENO" 5 +_ACEOF + +# VPATH may cause trouble with some makes, so we remove sole $(srcdir), +# ${srcdir} and @srcdir@ entries from VPATH if srcdir is ".", strip leading and +# trailing colons and then remove the whole line if VPATH becomes empty +# (actually we leave an empty line to preserve line numbers). +if test "x$srcdir" = x.; then + ac_vpsub='/^[ ]*VPATH[ ]*=[ ]*/{ +h +s/// +s/^/:/ +s/[ ]*$/:/ +s/:\$(srcdir):/:/g +s/:\${srcdir}:/:/g +s/:@srcdir@:/:/g +s/^:*// +s/:*$// +x +s/\(=[ ]*\).*/\1/ +G +s/\n// +s/^[^=]*=[ ]*$// +}' +fi + +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +fi # test -n "$CONFIG_FILES" + +# Set up the scripts for CONFIG_HEADERS section. +# No need to generate them if there are no CONFIG_HEADERS. +# This happens for instance with `./config.status Makefile'. +if test -n "$CONFIG_HEADERS"; then +cat >"$ac_tmp/defines.awk" <<\_ACAWK || +BEGIN { +_ACEOF + +# Transform confdefs.h into an awk script `defines.awk', embedded as +# here-document in config.status, that substitutes the proper values into +# config.h.in to produce config.h. + +# Create a delimiter string that does not exist in confdefs.h, to ease +# handling of long lines. +ac_delim='%!_!# ' +for ac_last_try in false false :; do + ac_tt=`sed -n "/$ac_delim/p" confdefs.h` + if test -z "$ac_tt"; then + break + elif $ac_last_try; then + as_fn_error $? "could not make $CONFIG_HEADERS" "$LINENO" 5 + else + ac_delim="$ac_delim!$ac_delim _$ac_delim!! " + fi +done + +# For the awk script, D is an array of macro values keyed by name, +# likewise P contains macro parameters if any. Preserve backslash +# newline sequences. + +ac_word_re=[_$as_cr_Letters][_$as_cr_alnum]* +sed -n ' +s/.\{148\}/&'"$ac_delim"'/g +t rset +:rset +s/^[ ]*#[ ]*define[ ][ ]*/ / +t def +d +:def +s/\\$// +t bsnl +s/["\\]/\\&/g +s/^ \('"$ac_word_re"'\)\(([^()]*)\)[ ]*\(.*\)/P["\1"]="\2"\ +D["\1"]=" \3"/p +s/^ \('"$ac_word_re"'\)[ ]*\(.*\)/D["\1"]=" \2"/p +d +:bsnl +s/["\\]/\\&/g +s/^ \('"$ac_word_re"'\)\(([^()]*)\)[ ]*\(.*\)/P["\1"]="\2"\ +D["\1"]=" \3\\\\\\n"\\/p +t cont +s/^ \('"$ac_word_re"'\)[ ]*\(.*\)/D["\1"]=" \2\\\\\\n"\\/p +t cont +d +:cont +n +s/.\{148\}/&'"$ac_delim"'/g +t clear +:clear +s/\\$// +t bsnlc +s/["\\]/\\&/g; s/^/"/; s/$/"/p +d +:bsnlc +s/["\\]/\\&/g; s/^/"/; s/$/\\\\\\n"\\/p +b cont +' >$CONFIG_STATUS || ac_write_fail=1 + +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 + for (key in D) D_is_set[key] = 1 + FS = "" +} +/^[\t ]*#[\t ]*(define|undef)[\t ]+$ac_word_re([\t (]|\$)/ { + line = \$ 0 + split(line, arg, " ") + if (arg[1] == "#") { + defundef = arg[2] + mac1 = arg[3] + } else { + defundef = substr(arg[1], 2) + mac1 = arg[2] + } + split(mac1, mac2, "(") #) + macro = mac2[1] + prefix = substr(line, 1, index(line, defundef) - 1) + if (D_is_set[macro]) { + # Preserve the white space surrounding the "#". + print prefix "define", macro P[macro] D[macro] + next + } else { + # Replace #undef with comments. This is necessary, for example, + # in the case of _POSIX_SOURCE, which is predefined and required + # on some systems where configure will not decide to define it. + if (defundef == "undef") { + print "/*", prefix defundef, macro, "*/" + next + } + } +} +{ print } +_ACAWK +_ACEOF +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 + as_fn_error $? "could not setup config headers machinery" "$LINENO" 5 +fi # test -n "$CONFIG_HEADERS" + + +eval set X " :F $CONFIG_FILES :H $CONFIG_HEADERS :C $CONFIG_COMMANDS" +shift +for ac_tag +do + case $ac_tag in + :[FHLC]) ac_mode=$ac_tag; continue;; + esac + case $ac_mode$ac_tag in + :[FHL]*:*);; + :L* | :C*:*) as_fn_error $? "invalid tag \`$ac_tag'" "$LINENO" 5;; + :[FH]-) ac_tag=-:-;; + :[FH]*) ac_tag=$ac_tag:$ac_tag.in;; + esac + ac_save_IFS=$IFS + IFS=: + set x $ac_tag + IFS=$ac_save_IFS + shift + ac_file=$1 + shift + + case $ac_mode in + :L) ac_source=$1;; + :[FH]) + ac_file_inputs= + for ac_f + do + case $ac_f in + -) ac_f="$ac_tmp/stdin";; + *) # Look for the file first in the build tree, then in the source tree + # (if the path is not absolute). The absolute path cannot be DOS-style, + # because $ac_f cannot contain `:'. + test -f "$ac_f" || + case $ac_f in + [\\/$]*) false;; + *) test -f "$srcdir/$ac_f" && ac_f="$srcdir/$ac_f";; + esac || + as_fn_error 1 "cannot find input file: \`$ac_f'" "$LINENO" 5;; + esac + case $ac_f in *\'*) ac_f=`$as_echo "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac + as_fn_append ac_file_inputs " '$ac_f'" + done + + # Let's still pretend it is `configure' which instantiates (i.e., don't + # use $as_me), people would be surprised to read: + # /* config.h. Generated by config.status. */ + configure_input='Generated from '` + $as_echo "$*" | sed 's|^[^:]*/||;s|:[^:]*/|, |g' + `' by configure.' + if test x"$ac_file" != x-; then + configure_input="$ac_file. $configure_input" + { $as_echo "$as_me:${as_lineno-$LINENO}: creating $ac_file" >&5 +$as_echo "$as_me: creating $ac_file" >&6;} + fi + # Neutralize special characters interpreted by sed in replacement strings. + case $configure_input in #( + *\&* | *\|* | *\\* ) + ac_sed_conf_input=`$as_echo "$configure_input" | + sed 's/[\\\\&|]/\\\\&/g'`;; #( + *) ac_sed_conf_input=$configure_input;; + esac + + case $ac_tag in + *:-:* | *:-) cat >"$ac_tmp/stdin" \ + || as_fn_error $? "could not create $ac_file" "$LINENO" 5 ;; + esac + ;; + esac + + ac_dir=`$as_dirname -- "$ac_file" || +$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$ac_file" : 'X\(//\)[^/]' \| \ + X"$ac_file" : 'X\(//\)$' \| \ + X"$ac_file" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X"$ac_file" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + as_dir="$ac_dir"; as_fn_mkdir_p + ac_builddir=. + +case "$ac_dir" in +.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;; +*) + ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'` + # A ".." for each directory in $ac_dir_suffix. + ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'` + case $ac_top_builddir_sub in + "") ac_top_builddir_sub=. ac_top_build_prefix= ;; + *) ac_top_build_prefix=$ac_top_builddir_sub/ ;; + esac ;; +esac +ac_abs_top_builddir=$ac_pwd +ac_abs_builddir=$ac_pwd$ac_dir_suffix +# for backward compatibility: +ac_top_builddir=$ac_top_build_prefix + +case $srcdir in + .) # We are building in place. + ac_srcdir=. + ac_top_srcdir=$ac_top_builddir_sub + ac_abs_top_srcdir=$ac_pwd ;; + [\\/]* | ?:[\\/]* ) # Absolute name. + ac_srcdir=$srcdir$ac_dir_suffix; + ac_top_srcdir=$srcdir + ac_abs_top_srcdir=$srcdir ;; + *) # Relative name. + ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix + ac_top_srcdir=$ac_top_build_prefix$srcdir + ac_abs_top_srcdir=$ac_pwd/$srcdir ;; +esac +ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix + + + case $ac_mode in + :F) + # + # CONFIG_FILE + # + + case $INSTALL in + [\\/$]* | ?:[\\/]* ) ac_INSTALL=$INSTALL ;; + *) ac_INSTALL=$ac_top_build_prefix$INSTALL ;; + esac + ac_MKDIR_P=$MKDIR_P + case $MKDIR_P in + [\\/$]* | ?:[\\/]* ) ;; + */*) ac_MKDIR_P=$ac_top_build_prefix$MKDIR_P ;; + esac +_ACEOF + +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +# If the template does not know about datarootdir, expand it. +# FIXME: This hack should be removed a few years after 2.60. +ac_datarootdir_hack=; ac_datarootdir_seen= +ac_sed_dataroot=' +/datarootdir/ { + p + q +} +/@datadir@/p +/@docdir@/p +/@infodir@/p +/@localedir@/p +/@mandir@/p' +case `eval "sed -n \"\$ac_sed_dataroot\" $ac_file_inputs"` in +*datarootdir*) ac_datarootdir_seen=yes;; +*@datadir@*|*@docdir@*|*@infodir@*|*@localedir@*|*@mandir@*) + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5 +$as_echo "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;} +_ACEOF +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 + ac_datarootdir_hack=' + s&@datadir@&$datadir&g + s&@docdir@&$docdir&g + s&@infodir@&$infodir&g + s&@localedir@&$localedir&g + s&@mandir@&$mandir&g + s&\\\${datarootdir}&$datarootdir&g' ;; +esac +_ACEOF + +# Neutralize VPATH when `$srcdir' = `.'. +# Shell code in configure.ac might set extrasub. +# FIXME: do we really want to maintain this feature? +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +ac_sed_extra="$ac_vpsub +$extrasub +_ACEOF +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +:t +/@[a-zA-Z_][a-zA-Z_0-9]*@/!b +s|@configure_input@|$ac_sed_conf_input|;t t +s&@top_builddir@&$ac_top_builddir_sub&;t t +s&@top_build_prefix@&$ac_top_build_prefix&;t t +s&@srcdir@&$ac_srcdir&;t t +s&@abs_srcdir@&$ac_abs_srcdir&;t t +s&@top_srcdir@&$ac_top_srcdir&;t t +s&@abs_top_srcdir@&$ac_abs_top_srcdir&;t t +s&@builddir@&$ac_builddir&;t t +s&@abs_builddir@&$ac_abs_builddir&;t t +s&@abs_top_builddir@&$ac_abs_top_builddir&;t t +s&@INSTALL@&$ac_INSTALL&;t t +s&@MKDIR_P@&$ac_MKDIR_P&;t t +$ac_datarootdir_hack +" +eval sed \"\$ac_sed_extra\" "$ac_file_inputs" | $AWK -f "$ac_tmp/subs.awk" \ + >$ac_tmp/out || as_fn_error $? "could not create $ac_file" "$LINENO" 5 + +test -z "$ac_datarootdir_hack$ac_datarootdir_seen" && + { ac_out=`sed -n '/\${datarootdir}/p' "$ac_tmp/out"`; test -n "$ac_out"; } && + { ac_out=`sed -n '/^[ ]*datarootdir[ ]*:*=/p' \ + "$ac_tmp/out"`; test -z "$ac_out"; } && + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file contains a reference to the variable \`datarootdir' +which seems to be undefined. Please make sure it is defined" >&5 +$as_echo "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir' +which seems to be undefined. Please make sure it is defined" >&2;} + + rm -f "$ac_tmp/stdin" + case $ac_file in + -) cat "$ac_tmp/out" && rm -f "$ac_tmp/out";; + *) rm -f "$ac_file" && mv "$ac_tmp/out" "$ac_file";; + esac \ + || as_fn_error $? "could not create $ac_file" "$LINENO" 5 + ;; + :H) + # + # CONFIG_HEADER + # + if test x"$ac_file" != x-; then + { + $as_echo "/* $configure_input */" \ + && eval '$AWK -f "$ac_tmp/defines.awk"' "$ac_file_inputs" + } >"$ac_tmp/config.h" \ + || as_fn_error $? "could not create $ac_file" "$LINENO" 5 + if diff "$ac_file" "$ac_tmp/config.h" >/dev/null 2>&1; then + { $as_echo "$as_me:${as_lineno-$LINENO}: $ac_file is unchanged" >&5 +$as_echo "$as_me: $ac_file is unchanged" >&6;} + else + rm -f "$ac_file" + mv "$ac_tmp/config.h" "$ac_file" \ + || as_fn_error $? "could not create $ac_file" "$LINENO" 5 + fi + else + $as_echo "/* $configure_input */" \ + && eval '$AWK -f "$ac_tmp/defines.awk"' "$ac_file_inputs" \ + || as_fn_error $? "could not create -" "$LINENO" 5 + fi +# Compute "$ac_file"'s index in $config_headers. +_am_arg="$ac_file" +_am_stamp_count=1 +for _am_header in $config_headers :; do + case $_am_header in + $_am_arg | $_am_arg:* ) + break ;; + * ) + _am_stamp_count=`expr $_am_stamp_count + 1` ;; + esac +done +echo "timestamp for $_am_arg" >`$as_dirname -- "$_am_arg" || +$as_expr X"$_am_arg" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$_am_arg" : 'X\(//\)[^/]' \| \ + X"$_am_arg" : 'X\(//\)$' \| \ + X"$_am_arg" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X"$_am_arg" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'`/stamp-h$_am_stamp_count + ;; + + :C) { $as_echo "$as_me:${as_lineno-$LINENO}: executing $ac_file commands" >&5 +$as_echo "$as_me: executing $ac_file commands" >&6;} + ;; + esac + + + case $ac_file$ac_mode in + "depfiles":C) test x"$AMDEP_TRUE" != x"" || { + # Autoconf 2.62 quotes --file arguments for eval, but not when files + # are listed without --file. Let's play safe and only enable the eval + # if we detect the quoting. + case $CONFIG_FILES in + *\'*) eval set x "$CONFIG_FILES" ;; + *) set x $CONFIG_FILES ;; + esac + shift + for mf + do + # Strip MF so we end up with the name of the file. + mf=`echo "$mf" | sed -e 's/:.*$//'` + # Check whether this is an Automake generated Makefile or not. + # We used to match only the files named `Makefile.in', but + # some people rename them; so instead we look at the file content. + # Grep'ing the first line is not enough: some people post-process + # each Makefile.in and add a new line on top of each file to say so. + # Grep'ing the whole file is not good either: AIX grep has a line + # limit of 2048, but all sed's we know have understand at least 4000. + if sed -n 's,^#.*generated by automake.*,X,p' "$mf" | grep X >/dev/null 2>&1; then + dirpart=`$as_dirname -- "$mf" || +$as_expr X"$mf" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$mf" : 'X\(//\)[^/]' \| \ + X"$mf" : 'X\(//\)$' \| \ + X"$mf" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X"$mf" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + else + continue + fi + # Extract the definition of DEPDIR, am__include, and am__quote + # from the Makefile without running `make'. + DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"` + test -z "$DEPDIR" && continue + am__include=`sed -n 's/^am__include = //p' < "$mf"` + test -z "am__include" && continue + am__quote=`sed -n 's/^am__quote = //p' < "$mf"` + # When using ansi2knr, U may be empty or an underscore; expand it + U=`sed -n 's/^U = //p' < "$mf"` + # Find all dependency output files, they are included files with + # $(DEPDIR) in their names. We invoke sed twice because it is the + # simplest approach to changing $(DEPDIR) to its actual value in the + # expansion. + for file in `sed -n " + s/^$am__include $am__quote\(.*(DEPDIR).*\)$am__quote"'$/\1/p' <"$mf" | \ + sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g' -e 's/\$U/'"$U"'/g'`; do + # Make sure the directory exists. + test -f "$dirpart/$file" && continue + fdir=`$as_dirname -- "$file" || +$as_expr X"$file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$file" : 'X\(//\)[^/]' \| \ + X"$file" : 'X\(//\)$' \| \ + X"$file" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X"$file" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + as_dir=$dirpart/$fdir; as_fn_mkdir_p + # echo "creating $dirpart/$file" + echo '# dummy' > "$dirpart/$file" + done + done +} + ;; + "libtool":C) + + # See if we are running on zsh, and set the options which allow our + # commands through without removal of \ escapes. + if test -n "${ZSH_VERSION+set}" ; then + setopt NO_GLOB_SUBST + fi + + cfgfile="${ofile}T" + trap "$RM \"$cfgfile\"; exit 1" 1 2 15 + $RM "$cfgfile" + + cat <<_LT_EOF >> "$cfgfile" +#! $SHELL + +# `$ECHO "$ofile" | sed 's%^.*/%%'` - Provide generalized library-building support services. +# Generated automatically by $as_me ($PACKAGE$TIMESTAMP) $VERSION +# Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`: +# NOTE: Changes made to this file will be lost: look at ltmain.sh. +# +# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005, +# 2006, 2007, 2008, 2009, 2010, 2011 Free Software +# Foundation, Inc. +# Written by Gordon Matzigkeit, 1996 +# +# This file is part of GNU Libtool. +# +# GNU Libtool is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License as +# published by the Free Software Foundation; either version 2 of +# the License, or (at your option) any later version. +# +# As a special exception to the GNU General Public License, +# if you distribute this file as part of a program or library that +# is built using GNU Libtool, you may include this file under the +# same distribution terms that you use for the rest of that program. +# +# GNU Libtool is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GNU Libtool; see the file COPYING. If not, a copy +# can be downloaded from http://www.gnu.org/licenses/gpl.html, or +# obtained by writing to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + + +# The names of the tagged configurations supported by this script. +available_tags="" + +# ### BEGIN LIBTOOL CONFIG + +# Which release of libtool.m4 was used? +macro_version=$macro_version +macro_revision=$macro_revision + +# Whether or not to build shared libraries. +build_libtool_libs=$enable_shared + +# Whether or not to build static libraries. +build_old_libs=$enable_static + +# What type of objects to build. +pic_mode=$pic_mode + +# Whether or not to optimize for fast installation. +fast_install=$enable_fast_install + +# Shell to use when invoking shell scripts. +SHELL=$lt_SHELL + +# An echo program that protects backslashes. +ECHO=$lt_ECHO + +# The PATH separator for the build system. +PATH_SEPARATOR=$lt_PATH_SEPARATOR + +# The host system. +host_alias=$host_alias +host=$host +host_os=$host_os + +# The build system. +build_alias=$build_alias +build=$build +build_os=$build_os + +# A sed program that does not truncate output. +SED=$lt_SED + +# Sed that helps us avoid accidentally triggering echo(1) options like -n. +Xsed="\$SED -e 1s/^X//" + +# A grep program that handles long lines. +GREP=$lt_GREP + +# An ERE matcher. +EGREP=$lt_EGREP + +# A literal string matcher. +FGREP=$lt_FGREP + +# A BSD- or MS-compatible name lister. +NM=$lt_NM + +# Whether we need soft or hard links. +LN_S=$lt_LN_S + +# What is the maximum length of a command? +max_cmd_len=$max_cmd_len + +# Object file suffix (normally "o"). +objext=$ac_objext + +# Executable file suffix (normally ""). +exeext=$exeext + +# whether the shell understands "unset". +lt_unset=$lt_unset + +# turn spaces into newlines. +SP2NL=$lt_lt_SP2NL + +# turn newlines into spaces. +NL2SP=$lt_lt_NL2SP + +# convert \$build file names to \$host format. +to_host_file_cmd=$lt_cv_to_host_file_cmd + +# convert \$build files to toolchain format. +to_tool_file_cmd=$lt_cv_to_tool_file_cmd + +# An object symbol dumper. +OBJDUMP=$lt_OBJDUMP + +# Method to check whether dependent libraries are shared objects. +deplibs_check_method=$lt_deplibs_check_method + +# Command to use when deplibs_check_method = "file_magic". +file_magic_cmd=$lt_file_magic_cmd + +# How to find potential files when deplibs_check_method = "file_magic". +file_magic_glob=$lt_file_magic_glob + +# Find potential files using nocaseglob when deplibs_check_method = "file_magic". +want_nocaseglob=$lt_want_nocaseglob + +# DLL creation program. +DLLTOOL=$lt_DLLTOOL + +# Command to associate shared and link libraries. +sharedlib_from_linklib_cmd=$lt_sharedlib_from_linklib_cmd + +# The archiver. +AR=$lt_AR + +# Flags to create an archive. +AR_FLAGS=$lt_AR_FLAGS + +# How to feed a file listing to the archiver. +archiver_list_spec=$lt_archiver_list_spec + +# A symbol stripping program. +STRIP=$lt_STRIP + +# Commands used to install an old-style archive. +RANLIB=$lt_RANLIB +old_postinstall_cmds=$lt_old_postinstall_cmds +old_postuninstall_cmds=$lt_old_postuninstall_cmds + +# Whether to use a lock for old archive extraction. +lock_old_archive_extraction=$lock_old_archive_extraction + +# A C compiler. +LTCC=$lt_CC + +# LTCC compiler flags. +LTCFLAGS=$lt_CFLAGS + +# Take the output of nm and produce a listing of raw symbols and C names. +global_symbol_pipe=$lt_lt_cv_sys_global_symbol_pipe + +# Transform the output of nm in a proper C declaration. +global_symbol_to_cdecl=$lt_lt_cv_sys_global_symbol_to_cdecl + +# Transform the output of nm in a C name address pair. +global_symbol_to_c_name_address=$lt_lt_cv_sys_global_symbol_to_c_name_address + +# Transform the output of nm in a C name address pair when lib prefix is needed. +global_symbol_to_c_name_address_lib_prefix=$lt_lt_cv_sys_global_symbol_to_c_name_address_lib_prefix + +# Specify filename containing input files for \$NM. +nm_file_list_spec=$lt_nm_file_list_spec + +# The root where to search for dependent libraries,and in which our libraries should be installed. +lt_sysroot=$lt_sysroot + +# The name of the directory that contains temporary libtool files. +objdir=$objdir + +# Used to examine libraries when file_magic_cmd begins with "file". +MAGIC_CMD=$MAGIC_CMD + +# Must we lock files when doing compilation? +need_locks=$lt_need_locks + +# Manifest tool. +MANIFEST_TOOL=$lt_MANIFEST_TOOL + +# Tool to manipulate archived DWARF debug symbol files on Mac OS X. +DSYMUTIL=$lt_DSYMUTIL + +# Tool to change global to local symbols on Mac OS X. +NMEDIT=$lt_NMEDIT + +# Tool to manipulate fat objects and archives on Mac OS X. +LIPO=$lt_LIPO + +# ldd/readelf like tool for Mach-O binaries on Mac OS X. +OTOOL=$lt_OTOOL + +# ldd/readelf like tool for 64 bit Mach-O binaries on Mac OS X 10.4. +OTOOL64=$lt_OTOOL64 + +# Old archive suffix (normally "a"). +libext=$libext + +# Shared library suffix (normally ".so"). +shrext_cmds=$lt_shrext_cmds + +# The commands to extract the exported symbol list from a shared archive. +extract_expsyms_cmds=$lt_extract_expsyms_cmds + +# Variables whose values should be saved in libtool wrapper scripts and +# restored at link time. +variables_saved_for_relink=$lt_variables_saved_for_relink + +# Do we need the "lib" prefix for modules? +need_lib_prefix=$need_lib_prefix + +# Do we need a version for libraries? +need_version=$need_version + +# Library versioning type. +version_type=$version_type + +# Shared library runtime path variable. +runpath_var=$runpath_var + +# Shared library path variable. +shlibpath_var=$shlibpath_var + +# Is shlibpath searched before the hard-coded library search path? +shlibpath_overrides_runpath=$shlibpath_overrides_runpath + +# Format of library name prefix. +libname_spec=$lt_libname_spec + +# List of archive names. First name is the real one, the rest are links. +# The last name is the one that the linker finds with -lNAME +library_names_spec=$lt_library_names_spec + +# The coded name of the library, if different from the real name. +soname_spec=$lt_soname_spec + +# Permission mode override for installation of shared libraries. +install_override_mode=$lt_install_override_mode + +# Command to use after installation of a shared archive. +postinstall_cmds=$lt_postinstall_cmds + +# Command to use after uninstallation of a shared archive. +postuninstall_cmds=$lt_postuninstall_cmds + +# Commands used to finish a libtool library installation in a directory. +finish_cmds=$lt_finish_cmds + +# As "finish_cmds", except a single script fragment to be evaled but +# not shown. +finish_eval=$lt_finish_eval + +# Whether we should hardcode library paths into libraries. +hardcode_into_libs=$hardcode_into_libs + +# Compile-time system search path for libraries. +sys_lib_search_path_spec=$lt_sys_lib_search_path_spec + +# Run-time system search path for libraries. +sys_lib_dlsearch_path_spec=$lt_sys_lib_dlsearch_path_spec + +# Whether dlopen is supported. +dlopen_support=$enable_dlopen + +# Whether dlopen of programs is supported. +dlopen_self=$enable_dlopen_self + +# Whether dlopen of statically linked programs is supported. +dlopen_self_static=$enable_dlopen_self_static + +# Commands to strip libraries. +old_striplib=$lt_old_striplib +striplib=$lt_striplib + + +# The linker used to build libraries. +LD=$lt_LD + +# How to create reloadable object files. +reload_flag=$lt_reload_flag +reload_cmds=$lt_reload_cmds + +# Commands used to build an old-style archive. +old_archive_cmds=$lt_old_archive_cmds + +# A language specific compiler. +CC=$lt_compiler + +# Is the compiler the GNU compiler? +with_gcc=$GCC + +# Compiler flag to turn off builtin functions. +no_builtin_flag=$lt_lt_prog_compiler_no_builtin_flag + +# Additional compiler flags for building library objects. +pic_flag=$lt_lt_prog_compiler_pic + +# How to pass a linker flag through the compiler. +wl=$lt_lt_prog_compiler_wl + +# Compiler flag to prevent dynamic linking. +link_static_flag=$lt_lt_prog_compiler_static + +# Does compiler simultaneously support -c and -o options? +compiler_c_o=$lt_lt_cv_prog_compiler_c_o + +# Whether or not to add -lc for building shared libraries. +build_libtool_need_lc=$archive_cmds_need_lc + +# Whether or not to disallow shared libs when runtime libs are static. +allow_libtool_libs_with_static_runtimes=$enable_shared_with_static_runtimes + +# Compiler flag to allow reflexive dlopens. +export_dynamic_flag_spec=$lt_export_dynamic_flag_spec + +# Compiler flag to generate shared objects directly from archives. +whole_archive_flag_spec=$lt_whole_archive_flag_spec + +# Whether the compiler copes with passing no objects directly. +compiler_needs_object=$lt_compiler_needs_object + +# Create an old-style archive from a shared archive. +old_archive_from_new_cmds=$lt_old_archive_from_new_cmds + +# Create a temporary old-style archive to link instead of a shared archive. +old_archive_from_expsyms_cmds=$lt_old_archive_from_expsyms_cmds + +# Commands used to build a shared archive. +archive_cmds=$lt_archive_cmds +archive_expsym_cmds=$lt_archive_expsym_cmds + +# Commands used to build a loadable module if different from building +# a shared archive. +module_cmds=$lt_module_cmds +module_expsym_cmds=$lt_module_expsym_cmds + +# Whether we are building with GNU ld or not. +with_gnu_ld=$lt_with_gnu_ld + +# Flag that allows shared libraries with undefined symbols to be built. +allow_undefined_flag=$lt_allow_undefined_flag + +# Flag that enforces no undefined symbols. +no_undefined_flag=$lt_no_undefined_flag + +# Flag to hardcode \$libdir into a binary during linking. +# This must work even if \$libdir does not exist +hardcode_libdir_flag_spec=$lt_hardcode_libdir_flag_spec + +# Whether we need a single "-rpath" flag with a separated argument. +hardcode_libdir_separator=$lt_hardcode_libdir_separator + +# Set to "yes" if using DIR/libNAME\${shared_ext} during linking hardcodes +# DIR into the resulting binary. +hardcode_direct=$hardcode_direct + +# Set to "yes" if using DIR/libNAME\${shared_ext} during linking hardcodes +# DIR into the resulting binary and the resulting library dependency is +# "absolute",i.e impossible to change by setting \${shlibpath_var} if the +# library is relocated. +hardcode_direct_absolute=$hardcode_direct_absolute + +# Set to "yes" if using the -LDIR flag during linking hardcodes DIR +# into the resulting binary. +hardcode_minus_L=$hardcode_minus_L + +# Set to "yes" if using SHLIBPATH_VAR=DIR during linking hardcodes DIR +# into the resulting binary. +hardcode_shlibpath_var=$hardcode_shlibpath_var + +# Set to "yes" if building a shared library automatically hardcodes DIR +# into the library and all subsequent libraries and executables linked +# against it. +hardcode_automatic=$hardcode_automatic + +# Set to yes if linker adds runtime paths of dependent libraries +# to runtime path list. +inherit_rpath=$inherit_rpath + +# Whether libtool must link a program against all its dependency libraries. +link_all_deplibs=$link_all_deplibs + +# Set to "yes" if exported symbols are required. +always_export_symbols=$always_export_symbols + +# The commands to list exported symbols. +export_symbols_cmds=$lt_export_symbols_cmds + +# Symbols that should not be listed in the preloaded symbols. +exclude_expsyms=$lt_exclude_expsyms + +# Symbols that must always be exported. +include_expsyms=$lt_include_expsyms + +# Commands necessary for linking programs (against libraries) with templates. +prelink_cmds=$lt_prelink_cmds + +# Commands necessary for finishing linking programs. +postlink_cmds=$lt_postlink_cmds + +# Specify filename containing input files. +file_list_spec=$lt_file_list_spec + +# How to hardcode a shared library path into an executable. +hardcode_action=$hardcode_action + +# ### END LIBTOOL CONFIG + +_LT_EOF + + case $host_os in + aix3*) + cat <<\_LT_EOF >> "$cfgfile" +# AIX sometimes has problems with the GCC collect2 program. For some +# reason, if we set the COLLECT_NAMES environment variable, the problems +# vanish in a puff of smoke. +if test "X${COLLECT_NAMES+set}" != Xset; then + COLLECT_NAMES= + export COLLECT_NAMES +fi +_LT_EOF + ;; + esac + + +ltmain="$ac_aux_dir/ltmain.sh" + + + # We use sed instead of cat because bash on DJGPP gets confused if + # if finds mixed CR/LF and LF-only lines. Since sed operates in + # text mode, it properly converts lines to CR/LF. This bash problem + # is reportedly fixed, but why not run on old versions too? + sed '$q' "$ltmain" >> "$cfgfile" \ + || (rm -f "$cfgfile"; exit 1) + + if test x"$xsi_shell" = xyes; then + sed -e '/^func_dirname ()$/,/^} # func_dirname /c\ +func_dirname ()\ +{\ +\ case ${1} in\ +\ */*) func_dirname_result="${1%/*}${2}" ;;\ +\ * ) func_dirname_result="${3}" ;;\ +\ esac\ +} # Extended-shell func_dirname implementation' "$cfgfile" > $cfgfile.tmp \ + && mv -f "$cfgfile.tmp" "$cfgfile" \ + || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") +test 0 -eq $? || _lt_function_replace_fail=: + + + sed -e '/^func_basename ()$/,/^} # func_basename /c\ +func_basename ()\ +{\ +\ func_basename_result="${1##*/}"\ +} # Extended-shell func_basename implementation' "$cfgfile" > $cfgfile.tmp \ + && mv -f "$cfgfile.tmp" "$cfgfile" \ + || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") +test 0 -eq $? || _lt_function_replace_fail=: + + + sed -e '/^func_dirname_and_basename ()$/,/^} # func_dirname_and_basename /c\ +func_dirname_and_basename ()\ +{\ +\ case ${1} in\ +\ */*) func_dirname_result="${1%/*}${2}" ;;\ +\ * ) func_dirname_result="${3}" ;;\ +\ esac\ +\ func_basename_result="${1##*/}"\ +} # Extended-shell func_dirname_and_basename implementation' "$cfgfile" > $cfgfile.tmp \ + && mv -f "$cfgfile.tmp" "$cfgfile" \ + || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") +test 0 -eq $? || _lt_function_replace_fail=: + + + sed -e '/^func_stripname ()$/,/^} # func_stripname /c\ +func_stripname ()\ +{\ +\ # pdksh 5.2.14 does not do ${X%$Y} correctly if both X and Y are\ +\ # positional parameters, so assign one to ordinary parameter first.\ +\ func_stripname_result=${3}\ +\ func_stripname_result=${func_stripname_result#"${1}"}\ +\ func_stripname_result=${func_stripname_result%"${2}"}\ +} # Extended-shell func_stripname implementation' "$cfgfile" > $cfgfile.tmp \ + && mv -f "$cfgfile.tmp" "$cfgfile" \ + || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") +test 0 -eq $? || _lt_function_replace_fail=: + + + sed -e '/^func_split_long_opt ()$/,/^} # func_split_long_opt /c\ +func_split_long_opt ()\ +{\ +\ func_split_long_opt_name=${1%%=*}\ +\ func_split_long_opt_arg=${1#*=}\ +} # Extended-shell func_split_long_opt implementation' "$cfgfile" > $cfgfile.tmp \ + && mv -f "$cfgfile.tmp" "$cfgfile" \ + || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") +test 0 -eq $? || _lt_function_replace_fail=: + + + sed -e '/^func_split_short_opt ()$/,/^} # func_split_short_opt /c\ +func_split_short_opt ()\ +{\ +\ func_split_short_opt_arg=${1#??}\ +\ func_split_short_opt_name=${1%"$func_split_short_opt_arg"}\ +} # Extended-shell func_split_short_opt implementation' "$cfgfile" > $cfgfile.tmp \ + && mv -f "$cfgfile.tmp" "$cfgfile" \ + || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") +test 0 -eq $? || _lt_function_replace_fail=: + + + sed -e '/^func_lo2o ()$/,/^} # func_lo2o /c\ +func_lo2o ()\ +{\ +\ case ${1} in\ +\ *.lo) func_lo2o_result=${1%.lo}.${objext} ;;\ +\ *) func_lo2o_result=${1} ;;\ +\ esac\ +} # Extended-shell func_lo2o implementation' "$cfgfile" > $cfgfile.tmp \ + && mv -f "$cfgfile.tmp" "$cfgfile" \ + || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") +test 0 -eq $? || _lt_function_replace_fail=: + + + sed -e '/^func_xform ()$/,/^} # func_xform /c\ +func_xform ()\ +{\ + func_xform_result=${1%.*}.lo\ +} # Extended-shell func_xform implementation' "$cfgfile" > $cfgfile.tmp \ + && mv -f "$cfgfile.tmp" "$cfgfile" \ + || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") +test 0 -eq $? || _lt_function_replace_fail=: + + + sed -e '/^func_arith ()$/,/^} # func_arith /c\ +func_arith ()\ +{\ + func_arith_result=$(( $* ))\ +} # Extended-shell func_arith implementation' "$cfgfile" > $cfgfile.tmp \ + && mv -f "$cfgfile.tmp" "$cfgfile" \ + || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") +test 0 -eq $? || _lt_function_replace_fail=: + + + sed -e '/^func_len ()$/,/^} # func_len /c\ +func_len ()\ +{\ + func_len_result=${#1}\ +} # Extended-shell func_len implementation' "$cfgfile" > $cfgfile.tmp \ + && mv -f "$cfgfile.tmp" "$cfgfile" \ + || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") +test 0 -eq $? || _lt_function_replace_fail=: + +fi + +if test x"$lt_shell_append" = xyes; then + sed -e '/^func_append ()$/,/^} # func_append /c\ +func_append ()\ +{\ + eval "${1}+=\\${2}"\ +} # Extended-shell func_append implementation' "$cfgfile" > $cfgfile.tmp \ + && mv -f "$cfgfile.tmp" "$cfgfile" \ + || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") +test 0 -eq $? || _lt_function_replace_fail=: + + + sed -e '/^func_append_quoted ()$/,/^} # func_append_quoted /c\ +func_append_quoted ()\ +{\ +\ func_quote_for_eval "${2}"\ +\ eval "${1}+=\\\\ \\$func_quote_for_eval_result"\ +} # Extended-shell func_append_quoted implementation' "$cfgfile" > $cfgfile.tmp \ + && mv -f "$cfgfile.tmp" "$cfgfile" \ + || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") +test 0 -eq $? || _lt_function_replace_fail=: + + + # Save a `func_append' function call where possible by direct use of '+=' + sed -e 's%func_append \([a-zA-Z_]\{1,\}\) "%\1+="%g' $cfgfile > $cfgfile.tmp \ + && mv -f "$cfgfile.tmp" "$cfgfile" \ + || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") + test 0 -eq $? || _lt_function_replace_fail=: +else + # Save a `func_append' function call even when '+=' is not available + sed -e 's%func_append \([a-zA-Z_]\{1,\}\) "%\1="$\1%g' $cfgfile > $cfgfile.tmp \ + && mv -f "$cfgfile.tmp" "$cfgfile" \ + || (rm -f "$cfgfile" && cp "$cfgfile.tmp" "$cfgfile" && rm -f "$cfgfile.tmp") + test 0 -eq $? || _lt_function_replace_fail=: +fi + +if test x"$_lt_function_replace_fail" = x":"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Unable to substitute extended shell functions in $ofile" >&5 +$as_echo "$as_me: WARNING: Unable to substitute extended shell functions in $ofile" >&2;} +fi + + + mv -f "$cfgfile" "$ofile" || + (rm -f "$ofile" && cp "$cfgfile" "$ofile" && rm -f "$cfgfile") + chmod +x "$ofile" + + ;; + + esac +done # for ac_tag + + +as_fn_exit 0 +_ACEOF +ac_clean_files=$ac_clean_files_save + +test $ac_write_fail = 0 || + as_fn_error $? "write failure creating $CONFIG_STATUS" "$LINENO" 5 + + +# configure is writing to config.log, and then calls config.status. +# config.status does its own redirection, appending to config.log. +# Unfortunately, on DOS this fails, as config.log is still kept open +# by configure, so config.status won't be able to write to it; its +# output is simply discarded. So we exec the FD to /dev/null, +# effectively closing config.log, so it can be properly (re)opened and +# appended to by config.status. When coming back to configure, we +# need to make the FD available again. +if test "$no_create" != yes; then + ac_cs_success=: + ac_config_status_args= + test "$silent" = yes && + ac_config_status_args="$ac_config_status_args --quiet" + exec 5>/dev/null + $SHELL $CONFIG_STATUS $ac_config_status_args || ac_cs_success=false + exec 5>>config.log + # Use ||, not &&, to avoid exiting from the if with $? = 1, which + # would make configure fail if this is the last instruction. + $ac_cs_success || as_fn_exit 1 +fi +if test -n "$ac_unrecognized_opts" && test "$enable_option_checking" != no; then + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: unrecognized options: $ac_unrecognized_opts" >&5 +$as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2;} +fi + diff --git a/test/mocklibc/configure.ac b/test/mocklibc/configure.ac new file mode 100644 index 00000000..70798ee1 --- /dev/null +++ b/test/mocklibc/configure.ac @@ -0,0 +1,38 @@ +# -*- Autoconf -*- +# Process this file with autoconf to produce a configure script. + +AC_PREREQ([2.65]) +AC_INIT([MockLibc], [1.1], [vonhollen@google.com]) +AC_CONFIG_SRCDIR([src]) +AC_CONFIG_HEADERS([config.h]) +AM_INIT_AUTOMAKE + +# Checks for programs. +AC_PROG_CC + +# Checks for libraries. +AC_PROG_LIBTOOL + +# Checks for header files. +AC_CHECK_HEADERS([netdb.h stdlib.h string.h]) + +# Checks for typedefs, structures, and compiler characteristics. +AC_TYPE_UID_T +AC_TYPE_SIZE_T +AC_TYPE_SSIZE_T + +# Checks for library functions. +AC_FUNC_MALLOC +AC_CHECK_FUNCS([endgrent endpwent memset regcomp strdup]) + +# Build wrapper scripts from templates +AC_SUBST([libname], [libmocklibc.so]) +#AC_CONFIG_FILES([bin/mocklibc], [chmod +x bin/mocklibc], [libname=${libname}]) +#AC_CONFIG_FILES([bin/mocklibc-test], [chmod +x bin/mocklibc-test], +# [libname=${libname}])) + +AC_OUTPUT([ +Makefile +src/Makefile +bin/Makefile +]) diff --git a/test/mocklibc/depcomp b/test/mocklibc/depcomp new file mode 100755 index 00000000..bd0ac089 --- /dev/null +++ b/test/mocklibc/depcomp @@ -0,0 +1,688 @@ +#! /bin/sh +# depcomp - compile a program generating dependencies as side-effects + +scriptversion=2011-12-04.11; # UTC + +# Copyright (C) 1999, 2000, 2003, 2004, 2005, 2006, 2007, 2009, 2010, +# 2011 Free Software Foundation, Inc. + +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2, or (at your option) +# any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +# As a special exception to the GNU General Public License, if you +# distribute this file as part of a program that contains a +# configuration script generated by Autoconf, you may include it under +# the same distribution terms that you use for the rest of that program. + +# Originally written by Alexandre Oliva . + +case $1 in + '') + echo "$0: No command. Try \`$0 --help' for more information." 1>&2 + exit 1; + ;; + -h | --h*) + cat <<\EOF +Usage: depcomp [--help] [--version] PROGRAM [ARGS] + +Run PROGRAMS ARGS to compile a file, generating dependencies +as side-effects. + +Environment variables: + depmode Dependency tracking mode. + source Source file read by `PROGRAMS ARGS'. + object Object file output by `PROGRAMS ARGS'. + DEPDIR directory where to store dependencies. + depfile Dependency file to output. + tmpdepfile Temporary file to use when outputting dependencies. + libtool Whether libtool is used (yes/no). + +Report bugs to . +EOF + exit $? + ;; + -v | --v*) + echo "depcomp $scriptversion" + exit $? + ;; +esac + +if test -z "$depmode" || test -z "$source" || test -z "$object"; then + echo "depcomp: Variables source, object and depmode must be set" 1>&2 + exit 1 +fi + +# Dependencies for sub/bar.o or sub/bar.obj go into sub/.deps/bar.Po. +depfile=${depfile-`echo "$object" | + sed 's|[^\\/]*$|'${DEPDIR-.deps}'/&|;s|\.\([^.]*\)$|.P\1|;s|Pobj$|Po|'`} +tmpdepfile=${tmpdepfile-`echo "$depfile" | sed 's/\.\([^.]*\)$/.T\1/'`} + +rm -f "$tmpdepfile" + +# Some modes work just like other modes, but use different flags. We +# parameterize here, but still list the modes in the big case below, +# to make depend.m4 easier to write. Note that we *cannot* use a case +# here, because this file can only contain one case statement. +if test "$depmode" = hp; then + # HP compiler uses -M and no extra arg. + gccflag=-M + depmode=gcc +fi + +if test "$depmode" = dashXmstdout; then + # This is just like dashmstdout with a different argument. + dashmflag=-xM + depmode=dashmstdout +fi + +cygpath_u="cygpath -u -f -" +if test "$depmode" = msvcmsys; then + # This is just like msvisualcpp but w/o cygpath translation. + # Just convert the backslash-escaped backslashes to single forward + # slashes to satisfy depend.m4 + cygpath_u='sed s,\\\\,/,g' + depmode=msvisualcpp +fi + +if test "$depmode" = msvc7msys; then + # This is just like msvc7 but w/o cygpath translation. + # Just convert the backslash-escaped backslashes to single forward + # slashes to satisfy depend.m4 + cygpath_u='sed s,\\\\,/,g' + depmode=msvc7 +fi + +case "$depmode" in +gcc3) +## gcc 3 implements dependency tracking that does exactly what +## we want. Yay! Note: for some reason libtool 1.4 doesn't like +## it if -MD -MP comes after the -MF stuff. Hmm. +## Unfortunately, FreeBSD c89 acceptance of flags depends upon +## the command line argument order; so add the flags where they +## appear in depend2.am. Note that the slowdown incurred here +## affects only configure: in makefiles, %FASTDEP% shortcuts this. + for arg + do + case $arg in + -c) set fnord "$@" -MT "$object" -MD -MP -MF "$tmpdepfile" "$arg" ;; + *) set fnord "$@" "$arg" ;; + esac + shift # fnord + shift # $arg + done + "$@" + stat=$? + if test $stat -eq 0; then : + else + rm -f "$tmpdepfile" + exit $stat + fi + mv "$tmpdepfile" "$depfile" + ;; + +gcc) +## There are various ways to get dependency output from gcc. Here's +## why we pick this rather obscure method: +## - Don't want to use -MD because we'd like the dependencies to end +## up in a subdir. Having to rename by hand is ugly. +## (We might end up doing this anyway to support other compilers.) +## - The DEPENDENCIES_OUTPUT environment variable makes gcc act like +## -MM, not -M (despite what the docs say). +## - Using -M directly means running the compiler twice (even worse +## than renaming). + if test -z "$gccflag"; then + gccflag=-MD, + fi + "$@" -Wp,"$gccflag$tmpdepfile" + stat=$? + if test $stat -eq 0; then : + else + rm -f "$tmpdepfile" + exit $stat + fi + rm -f "$depfile" + echo "$object : \\" > "$depfile" + alpha=ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz +## The second -e expression handles DOS-style file names with drive letters. + sed -e 's/^[^:]*: / /' \ + -e 's/^['$alpha']:\/[^:]*: / /' < "$tmpdepfile" >> "$depfile" +## This next piece of magic avoids the `deleted header file' problem. +## The problem is that when a header file which appears in a .P file +## is deleted, the dependency causes make to die (because there is +## typically no way to rebuild the header). We avoid this by adding +## dummy dependencies for each header file. Too bad gcc doesn't do +## this for us directly. + tr ' ' ' +' < "$tmpdepfile" | +## Some versions of gcc put a space before the `:'. On the theory +## that the space means something, we add a space to the output as +## well. hp depmode also adds that space, but also prefixes the VPATH +## to the object. Take care to not repeat it in the output. +## Some versions of the HPUX 10.20 sed can't process this invocation +## correctly. Breaking it into two sed invocations is a workaround. + sed -e 's/^\\$//' -e '/^$/d' -e "s|.*$object$||" -e '/:$/d' \ + | sed -e 's/$/ :/' >> "$depfile" + rm -f "$tmpdepfile" + ;; + +hp) + # This case exists only to let depend.m4 do its work. It works by + # looking at the text of this script. This case will never be run, + # since it is checked for above. + exit 1 + ;; + +sgi) + if test "$libtool" = yes; then + "$@" "-Wp,-MDupdate,$tmpdepfile" + else + "$@" -MDupdate "$tmpdepfile" + fi + stat=$? + if test $stat -eq 0; then : + else + rm -f "$tmpdepfile" + exit $stat + fi + rm -f "$depfile" + + if test -f "$tmpdepfile"; then # yes, the sourcefile depend on other files + echo "$object : \\" > "$depfile" + + # Clip off the initial element (the dependent). Don't try to be + # clever and replace this with sed code, as IRIX sed won't handle + # lines with more than a fixed number of characters (4096 in + # IRIX 6.2 sed, 8192 in IRIX 6.5). We also remove comment lines; + # the IRIX cc adds comments like `#:fec' to the end of the + # dependency line. + tr ' ' ' +' < "$tmpdepfile" \ + | sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' | \ + tr ' +' ' ' >> "$depfile" + echo >> "$depfile" + + # The second pass generates a dummy entry for each header file. + tr ' ' ' +' < "$tmpdepfile" \ + | sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' -e 's/$/:/' \ + >> "$depfile" + else + # The sourcefile does not contain any dependencies, so just + # store a dummy comment line, to avoid errors with the Makefile + # "include basename.Plo" scheme. + echo "#dummy" > "$depfile" + fi + rm -f "$tmpdepfile" + ;; + +aix) + # The C for AIX Compiler uses -M and outputs the dependencies + # in a .u file. In older versions, this file always lives in the + # current directory. Also, the AIX compiler puts `$object:' at the + # start of each line; $object doesn't have directory information. + # Version 6 uses the directory in both cases. + dir=`echo "$object" | sed -e 's|/[^/]*$|/|'` + test "x$dir" = "x$object" && dir= + base=`echo "$object" | sed -e 's|^.*/||' -e 's/\.o$//' -e 's/\.lo$//'` + if test "$libtool" = yes; then + tmpdepfile1=$dir$base.u + tmpdepfile2=$base.u + tmpdepfile3=$dir.libs/$base.u + "$@" -Wc,-M + else + tmpdepfile1=$dir$base.u + tmpdepfile2=$dir$base.u + tmpdepfile3=$dir$base.u + "$@" -M + fi + stat=$? + + if test $stat -eq 0; then : + else + rm -f "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3" + exit $stat + fi + + for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3" + do + test -f "$tmpdepfile" && break + done + if test -f "$tmpdepfile"; then + # Each line is of the form `foo.o: dependent.h'. + # Do two passes, one to just change these to + # `$object: dependent.h' and one to simply `dependent.h:'. + sed -e "s,^.*\.[a-z]*:,$object:," < "$tmpdepfile" > "$depfile" + # That's a tab and a space in the []. + sed -e 's,^.*\.[a-z]*:[ ]*,,' -e 's,$,:,' < "$tmpdepfile" >> "$depfile" + else + # The sourcefile does not contain any dependencies, so just + # store a dummy comment line, to avoid errors with the Makefile + # "include basename.Plo" scheme. + echo "#dummy" > "$depfile" + fi + rm -f "$tmpdepfile" + ;; + +icc) + # Intel's C compiler understands `-MD -MF file'. However on + # icc -MD -MF foo.d -c -o sub/foo.o sub/foo.c + # ICC 7.0 will fill foo.d with something like + # foo.o: sub/foo.c + # foo.o: sub/foo.h + # which is wrong. We want: + # sub/foo.o: sub/foo.c + # sub/foo.o: sub/foo.h + # sub/foo.c: + # sub/foo.h: + # ICC 7.1 will output + # foo.o: sub/foo.c sub/foo.h + # and will wrap long lines using \ : + # foo.o: sub/foo.c ... \ + # sub/foo.h ... \ + # ... + + "$@" -MD -MF "$tmpdepfile" + stat=$? + if test $stat -eq 0; then : + else + rm -f "$tmpdepfile" + exit $stat + fi + rm -f "$depfile" + # Each line is of the form `foo.o: dependent.h', + # or `foo.o: dep1.h dep2.h \', or ` dep3.h dep4.h \'. + # Do two passes, one to just change these to + # `$object: dependent.h' and one to simply `dependent.h:'. + sed "s,^[^:]*:,$object :," < "$tmpdepfile" > "$depfile" + # Some versions of the HPUX 10.20 sed can't process this invocation + # correctly. Breaking it into two sed invocations is a workaround. + sed 's,^[^:]*: \(.*\)$,\1,;s/^\\$//;/^$/d;/:$/d' < "$tmpdepfile" | + sed -e 's/$/ :/' >> "$depfile" + rm -f "$tmpdepfile" + ;; + +hp2) + # The "hp" stanza above does not work with aCC (C++) and HP's ia64 + # compilers, which have integrated preprocessors. The correct option + # to use with these is +Maked; it writes dependencies to a file named + # 'foo.d', which lands next to the object file, wherever that + # happens to be. + # Much of this is similar to the tru64 case; see comments there. + dir=`echo "$object" | sed -e 's|/[^/]*$|/|'` + test "x$dir" = "x$object" && dir= + base=`echo "$object" | sed -e 's|^.*/||' -e 's/\.o$//' -e 's/\.lo$//'` + if test "$libtool" = yes; then + tmpdepfile1=$dir$base.d + tmpdepfile2=$dir.libs/$base.d + "$@" -Wc,+Maked + else + tmpdepfile1=$dir$base.d + tmpdepfile2=$dir$base.d + "$@" +Maked + fi + stat=$? + if test $stat -eq 0; then : + else + rm -f "$tmpdepfile1" "$tmpdepfile2" + exit $stat + fi + + for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2" + do + test -f "$tmpdepfile" && break + done + if test -f "$tmpdepfile"; then + sed -e "s,^.*\.[a-z]*:,$object:," "$tmpdepfile" > "$depfile" + # Add `dependent.h:' lines. + sed -ne '2,${ + s/^ *// + s/ \\*$// + s/$/:/ + p + }' "$tmpdepfile" >> "$depfile" + else + echo "#dummy" > "$depfile" + fi + rm -f "$tmpdepfile" "$tmpdepfile2" + ;; + +tru64) + # The Tru64 compiler uses -MD to generate dependencies as a side + # effect. `cc -MD -o foo.o ...' puts the dependencies into `foo.o.d'. + # At least on Alpha/Redhat 6.1, Compaq CCC V6.2-504 seems to put + # dependencies in `foo.d' instead, so we check for that too. + # Subdirectories are respected. + dir=`echo "$object" | sed -e 's|/[^/]*$|/|'` + test "x$dir" = "x$object" && dir= + base=`echo "$object" | sed -e 's|^.*/||' -e 's/\.o$//' -e 's/\.lo$//'` + + if test "$libtool" = yes; then + # With Tru64 cc, shared objects can also be used to make a + # static library. This mechanism is used in libtool 1.4 series to + # handle both shared and static libraries in a single compilation. + # With libtool 1.4, dependencies were output in $dir.libs/$base.lo.d. + # + # With libtool 1.5 this exception was removed, and libtool now + # generates 2 separate objects for the 2 libraries. These two + # compilations output dependencies in $dir.libs/$base.o.d and + # in $dir$base.o.d. We have to check for both files, because + # one of the two compilations can be disabled. We should prefer + # $dir$base.o.d over $dir.libs/$base.o.d because the latter is + # automatically cleaned when .libs/ is deleted, while ignoring + # the former would cause a distcleancheck panic. + tmpdepfile1=$dir.libs/$base.lo.d # libtool 1.4 + tmpdepfile2=$dir$base.o.d # libtool 1.5 + tmpdepfile3=$dir.libs/$base.o.d # libtool 1.5 + tmpdepfile4=$dir.libs/$base.d # Compaq CCC V6.2-504 + "$@" -Wc,-MD + else + tmpdepfile1=$dir$base.o.d + tmpdepfile2=$dir$base.d + tmpdepfile3=$dir$base.d + tmpdepfile4=$dir$base.d + "$@" -MD + fi + + stat=$? + if test $stat -eq 0; then : + else + rm -f "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3" "$tmpdepfile4" + exit $stat + fi + + for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3" "$tmpdepfile4" + do + test -f "$tmpdepfile" && break + done + if test -f "$tmpdepfile"; then + sed -e "s,^.*\.[a-z]*:,$object:," < "$tmpdepfile" > "$depfile" + # That's a tab and a space in the []. + sed -e 's,^.*\.[a-z]*:[ ]*,,' -e 's,$,:,' < "$tmpdepfile" >> "$depfile" + else + echo "#dummy" > "$depfile" + fi + rm -f "$tmpdepfile" + ;; + +msvc7) + if test "$libtool" = yes; then + showIncludes=-Wc,-showIncludes + else + showIncludes=-showIncludes + fi + "$@" $showIncludes > "$tmpdepfile" + stat=$? + grep -v '^Note: including file: ' "$tmpdepfile" + if test "$stat" = 0; then : + else + rm -f "$tmpdepfile" + exit $stat + fi + rm -f "$depfile" + echo "$object : \\" > "$depfile" + # The first sed program below extracts the file names and escapes + # backslashes for cygpath. The second sed program outputs the file + # name when reading, but also accumulates all include files in the + # hold buffer in order to output them again at the end. This only + # works with sed implementations that can handle large buffers. + sed < "$tmpdepfile" -n ' +/^Note: including file: *\(.*\)/ { + s//\1/ + s/\\/\\\\/g + p +}' | $cygpath_u | sort -u | sed -n ' +s/ /\\ /g +s/\(.*\)/ \1 \\/p +s/.\(.*\) \\/\1:/ +H +$ { + s/.*/ / + G + p +}' >> "$depfile" + rm -f "$tmpdepfile" + ;; + +msvc7msys) + # This case exists only to let depend.m4 do its work. It works by + # looking at the text of this script. This case will never be run, + # since it is checked for above. + exit 1 + ;; + +#nosideeffect) + # This comment above is used by automake to tell side-effect + # dependency tracking mechanisms from slower ones. + +dashmstdout) + # Important note: in order to support this mode, a compiler *must* + # always write the preprocessed file to stdout, regardless of -o. + "$@" || exit $? + + # Remove the call to Libtool. + if test "$libtool" = yes; then + while test "X$1" != 'X--mode=compile'; do + shift + done + shift + fi + + # Remove `-o $object'. + IFS=" " + for arg + do + case $arg in + -o) + shift + ;; + $object) + shift + ;; + *) + set fnord "$@" "$arg" + shift # fnord + shift # $arg + ;; + esac + done + + test -z "$dashmflag" && dashmflag=-M + # Require at least two characters before searching for `:' + # in the target name. This is to cope with DOS-style filenames: + # a dependency such as `c:/foo/bar' could be seen as target `c' otherwise. + "$@" $dashmflag | + sed 's:^[ ]*[^: ][^:][^:]*\:[ ]*:'"$object"'\: :' > "$tmpdepfile" + rm -f "$depfile" + cat < "$tmpdepfile" > "$depfile" + tr ' ' ' +' < "$tmpdepfile" | \ +## Some versions of the HPUX 10.20 sed can't process this invocation +## correctly. Breaking it into two sed invocations is a workaround. + sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' | sed -e 's/$/ :/' >> "$depfile" + rm -f "$tmpdepfile" + ;; + +dashXmstdout) + # This case only exists to satisfy depend.m4. It is never actually + # run, as this mode is specially recognized in the preamble. + exit 1 + ;; + +makedepend) + "$@" || exit $? + # Remove any Libtool call + if test "$libtool" = yes; then + while test "X$1" != 'X--mode=compile'; do + shift + done + shift + fi + # X makedepend + shift + cleared=no eat=no + for arg + do + case $cleared in + no) + set ""; shift + cleared=yes ;; + esac + if test $eat = yes; then + eat=no + continue + fi + case "$arg" in + -D*|-I*) + set fnord "$@" "$arg"; shift ;; + # Strip any option that makedepend may not understand. Remove + # the object too, otherwise makedepend will parse it as a source file. + -arch) + eat=yes ;; + -*|$object) + ;; + *) + set fnord "$@" "$arg"; shift ;; + esac + done + obj_suffix=`echo "$object" | sed 's/^.*\././'` + touch "$tmpdepfile" + ${MAKEDEPEND-makedepend} -o"$obj_suffix" -f"$tmpdepfile" "$@" + rm -f "$depfile" + # makedepend may prepend the VPATH from the source file name to the object. + # No need to regex-escape $object, excess matching of '.' is harmless. + sed "s|^.*\($object *:\)|\1|" "$tmpdepfile" > "$depfile" + sed '1,2d' "$tmpdepfile" | tr ' ' ' +' | \ +## Some versions of the HPUX 10.20 sed can't process this invocation +## correctly. Breaking it into two sed invocations is a workaround. + sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' | sed -e 's/$/ :/' >> "$depfile" + rm -f "$tmpdepfile" "$tmpdepfile".bak + ;; + +cpp) + # Important note: in order to support this mode, a compiler *must* + # always write the preprocessed file to stdout. + "$@" || exit $? + + # Remove the call to Libtool. + if test "$libtool" = yes; then + while test "X$1" != 'X--mode=compile'; do + shift + done + shift + fi + + # Remove `-o $object'. + IFS=" " + for arg + do + case $arg in + -o) + shift + ;; + $object) + shift + ;; + *) + set fnord "$@" "$arg" + shift # fnord + shift # $arg + ;; + esac + done + + "$@" -E | + sed -n -e '/^# [0-9][0-9]* "\([^"]*\)".*/ s:: \1 \\:p' \ + -e '/^#line [0-9][0-9]* "\([^"]*\)".*/ s:: \1 \\:p' | + sed '$ s: \\$::' > "$tmpdepfile" + rm -f "$depfile" + echo "$object : \\" > "$depfile" + cat < "$tmpdepfile" >> "$depfile" + sed < "$tmpdepfile" '/^$/d;s/^ //;s/ \\$//;s/$/ :/' >> "$depfile" + rm -f "$tmpdepfile" + ;; + +msvisualcpp) + # Important note: in order to support this mode, a compiler *must* + # always write the preprocessed file to stdout. + "$@" || exit $? + + # Remove the call to Libtool. + if test "$libtool" = yes; then + while test "X$1" != 'X--mode=compile'; do + shift + done + shift + fi + + IFS=" " + for arg + do + case "$arg" in + -o) + shift + ;; + $object) + shift + ;; + "-Gm"|"/Gm"|"-Gi"|"/Gi"|"-ZI"|"/ZI") + set fnord "$@" + shift + shift + ;; + *) + set fnord "$@" "$arg" + shift + shift + ;; + esac + done + "$@" -E 2>/dev/null | + sed -n '/^#line [0-9][0-9]* "\([^"]*\)"/ s::\1:p' | $cygpath_u | sort -u > "$tmpdepfile" + rm -f "$depfile" + echo "$object : \\" > "$depfile" + sed < "$tmpdepfile" -n -e 's% %\\ %g' -e '/^\(.*\)$/ s:: \1 \\:p' >> "$depfile" + echo " " >> "$depfile" + sed < "$tmpdepfile" -n -e 's% %\\ %g' -e '/^\(.*\)$/ s::\1\::p' >> "$depfile" + rm -f "$tmpdepfile" + ;; + +msvcmsys) + # This case exists only to let depend.m4 do its work. It works by + # looking at the text of this script. This case will never be run, + # since it is checked for above. + exit 1 + ;; + +none) + exec "$@" + ;; + +*) + echo "Unknown depmode $depmode" 1>&2 + exit 1 + ;; +esac + +exit 0 + +# Local Variables: +# mode: shell-script +# sh-indentation: 2 +# eval: (add-hook 'write-file-hooks 'time-stamp) +# time-stamp-start: "scriptversion=" +# time-stamp-format: "%:y-%02m-%02d.%02H" +# time-stamp-time-zone: "UTC" +# time-stamp-end: "; # UTC" +# End: diff --git a/test/mocklibc/example/group b/test/mocklibc/example/group new file mode 100644 index 00000000..e2253f06 --- /dev/null +++ b/test/mocklibc/example/group @@ -0,0 +1,4 @@ +root:x:0: +users:x:100:john,jane +john:x:500: +jane:x:501: diff --git a/test/mocklibc/example/netgroup b/test/mocklibc/example/netgroup new file mode 100644 index 00000000..21a27f97 --- /dev/null +++ b/test/mocklibc/example/netgroup @@ -0,0 +1,5 @@ +foo (-,john,) +bar (-,jane,) +baz foo bar +all (,,) +none diff --git a/test/mocklibc/example/passwd b/test/mocklibc/example/passwd new file mode 100644 index 00000000..62aa6f5e --- /dev/null +++ b/test/mocklibc/example/passwd @@ -0,0 +1,3 @@ +root:x:0:0:root:/root:/bin/bash +john:x:500:500:John Smith:/home/john:/bin/bash +jane:x:501:501:Jane Doe:/home/jane:/bin/bash diff --git a/test/mocklibc/install-sh b/test/mocklibc/install-sh new file mode 100755 index 00000000..a9244eb0 --- /dev/null +++ b/test/mocklibc/install-sh @@ -0,0 +1,527 @@ +#!/bin/sh +# install - install a program, script, or datafile + +scriptversion=2011-01-19.21; # UTC + +# This originates from X11R5 (mit/util/scripts/install.sh), which was +# later released in X11R6 (xc/config/util/install.sh) with the +# following copyright and license. +# +# Copyright (C) 1994 X Consortium +# +# Permission is hereby granted, free of charge, to any person obtaining a copy +# of this software and associated documentation files (the "Software"), to +# deal in the Software without restriction, including without limitation the +# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or +# sell copies of the Software, and to permit persons to whom the Software is +# furnished to do so, subject to the following conditions: +# +# The above copyright notice and this permission notice shall be included in +# all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +# X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN +# AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNEC- +# TION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +# +# Except as contained in this notice, the name of the X Consortium shall not +# be used in advertising or otherwise to promote the sale, use or other deal- +# ings in this Software without prior written authorization from the X Consor- +# tium. +# +# +# FSF changes to this file are in the public domain. +# +# Calling this script install-sh is preferred over install.sh, to prevent +# `make' implicit rules from creating a file called install from it +# when there is no Makefile. +# +# This script is compatible with the BSD install script, but was written +# from scratch. + +nl=' +' +IFS=" "" $nl" + +# set DOITPROG to echo to test this script + +# Don't use :- since 4.3BSD and earlier shells don't like it. +doit=${DOITPROG-} +if test -z "$doit"; then + doit_exec=exec +else + doit_exec=$doit +fi + +# Put in absolute file names if you don't have them in your path; +# or use environment vars. + +chgrpprog=${CHGRPPROG-chgrp} +chmodprog=${CHMODPROG-chmod} +chownprog=${CHOWNPROG-chown} +cmpprog=${CMPPROG-cmp} +cpprog=${CPPROG-cp} +mkdirprog=${MKDIRPROG-mkdir} +mvprog=${MVPROG-mv} +rmprog=${RMPROG-rm} +stripprog=${STRIPPROG-strip} + +posix_glob='?' +initialize_posix_glob=' + test "$posix_glob" != "?" || { + if (set -f) 2>/dev/null; then + posix_glob= + else + posix_glob=: + fi + } +' + +posix_mkdir= + +# Desired mode of installed file. +mode=0755 + +chgrpcmd= +chmodcmd=$chmodprog +chowncmd= +mvcmd=$mvprog +rmcmd="$rmprog -f" +stripcmd= + +src= +dst= +dir_arg= +dst_arg= + +copy_on_change=false +no_target_directory= + +usage="\ +Usage: $0 [OPTION]... [-T] SRCFILE DSTFILE + or: $0 [OPTION]... SRCFILES... DIRECTORY + or: $0 [OPTION]... -t DIRECTORY SRCFILES... + or: $0 [OPTION]... -d DIRECTORIES... + +In the 1st form, copy SRCFILE to DSTFILE. +In the 2nd and 3rd, copy all SRCFILES to DIRECTORY. +In the 4th, create DIRECTORIES. + +Options: + --help display this help and exit. + --version display version info and exit. + + -c (ignored) + -C install only if different (preserve the last data modification time) + -d create directories instead of installing files. + -g GROUP $chgrpprog installed files to GROUP. + -m MODE $chmodprog installed files to MODE. + -o USER $chownprog installed files to USER. + -s $stripprog installed files. + -t DIRECTORY install into DIRECTORY. + -T report an error if DSTFILE is a directory. + +Environment variables override the default commands: + CHGRPPROG CHMODPROG CHOWNPROG CMPPROG CPPROG MKDIRPROG MVPROG + RMPROG STRIPPROG +" + +while test $# -ne 0; do + case $1 in + -c) ;; + + -C) copy_on_change=true;; + + -d) dir_arg=true;; + + -g) chgrpcmd="$chgrpprog $2" + shift;; + + --help) echo "$usage"; exit $?;; + + -m) mode=$2 + case $mode in + *' '* | *' '* | *' +'* | *'*'* | *'?'* | *'['*) + echo "$0: invalid mode: $mode" >&2 + exit 1;; + esac + shift;; + + -o) chowncmd="$chownprog $2" + shift;; + + -s) stripcmd=$stripprog;; + + -t) dst_arg=$2 + # Protect names problematic for `test' and other utilities. + case $dst_arg in + -* | [=\(\)!]) dst_arg=./$dst_arg;; + esac + shift;; + + -T) no_target_directory=true;; + + --version) echo "$0 $scriptversion"; exit $?;; + + --) shift + break;; + + -*) echo "$0: invalid option: $1" >&2 + exit 1;; + + *) break;; + esac + shift +done + +if test $# -ne 0 && test -z "$dir_arg$dst_arg"; then + # When -d is used, all remaining arguments are directories to create. + # When -t is used, the destination is already specified. + # Otherwise, the last argument is the destination. Remove it from $@. + for arg + do + if test -n "$dst_arg"; then + # $@ is not empty: it contains at least $arg. + set fnord "$@" "$dst_arg" + shift # fnord + fi + shift # arg + dst_arg=$arg + # Protect names problematic for `test' and other utilities. + case $dst_arg in + -* | [=\(\)!]) dst_arg=./$dst_arg;; + esac + done +fi + +if test $# -eq 0; then + if test -z "$dir_arg"; then + echo "$0: no input file specified." >&2 + exit 1 + fi + # It's OK to call `install-sh -d' without argument. + # This can happen when creating conditional directories. + exit 0 +fi + +if test -z "$dir_arg"; then + do_exit='(exit $ret); exit $ret' + trap "ret=129; $do_exit" 1 + trap "ret=130; $do_exit" 2 + trap "ret=141; $do_exit" 13 + trap "ret=143; $do_exit" 15 + + # Set umask so as not to create temps with too-generous modes. + # However, 'strip' requires both read and write access to temps. + case $mode in + # Optimize common cases. + *644) cp_umask=133;; + *755) cp_umask=22;; + + *[0-7]) + if test -z "$stripcmd"; then + u_plus_rw= + else + u_plus_rw='% 200' + fi + cp_umask=`expr '(' 777 - $mode % 1000 ')' $u_plus_rw`;; + *) + if test -z "$stripcmd"; then + u_plus_rw= + else + u_plus_rw=,u+rw + fi + cp_umask=$mode$u_plus_rw;; + esac +fi + +for src +do + # Protect names problematic for `test' and other utilities. + case $src in + -* | [=\(\)!]) src=./$src;; + esac + + if test -n "$dir_arg"; then + dst=$src + dstdir=$dst + test -d "$dstdir" + dstdir_status=$? + else + + # Waiting for this to be detected by the "$cpprog $src $dsttmp" command + # might cause directories to be created, which would be especially bad + # if $src (and thus $dsttmp) contains '*'. + if test ! -f "$src" && test ! -d "$src"; then + echo "$0: $src does not exist." >&2 + exit 1 + fi + + if test -z "$dst_arg"; then + echo "$0: no destination specified." >&2 + exit 1 + fi + dst=$dst_arg + + # If destination is a directory, append the input filename; won't work + # if double slashes aren't ignored. + if test -d "$dst"; then + if test -n "$no_target_directory"; then + echo "$0: $dst_arg: Is a directory" >&2 + exit 1 + fi + dstdir=$dst + dst=$dstdir/`basename "$src"` + dstdir_status=0 + else + # Prefer dirname, but fall back on a substitute if dirname fails. + dstdir=` + (dirname "$dst") 2>/dev/null || + expr X"$dst" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$dst" : 'X\(//\)[^/]' \| \ + X"$dst" : 'X\(//\)$' \| \ + X"$dst" : 'X\(/\)' \| . 2>/dev/null || + echo X"$dst" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q' + ` + + test -d "$dstdir" + dstdir_status=$? + fi + fi + + obsolete_mkdir_used=false + + if test $dstdir_status != 0; then + case $posix_mkdir in + '') + # Create intermediate dirs using mode 755 as modified by the umask. + # This is like FreeBSD 'install' as of 1997-10-28. + umask=`umask` + case $stripcmd.$umask in + # Optimize common cases. + *[2367][2367]) mkdir_umask=$umask;; + .*0[02][02] | .[02][02] | .[02]) mkdir_umask=22;; + + *[0-7]) + mkdir_umask=`expr $umask + 22 \ + - $umask % 100 % 40 + $umask % 20 \ + - $umask % 10 % 4 + $umask % 2 + `;; + *) mkdir_umask=$umask,go-w;; + esac + + # With -d, create the new directory with the user-specified mode. + # Otherwise, rely on $mkdir_umask. + if test -n "$dir_arg"; then + mkdir_mode=-m$mode + else + mkdir_mode= + fi + + posix_mkdir=false + case $umask in + *[123567][0-7][0-7]) + # POSIX mkdir -p sets u+wx bits regardless of umask, which + # is incompatible with FreeBSD 'install' when (umask & 300) != 0. + ;; + *) + tmpdir=${TMPDIR-/tmp}/ins$RANDOM-$$ + trap 'ret=$?; rmdir "$tmpdir/d" "$tmpdir" 2>/dev/null; exit $ret' 0 + + if (umask $mkdir_umask && + exec $mkdirprog $mkdir_mode -p -- "$tmpdir/d") >/dev/null 2>&1 + then + if test -z "$dir_arg" || { + # Check for POSIX incompatibilities with -m. + # HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or + # other-writeable bit of parent directory when it shouldn't. + # FreeBSD 6.1 mkdir -m -p sets mode of existing directory. + ls_ld_tmpdir=`ls -ld "$tmpdir"` + case $ls_ld_tmpdir in + d????-?r-*) different_mode=700;; + d????-?--*) different_mode=755;; + *) false;; + esac && + $mkdirprog -m$different_mode -p -- "$tmpdir" && { + ls_ld_tmpdir_1=`ls -ld "$tmpdir"` + test "$ls_ld_tmpdir" = "$ls_ld_tmpdir_1" + } + } + then posix_mkdir=: + fi + rmdir "$tmpdir/d" "$tmpdir" + else + # Remove any dirs left behind by ancient mkdir implementations. + rmdir ./$mkdir_mode ./-p ./-- 2>/dev/null + fi + trap '' 0;; + esac;; + esac + + if + $posix_mkdir && ( + umask $mkdir_umask && + $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir" + ) + then : + else + + # The umask is ridiculous, or mkdir does not conform to POSIX, + # or it failed possibly due to a race condition. Create the + # directory the slow way, step by step, checking for races as we go. + + case $dstdir in + /*) prefix='/';; + [-=\(\)!]*) prefix='./';; + *) prefix='';; + esac + + eval "$initialize_posix_glob" + + oIFS=$IFS + IFS=/ + $posix_glob set -f + set fnord $dstdir + shift + $posix_glob set +f + IFS=$oIFS + + prefixes= + + for d + do + test X"$d" = X && continue + + prefix=$prefix$d + if test -d "$prefix"; then + prefixes= + else + if $posix_mkdir; then + (umask=$mkdir_umask && + $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir") && break + # Don't fail if two instances are running concurrently. + test -d "$prefix" || exit 1 + else + case $prefix in + *\'*) qprefix=`echo "$prefix" | sed "s/'/'\\\\\\\\''/g"`;; + *) qprefix=$prefix;; + esac + prefixes="$prefixes '$qprefix'" + fi + fi + prefix=$prefix/ + done + + if test -n "$prefixes"; then + # Don't fail if two instances are running concurrently. + (umask $mkdir_umask && + eval "\$doit_exec \$mkdirprog $prefixes") || + test -d "$dstdir" || exit 1 + obsolete_mkdir_used=true + fi + fi + fi + + if test -n "$dir_arg"; then + { test -z "$chowncmd" || $doit $chowncmd "$dst"; } && + { test -z "$chgrpcmd" || $doit $chgrpcmd "$dst"; } && + { test "$obsolete_mkdir_used$chowncmd$chgrpcmd" = false || + test -z "$chmodcmd" || $doit $chmodcmd $mode "$dst"; } || exit 1 + else + + # Make a couple of temp file names in the proper directory. + dsttmp=$dstdir/_inst.$$_ + rmtmp=$dstdir/_rm.$$_ + + # Trap to clean up those temp files at exit. + trap 'ret=$?; rm -f "$dsttmp" "$rmtmp" && exit $ret' 0 + + # Copy the file name to the temp name. + (umask $cp_umask && $doit_exec $cpprog "$src" "$dsttmp") && + + # and set any options; do chmod last to preserve setuid bits. + # + # If any of these fail, we abort the whole thing. If we want to + # ignore errors from any of these, just make sure not to ignore + # errors from the above "$doit $cpprog $src $dsttmp" command. + # + { test -z "$chowncmd" || $doit $chowncmd "$dsttmp"; } && + { test -z "$chgrpcmd" || $doit $chgrpcmd "$dsttmp"; } && + { test -z "$stripcmd" || $doit $stripcmd "$dsttmp"; } && + { test -z "$chmodcmd" || $doit $chmodcmd $mode "$dsttmp"; } && + + # If -C, don't bother to copy if it wouldn't change the file. + if $copy_on_change && + old=`LC_ALL=C ls -dlL "$dst" 2>/dev/null` && + new=`LC_ALL=C ls -dlL "$dsttmp" 2>/dev/null` && + + eval "$initialize_posix_glob" && + $posix_glob set -f && + set X $old && old=:$2:$4:$5:$6 && + set X $new && new=:$2:$4:$5:$6 && + $posix_glob set +f && + + test "$old" = "$new" && + $cmpprog "$dst" "$dsttmp" >/dev/null 2>&1 + then + rm -f "$dsttmp" + else + # Rename the file to the real destination. + $doit $mvcmd -f "$dsttmp" "$dst" 2>/dev/null || + + # The rename failed, perhaps because mv can't rename something else + # to itself, or perhaps because mv is so ancient that it does not + # support -f. + { + # Now remove or move aside any old file at destination location. + # We try this two ways since rm can't unlink itself on some + # systems and the destination file might be busy for other + # reasons. In this case, the final cleanup might fail but the new + # file should still install successfully. + { + test ! -f "$dst" || + $doit $rmcmd -f "$dst" 2>/dev/null || + { $doit $mvcmd -f "$dst" "$rmtmp" 2>/dev/null && + { $doit $rmcmd -f "$rmtmp" 2>/dev/null; :; } + } || + { echo "$0: cannot unlink or rename $dst" >&2 + (exit 1); exit 1 + } + } && + + # Now rename the file to the real destination. + $doit $mvcmd "$dsttmp" "$dst" + } + fi || exit 1 + + trap '' 0 + fi +done + +# Local variables: +# eval: (add-hook 'write-file-hooks 'time-stamp) +# time-stamp-start: "scriptversion=" +# time-stamp-format: "%:y-%02m-%02d.%02H" +# time-stamp-time-zone: "UTC" +# time-stamp-end: "; # UTC" +# End: diff --git a/test/mocklibc/ltmain.sh b/test/mocklibc/ltmain.sh new file mode 100644 index 00000000..63ae69dc --- /dev/null +++ b/test/mocklibc/ltmain.sh @@ -0,0 +1,9655 @@ + +# libtool (GNU libtool) 2.4.2 +# Written by Gordon Matzigkeit , 1996 + +# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005, 2006, +# 2007, 2008, 2009, 2010, 2011 Free Software Foundation, Inc. +# This is free software; see the source for copying conditions. There is NO +# warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + +# GNU Libtool is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# As a special exception to the GNU General Public License, +# if you distribute this file as part of a program or library that +# is built using GNU Libtool, you may include this file under the +# same distribution terms that you use for the rest of that program. +# +# GNU Libtool is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GNU Libtool; see the file COPYING. If not, a copy +# can be downloaded from http://www.gnu.org/licenses/gpl.html, +# or obtained by writing to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +# Usage: $progname [OPTION]... [MODE-ARG]... +# +# Provide generalized library-building support services. +# +# --config show all configuration variables +# --debug enable verbose shell tracing +# -n, --dry-run display commands without modifying any files +# --features display basic configuration information and exit +# --mode=MODE use operation mode MODE +# --preserve-dup-deps don't remove duplicate dependency libraries +# --quiet, --silent don't print informational messages +# --no-quiet, --no-silent +# print informational messages (default) +# --no-warn don't display warning messages +# --tag=TAG use configuration variables from tag TAG +# -v, --verbose print more informational messages than default +# --no-verbose don't print the extra informational messages +# --version print version information +# -h, --help, --help-all print short, long, or detailed help message +# +# MODE must be one of the following: +# +# clean remove files from the build directory +# compile compile a source file into a libtool object +# execute automatically set library path, then run a program +# finish complete the installation of libtool libraries +# install install libraries or executables +# link create a library or an executable +# uninstall remove libraries from an installed directory +# +# MODE-ARGS vary depending on the MODE. When passed as first option, +# `--mode=MODE' may be abbreviated as `MODE' or a unique abbreviation of that. +# Try `$progname --help --mode=MODE' for a more detailed description of MODE. +# +# When reporting a bug, please describe a test case to reproduce it and +# include the following information: +# +# host-triplet: $host +# shell: $SHELL +# compiler: $LTCC +# compiler flags: $LTCFLAGS +# linker: $LD (gnu? $with_gnu_ld) +# $progname: (GNU libtool) 2.4.2 +# automake: $automake_version +# autoconf: $autoconf_version +# +# Report bugs to . +# GNU libtool home page: . +# General help using GNU software: . + +PROGRAM=libtool +PACKAGE=libtool +VERSION=2.4.2 +TIMESTAMP="" +package_revision=1.3337 + +# Be Bourne compatible +if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then + emulate sh + NULLCMD=: + # Zsh 3.x and 4.x performs word splitting on ${1+"$@"}, which + # is contrary to our usage. Disable this feature. + alias -g '${1+"$@"}'='"$@"' + setopt NO_GLOB_SUBST +else + case `(set -o) 2>/dev/null` in *posix*) set -o posix;; esac +fi +BIN_SH=xpg4; export BIN_SH # for Tru64 +DUALCASE=1; export DUALCASE # for MKS sh + +# A function that is used when there is no print builtin or printf. +func_fallback_echo () +{ + eval 'cat <<_LTECHO_EOF +$1 +_LTECHO_EOF' +} + +# NLS nuisances: We save the old values to restore during execute mode. +lt_user_locale= +lt_safe_locale= +for lt_var in LANG LANGUAGE LC_ALL LC_CTYPE LC_COLLATE LC_MESSAGES +do + eval "if test \"\${$lt_var+set}\" = set; then + save_$lt_var=\$$lt_var + $lt_var=C + export $lt_var + lt_user_locale=\"$lt_var=\\\$save_\$lt_var; \$lt_user_locale\" + lt_safe_locale=\"$lt_var=C; \$lt_safe_locale\" + fi" +done +LC_ALL=C +LANGUAGE=C +export LANGUAGE LC_ALL + +$lt_unset CDPATH + + +# Work around backward compatibility issue on IRIX 6.5. On IRIX 6.4+, sh +# is ksh but when the shell is invoked as "sh" and the current value of +# the _XPG environment variable is not equal to 1 (one), the special +# positional parameter $0, within a function call, is the name of the +# function. +progpath="$0" + + + +: ${CP="cp -f"} +test "${ECHO+set}" = set || ECHO=${as_echo-'printf %s\n'} +: ${MAKE="make"} +: ${MKDIR="mkdir"} +: ${MV="mv -f"} +: ${RM="rm -f"} +: ${SHELL="${CONFIG_SHELL-/bin/sh}"} +: ${Xsed="$SED -e 1s/^X//"} + +# Global variables: +EXIT_SUCCESS=0 +EXIT_FAILURE=1 +EXIT_MISMATCH=63 # $? = 63 is used to indicate version mismatch to missing. +EXIT_SKIP=77 # $? = 77 is used to indicate a skipped test to automake. + +exit_status=$EXIT_SUCCESS + +# Make sure IFS has a sensible default +lt_nl=' +' +IFS=" $lt_nl" + +dirname="s,/[^/]*$,," +basename="s,^.*/,," + +# func_dirname file append nondir_replacement +# Compute the dirname of FILE. If nonempty, add APPEND to the result, +# otherwise set result to NONDIR_REPLACEMENT. +func_dirname () +{ + func_dirname_result=`$ECHO "${1}" | $SED "$dirname"` + if test "X$func_dirname_result" = "X${1}"; then + func_dirname_result="${3}" + else + func_dirname_result="$func_dirname_result${2}" + fi +} # func_dirname may be replaced by extended shell implementation + + +# func_basename file +func_basename () +{ + func_basename_result=`$ECHO "${1}" | $SED "$basename"` +} # func_basename may be replaced by extended shell implementation + + +# func_dirname_and_basename file append nondir_replacement +# perform func_basename and func_dirname in a single function +# call: +# dirname: Compute the dirname of FILE. If nonempty, +# add APPEND to the result, otherwise set result +# to NONDIR_REPLACEMENT. +# value returned in "$func_dirname_result" +# basename: Compute filename of FILE. +# value retuned in "$func_basename_result" +# Implementation must be kept synchronized with func_dirname +# and func_basename. For efficiency, we do not delegate to +# those functions but instead duplicate the functionality here. +func_dirname_and_basename () +{ + # Extract subdirectory from the argument. + func_dirname_result=`$ECHO "${1}" | $SED -e "$dirname"` + if test "X$func_dirname_result" = "X${1}"; then + func_dirname_result="${3}" + else + func_dirname_result="$func_dirname_result${2}" + fi + func_basename_result=`$ECHO "${1}" | $SED -e "$basename"` +} # func_dirname_and_basename may be replaced by extended shell implementation + + +# func_stripname prefix suffix name +# strip PREFIX and SUFFIX off of NAME. +# PREFIX and SUFFIX must not contain globbing or regex special +# characters, hashes, percent signs, but SUFFIX may contain a leading +# dot (in which case that matches only a dot). +# func_strip_suffix prefix name +func_stripname () +{ + case ${2} in + .*) func_stripname_result=`$ECHO "${3}" | $SED "s%^${1}%%; s%\\\\${2}\$%%"`;; + *) func_stripname_result=`$ECHO "${3}" | $SED "s%^${1}%%; s%${2}\$%%"`;; + esac +} # func_stripname may be replaced by extended shell implementation + + +# These SED scripts presuppose an absolute path with a trailing slash. +pathcar='s,^/\([^/]*\).*$,\1,' +pathcdr='s,^/[^/]*,,' +removedotparts=':dotsl + s@/\./@/@g + t dotsl + s,/\.$,/,' +collapseslashes='s@/\{1,\}@/@g' +finalslash='s,/*$,/,' + +# func_normal_abspath PATH +# Remove doubled-up and trailing slashes, "." path components, +# and cancel out any ".." path components in PATH after making +# it an absolute path. +# value returned in "$func_normal_abspath_result" +func_normal_abspath () +{ + # Start from root dir and reassemble the path. + func_normal_abspath_result= + func_normal_abspath_tpath=$1 + func_normal_abspath_altnamespace= + case $func_normal_abspath_tpath in + "") + # Empty path, that just means $cwd. + func_stripname '' '/' "`pwd`" + func_normal_abspath_result=$func_stripname_result + return + ;; + # The next three entries are used to spot a run of precisely + # two leading slashes without using negated character classes; + # we take advantage of case's first-match behaviour. + ///*) + # Unusual form of absolute path, do nothing. + ;; + //*) + # Not necessarily an ordinary path; POSIX reserves leading '//' + # and for example Cygwin uses it to access remote file shares + # over CIFS/SMB, so we conserve a leading double slash if found. + func_normal_abspath_altnamespace=/ + ;; + /*) + # Absolute path, do nothing. + ;; + *) + # Relative path, prepend $cwd. + func_normal_abspath_tpath=`pwd`/$func_normal_abspath_tpath + ;; + esac + # Cancel out all the simple stuff to save iterations. We also want + # the path to end with a slash for ease of parsing, so make sure + # there is one (and only one) here. + func_normal_abspath_tpath=`$ECHO "$func_normal_abspath_tpath" | $SED \ + -e "$removedotparts" -e "$collapseslashes" -e "$finalslash"` + while :; do + # Processed it all yet? + if test "$func_normal_abspath_tpath" = / ; then + # If we ascended to the root using ".." the result may be empty now. + if test -z "$func_normal_abspath_result" ; then + func_normal_abspath_result=/ + fi + break + fi + func_normal_abspath_tcomponent=`$ECHO "$func_normal_abspath_tpath" | $SED \ + -e "$pathcar"` + func_normal_abspath_tpath=`$ECHO "$func_normal_abspath_tpath" | $SED \ + -e "$pathcdr"` + # Figure out what to do with it + case $func_normal_abspath_tcomponent in + "") + # Trailing empty path component, ignore it. + ;; + ..) + # Parent dir; strip last assembled component from result. + func_dirname "$func_normal_abspath_result" + func_normal_abspath_result=$func_dirname_result + ;; + *) + # Actual path component, append it. + func_normal_abspath_result=$func_normal_abspath_result/$func_normal_abspath_tcomponent + ;; + esac + done + # Restore leading double-slash if one was found on entry. + func_normal_abspath_result=$func_normal_abspath_altnamespace$func_normal_abspath_result +} + +# func_relative_path SRCDIR DSTDIR +# generates a relative path from SRCDIR to DSTDIR, with a trailing +# slash if non-empty, suitable for immediately appending a filename +# without needing to append a separator. +# value returned in "$func_relative_path_result" +func_relative_path () +{ + func_relative_path_result= + func_normal_abspath "$1" + func_relative_path_tlibdir=$func_normal_abspath_result + func_normal_abspath "$2" + func_relative_path_tbindir=$func_normal_abspath_result + + # Ascend the tree starting from libdir + while :; do + # check if we have found a prefix of bindir + case $func_relative_path_tbindir in + $func_relative_path_tlibdir) + # found an exact match + func_relative_path_tcancelled= + break + ;; + $func_relative_path_tlibdir*) + # found a matching prefix + func_stripname "$func_relative_path_tlibdir" '' "$func_relative_path_tbindir" + func_relative_path_tcancelled=$func_stripname_result + if test -z "$func_relative_path_result"; then + func_relative_path_result=. + fi + break + ;; + *) + func_dirname $func_relative_path_tlibdir + func_relative_path_tlibdir=${func_dirname_result} + if test "x$func_relative_path_tlibdir" = x ; then + # Have to descend all the way to the root! + func_relative_path_result=../$func_relative_path_result + func_relative_path_tcancelled=$func_relative_path_tbindir + break + fi + func_relative_path_result=../$func_relative_path_result + ;; + esac + done + + # Now calculate path; take care to avoid doubling-up slashes. + func_stripname '' '/' "$func_relative_path_result" + func_relative_path_result=$func_stripname_result + func_stripname '/' '/' "$func_relative_path_tcancelled" + if test "x$func_stripname_result" != x ; then + func_relative_path_result=${func_relative_path_result}/${func_stripname_result} + fi + + # Normalisation. If bindir is libdir, return empty string, + # else relative path ending with a slash; either way, target + # file name can be directly appended. + if test ! -z "$func_relative_path_result"; then + func_stripname './' '' "$func_relative_path_result/" + func_relative_path_result=$func_stripname_result + fi +} + +# The name of this program: +func_dirname_and_basename "$progpath" +progname=$func_basename_result + +# Make sure we have an absolute path for reexecution: +case $progpath in + [\\/]*|[A-Za-z]:\\*) ;; + *[\\/]*) + progdir=$func_dirname_result + progdir=`cd "$progdir" && pwd` + progpath="$progdir/$progname" + ;; + *) + save_IFS="$IFS" + IFS=${PATH_SEPARATOR-:} + for progdir in $PATH; do + IFS="$save_IFS" + test -x "$progdir/$progname" && break + done + IFS="$save_IFS" + test -n "$progdir" || progdir=`pwd` + progpath="$progdir/$progname" + ;; +esac + +# Sed substitution that helps us do robust quoting. It backslashifies +# metacharacters that are still active within double-quoted strings. +Xsed="${SED}"' -e 1s/^X//' +sed_quote_subst='s/\([`"$\\]\)/\\\1/g' + +# Same as above, but do not quote variable references. +double_quote_subst='s/\(["`\\]\)/\\\1/g' + +# Sed substitution that turns a string into a regex matching for the +# string literally. +sed_make_literal_regex='s,[].[^$\\*\/],\\&,g' + +# Sed substitution that converts a w32 file name or path +# which contains forward slashes, into one that contains +# (escaped) backslashes. A very naive implementation. +lt_sed_naive_backslashify='s|\\\\*|\\|g;s|/|\\|g;s|\\|\\\\|g' + +# Re-`\' parameter expansions in output of double_quote_subst that were +# `\'-ed in input to the same. If an odd number of `\' preceded a '$' +# in input to double_quote_subst, that '$' was protected from expansion. +# Since each input `\' is now two `\'s, look for any number of runs of +# four `\'s followed by two `\'s and then a '$'. `\' that '$'. +bs='\\' +bs2='\\\\' +bs4='\\\\\\\\' +dollar='\$' +sed_double_backslash="\ + s/$bs4/&\\ +/g + s/^$bs2$dollar/$bs&/ + s/\\([^$bs]\\)$bs2$dollar/\\1$bs2$bs$dollar/g + s/\n//g" + +# Standard options: +opt_dry_run=false +opt_help=false +opt_quiet=false +opt_verbose=false +opt_warning=: + +# func_echo arg... +# Echo program name prefixed message, along with the current mode +# name if it has been set yet. +func_echo () +{ + $ECHO "$progname: ${opt_mode+$opt_mode: }$*" +} + +# func_verbose arg... +# Echo program name prefixed message in verbose mode only. +func_verbose () +{ + $opt_verbose && func_echo ${1+"$@"} + + # A bug in bash halts the script if the last line of a function + # fails when set -e is in force, so we need another command to + # work around that: + : +} + +# func_echo_all arg... +# Invoke $ECHO with all args, space-separated. +func_echo_all () +{ + $ECHO "$*" +} + +# func_error arg... +# Echo program name prefixed message to standard error. +func_error () +{ + $ECHO "$progname: ${opt_mode+$opt_mode: }"${1+"$@"} 1>&2 +} + +# func_warning arg... +# Echo program name prefixed warning message to standard error. +func_warning () +{ + $opt_warning && $ECHO "$progname: ${opt_mode+$opt_mode: }warning: "${1+"$@"} 1>&2 + + # bash bug again: + : +} + +# func_fatal_error arg... +# Echo program name prefixed message to standard error, and exit. +func_fatal_error () +{ + func_error ${1+"$@"} + exit $EXIT_FAILURE +} + +# func_fatal_help arg... +# Echo program name prefixed message to standard error, followed by +# a help hint, and exit. +func_fatal_help () +{ + func_error ${1+"$@"} + func_fatal_error "$help" +} +help="Try \`$progname --help' for more information." ## default + + +# func_grep expression filename +# Check whether EXPRESSION matches any line of FILENAME, without output. +func_grep () +{ + $GREP "$1" "$2" >/dev/null 2>&1 +} + + +# func_mkdir_p directory-path +# Make sure the entire path to DIRECTORY-PATH is available. +func_mkdir_p () +{ + my_directory_path="$1" + my_dir_list= + + if test -n "$my_directory_path" && test "$opt_dry_run" != ":"; then + + # Protect directory names starting with `-' + case $my_directory_path in + -*) my_directory_path="./$my_directory_path" ;; + esac + + # While some portion of DIR does not yet exist... + while test ! -d "$my_directory_path"; do + # ...make a list in topmost first order. Use a colon delimited + # list incase some portion of path contains whitespace. + my_dir_list="$my_directory_path:$my_dir_list" + + # If the last portion added has no slash in it, the list is done + case $my_directory_path in */*) ;; *) break ;; esac + + # ...otherwise throw away the child directory and loop + my_directory_path=`$ECHO "$my_directory_path" | $SED -e "$dirname"` + done + my_dir_list=`$ECHO "$my_dir_list" | $SED 's,:*$,,'` + + save_mkdir_p_IFS="$IFS"; IFS=':' + for my_dir in $my_dir_list; do + IFS="$save_mkdir_p_IFS" + # mkdir can fail with a `File exist' error if two processes + # try to create one of the directories concurrently. Don't + # stop in that case! + $MKDIR "$my_dir" 2>/dev/null || : + done + IFS="$save_mkdir_p_IFS" + + # Bail out if we (or some other process) failed to create a directory. + test -d "$my_directory_path" || \ + func_fatal_error "Failed to create \`$1'" + fi +} + + +# func_mktempdir [string] +# Make a temporary directory that won't clash with other running +# libtool processes, and avoids race conditions if possible. If +# given, STRING is the basename for that directory. +func_mktempdir () +{ + my_template="${TMPDIR-/tmp}/${1-$progname}" + + if test "$opt_dry_run" = ":"; then + # Return a directory name, but don't create it in dry-run mode + my_tmpdir="${my_template}-$$" + else + + # If mktemp works, use that first and foremost + my_tmpdir=`mktemp -d "${my_template}-XXXXXXXX" 2>/dev/null` + + if test ! -d "$my_tmpdir"; then + # Failing that, at least try and use $RANDOM to avoid a race + my_tmpdir="${my_template}-${RANDOM-0}$$" + + save_mktempdir_umask=`umask` + umask 0077 + $MKDIR "$my_tmpdir" + umask $save_mktempdir_umask + fi + + # If we're not in dry-run mode, bomb out on failure + test -d "$my_tmpdir" || \ + func_fatal_error "cannot create temporary directory \`$my_tmpdir'" + fi + + $ECHO "$my_tmpdir" +} + + +# func_quote_for_eval arg +# Aesthetically quote ARG to be evaled later. +# This function returns two values: FUNC_QUOTE_FOR_EVAL_RESULT +# is double-quoted, suitable for a subsequent eval, whereas +# FUNC_QUOTE_FOR_EVAL_UNQUOTED_RESULT has merely all characters +# which are still active within double quotes backslashified. +func_quote_for_eval () +{ + case $1 in + *[\\\`\"\$]*) + func_quote_for_eval_unquoted_result=`$ECHO "$1" | $SED "$sed_quote_subst"` ;; + *) + func_quote_for_eval_unquoted_result="$1" ;; + esac + + case $func_quote_for_eval_unquoted_result in + # Double-quote args containing shell metacharacters to delay + # word splitting, command substitution and and variable + # expansion for a subsequent eval. + # Many Bourne shells cannot handle close brackets correctly + # in scan sets, so we specify it separately. + *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"") + func_quote_for_eval_result="\"$func_quote_for_eval_unquoted_result\"" + ;; + *) + func_quote_for_eval_result="$func_quote_for_eval_unquoted_result" + esac +} + + +# func_quote_for_expand arg +# Aesthetically quote ARG to be evaled later; same as above, +# but do not quote variable references. +func_quote_for_expand () +{ + case $1 in + *[\\\`\"]*) + my_arg=`$ECHO "$1" | $SED \ + -e "$double_quote_subst" -e "$sed_double_backslash"` ;; + *) + my_arg="$1" ;; + esac + + case $my_arg in + # Double-quote args containing shell metacharacters to delay + # word splitting and command substitution for a subsequent eval. + # Many Bourne shells cannot handle close brackets correctly + # in scan sets, so we specify it separately. + *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"") + my_arg="\"$my_arg\"" + ;; + esac + + func_quote_for_expand_result="$my_arg" +} + + +# func_show_eval cmd [fail_exp] +# Unless opt_silent is true, then output CMD. Then, if opt_dryrun is +# not true, evaluate CMD. If the evaluation of CMD fails, and FAIL_EXP +# is given, then evaluate it. +func_show_eval () +{ + my_cmd="$1" + my_fail_exp="${2-:}" + + ${opt_silent-false} || { + func_quote_for_expand "$my_cmd" + eval "func_echo $func_quote_for_expand_result" + } + + if ${opt_dry_run-false}; then :; else + eval "$my_cmd" + my_status=$? + if test "$my_status" -eq 0; then :; else + eval "(exit $my_status); $my_fail_exp" + fi + fi +} + + +# func_show_eval_locale cmd [fail_exp] +# Unless opt_silent is true, then output CMD. Then, if opt_dryrun is +# not true, evaluate CMD. If the evaluation of CMD fails, and FAIL_EXP +# is given, then evaluate it. Use the saved locale for evaluation. +func_show_eval_locale () +{ + my_cmd="$1" + my_fail_exp="${2-:}" + + ${opt_silent-false} || { + func_quote_for_expand "$my_cmd" + eval "func_echo $func_quote_for_expand_result" + } + + if ${opt_dry_run-false}; then :; else + eval "$lt_user_locale + $my_cmd" + my_status=$? + eval "$lt_safe_locale" + if test "$my_status" -eq 0; then :; else + eval "(exit $my_status); $my_fail_exp" + fi + fi +} + +# func_tr_sh +# Turn $1 into a string suitable for a shell variable name. +# Result is stored in $func_tr_sh_result. All characters +# not in the set a-zA-Z0-9_ are replaced with '_'. Further, +# if $1 begins with a digit, a '_' is prepended as well. +func_tr_sh () +{ + case $1 in + [0-9]* | *[!a-zA-Z0-9_]*) + func_tr_sh_result=`$ECHO "$1" | $SED 's/^\([0-9]\)/_\1/; s/[^a-zA-Z0-9_]/_/g'` + ;; + * ) + func_tr_sh_result=$1 + ;; + esac +} + + +# func_version +# Echo version message to standard output and exit. +func_version () +{ + $opt_debug + + $SED -n '/(C)/!b go + :more + /\./!{ + N + s/\n# / / + b more + } + :go + /^# '$PROGRAM' (GNU /,/# warranty; / { + s/^# // + s/^# *$// + s/\((C)\)[ 0-9,-]*\( [1-9][0-9]*\)/\1\2/ + p + }' < "$progpath" + exit $? +} + +# func_usage +# Echo short help message to standard output and exit. +func_usage () +{ + $opt_debug + + $SED -n '/^# Usage:/,/^# *.*--help/ { + s/^# // + s/^# *$// + s/\$progname/'$progname'/ + p + }' < "$progpath" + echo + $ECHO "run \`$progname --help | more' for full usage" + exit $? +} + +# func_help [NOEXIT] +# Echo long help message to standard output and exit, +# unless 'noexit' is passed as argument. +func_help () +{ + $opt_debug + + $SED -n '/^# Usage:/,/# Report bugs to/ { + :print + s/^# // + s/^# *$// + s*\$progname*'$progname'* + s*\$host*'"$host"'* + s*\$SHELL*'"$SHELL"'* + s*\$LTCC*'"$LTCC"'* + s*\$LTCFLAGS*'"$LTCFLAGS"'* + s*\$LD*'"$LD"'* + s/\$with_gnu_ld/'"$with_gnu_ld"'/ + s/\$automake_version/'"`(${AUTOMAKE-automake} --version) 2>/dev/null |$SED 1q`"'/ + s/\$autoconf_version/'"`(${AUTOCONF-autoconf} --version) 2>/dev/null |$SED 1q`"'/ + p + d + } + /^# .* home page:/b print + /^# General help using/b print + ' < "$progpath" + ret=$? + if test -z "$1"; then + exit $ret + fi +} + +# func_missing_arg argname +# Echo program name prefixed message to standard error and set global +# exit_cmd. +func_missing_arg () +{ + $opt_debug + + func_error "missing argument for $1." + exit_cmd=exit +} + + +# func_split_short_opt shortopt +# Set func_split_short_opt_name and func_split_short_opt_arg shell +# variables after splitting SHORTOPT after the 2nd character. +func_split_short_opt () +{ + my_sed_short_opt='1s/^\(..\).*$/\1/;q' + my_sed_short_rest='1s/^..\(.*\)$/\1/;q' + + func_split_short_opt_name=`$ECHO "$1" | $SED "$my_sed_short_opt"` + func_split_short_opt_arg=`$ECHO "$1" | $SED "$my_sed_short_rest"` +} # func_split_short_opt may be replaced by extended shell implementation + + +# func_split_long_opt longopt +# Set func_split_long_opt_name and func_split_long_opt_arg shell +# variables after splitting LONGOPT at the `=' sign. +func_split_long_opt () +{ + my_sed_long_opt='1s/^\(--[^=]*\)=.*/\1/;q' + my_sed_long_arg='1s/^--[^=]*=//' + + func_split_long_opt_name=`$ECHO "$1" | $SED "$my_sed_long_opt"` + func_split_long_opt_arg=`$ECHO "$1" | $SED "$my_sed_long_arg"` +} # func_split_long_opt may be replaced by extended shell implementation + +exit_cmd=: + + + + + +magic="%%%MAGIC variable%%%" +magic_exe="%%%MAGIC EXE variable%%%" + +# Global variables. +nonopt= +preserve_args= +lo2o="s/\\.lo\$/.${objext}/" +o2lo="s/\\.${objext}\$/.lo/" +extracted_archives= +extracted_serial=0 + +# If this variable is set in any of the actions, the command in it +# will be execed at the end. This prevents here-documents from being +# left over by shells. +exec_cmd= + +# func_append var value +# Append VALUE to the end of shell variable VAR. +func_append () +{ + eval "${1}=\$${1}\${2}" +} # func_append may be replaced by extended shell implementation + +# func_append_quoted var value +# Quote VALUE and append to the end of shell variable VAR, separated +# by a space. +func_append_quoted () +{ + func_quote_for_eval "${2}" + eval "${1}=\$${1}\\ \$func_quote_for_eval_result" +} # func_append_quoted may be replaced by extended shell implementation + + +# func_arith arithmetic-term... +func_arith () +{ + func_arith_result=`expr "${@}"` +} # func_arith may be replaced by extended shell implementation + + +# func_len string +# STRING may not start with a hyphen. +func_len () +{ + func_len_result=`expr "${1}" : ".*" 2>/dev/null || echo $max_cmd_len` +} # func_len may be replaced by extended shell implementation + + +# func_lo2o object +func_lo2o () +{ + func_lo2o_result=`$ECHO "${1}" | $SED "$lo2o"` +} # func_lo2o may be replaced by extended shell implementation + + +# func_xform libobj-or-source +func_xform () +{ + func_xform_result=`$ECHO "${1}" | $SED 's/\.[^.]*$/.lo/'` +} # func_xform may be replaced by extended shell implementation + + +# func_fatal_configuration arg... +# Echo program name prefixed message to standard error, followed by +# a configuration failure hint, and exit. +func_fatal_configuration () +{ + func_error ${1+"$@"} + func_error "See the $PACKAGE documentation for more information." + func_fatal_error "Fatal configuration error." +} + + +# func_config +# Display the configuration for all the tags in this script. +func_config () +{ + re_begincf='^# ### BEGIN LIBTOOL' + re_endcf='^# ### END LIBTOOL' + + # Default configuration. + $SED "1,/$re_begincf CONFIG/d;/$re_endcf CONFIG/,\$d" < "$progpath" + + # Now print the configurations for the tags. + for tagname in $taglist; do + $SED -n "/$re_begincf TAG CONFIG: $tagname\$/,/$re_endcf TAG CONFIG: $tagname\$/p" < "$progpath" + done + + exit $? +} + +# func_features +# Display the features supported by this script. +func_features () +{ + echo "host: $host" + if test "$build_libtool_libs" = yes; then + echo "enable shared libraries" + else + echo "disable shared libraries" + fi + if test "$build_old_libs" = yes; then + echo "enable static libraries" + else + echo "disable static libraries" + fi + + exit $? +} + +# func_enable_tag tagname +# Verify that TAGNAME is valid, and either flag an error and exit, or +# enable the TAGNAME tag. We also add TAGNAME to the global $taglist +# variable here. +func_enable_tag () +{ + # Global variable: + tagname="$1" + + re_begincf="^# ### BEGIN LIBTOOL TAG CONFIG: $tagname\$" + re_endcf="^# ### END LIBTOOL TAG CONFIG: $tagname\$" + sed_extractcf="/$re_begincf/,/$re_endcf/p" + + # Validate tagname. + case $tagname in + *[!-_A-Za-z0-9,/]*) + func_fatal_error "invalid tag name: $tagname" + ;; + esac + + # Don't test for the "default" C tag, as we know it's + # there but not specially marked. + case $tagname in + CC) ;; + *) + if $GREP "$re_begincf" "$progpath" >/dev/null 2>&1; then + taglist="$taglist $tagname" + + # Evaluate the configuration. Be careful to quote the path + # and the sed script, to avoid splitting on whitespace, but + # also don't use non-portable quotes within backquotes within + # quotes we have to do it in 2 steps: + extractedcf=`$SED -n -e "$sed_extractcf" < "$progpath"` + eval "$extractedcf" + else + func_error "ignoring unknown tag $tagname" + fi + ;; + esac +} + +# func_check_version_match +# Ensure that we are using m4 macros, and libtool script from the same +# release of libtool. +func_check_version_match () +{ + if test "$package_revision" != "$macro_revision"; then + if test "$VERSION" != "$macro_version"; then + if test -z "$macro_version"; then + cat >&2 <<_LT_EOF +$progname: Version mismatch error. This is $PACKAGE $VERSION, but the +$progname: definition of this LT_INIT comes from an older release. +$progname: You should recreate aclocal.m4 with macros from $PACKAGE $VERSION +$progname: and run autoconf again. +_LT_EOF + else + cat >&2 <<_LT_EOF +$progname: Version mismatch error. This is $PACKAGE $VERSION, but the +$progname: definition of this LT_INIT comes from $PACKAGE $macro_version. +$progname: You should recreate aclocal.m4 with macros from $PACKAGE $VERSION +$progname: and run autoconf again. +_LT_EOF + fi + else + cat >&2 <<_LT_EOF +$progname: Version mismatch error. This is $PACKAGE $VERSION, revision $package_revision, +$progname: but the definition of this LT_INIT comes from revision $macro_revision. +$progname: You should recreate aclocal.m4 with macros from revision $package_revision +$progname: of $PACKAGE $VERSION and run autoconf again. +_LT_EOF + fi + + exit $EXIT_MISMATCH + fi +} + + +# Shorthand for --mode=foo, only valid as the first argument +case $1 in +clean|clea|cle|cl) + shift; set dummy --mode clean ${1+"$@"}; shift + ;; +compile|compil|compi|comp|com|co|c) + shift; set dummy --mode compile ${1+"$@"}; shift + ;; +execute|execut|execu|exec|exe|ex|e) + shift; set dummy --mode execute ${1+"$@"}; shift + ;; +finish|finis|fini|fin|fi|f) + shift; set dummy --mode finish ${1+"$@"}; shift + ;; +install|instal|insta|inst|ins|in|i) + shift; set dummy --mode install ${1+"$@"}; shift + ;; +link|lin|li|l) + shift; set dummy --mode link ${1+"$@"}; shift + ;; +uninstall|uninstal|uninsta|uninst|unins|unin|uni|un|u) + shift; set dummy --mode uninstall ${1+"$@"}; shift + ;; +esac + + + +# Option defaults: +opt_debug=: +opt_dry_run=false +opt_config=false +opt_preserve_dup_deps=false +opt_features=false +opt_finish=false +opt_help=false +opt_help_all=false +opt_silent=: +opt_warning=: +opt_verbose=: +opt_silent=false +opt_verbose=false + + +# Parse options once, thoroughly. This comes as soon as possible in the +# script to make things like `--version' happen as quickly as we can. +{ + # this just eases exit handling + while test $# -gt 0; do + opt="$1" + shift + case $opt in + --debug|-x) opt_debug='set -x' + func_echo "enabling shell trace mode" + $opt_debug + ;; + --dry-run|--dryrun|-n) + opt_dry_run=: + ;; + --config) + opt_config=: +func_config + ;; + --dlopen|-dlopen) + optarg="$1" + opt_dlopen="${opt_dlopen+$opt_dlopen +}$optarg" + shift + ;; + --preserve-dup-deps) + opt_preserve_dup_deps=: + ;; + --features) + opt_features=: +func_features + ;; + --finish) + opt_finish=: +set dummy --mode finish ${1+"$@"}; shift + ;; + --help) + opt_help=: + ;; + --help-all) + opt_help_all=: +opt_help=': help-all' + ;; + --mode) + test $# = 0 && func_missing_arg $opt && break + optarg="$1" + opt_mode="$optarg" +case $optarg in + # Valid mode arguments: + clean|compile|execute|finish|install|link|relink|uninstall) ;; + + # Catch anything else as an error + *) func_error "invalid argument for $opt" + exit_cmd=exit + break + ;; +esac + shift + ;; + --no-silent|--no-quiet) + opt_silent=false +func_append preserve_args " $opt" + ;; + --no-warning|--no-warn) + opt_warning=false +func_append preserve_args " $opt" + ;; + --no-verbose) + opt_verbose=false +func_append preserve_args " $opt" + ;; + --silent|--quiet) + opt_silent=: +func_append preserve_args " $opt" + opt_verbose=false + ;; + --verbose|-v) + opt_verbose=: +func_append preserve_args " $opt" +opt_silent=false + ;; + --tag) + test $# = 0 && func_missing_arg $opt && break + optarg="$1" + opt_tag="$optarg" +func_append preserve_args " $opt $optarg" +func_enable_tag "$optarg" + shift + ;; + + -\?|-h) func_usage ;; + --help) func_help ;; + --version) func_version ;; + + # Separate optargs to long options: + --*=*) + func_split_long_opt "$opt" + set dummy "$func_split_long_opt_name" "$func_split_long_opt_arg" ${1+"$@"} + shift + ;; + + # Separate non-argument short options: + -\?*|-h*|-n*|-v*) + func_split_short_opt "$opt" + set dummy "$func_split_short_opt_name" "-$func_split_short_opt_arg" ${1+"$@"} + shift + ;; + + --) break ;; + -*) func_fatal_help "unrecognized option \`$opt'" ;; + *) set dummy "$opt" ${1+"$@"}; shift; break ;; + esac + done + + # Validate options: + + # save first non-option argument + if test "$#" -gt 0; then + nonopt="$opt" + shift + fi + + # preserve --debug + test "$opt_debug" = : || func_append preserve_args " --debug" + + case $host in + *cygwin* | *mingw* | *pw32* | *cegcc*) + # don't eliminate duplications in $postdeps and $predeps + opt_duplicate_compiler_generated_deps=: + ;; + *) + opt_duplicate_compiler_generated_deps=$opt_preserve_dup_deps + ;; + esac + + $opt_help || { + # Sanity checks first: + func_check_version_match + + if test "$build_libtool_libs" != yes && test "$build_old_libs" != yes; then + func_fatal_configuration "not configured to build any kind of library" + fi + + # Darwin sucks + eval std_shrext=\"$shrext_cmds\" + + # Only execute mode is allowed to have -dlopen flags. + if test -n "$opt_dlopen" && test "$opt_mode" != execute; then + func_error "unrecognized option \`-dlopen'" + $ECHO "$help" 1>&2 + exit $EXIT_FAILURE + fi + + # Change the help message to a mode-specific one. + generic_help="$help" + help="Try \`$progname --help --mode=$opt_mode' for more information." + } + + + # Bail if the options were screwed + $exit_cmd $EXIT_FAILURE +} + + + + +## ----------- ## +## Main. ## +## ----------- ## + +# func_lalib_p file +# True iff FILE is a libtool `.la' library or `.lo' object file. +# This function is only a basic sanity check; it will hardly flush out +# determined imposters. +func_lalib_p () +{ + test -f "$1" && + $SED -e 4q "$1" 2>/dev/null \ + | $GREP "^# Generated by .*$PACKAGE" > /dev/null 2>&1 +} + +# func_lalib_unsafe_p file +# True iff FILE is a libtool `.la' library or `.lo' object file. +# This function implements the same check as func_lalib_p without +# resorting to external programs. To this end, it redirects stdin and +# closes it afterwards, without saving the original file descriptor. +# As a safety measure, use it only where a negative result would be +# fatal anyway. Works if `file' does not exist. +func_lalib_unsafe_p () +{ + lalib_p=no + if test -f "$1" && test -r "$1" && exec 5<&0 <"$1"; then + for lalib_p_l in 1 2 3 4 + do + read lalib_p_line + case "$lalib_p_line" in + \#\ Generated\ by\ *$PACKAGE* ) lalib_p=yes; break;; + esac + done + exec 0<&5 5<&- + fi + test "$lalib_p" = yes +} + +# func_ltwrapper_script_p file +# True iff FILE is a libtool wrapper script +# This function is only a basic sanity check; it will hardly flush out +# determined imposters. +func_ltwrapper_script_p () +{ + func_lalib_p "$1" +} + +# func_ltwrapper_executable_p file +# True iff FILE is a libtool wrapper executable +# This function is only a basic sanity check; it will hardly flush out +# determined imposters. +func_ltwrapper_executable_p () +{ + func_ltwrapper_exec_suffix= + case $1 in + *.exe) ;; + *) func_ltwrapper_exec_suffix=.exe ;; + esac + $GREP "$magic_exe" "$1$func_ltwrapper_exec_suffix" >/dev/null 2>&1 +} + +# func_ltwrapper_scriptname file +# Assumes file is an ltwrapper_executable +# uses $file to determine the appropriate filename for a +# temporary ltwrapper_script. +func_ltwrapper_scriptname () +{ + func_dirname_and_basename "$1" "" "." + func_stripname '' '.exe' "$func_basename_result" + func_ltwrapper_scriptname_result="$func_dirname_result/$objdir/${func_stripname_result}_ltshwrapper" +} + +# func_ltwrapper_p file +# True iff FILE is a libtool wrapper script or wrapper executable +# This function is only a basic sanity check; it will hardly flush out +# determined imposters. +func_ltwrapper_p () +{ + func_ltwrapper_script_p "$1" || func_ltwrapper_executable_p "$1" +} + + +# func_execute_cmds commands fail_cmd +# Execute tilde-delimited COMMANDS. +# If FAIL_CMD is given, eval that upon failure. +# FAIL_CMD may read-access the current command in variable CMD! +func_execute_cmds () +{ + $opt_debug + save_ifs=$IFS; IFS='~' + for cmd in $1; do + IFS=$save_ifs + eval cmd=\"$cmd\" + func_show_eval "$cmd" "${2-:}" + done + IFS=$save_ifs +} + + +# func_source file +# Source FILE, adding directory component if necessary. +# Note that it is not necessary on cygwin/mingw to append a dot to +# FILE even if both FILE and FILE.exe exist: automatic-append-.exe +# behavior happens only for exec(3), not for open(2)! Also, sourcing +# `FILE.' does not work on cygwin managed mounts. +func_source () +{ + $opt_debug + case $1 in + */* | *\\*) . "$1" ;; + *) . "./$1" ;; + esac +} + + +# func_resolve_sysroot PATH +# Replace a leading = in PATH with a sysroot. Store the result into +# func_resolve_sysroot_result +func_resolve_sysroot () +{ + func_resolve_sysroot_result=$1 + case $func_resolve_sysroot_result in + =*) + func_stripname '=' '' "$func_resolve_sysroot_result" + func_resolve_sysroot_result=$lt_sysroot$func_stripname_result + ;; + esac +} + +# func_replace_sysroot PATH +# If PATH begins with the sysroot, replace it with = and +# store the result into func_replace_sysroot_result. +func_replace_sysroot () +{ + case "$lt_sysroot:$1" in + ?*:"$lt_sysroot"*) + func_stripname "$lt_sysroot" '' "$1" + func_replace_sysroot_result="=$func_stripname_result" + ;; + *) + # Including no sysroot. + func_replace_sysroot_result=$1 + ;; + esac +} + +# func_infer_tag arg +# Infer tagged configuration to use if any are available and +# if one wasn't chosen via the "--tag" command line option. +# Only attempt this if the compiler in the base compile +# command doesn't match the default compiler. +# arg is usually of the form 'gcc ...' +func_infer_tag () +{ + $opt_debug + if test -n "$available_tags" && test -z "$tagname"; then + CC_quoted= + for arg in $CC; do + func_append_quoted CC_quoted "$arg" + done + CC_expanded=`func_echo_all $CC` + CC_quoted_expanded=`func_echo_all $CC_quoted` + case $@ in + # Blanks in the command may have been stripped by the calling shell, + # but not from the CC environment variable when configure was run. + " $CC "* | "$CC "* | " $CC_expanded "* | "$CC_expanded "* | \ + " $CC_quoted"* | "$CC_quoted "* | " $CC_quoted_expanded "* | "$CC_quoted_expanded "*) ;; + # Blanks at the start of $base_compile will cause this to fail + # if we don't check for them as well. + *) + for z in $available_tags; do + if $GREP "^# ### BEGIN LIBTOOL TAG CONFIG: $z$" < "$progpath" > /dev/null; then + # Evaluate the configuration. + eval "`${SED} -n -e '/^# ### BEGIN LIBTOOL TAG CONFIG: '$z'$/,/^# ### END LIBTOOL TAG CONFIG: '$z'$/p' < $progpath`" + CC_quoted= + for arg in $CC; do + # Double-quote args containing other shell metacharacters. + func_append_quoted CC_quoted "$arg" + done + CC_expanded=`func_echo_all $CC` + CC_quoted_expanded=`func_echo_all $CC_quoted` + case "$@ " in + " $CC "* | "$CC "* | " $CC_expanded "* | "$CC_expanded "* | \ + " $CC_quoted"* | "$CC_quoted "* | " $CC_quoted_expanded "* | "$CC_quoted_expanded "*) + # The compiler in the base compile command matches + # the one in the tagged configuration. + # Assume this is the tagged configuration we want. + tagname=$z + break + ;; + esac + fi + done + # If $tagname still isn't set, then no tagged configuration + # was found and let the user know that the "--tag" command + # line option must be used. + if test -z "$tagname"; then + func_echo "unable to infer tagged configuration" + func_fatal_error "specify a tag with \`--tag'" +# else +# func_verbose "using $tagname tagged configuration" + fi + ;; + esac + fi +} + + + +# func_write_libtool_object output_name pic_name nonpic_name +# Create a libtool object file (analogous to a ".la" file), +# but don't create it if we're doing a dry run. +func_write_libtool_object () +{ + write_libobj=${1} + if test "$build_libtool_libs" = yes; then + write_lobj=\'${2}\' + else + write_lobj=none + fi + + if test "$build_old_libs" = yes; then + write_oldobj=\'${3}\' + else + write_oldobj=none + fi + + $opt_dry_run || { + cat >${write_libobj}T </dev/null` + if test "$?" -eq 0 && test -n "${func_convert_core_file_wine_to_w32_tmp}"; then + func_convert_core_file_wine_to_w32_result=`$ECHO "$func_convert_core_file_wine_to_w32_tmp" | + $SED -e "$lt_sed_naive_backslashify"` + else + func_convert_core_file_wine_to_w32_result= + fi + fi +} +# end: func_convert_core_file_wine_to_w32 + + +# func_convert_core_path_wine_to_w32 ARG +# Helper function used by path conversion functions when $build is *nix, and +# $host is mingw, cygwin, or some other w32 environment. Relies on a correctly +# configured wine environment available, with the winepath program in $build's +# $PATH. Assumes ARG has no leading or trailing path separator characters. +# +# ARG is path to be converted from $build format to win32. +# Result is available in $func_convert_core_path_wine_to_w32_result. +# Unconvertible file (directory) names in ARG are skipped; if no directory names +# are convertible, then the result may be empty. +func_convert_core_path_wine_to_w32 () +{ + $opt_debug + # unfortunately, winepath doesn't convert paths, only file names + func_convert_core_path_wine_to_w32_result="" + if test -n "$1"; then + oldIFS=$IFS + IFS=: + for func_convert_core_path_wine_to_w32_f in $1; do + IFS=$oldIFS + func_convert_core_file_wine_to_w32 "$func_convert_core_path_wine_to_w32_f" + if test -n "$func_convert_core_file_wine_to_w32_result" ; then + if test -z "$func_convert_core_path_wine_to_w32_result"; then + func_convert_core_path_wine_to_w32_result="$func_convert_core_file_wine_to_w32_result" + else + func_append func_convert_core_path_wine_to_w32_result ";$func_convert_core_file_wine_to_w32_result" + fi + fi + done + IFS=$oldIFS + fi +} +# end: func_convert_core_path_wine_to_w32 + + +# func_cygpath ARGS... +# Wrapper around calling the cygpath program via LT_CYGPATH. This is used when +# when (1) $build is *nix and Cygwin is hosted via a wine environment; or (2) +# $build is MSYS and $host is Cygwin, or (3) $build is Cygwin. In case (1) or +# (2), returns the Cygwin file name or path in func_cygpath_result (input +# file name or path is assumed to be in w32 format, as previously converted +# from $build's *nix or MSYS format). In case (3), returns the w32 file name +# or path in func_cygpath_result (input file name or path is assumed to be in +# Cygwin format). Returns an empty string on error. +# +# ARGS are passed to cygpath, with the last one being the file name or path to +# be converted. +# +# Specify the absolute *nix (or w32) name to cygpath in the LT_CYGPATH +# environment variable; do not put it in $PATH. +func_cygpath () +{ + $opt_debug + if test -n "$LT_CYGPATH" && test -f "$LT_CYGPATH"; then + func_cygpath_result=`$LT_CYGPATH "$@" 2>/dev/null` + if test "$?" -ne 0; then + # on failure, ensure result is empty + func_cygpath_result= + fi + else + func_cygpath_result= + func_error "LT_CYGPATH is empty or specifies non-existent file: \`$LT_CYGPATH'" + fi +} +#end: func_cygpath + + +# func_convert_core_msys_to_w32 ARG +# Convert file name or path ARG from MSYS format to w32 format. Return +# result in func_convert_core_msys_to_w32_result. +func_convert_core_msys_to_w32 () +{ + $opt_debug + # awkward: cmd appends spaces to result + func_convert_core_msys_to_w32_result=`( cmd //c echo "$1" ) 2>/dev/null | + $SED -e 's/[ ]*$//' -e "$lt_sed_naive_backslashify"` +} +#end: func_convert_core_msys_to_w32 + + +# func_convert_file_check ARG1 ARG2 +# Verify that ARG1 (a file name in $build format) was converted to $host +# format in ARG2. Otherwise, emit an error message, but continue (resetting +# func_to_host_file_result to ARG1). +func_convert_file_check () +{ + $opt_debug + if test -z "$2" && test -n "$1" ; then + func_error "Could not determine host file name corresponding to" + func_error " \`$1'" + func_error "Continuing, but uninstalled executables may not work." + # Fallback: + func_to_host_file_result="$1" + fi +} +# end func_convert_file_check + + +# func_convert_path_check FROM_PATHSEP TO_PATHSEP FROM_PATH TO_PATH +# Verify that FROM_PATH (a path in $build format) was converted to $host +# format in TO_PATH. Otherwise, emit an error message, but continue, resetting +# func_to_host_file_result to a simplistic fallback value (see below). +func_convert_path_check () +{ + $opt_debug + if test -z "$4" && test -n "$3"; then + func_error "Could not determine the host path corresponding to" + func_error " \`$3'" + func_error "Continuing, but uninstalled executables may not work." + # Fallback. This is a deliberately simplistic "conversion" and + # should not be "improved". See libtool.info. + if test "x$1" != "x$2"; then + lt_replace_pathsep_chars="s|$1|$2|g" + func_to_host_path_result=`echo "$3" | + $SED -e "$lt_replace_pathsep_chars"` + else + func_to_host_path_result="$3" + fi + fi +} +# end func_convert_path_check + + +# func_convert_path_front_back_pathsep FRONTPAT BACKPAT REPL ORIG +# Modifies func_to_host_path_result by prepending REPL if ORIG matches FRONTPAT +# and appending REPL if ORIG matches BACKPAT. +func_convert_path_front_back_pathsep () +{ + $opt_debug + case $4 in + $1 ) func_to_host_path_result="$3$func_to_host_path_result" + ;; + esac + case $4 in + $2 ) func_append func_to_host_path_result "$3" + ;; + esac +} +# end func_convert_path_front_back_pathsep + + +################################################## +# $build to $host FILE NAME CONVERSION FUNCTIONS # +################################################## +# invoked via `$to_host_file_cmd ARG' +# +# In each case, ARG is the path to be converted from $build to $host format. +# Result will be available in $func_to_host_file_result. + + +# func_to_host_file ARG +# Converts the file name ARG from $build format to $host format. Return result +# in func_to_host_file_result. +func_to_host_file () +{ + $opt_debug + $to_host_file_cmd "$1" +} +# end func_to_host_file + + +# func_to_tool_file ARG LAZY +# converts the file name ARG from $build format to toolchain format. Return +# result in func_to_tool_file_result. If the conversion in use is listed +# in (the comma separated) LAZY, no conversion takes place. +func_to_tool_file () +{ + $opt_debug + case ,$2, in + *,"$to_tool_file_cmd",*) + func_to_tool_file_result=$1 + ;; + *) + $to_tool_file_cmd "$1" + func_to_tool_file_result=$func_to_host_file_result + ;; + esac +} +# end func_to_tool_file + + +# func_convert_file_noop ARG +# Copy ARG to func_to_host_file_result. +func_convert_file_noop () +{ + func_to_host_file_result="$1" +} +# end func_convert_file_noop + + +# func_convert_file_msys_to_w32 ARG +# Convert file name ARG from (mingw) MSYS to (mingw) w32 format; automatic +# conversion to w32 is not available inside the cwrapper. Returns result in +# func_to_host_file_result. +func_convert_file_msys_to_w32 () +{ + $opt_debug + func_to_host_file_result="$1" + if test -n "$1"; then + func_convert_core_msys_to_w32 "$1" + func_to_host_file_result="$func_convert_core_msys_to_w32_result" + fi + func_convert_file_check "$1" "$func_to_host_file_result" +} +# end func_convert_file_msys_to_w32 + + +# func_convert_file_cygwin_to_w32 ARG +# Convert file name ARG from Cygwin to w32 format. Returns result in +# func_to_host_file_result. +func_convert_file_cygwin_to_w32 () +{ + $opt_debug + func_to_host_file_result="$1" + if test -n "$1"; then + # because $build is cygwin, we call "the" cygpath in $PATH; no need to use + # LT_CYGPATH in this case. + func_to_host_file_result=`cygpath -m "$1"` + fi + func_convert_file_check "$1" "$func_to_host_file_result" +} +# end func_convert_file_cygwin_to_w32 + + +# func_convert_file_nix_to_w32 ARG +# Convert file name ARG from *nix to w32 format. Requires a wine environment +# and a working winepath. Returns result in func_to_host_file_result. +func_convert_file_nix_to_w32 () +{ + $opt_debug + func_to_host_file_result="$1" + if test -n "$1"; then + func_convert_core_file_wine_to_w32 "$1" + func_to_host_file_result="$func_convert_core_file_wine_to_w32_result" + fi + func_convert_file_check "$1" "$func_to_host_file_result" +} +# end func_convert_file_nix_to_w32 + + +# func_convert_file_msys_to_cygwin ARG +# Convert file name ARG from MSYS to Cygwin format. Requires LT_CYGPATH set. +# Returns result in func_to_host_file_result. +func_convert_file_msys_to_cygwin () +{ + $opt_debug + func_to_host_file_result="$1" + if test -n "$1"; then + func_convert_core_msys_to_w32 "$1" + func_cygpath -u "$func_convert_core_msys_to_w32_result" + func_to_host_file_result="$func_cygpath_result" + fi + func_convert_file_check "$1" "$func_to_host_file_result" +} +# end func_convert_file_msys_to_cygwin + + +# func_convert_file_nix_to_cygwin ARG +# Convert file name ARG from *nix to Cygwin format. Requires Cygwin installed +# in a wine environment, working winepath, and LT_CYGPATH set. Returns result +# in func_to_host_file_result. +func_convert_file_nix_to_cygwin () +{ + $opt_debug + func_to_host_file_result="$1" + if test -n "$1"; then + # convert from *nix to w32, then use cygpath to convert from w32 to cygwin. + func_convert_core_file_wine_to_w32 "$1" + func_cygpath -u "$func_convert_core_file_wine_to_w32_result" + func_to_host_file_result="$func_cygpath_result" + fi + func_convert_file_check "$1" "$func_to_host_file_result" +} +# end func_convert_file_nix_to_cygwin + + +############################################# +# $build to $host PATH CONVERSION FUNCTIONS # +############################################# +# invoked via `$to_host_path_cmd ARG' +# +# In each case, ARG is the path to be converted from $build to $host format. +# The result will be available in $func_to_host_path_result. +# +# Path separators are also converted from $build format to $host format. If +# ARG begins or ends with a path separator character, it is preserved (but +# converted to $host format) on output. +# +# All path conversion functions are named using the following convention: +# file name conversion function : func_convert_file_X_to_Y () +# path conversion function : func_convert_path_X_to_Y () +# where, for any given $build/$host combination the 'X_to_Y' value is the +# same. If conversion functions are added for new $build/$host combinations, +# the two new functions must follow this pattern, or func_init_to_host_path_cmd +# will break. + + +# func_init_to_host_path_cmd +# Ensures that function "pointer" variable $to_host_path_cmd is set to the +# appropriate value, based on the value of $to_host_file_cmd. +to_host_path_cmd= +func_init_to_host_path_cmd () +{ + $opt_debug + if test -z "$to_host_path_cmd"; then + func_stripname 'func_convert_file_' '' "$to_host_file_cmd" + to_host_path_cmd="func_convert_path_${func_stripname_result}" + fi +} + + +# func_to_host_path ARG +# Converts the path ARG from $build format to $host format. Return result +# in func_to_host_path_result. +func_to_host_path () +{ + $opt_debug + func_init_to_host_path_cmd + $to_host_path_cmd "$1" +} +# end func_to_host_path + + +# func_convert_path_noop ARG +# Copy ARG to func_to_host_path_result. +func_convert_path_noop () +{ + func_to_host_path_result="$1" +} +# end func_convert_path_noop + + +# func_convert_path_msys_to_w32 ARG +# Convert path ARG from (mingw) MSYS to (mingw) w32 format; automatic +# conversion to w32 is not available inside the cwrapper. Returns result in +# func_to_host_path_result. +func_convert_path_msys_to_w32 () +{ + $opt_debug + func_to_host_path_result="$1" + if test -n "$1"; then + # Remove leading and trailing path separator characters from ARG. MSYS + # behavior is inconsistent here; cygpath turns them into '.;' and ';.'; + # and winepath ignores them completely. + func_stripname : : "$1" + func_to_host_path_tmp1=$func_stripname_result + func_convert_core_msys_to_w32 "$func_to_host_path_tmp1" + func_to_host_path_result="$func_convert_core_msys_to_w32_result" + func_convert_path_check : ";" \ + "$func_to_host_path_tmp1" "$func_to_host_path_result" + func_convert_path_front_back_pathsep ":*" "*:" ";" "$1" + fi +} +# end func_convert_path_msys_to_w32 + + +# func_convert_path_cygwin_to_w32 ARG +# Convert path ARG from Cygwin to w32 format. Returns result in +# func_to_host_file_result. +func_convert_path_cygwin_to_w32 () +{ + $opt_debug + func_to_host_path_result="$1" + if test -n "$1"; then + # See func_convert_path_msys_to_w32: + func_stripname : : "$1" + func_to_host_path_tmp1=$func_stripname_result + func_to_host_path_result=`cygpath -m -p "$func_to_host_path_tmp1"` + func_convert_path_check : ";" \ + "$func_to_host_path_tmp1" "$func_to_host_path_result" + func_convert_path_front_back_pathsep ":*" "*:" ";" "$1" + fi +} +# end func_convert_path_cygwin_to_w32 + + +# func_convert_path_nix_to_w32 ARG +# Convert path ARG from *nix to w32 format. Requires a wine environment and +# a working winepath. Returns result in func_to_host_file_result. +func_convert_path_nix_to_w32 () +{ + $opt_debug + func_to_host_path_result="$1" + if test -n "$1"; then + # See func_convert_path_msys_to_w32: + func_stripname : : "$1" + func_to_host_path_tmp1=$func_stripname_result + func_convert_core_path_wine_to_w32 "$func_to_host_path_tmp1" + func_to_host_path_result="$func_convert_core_path_wine_to_w32_result" + func_convert_path_check : ";" \ + "$func_to_host_path_tmp1" "$func_to_host_path_result" + func_convert_path_front_back_pathsep ":*" "*:" ";" "$1" + fi +} +# end func_convert_path_nix_to_w32 + + +# func_convert_path_msys_to_cygwin ARG +# Convert path ARG from MSYS to Cygwin format. Requires LT_CYGPATH set. +# Returns result in func_to_host_file_result. +func_convert_path_msys_to_cygwin () +{ + $opt_debug + func_to_host_path_result="$1" + if test -n "$1"; then + # See func_convert_path_msys_to_w32: + func_stripname : : "$1" + func_to_host_path_tmp1=$func_stripname_result + func_convert_core_msys_to_w32 "$func_to_host_path_tmp1" + func_cygpath -u -p "$func_convert_core_msys_to_w32_result" + func_to_host_path_result="$func_cygpath_result" + func_convert_path_check : : \ + "$func_to_host_path_tmp1" "$func_to_host_path_result" + func_convert_path_front_back_pathsep ":*" "*:" : "$1" + fi +} +# end func_convert_path_msys_to_cygwin + + +# func_convert_path_nix_to_cygwin ARG +# Convert path ARG from *nix to Cygwin format. Requires Cygwin installed in a +# a wine environment, working winepath, and LT_CYGPATH set. Returns result in +# func_to_host_file_result. +func_convert_path_nix_to_cygwin () +{ + $opt_debug + func_to_host_path_result="$1" + if test -n "$1"; then + # Remove leading and trailing path separator characters from + # ARG. msys behavior is inconsistent here, cygpath turns them + # into '.;' and ';.', and winepath ignores them completely. + func_stripname : : "$1" + func_to_host_path_tmp1=$func_stripname_result + func_convert_core_path_wine_to_w32 "$func_to_host_path_tmp1" + func_cygpath -u -p "$func_convert_core_path_wine_to_w32_result" + func_to_host_path_result="$func_cygpath_result" + func_convert_path_check : : \ + "$func_to_host_path_tmp1" "$func_to_host_path_result" + func_convert_path_front_back_pathsep ":*" "*:" : "$1" + fi +} +# end func_convert_path_nix_to_cygwin + + +# func_mode_compile arg... +func_mode_compile () +{ + $opt_debug + # Get the compilation command and the source file. + base_compile= + srcfile="$nonopt" # always keep a non-empty value in "srcfile" + suppress_opt=yes + suppress_output= + arg_mode=normal + libobj= + later= + pie_flag= + + for arg + do + case $arg_mode in + arg ) + # do not "continue". Instead, add this to base_compile + lastarg="$arg" + arg_mode=normal + ;; + + target ) + libobj="$arg" + arg_mode=normal + continue + ;; + + normal ) + # Accept any command-line options. + case $arg in + -o) + test -n "$libobj" && \ + func_fatal_error "you cannot specify \`-o' more than once" + arg_mode=target + continue + ;; + + -pie | -fpie | -fPIE) + func_append pie_flag " $arg" + continue + ;; + + -shared | -static | -prefer-pic | -prefer-non-pic) + func_append later " $arg" + continue + ;; + + -no-suppress) + suppress_opt=no + continue + ;; + + -Xcompiler) + arg_mode=arg # the next one goes into the "base_compile" arg list + continue # The current "srcfile" will either be retained or + ;; # replaced later. I would guess that would be a bug. + + -Wc,*) + func_stripname '-Wc,' '' "$arg" + args=$func_stripname_result + lastarg= + save_ifs="$IFS"; IFS=',' + for arg in $args; do + IFS="$save_ifs" + func_append_quoted lastarg "$arg" + done + IFS="$save_ifs" + func_stripname ' ' '' "$lastarg" + lastarg=$func_stripname_result + + # Add the arguments to base_compile. + func_append base_compile " $lastarg" + continue + ;; + + *) + # Accept the current argument as the source file. + # The previous "srcfile" becomes the current argument. + # + lastarg="$srcfile" + srcfile="$arg" + ;; + esac # case $arg + ;; + esac # case $arg_mode + + # Aesthetically quote the previous argument. + func_append_quoted base_compile "$lastarg" + done # for arg + + case $arg_mode in + arg) + func_fatal_error "you must specify an argument for -Xcompile" + ;; + target) + func_fatal_error "you must specify a target with \`-o'" + ;; + *) + # Get the name of the library object. + test -z "$libobj" && { + func_basename "$srcfile" + libobj="$func_basename_result" + } + ;; + esac + + # Recognize several different file suffixes. + # If the user specifies -o file.o, it is replaced with file.lo + case $libobj in + *.[cCFSifmso] | \ + *.ada | *.adb | *.ads | *.asm | \ + *.c++ | *.cc | *.ii | *.class | *.cpp | *.cxx | \ + *.[fF][09]? | *.for | *.java | *.go | *.obj | *.sx | *.cu | *.cup) + func_xform "$libobj" + libobj=$func_xform_result + ;; + esac + + case $libobj in + *.lo) func_lo2o "$libobj"; obj=$func_lo2o_result ;; + *) + func_fatal_error "cannot determine name of library object from \`$libobj'" + ;; + esac + + func_infer_tag $base_compile + + for arg in $later; do + case $arg in + -shared) + test "$build_libtool_libs" != yes && \ + func_fatal_configuration "can not build a shared library" + build_old_libs=no + continue + ;; + + -static) + build_libtool_libs=no + build_old_libs=yes + continue + ;; + + -prefer-pic) + pic_mode=yes + continue + ;; + + -prefer-non-pic) + pic_mode=no + continue + ;; + esac + done + + func_quote_for_eval "$libobj" + test "X$libobj" != "X$func_quote_for_eval_result" \ + && $ECHO "X$libobj" | $GREP '[]~#^*{};<>?"'"'"' &()|`$[]' \ + && func_warning "libobj name \`$libobj' may not contain shell special characters." + func_dirname_and_basename "$obj" "/" "" + objname="$func_basename_result" + xdir="$func_dirname_result" + lobj=${xdir}$objdir/$objname + + test -z "$base_compile" && \ + func_fatal_help "you must specify a compilation command" + + # Delete any leftover library objects. + if test "$build_old_libs" = yes; then + removelist="$obj $lobj $libobj ${libobj}T" + else + removelist="$lobj $libobj ${libobj}T" + fi + + # On Cygwin there's no "real" PIC flag so we must build both object types + case $host_os in + cygwin* | mingw* | pw32* | os2* | cegcc*) + pic_mode=default + ;; + esac + if test "$pic_mode" = no && test "$deplibs_check_method" != pass_all; then + # non-PIC code in shared libraries is not supported + pic_mode=default + fi + + # Calculate the filename of the output object if compiler does + # not support -o with -c + if test "$compiler_c_o" = no; then + output_obj=`$ECHO "$srcfile" | $SED 's%^.*/%%; s%\.[^.]*$%%'`.${objext} + lockfile="$output_obj.lock" + else + output_obj= + need_locks=no + lockfile= + fi + + # Lock this critical section if it is needed + # We use this script file to make the link, it avoids creating a new file + if test "$need_locks" = yes; then + until $opt_dry_run || ln "$progpath" "$lockfile" 2>/dev/null; do + func_echo "Waiting for $lockfile to be removed" + sleep 2 + done + elif test "$need_locks" = warn; then + if test -f "$lockfile"; then + $ECHO "\ +*** ERROR, $lockfile exists and contains: +`cat $lockfile 2>/dev/null` + +This indicates that another process is trying to use the same +temporary object file, and libtool could not work around it because +your compiler does not support \`-c' and \`-o' together. If you +repeat this compilation, it may succeed, by chance, but you had better +avoid parallel builds (make -j) in this platform, or get a better +compiler." + + $opt_dry_run || $RM $removelist + exit $EXIT_FAILURE + fi + func_append removelist " $output_obj" + $ECHO "$srcfile" > "$lockfile" + fi + + $opt_dry_run || $RM $removelist + func_append removelist " $lockfile" + trap '$opt_dry_run || $RM $removelist; exit $EXIT_FAILURE' 1 2 15 + + func_to_tool_file "$srcfile" func_convert_file_msys_to_w32 + srcfile=$func_to_tool_file_result + func_quote_for_eval "$srcfile" + qsrcfile=$func_quote_for_eval_result + + # Only build a PIC object if we are building libtool libraries. + if test "$build_libtool_libs" = yes; then + # Without this assignment, base_compile gets emptied. + fbsd_hideous_sh_bug=$base_compile + + if test "$pic_mode" != no; then + command="$base_compile $qsrcfile $pic_flag" + else + # Don't build PIC code + command="$base_compile $qsrcfile" + fi + + func_mkdir_p "$xdir$objdir" + + if test -z "$output_obj"; then + # Place PIC objects in $objdir + func_append command " -o $lobj" + fi + + func_show_eval_locale "$command" \ + 'test -n "$output_obj" && $RM $removelist; exit $EXIT_FAILURE' + + if test "$need_locks" = warn && + test "X`cat $lockfile 2>/dev/null`" != "X$srcfile"; then + $ECHO "\ +*** ERROR, $lockfile contains: +`cat $lockfile 2>/dev/null` + +but it should contain: +$srcfile + +This indicates that another process is trying to use the same +temporary object file, and libtool could not work around it because +your compiler does not support \`-c' and \`-o' together. If you +repeat this compilation, it may succeed, by chance, but you had better +avoid parallel builds (make -j) in this platform, or get a better +compiler." + + $opt_dry_run || $RM $removelist + exit $EXIT_FAILURE + fi + + # Just move the object if needed, then go on to compile the next one + if test -n "$output_obj" && test "X$output_obj" != "X$lobj"; then + func_show_eval '$MV "$output_obj" "$lobj"' \ + 'error=$?; $opt_dry_run || $RM $removelist; exit $error' + fi + + # Allow error messages only from the first compilation. + if test "$suppress_opt" = yes; then + suppress_output=' >/dev/null 2>&1' + fi + fi + + # Only build a position-dependent object if we build old libraries. + if test "$build_old_libs" = yes; then + if test "$pic_mode" != yes; then + # Don't build PIC code + command="$base_compile $qsrcfile$pie_flag" + else + command="$base_compile $qsrcfile $pic_flag" + fi + if test "$compiler_c_o" = yes; then + func_append command " -o $obj" + fi + + # Suppress compiler output if we already did a PIC compilation. + func_append command "$suppress_output" + func_show_eval_locale "$command" \ + '$opt_dry_run || $RM $removelist; exit $EXIT_FAILURE' + + if test "$need_locks" = warn && + test "X`cat $lockfile 2>/dev/null`" != "X$srcfile"; then + $ECHO "\ +*** ERROR, $lockfile contains: +`cat $lockfile 2>/dev/null` + +but it should contain: +$srcfile + +This indicates that another process is trying to use the same +temporary object file, and libtool could not work around it because +your compiler does not support \`-c' and \`-o' together. If you +repeat this compilation, it may succeed, by chance, but you had better +avoid parallel builds (make -j) in this platform, or get a better +compiler." + + $opt_dry_run || $RM $removelist + exit $EXIT_FAILURE + fi + + # Just move the object if needed + if test -n "$output_obj" && test "X$output_obj" != "X$obj"; then + func_show_eval '$MV "$output_obj" "$obj"' \ + 'error=$?; $opt_dry_run || $RM $removelist; exit $error' + fi + fi + + $opt_dry_run || { + func_write_libtool_object "$libobj" "$objdir/$objname" "$objname" + + # Unlock the critical section if it was locked + if test "$need_locks" != no; then + removelist=$lockfile + $RM "$lockfile" + fi + } + + exit $EXIT_SUCCESS +} + +$opt_help || { + test "$opt_mode" = compile && func_mode_compile ${1+"$@"} +} + +func_mode_help () +{ + # We need to display help for each of the modes. + case $opt_mode in + "") + # Generic help is extracted from the usage comments + # at the start of this file. + func_help + ;; + + clean) + $ECHO \ +"Usage: $progname [OPTION]... --mode=clean RM [RM-OPTION]... FILE... + +Remove files from the build directory. + +RM is the name of the program to use to delete files associated with each FILE +(typically \`/bin/rm'). RM-OPTIONS are options (such as \`-f') to be passed +to RM. + +If FILE is a libtool library, object or program, all the files associated +with it are deleted. Otherwise, only FILE itself is deleted using RM." + ;; + + compile) + $ECHO \ +"Usage: $progname [OPTION]... --mode=compile COMPILE-COMMAND... SOURCEFILE + +Compile a source file into a libtool library object. + +This mode accepts the following additional options: + + -o OUTPUT-FILE set the output file name to OUTPUT-FILE + -no-suppress do not suppress compiler output for multiple passes + -prefer-pic try to build PIC objects only + -prefer-non-pic try to build non-PIC objects only + -shared do not build a \`.o' file suitable for static linking + -static only build a \`.o' file suitable for static linking + -Wc,FLAG pass FLAG directly to the compiler + +COMPILE-COMMAND is a command to be used in creating a \`standard' object file +from the given SOURCEFILE. + +The output file name is determined by removing the directory component from +SOURCEFILE, then substituting the C source code suffix \`.c' with the +library object suffix, \`.lo'." + ;; + + execute) + $ECHO \ +"Usage: $progname [OPTION]... --mode=execute COMMAND [ARGS]... + +Automatically set library path, then run a program. + +This mode accepts the following additional options: + + -dlopen FILE add the directory containing FILE to the library path + +This mode sets the library path environment variable according to \`-dlopen' +flags. + +If any of the ARGS are libtool executable wrappers, then they are translated +into their corresponding uninstalled binary, and any of their required library +directories are added to the library path. + +Then, COMMAND is executed, with ARGS as arguments." + ;; + + finish) + $ECHO \ +"Usage: $progname [OPTION]... --mode=finish [LIBDIR]... + +Complete the installation of libtool libraries. + +Each LIBDIR is a directory that contains libtool libraries. + +The commands that this mode executes may require superuser privileges. Use +the \`--dry-run' option if you just want to see what would be executed." + ;; + + install) + $ECHO \ +"Usage: $progname [OPTION]... --mode=install INSTALL-COMMAND... + +Install executables or libraries. + +INSTALL-COMMAND is the installation command. The first component should be +either the \`install' or \`cp' program. + +The following components of INSTALL-COMMAND are treated specially: + + -inst-prefix-dir PREFIX-DIR Use PREFIX-DIR as a staging area for installation + +The rest of the components are interpreted as arguments to that command (only +BSD-compatible install options are recognized)." + ;; + + link) + $ECHO \ +"Usage: $progname [OPTION]... --mode=link LINK-COMMAND... + +Link object files or libraries together to form another library, or to +create an executable program. + +LINK-COMMAND is a command using the C compiler that you would use to create +a program from several object files. + +The following components of LINK-COMMAND are treated specially: + + -all-static do not do any dynamic linking at all + -avoid-version do not add a version suffix if possible + -bindir BINDIR specify path to binaries directory (for systems where + libraries must be found in the PATH setting at runtime) + -dlopen FILE \`-dlpreopen' FILE if it cannot be dlopened at runtime + -dlpreopen FILE link in FILE and add its symbols to lt_preloaded_symbols + -export-dynamic allow symbols from OUTPUT-FILE to be resolved with dlsym(3) + -export-symbols SYMFILE + try to export only the symbols listed in SYMFILE + -export-symbols-regex REGEX + try to export only the symbols matching REGEX + -LLIBDIR search LIBDIR for required installed libraries + -lNAME OUTPUT-FILE requires the installed library libNAME + -module build a library that can dlopened + -no-fast-install disable the fast-install mode + -no-install link a not-installable executable + -no-undefined declare that a library does not refer to external symbols + -o OUTPUT-FILE create OUTPUT-FILE from the specified objects + -objectlist FILE Use a list of object files found in FILE to specify objects + -precious-files-regex REGEX + don't remove output files matching REGEX + -release RELEASE specify package release information + -rpath LIBDIR the created library will eventually be installed in LIBDIR + -R[ ]LIBDIR add LIBDIR to the runtime path of programs and libraries + -shared only do dynamic linking of libtool libraries + -shrext SUFFIX override the standard shared library file extension + -static do not do any dynamic linking of uninstalled libtool libraries + -static-libtool-libs + do not do any dynamic linking of libtool libraries + -version-info CURRENT[:REVISION[:AGE]] + specify library version info [each variable defaults to 0] + -weak LIBNAME declare that the target provides the LIBNAME interface + -Wc,FLAG + -Xcompiler FLAG pass linker-specific FLAG directly to the compiler + -Wl,FLAG + -Xlinker FLAG pass linker-specific FLAG directly to the linker + -XCClinker FLAG pass link-specific FLAG to the compiler driver (CC) + +All other options (arguments beginning with \`-') are ignored. + +Every other argument is treated as a filename. Files ending in \`.la' are +treated as uninstalled libtool libraries, other files are standard or library +object files. + +If the OUTPUT-FILE ends in \`.la', then a libtool library is created, +only library objects (\`.lo' files) may be specified, and \`-rpath' is +required, except when creating a convenience library. + +If OUTPUT-FILE ends in \`.a' or \`.lib', then a standard library is created +using \`ar' and \`ranlib', or on Windows using \`lib'. + +If OUTPUT-FILE ends in \`.lo' or \`.${objext}', then a reloadable object file +is created, otherwise an executable program is created." + ;; + + uninstall) + $ECHO \ +"Usage: $progname [OPTION]... --mode=uninstall RM [RM-OPTION]... FILE... + +Remove libraries from an installation directory. + +RM is the name of the program to use to delete files associated with each FILE +(typically \`/bin/rm'). RM-OPTIONS are options (such as \`-f') to be passed +to RM. + +If FILE is a libtool library, all the files associated with it are deleted. +Otherwise, only FILE itself is deleted using RM." + ;; + + *) + func_fatal_help "invalid operation mode \`$opt_mode'" + ;; + esac + + echo + $ECHO "Try \`$progname --help' for more information about other modes." +} + +# Now that we've collected a possible --mode arg, show help if necessary +if $opt_help; then + if test "$opt_help" = :; then + func_mode_help + else + { + func_help noexit + for opt_mode in compile link execute install finish uninstall clean; do + func_mode_help + done + } | sed -n '1p; 2,$s/^Usage:/ or: /p' + { + func_help noexit + for opt_mode in compile link execute install finish uninstall clean; do + echo + func_mode_help + done + } | + sed '1d + /^When reporting/,/^Report/{ + H + d + } + $x + /information about other modes/d + /more detailed .*MODE/d + s/^Usage:.*--mode=\([^ ]*\) .*/Description of \1 mode:/' + fi + exit $? +fi + + +# func_mode_execute arg... +func_mode_execute () +{ + $opt_debug + # The first argument is the command name. + cmd="$nonopt" + test -z "$cmd" && \ + func_fatal_help "you must specify a COMMAND" + + # Handle -dlopen flags immediately. + for file in $opt_dlopen; do + test -f "$file" \ + || func_fatal_help "\`$file' is not a file" + + dir= + case $file in + *.la) + func_resolve_sysroot "$file" + file=$func_resolve_sysroot_result + + # Check to see that this really is a libtool archive. + func_lalib_unsafe_p "$file" \ + || func_fatal_help "\`$lib' is not a valid libtool archive" + + # Read the libtool library. + dlname= + library_names= + func_source "$file" + + # Skip this library if it cannot be dlopened. + if test -z "$dlname"; then + # Warn if it was a shared library. + test -n "$library_names" && \ + func_warning "\`$file' was not linked with \`-export-dynamic'" + continue + fi + + func_dirname "$file" "" "." + dir="$func_dirname_result" + + if test -f "$dir/$objdir/$dlname"; then + func_append dir "/$objdir" + else + if test ! -f "$dir/$dlname"; then + func_fatal_error "cannot find \`$dlname' in \`$dir' or \`$dir/$objdir'" + fi + fi + ;; + + *.lo) + # Just add the directory containing the .lo file. + func_dirname "$file" "" "." + dir="$func_dirname_result" + ;; + + *) + func_warning "\`-dlopen' is ignored for non-libtool libraries and objects" + continue + ;; + esac + + # Get the absolute pathname. + absdir=`cd "$dir" && pwd` + test -n "$absdir" && dir="$absdir" + + # Now add the directory to shlibpath_var. + if eval "test -z \"\$$shlibpath_var\""; then + eval "$shlibpath_var=\"\$dir\"" + else + eval "$shlibpath_var=\"\$dir:\$$shlibpath_var\"" + fi + done + + # This variable tells wrapper scripts just to set shlibpath_var + # rather than running their programs. + libtool_execute_magic="$magic" + + # Check if any of the arguments is a wrapper script. + args= + for file + do + case $file in + -* | *.la | *.lo ) ;; + *) + # Do a test to see if this is really a libtool program. + if func_ltwrapper_script_p "$file"; then + func_source "$file" + # Transform arg to wrapped name. + file="$progdir/$program" + elif func_ltwrapper_executable_p "$file"; then + func_ltwrapper_scriptname "$file" + func_source "$func_ltwrapper_scriptname_result" + # Transform arg to wrapped name. + file="$progdir/$program" + fi + ;; + esac + # Quote arguments (to preserve shell metacharacters). + func_append_quoted args "$file" + done + + if test "X$opt_dry_run" = Xfalse; then + if test -n "$shlibpath_var"; then + # Export the shlibpath_var. + eval "export $shlibpath_var" + fi + + # Restore saved environment variables + for lt_var in LANG LANGUAGE LC_ALL LC_CTYPE LC_COLLATE LC_MESSAGES + do + eval "if test \"\${save_$lt_var+set}\" = set; then + $lt_var=\$save_$lt_var; export $lt_var + else + $lt_unset $lt_var + fi" + done + + # Now prepare to actually exec the command. + exec_cmd="\$cmd$args" + else + # Display what would be done. + if test -n "$shlibpath_var"; then + eval "\$ECHO \"\$shlibpath_var=\$$shlibpath_var\"" + echo "export $shlibpath_var" + fi + $ECHO "$cmd$args" + exit $EXIT_SUCCESS + fi +} + +test "$opt_mode" = execute && func_mode_execute ${1+"$@"} + + +# func_mode_finish arg... +func_mode_finish () +{ + $opt_debug + libs= + libdirs= + admincmds= + + for opt in "$nonopt" ${1+"$@"} + do + if test -d "$opt"; then + func_append libdirs " $opt" + + elif test -f "$opt"; then + if func_lalib_unsafe_p "$opt"; then + func_append libs " $opt" + else + func_warning "\`$opt' is not a valid libtool archive" + fi + + else + func_fatal_error "invalid argument \`$opt'" + fi + done + + if test -n "$libs"; then + if test -n "$lt_sysroot"; then + sysroot_regex=`$ECHO "$lt_sysroot" | $SED "$sed_make_literal_regex"` + sysroot_cmd="s/\([ ']\)$sysroot_regex/\1/g;" + else + sysroot_cmd= + fi + + # Remove sysroot references + if $opt_dry_run; then + for lib in $libs; do + echo "removing references to $lt_sysroot and \`=' prefixes from $lib" + done + else + tmpdir=`func_mktempdir` + for lib in $libs; do + sed -e "${sysroot_cmd} s/\([ ']-[LR]\)=/\1/g; s/\([ ']\)=/\1/g" $lib \ + > $tmpdir/tmp-la + mv -f $tmpdir/tmp-la $lib + done + ${RM}r "$tmpdir" + fi + fi + + if test -n "$finish_cmds$finish_eval" && test -n "$libdirs"; then + for libdir in $libdirs; do + if test -n "$finish_cmds"; then + # Do each command in the finish commands. + func_execute_cmds "$finish_cmds" 'admincmds="$admincmds +'"$cmd"'"' + fi + if test -n "$finish_eval"; then + # Do the single finish_eval. + eval cmds=\"$finish_eval\" + $opt_dry_run || eval "$cmds" || func_append admincmds " + $cmds" + fi + done + fi + + # Exit here if they wanted silent mode. + $opt_silent && exit $EXIT_SUCCESS + + if test -n "$finish_cmds$finish_eval" && test -n "$libdirs"; then + echo "----------------------------------------------------------------------" + echo "Libraries have been installed in:" + for libdir in $libdirs; do + $ECHO " $libdir" + done + echo + echo "If you ever happen to want to link against installed libraries" + echo "in a given directory, LIBDIR, you must either use libtool, and" + echo "specify the full pathname of the library, or use the \`-LLIBDIR'" + echo "flag during linking and do at least one of the following:" + if test -n "$shlibpath_var"; then + echo " - add LIBDIR to the \`$shlibpath_var' environment variable" + echo " during execution" + fi + if test -n "$runpath_var"; then + echo " - add LIBDIR to the \`$runpath_var' environment variable" + echo " during linking" + fi + if test -n "$hardcode_libdir_flag_spec"; then + libdir=LIBDIR + eval flag=\"$hardcode_libdir_flag_spec\" + + $ECHO " - use the \`$flag' linker flag" + fi + if test -n "$admincmds"; then + $ECHO " - have your system administrator run these commands:$admincmds" + fi + if test -f /etc/ld.so.conf; then + echo " - have your system administrator add LIBDIR to \`/etc/ld.so.conf'" + fi + echo + + echo "See any operating system documentation about shared libraries for" + case $host in + solaris2.[6789]|solaris2.1[0-9]) + echo "more information, such as the ld(1), crle(1) and ld.so(8) manual" + echo "pages." + ;; + *) + echo "more information, such as the ld(1) and ld.so(8) manual pages." + ;; + esac + echo "----------------------------------------------------------------------" + fi + exit $EXIT_SUCCESS +} + +test "$opt_mode" = finish && func_mode_finish ${1+"$@"} + + +# func_mode_install arg... +func_mode_install () +{ + $opt_debug + # There may be an optional sh(1) argument at the beginning of + # install_prog (especially on Windows NT). + if test "$nonopt" = "$SHELL" || test "$nonopt" = /bin/sh || + # Allow the use of GNU shtool's install command. + case $nonopt in *shtool*) :;; *) false;; esac; then + # Aesthetically quote it. + func_quote_for_eval "$nonopt" + install_prog="$func_quote_for_eval_result " + arg=$1 + shift + else + install_prog= + arg=$nonopt + fi + + # The real first argument should be the name of the installation program. + # Aesthetically quote it. + func_quote_for_eval "$arg" + func_append install_prog "$func_quote_for_eval_result" + install_shared_prog=$install_prog + case " $install_prog " in + *[\\\ /]cp\ *) install_cp=: ;; + *) install_cp=false ;; + esac + + # We need to accept at least all the BSD install flags. + dest= + files= + opts= + prev= + install_type= + isdir=no + stripme= + no_mode=: + for arg + do + arg2= + if test -n "$dest"; then + func_append files " $dest" + dest=$arg + continue + fi + + case $arg in + -d) isdir=yes ;; + -f) + if $install_cp; then :; else + prev=$arg + fi + ;; + -g | -m | -o) + prev=$arg + ;; + -s) + stripme=" -s" + continue + ;; + -*) + ;; + *) + # If the previous option needed an argument, then skip it. + if test -n "$prev"; then + if test "x$prev" = x-m && test -n "$install_override_mode"; then + arg2=$install_override_mode + no_mode=false + fi + prev= + else + dest=$arg + continue + fi + ;; + esac + + # Aesthetically quote the argument. + func_quote_for_eval "$arg" + func_append install_prog " $func_quote_for_eval_result" + if test -n "$arg2"; then + func_quote_for_eval "$arg2" + fi + func_append install_shared_prog " $func_quote_for_eval_result" + done + + test -z "$install_prog" && \ + func_fatal_help "you must specify an install program" + + test -n "$prev" && \ + func_fatal_help "the \`$prev' option requires an argument" + + if test -n "$install_override_mode" && $no_mode; then + if $install_cp; then :; else + func_quote_for_eval "$install_override_mode" + func_append install_shared_prog " -m $func_quote_for_eval_result" + fi + fi + + if test -z "$files"; then + if test -z "$dest"; then + func_fatal_help "no file or destination specified" + else + func_fatal_help "you must specify a destination" + fi + fi + + # Strip any trailing slash from the destination. + func_stripname '' '/' "$dest" + dest=$func_stripname_result + + # Check to see that the destination is a directory. + test -d "$dest" && isdir=yes + if test "$isdir" = yes; then + destdir="$dest" + destname= + else + func_dirname_and_basename "$dest" "" "." + destdir="$func_dirname_result" + destname="$func_basename_result" + + # Not a directory, so check to see that there is only one file specified. + set dummy $files; shift + test "$#" -gt 1 && \ + func_fatal_help "\`$dest' is not a directory" + fi + case $destdir in + [\\/]* | [A-Za-z]:[\\/]*) ;; + *) + for file in $files; do + case $file in + *.lo) ;; + *) + func_fatal_help "\`$destdir' must be an absolute directory name" + ;; + esac + done + ;; + esac + + # This variable tells wrapper scripts just to set variables rather + # than running their programs. + libtool_install_magic="$magic" + + staticlibs= + future_libdirs= + current_libdirs= + for file in $files; do + + # Do each installation. + case $file in + *.$libext) + # Do the static libraries later. + func_append staticlibs " $file" + ;; + + *.la) + func_resolve_sysroot "$file" + file=$func_resolve_sysroot_result + + # Check to see that this really is a libtool archive. + func_lalib_unsafe_p "$file" \ + || func_fatal_help "\`$file' is not a valid libtool archive" + + library_names= + old_library= + relink_command= + func_source "$file" + + # Add the libdir to current_libdirs if it is the destination. + if test "X$destdir" = "X$libdir"; then + case "$current_libdirs " in + *" $libdir "*) ;; + *) func_append current_libdirs " $libdir" ;; + esac + else + # Note the libdir as a future libdir. + case "$future_libdirs " in + *" $libdir "*) ;; + *) func_append future_libdirs " $libdir" ;; + esac + fi + + func_dirname "$file" "/" "" + dir="$func_dirname_result" + func_append dir "$objdir" + + if test -n "$relink_command"; then + # Determine the prefix the user has applied to our future dir. + inst_prefix_dir=`$ECHO "$destdir" | $SED -e "s%$libdir\$%%"` + + # Don't allow the user to place us outside of our expected + # location b/c this prevents finding dependent libraries that + # are installed to the same prefix. + # At present, this check doesn't affect windows .dll's that + # are installed into $libdir/../bin (currently, that works fine) + # but it's something to keep an eye on. + test "$inst_prefix_dir" = "$destdir" && \ + func_fatal_error "error: cannot install \`$file' to a directory not ending in $libdir" + + if test -n "$inst_prefix_dir"; then + # Stick the inst_prefix_dir data into the link command. + relink_command=`$ECHO "$relink_command" | $SED "s%@inst_prefix_dir@%-inst-prefix-dir $inst_prefix_dir%"` + else + relink_command=`$ECHO "$relink_command" | $SED "s%@inst_prefix_dir@%%"` + fi + + func_warning "relinking \`$file'" + func_show_eval "$relink_command" \ + 'func_fatal_error "error: relink \`$file'\'' with the above command before installing it"' + fi + + # See the names of the shared library. + set dummy $library_names; shift + if test -n "$1"; then + realname="$1" + shift + + srcname="$realname" + test -n "$relink_command" && srcname="$realname"T + + # Install the shared library and build the symlinks. + func_show_eval "$install_shared_prog $dir/$srcname $destdir/$realname" \ + 'exit $?' + tstripme="$stripme" + case $host_os in + cygwin* | mingw* | pw32* | cegcc*) + case $realname in + *.dll.a) + tstripme="" + ;; + esac + ;; + esac + if test -n "$tstripme" && test -n "$striplib"; then + func_show_eval "$striplib $destdir/$realname" 'exit $?' + fi + + if test "$#" -gt 0; then + # Delete the old symlinks, and create new ones. + # Try `ln -sf' first, because the `ln' binary might depend on + # the symlink we replace! Solaris /bin/ln does not understand -f, + # so we also need to try rm && ln -s. + for linkname + do + test "$linkname" != "$realname" \ + && func_show_eval "(cd $destdir && { $LN_S -f $realname $linkname || { $RM $linkname && $LN_S $realname $linkname; }; })" + done + fi + + # Do each command in the postinstall commands. + lib="$destdir/$realname" + func_execute_cmds "$postinstall_cmds" 'exit $?' + fi + + # Install the pseudo-library for information purposes. + func_basename "$file" + name="$func_basename_result" + instname="$dir/$name"i + func_show_eval "$install_prog $instname $destdir/$name" 'exit $?' + + # Maybe install the static library, too. + test -n "$old_library" && func_append staticlibs " $dir/$old_library" + ;; + + *.lo) + # Install (i.e. copy) a libtool object. + + # Figure out destination file name, if it wasn't already specified. + if test -n "$destname"; then + destfile="$destdir/$destname" + else + func_basename "$file" + destfile="$func_basename_result" + destfile="$destdir/$destfile" + fi + + # Deduce the name of the destination old-style object file. + case $destfile in + *.lo) + func_lo2o "$destfile" + staticdest=$func_lo2o_result + ;; + *.$objext) + staticdest="$destfile" + destfile= + ;; + *) + func_fatal_help "cannot copy a libtool object to \`$destfile'" + ;; + esac + + # Install the libtool object if requested. + test -n "$destfile" && \ + func_show_eval "$install_prog $file $destfile" 'exit $?' + + # Install the old object if enabled. + if test "$build_old_libs" = yes; then + # Deduce the name of the old-style object file. + func_lo2o "$file" + staticobj=$func_lo2o_result + func_show_eval "$install_prog \$staticobj \$staticdest" 'exit $?' + fi + exit $EXIT_SUCCESS + ;; + + *) + # Figure out destination file name, if it wasn't already specified. + if test -n "$destname"; then + destfile="$destdir/$destname" + else + func_basename "$file" + destfile="$func_basename_result" + destfile="$destdir/$destfile" + fi + + # If the file is missing, and there is a .exe on the end, strip it + # because it is most likely a libtool script we actually want to + # install + stripped_ext="" + case $file in + *.exe) + if test ! -f "$file"; then + func_stripname '' '.exe' "$file" + file=$func_stripname_result + stripped_ext=".exe" + fi + ;; + esac + + # Do a test to see if this is really a libtool program. + case $host in + *cygwin* | *mingw*) + if func_ltwrapper_executable_p "$file"; then + func_ltwrapper_scriptname "$file" + wrapper=$func_ltwrapper_scriptname_result + else + func_stripname '' '.exe' "$file" + wrapper=$func_stripname_result + fi + ;; + *) + wrapper=$file + ;; + esac + if func_ltwrapper_script_p "$wrapper"; then + notinst_deplibs= + relink_command= + + func_source "$wrapper" + + # Check the variables that should have been set. + test -z "$generated_by_libtool_version" && \ + func_fatal_error "invalid libtool wrapper script \`$wrapper'" + + finalize=yes + for lib in $notinst_deplibs; do + # Check to see that each library is installed. + libdir= + if test -f "$lib"; then + func_source "$lib" + fi + libfile="$libdir/"`$ECHO "$lib" | $SED 's%^.*/%%g'` ### testsuite: skip nested quoting test + if test -n "$libdir" && test ! -f "$libfile"; then + func_warning "\`$lib' has not been installed in \`$libdir'" + finalize=no + fi + done + + relink_command= + func_source "$wrapper" + + outputname= + if test "$fast_install" = no && test -n "$relink_command"; then + $opt_dry_run || { + if test "$finalize" = yes; then + tmpdir=`func_mktempdir` + func_basename "$file$stripped_ext" + file="$func_basename_result" + outputname="$tmpdir/$file" + # Replace the output file specification. + relink_command=`$ECHO "$relink_command" | $SED 's%@OUTPUT@%'"$outputname"'%g'` + + $opt_silent || { + func_quote_for_expand "$relink_command" + eval "func_echo $func_quote_for_expand_result" + } + if eval "$relink_command"; then : + else + func_error "error: relink \`$file' with the above command before installing it" + $opt_dry_run || ${RM}r "$tmpdir" + continue + fi + file="$outputname" + else + func_warning "cannot relink \`$file'" + fi + } + else + # Install the binary that we compiled earlier. + file=`$ECHO "$file$stripped_ext" | $SED "s%\([^/]*\)$%$objdir/\1%"` + fi + fi + + # remove .exe since cygwin /usr/bin/install will append another + # one anyway + case $install_prog,$host in + */usr/bin/install*,*cygwin*) + case $file:$destfile in + *.exe:*.exe) + # this is ok + ;; + *.exe:*) + destfile=$destfile.exe + ;; + *:*.exe) + func_stripname '' '.exe' "$destfile" + destfile=$func_stripname_result + ;; + esac + ;; + esac + func_show_eval "$install_prog\$stripme \$file \$destfile" 'exit $?' + $opt_dry_run || if test -n "$outputname"; then + ${RM}r "$tmpdir" + fi + ;; + esac + done + + for file in $staticlibs; do + func_basename "$file" + name="$func_basename_result" + + # Set up the ranlib parameters. + oldlib="$destdir/$name" + func_to_tool_file "$oldlib" func_convert_file_msys_to_w32 + tool_oldlib=$func_to_tool_file_result + + func_show_eval "$install_prog \$file \$oldlib" 'exit $?' + + if test -n "$stripme" && test -n "$old_striplib"; then + func_show_eval "$old_striplib $tool_oldlib" 'exit $?' + fi + + # Do each command in the postinstall commands. + func_execute_cmds "$old_postinstall_cmds" 'exit $?' + done + + test -n "$future_libdirs" && \ + func_warning "remember to run \`$progname --finish$future_libdirs'" + + if test -n "$current_libdirs"; then + # Maybe just do a dry run. + $opt_dry_run && current_libdirs=" -n$current_libdirs" + exec_cmd='$SHELL $progpath $preserve_args --finish$current_libdirs' + else + exit $EXIT_SUCCESS + fi +} + +test "$opt_mode" = install && func_mode_install ${1+"$@"} + + +# func_generate_dlsyms outputname originator pic_p +# Extract symbols from dlprefiles and create ${outputname}S.o with +# a dlpreopen symbol table. +func_generate_dlsyms () +{ + $opt_debug + my_outputname="$1" + my_originator="$2" + my_pic_p="${3-no}" + my_prefix=`$ECHO "$my_originator" | sed 's%[^a-zA-Z0-9]%_%g'` + my_dlsyms= + + if test -n "$dlfiles$dlprefiles" || test "$dlself" != no; then + if test -n "$NM" && test -n "$global_symbol_pipe"; then + my_dlsyms="${my_outputname}S.c" + else + func_error "not configured to extract global symbols from dlpreopened files" + fi + fi + + if test -n "$my_dlsyms"; then + case $my_dlsyms in + "") ;; + *.c) + # Discover the nlist of each of the dlfiles. + nlist="$output_objdir/${my_outputname}.nm" + + func_show_eval "$RM $nlist ${nlist}S ${nlist}T" + + # Parse the name list into a source file. + func_verbose "creating $output_objdir/$my_dlsyms" + + $opt_dry_run || $ECHO > "$output_objdir/$my_dlsyms" "\ +/* $my_dlsyms - symbol resolution table for \`$my_outputname' dlsym emulation. */ +/* Generated by $PROGRAM (GNU $PACKAGE$TIMESTAMP) $VERSION */ + +#ifdef __cplusplus +extern \"C\" { +#endif + +#if defined(__GNUC__) && (((__GNUC__ == 4) && (__GNUC_MINOR__ >= 4)) || (__GNUC__ > 4)) +#pragma GCC diagnostic ignored \"-Wstrict-prototypes\" +#endif + +/* Keep this code in sync between libtool.m4, ltmain, lt_system.h, and tests. */ +#if defined(_WIN32) || defined(__CYGWIN__) || defined(_WIN32_WCE) +/* DATA imports from DLLs on WIN32 con't be const, because runtime + relocations are performed -- see ld's documentation on pseudo-relocs. */ +# define LT_DLSYM_CONST +#elif defined(__osf__) +/* This system does not cope well with relocations in const data. */ +# define LT_DLSYM_CONST +#else +# define LT_DLSYM_CONST const +#endif + +/* External symbol declarations for the compiler. */\ +" + + if test "$dlself" = yes; then + func_verbose "generating symbol list for \`$output'" + + $opt_dry_run || echo ': @PROGRAM@ ' > "$nlist" + + # Add our own program objects to the symbol list. + progfiles=`$ECHO "$objs$old_deplibs" | $SP2NL | $SED "$lo2o" | $NL2SP` + for progfile in $progfiles; do + func_to_tool_file "$progfile" func_convert_file_msys_to_w32 + func_verbose "extracting global C symbols from \`$func_to_tool_file_result'" + $opt_dry_run || eval "$NM $func_to_tool_file_result | $global_symbol_pipe >> '$nlist'" + done + + if test -n "$exclude_expsyms"; then + $opt_dry_run || { + eval '$EGREP -v " ($exclude_expsyms)$" "$nlist" > "$nlist"T' + eval '$MV "$nlist"T "$nlist"' + } + fi + + if test -n "$export_symbols_regex"; then + $opt_dry_run || { + eval '$EGREP -e "$export_symbols_regex" "$nlist" > "$nlist"T' + eval '$MV "$nlist"T "$nlist"' + } + fi + + # Prepare the list of exported symbols + if test -z "$export_symbols"; then + export_symbols="$output_objdir/$outputname.exp" + $opt_dry_run || { + $RM $export_symbols + eval "${SED} -n -e '/^: @PROGRAM@ $/d' -e 's/^.* \(.*\)$/\1/p' "'< "$nlist" > "$export_symbols"' + case $host in + *cygwin* | *mingw* | *cegcc* ) + eval "echo EXPORTS "'> "$output_objdir/$outputname.def"' + eval 'cat "$export_symbols" >> "$output_objdir/$outputname.def"' + ;; + esac + } + else + $opt_dry_run || { + eval "${SED} -e 's/\([].[*^$]\)/\\\\\1/g' -e 's/^/ /' -e 's/$/$/'"' < "$export_symbols" > "$output_objdir/$outputname.exp"' + eval '$GREP -f "$output_objdir/$outputname.exp" < "$nlist" > "$nlist"T' + eval '$MV "$nlist"T "$nlist"' + case $host in + *cygwin* | *mingw* | *cegcc* ) + eval "echo EXPORTS "'> "$output_objdir/$outputname.def"' + eval 'cat "$nlist" >> "$output_objdir/$outputname.def"' + ;; + esac + } + fi + fi + + for dlprefile in $dlprefiles; do + func_verbose "extracting global C symbols from \`$dlprefile'" + func_basename "$dlprefile" + name="$func_basename_result" + case $host in + *cygwin* | *mingw* | *cegcc* ) + # if an import library, we need to obtain dlname + if func_win32_import_lib_p "$dlprefile"; then + func_tr_sh "$dlprefile" + eval "curr_lafile=\$libfile_$func_tr_sh_result" + dlprefile_dlbasename="" + if test -n "$curr_lafile" && func_lalib_p "$curr_lafile"; then + # Use subshell, to avoid clobbering current variable values + dlprefile_dlname=`source "$curr_lafile" && echo "$dlname"` + if test -n "$dlprefile_dlname" ; then + func_basename "$dlprefile_dlname" + dlprefile_dlbasename="$func_basename_result" + else + # no lafile. user explicitly requested -dlpreopen . + $sharedlib_from_linklib_cmd "$dlprefile" + dlprefile_dlbasename=$sharedlib_from_linklib_result + fi + fi + $opt_dry_run || { + if test -n "$dlprefile_dlbasename" ; then + eval '$ECHO ": $dlprefile_dlbasename" >> "$nlist"' + else + func_warning "Could not compute DLL name from $name" + eval '$ECHO ": $name " >> "$nlist"' + fi + func_to_tool_file "$dlprefile" func_convert_file_msys_to_w32 + eval "$NM \"$func_to_tool_file_result\" 2>/dev/null | $global_symbol_pipe | + $SED -e '/I __imp/d' -e 's/I __nm_/D /;s/_nm__//' >> '$nlist'" + } + else # not an import lib + $opt_dry_run || { + eval '$ECHO ": $name " >> "$nlist"' + func_to_tool_file "$dlprefile" func_convert_file_msys_to_w32 + eval "$NM \"$func_to_tool_file_result\" 2>/dev/null | $global_symbol_pipe >> '$nlist'" + } + fi + ;; + *) + $opt_dry_run || { + eval '$ECHO ": $name " >> "$nlist"' + func_to_tool_file "$dlprefile" func_convert_file_msys_to_w32 + eval "$NM \"$func_to_tool_file_result\" 2>/dev/null | $global_symbol_pipe >> '$nlist'" + } + ;; + esac + done + + $opt_dry_run || { + # Make sure we have at least an empty file. + test -f "$nlist" || : > "$nlist" + + if test -n "$exclude_expsyms"; then + $EGREP -v " ($exclude_expsyms)$" "$nlist" > "$nlist"T + $MV "$nlist"T "$nlist" + fi + + # Try sorting and uniquifying the output. + if $GREP -v "^: " < "$nlist" | + if sort -k 3 /dev/null 2>&1; then + sort -k 3 + else + sort +2 + fi | + uniq > "$nlist"S; then + : + else + $GREP -v "^: " < "$nlist" > "$nlist"S + fi + + if test -f "$nlist"S; then + eval "$global_symbol_to_cdecl"' < "$nlist"S >> "$output_objdir/$my_dlsyms"' + else + echo '/* NONE */' >> "$output_objdir/$my_dlsyms" + fi + + echo >> "$output_objdir/$my_dlsyms" "\ + +/* The mapping between symbol names and symbols. */ +typedef struct { + const char *name; + void *address; +} lt_dlsymlist; +extern LT_DLSYM_CONST lt_dlsymlist +lt_${my_prefix}_LTX_preloaded_symbols[]; +LT_DLSYM_CONST lt_dlsymlist +lt_${my_prefix}_LTX_preloaded_symbols[] = +{\ + { \"$my_originator\", (void *) 0 }," + + case $need_lib_prefix in + no) + eval "$global_symbol_to_c_name_address" < "$nlist" >> "$output_objdir/$my_dlsyms" + ;; + *) + eval "$global_symbol_to_c_name_address_lib_prefix" < "$nlist" >> "$output_objdir/$my_dlsyms" + ;; + esac + echo >> "$output_objdir/$my_dlsyms" "\ + {0, (void *) 0} +}; + +/* This works around a problem in FreeBSD linker */ +#ifdef FREEBSD_WORKAROUND +static const void *lt_preloaded_setup() { + return lt_${my_prefix}_LTX_preloaded_symbols; +} +#endif + +#ifdef __cplusplus +} +#endif\ +" + } # !$opt_dry_run + + pic_flag_for_symtable= + case "$compile_command " in + *" -static "*) ;; + *) + case $host in + # compiling the symbol table file with pic_flag works around + # a FreeBSD bug that causes programs to crash when -lm is + # linked before any other PIC object. But we must not use + # pic_flag when linking with -static. The problem exists in + # FreeBSD 2.2.6 and is fixed in FreeBSD 3.1. + *-*-freebsd2.*|*-*-freebsd3.0*|*-*-freebsdelf3.0*) + pic_flag_for_symtable=" $pic_flag -DFREEBSD_WORKAROUND" ;; + *-*-hpux*) + pic_flag_for_symtable=" $pic_flag" ;; + *) + if test "X$my_pic_p" != Xno; then + pic_flag_for_symtable=" $pic_flag" + fi + ;; + esac + ;; + esac + symtab_cflags= + for arg in $LTCFLAGS; do + case $arg in + -pie | -fpie | -fPIE) ;; + *) func_append symtab_cflags " $arg" ;; + esac + done + + # Now compile the dynamic symbol file. + func_show_eval '(cd $output_objdir && $LTCC$symtab_cflags -c$no_builtin_flag$pic_flag_for_symtable "$my_dlsyms")' 'exit $?' + + # Clean up the generated files. + func_show_eval '$RM "$output_objdir/$my_dlsyms" "$nlist" "${nlist}S" "${nlist}T"' + + # Transform the symbol file into the correct name. + symfileobj="$output_objdir/${my_outputname}S.$objext" + case $host in + *cygwin* | *mingw* | *cegcc* ) + if test -f "$output_objdir/$my_outputname.def"; then + compile_command=`$ECHO "$compile_command" | $SED "s%@SYMFILE@%$output_objdir/$my_outputname.def $symfileobj%"` + finalize_command=`$ECHO "$finalize_command" | $SED "s%@SYMFILE@%$output_objdir/$my_outputname.def $symfileobj%"` + else + compile_command=`$ECHO "$compile_command" | $SED "s%@SYMFILE@%$symfileobj%"` + finalize_command=`$ECHO "$finalize_command" | $SED "s%@SYMFILE@%$symfileobj%"` + fi + ;; + *) + compile_command=`$ECHO "$compile_command" | $SED "s%@SYMFILE@%$symfileobj%"` + finalize_command=`$ECHO "$finalize_command" | $SED "s%@SYMFILE@%$symfileobj%"` + ;; + esac + ;; + *) + func_fatal_error "unknown suffix for \`$my_dlsyms'" + ;; + esac + else + # We keep going just in case the user didn't refer to + # lt_preloaded_symbols. The linker will fail if global_symbol_pipe + # really was required. + + # Nullify the symbol file. + compile_command=`$ECHO "$compile_command" | $SED "s% @SYMFILE@%%"` + finalize_command=`$ECHO "$finalize_command" | $SED "s% @SYMFILE@%%"` + fi +} + +# func_win32_libid arg +# return the library type of file 'arg' +# +# Need a lot of goo to handle *both* DLLs and import libs +# Has to be a shell function in order to 'eat' the argument +# that is supplied when $file_magic_command is called. +# Despite the name, also deal with 64 bit binaries. +func_win32_libid () +{ + $opt_debug + win32_libid_type="unknown" + win32_fileres=`file -L $1 2>/dev/null` + case $win32_fileres in + *ar\ archive\ import\ library*) # definitely import + win32_libid_type="x86 archive import" + ;; + *ar\ archive*) # could be an import, or static + # Keep the egrep pattern in sync with the one in _LT_CHECK_MAGIC_METHOD. + if eval $OBJDUMP -f $1 | $SED -e '10q' 2>/dev/null | + $EGREP 'file format (pei*-i386(.*architecture: i386)?|pe-arm-wince|pe-x86-64)' >/dev/null; then + func_to_tool_file "$1" func_convert_file_msys_to_w32 + win32_nmres=`eval $NM -f posix -A \"$func_to_tool_file_result\" | + $SED -n -e ' + 1,100{ + / I /{ + s,.*,import, + p + q + } + }'` + case $win32_nmres in + import*) win32_libid_type="x86 archive import";; + *) win32_libid_type="x86 archive static";; + esac + fi + ;; + *DLL*) + win32_libid_type="x86 DLL" + ;; + *executable*) # but shell scripts are "executable" too... + case $win32_fileres in + *MS\ Windows\ PE\ Intel*) + win32_libid_type="x86 DLL" + ;; + esac + ;; + esac + $ECHO "$win32_libid_type" +} + +# func_cygming_dll_for_implib ARG +# +# Platform-specific function to extract the +# name of the DLL associated with the specified +# import library ARG. +# Invoked by eval'ing the libtool variable +# $sharedlib_from_linklib_cmd +# Result is available in the variable +# $sharedlib_from_linklib_result +func_cygming_dll_for_implib () +{ + $opt_debug + sharedlib_from_linklib_result=`$DLLTOOL --identify-strict --identify "$1"` +} + +# func_cygming_dll_for_implib_fallback_core SECTION_NAME LIBNAMEs +# +# The is the core of a fallback implementation of a +# platform-specific function to extract the name of the +# DLL associated with the specified import library LIBNAME. +# +# SECTION_NAME is either .idata$6 or .idata$7, depending +# on the platform and compiler that created the implib. +# +# Echos the name of the DLL associated with the +# specified import library. +func_cygming_dll_for_implib_fallback_core () +{ + $opt_debug + match_literal=`$ECHO "$1" | $SED "$sed_make_literal_regex"` + $OBJDUMP -s --section "$1" "$2" 2>/dev/null | + $SED '/^Contents of section '"$match_literal"':/{ + # Place marker at beginning of archive member dllname section + s/.*/====MARK====/ + p + d + } + # These lines can sometimes be longer than 43 characters, but + # are always uninteresting + /:[ ]*file format pe[i]\{,1\}-/d + /^In archive [^:]*:/d + # Ensure marker is printed + /^====MARK====/p + # Remove all lines with less than 43 characters + /^.\{43\}/!d + # From remaining lines, remove first 43 characters + s/^.\{43\}//' | + $SED -n ' + # Join marker and all lines until next marker into a single line + /^====MARK====/ b para + H + $ b para + b + :para + x + s/\n//g + # Remove the marker + s/^====MARK====// + # Remove trailing dots and whitespace + s/[\. \t]*$// + # Print + /./p' | + # we now have a list, one entry per line, of the stringified + # contents of the appropriate section of all members of the + # archive which possess that section. Heuristic: eliminate + # all those which have a first or second character that is + # a '.' (that is, objdump's representation of an unprintable + # character.) This should work for all archives with less than + # 0x302f exports -- but will fail for DLLs whose name actually + # begins with a literal '.' or a single character followed by + # a '.'. + # + # Of those that remain, print the first one. + $SED -e '/^\./d;/^.\./d;q' +} + +# func_cygming_gnu_implib_p ARG +# This predicate returns with zero status (TRUE) if +# ARG is a GNU/binutils-style import library. Returns +# with nonzero status (FALSE) otherwise. +func_cygming_gnu_implib_p () +{ + $opt_debug + func_to_tool_file "$1" func_convert_file_msys_to_w32 + func_cygming_gnu_implib_tmp=`$NM "$func_to_tool_file_result" | eval "$global_symbol_pipe" | $EGREP ' (_head_[A-Za-z0-9_]+_[ad]l*|[A-Za-z0-9_]+_[ad]l*_iname)$'` + test -n "$func_cygming_gnu_implib_tmp" +} + +# func_cygming_ms_implib_p ARG +# This predicate returns with zero status (TRUE) if +# ARG is an MS-style import library. Returns +# with nonzero status (FALSE) otherwise. +func_cygming_ms_implib_p () +{ + $opt_debug + func_to_tool_file "$1" func_convert_file_msys_to_w32 + func_cygming_ms_implib_tmp=`$NM "$func_to_tool_file_result" | eval "$global_symbol_pipe" | $GREP '_NULL_IMPORT_DESCRIPTOR'` + test -n "$func_cygming_ms_implib_tmp" +} + +# func_cygming_dll_for_implib_fallback ARG +# Platform-specific function to extract the +# name of the DLL associated with the specified +# import library ARG. +# +# This fallback implementation is for use when $DLLTOOL +# does not support the --identify-strict option. +# Invoked by eval'ing the libtool variable +# $sharedlib_from_linklib_cmd +# Result is available in the variable +# $sharedlib_from_linklib_result +func_cygming_dll_for_implib_fallback () +{ + $opt_debug + if func_cygming_gnu_implib_p "$1" ; then + # binutils import library + sharedlib_from_linklib_result=`func_cygming_dll_for_implib_fallback_core '.idata$7' "$1"` + elif func_cygming_ms_implib_p "$1" ; then + # ms-generated import library + sharedlib_from_linklib_result=`func_cygming_dll_for_implib_fallback_core '.idata$6' "$1"` + else + # unknown + sharedlib_from_linklib_result="" + fi +} + + +# func_extract_an_archive dir oldlib +func_extract_an_archive () +{ + $opt_debug + f_ex_an_ar_dir="$1"; shift + f_ex_an_ar_oldlib="$1" + if test "$lock_old_archive_extraction" = yes; then + lockfile=$f_ex_an_ar_oldlib.lock + until $opt_dry_run || ln "$progpath" "$lockfile" 2>/dev/null; do + func_echo "Waiting for $lockfile to be removed" + sleep 2 + done + fi + func_show_eval "(cd \$f_ex_an_ar_dir && $AR x \"\$f_ex_an_ar_oldlib\")" \ + 'stat=$?; rm -f "$lockfile"; exit $stat' + if test "$lock_old_archive_extraction" = yes; then + $opt_dry_run || rm -f "$lockfile" + fi + if ($AR t "$f_ex_an_ar_oldlib" | sort | sort -uc >/dev/null 2>&1); then + : + else + func_fatal_error "object name conflicts in archive: $f_ex_an_ar_dir/$f_ex_an_ar_oldlib" + fi +} + + +# func_extract_archives gentop oldlib ... +func_extract_archives () +{ + $opt_debug + my_gentop="$1"; shift + my_oldlibs=${1+"$@"} + my_oldobjs="" + my_xlib="" + my_xabs="" + my_xdir="" + + for my_xlib in $my_oldlibs; do + # Extract the objects. + case $my_xlib in + [\\/]* | [A-Za-z]:[\\/]*) my_xabs="$my_xlib" ;; + *) my_xabs=`pwd`"/$my_xlib" ;; + esac + func_basename "$my_xlib" + my_xlib="$func_basename_result" + my_xlib_u=$my_xlib + while :; do + case " $extracted_archives " in + *" $my_xlib_u "*) + func_arith $extracted_serial + 1 + extracted_serial=$func_arith_result + my_xlib_u=lt$extracted_serial-$my_xlib ;; + *) break ;; + esac + done + extracted_archives="$extracted_archives $my_xlib_u" + my_xdir="$my_gentop/$my_xlib_u" + + func_mkdir_p "$my_xdir" + + case $host in + *-darwin*) + func_verbose "Extracting $my_xabs" + # Do not bother doing anything if just a dry run + $opt_dry_run || { + darwin_orig_dir=`pwd` + cd $my_xdir || exit $? + darwin_archive=$my_xabs + darwin_curdir=`pwd` + darwin_base_archive=`basename "$darwin_archive"` + darwin_arches=`$LIPO -info "$darwin_archive" 2>/dev/null | $GREP Architectures 2>/dev/null || true` + if test -n "$darwin_arches"; then + darwin_arches=`$ECHO "$darwin_arches" | $SED -e 's/.*are://'` + darwin_arch= + func_verbose "$darwin_base_archive has multiple architectures $darwin_arches" + for darwin_arch in $darwin_arches ; do + func_mkdir_p "unfat-$$/${darwin_base_archive}-${darwin_arch}" + $LIPO -thin $darwin_arch -output "unfat-$$/${darwin_base_archive}-${darwin_arch}/${darwin_base_archive}" "${darwin_archive}" + cd "unfat-$$/${darwin_base_archive}-${darwin_arch}" + func_extract_an_archive "`pwd`" "${darwin_base_archive}" + cd "$darwin_curdir" + $RM "unfat-$$/${darwin_base_archive}-${darwin_arch}/${darwin_base_archive}" + done # $darwin_arches + ## Okay now we've a bunch of thin objects, gotta fatten them up :) + darwin_filelist=`find unfat-$$ -type f -name \*.o -print -o -name \*.lo -print | $SED -e "$basename" | sort -u` + darwin_file= + darwin_files= + for darwin_file in $darwin_filelist; do + darwin_files=`find unfat-$$ -name $darwin_file -print | sort | $NL2SP` + $LIPO -create -output "$darwin_file" $darwin_files + done # $darwin_filelist + $RM -rf unfat-$$ + cd "$darwin_orig_dir" + else + cd $darwin_orig_dir + func_extract_an_archive "$my_xdir" "$my_xabs" + fi # $darwin_arches + } # !$opt_dry_run + ;; + *) + func_extract_an_archive "$my_xdir" "$my_xabs" + ;; + esac + my_oldobjs="$my_oldobjs "`find $my_xdir -name \*.$objext -print -o -name \*.lo -print | sort | $NL2SP` + done + + func_extract_archives_result="$my_oldobjs" +} + + +# func_emit_wrapper [arg=no] +# +# Emit a libtool wrapper script on stdout. +# Don't directly open a file because we may want to +# incorporate the script contents within a cygwin/mingw +# wrapper executable. Must ONLY be called from within +# func_mode_link because it depends on a number of variables +# set therein. +# +# ARG is the value that the WRAPPER_SCRIPT_BELONGS_IN_OBJDIR +# variable will take. If 'yes', then the emitted script +# will assume that the directory in which it is stored is +# the $objdir directory. This is a cygwin/mingw-specific +# behavior. +func_emit_wrapper () +{ + func_emit_wrapper_arg1=${1-no} + + $ECHO "\ +#! $SHELL + +# $output - temporary wrapper script for $objdir/$outputname +# Generated by $PROGRAM (GNU $PACKAGE$TIMESTAMP) $VERSION +# +# The $output program cannot be directly executed until all the libtool +# libraries that it depends on are installed. +# +# This wrapper script should never be moved out of the build directory. +# If it is, it will not operate correctly. + +# Sed substitution that helps us do robust quoting. It backslashifies +# metacharacters that are still active within double-quoted strings. +sed_quote_subst='$sed_quote_subst' + +# Be Bourne compatible +if test -n \"\${ZSH_VERSION+set}\" && (emulate sh) >/dev/null 2>&1; then + emulate sh + NULLCMD=: + # Zsh 3.x and 4.x performs word splitting on \${1+\"\$@\"}, which + # is contrary to our usage. Disable this feature. + alias -g '\${1+\"\$@\"}'='\"\$@\"' + setopt NO_GLOB_SUBST +else + case \`(set -o) 2>/dev/null\` in *posix*) set -o posix;; esac +fi +BIN_SH=xpg4; export BIN_SH # for Tru64 +DUALCASE=1; export DUALCASE # for MKS sh + +# The HP-UX ksh and POSIX shell print the target directory to stdout +# if CDPATH is set. +(unset CDPATH) >/dev/null 2>&1 && unset CDPATH + +relink_command=\"$relink_command\" + +# This environment variable determines our operation mode. +if test \"\$libtool_install_magic\" = \"$magic\"; then + # install mode needs the following variables: + generated_by_libtool_version='$macro_version' + notinst_deplibs='$notinst_deplibs' +else + # When we are sourced in execute mode, \$file and \$ECHO are already set. + if test \"\$libtool_execute_magic\" != \"$magic\"; then + file=\"\$0\"" + + qECHO=`$ECHO "$ECHO" | $SED "$sed_quote_subst"` + $ECHO "\ + +# A function that is used when there is no print builtin or printf. +func_fallback_echo () +{ + eval 'cat <<_LTECHO_EOF +\$1 +_LTECHO_EOF' +} + ECHO=\"$qECHO\" + fi + +# Very basic option parsing. These options are (a) specific to +# the libtool wrapper, (b) are identical between the wrapper +# /script/ and the wrapper /executable/ which is used only on +# windows platforms, and (c) all begin with the string "--lt-" +# (application programs are unlikely to have options which match +# this pattern). +# +# There are only two supported options: --lt-debug and +# --lt-dump-script. There is, deliberately, no --lt-help. +# +# The first argument to this parsing function should be the +# script's $0 value, followed by "$@". +lt_option_debug= +func_parse_lt_options () +{ + lt_script_arg0=\$0 + shift + for lt_opt + do + case \"\$lt_opt\" in + --lt-debug) lt_option_debug=1 ;; + --lt-dump-script) + lt_dump_D=\`\$ECHO \"X\$lt_script_arg0\" | $SED -e 's/^X//' -e 's%/[^/]*$%%'\` + test \"X\$lt_dump_D\" = \"X\$lt_script_arg0\" && lt_dump_D=. + lt_dump_F=\`\$ECHO \"X\$lt_script_arg0\" | $SED -e 's/^X//' -e 's%^.*/%%'\` + cat \"\$lt_dump_D/\$lt_dump_F\" + exit 0 + ;; + --lt-*) + \$ECHO \"Unrecognized --lt- option: '\$lt_opt'\" 1>&2 + exit 1 + ;; + esac + done + + # Print the debug banner immediately: + if test -n \"\$lt_option_debug\"; then + echo \"${outputname}:${output}:\${LINENO}: libtool wrapper (GNU $PACKAGE$TIMESTAMP) $VERSION\" 1>&2 + fi +} + +# Used when --lt-debug. Prints its arguments to stdout +# (redirection is the responsibility of the caller) +func_lt_dump_args () +{ + lt_dump_args_N=1; + for lt_arg + do + \$ECHO \"${outputname}:${output}:\${LINENO}: newargv[\$lt_dump_args_N]: \$lt_arg\" + lt_dump_args_N=\`expr \$lt_dump_args_N + 1\` + done +} + +# Core function for launching the target application +func_exec_program_core () +{ +" + case $host in + # Backslashes separate directories on plain windows + *-*-mingw | *-*-os2* | *-cegcc*) + $ECHO "\ + if test -n \"\$lt_option_debug\"; then + \$ECHO \"${outputname}:${output}:\${LINENO}: newargv[0]: \$progdir\\\\\$program\" 1>&2 + func_lt_dump_args \${1+\"\$@\"} 1>&2 + fi + exec \"\$progdir\\\\\$program\" \${1+\"\$@\"} +" + ;; + + *) + $ECHO "\ + if test -n \"\$lt_option_debug\"; then + \$ECHO \"${outputname}:${output}:\${LINENO}: newargv[0]: \$progdir/\$program\" 1>&2 + func_lt_dump_args \${1+\"\$@\"} 1>&2 + fi + exec \"\$progdir/\$program\" \${1+\"\$@\"} +" + ;; + esac + $ECHO "\ + \$ECHO \"\$0: cannot exec \$program \$*\" 1>&2 + exit 1 +} + +# A function to encapsulate launching the target application +# Strips options in the --lt-* namespace from \$@ and +# launches target application with the remaining arguments. +func_exec_program () +{ + case \" \$* \" in + *\\ --lt-*) + for lt_wr_arg + do + case \$lt_wr_arg in + --lt-*) ;; + *) set x \"\$@\" \"\$lt_wr_arg\"; shift;; + esac + shift + done ;; + esac + func_exec_program_core \${1+\"\$@\"} +} + + # Parse options + func_parse_lt_options \"\$0\" \${1+\"\$@\"} + + # Find the directory that this script lives in. + thisdir=\`\$ECHO \"\$file\" | $SED 's%/[^/]*$%%'\` + test \"x\$thisdir\" = \"x\$file\" && thisdir=. + + # Follow symbolic links until we get to the real thisdir. + file=\`ls -ld \"\$file\" | $SED -n 's/.*-> //p'\` + while test -n \"\$file\"; do + destdir=\`\$ECHO \"\$file\" | $SED 's%/[^/]*\$%%'\` + + # If there was a directory component, then change thisdir. + if test \"x\$destdir\" != \"x\$file\"; then + case \"\$destdir\" in + [\\\\/]* | [A-Za-z]:[\\\\/]*) thisdir=\"\$destdir\" ;; + *) thisdir=\"\$thisdir/\$destdir\" ;; + esac + fi + + file=\`\$ECHO \"\$file\" | $SED 's%^.*/%%'\` + file=\`ls -ld \"\$thisdir/\$file\" | $SED -n 's/.*-> //p'\` + done + + # Usually 'no', except on cygwin/mingw when embedded into + # the cwrapper. + WRAPPER_SCRIPT_BELONGS_IN_OBJDIR=$func_emit_wrapper_arg1 + if test \"\$WRAPPER_SCRIPT_BELONGS_IN_OBJDIR\" = \"yes\"; then + # special case for '.' + if test \"\$thisdir\" = \".\"; then + thisdir=\`pwd\` + fi + # remove .libs from thisdir + case \"\$thisdir\" in + *[\\\\/]$objdir ) thisdir=\`\$ECHO \"\$thisdir\" | $SED 's%[\\\\/][^\\\\/]*$%%'\` ;; + $objdir ) thisdir=. ;; + esac + fi + + # Try to get the absolute directory name. + absdir=\`cd \"\$thisdir\" && pwd\` + test -n \"\$absdir\" && thisdir=\"\$absdir\" +" + + if test "$fast_install" = yes; then + $ECHO "\ + program=lt-'$outputname'$exeext + progdir=\"\$thisdir/$objdir\" + + if test ! -f \"\$progdir/\$program\" || + { file=\`ls -1dt \"\$progdir/\$program\" \"\$progdir/../\$program\" 2>/dev/null | ${SED} 1q\`; \\ + test \"X\$file\" != \"X\$progdir/\$program\"; }; then + + file=\"\$\$-\$program\" + + if test ! -d \"\$progdir\"; then + $MKDIR \"\$progdir\" + else + $RM \"\$progdir/\$file\" + fi" + + $ECHO "\ + + # relink executable if necessary + if test -n \"\$relink_command\"; then + if relink_command_output=\`eval \$relink_command 2>&1\`; then : + else + $ECHO \"\$relink_command_output\" >&2 + $RM \"\$progdir/\$file\" + exit 1 + fi + fi + + $MV \"\$progdir/\$file\" \"\$progdir/\$program\" 2>/dev/null || + { $RM \"\$progdir/\$program\"; + $MV \"\$progdir/\$file\" \"\$progdir/\$program\"; } + $RM \"\$progdir/\$file\" + fi" + else + $ECHO "\ + program='$outputname' + progdir=\"\$thisdir/$objdir\" +" + fi + + $ECHO "\ + + if test -f \"\$progdir/\$program\"; then" + + # fixup the dll searchpath if we need to. + # + # Fix the DLL searchpath if we need to. Do this before prepending + # to shlibpath, because on Windows, both are PATH and uninstalled + # libraries must come first. + if test -n "$dllsearchpath"; then + $ECHO "\ + # Add the dll search path components to the executable PATH + PATH=$dllsearchpath:\$PATH +" + fi + + # Export our shlibpath_var if we have one. + if test "$shlibpath_overrides_runpath" = yes && test -n "$shlibpath_var" && test -n "$temp_rpath"; then + $ECHO "\ + # Add our own library path to $shlibpath_var + $shlibpath_var=\"$temp_rpath\$$shlibpath_var\" + + # Some systems cannot cope with colon-terminated $shlibpath_var + # The second colon is a workaround for a bug in BeOS R4 sed + $shlibpath_var=\`\$ECHO \"\$$shlibpath_var\" | $SED 's/::*\$//'\` + + export $shlibpath_var +" + fi + + $ECHO "\ + if test \"\$libtool_execute_magic\" != \"$magic\"; then + # Run the actual program with our arguments. + func_exec_program \${1+\"\$@\"} + fi + else + # The program doesn't exist. + \$ECHO \"\$0: error: \\\`\$progdir/\$program' does not exist\" 1>&2 + \$ECHO \"This script is just a wrapper for \$program.\" 1>&2 + \$ECHO \"See the $PACKAGE documentation for more information.\" 1>&2 + exit 1 + fi +fi\ +" +} + + +# func_emit_cwrapperexe_src +# emit the source code for a wrapper executable on stdout +# Must ONLY be called from within func_mode_link because +# it depends on a number of variable set therein. +func_emit_cwrapperexe_src () +{ + cat < +#include +#ifdef _MSC_VER +# include +# include +# include +#else +# include +# include +# ifdef __CYGWIN__ +# include +# endif +#endif +#include +#include +#include +#include +#include +#include +#include +#include + +/* declarations of non-ANSI functions */ +#if defined(__MINGW32__) +# ifdef __STRICT_ANSI__ +int _putenv (const char *); +# endif +#elif defined(__CYGWIN__) +# ifdef __STRICT_ANSI__ +char *realpath (const char *, char *); +int putenv (char *); +int setenv (const char *, const char *, int); +# endif +/* #elif defined (other platforms) ... */ +#endif + +/* portability defines, excluding path handling macros */ +#if defined(_MSC_VER) +# define setmode _setmode +# define stat _stat +# define chmod _chmod +# define getcwd _getcwd +# define putenv _putenv +# define S_IXUSR _S_IEXEC +# ifndef _INTPTR_T_DEFINED +# define _INTPTR_T_DEFINED +# define intptr_t int +# endif +#elif defined(__MINGW32__) +# define setmode _setmode +# define stat _stat +# define chmod _chmod +# define getcwd _getcwd +# define putenv _putenv +#elif defined(__CYGWIN__) +# define HAVE_SETENV +# define FOPEN_WB "wb" +/* #elif defined (other platforms) ... */ +#endif + +#if defined(PATH_MAX) +# define LT_PATHMAX PATH_MAX +#elif defined(MAXPATHLEN) +# define LT_PATHMAX MAXPATHLEN +#else +# define LT_PATHMAX 1024 +#endif + +#ifndef S_IXOTH +# define S_IXOTH 0 +#endif +#ifndef S_IXGRP +# define S_IXGRP 0 +#endif + +/* path handling portability macros */ +#ifndef DIR_SEPARATOR +# define DIR_SEPARATOR '/' +# define PATH_SEPARATOR ':' +#endif + +#if defined (_WIN32) || defined (__MSDOS__) || defined (__DJGPP__) || \ + defined (__OS2__) +# define HAVE_DOS_BASED_FILE_SYSTEM +# define FOPEN_WB "wb" +# ifndef DIR_SEPARATOR_2 +# define DIR_SEPARATOR_2 '\\' +# endif +# ifndef PATH_SEPARATOR_2 +# define PATH_SEPARATOR_2 ';' +# endif +#endif + +#ifndef DIR_SEPARATOR_2 +# define IS_DIR_SEPARATOR(ch) ((ch) == DIR_SEPARATOR) +#else /* DIR_SEPARATOR_2 */ +# define IS_DIR_SEPARATOR(ch) \ + (((ch) == DIR_SEPARATOR) || ((ch) == DIR_SEPARATOR_2)) +#endif /* DIR_SEPARATOR_2 */ + +#ifndef PATH_SEPARATOR_2 +# define IS_PATH_SEPARATOR(ch) ((ch) == PATH_SEPARATOR) +#else /* PATH_SEPARATOR_2 */ +# define IS_PATH_SEPARATOR(ch) ((ch) == PATH_SEPARATOR_2) +#endif /* PATH_SEPARATOR_2 */ + +#ifndef FOPEN_WB +# define FOPEN_WB "w" +#endif +#ifndef _O_BINARY +# define _O_BINARY 0 +#endif + +#define XMALLOC(type, num) ((type *) xmalloc ((num) * sizeof(type))) +#define XFREE(stale) do { \ + if (stale) { free ((void *) stale); stale = 0; } \ +} while (0) + +#if defined(LT_DEBUGWRAPPER) +static int lt_debug = 1; +#else +static int lt_debug = 0; +#endif + +const char *program_name = "libtool-wrapper"; /* in case xstrdup fails */ + +void *xmalloc (size_t num); +char *xstrdup (const char *string); +const char *base_name (const char *name); +char *find_executable (const char *wrapper); +char *chase_symlinks (const char *pathspec); +int make_executable (const char *path); +int check_executable (const char *path); +char *strendzap (char *str, const char *pat); +void lt_debugprintf (const char *file, int line, const char *fmt, ...); +void lt_fatal (const char *file, int line, const char *message, ...); +static const char *nonnull (const char *s); +static const char *nonempty (const char *s); +void lt_setenv (const char *name, const char *value); +char *lt_extend_str (const char *orig_value, const char *add, int to_end); +void lt_update_exe_path (const char *name, const char *value); +void lt_update_lib_path (const char *name, const char *value); +char **prepare_spawn (char **argv); +void lt_dump_script (FILE *f); +EOF + + cat <= 0) + && (st.st_mode & (S_IXUSR | S_IXGRP | S_IXOTH))) + return 1; + else + return 0; +} + +int +make_executable (const char *path) +{ + int rval = 0; + struct stat st; + + lt_debugprintf (__FILE__, __LINE__, "(make_executable): %s\n", + nonempty (path)); + if ((!path) || (!*path)) + return 0; + + if (stat (path, &st) >= 0) + { + rval = chmod (path, st.st_mode | S_IXOTH | S_IXGRP | S_IXUSR); + } + return rval; +} + +/* Searches for the full path of the wrapper. Returns + newly allocated full path name if found, NULL otherwise + Does not chase symlinks, even on platforms that support them. +*/ +char * +find_executable (const char *wrapper) +{ + int has_slash = 0; + const char *p; + const char *p_next; + /* static buffer for getcwd */ + char tmp[LT_PATHMAX + 1]; + int tmp_len; + char *concat_name; + + lt_debugprintf (__FILE__, __LINE__, "(find_executable): %s\n", + nonempty (wrapper)); + + if ((wrapper == NULL) || (*wrapper == '\0')) + return NULL; + + /* Absolute path? */ +#if defined (HAVE_DOS_BASED_FILE_SYSTEM) + if (isalpha ((unsigned char) wrapper[0]) && wrapper[1] == ':') + { + concat_name = xstrdup (wrapper); + if (check_executable (concat_name)) + return concat_name; + XFREE (concat_name); + } + else + { +#endif + if (IS_DIR_SEPARATOR (wrapper[0])) + { + concat_name = xstrdup (wrapper); + if (check_executable (concat_name)) + return concat_name; + XFREE (concat_name); + } +#if defined (HAVE_DOS_BASED_FILE_SYSTEM) + } +#endif + + for (p = wrapper; *p; p++) + if (*p == '/') + { + has_slash = 1; + break; + } + if (!has_slash) + { + /* no slashes; search PATH */ + const char *path = getenv ("PATH"); + if (path != NULL) + { + for (p = path; *p; p = p_next) + { + const char *q; + size_t p_len; + for (q = p; *q; q++) + if (IS_PATH_SEPARATOR (*q)) + break; + p_len = q - p; + p_next = (*q == '\0' ? q : q + 1); + if (p_len == 0) + { + /* empty path: current directory */ + if (getcwd (tmp, LT_PATHMAX) == NULL) + lt_fatal (__FILE__, __LINE__, "getcwd failed: %s", + nonnull (strerror (errno))); + tmp_len = strlen (tmp); + concat_name = + XMALLOC (char, tmp_len + 1 + strlen (wrapper) + 1); + memcpy (concat_name, tmp, tmp_len); + concat_name[tmp_len] = '/'; + strcpy (concat_name + tmp_len + 1, wrapper); + } + else + { + concat_name = + XMALLOC (char, p_len + 1 + strlen (wrapper) + 1); + memcpy (concat_name, p, p_len); + concat_name[p_len] = '/'; + strcpy (concat_name + p_len + 1, wrapper); + } + if (check_executable (concat_name)) + return concat_name; + XFREE (concat_name); + } + } + /* not found in PATH; assume curdir */ + } + /* Relative path | not found in path: prepend cwd */ + if (getcwd (tmp, LT_PATHMAX) == NULL) + lt_fatal (__FILE__, __LINE__, "getcwd failed: %s", + nonnull (strerror (errno))); + tmp_len = strlen (tmp); + concat_name = XMALLOC (char, tmp_len + 1 + strlen (wrapper) + 1); + memcpy (concat_name, tmp, tmp_len); + concat_name[tmp_len] = '/'; + strcpy (concat_name + tmp_len + 1, wrapper); + + if (check_executable (concat_name)) + return concat_name; + XFREE (concat_name); + return NULL; +} + +char * +chase_symlinks (const char *pathspec) +{ +#ifndef S_ISLNK + return xstrdup (pathspec); +#else + char buf[LT_PATHMAX]; + struct stat s; + char *tmp_pathspec = xstrdup (pathspec); + char *p; + int has_symlinks = 0; + while (strlen (tmp_pathspec) && !has_symlinks) + { + lt_debugprintf (__FILE__, __LINE__, + "checking path component for symlinks: %s\n", + tmp_pathspec); + if (lstat (tmp_pathspec, &s) == 0) + { + if (S_ISLNK (s.st_mode) != 0) + { + has_symlinks = 1; + break; + } + + /* search backwards for last DIR_SEPARATOR */ + p = tmp_pathspec + strlen (tmp_pathspec) - 1; + while ((p > tmp_pathspec) && (!IS_DIR_SEPARATOR (*p))) + p--; + if ((p == tmp_pathspec) && (!IS_DIR_SEPARATOR (*p))) + { + /* no more DIR_SEPARATORS left */ + break; + } + *p = '\0'; + } + else + { + lt_fatal (__FILE__, __LINE__, + "error accessing file \"%s\": %s", + tmp_pathspec, nonnull (strerror (errno))); + } + } + XFREE (tmp_pathspec); + + if (!has_symlinks) + { + return xstrdup (pathspec); + } + + tmp_pathspec = realpath (pathspec, buf); + if (tmp_pathspec == 0) + { + lt_fatal (__FILE__, __LINE__, + "could not follow symlinks for %s", pathspec); + } + return xstrdup (tmp_pathspec); +#endif +} + +char * +strendzap (char *str, const char *pat) +{ + size_t len, patlen; + + assert (str != NULL); + assert (pat != NULL); + + len = strlen (str); + patlen = strlen (pat); + + if (patlen <= len) + { + str += len - patlen; + if (strcmp (str, pat) == 0) + *str = '\0'; + } + return str; +} + +void +lt_debugprintf (const char *file, int line, const char *fmt, ...) +{ + va_list args; + if (lt_debug) + { + (void) fprintf (stderr, "%s:%s:%d: ", program_name, file, line); + va_start (args, fmt); + (void) vfprintf (stderr, fmt, args); + va_end (args); + } +} + +static void +lt_error_core (int exit_status, const char *file, + int line, const char *mode, + const char *message, va_list ap) +{ + fprintf (stderr, "%s:%s:%d: %s: ", program_name, file, line, mode); + vfprintf (stderr, message, ap); + fprintf (stderr, ".\n"); + + if (exit_status >= 0) + exit (exit_status); +} + +void +lt_fatal (const char *file, int line, const char *message, ...) +{ + va_list ap; + va_start (ap, message); + lt_error_core (EXIT_FAILURE, file, line, "FATAL", message, ap); + va_end (ap); +} + +static const char * +nonnull (const char *s) +{ + return s ? s : "(null)"; +} + +static const char * +nonempty (const char *s) +{ + return (s && !*s) ? "(empty)" : nonnull (s); +} + +void +lt_setenv (const char *name, const char *value) +{ + lt_debugprintf (__FILE__, __LINE__, + "(lt_setenv) setting '%s' to '%s'\n", + nonnull (name), nonnull (value)); + { +#ifdef HAVE_SETENV + /* always make a copy, for consistency with !HAVE_SETENV */ + char *str = xstrdup (value); + setenv (name, str, 1); +#else + int len = strlen (name) + 1 + strlen (value) + 1; + char *str = XMALLOC (char, len); + sprintf (str, "%s=%s", name, value); + if (putenv (str) != EXIT_SUCCESS) + { + XFREE (str); + } +#endif + } +} + +char * +lt_extend_str (const char *orig_value, const char *add, int to_end) +{ + char *new_value; + if (orig_value && *orig_value) + { + int orig_value_len = strlen (orig_value); + int add_len = strlen (add); + new_value = XMALLOC (char, add_len + orig_value_len + 1); + if (to_end) + { + strcpy (new_value, orig_value); + strcpy (new_value + orig_value_len, add); + } + else + { + strcpy (new_value, add); + strcpy (new_value + add_len, orig_value); + } + } + else + { + new_value = xstrdup (add); + } + return new_value; +} + +void +lt_update_exe_path (const char *name, const char *value) +{ + lt_debugprintf (__FILE__, __LINE__, + "(lt_update_exe_path) modifying '%s' by prepending '%s'\n", + nonnull (name), nonnull (value)); + + if (name && *name && value && *value) + { + char *new_value = lt_extend_str (getenv (name), value, 0); + /* some systems can't cope with a ':'-terminated path #' */ + int len = strlen (new_value); + while (((len = strlen (new_value)) > 0) && IS_PATH_SEPARATOR (new_value[len-1])) + { + new_value[len-1] = '\0'; + } + lt_setenv (name, new_value); + XFREE (new_value); + } +} + +void +lt_update_lib_path (const char *name, const char *value) +{ + lt_debugprintf (__FILE__, __LINE__, + "(lt_update_lib_path) modifying '%s' by prepending '%s'\n", + nonnull (name), nonnull (value)); + + if (name && *name && value && *value) + { + char *new_value = lt_extend_str (getenv (name), value, 0); + lt_setenv (name, new_value); + XFREE (new_value); + } +} + +EOF + case $host_os in + mingw*) + cat <<"EOF" + +/* Prepares an argument vector before calling spawn(). + Note that spawn() does not by itself call the command interpreter + (getenv ("COMSPEC") != NULL ? getenv ("COMSPEC") : + ({ OSVERSIONINFO v; v.dwOSVersionInfoSize = sizeof(OSVERSIONINFO); + GetVersionEx(&v); + v.dwPlatformId == VER_PLATFORM_WIN32_NT; + }) ? "cmd.exe" : "command.com"). + Instead it simply concatenates the arguments, separated by ' ', and calls + CreateProcess(). We must quote the arguments since Win32 CreateProcess() + interprets characters like ' ', '\t', '\\', '"' (but not '<' and '>') in a + special way: + - Space and tab are interpreted as delimiters. They are not treated as + delimiters if they are surrounded by double quotes: "...". + - Unescaped double quotes are removed from the input. Their only effect is + that within double quotes, space and tab are treated like normal + characters. + - Backslashes not followed by double quotes are not special. + - But 2*n+1 backslashes followed by a double quote become + n backslashes followed by a double quote (n >= 0): + \" -> " + \\\" -> \" + \\\\\" -> \\" + */ +#define SHELL_SPECIAL_CHARS "\"\\ \001\002\003\004\005\006\007\010\011\012\013\014\015\016\017\020\021\022\023\024\025\026\027\030\031\032\033\034\035\036\037" +#define SHELL_SPACE_CHARS " \001\002\003\004\005\006\007\010\011\012\013\014\015\016\017\020\021\022\023\024\025\026\027\030\031\032\033\034\035\036\037" +char ** +prepare_spawn (char **argv) +{ + size_t argc; + char **new_argv; + size_t i; + + /* Count number of arguments. */ + for (argc = 0; argv[argc] != NULL; argc++) + ; + + /* Allocate new argument vector. */ + new_argv = XMALLOC (char *, argc + 1); + + /* Put quoted arguments into the new argument vector. */ + for (i = 0; i < argc; i++) + { + const char *string = argv[i]; + + if (string[0] == '\0') + new_argv[i] = xstrdup ("\"\""); + else if (strpbrk (string, SHELL_SPECIAL_CHARS) != NULL) + { + int quote_around = (strpbrk (string, SHELL_SPACE_CHARS) != NULL); + size_t length; + unsigned int backslashes; + const char *s; + char *quoted_string; + char *p; + + length = 0; + backslashes = 0; + if (quote_around) + length++; + for (s = string; *s != '\0'; s++) + { + char c = *s; + if (c == '"') + length += backslashes + 1; + length++; + if (c == '\\') + backslashes++; + else + backslashes = 0; + } + if (quote_around) + length += backslashes + 1; + + quoted_string = XMALLOC (char, length + 1); + + p = quoted_string; + backslashes = 0; + if (quote_around) + *p++ = '"'; + for (s = string; *s != '\0'; s++) + { + char c = *s; + if (c == '"') + { + unsigned int j; + for (j = backslashes + 1; j > 0; j--) + *p++ = '\\'; + } + *p++ = c; + if (c == '\\') + backslashes++; + else + backslashes = 0; + } + if (quote_around) + { + unsigned int j; + for (j = backslashes; j > 0; j--) + *p++ = '\\'; + *p++ = '"'; + } + *p = '\0'; + + new_argv[i] = quoted_string; + } + else + new_argv[i] = (char *) string; + } + new_argv[argc] = NULL; + + return new_argv; +} +EOF + ;; + esac + + cat <<"EOF" +void lt_dump_script (FILE* f) +{ +EOF + func_emit_wrapper yes | + $SED -n -e ' +s/^\(.\{79\}\)\(..*\)/\1\ +\2/ +h +s/\([\\"]\)/\\\1/g +s/$/\\n/ +s/\([^\n]*\).*/ fputs ("\1", f);/p +g +D' + cat <<"EOF" +} +EOF +} +# end: func_emit_cwrapperexe_src + +# func_win32_import_lib_p ARG +# True if ARG is an import lib, as indicated by $file_magic_cmd +func_win32_import_lib_p () +{ + $opt_debug + case `eval $file_magic_cmd \"\$1\" 2>/dev/null | $SED -e 10q` in + *import*) : ;; + *) false ;; + esac +} + +# func_mode_link arg... +func_mode_link () +{ + $opt_debug + case $host in + *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-cegcc*) + # It is impossible to link a dll without this setting, and + # we shouldn't force the makefile maintainer to figure out + # which system we are compiling for in order to pass an extra + # flag for every libtool invocation. + # allow_undefined=no + + # FIXME: Unfortunately, there are problems with the above when trying + # to make a dll which has undefined symbols, in which case not + # even a static library is built. For now, we need to specify + # -no-undefined on the libtool link line when we can be certain + # that all symbols are satisfied, otherwise we get a static library. + allow_undefined=yes + ;; + *) + allow_undefined=yes + ;; + esac + libtool_args=$nonopt + base_compile="$nonopt $@" + compile_command=$nonopt + finalize_command=$nonopt + + compile_rpath= + finalize_rpath= + compile_shlibpath= + finalize_shlibpath= + convenience= + old_convenience= + deplibs= + old_deplibs= + compiler_flags= + linker_flags= + dllsearchpath= + lib_search_path=`pwd` + inst_prefix_dir= + new_inherited_linker_flags= + + avoid_version=no + bindir= + dlfiles= + dlprefiles= + dlself=no + export_dynamic=no + export_symbols= + export_symbols_regex= + generated= + libobjs= + ltlibs= + module=no + no_install=no + objs= + non_pic_objects= + precious_files_regex= + prefer_static_libs=no + preload=no + prev= + prevarg= + release= + rpath= + xrpath= + perm_rpath= + temp_rpath= + thread_safe=no + vinfo= + vinfo_number=no + weak_libs= + single_module="${wl}-single_module" + func_infer_tag $base_compile + + # We need to know -static, to get the right output filenames. + for arg + do + case $arg in + -shared) + test "$build_libtool_libs" != yes && \ + func_fatal_configuration "can not build a shared library" + build_old_libs=no + break + ;; + -all-static | -static | -static-libtool-libs) + case $arg in + -all-static) + if test "$build_libtool_libs" = yes && test -z "$link_static_flag"; then + func_warning "complete static linking is impossible in this configuration" + fi + if test -n "$link_static_flag"; then + dlopen_self=$dlopen_self_static + fi + prefer_static_libs=yes + ;; + -static) + if test -z "$pic_flag" && test -n "$link_static_flag"; then + dlopen_self=$dlopen_self_static + fi + prefer_static_libs=built + ;; + -static-libtool-libs) + if test -z "$pic_flag" && test -n "$link_static_flag"; then + dlopen_self=$dlopen_self_static + fi + prefer_static_libs=yes + ;; + esac + build_libtool_libs=no + build_old_libs=yes + break + ;; + esac + done + + # See if our shared archives depend on static archives. + test -n "$old_archive_from_new_cmds" && build_old_libs=yes + + # Go through the arguments, transforming them on the way. + while test "$#" -gt 0; do + arg="$1" + shift + func_quote_for_eval "$arg" + qarg=$func_quote_for_eval_unquoted_result + func_append libtool_args " $func_quote_for_eval_result" + + # If the previous option needs an argument, assign it. + if test -n "$prev"; then + case $prev in + output) + func_append compile_command " @OUTPUT@" + func_append finalize_command " @OUTPUT@" + ;; + esac + + case $prev in + bindir) + bindir="$arg" + prev= + continue + ;; + dlfiles|dlprefiles) + if test "$preload" = no; then + # Add the symbol object into the linking commands. + func_append compile_command " @SYMFILE@" + func_append finalize_command " @SYMFILE@" + preload=yes + fi + case $arg in + *.la | *.lo) ;; # We handle these cases below. + force) + if test "$dlself" = no; then + dlself=needless + export_dynamic=yes + fi + prev= + continue + ;; + self) + if test "$prev" = dlprefiles; then + dlself=yes + elif test "$prev" = dlfiles && test "$dlopen_self" != yes; then + dlself=yes + else + dlself=needless + export_dynamic=yes + fi + prev= + continue + ;; + *) + if test "$prev" = dlfiles; then + func_append dlfiles " $arg" + else + func_append dlprefiles " $arg" + fi + prev= + continue + ;; + esac + ;; + expsyms) + export_symbols="$arg" + test -f "$arg" \ + || func_fatal_error "symbol file \`$arg' does not exist" + prev= + continue + ;; + expsyms_regex) + export_symbols_regex="$arg" + prev= + continue + ;; + framework) + case $host in + *-*-darwin*) + case "$deplibs " in + *" $qarg.ltframework "*) ;; + *) func_append deplibs " $qarg.ltframework" # this is fixed later + ;; + esac + ;; + esac + prev= + continue + ;; + inst_prefix) + inst_prefix_dir="$arg" + prev= + continue + ;; + objectlist) + if test -f "$arg"; then + save_arg=$arg + moreargs= + for fil in `cat "$save_arg"` + do +# func_append moreargs " $fil" + arg=$fil + # A libtool-controlled object. + + # Check to see that this really is a libtool object. + if func_lalib_unsafe_p "$arg"; then + pic_object= + non_pic_object= + + # Read the .lo file + func_source "$arg" + + if test -z "$pic_object" || + test -z "$non_pic_object" || + test "$pic_object" = none && + test "$non_pic_object" = none; then + func_fatal_error "cannot find name of object for \`$arg'" + fi + + # Extract subdirectory from the argument. + func_dirname "$arg" "/" "" + xdir="$func_dirname_result" + + if test "$pic_object" != none; then + # Prepend the subdirectory the object is found in. + pic_object="$xdir$pic_object" + + if test "$prev" = dlfiles; then + if test "$build_libtool_libs" = yes && test "$dlopen_support" = yes; then + func_append dlfiles " $pic_object" + prev= + continue + else + # If libtool objects are unsupported, then we need to preload. + prev=dlprefiles + fi + fi + + # CHECK ME: I think I busted this. -Ossama + if test "$prev" = dlprefiles; then + # Preload the old-style object. + func_append dlprefiles " $pic_object" + prev= + fi + + # A PIC object. + func_append libobjs " $pic_object" + arg="$pic_object" + fi + + # Non-PIC object. + if test "$non_pic_object" != none; then + # Prepend the subdirectory the object is found in. + non_pic_object="$xdir$non_pic_object" + + # A standard non-PIC object + func_append non_pic_objects " $non_pic_object" + if test -z "$pic_object" || test "$pic_object" = none ; then + arg="$non_pic_object" + fi + else + # If the PIC object exists, use it instead. + # $xdir was prepended to $pic_object above. + non_pic_object="$pic_object" + func_append non_pic_objects " $non_pic_object" + fi + else + # Only an error if not doing a dry-run. + if $opt_dry_run; then + # Extract subdirectory from the argument. + func_dirname "$arg" "/" "" + xdir="$func_dirname_result" + + func_lo2o "$arg" + pic_object=$xdir$objdir/$func_lo2o_result + non_pic_object=$xdir$func_lo2o_result + func_append libobjs " $pic_object" + func_append non_pic_objects " $non_pic_object" + else + func_fatal_error "\`$arg' is not a valid libtool object" + fi + fi + done + else + func_fatal_error "link input file \`$arg' does not exist" + fi + arg=$save_arg + prev= + continue + ;; + precious_regex) + precious_files_regex="$arg" + prev= + continue + ;; + release) + release="-$arg" + prev= + continue + ;; + rpath | xrpath) + # We need an absolute path. + case $arg in + [\\/]* | [A-Za-z]:[\\/]*) ;; + *) + func_fatal_error "only absolute run-paths are allowed" + ;; + esac + if test "$prev" = rpath; then + case "$rpath " in + *" $arg "*) ;; + *) func_append rpath " $arg" ;; + esac + else + case "$xrpath " in + *" $arg "*) ;; + *) func_append xrpath " $arg" ;; + esac + fi + prev= + continue + ;; + shrext) + shrext_cmds="$arg" + prev= + continue + ;; + weak) + func_append weak_libs " $arg" + prev= + continue + ;; + xcclinker) + func_append linker_flags " $qarg" + func_append compiler_flags " $qarg" + prev= + func_append compile_command " $qarg" + func_append finalize_command " $qarg" + continue + ;; + xcompiler) + func_append compiler_flags " $qarg" + prev= + func_append compile_command " $qarg" + func_append finalize_command " $qarg" + continue + ;; + xlinker) + func_append linker_flags " $qarg" + func_append compiler_flags " $wl$qarg" + prev= + func_append compile_command " $wl$qarg" + func_append finalize_command " $wl$qarg" + continue + ;; + *) + eval "$prev=\"\$arg\"" + prev= + continue + ;; + esac + fi # test -n "$prev" + + prevarg="$arg" + + case $arg in + -all-static) + if test -n "$link_static_flag"; then + # See comment for -static flag below, for more details. + func_append compile_command " $link_static_flag" + func_append finalize_command " $link_static_flag" + fi + continue + ;; + + -allow-undefined) + # FIXME: remove this flag sometime in the future. + func_fatal_error "\`-allow-undefined' must not be used because it is the default" + ;; + + -avoid-version) + avoid_version=yes + continue + ;; + + -bindir) + prev=bindir + continue + ;; + + -dlopen) + prev=dlfiles + continue + ;; + + -dlpreopen) + prev=dlprefiles + continue + ;; + + -export-dynamic) + export_dynamic=yes + continue + ;; + + -export-symbols | -export-symbols-regex) + if test -n "$export_symbols" || test -n "$export_symbols_regex"; then + func_fatal_error "more than one -exported-symbols argument is not allowed" + fi + if test "X$arg" = "X-export-symbols"; then + prev=expsyms + else + prev=expsyms_regex + fi + continue + ;; + + -framework) + prev=framework + continue + ;; + + -inst-prefix-dir) + prev=inst_prefix + continue + ;; + + # The native IRIX linker understands -LANG:*, -LIST:* and -LNO:* + # so, if we see these flags be careful not to treat them like -L + -L[A-Z][A-Z]*:*) + case $with_gcc/$host in + no/*-*-irix* | /*-*-irix*) + func_append compile_command " $arg" + func_append finalize_command " $arg" + ;; + esac + continue + ;; + + -L*) + func_stripname "-L" '' "$arg" + if test -z "$func_stripname_result"; then + if test "$#" -gt 0; then + func_fatal_error "require no space between \`-L' and \`$1'" + else + func_fatal_error "need path for \`-L' option" + fi + fi + func_resolve_sysroot "$func_stripname_result" + dir=$func_resolve_sysroot_result + # We need an absolute path. + case $dir in + [\\/]* | [A-Za-z]:[\\/]*) ;; + *) + absdir=`cd "$dir" && pwd` + test -z "$absdir" && \ + func_fatal_error "cannot determine absolute directory name of \`$dir'" + dir="$absdir" + ;; + esac + case "$deplibs " in + *" -L$dir "* | *" $arg "*) + # Will only happen for absolute or sysroot arguments + ;; + *) + # Preserve sysroot, but never include relative directories + case $dir in + [\\/]* | [A-Za-z]:[\\/]* | =*) func_append deplibs " $arg" ;; + *) func_append deplibs " -L$dir" ;; + esac + func_append lib_search_path " $dir" + ;; + esac + case $host in + *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-cegcc*) + testbindir=`$ECHO "$dir" | $SED 's*/lib$*/bin*'` + case :$dllsearchpath: in + *":$dir:"*) ;; + ::) dllsearchpath=$dir;; + *) func_append dllsearchpath ":$dir";; + esac + case :$dllsearchpath: in + *":$testbindir:"*) ;; + ::) dllsearchpath=$testbindir;; + *) func_append dllsearchpath ":$testbindir";; + esac + ;; + esac + continue + ;; + + -l*) + if test "X$arg" = "X-lc" || test "X$arg" = "X-lm"; then + case $host in + *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-beos* | *-cegcc* | *-*-haiku*) + # These systems don't actually have a C or math library (as such) + continue + ;; + *-*-os2*) + # These systems don't actually have a C library (as such) + test "X$arg" = "X-lc" && continue + ;; + *-*-openbsd* | *-*-freebsd* | *-*-dragonfly*) + # Do not include libc due to us having libc/libc_r. + test "X$arg" = "X-lc" && continue + ;; + *-*-rhapsody* | *-*-darwin1.[012]) + # Rhapsody C and math libraries are in the System framework + func_append deplibs " System.ltframework" + continue + ;; + *-*-sco3.2v5* | *-*-sco5v6*) + # Causes problems with __ctype + test "X$arg" = "X-lc" && continue + ;; + *-*-sysv4.2uw2* | *-*-sysv5* | *-*-unixware* | *-*-OpenUNIX*) + # Compiler inserts libc in the correct place for threads to work + test "X$arg" = "X-lc" && continue + ;; + esac + elif test "X$arg" = "X-lc_r"; then + case $host in + *-*-openbsd* | *-*-freebsd* | *-*-dragonfly*) + # Do not include libc_r directly, use -pthread flag. + continue + ;; + esac + fi + func_append deplibs " $arg" + continue + ;; + + -module) + module=yes + continue + ;; + + # Tru64 UNIX uses -model [arg] to determine the layout of C++ + # classes, name mangling, and exception handling. + # Darwin uses the -arch flag to determine output architecture. + -model|-arch|-isysroot|--sysroot) + func_append compiler_flags " $arg" + func_append compile_command " $arg" + func_append finalize_command " $arg" + prev=xcompiler + continue + ;; + + -mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe \ + |-threads|-fopenmp|-openmp|-mp|-xopenmp|-omp|-qsmp=*) + func_append compiler_flags " $arg" + func_append compile_command " $arg" + func_append finalize_command " $arg" + case "$new_inherited_linker_flags " in + *" $arg "*) ;; + * ) func_append new_inherited_linker_flags " $arg" ;; + esac + continue + ;; + + -multi_module) + single_module="${wl}-multi_module" + continue + ;; + + -no-fast-install) + fast_install=no + continue + ;; + + -no-install) + case $host in + *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-*-darwin* | *-cegcc*) + # The PATH hackery in wrapper scripts is required on Windows + # and Darwin in order for the loader to find any dlls it needs. + func_warning "\`-no-install' is ignored for $host" + func_warning "assuming \`-no-fast-install' instead" + fast_install=no + ;; + *) no_install=yes ;; + esac + continue + ;; + + -no-undefined) + allow_undefined=no + continue + ;; + + -objectlist) + prev=objectlist + continue + ;; + + -o) prev=output ;; + + -precious-files-regex) + prev=precious_regex + continue + ;; + + -release) + prev=release + continue + ;; + + -rpath) + prev=rpath + continue + ;; + + -R) + prev=xrpath + continue + ;; + + -R*) + func_stripname '-R' '' "$arg" + dir=$func_stripname_result + # We need an absolute path. + case $dir in + [\\/]* | [A-Za-z]:[\\/]*) ;; + =*) + func_stripname '=' '' "$dir" + dir=$lt_sysroot$func_stripname_result + ;; + *) + func_fatal_error "only absolute run-paths are allowed" + ;; + esac + case "$xrpath " in + *" $dir "*) ;; + *) func_append xrpath " $dir" ;; + esac + continue + ;; + + -shared) + # The effects of -shared are defined in a previous loop. + continue + ;; + + -shrext) + prev=shrext + continue + ;; + + -static | -static-libtool-libs) + # The effects of -static are defined in a previous loop. + # We used to do the same as -all-static on platforms that + # didn't have a PIC flag, but the assumption that the effects + # would be equivalent was wrong. It would break on at least + # Digital Unix and AIX. + continue + ;; + + -thread-safe) + thread_safe=yes + continue + ;; + + -version-info) + prev=vinfo + continue + ;; + + -version-number) + prev=vinfo + vinfo_number=yes + continue + ;; + + -weak) + prev=weak + continue + ;; + + -Wc,*) + func_stripname '-Wc,' '' "$arg" + args=$func_stripname_result + arg= + save_ifs="$IFS"; IFS=',' + for flag in $args; do + IFS="$save_ifs" + func_quote_for_eval "$flag" + func_append arg " $func_quote_for_eval_result" + func_append compiler_flags " $func_quote_for_eval_result" + done + IFS="$save_ifs" + func_stripname ' ' '' "$arg" + arg=$func_stripname_result + ;; + + -Wl,*) + func_stripname '-Wl,' '' "$arg" + args=$func_stripname_result + arg= + save_ifs="$IFS"; IFS=',' + for flag in $args; do + IFS="$save_ifs" + func_quote_for_eval "$flag" + func_append arg " $wl$func_quote_for_eval_result" + func_append compiler_flags " $wl$func_quote_for_eval_result" + func_append linker_flags " $func_quote_for_eval_result" + done + IFS="$save_ifs" + func_stripname ' ' '' "$arg" + arg=$func_stripname_result + ;; + + -Xcompiler) + prev=xcompiler + continue + ;; + + -Xlinker) + prev=xlinker + continue + ;; + + -XCClinker) + prev=xcclinker + continue + ;; + + # -msg_* for osf cc + -msg_*) + func_quote_for_eval "$arg" + arg="$func_quote_for_eval_result" + ;; + + # Flags to be passed through unchanged, with rationale: + # -64, -mips[0-9] enable 64-bit mode for the SGI compiler + # -r[0-9][0-9]* specify processor for the SGI compiler + # -xarch=*, -xtarget=* enable 64-bit mode for the Sun compiler + # +DA*, +DD* enable 64-bit mode for the HP compiler + # -q* compiler args for the IBM compiler + # -m*, -t[45]*, -txscale* architecture-specific flags for GCC + # -F/path path to uninstalled frameworks, gcc on darwin + # -p, -pg, --coverage, -fprofile-* profiling flags for GCC + # @file GCC response files + # -tp=* Portland pgcc target processor selection + # --sysroot=* for sysroot support + # -O*, -flto*, -fwhopr*, -fuse-linker-plugin GCC link-time optimization + -64|-mips[0-9]|-r[0-9][0-9]*|-xarch=*|-xtarget=*|+DA*|+DD*|-q*|-m*| \ + -t[45]*|-txscale*|-p|-pg|--coverage|-fprofile-*|-F*|@*|-tp=*|--sysroot=*| \ + -O*|-flto*|-fwhopr*|-fuse-linker-plugin) + func_quote_for_eval "$arg" + arg="$func_quote_for_eval_result" + func_append compile_command " $arg" + func_append finalize_command " $arg" + func_append compiler_flags " $arg" + continue + ;; + + # Some other compiler flag. + -* | +*) + func_quote_for_eval "$arg" + arg="$func_quote_for_eval_result" + ;; + + *.$objext) + # A standard object. + func_append objs " $arg" + ;; + + *.lo) + # A libtool-controlled object. + + # Check to see that this really is a libtool object. + if func_lalib_unsafe_p "$arg"; then + pic_object= + non_pic_object= + + # Read the .lo file + func_source "$arg" + + if test -z "$pic_object" || + test -z "$non_pic_object" || + test "$pic_object" = none && + test "$non_pic_object" = none; then + func_fatal_error "cannot find name of object for \`$arg'" + fi + + # Extract subdirectory from the argument. + func_dirname "$arg" "/" "" + xdir="$func_dirname_result" + + if test "$pic_object" != none; then + # Prepend the subdirectory the object is found in. + pic_object="$xdir$pic_object" + + if test "$prev" = dlfiles; then + if test "$build_libtool_libs" = yes && test "$dlopen_support" = yes; then + func_append dlfiles " $pic_object" + prev= + continue + else + # If libtool objects are unsupported, then we need to preload. + prev=dlprefiles + fi + fi + + # CHECK ME: I think I busted this. -Ossama + if test "$prev" = dlprefiles; then + # Preload the old-style object. + func_append dlprefiles " $pic_object" + prev= + fi + + # A PIC object. + func_append libobjs " $pic_object" + arg="$pic_object" + fi + + # Non-PIC object. + if test "$non_pic_object" != none; then + # Prepend the subdirectory the object is found in. + non_pic_object="$xdir$non_pic_object" + + # A standard non-PIC object + func_append non_pic_objects " $non_pic_object" + if test -z "$pic_object" || test "$pic_object" = none ; then + arg="$non_pic_object" + fi + else + # If the PIC object exists, use it instead. + # $xdir was prepended to $pic_object above. + non_pic_object="$pic_object" + func_append non_pic_objects " $non_pic_object" + fi + else + # Only an error if not doing a dry-run. + if $opt_dry_run; then + # Extract subdirectory from the argument. + func_dirname "$arg" "/" "" + xdir="$func_dirname_result" + + func_lo2o "$arg" + pic_object=$xdir$objdir/$func_lo2o_result + non_pic_object=$xdir$func_lo2o_result + func_append libobjs " $pic_object" + func_append non_pic_objects " $non_pic_object" + else + func_fatal_error "\`$arg' is not a valid libtool object" + fi + fi + ;; + + *.$libext) + # An archive. + func_append deplibs " $arg" + func_append old_deplibs " $arg" + continue + ;; + + *.la) + # A libtool-controlled library. + + func_resolve_sysroot "$arg" + if test "$prev" = dlfiles; then + # This library was specified with -dlopen. + func_append dlfiles " $func_resolve_sysroot_result" + prev= + elif test "$prev" = dlprefiles; then + # The library was specified with -dlpreopen. + func_append dlprefiles " $func_resolve_sysroot_result" + prev= + else + func_append deplibs " $func_resolve_sysroot_result" + fi + continue + ;; + + # Some other compiler argument. + *) + # Unknown arguments in both finalize_command and compile_command need + # to be aesthetically quoted because they are evaled later. + func_quote_for_eval "$arg" + arg="$func_quote_for_eval_result" + ;; + esac # arg + + # Now actually substitute the argument into the commands. + if test -n "$arg"; then + func_append compile_command " $arg" + func_append finalize_command " $arg" + fi + done # argument parsing loop + + test -n "$prev" && \ + func_fatal_help "the \`$prevarg' option requires an argument" + + if test "$export_dynamic" = yes && test -n "$export_dynamic_flag_spec"; then + eval arg=\"$export_dynamic_flag_spec\" + func_append compile_command " $arg" + func_append finalize_command " $arg" + fi + + oldlibs= + # calculate the name of the file, without its directory + func_basename "$output" + outputname="$func_basename_result" + libobjs_save="$libobjs" + + if test -n "$shlibpath_var"; then + # get the directories listed in $shlibpath_var + eval shlib_search_path=\`\$ECHO \"\${$shlibpath_var}\" \| \$SED \'s/:/ /g\'\` + else + shlib_search_path= + fi + eval sys_lib_search_path=\"$sys_lib_search_path_spec\" + eval sys_lib_dlsearch_path=\"$sys_lib_dlsearch_path_spec\" + + func_dirname "$output" "/" "" + output_objdir="$func_dirname_result$objdir" + func_to_tool_file "$output_objdir/" + tool_output_objdir=$func_to_tool_file_result + # Create the object directory. + func_mkdir_p "$output_objdir" + + # Determine the type of output + case $output in + "") + func_fatal_help "you must specify an output file" + ;; + *.$libext) linkmode=oldlib ;; + *.lo | *.$objext) linkmode=obj ;; + *.la) linkmode=lib ;; + *) linkmode=prog ;; # Anything else should be a program. + esac + + specialdeplibs= + + libs= + # Find all interdependent deplibs by searching for libraries + # that are linked more than once (e.g. -la -lb -la) + for deplib in $deplibs; do + if $opt_preserve_dup_deps ; then + case "$libs " in + *" $deplib "*) func_append specialdeplibs " $deplib" ;; + esac + fi + func_append libs " $deplib" + done + + if test "$linkmode" = lib; then + libs="$predeps $libs $compiler_lib_search_path $postdeps" + + # Compute libraries that are listed more than once in $predeps + # $postdeps and mark them as special (i.e., whose duplicates are + # not to be eliminated). + pre_post_deps= + if $opt_duplicate_compiler_generated_deps; then + for pre_post_dep in $predeps $postdeps; do + case "$pre_post_deps " in + *" $pre_post_dep "*) func_append specialdeplibs " $pre_post_deps" ;; + esac + func_append pre_post_deps " $pre_post_dep" + done + fi + pre_post_deps= + fi + + deplibs= + newdependency_libs= + newlib_search_path= + need_relink=no # whether we're linking any uninstalled libtool libraries + notinst_deplibs= # not-installed libtool libraries + notinst_path= # paths that contain not-installed libtool libraries + + case $linkmode in + lib) + passes="conv dlpreopen link" + for file in $dlfiles $dlprefiles; do + case $file in + *.la) ;; + *) + func_fatal_help "libraries can \`-dlopen' only libtool libraries: $file" + ;; + esac + done + ;; + prog) + compile_deplibs= + finalize_deplibs= + alldeplibs=no + newdlfiles= + newdlprefiles= + passes="conv scan dlopen dlpreopen link" + ;; + *) passes="conv" + ;; + esac + + for pass in $passes; do + # The preopen pass in lib mode reverses $deplibs; put it back here + # so that -L comes before libs that need it for instance... + if test "$linkmode,$pass" = "lib,link"; then + ## FIXME: Find the place where the list is rebuilt in the wrong + ## order, and fix it there properly + tmp_deplibs= + for deplib in $deplibs; do + tmp_deplibs="$deplib $tmp_deplibs" + done + deplibs="$tmp_deplibs" + fi + + if test "$linkmode,$pass" = "lib,link" || + test "$linkmode,$pass" = "prog,scan"; then + libs="$deplibs" + deplibs= + fi + if test "$linkmode" = prog; then + case $pass in + dlopen) libs="$dlfiles" ;; + dlpreopen) libs="$dlprefiles" ;; + link) libs="$deplibs %DEPLIBS% $dependency_libs" ;; + esac + fi + if test "$linkmode,$pass" = "lib,dlpreopen"; then + # Collect and forward deplibs of preopened libtool libs + for lib in $dlprefiles; do + # Ignore non-libtool-libs + dependency_libs= + func_resolve_sysroot "$lib" + case $lib in + *.la) func_source "$func_resolve_sysroot_result" ;; + esac + + # Collect preopened libtool deplibs, except any this library + # has declared as weak libs + for deplib in $dependency_libs; do + func_basename "$deplib" + deplib_base=$func_basename_result + case " $weak_libs " in + *" $deplib_base "*) ;; + *) func_append deplibs " $deplib" ;; + esac + done + done + libs="$dlprefiles" + fi + if test "$pass" = dlopen; then + # Collect dlpreopened libraries + save_deplibs="$deplibs" + deplibs= + fi + + for deplib in $libs; do + lib= + found=no + case $deplib in + -mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe \ + |-threads|-fopenmp|-openmp|-mp|-xopenmp|-omp|-qsmp=*) + if test "$linkmode,$pass" = "prog,link"; then + compile_deplibs="$deplib $compile_deplibs" + finalize_deplibs="$deplib $finalize_deplibs" + else + func_append compiler_flags " $deplib" + if test "$linkmode" = lib ; then + case "$new_inherited_linker_flags " in + *" $deplib "*) ;; + * ) func_append new_inherited_linker_flags " $deplib" ;; + esac + fi + fi + continue + ;; + -l*) + if test "$linkmode" != lib && test "$linkmode" != prog; then + func_warning "\`-l' is ignored for archives/objects" + continue + fi + func_stripname '-l' '' "$deplib" + name=$func_stripname_result + if test "$linkmode" = lib; then + searchdirs="$newlib_search_path $lib_search_path $compiler_lib_search_dirs $sys_lib_search_path $shlib_search_path" + else + searchdirs="$newlib_search_path $lib_search_path $sys_lib_search_path $shlib_search_path" + fi + for searchdir in $searchdirs; do + for search_ext in .la $std_shrext .so .a; do + # Search the libtool library + lib="$searchdir/lib${name}${search_ext}" + if test -f "$lib"; then + if test "$search_ext" = ".la"; then + found=yes + else + found=no + fi + break 2 + fi + done + done + if test "$found" != yes; then + # deplib doesn't seem to be a libtool library + if test "$linkmode,$pass" = "prog,link"; then + compile_deplibs="$deplib $compile_deplibs" + finalize_deplibs="$deplib $finalize_deplibs" + else + deplibs="$deplib $deplibs" + test "$linkmode" = lib && newdependency_libs="$deplib $newdependency_libs" + fi + continue + else # deplib is a libtool library + # If $allow_libtool_libs_with_static_runtimes && $deplib is a stdlib, + # We need to do some special things here, and not later. + if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then + case " $predeps $postdeps " in + *" $deplib "*) + if func_lalib_p "$lib"; then + library_names= + old_library= + func_source "$lib" + for l in $old_library $library_names; do + ll="$l" + done + if test "X$ll" = "X$old_library" ; then # only static version available + found=no + func_dirname "$lib" "" "." + ladir="$func_dirname_result" + lib=$ladir/$old_library + if test "$linkmode,$pass" = "prog,link"; then + compile_deplibs="$deplib $compile_deplibs" + finalize_deplibs="$deplib $finalize_deplibs" + else + deplibs="$deplib $deplibs" + test "$linkmode" = lib && newdependency_libs="$deplib $newdependency_libs" + fi + continue + fi + fi + ;; + *) ;; + esac + fi + fi + ;; # -l + *.ltframework) + if test "$linkmode,$pass" = "prog,link"; then + compile_deplibs="$deplib $compile_deplibs" + finalize_deplibs="$deplib $finalize_deplibs" + else + deplibs="$deplib $deplibs" + if test "$linkmode" = lib ; then + case "$new_inherited_linker_flags " in + *" $deplib "*) ;; + * ) func_append new_inherited_linker_flags " $deplib" ;; + esac + fi + fi + continue + ;; + -L*) + case $linkmode in + lib) + deplibs="$deplib $deplibs" + test "$pass" = conv && continue + newdependency_libs="$deplib $newdependency_libs" + func_stripname '-L' '' "$deplib" + func_resolve_sysroot "$func_stripname_result" + func_append newlib_search_path " $func_resolve_sysroot_result" + ;; + prog) + if test "$pass" = conv; then + deplibs="$deplib $deplibs" + continue + fi + if test "$pass" = scan; then + deplibs="$deplib $deplibs" + else + compile_deplibs="$deplib $compile_deplibs" + finalize_deplibs="$deplib $finalize_deplibs" + fi + func_stripname '-L' '' "$deplib" + func_resolve_sysroot "$func_stripname_result" + func_append newlib_search_path " $func_resolve_sysroot_result" + ;; + *) + func_warning "\`-L' is ignored for archives/objects" + ;; + esac # linkmode + continue + ;; # -L + -R*) + if test "$pass" = link; then + func_stripname '-R' '' "$deplib" + func_resolve_sysroot "$func_stripname_result" + dir=$func_resolve_sysroot_result + # Make sure the xrpath contains only unique directories. + case "$xrpath " in + *" $dir "*) ;; + *) func_append xrpath " $dir" ;; + esac + fi + deplibs="$deplib $deplibs" + continue + ;; + *.la) + func_resolve_sysroot "$deplib" + lib=$func_resolve_sysroot_result + ;; + *.$libext) + if test "$pass" = conv; then + deplibs="$deplib $deplibs" + continue + fi + case $linkmode in + lib) + # Linking convenience modules into shared libraries is allowed, + # but linking other static libraries is non-portable. + case " $dlpreconveniencelibs " in + *" $deplib "*) ;; + *) + valid_a_lib=no + case $deplibs_check_method in + match_pattern*) + set dummy $deplibs_check_method; shift + match_pattern_regex=`expr "$deplibs_check_method" : "$1 \(.*\)"` + if eval "\$ECHO \"$deplib\"" 2>/dev/null | $SED 10q \ + | $EGREP "$match_pattern_regex" > /dev/null; then + valid_a_lib=yes + fi + ;; + pass_all) + valid_a_lib=yes + ;; + esac + if test "$valid_a_lib" != yes; then + echo + $ECHO "*** Warning: Trying to link with static lib archive $deplib." + echo "*** I have the capability to make that library automatically link in when" + echo "*** you link to this library. But I can only do this if you have a" + echo "*** shared version of the library, which you do not appear to have" + echo "*** because the file extensions .$libext of this argument makes me believe" + echo "*** that it is just a static archive that I should not use here." + else + echo + $ECHO "*** Warning: Linking the shared library $output against the" + $ECHO "*** static library $deplib is not portable!" + deplibs="$deplib $deplibs" + fi + ;; + esac + continue + ;; + prog) + if test "$pass" != link; then + deplibs="$deplib $deplibs" + else + compile_deplibs="$deplib $compile_deplibs" + finalize_deplibs="$deplib $finalize_deplibs" + fi + continue + ;; + esac # linkmode + ;; # *.$libext + *.lo | *.$objext) + if test "$pass" = conv; then + deplibs="$deplib $deplibs" + elif test "$linkmode" = prog; then + if test "$pass" = dlpreopen || test "$dlopen_support" != yes || test "$build_libtool_libs" = no; then + # If there is no dlopen support or we're linking statically, + # we need to preload. + func_append newdlprefiles " $deplib" + compile_deplibs="$deplib $compile_deplibs" + finalize_deplibs="$deplib $finalize_deplibs" + else + func_append newdlfiles " $deplib" + fi + fi + continue + ;; + %DEPLIBS%) + alldeplibs=yes + continue + ;; + esac # case $deplib + + if test "$found" = yes || test -f "$lib"; then : + else + func_fatal_error "cannot find the library \`$lib' or unhandled argument \`$deplib'" + fi + + # Check to see that this really is a libtool archive. + func_lalib_unsafe_p "$lib" \ + || func_fatal_error "\`$lib' is not a valid libtool archive" + + func_dirname "$lib" "" "." + ladir="$func_dirname_result" + + dlname= + dlopen= + dlpreopen= + libdir= + library_names= + old_library= + inherited_linker_flags= + # If the library was installed with an old release of libtool, + # it will not redefine variables installed, or shouldnotlink + installed=yes + shouldnotlink=no + avoidtemprpath= + + + # Read the .la file + func_source "$lib" + + # Convert "-framework foo" to "foo.ltframework" + if test -n "$inherited_linker_flags"; then + tmp_inherited_linker_flags=`$ECHO "$inherited_linker_flags" | $SED 's/-framework \([^ $]*\)/\1.ltframework/g'` + for tmp_inherited_linker_flag in $tmp_inherited_linker_flags; do + case " $new_inherited_linker_flags " in + *" $tmp_inherited_linker_flag "*) ;; + *) func_append new_inherited_linker_flags " $tmp_inherited_linker_flag";; + esac + done + fi + dependency_libs=`$ECHO " $dependency_libs" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'` + if test "$linkmode,$pass" = "lib,link" || + test "$linkmode,$pass" = "prog,scan" || + { test "$linkmode" != prog && test "$linkmode" != lib; }; then + test -n "$dlopen" && func_append dlfiles " $dlopen" + test -n "$dlpreopen" && func_append dlprefiles " $dlpreopen" + fi + + if test "$pass" = conv; then + # Only check for convenience libraries + deplibs="$lib $deplibs" + if test -z "$libdir"; then + if test -z "$old_library"; then + func_fatal_error "cannot find name of link library for \`$lib'" + fi + # It is a libtool convenience library, so add in its objects. + func_append convenience " $ladir/$objdir/$old_library" + func_append old_convenience " $ladir/$objdir/$old_library" + elif test "$linkmode" != prog && test "$linkmode" != lib; then + func_fatal_error "\`$lib' is not a convenience library" + fi + tmp_libs= + for deplib in $dependency_libs; do + deplibs="$deplib $deplibs" + if $opt_preserve_dup_deps ; then + case "$tmp_libs " in + *" $deplib "*) func_append specialdeplibs " $deplib" ;; + esac + fi + func_append tmp_libs " $deplib" + done + continue + fi # $pass = conv + + + # Get the name of the library we link against. + linklib= + if test -n "$old_library" && + { test "$prefer_static_libs" = yes || + test "$prefer_static_libs,$installed" = "built,no"; }; then + linklib=$old_library + else + for l in $old_library $library_names; do + linklib="$l" + done + fi + if test -z "$linklib"; then + func_fatal_error "cannot find name of link library for \`$lib'" + fi + + # This library was specified with -dlopen. + if test "$pass" = dlopen; then + if test -z "$libdir"; then + func_fatal_error "cannot -dlopen a convenience library: \`$lib'" + fi + if test -z "$dlname" || + test "$dlopen_support" != yes || + test "$build_libtool_libs" = no; then + # If there is no dlname, no dlopen support or we're linking + # statically, we need to preload. We also need to preload any + # dependent libraries so libltdl's deplib preloader doesn't + # bomb out in the load deplibs phase. + func_append dlprefiles " $lib $dependency_libs" + else + func_append newdlfiles " $lib" + fi + continue + fi # $pass = dlopen + + # We need an absolute path. + case $ladir in + [\\/]* | [A-Za-z]:[\\/]*) abs_ladir="$ladir" ;; + *) + abs_ladir=`cd "$ladir" && pwd` + if test -z "$abs_ladir"; then + func_warning "cannot determine absolute directory name of \`$ladir'" + func_warning "passing it literally to the linker, although it might fail" + abs_ladir="$ladir" + fi + ;; + esac + func_basename "$lib" + laname="$func_basename_result" + + # Find the relevant object directory and library name. + if test "X$installed" = Xyes; then + if test ! -f "$lt_sysroot$libdir/$linklib" && test -f "$abs_ladir/$linklib"; then + func_warning "library \`$lib' was moved." + dir="$ladir" + absdir="$abs_ladir" + libdir="$abs_ladir" + else + dir="$lt_sysroot$libdir" + absdir="$lt_sysroot$libdir" + fi + test "X$hardcode_automatic" = Xyes && avoidtemprpath=yes + else + if test ! -f "$ladir/$objdir/$linklib" && test -f "$abs_ladir/$linklib"; then + dir="$ladir" + absdir="$abs_ladir" + # Remove this search path later + func_append notinst_path " $abs_ladir" + else + dir="$ladir/$objdir" + absdir="$abs_ladir/$objdir" + # Remove this search path later + func_append notinst_path " $abs_ladir" + fi + fi # $installed = yes + func_stripname 'lib' '.la' "$laname" + name=$func_stripname_result + + # This library was specified with -dlpreopen. + if test "$pass" = dlpreopen; then + if test -z "$libdir" && test "$linkmode" = prog; then + func_fatal_error "only libraries may -dlpreopen a convenience library: \`$lib'" + fi + case "$host" in + # special handling for platforms with PE-DLLs. + *cygwin* | *mingw* | *cegcc* ) + # Linker will automatically link against shared library if both + # static and shared are present. Therefore, ensure we extract + # symbols from the import library if a shared library is present + # (otherwise, the dlopen module name will be incorrect). We do + # this by putting the import library name into $newdlprefiles. + # We recover the dlopen module name by 'saving' the la file + # name in a special purpose variable, and (later) extracting the + # dlname from the la file. + if test -n "$dlname"; then + func_tr_sh "$dir/$linklib" + eval "libfile_$func_tr_sh_result=\$abs_ladir/\$laname" + func_append newdlprefiles " $dir/$linklib" + else + func_append newdlprefiles " $dir/$old_library" + # Keep a list of preopened convenience libraries to check + # that they are being used correctly in the link pass. + test -z "$libdir" && \ + func_append dlpreconveniencelibs " $dir/$old_library" + fi + ;; + * ) + # Prefer using a static library (so that no silly _DYNAMIC symbols + # are required to link). + if test -n "$old_library"; then + func_append newdlprefiles " $dir/$old_library" + # Keep a list of preopened convenience libraries to check + # that they are being used correctly in the link pass. + test -z "$libdir" && \ + func_append dlpreconveniencelibs " $dir/$old_library" + # Otherwise, use the dlname, so that lt_dlopen finds it. + elif test -n "$dlname"; then + func_append newdlprefiles " $dir/$dlname" + else + func_append newdlprefiles " $dir/$linklib" + fi + ;; + esac + fi # $pass = dlpreopen + + if test -z "$libdir"; then + # Link the convenience library + if test "$linkmode" = lib; then + deplibs="$dir/$old_library $deplibs" + elif test "$linkmode,$pass" = "prog,link"; then + compile_deplibs="$dir/$old_library $compile_deplibs" + finalize_deplibs="$dir/$old_library $finalize_deplibs" + else + deplibs="$lib $deplibs" # used for prog,scan pass + fi + continue + fi + + + if test "$linkmode" = prog && test "$pass" != link; then + func_append newlib_search_path " $ladir" + deplibs="$lib $deplibs" + + linkalldeplibs=no + if test "$link_all_deplibs" != no || test -z "$library_names" || + test "$build_libtool_libs" = no; then + linkalldeplibs=yes + fi + + tmp_libs= + for deplib in $dependency_libs; do + case $deplib in + -L*) func_stripname '-L' '' "$deplib" + func_resolve_sysroot "$func_stripname_result" + func_append newlib_search_path " $func_resolve_sysroot_result" + ;; + esac + # Need to link against all dependency_libs? + if test "$linkalldeplibs" = yes; then + deplibs="$deplib $deplibs" + else + # Need to hardcode shared library paths + # or/and link against static libraries + newdependency_libs="$deplib $newdependency_libs" + fi + if $opt_preserve_dup_deps ; then + case "$tmp_libs " in + *" $deplib "*) func_append specialdeplibs " $deplib" ;; + esac + fi + func_append tmp_libs " $deplib" + done # for deplib + continue + fi # $linkmode = prog... + + if test "$linkmode,$pass" = "prog,link"; then + if test -n "$library_names" && + { { test "$prefer_static_libs" = no || + test "$prefer_static_libs,$installed" = "built,yes"; } || + test -z "$old_library"; }; then + # We need to hardcode the library path + if test -n "$shlibpath_var" && test -z "$avoidtemprpath" ; then + # Make sure the rpath contains only unique directories. + case "$temp_rpath:" in + *"$absdir:"*) ;; + *) func_append temp_rpath "$absdir:" ;; + esac + fi + + # Hardcode the library path. + # Skip directories that are in the system default run-time + # search path. + case " $sys_lib_dlsearch_path " in + *" $absdir "*) ;; + *) + case "$compile_rpath " in + *" $absdir "*) ;; + *) func_append compile_rpath " $absdir" ;; + esac + ;; + esac + case " $sys_lib_dlsearch_path " in + *" $libdir "*) ;; + *) + case "$finalize_rpath " in + *" $libdir "*) ;; + *) func_append finalize_rpath " $libdir" ;; + esac + ;; + esac + fi # $linkmode,$pass = prog,link... + + if test "$alldeplibs" = yes && + { test "$deplibs_check_method" = pass_all || + { test "$build_libtool_libs" = yes && + test -n "$library_names"; }; }; then + # We only need to search for static libraries + continue + fi + fi + + link_static=no # Whether the deplib will be linked statically + use_static_libs=$prefer_static_libs + if test "$use_static_libs" = built && test "$installed" = yes; then + use_static_libs=no + fi + if test -n "$library_names" && + { test "$use_static_libs" = no || test -z "$old_library"; }; then + case $host in + *cygwin* | *mingw* | *cegcc*) + # No point in relinking DLLs because paths are not encoded + func_append notinst_deplibs " $lib" + need_relink=no + ;; + *) + if test "$installed" = no; then + func_append notinst_deplibs " $lib" + need_relink=yes + fi + ;; + esac + # This is a shared library + + # Warn about portability, can't link against -module's on some + # systems (darwin). Don't bleat about dlopened modules though! + dlopenmodule="" + for dlpremoduletest in $dlprefiles; do + if test "X$dlpremoduletest" = "X$lib"; then + dlopenmodule="$dlpremoduletest" + break + fi + done + if test -z "$dlopenmodule" && test "$shouldnotlink" = yes && test "$pass" = link; then + echo + if test "$linkmode" = prog; then + $ECHO "*** Warning: Linking the executable $output against the loadable module" + else + $ECHO "*** Warning: Linking the shared library $output against the loadable module" + fi + $ECHO "*** $linklib is not portable!" + fi + if test "$linkmode" = lib && + test "$hardcode_into_libs" = yes; then + # Hardcode the library path. + # Skip directories that are in the system default run-time + # search path. + case " $sys_lib_dlsearch_path " in + *" $absdir "*) ;; + *) + case "$compile_rpath " in + *" $absdir "*) ;; + *) func_append compile_rpath " $absdir" ;; + esac + ;; + esac + case " $sys_lib_dlsearch_path " in + *" $libdir "*) ;; + *) + case "$finalize_rpath " in + *" $libdir "*) ;; + *) func_append finalize_rpath " $libdir" ;; + esac + ;; + esac + fi + + if test -n "$old_archive_from_expsyms_cmds"; then + # figure out the soname + set dummy $library_names + shift + realname="$1" + shift + libname=`eval "\\$ECHO \"$libname_spec\""` + # use dlname if we got it. it's perfectly good, no? + if test -n "$dlname"; then + soname="$dlname" + elif test -n "$soname_spec"; then + # bleh windows + case $host in + *cygwin* | mingw* | *cegcc*) + func_arith $current - $age + major=$func_arith_result + versuffix="-$major" + ;; + esac + eval soname=\"$soname_spec\" + else + soname="$realname" + fi + + # Make a new name for the extract_expsyms_cmds to use + soroot="$soname" + func_basename "$soroot" + soname="$func_basename_result" + func_stripname 'lib' '.dll' "$soname" + newlib=libimp-$func_stripname_result.a + + # If the library has no export list, then create one now + if test -f "$output_objdir/$soname-def"; then : + else + func_verbose "extracting exported symbol list from \`$soname'" + func_execute_cmds "$extract_expsyms_cmds" 'exit $?' + fi + + # Create $newlib + if test -f "$output_objdir/$newlib"; then :; else + func_verbose "generating import library for \`$soname'" + func_execute_cmds "$old_archive_from_expsyms_cmds" 'exit $?' + fi + # make sure the library variables are pointing to the new library + dir=$output_objdir + linklib=$newlib + fi # test -n "$old_archive_from_expsyms_cmds" + + if test "$linkmode" = prog || test "$opt_mode" != relink; then + add_shlibpath= + add_dir= + add= + lib_linked=yes + case $hardcode_action in + immediate | unsupported) + if test "$hardcode_direct" = no; then + add="$dir/$linklib" + case $host in + *-*-sco3.2v5.0.[024]*) add_dir="-L$dir" ;; + *-*-sysv4*uw2*) add_dir="-L$dir" ;; + *-*-sysv5OpenUNIX* | *-*-sysv5UnixWare7.[01].[10]* | \ + *-*-unixware7*) add_dir="-L$dir" ;; + *-*-darwin* ) + # if the lib is a (non-dlopened) module then we can not + # link against it, someone is ignoring the earlier warnings + if /usr/bin/file -L $add 2> /dev/null | + $GREP ": [^:]* bundle" >/dev/null ; then + if test "X$dlopenmodule" != "X$lib"; then + $ECHO "*** Warning: lib $linklib is a module, not a shared library" + if test -z "$old_library" ; then + echo + echo "*** And there doesn't seem to be a static archive available" + echo "*** The link will probably fail, sorry" + else + add="$dir/$old_library" + fi + elif test -n "$old_library"; then + add="$dir/$old_library" + fi + fi + esac + elif test "$hardcode_minus_L" = no; then + case $host in + *-*-sunos*) add_shlibpath="$dir" ;; + esac + add_dir="-L$dir" + add="-l$name" + elif test "$hardcode_shlibpath_var" = no; then + add_shlibpath="$dir" + add="-l$name" + else + lib_linked=no + fi + ;; + relink) + if test "$hardcode_direct" = yes && + test "$hardcode_direct_absolute" = no; then + add="$dir/$linklib" + elif test "$hardcode_minus_L" = yes; then + add_dir="-L$absdir" + # Try looking first in the location we're being installed to. + if test -n "$inst_prefix_dir"; then + case $libdir in + [\\/]*) + func_append add_dir " -L$inst_prefix_dir$libdir" + ;; + esac + fi + add="-l$name" + elif test "$hardcode_shlibpath_var" = yes; then + add_shlibpath="$dir" + add="-l$name" + else + lib_linked=no + fi + ;; + *) lib_linked=no ;; + esac + + if test "$lib_linked" != yes; then + func_fatal_configuration "unsupported hardcode properties" + fi + + if test -n "$add_shlibpath"; then + case :$compile_shlibpath: in + *":$add_shlibpath:"*) ;; + *) func_append compile_shlibpath "$add_shlibpath:" ;; + esac + fi + if test "$linkmode" = prog; then + test -n "$add_dir" && compile_deplibs="$add_dir $compile_deplibs" + test -n "$add" && compile_deplibs="$add $compile_deplibs" + else + test -n "$add_dir" && deplibs="$add_dir $deplibs" + test -n "$add" && deplibs="$add $deplibs" + if test "$hardcode_direct" != yes && + test "$hardcode_minus_L" != yes && + test "$hardcode_shlibpath_var" = yes; then + case :$finalize_shlibpath: in + *":$libdir:"*) ;; + *) func_append finalize_shlibpath "$libdir:" ;; + esac + fi + fi + fi + + if test "$linkmode" = prog || test "$opt_mode" = relink; then + add_shlibpath= + add_dir= + add= + # Finalize command for both is simple: just hardcode it. + if test "$hardcode_direct" = yes && + test "$hardcode_direct_absolute" = no; then + add="$libdir/$linklib" + elif test "$hardcode_minus_L" = yes; then + add_dir="-L$libdir" + add="-l$name" + elif test "$hardcode_shlibpath_var" = yes; then + case :$finalize_shlibpath: in + *":$libdir:"*) ;; + *) func_append finalize_shlibpath "$libdir:" ;; + esac + add="-l$name" + elif test "$hardcode_automatic" = yes; then + if test -n "$inst_prefix_dir" && + test -f "$inst_prefix_dir$libdir/$linklib" ; then + add="$inst_prefix_dir$libdir/$linklib" + else + add="$libdir/$linklib" + fi + else + # We cannot seem to hardcode it, guess we'll fake it. + add_dir="-L$libdir" + # Try looking first in the location we're being installed to. + if test -n "$inst_prefix_dir"; then + case $libdir in + [\\/]*) + func_append add_dir " -L$inst_prefix_dir$libdir" + ;; + esac + fi + add="-l$name" + fi + + if test "$linkmode" = prog; then + test -n "$add_dir" && finalize_deplibs="$add_dir $finalize_deplibs" + test -n "$add" && finalize_deplibs="$add $finalize_deplibs" + else + test -n "$add_dir" && deplibs="$add_dir $deplibs" + test -n "$add" && deplibs="$add $deplibs" + fi + fi + elif test "$linkmode" = prog; then + # Here we assume that one of hardcode_direct or hardcode_minus_L + # is not unsupported. This is valid on all known static and + # shared platforms. + if test "$hardcode_direct" != unsupported; then + test -n "$old_library" && linklib="$old_library" + compile_deplibs="$dir/$linklib $compile_deplibs" + finalize_deplibs="$dir/$linklib $finalize_deplibs" + else + compile_deplibs="-l$name -L$dir $compile_deplibs" + finalize_deplibs="-l$name -L$dir $finalize_deplibs" + fi + elif test "$build_libtool_libs" = yes; then + # Not a shared library + if test "$deplibs_check_method" != pass_all; then + # We're trying link a shared library against a static one + # but the system doesn't support it. + + # Just print a warning and add the library to dependency_libs so + # that the program can be linked against the static library. + echo + $ECHO "*** Warning: This system can not link to static lib archive $lib." + echo "*** I have the capability to make that library automatically link in when" + echo "*** you link to this library. But I can only do this if you have a" + echo "*** shared version of the library, which you do not appear to have." + if test "$module" = yes; then + echo "*** But as you try to build a module library, libtool will still create " + echo "*** a static module, that should work as long as the dlopening application" + echo "*** is linked with the -dlopen flag to resolve symbols at runtime." + if test -z "$global_symbol_pipe"; then + echo + echo "*** However, this would only work if libtool was able to extract symbol" + echo "*** lists from a program, using \`nm' or equivalent, but libtool could" + echo "*** not find such a program. So, this module is probably useless." + echo "*** \`nm' from GNU binutils and a full rebuild may help." + fi + if test "$build_old_libs" = no; then + build_libtool_libs=module + build_old_libs=yes + else + build_libtool_libs=no + fi + fi + else + deplibs="$dir/$old_library $deplibs" + link_static=yes + fi + fi # link shared/static library? + + if test "$linkmode" = lib; then + if test -n "$dependency_libs" && + { test "$hardcode_into_libs" != yes || + test "$build_old_libs" = yes || + test "$link_static" = yes; }; then + # Extract -R from dependency_libs + temp_deplibs= + for libdir in $dependency_libs; do + case $libdir in + -R*) func_stripname '-R' '' "$libdir" + temp_xrpath=$func_stripname_result + case " $xrpath " in + *" $temp_xrpath "*) ;; + *) func_append xrpath " $temp_xrpath";; + esac;; + *) func_append temp_deplibs " $libdir";; + esac + done + dependency_libs="$temp_deplibs" + fi + + func_append newlib_search_path " $absdir" + # Link against this library + test "$link_static" = no && newdependency_libs="$abs_ladir/$laname $newdependency_libs" + # ... and its dependency_libs + tmp_libs= + for deplib in $dependency_libs; do + newdependency_libs="$deplib $newdependency_libs" + case $deplib in + -L*) func_stripname '-L' '' "$deplib" + func_resolve_sysroot "$func_stripname_result";; + *) func_resolve_sysroot "$deplib" ;; + esac + if $opt_preserve_dup_deps ; then + case "$tmp_libs " in + *" $func_resolve_sysroot_result "*) + func_append specialdeplibs " $func_resolve_sysroot_result" ;; + esac + fi + func_append tmp_libs " $func_resolve_sysroot_result" + done + + if test "$link_all_deplibs" != no; then + # Add the search paths of all dependency libraries + for deplib in $dependency_libs; do + path= + case $deplib in + -L*) path="$deplib" ;; + *.la) + func_resolve_sysroot "$deplib" + deplib=$func_resolve_sysroot_result + func_dirname "$deplib" "" "." + dir=$func_dirname_result + # We need an absolute path. + case $dir in + [\\/]* | [A-Za-z]:[\\/]*) absdir="$dir" ;; + *) + absdir=`cd "$dir" && pwd` + if test -z "$absdir"; then + func_warning "cannot determine absolute directory name of \`$dir'" + absdir="$dir" + fi + ;; + esac + if $GREP "^installed=no" $deplib > /dev/null; then + case $host in + *-*-darwin*) + depdepl= + eval deplibrary_names=`${SED} -n -e 's/^library_names=\(.*\)$/\1/p' $deplib` + if test -n "$deplibrary_names" ; then + for tmp in $deplibrary_names ; do + depdepl=$tmp + done + if test -f "$absdir/$objdir/$depdepl" ; then + depdepl="$absdir/$objdir/$depdepl" + darwin_install_name=`${OTOOL} -L $depdepl | awk '{if (NR == 2) {print $1;exit}}'` + if test -z "$darwin_install_name"; then + darwin_install_name=`${OTOOL64} -L $depdepl | awk '{if (NR == 2) {print $1;exit}}'` + fi + func_append compiler_flags " ${wl}-dylib_file ${wl}${darwin_install_name}:${depdepl}" + func_append linker_flags " -dylib_file ${darwin_install_name}:${depdepl}" + path= + fi + fi + ;; + *) + path="-L$absdir/$objdir" + ;; + esac + else + eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $deplib` + test -z "$libdir" && \ + func_fatal_error "\`$deplib' is not a valid libtool archive" + test "$absdir" != "$libdir" && \ + func_warning "\`$deplib' seems to be moved" + + path="-L$absdir" + fi + ;; + esac + case " $deplibs " in + *" $path "*) ;; + *) deplibs="$path $deplibs" ;; + esac + done + fi # link_all_deplibs != no + fi # linkmode = lib + done # for deplib in $libs + if test "$pass" = link; then + if test "$linkmode" = "prog"; then + compile_deplibs="$new_inherited_linker_flags $compile_deplibs" + finalize_deplibs="$new_inherited_linker_flags $finalize_deplibs" + else + compiler_flags="$compiler_flags "`$ECHO " $new_inherited_linker_flags" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'` + fi + fi + dependency_libs="$newdependency_libs" + if test "$pass" = dlpreopen; then + # Link the dlpreopened libraries before other libraries + for deplib in $save_deplibs; do + deplibs="$deplib $deplibs" + done + fi + if test "$pass" != dlopen; then + if test "$pass" != conv; then + # Make sure lib_search_path contains only unique directories. + lib_search_path= + for dir in $newlib_search_path; do + case "$lib_search_path " in + *" $dir "*) ;; + *) func_append lib_search_path " $dir" ;; + esac + done + newlib_search_path= + fi + + if test "$linkmode,$pass" != "prog,link"; then + vars="deplibs" + else + vars="compile_deplibs finalize_deplibs" + fi + for var in $vars dependency_libs; do + # Add libraries to $var in reverse order + eval tmp_libs=\"\$$var\" + new_libs= + for deplib in $tmp_libs; do + # FIXME: Pedantically, this is the right thing to do, so + # that some nasty dependency loop isn't accidentally + # broken: + #new_libs="$deplib $new_libs" + # Pragmatically, this seems to cause very few problems in + # practice: + case $deplib in + -L*) new_libs="$deplib $new_libs" ;; + -R*) ;; + *) + # And here is the reason: when a library appears more + # than once as an explicit dependence of a library, or + # is implicitly linked in more than once by the + # compiler, it is considered special, and multiple + # occurrences thereof are not removed. Compare this + # with having the same library being listed as a + # dependency of multiple other libraries: in this case, + # we know (pedantically, we assume) the library does not + # need to be listed more than once, so we keep only the + # last copy. This is not always right, but it is rare + # enough that we require users that really mean to play + # such unportable linking tricks to link the library + # using -Wl,-lname, so that libtool does not consider it + # for duplicate removal. + case " $specialdeplibs " in + *" $deplib "*) new_libs="$deplib $new_libs" ;; + *) + case " $new_libs " in + *" $deplib "*) ;; + *) new_libs="$deplib $new_libs" ;; + esac + ;; + esac + ;; + esac + done + tmp_libs= + for deplib in $new_libs; do + case $deplib in + -L*) + case " $tmp_libs " in + *" $deplib "*) ;; + *) func_append tmp_libs " $deplib" ;; + esac + ;; + *) func_append tmp_libs " $deplib" ;; + esac + done + eval $var=\"$tmp_libs\" + done # for var + fi + # Last step: remove runtime libs from dependency_libs + # (they stay in deplibs) + tmp_libs= + for i in $dependency_libs ; do + case " $predeps $postdeps $compiler_lib_search_path " in + *" $i "*) + i="" + ;; + esac + if test -n "$i" ; then + func_append tmp_libs " $i" + fi + done + dependency_libs=$tmp_libs + done # for pass + if test "$linkmode" = prog; then + dlfiles="$newdlfiles" + fi + if test "$linkmode" = prog || test "$linkmode" = lib; then + dlprefiles="$newdlprefiles" + fi + + case $linkmode in + oldlib) + if test -n "$dlfiles$dlprefiles" || test "$dlself" != no; then + func_warning "\`-dlopen' is ignored for archives" + fi + + case " $deplibs" in + *\ -l* | *\ -L*) + func_warning "\`-l' and \`-L' are ignored for archives" ;; + esac + + test -n "$rpath" && \ + func_warning "\`-rpath' is ignored for archives" + + test -n "$xrpath" && \ + func_warning "\`-R' is ignored for archives" + + test -n "$vinfo" && \ + func_warning "\`-version-info/-version-number' is ignored for archives" + + test -n "$release" && \ + func_warning "\`-release' is ignored for archives" + + test -n "$export_symbols$export_symbols_regex" && \ + func_warning "\`-export-symbols' is ignored for archives" + + # Now set the variables for building old libraries. + build_libtool_libs=no + oldlibs="$output" + func_append objs "$old_deplibs" + ;; + + lib) + # Make sure we only generate libraries of the form `libNAME.la'. + case $outputname in + lib*) + func_stripname 'lib' '.la' "$outputname" + name=$func_stripname_result + eval shared_ext=\"$shrext_cmds\" + eval libname=\"$libname_spec\" + ;; + *) + test "$module" = no && \ + func_fatal_help "libtool library \`$output' must begin with \`lib'" + + if test "$need_lib_prefix" != no; then + # Add the "lib" prefix for modules if required + func_stripname '' '.la' "$outputname" + name=$func_stripname_result + eval shared_ext=\"$shrext_cmds\" + eval libname=\"$libname_spec\" + else + func_stripname '' '.la' "$outputname" + libname=$func_stripname_result + fi + ;; + esac + + if test -n "$objs"; then + if test "$deplibs_check_method" != pass_all; then + func_fatal_error "cannot build libtool library \`$output' from non-libtool objects on this host:$objs" + else + echo + $ECHO "*** Warning: Linking the shared library $output against the non-libtool" + $ECHO "*** objects $objs is not portable!" + func_append libobjs " $objs" + fi + fi + + test "$dlself" != no && \ + func_warning "\`-dlopen self' is ignored for libtool libraries" + + set dummy $rpath + shift + test "$#" -gt 1 && \ + func_warning "ignoring multiple \`-rpath's for a libtool library" + + install_libdir="$1" + + oldlibs= + if test -z "$rpath"; then + if test "$build_libtool_libs" = yes; then + # Building a libtool convenience library. + # Some compilers have problems with a `.al' extension so + # convenience libraries should have the same extension an + # archive normally would. + oldlibs="$output_objdir/$libname.$libext $oldlibs" + build_libtool_libs=convenience + build_old_libs=yes + fi + + test -n "$vinfo" && \ + func_warning "\`-version-info/-version-number' is ignored for convenience libraries" + + test -n "$release" && \ + func_warning "\`-release' is ignored for convenience libraries" + else + + # Parse the version information argument. + save_ifs="$IFS"; IFS=':' + set dummy $vinfo 0 0 0 + shift + IFS="$save_ifs" + + test -n "$7" && \ + func_fatal_help "too many parameters to \`-version-info'" + + # convert absolute version numbers to libtool ages + # this retains compatibility with .la files and attempts + # to make the code below a bit more comprehensible + + case $vinfo_number in + yes) + number_major="$1" + number_minor="$2" + number_revision="$3" + # + # There are really only two kinds -- those that + # use the current revision as the major version + # and those that subtract age and use age as + # a minor version. But, then there is irix + # which has an extra 1 added just for fun + # + case $version_type in + # correct linux to gnu/linux during the next big refactor + darwin|linux|osf|windows|none) + func_arith $number_major + $number_minor + current=$func_arith_result + age="$number_minor" + revision="$number_revision" + ;; + freebsd-aout|freebsd-elf|qnx|sunos) + current="$number_major" + revision="$number_minor" + age="0" + ;; + irix|nonstopux) + func_arith $number_major + $number_minor + current=$func_arith_result + age="$number_minor" + revision="$number_minor" + lt_irix_increment=no + ;; + esac + ;; + no) + current="$1" + revision="$2" + age="$3" + ;; + esac + + # Check that each of the things are valid numbers. + case $current in + 0|[1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-9][0-9][0-9][0-9][0-9]) ;; + *) + func_error "CURRENT \`$current' must be a nonnegative integer" + func_fatal_error "\`$vinfo' is not valid version information" + ;; + esac + + case $revision in + 0|[1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-9][0-9][0-9][0-9][0-9]) ;; + *) + func_error "REVISION \`$revision' must be a nonnegative integer" + func_fatal_error "\`$vinfo' is not valid version information" + ;; + esac + + case $age in + 0|[1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-9][0-9][0-9][0-9][0-9]) ;; + *) + func_error "AGE \`$age' must be a nonnegative integer" + func_fatal_error "\`$vinfo' is not valid version information" + ;; + esac + + if test "$age" -gt "$current"; then + func_error "AGE \`$age' is greater than the current interface number \`$current'" + func_fatal_error "\`$vinfo' is not valid version information" + fi + + # Calculate the version variables. + major= + versuffix= + verstring= + case $version_type in + none) ;; + + darwin) + # Like Linux, but with the current version available in + # verstring for coding it into the library header + func_arith $current - $age + major=.$func_arith_result + versuffix="$major.$age.$revision" + # Darwin ld doesn't like 0 for these options... + func_arith $current + 1 + minor_current=$func_arith_result + xlcverstring="${wl}-compatibility_version ${wl}$minor_current ${wl}-current_version ${wl}$minor_current.$revision" + verstring="-compatibility_version $minor_current -current_version $minor_current.$revision" + ;; + + freebsd-aout) + major=".$current" + versuffix=".$current.$revision"; + ;; + + freebsd-elf) + major=".$current" + versuffix=".$current" + ;; + + irix | nonstopux) + if test "X$lt_irix_increment" = "Xno"; then + func_arith $current - $age + else + func_arith $current - $age + 1 + fi + major=$func_arith_result + + case $version_type in + nonstopux) verstring_prefix=nonstopux ;; + *) verstring_prefix=sgi ;; + esac + verstring="$verstring_prefix$major.$revision" + + # Add in all the interfaces that we are compatible with. + loop=$revision + while test "$loop" -ne 0; do + func_arith $revision - $loop + iface=$func_arith_result + func_arith $loop - 1 + loop=$func_arith_result + verstring="$verstring_prefix$major.$iface:$verstring" + done + + # Before this point, $major must not contain `.'. + major=.$major + versuffix="$major.$revision" + ;; + + linux) # correct to gnu/linux during the next big refactor + func_arith $current - $age + major=.$func_arith_result + versuffix="$major.$age.$revision" + ;; + + osf) + func_arith $current - $age + major=.$func_arith_result + versuffix=".$current.$age.$revision" + verstring="$current.$age.$revision" + + # Add in all the interfaces that we are compatible with. + loop=$age + while test "$loop" -ne 0; do + func_arith $current - $loop + iface=$func_arith_result + func_arith $loop - 1 + loop=$func_arith_result + verstring="$verstring:${iface}.0" + done + + # Make executables depend on our current version. + func_append verstring ":${current}.0" + ;; + + qnx) + major=".$current" + versuffix=".$current" + ;; + + sunos) + major=".$current" + versuffix=".$current.$revision" + ;; + + windows) + # Use '-' rather than '.', since we only want one + # extension on DOS 8.3 filesystems. + func_arith $current - $age + major=$func_arith_result + versuffix="-$major" + ;; + + *) + func_fatal_configuration "unknown library version type \`$version_type'" + ;; + esac + + # Clear the version info if we defaulted, and they specified a release. + if test -z "$vinfo" && test -n "$release"; then + major= + case $version_type in + darwin) + # we can't check for "0.0" in archive_cmds due to quoting + # problems, so we reset it completely + verstring= + ;; + *) + verstring="0.0" + ;; + esac + if test "$need_version" = no; then + versuffix= + else + versuffix=".0.0" + fi + fi + + # Remove version info from name if versioning should be avoided + if test "$avoid_version" = yes && test "$need_version" = no; then + major= + versuffix= + verstring="" + fi + + # Check to see if the archive will have undefined symbols. + if test "$allow_undefined" = yes; then + if test "$allow_undefined_flag" = unsupported; then + func_warning "undefined symbols not allowed in $host shared libraries" + build_libtool_libs=no + build_old_libs=yes + fi + else + # Don't allow undefined symbols. + allow_undefined_flag="$no_undefined_flag" + fi + + fi + + func_generate_dlsyms "$libname" "$libname" "yes" + func_append libobjs " $symfileobj" + test "X$libobjs" = "X " && libobjs= + + if test "$opt_mode" != relink; then + # Remove our outputs, but don't remove object files since they + # may have been created when compiling PIC objects. + removelist= + tempremovelist=`$ECHO "$output_objdir/*"` + for p in $tempremovelist; do + case $p in + *.$objext | *.gcno) + ;; + $output_objdir/$outputname | $output_objdir/$libname.* | $output_objdir/${libname}${release}.*) + if test "X$precious_files_regex" != "X"; then + if $ECHO "$p" | $EGREP -e "$precious_files_regex" >/dev/null 2>&1 + then + continue + fi + fi + func_append removelist " $p" + ;; + *) ;; + esac + done + test -n "$removelist" && \ + func_show_eval "${RM}r \$removelist" + fi + + # Now set the variables for building old libraries. + if test "$build_old_libs" = yes && test "$build_libtool_libs" != convenience ; then + func_append oldlibs " $output_objdir/$libname.$libext" + + # Transform .lo files to .o files. + oldobjs="$objs "`$ECHO "$libobjs" | $SP2NL | $SED "/\.${libext}$/d; $lo2o" | $NL2SP` + fi + + # Eliminate all temporary directories. + #for path in $notinst_path; do + # lib_search_path=`$ECHO "$lib_search_path " | $SED "s% $path % %g"` + # deplibs=`$ECHO "$deplibs " | $SED "s% -L$path % %g"` + # dependency_libs=`$ECHO "$dependency_libs " | $SED "s% -L$path % %g"` + #done + + if test -n "$xrpath"; then + # If the user specified any rpath flags, then add them. + temp_xrpath= + for libdir in $xrpath; do + func_replace_sysroot "$libdir" + func_append temp_xrpath " -R$func_replace_sysroot_result" + case "$finalize_rpath " in + *" $libdir "*) ;; + *) func_append finalize_rpath " $libdir" ;; + esac + done + if test "$hardcode_into_libs" != yes || test "$build_old_libs" = yes; then + dependency_libs="$temp_xrpath $dependency_libs" + fi + fi + + # Make sure dlfiles contains only unique files that won't be dlpreopened + old_dlfiles="$dlfiles" + dlfiles= + for lib in $old_dlfiles; do + case " $dlprefiles $dlfiles " in + *" $lib "*) ;; + *) func_append dlfiles " $lib" ;; + esac + done + + # Make sure dlprefiles contains only unique files + old_dlprefiles="$dlprefiles" + dlprefiles= + for lib in $old_dlprefiles; do + case "$dlprefiles " in + *" $lib "*) ;; + *) func_append dlprefiles " $lib" ;; + esac + done + + if test "$build_libtool_libs" = yes; then + if test -n "$rpath"; then + case $host in + *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-*-beos* | *-cegcc* | *-*-haiku*) + # these systems don't actually have a c library (as such)! + ;; + *-*-rhapsody* | *-*-darwin1.[012]) + # Rhapsody C library is in the System framework + func_append deplibs " System.ltframework" + ;; + *-*-netbsd*) + # Don't link with libc until the a.out ld.so is fixed. + ;; + *-*-openbsd* | *-*-freebsd* | *-*-dragonfly*) + # Do not include libc due to us having libc/libc_r. + ;; + *-*-sco3.2v5* | *-*-sco5v6*) + # Causes problems with __ctype + ;; + *-*-sysv4.2uw2* | *-*-sysv5* | *-*-unixware* | *-*-OpenUNIX*) + # Compiler inserts libc in the correct place for threads to work + ;; + *) + # Add libc to deplibs on all other systems if necessary. + if test "$build_libtool_need_lc" = "yes"; then + func_append deplibs " -lc" + fi + ;; + esac + fi + + # Transform deplibs into only deplibs that can be linked in shared. + name_save=$name + libname_save=$libname + release_save=$release + versuffix_save=$versuffix + major_save=$major + # I'm not sure if I'm treating the release correctly. I think + # release should show up in the -l (ie -lgmp5) so we don't want to + # add it in twice. Is that correct? + release="" + versuffix="" + major="" + newdeplibs= + droppeddeps=no + case $deplibs_check_method in + pass_all) + # Don't check for shared/static. Everything works. + # This might be a little naive. We might want to check + # whether the library exists or not. But this is on + # osf3 & osf4 and I'm not really sure... Just + # implementing what was already the behavior. + newdeplibs=$deplibs + ;; + test_compile) + # This code stresses the "libraries are programs" paradigm to its + # limits. Maybe even breaks it. We compile a program, linking it + # against the deplibs as a proxy for the library. Then we can check + # whether they linked in statically or dynamically with ldd. + $opt_dry_run || $RM conftest.c + cat > conftest.c </dev/null` + $nocaseglob + else + potential_libs=`ls $i/$libnameglob[.-]* 2>/dev/null` + fi + for potent_lib in $potential_libs; do + # Follow soft links. + if ls -lLd "$potent_lib" 2>/dev/null | + $GREP " -> " >/dev/null; then + continue + fi + # The statement above tries to avoid entering an + # endless loop below, in case of cyclic links. + # We might still enter an endless loop, since a link + # loop can be closed while we follow links, + # but so what? + potlib="$potent_lib" + while test -h "$potlib" 2>/dev/null; do + potliblink=`ls -ld $potlib | ${SED} 's/.* -> //'` + case $potliblink in + [\\/]* | [A-Za-z]:[\\/]*) potlib="$potliblink";; + *) potlib=`$ECHO "$potlib" | $SED 's,[^/]*$,,'`"$potliblink";; + esac + done + if eval $file_magic_cmd \"\$potlib\" 2>/dev/null | + $SED -e 10q | + $EGREP "$file_magic_regex" > /dev/null; then + func_append newdeplibs " $a_deplib" + a_deplib="" + break 2 + fi + done + done + fi + if test -n "$a_deplib" ; then + droppeddeps=yes + echo + $ECHO "*** Warning: linker path does not have real file for library $a_deplib." + echo "*** I have the capability to make that library automatically link in when" + echo "*** you link to this library. But I can only do this if you have a" + echo "*** shared version of the library, which you do not appear to have" + echo "*** because I did check the linker path looking for a file starting" + if test -z "$potlib" ; then + $ECHO "*** with $libname but no candidates were found. (...for file magic test)" + else + $ECHO "*** with $libname and none of the candidates passed a file format test" + $ECHO "*** using a file magic. Last file checked: $potlib" + fi + fi + ;; + *) + # Add a -L argument. + func_append newdeplibs " $a_deplib" + ;; + esac + done # Gone through all deplibs. + ;; + match_pattern*) + set dummy $deplibs_check_method; shift + match_pattern_regex=`expr "$deplibs_check_method" : "$1 \(.*\)"` + for a_deplib in $deplibs; do + case $a_deplib in + -l*) + func_stripname -l '' "$a_deplib" + name=$func_stripname_result + if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then + case " $predeps $postdeps " in + *" $a_deplib "*) + func_append newdeplibs " $a_deplib" + a_deplib="" + ;; + esac + fi + if test -n "$a_deplib" ; then + libname=`eval "\\$ECHO \"$libname_spec\""` + for i in $lib_search_path $sys_lib_search_path $shlib_search_path; do + potential_libs=`ls $i/$libname[.-]* 2>/dev/null` + for potent_lib in $potential_libs; do + potlib="$potent_lib" # see symlink-check above in file_magic test + if eval "\$ECHO \"$potent_lib\"" 2>/dev/null | $SED 10q | \ + $EGREP "$match_pattern_regex" > /dev/null; then + func_append newdeplibs " $a_deplib" + a_deplib="" + break 2 + fi + done + done + fi + if test -n "$a_deplib" ; then + droppeddeps=yes + echo + $ECHO "*** Warning: linker path does not have real file for library $a_deplib." + echo "*** I have the capability to make that library automatically link in when" + echo "*** you link to this library. But I can only do this if you have a" + echo "*** shared version of the library, which you do not appear to have" + echo "*** because I did check the linker path looking for a file starting" + if test -z "$potlib" ; then + $ECHO "*** with $libname but no candidates were found. (...for regex pattern test)" + else + $ECHO "*** with $libname and none of the candidates passed a file format test" + $ECHO "*** using a regex pattern. Last file checked: $potlib" + fi + fi + ;; + *) + # Add a -L argument. + func_append newdeplibs " $a_deplib" + ;; + esac + done # Gone through all deplibs. + ;; + none | unknown | *) + newdeplibs="" + tmp_deplibs=`$ECHO " $deplibs" | $SED 's/ -lc$//; s/ -[LR][^ ]*//g'` + if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then + for i in $predeps $postdeps ; do + # can't use Xsed below, because $i might contain '/' + tmp_deplibs=`$ECHO " $tmp_deplibs" | $SED "s,$i,,"` + done + fi + case $tmp_deplibs in + *[!\ \ ]*) + echo + if test "X$deplibs_check_method" = "Xnone"; then + echo "*** Warning: inter-library dependencies are not supported in this platform." + else + echo "*** Warning: inter-library dependencies are not known to be supported." + fi + echo "*** All declared inter-library dependencies are being dropped." + droppeddeps=yes + ;; + esac + ;; + esac + versuffix=$versuffix_save + major=$major_save + release=$release_save + libname=$libname_save + name=$name_save + + case $host in + *-*-rhapsody* | *-*-darwin1.[012]) + # On Rhapsody replace the C library with the System framework + newdeplibs=`$ECHO " $newdeplibs" | $SED 's/ -lc / System.ltframework /'` + ;; + esac + + if test "$droppeddeps" = yes; then + if test "$module" = yes; then + echo + echo "*** Warning: libtool could not satisfy all declared inter-library" + $ECHO "*** dependencies of module $libname. Therefore, libtool will create" + echo "*** a static module, that should work as long as the dlopening" + echo "*** application is linked with the -dlopen flag." + if test -z "$global_symbol_pipe"; then + echo + echo "*** However, this would only work if libtool was able to extract symbol" + echo "*** lists from a program, using \`nm' or equivalent, but libtool could" + echo "*** not find such a program. So, this module is probably useless." + echo "*** \`nm' from GNU binutils and a full rebuild may help." + fi + if test "$build_old_libs" = no; then + oldlibs="$output_objdir/$libname.$libext" + build_libtool_libs=module + build_old_libs=yes + else + build_libtool_libs=no + fi + else + echo "*** The inter-library dependencies that have been dropped here will be" + echo "*** automatically added whenever a program is linked with this library" + echo "*** or is declared to -dlopen it." + + if test "$allow_undefined" = no; then + echo + echo "*** Since this library must not contain undefined symbols," + echo "*** because either the platform does not support them or" + echo "*** it was explicitly requested with -no-undefined," + echo "*** libtool will only create a static version of it." + if test "$build_old_libs" = no; then + oldlibs="$output_objdir/$libname.$libext" + build_libtool_libs=module + build_old_libs=yes + else + build_libtool_libs=no + fi + fi + fi + fi + # Done checking deplibs! + deplibs=$newdeplibs + fi + # Time to change all our "foo.ltframework" stuff back to "-framework foo" + case $host in + *-*-darwin*) + newdeplibs=`$ECHO " $newdeplibs" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'` + new_inherited_linker_flags=`$ECHO " $new_inherited_linker_flags" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'` + deplibs=`$ECHO " $deplibs" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'` + ;; + esac + + # move library search paths that coincide with paths to not yet + # installed libraries to the beginning of the library search list + new_libs= + for path in $notinst_path; do + case " $new_libs " in + *" -L$path/$objdir "*) ;; + *) + case " $deplibs " in + *" -L$path/$objdir "*) + func_append new_libs " -L$path/$objdir" ;; + esac + ;; + esac + done + for deplib in $deplibs; do + case $deplib in + -L*) + case " $new_libs " in + *" $deplib "*) ;; + *) func_append new_libs " $deplib" ;; + esac + ;; + *) func_append new_libs " $deplib" ;; + esac + done + deplibs="$new_libs" + + # All the library-specific variables (install_libdir is set above). + library_names= + old_library= + dlname= + + # Test again, we may have decided not to build it any more + if test "$build_libtool_libs" = yes; then + # Remove ${wl} instances when linking with ld. + # FIXME: should test the right _cmds variable. + case $archive_cmds in + *\$LD\ *) wl= ;; + esac + if test "$hardcode_into_libs" = yes; then + # Hardcode the library paths + hardcode_libdirs= + dep_rpath= + rpath="$finalize_rpath" + test "$opt_mode" != relink && rpath="$compile_rpath$rpath" + for libdir in $rpath; do + if test -n "$hardcode_libdir_flag_spec"; then + if test -n "$hardcode_libdir_separator"; then + func_replace_sysroot "$libdir" + libdir=$func_replace_sysroot_result + if test -z "$hardcode_libdirs"; then + hardcode_libdirs="$libdir" + else + # Just accumulate the unique libdirs. + case $hardcode_libdir_separator$hardcode_libdirs$hardcode_libdir_separator in + *"$hardcode_libdir_separator$libdir$hardcode_libdir_separator"*) + ;; + *) + func_append hardcode_libdirs "$hardcode_libdir_separator$libdir" + ;; + esac + fi + else + eval flag=\"$hardcode_libdir_flag_spec\" + func_append dep_rpath " $flag" + fi + elif test -n "$runpath_var"; then + case "$perm_rpath " in + *" $libdir "*) ;; + *) func_append perm_rpath " $libdir" ;; + esac + fi + done + # Substitute the hardcoded libdirs into the rpath. + if test -n "$hardcode_libdir_separator" && + test -n "$hardcode_libdirs"; then + libdir="$hardcode_libdirs" + eval "dep_rpath=\"$hardcode_libdir_flag_spec\"" + fi + if test -n "$runpath_var" && test -n "$perm_rpath"; then + # We should set the runpath_var. + rpath= + for dir in $perm_rpath; do + func_append rpath "$dir:" + done + eval "$runpath_var='$rpath\$$runpath_var'; export $runpath_var" + fi + test -n "$dep_rpath" && deplibs="$dep_rpath $deplibs" + fi + + shlibpath="$finalize_shlibpath" + test "$opt_mode" != relink && shlibpath="$compile_shlibpath$shlibpath" + if test -n "$shlibpath"; then + eval "$shlibpath_var='$shlibpath\$$shlibpath_var'; export $shlibpath_var" + fi + + # Get the real and link names of the library. + eval shared_ext=\"$shrext_cmds\" + eval library_names=\"$library_names_spec\" + set dummy $library_names + shift + realname="$1" + shift + + if test -n "$soname_spec"; then + eval soname=\"$soname_spec\" + else + soname="$realname" + fi + if test -z "$dlname"; then + dlname=$soname + fi + + lib="$output_objdir/$realname" + linknames= + for link + do + func_append linknames " $link" + done + + # Use standard objects if they are pic + test -z "$pic_flag" && libobjs=`$ECHO "$libobjs" | $SP2NL | $SED "$lo2o" | $NL2SP` + test "X$libobjs" = "X " && libobjs= + + delfiles= + if test -n "$export_symbols" && test -n "$include_expsyms"; then + $opt_dry_run || cp "$export_symbols" "$output_objdir/$libname.uexp" + export_symbols="$output_objdir/$libname.uexp" + func_append delfiles " $export_symbols" + fi + + orig_export_symbols= + case $host_os in + cygwin* | mingw* | cegcc*) + if test -n "$export_symbols" && test -z "$export_symbols_regex"; then + # exporting using user supplied symfile + if test "x`$SED 1q $export_symbols`" != xEXPORTS; then + # and it's NOT already a .def file. Must figure out + # which of the given symbols are data symbols and tag + # them as such. So, trigger use of export_symbols_cmds. + # export_symbols gets reassigned inside the "prepare + # the list of exported symbols" if statement, so the + # include_expsyms logic still works. + orig_export_symbols="$export_symbols" + export_symbols= + always_export_symbols=yes + fi + fi + ;; + esac + + # Prepare the list of exported symbols + if test -z "$export_symbols"; then + if test "$always_export_symbols" = yes || test -n "$export_symbols_regex"; then + func_verbose "generating symbol list for \`$libname.la'" + export_symbols="$output_objdir/$libname.exp" + $opt_dry_run || $RM $export_symbols + cmds=$export_symbols_cmds + save_ifs="$IFS"; IFS='~' + for cmd1 in $cmds; do + IFS="$save_ifs" + # Take the normal branch if the nm_file_list_spec branch + # doesn't work or if tool conversion is not needed. + case $nm_file_list_spec~$to_tool_file_cmd in + *~func_convert_file_noop | *~func_convert_file_msys_to_w32 | ~*) + try_normal_branch=yes + eval cmd=\"$cmd1\" + func_len " $cmd" + len=$func_len_result + ;; + *) + try_normal_branch=no + ;; + esac + if test "$try_normal_branch" = yes \ + && { test "$len" -lt "$max_cmd_len" \ + || test "$max_cmd_len" -le -1; } + then + func_show_eval "$cmd" 'exit $?' + skipped_export=false + elif test -n "$nm_file_list_spec"; then + func_basename "$output" + output_la=$func_basename_result + save_libobjs=$libobjs + save_output=$output + output=${output_objdir}/${output_la}.nm + func_to_tool_file "$output" + libobjs=$nm_file_list_spec$func_to_tool_file_result + func_append delfiles " $output" + func_verbose "creating $NM input file list: $output" + for obj in $save_libobjs; do + func_to_tool_file "$obj" + $ECHO "$func_to_tool_file_result" + done > "$output" + eval cmd=\"$cmd1\" + func_show_eval "$cmd" 'exit $?' + output=$save_output + libobjs=$save_libobjs + skipped_export=false + else + # The command line is too long to execute in one step. + func_verbose "using reloadable object file for export list..." + skipped_export=: + # Break out early, otherwise skipped_export may be + # set to false by a later but shorter cmd. + break + fi + done + IFS="$save_ifs" + if test -n "$export_symbols_regex" && test "X$skipped_export" != "X:"; then + func_show_eval '$EGREP -e "$export_symbols_regex" "$export_symbols" > "${export_symbols}T"' + func_show_eval '$MV "${export_symbols}T" "$export_symbols"' + fi + fi + fi + + if test -n "$export_symbols" && test -n "$include_expsyms"; then + tmp_export_symbols="$export_symbols" + test -n "$orig_export_symbols" && tmp_export_symbols="$orig_export_symbols" + $opt_dry_run || eval '$ECHO "$include_expsyms" | $SP2NL >> "$tmp_export_symbols"' + fi + + if test "X$skipped_export" != "X:" && test -n "$orig_export_symbols"; then + # The given exports_symbols file has to be filtered, so filter it. + func_verbose "filter symbol list for \`$libname.la' to tag DATA exports" + # FIXME: $output_objdir/$libname.filter potentially contains lots of + # 's' commands which not all seds can handle. GNU sed should be fine + # though. Also, the filter scales superlinearly with the number of + # global variables. join(1) would be nice here, but unfortunately + # isn't a blessed tool. + $opt_dry_run || $SED -e '/[ ,]DATA/!d;s,\(.*\)\([ \,].*\),s|^\1$|\1\2|,' < $export_symbols > $output_objdir/$libname.filter + func_append delfiles " $export_symbols $output_objdir/$libname.filter" + export_symbols=$output_objdir/$libname.def + $opt_dry_run || $SED -f $output_objdir/$libname.filter < $orig_export_symbols > $export_symbols + fi + + tmp_deplibs= + for test_deplib in $deplibs; do + case " $convenience " in + *" $test_deplib "*) ;; + *) + func_append tmp_deplibs " $test_deplib" + ;; + esac + done + deplibs="$tmp_deplibs" + + if test -n "$convenience"; then + if test -n "$whole_archive_flag_spec" && + test "$compiler_needs_object" = yes && + test -z "$libobjs"; then + # extract the archives, so we have objects to list. + # TODO: could optimize this to just extract one archive. + whole_archive_flag_spec= + fi + if test -n "$whole_archive_flag_spec"; then + save_libobjs=$libobjs + eval libobjs=\"\$libobjs $whole_archive_flag_spec\" + test "X$libobjs" = "X " && libobjs= + else + gentop="$output_objdir/${outputname}x" + func_append generated " $gentop" + + func_extract_archives $gentop $convenience + func_append libobjs " $func_extract_archives_result" + test "X$libobjs" = "X " && libobjs= + fi + fi + + if test "$thread_safe" = yes && test -n "$thread_safe_flag_spec"; then + eval flag=\"$thread_safe_flag_spec\" + func_append linker_flags " $flag" + fi + + # Make a backup of the uninstalled library when relinking + if test "$opt_mode" = relink; then + $opt_dry_run || eval '(cd $output_objdir && $RM ${realname}U && $MV $realname ${realname}U)' || exit $? + fi + + # Do each of the archive commands. + if test "$module" = yes && test -n "$module_cmds" ; then + if test -n "$export_symbols" && test -n "$module_expsym_cmds"; then + eval test_cmds=\"$module_expsym_cmds\" + cmds=$module_expsym_cmds + else + eval test_cmds=\"$module_cmds\" + cmds=$module_cmds + fi + else + if test -n "$export_symbols" && test -n "$archive_expsym_cmds"; then + eval test_cmds=\"$archive_expsym_cmds\" + cmds=$archive_expsym_cmds + else + eval test_cmds=\"$archive_cmds\" + cmds=$archive_cmds + fi + fi + + if test "X$skipped_export" != "X:" && + func_len " $test_cmds" && + len=$func_len_result && + test "$len" -lt "$max_cmd_len" || test "$max_cmd_len" -le -1; then + : + else + # The command line is too long to link in one step, link piecewise + # or, if using GNU ld and skipped_export is not :, use a linker + # script. + + # Save the value of $output and $libobjs because we want to + # use them later. If we have whole_archive_flag_spec, we + # want to use save_libobjs as it was before + # whole_archive_flag_spec was expanded, because we can't + # assume the linker understands whole_archive_flag_spec. + # This may have to be revisited, in case too many + # convenience libraries get linked in and end up exceeding + # the spec. + if test -z "$convenience" || test -z "$whole_archive_flag_spec"; then + save_libobjs=$libobjs + fi + save_output=$output + func_basename "$output" + output_la=$func_basename_result + + # Clear the reloadable object creation command queue and + # initialize k to one. + test_cmds= + concat_cmds= + objlist= + last_robj= + k=1 + + if test -n "$save_libobjs" && test "X$skipped_export" != "X:" && test "$with_gnu_ld" = yes; then + output=${output_objdir}/${output_la}.lnkscript + func_verbose "creating GNU ld script: $output" + echo 'INPUT (' > $output + for obj in $save_libobjs + do + func_to_tool_file "$obj" + $ECHO "$func_to_tool_file_result" >> $output + done + echo ')' >> $output + func_append delfiles " $output" + func_to_tool_file "$output" + output=$func_to_tool_file_result + elif test -n "$save_libobjs" && test "X$skipped_export" != "X:" && test "X$file_list_spec" != X; then + output=${output_objdir}/${output_la}.lnk + func_verbose "creating linker input file list: $output" + : > $output + set x $save_libobjs + shift + firstobj= + if test "$compiler_needs_object" = yes; then + firstobj="$1 " + shift + fi + for obj + do + func_to_tool_file "$obj" + $ECHO "$func_to_tool_file_result" >> $output + done + func_append delfiles " $output" + func_to_tool_file "$output" + output=$firstobj\"$file_list_spec$func_to_tool_file_result\" + else + if test -n "$save_libobjs"; then + func_verbose "creating reloadable object files..." + output=$output_objdir/$output_la-${k}.$objext + eval test_cmds=\"$reload_cmds\" + func_len " $test_cmds" + len0=$func_len_result + len=$len0 + + # Loop over the list of objects to be linked. + for obj in $save_libobjs + do + func_len " $obj" + func_arith $len + $func_len_result + len=$func_arith_result + if test "X$objlist" = X || + test "$len" -lt "$max_cmd_len"; then + func_append objlist " $obj" + else + # The command $test_cmds is almost too long, add a + # command to the queue. + if test "$k" -eq 1 ; then + # The first file doesn't have a previous command to add. + reload_objs=$objlist + eval concat_cmds=\"$reload_cmds\" + else + # All subsequent reloadable object files will link in + # the last one created. + reload_objs="$objlist $last_robj" + eval concat_cmds=\"\$concat_cmds~$reload_cmds~\$RM $last_robj\" + fi + last_robj=$output_objdir/$output_la-${k}.$objext + func_arith $k + 1 + k=$func_arith_result + output=$output_objdir/$output_la-${k}.$objext + objlist=" $obj" + func_len " $last_robj" + func_arith $len0 + $func_len_result + len=$func_arith_result + fi + done + # Handle the remaining objects by creating one last + # reloadable object file. All subsequent reloadable object + # files will link in the last one created. + test -z "$concat_cmds" || concat_cmds=$concat_cmds~ + reload_objs="$objlist $last_robj" + eval concat_cmds=\"\${concat_cmds}$reload_cmds\" + if test -n "$last_robj"; then + eval concat_cmds=\"\${concat_cmds}~\$RM $last_robj\" + fi + func_append delfiles " $output" + + else + output= + fi + + if ${skipped_export-false}; then + func_verbose "generating symbol list for \`$libname.la'" + export_symbols="$output_objdir/$libname.exp" + $opt_dry_run || $RM $export_symbols + libobjs=$output + # Append the command to create the export file. + test -z "$concat_cmds" || concat_cmds=$concat_cmds~ + eval concat_cmds=\"\$concat_cmds$export_symbols_cmds\" + if test -n "$last_robj"; then + eval concat_cmds=\"\$concat_cmds~\$RM $last_robj\" + fi + fi + + test -n "$save_libobjs" && + func_verbose "creating a temporary reloadable object file: $output" + + # Loop through the commands generated above and execute them. + save_ifs="$IFS"; IFS='~' + for cmd in $concat_cmds; do + IFS="$save_ifs" + $opt_silent || { + func_quote_for_expand "$cmd" + eval "func_echo $func_quote_for_expand_result" + } + $opt_dry_run || eval "$cmd" || { + lt_exit=$? + + # Restore the uninstalled library and exit + if test "$opt_mode" = relink; then + ( cd "$output_objdir" && \ + $RM "${realname}T" && \ + $MV "${realname}U" "$realname" ) + fi + + exit $lt_exit + } + done + IFS="$save_ifs" + + if test -n "$export_symbols_regex" && ${skipped_export-false}; then + func_show_eval '$EGREP -e "$export_symbols_regex" "$export_symbols" > "${export_symbols}T"' + func_show_eval '$MV "${export_symbols}T" "$export_symbols"' + fi + fi + + if ${skipped_export-false}; then + if test -n "$export_symbols" && test -n "$include_expsyms"; then + tmp_export_symbols="$export_symbols" + test -n "$orig_export_symbols" && tmp_export_symbols="$orig_export_symbols" + $opt_dry_run || eval '$ECHO "$include_expsyms" | $SP2NL >> "$tmp_export_symbols"' + fi + + if test -n "$orig_export_symbols"; then + # The given exports_symbols file has to be filtered, so filter it. + func_verbose "filter symbol list for \`$libname.la' to tag DATA exports" + # FIXME: $output_objdir/$libname.filter potentially contains lots of + # 's' commands which not all seds can handle. GNU sed should be fine + # though. Also, the filter scales superlinearly with the number of + # global variables. join(1) would be nice here, but unfortunately + # isn't a blessed tool. + $opt_dry_run || $SED -e '/[ ,]DATA/!d;s,\(.*\)\([ \,].*\),s|^\1$|\1\2|,' < $export_symbols > $output_objdir/$libname.filter + func_append delfiles " $export_symbols $output_objdir/$libname.filter" + export_symbols=$output_objdir/$libname.def + $opt_dry_run || $SED -f $output_objdir/$libname.filter < $orig_export_symbols > $export_symbols + fi + fi + + libobjs=$output + # Restore the value of output. + output=$save_output + + if test -n "$convenience" && test -n "$whole_archive_flag_spec"; then + eval libobjs=\"\$libobjs $whole_archive_flag_spec\" + test "X$libobjs" = "X " && libobjs= + fi + # Expand the library linking commands again to reset the + # value of $libobjs for piecewise linking. + + # Do each of the archive commands. + if test "$module" = yes && test -n "$module_cmds" ; then + if test -n "$export_symbols" && test -n "$module_expsym_cmds"; then + cmds=$module_expsym_cmds + else + cmds=$module_cmds + fi + else + if test -n "$export_symbols" && test -n "$archive_expsym_cmds"; then + cmds=$archive_expsym_cmds + else + cmds=$archive_cmds + fi + fi + fi + + if test -n "$delfiles"; then + # Append the command to remove temporary files to $cmds. + eval cmds=\"\$cmds~\$RM $delfiles\" + fi + + # Add any objects from preloaded convenience libraries + if test -n "$dlprefiles"; then + gentop="$output_objdir/${outputname}x" + func_append generated " $gentop" + + func_extract_archives $gentop $dlprefiles + func_append libobjs " $func_extract_archives_result" + test "X$libobjs" = "X " && libobjs= + fi + + save_ifs="$IFS"; IFS='~' + for cmd in $cmds; do + IFS="$save_ifs" + eval cmd=\"$cmd\" + $opt_silent || { + func_quote_for_expand "$cmd" + eval "func_echo $func_quote_for_expand_result" + } + $opt_dry_run || eval "$cmd" || { + lt_exit=$? + + # Restore the uninstalled library and exit + if test "$opt_mode" = relink; then + ( cd "$output_objdir" && \ + $RM "${realname}T" && \ + $MV "${realname}U" "$realname" ) + fi + + exit $lt_exit + } + done + IFS="$save_ifs" + + # Restore the uninstalled library and exit + if test "$opt_mode" = relink; then + $opt_dry_run || eval '(cd $output_objdir && $RM ${realname}T && $MV $realname ${realname}T && $MV ${realname}U $realname)' || exit $? + + if test -n "$convenience"; then + if test -z "$whole_archive_flag_spec"; then + func_show_eval '${RM}r "$gentop"' + fi + fi + + exit $EXIT_SUCCESS + fi + + # Create links to the real library. + for linkname in $linknames; do + if test "$realname" != "$linkname"; then + func_show_eval '(cd "$output_objdir" && $RM "$linkname" && $LN_S "$realname" "$linkname")' 'exit $?' + fi + done + + # If -module or -export-dynamic was specified, set the dlname. + if test "$module" = yes || test "$export_dynamic" = yes; then + # On all known operating systems, these are identical. + dlname="$soname" + fi + fi + ;; + + obj) + if test -n "$dlfiles$dlprefiles" || test "$dlself" != no; then + func_warning "\`-dlopen' is ignored for objects" + fi + + case " $deplibs" in + *\ -l* | *\ -L*) + func_warning "\`-l' and \`-L' are ignored for objects" ;; + esac + + test -n "$rpath" && \ + func_warning "\`-rpath' is ignored for objects" + + test -n "$xrpath" && \ + func_warning "\`-R' is ignored for objects" + + test -n "$vinfo" && \ + func_warning "\`-version-info' is ignored for objects" + + test -n "$release" && \ + func_warning "\`-release' is ignored for objects" + + case $output in + *.lo) + test -n "$objs$old_deplibs" && \ + func_fatal_error "cannot build library object \`$output' from non-libtool objects" + + libobj=$output + func_lo2o "$libobj" + obj=$func_lo2o_result + ;; + *) + libobj= + obj="$output" + ;; + esac + + # Delete the old objects. + $opt_dry_run || $RM $obj $libobj + + # Objects from convenience libraries. This assumes + # single-version convenience libraries. Whenever we create + # different ones for PIC/non-PIC, this we'll have to duplicate + # the extraction. + reload_conv_objs= + gentop= + # reload_cmds runs $LD directly, so let us get rid of + # -Wl from whole_archive_flag_spec and hope we can get by with + # turning comma into space.. + wl= + + if test -n "$convenience"; then + if test -n "$whole_archive_flag_spec"; then + eval tmp_whole_archive_flags=\"$whole_archive_flag_spec\" + reload_conv_objs=$reload_objs\ `$ECHO "$tmp_whole_archive_flags" | $SED 's|,| |g'` + else + gentop="$output_objdir/${obj}x" + func_append generated " $gentop" + + func_extract_archives $gentop $convenience + reload_conv_objs="$reload_objs $func_extract_archives_result" + fi + fi + + # If we're not building shared, we need to use non_pic_objs + test "$build_libtool_libs" != yes && libobjs="$non_pic_objects" + + # Create the old-style object. + reload_objs="$objs$old_deplibs "`$ECHO "$libobjs" | $SP2NL | $SED "/\.${libext}$/d; /\.lib$/d; $lo2o" | $NL2SP`" $reload_conv_objs" ### testsuite: skip nested quoting test + + output="$obj" + func_execute_cmds "$reload_cmds" 'exit $?' + + # Exit if we aren't doing a library object file. + if test -z "$libobj"; then + if test -n "$gentop"; then + func_show_eval '${RM}r "$gentop"' + fi + + exit $EXIT_SUCCESS + fi + + if test "$build_libtool_libs" != yes; then + if test -n "$gentop"; then + func_show_eval '${RM}r "$gentop"' + fi + + # Create an invalid libtool object if no PIC, so that we don't + # accidentally link it into a program. + # $show "echo timestamp > $libobj" + # $opt_dry_run || eval "echo timestamp > $libobj" || exit $? + exit $EXIT_SUCCESS + fi + + if test -n "$pic_flag" || test "$pic_mode" != default; then + # Only do commands if we really have different PIC objects. + reload_objs="$libobjs $reload_conv_objs" + output="$libobj" + func_execute_cmds "$reload_cmds" 'exit $?' + fi + + if test -n "$gentop"; then + func_show_eval '${RM}r "$gentop"' + fi + + exit $EXIT_SUCCESS + ;; + + prog) + case $host in + *cygwin*) func_stripname '' '.exe' "$output" + output=$func_stripname_result.exe;; + esac + test -n "$vinfo" && \ + func_warning "\`-version-info' is ignored for programs" + + test -n "$release" && \ + func_warning "\`-release' is ignored for programs" + + test "$preload" = yes \ + && test "$dlopen_support" = unknown \ + && test "$dlopen_self" = unknown \ + && test "$dlopen_self_static" = unknown && \ + func_warning "\`LT_INIT([dlopen])' not used. Assuming no dlopen support." + + case $host in + *-*-rhapsody* | *-*-darwin1.[012]) + # On Rhapsody replace the C library is the System framework + compile_deplibs=`$ECHO " $compile_deplibs" | $SED 's/ -lc / System.ltframework /'` + finalize_deplibs=`$ECHO " $finalize_deplibs" | $SED 's/ -lc / System.ltframework /'` + ;; + esac + + case $host in + *-*-darwin*) + # Don't allow lazy linking, it breaks C++ global constructors + # But is supposedly fixed on 10.4 or later (yay!). + if test "$tagname" = CXX ; then + case ${MACOSX_DEPLOYMENT_TARGET-10.0} in + 10.[0123]) + func_append compile_command " ${wl}-bind_at_load" + func_append finalize_command " ${wl}-bind_at_load" + ;; + esac + fi + # Time to change all our "foo.ltframework" stuff back to "-framework foo" + compile_deplibs=`$ECHO " $compile_deplibs" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'` + finalize_deplibs=`$ECHO " $finalize_deplibs" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'` + ;; + esac + + + # move library search paths that coincide with paths to not yet + # installed libraries to the beginning of the library search list + new_libs= + for path in $notinst_path; do + case " $new_libs " in + *" -L$path/$objdir "*) ;; + *) + case " $compile_deplibs " in + *" -L$path/$objdir "*) + func_append new_libs " -L$path/$objdir" ;; + esac + ;; + esac + done + for deplib in $compile_deplibs; do + case $deplib in + -L*) + case " $new_libs " in + *" $deplib "*) ;; + *) func_append new_libs " $deplib" ;; + esac + ;; + *) func_append new_libs " $deplib" ;; + esac + done + compile_deplibs="$new_libs" + + + func_append compile_command " $compile_deplibs" + func_append finalize_command " $finalize_deplibs" + + if test -n "$rpath$xrpath"; then + # If the user specified any rpath flags, then add them. + for libdir in $rpath $xrpath; do + # This is the magic to use -rpath. + case "$finalize_rpath " in + *" $libdir "*) ;; + *) func_append finalize_rpath " $libdir" ;; + esac + done + fi + + # Now hardcode the library paths + rpath= + hardcode_libdirs= + for libdir in $compile_rpath $finalize_rpath; do + if test -n "$hardcode_libdir_flag_spec"; then + if test -n "$hardcode_libdir_separator"; then + if test -z "$hardcode_libdirs"; then + hardcode_libdirs="$libdir" + else + # Just accumulate the unique libdirs. + case $hardcode_libdir_separator$hardcode_libdirs$hardcode_libdir_separator in + *"$hardcode_libdir_separator$libdir$hardcode_libdir_separator"*) + ;; + *) + func_append hardcode_libdirs "$hardcode_libdir_separator$libdir" + ;; + esac + fi + else + eval flag=\"$hardcode_libdir_flag_spec\" + func_append rpath " $flag" + fi + elif test -n "$runpath_var"; then + case "$perm_rpath " in + *" $libdir "*) ;; + *) func_append perm_rpath " $libdir" ;; + esac + fi + case $host in + *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-cegcc*) + testbindir=`${ECHO} "$libdir" | ${SED} -e 's*/lib$*/bin*'` + case :$dllsearchpath: in + *":$libdir:"*) ;; + ::) dllsearchpath=$libdir;; + *) func_append dllsearchpath ":$libdir";; + esac + case :$dllsearchpath: in + *":$testbindir:"*) ;; + ::) dllsearchpath=$testbindir;; + *) func_append dllsearchpath ":$testbindir";; + esac + ;; + esac + done + # Substitute the hardcoded libdirs into the rpath. + if test -n "$hardcode_libdir_separator" && + test -n "$hardcode_libdirs"; then + libdir="$hardcode_libdirs" + eval rpath=\" $hardcode_libdir_flag_spec\" + fi + compile_rpath="$rpath" + + rpath= + hardcode_libdirs= + for libdir in $finalize_rpath; do + if test -n "$hardcode_libdir_flag_spec"; then + if test -n "$hardcode_libdir_separator"; then + if test -z "$hardcode_libdirs"; then + hardcode_libdirs="$libdir" + else + # Just accumulate the unique libdirs. + case $hardcode_libdir_separator$hardcode_libdirs$hardcode_libdir_separator in + *"$hardcode_libdir_separator$libdir$hardcode_libdir_separator"*) + ;; + *) + func_append hardcode_libdirs "$hardcode_libdir_separator$libdir" + ;; + esac + fi + else + eval flag=\"$hardcode_libdir_flag_spec\" + func_append rpath " $flag" + fi + elif test -n "$runpath_var"; then + case "$finalize_perm_rpath " in + *" $libdir "*) ;; + *) func_append finalize_perm_rpath " $libdir" ;; + esac + fi + done + # Substitute the hardcoded libdirs into the rpath. + if test -n "$hardcode_libdir_separator" && + test -n "$hardcode_libdirs"; then + libdir="$hardcode_libdirs" + eval rpath=\" $hardcode_libdir_flag_spec\" + fi + finalize_rpath="$rpath" + + if test -n "$libobjs" && test "$build_old_libs" = yes; then + # Transform all the library objects into standard objects. + compile_command=`$ECHO "$compile_command" | $SP2NL | $SED "$lo2o" | $NL2SP` + finalize_command=`$ECHO "$finalize_command" | $SP2NL | $SED "$lo2o" | $NL2SP` + fi + + func_generate_dlsyms "$outputname" "@PROGRAM@" "no" + + # template prelinking step + if test -n "$prelink_cmds"; then + func_execute_cmds "$prelink_cmds" 'exit $?' + fi + + wrappers_required=yes + case $host in + *cegcc* | *mingw32ce*) + # Disable wrappers for cegcc and mingw32ce hosts, we are cross compiling anyway. + wrappers_required=no + ;; + *cygwin* | *mingw* ) + if test "$build_libtool_libs" != yes; then + wrappers_required=no + fi + ;; + *) + if test "$need_relink" = no || test "$build_libtool_libs" != yes; then + wrappers_required=no + fi + ;; + esac + if test "$wrappers_required" = no; then + # Replace the output file specification. + compile_command=`$ECHO "$compile_command" | $SED 's%@OUTPUT@%'"$output"'%g'` + link_command="$compile_command$compile_rpath" + + # We have no uninstalled library dependencies, so finalize right now. + exit_status=0 + func_show_eval "$link_command" 'exit_status=$?' + + if test -n "$postlink_cmds"; then + func_to_tool_file "$output" + postlink_cmds=`func_echo_all "$postlink_cmds" | $SED -e 's%@OUTPUT@%'"$output"'%g' -e 's%@TOOL_OUTPUT@%'"$func_to_tool_file_result"'%g'` + func_execute_cmds "$postlink_cmds" 'exit $?' + fi + + # Delete the generated files. + if test -f "$output_objdir/${outputname}S.${objext}"; then + func_show_eval '$RM "$output_objdir/${outputname}S.${objext}"' + fi + + exit $exit_status + fi + + if test -n "$compile_shlibpath$finalize_shlibpath"; then + compile_command="$shlibpath_var=\"$compile_shlibpath$finalize_shlibpath\$$shlibpath_var\" $compile_command" + fi + if test -n "$finalize_shlibpath"; then + finalize_command="$shlibpath_var=\"$finalize_shlibpath\$$shlibpath_var\" $finalize_command" + fi + + compile_var= + finalize_var= + if test -n "$runpath_var"; then + if test -n "$perm_rpath"; then + # We should set the runpath_var. + rpath= + for dir in $perm_rpath; do + func_append rpath "$dir:" + done + compile_var="$runpath_var=\"$rpath\$$runpath_var\" " + fi + if test -n "$finalize_perm_rpath"; then + # We should set the runpath_var. + rpath= + for dir in $finalize_perm_rpath; do + func_append rpath "$dir:" + done + finalize_var="$runpath_var=\"$rpath\$$runpath_var\" " + fi + fi + + if test "$no_install" = yes; then + # We don't need to create a wrapper script. + link_command="$compile_var$compile_command$compile_rpath" + # Replace the output file specification. + link_command=`$ECHO "$link_command" | $SED 's%@OUTPUT@%'"$output"'%g'` + # Delete the old output file. + $opt_dry_run || $RM $output + # Link the executable and exit + func_show_eval "$link_command" 'exit $?' + + if test -n "$postlink_cmds"; then + func_to_tool_file "$output" + postlink_cmds=`func_echo_all "$postlink_cmds" | $SED -e 's%@OUTPUT@%'"$output"'%g' -e 's%@TOOL_OUTPUT@%'"$func_to_tool_file_result"'%g'` + func_execute_cmds "$postlink_cmds" 'exit $?' + fi + + exit $EXIT_SUCCESS + fi + + if test "$hardcode_action" = relink; then + # Fast installation is not supported + link_command="$compile_var$compile_command$compile_rpath" + relink_command="$finalize_var$finalize_command$finalize_rpath" + + func_warning "this platform does not like uninstalled shared libraries" + func_warning "\`$output' will be relinked during installation" + else + if test "$fast_install" != no; then + link_command="$finalize_var$compile_command$finalize_rpath" + if test "$fast_install" = yes; then + relink_command=`$ECHO "$compile_var$compile_command$compile_rpath" | $SED 's%@OUTPUT@%\$progdir/\$file%g'` + else + # fast_install is set to needless + relink_command= + fi + else + link_command="$compile_var$compile_command$compile_rpath" + relink_command="$finalize_var$finalize_command$finalize_rpath" + fi + fi + + # Replace the output file specification. + link_command=`$ECHO "$link_command" | $SED 's%@OUTPUT@%'"$output_objdir/$outputname"'%g'` + + # Delete the old output files. + $opt_dry_run || $RM $output $output_objdir/$outputname $output_objdir/lt-$outputname + + func_show_eval "$link_command" 'exit $?' + + if test -n "$postlink_cmds"; then + func_to_tool_file "$output_objdir/$outputname" + postlink_cmds=`func_echo_all "$postlink_cmds" | $SED -e 's%@OUTPUT@%'"$output_objdir/$outputname"'%g' -e 's%@TOOL_OUTPUT@%'"$func_to_tool_file_result"'%g'` + func_execute_cmds "$postlink_cmds" 'exit $?' + fi + + # Now create the wrapper script. + func_verbose "creating $output" + + # Quote the relink command for shipping. + if test -n "$relink_command"; then + # Preserve any variables that may affect compiler behavior + for var in $variables_saved_for_relink; do + if eval test -z \"\${$var+set}\"; then + relink_command="{ test -z \"\${$var+set}\" || $lt_unset $var || { $var=; export $var; }; }; $relink_command" + elif eval var_value=\$$var; test -z "$var_value"; then + relink_command="$var=; export $var; $relink_command" + else + func_quote_for_eval "$var_value" + relink_command="$var=$func_quote_for_eval_result; export $var; $relink_command" + fi + done + relink_command="(cd `pwd`; $relink_command)" + relink_command=`$ECHO "$relink_command" | $SED "$sed_quote_subst"` + fi + + # Only actually do things if not in dry run mode. + $opt_dry_run || { + # win32 will think the script is a binary if it has + # a .exe suffix, so we strip it off here. + case $output in + *.exe) func_stripname '' '.exe' "$output" + output=$func_stripname_result ;; + esac + # test for cygwin because mv fails w/o .exe extensions + case $host in + *cygwin*) + exeext=.exe + func_stripname '' '.exe' "$outputname" + outputname=$func_stripname_result ;; + *) exeext= ;; + esac + case $host in + *cygwin* | *mingw* ) + func_dirname_and_basename "$output" "" "." + output_name=$func_basename_result + output_path=$func_dirname_result + cwrappersource="$output_path/$objdir/lt-$output_name.c" + cwrapper="$output_path/$output_name.exe" + $RM $cwrappersource $cwrapper + trap "$RM $cwrappersource $cwrapper; exit $EXIT_FAILURE" 1 2 15 + + func_emit_cwrapperexe_src > $cwrappersource + + # The wrapper executable is built using the $host compiler, + # because it contains $host paths and files. If cross- + # compiling, it, like the target executable, must be + # executed on the $host or under an emulation environment. + $opt_dry_run || { + $LTCC $LTCFLAGS -o $cwrapper $cwrappersource + $STRIP $cwrapper + } + + # Now, create the wrapper script for func_source use: + func_ltwrapper_scriptname $cwrapper + $RM $func_ltwrapper_scriptname_result + trap "$RM $func_ltwrapper_scriptname_result; exit $EXIT_FAILURE" 1 2 15 + $opt_dry_run || { + # note: this script will not be executed, so do not chmod. + if test "x$build" = "x$host" ; then + $cwrapper --lt-dump-script > $func_ltwrapper_scriptname_result + else + func_emit_wrapper no > $func_ltwrapper_scriptname_result + fi + } + ;; + * ) + $RM $output + trap "$RM $output; exit $EXIT_FAILURE" 1 2 15 + + func_emit_wrapper no > $output + chmod +x $output + ;; + esac + } + exit $EXIT_SUCCESS + ;; + esac + + # See if we need to build an old-fashioned archive. + for oldlib in $oldlibs; do + + if test "$build_libtool_libs" = convenience; then + oldobjs="$libobjs_save $symfileobj" + addlibs="$convenience" + build_libtool_libs=no + else + if test "$build_libtool_libs" = module; then + oldobjs="$libobjs_save" + build_libtool_libs=no + else + oldobjs="$old_deplibs $non_pic_objects" + if test "$preload" = yes && test -f "$symfileobj"; then + func_append oldobjs " $symfileobj" + fi + fi + addlibs="$old_convenience" + fi + + if test -n "$addlibs"; then + gentop="$output_objdir/${outputname}x" + func_append generated " $gentop" + + func_extract_archives $gentop $addlibs + func_append oldobjs " $func_extract_archives_result" + fi + + # Do each command in the archive commands. + if test -n "$old_archive_from_new_cmds" && test "$build_libtool_libs" = yes; then + cmds=$old_archive_from_new_cmds + else + + # Add any objects from preloaded convenience libraries + if test -n "$dlprefiles"; then + gentop="$output_objdir/${outputname}x" + func_append generated " $gentop" + + func_extract_archives $gentop $dlprefiles + func_append oldobjs " $func_extract_archives_result" + fi + + # POSIX demands no paths to be encoded in archives. We have + # to avoid creating archives with duplicate basenames if we + # might have to extract them afterwards, e.g., when creating a + # static archive out of a convenience library, or when linking + # the entirety of a libtool archive into another (currently + # not supported by libtool). + if (for obj in $oldobjs + do + func_basename "$obj" + $ECHO "$func_basename_result" + done | sort | sort -uc >/dev/null 2>&1); then + : + else + echo "copying selected object files to avoid basename conflicts..." + gentop="$output_objdir/${outputname}x" + func_append generated " $gentop" + func_mkdir_p "$gentop" + save_oldobjs=$oldobjs + oldobjs= + counter=1 + for obj in $save_oldobjs + do + func_basename "$obj" + objbase="$func_basename_result" + case " $oldobjs " in + " ") oldobjs=$obj ;; + *[\ /]"$objbase "*) + while :; do + # Make sure we don't pick an alternate name that also + # overlaps. + newobj=lt$counter-$objbase + func_arith $counter + 1 + counter=$func_arith_result + case " $oldobjs " in + *[\ /]"$newobj "*) ;; + *) if test ! -f "$gentop/$newobj"; then break; fi ;; + esac + done + func_show_eval "ln $obj $gentop/$newobj || cp $obj $gentop/$newobj" + func_append oldobjs " $gentop/$newobj" + ;; + *) func_append oldobjs " $obj" ;; + esac + done + fi + func_to_tool_file "$oldlib" func_convert_file_msys_to_w32 + tool_oldlib=$func_to_tool_file_result + eval cmds=\"$old_archive_cmds\" + + func_len " $cmds" + len=$func_len_result + if test "$len" -lt "$max_cmd_len" || test "$max_cmd_len" -le -1; then + cmds=$old_archive_cmds + elif test -n "$archiver_list_spec"; then + func_verbose "using command file archive linking..." + for obj in $oldobjs + do + func_to_tool_file "$obj" + $ECHO "$func_to_tool_file_result" + done > $output_objdir/$libname.libcmd + func_to_tool_file "$output_objdir/$libname.libcmd" + oldobjs=" $archiver_list_spec$func_to_tool_file_result" + cmds=$old_archive_cmds + else + # the command line is too long to link in one step, link in parts + func_verbose "using piecewise archive linking..." + save_RANLIB=$RANLIB + RANLIB=: + objlist= + concat_cmds= + save_oldobjs=$oldobjs + oldobjs= + # Is there a better way of finding the last object in the list? + for obj in $save_oldobjs + do + last_oldobj=$obj + done + eval test_cmds=\"$old_archive_cmds\" + func_len " $test_cmds" + len0=$func_len_result + len=$len0 + for obj in $save_oldobjs + do + func_len " $obj" + func_arith $len + $func_len_result + len=$func_arith_result + func_append objlist " $obj" + if test "$len" -lt "$max_cmd_len"; then + : + else + # the above command should be used before it gets too long + oldobjs=$objlist + if test "$obj" = "$last_oldobj" ; then + RANLIB=$save_RANLIB + fi + test -z "$concat_cmds" || concat_cmds=$concat_cmds~ + eval concat_cmds=\"\${concat_cmds}$old_archive_cmds\" + objlist= + len=$len0 + fi + done + RANLIB=$save_RANLIB + oldobjs=$objlist + if test "X$oldobjs" = "X" ; then + eval cmds=\"\$concat_cmds\" + else + eval cmds=\"\$concat_cmds~\$old_archive_cmds\" + fi + fi + fi + func_execute_cmds "$cmds" 'exit $?' + done + + test -n "$generated" && \ + func_show_eval "${RM}r$generated" + + # Now create the libtool archive. + case $output in + *.la) + old_library= + test "$build_old_libs" = yes && old_library="$libname.$libext" + func_verbose "creating $output" + + # Preserve any variables that may affect compiler behavior + for var in $variables_saved_for_relink; do + if eval test -z \"\${$var+set}\"; then + relink_command="{ test -z \"\${$var+set}\" || $lt_unset $var || { $var=; export $var; }; }; $relink_command" + elif eval var_value=\$$var; test -z "$var_value"; then + relink_command="$var=; export $var; $relink_command" + else + func_quote_for_eval "$var_value" + relink_command="$var=$func_quote_for_eval_result; export $var; $relink_command" + fi + done + # Quote the link command for shipping. + relink_command="(cd `pwd`; $SHELL $progpath $preserve_args --mode=relink $libtool_args @inst_prefix_dir@)" + relink_command=`$ECHO "$relink_command" | $SED "$sed_quote_subst"` + if test "$hardcode_automatic" = yes ; then + relink_command= + fi + + # Only create the output if not a dry run. + $opt_dry_run || { + for installed in no yes; do + if test "$installed" = yes; then + if test -z "$install_libdir"; then + break + fi + output="$output_objdir/$outputname"i + # Replace all uninstalled libtool libraries with the installed ones + newdependency_libs= + for deplib in $dependency_libs; do + case $deplib in + *.la) + func_basename "$deplib" + name="$func_basename_result" + func_resolve_sysroot "$deplib" + eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $func_resolve_sysroot_result` + test -z "$libdir" && \ + func_fatal_error "\`$deplib' is not a valid libtool archive" + func_append newdependency_libs " ${lt_sysroot:+=}$libdir/$name" + ;; + -L*) + func_stripname -L '' "$deplib" + func_replace_sysroot "$func_stripname_result" + func_append newdependency_libs " -L$func_replace_sysroot_result" + ;; + -R*) + func_stripname -R '' "$deplib" + func_replace_sysroot "$func_stripname_result" + func_append newdependency_libs " -R$func_replace_sysroot_result" + ;; + *) func_append newdependency_libs " $deplib" ;; + esac + done + dependency_libs="$newdependency_libs" + newdlfiles= + + for lib in $dlfiles; do + case $lib in + *.la) + func_basename "$lib" + name="$func_basename_result" + eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $lib` + test -z "$libdir" && \ + func_fatal_error "\`$lib' is not a valid libtool archive" + func_append newdlfiles " ${lt_sysroot:+=}$libdir/$name" + ;; + *) func_append newdlfiles " $lib" ;; + esac + done + dlfiles="$newdlfiles" + newdlprefiles= + for lib in $dlprefiles; do + case $lib in + *.la) + # Only pass preopened files to the pseudo-archive (for + # eventual linking with the app. that links it) if we + # didn't already link the preopened objects directly into + # the library: + func_basename "$lib" + name="$func_basename_result" + eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $lib` + test -z "$libdir" && \ + func_fatal_error "\`$lib' is not a valid libtool archive" + func_append newdlprefiles " ${lt_sysroot:+=}$libdir/$name" + ;; + esac + done + dlprefiles="$newdlprefiles" + else + newdlfiles= + for lib in $dlfiles; do + case $lib in + [\\/]* | [A-Za-z]:[\\/]*) abs="$lib" ;; + *) abs=`pwd`"/$lib" ;; + esac + func_append newdlfiles " $abs" + done + dlfiles="$newdlfiles" + newdlprefiles= + for lib in $dlprefiles; do + case $lib in + [\\/]* | [A-Za-z]:[\\/]*) abs="$lib" ;; + *) abs=`pwd`"/$lib" ;; + esac + func_append newdlprefiles " $abs" + done + dlprefiles="$newdlprefiles" + fi + $RM $output + # place dlname in correct position for cygwin + # In fact, it would be nice if we could use this code for all target + # systems that can't hard-code library paths into their executables + # and that have no shared library path variable independent of PATH, + # but it turns out we can't easily determine that from inspecting + # libtool variables, so we have to hard-code the OSs to which it + # applies here; at the moment, that means platforms that use the PE + # object format with DLL files. See the long comment at the top of + # tests/bindir.at for full details. + tdlname=$dlname + case $host,$output,$installed,$module,$dlname in + *cygwin*,*lai,yes,no,*.dll | *mingw*,*lai,yes,no,*.dll | *cegcc*,*lai,yes,no,*.dll) + # If a -bindir argument was supplied, place the dll there. + if test "x$bindir" != x ; + then + func_relative_path "$install_libdir" "$bindir" + tdlname=$func_relative_path_result$dlname + else + # Otherwise fall back on heuristic. + tdlname=../bin/$dlname + fi + ;; + esac + $ECHO > $output "\ +# $outputname - a libtool library file +# Generated by $PROGRAM (GNU $PACKAGE$TIMESTAMP) $VERSION +# +# Please DO NOT delete this file! +# It is necessary for linking the library. + +# The name that we can dlopen(3). +dlname='$tdlname' + +# Names of this library. +library_names='$library_names' + +# The name of the static archive. +old_library='$old_library' + +# Linker flags that can not go in dependency_libs. +inherited_linker_flags='$new_inherited_linker_flags' + +# Libraries that this one depends upon. +dependency_libs='$dependency_libs' + +# Names of additional weak libraries provided by this library +weak_library_names='$weak_libs' + +# Version information for $libname. +current=$current +age=$age +revision=$revision + +# Is this an already installed library? +installed=$installed + +# Should we warn about portability when linking against -modules? +shouldnotlink=$module + +# Files to dlopen/dlpreopen +dlopen='$dlfiles' +dlpreopen='$dlprefiles' + +# Directory that this library needs to be installed in: +libdir='$install_libdir'" + if test "$installed" = no && test "$need_relink" = yes; then + $ECHO >> $output "\ +relink_command=\"$relink_command\"" + fi + done + } + + # Do a symbolic link so that the libtool archive can be found in + # LD_LIBRARY_PATH before the program is installed. + func_show_eval '( cd "$output_objdir" && $RM "$outputname" && $LN_S "../$outputname" "$outputname" )' 'exit $?' + ;; + esac + exit $EXIT_SUCCESS +} + +{ test "$opt_mode" = link || test "$opt_mode" = relink; } && + func_mode_link ${1+"$@"} + + +# func_mode_uninstall arg... +func_mode_uninstall () +{ + $opt_debug + RM="$nonopt" + files= + rmforce= + exit_status=0 + + # This variable tells wrapper scripts just to set variables rather + # than running their programs. + libtool_install_magic="$magic" + + for arg + do + case $arg in + -f) func_append RM " $arg"; rmforce=yes ;; + -*) func_append RM " $arg" ;; + *) func_append files " $arg" ;; + esac + done + + test -z "$RM" && \ + func_fatal_help "you must specify an RM program" + + rmdirs= + + for file in $files; do + func_dirname "$file" "" "." + dir="$func_dirname_result" + if test "X$dir" = X.; then + odir="$objdir" + else + odir="$dir/$objdir" + fi + func_basename "$file" + name="$func_basename_result" + test "$opt_mode" = uninstall && odir="$dir" + + # Remember odir for removal later, being careful to avoid duplicates + if test "$opt_mode" = clean; then + case " $rmdirs " in + *" $odir "*) ;; + *) func_append rmdirs " $odir" ;; + esac + fi + + # Don't error if the file doesn't exist and rm -f was used. + if { test -L "$file"; } >/dev/null 2>&1 || + { test -h "$file"; } >/dev/null 2>&1 || + test -f "$file"; then + : + elif test -d "$file"; then + exit_status=1 + continue + elif test "$rmforce" = yes; then + continue + fi + + rmfiles="$file" + + case $name in + *.la) + # Possibly a libtool archive, so verify it. + if func_lalib_p "$file"; then + func_source $dir/$name + + # Delete the libtool libraries and symlinks. + for n in $library_names; do + func_append rmfiles " $odir/$n" + done + test -n "$old_library" && func_append rmfiles " $odir/$old_library" + + case "$opt_mode" in + clean) + case " $library_names " in + *" $dlname "*) ;; + *) test -n "$dlname" && func_append rmfiles " $odir/$dlname" ;; + esac + test -n "$libdir" && func_append rmfiles " $odir/$name $odir/${name}i" + ;; + uninstall) + if test -n "$library_names"; then + # Do each command in the postuninstall commands. + func_execute_cmds "$postuninstall_cmds" 'test "$rmforce" = yes || exit_status=1' + fi + + if test -n "$old_library"; then + # Do each command in the old_postuninstall commands. + func_execute_cmds "$old_postuninstall_cmds" 'test "$rmforce" = yes || exit_status=1' + fi + # FIXME: should reinstall the best remaining shared library. + ;; + esac + fi + ;; + + *.lo) + # Possibly a libtool object, so verify it. + if func_lalib_p "$file"; then + + # Read the .lo file + func_source $dir/$name + + # Add PIC object to the list of files to remove. + if test -n "$pic_object" && + test "$pic_object" != none; then + func_append rmfiles " $dir/$pic_object" + fi + + # Add non-PIC object to the list of files to remove. + if test -n "$non_pic_object" && + test "$non_pic_object" != none; then + func_append rmfiles " $dir/$non_pic_object" + fi + fi + ;; + + *) + if test "$opt_mode" = clean ; then + noexename=$name + case $file in + *.exe) + func_stripname '' '.exe' "$file" + file=$func_stripname_result + func_stripname '' '.exe' "$name" + noexename=$func_stripname_result + # $file with .exe has already been added to rmfiles, + # add $file without .exe + func_append rmfiles " $file" + ;; + esac + # Do a test to see if this is a libtool program. + if func_ltwrapper_p "$file"; then + if func_ltwrapper_executable_p "$file"; then + func_ltwrapper_scriptname "$file" + relink_command= + func_source $func_ltwrapper_scriptname_result + func_append rmfiles " $func_ltwrapper_scriptname_result" + else + relink_command= + func_source $dir/$noexename + fi + + # note $name still contains .exe if it was in $file originally + # as does the version of $file that was added into $rmfiles + func_append rmfiles " $odir/$name $odir/${name}S.${objext}" + if test "$fast_install" = yes && test -n "$relink_command"; then + func_append rmfiles " $odir/lt-$name" + fi + if test "X$noexename" != "X$name" ; then + func_append rmfiles " $odir/lt-${noexename}.c" + fi + fi + fi + ;; + esac + func_show_eval "$RM $rmfiles" 'exit_status=1' + done + + # Try to remove the ${objdir}s in the directories where we deleted files + for dir in $rmdirs; do + if test -d "$dir"; then + func_show_eval "rmdir $dir >/dev/null 2>&1" + fi + done + + exit $exit_status +} + +{ test "$opt_mode" = uninstall || test "$opt_mode" = clean; } && + func_mode_uninstall ${1+"$@"} + +test -z "$opt_mode" && { + help="$generic_help" + func_fatal_help "you must specify a MODE" +} + +test -z "$exec_cmd" && \ + func_fatal_help "invalid operation mode \`$opt_mode'" + +if test -n "$exec_cmd"; then + eval exec "$exec_cmd" + exit $EXIT_FAILURE +fi + +exit $exit_status + + +# The TAGs below are defined such that we never get into a situation +# in which we disable both kinds of libraries. Given conflicting +# choices, we go for a static library, that is the most portable, +# since we can't tell whether shared libraries were disabled because +# the user asked for that or because the platform doesn't support +# them. This is particularly important on AIX, because we don't +# support having both static and shared libraries enabled at the same +# time on that platform, so we default to a shared-only configuration. +# If a disable-shared tag is given, we'll fallback to a static-only +# configuration. But we'll never go from static-only to shared-only. + +# ### BEGIN LIBTOOL TAG CONFIG: disable-shared +build_libtool_libs=no +build_old_libs=yes +# ### END LIBTOOL TAG CONFIG: disable-shared + +# ### BEGIN LIBTOOL TAG CONFIG: disable-static +build_old_libs=`case $build_libtool_libs in yes) echo no;; *) echo yes;; esac` +# ### END LIBTOOL TAG CONFIG: disable-static + +# Local Variables: +# mode:shell-script +# sh-indentation:2 +# End: +# vi:sw=2 + diff --git a/test/mocklibc/missing b/test/mocklibc/missing new file mode 100755 index 00000000..86a8fc31 --- /dev/null +++ b/test/mocklibc/missing @@ -0,0 +1,331 @@ +#! /bin/sh +# Common stub for a few missing GNU programs while installing. + +scriptversion=2012-01-06.13; # UTC + +# Copyright (C) 1996, 1997, 1999, 2000, 2002, 2003, 2004, 2005, 2006, +# 2008, 2009, 2010, 2011, 2012 Free Software Foundation, Inc. +# Originally by Fran,cois Pinard , 1996. + +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2, or (at your option) +# any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +# As a special exception to the GNU General Public License, if you +# distribute this file as part of a program that contains a +# configuration script generated by Autoconf, you may include it under +# the same distribution terms that you use for the rest of that program. + +if test $# -eq 0; then + echo 1>&2 "Try \`$0 --help' for more information" + exit 1 +fi + +run=: +sed_output='s/.* --output[ =]\([^ ]*\).*/\1/p' +sed_minuso='s/.* -o \([^ ]*\).*/\1/p' + +# In the cases where this matters, `missing' is being run in the +# srcdir already. +if test -f configure.ac; then + configure_ac=configure.ac +else + configure_ac=configure.in +fi + +msg="missing on your system" + +case $1 in +--run) + # Try to run requested program, and just exit if it succeeds. + run= + shift + "$@" && exit 0 + # Exit code 63 means version mismatch. This often happens + # when the user try to use an ancient version of a tool on + # a file that requires a minimum version. In this case we + # we should proceed has if the program had been absent, or + # if --run hadn't been passed. + if test $? = 63; then + run=: + msg="probably too old" + fi + ;; + + -h|--h|--he|--hel|--help) + echo "\ +$0 [OPTION]... PROGRAM [ARGUMENT]... + +Handle \`PROGRAM [ARGUMENT]...' for when PROGRAM is missing, or return an +error status if there is no known handling for PROGRAM. + +Options: + -h, --help display this help and exit + -v, --version output version information and exit + --run try to run the given command, and emulate it if it fails + +Supported PROGRAM values: + aclocal touch file \`aclocal.m4' + autoconf touch file \`configure' + autoheader touch file \`config.h.in' + autom4te touch the output file, or create a stub one + automake touch all \`Makefile.in' files + bison create \`y.tab.[ch]', if possible, from existing .[ch] + flex create \`lex.yy.c', if possible, from existing .c + help2man touch the output file + lex create \`lex.yy.c', if possible, from existing .c + makeinfo touch the output file + yacc create \`y.tab.[ch]', if possible, from existing .[ch] + +Version suffixes to PROGRAM as well as the prefixes \`gnu-', \`gnu', and +\`g' are ignored when checking the name. + +Send bug reports to ." + exit $? + ;; + + -v|--v|--ve|--ver|--vers|--versi|--versio|--version) + echo "missing $scriptversion (GNU Automake)" + exit $? + ;; + + -*) + echo 1>&2 "$0: Unknown \`$1' option" + echo 1>&2 "Try \`$0 --help' for more information" + exit 1 + ;; + +esac + +# normalize program name to check for. +program=`echo "$1" | sed ' + s/^gnu-//; t + s/^gnu//; t + s/^g//; t'` + +# Now exit if we have it, but it failed. Also exit now if we +# don't have it and --version was passed (most likely to detect +# the program). This is about non-GNU programs, so use $1 not +# $program. +case $1 in + lex*|yacc*) + # Not GNU programs, they don't have --version. + ;; + + *) + if test -z "$run" && ($1 --version) > /dev/null 2>&1; then + # We have it, but it failed. + exit 1 + elif test "x$2" = "x--version" || test "x$2" = "x--help"; then + # Could not run --version or --help. This is probably someone + # running `$TOOL --version' or `$TOOL --help' to check whether + # $TOOL exists and not knowing $TOOL uses missing. + exit 1 + fi + ;; +esac + +# If it does not exist, or fails to run (possibly an outdated version), +# try to emulate it. +case $program in + aclocal*) + echo 1>&2 "\ +WARNING: \`$1' is $msg. You should only need it if + you modified \`acinclude.m4' or \`${configure_ac}'. You might want + to install the \`Automake' and \`Perl' packages. Grab them from + any GNU archive site." + touch aclocal.m4 + ;; + + autoconf*) + echo 1>&2 "\ +WARNING: \`$1' is $msg. You should only need it if + you modified \`${configure_ac}'. You might want to install the + \`Autoconf' and \`GNU m4' packages. Grab them from any GNU + archive site." + touch configure + ;; + + autoheader*) + echo 1>&2 "\ +WARNING: \`$1' is $msg. You should only need it if + you modified \`acconfig.h' or \`${configure_ac}'. You might want + to install the \`Autoconf' and \`GNU m4' packages. Grab them + from any GNU archive site." + files=`sed -n 's/^[ ]*A[CM]_CONFIG_HEADER(\([^)]*\)).*/\1/p' ${configure_ac}` + test -z "$files" && files="config.h" + touch_files= + for f in $files; do + case $f in + *:*) touch_files="$touch_files "`echo "$f" | + sed -e 's/^[^:]*://' -e 's/:.*//'`;; + *) touch_files="$touch_files $f.in";; + esac + done + touch $touch_files + ;; + + automake*) + echo 1>&2 "\ +WARNING: \`$1' is $msg. You should only need it if + you modified \`Makefile.am', \`acinclude.m4' or \`${configure_ac}'. + You might want to install the \`Automake' and \`Perl' packages. + Grab them from any GNU archive site." + find . -type f -name Makefile.am -print | + sed 's/\.am$/.in/' | + while read f; do touch "$f"; done + ;; + + autom4te*) + echo 1>&2 "\ +WARNING: \`$1' is needed, but is $msg. + You might have modified some files without having the + proper tools for further handling them. + You can get \`$1' as part of \`Autoconf' from any GNU + archive site." + + file=`echo "$*" | sed -n "$sed_output"` + test -z "$file" && file=`echo "$*" | sed -n "$sed_minuso"` + if test -f "$file"; then + touch $file + else + test -z "$file" || exec >$file + echo "#! /bin/sh" + echo "# Created by GNU Automake missing as a replacement of" + echo "# $ $@" + echo "exit 0" + chmod +x $file + exit 1 + fi + ;; + + bison*|yacc*) + echo 1>&2 "\ +WARNING: \`$1' $msg. You should only need it if + you modified a \`.y' file. You may need the \`Bison' package + in order for those modifications to take effect. You can get + \`Bison' from any GNU archive site." + rm -f y.tab.c y.tab.h + if test $# -ne 1; then + eval LASTARG=\${$#} + case $LASTARG in + *.y) + SRCFILE=`echo "$LASTARG" | sed 's/y$/c/'` + if test -f "$SRCFILE"; then + cp "$SRCFILE" y.tab.c + fi + SRCFILE=`echo "$LASTARG" | sed 's/y$/h/'` + if test -f "$SRCFILE"; then + cp "$SRCFILE" y.tab.h + fi + ;; + esac + fi + if test ! -f y.tab.h; then + echo >y.tab.h + fi + if test ! -f y.tab.c; then + echo 'main() { return 0; }' >y.tab.c + fi + ;; + + lex*|flex*) + echo 1>&2 "\ +WARNING: \`$1' is $msg. You should only need it if + you modified a \`.l' file. You may need the \`Flex' package + in order for those modifications to take effect. You can get + \`Flex' from any GNU archive site." + rm -f lex.yy.c + if test $# -ne 1; then + eval LASTARG=\${$#} + case $LASTARG in + *.l) + SRCFILE=`echo "$LASTARG" | sed 's/l$/c/'` + if test -f "$SRCFILE"; then + cp "$SRCFILE" lex.yy.c + fi + ;; + esac + fi + if test ! -f lex.yy.c; then + echo 'main() { return 0; }' >lex.yy.c + fi + ;; + + help2man*) + echo 1>&2 "\ +WARNING: \`$1' is $msg. You should only need it if + you modified a dependency of a manual page. You may need the + \`Help2man' package in order for those modifications to take + effect. You can get \`Help2man' from any GNU archive site." + + file=`echo "$*" | sed -n "$sed_output"` + test -z "$file" && file=`echo "$*" | sed -n "$sed_minuso"` + if test -f "$file"; then + touch $file + else + test -z "$file" || exec >$file + echo ".ab help2man is required to generate this page" + exit $? + fi + ;; + + makeinfo*) + echo 1>&2 "\ +WARNING: \`$1' is $msg. You should only need it if + you modified a \`.texi' or \`.texinfo' file, or any other file + indirectly affecting the aspect of the manual. The spurious + call might also be the consequence of using a buggy \`make' (AIX, + DU, IRIX). You might want to install the \`Texinfo' package or + the \`GNU make' package. Grab either from any GNU archive site." + # The file to touch is that specified with -o ... + file=`echo "$*" | sed -n "$sed_output"` + test -z "$file" && file=`echo "$*" | sed -n "$sed_minuso"` + if test -z "$file"; then + # ... or it is the one specified with @setfilename ... + infile=`echo "$*" | sed 's/.* \([^ ]*\) *$/\1/'` + file=`sed -n ' + /^@setfilename/{ + s/.* \([^ ]*\) *$/\1/ + p + q + }' $infile` + # ... or it is derived from the source name (dir/f.texi becomes f.info) + test -z "$file" && file=`echo "$infile" | sed 's,.*/,,;s,.[^.]*$,,'`.info + fi + # If the file does not exist, the user really needs makeinfo; + # let's fail without touching anything. + test -f $file || exit 1 + touch $file + ;; + + *) + echo 1>&2 "\ +WARNING: \`$1' is needed, and is $msg. + You might have modified some files without having the + proper tools for further handling them. Check the \`README' file, + it often tells you about the needed prerequisites for installing + this package. You may also peek at any GNU archive site, in case + some other package would contain this missing \`$1' program." + exit 1 + ;; +esac + +exit 0 + +# Local variables: +# eval: (add-hook 'write-file-hooks 'time-stamp) +# time-stamp-start: "scriptversion=" +# time-stamp-format: "%:y-%02m-%02d.%02H" +# time-stamp-time-zone: "UTC" +# time-stamp-end: "; # UTC" +# End: diff --git a/test/mocklibc/src/Makefile.am b/test/mocklibc/src/Makefile.am new file mode 100644 index 00000000..7cb934ef --- /dev/null +++ b/test/mocklibc/src/Makefile.am @@ -0,0 +1,8 @@ + +lib_LTLIBRARIES = libmocklibc.la +libmocklibc_la_SOURCES = pwd.c grp.c netdb.c netgroup.c netgroup.h + +bin_PROGRAMS = mocklibc-debug-netgroup +mocklibc_debug_netgroup_SOURCES = netgroup-debug.c netgroup-debug.h +mocklibc_debug_netgroup_LDADD = libmocklibc.la + diff --git a/test/mocklibc/src/Makefile.in b/test/mocklibc/src/Makefile.in new file mode 100644 index 00000000..6734f7ab --- /dev/null +++ b/test/mocklibc/src/Makefile.in @@ -0,0 +1,588 @@ +# Makefile.in generated by automake 1.11.3 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software +# Foundation, Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + + +VPATH = @srcdir@ +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +bin_PROGRAMS = mocklibc-debug-netgroup$(EXEEXT) +subdir = src +DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/config.h +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__uninstall_files_from_dir = { \ + test -z "$$files" \ + || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ + || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ + $(am__cd) "$$dir" && rm -f $$files; }; \ + } +am__installdirs = "$(DESTDIR)$(libdir)" "$(DESTDIR)$(bindir)" +LTLIBRARIES = $(lib_LTLIBRARIES) +libmocklibc_la_LIBADD = +am_libmocklibc_la_OBJECTS = pwd.lo grp.lo netdb.lo netgroup.lo +libmocklibc_la_OBJECTS = $(am_libmocklibc_la_OBJECTS) +PROGRAMS = $(bin_PROGRAMS) +am_mocklibc_debug_netgroup_OBJECTS = netgroup-debug.$(OBJEXT) +mocklibc_debug_netgroup_OBJECTS = \ + $(am_mocklibc_debug_netgroup_OBJECTS) +mocklibc_debug_netgroup_DEPENDENCIES = libmocklibc.la +DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ + $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +CCLD = $(CC) +LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ + $(LDFLAGS) -o $@ +SOURCES = $(libmocklibc_la_SOURCES) $(mocklibc_debug_netgroup_SOURCES) +DIST_SOURCES = $(libmocklibc_la_SOURCES) \ + $(mocklibc_debug_netgroup_SOURCES) +ETAGS = etags +CTAGS = ctags +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +AMTAR = @AMTAR@ +AR = @AR@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +GREP = @GREP@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ +MKDIR_P = @MKDIR_P@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +RANLIB = @RANLIB@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +STRIP = @STRIP@ +VERSION = @VERSION@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +libdir = @libdir@ +libexecdir = @libexecdir@ +libname = @libname@ +localedir = @localedir@ +localstatedir = @localstatedir@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +lib_LTLIBRARIES = libmocklibc.la +libmocklibc_la_SOURCES = pwd.c grp.c netdb.c netgroup.c netgroup.h +mocklibc_debug_netgroup_SOURCES = netgroup-debug.c netgroup-debug.h +mocklibc_debug_netgroup_LDADD = libmocklibc.la +all: all-am + +.SUFFIXES: +.SUFFIXES: .c .lo .o .obj +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): +install-libLTLIBRARIES: $(lib_LTLIBRARIES) + @$(NORMAL_INSTALL) + test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)" + @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \ + list2=; for p in $$list; do \ + if test -f $$p; then \ + list2="$$list2 $$p"; \ + else :; fi; \ + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(libdir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(libdir)"; \ + } + +uninstall-libLTLIBRARIES: + @$(NORMAL_UNINSTALL) + @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$f"; \ + done + +clean-libLTLIBRARIES: + -test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES) + @list='$(lib_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done +libmocklibc.la: $(libmocklibc_la_OBJECTS) $(libmocklibc_la_DEPENDENCIES) $(EXTRA_libmocklibc_la_DEPENDENCIES) + $(LINK) -rpath $(libdir) $(libmocklibc_la_OBJECTS) $(libmocklibc_la_LIBADD) $(LIBS) +install-binPROGRAMS: $(bin_PROGRAMS) + @$(NORMAL_INSTALL) + test -z "$(bindir)" || $(MKDIR_P) "$(DESTDIR)$(bindir)" + @list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \ + for p in $$list; do echo "$$p $$p"; done | \ + sed 's/$(EXEEXT)$$//' | \ + while read p p1; do if test -f $$p || test -f $$p1; \ + then echo "$$p"; echo "$$p"; else :; fi; \ + done | \ + sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \ + -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \ + sed 'N;N;N;s,\n, ,g' | \ + $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \ + { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ + if ($$2 == $$4) files[d] = files[d] " " $$1; \ + else { print "f", $$3 "/" $$4, $$1; } } \ + END { for (d in files) print "f", d, files[d] }' | \ + while read type dir files; do \ + if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ + test -z "$$files" || { \ + echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(bindir)$$dir'"; \ + $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(bindir)$$dir" || exit $$?; \ + } \ + ; done + +uninstall-binPROGRAMS: + @$(NORMAL_UNINSTALL) + @list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \ + files=`for p in $$list; do echo "$$p"; done | \ + sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \ + -e 's/$$/$(EXEEXT)/' `; \ + test -n "$$list" || exit 0; \ + echo " ( cd '$(DESTDIR)$(bindir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(bindir)" && rm -f $$files + +clean-binPROGRAMS: + @list='$(bin_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list +mocklibc-debug-netgroup$(EXEEXT): $(mocklibc_debug_netgroup_OBJECTS) $(mocklibc_debug_netgroup_DEPENDENCIES) $(EXTRA_mocklibc_debug_netgroup_DEPENDENCIES) + @rm -f mocklibc-debug-netgroup$(EXEEXT) + $(LINK) $(mocklibc_debug_netgroup_OBJECTS) $(mocklibc_debug_netgroup_LDADD) $(LIBS) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + +distclean-compile: + -rm -f *.tab.c + +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/grp.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/netdb.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/netgroup-debug.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/netgroup.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pwd.Plo@am__quote@ + +.c.o: +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c $< + +.c.obj: +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` + +.c.lo: +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + mkid -fID $$unique +tags: TAGS + +TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + set x; \ + here=`pwd`; \ + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: CTAGS +CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) +install-binPROGRAMS: install-libLTLIBRARIES + +installdirs: + for dir in "$(DESTDIR)$(libdir)" "$(DESTDIR)$(bindir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + if test -z '$(STRIP)'; then \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + install; \ + else \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ + fi +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-binPROGRAMS clean-generic clean-libLTLIBRARIES \ + clean-libtool mostlyclean-am + +distclean: distclean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-tags + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: install-binPROGRAMS install-libLTLIBRARIES + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-binPROGRAMS uninstall-libLTLIBRARIES + +.MAKE: install-am install-strip + +.PHONY: CTAGS GTAGS all all-am check check-am clean clean-binPROGRAMS \ + clean-generic clean-libLTLIBRARIES clean-libtool ctags \ + distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-binPROGRAMS \ + install-data install-data-am install-dvi install-dvi-am \ + install-exec install-exec-am install-html install-html-am \ + install-info install-info-am install-libLTLIBRARIES \ + install-man install-pdf install-pdf-am install-ps \ + install-ps-am install-strip installcheck installcheck-am \ + installdirs maintainer-clean maintainer-clean-generic \ + mostlyclean mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool pdf pdf-am ps ps-am tags uninstall \ + uninstall-am uninstall-binPROGRAMS uninstall-libLTLIBRARIES + + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/test/mocklibc/src/grp.c b/test/mocklibc/src/grp.c new file mode 100644 index 00000000..c671e1fc --- /dev/null +++ b/test/mocklibc/src/grp.c @@ -0,0 +1,156 @@ +/** + * Copyright 2011 Google Inc. All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * Author: Nikki VonHollen + */ + +#include + +#include +#include +#include +#include + +#define GROUP_CONFIG_KEY "MOCK_GROUP" + +static FILE *global_stream = NULL; + +void setgrent(void) { + if (global_stream) + endgrent(); + + const char *path = getenv(GROUP_CONFIG_KEY); + if (!path) + return; + + global_stream = fopen(path, "r"); +} + +struct group *getgrent(void) { + if (!global_stream) + setgrent(); + + if (!global_stream) + return NULL; + + return fgetgrent(global_stream); +} + +void endgrent(void) { + if (!global_stream) + return; + + fclose(global_stream); + global_stream = NULL; +} + +struct group *getgrnam(const char *name) { + const char *path = getenv(GROUP_CONFIG_KEY); + if (!path) + return NULL; + + FILE *stream = fopen(path, "r"); + if (!stream) + return NULL; + + struct group *entry; + while ((entry = fgetgrent(stream))) { + if (strcmp(entry->gr_name, name) == 0) { + fclose(stream); + return entry; + } + } + + fclose(stream); + return NULL; +} + +struct group *getgrgid(gid_t gid) { + const char *path = getenv(GROUP_CONFIG_KEY); + if (!path) + return NULL; + + FILE *stream = fopen(path, "r"); + if (!stream) + return NULL; + + struct group *entry; + while ((entry = fgetgrent(stream))) { + if (entry->gr_gid == gid) { + fclose(stream); + return entry; + } + } + + fclose(stream); + return NULL; +} + +int getgrouplist(const char *user, gid_t group, gid_t *groups, int *ngroups) { + const char *path = getenv(GROUP_CONFIG_KEY); + if (!path) { + *ngroups = 0; + return -1; + } + + FILE *stream = fopen(path, "r"); + if (!stream) { + *ngroups = 0; + return -1; + } + + int default_group_found = 0; + int groups_found = 0; + + // Loop through all groups + struct group *entry; + while ((entry = fgetgrent(stream))) { + // Loop through all users in group + char **cur_user; + for (cur_user = entry->gr_mem; *cur_user; cur_user++) { + // Skip users who don't match arg 'user' + if (strcmp(*cur_user, user)) + continue; + + // Is this the default group? if so, flag it + if (entry->gr_gid == group) + default_group_found = 1; + + // Only insert new entries if we have room + if (groups_found < *ngroups) { + groups[groups_found] = entry->gr_gid; + } + + groups_found++; + } + } + + // Include the default group if it wasn't found + if (!default_group_found) { + if (groups_found < *ngroups) { + groups[groups_found] = group; + } + groups_found++; + } + + // Did we have to leave out some groups? If not, tell how many we found. + int retval = (groups_found > *ngroups) ? -1 : groups_found; + + // Always tell the user how many groups we found via *ngroups + *ngroups = groups_found; + + fclose(stream); + return retval; +} diff --git a/test/mocklibc/src/netdb.c b/test/mocklibc/src/netdb.c new file mode 100644 index 00000000..94424032 --- /dev/null +++ b/test/mocklibc/src/netdb.c @@ -0,0 +1,100 @@ +/** + * Copyright 2011 Google Inc. All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * Author: Nikki VonHollen + */ + +#include "netgroup.h" + +#include + +#include +#include +#include +#include + +#define INNETGR_CHECK(match, value) if (match && value && strcmp(match, value)) continue; + +/** Private static data. */ + +static struct netgroup *global_netgroup_head = NULL; +static struct netgroup_iter global_iter; + +/** Public methods */ + +// REMEMBER: 1 means success, 0 means failure for netgroup methods + +int setnetgrent(const char *netgroup) { + if (!global_netgroup_head) + global_netgroup_head = netgroup_parse_all(); + + struct netgroup *group = netgroup_find(global_netgroup_head, netgroup); + if (!group) { + netgroup_free_all(global_netgroup_head); + global_netgroup_head = NULL; + return 0; + } + + netgroup_iter_init(&global_iter, group); + return 1; +} + +void endnetgrent(void) { + netgroup_free_all(global_netgroup_head); + global_netgroup_head = NULL; +} + +int getnetgrent(char **host, char **user, char **domain) { + if (!global_netgroup_head) + return 0; + + struct entry *result = netgroup_iter_next(&global_iter); + if (!result) + return 0; + + *host = result->data.triple.hostname; + *user = result->data.triple.username; + *domain = result->data.triple.domainname; + return 1; +} + +int innetgr(const char *netgroup, const char *host, const char *user, + const char *domain) { + int retval = 0; + struct netgroup *head = netgroup_parse_all(); + struct netgroup *group = netgroup_find(head, netgroup); + if (!group) { + // Can't find group + netgroup_free_all(head); + return 0; + } + + struct netgroup_iter iter; + netgroup_iter_init(&iter, group); + + struct entry *cur; + while ((cur = netgroup_iter_next(&iter))) { + INNETGR_CHECK(host, cur->data.triple.hostname); + INNETGR_CHECK(user, cur->data.triple.username); + INNETGR_CHECK(domain, cur->data.triple.domainname); + + // No INNETGR_CHECK failed, so we matched! + retval = 1; + break; + } + + netgroup_free_all(head); + return retval; +} diff --git a/test/mocklibc/src/netgroup-debug.c b/test/mocklibc/src/netgroup-debug.c new file mode 100644 index 00000000..81d6e728 --- /dev/null +++ b/test/mocklibc/src/netgroup-debug.c @@ -0,0 +1,84 @@ +/** + * Copyright 2011 Google Inc. All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * Author: Nikki VonHollen + */ + +#include "netgroup-debug.h" + +#include +#include + +void netgroup_debug_print_entry(struct entry *entry, FILE *stream, unsigned int indent) { + print_indent(stream, indent); + + if (entry->type == TRIPLE_ENTRY) { + fprintf(stream, "triple (%s,%s,%s)\n", + entry->data.triple.hostname, + entry->data.triple.username, + entry->data.triple.domainname); + } else if (entry->type == CHILD_ENTRY) { + fprintf(stream, "child '%s'\n", entry->data.child.name); + struct entry *child; + for (child = entry->data.child.head; child; child = child->next) { + netgroup_debug_print_entry(child, stream, indent + 1); + } + } else { + fprintf(stream, "UNKNOWN_TYPE"); + } +} + +void netgroup_debug_print_group(struct netgroup *group, FILE *stream, unsigned int indent) { + print_indent(stream, indent); + fprintf(stream, "%s\n", group->name); + struct entry *entry; + for (entry = group->head; entry; entry = entry->next) { + netgroup_debug_print_entry(entry, stream, indent + 1); + } +} + +void netgroup_debug_print_group_unrolled(struct netgroup *group, FILE *stream, unsigned int indent) { + print_indent(stream, indent); + fprintf(stream, "%s\n", group->name); + + struct netgroup_iter iter; + netgroup_iter_init(&iter, group); + + struct entry *entry; + while ((entry = netgroup_iter_next(&iter))) { + netgroup_debug_print_entry(entry, stream, indent + 1); + } +} + +void netgroup_debug_print_all(struct netgroup *head, FILE *stream, unsigned int indent) { + struct netgroup *group; + for (group = head; group; group = group->next) { + netgroup_debug_print_group(group, stream, indent); + } +} + +int main(int argc, char **argv) { + struct netgroup *groups = netgroup_parse_all(); + if (argc == 1) + netgroup_debug_print_all(groups, stdout, 0); + else if (argc == 2) { + struct netgroup *group = netgroup_find(groups, argv[1]); + if (!group) + return 1; + netgroup_debug_print_group_unrolled(group, stdout, 0); + } + + return 0; +} diff --git a/test/mocklibc/src/netgroup-debug.h b/test/mocklibc/src/netgroup-debug.h new file mode 100644 index 00000000..d733c958 --- /dev/null +++ b/test/mocklibc/src/netgroup-debug.h @@ -0,0 +1,58 @@ +/** + * Copyright 2011 Google Inc. All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * Author: Nikki VonHollen + */ + +#ifndef NETGROUP_DEBUG_H_ +#define NETGROUP_DEBUG_H_ + +#include "netgroup.h" + +#include + +/** + * Print entry and it's children to the given stream. + * @param entry Netgroup entry to print + * @param stream Stream to print to + * @param indent Number of indents to use + */ +void netgroup_debug_print_entry(struct entry *entry, FILE *stream, unsigned int indent); + +/** + * Print a single netgroup to the given stream. + * @param group Netgroup to print + * @param stream Stream to print to + * @param indent Number of indents to use + */ +void netgroup_debug_print_group(struct netgroup *group, FILE *stream, unsigned int indent); + +/** + * Print a single netgroup with all triples included recursively. + * @param group Netgroup to print + * @param stream Stream to print to + * @param indent Number of indents to use + */ +void netgroup_debug_print_group_unrolled(struct netgroup *group, FILE *stream, unsigned int indent); + +/** + * Print all netgroups to the given stream. + * @param head Head of list of netgroups + * @param stream Stream to print to + * @param indent Number of indents to use + */ +void netgroup_debug_print_all(struct netgroup *head, FILE *stream, unsigned int indent); + +#endif diff --git a/test/mocklibc/src/netgroup.c b/test/mocklibc/src/netgroup.c new file mode 100644 index 00000000..f2ee857e --- /dev/null +++ b/test/mocklibc/src/netgroup.c @@ -0,0 +1,342 @@ +/** + * Copyright 2011 Google Inc. All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * Author: Nikki VonHollen + */ + +#include "netgroup.h" + +#include +#include +#include +#include +#include +#include + +#define NETGROUP_CONFIG_KEY "MOCK_NETGROUP" +#define NETGROUP_TRIPLE_REGEX "\\(([^,]*),([^,]*),([^\\)]*)\\)" +#define FREE_IF_NOT_NULL(ptr) if (ptr) free(ptr) + +/** Private methods. */ + +/** + * Move the given pointer past any whitespace. + * @param cur Pointer to string (char *) to advance + */ +static void parser_skip_whitespace(char **cur) { + for (; isspace(**cur); (*cur)++) {} +} + +/** + * Copy the next group of non-space characters and move the pointer past + * consumed characters. + * @param cur Pointer to string (char *) to search/advance + * @return Copy of chars consumed. Must be free'd by user. + */ +static char *parser_copy_word(char **cur) { + char *value = *cur; + size_t i; + + // Find the next non-null non-space character + for (i = 0; !isspace(value[i]) && value[i] != '\0'; i++) {} + + // Don't allocate zero-length strings, just die + if (i == 0) { + return NULL; + } + + // Allocate the new string, with room for a null terminator + char *result = malloc(i + 1); + if (!result) { + return NULL; + } + + // Set the current pointer past the parsed region + *cur += i; + + memcpy(result, value, i); + result[i] = '\0'; + return result; +} + +/** + * Print a varaible indentation to the stream. + * @param stream Stream to print to + * @param indent Number of indents to use + */ +void print_indent(FILE *stream, unsigned int indent) { + int i; + for (i = 0; i < indent; i++) + fprintf(stream, " "); +} + +/** + * Connect entries with 'child' type to their child entries. + * @param headentry Head of list of entries that need to be connected + * @param headgroup Head of list of netgroups to connect child entries to + */ +static void netgroup_connect_children(struct entry *headentry, struct netgroup *headgroup) { + struct entry *curentry; + for (curentry = headentry; curentry; curentry = curentry->next) { + // Skip entries that don't have children + if (curentry->type != CHILD_ENTRY) + continue; + + // Set the entry's children to the head of the netgroup with the same name + struct netgroup *group = netgroup_find(headgroup, curentry->data.child.name); + if (group) + curentry->data.child.head = group->head; + } +} + + +/* Public methods. */ + +struct netgroup *netgroup_parse_all() { + const char *path = getenv(NETGROUP_CONFIG_KEY); + if (!path) + return NULL; + + FILE *stream = fopen(path, "r"); + if (!stream) + return NULL; + + struct netgroup *headgroup = NULL; + struct netgroup *lastgroup = NULL; + + // Parse netgroups but don't fill in child entry pointers + for (;;) { + size_t line_alloc = 0; + char * line = NULL; + ssize_t line_size = getline(&line, &line_alloc, stream); + if (line_size == -1) + break; + + struct netgroup *nextgroup = netgroup_parse_line(line); + free(line); + if (!nextgroup) + continue; + + if (!headgroup) { + headgroup = nextgroup; + lastgroup = nextgroup; + } else { + lastgroup->next = nextgroup; + lastgroup = nextgroup; + } + } + + fclose(stream); + + // Fill in child entry pointers + struct netgroup *curgroup; + for (curgroup = headgroup; curgroup; curgroup = curgroup->next) { + netgroup_connect_children(curgroup->head, headgroup); + } + + return headgroup; +} + +void netgroup_free_all(struct netgroup *head) { + struct netgroup *group = head; + struct netgroup *nextgroup; + while (group) { + nextgroup = group->next; + netgroup_free(group); + group = nextgroup; + } +} + +struct netgroup *netgroup_parse_line(char *line) { + char *cur = line; + + // Get the netgroup's name + parser_skip_whitespace(&cur); + char *group_name = parser_copy_word(&cur); + if (!group_name) + return NULL; + + // Create new netgroup object + struct netgroup *result = malloc(sizeof(struct netgroup)); + if (!result) + return NULL; + result->next = NULL; + result->name = group_name; + result->head = NULL; + + // Fill in netgroup entries + struct entry* lastentry = NULL; + for (;;) { + // Get the next word (anything non-space and non-null) + parser_skip_whitespace(&cur); + char *word = parser_copy_word(&cur); + if (!word) + break; + + // Parse the entry + struct entry *entry = netgroup_parse_entry(word); + free(word); + if (!entry) + continue; + + // Connect the entries together in a singly-linked list + if (lastentry) { + lastentry->next = entry; + } else { + result->head = entry; + } + + lastentry = entry; + } + + return result; +} + +void netgroup_free(struct netgroup *group) { + if (!group) + return; + + free(group->name); + netgroup_entry_free_all(group->head); + free(group); +} + +struct entry *netgroup_parse_entry(const char *value) { + // Initialize the regex to match triples only on first call + static int regex_needs_init = 1; + static regex_t regex_triple; + if (regex_needs_init) { + if (regcomp(®ex_triple, NETGROUP_TRIPLE_REGEX, REG_EXTENDED)) + return NULL; + regex_needs_init = 0; + } + + struct entry *result = malloc(sizeof(struct entry)); + if (!result) + return NULL; + + memset(result, 0, sizeof(struct entry)); + + regmatch_t regex_triple_match [4]; + if (regexec(®ex_triple, value, 4, regex_triple_match, 0) == REG_NOMATCH) { + // Match failed, assume entry is a netgroup name + result->type = CHILD_ENTRY; + result->data.child.name = strdup(value); + if (!result->data.child.name) { + netgroup_entry_free(result); + return NULL; + } + } else { + // Match success, entry is a triple + result->type = TRIPLE_ENTRY; + + // Array of pointers to fields to set in triple + char ** triple [3] = { + &result->data.triple.hostname, + &result->data.triple.username, + &result->data.triple.domainname }; + int i; + + // Loop through each potential field in triple + for (i = 0; i < 3; i++) { + regoff_t start = regex_triple_match[i + 1].rm_so; + regoff_t end = regex_triple_match[i + 1].rm_eo; + regoff_t len = end - start; + + if (start == -1 || len == 0) { + // This field is empty, so it matches anything + *triple[i] = NULL; + } else { + // Allocate and copy new field for triple + char *field = malloc(len + 1); + if (!field) { + netgroup_entry_free(result); + return NULL; + } + memcpy(field, &value[start], len); + field[len] = '\0'; + *triple[i] = field; + } + } + } + return result; +} + +void netgroup_entry_free_all(struct entry *head) { + struct entry *entry = head; + struct entry *nextentry; + while (entry) { + nextentry = entry->next; + netgroup_entry_free(entry); + entry = nextentry; + } +} + +void netgroup_entry_free(struct entry *entry) { + if (!entry) + return; + + if (entry->type == TRIPLE_ENTRY) { + FREE_IF_NOT_NULL(entry->data.triple.hostname); + FREE_IF_NOT_NULL(entry->data.triple.username); + FREE_IF_NOT_NULL(entry->data.triple.domainname); + } else { + FREE_IF_NOT_NULL(entry->data.child.name); + } + + free(entry); +} + +struct netgroup *netgroup_find(struct netgroup *head, const char *name) { + struct netgroup *group; + for (group = head; group && strcmp(group->name, name); group = group->next) {} + return group; +} + +void netgroup_iter_init(struct netgroup_iter *iter, struct netgroup *group) { + iter->stack[0] = group->head; + iter->depth = 0; +} + +struct entry *netgroup_iter_next(struct netgroup_iter *iter) { + while (iter->depth >= 0) { + struct entry *cur = iter->stack[iter->depth]; + + if (!cur) { + // Pop current finished entry off stack + iter->depth--; + } else if (cur->type == CHILD_ENTRY) { + // Replace the current location on the stack with the next sibling + iter->stack[iter->depth] = cur->next; + + // Grow the stack + iter->depth++; + if (iter->depth > NETGROUP_MAX_DEPTH) { + iter->depth = -1; + return NULL; // Too much recursion + } + + // Put this entry's children on top of the stack + struct entry *child = cur->data.child.head; + iter->stack[iter->depth] = child; + } else { + // Replace the current location on the stack with the next sibling + iter->stack[iter->depth] = cur->next; + return cur; + } + } + + return NULL; +} diff --git a/test/mocklibc/src/netgroup.h b/test/mocklibc/src/netgroup.h new file mode 100644 index 00000000..11cf7ebf --- /dev/null +++ b/test/mocklibc/src/netgroup.h @@ -0,0 +1,144 @@ +/** + * Copyright 2011 Google Inc. All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * Author: Nikki VonHollen + */ + +#ifndef NETGROUP_H_ +#define NETGROUP_H_ + +#define NETGROUP_MAX_DEPTH 32 + +/** + * Netgroup with a name and list of entries. + */ +struct netgroup; + +/** + * Entry in a netgroup, either a triple or sub-group (child). + */ +struct entry; + +struct netgroup { + /* Next netgroup in list. */ + struct netgroup *next; // Next netgroup in list + + /* Netgroup name. */ + char *name; + + /* First entry in list of entries. */ + struct entry *head; +}; + +struct entry { + /* Next entry in list of entries for the parent netgroup. */ + struct entry *next; + + /* Entry type is triple (host,user,domain) or child (netgroup name). */ + enum {CHILD_ENTRY, TRIPLE_ENTRY} type; + + union { + /* Child data if entry is a netgroup name. */ + struct { + /* Child netgroup name. */ + char *name; + + /* Pointer to first entry in child netgroup. */ + struct entry *head; + } child; + + /* Triple data if entry type is triple. */ + struct { + char *hostname; + char *username; + char *domainname; + } triple; + } data; +}; + +/* Recursive netgroup entry iterator. */ +struct netgroup_iter { + struct entry *stack [NETGROUP_MAX_DEPTH]; + int depth; +}; + + +/** + * Load full netgroup database into memory. + * @return Head netgroup + */ +struct netgroup *netgroup_parse_all(); + +/** + * Free a list of netgroups. + * @param head Head of list of netgroups + */ +void netgroup_free_all(struct netgroup *head); + +/** + * Parse a single netgroup. + * @param line Line for netgroup definition + * @return Single netgroup with list of netgroup entries + */ +struct netgroup *netgroup_parse_line(char *line); + +/** + * Free single netgroup. + * @param group Netgroup to free + */ +void netgroup_free(struct netgroup *group); + +/** + * Parse a single netgroup entry. + * @param value Entry triple or name as string + * @return Single netgroup entry + */ +struct entry *netgroup_parse_entry(const char *value); + +/** + * Free a list of netgroup entries. + * @param head Head of list of entries + */ +void netgroup_entry_free_all(struct entry *head); + +/** + * Free a single netgroup entry. + * @param entry Netgroup entry to free + */ +void netgroup_entry_free(struct entry *entry); + +/** + * Find netgroup with given name. + * @param head Head of list of netgroups + * @param name Name to find + * @return Netgroup with name or NULL if not found + */ +struct netgroup *netgroup_find(struct netgroup *head, const char *name); + +/** + * Create recursive iterator over all entries in a netgroup. + * @param iter Pointer to iterator struct + * @param group Group to iterate over + */ +void netgroup_iter_init(struct netgroup_iter *iter, struct netgroup *group); + +/** + * Get the next entry in the netgroup iterator. + * @param iter Pointer to iterator struct + * @return Netgroup entry of type triple, or NULL if done iterating + */ +struct entry *netgroup_iter_next(struct netgroup_iter *iter); + +#endif diff --git a/test/mocklibc/src/pwd.c b/test/mocklibc/src/pwd.c new file mode 100644 index 00000000..6005a1d7 --- /dev/null +++ b/test/mocklibc/src/pwd.c @@ -0,0 +1,99 @@ +/** + * Copyright 2011 Google Inc. All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * Author: Nikki VonHollen + */ + +#include + +#include +#include +#include +#include + +#define PASSWD_CONFIG_KEY "MOCK_PASSWD" + +static FILE *global_stream = NULL; + +void setpwent(void) { + if (global_stream) + endpwent(); + + const char *path = getenv(PASSWD_CONFIG_KEY); + if (!path) + return; + + global_stream = fopen(path, "r"); +} + +struct passwd *getpwent(void) { + if (!global_stream) + setpwent(); + + if (!global_stream) + return NULL; + + return fgetpwent(global_stream); +} + +void endpwent(void) { + if (!global_stream) + return; + + fclose(global_stream); + global_stream = NULL; +} + +struct passwd *getpwnam(const char *name) { + const char *path = getenv(PASSWD_CONFIG_KEY); + if (!path) + return NULL; + + FILE *stream = fopen(path, "r"); + if (!stream) + return NULL; + + struct passwd *entry; + while ((entry = fgetpwent(stream))) { + if (strcmp(entry->pw_name, name) == 0) { + fclose(stream); + return entry; + } + } + + fclose(stream); + return NULL; +} + +struct passwd *getpwuid(uid_t uid) { + const char *path = getenv(PASSWD_CONFIG_KEY); + if (!path) + return NULL; + + FILE *stream = fopen(path, "r"); + if (!stream) + return NULL; + + struct passwd *entry; + while ((entry = fgetpwent(stream))) { + if (entry->pw_uid == uid) { + fclose(stream); + return entry; + } + } + + fclose(stream); + return NULL; +} diff --git a/test/polkit/Makefile.am b/test/polkit/Makefile.am new file mode 100644 index 00000000..27bcb95a --- /dev/null +++ b/test/polkit/Makefile.am @@ -0,0 +1,52 @@ + +NULL = + +INCLUDES = \ + -I$(top_builddir)/src \ + -I$(top_srcdir)/src \ + -I$(top_srcdir)/test \ + -DPACKAGE_LIBEXEC_DIR=\""$(libexecdir)"\" \ + -DPACKAGE_SYSCONF_DIR=\""$(sysconfdir)"\" \ + -DPACKAGE_DATA_DIR=\""$(datadir)"\" \ + -DPACKAGE_BIN_DIR=\""$(bindir)"\" \ + -DPACKAGE_LOCALSTATE_DIR=\""$(localstatedir)"\" \ + -DPACKAGE_LOCALE_DIR=\""$(localedir)"\" \ + -DPACKAGE_LIB_DIR=\""$(libdir)"\" \ + -D_POSIX_PTHREAD_SEMANTICS \ + -D_REENTRANT \ + $(NULL) + +AM_CFLAGS = \ + -D_POLKIT_COMPILATION \ + -D_POLKIT_BACKEND_COMPILATION \ + $(GLIB_CFLAGS) \ + $(NULL) + +LDADD = \ + $(GLIB_LIBS) \ + $(top_builddir)/src/polkit/libpolkit-gobject-1.la \ + $(NULL) + +TEST_PROGS = + +# ---------------------------------------------------------------------------------------------------- + +TEST_PROGS += polkitunixusertest +polkitunixusertest_SOURCES = polkitunixusertest.c + +TEST_PROGS += polkitunixgrouptest +polkitunixgrouptest_SOURCES = polkitunixgrouptest.c + +TEST_PROGS += polkitunixnetgrouptest +polkitunixnetgrouptest_SOURCES = polkitunixnetgrouptest.c + +TEST_PROGS += polkitidentitytest +polkitidentitytest_SOURCES = polkitidentitytest.c + +# ---------------------------------------------------------------------------------------------------- + +check_PROGRAMS = $(TEST_PROGS) +TESTS = $(TEST_PROGS) + +clean-local : + rm -f *~ diff --git a/test/polkit/Makefile.in b/test/polkit/Makefile.in new file mode 100644 index 00000000..3f85659a --- /dev/null +++ b/test/polkit/Makefile.in @@ -0,0 +1,730 @@ +# Makefile.in generated by automake 1.11.3 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software +# Foundation, Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ +VPATH = @srcdir@ +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +check_PROGRAMS = $(am__EXEEXT_1) +TESTS = $(am__EXEEXT_1) +subdir = test/polkit +DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/config.h +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +am__EXEEXT_1 = polkitunixusertest$(EXEEXT) \ + polkitunixgrouptest$(EXEEXT) polkitunixnetgrouptest$(EXEEXT) \ + polkitidentitytest$(EXEEXT) +am_polkitidentitytest_OBJECTS = polkitidentitytest.$(OBJEXT) +polkitidentitytest_OBJECTS = $(am_polkitidentitytest_OBJECTS) +polkitidentitytest_LDADD = $(LDADD) +am__DEPENDENCIES_1 = +polkitidentitytest_DEPENDENCIES = $(am__DEPENDENCIES_1) \ + $(top_builddir)/src/polkit/libpolkit-gobject-1.la \ + $(am__DEPENDENCIES_1) +AM_V_lt = $(am__v_lt_@AM_V@) +am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) +am__v_lt_0 = --silent +am_polkitunixgrouptest_OBJECTS = polkitunixgrouptest.$(OBJEXT) +polkitunixgrouptest_OBJECTS = $(am_polkitunixgrouptest_OBJECTS) +polkitunixgrouptest_LDADD = $(LDADD) +polkitunixgrouptest_DEPENDENCIES = $(am__DEPENDENCIES_1) \ + $(top_builddir)/src/polkit/libpolkit-gobject-1.la \ + $(am__DEPENDENCIES_1) +am_polkitunixnetgrouptest_OBJECTS = polkitunixnetgrouptest.$(OBJEXT) +polkitunixnetgrouptest_OBJECTS = $(am_polkitunixnetgrouptest_OBJECTS) +polkitunixnetgrouptest_LDADD = $(LDADD) +polkitunixnetgrouptest_DEPENDENCIES = $(am__DEPENDENCIES_1) \ + $(top_builddir)/src/polkit/libpolkit-gobject-1.la \ + $(am__DEPENDENCIES_1) +am_polkitunixusertest_OBJECTS = polkitunixusertest.$(OBJEXT) +polkitunixusertest_OBJECTS = $(am_polkitunixusertest_OBJECTS) +polkitunixusertest_LDADD = $(LDADD) +polkitunixusertest_DEPENDENCIES = $(am__DEPENDENCIES_1) \ + $(top_builddir)/src/polkit/libpolkit-gobject-1.la \ + $(am__DEPENDENCIES_1) +DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ + $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ + $(AM_CFLAGS) $(CFLAGS) +AM_V_CC = $(am__v_CC_@AM_V@) +am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) +am__v_CC_0 = @echo " CC " $@; +AM_V_at = $(am__v_at_@AM_V@) +am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) +am__v_at_0 = @ +CCLD = $(CC) +LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(AM_LDFLAGS) $(LDFLAGS) -o $@ +AM_V_CCLD = $(am__v_CCLD_@AM_V@) +am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) +am__v_CCLD_0 = @echo " CCLD " $@; +AM_V_GEN = $(am__v_GEN_@AM_V@) +am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) +am__v_GEN_0 = @echo " GEN " $@; +SOURCES = $(polkitidentitytest_SOURCES) $(polkitunixgrouptest_SOURCES) \ + $(polkitunixnetgrouptest_SOURCES) \ + $(polkitunixusertest_SOURCES) +DIST_SOURCES = $(polkitidentitytest_SOURCES) \ + $(polkitunixgrouptest_SOURCES) \ + $(polkitunixnetgrouptest_SOURCES) \ + $(polkitunixusertest_SOURCES) +ETAGS = etags +CTAGS = ctags +am__tty_colors = \ +red=; grn=; lgn=; blu=; std= +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +ALL_LINGUAS = @ALL_LINGUAS@ +AMTAR = @AMTAR@ +AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ +AR = @AR@ +AUTH_LIBS = @AUTH_LIBS@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +CATALOGS = @CATALOGS@ +CATOBJEXT = @CATOBJEXT@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DATADIRNAME = @DATADIRNAME@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +EXPAT_LIBS = @EXPAT_LIBS@ +FGREP = @FGREP@ +GETTEXT_PACKAGE = @GETTEXT_PACKAGE@ +GLIB_CFLAGS = @GLIB_CFLAGS@ +GLIB_LIBS = @GLIB_LIBS@ +GMOFILES = @GMOFILES@ +GMSGFMT = @GMSGFMT@ +GREP = @GREP@ +GTKDOC_CHECK = @GTKDOC_CHECK@ +GTKDOC_DEPS_CFLAGS = @GTKDOC_DEPS_CFLAGS@ +GTKDOC_DEPS_LIBS = @GTKDOC_DEPS_LIBS@ +GTKDOC_MKPDF = @GTKDOC_MKPDF@ +GTKDOC_REBASE = @GTKDOC_REBASE@ +HAVE_PAM = @HAVE_PAM@ +HTML_DIR = @HTML_DIR@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +INSTOBJEXT = @INSTOBJEXT@ +INTLLIBS = @INTLLIBS@ +INTLTOOL_EXTRACT = @INTLTOOL_EXTRACT@ +INTLTOOL_MERGE = @INTLTOOL_MERGE@ +INTLTOOL_PERL = @INTLTOOL_PERL@ +INTLTOOL_UPDATE = @INTLTOOL_UPDATE@ +INTLTOOL_V_MERGE = @INTLTOOL_V_MERGE@ +INTLTOOL_V_MERGE_OPTIONS = @INTLTOOL_V_MERGE_OPTIONS@ +INTLTOOL__v_MERGE_ = @INTLTOOL__v_MERGE_@ +INTLTOOL__v_MERGE_0 = @INTLTOOL__v_MERGE_0@ +INTROSPECTION_CFLAGS = @INTROSPECTION_CFLAGS@ +INTROSPECTION_COMPILER = @INTROSPECTION_COMPILER@ +INTROSPECTION_GENERATE = @INTROSPECTION_GENERATE@ +INTROSPECTION_GIRDIR = @INTROSPECTION_GIRDIR@ +INTROSPECTION_LIBS = @INTROSPECTION_LIBS@ +INTROSPECTION_MAKEFILE = @INTROSPECTION_MAKEFILE@ +INTROSPECTION_SCANNER = @INTROSPECTION_SCANNER@ +INTROSPECTION_TYPELIBDIR = @INTROSPECTION_TYPELIBDIR@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +LT_AGE = @LT_AGE@ +LT_CURRENT = @LT_CURRENT@ +LT_REVISION = @LT_REVISION@ +MAINT = @MAINT@ +MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ +MKDIR_P = @MKDIR_P@ +MKINSTALLDIRS = @MKINSTALLDIRS@ +MSGFMT = @MSGFMT@ +MSGFMT_OPTS = @MSGFMT_OPTS@ +MSGMERGE = @MSGMERGE@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PAM_FILE_INCLUDE_ACCOUNT = @PAM_FILE_INCLUDE_ACCOUNT@ +PAM_FILE_INCLUDE_AUTH = @PAM_FILE_INCLUDE_AUTH@ +PAM_FILE_INCLUDE_PASSWORD = @PAM_FILE_INCLUDE_PASSWORD@ +PAM_FILE_INCLUDE_SESSION = @PAM_FILE_INCLUDE_SESSION@ +PAM_MODULE_DIR = @PAM_MODULE_DIR@ +PAM_PREFIX = @PAM_PREFIX@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +POFILES = @POFILES@ +POLKIT_AUTHFW = @POLKIT_AUTHFW@ +POSUB = @POSUB@ +PO_IN_DATADIR_FALSE = @PO_IN_DATADIR_FALSE@ +PO_IN_DATADIR_TRUE = @PO_IN_DATADIR_TRUE@ +RANLIB = @RANLIB@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +STRIP = @STRIP@ +SYSTEMD_CFLAGS = @SYSTEMD_CFLAGS@ +SYSTEMD_LIBS = @SYSTEMD_LIBS@ +USE_NLS = @USE_NLS@ +VERSION = @VERSION@ +XGETTEXT = @XGETTEXT@ +XSLTPROC = @XSLTPROC@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +intltool__v_merge_options_ = @intltool__v_merge_options_@ +intltool__v_merge_options_0 = @intltool__v_merge_options_0@ +libdir = @libdir@ +libexecdir = @libexecdir@ +localedir = @localedir@ +localstatedir = @localstatedir@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +subdirs = @subdirs@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +NULL = +INCLUDES = \ + -I$(top_builddir)/src \ + -I$(top_srcdir)/src \ + -I$(top_srcdir)/test \ + -DPACKAGE_LIBEXEC_DIR=\""$(libexecdir)"\" \ + -DPACKAGE_SYSCONF_DIR=\""$(sysconfdir)"\" \ + -DPACKAGE_DATA_DIR=\""$(datadir)"\" \ + -DPACKAGE_BIN_DIR=\""$(bindir)"\" \ + -DPACKAGE_LOCALSTATE_DIR=\""$(localstatedir)"\" \ + -DPACKAGE_LOCALE_DIR=\""$(localedir)"\" \ + -DPACKAGE_LIB_DIR=\""$(libdir)"\" \ + -D_POSIX_PTHREAD_SEMANTICS \ + -D_REENTRANT \ + $(NULL) + +AM_CFLAGS = \ + -D_POLKIT_COMPILATION \ + -D_POLKIT_BACKEND_COMPILATION \ + $(GLIB_CFLAGS) \ + $(NULL) + +LDADD = \ + $(GLIB_LIBS) \ + $(top_builddir)/src/polkit/libpolkit-gobject-1.la \ + $(NULL) + + +# ---------------------------------------------------------------------------------------------------- +TEST_PROGS = polkitunixusertest polkitunixgrouptest \ + polkitunixnetgrouptest polkitidentitytest +polkitunixusertest_SOURCES = polkitunixusertest.c +polkitunixgrouptest_SOURCES = polkitunixgrouptest.c +polkitunixnetgrouptest_SOURCES = polkitunixnetgrouptest.c +polkitidentitytest_SOURCES = polkitidentitytest.c +all: all-am + +.SUFFIXES: +.SUFFIXES: .c .lo .o .obj +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu test/polkit/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu test/polkit/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): + +clean-checkPROGRAMS: + @list='$(check_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list +polkitidentitytest$(EXEEXT): $(polkitidentitytest_OBJECTS) $(polkitidentitytest_DEPENDENCIES) $(EXTRA_polkitidentitytest_DEPENDENCIES) + @rm -f polkitidentitytest$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(polkitidentitytest_OBJECTS) $(polkitidentitytest_LDADD) $(LIBS) +polkitunixgrouptest$(EXEEXT): $(polkitunixgrouptest_OBJECTS) $(polkitunixgrouptest_DEPENDENCIES) $(EXTRA_polkitunixgrouptest_DEPENDENCIES) + @rm -f polkitunixgrouptest$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(polkitunixgrouptest_OBJECTS) $(polkitunixgrouptest_LDADD) $(LIBS) +polkitunixnetgrouptest$(EXEEXT): $(polkitunixnetgrouptest_OBJECTS) $(polkitunixnetgrouptest_DEPENDENCIES) $(EXTRA_polkitunixnetgrouptest_DEPENDENCIES) + @rm -f polkitunixnetgrouptest$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(polkitunixnetgrouptest_OBJECTS) $(polkitunixnetgrouptest_LDADD) $(LIBS) +polkitunixusertest$(EXEEXT): $(polkitunixusertest_OBJECTS) $(polkitunixusertest_DEPENDENCIES) $(EXTRA_polkitunixusertest_DEPENDENCIES) + @rm -f polkitunixusertest$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(polkitunixusertest_OBJECTS) $(polkitunixusertest_LDADD) $(LIBS) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + +distclean-compile: + -rm -f *.tab.c + +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/polkitidentitytest.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/polkitunixgrouptest.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/polkitunixnetgrouptest.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/polkitunixusertest.Po@am__quote@ + +.c.o: +@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $< + +.c.obj: +@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'` + +.c.lo: +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + mkid -fID $$unique +tags: TAGS + +TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + set x; \ + here=`pwd`; \ + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: CTAGS +CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +check-TESTS: $(TESTS) + @failed=0; all=0; xfail=0; xpass=0; skip=0; \ + srcdir=$(srcdir); export srcdir; \ + list=' $(TESTS) '; \ + $(am__tty_colors); \ + if test -n "$$list"; then \ + for tst in $$list; do \ + if test -f ./$$tst; then dir=./; \ + elif test -f $$tst; then dir=; \ + else dir="$(srcdir)/"; fi; \ + if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \ + all=`expr $$all + 1`; \ + case " $(XFAIL_TESTS) " in \ + *[\ \ ]$$tst[\ \ ]*) \ + xpass=`expr $$xpass + 1`; \ + failed=`expr $$failed + 1`; \ + col=$$red; res=XPASS; \ + ;; \ + *) \ + col=$$grn; res=PASS; \ + ;; \ + esac; \ + elif test $$? -ne 77; then \ + all=`expr $$all + 1`; \ + case " $(XFAIL_TESTS) " in \ + *[\ \ ]$$tst[\ \ ]*) \ + xfail=`expr $$xfail + 1`; \ + col=$$lgn; res=XFAIL; \ + ;; \ + *) \ + failed=`expr $$failed + 1`; \ + col=$$red; res=FAIL; \ + ;; \ + esac; \ + else \ + skip=`expr $$skip + 1`; \ + col=$$blu; res=SKIP; \ + fi; \ + echo "$${col}$$res$${std}: $$tst"; \ + done; \ + if test "$$all" -eq 1; then \ + tests="test"; \ + All=""; \ + else \ + tests="tests"; \ + All="All "; \ + fi; \ + if test "$$failed" -eq 0; then \ + if test "$$xfail" -eq 0; then \ + banner="$$All$$all $$tests passed"; \ + else \ + if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ + banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ + fi; \ + else \ + if test "$$xpass" -eq 0; then \ + banner="$$failed of $$all $$tests failed"; \ + else \ + if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ + banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ + fi; \ + fi; \ + dashes="$$banner"; \ + skipped=""; \ + if test "$$skip" -ne 0; then \ + if test "$$skip" -eq 1; then \ + skipped="($$skip test was not run)"; \ + else \ + skipped="($$skip tests were not run)"; \ + fi; \ + test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ + dashes="$$skipped"; \ + fi; \ + report=""; \ + if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \ + report="Please report to $(PACKAGE_BUGREPORT)"; \ + test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \ + dashes="$$report"; \ + fi; \ + dashes=`echo "$$dashes" | sed s/./=/g`; \ + if test "$$failed" -eq 0; then \ + col="$$grn"; \ + else \ + col="$$red"; \ + fi; \ + echo "$${col}$$dashes$${std}"; \ + echo "$${col}$$banner$${std}"; \ + test -z "$$skipped" || echo "$${col}$$skipped$${std}"; \ + test -z "$$report" || echo "$${col}$$report$${std}"; \ + echo "$${col}$$dashes$${std}"; \ + test "$$failed" -eq 0; \ + else :; fi + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am + $(MAKE) $(AM_MAKEFLAGS) $(check_PROGRAMS) + $(MAKE) $(AM_MAKEFLAGS) check-TESTS +check: check-am +all-am: Makefile +installdirs: +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + if test -z '$(STRIP)'; then \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + install; \ + else \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ + fi +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-checkPROGRAMS clean-generic clean-libtool clean-local \ + mostlyclean-am + +distclean: distclean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-tags + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: + +.MAKE: check-am install-am install-strip + +.PHONY: CTAGS GTAGS all all-am check check-TESTS check-am clean \ + clean-checkPROGRAMS clean-generic clean-libtool clean-local \ + ctags distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-man install-pdf install-pdf-am \ + install-ps install-ps-am install-strip installcheck \ + installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-compile \ + mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ + tags uninstall uninstall-am + + +clean-local : + rm -f *~ + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/test/polkit/polkitidentitytest.c b/test/polkit/polkitidentitytest.c new file mode 100644 index 00000000..3b8dd5e5 --- /dev/null +++ b/test/polkit/polkitidentitytest.c @@ -0,0 +1,194 @@ +/* + * Copyright (C) 2011 Google Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, write to the + * Free Software Foundation, Inc., 59 Temple Place, Suite 330, + * Boston, MA 02111-1307, USA. + * + * Author: Nikki VonHollen + */ + +#include "glib.h" +#include +#include + +/* Test helper types */ + +struct ComparisonTestData { + const gchar *subject_a; + const gchar *subject_b; + gboolean equal; +}; + + +/* Test definitions */ + +static void +test_string (const void *_subject) +{ + const gchar *subject = (const gchar *) _subject; + + PolkitIdentity *identity; + GError *error = NULL; + gchar *subject_new; + + /* Create the subject from a string */ + identity = polkit_identity_from_string (subject, &error); + g_assert (identity); + g_assert_no_error (error); + + /* Create new string for identity */ + subject_new = polkit_identity_to_string (identity); + + /* Make sure they match */ + g_assert_cmpstr (subject_new, ==, subject); + + g_free (subject_new); + g_object_unref (identity); +} + + +static void +test_gvariant (const void *_subject) +{ + const gchar *subject = (const gchar *) _subject; + + PolkitIdentity *identity, *new_identity; + GError *error = NULL; + GVariant *value; + + /* Create the subject from a string */ + identity = polkit_identity_from_string (subject, &error); + g_assert_no_error (error); + g_assert (identity); + + /* Create a GVariant for the subject */ + value = polkit_identity_to_gvariant (identity); + g_assert (value); + + /* Unserialize the subject */ + new_identity = polkit_identity_new_for_gvariant (value, &error); + g_assert_no_error (error); + g_assert (new_identity); + g_variant_unref (value); + + /* Make sure the two identities are equal */ + g_assert (new_identity); + g_assert (polkit_identity_equal (identity, new_identity)); + + g_object_unref (identity); + g_object_unref (new_identity); +} + + +static void +test_comparison (const void *_data) +{ + struct ComparisonTestData *data = (struct ComparisonTestData *) _data; + + PolkitIdentity *identity_a, *identity_b; + GError *error = NULL; + guint hash_a, hash_b; + + /* Create identities A and B */ + identity_a = polkit_identity_from_string (data->subject_a, &error); + g_assert_no_error (error); + g_assert (identity_a); + + identity_b = polkit_identity_from_string (data->subject_b, &error); + g_assert_no_error (error); + g_assert (identity_b); + + /* Compute their hashes */ + hash_a = polkit_identity_hash (identity_a); + hash_b = polkit_identity_hash (identity_b); + + /* Comparison to self should always work */ + g_assert (polkit_identity_equal (identity_a, identity_a)); + + /* Are A and B supposed to match? Test hash and comparators */ + if (data->equal) + { + g_assert_cmpint (hash_a, ==, hash_b); + g_assert (polkit_identity_equal (identity_a, identity_b)); + } + else + { + g_assert_cmpint (hash_a, !=, hash_b); + g_assert (!polkit_identity_equal (identity_a, identity_b)); + } + + g_object_unref (identity_a); + g_object_unref (identity_b); +} + + +/* Test helpers */ + +struct ComparisonTestData comparison_test_data [] = { + {"unix-user:root", "unix-user:root", TRUE}, + {"unix-user:root", "unix-user:john", FALSE}, + {"unix-user:john", "unix-user:john", TRUE}, + + {"unix-group:root", "unix-group:root", TRUE}, + {"unix-group:root", "unix-group:jane", FALSE}, + {"unix-group:jane", "unix-group:jane", TRUE}, + + {"unix-netgroup:foo", "unix-netgroup:foo", TRUE}, + {"unix-netgroup:foo", "unix-netgroup:bar", FALSE}, + + {"unix-user:root", "unix-group:root", FALSE}, + {"unix-user:jane", "unix-netgroup:foo", FALSE}, + + {NULL}, +}; + +static void +add_comparison_tests (void) +{ + unsigned int i; + for (i = 0; comparison_test_data[i].subject_a != NULL; i++) + { + struct ComparisonTestData *test_data = &comparison_test_data[i]; + gchar *test_name = g_strdup_printf ("/PolkitIdentity/comparison_%d", i); + g_test_add_data_func (test_name, test_data, test_comparison); + } +} + + +int +main (int argc, char *argv[]) +{ + g_type_init (); + g_test_init (&argc, &argv, NULL); + + g_test_add_data_func ("/PolkitIdentity/user_string_0", "unix-user:root", test_string); + g_test_add_data_func ("/PolkitIdentity/user_string_1", "unix-user:john", test_string); + g_test_add_data_func ("/PolkitIdentity/user_string_2", "unix-user:jane", test_string); + + g_test_add_data_func ("/PolkitIdentity/group_string_0", "unix-group:root", test_string); + g_test_add_data_func ("/PolkitIdentity/group_string_1", "unix-group:john", test_string); + g_test_add_data_func ("/PolkitIdentity/group_string_2", "unix-group:jane", test_string); + g_test_add_data_func ("/PolkitIdentity/group_string_3", "unix-group:users", test_string); + + g_test_add_data_func ("/PolkitIdentity/netgroup_string", "unix-netgroup:foo", test_string); + + g_test_add_data_func ("/PolkitIdentity/user_gvariant", "unix-user:root", test_gvariant); + g_test_add_data_func ("/PolkitIdentity/group_gvariant", "unix-group:root", test_gvariant); + g_test_add_data_func ("/PolkitIdentity/netgroup_gvariant", "unix-netgroup:foo", test_gvariant); + + add_comparison_tests (); + + return g_test_run (); +} diff --git a/test/polkit/polkitunixgrouptest.c b/test/polkit/polkitunixgrouptest.c new file mode 100644 index 00000000..f1417b3a --- /dev/null +++ b/test/polkit/polkitunixgrouptest.c @@ -0,0 +1,82 @@ +/* + * Copyright (C) 2011 Google Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, write to the + * Free Software Foundation, Inc., 59 Temple Place, Suite 330, + * Boston, MA 02111-1307, USA. + * + * Author: Nikki VonHollen + */ + +#include "glib.h" +#include + + +static void +test_new (void) +{ + PolkitUnixGroup *group; + + group = POLKIT_UNIX_GROUP (polkit_unix_group_new (0)); + g_assert (group); + + gint group_gid = polkit_unix_group_get_gid (group); + g_assert_cmpint (group_gid, ==, 0); + + g_object_unref (group); +} + + +static void +test_new_for_name (void) +{ + GError *error = NULL; + PolkitUnixGroup *group; + + group = POLKIT_UNIX_GROUP (polkit_unix_group_new_for_name ("root", &error)); + g_assert (group); + g_assert_no_error (error); + + gint group_gid = polkit_unix_group_get_gid (group); + g_assert_cmpint (group_gid, ==, 0); + + g_object_unref (group); +} + + +static void +test_set_gid (void) +{ + PolkitUnixGroup *group; + group = POLKIT_UNIX_GROUP (polkit_unix_group_new (0)); + + polkit_unix_group_set_gid (group, 5); + + gint group_gid = polkit_unix_group_get_gid (group); + g_assert_cmpint (group_gid, ==, 5); + + g_object_unref (group); +} + + +int +main (int argc, char *argv[]) +{ + g_type_init (); + g_test_init (&argc, &argv, NULL); + g_test_add_func ("/PolkitUnixGroup/new", test_new); + g_test_add_func ("/PolkitUnixGroup/new_for_name", test_new_for_name); + g_test_add_func ("/PolkitUnixGroup/set_gid", test_set_gid); + return g_test_run (); +} diff --git a/test/polkit/polkitunixnetgrouptest.c b/test/polkit/polkitunixnetgrouptest.c new file mode 100644 index 00000000..c67822ed --- /dev/null +++ b/test/polkit/polkitunixnetgrouptest.c @@ -0,0 +1,76 @@ +/* + * Copyright (C) 2011 Google Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, write to the + * Free Software Foundation, Inc., 59 Temple Place, Suite 330, + * Boston, MA 02111-1307, USA. + * + * Author: Nikki VonHollen + */ + +#include "glib.h" +#include +#include + + +static void +test_new (void) +{ + PolkitUnixNetgroup *netgroup; + const char *netgroup_name; + + netgroup = POLKIT_UNIX_NETGROUP (polkit_unix_netgroup_new ("testgroup")); + g_assert (netgroup); + + netgroup_name = polkit_unix_netgroup_get_name (netgroup); + g_assert_cmpstr (netgroup_name, ==, "testgroup"); + + g_object_unref (netgroup); +} + + +static void +test_set_name (void) +{ + PolkitUnixNetgroup *netgroup; + const char *netgroup_name; + char new_name_buf [] = "foo"; + + netgroup = POLKIT_UNIX_NETGROUP (polkit_unix_netgroup_new ("testgroup")); + + polkit_unix_netgroup_set_name (netgroup, new_name_buf); + netgroup_name = polkit_unix_netgroup_get_name (netgroup); + g_assert_cmpstr (netgroup_name, ==, "foo"); + + memcpy(new_name_buf, "bar", 3); + netgroup_name = polkit_unix_netgroup_get_name (netgroup); + g_assert_cmpstr (netgroup_name, ==, "foo"); + + polkit_unix_netgroup_set_name (netgroup, new_name_buf); + netgroup_name = polkit_unix_netgroup_get_name (netgroup); + g_assert_cmpstr (netgroup_name, ==, "bar"); + + g_object_unref (netgroup); +} + + +int +main (int argc, char *argv[]) +{ + g_type_init (); + g_test_init (&argc, &argv, NULL); + g_test_add_func ("/PolkitUnixNetgroup/new", test_new); + g_test_add_func ("/PolkitUnixNetgroup/set_name", test_set_name); + return g_test_run (); +} diff --git a/test/polkit/polkitunixusertest.c b/test/polkit/polkitunixusertest.c new file mode 100644 index 00000000..ce35088e --- /dev/null +++ b/test/polkit/polkitunixusertest.c @@ -0,0 +1,104 @@ +/* + * Copyright (C) 2011 Google Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, write to the + * Free Software Foundation, Inc., 59 Temple Place, Suite 330, + * Boston, MA 02111-1307, USA. + * + * Author: Nikki VonHollen + */ + +#include "glib.h" +#include + +struct user_entry { + const gchar *name; + gint uid; +}; + +static struct user_entry user_entries [] = { + {"root", 0}, + {"john", 500}, + {"jane", 501}, + {NULL}, +}; + +static void +test_new (void) +{ + unsigned int i; + for (i = 0; user_entries[i].name != NULL; i++) { + gint uid = user_entries[i].uid; + + PolkitUnixUser *user; + + user = POLKIT_UNIX_USER (polkit_unix_user_new (uid)); + g_assert (user); + + gint user_uid = polkit_unix_user_get_uid (user); + g_assert_cmpint (user_uid, ==, uid); + + g_object_unref (user); + } +} + + +static void +test_new_for_name (void) +{ + unsigned int i; + for (i = 0; user_entries[i].name != NULL; i++) { + const gchar *name = user_entries[i].name; + gint expect_uid = user_entries[i].uid; + + GError *error = NULL; + PolkitUnixUser *user; + + user = POLKIT_UNIX_USER (polkit_unix_user_new_for_name (name, &error)); + g_assert (user); + g_assert_no_error (error); + + gint user_uid = polkit_unix_user_get_uid (user); + g_assert_cmpint (user_uid, ==, expect_uid); + + g_object_unref (user); + } +} + + +static void +test_set_uid (void) +{ + PolkitUnixUser *user; + user = POLKIT_UNIX_USER (polkit_unix_user_new (0)); + + polkit_unix_user_set_uid (user, 5); + + gint user_uid = polkit_unix_user_get_uid (user); + g_assert_cmpint (user_uid, ==, 5); + + g_object_unref (user); +} + + +int +main (int argc, char *argv[]) +{ + g_type_init (); + g_test_init (&argc, &argv, NULL); + g_test_add_func ("/PolkitUnixUser/new", test_new); + g_test_add_func ("/PolkitUnixUser/new_for_name", test_new_for_name); + g_test_add_func ("/PolkitUnixUser/set_uid", test_set_uid); + return g_test_run (); +} diff --git a/test/polkitbackend/Makefile.am b/test/polkitbackend/Makefile.am new file mode 100644 index 00000000..c611b5ba --- /dev/null +++ b/test/polkitbackend/Makefile.am @@ -0,0 +1,48 @@ + +NULL = + +INCLUDES = \ + -I$(top_builddir)/src \ + -I$(top_srcdir)/src \ + -I$(top_srcdir)/test \ + -DPACKAGE_LIBEXEC_DIR=\""$(libexecdir)"\" \ + -DPACKAGE_SYSCONF_DIR=\""$(sysconfdir)"\" \ + -DPACKAGE_DATA_DIR=\""$(datadir)"\" \ + -DPACKAGE_BIN_DIR=\""$(bindir)"\" \ + -DPACKAGE_LOCALSTATE_DIR=\""$(localstatedir)"\" \ + -DPACKAGE_LOCALE_DIR=\""$(localedir)"\" \ + -DPACKAGE_LIB_DIR=\""$(libdir)"\" \ + -D_POSIX_PTHREAD_SEMANTICS \ + -D_REENTRANT \ + $(NULL) + +AM_CFLAGS = \ + -D_POLKIT_COMPILATION \ + -D_POLKIT_BACKEND_COMPILATION \ + $(GLIB_CFLAGS) \ + $(NULL) + +LDADD = \ + $(GLIB_LIBS) \ + $(top_builddir)/src/polkit/libpolkit-gobject-1.la \ + $(top_builddir)/src/polkitbackend/libpolkit-backend-1.la\ + $(top_builddir)/test/libpolkit-test-helper.la \ + $(NULL) + +TEST_PROGS = + +# ---------------------------------------------------------------------------------------------------- + +TEST_PROGS += polkitbackendlocalauthorizationstoretest +polkitbackendlocalauthorizationstoretest_SOURCES = polkitbackendlocalauthorizationstoretest.c + +TEST_PROGS += polkitbackendlocalauthoritytest +polkitbackendlocalauthoritytest_SOURCES = polkitbackendlocalauthoritytest.c + +# ---------------------------------------------------------------------------------------------------- + +check_PROGRAMS = $(TEST_PROGS) +TESTS = $(TEST_PROGS) + +clean-local : + rm -f *~ diff --git a/test/polkitbackend/Makefile.in b/test/polkitbackend/Makefile.in new file mode 100644 index 00000000..69c68870 --- /dev/null +++ b/test/polkitbackend/Makefile.in @@ -0,0 +1,715 @@ +# Makefile.in generated by automake 1.11.3 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software +# Foundation, Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ +VPATH = @srcdir@ +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +check_PROGRAMS = $(am__EXEEXT_1) +TESTS = $(am__EXEEXT_1) +subdir = test/polkitbackend +DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/config.h +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +am__EXEEXT_1 = polkitbackendlocalauthorizationstoretest$(EXEEXT) \ + polkitbackendlocalauthoritytest$(EXEEXT) +am_polkitbackendlocalauthoritytest_OBJECTS = \ + polkitbackendlocalauthoritytest.$(OBJEXT) +polkitbackendlocalauthoritytest_OBJECTS = \ + $(am_polkitbackendlocalauthoritytest_OBJECTS) +polkitbackendlocalauthoritytest_LDADD = $(LDADD) +am__DEPENDENCIES_1 = +polkitbackendlocalauthoritytest_DEPENDENCIES = $(am__DEPENDENCIES_1) \ + $(top_builddir)/src/polkit/libpolkit-gobject-1.la \ + $(top_builddir)/src/polkitbackend/libpolkit-backend-1.la \ + $(top_builddir)/test/libpolkit-test-helper.la \ + $(am__DEPENDENCIES_1) +AM_V_lt = $(am__v_lt_@AM_V@) +am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) +am__v_lt_0 = --silent +am_polkitbackendlocalauthorizationstoretest_OBJECTS = \ + polkitbackendlocalauthorizationstoretest.$(OBJEXT) +polkitbackendlocalauthorizationstoretest_OBJECTS = \ + $(am_polkitbackendlocalauthorizationstoretest_OBJECTS) +polkitbackendlocalauthorizationstoretest_LDADD = $(LDADD) +polkitbackendlocalauthorizationstoretest_DEPENDENCIES = \ + $(am__DEPENDENCIES_1) \ + $(top_builddir)/src/polkit/libpolkit-gobject-1.la \ + $(top_builddir)/src/polkitbackend/libpolkit-backend-1.la \ + $(top_builddir)/test/libpolkit-test-helper.la \ + $(am__DEPENDENCIES_1) +DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ + $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ + $(AM_CFLAGS) $(CFLAGS) +AM_V_CC = $(am__v_CC_@AM_V@) +am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) +am__v_CC_0 = @echo " CC " $@; +AM_V_at = $(am__v_at_@AM_V@) +am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) +am__v_at_0 = @ +CCLD = $(CC) +LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(AM_LDFLAGS) $(LDFLAGS) -o $@ +AM_V_CCLD = $(am__v_CCLD_@AM_V@) +am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) +am__v_CCLD_0 = @echo " CCLD " $@; +AM_V_GEN = $(am__v_GEN_@AM_V@) +am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) +am__v_GEN_0 = @echo " GEN " $@; +SOURCES = $(polkitbackendlocalauthoritytest_SOURCES) \ + $(polkitbackendlocalauthorizationstoretest_SOURCES) +DIST_SOURCES = $(polkitbackendlocalauthoritytest_SOURCES) \ + $(polkitbackendlocalauthorizationstoretest_SOURCES) +ETAGS = etags +CTAGS = ctags +am__tty_colors = \ +red=; grn=; lgn=; blu=; std= +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +ALL_LINGUAS = @ALL_LINGUAS@ +AMTAR = @AMTAR@ +AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ +AR = @AR@ +AUTH_LIBS = @AUTH_LIBS@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +CATALOGS = @CATALOGS@ +CATOBJEXT = @CATOBJEXT@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DATADIRNAME = @DATADIRNAME@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +EXPAT_LIBS = @EXPAT_LIBS@ +FGREP = @FGREP@ +GETTEXT_PACKAGE = @GETTEXT_PACKAGE@ +GLIB_CFLAGS = @GLIB_CFLAGS@ +GLIB_LIBS = @GLIB_LIBS@ +GMOFILES = @GMOFILES@ +GMSGFMT = @GMSGFMT@ +GREP = @GREP@ +GTKDOC_CHECK = @GTKDOC_CHECK@ +GTKDOC_DEPS_CFLAGS = @GTKDOC_DEPS_CFLAGS@ +GTKDOC_DEPS_LIBS = @GTKDOC_DEPS_LIBS@ +GTKDOC_MKPDF = @GTKDOC_MKPDF@ +GTKDOC_REBASE = @GTKDOC_REBASE@ +HAVE_PAM = @HAVE_PAM@ +HTML_DIR = @HTML_DIR@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +INSTOBJEXT = @INSTOBJEXT@ +INTLLIBS = @INTLLIBS@ +INTLTOOL_EXTRACT = @INTLTOOL_EXTRACT@ +INTLTOOL_MERGE = @INTLTOOL_MERGE@ +INTLTOOL_PERL = @INTLTOOL_PERL@ +INTLTOOL_UPDATE = @INTLTOOL_UPDATE@ +INTLTOOL_V_MERGE = @INTLTOOL_V_MERGE@ +INTLTOOL_V_MERGE_OPTIONS = @INTLTOOL_V_MERGE_OPTIONS@ +INTLTOOL__v_MERGE_ = @INTLTOOL__v_MERGE_@ +INTLTOOL__v_MERGE_0 = @INTLTOOL__v_MERGE_0@ +INTROSPECTION_CFLAGS = @INTROSPECTION_CFLAGS@ +INTROSPECTION_COMPILER = @INTROSPECTION_COMPILER@ +INTROSPECTION_GENERATE = @INTROSPECTION_GENERATE@ +INTROSPECTION_GIRDIR = @INTROSPECTION_GIRDIR@ +INTROSPECTION_LIBS = @INTROSPECTION_LIBS@ +INTROSPECTION_MAKEFILE = @INTROSPECTION_MAKEFILE@ +INTROSPECTION_SCANNER = @INTROSPECTION_SCANNER@ +INTROSPECTION_TYPELIBDIR = @INTROSPECTION_TYPELIBDIR@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +LT_AGE = @LT_AGE@ +LT_CURRENT = @LT_CURRENT@ +LT_REVISION = @LT_REVISION@ +MAINT = @MAINT@ +MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ +MKDIR_P = @MKDIR_P@ +MKINSTALLDIRS = @MKINSTALLDIRS@ +MSGFMT = @MSGFMT@ +MSGFMT_OPTS = @MSGFMT_OPTS@ +MSGMERGE = @MSGMERGE@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PAM_FILE_INCLUDE_ACCOUNT = @PAM_FILE_INCLUDE_ACCOUNT@ +PAM_FILE_INCLUDE_AUTH = @PAM_FILE_INCLUDE_AUTH@ +PAM_FILE_INCLUDE_PASSWORD = @PAM_FILE_INCLUDE_PASSWORD@ +PAM_FILE_INCLUDE_SESSION = @PAM_FILE_INCLUDE_SESSION@ +PAM_MODULE_DIR = @PAM_MODULE_DIR@ +PAM_PREFIX = @PAM_PREFIX@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +POFILES = @POFILES@ +POLKIT_AUTHFW = @POLKIT_AUTHFW@ +POSUB = @POSUB@ +PO_IN_DATADIR_FALSE = @PO_IN_DATADIR_FALSE@ +PO_IN_DATADIR_TRUE = @PO_IN_DATADIR_TRUE@ +RANLIB = @RANLIB@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +STRIP = @STRIP@ +SYSTEMD_CFLAGS = @SYSTEMD_CFLAGS@ +SYSTEMD_LIBS = @SYSTEMD_LIBS@ +USE_NLS = @USE_NLS@ +VERSION = @VERSION@ +XGETTEXT = @XGETTEXT@ +XSLTPROC = @XSLTPROC@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +intltool__v_merge_options_ = @intltool__v_merge_options_@ +intltool__v_merge_options_0 = @intltool__v_merge_options_0@ +libdir = @libdir@ +libexecdir = @libexecdir@ +localedir = @localedir@ +localstatedir = @localstatedir@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +subdirs = @subdirs@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +NULL = +INCLUDES = \ + -I$(top_builddir)/src \ + -I$(top_srcdir)/src \ + -I$(top_srcdir)/test \ + -DPACKAGE_LIBEXEC_DIR=\""$(libexecdir)"\" \ + -DPACKAGE_SYSCONF_DIR=\""$(sysconfdir)"\" \ + -DPACKAGE_DATA_DIR=\""$(datadir)"\" \ + -DPACKAGE_BIN_DIR=\""$(bindir)"\" \ + -DPACKAGE_LOCALSTATE_DIR=\""$(localstatedir)"\" \ + -DPACKAGE_LOCALE_DIR=\""$(localedir)"\" \ + -DPACKAGE_LIB_DIR=\""$(libdir)"\" \ + -D_POSIX_PTHREAD_SEMANTICS \ + -D_REENTRANT \ + $(NULL) + +AM_CFLAGS = \ + -D_POLKIT_COMPILATION \ + -D_POLKIT_BACKEND_COMPILATION \ + $(GLIB_CFLAGS) \ + $(NULL) + +LDADD = \ + $(GLIB_LIBS) \ + $(top_builddir)/src/polkit/libpolkit-gobject-1.la \ + $(top_builddir)/src/polkitbackend/libpolkit-backend-1.la\ + $(top_builddir)/test/libpolkit-test-helper.la \ + $(NULL) + + +# ---------------------------------------------------------------------------------------------------- +TEST_PROGS = polkitbackendlocalauthorizationstoretest \ + polkitbackendlocalauthoritytest +polkitbackendlocalauthorizationstoretest_SOURCES = polkitbackendlocalauthorizationstoretest.c +polkitbackendlocalauthoritytest_SOURCES = polkitbackendlocalauthoritytest.c +all: all-am + +.SUFFIXES: +.SUFFIXES: .c .lo .o .obj +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu test/polkitbackend/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu test/polkitbackend/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): + +clean-checkPROGRAMS: + @list='$(check_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list +polkitbackendlocalauthoritytest$(EXEEXT): $(polkitbackendlocalauthoritytest_OBJECTS) $(polkitbackendlocalauthoritytest_DEPENDENCIES) $(EXTRA_polkitbackendlocalauthoritytest_DEPENDENCIES) + @rm -f polkitbackendlocalauthoritytest$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(polkitbackendlocalauthoritytest_OBJECTS) $(polkitbackendlocalauthoritytest_LDADD) $(LIBS) +polkitbackendlocalauthorizationstoretest$(EXEEXT): $(polkitbackendlocalauthorizationstoretest_OBJECTS) $(polkitbackendlocalauthorizationstoretest_DEPENDENCIES) $(EXTRA_polkitbackendlocalauthorizationstoretest_DEPENDENCIES) + @rm -f polkitbackendlocalauthorizationstoretest$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(polkitbackendlocalauthorizationstoretest_OBJECTS) $(polkitbackendlocalauthorizationstoretest_LDADD) $(LIBS) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + +distclean-compile: + -rm -f *.tab.c + +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/polkitbackendlocalauthoritytest.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/polkitbackendlocalauthorizationstoretest.Po@am__quote@ + +.c.o: +@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $< + +.c.obj: +@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'` + +.c.lo: +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + mkid -fID $$unique +tags: TAGS + +TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + set x; \ + here=`pwd`; \ + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: CTAGS +CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +check-TESTS: $(TESTS) + @failed=0; all=0; xfail=0; xpass=0; skip=0; \ + srcdir=$(srcdir); export srcdir; \ + list=' $(TESTS) '; \ + $(am__tty_colors); \ + if test -n "$$list"; then \ + for tst in $$list; do \ + if test -f ./$$tst; then dir=./; \ + elif test -f $$tst; then dir=; \ + else dir="$(srcdir)/"; fi; \ + if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \ + all=`expr $$all + 1`; \ + case " $(XFAIL_TESTS) " in \ + *[\ \ ]$$tst[\ \ ]*) \ + xpass=`expr $$xpass + 1`; \ + failed=`expr $$failed + 1`; \ + col=$$red; res=XPASS; \ + ;; \ + *) \ + col=$$grn; res=PASS; \ + ;; \ + esac; \ + elif test $$? -ne 77; then \ + all=`expr $$all + 1`; \ + case " $(XFAIL_TESTS) " in \ + *[\ \ ]$$tst[\ \ ]*) \ + xfail=`expr $$xfail + 1`; \ + col=$$lgn; res=XFAIL; \ + ;; \ + *) \ + failed=`expr $$failed + 1`; \ + col=$$red; res=FAIL; \ + ;; \ + esac; \ + else \ + skip=`expr $$skip + 1`; \ + col=$$blu; res=SKIP; \ + fi; \ + echo "$${col}$$res$${std}: $$tst"; \ + done; \ + if test "$$all" -eq 1; then \ + tests="test"; \ + All=""; \ + else \ + tests="tests"; \ + All="All "; \ + fi; \ + if test "$$failed" -eq 0; then \ + if test "$$xfail" -eq 0; then \ + banner="$$All$$all $$tests passed"; \ + else \ + if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ + banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ + fi; \ + else \ + if test "$$xpass" -eq 0; then \ + banner="$$failed of $$all $$tests failed"; \ + else \ + if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ + banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ + fi; \ + fi; \ + dashes="$$banner"; \ + skipped=""; \ + if test "$$skip" -ne 0; then \ + if test "$$skip" -eq 1; then \ + skipped="($$skip test was not run)"; \ + else \ + skipped="($$skip tests were not run)"; \ + fi; \ + test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ + dashes="$$skipped"; \ + fi; \ + report=""; \ + if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \ + report="Please report to $(PACKAGE_BUGREPORT)"; \ + test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \ + dashes="$$report"; \ + fi; \ + dashes=`echo "$$dashes" | sed s/./=/g`; \ + if test "$$failed" -eq 0; then \ + col="$$grn"; \ + else \ + col="$$red"; \ + fi; \ + echo "$${col}$$dashes$${std}"; \ + echo "$${col}$$banner$${std}"; \ + test -z "$$skipped" || echo "$${col}$$skipped$${std}"; \ + test -z "$$report" || echo "$${col}$$report$${std}"; \ + echo "$${col}$$dashes$${std}"; \ + test "$$failed" -eq 0; \ + else :; fi + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am + $(MAKE) $(AM_MAKEFLAGS) $(check_PROGRAMS) + $(MAKE) $(AM_MAKEFLAGS) check-TESTS +check: check-am +all-am: Makefile +installdirs: +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + if test -z '$(STRIP)'; then \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + install; \ + else \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ + fi +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-checkPROGRAMS clean-generic clean-libtool clean-local \ + mostlyclean-am + +distclean: distclean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-tags + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: + +.MAKE: check-am install-am install-strip + +.PHONY: CTAGS GTAGS all all-am check check-TESTS check-am clean \ + clean-checkPROGRAMS clean-generic clean-libtool clean-local \ + ctags distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-man install-pdf install-pdf-am \ + install-ps install-ps-am install-strip installcheck \ + installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-compile \ + mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ + tags uninstall uninstall-am + + +clean-local : + rm -f *~ + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/test/polkitbackend/polkitbackendlocalauthoritytest.c b/test/polkitbackend/polkitbackendlocalauthoritytest.c new file mode 100644 index 00000000..617c2549 --- /dev/null +++ b/test/polkitbackend/polkitbackendlocalauthoritytest.c @@ -0,0 +1,264 @@ +/* + * Copyright (C) 2011 Google Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, write to the + * Free Software Foundation, Inc., 59 Temple Place, Suite 330, + * Boston, MA 02111-1307, USA. + * + * Author: Nikki VonHollen + */ + +#include "glib.h" + +#include +#include +#include + +#define TEST_CONFIG_PATH "etc/polkit-1/localauthority.conf.d" +#define TEST_AUTH_PATH1 "etc/polkit-1/localauthority" +#define TEST_AUTH_PATH2 "var/lib/polkit-1/localauthority" + +/* Test helper types */ + +struct auth_context { + const gchar *identity; + gboolean subject_is_local; + gboolean subject_is_active; + const gchar *action_id; + PolkitImplicitAuthorization implicit; + PolkitImplicitAuthorization expect; +}; + +static PolkitBackendLocalAuthority *create_authority (void); + + +/* Test implementations */ + +static void +test_check_authorization_sync (const void *_ctx) +{ + const struct auth_context *ctx = (const struct auth_context *) _ctx; + + PolkitBackendLocalAuthority *authority = create_authority (); + + PolkitSubject *caller = polkit_unix_session_new ("caller-session"); + g_assert (caller); + + PolkitSubject *subject = polkit_unix_session_new ("subject-session");; + g_assert (subject); + + GError *error = NULL; + PolkitIdentity *user_for_subject = polkit_identity_from_string (ctx->identity, &error); + g_assert_no_error (error); + g_assert (user_for_subject); + + PolkitDetails *details = polkit_details_new (); + g_assert (details); + + PolkitDetails *out_details = polkit_details_new (); + g_assert (out_details); + + PolkitImplicitAuthorization auth; + + auth = polkit_backend_interactive_authority_check_authorization_sync ( + POLKIT_BACKEND_INTERACTIVE_AUTHORITY (authority), + caller, + subject, + user_for_subject, + ctx->subject_is_local, + ctx->subject_is_active, + ctx->action_id, + details, + ctx->implicit, + out_details); + + g_assert_cmpint (auth, ==, ctx->expect); + + g_object_unref (authority); + g_object_unref (caller); + g_object_unref (subject); + g_object_unref (user_for_subject); + g_object_unref (details); + g_object_unref (out_details); +} + +static void +test_get_admin_identities (void) +{ + /* Note: The implementation for get_admin_identities is called + * get_admin_auth_identities in PolkitBackendLocalAuthority */ + + PolkitBackendLocalAuthority *authority = create_authority (); + + /* Setup required arguments, but none of their values matter */ + PolkitSubject *caller = polkit_unix_session_new ("caller-session"); + g_assert (caller); + + PolkitSubject *subject = polkit_unix_session_new ("subject-session");; + g_assert (subject); + + GError *error = NULL; + PolkitIdentity *user_for_subject = polkit_identity_from_string ("unix-user:root", &error); + g_assert_no_error (error); + g_assert (user_for_subject); + + PolkitDetails *details = polkit_details_new (); + g_assert (details); + + /* Get the list of PolkitUnixUser objects who are admins */ + GList *result; + result = polkit_backend_interactive_authority_get_admin_identities ( + POLKIT_BACKEND_INTERACTIVE_AUTHORITY (authority), + caller, + subject, + user_for_subject, + "com.example.doesntmatter", + details); + + guint result_len = g_list_length (result); + g_assert_cmpint (result_len, >, 0); + + /* Test against each of the admins in the following list */ + const gchar *expect_admins [] = { + "unix-user:root", + "unix-user:jane", + "unix-user:sally", + "unix-user:henry", + NULL, + }; + + unsigned int i; + for (i = 0; expect_admins[i] != NULL; i++) + { + g_assert_cmpint (i, <, result_len); + + PolkitIdentity *test_identity = POLKIT_IDENTITY (g_list_nth_data (result, i)); + g_assert (test_identity); + + gchar *test_identity_str = polkit_identity_to_string (test_identity); + g_assert_cmpstr (expect_admins[i], ==, test_identity_str); + } +} + + +/* Factory for mock local authority. */ +static PolkitBackendLocalAuthority * +create_authority (void) +{ + gchar *config_path = polkit_test_get_data_path (TEST_CONFIG_PATH); + gchar *auth_path1 = polkit_test_get_data_path (TEST_AUTH_PATH1); + gchar *auth_path2 = polkit_test_get_data_path (TEST_AUTH_PATH2); + gchar *auth_paths = g_strconcat (auth_path1, ";", auth_path2, NULL); + + g_assert (config_path); + g_assert (auth_path1); + g_assert (auth_path2); + g_assert (auth_paths); + + PolkitBackendLocalAuthority *authority = g_object_new ( + POLKIT_BACKEND_TYPE_LOCAL_AUTHORITY, + "config-path", config_path, + "auth-store-paths", auth_paths, + NULL); + + g_free (config_path); + g_free (auth_path1); + g_free (auth_path2); + g_free (auth_paths); + return authority; +} + + +/* Variations of the check_authorization_sync */ +struct auth_context check_authorization_test_data [] = { + /* Test root, john, and jane on action awesomeproduct.foo (all users are ok) */ + {"unix-user:root", TRUE, TRUE, "com.example.awesomeproduct.foo", + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, + POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED}, + {"unix-user:root", TRUE, FALSE, "com.example.awesomeproduct.foo", + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, + POLKIT_IMPLICIT_AUTHORIZATION_AUTHENTICATION_REQUIRED}, + {"unix-user:root", FALSE, FALSE, "com.example.awesomeproduct.foo", + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, + POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED}, + {"unix-user:john", TRUE, TRUE, "com.example.awesomeproduct.foo", + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, + POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED}, + {"unix-user:jane", TRUE, TRUE, "com.example.awesomeproduct.foo", + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, + POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED}, + + /* Test root, john, and jane on action restrictedproduct.foo (only root is ok) */ + {"unix-user:root", TRUE, TRUE, "com.example.restrictedproduct.foo", + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, + POLKIT_IMPLICIT_AUTHORIZATION_AUTHENTICATION_REQUIRED}, + {"unix-user:john", TRUE, TRUE, "com.example.restrictedproduct.foo", + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN}, + {"unix-user:jane", TRUE, TRUE, "com.example.restrictedproduct.foo", + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN}, + + /* Test root against some missing actions */ + {"unix-user:root", TRUE, TRUE, "com.example.missingproduct.foo", + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN}, + + /* Test root, john, and jane against action awesomeproduct.bar + * which uses "unix-netgroup:baz" for auth (john and jane are OK, root is not) */ + {"unix-user:root", TRUE, TRUE, "com.example.awesomeproduct.bar", + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN}, + {"unix-user:john", TRUE, TRUE, "com.example.awesomeproduct.bar", + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, + POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED}, + {"unix-user:jane", TRUE, TRUE, "com.example.awesomeproduct.bar", + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, + POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED}, + + {NULL}, +}; + + +/* Automatically create many variations of the check_authorization_sync test */ +static void +add_check_authorization_tests (void) { + unsigned int i; + for (i = 0; check_authorization_test_data[i].identity; i++) { + struct auth_context *ctx = &check_authorization_test_data[i]; + gchar *test_name = g_strdup_printf ( + "/PolkitBackendLocalAuthority/check_authorization_sync_%d", i); + g_test_add_data_func (test_name, ctx, test_check_authorization_sync); + } +}; + + +int +main (int argc, char *argv[]) +{ + g_type_init (); + g_test_init (&argc, &argv, NULL); + polkit_test_redirect_logs (); + + // Register extension point only once. Required to create authority. + GIOExtensionPoint *ep = g_io_extension_point_register ( + POLKIT_BACKEND_AUTHORITY_EXTENSION_POINT_NAME); + g_io_extension_point_set_required_type (ep, + POLKIT_BACKEND_TYPE_AUTHORITY); + + add_check_authorization_tests (); + g_test_add_func ("/PolkitBackendLocalAuthority/get_admin_identities", test_get_admin_identities); + + return g_test_run (); +}; diff --git a/test/polkitbackend/polkitbackendlocalauthorizationstoretest.c b/test/polkitbackend/polkitbackendlocalauthorizationstoretest.c new file mode 100644 index 00000000..945e1638 --- /dev/null +++ b/test/polkitbackend/polkitbackendlocalauthorizationstoretest.c @@ -0,0 +1,142 @@ +/* + * Copyright (C) 2011 Google Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, write to the + * Free Software Foundation, Inc., 59 Temple Place, Suite 330, + * Boston, MA 02111-1307, USA. + * + * Author: Nikki VonHollen + */ + +#include "glib.h" + +#include +#include +#include + +#define DATA_DIR "etc/polkit-1/localauthority/10-test" +#define DATA_EXT ".pkla" + +static void +test_new (void) +{ + PolkitBackendLocalAuthorizationStore *store; + gchar *data_dir_path; + GFile *data_dir; + + data_dir_path = polkit_test_get_data_path (DATA_DIR); + g_assert (data_dir_path); + + data_dir = g_file_new_for_path (data_dir_path); + g_assert (data_dir); + + g_free (data_dir_path); + + store = polkit_backend_local_authorization_store_new (data_dir, DATA_EXT); + g_assert (store); +} + + +static void +test_lookup (void) +{ + gchar *data_dir_path; + GFile *data_dir; + PolkitBackendLocalAuthorizationStore *store; + GError *error = NULL; + PolkitIdentity *identity; + gboolean ok; + PolkitImplicitAuthorization ret_any; + PolkitImplicitAuthorization ret_inactive; + PolkitImplicitAuthorization ret_active; + PolkitDetails *details; + + // Get auth store path + data_dir_path = polkit_test_get_data_path (DATA_DIR); + g_assert (data_dir_path); + + data_dir = g_file_new_for_path (data_dir_path); + g_assert (data_dir); + + // Create the auth store + store = polkit_backend_local_authorization_store_new (data_dir, DATA_EXT); + g_assert (store); + + // We don't care about details + details = polkit_details_new (); + + // Create an identity to query with + identity = polkit_identity_from_string ("unix-group:users", &error); + g_assert (identity); + g_assert_no_error (error); + + // Lookup an exisiting record + ok = polkit_backend_local_authorization_store_lookup ( + store, + identity, + "com.example.awesomeproduct.foo", + details, + &ret_any, + &ret_inactive, + &ret_active, + NULL); + g_assert (ok); + g_assert_cmpstr ("no", ==, polkit_implicit_authorization_to_string (ret_any)); + g_assert_cmpstr ("auth_self", ==, polkit_implicit_authorization_to_string (ret_inactive)); + g_assert_cmpstr ("yes", ==, polkit_implicit_authorization_to_string (ret_active)); + + // Create another identity to query with + identity = polkit_identity_from_string ("unix-user:root", &error); + g_assert (identity); + g_assert_no_error (error); + + // Lookup another exisiting record + ok = polkit_backend_local_authorization_store_lookup ( + store, + identity, + "com.example.awesomeproduct.foo", + details, + &ret_any, + &ret_inactive, + &ret_active, + NULL); + g_assert (ok); + g_assert_cmpstr ("no", ==, polkit_implicit_authorization_to_string (ret_any)); + g_assert_cmpstr ("auth_self", ==, polkit_implicit_authorization_to_string (ret_inactive)); + g_assert_cmpstr ("yes", ==, polkit_implicit_authorization_to_string (ret_active)); + + // Lookup a missing record + ok = polkit_backend_local_authorization_store_lookup ( + store, + identity, + "com.example.restrictedproduct.dobar", + details, + &ret_any, + &ret_inactive, + &ret_active, + NULL); + g_assert (!ok); +} + + +int +main (int argc, char *argv[]) +{ + g_type_init (); + g_test_init (&argc, &argv, NULL); + polkit_test_redirect_logs (); + g_test_add_func ("/PolkitBackendLocalAuthorizationStore/new", test_new); + g_test_add_func ("/PolkitBackendLocalAuthorizationStore/lookup", test_lookup); + return g_test_run (); +} diff --git a/test/polkittesthelper.c b/test/polkittesthelper.c new file mode 100644 index 00000000..41c4ce56 --- /dev/null +++ b/test/polkittesthelper.c @@ -0,0 +1,68 @@ +/* + * Copyright (C) 2011 Google Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, write to the + * Free Software Foundation, Inc., 59 Temple Place, Suite 330, + * Boston, MA 02111-1307, USA. + * + * Author: Nikki VonHollen + */ + +#include "polkittesthelper.h" +#include + + +/* TODO: Log handling with unit tests is horrible. Figure out a way to always + * show logs, without munging up test output. For now, we hide them + * unless --verbose is used with g_test_message(...). + */ + +void +polkit_test_log_handler (const gchar *log_domain, + GLogLevelFlags log_level, + const gchar *message, + gpointer user_data) +{ + g_test_message("%s", message); +} + +/** + * Send all future log messages to g_test_message(...). + * + * Logs will only be shown when test programs are run with --verbose. + */ +void +polkit_test_redirect_logs (void) +{ + g_log_set_default_handler (polkit_test_log_handler, NULL); +} + +/** + * Get absolute path to test data. + * + * Requires POLKIT_TEST_DATA environment variable to point to root data dir. + * + * @param relpath Relative path to test data + * @return Full path to data as string. Free with g_free(). + */ +gchar * +polkit_test_get_data_path (const gchar *relpath) +{ + const gchar *root = getenv ("POLKIT_TEST_DATA"); + if (root == NULL) + return NULL; + + return g_strconcat(root, "/", relpath, NULL); +} + diff --git a/test/polkittesthelper.h b/test/polkittesthelper.h new file mode 100644 index 00000000..da49b06d --- /dev/null +++ b/test/polkittesthelper.h @@ -0,0 +1,36 @@ +/* + * Copyright (C) 2011 Google Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General + * Public License along with this library; if not, write to the + * Free Software Foundation, Inc., 59 Temple Place, Suite 330, + * Boston, MA 02111-1307, USA. + * + * Author: Nikki VonHollen + */ + +#ifndef POLKIT_TEST_HELPER_H_ +#define POLKIT_TEST_HELPER_H_ + +#include "glib.h" + +void polkit_test_log_handler (const gchar *log_domain, + GLogLevelFlags log_level, + const gchar *message, + gpointer user_data); + +void polkit_test_redirect_logs (void); + +gchar *polkit_test_get_data_path (const gchar *relpath); + +#endif -- cgit v1.2.3 From dd900175164e619417b393570bc179b9488466cf Mon Sep 17 00:00:00 2001 From: Jeremy Bicha Date: Tue, 15 Jan 2019 16:11:58 +0000 Subject: Import policykit-1_0.105-25.debian.tar.xz [dgit import tarball policykit-1 0.105-25 policykit-1_0.105-25.debian.tar.xz] --- changelog | 824 +++++++++++++++++++++ compat | 1 + control | 166 +++++ copyright | 48 ++ gbp.conf | 5 + gir1.2-polkit-1.0.install | 1 + libpolkit-agent-1-0.install | 1 + libpolkit-agent-1-0.symbols | 16 + libpolkit-agent-1-dev.install | 5 + libpolkit-backend-1-0.install | 1 + libpolkit-backend-1-0.symbols | 47 ++ libpolkit-backend-1-dev.install | 4 + libpolkit-gobject-1-0.install | 1 + libpolkit-gobject-1-0.symbols | 148 ++++ libpolkit-gobject-1-dev.install | 5 + ...agenthelper-pam-Fix-newline-trimming-code.patch | 43 ++ ...ild-Fix-.gir-generation-for-parallel-make.patch | 41 + patches/0.110/04_get_cwd.patch | 40 + ...-XAUTHORITY-environment-variable-if-unset.patch | 58 ++ patches/0.111/09_pam_environment.patch | 43 ++ patches/0.111/Fix-a-memory-leak.patch | 22 + patches/0.112/00git_type_registration.patch | 118 +++ patches/0.112/08_deprecate_racy_APIs.patch | 27 + patches/0.112/cve-2013-4288.patch | 116 +++ patches/0.113/00git_fix_memleak.patch | 26 + patches/0.113/00git_invalid_object_paths.patch | 116 +++ ...Session-fix-race-between-child-and-io-wat.patch | 120 +++ .../0.113/CVE-2015-3255-Fix-GHashTable-usage.patch | 68 ++ ...4625-Bind-use-of-cookies-to-specific-uids.patch | 484 ++++++++++++ ...25-Use-unpredictable-cookie-values-keep-t.patch | 540 ++++++++++++++ ...rd-error-data-returned-by-polkit_system_b.patch | 25 + ...-when-two-authentication-requests-are-in-.patch | 36 + ...y-leak-when-registering-an-authentication.patch | 22 + .../Fix-a-per-authorization-memory-leak.patch | 49 ++ .../0.113/Fix-a-possible-NULL-dereference.patch | 35 + ...-duplicate-GError-use-when-uid-is-missing.patch | 32 + ...ix-use-after-free-in-polkitagentsession.c.patch | 32 + .../Fixed-compilation-problem-in-the-backend.patch | 23 + ...mBusName-Add-public-API-to-retrieve-Unix-.patch | 166 +++++ ...als-non-deprecated-PolkitProcess-API-wher.patch | 29 + ...-to-send-security-reports-via-DBus-s-mech.patch | 39 + ...Refuse-duplicate-user-arguments-to-pkexec.patch | 38 + patches/0.113/Remove-a-redundant-assignment.patch | 26 + ...-for-changes-to-uid-binding-Authenticatio.patch | 259 +++++++ ...-around-systemd-injecting-broken-XDG_RUNT.patch | 76 ++ ...-problem-with-removing-non-existent-sourc.patch | 23 + ...ionmonitor-systemd-Deduplicate-code-paths.patch | 104 +++ ...tor-systemd-Use-sd_uid_get_state-to-check.patch | 73 ++ ...tor-systemd-prepare-for-D-Bus-user-bus-mo.patch | 89 +++ .../Add-gettext-support-for-.policy-files.patch | 58 ++ patches/0.114/Fix-multi-line-pam-text-info.patch | 39 + patches/0.114/Refactor-send_to_helper-usage.patch | 149 ++++ ...ession-agent-running-outside-user-session.patch | 51 ++ .../gettext-switch-to-default-translate-no.patch | 41 + ...VE-2018-1116-Trusting-client-supplied-UID.patch | 569 ++++++++++++++ ...ids-gids-in-PolkitUnixUser-and-Group-obje.patch | 186 +++++ .../Allow-uid-of-1-for-a-PolkitUnixProcess.patch | 43 ++ ...PolkitUnixProcess-uids-for-temporary-auth.patch | 181 +++++ patches/0.116/tests-add-tests-for-high-uids.patch | 106 +++ patches/01_pam_polkit.patch | 26 + patches/02_gettext.patch | 193 +++++ ..._revert-admin-identities-unix-group-wheel.patch | 35 + patches/06_systemd-service.patch | 18 + patches/10_build-against-libsystemd.patch | 32 + ...-policy-file-to-usr-share-dbus-1-system.d.patch | 31 + patches/series | 50 ++ policykit-1-doc.install | 1 + policykit-1-doc.links | 1 + policykit-1.docs | 2 + policykit-1.install | 12 + policykit-1.maintscript | 1 + policykit-1.postinst | 62 ++ polkit.service | 8 + rules | 47 ++ shlibs.local | 3 + source/format | 1 + tests/cli | 39 + tests/cli-root | 1 + tests/control | 7 + upstream/signing-key.asc | 250 +++++++ watch | 3 + 81 files changed, 6557 insertions(+) create mode 100644 changelog create mode 100644 compat create mode 100644 control create mode 100644 copyright create mode 100644 gbp.conf create mode 100644 gir1.2-polkit-1.0.install create mode 100644 libpolkit-agent-1-0.install create mode 100644 libpolkit-agent-1-0.symbols create mode 100644 libpolkit-agent-1-dev.install create mode 100644 libpolkit-backend-1-0.install create mode 100644 libpolkit-backend-1-0.symbols create mode 100644 libpolkit-backend-1-dev.install create mode 100644 libpolkit-gobject-1-0.install create mode 100644 libpolkit-gobject-1-0.symbols create mode 100644 libpolkit-gobject-1-dev.install create mode 100644 patches/0.106/agenthelper-pam-Fix-newline-trimming-code.patch create mode 100644 patches/0.108/build-Fix-.gir-generation-for-parallel-make.patch create mode 100644 patches/0.110/04_get_cwd.patch create mode 100644 patches/0.110/07_set-XAUTHORITY-environment-variable-if-unset.patch create mode 100644 patches/0.111/09_pam_environment.patch create mode 100644 patches/0.111/Fix-a-memory-leak.patch create mode 100644 patches/0.112/00git_type_registration.patch create mode 100644 patches/0.112/08_deprecate_racy_APIs.patch create mode 100644 patches/0.112/cve-2013-4288.patch create mode 100644 patches/0.113/00git_fix_memleak.patch create mode 100644 patches/0.113/00git_invalid_object_paths.patch create mode 100644 patches/0.113/03_PolkitAgentSession-fix-race-between-child-and-io-wat.patch create mode 100644 patches/0.113/CVE-2015-3255-Fix-GHashTable-usage.patch create mode 100644 patches/0.113/CVE-2015-4625-Bind-use-of-cookies-to-specific-uids.patch create mode 100644 patches/0.113/CVE-2015-4625-Use-unpredictable-cookie-values-keep-t.patch create mode 100644 patches/0.113/Don-t-discard-error-data-returned-by-polkit_system_b.patch create mode 100644 patches/0.113/Fix-a-crash-when-two-authentication-requests-are-in-.patch create mode 100644 patches/0.113/Fix-a-memory-leak-when-registering-an-authentication.patch create mode 100644 patches/0.113/Fix-a-per-authorization-memory-leak.patch create mode 100644 patches/0.113/Fix-a-possible-NULL-dereference.patch create mode 100644 patches/0.113/Fix-duplicate-GError-use-when-uid-is-missing.patch create mode 100644 patches/0.113/Fix-use-after-free-in-polkitagentsession.c.patch create mode 100644 patches/0.113/Fixed-compilation-problem-in-the-backend.patch create mode 100644 patches/0.113/PolkitSystemBusName-Add-public-API-to-retrieve-Unix-.patch create mode 100644 patches/0.113/Port-internals-non-deprecated-PolkitProcess-API-wher.patch create mode 100644 patches/0.113/README-Note-to-send-security-reports-via-DBus-s-mech.patch create mode 100644 patches/0.113/Refuse-duplicate-user-arguments-to-pkexec.patch create mode 100644 patches/0.113/Remove-a-redundant-assignment.patch create mode 100644 patches/0.113/docs-Update-for-changes-to-uid-binding-Authenticatio.patch create mode 100644 patches/0.113/pkexec-Work-around-systemd-injecting-broken-XDG_RUNT.patch create mode 100644 patches/0.113/polkitd-Fix-problem-with-removing-non-existent-sourc.patch create mode 100644 patches/0.113/sessionmonitor-systemd-Deduplicate-code-paths.patch create mode 100644 patches/0.113/sessionmonitor-systemd-Use-sd_uid_get_state-to-check.patch create mode 100644 patches/0.113/sessionmonitor-systemd-prepare-for-D-Bus-user-bus-mo.patch create mode 100644 patches/0.114/Add-gettext-support-for-.policy-files.patch create mode 100644 patches/0.114/Fix-multi-line-pam-text-info.patch create mode 100644 patches/0.114/Refactor-send_to_helper-usage.patch create mode 100644 patches/0.114/Support-polkit-session-agent-running-outside-user-session.patch create mode 100644 patches/0.114/gettext-switch-to-default-translate-no.patch create mode 100644 patches/0.115/Fix-CVE-2018-1116-Trusting-client-supplied-UID.patch create mode 100644 patches/0.116/Allow-negative-uids-gids-in-PolkitUnixUser-and-Group-obje.patch create mode 100644 patches/0.116/Allow-uid-of-1-for-a-PolkitUnixProcess.patch create mode 100644 patches/0.116/backend-Compare-PolkitUnixProcess-uids-for-temporary-auth.patch create mode 100644 patches/0.116/tests-add-tests-for-high-uids.patch create mode 100644 patches/01_pam_polkit.patch create mode 100644 patches/02_gettext.patch create mode 100644 patches/05_revert-admin-identities-unix-group-wheel.patch create mode 100644 patches/06_systemd-service.patch create mode 100644 patches/10_build-against-libsystemd.patch create mode 100644 patches/Move-D-Bus-policy-file-to-usr-share-dbus-1-system.d.patch create mode 100644 patches/series create mode 100644 policykit-1-doc.install create mode 100644 policykit-1-doc.links create mode 100644 policykit-1.docs create mode 100644 policykit-1.install create mode 100644 policykit-1.maintscript create mode 100644 policykit-1.postinst create mode 100644 polkit.service create mode 100755 rules create mode 100644 shlibs.local create mode 100644 source/format create mode 100755 tests/cli create mode 120000 tests/cli-root create mode 100644 tests/control create mode 100644 upstream/signing-key.asc create mode 100644 watch diff --git a/changelog b/changelog new file mode 100644 index 00000000..f08f5750 --- /dev/null +++ b/changelog @@ -0,0 +1,824 @@ +policykit-1 (0.105-25) unstable; urgency=medium + + * Team upload + * Add tests-add-tests-for-high-uids.patch + - Patch from upstream modified by Ubuntu to test high UID fix + * Compare PolkitUnixProcess uids for temporary authorizations. + - Fix temporary auth hijacking via PID reuse and non-atomic fork + (CVE-2019-6133) (Closes: #918985) + + -- Jeremy Bicha Tue, 15 Jan 2019 11:11:58 -0500 + +policykit-1 (0.105-24) unstable; urgency=medium + + * Allow uid of -1 for a PolkitUnixProcess. + Revert an overzealous change from the previous security fix that caused + a critical to be logged when trying to set the uid property to -1 (the + default value). + + -- Martin Pitt Tue, 15 Jan 2019 08:05:52 +0000 + +policykit-1 (0.105-23) unstable; urgency=high + + * Allow negative uids/gids in PolkitUnixUser and Group objects. + Fixes a vulnerability in PolicyKit that allows a user with a uid greater + than INT_MAX to successfully execute arbitrary polkit actions. + (CVE-2018-19788, Closes: #915332) + + -- Michael Biebl Fri, 07 Dec 2018 19:55:58 +0100 + +policykit-1 (0.105-22) unstable; urgency=medium + + * Move D-Bus policy file to /usr/share/dbus-1/system.d/ + To better support stateless systems with an empty /etc, the old location + in /etc/dbus-1/system.d/ should only be used for local admin changes. + Package provided D-Bus policy files are supposed to be installed in + /usr/share/dbus-1/system.d/. + This is supported since dbus 1.9.18. + * Remove obsolete conffile + /etc/dbus-1/system.d/org.freedesktop.PolicyKit1.conf on upgrades + * Bump Standards-Version to 4.2.1 + * Remove Breaks for versions older than oldstable + * Stop masking polkit.service during the upgrade process. + This is no longer necessary with the D-Bus policy file being installed + in /usr/share/dbus-1/system.d/. (Closes: #902474) + * Use dh_installsystemd to restart polkit.service after an upgrade. + This replaces a good deal of hand-written maintscript code. + + -- Michael Biebl Tue, 27 Nov 2018 20:17:44 +0100 + +policykit-1 (0.105-21) unstable; urgency=medium + + * Remove --no-parallel now that parallel builds (hopefully) work. + Thanks to Adrian Bunk for spotting this. + * Refresh patches via gbp pq + * Use one patch per upstream commit for easier metadata round-trips + * Sync up src/polkitagent/polkitagenthelper-pam.c with 0.114 + - d/p/0.111/Fix-a-memory-leak.patch: + Fix a memory leak when PAM authentication fails + - d/p/0.113/Remove-a-redundant-assignment.patch: + Fix a potential compiler warning + - d/p/master/Fix-multi-line-pam-text-info.patch: + Split into d/p/0.106/agenthelper-pam-Fix-newline-trimming-code.patch, + d/p/0.114/Fix-multi-line-pam-text-info.patch, + d/p/0.114/Refactor-send_to_helper-usage.patch + * d/p/03_polkitunixsession_sessionid_from_display.patch: + Replace with functionally identical + d/p/0.114/Support-polkit-session-agent-running-outside-user-session.patch + as applied upstream + * d/watch: Use https + * d/watch: Download upstream PGP signatures + * debian/upstream/signing-key.asc: Add public keys for Ray Strode, + Miloslav Trmac, David Zeuthen + * d/gbp.conf: Merge upstream tags into the upstream branch + * Add myself to Uploaders + * d/gbp.conf: Set patch-numbers to false to match current practice + * d/p/0.115/Fix-CVE-2018-1116-Trusting-client-supplied-UID.patch: + Backport the security-significant part of 0.115 (CVE-2018-1116) + (Closes: #903563) + * d/libpolkit-gobject-1-0.symbols: Update for new semi-private ABI + * d/rules: Skip build-time tests if DEB_BUILD_OPTIONS=nocheck + * Standards-Version: 4.1.5 (no changes required) + * Set Rules-Requires-Root to no + + -- Simon McVittie Wed, 11 Jul 2018 09:29:32 +0100 + +policykit-1 (0.105-20) unstable; urgency=medium + + * Team upload + * d/p/0.108/build-Fix-.gir-generation-for-parallel-make.patch: + Add patch from upstream to fix parallel builds (Closes: #894205) + + -- Simon McVittie Tue, 27 Mar 2018 13:50:28 +0100 + +policykit-1 (0.105-19) unstable; urgency=medium + + * debian/copyright: Use https URL for Format: + * Update Vcs-* links for move to salsa.debian.org. + * Fix typos in patch descriptions. + Fixes lintian's spelling-error-in-patch-description complaints. + * Move to debhelper compat level 10. + Remove explicit dh-autoreconf, it's now done by default. + * Bump Standards-Version to 4.1.3 + * Add autopkgtest. + This covers the pkaction and pkcheck CLI tools. + + -- Martin Pitt Mon, 26 Mar 2018 21:42:28 +0200 + +policykit-1 (0.105-18) unstable; urgency=medium + + * Team upload. + * master/Add-gettext-support-for-.policy-files.patch: Backport from master: + Add .loc and .its files so that gettext can be used to translate policy + files. Some upstreams, particularly those that are switching to meson, + expect these files to be present so that their PK policy files can be + translated. (Closes: #863207) + + -- Iain Lane Wed, 24 May 2017 11:21:35 +0100 + +policykit-1 (0.105-17) unstable; urgency=medium + + [ Michael Biebl ] + * Use https:// for the upstream homepage. + * Update Vcs-Browser to use cgit. + * Rename the systemd service unit to polkit.service. It is now based on what + was added upstream in 0.106. + + [ Simon McVittie ] + * Build-depend on intltool instead of relying on gtk-doc-tools' + dependency (Closes: #837846) + + [ Martin Pitt ] + * Use PAM's common-session-noninteractive modules for pkexec instead of + common-session. The latter also runs pam_systemd (the only difference + normally) which is a no-op under the classic session-centric + D-BUS/graphical login model (as it won't start a new one if it is already + running within a logind session), but very expensive when using + dbus-user-session and being called from a service that runs outside the + PAM session. This causes long delays in e. g. gnome-settings-daemon's + backlight helpers. (LP: #1626651) + + -- Michael Biebl Fri, 21 Oct 2016 15:44:57 +0200 + +policykit-1 (0.105-16) unstable; urgency=medium + + [ Michael Biebl ] + * Drop obsolete Breaks from pre-wheezy. + * Use gir addon instead of calling dh_girepository manually. + * Run wrap-and-sort -ast. + * Drop explicit Build-Depends on gir1.2-glib-2.0. This dependency is already + pulled in via libgirepository1.0-dev. + + [ Martin Pitt ] + * Add fallback if agent is not running in a logind session. This fixes + polkit with dbus-user-session. Thanks Sebastien Bacher for the patch! + * Bump Standards-Version to 3.9.8 (no changes necessary). + + -- Martin Pitt Mon, 25 Jul 2016 14:32:23 +0200 + +policykit-1 (0.105-15) unstable; urgency=medium + + * Generate tight inter-package dependencies. + This ensures that everything from the same source package is upgraded in + lockstep. (Closes: #817998) + + -- Michael Biebl Thu, 14 Apr 2016 13:57:13 +0200 + +policykit-1 (0.105-14.1) unstable; urgency=medium + + * Non-maintainer upload. + * Fix FTBFS on non-linux/non-systemd. (Closes: #798769) + + -- Adam Borowski Thu, 14 Jan 2016 06:28:38 +0100 + +policykit-1 (0.105-14) unstable; urgency=medium + + * debian/policykit-1.preinst: Use systemctl unmask instead of direct symlink + removal for consistency. + * Fix handling of multi-line helper output. Thanks Dariusz Gadomski! Patch + backported from upstream master. (LP: #1510824) + + -- Martin Pitt Mon, 23 Nov 2015 11:38:00 +0100 + +policykit-1 (0.105-13) unstable; urgency=medium + + * debian/policykit-1.{pre,pos}inst: Temporarily mask polkitd.service while + policykit-1 is unpackaged but not yet configured. During that time we + don't yet have our D-Bus policy in /etc so that polkitd cannot work yet. + This can be dropped once the D-Bus policy moves to /usr. + (Closes: #794723, LP: #1447654) + + -- Martin Pitt Wed, 21 Oct 2015 08:11:22 +0200 + +policykit-1 (0.105-12) unstable; urgency=medium + + * Team upload + * Replace 03_complete_session.patch with a change from upstream + which seems like a more correct solution for LP#445303, LP#649939 + * 05_revert-admin-identities-unix-group-wheel.patch: remove confusing + staff -> desktop_admin_r change in a man page (desktop_admin_r looks + vaguely like a SELinux role but is actually being used as a group); + keep only the actual functional change. This matches the syntactically + different but functionally similar change in experimental. + * 09_pam_environment.patch: replace with the version that went upstream. + * Annotate remaining patches with a bit more information. + They are: + - 00git_fix_memleak.patch, 00git_invalid_object_paths.patch, + 00git_type_registration.patch, 04_get_cwd.patch, + 07_set-XAUTHORITY-environment-variable-if-unset.patch, + 08_deprecate_racy_APIs.patch, 09_pam_environment.patch, + cve-2013-4288.patch: either backports from upstream, or already + applied upstream, and not discussed further here. + - 01_pam_polkit.patch: use Debian's common-* infrastructure, + plus pam_env to get the global environment and locale. + Debian-specific. + - 02_gettext.patch: Use gettext to translate .policy files at + runtime, allowing for Ubuntu-style language packs. + Debian-specific (mainly for Ubuntu's benefit, really). + - 05_revert-admin-identities-unix-group-wheel.patch: Debian does + not use the "wheel" group like Red Hat derivatives do; + treat uid 0 as the administrative identity instead. + Debian-specific. + - 06_systemd-service.patch: hook up the systemd service in + debian/polkitd.service. + Not forwarded: obsoleted by an upstream change in 0.106, + commit 2995085. + * Re-order patch series to put upstream changes first, sorted by version + in which they went upstream, and put them in subdirectories by version + * Add patches from 0.113 to fix heap corruption CVE-2015-3255 + (Closes: #766860) and local authenticated denial of service + CVE-2015-4625 (Closes: #796134) + * Add numerous other bug-fix patches from 0.113 + - work around bugs in older versions of libpam-systemd when using + su or similar (Closes: #772125) + - treat background processes as part of the same uid's active GUI + session if they have one (Closes: #779988) + - fix some memory leaks (Closes: #775158, LP: #1417637) + * Add backported public API polkit_system_bus_name_get_user_sync() to + symbols file + * Fix FTBFS with dpkg-buildpackage -A by only installing files into + policykit-1 in per-arch builds + * Run tests with a session bus pretending to be the system bus, + so they can pass in a buildd environment + + -- Simon McVittie Fri, 11 Sep 2015 09:48:00 +0100 + +policykit-1 (0.105-11) unstable; urgency=medium + + * Add 00git_invalid_object_paths.patch: backend: Handle invalid object paths + in RegisterAuthenticationAgent (CVE-2015-3218, Closes: #787932) + * policykit-1.postinst: Reload systemd before restarting polkitd.service, to + avoid "Warning: polkitd.service changed on disk". (Closes: #791397) + + -- Martin Pitt Fri, 10 Jul 2015 13:03:33 +0200 + +policykit-1 (0.105-10) unstable; urgency=medium + + * Add 00git_type_registration.patch: Use GOnce for interface type + registration. Fixes frequent udisks segfault (LP: #1236510). + * Add 00git_fix_memleak.patch: Fix memory leak in EnumerateActions call + results handler. (LP: #1417637) + + -- Martin Pitt Wed, 08 Jul 2015 12:15:41 +0200 + +policykit-1 (0.105-9) unstable; urgency=medium + + [ Martin Pitt ] + * policykit-1.postinst: Don't kill polkitd under systemd, but properly + restart it. This avoids killing it shortly after systemd tries to + bus-activate it on installation. (LP: #1447654) + + [ Michael Biebl ] + * Build against libsystemd instead of the old libsystemd-login compat + library. (Closes: #779756) + + -- Michael Biebl Wed, 08 Jul 2015 02:10:58 +0200 + +policykit-1 (0.105-8) unstable; urgency=medium + + * Rebuild against libsystemd0. This drops the last remaining dependency to + libsystemd-login0. (Closes: #771281) + * Bump Standards-Version to 3.9.6 (no changes necessary). + + -- Martin Pitt Fri, 28 Nov 2014 10:07:46 +0100 + +policykit-1 (0.105-7) unstable; urgency=medium + + * Team upload. + * Install typelib files into MA libdir. + + -- Andreas Henriksson Thu, 25 Sep 2014 13:56:15 +0200 + +policykit-1 (0.105-6.1) unstable; urgency=medium + + * Non-maintainer upload. + * Use dh-autoreconf in build to support new architectures + + -- Wookey Thu, 10 Jul 2014 00:15:28 +0100 + +policykit-1 (0.105-6) unstable; urgency=medium + + * Team upload. + * debian/control: Update Homepage URL + * debian/control: Add a Breaks against gdm3 (<< 3.8.4-7~) to ensure it + registers a logind session properly (Closes: #745983) + + -- Laurent Bigonville Thu, 22 May 2014 19:31:58 +0200 + +policykit-1 (0.105-5) unstable; urgency=medium + + * Team upload. + * Enable systemd support on linux architectures + * debian/control: Bump Standards-Version to 3.9.5 (no further changes) + * debian/control: Use canonical VCS-* URL's + + -- Laurent Bigonville Sun, 04 May 2014 12:40:59 +0200 + +policykit-1 (0.105-4) unstable; urgency=low + + * Acknowledge non-maintainer upload for CVE-2013-4288. + * Also cherry-pick the upstream commit which deprecates the racy APIs. + * debian/patches/09_pam_environment.patch: set process environment from + pam_getenvlist(). + * debian/patches/01_pam_polkit.patch: adjust patch to invoke pam_env, so our + global settings from /etc/environment are applied correctly. + * The two changes above fix pkexec to properly export the pam environment. + Thanks Steve Langasek for the patch. (Closes: #692340) + + -- Michael Biebl Tue, 15 Oct 2013 18:34:24 +0200 + +policykit-1 (0.105-3+nmu1) unstable; urgency=high + + * Non-maintainer upload by the Security Team. + * Fix cve-2013-4288: race condition in pkcheck.c (closes: #723717). + + -- Michael Gilbert Mon, 14 Oct 2013 00:08:43 +0000 + +policykit-1 (0.105-3) unstable; urgency=low + + * 07_set-XAUTHORITY-environment-variable-if-unset.patch: Set XAUTHORITY + environment variable to its default value $HOME/.Xauthority if unset. + Some display managers, like KDM, do not set the XAUTHORITY variable, so + starting graphical applications via pkexec was broken in those + environments. (Closes: #671497) + + -- Michael Biebl Thu, 20 Dec 2012 18:55:14 +0100 + +policykit-1 (0.105-2) unstable; urgency=low + + * Change the permissions of /etc/polkit-1/localauthority to 700, this + directory is not supposed to be readable by everyone. + + -- Michael Biebl Mon, 17 Dec 2012 17:02:06 +0100 + +policykit-1 (0.105-1) unstable; urgency=low + + * New upstream release. + * debian/watch: Update URL, the tarballs are hosted on freedesktop.org now. + * Update symbols file for libpolkit-gobject-1-0 and libpolkit-agent-1-0. + * Update debian/copyright using the machine-readable copyright format 1.0. + * Bump Standards-Version to 3.9.3. + * Bump Build-Depends on debhelper to (>= 9). + + -- Michael Biebl Tue, 24 Apr 2012 21:06:04 +0200 + +policykit-1 (0.104-2) unstable; urgency=low + + * debian/control: Add Build-Depends on libglib2.0-doc and libgtk-3-doc for + proper cross-references in the gtk-doc API documentation. + * Install systemd service file for polkitd. + + -- Michael Biebl Sat, 11 Feb 2012 23:48:29 +0100 + +policykit-1 (0.104-1) unstable; urgency=low + + * New upstream release. + - Add support for netgroups. (LP: #724052) + * debian/rules: Disable systemd support, continue to work with ConsokeKit. + * 05_revert-admin-identities-unix-group-wheel.patch: Refresh to apply + cleanly. + * debian/libpolkit-gobject-1-0.symbols: Add new symbols from this new + release. + * debian/rules: Do not let test failures fail the build. The new test suite + also runs a test against the system D-BUS/ConsoleKit, which can't work on + buildds. + + -- Martin Pitt Fri, 06 Jan 2012 12:28:54 +0100 + +policykit-1 (0.103-1) unstable; urgency=low + + * New upstream release. + * debian/control: Change section of gir1.2-polkit-1.0 to introspection. + * 05_revert-admin-identities-unix-group-wheel.patch: Revert upstream change + to make group wheel the default admin identity since we already use group + sudo resp. group admin for that. + + -- Michael Biebl Fri, 09 Dec 2011 00:48:17 +0100 + +policykit-1 (0.102-2) unstable; urgency=low + + * 02_gettext.patch: Explicitly #include to fix non-optimized + build. Thanks Ivan Krasilnikov for pointing this out. + * debian/rules: When building on Ubuntu, also consider the "sudo" group as + administrator, for compatibility with Debian and sudo itself. Keep "admin" + for existing systems. (LP: #893842) + * Convert to Multi-Arch and dh compat 9. Thanks Daniel Schaal for the + patch! (Closes: #636196) + + -- Martin Pitt Fri, 25 Nov 2011 07:44:09 +0100 + +policykit-1 (0.102-1) unstable; urgency=low + + * New upstream release. + * debian/patches/00git_fix_proc_race.patch: Removed, merged upstream. + * debian/patches/04_ignore_quilt_po.patch: Removed, merged upstream. + * debian/patches/03_complete_session.patch: Refreshed. + * debian/patches/04_get_cwd.patch: Use g_get_current_dir() to determine the + current working directory. This fixes another PATH_MAX related FTBFS on + hurd. Thanks Emilio Pozuelo Monfort for the patch. (Closes: #623017) + + -- Michael Biebl Tue, 02 Aug 2011 03:17:20 +0200 + +policykit-1 (0.101-4) unstable; urgency=high + + Urgency high due to security fix. + + * Add 00git_fix_proc_race.patch: Avoid /proc race conditions when checking + privileges for pkexec. Patch taken from + https://bugzilla.redhat.com/show_bug.cgi?id=692922, now also landed in + upstream git. [CVE-2011-1485] + * debian/libpolkit-gobject-1-0.symbols: Update for new symbols. + * Add 04_ignore_quilt_po.patch: Ignore .po/ for intltool. This avoids build + failures if quilt patches change files with translatable strings. Thanks + to Kees Cook for the patch! + + -- Martin Pitt Wed, 20 Apr 2011 12:11:38 +0200 + +policykit-1 (0.101-3) unstable; urgency=low + + * debian/control + - Add Depends on gir1.2-polkit-1.0 (= ${binary:Version}) to + libpolkit-gobject-1-dev and libpolkit-agent-1-dev to comply with the + updated GObject introspection policy. + - Bump Standards-Version to 3.9.2. No further changes. + + -- Michael Biebl Sun, 10 Apr 2011 20:34:03 +0200 + +policykit-1 (0.101-2) unstable; urgency=low + + * Upload to unstable. + + -- Michael Biebl Fri, 25 Mar 2011 02:19:51 +0100 + +policykit-1 (0.101-1) experimental; urgency=low + + * New upstream release. + * Update patches + - Drop debian/patches/04_test_signalfd.patch, merged upstream. + - Refresh other patches to apply cleanly. + * debian/libpolkit-gobject-1-0.symbols + - Add polkit_authorization_result_get_dismissed. + * debian/control + - Bump Build-Depends on libglib2.0-dev to (>= 2.28.0). + * debian/rules + - Don't build example programs. + + -- Michael Biebl Thu, 03 Mar 2011 23:50:17 +0100 + +policykit-1 (0.100-1) experimental; urgency=low + + * New upstream release. + * Refresh debian/patches/03_complete_session.patch. + * Replace debian/patches/04_test_signalfd.patch with a patch that was merged + upstream. This also allows to drop debian/patches/99_autoreconf.patch. + * Switch from cdbs to dh. + * Bump debhelper compatibility level to 8. + * Install documentation using debian/policykit-1.docs. + * Enable gobject introspection support. + - Add Build-Depends on libgirepository1.0-dev (>= 0.9.12), + gobject-introspection (>= 0.9.12-4~) and gir1.2-glib-2.0. + - Add package gir1.2-polkit-1.0 containing the typelib files. + - Install gir files in libpolkit-agent-1-dev.install and + libpolkit-gobject-1-dev.install. + - Call dh_girepository in debian/rules. + + -- Michael Biebl Wed, 23 Feb 2011 19:51:17 +0100 + +policykit-1 (0.99-3) unstable; urgency=low + + * Upload to unstable. + + -- Michael Biebl Thu, 10 Feb 2011 19:21:36 +0100 + +policykit-1 (0.99-2) experimental; urgency=low + + [ Michael Biebl ] + * Merge sudo group changes from unstable branch. + + [ Martin Pitt ] + * debian/rules: Use dpkg-vendor instead of lsb_release. Drop lsb-release + build dependency. + * Add 04_test_signalfd.patch: Allow building on Non-Linux platforms without + signalfd(). (Closes: #602476) + * Add 99_autoreconf.patch: Pick up autoreconf changes from previous patch. + + -- Martin Pitt Mon, 06 Dec 2010 16:28:11 +0100 + +policykit-1 (0.99-1) experimental; urgency=low + + [ Michael Biebl ] + * New upstream release. + * debian/patches/00git-fix-error-freeing.patch + - Remove, fixed upstream. + * debian/patches/00git-pkexec-information-disclosure.patch + - Remove, merged upstream. + * debian/control + - Drop Build-Depends on libeggdbus-1-dev. + - Bump Build-Depends on libglib2.0-dev to (>= 2.25.12) for GDBus. + * Switch to source format 3.0 (quilt). + - Add debian/source/format. + - Drop Build-Depends on quilt. + - Remove /usr/share/cdbs/1/rules/patchsys-quilt.mk from debian/rules. + - Remove debian/README.source. + + [ Robert Ancell ] + * Add debian/patches/02_gettext.patch: Use gettext for translations in + .policy files if they specify a gettext domain. + + [ James Westby ] + * Add debian/patches/03_complete_session.patch: Fix the race that leads to + the password box disappearing, but the dialog remaining. + + [ Martin Pitt ] + * debian/rules: Set DPKG_GENSYMBOLS_CHECK_LEVEL to 4 to point out outdated + .symbols files more strongly. + + -- Michael Biebl Thu, 04 Nov 2010 17:27:09 -0400 + +policykit-1 (0.96-4) unstable; urgency=low + + * debian/rules + - When building for Debian, install a localauthority.conf.d configuration + file which considers "sudo" group users as administrators. + (Closes: #532499) + + -- Michael Biebl Tue, 16 Nov 2010 23:21:50 +0100 + +policykit-1 (0.96-3) unstable; urgency=low + + * debian/control + - Use architecture wildcard linux-any for libselinux1-dev. + - Bump Standards-Version to 3.9.1. + * debian/policykit-1.postinst + - Query D-Bus to find out the correct pid of the process claiming + org.freedesktop.PolicyKit1. This way we do not accidentally kill the + wrong process when being installed in a chroot. (Closes: #595030) + * debian/policykit-1.prerm + - Stop polkitd on remove. (Closes: #595031) + + -- Michael Biebl Thu, 16 Sep 2010 23:27:56 +0200 + +policykit-1 (0.96-2) unstable; urgency=medium + + * Urgency medium, just two small, but important bug fixes. + * Add 00git-pkexec-information-disclosure.patch: Fix information disclosure + vulnerability that allows an attacker to verify whether or not arbitrary + files exist, violating directory permissions. + * 00git-fix-error-freeing.patch: Fix crash when calling CheckAuthorization() + with an invalid PID. (LP: #540464) + + -- Martin Pitt Fri, 09 Apr 2010 12:09:53 +0200 + +policykit-1 (0.96-1) unstable; urgency=low + + * New upstream release. + * debian/libpolkit-backend-1-0.symbols + - Update for new API addition. + + -- Michael Biebl Sat, 16 Jan 2010 00:05:48 +0100 + +policykit-1 (0.95-1) unstable; urgency=low + + * New upstream release. + * Remove patches + - debian/patches/02_dont_export_private_symbols.patch (merged upstream) + - debian/patches/03_path_max.patch (merged upstream) + - debian/patches/04-ref-authority.patch (merged upstream) + - debian/patches/05-pkexec-env.patch (merged upstream) + - debian/patches/99_autoreconf.patch (obsolete) + * debian/control + - Bump Build-Depends on libeggbus-1-dev to (>= 0.6). + * debian/rules + - The example application is no longer built by default so we don't need + to manually remove it anymore. + * debian/libpolkit-{backend,gobject}-1-0.symbols + - Update for new API additions. + + -- Michael Biebl Sat, 14 Nov 2009 05:33:34 +0100 + +policykit-1 (0.94-6) unstable; urgency=low + + * debian/policykit-1.postinst + - Use start-stop-daemon instead of kill+pidof to stop the running polkitd + daemon on upgrades. + * Remove our workaround for kfreebsd again now that eglibc 2.10 has entered + unstable. (Closes: #552605) + + -- Michael Biebl Mon, 09 Nov 2009 01:09:07 +0100 + +policykit-1 (0.94-5) unstable; urgency=low + + * Add debian/patches/04-ref-authority.patch: Ref the instance returned by + polkit_authority_get(), since the documentation says that it needs to be + unref'ed after usage. This fixes crashes in NetworkManager and probably + other programs, too. (LP: #438574, #432452, fd.o #24566) + * Add debian/patches/05-pkexec-env.patch: Add missing comma so that pkexec + saves both LANG and LANGUAGE, not LANGLANGUAGE. (Cherrypicked from trunk) + * Add myself to Uploaders: with Michael's consent. + + -- Martin Pitt Tue, 03 Nov 2009 12:28:09 +0100 + +policykit-1 (0.94-4) unstable; urgency=low + + * debian/patches/03_path_max.patch + - Update patch to fix implicit pointer conversion for + get_current_dir_name. (Closes: #550901) + + -- Michael Biebl Wed, 14 Oct 2009 14:00:40 +0200 + +policykit-1 (0.94-3) unstable; urgency=low + + * debian/patches/03_path_max.patch + - Fix FTBFS on hurd-i386 where PATH_MAX is not defined. (Closes:#550800) + Thanks to Samuel Thibault for the patch. + * debian/policykit-1.postinst: + - Kill the old polkitd daemon on upgrade, to ensure that the new version + will be used at the next occasion. + + -- Michael Biebl Tue, 13 Oct 2009 14:32:25 +0200 + +policykit-1 (0.94-2) unstable; urgency=low + + * Fix build failures on kfreebsd. Add Build-Depends on libfreebsd-dev and + link against -lfreebsd for sysctlnametomib. + When glibc 2.10 enters unstable this workaround can be removed again. + + -- Michael Biebl Tue, 13 Oct 2009 00:29:47 +0200 + +policykit-1 (0.94-1) unstable; urgency=low + + * Rename package to policykit-1. Upstream (at least temporarily) forked + the project to make it installable in parallel with policykit 0.9, until + all programs are ported to the new API. + * Drop all patches except 01_pam_polkit.patch. + * Refresh debian/patches/01_pam_polkit.patch. + * debian/control + - Update Build-Depends + + Drop libdbus-1-dev, libdbus-glib-1-dev. + + Add libeggdbus-1-dev (>= 0.5) and lsb-release. + + Bump libglib2-dev dependency to (>= 2.21.4). + - Update list of binary packages and their package descriptions. + - Drop dependency on adduser. + - Bump Standards-Version to 3.8.3. + + Add README.source which refers to the quilt documentation. + - Update Vcs-* fields. Package is now managed using Git and hosted on + git.debian.org. + * Update shared library structure: libpolkit-{dbus,grant} → + libpolkit-{agent,backend,gobject}-1. + * Rename policykit, policykit-doc → policykit-1, policykit-1-doc. + * Update and revise all *.install files. + * debian/rules, debian/policykit.init: Drop init script, package doesn't use + /var/run any more. + * debian/policykit-1.postinst: Don't create "polkituser" system user, it's + not used any more. + * Update watch file. + * debian/patches/02_dont_export_private_symbols.patch + - Don't export private symbols in the libraries. + * debian/patches/99_autoreconf.patch + - Update the autotools files as the previous patch also touches the build + system. + * Add symbols files for libpolkit-{agent,backend,gobject}-1 for improved + shlibs dependencies. + * debian/rules + - Disable introspection support. + - When building for Ubuntu, install a localauthority.conf.d configuration + file which considers "admin" group users as administrators. + - Don't install example application. + * debian/copyright + - Update copyright holder. + - License was changed to LGPL 2.1+. + + -- Michael Biebl Sun, 27 Sep 2009 21:35:18 +0200 + +policykit (0.9-4) unstable; urgency=low + + * Add support for /var/run being a tmpfs. (Closes: #532101) + - Create /var/run/PolicyKit dynamically on boot by using an init script. + Original patch by Martin Pitt, thanks. Updated patch to only run the + init script in runlevel S at priority 75. + - Do no longer ship /var/run/PolicyKit in the package itself. + * debian/control + - Bump Standards-Version to 3.8.1. + * debian/patches/04_entry_leak.patch + - Plug a memory leak. Patch pulled from Fedora. + * debian/patches/05_manpage_typo_fix.patch + - Fix a small typo in the polkit-auth man page. (Closes: #523565) + * debian/patches/06_no_inotify_or_path_max.patch + - Add support for systems which don't support inotify (like hurd) and + don't use PATH_MAX unconditionally, instead use dynamically growing + buffers. (Closes: #521756) + Patch by Samuel Thibault, thanks. + + -- Michael Biebl Thu, 18 Jun 2009 09:55:34 +0200 + +policykit (0.9-3) unstable; urgency=low + + * Switch patch management system to quilt. + * debian/control + - Wrap Build-Depends. + - Demote Recommends: policykit-gnome to Suggests. (Closes: #513758) + - Bump Build-Depends on debhelper to (>= 7). + * debian/compat + - Bump debhelper compat level to 7. + * debian/rules + - Include debhelper.mk before any other files as recommended by the cdbs + documentation. + * debian/patches/03_consolekit0.3-api.patch + - Try both the ConsoleKit 0.3 and the older 0.2 API, to work with either. + Patch pulled from Ubuntu. + + -- Michael Biebl Wed, 18 Feb 2009 17:25:52 +0100 + +policykit (0.9-2) unstable; urgency=high + + [ Simon McVittie ] + * Add patch committed in Fedora (although not upstream) by the upstream + maintainer, to allow PolicyKit to be used when CVE-2008-4311 has + been fixed in dbus-daemon. (Closes: #510646) + + [ Michael Biebl ] + * debian/control + - Add ${misc:Depends} to all binary packages. + + -- Michael Biebl Wed, 07 Jan 2009 18:18:56 +0100 + +policykit (0.9-1) unstable; urgency=low + + * New upstream release. + * debian/control + - Bump Standards-Version to 3.8.0. No further changes. + + -- Michael Biebl Sun, 03 Aug 2008 10:53:11 +0200 + +policykit (0.8-2) unstable; urgency=low + + * Add symbols files for libpolkit2, libpolkit-grant2 and libpolkit-dbus2. + * debian/policykit.postinst + - Set correct permissions for all files. (Closes: #482064) + - Define a small helper function to apply the permissions. This makes it + more concise and readable. + + -- Michael Biebl Fri, 23 May 2008 04:33:48 +0200 + +policykit (0.8-1) unstable; urgency=medium + + * New upstream release. + - SECURITY - CVE-2008-1658: + Fixes format string vulnerability in the grant helper. (Closes: #476615) + * debian/control + - Add Build-Depends on pkg-config. + + -- Michael Biebl Fri, 18 Apr 2008 01:39:08 +0200 + +policykit (0.7-2) unstable; urgency=low + + * Upload to unstable. + + -- Michael Biebl Fri, 11 Jan 2008 01:02:59 +0100 + +policykit (0.7-1) experimental; urgency=low + + * New upstream release. (Closes: #455874) + * debian/control + - Bump Standards-Version to 3.7.3. No further changes required. + - Add Build-Depends on libdbus-glib-1-dev (>= 0.73). + - Change Homepage URL to http://hal.freedesktop.org/docs/PolicyKit/. + (Closes: #446504) + - Improve package description. (Closes: #446554) + * debian/copyright + - All code is now licensed under the MIT/X11 license. Update the copyright + notice accordingly. + * debian/policykit.dirs + - Add the directory /var/lib/PolicyKit-public. + * debian/policykit.install + - Install the D-Bus config and service files for the PolicyKit system + service. + - Install /var/lib/misc/PolicyKit.reload. + * debian/rules + - Fix the permissions of /var/lib/misc/PolicyKit.reload. + * debian/policykit.postinst + - Use dpkg-statoverride to check for local modifications before setting + the SUID/SGID bits. + + -- Michael Biebl Thu, 20 Dec 2007 18:01:38 +0100 + +policykit (0.6-1) experimental; urgency=low + + * New upstream release. + * debian/control + - Use new "Homepage:" field to specify the upstream URL. + - The Vcs-* fields are now officially supported, so remove the XS- prefix. + - Add a Recommends: policykit-gnome to the policykit package. + - Enable SELinux support by adding a Build-Depends on libselinux1-dev for + all supported platforms. + * debian/policykit.postinst + - Install polkit-grant-helper-pam with the correct permissions. + + -- Michael Biebl Sat, 03 Nov 2007 00:02:33 +0100 + +policykit (0.5-1) experimental; urgency=low + + * Initial release. (Closes: #397087) + + -- Michael Biebl Tue, 02 Oct 2007 22:38:04 +0200 + diff --git a/compat b/compat new file mode 100644 index 00000000..b4de3947 --- /dev/null +++ b/compat @@ -0,0 +1 @@ +11 diff --git a/control b/control new file mode 100644 index 00000000..ac9825db --- /dev/null +++ b/control @@ -0,0 +1,166 @@ +Source: policykit-1 +Section: admin +Priority: optional +Maintainer: Utopia Maintenance Team +Uploaders: + Michael Biebl , + Martin Pitt , + Simon McVittie , +Build-Depends: + dbus, + debhelper (>= 11), + gobject-introspection (>= 0.9.12-4~), + gtk-doc-tools, + intltool (>= 0.40.0), + libexpat1-dev, + libgirepository1.0-dev (>= 0.9.12), + libglib2.0-dev (>= 2.28.0), + libglib2.0-doc, + libgtk-3-doc, + libpam0g-dev, + libselinux1-dev [linux-any], + libsystemd-dev [linux-any], + pkg-config, + xsltproc, +Rules-Requires-Root: no +Standards-Version: 4.2.1 +Vcs-Git: https://salsa.debian.org/utopia-team/polkit.git +Vcs-Browser: https://salsa.debian.org/utopia-team/polkit +Homepage: https://www.freedesktop.org/wiki/Software/polkit/ + +Package: policykit-1 +Architecture: any +Depends: + consolekit [!linux-any], + dbus, + libpam-systemd [linux-any], + ${misc:Depends}, + ${shlibs:Depends}, +Multi-Arch: foreign +Description: framework for managing administrative policies and privileges + PolicyKit is an application-level toolkit for defining and handling the policy + that allows unprivileged processes to speak to privileged processes. + . + It is a framework for centralizing the decision making process with respect to + granting access to privileged operations for unprivileged (desktop) + applications. + +Package: policykit-1-doc +Architecture: all +Section: doc +Depends: + ${misc:Depends}, +Suggests: + devhelp, +Description: documentation for PolicyKit-1 + PolicyKit is a toolkit for defining and handling the policy that + allows unprivileged processes to speak to privileged processes. + . + This package contains the API documentation of PolicyKit. + +Package: libpolkit-gobject-1-0 +Architecture: any +Section: libs +Pre-Depends: + ${misc:Pre-Depends}, +Depends: + ${misc:Depends}, + ${shlibs:Depends}, +Multi-Arch: same +Description: PolicyKit Authorization API + PolicyKit is a toolkit for defining and handling the policy that + allows unprivileged processes to speak to privileged processes. + . + This package contains a library for accessing PolicyKit. + +Package: libpolkit-gobject-1-dev +Architecture: any +Section: libdevel +Depends: + gir1.2-polkit-1.0 (= ${binary:Version}), + libglib2.0-dev, + libpolkit-gobject-1-0 (= ${binary:Version}), + ${misc:Depends}, +Description: PolicyKit Authorization API - development files + PolicyKit is a toolkit for defining and handling the policy that + allows unprivileged processes to speak to privileged processes. + . + This package contains the development files for the library found in + libpolkit-gobject-1-0. + +Package: libpolkit-agent-1-0 +Architecture: any +Section: libs +Pre-Depends: + ${misc:Pre-Depends}, +Depends: + ${misc:Depends}, + ${shlibs:Depends}, +Multi-Arch: same +Description: PolicyKit Authentication Agent API + PolicyKit is a toolkit for defining and handling the policy that + allows unprivileged processes to speak to privileged processes. + . + This package contains a library for accessing the authentication agent. + +Package: libpolkit-agent-1-dev +Architecture: any +Section: libdevel +Depends: + gir1.2-polkit-1.0 (= ${binary:Version}), + libpolkit-agent-1-0 (= ${binary:Version}), + libpolkit-gobject-1-dev, + ${misc:Depends}, +Description: PolicyKit Authentication Agent API - development files + PolicyKit is a toolkit for defining and handling the policy that + allows unprivileged processes to speak to privileged processes. + . + This package contains the development files for the library found in + libpolkit-agent-1-0. + +Package: libpolkit-backend-1-0 +Architecture: any +Section: libs +Pre-Depends: + ${misc:Pre-Depends}, +Depends: + ${misc:Depends}, + ${shlibs:Depends}, +Multi-Arch: same +Description: PolicyKit backend API + PolicyKit is a toolkit for defining and handling the policy that + allows unprivileged processes to speak to privileged processes. + . + This package contains a library for implementing authentication backends. + +Package: libpolkit-backend-1-dev +Architecture: any +Section: libdevel +Depends: + libpolkit-backend-1-0 (= ${binary:Version}), + libpolkit-gobject-1-dev, + ${misc:Depends}, +Description: PolicyKit backend API - development files + PolicyKit is a toolkit for defining and handling the policy that + allows unprivileged processes to speak to privileged processes. + . + This package contains the development files for the library found in + libpolkit-backend-1-0. + +Package: gir1.2-polkit-1.0 +Section: introspection +Architecture: any +Depends: + ${gir:Depends}, + ${misc:Depends}, + ${shlibs:Depends}, +Provides: + gir1.2-polkitagent-1.0 (= ${binary:Version}), +Description: GObject introspection data for PolicyKit + PolicyKit is a toolkit for defining and handling the policy that + allows unprivileged processes to speak to privileged processes. + . + This package contains introspection data for PolicyKit. + . + It can be used by packages using the GIRepository format to generate + dynamic bindings. diff --git a/copyright b/copyright new file mode 100644 index 00000000..219c3c1e --- /dev/null +++ b/copyright @@ -0,0 +1,48 @@ +Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Upstream-Name: polkit +Source: https://www.freedesktop.org/software/polkit/releases/ + +Files: * +Copyright: 2008-2011 Red Hat, Inc. +License: LGPL-2.0+ + +Files: test/* +Copyright: 2011 Google Inc. +License: LGPL-2.0+ + +Files: test/mocklibc/src/* +Copyright: 2011 Google Inc. +License: Apache-2.0 + +License: LGPL-2.0+ + This package is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + . + This package is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + . + You should have received a copy of the GNU General Public License + along with this program. If not, see . + . + On Debian systems, the complete text of the GNU Lesser General + Public License can be found in "/usr/share/common-licenses/LGPL-2". + +License: Apache-2.0 + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + . + http://www.apache.org/licenses/LICENSE-2.0 + . + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + . + On Debian systems, the complete text of the Apache version 2.0 license + can be found in "/usr/share/common-licenses/Apache-2.0" diff --git a/gbp.conf b/gbp.conf new file mode 100644 index 00000000..eb7d2c17 --- /dev/null +++ b/gbp.conf @@ -0,0 +1,5 @@ +[DEFAULT] +pristine-tar = True +debian-branch = master +upstream-vcs-tag = %(version)s +patch-numbers = False diff --git a/gir1.2-polkit-1.0.install b/gir1.2-polkit-1.0.install new file mode 100644 index 00000000..9038727d --- /dev/null +++ b/gir1.2-polkit-1.0.install @@ -0,0 +1 @@ +usr/lib/*/girepository-1.0/ diff --git a/libpolkit-agent-1-0.install b/libpolkit-agent-1-0.install new file mode 100644 index 00000000..155da4ae --- /dev/null +++ b/libpolkit-agent-1-0.install @@ -0,0 +1 @@ +usr/lib/*/libpolkit-agent-1.so.* diff --git a/libpolkit-agent-1-0.symbols b/libpolkit-agent-1-0.symbols new file mode 100644 index 00000000..bf716dda --- /dev/null +++ b/libpolkit-agent-1-0.symbols @@ -0,0 +1,16 @@ +libpolkit-agent-1.so.0 libpolkit-agent-1-0 #MINVER# + polkit_agent_listener_get_type@Base 0.94 + polkit_agent_listener_initiate_authentication@Base 0.94 + polkit_agent_listener_initiate_authentication_finish@Base 0.94 + polkit_agent_listener_register@Base 0.99 + polkit_agent_listener_register_with_options@Base 0.105 + polkit_agent_listener_unregister@Base 0.99 + polkit_agent_register_flags_get_type@Base 0.99 + polkit_agent_register_listener@Base 0.94 + polkit_agent_session_cancel@Base 0.94 + polkit_agent_session_get_type@Base 0.94 + polkit_agent_session_initiate@Base 0.94 + polkit_agent_session_new@Base 0.94 + polkit_agent_session_response@Base 0.94 + polkit_agent_text_listener_get_type@Base 0.99 + polkit_agent_text_listener_new@Base 0.99 diff --git a/libpolkit-agent-1-dev.install b/libpolkit-agent-1-dev.install new file mode 100644 index 00000000..e3ec3555 --- /dev/null +++ b/libpolkit-agent-1-dev.install @@ -0,0 +1,5 @@ +usr/include/polkit-1/polkitagent/ +usr/lib/*/libpolkit-agent*.a +usr/lib/*/libpolkit-agent*.so +usr/lib/*/pkgconfig/polkit-agent*.pc +usr/share/gir-1.0/PolkitAgent-1.0.gir diff --git a/libpolkit-backend-1-0.install b/libpolkit-backend-1-0.install new file mode 100644 index 00000000..be99517c --- /dev/null +++ b/libpolkit-backend-1-0.install @@ -0,0 +1 @@ +usr/lib/*/libpolkit-backend-1.so.* diff --git a/libpolkit-backend-1-0.symbols b/libpolkit-backend-1-0.symbols new file mode 100644 index 00000000..28dca5bd --- /dev/null +++ b/libpolkit-backend-1-0.symbols @@ -0,0 +1,47 @@ +libpolkit-backend-1.so.0 libpolkit-backend-1-0 #MINVER# + polkit_backend_action_lookup_get_details@Base 0.94 + polkit_backend_action_lookup_get_icon_name@Base 0.94 + polkit_backend_action_lookup_get_message@Base 0.94 + polkit_backend_action_lookup_get_type@Base 0.94 + polkit_backend_action_pool_get_action@Base 0.94 + polkit_backend_action_pool_get_all_actions@Base 0.94 + polkit_backend_action_pool_get_type@Base 0.94 + polkit_backend_action_pool_new@Base 0.94 + polkit_backend_authority_authentication_agent_response@Base 0.94 + polkit_backend_authority_check_authorization@Base 0.94 + polkit_backend_authority_check_authorization_finish@Base 0.94 + polkit_backend_authority_enumerate_actions@Base 0.94 + polkit_backend_authority_enumerate_temporary_authorizations@Base 0.94 + polkit_backend_authority_get@Base 0.94 + polkit_backend_authority_get_features@Base 0.95 + polkit_backend_authority_get_name@Base 0.95 + polkit_backend_authority_get_type@Base 0.94 + polkit_backend_authority_get_version@Base 0.95 + polkit_backend_authority_log@Base 0.96 + polkit_backend_authority_register@Base 0.99 + polkit_backend_authority_register_authentication_agent@Base 0.94 + polkit_backend_authority_revoke_temporary_authorization_by_id@Base 0.94 + polkit_backend_authority_revoke_temporary_authorizations@Base 0.94 + polkit_backend_authority_unregister@Base 0.99 + polkit_backend_authority_unregister_authentication_agent@Base 0.94 + polkit_backend_config_source_get_boolean@Base 0.94 + polkit_backend_config_source_get_double@Base 0.94 + polkit_backend_config_source_get_integer@Base 0.94 + polkit_backend_config_source_get_string@Base 0.94 + polkit_backend_config_source_get_string_list@Base 0.94 + polkit_backend_config_source_get_type@Base 0.94 + polkit_backend_config_source_new@Base 0.94 + polkit_backend_interactive_authority_check_authorization_sync@Base 0.94 + polkit_backend_interactive_authority_get_admin_identities@Base 0.94 + polkit_backend_interactive_authority_get_type@Base 0.94 + polkit_backend_local_authority_get_type@Base 0.94 + polkit_backend_local_authorization_store_get_type@Base 0.94 + polkit_backend_local_authorization_store_lookup@Base 0.94 + polkit_backend_local_authorization_store_new@Base 0.94 + polkit_backend_session_monitor_get_session_for_subject@Base 0.94 + polkit_backend_session_monitor_get_sessions@Base 0.94 + polkit_backend_session_monitor_get_type@Base 0.94 + polkit_backend_session_monitor_get_user_for_subject@Base 0.94 + polkit_backend_session_monitor_is_session_active@Base 0.94 + polkit_backend_session_monitor_is_session_local@Base 0.94 + polkit_backend_session_monitor_new@Base 0.94 diff --git a/libpolkit-backend-1-dev.install b/libpolkit-backend-1-dev.install new file mode 100644 index 00000000..f93f6c4e --- /dev/null +++ b/libpolkit-backend-1-dev.install @@ -0,0 +1,4 @@ +usr/include/polkit-1/polkitbackend/ +usr/lib/*/libpolkit-backend*.a +usr/lib/*/libpolkit-backend*.so +usr/lib/*/pkgconfig/polkit-backend*.pc diff --git a/libpolkit-gobject-1-0.install b/libpolkit-gobject-1-0.install new file mode 100644 index 00000000..4afe8c35 --- /dev/null +++ b/libpolkit-gobject-1-0.install @@ -0,0 +1 @@ +usr/lib/*/libpolkit-gobject-1.so.* diff --git a/libpolkit-gobject-1-0.symbols b/libpolkit-gobject-1-0.symbols new file mode 100644 index 00000000..3eb7bafe --- /dev/null +++ b/libpolkit-gobject-1-0.symbols @@ -0,0 +1,148 @@ +libpolkit-gobject-1.so.0 libpolkit-gobject-1-0 #MINVER# + polkit_action_description_get_action_id@Base 0.94 + polkit_action_description_get_annotation@Base 0.94 + polkit_action_description_get_annotation_keys@Base 0.94 + polkit_action_description_get_description@Base 0.94 + polkit_action_description_get_icon_name@Base 0.94 + polkit_action_description_get_implicit_active@Base 0.94 + polkit_action_description_get_implicit_any@Base 0.94 + polkit_action_description_get_implicit_inactive@Base 0.94 + polkit_action_description_get_message@Base 0.94 + polkit_action_description_get_type@Base 0.94 + polkit_action_description_get_vendor_name@Base 0.94 + polkit_action_description_get_vendor_url@Base 0.94 + polkit_action_description_new@Base 0.99 + polkit_action_description_new_for_gvariant@Base 0.99 + polkit_action_description_to_gvariant@Base 0.99 + polkit_authority_authentication_agent_response@Base 0.94 + polkit_authority_authentication_agent_response_finish@Base 0.94 + polkit_authority_authentication_agent_response_sync@Base 0.94 + polkit_authority_check_authorization@Base 0.94 + polkit_authority_check_authorization_finish@Base 0.94 + polkit_authority_check_authorization_sync@Base 0.94 + polkit_authority_enumerate_actions@Base 0.94 + polkit_authority_enumerate_actions_finish@Base 0.94 + polkit_authority_enumerate_actions_sync@Base 0.94 + polkit_authority_enumerate_temporary_authorizations@Base 0.94 + polkit_authority_enumerate_temporary_authorizations_finish@Base 0.94 + polkit_authority_enumerate_temporary_authorizations_sync@Base 0.94 + polkit_authority_features_get_type@Base 0.95 + polkit_authority_get@Base 0.94 + polkit_authority_get_async@Base 0.99 + polkit_authority_get_backend_features@Base 0.95 + polkit_authority_get_backend_name@Base 0.95 + polkit_authority_get_backend_version@Base 0.95 + polkit_authority_get_finish@Base 0.99 + polkit_authority_get_owner@Base 0.99 + polkit_authority_get_sync@Base 0.99 + polkit_authority_get_type@Base 0.94 + polkit_authority_register_authentication_agent@Base 0.94 + polkit_authority_register_authentication_agent_finish@Base 0.94 + polkit_authority_register_authentication_agent_sync@Base 0.94 + polkit_authority_register_authentication_agent_with_options@Base 0.105 + polkit_authority_register_authentication_agent_with_options_finish@Base 0.105 + polkit_authority_register_authentication_agent_with_options_sync@Base 0.105 + polkit_authority_revoke_temporary_authorization_by_id@Base 0.94 + polkit_authority_revoke_temporary_authorization_by_id_finish@Base 0.94 + polkit_authority_revoke_temporary_authorization_by_id_sync@Base 0.94 + polkit_authority_revoke_temporary_authorizations@Base 0.94 + polkit_authority_revoke_temporary_authorizations_finish@Base 0.94 + polkit_authority_revoke_temporary_authorizations_sync@Base 0.94 + polkit_authority_unregister_authentication_agent@Base 0.94 + polkit_authority_unregister_authentication_agent_finish@Base 0.94 + polkit_authority_unregister_authentication_agent_sync@Base 0.94 + polkit_authorization_result_get_details@Base 0.94 + polkit_authorization_result_get_dismissed@Base 0.101 + polkit_authorization_result_get_is_authorized@Base 0.94 + polkit_authorization_result_get_is_challenge@Base 0.94 + polkit_authorization_result_get_retains_authorization@Base 0.94 + polkit_authorization_result_get_temporary_authorization_id@Base 0.94 + polkit_authorization_result_get_type@Base 0.94 + polkit_authorization_result_new@Base 0.94 + polkit_authorization_result_new_for_gvariant@Base 0.99 + polkit_authorization_result_to_gvariant@Base 0.99 + polkit_check_authorization_flags_get_type@Base 0.94 + polkit_details_get_keys@Base 0.94 + polkit_details_get_type@Base 0.94 + polkit_details_insert@Base 0.94 + polkit_details_lookup@Base 0.94 + polkit_details_new@Base 0.94 + polkit_details_new_for_gvariant@Base 0.99 + polkit_details_to_gvariant@Base 0.99 + polkit_error_get_type@Base 0.94 + polkit_error_quark@Base 0.94 + polkit_identity_equal@Base 0.94 + polkit_identity_from_string@Base 0.94 + polkit_identity_get_type@Base 0.94 + polkit_identity_hash@Base 0.94 + polkit_identity_new_for_gvariant@Base 0.99 + polkit_identity_to_gvariant@Base 0.99 + polkit_identity_to_string@Base 0.94 + polkit_implicit_authorization_from_string@Base 0.94 + polkit_implicit_authorization_get_type@Base 0.94 + polkit_implicit_authorization_to_string@Base 0.94 + polkit_permission_get_action_id@Base 0.99 + polkit_permission_get_subject@Base 0.99 + polkit_permission_get_type@Base 0.99 + polkit_permission_new@Base 0.99 + polkit_permission_new_finish@Base 0.99 + polkit_permission_new_sync@Base 0.99 + polkit_subject_equal@Base 0.94 + polkit_subject_exists@Base 0.94 + polkit_subject_exists_finish@Base 0.94 + polkit_subject_exists_sync@Base 0.94 + polkit_subject_from_string@Base 0.94 + polkit_subject_get_type@Base 0.94 + polkit_subject_hash@Base 0.94 + polkit_subject_new_for_gvariant@Base 0.99 + polkit_subject_to_gvariant@Base 0.99 + polkit_subject_to_string@Base 0.94 + polkit_system_bus_name_get_name@Base 0.94 + polkit_system_bus_name_get_process_sync@Base 0.95 + polkit_system_bus_name_get_type@Base 0.94 + polkit_system_bus_name_get_user_sync@Base 0.105-12~ + polkit_system_bus_name_new@Base 0.94 + polkit_system_bus_name_set_name@Base 0.94 + polkit_temporary_authorization_get_action_id@Base 0.94 + polkit_temporary_authorization_get_id@Base 0.94 + polkit_temporary_authorization_get_subject@Base 0.94 + polkit_temporary_authorization_get_time_expires@Base 0.94 + polkit_temporary_authorization_get_time_obtained@Base 0.94 + polkit_temporary_authorization_get_type@Base 0.94 + polkit_temporary_authorization_new@Base 0.94 + polkit_temporary_authorization_new_for_gvariant@Base 0.99 + polkit_temporary_authorization_to_gvariant@Base 0.99 + polkit_unix_group_get_gid@Base 0.94 + polkit_unix_group_get_type@Base 0.94 + polkit_unix_group_new@Base 0.94 + polkit_unix_group_new_for_name@Base 0.94 + polkit_unix_group_set_gid@Base 0.94 + polkit_unix_netgroup_get_name@Base 0.104 + polkit_unix_netgroup_get_type@Base 0.104 + polkit_unix_netgroup_new@Base 0.104 + polkit_unix_netgroup_set_name@Base 0.104 + polkit_unix_process_get_owner@Base 0.94 + polkit_unix_process_get_pid@Base 0.94 + polkit_unix_process_get_racy_uid__@Base 0.105-21~ + polkit_unix_process_get_start_time@Base 0.94 + polkit_unix_process_get_type@Base 0.94 + polkit_unix_process_get_uid@Base 0.101 + polkit_unix_process_new@Base 0.94 + polkit_unix_process_new_for_owner@Base 0.101 + polkit_unix_process_new_full@Base 0.94 + polkit_unix_process_set_pid@Base 0.94 + polkit_unix_process_set_start_time@Base 0.101 + polkit_unix_process_set_uid@Base 0.101 + polkit_unix_session_get_session_id@Base 0.94 + polkit_unix_session_get_type@Base 0.94 + polkit_unix_session_new@Base 0.94 + polkit_unix_session_new_for_process@Base 0.94 + polkit_unix_session_new_for_process_finish@Base 0.94 + polkit_unix_session_new_for_process_sync@Base 0.94 + polkit_unix_session_set_session_id@Base 0.94 + polkit_unix_user_get_name@Base 0.104 + polkit_unix_user_get_type@Base 0.94 + polkit_unix_user_get_uid@Base 0.94 + polkit_unix_user_new@Base 0.94 + polkit_unix_user_new_for_name@Base 0.94 + polkit_unix_user_set_uid@Base 0.94 diff --git a/libpolkit-gobject-1-dev.install b/libpolkit-gobject-1-dev.install new file mode 100644 index 00000000..e571609d --- /dev/null +++ b/libpolkit-gobject-1-dev.install @@ -0,0 +1,5 @@ +usr/include/polkit-1/polkit/ +usr/lib/*/libpolkit-gobject*.a +usr/lib/*/libpolkit-gobject*.so +usr/lib/*/pkgconfig/polkit-gobject*.pc +usr/share/gir-1.0/Polkit-1.0.gir diff --git a/patches/0.106/agenthelper-pam-Fix-newline-trimming-code.patch b/patches/0.106/agenthelper-pam-Fix-newline-trimming-code.patch new file mode 100644 index 00000000..0515b535 --- /dev/null +++ b/patches/0.106/agenthelper-pam-Fix-newline-trimming-code.patch @@ -0,0 +1,43 @@ +From: Colin Walters +Date: Wed, 6 Jun 2012 09:05:14 -0400 +Subject: agenthelper-pam: Fix newline-trimming code + +First, we were using == instead of =, as the author probably intended. +But after changing that, we're now assigning to const memory. Fix +that by writing to a temporary string buffer. + +Signed-off-by: David Zeuthen +Origin: upstream, 0.106, commit:14121fda7e4fa9463c66ce419cc32be7e7f3b535 +--- + src/polkitagent/polkitagenthelper-pam.c | 11 ++++++++--- + 1 file changed, 8 insertions(+), 3 deletions(-) + +diff --git a/src/polkitagent/polkitagenthelper-pam.c b/src/polkitagent/polkitagenthelper-pam.c +index 85a2671..7af5321 100644 +--- a/src/polkitagent/polkitagenthelper-pam.c ++++ b/src/polkitagent/polkitagenthelper-pam.c +@@ -227,6 +227,8 @@ conversation_function (int n, const struct pam_message **msg, struct pam_respons + char buf[PAM_MAX_RESP_SIZE]; + int i; + gchar *escaped = NULL; ++ gchar *tmp = NULL; ++ size_t len; + + data = data; + if (n <= 0 || n > PAM_MAX_NUM_MSG) +@@ -258,9 +260,12 @@ conversation_function (int n, const struct pam_message **msg, struct pam_respons + #ifdef PAH_DEBUG + fprintf (stderr, "polkit-agent-helper-1: writing `%s' to stdout\n", msg[i]->msg); + #endif /* PAH_DEBUG */ +- if (strlen (msg[i]->msg) > 0 && msg[i]->msg[strlen (msg[i]->msg) - 1] == '\n') +- msg[i]->msg[strlen (msg[i]->msg) - 1] == '\0'; +- escaped = g_strescape (msg[i]->msg, NULL); ++ tmp = g_strdup (msg[i]->msg); ++ len = strlen (tmp); ++ if (len > 0 && tmp[len - 1] == '\n') ++ tmp[len - 1] = '\0'; ++ escaped = g_strescape (tmp, NULL); ++ g_free (tmp); + fputs (escaped, stdout); + g_free (escaped); + #ifdef PAH_DEBUG diff --git a/patches/0.108/build-Fix-.gir-generation-for-parallel-make.patch b/patches/0.108/build-Fix-.gir-generation-for-parallel-make.patch new file mode 100644 index 00000000..58f6fbbd --- /dev/null +++ b/patches/0.108/build-Fix-.gir-generation-for-parallel-make.patch @@ -0,0 +1,41 @@ +From: Ryan Lortie +Date: Tue, 13 Nov 2012 11:50:14 -0500 +Subject: build: Fix .gir generation for parallel make + +As per the intructions in the introspection Makefile, we should have a +line declaring a dependency between the .gir and .la files. + +Bug: https://bugs.freedesktop.org/show_bug.cgi?id=57077 +Signed-off-by: David Zeuthen +Bug-Debian: https://bugs.debian.org/894205 +--- + src/polkit/Makefile.am | 2 ++ + src/polkitagent/Makefile.am | 2 ++ + 2 files changed, 4 insertions(+) + +diff --git a/src/polkit/Makefile.am b/src/polkit/Makefile.am +index 1068ea1..41ccf5c 100644 +--- a/src/polkit/Makefile.am ++++ b/src/polkit/Makefile.am +@@ -106,6 +106,8 @@ if HAVE_INTROSPECTION + + INTROSPECTION_GIRS = Polkit-1.0.gir + ++Polkit-1.0.gir: libpolkit-gobject-1.la ++ + girdir = $(INTROSPECTION_GIRDIR) + gir_DATA = Polkit-1.0.gir + +diff --git a/src/polkitagent/Makefile.am b/src/polkitagent/Makefile.am +index e8c9fb1..7b51137 100644 +--- a/src/polkitagent/Makefile.am ++++ b/src/polkitagent/Makefile.am +@@ -106,6 +106,8 @@ if HAVE_INTROSPECTION + girdir = $(INTROSPECTION_GIRDIR) + gir_DATA = PolkitAgent-1.0.gir + ++PolkitAgent-1.0.gir: libpolkit-agent-1.la ++ + typelibsdir = $(INTROSPECTION_TYPELIBDIR) + typelibs_DATA = PolkitAgent-1.0.typelib + diff --git a/patches/0.110/04_get_cwd.patch b/patches/0.110/04_get_cwd.patch new file mode 100644 index 00000000..acaa68d5 --- /dev/null +++ b/patches/0.110/04_get_cwd.patch @@ -0,0 +1,40 @@ +From: Emilio Pozuelo Monfort +Date: Sat, 26 Mar 2011 07:28:14 +0000 +Subject: Fix build on GNU Hurd + +Bug: https://bugs.freedesktop.org/show_bug.cgi?id=35685 +Applied-upstream: 0.110, commit:d6de13e12379826af8ca9355a32da48707b9831f +--- + src/programs/pkexec.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c +index 7fafa14..682fe95 100644 +--- a/src/programs/pkexec.c ++++ b/src/programs/pkexec.c +@@ -53,7 +53,7 @@ + #include + + static gchar *original_user_name = NULL; +-static gchar original_cwd[PATH_MAX]; ++static gchar *original_cwd; + static gchar *command_line = NULL; + static struct passwd *pw; + +@@ -465,7 +465,7 @@ main (int argc, char *argv[]) + goto out; + } + +- if (getcwd (original_cwd, sizeof (original_cwd)) == NULL) ++ if ((original_cwd = g_get_current_dir ()) == NULL) + { + g_printerr ("Error getting cwd: %s\n", + g_strerror (errno)); +@@ -953,6 +953,7 @@ main (int argc, char *argv[]) + g_ptr_array_free (saved_env, TRUE); + } + ++ g_free (original_cwd); + g_free (path); + g_free (command_line); + g_free (opt_user); diff --git a/patches/0.110/07_set-XAUTHORITY-environment-variable-if-unset.patch b/patches/0.110/07_set-XAUTHORITY-environment-variable-if-unset.patch new file mode 100644 index 00000000..1ddf78ca --- /dev/null +++ b/patches/0.110/07_set-XAUTHORITY-environment-variable-if-unset.patch @@ -0,0 +1,58 @@ +From: David Zeuthen +Date: Wed, 19 Dec 2012 14:28:29 -0500 +Subject: Set XAUTHORITY environment variable if is unset + +The way it works is that if XAUTHORITY is unset, then its default +value is $HOME/.Xauthority. But since we're changing user identity +this will not work since $HOME will now change. Therefore, if +XAUTHORITY is unset, just set its default value before changing +identity. This bug only affected login managers using X Window +Authorization but not explicitly setting the XAUTHORITY variable. + +You can argue that XAUTHORITY is broken since it forces uid-changing +apps like pkexec(1) to do more work - and get involved in intimate +details of how X works and so on - but that doesn't change how things +work. + +Based on a patch from Peter Wu . + +Bug: https://bugs.freedesktop.org/show_bug.cgi?id=51623 +Signed-off-by: David Zeuthen +Origin: upstream, 0.110, commit:d6acecdd0ebb42e28ff28e04e0207cb01fa20910 +--- + src/programs/pkexec.c | 22 ++++++++++++++++++++++ + 1 file changed, 22 insertions(+) + +diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c +index 373977b..7fafa14 100644 +--- a/src/programs/pkexec.c ++++ b/src/programs/pkexec.c +@@ -597,6 +597,28 @@ main (int argc, char *argv[]) + g_ptr_array_add (saved_env, g_strdup (value)); + } + ++ /* $XAUTHORITY is "special" - if unset, we need to set it to ~/.Xauthority. Yes, ++ * this is broken but it's unfortunately how things work (see fdo #51623 for ++ * details) ++ */ ++ if (g_getenv ("XAUTHORITY") == NULL) ++ { ++ const gchar *home; ++ ++ /* pre-2.36 GLib does not examine $HOME (it always looks in /etc/passwd) and ++ * this is not what we want ++ */ ++ home = g_getenv ("HOME"); ++ if (home == NULL) ++ home = g_get_home_dir (); ++ ++ if (home != NULL) ++ { ++ g_ptr_array_add (saved_env, g_strdup ("XAUTHORITY")); ++ g_ptr_array_add (saved_env, g_build_filename (home, ".Xauthority", NULL)); ++ } ++ } ++ + /* Nuke the environment to get a well-known and sanitized environment to avoid attacks + * via e.g. the DBUS_SYSTEM_BUS_ADDRESS environment variable and similar. + */ diff --git a/patches/0.111/09_pam_environment.patch b/patches/0.111/09_pam_environment.patch new file mode 100644 index 00000000..793efee6 --- /dev/null +++ b/patches/0.111/09_pam_environment.patch @@ -0,0 +1,43 @@ +From: Steve Langasek +Date: Fri, 8 Mar 2013 12:00:00 +0100 +Subject: pkexec: Set process environment from pam_getenvlist() + +Various pam modules provide environment variables that are intended to be set +in the environment of the pam session. pkexec needs to process the output of +pam_getenvlist() to get these. + +Bug: https://bugs.freedesktop.org/show_bug.cgi?id=62016 +Applied-upstream: 0.111, commit:5aef9722c15a350fbf8b20a3b58419f156cc7c98 +Bug-Ubuntu: https://bugs.launchpad.net/bugs/982684 +--- + src/programs/pkexec.c | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c +index 682fe95..9a0570a 100644 +--- a/src/programs/pkexec.c ++++ b/src/programs/pkexec.c +@@ -145,6 +145,7 @@ open_session (const gchar *user_to_auth) + gboolean ret; + gint rc; + pam_handle_t *pam_h; ++ char **envlist; + struct pam_conv conversation; + + ret = FALSE; +@@ -176,6 +177,15 @@ open_session (const gchar *user_to_auth) + + ret = TRUE; + ++ envlist = pam_getenvlist (pam_h); ++ if (envlist != NULL) ++ { ++ guint n; ++ for (n = 0; envlist[n]; n++) ++ putenv (envlist[n]); ++ free (envlist); ++ } ++ + out: + if (pam_h != NULL) + pam_end (pam_h, rc); diff --git a/patches/0.111/Fix-a-memory-leak.patch b/patches/0.111/Fix-a-memory-leak.patch new file mode 100644 index 00000000..9aa66bf4 --- /dev/null +++ b/patches/0.111/Fix-a-memory-leak.patch @@ -0,0 +1,22 @@ +From: =?utf-8?q?Miloslav_Trma=C4=8D?= +Date: Tue, 7 May 2013 22:30:25 +0200 +Subject: Fix a memory leak + +Bug: https://bugs.freedesktop.org/show_bug.cgi?id=64336 +Origin: upstream, 0.111, commit:d7b6ab40b586c255c49aba22f558eb6602c88b1e +--- + src/polkitagent/polkitagenthelper-pam.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/polkitagent/polkitagenthelper-pam.c b/src/polkitagent/polkitagenthelper-pam.c +index 7af5321..292abbe 100644 +--- a/src/polkitagent/polkitagenthelper-pam.c ++++ b/src/polkitagent/polkitagenthelper-pam.c +@@ -321,6 +321,7 @@ error: + } + } + memset (aresp, 0, n * sizeof *aresp); ++ free (aresp); + *resp = NULL; + return PAM_CONV_ERR; + } diff --git a/patches/0.112/00git_type_registration.patch b/patches/0.112/00git_type_registration.patch new file mode 100644 index 00000000..3936801f --- /dev/null +++ b/patches/0.112/00git_type_registration.patch @@ -0,0 +1,118 @@ +From: Tomas Bzatek +Date: Wed, 29 May 2013 13:45:31 +0000 +Subject: Use GOnce for interface type registration + +Static local variable may not be enough since it doesn't provide locking. + +Related to these udisksd warnings: + GLib-GObject-WARNING **: cannot register existing type `PolkitSubject' + +Thanks to Hans de Goede for spotting this! + +Bug: https://bugs.freedesktop.org/show_bug.cgi?id=65130 +Origin: upstream, 0.112, commit:20ad116a6582e57d20f9d8197758947918753a4c +--- + src/polkit/polkitidentity.c | 10 ++++++---- + src/polkit/polkitsubject.c | 10 ++++++---- + src/polkitbackend/polkitbackendactionlookup.c | 10 ++++++---- + 3 files changed, 18 insertions(+), 12 deletions(-) + +diff --git a/src/polkit/polkitidentity.c b/src/polkit/polkitidentity.c +index dd15b2f..7813c2c 100644 +--- a/src/polkit/polkitidentity.c ++++ b/src/polkit/polkitidentity.c +@@ -49,9 +49,9 @@ base_init (gpointer g_iface) + GType + polkit_identity_get_type (void) + { +- static GType iface_type = 0; ++ static volatile gsize g_define_type_id__volatile = 0; + +- if (iface_type == 0) ++ if (g_once_init_enter (&g_define_type_id__volatile)) + { + static const GTypeInfo info = + { +@@ -67,12 +67,14 @@ polkit_identity_get_type (void) + NULL /* value_table */ + }; + +- iface_type = g_type_register_static (G_TYPE_INTERFACE, "PolkitIdentity", &info, 0); ++ GType iface_type = ++ g_type_register_static (G_TYPE_INTERFACE, "PolkitIdentity", &info, 0); + + g_type_interface_add_prerequisite (iface_type, G_TYPE_OBJECT); ++ g_once_init_leave (&g_define_type_id__volatile, iface_type); + } + +- return iface_type; ++ return g_define_type_id__volatile; + } + + /** +diff --git a/src/polkit/polkitsubject.c b/src/polkit/polkitsubject.c +index d2c4c20..aed5795 100644 +--- a/src/polkit/polkitsubject.c ++++ b/src/polkit/polkitsubject.c +@@ -50,9 +50,9 @@ base_init (gpointer g_iface) + GType + polkit_subject_get_type (void) + { +- static GType iface_type = 0; ++ static volatile gsize g_define_type_id__volatile = 0; + +- if (iface_type == 0) ++ if (g_once_init_enter (&g_define_type_id__volatile)) + { + static const GTypeInfo info = + { +@@ -68,12 +68,14 @@ polkit_subject_get_type (void) + NULL /* value_table */ + }; + +- iface_type = g_type_register_static (G_TYPE_INTERFACE, "PolkitSubject", &info, 0); ++ GType iface_type = ++ g_type_register_static (G_TYPE_INTERFACE, "PolkitSubject", &info, 0); + + g_type_interface_add_prerequisite (iface_type, G_TYPE_OBJECT); ++ g_once_init_leave (&g_define_type_id__volatile, iface_type); + } + +- return iface_type; ++ return g_define_type_id__volatile; + } + + /** +diff --git a/src/polkitbackend/polkitbackendactionlookup.c b/src/polkitbackend/polkitbackendactionlookup.c +index 5a1a228..20747e7 100644 +--- a/src/polkitbackend/polkitbackendactionlookup.c ++++ b/src/polkitbackend/polkitbackendactionlookup.c +@@ -74,9 +74,9 @@ base_init (gpointer g_iface) + GType + polkit_backend_action_lookup_get_type (void) + { +- static GType iface_type = 0; ++ static volatile gsize g_define_type_id__volatile = 0; + +- if (iface_type == 0) ++ if (g_once_init_enter (&g_define_type_id__volatile)) + { + static const GTypeInfo info = + { +@@ -92,12 +92,14 @@ polkit_backend_action_lookup_get_type (void) + NULL /* value_table */ + }; + +- iface_type = g_type_register_static (G_TYPE_INTERFACE, "PolkitBackendActionLookup", &info, 0); ++ GType iface_type = ++ g_type_register_static (G_TYPE_INTERFACE, "PolkitBackendActionLookup", &info, 0); + + g_type_interface_add_prerequisite (iface_type, G_TYPE_OBJECT); ++ g_once_init_leave (&g_define_type_id__volatile, iface_type); + } + +- return iface_type; ++ return g_define_type_id__volatile; + } + + /** diff --git a/patches/0.112/08_deprecate_racy_APIs.patch b/patches/0.112/08_deprecate_racy_APIs.patch new file mode 100644 index 00000000..725a44a2 --- /dev/null +++ b/patches/0.112/08_deprecate_racy_APIs.patch @@ -0,0 +1,27 @@ +From: Colin Walters +Date: Tue, 20 Aug 2013 15:15:31 -0400 +Subject: polkitunixprocess: Deprecate racy APIs + +It's only safe for processes to be created with their owning uid, +(without kernel support, which we don't have). Anything else is +subject to clients exec()ing setuid binaries after the fact. + +Origin: upstream, 0.112, commit:08291789a1f99d4ab29c74c39344304bcca43023 +--- + src/polkit/polkitunixprocess.h | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/polkit/polkitunixprocess.h b/src/polkit/polkitunixprocess.h +index 531a57d..f5ed1a7 100644 +--- a/src/polkit/polkitunixprocess.h ++++ b/src/polkit/polkitunixprocess.h +@@ -47,7 +47,9 @@ typedef struct _PolkitUnixProcess PolkitUnixProcess; + typedef struct _PolkitUnixProcessClass PolkitUnixProcessClass; + + GType polkit_unix_process_get_type (void) G_GNUC_CONST; ++G_GNUC_DEPRECATED_FOR(polkit_unix_process_new_for_owner) + PolkitSubject *polkit_unix_process_new (gint pid); ++G_GNUC_DEPRECATED_FOR(polkit_unix_process_new_for_owner) + PolkitSubject *polkit_unix_process_new_full (gint pid, + guint64 start_time); + PolkitSubject *polkit_unix_process_new_for_owner (gint pid, diff --git a/patches/0.112/cve-2013-4288.patch b/patches/0.112/cve-2013-4288.patch new file mode 100644 index 00000000..207bcf04 --- /dev/null +++ b/patches/0.112/cve-2013-4288.patch @@ -0,0 +1,116 @@ +From: Colin Walters +Date: Mon, 19 Aug 2013 12:16:11 -0400 +Subject: pkcheck: Support --process=pid,start-time,uid syntax too + +The uid is a new addition; this allows callers such as libvirt to +close a race condition in reading the uid of the process talking to +them. They can read it via getsockopt(SO_PEERCRED) or equivalent, +rather than having pkcheck look at /proc later after the fact. + +Programs which invoke pkcheck but need to know beforehand (i.e. at +compile time) whether or not it supports passing the uid can +use: + +pkcheck_supports_uid=$($PKG_CONFIG --variable pkcheck_supports_uid polkit-gobject-1) +test x$pkcheck_supports_uid = xyes + +Origin: upstream, 0.112, commit:3968411b0c7ba193f9b9276ec911692aec248608 +--- + data/polkit-gobject-1.pc.in | 3 +++ + docs/man/pkcheck.xml | 29 ++++++++++++++++++++--------- + src/programs/pkcheck.c | 7 ++++++- + 3 files changed, 29 insertions(+), 10 deletions(-) + +diff --git a/data/polkit-gobject-1.pc.in b/data/polkit-gobject-1.pc.in +index c39677d..5c4c620 100644 +--- a/data/polkit-gobject-1.pc.in ++++ b/data/polkit-gobject-1.pc.in +@@ -11,3 +11,6 @@ Version: @VERSION@ + Libs: -L${libdir} -lpolkit-gobject-1 + Cflags: -I${includedir}/polkit-1 + Requires: gio-2.0 >= 2.18 glib-2.0 >= 2.18 ++# Programs using pkcheck can use this to determine ++# whether or not it can be passed a uid. ++pkcheck_supports_uid=true +diff --git a/docs/man/pkcheck.xml b/docs/man/pkcheck.xml +index 6b8a874..508447e 100644 +--- a/docs/man/pkcheck.xml ++++ b/docs/man/pkcheck.xml +@@ -55,6 +55,9 @@ + + pid,pid-start-time + ++ ++ pid,pid-start-time,uid ++ + + + +@@ -90,7 +93,7 @@ + DESCRIPTION + + pkcheck is used to check whether a process, specified by +- either or , ++ either (see below) or , + is authorized for action. The + option can be used zero or more times to pass details about action. + If is passed, pkcheck blocks +@@ -160,17 +163,25 @@ KEY3=VALUE3 + + NOTES + +- Since process identifiers can be recycled, the caller should always use +- pid,pid-start-time to specify the process +- to check for authorization when using the option. +- The value of pid-start-time +- can be determined by consulting e.g. the ++ Do not use either the bare pid or ++ pid,start-time syntax forms for ++ . There are race conditions in both. ++ New code should always use ++ pid,pid-start-time,uid. The value of ++ start-time can be determined by ++ consulting e.g. the + + proc5 + +- file system depending on the operating system. If only pid +- is passed to the option, then pkcheck +- will look up the start time itself but note that this may be racy. ++ file system depending on the operating system. If fewer than 3 ++ arguments are passed, pkcheck will attempt to ++ look up them up internally, but note that this may be racy. ++ ++ ++ If your program is a daemon with e.g. a custom Unix domain ++ socket, you should determine the uid ++ parameter via operating system mechanisms such as ++ PEERCRED. + + + +diff --git a/src/programs/pkcheck.c b/src/programs/pkcheck.c +index 719a36c..057e926 100644 +--- a/src/programs/pkcheck.c ++++ b/src/programs/pkcheck.c +@@ -372,6 +372,7 @@ main (int argc, char *argv[]) + else if (g_strcmp0 (argv[n], "--process") == 0 || g_strcmp0 (argv[n], "-p") == 0) + { + gint pid; ++ guint uid; + guint64 pid_start_time; + + n++; +@@ -381,7 +382,11 @@ main (int argc, char *argv[]) + goto out; + } + +- if (sscanf (argv[n], "%i,%" G_GUINT64_FORMAT, &pid, &pid_start_time) == 2) ++ if (sscanf (argv[n], "%i,%" G_GUINT64_FORMAT ",%u", &pid, &pid_start_time, &uid) == 3) ++ { ++ subject = polkit_unix_process_new_for_owner (pid, pid_start_time, uid); ++ } ++ else if (sscanf (argv[n], "%i,%" G_GUINT64_FORMAT, &pid, &pid_start_time) == 2) + { + subject = polkit_unix_process_new_full (pid, pid_start_time); + } diff --git a/patches/0.113/00git_fix_memleak.patch b/patches/0.113/00git_fix_memleak.patch new file mode 100644 index 00000000..4283345a --- /dev/null +++ b/patches/0.113/00git_fix_memleak.patch @@ -0,0 +1,26 @@ +From: "Max A. Dednev" +Date: Sun, 11 Jan 2015 20:00:44 -0500 +Subject: authority: Fix memory leak in EnumerateActions call results handler + +Policykit-1 doesn't release reference counters of GVariant data for +org.freedesktop.PolicyKit1.Authority.EnumerateActions dbus call. This +patch fixed reference counting and following memory leak. + +Bug: https://bugs.freedesktop.org/show_bug.cgi?id=88288 +Origin: upstream, 0.113, commit:f4d71e0de885010494b8b0b8d62ca910011d7544 +--- + src/polkit/polkitauthority.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/src/polkit/polkitauthority.c b/src/polkit/polkitauthority.c +index 9947cf3..84dab72 100644 +--- a/src/polkit/polkitauthority.c ++++ b/src/polkit/polkitauthority.c +@@ -715,7 +715,6 @@ polkit_authority_enumerate_actions_finish (PolkitAuthority *authority, + while ((child = g_variant_iter_next_value (&iter)) != NULL) + { + ret = g_list_prepend (ret, polkit_action_description_new_for_gvariant (child)); +- g_variant_ref_sink (child); + g_variant_unref (child); + } + ret = g_list_reverse (ret); diff --git a/patches/0.113/00git_invalid_object_paths.patch b/patches/0.113/00git_invalid_object_paths.patch new file mode 100644 index 00000000..088d170a --- /dev/null +++ b/patches/0.113/00git_invalid_object_paths.patch @@ -0,0 +1,116 @@ +From: Colin Walters +Date: Sat, 30 May 2015 09:06:23 -0400 +Subject: CVE-2015-3218: backend: Handle invalid object paths in + RegisterAuthenticationAgent +MIME-Version: 1.0 +Content-Type: text/plain; charset="utf-8" +Content-Transfer-Encoding: 8bit + +Properly propagate the error, otherwise we dereference a `NULL` +pointer. This is a local, authenticated DoS. + +`RegisterAuthenticationAgentWithOptions` and +`UnregisterAuthentication` have been validated to not need changes for +this. + +http://lists.freedesktop.org/archives/polkit-devel/2015-May/000420.html + +Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90829 +Bug-Debian: https://bugs.debian.org/787932 +Reported-by: Tavis Ormandy +Reviewed-by: Philip Withnall +Reviewed-by: Miloslav Trmač +Signed-off-by: Colin Walters +Origin: upstream, 0.113, commit:48e646918efb2bf0b3b505747655726d7869f31c +--- + .../polkitbackendinteractiveauthority.c | 53 ++++++++++++---------- + 1 file changed, 30 insertions(+), 23 deletions(-) + +diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c +index b237e9d..25e13fb 100644 +--- a/src/polkitbackend/polkitbackendinteractiveauthority.c ++++ b/src/polkitbackend/polkitbackendinteractiveauthority.c +@@ -1558,36 +1558,42 @@ authentication_agent_new (PolkitSubject *scope, + const gchar *unique_system_bus_name, + const gchar *locale, + const gchar *object_path, +- GVariant *registration_options) ++ GVariant *registration_options, ++ GError **error) + { + AuthenticationAgent *agent; +- GError *error; ++ GDBusProxy *proxy; + +- agent = g_new0 (AuthenticationAgent, 1); ++ if (!g_variant_is_object_path (object_path)) ++ { ++ g_set_error (error, POLKIT_ERROR, POLKIT_ERROR_FAILED, ++ "Invalid object path '%s'", object_path); ++ return NULL; ++ } ++ ++ proxy = g_dbus_proxy_new_for_bus_sync (G_BUS_TYPE_SYSTEM, ++ G_DBUS_PROXY_FLAGS_DO_NOT_LOAD_PROPERTIES | ++ G_DBUS_PROXY_FLAGS_DO_NOT_CONNECT_SIGNALS, ++ NULL, /* GDBusInterfaceInfo* */ ++ unique_system_bus_name, ++ object_path, ++ "org.freedesktop.PolicyKit1.AuthenticationAgent", ++ NULL, /* GCancellable* */ ++ error); ++ if (proxy == NULL) ++ { ++ g_prefix_error (error, "Failed to construct proxy for agent: " ); ++ return NULL; ++ } + ++ agent = g_new0 (AuthenticationAgent, 1); + agent->ref_count = 1; + agent->scope = g_object_ref (scope); + agent->object_path = g_strdup (object_path); + agent->unique_system_bus_name = g_strdup (unique_system_bus_name); + agent->locale = g_strdup (locale); + agent->registration_options = registration_options != NULL ? g_variant_ref (registration_options) : NULL; +- +- error = NULL; +- agent->proxy = g_dbus_proxy_new_for_bus_sync (G_BUS_TYPE_SYSTEM, +- G_DBUS_PROXY_FLAGS_DO_NOT_LOAD_PROPERTIES | +- G_DBUS_PROXY_FLAGS_DO_NOT_CONNECT_SIGNALS, +- NULL, /* GDBusInterfaceInfo* */ +- agent->unique_system_bus_name, +- agent->object_path, +- "org.freedesktop.PolicyKit1.AuthenticationAgent", +- NULL, /* GCancellable* */ +- &error); +- if (agent->proxy == NULL) +- { +- g_warning ("Error constructing proxy for agent: %s", error->message); +- g_error_free (error); +- /* TODO: Make authentication_agent_new() return NULL and set a GError */ +- } ++ agent->proxy = proxy; + + return agent; + } +@@ -2234,8 +2240,6 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken + caller_cmdline = NULL; + agent = NULL; + +- /* TODO: validate that object path is well-formed */ +- + interactive_authority = POLKIT_BACKEND_INTERACTIVE_AUTHORITY (authority); + priv = POLKIT_BACKEND_INTERACTIVE_AUTHORITY_GET_PRIVATE (interactive_authority); + +@@ -2322,7 +2326,10 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken + polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (caller)), + locale, + object_path, +- options); ++ options, ++ error); ++ if (!agent) ++ goto out; + + g_hash_table_insert (priv->hash_scope_to_authentication_agent, + g_object_ref (subject), diff --git a/patches/0.113/03_PolkitAgentSession-fix-race-between-child-and-io-wat.patch b/patches/0.113/03_PolkitAgentSession-fix-race-between-child-and-io-wat.patch new file mode 100644 index 00000000..956099b6 --- /dev/null +++ b/patches/0.113/03_PolkitAgentSession-fix-race-between-child-and-io-wat.patch @@ -0,0 +1,120 @@ +From: Rui Matos +Date: Thu, 6 Feb 2014 18:41:18 +0100 +Subject: PolkitAgentSession: fix race between child and io watches + +The helper flushes and fdatasyncs stdout and stderr before terminating +but this doesn't guarantee that our io watch is called before our +child watch. This means that we can end up with a successful return +from the helper which we still report as a failure. + +If we add G_IO_HUP and G_IO_ERR to the conditions we look for in the +io watch and the child terminates we still run the io watch handler +which will complete the session. + +This means that the child watch is in fact needless and we can remove +it. + +Bug: https://bugs.freedesktop.org/show_bug.cgi?id=60847 +Origin: upstream, 0.113, commit:7650ad1e08ab13bdb461783c4995d186d9392840 +Bug: http://bugs.freedesktop.org/show_bug.cgi?id=30515 +Bug-Ubuntu: https://launchpad.net/bugs/649939 +Bug-Ubuntu: https://launchpad.net/bugs/445303 +--- + src/polkitagent/polkitagentsession.c | 47 +++++++++--------------------------- + 1 file changed, 11 insertions(+), 36 deletions(-) + +diff --git a/src/polkitagent/polkitagentsession.c b/src/polkitagent/polkitagentsession.c +index 8129cd9..a658a22 100644 +--- a/src/polkitagent/polkitagentsession.c ++++ b/src/polkitagent/polkitagentsession.c +@@ -92,7 +92,6 @@ struct _PolkitAgentSession + int child_stdout; + GPid child_pid; + +- GSource *child_watch_source; + GSource *child_stdout_watch_source; + GIOChannel *child_stdout_channel; + +@@ -377,13 +376,6 @@ kill_helper (PolkitAgentSession *session) + session->child_pid = 0; + } + +- if (session->child_watch_source != NULL) +- { +- g_source_destroy (session->child_watch_source); +- g_source_unref (session->child_watch_source); +- session->child_watch_source = NULL; +- } +- + if (session->child_stdout_watch_source != NULL) + { + g_source_destroy (session->child_stdout_watch_source); +@@ -429,26 +421,6 @@ complete_session (PolkitAgentSession *session, + } + } + +-static void +-child_watch_func (GPid pid, +- gint status, +- gpointer user_data) +-{ +- PolkitAgentSession *session = POLKIT_AGENT_SESSION (user_data); +- +- if (G_UNLIKELY (_show_debug ())) +- { +- g_print ("PolkitAgentSession: in child_watch_func for pid %d (WIFEXITED=%d WEXITSTATUS=%d)\n", +- (gint) pid, +- WIFEXITED(status), +- WEXITSTATUS(status)); +- } +- +- /* kill all the watches we have set up, except for the child since it has exited already */ +- session->child_pid = 0; +- complete_session (session, FALSE); +-} +- + static gboolean + io_watch_have_data (GIOChannel *channel, + GIOCondition condition, +@@ -475,10 +447,13 @@ io_watch_have_data (GIOChannel *channel, + NULL, + NULL, + &error); +- if (error != NULL) ++ if (error != NULL || line == NULL) + { +- g_warning ("Error reading line from helper: %s", error->message); +- g_error_free (error); ++ /* In case we get just G_IO_HUP, line is NULL but error is ++ unset.*/ ++ g_warning ("Error reading line from helper: %s", ++ error ? error->message : "nothing to read"); ++ g_clear_error (&error); + + complete_session (session, FALSE); + goto out; +@@ -540,6 +515,9 @@ io_watch_have_data (GIOChannel *channel, + g_free (line); + g_free (unescaped); + ++ if (condition & (G_IO_ERR | G_IO_HUP)) ++ complete_session (session, FALSE); ++ + /* keep the IOChannel around */ + return TRUE; + } +@@ -650,12 +628,9 @@ polkit_agent_session_initiate (PolkitAgentSession *session) + if (G_UNLIKELY (_show_debug ())) + g_print ("PolkitAgentSession: spawned helper with pid %d\n", (gint) session->child_pid); + +- session->child_watch_source = g_child_watch_source_new (session->child_pid); +- g_source_set_callback (session->child_watch_source, (GSourceFunc) child_watch_func, session, NULL); +- g_source_attach (session->child_watch_source, g_main_context_get_thread_default ()); +- + session->child_stdout_channel = g_io_channel_unix_new (session->child_stdout); +- session->child_stdout_watch_source = g_io_create_watch (session->child_stdout_channel, G_IO_IN); ++ session->child_stdout_watch_source = g_io_create_watch (session->child_stdout_channel, ++ G_IO_IN | G_IO_ERR | G_IO_HUP); + g_source_set_callback (session->child_stdout_watch_source, (GSourceFunc) io_watch_have_data, session, NULL); + g_source_attach (session->child_stdout_watch_source, g_main_context_get_thread_default ()); + diff --git a/patches/0.113/CVE-2015-3255-Fix-GHashTable-usage.patch b/patches/0.113/CVE-2015-3255-Fix-GHashTable-usage.patch new file mode 100644 index 00000000..f20fab2f --- /dev/null +++ b/patches/0.113/CVE-2015-3255-Fix-GHashTable-usage.patch @@ -0,0 +1,68 @@ +From: =?utf-8?q?Miloslav_Trma=C4=8D?= +Date: Wed, 1 Apr 2015 05:22:37 +0200 +Subject: CVE-2015-3255 Fix GHashTable usage. + +Don't assume that the hash table with free both the key and the value +at the same time, supply proper deallocation functions for the key +and value separately. + +Then drop ParsedAction::action_id which is no longer used for anything. + +https://bugs.freedesktop.org/show_bug.cgi?id=69501 +and +https://bugs.freedesktop.org/show_bug.cgi?id=83590 + +CVE: CVE-2015-3255 +Origin: upstream, 0.113, commit:9f5e0c731784003bd4d6fc75ab739ff8b2ea269f +Bug-Debian: https://bugs.debian.org/796134 +--- + src/polkitbackend/polkitbackendactionpool.c | 8 +++----- + 1 file changed, 3 insertions(+), 5 deletions(-) + +diff --git a/src/polkitbackend/polkitbackendactionpool.c b/src/polkitbackend/polkitbackendactionpool.c +index e3ed38d..4270d4e 100644 +--- a/src/polkitbackend/polkitbackendactionpool.c ++++ b/src/polkitbackend/polkitbackendactionpool.c +@@ -40,7 +40,6 @@ + + typedef struct + { +- gchar *action_id; + gchar *vendor_name; + gchar *vendor_url; + gchar *icon_name; +@@ -62,7 +61,6 @@ typedef struct + static void + parsed_action_free (ParsedAction *action) + { +- g_free (action->action_id); + g_free (action->vendor_name); + g_free (action->vendor_url); + g_free (action->icon_name); +@@ -134,7 +132,7 @@ polkit_backend_action_pool_init (PolkitBackendActionPool *pool) + + priv->parsed_actions = g_hash_table_new_full (g_str_hash, + g_str_equal, +- NULL, ++ g_free, + (GDestroyNotify) parsed_action_free); + + priv->parsed_files = g_hash_table_new_full (g_str_hash, +@@ -988,7 +986,6 @@ _end (void *data, const char *el) + icon_name = pd->global_icon_name; + + action = g_new0 (ParsedAction, 1); +- action->action_id = g_strdup (pd->action_id); + action->vendor_name = g_strdup (vendor); + action->vendor_url = g_strdup (vendor_url); + action->icon_name = g_strdup (icon_name); +@@ -1003,7 +1000,8 @@ _end (void *data, const char *el) + action->implicit_authorization_inactive = pd->implicit_authorization_inactive; + action->implicit_authorization_active = pd->implicit_authorization_active; + +- g_hash_table_insert (priv->parsed_actions, action->action_id, action); ++ g_hash_table_insert (priv->parsed_actions, g_strdup (pd->action_id), ++ action); + + /* we steal these hash tables */ + pd->annotations = NULL; diff --git a/patches/0.113/CVE-2015-4625-Bind-use-of-cookies-to-specific-uids.patch b/patches/0.113/CVE-2015-4625-Bind-use-of-cookies-to-specific-uids.patch new file mode 100644 index 00000000..8b584a76 --- /dev/null +++ b/patches/0.113/CVE-2015-4625-Bind-use-of-cookies-to-specific-uids.patch @@ -0,0 +1,484 @@ +From: Colin Walters +Date: Wed, 17 Jun 2015 13:07:02 -0400 +Subject: CVE-2015-4625: Bind use of cookies to specific uids +MIME-Version: 1.0 +Content-Type: text/plain; charset="utf-8" +Content-Transfer-Encoding: 8bit + +http://lists.freedesktop.org/archives/polkit-devel/2015-June/000425.html + +The "cookie" value that Polkit hands out is global to all polkit +users. And when `AuthenticationAgentResponse` is invoked, we +previously only received the cookie and *target* identity, and +attempted to find an agent from that. + +The problem is that the current cookie is just an integer +counter, and if it overflowed, it would be possible for +an successful authorization in one session to trigger a response +in another session. + +The overflow and ability to guess the cookie were fixed by the +previous patch. + +This patch is conceptually further hardening on top of that. Polkit +currently treats uids as equivalent from a security domain +perspective; there is no support for +SELinux/AppArmor/etc. differentiation. + +We can retrieve the uid from `getuid()` in the setuid helper, which +allows us to ensure the uid invoking `AuthenticationAgentResponse2` +matches that of the agent. + +Then the authority only looks at authentication sessions matching the +cookie that were created by a matching uid, thus removing the ability +for different uids to interfere with each other entirely. + +Several fixes to this patch were contributed by: +Miloslav Trmač + +Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90837 +CVE: CVE-2015-4625 +Reported-by: Tavis Ormandy +Reviewed-by: Miloslav Trmač +Signed-off-by: Colin Walters +Origin: upstream, 0.113, commit:493aa5dc1d278ab9097110c1262f5229bbaf1766 +Bug-Debian: https://bugs.debian.org/796134 +--- + ....freedesktop.PolicyKit1.AuthenticationAgent.xml | 14 ++++- + data/org.freedesktop.PolicyKit1.Authority.xml | 24 ++++++++- + ...erface-org.freedesktop.PolicyKit1.Authority.xml | 46 +++++++++++++++- + docs/polkit/overview.xml | 18 ++++--- + src/polkit/polkitauthority.c | 13 ++++- + src/polkitbackend/polkitbackendauthority.c | 61 +++++++++++++++++++++- + src/polkitbackend/polkitbackendauthority.h | 2 + + .../polkitbackendinteractiveauthority.c | 39 ++++++++++++-- + 8 files changed, 198 insertions(+), 19 deletions(-) + +diff --git a/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml b/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml +index 3b519c2..5beef7d 100644 +--- a/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml ++++ b/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml +@@ -8,7 +8,19 @@ + + + +- ++ + + + +diff --git a/data/org.freedesktop.PolicyKit1.Authority.xml b/data/org.freedesktop.PolicyKit1.Authority.xml +index fbfb9cd..f9021ee 100644 +--- a/data/org.freedesktop.PolicyKit1.Authority.xml ++++ b/data/org.freedesktop.PolicyKit1.Authority.xml +@@ -313,7 +313,29 @@ + + + +- ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ + + + +diff --git a/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml b/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml +index 6525e25..e66bf53 100644 +--- a/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml ++++ b/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml +@@ -42,6 +42,8 @@ Structure TemporaryAuth + IN String object_path) + AuthenticationAgentResponse (IN String cookie, + IN Identity identity) ++AuthenticationAgentResponse2 (IN uint32 uid, IN String cookie, ++ IN Identity identity) + EnumerateTemporaryAuthorizations (IN Subject subject, + OUT Array<TemporaryAuthorization> temporary_authorizations) + RevokeTemporaryAuthorizations (IN Subject subject) +@@ -777,9 +779,51 @@ AuthenticationAgentResponse (IN String cookie, + IN Identity identity) + + +-Method for authentication agents to invoke on successful authentication. This method will fail unless a sufficiently privileged caller invokes it. ++Method for authentication agents to invoke on successful ++authentication, intended only for use by a privileged helper process ++internal to polkit. Deprecated in favor of AuthenticationAgentResponse2. ++ ++ ++ ++ IN String cookie: ++ ++ ++The cookie identifying the authentication request that was passed to the authentication agent. ++ ++ ++ ++ ++ IN Identity identity: ++ ++ ++A Identity struct describing what identity was authenticated. ++ ++ ++ ++ ++ ++ ++ AuthenticationAgentResponse2 () ++ ++AuthenticationAgentResponse2 (IN uint32 uid, ++ IN String cookie, ++ IN Identity identity) ++ ++ ++Method for authentication agents to invoke on successful ++authentication, intended only for use by a privileged helper process ++internal to polkit. Note this method was introduced in 0.114 to fix a security issue. + + ++ ++ IN uint32 uid: ++ ++ ++The user id of the agent; normally this is the owner of the parent pid ++of the process that invoked the internal setuid helper. ++ ++ ++ + + IN String cookie: + +diff --git a/docs/polkit/overview.xml b/docs/polkit/overview.xml +index 24440d2..c29d8da 100644 +--- a/docs/polkit/overview.xml ++++ b/docs/polkit/overview.xml +@@ -66,16 +66,18 @@ + + Authentication agents are provided by desktop environments. When + an user session starts, the agent registers with the polkit +- Authority using +- the RegisterAuthenticationAgent() ++ Authority using the RegisterAuthenticationAgent() + method. When services are needed, the authority will invoke +- methods on +- the org.freedesktop.PolicyKit1.AuthenticationAgent ++ methods on the org.freedesktop.PolicyKit1.AuthenticationAgent + D-Bus interface. Once the user is authenticated, (a privileged +- part of) the agent invokes +- the AuthenticationAgentResponse() +- method. Note that the polkit Authority itself does not care +- how the agent authenticates the user. ++ part of) the agent invokes the AuthenticationAgentResponse() ++ method. This method should be treated as an internal ++ implementation detail, and callers should use the public shared ++ library API to invoke it, which currently uses a setuid helper ++ program. + + + The libpolkit-agent-1 +diff --git a/src/polkit/polkitauthority.c b/src/polkit/polkitauthority.c +index 84dab72..f45abc4 100644 +--- a/src/polkit/polkitauthority.c ++++ b/src/polkit/polkitauthority.c +@@ -1492,6 +1492,14 @@ polkit_authority_authentication_agent_response (PolkitAuthority *authority, + gpointer user_data) + { + GVariant *identity_value; ++ /* Note that in reality, this API is only accessible to root, and ++ * only called from the setuid helper `polkit-agent-helper-1`. ++ * ++ * However, because this is currently public API, we avoid ++ * triggering warnings from ABI diff type programs by just grabbing ++ * the real uid of the caller here. ++ */ ++ uid_t uid = getuid (); + + g_return_if_fail (POLKIT_IS_AUTHORITY (authority)); + g_return_if_fail (cookie != NULL); +@@ -1501,8 +1509,9 @@ polkit_authority_authentication_agent_response (PolkitAuthority *authority, + identity_value = polkit_identity_to_gvariant (identity); + g_variant_ref_sink (identity_value); + g_dbus_proxy_call (authority->proxy, +- "AuthenticationAgentResponse", +- g_variant_new ("(s@(sa{sv}))", ++ "AuthenticationAgentResponse2", ++ g_variant_new ("(us@(sa{sv}))", ++ (guint32)uid, + cookie, + identity_value), + G_DBUS_CALL_FLAGS_NONE, +diff --git a/src/polkitbackend/polkitbackendauthority.c b/src/polkitbackend/polkitbackendauthority.c +index fd4f161..d1b1a25 100644 +--- a/src/polkitbackend/polkitbackendauthority.c ++++ b/src/polkitbackend/polkitbackendauthority.c +@@ -355,6 +355,7 @@ polkit_backend_authority_unregister_authentication_agent (PolkitBackendAuthority + gboolean + polkit_backend_authority_authentication_agent_response (PolkitBackendAuthority *authority, + PolkitSubject *caller, ++ uid_t uid, + const gchar *cookie, + PolkitIdentity *identity, + GError **error) +@@ -373,7 +374,7 @@ polkit_backend_authority_authentication_agent_response (PolkitBackendAuthority + } + else + { +- return klass->authentication_agent_response (authority, caller, cookie, identity, error); ++ return klass->authentication_agent_response (authority, caller, uid, cookie, identity, error); + } + } + +@@ -587,6 +588,11 @@ static const gchar *server_introspection_data = + " " + " " + " " ++ " " ++ " " ++ " " ++ " " ++ " " + " " + " " + " " +@@ -1035,6 +1041,57 @@ server_handle_authentication_agent_response (Server *server, + error = NULL; + if (!polkit_backend_authority_authentication_agent_response (server->authority, + caller, ++ (uid_t)-1, ++ cookie, ++ identity, ++ &error)) ++ { ++ g_dbus_method_invocation_return_gerror (invocation, error); ++ g_error_free (error); ++ goto out; ++ } ++ ++ g_dbus_method_invocation_return_value (invocation, g_variant_new ("()")); ++ ++ out: ++ if (identity != NULL) ++ g_object_unref (identity); ++} ++ ++static void ++server_handle_authentication_agent_response2 (Server *server, ++ GVariant *parameters, ++ PolkitSubject *caller, ++ GDBusMethodInvocation *invocation) ++{ ++ const gchar *cookie; ++ GVariant *identity_gvariant; ++ PolkitIdentity *identity; ++ GError *error; ++ guint32 uid; ++ ++ identity = NULL; ++ ++ g_variant_get (parameters, ++ "(u&s@(sa{sv}))", ++ &uid, ++ &cookie, ++ &identity_gvariant); ++ ++ error = NULL; ++ identity = polkit_identity_new_for_gvariant (identity_gvariant, &error); ++ if (identity == NULL) ++ { ++ g_prefix_error (&error, "Error getting identity: "); ++ g_dbus_method_invocation_return_gerror (invocation, error); ++ g_error_free (error); ++ goto out; ++ } ++ ++ error = NULL; ++ if (!polkit_backend_authority_authentication_agent_response (server->authority, ++ caller, ++ (uid_t)uid, + cookie, + identity, + &error)) +@@ -1222,6 +1279,8 @@ server_handle_method_call (GDBusConnection *connection, + server_handle_unregister_authentication_agent (server, parameters, caller, invocation); + else if (g_strcmp0 (method_name, "AuthenticationAgentResponse") == 0) + server_handle_authentication_agent_response (server, parameters, caller, invocation); ++ else if (g_strcmp0 (method_name, "AuthenticationAgentResponse2") == 0) ++ server_handle_authentication_agent_response2 (server, parameters, caller, invocation); + else if (g_strcmp0 (method_name, "EnumerateTemporaryAuthorizations") == 0) + server_handle_enumerate_temporary_authorizations (server, parameters, caller, invocation); + else if (g_strcmp0 (method_name, "RevokeTemporaryAuthorizations") == 0) +diff --git a/src/polkitbackend/polkitbackendauthority.h b/src/polkitbackend/polkitbackendauthority.h +index a564054..1c212e0 100644 +--- a/src/polkitbackend/polkitbackendauthority.h ++++ b/src/polkitbackend/polkitbackendauthority.h +@@ -154,6 +154,7 @@ struct _PolkitBackendAuthorityClass + + gboolean (*authentication_agent_response) (PolkitBackendAuthority *authority, + PolkitSubject *caller, ++ uid_t uid, + const gchar *cookie, + PolkitIdentity *identity, + GError **error); +@@ -256,6 +257,7 @@ gboolean polkit_backend_authority_unregister_authentication_agent (PolkitBackend + + gboolean polkit_backend_authority_authentication_agent_response (PolkitBackendAuthority *authority, + PolkitSubject *caller, ++ uid_t uid, + const gchar *cookie, + PolkitIdentity *identity, + GError **error); +diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c +index 10eda2c..5e29af2 100644 +--- a/src/polkitbackend/polkitbackendinteractiveauthority.c ++++ b/src/polkitbackend/polkitbackendinteractiveauthority.c +@@ -106,8 +106,9 @@ static AuthenticationAgent *get_authentication_agent_for_subject (PolkitBackendI + PolkitSubject *subject); + + +-static AuthenticationSession *get_authentication_session_for_cookie (PolkitBackendInteractiveAuthority *authority, +- const gchar *cookie); ++static AuthenticationSession *get_authentication_session_for_uid_and_cookie (PolkitBackendInteractiveAuthority *authority, ++ uid_t uid, ++ const gchar *cookie); + + static GList *get_authentication_sessions_initiated_by_system_bus_unique_name (PolkitBackendInteractiveAuthority *authority, + const gchar *system_bus_unique_name); +@@ -167,6 +168,7 @@ static gboolean polkit_backend_interactive_authority_unregister_authentication_a + + static gboolean polkit_backend_interactive_authority_authentication_agent_response (PolkitBackendAuthority *authority, + PolkitSubject *caller, ++ uid_t uid, + const gchar *cookie, + PolkitIdentity *identity, + GError **error); +@@ -431,6 +433,7 @@ struct AuthenticationAgent + { + volatile gint ref_count; + ++ uid_t creator_uid; + PolkitSubject *scope; + guint64 serial; + +@@ -1603,6 +1606,7 @@ authentication_agent_unref (AuthenticationAgent *agent) + static AuthenticationAgent * + authentication_agent_new (guint64 serial, + PolkitSubject *scope, ++ PolkitIdentity *creator, + const gchar *unique_system_bus_name, + const gchar *locale, + const gchar *object_path, +@@ -1611,6 +1615,10 @@ authentication_agent_new (guint64 serial, + { + AuthenticationAgent *agent; + GDBusProxy *proxy; ++ PolkitUnixUser *creator_user; ++ ++ g_assert (POLKIT_IS_UNIX_USER (creator)); ++ creator_user = POLKIT_UNIX_USER (creator); + + if (!g_variant_is_object_path (object_path)) + { +@@ -1638,6 +1646,7 @@ authentication_agent_new (guint64 serial, + agent->ref_count = 1; + agent->serial = serial; + agent->scope = g_object_ref (scope); ++ agent->creator_uid = (uid_t)polkit_unix_user_get_uid (creator_user); + agent->object_path = g_strdup (object_path); + agent->unique_system_bus_name = g_strdup (unique_system_bus_name); + agent->locale = g_strdup (locale); +@@ -1736,8 +1745,9 @@ get_authentication_agent_for_subject (PolkitBackendInteractiveAuthority *authori + } + + static AuthenticationSession * +-get_authentication_session_for_cookie (PolkitBackendInteractiveAuthority *authority, +- const gchar *cookie) ++get_authentication_session_for_uid_and_cookie (PolkitBackendInteractiveAuthority *authority, ++ uid_t uid, ++ const gchar *cookie) + { + PolkitBackendInteractiveAuthorityPrivate *priv; + GHashTableIter hash_iter; +@@ -1755,6 +1765,23 @@ get_authentication_session_for_cookie (PolkitBackendInteractiveAuthority *author + { + GList *l; + ++ /* We need to ensure that if somehow we have duplicate cookies ++ * due to wrapping, that the cookie used is matched to the user ++ * who called AuthenticationAgentResponse2. See ++ * http://lists.freedesktop.org/archives/polkit-devel/2015-June/000425.html ++ * ++ * Except if the legacy AuthenticationAgentResponse is invoked, ++ * we don't know the uid and hence use -1. Continue to support ++ * the old behavior for backwards compatibility, although everyone ++ * who is using our own setuid helper will automatically be updated ++ * to the new API. ++ */ ++ if (uid != (uid_t)-1) ++ { ++ if (agent->creator_uid != uid) ++ continue; ++ } ++ + for (l = agent->active_sessions; l != NULL; l = l->next) + { + AuthenticationSession *session = l->data; +@@ -2388,6 +2415,7 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken + priv->agent_serial++; + agent = authentication_agent_new (priv->agent_serial, + subject, ++ user_of_caller, + polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (caller)), + locale, + object_path, +@@ -2601,6 +2629,7 @@ polkit_backend_interactive_authority_unregister_authentication_agent (PolkitBack + static gboolean + polkit_backend_interactive_authority_authentication_agent_response (PolkitBackendAuthority *authority, + PolkitSubject *caller, ++ uid_t uid, + const gchar *cookie, + PolkitIdentity *identity, + GError **error) +@@ -2643,7 +2672,7 @@ polkit_backend_interactive_authority_authentication_agent_response (PolkitBacken + } + + /* find the authentication session */ +- session = get_authentication_session_for_cookie (interactive_authority, cookie); ++ session = get_authentication_session_for_uid_and_cookie (interactive_authority, uid, cookie); + if (session == NULL) + { + g_set_error (error, diff --git a/patches/0.113/CVE-2015-4625-Use-unpredictable-cookie-values-keep-t.patch b/patches/0.113/CVE-2015-4625-Use-unpredictable-cookie-values-keep-t.patch new file mode 100644 index 00000000..f6a42489 --- /dev/null +++ b/patches/0.113/CVE-2015-4625-Use-unpredictable-cookie-values-keep-t.patch @@ -0,0 +1,540 @@ +From: Colin Walters +Date: Thu, 4 Jun 2015 12:15:18 -0400 +Subject: CVE-2015-4625: Use unpredictable cookie values, keep them secret +MIME-Version: 1.0 +Content-Type: text/plain; charset="utf-8" +Content-Transfer-Encoding: 8bit + +Tavis noted that it'd be possible with a 32 bit counter for someone to +cause the cookie to wrap by creating Authentication requests in a +loop. + +Something important to note here is that wrapping of signed integers +is undefined behavior in C, so we definitely want to fix that. All +counter integers used in this patch are unsigned. + +See the comment above `authentication_agent_generate_cookie` for +details, but basically we're now using a cookie of the form: + +``` + - - - +``` + +Which has multiple 64 bit counters, plus unpredictable random 128 bit +integer ids (effectively UUIDs, but we're not calling them that +because we don't need to be globally unique. + +We further ensure that the cookies are not visible to other processes +by changing the setuid helper to accept them over standard input. This +means that an attacker would have to guess both ids. + +In any case, the security hole here is better fixed with the other +change to bind user id (uid) of the agent with cookie lookups, making +cookie guessing worthless. + +Nevertheless, I think it's worth doing this change too, for defense in +depth. + +Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90832 +CVE: CVE-2015-4625 +Reported-by: Tavis Ormandy +Reviewed-by: Miloslav Trmač +Signed-off-by: Colin Walters +Origin: upstream, 0.113, commit:ea544ffc18405237ccd95d28d7f45afef49aca17 +Bug-Debian: https://bugs.debian.org/796134 +--- + configure.ac | 2 +- + src/polkitagent/polkitagenthelper-pam.c | 12 ++- + src/polkitagent/polkitagenthelper-shadow.c | 12 ++- + src/polkitagent/polkitagenthelperprivate.c | 33 ++++++++ + src/polkitagent/polkitagenthelperprivate.h | 2 + + src/polkitagent/polkitagentsession.c | 30 ++++--- + .../polkitbackendinteractiveauthority.c | 99 +++++++++++++++++----- + 7 files changed, 150 insertions(+), 40 deletions(-) + +diff --git a/configure.ac b/configure.ac +index aa2760f..388605d 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -123,7 +123,7 @@ if test "x$GCC" = "xyes"; then + changequote([,])dnl + fi + +-PKG_CHECK_MODULES(GLIB, [gio-2.0 >= 2.28.0]) ++PKG_CHECK_MODULES(GLIB, [gmodule-2.0 gio-unix-2.0 >= 2.30.0]) + AC_SUBST(GLIB_CFLAGS) + AC_SUBST(GLIB_LIBS) + +diff --git a/src/polkitagent/polkitagenthelper-pam.c b/src/polkitagent/polkitagenthelper-pam.c +index 937386e..19062aa 100644 +--- a/src/polkitagent/polkitagenthelper-pam.c ++++ b/src/polkitagent/polkitagenthelper-pam.c +@@ -65,7 +65,7 @@ main (int argc, char *argv[]) + { + int rc; + const char *user_to_auth; +- const char *cookie; ++ char *cookie = NULL; + struct pam_conv pam_conversation; + pam_handle_t *pam_h; + const void *authed_user; +@@ -97,7 +97,7 @@ main (int argc, char *argv[]) + openlog ("polkit-agent-helper-1", LOG_CONS | LOG_PID, LOG_AUTHPRIV); + + /* check for correct invocation */ +- if (argc != 3) ++ if (!(argc == 2 || argc == 3)) + { + syslog (LOG_NOTICE, "inappropriate use of helper, wrong number of arguments [uid=%d]", getuid ()); + fprintf (stderr, "polkit-agent-helper-1: wrong number of arguments. This incident has been logged.\n"); +@@ -105,7 +105,10 @@ main (int argc, char *argv[]) + } + + user_to_auth = argv[1]; +- cookie = argv[2]; ++ ++ cookie = read_cookie (argc, argv); ++ if (!cookie) ++ goto error; + + if (getuid () != 0) + { +@@ -203,6 +206,8 @@ main (int argc, char *argv[]) + goto error; + } + ++ free (cookie); ++ + #ifdef PAH_DEBUG + fprintf (stderr, "polkit-agent-helper-1: successfully sent D-Bus message to PolicyKit daemon\n"); + #endif /* PAH_DEBUG */ +@@ -212,6 +217,7 @@ main (int argc, char *argv[]) + return 0; + + error: ++ free (cookie); + if (pam_h != NULL) + pam_end (pam_h, rc); + +diff --git a/src/polkitagent/polkitagenthelper-shadow.c b/src/polkitagent/polkitagenthelper-shadow.c +index a4f73ac..e877915 100644 +--- a/src/polkitagent/polkitagenthelper-shadow.c ++++ b/src/polkitagent/polkitagenthelper-shadow.c +@@ -46,7 +46,7 @@ main (int argc, char *argv[]) + { + struct spwd *shadow; + const char *user_to_auth; +- const char *cookie; ++ char *cookie = NULL; + time_t now; + + /* clear the entire environment to avoid attacks with +@@ -67,7 +67,7 @@ main (int argc, char *argv[]) + openlog ("polkit-agent-helper-1", LOG_CONS | LOG_PID, LOG_AUTHPRIV); + + /* check for correct invocation */ +- if (argc != 3) ++ if (!(argc == 2 || argc == 3)) + { + syslog (LOG_NOTICE, "inappropriate use of helper, wrong number of arguments [uid=%d]", getuid ()); + fprintf (stderr, "polkit-agent-helper-1: wrong number of arguments. This incident has been logged.\n"); +@@ -86,7 +86,10 @@ main (int argc, char *argv[]) + } + + user_to_auth = argv[1]; +- cookie = argv[2]; ++ ++ cookie = read_cookie (argc, argv); ++ if (!cookie) ++ goto error; + + #ifdef PAH_DEBUG + fprintf (stderr, "polkit-agent-helper-1: user to auth is '%s'.\n", user_to_auth); +@@ -153,6 +156,8 @@ main (int argc, char *argv[]) + goto error; + } + ++ free (cookie); ++ + #ifdef PAH_DEBUG + fprintf (stderr, "polkit-agent-helper-1: successfully sent D-Bus message to PolicyKit daemon\n"); + #endif /* PAH_DEBUG */ +@@ -162,6 +167,7 @@ main (int argc, char *argv[]) + return 0; + + error: ++ free (cookie); + fprintf (stdout, "FAILURE\n"); + flush_and_wait (); + return 1; +diff --git a/src/polkitagent/polkitagenthelperprivate.c b/src/polkitagent/polkitagenthelperprivate.c +index 4417e70..a99de7d 100644 +--- a/src/polkitagent/polkitagenthelperprivate.c ++++ b/src/polkitagent/polkitagenthelperprivate.c +@@ -23,6 +23,7 @@ + #include "config.h" + #include "polkitagenthelperprivate.h" + #include ++#include + #include + #include + +@@ -45,6 +46,38 @@ _polkit_clearenv (void) + #endif + + ++char * ++read_cookie (int argc, char **argv) ++{ ++ /* As part of CVE-2015-4625, we started passing the cookie ++ * on standard input, to ensure it's not visible to other ++ * processes. However, to ensure that things continue ++ * to work if the setuid binary is upgraded while old ++ * agents are still running (this will be common with ++ * package managers), we support both modes. ++ */ ++ if (argc == 3) ++ return strdup (argv[2]); ++ else ++ { ++ char *ret = NULL; ++ size_t n = 0; ++ ssize_t r = getline (&ret, &n, stdin); ++ if (r == -1) ++ { ++ if (!feof (stdin)) ++ perror ("getline"); ++ free (ret); ++ return NULL; ++ } ++ else ++ { ++ g_strchomp (ret); ++ return ret; ++ } ++ } ++} ++ + gboolean + send_dbus_message (const char *cookie, const char *user) + { +diff --git a/src/polkitagent/polkitagenthelperprivate.h b/src/polkitagent/polkitagenthelperprivate.h +index aeca2c7..547fdcc 100644 +--- a/src/polkitagent/polkitagenthelperprivate.h ++++ b/src/polkitagent/polkitagenthelperprivate.h +@@ -38,6 +38,8 @@ + + int _polkit_clearenv (void); + ++char *read_cookie (int argc, char **argv); ++ + gboolean send_dbus_message (const char *cookie, const char *user); + + void flush_and_wait (); +diff --git a/src/polkitagent/polkitagentsession.c b/src/polkitagent/polkitagentsession.c +index a658a22..6a3d6bc 100644 +--- a/src/polkitagent/polkitagentsession.c ++++ b/src/polkitagent/polkitagentsession.c +@@ -55,6 +55,7 @@ + #include + #include + #include ++#include + #include + + #include "polkitagentmarshal.h" +@@ -88,7 +89,7 @@ struct _PolkitAgentSession + gchar *cookie; + PolkitIdentity *identity; + +- int child_stdin; ++ GOutputStream *child_stdin; + int child_stdout; + GPid child_pid; + +@@ -129,7 +130,6 @@ G_DEFINE_TYPE (PolkitAgentSession, polkit_agent_session, G_TYPE_OBJECT); + static void + polkit_agent_session_init (PolkitAgentSession *session) + { +- session->child_stdin = -1; + session->child_stdout = -1; + } + +@@ -395,11 +395,7 @@ kill_helper (PolkitAgentSession *session) + session->child_stdout = -1; + } + +- if (session->child_stdin != -1) +- { +- g_warn_if_fail (close (session->child_stdin) == 0); +- session->child_stdin = -1; +- } ++ g_clear_object (&session->child_stdin); + + session->helper_is_running = FALSE; + +@@ -545,9 +541,9 @@ polkit_agent_session_response (PolkitAgentSession *session, + + add_newline = (response[response_len] != '\n'); + +- write (session->child_stdin, response, response_len); ++ (void) g_output_stream_write_all (session->child_stdin, response, response_len, NULL, NULL, NULL); + if (add_newline) +- write (session->child_stdin, newline, 1); ++ (void) g_output_stream_write_all (session->child_stdin, newline, 1, NULL, NULL, NULL); + } + + /** +@@ -567,8 +563,9 @@ polkit_agent_session_initiate (PolkitAgentSession *session) + { + uid_t uid; + GError *error; +- gchar *helper_argv[4]; ++ gchar *helper_argv[3]; + struct passwd *passwd; ++ int stdin_fd = -1; + + g_return_if_fail (POLKIT_AGENT_IS_SESSION (session)); + +@@ -600,10 +597,8 @@ polkit_agent_session_initiate (PolkitAgentSession *session) + + helper_argv[0] = PACKAGE_LIBEXEC_DIR "/polkit-agent-helper-1"; + helper_argv[1] = passwd->pw_name; +- helper_argv[2] = session->cookie; +- helper_argv[3] = NULL; ++ helper_argv[2] = NULL; + +- session->child_stdin = -1; + session->child_stdout = -1; + + error = NULL; +@@ -615,7 +610,7 @@ polkit_agent_session_initiate (PolkitAgentSession *session) + NULL, + NULL, + &session->child_pid, +- &session->child_stdin, ++ &stdin_fd, + &session->child_stdout, + NULL, + &error)) +@@ -628,6 +623,13 @@ polkit_agent_session_initiate (PolkitAgentSession *session) + if (G_UNLIKELY (_show_debug ())) + g_print ("PolkitAgentSession: spawned helper with pid %d\n", (gint) session->child_pid); + ++ session->child_stdin = (GOutputStream*)g_unix_output_stream_new (stdin_fd, TRUE); ++ ++ /* Write the cookie on stdin so it can't be seen by other processes */ ++ (void) g_output_stream_write_all (session->child_stdin, session->cookie, strlen (session->cookie), ++ NULL, NULL, NULL); ++ (void) g_output_stream_write_all (session->child_stdin, "\n", 1, NULL, NULL, NULL); ++ + session->child_stdout_channel = g_io_channel_unix_new (session->child_stdout); + session->child_stdout_watch_source = g_io_create_watch (session->child_stdout_channel, + G_IO_IN | G_IO_ERR | G_IO_HUP); +diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c +index 00ee044..10eda2c 100644 +--- a/src/polkitbackend/polkitbackendinteractiveauthority.c ++++ b/src/polkitbackend/polkitbackendinteractiveauthority.c +@@ -212,6 +212,8 @@ typedef struct + + GDBusConnection *system_bus_connection; + guint name_owner_changed_signal_id; ++ ++ guint64 agent_serial; + } PolkitBackendInteractiveAuthorityPrivate; + + /* ---------------------------------------------------------------------------------------------------- */ +@@ -430,11 +432,15 @@ struct AuthenticationAgent + volatile gint ref_count; + + PolkitSubject *scope; ++ guint64 serial; + + gchar *locale; + GVariant *registration_options; + gchar *object_path; + gchar *unique_system_bus_name; ++ GRand *cookie_pool; ++ gchar *cookie_prefix; ++ guint64 cookie_serial; + + GDBusProxy *proxy; + +@@ -1430,9 +1436,54 @@ authentication_session_cancelled_cb (GCancellable *cancellable, + authentication_session_cancel (session); + } + ++/* We're not calling this a UUID, but it's basically ++ * the same thing, just not formatted that way because: ++ * ++ * - I'm too lazy to do it ++ * - If we did, people might think it was actually ++ * generated from /dev/random, which we're not doing ++ * because this value doesn't actually need to be ++ * globally unique. ++ */ ++static void ++append_rand_u128_str (GString *buf, ++ GRand *pool) ++{ ++ g_string_append_printf (buf, "%08x%08x%08x%08x", ++ g_rand_int (pool), ++ g_rand_int (pool), ++ g_rand_int (pool), ++ g_rand_int (pool)); ++} ++ ++/* A value that should be unique to the (AuthenticationAgent, AuthenticationSession) ++ * pair, and not guessable by other agents. ++ * ++ * - - - ++ * ++ * See http://lists.freedesktop.org/archives/polkit-devel/2015-June/000425.html ++ * ++ */ ++static gchar * ++authentication_agent_generate_cookie (AuthenticationAgent *agent) ++{ ++ GString *buf = g_string_new (""); ++ ++ g_string_append (buf, agent->cookie_prefix); ++ ++ g_string_append_c (buf, '-'); ++ agent->cookie_serial++; ++ g_string_append_printf (buf, "%" G_GUINT64_FORMAT, ++ agent->cookie_serial); ++ g_string_append_c (buf, '-'); ++ append_rand_u128_str (buf, agent->cookie_pool); ++ ++ return g_string_free (buf, FALSE); ++} ++ ++ + static AuthenticationSession * + authentication_session_new (AuthenticationAgent *agent, +- const gchar *cookie, + PolkitSubject *subject, + PolkitIdentity *user_of_subject, + PolkitSubject *caller, +@@ -1449,7 +1500,7 @@ authentication_session_new (AuthenticationAgent *agent, + + session = g_new0 (AuthenticationSession, 1); + session->agent = authentication_agent_ref (agent); +- session->cookie = g_strdup (cookie); ++ session->cookie = authentication_agent_generate_cookie (agent); + session->subject = g_object_ref (subject); + session->user_of_subject = g_object_ref (user_of_subject); + session->caller = g_object_ref (caller); +@@ -1496,16 +1547,6 @@ authentication_session_free (AuthenticationSession *session) + g_free (session); + } + +-static gchar * +-authentication_agent_new_cookie (AuthenticationAgent *agent) +-{ +- static gint counter = 0; +- +- /* TODO: use a more random-looking cookie */ +- +- return g_strdup_printf ("cookie%d", counter++); +-} +- + static PolkitSubject * + authentication_agent_get_scope (AuthenticationAgent *agent) + { +@@ -1553,12 +1594,15 @@ authentication_agent_unref (AuthenticationAgent *agent) + g_free (agent->unique_system_bus_name); + if (agent->registration_options != NULL) + g_variant_unref (agent->registration_options); ++ g_rand_free (agent->cookie_pool); ++ g_free (agent->cookie_prefix); + g_free (agent); + } + } + + static AuthenticationAgent * +-authentication_agent_new (PolkitSubject *scope, ++authentication_agent_new (guint64 serial, ++ PolkitSubject *scope, + const gchar *unique_system_bus_name, + const gchar *locale, + const gchar *object_path, +@@ -1592,6 +1636,7 @@ authentication_agent_new (PolkitSubject *scope, + + agent = g_new0 (AuthenticationAgent, 1); + agent->ref_count = 1; ++ agent->serial = serial; + agent->scope = g_object_ref (scope); + agent->object_path = g_strdup (object_path); + agent->unique_system_bus_name = g_strdup (unique_system_bus_name); +@@ -1599,6 +1644,25 @@ authentication_agent_new (PolkitSubject *scope, + agent->registration_options = registration_options != NULL ? g_variant_ref (registration_options) : NULL; + agent->proxy = proxy; + ++ { ++ GString *cookie_prefix = g_string_new (""); ++ GRand *agent_private_rand = g_rand_new (); ++ ++ g_string_append_printf (cookie_prefix, "%" G_GUINT64_FORMAT "-", agent->serial); ++ ++ /* Use a uniquely seeded PRNG to get a prefix cookie for this agent, ++ * whose sequence will not correlate with the per-authentication session ++ * cookies. ++ */ ++ append_rand_u128_str (cookie_prefix, agent_private_rand); ++ g_rand_free (agent_private_rand); ++ ++ agent->cookie_prefix = g_string_free (cookie_prefix, FALSE); ++ ++ /* And a newly seeded pool for per-session cookies */ ++ agent->cookie_pool = g_rand_new (); ++ } ++ + return agent; + } + +@@ -2083,7 +2147,6 @@ authentication_agent_initiate_challenge (AuthenticationAgent *agent, + gpointer user_data) + { + AuthenticationSession *session; +- gchar *cookie; + GList *l; + GList *identities; + gchar *localized_message; +@@ -2104,8 +2167,6 @@ authentication_agent_initiate_challenge (AuthenticationAgent *agent, + &localized_icon_name, + &localized_details); + +- cookie = authentication_agent_new_cookie (agent); +- + identities = NULL; + + /* select admin user if required by the implicit authorization */ +@@ -2125,7 +2186,6 @@ authentication_agent_initiate_challenge (AuthenticationAgent *agent, + } + + session = authentication_session_new (agent, +- cookie, + subject, + user_of_subject, + caller, +@@ -2179,7 +2239,6 @@ authentication_agent_initiate_challenge (AuthenticationAgent *agent, + + g_list_foreach (identities, (GFunc) g_object_unref, NULL); + g_list_free (identities); +- g_free (cookie); + + g_free (localized_message); + g_free (localized_icon_name); +@@ -2326,7 +2385,9 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken + goto out; + } + +- agent = authentication_agent_new (subject, ++ priv->agent_serial++; ++ agent = authentication_agent_new (priv->agent_serial, ++ subject, + polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (caller)), + locale, + object_path, diff --git a/patches/0.113/Don-t-discard-error-data-returned-by-polkit_system_b.patch b/patches/0.113/Don-t-discard-error-data-returned-by-polkit_system_b.patch new file mode 100644 index 00000000..0eb7ec16 --- /dev/null +++ b/patches/0.113/Don-t-discard-error-data-returned-by-polkit_system_b.patch @@ -0,0 +1,25 @@ +From: =?utf-8?q?Miloslav_Trma=C4=8D?= +Date: Mon, 11 Nov 2013 23:51:23 +0100 +Subject: Don't discard error data returned by + polkit_system_bus_name_get_user_sync + +Bug: https://bugs.freedesktop.org/show_bug.cgi?id=71458 +Origin: upstream, 0.113, commit: 145d43b9c891f248ad68ebe597cb151a865bdb3a +Bug-Debian: https://bugs.debian.org/798769 +--- + src/polkitbackend/polkitbackendsessionmonitor.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/polkitbackend/polkitbackendsessionmonitor.c b/src/polkitbackend/polkitbackendsessionmonitor.c +index 05f51c5..e1a9ab3 100644 +--- a/src/polkitbackend/polkitbackendsessionmonitor.c ++++ b/src/polkitbackend/polkitbackendsessionmonitor.c +@@ -306,7 +306,7 @@ polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor + } + else if (POLKIT_IS_SYSTEM_BUS_NAME (subject)) + { +- ret = (PolkitIdentity*)polkit_system_bus_name_get_user_sync (POLKIT_SYSTEM_BUS_NAME (subject), NULL, NULL); ++ ret = (PolkitIdentity*)polkit_system_bus_name_get_user_sync (POLKIT_SYSTEM_BUS_NAME (subject), NULL, error); + } + else if (POLKIT_IS_UNIX_SESSION (subject)) + { diff --git a/patches/0.113/Fix-a-crash-when-two-authentication-requests-are-in-.patch b/patches/0.113/Fix-a-crash-when-two-authentication-requests-are-in-.patch new file mode 100644 index 00000000..ee44531d --- /dev/null +++ b/patches/0.113/Fix-a-crash-when-two-authentication-requests-are-in-.patch @@ -0,0 +1,36 @@ +From: =?utf-8?q?Miloslav_Trma=C4=8D?= +Date: Sat, 6 Jun 2015 01:07:08 +0200 +Subject: Fix a crash when two authentication requests are in flight. + +To reproduce: +1. pkttyagent -p $$ # or another suitable PID +2. pkcheck -p $that_pid -a org.freedesktop.policykit.exec -u +3. pkcheck -p $that_pid -a org.freedesktop.policykit.exec -u +4. Then, in the pkttyagent prompt, press Enter. + +polkit_agent_text_listener_initiate_authentication was already setting +an appropriate error code, so the g_assert was unnecessary. + +Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90879 +Origin: upstream, 0.113, commit:e2d2fafd106624ddfea4b17d3f40704b2031c00b +--- + src/polkitagent/polkitagenttextlistener.c | 2 -- + 1 file changed, 2 deletions(-) + +diff --git a/src/polkitagent/polkitagenttextlistener.c b/src/polkitagent/polkitagenttextlistener.c +index b5c8a3f..e63c285 100644 +--- a/src/polkitagent/polkitagenttextlistener.c ++++ b/src/polkitagent/polkitagenttextlistener.c +@@ -546,12 +546,10 @@ polkit_agent_text_listener_initiate_authentication_finish (PolkitAgentListener + GAsyncResult *res, + GError **error) + { +- PolkitAgentTextListener *listener = POLKIT_AGENT_TEXT_LISTENER (_listener); + gboolean ret; + + g_warn_if_fail (g_simple_async_result_get_source_tag (G_SIMPLE_ASYNC_RESULT (res)) == + polkit_agent_text_listener_initiate_authentication); +- g_assert (listener->active_session == NULL); + + ret = FALSE; + diff --git a/patches/0.113/Fix-a-memory-leak-when-registering-an-authentication.patch b/patches/0.113/Fix-a-memory-leak-when-registering-an-authentication.patch new file mode 100644 index 00000000..b7fdcf46 --- /dev/null +++ b/patches/0.113/Fix-a-memory-leak-when-registering-an-authentication.patch @@ -0,0 +1,22 @@ +From: =?utf-8?q?Miloslav_Trma=C4=8D?= +Date: Tue, 1 Jul 2014 20:00:48 +0200 +Subject: Fix a memory leak when registering an authentication agent + +Bug: https://bugs.freedesktop.org/show_bug.cgi?id=69501 +Origin: upstream, 0.113, commit:ec039f9d7ede5b839f5511e26d5cd6ae9107cb2e +--- + src/polkitbackend/polkitbackendauthority.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/polkitbackend/polkitbackendauthority.c b/src/polkitbackend/polkitbackendauthority.c +index 39eb5b9..afe5b90 100644 +--- a/src/polkitbackend/polkitbackendauthority.c ++++ b/src/polkitbackend/polkitbackendauthority.c +@@ -900,6 +900,7 @@ server_handle_register_authentication_agent (Server *server, + g_dbus_method_invocation_return_value (invocation, g_variant_new ("()")); + + out: ++ g_variant_unref (subject_gvariant); + if (subject != NULL) + g_object_unref (subject); + } diff --git a/patches/0.113/Fix-a-per-authorization-memory-leak.patch b/patches/0.113/Fix-a-per-authorization-memory-leak.patch new file mode 100644 index 00000000..eaafed64 --- /dev/null +++ b/patches/0.113/Fix-a-per-authorization-memory-leak.patch @@ -0,0 +1,49 @@ +From: =?utf-8?q?Miloslav_Trma=C4=8D?= +Date: Tue, 1 Jul 2014 20:00:48 +0200 +Subject: Fix a per-authorization memory leak + +We were leaking PolkitAuthorizationResult on every request, primarily on +the success path, but also on various error paths as well. + +Bug: https://bugs.freedesktop.org/show_bug.cgi?id=69501 +Origin: upstream, 0.113, commit:0f5852a4bdabe377ddcdbed09a0c1f95710e17fe +--- + src/polkitbackend/polkitbackendauthority.c | 1 + + src/polkitbackend/polkitbackendinteractiveauthority.c | 5 ++++- + 2 files changed, 5 insertions(+), 1 deletion(-) + +diff --git a/src/polkitbackend/polkitbackendauthority.c b/src/polkitbackend/polkitbackendauthority.c +index 10b8af3..39eb5b9 100644 +--- a/src/polkitbackend/polkitbackendauthority.c ++++ b/src/polkitbackend/polkitbackendauthority.c +@@ -714,6 +714,7 @@ check_auth_cb (GObject *source_object, + g_variant_ref_sink (value); + g_dbus_method_invocation_return_value (data->invocation, g_variant_new ("(@(bba{ss}))", value)); + g_variant_unref (value); ++ g_object_unref (result); + } + + check_auth_data_free (data); +diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c +index 5e29af2..73d0a0e 100644 +--- a/src/polkitbackend/polkitbackendinteractiveauthority.c ++++ b/src/polkitbackend/polkitbackendinteractiveauthority.c +@@ -1015,7 +1015,7 @@ polkit_backend_interactive_authority_check_authorization (PolkitBackendAuthority + + /* Otherwise just return the result */ + g_simple_async_result_set_op_res_gpointer (simple, +- result, ++ g_object_ref (result), + g_object_unref); + g_simple_async_result_complete (simple); + g_object_unref (simple); +@@ -1032,6 +1032,9 @@ polkit_backend_interactive_authority_check_authorization (PolkitBackendAuthority + g_free (subject_str); + g_free (user_of_caller_str); + g_free (user_of_subject_str); ++ ++ if (result != NULL) ++ g_object_unref (result); + } + + /* ---------------------------------------------------------------------------------------------------- */ diff --git a/patches/0.113/Fix-a-possible-NULL-dereference.patch b/patches/0.113/Fix-a-possible-NULL-dereference.patch new file mode 100644 index 00000000..ba685eb9 --- /dev/null +++ b/patches/0.113/Fix-a-possible-NULL-dereference.patch @@ -0,0 +1,35 @@ +From: =?utf-8?q?Miloslav_Trma=C4=8D?= +Date: Wed, 11 Jun 2014 22:36:50 +0200 +Subject: Fix a possible NULL dereference. +MIME-Version: 1.0 +Content-Type: text/plain; charset="utf-8" +Content-Transfer-Encoding: 8bit + +polkit_backend_session_monitor_get_user_for_subject() may return NULL +(and because it is using external processes, we can’t really rule it +out). The code was already anticipating NULL in the cleanup section, so +handle it also when actually using the value. + +Bug: https://bugs.freedesktop.org/show_bug.cgi?id=80767 +Origin: upstream, 0.113, commit:6109543303def367b84eaac97d2ff9cefe735efb +--- + src/polkitbackend/polkitbackendinteractiveauthority.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c +index 25e13fb..00ee044 100644 +--- a/src/polkitbackend/polkitbackendinteractiveauthority.c ++++ b/src/polkitbackend/polkitbackendinteractiveauthority.c +@@ -557,7 +557,11 @@ log_result (PolkitBackendInteractiveAuthority *authority, + user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, subject, NULL); + + subject_str = polkit_subject_to_string (subject); +- user_of_subject_str = polkit_identity_to_string (user_of_subject); ++ ++ if (user_of_subject != NULL) ++ user_of_subject_str = polkit_identity_to_string (user_of_subject); ++ else ++ user_of_subject_str = g_strdup (""); + caller_str = polkit_subject_to_string (caller); + + subject_cmdline = _polkit_subject_get_cmdline (subject); diff --git a/patches/0.113/Fix-duplicate-GError-use-when-uid-is-missing.patch b/patches/0.113/Fix-duplicate-GError-use-when-uid-is-missing.patch new file mode 100644 index 00000000..f11cb3df --- /dev/null +++ b/patches/0.113/Fix-duplicate-GError-use-when-uid-is-missing.patch @@ -0,0 +1,32 @@ +From: =?utf-8?q?Miloslav_Trma=C4=8D?= +Date: Mon, 15 Sep 2014 19:45:15 +0200 +Subject: Fix duplicate GError use when "uid" is missing + +Some GLib versions complain loudly about this. + +To reproduce, call e.g. RegisterAuthenticationAgent with the following +parameters: +("unix-process", {"pid": __import__('gi.repository.GLib', globals(), +locals(), ['Variant']).Variant("u", 1), "start-time": +__import__('gi.repository.GLib', globals(), locals(), +['Variant']).Variant("t", 1)}), "cs", "/" + +Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90877 +Origin: upstream, 0.113, commit:2c8738941be18ef05ce724df46547f41dbc02fb5 +--- + src/polkit/polkitsubject.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/polkit/polkitsubject.c b/src/polkit/polkitsubject.c +index aed5795..78ec745 100644 +--- a/src/polkit/polkitsubject.c ++++ b/src/polkit/polkitsubject.c +@@ -424,7 +424,7 @@ polkit_subject_new_for_gvariant (GVariant *variant, + start_time = g_variant_get_uint64 (v); + g_variant_unref (v); + +- v = lookup_asv (details_gvariant, "uid", G_VARIANT_TYPE_INT32, error); ++ v = lookup_asv (details_gvariant, "uid", G_VARIANT_TYPE_INT32, NULL); + if (v != NULL) + { + uid = g_variant_get_int32 (v); diff --git a/patches/0.113/Fix-use-after-free-in-polkitagentsession.c.patch b/patches/0.113/Fix-use-after-free-in-polkitagentsession.c.patch new file mode 100644 index 00000000..6f7bd356 --- /dev/null +++ b/patches/0.113/Fix-use-after-free-in-polkitagentsession.c.patch @@ -0,0 +1,32 @@ +From: =?utf-8?q?Miloslav_Trma=C4=8D?= +Date: Tue, 14 Apr 2015 22:27:41 +0200 +Subject: Fix use-after-free in polkitagentsession.c + +PolkitAgentTextListener's "completed" handler drops the last reference +to the session; in fact this is explicitly recommended in the signal's +documentation. So we must not access any members of session after +emitting the signal. + +Found while dealing with +https://bugs.freedesktop.org/show_bug.cgi?id=69501 + +Origin: upstream, 0.113, commit:efb6cd56a423ba15bb1f44ee3c4987aad5a5fd45 +--- + src/polkitagent/polkitagentsession.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/polkitagent/polkitagentsession.c b/src/polkitagent/polkitagentsession.c +index 6a3d6bc..46fbaf0 100644 +--- a/src/polkitagent/polkitagentsession.c ++++ b/src/polkitagent/polkitagentsession.c +@@ -412,8 +412,9 @@ complete_session (PolkitAgentSession *session, + { + if (G_UNLIKELY (_show_debug ())) + g_print ("PolkitAgentSession: emitting ::completed(%s)\n", result ? "TRUE" : "FALSE"); +- g_signal_emit_by_name (session, "completed", result); + session->have_emitted_completed = TRUE; ++ /* Note that the signal handler may drop the last reference to session. */ ++ g_signal_emit_by_name (session, "completed", result); + } + } + diff --git a/patches/0.113/Fixed-compilation-problem-in-the-backend.patch b/patches/0.113/Fixed-compilation-problem-in-the-backend.patch new file mode 100644 index 00000000..ccbbcb74 --- /dev/null +++ b/patches/0.113/Fixed-compilation-problem-in-the-backend.patch @@ -0,0 +1,23 @@ +From: Xabier Rodriguez Calvar +Date: Sun, 10 Nov 2013 19:16:41 +0100 +Subject: Fixed compilation problem in the backend + +Origin: upstream, 0.113, commit: dbbb7dc60abdd970af0a8fae404484181fa909c9 +Bug-Debian: https://bugs.debian.org/798769 +--- + src/polkitbackend/polkitbackendsessionmonitor.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/polkitbackend/polkitbackendsessionmonitor.c b/src/polkitbackend/polkitbackendsessionmonitor.c +index 4075d3f..05f51c5 100644 +--- a/src/polkitbackend/polkitbackendsessionmonitor.c ++++ b/src/polkitbackend/polkitbackendsessionmonitor.c +@@ -306,7 +306,7 @@ polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor + } + else if (POLKIT_IS_SYSTEM_BUS_NAME (subject)) + { +- ret = (PolkitIdentity*)polkit_system_bus_name_get_user_sync (POLKIT_SYSTEM_BUS_NAME (subject)); ++ ret = (PolkitIdentity*)polkit_system_bus_name_get_user_sync (POLKIT_SYSTEM_BUS_NAME (subject), NULL, NULL); + } + else if (POLKIT_IS_UNIX_SESSION (subject)) + { diff --git a/patches/0.113/PolkitSystemBusName-Add-public-API-to-retrieve-Unix-.patch b/patches/0.113/PolkitSystemBusName-Add-public-API-to-retrieve-Unix-.patch new file mode 100644 index 00000000..a162aef3 --- /dev/null +++ b/patches/0.113/PolkitSystemBusName-Add-public-API-to-retrieve-Unix-.patch @@ -0,0 +1,166 @@ +From: Colin Walters +Date: Wed, 21 Aug 2013 12:23:55 -0400 +Subject: PolkitSystemBusName: Add public API to retrieve Unix user + +And change the duplicated code in the backend session monitors to use +it. This just a code cleanup resulting from review after +CVE-2013-4288. There's no security impact from this patch, it just +removes duplicated code. + +Bug: https://bugs.freedesktop.org/show_bug.cgi?id=69538 +Origin: upstream, 0.113, commit:904d8404d93dec45fce3b719eb1a626acc6b8a73 +--- + src/polkit/polkitsystembusname.c | 56 ++++++++++++++++++++++ + src/polkit/polkitsystembusname.h | 4 ++ + .../polkitbackendsessionmonitor-systemd.c | 20 +------- + src/polkitbackend/polkitbackendsessionmonitor.c | 20 +------- + 4 files changed, 62 insertions(+), 38 deletions(-) + +diff --git a/src/polkit/polkitsystembusname.c b/src/polkit/polkitsystembusname.c +index 2a297c4..51e4a69 100644 +--- a/src/polkit/polkitsystembusname.c ++++ b/src/polkit/polkitsystembusname.c +@@ -25,6 +25,7 @@ + + #include + #include "polkitsystembusname.h" ++#include "polkitunixuser.h" + #include "polkitsubject.h" + #include "polkitprivate.h" + +@@ -396,3 +397,58 @@ polkit_system_bus_name_get_process_sync (PolkitSystemBusName *system_bus_name, + return ret; + } + ++/** ++ * polkit_system_bus_name_get_user_sync: ++ * @system_bus_name: A #PolkitSystemBusName. ++ * @cancellable: (allow-none): A #GCancellable or %NULL. ++ * @error: (allow-none): Return location for error or %NULL. ++ * ++ * Synchronously gets a #PolkitUnixUser object for @system_bus_name; ++ * the calling thread is blocked until a reply is received. ++ * ++ * Returns: (allow-none) (transfer full): A #PolkitUnixUser object or %NULL if @error is set. ++ **/ ++PolkitUnixUser * ++polkit_system_bus_name_get_user_sync (PolkitSystemBusName *system_bus_name, ++ GCancellable *cancellable, ++ GError **error) ++{ ++ GDBusConnection *connection; ++ PolkitUnixUser *ret; ++ GVariant *result; ++ guint32 uid; ++ ++ g_return_val_if_fail (POLKIT_IS_SYSTEM_BUS_NAME (system_bus_name), NULL); ++ g_return_val_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable), NULL); ++ g_return_val_if_fail (error == NULL || *error == NULL, NULL); ++ ++ ret = NULL; ++ ++ connection = g_bus_get_sync (G_BUS_TYPE_SYSTEM, cancellable, error); ++ if (connection == NULL) ++ goto out; ++ ++ result = g_dbus_connection_call_sync (connection, ++ "org.freedesktop.DBus", /* name */ ++ "/org/freedesktop/DBus", /* object path */ ++ "org.freedesktop.DBus", /* interface name */ ++ "GetConnectionUnixUser", /* method */ ++ g_variant_new ("(s)", system_bus_name->name), ++ G_VARIANT_TYPE ("(u)"), ++ G_DBUS_CALL_FLAGS_NONE, ++ -1, ++ cancellable, ++ error); ++ if (result == NULL) ++ goto out; ++ ++ g_variant_get (result, "(u)", &uid); ++ g_variant_unref (result); ++ ++ ret = (PolkitUnixUser*)polkit_unix_user_new (uid); ++ ++ out: ++ if (connection != NULL) ++ g_object_unref (connection); ++ return ret; ++} +diff --git a/src/polkit/polkitsystembusname.h b/src/polkit/polkitsystembusname.h +index 1fc464f..38d31f7 100644 +--- a/src/polkit/polkitsystembusname.h ++++ b/src/polkit/polkitsystembusname.h +@@ -56,6 +56,10 @@ PolkitSubject *polkit_system_bus_name_get_process_sync (PolkitSystemBusName + GCancellable *cancellable, + GError **error); + ++PolkitUnixUser * polkit_system_bus_name_get_user_sync (PolkitSystemBusName *system_bus_name, ++ GCancellable *cancellable, ++ GError **error); ++ + G_END_DECLS + + #endif /* __POLKIT_SYSTEM_BUS_NAME_H */ +diff --git a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c +index 58593c3..0185310 100644 +--- a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c ++++ b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c +@@ -277,25 +277,7 @@ polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor + } + else if (POLKIT_IS_SYSTEM_BUS_NAME (subject)) + { +- GVariant *result; +- +- result = g_dbus_connection_call_sync (monitor->system_bus, +- "org.freedesktop.DBus", +- "/org/freedesktop/DBus", +- "org.freedesktop.DBus", +- "GetConnectionUnixUser", +- g_variant_new ("(s)", polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (subject))), +- G_VARIANT_TYPE ("(u)"), +- G_DBUS_CALL_FLAGS_NONE, +- -1, /* timeout_msec */ +- NULL, /* GCancellable */ +- error); +- if (result == NULL) +- goto out; +- g_variant_get (result, "(u)", &uid); +- g_variant_unref (result); +- +- ret = polkit_unix_user_new (uid); ++ ret = (PolkitIdentity*)polkit_system_bus_name_get_user_sync (POLKIT_SYSTEM_BUS_NAME (subject), NULL, error); + } + else if (POLKIT_IS_UNIX_SESSION (subject)) + { +diff --git a/src/polkitbackend/polkitbackendsessionmonitor.c b/src/polkitbackend/polkitbackendsessionmonitor.c +index 9c331b6..4075d3f 100644 +--- a/src/polkitbackend/polkitbackendsessionmonitor.c ++++ b/src/polkitbackend/polkitbackendsessionmonitor.c +@@ -306,25 +306,7 @@ polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor + } + else if (POLKIT_IS_SYSTEM_BUS_NAME (subject)) + { +- GVariant *result; +- +- result = g_dbus_connection_call_sync (monitor->system_bus, +- "org.freedesktop.DBus", +- "/org/freedesktop/DBus", +- "org.freedesktop.DBus", +- "GetConnectionUnixUser", +- g_variant_new ("(s)", polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (subject))), +- G_VARIANT_TYPE ("(u)"), +- G_DBUS_CALL_FLAGS_NONE, +- -1, /* timeout_msec */ +- NULL, /* GCancellable */ +- error); +- if (result == NULL) +- goto out; +- g_variant_get (result, "(u)", &uid); +- g_variant_unref (result); +- +- ret = polkit_unix_user_new (uid); ++ ret = (PolkitIdentity*)polkit_system_bus_name_get_user_sync (POLKIT_SYSTEM_BUS_NAME (subject)); + } + else if (POLKIT_IS_UNIX_SESSION (subject)) + { diff --git a/patches/0.113/Port-internals-non-deprecated-PolkitProcess-API-wher.patch b/patches/0.113/Port-internals-non-deprecated-PolkitProcess-API-wher.patch new file mode 100644 index 00000000..8a8fa3cf --- /dev/null +++ b/patches/0.113/Port-internals-non-deprecated-PolkitProcess-API-wher.patch @@ -0,0 +1,29 @@ +From: Colin Walters +Date: Sat, 9 Nov 2013 13:48:21 -0500 +Subject: Port internals non-deprecated PolkitProcess API where possible + +We can't port everything, but in PolkitPermission and these test +cases, we can use _for_owner() with the right information. + +[smcv: drop the part that touches +test/polkitbackend/test-polkitbackendjsauthority.c which is not +in this branch] + +Origin: upstream, 0.113, commit:6d3d0a8ffb0fd8ae59eb35593b305ec87da8858d +--- + src/polkit/polkitpermission.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/polkit/polkitpermission.c b/src/polkit/polkitpermission.c +index 22d195f..f8a666e 100644 +--- a/src/polkit/polkitpermission.c ++++ b/src/polkit/polkitpermission.c +@@ -122,7 +122,7 @@ polkit_permission_constructed (GObject *object) + PolkitPermission *permission = POLKIT_PERMISSION (object); + + if (permission->subject == NULL) +- permission->subject = polkit_unix_process_new (getpid ()); ++ permission->subject = polkit_unix_process_new_for_owner (getpid (), 0, getuid ()); + + if (G_OBJECT_CLASS (polkit_permission_parent_class)->constructed != NULL) + G_OBJECT_CLASS (polkit_permission_parent_class)->constructed (object); diff --git a/patches/0.113/README-Note-to-send-security-reports-via-DBus-s-mech.patch b/patches/0.113/README-Note-to-send-security-reports-via-DBus-s-mech.patch new file mode 100644 index 00000000..94846996 --- /dev/null +++ b/patches/0.113/README-Note-to-send-security-reports-via-DBus-s-mech.patch @@ -0,0 +1,39 @@ +From: Colin Walters +Date: Thu, 4 Jun 2015 08:41:36 -0400 +Subject: README: Note to send security reports via DBus's mechanism + +This avoids duplicating effort. + +Origin: upstream, 0.113, commit:ccec766c509d16dab417582e94f43d906cefd4ae +--- + README | 18 +++++++++++++++++- + 1 file changed, 17 insertions(+), 1 deletion(-) + +diff --git a/README b/README +index b075162..0723002 100644 +--- a/README ++++ b/README +@@ -22,6 +22,22 @@ To verify the authenticity of the compressed tarball, use this command + BUGS and DEVELOPMENT + ==================== + +-Please report bugs via the freedesktop.org bugzilla at ++Please report non-security bugs via the freedesktop.org bugzilla at + + https://bugs.freedesktop.org/enter_bug.cgi?product=PolicyKit ++ ++SECURITY ISSUES ++=============== ++ ++polkit uses the same mechanism for reporting security issues as dbus, ++the most recent copy of instructions can be found in the DBus git ++repository: ++ ++http://cgit.freedesktop.org/dbus/dbus/tree/HACKING ++ ++A copy of the instructions as of 2015-06-04: ++ ++If you find a security vulnerability that is not known to the public, ++please report it privately to dbus-security@lists.freedesktop.org ++or by reporting a freedesktop.org bug that is marked as ++restricted to the "D-BUS security group". diff --git a/patches/0.113/Refuse-duplicate-user-arguments-to-pkexec.patch b/patches/0.113/Refuse-duplicate-user-arguments-to-pkexec.patch new file mode 100644 index 00000000..18635e58 --- /dev/null +++ b/patches/0.113/Refuse-duplicate-user-arguments-to-pkexec.patch @@ -0,0 +1,38 @@ +From: =?utf-8?q?Miloslav_Trma=C4=8D?= +Date: Tue, 26 Aug 2014 17:59:47 +0200 +Subject: Refuse duplicate --user arguments to pkexec + +This usage is clearly erroneous, so we should tell the users they are +making a mistake. + +Besides, this allows an attacker to cause a high number of heap +allocations with attacker-controlled sizes ( +http://googleprojectzero.blogspot.cz/2014/08/the-poisoned-nul-byte-2014-edition.html +), making some exploits easier. + +(To be clear, this is not a pkexec vulnerability, and we will not +refuse attacker-affected malloc() usage as a matter of policy; but this +commit is both user-friendly and adding some hardening.) + +Bug: https://bugs.freedesktop.org/show_bug.cgi?id=83093 +Origin: upstream, 0.113, commit:6c992bc8aefa195a41eaa41c07f46f17de18e25c +--- + src/programs/pkexec.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c +index 5e99044..abc660d 100644 +--- a/src/programs/pkexec.c ++++ b/src/programs/pkexec.c +@@ -533,6 +533,11 @@ main (int argc, char *argv[]) + goto out; + } + ++ if (opt_user != NULL) ++ { ++ g_printerr ("--user specified twice\n"); ++ goto out; ++ } + opt_user = g_strdup (argv[n]); + } + else if (strcmp (argv[n], "--disable-internal-agent") == 0) diff --git a/patches/0.113/Remove-a-redundant-assignment.patch b/patches/0.113/Remove-a-redundant-assignment.patch new file mode 100644 index 00000000..792ca7f2 --- /dev/null +++ b/patches/0.113/Remove-a-redundant-assignment.patch @@ -0,0 +1,26 @@ +From: =?utf-8?q?Miloslav_Trma=C4=8D?= +Date: Wed, 11 Jun 2014 22:44:28 +0200 +Subject: Remove a redundant assignment. + +Instead of a nonsensical (data = data), use the more customary +((void)data) to silence the warning about an unused parameter. + +Bug: https://bugs.freedesktop.org/show_bug.cgi?id=80767 +Origin: upstream, 0.113, commit:37143eb06cb0c4dffca67079dd1c10c5b191b6a7 +--- + src/polkitagent/polkitagenthelper-pam.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/polkitagent/polkitagenthelper-pam.c b/src/polkitagent/polkitagenthelper-pam.c +index 292abbe..937386e 100644 +--- a/src/polkitagent/polkitagenthelper-pam.c ++++ b/src/polkitagent/polkitagenthelper-pam.c +@@ -230,7 +230,7 @@ conversation_function (int n, const struct pam_message **msg, struct pam_respons + gchar *tmp = NULL; + size_t len; + +- data = data; ++ (void)data; + if (n <= 0 || n > PAM_MAX_NUM_MSG) + return PAM_CONV_ERR; + diff --git a/patches/0.113/docs-Update-for-changes-to-uid-binding-Authenticatio.patch b/patches/0.113/docs-Update-for-changes-to-uid-binding-Authenticatio.patch new file mode 100644 index 00000000..451c2998 --- /dev/null +++ b/patches/0.113/docs-Update-for-changes-to-uid-binding-Authenticatio.patch @@ -0,0 +1,259 @@ +From: =?utf-8?q?Miloslav_Trma=C4=8D?= +Date: Wed, 17 Jun 2015 01:01:27 +0200 +Subject: docs: Update for changes to uid binding/AuthenticationAgentResponse2 + + - Refer to PolkitAgentSession in general instead of to _response only + - Revert to the original description of authentication cancellation, the + agent really needs to return an error to the caller (in addition to dealing + with the session if any). + - Explicitly document the UID assumption; in the process fixing bug #69980. + - Keep documenting that we need a sufficiently privileged caller. + - Refer to the ...Response2 API in more places. + - Also update docbook documentation. + - Drop a paragraph suggesting non-PolkitAgentSession implementations are + expected and commonplace. + +Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90837 +Reviewed-by: Colin Walters +Origin: upstream, 0.113, commit:fb5076b7c05d01a532d593a4079a29cf2d63a228 +Bug-Debian: https://bugs.debian.org/796134 +--- + ....freedesktop.PolicyKit1.AuthenticationAgent.xml | 6 +++--- + data/org.freedesktop.PolicyKit1.Authority.xml | 11 ++++++---- + ....freedesktop.PolicyKit1.AuthenticationAgent.xml | 7 +++++-- + ...erface-org.freedesktop.PolicyKit1.Authority.xml | 12 +++++++---- + docs/polkit/overview.xml | 8 ++++---- + src/polkit/polkitauthority.c | 24 ++++++++++++++++++++-- + src/polkitagent/polkitagentlistener.c | 5 +---- + src/polkitbackend/polkitbackendauthority.c | 1 + + 8 files changed, 51 insertions(+), 23 deletions(-) + +diff --git a/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml b/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml +index 5beef7d..482332f 100644 +--- a/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml ++++ b/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml +@@ -13,14 +13,14 @@ + user to authenticate as one of the identities in @identities for + the action with the identifier @action_id.This + authentication is normally achieved via the +- polkit_agent_session_response() API, which invokes a private ++ PolkitAgentSession API, which invokes a private + setuid helper process to verify the authentication. When + successful, it calls the + org.freedesktop.PolicyKit1.Authority.AuthenticationAgentResponse2() + method on the #org.freedesktop.PolicyKit1.Authority interface of + the PolicyKit daemon before returning. If the user dismisses the +- authentication dialog, the authentication agent should call +- polkit_agent_session_cancel()."/> ++ authentication dialog, the authentication agent should return an ++ error."/> + + + +diff --git a/data/org.freedesktop.PolicyKit1.Authority.xml b/data/org.freedesktop.PolicyKit1.Authority.xml +index f9021ee..88da3c0 100644 +--- a/data/org.freedesktop.PolicyKit1.Authority.xml ++++ b/data/org.freedesktop.PolicyKit1.Authority.xml +@@ -283,7 +283,7 @@ + + + +- ++ + + + +@@ -315,7 +315,8 @@ + + ++internal to polkit. This method will fail unless a sufficiently privileged ++caller invokes it. Deprecated in favor of org.freedesktop.PolicyKit1.Authority.AuthenticationAgentResponse2."/> + + + +@@ -330,11 +331,13 @@ internal to polkit."/> + + + + +- ++ + + + +diff --git a/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.AuthenticationAgent.xml b/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.AuthenticationAgent.xml +index ec59626..ab27b2f 100644 +--- a/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.AuthenticationAgent.xml ++++ b/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.AuthenticationAgent.xml +@@ -47,10 +47,13 @@ BeginAuthentication (IN String action_id, + identifier action_id.Upon + succesful authentication, the authentication agent must invoke + the AuthenticationAgentResponse() ++ linkend="eggdbus-method-org.freedesktop.PolicyKit1.Authority.AuthenticationAgentResponse2">AuthenticationAgentResponse2() + method on the org.freedesktop.PolicyKit1.Authority +- interface of the PolicyKit daemon before returning. ++ interface of the PolicyKit daemon before returning. This is normally ++ achieved via the PolkitAgentSession ++ API, which invokes a private setuid helper process to verify the ++ authentication. + + + The authentication agent should not return until after authentication is complete. +diff --git a/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml b/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml +index e66bf53..f2eed63 100644 +--- a/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml ++++ b/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml +@@ -42,7 +42,7 @@ Structure TemporaryAuth + IN String object_path) + AuthenticationAgentResponse (IN String cookie, + IN Identity identity) +-AuthenticationAgentResponse2 (IN uint32 uid, IN String cookie, ++AuthenticationAgentResponse2 (IN uint32 uid, IN String cookie, + IN Identity identity) + EnumerateTemporaryAuthorizations (IN Subject subject, + OUT Array<TemporaryAuthorization> temporary_authorizations) +@@ -701,7 +701,7 @@ RegisterAuthenticationAgent (IN Subject< + IN String object_path) + + +-Register an authentication agent.Note that current versions of PolicyKit will only work if session_id is set to the empty string. In the future it might work for non-empty strings if the caller is sufficiently privileged. ++Register an authentication agent.Note that this should be called by same effective UID which will be passed to AuthenticationAgentResponse2(). + + + +@@ -781,7 +781,8 @@ AuthenticationAgentResponse (IN String cookie, + + Method for authentication agents to invoke on successful + authentication, intended only for use by a privileged helper process +-internal to polkit. Deprecated in favor of AuthenticationAgentResponse2. ++internal to polkit. This method will fail unless a sufficiently privileged +++caller invokes it. Deprecated in favor of AuthenticationAgentResponse2(). + + + +@@ -812,7 +813,10 @@ AuthenticationAgentResponse2 (IN uint32 uid, + + Method for authentication agents to invoke on successful + authentication, intended only for use by a privileged helper process +-internal to polkit. Note this method was introduced in 0.114 to fix a security issue. ++internal to polkit. This method will fail unless a sufficiently privileged ++caller invokes it. Note this method was introduced in 0.114 and should be ++preferred over AuthenticationAgentResponse() ++as it fixes a security issue. + + + +diff --git a/docs/polkit/overview.xml b/docs/polkit/overview.xml +index c29d8da..8ddb34c 100644 +--- a/docs/polkit/overview.xml ++++ b/docs/polkit/overview.xml +@@ -73,11 +73,11 @@ + linkend="eggdbus-interface-org.freedesktop.PolicyKit1.AuthenticationAgent">org.freedesktop.PolicyKit1.AuthenticationAgent + D-Bus interface. Once the user is authenticated, (a privileged + part of) the agent invokes the AuthenticationAgentResponse() ++ linkend="eggdbus-method-org.freedesktop.PolicyKit1.Authority.AuthenticationAgentResponse2">AuthenticationAgentResponse2() + method. This method should be treated as an internal +- implementation detail, and callers should use the public shared +- library API to invoke it, which currently uses a setuid helper +- program. ++ implementation detail, and callers should use the ++ PolkitAgentSession API to invoke ++ it, which currently uses a setuid helper program. + + + The libpolkit-agent-1 +diff --git a/src/polkit/polkitauthority.c b/src/polkit/polkitauthority.c +index f45abc4..4e882e6 100644 +--- a/src/polkit/polkitauthority.c ++++ b/src/polkit/polkitauthority.c +@@ -1038,6 +1038,10 @@ polkit_authority_check_authorization_sync (PolkitAuthority *author + * + * Asynchronously registers an authentication agent. + * ++ * Note that this should be called by the same effective UID which will be ++ * the real UID using the #PolkitAgentSession API or otherwise calling ++ * polkit_authority_authentication_agent_response(). ++ * + * When the operation is finished, @callback will be invoked in the + * thread-default + * main loop of the thread you are calling this method +@@ -1129,7 +1133,13 @@ polkit_authority_register_authentication_agent_finish (PolkitAuthority *authorit + * @cancellable: (allow-none): A #GCancellable or %NULL. + * @error: (allow-none): Return location for error or %NULL. + * +- * Registers an authentication agent. The calling thread is blocked ++ * Registers an authentication agent. ++ * ++ * Note that this should be called by the same effective UID which will be ++ * the real UID using the #PolkitAgentSession API or otherwise calling ++ * polkit_authority_authentication_agent_response(). ++ * ++ * The calling thread is blocked + * until a reply is received. See + * polkit_authority_register_authentication_agent() for the + * asynchronous version. +@@ -1178,6 +1188,10 @@ polkit_authority_register_authentication_agent_sync (PolkitAuthority *author + * + * Asynchronously registers an authentication agent. + * ++ * Note that this should be called by the same effective UID which will be ++ * the real UID using the #PolkitAgentSession API or otherwise calling ++ * polkit_authority_authentication_agent_response(). ++ * + * When the operation is finished, @callback will be invoked in the + * thread-default + * main loop of the thread you are calling this method +@@ -1292,7 +1306,13 @@ polkit_authority_register_authentication_agent_with_options_finish (PolkitAuthor + * @cancellable: (allow-none): A #GCancellable or %NULL. + * @error: (allow-none): Return location for error or %NULL. + * +- * Registers an authentication agent. The calling thread is blocked ++ * Registers an authentication agent. ++ * ++ * Note that this should be called by the same effective UID which will be ++ * the real UID using the #PolkitAgentSession API or otherwise calling ++ * polkit_authority_authentication_agent_response(). ++ * ++ * The calling thread is blocked + * until a reply is received. See + * polkit_authority_register_authentication_agent_with_options() for the + * asynchronous version. +diff --git a/src/polkitagent/polkitagentlistener.c b/src/polkitagent/polkitagentlistener.c +index 0d97501..10dbfb9 100644 +--- a/src/polkitagent/polkitagentlistener.c ++++ b/src/polkitagent/polkitagentlistener.c +@@ -37,10 +37,7 @@ + * + * Typically authentication agents use #PolkitAgentSession to + * authenticate users (via passwords) and communicate back the +- * authentication result to the PolicyKit daemon. This is however not +- * requirement. Depending on the system an authentication agent may +- * use other means (such as a Yes/No dialog) to obtain sufficient +- * evidence that the user is one of the requested identities. ++ * authentication result to the PolicyKit daemon. + * + * To register a #PolkitAgentListener with the PolicyKit daemon, use + * polkit_agent_listener_register() or +diff --git a/src/polkitbackend/polkitbackendauthority.c b/src/polkitbackend/polkitbackendauthority.c +index d1b1a25..10b8af3 100644 +--- a/src/polkitbackend/polkitbackendauthority.c ++++ b/src/polkitbackend/polkitbackendauthority.c +@@ -343,6 +343,7 @@ polkit_backend_authority_unregister_authentication_agent (PolkitBackendAuthority + * polkit_backend_authority_authentication_agent_response: + * @authority: A #PolkitBackendAuthority. + * @caller: The system bus name that initiated the query. ++ * @uid: The real UID of the registered agent, or (uid_t)-1 if unknown. + * @cookie: The cookie passed to the authentication agent from the authority. + * @identity: The identity that was authenticated. + * @error: Return location for error or %NULL. diff --git a/patches/0.113/pkexec-Work-around-systemd-injecting-broken-XDG_RUNT.patch b/patches/0.113/pkexec-Work-around-systemd-injecting-broken-XDG_RUNT.patch new file mode 100644 index 00000000..e8e9b6b1 --- /dev/null +++ b/patches/0.113/pkexec-Work-around-systemd-injecting-broken-XDG_RUNT.patch @@ -0,0 +1,76 @@ +From: Colin Walters +Date: Thu, 21 Nov 2013 17:39:37 -0500 +Subject: pkexec: Work around systemd injecting broken XDG_RUNTIME_DIR + +This workaround isn't too much code, and it's often better to fix bugs +in two places anyways. + +For more information: + +See https://bugzilla.redhat.com/show_bug.cgi?id=753882 +See http://lists.freedesktop.org/archives/systemd-devel/2013-November/014370.html + +Origin: upstream, 0.113, commit:8635ffc16aeff6a07d675f861fe0dea03ea81d7e +--- + src/programs/pkexec.c | 33 ++++++++++++++++++++++++++++++--- + 1 file changed, 30 insertions(+), 3 deletions(-) + +diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c +index 9a0570a..5e99044 100644 +--- a/src/programs/pkexec.c ++++ b/src/programs/pkexec.c +@@ -139,8 +139,22 @@ pam_conversation_function (int n, + return PAM_CONV_ERR; + } + ++/* A work around for: ++ * https://bugzilla.redhat.com/show_bug.cgi?id=753882 ++ */ ++static gboolean ++xdg_runtime_dir_is_owned_by (const char *path, ++ uid_t target_uid) ++{ ++ struct stat stbuf; ++ ++ return stat (path, &stbuf) == 0 && ++ stbuf.st_uid == target_uid; ++} ++ + static gboolean +-open_session (const gchar *user_to_auth) ++open_session (const gchar *user_to_auth, ++ uid_t target_uid) + { + gboolean ret; + gint rc; +@@ -182,7 +196,19 @@ open_session (const gchar *user_to_auth) + { + guint n; + for (n = 0; envlist[n]; n++) +- putenv (envlist[n]); ++ { ++ const char *envitem = envlist[n]; ++ ++ if (g_str_has_prefix (envitem, "XDG_RUNTIME_DIR=")) ++ { ++ const char *eq = strchr (envitem, '='); ++ g_assert (eq); ++ if (!xdg_runtime_dir_is_owned_by (eq + 1, target_uid)) ++ continue; ++ } ++ ++ putenv (envlist[n]); ++ } + free (envlist); + } + +@@ -892,7 +918,8 @@ main (int argc, char *argv[]) + * As evident above, neither su(1) (and, for that matter, nor sudo(8)) does this. + */ + #ifdef POLKIT_AUTHFW_PAM +- if (!open_session (pw->pw_name)) ++ if (!open_session (pw->pw_name, ++ pw->pw_uid)) + { + goto out; + } diff --git a/patches/0.113/polkitd-Fix-problem-with-removing-non-existent-sourc.patch b/patches/0.113/polkitd-Fix-problem-with-removing-non-existent-sourc.patch new file mode 100644 index 00000000..1737020f --- /dev/null +++ b/patches/0.113/polkitd-Fix-problem-with-removing-non-existent-sourc.patch @@ -0,0 +1,23 @@ +From: Lukasz Skalski +Date: Tue, 22 Apr 2014 11:11:20 +0200 +Subject: polkitd: Fix problem with removing non-existent source + +Bug: https://bugs.freedesktop.org/show_bug.cgi?id=77167 +Applied-upstream: 0.113, commit:3ca4e00c7e003ea80aa96b499bc7cd83246d7108 +--- + src/polkitd/main.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/polkitd/main.c b/src/polkitd/main.c +index b21723f..f18fb91 100644 +--- a/src/polkitd/main.c ++++ b/src/polkitd/main.c +@@ -93,7 +93,7 @@ on_sigint (gpointer user_data) + { + g_print ("Handling SIGINT\n"); + g_main_loop_quit (loop); +- return FALSE; ++ return TRUE; + } + + int diff --git a/patches/0.113/sessionmonitor-systemd-Deduplicate-code-paths.patch b/patches/0.113/sessionmonitor-systemd-Deduplicate-code-paths.patch new file mode 100644 index 00000000..e7d0a4b7 --- /dev/null +++ b/patches/0.113/sessionmonitor-systemd-Deduplicate-code-paths.patch @@ -0,0 +1,104 @@ +From: Colin Walters +Date: Thu, 7 Nov 2013 15:57:50 -0500 +Subject: sessionmonitor-systemd: Deduplicate code paths + +We had the code to go from pid -> session duplicated. If we have a +PolkitSystemBusName, convert it to a PolkitUnixProcess. +Then we can do PolkitUnixProcess -> pid -> session in one place. + +This is just a code cleanup. + +Bug: https://bugs.freedesktop.org/show_bug.cgi?id=69538 +Origin: upstream, 0.113, commit:26d0c0578211fb96fc8fe75572aa11ad6ecbf9b8 +--- + .../polkitbackendsessionmonitor-systemd.c | 63 ++++++++-------------- + 1 file changed, 22 insertions(+), 41 deletions(-) + +diff --git a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c +index 0185310..756b728 100644 +--- a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c ++++ b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c +@@ -313,61 +313,42 @@ polkit_backend_session_monitor_get_session_for_subject (PolkitBackendSessionMoni + PolkitSubject *subject, + GError **error) + { +- PolkitSubject *session; +- +- session = NULL; ++ PolkitUnixProcess *tmp_process = NULL; ++ PolkitUnixProcess *process = NULL; ++ PolkitSubject *session = NULL; ++ char *session_id = NULL; ++ pid_t pid; + + if (POLKIT_IS_UNIX_PROCESS (subject)) +- { +- gchar *session_id; +- pid_t pid; +- +- pid = polkit_unix_process_get_pid (POLKIT_UNIX_PROCESS (subject)); +- if (sd_pid_get_session (pid, &session_id) < 0) +- goto out; +- +- session = polkit_unix_session_new (session_id); +- free (session_id); +- } ++ process = POLKIT_UNIX_PROCESS (subject); /* We already have a process */ + else if (POLKIT_IS_SYSTEM_BUS_NAME (subject)) + { +- guint32 pid; +- gchar *session_id; +- GVariant *result; +- +- result = g_dbus_connection_call_sync (monitor->system_bus, +- "org.freedesktop.DBus", +- "/org/freedesktop/DBus", +- "org.freedesktop.DBus", +- "GetConnectionUnixProcessID", +- g_variant_new ("(s)", polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (subject))), +- G_VARIANT_TYPE ("(u)"), +- G_DBUS_CALL_FLAGS_NONE, +- -1, /* timeout_msec */ +- NULL, /* GCancellable */ +- error); +- if (result == NULL) +- goto out; +- g_variant_get (result, "(u)", &pid); +- g_variant_unref (result); +- +- if (sd_pid_get_session (pid, &session_id) < 0) +- goto out; +- +- session = polkit_unix_session_new (session_id); +- free (session_id); ++ /* Convert bus name to process */ ++ tmp_process = (PolkitUnixProcess*)polkit_system_bus_name_get_process_sync (POLKIT_SYSTEM_BUS_NAME (subject), NULL, error); ++ if (!tmp_process) ++ goto out; ++ process = tmp_process; + } + else + { + g_set_error (error, + POLKIT_ERROR, + POLKIT_ERROR_NOT_SUPPORTED, +- "Cannot get user for subject of type %s", ++ "Cannot get session for subject of type %s", + g_type_name (G_TYPE_FROM_INSTANCE (subject))); + } + +- out: ++ /* Now do process -> pid -> session */ ++ g_assert (process != NULL); ++ pid = polkit_unix_process_get_pid (process); + ++ if (sd_pid_get_session (pid, &session_id) < 0) ++ goto out; ++ ++ session = polkit_unix_session_new (session_id); ++ free (session_id); ++ out: ++ if (tmp_process) g_object_unref (tmp_process); + return session; + } + diff --git a/patches/0.113/sessionmonitor-systemd-Use-sd_uid_get_state-to-check.patch b/patches/0.113/sessionmonitor-systemd-Use-sd_uid_get_state-to-check.patch new file mode 100644 index 00000000..7c0ca4bb --- /dev/null +++ b/patches/0.113/sessionmonitor-systemd-Use-sd_uid_get_state-to-check.patch @@ -0,0 +1,73 @@ +From: Philip Withnall +Date: Tue, 2 Jun 2015 16:19:51 +0100 +Subject: sessionmonitor-systemd: Use sd_uid_get_state() to check session + activity +MIME-Version: 1.0 +Content-Type: text/plain; charset="utf-8" +Content-Transfer-Encoding: 8bit + +Instead of using sd_pid_get_session() then sd_session_is_active() to +determine whether the user is active, use sd_uid_get_state() directly. +This gets the maximum of the states of all the user’s sessions, rather +than the state of the session containing the subject process. Since the +user is the security boundary, this is fine. + +This change is necessary for `systemd --user` sessions, where most user +code will be forked off user@.service, rather than running inside the +logind session (whether that be a foreground/active or background/online +session). + +Policy-wise, the change is from checking whether the subject process is +in an active session; to checking whether the subject process is owned +by a user with at least one active session. + +Bug: https://bugs.freedesktop.org/show_bug.cgi?id=76358 +Applied-upstream: 0.113, commit:a29653ffa99e0809e15aa34afcd7b2df8593871c +Bug-Debian: https://bugs.debian.org/779988 +--- + .../polkitbackendsessionmonitor-systemd.c | 33 +++++++++++++++++++++- + 1 file changed, 32 insertions(+), 1 deletion(-) + +diff --git a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c +index ebd05ce..6bd517a 100644 +--- a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c ++++ b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c +@@ -391,6 +391,37 @@ gboolean + polkit_backend_session_monitor_is_session_active (PolkitBackendSessionMonitor *monitor, + PolkitSubject *session) + { +- return sd_session_is_active (polkit_unix_session_get_session_id (POLKIT_UNIX_SESSION (session))); ++ const char *session_id; ++ char *state; ++ uid_t uid; ++ gboolean is_active = FALSE; ++ ++ session_id = polkit_unix_session_get_session_id (POLKIT_UNIX_SESSION (session)); ++ ++ g_debug ("Checking whether session %s is active.", session_id); ++ ++ /* Check whether *any* of the user's current sessions are active. */ ++ if (sd_session_get_uid (session_id, &uid) < 0) ++ goto fallback; ++ ++ g_debug ("Session %s has UID %u.", session_id, uid); ++ ++ if (sd_uid_get_state (uid, &state) < 0) ++ goto fallback; ++ ++ g_debug ("UID %u has state %s.", uid, state); ++ ++ is_active = (g_strcmp0 (state, "active") == 0); ++ free (state); ++ ++ return is_active; ++ ++fallback: ++ /* Fall back to checking the session. This is not ideal, since the user ++ * might have multiple sessions, and we cannot guarantee to have chosen ++ * the active one. ++ * ++ * See: https://bugs.freedesktop.org/show_bug.cgi?id=76358. */ ++ return sd_session_is_active (session_id); + } + diff --git a/patches/0.113/sessionmonitor-systemd-prepare-for-D-Bus-user-bus-mo.patch b/patches/0.113/sessionmonitor-systemd-prepare-for-D-Bus-user-bus-mo.patch new file mode 100644 index 00000000..6b09ce79 --- /dev/null +++ b/patches/0.113/sessionmonitor-systemd-prepare-for-D-Bus-user-bus-mo.patch @@ -0,0 +1,89 @@ +From: Kay Sievers +Date: Mon, 19 May 2014 10:19:49 +0900 +Subject: sessionmonitor-systemd: prepare for D-Bus "user bus" model + +In the D-Bus "user bus" model, all sessions of a user share the same +D-Bus instance, a polkit requesting process might live outside the +login session which registered the user's polkit agent. + +In case a polkit requesting process is not part of the user's login +session, we ask systemd-logind for the user's "display" session +instead. + +Bug: https://bugs.freedesktop.org/show_bug.cgi?id=78905 +Bug-Debian: https://bugs.debian.org/779988 +Applied-upstream: 0.113, commit:a68f5dfd7662767b7b9822090b70bc5bd145c50c +[smcv: backport configure.ac changes; fail with #error if the required +API is not found] +--- + configure.ac | 4 +++ + .../polkitbackendsessionmonitor-systemd.c | 29 ++++++++++++++++++---- + 2 files changed, 28 insertions(+), 5 deletions(-) + +diff --git a/configure.ac b/configure.ac +index f4a0c41..aa2760f 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -165,6 +165,10 @@ if test "$enable_systemd" != "no"; then + have_systemd=no) + if test "$have_systemd" = "yes"; then + SESSION_TRACKING=systemd ++ save_LIBS=$LIBS ++ LIBS=$SYSTEMD_LIBS ++ AC_CHECK_FUNCS(sd_uid_get_display) ++ LIBS=$save_LIBS + else + if test "$enable_systemd" = "yes"; then + AC_MSG_ERROR([systemd support requested but libsystemd-login1 library not found]) +diff --git a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c +index 756b728..ebd05ce 100644 +--- a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c ++++ b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c +@@ -318,6 +318,9 @@ polkit_backend_session_monitor_get_session_for_subject (PolkitBackendSessionMoni + PolkitSubject *session = NULL; + char *session_id = NULL; + pid_t pid; ++#if HAVE_SD_UID_GET_DISPLAY ++ uid_t uid; ++#endif + + if (POLKIT_IS_UNIX_PROCESS (subject)) + process = POLKIT_UNIX_PROCESS (subject); /* We already have a process */ +@@ -338,16 +341,32 @@ polkit_backend_session_monitor_get_session_for_subject (PolkitBackendSessionMoni + g_type_name (G_TYPE_FROM_INSTANCE (subject))); + } + +- /* Now do process -> pid -> session */ ++ /* Now do process -> pid -> same session */ + g_assert (process != NULL); + pid = polkit_unix_process_get_pid (process); + +- if (sd_pid_get_session (pid, &session_id) < 0) ++ if (sd_pid_get_session (pid, &session_id) >= 0) ++ { ++ session = polkit_unix_session_new (session_id); ++ goto out; ++ } ++ ++#if HAVE_SD_UID_GET_DISPLAY ++ /* Now do process -> uid -> graphical session (systemd version 213)*/ ++ if (sd_pid_get_owner_uid (pid, &uid) < 0) + goto out; +- +- session = polkit_unix_session_new (session_id); +- free (session_id); ++ ++ if (sd_uid_get_display (uid, &session_id) >= 0) ++ { ++ session = polkit_unix_session_new (session_id); ++ goto out; ++ } ++#else ++#error Debian should have sd_uid_get_display() ++#endif ++ + out: ++ free (session_id); + if (tmp_process) g_object_unref (tmp_process); + return session; + } diff --git a/patches/0.114/Add-gettext-support-for-.policy-files.patch b/patches/0.114/Add-gettext-support-for-.policy-files.patch new file mode 100644 index 00000000..025403f8 --- /dev/null +++ b/patches/0.114/Add-gettext-support-for-.policy-files.patch @@ -0,0 +1,58 @@ +From: Matthias Clasen +Date: Fri, 15 Jul 2016 11:12:35 -0400 +Subject: Add gettext support for .policy files + +gettext can extract strings from and merge them back into xml +file formats, with the help of .its files. + +Bug: https://bugs.freedesktop.org/show_bug.cgi?id=96940 +Origin: upstream, 0.114, commit:c78819245ff8a270f97c9f800773e727918be838 +--- + data/Makefile.am | 5 +++++ + data/polkit.its | 7 +++++++ + data/polkit.loc | 6 ++++++ + 3 files changed, 18 insertions(+) + create mode 100644 data/polkit.its + create mode 100644 data/polkit.loc + +diff --git a/data/Makefile.am b/data/Makefile.am +index f0beeba..e1a60aa 100644 +--- a/data/Makefile.am ++++ b/data/Makefile.am +@@ -20,6 +20,11 @@ endif + pkgconfigdir = $(libdir)/pkgconfig + pkgconfig_DATA = polkit-gobject-1.pc polkit-backend-1.pc polkit-agent-1.pc + ++# ---------------------------------------------------------------------------------------------------- ++ ++itsdir = $(datadir)/gettext/its ++its_DATA = polkit.loc polkit.its ++ + CLEANFILES = $(BUILT_SOURCES) + + EXTRA_DIST = \ +diff --git a/data/polkit.its b/data/polkit.its +new file mode 100644 +index 0000000..1312ecb +--- /dev/null ++++ b/data/polkit.its +@@ -0,0 +1,7 @@ ++ ++ ++ ++ +diff --git a/data/polkit.loc b/data/polkit.loc +new file mode 100644 +index 0000000..c7427ec +--- /dev/null ++++ b/data/polkit.loc +@@ -0,0 +1,6 @@ ++ ++ ++ ++ ++ ++ diff --git a/patches/0.114/Fix-multi-line-pam-text-info.patch b/patches/0.114/Fix-multi-line-pam-text-info.patch new file mode 100644 index 00000000..8a183613 --- /dev/null +++ b/patches/0.114/Fix-multi-line-pam-text-info.patch @@ -0,0 +1,39 @@ +From: Dariusz Gadomski +Date: Tue, 10 Nov 2015 10:52:02 +0100 +Subject: Fix multi-line pam text info. + +There are pam modules (e.g. pam_vas) that may attempt to display multi-line +PAM_TEXT_INFO messages. Polkit was interpreting the lines after the first one +as a separate message that was not recognized causing the authorization +to fail. Escaping these strings and unescaping them fixes the issue. + +Bug: https://bugs.freedesktop.org/show_bug.cgi?id=92886 +Origin: upstream, 0.114, commit:10597322eccc320f9053821750ae9af51e918d74 +--- + src/polkitagent/polkitagenthelper-pam.c | 13 +++++++++---- + 1 file changed, 9 insertions(+), 4 deletions(-) + +diff --git a/src/polkitagent/polkitagenthelper-pam.c b/src/polkitagent/polkitagenthelper-pam.c +index 19062aa..063d656 100644 +--- a/src/polkitagent/polkitagenthelper-pam.c ++++ b/src/polkitagent/polkitagenthelper-pam.c +@@ -302,10 +302,15 @@ conversation_function (int n, const struct pam_message **msg, struct pam_respons + case PAM_TEXT_INFO: + fprintf (stdout, "PAM_TEXT_INFO "); + conv2: +- fputs (msg[i]->msg, stdout); +- if (strlen (msg[i]->msg) > 0 && +- msg[i]->msg[strlen (msg[i]->msg) - 1] != '\n') +- fputc ('\n', stdout); ++ tmp = g_strdup (msg[i]->msg); ++ len = strlen (tmp); ++ if (len > 0 && tmp[len - 1] == '\n') ++ tmp[len - 1] = '\0'; ++ escaped = g_strescape (tmp, NULL); ++ g_free (tmp); ++ fputs (escaped, stdout); ++ g_free (escaped); ++ fputc ('\n', stdout); + fflush (stdout); + break; + diff --git a/patches/0.114/Refactor-send_to_helper-usage.patch b/patches/0.114/Refactor-send_to_helper-usage.patch new file mode 100644 index 00000000..75e5c7da --- /dev/null +++ b/patches/0.114/Refactor-send_to_helper-usage.patch @@ -0,0 +1,149 @@ +From: Dariusz Gadomski +Date: Thu, 12 Nov 2015 15:01:19 +0100 +Subject: Refactor send_to_helper usage + +There were duplicated pieces of code detecting EOLs and escaping the code. +Those actions has been delegated to already-existing send_to_helper function. + +Bug: https://bugs.freedesktop.org/show_bug.cgi?id=92886 +Origin: upstream, 0.114, commit:2690cd0312b310946c86674c8dd1f55c63f7dd6a +--- + src/polkitagent/polkitagenthelper-pam.c | 81 +++++++++++---------------------- + 1 file changed, 26 insertions(+), 55 deletions(-) + +diff --git a/src/polkitagent/polkitagenthelper-pam.c b/src/polkitagent/polkitagenthelper-pam.c +index 063d656..3ea3a3f 100644 +--- a/src/polkitagent/polkitagenthelper-pam.c ++++ b/src/polkitagent/polkitagenthelper-pam.c +@@ -39,25 +39,35 @@ static void + send_to_helper (const gchar *str1, + const gchar *str2) + { ++ char *escaped; ++ char *tmp2; ++ size_t len2; ++ ++ tmp2 = g_strdup(str2); ++ len2 = strlen(tmp2); + #ifdef PAH_DEBUG +- fprintf (stderr, "polkit-agent-helper-1: writing `%s' to stdout\n", str1); ++ fprintf (stderr, "polkit-agent-helper-1: writing `%s ' to stdout\n", str1); + #endif /* PAH_DEBUG */ +- fprintf (stdout, "%s", str1); ++ fprintf (stdout, "%s ", str1); ++ ++ if (len2 > 0 && tmp2[len2 - 1] == '\n') ++ tmp2[len2 - 1] = '\0'; ++ escaped = g_strescape (tmp2, NULL); + #ifdef PAH_DEBUG +- fprintf (stderr, "polkit-agent-helper-1: writing `%s' to stdout\n", str2); ++ fprintf (stderr, "polkit-agent-helper-1: writing `%s' to stdout\n", escaped); + #endif /* PAH_DEBUG */ +- fprintf (stdout, "%s", str2); +- if (strlen (str2) > 0 && str2[strlen (str2) - 1] != '\n') +- { ++ fprintf (stdout, "%s", escaped); + #ifdef PAH_DEBUG +- fprintf (stderr, "polkit-agent-helper-1: writing newline to stdout\n"); ++ fprintf (stderr, "polkit-agent-helper-1: writing newline to stdout\n"); + #endif /* PAH_DEBUG */ +- fputc ('\n', stdout); +- } ++ fputc ('\n', stdout); + #ifdef PAH_DEBUG + fprintf (stderr, "polkit-agent-helper-1: flushing stdout\n"); + #endif /* PAH_DEBUG */ + fflush (stdout); ++ ++ g_free (escaped); ++ g_free (tmp2); + } + + int +@@ -89,7 +99,7 @@ main (int argc, char *argv[]) + + /* Special-case a very common error triggered in jhbuild setups */ + s = g_strdup_printf ("Incorrect permissions on %s (needs to be setuid root)", argv[0]); +- send_to_helper ("PAM_ERROR_MSG ", s); ++ send_to_helper ("PAM_ERROR_MSG", s); + g_free (s); + goto error; + } +@@ -232,9 +242,6 @@ conversation_function (int n, const struct pam_message **msg, struct pam_respons + struct pam_response *aresp; + char buf[PAM_MAX_RESP_SIZE]; + int i; +- gchar *escaped = NULL; +- gchar *tmp = NULL; +- size_t len; + + (void)data; + if (n <= 0 || n > PAM_MAX_NUM_MSG) +@@ -251,38 +258,13 @@ conversation_function (int n, const struct pam_message **msg, struct pam_respons + { + + case PAM_PROMPT_ECHO_OFF: +-#ifdef PAH_DEBUG +- fprintf (stderr, "polkit-agent-helper-1: writing `PAM_PROMPT_ECHO_OFF ' to stdout\n"); +-#endif /* PAH_DEBUG */ +- fprintf (stdout, "PAM_PROMPT_ECHO_OFF "); ++ send_to_helper ("PAM_PROMPT_ECHO_OFF", msg[i]->msg); + goto conv1; + + case PAM_PROMPT_ECHO_ON: +-#ifdef PAH_DEBUG +- fprintf (stderr, "polkit-agent-helper-1: writing `PAM_PROMPT_ECHO_ON ' to stdout\n"); +-#endif /* PAH_DEBUG */ +- fprintf (stdout, "PAM_PROMPT_ECHO_ON "); +- conv1: +-#ifdef PAH_DEBUG +- fprintf (stderr, "polkit-agent-helper-1: writing `%s' to stdout\n", msg[i]->msg); +-#endif /* PAH_DEBUG */ +- tmp = g_strdup (msg[i]->msg); +- len = strlen (tmp); +- if (len > 0 && tmp[len - 1] == '\n') +- tmp[len - 1] = '\0'; +- escaped = g_strescape (tmp, NULL); +- g_free (tmp); +- fputs (escaped, stdout); +- g_free (escaped); +-#ifdef PAH_DEBUG +- fprintf (stderr, "polkit-agent-helper-1: writing newline to stdout\n"); +-#endif /* PAH_DEBUG */ +- fputc ('\n', stdout); +-#ifdef PAH_DEBUG +- fprintf (stderr, "polkit-agent-helper-1: flushing stdout\n"); +-#endif /* PAH_DEBUG */ +- fflush (stdout); ++ send_to_helper ("PAM_PROMPT_ECHO_ON", msg[i]->msg); + ++ conv1: + if (fgets (buf, sizeof buf, stdin) == NULL) + goto error; + +@@ -296,22 +278,11 @@ conversation_function (int n, const struct pam_message **msg, struct pam_respons + break; + + case PAM_ERROR_MSG: +- fprintf (stdout, "PAM_ERROR_MSG "); +- goto conv2; ++ send_to_helper ("PAM_ERROR_MSG", msg[i]->msg); ++ break; + + case PAM_TEXT_INFO: +- fprintf (stdout, "PAM_TEXT_INFO "); +- conv2: +- tmp = g_strdup (msg[i]->msg); +- len = strlen (tmp); +- if (len > 0 && tmp[len - 1] == '\n') +- tmp[len - 1] = '\0'; +- escaped = g_strescape (tmp, NULL); +- g_free (tmp); +- fputs (escaped, stdout); +- g_free (escaped); +- fputc ('\n', stdout); +- fflush (stdout); ++ send_to_helper ("PAM_TEXT_INFO", msg[i]->msg); + break; + + default: diff --git a/patches/0.114/Support-polkit-session-agent-running-outside-user-session.patch b/patches/0.114/Support-polkit-session-agent-running-outside-user-session.patch new file mode 100644 index 00000000..7179a92b --- /dev/null +++ b/patches/0.114/Support-polkit-session-agent-running-outside-user-session.patch @@ -0,0 +1,51 @@ +From: Sebastien Bacher +Date: Mon, 2 Apr 2018 10:52:47 -0400 +Subject: Support polkit session agent running outside user session + +commit a68f5dfd7662767b7b9822090b70bc5bd145c50c made +session applications that are running from a user bus +work with polkitd, by falling back to using the currently +active session. + +This commit is similar, but for the polkit agent. It allows, +a polkit agent to be run from a systemd --user service +that's not running directly in the users session. + +Bug: https://bugs.freedesktop.org/show_bug.cgi?id=96977 +Applied-upstream: 0.114, commit:00a663e3fb14d8023e7cb6a66d091872bf4f2851 +--- + src/polkit/polkitunixsession-systemd.c | 14 ++++++++++++++ + 1 file changed, 14 insertions(+) + +diff --git a/src/polkit/polkitunixsession-systemd.c b/src/polkit/polkitunixsession-systemd.c +index 8a8bf65..c34f36a 100644 +--- a/src/polkit/polkitunixsession-systemd.c ++++ b/src/polkit/polkitunixsession-systemd.c +@@ -451,6 +451,7 @@ polkit_unix_session_initable_init (GInitable *initable, + PolkitUnixSession *session = POLKIT_UNIX_SESSION (initable); + gboolean ret = FALSE; + char *s; ++ uid_t uid; + + if (session->session_id != NULL) + { +@@ -467,6 +468,19 @@ polkit_unix_session_initable_init (GInitable *initable, + goto out; + } + ++ /* Now do process -> uid -> graphical session (systemd version 213)*/ ++ if (sd_pid_get_owner_uid (session->pid, &uid) < 0) ++ goto error; ++ ++ if (sd_uid_get_display (uid, &s) >= 0) ++ { ++ session->session_id = g_strdup (s); ++ free (s); ++ ret = TRUE; ++ goto out; ++ } ++ ++error: + g_set_error (error, + POLKIT_ERROR, + POLKIT_ERROR_FAILED, diff --git a/patches/0.114/gettext-switch-to-default-translate-no.patch b/patches/0.114/gettext-switch-to-default-translate-no.patch new file mode 100644 index 00000000..577d5ab1 --- /dev/null +++ b/patches/0.114/gettext-switch-to-default-translate-no.patch @@ -0,0 +1,41 @@ +From: Peter Hutterer +Date: Thu, 20 Oct 2016 10:50:58 +1000 +Subject: gettext: switch to default-translate "no" + +The default appears to be to translate all entries. This rule never takes +effect, the path to /action/message and /action/description is wrong (/action +is not a root node). Since we wanted them to be translated, it doesn't matter. + +But it also translates all other tags (vendor, allow_any, etc.) and that +causes polkit to be unhappy, it can't handle the various language versions of +"no" + +** (polkitd:27434): WARNING **: Unknown PolkitImplicitAuthorization string +'tidak' + +Switch to a default of "no" and explicitly include the message and description +strings to be translated. + +The patch was modified for PolicyKit by Ondrej Holy . + +Bug: https://bugs.freedesktop.org/show_bug.cgi?id=98366 +Origin: upstream, 0.114, commit:32e9a69c335324a53a2c0ba4e0b513fb044be0fd +--- + data/polkit.its | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/data/polkit.its b/data/polkit.its +index 1312ecb..1c37e6b 100644 +--- a/data/polkit.its ++++ b/data/polkit.its +@@ -1,7 +1,8 @@ + + +- ++ + diff --git a/patches/0.115/Fix-CVE-2018-1116-Trusting-client-supplied-UID.patch b/patches/0.115/Fix-CVE-2018-1116-Trusting-client-supplied-UID.patch new file mode 100644 index 00000000..d3e34350 --- /dev/null +++ b/patches/0.115/Fix-CVE-2018-1116-Trusting-client-supplied-UID.patch @@ -0,0 +1,569 @@ +From: =?utf-8?q?Miloslav_Trma=C4=8D?= +Date: Mon, 25 Jun 2018 19:24:06 +0200 +Subject: Fix CVE-2018-1116: Trusting client-supplied UID +MIME-Version: 1.0 +Content-Type: text/plain; charset="utf-8" +Content-Transfer-Encoding: 8bit + +As part of CVE-2013-4288, the D-Bus clients were allowed (and +encouraged) to submit the UID of the subject of authorization checks +to avoid races against UID changes (notably using executables +set-UID to root). + +However, that also allowed any client to submit an arbitrary UID, and +that could be used to bypass "can only ask about / affect the same UID" +checks in CheckAuthorization / RegisterAuthenticationAgent / +UnregisterAuthenticationAgent. This allowed an attacker: + +- With CheckAuthorization, to cause the registered authentication + agent in victim's session to pop up a dialog, or to determine whether + the victim currently has a temporary authorization to perform an + operation. + + (In principle, the attacker can also determine whether JavaScript + rules allow the victim process to perform an operation; however, + usually rules base their decisions on information determined from + the supplied UID, so the attacker usually won't learn anything new.) + +- With RegisterAuthenticationAgent, to prevent the victim's + authentication agent to work (for a specific victim process), + or to learn about which operations requiring authorization + the victim is attempting. + +To fix this, expose internal _polkit_unix_process_get_owner() / +obsolete polkit_unix_process_get_owner() as a private +polkit_unix_process_get_racy_uid__() (being more explicit about the +dangers on relying on it), and use it in +polkit_backend_session_monitor_get_user_for_subject() to return +a boolean indicating whether the subject UID may be caller-chosen. + +Then, in the permission checks that require the subject to be +equal to the caller, fail on caller-chosen UIDs (and continue +through the pre-existing code paths which allow root, or root-designated +server processes, to ask about arbitrary subjects.) + +Signed-off-by: Miloslav Trmač +Origin: upstream, 0.115, commit:bc7ffad53643a9c80231fc41f5582d6a8931c32c +--- + src/polkit/polkitprivate.h | 2 + + src/polkit/polkitunixprocess.c | 60 ++++++++++++++++++---- + .../polkitbackendinteractiveauthority.c | 39 +++++++++----- + .../polkitbackendsessionmonitor-systemd.c | 38 ++++++++++++-- + src/polkitbackend/polkitbackendsessionmonitor.c | 40 +++++++++++++-- + src/polkitbackend/polkitbackendsessionmonitor.h | 1 + + 6 files changed, 147 insertions(+), 33 deletions(-) + +diff --git a/src/polkit/polkitprivate.h b/src/polkit/polkitprivate.h +index 579cc25..d6cd45d 100644 +--- a/src/polkit/polkitprivate.h ++++ b/src/polkit/polkitprivate.h +@@ -34,6 +34,8 @@ GVariant *polkit_action_description_to_gvariant (PolkitActionDescription *action + GVariant *polkit_subject_to_gvariant (PolkitSubject *subject); + GVariant *polkit_identity_to_gvariant (PolkitIdentity *identity); + ++gint polkit_unix_process_get_racy_uid__ (PolkitUnixProcess *process, GError **error); ++ + PolkitSubject *polkit_subject_new_for_gvariant (GVariant *variant, GError **error); + PolkitIdentity *polkit_identity_new_for_gvariant (GVariant *variant, GError **error); + +diff --git a/src/polkit/polkitunixprocess.c b/src/polkit/polkitunixprocess.c +index 913be3a..464f034 100644 +--- a/src/polkit/polkitunixprocess.c ++++ b/src/polkit/polkitunixprocess.c +@@ -49,6 +49,14 @@ + * To uniquely identify processes, both the process id and the start + * time of the process (a monotonic increasing value representing the + * time since the kernel was started) is used. ++ * ++ * NOTE: This object stores, and provides access to, the real UID of the ++ * process. That value can change over time (with set*uid*(2) and exec*(2)). ++ * Checks whether an operation is allowed need to take care to use the UID ++ * value as of the time when the operation was made (or, following the open() ++ * privilege check model, when the connection making the operation possible ++ * was initiated). That is usually done by initializing this with ++ * polkit_unix_process_new_for_owner() with trusted data. + */ + + /** +@@ -83,9 +91,6 @@ static void subject_iface_init (PolkitSubjectIface *subject_iface); + static guint64 get_start_time_for_pid (gint pid, + GError **error); + +-static gint _polkit_unix_process_get_owner (PolkitUnixProcess *process, +- GError **error); +- + #ifdef HAVE_FREEBSD + static gboolean get_kinfo_proc (gint pid, struct kinfo_proc *p); + #endif +@@ -170,7 +175,7 @@ polkit_unix_process_constructed (GObject *object) + { + GError *error; + error = NULL; +- process->uid = _polkit_unix_process_get_owner (process, &error); ++ process->uid = polkit_unix_process_get_racy_uid__ (process, &error); + if (error != NULL) + { + process->uid = -1; +@@ -259,6 +264,12 @@ polkit_unix_process_class_init (PolkitUnixProcessClass *klass) + * Gets the user id for @process. Note that this is the real user-id, + * not the effective user-id. + * ++ * NOTE: The UID may change over time, so the returned value may not match the ++ * current state of the underlying process; or the UID may have been set by ++ * polkit_unix_process_new_for_owner() or polkit_unix_process_set_uid(), ++ * in which case it may not correspond to the actual UID of the referenced ++ * process at all (at any point in time). ++ * + * Returns: The user id for @process or -1 if unknown. + */ + gint +@@ -655,18 +666,26 @@ out: + return start_time; + } + +-static gint +-_polkit_unix_process_get_owner (PolkitUnixProcess *process, +- GError **error) ++/* ++ * Private: Return the "current" UID. Note that this is inherently racy, ++ * and the value may already be obsolete by the time this function returns; ++ * this function only guarantees that the UID was valid at some point during ++ * its execution. ++ */ ++gint ++polkit_unix_process_get_racy_uid__ (PolkitUnixProcess *process, ++ GError **error) + { + gint result; + gchar *contents; + gchar **lines; ++ guint64 start_time; + #ifdef HAVE_FREEBSD + struct kinfo_proc p; + #else + gchar filename[64]; + guint n; ++ GError *local_error; + #endif + + g_return_val_if_fail (POLKIT_IS_UNIX_PROCESS (process), 0); +@@ -689,6 +708,7 @@ _polkit_unix_process_get_owner (PolkitUnixProcess *process, + } + + result = p.ki_uid; ++ start_time = (guint64) p.ki_start.tv_sec; + #else + + /* see 'man proc' for layout of the status file +@@ -722,17 +742,37 @@ _polkit_unix_process_get_owner (PolkitUnixProcess *process, + else + { + result = real_uid; +- goto out; ++ goto found; + } + } +- + g_set_error (error, + POLKIT_ERROR, + POLKIT_ERROR_FAILED, + "Didn't find any line starting with `Uid:' in file %s", + filename); ++ goto out; ++ ++found: ++ /* The UID and start time are, sadly, not available in a single file. So, ++ * read the UID first, and then the start time; if the start time is the same ++ * before and after reading the UID, it couldn't have changed. ++ */ ++ local_error = NULL; ++ start_time = get_start_time_for_pid (process->pid, &local_error); ++ if (local_error != NULL) ++ { ++ g_propagate_error (error, local_error); ++ goto out; ++ } + #endif + ++ if (process->start_time != start_time) ++ { ++ g_set_error (error, POLKIT_ERROR, POLKIT_ERROR_FAILED, ++ "process with PID %d has been replaced", process->pid); ++ goto out; ++ } ++ + out: + g_strfreev (lines); + g_free (contents); +@@ -744,5 +784,5 @@ gint + polkit_unix_process_get_owner (PolkitUnixProcess *process, + GError **error) + { +- return _polkit_unix_process_get_owner (process, error); ++ return polkit_unix_process_get_racy_uid__ (process, error); + } +diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c +index 73d0a0e..97a8d80 100644 +--- a/src/polkitbackend/polkitbackendinteractiveauthority.c ++++ b/src/polkitbackend/polkitbackendinteractiveauthority.c +@@ -563,7 +563,7 @@ log_result (PolkitBackendInteractiveAuthority *authority, + if (polkit_authorization_result_get_is_authorized (result)) + log_result_str = "ALLOWING"; + +- user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, subject, NULL); ++ user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, subject, NULL, NULL); + + subject_str = polkit_subject_to_string (subject); + +@@ -837,6 +837,7 @@ polkit_backend_interactive_authority_check_authorization (PolkitBackendAuthority + gchar *subject_str; + PolkitIdentity *user_of_caller; + PolkitIdentity *user_of_subject; ++ gboolean user_of_subject_matches; + gchar *user_of_caller_str; + gchar *user_of_subject_str; + PolkitAuthorizationResult *result; +@@ -882,7 +883,7 @@ polkit_backend_interactive_authority_check_authorization (PolkitBackendAuthority + action_id); + + user_of_caller = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, +- caller, ++ caller, NULL, + &error); + if (error != NULL) + { +@@ -897,7 +898,7 @@ polkit_backend_interactive_authority_check_authorization (PolkitBackendAuthority + g_debug (" user of caller is %s", user_of_caller_str); + + user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, +- subject, ++ subject, &user_of_subject_matches, + &error); + if (error != NULL) + { +@@ -927,7 +928,10 @@ polkit_backend_interactive_authority_check_authorization (PolkitBackendAuthority + * We only allow this if, and only if, + * + * - processes may check for another process owned by the *same* user but not +- * if details are passed (otherwise you'd be able to spoof the dialog) ++ * if details are passed (otherwise you'd be able to spoof the dialog); ++ * the caller supplies the user_of_subject value, so we additionally ++ * require it to match at least at one point in time (via ++ * user_of_subject_matches). + * + * - processes running as uid 0 may check anything and pass any details + * +@@ -935,7 +939,9 @@ polkit_backend_interactive_authority_check_authorization (PolkitBackendAuthority + * then any uid referenced by that annotation is also allowed to check + * to check anything and pass any details + */ +- if (!polkit_identity_equal (user_of_caller, user_of_subject) || has_details) ++ if (!user_of_subject_matches ++ || !polkit_identity_equal (user_of_caller, user_of_subject) ++ || has_details) + { + if (!may_identity_check_authorization (interactive_authority, action_id, user_of_caller)) + { +@@ -1102,9 +1108,10 @@ check_authorization_sync (PolkitBackendAuthority *authority, + goto out; + } + +- /* every subject has a user */ ++ /* every subject has a user; this is supplied by the client, so we rely ++ * on the caller to validate its acceptability. */ + user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, +- subject, ++ subject, NULL, + error); + if (user_of_subject == NULL) + goto out; +@@ -2319,6 +2326,7 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken + PolkitSubject *session_for_caller; + PolkitIdentity *user_of_caller; + PolkitIdentity *user_of_subject; ++ gboolean user_of_subject_matches; + AuthenticationAgent *agent; + gboolean ret; + gchar *caller_cmdline; +@@ -2371,7 +2379,7 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken + goto out; + } + +- user_of_caller = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, caller, NULL); ++ user_of_caller = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, caller, NULL, NULL); + if (user_of_caller == NULL) + { + g_set_error (error, +@@ -2380,7 +2388,7 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken + "Cannot determine user of caller"); + goto out; + } +- user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, subject, NULL); ++ user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, subject, &user_of_subject_matches, NULL); + if (user_of_subject == NULL) + { + g_set_error (error, +@@ -2389,7 +2397,8 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken + "Cannot determine user of subject"); + goto out; + } +- if (!polkit_identity_equal (user_of_caller, user_of_subject)) ++ if (!user_of_subject_matches ++ || !polkit_identity_equal (user_of_caller, user_of_subject)) + { + if (POLKIT_IS_UNIX_USER (user_of_caller) && polkit_unix_user_get_uid (POLKIT_UNIX_USER (user_of_caller)) == 0) + { +@@ -2482,6 +2491,7 @@ polkit_backend_interactive_authority_unregister_authentication_agent (PolkitBack + PolkitSubject *session_for_caller; + PolkitIdentity *user_of_caller; + PolkitIdentity *user_of_subject; ++ gboolean user_of_subject_matches; + AuthenticationAgent *agent; + gboolean ret; + gchar *scope_str; +@@ -2530,7 +2540,7 @@ polkit_backend_interactive_authority_unregister_authentication_agent (PolkitBack + goto out; + } + +- user_of_caller = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, caller, NULL); ++ user_of_caller = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, caller, NULL, NULL); + if (user_of_caller == NULL) + { + g_set_error (error, +@@ -2539,7 +2549,7 @@ polkit_backend_interactive_authority_unregister_authentication_agent (PolkitBack + "Cannot determine user of caller"); + goto out; + } +- user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, subject, NULL); ++ user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, subject, &user_of_subject_matches, NULL); + if (user_of_subject == NULL) + { + g_set_error (error, +@@ -2548,7 +2558,8 @@ polkit_backend_interactive_authority_unregister_authentication_agent (PolkitBack + "Cannot determine user of subject"); + goto out; + } +- if (!polkit_identity_equal (user_of_caller, user_of_subject)) ++ if (!user_of_subject_matches ++ || !polkit_identity_equal (user_of_caller, user_of_subject)) + { + if (POLKIT_IS_UNIX_USER (user_of_caller) && polkit_unix_user_get_uid (POLKIT_UNIX_USER (user_of_caller)) == 0) + { +@@ -2658,7 +2669,7 @@ polkit_backend_interactive_authority_authentication_agent_response (PolkitBacken + identity_str); + + user_of_caller = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, +- caller, ++ caller, NULL, + error); + if (user_of_caller == NULL) + goto out; +diff --git a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c +index 6bd517a..773256e 100644 +--- a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c ++++ b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c +@@ -29,6 +29,7 @@ + #include + + #include ++#include + #include "polkitbackendsessionmonitor.h" + + /* +@@ -246,26 +247,40 @@ polkit_backend_session_monitor_get_sessions (PolkitBackendSessionMonitor *monito + * polkit_backend_session_monitor_get_user: + * @monitor: A #PolkitBackendSessionMonitor. + * @subject: A #PolkitSubject. ++ * @result_matches: If not %NULL, set to indicate whether the return value matches current (RACY) state. + * @error: Return location for error. + * + * Gets the user corresponding to @subject or %NULL if no user exists. + * ++ * NOTE: For a #PolkitUnixProcess, the UID is read from @subject (which may ++ * come from e.g. a D-Bus client), so it may not correspond to the actual UID ++ * of the referenced process (at any point in time). This is indicated by ++ * setting @result_matches to %FALSE; the caller may reject such subjects or ++ * require additional privileges. @result_matches == %TRUE only indicates that ++ * the UID matched the underlying process at ONE point in time, it may not match ++ * later. ++ * + * Returns: %NULL if @error is set otherwise a #PolkitUnixUser that should be freed with g_object_unref(). + */ + PolkitIdentity * + polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor *monitor, + PolkitSubject *subject, ++ gboolean *result_matches, + GError **error) + { + PolkitIdentity *ret; +- guint32 uid; ++ gboolean matches; + + ret = NULL; ++ matches = FALSE; + + if (POLKIT_IS_UNIX_PROCESS (subject)) + { +- uid = polkit_unix_process_get_uid (POLKIT_UNIX_PROCESS (subject)); +- if ((gint) uid == -1) ++ gint subject_uid, current_uid; ++ GError *local_error; ++ ++ subject_uid = polkit_unix_process_get_uid (POLKIT_UNIX_PROCESS (subject)); ++ if (subject_uid == -1) + { + g_set_error (error, + POLKIT_ERROR, +@@ -273,14 +288,24 @@ polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor + "Unix process subject does not have uid set"); + goto out; + } +- ret = polkit_unix_user_new (uid); ++ local_error = NULL; ++ current_uid = polkit_unix_process_get_racy_uid__ (POLKIT_UNIX_PROCESS (subject), &local_error); ++ if (local_error != NULL) ++ { ++ g_propagate_error (error, local_error); ++ goto out; ++ } ++ ret = polkit_unix_user_new (subject_uid); ++ matches = (subject_uid == current_uid); + } + else if (POLKIT_IS_SYSTEM_BUS_NAME (subject)) + { + ret = (PolkitIdentity*)polkit_system_bus_name_get_user_sync (POLKIT_SYSTEM_BUS_NAME (subject), NULL, error); ++ matches = TRUE; + } + else if (POLKIT_IS_UNIX_SESSION (subject)) + { ++ uid_t uid; + + if (sd_session_get_uid (polkit_unix_session_get_session_id (POLKIT_UNIX_SESSION (subject)), &uid) < 0) + { +@@ -292,9 +317,14 @@ polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor + } + + ret = polkit_unix_user_new (uid); ++ matches = TRUE; + } + + out: ++ if (result_matches != NULL) ++ { ++ *result_matches = matches; ++ } + return ret; + } + +diff --git a/src/polkitbackend/polkitbackendsessionmonitor.c b/src/polkitbackend/polkitbackendsessionmonitor.c +index e1a9ab3..ed30755 100644 +--- a/src/polkitbackend/polkitbackendsessionmonitor.c ++++ b/src/polkitbackend/polkitbackendsessionmonitor.c +@@ -27,6 +27,7 @@ + #include + + #include ++#include + #include "polkitbackendsessionmonitor.h" + + #define CKDB_PATH "/var/run/ConsoleKit/database" +@@ -273,28 +274,40 @@ polkit_backend_session_monitor_get_sessions (PolkitBackendSessionMonitor *monito + * polkit_backend_session_monitor_get_user: + * @monitor: A #PolkitBackendSessionMonitor. + * @subject: A #PolkitSubject. ++ * @result_matches: If not %NULL, set to indicate whether the return value matches current (RACY) state. + * @error: Return location for error. + * + * Gets the user corresponding to @subject or %NULL if no user exists. + * ++ * NOTE: For a #PolkitUnixProcess, the UID is read from @subject (which may ++ * come from e.g. a D-Bus client), so it may not correspond to the actual UID ++ * of the referenced process (at any point in time). This is indicated by ++ * setting @result_matches to %FALSE; the caller may reject such subjects or ++ * require additional privileges. @result_matches == %TRUE only indicates that ++ * the UID matched the underlying process at ONE point in time, it may not match ++ * later. ++ * + * Returns: %NULL if @error is set otherwise a #PolkitUnixUser that should be freed with g_object_unref(). + */ + PolkitIdentity * + polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor *monitor, + PolkitSubject *subject, ++ gboolean *result_matches, + GError **error) + { + PolkitIdentity *ret; ++ gboolean matches; + GError *local_error; +- gchar *group; +- guint32 uid; + + ret = NULL; ++ matches = FALSE; + + if (POLKIT_IS_UNIX_PROCESS (subject)) + { +- uid = polkit_unix_process_get_uid (POLKIT_UNIX_PROCESS (subject)); +- if ((gint) uid == -1) ++ gint subject_uid, current_uid; ++ ++ subject_uid = polkit_unix_process_get_uid (POLKIT_UNIX_PROCESS (subject)); ++ if (subject_uid == -1) + { + g_set_error (error, + POLKIT_ERROR, +@@ -302,14 +315,26 @@ polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor + "Unix process subject does not have uid set"); + goto out; + } +- ret = polkit_unix_user_new (uid); ++ local_error = NULL; ++ current_uid = polkit_unix_process_get_racy_uid__ (POLKIT_UNIX_PROCESS (subject), &local_error); ++ if (local_error != NULL) ++ { ++ g_propagate_error (error, local_error); ++ goto out; ++ } ++ ret = polkit_unix_user_new (subject_uid); ++ matches = (subject_uid == current_uid); + } + else if (POLKIT_IS_SYSTEM_BUS_NAME (subject)) + { + ret = (PolkitIdentity*)polkit_system_bus_name_get_user_sync (POLKIT_SYSTEM_BUS_NAME (subject), NULL, error); ++ matches = TRUE; + } + else if (POLKIT_IS_UNIX_SESSION (subject)) + { ++ gint uid; ++ gchar *group; ++ + if (!ensure_database (monitor, error)) + { + g_prefix_error (error, "Error getting user for session: Error ensuring CK database at " CKDB_PATH ": "); +@@ -328,9 +353,14 @@ polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor + g_free (group); + + ret = polkit_unix_user_new (uid); ++ matches = TRUE; + } + + out: ++ if (result_matches != NULL) ++ { ++ *result_matches = matches; ++ } + return ret; + } + +diff --git a/src/polkitbackend/polkitbackendsessionmonitor.h b/src/polkitbackend/polkitbackendsessionmonitor.h +index 8f8a2ca..3972326 100644 +--- a/src/polkitbackend/polkitbackendsessionmonitor.h ++++ b/src/polkitbackend/polkitbackendsessionmonitor.h +@@ -47,6 +47,7 @@ GList *polkit_backend_session_monitor_get_sessions (Polkit + + PolkitIdentity *polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor *monitor, + PolkitSubject *subject, ++ gboolean *result_matches, + GError **error); + + PolkitSubject *polkit_backend_session_monitor_get_session_for_subject (PolkitBackendSessionMonitor *monitor, diff --git a/patches/0.116/Allow-negative-uids-gids-in-PolkitUnixUser-and-Group-obje.patch b/patches/0.116/Allow-negative-uids-gids-in-PolkitUnixUser-and-Group-obje.patch new file mode 100644 index 00000000..e95e0c33 --- /dev/null +++ b/patches/0.116/Allow-negative-uids-gids-in-PolkitUnixUser-and-Group-obje.patch @@ -0,0 +1,186 @@ +From: =?utf-8?q?Zbigniew_J=C4=99drzejewski-Szmek?= +Date: Mon, 3 Dec 2018 10:28:58 +0100 +Subject: Allow negative uids/gids in PolkitUnixUser and Group objects + +(uid_t) -1 is still used as placeholder to mean "unset". This is OK, since +there should be no users with such number, see +https://systemd.io/UIDS-GIDS#special-linux-uids. + +(uid_t) -1 is used as the default value in class initialization. + +When a user or group above INT32_MAX is created, the numeric uid or +gid wraps around to negative when the value is assigned to gint, and +polkit gets confused. Let's accept such gids, except for -1. + +A nicer fix would be to change the underlying type to e.g. uint32 to +not have negative values. But this cannot be done without breaking the +API, so likely new functions will have to be added (a +polkit_unix_user_new variant that takes a unsigned, and the same for +_group_new, _set_uid, _get_uid, _set_gid, _get_gid, etc.). This will +require a bigger patch. + +Fixes https://gitlab.freedesktop.org/polkit/polkit/issues/74. + +(cherry picked from commit 2cb40c4d5feeaa09325522bd7d97910f1b59e379) +--- + src/polkit/polkitunixgroup.c | 15 +++++++++++---- + src/polkit/polkitunixprocess.c | 12 ++++++++---- + src/polkit/polkitunixuser.c | 13 ++++++++++--- + 3 files changed, 29 insertions(+), 11 deletions(-) + +diff --git a/src/polkit/polkitunixgroup.c b/src/polkit/polkitunixgroup.c +index c57a1aa..309f689 100644 +--- a/src/polkit/polkitunixgroup.c ++++ b/src/polkit/polkitunixgroup.c +@@ -71,6 +71,7 @@ G_DEFINE_TYPE_WITH_CODE (PolkitUnixGroup, polkit_unix_group, G_TYPE_OBJECT, + static void + polkit_unix_group_init (PolkitUnixGroup *unix_group) + { ++ unix_group->gid = -1; /* (git_t) -1 is not a valid GID under Linux */ + } + + static void +@@ -100,11 +101,14 @@ polkit_unix_group_set_property (GObject *object, + GParamSpec *pspec) + { + PolkitUnixGroup *unix_group = POLKIT_UNIX_GROUP (object); ++ gint val; + + switch (prop_id) + { + case PROP_GID: +- unix_group->gid = g_value_get_int (value); ++ val = g_value_get_int (value); ++ g_return_if_fail (val != -1); ++ unix_group->gid = val; + break; + + default: +@@ -131,9 +135,9 @@ polkit_unix_group_class_init (PolkitUnixGroupClass *klass) + g_param_spec_int ("gid", + "Group ID", + "The UNIX group ID", +- 0, ++ G_MININT, + G_MAXINT, +- 0, ++ -1, + G_PARAM_CONSTRUCT | + G_PARAM_READWRITE | + G_PARAM_STATIC_NAME | +@@ -166,9 +170,10 @@ polkit_unix_group_get_gid (PolkitUnixGroup *group) + */ + void + polkit_unix_group_set_gid (PolkitUnixGroup *group, +- gint gid) ++ gint gid) + { + g_return_if_fail (POLKIT_IS_UNIX_GROUP (group)); ++ g_return_if_fail (gid != -1); + group->gid = gid; + } + +@@ -183,6 +188,8 @@ polkit_unix_group_set_gid (PolkitUnixGroup *group, + PolkitIdentity * + polkit_unix_group_new (gint gid) + { ++ g_return_val_if_fail (gid != -1, NULL); ++ + return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_GROUP, + "gid", gid, + NULL)); +diff --git a/src/polkit/polkitunixprocess.c b/src/polkit/polkitunixprocess.c +index 464f034..02a083f 100644 +--- a/src/polkit/polkitunixprocess.c ++++ b/src/polkit/polkitunixprocess.c +@@ -147,9 +147,14 @@ polkit_unix_process_set_property (GObject *object, + polkit_unix_process_set_pid (unix_process, g_value_get_int (value)); + break; + +- case PROP_UID: +- polkit_unix_process_set_uid (unix_process, g_value_get_int (value)); ++ case PROP_UID: { ++ gint val; ++ ++ val = g_value_get_int (value); ++ g_return_if_fail (val != -1); ++ polkit_unix_process_set_uid (unix_process, val); + break; ++ } + + case PROP_START_TIME: + polkit_unix_process_set_start_time (unix_process, g_value_get_uint64 (value)); +@@ -227,7 +232,7 @@ polkit_unix_process_class_init (PolkitUnixProcessClass *klass) + g_param_spec_int ("uid", + "User ID", + "The UNIX user ID", +- -1, ++ G_MININT, + G_MAXINT, + -1, + G_PARAM_CONSTRUCT | +@@ -291,7 +296,6 @@ polkit_unix_process_set_uid (PolkitUnixProcess *process, + gint uid) + { + g_return_if_fail (POLKIT_IS_UNIX_PROCESS (process)); +- g_return_if_fail (uid >= -1); + process->uid = uid; + } + +diff --git a/src/polkit/polkitunixuser.c b/src/polkit/polkitunixuser.c +index 8bfd3a1..234a697 100644 +--- a/src/polkit/polkitunixuser.c ++++ b/src/polkit/polkitunixuser.c +@@ -72,6 +72,7 @@ G_DEFINE_TYPE_WITH_CODE (PolkitUnixUser, polkit_unix_user, G_TYPE_OBJECT, + static void + polkit_unix_user_init (PolkitUnixUser *unix_user) + { ++ unix_user->uid = -1; /* (uid_t) -1 is not a valid UID under Linux */ + unix_user->name = NULL; + } + +@@ -112,11 +113,14 @@ polkit_unix_user_set_property (GObject *object, + GParamSpec *pspec) + { + PolkitUnixUser *unix_user = POLKIT_UNIX_USER (object); ++ gint val; + + switch (prop_id) + { + case PROP_UID: +- unix_user->uid = g_value_get_int (value); ++ val = g_value_get_int (value); ++ g_return_if_fail (val != -1); ++ unix_user->uid = val; + break; + + default: +@@ -144,9 +148,9 @@ polkit_unix_user_class_init (PolkitUnixUserClass *klass) + g_param_spec_int ("uid", + "User ID", + "The UNIX user ID", +- 0, ++ G_MININT, + G_MAXINT, +- 0, ++ -1, + G_PARAM_CONSTRUCT | + G_PARAM_READWRITE | + G_PARAM_STATIC_NAME | +@@ -182,6 +186,7 @@ polkit_unix_user_set_uid (PolkitUnixUser *user, + gint uid) + { + g_return_if_fail (POLKIT_IS_UNIX_USER (user)); ++ g_return_if_fail (uid != -1); + user->uid = uid; + } + +@@ -196,6 +201,8 @@ polkit_unix_user_set_uid (PolkitUnixUser *user, + PolkitIdentity * + polkit_unix_user_new (gint uid) + { ++ g_return_val_if_fail (uid != -1, NULL); ++ + return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_USER, + "uid", uid, + NULL)); diff --git a/patches/0.116/Allow-uid-of-1-for-a-PolkitUnixProcess.patch b/patches/0.116/Allow-uid-of-1-for-a-PolkitUnixProcess.patch new file mode 100644 index 00000000..fea1eeb5 --- /dev/null +++ b/patches/0.116/Allow-uid-of-1-for-a-PolkitUnixProcess.patch @@ -0,0 +1,43 @@ +From: Matthew Leeds +Date: Tue, 11 Dec 2018 12:04:26 -0800 +Subject: Allow uid of -1 for a PolkitUnixProcess + +Commit 2cb40c4d5 changed PolkitUnixUser, PolkitUnixGroup, and +PolkitUnixProcess to allow negative values for their uid/gid properties, +since these are values above INT_MAX which wrap around but are still +valid, with the exception of -1 which is not valid. However, +PolkitUnixProcess allows a uid of -1 to be passed to +polkit_unix_process_new_for_owner() which means polkit is expected to +figure out the uid on its own (this happens in the _constructed +function). So this commit removes the check in +polkit_unix_process_set_property() so that new_for_owner() can be used +as documented without producing a critical error message. + +This does not affect the protection against CVE-2018-19788 which is +based on creating a user with a UID up to but not including 4294967295 +(-1). +--- + src/polkit/polkitunixprocess.c | 9 ++------- + 1 file changed, 2 insertions(+), 7 deletions(-) + +diff --git a/src/polkit/polkitunixprocess.c b/src/polkit/polkitunixprocess.c +index 02a083f..4a42567 100644 +--- a/src/polkit/polkitunixprocess.c ++++ b/src/polkit/polkitunixprocess.c +@@ -147,14 +147,9 @@ polkit_unix_process_set_property (GObject *object, + polkit_unix_process_set_pid (unix_process, g_value_get_int (value)); + break; + +- case PROP_UID: { +- gint val; +- +- val = g_value_get_int (value); +- g_return_if_fail (val != -1); +- polkit_unix_process_set_uid (unix_process, val); ++ case PROP_UID: ++ polkit_unix_process_set_uid (unix_process, g_value_get_int (value)); + break; +- } + + case PROP_START_TIME: + polkit_unix_process_set_start_time (unix_process, g_value_get_uint64 (value)); diff --git a/patches/0.116/backend-Compare-PolkitUnixProcess-uids-for-temporary-auth.patch b/patches/0.116/backend-Compare-PolkitUnixProcess-uids-for-temporary-auth.patch new file mode 100644 index 00000000..66160aa9 --- /dev/null +++ b/patches/0.116/backend-Compare-PolkitUnixProcess-uids-for-temporary-auth.patch @@ -0,0 +1,181 @@ +From: Colin Walters +Date: Fri, 4 Jan 2019 14:24:48 -0500 +Subject: backend: Compare PolkitUnixProcess uids for temporary authorizations + +It turns out that the combination of `(pid, start time)` is not +enough to be unique. For temporary authorizations, we can avoid +separate users racing on pid reuse by simply comparing the uid. + +https://bugs.chromium.org/p/project-zero/issues/detail?id=1692 + +And the above original email report is included in full in a new comment. + +Reported-by: Jann Horn + +Closes: https://gitlab.freedesktop.org/polkit/polkit/issues/75 +(cherry picked from commit 6cc6aafee135ba44ea748250d7d29b562ca190e3) +--- + src/polkit/polkitsubject.c | 2 + + src/polkit/polkitunixprocess.c | 71 +++++++++++++++++++++- + .../polkitbackendinteractiveauthority.c | 39 +++++++++++- + 3 files changed, 110 insertions(+), 2 deletions(-) + +diff --git a/src/polkit/polkitsubject.c b/src/polkit/polkitsubject.c +index 78ec745..fadcfe9 100644 +--- a/src/polkit/polkitsubject.c ++++ b/src/polkit/polkitsubject.c +@@ -99,6 +99,8 @@ polkit_subject_hash (PolkitSubject *subject) + * @b: A #PolkitSubject. + * + * Checks if @a and @b are equal, ie. represent the same subject. ++ * However, avoid calling polkit_subject_equal() to compare two processes; ++ * for more information see the `PolkitUnixProcess` documentation. + * + * This function can be used in e.g. g_hash_table_new(). + * +diff --git a/src/polkit/polkitunixprocess.c b/src/polkit/polkitunixprocess.c +index 4a42567..53537fa 100644 +--- a/src/polkit/polkitunixprocess.c ++++ b/src/polkit/polkitunixprocess.c +@@ -44,7 +44,10 @@ + * @title: PolkitUnixProcess + * @short_description: Unix processs + * +- * An object for representing a UNIX process. ++ * An object for representing a UNIX process. NOTE: This object as ++ * designed is now known broken; a mechanism to exploit a delay in ++ * start time in the Linux kernel was identified. Avoid ++ * calling polkit_subject_equal() to compare two processes. + * + * To uniquely identify processes, both the process id and the start + * time of the process (a monotonic increasing value representing the +@@ -59,6 +62,72 @@ + * polkit_unix_process_new_for_owner() with trusted data. + */ + ++/* See https://gitlab.freedesktop.org/polkit/polkit/issues/75 ++ ++ But quoting the original email in full here to ensure it's preserved: ++ ++ From: Jann Horn ++ Subject: [SECURITY] polkit: temporary auth hijacking via PID reuse and non-atomic fork ++ Date: Wednesday, October 10, 2018 5:34 PM ++ ++When a (non-root) user attempts to e.g. control systemd units in the system ++instance from an active session over DBus, the access is gated by a polkit ++policy that requires "auth_admin_keep" auth. This results in an auth prompt ++being shown to the user, asking the user to confirm the action by entering the ++password of an administrator account. ++ ++After the action has been confirmed, the auth decision for "auth_admin_keep" is ++cached for up to five minutes. Subject to some restrictions, similar actions can ++then be performed in this timespan without requiring re-auth: ++ ++ - The PID of the DBus client requesting the new action must match the PID of ++ the DBus client requesting the old action (based on SO_PEERCRED information ++ forwarded by the DBus daemon). ++ - The "start time" of the client's PID (as seen in /proc/$pid/stat, field 22) ++ must not have changed. The granularity of this timestamp is in the ++ millisecond range. ++ - polkit polls every two seconds whether a process with the expected start time ++ still exists. If not, the temporary auth entry is purged. ++ ++Without the start time check, this would obviously be buggy because an attacker ++could simply wait for the legitimate client to disappear, then create a new ++client with the same PID. ++ ++Unfortunately, the start time check is bypassable because fork() is not atomic. ++Looking at the source code of copy_process() in the kernel: ++ ++ p->start_time = ktime_get_ns(); ++ p->real_start_time = ktime_get_boot_ns(); ++ [...] ++ retval = copy_thread_tls(clone_flags, stack_start, stack_size, p, tls); ++ if (retval) ++ goto bad_fork_cleanup_io; ++ ++ if (pid != &init_struct_pid) { ++ pid = alloc_pid(p->nsproxy->pid_ns_for_children); ++ if (IS_ERR(pid)) { ++ retval = PTR_ERR(pid); ++ goto bad_fork_cleanup_thread; ++ } ++ } ++ ++The ktime_get_boot_ns() call is where the "start time" of the process is ++recorded. The alloc_pid() call is where a free PID is allocated. In between ++these, some time passes; and because the copy_thread_tls() call between them can ++access userspace memory when sys_clone() is invoked through the 32-bit syscall ++entry point, an attacker can even stall the kernel arbitrarily long at this ++point (by supplying a pointer into userspace memory that is associated with a ++userfaultfd or is backed by a custom FUSE filesystem). ++ ++This means that an attacker can immediately call sys_clone() when the victim ++process is created, often resulting in a process that has the exact same start ++time reported in procfs; and then the attacker can delay the alloc_pid() call ++until after the victim process has died and the PID assignment has cycled ++around. This results in an attacker process that polkit can't distinguish from ++the victim process. ++*/ ++ ++ + /** + * PolkitUnixProcess: + * +diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c +index 97a8d80..1e17dfd 100644 +--- a/src/polkitbackend/polkitbackendinteractiveauthority.c ++++ b/src/polkitbackend/polkitbackendinteractiveauthority.c +@@ -2870,6 +2870,43 @@ temporary_authorization_store_free (TemporaryAuthorizationStore *store) + g_free (store); + } + ++/* See the comment at the top of polkitunixprocess.c */ ++static gboolean ++subject_equal_for_authz (PolkitSubject *a, ++ PolkitSubject *b) ++{ ++ if (!polkit_subject_equal (a, b)) ++ return FALSE; ++ ++ /* Now special case unix processes, as we want to protect against ++ * pid reuse by including the UID. ++ */ ++ if (POLKIT_IS_UNIX_PROCESS (a) && POLKIT_IS_UNIX_PROCESS (b)) { ++ PolkitUnixProcess *ap = (PolkitUnixProcess*)a; ++ int uid_a = polkit_unix_process_get_uid ((PolkitUnixProcess*)a); ++ PolkitUnixProcess *bp = (PolkitUnixProcess*)b; ++ int uid_b = polkit_unix_process_get_uid ((PolkitUnixProcess*)b); ++ ++ if (uid_a != -1 && uid_b != -1) ++ { ++ if (uid_a == uid_b) ++ { ++ return TRUE; ++ } ++ else ++ { ++ g_printerr ("denying slowfork; pid %d uid %d != %d!\n", ++ polkit_unix_process_get_pid (ap), ++ uid_a, uid_b); ++ return FALSE; ++ } ++ } ++ /* Fall through; one of the uids is unset so we can't reliably compare */ ++ } ++ ++ return TRUE; ++} ++ + static gboolean + temporary_authorization_store_has_authorization (TemporaryAuthorizationStore *store, + PolkitSubject *subject, +@@ -2912,7 +2949,7 @@ temporary_authorization_store_has_authorization (TemporaryAuthorizationStore *st + TemporaryAuthorization *authorization = l->data; + + if (strcmp (action_id, authorization->action_id) == 0 && +- polkit_subject_equal (subject_to_use, authorization->subject)) ++ subject_equal_for_authz (subject_to_use, authorization->subject)) + { + ret = TRUE; + if (out_tmp_authz_id != NULL) diff --git a/patches/0.116/tests-add-tests-for-high-uids.patch b/patches/0.116/tests-add-tests-for-high-uids.patch new file mode 100644 index 00000000..bc2fb9f1 --- /dev/null +++ b/patches/0.116/tests-add-tests-for-high-uids.patch @@ -0,0 +1,106 @@ +From: =?utf-8?q?Zbigniew_J=C4=99drzejewski-Szmek?= +Date: Mon, 3 Dec 2018 11:20:34 +0100 +Subject: tests: add tests for high uids + +Modified by Marc Deslauriers for polkit 105 + +(cherry picked from commit b534a10727455409acd54018a9c91000e7626126) +--- + test/data/etc/group | 1 + + test/data/etc/passwd | 2 ++ + .../localauthority/10-test/com.example.pkla | 13 +++++++ + .../polkitbackendlocalauthoritytest.c | 41 +++++++++++++++++++++- + 4 files changed, 56 insertions(+), 1 deletion(-) + +diff --git a/test/data/etc/group b/test/data/etc/group +index 12ef328..b9acab9 100644 +--- a/test/data/etc/group ++++ b/test/data/etc/group +@@ -5,3 +5,4 @@ john:x:500: + jane:x:501: + sally:x:502: + henry:x:503: ++highuid2:x:4000000000: +diff --git a/test/data/etc/passwd b/test/data/etc/passwd +index 8544feb..5cf14a5 100644 +--- a/test/data/etc/passwd ++++ b/test/data/etc/passwd +@@ -3,3 +3,5 @@ john:x:500:500:John Done:/home/john:/bin/bash + jane:x:501:501:Jane Smith:/home/jane:/bin/bash + sally:x:502:502:Sally Derp:/home/sally:/bin/bash + henry:x:503:503:Henry Herp:/home/henry:/bin/bash ++highuid1:x:2147483648:2147483648:The first high uid:/home/highuid1:/sbin/nologin ++highuid2:x:4000000000:4000000000:An example high uid:/home/example:/sbin/nologin +diff --git a/test/data/etc/polkit-1/localauthority/10-test/com.example.pkla b/test/data/etc/polkit-1/localauthority/10-test/com.example.pkla +index bc64c5e..a35f9a3 100644 +--- a/test/data/etc/polkit-1/localauthority/10-test/com.example.pkla ++++ b/test/data/etc/polkit-1/localauthority/10-test/com.example.pkla +@@ -12,3 +12,16 @@ ResultAny=no + ResultInactive=auth_self + ResultActive=yes + ++[User john can do this] ++Identity=unix-user:john ++Action=net.company.john_action ++ResultAny=no ++ResultInactive=auth_self ++ResultActive=yes ++ ++[User highuid2 can do this] ++Identity=unix-user:highuid2 ++Action=net.company.highuid2_action ++ResultAny=no ++ResultInactive=auth_self ++ResultActive=yes +diff --git a/test/polkitbackend/polkitbackendlocalauthoritytest.c b/test/polkitbackend/polkitbackendlocalauthoritytest.c +index 617c254..299da5d 100644 +--- a/test/polkitbackend/polkitbackendlocalauthoritytest.c ++++ b/test/polkitbackend/polkitbackendlocalauthoritytest.c +@@ -226,7 +226,46 @@ struct auth_context check_authorization_test_data [] = { + {"unix-user:jane", TRUE, TRUE, "com.example.awesomeproduct.bar", + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, + POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED}, +- ++ /* highuid1 is not a member of group 'users', see test/data/etc/group ++ * group_membership_with_non_member(highuid22) */ ++ {"unix-user:highuid2", TRUE, TRUE, "com.example.awesomeproduct.foo", ++ POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, ++ POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN}, ++ /* highuid2 is not a member of group 'users', see test/data/etc/group ++ * group_membership_with_non_member(highuid21) */ ++ {"unix-user:highuid2", TRUE, TRUE, "com.example.awesomeproduct.foo", ++ POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, ++ POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN}, ++ /* highuid1 is not a member of group 'users', see test/data/etc/group ++ * group_membership_with_non_member(highuid24) */ ++ {"unix-user:2147483648", TRUE, TRUE, "com.example.awesomeproduct.foo", ++ POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, ++ POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN}, ++ /* highuid2 is not a member of group 'users', see test/data/etc/group ++ * group_membership_with_non_member(highuid23) */ ++ {"unix-user:4000000000", TRUE, TRUE, "com.example.awesomeproduct.foo", ++ POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, ++ POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN}, ++ /* john is authorized to do this, see com.example.pkla ++ * john_action */ ++ {"unix-user:john", TRUE, TRUE, "net.company.john_action", ++ POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, ++ POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED}, ++ /* only john is authorized to do this, see com.example.pkla ++ * jane_action */ ++ {"unix-user:jane", TRUE, TRUE, "net.company.john_action", ++ POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, ++ POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN}, ++ /* highuid2 is authorized to do this, see com.example.pkla ++ * highuid2_action */ ++ {"unix-user:highuid2", TRUE, TRUE, "net.company.highuid2_action", ++ POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, ++ POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED}, ++ /* only highuid2 is authorized to do this, see com.example.pkla ++ * highuid1_action */ ++ {"unix-user:highuid1", TRUE, TRUE, "net.company.highuid2_action", ++ POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, ++ POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN}, + {NULL}, + }; + diff --git a/patches/01_pam_polkit.patch b/patches/01_pam_polkit.patch new file mode 100644 index 00000000..5fc5533e --- /dev/null +++ b/patches/01_pam_polkit.patch @@ -0,0 +1,26 @@ +From: Michael Biebl +Date: Tue, 2 Oct 2007 22:38:04 +0200 +Subject: Use Debian's common-* PAM infrastructure, plus pam_env + +Forwarded: no, Debian-specific +--- + data/polkit-1.in | 10 ++++++---- + 1 file changed, 6 insertions(+), 4 deletions(-) + +diff --git a/data/polkit-1.in b/data/polkit-1.in +index 142dadd..6f8af2a 100644 +--- a/data/polkit-1.in ++++ b/data/polkit-1.in +@@ -1,6 +1,8 @@ + #%PAM-1.0 + +-auth include @PAM_FILE_INCLUDE_AUTH@ +-account include @PAM_FILE_INCLUDE_ACCOUNT@ +-password include @PAM_FILE_INCLUDE_PASSWORD@ +-session include @PAM_FILE_INCLUDE_SESSION@ ++@include common-auth ++@include common-account ++@include common-password ++session required pam_env.so readenv=1 user_readenv=0 ++session required pam_env.so readenv=1 envfile=/etc/default/locale user_readenv=0 ++@include common-session-noninteractive diff --git a/patches/02_gettext.patch b/patches/02_gettext.patch new file mode 100644 index 00000000..7b2f07bd --- /dev/null +++ b/patches/02_gettext.patch @@ -0,0 +1,193 @@ +From: Robert Ancell +Date: Wed, 18 Aug 2010 16:26:15 +1000 +Subject: Use gettext for translations in .policy files + +Bug: http://bugs.freedesktop.org/show_bug.cgi?id=29639 +Bug-Ubuntu: https://launchpad.net/bugs/619632 +--- + src/polkitbackend/polkitbackendactionpool.c | 49 +++++++++++++++++++++++++++++ + 1 file changed, 49 insertions(+) + +diff --git a/src/polkitbackend/polkitbackendactionpool.c b/src/polkitbackend/polkitbackendactionpool.c +index 4270d4e..e2dbf9e 100644 +--- a/src/polkitbackend/polkitbackendactionpool.c ++++ b/src/polkitbackend/polkitbackendactionpool.c +@@ -24,6 +24,8 @@ + #include + #include + #include ++#include ++#include + + #include + #include +@@ -44,7 +46,9 @@ typedef struct + gchar *vendor_url; + gchar *icon_name; + gchar *description; ++ gchar *description_domain; + gchar *message; ++ gchar *message_domain; + + PolkitImplicitAuthorization implicit_authorization_any; + PolkitImplicitAuthorization implicit_authorization_inactive; +@@ -65,7 +69,9 @@ parsed_action_free (ParsedAction *action) + g_free (action->vendor_url); + g_free (action->icon_name); + g_free (action->description); ++ g_free (action->description_domain); + g_free (action->message); ++ g_free (action->message_domain); + + g_hash_table_unref (action->localized_description); + g_hash_table_unref (action->localized_message); +@@ -85,6 +91,7 @@ static void ensure_all_files (PolkitBackendActionPool *pool); + + static const gchar *_localize (GHashTable *translations, + const gchar *untranslated, ++ const gchar *domain, + const gchar *lang); + + typedef struct +@@ -385,9 +392,11 @@ polkit_backend_action_pool_get_action (PolkitBackendActionPool *pool, + + description = _localize (parsed_action->localized_description, + parsed_action->description, ++ parsed_action->description_domain, + locale); + message = _localize (parsed_action->localized_message, + parsed_action->message, ++ parsed_action->message_domain, + locale); + + ret = polkit_action_description_new (action_id, +@@ -603,11 +612,16 @@ typedef struct { + GHashTable *policy_messages; + + char *policy_description_nolang; ++ char *policy_description_domain; + char *policy_message_nolang; ++ char *policy_message_domain; + + /* the value of xml:lang for the thing we're reading in _cdata() */ + char *elem_lang; + ++ /* the value of gettext-domain for the thing we're reading in _cdata() */ ++ char *elem_domain; ++ + char *annotate_key; + GHashTable *annotations; + +@@ -629,8 +643,12 @@ pd_unref_action_data (ParserData *pd) + + g_free (pd->policy_description_nolang); + pd->policy_description_nolang = NULL; ++ g_free (pd->policy_description_domain); ++ pd->policy_description_domain = NULL; + g_free (pd->policy_message_nolang); + pd->policy_message_nolang = NULL; ++ g_free (pd->policy_message_domain); ++ pd->policy_message_domain = NULL; + if (pd->policy_descriptions != NULL) + { + g_hash_table_unref (pd->policy_descriptions); +@@ -650,6 +668,8 @@ pd_unref_action_data (ParserData *pd) + } + g_free (pd->elem_lang); + pd->elem_lang = NULL; ++ g_free (pd->elem_domain); ++ pd->elem_domain = NULL; + } + + static void +@@ -737,6 +757,10 @@ _start (void *data, const char *el, const char **attr) + { + pd->elem_lang = g_strdup (attr[1]); + } ++ if (num_attr == 2 && strcmp (attr[0], "gettext-domain") == 0) ++ { ++ pd->elem_domain = g_strdup (attr[1]); ++ } + state = STATE_IN_ACTION_DESCRIPTION; + } + else if (strcmp (el, "message") == 0) +@@ -745,6 +769,10 @@ _start (void *data, const char *el, const char **attr) + { + pd->elem_lang = g_strdup (attr[1]); + } ++ if (num_attr == 2 && strcmp (attr[0], "gettext-domain") == 0) ++ { ++ pd->elem_domain = g_strdup (attr[1]); ++ } + state = STATE_IN_ACTION_MESSAGE; + } + else if (strcmp (el, "vendor") == 0 && num_attr == 0) +@@ -847,6 +875,7 @@ _cdata (void *data, const char *s, int len) + { + g_free (pd->policy_description_nolang); + pd->policy_description_nolang = str; ++ pd->policy_description_domain = g_strdup (pd->elem_domain); + str = NULL; + } + else +@@ -863,6 +892,7 @@ _cdata (void *data, const char *s, int len) + { + g_free (pd->policy_message_nolang); + pd->policy_message_nolang = str; ++ pd->policy_message_domain = g_strdup (pd->elem_domain); + str = NULL; + } + else +@@ -960,6 +990,8 @@ _end (void *data, const char *el) + + g_free (pd->elem_lang); + pd->elem_lang = NULL; ++ g_free (pd->elem_domain); ++ pd->elem_domain = NULL; + + switch (pd->state) + { +@@ -990,7 +1022,9 @@ _end (void *data, const char *el) + action->vendor_url = g_strdup (vendor_url); + action->icon_name = g_strdup (icon_name); + action->description = g_strdup (pd->policy_description_nolang); ++ action->description_domain = g_strdup (pd->policy_description_domain); + action->message = g_strdup (pd->policy_message_nolang); ++ action->message_domain = g_strdup (pd->policy_message_domain); + + action->localized_description = pd->policy_descriptions; + action->localized_message = pd->policy_messages; +@@ -1093,6 +1127,7 @@ error: + * _localize: + * @translations: a mapping from xml:lang to the value, e.g. 'da' -> 'Smadre', 'en_CA' -> 'Punch, Aye!' + * @untranslated: the untranslated value, e.g. 'Punch' ++ * @domain: the gettext domain for this string. Make be NULL. + * @lang: the locale we're interested in, e.g. 'da_DK', 'da', 'en_CA', 'en_US'; basically just $LANG + * with the encoding cut off. Maybe be NULL. + * +@@ -1103,11 +1138,25 @@ error: + static const gchar * + _localize (GHashTable *translations, + const gchar *untranslated, ++ const gchar *domain, + const gchar *lang) + { + const gchar *result; + gchar lang2[256]; + guint n; ++ ++ if (domain != NULL) ++ { ++ gchar *old_locale; ++ ++ old_locale = g_strdup (setlocale (LC_ALL, NULL)); ++ setlocale (LC_ALL, lang); ++ result = dgettext (domain, untranslated); ++ setlocale (LC_ALL, old_locale); ++ g_free (old_locale); ++ ++ goto out; ++ } + + if (lang == NULL) + { diff --git a/patches/05_revert-admin-identities-unix-group-wheel.patch b/patches/05_revert-admin-identities-unix-group-wheel.patch new file mode 100644 index 00000000..bd6e9b94 --- /dev/null +++ b/patches/05_revert-admin-identities-unix-group-wheel.patch @@ -0,0 +1,35 @@ +From: Michael Biebl +Date: Fri, 9 Dec 2011 00:31:21 +0100 +Subject: Revert "Default to AdminIdentities=unix-group:wheel for local + authority" + +This reverts commit 763faf434b445c20ae9529100d3ef5290976d0c9. + +On Red Hat derivatives, every member of group 'wheel' is necessarily +privileged. On Debian derivatives, there is no wheel group, and gid 0 +(root) is not used in this way. Change the default rule to consider +uid 0 to be privileged, instead. + +On Red Hat derivatives, 50-default.rules is not preserved by upgrades; +on dpkg-based systems, it is a proper conffile and may be edited +(at the sysadmin's own risk), so the comment about not editing it is +misleading. + +[smcv: added longer explanation of why we make this change; +remove unrelated cosmetic change to a man page] + +Forwarded: no, Debian-specific +--- + src/polkitbackend/50-localauthority.conf | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/polkitbackend/50-localauthority.conf b/src/polkitbackend/50-localauthority.conf +index 5e44bde..20e0ba3 100644 +--- a/src/polkitbackend/50-localauthority.conf ++++ b/src/polkitbackend/50-localauthority.conf +@@ -7,4 +7,4 @@ + # + + [Configuration] +-AdminIdentities=unix-group:wheel ++AdminIdentities=unix-user:0 diff --git a/patches/06_systemd-service.patch b/patches/06_systemd-service.patch new file mode 100644 index 00000000..36363c4a --- /dev/null +++ b/patches/06_systemd-service.patch @@ -0,0 +1,18 @@ +From: Michael Biebl +Date: Sat, 11 Feb 2012 23:48:29 +0100 +Subject: Install systemd service file for polkitd. + +Forwarded: no, obsoleted by an upstream commit in 0.106 +--- + data/org.freedesktop.PolicyKit1.service.in | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/data/org.freedesktop.PolicyKit1.service.in b/data/org.freedesktop.PolicyKit1.service.in +index b6cd02b..fbceb3f 100644 +--- a/data/org.freedesktop.PolicyKit1.service.in ++++ b/data/org.freedesktop.PolicyKit1.service.in +@@ -2,3 +2,4 @@ + Name=org.freedesktop.PolicyKit1 + Exec=@libexecdir@/polkitd --no-debug + User=root ++SystemdService=polkit.service diff --git a/patches/10_build-against-libsystemd.patch b/patches/10_build-against-libsystemd.patch new file mode 100644 index 00000000..6230a631 --- /dev/null +++ b/patches/10_build-against-libsystemd.patch @@ -0,0 +1,32 @@ +From: Michael Biebl +Date: Wed, 8 Jul 2015 02:08:33 +0200 +Subject: Build against libsystemd + +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779756 +Forwarded: no, obsoleted by upstream commit 2291767a014f5a04a92ca6f0eb472794f212ca67 in 0.113 +--- + configure.ac | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/configure.ac b/configure.ac +index 388605d..f55ddb7 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -160,7 +160,7 @@ AC_ARG_ENABLE([systemd], + [enable_systemd=auto]) + if test "$enable_systemd" != "no"; then + PKG_CHECK_MODULES(SYSTEMD, +- [libsystemd-login], ++ [libsystemd], + have_systemd=yes, + have_systemd=no) + if test "$have_systemd" = "yes"; then +@@ -171,7 +171,7 @@ if test "$enable_systemd" != "no"; then + LIBS=$save_LIBS + else + if test "$enable_systemd" = "yes"; then +- AC_MSG_ERROR([systemd support requested but libsystemd-login1 library not found]) ++ AC_MSG_ERROR([systemd support requested but libsystemd library not found]) + fi + fi + fi diff --git a/patches/Move-D-Bus-policy-file-to-usr-share-dbus-1-system.d.patch b/patches/Move-D-Bus-policy-file-to-usr-share-dbus-1-system.d.patch new file mode 100644 index 00000000..574a25d8 --- /dev/null +++ b/patches/Move-D-Bus-policy-file-to-usr-share-dbus-1-system.d.patch @@ -0,0 +1,31 @@ +From: Michael Biebl +Date: Tue, 27 Nov 2018 18:36:27 +0100 +Subject: Move D-Bus policy file to /usr/share/dbus-1/system.d/ + +To better support stateless systems with an empty /etc, the old location +in /etc/dbus-1/system.d/ should only be used for local admin changes. +Package provided D-Bus policy files are supposed to be installed in +/usr/share/dbus-1/system.d/. + +This is supported since dbus 1.9.18. + +https://lists.freedesktop.org/archives/dbus/2015-July/016746.html + +https://gitlab.freedesktop.org/polkit/polkit/merge_requests/11 +--- + data/Makefile.am | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/data/Makefile.am b/data/Makefile.am +index e1a60aa..3d87439 100644 +--- a/data/Makefile.am ++++ b/data/Makefile.am +@@ -9,7 +9,7 @@ service_DATA = $(service_in_files:.service.in=.service) + $(service_DATA): $(service_in_files) Makefile + @sed -e "s|\@libexecdir\@|$(libexecdir)|" $< > $@ + +-dbusconfdir = $(sysconfdir)/dbus-1/system.d ++dbusconfdir = $(datadir)/dbus-1/system.d + dbusconf_DATA = org.freedesktop.PolicyKit1.conf + + if POLKIT_AUTHFW_PAM diff --git a/patches/series b/patches/series new file mode 100644 index 00000000..ead39904 --- /dev/null +++ b/patches/series @@ -0,0 +1,50 @@ +0.106/agenthelper-pam-Fix-newline-trimming-code.patch +0.108/build-Fix-.gir-generation-for-parallel-make.patch +0.110/07_set-XAUTHORITY-environment-variable-if-unset.patch +0.110/04_get_cwd.patch +0.111/09_pam_environment.patch +0.111/Fix-a-memory-leak.patch +0.112/00git_type_registration.patch +0.112/08_deprecate_racy_APIs.patch +0.112/cve-2013-4288.patch +0.113/Port-internals-non-deprecated-PolkitProcess-API-wher.patch +0.113/pkexec-Work-around-systemd-injecting-broken-XDG_RUNT.patch +0.113/03_PolkitAgentSession-fix-race-between-child-and-io-wat.patch +0.113/polkitd-Fix-problem-with-removing-non-existent-sourc.patch +0.113/PolkitSystemBusName-Add-public-API-to-retrieve-Unix-.patch +0.113/Fixed-compilation-problem-in-the-backend.patch +0.113/Don-t-discard-error-data-returned-by-polkit_system_b.patch +0.113/sessionmonitor-systemd-Deduplicate-code-paths.patch +0.113/sessionmonitor-systemd-prepare-for-D-Bus-user-bus-mo.patch +0.113/Refuse-duplicate-user-arguments-to-pkexec.patch +0.113/00git_fix_memleak.patch +0.113/00git_invalid_object_paths.patch +0.113/sessionmonitor-systemd-Use-sd_uid_get_state-to-check.patch +0.113/Fix-a-possible-NULL-dereference.patch +0.113/Remove-a-redundant-assignment.patch +0.113/Fix-duplicate-GError-use-when-uid-is-missing.patch +0.113/Fix-a-crash-when-two-authentication-requests-are-in-.patch +0.113/CVE-2015-4625-Use-unpredictable-cookie-values-keep-t.patch +0.113/CVE-2015-4625-Bind-use-of-cookies-to-specific-uids.patch +0.113/docs-Update-for-changes-to-uid-binding-Authenticatio.patch +0.113/Fix-a-per-authorization-memory-leak.patch +0.113/Fix-a-memory-leak-when-registering-an-authentication.patch +0.113/CVE-2015-3255-Fix-GHashTable-usage.patch +0.113/Fix-use-after-free-in-polkitagentsession.c.patch +0.113/README-Note-to-send-security-reports-via-DBus-s-mech.patch +0.114/Fix-multi-line-pam-text-info.patch +0.114/Refactor-send_to_helper-usage.patch +0.114/Add-gettext-support-for-.policy-files.patch +0.114/gettext-switch-to-default-translate-no.patch +0.114/Support-polkit-session-agent-running-outside-user-session.patch +0.115/Fix-CVE-2018-1116-Trusting-client-supplied-UID.patch +0.116/Allow-negative-uids-gids-in-PolkitUnixUser-and-Group-obje.patch +0.116/Allow-uid-of-1-for-a-PolkitUnixProcess.patch +0.116/tests-add-tests-for-high-uids.patch +01_pam_polkit.patch +02_gettext.patch +05_revert-admin-identities-unix-group-wheel.patch +06_systemd-service.patch +10_build-against-libsystemd.patch +Move-D-Bus-policy-file-to-usr-share-dbus-1-system.d.patch +0.116/backend-Compare-PolkitUnixProcess-uids-for-temporary-auth.patch diff --git a/policykit-1-doc.install b/policykit-1-doc.install new file mode 100644 index 00000000..9ae10935 --- /dev/null +++ b/policykit-1-doc.install @@ -0,0 +1 @@ +usr/share/gtk-doc/html/polkit-1/* /usr/share/doc/policykit-1-doc/html/ diff --git a/policykit-1-doc.links b/policykit-1-doc.links new file mode 100644 index 00000000..567016f7 --- /dev/null +++ b/policykit-1-doc.links @@ -0,0 +1 @@ +usr/share/doc/policykit-1-doc/html/ usr/share/gtk-doc/html/polkit-1 diff --git a/policykit-1.docs b/policykit-1.docs new file mode 100644 index 00000000..50bd824b --- /dev/null +++ b/policykit-1.docs @@ -0,0 +1,2 @@ +NEWS +README diff --git a/policykit-1.install b/policykit-1.install new file mode 100644 index 00000000..78d9c256 --- /dev/null +++ b/policykit-1.install @@ -0,0 +1,12 @@ +debian/polkit.service lib/systemd/system/ +etc/pam.d/ +etc/polkit-1/ +usr/bin/ +usr/lib/*/polkit-1/extensions/*.so +usr/lib/policykit-1/ +usr/share/dbus-1/ +usr/share/gettext/ +usr/share/locale/ +usr/share/man/ +usr/share/polkit-1/ +var/lib/polkit-1/ diff --git a/policykit-1.maintscript b/policykit-1.maintscript new file mode 100644 index 00000000..5e7c3235 --- /dev/null +++ b/policykit-1.maintscript @@ -0,0 +1 @@ +rm_conffile /etc/dbus-1/system.d/org.freedesktop.PolicyKit1.conf 0.105-22~ diff --git a/policykit-1.postinst b/policykit-1.postinst new file mode 100644 index 00000000..e461c35d --- /dev/null +++ b/policykit-1.postinst @@ -0,0 +1,62 @@ +#!/bin/sh +# postinst script for policykit-1 +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * `configure' +# * `abort-upgrade' +# * `abort-remove' `in-favour' +# +# * `abort-remove' +# * `abort-deconfigure' `in-favour' +# `removing' +# +# for details, see http://www.debian.org/doc/debian-policy/ or +# the debian-policy package + +set_perms() { + USER=$1 + GROUP=$2 + MODE=$3 + FILE=$4 + if ! dpkg-statoverride --list $FILE > /dev/null 2>&1; then + chown $USER:$GROUP $FILE + chmod $MODE $FILE + fi +} + +case "$1" in + configure) + set_perms root root 700 /var/lib/polkit-1 + set_perms root root 700 /etc/polkit-1/localauthority + set_perms root root 4755 /usr/lib/policykit-1/polkit-agent-helper-1 + set_perms root root 4755 /usr/bin/pkexec + + # The service file was renamed to polkit.service to match the upstream name. + # Stop the old polkitd.service on upgrades. + if [ -d /run/systemd/system ] && dpkg --compare-versions "$2" lt-nl 0.105-17; then + systemctl daemon-reload + deb-systemd-invoke stop polkitd.service || true + fi + ;; + + abort-upgrade|abort-remove|abort-deconfigure) + ;; + + *) + echo "postinst called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 + + diff --git a/polkit.service b/polkit.service new file mode 100644 index 00000000..e1326211 --- /dev/null +++ b/polkit.service @@ -0,0 +1,8 @@ +[Unit] +Description=Authorization Manager +Documentation=man:polkit(8) + +[Service] +Type=dbus +BusName=org.freedesktop.PolicyKit1 +ExecStart=/usr/lib/policykit-1/polkitd --no-debug diff --git a/rules b/rules new file mode 100755 index 00000000..ae9d4c52 --- /dev/null +++ b/rules @@ -0,0 +1,47 @@ +#!/usr/bin/make -f +# -*- makefile -*- + +DEB_HOST_MULTIARCH ?= $(shell dpkg-architecture -qDEB_HOST_MULTIARCH) + +%: + dh $@ --with gir + +DPKG_GENSYMBOLS_CHECK_LEVEL=4 +export DPKG_GENSYMBOLS_CHECK_LEVEL + +ifeq (linux,$(DEB_HOST_ARCH_OS)) + SYSTEMD_CONFIG_FLAG = --enable-systemd +else + SYSTEMD_CONFIG_FLAG = --disable-systemd +endif + +override_dh_auto_configure: + dh_auto_configure -- \ + --enable-gtk-doc \ + --enable-man-pages \ + --enable-introspection \ + $(SYSTEMD_CONFIG_FLAG) \ + --disable-examples \ + --libexecdir=\$${prefix}/lib/policykit-1 + +override_dh_auto_test: +ifeq (,$(filter nocheck,$(DEB_BUILD_OPTIONS))) + # on buildds we can't rely on actually having a system bus + dbus-run-session -- sh -c 'DBUS_SYSTEM_BUS_ADDRESS=$$DBUS_SESSION_BUS_ADDRESS make check' +endif + +override_dh_makeshlibs: + dh_makeshlibs -Xusr/lib/$(DEB_HOST_MULTIARCH)/polkit-1/ + +override_dh_install-arch: + dh_install -a + # on Debian use sudo group; on Ubuntu, also allow the admin group for + # historical reasons + if dpkg-vendor --is ubuntu; then \ + /bin/echo -e "[Configuration]\nAdminIdentities=unix-group:sudo;unix-group:admin" > debian/policykit-1/etc/polkit-1/localauthority.conf.d/51-ubuntu-admin.conf; \ + elif dpkg-vendor --is debian; then \ + /bin/echo -e "[Configuration]\nAdminIdentities=unix-group:sudo" > debian/policykit-1/etc/polkit-1/localauthority.conf.d/51-debian-sudo.conf; \ + fi + +override_dh_installsystemd: + dh_installsystemd --no-start diff --git a/shlibs.local b/shlibs.local new file mode 100644 index 00000000..0fbda1e1 --- /dev/null +++ b/shlibs.local @@ -0,0 +1,3 @@ +libpolkit-agent-1 0 libpolkit-agent-1-0 (= ${binary:Version}) +libpolkit-backend-1 0 libpolkit-backend-1-0 (= ${binary:Version}) +libpolkit-gobject-1 0 libpolkit-gobject-1-0 (= ${binary:Version}) diff --git a/source/format b/source/format new file mode 100644 index 00000000..163aaf8d --- /dev/null +++ b/source/format @@ -0,0 +1 @@ +3.0 (quilt) diff --git a/tests/cli b/tests/cli new file mode 100755 index 00000000..5ace92f7 --- /dev/null +++ b/tests/cli @@ -0,0 +1,39 @@ +#!/bin/sh +set -eu + +assert_fail() { + if $1 2>&1; then + echo "FAIL: command '$1' unexpectedly succeeded" >&2 + exit 1 + fi +} + +assert_eq() { + if [ "$1" != "$2" ]; then + echo "FAIL: expected: '$2' actual: '$1'" >&2 + exit 1 + fi +} + +assert_in() { + if ! echo "$2" | grep -q "$1"; then + echo "FAIL: '$1' not found in:" >&2 + echo "$2" >&2 + exit 1 + fi +} + +echo "TEST: pkaction" +assert_in "org.freedesktop.policykit.exec" "$(pkaction)" +assert_eq "org.freedesktop.policykit.exec" "$(pkaction -a org.freedesktop.policykit.exec)" +assert_in "active.*auth_admin" "$(pkaction --verbose -a org.freedesktop.policykit.exec)" +assert_fail "pkaction -a unknown.action" + +echo "TEST: pkcheck" +if [ $(id -u) = 0 ]; then + assert_eq "" "$(pkcheck -a org.freedesktop.policykit.exec -p 1)" + assert_eq "" "$(pkcheck -a org.freedesktop.policykit.exec -p $$)" +else + assert_fail "pkcheck -a org.freedesktop.policykit.exec -p 1" + assert_fail "pkcheck -a org.freedesktop.policykit.exec -p $$" +fi diff --git a/tests/cli-root b/tests/cli-root new file mode 120000 index 00000000..76ec9f59 --- /dev/null +++ b/tests/cli-root @@ -0,0 +1 @@ +cli \ No newline at end of file diff --git a/tests/control b/tests/control new file mode 100644 index 00000000..8cb25153 --- /dev/null +++ b/tests/control @@ -0,0 +1,7 @@ +Tests: cli +Depends: policykit-1 +Restrictions: isolation-container + +Tests: cli-root +Depends: policykit-1 +Restrictions: isolation-container, needs-root diff --git a/upstream/signing-key.asc b/upstream/signing-key.asc new file mode 100644 index 00000000..db36b40b --- /dev/null +++ b/upstream/signing-key.asc @@ -0,0 +1,250 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQGiBD8pb8ERBAD1ihpUQm0UdZHTD7mzs0u7tGVMyQTD5ozjt1jpJRq7DYG+YkOp +lJ6kgXBgagO7cLXyutzv5osz3xoyPc8zqoXwwp0rnOkIX4N4QTgy77NsDnSUlxUz +kAhrmbwgtdRFt0DdguOcsDglqyd9Hmg6wRvSU3zXbI0zD3cXwAy2JIoIRwCg4Dg7 +8asoWEdGt/C6VfzMdPFu9rUD/AprV4P2CCUB7/WFmVKIzSBwIfI69ZtwKzWv6IeV +AY7FIr/tvojYoMHscU0JsmuRE45DdeSRAQgeV3wimwmEnDqkS4PJoX3UFxVo2T7B +eR1UhI7g+E3IX1XgfLK/29/WwdyiOALCxUghRppAe6+cW7rMzZGFaROCmMjkDXso +UksCBADZWiKUR8eVHFclO1s+FDM9pfym35uQcX81UmgeLVuOJydYoXGzYxxkyHkB +1TIHDKmGxuo8COcIeMhqZgNYGGcaICW9QoD5TPgDqPSElGl1YXrV0MI3gxHloSrw +cYYm0IRjeW2tuZAj0j95uFOuq+yzDnPGeKLuSag8IiMbHxJHRbQeTWlsb3NsYXYg +VHJtYWMgPG1pdHJAdm9sbnkuY3o+iF4EExECAB4CHgECF4AFAksBd8UGCwkIBwMC +BRUKCAIDBBYCAQMACgkQWjP2YLOEed/SYACgtNtE6o7OYC4qcwqrJZ+Z7tXh1+IA +nRZua8ucYD86+5nCrxMIbfxbezF9uQENBD8pb8IQBACfUnNGW28WIyuZHCUqOmJT +x3xzr7F3yN3KOiuiF7GP/GU5UG0b5wg0Du3szzMGZwOPt7AtEgQ0/QTabQSvnGsh +wcvJ1RjvgRZWx5TVz7CRQdRgF7tM72ifEUaTwJ4ijvzLq8dIHEeyBdIJFgjPWIHd ++aIQXHxhyljQcn4Cu6462wADBgQAmXXloVMsbpOUHr9wW+QrVUWDR3+ceVw77hF3 +z17eqNuIrWJuad+42N/3qQSjKQOxQp3w/ihH7EvMQhbwVNHQ5t8BVHIEVG1G28Pj +1IpTOW3GC8h185fPlx6aZIn4lpremyWkEmOfR3G+fxl+j55NTv2Pe/A8wITY7FIz +ppDzRVuIRgQYEQIABgUCPylvwgAKCRBaM/Zgs4R53zhKAJ9cBXfmpHbPwdfBEHHu +B+l0KoLSrwCglkFmrFAKQhjSwn7gMC27Yl+lK32ZAg0EWdY+ggEQALp0wmlsihHd +ZZSLe22z/bHpbvTKOTXA7xD3guse8ot9irqFhcH3aDGnhGCJFdeha75aHe16gVRT +PxwaDtN2IF0nMgJ9pir2k7Htb0kUfmYBXyCvKUO3y7PCjVaSRPz+YXkIambVoIgq +hWPExpSwU2U9Tme/T4IorRz8EmL8Apyox+4IX0ZK6k9ZCojbQ+bA3L/G4CQ2MiNt +6nlmSIXh63iPh6XCPdj76ivWQBInq1YzJ1uxb1RpHI4Kol/iy0M20kCyP7z8ofnD +qaXJ2CjRJmKavM6nqeGslX139EU3qLYKR+1q/BbCbS2yi2QAWyrFeaAk1BDADj/v +V/tWPYEZVHucMsUAzQjy7dsdOgO75zvkltoAPKbjluyfvdO1wnKjtGJ1mGQXHxXd +/oQSlYRoGqfx2LjtUvwTzV4beLD+DvFaoZUDY2b0yTSsY7uOSE0vEZ8q9demb3II +bsgtg9GIWq1W2xHjq3V7ptBkPGwcgjEv9IkBNgDgSlTIlaDKCKfdevI09DJ3i2qa +kbHYMTnPlXumChPmYUgx49iLyqm2n+LdfdRkwjEKB2YBX+oYmZvuLm797hoH8rRl +CAxxDXi7LAr1PN4cK5h82TbdnyphryZX/AZTLVLL+oWdDfKMpBX8ILh0Vds2k3Ra +q+z3NdcQQDZSwXUDzx7e4cfIhzg0BUS5ABEBAAG0H1JheSBTdHJvZGUgPGhhbGZs +aW5lQGdtYWlsLmNvbT6JAjgEEwEIACwFAlnWPoIJEOm1GmZYKdZVAhsDBQkeEzgA +AhkBBAsHCQMFFQgKAgMEFgABAgAAh4oP/iSILcagk1D2k7Ji+RFPSFiKBX/Dhd/D +lD2bzGqRgVpc34A/u6dNmm3qqn6bUWD/XETBZIUwCltf+q+0rFA5XfXY+8bkmXt2 +L185MzMKxiuwP7IB/AkzkzNzYyKd5eyYZ2lOzXZk72kZ9En2cSY6AAqlF8Uo9CiE +Fsz9EsJvJx3ggZNQq3eFGL9TNRwpQFg0cvuzm15M9HtWO1HeXv5asY8CHkTQixCd +D81QNBHPC5jnx3KqoBvhpVB46ItWvf43/xgqBC/QePBvIPYD2TX+MwEd40V3v0+M +gTpjuUsREEej7kvUnU9XyNH5QyWg8NUIz79GJ7nYq9AWUM6QgOM0L3oLyf2GdHqt +t98lTM5xGROC9UZYKkHdvglI4R7NHSuGoEI+1/tr0ZODG0WkayLr/9LPkXhoNFSF +pffVrqzJBa4GW/SWmAbtR+FzmQZSQr95Recf6SP7nq4D/GQQpLZ7jJsYYzrm5TDf +1cIqt9HKlhfU0XIoJqEXFpQ7Scve2VHZ7L5Sp9GA6zdQL4zT7gT6CO5hW6sF0ytr +1f54SCGDfeKGxz4C0yKfK3o3ko2uvQ7FcBuJgekFGPpzDMqoINLIxJnKJitHjLAN +O8OmJAkC2p5XslLmb7eR6uTXAhixEAP4hFWXpA19DVwzCtK1vwWs7z8B06MZ2J8w +dK+JK/LS/a/atCJSYXkgU3Ryb2RlIDxoYWxmbGluZUBoYWxmbGluZS5vcmc+iQI1 +BBMBCAApBQJZ1j6CCRDptRpmWCnWVQIbAwUJHhM4AAQLBwkDBRUICgIDBBYAAQIA +AAfcD/4qyahdn0+HqnrGo0JjI0t92yfk1EBuxj2yk4Kjh9JhoxFzKnM9ffBDLKfX +zMzkHFLisEi2MfcdxczavZjSm4XABrf17U0mH55m2ypeozSAE5UC+qwKSABb9Uim +Ts2LKu86bwf9a1p3JMjUXM22kD82/K/DlrAZESkHuJV5i1DDCBOe+763OhAAidUz +00VubZQyIlg3uGIzHaADM0uRGahS8Dp/gvFRGYtCDFMexpCoU0sifM46GkFZt6p2 +23dID4T2+IKaSH54I4OtuF9jh/1JzYfcuGV8Urv6B8iO9S2UTvzZ7hBOmQSx/+vo +xKORM5Eux5fzVkxFpxmpEx7VSPYlzioU4Wg3Dwq8BVttZbs5Fz1T0j1zhJ4g+1xX +yqAeBL/eD7sUhkKSGqqDR4ICTAWtDwrODSP+4B0wWLfoJIFI6f/mb16bBRmSqrhi +yvS2uriGy1aij5rTVQCRT1mJLgGslJ3T1tm8QcjJVNN4rlDHOReEyALZC0dDxtFZ +cRBaBtJLp8ww8RxhfP9RD9oao44HI1GrV5XxsegGhhr9aqKhh0qfX8S8vSHeuAcP +cMR9HQxuXA//zknKg5WPC4wa1ESQu58I7aCopdN9rynDcT79z7W7zgAO5C7zxyp4 +LruJUF93sP8aX+IJn3IMir4kCddLEFfqBHn1xsu/spZ7kxEeybkCDQRZ1j6CARAA +pN8F6aiecsK7eEkkdx/GxSqvDs/fVzZVJUY5JPIhPSkL2y8PCF8KZiP6cAFLQFWt +Ak3jcXITEO0Eo6j8ZEyeVVNRFvDVA6QC2zof4as5ZvsDN2UlIqrrnygQEKW6RdjU +SOW/NCdJ4zc+ZMtO4ea07fIubG00DN9giwaQYfsAnrkxYz6T4cxOg95gfe5lGJFr +iffeLMFZiD7jcme8Su/m3uCXpM5IFB8fggObLw8OL1/Od30t6Fi0FfQTjjXT5fk3 +yPJDqwMN0bt1pBrabilPJiRBjAysj+frMRgF1Jc2frB9eRh+v/V4Jka9S5HukQo7 +8ymHxArlVzNXze7P+Ep4D165QKUdq/naFSFep6fBGwRzfjEtx2H5SrcKgMlRx60Q +WaGKidBTwpi0z7KnEv6vXFwjVSDLY+tMRzo8lRy+/jA/3uezs/tpwtVtZGEdT78U +exHdxmv5SSHuQAVQ6NInJKDQ3Z30tXmAzXsw3f83R4RJDrFG4nHXlHeJe8C0rCEd +4Zw47KpROpk7RVI068BBxK2F4Vj8lCM9MdSXmPCCweRPne6LQ7lpzLsORxo4WBq0 +smU5VNg0+FDRImPEPeTz9zuKZMvt8VmKUXDaE0ojEcoTy2knf8Oj0HTsXbX+sQDG +fAgnKsjsZsOG6uXpTO19UxWS4BOjuPcB5vzzB4OYGs8AEQEAAYkCNQQYAQgAKQUC +WdY+ggkQ6bUaZlgp1lUCGwwFCR4TOAAECwcJAwUVCAoCAwQWAAECAACdqw//WkMJ +8y9HqaNsbjiTMSm7wzwfe/laZEZ5rUBcLapGRlMgJdlPULKjoC5to9yib4l5O724 +vUDvMdUmwstgg8WISUjSOsiWLzzmka3LyBeYiZH2TiHw2GzujeAySmw4dS8aa76D +6gnI4+wtjC1FFZlokWtxit+fBZLealdg08sy11O9YYO62xORcCAHOkZyMOF1USwv +XFeLdkvsiBYjSMmSMGvGVz9guj8p/Hks3C2ZG8vvBfWU7BKkN0JTDs1VNryDL1yb +di8X4lZnPy9ZyNTw6g5SEM0pZ+5EntefjJ33yXRGL9Y1Ygvuj6qbMv7Gqb14TyeT +Aj/yo0t//acM8AWGvqnY+2SehIXtq2Dl/Zlt+TMb8nTQPBIVulR8W+wjjwRoJ6nG +1uPHoukOJOWQZt2q0tiWQf8dzI7dQlxOzD8BnJk2ud7qhpO5Lc6be1xBTD+HCEGa +d5sIoccqKd5DTqN50HQ/kUx+H2pmasA/tXnMWt1Vpf+e8WX6ceMXQ2KgrPToKAHV +x4qjT20ece+CwbIVUo4qQLdiEOGUblJBA4NiTiS6Ew9RpR9lfcNoS0y2NX7qM2d8 +/eMUQkdgC9CkItAQL8mTeh0qCvD9Q0ljbB7AVdHGzA5wkHCjGyxtCaIFoWnXcWvO +GPCPCp6v6elXoW44uNGycx3uH0SCIZgaoffznDSZAg0ETOk1rQEQALQnmDr+3f8Q +HVVPcgAzhHlIJGViduhVLe85mZCemEnXyqnXlK1XcHQ6sF2AjkuFU+Iz3M3TUCMN +SYBwdpUeNUMzNiIBJzJ5FiwMAGEvsFa2jDLdNxg70mN/HfQZKX6mcl1CVScVu6rL +bt4JppnJZjvgxxfFDXVATtHAHUAtgyV/CtdPZZERYkksIdKekhXOlP9vwY3uYE2p +DEROrDJlYV1uz4EHPIaeknxLWB9GFveaXocVB69udB//PPgzVi5hi50fVhqJKAR2 +xFy2Rb+XHiyDbQ3VYkIaLi8FIaJqs7eEQDNsv4ouX3MpRxKpAwmaXNfuljI/S+Ow +D1SJLkOZrOTjG4nXrstPBPinEILd3ICBIiNmkWJCtCWVXg0IestDxEO/R+Q/vEpD +Ix/dsALOIBaaNUTpgIThf7m7ntDzFLlkBRLl2gXZwY/nqs2vejlog6uhWisGeRu0 +XLuiAmO6A4mYoG4Bu62ATxZhsU+EbtoDmILPExC7LYnrov0nGzZQfJ9vBClwdla4 +4SPoWZTDI3PRRqU92oM1KPIJErJ47GVJzWbLqg6IdpKay1O+hlx65IW+elArvMxd +4cSpwV5aEzbRH1WeYa9UjPOqENOeqMQVrWwYn4bdrqwOmkEjONVT+1I7R5tud3kk +vl+XAT4uAxhDgvjUkjPWlocl9/HB0J/zABEBAAG0IURhdmlkIFpldXRoZW4gPHpl +dXRoZW5AZ21haWwuY29tPokCOwQTAQIAJQIbAwYLCQgHAwIGFQgCCQoLBBYCAwEC +HgECF4AFAkzpUvICGQEACgkQ55CSzDQYqJET7A/+LIBuqATfMzIssMS2BjMm5nhz ++/v/lNMSs1Z2ohMUKlXI6fElEg/xqB1zDsU0mHdNsfRQWl8uHgmQ5Lwp/osWR7o7 +39Vs/zINMschkhXTWoF3UHDXMbOo9KKlqcRvYUDEWwq1Z1aBfcA2JD2t+fY6E3Gr +eKXx5uE5TIriAvoXWUSIq6FxBNaxDefikWauQ6ErX7TzOgYRlf4BCEa8RPFTvDk+ +UWA6Zl5EWFPGEiogI3sE2FYkBp1FrY1BbBOq7ng+Kkx94dyQSCcMrcPHIZii0Lye +qurd2IZrXPbPTmMiaSILvz9qOvVqx2aruRXgFJ3EZw1mQ3E6exI3czeVX9QTc0NR +8ZKNlBWlpjJKdsPDN5vojCMLPqTqCWLLFIi97Fk94vlt7dHKQQsa6SpZcmFNCCv9 +sknR3AQ6FCW0+VJ9zvY52/Rs+ikpVI9I1WmuCmzbUH4KAoyM3aESI54xAwusIIAW +A+IBpl5gYx8fZaT0Wb9fUeKyz72CL+tKluTI7aBzm7jyYNmiiZjMzucbAg7oIRXj +jEx+WRXNWrBO1PVuyDXTCM6mc8KrROLBDVOFvV67upkH41UId10GqZxX3W0+cUeS +wOzVrDBPcsIp3zUW5Udd7W6CAObb7FAKl2omdYYZWMn/szQnnxt3OCwBhMpgUFQa +pFBowSWAxpskr8ToLYfR08jTxgEQAAEBAAAAAAAAAAAAAAAA/9j/4AAQSkZJRgAB +AQAAAQABAAD/2wBDAAgGBgcGBQgHBwcJCQgKDBQNDAsLDBkSEw8UHRofHh0aHBwg +JC4nICIsIxwcKDcpLDAxNDQ0Hyc5PTgyPC4zNDL/2wBDAQkJCQwLDBgNDRgyIRwh +MjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIy +MjL/wAARCACTAHoDASIAAhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQF +BgcICQoL/8QAtRAAAgEDAwIEAwUFBAQAAAF9AQIDAAQRBRIhMUEGE1FhByJxFDKB +kaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3ODk6Q0RFRkdISUpTVFVW +V1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKz +tLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QA +HwEAAwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtREAAgECBAQDBAcFBAQA +AQJ3AAECAxEEBSExBhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl8RcY +GRomJygpKjU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOE +hYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX +2Nna4uPk5ebn6Onq8vP09fb3+Pn6/9oADAMBAAIRAxEAPwCgsHtUog6cVeWD2qQQ +8dK2UDJ1SgsFPEHtV8Qe1OEPtVchn7Uz/I46U7yPar6wu5IRCQOpxwKdIiwK29kX +A5JNRKUYq7ZUXKTskZzW/Tjoad5GByPzpur6zBYqsQUo+7cWdDg/gOfz9az38R6T +PH+8mxjhtgYMffH+Ga5VjIN+7qdf1Wpa7NMW2egpDb4rPtpNHuJnK3uFwCu52U+/ +XtWslpKqh7e481OwfkfnXRCfOrpfic9SPI7N/eiA2/tTTB7Voom5fnXY44Kk/wAv +WlMPtW0UpK6MXUcXZmYYPamGD2rUMPtTTD7UODBVjLMHtTPI9q1Whpnk+1TyFe1L +ohGKkEOe1WhF7Uk/7i2klx91SQPeuvkSV2ef7VydkUbq4tbFQ11MsSkE5b0HU0Wt +9pt7HuguxKAedqnj35A45rB1HSp9X0e8mJaQIvzBs9+Bj09a5w6de2VjG5ZtkcWX +2cEAEAhvoTn6H3r5+vmU6l403Y+hw+WQSUpu7O61PxLpNnE8cBLuuBv3YPXoM/8A +1u/451rqVzMscscCtFM28GQfMoAx27e9cRYwG61ONLtXkjVhjPV/b8eP8mvT20+K +2PnXLhWkQlU/hjj7se/OMAdz19K83E1ZcvLJ3PQhQhTeiOJ1y/urqTDgOuSMeX/j +XL3yyR/LPFIrgcL5YXjP616PdyQSzFLGFVYAEycZB64HbIGM/j6Vj38d3JC322Jp +omHJU5YY747/AIVlQr8tlY6eW6OFeZ2ZAvJAwBV631O+0xxJbXMqMeTg5TntTb+x +QMZLWRcEcYPWq1rK7IYpAAV65P3gfX6f1r04zVuaJhOmnpI77RfGUV3si1OEpL/f +jyPxx/hXXxBZFG11kXG5XU8MPX/Edq8WNvLC65UCM8gsdoH0Pau28PeJbe2SySWV +ggZ4WyBhyBkfQnP0OBn26aWMlCSctUeVisBGUHyaM7UxU0xVciMVzEssTBkYZFKY +vavdSjJXR826kouz3KBi9qTyqv8Ale1M8qj2Y/bMuiL2qlrcYGi3RzjCZz9Oa2RF +zVfUoFk0+ZXXjYTnOMYqK7/dyt2Fh3arF+aM3S9VjttOsbPYjRzShMkdjxj+tcat +3/acV3JvJCSqq5+8VdMEfgVB/wCA1DFBfLZQX11PKZWdVjjfIK4yB1+laOi2kunx +uJYZACd2CucN0x+p/Ee1fCznZt9T7yFJRVyvFBFpSJOm12ij3Dj7pOAD9ef1ovr2 +6vNFKyN+9ml3PleQg6AH06V1Vr4Zn1W7RGXYix+ZIMEqufuqPp/Oty40CK3tI4/J +R3CYxjke35VHvW5mN1YX8zzB7e5BV1KxscFsHOf880+4n8uPd5uCOMEVuanYGGTa +0GAB+H41y2p8RsoLBD0DUopyepummYWobAzOqjaTyV4wfWshyyTrMmNynJ96vTkg +sP4TxiqIJAI5JU/mK9alojOepauIi0Kp8pRwfLIPGQBx+v61lOzeSJBuO3nGeo6Z ++oxiteVs6MHUqPJmDY78g5x7cfoKzJX2LMu0EffXHoeoH6flWtJ6HNVWtzufCHjd +1vhBenKS85H9446fXk/jXqieXNGJEYMp7ivmeMkSIUOMnj2r3HwDrn9raQElcG5t +1Hmj+8nZvqOh/wDr16uDrcv7t7dD53M8MmvaxWvU6cx0nle1XjFTfKNenc8MuCL2 +qtqCH+z7oAlcwsMj6GtYRVXvIQbG4DDI8th+lc9V3gzpoxtNM4HQrZNY8Y6XYj57 +a1Qyew2jPH44FerjQ7UzCRogW3ZPoTXl3wtuY5/Gt6wYMPsTbSev31z/ADr2cV85 +g8NTlC81qfVYupKM7LsQQ2sNuriJApc5YjqT71i6mqm4WIKTIOeK35DgVhXm/wA/ +ePzPSnjklFRRnh23K7MbU7UsTuRWDdjzivLPFtvDbxy+XgODjA4r1W+njjVjJNja +MnFeP+LtVguZGigyxzknmvKgvf0PTo3OOYZ981WciN9x6dDVvOT04qKSPd2xXpJ2 +NGIXAsZBu53AEeoqicSxYcjKjaSOvp/LFSyROoKKeCOBUPnNazxyABj02kZDAjBB +/lW9NLoc9V6FJQY2wTkDnNdd8PdVaw8S2x34V2MbAngg/wD165q/SFLo/ZyTE4DJ +nqARkA+46UumStbXscgOCrAit02veOKcFKLj0Z9URxYiUc4HA+lL5fsadpMi3elW +8y8qyjFXPK9q9qM00mfJyptNplvy6q30WbG4Uf3D2rU2iq92mLeY4H3DXLOXus7o +QtJHgnwovja/FCG2Y/LNDLF+QLf+y19IB8Dmvk7R75NH+I2lXzMFjjvFVyDwFY4Y +5+jGvqiRmVeBzXjKpyJSR9BiYXmJLcASEY6CsLU5pGJ3Nt5zjvT9QmcErgg4zWHd +iWbAaVg5P8IBIrzq9dzdjSjStqZ9w4maZHy5UbsE5rzrxCkhuJIIVBOfmVBhR9T9 +K9MFmZrh1QsE496xfEEejaPAWnkgWTOWZzk/QCsKb5Xc7IzS0PK2spI0LtjaO9Vh +JGzFQ4JHapNd8Qw32620+IGMscsV/wAawFtJgwcTYPtXqU6bcbz0Jc3f3dTXkXgE +djVHUYP3ZkHUVNbSzL8kvzA9+9WnTzYirkcjFUrxYnaSsznI286PaT86/wAqsqCU +3qTxyRVaaFra4z2q9BB5ksij7nl8n2I4rqk+qOaC1sz1X4YfEFLW2h0bUxiIPtju +Aemeikeme/vXtAZCAdwGexNfNngHTLBfEzfbryGCKCNyzOQwLKwHAI5znivel8ae +GVUL/a0QwMcq3+FdNLERiuWbR4mLw7c7016ngk/irxNazRy/21dNLEvyFpThcjnr +/Wn2fxO8U3F2kc2qyneQD0wfbGMV3MnhXR5Qd1uGz1/d01PCehwyKy2qKykEHyu9 +c6w8+WzZ2PFUG7qP4HmGuwFZpZAP4yQfb/JFfT3gjW18QeC9N1B3zK0QjmJ/vr8r +fmRn8a8U8Q6NGLgxhP3coIVsYGeR/I5q/wCEvE15oPg+eytYZJJrWVi6AZ5PQn0X +GOfavO9q4R5WrtaHq1aarRjKPU9p1D7PHhmYYB5z3rmdRvIFuHWJlJI4bdwa8K1n +xtrupTFrzUWRCchAx4H0FRW3iufYEfUBIe27IP5msauHqT95I0pUVHSUtT1XxD4q +g0fTJRC2ZSCMjsewFeF6leTahdPNcSu24k8muo1bT9XuNBTVJlJsWfKOTwT/AJFc +fMjMfat8FTULvqVVtFWRD5zKrCJeB1NMSedmOCx+lSpEVLDLbT1x3q1GgXoMV3uU +UcqjNvewttO7gbs5rThbeAMnNVEjJIAHNW41KDIIwO571zTs9Ubq/Uq6nAGh3YG4 +U/SAgtnZiS7DYR6D1rSl0+S5txIAfLP8W04/lUUmkXq6dNcxhYoUQbQf4yTjHHTj +mnGV48pm7KXMWfCsCzrJuwsi4ctgcrz/AIit8rZ5/wCPg/8AfArMsNPU6bYYHlTS +uUmwTlUHOM+/FaX9kxfwWJZexI6j8q5auH9pNy5rCjVUVax6L5jkfLCx9+1SRgHh +wgOeAxxmsC41NMZkYg/3umKzL/ULq3h86FzdQHqN/JHsfX61VXMKtTSOhy0sthHW +Wpsa9fwQ2skN9BtTqhXsR6n+XuBWLp8BE63luytcBdrDPyXKf3WHrjvUCalb+I/D +t5CHMj22CAww4U9iPYiuO0bV20u+NpdOxsJeCO6HsR6e/tWMIzfM3q+qfU7400oW +joeoS/B/R7pZ9XkvJ0s3QSQpE65APJ3Ejt0/CvKr7w5bTap9n0KC9nTdtzKgJJ/D +ivoP4T6rHrPgxUKjNpO9uy5JGM7h+jCuzeOxtuNkUYHJIAFdUI1Irm5rLzMFieST +U48zPOtO8KTWPwi/szV40E6B2wCG2gsSB9ea+fZFUSso5AJFfX+qLDqGhTeSVkid +PlIOQa+ZPE/hibRQ10xGx5CAvpzSbUKnK3ukXh5OpBt9znI41yeKsJBuxtBz7VRA +uHI8rLMeiqM5rvPDIv7PRZmube3ih+8Z5GwR/U8DtxWlRuMbo1i11OettLnuSwQq +qqMySyNhIx7n19utRXWpw6ZD5doYpHz/AK9hySP7ozwPrz+tUNc16S8laKOQtGD8 +uOAffFYWGb5mrSnSbV5GNSrraJr3eu3ErMDcO2RgMjEAD06Dj2qh/aV0cqZ3YHrk +k5qt5bMwzwDyBUxhCA8cgZNbqMF0Oe8pGvp95cyKUDuU6YB9eOv4itL+1SOPtDfg +0n9OK523v5YYyiEAHIPvmrYWNlDea/Iz90f41jKnqbRnodz4i1O5XTleyIjCnJ2x +jBH5Vy9p4nuYXb5VJb78JPyP7r6GtWbxHoFxGYg92qk5BkQED8j9BWLqulwRwLd2 +lwk9uf4lPIb+Y/GuWhTSXJUibN31gzX8JX0Nx4qlEAKi7tpEZG/hIG7/ANlrG1QA +XEigD5HI/Wsn7TNaXEV5bv5dxGwO9e/vUs1893ullILsck9Mmuj2NpqS2tYKdS3M +mesfAvxJFZa1qOizSbftirLAD0LqDuH1IOf+A1Y+LPi+9ivv7MtZ2jUr+8KnBI9K +8Vt7yezvkurWZop4mDxyKcFWHQ11l/fTeN4hexBf7Vij23FuvWQD/log7+47fTpN +ai3OMn8PUjDzgqrb3PfvAutWl38NdLNs4YRQiKYZ5V1+8D/P8a8w+JV/Hd3kdsGz +EpyQh+Zsdh/j2rA8Ca7aeGlvV1WS7+yXSBWjgIyhHRsHqewHpntWhew+HL7ZcWB1 +h5GHySXqqUwTjoAM9Tgfn1rCpF+255bLYqkuW+mrMuytIorNbq6VLaDYWWINyw7E +nqc/54rA17X7nU5DEsz/AGdcKqk4GB04rR12czzm1t2Z4U6uern1J9/5VkRaTPPI +Nqkrnbketb0+W/PIJxlayMlI8tk1IVyCQPYVZntmt3aJlwenNXtNtfOu0AUgBlVm +9Mn/AD+VbyqJK5EaV3YzYbYqxVuCRya010hlsp2k3eYMNFgcPz/+v8RTrwok8kMY +5L4GexGePp/hXUpZrNocNuP9YZFlI3cj5M8fjn/OKwqV2kmbKjFaHF/2a32dpAoC +Bhj2zTP7PfuHz7Guku0BtPKAUbf3h6DOcf5xU8VpviRuPmUH73/1qy+sytc0eGhs +cJJHHKd1uSB/dY81Gk8kLFTkA9Qe9K8RVspkH0p6us6bXHzetej0PMs76aMczLLG +QP8A9VRK37qmDMT4z/8AXpZCApK9DzinYbnfV7iKeSfWnW1zNZ3sdzbyNFLGdyup +wQaiTpS4y+B1p26GV9Eel+EfEOj6neeRrmn2ryycCZ0GGb1Poa6LXB5yb1ieGziG +yKMDaMAenv8AoPfNef8Ag7TbObWBLqM3lWVovnSkdWORhR9TXZeIfEH2y1W7IKWp +G2GEHGVyc46ew+mfWvKrUYqp7p3QqS3Zbi8OWX/CIvqtx98MWI4U4yFXr65zjn9K +xtT8i00G3EHymUlgf9kBQfzK/rWdda9eXkNtp0Sl1Q5PA2hznBPbA5NXPsTTaMJi +py8ohi/AcY/IDPvUyTik5dTWldu8mcq6N9oEm0EZOCRkccVrQgaar+ejHCrJtx94 +lTtJ9ssK1JNGLTQQ+WQS5j5H+1jn2Gf0NO1+JVLaZbF5bneJJpB91yyg8fQBePc1 +TqqehvFJSOTtkMt0pbJLc5711WiKw1CaG54aIhXVuoXjH8zT/D2lrZXyahcR7kjV +SgK8E8A9fcn8qkiKTeJ9RlGRC7qjMO64ANZVqyk3FdF+pfKMvLcRuVKqyhjGzAdc +5INZptbtGKrcEKDgD2rpLi2CSzWkjkPsyjMMcrk/ryKq/btK/ikYt3PvXPCpK2hZ +5j/D9DUDcTAiiivfjueLMWb+tQuflooq4mVTqCU+LmYfWiimyVsjfgdo9Gk2MVzI +c479Ku6tNItvaoGIXhMewVCB+dFFckviO7oUEmkM4XeQrvtZV4BA6cD6mvYYkV7r +TbYqPJiWMog4CkkZNFFcmN2RcSO5ctDp0p5f7Rt3EdjyR+prF8NQx3PiK7lmQO6l +ZAT2YsATj6UUVxQ+CRtT+Fm5qShobNSBhnlBwMZ+c1jaCivAXYZZ5ZSx9fmNFFc/ +2H6o6V8Jla7PLLcqHcnEhX8M1pQadaG3iJt0JKDt7UUV1Q+BDeyP/9mJAjgEEwEC +ACIFAkzpOWsCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEOeQksw0GKiR +TtoP/2ERYhFJjETwJs3srgUIltaBD2EVYf10Yj1wkx54VHNYLcuYvPkQZqiPbj4O +Tk1NYyZ2lJbNhR/ZEsiDGFv87RboMFhgh0N/gOXI29oZsjlnGncLW7h0I3pYSys1 +F3cxyRS8JheIXLkLVdqhJXfGz8QI0DPp+7NZJzDD+gvDl2ptXkjEPIO8xsxdoj59 +aa2MzKZIgpjf5/GbxGTYbT14yc9K33e6ffnI+uSEWkA5+6iOPeBeHkQpZe0zwE0q +/ZTAo9yvT/DiEDvh4XvC4Y49hLi8gLVmUV7rv1dMIOiGbr89bckOSkUdGsJtiPeF +MEXoZT9iZVLE0rqtFBucgtljRIXqVuC/yn+k8Ol4hNG9dnfr4AMgq1ggb3zGBKxx +Xcfs2kA/EMi2NdSlFdibSu6yxm2QP/p57BT1Io1VwhSWuxecqRNIwY+htGswSU9l +JUqSijAUJqmggaar7NeP20ph5VafODG6ICZwiCadQWUyP7oGoPeT1QAK3WgTuUI5 +hEbdzgCdBGKHx3gG6fIvU6R4o9sW6a0kDXoLqFunGp4aJv8eWOx6spPZJNIDauQe +5Z4CXVT/GL7onTTohACpLovELjJ468MdrE3iY5OtyeUN4jhzDpzcGilb6yE9pXgB +1I5sbZiqEJxd1iBi5yNEXi10IhbmFoTWQJLf4lYpLDfQtPaPuQINBEzpNa0BEACn +yEDw6RCtZFKWWzllekxsrUfpYS82UlPcBE9OsVaEC464RozRGNry4mq953eHSVTF +hIl0dSzamGJuyFGGepiwndslhKOEb60hCjSMFqNJPDePTYbh5hWh9R45qM3gzfln +zXpX5WOJUJHAD6fJcuN82JEKJiQud3neROcWvi/2f3xsOgKRuYHXv/5VMh1Yi1vM +L3v0BzB9CPWyb4O/F7rsomGjPeiily34R64T+OI6AmuHvMUHnu9vuiSoPbJo/P82 +6damUPYo0x17RkqCSvhzRsnWcSdUKENMfAwv1QHM0Tu5n56KCkXT7pfiSPFhmqXj +pEfk/qGly4KYta6K8u/lK6COK3AZ/Qhhy3nxlm/eGD+IBn9rjhH1TUZZRYXQAxpA +eXbYnEsUuChz85Pz5RjDTmM3WL6TBY3RaUZdVa9LAtOA1y/Pw3eIKwdCAUQVADYC +38sVOh5dyOwQOzH9GMn3jOScvhA0Y+OaQjD6CnzvaJ4ZaEU44iAmcQQVy5NhYk1D +2tYTsh3CV/YUpF/n4+dZSxnDkDYYJ/Qnvp5IfnDyQ89anRMjHB8wYvP2jGOBxAQs +PWItY2chyf7mihP6Azx1jEwPWiwi5xJse1MFBBUvkCps95HAEGb3cu255JO644SE +kdcppxcemZ0b2BP89wR+z27WpM8c0jazG2myVB75JQARAQABiQIfBBgBAgAJBQJM +6TWtAhsMAAoJEOeQksw0GKiRclkP/i9Tr4zAXsQXlHJRQ18RvUMs4wZ9gu6uK5qV +FjH+rKr6IXZ20h8UBVKZ+5qkrBfA3B2BlfKoBFz6C0XrmhOF3urUAVEhAnbI+jiW ++eJWjeNMpeFqFIJSfnv2Ca39Gy7Tj7t3pMaEksW+2RL2V1Tg7c4CCz8ubY13tEPC +YKkLp9/zud+qdLIR1XK9lMELMDBdrsElUZ8X8NUvjB0CpjqE3zUxOMWGTAhby+NV +pYVLlP/3yIs4thCWM0hEltDi+KTtj8j4yAkIhi3y9MGg52M+hS5FCNNtfCdaJ9gk +yQgKonXshKxDrq22P6ZC8WB0RvoOmVVLWzEPbHdMLj7/vTskHf87THOJN5aiHJnl ++6Dv56zsldpmvdkzAqFngUAG1ucN+ymsXT88P5suc3uegCf2Mk03RfqrDVB5ZlY6 +5V/dvK9+C4dCyF88SU1JhsMp14marNn71kC3184fZSZfO2BbgzT6s6bNnbeRMw/7 +Hyuvwiu5wWn2il8wswQ6oTeS7ah5wD60SSCDgMVfCFC+17EZ/04PVWOUHuuaAItd +SpAcxHvY9MB4pJbLJG1wjH/5RR/3+D4kQW1DT8QXhc4bJc8l7RkErvaRYK7SkE2P +zYz5ZlC9VrvAi4OdeZmLGuggfAfTvu/7b8f8rwyXmBPX+imdoH7EAo2XBlXqYsUG +xh8t6/dM +=gRcX +-----END PGP PUBLIC KEY BLOCK----- diff --git a/watch b/watch new file mode 100644 index 00000000..94d0f2dd --- /dev/null +++ b/watch @@ -0,0 +1,3 @@ +version=3 +opts=pgpsigurlmangle=s/$/.sign/ \ +https://www.freedesktop.org/software/polkit/releases/polkit-(.*)\.tar\.gz -- cgit v1.2.3 From 995954f96cbeb0696f1dfe6fb6a12a7ed028359b Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Wed, 6 Jun 2012 09:05:14 -0400 Subject: agenthelper-pam: Fix newline-trimming code First, we were using == instead of =, as the author probably intended. But after changing that, we're now assigning to const memory. Fix that by writing to a temporary string buffer. Signed-off-by: David Zeuthen Origin: upstream, 0.106, commit:14121fda7e4fa9463c66ce419cc32be7e7f3b535 Gbp-Pq: Topic 0.106 Gbp-Pq: Name agenthelper-pam-Fix-newline-trimming-code.patch --- src/polkitagent/polkitagenthelper-pam.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/src/polkitagent/polkitagenthelper-pam.c b/src/polkitagent/polkitagenthelper-pam.c index 85a26718..7af5321e 100644 --- a/src/polkitagent/polkitagenthelper-pam.c +++ b/src/polkitagent/polkitagenthelper-pam.c @@ -227,6 +227,8 @@ conversation_function (int n, const struct pam_message **msg, struct pam_respons char buf[PAM_MAX_RESP_SIZE]; int i; gchar *escaped = NULL; + gchar *tmp = NULL; + size_t len; data = data; if (n <= 0 || n > PAM_MAX_NUM_MSG) @@ -258,9 +260,12 @@ conversation_function (int n, const struct pam_message **msg, struct pam_respons #ifdef PAH_DEBUG fprintf (stderr, "polkit-agent-helper-1: writing `%s' to stdout\n", msg[i]->msg); #endif /* PAH_DEBUG */ - if (strlen (msg[i]->msg) > 0 && msg[i]->msg[strlen (msg[i]->msg) - 1] == '\n') - msg[i]->msg[strlen (msg[i]->msg) - 1] == '\0'; - escaped = g_strescape (msg[i]->msg, NULL); + tmp = g_strdup (msg[i]->msg); + len = strlen (tmp); + if (len > 0 && tmp[len - 1] == '\n') + tmp[len - 1] = '\0'; + escaped = g_strescape (tmp, NULL); + g_free (tmp); fputs (escaped, stdout); g_free (escaped); #ifdef PAH_DEBUG -- cgit v1.2.3 From 0904ddc65862aa2cc80b2838e16a8d767ca31fa1 Mon Sep 17 00:00:00 2001 From: Ryan Lortie Date: Tue, 13 Nov 2012 11:50:14 -0500 Subject: build: Fix .gir generation for parallel make As per the intructions in the introspection Makefile, we should have a line declaring a dependency between the .gir and .la files. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=57077 Signed-off-by: David Zeuthen Bug-Debian: https://bugs.debian.org/894205 Gbp-Pq: Topic 0.108 Gbp-Pq: Name build-Fix-.gir-generation-for-parallel-make.patch --- src/polkit/Makefile.am | 2 ++ src/polkitagent/Makefile.am | 2 ++ 2 files changed, 4 insertions(+) diff --git a/src/polkit/Makefile.am b/src/polkit/Makefile.am index 1068ea12..41ccf5c3 100644 --- a/src/polkit/Makefile.am +++ b/src/polkit/Makefile.am @@ -106,6 +106,8 @@ if HAVE_INTROSPECTION INTROSPECTION_GIRS = Polkit-1.0.gir +Polkit-1.0.gir: libpolkit-gobject-1.la + girdir = $(INTROSPECTION_GIRDIR) gir_DATA = Polkit-1.0.gir diff --git a/src/polkitagent/Makefile.am b/src/polkitagent/Makefile.am index e8c9fb1a..7b51137b 100644 --- a/src/polkitagent/Makefile.am +++ b/src/polkitagent/Makefile.am @@ -106,6 +106,8 @@ if HAVE_INTROSPECTION girdir = $(INTROSPECTION_GIRDIR) gir_DATA = PolkitAgent-1.0.gir +PolkitAgent-1.0.gir: libpolkit-agent-1.la + typelibsdir = $(INTROSPECTION_TYPELIBDIR) typelibs_DATA = PolkitAgent-1.0.typelib -- cgit v1.2.3 From 503f5f83d1cc5fa893ba9443ba374cd0c1cccff2 Mon Sep 17 00:00:00 2001 From: David Zeuthen Date: Wed, 19 Dec 2012 14:28:29 -0500 Subject: Set XAUTHORITY environment variable if is unset The way it works is that if XAUTHORITY is unset, then its default value is $HOME/.Xauthority. But since we're changing user identity this will not work since $HOME will now change. Therefore, if XAUTHORITY is unset, just set its default value before changing identity. This bug only affected login managers using X Window Authorization but not explicitly setting the XAUTHORITY variable. You can argue that XAUTHORITY is broken since it forces uid-changing apps like pkexec(1) to do more work - and get involved in intimate details of how X works and so on - but that doesn't change how things work. Based on a patch from Peter Wu . Bug: https://bugs.freedesktop.org/show_bug.cgi?id=51623 Signed-off-by: David Zeuthen Origin: upstream, 0.110, commit:d6acecdd0ebb42e28ff28e04e0207cb01fa20910 Gbp-Pq: Topic 0.110 Gbp-Pq: Name 07_set-XAUTHORITY-environment-variable-if-unset.patch --- src/programs/pkexec.c | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c index 373977b8..7fafa14d 100644 --- a/src/programs/pkexec.c +++ b/src/programs/pkexec.c @@ -597,6 +597,28 @@ main (int argc, char *argv[]) g_ptr_array_add (saved_env, g_strdup (value)); } + /* $XAUTHORITY is "special" - if unset, we need to set it to ~/.Xauthority. Yes, + * this is broken but it's unfortunately how things work (see fdo #51623 for + * details) + */ + if (g_getenv ("XAUTHORITY") == NULL) + { + const gchar *home; + + /* pre-2.36 GLib does not examine $HOME (it always looks in /etc/passwd) and + * this is not what we want + */ + home = g_getenv ("HOME"); + if (home == NULL) + home = g_get_home_dir (); + + if (home != NULL) + { + g_ptr_array_add (saved_env, g_strdup ("XAUTHORITY")); + g_ptr_array_add (saved_env, g_build_filename (home, ".Xauthority", NULL)); + } + } + /* Nuke the environment to get a well-known and sanitized environment to avoid attacks * via e.g. the DBUS_SYSTEM_BUS_ADDRESS environment variable and similar. */ -- cgit v1.2.3 From 76e4cff9346c5ba27b4107aea0783fd8833bd720 Mon Sep 17 00:00:00 2001 From: Emilio Pozuelo Monfort Date: Sat, 26 Mar 2011 07:28:14 +0000 Subject: Fix build on GNU Hurd Bug: https://bugs.freedesktop.org/show_bug.cgi?id=35685 Applied-upstream: 0.110, commit:d6de13e12379826af8ca9355a32da48707b9831f Gbp-Pq: Topic 0.110 Gbp-Pq: Name 04_get_cwd.patch --- src/programs/pkexec.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c index 7fafa14d..682fe954 100644 --- a/src/programs/pkexec.c +++ b/src/programs/pkexec.c @@ -53,7 +53,7 @@ #include static gchar *original_user_name = NULL; -static gchar original_cwd[PATH_MAX]; +static gchar *original_cwd; static gchar *command_line = NULL; static struct passwd *pw; @@ -465,7 +465,7 @@ main (int argc, char *argv[]) goto out; } - if (getcwd (original_cwd, sizeof (original_cwd)) == NULL) + if ((original_cwd = g_get_current_dir ()) == NULL) { g_printerr ("Error getting cwd: %s\n", g_strerror (errno)); @@ -953,6 +953,7 @@ main (int argc, char *argv[]) g_ptr_array_free (saved_env, TRUE); } + g_free (original_cwd); g_free (path); g_free (command_line); g_free (opt_user); -- cgit v1.2.3 From 947af386017147892bba97c301caeba8bfff8c65 Mon Sep 17 00:00:00 2001 From: Steve Langasek Date: Fri, 8 Mar 2013 12:00:00 +0100 Subject: pkexec: Set process environment from pam_getenvlist() Various pam modules provide environment variables that are intended to be set in the environment of the pam session. pkexec needs to process the output of pam_getenvlist() to get these. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=62016 Applied-upstream: 0.111, commit:5aef9722c15a350fbf8b20a3b58419f156cc7c98 Bug-Ubuntu: https://bugs.launchpad.net/bugs/982684 Gbp-Pq: Topic 0.111 Gbp-Pq: Name 09_pam_environment.patch --- src/programs/pkexec.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c index 682fe954..9a0570a3 100644 --- a/src/programs/pkexec.c +++ b/src/programs/pkexec.c @@ -145,6 +145,7 @@ open_session (const gchar *user_to_auth) gboolean ret; gint rc; pam_handle_t *pam_h; + char **envlist; struct pam_conv conversation; ret = FALSE; @@ -176,6 +177,15 @@ open_session (const gchar *user_to_auth) ret = TRUE; + envlist = pam_getenvlist (pam_h); + if (envlist != NULL) + { + guint n; + for (n = 0; envlist[n]; n++) + putenv (envlist[n]); + free (envlist); + } + out: if (pam_h != NULL) pam_end (pam_h, rc); -- cgit v1.2.3 From 2ee8d072019ce2b5418bae81c782be6f745da22b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Tue, 7 May 2013 22:30:25 +0200 Subject: Fix a memory leak Bug: https://bugs.freedesktop.org/show_bug.cgi?id=64336 Origin: upstream, 0.111, commit:d7b6ab40b586c255c49aba22f558eb6602c88b1e Gbp-Pq: Topic 0.111 Gbp-Pq: Name Fix-a-memory-leak.patch --- src/polkitagent/polkitagenthelper-pam.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/polkitagent/polkitagenthelper-pam.c b/src/polkitagent/polkitagenthelper-pam.c index 7af5321e..292abbe4 100644 --- a/src/polkitagent/polkitagenthelper-pam.c +++ b/src/polkitagent/polkitagenthelper-pam.c @@ -321,6 +321,7 @@ error: } } memset (aresp, 0, n * sizeof *aresp); + free (aresp); *resp = NULL; return PAM_CONV_ERR; } -- cgit v1.2.3 From a84ded15e6ee905b220a2b579e49674af2bb2771 Mon Sep 17 00:00:00 2001 From: Tomas Bzatek Date: Wed, 29 May 2013 13:45:31 +0000 Subject: Use GOnce for interface type registration Static local variable may not be enough since it doesn't provide locking. Related to these udisksd warnings: GLib-GObject-WARNING **: cannot register existing type `PolkitSubject' Thanks to Hans de Goede for spotting this! Bug: https://bugs.freedesktop.org/show_bug.cgi?id=65130 Origin: upstream, 0.112, commit:20ad116a6582e57d20f9d8197758947918753a4c Gbp-Pq: Topic 0.112 Gbp-Pq: Name 00git_type_registration.patch --- src/polkit/polkitidentity.c | 10 ++++++---- src/polkit/polkitsubject.c | 10 ++++++---- src/polkitbackend/polkitbackendactionlookup.c | 10 ++++++---- 3 files changed, 18 insertions(+), 12 deletions(-) diff --git a/src/polkit/polkitidentity.c b/src/polkit/polkitidentity.c index dd15b2f9..7813c2c0 100644 --- a/src/polkit/polkitidentity.c +++ b/src/polkit/polkitidentity.c @@ -49,9 +49,9 @@ base_init (gpointer g_iface) GType polkit_identity_get_type (void) { - static GType iface_type = 0; + static volatile gsize g_define_type_id__volatile = 0; - if (iface_type == 0) + if (g_once_init_enter (&g_define_type_id__volatile)) { static const GTypeInfo info = { @@ -67,12 +67,14 @@ polkit_identity_get_type (void) NULL /* value_table */ }; - iface_type = g_type_register_static (G_TYPE_INTERFACE, "PolkitIdentity", &info, 0); + GType iface_type = + g_type_register_static (G_TYPE_INTERFACE, "PolkitIdentity", &info, 0); g_type_interface_add_prerequisite (iface_type, G_TYPE_OBJECT); + g_once_init_leave (&g_define_type_id__volatile, iface_type); } - return iface_type; + return g_define_type_id__volatile; } /** diff --git a/src/polkit/polkitsubject.c b/src/polkit/polkitsubject.c index d2c4c205..aed57951 100644 --- a/src/polkit/polkitsubject.c +++ b/src/polkit/polkitsubject.c @@ -50,9 +50,9 @@ base_init (gpointer g_iface) GType polkit_subject_get_type (void) { - static GType iface_type = 0; + static volatile gsize g_define_type_id__volatile = 0; - if (iface_type == 0) + if (g_once_init_enter (&g_define_type_id__volatile)) { static const GTypeInfo info = { @@ -68,12 +68,14 @@ polkit_subject_get_type (void) NULL /* value_table */ }; - iface_type = g_type_register_static (G_TYPE_INTERFACE, "PolkitSubject", &info, 0); + GType iface_type = + g_type_register_static (G_TYPE_INTERFACE, "PolkitSubject", &info, 0); g_type_interface_add_prerequisite (iface_type, G_TYPE_OBJECT); + g_once_init_leave (&g_define_type_id__volatile, iface_type); } - return iface_type; + return g_define_type_id__volatile; } /** diff --git a/src/polkitbackend/polkitbackendactionlookup.c b/src/polkitbackend/polkitbackendactionlookup.c index 5a1a228a..20747e79 100644 --- a/src/polkitbackend/polkitbackendactionlookup.c +++ b/src/polkitbackend/polkitbackendactionlookup.c @@ -74,9 +74,9 @@ base_init (gpointer g_iface) GType polkit_backend_action_lookup_get_type (void) { - static GType iface_type = 0; + static volatile gsize g_define_type_id__volatile = 0; - if (iface_type == 0) + if (g_once_init_enter (&g_define_type_id__volatile)) { static const GTypeInfo info = { @@ -92,12 +92,14 @@ polkit_backend_action_lookup_get_type (void) NULL /* value_table */ }; - iface_type = g_type_register_static (G_TYPE_INTERFACE, "PolkitBackendActionLookup", &info, 0); + GType iface_type = + g_type_register_static (G_TYPE_INTERFACE, "PolkitBackendActionLookup", &info, 0); g_type_interface_add_prerequisite (iface_type, G_TYPE_OBJECT); + g_once_init_leave (&g_define_type_id__volatile, iface_type); } - return iface_type; + return g_define_type_id__volatile; } /** -- cgit v1.2.3 From 22d66384d14ffac74aee9973a7ab403c9bb6cfac Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Tue, 20 Aug 2013 15:15:31 -0400 Subject: polkitunixprocess: Deprecate racy APIs It's only safe for processes to be created with their owning uid, (without kernel support, which we don't have). Anything else is subject to clients exec()ing setuid binaries after the fact. Origin: upstream, 0.112, commit:08291789a1f99d4ab29c74c39344304bcca43023 Gbp-Pq: Topic 0.112 Gbp-Pq: Name 08_deprecate_racy_APIs.patch --- src/polkit/polkitunixprocess.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/polkit/polkitunixprocess.h b/src/polkit/polkitunixprocess.h index 531a57d6..f5ed1a73 100644 --- a/src/polkit/polkitunixprocess.h +++ b/src/polkit/polkitunixprocess.h @@ -47,7 +47,9 @@ typedef struct _PolkitUnixProcess PolkitUnixProcess; typedef struct _PolkitUnixProcessClass PolkitUnixProcessClass; GType polkit_unix_process_get_type (void) G_GNUC_CONST; +G_GNUC_DEPRECATED_FOR(polkit_unix_process_new_for_owner) PolkitSubject *polkit_unix_process_new (gint pid); +G_GNUC_DEPRECATED_FOR(polkit_unix_process_new_for_owner) PolkitSubject *polkit_unix_process_new_full (gint pid, guint64 start_time); PolkitSubject *polkit_unix_process_new_for_owner (gint pid, -- cgit v1.2.3 From a2133fdfcd29e1099095212defad0cc29cff54e7 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Mon, 19 Aug 2013 12:16:11 -0400 Subject: pkcheck: Support --process=pid,start-time,uid syntax too The uid is a new addition; this allows callers such as libvirt to close a race condition in reading the uid of the process talking to them. They can read it via getsockopt(SO_PEERCRED) or equivalent, rather than having pkcheck look at /proc later after the fact. Programs which invoke pkcheck but need to know beforehand (i.e. at compile time) whether or not it supports passing the uid can use: pkcheck_supports_uid=$($PKG_CONFIG --variable pkcheck_supports_uid polkit-gobject-1) test x$pkcheck_supports_uid = xyes Origin: upstream, 0.112, commit:3968411b0c7ba193f9b9276ec911692aec248608 Gbp-Pq: Topic 0.112 Gbp-Pq: Name cve-2013-4288.patch --- data/polkit-gobject-1.pc.in | 3 +++ docs/man/pkcheck.xml | 29 ++++++++++++++++++++--------- src/programs/pkcheck.c | 7 ++++++- 3 files changed, 29 insertions(+), 10 deletions(-) diff --git a/data/polkit-gobject-1.pc.in b/data/polkit-gobject-1.pc.in index c39677dd..5c4c6207 100644 --- a/data/polkit-gobject-1.pc.in +++ b/data/polkit-gobject-1.pc.in @@ -11,3 +11,6 @@ Version: @VERSION@ Libs: -L${libdir} -lpolkit-gobject-1 Cflags: -I${includedir}/polkit-1 Requires: gio-2.0 >= 2.18 glib-2.0 >= 2.18 +# Programs using pkcheck can use this to determine +# whether or not it can be passed a uid. +pkcheck_supports_uid=true diff --git a/docs/man/pkcheck.xml b/docs/man/pkcheck.xml index 6b8a8743..508447e2 100644 --- a/docs/man/pkcheck.xml +++ b/docs/man/pkcheck.xml @@ -55,6 +55,9 @@ pid,pid-start-time + + pid,pid-start-time,uid + @@ -90,7 +93,7 @@ DESCRIPTION pkcheck is used to check whether a process, specified by - either or , + either (see below) or , is authorized for action. The option can be used zero or more times to pass details about action. If is passed, pkcheck blocks @@ -160,17 +163,25 @@ KEY3=VALUE3 NOTES - Since process identifiers can be recycled, the caller should always use - pid,pid-start-time to specify the process - to check for authorization when using the option. - The value of pid-start-time - can be determined by consulting e.g. the + Do not use either the bare pid or + pid,start-time syntax forms for + . There are race conditions in both. + New code should always use + pid,pid-start-time,uid. The value of + start-time can be determined by + consulting e.g. the proc5 - file system depending on the operating system. If only pid - is passed to the option, then pkcheck - will look up the start time itself but note that this may be racy. + file system depending on the operating system. If fewer than 3 + arguments are passed, pkcheck will attempt to + look up them up internally, but note that this may be racy. + + + If your program is a daemon with e.g. a custom Unix domain + socket, you should determine the uid + parameter via operating system mechanisms such as + PEERCRED. diff --git a/src/programs/pkcheck.c b/src/programs/pkcheck.c index 719a36c4..057e926d 100644 --- a/src/programs/pkcheck.c +++ b/src/programs/pkcheck.c @@ -372,6 +372,7 @@ main (int argc, char *argv[]) else if (g_strcmp0 (argv[n], "--process") == 0 || g_strcmp0 (argv[n], "-p") == 0) { gint pid; + guint uid; guint64 pid_start_time; n++; @@ -381,7 +382,11 @@ main (int argc, char *argv[]) goto out; } - if (sscanf (argv[n], "%i,%" G_GUINT64_FORMAT, &pid, &pid_start_time) == 2) + if (sscanf (argv[n], "%i,%" G_GUINT64_FORMAT ",%u", &pid, &pid_start_time, &uid) == 3) + { + subject = polkit_unix_process_new_for_owner (pid, pid_start_time, uid); + } + else if (sscanf (argv[n], "%i,%" G_GUINT64_FORMAT, &pid, &pid_start_time) == 2) { subject = polkit_unix_process_new_full (pid, pid_start_time); } -- cgit v1.2.3 From cc17a2826f80817d113b60f6ea90a3861529bc30 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Sat, 9 Nov 2013 13:48:21 -0500 Subject: Port internals non-deprecated PolkitProcess API where possible We can't port everything, but in PolkitPermission and these test cases, we can use _for_owner() with the right information. [smcv: drop the part that touches test/polkitbackend/test-polkitbackendjsauthority.c which is not in this branch] Origin: upstream, 0.113, commit:6d3d0a8ffb0fd8ae59eb35593b305ec87da8858d Gbp-Pq: Topic 0.113 Gbp-Pq: Name Port-internals-non-deprecated-PolkitProcess-API-wher.patch --- src/polkit/polkitpermission.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/polkit/polkitpermission.c b/src/polkit/polkitpermission.c index 22d195fc..f8a666e8 100644 --- a/src/polkit/polkitpermission.c +++ b/src/polkit/polkitpermission.c @@ -122,7 +122,7 @@ polkit_permission_constructed (GObject *object) PolkitPermission *permission = POLKIT_PERMISSION (object); if (permission->subject == NULL) - permission->subject = polkit_unix_process_new (getpid ()); + permission->subject = polkit_unix_process_new_for_owner (getpid (), 0, getuid ()); if (G_OBJECT_CLASS (polkit_permission_parent_class)->constructed != NULL) G_OBJECT_CLASS (polkit_permission_parent_class)->constructed (object); -- cgit v1.2.3 From e388479c9c67254f474ac5eaecc5b1c683eb1fc0 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Thu, 21 Nov 2013 17:39:37 -0500 Subject: pkexec: Work around systemd injecting broken XDG_RUNTIME_DIR This workaround isn't too much code, and it's often better to fix bugs in two places anyways. For more information: See https://bugzilla.redhat.com/show_bug.cgi?id=753882 See http://lists.freedesktop.org/archives/systemd-devel/2013-November/014370.html Origin: upstream, 0.113, commit:8635ffc16aeff6a07d675f861fe0dea03ea81d7e Gbp-Pq: Topic 0.113 Gbp-Pq: Name pkexec-Work-around-systemd-injecting-broken-XDG_RUNT.patch --- src/programs/pkexec.c | 33 ++++++++++++++++++++++++++++++--- 1 file changed, 30 insertions(+), 3 deletions(-) diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c index 9a0570a3..5e990443 100644 --- a/src/programs/pkexec.c +++ b/src/programs/pkexec.c @@ -139,8 +139,22 @@ pam_conversation_function (int n, return PAM_CONV_ERR; } +/* A work around for: + * https://bugzilla.redhat.com/show_bug.cgi?id=753882 + */ +static gboolean +xdg_runtime_dir_is_owned_by (const char *path, + uid_t target_uid) +{ + struct stat stbuf; + + return stat (path, &stbuf) == 0 && + stbuf.st_uid == target_uid; +} + static gboolean -open_session (const gchar *user_to_auth) +open_session (const gchar *user_to_auth, + uid_t target_uid) { gboolean ret; gint rc; @@ -182,7 +196,19 @@ open_session (const gchar *user_to_auth) { guint n; for (n = 0; envlist[n]; n++) - putenv (envlist[n]); + { + const char *envitem = envlist[n]; + + if (g_str_has_prefix (envitem, "XDG_RUNTIME_DIR=")) + { + const char *eq = strchr (envitem, '='); + g_assert (eq); + if (!xdg_runtime_dir_is_owned_by (eq + 1, target_uid)) + continue; + } + + putenv (envlist[n]); + } free (envlist); } @@ -892,7 +918,8 @@ main (int argc, char *argv[]) * As evident above, neither su(1) (and, for that matter, nor sudo(8)) does this. */ #ifdef POLKIT_AUTHFW_PAM - if (!open_session (pw->pw_name)) + if (!open_session (pw->pw_name, + pw->pw_uid)) { goto out; } -- cgit v1.2.3 From d012e3ffcd5126ad5034133c5fa64b7477699969 Mon Sep 17 00:00:00 2001 From: Rui Matos Date: Thu, 6 Feb 2014 18:41:18 +0100 Subject: PolkitAgentSession: fix race between child and io watches The helper flushes and fdatasyncs stdout and stderr before terminating but this doesn't guarantee that our io watch is called before our child watch. This means that we can end up with a successful return from the helper which we still report as a failure. If we add G_IO_HUP and G_IO_ERR to the conditions we look for in the io watch and the child terminates we still run the io watch handler which will complete the session. This means that the child watch is in fact needless and we can remove it. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=60847 Origin: upstream, 0.113, commit:7650ad1e08ab13bdb461783c4995d186d9392840 Bug: http://bugs.freedesktop.org/show_bug.cgi?id=30515 Bug-Ubuntu: https://launchpad.net/bugs/649939 Bug-Ubuntu: https://launchpad.net/bugs/445303 Gbp-Pq: Topic 0.113 Gbp-Pq: Name 03_PolkitAgentSession-fix-race-between-child-and-io-wat.patch --- src/polkitagent/polkitagentsession.c | 47 +++++++++--------------------------- 1 file changed, 11 insertions(+), 36 deletions(-) diff --git a/src/polkitagent/polkitagentsession.c b/src/polkitagent/polkitagentsession.c index 8129cd9f..a658a229 100644 --- a/src/polkitagent/polkitagentsession.c +++ b/src/polkitagent/polkitagentsession.c @@ -92,7 +92,6 @@ struct _PolkitAgentSession int child_stdout; GPid child_pid; - GSource *child_watch_source; GSource *child_stdout_watch_source; GIOChannel *child_stdout_channel; @@ -377,13 +376,6 @@ kill_helper (PolkitAgentSession *session) session->child_pid = 0; } - if (session->child_watch_source != NULL) - { - g_source_destroy (session->child_watch_source); - g_source_unref (session->child_watch_source); - session->child_watch_source = NULL; - } - if (session->child_stdout_watch_source != NULL) { g_source_destroy (session->child_stdout_watch_source); @@ -429,26 +421,6 @@ complete_session (PolkitAgentSession *session, } } -static void -child_watch_func (GPid pid, - gint status, - gpointer user_data) -{ - PolkitAgentSession *session = POLKIT_AGENT_SESSION (user_data); - - if (G_UNLIKELY (_show_debug ())) - { - g_print ("PolkitAgentSession: in child_watch_func for pid %d (WIFEXITED=%d WEXITSTATUS=%d)\n", - (gint) pid, - WIFEXITED(status), - WEXITSTATUS(status)); - } - - /* kill all the watches we have set up, except for the child since it has exited already */ - session->child_pid = 0; - complete_session (session, FALSE); -} - static gboolean io_watch_have_data (GIOChannel *channel, GIOCondition condition, @@ -475,10 +447,13 @@ io_watch_have_data (GIOChannel *channel, NULL, NULL, &error); - if (error != NULL) + if (error != NULL || line == NULL) { - g_warning ("Error reading line from helper: %s", error->message); - g_error_free (error); + /* In case we get just G_IO_HUP, line is NULL but error is + unset.*/ + g_warning ("Error reading line from helper: %s", + error ? error->message : "nothing to read"); + g_clear_error (&error); complete_session (session, FALSE); goto out; @@ -540,6 +515,9 @@ io_watch_have_data (GIOChannel *channel, g_free (line); g_free (unescaped); + if (condition & (G_IO_ERR | G_IO_HUP)) + complete_session (session, FALSE); + /* keep the IOChannel around */ return TRUE; } @@ -650,12 +628,9 @@ polkit_agent_session_initiate (PolkitAgentSession *session) if (G_UNLIKELY (_show_debug ())) g_print ("PolkitAgentSession: spawned helper with pid %d\n", (gint) session->child_pid); - session->child_watch_source = g_child_watch_source_new (session->child_pid); - g_source_set_callback (session->child_watch_source, (GSourceFunc) child_watch_func, session, NULL); - g_source_attach (session->child_watch_source, g_main_context_get_thread_default ()); - session->child_stdout_channel = g_io_channel_unix_new (session->child_stdout); - session->child_stdout_watch_source = g_io_create_watch (session->child_stdout_channel, G_IO_IN); + session->child_stdout_watch_source = g_io_create_watch (session->child_stdout_channel, + G_IO_IN | G_IO_ERR | G_IO_HUP); g_source_set_callback (session->child_stdout_watch_source, (GSourceFunc) io_watch_have_data, session, NULL); g_source_attach (session->child_stdout_watch_source, g_main_context_get_thread_default ()); -- cgit v1.2.3 From c8dcff992837114ea9f256d71ef91301f6adbecd Mon Sep 17 00:00:00 2001 From: Lukasz Skalski Date: Tue, 22 Apr 2014 11:11:20 +0200 Subject: polkitd: Fix problem with removing non-existent source Bug: https://bugs.freedesktop.org/show_bug.cgi?id=77167 Applied-upstream: 0.113, commit:3ca4e00c7e003ea80aa96b499bc7cd83246d7108 Gbp-Pq: Topic 0.113 Gbp-Pq: Name polkitd-Fix-problem-with-removing-non-existent-sourc.patch --- src/polkitd/main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/polkitd/main.c b/src/polkitd/main.c index b21723f6..f18fb917 100644 --- a/src/polkitd/main.c +++ b/src/polkitd/main.c @@ -93,7 +93,7 @@ on_sigint (gpointer user_data) { g_print ("Handling SIGINT\n"); g_main_loop_quit (loop); - return FALSE; + return TRUE; } int -- cgit v1.2.3 From 3a09d3af19edc841e73aa6591acdf9f021c942c1 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Wed, 21 Aug 2013 12:23:55 -0400 Subject: PolkitSystemBusName: Add public API to retrieve Unix user And change the duplicated code in the backend session monitors to use it. This just a code cleanup resulting from review after CVE-2013-4288. There's no security impact from this patch, it just removes duplicated code. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=69538 Origin: upstream, 0.113, commit:904d8404d93dec45fce3b719eb1a626acc6b8a73 Gbp-Pq: Topic 0.113 Gbp-Pq: Name PolkitSystemBusName-Add-public-API-to-retrieve-Unix-.patch --- src/polkit/polkitsystembusname.c | 56 ++++++++++++++++++++++ src/polkit/polkitsystembusname.h | 4 ++ .../polkitbackendsessionmonitor-systemd.c | 20 +------- src/polkitbackend/polkitbackendsessionmonitor.c | 20 +------- 4 files changed, 62 insertions(+), 38 deletions(-) diff --git a/src/polkit/polkitsystembusname.c b/src/polkit/polkitsystembusname.c index 2a297c4a..51e4a694 100644 --- a/src/polkit/polkitsystembusname.c +++ b/src/polkit/polkitsystembusname.c @@ -25,6 +25,7 @@ #include #include "polkitsystembusname.h" +#include "polkitunixuser.h" #include "polkitsubject.h" #include "polkitprivate.h" @@ -396,3 +397,58 @@ polkit_system_bus_name_get_process_sync (PolkitSystemBusName *system_bus_name, return ret; } +/** + * polkit_system_bus_name_get_user_sync: + * @system_bus_name: A #PolkitSystemBusName. + * @cancellable: (allow-none): A #GCancellable or %NULL. + * @error: (allow-none): Return location for error or %NULL. + * + * Synchronously gets a #PolkitUnixUser object for @system_bus_name; + * the calling thread is blocked until a reply is received. + * + * Returns: (allow-none) (transfer full): A #PolkitUnixUser object or %NULL if @error is set. + **/ +PolkitUnixUser * +polkit_system_bus_name_get_user_sync (PolkitSystemBusName *system_bus_name, + GCancellable *cancellable, + GError **error) +{ + GDBusConnection *connection; + PolkitUnixUser *ret; + GVariant *result; + guint32 uid; + + g_return_val_if_fail (POLKIT_IS_SYSTEM_BUS_NAME (system_bus_name), NULL); + g_return_val_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable), NULL); + g_return_val_if_fail (error == NULL || *error == NULL, NULL); + + ret = NULL; + + connection = g_bus_get_sync (G_BUS_TYPE_SYSTEM, cancellable, error); + if (connection == NULL) + goto out; + + result = g_dbus_connection_call_sync (connection, + "org.freedesktop.DBus", /* name */ + "/org/freedesktop/DBus", /* object path */ + "org.freedesktop.DBus", /* interface name */ + "GetConnectionUnixUser", /* method */ + g_variant_new ("(s)", system_bus_name->name), + G_VARIANT_TYPE ("(u)"), + G_DBUS_CALL_FLAGS_NONE, + -1, + cancellable, + error); + if (result == NULL) + goto out; + + g_variant_get (result, "(u)", &uid); + g_variant_unref (result); + + ret = (PolkitUnixUser*)polkit_unix_user_new (uid); + + out: + if (connection != NULL) + g_object_unref (connection); + return ret; +} diff --git a/src/polkit/polkitsystembusname.h b/src/polkit/polkitsystembusname.h index 1fc464fc..38d31f71 100644 --- a/src/polkit/polkitsystembusname.h +++ b/src/polkit/polkitsystembusname.h @@ -56,6 +56,10 @@ PolkitSubject *polkit_system_bus_name_get_process_sync (PolkitSystemBusName GCancellable *cancellable, GError **error); +PolkitUnixUser * polkit_system_bus_name_get_user_sync (PolkitSystemBusName *system_bus_name, + GCancellable *cancellable, + GError **error); + G_END_DECLS #endif /* __POLKIT_SYSTEM_BUS_NAME_H */ diff --git a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c index 58593c32..01853105 100644 --- a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c +++ b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c @@ -277,25 +277,7 @@ polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor } else if (POLKIT_IS_SYSTEM_BUS_NAME (subject)) { - GVariant *result; - - result = g_dbus_connection_call_sync (monitor->system_bus, - "org.freedesktop.DBus", - "/org/freedesktop/DBus", - "org.freedesktop.DBus", - "GetConnectionUnixUser", - g_variant_new ("(s)", polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (subject))), - G_VARIANT_TYPE ("(u)"), - G_DBUS_CALL_FLAGS_NONE, - -1, /* timeout_msec */ - NULL, /* GCancellable */ - error); - if (result == NULL) - goto out; - g_variant_get (result, "(u)", &uid); - g_variant_unref (result); - - ret = polkit_unix_user_new (uid); + ret = (PolkitIdentity*)polkit_system_bus_name_get_user_sync (POLKIT_SYSTEM_BUS_NAME (subject), NULL, error); } else if (POLKIT_IS_UNIX_SESSION (subject)) { diff --git a/src/polkitbackend/polkitbackendsessionmonitor.c b/src/polkitbackend/polkitbackendsessionmonitor.c index 9c331b64..4075d3ff 100644 --- a/src/polkitbackend/polkitbackendsessionmonitor.c +++ b/src/polkitbackend/polkitbackendsessionmonitor.c @@ -306,25 +306,7 @@ polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor } else if (POLKIT_IS_SYSTEM_BUS_NAME (subject)) { - GVariant *result; - - result = g_dbus_connection_call_sync (monitor->system_bus, - "org.freedesktop.DBus", - "/org/freedesktop/DBus", - "org.freedesktop.DBus", - "GetConnectionUnixUser", - g_variant_new ("(s)", polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (subject))), - G_VARIANT_TYPE ("(u)"), - G_DBUS_CALL_FLAGS_NONE, - -1, /* timeout_msec */ - NULL, /* GCancellable */ - error); - if (result == NULL) - goto out; - g_variant_get (result, "(u)", &uid); - g_variant_unref (result); - - ret = polkit_unix_user_new (uid); + ret = (PolkitIdentity*)polkit_system_bus_name_get_user_sync (POLKIT_SYSTEM_BUS_NAME (subject)); } else if (POLKIT_IS_UNIX_SESSION (subject)) { -- cgit v1.2.3 From bee859dce164c5e1847446ad0d234b6b31f21371 Mon Sep 17 00:00:00 2001 From: Xabier Rodriguez Calvar Date: Sun, 10 Nov 2013 19:16:41 +0100 Subject: Fixed compilation problem in the backend Origin: upstream, 0.113, commit: dbbb7dc60abdd970af0a8fae404484181fa909c9 Bug-Debian: https://bugs.debian.org/798769 Gbp-Pq: Topic 0.113 Gbp-Pq: Name Fixed-compilation-problem-in-the-backend.patch --- src/polkitbackend/polkitbackendsessionmonitor.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/polkitbackend/polkitbackendsessionmonitor.c b/src/polkitbackend/polkitbackendsessionmonitor.c index 4075d3ff..05f51c58 100644 --- a/src/polkitbackend/polkitbackendsessionmonitor.c +++ b/src/polkitbackend/polkitbackendsessionmonitor.c @@ -306,7 +306,7 @@ polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor } else if (POLKIT_IS_SYSTEM_BUS_NAME (subject)) { - ret = (PolkitIdentity*)polkit_system_bus_name_get_user_sync (POLKIT_SYSTEM_BUS_NAME (subject)); + ret = (PolkitIdentity*)polkit_system_bus_name_get_user_sync (POLKIT_SYSTEM_BUS_NAME (subject), NULL, NULL); } else if (POLKIT_IS_UNIX_SESSION (subject)) { -- cgit v1.2.3 From ef4114df3997f25fa122e55146fb9100a6942602 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Mon, 11 Nov 2013 23:51:23 +0100 Subject: Don't discard error data returned by polkit_system_bus_name_get_user_sync Bug: https://bugs.freedesktop.org/show_bug.cgi?id=71458 Origin: upstream, 0.113, commit: 145d43b9c891f248ad68ebe597cb151a865bdb3a Bug-Debian: https://bugs.debian.org/798769 Gbp-Pq: Topic 0.113 Gbp-Pq: Name Don-t-discard-error-data-returned-by-polkit_system_b.patch --- src/polkitbackend/polkitbackendsessionmonitor.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/polkitbackend/polkitbackendsessionmonitor.c b/src/polkitbackend/polkitbackendsessionmonitor.c index 05f51c58..e1a9ab3a 100644 --- a/src/polkitbackend/polkitbackendsessionmonitor.c +++ b/src/polkitbackend/polkitbackendsessionmonitor.c @@ -306,7 +306,7 @@ polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor } else if (POLKIT_IS_SYSTEM_BUS_NAME (subject)) { - ret = (PolkitIdentity*)polkit_system_bus_name_get_user_sync (POLKIT_SYSTEM_BUS_NAME (subject), NULL, NULL); + ret = (PolkitIdentity*)polkit_system_bus_name_get_user_sync (POLKIT_SYSTEM_BUS_NAME (subject), NULL, error); } else if (POLKIT_IS_UNIX_SESSION (subject)) { -- cgit v1.2.3 From 64f1beedd1bb78c1258615f3352881ee6828c148 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Thu, 7 Nov 2013 15:57:50 -0500 Subject: sessionmonitor-systemd: Deduplicate code paths We had the code to go from pid -> session duplicated. If we have a PolkitSystemBusName, convert it to a PolkitUnixProcess. Then we can do PolkitUnixProcess -> pid -> session in one place. This is just a code cleanup. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=69538 Origin: upstream, 0.113, commit:26d0c0578211fb96fc8fe75572aa11ad6ecbf9b8 Gbp-Pq: Topic 0.113 Gbp-Pq: Name sessionmonitor-systemd-Deduplicate-code-paths.patch --- .../polkitbackendsessionmonitor-systemd.c | 63 ++++++++-------------- 1 file changed, 22 insertions(+), 41 deletions(-) diff --git a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c index 01853105..756b728a 100644 --- a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c +++ b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c @@ -313,61 +313,42 @@ polkit_backend_session_monitor_get_session_for_subject (PolkitBackendSessionMoni PolkitSubject *subject, GError **error) { - PolkitSubject *session; - - session = NULL; + PolkitUnixProcess *tmp_process = NULL; + PolkitUnixProcess *process = NULL; + PolkitSubject *session = NULL; + char *session_id = NULL; + pid_t pid; if (POLKIT_IS_UNIX_PROCESS (subject)) - { - gchar *session_id; - pid_t pid; - - pid = polkit_unix_process_get_pid (POLKIT_UNIX_PROCESS (subject)); - if (sd_pid_get_session (pid, &session_id) < 0) - goto out; - - session = polkit_unix_session_new (session_id); - free (session_id); - } + process = POLKIT_UNIX_PROCESS (subject); /* We already have a process */ else if (POLKIT_IS_SYSTEM_BUS_NAME (subject)) { - guint32 pid; - gchar *session_id; - GVariant *result; - - result = g_dbus_connection_call_sync (monitor->system_bus, - "org.freedesktop.DBus", - "/org/freedesktop/DBus", - "org.freedesktop.DBus", - "GetConnectionUnixProcessID", - g_variant_new ("(s)", polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (subject))), - G_VARIANT_TYPE ("(u)"), - G_DBUS_CALL_FLAGS_NONE, - -1, /* timeout_msec */ - NULL, /* GCancellable */ - error); - if (result == NULL) - goto out; - g_variant_get (result, "(u)", &pid); - g_variant_unref (result); - - if (sd_pid_get_session (pid, &session_id) < 0) - goto out; - - session = polkit_unix_session_new (session_id); - free (session_id); + /* Convert bus name to process */ + tmp_process = (PolkitUnixProcess*)polkit_system_bus_name_get_process_sync (POLKIT_SYSTEM_BUS_NAME (subject), NULL, error); + if (!tmp_process) + goto out; + process = tmp_process; } else { g_set_error (error, POLKIT_ERROR, POLKIT_ERROR_NOT_SUPPORTED, - "Cannot get user for subject of type %s", + "Cannot get session for subject of type %s", g_type_name (G_TYPE_FROM_INSTANCE (subject))); } - out: + /* Now do process -> pid -> session */ + g_assert (process != NULL); + pid = polkit_unix_process_get_pid (process); + if (sd_pid_get_session (pid, &session_id) < 0) + goto out; + + session = polkit_unix_session_new (session_id); + free (session_id); + out: + if (tmp_process) g_object_unref (tmp_process); return session; } -- cgit v1.2.3 From 37cae92289cc503a06537e44a9c215b2505c4cb4 Mon Sep 17 00:00:00 2001 From: Kay Sievers Date: Mon, 19 May 2014 10:19:49 +0900 Subject: sessionmonitor-systemd: prepare for D-Bus "user bus" model In the D-Bus "user bus" model, all sessions of a user share the same D-Bus instance, a polkit requesting process might live outside the login session which registered the user's polkit agent. In case a polkit requesting process is not part of the user's login session, we ask systemd-logind for the user's "display" session instead. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=78905 Bug-Debian: https://bugs.debian.org/779988 Applied-upstream: 0.113, commit:a68f5dfd7662767b7b9822090b70bc5bd145c50c [smcv: backport configure.ac changes; fail with #error if the required API is not found] Gbp-Pq: Topic 0.113 Gbp-Pq: Name sessionmonitor-systemd-prepare-for-D-Bus-user-bus-mo.patch --- configure.ac | 4 +++ .../polkitbackendsessionmonitor-systemd.c | 29 ++++++++++++++++++---- 2 files changed, 28 insertions(+), 5 deletions(-) diff --git a/configure.ac b/configure.ac index f4a0c417..aa2760f9 100644 --- a/configure.ac +++ b/configure.ac @@ -165,6 +165,10 @@ if test "$enable_systemd" != "no"; then have_systemd=no) if test "$have_systemd" = "yes"; then SESSION_TRACKING=systemd + save_LIBS=$LIBS + LIBS=$SYSTEMD_LIBS + AC_CHECK_FUNCS(sd_uid_get_display) + LIBS=$save_LIBS else if test "$enable_systemd" = "yes"; then AC_MSG_ERROR([systemd support requested but libsystemd-login1 library not found]) diff --git a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c index 756b728a..ebd05cea 100644 --- a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c +++ b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c @@ -318,6 +318,9 @@ polkit_backend_session_monitor_get_session_for_subject (PolkitBackendSessionMoni PolkitSubject *session = NULL; char *session_id = NULL; pid_t pid; +#if HAVE_SD_UID_GET_DISPLAY + uid_t uid; +#endif if (POLKIT_IS_UNIX_PROCESS (subject)) process = POLKIT_UNIX_PROCESS (subject); /* We already have a process */ @@ -338,16 +341,32 @@ polkit_backend_session_monitor_get_session_for_subject (PolkitBackendSessionMoni g_type_name (G_TYPE_FROM_INSTANCE (subject))); } - /* Now do process -> pid -> session */ + /* Now do process -> pid -> same session */ g_assert (process != NULL); pid = polkit_unix_process_get_pid (process); - if (sd_pid_get_session (pid, &session_id) < 0) + if (sd_pid_get_session (pid, &session_id) >= 0) + { + session = polkit_unix_session_new (session_id); + goto out; + } + +#if HAVE_SD_UID_GET_DISPLAY + /* Now do process -> uid -> graphical session (systemd version 213)*/ + if (sd_pid_get_owner_uid (pid, &uid) < 0) goto out; - - session = polkit_unix_session_new (session_id); - free (session_id); + + if (sd_uid_get_display (uid, &session_id) >= 0) + { + session = polkit_unix_session_new (session_id); + goto out; + } +#else +#error Debian should have sd_uid_get_display() +#endif + out: + free (session_id); if (tmp_process) g_object_unref (tmp_process); return session; } -- cgit v1.2.3 From 7990ccecc628da01e4c23276b638e94e5f1b8064 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Tue, 26 Aug 2014 17:59:47 +0200 Subject: Refuse duplicate --user arguments to pkexec This usage is clearly erroneous, so we should tell the users they are making a mistake. Besides, this allows an attacker to cause a high number of heap allocations with attacker-controlled sizes ( http://googleprojectzero.blogspot.cz/2014/08/the-poisoned-nul-byte-2014-edition.html ), making some exploits easier. (To be clear, this is not a pkexec vulnerability, and we will not refuse attacker-affected malloc() usage as a matter of policy; but this commit is both user-friendly and adding some hardening.) Bug: https://bugs.freedesktop.org/show_bug.cgi?id=83093 Origin: upstream, 0.113, commit:6c992bc8aefa195a41eaa41c07f46f17de18e25c Gbp-Pq: Topic 0.113 Gbp-Pq: Name Refuse-duplicate-user-arguments-to-pkexec.patch --- src/programs/pkexec.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c index 5e990443..abc660df 100644 --- a/src/programs/pkexec.c +++ b/src/programs/pkexec.c @@ -533,6 +533,11 @@ main (int argc, char *argv[]) goto out; } + if (opt_user != NULL) + { + g_printerr ("--user specified twice\n"); + goto out; + } opt_user = g_strdup (argv[n]); } else if (strcmp (argv[n], "--disable-internal-agent") == 0) -- cgit v1.2.3 From b7410c5fd9fb9099ec87c7e3eca2857143567bb1 Mon Sep 17 00:00:00 2001 From: "Max A. Dednev" Date: Sun, 11 Jan 2015 20:00:44 -0500 Subject: authority: Fix memory leak in EnumerateActions call results handler Policykit-1 doesn't release reference counters of GVariant data for org.freedesktop.PolicyKit1.Authority.EnumerateActions dbus call. This patch fixed reference counting and following memory leak. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=88288 Origin: upstream, 0.113, commit:f4d71e0de885010494b8b0b8d62ca910011d7544 Gbp-Pq: Topic 0.113 Gbp-Pq: Name 00git_fix_memleak.patch --- src/polkit/polkitauthority.c | 1 - 1 file changed, 1 deletion(-) diff --git a/src/polkit/polkitauthority.c b/src/polkit/polkitauthority.c index 9947cf32..84dab72c 100644 --- a/src/polkit/polkitauthority.c +++ b/src/polkit/polkitauthority.c @@ -715,7 +715,6 @@ polkit_authority_enumerate_actions_finish (PolkitAuthority *authority, while ((child = g_variant_iter_next_value (&iter)) != NULL) { ret = g_list_prepend (ret, polkit_action_description_new_for_gvariant (child)); - g_variant_ref_sink (child); g_variant_unref (child); } ret = g_list_reverse (ret); -- cgit v1.2.3 From 52ba6fefbee5c799986ed5312095dd34f4749527 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Sat, 30 May 2015 09:06:23 -0400 Subject: CVE-2015-3218: backend: Handle invalid object paths in RegisterAuthenticationAgent MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Properly propagate the error, otherwise we dereference a `NULL` pointer. This is a local, authenticated DoS. `RegisterAuthenticationAgentWithOptions` and `UnregisterAuthentication` have been validated to not need changes for this. http://lists.freedesktop.org/archives/polkit-devel/2015-May/000420.html Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90829 Bug-Debian: https://bugs.debian.org/787932 Reported-by: Tavis Ormandy Reviewed-by: Philip Withnall Reviewed-by: Miloslav Trmač Signed-off-by: Colin Walters Origin: upstream, 0.113, commit:48e646918efb2bf0b3b505747655726d7869f31c Gbp-Pq: Topic 0.113 Gbp-Pq: Name 00git_invalid_object_paths.patch --- .../polkitbackendinteractiveauthority.c | 53 ++++++++++++---------- 1 file changed, 30 insertions(+), 23 deletions(-) diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c index b237e9db..25e13fb0 100644 --- a/src/polkitbackend/polkitbackendinteractiveauthority.c +++ b/src/polkitbackend/polkitbackendinteractiveauthority.c @@ -1558,36 +1558,42 @@ authentication_agent_new (PolkitSubject *scope, const gchar *unique_system_bus_name, const gchar *locale, const gchar *object_path, - GVariant *registration_options) + GVariant *registration_options, + GError **error) { AuthenticationAgent *agent; - GError *error; + GDBusProxy *proxy; - agent = g_new0 (AuthenticationAgent, 1); + if (!g_variant_is_object_path (object_path)) + { + g_set_error (error, POLKIT_ERROR, POLKIT_ERROR_FAILED, + "Invalid object path '%s'", object_path); + return NULL; + } + + proxy = g_dbus_proxy_new_for_bus_sync (G_BUS_TYPE_SYSTEM, + G_DBUS_PROXY_FLAGS_DO_NOT_LOAD_PROPERTIES | + G_DBUS_PROXY_FLAGS_DO_NOT_CONNECT_SIGNALS, + NULL, /* GDBusInterfaceInfo* */ + unique_system_bus_name, + object_path, + "org.freedesktop.PolicyKit1.AuthenticationAgent", + NULL, /* GCancellable* */ + error); + if (proxy == NULL) + { + g_prefix_error (error, "Failed to construct proxy for agent: " ); + return NULL; + } + agent = g_new0 (AuthenticationAgent, 1); agent->ref_count = 1; agent->scope = g_object_ref (scope); agent->object_path = g_strdup (object_path); agent->unique_system_bus_name = g_strdup (unique_system_bus_name); agent->locale = g_strdup (locale); agent->registration_options = registration_options != NULL ? g_variant_ref (registration_options) : NULL; - - error = NULL; - agent->proxy = g_dbus_proxy_new_for_bus_sync (G_BUS_TYPE_SYSTEM, - G_DBUS_PROXY_FLAGS_DO_NOT_LOAD_PROPERTIES | - G_DBUS_PROXY_FLAGS_DO_NOT_CONNECT_SIGNALS, - NULL, /* GDBusInterfaceInfo* */ - agent->unique_system_bus_name, - agent->object_path, - "org.freedesktop.PolicyKit1.AuthenticationAgent", - NULL, /* GCancellable* */ - &error); - if (agent->proxy == NULL) - { - g_warning ("Error constructing proxy for agent: %s", error->message); - g_error_free (error); - /* TODO: Make authentication_agent_new() return NULL and set a GError */ - } + agent->proxy = proxy; return agent; } @@ -2234,8 +2240,6 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken caller_cmdline = NULL; agent = NULL; - /* TODO: validate that object path is well-formed */ - interactive_authority = POLKIT_BACKEND_INTERACTIVE_AUTHORITY (authority); priv = POLKIT_BACKEND_INTERACTIVE_AUTHORITY_GET_PRIVATE (interactive_authority); @@ -2322,7 +2326,10 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (caller)), locale, object_path, - options); + options, + error); + if (!agent) + goto out; g_hash_table_insert (priv->hash_scope_to_authentication_agent, g_object_ref (subject), -- cgit v1.2.3 From dc3fca0a42bc072951f332e4e998cbbdce617aaf Mon Sep 17 00:00:00 2001 From: Philip Withnall Date: Tue, 2 Jun 2015 16:19:51 +0100 Subject: sessionmonitor-systemd: Use sd_uid_get_state() to check session activity MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Instead of using sd_pid_get_session() then sd_session_is_active() to determine whether the user is active, use sd_uid_get_state() directly. This gets the maximum of the states of all the user’s sessions, rather than the state of the session containing the subject process. Since the user is the security boundary, this is fine. This change is necessary for `systemd --user` sessions, where most user code will be forked off user@.service, rather than running inside the logind session (whether that be a foreground/active or background/online session). Policy-wise, the change is from checking whether the subject process is in an active session; to checking whether the subject process is owned by a user with at least one active session. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=76358 Applied-upstream: 0.113, commit:a29653ffa99e0809e15aa34afcd7b2df8593871c Bug-Debian: https://bugs.debian.org/779988 Gbp-Pq: Topic 0.113 Gbp-Pq: Name sessionmonitor-systemd-Use-sd_uid_get_state-to-check.patch --- .../polkitbackendsessionmonitor-systemd.c | 33 +++++++++++++++++++++- 1 file changed, 32 insertions(+), 1 deletion(-) diff --git a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c index ebd05cea..6bd517ab 100644 --- a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c +++ b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c @@ -391,6 +391,37 @@ gboolean polkit_backend_session_monitor_is_session_active (PolkitBackendSessionMonitor *monitor, PolkitSubject *session) { - return sd_session_is_active (polkit_unix_session_get_session_id (POLKIT_UNIX_SESSION (session))); + const char *session_id; + char *state; + uid_t uid; + gboolean is_active = FALSE; + + session_id = polkit_unix_session_get_session_id (POLKIT_UNIX_SESSION (session)); + + g_debug ("Checking whether session %s is active.", session_id); + + /* Check whether *any* of the user's current sessions are active. */ + if (sd_session_get_uid (session_id, &uid) < 0) + goto fallback; + + g_debug ("Session %s has UID %u.", session_id, uid); + + if (sd_uid_get_state (uid, &state) < 0) + goto fallback; + + g_debug ("UID %u has state %s.", uid, state); + + is_active = (g_strcmp0 (state, "active") == 0); + free (state); + + return is_active; + +fallback: + /* Fall back to checking the session. This is not ideal, since the user + * might have multiple sessions, and we cannot guarantee to have chosen + * the active one. + * + * See: https://bugs.freedesktop.org/show_bug.cgi?id=76358. */ + return sd_session_is_active (session_id); } -- cgit v1.2.3 From aa357c44383eba4a3f850e85478f6f240f164417 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Wed, 11 Jun 2014 22:36:50 +0200 Subject: Fix a possible NULL dereference. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit polkit_backend_session_monitor_get_user_for_subject() may return NULL (and because it is using external processes, we can’t really rule it out). The code was already anticipating NULL in the cleanup section, so handle it also when actually using the value. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=80767 Origin: upstream, 0.113, commit:6109543303def367b84eaac97d2ff9cefe735efb Gbp-Pq: Topic 0.113 Gbp-Pq: Name Fix-a-possible-NULL-dereference.patch --- src/polkitbackend/polkitbackendinteractiveauthority.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c index 25e13fb0..00ee0446 100644 --- a/src/polkitbackend/polkitbackendinteractiveauthority.c +++ b/src/polkitbackend/polkitbackendinteractiveauthority.c @@ -557,7 +557,11 @@ log_result (PolkitBackendInteractiveAuthority *authority, user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, subject, NULL); subject_str = polkit_subject_to_string (subject); - user_of_subject_str = polkit_identity_to_string (user_of_subject); + + if (user_of_subject != NULL) + user_of_subject_str = polkit_identity_to_string (user_of_subject); + else + user_of_subject_str = g_strdup (""); caller_str = polkit_subject_to_string (caller); subject_cmdline = _polkit_subject_get_cmdline (subject); -- cgit v1.2.3 From 9b6b9a6f72d57bbc867f1dd321fe7ad8298af58a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Wed, 11 Jun 2014 22:44:28 +0200 Subject: Remove a redundant assignment. Instead of a nonsensical (data = data), use the more customary ((void)data) to silence the warning about an unused parameter. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=80767 Origin: upstream, 0.113, commit:37143eb06cb0c4dffca67079dd1c10c5b191b6a7 Gbp-Pq: Topic 0.113 Gbp-Pq: Name Remove-a-redundant-assignment.patch --- src/polkitagent/polkitagenthelper-pam.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/polkitagent/polkitagenthelper-pam.c b/src/polkitagent/polkitagenthelper-pam.c index 292abbe4..937386e8 100644 --- a/src/polkitagent/polkitagenthelper-pam.c +++ b/src/polkitagent/polkitagenthelper-pam.c @@ -230,7 +230,7 @@ conversation_function (int n, const struct pam_message **msg, struct pam_respons gchar *tmp = NULL; size_t len; - data = data; + (void)data; if (n <= 0 || n > PAM_MAX_NUM_MSG) return PAM_CONV_ERR; -- cgit v1.2.3 From 1d80702ff8dc8d4a792b013ad7ae970923106806 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Mon, 15 Sep 2014 19:45:15 +0200 Subject: Fix duplicate GError use when "uid" is missing Some GLib versions complain loudly about this. To reproduce, call e.g. RegisterAuthenticationAgent with the following parameters: ("unix-process", {"pid": __import__('gi.repository.GLib', globals(), locals(), ['Variant']).Variant("u", 1), "start-time": __import__('gi.repository.GLib', globals(), locals(), ['Variant']).Variant("t", 1)}), "cs", "/" Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90877 Origin: upstream, 0.113, commit:2c8738941be18ef05ce724df46547f41dbc02fb5 Gbp-Pq: Topic 0.113 Gbp-Pq: Name Fix-duplicate-GError-use-when-uid-is-missing.patch --- src/polkit/polkitsubject.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/polkit/polkitsubject.c b/src/polkit/polkitsubject.c index aed57951..78ec745a 100644 --- a/src/polkit/polkitsubject.c +++ b/src/polkit/polkitsubject.c @@ -424,7 +424,7 @@ polkit_subject_new_for_gvariant (GVariant *variant, start_time = g_variant_get_uint64 (v); g_variant_unref (v); - v = lookup_asv (details_gvariant, "uid", G_VARIANT_TYPE_INT32, error); + v = lookup_asv (details_gvariant, "uid", G_VARIANT_TYPE_INT32, NULL); if (v != NULL) { uid = g_variant_get_int32 (v); -- cgit v1.2.3 From 46126189a340a22606f9d9d0423b376b9179dc34 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Sat, 6 Jun 2015 01:07:08 +0200 Subject: Fix a crash when two authentication requests are in flight. To reproduce: 1. pkttyagent -p $$ # or another suitable PID 2. pkcheck -p $that_pid -a org.freedesktop.policykit.exec -u 3. pkcheck -p $that_pid -a org.freedesktop.policykit.exec -u 4. Then, in the pkttyagent prompt, press Enter. polkit_agent_text_listener_initiate_authentication was already setting an appropriate error code, so the g_assert was unnecessary. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90879 Origin: upstream, 0.113, commit:e2d2fafd106624ddfea4b17d3f40704b2031c00b Gbp-Pq: Topic 0.113 Gbp-Pq: Name Fix-a-crash-when-two-authentication-requests-are-in-.patch --- src/polkitagent/polkitagenttextlistener.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/src/polkitagent/polkitagenttextlistener.c b/src/polkitagent/polkitagenttextlistener.c index b5c8a3f3..e63c2853 100644 --- a/src/polkitagent/polkitagenttextlistener.c +++ b/src/polkitagent/polkitagenttextlistener.c @@ -546,12 +546,10 @@ polkit_agent_text_listener_initiate_authentication_finish (PolkitAgentListener GAsyncResult *res, GError **error) { - PolkitAgentTextListener *listener = POLKIT_AGENT_TEXT_LISTENER (_listener); gboolean ret; g_warn_if_fail (g_simple_async_result_get_source_tag (G_SIMPLE_ASYNC_RESULT (res)) == polkit_agent_text_listener_initiate_authentication); - g_assert (listener->active_session == NULL); ret = FALSE; -- cgit v1.2.3 From c7c401faf45cfef317aaf44bd1a7be3eb735a371 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Thu, 4 Jun 2015 12:15:18 -0400 Subject: CVE-2015-4625: Use unpredictable cookie values, keep them secret MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Tavis noted that it'd be possible with a 32 bit counter for someone to cause the cookie to wrap by creating Authentication requests in a loop. Something important to note here is that wrapping of signed integers is undefined behavior in C, so we definitely want to fix that. All counter integers used in this patch are unsigned. See the comment above `authentication_agent_generate_cookie` for details, but basically we're now using a cookie of the form: ``` - - - ``` Which has multiple 64 bit counters, plus unpredictable random 128 bit integer ids (effectively UUIDs, but we're not calling them that because we don't need to be globally unique. We further ensure that the cookies are not visible to other processes by changing the setuid helper to accept them over standard input. This means that an attacker would have to guess both ids. In any case, the security hole here is better fixed with the other change to bind user id (uid) of the agent with cookie lookups, making cookie guessing worthless. Nevertheless, I think it's worth doing this change too, for defense in depth. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90832 CVE: CVE-2015-4625 Reported-by: Tavis Ormandy Reviewed-by: Miloslav Trmač Signed-off-by: Colin Walters Origin: upstream, 0.113, commit:ea544ffc18405237ccd95d28d7f45afef49aca17 Bug-Debian: https://bugs.debian.org/796134 Gbp-Pq: Topic 0.113 Gbp-Pq: Name CVE-2015-4625-Use-unpredictable-cookie-values-keep-t.patch --- configure.ac | 2 +- src/polkitagent/polkitagenthelper-pam.c | 12 ++- src/polkitagent/polkitagenthelper-shadow.c | 12 ++- src/polkitagent/polkitagenthelperprivate.c | 33 ++++++++ src/polkitagent/polkitagenthelperprivate.h | 2 + src/polkitagent/polkitagentsession.c | 30 ++++--- .../polkitbackendinteractiveauthority.c | 99 +++++++++++++++++----- 7 files changed, 150 insertions(+), 40 deletions(-) diff --git a/configure.ac b/configure.ac index aa2760f9..388605d2 100644 --- a/configure.ac +++ b/configure.ac @@ -123,7 +123,7 @@ if test "x$GCC" = "xyes"; then changequote([,])dnl fi -PKG_CHECK_MODULES(GLIB, [gio-2.0 >= 2.28.0]) +PKG_CHECK_MODULES(GLIB, [gmodule-2.0 gio-unix-2.0 >= 2.30.0]) AC_SUBST(GLIB_CFLAGS) AC_SUBST(GLIB_LIBS) diff --git a/src/polkitagent/polkitagenthelper-pam.c b/src/polkitagent/polkitagenthelper-pam.c index 937386e8..19062aa8 100644 --- a/src/polkitagent/polkitagenthelper-pam.c +++ b/src/polkitagent/polkitagenthelper-pam.c @@ -65,7 +65,7 @@ main (int argc, char *argv[]) { int rc; const char *user_to_auth; - const char *cookie; + char *cookie = NULL; struct pam_conv pam_conversation; pam_handle_t *pam_h; const void *authed_user; @@ -97,7 +97,7 @@ main (int argc, char *argv[]) openlog ("polkit-agent-helper-1", LOG_CONS | LOG_PID, LOG_AUTHPRIV); /* check for correct invocation */ - if (argc != 3) + if (!(argc == 2 || argc == 3)) { syslog (LOG_NOTICE, "inappropriate use of helper, wrong number of arguments [uid=%d]", getuid ()); fprintf (stderr, "polkit-agent-helper-1: wrong number of arguments. This incident has been logged.\n"); @@ -105,7 +105,10 @@ main (int argc, char *argv[]) } user_to_auth = argv[1]; - cookie = argv[2]; + + cookie = read_cookie (argc, argv); + if (!cookie) + goto error; if (getuid () != 0) { @@ -203,6 +206,8 @@ main (int argc, char *argv[]) goto error; } + free (cookie); + #ifdef PAH_DEBUG fprintf (stderr, "polkit-agent-helper-1: successfully sent D-Bus message to PolicyKit daemon\n"); #endif /* PAH_DEBUG */ @@ -212,6 +217,7 @@ main (int argc, char *argv[]) return 0; error: + free (cookie); if (pam_h != NULL) pam_end (pam_h, rc); diff --git a/src/polkitagent/polkitagenthelper-shadow.c b/src/polkitagent/polkitagenthelper-shadow.c index a4f73acf..e8779154 100644 --- a/src/polkitagent/polkitagenthelper-shadow.c +++ b/src/polkitagent/polkitagenthelper-shadow.c @@ -46,7 +46,7 @@ main (int argc, char *argv[]) { struct spwd *shadow; const char *user_to_auth; - const char *cookie; + char *cookie = NULL; time_t now; /* clear the entire environment to avoid attacks with @@ -67,7 +67,7 @@ main (int argc, char *argv[]) openlog ("polkit-agent-helper-1", LOG_CONS | LOG_PID, LOG_AUTHPRIV); /* check for correct invocation */ - if (argc != 3) + if (!(argc == 2 || argc == 3)) { syslog (LOG_NOTICE, "inappropriate use of helper, wrong number of arguments [uid=%d]", getuid ()); fprintf (stderr, "polkit-agent-helper-1: wrong number of arguments. This incident has been logged.\n"); @@ -86,7 +86,10 @@ main (int argc, char *argv[]) } user_to_auth = argv[1]; - cookie = argv[2]; + + cookie = read_cookie (argc, argv); + if (!cookie) + goto error; #ifdef PAH_DEBUG fprintf (stderr, "polkit-agent-helper-1: user to auth is '%s'.\n", user_to_auth); @@ -153,6 +156,8 @@ main (int argc, char *argv[]) goto error; } + free (cookie); + #ifdef PAH_DEBUG fprintf (stderr, "polkit-agent-helper-1: successfully sent D-Bus message to PolicyKit daemon\n"); #endif /* PAH_DEBUG */ @@ -162,6 +167,7 @@ main (int argc, char *argv[]) return 0; error: + free (cookie); fprintf (stdout, "FAILURE\n"); flush_and_wait (); return 1; diff --git a/src/polkitagent/polkitagenthelperprivate.c b/src/polkitagent/polkitagenthelperprivate.c index 4417e70f..a99de7dd 100644 --- a/src/polkitagent/polkitagenthelperprivate.c +++ b/src/polkitagent/polkitagenthelperprivate.c @@ -23,6 +23,7 @@ #include "config.h" #include "polkitagenthelperprivate.h" #include +#include #include #include @@ -45,6 +46,38 @@ _polkit_clearenv (void) #endif +char * +read_cookie (int argc, char **argv) +{ + /* As part of CVE-2015-4625, we started passing the cookie + * on standard input, to ensure it's not visible to other + * processes. However, to ensure that things continue + * to work if the setuid binary is upgraded while old + * agents are still running (this will be common with + * package managers), we support both modes. + */ + if (argc == 3) + return strdup (argv[2]); + else + { + char *ret = NULL; + size_t n = 0; + ssize_t r = getline (&ret, &n, stdin); + if (r == -1) + { + if (!feof (stdin)) + perror ("getline"); + free (ret); + return NULL; + } + else + { + g_strchomp (ret); + return ret; + } + } +} + gboolean send_dbus_message (const char *cookie, const char *user) { diff --git a/src/polkitagent/polkitagenthelperprivate.h b/src/polkitagent/polkitagenthelperprivate.h index aeca2c74..547fdccf 100644 --- a/src/polkitagent/polkitagenthelperprivate.h +++ b/src/polkitagent/polkitagenthelperprivate.h @@ -38,6 +38,8 @@ int _polkit_clearenv (void); +char *read_cookie (int argc, char **argv); + gboolean send_dbus_message (const char *cookie, const char *user); void flush_and_wait (); diff --git a/src/polkitagent/polkitagentsession.c b/src/polkitagent/polkitagentsession.c index a658a229..6a3d6bc9 100644 --- a/src/polkitagent/polkitagentsession.c +++ b/src/polkitagent/polkitagentsession.c @@ -55,6 +55,7 @@ #include #include #include +#include #include #include "polkitagentmarshal.h" @@ -88,7 +89,7 @@ struct _PolkitAgentSession gchar *cookie; PolkitIdentity *identity; - int child_stdin; + GOutputStream *child_stdin; int child_stdout; GPid child_pid; @@ -129,7 +130,6 @@ G_DEFINE_TYPE (PolkitAgentSession, polkit_agent_session, G_TYPE_OBJECT); static void polkit_agent_session_init (PolkitAgentSession *session) { - session->child_stdin = -1; session->child_stdout = -1; } @@ -395,11 +395,7 @@ kill_helper (PolkitAgentSession *session) session->child_stdout = -1; } - if (session->child_stdin != -1) - { - g_warn_if_fail (close (session->child_stdin) == 0); - session->child_stdin = -1; - } + g_clear_object (&session->child_stdin); session->helper_is_running = FALSE; @@ -545,9 +541,9 @@ polkit_agent_session_response (PolkitAgentSession *session, add_newline = (response[response_len] != '\n'); - write (session->child_stdin, response, response_len); + (void) g_output_stream_write_all (session->child_stdin, response, response_len, NULL, NULL, NULL); if (add_newline) - write (session->child_stdin, newline, 1); + (void) g_output_stream_write_all (session->child_stdin, newline, 1, NULL, NULL, NULL); } /** @@ -567,8 +563,9 @@ polkit_agent_session_initiate (PolkitAgentSession *session) { uid_t uid; GError *error; - gchar *helper_argv[4]; + gchar *helper_argv[3]; struct passwd *passwd; + int stdin_fd = -1; g_return_if_fail (POLKIT_AGENT_IS_SESSION (session)); @@ -600,10 +597,8 @@ polkit_agent_session_initiate (PolkitAgentSession *session) helper_argv[0] = PACKAGE_LIBEXEC_DIR "/polkit-agent-helper-1"; helper_argv[1] = passwd->pw_name; - helper_argv[2] = session->cookie; - helper_argv[3] = NULL; + helper_argv[2] = NULL; - session->child_stdin = -1; session->child_stdout = -1; error = NULL; @@ -615,7 +610,7 @@ polkit_agent_session_initiate (PolkitAgentSession *session) NULL, NULL, &session->child_pid, - &session->child_stdin, + &stdin_fd, &session->child_stdout, NULL, &error)) @@ -628,6 +623,13 @@ polkit_agent_session_initiate (PolkitAgentSession *session) if (G_UNLIKELY (_show_debug ())) g_print ("PolkitAgentSession: spawned helper with pid %d\n", (gint) session->child_pid); + session->child_stdin = (GOutputStream*)g_unix_output_stream_new (stdin_fd, TRUE); + + /* Write the cookie on stdin so it can't be seen by other processes */ + (void) g_output_stream_write_all (session->child_stdin, session->cookie, strlen (session->cookie), + NULL, NULL, NULL); + (void) g_output_stream_write_all (session->child_stdin, "\n", 1, NULL, NULL, NULL); + session->child_stdout_channel = g_io_channel_unix_new (session->child_stdout); session->child_stdout_watch_source = g_io_create_watch (session->child_stdout_channel, G_IO_IN | G_IO_ERR | G_IO_HUP); diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c index 00ee0446..10eda2c7 100644 --- a/src/polkitbackend/polkitbackendinteractiveauthority.c +++ b/src/polkitbackend/polkitbackendinteractiveauthority.c @@ -212,6 +212,8 @@ typedef struct GDBusConnection *system_bus_connection; guint name_owner_changed_signal_id; + + guint64 agent_serial; } PolkitBackendInteractiveAuthorityPrivate; /* ---------------------------------------------------------------------------------------------------- */ @@ -430,11 +432,15 @@ struct AuthenticationAgent volatile gint ref_count; PolkitSubject *scope; + guint64 serial; gchar *locale; GVariant *registration_options; gchar *object_path; gchar *unique_system_bus_name; + GRand *cookie_pool; + gchar *cookie_prefix; + guint64 cookie_serial; GDBusProxy *proxy; @@ -1430,9 +1436,54 @@ authentication_session_cancelled_cb (GCancellable *cancellable, authentication_session_cancel (session); } +/* We're not calling this a UUID, but it's basically + * the same thing, just not formatted that way because: + * + * - I'm too lazy to do it + * - If we did, people might think it was actually + * generated from /dev/random, which we're not doing + * because this value doesn't actually need to be + * globally unique. + */ +static void +append_rand_u128_str (GString *buf, + GRand *pool) +{ + g_string_append_printf (buf, "%08x%08x%08x%08x", + g_rand_int (pool), + g_rand_int (pool), + g_rand_int (pool), + g_rand_int (pool)); +} + +/* A value that should be unique to the (AuthenticationAgent, AuthenticationSession) + * pair, and not guessable by other agents. + * + * - - - + * + * See http://lists.freedesktop.org/archives/polkit-devel/2015-June/000425.html + * + */ +static gchar * +authentication_agent_generate_cookie (AuthenticationAgent *agent) +{ + GString *buf = g_string_new (""); + + g_string_append (buf, agent->cookie_prefix); + + g_string_append_c (buf, '-'); + agent->cookie_serial++; + g_string_append_printf (buf, "%" G_GUINT64_FORMAT, + agent->cookie_serial); + g_string_append_c (buf, '-'); + append_rand_u128_str (buf, agent->cookie_pool); + + return g_string_free (buf, FALSE); +} + + static AuthenticationSession * authentication_session_new (AuthenticationAgent *agent, - const gchar *cookie, PolkitSubject *subject, PolkitIdentity *user_of_subject, PolkitSubject *caller, @@ -1449,7 +1500,7 @@ authentication_session_new (AuthenticationAgent *agent, session = g_new0 (AuthenticationSession, 1); session->agent = authentication_agent_ref (agent); - session->cookie = g_strdup (cookie); + session->cookie = authentication_agent_generate_cookie (agent); session->subject = g_object_ref (subject); session->user_of_subject = g_object_ref (user_of_subject); session->caller = g_object_ref (caller); @@ -1496,16 +1547,6 @@ authentication_session_free (AuthenticationSession *session) g_free (session); } -static gchar * -authentication_agent_new_cookie (AuthenticationAgent *agent) -{ - static gint counter = 0; - - /* TODO: use a more random-looking cookie */ - - return g_strdup_printf ("cookie%d", counter++); -} - static PolkitSubject * authentication_agent_get_scope (AuthenticationAgent *agent) { @@ -1553,12 +1594,15 @@ authentication_agent_unref (AuthenticationAgent *agent) g_free (agent->unique_system_bus_name); if (agent->registration_options != NULL) g_variant_unref (agent->registration_options); + g_rand_free (agent->cookie_pool); + g_free (agent->cookie_prefix); g_free (agent); } } static AuthenticationAgent * -authentication_agent_new (PolkitSubject *scope, +authentication_agent_new (guint64 serial, + PolkitSubject *scope, const gchar *unique_system_bus_name, const gchar *locale, const gchar *object_path, @@ -1592,6 +1636,7 @@ authentication_agent_new (PolkitSubject *scope, agent = g_new0 (AuthenticationAgent, 1); agent->ref_count = 1; + agent->serial = serial; agent->scope = g_object_ref (scope); agent->object_path = g_strdup (object_path); agent->unique_system_bus_name = g_strdup (unique_system_bus_name); @@ -1599,6 +1644,25 @@ authentication_agent_new (PolkitSubject *scope, agent->registration_options = registration_options != NULL ? g_variant_ref (registration_options) : NULL; agent->proxy = proxy; + { + GString *cookie_prefix = g_string_new (""); + GRand *agent_private_rand = g_rand_new (); + + g_string_append_printf (cookie_prefix, "%" G_GUINT64_FORMAT "-", agent->serial); + + /* Use a uniquely seeded PRNG to get a prefix cookie for this agent, + * whose sequence will not correlate with the per-authentication session + * cookies. + */ + append_rand_u128_str (cookie_prefix, agent_private_rand); + g_rand_free (agent_private_rand); + + agent->cookie_prefix = g_string_free (cookie_prefix, FALSE); + + /* And a newly seeded pool for per-session cookies */ + agent->cookie_pool = g_rand_new (); + } + return agent; } @@ -2083,7 +2147,6 @@ authentication_agent_initiate_challenge (AuthenticationAgent *agent, gpointer user_data) { AuthenticationSession *session; - gchar *cookie; GList *l; GList *identities; gchar *localized_message; @@ -2104,8 +2167,6 @@ authentication_agent_initiate_challenge (AuthenticationAgent *agent, &localized_icon_name, &localized_details); - cookie = authentication_agent_new_cookie (agent); - identities = NULL; /* select admin user if required by the implicit authorization */ @@ -2125,7 +2186,6 @@ authentication_agent_initiate_challenge (AuthenticationAgent *agent, } session = authentication_session_new (agent, - cookie, subject, user_of_subject, caller, @@ -2179,7 +2239,6 @@ authentication_agent_initiate_challenge (AuthenticationAgent *agent, g_list_foreach (identities, (GFunc) g_object_unref, NULL); g_list_free (identities); - g_free (cookie); g_free (localized_message); g_free (localized_icon_name); @@ -2326,7 +2385,9 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken goto out; } - agent = authentication_agent_new (subject, + priv->agent_serial++; + agent = authentication_agent_new (priv->agent_serial, + subject, polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (caller)), locale, object_path, -- cgit v1.2.3 From c7d3ab97bc4fd7cbd26cd800cd2649c4fab0b98d Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Wed, 17 Jun 2015 13:07:02 -0400 Subject: CVE-2015-4625: Bind use of cookies to specific uids MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit http://lists.freedesktop.org/archives/polkit-devel/2015-June/000425.html The "cookie" value that Polkit hands out is global to all polkit users. And when `AuthenticationAgentResponse` is invoked, we previously only received the cookie and *target* identity, and attempted to find an agent from that. The problem is that the current cookie is just an integer counter, and if it overflowed, it would be possible for an successful authorization in one session to trigger a response in another session. The overflow and ability to guess the cookie were fixed by the previous patch. This patch is conceptually further hardening on top of that. Polkit currently treats uids as equivalent from a security domain perspective; there is no support for SELinux/AppArmor/etc. differentiation. We can retrieve the uid from `getuid()` in the setuid helper, which allows us to ensure the uid invoking `AuthenticationAgentResponse2` matches that of the agent. Then the authority only looks at authentication sessions matching the cookie that were created by a matching uid, thus removing the ability for different uids to interfere with each other entirely. Several fixes to this patch were contributed by: Miloslav Trmač Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90837 CVE: CVE-2015-4625 Reported-by: Tavis Ormandy Reviewed-by: Miloslav Trmač Signed-off-by: Colin Walters Origin: upstream, 0.113, commit:493aa5dc1d278ab9097110c1262f5229bbaf1766 Bug-Debian: https://bugs.debian.org/796134 Gbp-Pq: Topic 0.113 Gbp-Pq: Name CVE-2015-4625-Bind-use-of-cookies-to-specific-uids.patch --- ....freedesktop.PolicyKit1.AuthenticationAgent.xml | 14 ++++- data/org.freedesktop.PolicyKit1.Authority.xml | 24 ++++++++- ...erface-org.freedesktop.PolicyKit1.Authority.xml | 46 +++++++++++++++- docs/polkit/overview.xml | 18 ++++--- src/polkit/polkitauthority.c | 13 ++++- src/polkitbackend/polkitbackendauthority.c | 61 +++++++++++++++++++++- src/polkitbackend/polkitbackendauthority.h | 2 + .../polkitbackendinteractiveauthority.c | 39 ++++++++++++-- 8 files changed, 198 insertions(+), 19 deletions(-) diff --git a/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml b/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml index 3b519c2f..5beef7d4 100644 --- a/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml +++ b/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml @@ -8,7 +8,19 @@ - + diff --git a/data/org.freedesktop.PolicyKit1.Authority.xml b/data/org.freedesktop.PolicyKit1.Authority.xml index fbfb9cdc..f9021ee2 100644 --- a/data/org.freedesktop.PolicyKit1.Authority.xml +++ b/data/org.freedesktop.PolicyKit1.Authority.xml @@ -313,7 +313,29 @@ - + + + + + + + + + + + + + + + + + + diff --git a/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml b/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml index 6525e250..e66bf534 100644 --- a/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml +++ b/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml @@ -42,6 +42,8 @@ Structure TemporaryAuth IN String object_path) AuthenticationAgentResponse (IN String cookie, IN Identity identity) +AuthenticationAgentResponse2 (IN uint32 uid, IN String cookie, + IN Identity identity) EnumerateTemporaryAuthorizations (IN Subject subject, OUT Array<TemporaryAuthorization> temporary_authorizations) RevokeTemporaryAuthorizations (IN Subject subject) @@ -777,9 +779,51 @@ AuthenticationAgentResponse (IN String cookie, IN Identity identity) -Method for authentication agents to invoke on successful authentication. This method will fail unless a sufficiently privileged caller invokes it. +Method for authentication agents to invoke on successful +authentication, intended only for use by a privileged helper process +internal to polkit. Deprecated in favor of AuthenticationAgentResponse2. + + + + IN String cookie: + + +The cookie identifying the authentication request that was passed to the authentication agent. + + + + + IN Identity identity: + + +A Identity struct describing what identity was authenticated. + + + + + + + AuthenticationAgentResponse2 () + +AuthenticationAgentResponse2 (IN uint32 uid, + IN String cookie, + IN Identity identity) + + +Method for authentication agents to invoke on successful +authentication, intended only for use by a privileged helper process +internal to polkit. Note this method was introduced in 0.114 to fix a security issue. + + IN uint32 uid: + + +The user id of the agent; normally this is the owner of the parent pid +of the process that invoked the internal setuid helper. + + + IN String cookie: diff --git a/docs/polkit/overview.xml b/docs/polkit/overview.xml index 24440d2e..c29d8da2 100644 --- a/docs/polkit/overview.xml +++ b/docs/polkit/overview.xml @@ -66,16 +66,18 @@ Authentication agents are provided by desktop environments. When an user session starts, the agent registers with the polkit - Authority using - the RegisterAuthenticationAgent() + Authority using the RegisterAuthenticationAgent() method. When services are needed, the authority will invoke - methods on - the org.freedesktop.PolicyKit1.AuthenticationAgent + methods on the org.freedesktop.PolicyKit1.AuthenticationAgent D-Bus interface. Once the user is authenticated, (a privileged - part of) the agent invokes - the AuthenticationAgentResponse() - method. Note that the polkit Authority itself does not care - how the agent authenticates the user. + part of) the agent invokes the AuthenticationAgentResponse() + method. This method should be treated as an internal + implementation detail, and callers should use the public shared + library API to invoke it, which currently uses a setuid helper + program. The libpolkit-agent-1 diff --git a/src/polkit/polkitauthority.c b/src/polkit/polkitauthority.c index 84dab72c..f45abc4a 100644 --- a/src/polkit/polkitauthority.c +++ b/src/polkit/polkitauthority.c @@ -1492,6 +1492,14 @@ polkit_authority_authentication_agent_response (PolkitAuthority *authority, gpointer user_data) { GVariant *identity_value; + /* Note that in reality, this API is only accessible to root, and + * only called from the setuid helper `polkit-agent-helper-1`. + * + * However, because this is currently public API, we avoid + * triggering warnings from ABI diff type programs by just grabbing + * the real uid of the caller here. + */ + uid_t uid = getuid (); g_return_if_fail (POLKIT_IS_AUTHORITY (authority)); g_return_if_fail (cookie != NULL); @@ -1501,8 +1509,9 @@ polkit_authority_authentication_agent_response (PolkitAuthority *authority, identity_value = polkit_identity_to_gvariant (identity); g_variant_ref_sink (identity_value); g_dbus_proxy_call (authority->proxy, - "AuthenticationAgentResponse", - g_variant_new ("(s@(sa{sv}))", + "AuthenticationAgentResponse2", + g_variant_new ("(us@(sa{sv}))", + (guint32)uid, cookie, identity_value), G_DBUS_CALL_FLAGS_NONE, diff --git a/src/polkitbackend/polkitbackendauthority.c b/src/polkitbackend/polkitbackendauthority.c index fd4f161c..d1b1a257 100644 --- a/src/polkitbackend/polkitbackendauthority.c +++ b/src/polkitbackend/polkitbackendauthority.c @@ -355,6 +355,7 @@ polkit_backend_authority_unregister_authentication_agent (PolkitBackendAuthority gboolean polkit_backend_authority_authentication_agent_response (PolkitBackendAuthority *authority, PolkitSubject *caller, + uid_t uid, const gchar *cookie, PolkitIdentity *identity, GError **error) @@ -373,7 +374,7 @@ polkit_backend_authority_authentication_agent_response (PolkitBackendAuthority } else { - return klass->authentication_agent_response (authority, caller, cookie, identity, error); + return klass->authentication_agent_response (authority, caller, uid, cookie, identity, error); } } @@ -587,6 +588,11 @@ static const gchar *server_introspection_data = " " " " " " + " " + " " + " " + " " + " " " " " " " " @@ -1035,6 +1041,57 @@ server_handle_authentication_agent_response (Server *server, error = NULL; if (!polkit_backend_authority_authentication_agent_response (server->authority, caller, + (uid_t)-1, + cookie, + identity, + &error)) + { + g_dbus_method_invocation_return_gerror (invocation, error); + g_error_free (error); + goto out; + } + + g_dbus_method_invocation_return_value (invocation, g_variant_new ("()")); + + out: + if (identity != NULL) + g_object_unref (identity); +} + +static void +server_handle_authentication_agent_response2 (Server *server, + GVariant *parameters, + PolkitSubject *caller, + GDBusMethodInvocation *invocation) +{ + const gchar *cookie; + GVariant *identity_gvariant; + PolkitIdentity *identity; + GError *error; + guint32 uid; + + identity = NULL; + + g_variant_get (parameters, + "(u&s@(sa{sv}))", + &uid, + &cookie, + &identity_gvariant); + + error = NULL; + identity = polkit_identity_new_for_gvariant (identity_gvariant, &error); + if (identity == NULL) + { + g_prefix_error (&error, "Error getting identity: "); + g_dbus_method_invocation_return_gerror (invocation, error); + g_error_free (error); + goto out; + } + + error = NULL; + if (!polkit_backend_authority_authentication_agent_response (server->authority, + caller, + (uid_t)uid, cookie, identity, &error)) @@ -1222,6 +1279,8 @@ server_handle_method_call (GDBusConnection *connection, server_handle_unregister_authentication_agent (server, parameters, caller, invocation); else if (g_strcmp0 (method_name, "AuthenticationAgentResponse") == 0) server_handle_authentication_agent_response (server, parameters, caller, invocation); + else if (g_strcmp0 (method_name, "AuthenticationAgentResponse2") == 0) + server_handle_authentication_agent_response2 (server, parameters, caller, invocation); else if (g_strcmp0 (method_name, "EnumerateTemporaryAuthorizations") == 0) server_handle_enumerate_temporary_authorizations (server, parameters, caller, invocation); else if (g_strcmp0 (method_name, "RevokeTemporaryAuthorizations") == 0) diff --git a/src/polkitbackend/polkitbackendauthority.h b/src/polkitbackend/polkitbackendauthority.h index a564054f..1c212e0d 100644 --- a/src/polkitbackend/polkitbackendauthority.h +++ b/src/polkitbackend/polkitbackendauthority.h @@ -154,6 +154,7 @@ struct _PolkitBackendAuthorityClass gboolean (*authentication_agent_response) (PolkitBackendAuthority *authority, PolkitSubject *caller, + uid_t uid, const gchar *cookie, PolkitIdentity *identity, GError **error); @@ -256,6 +257,7 @@ gboolean polkit_backend_authority_unregister_authentication_agent (PolkitBackend gboolean polkit_backend_authority_authentication_agent_response (PolkitBackendAuthority *authority, PolkitSubject *caller, + uid_t uid, const gchar *cookie, PolkitIdentity *identity, GError **error); diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c index 10eda2c7..5e29af2c 100644 --- a/src/polkitbackend/polkitbackendinteractiveauthority.c +++ b/src/polkitbackend/polkitbackendinteractiveauthority.c @@ -106,8 +106,9 @@ static AuthenticationAgent *get_authentication_agent_for_subject (PolkitBackendI PolkitSubject *subject); -static AuthenticationSession *get_authentication_session_for_cookie (PolkitBackendInteractiveAuthority *authority, - const gchar *cookie); +static AuthenticationSession *get_authentication_session_for_uid_and_cookie (PolkitBackendInteractiveAuthority *authority, + uid_t uid, + const gchar *cookie); static GList *get_authentication_sessions_initiated_by_system_bus_unique_name (PolkitBackendInteractiveAuthority *authority, const gchar *system_bus_unique_name); @@ -167,6 +168,7 @@ static gboolean polkit_backend_interactive_authority_unregister_authentication_a static gboolean polkit_backend_interactive_authority_authentication_agent_response (PolkitBackendAuthority *authority, PolkitSubject *caller, + uid_t uid, const gchar *cookie, PolkitIdentity *identity, GError **error); @@ -431,6 +433,7 @@ struct AuthenticationAgent { volatile gint ref_count; + uid_t creator_uid; PolkitSubject *scope; guint64 serial; @@ -1603,6 +1606,7 @@ authentication_agent_unref (AuthenticationAgent *agent) static AuthenticationAgent * authentication_agent_new (guint64 serial, PolkitSubject *scope, + PolkitIdentity *creator, const gchar *unique_system_bus_name, const gchar *locale, const gchar *object_path, @@ -1611,6 +1615,10 @@ authentication_agent_new (guint64 serial, { AuthenticationAgent *agent; GDBusProxy *proxy; + PolkitUnixUser *creator_user; + + g_assert (POLKIT_IS_UNIX_USER (creator)); + creator_user = POLKIT_UNIX_USER (creator); if (!g_variant_is_object_path (object_path)) { @@ -1638,6 +1646,7 @@ authentication_agent_new (guint64 serial, agent->ref_count = 1; agent->serial = serial; agent->scope = g_object_ref (scope); + agent->creator_uid = (uid_t)polkit_unix_user_get_uid (creator_user); agent->object_path = g_strdup (object_path); agent->unique_system_bus_name = g_strdup (unique_system_bus_name); agent->locale = g_strdup (locale); @@ -1736,8 +1745,9 @@ get_authentication_agent_for_subject (PolkitBackendInteractiveAuthority *authori } static AuthenticationSession * -get_authentication_session_for_cookie (PolkitBackendInteractiveAuthority *authority, - const gchar *cookie) +get_authentication_session_for_uid_and_cookie (PolkitBackendInteractiveAuthority *authority, + uid_t uid, + const gchar *cookie) { PolkitBackendInteractiveAuthorityPrivate *priv; GHashTableIter hash_iter; @@ -1755,6 +1765,23 @@ get_authentication_session_for_cookie (PolkitBackendInteractiveAuthority *author { GList *l; + /* We need to ensure that if somehow we have duplicate cookies + * due to wrapping, that the cookie used is matched to the user + * who called AuthenticationAgentResponse2. See + * http://lists.freedesktop.org/archives/polkit-devel/2015-June/000425.html + * + * Except if the legacy AuthenticationAgentResponse is invoked, + * we don't know the uid and hence use -1. Continue to support + * the old behavior for backwards compatibility, although everyone + * who is using our own setuid helper will automatically be updated + * to the new API. + */ + if (uid != (uid_t)-1) + { + if (agent->creator_uid != uid) + continue; + } + for (l = agent->active_sessions; l != NULL; l = l->next) { AuthenticationSession *session = l->data; @@ -2388,6 +2415,7 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken priv->agent_serial++; agent = authentication_agent_new (priv->agent_serial, subject, + user_of_caller, polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (caller)), locale, object_path, @@ -2601,6 +2629,7 @@ polkit_backend_interactive_authority_unregister_authentication_agent (PolkitBack static gboolean polkit_backend_interactive_authority_authentication_agent_response (PolkitBackendAuthority *authority, PolkitSubject *caller, + uid_t uid, const gchar *cookie, PolkitIdentity *identity, GError **error) @@ -2643,7 +2672,7 @@ polkit_backend_interactive_authority_authentication_agent_response (PolkitBacken } /* find the authentication session */ - session = get_authentication_session_for_cookie (interactive_authority, cookie); + session = get_authentication_session_for_uid_and_cookie (interactive_authority, uid, cookie); if (session == NULL) { g_set_error (error, -- cgit v1.2.3 From 0d791b4858dbe8bf577a85cbefc97acf2ef34c36 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Wed, 17 Jun 2015 01:01:27 +0200 Subject: docs: Update for changes to uid binding/AuthenticationAgentResponse2 - Refer to PolkitAgentSession in general instead of to _response only - Revert to the original description of authentication cancellation, the agent really needs to return an error to the caller (in addition to dealing with the session if any). - Explicitly document the UID assumption; in the process fixing bug #69980. - Keep documenting that we need a sufficiently privileged caller. - Refer to the ...Response2 API in more places. - Also update docbook documentation. - Drop a paragraph suggesting non-PolkitAgentSession implementations are expected and commonplace. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90837 Reviewed-by: Colin Walters Origin: upstream, 0.113, commit:fb5076b7c05d01a532d593a4079a29cf2d63a228 Bug-Debian: https://bugs.debian.org/796134 Gbp-Pq: Topic 0.113 Gbp-Pq: Name docs-Update-for-changes-to-uid-binding-Authenticatio.patch --- ....freedesktop.PolicyKit1.AuthenticationAgent.xml | 6 +++--- data/org.freedesktop.PolicyKit1.Authority.xml | 11 ++++++---- ....freedesktop.PolicyKit1.AuthenticationAgent.xml | 7 +++++-- ...erface-org.freedesktop.PolicyKit1.Authority.xml | 12 +++++++---- docs/polkit/overview.xml | 8 ++++---- src/polkit/polkitauthority.c | 24 ++++++++++++++++++++-- src/polkitagent/polkitagentlistener.c | 5 +---- src/polkitbackend/polkitbackendauthority.c | 1 + 8 files changed, 51 insertions(+), 23 deletions(-) diff --git a/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml b/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml index 5beef7d4..482332f6 100644 --- a/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml +++ b/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml @@ -13,14 +13,14 @@ user to authenticate as one of the identities in @identities for the action with the identifier @action_id.This authentication is normally achieved via the - polkit_agent_session_response() API, which invokes a private + PolkitAgentSession API, which invokes a private setuid helper process to verify the authentication. When successful, it calls the org.freedesktop.PolicyKit1.Authority.AuthenticationAgentResponse2() method on the #org.freedesktop.PolicyKit1.Authority interface of the PolicyKit daemon before returning. If the user dismisses the - authentication dialog, the authentication agent should call - polkit_agent_session_cancel()."/> + authentication dialog, the authentication agent should return an + error."/> diff --git a/data/org.freedesktop.PolicyKit1.Authority.xml b/data/org.freedesktop.PolicyKit1.Authority.xml index f9021ee2..88da3c05 100644 --- a/data/org.freedesktop.PolicyKit1.Authority.xml +++ b/data/org.freedesktop.PolicyKit1.Authority.xml @@ -283,7 +283,7 @@ - + @@ -315,7 +315,8 @@ +internal to polkit. This method will fail unless a sufficiently privileged +caller invokes it. Deprecated in favor of org.freedesktop.PolicyKit1.Authority.AuthenticationAgentResponse2."/> @@ -330,11 +331,13 @@ internal to polkit."/> - + diff --git a/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.AuthenticationAgent.xml b/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.AuthenticationAgent.xml index ec596268..ab27b2f6 100644 --- a/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.AuthenticationAgent.xml +++ b/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.AuthenticationAgent.xml @@ -47,10 +47,13 @@ BeginAuthentication (IN String action_id, identifier action_id.Upon succesful authentication, the authentication agent must invoke the AuthenticationAgentResponse() + linkend="eggdbus-method-org.freedesktop.PolicyKit1.Authority.AuthenticationAgentResponse2">AuthenticationAgentResponse2() method on the org.freedesktop.PolicyKit1.Authority - interface of the PolicyKit daemon before returning. + interface of the PolicyKit daemon before returning. This is normally + achieved via the PolkitAgentSession + API, which invokes a private setuid helper process to verify the + authentication. The authentication agent should not return until after authentication is complete. diff --git a/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml b/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml index e66bf534..f2eed639 100644 --- a/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml +++ b/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml @@ -42,7 +42,7 @@ Structure TemporaryAuth IN String object_path) AuthenticationAgentResponse (IN String cookie, IN Identity identity) -AuthenticationAgentResponse2 (IN uint32 uid, IN String cookie, +AuthenticationAgentResponse2 (IN uint32 uid, IN String cookie, IN Identity identity) EnumerateTemporaryAuthorizations (IN Subject subject, OUT Array<TemporaryAuthorization> temporary_authorizations) @@ -701,7 +701,7 @@ RegisterAuthenticationAgent (IN Subject< IN String object_path) -Register an authentication agent.Note that current versions of PolicyKit will only work if session_id is set to the empty string. In the future it might work for non-empty strings if the caller is sufficiently privileged. +Register an authentication agent.Note that this should be called by same effective UID which will be passed to AuthenticationAgentResponse2(). @@ -781,7 +781,8 @@ AuthenticationAgentResponse (IN String cookie, Method for authentication agents to invoke on successful authentication, intended only for use by a privileged helper process -internal to polkit. Deprecated in favor of AuthenticationAgentResponse2. +internal to polkit. This method will fail unless a sufficiently privileged ++caller invokes it. Deprecated in favor of AuthenticationAgentResponse2(). @@ -812,7 +813,10 @@ AuthenticationAgentResponse2 (IN uint32 uid, Method for authentication agents to invoke on successful authentication, intended only for use by a privileged helper process -internal to polkit. Note this method was introduced in 0.114 to fix a security issue. +internal to polkit. This method will fail unless a sufficiently privileged +caller invokes it. Note this method was introduced in 0.114 and should be +preferred over AuthenticationAgentResponse() +as it fixes a security issue. diff --git a/docs/polkit/overview.xml b/docs/polkit/overview.xml index c29d8da2..8ddb34cc 100644 --- a/docs/polkit/overview.xml +++ b/docs/polkit/overview.xml @@ -73,11 +73,11 @@ linkend="eggdbus-interface-org.freedesktop.PolicyKit1.AuthenticationAgent">org.freedesktop.PolicyKit1.AuthenticationAgent D-Bus interface. Once the user is authenticated, (a privileged part of) the agent invokes the AuthenticationAgentResponse() + linkend="eggdbus-method-org.freedesktop.PolicyKit1.Authority.AuthenticationAgentResponse2">AuthenticationAgentResponse2() method. This method should be treated as an internal - implementation detail, and callers should use the public shared - library API to invoke it, which currently uses a setuid helper - program. + implementation detail, and callers should use the + PolkitAgentSession API to invoke + it, which currently uses a setuid helper program. The libpolkit-agent-1 diff --git a/src/polkit/polkitauthority.c b/src/polkit/polkitauthority.c index f45abc4a..4e882e64 100644 --- a/src/polkit/polkitauthority.c +++ b/src/polkit/polkitauthority.c @@ -1038,6 +1038,10 @@ polkit_authority_check_authorization_sync (PolkitAuthority *author * * Asynchronously registers an authentication agent. * + * Note that this should be called by the same effective UID which will be + * the real UID using the #PolkitAgentSession API or otherwise calling + * polkit_authority_authentication_agent_response(). + * * When the operation is finished, @callback will be invoked in the * thread-default * main loop of the thread you are calling this method @@ -1129,7 +1133,13 @@ polkit_authority_register_authentication_agent_finish (PolkitAuthority *authorit * @cancellable: (allow-none): A #GCancellable or %NULL. * @error: (allow-none): Return location for error or %NULL. * - * Registers an authentication agent. The calling thread is blocked + * Registers an authentication agent. + * + * Note that this should be called by the same effective UID which will be + * the real UID using the #PolkitAgentSession API or otherwise calling + * polkit_authority_authentication_agent_response(). + * + * The calling thread is blocked * until a reply is received. See * polkit_authority_register_authentication_agent() for the * asynchronous version. @@ -1178,6 +1188,10 @@ polkit_authority_register_authentication_agent_sync (PolkitAuthority *author * * Asynchronously registers an authentication agent. * + * Note that this should be called by the same effective UID which will be + * the real UID using the #PolkitAgentSession API or otherwise calling + * polkit_authority_authentication_agent_response(). + * * When the operation is finished, @callback will be invoked in the * thread-default * main loop of the thread you are calling this method @@ -1292,7 +1306,13 @@ polkit_authority_register_authentication_agent_with_options_finish (PolkitAuthor * @cancellable: (allow-none): A #GCancellable or %NULL. * @error: (allow-none): Return location for error or %NULL. * - * Registers an authentication agent. The calling thread is blocked + * Registers an authentication agent. + * + * Note that this should be called by the same effective UID which will be + * the real UID using the #PolkitAgentSession API or otherwise calling + * polkit_authority_authentication_agent_response(). + * + * The calling thread is blocked * until a reply is received. See * polkit_authority_register_authentication_agent_with_options() for the * asynchronous version. diff --git a/src/polkitagent/polkitagentlistener.c b/src/polkitagent/polkitagentlistener.c index 0d97501a..10dbfb9c 100644 --- a/src/polkitagent/polkitagentlistener.c +++ b/src/polkitagent/polkitagentlistener.c @@ -37,10 +37,7 @@ * * Typically authentication agents use #PolkitAgentSession to * authenticate users (via passwords) and communicate back the - * authentication result to the PolicyKit daemon. This is however not - * requirement. Depending on the system an authentication agent may - * use other means (such as a Yes/No dialog) to obtain sufficient - * evidence that the user is one of the requested identities. + * authentication result to the PolicyKit daemon. * * To register a #PolkitAgentListener with the PolicyKit daemon, use * polkit_agent_listener_register() or diff --git a/src/polkitbackend/polkitbackendauthority.c b/src/polkitbackend/polkitbackendauthority.c index d1b1a257..10b8af34 100644 --- a/src/polkitbackend/polkitbackendauthority.c +++ b/src/polkitbackend/polkitbackendauthority.c @@ -343,6 +343,7 @@ polkit_backend_authority_unregister_authentication_agent (PolkitBackendAuthority * polkit_backend_authority_authentication_agent_response: * @authority: A #PolkitBackendAuthority. * @caller: The system bus name that initiated the query. + * @uid: The real UID of the registered agent, or (uid_t)-1 if unknown. * @cookie: The cookie passed to the authentication agent from the authority. * @identity: The identity that was authenticated. * @error: Return location for error or %NULL. -- cgit v1.2.3 From 3ca79985a80525a9b71385c588dda9f9c8d33835 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Tue, 1 Jul 2014 20:00:48 +0200 Subject: Fix a per-authorization memory leak We were leaking PolkitAuthorizationResult on every request, primarily on the success path, but also on various error paths as well. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=69501 Origin: upstream, 0.113, commit:0f5852a4bdabe377ddcdbed09a0c1f95710e17fe Gbp-Pq: Topic 0.113 Gbp-Pq: Name Fix-a-per-authorization-memory-leak.patch --- src/polkitbackend/polkitbackendauthority.c | 1 + src/polkitbackend/polkitbackendinteractiveauthority.c | 5 ++++- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/src/polkitbackend/polkitbackendauthority.c b/src/polkitbackend/polkitbackendauthority.c index 10b8af34..39eb5b9d 100644 --- a/src/polkitbackend/polkitbackendauthority.c +++ b/src/polkitbackend/polkitbackendauthority.c @@ -714,6 +714,7 @@ check_auth_cb (GObject *source_object, g_variant_ref_sink (value); g_dbus_method_invocation_return_value (data->invocation, g_variant_new ("(@(bba{ss}))", value)); g_variant_unref (value); + g_object_unref (result); } check_auth_data_free (data); diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c index 5e29af2c..73d0a0e2 100644 --- a/src/polkitbackend/polkitbackendinteractiveauthority.c +++ b/src/polkitbackend/polkitbackendinteractiveauthority.c @@ -1015,7 +1015,7 @@ polkit_backend_interactive_authority_check_authorization (PolkitBackendAuthority /* Otherwise just return the result */ g_simple_async_result_set_op_res_gpointer (simple, - result, + g_object_ref (result), g_object_unref); g_simple_async_result_complete (simple); g_object_unref (simple); @@ -1032,6 +1032,9 @@ polkit_backend_interactive_authority_check_authorization (PolkitBackendAuthority g_free (subject_str); g_free (user_of_caller_str); g_free (user_of_subject_str); + + if (result != NULL) + g_object_unref (result); } /* ---------------------------------------------------------------------------------------------------- */ -- cgit v1.2.3 From 23aee651675a0917f04f9246f3a76fe1b77d8998 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Tue, 1 Jul 2014 20:00:48 +0200 Subject: Fix a memory leak when registering an authentication agent Bug: https://bugs.freedesktop.org/show_bug.cgi?id=69501 Origin: upstream, 0.113, commit:ec039f9d7ede5b839f5511e26d5cd6ae9107cb2e Gbp-Pq: Topic 0.113 Gbp-Pq: Name Fix-a-memory-leak-when-registering-an-authentication.patch --- src/polkitbackend/polkitbackendauthority.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/polkitbackend/polkitbackendauthority.c b/src/polkitbackend/polkitbackendauthority.c index 39eb5b9d..afe5b90c 100644 --- a/src/polkitbackend/polkitbackendauthority.c +++ b/src/polkitbackend/polkitbackendauthority.c @@ -900,6 +900,7 @@ server_handle_register_authentication_agent (Server *server, g_dbus_method_invocation_return_value (invocation, g_variant_new ("()")); out: + g_variant_unref (subject_gvariant); if (subject != NULL) g_object_unref (subject); } -- cgit v1.2.3 From 4ac61bf9ea317278595ecc228b11f9f3627b9a85 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Wed, 1 Apr 2015 05:22:37 +0200 Subject: CVE-2015-3255 Fix GHashTable usage. Don't assume that the hash table with free both the key and the value at the same time, supply proper deallocation functions for the key and value separately. Then drop ParsedAction::action_id which is no longer used for anything. https://bugs.freedesktop.org/show_bug.cgi?id=69501 and https://bugs.freedesktop.org/show_bug.cgi?id=83590 CVE: CVE-2015-3255 Origin: upstream, 0.113, commit:9f5e0c731784003bd4d6fc75ab739ff8b2ea269f Bug-Debian: https://bugs.debian.org/796134 Gbp-Pq: Topic 0.113 Gbp-Pq: Name CVE-2015-3255-Fix-GHashTable-usage.patch --- src/polkitbackend/polkitbackendactionpool.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/src/polkitbackend/polkitbackendactionpool.c b/src/polkitbackend/polkitbackendactionpool.c index e3ed38d4..4270d4ed 100644 --- a/src/polkitbackend/polkitbackendactionpool.c +++ b/src/polkitbackend/polkitbackendactionpool.c @@ -40,7 +40,6 @@ typedef struct { - gchar *action_id; gchar *vendor_name; gchar *vendor_url; gchar *icon_name; @@ -62,7 +61,6 @@ typedef struct static void parsed_action_free (ParsedAction *action) { - g_free (action->action_id); g_free (action->vendor_name); g_free (action->vendor_url); g_free (action->icon_name); @@ -134,7 +132,7 @@ polkit_backend_action_pool_init (PolkitBackendActionPool *pool) priv->parsed_actions = g_hash_table_new_full (g_str_hash, g_str_equal, - NULL, + g_free, (GDestroyNotify) parsed_action_free); priv->parsed_files = g_hash_table_new_full (g_str_hash, @@ -988,7 +986,6 @@ _end (void *data, const char *el) icon_name = pd->global_icon_name; action = g_new0 (ParsedAction, 1); - action->action_id = g_strdup (pd->action_id); action->vendor_name = g_strdup (vendor); action->vendor_url = g_strdup (vendor_url); action->icon_name = g_strdup (icon_name); @@ -1003,7 +1000,8 @@ _end (void *data, const char *el) action->implicit_authorization_inactive = pd->implicit_authorization_inactive; action->implicit_authorization_active = pd->implicit_authorization_active; - g_hash_table_insert (priv->parsed_actions, action->action_id, action); + g_hash_table_insert (priv->parsed_actions, g_strdup (pd->action_id), + action); /* we steal these hash tables */ pd->annotations = NULL; -- cgit v1.2.3 From 5328401443f87b36ab6be8d53649f56a918b6176 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Tue, 14 Apr 2015 22:27:41 +0200 Subject: Fix use-after-free in polkitagentsession.c PolkitAgentTextListener's "completed" handler drops the last reference to the session; in fact this is explicitly recommended in the signal's documentation. So we must not access any members of session after emitting the signal. Found while dealing with https://bugs.freedesktop.org/show_bug.cgi?id=69501 Origin: upstream, 0.113, commit:efb6cd56a423ba15bb1f44ee3c4987aad5a5fd45 Gbp-Pq: Topic 0.113 Gbp-Pq: Name Fix-use-after-free-in-polkitagentsession.c.patch --- src/polkitagent/polkitagentsession.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/polkitagent/polkitagentsession.c b/src/polkitagent/polkitagentsession.c index 6a3d6bc9..46fbaf06 100644 --- a/src/polkitagent/polkitagentsession.c +++ b/src/polkitagent/polkitagentsession.c @@ -412,8 +412,9 @@ complete_session (PolkitAgentSession *session, { if (G_UNLIKELY (_show_debug ())) g_print ("PolkitAgentSession: emitting ::completed(%s)\n", result ? "TRUE" : "FALSE"); - g_signal_emit_by_name (session, "completed", result); session->have_emitted_completed = TRUE; + /* Note that the signal handler may drop the last reference to session. */ + g_signal_emit_by_name (session, "completed", result); } } -- cgit v1.2.3 From f20e8799aab354633a03fbc1cd0a1516f3bffbbf Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Thu, 4 Jun 2015 08:41:36 -0400 Subject: README: Note to send security reports via DBus's mechanism This avoids duplicating effort. Origin: upstream, 0.113, commit:ccec766c509d16dab417582e94f43d906cefd4ae Gbp-Pq: Topic 0.113 Gbp-Pq: Name README-Note-to-send-security-reports-via-DBus-s-mech.patch --- README | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/README b/README index b0751627..07230029 100644 --- a/README +++ b/README @@ -22,6 +22,22 @@ To verify the authenticity of the compressed tarball, use this command BUGS and DEVELOPMENT ==================== -Please report bugs via the freedesktop.org bugzilla at +Please report non-security bugs via the freedesktop.org bugzilla at https://bugs.freedesktop.org/enter_bug.cgi?product=PolicyKit + +SECURITY ISSUES +=============== + +polkit uses the same mechanism for reporting security issues as dbus, +the most recent copy of instructions can be found in the DBus git +repository: + +http://cgit.freedesktop.org/dbus/dbus/tree/HACKING + +A copy of the instructions as of 2015-06-04: + +If you find a security vulnerability that is not known to the public, +please report it privately to dbus-security@lists.freedesktop.org +or by reporting a freedesktop.org bug that is marked as +restricted to the "D-BUS security group". -- cgit v1.2.3 From 57fbf272ad8999f90bc9329f5d9f5ddc5e03c06c Mon Sep 17 00:00:00 2001 From: Dariusz Gadomski Date: Tue, 10 Nov 2015 10:52:02 +0100 Subject: Fix multi-line pam text info. There are pam modules (e.g. pam_vas) that may attempt to display multi-line PAM_TEXT_INFO messages. Polkit was interpreting the lines after the first one as a separate message that was not recognized causing the authorization to fail. Escaping these strings and unescaping them fixes the issue. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=92886 Origin: upstream, 0.114, commit:10597322eccc320f9053821750ae9af51e918d74 Gbp-Pq: Topic 0.114 Gbp-Pq: Name Fix-multi-line-pam-text-info.patch --- src/polkitagent/polkitagenthelper-pam.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/src/polkitagent/polkitagenthelper-pam.c b/src/polkitagent/polkitagenthelper-pam.c index 19062aa8..063d656d 100644 --- a/src/polkitagent/polkitagenthelper-pam.c +++ b/src/polkitagent/polkitagenthelper-pam.c @@ -302,10 +302,15 @@ conversation_function (int n, const struct pam_message **msg, struct pam_respons case PAM_TEXT_INFO: fprintf (stdout, "PAM_TEXT_INFO "); conv2: - fputs (msg[i]->msg, stdout); - if (strlen (msg[i]->msg) > 0 && - msg[i]->msg[strlen (msg[i]->msg) - 1] != '\n') - fputc ('\n', stdout); + tmp = g_strdup (msg[i]->msg); + len = strlen (tmp); + if (len > 0 && tmp[len - 1] == '\n') + tmp[len - 1] = '\0'; + escaped = g_strescape (tmp, NULL); + g_free (tmp); + fputs (escaped, stdout); + g_free (escaped); + fputc ('\n', stdout); fflush (stdout); break; -- cgit v1.2.3 From 0cd5cae74a523c4def7fd5c41e732edccc10ccbb Mon Sep 17 00:00:00 2001 From: Dariusz Gadomski Date: Thu, 12 Nov 2015 15:01:19 +0100 Subject: Refactor send_to_helper usage There were duplicated pieces of code detecting EOLs and escaping the code. Those actions has been delegated to already-existing send_to_helper function. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=92886 Origin: upstream, 0.114, commit:2690cd0312b310946c86674c8dd1f55c63f7dd6a Gbp-Pq: Topic 0.114 Gbp-Pq: Name Refactor-send_to_helper-usage.patch --- src/polkitagent/polkitagenthelper-pam.c | 81 +++++++++++---------------------- 1 file changed, 26 insertions(+), 55 deletions(-) diff --git a/src/polkitagent/polkitagenthelper-pam.c b/src/polkitagent/polkitagenthelper-pam.c index 063d656d..3ea3a3f2 100644 --- a/src/polkitagent/polkitagenthelper-pam.c +++ b/src/polkitagent/polkitagenthelper-pam.c @@ -39,25 +39,35 @@ static void send_to_helper (const gchar *str1, const gchar *str2) { + char *escaped; + char *tmp2; + size_t len2; + + tmp2 = g_strdup(str2); + len2 = strlen(tmp2); #ifdef PAH_DEBUG - fprintf (stderr, "polkit-agent-helper-1: writing `%s' to stdout\n", str1); + fprintf (stderr, "polkit-agent-helper-1: writing `%s ' to stdout\n", str1); #endif /* PAH_DEBUG */ - fprintf (stdout, "%s", str1); + fprintf (stdout, "%s ", str1); + + if (len2 > 0 && tmp2[len2 - 1] == '\n') + tmp2[len2 - 1] = '\0'; + escaped = g_strescape (tmp2, NULL); #ifdef PAH_DEBUG - fprintf (stderr, "polkit-agent-helper-1: writing `%s' to stdout\n", str2); + fprintf (stderr, "polkit-agent-helper-1: writing `%s' to stdout\n", escaped); #endif /* PAH_DEBUG */ - fprintf (stdout, "%s", str2); - if (strlen (str2) > 0 && str2[strlen (str2) - 1] != '\n') - { + fprintf (stdout, "%s", escaped); #ifdef PAH_DEBUG - fprintf (stderr, "polkit-agent-helper-1: writing newline to stdout\n"); + fprintf (stderr, "polkit-agent-helper-1: writing newline to stdout\n"); #endif /* PAH_DEBUG */ - fputc ('\n', stdout); - } + fputc ('\n', stdout); #ifdef PAH_DEBUG fprintf (stderr, "polkit-agent-helper-1: flushing stdout\n"); #endif /* PAH_DEBUG */ fflush (stdout); + + g_free (escaped); + g_free (tmp2); } int @@ -89,7 +99,7 @@ main (int argc, char *argv[]) /* Special-case a very common error triggered in jhbuild setups */ s = g_strdup_printf ("Incorrect permissions on %s (needs to be setuid root)", argv[0]); - send_to_helper ("PAM_ERROR_MSG ", s); + send_to_helper ("PAM_ERROR_MSG", s); g_free (s); goto error; } @@ -232,9 +242,6 @@ conversation_function (int n, const struct pam_message **msg, struct pam_respons struct pam_response *aresp; char buf[PAM_MAX_RESP_SIZE]; int i; - gchar *escaped = NULL; - gchar *tmp = NULL; - size_t len; (void)data; if (n <= 0 || n > PAM_MAX_NUM_MSG) @@ -251,38 +258,13 @@ conversation_function (int n, const struct pam_message **msg, struct pam_respons { case PAM_PROMPT_ECHO_OFF: -#ifdef PAH_DEBUG - fprintf (stderr, "polkit-agent-helper-1: writing `PAM_PROMPT_ECHO_OFF ' to stdout\n"); -#endif /* PAH_DEBUG */ - fprintf (stdout, "PAM_PROMPT_ECHO_OFF "); + send_to_helper ("PAM_PROMPT_ECHO_OFF", msg[i]->msg); goto conv1; case PAM_PROMPT_ECHO_ON: -#ifdef PAH_DEBUG - fprintf (stderr, "polkit-agent-helper-1: writing `PAM_PROMPT_ECHO_ON ' to stdout\n"); -#endif /* PAH_DEBUG */ - fprintf (stdout, "PAM_PROMPT_ECHO_ON "); - conv1: -#ifdef PAH_DEBUG - fprintf (stderr, "polkit-agent-helper-1: writing `%s' to stdout\n", msg[i]->msg); -#endif /* PAH_DEBUG */ - tmp = g_strdup (msg[i]->msg); - len = strlen (tmp); - if (len > 0 && tmp[len - 1] == '\n') - tmp[len - 1] = '\0'; - escaped = g_strescape (tmp, NULL); - g_free (tmp); - fputs (escaped, stdout); - g_free (escaped); -#ifdef PAH_DEBUG - fprintf (stderr, "polkit-agent-helper-1: writing newline to stdout\n"); -#endif /* PAH_DEBUG */ - fputc ('\n', stdout); -#ifdef PAH_DEBUG - fprintf (stderr, "polkit-agent-helper-1: flushing stdout\n"); -#endif /* PAH_DEBUG */ - fflush (stdout); + send_to_helper ("PAM_PROMPT_ECHO_ON", msg[i]->msg); + conv1: if (fgets (buf, sizeof buf, stdin) == NULL) goto error; @@ -296,22 +278,11 @@ conversation_function (int n, const struct pam_message **msg, struct pam_respons break; case PAM_ERROR_MSG: - fprintf (stdout, "PAM_ERROR_MSG "); - goto conv2; + send_to_helper ("PAM_ERROR_MSG", msg[i]->msg); + break; case PAM_TEXT_INFO: - fprintf (stdout, "PAM_TEXT_INFO "); - conv2: - tmp = g_strdup (msg[i]->msg); - len = strlen (tmp); - if (len > 0 && tmp[len - 1] == '\n') - tmp[len - 1] = '\0'; - escaped = g_strescape (tmp, NULL); - g_free (tmp); - fputs (escaped, stdout); - g_free (escaped); - fputc ('\n', stdout); - fflush (stdout); + send_to_helper ("PAM_TEXT_INFO", msg[i]->msg); break; default: -- cgit v1.2.3 From e98b334e0d1ee81c89834458ec39999e77e3d5e5 Mon Sep 17 00:00:00 2001 From: Matthias Clasen Date: Fri, 15 Jul 2016 11:12:35 -0400 Subject: Add gettext support for .policy files gettext can extract strings from and merge them back into xml file formats, with the help of .its files. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=96940 Origin: upstream, 0.114, commit:c78819245ff8a270f97c9f800773e727918be838 Gbp-Pq: Topic 0.114 Gbp-Pq: Name Add-gettext-support-for-.policy-files.patch --- data/Makefile.am | 5 +++++ data/polkit.its | 7 +++++++ data/polkit.loc | 6 ++++++ 3 files changed, 18 insertions(+) create mode 100644 data/polkit.its create mode 100644 data/polkit.loc diff --git a/data/Makefile.am b/data/Makefile.am index f0beeba4..e1a60aad 100644 --- a/data/Makefile.am +++ b/data/Makefile.am @@ -20,6 +20,11 @@ endif pkgconfigdir = $(libdir)/pkgconfig pkgconfig_DATA = polkit-gobject-1.pc polkit-backend-1.pc polkit-agent-1.pc +# ---------------------------------------------------------------------------------------------------- + +itsdir = $(datadir)/gettext/its +its_DATA = polkit.loc polkit.its + CLEANFILES = $(BUILT_SOURCES) EXTRA_DIST = \ diff --git a/data/polkit.its b/data/polkit.its new file mode 100644 index 00000000..1312ecbe --- /dev/null +++ b/data/polkit.its @@ -0,0 +1,7 @@ + + + + diff --git a/data/polkit.loc b/data/polkit.loc new file mode 100644 index 00000000..c7427ec6 --- /dev/null +++ b/data/polkit.loc @@ -0,0 +1,6 @@ + + + + + + -- cgit v1.2.3 From 136becf0a24292104f318874265c1ab9de276c1f Mon Sep 17 00:00:00 2001 From: Peter Hutterer Date: Thu, 20 Oct 2016 10:50:58 +1000 Subject: gettext: switch to default-translate "no" The default appears to be to translate all entries. This rule never takes effect, the path to /action/message and /action/description is wrong (/action is not a root node). Since we wanted them to be translated, it doesn't matter. But it also translates all other tags (vendor, allow_any, etc.) and that causes polkit to be unhappy, it can't handle the various language versions of "no" ** (polkitd:27434): WARNING **: Unknown PolkitImplicitAuthorization string 'tidak' Switch to a default of "no" and explicitly include the message and description strings to be translated. The patch was modified for PolicyKit by Ondrej Holy . Bug: https://bugs.freedesktop.org/show_bug.cgi?id=98366 Origin: upstream, 0.114, commit:32e9a69c335324a53a2c0ba4e0b513fb044be0fd Gbp-Pq: Topic 0.114 Gbp-Pq: Name gettext-switch-to-default-translate-no.patch --- data/polkit.its | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/data/polkit.its b/data/polkit.its index 1312ecbe..1c37e6be 100644 --- a/data/polkit.its +++ b/data/polkit.its @@ -1,7 +1,8 @@ - + -- cgit v1.2.3 From 3e201cca08b6f48faa5b03437ac04eb26f84a69a Mon Sep 17 00:00:00 2001 From: Sebastien Bacher Date: Mon, 2 Apr 2018 10:52:47 -0400 Subject: Support polkit session agent running outside user session commit a68f5dfd7662767b7b9822090b70bc5bd145c50c made session applications that are running from a user bus work with polkitd, by falling back to using the currently active session. This commit is similar, but for the polkit agent. It allows, a polkit agent to be run from a systemd --user service that's not running directly in the users session. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=96977 Applied-upstream: 0.114, commit:00a663e3fb14d8023e7cb6a66d091872bf4f2851 Gbp-Pq: Topic 0.114 Gbp-Pq: Name Support-polkit-session-agent-running-outside-user-session.patch --- src/polkit/polkitunixsession-systemd.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/src/polkit/polkitunixsession-systemd.c b/src/polkit/polkitunixsession-systemd.c index 8a8bf65b..c34f36a9 100644 --- a/src/polkit/polkitunixsession-systemd.c +++ b/src/polkit/polkitunixsession-systemd.c @@ -451,6 +451,7 @@ polkit_unix_session_initable_init (GInitable *initable, PolkitUnixSession *session = POLKIT_UNIX_SESSION (initable); gboolean ret = FALSE; char *s; + uid_t uid; if (session->session_id != NULL) { @@ -467,6 +468,19 @@ polkit_unix_session_initable_init (GInitable *initable, goto out; } + /* Now do process -> uid -> graphical session (systemd version 213)*/ + if (sd_pid_get_owner_uid (session->pid, &uid) < 0) + goto error; + + if (sd_uid_get_display (uid, &s) >= 0) + { + session->session_id = g_strdup (s); + free (s); + ret = TRUE; + goto out; + } + +error: g_set_error (error, POLKIT_ERROR, POLKIT_ERROR_FAILED, -- cgit v1.2.3 From edffff10c118ff4ff31049f7ad6396e35ec01d4b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Mon, 25 Jun 2018 19:24:06 +0200 Subject: Fix CVE-2018-1116: Trusting client-supplied UID MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit As part of CVE-2013-4288, the D-Bus clients were allowed (and encouraged) to submit the UID of the subject of authorization checks to avoid races against UID changes (notably using executables set-UID to root). However, that also allowed any client to submit an arbitrary UID, and that could be used to bypass "can only ask about / affect the same UID" checks in CheckAuthorization / RegisterAuthenticationAgent / UnregisterAuthenticationAgent. This allowed an attacker: - With CheckAuthorization, to cause the registered authentication agent in victim's session to pop up a dialog, or to determine whether the victim currently has a temporary authorization to perform an operation. (In principle, the attacker can also determine whether JavaScript rules allow the victim process to perform an operation; however, usually rules base their decisions on information determined from the supplied UID, so the attacker usually won't learn anything new.) - With RegisterAuthenticationAgent, to prevent the victim's authentication agent to work (for a specific victim process), or to learn about which operations requiring authorization the victim is attempting. To fix this, expose internal _polkit_unix_process_get_owner() / obsolete polkit_unix_process_get_owner() as a private polkit_unix_process_get_racy_uid__() (being more explicit about the dangers on relying on it), and use it in polkit_backend_session_monitor_get_user_for_subject() to return a boolean indicating whether the subject UID may be caller-chosen. Then, in the permission checks that require the subject to be equal to the caller, fail on caller-chosen UIDs (and continue through the pre-existing code paths which allow root, or root-designated server processes, to ask about arbitrary subjects.) Signed-off-by: Miloslav Trmač Origin: upstream, 0.115, commit:bc7ffad53643a9c80231fc41f5582d6a8931c32c Gbp-Pq: Topic 0.115 Gbp-Pq: Name Fix-CVE-2018-1116-Trusting-client-supplied-UID.patch --- src/polkit/polkitprivate.h | 2 + src/polkit/polkitunixprocess.c | 60 ++++++++++++++++++---- .../polkitbackendinteractiveauthority.c | 39 +++++++++----- .../polkitbackendsessionmonitor-systemd.c | 38 ++++++++++++-- src/polkitbackend/polkitbackendsessionmonitor.c | 40 +++++++++++++-- src/polkitbackend/polkitbackendsessionmonitor.h | 1 + 6 files changed, 147 insertions(+), 33 deletions(-) diff --git a/src/polkit/polkitprivate.h b/src/polkit/polkitprivate.h index 579cc253..d6cd45d4 100644 --- a/src/polkit/polkitprivate.h +++ b/src/polkit/polkitprivate.h @@ -34,6 +34,8 @@ GVariant *polkit_action_description_to_gvariant (PolkitActionDescription *action GVariant *polkit_subject_to_gvariant (PolkitSubject *subject); GVariant *polkit_identity_to_gvariant (PolkitIdentity *identity); +gint polkit_unix_process_get_racy_uid__ (PolkitUnixProcess *process, GError **error); + PolkitSubject *polkit_subject_new_for_gvariant (GVariant *variant, GError **error); PolkitIdentity *polkit_identity_new_for_gvariant (GVariant *variant, GError **error); diff --git a/src/polkit/polkitunixprocess.c b/src/polkit/polkitunixprocess.c index 913be3ac..464f034c 100644 --- a/src/polkit/polkitunixprocess.c +++ b/src/polkit/polkitunixprocess.c @@ -49,6 +49,14 @@ * To uniquely identify processes, both the process id and the start * time of the process (a monotonic increasing value representing the * time since the kernel was started) is used. + * + * NOTE: This object stores, and provides access to, the real UID of the + * process. That value can change over time (with set*uid*(2) and exec*(2)). + * Checks whether an operation is allowed need to take care to use the UID + * value as of the time when the operation was made (or, following the open() + * privilege check model, when the connection making the operation possible + * was initiated). That is usually done by initializing this with + * polkit_unix_process_new_for_owner() with trusted data. */ /** @@ -83,9 +91,6 @@ static void subject_iface_init (PolkitSubjectIface *subject_iface); static guint64 get_start_time_for_pid (gint pid, GError **error); -static gint _polkit_unix_process_get_owner (PolkitUnixProcess *process, - GError **error); - #ifdef HAVE_FREEBSD static gboolean get_kinfo_proc (gint pid, struct kinfo_proc *p); #endif @@ -170,7 +175,7 @@ polkit_unix_process_constructed (GObject *object) { GError *error; error = NULL; - process->uid = _polkit_unix_process_get_owner (process, &error); + process->uid = polkit_unix_process_get_racy_uid__ (process, &error); if (error != NULL) { process->uid = -1; @@ -259,6 +264,12 @@ polkit_unix_process_class_init (PolkitUnixProcessClass *klass) * Gets the user id for @process. Note that this is the real user-id, * not the effective user-id. * + * NOTE: The UID may change over time, so the returned value may not match the + * current state of the underlying process; or the UID may have been set by + * polkit_unix_process_new_for_owner() or polkit_unix_process_set_uid(), + * in which case it may not correspond to the actual UID of the referenced + * process at all (at any point in time). + * * Returns: The user id for @process or -1 if unknown. */ gint @@ -655,18 +666,26 @@ out: return start_time; } -static gint -_polkit_unix_process_get_owner (PolkitUnixProcess *process, - GError **error) +/* + * Private: Return the "current" UID. Note that this is inherently racy, + * and the value may already be obsolete by the time this function returns; + * this function only guarantees that the UID was valid at some point during + * its execution. + */ +gint +polkit_unix_process_get_racy_uid__ (PolkitUnixProcess *process, + GError **error) { gint result; gchar *contents; gchar **lines; + guint64 start_time; #ifdef HAVE_FREEBSD struct kinfo_proc p; #else gchar filename[64]; guint n; + GError *local_error; #endif g_return_val_if_fail (POLKIT_IS_UNIX_PROCESS (process), 0); @@ -689,6 +708,7 @@ _polkit_unix_process_get_owner (PolkitUnixProcess *process, } result = p.ki_uid; + start_time = (guint64) p.ki_start.tv_sec; #else /* see 'man proc' for layout of the status file @@ -722,17 +742,37 @@ _polkit_unix_process_get_owner (PolkitUnixProcess *process, else { result = real_uid; - goto out; + goto found; } } - g_set_error (error, POLKIT_ERROR, POLKIT_ERROR_FAILED, "Didn't find any line starting with `Uid:' in file %s", filename); + goto out; + +found: + /* The UID and start time are, sadly, not available in a single file. So, + * read the UID first, and then the start time; if the start time is the same + * before and after reading the UID, it couldn't have changed. + */ + local_error = NULL; + start_time = get_start_time_for_pid (process->pid, &local_error); + if (local_error != NULL) + { + g_propagate_error (error, local_error); + goto out; + } #endif + if (process->start_time != start_time) + { + g_set_error (error, POLKIT_ERROR, POLKIT_ERROR_FAILED, + "process with PID %d has been replaced", process->pid); + goto out; + } + out: g_strfreev (lines); g_free (contents); @@ -744,5 +784,5 @@ gint polkit_unix_process_get_owner (PolkitUnixProcess *process, GError **error) { - return _polkit_unix_process_get_owner (process, error); + return polkit_unix_process_get_racy_uid__ (process, error); } diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c index 73d0a0e2..97a8d800 100644 --- a/src/polkitbackend/polkitbackendinteractiveauthority.c +++ b/src/polkitbackend/polkitbackendinteractiveauthority.c @@ -563,7 +563,7 @@ log_result (PolkitBackendInteractiveAuthority *authority, if (polkit_authorization_result_get_is_authorized (result)) log_result_str = "ALLOWING"; - user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, subject, NULL); + user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, subject, NULL, NULL); subject_str = polkit_subject_to_string (subject); @@ -837,6 +837,7 @@ polkit_backend_interactive_authority_check_authorization (PolkitBackendAuthority gchar *subject_str; PolkitIdentity *user_of_caller; PolkitIdentity *user_of_subject; + gboolean user_of_subject_matches; gchar *user_of_caller_str; gchar *user_of_subject_str; PolkitAuthorizationResult *result; @@ -882,7 +883,7 @@ polkit_backend_interactive_authority_check_authorization (PolkitBackendAuthority action_id); user_of_caller = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, - caller, + caller, NULL, &error); if (error != NULL) { @@ -897,7 +898,7 @@ polkit_backend_interactive_authority_check_authorization (PolkitBackendAuthority g_debug (" user of caller is %s", user_of_caller_str); user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, - subject, + subject, &user_of_subject_matches, &error); if (error != NULL) { @@ -927,7 +928,10 @@ polkit_backend_interactive_authority_check_authorization (PolkitBackendAuthority * We only allow this if, and only if, * * - processes may check for another process owned by the *same* user but not - * if details are passed (otherwise you'd be able to spoof the dialog) + * if details are passed (otherwise you'd be able to spoof the dialog); + * the caller supplies the user_of_subject value, so we additionally + * require it to match at least at one point in time (via + * user_of_subject_matches). * * - processes running as uid 0 may check anything and pass any details * @@ -935,7 +939,9 @@ polkit_backend_interactive_authority_check_authorization (PolkitBackendAuthority * then any uid referenced by that annotation is also allowed to check * to check anything and pass any details */ - if (!polkit_identity_equal (user_of_caller, user_of_subject) || has_details) + if (!user_of_subject_matches + || !polkit_identity_equal (user_of_caller, user_of_subject) + || has_details) { if (!may_identity_check_authorization (interactive_authority, action_id, user_of_caller)) { @@ -1102,9 +1108,10 @@ check_authorization_sync (PolkitBackendAuthority *authority, goto out; } - /* every subject has a user */ + /* every subject has a user; this is supplied by the client, so we rely + * on the caller to validate its acceptability. */ user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, - subject, + subject, NULL, error); if (user_of_subject == NULL) goto out; @@ -2319,6 +2326,7 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken PolkitSubject *session_for_caller; PolkitIdentity *user_of_caller; PolkitIdentity *user_of_subject; + gboolean user_of_subject_matches; AuthenticationAgent *agent; gboolean ret; gchar *caller_cmdline; @@ -2371,7 +2379,7 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken goto out; } - user_of_caller = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, caller, NULL); + user_of_caller = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, caller, NULL, NULL); if (user_of_caller == NULL) { g_set_error (error, @@ -2380,7 +2388,7 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken "Cannot determine user of caller"); goto out; } - user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, subject, NULL); + user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, subject, &user_of_subject_matches, NULL); if (user_of_subject == NULL) { g_set_error (error, @@ -2389,7 +2397,8 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken "Cannot determine user of subject"); goto out; } - if (!polkit_identity_equal (user_of_caller, user_of_subject)) + if (!user_of_subject_matches + || !polkit_identity_equal (user_of_caller, user_of_subject)) { if (POLKIT_IS_UNIX_USER (user_of_caller) && polkit_unix_user_get_uid (POLKIT_UNIX_USER (user_of_caller)) == 0) { @@ -2482,6 +2491,7 @@ polkit_backend_interactive_authority_unregister_authentication_agent (PolkitBack PolkitSubject *session_for_caller; PolkitIdentity *user_of_caller; PolkitIdentity *user_of_subject; + gboolean user_of_subject_matches; AuthenticationAgent *agent; gboolean ret; gchar *scope_str; @@ -2530,7 +2540,7 @@ polkit_backend_interactive_authority_unregister_authentication_agent (PolkitBack goto out; } - user_of_caller = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, caller, NULL); + user_of_caller = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, caller, NULL, NULL); if (user_of_caller == NULL) { g_set_error (error, @@ -2539,7 +2549,7 @@ polkit_backend_interactive_authority_unregister_authentication_agent (PolkitBack "Cannot determine user of caller"); goto out; } - user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, subject, NULL); + user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, subject, &user_of_subject_matches, NULL); if (user_of_subject == NULL) { g_set_error (error, @@ -2548,7 +2558,8 @@ polkit_backend_interactive_authority_unregister_authentication_agent (PolkitBack "Cannot determine user of subject"); goto out; } - if (!polkit_identity_equal (user_of_caller, user_of_subject)) + if (!user_of_subject_matches + || !polkit_identity_equal (user_of_caller, user_of_subject)) { if (POLKIT_IS_UNIX_USER (user_of_caller) && polkit_unix_user_get_uid (POLKIT_UNIX_USER (user_of_caller)) == 0) { @@ -2658,7 +2669,7 @@ polkit_backend_interactive_authority_authentication_agent_response (PolkitBacken identity_str); user_of_caller = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, - caller, + caller, NULL, error); if (user_of_caller == NULL) goto out; diff --git a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c index 6bd517ab..773256e3 100644 --- a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c +++ b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c @@ -29,6 +29,7 @@ #include #include +#include #include "polkitbackendsessionmonitor.h" /* @@ -246,26 +247,40 @@ polkit_backend_session_monitor_get_sessions (PolkitBackendSessionMonitor *monito * polkit_backend_session_monitor_get_user: * @monitor: A #PolkitBackendSessionMonitor. * @subject: A #PolkitSubject. + * @result_matches: If not %NULL, set to indicate whether the return value matches current (RACY) state. * @error: Return location for error. * * Gets the user corresponding to @subject or %NULL if no user exists. * + * NOTE: For a #PolkitUnixProcess, the UID is read from @subject (which may + * come from e.g. a D-Bus client), so it may not correspond to the actual UID + * of the referenced process (at any point in time). This is indicated by + * setting @result_matches to %FALSE; the caller may reject such subjects or + * require additional privileges. @result_matches == %TRUE only indicates that + * the UID matched the underlying process at ONE point in time, it may not match + * later. + * * Returns: %NULL if @error is set otherwise a #PolkitUnixUser that should be freed with g_object_unref(). */ PolkitIdentity * polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor *monitor, PolkitSubject *subject, + gboolean *result_matches, GError **error) { PolkitIdentity *ret; - guint32 uid; + gboolean matches; ret = NULL; + matches = FALSE; if (POLKIT_IS_UNIX_PROCESS (subject)) { - uid = polkit_unix_process_get_uid (POLKIT_UNIX_PROCESS (subject)); - if ((gint) uid == -1) + gint subject_uid, current_uid; + GError *local_error; + + subject_uid = polkit_unix_process_get_uid (POLKIT_UNIX_PROCESS (subject)); + if (subject_uid == -1) { g_set_error (error, POLKIT_ERROR, @@ -273,14 +288,24 @@ polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor "Unix process subject does not have uid set"); goto out; } - ret = polkit_unix_user_new (uid); + local_error = NULL; + current_uid = polkit_unix_process_get_racy_uid__ (POLKIT_UNIX_PROCESS (subject), &local_error); + if (local_error != NULL) + { + g_propagate_error (error, local_error); + goto out; + } + ret = polkit_unix_user_new (subject_uid); + matches = (subject_uid == current_uid); } else if (POLKIT_IS_SYSTEM_BUS_NAME (subject)) { ret = (PolkitIdentity*)polkit_system_bus_name_get_user_sync (POLKIT_SYSTEM_BUS_NAME (subject), NULL, error); + matches = TRUE; } else if (POLKIT_IS_UNIX_SESSION (subject)) { + uid_t uid; if (sd_session_get_uid (polkit_unix_session_get_session_id (POLKIT_UNIX_SESSION (subject)), &uid) < 0) { @@ -292,9 +317,14 @@ polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor } ret = polkit_unix_user_new (uid); + matches = TRUE; } out: + if (result_matches != NULL) + { + *result_matches = matches; + } return ret; } diff --git a/src/polkitbackend/polkitbackendsessionmonitor.c b/src/polkitbackend/polkitbackendsessionmonitor.c index e1a9ab3a..ed307559 100644 --- a/src/polkitbackend/polkitbackendsessionmonitor.c +++ b/src/polkitbackend/polkitbackendsessionmonitor.c @@ -27,6 +27,7 @@ #include #include +#include #include "polkitbackendsessionmonitor.h" #define CKDB_PATH "/var/run/ConsoleKit/database" @@ -273,28 +274,40 @@ polkit_backend_session_monitor_get_sessions (PolkitBackendSessionMonitor *monito * polkit_backend_session_monitor_get_user: * @monitor: A #PolkitBackendSessionMonitor. * @subject: A #PolkitSubject. + * @result_matches: If not %NULL, set to indicate whether the return value matches current (RACY) state. * @error: Return location for error. * * Gets the user corresponding to @subject or %NULL if no user exists. * + * NOTE: For a #PolkitUnixProcess, the UID is read from @subject (which may + * come from e.g. a D-Bus client), so it may not correspond to the actual UID + * of the referenced process (at any point in time). This is indicated by + * setting @result_matches to %FALSE; the caller may reject such subjects or + * require additional privileges. @result_matches == %TRUE only indicates that + * the UID matched the underlying process at ONE point in time, it may not match + * later. + * * Returns: %NULL if @error is set otherwise a #PolkitUnixUser that should be freed with g_object_unref(). */ PolkitIdentity * polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor *monitor, PolkitSubject *subject, + gboolean *result_matches, GError **error) { PolkitIdentity *ret; + gboolean matches; GError *local_error; - gchar *group; - guint32 uid; ret = NULL; + matches = FALSE; if (POLKIT_IS_UNIX_PROCESS (subject)) { - uid = polkit_unix_process_get_uid (POLKIT_UNIX_PROCESS (subject)); - if ((gint) uid == -1) + gint subject_uid, current_uid; + + subject_uid = polkit_unix_process_get_uid (POLKIT_UNIX_PROCESS (subject)); + if (subject_uid == -1) { g_set_error (error, POLKIT_ERROR, @@ -302,14 +315,26 @@ polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor "Unix process subject does not have uid set"); goto out; } - ret = polkit_unix_user_new (uid); + local_error = NULL; + current_uid = polkit_unix_process_get_racy_uid__ (POLKIT_UNIX_PROCESS (subject), &local_error); + if (local_error != NULL) + { + g_propagate_error (error, local_error); + goto out; + } + ret = polkit_unix_user_new (subject_uid); + matches = (subject_uid == current_uid); } else if (POLKIT_IS_SYSTEM_BUS_NAME (subject)) { ret = (PolkitIdentity*)polkit_system_bus_name_get_user_sync (POLKIT_SYSTEM_BUS_NAME (subject), NULL, error); + matches = TRUE; } else if (POLKIT_IS_UNIX_SESSION (subject)) { + gint uid; + gchar *group; + if (!ensure_database (monitor, error)) { g_prefix_error (error, "Error getting user for session: Error ensuring CK database at " CKDB_PATH ": "); @@ -328,9 +353,14 @@ polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor g_free (group); ret = polkit_unix_user_new (uid); + matches = TRUE; } out: + if (result_matches != NULL) + { + *result_matches = matches; + } return ret; } diff --git a/src/polkitbackend/polkitbackendsessionmonitor.h b/src/polkitbackend/polkitbackendsessionmonitor.h index 8f8a2cae..3972326b 100644 --- a/src/polkitbackend/polkitbackendsessionmonitor.h +++ b/src/polkitbackend/polkitbackendsessionmonitor.h @@ -47,6 +47,7 @@ GList *polkit_backend_session_monitor_get_sessions (Polkit PolkitIdentity *polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor *monitor, PolkitSubject *subject, + gboolean *result_matches, GError **error); PolkitSubject *polkit_backend_session_monitor_get_session_for_subject (PolkitBackendSessionMonitor *monitor, -- cgit v1.2.3 From dd4ae2d8a2e8f21f4a30224f031494690bc94164 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Mon, 3 Dec 2018 10:28:58 +0100 Subject: Allow negative uids/gids in PolkitUnixUser and Group objects (uid_t) -1 is still used as placeholder to mean "unset". This is OK, since there should be no users with such number, see https://systemd.io/UIDS-GIDS#special-linux-uids. (uid_t) -1 is used as the default value in class initialization. When a user or group above INT32_MAX is created, the numeric uid or gid wraps around to negative when the value is assigned to gint, and polkit gets confused. Let's accept such gids, except for -1. A nicer fix would be to change the underlying type to e.g. uint32 to not have negative values. But this cannot be done without breaking the API, so likely new functions will have to be added (a polkit_unix_user_new variant that takes a unsigned, and the same for _group_new, _set_uid, _get_uid, _set_gid, _get_gid, etc.). This will require a bigger patch. Fixes https://gitlab.freedesktop.org/polkit/polkit/issues/74. (cherry picked from commit 2cb40c4d5feeaa09325522bd7d97910f1b59e379) Gbp-Pq: Topic 0.116 Gbp-Pq: Name Allow-negative-uids-gids-in-PolkitUnixUser-and-Group-obje.patch --- src/polkit/polkitunixgroup.c | 15 +++++++++++---- src/polkit/polkitunixprocess.c | 12 ++++++++---- src/polkit/polkitunixuser.c | 13 ++++++++++--- 3 files changed, 29 insertions(+), 11 deletions(-) diff --git a/src/polkit/polkitunixgroup.c b/src/polkit/polkitunixgroup.c index c57a1aaa..309f6891 100644 --- a/src/polkit/polkitunixgroup.c +++ b/src/polkit/polkitunixgroup.c @@ -71,6 +71,7 @@ G_DEFINE_TYPE_WITH_CODE (PolkitUnixGroup, polkit_unix_group, G_TYPE_OBJECT, static void polkit_unix_group_init (PolkitUnixGroup *unix_group) { + unix_group->gid = -1; /* (git_t) -1 is not a valid GID under Linux */ } static void @@ -100,11 +101,14 @@ polkit_unix_group_set_property (GObject *object, GParamSpec *pspec) { PolkitUnixGroup *unix_group = POLKIT_UNIX_GROUP (object); + gint val; switch (prop_id) { case PROP_GID: - unix_group->gid = g_value_get_int (value); + val = g_value_get_int (value); + g_return_if_fail (val != -1); + unix_group->gid = val; break; default: @@ -131,9 +135,9 @@ polkit_unix_group_class_init (PolkitUnixGroupClass *klass) g_param_spec_int ("gid", "Group ID", "The UNIX group ID", - 0, + G_MININT, G_MAXINT, - 0, + -1, G_PARAM_CONSTRUCT | G_PARAM_READWRITE | G_PARAM_STATIC_NAME | @@ -166,9 +170,10 @@ polkit_unix_group_get_gid (PolkitUnixGroup *group) */ void polkit_unix_group_set_gid (PolkitUnixGroup *group, - gint gid) + gint gid) { g_return_if_fail (POLKIT_IS_UNIX_GROUP (group)); + g_return_if_fail (gid != -1); group->gid = gid; } @@ -183,6 +188,8 @@ polkit_unix_group_set_gid (PolkitUnixGroup *group, PolkitIdentity * polkit_unix_group_new (gint gid) { + g_return_val_if_fail (gid != -1, NULL); + return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_GROUP, "gid", gid, NULL)); diff --git a/src/polkit/polkitunixprocess.c b/src/polkit/polkitunixprocess.c index 464f034c..02a083f7 100644 --- a/src/polkit/polkitunixprocess.c +++ b/src/polkit/polkitunixprocess.c @@ -147,9 +147,14 @@ polkit_unix_process_set_property (GObject *object, polkit_unix_process_set_pid (unix_process, g_value_get_int (value)); break; - case PROP_UID: - polkit_unix_process_set_uid (unix_process, g_value_get_int (value)); + case PROP_UID: { + gint val; + + val = g_value_get_int (value); + g_return_if_fail (val != -1); + polkit_unix_process_set_uid (unix_process, val); break; + } case PROP_START_TIME: polkit_unix_process_set_start_time (unix_process, g_value_get_uint64 (value)); @@ -227,7 +232,7 @@ polkit_unix_process_class_init (PolkitUnixProcessClass *klass) g_param_spec_int ("uid", "User ID", "The UNIX user ID", - -1, + G_MININT, G_MAXINT, -1, G_PARAM_CONSTRUCT | @@ -291,7 +296,6 @@ polkit_unix_process_set_uid (PolkitUnixProcess *process, gint uid) { g_return_if_fail (POLKIT_IS_UNIX_PROCESS (process)); - g_return_if_fail (uid >= -1); process->uid = uid; } diff --git a/src/polkit/polkitunixuser.c b/src/polkit/polkitunixuser.c index 8bfd3a1f..234a6976 100644 --- a/src/polkit/polkitunixuser.c +++ b/src/polkit/polkitunixuser.c @@ -72,6 +72,7 @@ G_DEFINE_TYPE_WITH_CODE (PolkitUnixUser, polkit_unix_user, G_TYPE_OBJECT, static void polkit_unix_user_init (PolkitUnixUser *unix_user) { + unix_user->uid = -1; /* (uid_t) -1 is not a valid UID under Linux */ unix_user->name = NULL; } @@ -112,11 +113,14 @@ polkit_unix_user_set_property (GObject *object, GParamSpec *pspec) { PolkitUnixUser *unix_user = POLKIT_UNIX_USER (object); + gint val; switch (prop_id) { case PROP_UID: - unix_user->uid = g_value_get_int (value); + val = g_value_get_int (value); + g_return_if_fail (val != -1); + unix_user->uid = val; break; default: @@ -144,9 +148,9 @@ polkit_unix_user_class_init (PolkitUnixUserClass *klass) g_param_spec_int ("uid", "User ID", "The UNIX user ID", - 0, + G_MININT, G_MAXINT, - 0, + -1, G_PARAM_CONSTRUCT | G_PARAM_READWRITE | G_PARAM_STATIC_NAME | @@ -182,6 +186,7 @@ polkit_unix_user_set_uid (PolkitUnixUser *user, gint uid) { g_return_if_fail (POLKIT_IS_UNIX_USER (user)); + g_return_if_fail (uid != -1); user->uid = uid; } @@ -196,6 +201,8 @@ polkit_unix_user_set_uid (PolkitUnixUser *user, PolkitIdentity * polkit_unix_user_new (gint uid) { + g_return_val_if_fail (uid != -1, NULL); + return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_USER, "uid", uid, NULL)); -- cgit v1.2.3 From 40518a7ee88703388bdb75c0bba5a8e7ed6406d6 Mon Sep 17 00:00:00 2001 From: Matthew Leeds Date: Tue, 11 Dec 2018 12:04:26 -0800 Subject: Allow uid of -1 for a PolkitUnixProcess Commit 2cb40c4d5 changed PolkitUnixUser, PolkitUnixGroup, and PolkitUnixProcess to allow negative values for their uid/gid properties, since these are values above INT_MAX which wrap around but are still valid, with the exception of -1 which is not valid. However, PolkitUnixProcess allows a uid of -1 to be passed to polkit_unix_process_new_for_owner() which means polkit is expected to figure out the uid on its own (this happens in the _constructed function). So this commit removes the check in polkit_unix_process_set_property() so that new_for_owner() can be used as documented without producing a critical error message. This does not affect the protection against CVE-2018-19788 which is based on creating a user with a UID up to but not including 4294967295 (-1). Gbp-Pq: Topic 0.116 Gbp-Pq: Name Allow-uid-of-1-for-a-PolkitUnixProcess.patch --- src/polkit/polkitunixprocess.c | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/src/polkit/polkitunixprocess.c b/src/polkit/polkitunixprocess.c index 02a083f7..4a425674 100644 --- a/src/polkit/polkitunixprocess.c +++ b/src/polkit/polkitunixprocess.c @@ -147,14 +147,9 @@ polkit_unix_process_set_property (GObject *object, polkit_unix_process_set_pid (unix_process, g_value_get_int (value)); break; - case PROP_UID: { - gint val; - - val = g_value_get_int (value); - g_return_if_fail (val != -1); - polkit_unix_process_set_uid (unix_process, val); + case PROP_UID: + polkit_unix_process_set_uid (unix_process, g_value_get_int (value)); break; - } case PROP_START_TIME: polkit_unix_process_set_start_time (unix_process, g_value_get_uint64 (value)); -- cgit v1.2.3 From 7087689e12cebb9e088a812838dd40f0d25bfb98 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Mon, 3 Dec 2018 11:20:34 +0100 Subject: tests: add tests for high uids Modified by Marc Deslauriers for polkit 105 (cherry picked from commit b534a10727455409acd54018a9c91000e7626126) Gbp-Pq: Topic 0.116 Gbp-Pq: Name tests-add-tests-for-high-uids.patch --- test/data/etc/group | 1 + test/data/etc/passwd | 2 ++ .../localauthority/10-test/com.example.pkla | 13 +++++++ .../polkitbackendlocalauthoritytest.c | 41 +++++++++++++++++++++- 4 files changed, 56 insertions(+), 1 deletion(-) diff --git a/test/data/etc/group b/test/data/etc/group index 12ef328b..b9acab97 100644 --- a/test/data/etc/group +++ b/test/data/etc/group @@ -5,3 +5,4 @@ john:x:500: jane:x:501: sally:x:502: henry:x:503: +highuid2:x:4000000000: diff --git a/test/data/etc/passwd b/test/data/etc/passwd index 8544febc..5cf14a56 100644 --- a/test/data/etc/passwd +++ b/test/data/etc/passwd @@ -3,3 +3,5 @@ john:x:500:500:John Done:/home/john:/bin/bash jane:x:501:501:Jane Smith:/home/jane:/bin/bash sally:x:502:502:Sally Derp:/home/sally:/bin/bash henry:x:503:503:Henry Herp:/home/henry:/bin/bash +highuid1:x:2147483648:2147483648:The first high uid:/home/highuid1:/sbin/nologin +highuid2:x:4000000000:4000000000:An example high uid:/home/example:/sbin/nologin diff --git a/test/data/etc/polkit-1/localauthority/10-test/com.example.pkla b/test/data/etc/polkit-1/localauthority/10-test/com.example.pkla index bc64c5e9..a35f9a37 100644 --- a/test/data/etc/polkit-1/localauthority/10-test/com.example.pkla +++ b/test/data/etc/polkit-1/localauthority/10-test/com.example.pkla @@ -12,3 +12,16 @@ ResultAny=no ResultInactive=auth_self ResultActive=yes +[User john can do this] +Identity=unix-user:john +Action=net.company.john_action +ResultAny=no +ResultInactive=auth_self +ResultActive=yes + +[User highuid2 can do this] +Identity=unix-user:highuid2 +Action=net.company.highuid2_action +ResultAny=no +ResultInactive=auth_self +ResultActive=yes diff --git a/test/polkitbackend/polkitbackendlocalauthoritytest.c b/test/polkitbackend/polkitbackendlocalauthoritytest.c index 617c2549..b0bfefef 100644 --- a/test/polkitbackend/polkitbackendlocalauthoritytest.c +++ b/test/polkitbackend/polkitbackendlocalauthoritytest.c @@ -226,7 +226,46 @@ struct auth_context check_authorization_test_data [] = { {"unix-user:jane", TRUE, TRUE, "com.example.awesomeproduct.bar", POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED}, - + /* highuid1 is not a member of group 'users', see test/data/etc/group + * group_membership_with_non_member(highuid22) */ + {"unix-user:highuid2", TRUE, TRUE, "com.example.awesomeproduct.foo", + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN}, + /* highuid2 is not a member of group 'users', see test/data/etc/group + * group_membership_with_non_member(highuid21) */ + {"unix-user:highuid2", TRUE, TRUE, "com.example.awesomeproduct.foo", + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN}, + /* highuid1 is not a member of group 'users', see test/data/etc/group + * group_membership_with_non_member(highuid24) */ + {"unix-user:2147483648", TRUE, TRUE, "com.example.awesomeproduct.foo", + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN}, + /* highuid2 is not a member of group 'users', see test/data/etc/group + * group_membership_with_non_member(highuid23) */ + {"unix-user:4000000000", TRUE, TRUE, "com.example.awesomeproduct.foo", + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN}, + /* john is authorized to do this, see com.example.pkla + * john_action */ + {"unix-user:john", TRUE, TRUE, "net.company.john_action", + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, + POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED}, + /* only john is authorized to do this, see com.example.pkla + * jane_action */ + {"unix-user:jane", TRUE, TRUE, "net.company.john_action", + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN}, + /* highuid2 is authorized to do this, see com.example.pkla + * highuid2_action */ + {"unix-user:highuid2", TRUE, TRUE, "net.company.highuid2_action", + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, + POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED}, + /* only highuid2 is authorized to do this, see com.example.pkla + * highuid1_action */ + {"unix-user:highuid1", TRUE, TRUE, "net.company.highuid2_action", + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN}, {NULL}, }; -- cgit v1.2.3 From 332fa62c38742db6175f70e869495746f10ff018 Mon Sep 17 00:00:00 2001 From: Michael Biebl Date: Tue, 2 Oct 2007 22:38:04 +0200 Subject: Use Debian's common-* PAM infrastructure, plus pam_env Forwarded: no, Debian-specific Gbp-Pq: Name 01_pam_polkit.patch --- data/polkit-1.in | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/data/polkit-1.in b/data/polkit-1.in index 142dadd3..6f8af2a0 100644 --- a/data/polkit-1.in +++ b/data/polkit-1.in @@ -1,6 +1,8 @@ #%PAM-1.0 -auth include @PAM_FILE_INCLUDE_AUTH@ -account include @PAM_FILE_INCLUDE_ACCOUNT@ -password include @PAM_FILE_INCLUDE_PASSWORD@ -session include @PAM_FILE_INCLUDE_SESSION@ +@include common-auth +@include common-account +@include common-password +session required pam_env.so readenv=1 user_readenv=0 +session required pam_env.so readenv=1 envfile=/etc/default/locale user_readenv=0 +@include common-session-noninteractive -- cgit v1.2.3 From ce2633b10532bc90b59b8e2c50d3a468d8eefbce Mon Sep 17 00:00:00 2001 From: Robert Ancell Date: Wed, 18 Aug 2010 16:26:15 +1000 Subject: Use gettext for translations in .policy files Bug: http://bugs.freedesktop.org/show_bug.cgi?id=29639 Bug-Ubuntu: https://launchpad.net/bugs/619632 Gbp-Pq: Name 02_gettext.patch --- src/polkitbackend/polkitbackendactionpool.c | 49 +++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) diff --git a/src/polkitbackend/polkitbackendactionpool.c b/src/polkitbackend/polkitbackendactionpool.c index 4270d4ed..e2dbf9ef 100644 --- a/src/polkitbackend/polkitbackendactionpool.c +++ b/src/polkitbackend/polkitbackendactionpool.c @@ -24,6 +24,8 @@ #include #include #include +#include +#include #include #include @@ -44,7 +46,9 @@ typedef struct gchar *vendor_url; gchar *icon_name; gchar *description; + gchar *description_domain; gchar *message; + gchar *message_domain; PolkitImplicitAuthorization implicit_authorization_any; PolkitImplicitAuthorization implicit_authorization_inactive; @@ -65,7 +69,9 @@ parsed_action_free (ParsedAction *action) g_free (action->vendor_url); g_free (action->icon_name); g_free (action->description); + g_free (action->description_domain); g_free (action->message); + g_free (action->message_domain); g_hash_table_unref (action->localized_description); g_hash_table_unref (action->localized_message); @@ -85,6 +91,7 @@ static void ensure_all_files (PolkitBackendActionPool *pool); static const gchar *_localize (GHashTable *translations, const gchar *untranslated, + const gchar *domain, const gchar *lang); typedef struct @@ -385,9 +392,11 @@ polkit_backend_action_pool_get_action (PolkitBackendActionPool *pool, description = _localize (parsed_action->localized_description, parsed_action->description, + parsed_action->description_domain, locale); message = _localize (parsed_action->localized_message, parsed_action->message, + parsed_action->message_domain, locale); ret = polkit_action_description_new (action_id, @@ -603,11 +612,16 @@ typedef struct { GHashTable *policy_messages; char *policy_description_nolang; + char *policy_description_domain; char *policy_message_nolang; + char *policy_message_domain; /* the value of xml:lang for the thing we're reading in _cdata() */ char *elem_lang; + /* the value of gettext-domain for the thing we're reading in _cdata() */ + char *elem_domain; + char *annotate_key; GHashTable *annotations; @@ -629,8 +643,12 @@ pd_unref_action_data (ParserData *pd) g_free (pd->policy_description_nolang); pd->policy_description_nolang = NULL; + g_free (pd->policy_description_domain); + pd->policy_description_domain = NULL; g_free (pd->policy_message_nolang); pd->policy_message_nolang = NULL; + g_free (pd->policy_message_domain); + pd->policy_message_domain = NULL; if (pd->policy_descriptions != NULL) { g_hash_table_unref (pd->policy_descriptions); @@ -650,6 +668,8 @@ pd_unref_action_data (ParserData *pd) } g_free (pd->elem_lang); pd->elem_lang = NULL; + g_free (pd->elem_domain); + pd->elem_domain = NULL; } static void @@ -737,6 +757,10 @@ _start (void *data, const char *el, const char **attr) { pd->elem_lang = g_strdup (attr[1]); } + if (num_attr == 2 && strcmp (attr[0], "gettext-domain") == 0) + { + pd->elem_domain = g_strdup (attr[1]); + } state = STATE_IN_ACTION_DESCRIPTION; } else if (strcmp (el, "message") == 0) @@ -745,6 +769,10 @@ _start (void *data, const char *el, const char **attr) { pd->elem_lang = g_strdup (attr[1]); } + if (num_attr == 2 && strcmp (attr[0], "gettext-domain") == 0) + { + pd->elem_domain = g_strdup (attr[1]); + } state = STATE_IN_ACTION_MESSAGE; } else if (strcmp (el, "vendor") == 0 && num_attr == 0) @@ -847,6 +875,7 @@ _cdata (void *data, const char *s, int len) { g_free (pd->policy_description_nolang); pd->policy_description_nolang = str; + pd->policy_description_domain = g_strdup (pd->elem_domain); str = NULL; } else @@ -863,6 +892,7 @@ _cdata (void *data, const char *s, int len) { g_free (pd->policy_message_nolang); pd->policy_message_nolang = str; + pd->policy_message_domain = g_strdup (pd->elem_domain); str = NULL; } else @@ -960,6 +990,8 @@ _end (void *data, const char *el) g_free (pd->elem_lang); pd->elem_lang = NULL; + g_free (pd->elem_domain); + pd->elem_domain = NULL; switch (pd->state) { @@ -990,7 +1022,9 @@ _end (void *data, const char *el) action->vendor_url = g_strdup (vendor_url); action->icon_name = g_strdup (icon_name); action->description = g_strdup (pd->policy_description_nolang); + action->description_domain = g_strdup (pd->policy_description_domain); action->message = g_strdup (pd->policy_message_nolang); + action->message_domain = g_strdup (pd->policy_message_domain); action->localized_description = pd->policy_descriptions; action->localized_message = pd->policy_messages; @@ -1093,6 +1127,7 @@ error: * _localize: * @translations: a mapping from xml:lang to the value, e.g. 'da' -> 'Smadre', 'en_CA' -> 'Punch, Aye!' * @untranslated: the untranslated value, e.g. 'Punch' + * @domain: the gettext domain for this string. Make be NULL. * @lang: the locale we're interested in, e.g. 'da_DK', 'da', 'en_CA', 'en_US'; basically just $LANG * with the encoding cut off. Maybe be NULL. * @@ -1103,11 +1138,25 @@ error: static const gchar * _localize (GHashTable *translations, const gchar *untranslated, + const gchar *domain, const gchar *lang) { const gchar *result; gchar lang2[256]; guint n; + + if (domain != NULL) + { + gchar *old_locale; + + old_locale = g_strdup (setlocale (LC_ALL, NULL)); + setlocale (LC_ALL, lang); + result = dgettext (domain, untranslated); + setlocale (LC_ALL, old_locale); + g_free (old_locale); + + goto out; + } if (lang == NULL) { -- cgit v1.2.3 From 4739de44bc729b402571295311dce47f6dde4716 Mon Sep 17 00:00:00 2001 From: Michael Biebl Date: Fri, 9 Dec 2011 00:31:21 +0100 Subject: Revert "Default to AdminIdentities=unix-group:wheel for local authority" This reverts commit 763faf434b445c20ae9529100d3ef5290976d0c9. On Red Hat derivatives, every member of group 'wheel' is necessarily privileged. On Debian derivatives, there is no wheel group, and gid 0 (root) is not used in this way. Change the default rule to consider uid 0 to be privileged, instead. On Red Hat derivatives, 50-default.rules is not preserved by upgrades; on dpkg-based systems, it is a proper conffile and may be edited (at the sysadmin's own risk), so the comment about not editing it is misleading. [smcv: added longer explanation of why we make this change; remove unrelated cosmetic change to a man page] Forwarded: no, Debian-specific Gbp-Pq: Name 05_revert-admin-identities-unix-group-wheel.patch --- src/polkitbackend/50-localauthority.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/polkitbackend/50-localauthority.conf b/src/polkitbackend/50-localauthority.conf index 5e44bde0..20e0ba34 100644 --- a/src/polkitbackend/50-localauthority.conf +++ b/src/polkitbackend/50-localauthority.conf @@ -7,4 +7,4 @@ # [Configuration] -AdminIdentities=unix-group:wheel +AdminIdentities=unix-user:0 -- cgit v1.2.3 From 7b38ca52612c90f425623eb7636c0f2b15815de3 Mon Sep 17 00:00:00 2001 From: Michael Biebl Date: Sat, 11 Feb 2012 23:48:29 +0100 Subject: Install systemd service file for polkitd. Forwarded: no, obsoleted by an upstream commit in 0.106 Gbp-Pq: Name 06_systemd-service.patch --- data/org.freedesktop.PolicyKit1.service.in | 1 + 1 file changed, 1 insertion(+) diff --git a/data/org.freedesktop.PolicyKit1.service.in b/data/org.freedesktop.PolicyKit1.service.in index b6cd02b6..fbceb3ff 100644 --- a/data/org.freedesktop.PolicyKit1.service.in +++ b/data/org.freedesktop.PolicyKit1.service.in @@ -2,3 +2,4 @@ Name=org.freedesktop.PolicyKit1 Exec=@libexecdir@/polkitd --no-debug User=root +SystemdService=polkit.service -- cgit v1.2.3 From 65326ec5a615b6adb71b45232b7f1466b90b02a4 Mon Sep 17 00:00:00 2001 From: Michael Biebl Date: Wed, 8 Jul 2015 02:08:33 +0200 Subject: Build against libsystemd Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779756 Forwarded: no, obsoleted by upstream commit 2291767a014f5a04a92ca6f0eb472794f212ca67 in 0.113 Gbp-Pq: Name 10_build-against-libsystemd.patch --- configure.ac | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/configure.ac b/configure.ac index 388605d2..f55ddb7f 100644 --- a/configure.ac +++ b/configure.ac @@ -160,7 +160,7 @@ AC_ARG_ENABLE([systemd], [enable_systemd=auto]) if test "$enable_systemd" != "no"; then PKG_CHECK_MODULES(SYSTEMD, - [libsystemd-login], + [libsystemd], have_systemd=yes, have_systemd=no) if test "$have_systemd" = "yes"; then @@ -171,7 +171,7 @@ if test "$enable_systemd" != "no"; then LIBS=$save_LIBS else if test "$enable_systemd" = "yes"; then - AC_MSG_ERROR([systemd support requested but libsystemd-login1 library not found]) + AC_MSG_ERROR([systemd support requested but libsystemd library not found]) fi fi fi -- cgit v1.2.3 From 2b8f89f4c9ad31c36535f65aebbb3e9345b9ac89 Mon Sep 17 00:00:00 2001 From: Michael Biebl Date: Tue, 27 Nov 2018 18:36:27 +0100 Subject: Move D-Bus policy file to /usr/share/dbus-1/system.d/ To better support stateless systems with an empty /etc, the old location in /etc/dbus-1/system.d/ should only be used for local admin changes. Package provided D-Bus policy files are supposed to be installed in /usr/share/dbus-1/system.d/. This is supported since dbus 1.9.18. https://lists.freedesktop.org/archives/dbus/2015-July/016746.html https://gitlab.freedesktop.org/polkit/polkit/merge_requests/11 Gbp-Pq: Name Move-D-Bus-policy-file-to-usr-share-dbus-1-system.d.patch --- data/Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/Makefile.am b/data/Makefile.am index e1a60aad..3d874390 100644 --- a/data/Makefile.am +++ b/data/Makefile.am @@ -9,7 +9,7 @@ service_DATA = $(service_in_files:.service.in=.service) $(service_DATA): $(service_in_files) Makefile @sed -e "s|\@libexecdir\@|$(libexecdir)|" $< > $@ -dbusconfdir = $(sysconfdir)/dbus-1/system.d +dbusconfdir = $(datadir)/dbus-1/system.d dbusconf_DATA = org.freedesktop.PolicyKit1.conf if POLKIT_AUTHFW_PAM -- cgit v1.2.3 From 2f9579de614e75ae3ca476124d43c3be7cb29cf5 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Fri, 4 Jan 2019 14:24:48 -0500 Subject: backend: Compare PolkitUnixProcess uids for temporary authorizations It turns out that the combination of `(pid, start time)` is not enough to be unique. For temporary authorizations, we can avoid separate users racing on pid reuse by simply comparing the uid. https://bugs.chromium.org/p/project-zero/issues/detail?id=1692 And the above original email report is included in full in a new comment. Reported-by: Jann Horn Closes: https://gitlab.freedesktop.org/polkit/polkit/issues/75 (cherry picked from commit 6cc6aafee135ba44ea748250d7d29b562ca190e3) Gbp-Pq: Topic 0.116 Gbp-Pq: Name backend-Compare-PolkitUnixProcess-uids-for-temporary-auth.patch --- src/polkit/polkitsubject.c | 2 + src/polkit/polkitunixprocess.c | 71 +++++++++++++++++++++- .../polkitbackendinteractiveauthority.c | 39 +++++++++++- 3 files changed, 110 insertions(+), 2 deletions(-) diff --git a/src/polkit/polkitsubject.c b/src/polkit/polkitsubject.c index 78ec745a..fadcfe9b 100644 --- a/src/polkit/polkitsubject.c +++ b/src/polkit/polkitsubject.c @@ -99,6 +99,8 @@ polkit_subject_hash (PolkitSubject *subject) * @b: A #PolkitSubject. * * Checks if @a and @b are equal, ie. represent the same subject. + * However, avoid calling polkit_subject_equal() to compare two processes; + * for more information see the `PolkitUnixProcess` documentation. * * This function can be used in e.g. g_hash_table_new(). * diff --git a/src/polkit/polkitunixprocess.c b/src/polkit/polkitunixprocess.c index 4a425674..53537fa5 100644 --- a/src/polkit/polkitunixprocess.c +++ b/src/polkit/polkitunixprocess.c @@ -44,7 +44,10 @@ * @title: PolkitUnixProcess * @short_description: Unix processs * - * An object for representing a UNIX process. + * An object for representing a UNIX process. NOTE: This object as + * designed is now known broken; a mechanism to exploit a delay in + * start time in the Linux kernel was identified. Avoid + * calling polkit_subject_equal() to compare two processes. * * To uniquely identify processes, both the process id and the start * time of the process (a monotonic increasing value representing the @@ -59,6 +62,72 @@ * polkit_unix_process_new_for_owner() with trusted data. */ +/* See https://gitlab.freedesktop.org/polkit/polkit/issues/75 + + But quoting the original email in full here to ensure it's preserved: + + From: Jann Horn + Subject: [SECURITY] polkit: temporary auth hijacking via PID reuse and non-atomic fork + Date: Wednesday, October 10, 2018 5:34 PM + +When a (non-root) user attempts to e.g. control systemd units in the system +instance from an active session over DBus, the access is gated by a polkit +policy that requires "auth_admin_keep" auth. This results in an auth prompt +being shown to the user, asking the user to confirm the action by entering the +password of an administrator account. + +After the action has been confirmed, the auth decision for "auth_admin_keep" is +cached for up to five minutes. Subject to some restrictions, similar actions can +then be performed in this timespan without requiring re-auth: + + - The PID of the DBus client requesting the new action must match the PID of + the DBus client requesting the old action (based on SO_PEERCRED information + forwarded by the DBus daemon). + - The "start time" of the client's PID (as seen in /proc/$pid/stat, field 22) + must not have changed. The granularity of this timestamp is in the + millisecond range. + - polkit polls every two seconds whether a process with the expected start time + still exists. If not, the temporary auth entry is purged. + +Without the start time check, this would obviously be buggy because an attacker +could simply wait for the legitimate client to disappear, then create a new +client with the same PID. + +Unfortunately, the start time check is bypassable because fork() is not atomic. +Looking at the source code of copy_process() in the kernel: + + p->start_time = ktime_get_ns(); + p->real_start_time = ktime_get_boot_ns(); + [...] + retval = copy_thread_tls(clone_flags, stack_start, stack_size, p, tls); + if (retval) + goto bad_fork_cleanup_io; + + if (pid != &init_struct_pid) { + pid = alloc_pid(p->nsproxy->pid_ns_for_children); + if (IS_ERR(pid)) { + retval = PTR_ERR(pid); + goto bad_fork_cleanup_thread; + } + } + +The ktime_get_boot_ns() call is where the "start time" of the process is +recorded. The alloc_pid() call is where a free PID is allocated. In between +these, some time passes; and because the copy_thread_tls() call between them can +access userspace memory when sys_clone() is invoked through the 32-bit syscall +entry point, an attacker can even stall the kernel arbitrarily long at this +point (by supplying a pointer into userspace memory that is associated with a +userfaultfd or is backed by a custom FUSE filesystem). + +This means that an attacker can immediately call sys_clone() when the victim +process is created, often resulting in a process that has the exact same start +time reported in procfs; and then the attacker can delay the alloc_pid() call +until after the victim process has died and the PID assignment has cycled +around. This results in an attacker process that polkit can't distinguish from +the victim process. +*/ + + /** * PolkitUnixProcess: * diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c index 97a8d800..1e17dfd5 100644 --- a/src/polkitbackend/polkitbackendinteractiveauthority.c +++ b/src/polkitbackend/polkitbackendinteractiveauthority.c @@ -2870,6 +2870,43 @@ temporary_authorization_store_free (TemporaryAuthorizationStore *store) g_free (store); } +/* See the comment at the top of polkitunixprocess.c */ +static gboolean +subject_equal_for_authz (PolkitSubject *a, + PolkitSubject *b) +{ + if (!polkit_subject_equal (a, b)) + return FALSE; + + /* Now special case unix processes, as we want to protect against + * pid reuse by including the UID. + */ + if (POLKIT_IS_UNIX_PROCESS (a) && POLKIT_IS_UNIX_PROCESS (b)) { + PolkitUnixProcess *ap = (PolkitUnixProcess*)a; + int uid_a = polkit_unix_process_get_uid ((PolkitUnixProcess*)a); + PolkitUnixProcess *bp = (PolkitUnixProcess*)b; + int uid_b = polkit_unix_process_get_uid ((PolkitUnixProcess*)b); + + if (uid_a != -1 && uid_b != -1) + { + if (uid_a == uid_b) + { + return TRUE; + } + else + { + g_printerr ("denying slowfork; pid %d uid %d != %d!\n", + polkit_unix_process_get_pid (ap), + uid_a, uid_b); + return FALSE; + } + } + /* Fall through; one of the uids is unset so we can't reliably compare */ + } + + return TRUE; +} + static gboolean temporary_authorization_store_has_authorization (TemporaryAuthorizationStore *store, PolkitSubject *subject, @@ -2912,7 +2949,7 @@ temporary_authorization_store_has_authorization (TemporaryAuthorizationStore *st TemporaryAuthorization *authorization = l->data; if (strcmp (action_id, authorization->action_id) == 0 && - polkit_subject_equal (subject_to_use, authorization->subject)) + subject_equal_for_authz (subject_to_use, authorization->subject)) { ret = TRUE; if (out_tmp_authz_id != NULL) -- cgit v1.2.3 From 9ce5240cb1e744a428a3d3d6818a6980840744d4 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Wed, 6 Jun 2012 09:05:14 -0400 Subject: agenthelper-pam: Fix newline-trimming code First, we were using == instead of =, as the author probably intended. But after changing that, we're now assigning to const memory. Fix that by writing to a temporary string buffer. Signed-off-by: David Zeuthen Origin: upstream, 0.106, commit:14121fda7e4fa9463c66ce419cc32be7e7f3b535 Gbp-Pq: Topic 0.106 Gbp-Pq: Name agenthelper-pam-Fix-newline-trimming-code.patch --- src/polkitagent/polkitagenthelper-pam.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/src/polkitagent/polkitagenthelper-pam.c b/src/polkitagent/polkitagenthelper-pam.c index 85a26718..7af5321e 100644 --- a/src/polkitagent/polkitagenthelper-pam.c +++ b/src/polkitagent/polkitagenthelper-pam.c @@ -227,6 +227,8 @@ conversation_function (int n, const struct pam_message **msg, struct pam_respons char buf[PAM_MAX_RESP_SIZE]; int i; gchar *escaped = NULL; + gchar *tmp = NULL; + size_t len; data = data; if (n <= 0 || n > PAM_MAX_NUM_MSG) @@ -258,9 +260,12 @@ conversation_function (int n, const struct pam_message **msg, struct pam_respons #ifdef PAH_DEBUG fprintf (stderr, "polkit-agent-helper-1: writing `%s' to stdout\n", msg[i]->msg); #endif /* PAH_DEBUG */ - if (strlen (msg[i]->msg) > 0 && msg[i]->msg[strlen (msg[i]->msg) - 1] == '\n') - msg[i]->msg[strlen (msg[i]->msg) - 1] == '\0'; - escaped = g_strescape (msg[i]->msg, NULL); + tmp = g_strdup (msg[i]->msg); + len = strlen (tmp); + if (len > 0 && tmp[len - 1] == '\n') + tmp[len - 1] = '\0'; + escaped = g_strescape (tmp, NULL); + g_free (tmp); fputs (escaped, stdout); g_free (escaped); #ifdef PAH_DEBUG -- cgit v1.2.3 From ac16c3d0e103bdb6e438f729acc368fb79dd5758 Mon Sep 17 00:00:00 2001 From: Ryan Lortie Date: Tue, 13 Nov 2012 11:50:14 -0500 Subject: build: Fix .gir generation for parallel make As per the intructions in the introspection Makefile, we should have a line declaring a dependency between the .gir and .la files. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=57077 Signed-off-by: David Zeuthen Bug-Debian: https://bugs.debian.org/894205 Gbp-Pq: Topic 0.108 Gbp-Pq: Name build-Fix-.gir-generation-for-parallel-make.patch --- src/polkit/Makefile.am | 2 ++ src/polkitagent/Makefile.am | 2 ++ 2 files changed, 4 insertions(+) diff --git a/src/polkit/Makefile.am b/src/polkit/Makefile.am index 1068ea12..41ccf5c3 100644 --- a/src/polkit/Makefile.am +++ b/src/polkit/Makefile.am @@ -106,6 +106,8 @@ if HAVE_INTROSPECTION INTROSPECTION_GIRS = Polkit-1.0.gir +Polkit-1.0.gir: libpolkit-gobject-1.la + girdir = $(INTROSPECTION_GIRDIR) gir_DATA = Polkit-1.0.gir diff --git a/src/polkitagent/Makefile.am b/src/polkitagent/Makefile.am index e8c9fb1a..7b51137b 100644 --- a/src/polkitagent/Makefile.am +++ b/src/polkitagent/Makefile.am @@ -106,6 +106,8 @@ if HAVE_INTROSPECTION girdir = $(INTROSPECTION_GIRDIR) gir_DATA = PolkitAgent-1.0.gir +PolkitAgent-1.0.gir: libpolkit-agent-1.la + typelibsdir = $(INTROSPECTION_TYPELIBDIR) typelibs_DATA = PolkitAgent-1.0.typelib -- cgit v1.2.3 From 668dfe3b624887e70dfcd85f43835fdc434074d2 Mon Sep 17 00:00:00 2001 From: Adam Jackson Date: Tue, 9 Oct 2012 14:08:24 -0400 Subject: PolkitAgent: Avoid crashing if initializing the server object fails Note that otherwise we return a freed server object. Since later in polkit_agent_listener_register_with_options we check against NULL to determine failure, this makes for sad times later when we call server_free() on it again. Signed-off-by: David Zeuthen Origin: 0.108, commit:59f2d96ce3ac63173669f299a9453a7bf5e70a70 Bug: https://bugs.freedesktop.org/show_bug.cgi?id=55776 Bug-Debian: https://bugs.debian.org/923046 Gbp-Pq: Topic 0.108 Gbp-Pq: Name PolkitAgent-Avoid-crashing-if-initializing-the-server-obj.patch --- src/polkitagent/polkitagentlistener.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/polkitagent/polkitagentlistener.c b/src/polkitagent/polkitagentlistener.c index 0d97501a..5bddd035 100644 --- a/src/polkitagent/polkitagentlistener.c +++ b/src/polkitagent/polkitagentlistener.c @@ -260,10 +260,9 @@ server_new (PolkitSubject *subject, if (!server_init_sync (server, cancellable, error)) { server_free (server); - goto out; + return NULL; } - out: return server; } -- cgit v1.2.3 From c4ac65c9a447c5e85887759974a5a7297d474375 Mon Sep 17 00:00:00 2001 From: David Zeuthen Date: Wed, 19 Dec 2012 14:28:29 -0500 Subject: Set XAUTHORITY environment variable if is unset The way it works is that if XAUTHORITY is unset, then its default value is $HOME/.Xauthority. But since we're changing user identity this will not work since $HOME will now change. Therefore, if XAUTHORITY is unset, just set its default value before changing identity. This bug only affected login managers using X Window Authorization but not explicitly setting the XAUTHORITY variable. You can argue that XAUTHORITY is broken since it forces uid-changing apps like pkexec(1) to do more work - and get involved in intimate details of how X works and so on - but that doesn't change how things work. Based on a patch from Peter Wu . Bug: https://bugs.freedesktop.org/show_bug.cgi?id=51623 Signed-off-by: David Zeuthen Origin: upstream, 0.110, commit:d6acecdd0ebb42e28ff28e04e0207cb01fa20910 Gbp-Pq: Topic 0.110 Gbp-Pq: Name 07_set-XAUTHORITY-environment-variable-if-unset.patch --- src/programs/pkexec.c | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c index 373977b8..7fafa14d 100644 --- a/src/programs/pkexec.c +++ b/src/programs/pkexec.c @@ -597,6 +597,28 @@ main (int argc, char *argv[]) g_ptr_array_add (saved_env, g_strdup (value)); } + /* $XAUTHORITY is "special" - if unset, we need to set it to ~/.Xauthority. Yes, + * this is broken but it's unfortunately how things work (see fdo #51623 for + * details) + */ + if (g_getenv ("XAUTHORITY") == NULL) + { + const gchar *home; + + /* pre-2.36 GLib does not examine $HOME (it always looks in /etc/passwd) and + * this is not what we want + */ + home = g_getenv ("HOME"); + if (home == NULL) + home = g_get_home_dir (); + + if (home != NULL) + { + g_ptr_array_add (saved_env, g_strdup ("XAUTHORITY")); + g_ptr_array_add (saved_env, g_build_filename (home, ".Xauthority", NULL)); + } + } + /* Nuke the environment to get a well-known and sanitized environment to avoid attacks * via e.g. the DBUS_SYSTEM_BUS_ADDRESS environment variable and similar. */ -- cgit v1.2.3 From 408cc7296674ae536dddd991ff67d8afc8a519ab Mon Sep 17 00:00:00 2001 From: Emilio Pozuelo Monfort Date: Sat, 26 Mar 2011 07:28:14 +0000 Subject: Fix build on GNU Hurd Bug: https://bugs.freedesktop.org/show_bug.cgi?id=35685 Applied-upstream: 0.110, commit:d6de13e12379826af8ca9355a32da48707b9831f Gbp-Pq: Topic 0.110 Gbp-Pq: Name 04_get_cwd.patch --- src/programs/pkexec.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c index 7fafa14d..682fe954 100644 --- a/src/programs/pkexec.c +++ b/src/programs/pkexec.c @@ -53,7 +53,7 @@ #include static gchar *original_user_name = NULL; -static gchar original_cwd[PATH_MAX]; +static gchar *original_cwd; static gchar *command_line = NULL; static struct passwd *pw; @@ -465,7 +465,7 @@ main (int argc, char *argv[]) goto out; } - if (getcwd (original_cwd, sizeof (original_cwd)) == NULL) + if ((original_cwd = g_get_current_dir ()) == NULL) { g_printerr ("Error getting cwd: %s\n", g_strerror (errno)); @@ -953,6 +953,7 @@ main (int argc, char *argv[]) g_ptr_array_free (saved_env, TRUE); } + g_free (original_cwd); g_free (path); g_free (command_line); g_free (opt_user); -- cgit v1.2.3 From 9d1cd57732abd77ea6c9e375e33234dee753c926 Mon Sep 17 00:00:00 2001 From: Steve Langasek Date: Fri, 8 Mar 2013 12:00:00 +0100 Subject: pkexec: Set process environment from pam_getenvlist() Various pam modules provide environment variables that are intended to be set in the environment of the pam session. pkexec needs to process the output of pam_getenvlist() to get these. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=62016 Applied-upstream: 0.111, commit:5aef9722c15a350fbf8b20a3b58419f156cc7c98 Bug-Ubuntu: https://bugs.launchpad.net/bugs/982684 Gbp-Pq: Topic 0.111 Gbp-Pq: Name 09_pam_environment.patch --- src/programs/pkexec.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c index 682fe954..9a0570a3 100644 --- a/src/programs/pkexec.c +++ b/src/programs/pkexec.c @@ -145,6 +145,7 @@ open_session (const gchar *user_to_auth) gboolean ret; gint rc; pam_handle_t *pam_h; + char **envlist; struct pam_conv conversation; ret = FALSE; @@ -176,6 +177,15 @@ open_session (const gchar *user_to_auth) ret = TRUE; + envlist = pam_getenvlist (pam_h); + if (envlist != NULL) + { + guint n; + for (n = 0; envlist[n]; n++) + putenv (envlist[n]); + free (envlist); + } + out: if (pam_h != NULL) pam_end (pam_h, rc); -- cgit v1.2.3 From 4f07e2af1240b92e83583c031ba40d21bc2bf839 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Thu, 18 Apr 2013 19:54:59 +0200 Subject: Add a FIXME to polkitprivate.h See discussion in https://bugs.freedesktop.org/show_bug.cgi?id=63573 . Origin: upstream, 0.111, commit:18d97c95c022bb381efab8fb6ac80312bd7fbc11 Gbp-Pq: Topic 0.111 Gbp-Pq: Name Add-a-FIXME-to-polkitprivate.h.patch --- src/polkit/polkitprivate.h | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/src/polkit/polkitprivate.h b/src/polkit/polkitprivate.h index 579cc253..7f5c4634 100644 --- a/src/polkit/polkitprivate.h +++ b/src/polkit/polkitprivate.h @@ -28,6 +28,16 @@ #include "polkitauthorizationresult.h" #include "polkittemporaryauthorization.h" +/* FIXME: This header file is currently installed among other public header + files, and the symbols are exported in the shared library. + + For application writers: relying on any function here is strongly + discouraged. + + For polkit maintainers: This should be made private if a large ABI break + were necessary in the future. In the meantime, consider that there is + non-zero risk that changing these functions might break some applications. */ + PolkitActionDescription *polkit_action_description_new_for_gvariant (GVariant *value); GVariant *polkit_action_description_to_gvariant (PolkitActionDescription *action_description); -- cgit v1.2.3 From 331346cdd08e04ac7f8c21f019432e7aabc7e099 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Tue, 7 May 2013 22:30:25 +0200 Subject: Fix a memory leak Bug: https://bugs.freedesktop.org/show_bug.cgi?id=64336 Origin: upstream, 0.111, commit:d7b6ab40b586c255c49aba22f558eb6602c88b1e Gbp-Pq: Topic 0.111 Gbp-Pq: Name Fix-a-memory-leak.patch --- src/polkitagent/polkitagenthelper-pam.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/polkitagent/polkitagenthelper-pam.c b/src/polkitagent/polkitagenthelper-pam.c index 7af5321e..292abbe4 100644 --- a/src/polkitagent/polkitagenthelper-pam.c +++ b/src/polkitagent/polkitagenthelper-pam.c @@ -321,6 +321,7 @@ error: } } memset (aresp, 0, n * sizeof *aresp); + free (aresp); *resp = NULL; return PAM_CONV_ERR; } -- cgit v1.2.3 From fbba9a1e85731114bd87374ee18940e037656e8f Mon Sep 17 00:00:00 2001 From: Tomas Bzatek Date: Wed, 29 May 2013 13:45:31 +0000 Subject: Use GOnce for interface type registration Static local variable may not be enough since it doesn't provide locking. Related to these udisksd warnings: GLib-GObject-WARNING **: cannot register existing type `PolkitSubject' Thanks to Hans de Goede for spotting this! Bug: https://bugs.freedesktop.org/show_bug.cgi?id=65130 Origin: upstream, 0.112, commit:20ad116a6582e57d20f9d8197758947918753a4c Gbp-Pq: Topic 0.112 Gbp-Pq: Name 00git_type_registration.patch --- src/polkit/polkitidentity.c | 10 ++++++---- src/polkit/polkitsubject.c | 10 ++++++---- src/polkitbackend/polkitbackendactionlookup.c | 10 ++++++---- 3 files changed, 18 insertions(+), 12 deletions(-) diff --git a/src/polkit/polkitidentity.c b/src/polkit/polkitidentity.c index dd15b2f9..7813c2c0 100644 --- a/src/polkit/polkitidentity.c +++ b/src/polkit/polkitidentity.c @@ -49,9 +49,9 @@ base_init (gpointer g_iface) GType polkit_identity_get_type (void) { - static GType iface_type = 0; + static volatile gsize g_define_type_id__volatile = 0; - if (iface_type == 0) + if (g_once_init_enter (&g_define_type_id__volatile)) { static const GTypeInfo info = { @@ -67,12 +67,14 @@ polkit_identity_get_type (void) NULL /* value_table */ }; - iface_type = g_type_register_static (G_TYPE_INTERFACE, "PolkitIdentity", &info, 0); + GType iface_type = + g_type_register_static (G_TYPE_INTERFACE, "PolkitIdentity", &info, 0); g_type_interface_add_prerequisite (iface_type, G_TYPE_OBJECT); + g_once_init_leave (&g_define_type_id__volatile, iface_type); } - return iface_type; + return g_define_type_id__volatile; } /** diff --git a/src/polkit/polkitsubject.c b/src/polkit/polkitsubject.c index d2c4c205..aed57951 100644 --- a/src/polkit/polkitsubject.c +++ b/src/polkit/polkitsubject.c @@ -50,9 +50,9 @@ base_init (gpointer g_iface) GType polkit_subject_get_type (void) { - static GType iface_type = 0; + static volatile gsize g_define_type_id__volatile = 0; - if (iface_type == 0) + if (g_once_init_enter (&g_define_type_id__volatile)) { static const GTypeInfo info = { @@ -68,12 +68,14 @@ polkit_subject_get_type (void) NULL /* value_table */ }; - iface_type = g_type_register_static (G_TYPE_INTERFACE, "PolkitSubject", &info, 0); + GType iface_type = + g_type_register_static (G_TYPE_INTERFACE, "PolkitSubject", &info, 0); g_type_interface_add_prerequisite (iface_type, G_TYPE_OBJECT); + g_once_init_leave (&g_define_type_id__volatile, iface_type); } - return iface_type; + return g_define_type_id__volatile; } /** diff --git a/src/polkitbackend/polkitbackendactionlookup.c b/src/polkitbackend/polkitbackendactionlookup.c index 5a1a228a..20747e79 100644 --- a/src/polkitbackend/polkitbackendactionlookup.c +++ b/src/polkitbackend/polkitbackendactionlookup.c @@ -74,9 +74,9 @@ base_init (gpointer g_iface) GType polkit_backend_action_lookup_get_type (void) { - static GType iface_type = 0; + static volatile gsize g_define_type_id__volatile = 0; - if (iface_type == 0) + if (g_once_init_enter (&g_define_type_id__volatile)) { static const GTypeInfo info = { @@ -92,12 +92,14 @@ polkit_backend_action_lookup_get_type (void) NULL /* value_table */ }; - iface_type = g_type_register_static (G_TYPE_INTERFACE, "PolkitBackendActionLookup", &info, 0); + GType iface_type = + g_type_register_static (G_TYPE_INTERFACE, "PolkitBackendActionLookup", &info, 0); g_type_interface_add_prerequisite (iface_type, G_TYPE_OBJECT); + g_once_init_leave (&g_define_type_id__volatile, iface_type); } - return iface_type; + return g_define_type_id__volatile; } /** -- cgit v1.2.3 From 8e4b447192a58ebefde80895e3bf553092aff664 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Tue, 20 Aug 2013 15:15:31 -0400 Subject: polkitunixprocess: Deprecate racy APIs It's only safe for processes to be created with their owning uid, (without kernel support, which we don't have). Anything else is subject to clients exec()ing setuid binaries after the fact. Origin: upstream, 0.112, commit:08291789a1f99d4ab29c74c39344304bcca43023 Gbp-Pq: Topic 0.112 Gbp-Pq: Name 08_deprecate_racy_APIs.patch --- src/polkit/polkitunixprocess.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/polkit/polkitunixprocess.h b/src/polkit/polkitunixprocess.h index 531a57d6..f5ed1a73 100644 --- a/src/polkit/polkitunixprocess.h +++ b/src/polkit/polkitunixprocess.h @@ -47,7 +47,9 @@ typedef struct _PolkitUnixProcess PolkitUnixProcess; typedef struct _PolkitUnixProcessClass PolkitUnixProcessClass; GType polkit_unix_process_get_type (void) G_GNUC_CONST; +G_GNUC_DEPRECATED_FOR(polkit_unix_process_new_for_owner) PolkitSubject *polkit_unix_process_new (gint pid); +G_GNUC_DEPRECATED_FOR(polkit_unix_process_new_for_owner) PolkitSubject *polkit_unix_process_new_full (gint pid, guint64 start_time); PolkitSubject *polkit_unix_process_new_for_owner (gint pid, -- cgit v1.2.3 From b9b7371089e642cb46d93f168755c2b52c4c9881 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Mon, 19 Aug 2013 12:16:11 -0400 Subject: pkcheck: Support --process=pid,start-time,uid syntax too The uid is a new addition; this allows callers such as libvirt to close a race condition in reading the uid of the process talking to them. They can read it via getsockopt(SO_PEERCRED) or equivalent, rather than having pkcheck look at /proc later after the fact. Programs which invoke pkcheck but need to know beforehand (i.e. at compile time) whether or not it supports passing the uid can use: pkcheck_supports_uid=$($PKG_CONFIG --variable pkcheck_supports_uid polkit-gobject-1) test x$pkcheck_supports_uid = xyes Origin: upstream, 0.112, commit:3968411b0c7ba193f9b9276ec911692aec248608 Gbp-Pq: Topic 0.112 Gbp-Pq: Name cve-2013-4288.patch --- data/polkit-gobject-1.pc.in | 3 +++ docs/man/pkcheck.xml | 29 ++++++++++++++++++++--------- src/programs/pkcheck.c | 7 ++++++- 3 files changed, 29 insertions(+), 10 deletions(-) diff --git a/data/polkit-gobject-1.pc.in b/data/polkit-gobject-1.pc.in index c39677dd..5c4c6207 100644 --- a/data/polkit-gobject-1.pc.in +++ b/data/polkit-gobject-1.pc.in @@ -11,3 +11,6 @@ Version: @VERSION@ Libs: -L${libdir} -lpolkit-gobject-1 Cflags: -I${includedir}/polkit-1 Requires: gio-2.0 >= 2.18 glib-2.0 >= 2.18 +# Programs using pkcheck can use this to determine +# whether or not it can be passed a uid. +pkcheck_supports_uid=true diff --git a/docs/man/pkcheck.xml b/docs/man/pkcheck.xml index 6b8a8743..508447e2 100644 --- a/docs/man/pkcheck.xml +++ b/docs/man/pkcheck.xml @@ -55,6 +55,9 @@ pid,pid-start-time + + pid,pid-start-time,uid + @@ -90,7 +93,7 @@ DESCRIPTION pkcheck is used to check whether a process, specified by - either or , + either (see below) or , is authorized for action. The option can be used zero or more times to pass details about action. If is passed, pkcheck blocks @@ -160,17 +163,25 @@ KEY3=VALUE3 NOTES - Since process identifiers can be recycled, the caller should always use - pid,pid-start-time to specify the process - to check for authorization when using the option. - The value of pid-start-time - can be determined by consulting e.g. the + Do not use either the bare pid or + pid,start-time syntax forms for + . There are race conditions in both. + New code should always use + pid,pid-start-time,uid. The value of + start-time can be determined by + consulting e.g. the proc5 - file system depending on the operating system. If only pid - is passed to the option, then pkcheck - will look up the start time itself but note that this may be racy. + file system depending on the operating system. If fewer than 3 + arguments are passed, pkcheck will attempt to + look up them up internally, but note that this may be racy. + + + If your program is a daemon with e.g. a custom Unix domain + socket, you should determine the uid + parameter via operating system mechanisms such as + PEERCRED. diff --git a/src/programs/pkcheck.c b/src/programs/pkcheck.c index 719a36c4..057e926d 100644 --- a/src/programs/pkcheck.c +++ b/src/programs/pkcheck.c @@ -372,6 +372,7 @@ main (int argc, char *argv[]) else if (g_strcmp0 (argv[n], "--process") == 0 || g_strcmp0 (argv[n], "-p") == 0) { gint pid; + guint uid; guint64 pid_start_time; n++; @@ -381,7 +382,11 @@ main (int argc, char *argv[]) goto out; } - if (sscanf (argv[n], "%i,%" G_GUINT64_FORMAT, &pid, &pid_start_time) == 2) + if (sscanf (argv[n], "%i,%" G_GUINT64_FORMAT ",%u", &pid, &pid_start_time, &uid) == 3) + { + subject = polkit_unix_process_new_for_owner (pid, pid_start_time, uid); + } + else if (sscanf (argv[n], "%i,%" G_GUINT64_FORMAT, &pid, &pid_start_time) == 2) { subject = polkit_unix_process_new_full (pid, pid_start_time); } -- cgit v1.2.3 From 3840e40cc918c3e61ee292ebce40235fb462444b Mon Sep 17 00:00:00 2001 From: Rui Matos Date: Thu, 2 Mar 2017 14:50:31 +0100 Subject: polkitpermission: Fix a memory leak on authority changes Signed-off-by: Rui Matos Bug: https://bugs.freedesktop.org/show_bug.cgi?id=99741 Origin: upstream, 0.114, commit:df6488c0a5b2a6c7a2d4f6a55008263635c5571b Gbp-Pq: Topic 0.114 Gbp-Pq: Name polkitpermission-Fix-a-memory-leak-on-authority-changes.patch --- src/polkit/polkitpermission.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/polkit/polkitpermission.c b/src/polkit/polkitpermission.c index 22d195fc..be794cb3 100644 --- a/src/polkit/polkitpermission.c +++ b/src/polkit/polkitpermission.c @@ -454,6 +454,7 @@ changed_check_cb (GObject *source_object, if (result != NULL) { process_result (permission, result); + g_object_unref (result); } else { -- cgit v1.2.3 From ec18914af5cb1e6c5d8f88827a616aae516f4abe Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Sat, 9 Nov 2013 13:48:21 -0500 Subject: Port internals non-deprecated PolkitProcess API where possible We can't port everything, but in PolkitPermission and these test cases, we can use _for_owner() with the right information. [smcv: drop the part that touches test/polkitbackend/test-polkitbackendjsauthority.c which is not in this branch] Origin: upstream, 0.113, commit:6d3d0a8ffb0fd8ae59eb35593b305ec87da8858d Gbp-Pq: Topic 0.113 Gbp-Pq: Name Port-internals-non-deprecated-PolkitProcess-API-wher.patch --- src/polkit/polkitpermission.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/polkit/polkitpermission.c b/src/polkit/polkitpermission.c index be794cb3..f264094d 100644 --- a/src/polkit/polkitpermission.c +++ b/src/polkit/polkitpermission.c @@ -122,7 +122,7 @@ polkit_permission_constructed (GObject *object) PolkitPermission *permission = POLKIT_PERMISSION (object); if (permission->subject == NULL) - permission->subject = polkit_unix_process_new (getpid ()); + permission->subject = polkit_unix_process_new_for_owner (getpid (), 0, getuid ()); if (G_OBJECT_CLASS (polkit_permission_parent_class)->constructed != NULL) G_OBJECT_CLASS (polkit_permission_parent_class)->constructed (object); -- cgit v1.2.3 From 6f5389522a554357be14c11a83eb53c007778c4b Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Thu, 21 Nov 2013 17:39:37 -0500 Subject: pkexec: Work around systemd injecting broken XDG_RUNTIME_DIR This workaround isn't too much code, and it's often better to fix bugs in two places anyways. For more information: See https://bugzilla.redhat.com/show_bug.cgi?id=753882 See http://lists.freedesktop.org/archives/systemd-devel/2013-November/014370.html Origin: upstream, 0.113, commit:8635ffc16aeff6a07d675f861fe0dea03ea81d7e Gbp-Pq: Topic 0.113 Gbp-Pq: Name pkexec-Work-around-systemd-injecting-broken-XDG_RUNT.patch --- src/programs/pkexec.c | 33 ++++++++++++++++++++++++++++++--- 1 file changed, 30 insertions(+), 3 deletions(-) diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c index 9a0570a3..5e990443 100644 --- a/src/programs/pkexec.c +++ b/src/programs/pkexec.c @@ -139,8 +139,22 @@ pam_conversation_function (int n, return PAM_CONV_ERR; } +/* A work around for: + * https://bugzilla.redhat.com/show_bug.cgi?id=753882 + */ +static gboolean +xdg_runtime_dir_is_owned_by (const char *path, + uid_t target_uid) +{ + struct stat stbuf; + + return stat (path, &stbuf) == 0 && + stbuf.st_uid == target_uid; +} + static gboolean -open_session (const gchar *user_to_auth) +open_session (const gchar *user_to_auth, + uid_t target_uid) { gboolean ret; gint rc; @@ -182,7 +196,19 @@ open_session (const gchar *user_to_auth) { guint n; for (n = 0; envlist[n]; n++) - putenv (envlist[n]); + { + const char *envitem = envlist[n]; + + if (g_str_has_prefix (envitem, "XDG_RUNTIME_DIR=")) + { + const char *eq = strchr (envitem, '='); + g_assert (eq); + if (!xdg_runtime_dir_is_owned_by (eq + 1, target_uid)) + continue; + } + + putenv (envlist[n]); + } free (envlist); } @@ -892,7 +918,8 @@ main (int argc, char *argv[]) * As evident above, neither su(1) (and, for that matter, nor sudo(8)) does this. */ #ifdef POLKIT_AUTHFW_PAM - if (!open_session (pw->pw_name)) + if (!open_session (pw->pw_name, + pw->pw_uid)) { goto out; } -- cgit v1.2.3 From 8507aacacbf63e971f4995721159a8eee8d86df4 Mon Sep 17 00:00:00 2001 From: Rui Matos Date: Thu, 6 Feb 2014 18:41:18 +0100 Subject: PolkitAgentSession: fix race between child and io watches The helper flushes and fdatasyncs stdout and stderr before terminating but this doesn't guarantee that our io watch is called before our child watch. This means that we can end up with a successful return from the helper which we still report as a failure. If we add G_IO_HUP and G_IO_ERR to the conditions we look for in the io watch and the child terminates we still run the io watch handler which will complete the session. This means that the child watch is in fact needless and we can remove it. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=60847 Origin: upstream, 0.113, commit:7650ad1e08ab13bdb461783c4995d186d9392840 Bug: http://bugs.freedesktop.org/show_bug.cgi?id=30515 Bug-Ubuntu: https://launchpad.net/bugs/649939 Bug-Ubuntu: https://launchpad.net/bugs/445303 Gbp-Pq: Topic 0.113 Gbp-Pq: Name 03_PolkitAgentSession-fix-race-between-child-and-io-wat.patch --- src/polkitagent/polkitagentsession.c | 47 +++++++++--------------------------- 1 file changed, 11 insertions(+), 36 deletions(-) diff --git a/src/polkitagent/polkitagentsession.c b/src/polkitagent/polkitagentsession.c index 8129cd9f..a658a229 100644 --- a/src/polkitagent/polkitagentsession.c +++ b/src/polkitagent/polkitagentsession.c @@ -92,7 +92,6 @@ struct _PolkitAgentSession int child_stdout; GPid child_pid; - GSource *child_watch_source; GSource *child_stdout_watch_source; GIOChannel *child_stdout_channel; @@ -377,13 +376,6 @@ kill_helper (PolkitAgentSession *session) session->child_pid = 0; } - if (session->child_watch_source != NULL) - { - g_source_destroy (session->child_watch_source); - g_source_unref (session->child_watch_source); - session->child_watch_source = NULL; - } - if (session->child_stdout_watch_source != NULL) { g_source_destroy (session->child_stdout_watch_source); @@ -429,26 +421,6 @@ complete_session (PolkitAgentSession *session, } } -static void -child_watch_func (GPid pid, - gint status, - gpointer user_data) -{ - PolkitAgentSession *session = POLKIT_AGENT_SESSION (user_data); - - if (G_UNLIKELY (_show_debug ())) - { - g_print ("PolkitAgentSession: in child_watch_func for pid %d (WIFEXITED=%d WEXITSTATUS=%d)\n", - (gint) pid, - WIFEXITED(status), - WEXITSTATUS(status)); - } - - /* kill all the watches we have set up, except for the child since it has exited already */ - session->child_pid = 0; - complete_session (session, FALSE); -} - static gboolean io_watch_have_data (GIOChannel *channel, GIOCondition condition, @@ -475,10 +447,13 @@ io_watch_have_data (GIOChannel *channel, NULL, NULL, &error); - if (error != NULL) + if (error != NULL || line == NULL) { - g_warning ("Error reading line from helper: %s", error->message); - g_error_free (error); + /* In case we get just G_IO_HUP, line is NULL but error is + unset.*/ + g_warning ("Error reading line from helper: %s", + error ? error->message : "nothing to read"); + g_clear_error (&error); complete_session (session, FALSE); goto out; @@ -540,6 +515,9 @@ io_watch_have_data (GIOChannel *channel, g_free (line); g_free (unescaped); + if (condition & (G_IO_ERR | G_IO_HUP)) + complete_session (session, FALSE); + /* keep the IOChannel around */ return TRUE; } @@ -650,12 +628,9 @@ polkit_agent_session_initiate (PolkitAgentSession *session) if (G_UNLIKELY (_show_debug ())) g_print ("PolkitAgentSession: spawned helper with pid %d\n", (gint) session->child_pid); - session->child_watch_source = g_child_watch_source_new (session->child_pid); - g_source_set_callback (session->child_watch_source, (GSourceFunc) child_watch_func, session, NULL); - g_source_attach (session->child_watch_source, g_main_context_get_thread_default ()); - session->child_stdout_channel = g_io_channel_unix_new (session->child_stdout); - session->child_stdout_watch_source = g_io_create_watch (session->child_stdout_channel, G_IO_IN); + session->child_stdout_watch_source = g_io_create_watch (session->child_stdout_channel, + G_IO_IN | G_IO_ERR | G_IO_HUP); g_source_set_callback (session->child_stdout_watch_source, (GSourceFunc) io_watch_have_data, session, NULL); g_source_attach (session->child_stdout_watch_source, g_main_context_get_thread_default ()); -- cgit v1.2.3 From af8cec23b7a2083e79c2d5221776601f34cb61bb Mon Sep 17 00:00:00 2001 From: Lukasz Skalski Date: Tue, 22 Apr 2014 11:11:20 +0200 Subject: polkitd: Fix problem with removing non-existent source Bug: https://bugs.freedesktop.org/show_bug.cgi?id=77167 Applied-upstream: 0.113, commit:3ca4e00c7e003ea80aa96b499bc7cd83246d7108 Gbp-Pq: Topic 0.113 Gbp-Pq: Name polkitd-Fix-problem-with-removing-non-existent-sourc.patch --- src/polkitd/main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/polkitd/main.c b/src/polkitd/main.c index b21723f6..f18fb917 100644 --- a/src/polkitd/main.c +++ b/src/polkitd/main.c @@ -93,7 +93,7 @@ on_sigint (gpointer user_data) { g_print ("Handling SIGINT\n"); g_main_loop_quit (loop); - return FALSE; + return TRUE; } int -- cgit v1.2.3 From c6625d1b8912ab2a7ea2b073c1cc1d6694d8b815 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Wed, 21 Aug 2013 12:23:55 -0400 Subject: PolkitSystemBusName: Add public API to retrieve Unix user And change the duplicated code in the backend session monitors to use it. This just a code cleanup resulting from review after CVE-2013-4288. There's no security impact from this patch, it just removes duplicated code. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=69538 Origin: upstream, 0.113, commit:904d8404d93dec45fce3b719eb1a626acc6b8a73 Gbp-Pq: Topic 0.113 Gbp-Pq: Name PolkitSystemBusName-Add-public-API-to-retrieve-Unix-.patch --- src/polkit/polkitsystembusname.c | 56 ++++++++++++++++++++++ src/polkit/polkitsystembusname.h | 4 ++ .../polkitbackendsessionmonitor-systemd.c | 20 +------- src/polkitbackend/polkitbackendsessionmonitor.c | 20 +------- 4 files changed, 62 insertions(+), 38 deletions(-) diff --git a/src/polkit/polkitsystembusname.c b/src/polkit/polkitsystembusname.c index 2a297c4a..51e4a694 100644 --- a/src/polkit/polkitsystembusname.c +++ b/src/polkit/polkitsystembusname.c @@ -25,6 +25,7 @@ #include #include "polkitsystembusname.h" +#include "polkitunixuser.h" #include "polkitsubject.h" #include "polkitprivate.h" @@ -396,3 +397,58 @@ polkit_system_bus_name_get_process_sync (PolkitSystemBusName *system_bus_name, return ret; } +/** + * polkit_system_bus_name_get_user_sync: + * @system_bus_name: A #PolkitSystemBusName. + * @cancellable: (allow-none): A #GCancellable or %NULL. + * @error: (allow-none): Return location for error or %NULL. + * + * Synchronously gets a #PolkitUnixUser object for @system_bus_name; + * the calling thread is blocked until a reply is received. + * + * Returns: (allow-none) (transfer full): A #PolkitUnixUser object or %NULL if @error is set. + **/ +PolkitUnixUser * +polkit_system_bus_name_get_user_sync (PolkitSystemBusName *system_bus_name, + GCancellable *cancellable, + GError **error) +{ + GDBusConnection *connection; + PolkitUnixUser *ret; + GVariant *result; + guint32 uid; + + g_return_val_if_fail (POLKIT_IS_SYSTEM_BUS_NAME (system_bus_name), NULL); + g_return_val_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable), NULL); + g_return_val_if_fail (error == NULL || *error == NULL, NULL); + + ret = NULL; + + connection = g_bus_get_sync (G_BUS_TYPE_SYSTEM, cancellable, error); + if (connection == NULL) + goto out; + + result = g_dbus_connection_call_sync (connection, + "org.freedesktop.DBus", /* name */ + "/org/freedesktop/DBus", /* object path */ + "org.freedesktop.DBus", /* interface name */ + "GetConnectionUnixUser", /* method */ + g_variant_new ("(s)", system_bus_name->name), + G_VARIANT_TYPE ("(u)"), + G_DBUS_CALL_FLAGS_NONE, + -1, + cancellable, + error); + if (result == NULL) + goto out; + + g_variant_get (result, "(u)", &uid); + g_variant_unref (result); + + ret = (PolkitUnixUser*)polkit_unix_user_new (uid); + + out: + if (connection != NULL) + g_object_unref (connection); + return ret; +} diff --git a/src/polkit/polkitsystembusname.h b/src/polkit/polkitsystembusname.h index 1fc464fc..38d31f71 100644 --- a/src/polkit/polkitsystembusname.h +++ b/src/polkit/polkitsystembusname.h @@ -56,6 +56,10 @@ PolkitSubject *polkit_system_bus_name_get_process_sync (PolkitSystemBusName GCancellable *cancellable, GError **error); +PolkitUnixUser * polkit_system_bus_name_get_user_sync (PolkitSystemBusName *system_bus_name, + GCancellable *cancellable, + GError **error); + G_END_DECLS #endif /* __POLKIT_SYSTEM_BUS_NAME_H */ diff --git a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c index 58593c32..01853105 100644 --- a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c +++ b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c @@ -277,25 +277,7 @@ polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor } else if (POLKIT_IS_SYSTEM_BUS_NAME (subject)) { - GVariant *result; - - result = g_dbus_connection_call_sync (monitor->system_bus, - "org.freedesktop.DBus", - "/org/freedesktop/DBus", - "org.freedesktop.DBus", - "GetConnectionUnixUser", - g_variant_new ("(s)", polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (subject))), - G_VARIANT_TYPE ("(u)"), - G_DBUS_CALL_FLAGS_NONE, - -1, /* timeout_msec */ - NULL, /* GCancellable */ - error); - if (result == NULL) - goto out; - g_variant_get (result, "(u)", &uid); - g_variant_unref (result); - - ret = polkit_unix_user_new (uid); + ret = (PolkitIdentity*)polkit_system_bus_name_get_user_sync (POLKIT_SYSTEM_BUS_NAME (subject), NULL, error); } else if (POLKIT_IS_UNIX_SESSION (subject)) { diff --git a/src/polkitbackend/polkitbackendsessionmonitor.c b/src/polkitbackend/polkitbackendsessionmonitor.c index 9c331b64..4075d3ff 100644 --- a/src/polkitbackend/polkitbackendsessionmonitor.c +++ b/src/polkitbackend/polkitbackendsessionmonitor.c @@ -306,25 +306,7 @@ polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor } else if (POLKIT_IS_SYSTEM_BUS_NAME (subject)) { - GVariant *result; - - result = g_dbus_connection_call_sync (monitor->system_bus, - "org.freedesktop.DBus", - "/org/freedesktop/DBus", - "org.freedesktop.DBus", - "GetConnectionUnixUser", - g_variant_new ("(s)", polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (subject))), - G_VARIANT_TYPE ("(u)"), - G_DBUS_CALL_FLAGS_NONE, - -1, /* timeout_msec */ - NULL, /* GCancellable */ - error); - if (result == NULL) - goto out; - g_variant_get (result, "(u)", &uid); - g_variant_unref (result); - - ret = polkit_unix_user_new (uid); + ret = (PolkitIdentity*)polkit_system_bus_name_get_user_sync (POLKIT_SYSTEM_BUS_NAME (subject)); } else if (POLKIT_IS_UNIX_SESSION (subject)) { -- cgit v1.2.3 From a49350a25d1adc1f614393341ec5e7a86216ed19 Mon Sep 17 00:00:00 2001 From: Xabier Rodriguez Calvar Date: Sun, 10 Nov 2013 19:16:41 +0100 Subject: Fixed compilation problem in the backend Origin: upstream, 0.113, commit: dbbb7dc60abdd970af0a8fae404484181fa909c9 Bug-Debian: https://bugs.debian.org/798769 Gbp-Pq: Topic 0.113 Gbp-Pq: Name Fixed-compilation-problem-in-the-backend.patch --- src/polkitbackend/polkitbackendsessionmonitor.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/polkitbackend/polkitbackendsessionmonitor.c b/src/polkitbackend/polkitbackendsessionmonitor.c index 4075d3ff..05f51c58 100644 --- a/src/polkitbackend/polkitbackendsessionmonitor.c +++ b/src/polkitbackend/polkitbackendsessionmonitor.c @@ -306,7 +306,7 @@ polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor } else if (POLKIT_IS_SYSTEM_BUS_NAME (subject)) { - ret = (PolkitIdentity*)polkit_system_bus_name_get_user_sync (POLKIT_SYSTEM_BUS_NAME (subject)); + ret = (PolkitIdentity*)polkit_system_bus_name_get_user_sync (POLKIT_SYSTEM_BUS_NAME (subject), NULL, NULL); } else if (POLKIT_IS_UNIX_SESSION (subject)) { -- cgit v1.2.3 From f51b03d5385edac4d18b6f238ed8c168219c9577 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Mon, 11 Nov 2013 23:51:23 +0100 Subject: Don't discard error data returned by polkit_system_bus_name_get_user_sync Bug: https://bugs.freedesktop.org/show_bug.cgi?id=71458 Origin: upstream, 0.113, commit: 145d43b9c891f248ad68ebe597cb151a865bdb3a Bug-Debian: https://bugs.debian.org/798769 Gbp-Pq: Topic 0.113 Gbp-Pq: Name Don-t-discard-error-data-returned-by-polkit_system_b.patch --- src/polkitbackend/polkitbackendsessionmonitor.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/polkitbackend/polkitbackendsessionmonitor.c b/src/polkitbackend/polkitbackendsessionmonitor.c index 05f51c58..e1a9ab3a 100644 --- a/src/polkitbackend/polkitbackendsessionmonitor.c +++ b/src/polkitbackend/polkitbackendsessionmonitor.c @@ -306,7 +306,7 @@ polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor } else if (POLKIT_IS_SYSTEM_BUS_NAME (subject)) { - ret = (PolkitIdentity*)polkit_system_bus_name_get_user_sync (POLKIT_SYSTEM_BUS_NAME (subject), NULL, NULL); + ret = (PolkitIdentity*)polkit_system_bus_name_get_user_sync (POLKIT_SYSTEM_BUS_NAME (subject), NULL, error); } else if (POLKIT_IS_UNIX_SESSION (subject)) { -- cgit v1.2.3 From 5a5d5f6042b8750ef6c36f378be55ba254db36c1 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Thu, 7 Nov 2013 15:57:50 -0500 Subject: sessionmonitor-systemd: Deduplicate code paths We had the code to go from pid -> session duplicated. If we have a PolkitSystemBusName, convert it to a PolkitUnixProcess. Then we can do PolkitUnixProcess -> pid -> session in one place. This is just a code cleanup. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=69538 Origin: upstream, 0.113, commit:26d0c0578211fb96fc8fe75572aa11ad6ecbf9b8 Gbp-Pq: Topic 0.113 Gbp-Pq: Name sessionmonitor-systemd-Deduplicate-code-paths.patch --- .../polkitbackendsessionmonitor-systemd.c | 63 ++++++++-------------- 1 file changed, 22 insertions(+), 41 deletions(-) diff --git a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c index 01853105..756b728a 100644 --- a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c +++ b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c @@ -313,61 +313,42 @@ polkit_backend_session_monitor_get_session_for_subject (PolkitBackendSessionMoni PolkitSubject *subject, GError **error) { - PolkitSubject *session; - - session = NULL; + PolkitUnixProcess *tmp_process = NULL; + PolkitUnixProcess *process = NULL; + PolkitSubject *session = NULL; + char *session_id = NULL; + pid_t pid; if (POLKIT_IS_UNIX_PROCESS (subject)) - { - gchar *session_id; - pid_t pid; - - pid = polkit_unix_process_get_pid (POLKIT_UNIX_PROCESS (subject)); - if (sd_pid_get_session (pid, &session_id) < 0) - goto out; - - session = polkit_unix_session_new (session_id); - free (session_id); - } + process = POLKIT_UNIX_PROCESS (subject); /* We already have a process */ else if (POLKIT_IS_SYSTEM_BUS_NAME (subject)) { - guint32 pid; - gchar *session_id; - GVariant *result; - - result = g_dbus_connection_call_sync (monitor->system_bus, - "org.freedesktop.DBus", - "/org/freedesktop/DBus", - "org.freedesktop.DBus", - "GetConnectionUnixProcessID", - g_variant_new ("(s)", polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (subject))), - G_VARIANT_TYPE ("(u)"), - G_DBUS_CALL_FLAGS_NONE, - -1, /* timeout_msec */ - NULL, /* GCancellable */ - error); - if (result == NULL) - goto out; - g_variant_get (result, "(u)", &pid); - g_variant_unref (result); - - if (sd_pid_get_session (pid, &session_id) < 0) - goto out; - - session = polkit_unix_session_new (session_id); - free (session_id); + /* Convert bus name to process */ + tmp_process = (PolkitUnixProcess*)polkit_system_bus_name_get_process_sync (POLKIT_SYSTEM_BUS_NAME (subject), NULL, error); + if (!tmp_process) + goto out; + process = tmp_process; } else { g_set_error (error, POLKIT_ERROR, POLKIT_ERROR_NOT_SUPPORTED, - "Cannot get user for subject of type %s", + "Cannot get session for subject of type %s", g_type_name (G_TYPE_FROM_INSTANCE (subject))); } - out: + /* Now do process -> pid -> session */ + g_assert (process != NULL); + pid = polkit_unix_process_get_pid (process); + if (sd_pid_get_session (pid, &session_id) < 0) + goto out; + + session = polkit_unix_session_new (session_id); + free (session_id); + out: + if (tmp_process) g_object_unref (tmp_process); return session; } -- cgit v1.2.3 From 1b21cdc343c6fcc840f483e8f6e8b06489083d9c Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Sat, 9 Nov 2013 09:32:52 -0500 Subject: PolkitSystemBusName: Retrieve both pid and uid For polkit_system_bus_name_get_process_sync(), as pointed out by Miloslav Trmac, we can securely retrieve the owner uid as well from the system bus, rather than (racily) looking it up internally. This avoids use of a deprecated API. However, this is not a security fix because nothing in the polkit codebase itself actually retrieves the uid from the result of this API call. But, it might be useful in the future. Origin: upstream, 0.113, commit:bfa5036bfb93582c5a87c44b847957479d911e38 Gbp-Pq: Topic 0.113 Gbp-Pq: Name PolkitSystemBusName-Retrieve-both-pid-and-uid.patch --- src/polkit/polkitsystembusname.c | 171 +++++++++++++++++++++++++++------------ 1 file changed, 118 insertions(+), 53 deletions(-) diff --git a/src/polkit/polkitsystembusname.c b/src/polkit/polkitsystembusname.c index 51e4a694..8daa12cb 100644 --- a/src/polkit/polkitsystembusname.c +++ b/src/polkit/polkitsystembusname.c @@ -341,6 +341,116 @@ subject_iface_init (PolkitSubjectIface *subject_iface) /* ---------------------------------------------------------------------------------------------------- */ +typedef struct { + GError **error; + guint retrieved_uid : 1; + guint retrieved_pid : 1; + guint caught_error : 1; + + guint32 uid; + guint32 pid; +} AsyncGetBusNameCredsData; + +static void +on_retrieved_unix_uid_pid (GObject *src, + GAsyncResult *res, + gpointer user_data) +{ + AsyncGetBusNameCredsData *data = user_data; + GVariant *v; + + v = g_dbus_connection_call_finish ((GDBusConnection*)src, res, + data->caught_error ? NULL : data->error); + if (!v) + { + data->caught_error = TRUE; + } + else + { + guint32 value; + g_variant_get (v, "(u)", &value); + g_variant_unref (v); + if (!data->retrieved_uid) + { + data->retrieved_uid = TRUE; + data->uid = value; + } + else + { + g_assert (!data->retrieved_pid); + data->retrieved_pid = TRUE; + data->pid = value; + } + } +} + +static gboolean +polkit_system_bus_name_get_creds_sync (PolkitSystemBusName *system_bus_name, + guint32 *out_uid, + guint32 *out_pid, + GCancellable *cancellable, + GError **error) +{ + gboolean ret = FALSE; + AsyncGetBusNameCredsData data = { 0, }; + GDBusConnection *connection = NULL; + GMainContext *tmp_context = NULL; + + connection = g_bus_get_sync (G_BUS_TYPE_SYSTEM, cancellable, error); + if (connection == NULL) + goto out; + + data.error = error; + + tmp_context = g_main_context_new (); + g_main_context_push_thread_default (tmp_context); + + /* Do two async calls as it's basically as fast as one sync call. + */ + g_dbus_connection_call (connection, + "org.freedesktop.DBus", /* name */ + "/org/freedesktop/DBus", /* object path */ + "org.freedesktop.DBus", /* interface name */ + "GetConnectionUnixUser", /* method */ + g_variant_new ("(s)", system_bus_name->name), + G_VARIANT_TYPE ("(u)"), + G_DBUS_CALL_FLAGS_NONE, + -1, + cancellable, + on_retrieved_unix_uid_pid, + &data); + g_dbus_connection_call (connection, + "org.freedesktop.DBus", /* name */ + "/org/freedesktop/DBus", /* object path */ + "org.freedesktop.DBus", /* interface name */ + "GetConnectionUnixProcessID", /* method */ + g_variant_new ("(s)", system_bus_name->name), + G_VARIANT_TYPE ("(u)"), + G_DBUS_CALL_FLAGS_NONE, + -1, + cancellable, + on_retrieved_unix_uid_pid, + &data); + + while (!((data.retrieved_uid && data.retrieved_pid) || data.caught_error)) + g_main_context_iteration (tmp_context, TRUE); + + if (out_uid) + *out_uid = data.uid; + if (out_pid) + *out_pid = data.pid; + ret = TRUE; + out: + if (tmp_context) + { + g_main_context_pop_thread_default (tmp_context); + g_main_context_unref (tmp_context); + } + if (connection != NULL) + g_object_unref (connection); + return ret; +} + /** * polkit_system_bus_name_get_process_sync: * @system_bus_name: A #PolkitSystemBusName. @@ -357,43 +467,21 @@ polkit_system_bus_name_get_process_sync (PolkitSystemBusName *system_bus_name, GCancellable *cancellable, GError **error) { - GDBusConnection *connection; - PolkitSubject *ret; - GVariant *result; + PolkitSubject *ret = NULL; guint32 pid; + guint32 uid; g_return_val_if_fail (POLKIT_IS_SYSTEM_BUS_NAME (system_bus_name), NULL); g_return_val_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable), NULL); g_return_val_if_fail (error == NULL || *error == NULL, NULL); - ret = NULL; - - connection = g_bus_get_sync (G_BUS_TYPE_SYSTEM, cancellable, error); - if (connection == NULL) + if (!polkit_system_bus_name_get_creds_sync (system_bus_name, &uid, &pid, + cancellable, error)) goto out; - result = g_dbus_connection_call_sync (connection, - "org.freedesktop.DBus", /* name */ - "/org/freedesktop/DBus", /* object path */ - "org.freedesktop.DBus", /* interface name */ - "GetConnectionUnixProcessID", /* method */ - g_variant_new ("(s)", system_bus_name->name), - G_VARIANT_TYPE ("(u)"), - G_DBUS_CALL_FLAGS_NONE, - -1, - cancellable, - error); - if (result == NULL) - goto out; - - g_variant_get (result, "(u)", &pid); - g_variant_unref (result); - - ret = polkit_unix_process_new (pid); + ret = polkit_unix_process_new_for_owner (pid, 0, uid); out: - if (connection != NULL) - g_object_unref (connection); return ret; } @@ -413,42 +501,19 @@ polkit_system_bus_name_get_user_sync (PolkitSystemBusName *system_bus_name, GCancellable *cancellable, GError **error) { - GDBusConnection *connection; - PolkitUnixUser *ret; - GVariant *result; + PolkitUnixUser *ret = NULL; guint32 uid; g_return_val_if_fail (POLKIT_IS_SYSTEM_BUS_NAME (system_bus_name), NULL); g_return_val_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable), NULL); g_return_val_if_fail (error == NULL || *error == NULL, NULL); - ret = NULL; - - connection = g_bus_get_sync (G_BUS_TYPE_SYSTEM, cancellable, error); - if (connection == NULL) - goto out; - - result = g_dbus_connection_call_sync (connection, - "org.freedesktop.DBus", /* name */ - "/org/freedesktop/DBus", /* object path */ - "org.freedesktop.DBus", /* interface name */ - "GetConnectionUnixUser", /* method */ - g_variant_new ("(s)", system_bus_name->name), - G_VARIANT_TYPE ("(u)"), - G_DBUS_CALL_FLAGS_NONE, - -1, - cancellable, - error); - if (result == NULL) + if (!polkit_system_bus_name_get_creds_sync (system_bus_name, &uid, NULL, + cancellable, error)) goto out; - g_variant_get (result, "(u)", &uid); - g_variant_unref (result); - ret = (PolkitUnixUser*)polkit_unix_user_new (uid); out: - if (connection != NULL) - g_object_unref (connection); return ret; } -- cgit v1.2.3 From 18376c75053880411765b0d49c47425c47420206 Mon Sep 17 00:00:00 2001 From: Kay Sievers Date: Mon, 19 May 2014 10:19:49 +0900 Subject: sessionmonitor-systemd: prepare for D-Bus "user bus" model In the D-Bus "user bus" model, all sessions of a user share the same D-Bus instance, a polkit requesting process might live outside the login session which registered the user's polkit agent. In case a polkit requesting process is not part of the user's login session, we ask systemd-logind for the user's "display" session instead. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=78905 Bug-Debian: https://bugs.debian.org/779988 Applied-upstream: 0.113, commit:a68f5dfd7662767b7b9822090b70bc5bd145c50c [smcv: backport configure.ac changes; fail with #error if the required API is not found] Gbp-Pq: Topic 0.113 Gbp-Pq: Name sessionmonitor-systemd-prepare-for-D-Bus-user-bus-mo.patch --- configure.ac | 4 +++ .../polkitbackendsessionmonitor-systemd.c | 29 ++++++++++++++++++---- 2 files changed, 28 insertions(+), 5 deletions(-) diff --git a/configure.ac b/configure.ac index f4a0c417..aa2760f9 100644 --- a/configure.ac +++ b/configure.ac @@ -165,6 +165,10 @@ if test "$enable_systemd" != "no"; then have_systemd=no) if test "$have_systemd" = "yes"; then SESSION_TRACKING=systemd + save_LIBS=$LIBS + LIBS=$SYSTEMD_LIBS + AC_CHECK_FUNCS(sd_uid_get_display) + LIBS=$save_LIBS else if test "$enable_systemd" = "yes"; then AC_MSG_ERROR([systemd support requested but libsystemd-login1 library not found]) diff --git a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c index 756b728a..ebd05cea 100644 --- a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c +++ b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c @@ -318,6 +318,9 @@ polkit_backend_session_monitor_get_session_for_subject (PolkitBackendSessionMoni PolkitSubject *session = NULL; char *session_id = NULL; pid_t pid; +#if HAVE_SD_UID_GET_DISPLAY + uid_t uid; +#endif if (POLKIT_IS_UNIX_PROCESS (subject)) process = POLKIT_UNIX_PROCESS (subject); /* We already have a process */ @@ -338,16 +341,32 @@ polkit_backend_session_monitor_get_session_for_subject (PolkitBackendSessionMoni g_type_name (G_TYPE_FROM_INSTANCE (subject))); } - /* Now do process -> pid -> session */ + /* Now do process -> pid -> same session */ g_assert (process != NULL); pid = polkit_unix_process_get_pid (process); - if (sd_pid_get_session (pid, &session_id) < 0) + if (sd_pid_get_session (pid, &session_id) >= 0) + { + session = polkit_unix_session_new (session_id); + goto out; + } + +#if HAVE_SD_UID_GET_DISPLAY + /* Now do process -> uid -> graphical session (systemd version 213)*/ + if (sd_pid_get_owner_uid (pid, &uid) < 0) goto out; - - session = polkit_unix_session_new (session_id); - free (session_id); + + if (sd_uid_get_display (uid, &session_id) >= 0) + { + session = polkit_unix_session_new (session_id); + goto out; + } +#else +#error Debian should have sd_uid_get_display() +#endif + out: + free (session_id); if (tmp_process) g_object_unref (tmp_process); return session; } -- cgit v1.2.3 From bc355a31894c39f5ee7501023e10aabc7b07fef1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Tue, 26 Aug 2014 17:59:47 +0200 Subject: Refuse duplicate --user arguments to pkexec This usage is clearly erroneous, so we should tell the users they are making a mistake. Besides, this allows an attacker to cause a high number of heap allocations with attacker-controlled sizes ( http://googleprojectzero.blogspot.cz/2014/08/the-poisoned-nul-byte-2014-edition.html ), making some exploits easier. (To be clear, this is not a pkexec vulnerability, and we will not refuse attacker-affected malloc() usage as a matter of policy; but this commit is both user-friendly and adding some hardening.) Bug: https://bugs.freedesktop.org/show_bug.cgi?id=83093 Origin: upstream, 0.113, commit:6c992bc8aefa195a41eaa41c07f46f17de18e25c Gbp-Pq: Topic 0.113 Gbp-Pq: Name Refuse-duplicate-user-arguments-to-pkexec.patch --- src/programs/pkexec.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c index 5e990443..abc660df 100644 --- a/src/programs/pkexec.c +++ b/src/programs/pkexec.c @@ -533,6 +533,11 @@ main (int argc, char *argv[]) goto out; } + if (opt_user != NULL) + { + g_printerr ("--user specified twice\n"); + goto out; + } opt_user = g_strdup (argv[n]); } else if (strcmp (argv[n], "--disable-internal-agent") == 0) -- cgit v1.2.3 From 86281119b99fbf7f01eb6f6a0168d2c244ce5de6 Mon Sep 17 00:00:00 2001 From: "Max A. Dednev" Date: Sun, 11 Jan 2015 20:00:44 -0500 Subject: authority: Fix memory leak in EnumerateActions call results handler Policykit-1 doesn't release reference counters of GVariant data for org.freedesktop.PolicyKit1.Authority.EnumerateActions dbus call. This patch fixed reference counting and following memory leak. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=88288 Origin: upstream, 0.113, commit:f4d71e0de885010494b8b0b8d62ca910011d7544 Gbp-Pq: Topic 0.113 Gbp-Pq: Name 00git_fix_memleak.patch --- src/polkit/polkitauthority.c | 1 - 1 file changed, 1 deletion(-) diff --git a/src/polkit/polkitauthority.c b/src/polkit/polkitauthority.c index 9947cf32..84dab72c 100644 --- a/src/polkit/polkitauthority.c +++ b/src/polkit/polkitauthority.c @@ -715,7 +715,6 @@ polkit_authority_enumerate_actions_finish (PolkitAuthority *authority, while ((child = g_variant_iter_next_value (&iter)) != NULL) { ret = g_list_prepend (ret, polkit_action_description_new_for_gvariant (child)); - g_variant_ref_sink (child); g_variant_unref (child); } ret = g_list_reverse (ret); -- cgit v1.2.3 From 79a5e1dbef336cd363b5755928806f70df9ddf11 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Sat, 30 May 2015 09:06:23 -0400 Subject: CVE-2015-3218: backend: Handle invalid object paths in RegisterAuthenticationAgent MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Properly propagate the error, otherwise we dereference a `NULL` pointer. This is a local, authenticated DoS. `RegisterAuthenticationAgentWithOptions` and `UnregisterAuthentication` have been validated to not need changes for this. http://lists.freedesktop.org/archives/polkit-devel/2015-May/000420.html Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90829 Bug-Debian: https://bugs.debian.org/787932 Reported-by: Tavis Ormandy Reviewed-by: Philip Withnall Reviewed-by: Miloslav Trmač Signed-off-by: Colin Walters Origin: upstream, 0.113, commit:48e646918efb2bf0b3b505747655726d7869f31c Gbp-Pq: Topic 0.113 Gbp-Pq: Name 00git_invalid_object_paths.patch --- .../polkitbackendinteractiveauthority.c | 53 ++++++++++++---------- 1 file changed, 30 insertions(+), 23 deletions(-) diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c index b237e9db..25e13fb0 100644 --- a/src/polkitbackend/polkitbackendinteractiveauthority.c +++ b/src/polkitbackend/polkitbackendinteractiveauthority.c @@ -1558,36 +1558,42 @@ authentication_agent_new (PolkitSubject *scope, const gchar *unique_system_bus_name, const gchar *locale, const gchar *object_path, - GVariant *registration_options) + GVariant *registration_options, + GError **error) { AuthenticationAgent *agent; - GError *error; + GDBusProxy *proxy; - agent = g_new0 (AuthenticationAgent, 1); + if (!g_variant_is_object_path (object_path)) + { + g_set_error (error, POLKIT_ERROR, POLKIT_ERROR_FAILED, + "Invalid object path '%s'", object_path); + return NULL; + } + + proxy = g_dbus_proxy_new_for_bus_sync (G_BUS_TYPE_SYSTEM, + G_DBUS_PROXY_FLAGS_DO_NOT_LOAD_PROPERTIES | + G_DBUS_PROXY_FLAGS_DO_NOT_CONNECT_SIGNALS, + NULL, /* GDBusInterfaceInfo* */ + unique_system_bus_name, + object_path, + "org.freedesktop.PolicyKit1.AuthenticationAgent", + NULL, /* GCancellable* */ + error); + if (proxy == NULL) + { + g_prefix_error (error, "Failed to construct proxy for agent: " ); + return NULL; + } + agent = g_new0 (AuthenticationAgent, 1); agent->ref_count = 1; agent->scope = g_object_ref (scope); agent->object_path = g_strdup (object_path); agent->unique_system_bus_name = g_strdup (unique_system_bus_name); agent->locale = g_strdup (locale); agent->registration_options = registration_options != NULL ? g_variant_ref (registration_options) : NULL; - - error = NULL; - agent->proxy = g_dbus_proxy_new_for_bus_sync (G_BUS_TYPE_SYSTEM, - G_DBUS_PROXY_FLAGS_DO_NOT_LOAD_PROPERTIES | - G_DBUS_PROXY_FLAGS_DO_NOT_CONNECT_SIGNALS, - NULL, /* GDBusInterfaceInfo* */ - agent->unique_system_bus_name, - agent->object_path, - "org.freedesktop.PolicyKit1.AuthenticationAgent", - NULL, /* GCancellable* */ - &error); - if (agent->proxy == NULL) - { - g_warning ("Error constructing proxy for agent: %s", error->message); - g_error_free (error); - /* TODO: Make authentication_agent_new() return NULL and set a GError */ - } + agent->proxy = proxy; return agent; } @@ -2234,8 +2240,6 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken caller_cmdline = NULL; agent = NULL; - /* TODO: validate that object path is well-formed */ - interactive_authority = POLKIT_BACKEND_INTERACTIVE_AUTHORITY (authority); priv = POLKIT_BACKEND_INTERACTIVE_AUTHORITY_GET_PRIVATE (interactive_authority); @@ -2322,7 +2326,10 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (caller)), locale, object_path, - options); + options, + error); + if (!agent) + goto out; g_hash_table_insert (priv->hash_scope_to_authentication_agent, g_object_ref (subject), -- cgit v1.2.3 From 88ad4c6ed446f332ef350cd21760abfdd9af654e Mon Sep 17 00:00:00 2001 From: Philip Withnall Date: Tue, 2 Jun 2015 16:19:51 +0100 Subject: sessionmonitor-systemd: Use sd_uid_get_state() to check session activity MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Instead of using sd_pid_get_session() then sd_session_is_active() to determine whether the user is active, use sd_uid_get_state() directly. This gets the maximum of the states of all the user’s sessions, rather than the state of the session containing the subject process. Since the user is the security boundary, this is fine. This change is necessary for `systemd --user` sessions, where most user code will be forked off user@.service, rather than running inside the logind session (whether that be a foreground/active or background/online session). Policy-wise, the change is from checking whether the subject process is in an active session; to checking whether the subject process is owned by a user with at least one active session. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=76358 Applied-upstream: 0.113, commit:a29653ffa99e0809e15aa34afcd7b2df8593871c Bug-Debian: https://bugs.debian.org/779988 Gbp-Pq: Topic 0.113 Gbp-Pq: Name sessionmonitor-systemd-Use-sd_uid_get_state-to-check.patch --- .../polkitbackendsessionmonitor-systemd.c | 33 +++++++++++++++++++++- 1 file changed, 32 insertions(+), 1 deletion(-) diff --git a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c index ebd05cea..6bd517ab 100644 --- a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c +++ b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c @@ -391,6 +391,37 @@ gboolean polkit_backend_session_monitor_is_session_active (PolkitBackendSessionMonitor *monitor, PolkitSubject *session) { - return sd_session_is_active (polkit_unix_session_get_session_id (POLKIT_UNIX_SESSION (session))); + const char *session_id; + char *state; + uid_t uid; + gboolean is_active = FALSE; + + session_id = polkit_unix_session_get_session_id (POLKIT_UNIX_SESSION (session)); + + g_debug ("Checking whether session %s is active.", session_id); + + /* Check whether *any* of the user's current sessions are active. */ + if (sd_session_get_uid (session_id, &uid) < 0) + goto fallback; + + g_debug ("Session %s has UID %u.", session_id, uid); + + if (sd_uid_get_state (uid, &state) < 0) + goto fallback; + + g_debug ("UID %u has state %s.", uid, state); + + is_active = (g_strcmp0 (state, "active") == 0); + free (state); + + return is_active; + +fallback: + /* Fall back to checking the session. This is not ideal, since the user + * might have multiple sessions, and we cannot guarantee to have chosen + * the active one. + * + * See: https://bugs.freedesktop.org/show_bug.cgi?id=76358. */ + return sd_session_is_active (session_id); } -- cgit v1.2.3 From 4d67b3865a93c0a8114338f3c7ef389c62d48fc5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Wed, 11 Jun 2014 22:36:50 +0200 Subject: Fix a possible NULL dereference. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit polkit_backend_session_monitor_get_user_for_subject() may return NULL (and because it is using external processes, we can’t really rule it out). The code was already anticipating NULL in the cleanup section, so handle it also when actually using the value. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=80767 Origin: upstream, 0.113, commit:6109543303def367b84eaac97d2ff9cefe735efb Gbp-Pq: Topic 0.113 Gbp-Pq: Name Fix-a-possible-NULL-dereference.patch --- src/polkitbackend/polkitbackendinteractiveauthority.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c index 25e13fb0..00ee0446 100644 --- a/src/polkitbackend/polkitbackendinteractiveauthority.c +++ b/src/polkitbackend/polkitbackendinteractiveauthority.c @@ -557,7 +557,11 @@ log_result (PolkitBackendInteractiveAuthority *authority, user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, subject, NULL); subject_str = polkit_subject_to_string (subject); - user_of_subject_str = polkit_identity_to_string (user_of_subject); + + if (user_of_subject != NULL) + user_of_subject_str = polkit_identity_to_string (user_of_subject); + else + user_of_subject_str = g_strdup (""); caller_str = polkit_subject_to_string (caller); subject_cmdline = _polkit_subject_get_cmdline (subject); -- cgit v1.2.3 From aaab56bc80af9dbae16b87ca66023ab5f87b585a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Wed, 11 Jun 2014 22:44:28 +0200 Subject: Remove a redundant assignment. Instead of a nonsensical (data = data), use the more customary ((void)data) to silence the warning about an unused parameter. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=80767 Origin: upstream, 0.113, commit:37143eb06cb0c4dffca67079dd1c10c5b191b6a7 Gbp-Pq: Topic 0.113 Gbp-Pq: Name Remove-a-redundant-assignment.patch --- src/polkitagent/polkitagenthelper-pam.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/polkitagent/polkitagenthelper-pam.c b/src/polkitagent/polkitagenthelper-pam.c index 292abbe4..937386e8 100644 --- a/src/polkitagent/polkitagenthelper-pam.c +++ b/src/polkitagent/polkitagenthelper-pam.c @@ -230,7 +230,7 @@ conversation_function (int n, const struct pam_message **msg, struct pam_respons gchar *tmp = NULL; size_t len; - data = data; + (void)data; if (n <= 0 || n > PAM_MAX_NUM_MSG) return PAM_CONV_ERR; -- cgit v1.2.3 From d3fc9cf30f5393a3aa9ec75050be88b410e297d6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Mon, 15 Sep 2014 19:45:15 +0200 Subject: Fix duplicate GError use when "uid" is missing Some GLib versions complain loudly about this. To reproduce, call e.g. RegisterAuthenticationAgent with the following parameters: ("unix-process", {"pid": __import__('gi.repository.GLib', globals(), locals(), ['Variant']).Variant("u", 1), "start-time": __import__('gi.repository.GLib', globals(), locals(), ['Variant']).Variant("t", 1)}), "cs", "/" Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90877 Origin: upstream, 0.113, commit:2c8738941be18ef05ce724df46547f41dbc02fb5 Gbp-Pq: Topic 0.113 Gbp-Pq: Name Fix-duplicate-GError-use-when-uid-is-missing.patch --- src/polkit/polkitsubject.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/polkit/polkitsubject.c b/src/polkit/polkitsubject.c index aed57951..78ec745a 100644 --- a/src/polkit/polkitsubject.c +++ b/src/polkit/polkitsubject.c @@ -424,7 +424,7 @@ polkit_subject_new_for_gvariant (GVariant *variant, start_time = g_variant_get_uint64 (v); g_variant_unref (v); - v = lookup_asv (details_gvariant, "uid", G_VARIANT_TYPE_INT32, error); + v = lookup_asv (details_gvariant, "uid", G_VARIANT_TYPE_INT32, NULL); if (v != NULL) { uid = g_variant_get_int32 (v); -- cgit v1.2.3 From 6d3e737d268029df27938f4882de29c6b0fd0ad3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Sat, 6 Jun 2015 01:07:08 +0200 Subject: Fix a crash when two authentication requests are in flight. To reproduce: 1. pkttyagent -p $$ # or another suitable PID 2. pkcheck -p $that_pid -a org.freedesktop.policykit.exec -u 3. pkcheck -p $that_pid -a org.freedesktop.policykit.exec -u 4. Then, in the pkttyagent prompt, press Enter. polkit_agent_text_listener_initiate_authentication was already setting an appropriate error code, so the g_assert was unnecessary. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90879 Origin: upstream, 0.113, commit:e2d2fafd106624ddfea4b17d3f40704b2031c00b Gbp-Pq: Topic 0.113 Gbp-Pq: Name Fix-a-crash-when-two-authentication-requests-are-in-.patch --- src/polkitagent/polkitagenttextlistener.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/src/polkitagent/polkitagenttextlistener.c b/src/polkitagent/polkitagenttextlistener.c index b5c8a3f3..e63c2853 100644 --- a/src/polkitagent/polkitagenttextlistener.c +++ b/src/polkitagent/polkitagenttextlistener.c @@ -546,12 +546,10 @@ polkit_agent_text_listener_initiate_authentication_finish (PolkitAgentListener GAsyncResult *res, GError **error) { - PolkitAgentTextListener *listener = POLKIT_AGENT_TEXT_LISTENER (_listener); gboolean ret; g_warn_if_fail (g_simple_async_result_get_source_tag (G_SIMPLE_ASYNC_RESULT (res)) == polkit_agent_text_listener_initiate_authentication); - g_assert (listener->active_session == NULL); ret = FALSE; -- cgit v1.2.3 From 66bfd671450ba140b6a79e3c900775aad9ea3971 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Thu, 4 Jun 2015 12:15:18 -0400 Subject: CVE-2015-4625: Use unpredictable cookie values, keep them secret MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Tavis noted that it'd be possible with a 32 bit counter for someone to cause the cookie to wrap by creating Authentication requests in a loop. Something important to note here is that wrapping of signed integers is undefined behavior in C, so we definitely want to fix that. All counter integers used in this patch are unsigned. See the comment above `authentication_agent_generate_cookie` for details, but basically we're now using a cookie of the form: ``` - - - ``` Which has multiple 64 bit counters, plus unpredictable random 128 bit integer ids (effectively UUIDs, but we're not calling them that because we don't need to be globally unique. We further ensure that the cookies are not visible to other processes by changing the setuid helper to accept them over standard input. This means that an attacker would have to guess both ids. In any case, the security hole here is better fixed with the other change to bind user id (uid) of the agent with cookie lookups, making cookie guessing worthless. Nevertheless, I think it's worth doing this change too, for defense in depth. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90832 CVE: CVE-2015-4625 Reported-by: Tavis Ormandy Reviewed-by: Miloslav Trmač Signed-off-by: Colin Walters Origin: upstream, 0.113, commit:ea544ffc18405237ccd95d28d7f45afef49aca17 Bug-Debian: https://bugs.debian.org/796134 Gbp-Pq: Topic 0.113 Gbp-Pq: Name CVE-2015-4625-Use-unpredictable-cookie-values-keep-t.patch --- configure.ac | 2 +- src/polkitagent/polkitagenthelper-pam.c | 12 ++- src/polkitagent/polkitagenthelper-shadow.c | 12 ++- src/polkitagent/polkitagenthelperprivate.c | 33 ++++++++ src/polkitagent/polkitagenthelperprivate.h | 2 + src/polkitagent/polkitagentsession.c | 30 ++++--- .../polkitbackendinteractiveauthority.c | 99 +++++++++++++++++----- 7 files changed, 150 insertions(+), 40 deletions(-) diff --git a/configure.ac b/configure.ac index aa2760f9..388605d2 100644 --- a/configure.ac +++ b/configure.ac @@ -123,7 +123,7 @@ if test "x$GCC" = "xyes"; then changequote([,])dnl fi -PKG_CHECK_MODULES(GLIB, [gio-2.0 >= 2.28.0]) +PKG_CHECK_MODULES(GLIB, [gmodule-2.0 gio-unix-2.0 >= 2.30.0]) AC_SUBST(GLIB_CFLAGS) AC_SUBST(GLIB_LIBS) diff --git a/src/polkitagent/polkitagenthelper-pam.c b/src/polkitagent/polkitagenthelper-pam.c index 937386e8..19062aa8 100644 --- a/src/polkitagent/polkitagenthelper-pam.c +++ b/src/polkitagent/polkitagenthelper-pam.c @@ -65,7 +65,7 @@ main (int argc, char *argv[]) { int rc; const char *user_to_auth; - const char *cookie; + char *cookie = NULL; struct pam_conv pam_conversation; pam_handle_t *pam_h; const void *authed_user; @@ -97,7 +97,7 @@ main (int argc, char *argv[]) openlog ("polkit-agent-helper-1", LOG_CONS | LOG_PID, LOG_AUTHPRIV); /* check for correct invocation */ - if (argc != 3) + if (!(argc == 2 || argc == 3)) { syslog (LOG_NOTICE, "inappropriate use of helper, wrong number of arguments [uid=%d]", getuid ()); fprintf (stderr, "polkit-agent-helper-1: wrong number of arguments. This incident has been logged.\n"); @@ -105,7 +105,10 @@ main (int argc, char *argv[]) } user_to_auth = argv[1]; - cookie = argv[2]; + + cookie = read_cookie (argc, argv); + if (!cookie) + goto error; if (getuid () != 0) { @@ -203,6 +206,8 @@ main (int argc, char *argv[]) goto error; } + free (cookie); + #ifdef PAH_DEBUG fprintf (stderr, "polkit-agent-helper-1: successfully sent D-Bus message to PolicyKit daemon\n"); #endif /* PAH_DEBUG */ @@ -212,6 +217,7 @@ main (int argc, char *argv[]) return 0; error: + free (cookie); if (pam_h != NULL) pam_end (pam_h, rc); diff --git a/src/polkitagent/polkitagenthelper-shadow.c b/src/polkitagent/polkitagenthelper-shadow.c index a4f73acf..e8779154 100644 --- a/src/polkitagent/polkitagenthelper-shadow.c +++ b/src/polkitagent/polkitagenthelper-shadow.c @@ -46,7 +46,7 @@ main (int argc, char *argv[]) { struct spwd *shadow; const char *user_to_auth; - const char *cookie; + char *cookie = NULL; time_t now; /* clear the entire environment to avoid attacks with @@ -67,7 +67,7 @@ main (int argc, char *argv[]) openlog ("polkit-agent-helper-1", LOG_CONS | LOG_PID, LOG_AUTHPRIV); /* check for correct invocation */ - if (argc != 3) + if (!(argc == 2 || argc == 3)) { syslog (LOG_NOTICE, "inappropriate use of helper, wrong number of arguments [uid=%d]", getuid ()); fprintf (stderr, "polkit-agent-helper-1: wrong number of arguments. This incident has been logged.\n"); @@ -86,7 +86,10 @@ main (int argc, char *argv[]) } user_to_auth = argv[1]; - cookie = argv[2]; + + cookie = read_cookie (argc, argv); + if (!cookie) + goto error; #ifdef PAH_DEBUG fprintf (stderr, "polkit-agent-helper-1: user to auth is '%s'.\n", user_to_auth); @@ -153,6 +156,8 @@ main (int argc, char *argv[]) goto error; } + free (cookie); + #ifdef PAH_DEBUG fprintf (stderr, "polkit-agent-helper-1: successfully sent D-Bus message to PolicyKit daemon\n"); #endif /* PAH_DEBUG */ @@ -162,6 +167,7 @@ main (int argc, char *argv[]) return 0; error: + free (cookie); fprintf (stdout, "FAILURE\n"); flush_and_wait (); return 1; diff --git a/src/polkitagent/polkitagenthelperprivate.c b/src/polkitagent/polkitagenthelperprivate.c index 4417e70f..a99de7dd 100644 --- a/src/polkitagent/polkitagenthelperprivate.c +++ b/src/polkitagent/polkitagenthelperprivate.c @@ -23,6 +23,7 @@ #include "config.h" #include "polkitagenthelperprivate.h" #include +#include #include #include @@ -45,6 +46,38 @@ _polkit_clearenv (void) #endif +char * +read_cookie (int argc, char **argv) +{ + /* As part of CVE-2015-4625, we started passing the cookie + * on standard input, to ensure it's not visible to other + * processes. However, to ensure that things continue + * to work if the setuid binary is upgraded while old + * agents are still running (this will be common with + * package managers), we support both modes. + */ + if (argc == 3) + return strdup (argv[2]); + else + { + char *ret = NULL; + size_t n = 0; + ssize_t r = getline (&ret, &n, stdin); + if (r == -1) + { + if (!feof (stdin)) + perror ("getline"); + free (ret); + return NULL; + } + else + { + g_strchomp (ret); + return ret; + } + } +} + gboolean send_dbus_message (const char *cookie, const char *user) { diff --git a/src/polkitagent/polkitagenthelperprivate.h b/src/polkitagent/polkitagenthelperprivate.h index aeca2c74..547fdccf 100644 --- a/src/polkitagent/polkitagenthelperprivate.h +++ b/src/polkitagent/polkitagenthelperprivate.h @@ -38,6 +38,8 @@ int _polkit_clearenv (void); +char *read_cookie (int argc, char **argv); + gboolean send_dbus_message (const char *cookie, const char *user); void flush_and_wait (); diff --git a/src/polkitagent/polkitagentsession.c b/src/polkitagent/polkitagentsession.c index a658a229..6a3d6bc9 100644 --- a/src/polkitagent/polkitagentsession.c +++ b/src/polkitagent/polkitagentsession.c @@ -55,6 +55,7 @@ #include #include #include +#include #include #include "polkitagentmarshal.h" @@ -88,7 +89,7 @@ struct _PolkitAgentSession gchar *cookie; PolkitIdentity *identity; - int child_stdin; + GOutputStream *child_stdin; int child_stdout; GPid child_pid; @@ -129,7 +130,6 @@ G_DEFINE_TYPE (PolkitAgentSession, polkit_agent_session, G_TYPE_OBJECT); static void polkit_agent_session_init (PolkitAgentSession *session) { - session->child_stdin = -1; session->child_stdout = -1; } @@ -395,11 +395,7 @@ kill_helper (PolkitAgentSession *session) session->child_stdout = -1; } - if (session->child_stdin != -1) - { - g_warn_if_fail (close (session->child_stdin) == 0); - session->child_stdin = -1; - } + g_clear_object (&session->child_stdin); session->helper_is_running = FALSE; @@ -545,9 +541,9 @@ polkit_agent_session_response (PolkitAgentSession *session, add_newline = (response[response_len] != '\n'); - write (session->child_stdin, response, response_len); + (void) g_output_stream_write_all (session->child_stdin, response, response_len, NULL, NULL, NULL); if (add_newline) - write (session->child_stdin, newline, 1); + (void) g_output_stream_write_all (session->child_stdin, newline, 1, NULL, NULL, NULL); } /** @@ -567,8 +563,9 @@ polkit_agent_session_initiate (PolkitAgentSession *session) { uid_t uid; GError *error; - gchar *helper_argv[4]; + gchar *helper_argv[3]; struct passwd *passwd; + int stdin_fd = -1; g_return_if_fail (POLKIT_AGENT_IS_SESSION (session)); @@ -600,10 +597,8 @@ polkit_agent_session_initiate (PolkitAgentSession *session) helper_argv[0] = PACKAGE_LIBEXEC_DIR "/polkit-agent-helper-1"; helper_argv[1] = passwd->pw_name; - helper_argv[2] = session->cookie; - helper_argv[3] = NULL; + helper_argv[2] = NULL; - session->child_stdin = -1; session->child_stdout = -1; error = NULL; @@ -615,7 +610,7 @@ polkit_agent_session_initiate (PolkitAgentSession *session) NULL, NULL, &session->child_pid, - &session->child_stdin, + &stdin_fd, &session->child_stdout, NULL, &error)) @@ -628,6 +623,13 @@ polkit_agent_session_initiate (PolkitAgentSession *session) if (G_UNLIKELY (_show_debug ())) g_print ("PolkitAgentSession: spawned helper with pid %d\n", (gint) session->child_pid); + session->child_stdin = (GOutputStream*)g_unix_output_stream_new (stdin_fd, TRUE); + + /* Write the cookie on stdin so it can't be seen by other processes */ + (void) g_output_stream_write_all (session->child_stdin, session->cookie, strlen (session->cookie), + NULL, NULL, NULL); + (void) g_output_stream_write_all (session->child_stdin, "\n", 1, NULL, NULL, NULL); + session->child_stdout_channel = g_io_channel_unix_new (session->child_stdout); session->child_stdout_watch_source = g_io_create_watch (session->child_stdout_channel, G_IO_IN | G_IO_ERR | G_IO_HUP); diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c index 00ee0446..10eda2c7 100644 --- a/src/polkitbackend/polkitbackendinteractiveauthority.c +++ b/src/polkitbackend/polkitbackendinteractiveauthority.c @@ -212,6 +212,8 @@ typedef struct GDBusConnection *system_bus_connection; guint name_owner_changed_signal_id; + + guint64 agent_serial; } PolkitBackendInteractiveAuthorityPrivate; /* ---------------------------------------------------------------------------------------------------- */ @@ -430,11 +432,15 @@ struct AuthenticationAgent volatile gint ref_count; PolkitSubject *scope; + guint64 serial; gchar *locale; GVariant *registration_options; gchar *object_path; gchar *unique_system_bus_name; + GRand *cookie_pool; + gchar *cookie_prefix; + guint64 cookie_serial; GDBusProxy *proxy; @@ -1430,9 +1436,54 @@ authentication_session_cancelled_cb (GCancellable *cancellable, authentication_session_cancel (session); } +/* We're not calling this a UUID, but it's basically + * the same thing, just not formatted that way because: + * + * - I'm too lazy to do it + * - If we did, people might think it was actually + * generated from /dev/random, which we're not doing + * because this value doesn't actually need to be + * globally unique. + */ +static void +append_rand_u128_str (GString *buf, + GRand *pool) +{ + g_string_append_printf (buf, "%08x%08x%08x%08x", + g_rand_int (pool), + g_rand_int (pool), + g_rand_int (pool), + g_rand_int (pool)); +} + +/* A value that should be unique to the (AuthenticationAgent, AuthenticationSession) + * pair, and not guessable by other agents. + * + * - - - + * + * See http://lists.freedesktop.org/archives/polkit-devel/2015-June/000425.html + * + */ +static gchar * +authentication_agent_generate_cookie (AuthenticationAgent *agent) +{ + GString *buf = g_string_new (""); + + g_string_append (buf, agent->cookie_prefix); + + g_string_append_c (buf, '-'); + agent->cookie_serial++; + g_string_append_printf (buf, "%" G_GUINT64_FORMAT, + agent->cookie_serial); + g_string_append_c (buf, '-'); + append_rand_u128_str (buf, agent->cookie_pool); + + return g_string_free (buf, FALSE); +} + + static AuthenticationSession * authentication_session_new (AuthenticationAgent *agent, - const gchar *cookie, PolkitSubject *subject, PolkitIdentity *user_of_subject, PolkitSubject *caller, @@ -1449,7 +1500,7 @@ authentication_session_new (AuthenticationAgent *agent, session = g_new0 (AuthenticationSession, 1); session->agent = authentication_agent_ref (agent); - session->cookie = g_strdup (cookie); + session->cookie = authentication_agent_generate_cookie (agent); session->subject = g_object_ref (subject); session->user_of_subject = g_object_ref (user_of_subject); session->caller = g_object_ref (caller); @@ -1496,16 +1547,6 @@ authentication_session_free (AuthenticationSession *session) g_free (session); } -static gchar * -authentication_agent_new_cookie (AuthenticationAgent *agent) -{ - static gint counter = 0; - - /* TODO: use a more random-looking cookie */ - - return g_strdup_printf ("cookie%d", counter++); -} - static PolkitSubject * authentication_agent_get_scope (AuthenticationAgent *agent) { @@ -1553,12 +1594,15 @@ authentication_agent_unref (AuthenticationAgent *agent) g_free (agent->unique_system_bus_name); if (agent->registration_options != NULL) g_variant_unref (agent->registration_options); + g_rand_free (agent->cookie_pool); + g_free (agent->cookie_prefix); g_free (agent); } } static AuthenticationAgent * -authentication_agent_new (PolkitSubject *scope, +authentication_agent_new (guint64 serial, + PolkitSubject *scope, const gchar *unique_system_bus_name, const gchar *locale, const gchar *object_path, @@ -1592,6 +1636,7 @@ authentication_agent_new (PolkitSubject *scope, agent = g_new0 (AuthenticationAgent, 1); agent->ref_count = 1; + agent->serial = serial; agent->scope = g_object_ref (scope); agent->object_path = g_strdup (object_path); agent->unique_system_bus_name = g_strdup (unique_system_bus_name); @@ -1599,6 +1644,25 @@ authentication_agent_new (PolkitSubject *scope, agent->registration_options = registration_options != NULL ? g_variant_ref (registration_options) : NULL; agent->proxy = proxy; + { + GString *cookie_prefix = g_string_new (""); + GRand *agent_private_rand = g_rand_new (); + + g_string_append_printf (cookie_prefix, "%" G_GUINT64_FORMAT "-", agent->serial); + + /* Use a uniquely seeded PRNG to get a prefix cookie for this agent, + * whose sequence will not correlate with the per-authentication session + * cookies. + */ + append_rand_u128_str (cookie_prefix, agent_private_rand); + g_rand_free (agent_private_rand); + + agent->cookie_prefix = g_string_free (cookie_prefix, FALSE); + + /* And a newly seeded pool for per-session cookies */ + agent->cookie_pool = g_rand_new (); + } + return agent; } @@ -2083,7 +2147,6 @@ authentication_agent_initiate_challenge (AuthenticationAgent *agent, gpointer user_data) { AuthenticationSession *session; - gchar *cookie; GList *l; GList *identities; gchar *localized_message; @@ -2104,8 +2167,6 @@ authentication_agent_initiate_challenge (AuthenticationAgent *agent, &localized_icon_name, &localized_details); - cookie = authentication_agent_new_cookie (agent); - identities = NULL; /* select admin user if required by the implicit authorization */ @@ -2125,7 +2186,6 @@ authentication_agent_initiate_challenge (AuthenticationAgent *agent, } session = authentication_session_new (agent, - cookie, subject, user_of_subject, caller, @@ -2179,7 +2239,6 @@ authentication_agent_initiate_challenge (AuthenticationAgent *agent, g_list_foreach (identities, (GFunc) g_object_unref, NULL); g_list_free (identities); - g_free (cookie); g_free (localized_message); g_free (localized_icon_name); @@ -2326,7 +2385,9 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken goto out; } - agent = authentication_agent_new (subject, + priv->agent_serial++; + agent = authentication_agent_new (priv->agent_serial, + subject, polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (caller)), locale, object_path, -- cgit v1.2.3 From a91661c04fd680aaa1c6cf333e8d886794ac4388 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Wed, 17 Jun 2015 13:07:02 -0400 Subject: CVE-2015-4625: Bind use of cookies to specific uids MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit http://lists.freedesktop.org/archives/polkit-devel/2015-June/000425.html The "cookie" value that Polkit hands out is global to all polkit users. And when `AuthenticationAgentResponse` is invoked, we previously only received the cookie and *target* identity, and attempted to find an agent from that. The problem is that the current cookie is just an integer counter, and if it overflowed, it would be possible for an successful authorization in one session to trigger a response in another session. The overflow and ability to guess the cookie were fixed by the previous patch. This patch is conceptually further hardening on top of that. Polkit currently treats uids as equivalent from a security domain perspective; there is no support for SELinux/AppArmor/etc. differentiation. We can retrieve the uid from `getuid()` in the setuid helper, which allows us to ensure the uid invoking `AuthenticationAgentResponse2` matches that of the agent. Then the authority only looks at authentication sessions matching the cookie that were created by a matching uid, thus removing the ability for different uids to interfere with each other entirely. Several fixes to this patch were contributed by: Miloslav Trmač Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90837 CVE: CVE-2015-4625 Reported-by: Tavis Ormandy Reviewed-by: Miloslav Trmač Signed-off-by: Colin Walters Origin: upstream, 0.113, commit:493aa5dc1d278ab9097110c1262f5229bbaf1766 Bug-Debian: https://bugs.debian.org/796134 Gbp-Pq: Topic 0.113 Gbp-Pq: Name CVE-2015-4625-Bind-use-of-cookies-to-specific-uids.patch --- ....freedesktop.PolicyKit1.AuthenticationAgent.xml | 14 ++++- data/org.freedesktop.PolicyKit1.Authority.xml | 24 ++++++++- ...erface-org.freedesktop.PolicyKit1.Authority.xml | 46 +++++++++++++++- docs/polkit/overview.xml | 18 ++++--- src/polkit/polkitauthority.c | 13 ++++- src/polkitbackend/polkitbackendauthority.c | 61 +++++++++++++++++++++- src/polkitbackend/polkitbackendauthority.h | 2 + .../polkitbackendinteractiveauthority.c | 39 ++++++++++++-- 8 files changed, 198 insertions(+), 19 deletions(-) diff --git a/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml b/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml index 3b519c2f..5beef7d4 100644 --- a/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml +++ b/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml @@ -8,7 +8,19 @@ - + diff --git a/data/org.freedesktop.PolicyKit1.Authority.xml b/data/org.freedesktop.PolicyKit1.Authority.xml index fbfb9cdc..f9021ee2 100644 --- a/data/org.freedesktop.PolicyKit1.Authority.xml +++ b/data/org.freedesktop.PolicyKit1.Authority.xml @@ -313,7 +313,29 @@ - + + + + + + + + + + + + + + + + + + diff --git a/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml b/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml index 6525e250..e66bf534 100644 --- a/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml +++ b/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml @@ -42,6 +42,8 @@ Structure TemporaryAuth IN String object_path) AuthenticationAgentResponse (IN String cookie, IN Identity identity) +AuthenticationAgentResponse2 (IN uint32 uid, IN String cookie, + IN Identity identity) EnumerateTemporaryAuthorizations (IN Subject subject, OUT Array<TemporaryAuthorization> temporary_authorizations) RevokeTemporaryAuthorizations (IN Subject subject) @@ -777,9 +779,51 @@ AuthenticationAgentResponse (IN String cookie, IN Identity identity) -Method for authentication agents to invoke on successful authentication. This method will fail unless a sufficiently privileged caller invokes it. +Method for authentication agents to invoke on successful +authentication, intended only for use by a privileged helper process +internal to polkit. Deprecated in favor of AuthenticationAgentResponse2. + + + + IN String cookie: + + +The cookie identifying the authentication request that was passed to the authentication agent. + + + + + IN Identity identity: + + +A Identity struct describing what identity was authenticated. + + + + + + + AuthenticationAgentResponse2 () + +AuthenticationAgentResponse2 (IN uint32 uid, + IN String cookie, + IN Identity identity) + + +Method for authentication agents to invoke on successful +authentication, intended only for use by a privileged helper process +internal to polkit. Note this method was introduced in 0.114 to fix a security issue. + + IN uint32 uid: + + +The user id of the agent; normally this is the owner of the parent pid +of the process that invoked the internal setuid helper. + + + IN String cookie: diff --git a/docs/polkit/overview.xml b/docs/polkit/overview.xml index 24440d2e..c29d8da2 100644 --- a/docs/polkit/overview.xml +++ b/docs/polkit/overview.xml @@ -66,16 +66,18 @@ Authentication agents are provided by desktop environments. When an user session starts, the agent registers with the polkit - Authority using - the RegisterAuthenticationAgent() + Authority using the RegisterAuthenticationAgent() method. When services are needed, the authority will invoke - methods on - the org.freedesktop.PolicyKit1.AuthenticationAgent + methods on the org.freedesktop.PolicyKit1.AuthenticationAgent D-Bus interface. Once the user is authenticated, (a privileged - part of) the agent invokes - the AuthenticationAgentResponse() - method. Note that the polkit Authority itself does not care - how the agent authenticates the user. + part of) the agent invokes the AuthenticationAgentResponse() + method. This method should be treated as an internal + implementation detail, and callers should use the public shared + library API to invoke it, which currently uses a setuid helper + program. The libpolkit-agent-1 diff --git a/src/polkit/polkitauthority.c b/src/polkit/polkitauthority.c index 84dab72c..f45abc4a 100644 --- a/src/polkit/polkitauthority.c +++ b/src/polkit/polkitauthority.c @@ -1492,6 +1492,14 @@ polkit_authority_authentication_agent_response (PolkitAuthority *authority, gpointer user_data) { GVariant *identity_value; + /* Note that in reality, this API is only accessible to root, and + * only called from the setuid helper `polkit-agent-helper-1`. + * + * However, because this is currently public API, we avoid + * triggering warnings from ABI diff type programs by just grabbing + * the real uid of the caller here. + */ + uid_t uid = getuid (); g_return_if_fail (POLKIT_IS_AUTHORITY (authority)); g_return_if_fail (cookie != NULL); @@ -1501,8 +1509,9 @@ polkit_authority_authentication_agent_response (PolkitAuthority *authority, identity_value = polkit_identity_to_gvariant (identity); g_variant_ref_sink (identity_value); g_dbus_proxy_call (authority->proxy, - "AuthenticationAgentResponse", - g_variant_new ("(s@(sa{sv}))", + "AuthenticationAgentResponse2", + g_variant_new ("(us@(sa{sv}))", + (guint32)uid, cookie, identity_value), G_DBUS_CALL_FLAGS_NONE, diff --git a/src/polkitbackend/polkitbackendauthority.c b/src/polkitbackend/polkitbackendauthority.c index fd4f161c..d1b1a257 100644 --- a/src/polkitbackend/polkitbackendauthority.c +++ b/src/polkitbackend/polkitbackendauthority.c @@ -355,6 +355,7 @@ polkit_backend_authority_unregister_authentication_agent (PolkitBackendAuthority gboolean polkit_backend_authority_authentication_agent_response (PolkitBackendAuthority *authority, PolkitSubject *caller, + uid_t uid, const gchar *cookie, PolkitIdentity *identity, GError **error) @@ -373,7 +374,7 @@ polkit_backend_authority_authentication_agent_response (PolkitBackendAuthority } else { - return klass->authentication_agent_response (authority, caller, cookie, identity, error); + return klass->authentication_agent_response (authority, caller, uid, cookie, identity, error); } } @@ -587,6 +588,11 @@ static const gchar *server_introspection_data = " " " " " " + " " + " " + " " + " " + " " " " " " " " @@ -1035,6 +1041,57 @@ server_handle_authentication_agent_response (Server *server, error = NULL; if (!polkit_backend_authority_authentication_agent_response (server->authority, caller, + (uid_t)-1, + cookie, + identity, + &error)) + { + g_dbus_method_invocation_return_gerror (invocation, error); + g_error_free (error); + goto out; + } + + g_dbus_method_invocation_return_value (invocation, g_variant_new ("()")); + + out: + if (identity != NULL) + g_object_unref (identity); +} + +static void +server_handle_authentication_agent_response2 (Server *server, + GVariant *parameters, + PolkitSubject *caller, + GDBusMethodInvocation *invocation) +{ + const gchar *cookie; + GVariant *identity_gvariant; + PolkitIdentity *identity; + GError *error; + guint32 uid; + + identity = NULL; + + g_variant_get (parameters, + "(u&s@(sa{sv}))", + &uid, + &cookie, + &identity_gvariant); + + error = NULL; + identity = polkit_identity_new_for_gvariant (identity_gvariant, &error); + if (identity == NULL) + { + g_prefix_error (&error, "Error getting identity: "); + g_dbus_method_invocation_return_gerror (invocation, error); + g_error_free (error); + goto out; + } + + error = NULL; + if (!polkit_backend_authority_authentication_agent_response (server->authority, + caller, + (uid_t)uid, cookie, identity, &error)) @@ -1222,6 +1279,8 @@ server_handle_method_call (GDBusConnection *connection, server_handle_unregister_authentication_agent (server, parameters, caller, invocation); else if (g_strcmp0 (method_name, "AuthenticationAgentResponse") == 0) server_handle_authentication_agent_response (server, parameters, caller, invocation); + else if (g_strcmp0 (method_name, "AuthenticationAgentResponse2") == 0) + server_handle_authentication_agent_response2 (server, parameters, caller, invocation); else if (g_strcmp0 (method_name, "EnumerateTemporaryAuthorizations") == 0) server_handle_enumerate_temporary_authorizations (server, parameters, caller, invocation); else if (g_strcmp0 (method_name, "RevokeTemporaryAuthorizations") == 0) diff --git a/src/polkitbackend/polkitbackendauthority.h b/src/polkitbackend/polkitbackendauthority.h index a564054f..1c212e0d 100644 --- a/src/polkitbackend/polkitbackendauthority.h +++ b/src/polkitbackend/polkitbackendauthority.h @@ -154,6 +154,7 @@ struct _PolkitBackendAuthorityClass gboolean (*authentication_agent_response) (PolkitBackendAuthority *authority, PolkitSubject *caller, + uid_t uid, const gchar *cookie, PolkitIdentity *identity, GError **error); @@ -256,6 +257,7 @@ gboolean polkit_backend_authority_unregister_authentication_agent (PolkitBackend gboolean polkit_backend_authority_authentication_agent_response (PolkitBackendAuthority *authority, PolkitSubject *caller, + uid_t uid, const gchar *cookie, PolkitIdentity *identity, GError **error); diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c index 10eda2c7..5e29af2c 100644 --- a/src/polkitbackend/polkitbackendinteractiveauthority.c +++ b/src/polkitbackend/polkitbackendinteractiveauthority.c @@ -106,8 +106,9 @@ static AuthenticationAgent *get_authentication_agent_for_subject (PolkitBackendI PolkitSubject *subject); -static AuthenticationSession *get_authentication_session_for_cookie (PolkitBackendInteractiveAuthority *authority, - const gchar *cookie); +static AuthenticationSession *get_authentication_session_for_uid_and_cookie (PolkitBackendInteractiveAuthority *authority, + uid_t uid, + const gchar *cookie); static GList *get_authentication_sessions_initiated_by_system_bus_unique_name (PolkitBackendInteractiveAuthority *authority, const gchar *system_bus_unique_name); @@ -167,6 +168,7 @@ static gboolean polkit_backend_interactive_authority_unregister_authentication_a static gboolean polkit_backend_interactive_authority_authentication_agent_response (PolkitBackendAuthority *authority, PolkitSubject *caller, + uid_t uid, const gchar *cookie, PolkitIdentity *identity, GError **error); @@ -431,6 +433,7 @@ struct AuthenticationAgent { volatile gint ref_count; + uid_t creator_uid; PolkitSubject *scope; guint64 serial; @@ -1603,6 +1606,7 @@ authentication_agent_unref (AuthenticationAgent *agent) static AuthenticationAgent * authentication_agent_new (guint64 serial, PolkitSubject *scope, + PolkitIdentity *creator, const gchar *unique_system_bus_name, const gchar *locale, const gchar *object_path, @@ -1611,6 +1615,10 @@ authentication_agent_new (guint64 serial, { AuthenticationAgent *agent; GDBusProxy *proxy; + PolkitUnixUser *creator_user; + + g_assert (POLKIT_IS_UNIX_USER (creator)); + creator_user = POLKIT_UNIX_USER (creator); if (!g_variant_is_object_path (object_path)) { @@ -1638,6 +1646,7 @@ authentication_agent_new (guint64 serial, agent->ref_count = 1; agent->serial = serial; agent->scope = g_object_ref (scope); + agent->creator_uid = (uid_t)polkit_unix_user_get_uid (creator_user); agent->object_path = g_strdup (object_path); agent->unique_system_bus_name = g_strdup (unique_system_bus_name); agent->locale = g_strdup (locale); @@ -1736,8 +1745,9 @@ get_authentication_agent_for_subject (PolkitBackendInteractiveAuthority *authori } static AuthenticationSession * -get_authentication_session_for_cookie (PolkitBackendInteractiveAuthority *authority, - const gchar *cookie) +get_authentication_session_for_uid_and_cookie (PolkitBackendInteractiveAuthority *authority, + uid_t uid, + const gchar *cookie) { PolkitBackendInteractiveAuthorityPrivate *priv; GHashTableIter hash_iter; @@ -1755,6 +1765,23 @@ get_authentication_session_for_cookie (PolkitBackendInteractiveAuthority *author { GList *l; + /* We need to ensure that if somehow we have duplicate cookies + * due to wrapping, that the cookie used is matched to the user + * who called AuthenticationAgentResponse2. See + * http://lists.freedesktop.org/archives/polkit-devel/2015-June/000425.html + * + * Except if the legacy AuthenticationAgentResponse is invoked, + * we don't know the uid and hence use -1. Continue to support + * the old behavior for backwards compatibility, although everyone + * who is using our own setuid helper will automatically be updated + * to the new API. + */ + if (uid != (uid_t)-1) + { + if (agent->creator_uid != uid) + continue; + } + for (l = agent->active_sessions; l != NULL; l = l->next) { AuthenticationSession *session = l->data; @@ -2388,6 +2415,7 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken priv->agent_serial++; agent = authentication_agent_new (priv->agent_serial, subject, + user_of_caller, polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (caller)), locale, object_path, @@ -2601,6 +2629,7 @@ polkit_backend_interactive_authority_unregister_authentication_agent (PolkitBack static gboolean polkit_backend_interactive_authority_authentication_agent_response (PolkitBackendAuthority *authority, PolkitSubject *caller, + uid_t uid, const gchar *cookie, PolkitIdentity *identity, GError **error) @@ -2643,7 +2672,7 @@ polkit_backend_interactive_authority_authentication_agent_response (PolkitBacken } /* find the authentication session */ - session = get_authentication_session_for_cookie (interactive_authority, cookie); + session = get_authentication_session_for_uid_and_cookie (interactive_authority, uid, cookie); if (session == NULL) { g_set_error (error, -- cgit v1.2.3 From 50f320e5fa73c4d932759bd2b00d57c2aa1bc2fa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Wed, 17 Jun 2015 01:01:27 +0200 Subject: docs: Update for changes to uid binding/AuthenticationAgentResponse2 - Refer to PolkitAgentSession in general instead of to _response only - Revert to the original description of authentication cancellation, the agent really needs to return an error to the caller (in addition to dealing with the session if any). - Explicitly document the UID assumption; in the process fixing bug #69980. - Keep documenting that we need a sufficiently privileged caller. - Refer to the ...Response2 API in more places. - Also update docbook documentation. - Drop a paragraph suggesting non-PolkitAgentSession implementations are expected and commonplace. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90837 Reviewed-by: Colin Walters Origin: upstream, 0.113, commit:fb5076b7c05d01a532d593a4079a29cf2d63a228 Bug-Debian: https://bugs.debian.org/796134 Gbp-Pq: Topic 0.113 Gbp-Pq: Name docs-Update-for-changes-to-uid-binding-Authenticatio.patch --- ....freedesktop.PolicyKit1.AuthenticationAgent.xml | 6 +++--- data/org.freedesktop.PolicyKit1.Authority.xml | 11 ++++++---- ....freedesktop.PolicyKit1.AuthenticationAgent.xml | 7 +++++-- ...erface-org.freedesktop.PolicyKit1.Authority.xml | 12 +++++++---- docs/polkit/overview.xml | 8 ++++---- src/polkit/polkitauthority.c | 24 ++++++++++++++++++++-- src/polkitagent/polkitagentlistener.c | 5 +---- src/polkitbackend/polkitbackendauthority.c | 1 + 8 files changed, 51 insertions(+), 23 deletions(-) diff --git a/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml b/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml index 5beef7d4..482332f6 100644 --- a/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml +++ b/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml @@ -13,14 +13,14 @@ user to authenticate as one of the identities in @identities for the action with the identifier @action_id.This authentication is normally achieved via the - polkit_agent_session_response() API, which invokes a private + PolkitAgentSession API, which invokes a private setuid helper process to verify the authentication. When successful, it calls the org.freedesktop.PolicyKit1.Authority.AuthenticationAgentResponse2() method on the #org.freedesktop.PolicyKit1.Authority interface of the PolicyKit daemon before returning. If the user dismisses the - authentication dialog, the authentication agent should call - polkit_agent_session_cancel()."/> + authentication dialog, the authentication agent should return an + error."/> diff --git a/data/org.freedesktop.PolicyKit1.Authority.xml b/data/org.freedesktop.PolicyKit1.Authority.xml index f9021ee2..88da3c05 100644 --- a/data/org.freedesktop.PolicyKit1.Authority.xml +++ b/data/org.freedesktop.PolicyKit1.Authority.xml @@ -283,7 +283,7 @@ - + @@ -315,7 +315,8 @@ +internal to polkit. This method will fail unless a sufficiently privileged +caller invokes it. Deprecated in favor of org.freedesktop.PolicyKit1.Authority.AuthenticationAgentResponse2."/> @@ -330,11 +331,13 @@ internal to polkit."/> - + diff --git a/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.AuthenticationAgent.xml b/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.AuthenticationAgent.xml index ec596268..ab27b2f6 100644 --- a/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.AuthenticationAgent.xml +++ b/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.AuthenticationAgent.xml @@ -47,10 +47,13 @@ BeginAuthentication (IN String action_id, identifier action_id.Upon succesful authentication, the authentication agent must invoke the AuthenticationAgentResponse() + linkend="eggdbus-method-org.freedesktop.PolicyKit1.Authority.AuthenticationAgentResponse2">AuthenticationAgentResponse2() method on the org.freedesktop.PolicyKit1.Authority - interface of the PolicyKit daemon before returning. + interface of the PolicyKit daemon before returning. This is normally + achieved via the PolkitAgentSession + API, which invokes a private setuid helper process to verify the + authentication. The authentication agent should not return until after authentication is complete. diff --git a/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml b/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml index e66bf534..f2eed639 100644 --- a/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml +++ b/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml @@ -42,7 +42,7 @@ Structure TemporaryAuth IN String object_path) AuthenticationAgentResponse (IN String cookie, IN Identity identity) -AuthenticationAgentResponse2 (IN uint32 uid, IN String cookie, +AuthenticationAgentResponse2 (IN uint32 uid, IN String cookie, IN Identity identity) EnumerateTemporaryAuthorizations (IN Subject subject, OUT Array<TemporaryAuthorization> temporary_authorizations) @@ -701,7 +701,7 @@ RegisterAuthenticationAgent (IN Subject< IN String object_path) -Register an authentication agent.Note that current versions of PolicyKit will only work if session_id is set to the empty string. In the future it might work for non-empty strings if the caller is sufficiently privileged. +Register an authentication agent.Note that this should be called by same effective UID which will be passed to AuthenticationAgentResponse2(). @@ -781,7 +781,8 @@ AuthenticationAgentResponse (IN String cookie, Method for authentication agents to invoke on successful authentication, intended only for use by a privileged helper process -internal to polkit. Deprecated in favor of AuthenticationAgentResponse2. +internal to polkit. This method will fail unless a sufficiently privileged ++caller invokes it. Deprecated in favor of AuthenticationAgentResponse2(). @@ -812,7 +813,10 @@ AuthenticationAgentResponse2 (IN uint32 uid, Method for authentication agents to invoke on successful authentication, intended only for use by a privileged helper process -internal to polkit. Note this method was introduced in 0.114 to fix a security issue. +internal to polkit. This method will fail unless a sufficiently privileged +caller invokes it. Note this method was introduced in 0.114 and should be +preferred over AuthenticationAgentResponse() +as it fixes a security issue. diff --git a/docs/polkit/overview.xml b/docs/polkit/overview.xml index c29d8da2..8ddb34cc 100644 --- a/docs/polkit/overview.xml +++ b/docs/polkit/overview.xml @@ -73,11 +73,11 @@ linkend="eggdbus-interface-org.freedesktop.PolicyKit1.AuthenticationAgent">org.freedesktop.PolicyKit1.AuthenticationAgent D-Bus interface. Once the user is authenticated, (a privileged part of) the agent invokes the AuthenticationAgentResponse() + linkend="eggdbus-method-org.freedesktop.PolicyKit1.Authority.AuthenticationAgentResponse2">AuthenticationAgentResponse2() method. This method should be treated as an internal - implementation detail, and callers should use the public shared - library API to invoke it, which currently uses a setuid helper - program. + implementation detail, and callers should use the + PolkitAgentSession API to invoke + it, which currently uses a setuid helper program. The libpolkit-agent-1 diff --git a/src/polkit/polkitauthority.c b/src/polkit/polkitauthority.c index f45abc4a..4e882e64 100644 --- a/src/polkit/polkitauthority.c +++ b/src/polkit/polkitauthority.c @@ -1038,6 +1038,10 @@ polkit_authority_check_authorization_sync (PolkitAuthority *author * * Asynchronously registers an authentication agent. * + * Note that this should be called by the same effective UID which will be + * the real UID using the #PolkitAgentSession API or otherwise calling + * polkit_authority_authentication_agent_response(). + * * When the operation is finished, @callback will be invoked in the * thread-default * main loop of the thread you are calling this method @@ -1129,7 +1133,13 @@ polkit_authority_register_authentication_agent_finish (PolkitAuthority *authorit * @cancellable: (allow-none): A #GCancellable or %NULL. * @error: (allow-none): Return location for error or %NULL. * - * Registers an authentication agent. The calling thread is blocked + * Registers an authentication agent. + * + * Note that this should be called by the same effective UID which will be + * the real UID using the #PolkitAgentSession API or otherwise calling + * polkit_authority_authentication_agent_response(). + * + * The calling thread is blocked * until a reply is received. See * polkit_authority_register_authentication_agent() for the * asynchronous version. @@ -1178,6 +1188,10 @@ polkit_authority_register_authentication_agent_sync (PolkitAuthority *author * * Asynchronously registers an authentication agent. * + * Note that this should be called by the same effective UID which will be + * the real UID using the #PolkitAgentSession API or otherwise calling + * polkit_authority_authentication_agent_response(). + * * When the operation is finished, @callback will be invoked in the * thread-default * main loop of the thread you are calling this method @@ -1292,7 +1306,13 @@ polkit_authority_register_authentication_agent_with_options_finish (PolkitAuthor * @cancellable: (allow-none): A #GCancellable or %NULL. * @error: (allow-none): Return location for error or %NULL. * - * Registers an authentication agent. The calling thread is blocked + * Registers an authentication agent. + * + * Note that this should be called by the same effective UID which will be + * the real UID using the #PolkitAgentSession API or otherwise calling + * polkit_authority_authentication_agent_response(). + * + * The calling thread is blocked * until a reply is received. See * polkit_authority_register_authentication_agent_with_options() for the * asynchronous version. diff --git a/src/polkitagent/polkitagentlistener.c b/src/polkitagent/polkitagentlistener.c index 5bddd035..2bfda2d5 100644 --- a/src/polkitagent/polkitagentlistener.c +++ b/src/polkitagent/polkitagentlistener.c @@ -37,10 +37,7 @@ * * Typically authentication agents use #PolkitAgentSession to * authenticate users (via passwords) and communicate back the - * authentication result to the PolicyKit daemon. This is however not - * requirement. Depending on the system an authentication agent may - * use other means (such as a Yes/No dialog) to obtain sufficient - * evidence that the user is one of the requested identities. + * authentication result to the PolicyKit daemon. * * To register a #PolkitAgentListener with the PolicyKit daemon, use * polkit_agent_listener_register() or diff --git a/src/polkitbackend/polkitbackendauthority.c b/src/polkitbackend/polkitbackendauthority.c index d1b1a257..10b8af34 100644 --- a/src/polkitbackend/polkitbackendauthority.c +++ b/src/polkitbackend/polkitbackendauthority.c @@ -343,6 +343,7 @@ polkit_backend_authority_unregister_authentication_agent (PolkitBackendAuthority * polkit_backend_authority_authentication_agent_response: * @authority: A #PolkitBackendAuthority. * @caller: The system bus name that initiated the query. + * @uid: The real UID of the registered agent, or (uid_t)-1 if unknown. * @cookie: The cookie passed to the authentication agent from the authority. * @identity: The identity that was authenticated. * @error: Return location for error or %NULL. -- cgit v1.2.3 From 7464b6696c7fa0150442e034ba85f3e2833779a3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Tue, 1 Jul 2014 20:00:48 +0200 Subject: Fix a per-authorization memory leak We were leaking PolkitAuthorizationResult on every request, primarily on the success path, but also on various error paths as well. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=69501 Origin: upstream, 0.113, commit:0f5852a4bdabe377ddcdbed09a0c1f95710e17fe Gbp-Pq: Topic 0.113 Gbp-Pq: Name Fix-a-per-authorization-memory-leak.patch --- src/polkitbackend/polkitbackendauthority.c | 1 + src/polkitbackend/polkitbackendinteractiveauthority.c | 5 ++++- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/src/polkitbackend/polkitbackendauthority.c b/src/polkitbackend/polkitbackendauthority.c index 10b8af34..39eb5b9d 100644 --- a/src/polkitbackend/polkitbackendauthority.c +++ b/src/polkitbackend/polkitbackendauthority.c @@ -714,6 +714,7 @@ check_auth_cb (GObject *source_object, g_variant_ref_sink (value); g_dbus_method_invocation_return_value (data->invocation, g_variant_new ("(@(bba{ss}))", value)); g_variant_unref (value); + g_object_unref (result); } check_auth_data_free (data); diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c index 5e29af2c..73d0a0e2 100644 --- a/src/polkitbackend/polkitbackendinteractiveauthority.c +++ b/src/polkitbackend/polkitbackendinteractiveauthority.c @@ -1015,7 +1015,7 @@ polkit_backend_interactive_authority_check_authorization (PolkitBackendAuthority /* Otherwise just return the result */ g_simple_async_result_set_op_res_gpointer (simple, - result, + g_object_ref (result), g_object_unref); g_simple_async_result_complete (simple); g_object_unref (simple); @@ -1032,6 +1032,9 @@ polkit_backend_interactive_authority_check_authorization (PolkitBackendAuthority g_free (subject_str); g_free (user_of_caller_str); g_free (user_of_subject_str); + + if (result != NULL) + g_object_unref (result); } /* ---------------------------------------------------------------------------------------------------- */ -- cgit v1.2.3 From 90992a75a2a713c1212cae3074a25a18940a7915 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Tue, 1 Jul 2014 20:00:48 +0200 Subject: Fix a memory leak when registering an authentication agent Bug: https://bugs.freedesktop.org/show_bug.cgi?id=69501 Origin: upstream, 0.113, commit:ec039f9d7ede5b839f5511e26d5cd6ae9107cb2e Gbp-Pq: Topic 0.113 Gbp-Pq: Name Fix-a-memory-leak-when-registering-an-authentication.patch --- src/polkitbackend/polkitbackendauthority.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/polkitbackend/polkitbackendauthority.c b/src/polkitbackend/polkitbackendauthority.c index 39eb5b9d..afe5b90c 100644 --- a/src/polkitbackend/polkitbackendauthority.c +++ b/src/polkitbackend/polkitbackendauthority.c @@ -900,6 +900,7 @@ server_handle_register_authentication_agent (Server *server, g_dbus_method_invocation_return_value (invocation, g_variant_new ("()")); out: + g_variant_unref (subject_gvariant); if (subject != NULL) g_object_unref (subject); } -- cgit v1.2.3 From 7037f1540657455bbddd5be37449d9f141d04893 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Wed, 1 Apr 2015 05:22:37 +0200 Subject: CVE-2015-3255 Fix GHashTable usage. Don't assume that the hash table with free both the key and the value at the same time, supply proper deallocation functions for the key and value separately. Then drop ParsedAction::action_id which is no longer used for anything. https://bugs.freedesktop.org/show_bug.cgi?id=69501 and https://bugs.freedesktop.org/show_bug.cgi?id=83590 CVE: CVE-2015-3255 Origin: upstream, 0.113, commit:9f5e0c731784003bd4d6fc75ab739ff8b2ea269f Bug-Debian: https://bugs.debian.org/796134 Gbp-Pq: Topic 0.113 Gbp-Pq: Name CVE-2015-3255-Fix-GHashTable-usage.patch --- src/polkitbackend/polkitbackendactionpool.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/src/polkitbackend/polkitbackendactionpool.c b/src/polkitbackend/polkitbackendactionpool.c index e3ed38d4..4270d4ed 100644 --- a/src/polkitbackend/polkitbackendactionpool.c +++ b/src/polkitbackend/polkitbackendactionpool.c @@ -40,7 +40,6 @@ typedef struct { - gchar *action_id; gchar *vendor_name; gchar *vendor_url; gchar *icon_name; @@ -62,7 +61,6 @@ typedef struct static void parsed_action_free (ParsedAction *action) { - g_free (action->action_id); g_free (action->vendor_name); g_free (action->vendor_url); g_free (action->icon_name); @@ -134,7 +132,7 @@ polkit_backend_action_pool_init (PolkitBackendActionPool *pool) priv->parsed_actions = g_hash_table_new_full (g_str_hash, g_str_equal, - NULL, + g_free, (GDestroyNotify) parsed_action_free); priv->parsed_files = g_hash_table_new_full (g_str_hash, @@ -988,7 +986,6 @@ _end (void *data, const char *el) icon_name = pd->global_icon_name; action = g_new0 (ParsedAction, 1); - action->action_id = g_strdup (pd->action_id); action->vendor_name = g_strdup (vendor); action->vendor_url = g_strdup (vendor_url); action->icon_name = g_strdup (icon_name); @@ -1003,7 +1000,8 @@ _end (void *data, const char *el) action->implicit_authorization_inactive = pd->implicit_authorization_inactive; action->implicit_authorization_active = pd->implicit_authorization_active; - g_hash_table_insert (priv->parsed_actions, action->action_id, action); + g_hash_table_insert (priv->parsed_actions, g_strdup (pd->action_id), + action); /* we steal these hash tables */ pd->annotations = NULL; -- cgit v1.2.3 From 97e7542ae6ef8aaed397aa92f45b9b3e5926ac3b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Tue, 14 Apr 2015 22:27:41 +0200 Subject: Fix use-after-free in polkitagentsession.c PolkitAgentTextListener's "completed" handler drops the last reference to the session; in fact this is explicitly recommended in the signal's documentation. So we must not access any members of session after emitting the signal. Found while dealing with https://bugs.freedesktop.org/show_bug.cgi?id=69501 Origin: upstream, 0.113, commit:efb6cd56a423ba15bb1f44ee3c4987aad5a5fd45 Gbp-Pq: Topic 0.113 Gbp-Pq: Name Fix-use-after-free-in-polkitagentsession.c.patch --- src/polkitagent/polkitagentsession.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/polkitagent/polkitagentsession.c b/src/polkitagent/polkitagentsession.c index 6a3d6bc9..46fbaf06 100644 --- a/src/polkitagent/polkitagentsession.c +++ b/src/polkitagent/polkitagentsession.c @@ -412,8 +412,9 @@ complete_session (PolkitAgentSession *session, { if (G_UNLIKELY (_show_debug ())) g_print ("PolkitAgentSession: emitting ::completed(%s)\n", result ? "TRUE" : "FALSE"); - g_signal_emit_by_name (session, "completed", result); session->have_emitted_completed = TRUE; + /* Note that the signal handler may drop the last reference to session. */ + g_signal_emit_by_name (session, "completed", result); } } -- cgit v1.2.3 From e5c412d4b7ccd7d99d0389ce22ec492c665a6923 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Thu, 4 Jun 2015 08:41:36 -0400 Subject: README: Note to send security reports via DBus's mechanism This avoids duplicating effort. Origin: upstream, 0.113, commit:ccec766c509d16dab417582e94f43d906cefd4ae Gbp-Pq: Topic 0.113 Gbp-Pq: Name README-Note-to-send-security-reports-via-DBus-s-mech.patch --- README | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/README b/README index b0751627..07230029 100644 --- a/README +++ b/README @@ -22,6 +22,22 @@ To verify the authenticity of the compressed tarball, use this command BUGS and DEVELOPMENT ==================== -Please report bugs via the freedesktop.org bugzilla at +Please report non-security bugs via the freedesktop.org bugzilla at https://bugs.freedesktop.org/enter_bug.cgi?product=PolicyKit + +SECURITY ISSUES +=============== + +polkit uses the same mechanism for reporting security issues as dbus, +the most recent copy of instructions can be found in the DBus git +repository: + +http://cgit.freedesktop.org/dbus/dbus/tree/HACKING + +A copy of the instructions as of 2015-06-04: + +If you find a security vulnerability that is not known to the public, +please report it privately to dbus-security@lists.freedesktop.org +or by reporting a freedesktop.org bug that is marked as +restricted to the "D-BUS security group". -- cgit v1.2.3 From 8b407b6ee9f6f4a918000d8d88eec3920e7f6212 Mon Sep 17 00:00:00 2001 From: Dariusz Gadomski Date: Tue, 10 Nov 2015 10:52:02 +0100 Subject: Fix multi-line pam text info. There are pam modules (e.g. pam_vas) that may attempt to display multi-line PAM_TEXT_INFO messages. Polkit was interpreting the lines after the first one as a separate message that was not recognized causing the authorization to fail. Escaping these strings and unescaping them fixes the issue. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=92886 Origin: upstream, 0.114, commit:10597322eccc320f9053821750ae9af51e918d74 Gbp-Pq: Topic 0.114 Gbp-Pq: Name Fix-multi-line-pam-text-info.patch --- src/polkitagent/polkitagenthelper-pam.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/src/polkitagent/polkitagenthelper-pam.c b/src/polkitagent/polkitagenthelper-pam.c index 19062aa8..063d656d 100644 --- a/src/polkitagent/polkitagenthelper-pam.c +++ b/src/polkitagent/polkitagenthelper-pam.c @@ -302,10 +302,15 @@ conversation_function (int n, const struct pam_message **msg, struct pam_respons case PAM_TEXT_INFO: fprintf (stdout, "PAM_TEXT_INFO "); conv2: - fputs (msg[i]->msg, stdout); - if (strlen (msg[i]->msg) > 0 && - msg[i]->msg[strlen (msg[i]->msg) - 1] != '\n') - fputc ('\n', stdout); + tmp = g_strdup (msg[i]->msg); + len = strlen (tmp); + if (len > 0 && tmp[len - 1] == '\n') + tmp[len - 1] = '\0'; + escaped = g_strescape (tmp, NULL); + g_free (tmp); + fputs (escaped, stdout); + g_free (escaped); + fputc ('\n', stdout); fflush (stdout); break; -- cgit v1.2.3 From c9df9ded1136d9beaba254315fe8e39835b9d76f Mon Sep 17 00:00:00 2001 From: Dariusz Gadomski Date: Thu, 12 Nov 2015 15:01:19 +0100 Subject: Refactor send_to_helper usage There were duplicated pieces of code detecting EOLs and escaping the code. Those actions has been delegated to already-existing send_to_helper function. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=92886 Origin: upstream, 0.114, commit:2690cd0312b310946c86674c8dd1f55c63f7dd6a Gbp-Pq: Topic 0.114 Gbp-Pq: Name Refactor-send_to_helper-usage.patch --- src/polkitagent/polkitagenthelper-pam.c | 81 +++++++++++---------------------- 1 file changed, 26 insertions(+), 55 deletions(-) diff --git a/src/polkitagent/polkitagenthelper-pam.c b/src/polkitagent/polkitagenthelper-pam.c index 063d656d..3ea3a3f2 100644 --- a/src/polkitagent/polkitagenthelper-pam.c +++ b/src/polkitagent/polkitagenthelper-pam.c @@ -39,25 +39,35 @@ static void send_to_helper (const gchar *str1, const gchar *str2) { + char *escaped; + char *tmp2; + size_t len2; + + tmp2 = g_strdup(str2); + len2 = strlen(tmp2); #ifdef PAH_DEBUG - fprintf (stderr, "polkit-agent-helper-1: writing `%s' to stdout\n", str1); + fprintf (stderr, "polkit-agent-helper-1: writing `%s ' to stdout\n", str1); #endif /* PAH_DEBUG */ - fprintf (stdout, "%s", str1); + fprintf (stdout, "%s ", str1); + + if (len2 > 0 && tmp2[len2 - 1] == '\n') + tmp2[len2 - 1] = '\0'; + escaped = g_strescape (tmp2, NULL); #ifdef PAH_DEBUG - fprintf (stderr, "polkit-agent-helper-1: writing `%s' to stdout\n", str2); + fprintf (stderr, "polkit-agent-helper-1: writing `%s' to stdout\n", escaped); #endif /* PAH_DEBUG */ - fprintf (stdout, "%s", str2); - if (strlen (str2) > 0 && str2[strlen (str2) - 1] != '\n') - { + fprintf (stdout, "%s", escaped); #ifdef PAH_DEBUG - fprintf (stderr, "polkit-agent-helper-1: writing newline to stdout\n"); + fprintf (stderr, "polkit-agent-helper-1: writing newline to stdout\n"); #endif /* PAH_DEBUG */ - fputc ('\n', stdout); - } + fputc ('\n', stdout); #ifdef PAH_DEBUG fprintf (stderr, "polkit-agent-helper-1: flushing stdout\n"); #endif /* PAH_DEBUG */ fflush (stdout); + + g_free (escaped); + g_free (tmp2); } int @@ -89,7 +99,7 @@ main (int argc, char *argv[]) /* Special-case a very common error triggered in jhbuild setups */ s = g_strdup_printf ("Incorrect permissions on %s (needs to be setuid root)", argv[0]); - send_to_helper ("PAM_ERROR_MSG ", s); + send_to_helper ("PAM_ERROR_MSG", s); g_free (s); goto error; } @@ -232,9 +242,6 @@ conversation_function (int n, const struct pam_message **msg, struct pam_respons struct pam_response *aresp; char buf[PAM_MAX_RESP_SIZE]; int i; - gchar *escaped = NULL; - gchar *tmp = NULL; - size_t len; (void)data; if (n <= 0 || n > PAM_MAX_NUM_MSG) @@ -251,38 +258,13 @@ conversation_function (int n, const struct pam_message **msg, struct pam_respons { case PAM_PROMPT_ECHO_OFF: -#ifdef PAH_DEBUG - fprintf (stderr, "polkit-agent-helper-1: writing `PAM_PROMPT_ECHO_OFF ' to stdout\n"); -#endif /* PAH_DEBUG */ - fprintf (stdout, "PAM_PROMPT_ECHO_OFF "); + send_to_helper ("PAM_PROMPT_ECHO_OFF", msg[i]->msg); goto conv1; case PAM_PROMPT_ECHO_ON: -#ifdef PAH_DEBUG - fprintf (stderr, "polkit-agent-helper-1: writing `PAM_PROMPT_ECHO_ON ' to stdout\n"); -#endif /* PAH_DEBUG */ - fprintf (stdout, "PAM_PROMPT_ECHO_ON "); - conv1: -#ifdef PAH_DEBUG - fprintf (stderr, "polkit-agent-helper-1: writing `%s' to stdout\n", msg[i]->msg); -#endif /* PAH_DEBUG */ - tmp = g_strdup (msg[i]->msg); - len = strlen (tmp); - if (len > 0 && tmp[len - 1] == '\n') - tmp[len - 1] = '\0'; - escaped = g_strescape (tmp, NULL); - g_free (tmp); - fputs (escaped, stdout); - g_free (escaped); -#ifdef PAH_DEBUG - fprintf (stderr, "polkit-agent-helper-1: writing newline to stdout\n"); -#endif /* PAH_DEBUG */ - fputc ('\n', stdout); -#ifdef PAH_DEBUG - fprintf (stderr, "polkit-agent-helper-1: flushing stdout\n"); -#endif /* PAH_DEBUG */ - fflush (stdout); + send_to_helper ("PAM_PROMPT_ECHO_ON", msg[i]->msg); + conv1: if (fgets (buf, sizeof buf, stdin) == NULL) goto error; @@ -296,22 +278,11 @@ conversation_function (int n, const struct pam_message **msg, struct pam_respons break; case PAM_ERROR_MSG: - fprintf (stdout, "PAM_ERROR_MSG "); - goto conv2; + send_to_helper ("PAM_ERROR_MSG", msg[i]->msg); + break; case PAM_TEXT_INFO: - fprintf (stdout, "PAM_TEXT_INFO "); - conv2: - tmp = g_strdup (msg[i]->msg); - len = strlen (tmp); - if (len > 0 && tmp[len - 1] == '\n') - tmp[len - 1] = '\0'; - escaped = g_strescape (tmp, NULL); - g_free (tmp); - fputs (escaped, stdout); - g_free (escaped); - fputc ('\n', stdout); - fflush (stdout); + send_to_helper ("PAM_TEXT_INFO", msg[i]->msg); break; default: -- cgit v1.2.3 From cea0b957c4de0ea8785e7626f0259ce6d10d3ea6 Mon Sep 17 00:00:00 2001 From: Matthias Clasen Date: Fri, 15 Jul 2016 11:12:35 -0400 Subject: Add gettext support for .policy files gettext can extract strings from and merge them back into xml file formats, with the help of .its files. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=96940 Origin: upstream, 0.114, commit:c78819245ff8a270f97c9f800773e727918be838 Gbp-Pq: Topic 0.114 Gbp-Pq: Name Add-gettext-support-for-.policy-files.patch --- data/Makefile.am | 5 +++++ data/polkit.its | 7 +++++++ data/polkit.loc | 6 ++++++ 3 files changed, 18 insertions(+) create mode 100644 data/polkit.its create mode 100644 data/polkit.loc diff --git a/data/Makefile.am b/data/Makefile.am index f0beeba4..e1a60aad 100644 --- a/data/Makefile.am +++ b/data/Makefile.am @@ -20,6 +20,11 @@ endif pkgconfigdir = $(libdir)/pkgconfig pkgconfig_DATA = polkit-gobject-1.pc polkit-backend-1.pc polkit-agent-1.pc +# ---------------------------------------------------------------------------------------------------- + +itsdir = $(datadir)/gettext/its +its_DATA = polkit.loc polkit.its + CLEANFILES = $(BUILT_SOURCES) EXTRA_DIST = \ diff --git a/data/polkit.its b/data/polkit.its new file mode 100644 index 00000000..1312ecbe --- /dev/null +++ b/data/polkit.its @@ -0,0 +1,7 @@ + + + + diff --git a/data/polkit.loc b/data/polkit.loc new file mode 100644 index 00000000..c7427ec6 --- /dev/null +++ b/data/polkit.loc @@ -0,0 +1,6 @@ + + + + + + -- cgit v1.2.3 From 13894143ddc59d65abbe52b68b1260ed4b10aaee Mon Sep 17 00:00:00 2001 From: Peter Hutterer Date: Thu, 20 Oct 2016 10:50:58 +1000 Subject: gettext: switch to default-translate "no" The default appears to be to translate all entries. This rule never takes effect, the path to /action/message and /action/description is wrong (/action is not a root node). Since we wanted them to be translated, it doesn't matter. But it also translates all other tags (vendor, allow_any, etc.) and that causes polkit to be unhappy, it can't handle the various language versions of "no" ** (polkitd:27434): WARNING **: Unknown PolkitImplicitAuthorization string 'tidak' Switch to a default of "no" and explicitly include the message and description strings to be translated. The patch was modified for PolicyKit by Ondrej Holy . Bug: https://bugs.freedesktop.org/show_bug.cgi?id=98366 Origin: upstream, 0.114, commit:32e9a69c335324a53a2c0ba4e0b513fb044be0fd Gbp-Pq: Topic 0.114 Gbp-Pq: Name gettext-switch-to-default-translate-no.patch --- data/polkit.its | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/data/polkit.its b/data/polkit.its index 1312ecbe..1c37e6be 100644 --- a/data/polkit.its +++ b/data/polkit.its @@ -1,7 +1,8 @@ - + -- cgit v1.2.3 From aa17a6b86f36706ad9afb9e1717953f736abc66c Mon Sep 17 00:00:00 2001 From: Sebastien Bacher Date: Mon, 2 Apr 2018 10:52:47 -0400 Subject: Support polkit session agent running outside user session commit a68f5dfd7662767b7b9822090b70bc5bd145c50c made session applications that are running from a user bus work with polkitd, by falling back to using the currently active session. This commit is similar, but for the polkit agent. It allows, a polkit agent to be run from a systemd --user service that's not running directly in the users session. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=96977 Applied-upstream: 0.114, commit:00a663e3fb14d8023e7cb6a66d091872bf4f2851 Gbp-Pq: Topic 0.114 Gbp-Pq: Name Support-polkit-session-agent-running-outside-user-session.patch --- src/polkit/polkitunixsession-systemd.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/src/polkit/polkitunixsession-systemd.c b/src/polkit/polkitunixsession-systemd.c index 8a8bf65b..c34f36a9 100644 --- a/src/polkit/polkitunixsession-systemd.c +++ b/src/polkit/polkitunixsession-systemd.c @@ -451,6 +451,7 @@ polkit_unix_session_initable_init (GInitable *initable, PolkitUnixSession *session = POLKIT_UNIX_SESSION (initable); gboolean ret = FALSE; char *s; + uid_t uid; if (session->session_id != NULL) { @@ -467,6 +468,19 @@ polkit_unix_session_initable_init (GInitable *initable, goto out; } + /* Now do process -> uid -> graphical session (systemd version 213)*/ + if (sd_pid_get_owner_uid (session->pid, &uid) < 0) + goto error; + + if (sd_uid_get_display (uid, &s) >= 0) + { + session->session_id = g_strdup (s); + free (s); + ret = TRUE; + goto out; + } + +error: g_set_error (error, POLKIT_ERROR, POLKIT_ERROR_FAILED, -- cgit v1.2.3 From 72144d5ec7794a0055fc1978b76adb5f0c968635 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Mon, 25 Jun 2018 19:24:06 +0200 Subject: Fix CVE-2018-1116: Trusting client-supplied UID MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit As part of CVE-2013-4288, the D-Bus clients were allowed (and encouraged) to submit the UID of the subject of authorization checks to avoid races against UID changes (notably using executables set-UID to root). However, that also allowed any client to submit an arbitrary UID, and that could be used to bypass "can only ask about / affect the same UID" checks in CheckAuthorization / RegisterAuthenticationAgent / UnregisterAuthenticationAgent. This allowed an attacker: - With CheckAuthorization, to cause the registered authentication agent in victim's session to pop up a dialog, or to determine whether the victim currently has a temporary authorization to perform an operation. (In principle, the attacker can also determine whether JavaScript rules allow the victim process to perform an operation; however, usually rules base their decisions on information determined from the supplied UID, so the attacker usually won't learn anything new.) - With RegisterAuthenticationAgent, to prevent the victim's authentication agent to work (for a specific victim process), or to learn about which operations requiring authorization the victim is attempting. To fix this, expose internal _polkit_unix_process_get_owner() / obsolete polkit_unix_process_get_owner() as a private polkit_unix_process_get_racy_uid__() (being more explicit about the dangers on relying on it), and use it in polkit_backend_session_monitor_get_user_for_subject() to return a boolean indicating whether the subject UID may be caller-chosen. Then, in the permission checks that require the subject to be equal to the caller, fail on caller-chosen UIDs (and continue through the pre-existing code paths which allow root, or root-designated server processes, to ask about arbitrary subjects.) Signed-off-by: Miloslav Trmač Origin: upstream, 0.115, commit:bc7ffad53643a9c80231fc41f5582d6a8931c32c Gbp-Pq: Topic 0.115 Gbp-Pq: Name Fix-CVE-2018-1116-Trusting-client-supplied-UID.patch --- src/polkit/polkitprivate.h | 2 + src/polkit/polkitunixprocess.c | 60 ++++++++++++++++++---- .../polkitbackendinteractiveauthority.c | 39 +++++++++----- .../polkitbackendsessionmonitor-systemd.c | 38 ++++++++++++-- src/polkitbackend/polkitbackendsessionmonitor.c | 40 +++++++++++++-- src/polkitbackend/polkitbackendsessionmonitor.h | 1 + 6 files changed, 147 insertions(+), 33 deletions(-) diff --git a/src/polkit/polkitprivate.h b/src/polkit/polkitprivate.h index 7f5c4634..6274bc90 100644 --- a/src/polkit/polkitprivate.h +++ b/src/polkit/polkitprivate.h @@ -44,6 +44,8 @@ GVariant *polkit_action_description_to_gvariant (PolkitActionDescription *action GVariant *polkit_subject_to_gvariant (PolkitSubject *subject); GVariant *polkit_identity_to_gvariant (PolkitIdentity *identity); +gint polkit_unix_process_get_racy_uid__ (PolkitUnixProcess *process, GError **error); + PolkitSubject *polkit_subject_new_for_gvariant (GVariant *variant, GError **error); PolkitIdentity *polkit_identity_new_for_gvariant (GVariant *variant, GError **error); diff --git a/src/polkit/polkitunixprocess.c b/src/polkit/polkitunixprocess.c index 913be3ac..464f034c 100644 --- a/src/polkit/polkitunixprocess.c +++ b/src/polkit/polkitunixprocess.c @@ -49,6 +49,14 @@ * To uniquely identify processes, both the process id and the start * time of the process (a monotonic increasing value representing the * time since the kernel was started) is used. + * + * NOTE: This object stores, and provides access to, the real UID of the + * process. That value can change over time (with set*uid*(2) and exec*(2)). + * Checks whether an operation is allowed need to take care to use the UID + * value as of the time when the operation was made (or, following the open() + * privilege check model, when the connection making the operation possible + * was initiated). That is usually done by initializing this with + * polkit_unix_process_new_for_owner() with trusted data. */ /** @@ -83,9 +91,6 @@ static void subject_iface_init (PolkitSubjectIface *subject_iface); static guint64 get_start_time_for_pid (gint pid, GError **error); -static gint _polkit_unix_process_get_owner (PolkitUnixProcess *process, - GError **error); - #ifdef HAVE_FREEBSD static gboolean get_kinfo_proc (gint pid, struct kinfo_proc *p); #endif @@ -170,7 +175,7 @@ polkit_unix_process_constructed (GObject *object) { GError *error; error = NULL; - process->uid = _polkit_unix_process_get_owner (process, &error); + process->uid = polkit_unix_process_get_racy_uid__ (process, &error); if (error != NULL) { process->uid = -1; @@ -259,6 +264,12 @@ polkit_unix_process_class_init (PolkitUnixProcessClass *klass) * Gets the user id for @process. Note that this is the real user-id, * not the effective user-id. * + * NOTE: The UID may change over time, so the returned value may not match the + * current state of the underlying process; or the UID may have been set by + * polkit_unix_process_new_for_owner() or polkit_unix_process_set_uid(), + * in which case it may not correspond to the actual UID of the referenced + * process at all (at any point in time). + * * Returns: The user id for @process or -1 if unknown. */ gint @@ -655,18 +666,26 @@ out: return start_time; } -static gint -_polkit_unix_process_get_owner (PolkitUnixProcess *process, - GError **error) +/* + * Private: Return the "current" UID. Note that this is inherently racy, + * and the value may already be obsolete by the time this function returns; + * this function only guarantees that the UID was valid at some point during + * its execution. + */ +gint +polkit_unix_process_get_racy_uid__ (PolkitUnixProcess *process, + GError **error) { gint result; gchar *contents; gchar **lines; + guint64 start_time; #ifdef HAVE_FREEBSD struct kinfo_proc p; #else gchar filename[64]; guint n; + GError *local_error; #endif g_return_val_if_fail (POLKIT_IS_UNIX_PROCESS (process), 0); @@ -689,6 +708,7 @@ _polkit_unix_process_get_owner (PolkitUnixProcess *process, } result = p.ki_uid; + start_time = (guint64) p.ki_start.tv_sec; #else /* see 'man proc' for layout of the status file @@ -722,17 +742,37 @@ _polkit_unix_process_get_owner (PolkitUnixProcess *process, else { result = real_uid; - goto out; + goto found; } } - g_set_error (error, POLKIT_ERROR, POLKIT_ERROR_FAILED, "Didn't find any line starting with `Uid:' in file %s", filename); + goto out; + +found: + /* The UID and start time are, sadly, not available in a single file. So, + * read the UID first, and then the start time; if the start time is the same + * before and after reading the UID, it couldn't have changed. + */ + local_error = NULL; + start_time = get_start_time_for_pid (process->pid, &local_error); + if (local_error != NULL) + { + g_propagate_error (error, local_error); + goto out; + } #endif + if (process->start_time != start_time) + { + g_set_error (error, POLKIT_ERROR, POLKIT_ERROR_FAILED, + "process with PID %d has been replaced", process->pid); + goto out; + } + out: g_strfreev (lines); g_free (contents); @@ -744,5 +784,5 @@ gint polkit_unix_process_get_owner (PolkitUnixProcess *process, GError **error) { - return _polkit_unix_process_get_owner (process, error); + return polkit_unix_process_get_racy_uid__ (process, error); } diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c index 73d0a0e2..97a8d800 100644 --- a/src/polkitbackend/polkitbackendinteractiveauthority.c +++ b/src/polkitbackend/polkitbackendinteractiveauthority.c @@ -563,7 +563,7 @@ log_result (PolkitBackendInteractiveAuthority *authority, if (polkit_authorization_result_get_is_authorized (result)) log_result_str = "ALLOWING"; - user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, subject, NULL); + user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, subject, NULL, NULL); subject_str = polkit_subject_to_string (subject); @@ -837,6 +837,7 @@ polkit_backend_interactive_authority_check_authorization (PolkitBackendAuthority gchar *subject_str; PolkitIdentity *user_of_caller; PolkitIdentity *user_of_subject; + gboolean user_of_subject_matches; gchar *user_of_caller_str; gchar *user_of_subject_str; PolkitAuthorizationResult *result; @@ -882,7 +883,7 @@ polkit_backend_interactive_authority_check_authorization (PolkitBackendAuthority action_id); user_of_caller = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, - caller, + caller, NULL, &error); if (error != NULL) { @@ -897,7 +898,7 @@ polkit_backend_interactive_authority_check_authorization (PolkitBackendAuthority g_debug (" user of caller is %s", user_of_caller_str); user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, - subject, + subject, &user_of_subject_matches, &error); if (error != NULL) { @@ -927,7 +928,10 @@ polkit_backend_interactive_authority_check_authorization (PolkitBackendAuthority * We only allow this if, and only if, * * - processes may check for another process owned by the *same* user but not - * if details are passed (otherwise you'd be able to spoof the dialog) + * if details are passed (otherwise you'd be able to spoof the dialog); + * the caller supplies the user_of_subject value, so we additionally + * require it to match at least at one point in time (via + * user_of_subject_matches). * * - processes running as uid 0 may check anything and pass any details * @@ -935,7 +939,9 @@ polkit_backend_interactive_authority_check_authorization (PolkitBackendAuthority * then any uid referenced by that annotation is also allowed to check * to check anything and pass any details */ - if (!polkit_identity_equal (user_of_caller, user_of_subject) || has_details) + if (!user_of_subject_matches + || !polkit_identity_equal (user_of_caller, user_of_subject) + || has_details) { if (!may_identity_check_authorization (interactive_authority, action_id, user_of_caller)) { @@ -1102,9 +1108,10 @@ check_authorization_sync (PolkitBackendAuthority *authority, goto out; } - /* every subject has a user */ + /* every subject has a user; this is supplied by the client, so we rely + * on the caller to validate its acceptability. */ user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, - subject, + subject, NULL, error); if (user_of_subject == NULL) goto out; @@ -2319,6 +2326,7 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken PolkitSubject *session_for_caller; PolkitIdentity *user_of_caller; PolkitIdentity *user_of_subject; + gboolean user_of_subject_matches; AuthenticationAgent *agent; gboolean ret; gchar *caller_cmdline; @@ -2371,7 +2379,7 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken goto out; } - user_of_caller = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, caller, NULL); + user_of_caller = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, caller, NULL, NULL); if (user_of_caller == NULL) { g_set_error (error, @@ -2380,7 +2388,7 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken "Cannot determine user of caller"); goto out; } - user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, subject, NULL); + user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, subject, &user_of_subject_matches, NULL); if (user_of_subject == NULL) { g_set_error (error, @@ -2389,7 +2397,8 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken "Cannot determine user of subject"); goto out; } - if (!polkit_identity_equal (user_of_caller, user_of_subject)) + if (!user_of_subject_matches + || !polkit_identity_equal (user_of_caller, user_of_subject)) { if (POLKIT_IS_UNIX_USER (user_of_caller) && polkit_unix_user_get_uid (POLKIT_UNIX_USER (user_of_caller)) == 0) { @@ -2482,6 +2491,7 @@ polkit_backend_interactive_authority_unregister_authentication_agent (PolkitBack PolkitSubject *session_for_caller; PolkitIdentity *user_of_caller; PolkitIdentity *user_of_subject; + gboolean user_of_subject_matches; AuthenticationAgent *agent; gboolean ret; gchar *scope_str; @@ -2530,7 +2540,7 @@ polkit_backend_interactive_authority_unregister_authentication_agent (PolkitBack goto out; } - user_of_caller = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, caller, NULL); + user_of_caller = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, caller, NULL, NULL); if (user_of_caller == NULL) { g_set_error (error, @@ -2539,7 +2549,7 @@ polkit_backend_interactive_authority_unregister_authentication_agent (PolkitBack "Cannot determine user of caller"); goto out; } - user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, subject, NULL); + user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, subject, &user_of_subject_matches, NULL); if (user_of_subject == NULL) { g_set_error (error, @@ -2548,7 +2558,8 @@ polkit_backend_interactive_authority_unregister_authentication_agent (PolkitBack "Cannot determine user of subject"); goto out; } - if (!polkit_identity_equal (user_of_caller, user_of_subject)) + if (!user_of_subject_matches + || !polkit_identity_equal (user_of_caller, user_of_subject)) { if (POLKIT_IS_UNIX_USER (user_of_caller) && polkit_unix_user_get_uid (POLKIT_UNIX_USER (user_of_caller)) == 0) { @@ -2658,7 +2669,7 @@ polkit_backend_interactive_authority_authentication_agent_response (PolkitBacken identity_str); user_of_caller = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, - caller, + caller, NULL, error); if (user_of_caller == NULL) goto out; diff --git a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c index 6bd517ab..773256e3 100644 --- a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c +++ b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c @@ -29,6 +29,7 @@ #include #include +#include #include "polkitbackendsessionmonitor.h" /* @@ -246,26 +247,40 @@ polkit_backend_session_monitor_get_sessions (PolkitBackendSessionMonitor *monito * polkit_backend_session_monitor_get_user: * @monitor: A #PolkitBackendSessionMonitor. * @subject: A #PolkitSubject. + * @result_matches: If not %NULL, set to indicate whether the return value matches current (RACY) state. * @error: Return location for error. * * Gets the user corresponding to @subject or %NULL if no user exists. * + * NOTE: For a #PolkitUnixProcess, the UID is read from @subject (which may + * come from e.g. a D-Bus client), so it may not correspond to the actual UID + * of the referenced process (at any point in time). This is indicated by + * setting @result_matches to %FALSE; the caller may reject such subjects or + * require additional privileges. @result_matches == %TRUE only indicates that + * the UID matched the underlying process at ONE point in time, it may not match + * later. + * * Returns: %NULL if @error is set otherwise a #PolkitUnixUser that should be freed with g_object_unref(). */ PolkitIdentity * polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor *monitor, PolkitSubject *subject, + gboolean *result_matches, GError **error) { PolkitIdentity *ret; - guint32 uid; + gboolean matches; ret = NULL; + matches = FALSE; if (POLKIT_IS_UNIX_PROCESS (subject)) { - uid = polkit_unix_process_get_uid (POLKIT_UNIX_PROCESS (subject)); - if ((gint) uid == -1) + gint subject_uid, current_uid; + GError *local_error; + + subject_uid = polkit_unix_process_get_uid (POLKIT_UNIX_PROCESS (subject)); + if (subject_uid == -1) { g_set_error (error, POLKIT_ERROR, @@ -273,14 +288,24 @@ polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor "Unix process subject does not have uid set"); goto out; } - ret = polkit_unix_user_new (uid); + local_error = NULL; + current_uid = polkit_unix_process_get_racy_uid__ (POLKIT_UNIX_PROCESS (subject), &local_error); + if (local_error != NULL) + { + g_propagate_error (error, local_error); + goto out; + } + ret = polkit_unix_user_new (subject_uid); + matches = (subject_uid == current_uid); } else if (POLKIT_IS_SYSTEM_BUS_NAME (subject)) { ret = (PolkitIdentity*)polkit_system_bus_name_get_user_sync (POLKIT_SYSTEM_BUS_NAME (subject), NULL, error); + matches = TRUE; } else if (POLKIT_IS_UNIX_SESSION (subject)) { + uid_t uid; if (sd_session_get_uid (polkit_unix_session_get_session_id (POLKIT_UNIX_SESSION (subject)), &uid) < 0) { @@ -292,9 +317,14 @@ polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor } ret = polkit_unix_user_new (uid); + matches = TRUE; } out: + if (result_matches != NULL) + { + *result_matches = matches; + } return ret; } diff --git a/src/polkitbackend/polkitbackendsessionmonitor.c b/src/polkitbackend/polkitbackendsessionmonitor.c index e1a9ab3a..ed307559 100644 --- a/src/polkitbackend/polkitbackendsessionmonitor.c +++ b/src/polkitbackend/polkitbackendsessionmonitor.c @@ -27,6 +27,7 @@ #include #include +#include #include "polkitbackendsessionmonitor.h" #define CKDB_PATH "/var/run/ConsoleKit/database" @@ -273,28 +274,40 @@ polkit_backend_session_monitor_get_sessions (PolkitBackendSessionMonitor *monito * polkit_backend_session_monitor_get_user: * @monitor: A #PolkitBackendSessionMonitor. * @subject: A #PolkitSubject. + * @result_matches: If not %NULL, set to indicate whether the return value matches current (RACY) state. * @error: Return location for error. * * Gets the user corresponding to @subject or %NULL if no user exists. * + * NOTE: For a #PolkitUnixProcess, the UID is read from @subject (which may + * come from e.g. a D-Bus client), so it may not correspond to the actual UID + * of the referenced process (at any point in time). This is indicated by + * setting @result_matches to %FALSE; the caller may reject such subjects or + * require additional privileges. @result_matches == %TRUE only indicates that + * the UID matched the underlying process at ONE point in time, it may not match + * later. + * * Returns: %NULL if @error is set otherwise a #PolkitUnixUser that should be freed with g_object_unref(). */ PolkitIdentity * polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor *monitor, PolkitSubject *subject, + gboolean *result_matches, GError **error) { PolkitIdentity *ret; + gboolean matches; GError *local_error; - gchar *group; - guint32 uid; ret = NULL; + matches = FALSE; if (POLKIT_IS_UNIX_PROCESS (subject)) { - uid = polkit_unix_process_get_uid (POLKIT_UNIX_PROCESS (subject)); - if ((gint) uid == -1) + gint subject_uid, current_uid; + + subject_uid = polkit_unix_process_get_uid (POLKIT_UNIX_PROCESS (subject)); + if (subject_uid == -1) { g_set_error (error, POLKIT_ERROR, @@ -302,14 +315,26 @@ polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor "Unix process subject does not have uid set"); goto out; } - ret = polkit_unix_user_new (uid); + local_error = NULL; + current_uid = polkit_unix_process_get_racy_uid__ (POLKIT_UNIX_PROCESS (subject), &local_error); + if (local_error != NULL) + { + g_propagate_error (error, local_error); + goto out; + } + ret = polkit_unix_user_new (subject_uid); + matches = (subject_uid == current_uid); } else if (POLKIT_IS_SYSTEM_BUS_NAME (subject)) { ret = (PolkitIdentity*)polkit_system_bus_name_get_user_sync (POLKIT_SYSTEM_BUS_NAME (subject), NULL, error); + matches = TRUE; } else if (POLKIT_IS_UNIX_SESSION (subject)) { + gint uid; + gchar *group; + if (!ensure_database (monitor, error)) { g_prefix_error (error, "Error getting user for session: Error ensuring CK database at " CKDB_PATH ": "); @@ -328,9 +353,14 @@ polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor g_free (group); ret = polkit_unix_user_new (uid); + matches = TRUE; } out: + if (result_matches != NULL) + { + *result_matches = matches; + } return ret; } diff --git a/src/polkitbackend/polkitbackendsessionmonitor.h b/src/polkitbackend/polkitbackendsessionmonitor.h index 8f8a2cae..3972326b 100644 --- a/src/polkitbackend/polkitbackendsessionmonitor.h +++ b/src/polkitbackend/polkitbackendsessionmonitor.h @@ -47,6 +47,7 @@ GList *polkit_backend_session_monitor_get_sessions (Polkit PolkitIdentity *polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor *monitor, PolkitSubject *subject, + gboolean *result_matches, GError **error); PolkitSubject *polkit_backend_session_monitor_get_session_for_subject (PolkitBackendSessionMonitor *monitor, -- cgit v1.2.3 From 921a02ab36f2e0cbbffcef5b399bec84e3fcc659 Mon Sep 17 00:00:00 2001 From: Jan Rybar Date: Thu, 9 Aug 2018 16:46:38 +0200 Subject: Possible resource leak found by static analyzer Origin: upstream, 0.116, commit:542c6ec832919df6a74e16aba574adaeebe35e08 Gbp-Pq: Topic 0.116 Gbp-Pq: Name Possible-resource-leak-found-by-static-analyzer.patch --- src/polkitagent/polkitagentlistener.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/polkitagent/polkitagentlistener.c b/src/polkitagent/polkitagentlistener.c index 2bfda2d5..00038517 100644 --- a/src/polkitagent/polkitagentlistener.c +++ b/src/polkitagent/polkitagentlistener.c @@ -440,6 +440,7 @@ polkit_agent_listener_register_with_options (PolkitAgentListener *listener, server->thread_initialization_error = NULL; g_thread_join (server->thread); server_free (server); + server = NULL; goto out; } } -- cgit v1.2.3 From 527d37e582288ab6521fcf3793e57b1f33a911d5 Mon Sep 17 00:00:00 2001 From: Jan Rybar Date: Wed, 15 Aug 2018 18:50:56 +0200 Subject: Elaborate message printed by polkit when disconnecting from ssh Polkit raises unnecessarily elaborate warning message when user restarts machine from ssh. This message was moved to debug mode. Origin: upstream, 0.116, commit:b1cc525ff5a50e20c9f921f898f0556e07675e58 Gbp-Pq: Topic 0.116 Gbp-Pq: Name Elaborate-message-printed-by-polkit-when-disconnecting-fr.patch --- src/polkitagent/polkitagentlistener.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/src/polkitagent/polkitagentlistener.c b/src/polkitagent/polkitagentlistener.c index 00038517..e0b7b576 100644 --- a/src/polkitagent/polkitagentlistener.c +++ b/src/polkitagent/polkitagentlistener.c @@ -177,10 +177,10 @@ on_notify_authority_owner (GObject *object, owner = polkit_authority_get_owner (server->authority); if (owner == NULL) { - g_printerr ("PolicyKit daemon disconnected from the bus.\n"); + g_debug ("PolicyKit daemon disconnected from the bus.\n"); if (server->is_registered) - g_printerr ("We are no longer a registered authentication agent.\n"); + g_debug ("We are no longer a registered authentication agent.\n"); server->is_registered = FALSE; } @@ -191,17 +191,17 @@ on_notify_authority_owner (GObject *object, { GError *error; - g_printerr ("PolicyKit daemon reconnected to bus.\n"); - g_printerr ("Attempting to re-register as an authentication agent.\n"); + g_debug ("PolicyKit daemon reconnected to bus.\n"); + g_debug ("Attempting to re-register as an authentication agent.\n"); error = NULL; if (server_register (server, &error)) { - g_printerr ("We are now a registered authentication agent.\n"); + g_debug ("We are now a registered authentication agent.\n"); } else { - g_printerr ("Failed to register as an authentication agent: %s\n", error->message); + g_debug ("Failed to register as an authentication agent: %s\n", error->message); g_error_free (error); } } -- cgit v1.2.3 From 43cf1dc8d6bc5d379867db85a5538292c1fc491e Mon Sep 17 00:00:00 2001 From: Jan Rybar Date: Wed, 15 Aug 2018 18:56:43 +0200 Subject: Error message raised on every 'systemctl start' in emergency.target Superuser should know that polkit is not running in emergency.target. If not, basic info with debug sources is offered instead of error message. Other usecases taken into account. Origin: upstream, 0.116, commit:8c1bc8ab182f33a55503d30aa7a4ee96f822d903 Gbp-Pq: Topic 0.116 Gbp-Pq: Name Error-message-raised-on-every-systemctl-start-in-emergenc.patch --- src/programs/pkttyagent.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/programs/pkttyagent.c b/src/programs/pkttyagent.c index 488ca8b2..fe747657 100644 --- a/src/programs/pkttyagent.c +++ b/src/programs/pkttyagent.c @@ -180,7 +180,8 @@ main (int argc, char *argv[]) authority = polkit_authority_get_sync (NULL /* GCancellable* */, &error); if (authority == NULL) { - g_printerr ("Error getting authority: %s (%s, %d)\n", + g_printerr ("Authorization not available. Check if polkit service is running or see debug message for more information.\n"); + g_debug ("Error getting authority: %s (%s, %d)\n", error->message, g_quark_to_string (error->domain), error->code); g_error_free (error); ret = 127; -- cgit v1.2.3 From c70b31f1a533a6486bfd3ede3384c13b9a890c58 Mon Sep 17 00:00:00 2001 From: Richard Hughes Date: Thu, 19 Oct 2017 13:43:22 +0100 Subject: Fix a critical warning on calling polkit_permission_new_sync with no system bus Origin: upstream, 0.116, commit:984d16e6d21c6d6b0fc28d4fe7fe82575a43c95b Gbp-Pq: Topic 0.116 Gbp-Pq: Name Fix-a-critical-warning-on-calling-polkit_permission_new_s.patch --- src/polkit/polkitpermission.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/src/polkit/polkitpermission.c b/src/polkit/polkitpermission.c index f264094d..d4b24591 100644 --- a/src/polkit/polkitpermission.c +++ b/src/polkit/polkitpermission.c @@ -137,10 +137,13 @@ polkit_permission_finalize (GObject *object) g_free (permission->tmp_authz_id); g_object_unref (permission->subject); - g_signal_handlers_disconnect_by_func (permission->authority, - on_authority_changed, - permission); - g_object_unref (permission->authority); + if (permission->authority != NULL) + { + g_signal_handlers_disconnect_by_func (permission->authority, + on_authority_changed, + permission); + g_object_unref (permission->authority); + } if (G_OBJECT_CLASS (polkit_permission_parent_class)->finalize != NULL) G_OBJECT_CLASS (polkit_permission_parent_class)->finalize (object); -- cgit v1.2.3 From e277953c9b2c7aeadfa6e9fca924424f233218c8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Mon, 3 Dec 2018 10:28:58 +0100 Subject: Allow negative uids/gids in PolkitUnixUser and Group objects (uid_t) -1 is still used as placeholder to mean "unset". This is OK, since there should be no users with such number, see https://systemd.io/UIDS-GIDS#special-linux-uids. (uid_t) -1 is used as the default value in class initialization. When a user or group above INT32_MAX is created, the numeric uid or gid wraps around to negative when the value is assigned to gint, and polkit gets confused. Let's accept such gids, except for -1. A nicer fix would be to change the underlying type to e.g. uint32 to not have negative values. But this cannot be done without breaking the API, so likely new functions will have to be added (a polkit_unix_user_new variant that takes a unsigned, and the same for _group_new, _set_uid, _get_uid, _set_gid, _get_gid, etc.). This will require a bigger patch. Fixes https://gitlab.freedesktop.org/polkit/polkit/issues/74. (cherry picked from commit 2cb40c4d5feeaa09325522bd7d97910f1b59e379) Gbp-Pq: Topic 0.116 Gbp-Pq: Name Allow-negative-uids-gids-in-PolkitUnixUser-and-Group-obje.patch --- src/polkit/polkitunixgroup.c | 15 +++++++++++---- src/polkit/polkitunixprocess.c | 12 ++++++++---- src/polkit/polkitunixuser.c | 13 ++++++++++--- 3 files changed, 29 insertions(+), 11 deletions(-) diff --git a/src/polkit/polkitunixgroup.c b/src/polkit/polkitunixgroup.c index c57a1aaa..309f6891 100644 --- a/src/polkit/polkitunixgroup.c +++ b/src/polkit/polkitunixgroup.c @@ -71,6 +71,7 @@ G_DEFINE_TYPE_WITH_CODE (PolkitUnixGroup, polkit_unix_group, G_TYPE_OBJECT, static void polkit_unix_group_init (PolkitUnixGroup *unix_group) { + unix_group->gid = -1; /* (git_t) -1 is not a valid GID under Linux */ } static void @@ -100,11 +101,14 @@ polkit_unix_group_set_property (GObject *object, GParamSpec *pspec) { PolkitUnixGroup *unix_group = POLKIT_UNIX_GROUP (object); + gint val; switch (prop_id) { case PROP_GID: - unix_group->gid = g_value_get_int (value); + val = g_value_get_int (value); + g_return_if_fail (val != -1); + unix_group->gid = val; break; default: @@ -131,9 +135,9 @@ polkit_unix_group_class_init (PolkitUnixGroupClass *klass) g_param_spec_int ("gid", "Group ID", "The UNIX group ID", - 0, + G_MININT, G_MAXINT, - 0, + -1, G_PARAM_CONSTRUCT | G_PARAM_READWRITE | G_PARAM_STATIC_NAME | @@ -166,9 +170,10 @@ polkit_unix_group_get_gid (PolkitUnixGroup *group) */ void polkit_unix_group_set_gid (PolkitUnixGroup *group, - gint gid) + gint gid) { g_return_if_fail (POLKIT_IS_UNIX_GROUP (group)); + g_return_if_fail (gid != -1); group->gid = gid; } @@ -183,6 +188,8 @@ polkit_unix_group_set_gid (PolkitUnixGroup *group, PolkitIdentity * polkit_unix_group_new (gint gid) { + g_return_val_if_fail (gid != -1, NULL); + return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_GROUP, "gid", gid, NULL)); diff --git a/src/polkit/polkitunixprocess.c b/src/polkit/polkitunixprocess.c index 464f034c..02a083f7 100644 --- a/src/polkit/polkitunixprocess.c +++ b/src/polkit/polkitunixprocess.c @@ -147,9 +147,14 @@ polkit_unix_process_set_property (GObject *object, polkit_unix_process_set_pid (unix_process, g_value_get_int (value)); break; - case PROP_UID: - polkit_unix_process_set_uid (unix_process, g_value_get_int (value)); + case PROP_UID: { + gint val; + + val = g_value_get_int (value); + g_return_if_fail (val != -1); + polkit_unix_process_set_uid (unix_process, val); break; + } case PROP_START_TIME: polkit_unix_process_set_start_time (unix_process, g_value_get_uint64 (value)); @@ -227,7 +232,7 @@ polkit_unix_process_class_init (PolkitUnixProcessClass *klass) g_param_spec_int ("uid", "User ID", "The UNIX user ID", - -1, + G_MININT, G_MAXINT, -1, G_PARAM_CONSTRUCT | @@ -291,7 +296,6 @@ polkit_unix_process_set_uid (PolkitUnixProcess *process, gint uid) { g_return_if_fail (POLKIT_IS_UNIX_PROCESS (process)); - g_return_if_fail (uid >= -1); process->uid = uid; } diff --git a/src/polkit/polkitunixuser.c b/src/polkit/polkitunixuser.c index 8bfd3a1f..234a6976 100644 --- a/src/polkit/polkitunixuser.c +++ b/src/polkit/polkitunixuser.c @@ -72,6 +72,7 @@ G_DEFINE_TYPE_WITH_CODE (PolkitUnixUser, polkit_unix_user, G_TYPE_OBJECT, static void polkit_unix_user_init (PolkitUnixUser *unix_user) { + unix_user->uid = -1; /* (uid_t) -1 is not a valid UID under Linux */ unix_user->name = NULL; } @@ -112,11 +113,14 @@ polkit_unix_user_set_property (GObject *object, GParamSpec *pspec) { PolkitUnixUser *unix_user = POLKIT_UNIX_USER (object); + gint val; switch (prop_id) { case PROP_UID: - unix_user->uid = g_value_get_int (value); + val = g_value_get_int (value); + g_return_if_fail (val != -1); + unix_user->uid = val; break; default: @@ -144,9 +148,9 @@ polkit_unix_user_class_init (PolkitUnixUserClass *klass) g_param_spec_int ("uid", "User ID", "The UNIX user ID", - 0, + G_MININT, G_MAXINT, - 0, + -1, G_PARAM_CONSTRUCT | G_PARAM_READWRITE | G_PARAM_STATIC_NAME | @@ -182,6 +186,7 @@ polkit_unix_user_set_uid (PolkitUnixUser *user, gint uid) { g_return_if_fail (POLKIT_IS_UNIX_USER (user)); + g_return_if_fail (uid != -1); user->uid = uid; } @@ -196,6 +201,8 @@ polkit_unix_user_set_uid (PolkitUnixUser *user, PolkitIdentity * polkit_unix_user_new (gint uid) { + g_return_val_if_fail (uid != -1, NULL); + return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_USER, "uid", uid, NULL)); -- cgit v1.2.3 From 30280c52cca37fedf79be218ee83af2b1ac77511 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Mon, 3 Dec 2018 11:20:34 +0100 Subject: tests: add tests for high uids Modified by Marc Deslauriers for polkit 105 (cherry picked from commit b534a10727455409acd54018a9c91000e7626126) Gbp-Pq: Topic 0.116 Gbp-Pq: Name tests-add-tests-for-high-uids.patch --- test/data/etc/group | 1 + test/data/etc/passwd | 2 ++ .../localauthority/10-test/com.example.pkla | 13 +++++++ .../polkitbackendlocalauthoritytest.c | 41 +++++++++++++++++++++- 4 files changed, 56 insertions(+), 1 deletion(-) diff --git a/test/data/etc/group b/test/data/etc/group index 12ef328b..b9acab97 100644 --- a/test/data/etc/group +++ b/test/data/etc/group @@ -5,3 +5,4 @@ john:x:500: jane:x:501: sally:x:502: henry:x:503: +highuid2:x:4000000000: diff --git a/test/data/etc/passwd b/test/data/etc/passwd index 8544febc..5cf14a56 100644 --- a/test/data/etc/passwd +++ b/test/data/etc/passwd @@ -3,3 +3,5 @@ john:x:500:500:John Done:/home/john:/bin/bash jane:x:501:501:Jane Smith:/home/jane:/bin/bash sally:x:502:502:Sally Derp:/home/sally:/bin/bash henry:x:503:503:Henry Herp:/home/henry:/bin/bash +highuid1:x:2147483648:2147483648:The first high uid:/home/highuid1:/sbin/nologin +highuid2:x:4000000000:4000000000:An example high uid:/home/example:/sbin/nologin diff --git a/test/data/etc/polkit-1/localauthority/10-test/com.example.pkla b/test/data/etc/polkit-1/localauthority/10-test/com.example.pkla index bc64c5e9..a35f9a37 100644 --- a/test/data/etc/polkit-1/localauthority/10-test/com.example.pkla +++ b/test/data/etc/polkit-1/localauthority/10-test/com.example.pkla @@ -12,3 +12,16 @@ ResultAny=no ResultInactive=auth_self ResultActive=yes +[User john can do this] +Identity=unix-user:john +Action=net.company.john_action +ResultAny=no +ResultInactive=auth_self +ResultActive=yes + +[User highuid2 can do this] +Identity=unix-user:highuid2 +Action=net.company.highuid2_action +ResultAny=no +ResultInactive=auth_self +ResultActive=yes diff --git a/test/polkitbackend/polkitbackendlocalauthoritytest.c b/test/polkitbackend/polkitbackendlocalauthoritytest.c index 617c2549..b0bfefef 100644 --- a/test/polkitbackend/polkitbackendlocalauthoritytest.c +++ b/test/polkitbackend/polkitbackendlocalauthoritytest.c @@ -226,7 +226,46 @@ struct auth_context check_authorization_test_data [] = { {"unix-user:jane", TRUE, TRUE, "com.example.awesomeproduct.bar", POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED}, - + /* highuid1 is not a member of group 'users', see test/data/etc/group + * group_membership_with_non_member(highuid22) */ + {"unix-user:highuid2", TRUE, TRUE, "com.example.awesomeproduct.foo", + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN}, + /* highuid2 is not a member of group 'users', see test/data/etc/group + * group_membership_with_non_member(highuid21) */ + {"unix-user:highuid2", TRUE, TRUE, "com.example.awesomeproduct.foo", + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN}, + /* highuid1 is not a member of group 'users', see test/data/etc/group + * group_membership_with_non_member(highuid24) */ + {"unix-user:2147483648", TRUE, TRUE, "com.example.awesomeproduct.foo", + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN}, + /* highuid2 is not a member of group 'users', see test/data/etc/group + * group_membership_with_non_member(highuid23) */ + {"unix-user:4000000000", TRUE, TRUE, "com.example.awesomeproduct.foo", + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN}, + /* john is authorized to do this, see com.example.pkla + * john_action */ + {"unix-user:john", TRUE, TRUE, "net.company.john_action", + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, + POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED}, + /* only john is authorized to do this, see com.example.pkla + * jane_action */ + {"unix-user:jane", TRUE, TRUE, "net.company.john_action", + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN}, + /* highuid2 is authorized to do this, see com.example.pkla + * highuid2_action */ + {"unix-user:highuid2", TRUE, TRUE, "net.company.highuid2_action", + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, + POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED}, + /* only highuid2 is authorized to do this, see com.example.pkla + * highuid1_action */ + {"unix-user:highuid1", TRUE, TRUE, "net.company.highuid2_action", + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN}, {NULL}, }; -- cgit v1.2.3 From 86b2662d1c5d089394062786d4953af39d14b819 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Fri, 4 Jan 2019 14:24:48 -0500 Subject: backend: Compare PolkitUnixProcess uids for temporary authorizations It turns out that the combination of `(pid, start time)` is not enough to be unique. For temporary authorizations, we can avoid separate users racing on pid reuse by simply comparing the uid. https://bugs.chromium.org/p/project-zero/issues/detail?id=1692 And the above original email report is included in full in a new comment. Reported-by: Jann Horn Bug: https://gitlab.freedesktop.org/polkit/polkit/issues/75 Origin: upstream, 0.116, commit:6cc6aafee135ba44ea748250d7d29b562ca190e3 Gbp-Pq: Topic 0.116 Gbp-Pq: Name backend-Compare-PolkitUnixProcess-uids-for-temporary-auth.patch --- src/polkit/polkitsubject.c | 2 + src/polkit/polkitunixprocess.c | 71 +++++++++++++++++++++- .../polkitbackendinteractiveauthority.c | 39 +++++++++++- 3 files changed, 110 insertions(+), 2 deletions(-) diff --git a/src/polkit/polkitsubject.c b/src/polkit/polkitsubject.c index 78ec745a..fadcfe9b 100644 --- a/src/polkit/polkitsubject.c +++ b/src/polkit/polkitsubject.c @@ -99,6 +99,8 @@ polkit_subject_hash (PolkitSubject *subject) * @b: A #PolkitSubject. * * Checks if @a and @b are equal, ie. represent the same subject. + * However, avoid calling polkit_subject_equal() to compare two processes; + * for more information see the `PolkitUnixProcess` documentation. * * This function can be used in e.g. g_hash_table_new(). * diff --git a/src/polkit/polkitunixprocess.c b/src/polkit/polkitunixprocess.c index 02a083f7..fc5afa1c 100644 --- a/src/polkit/polkitunixprocess.c +++ b/src/polkit/polkitunixprocess.c @@ -44,7 +44,10 @@ * @title: PolkitUnixProcess * @short_description: Unix processs * - * An object for representing a UNIX process. + * An object for representing a UNIX process. NOTE: This object as + * designed is now known broken; a mechanism to exploit a delay in + * start time in the Linux kernel was identified. Avoid + * calling polkit_subject_equal() to compare two processes. * * To uniquely identify processes, both the process id and the start * time of the process (a monotonic increasing value representing the @@ -59,6 +62,72 @@ * polkit_unix_process_new_for_owner() with trusted data. */ +/* See https://gitlab.freedesktop.org/polkit/polkit/issues/75 + + But quoting the original email in full here to ensure it's preserved: + + From: Jann Horn + Subject: [SECURITY] polkit: temporary auth hijacking via PID reuse and non-atomic fork + Date: Wednesday, October 10, 2018 5:34 PM + +When a (non-root) user attempts to e.g. control systemd units in the system +instance from an active session over DBus, the access is gated by a polkit +policy that requires "auth_admin_keep" auth. This results in an auth prompt +being shown to the user, asking the user to confirm the action by entering the +password of an administrator account. + +After the action has been confirmed, the auth decision for "auth_admin_keep" is +cached for up to five minutes. Subject to some restrictions, similar actions can +then be performed in this timespan without requiring re-auth: + + - The PID of the DBus client requesting the new action must match the PID of + the DBus client requesting the old action (based on SO_PEERCRED information + forwarded by the DBus daemon). + - The "start time" of the client's PID (as seen in /proc/$pid/stat, field 22) + must not have changed. The granularity of this timestamp is in the + millisecond range. + - polkit polls every two seconds whether a process with the expected start time + still exists. If not, the temporary auth entry is purged. + +Without the start time check, this would obviously be buggy because an attacker +could simply wait for the legitimate client to disappear, then create a new +client with the same PID. + +Unfortunately, the start time check is bypassable because fork() is not atomic. +Looking at the source code of copy_process() in the kernel: + + p->start_time = ktime_get_ns(); + p->real_start_time = ktime_get_boot_ns(); + [...] + retval = copy_thread_tls(clone_flags, stack_start, stack_size, p, tls); + if (retval) + goto bad_fork_cleanup_io; + + if (pid != &init_struct_pid) { + pid = alloc_pid(p->nsproxy->pid_ns_for_children); + if (IS_ERR(pid)) { + retval = PTR_ERR(pid); + goto bad_fork_cleanup_thread; + } + } + +The ktime_get_boot_ns() call is where the "start time" of the process is +recorded. The alloc_pid() call is where a free PID is allocated. In between +these, some time passes; and because the copy_thread_tls() call between them can +access userspace memory when sys_clone() is invoked through the 32-bit syscall +entry point, an attacker can even stall the kernel arbitrarily long at this +point (by supplying a pointer into userspace memory that is associated with a +userfaultfd or is backed by a custom FUSE filesystem). + +This means that an attacker can immediately call sys_clone() when the victim +process is created, often resulting in a process that has the exact same start +time reported in procfs; and then the attacker can delay the alloc_pid() call +until after the victim process has died and the PID assignment has cycled +around. This results in an attacker process that polkit can't distinguish from +the victim process. +*/ + + /** * PolkitUnixProcess: * diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c index 97a8d800..1e17dfd5 100644 --- a/src/polkitbackend/polkitbackendinteractiveauthority.c +++ b/src/polkitbackend/polkitbackendinteractiveauthority.c @@ -2870,6 +2870,43 @@ temporary_authorization_store_free (TemporaryAuthorizationStore *store) g_free (store); } +/* See the comment at the top of polkitunixprocess.c */ +static gboolean +subject_equal_for_authz (PolkitSubject *a, + PolkitSubject *b) +{ + if (!polkit_subject_equal (a, b)) + return FALSE; + + /* Now special case unix processes, as we want to protect against + * pid reuse by including the UID. + */ + if (POLKIT_IS_UNIX_PROCESS (a) && POLKIT_IS_UNIX_PROCESS (b)) { + PolkitUnixProcess *ap = (PolkitUnixProcess*)a; + int uid_a = polkit_unix_process_get_uid ((PolkitUnixProcess*)a); + PolkitUnixProcess *bp = (PolkitUnixProcess*)b; + int uid_b = polkit_unix_process_get_uid ((PolkitUnixProcess*)b); + + if (uid_a != -1 && uid_b != -1) + { + if (uid_a == uid_b) + { + return TRUE; + } + else + { + g_printerr ("denying slowfork; pid %d uid %d != %d!\n", + polkit_unix_process_get_pid (ap), + uid_a, uid_b); + return FALSE; + } + } + /* Fall through; one of the uids is unset so we can't reliably compare */ + } + + return TRUE; +} + static gboolean temporary_authorization_store_has_authorization (TemporaryAuthorizationStore *store, PolkitSubject *subject, @@ -2912,7 +2949,7 @@ temporary_authorization_store_has_authorization (TemporaryAuthorizationStore *st TemporaryAuthorization *authorization = l->data; if (strcmp (action_id, authorization->action_id) == 0 && - polkit_subject_equal (subject_to_use, authorization->subject)) + subject_equal_for_authz (subject_to_use, authorization->subject)) { ret = TRUE; if (out_tmp_authz_id != NULL) -- cgit v1.2.3 From 70fd8be338ca390a233d988b3c0dabfe0cb66c28 Mon Sep 17 00:00:00 2001 From: Matthew Leeds Date: Tue, 11 Dec 2018 12:04:26 -0800 Subject: Allow uid of -1 for a PolkitUnixProcess Commit 2cb40c4d5 changed PolkitUnixUser, PolkitUnixGroup, and PolkitUnixProcess to allow negative values for their uid/gid properties, since these are values above INT_MAX which wrap around but are still valid, with the exception of -1 which is not valid. However, PolkitUnixProcess allows a uid of -1 to be passed to polkit_unix_process_new_for_owner() which means polkit is expected to figure out the uid on its own (this happens in the _constructed function). So this commit removes the check in polkit_unix_process_set_property() so that new_for_owner() can be used as documented without producing a critical error message. This does not affect the protection against CVE-2018-19788 which is based on creating a user with a UID up to but not including 4294967295 (-1). Gbp-Pq: Topic 0.116 Gbp-Pq: Name Allow-uid-of-1-for-a-PolkitUnixProcess.patch --- src/polkit/polkitunixprocess.c | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/src/polkit/polkitunixprocess.c b/src/polkit/polkitunixprocess.c index fc5afa1c..53537fa5 100644 --- a/src/polkit/polkitunixprocess.c +++ b/src/polkit/polkitunixprocess.c @@ -216,14 +216,9 @@ polkit_unix_process_set_property (GObject *object, polkit_unix_process_set_pid (unix_process, g_value_get_int (value)); break; - case PROP_UID: { - gint val; - - val = g_value_get_int (value); - g_return_if_fail (val != -1); - polkit_unix_process_set_uid (unix_process, val); + case PROP_UID: + polkit_unix_process_set_uid (unix_process, g_value_get_int (value)); break; - } case PROP_START_TIME: polkit_unix_process_set_start_time (unix_process, g_value_get_uint64 (value)); -- cgit v1.2.3 From dd7ff541a75960cdf248ba859814afc8aa525380 Mon Sep 17 00:00:00 2001 From: Jan Rybar Date: Fri, 15 Mar 2019 16:07:53 +0000 Subject: pkttyagent: PolkitAgentTextListener leaves echo tty disabled if SIGINT/SIGTERM If no password is typed into terminal during authentication raised by PolkitAgentTextListener, pkttyagent sends kill (it receives from systemctl/hostnamectl e.g.) without chance to restore echoing back on. This cannot be done in on_request() since it's run in a thread without guarantee the signal is distributed there. Origin: upstream, 0.116, commit:bfb722bbe5a503095cc7e860f282b142f5aa75f1 Gbp-Pq: Topic 0.116 Gbp-Pq: Name pkttyagent-PolkitAgentTextListener-leaves-echo-tty-disabl.patch --- src/programs/pkttyagent.c | 57 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 57 insertions(+) diff --git a/src/programs/pkttyagent.c b/src/programs/pkttyagent.c index fe747657..eaccc058 100644 --- a/src/programs/pkttyagent.c +++ b/src/programs/pkttyagent.c @@ -24,6 +24,10 @@ #endif #include +#include +#include +#include +#include #include #define POLKIT_AGENT_I_KNOW_API_IS_SUBJECT_TO_CHANGE #include @@ -47,6 +51,36 @@ usage (int argc, char *argv[]) } +static volatile sig_atomic_t tty_flags_saved; +struct termios ts; +FILE *tty = NULL; +struct sigaction savesigterm, savesigint, savesigtstp; + + +static void tty_handler(int signal) +{ + switch (signal) + { + case SIGTERM: + sigaction (SIGTERM, &savesigterm, NULL); + break; + case SIGINT: + sigaction (SIGINT, &savesigint, NULL); + break; + case SIGTSTP: + sigaction (SIGTSTP, &savesigtstp, NULL); + break; + } + + if (tty_flags_saved) + { + tcsetattr (fileno (tty), TCSAFLUSH, &ts); + } + + kill(getpid(), signal); +} + + int main (int argc, char *argv[]) { @@ -64,6 +98,8 @@ main (int argc, char *argv[]) guint ret = 126; gint notify_fd = -1; GVariantBuilder builder; + struct sigaction sa; + const char *tty_name = NULL; g_type_init (); @@ -232,6 +268,27 @@ main (int argc, char *argv[]) } } +/* Bash leaves tty echo disabled if SIGINT/SIGTERM comes to polkitagenttextlistener.c::on_request(), + but due to threading the handlers cannot take care of the signal there. + Though if controlling terminal cannot be found, the world won't stop spinning. +*/ + tty_name = ctermid(NULL); + if (tty_name != NULL) + { + tty = fopen(tty_name, "r+"); + } + + if (tty != NULL && !tcgetattr (fileno (tty), &ts)) + { + tty_flags_saved = TRUE; + } + + memset (&sa, 0, sizeof (sa)); + sa.sa_handler = &tty_handler; + sigaction (SIGTERM, &sa, &savesigterm); + sigaction (SIGINT, &sa, &savesigint); + sigaction (SIGTSTP, &sa, &savesigtstp); + loop = g_main_loop_new (NULL, FALSE); g_main_loop_run (loop); -- cgit v1.2.3 From 3675f6833b9a5fc948c8d2c970250a7373c970fe Mon Sep 17 00:00:00 2001 From: Michael Biebl Date: Tue, 2 Oct 2007 22:38:04 +0200 Subject: Use Debian's common-* PAM infrastructure, plus pam_env Forwarded: no, Debian-specific Gbp-Pq: Name 01_pam_polkit.patch --- data/polkit-1.in | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/data/polkit-1.in b/data/polkit-1.in index 142dadd3..6f8af2a0 100644 --- a/data/polkit-1.in +++ b/data/polkit-1.in @@ -1,6 +1,8 @@ #%PAM-1.0 -auth include @PAM_FILE_INCLUDE_AUTH@ -account include @PAM_FILE_INCLUDE_ACCOUNT@ -password include @PAM_FILE_INCLUDE_PASSWORD@ -session include @PAM_FILE_INCLUDE_SESSION@ +@include common-auth +@include common-account +@include common-password +session required pam_env.so readenv=1 user_readenv=0 +session required pam_env.so readenv=1 envfile=/etc/default/locale user_readenv=0 +@include common-session-noninteractive -- cgit v1.2.3 From 1db370280790dd0e666f48ffacaf8498b75888fc Mon Sep 17 00:00:00 2001 From: Robert Ancell Date: Wed, 18 Aug 2010 16:26:15 +1000 Subject: Use gettext for translations in .policy files Bug: http://bugs.freedesktop.org/show_bug.cgi?id=29639 Bug-Ubuntu: https://launchpad.net/bugs/619632 Gbp-Pq: Name 02_gettext.patch --- src/polkitbackend/polkitbackendactionpool.c | 49 +++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) diff --git a/src/polkitbackend/polkitbackendactionpool.c b/src/polkitbackend/polkitbackendactionpool.c index 4270d4ed..e2dbf9ef 100644 --- a/src/polkitbackend/polkitbackendactionpool.c +++ b/src/polkitbackend/polkitbackendactionpool.c @@ -24,6 +24,8 @@ #include #include #include +#include +#include #include #include @@ -44,7 +46,9 @@ typedef struct gchar *vendor_url; gchar *icon_name; gchar *description; + gchar *description_domain; gchar *message; + gchar *message_domain; PolkitImplicitAuthorization implicit_authorization_any; PolkitImplicitAuthorization implicit_authorization_inactive; @@ -65,7 +69,9 @@ parsed_action_free (ParsedAction *action) g_free (action->vendor_url); g_free (action->icon_name); g_free (action->description); + g_free (action->description_domain); g_free (action->message); + g_free (action->message_domain); g_hash_table_unref (action->localized_description); g_hash_table_unref (action->localized_message); @@ -85,6 +91,7 @@ static void ensure_all_files (PolkitBackendActionPool *pool); static const gchar *_localize (GHashTable *translations, const gchar *untranslated, + const gchar *domain, const gchar *lang); typedef struct @@ -385,9 +392,11 @@ polkit_backend_action_pool_get_action (PolkitBackendActionPool *pool, description = _localize (parsed_action->localized_description, parsed_action->description, + parsed_action->description_domain, locale); message = _localize (parsed_action->localized_message, parsed_action->message, + parsed_action->message_domain, locale); ret = polkit_action_description_new (action_id, @@ -603,11 +612,16 @@ typedef struct { GHashTable *policy_messages; char *policy_description_nolang; + char *policy_description_domain; char *policy_message_nolang; + char *policy_message_domain; /* the value of xml:lang for the thing we're reading in _cdata() */ char *elem_lang; + /* the value of gettext-domain for the thing we're reading in _cdata() */ + char *elem_domain; + char *annotate_key; GHashTable *annotations; @@ -629,8 +643,12 @@ pd_unref_action_data (ParserData *pd) g_free (pd->policy_description_nolang); pd->policy_description_nolang = NULL; + g_free (pd->policy_description_domain); + pd->policy_description_domain = NULL; g_free (pd->policy_message_nolang); pd->policy_message_nolang = NULL; + g_free (pd->policy_message_domain); + pd->policy_message_domain = NULL; if (pd->policy_descriptions != NULL) { g_hash_table_unref (pd->policy_descriptions); @@ -650,6 +668,8 @@ pd_unref_action_data (ParserData *pd) } g_free (pd->elem_lang); pd->elem_lang = NULL; + g_free (pd->elem_domain); + pd->elem_domain = NULL; } static void @@ -737,6 +757,10 @@ _start (void *data, const char *el, const char **attr) { pd->elem_lang = g_strdup (attr[1]); } + if (num_attr == 2 && strcmp (attr[0], "gettext-domain") == 0) + { + pd->elem_domain = g_strdup (attr[1]); + } state = STATE_IN_ACTION_DESCRIPTION; } else if (strcmp (el, "message") == 0) @@ -745,6 +769,10 @@ _start (void *data, const char *el, const char **attr) { pd->elem_lang = g_strdup (attr[1]); } + if (num_attr == 2 && strcmp (attr[0], "gettext-domain") == 0) + { + pd->elem_domain = g_strdup (attr[1]); + } state = STATE_IN_ACTION_MESSAGE; } else if (strcmp (el, "vendor") == 0 && num_attr == 0) @@ -847,6 +875,7 @@ _cdata (void *data, const char *s, int len) { g_free (pd->policy_description_nolang); pd->policy_description_nolang = str; + pd->policy_description_domain = g_strdup (pd->elem_domain); str = NULL; } else @@ -863,6 +892,7 @@ _cdata (void *data, const char *s, int len) { g_free (pd->policy_message_nolang); pd->policy_message_nolang = str; + pd->policy_message_domain = g_strdup (pd->elem_domain); str = NULL; } else @@ -960,6 +990,8 @@ _end (void *data, const char *el) g_free (pd->elem_lang); pd->elem_lang = NULL; + g_free (pd->elem_domain); + pd->elem_domain = NULL; switch (pd->state) { @@ -990,7 +1022,9 @@ _end (void *data, const char *el) action->vendor_url = g_strdup (vendor_url); action->icon_name = g_strdup (icon_name); action->description = g_strdup (pd->policy_description_nolang); + action->description_domain = g_strdup (pd->policy_description_domain); action->message = g_strdup (pd->policy_message_nolang); + action->message_domain = g_strdup (pd->policy_message_domain); action->localized_description = pd->policy_descriptions; action->localized_message = pd->policy_messages; @@ -1093,6 +1127,7 @@ error: * _localize: * @translations: a mapping from xml:lang to the value, e.g. 'da' -> 'Smadre', 'en_CA' -> 'Punch, Aye!' * @untranslated: the untranslated value, e.g. 'Punch' + * @domain: the gettext domain for this string. Make be NULL. * @lang: the locale we're interested in, e.g. 'da_DK', 'da', 'en_CA', 'en_US'; basically just $LANG * with the encoding cut off. Maybe be NULL. * @@ -1103,11 +1138,25 @@ error: static const gchar * _localize (GHashTable *translations, const gchar *untranslated, + const gchar *domain, const gchar *lang) { const gchar *result; gchar lang2[256]; guint n; + + if (domain != NULL) + { + gchar *old_locale; + + old_locale = g_strdup (setlocale (LC_ALL, NULL)); + setlocale (LC_ALL, lang); + result = dgettext (domain, untranslated); + setlocale (LC_ALL, old_locale); + g_free (old_locale); + + goto out; + } if (lang == NULL) { -- cgit v1.2.3 From 41eadb7f71ea1218aa2c731b112388d7bb82c622 Mon Sep 17 00:00:00 2001 From: Michael Biebl Date: Fri, 9 Dec 2011 00:31:21 +0100 Subject: Revert "Default to AdminIdentities=unix-group:wheel for local authority" This reverts commit 763faf434b445c20ae9529100d3ef5290976d0c9. On Red Hat derivatives, every member of group 'wheel' is necessarily privileged. On Debian derivatives, there is no wheel group, and gid 0 (root) is not used in this way. Change the default rule to consider uid 0 to be privileged, instead. On Red Hat derivatives, 50-default.rules is not preserved by upgrades; on dpkg-based systems, it is a proper conffile and may be edited (at the sysadmin's own risk), so the comment about not editing it is misleading. [smcv: added longer explanation of why we make this change; remove unrelated cosmetic change to a man page] Forwarded: no, Debian-specific Gbp-Pq: Name 05_revert-admin-identities-unix-group-wheel.patch --- src/polkitbackend/50-localauthority.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/polkitbackend/50-localauthority.conf b/src/polkitbackend/50-localauthority.conf index 5e44bde0..20e0ba34 100644 --- a/src/polkitbackend/50-localauthority.conf +++ b/src/polkitbackend/50-localauthority.conf @@ -7,4 +7,4 @@ # [Configuration] -AdminIdentities=unix-group:wheel +AdminIdentities=unix-user:0 -- cgit v1.2.3 From aed01b56a656ce77cb8da73cc0646fb53ec9c1f7 Mon Sep 17 00:00:00 2001 From: Michael Biebl Date: Sat, 11 Feb 2012 23:48:29 +0100 Subject: Install systemd service file for polkitd. Forwarded: no, obsoleted by an upstream commit in 0.106 Gbp-Pq: Name 06_systemd-service.patch --- data/org.freedesktop.PolicyKit1.service.in | 1 + 1 file changed, 1 insertion(+) diff --git a/data/org.freedesktop.PolicyKit1.service.in b/data/org.freedesktop.PolicyKit1.service.in index b6cd02b6..fbceb3ff 100644 --- a/data/org.freedesktop.PolicyKit1.service.in +++ b/data/org.freedesktop.PolicyKit1.service.in @@ -2,3 +2,4 @@ Name=org.freedesktop.PolicyKit1 Exec=@libexecdir@/polkitd --no-debug User=root +SystemdService=polkit.service -- cgit v1.2.3 From 4a8faf59575c6348d27d5c559f583d0fdd558918 Mon Sep 17 00:00:00 2001 From: Michael Biebl Date: Wed, 8 Jul 2015 02:08:33 +0200 Subject: Build against libsystemd Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779756 Forwarded: no, obsoleted by upstream commit 2291767a014f5a04a92ca6f0eb472794f212ca67 in 0.113 Gbp-Pq: Name 10_build-against-libsystemd.patch --- configure.ac | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/configure.ac b/configure.ac index 388605d2..f55ddb7f 100644 --- a/configure.ac +++ b/configure.ac @@ -160,7 +160,7 @@ AC_ARG_ENABLE([systemd], [enable_systemd=auto]) if test "$enable_systemd" != "no"; then PKG_CHECK_MODULES(SYSTEMD, - [libsystemd-login], + [libsystemd], have_systemd=yes, have_systemd=no) if test "$have_systemd" = "yes"; then @@ -171,7 +171,7 @@ if test "$enable_systemd" != "no"; then LIBS=$save_LIBS else if test "$enable_systemd" = "yes"; then - AC_MSG_ERROR([systemd support requested but libsystemd-login1 library not found]) + AC_MSG_ERROR([systemd support requested but libsystemd library not found]) fi fi fi -- cgit v1.2.3 From 44036a21f5243ff6443e500f46b661468ecbe41e Mon Sep 17 00:00:00 2001 From: Michael Biebl Date: Tue, 27 Nov 2018 18:36:27 +0100 Subject: Move D-Bus policy file to /usr/share/dbus-1/system.d/ To better support stateless systems with an empty /etc, the old location in /etc/dbus-1/system.d/ should only be used for local admin changes. Package provided D-Bus policy files are supposed to be installed in /usr/share/dbus-1/system.d/. This is supported since dbus 1.9.18. https://lists.freedesktop.org/archives/dbus/2015-July/016746.html https://gitlab.freedesktop.org/polkit/polkit/merge_requests/11 Gbp-Pq: Name Move-D-Bus-policy-file-to-usr-share-dbus-1-system.d.patch --- data/Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/Makefile.am b/data/Makefile.am index e1a60aad..3d874390 100644 --- a/data/Makefile.am +++ b/data/Makefile.am @@ -9,7 +9,7 @@ service_DATA = $(service_in_files:.service.in=.service) $(service_DATA): $(service_in_files) Makefile @sed -e "s|\@libexecdir\@|$(libexecdir)|" $< > $@ -dbusconfdir = $(sysconfdir)/dbus-1/system.d +dbusconfdir = $(datadir)/dbus-1/system.d dbusconf_DATA = org.freedesktop.PolicyKit1.conf if POLKIT_AUTHFW_PAM -- cgit v1.2.3 From c0e1beb3ec4efb63e2f48ea9c8b308e6db549a6b Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Thu, 4 Jul 2019 14:12:44 +0100 Subject: Statically link libpolkit-backend1 into polkitd Nothing else in Debian depends on that library: in principle it was meant to be used for pluggable polkit backends, but those never actually happened, and the library's API was never declared stable. Similar to part of 0f830c76 "Nuke polkitbackend library, localauthority backend and extension system" upstream. Signed-off-by: Simon McVittie Gbp-Pq: Name Statically-link-libpolkit-backend1-into-polkitd.patch --- configure.ac | 1 - data/Makefile.am | 2 +- data/polkit-backend-1.pc.in | 11 ------ docs/man/polkit.xml | 6 --- docs/polkit/Makefile.am | 3 -- docs/polkit/polkit-1-docs.xml | 7 ---- docs/polkit/polkit-1-sections.txt | 80 --------------------------------------- docs/polkit/polkit-1.types | 9 ----- src/polkitbackend/Makefile.am | 13 +------ 9 files changed, 2 insertions(+), 130 deletions(-) delete mode 100644 data/polkit-backend-1.pc.in diff --git a/configure.ac b/configure.ac index f55ddb7f..abfdd1f3 100644 --- a/configure.ac +++ b/configure.ac @@ -439,7 +439,6 @@ actions/Makefile data/Makefile data/polkit-1 data/polkit-gobject-1.pc -data/polkit-backend-1.pc data/polkit-agent-1.pc src/Makefile src/polkit/Makefile diff --git a/data/Makefile.am b/data/Makefile.am index 3d874390..dad7c2f2 100644 --- a/data/Makefile.am +++ b/data/Makefile.am @@ -18,7 +18,7 @@ pam_DATA = polkit-1 endif pkgconfigdir = $(libdir)/pkgconfig -pkgconfig_DATA = polkit-gobject-1.pc polkit-backend-1.pc polkit-agent-1.pc +pkgconfig_DATA = polkit-gobject-1.pc polkit-agent-1.pc # ---------------------------------------------------------------------------------------------------- diff --git a/data/polkit-backend-1.pc.in b/data/polkit-backend-1.pc.in deleted file mode 100644 index 7f6197d9..00000000 --- a/data/polkit-backend-1.pc.in +++ /dev/null @@ -1,11 +0,0 @@ -prefix=@prefix@ -exec_prefix=@exec_prefix@ -libdir=@libdir@ -includedir=@includedir@ - -Name: polkit-backend-1 -Description: PolicyKit Backend API -Version: @VERSION@ -Libs: -L${libdir} -lpolkit-backend-1 -Cflags: -I${includedir}/polkit-1 -Requires: polkit-gobject-1 diff --git a/docs/man/polkit.xml b/docs/man/polkit.xml index 188c5141..7933779f 100644 --- a/docs/man/polkit.xml +++ b/docs/man/polkit.xml @@ -115,12 +115,6 @@ System Context | | PolicyKit D-Bus service. - - PolicyKit extensions and authority backends are implemented - using the - libpolkit-backend-1 library. - - See the developer diff --git a/docs/polkit/Makefile.am b/docs/polkit/Makefile.am index fd7123f6..c13372b4 100644 --- a/docs/polkit/Makefile.am +++ b/docs/polkit/Makefile.am @@ -31,8 +31,6 @@ INCLUDES = \ $(GIO_CFLAGS) \ -I$(top_srcdir)/src/polkit \ -I$(top_builddir)/src/polkit \ - -I$(top_srcdir)/src/polkitbackend \ - -I$(top_builddir)/src/polkitbackend \ -I$(top_srcdir)/src/polkitagent \ -I$(top_builddir)/src/polkitagent \ $(NULL) @@ -42,7 +40,6 @@ GTKDOC_LIBS = \ $(GLIB_LIBS) \ $(GIO_LIBS) \ $(top_builddir)/src/polkit/libpolkit-gobject-1.la \ - $(top_builddir)/src/polkitbackend/libpolkit-backend-1.la \ $(top_builddir)/src/polkitagent/libpolkit-agent-1.la \ $(NULL) diff --git a/docs/polkit/polkit-1-docs.xml b/docs/polkit/polkit-1-docs.xml index 21b3681e..ec04b263 100644 --- a/docs/polkit/polkit-1-docs.xml +++ b/docs/polkit/polkit-1-docs.xml @@ -47,13 +47,6 @@ - - Backend API Reference - - - - - Authentication Agent API Reference diff --git a/docs/polkit/polkit-1-sections.txt b/docs/polkit/polkit-1-sections.txt index 38810042..41b37e32 100644 --- a/docs/polkit/polkit-1-sections.txt +++ b/docs/polkit/polkit-1-sections.txt @@ -290,86 +290,6 @@ POLKIT_IS_DETAILS_CLASS POLKIT_DETAILS_GET_CLASS -
-polkitbackendauthority -PolkitBackendAuthority -POLKIT_BACKEND_AUTHORITY_EXTENSION_POINT_NAME -PolkitBackendAuthority -PolkitBackendAuthorityClass -polkit_backend_authority_get_name -polkit_backend_authority_get_version -polkit_backend_authority_get_features -polkit_backend_authority_check_authorization -polkit_backend_authority_check_authorization_finish -polkit_backend_authority_register_authentication_agent -polkit_backend_authority_unregister_authentication_agent -polkit_backend_authority_authentication_agent_response -polkit_backend_authority_enumerate_actions -polkit_backend_authority_enumerate_temporary_authorizations -polkit_backend_authority_revoke_temporary_authorizations -polkit_backend_authority_revoke_temporary_authorization_by_id -polkit_backend_authority_get -polkit_backend_authority_register -polkit_backend_authority_unregister - -POLKIT_BACKEND_AUTHORITY -POLKIT_BACKEND_IS_AUTHORITY -POLKIT_BACKEND_TYPE_AUTHORITY -polkit_backend_authority_get_type -POLKIT_BACKEND_AUTHORITY_CLASS -POLKIT_BACKEND_IS_AUTHORITY_CLASS -POLKIT_BACKEND_AUTHORITY_GET_CLASS -
- -
-polkitbackendactionlookup -PolkitBackendActionLookup -POLKIT_BACKEND_ACTION_LOOKUP_EXTENSION_POINT_NAME -PolkitBackendActionLookup -PolkitBackendActionLookupIface -polkit_backend_action_lookup_get_message -polkit_backend_action_lookup_get_icon_name -polkit_backend_action_lookup_get_details - -POLKIT_BACKEND_ACTION_LOOKUP -POLKIT_BACKEND_IS_ACTION_LOOKUP -POLKIT_BACKEND_TYPE_ACTION_LOOKUP -polkit_backend_action_lookup_get_type -POLKIT_BACKEND_ACTION_LOOKUP_GET_IFACE -
- -
-polkitbackendlocalauthority -PolkitBackendLocalAuthority -PolkitBackendLocalAuthority -PolkitBackendLocalAuthorityClass - -POLKIT_BACKEND_LOCAL_AUTHORITY -POLKIT_BACKEND_IS_LOCAL_AUTHORITY -POLKIT_BACKEND_TYPE_LOCAL_AUTHORITY -polkit_backend_local_authority_get_type -POLKIT_BACKEND_LOCAL_AUTHORITY_CLASS -POLKIT_BACKEND_IS_LOCAL_AUTHORITY_CLASS -POLKIT_BACKEND_LOCAL_AUTHORITY_GET_CLASS -
- -
-polkitbackendinteractiveauthority -PolkitBackendInteractiveAuthority -PolkitBackendInteractiveAuthority -PolkitBackendInteractiveAuthorityClass -polkit_backend_interactive_authority_get_admin_identities -polkit_backend_interactive_authority_check_authorization_sync - -POLKIT_BACKEND_INTERACTIVE_AUTHORITY -POLKIT_BACKEND_IS_INTERACTIVE_AUTHORITY -POLKIT_BACKEND_TYPE_INTERACTIVE_AUTHORITY -polkit_backend_interactive_authority_get_type -POLKIT_BACKEND_INTERACTIVE_AUTHORITY_CLASS -POLKIT_BACKEND_IS_INTERACTIVE_AUTHORITY_CLASS -POLKIT_BACKEND_INTERACTIVE_AUTHORITY_GET_CLASS -
-
polkitagentsession PolkitAgentSession diff --git a/docs/polkit/polkit-1.types b/docs/polkit/polkit-1.types index b1e13cc5..6354d125 100644 --- a/docs/polkit/polkit-1.types +++ b/docs/polkit/polkit-1.types @@ -16,15 +16,6 @@ polkit_authorization_result_get_type polkit_temporary_authorization_get_type polkit_permission_get_type -polkit_backend_authority_get_type -polkit_backend_interactive_authority_get_type -polkit_backend_local_authority_get_type -polkit_backend_action_lookup_get_type -polkit_backend_action_pool_get_type -polkit_backend_session_monitor_get_type -polkit_backend_config_source_get_type -polkit_backend_local_authorization_store_get_type - polkit_agent_session_get_type polkit_agent_listener_get_type polkit_agent_text_listener_get_type diff --git a/src/polkitbackend/Makefile.am b/src/polkitbackend/Makefile.am index b91cafa9..cb25a6b5 100644 --- a/src/polkitbackend/Makefile.am +++ b/src/polkitbackend/Makefile.am @@ -16,18 +16,7 @@ INCLUDES = \ -D_REENTRANT \ $(NULL) -lib_LTLIBRARIES=libpolkit-backend-1.la - -libpolkit_backend_1includedir=$(includedir)/polkit-1/polkitbackend - -libpolkit_backend_1include_HEADERS = \ - polkitbackend.h \ - polkitbackendtypes.h \ - polkitbackendauthority.h \ - polkitbackendinteractiveauthority.h \ - polkitbackendlocalauthority.h \ - polkitbackendactionlookup.h \ - $(NULL) +noinst_LTLIBRARIES=libpolkit-backend-1.la libpolkit_backend_1_la_SOURCES = \ $(BUILT_SOURCES) \ -- cgit v1.2.3 From 28685e7f01daafc4dbdd6afbd6741ca17f5c67ca Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Thu, 4 Jul 2019 14:30:29 +0100 Subject: Remove example null backend There's no point in this now that we've removed the ability to extend polkit. Signed-off-by: Simon McVittie Gbp-Pq: Name Remove-example-null-backend.patch --- configure.ac | 1 - docs/polkit/overview.xml | 34 ---------------------------------- src/Makefile.am | 2 +- 3 files changed, 1 insertion(+), 36 deletions(-) diff --git a/configure.ac b/configure.ac index abfdd1f3..22b9a192 100644 --- a/configure.ac +++ b/configure.ac @@ -447,7 +447,6 @@ src/polkitagent/Makefile src/polkitd/Makefile src/programs/Makefile src/examples/Makefile -src/nullbackend/Makefile docs/version.xml docs/extensiondir.xml docs/Makefile diff --git a/docs/polkit/overview.xml b/docs/polkit/overview.xml index 8ddb34cc..92515794 100644 --- a/docs/polkit/overview.xml +++ b/docs/polkit/overview.xml @@ -91,38 +91,4 @@ information on standard output. - - - Extending polkit - - polkit exports a number of extension points to - replace/customize behavior of the polkit daemon. Note that - all extensions run with super user privileges in the same - process as the polkit daemon. - - - The polkit daemons loads extensions - from the &extensiondir; directory. See - the GIO Extension Point - documentation for more information about the extension - system used by polkit. - - - The following extension points are currently defined by - polkit: - - - - POLKIT_BACKEND_AUTHORITY_EXTENSION_POINT_NAME - - Allows replacing the Authority – the entity responsible for - making authorization decisions. Implementations of this - extension point must be derived from the - PolkitBackendAuthority class. See - the src/nullbackend/ directory in the - polkit sources for an example. - - - - diff --git a/src/Makefile.am b/src/Makefile.am index 28c7bfa8..3380fb2c 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -1,5 +1,5 @@ -SUBDIRS = polkit polkitbackend polkitagent polkitd nullbackend programs +SUBDIRS = polkit polkitbackend polkitagent polkitd programs if BUILD_EXAMPLES SUBDIRS += examples -- cgit v1.2.3 From 888cf389f7b3b02b94e70fe7fbaac3432768cf68 Mon Sep 17 00:00:00 2001 From: Michael Biebl Date: Mon, 3 Aug 2020 10:05:29 +0100 Subject: Import policykit-1_0.105-29.debian.tar.xz [dgit import tarball policykit-1 0.105-29 policykit-1_0.105-29.debian.tar.xz] --- changelog | 927 +++++++++++++++++++++ control | 138 +++ copyright | 48 ++ gbp.conf | 5 + gir1.2-polkit-1.0.install | 1 + libpolkit-agent-1-0.install | 1 + libpolkit-agent-1-0.symbols | 17 + libpolkit-agent-1-dev.install | 5 + libpolkit-gobject-1-0.install | 1 + libpolkit-gobject-1-0.symbols | 149 ++++ libpolkit-gobject-1-dev.install | 5 + ...agenthelper-pam-Fix-newline-trimming-code.patch | 43 + ...-harder-to-look-up-the-right-localization.patch | 53 ++ ...d-crashing-if-initializing-the-server-obj.patch | 33 + ...ild-Fix-.gir-generation-for-parallel-make.patch | 41 + patches/0.110/04_get_cwd.patch | 40 + ...-XAUTHORITY-environment-variable-if-unset.patch | 58 ++ patches/0.111/09_pam_environment.patch | 43 + patches/0.111/Add-a-FIXME-to-polkitprivate.h.patch | 32 + patches/0.111/Fix-a-memory-leak.patch | 22 + patches/0.112/00git_type_registration.patch | 118 +++ patches/0.112/08_deprecate_racy_APIs.patch | 27 + patches/0.112/cve-2013-4288.patch | 116 +++ patches/0.113/00git_fix_memleak.patch | 26 + patches/0.113/00git_invalid_object_paths.patch | 116 +++ ...Session-fix-race-between-child-and-io-wat.patch | 120 +++ .../0.113/CVE-2015-3255-Fix-GHashTable-usage.patch | 68 ++ ...4625-Bind-use-of-cookies-to-specific-uids.patch | 484 +++++++++++ ...25-Use-unpredictable-cookie-values-keep-t.patch | 540 ++++++++++++ ...rd-error-data-returned-by-polkit_system_b.patch | 25 + ...-when-two-authentication-requests-are-in-.patch | 36 + ...y-leak-when-registering-an-authentication.patch | 22 + .../Fix-a-per-authorization-memory-leak.patch | 49 ++ .../0.113/Fix-a-possible-NULL-dereference.patch | 35 + ...-duplicate-GError-use-when-uid-is-missing.patch | 32 + ...ix-use-after-free-in-polkitagentsession.c.patch | 32 + .../Fixed-compilation-problem-in-the-backend.patch | 23 + ...mBusName-Add-public-API-to-retrieve-Unix-.patch | 166 ++++ ...itSystemBusName-Retrieve-both-pid-and-uid.patch | 235 ++++++ ...als-non-deprecated-PolkitProcess-API-wher.patch | 29 + ...-to-send-security-reports-via-DBus-s-mech.patch | 39 + ...Refuse-duplicate-user-arguments-to-pkexec.patch | 38 + patches/0.113/Remove-a-redundant-assignment.patch | 26 + ...-for-changes-to-uid-binding-Authenticatio.patch | 259 ++++++ ...-around-systemd-injecting-broken-XDG_RUNT.patch | 76 ++ ...-problem-with-removing-non-existent-sourc.patch | 23 + ...ionmonitor-systemd-Deduplicate-code-paths.patch | 104 +++ ...tor-systemd-Use-sd_uid_get_state-to-check.patch | 73 ++ ...tor-systemd-prepare-for-D-Bus-user-bus-mo.patch | 89 ++ .../Add-gettext-support-for-.policy-files.patch | 58 ++ patches/0.114/Fix-multi-line-pam-text-info.patch | 39 + patches/0.114/Refactor-send_to_helper-usage.patch | 149 ++++ ...ession-agent-running-outside-user-session.patch | 51 ++ .../gettext-switch-to-default-translate-no.patch | 41 + ...on-Fix-a-memory-leak-on-authority-changes.patch | 24 + ...VE-2018-1116-Trusting-client-supplied-UID.patch | 569 +++++++++++++ ...ids-gids-in-PolkitUnixUser-and-Group-obje.patch | 186 +++++ .../Allow-uid-of-1-for-a-PolkitUnixProcess.patch | 43 + ...e-printed-by-polkit-when-disconnecting-fr.patch | 51 ++ ...ised-on-every-systemctl-start-in-emergenc.patch | 27 + ...arning-on-calling-polkit_permission_new_s.patch | 32 + ...le-resource-leak-found-by-static-analyzer.patch | 21 + ...PolkitUnixProcess-uids-for-temporary-auth.patch | 181 ++++ ...tAgentTextListener-leaves-echo-tty-disabl.patch | 101 +++ patches/0.116/tests-add-tests-for-high-uids.patch | 106 +++ patches/01_pam_polkit.patch | 26 + patches/02_gettext.patch | 193 +++++ ..._revert-admin-identities-unix-group-wheel.patch | 35 + patches/06_systemd-service.patch | 18 + patches/10_build-against-libsystemd.patch | 32 + ...-policy-file-to-usr-share-dbus-1-system.d.patch | 31 + patches/Remove-example-null-backend.patch | 80 ++ ...ally-link-libpolkit-backend1-into-polkitd.patch | 258 ++++++ patches/series | 62 ++ policykit-1-doc.install | 1 + policykit-1-doc.links | 1 + policykit-1.bug-control | 1 + policykit-1.docs | 2 + policykit-1.install | 11 + policykit-1.links | 1 + policykit-1.lintian-overrides | 5 + policykit-1.maintscript | 2 + policykit-1.postinst | 62 ++ policykit-1.postrm | 14 + polkit.service | 8 + rules | 47 ++ shlibs.local | 2 + source/format | 1 + tests/cli | 39 + tests/cli-root | 1 + tests/control | 7 + upstream/signing-key.asc | 250 ++++++ watch | 3 + 93 files changed, 7560 insertions(+) create mode 100644 changelog create mode 100644 control create mode 100644 copyright create mode 100644 gbp.conf create mode 100644 gir1.2-polkit-1.0.install create mode 100644 libpolkit-agent-1-0.install create mode 100644 libpolkit-agent-1-0.symbols create mode 100644 libpolkit-agent-1-dev.install create mode 100644 libpolkit-gobject-1-0.install create mode 100644 libpolkit-gobject-1-0.symbols create mode 100644 libpolkit-gobject-1-dev.install create mode 100644 patches/0.106/agenthelper-pam-Fix-newline-trimming-code.patch create mode 100644 patches/0.107/Try-harder-to-look-up-the-right-localization.patch create mode 100644 patches/0.108/PolkitAgent-Avoid-crashing-if-initializing-the-server-obj.patch create mode 100644 patches/0.108/build-Fix-.gir-generation-for-parallel-make.patch create mode 100644 patches/0.110/04_get_cwd.patch create mode 100644 patches/0.110/07_set-XAUTHORITY-environment-variable-if-unset.patch create mode 100644 patches/0.111/09_pam_environment.patch create mode 100644 patches/0.111/Add-a-FIXME-to-polkitprivate.h.patch create mode 100644 patches/0.111/Fix-a-memory-leak.patch create mode 100644 patches/0.112/00git_type_registration.patch create mode 100644 patches/0.112/08_deprecate_racy_APIs.patch create mode 100644 patches/0.112/cve-2013-4288.patch create mode 100644 patches/0.113/00git_fix_memleak.patch create mode 100644 patches/0.113/00git_invalid_object_paths.patch create mode 100644 patches/0.113/03_PolkitAgentSession-fix-race-between-child-and-io-wat.patch create mode 100644 patches/0.113/CVE-2015-3255-Fix-GHashTable-usage.patch create mode 100644 patches/0.113/CVE-2015-4625-Bind-use-of-cookies-to-specific-uids.patch create mode 100644 patches/0.113/CVE-2015-4625-Use-unpredictable-cookie-values-keep-t.patch create mode 100644 patches/0.113/Don-t-discard-error-data-returned-by-polkit_system_b.patch create mode 100644 patches/0.113/Fix-a-crash-when-two-authentication-requests-are-in-.patch create mode 100644 patches/0.113/Fix-a-memory-leak-when-registering-an-authentication.patch create mode 100644 patches/0.113/Fix-a-per-authorization-memory-leak.patch create mode 100644 patches/0.113/Fix-a-possible-NULL-dereference.patch create mode 100644 patches/0.113/Fix-duplicate-GError-use-when-uid-is-missing.patch create mode 100644 patches/0.113/Fix-use-after-free-in-polkitagentsession.c.patch create mode 100644 patches/0.113/Fixed-compilation-problem-in-the-backend.patch create mode 100644 patches/0.113/PolkitSystemBusName-Add-public-API-to-retrieve-Unix-.patch create mode 100644 patches/0.113/PolkitSystemBusName-Retrieve-both-pid-and-uid.patch create mode 100644 patches/0.113/Port-internals-non-deprecated-PolkitProcess-API-wher.patch create mode 100644 patches/0.113/README-Note-to-send-security-reports-via-DBus-s-mech.patch create mode 100644 patches/0.113/Refuse-duplicate-user-arguments-to-pkexec.patch create mode 100644 patches/0.113/Remove-a-redundant-assignment.patch create mode 100644 patches/0.113/docs-Update-for-changes-to-uid-binding-Authenticatio.patch create mode 100644 patches/0.113/pkexec-Work-around-systemd-injecting-broken-XDG_RUNT.patch create mode 100644 patches/0.113/polkitd-Fix-problem-with-removing-non-existent-sourc.patch create mode 100644 patches/0.113/sessionmonitor-systemd-Deduplicate-code-paths.patch create mode 100644 patches/0.113/sessionmonitor-systemd-Use-sd_uid_get_state-to-check.patch create mode 100644 patches/0.113/sessionmonitor-systemd-prepare-for-D-Bus-user-bus-mo.patch create mode 100644 patches/0.114/Add-gettext-support-for-.policy-files.patch create mode 100644 patches/0.114/Fix-multi-line-pam-text-info.patch create mode 100644 patches/0.114/Refactor-send_to_helper-usage.patch create mode 100644 patches/0.114/Support-polkit-session-agent-running-outside-user-session.patch create mode 100644 patches/0.114/gettext-switch-to-default-translate-no.patch create mode 100644 patches/0.114/polkitpermission-Fix-a-memory-leak-on-authority-changes.patch create mode 100644 patches/0.115/Fix-CVE-2018-1116-Trusting-client-supplied-UID.patch create mode 100644 patches/0.116/Allow-negative-uids-gids-in-PolkitUnixUser-and-Group-obje.patch create mode 100644 patches/0.116/Allow-uid-of-1-for-a-PolkitUnixProcess.patch create mode 100644 patches/0.116/Elaborate-message-printed-by-polkit-when-disconnecting-fr.patch create mode 100644 patches/0.116/Error-message-raised-on-every-systemctl-start-in-emergenc.patch create mode 100644 patches/0.116/Fix-a-critical-warning-on-calling-polkit_permission_new_s.patch create mode 100644 patches/0.116/Possible-resource-leak-found-by-static-analyzer.patch create mode 100644 patches/0.116/backend-Compare-PolkitUnixProcess-uids-for-temporary-auth.patch create mode 100644 patches/0.116/pkttyagent-PolkitAgentTextListener-leaves-echo-tty-disabl.patch create mode 100644 patches/0.116/tests-add-tests-for-high-uids.patch create mode 100644 patches/01_pam_polkit.patch create mode 100644 patches/02_gettext.patch create mode 100644 patches/05_revert-admin-identities-unix-group-wheel.patch create mode 100644 patches/06_systemd-service.patch create mode 100644 patches/10_build-against-libsystemd.patch create mode 100644 patches/Move-D-Bus-policy-file-to-usr-share-dbus-1-system.d.patch create mode 100644 patches/Remove-example-null-backend.patch create mode 100644 patches/Statically-link-libpolkit-backend1-into-polkitd.patch create mode 100644 patches/series create mode 100644 policykit-1-doc.install create mode 100644 policykit-1-doc.links create mode 100644 policykit-1.bug-control create mode 100644 policykit-1.docs create mode 100644 policykit-1.install create mode 100644 policykit-1.links create mode 100644 policykit-1.lintian-overrides create mode 100644 policykit-1.maintscript create mode 100644 policykit-1.postinst create mode 100644 policykit-1.postrm create mode 100644 polkit.service create mode 100755 rules create mode 100644 shlibs.local create mode 100644 source/format create mode 100755 tests/cli create mode 120000 tests/cli-root create mode 100644 tests/control create mode 100644 upstream/signing-key.asc create mode 100644 watch diff --git a/changelog b/changelog new file mode 100644 index 00000000..20ba3557 --- /dev/null +++ b/changelog @@ -0,0 +1,927 @@ +policykit-1 (0.105-29) unstable; urgency=medium + + * Add symlink for polkit-agent-helper-1 after the move to /usr/libexec. + If a process still has an old copy of libpolkit-agent-1.so.0 loaded, it + will fail to find the binary at the new location. So create a symlink to + prevent authentication failures on upgrades. (Closes: #965210) + + -- Michael Biebl Mon, 03 Aug 2020 11:05:29 +0200 + +policykit-1 (0.105-28) unstable; urgency=medium + + [ TANIGUCHI Takaki ] + * postinst: Fix polkit-agent-helper-1 path + + [ Michael Biebl ] + * Fix polkitd path in polkit.service (Closes: #965164) + * Use --restart-after-upgrade. + With debhelper 13.1, --no-start will disable --restart-after-upgrade. + Since we want the service to be restarted on upgrades, request that + explicitly. + * Remove old maintscript migration code from pre-oldstable + + -- Michael Biebl Fri, 17 Jul 2020 10:49:51 +0200 + +policykit-1 (0.105-27) unstable; urgency=medium + + * Switch to /usr/libexec now that it is allowed by debian policy + * Bump debhelper-compat to 13 + * Bump Standards-Version to 4.5.0 + * Try harder to look up the right localization. + Fixes out-of-bounds read in _localize. (Closes: #956223) + + -- Michael Biebl Fri, 17 Jul 2020 00:50:43 +0200 + +policykit-1 (0.105-26) unstable; urgency=medium + + [ Mark Hindley ] + * Depend on new virtual packages default-logind and logind + (Closes: #923240) + + [ Simon McVittie ] + * Apply most changes from upstream release 0.116 + - d/p/0.116/Elaborate-message-printed-by-polkit-when-disconnecting-fr.patch, + d/p/0.116/Error-message-raised-on-every-systemctl-start-in-emergenc.patch: + Reduce messages to stderr from polkit agents, in particular when using + "systemctl reboot" on a ssh connection or when using "systemctl start" + in systemd emergency mode + - d/p/0.116/Fix-a-critical-warning-on-calling-polkit_permission_new_s.patch: + Fix critical warnings when calling polkit_permission_new_sync() with + no D-Bus system bus + - d/p/0.116/Possible-resource-leak-found-by-static-analyzer.patch: + Fix a potential use-after-free in polkit agents + - d/p/0.116/pkttyagent-PolkitAgentTextListener-leaves-echo-tty-disabl.patch: + Re-enable echo if the tty agent is killed by SIGINT or SIGTERM + or suspended with SIGTSTP + * Add more bug fixes backported from earlier upstream releases + - d/p/0.108/PolkitAgent-Avoid-crashing-if-initializing-the-server-obj.patch: + Fix a segfault when a library user like flatpak attempts to register + a polkit agent with no system bus available (Closes: #923046) + - d/p/0.111/Add-a-FIXME-to-polkitprivate.h.patch: + Make it more obvious that polkitprivate.h was never intended to be API + - d/p/0.114/polkitpermission-Fix-a-memory-leak-on-authority-changes.patch: + Fix a memory leak + - d/p/0.113/PolkitSystemBusName-Retrieve-both-pid-and-uid.patch: + Avoid a use of the deprecated polkit_unix_process_new() + * d/*.symbols: Add Build-Depends-Package metadata + * d/policykit-1.lintian-overrides: Override systemd unit false positives. + The systemd unit is only for on-demand D-Bus activation, and is not + intended to be started during boot, so an [Install] section and a + parallel LSB init script are not necessary. + * Stop building libpolkit-backend as a shared library. + Its API was never declared stable before upstream removed it in + 0.106. Nothing in Debian depended on it, except for polkitd itself, + which now links the same code statically. + This is a step towards being able to use the current upstream release of + polkit and patch in the old localauthority backend as an alternative to + the JavaScript backend, instead of using the old 0.105 codebase and + patching in essentially every change except the JavaScript backend, + which is becoming unmanageable. + - Remove the example null backend, which is pointless now that we've + removed the ability to extend polkit. + - Remove obsolete conffile 50-nullbackend.conf on upgrade + - Remove the directory that previously contained 50-nullbackend.conf + after upgrading or removing policykit-1 + - Remove obsolete dh_makeshlibs override for the null backend + * d/policykit-1.bug-control: Add systemd, elogind versions to bug reports. + reportbug doesn't currently seem to interpret + "Depends: default-logind | logind" as implying that it should include + the version number of the package that Provides logind in bug reports. + Workaround for #934472. + * Change the policykit-1 package from Architecture: any to + Architecture: linux-any, and remove the consolekit [!linux-any] + dependency. consolekit is no longer available in any Debian or + debian-ports architecture, even those for non-Linux kernels. + (Closes: #918446) + * Standards-Version: 4.4.0 (no changes required) + * Switch to debhelper-compat 12 + - d/control: Add ${misc:Pre-Depends} + * Switch to dh_missing and abort on uninstalled files + (patch taken from experimental, thanks to Michael Biebl) + + -- Simon McVittie Sun, 11 Aug 2019 19:09:35 +0100 + +policykit-1 (0.105-25) unstable; urgency=medium + + * Team upload + * Add tests-add-tests-for-high-uids.patch + - Patch from upstream modified by Ubuntu to test high UID fix + * Compare PolkitUnixProcess uids for temporary authorizations. + - Fix temporary auth hijacking via PID reuse and non-atomic fork + (CVE-2019-6133) (Closes: #918985) + + -- Jeremy Bicha Tue, 15 Jan 2019 11:11:58 -0500 + +policykit-1 (0.105-24) unstable; urgency=medium + + * Allow uid of -1 for a PolkitUnixProcess. + Revert an overzealous change from the previous security fix that caused + a critical to be logged when trying to set the uid property to -1 (the + default value). + + -- Martin Pitt Tue, 15 Jan 2019 08:05:52 +0000 + +policykit-1 (0.105-23) unstable; urgency=high + + * Allow negative uids/gids in PolkitUnixUser and Group objects. + Fixes a vulnerability in PolicyKit that allows a user with a uid greater + than INT_MAX to successfully execute arbitrary polkit actions. + (CVE-2018-19788, Closes: #915332) + + -- Michael Biebl Fri, 07 Dec 2018 19:55:58 +0100 + +policykit-1 (0.105-22) unstable; urgency=medium + + * Move D-Bus policy file to /usr/share/dbus-1/system.d/ + To better support stateless systems with an empty /etc, the old location + in /etc/dbus-1/system.d/ should only be used for local admin changes. + Package provided D-Bus policy files are supposed to be installed in + /usr/share/dbus-1/system.d/. + This is supported since dbus 1.9.18. + * Remove obsolete conffile + /etc/dbus-1/system.d/org.freedesktop.PolicyKit1.conf on upgrades + * Bump Standards-Version to 4.2.1 + * Remove Breaks for versions older than oldstable + * Stop masking polkit.service during the upgrade process. + This is no longer necessary with the D-Bus policy file being installed + in /usr/share/dbus-1/system.d/. (Closes: #902474) + * Use dh_installsystemd to restart polkit.service after an upgrade. + This replaces a good deal of hand-written maintscript code. + + -- Michael Biebl Tue, 27 Nov 2018 20:17:44 +0100 + +policykit-1 (0.105-21) unstable; urgency=medium + + * Remove --no-parallel now that parallel builds (hopefully) work. + Thanks to Adrian Bunk for spotting this. + * Refresh patches via gbp pq + * Use one patch per upstream commit for easier metadata round-trips + * Sync up src/polkitagent/polkitagenthelper-pam.c with 0.114 + - d/p/0.111/Fix-a-memory-leak.patch: + Fix a memory leak when PAM authentication fails + - d/p/0.113/Remove-a-redundant-assignment.patch: + Fix a potential compiler warning + - d/p/master/Fix-multi-line-pam-text-info.patch: + Split into d/p/0.106/agenthelper-pam-Fix-newline-trimming-code.patch, + d/p/0.114/Fix-multi-line-pam-text-info.patch, + d/p/0.114/Refactor-send_to_helper-usage.patch + * d/p/03_polkitunixsession_sessionid_from_display.patch: + Replace with functionally identical + d/p/0.114/Support-polkit-session-agent-running-outside-user-session.patch + as applied upstream + * d/watch: Use https + * d/watch: Download upstream PGP signatures + * debian/upstream/signing-key.asc: Add public keys for Ray Strode, + Miloslav Trmac, David Zeuthen + * d/gbp.conf: Merge upstream tags into the upstream branch + * Add myself to Uploaders + * d/gbp.conf: Set patch-numbers to false to match current practice + * d/p/0.115/Fix-CVE-2018-1116-Trusting-client-supplied-UID.patch: + Backport the security-significant part of 0.115 (CVE-2018-1116) + (Closes: #903563) + * d/libpolkit-gobject-1-0.symbols: Update for new semi-private ABI + * d/rules: Skip build-time tests if DEB_BUILD_OPTIONS=nocheck + * Standards-Version: 4.1.5 (no changes required) + * Set Rules-Requires-Root to no + + -- Simon McVittie Wed, 11 Jul 2018 09:29:32 +0100 + +policykit-1 (0.105-20) unstable; urgency=medium + + * Team upload + * d/p/0.108/build-Fix-.gir-generation-for-parallel-make.patch: + Add patch from upstream to fix parallel builds (Closes: #894205) + + -- Simon McVittie Tue, 27 Mar 2018 13:50:28 +0100 + +policykit-1 (0.105-19) unstable; urgency=medium + + * debian/copyright: Use https URL for Format: + * Update Vcs-* links for move to salsa.debian.org. + * Fix typos in patch descriptions. + Fixes lintian's spelling-error-in-patch-description complaints. + * Move to debhelper compat level 10. + Remove explicit dh-autoreconf, it's now done by default. + * Bump Standards-Version to 4.1.3 + * Add autopkgtest. + This covers the pkaction and pkcheck CLI tools. + + -- Martin Pitt Mon, 26 Mar 2018 21:42:28 +0200 + +policykit-1 (0.105-18) unstable; urgency=medium + + * Team upload. + * master/Add-gettext-support-for-.policy-files.patch: Backport from master: + Add .loc and .its files so that gettext can be used to translate policy + files. Some upstreams, particularly those that are switching to meson, + expect these files to be present so that their PK policy files can be + translated. (Closes: #863207) + + -- Iain Lane Wed, 24 May 2017 11:21:35 +0100 + +policykit-1 (0.105-17) unstable; urgency=medium + + [ Michael Biebl ] + * Use https:// for the upstream homepage. + * Update Vcs-Browser to use cgit. + * Rename the systemd service unit to polkit.service. It is now based on what + was added upstream in 0.106. + + [ Simon McVittie ] + * Build-depend on intltool instead of relying on gtk-doc-tools' + dependency (Closes: #837846) + + [ Martin Pitt ] + * Use PAM's common-session-noninteractive modules for pkexec instead of + common-session. The latter also runs pam_systemd (the only difference + normally) which is a no-op under the classic session-centric + D-BUS/graphical login model (as it won't start a new one if it is already + running within a logind session), but very expensive when using + dbus-user-session and being called from a service that runs outside the + PAM session. This causes long delays in e. g. gnome-settings-daemon's + backlight helpers. (LP: #1626651) + + -- Michael Biebl Fri, 21 Oct 2016 15:44:57 +0200 + +policykit-1 (0.105-16) unstable; urgency=medium + + [ Michael Biebl ] + * Drop obsolete Breaks from pre-wheezy. + * Use gir addon instead of calling dh_girepository manually. + * Run wrap-and-sort -ast. + * Drop explicit Build-Depends on gir1.2-glib-2.0. This dependency is already + pulled in via libgirepository1.0-dev. + + [ Martin Pitt ] + * Add fallback if agent is not running in a logind session. This fixes + polkit with dbus-user-session. Thanks Sebastien Bacher for the patch! + * Bump Standards-Version to 3.9.8 (no changes necessary). + + -- Martin Pitt Mon, 25 Jul 2016 14:32:23 +0200 + +policykit-1 (0.105-15) unstable; urgency=medium + + * Generate tight inter-package dependencies. + This ensures that everything from the same source package is upgraded in + lockstep. (Closes: #817998) + + -- Michael Biebl Thu, 14 Apr 2016 13:57:13 +0200 + +policykit-1 (0.105-14.1) unstable; urgency=medium + + * Non-maintainer upload. + * Fix FTBFS on non-linux/non-systemd. (Closes: #798769) + + -- Adam Borowski Thu, 14 Jan 2016 06:28:38 +0100 + +policykit-1 (0.105-14) unstable; urgency=medium + + * debian/policykit-1.preinst: Use systemctl unmask instead of direct symlink + removal for consistency. + * Fix handling of multi-line helper output. Thanks Dariusz Gadomski! Patch + backported from upstream master. (LP: #1510824) + + -- Martin Pitt Mon, 23 Nov 2015 11:38:00 +0100 + +policykit-1 (0.105-13) unstable; urgency=medium + + * debian/policykit-1.{pre,pos}inst: Temporarily mask polkitd.service while + policykit-1 is unpackaged but not yet configured. During that time we + don't yet have our D-Bus policy in /etc so that polkitd cannot work yet. + This can be dropped once the D-Bus policy moves to /usr. + (Closes: #794723, LP: #1447654) + + -- Martin Pitt Wed, 21 Oct 2015 08:11:22 +0200 + +policykit-1 (0.105-12) unstable; urgency=medium + + * Team upload + * Replace 03_complete_session.patch with a change from upstream + which seems like a more correct solution for LP#445303, LP#649939 + * 05_revert-admin-identities-unix-group-wheel.patch: remove confusing + staff -> desktop_admin_r change in a man page (desktop_admin_r looks + vaguely like a SELinux role but is actually being used as a group); + keep only the actual functional change. This matches the syntactically + different but functionally similar change in experimental. + * 09_pam_environment.patch: replace with the version that went upstream. + * Annotate remaining patches with a bit more information. + They are: + - 00git_fix_memleak.patch, 00git_invalid_object_paths.patch, + 00git_type_registration.patch, 04_get_cwd.patch, + 07_set-XAUTHORITY-environment-variable-if-unset.patch, + 08_deprecate_racy_APIs.patch, 09_pam_environment.patch, + cve-2013-4288.patch: either backports from upstream, or already + applied upstream, and not discussed further here. + - 01_pam_polkit.patch: use Debian's common-* infrastructure, + plus pam_env to get the global environment and locale. + Debian-specific. + - 02_gettext.patch: Use gettext to translate .policy files at + runtime, allowing for Ubuntu-style language packs. + Debian-specific (mainly for Ubuntu's benefit, really). + - 05_revert-admin-identities-unix-group-wheel.patch: Debian does + not use the "wheel" group like Red Hat derivatives do; + treat uid 0 as the administrative identity instead. + Debian-specific. + - 06_systemd-service.patch: hook up the systemd service in + debian/polkitd.service. + Not forwarded: obsoleted by an upstream change in 0.106, + commit 2995085. + * Re-order patch series to put upstream changes first, sorted by version + in which they went upstream, and put them in subdirectories by version + * Add patches from 0.113 to fix heap corruption CVE-2015-3255 + (Closes: #766860) and local authenticated denial of service + CVE-2015-4625 (Closes: #796134) + * Add numerous other bug-fix patches from 0.113 + - work around bugs in older versions of libpam-systemd when using + su or similar (Closes: #772125) + - treat background processes as part of the same uid's active GUI + session if they have one (Closes: #779988) + - fix some memory leaks (Closes: #775158, LP: #1417637) + * Add backported public API polkit_system_bus_name_get_user_sync() to + symbols file + * Fix FTBFS with dpkg-buildpackage -A by only installing files into + policykit-1 in per-arch builds + * Run tests with a session bus pretending to be the system bus, + so they can pass in a buildd environment + + -- Simon McVittie Fri, 11 Sep 2015 09:48:00 +0100 + +policykit-1 (0.105-11) unstable; urgency=medium + + * Add 00git_invalid_object_paths.patch: backend: Handle invalid object paths + in RegisterAuthenticationAgent (CVE-2015-3218, Closes: #787932) + * policykit-1.postinst: Reload systemd before restarting polkitd.service, to + avoid "Warning: polkitd.service changed on disk". (Closes: #791397) + + -- Martin Pitt Fri, 10 Jul 2015 13:03:33 +0200 + +policykit-1 (0.105-10) unstable; urgency=medium + + * Add 00git_type_registration.patch: Use GOnce for interface type + registration. Fixes frequent udisks segfault (LP: #1236510). + * Add 00git_fix_memleak.patch: Fix memory leak in EnumerateActions call + results handler. (LP: #1417637) + + -- Martin Pitt Wed, 08 Jul 2015 12:15:41 +0200 + +policykit-1 (0.105-9) unstable; urgency=medium + + [ Martin Pitt ] + * policykit-1.postinst: Don't kill polkitd under systemd, but properly + restart it. This avoids killing it shortly after systemd tries to + bus-activate it on installation. (LP: #1447654) + + [ Michael Biebl ] + * Build against libsystemd instead of the old libsystemd-login compat + library. (Closes: #779756) + + -- Michael Biebl Wed, 08 Jul 2015 02:10:58 +0200 + +policykit-1 (0.105-8) unstable; urgency=medium + + * Rebuild against libsystemd0. This drops the last remaining dependency to + libsystemd-login0. (Closes: #771281) + * Bump Standards-Version to 3.9.6 (no changes necessary). + + -- Martin Pitt Fri, 28 Nov 2014 10:07:46 +0100 + +policykit-1 (0.105-7) unstable; urgency=medium + + * Team upload. + * Install typelib files into MA libdir. + + -- Andreas Henriksson Thu, 25 Sep 2014 13:56:15 +0200 + +policykit-1 (0.105-6.1) unstable; urgency=medium + + * Non-maintainer upload. + * Use dh-autoreconf in build to support new architectures + + -- Wookey Thu, 10 Jul 2014 00:15:28 +0100 + +policykit-1 (0.105-6) unstable; urgency=medium + + * Team upload. + * debian/control: Update Homepage URL + * debian/control: Add a Breaks against gdm3 (<< 3.8.4-7~) to ensure it + registers a logind session properly (Closes: #745983) + + -- Laurent Bigonville Thu, 22 May 2014 19:31:58 +0200 + +policykit-1 (0.105-5) unstable; urgency=medium + + * Team upload. + * Enable systemd support on linux architectures + * debian/control: Bump Standards-Version to 3.9.5 (no further changes) + * debian/control: Use canonical VCS-* URL's + + -- Laurent Bigonville Sun, 04 May 2014 12:40:59 +0200 + +policykit-1 (0.105-4) unstable; urgency=low + + * Acknowledge non-maintainer upload for CVE-2013-4288. + * Also cherry-pick the upstream commit which deprecates the racy APIs. + * debian/patches/09_pam_environment.patch: set process environment from + pam_getenvlist(). + * debian/patches/01_pam_polkit.patch: adjust patch to invoke pam_env, so our + global settings from /etc/environment are applied correctly. + * The two changes above fix pkexec to properly export the pam environment. + Thanks Steve Langasek for the patch. (Closes: #692340) + + -- Michael Biebl Tue, 15 Oct 2013 18:34:24 +0200 + +policykit-1 (0.105-3+nmu1) unstable; urgency=high + + * Non-maintainer upload by the Security Team. + * Fix cve-2013-4288: race condition in pkcheck.c (closes: #723717). + + -- Michael Gilbert Mon, 14 Oct 2013 00:08:43 +0000 + +policykit-1 (0.105-3) unstable; urgency=low + + * 07_set-XAUTHORITY-environment-variable-if-unset.patch: Set XAUTHORITY + environment variable to its default value $HOME/.Xauthority if unset. + Some display managers, like KDM, do not set the XAUTHORITY variable, so + starting graphical applications via pkexec was broken in those + environments. (Closes: #671497) + + -- Michael Biebl Thu, 20 Dec 2012 18:55:14 +0100 + +policykit-1 (0.105-2) unstable; urgency=low + + * Change the permissions of /etc/polkit-1/localauthority to 700, this + directory is not supposed to be readable by everyone. + + -- Michael Biebl Mon, 17 Dec 2012 17:02:06 +0100 + +policykit-1 (0.105-1) unstable; urgency=low + + * New upstream release. + * debian/watch: Update URL, the tarballs are hosted on freedesktop.org now. + * Update symbols file for libpolkit-gobject-1-0 and libpolkit-agent-1-0. + * Update debian/copyright using the machine-readable copyright format 1.0. + * Bump Standards-Version to 3.9.3. + * Bump Build-Depends on debhelper to (>= 9). + + -- Michael Biebl Tue, 24 Apr 2012 21:06:04 +0200 + +policykit-1 (0.104-2) unstable; urgency=low + + * debian/control: Add Build-Depends on libglib2.0-doc and libgtk-3-doc for + proper cross-references in the gtk-doc API documentation. + * Install systemd service file for polkitd. + + -- Michael Biebl Sat, 11 Feb 2012 23:48:29 +0100 + +policykit-1 (0.104-1) unstable; urgency=low + + * New upstream release. + - Add support for netgroups. (LP: #724052) + * debian/rules: Disable systemd support, continue to work with ConsokeKit. + * 05_revert-admin-identities-unix-group-wheel.patch: Refresh to apply + cleanly. + * debian/libpolkit-gobject-1-0.symbols: Add new symbols from this new + release. + * debian/rules: Do not let test failures fail the build. The new test suite + also runs a test against the system D-BUS/ConsoleKit, which can't work on + buildds. + + -- Martin Pitt Fri, 06 Jan 2012 12:28:54 +0100 + +policykit-1 (0.103-1) unstable; urgency=low + + * New upstream release. + * debian/control: Change section of gir1.2-polkit-1.0 to introspection. + * 05_revert-admin-identities-unix-group-wheel.patch: Revert upstream change + to make group wheel the default admin identity since we already use group + sudo resp. group admin for that. + + -- Michael Biebl Fri, 09 Dec 2011 00:48:17 +0100 + +policykit-1 (0.102-2) unstable; urgency=low + + * 02_gettext.patch: Explicitly #include to fix non-optimized + build. Thanks Ivan Krasilnikov for pointing this out. + * debian/rules: When building on Ubuntu, also consider the "sudo" group as + administrator, for compatibility with Debian and sudo itself. Keep "admin" + for existing systems. (LP: #893842) + * Convert to Multi-Arch and dh compat 9. Thanks Daniel Schaal for the + patch! (Closes: #636196) + + -- Martin Pitt Fri, 25 Nov 2011 07:44:09 +0100 + +policykit-1 (0.102-1) unstable; urgency=low + + * New upstream release. + * debian/patches/00git_fix_proc_race.patch: Removed, merged upstream. + * debian/patches/04_ignore_quilt_po.patch: Removed, merged upstream. + * debian/patches/03_complete_session.patch: Refreshed. + * debian/patches/04_get_cwd.patch: Use g_get_current_dir() to determine the + current working directory. This fixes another PATH_MAX related FTBFS on + hurd. Thanks Emilio Pozuelo Monfort for the patch. (Closes: #623017) + + -- Michael Biebl Tue, 02 Aug 2011 03:17:20 +0200 + +policykit-1 (0.101-4) unstable; urgency=high + + Urgency high due to security fix. + + * Add 00git_fix_proc_race.patch: Avoid /proc race conditions when checking + privileges for pkexec. Patch taken from + https://bugzilla.redhat.com/show_bug.cgi?id=692922, now also landed in + upstream git. [CVE-2011-1485] + * debian/libpolkit-gobject-1-0.symbols: Update for new symbols. + * Add 04_ignore_quilt_po.patch: Ignore .po/ for intltool. This avoids build + failures if quilt patches change files with translatable strings. Thanks + to Kees Cook for the patch! + + -- Martin Pitt Wed, 20 Apr 2011 12:11:38 +0200 + +policykit-1 (0.101-3) unstable; urgency=low + + * debian/control + - Add Depends on gir1.2-polkit-1.0 (= ${binary:Version}) to + libpolkit-gobject-1-dev and libpolkit-agent-1-dev to comply with the + updated GObject introspection policy. + - Bump Standards-Version to 3.9.2. No further changes. + + -- Michael Biebl Sun, 10 Apr 2011 20:34:03 +0200 + +policykit-1 (0.101-2) unstable; urgency=low + + * Upload to unstable. + + -- Michael Biebl Fri, 25 Mar 2011 02:19:51 +0100 + +policykit-1 (0.101-1) experimental; urgency=low + + * New upstream release. + * Update patches + - Drop debian/patches/04_test_signalfd.patch, merged upstream. + - Refresh other patches to apply cleanly. + * debian/libpolkit-gobject-1-0.symbols + - Add polkit_authorization_result_get_dismissed. + * debian/control + - Bump Build-Depends on libglib2.0-dev to (>= 2.28.0). + * debian/rules + - Don't build example programs. + + -- Michael Biebl Thu, 03 Mar 2011 23:50:17 +0100 + +policykit-1 (0.100-1) experimental; urgency=low + + * New upstream release. + * Refresh debian/patches/03_complete_session.patch. + * Replace debian/patches/04_test_signalfd.patch with a patch that was merged + upstream. This also allows to drop debian/patches/99_autoreconf.patch. + * Switch from cdbs to dh. + * Bump debhelper compatibility level to 8. + * Install documentation using debian/policykit-1.docs. + * Enable gobject introspection support. + - Add Build-Depends on libgirepository1.0-dev (>= 0.9.12), + gobject-introspection (>= 0.9.12-4~) and gir1.2-glib-2.0. + - Add package gir1.2-polkit-1.0 containing the typelib files. + - Install gir files in libpolkit-agent-1-dev.install and + libpolkit-gobject-1-dev.install. + - Call dh_girepository in debian/rules. + + -- Michael Biebl Wed, 23 Feb 2011 19:51:17 +0100 + +policykit-1 (0.99-3) unstable; urgency=low + + * Upload to unstable. + + -- Michael Biebl Thu, 10 Feb 2011 19:21:36 +0100 + +policykit-1 (0.99-2) experimental; urgency=low + + [ Michael Biebl ] + * Merge sudo group changes from unstable branch. + + [ Martin Pitt ] + * debian/rules: Use dpkg-vendor instead of lsb_release. Drop lsb-release + build dependency. + * Add 04_test_signalfd.patch: Allow building on Non-Linux platforms without + signalfd(). (Closes: #602476) + * Add 99_autoreconf.patch: Pick up autoreconf changes from previous patch. + + -- Martin Pitt Mon, 06 Dec 2010 16:28:11 +0100 + +policykit-1 (0.99-1) experimental; urgency=low + + [ Michael Biebl ] + * New upstream release. + * debian/patches/00git-fix-error-freeing.patch + - Remove, fixed upstream. + * debian/patches/00git-pkexec-information-disclosure.patch + - Remove, merged upstream. + * debian/control + - Drop Build-Depends on libeggdbus-1-dev. + - Bump Build-Depends on libglib2.0-dev to (>= 2.25.12) for GDBus. + * Switch to source format 3.0 (quilt). + - Add debian/source/format. + - Drop Build-Depends on quilt. + - Remove /usr/share/cdbs/1/rules/patchsys-quilt.mk from debian/rules. + - Remove debian/README.source. + + [ Robert Ancell ] + * Add debian/patches/02_gettext.patch: Use gettext for translations in + .policy files if they specify a gettext domain. + + [ James Westby ] + * Add debian/patches/03_complete_session.patch: Fix the race that leads to + the password box disappearing, but the dialog remaining. + + [ Martin Pitt ] + * debian/rules: Set DPKG_GENSYMBOLS_CHECK_LEVEL to 4 to point out outdated + .symbols files more strongly. + + -- Michael Biebl Thu, 04 Nov 2010 17:27:09 -0400 + +policykit-1 (0.96-4) unstable; urgency=low + + * debian/rules + - When building for Debian, install a localauthority.conf.d configuration + file which considers "sudo" group users as administrators. + (Closes: #532499) + + -- Michael Biebl Tue, 16 Nov 2010 23:21:50 +0100 + +policykit-1 (0.96-3) unstable; urgency=low + + * debian/control + - Use architecture wildcard linux-any for libselinux1-dev. + - Bump Standards-Version to 3.9.1. + * debian/policykit-1.postinst + - Query D-Bus to find out the correct pid of the process claiming + org.freedesktop.PolicyKit1. This way we do not accidentally kill the + wrong process when being installed in a chroot. (Closes: #595030) + * debian/policykit-1.prerm + - Stop polkitd on remove. (Closes: #595031) + + -- Michael Biebl Thu, 16 Sep 2010 23:27:56 +0200 + +policykit-1 (0.96-2) unstable; urgency=medium + + * Urgency medium, just two small, but important bug fixes. + * Add 00git-pkexec-information-disclosure.patch: Fix information disclosure + vulnerability that allows an attacker to verify whether or not arbitrary + files exist, violating directory permissions. + * 00git-fix-error-freeing.patch: Fix crash when calling CheckAuthorization() + with an invalid PID. (LP: #540464) + + -- Martin Pitt Fri, 09 Apr 2010 12:09:53 +0200 + +policykit-1 (0.96-1) unstable; urgency=low + + * New upstream release. + * debian/libpolkit-backend-1-0.symbols + - Update for new API addition. + + -- Michael Biebl Sat, 16 Jan 2010 00:05:48 +0100 + +policykit-1 (0.95-1) unstable; urgency=low + + * New upstream release. + * Remove patches + - debian/patches/02_dont_export_private_symbols.patch (merged upstream) + - debian/patches/03_path_max.patch (merged upstream) + - debian/patches/04-ref-authority.patch (merged upstream) + - debian/patches/05-pkexec-env.patch (merged upstream) + - debian/patches/99_autoreconf.patch (obsolete) + * debian/control + - Bump Build-Depends on libeggbus-1-dev to (>= 0.6). + * debian/rules + - The example application is no longer built by default so we don't need + to manually remove it anymore. + * debian/libpolkit-{backend,gobject}-1-0.symbols + - Update for new API additions. + + -- Michael Biebl Sat, 14 Nov 2009 05:33:34 +0100 + +policykit-1 (0.94-6) unstable; urgency=low + + * debian/policykit-1.postinst + - Use start-stop-daemon instead of kill+pidof to stop the running polkitd + daemon on upgrades. + * Remove our workaround for kfreebsd again now that eglibc 2.10 has entered + unstable. (Closes: #552605) + + -- Michael Biebl Mon, 09 Nov 2009 01:09:07 +0100 + +policykit-1 (0.94-5) unstable; urgency=low + + * Add debian/patches/04-ref-authority.patch: Ref the instance returned by + polkit_authority_get(), since the documentation says that it needs to be + unref'ed after usage. This fixes crashes in NetworkManager and probably + other programs, too. (LP: #438574, #432452, fd.o #24566) + * Add debian/patches/05-pkexec-env.patch: Add missing comma so that pkexec + saves both LANG and LANGUAGE, not LANGLANGUAGE. (Cherrypicked from trunk) + * Add myself to Uploaders: with Michael's consent. + + -- Martin Pitt Tue, 03 Nov 2009 12:28:09 +0100 + +policykit-1 (0.94-4) unstable; urgency=low + + * debian/patches/03_path_max.patch + - Update patch to fix implicit pointer conversion for + get_current_dir_name. (Closes: #550901) + + -- Michael Biebl Wed, 14 Oct 2009 14:00:40 +0200 + +policykit-1 (0.94-3) unstable; urgency=low + + * debian/patches/03_path_max.patch + - Fix FTBFS on hurd-i386 where PATH_MAX is not defined. (Closes:#550800) + Thanks to Samuel Thibault for the patch. + * debian/policykit-1.postinst: + - Kill the old polkitd daemon on upgrade, to ensure that the new version + will be used at the next occasion. + + -- Michael Biebl Tue, 13 Oct 2009 14:32:25 +0200 + +policykit-1 (0.94-2) unstable; urgency=low + + * Fix build failures on kfreebsd. Add Build-Depends on libfreebsd-dev and + link against -lfreebsd for sysctlnametomib. + When glibc 2.10 enters unstable this workaround can be removed again. + + -- Michael Biebl Tue, 13 Oct 2009 00:29:47 +0200 + +policykit-1 (0.94-1) unstable; urgency=low + + * Rename package to policykit-1. Upstream (at least temporarily) forked + the project to make it installable in parallel with policykit 0.9, until + all programs are ported to the new API. + * Drop all patches except 01_pam_polkit.patch. + * Refresh debian/patches/01_pam_polkit.patch. + * debian/control + - Update Build-Depends + + Drop libdbus-1-dev, libdbus-glib-1-dev. + + Add libeggdbus-1-dev (>= 0.5) and lsb-release. + + Bump libglib2-dev dependency to (>= 2.21.4). + - Update list of binary packages and their package descriptions. + - Drop dependency on adduser. + - Bump Standards-Version to 3.8.3. + + Add README.source which refers to the quilt documentation. + - Update Vcs-* fields. Package is now managed using Git and hosted on + git.debian.org. + * Update shared library structure: libpolkit-{dbus,grant} → + libpolkit-{agent,backend,gobject}-1. + * Rename policykit, policykit-doc → policykit-1, policykit-1-doc. + * Update and revise all *.install files. + * debian/rules, debian/policykit.init: Drop init script, package doesn't use + /var/run any more. + * debian/policykit-1.postinst: Don't create "polkituser" system user, it's + not used any more. + * Update watch file. + * debian/patches/02_dont_export_private_symbols.patch + - Don't export private symbols in the libraries. + * debian/patches/99_autoreconf.patch + - Update the autotools files as the previous patch also touches the build + system. + * Add symbols files for libpolkit-{agent,backend,gobject}-1 for improved + shlibs dependencies. + * debian/rules + - Disable introspection support. + - When building for Ubuntu, install a localauthority.conf.d configuration + file which considers "admin" group users as administrators. + - Don't install example application. + * debian/copyright + - Update copyright holder. + - License was changed to LGPL 2.1+. + + -- Michael Biebl Sun, 27 Sep 2009 21:35:18 +0200 + +policykit (0.9-4) unstable; urgency=low + + * Add support for /var/run being a tmpfs. (Closes: #532101) + - Create /var/run/PolicyKit dynamically on boot by using an init script. + Original patch by Martin Pitt, thanks. Updated patch to only run the + init script in runlevel S at priority 75. + - Do no longer ship /var/run/PolicyKit in the package itself. + * debian/control + - Bump Standards-Version to 3.8.1. + * debian/patches/04_entry_leak.patch + - Plug a memory leak. Patch pulled from Fedora. + * debian/patches/05_manpage_typo_fix.patch + - Fix a small typo in the polkit-auth man page. (Closes: #523565) + * debian/patches/06_no_inotify_or_path_max.patch + - Add support for systems which don't support inotify (like hurd) and + don't use PATH_MAX unconditionally, instead use dynamically growing + buffers. (Closes: #521756) + Patch by Samuel Thibault, thanks. + + -- Michael Biebl Thu, 18 Jun 2009 09:55:34 +0200 + +policykit (0.9-3) unstable; urgency=low + + * Switch patch management system to quilt. + * debian/control + - Wrap Build-Depends. + - Demote Recommends: policykit-gnome to Suggests. (Closes: #513758) + - Bump Build-Depends on debhelper to (>= 7). + * debian/compat + - Bump debhelper compat level to 7. + * debian/rules + - Include debhelper.mk before any other files as recommended by the cdbs + documentation. + * debian/patches/03_consolekit0.3-api.patch + - Try both the ConsoleKit 0.3 and the older 0.2 API, to work with either. + Patch pulled from Ubuntu. + + -- Michael Biebl Wed, 18 Feb 2009 17:25:52 +0100 + +policykit (0.9-2) unstable; urgency=high + + [ Simon McVittie ] + * Add patch committed in Fedora (although not upstream) by the upstream + maintainer, to allow PolicyKit to be used when CVE-2008-4311 has + been fixed in dbus-daemon. (Closes: #510646) + + [ Michael Biebl ] + * debian/control + - Add ${misc:Depends} to all binary packages. + + -- Michael Biebl Wed, 07 Jan 2009 18:18:56 +0100 + +policykit (0.9-1) unstable; urgency=low + + * New upstream release. + * debian/control + - Bump Standards-Version to 3.8.0. No further changes. + + -- Michael Biebl Sun, 03 Aug 2008 10:53:11 +0200 + +policykit (0.8-2) unstable; urgency=low + + * Add symbols files for libpolkit2, libpolkit-grant2 and libpolkit-dbus2. + * debian/policykit.postinst + - Set correct permissions for all files. (Closes: #482064) + - Define a small helper function to apply the permissions. This makes it + more concise and readable. + + -- Michael Biebl Fri, 23 May 2008 04:33:48 +0200 + +policykit (0.8-1) unstable; urgency=medium + + * New upstream release. + - SECURITY - CVE-2008-1658: + Fixes format string vulnerability in the grant helper. (Closes: #476615) + * debian/control + - Add Build-Depends on pkg-config. + + -- Michael Biebl Fri, 18 Apr 2008 01:39:08 +0200 + +policykit (0.7-2) unstable; urgency=low + + * Upload to unstable. + + -- Michael Biebl Fri, 11 Jan 2008 01:02:59 +0100 + +policykit (0.7-1) experimental; urgency=low + + * New upstream release. (Closes: #455874) + * debian/control + - Bump Standards-Version to 3.7.3. No further changes required. + - Add Build-Depends on libdbus-glib-1-dev (>= 0.73). + - Change Homepage URL to http://hal.freedesktop.org/docs/PolicyKit/. + (Closes: #446504) + - Improve package description. (Closes: #446554) + * debian/copyright + - All code is now licensed under the MIT/X11 license. Update the copyright + notice accordingly. + * debian/policykit.dirs + - Add the directory /var/lib/PolicyKit-public. + * debian/policykit.install + - Install the D-Bus config and service files for the PolicyKit system + service. + - Install /var/lib/misc/PolicyKit.reload. + * debian/rules + - Fix the permissions of /var/lib/misc/PolicyKit.reload. + * debian/policykit.postinst + - Use dpkg-statoverride to check for local modifications before setting + the SUID/SGID bits. + + -- Michael Biebl Thu, 20 Dec 2007 18:01:38 +0100 + +policykit (0.6-1) experimental; urgency=low + + * New upstream release. + * debian/control + - Use new "Homepage:" field to specify the upstream URL. + - The Vcs-* fields are now officially supported, so remove the XS- prefix. + - Add a Recommends: policykit-gnome to the policykit package. + - Enable SELinux support by adding a Build-Depends on libselinux1-dev for + all supported platforms. + * debian/policykit.postinst + - Install polkit-grant-helper-pam with the correct permissions. + + -- Michael Biebl Sat, 03 Nov 2007 00:02:33 +0100 + +policykit (0.5-1) experimental; urgency=low + + * Initial release. (Closes: #397087) + + -- Michael Biebl Tue, 02 Oct 2007 22:38:04 +0200 + diff --git a/control b/control new file mode 100644 index 00000000..1d5f7473 --- /dev/null +++ b/control @@ -0,0 +1,138 @@ +Source: policykit-1 +Section: admin +Priority: optional +Maintainer: Utopia Maintenance Team +Uploaders: + Michael Biebl , + Martin Pitt , + Simon McVittie , +Build-Depends: + dbus, + debhelper-compat (= 13), + gobject-introspection (>= 0.9.12-4~), + gtk-doc-tools, + intltool (>= 0.40.0), + libexpat1-dev, + libgirepository1.0-dev (>= 0.9.12), + libglib2.0-dev (>= 2.28.0), + libglib2.0-doc, + libgtk-3-doc, + libpam0g-dev, + libselinux1-dev [linux-any], + libsystemd-dev [linux-any], + pkg-config, + xsltproc, +Rules-Requires-Root: no +Standards-Version: 4.5.0 +Vcs-Git: https://salsa.debian.org/utopia-team/polkit.git +Vcs-Browser: https://salsa.debian.org/utopia-team/polkit +Homepage: https://www.freedesktop.org/wiki/Software/polkit/ + +Package: policykit-1 +Architecture: linux-any +Pre-Depends: + ${misc:Pre-Depends}, +Depends: + dbus, + default-logind | logind, + ${misc:Depends}, + ${shlibs:Depends}, +Multi-Arch: foreign +Description: framework for managing administrative policies and privileges + PolicyKit is an application-level toolkit for defining and handling the policy + that allows unprivileged processes to speak to privileged processes. + . + It is a framework for centralizing the decision making process with respect to + granting access to privileged operations for unprivileged (desktop) + applications. + +Package: policykit-1-doc +Architecture: all +Section: doc +Depends: + ${misc:Depends}, +Suggests: + devhelp, +Description: documentation for PolicyKit-1 + PolicyKit is a toolkit for defining and handling the policy that + allows unprivileged processes to speak to privileged processes. + . + This package contains the API documentation of PolicyKit. + +Package: libpolkit-gobject-1-0 +Architecture: any +Section: libs +Pre-Depends: + ${misc:Pre-Depends}, +Depends: + ${misc:Depends}, + ${shlibs:Depends}, +Multi-Arch: same +Description: PolicyKit Authorization API + PolicyKit is a toolkit for defining and handling the policy that + allows unprivileged processes to speak to privileged processes. + . + This package contains a library for accessing PolicyKit. + +Package: libpolkit-gobject-1-dev +Architecture: any +Section: libdevel +Depends: + gir1.2-polkit-1.0 (= ${binary:Version}), + libglib2.0-dev, + libpolkit-gobject-1-0 (= ${binary:Version}), + ${misc:Depends}, +Description: PolicyKit Authorization API - development files + PolicyKit is a toolkit for defining and handling the policy that + allows unprivileged processes to speak to privileged processes. + . + This package contains the development files for the library found in + libpolkit-gobject-1-0. + +Package: libpolkit-agent-1-0 +Architecture: any +Section: libs +Pre-Depends: + ${misc:Pre-Depends}, +Depends: + ${misc:Depends}, + ${shlibs:Depends}, +Multi-Arch: same +Description: PolicyKit Authentication Agent API + PolicyKit is a toolkit for defining and handling the policy that + allows unprivileged processes to speak to privileged processes. + . + This package contains a library for accessing the authentication agent. + +Package: libpolkit-agent-1-dev +Architecture: any +Section: libdevel +Depends: + gir1.2-polkit-1.0 (= ${binary:Version}), + libpolkit-agent-1-0 (= ${binary:Version}), + libpolkit-gobject-1-dev, + ${misc:Depends}, +Description: PolicyKit Authentication Agent API - development files + PolicyKit is a toolkit for defining and handling the policy that + allows unprivileged processes to speak to privileged processes. + . + This package contains the development files for the library found in + libpolkit-agent-1-0. + +Package: gir1.2-polkit-1.0 +Section: introspection +Architecture: any +Depends: + ${gir:Depends}, + ${misc:Depends}, + ${shlibs:Depends}, +Provides: + gir1.2-polkitagent-1.0 (= ${binary:Version}), +Description: GObject introspection data for PolicyKit + PolicyKit is a toolkit for defining and handling the policy that + allows unprivileged processes to speak to privileged processes. + . + This package contains introspection data for PolicyKit. + . + It can be used by packages using the GIRepository format to generate + dynamic bindings. diff --git a/copyright b/copyright new file mode 100644 index 00000000..219c3c1e --- /dev/null +++ b/copyright @@ -0,0 +1,48 @@ +Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Upstream-Name: polkit +Source: https://www.freedesktop.org/software/polkit/releases/ + +Files: * +Copyright: 2008-2011 Red Hat, Inc. +License: LGPL-2.0+ + +Files: test/* +Copyright: 2011 Google Inc. +License: LGPL-2.0+ + +Files: test/mocklibc/src/* +Copyright: 2011 Google Inc. +License: Apache-2.0 + +License: LGPL-2.0+ + This package is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + . + This package is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + . + You should have received a copy of the GNU General Public License + along with this program. If not, see . + . + On Debian systems, the complete text of the GNU Lesser General + Public License can be found in "/usr/share/common-licenses/LGPL-2". + +License: Apache-2.0 + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + . + http://www.apache.org/licenses/LICENSE-2.0 + . + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + . + On Debian systems, the complete text of the Apache version 2.0 license + can be found in "/usr/share/common-licenses/Apache-2.0" diff --git a/gbp.conf b/gbp.conf new file mode 100644 index 00000000..eb7d2c17 --- /dev/null +++ b/gbp.conf @@ -0,0 +1,5 @@ +[DEFAULT] +pristine-tar = True +debian-branch = master +upstream-vcs-tag = %(version)s +patch-numbers = False diff --git a/gir1.2-polkit-1.0.install b/gir1.2-polkit-1.0.install new file mode 100644 index 00000000..9038727d --- /dev/null +++ b/gir1.2-polkit-1.0.install @@ -0,0 +1 @@ +usr/lib/*/girepository-1.0/ diff --git a/libpolkit-agent-1-0.install b/libpolkit-agent-1-0.install new file mode 100644 index 00000000..155da4ae --- /dev/null +++ b/libpolkit-agent-1-0.install @@ -0,0 +1 @@ +usr/lib/*/libpolkit-agent-1.so.* diff --git a/libpolkit-agent-1-0.symbols b/libpolkit-agent-1-0.symbols new file mode 100644 index 00000000..70a5d847 --- /dev/null +++ b/libpolkit-agent-1-0.symbols @@ -0,0 +1,17 @@ +libpolkit-agent-1.so.0 libpolkit-agent-1-0 #MINVER# +* Build-Depends-Package: libpolkit-agent-1-dev + polkit_agent_listener_get_type@Base 0.94 + polkit_agent_listener_initiate_authentication@Base 0.94 + polkit_agent_listener_initiate_authentication_finish@Base 0.94 + polkit_agent_listener_register@Base 0.99 + polkit_agent_listener_register_with_options@Base 0.105 + polkit_agent_listener_unregister@Base 0.99 + polkit_agent_register_flags_get_type@Base 0.99 + polkit_agent_register_listener@Base 0.94 + polkit_agent_session_cancel@Base 0.94 + polkit_agent_session_get_type@Base 0.94 + polkit_agent_session_initiate@Base 0.94 + polkit_agent_session_new@Base 0.94 + polkit_agent_session_response@Base 0.94 + polkit_agent_text_listener_get_type@Base 0.99 + polkit_agent_text_listener_new@Base 0.99 diff --git a/libpolkit-agent-1-dev.install b/libpolkit-agent-1-dev.install new file mode 100644 index 00000000..e3ec3555 --- /dev/null +++ b/libpolkit-agent-1-dev.install @@ -0,0 +1,5 @@ +usr/include/polkit-1/polkitagent/ +usr/lib/*/libpolkit-agent*.a +usr/lib/*/libpolkit-agent*.so +usr/lib/*/pkgconfig/polkit-agent*.pc +usr/share/gir-1.0/PolkitAgent-1.0.gir diff --git a/libpolkit-gobject-1-0.install b/libpolkit-gobject-1-0.install new file mode 100644 index 00000000..4afe8c35 --- /dev/null +++ b/libpolkit-gobject-1-0.install @@ -0,0 +1 @@ +usr/lib/*/libpolkit-gobject-1.so.* diff --git a/libpolkit-gobject-1-0.symbols b/libpolkit-gobject-1-0.symbols new file mode 100644 index 00000000..f7b9e2c0 --- /dev/null +++ b/libpolkit-gobject-1-0.symbols @@ -0,0 +1,149 @@ +libpolkit-gobject-1.so.0 libpolkit-gobject-1-0 #MINVER# +* Build-Depends-Package: libpolkit-gobject-1-dev + polkit_action_description_get_action_id@Base 0.94 + polkit_action_description_get_annotation@Base 0.94 + polkit_action_description_get_annotation_keys@Base 0.94 + polkit_action_description_get_description@Base 0.94 + polkit_action_description_get_icon_name@Base 0.94 + polkit_action_description_get_implicit_active@Base 0.94 + polkit_action_description_get_implicit_any@Base 0.94 + polkit_action_description_get_implicit_inactive@Base 0.94 + polkit_action_description_get_message@Base 0.94 + polkit_action_description_get_type@Base 0.94 + polkit_action_description_get_vendor_name@Base 0.94 + polkit_action_description_get_vendor_url@Base 0.94 + polkit_action_description_new@Base 0.99 + polkit_action_description_new_for_gvariant@Base 0.99 + polkit_action_description_to_gvariant@Base 0.99 + polkit_authority_authentication_agent_response@Base 0.94 + polkit_authority_authentication_agent_response_finish@Base 0.94 + polkit_authority_authentication_agent_response_sync@Base 0.94 + polkit_authority_check_authorization@Base 0.94 + polkit_authority_check_authorization_finish@Base 0.94 + polkit_authority_check_authorization_sync@Base 0.94 + polkit_authority_enumerate_actions@Base 0.94 + polkit_authority_enumerate_actions_finish@Base 0.94 + polkit_authority_enumerate_actions_sync@Base 0.94 + polkit_authority_enumerate_temporary_authorizations@Base 0.94 + polkit_authority_enumerate_temporary_authorizations_finish@Base 0.94 + polkit_authority_enumerate_temporary_authorizations_sync@Base 0.94 + polkit_authority_features_get_type@Base 0.95 + polkit_authority_get@Base 0.94 + polkit_authority_get_async@Base 0.99 + polkit_authority_get_backend_features@Base 0.95 + polkit_authority_get_backend_name@Base 0.95 + polkit_authority_get_backend_version@Base 0.95 + polkit_authority_get_finish@Base 0.99 + polkit_authority_get_owner@Base 0.99 + polkit_authority_get_sync@Base 0.99 + polkit_authority_get_type@Base 0.94 + polkit_authority_register_authentication_agent@Base 0.94 + polkit_authority_register_authentication_agent_finish@Base 0.94 + polkit_authority_register_authentication_agent_sync@Base 0.94 + polkit_authority_register_authentication_agent_with_options@Base 0.105 + polkit_authority_register_authentication_agent_with_options_finish@Base 0.105 + polkit_authority_register_authentication_agent_with_options_sync@Base 0.105 + polkit_authority_revoke_temporary_authorization_by_id@Base 0.94 + polkit_authority_revoke_temporary_authorization_by_id_finish@Base 0.94 + polkit_authority_revoke_temporary_authorization_by_id_sync@Base 0.94 + polkit_authority_revoke_temporary_authorizations@Base 0.94 + polkit_authority_revoke_temporary_authorizations_finish@Base 0.94 + polkit_authority_revoke_temporary_authorizations_sync@Base 0.94 + polkit_authority_unregister_authentication_agent@Base 0.94 + polkit_authority_unregister_authentication_agent_finish@Base 0.94 + polkit_authority_unregister_authentication_agent_sync@Base 0.94 + polkit_authorization_result_get_details@Base 0.94 + polkit_authorization_result_get_dismissed@Base 0.101 + polkit_authorization_result_get_is_authorized@Base 0.94 + polkit_authorization_result_get_is_challenge@Base 0.94 + polkit_authorization_result_get_retains_authorization@Base 0.94 + polkit_authorization_result_get_temporary_authorization_id@Base 0.94 + polkit_authorization_result_get_type@Base 0.94 + polkit_authorization_result_new@Base 0.94 + polkit_authorization_result_new_for_gvariant@Base 0.99 + polkit_authorization_result_to_gvariant@Base 0.99 + polkit_check_authorization_flags_get_type@Base 0.94 + polkit_details_get_keys@Base 0.94 + polkit_details_get_type@Base 0.94 + polkit_details_insert@Base 0.94 + polkit_details_lookup@Base 0.94 + polkit_details_new@Base 0.94 + polkit_details_new_for_gvariant@Base 0.99 + polkit_details_to_gvariant@Base 0.99 + polkit_error_get_type@Base 0.94 + polkit_error_quark@Base 0.94 + polkit_identity_equal@Base 0.94 + polkit_identity_from_string@Base 0.94 + polkit_identity_get_type@Base 0.94 + polkit_identity_hash@Base 0.94 + polkit_identity_new_for_gvariant@Base 0.99 + polkit_identity_to_gvariant@Base 0.99 + polkit_identity_to_string@Base 0.94 + polkit_implicit_authorization_from_string@Base 0.94 + polkit_implicit_authorization_get_type@Base 0.94 + polkit_implicit_authorization_to_string@Base 0.94 + polkit_permission_get_action_id@Base 0.99 + polkit_permission_get_subject@Base 0.99 + polkit_permission_get_type@Base 0.99 + polkit_permission_new@Base 0.99 + polkit_permission_new_finish@Base 0.99 + polkit_permission_new_sync@Base 0.99 + polkit_subject_equal@Base 0.94 + polkit_subject_exists@Base 0.94 + polkit_subject_exists_finish@Base 0.94 + polkit_subject_exists_sync@Base 0.94 + polkit_subject_from_string@Base 0.94 + polkit_subject_get_type@Base 0.94 + polkit_subject_hash@Base 0.94 + polkit_subject_new_for_gvariant@Base 0.99 + polkit_subject_to_gvariant@Base 0.99 + polkit_subject_to_string@Base 0.94 + polkit_system_bus_name_get_name@Base 0.94 + polkit_system_bus_name_get_process_sync@Base 0.95 + polkit_system_bus_name_get_type@Base 0.94 + polkit_system_bus_name_get_user_sync@Base 0.105-12~ + polkit_system_bus_name_new@Base 0.94 + polkit_system_bus_name_set_name@Base 0.94 + polkit_temporary_authorization_get_action_id@Base 0.94 + polkit_temporary_authorization_get_id@Base 0.94 + polkit_temporary_authorization_get_subject@Base 0.94 + polkit_temporary_authorization_get_time_expires@Base 0.94 + polkit_temporary_authorization_get_time_obtained@Base 0.94 + polkit_temporary_authorization_get_type@Base 0.94 + polkit_temporary_authorization_new@Base 0.94 + polkit_temporary_authorization_new_for_gvariant@Base 0.99 + polkit_temporary_authorization_to_gvariant@Base 0.99 + polkit_unix_group_get_gid@Base 0.94 + polkit_unix_group_get_type@Base 0.94 + polkit_unix_group_new@Base 0.94 + polkit_unix_group_new_for_name@Base 0.94 + polkit_unix_group_set_gid@Base 0.94 + polkit_unix_netgroup_get_name@Base 0.104 + polkit_unix_netgroup_get_type@Base 0.104 + polkit_unix_netgroup_new@Base 0.104 + polkit_unix_netgroup_set_name@Base 0.104 + polkit_unix_process_get_owner@Base 0.94 + polkit_unix_process_get_pid@Base 0.94 + polkit_unix_process_get_racy_uid__@Base 0.105-21~ + polkit_unix_process_get_start_time@Base 0.94 + polkit_unix_process_get_type@Base 0.94 + polkit_unix_process_get_uid@Base 0.101 + polkit_unix_process_new@Base 0.94 + polkit_unix_process_new_for_owner@Base 0.101 + polkit_unix_process_new_full@Base 0.94 + polkit_unix_process_set_pid@Base 0.94 + polkit_unix_process_set_start_time@Base 0.101 + polkit_unix_process_set_uid@Base 0.101 + polkit_unix_session_get_session_id@Base 0.94 + polkit_unix_session_get_type@Base 0.94 + polkit_unix_session_new@Base 0.94 + polkit_unix_session_new_for_process@Base 0.94 + polkit_unix_session_new_for_process_finish@Base 0.94 + polkit_unix_session_new_for_process_sync@Base 0.94 + polkit_unix_session_set_session_id@Base 0.94 + polkit_unix_user_get_name@Base 0.104 + polkit_unix_user_get_type@Base 0.94 + polkit_unix_user_get_uid@Base 0.94 + polkit_unix_user_new@Base 0.94 + polkit_unix_user_new_for_name@Base 0.94 + polkit_unix_user_set_uid@Base 0.94 diff --git a/libpolkit-gobject-1-dev.install b/libpolkit-gobject-1-dev.install new file mode 100644 index 00000000..e571609d --- /dev/null +++ b/libpolkit-gobject-1-dev.install @@ -0,0 +1,5 @@ +usr/include/polkit-1/polkit/ +usr/lib/*/libpolkit-gobject*.a +usr/lib/*/libpolkit-gobject*.so +usr/lib/*/pkgconfig/polkit-gobject*.pc +usr/share/gir-1.0/Polkit-1.0.gir diff --git a/patches/0.106/agenthelper-pam-Fix-newline-trimming-code.patch b/patches/0.106/agenthelper-pam-Fix-newline-trimming-code.patch new file mode 100644 index 00000000..0515b535 --- /dev/null +++ b/patches/0.106/agenthelper-pam-Fix-newline-trimming-code.patch @@ -0,0 +1,43 @@ +From: Colin Walters +Date: Wed, 6 Jun 2012 09:05:14 -0400 +Subject: agenthelper-pam: Fix newline-trimming code + +First, we were using == instead of =, as the author probably intended. +But after changing that, we're now assigning to const memory. Fix +that by writing to a temporary string buffer. + +Signed-off-by: David Zeuthen +Origin: upstream, 0.106, commit:14121fda7e4fa9463c66ce419cc32be7e7f3b535 +--- + src/polkitagent/polkitagenthelper-pam.c | 11 ++++++++--- + 1 file changed, 8 insertions(+), 3 deletions(-) + +diff --git a/src/polkitagent/polkitagenthelper-pam.c b/src/polkitagent/polkitagenthelper-pam.c +index 85a2671..7af5321 100644 +--- a/src/polkitagent/polkitagenthelper-pam.c ++++ b/src/polkitagent/polkitagenthelper-pam.c +@@ -227,6 +227,8 @@ conversation_function (int n, const struct pam_message **msg, struct pam_respons + char buf[PAM_MAX_RESP_SIZE]; + int i; + gchar *escaped = NULL; ++ gchar *tmp = NULL; ++ size_t len; + + data = data; + if (n <= 0 || n > PAM_MAX_NUM_MSG) +@@ -258,9 +260,12 @@ conversation_function (int n, const struct pam_message **msg, struct pam_respons + #ifdef PAH_DEBUG + fprintf (stderr, "polkit-agent-helper-1: writing `%s' to stdout\n", msg[i]->msg); + #endif /* PAH_DEBUG */ +- if (strlen (msg[i]->msg) > 0 && msg[i]->msg[strlen (msg[i]->msg) - 1] == '\n') +- msg[i]->msg[strlen (msg[i]->msg) - 1] == '\0'; +- escaped = g_strescape (msg[i]->msg, NULL); ++ tmp = g_strdup (msg[i]->msg); ++ len = strlen (tmp); ++ if (len > 0 && tmp[len - 1] == '\n') ++ tmp[len - 1] = '\0'; ++ escaped = g_strescape (tmp, NULL); ++ g_free (tmp); + fputs (escaped, stdout); + g_free (escaped); + #ifdef PAH_DEBUG diff --git a/patches/0.107/Try-harder-to-look-up-the-right-localization.patch b/patches/0.107/Try-harder-to-look-up-the-right-localization.patch new file mode 100644 index 00000000..e4ebca9b --- /dev/null +++ b/patches/0.107/Try-harder-to-look-up-the-right-localization.patch @@ -0,0 +1,53 @@ +From: Matthias Clasen +Date: Wed, 27 Jun 2012 20:28:00 -0400 +Subject: Try harder to look up the right localization + +The code for looking up localized strings for action descriptions +was manually trying to break locale names into pieces, but didn't +get it right for e.g. zh_CN.utf-8. Instead, use the GLib function +g_get_locale_variants(), which handles this (and more). This fixes +the translation problem reported in +https://bugzilla.gnome.org/show_bug.cgi?id=665497 + +Signed-off-by: David Zeuthen +(cherry picked from commit facadfb5c8c52ba45fd20ffe3b6d3ddd4208a427) +--- + src/polkitbackend/polkitbackendactionpool.c | 16 +++++++--------- + 1 file changed, 7 insertions(+), 9 deletions(-) + +diff --git a/src/polkitbackend/polkitbackendactionpool.c b/src/polkitbackend/polkitbackendactionpool.c +index e3ed38d..0af0010 100644 +--- a/src/polkitbackend/polkitbackendactionpool.c ++++ b/src/polkitbackend/polkitbackendactionpool.c +@@ -1108,7 +1108,7 @@ _localize (GHashTable *translations, + const gchar *lang) + { + const gchar *result; +- gchar lang2[256]; ++ gchar **langs; + guint n; + + if (lang == NULL) +@@ -1123,16 +1123,14 @@ _localize (GHashTable *translations, + goto out; + + /* we could have a translation for 'da' but lang=='da_DK'; cut off the last part and try again */ +- strncpy (lang2, lang, sizeof (lang2)); +- for (n = 0; lang2[n] != '\0'; n++) ++ langs = g_get_locale_variants (lang); ++ for (n = 0; langs[n] != NULL; n++) + { +- if (lang2[n] == '_') +- { +- lang2[n] = '\0'; +- break; +- } ++ result = (const char *) g_hash_table_lookup (translations, (void *) langs[n]); ++ if (result != NULL) ++ break; + } +- result = (const char *) g_hash_table_lookup (translations, (void *) lang2); ++ g_strfreev (langs); + if (result != NULL) + goto out; + diff --git a/patches/0.108/PolkitAgent-Avoid-crashing-if-initializing-the-server-obj.patch b/patches/0.108/PolkitAgent-Avoid-crashing-if-initializing-the-server-obj.patch new file mode 100644 index 00000000..ecd74a53 --- /dev/null +++ b/patches/0.108/PolkitAgent-Avoid-crashing-if-initializing-the-server-obj.patch @@ -0,0 +1,33 @@ +From: Adam Jackson +Date: Tue, 9 Oct 2012 14:08:24 -0400 +Subject: PolkitAgent: Avoid crashing if initializing the server object fails + +Note that otherwise we return a freed server object. Since later in +polkit_agent_listener_register_with_options we check against NULL to +determine failure, this makes for sad times later when we call +server_free() on it again. + +Signed-off-by: David Zeuthen +Origin: 0.108, commit:59f2d96ce3ac63173669f299a9453a7bf5e70a70 +Bug: https://bugs.freedesktop.org/show_bug.cgi?id=55776 +Bug-Debian: https://bugs.debian.org/923046 +--- + src/polkitagent/polkitagentlistener.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/src/polkitagent/polkitagentlistener.c b/src/polkitagent/polkitagentlistener.c +index 0d97501..5bddd03 100644 +--- a/src/polkitagent/polkitagentlistener.c ++++ b/src/polkitagent/polkitagentlistener.c +@@ -260,10 +260,9 @@ server_new (PolkitSubject *subject, + if (!server_init_sync (server, cancellable, error)) + { + server_free (server); +- goto out; ++ return NULL; + } + +- out: + return server; + } + diff --git a/patches/0.108/build-Fix-.gir-generation-for-parallel-make.patch b/patches/0.108/build-Fix-.gir-generation-for-parallel-make.patch new file mode 100644 index 00000000..58f6fbbd --- /dev/null +++ b/patches/0.108/build-Fix-.gir-generation-for-parallel-make.patch @@ -0,0 +1,41 @@ +From: Ryan Lortie +Date: Tue, 13 Nov 2012 11:50:14 -0500 +Subject: build: Fix .gir generation for parallel make + +As per the intructions in the introspection Makefile, we should have a +line declaring a dependency between the .gir and .la files. + +Bug: https://bugs.freedesktop.org/show_bug.cgi?id=57077 +Signed-off-by: David Zeuthen +Bug-Debian: https://bugs.debian.org/894205 +--- + src/polkit/Makefile.am | 2 ++ + src/polkitagent/Makefile.am | 2 ++ + 2 files changed, 4 insertions(+) + +diff --git a/src/polkit/Makefile.am b/src/polkit/Makefile.am +index 1068ea1..41ccf5c 100644 +--- a/src/polkit/Makefile.am ++++ b/src/polkit/Makefile.am +@@ -106,6 +106,8 @@ if HAVE_INTROSPECTION + + INTROSPECTION_GIRS = Polkit-1.0.gir + ++Polkit-1.0.gir: libpolkit-gobject-1.la ++ + girdir = $(INTROSPECTION_GIRDIR) + gir_DATA = Polkit-1.0.gir + +diff --git a/src/polkitagent/Makefile.am b/src/polkitagent/Makefile.am +index e8c9fb1..7b51137 100644 +--- a/src/polkitagent/Makefile.am ++++ b/src/polkitagent/Makefile.am +@@ -106,6 +106,8 @@ if HAVE_INTROSPECTION + girdir = $(INTROSPECTION_GIRDIR) + gir_DATA = PolkitAgent-1.0.gir + ++PolkitAgent-1.0.gir: libpolkit-agent-1.la ++ + typelibsdir = $(INTROSPECTION_TYPELIBDIR) + typelibs_DATA = PolkitAgent-1.0.typelib + diff --git a/patches/0.110/04_get_cwd.patch b/patches/0.110/04_get_cwd.patch new file mode 100644 index 00000000..acaa68d5 --- /dev/null +++ b/patches/0.110/04_get_cwd.patch @@ -0,0 +1,40 @@ +From: Emilio Pozuelo Monfort +Date: Sat, 26 Mar 2011 07:28:14 +0000 +Subject: Fix build on GNU Hurd + +Bug: https://bugs.freedesktop.org/show_bug.cgi?id=35685 +Applied-upstream: 0.110, commit:d6de13e12379826af8ca9355a32da48707b9831f +--- + src/programs/pkexec.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c +index 7fafa14..682fe95 100644 +--- a/src/programs/pkexec.c ++++ b/src/programs/pkexec.c +@@ -53,7 +53,7 @@ + #include + + static gchar *original_user_name = NULL; +-static gchar original_cwd[PATH_MAX]; ++static gchar *original_cwd; + static gchar *command_line = NULL; + static struct passwd *pw; + +@@ -465,7 +465,7 @@ main (int argc, char *argv[]) + goto out; + } + +- if (getcwd (original_cwd, sizeof (original_cwd)) == NULL) ++ if ((original_cwd = g_get_current_dir ()) == NULL) + { + g_printerr ("Error getting cwd: %s\n", + g_strerror (errno)); +@@ -953,6 +953,7 @@ main (int argc, char *argv[]) + g_ptr_array_free (saved_env, TRUE); + } + ++ g_free (original_cwd); + g_free (path); + g_free (command_line); + g_free (opt_user); diff --git a/patches/0.110/07_set-XAUTHORITY-environment-variable-if-unset.patch b/patches/0.110/07_set-XAUTHORITY-environment-variable-if-unset.patch new file mode 100644 index 00000000..1ddf78ca --- /dev/null +++ b/patches/0.110/07_set-XAUTHORITY-environment-variable-if-unset.patch @@ -0,0 +1,58 @@ +From: David Zeuthen +Date: Wed, 19 Dec 2012 14:28:29 -0500 +Subject: Set XAUTHORITY environment variable if is unset + +The way it works is that if XAUTHORITY is unset, then its default +value is $HOME/.Xauthority. But since we're changing user identity +this will not work since $HOME will now change. Therefore, if +XAUTHORITY is unset, just set its default value before changing +identity. This bug only affected login managers using X Window +Authorization but not explicitly setting the XAUTHORITY variable. + +You can argue that XAUTHORITY is broken since it forces uid-changing +apps like pkexec(1) to do more work - and get involved in intimate +details of how X works and so on - but that doesn't change how things +work. + +Based on a patch from Peter Wu . + +Bug: https://bugs.freedesktop.org/show_bug.cgi?id=51623 +Signed-off-by: David Zeuthen +Origin: upstream, 0.110, commit:d6acecdd0ebb42e28ff28e04e0207cb01fa20910 +--- + src/programs/pkexec.c | 22 ++++++++++++++++++++++ + 1 file changed, 22 insertions(+) + +diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c +index 373977b..7fafa14 100644 +--- a/src/programs/pkexec.c ++++ b/src/programs/pkexec.c +@@ -597,6 +597,28 @@ main (int argc, char *argv[]) + g_ptr_array_add (saved_env, g_strdup (value)); + } + ++ /* $XAUTHORITY is "special" - if unset, we need to set it to ~/.Xauthority. Yes, ++ * this is broken but it's unfortunately how things work (see fdo #51623 for ++ * details) ++ */ ++ if (g_getenv ("XAUTHORITY") == NULL) ++ { ++ const gchar *home; ++ ++ /* pre-2.36 GLib does not examine $HOME (it always looks in /etc/passwd) and ++ * this is not what we want ++ */ ++ home = g_getenv ("HOME"); ++ if (home == NULL) ++ home = g_get_home_dir (); ++ ++ if (home != NULL) ++ { ++ g_ptr_array_add (saved_env, g_strdup ("XAUTHORITY")); ++ g_ptr_array_add (saved_env, g_build_filename (home, ".Xauthority", NULL)); ++ } ++ } ++ + /* Nuke the environment to get a well-known and sanitized environment to avoid attacks + * via e.g. the DBUS_SYSTEM_BUS_ADDRESS environment variable and similar. + */ diff --git a/patches/0.111/09_pam_environment.patch b/patches/0.111/09_pam_environment.patch new file mode 100644 index 00000000..793efee6 --- /dev/null +++ b/patches/0.111/09_pam_environment.patch @@ -0,0 +1,43 @@ +From: Steve Langasek +Date: Fri, 8 Mar 2013 12:00:00 +0100 +Subject: pkexec: Set process environment from pam_getenvlist() + +Various pam modules provide environment variables that are intended to be set +in the environment of the pam session. pkexec needs to process the output of +pam_getenvlist() to get these. + +Bug: https://bugs.freedesktop.org/show_bug.cgi?id=62016 +Applied-upstream: 0.111, commit:5aef9722c15a350fbf8b20a3b58419f156cc7c98 +Bug-Ubuntu: https://bugs.launchpad.net/bugs/982684 +--- + src/programs/pkexec.c | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c +index 682fe95..9a0570a 100644 +--- a/src/programs/pkexec.c ++++ b/src/programs/pkexec.c +@@ -145,6 +145,7 @@ open_session (const gchar *user_to_auth) + gboolean ret; + gint rc; + pam_handle_t *pam_h; ++ char **envlist; + struct pam_conv conversation; + + ret = FALSE; +@@ -176,6 +177,15 @@ open_session (const gchar *user_to_auth) + + ret = TRUE; + ++ envlist = pam_getenvlist (pam_h); ++ if (envlist != NULL) ++ { ++ guint n; ++ for (n = 0; envlist[n]; n++) ++ putenv (envlist[n]); ++ free (envlist); ++ } ++ + out: + if (pam_h != NULL) + pam_end (pam_h, rc); diff --git a/patches/0.111/Add-a-FIXME-to-polkitprivate.h.patch b/patches/0.111/Add-a-FIXME-to-polkitprivate.h.patch new file mode 100644 index 00000000..10717549 --- /dev/null +++ b/patches/0.111/Add-a-FIXME-to-polkitprivate.h.patch @@ -0,0 +1,32 @@ +From: =?utf-8?q?Miloslav_Trma=C4=8D?= +Date: Thu, 18 Apr 2013 19:54:59 +0200 +Subject: Add a FIXME to polkitprivate.h + +See discussion in https://bugs.freedesktop.org/show_bug.cgi?id=63573 . + +Origin: upstream, 0.111, commit:18d97c95c022bb381efab8fb6ac80312bd7fbc11 +--- + src/polkit/polkitprivate.h | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git a/src/polkit/polkitprivate.h b/src/polkit/polkitprivate.h +index 579cc25..7f5c463 100644 +--- a/src/polkit/polkitprivate.h ++++ b/src/polkit/polkitprivate.h +@@ -28,6 +28,16 @@ + #include "polkitauthorizationresult.h" + #include "polkittemporaryauthorization.h" + ++/* FIXME: This header file is currently installed among other public header ++ files, and the symbols are exported in the shared library. ++ ++ For application writers: relying on any function here is strongly ++ discouraged. ++ ++ For polkit maintainers: This should be made private if a large ABI break ++ were necessary in the future. In the meantime, consider that there is ++ non-zero risk that changing these functions might break some applications. */ ++ + PolkitActionDescription *polkit_action_description_new_for_gvariant (GVariant *value); + GVariant *polkit_action_description_to_gvariant (PolkitActionDescription *action_description); + diff --git a/patches/0.111/Fix-a-memory-leak.patch b/patches/0.111/Fix-a-memory-leak.patch new file mode 100644 index 00000000..9aa66bf4 --- /dev/null +++ b/patches/0.111/Fix-a-memory-leak.patch @@ -0,0 +1,22 @@ +From: =?utf-8?q?Miloslav_Trma=C4=8D?= +Date: Tue, 7 May 2013 22:30:25 +0200 +Subject: Fix a memory leak + +Bug: https://bugs.freedesktop.org/show_bug.cgi?id=64336 +Origin: upstream, 0.111, commit:d7b6ab40b586c255c49aba22f558eb6602c88b1e +--- + src/polkitagent/polkitagenthelper-pam.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/polkitagent/polkitagenthelper-pam.c b/src/polkitagent/polkitagenthelper-pam.c +index 7af5321..292abbe 100644 +--- a/src/polkitagent/polkitagenthelper-pam.c ++++ b/src/polkitagent/polkitagenthelper-pam.c +@@ -321,6 +321,7 @@ error: + } + } + memset (aresp, 0, n * sizeof *aresp); ++ free (aresp); + *resp = NULL; + return PAM_CONV_ERR; + } diff --git a/patches/0.112/00git_type_registration.patch b/patches/0.112/00git_type_registration.patch new file mode 100644 index 00000000..3936801f --- /dev/null +++ b/patches/0.112/00git_type_registration.patch @@ -0,0 +1,118 @@ +From: Tomas Bzatek +Date: Wed, 29 May 2013 13:45:31 +0000 +Subject: Use GOnce for interface type registration + +Static local variable may not be enough since it doesn't provide locking. + +Related to these udisksd warnings: + GLib-GObject-WARNING **: cannot register existing type `PolkitSubject' + +Thanks to Hans de Goede for spotting this! + +Bug: https://bugs.freedesktop.org/show_bug.cgi?id=65130 +Origin: upstream, 0.112, commit:20ad116a6582e57d20f9d8197758947918753a4c +--- + src/polkit/polkitidentity.c | 10 ++++++---- + src/polkit/polkitsubject.c | 10 ++++++---- + src/polkitbackend/polkitbackendactionlookup.c | 10 ++++++---- + 3 files changed, 18 insertions(+), 12 deletions(-) + +diff --git a/src/polkit/polkitidentity.c b/src/polkit/polkitidentity.c +index dd15b2f..7813c2c 100644 +--- a/src/polkit/polkitidentity.c ++++ b/src/polkit/polkitidentity.c +@@ -49,9 +49,9 @@ base_init (gpointer g_iface) + GType + polkit_identity_get_type (void) + { +- static GType iface_type = 0; ++ static volatile gsize g_define_type_id__volatile = 0; + +- if (iface_type == 0) ++ if (g_once_init_enter (&g_define_type_id__volatile)) + { + static const GTypeInfo info = + { +@@ -67,12 +67,14 @@ polkit_identity_get_type (void) + NULL /* value_table */ + }; + +- iface_type = g_type_register_static (G_TYPE_INTERFACE, "PolkitIdentity", &info, 0); ++ GType iface_type = ++ g_type_register_static (G_TYPE_INTERFACE, "PolkitIdentity", &info, 0); + + g_type_interface_add_prerequisite (iface_type, G_TYPE_OBJECT); ++ g_once_init_leave (&g_define_type_id__volatile, iface_type); + } + +- return iface_type; ++ return g_define_type_id__volatile; + } + + /** +diff --git a/src/polkit/polkitsubject.c b/src/polkit/polkitsubject.c +index d2c4c20..aed5795 100644 +--- a/src/polkit/polkitsubject.c ++++ b/src/polkit/polkitsubject.c +@@ -50,9 +50,9 @@ base_init (gpointer g_iface) + GType + polkit_subject_get_type (void) + { +- static GType iface_type = 0; ++ static volatile gsize g_define_type_id__volatile = 0; + +- if (iface_type == 0) ++ if (g_once_init_enter (&g_define_type_id__volatile)) + { + static const GTypeInfo info = + { +@@ -68,12 +68,14 @@ polkit_subject_get_type (void) + NULL /* value_table */ + }; + +- iface_type = g_type_register_static (G_TYPE_INTERFACE, "PolkitSubject", &info, 0); ++ GType iface_type = ++ g_type_register_static (G_TYPE_INTERFACE, "PolkitSubject", &info, 0); + + g_type_interface_add_prerequisite (iface_type, G_TYPE_OBJECT); ++ g_once_init_leave (&g_define_type_id__volatile, iface_type); + } + +- return iface_type; ++ return g_define_type_id__volatile; + } + + /** +diff --git a/src/polkitbackend/polkitbackendactionlookup.c b/src/polkitbackend/polkitbackendactionlookup.c +index 5a1a228..20747e7 100644 +--- a/src/polkitbackend/polkitbackendactionlookup.c ++++ b/src/polkitbackend/polkitbackendactionlookup.c +@@ -74,9 +74,9 @@ base_init (gpointer g_iface) + GType + polkit_backend_action_lookup_get_type (void) + { +- static GType iface_type = 0; ++ static volatile gsize g_define_type_id__volatile = 0; + +- if (iface_type == 0) ++ if (g_once_init_enter (&g_define_type_id__volatile)) + { + static const GTypeInfo info = + { +@@ -92,12 +92,14 @@ polkit_backend_action_lookup_get_type (void) + NULL /* value_table */ + }; + +- iface_type = g_type_register_static (G_TYPE_INTERFACE, "PolkitBackendActionLookup", &info, 0); ++ GType iface_type = ++ g_type_register_static (G_TYPE_INTERFACE, "PolkitBackendActionLookup", &info, 0); + + g_type_interface_add_prerequisite (iface_type, G_TYPE_OBJECT); ++ g_once_init_leave (&g_define_type_id__volatile, iface_type); + } + +- return iface_type; ++ return g_define_type_id__volatile; + } + + /** diff --git a/patches/0.112/08_deprecate_racy_APIs.patch b/patches/0.112/08_deprecate_racy_APIs.patch new file mode 100644 index 00000000..725a44a2 --- /dev/null +++ b/patches/0.112/08_deprecate_racy_APIs.patch @@ -0,0 +1,27 @@ +From: Colin Walters +Date: Tue, 20 Aug 2013 15:15:31 -0400 +Subject: polkitunixprocess: Deprecate racy APIs + +It's only safe for processes to be created with their owning uid, +(without kernel support, which we don't have). Anything else is +subject to clients exec()ing setuid binaries after the fact. + +Origin: upstream, 0.112, commit:08291789a1f99d4ab29c74c39344304bcca43023 +--- + src/polkit/polkitunixprocess.h | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/polkit/polkitunixprocess.h b/src/polkit/polkitunixprocess.h +index 531a57d..f5ed1a7 100644 +--- a/src/polkit/polkitunixprocess.h ++++ b/src/polkit/polkitunixprocess.h +@@ -47,7 +47,9 @@ typedef struct _PolkitUnixProcess PolkitUnixProcess; + typedef struct _PolkitUnixProcessClass PolkitUnixProcessClass; + + GType polkit_unix_process_get_type (void) G_GNUC_CONST; ++G_GNUC_DEPRECATED_FOR(polkit_unix_process_new_for_owner) + PolkitSubject *polkit_unix_process_new (gint pid); ++G_GNUC_DEPRECATED_FOR(polkit_unix_process_new_for_owner) + PolkitSubject *polkit_unix_process_new_full (gint pid, + guint64 start_time); + PolkitSubject *polkit_unix_process_new_for_owner (gint pid, diff --git a/patches/0.112/cve-2013-4288.patch b/patches/0.112/cve-2013-4288.patch new file mode 100644 index 00000000..207bcf04 --- /dev/null +++ b/patches/0.112/cve-2013-4288.patch @@ -0,0 +1,116 @@ +From: Colin Walters +Date: Mon, 19 Aug 2013 12:16:11 -0400 +Subject: pkcheck: Support --process=pid,start-time,uid syntax too + +The uid is a new addition; this allows callers such as libvirt to +close a race condition in reading the uid of the process talking to +them. They can read it via getsockopt(SO_PEERCRED) or equivalent, +rather than having pkcheck look at /proc later after the fact. + +Programs which invoke pkcheck but need to know beforehand (i.e. at +compile time) whether or not it supports passing the uid can +use: + +pkcheck_supports_uid=$($PKG_CONFIG --variable pkcheck_supports_uid polkit-gobject-1) +test x$pkcheck_supports_uid = xyes + +Origin: upstream, 0.112, commit:3968411b0c7ba193f9b9276ec911692aec248608 +--- + data/polkit-gobject-1.pc.in | 3 +++ + docs/man/pkcheck.xml | 29 ++++++++++++++++++++--------- + src/programs/pkcheck.c | 7 ++++++- + 3 files changed, 29 insertions(+), 10 deletions(-) + +diff --git a/data/polkit-gobject-1.pc.in b/data/polkit-gobject-1.pc.in +index c39677d..5c4c620 100644 +--- a/data/polkit-gobject-1.pc.in ++++ b/data/polkit-gobject-1.pc.in +@@ -11,3 +11,6 @@ Version: @VERSION@ + Libs: -L${libdir} -lpolkit-gobject-1 + Cflags: -I${includedir}/polkit-1 + Requires: gio-2.0 >= 2.18 glib-2.0 >= 2.18 ++# Programs using pkcheck can use this to determine ++# whether or not it can be passed a uid. ++pkcheck_supports_uid=true +diff --git a/docs/man/pkcheck.xml b/docs/man/pkcheck.xml +index 6b8a874..508447e 100644 +--- a/docs/man/pkcheck.xml ++++ b/docs/man/pkcheck.xml +@@ -55,6 +55,9 @@ + + pid,pid-start-time + ++ ++ pid,pid-start-time,uid ++ + + + +@@ -90,7 +93,7 @@ + DESCRIPTION + + pkcheck is used to check whether a process, specified by +- either or , ++ either (see below) or , + is authorized for action. The + option can be used zero or more times to pass details about action. + If is passed, pkcheck blocks +@@ -160,17 +163,25 @@ KEY3=VALUE3 + + NOTES + +- Since process identifiers can be recycled, the caller should always use +- pid,pid-start-time to specify the process +- to check for authorization when using the option. +- The value of pid-start-time +- can be determined by consulting e.g. the ++ Do not use either the bare pid or ++ pid,start-time syntax forms for ++ . There are race conditions in both. ++ New code should always use ++ pid,pid-start-time,uid. The value of ++ start-time can be determined by ++ consulting e.g. the + + proc5 + +- file system depending on the operating system. If only pid +- is passed to the option, then pkcheck +- will look up the start time itself but note that this may be racy. ++ file system depending on the operating system. If fewer than 3 ++ arguments are passed, pkcheck will attempt to ++ look up them up internally, but note that this may be racy. ++ ++ ++ If your program is a daemon with e.g. a custom Unix domain ++ socket, you should determine the uid ++ parameter via operating system mechanisms such as ++ PEERCRED. + + + +diff --git a/src/programs/pkcheck.c b/src/programs/pkcheck.c +index 719a36c..057e926 100644 +--- a/src/programs/pkcheck.c ++++ b/src/programs/pkcheck.c +@@ -372,6 +372,7 @@ main (int argc, char *argv[]) + else if (g_strcmp0 (argv[n], "--process") == 0 || g_strcmp0 (argv[n], "-p") == 0) + { + gint pid; ++ guint uid; + guint64 pid_start_time; + + n++; +@@ -381,7 +382,11 @@ main (int argc, char *argv[]) + goto out; + } + +- if (sscanf (argv[n], "%i,%" G_GUINT64_FORMAT, &pid, &pid_start_time) == 2) ++ if (sscanf (argv[n], "%i,%" G_GUINT64_FORMAT ",%u", &pid, &pid_start_time, &uid) == 3) ++ { ++ subject = polkit_unix_process_new_for_owner (pid, pid_start_time, uid); ++ } ++ else if (sscanf (argv[n], "%i,%" G_GUINT64_FORMAT, &pid, &pid_start_time) == 2) + { + subject = polkit_unix_process_new_full (pid, pid_start_time); + } diff --git a/patches/0.113/00git_fix_memleak.patch b/patches/0.113/00git_fix_memleak.patch new file mode 100644 index 00000000..4283345a --- /dev/null +++ b/patches/0.113/00git_fix_memleak.patch @@ -0,0 +1,26 @@ +From: "Max A. Dednev" +Date: Sun, 11 Jan 2015 20:00:44 -0500 +Subject: authority: Fix memory leak in EnumerateActions call results handler + +Policykit-1 doesn't release reference counters of GVariant data for +org.freedesktop.PolicyKit1.Authority.EnumerateActions dbus call. This +patch fixed reference counting and following memory leak. + +Bug: https://bugs.freedesktop.org/show_bug.cgi?id=88288 +Origin: upstream, 0.113, commit:f4d71e0de885010494b8b0b8d62ca910011d7544 +--- + src/polkit/polkitauthority.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/src/polkit/polkitauthority.c b/src/polkit/polkitauthority.c +index 9947cf3..84dab72 100644 +--- a/src/polkit/polkitauthority.c ++++ b/src/polkit/polkitauthority.c +@@ -715,7 +715,6 @@ polkit_authority_enumerate_actions_finish (PolkitAuthority *authority, + while ((child = g_variant_iter_next_value (&iter)) != NULL) + { + ret = g_list_prepend (ret, polkit_action_description_new_for_gvariant (child)); +- g_variant_ref_sink (child); + g_variant_unref (child); + } + ret = g_list_reverse (ret); diff --git a/patches/0.113/00git_invalid_object_paths.patch b/patches/0.113/00git_invalid_object_paths.patch new file mode 100644 index 00000000..088d170a --- /dev/null +++ b/patches/0.113/00git_invalid_object_paths.patch @@ -0,0 +1,116 @@ +From: Colin Walters +Date: Sat, 30 May 2015 09:06:23 -0400 +Subject: CVE-2015-3218: backend: Handle invalid object paths in + RegisterAuthenticationAgent +MIME-Version: 1.0 +Content-Type: text/plain; charset="utf-8" +Content-Transfer-Encoding: 8bit + +Properly propagate the error, otherwise we dereference a `NULL` +pointer. This is a local, authenticated DoS. + +`RegisterAuthenticationAgentWithOptions` and +`UnregisterAuthentication` have been validated to not need changes for +this. + +http://lists.freedesktop.org/archives/polkit-devel/2015-May/000420.html + +Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90829 +Bug-Debian: https://bugs.debian.org/787932 +Reported-by: Tavis Ormandy +Reviewed-by: Philip Withnall +Reviewed-by: Miloslav Trmač +Signed-off-by: Colin Walters +Origin: upstream, 0.113, commit:48e646918efb2bf0b3b505747655726d7869f31c +--- + .../polkitbackendinteractiveauthority.c | 53 ++++++++++++---------- + 1 file changed, 30 insertions(+), 23 deletions(-) + +diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c +index b237e9d..25e13fb 100644 +--- a/src/polkitbackend/polkitbackendinteractiveauthority.c ++++ b/src/polkitbackend/polkitbackendinteractiveauthority.c +@@ -1558,36 +1558,42 @@ authentication_agent_new (PolkitSubject *scope, + const gchar *unique_system_bus_name, + const gchar *locale, + const gchar *object_path, +- GVariant *registration_options) ++ GVariant *registration_options, ++ GError **error) + { + AuthenticationAgent *agent; +- GError *error; ++ GDBusProxy *proxy; + +- agent = g_new0 (AuthenticationAgent, 1); ++ if (!g_variant_is_object_path (object_path)) ++ { ++ g_set_error (error, POLKIT_ERROR, POLKIT_ERROR_FAILED, ++ "Invalid object path '%s'", object_path); ++ return NULL; ++ } ++ ++ proxy = g_dbus_proxy_new_for_bus_sync (G_BUS_TYPE_SYSTEM, ++ G_DBUS_PROXY_FLAGS_DO_NOT_LOAD_PROPERTIES | ++ G_DBUS_PROXY_FLAGS_DO_NOT_CONNECT_SIGNALS, ++ NULL, /* GDBusInterfaceInfo* */ ++ unique_system_bus_name, ++ object_path, ++ "org.freedesktop.PolicyKit1.AuthenticationAgent", ++ NULL, /* GCancellable* */ ++ error); ++ if (proxy == NULL) ++ { ++ g_prefix_error (error, "Failed to construct proxy for agent: " ); ++ return NULL; ++ } + ++ agent = g_new0 (AuthenticationAgent, 1); + agent->ref_count = 1; + agent->scope = g_object_ref (scope); + agent->object_path = g_strdup (object_path); + agent->unique_system_bus_name = g_strdup (unique_system_bus_name); + agent->locale = g_strdup (locale); + agent->registration_options = registration_options != NULL ? g_variant_ref (registration_options) : NULL; +- +- error = NULL; +- agent->proxy = g_dbus_proxy_new_for_bus_sync (G_BUS_TYPE_SYSTEM, +- G_DBUS_PROXY_FLAGS_DO_NOT_LOAD_PROPERTIES | +- G_DBUS_PROXY_FLAGS_DO_NOT_CONNECT_SIGNALS, +- NULL, /* GDBusInterfaceInfo* */ +- agent->unique_system_bus_name, +- agent->object_path, +- "org.freedesktop.PolicyKit1.AuthenticationAgent", +- NULL, /* GCancellable* */ +- &error); +- if (agent->proxy == NULL) +- { +- g_warning ("Error constructing proxy for agent: %s", error->message); +- g_error_free (error); +- /* TODO: Make authentication_agent_new() return NULL and set a GError */ +- } ++ agent->proxy = proxy; + + return agent; + } +@@ -2234,8 +2240,6 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken + caller_cmdline = NULL; + agent = NULL; + +- /* TODO: validate that object path is well-formed */ +- + interactive_authority = POLKIT_BACKEND_INTERACTIVE_AUTHORITY (authority); + priv = POLKIT_BACKEND_INTERACTIVE_AUTHORITY_GET_PRIVATE (interactive_authority); + +@@ -2322,7 +2326,10 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken + polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (caller)), + locale, + object_path, +- options); ++ options, ++ error); ++ if (!agent) ++ goto out; + + g_hash_table_insert (priv->hash_scope_to_authentication_agent, + g_object_ref (subject), diff --git a/patches/0.113/03_PolkitAgentSession-fix-race-between-child-and-io-wat.patch b/patches/0.113/03_PolkitAgentSession-fix-race-between-child-and-io-wat.patch new file mode 100644 index 00000000..956099b6 --- /dev/null +++ b/patches/0.113/03_PolkitAgentSession-fix-race-between-child-and-io-wat.patch @@ -0,0 +1,120 @@ +From: Rui Matos +Date: Thu, 6 Feb 2014 18:41:18 +0100 +Subject: PolkitAgentSession: fix race between child and io watches + +The helper flushes and fdatasyncs stdout and stderr before terminating +but this doesn't guarantee that our io watch is called before our +child watch. This means that we can end up with a successful return +from the helper which we still report as a failure. + +If we add G_IO_HUP and G_IO_ERR to the conditions we look for in the +io watch and the child terminates we still run the io watch handler +which will complete the session. + +This means that the child watch is in fact needless and we can remove +it. + +Bug: https://bugs.freedesktop.org/show_bug.cgi?id=60847 +Origin: upstream, 0.113, commit:7650ad1e08ab13bdb461783c4995d186d9392840 +Bug: http://bugs.freedesktop.org/show_bug.cgi?id=30515 +Bug-Ubuntu: https://launchpad.net/bugs/649939 +Bug-Ubuntu: https://launchpad.net/bugs/445303 +--- + src/polkitagent/polkitagentsession.c | 47 +++++++++--------------------------- + 1 file changed, 11 insertions(+), 36 deletions(-) + +diff --git a/src/polkitagent/polkitagentsession.c b/src/polkitagent/polkitagentsession.c +index 8129cd9..a658a22 100644 +--- a/src/polkitagent/polkitagentsession.c ++++ b/src/polkitagent/polkitagentsession.c +@@ -92,7 +92,6 @@ struct _PolkitAgentSession + int child_stdout; + GPid child_pid; + +- GSource *child_watch_source; + GSource *child_stdout_watch_source; + GIOChannel *child_stdout_channel; + +@@ -377,13 +376,6 @@ kill_helper (PolkitAgentSession *session) + session->child_pid = 0; + } + +- if (session->child_watch_source != NULL) +- { +- g_source_destroy (session->child_watch_source); +- g_source_unref (session->child_watch_source); +- session->child_watch_source = NULL; +- } +- + if (session->child_stdout_watch_source != NULL) + { + g_source_destroy (session->child_stdout_watch_source); +@@ -429,26 +421,6 @@ complete_session (PolkitAgentSession *session, + } + } + +-static void +-child_watch_func (GPid pid, +- gint status, +- gpointer user_data) +-{ +- PolkitAgentSession *session = POLKIT_AGENT_SESSION (user_data); +- +- if (G_UNLIKELY (_show_debug ())) +- { +- g_print ("PolkitAgentSession: in child_watch_func for pid %d (WIFEXITED=%d WEXITSTATUS=%d)\n", +- (gint) pid, +- WIFEXITED(status), +- WEXITSTATUS(status)); +- } +- +- /* kill all the watches we have set up, except for the child since it has exited already */ +- session->child_pid = 0; +- complete_session (session, FALSE); +-} +- + static gboolean + io_watch_have_data (GIOChannel *channel, + GIOCondition condition, +@@ -475,10 +447,13 @@ io_watch_have_data (GIOChannel *channel, + NULL, + NULL, + &error); +- if (error != NULL) ++ if (error != NULL || line == NULL) + { +- g_warning ("Error reading line from helper: %s", error->message); +- g_error_free (error); ++ /* In case we get just G_IO_HUP, line is NULL but error is ++ unset.*/ ++ g_warning ("Error reading line from helper: %s", ++ error ? error->message : "nothing to read"); ++ g_clear_error (&error); + + complete_session (session, FALSE); + goto out; +@@ -540,6 +515,9 @@ io_watch_have_data (GIOChannel *channel, + g_free (line); + g_free (unescaped); + ++ if (condition & (G_IO_ERR | G_IO_HUP)) ++ complete_session (session, FALSE); ++ + /* keep the IOChannel around */ + return TRUE; + } +@@ -650,12 +628,9 @@ polkit_agent_session_initiate (PolkitAgentSession *session) + if (G_UNLIKELY (_show_debug ())) + g_print ("PolkitAgentSession: spawned helper with pid %d\n", (gint) session->child_pid); + +- session->child_watch_source = g_child_watch_source_new (session->child_pid); +- g_source_set_callback (session->child_watch_source, (GSourceFunc) child_watch_func, session, NULL); +- g_source_attach (session->child_watch_source, g_main_context_get_thread_default ()); +- + session->child_stdout_channel = g_io_channel_unix_new (session->child_stdout); +- session->child_stdout_watch_source = g_io_create_watch (session->child_stdout_channel, G_IO_IN); ++ session->child_stdout_watch_source = g_io_create_watch (session->child_stdout_channel, ++ G_IO_IN | G_IO_ERR | G_IO_HUP); + g_source_set_callback (session->child_stdout_watch_source, (GSourceFunc) io_watch_have_data, session, NULL); + g_source_attach (session->child_stdout_watch_source, g_main_context_get_thread_default ()); + diff --git a/patches/0.113/CVE-2015-3255-Fix-GHashTable-usage.patch b/patches/0.113/CVE-2015-3255-Fix-GHashTable-usage.patch new file mode 100644 index 00000000..30f55a45 --- /dev/null +++ b/patches/0.113/CVE-2015-3255-Fix-GHashTable-usage.patch @@ -0,0 +1,68 @@ +From: =?utf-8?q?Miloslav_Trma=C4=8D?= +Date: Wed, 1 Apr 2015 05:22:37 +0200 +Subject: CVE-2015-3255 Fix GHashTable usage. + +Don't assume that the hash table with free both the key and the value +at the same time, supply proper deallocation functions for the key +and value separately. + +Then drop ParsedAction::action_id which is no longer used for anything. + +https://bugs.freedesktop.org/show_bug.cgi?id=69501 +and +https://bugs.freedesktop.org/show_bug.cgi?id=83590 + +CVE: CVE-2015-3255 +Origin: upstream, 0.113, commit:9f5e0c731784003bd4d6fc75ab739ff8b2ea269f +Bug-Debian: https://bugs.debian.org/796134 +--- + src/polkitbackend/polkitbackendactionpool.c | 8 +++----- + 1 file changed, 3 insertions(+), 5 deletions(-) + +diff --git a/src/polkitbackend/polkitbackendactionpool.c b/src/polkitbackend/polkitbackendactionpool.c +index 0af0010..b16ed2f 100644 +--- a/src/polkitbackend/polkitbackendactionpool.c ++++ b/src/polkitbackend/polkitbackendactionpool.c +@@ -40,7 +40,6 @@ + + typedef struct + { +- gchar *action_id; + gchar *vendor_name; + gchar *vendor_url; + gchar *icon_name; +@@ -62,7 +61,6 @@ typedef struct + static void + parsed_action_free (ParsedAction *action) + { +- g_free (action->action_id); + g_free (action->vendor_name); + g_free (action->vendor_url); + g_free (action->icon_name); +@@ -134,7 +132,7 @@ polkit_backend_action_pool_init (PolkitBackendActionPool *pool) + + priv->parsed_actions = g_hash_table_new_full (g_str_hash, + g_str_equal, +- NULL, ++ g_free, + (GDestroyNotify) parsed_action_free); + + priv->parsed_files = g_hash_table_new_full (g_str_hash, +@@ -988,7 +986,6 @@ _end (void *data, const char *el) + icon_name = pd->global_icon_name; + + action = g_new0 (ParsedAction, 1); +- action->action_id = g_strdup (pd->action_id); + action->vendor_name = g_strdup (vendor); + action->vendor_url = g_strdup (vendor_url); + action->icon_name = g_strdup (icon_name); +@@ -1003,7 +1000,8 @@ _end (void *data, const char *el) + action->implicit_authorization_inactive = pd->implicit_authorization_inactive; + action->implicit_authorization_active = pd->implicit_authorization_active; + +- g_hash_table_insert (priv->parsed_actions, action->action_id, action); ++ g_hash_table_insert (priv->parsed_actions, g_strdup (pd->action_id), ++ action); + + /* we steal these hash tables */ + pd->annotations = NULL; diff --git a/patches/0.113/CVE-2015-4625-Bind-use-of-cookies-to-specific-uids.patch b/patches/0.113/CVE-2015-4625-Bind-use-of-cookies-to-specific-uids.patch new file mode 100644 index 00000000..8b584a76 --- /dev/null +++ b/patches/0.113/CVE-2015-4625-Bind-use-of-cookies-to-specific-uids.patch @@ -0,0 +1,484 @@ +From: Colin Walters +Date: Wed, 17 Jun 2015 13:07:02 -0400 +Subject: CVE-2015-4625: Bind use of cookies to specific uids +MIME-Version: 1.0 +Content-Type: text/plain; charset="utf-8" +Content-Transfer-Encoding: 8bit + +http://lists.freedesktop.org/archives/polkit-devel/2015-June/000425.html + +The "cookie" value that Polkit hands out is global to all polkit +users. And when `AuthenticationAgentResponse` is invoked, we +previously only received the cookie and *target* identity, and +attempted to find an agent from that. + +The problem is that the current cookie is just an integer +counter, and if it overflowed, it would be possible for +an successful authorization in one session to trigger a response +in another session. + +The overflow and ability to guess the cookie were fixed by the +previous patch. + +This patch is conceptually further hardening on top of that. Polkit +currently treats uids as equivalent from a security domain +perspective; there is no support for +SELinux/AppArmor/etc. differentiation. + +We can retrieve the uid from `getuid()` in the setuid helper, which +allows us to ensure the uid invoking `AuthenticationAgentResponse2` +matches that of the agent. + +Then the authority only looks at authentication sessions matching the +cookie that were created by a matching uid, thus removing the ability +for different uids to interfere with each other entirely. + +Several fixes to this patch were contributed by: +Miloslav Trmač + +Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90837 +CVE: CVE-2015-4625 +Reported-by: Tavis Ormandy +Reviewed-by: Miloslav Trmač +Signed-off-by: Colin Walters +Origin: upstream, 0.113, commit:493aa5dc1d278ab9097110c1262f5229bbaf1766 +Bug-Debian: https://bugs.debian.org/796134 +--- + ....freedesktop.PolicyKit1.AuthenticationAgent.xml | 14 ++++- + data/org.freedesktop.PolicyKit1.Authority.xml | 24 ++++++++- + ...erface-org.freedesktop.PolicyKit1.Authority.xml | 46 +++++++++++++++- + docs/polkit/overview.xml | 18 ++++--- + src/polkit/polkitauthority.c | 13 ++++- + src/polkitbackend/polkitbackendauthority.c | 61 +++++++++++++++++++++- + src/polkitbackend/polkitbackendauthority.h | 2 + + .../polkitbackendinteractiveauthority.c | 39 ++++++++++++-- + 8 files changed, 198 insertions(+), 19 deletions(-) + +diff --git a/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml b/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml +index 3b519c2..5beef7d 100644 +--- a/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml ++++ b/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml +@@ -8,7 +8,19 @@ + + + +- ++ + + + +diff --git a/data/org.freedesktop.PolicyKit1.Authority.xml b/data/org.freedesktop.PolicyKit1.Authority.xml +index fbfb9cd..f9021ee 100644 +--- a/data/org.freedesktop.PolicyKit1.Authority.xml ++++ b/data/org.freedesktop.PolicyKit1.Authority.xml +@@ -313,7 +313,29 @@ + + + +- ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ + + + +diff --git a/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml b/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml +index 6525e25..e66bf53 100644 +--- a/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml ++++ b/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml +@@ -42,6 +42,8 @@ Structure TemporaryAuth + IN String object_path) + AuthenticationAgentResponse (IN String cookie, + IN Identity identity) ++AuthenticationAgentResponse2 (IN uint32 uid, IN String cookie, ++ IN Identity identity) + EnumerateTemporaryAuthorizations (IN Subject subject, + OUT Array<TemporaryAuthorization> temporary_authorizations) + RevokeTemporaryAuthorizations (IN Subject subject) +@@ -777,9 +779,51 @@ AuthenticationAgentResponse (IN String cookie, + IN Identity identity) + + +-Method for authentication agents to invoke on successful authentication. This method will fail unless a sufficiently privileged caller invokes it. ++Method for authentication agents to invoke on successful ++authentication, intended only for use by a privileged helper process ++internal to polkit. Deprecated in favor of AuthenticationAgentResponse2. ++ ++ ++ ++ IN String cookie: ++ ++ ++The cookie identifying the authentication request that was passed to the authentication agent. ++ ++ ++ ++ ++ IN Identity identity: ++ ++ ++A Identity struct describing what identity was authenticated. ++ ++ ++ ++ ++ ++ ++ AuthenticationAgentResponse2 () ++ ++AuthenticationAgentResponse2 (IN uint32 uid, ++ IN String cookie, ++ IN Identity identity) ++ ++ ++Method for authentication agents to invoke on successful ++authentication, intended only for use by a privileged helper process ++internal to polkit. Note this method was introduced in 0.114 to fix a security issue. + + ++ ++ IN uint32 uid: ++ ++ ++The user id of the agent; normally this is the owner of the parent pid ++of the process that invoked the internal setuid helper. ++ ++ ++ + + IN String cookie: + +diff --git a/docs/polkit/overview.xml b/docs/polkit/overview.xml +index 24440d2..c29d8da 100644 +--- a/docs/polkit/overview.xml ++++ b/docs/polkit/overview.xml +@@ -66,16 +66,18 @@ + + Authentication agents are provided by desktop environments. When + an user session starts, the agent registers with the polkit +- Authority using +- the RegisterAuthenticationAgent() ++ Authority using the RegisterAuthenticationAgent() + method. When services are needed, the authority will invoke +- methods on +- the org.freedesktop.PolicyKit1.AuthenticationAgent ++ methods on the org.freedesktop.PolicyKit1.AuthenticationAgent + D-Bus interface. Once the user is authenticated, (a privileged +- part of) the agent invokes +- the AuthenticationAgentResponse() +- method. Note that the polkit Authority itself does not care +- how the agent authenticates the user. ++ part of) the agent invokes the AuthenticationAgentResponse() ++ method. This method should be treated as an internal ++ implementation detail, and callers should use the public shared ++ library API to invoke it, which currently uses a setuid helper ++ program. + + + The libpolkit-agent-1 +diff --git a/src/polkit/polkitauthority.c b/src/polkit/polkitauthority.c +index 84dab72..f45abc4 100644 +--- a/src/polkit/polkitauthority.c ++++ b/src/polkit/polkitauthority.c +@@ -1492,6 +1492,14 @@ polkit_authority_authentication_agent_response (PolkitAuthority *authority, + gpointer user_data) + { + GVariant *identity_value; ++ /* Note that in reality, this API is only accessible to root, and ++ * only called from the setuid helper `polkit-agent-helper-1`. ++ * ++ * However, because this is currently public API, we avoid ++ * triggering warnings from ABI diff type programs by just grabbing ++ * the real uid of the caller here. ++ */ ++ uid_t uid = getuid (); + + g_return_if_fail (POLKIT_IS_AUTHORITY (authority)); + g_return_if_fail (cookie != NULL); +@@ -1501,8 +1509,9 @@ polkit_authority_authentication_agent_response (PolkitAuthority *authority, + identity_value = polkit_identity_to_gvariant (identity); + g_variant_ref_sink (identity_value); + g_dbus_proxy_call (authority->proxy, +- "AuthenticationAgentResponse", +- g_variant_new ("(s@(sa{sv}))", ++ "AuthenticationAgentResponse2", ++ g_variant_new ("(us@(sa{sv}))", ++ (guint32)uid, + cookie, + identity_value), + G_DBUS_CALL_FLAGS_NONE, +diff --git a/src/polkitbackend/polkitbackendauthority.c b/src/polkitbackend/polkitbackendauthority.c +index fd4f161..d1b1a25 100644 +--- a/src/polkitbackend/polkitbackendauthority.c ++++ b/src/polkitbackend/polkitbackendauthority.c +@@ -355,6 +355,7 @@ polkit_backend_authority_unregister_authentication_agent (PolkitBackendAuthority + gboolean + polkit_backend_authority_authentication_agent_response (PolkitBackendAuthority *authority, + PolkitSubject *caller, ++ uid_t uid, + const gchar *cookie, + PolkitIdentity *identity, + GError **error) +@@ -373,7 +374,7 @@ polkit_backend_authority_authentication_agent_response (PolkitBackendAuthority + } + else + { +- return klass->authentication_agent_response (authority, caller, cookie, identity, error); ++ return klass->authentication_agent_response (authority, caller, uid, cookie, identity, error); + } + } + +@@ -587,6 +588,11 @@ static const gchar *server_introspection_data = + " " + " " + " " ++ " " ++ " " ++ " " ++ " " ++ " " + " " + " " + " " +@@ -1035,6 +1041,57 @@ server_handle_authentication_agent_response (Server *server, + error = NULL; + if (!polkit_backend_authority_authentication_agent_response (server->authority, + caller, ++ (uid_t)-1, ++ cookie, ++ identity, ++ &error)) ++ { ++ g_dbus_method_invocation_return_gerror (invocation, error); ++ g_error_free (error); ++ goto out; ++ } ++ ++ g_dbus_method_invocation_return_value (invocation, g_variant_new ("()")); ++ ++ out: ++ if (identity != NULL) ++ g_object_unref (identity); ++} ++ ++static void ++server_handle_authentication_agent_response2 (Server *server, ++ GVariant *parameters, ++ PolkitSubject *caller, ++ GDBusMethodInvocation *invocation) ++{ ++ const gchar *cookie; ++ GVariant *identity_gvariant; ++ PolkitIdentity *identity; ++ GError *error; ++ guint32 uid; ++ ++ identity = NULL; ++ ++ g_variant_get (parameters, ++ "(u&s@(sa{sv}))", ++ &uid, ++ &cookie, ++ &identity_gvariant); ++ ++ error = NULL; ++ identity = polkit_identity_new_for_gvariant (identity_gvariant, &error); ++ if (identity == NULL) ++ { ++ g_prefix_error (&error, "Error getting identity: "); ++ g_dbus_method_invocation_return_gerror (invocation, error); ++ g_error_free (error); ++ goto out; ++ } ++ ++ error = NULL; ++ if (!polkit_backend_authority_authentication_agent_response (server->authority, ++ caller, ++ (uid_t)uid, + cookie, + identity, + &error)) +@@ -1222,6 +1279,8 @@ server_handle_method_call (GDBusConnection *connection, + server_handle_unregister_authentication_agent (server, parameters, caller, invocation); + else if (g_strcmp0 (method_name, "AuthenticationAgentResponse") == 0) + server_handle_authentication_agent_response (server, parameters, caller, invocation); ++ else if (g_strcmp0 (method_name, "AuthenticationAgentResponse2") == 0) ++ server_handle_authentication_agent_response2 (server, parameters, caller, invocation); + else if (g_strcmp0 (method_name, "EnumerateTemporaryAuthorizations") == 0) + server_handle_enumerate_temporary_authorizations (server, parameters, caller, invocation); + else if (g_strcmp0 (method_name, "RevokeTemporaryAuthorizations") == 0) +diff --git a/src/polkitbackend/polkitbackendauthority.h b/src/polkitbackend/polkitbackendauthority.h +index a564054..1c212e0 100644 +--- a/src/polkitbackend/polkitbackendauthority.h ++++ b/src/polkitbackend/polkitbackendauthority.h +@@ -154,6 +154,7 @@ struct _PolkitBackendAuthorityClass + + gboolean (*authentication_agent_response) (PolkitBackendAuthority *authority, + PolkitSubject *caller, ++ uid_t uid, + const gchar *cookie, + PolkitIdentity *identity, + GError **error); +@@ -256,6 +257,7 @@ gboolean polkit_backend_authority_unregister_authentication_agent (PolkitBackend + + gboolean polkit_backend_authority_authentication_agent_response (PolkitBackendAuthority *authority, + PolkitSubject *caller, ++ uid_t uid, + const gchar *cookie, + PolkitIdentity *identity, + GError **error); +diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c +index 10eda2c..5e29af2 100644 +--- a/src/polkitbackend/polkitbackendinteractiveauthority.c ++++ b/src/polkitbackend/polkitbackendinteractiveauthority.c +@@ -106,8 +106,9 @@ static AuthenticationAgent *get_authentication_agent_for_subject (PolkitBackendI + PolkitSubject *subject); + + +-static AuthenticationSession *get_authentication_session_for_cookie (PolkitBackendInteractiveAuthority *authority, +- const gchar *cookie); ++static AuthenticationSession *get_authentication_session_for_uid_and_cookie (PolkitBackendInteractiveAuthority *authority, ++ uid_t uid, ++ const gchar *cookie); + + static GList *get_authentication_sessions_initiated_by_system_bus_unique_name (PolkitBackendInteractiveAuthority *authority, + const gchar *system_bus_unique_name); +@@ -167,6 +168,7 @@ static gboolean polkit_backend_interactive_authority_unregister_authentication_a + + static gboolean polkit_backend_interactive_authority_authentication_agent_response (PolkitBackendAuthority *authority, + PolkitSubject *caller, ++ uid_t uid, + const gchar *cookie, + PolkitIdentity *identity, + GError **error); +@@ -431,6 +433,7 @@ struct AuthenticationAgent + { + volatile gint ref_count; + ++ uid_t creator_uid; + PolkitSubject *scope; + guint64 serial; + +@@ -1603,6 +1606,7 @@ authentication_agent_unref (AuthenticationAgent *agent) + static AuthenticationAgent * + authentication_agent_new (guint64 serial, + PolkitSubject *scope, ++ PolkitIdentity *creator, + const gchar *unique_system_bus_name, + const gchar *locale, + const gchar *object_path, +@@ -1611,6 +1615,10 @@ authentication_agent_new (guint64 serial, + { + AuthenticationAgent *agent; + GDBusProxy *proxy; ++ PolkitUnixUser *creator_user; ++ ++ g_assert (POLKIT_IS_UNIX_USER (creator)); ++ creator_user = POLKIT_UNIX_USER (creator); + + if (!g_variant_is_object_path (object_path)) + { +@@ -1638,6 +1646,7 @@ authentication_agent_new (guint64 serial, + agent->ref_count = 1; + agent->serial = serial; + agent->scope = g_object_ref (scope); ++ agent->creator_uid = (uid_t)polkit_unix_user_get_uid (creator_user); + agent->object_path = g_strdup (object_path); + agent->unique_system_bus_name = g_strdup (unique_system_bus_name); + agent->locale = g_strdup (locale); +@@ -1736,8 +1745,9 @@ get_authentication_agent_for_subject (PolkitBackendInteractiveAuthority *authori + } + + static AuthenticationSession * +-get_authentication_session_for_cookie (PolkitBackendInteractiveAuthority *authority, +- const gchar *cookie) ++get_authentication_session_for_uid_and_cookie (PolkitBackendInteractiveAuthority *authority, ++ uid_t uid, ++ const gchar *cookie) + { + PolkitBackendInteractiveAuthorityPrivate *priv; + GHashTableIter hash_iter; +@@ -1755,6 +1765,23 @@ get_authentication_session_for_cookie (PolkitBackendInteractiveAuthority *author + { + GList *l; + ++ /* We need to ensure that if somehow we have duplicate cookies ++ * due to wrapping, that the cookie used is matched to the user ++ * who called AuthenticationAgentResponse2. See ++ * http://lists.freedesktop.org/archives/polkit-devel/2015-June/000425.html ++ * ++ * Except if the legacy AuthenticationAgentResponse is invoked, ++ * we don't know the uid and hence use -1. Continue to support ++ * the old behavior for backwards compatibility, although everyone ++ * who is using our own setuid helper will automatically be updated ++ * to the new API. ++ */ ++ if (uid != (uid_t)-1) ++ { ++ if (agent->creator_uid != uid) ++ continue; ++ } ++ + for (l = agent->active_sessions; l != NULL; l = l->next) + { + AuthenticationSession *session = l->data; +@@ -2388,6 +2415,7 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken + priv->agent_serial++; + agent = authentication_agent_new (priv->agent_serial, + subject, ++ user_of_caller, + polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (caller)), + locale, + object_path, +@@ -2601,6 +2629,7 @@ polkit_backend_interactive_authority_unregister_authentication_agent (PolkitBack + static gboolean + polkit_backend_interactive_authority_authentication_agent_response (PolkitBackendAuthority *authority, + PolkitSubject *caller, ++ uid_t uid, + const gchar *cookie, + PolkitIdentity *identity, + GError **error) +@@ -2643,7 +2672,7 @@ polkit_backend_interactive_authority_authentication_agent_response (PolkitBacken + } + + /* find the authentication session */ +- session = get_authentication_session_for_cookie (interactive_authority, cookie); ++ session = get_authentication_session_for_uid_and_cookie (interactive_authority, uid, cookie); + if (session == NULL) + { + g_set_error (error, diff --git a/patches/0.113/CVE-2015-4625-Use-unpredictable-cookie-values-keep-t.patch b/patches/0.113/CVE-2015-4625-Use-unpredictable-cookie-values-keep-t.patch new file mode 100644 index 00000000..f6a42489 --- /dev/null +++ b/patches/0.113/CVE-2015-4625-Use-unpredictable-cookie-values-keep-t.patch @@ -0,0 +1,540 @@ +From: Colin Walters +Date: Thu, 4 Jun 2015 12:15:18 -0400 +Subject: CVE-2015-4625: Use unpredictable cookie values, keep them secret +MIME-Version: 1.0 +Content-Type: text/plain; charset="utf-8" +Content-Transfer-Encoding: 8bit + +Tavis noted that it'd be possible with a 32 bit counter for someone to +cause the cookie to wrap by creating Authentication requests in a +loop. + +Something important to note here is that wrapping of signed integers +is undefined behavior in C, so we definitely want to fix that. All +counter integers used in this patch are unsigned. + +See the comment above `authentication_agent_generate_cookie` for +details, but basically we're now using a cookie of the form: + +``` + - - - +``` + +Which has multiple 64 bit counters, plus unpredictable random 128 bit +integer ids (effectively UUIDs, but we're not calling them that +because we don't need to be globally unique. + +We further ensure that the cookies are not visible to other processes +by changing the setuid helper to accept them over standard input. This +means that an attacker would have to guess both ids. + +In any case, the security hole here is better fixed with the other +change to bind user id (uid) of the agent with cookie lookups, making +cookie guessing worthless. + +Nevertheless, I think it's worth doing this change too, for defense in +depth. + +Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90832 +CVE: CVE-2015-4625 +Reported-by: Tavis Ormandy +Reviewed-by: Miloslav Trmač +Signed-off-by: Colin Walters +Origin: upstream, 0.113, commit:ea544ffc18405237ccd95d28d7f45afef49aca17 +Bug-Debian: https://bugs.debian.org/796134 +--- + configure.ac | 2 +- + src/polkitagent/polkitagenthelper-pam.c | 12 ++- + src/polkitagent/polkitagenthelper-shadow.c | 12 ++- + src/polkitagent/polkitagenthelperprivate.c | 33 ++++++++ + src/polkitagent/polkitagenthelperprivate.h | 2 + + src/polkitagent/polkitagentsession.c | 30 ++++--- + .../polkitbackendinteractiveauthority.c | 99 +++++++++++++++++----- + 7 files changed, 150 insertions(+), 40 deletions(-) + +diff --git a/configure.ac b/configure.ac +index aa2760f..388605d 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -123,7 +123,7 @@ if test "x$GCC" = "xyes"; then + changequote([,])dnl + fi + +-PKG_CHECK_MODULES(GLIB, [gio-2.0 >= 2.28.0]) ++PKG_CHECK_MODULES(GLIB, [gmodule-2.0 gio-unix-2.0 >= 2.30.0]) + AC_SUBST(GLIB_CFLAGS) + AC_SUBST(GLIB_LIBS) + +diff --git a/src/polkitagent/polkitagenthelper-pam.c b/src/polkitagent/polkitagenthelper-pam.c +index 937386e..19062aa 100644 +--- a/src/polkitagent/polkitagenthelper-pam.c ++++ b/src/polkitagent/polkitagenthelper-pam.c +@@ -65,7 +65,7 @@ main (int argc, char *argv[]) + { + int rc; + const char *user_to_auth; +- const char *cookie; ++ char *cookie = NULL; + struct pam_conv pam_conversation; + pam_handle_t *pam_h; + const void *authed_user; +@@ -97,7 +97,7 @@ main (int argc, char *argv[]) + openlog ("polkit-agent-helper-1", LOG_CONS | LOG_PID, LOG_AUTHPRIV); + + /* check for correct invocation */ +- if (argc != 3) ++ if (!(argc == 2 || argc == 3)) + { + syslog (LOG_NOTICE, "inappropriate use of helper, wrong number of arguments [uid=%d]", getuid ()); + fprintf (stderr, "polkit-agent-helper-1: wrong number of arguments. This incident has been logged.\n"); +@@ -105,7 +105,10 @@ main (int argc, char *argv[]) + } + + user_to_auth = argv[1]; +- cookie = argv[2]; ++ ++ cookie = read_cookie (argc, argv); ++ if (!cookie) ++ goto error; + + if (getuid () != 0) + { +@@ -203,6 +206,8 @@ main (int argc, char *argv[]) + goto error; + } + ++ free (cookie); ++ + #ifdef PAH_DEBUG + fprintf (stderr, "polkit-agent-helper-1: successfully sent D-Bus message to PolicyKit daemon\n"); + #endif /* PAH_DEBUG */ +@@ -212,6 +217,7 @@ main (int argc, char *argv[]) + return 0; + + error: ++ free (cookie); + if (pam_h != NULL) + pam_end (pam_h, rc); + +diff --git a/src/polkitagent/polkitagenthelper-shadow.c b/src/polkitagent/polkitagenthelper-shadow.c +index a4f73ac..e877915 100644 +--- a/src/polkitagent/polkitagenthelper-shadow.c ++++ b/src/polkitagent/polkitagenthelper-shadow.c +@@ -46,7 +46,7 @@ main (int argc, char *argv[]) + { + struct spwd *shadow; + const char *user_to_auth; +- const char *cookie; ++ char *cookie = NULL; + time_t now; + + /* clear the entire environment to avoid attacks with +@@ -67,7 +67,7 @@ main (int argc, char *argv[]) + openlog ("polkit-agent-helper-1", LOG_CONS | LOG_PID, LOG_AUTHPRIV); + + /* check for correct invocation */ +- if (argc != 3) ++ if (!(argc == 2 || argc == 3)) + { + syslog (LOG_NOTICE, "inappropriate use of helper, wrong number of arguments [uid=%d]", getuid ()); + fprintf (stderr, "polkit-agent-helper-1: wrong number of arguments. This incident has been logged.\n"); +@@ -86,7 +86,10 @@ main (int argc, char *argv[]) + } + + user_to_auth = argv[1]; +- cookie = argv[2]; ++ ++ cookie = read_cookie (argc, argv); ++ if (!cookie) ++ goto error; + + #ifdef PAH_DEBUG + fprintf (stderr, "polkit-agent-helper-1: user to auth is '%s'.\n", user_to_auth); +@@ -153,6 +156,8 @@ main (int argc, char *argv[]) + goto error; + } + ++ free (cookie); ++ + #ifdef PAH_DEBUG + fprintf (stderr, "polkit-agent-helper-1: successfully sent D-Bus message to PolicyKit daemon\n"); + #endif /* PAH_DEBUG */ +@@ -162,6 +167,7 @@ main (int argc, char *argv[]) + return 0; + + error: ++ free (cookie); + fprintf (stdout, "FAILURE\n"); + flush_and_wait (); + return 1; +diff --git a/src/polkitagent/polkitagenthelperprivate.c b/src/polkitagent/polkitagenthelperprivate.c +index 4417e70..a99de7d 100644 +--- a/src/polkitagent/polkitagenthelperprivate.c ++++ b/src/polkitagent/polkitagenthelperprivate.c +@@ -23,6 +23,7 @@ + #include "config.h" + #include "polkitagenthelperprivate.h" + #include ++#include + #include + #include + +@@ -45,6 +46,38 @@ _polkit_clearenv (void) + #endif + + ++char * ++read_cookie (int argc, char **argv) ++{ ++ /* As part of CVE-2015-4625, we started passing the cookie ++ * on standard input, to ensure it's not visible to other ++ * processes. However, to ensure that things continue ++ * to work if the setuid binary is upgraded while old ++ * agents are still running (this will be common with ++ * package managers), we support both modes. ++ */ ++ if (argc == 3) ++ return strdup (argv[2]); ++ else ++ { ++ char *ret = NULL; ++ size_t n = 0; ++ ssize_t r = getline (&ret, &n, stdin); ++ if (r == -1) ++ { ++ if (!feof (stdin)) ++ perror ("getline"); ++ free (ret); ++ return NULL; ++ } ++ else ++ { ++ g_strchomp (ret); ++ return ret; ++ } ++ } ++} ++ + gboolean + send_dbus_message (const char *cookie, const char *user) + { +diff --git a/src/polkitagent/polkitagenthelperprivate.h b/src/polkitagent/polkitagenthelperprivate.h +index aeca2c7..547fdcc 100644 +--- a/src/polkitagent/polkitagenthelperprivate.h ++++ b/src/polkitagent/polkitagenthelperprivate.h +@@ -38,6 +38,8 @@ + + int _polkit_clearenv (void); + ++char *read_cookie (int argc, char **argv); ++ + gboolean send_dbus_message (const char *cookie, const char *user); + + void flush_and_wait (); +diff --git a/src/polkitagent/polkitagentsession.c b/src/polkitagent/polkitagentsession.c +index a658a22..6a3d6bc 100644 +--- a/src/polkitagent/polkitagentsession.c ++++ b/src/polkitagent/polkitagentsession.c +@@ -55,6 +55,7 @@ + #include + #include + #include ++#include + #include + + #include "polkitagentmarshal.h" +@@ -88,7 +89,7 @@ struct _PolkitAgentSession + gchar *cookie; + PolkitIdentity *identity; + +- int child_stdin; ++ GOutputStream *child_stdin; + int child_stdout; + GPid child_pid; + +@@ -129,7 +130,6 @@ G_DEFINE_TYPE (PolkitAgentSession, polkit_agent_session, G_TYPE_OBJECT); + static void + polkit_agent_session_init (PolkitAgentSession *session) + { +- session->child_stdin = -1; + session->child_stdout = -1; + } + +@@ -395,11 +395,7 @@ kill_helper (PolkitAgentSession *session) + session->child_stdout = -1; + } + +- if (session->child_stdin != -1) +- { +- g_warn_if_fail (close (session->child_stdin) == 0); +- session->child_stdin = -1; +- } ++ g_clear_object (&session->child_stdin); + + session->helper_is_running = FALSE; + +@@ -545,9 +541,9 @@ polkit_agent_session_response (PolkitAgentSession *session, + + add_newline = (response[response_len] != '\n'); + +- write (session->child_stdin, response, response_len); ++ (void) g_output_stream_write_all (session->child_stdin, response, response_len, NULL, NULL, NULL); + if (add_newline) +- write (session->child_stdin, newline, 1); ++ (void) g_output_stream_write_all (session->child_stdin, newline, 1, NULL, NULL, NULL); + } + + /** +@@ -567,8 +563,9 @@ polkit_agent_session_initiate (PolkitAgentSession *session) + { + uid_t uid; + GError *error; +- gchar *helper_argv[4]; ++ gchar *helper_argv[3]; + struct passwd *passwd; ++ int stdin_fd = -1; + + g_return_if_fail (POLKIT_AGENT_IS_SESSION (session)); + +@@ -600,10 +597,8 @@ polkit_agent_session_initiate (PolkitAgentSession *session) + + helper_argv[0] = PACKAGE_LIBEXEC_DIR "/polkit-agent-helper-1"; + helper_argv[1] = passwd->pw_name; +- helper_argv[2] = session->cookie; +- helper_argv[3] = NULL; ++ helper_argv[2] = NULL; + +- session->child_stdin = -1; + session->child_stdout = -1; + + error = NULL; +@@ -615,7 +610,7 @@ polkit_agent_session_initiate (PolkitAgentSession *session) + NULL, + NULL, + &session->child_pid, +- &session->child_stdin, ++ &stdin_fd, + &session->child_stdout, + NULL, + &error)) +@@ -628,6 +623,13 @@ polkit_agent_session_initiate (PolkitAgentSession *session) + if (G_UNLIKELY (_show_debug ())) + g_print ("PolkitAgentSession: spawned helper with pid %d\n", (gint) session->child_pid); + ++ session->child_stdin = (GOutputStream*)g_unix_output_stream_new (stdin_fd, TRUE); ++ ++ /* Write the cookie on stdin so it can't be seen by other processes */ ++ (void) g_output_stream_write_all (session->child_stdin, session->cookie, strlen (session->cookie), ++ NULL, NULL, NULL); ++ (void) g_output_stream_write_all (session->child_stdin, "\n", 1, NULL, NULL, NULL); ++ + session->child_stdout_channel = g_io_channel_unix_new (session->child_stdout); + session->child_stdout_watch_source = g_io_create_watch (session->child_stdout_channel, + G_IO_IN | G_IO_ERR | G_IO_HUP); +diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c +index 00ee044..10eda2c 100644 +--- a/src/polkitbackend/polkitbackendinteractiveauthority.c ++++ b/src/polkitbackend/polkitbackendinteractiveauthority.c +@@ -212,6 +212,8 @@ typedef struct + + GDBusConnection *system_bus_connection; + guint name_owner_changed_signal_id; ++ ++ guint64 agent_serial; + } PolkitBackendInteractiveAuthorityPrivate; + + /* ---------------------------------------------------------------------------------------------------- */ +@@ -430,11 +432,15 @@ struct AuthenticationAgent + volatile gint ref_count; + + PolkitSubject *scope; ++ guint64 serial; + + gchar *locale; + GVariant *registration_options; + gchar *object_path; + gchar *unique_system_bus_name; ++ GRand *cookie_pool; ++ gchar *cookie_prefix; ++ guint64 cookie_serial; + + GDBusProxy *proxy; + +@@ -1430,9 +1436,54 @@ authentication_session_cancelled_cb (GCancellable *cancellable, + authentication_session_cancel (session); + } + ++/* We're not calling this a UUID, but it's basically ++ * the same thing, just not formatted that way because: ++ * ++ * - I'm too lazy to do it ++ * - If we did, people might think it was actually ++ * generated from /dev/random, which we're not doing ++ * because this value doesn't actually need to be ++ * globally unique. ++ */ ++static void ++append_rand_u128_str (GString *buf, ++ GRand *pool) ++{ ++ g_string_append_printf (buf, "%08x%08x%08x%08x", ++ g_rand_int (pool), ++ g_rand_int (pool), ++ g_rand_int (pool), ++ g_rand_int (pool)); ++} ++ ++/* A value that should be unique to the (AuthenticationAgent, AuthenticationSession) ++ * pair, and not guessable by other agents. ++ * ++ * - - - ++ * ++ * See http://lists.freedesktop.org/archives/polkit-devel/2015-June/000425.html ++ * ++ */ ++static gchar * ++authentication_agent_generate_cookie (AuthenticationAgent *agent) ++{ ++ GString *buf = g_string_new (""); ++ ++ g_string_append (buf, agent->cookie_prefix); ++ ++ g_string_append_c (buf, '-'); ++ agent->cookie_serial++; ++ g_string_append_printf (buf, "%" G_GUINT64_FORMAT, ++ agent->cookie_serial); ++ g_string_append_c (buf, '-'); ++ append_rand_u128_str (buf, agent->cookie_pool); ++ ++ return g_string_free (buf, FALSE); ++} ++ ++ + static AuthenticationSession * + authentication_session_new (AuthenticationAgent *agent, +- const gchar *cookie, + PolkitSubject *subject, + PolkitIdentity *user_of_subject, + PolkitSubject *caller, +@@ -1449,7 +1500,7 @@ authentication_session_new (AuthenticationAgent *agent, + + session = g_new0 (AuthenticationSession, 1); + session->agent = authentication_agent_ref (agent); +- session->cookie = g_strdup (cookie); ++ session->cookie = authentication_agent_generate_cookie (agent); + session->subject = g_object_ref (subject); + session->user_of_subject = g_object_ref (user_of_subject); + session->caller = g_object_ref (caller); +@@ -1496,16 +1547,6 @@ authentication_session_free (AuthenticationSession *session) + g_free (session); + } + +-static gchar * +-authentication_agent_new_cookie (AuthenticationAgent *agent) +-{ +- static gint counter = 0; +- +- /* TODO: use a more random-looking cookie */ +- +- return g_strdup_printf ("cookie%d", counter++); +-} +- + static PolkitSubject * + authentication_agent_get_scope (AuthenticationAgent *agent) + { +@@ -1553,12 +1594,15 @@ authentication_agent_unref (AuthenticationAgent *agent) + g_free (agent->unique_system_bus_name); + if (agent->registration_options != NULL) + g_variant_unref (agent->registration_options); ++ g_rand_free (agent->cookie_pool); ++ g_free (agent->cookie_prefix); + g_free (agent); + } + } + + static AuthenticationAgent * +-authentication_agent_new (PolkitSubject *scope, ++authentication_agent_new (guint64 serial, ++ PolkitSubject *scope, + const gchar *unique_system_bus_name, + const gchar *locale, + const gchar *object_path, +@@ -1592,6 +1636,7 @@ authentication_agent_new (PolkitSubject *scope, + + agent = g_new0 (AuthenticationAgent, 1); + agent->ref_count = 1; ++ agent->serial = serial; + agent->scope = g_object_ref (scope); + agent->object_path = g_strdup (object_path); + agent->unique_system_bus_name = g_strdup (unique_system_bus_name); +@@ -1599,6 +1644,25 @@ authentication_agent_new (PolkitSubject *scope, + agent->registration_options = registration_options != NULL ? g_variant_ref (registration_options) : NULL; + agent->proxy = proxy; + ++ { ++ GString *cookie_prefix = g_string_new (""); ++ GRand *agent_private_rand = g_rand_new (); ++ ++ g_string_append_printf (cookie_prefix, "%" G_GUINT64_FORMAT "-", agent->serial); ++ ++ /* Use a uniquely seeded PRNG to get a prefix cookie for this agent, ++ * whose sequence will not correlate with the per-authentication session ++ * cookies. ++ */ ++ append_rand_u128_str (cookie_prefix, agent_private_rand); ++ g_rand_free (agent_private_rand); ++ ++ agent->cookie_prefix = g_string_free (cookie_prefix, FALSE); ++ ++ /* And a newly seeded pool for per-session cookies */ ++ agent->cookie_pool = g_rand_new (); ++ } ++ + return agent; + } + +@@ -2083,7 +2147,6 @@ authentication_agent_initiate_challenge (AuthenticationAgent *agent, + gpointer user_data) + { + AuthenticationSession *session; +- gchar *cookie; + GList *l; + GList *identities; + gchar *localized_message; +@@ -2104,8 +2167,6 @@ authentication_agent_initiate_challenge (AuthenticationAgent *agent, + &localized_icon_name, + &localized_details); + +- cookie = authentication_agent_new_cookie (agent); +- + identities = NULL; + + /* select admin user if required by the implicit authorization */ +@@ -2125,7 +2186,6 @@ authentication_agent_initiate_challenge (AuthenticationAgent *agent, + } + + session = authentication_session_new (agent, +- cookie, + subject, + user_of_subject, + caller, +@@ -2179,7 +2239,6 @@ authentication_agent_initiate_challenge (AuthenticationAgent *agent, + + g_list_foreach (identities, (GFunc) g_object_unref, NULL); + g_list_free (identities); +- g_free (cookie); + + g_free (localized_message); + g_free (localized_icon_name); +@@ -2326,7 +2385,9 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken + goto out; + } + +- agent = authentication_agent_new (subject, ++ priv->agent_serial++; ++ agent = authentication_agent_new (priv->agent_serial, ++ subject, + polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (caller)), + locale, + object_path, diff --git a/patches/0.113/Don-t-discard-error-data-returned-by-polkit_system_b.patch b/patches/0.113/Don-t-discard-error-data-returned-by-polkit_system_b.patch new file mode 100644 index 00000000..0eb7ec16 --- /dev/null +++ b/patches/0.113/Don-t-discard-error-data-returned-by-polkit_system_b.patch @@ -0,0 +1,25 @@ +From: =?utf-8?q?Miloslav_Trma=C4=8D?= +Date: Mon, 11 Nov 2013 23:51:23 +0100 +Subject: Don't discard error data returned by + polkit_system_bus_name_get_user_sync + +Bug: https://bugs.freedesktop.org/show_bug.cgi?id=71458 +Origin: upstream, 0.113, commit: 145d43b9c891f248ad68ebe597cb151a865bdb3a +Bug-Debian: https://bugs.debian.org/798769 +--- + src/polkitbackend/polkitbackendsessionmonitor.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/polkitbackend/polkitbackendsessionmonitor.c b/src/polkitbackend/polkitbackendsessionmonitor.c +index 05f51c5..e1a9ab3 100644 +--- a/src/polkitbackend/polkitbackendsessionmonitor.c ++++ b/src/polkitbackend/polkitbackendsessionmonitor.c +@@ -306,7 +306,7 @@ polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor + } + else if (POLKIT_IS_SYSTEM_BUS_NAME (subject)) + { +- ret = (PolkitIdentity*)polkit_system_bus_name_get_user_sync (POLKIT_SYSTEM_BUS_NAME (subject), NULL, NULL); ++ ret = (PolkitIdentity*)polkit_system_bus_name_get_user_sync (POLKIT_SYSTEM_BUS_NAME (subject), NULL, error); + } + else if (POLKIT_IS_UNIX_SESSION (subject)) + { diff --git a/patches/0.113/Fix-a-crash-when-two-authentication-requests-are-in-.patch b/patches/0.113/Fix-a-crash-when-two-authentication-requests-are-in-.patch new file mode 100644 index 00000000..ee44531d --- /dev/null +++ b/patches/0.113/Fix-a-crash-when-two-authentication-requests-are-in-.patch @@ -0,0 +1,36 @@ +From: =?utf-8?q?Miloslav_Trma=C4=8D?= +Date: Sat, 6 Jun 2015 01:07:08 +0200 +Subject: Fix a crash when two authentication requests are in flight. + +To reproduce: +1. pkttyagent -p $$ # or another suitable PID +2. pkcheck -p $that_pid -a org.freedesktop.policykit.exec -u +3. pkcheck -p $that_pid -a org.freedesktop.policykit.exec -u +4. Then, in the pkttyagent prompt, press Enter. + +polkit_agent_text_listener_initiate_authentication was already setting +an appropriate error code, so the g_assert was unnecessary. + +Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90879 +Origin: upstream, 0.113, commit:e2d2fafd106624ddfea4b17d3f40704b2031c00b +--- + src/polkitagent/polkitagenttextlistener.c | 2 -- + 1 file changed, 2 deletions(-) + +diff --git a/src/polkitagent/polkitagenttextlistener.c b/src/polkitagent/polkitagenttextlistener.c +index b5c8a3f..e63c285 100644 +--- a/src/polkitagent/polkitagenttextlistener.c ++++ b/src/polkitagent/polkitagenttextlistener.c +@@ -546,12 +546,10 @@ polkit_agent_text_listener_initiate_authentication_finish (PolkitAgentListener + GAsyncResult *res, + GError **error) + { +- PolkitAgentTextListener *listener = POLKIT_AGENT_TEXT_LISTENER (_listener); + gboolean ret; + + g_warn_if_fail (g_simple_async_result_get_source_tag (G_SIMPLE_ASYNC_RESULT (res)) == + polkit_agent_text_listener_initiate_authentication); +- g_assert (listener->active_session == NULL); + + ret = FALSE; + diff --git a/patches/0.113/Fix-a-memory-leak-when-registering-an-authentication.patch b/patches/0.113/Fix-a-memory-leak-when-registering-an-authentication.patch new file mode 100644 index 00000000..b7fdcf46 --- /dev/null +++ b/patches/0.113/Fix-a-memory-leak-when-registering-an-authentication.patch @@ -0,0 +1,22 @@ +From: =?utf-8?q?Miloslav_Trma=C4=8D?= +Date: Tue, 1 Jul 2014 20:00:48 +0200 +Subject: Fix a memory leak when registering an authentication agent + +Bug: https://bugs.freedesktop.org/show_bug.cgi?id=69501 +Origin: upstream, 0.113, commit:ec039f9d7ede5b839f5511e26d5cd6ae9107cb2e +--- + src/polkitbackend/polkitbackendauthority.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/polkitbackend/polkitbackendauthority.c b/src/polkitbackend/polkitbackendauthority.c +index 39eb5b9..afe5b90 100644 +--- a/src/polkitbackend/polkitbackendauthority.c ++++ b/src/polkitbackend/polkitbackendauthority.c +@@ -900,6 +900,7 @@ server_handle_register_authentication_agent (Server *server, + g_dbus_method_invocation_return_value (invocation, g_variant_new ("()")); + + out: ++ g_variant_unref (subject_gvariant); + if (subject != NULL) + g_object_unref (subject); + } diff --git a/patches/0.113/Fix-a-per-authorization-memory-leak.patch b/patches/0.113/Fix-a-per-authorization-memory-leak.patch new file mode 100644 index 00000000..eaafed64 --- /dev/null +++ b/patches/0.113/Fix-a-per-authorization-memory-leak.patch @@ -0,0 +1,49 @@ +From: =?utf-8?q?Miloslav_Trma=C4=8D?= +Date: Tue, 1 Jul 2014 20:00:48 +0200 +Subject: Fix a per-authorization memory leak + +We were leaking PolkitAuthorizationResult on every request, primarily on +the success path, but also on various error paths as well. + +Bug: https://bugs.freedesktop.org/show_bug.cgi?id=69501 +Origin: upstream, 0.113, commit:0f5852a4bdabe377ddcdbed09a0c1f95710e17fe +--- + src/polkitbackend/polkitbackendauthority.c | 1 + + src/polkitbackend/polkitbackendinteractiveauthority.c | 5 ++++- + 2 files changed, 5 insertions(+), 1 deletion(-) + +diff --git a/src/polkitbackend/polkitbackendauthority.c b/src/polkitbackend/polkitbackendauthority.c +index 10b8af3..39eb5b9 100644 +--- a/src/polkitbackend/polkitbackendauthority.c ++++ b/src/polkitbackend/polkitbackendauthority.c +@@ -714,6 +714,7 @@ check_auth_cb (GObject *source_object, + g_variant_ref_sink (value); + g_dbus_method_invocation_return_value (data->invocation, g_variant_new ("(@(bba{ss}))", value)); + g_variant_unref (value); ++ g_object_unref (result); + } + + check_auth_data_free (data); +diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c +index 5e29af2..73d0a0e 100644 +--- a/src/polkitbackend/polkitbackendinteractiveauthority.c ++++ b/src/polkitbackend/polkitbackendinteractiveauthority.c +@@ -1015,7 +1015,7 @@ polkit_backend_interactive_authority_check_authorization (PolkitBackendAuthority + + /* Otherwise just return the result */ + g_simple_async_result_set_op_res_gpointer (simple, +- result, ++ g_object_ref (result), + g_object_unref); + g_simple_async_result_complete (simple); + g_object_unref (simple); +@@ -1032,6 +1032,9 @@ polkit_backend_interactive_authority_check_authorization (PolkitBackendAuthority + g_free (subject_str); + g_free (user_of_caller_str); + g_free (user_of_subject_str); ++ ++ if (result != NULL) ++ g_object_unref (result); + } + + /* ---------------------------------------------------------------------------------------------------- */ diff --git a/patches/0.113/Fix-a-possible-NULL-dereference.patch b/patches/0.113/Fix-a-possible-NULL-dereference.patch new file mode 100644 index 00000000..ba685eb9 --- /dev/null +++ b/patches/0.113/Fix-a-possible-NULL-dereference.patch @@ -0,0 +1,35 @@ +From: =?utf-8?q?Miloslav_Trma=C4=8D?= +Date: Wed, 11 Jun 2014 22:36:50 +0200 +Subject: Fix a possible NULL dereference. +MIME-Version: 1.0 +Content-Type: text/plain; charset="utf-8" +Content-Transfer-Encoding: 8bit + +polkit_backend_session_monitor_get_user_for_subject() may return NULL +(and because it is using external processes, we can’t really rule it +out). The code was already anticipating NULL in the cleanup section, so +handle it also when actually using the value. + +Bug: https://bugs.freedesktop.org/show_bug.cgi?id=80767 +Origin: upstream, 0.113, commit:6109543303def367b84eaac97d2ff9cefe735efb +--- + src/polkitbackend/polkitbackendinteractiveauthority.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c +index 25e13fb..00ee044 100644 +--- a/src/polkitbackend/polkitbackendinteractiveauthority.c ++++ b/src/polkitbackend/polkitbackendinteractiveauthority.c +@@ -557,7 +557,11 @@ log_result (PolkitBackendInteractiveAuthority *authority, + user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, subject, NULL); + + subject_str = polkit_subject_to_string (subject); +- user_of_subject_str = polkit_identity_to_string (user_of_subject); ++ ++ if (user_of_subject != NULL) ++ user_of_subject_str = polkit_identity_to_string (user_of_subject); ++ else ++ user_of_subject_str = g_strdup (""); + caller_str = polkit_subject_to_string (caller); + + subject_cmdline = _polkit_subject_get_cmdline (subject); diff --git a/patches/0.113/Fix-duplicate-GError-use-when-uid-is-missing.patch b/patches/0.113/Fix-duplicate-GError-use-when-uid-is-missing.patch new file mode 100644 index 00000000..f11cb3df --- /dev/null +++ b/patches/0.113/Fix-duplicate-GError-use-when-uid-is-missing.patch @@ -0,0 +1,32 @@ +From: =?utf-8?q?Miloslav_Trma=C4=8D?= +Date: Mon, 15 Sep 2014 19:45:15 +0200 +Subject: Fix duplicate GError use when "uid" is missing + +Some GLib versions complain loudly about this. + +To reproduce, call e.g. RegisterAuthenticationAgent with the following +parameters: +("unix-process", {"pid": __import__('gi.repository.GLib', globals(), +locals(), ['Variant']).Variant("u", 1), "start-time": +__import__('gi.repository.GLib', globals(), locals(), +['Variant']).Variant("t", 1)}), "cs", "/" + +Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90877 +Origin: upstream, 0.113, commit:2c8738941be18ef05ce724df46547f41dbc02fb5 +--- + src/polkit/polkitsubject.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/polkit/polkitsubject.c b/src/polkit/polkitsubject.c +index aed5795..78ec745 100644 +--- a/src/polkit/polkitsubject.c ++++ b/src/polkit/polkitsubject.c +@@ -424,7 +424,7 @@ polkit_subject_new_for_gvariant (GVariant *variant, + start_time = g_variant_get_uint64 (v); + g_variant_unref (v); + +- v = lookup_asv (details_gvariant, "uid", G_VARIANT_TYPE_INT32, error); ++ v = lookup_asv (details_gvariant, "uid", G_VARIANT_TYPE_INT32, NULL); + if (v != NULL) + { + uid = g_variant_get_int32 (v); diff --git a/patches/0.113/Fix-use-after-free-in-polkitagentsession.c.patch b/patches/0.113/Fix-use-after-free-in-polkitagentsession.c.patch new file mode 100644 index 00000000..6f7bd356 --- /dev/null +++ b/patches/0.113/Fix-use-after-free-in-polkitagentsession.c.patch @@ -0,0 +1,32 @@ +From: =?utf-8?q?Miloslav_Trma=C4=8D?= +Date: Tue, 14 Apr 2015 22:27:41 +0200 +Subject: Fix use-after-free in polkitagentsession.c + +PolkitAgentTextListener's "completed" handler drops the last reference +to the session; in fact this is explicitly recommended in the signal's +documentation. So we must not access any members of session after +emitting the signal. + +Found while dealing with +https://bugs.freedesktop.org/show_bug.cgi?id=69501 + +Origin: upstream, 0.113, commit:efb6cd56a423ba15bb1f44ee3c4987aad5a5fd45 +--- + src/polkitagent/polkitagentsession.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/polkitagent/polkitagentsession.c b/src/polkitagent/polkitagentsession.c +index 6a3d6bc..46fbaf0 100644 +--- a/src/polkitagent/polkitagentsession.c ++++ b/src/polkitagent/polkitagentsession.c +@@ -412,8 +412,9 @@ complete_session (PolkitAgentSession *session, + { + if (G_UNLIKELY (_show_debug ())) + g_print ("PolkitAgentSession: emitting ::completed(%s)\n", result ? "TRUE" : "FALSE"); +- g_signal_emit_by_name (session, "completed", result); + session->have_emitted_completed = TRUE; ++ /* Note that the signal handler may drop the last reference to session. */ ++ g_signal_emit_by_name (session, "completed", result); + } + } + diff --git a/patches/0.113/Fixed-compilation-problem-in-the-backend.patch b/patches/0.113/Fixed-compilation-problem-in-the-backend.patch new file mode 100644 index 00000000..ccbbcb74 --- /dev/null +++ b/patches/0.113/Fixed-compilation-problem-in-the-backend.patch @@ -0,0 +1,23 @@ +From: Xabier Rodriguez Calvar +Date: Sun, 10 Nov 2013 19:16:41 +0100 +Subject: Fixed compilation problem in the backend + +Origin: upstream, 0.113, commit: dbbb7dc60abdd970af0a8fae404484181fa909c9 +Bug-Debian: https://bugs.debian.org/798769 +--- + src/polkitbackend/polkitbackendsessionmonitor.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/polkitbackend/polkitbackendsessionmonitor.c b/src/polkitbackend/polkitbackendsessionmonitor.c +index 4075d3f..05f51c5 100644 +--- a/src/polkitbackend/polkitbackendsessionmonitor.c ++++ b/src/polkitbackend/polkitbackendsessionmonitor.c +@@ -306,7 +306,7 @@ polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor + } + else if (POLKIT_IS_SYSTEM_BUS_NAME (subject)) + { +- ret = (PolkitIdentity*)polkit_system_bus_name_get_user_sync (POLKIT_SYSTEM_BUS_NAME (subject)); ++ ret = (PolkitIdentity*)polkit_system_bus_name_get_user_sync (POLKIT_SYSTEM_BUS_NAME (subject), NULL, NULL); + } + else if (POLKIT_IS_UNIX_SESSION (subject)) + { diff --git a/patches/0.113/PolkitSystemBusName-Add-public-API-to-retrieve-Unix-.patch b/patches/0.113/PolkitSystemBusName-Add-public-API-to-retrieve-Unix-.patch new file mode 100644 index 00000000..a162aef3 --- /dev/null +++ b/patches/0.113/PolkitSystemBusName-Add-public-API-to-retrieve-Unix-.patch @@ -0,0 +1,166 @@ +From: Colin Walters +Date: Wed, 21 Aug 2013 12:23:55 -0400 +Subject: PolkitSystemBusName: Add public API to retrieve Unix user + +And change the duplicated code in the backend session monitors to use +it. This just a code cleanup resulting from review after +CVE-2013-4288. There's no security impact from this patch, it just +removes duplicated code. + +Bug: https://bugs.freedesktop.org/show_bug.cgi?id=69538 +Origin: upstream, 0.113, commit:904d8404d93dec45fce3b719eb1a626acc6b8a73 +--- + src/polkit/polkitsystembusname.c | 56 ++++++++++++++++++++++ + src/polkit/polkitsystembusname.h | 4 ++ + .../polkitbackendsessionmonitor-systemd.c | 20 +------- + src/polkitbackend/polkitbackendsessionmonitor.c | 20 +------- + 4 files changed, 62 insertions(+), 38 deletions(-) + +diff --git a/src/polkit/polkitsystembusname.c b/src/polkit/polkitsystembusname.c +index 2a297c4..51e4a69 100644 +--- a/src/polkit/polkitsystembusname.c ++++ b/src/polkit/polkitsystembusname.c +@@ -25,6 +25,7 @@ + + #include + #include "polkitsystembusname.h" ++#include "polkitunixuser.h" + #include "polkitsubject.h" + #include "polkitprivate.h" + +@@ -396,3 +397,58 @@ polkit_system_bus_name_get_process_sync (PolkitSystemBusName *system_bus_name, + return ret; + } + ++/** ++ * polkit_system_bus_name_get_user_sync: ++ * @system_bus_name: A #PolkitSystemBusName. ++ * @cancellable: (allow-none): A #GCancellable or %NULL. ++ * @error: (allow-none): Return location for error or %NULL. ++ * ++ * Synchronously gets a #PolkitUnixUser object for @system_bus_name; ++ * the calling thread is blocked until a reply is received. ++ * ++ * Returns: (allow-none) (transfer full): A #PolkitUnixUser object or %NULL if @error is set. ++ **/ ++PolkitUnixUser * ++polkit_system_bus_name_get_user_sync (PolkitSystemBusName *system_bus_name, ++ GCancellable *cancellable, ++ GError **error) ++{ ++ GDBusConnection *connection; ++ PolkitUnixUser *ret; ++ GVariant *result; ++ guint32 uid; ++ ++ g_return_val_if_fail (POLKIT_IS_SYSTEM_BUS_NAME (system_bus_name), NULL); ++ g_return_val_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable), NULL); ++ g_return_val_if_fail (error == NULL || *error == NULL, NULL); ++ ++ ret = NULL; ++ ++ connection = g_bus_get_sync (G_BUS_TYPE_SYSTEM, cancellable, error); ++ if (connection == NULL) ++ goto out; ++ ++ result = g_dbus_connection_call_sync (connection, ++ "org.freedesktop.DBus", /* name */ ++ "/org/freedesktop/DBus", /* object path */ ++ "org.freedesktop.DBus", /* interface name */ ++ "GetConnectionUnixUser", /* method */ ++ g_variant_new ("(s)", system_bus_name->name), ++ G_VARIANT_TYPE ("(u)"), ++ G_DBUS_CALL_FLAGS_NONE, ++ -1, ++ cancellable, ++ error); ++ if (result == NULL) ++ goto out; ++ ++ g_variant_get (result, "(u)", &uid); ++ g_variant_unref (result); ++ ++ ret = (PolkitUnixUser*)polkit_unix_user_new (uid); ++ ++ out: ++ if (connection != NULL) ++ g_object_unref (connection); ++ return ret; ++} +diff --git a/src/polkit/polkitsystembusname.h b/src/polkit/polkitsystembusname.h +index 1fc464f..38d31f7 100644 +--- a/src/polkit/polkitsystembusname.h ++++ b/src/polkit/polkitsystembusname.h +@@ -56,6 +56,10 @@ PolkitSubject *polkit_system_bus_name_get_process_sync (PolkitSystemBusName + GCancellable *cancellable, + GError **error); + ++PolkitUnixUser * polkit_system_bus_name_get_user_sync (PolkitSystemBusName *system_bus_name, ++ GCancellable *cancellable, ++ GError **error); ++ + G_END_DECLS + + #endif /* __POLKIT_SYSTEM_BUS_NAME_H */ +diff --git a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c +index 58593c3..0185310 100644 +--- a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c ++++ b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c +@@ -277,25 +277,7 @@ polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor + } + else if (POLKIT_IS_SYSTEM_BUS_NAME (subject)) + { +- GVariant *result; +- +- result = g_dbus_connection_call_sync (monitor->system_bus, +- "org.freedesktop.DBus", +- "/org/freedesktop/DBus", +- "org.freedesktop.DBus", +- "GetConnectionUnixUser", +- g_variant_new ("(s)", polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (subject))), +- G_VARIANT_TYPE ("(u)"), +- G_DBUS_CALL_FLAGS_NONE, +- -1, /* timeout_msec */ +- NULL, /* GCancellable */ +- error); +- if (result == NULL) +- goto out; +- g_variant_get (result, "(u)", &uid); +- g_variant_unref (result); +- +- ret = polkit_unix_user_new (uid); ++ ret = (PolkitIdentity*)polkit_system_bus_name_get_user_sync (POLKIT_SYSTEM_BUS_NAME (subject), NULL, error); + } + else if (POLKIT_IS_UNIX_SESSION (subject)) + { +diff --git a/src/polkitbackend/polkitbackendsessionmonitor.c b/src/polkitbackend/polkitbackendsessionmonitor.c +index 9c331b6..4075d3f 100644 +--- a/src/polkitbackend/polkitbackendsessionmonitor.c ++++ b/src/polkitbackend/polkitbackendsessionmonitor.c +@@ -306,25 +306,7 @@ polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor + } + else if (POLKIT_IS_SYSTEM_BUS_NAME (subject)) + { +- GVariant *result; +- +- result = g_dbus_connection_call_sync (monitor->system_bus, +- "org.freedesktop.DBus", +- "/org/freedesktop/DBus", +- "org.freedesktop.DBus", +- "GetConnectionUnixUser", +- g_variant_new ("(s)", polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (subject))), +- G_VARIANT_TYPE ("(u)"), +- G_DBUS_CALL_FLAGS_NONE, +- -1, /* timeout_msec */ +- NULL, /* GCancellable */ +- error); +- if (result == NULL) +- goto out; +- g_variant_get (result, "(u)", &uid); +- g_variant_unref (result); +- +- ret = polkit_unix_user_new (uid); ++ ret = (PolkitIdentity*)polkit_system_bus_name_get_user_sync (POLKIT_SYSTEM_BUS_NAME (subject)); + } + else if (POLKIT_IS_UNIX_SESSION (subject)) + { diff --git a/patches/0.113/PolkitSystemBusName-Retrieve-both-pid-and-uid.patch b/patches/0.113/PolkitSystemBusName-Retrieve-both-pid-and-uid.patch new file mode 100644 index 00000000..cef66cd1 --- /dev/null +++ b/patches/0.113/PolkitSystemBusName-Retrieve-both-pid-and-uid.patch @@ -0,0 +1,235 @@ +From: Colin Walters +Date: Sat, 9 Nov 2013 09:32:52 -0500 +Subject: PolkitSystemBusName: Retrieve both pid and uid + +For polkit_system_bus_name_get_process_sync(), as pointed out by +Miloslav Trmac, we can securely retrieve the owner uid as well from +the system bus, rather than (racily) looking it up internally. + +This avoids use of a deprecated API. + +However, this is not a security fix because nothing in the polkit +codebase itself actually retrieves the uid from the result of this API +call. But, it might be useful in the future. + +Origin: upstream, 0.113, commit:bfa5036bfb93582c5a87c44b847957479d911e38 +--- + src/polkit/polkitsystembusname.c | 171 +++++++++++++++++++++++++++------------ + 1 file changed, 118 insertions(+), 53 deletions(-) + +diff --git a/src/polkit/polkitsystembusname.c b/src/polkit/polkitsystembusname.c +index 51e4a69..8daa12c 100644 +--- a/src/polkit/polkitsystembusname.c ++++ b/src/polkit/polkitsystembusname.c +@@ -341,6 +341,116 @@ subject_iface_init (PolkitSubjectIface *subject_iface) + + /* ---------------------------------------------------------------------------------------------------- */ + ++typedef struct { ++ GError **error; ++ guint retrieved_uid : 1; ++ guint retrieved_pid : 1; ++ guint caught_error : 1; ++ ++ guint32 uid; ++ guint32 pid; ++} AsyncGetBusNameCredsData; ++ ++static void ++on_retrieved_unix_uid_pid (GObject *src, ++ GAsyncResult *res, ++ gpointer user_data) ++{ ++ AsyncGetBusNameCredsData *data = user_data; ++ GVariant *v; ++ ++ v = g_dbus_connection_call_finish ((GDBusConnection*)src, res, ++ data->caught_error ? NULL : data->error); ++ if (!v) ++ { ++ data->caught_error = TRUE; ++ } ++ else ++ { ++ guint32 value; ++ g_variant_get (v, "(u)", &value); ++ g_variant_unref (v); ++ if (!data->retrieved_uid) ++ { ++ data->retrieved_uid = TRUE; ++ data->uid = value; ++ } ++ else ++ { ++ g_assert (!data->retrieved_pid); ++ data->retrieved_pid = TRUE; ++ data->pid = value; ++ } ++ } ++} ++ ++static gboolean ++polkit_system_bus_name_get_creds_sync (PolkitSystemBusName *system_bus_name, ++ guint32 *out_uid, ++ guint32 *out_pid, ++ GCancellable *cancellable, ++ GError **error) ++{ ++ gboolean ret = FALSE; ++ AsyncGetBusNameCredsData data = { 0, }; ++ GDBusConnection *connection = NULL; ++ GMainContext *tmp_context = NULL; ++ ++ connection = g_bus_get_sync (G_BUS_TYPE_SYSTEM, cancellable, error); ++ if (connection == NULL) ++ goto out; ++ ++ data.error = error; ++ ++ tmp_context = g_main_context_new (); ++ g_main_context_push_thread_default (tmp_context); ++ ++ /* Do two async calls as it's basically as fast as one sync call. ++ */ ++ g_dbus_connection_call (connection, ++ "org.freedesktop.DBus", /* name */ ++ "/org/freedesktop/DBus", /* object path */ ++ "org.freedesktop.DBus", /* interface name */ ++ "GetConnectionUnixUser", /* method */ ++ g_variant_new ("(s)", system_bus_name->name), ++ G_VARIANT_TYPE ("(u)"), ++ G_DBUS_CALL_FLAGS_NONE, ++ -1, ++ cancellable, ++ on_retrieved_unix_uid_pid, ++ &data); ++ g_dbus_connection_call (connection, ++ "org.freedesktop.DBus", /* name */ ++ "/org/freedesktop/DBus", /* object path */ ++ "org.freedesktop.DBus", /* interface name */ ++ "GetConnectionUnixProcessID", /* method */ ++ g_variant_new ("(s)", system_bus_name->name), ++ G_VARIANT_TYPE ("(u)"), ++ G_DBUS_CALL_FLAGS_NONE, ++ -1, ++ cancellable, ++ on_retrieved_unix_uid_pid, ++ &data); ++ ++ while (!((data.retrieved_uid && data.retrieved_pid) || data.caught_error)) ++ g_main_context_iteration (tmp_context, TRUE); ++ ++ if (out_uid) ++ *out_uid = data.uid; ++ if (out_pid) ++ *out_pid = data.pid; ++ ret = TRUE; ++ out: ++ if (tmp_context) ++ { ++ g_main_context_pop_thread_default (tmp_context); ++ g_main_context_unref (tmp_context); ++ } ++ if (connection != NULL) ++ g_object_unref (connection); ++ return ret; ++} ++ + /** + * polkit_system_bus_name_get_process_sync: + * @system_bus_name: A #PolkitSystemBusName. +@@ -357,43 +467,21 @@ polkit_system_bus_name_get_process_sync (PolkitSystemBusName *system_bus_name, + GCancellable *cancellable, + GError **error) + { +- GDBusConnection *connection; +- PolkitSubject *ret; +- GVariant *result; ++ PolkitSubject *ret = NULL; + guint32 pid; ++ guint32 uid; + + g_return_val_if_fail (POLKIT_IS_SYSTEM_BUS_NAME (system_bus_name), NULL); + g_return_val_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable), NULL); + g_return_val_if_fail (error == NULL || *error == NULL, NULL); + +- ret = NULL; +- +- connection = g_bus_get_sync (G_BUS_TYPE_SYSTEM, cancellable, error); +- if (connection == NULL) ++ if (!polkit_system_bus_name_get_creds_sync (system_bus_name, &uid, &pid, ++ cancellable, error)) + goto out; + +- result = g_dbus_connection_call_sync (connection, +- "org.freedesktop.DBus", /* name */ +- "/org/freedesktop/DBus", /* object path */ +- "org.freedesktop.DBus", /* interface name */ +- "GetConnectionUnixProcessID", /* method */ +- g_variant_new ("(s)", system_bus_name->name), +- G_VARIANT_TYPE ("(u)"), +- G_DBUS_CALL_FLAGS_NONE, +- -1, +- cancellable, +- error); +- if (result == NULL) +- goto out; +- +- g_variant_get (result, "(u)", &pid); +- g_variant_unref (result); +- +- ret = polkit_unix_process_new (pid); ++ ret = polkit_unix_process_new_for_owner (pid, 0, uid); + + out: +- if (connection != NULL) +- g_object_unref (connection); + return ret; + } + +@@ -413,42 +501,19 @@ polkit_system_bus_name_get_user_sync (PolkitSystemBusName *system_bus_name, + GCancellable *cancellable, + GError **error) + { +- GDBusConnection *connection; +- PolkitUnixUser *ret; +- GVariant *result; ++ PolkitUnixUser *ret = NULL; + guint32 uid; + + g_return_val_if_fail (POLKIT_IS_SYSTEM_BUS_NAME (system_bus_name), NULL); + g_return_val_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable), NULL); + g_return_val_if_fail (error == NULL || *error == NULL, NULL); + +- ret = NULL; +- +- connection = g_bus_get_sync (G_BUS_TYPE_SYSTEM, cancellable, error); +- if (connection == NULL) +- goto out; +- +- result = g_dbus_connection_call_sync (connection, +- "org.freedesktop.DBus", /* name */ +- "/org/freedesktop/DBus", /* object path */ +- "org.freedesktop.DBus", /* interface name */ +- "GetConnectionUnixUser", /* method */ +- g_variant_new ("(s)", system_bus_name->name), +- G_VARIANT_TYPE ("(u)"), +- G_DBUS_CALL_FLAGS_NONE, +- -1, +- cancellable, +- error); +- if (result == NULL) ++ if (!polkit_system_bus_name_get_creds_sync (system_bus_name, &uid, NULL, ++ cancellable, error)) + goto out; + +- g_variant_get (result, "(u)", &uid); +- g_variant_unref (result); +- + ret = (PolkitUnixUser*)polkit_unix_user_new (uid); + + out: +- if (connection != NULL) +- g_object_unref (connection); + return ret; + } diff --git a/patches/0.113/Port-internals-non-deprecated-PolkitProcess-API-wher.patch b/patches/0.113/Port-internals-non-deprecated-PolkitProcess-API-wher.patch new file mode 100644 index 00000000..24d6a37d --- /dev/null +++ b/patches/0.113/Port-internals-non-deprecated-PolkitProcess-API-wher.patch @@ -0,0 +1,29 @@ +From: Colin Walters +Date: Sat, 9 Nov 2013 13:48:21 -0500 +Subject: Port internals non-deprecated PolkitProcess API where possible + +We can't port everything, but in PolkitPermission and these test +cases, we can use _for_owner() with the right information. + +[smcv: drop the part that touches +test/polkitbackend/test-polkitbackendjsauthority.c which is not +in this branch] + +Origin: upstream, 0.113, commit:6d3d0a8ffb0fd8ae59eb35593b305ec87da8858d +--- + src/polkit/polkitpermission.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/polkit/polkitpermission.c b/src/polkit/polkitpermission.c +index be794cb..f264094 100644 +--- a/src/polkit/polkitpermission.c ++++ b/src/polkit/polkitpermission.c +@@ -122,7 +122,7 @@ polkit_permission_constructed (GObject *object) + PolkitPermission *permission = POLKIT_PERMISSION (object); + + if (permission->subject == NULL) +- permission->subject = polkit_unix_process_new (getpid ()); ++ permission->subject = polkit_unix_process_new_for_owner (getpid (), 0, getuid ()); + + if (G_OBJECT_CLASS (polkit_permission_parent_class)->constructed != NULL) + G_OBJECT_CLASS (polkit_permission_parent_class)->constructed (object); diff --git a/patches/0.113/README-Note-to-send-security-reports-via-DBus-s-mech.patch b/patches/0.113/README-Note-to-send-security-reports-via-DBus-s-mech.patch new file mode 100644 index 00000000..94846996 --- /dev/null +++ b/patches/0.113/README-Note-to-send-security-reports-via-DBus-s-mech.patch @@ -0,0 +1,39 @@ +From: Colin Walters +Date: Thu, 4 Jun 2015 08:41:36 -0400 +Subject: README: Note to send security reports via DBus's mechanism + +This avoids duplicating effort. + +Origin: upstream, 0.113, commit:ccec766c509d16dab417582e94f43d906cefd4ae +--- + README | 18 +++++++++++++++++- + 1 file changed, 17 insertions(+), 1 deletion(-) + +diff --git a/README b/README +index b075162..0723002 100644 +--- a/README ++++ b/README +@@ -22,6 +22,22 @@ To verify the authenticity of the compressed tarball, use this command + BUGS and DEVELOPMENT + ==================== + +-Please report bugs via the freedesktop.org bugzilla at ++Please report non-security bugs via the freedesktop.org bugzilla at + + https://bugs.freedesktop.org/enter_bug.cgi?product=PolicyKit ++ ++SECURITY ISSUES ++=============== ++ ++polkit uses the same mechanism for reporting security issues as dbus, ++the most recent copy of instructions can be found in the DBus git ++repository: ++ ++http://cgit.freedesktop.org/dbus/dbus/tree/HACKING ++ ++A copy of the instructions as of 2015-06-04: ++ ++If you find a security vulnerability that is not known to the public, ++please report it privately to dbus-security@lists.freedesktop.org ++or by reporting a freedesktop.org bug that is marked as ++restricted to the "D-BUS security group". diff --git a/patches/0.113/Refuse-duplicate-user-arguments-to-pkexec.patch b/patches/0.113/Refuse-duplicate-user-arguments-to-pkexec.patch new file mode 100644 index 00000000..18635e58 --- /dev/null +++ b/patches/0.113/Refuse-duplicate-user-arguments-to-pkexec.patch @@ -0,0 +1,38 @@ +From: =?utf-8?q?Miloslav_Trma=C4=8D?= +Date: Tue, 26 Aug 2014 17:59:47 +0200 +Subject: Refuse duplicate --user arguments to pkexec + +This usage is clearly erroneous, so we should tell the users they are +making a mistake. + +Besides, this allows an attacker to cause a high number of heap +allocations with attacker-controlled sizes ( +http://googleprojectzero.blogspot.cz/2014/08/the-poisoned-nul-byte-2014-edition.html +), making some exploits easier. + +(To be clear, this is not a pkexec vulnerability, and we will not +refuse attacker-affected malloc() usage as a matter of policy; but this +commit is both user-friendly and adding some hardening.) + +Bug: https://bugs.freedesktop.org/show_bug.cgi?id=83093 +Origin: upstream, 0.113, commit:6c992bc8aefa195a41eaa41c07f46f17de18e25c +--- + src/programs/pkexec.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c +index 5e99044..abc660d 100644 +--- a/src/programs/pkexec.c ++++ b/src/programs/pkexec.c +@@ -533,6 +533,11 @@ main (int argc, char *argv[]) + goto out; + } + ++ if (opt_user != NULL) ++ { ++ g_printerr ("--user specified twice\n"); ++ goto out; ++ } + opt_user = g_strdup (argv[n]); + } + else if (strcmp (argv[n], "--disable-internal-agent") == 0) diff --git a/patches/0.113/Remove-a-redundant-assignment.patch b/patches/0.113/Remove-a-redundant-assignment.patch new file mode 100644 index 00000000..792ca7f2 --- /dev/null +++ b/patches/0.113/Remove-a-redundant-assignment.patch @@ -0,0 +1,26 @@ +From: =?utf-8?q?Miloslav_Trma=C4=8D?= +Date: Wed, 11 Jun 2014 22:44:28 +0200 +Subject: Remove a redundant assignment. + +Instead of a nonsensical (data = data), use the more customary +((void)data) to silence the warning about an unused parameter. + +Bug: https://bugs.freedesktop.org/show_bug.cgi?id=80767 +Origin: upstream, 0.113, commit:37143eb06cb0c4dffca67079dd1c10c5b191b6a7 +--- + src/polkitagent/polkitagenthelper-pam.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/polkitagent/polkitagenthelper-pam.c b/src/polkitagent/polkitagenthelper-pam.c +index 292abbe..937386e 100644 +--- a/src/polkitagent/polkitagenthelper-pam.c ++++ b/src/polkitagent/polkitagenthelper-pam.c +@@ -230,7 +230,7 @@ conversation_function (int n, const struct pam_message **msg, struct pam_respons + gchar *tmp = NULL; + size_t len; + +- data = data; ++ (void)data; + if (n <= 0 || n > PAM_MAX_NUM_MSG) + return PAM_CONV_ERR; + diff --git a/patches/0.113/docs-Update-for-changes-to-uid-binding-Authenticatio.patch b/patches/0.113/docs-Update-for-changes-to-uid-binding-Authenticatio.patch new file mode 100644 index 00000000..54e19bcf --- /dev/null +++ b/patches/0.113/docs-Update-for-changes-to-uid-binding-Authenticatio.patch @@ -0,0 +1,259 @@ +From: =?utf-8?q?Miloslav_Trma=C4=8D?= +Date: Wed, 17 Jun 2015 01:01:27 +0200 +Subject: docs: Update for changes to uid binding/AuthenticationAgentResponse2 + + - Refer to PolkitAgentSession in general instead of to _response only + - Revert to the original description of authentication cancellation, the + agent really needs to return an error to the caller (in addition to dealing + with the session if any). + - Explicitly document the UID assumption; in the process fixing bug #69980. + - Keep documenting that we need a sufficiently privileged caller. + - Refer to the ...Response2 API in more places. + - Also update docbook documentation. + - Drop a paragraph suggesting non-PolkitAgentSession implementations are + expected and commonplace. + +Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90837 +Reviewed-by: Colin Walters +Origin: upstream, 0.113, commit:fb5076b7c05d01a532d593a4079a29cf2d63a228 +Bug-Debian: https://bugs.debian.org/796134 +--- + ....freedesktop.PolicyKit1.AuthenticationAgent.xml | 6 +++--- + data/org.freedesktop.PolicyKit1.Authority.xml | 11 ++++++---- + ....freedesktop.PolicyKit1.AuthenticationAgent.xml | 7 +++++-- + ...erface-org.freedesktop.PolicyKit1.Authority.xml | 12 +++++++---- + docs/polkit/overview.xml | 8 ++++---- + src/polkit/polkitauthority.c | 24 ++++++++++++++++++++-- + src/polkitagent/polkitagentlistener.c | 5 +---- + src/polkitbackend/polkitbackendauthority.c | 1 + + 8 files changed, 51 insertions(+), 23 deletions(-) + +diff --git a/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml b/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml +index 5beef7d..482332f 100644 +--- a/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml ++++ b/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml +@@ -13,14 +13,14 @@ + user to authenticate as one of the identities in @identities for + the action with the identifier @action_id.This + authentication is normally achieved via the +- polkit_agent_session_response() API, which invokes a private ++ PolkitAgentSession API, which invokes a private + setuid helper process to verify the authentication. When + successful, it calls the + org.freedesktop.PolicyKit1.Authority.AuthenticationAgentResponse2() + method on the #org.freedesktop.PolicyKit1.Authority interface of + the PolicyKit daemon before returning. If the user dismisses the +- authentication dialog, the authentication agent should call +- polkit_agent_session_cancel()."/> ++ authentication dialog, the authentication agent should return an ++ error."/> + + + +diff --git a/data/org.freedesktop.PolicyKit1.Authority.xml b/data/org.freedesktop.PolicyKit1.Authority.xml +index f9021ee..88da3c0 100644 +--- a/data/org.freedesktop.PolicyKit1.Authority.xml ++++ b/data/org.freedesktop.PolicyKit1.Authority.xml +@@ -283,7 +283,7 @@ + + + +- ++ + + + +@@ -315,7 +315,8 @@ + + ++internal to polkit. This method will fail unless a sufficiently privileged ++caller invokes it. Deprecated in favor of org.freedesktop.PolicyKit1.Authority.AuthenticationAgentResponse2."/> + + + +@@ -330,11 +331,13 @@ internal to polkit."/> + + + + +- ++ + + + +diff --git a/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.AuthenticationAgent.xml b/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.AuthenticationAgent.xml +index ec59626..ab27b2f 100644 +--- a/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.AuthenticationAgent.xml ++++ b/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.AuthenticationAgent.xml +@@ -47,10 +47,13 @@ BeginAuthentication (IN String action_id, + identifier action_id.Upon + succesful authentication, the authentication agent must invoke + the AuthenticationAgentResponse() ++ linkend="eggdbus-method-org.freedesktop.PolicyKit1.Authority.AuthenticationAgentResponse2">AuthenticationAgentResponse2() + method on the org.freedesktop.PolicyKit1.Authority +- interface of the PolicyKit daemon before returning. ++ interface of the PolicyKit daemon before returning. This is normally ++ achieved via the PolkitAgentSession ++ API, which invokes a private setuid helper process to verify the ++ authentication. + + + The authentication agent should not return until after authentication is complete. +diff --git a/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml b/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml +index e66bf53..f2eed63 100644 +--- a/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml ++++ b/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml +@@ -42,7 +42,7 @@ Structure TemporaryAuth + IN String object_path) + AuthenticationAgentResponse (IN String cookie, + IN Identity identity) +-AuthenticationAgentResponse2 (IN uint32 uid, IN String cookie, ++AuthenticationAgentResponse2 (IN uint32 uid, IN String cookie, + IN Identity identity) + EnumerateTemporaryAuthorizations (IN Subject subject, + OUT Array<TemporaryAuthorization> temporary_authorizations) +@@ -701,7 +701,7 @@ RegisterAuthenticationAgent (IN Subject< + IN String object_path) + + +-Register an authentication agent.Note that current versions of PolicyKit will only work if session_id is set to the empty string. In the future it might work for non-empty strings if the caller is sufficiently privileged. ++Register an authentication agent.Note that this should be called by same effective UID which will be passed to AuthenticationAgentResponse2(). + + + +@@ -781,7 +781,8 @@ AuthenticationAgentResponse (IN String cookie, + + Method for authentication agents to invoke on successful + authentication, intended only for use by a privileged helper process +-internal to polkit. Deprecated in favor of AuthenticationAgentResponse2. ++internal to polkit. This method will fail unless a sufficiently privileged +++caller invokes it. Deprecated in favor of AuthenticationAgentResponse2(). + + + +@@ -812,7 +813,10 @@ AuthenticationAgentResponse2 (IN uint32 uid, + + Method for authentication agents to invoke on successful + authentication, intended only for use by a privileged helper process +-internal to polkit. Note this method was introduced in 0.114 to fix a security issue. ++internal to polkit. This method will fail unless a sufficiently privileged ++caller invokes it. Note this method was introduced in 0.114 and should be ++preferred over AuthenticationAgentResponse() ++as it fixes a security issue. + + + +diff --git a/docs/polkit/overview.xml b/docs/polkit/overview.xml +index c29d8da..8ddb34c 100644 +--- a/docs/polkit/overview.xml ++++ b/docs/polkit/overview.xml +@@ -73,11 +73,11 @@ + linkend="eggdbus-interface-org.freedesktop.PolicyKit1.AuthenticationAgent">org.freedesktop.PolicyKit1.AuthenticationAgent + D-Bus interface. Once the user is authenticated, (a privileged + part of) the agent invokes the AuthenticationAgentResponse() ++ linkend="eggdbus-method-org.freedesktop.PolicyKit1.Authority.AuthenticationAgentResponse2">AuthenticationAgentResponse2() + method. This method should be treated as an internal +- implementation detail, and callers should use the public shared +- library API to invoke it, which currently uses a setuid helper +- program. ++ implementation detail, and callers should use the ++ PolkitAgentSession API to invoke ++ it, which currently uses a setuid helper program. + + + The libpolkit-agent-1 +diff --git a/src/polkit/polkitauthority.c b/src/polkit/polkitauthority.c +index f45abc4..4e882e6 100644 +--- a/src/polkit/polkitauthority.c ++++ b/src/polkit/polkitauthority.c +@@ -1038,6 +1038,10 @@ polkit_authority_check_authorization_sync (PolkitAuthority *author + * + * Asynchronously registers an authentication agent. + * ++ * Note that this should be called by the same effective UID which will be ++ * the real UID using the #PolkitAgentSession API or otherwise calling ++ * polkit_authority_authentication_agent_response(). ++ * + * When the operation is finished, @callback will be invoked in the + * thread-default + * main loop of the thread you are calling this method +@@ -1129,7 +1133,13 @@ polkit_authority_register_authentication_agent_finish (PolkitAuthority *authorit + * @cancellable: (allow-none): A #GCancellable or %NULL. + * @error: (allow-none): Return location for error or %NULL. + * +- * Registers an authentication agent. The calling thread is blocked ++ * Registers an authentication agent. ++ * ++ * Note that this should be called by the same effective UID which will be ++ * the real UID using the #PolkitAgentSession API or otherwise calling ++ * polkit_authority_authentication_agent_response(). ++ * ++ * The calling thread is blocked + * until a reply is received. See + * polkit_authority_register_authentication_agent() for the + * asynchronous version. +@@ -1178,6 +1188,10 @@ polkit_authority_register_authentication_agent_sync (PolkitAuthority *author + * + * Asynchronously registers an authentication agent. + * ++ * Note that this should be called by the same effective UID which will be ++ * the real UID using the #PolkitAgentSession API or otherwise calling ++ * polkit_authority_authentication_agent_response(). ++ * + * When the operation is finished, @callback will be invoked in the + * thread-default + * main loop of the thread you are calling this method +@@ -1292,7 +1306,13 @@ polkit_authority_register_authentication_agent_with_options_finish (PolkitAuthor + * @cancellable: (allow-none): A #GCancellable or %NULL. + * @error: (allow-none): Return location for error or %NULL. + * +- * Registers an authentication agent. The calling thread is blocked ++ * Registers an authentication agent. ++ * ++ * Note that this should be called by the same effective UID which will be ++ * the real UID using the #PolkitAgentSession API or otherwise calling ++ * polkit_authority_authentication_agent_response(). ++ * ++ * The calling thread is blocked + * until a reply is received. See + * polkit_authority_register_authentication_agent_with_options() for the + * asynchronous version. +diff --git a/src/polkitagent/polkitagentlistener.c b/src/polkitagent/polkitagentlistener.c +index 5bddd03..2bfda2d 100644 +--- a/src/polkitagent/polkitagentlistener.c ++++ b/src/polkitagent/polkitagentlistener.c +@@ -37,10 +37,7 @@ + * + * Typically authentication agents use #PolkitAgentSession to + * authenticate users (via passwords) and communicate back the +- * authentication result to the PolicyKit daemon. This is however not +- * requirement. Depending on the system an authentication agent may +- * use other means (such as a Yes/No dialog) to obtain sufficient +- * evidence that the user is one of the requested identities. ++ * authentication result to the PolicyKit daemon. + * + * To register a #PolkitAgentListener with the PolicyKit daemon, use + * polkit_agent_listener_register() or +diff --git a/src/polkitbackend/polkitbackendauthority.c b/src/polkitbackend/polkitbackendauthority.c +index d1b1a25..10b8af3 100644 +--- a/src/polkitbackend/polkitbackendauthority.c ++++ b/src/polkitbackend/polkitbackendauthority.c +@@ -343,6 +343,7 @@ polkit_backend_authority_unregister_authentication_agent (PolkitBackendAuthority + * polkit_backend_authority_authentication_agent_response: + * @authority: A #PolkitBackendAuthority. + * @caller: The system bus name that initiated the query. ++ * @uid: The real UID of the registered agent, or (uid_t)-1 if unknown. + * @cookie: The cookie passed to the authentication agent from the authority. + * @identity: The identity that was authenticated. + * @error: Return location for error or %NULL. diff --git a/patches/0.113/pkexec-Work-around-systemd-injecting-broken-XDG_RUNT.patch b/patches/0.113/pkexec-Work-around-systemd-injecting-broken-XDG_RUNT.patch new file mode 100644 index 00000000..e8e9b6b1 --- /dev/null +++ b/patches/0.113/pkexec-Work-around-systemd-injecting-broken-XDG_RUNT.patch @@ -0,0 +1,76 @@ +From: Colin Walters +Date: Thu, 21 Nov 2013 17:39:37 -0500 +Subject: pkexec: Work around systemd injecting broken XDG_RUNTIME_DIR + +This workaround isn't too much code, and it's often better to fix bugs +in two places anyways. + +For more information: + +See https://bugzilla.redhat.com/show_bug.cgi?id=753882 +See http://lists.freedesktop.org/archives/systemd-devel/2013-November/014370.html + +Origin: upstream, 0.113, commit:8635ffc16aeff6a07d675f861fe0dea03ea81d7e +--- + src/programs/pkexec.c | 33 ++++++++++++++++++++++++++++++--- + 1 file changed, 30 insertions(+), 3 deletions(-) + +diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c +index 9a0570a..5e99044 100644 +--- a/src/programs/pkexec.c ++++ b/src/programs/pkexec.c +@@ -139,8 +139,22 @@ pam_conversation_function (int n, + return PAM_CONV_ERR; + } + ++/* A work around for: ++ * https://bugzilla.redhat.com/show_bug.cgi?id=753882 ++ */ ++static gboolean ++xdg_runtime_dir_is_owned_by (const char *path, ++ uid_t target_uid) ++{ ++ struct stat stbuf; ++ ++ return stat (path, &stbuf) == 0 && ++ stbuf.st_uid == target_uid; ++} ++ + static gboolean +-open_session (const gchar *user_to_auth) ++open_session (const gchar *user_to_auth, ++ uid_t target_uid) + { + gboolean ret; + gint rc; +@@ -182,7 +196,19 @@ open_session (const gchar *user_to_auth) + { + guint n; + for (n = 0; envlist[n]; n++) +- putenv (envlist[n]); ++ { ++ const char *envitem = envlist[n]; ++ ++ if (g_str_has_prefix (envitem, "XDG_RUNTIME_DIR=")) ++ { ++ const char *eq = strchr (envitem, '='); ++ g_assert (eq); ++ if (!xdg_runtime_dir_is_owned_by (eq + 1, target_uid)) ++ continue; ++ } ++ ++ putenv (envlist[n]); ++ } + free (envlist); + } + +@@ -892,7 +918,8 @@ main (int argc, char *argv[]) + * As evident above, neither su(1) (and, for that matter, nor sudo(8)) does this. + */ + #ifdef POLKIT_AUTHFW_PAM +- if (!open_session (pw->pw_name)) ++ if (!open_session (pw->pw_name, ++ pw->pw_uid)) + { + goto out; + } diff --git a/patches/0.113/polkitd-Fix-problem-with-removing-non-existent-sourc.patch b/patches/0.113/polkitd-Fix-problem-with-removing-non-existent-sourc.patch new file mode 100644 index 00000000..1737020f --- /dev/null +++ b/patches/0.113/polkitd-Fix-problem-with-removing-non-existent-sourc.patch @@ -0,0 +1,23 @@ +From: Lukasz Skalski +Date: Tue, 22 Apr 2014 11:11:20 +0200 +Subject: polkitd: Fix problem with removing non-existent source + +Bug: https://bugs.freedesktop.org/show_bug.cgi?id=77167 +Applied-upstream: 0.113, commit:3ca4e00c7e003ea80aa96b499bc7cd83246d7108 +--- + src/polkitd/main.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/polkitd/main.c b/src/polkitd/main.c +index b21723f..f18fb91 100644 +--- a/src/polkitd/main.c ++++ b/src/polkitd/main.c +@@ -93,7 +93,7 @@ on_sigint (gpointer user_data) + { + g_print ("Handling SIGINT\n"); + g_main_loop_quit (loop); +- return FALSE; ++ return TRUE; + } + + int diff --git a/patches/0.113/sessionmonitor-systemd-Deduplicate-code-paths.patch b/patches/0.113/sessionmonitor-systemd-Deduplicate-code-paths.patch new file mode 100644 index 00000000..e7d0a4b7 --- /dev/null +++ b/patches/0.113/sessionmonitor-systemd-Deduplicate-code-paths.patch @@ -0,0 +1,104 @@ +From: Colin Walters +Date: Thu, 7 Nov 2013 15:57:50 -0500 +Subject: sessionmonitor-systemd: Deduplicate code paths + +We had the code to go from pid -> session duplicated. If we have a +PolkitSystemBusName, convert it to a PolkitUnixProcess. +Then we can do PolkitUnixProcess -> pid -> session in one place. + +This is just a code cleanup. + +Bug: https://bugs.freedesktop.org/show_bug.cgi?id=69538 +Origin: upstream, 0.113, commit:26d0c0578211fb96fc8fe75572aa11ad6ecbf9b8 +--- + .../polkitbackendsessionmonitor-systemd.c | 63 ++++++++-------------- + 1 file changed, 22 insertions(+), 41 deletions(-) + +diff --git a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c +index 0185310..756b728 100644 +--- a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c ++++ b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c +@@ -313,61 +313,42 @@ polkit_backend_session_monitor_get_session_for_subject (PolkitBackendSessionMoni + PolkitSubject *subject, + GError **error) + { +- PolkitSubject *session; +- +- session = NULL; ++ PolkitUnixProcess *tmp_process = NULL; ++ PolkitUnixProcess *process = NULL; ++ PolkitSubject *session = NULL; ++ char *session_id = NULL; ++ pid_t pid; + + if (POLKIT_IS_UNIX_PROCESS (subject)) +- { +- gchar *session_id; +- pid_t pid; +- +- pid = polkit_unix_process_get_pid (POLKIT_UNIX_PROCESS (subject)); +- if (sd_pid_get_session (pid, &session_id) < 0) +- goto out; +- +- session = polkit_unix_session_new (session_id); +- free (session_id); +- } ++ process = POLKIT_UNIX_PROCESS (subject); /* We already have a process */ + else if (POLKIT_IS_SYSTEM_BUS_NAME (subject)) + { +- guint32 pid; +- gchar *session_id; +- GVariant *result; +- +- result = g_dbus_connection_call_sync (monitor->system_bus, +- "org.freedesktop.DBus", +- "/org/freedesktop/DBus", +- "org.freedesktop.DBus", +- "GetConnectionUnixProcessID", +- g_variant_new ("(s)", polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (subject))), +- G_VARIANT_TYPE ("(u)"), +- G_DBUS_CALL_FLAGS_NONE, +- -1, /* timeout_msec */ +- NULL, /* GCancellable */ +- error); +- if (result == NULL) +- goto out; +- g_variant_get (result, "(u)", &pid); +- g_variant_unref (result); +- +- if (sd_pid_get_session (pid, &session_id) < 0) +- goto out; +- +- session = polkit_unix_session_new (session_id); +- free (session_id); ++ /* Convert bus name to process */ ++ tmp_process = (PolkitUnixProcess*)polkit_system_bus_name_get_process_sync (POLKIT_SYSTEM_BUS_NAME (subject), NULL, error); ++ if (!tmp_process) ++ goto out; ++ process = tmp_process; + } + else + { + g_set_error (error, + POLKIT_ERROR, + POLKIT_ERROR_NOT_SUPPORTED, +- "Cannot get user for subject of type %s", ++ "Cannot get session for subject of type %s", + g_type_name (G_TYPE_FROM_INSTANCE (subject))); + } + +- out: ++ /* Now do process -> pid -> session */ ++ g_assert (process != NULL); ++ pid = polkit_unix_process_get_pid (process); + ++ if (sd_pid_get_session (pid, &session_id) < 0) ++ goto out; ++ ++ session = polkit_unix_session_new (session_id); ++ free (session_id); ++ out: ++ if (tmp_process) g_object_unref (tmp_process); + return session; + } + diff --git a/patches/0.113/sessionmonitor-systemd-Use-sd_uid_get_state-to-check.patch b/patches/0.113/sessionmonitor-systemd-Use-sd_uid_get_state-to-check.patch new file mode 100644 index 00000000..7c0ca4bb --- /dev/null +++ b/patches/0.113/sessionmonitor-systemd-Use-sd_uid_get_state-to-check.patch @@ -0,0 +1,73 @@ +From: Philip Withnall +Date: Tue, 2 Jun 2015 16:19:51 +0100 +Subject: sessionmonitor-systemd: Use sd_uid_get_state() to check session + activity +MIME-Version: 1.0 +Content-Type: text/plain; charset="utf-8" +Content-Transfer-Encoding: 8bit + +Instead of using sd_pid_get_session() then sd_session_is_active() to +determine whether the user is active, use sd_uid_get_state() directly. +This gets the maximum of the states of all the user’s sessions, rather +than the state of the session containing the subject process. Since the +user is the security boundary, this is fine. + +This change is necessary for `systemd --user` sessions, where most user +code will be forked off user@.service, rather than running inside the +logind session (whether that be a foreground/active or background/online +session). + +Policy-wise, the change is from checking whether the subject process is +in an active session; to checking whether the subject process is owned +by a user with at least one active session. + +Bug: https://bugs.freedesktop.org/show_bug.cgi?id=76358 +Applied-upstream: 0.113, commit:a29653ffa99e0809e15aa34afcd7b2df8593871c +Bug-Debian: https://bugs.debian.org/779988 +--- + .../polkitbackendsessionmonitor-systemd.c | 33 +++++++++++++++++++++- + 1 file changed, 32 insertions(+), 1 deletion(-) + +diff --git a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c +index ebd05ce..6bd517a 100644 +--- a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c ++++ b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c +@@ -391,6 +391,37 @@ gboolean + polkit_backend_session_monitor_is_session_active (PolkitBackendSessionMonitor *monitor, + PolkitSubject *session) + { +- return sd_session_is_active (polkit_unix_session_get_session_id (POLKIT_UNIX_SESSION (session))); ++ const char *session_id; ++ char *state; ++ uid_t uid; ++ gboolean is_active = FALSE; ++ ++ session_id = polkit_unix_session_get_session_id (POLKIT_UNIX_SESSION (session)); ++ ++ g_debug ("Checking whether session %s is active.", session_id); ++ ++ /* Check whether *any* of the user's current sessions are active. */ ++ if (sd_session_get_uid (session_id, &uid) < 0) ++ goto fallback; ++ ++ g_debug ("Session %s has UID %u.", session_id, uid); ++ ++ if (sd_uid_get_state (uid, &state) < 0) ++ goto fallback; ++ ++ g_debug ("UID %u has state %s.", uid, state); ++ ++ is_active = (g_strcmp0 (state, "active") == 0); ++ free (state); ++ ++ return is_active; ++ ++fallback: ++ /* Fall back to checking the session. This is not ideal, since the user ++ * might have multiple sessions, and we cannot guarantee to have chosen ++ * the active one. ++ * ++ * See: https://bugs.freedesktop.org/show_bug.cgi?id=76358. */ ++ return sd_session_is_active (session_id); + } + diff --git a/patches/0.113/sessionmonitor-systemd-prepare-for-D-Bus-user-bus-mo.patch b/patches/0.113/sessionmonitor-systemd-prepare-for-D-Bus-user-bus-mo.patch new file mode 100644 index 00000000..6b09ce79 --- /dev/null +++ b/patches/0.113/sessionmonitor-systemd-prepare-for-D-Bus-user-bus-mo.patch @@ -0,0 +1,89 @@ +From: Kay Sievers +Date: Mon, 19 May 2014 10:19:49 +0900 +Subject: sessionmonitor-systemd: prepare for D-Bus "user bus" model + +In the D-Bus "user bus" model, all sessions of a user share the same +D-Bus instance, a polkit requesting process might live outside the +login session which registered the user's polkit agent. + +In case a polkit requesting process is not part of the user's login +session, we ask systemd-logind for the user's "display" session +instead. + +Bug: https://bugs.freedesktop.org/show_bug.cgi?id=78905 +Bug-Debian: https://bugs.debian.org/779988 +Applied-upstream: 0.113, commit:a68f5dfd7662767b7b9822090b70bc5bd145c50c +[smcv: backport configure.ac changes; fail with #error if the required +API is not found] +--- + configure.ac | 4 +++ + .../polkitbackendsessionmonitor-systemd.c | 29 ++++++++++++++++++---- + 2 files changed, 28 insertions(+), 5 deletions(-) + +diff --git a/configure.ac b/configure.ac +index f4a0c41..aa2760f 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -165,6 +165,10 @@ if test "$enable_systemd" != "no"; then + have_systemd=no) + if test "$have_systemd" = "yes"; then + SESSION_TRACKING=systemd ++ save_LIBS=$LIBS ++ LIBS=$SYSTEMD_LIBS ++ AC_CHECK_FUNCS(sd_uid_get_display) ++ LIBS=$save_LIBS + else + if test "$enable_systemd" = "yes"; then + AC_MSG_ERROR([systemd support requested but libsystemd-login1 library not found]) +diff --git a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c +index 756b728..ebd05ce 100644 +--- a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c ++++ b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c +@@ -318,6 +318,9 @@ polkit_backend_session_monitor_get_session_for_subject (PolkitBackendSessionMoni + PolkitSubject *session = NULL; + char *session_id = NULL; + pid_t pid; ++#if HAVE_SD_UID_GET_DISPLAY ++ uid_t uid; ++#endif + + if (POLKIT_IS_UNIX_PROCESS (subject)) + process = POLKIT_UNIX_PROCESS (subject); /* We already have a process */ +@@ -338,16 +341,32 @@ polkit_backend_session_monitor_get_session_for_subject (PolkitBackendSessionMoni + g_type_name (G_TYPE_FROM_INSTANCE (subject))); + } + +- /* Now do process -> pid -> session */ ++ /* Now do process -> pid -> same session */ + g_assert (process != NULL); + pid = polkit_unix_process_get_pid (process); + +- if (sd_pid_get_session (pid, &session_id) < 0) ++ if (sd_pid_get_session (pid, &session_id) >= 0) ++ { ++ session = polkit_unix_session_new (session_id); ++ goto out; ++ } ++ ++#if HAVE_SD_UID_GET_DISPLAY ++ /* Now do process -> uid -> graphical session (systemd version 213)*/ ++ if (sd_pid_get_owner_uid (pid, &uid) < 0) + goto out; +- +- session = polkit_unix_session_new (session_id); +- free (session_id); ++ ++ if (sd_uid_get_display (uid, &session_id) >= 0) ++ { ++ session = polkit_unix_session_new (session_id); ++ goto out; ++ } ++#else ++#error Debian should have sd_uid_get_display() ++#endif ++ + out: ++ free (session_id); + if (tmp_process) g_object_unref (tmp_process); + return session; + } diff --git a/patches/0.114/Add-gettext-support-for-.policy-files.patch b/patches/0.114/Add-gettext-support-for-.policy-files.patch new file mode 100644 index 00000000..025403f8 --- /dev/null +++ b/patches/0.114/Add-gettext-support-for-.policy-files.patch @@ -0,0 +1,58 @@ +From: Matthias Clasen +Date: Fri, 15 Jul 2016 11:12:35 -0400 +Subject: Add gettext support for .policy files + +gettext can extract strings from and merge them back into xml +file formats, with the help of .its files. + +Bug: https://bugs.freedesktop.org/show_bug.cgi?id=96940 +Origin: upstream, 0.114, commit:c78819245ff8a270f97c9f800773e727918be838 +--- + data/Makefile.am | 5 +++++ + data/polkit.its | 7 +++++++ + data/polkit.loc | 6 ++++++ + 3 files changed, 18 insertions(+) + create mode 100644 data/polkit.its + create mode 100644 data/polkit.loc + +diff --git a/data/Makefile.am b/data/Makefile.am +index f0beeba..e1a60aa 100644 +--- a/data/Makefile.am ++++ b/data/Makefile.am +@@ -20,6 +20,11 @@ endif + pkgconfigdir = $(libdir)/pkgconfig + pkgconfig_DATA = polkit-gobject-1.pc polkit-backend-1.pc polkit-agent-1.pc + ++# ---------------------------------------------------------------------------------------------------- ++ ++itsdir = $(datadir)/gettext/its ++its_DATA = polkit.loc polkit.its ++ + CLEANFILES = $(BUILT_SOURCES) + + EXTRA_DIST = \ +diff --git a/data/polkit.its b/data/polkit.its +new file mode 100644 +index 0000000..1312ecb +--- /dev/null ++++ b/data/polkit.its +@@ -0,0 +1,7 @@ ++ ++ ++ ++ +diff --git a/data/polkit.loc b/data/polkit.loc +new file mode 100644 +index 0000000..c7427ec +--- /dev/null ++++ b/data/polkit.loc +@@ -0,0 +1,6 @@ ++ ++ ++ ++ ++ ++ diff --git a/patches/0.114/Fix-multi-line-pam-text-info.patch b/patches/0.114/Fix-multi-line-pam-text-info.patch new file mode 100644 index 00000000..8a183613 --- /dev/null +++ b/patches/0.114/Fix-multi-line-pam-text-info.patch @@ -0,0 +1,39 @@ +From: Dariusz Gadomski +Date: Tue, 10 Nov 2015 10:52:02 +0100 +Subject: Fix multi-line pam text info. + +There are pam modules (e.g. pam_vas) that may attempt to display multi-line +PAM_TEXT_INFO messages. Polkit was interpreting the lines after the first one +as a separate message that was not recognized causing the authorization +to fail. Escaping these strings and unescaping them fixes the issue. + +Bug: https://bugs.freedesktop.org/show_bug.cgi?id=92886 +Origin: upstream, 0.114, commit:10597322eccc320f9053821750ae9af51e918d74 +--- + src/polkitagent/polkitagenthelper-pam.c | 13 +++++++++---- + 1 file changed, 9 insertions(+), 4 deletions(-) + +diff --git a/src/polkitagent/polkitagenthelper-pam.c b/src/polkitagent/polkitagenthelper-pam.c +index 19062aa..063d656 100644 +--- a/src/polkitagent/polkitagenthelper-pam.c ++++ b/src/polkitagent/polkitagenthelper-pam.c +@@ -302,10 +302,15 @@ conversation_function (int n, const struct pam_message **msg, struct pam_respons + case PAM_TEXT_INFO: + fprintf (stdout, "PAM_TEXT_INFO "); + conv2: +- fputs (msg[i]->msg, stdout); +- if (strlen (msg[i]->msg) > 0 && +- msg[i]->msg[strlen (msg[i]->msg) - 1] != '\n') +- fputc ('\n', stdout); ++ tmp = g_strdup (msg[i]->msg); ++ len = strlen (tmp); ++ if (len > 0 && tmp[len - 1] == '\n') ++ tmp[len - 1] = '\0'; ++ escaped = g_strescape (tmp, NULL); ++ g_free (tmp); ++ fputs (escaped, stdout); ++ g_free (escaped); ++ fputc ('\n', stdout); + fflush (stdout); + break; + diff --git a/patches/0.114/Refactor-send_to_helper-usage.patch b/patches/0.114/Refactor-send_to_helper-usage.patch new file mode 100644 index 00000000..75e5c7da --- /dev/null +++ b/patches/0.114/Refactor-send_to_helper-usage.patch @@ -0,0 +1,149 @@ +From: Dariusz Gadomski +Date: Thu, 12 Nov 2015 15:01:19 +0100 +Subject: Refactor send_to_helper usage + +There were duplicated pieces of code detecting EOLs and escaping the code. +Those actions has been delegated to already-existing send_to_helper function. + +Bug: https://bugs.freedesktop.org/show_bug.cgi?id=92886 +Origin: upstream, 0.114, commit:2690cd0312b310946c86674c8dd1f55c63f7dd6a +--- + src/polkitagent/polkitagenthelper-pam.c | 81 +++++++++++---------------------- + 1 file changed, 26 insertions(+), 55 deletions(-) + +diff --git a/src/polkitagent/polkitagenthelper-pam.c b/src/polkitagent/polkitagenthelper-pam.c +index 063d656..3ea3a3f 100644 +--- a/src/polkitagent/polkitagenthelper-pam.c ++++ b/src/polkitagent/polkitagenthelper-pam.c +@@ -39,25 +39,35 @@ static void + send_to_helper (const gchar *str1, + const gchar *str2) + { ++ char *escaped; ++ char *tmp2; ++ size_t len2; ++ ++ tmp2 = g_strdup(str2); ++ len2 = strlen(tmp2); + #ifdef PAH_DEBUG +- fprintf (stderr, "polkit-agent-helper-1: writing `%s' to stdout\n", str1); ++ fprintf (stderr, "polkit-agent-helper-1: writing `%s ' to stdout\n", str1); + #endif /* PAH_DEBUG */ +- fprintf (stdout, "%s", str1); ++ fprintf (stdout, "%s ", str1); ++ ++ if (len2 > 0 && tmp2[len2 - 1] == '\n') ++ tmp2[len2 - 1] = '\0'; ++ escaped = g_strescape (tmp2, NULL); + #ifdef PAH_DEBUG +- fprintf (stderr, "polkit-agent-helper-1: writing `%s' to stdout\n", str2); ++ fprintf (stderr, "polkit-agent-helper-1: writing `%s' to stdout\n", escaped); + #endif /* PAH_DEBUG */ +- fprintf (stdout, "%s", str2); +- if (strlen (str2) > 0 && str2[strlen (str2) - 1] != '\n') +- { ++ fprintf (stdout, "%s", escaped); + #ifdef PAH_DEBUG +- fprintf (stderr, "polkit-agent-helper-1: writing newline to stdout\n"); ++ fprintf (stderr, "polkit-agent-helper-1: writing newline to stdout\n"); + #endif /* PAH_DEBUG */ +- fputc ('\n', stdout); +- } ++ fputc ('\n', stdout); + #ifdef PAH_DEBUG + fprintf (stderr, "polkit-agent-helper-1: flushing stdout\n"); + #endif /* PAH_DEBUG */ + fflush (stdout); ++ ++ g_free (escaped); ++ g_free (tmp2); + } + + int +@@ -89,7 +99,7 @@ main (int argc, char *argv[]) + + /* Special-case a very common error triggered in jhbuild setups */ + s = g_strdup_printf ("Incorrect permissions on %s (needs to be setuid root)", argv[0]); +- send_to_helper ("PAM_ERROR_MSG ", s); ++ send_to_helper ("PAM_ERROR_MSG", s); + g_free (s); + goto error; + } +@@ -232,9 +242,6 @@ conversation_function (int n, const struct pam_message **msg, struct pam_respons + struct pam_response *aresp; + char buf[PAM_MAX_RESP_SIZE]; + int i; +- gchar *escaped = NULL; +- gchar *tmp = NULL; +- size_t len; + + (void)data; + if (n <= 0 || n > PAM_MAX_NUM_MSG) +@@ -251,38 +258,13 @@ conversation_function (int n, const struct pam_message **msg, struct pam_respons + { + + case PAM_PROMPT_ECHO_OFF: +-#ifdef PAH_DEBUG +- fprintf (stderr, "polkit-agent-helper-1: writing `PAM_PROMPT_ECHO_OFF ' to stdout\n"); +-#endif /* PAH_DEBUG */ +- fprintf (stdout, "PAM_PROMPT_ECHO_OFF "); ++ send_to_helper ("PAM_PROMPT_ECHO_OFF", msg[i]->msg); + goto conv1; + + case PAM_PROMPT_ECHO_ON: +-#ifdef PAH_DEBUG +- fprintf (stderr, "polkit-agent-helper-1: writing `PAM_PROMPT_ECHO_ON ' to stdout\n"); +-#endif /* PAH_DEBUG */ +- fprintf (stdout, "PAM_PROMPT_ECHO_ON "); +- conv1: +-#ifdef PAH_DEBUG +- fprintf (stderr, "polkit-agent-helper-1: writing `%s' to stdout\n", msg[i]->msg); +-#endif /* PAH_DEBUG */ +- tmp = g_strdup (msg[i]->msg); +- len = strlen (tmp); +- if (len > 0 && tmp[len - 1] == '\n') +- tmp[len - 1] = '\0'; +- escaped = g_strescape (tmp, NULL); +- g_free (tmp); +- fputs (escaped, stdout); +- g_free (escaped); +-#ifdef PAH_DEBUG +- fprintf (stderr, "polkit-agent-helper-1: writing newline to stdout\n"); +-#endif /* PAH_DEBUG */ +- fputc ('\n', stdout); +-#ifdef PAH_DEBUG +- fprintf (stderr, "polkit-agent-helper-1: flushing stdout\n"); +-#endif /* PAH_DEBUG */ +- fflush (stdout); ++ send_to_helper ("PAM_PROMPT_ECHO_ON", msg[i]->msg); + ++ conv1: + if (fgets (buf, sizeof buf, stdin) == NULL) + goto error; + +@@ -296,22 +278,11 @@ conversation_function (int n, const struct pam_message **msg, struct pam_respons + break; + + case PAM_ERROR_MSG: +- fprintf (stdout, "PAM_ERROR_MSG "); +- goto conv2; ++ send_to_helper ("PAM_ERROR_MSG", msg[i]->msg); ++ break; + + case PAM_TEXT_INFO: +- fprintf (stdout, "PAM_TEXT_INFO "); +- conv2: +- tmp = g_strdup (msg[i]->msg); +- len = strlen (tmp); +- if (len > 0 && tmp[len - 1] == '\n') +- tmp[len - 1] = '\0'; +- escaped = g_strescape (tmp, NULL); +- g_free (tmp); +- fputs (escaped, stdout); +- g_free (escaped); +- fputc ('\n', stdout); +- fflush (stdout); ++ send_to_helper ("PAM_TEXT_INFO", msg[i]->msg); + break; + + default: diff --git a/patches/0.114/Support-polkit-session-agent-running-outside-user-session.patch b/patches/0.114/Support-polkit-session-agent-running-outside-user-session.patch new file mode 100644 index 00000000..7179a92b --- /dev/null +++ b/patches/0.114/Support-polkit-session-agent-running-outside-user-session.patch @@ -0,0 +1,51 @@ +From: Sebastien Bacher +Date: Mon, 2 Apr 2018 10:52:47 -0400 +Subject: Support polkit session agent running outside user session + +commit a68f5dfd7662767b7b9822090b70bc5bd145c50c made +session applications that are running from a user bus +work with polkitd, by falling back to using the currently +active session. + +This commit is similar, but for the polkit agent. It allows, +a polkit agent to be run from a systemd --user service +that's not running directly in the users session. + +Bug: https://bugs.freedesktop.org/show_bug.cgi?id=96977 +Applied-upstream: 0.114, commit:00a663e3fb14d8023e7cb6a66d091872bf4f2851 +--- + src/polkit/polkitunixsession-systemd.c | 14 ++++++++++++++ + 1 file changed, 14 insertions(+) + +diff --git a/src/polkit/polkitunixsession-systemd.c b/src/polkit/polkitunixsession-systemd.c +index 8a8bf65..c34f36a 100644 +--- a/src/polkit/polkitunixsession-systemd.c ++++ b/src/polkit/polkitunixsession-systemd.c +@@ -451,6 +451,7 @@ polkit_unix_session_initable_init (GInitable *initable, + PolkitUnixSession *session = POLKIT_UNIX_SESSION (initable); + gboolean ret = FALSE; + char *s; ++ uid_t uid; + + if (session->session_id != NULL) + { +@@ -467,6 +468,19 @@ polkit_unix_session_initable_init (GInitable *initable, + goto out; + } + ++ /* Now do process -> uid -> graphical session (systemd version 213)*/ ++ if (sd_pid_get_owner_uid (session->pid, &uid) < 0) ++ goto error; ++ ++ if (sd_uid_get_display (uid, &s) >= 0) ++ { ++ session->session_id = g_strdup (s); ++ free (s); ++ ret = TRUE; ++ goto out; ++ } ++ ++error: + g_set_error (error, + POLKIT_ERROR, + POLKIT_ERROR_FAILED, diff --git a/patches/0.114/gettext-switch-to-default-translate-no.patch b/patches/0.114/gettext-switch-to-default-translate-no.patch new file mode 100644 index 00000000..577d5ab1 --- /dev/null +++ b/patches/0.114/gettext-switch-to-default-translate-no.patch @@ -0,0 +1,41 @@ +From: Peter Hutterer +Date: Thu, 20 Oct 2016 10:50:58 +1000 +Subject: gettext: switch to default-translate "no" + +The default appears to be to translate all entries. This rule never takes +effect, the path to /action/message and /action/description is wrong (/action +is not a root node). Since we wanted them to be translated, it doesn't matter. + +But it also translates all other tags (vendor, allow_any, etc.) and that +causes polkit to be unhappy, it can't handle the various language versions of +"no" + +** (polkitd:27434): WARNING **: Unknown PolkitImplicitAuthorization string +'tidak' + +Switch to a default of "no" and explicitly include the message and description +strings to be translated. + +The patch was modified for PolicyKit by Ondrej Holy . + +Bug: https://bugs.freedesktop.org/show_bug.cgi?id=98366 +Origin: upstream, 0.114, commit:32e9a69c335324a53a2c0ba4e0b513fb044be0fd +--- + data/polkit.its | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/data/polkit.its b/data/polkit.its +index 1312ecb..1c37e6b 100644 +--- a/data/polkit.its ++++ b/data/polkit.its +@@ -1,7 +1,8 @@ + + +- ++ + diff --git a/patches/0.114/polkitpermission-Fix-a-memory-leak-on-authority-changes.patch b/patches/0.114/polkitpermission-Fix-a-memory-leak-on-authority-changes.patch new file mode 100644 index 00000000..369973c3 --- /dev/null +++ b/patches/0.114/polkitpermission-Fix-a-memory-leak-on-authority-changes.patch @@ -0,0 +1,24 @@ +From: Rui Matos +Date: Thu, 2 Mar 2017 14:50:31 +0100 +Subject: polkitpermission: Fix a memory leak on authority changes + +Signed-off-by: Rui Matos + +Bug: https://bugs.freedesktop.org/show_bug.cgi?id=99741 +Origin: upstream, 0.114, commit:df6488c0a5b2a6c7a2d4f6a55008263635c5571b +--- + src/polkit/polkitpermission.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/polkit/polkitpermission.c b/src/polkit/polkitpermission.c +index 22d195f..be794cb 100644 +--- a/src/polkit/polkitpermission.c ++++ b/src/polkit/polkitpermission.c +@@ -454,6 +454,7 @@ changed_check_cb (GObject *source_object, + if (result != NULL) + { + process_result (permission, result); ++ g_object_unref (result); + } + else + { diff --git a/patches/0.115/Fix-CVE-2018-1116-Trusting-client-supplied-UID.patch b/patches/0.115/Fix-CVE-2018-1116-Trusting-client-supplied-UID.patch new file mode 100644 index 00000000..8f23d0de --- /dev/null +++ b/patches/0.115/Fix-CVE-2018-1116-Trusting-client-supplied-UID.patch @@ -0,0 +1,569 @@ +From: =?utf-8?q?Miloslav_Trma=C4=8D?= +Date: Mon, 25 Jun 2018 19:24:06 +0200 +Subject: Fix CVE-2018-1116: Trusting client-supplied UID +MIME-Version: 1.0 +Content-Type: text/plain; charset="utf-8" +Content-Transfer-Encoding: 8bit + +As part of CVE-2013-4288, the D-Bus clients were allowed (and +encouraged) to submit the UID of the subject of authorization checks +to avoid races against UID changes (notably using executables +set-UID to root). + +However, that also allowed any client to submit an arbitrary UID, and +that could be used to bypass "can only ask about / affect the same UID" +checks in CheckAuthorization / RegisterAuthenticationAgent / +UnregisterAuthenticationAgent. This allowed an attacker: + +- With CheckAuthorization, to cause the registered authentication + agent in victim's session to pop up a dialog, or to determine whether + the victim currently has a temporary authorization to perform an + operation. + + (In principle, the attacker can also determine whether JavaScript + rules allow the victim process to perform an operation; however, + usually rules base their decisions on information determined from + the supplied UID, so the attacker usually won't learn anything new.) + +- With RegisterAuthenticationAgent, to prevent the victim's + authentication agent to work (for a specific victim process), + or to learn about which operations requiring authorization + the victim is attempting. + +To fix this, expose internal _polkit_unix_process_get_owner() / +obsolete polkit_unix_process_get_owner() as a private +polkit_unix_process_get_racy_uid__() (being more explicit about the +dangers on relying on it), and use it in +polkit_backend_session_monitor_get_user_for_subject() to return +a boolean indicating whether the subject UID may be caller-chosen. + +Then, in the permission checks that require the subject to be +equal to the caller, fail on caller-chosen UIDs (and continue +through the pre-existing code paths which allow root, or root-designated +server processes, to ask about arbitrary subjects.) + +Signed-off-by: Miloslav Trmač +Origin: upstream, 0.115, commit:bc7ffad53643a9c80231fc41f5582d6a8931c32c +--- + src/polkit/polkitprivate.h | 2 + + src/polkit/polkitunixprocess.c | 60 ++++++++++++++++++---- + .../polkitbackendinteractiveauthority.c | 39 +++++++++----- + .../polkitbackendsessionmonitor-systemd.c | 38 ++++++++++++-- + src/polkitbackend/polkitbackendsessionmonitor.c | 40 +++++++++++++-- + src/polkitbackend/polkitbackendsessionmonitor.h | 1 + + 6 files changed, 147 insertions(+), 33 deletions(-) + +diff --git a/src/polkit/polkitprivate.h b/src/polkit/polkitprivate.h +index 7f5c463..6274bc9 100644 +--- a/src/polkit/polkitprivate.h ++++ b/src/polkit/polkitprivate.h +@@ -44,6 +44,8 @@ GVariant *polkit_action_description_to_gvariant (PolkitActionDescription *action + GVariant *polkit_subject_to_gvariant (PolkitSubject *subject); + GVariant *polkit_identity_to_gvariant (PolkitIdentity *identity); + ++gint polkit_unix_process_get_racy_uid__ (PolkitUnixProcess *process, GError **error); ++ + PolkitSubject *polkit_subject_new_for_gvariant (GVariant *variant, GError **error); + PolkitIdentity *polkit_identity_new_for_gvariant (GVariant *variant, GError **error); + +diff --git a/src/polkit/polkitunixprocess.c b/src/polkit/polkitunixprocess.c +index 913be3a..464f034 100644 +--- a/src/polkit/polkitunixprocess.c ++++ b/src/polkit/polkitunixprocess.c +@@ -49,6 +49,14 @@ + * To uniquely identify processes, both the process id and the start + * time of the process (a monotonic increasing value representing the + * time since the kernel was started) is used. ++ * ++ * NOTE: This object stores, and provides access to, the real UID of the ++ * process. That value can change over time (with set*uid*(2) and exec*(2)). ++ * Checks whether an operation is allowed need to take care to use the UID ++ * value as of the time when the operation was made (or, following the open() ++ * privilege check model, when the connection making the operation possible ++ * was initiated). That is usually done by initializing this with ++ * polkit_unix_process_new_for_owner() with trusted data. + */ + + /** +@@ -83,9 +91,6 @@ static void subject_iface_init (PolkitSubjectIface *subject_iface); + static guint64 get_start_time_for_pid (gint pid, + GError **error); + +-static gint _polkit_unix_process_get_owner (PolkitUnixProcess *process, +- GError **error); +- + #ifdef HAVE_FREEBSD + static gboolean get_kinfo_proc (gint pid, struct kinfo_proc *p); + #endif +@@ -170,7 +175,7 @@ polkit_unix_process_constructed (GObject *object) + { + GError *error; + error = NULL; +- process->uid = _polkit_unix_process_get_owner (process, &error); ++ process->uid = polkit_unix_process_get_racy_uid__ (process, &error); + if (error != NULL) + { + process->uid = -1; +@@ -259,6 +264,12 @@ polkit_unix_process_class_init (PolkitUnixProcessClass *klass) + * Gets the user id for @process. Note that this is the real user-id, + * not the effective user-id. + * ++ * NOTE: The UID may change over time, so the returned value may not match the ++ * current state of the underlying process; or the UID may have been set by ++ * polkit_unix_process_new_for_owner() or polkit_unix_process_set_uid(), ++ * in which case it may not correspond to the actual UID of the referenced ++ * process at all (at any point in time). ++ * + * Returns: The user id for @process or -1 if unknown. + */ + gint +@@ -655,18 +666,26 @@ out: + return start_time; + } + +-static gint +-_polkit_unix_process_get_owner (PolkitUnixProcess *process, +- GError **error) ++/* ++ * Private: Return the "current" UID. Note that this is inherently racy, ++ * and the value may already be obsolete by the time this function returns; ++ * this function only guarantees that the UID was valid at some point during ++ * its execution. ++ */ ++gint ++polkit_unix_process_get_racy_uid__ (PolkitUnixProcess *process, ++ GError **error) + { + gint result; + gchar *contents; + gchar **lines; ++ guint64 start_time; + #ifdef HAVE_FREEBSD + struct kinfo_proc p; + #else + gchar filename[64]; + guint n; ++ GError *local_error; + #endif + + g_return_val_if_fail (POLKIT_IS_UNIX_PROCESS (process), 0); +@@ -689,6 +708,7 @@ _polkit_unix_process_get_owner (PolkitUnixProcess *process, + } + + result = p.ki_uid; ++ start_time = (guint64) p.ki_start.tv_sec; + #else + + /* see 'man proc' for layout of the status file +@@ -722,17 +742,37 @@ _polkit_unix_process_get_owner (PolkitUnixProcess *process, + else + { + result = real_uid; +- goto out; ++ goto found; + } + } +- + g_set_error (error, + POLKIT_ERROR, + POLKIT_ERROR_FAILED, + "Didn't find any line starting with `Uid:' in file %s", + filename); ++ goto out; ++ ++found: ++ /* The UID and start time are, sadly, not available in a single file. So, ++ * read the UID first, and then the start time; if the start time is the same ++ * before and after reading the UID, it couldn't have changed. ++ */ ++ local_error = NULL; ++ start_time = get_start_time_for_pid (process->pid, &local_error); ++ if (local_error != NULL) ++ { ++ g_propagate_error (error, local_error); ++ goto out; ++ } + #endif + ++ if (process->start_time != start_time) ++ { ++ g_set_error (error, POLKIT_ERROR, POLKIT_ERROR_FAILED, ++ "process with PID %d has been replaced", process->pid); ++ goto out; ++ } ++ + out: + g_strfreev (lines); + g_free (contents); +@@ -744,5 +784,5 @@ gint + polkit_unix_process_get_owner (PolkitUnixProcess *process, + GError **error) + { +- return _polkit_unix_process_get_owner (process, error); ++ return polkit_unix_process_get_racy_uid__ (process, error); + } +diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c +index 73d0a0e..97a8d80 100644 +--- a/src/polkitbackend/polkitbackendinteractiveauthority.c ++++ b/src/polkitbackend/polkitbackendinteractiveauthority.c +@@ -563,7 +563,7 @@ log_result (PolkitBackendInteractiveAuthority *authority, + if (polkit_authorization_result_get_is_authorized (result)) + log_result_str = "ALLOWING"; + +- user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, subject, NULL); ++ user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, subject, NULL, NULL); + + subject_str = polkit_subject_to_string (subject); + +@@ -837,6 +837,7 @@ polkit_backend_interactive_authority_check_authorization (PolkitBackendAuthority + gchar *subject_str; + PolkitIdentity *user_of_caller; + PolkitIdentity *user_of_subject; ++ gboolean user_of_subject_matches; + gchar *user_of_caller_str; + gchar *user_of_subject_str; + PolkitAuthorizationResult *result; +@@ -882,7 +883,7 @@ polkit_backend_interactive_authority_check_authorization (PolkitBackendAuthority + action_id); + + user_of_caller = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, +- caller, ++ caller, NULL, + &error); + if (error != NULL) + { +@@ -897,7 +898,7 @@ polkit_backend_interactive_authority_check_authorization (PolkitBackendAuthority + g_debug (" user of caller is %s", user_of_caller_str); + + user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, +- subject, ++ subject, &user_of_subject_matches, + &error); + if (error != NULL) + { +@@ -927,7 +928,10 @@ polkit_backend_interactive_authority_check_authorization (PolkitBackendAuthority + * We only allow this if, and only if, + * + * - processes may check for another process owned by the *same* user but not +- * if details are passed (otherwise you'd be able to spoof the dialog) ++ * if details are passed (otherwise you'd be able to spoof the dialog); ++ * the caller supplies the user_of_subject value, so we additionally ++ * require it to match at least at one point in time (via ++ * user_of_subject_matches). + * + * - processes running as uid 0 may check anything and pass any details + * +@@ -935,7 +939,9 @@ polkit_backend_interactive_authority_check_authorization (PolkitBackendAuthority + * then any uid referenced by that annotation is also allowed to check + * to check anything and pass any details + */ +- if (!polkit_identity_equal (user_of_caller, user_of_subject) || has_details) ++ if (!user_of_subject_matches ++ || !polkit_identity_equal (user_of_caller, user_of_subject) ++ || has_details) + { + if (!may_identity_check_authorization (interactive_authority, action_id, user_of_caller)) + { +@@ -1102,9 +1108,10 @@ check_authorization_sync (PolkitBackendAuthority *authority, + goto out; + } + +- /* every subject has a user */ ++ /* every subject has a user; this is supplied by the client, so we rely ++ * on the caller to validate its acceptability. */ + user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, +- subject, ++ subject, NULL, + error); + if (user_of_subject == NULL) + goto out; +@@ -2319,6 +2326,7 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken + PolkitSubject *session_for_caller; + PolkitIdentity *user_of_caller; + PolkitIdentity *user_of_subject; ++ gboolean user_of_subject_matches; + AuthenticationAgent *agent; + gboolean ret; + gchar *caller_cmdline; +@@ -2371,7 +2379,7 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken + goto out; + } + +- user_of_caller = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, caller, NULL); ++ user_of_caller = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, caller, NULL, NULL); + if (user_of_caller == NULL) + { + g_set_error (error, +@@ -2380,7 +2388,7 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken + "Cannot determine user of caller"); + goto out; + } +- user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, subject, NULL); ++ user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, subject, &user_of_subject_matches, NULL); + if (user_of_subject == NULL) + { + g_set_error (error, +@@ -2389,7 +2397,8 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken + "Cannot determine user of subject"); + goto out; + } +- if (!polkit_identity_equal (user_of_caller, user_of_subject)) ++ if (!user_of_subject_matches ++ || !polkit_identity_equal (user_of_caller, user_of_subject)) + { + if (POLKIT_IS_UNIX_USER (user_of_caller) && polkit_unix_user_get_uid (POLKIT_UNIX_USER (user_of_caller)) == 0) + { +@@ -2482,6 +2491,7 @@ polkit_backend_interactive_authority_unregister_authentication_agent (PolkitBack + PolkitSubject *session_for_caller; + PolkitIdentity *user_of_caller; + PolkitIdentity *user_of_subject; ++ gboolean user_of_subject_matches; + AuthenticationAgent *agent; + gboolean ret; + gchar *scope_str; +@@ -2530,7 +2540,7 @@ polkit_backend_interactive_authority_unregister_authentication_agent (PolkitBack + goto out; + } + +- user_of_caller = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, caller, NULL); ++ user_of_caller = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, caller, NULL, NULL); + if (user_of_caller == NULL) + { + g_set_error (error, +@@ -2539,7 +2549,7 @@ polkit_backend_interactive_authority_unregister_authentication_agent (PolkitBack + "Cannot determine user of caller"); + goto out; + } +- user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, subject, NULL); ++ user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, subject, &user_of_subject_matches, NULL); + if (user_of_subject == NULL) + { + g_set_error (error, +@@ -2548,7 +2558,8 @@ polkit_backend_interactive_authority_unregister_authentication_agent (PolkitBack + "Cannot determine user of subject"); + goto out; + } +- if (!polkit_identity_equal (user_of_caller, user_of_subject)) ++ if (!user_of_subject_matches ++ || !polkit_identity_equal (user_of_caller, user_of_subject)) + { + if (POLKIT_IS_UNIX_USER (user_of_caller) && polkit_unix_user_get_uid (POLKIT_UNIX_USER (user_of_caller)) == 0) + { +@@ -2658,7 +2669,7 @@ polkit_backend_interactive_authority_authentication_agent_response (PolkitBacken + identity_str); + + user_of_caller = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, +- caller, ++ caller, NULL, + error); + if (user_of_caller == NULL) + goto out; +diff --git a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c +index 6bd517a..773256e 100644 +--- a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c ++++ b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c +@@ -29,6 +29,7 @@ + #include + + #include ++#include + #include "polkitbackendsessionmonitor.h" + + /* +@@ -246,26 +247,40 @@ polkit_backend_session_monitor_get_sessions (PolkitBackendSessionMonitor *monito + * polkit_backend_session_monitor_get_user: + * @monitor: A #PolkitBackendSessionMonitor. + * @subject: A #PolkitSubject. ++ * @result_matches: If not %NULL, set to indicate whether the return value matches current (RACY) state. + * @error: Return location for error. + * + * Gets the user corresponding to @subject or %NULL if no user exists. + * ++ * NOTE: For a #PolkitUnixProcess, the UID is read from @subject (which may ++ * come from e.g. a D-Bus client), so it may not correspond to the actual UID ++ * of the referenced process (at any point in time). This is indicated by ++ * setting @result_matches to %FALSE; the caller may reject such subjects or ++ * require additional privileges. @result_matches == %TRUE only indicates that ++ * the UID matched the underlying process at ONE point in time, it may not match ++ * later. ++ * + * Returns: %NULL if @error is set otherwise a #PolkitUnixUser that should be freed with g_object_unref(). + */ + PolkitIdentity * + polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor *monitor, + PolkitSubject *subject, ++ gboolean *result_matches, + GError **error) + { + PolkitIdentity *ret; +- guint32 uid; ++ gboolean matches; + + ret = NULL; ++ matches = FALSE; + + if (POLKIT_IS_UNIX_PROCESS (subject)) + { +- uid = polkit_unix_process_get_uid (POLKIT_UNIX_PROCESS (subject)); +- if ((gint) uid == -1) ++ gint subject_uid, current_uid; ++ GError *local_error; ++ ++ subject_uid = polkit_unix_process_get_uid (POLKIT_UNIX_PROCESS (subject)); ++ if (subject_uid == -1) + { + g_set_error (error, + POLKIT_ERROR, +@@ -273,14 +288,24 @@ polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor + "Unix process subject does not have uid set"); + goto out; + } +- ret = polkit_unix_user_new (uid); ++ local_error = NULL; ++ current_uid = polkit_unix_process_get_racy_uid__ (POLKIT_UNIX_PROCESS (subject), &local_error); ++ if (local_error != NULL) ++ { ++ g_propagate_error (error, local_error); ++ goto out; ++ } ++ ret = polkit_unix_user_new (subject_uid); ++ matches = (subject_uid == current_uid); + } + else if (POLKIT_IS_SYSTEM_BUS_NAME (subject)) + { + ret = (PolkitIdentity*)polkit_system_bus_name_get_user_sync (POLKIT_SYSTEM_BUS_NAME (subject), NULL, error); ++ matches = TRUE; + } + else if (POLKIT_IS_UNIX_SESSION (subject)) + { ++ uid_t uid; + + if (sd_session_get_uid (polkit_unix_session_get_session_id (POLKIT_UNIX_SESSION (subject)), &uid) < 0) + { +@@ -292,9 +317,14 @@ polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor + } + + ret = polkit_unix_user_new (uid); ++ matches = TRUE; + } + + out: ++ if (result_matches != NULL) ++ { ++ *result_matches = matches; ++ } + return ret; + } + +diff --git a/src/polkitbackend/polkitbackendsessionmonitor.c b/src/polkitbackend/polkitbackendsessionmonitor.c +index e1a9ab3..ed30755 100644 +--- a/src/polkitbackend/polkitbackendsessionmonitor.c ++++ b/src/polkitbackend/polkitbackendsessionmonitor.c +@@ -27,6 +27,7 @@ + #include + + #include ++#include + #include "polkitbackendsessionmonitor.h" + + #define CKDB_PATH "/var/run/ConsoleKit/database" +@@ -273,28 +274,40 @@ polkit_backend_session_monitor_get_sessions (PolkitBackendSessionMonitor *monito + * polkit_backend_session_monitor_get_user: + * @monitor: A #PolkitBackendSessionMonitor. + * @subject: A #PolkitSubject. ++ * @result_matches: If not %NULL, set to indicate whether the return value matches current (RACY) state. + * @error: Return location for error. + * + * Gets the user corresponding to @subject or %NULL if no user exists. + * ++ * NOTE: For a #PolkitUnixProcess, the UID is read from @subject (which may ++ * come from e.g. a D-Bus client), so it may not correspond to the actual UID ++ * of the referenced process (at any point in time). This is indicated by ++ * setting @result_matches to %FALSE; the caller may reject such subjects or ++ * require additional privileges. @result_matches == %TRUE only indicates that ++ * the UID matched the underlying process at ONE point in time, it may not match ++ * later. ++ * + * Returns: %NULL if @error is set otherwise a #PolkitUnixUser that should be freed with g_object_unref(). + */ + PolkitIdentity * + polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor *monitor, + PolkitSubject *subject, ++ gboolean *result_matches, + GError **error) + { + PolkitIdentity *ret; ++ gboolean matches; + GError *local_error; +- gchar *group; +- guint32 uid; + + ret = NULL; ++ matches = FALSE; + + if (POLKIT_IS_UNIX_PROCESS (subject)) + { +- uid = polkit_unix_process_get_uid (POLKIT_UNIX_PROCESS (subject)); +- if ((gint) uid == -1) ++ gint subject_uid, current_uid; ++ ++ subject_uid = polkit_unix_process_get_uid (POLKIT_UNIX_PROCESS (subject)); ++ if (subject_uid == -1) + { + g_set_error (error, + POLKIT_ERROR, +@@ -302,14 +315,26 @@ polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor + "Unix process subject does not have uid set"); + goto out; + } +- ret = polkit_unix_user_new (uid); ++ local_error = NULL; ++ current_uid = polkit_unix_process_get_racy_uid__ (POLKIT_UNIX_PROCESS (subject), &local_error); ++ if (local_error != NULL) ++ { ++ g_propagate_error (error, local_error); ++ goto out; ++ } ++ ret = polkit_unix_user_new (subject_uid); ++ matches = (subject_uid == current_uid); + } + else if (POLKIT_IS_SYSTEM_BUS_NAME (subject)) + { + ret = (PolkitIdentity*)polkit_system_bus_name_get_user_sync (POLKIT_SYSTEM_BUS_NAME (subject), NULL, error); ++ matches = TRUE; + } + else if (POLKIT_IS_UNIX_SESSION (subject)) + { ++ gint uid; ++ gchar *group; ++ + if (!ensure_database (monitor, error)) + { + g_prefix_error (error, "Error getting user for session: Error ensuring CK database at " CKDB_PATH ": "); +@@ -328,9 +353,14 @@ polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor + g_free (group); + + ret = polkit_unix_user_new (uid); ++ matches = TRUE; + } + + out: ++ if (result_matches != NULL) ++ { ++ *result_matches = matches; ++ } + return ret; + } + +diff --git a/src/polkitbackend/polkitbackendsessionmonitor.h b/src/polkitbackend/polkitbackendsessionmonitor.h +index 8f8a2ca..3972326 100644 +--- a/src/polkitbackend/polkitbackendsessionmonitor.h ++++ b/src/polkitbackend/polkitbackendsessionmonitor.h +@@ -47,6 +47,7 @@ GList *polkit_backend_session_monitor_get_sessions (Polkit + + PolkitIdentity *polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor *monitor, + PolkitSubject *subject, ++ gboolean *result_matches, + GError **error); + + PolkitSubject *polkit_backend_session_monitor_get_session_for_subject (PolkitBackendSessionMonitor *monitor, diff --git a/patches/0.116/Allow-negative-uids-gids-in-PolkitUnixUser-and-Group-obje.patch b/patches/0.116/Allow-negative-uids-gids-in-PolkitUnixUser-and-Group-obje.patch new file mode 100644 index 00000000..e95e0c33 --- /dev/null +++ b/patches/0.116/Allow-negative-uids-gids-in-PolkitUnixUser-and-Group-obje.patch @@ -0,0 +1,186 @@ +From: =?utf-8?q?Zbigniew_J=C4=99drzejewski-Szmek?= +Date: Mon, 3 Dec 2018 10:28:58 +0100 +Subject: Allow negative uids/gids in PolkitUnixUser and Group objects + +(uid_t) -1 is still used as placeholder to mean "unset". This is OK, since +there should be no users with such number, see +https://systemd.io/UIDS-GIDS#special-linux-uids. + +(uid_t) -1 is used as the default value in class initialization. + +When a user or group above INT32_MAX is created, the numeric uid or +gid wraps around to negative when the value is assigned to gint, and +polkit gets confused. Let's accept such gids, except for -1. + +A nicer fix would be to change the underlying type to e.g. uint32 to +not have negative values. But this cannot be done without breaking the +API, so likely new functions will have to be added (a +polkit_unix_user_new variant that takes a unsigned, and the same for +_group_new, _set_uid, _get_uid, _set_gid, _get_gid, etc.). This will +require a bigger patch. + +Fixes https://gitlab.freedesktop.org/polkit/polkit/issues/74. + +(cherry picked from commit 2cb40c4d5feeaa09325522bd7d97910f1b59e379) +--- + src/polkit/polkitunixgroup.c | 15 +++++++++++---- + src/polkit/polkitunixprocess.c | 12 ++++++++---- + src/polkit/polkitunixuser.c | 13 ++++++++++--- + 3 files changed, 29 insertions(+), 11 deletions(-) + +diff --git a/src/polkit/polkitunixgroup.c b/src/polkit/polkitunixgroup.c +index c57a1aa..309f689 100644 +--- a/src/polkit/polkitunixgroup.c ++++ b/src/polkit/polkitunixgroup.c +@@ -71,6 +71,7 @@ G_DEFINE_TYPE_WITH_CODE (PolkitUnixGroup, polkit_unix_group, G_TYPE_OBJECT, + static void + polkit_unix_group_init (PolkitUnixGroup *unix_group) + { ++ unix_group->gid = -1; /* (git_t) -1 is not a valid GID under Linux */ + } + + static void +@@ -100,11 +101,14 @@ polkit_unix_group_set_property (GObject *object, + GParamSpec *pspec) + { + PolkitUnixGroup *unix_group = POLKIT_UNIX_GROUP (object); ++ gint val; + + switch (prop_id) + { + case PROP_GID: +- unix_group->gid = g_value_get_int (value); ++ val = g_value_get_int (value); ++ g_return_if_fail (val != -1); ++ unix_group->gid = val; + break; + + default: +@@ -131,9 +135,9 @@ polkit_unix_group_class_init (PolkitUnixGroupClass *klass) + g_param_spec_int ("gid", + "Group ID", + "The UNIX group ID", +- 0, ++ G_MININT, + G_MAXINT, +- 0, ++ -1, + G_PARAM_CONSTRUCT | + G_PARAM_READWRITE | + G_PARAM_STATIC_NAME | +@@ -166,9 +170,10 @@ polkit_unix_group_get_gid (PolkitUnixGroup *group) + */ + void + polkit_unix_group_set_gid (PolkitUnixGroup *group, +- gint gid) ++ gint gid) + { + g_return_if_fail (POLKIT_IS_UNIX_GROUP (group)); ++ g_return_if_fail (gid != -1); + group->gid = gid; + } + +@@ -183,6 +188,8 @@ polkit_unix_group_set_gid (PolkitUnixGroup *group, + PolkitIdentity * + polkit_unix_group_new (gint gid) + { ++ g_return_val_if_fail (gid != -1, NULL); ++ + return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_GROUP, + "gid", gid, + NULL)); +diff --git a/src/polkit/polkitunixprocess.c b/src/polkit/polkitunixprocess.c +index 464f034..02a083f 100644 +--- a/src/polkit/polkitunixprocess.c ++++ b/src/polkit/polkitunixprocess.c +@@ -147,9 +147,14 @@ polkit_unix_process_set_property (GObject *object, + polkit_unix_process_set_pid (unix_process, g_value_get_int (value)); + break; + +- case PROP_UID: +- polkit_unix_process_set_uid (unix_process, g_value_get_int (value)); ++ case PROP_UID: { ++ gint val; ++ ++ val = g_value_get_int (value); ++ g_return_if_fail (val != -1); ++ polkit_unix_process_set_uid (unix_process, val); + break; ++ } + + case PROP_START_TIME: + polkit_unix_process_set_start_time (unix_process, g_value_get_uint64 (value)); +@@ -227,7 +232,7 @@ polkit_unix_process_class_init (PolkitUnixProcessClass *klass) + g_param_spec_int ("uid", + "User ID", + "The UNIX user ID", +- -1, ++ G_MININT, + G_MAXINT, + -1, + G_PARAM_CONSTRUCT | +@@ -291,7 +296,6 @@ polkit_unix_process_set_uid (PolkitUnixProcess *process, + gint uid) + { + g_return_if_fail (POLKIT_IS_UNIX_PROCESS (process)); +- g_return_if_fail (uid >= -1); + process->uid = uid; + } + +diff --git a/src/polkit/polkitunixuser.c b/src/polkit/polkitunixuser.c +index 8bfd3a1..234a697 100644 +--- a/src/polkit/polkitunixuser.c ++++ b/src/polkit/polkitunixuser.c +@@ -72,6 +72,7 @@ G_DEFINE_TYPE_WITH_CODE (PolkitUnixUser, polkit_unix_user, G_TYPE_OBJECT, + static void + polkit_unix_user_init (PolkitUnixUser *unix_user) + { ++ unix_user->uid = -1; /* (uid_t) -1 is not a valid UID under Linux */ + unix_user->name = NULL; + } + +@@ -112,11 +113,14 @@ polkit_unix_user_set_property (GObject *object, + GParamSpec *pspec) + { + PolkitUnixUser *unix_user = POLKIT_UNIX_USER (object); ++ gint val; + + switch (prop_id) + { + case PROP_UID: +- unix_user->uid = g_value_get_int (value); ++ val = g_value_get_int (value); ++ g_return_if_fail (val != -1); ++ unix_user->uid = val; + break; + + default: +@@ -144,9 +148,9 @@ polkit_unix_user_class_init (PolkitUnixUserClass *klass) + g_param_spec_int ("uid", + "User ID", + "The UNIX user ID", +- 0, ++ G_MININT, + G_MAXINT, +- 0, ++ -1, + G_PARAM_CONSTRUCT | + G_PARAM_READWRITE | + G_PARAM_STATIC_NAME | +@@ -182,6 +186,7 @@ polkit_unix_user_set_uid (PolkitUnixUser *user, + gint uid) + { + g_return_if_fail (POLKIT_IS_UNIX_USER (user)); ++ g_return_if_fail (uid != -1); + user->uid = uid; + } + +@@ -196,6 +201,8 @@ polkit_unix_user_set_uid (PolkitUnixUser *user, + PolkitIdentity * + polkit_unix_user_new (gint uid) + { ++ g_return_val_if_fail (uid != -1, NULL); ++ + return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_USER, + "uid", uid, + NULL)); diff --git a/patches/0.116/Allow-uid-of-1-for-a-PolkitUnixProcess.patch b/patches/0.116/Allow-uid-of-1-for-a-PolkitUnixProcess.patch new file mode 100644 index 00000000..a0a28ec6 --- /dev/null +++ b/patches/0.116/Allow-uid-of-1-for-a-PolkitUnixProcess.patch @@ -0,0 +1,43 @@ +From: Matthew Leeds +Date: Tue, 11 Dec 2018 12:04:26 -0800 +Subject: Allow uid of -1 for a PolkitUnixProcess + +Commit 2cb40c4d5 changed PolkitUnixUser, PolkitUnixGroup, and +PolkitUnixProcess to allow negative values for their uid/gid properties, +since these are values above INT_MAX which wrap around but are still +valid, with the exception of -1 which is not valid. However, +PolkitUnixProcess allows a uid of -1 to be passed to +polkit_unix_process_new_for_owner() which means polkit is expected to +figure out the uid on its own (this happens in the _constructed +function). So this commit removes the check in +polkit_unix_process_set_property() so that new_for_owner() can be used +as documented without producing a critical error message. + +This does not affect the protection against CVE-2018-19788 which is +based on creating a user with a UID up to but not including 4294967295 +(-1). +--- + src/polkit/polkitunixprocess.c | 9 ++------- + 1 file changed, 2 insertions(+), 7 deletions(-) + +diff --git a/src/polkit/polkitunixprocess.c b/src/polkit/polkitunixprocess.c +index fc5afa1..53537fa 100644 +--- a/src/polkit/polkitunixprocess.c ++++ b/src/polkit/polkitunixprocess.c +@@ -216,14 +216,9 @@ polkit_unix_process_set_property (GObject *object, + polkit_unix_process_set_pid (unix_process, g_value_get_int (value)); + break; + +- case PROP_UID: { +- gint val; +- +- val = g_value_get_int (value); +- g_return_if_fail (val != -1); +- polkit_unix_process_set_uid (unix_process, val); ++ case PROP_UID: ++ polkit_unix_process_set_uid (unix_process, g_value_get_int (value)); + break; +- } + + case PROP_START_TIME: + polkit_unix_process_set_start_time (unix_process, g_value_get_uint64 (value)); diff --git a/patches/0.116/Elaborate-message-printed-by-polkit-when-disconnecting-fr.patch b/patches/0.116/Elaborate-message-printed-by-polkit-when-disconnecting-fr.patch new file mode 100644 index 00000000..751133f6 --- /dev/null +++ b/patches/0.116/Elaborate-message-printed-by-polkit-when-disconnecting-fr.patch @@ -0,0 +1,51 @@ +From: Jan Rybar +Date: Wed, 15 Aug 2018 18:50:56 +0200 +Subject: Elaborate message printed by polkit when disconnecting from ssh + +Polkit raises unnecessarily elaborate warning message when user restarts machine from ssh. +This message was moved to debug mode. + +Origin: upstream, 0.116, commit:b1cc525ff5a50e20c9f921f898f0556e07675e58 +--- + src/polkitagent/polkitagentlistener.c | 12 ++++++------ + 1 file changed, 6 insertions(+), 6 deletions(-) + +diff --git a/src/polkitagent/polkitagentlistener.c b/src/polkitagent/polkitagentlistener.c +index 0003851..e0b7b57 100644 +--- a/src/polkitagent/polkitagentlistener.c ++++ b/src/polkitagent/polkitagentlistener.c +@@ -177,10 +177,10 @@ on_notify_authority_owner (GObject *object, + owner = polkit_authority_get_owner (server->authority); + if (owner == NULL) + { +- g_printerr ("PolicyKit daemon disconnected from the bus.\n"); ++ g_debug ("PolicyKit daemon disconnected from the bus.\n"); + + if (server->is_registered) +- g_printerr ("We are no longer a registered authentication agent.\n"); ++ g_debug ("We are no longer a registered authentication agent.\n"); + + server->is_registered = FALSE; + } +@@ -191,17 +191,17 @@ on_notify_authority_owner (GObject *object, + { + GError *error; + +- g_printerr ("PolicyKit daemon reconnected to bus.\n"); +- g_printerr ("Attempting to re-register as an authentication agent.\n"); ++ g_debug ("PolicyKit daemon reconnected to bus.\n"); ++ g_debug ("Attempting to re-register as an authentication agent.\n"); + + error = NULL; + if (server_register (server, &error)) + { +- g_printerr ("We are now a registered authentication agent.\n"); ++ g_debug ("We are now a registered authentication agent.\n"); + } + else + { +- g_printerr ("Failed to register as an authentication agent: %s\n", error->message); ++ g_debug ("Failed to register as an authentication agent: %s\n", error->message); + g_error_free (error); + } + } diff --git a/patches/0.116/Error-message-raised-on-every-systemctl-start-in-emergenc.patch b/patches/0.116/Error-message-raised-on-every-systemctl-start-in-emergenc.patch new file mode 100644 index 00000000..6956290f --- /dev/null +++ b/patches/0.116/Error-message-raised-on-every-systemctl-start-in-emergenc.patch @@ -0,0 +1,27 @@ +From: Jan Rybar +Date: Wed, 15 Aug 2018 18:56:43 +0200 +Subject: Error message raised on every 'systemctl start' in emergency.target + +Superuser should know that polkit is not running in emergency.target. +If not, basic info with debug sources is offered instead of error message. +Other usecases taken into account. + +Origin: upstream, 0.116, commit:8c1bc8ab182f33a55503d30aa7a4ee96f822d903 +--- + src/programs/pkttyagent.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/programs/pkttyagent.c b/src/programs/pkttyagent.c +index 488ca8b..fe74765 100644 +--- a/src/programs/pkttyagent.c ++++ b/src/programs/pkttyagent.c +@@ -180,7 +180,8 @@ main (int argc, char *argv[]) + authority = polkit_authority_get_sync (NULL /* GCancellable* */, &error); + if (authority == NULL) + { +- g_printerr ("Error getting authority: %s (%s, %d)\n", ++ g_printerr ("Authorization not available. Check if polkit service is running or see debug message for more information.\n"); ++ g_debug ("Error getting authority: %s (%s, %d)\n", + error->message, g_quark_to_string (error->domain), error->code); + g_error_free (error); + ret = 127; diff --git a/patches/0.116/Fix-a-critical-warning-on-calling-polkit_permission_new_s.patch b/patches/0.116/Fix-a-critical-warning-on-calling-polkit_permission_new_s.patch new file mode 100644 index 00000000..bea03291 --- /dev/null +++ b/patches/0.116/Fix-a-critical-warning-on-calling-polkit_permission_new_s.patch @@ -0,0 +1,32 @@ +From: Richard Hughes +Date: Thu, 19 Oct 2017 13:43:22 +0100 +Subject: Fix a critical warning on calling polkit_permission_new_sync with no + system bus + +Origin: upstream, 0.116, commit:984d16e6d21c6d6b0fc28d4fe7fe82575a43c95b +--- + src/polkit/polkitpermission.c | 11 +++++++---- + 1 file changed, 7 insertions(+), 4 deletions(-) + +diff --git a/src/polkit/polkitpermission.c b/src/polkit/polkitpermission.c +index f264094..d4b2459 100644 +--- a/src/polkit/polkitpermission.c ++++ b/src/polkit/polkitpermission.c +@@ -137,10 +137,13 @@ polkit_permission_finalize (GObject *object) + g_free (permission->tmp_authz_id); + g_object_unref (permission->subject); + +- g_signal_handlers_disconnect_by_func (permission->authority, +- on_authority_changed, +- permission); +- g_object_unref (permission->authority); ++ if (permission->authority != NULL) ++ { ++ g_signal_handlers_disconnect_by_func (permission->authority, ++ on_authority_changed, ++ permission); ++ g_object_unref (permission->authority); ++ } + + if (G_OBJECT_CLASS (polkit_permission_parent_class)->finalize != NULL) + G_OBJECT_CLASS (polkit_permission_parent_class)->finalize (object); diff --git a/patches/0.116/Possible-resource-leak-found-by-static-analyzer.patch b/patches/0.116/Possible-resource-leak-found-by-static-analyzer.patch new file mode 100644 index 00000000..955e0f31 --- /dev/null +++ b/patches/0.116/Possible-resource-leak-found-by-static-analyzer.patch @@ -0,0 +1,21 @@ +From: Jan Rybar +Date: Thu, 9 Aug 2018 16:46:38 +0200 +Subject: Possible resource leak found by static analyzer + +Origin: upstream, 0.116, commit:542c6ec832919df6a74e16aba574adaeebe35e08 +--- + src/polkitagent/polkitagentlistener.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/polkitagent/polkitagentlistener.c b/src/polkitagent/polkitagentlistener.c +index 2bfda2d..0003851 100644 +--- a/src/polkitagent/polkitagentlistener.c ++++ b/src/polkitagent/polkitagentlistener.c +@@ -440,6 +440,7 @@ polkit_agent_listener_register_with_options (PolkitAgentListener *listener, + server->thread_initialization_error = NULL; + g_thread_join (server->thread); + server_free (server); ++ server = NULL; + goto out; + } + } diff --git a/patches/0.116/backend-Compare-PolkitUnixProcess-uids-for-temporary-auth.patch b/patches/0.116/backend-Compare-PolkitUnixProcess-uids-for-temporary-auth.patch new file mode 100644 index 00000000..81ae14ca --- /dev/null +++ b/patches/0.116/backend-Compare-PolkitUnixProcess-uids-for-temporary-auth.patch @@ -0,0 +1,181 @@ +From: Colin Walters +Date: Fri, 4 Jan 2019 14:24:48 -0500 +Subject: backend: Compare PolkitUnixProcess uids for temporary authorizations + +It turns out that the combination of `(pid, start time)` is not +enough to be unique. For temporary authorizations, we can avoid +separate users racing on pid reuse by simply comparing the uid. + +https://bugs.chromium.org/p/project-zero/issues/detail?id=1692 + +And the above original email report is included in full in a new comment. + +Reported-by: Jann Horn + +Bug: https://gitlab.freedesktop.org/polkit/polkit/issues/75 +Origin: upstream, 0.116, commit:6cc6aafee135ba44ea748250d7d29b562ca190e3 +--- + src/polkit/polkitsubject.c | 2 + + src/polkit/polkitunixprocess.c | 71 +++++++++++++++++++++- + .../polkitbackendinteractiveauthority.c | 39 +++++++++++- + 3 files changed, 110 insertions(+), 2 deletions(-) + +diff --git a/src/polkit/polkitsubject.c b/src/polkit/polkitsubject.c +index 78ec745..fadcfe9 100644 +--- a/src/polkit/polkitsubject.c ++++ b/src/polkit/polkitsubject.c +@@ -99,6 +99,8 @@ polkit_subject_hash (PolkitSubject *subject) + * @b: A #PolkitSubject. + * + * Checks if @a and @b are equal, ie. represent the same subject. ++ * However, avoid calling polkit_subject_equal() to compare two processes; ++ * for more information see the `PolkitUnixProcess` documentation. + * + * This function can be used in e.g. g_hash_table_new(). + * +diff --git a/src/polkit/polkitunixprocess.c b/src/polkit/polkitunixprocess.c +index 02a083f..fc5afa1 100644 +--- a/src/polkit/polkitunixprocess.c ++++ b/src/polkit/polkitunixprocess.c +@@ -44,7 +44,10 @@ + * @title: PolkitUnixProcess + * @short_description: Unix processs + * +- * An object for representing a UNIX process. ++ * An object for representing a UNIX process. NOTE: This object as ++ * designed is now known broken; a mechanism to exploit a delay in ++ * start time in the Linux kernel was identified. Avoid ++ * calling polkit_subject_equal() to compare two processes. + * + * To uniquely identify processes, both the process id and the start + * time of the process (a monotonic increasing value representing the +@@ -59,6 +62,72 @@ + * polkit_unix_process_new_for_owner() with trusted data. + */ + ++/* See https://gitlab.freedesktop.org/polkit/polkit/issues/75 ++ ++ But quoting the original email in full here to ensure it's preserved: ++ ++ From: Jann Horn ++ Subject: [SECURITY] polkit: temporary auth hijacking via PID reuse and non-atomic fork ++ Date: Wednesday, October 10, 2018 5:34 PM ++ ++When a (non-root) user attempts to e.g. control systemd units in the system ++instance from an active session over DBus, the access is gated by a polkit ++policy that requires "auth_admin_keep" auth. This results in an auth prompt ++being shown to the user, asking the user to confirm the action by entering the ++password of an administrator account. ++ ++After the action has been confirmed, the auth decision for "auth_admin_keep" is ++cached for up to five minutes. Subject to some restrictions, similar actions can ++then be performed in this timespan without requiring re-auth: ++ ++ - The PID of the DBus client requesting the new action must match the PID of ++ the DBus client requesting the old action (based on SO_PEERCRED information ++ forwarded by the DBus daemon). ++ - The "start time" of the client's PID (as seen in /proc/$pid/stat, field 22) ++ must not have changed. The granularity of this timestamp is in the ++ millisecond range. ++ - polkit polls every two seconds whether a process with the expected start time ++ still exists. If not, the temporary auth entry is purged. ++ ++Without the start time check, this would obviously be buggy because an attacker ++could simply wait for the legitimate client to disappear, then create a new ++client with the same PID. ++ ++Unfortunately, the start time check is bypassable because fork() is not atomic. ++Looking at the source code of copy_process() in the kernel: ++ ++ p->start_time = ktime_get_ns(); ++ p->real_start_time = ktime_get_boot_ns(); ++ [...] ++ retval = copy_thread_tls(clone_flags, stack_start, stack_size, p, tls); ++ if (retval) ++ goto bad_fork_cleanup_io; ++ ++ if (pid != &init_struct_pid) { ++ pid = alloc_pid(p->nsproxy->pid_ns_for_children); ++ if (IS_ERR(pid)) { ++ retval = PTR_ERR(pid); ++ goto bad_fork_cleanup_thread; ++ } ++ } ++ ++The ktime_get_boot_ns() call is where the "start time" of the process is ++recorded. The alloc_pid() call is where a free PID is allocated. In between ++these, some time passes; and because the copy_thread_tls() call between them can ++access userspace memory when sys_clone() is invoked through the 32-bit syscall ++entry point, an attacker can even stall the kernel arbitrarily long at this ++point (by supplying a pointer into userspace memory that is associated with a ++userfaultfd or is backed by a custom FUSE filesystem). ++ ++This means that an attacker can immediately call sys_clone() when the victim ++process is created, often resulting in a process that has the exact same start ++time reported in procfs; and then the attacker can delay the alloc_pid() call ++until after the victim process has died and the PID assignment has cycled ++around. This results in an attacker process that polkit can't distinguish from ++the victim process. ++*/ ++ ++ + /** + * PolkitUnixProcess: + * +diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c +index 97a8d80..1e17dfd 100644 +--- a/src/polkitbackend/polkitbackendinteractiveauthority.c ++++ b/src/polkitbackend/polkitbackendinteractiveauthority.c +@@ -2870,6 +2870,43 @@ temporary_authorization_store_free (TemporaryAuthorizationStore *store) + g_free (store); + } + ++/* See the comment at the top of polkitunixprocess.c */ ++static gboolean ++subject_equal_for_authz (PolkitSubject *a, ++ PolkitSubject *b) ++{ ++ if (!polkit_subject_equal (a, b)) ++ return FALSE; ++ ++ /* Now special case unix processes, as we want to protect against ++ * pid reuse by including the UID. ++ */ ++ if (POLKIT_IS_UNIX_PROCESS (a) && POLKIT_IS_UNIX_PROCESS (b)) { ++ PolkitUnixProcess *ap = (PolkitUnixProcess*)a; ++ int uid_a = polkit_unix_process_get_uid ((PolkitUnixProcess*)a); ++ PolkitUnixProcess *bp = (PolkitUnixProcess*)b; ++ int uid_b = polkit_unix_process_get_uid ((PolkitUnixProcess*)b); ++ ++ if (uid_a != -1 && uid_b != -1) ++ { ++ if (uid_a == uid_b) ++ { ++ return TRUE; ++ } ++ else ++ { ++ g_printerr ("denying slowfork; pid %d uid %d != %d!\n", ++ polkit_unix_process_get_pid (ap), ++ uid_a, uid_b); ++ return FALSE; ++ } ++ } ++ /* Fall through; one of the uids is unset so we can't reliably compare */ ++ } ++ ++ return TRUE; ++} ++ + static gboolean + temporary_authorization_store_has_authorization (TemporaryAuthorizationStore *store, + PolkitSubject *subject, +@@ -2912,7 +2949,7 @@ temporary_authorization_store_has_authorization (TemporaryAuthorizationStore *st + TemporaryAuthorization *authorization = l->data; + + if (strcmp (action_id, authorization->action_id) == 0 && +- polkit_subject_equal (subject_to_use, authorization->subject)) ++ subject_equal_for_authz (subject_to_use, authorization->subject)) + { + ret = TRUE; + if (out_tmp_authz_id != NULL) diff --git a/patches/0.116/pkttyagent-PolkitAgentTextListener-leaves-echo-tty-disabl.patch b/patches/0.116/pkttyagent-PolkitAgentTextListener-leaves-echo-tty-disabl.patch new file mode 100644 index 00000000..17cf070f --- /dev/null +++ b/patches/0.116/pkttyagent-PolkitAgentTextListener-leaves-echo-tty-disabl.patch @@ -0,0 +1,101 @@ +From: Jan Rybar +Date: Fri, 15 Mar 2019 16:07:53 +0000 +Subject: pkttyagent: PolkitAgentTextListener leaves echo tty disabled if + SIGINT/SIGTERM + +If no password is typed into terminal during authentication raised by PolkitAgentTextListener, pkttyagent sends kill (it receives from systemctl/hostnamectl e.g.) without chance to restore echoing back on. This cannot be done in on_request() since it's run in a thread without guarantee the signal is distributed there. + +Origin: upstream, 0.116, commit:bfb722bbe5a503095cc7e860f282b142f5aa75f1 +--- + src/programs/pkttyagent.c | 57 +++++++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 57 insertions(+) + +diff --git a/src/programs/pkttyagent.c b/src/programs/pkttyagent.c +index fe74765..eaccc05 100644 +--- a/src/programs/pkttyagent.c ++++ b/src/programs/pkttyagent.c +@@ -24,6 +24,10 @@ + #endif + + #include ++#include ++#include ++#include ++#include + #include + #define POLKIT_AGENT_I_KNOW_API_IS_SUBJECT_TO_CHANGE + #include +@@ -47,6 +51,36 @@ usage (int argc, char *argv[]) + } + + ++static volatile sig_atomic_t tty_flags_saved; ++struct termios ts; ++FILE *tty = NULL; ++struct sigaction savesigterm, savesigint, savesigtstp; ++ ++ ++static void tty_handler(int signal) ++{ ++ switch (signal) ++ { ++ case SIGTERM: ++ sigaction (SIGTERM, &savesigterm, NULL); ++ break; ++ case SIGINT: ++ sigaction (SIGINT, &savesigint, NULL); ++ break; ++ case SIGTSTP: ++ sigaction (SIGTSTP, &savesigtstp, NULL); ++ break; ++ } ++ ++ if (tty_flags_saved) ++ { ++ tcsetattr (fileno (tty), TCSAFLUSH, &ts); ++ } ++ ++ kill(getpid(), signal); ++} ++ ++ + int + main (int argc, char *argv[]) + { +@@ -64,6 +98,8 @@ main (int argc, char *argv[]) + guint ret = 126; + gint notify_fd = -1; + GVariantBuilder builder; ++ struct sigaction sa; ++ const char *tty_name = NULL; + + g_type_init (); + +@@ -232,6 +268,27 @@ main (int argc, char *argv[]) + } + } + ++/* Bash leaves tty echo disabled if SIGINT/SIGTERM comes to polkitagenttextlistener.c::on_request(), ++ but due to threading the handlers cannot take care of the signal there. ++ Though if controlling terminal cannot be found, the world won't stop spinning. ++*/ ++ tty_name = ctermid(NULL); ++ if (tty_name != NULL) ++ { ++ tty = fopen(tty_name, "r+"); ++ } ++ ++ if (tty != NULL && !tcgetattr (fileno (tty), &ts)) ++ { ++ tty_flags_saved = TRUE; ++ } ++ ++ memset (&sa, 0, sizeof (sa)); ++ sa.sa_handler = &tty_handler; ++ sigaction (SIGTERM, &sa, &savesigterm); ++ sigaction (SIGINT, &sa, &savesigint); ++ sigaction (SIGTSTP, &sa, &savesigtstp); ++ + loop = g_main_loop_new (NULL, FALSE); + g_main_loop_run (loop); + diff --git a/patches/0.116/tests-add-tests-for-high-uids.patch b/patches/0.116/tests-add-tests-for-high-uids.patch new file mode 100644 index 00000000..1549612a --- /dev/null +++ b/patches/0.116/tests-add-tests-for-high-uids.patch @@ -0,0 +1,106 @@ +From: =?utf-8?q?Zbigniew_J=C4=99drzejewski-Szmek?= +Date: Mon, 3 Dec 2018 11:20:34 +0100 +Subject: tests: add tests for high uids + +Modified by Marc Deslauriers for polkit 105 + +(cherry picked from commit b534a10727455409acd54018a9c91000e7626126) +--- + test/data/etc/group | 1 + + test/data/etc/passwd | 2 ++ + .../localauthority/10-test/com.example.pkla | 13 +++++++ + .../polkitbackendlocalauthoritytest.c | 41 +++++++++++++++++++++- + 4 files changed, 56 insertions(+), 1 deletion(-) + +diff --git a/test/data/etc/group b/test/data/etc/group +index 12ef328..b9acab9 100644 +--- a/test/data/etc/group ++++ b/test/data/etc/group +@@ -5,3 +5,4 @@ john:x:500: + jane:x:501: + sally:x:502: + henry:x:503: ++highuid2:x:4000000000: +diff --git a/test/data/etc/passwd b/test/data/etc/passwd +index 8544feb..5cf14a5 100644 +--- a/test/data/etc/passwd ++++ b/test/data/etc/passwd +@@ -3,3 +3,5 @@ john:x:500:500:John Done:/home/john:/bin/bash + jane:x:501:501:Jane Smith:/home/jane:/bin/bash + sally:x:502:502:Sally Derp:/home/sally:/bin/bash + henry:x:503:503:Henry Herp:/home/henry:/bin/bash ++highuid1:x:2147483648:2147483648:The first high uid:/home/highuid1:/sbin/nologin ++highuid2:x:4000000000:4000000000:An example high uid:/home/example:/sbin/nologin +diff --git a/test/data/etc/polkit-1/localauthority/10-test/com.example.pkla b/test/data/etc/polkit-1/localauthority/10-test/com.example.pkla +index bc64c5e..a35f9a3 100644 +--- a/test/data/etc/polkit-1/localauthority/10-test/com.example.pkla ++++ b/test/data/etc/polkit-1/localauthority/10-test/com.example.pkla +@@ -12,3 +12,16 @@ ResultAny=no + ResultInactive=auth_self + ResultActive=yes + ++[User john can do this] ++Identity=unix-user:john ++Action=net.company.john_action ++ResultAny=no ++ResultInactive=auth_self ++ResultActive=yes ++ ++[User highuid2 can do this] ++Identity=unix-user:highuid2 ++Action=net.company.highuid2_action ++ResultAny=no ++ResultInactive=auth_self ++ResultActive=yes +diff --git a/test/polkitbackend/polkitbackendlocalauthoritytest.c b/test/polkitbackend/polkitbackendlocalauthoritytest.c +index 617c254..b0bfefe 100644 +--- a/test/polkitbackend/polkitbackendlocalauthoritytest.c ++++ b/test/polkitbackend/polkitbackendlocalauthoritytest.c +@@ -226,7 +226,46 @@ struct auth_context check_authorization_test_data [] = { + {"unix-user:jane", TRUE, TRUE, "com.example.awesomeproduct.bar", + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, + POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED}, +- ++ /* highuid1 is not a member of group 'users', see test/data/etc/group ++ * group_membership_with_non_member(highuid22) */ ++ {"unix-user:highuid2", TRUE, TRUE, "com.example.awesomeproduct.foo", ++ POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, ++ POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN}, ++ /* highuid2 is not a member of group 'users', see test/data/etc/group ++ * group_membership_with_non_member(highuid21) */ ++ {"unix-user:highuid2", TRUE, TRUE, "com.example.awesomeproduct.foo", ++ POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, ++ POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN}, ++ /* highuid1 is not a member of group 'users', see test/data/etc/group ++ * group_membership_with_non_member(highuid24) */ ++ {"unix-user:2147483648", TRUE, TRUE, "com.example.awesomeproduct.foo", ++ POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, ++ POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN}, ++ /* highuid2 is not a member of group 'users', see test/data/etc/group ++ * group_membership_with_non_member(highuid23) */ ++ {"unix-user:4000000000", TRUE, TRUE, "com.example.awesomeproduct.foo", ++ POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, ++ POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN}, ++ /* john is authorized to do this, see com.example.pkla ++ * john_action */ ++ {"unix-user:john", TRUE, TRUE, "net.company.john_action", ++ POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, ++ POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED}, ++ /* only john is authorized to do this, see com.example.pkla ++ * jane_action */ ++ {"unix-user:jane", TRUE, TRUE, "net.company.john_action", ++ POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, ++ POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN}, ++ /* highuid2 is authorized to do this, see com.example.pkla ++ * highuid2_action */ ++ {"unix-user:highuid2", TRUE, TRUE, "net.company.highuid2_action", ++ POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, ++ POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED}, ++ /* only highuid2 is authorized to do this, see com.example.pkla ++ * highuid1_action */ ++ {"unix-user:highuid1", TRUE, TRUE, "net.company.highuid2_action", ++ POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, ++ POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN}, + {NULL}, + }; + diff --git a/patches/01_pam_polkit.patch b/patches/01_pam_polkit.patch new file mode 100644 index 00000000..5fc5533e --- /dev/null +++ b/patches/01_pam_polkit.patch @@ -0,0 +1,26 @@ +From: Michael Biebl +Date: Tue, 2 Oct 2007 22:38:04 +0200 +Subject: Use Debian's common-* PAM infrastructure, plus pam_env + +Forwarded: no, Debian-specific +--- + data/polkit-1.in | 10 ++++++---- + 1 file changed, 6 insertions(+), 4 deletions(-) + +diff --git a/data/polkit-1.in b/data/polkit-1.in +index 142dadd..6f8af2a 100644 +--- a/data/polkit-1.in ++++ b/data/polkit-1.in +@@ -1,6 +1,8 @@ + #%PAM-1.0 + +-auth include @PAM_FILE_INCLUDE_AUTH@ +-account include @PAM_FILE_INCLUDE_ACCOUNT@ +-password include @PAM_FILE_INCLUDE_PASSWORD@ +-session include @PAM_FILE_INCLUDE_SESSION@ ++@include common-auth ++@include common-account ++@include common-password ++session required pam_env.so readenv=1 user_readenv=0 ++session required pam_env.so readenv=1 envfile=/etc/default/locale user_readenv=0 ++@include common-session-noninteractive diff --git a/patches/02_gettext.patch b/patches/02_gettext.patch new file mode 100644 index 00000000..72f1c022 --- /dev/null +++ b/patches/02_gettext.patch @@ -0,0 +1,193 @@ +From: Robert Ancell +Date: Wed, 18 Aug 2010 16:26:15 +1000 +Subject: Use gettext for translations in .policy files + +Bug: http://bugs.freedesktop.org/show_bug.cgi?id=29639 +Bug-Ubuntu: https://launchpad.net/bugs/619632 +--- + src/polkitbackend/polkitbackendactionpool.c | 49 +++++++++++++++++++++++++++++ + 1 file changed, 49 insertions(+) + +diff --git a/src/polkitbackend/polkitbackendactionpool.c b/src/polkitbackend/polkitbackendactionpool.c +index b16ed2f..3b0e400 100644 +--- a/src/polkitbackend/polkitbackendactionpool.c ++++ b/src/polkitbackend/polkitbackendactionpool.c +@@ -24,6 +24,8 @@ + #include + #include + #include ++#include ++#include + + #include + #include +@@ -44,7 +46,9 @@ typedef struct + gchar *vendor_url; + gchar *icon_name; + gchar *description; ++ gchar *description_domain; + gchar *message; ++ gchar *message_domain; + + PolkitImplicitAuthorization implicit_authorization_any; + PolkitImplicitAuthorization implicit_authorization_inactive; +@@ -65,7 +69,9 @@ parsed_action_free (ParsedAction *action) + g_free (action->vendor_url); + g_free (action->icon_name); + g_free (action->description); ++ g_free (action->description_domain); + g_free (action->message); ++ g_free (action->message_domain); + + g_hash_table_unref (action->localized_description); + g_hash_table_unref (action->localized_message); +@@ -85,6 +91,7 @@ static void ensure_all_files (PolkitBackendActionPool *pool); + + static const gchar *_localize (GHashTable *translations, + const gchar *untranslated, ++ const gchar *domain, + const gchar *lang); + + typedef struct +@@ -385,9 +392,11 @@ polkit_backend_action_pool_get_action (PolkitBackendActionPool *pool, + + description = _localize (parsed_action->localized_description, + parsed_action->description, ++ parsed_action->description_domain, + locale); + message = _localize (parsed_action->localized_message, + parsed_action->message, ++ parsed_action->message_domain, + locale); + + ret = polkit_action_description_new (action_id, +@@ -603,11 +612,16 @@ typedef struct { + GHashTable *policy_messages; + + char *policy_description_nolang; ++ char *policy_description_domain; + char *policy_message_nolang; ++ char *policy_message_domain; + + /* the value of xml:lang for the thing we're reading in _cdata() */ + char *elem_lang; + ++ /* the value of gettext-domain for the thing we're reading in _cdata() */ ++ char *elem_domain; ++ + char *annotate_key; + GHashTable *annotations; + +@@ -629,8 +643,12 @@ pd_unref_action_data (ParserData *pd) + + g_free (pd->policy_description_nolang); + pd->policy_description_nolang = NULL; ++ g_free (pd->policy_description_domain); ++ pd->policy_description_domain = NULL; + g_free (pd->policy_message_nolang); + pd->policy_message_nolang = NULL; ++ g_free (pd->policy_message_domain); ++ pd->policy_message_domain = NULL; + if (pd->policy_descriptions != NULL) + { + g_hash_table_unref (pd->policy_descriptions); +@@ -650,6 +668,8 @@ pd_unref_action_data (ParserData *pd) + } + g_free (pd->elem_lang); + pd->elem_lang = NULL; ++ g_free (pd->elem_domain); ++ pd->elem_domain = NULL; + } + + static void +@@ -737,6 +757,10 @@ _start (void *data, const char *el, const char **attr) + { + pd->elem_lang = g_strdup (attr[1]); + } ++ if (num_attr == 2 && strcmp (attr[0], "gettext-domain") == 0) ++ { ++ pd->elem_domain = g_strdup (attr[1]); ++ } + state = STATE_IN_ACTION_DESCRIPTION; + } + else if (strcmp (el, "message") == 0) +@@ -745,6 +769,10 @@ _start (void *data, const char *el, const char **attr) + { + pd->elem_lang = g_strdup (attr[1]); + } ++ if (num_attr == 2 && strcmp (attr[0], "gettext-domain") == 0) ++ { ++ pd->elem_domain = g_strdup (attr[1]); ++ } + state = STATE_IN_ACTION_MESSAGE; + } + else if (strcmp (el, "vendor") == 0 && num_attr == 0) +@@ -847,6 +875,7 @@ _cdata (void *data, const char *s, int len) + { + g_free (pd->policy_description_nolang); + pd->policy_description_nolang = str; ++ pd->policy_description_domain = g_strdup (pd->elem_domain); + str = NULL; + } + else +@@ -863,6 +892,7 @@ _cdata (void *data, const char *s, int len) + { + g_free (pd->policy_message_nolang); + pd->policy_message_nolang = str; ++ pd->policy_message_domain = g_strdup (pd->elem_domain); + str = NULL; + } + else +@@ -960,6 +990,8 @@ _end (void *data, const char *el) + + g_free (pd->elem_lang); + pd->elem_lang = NULL; ++ g_free (pd->elem_domain); ++ pd->elem_domain = NULL; + + switch (pd->state) + { +@@ -990,7 +1022,9 @@ _end (void *data, const char *el) + action->vendor_url = g_strdup (vendor_url); + action->icon_name = g_strdup (icon_name); + action->description = g_strdup (pd->policy_description_nolang); ++ action->description_domain = g_strdup (pd->policy_description_domain); + action->message = g_strdup (pd->policy_message_nolang); ++ action->message_domain = g_strdup (pd->policy_message_domain); + + action->localized_description = pd->policy_descriptions; + action->localized_message = pd->policy_messages; +@@ -1093,6 +1127,7 @@ error: + * _localize: + * @translations: a mapping from xml:lang to the value, e.g. 'da' -> 'Smadre', 'en_CA' -> 'Punch, Aye!' + * @untranslated: the untranslated value, e.g. 'Punch' ++ * @domain: the gettext domain for this string. Make be NULL. + * @lang: the locale we're interested in, e.g. 'da_DK', 'da', 'en_CA', 'en_US'; basically just $LANG + * with the encoding cut off. Maybe be NULL. + * +@@ -1103,11 +1138,25 @@ error: + static const gchar * + _localize (GHashTable *translations, + const gchar *untranslated, ++ const gchar *domain, + const gchar *lang) + { + const gchar *result; + gchar **langs; + guint n; ++ ++ if (domain != NULL) ++ { ++ gchar *old_locale; ++ ++ old_locale = g_strdup (setlocale (LC_ALL, NULL)); ++ setlocale (LC_ALL, lang); ++ result = dgettext (domain, untranslated); ++ setlocale (LC_ALL, old_locale); ++ g_free (old_locale); ++ ++ goto out; ++ } + + if (lang == NULL) + { diff --git a/patches/05_revert-admin-identities-unix-group-wheel.patch b/patches/05_revert-admin-identities-unix-group-wheel.patch new file mode 100644 index 00000000..bd6e9b94 --- /dev/null +++ b/patches/05_revert-admin-identities-unix-group-wheel.patch @@ -0,0 +1,35 @@ +From: Michael Biebl +Date: Fri, 9 Dec 2011 00:31:21 +0100 +Subject: Revert "Default to AdminIdentities=unix-group:wheel for local + authority" + +This reverts commit 763faf434b445c20ae9529100d3ef5290976d0c9. + +On Red Hat derivatives, every member of group 'wheel' is necessarily +privileged. On Debian derivatives, there is no wheel group, and gid 0 +(root) is not used in this way. Change the default rule to consider +uid 0 to be privileged, instead. + +On Red Hat derivatives, 50-default.rules is not preserved by upgrades; +on dpkg-based systems, it is a proper conffile and may be edited +(at the sysadmin's own risk), so the comment about not editing it is +misleading. + +[smcv: added longer explanation of why we make this change; +remove unrelated cosmetic change to a man page] + +Forwarded: no, Debian-specific +--- + src/polkitbackend/50-localauthority.conf | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/polkitbackend/50-localauthority.conf b/src/polkitbackend/50-localauthority.conf +index 5e44bde..20e0ba3 100644 +--- a/src/polkitbackend/50-localauthority.conf ++++ b/src/polkitbackend/50-localauthority.conf +@@ -7,4 +7,4 @@ + # + + [Configuration] +-AdminIdentities=unix-group:wheel ++AdminIdentities=unix-user:0 diff --git a/patches/06_systemd-service.patch b/patches/06_systemd-service.patch new file mode 100644 index 00000000..36363c4a --- /dev/null +++ b/patches/06_systemd-service.patch @@ -0,0 +1,18 @@ +From: Michael Biebl +Date: Sat, 11 Feb 2012 23:48:29 +0100 +Subject: Install systemd service file for polkitd. + +Forwarded: no, obsoleted by an upstream commit in 0.106 +--- + data/org.freedesktop.PolicyKit1.service.in | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/data/org.freedesktop.PolicyKit1.service.in b/data/org.freedesktop.PolicyKit1.service.in +index b6cd02b..fbceb3f 100644 +--- a/data/org.freedesktop.PolicyKit1.service.in ++++ b/data/org.freedesktop.PolicyKit1.service.in +@@ -2,3 +2,4 @@ + Name=org.freedesktop.PolicyKit1 + Exec=@libexecdir@/polkitd --no-debug + User=root ++SystemdService=polkit.service diff --git a/patches/10_build-against-libsystemd.patch b/patches/10_build-against-libsystemd.patch new file mode 100644 index 00000000..6230a631 --- /dev/null +++ b/patches/10_build-against-libsystemd.patch @@ -0,0 +1,32 @@ +From: Michael Biebl +Date: Wed, 8 Jul 2015 02:08:33 +0200 +Subject: Build against libsystemd + +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779756 +Forwarded: no, obsoleted by upstream commit 2291767a014f5a04a92ca6f0eb472794f212ca67 in 0.113 +--- + configure.ac | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/configure.ac b/configure.ac +index 388605d..f55ddb7 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -160,7 +160,7 @@ AC_ARG_ENABLE([systemd], + [enable_systemd=auto]) + if test "$enable_systemd" != "no"; then + PKG_CHECK_MODULES(SYSTEMD, +- [libsystemd-login], ++ [libsystemd], + have_systemd=yes, + have_systemd=no) + if test "$have_systemd" = "yes"; then +@@ -171,7 +171,7 @@ if test "$enable_systemd" != "no"; then + LIBS=$save_LIBS + else + if test "$enable_systemd" = "yes"; then +- AC_MSG_ERROR([systemd support requested but libsystemd-login1 library not found]) ++ AC_MSG_ERROR([systemd support requested but libsystemd library not found]) + fi + fi + fi diff --git a/patches/Move-D-Bus-policy-file-to-usr-share-dbus-1-system.d.patch b/patches/Move-D-Bus-policy-file-to-usr-share-dbus-1-system.d.patch new file mode 100644 index 00000000..574a25d8 --- /dev/null +++ b/patches/Move-D-Bus-policy-file-to-usr-share-dbus-1-system.d.patch @@ -0,0 +1,31 @@ +From: Michael Biebl +Date: Tue, 27 Nov 2018 18:36:27 +0100 +Subject: Move D-Bus policy file to /usr/share/dbus-1/system.d/ + +To better support stateless systems with an empty /etc, the old location +in /etc/dbus-1/system.d/ should only be used for local admin changes. +Package provided D-Bus policy files are supposed to be installed in +/usr/share/dbus-1/system.d/. + +This is supported since dbus 1.9.18. + +https://lists.freedesktop.org/archives/dbus/2015-July/016746.html + +https://gitlab.freedesktop.org/polkit/polkit/merge_requests/11 +--- + data/Makefile.am | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/data/Makefile.am b/data/Makefile.am +index e1a60aa..3d87439 100644 +--- a/data/Makefile.am ++++ b/data/Makefile.am +@@ -9,7 +9,7 @@ service_DATA = $(service_in_files:.service.in=.service) + $(service_DATA): $(service_in_files) Makefile + @sed -e "s|\@libexecdir\@|$(libexecdir)|" $< > $@ + +-dbusconfdir = $(sysconfdir)/dbus-1/system.d ++dbusconfdir = $(datadir)/dbus-1/system.d + dbusconf_DATA = org.freedesktop.PolicyKit1.conf + + if POLKIT_AUTHFW_PAM diff --git a/patches/Remove-example-null-backend.patch b/patches/Remove-example-null-backend.patch new file mode 100644 index 00000000..a6301a03 --- /dev/null +++ b/patches/Remove-example-null-backend.patch @@ -0,0 +1,80 @@ +From: Simon McVittie +Date: Thu, 4 Jul 2019 14:30:29 +0100 +Subject: Remove example null backend + +There's no point in this now that we've removed the ability to extend +polkit. + +Signed-off-by: Simon McVittie +--- + configure.ac | 1 - + docs/polkit/overview.xml | 34 ---------------------------------- + src/Makefile.am | 2 +- + 3 files changed, 1 insertion(+), 36 deletions(-) + +diff --git a/configure.ac b/configure.ac +index abfdd1f..22b9a19 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -447,7 +447,6 @@ src/polkitagent/Makefile + src/polkitd/Makefile + src/programs/Makefile + src/examples/Makefile +-src/nullbackend/Makefile + docs/version.xml + docs/extensiondir.xml + docs/Makefile +diff --git a/docs/polkit/overview.xml b/docs/polkit/overview.xml +index 8ddb34c..9251579 100644 +--- a/docs/polkit/overview.xml ++++ b/docs/polkit/overview.xml +@@ -91,38 +91,4 @@ + information on standard output. + + +- +- +- Extending polkit +- +- polkit exports a number of extension points to +- replace/customize behavior of the polkit daemon. Note that +- all extensions run with super user privileges in the same +- process as the polkit daemon. +- +- +- The polkit daemons loads extensions +- from the &extensiondir; directory. See +- the GIO Extension Point +- documentation for more information about the extension +- system used by polkit. +- +- +- The following extension points are currently defined by +- polkit: +- +- +- +- POLKIT_BACKEND_AUTHORITY_EXTENSION_POINT_NAME +- +- Allows replacing the Authority – the entity responsible for +- making authorization decisions. Implementations of this +- extension point must be derived from the +- PolkitBackendAuthority class. See +- the src/nullbackend/ directory in the +- polkit sources for an example. +- +- +- +- + +diff --git a/src/Makefile.am b/src/Makefile.am +index 28c7bfa..3380fb2 100644 +--- a/src/Makefile.am ++++ b/src/Makefile.am +@@ -1,5 +1,5 @@ + +-SUBDIRS = polkit polkitbackend polkitagent polkitd nullbackend programs ++SUBDIRS = polkit polkitbackend polkitagent polkitd programs + + if BUILD_EXAMPLES + SUBDIRS += examples diff --git a/patches/Statically-link-libpolkit-backend1-into-polkitd.patch b/patches/Statically-link-libpolkit-backend1-into-polkitd.patch new file mode 100644 index 00000000..4a9760a8 --- /dev/null +++ b/patches/Statically-link-libpolkit-backend1-into-polkitd.patch @@ -0,0 +1,258 @@ +From: Simon McVittie +Date: Thu, 4 Jul 2019 14:12:44 +0100 +Subject: Statically link libpolkit-backend1 into polkitd + +Nothing else in Debian depends on that library: in principle it was +meant to be used for pluggable polkit backends, but those never actually +happened, and the library's API was never declared stable. + +Similar to part of 0f830c76 "Nuke polkitbackend library, localauthority +backend and extension system" upstream. + +Signed-off-by: Simon McVittie +--- + configure.ac | 1 - + data/Makefile.am | 2 +- + data/polkit-backend-1.pc.in | 11 ------ + docs/man/polkit.xml | 6 --- + docs/polkit/Makefile.am | 3 -- + docs/polkit/polkit-1-docs.xml | 7 ---- + docs/polkit/polkit-1-sections.txt | 80 --------------------------------------- + docs/polkit/polkit-1.types | 9 ----- + src/polkitbackend/Makefile.am | 13 +------ + 9 files changed, 2 insertions(+), 130 deletions(-) + delete mode 100644 data/polkit-backend-1.pc.in + +diff --git a/configure.ac b/configure.ac +index f55ddb7..abfdd1f 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -439,7 +439,6 @@ actions/Makefile + data/Makefile + data/polkit-1 + data/polkit-gobject-1.pc +-data/polkit-backend-1.pc + data/polkit-agent-1.pc + src/Makefile + src/polkit/Makefile +diff --git a/data/Makefile.am b/data/Makefile.am +index 3d87439..dad7c2f 100644 +--- a/data/Makefile.am ++++ b/data/Makefile.am +@@ -18,7 +18,7 @@ pam_DATA = polkit-1 + endif + + pkgconfigdir = $(libdir)/pkgconfig +-pkgconfig_DATA = polkit-gobject-1.pc polkit-backend-1.pc polkit-agent-1.pc ++pkgconfig_DATA = polkit-gobject-1.pc polkit-agent-1.pc + + # ---------------------------------------------------------------------------------------------------- + +diff --git a/data/polkit-backend-1.pc.in b/data/polkit-backend-1.pc.in +deleted file mode 100644 +index 7f6197d..0000000 +--- a/data/polkit-backend-1.pc.in ++++ /dev/null +@@ -1,11 +0,0 @@ +-prefix=@prefix@ +-exec_prefix=@exec_prefix@ +-libdir=@libdir@ +-includedir=@includedir@ +- +-Name: polkit-backend-1 +-Description: PolicyKit Backend API +-Version: @VERSION@ +-Libs: -L${libdir} -lpolkit-backend-1 +-Cflags: -I${includedir}/polkit-1 +-Requires: polkit-gobject-1 +diff --git a/docs/man/polkit.xml b/docs/man/polkit.xml +index 188c514..7933779 100644 +--- a/docs/man/polkit.xml ++++ b/docs/man/polkit.xml +@@ -115,12 +115,6 @@ System Context | | + PolicyKit D-Bus service. + + +- +- PolicyKit extensions and authority backends are implemented +- using the +- libpolkit-backend-1 library. +- +- + + See the + developer +diff --git a/docs/polkit/Makefile.am b/docs/polkit/Makefile.am +index fd7123f..c13372b 100644 +--- a/docs/polkit/Makefile.am ++++ b/docs/polkit/Makefile.am +@@ -31,8 +31,6 @@ INCLUDES = \ + $(GIO_CFLAGS) \ + -I$(top_srcdir)/src/polkit \ + -I$(top_builddir)/src/polkit \ +- -I$(top_srcdir)/src/polkitbackend \ +- -I$(top_builddir)/src/polkitbackend \ + -I$(top_srcdir)/src/polkitagent \ + -I$(top_builddir)/src/polkitagent \ + $(NULL) +@@ -42,7 +40,6 @@ GTKDOC_LIBS = \ + $(GLIB_LIBS) \ + $(GIO_LIBS) \ + $(top_builddir)/src/polkit/libpolkit-gobject-1.la \ +- $(top_builddir)/src/polkitbackend/libpolkit-backend-1.la \ + $(top_builddir)/src/polkitagent/libpolkit-agent-1.la \ + $(NULL) + +diff --git a/docs/polkit/polkit-1-docs.xml b/docs/polkit/polkit-1-docs.xml +index 21b3681..ec04b26 100644 +--- a/docs/polkit/polkit-1-docs.xml ++++ b/docs/polkit/polkit-1-docs.xml +@@ -47,13 +47,6 @@ + + + +- +- Backend API Reference +- +- +- +- +- + + Authentication Agent API Reference + +diff --git a/docs/polkit/polkit-1-sections.txt b/docs/polkit/polkit-1-sections.txt +index 3881004..41b37e3 100644 +--- a/docs/polkit/polkit-1-sections.txt ++++ b/docs/polkit/polkit-1-sections.txt +@@ -290,86 +290,6 @@ POLKIT_IS_DETAILS_CLASS + POLKIT_DETAILS_GET_CLASS +
+ +-
+-polkitbackendauthority +-PolkitBackendAuthority +-POLKIT_BACKEND_AUTHORITY_EXTENSION_POINT_NAME +-PolkitBackendAuthority +-PolkitBackendAuthorityClass +-polkit_backend_authority_get_name +-polkit_backend_authority_get_version +-polkit_backend_authority_get_features +-polkit_backend_authority_check_authorization +-polkit_backend_authority_check_authorization_finish +-polkit_backend_authority_register_authentication_agent +-polkit_backend_authority_unregister_authentication_agent +-polkit_backend_authority_authentication_agent_response +-polkit_backend_authority_enumerate_actions +-polkit_backend_authority_enumerate_temporary_authorizations +-polkit_backend_authority_revoke_temporary_authorizations +-polkit_backend_authority_revoke_temporary_authorization_by_id +-polkit_backend_authority_get +-polkit_backend_authority_register +-polkit_backend_authority_unregister +- +-POLKIT_BACKEND_AUTHORITY +-POLKIT_BACKEND_IS_AUTHORITY +-POLKIT_BACKEND_TYPE_AUTHORITY +-polkit_backend_authority_get_type +-POLKIT_BACKEND_AUTHORITY_CLASS +-POLKIT_BACKEND_IS_AUTHORITY_CLASS +-POLKIT_BACKEND_AUTHORITY_GET_CLASS +-
+- +-
+-polkitbackendactionlookup +-PolkitBackendActionLookup +-POLKIT_BACKEND_ACTION_LOOKUP_EXTENSION_POINT_NAME +-PolkitBackendActionLookup +-PolkitBackendActionLookupIface +-polkit_backend_action_lookup_get_message +-polkit_backend_action_lookup_get_icon_name +-polkit_backend_action_lookup_get_details +- +-POLKIT_BACKEND_ACTION_LOOKUP +-POLKIT_BACKEND_IS_ACTION_LOOKUP +-POLKIT_BACKEND_TYPE_ACTION_LOOKUP +-polkit_backend_action_lookup_get_type +-POLKIT_BACKEND_ACTION_LOOKUP_GET_IFACE +-
+- +-
+-polkitbackendlocalauthority +-PolkitBackendLocalAuthority +-PolkitBackendLocalAuthority +-PolkitBackendLocalAuthorityClass +- +-POLKIT_BACKEND_LOCAL_AUTHORITY +-POLKIT_BACKEND_IS_LOCAL_AUTHORITY +-POLKIT_BACKEND_TYPE_LOCAL_AUTHORITY +-polkit_backend_local_authority_get_type +-POLKIT_BACKEND_LOCAL_AUTHORITY_CLASS +-POLKIT_BACKEND_IS_LOCAL_AUTHORITY_CLASS +-POLKIT_BACKEND_LOCAL_AUTHORITY_GET_CLASS +-
+- +-
+-polkitbackendinteractiveauthority +-PolkitBackendInteractiveAuthority +-PolkitBackendInteractiveAuthority +-PolkitBackendInteractiveAuthorityClass +-polkit_backend_interactive_authority_get_admin_identities +-polkit_backend_interactive_authority_check_authorization_sync +- +-POLKIT_BACKEND_INTERACTIVE_AUTHORITY +-POLKIT_BACKEND_IS_INTERACTIVE_AUTHORITY +-POLKIT_BACKEND_TYPE_INTERACTIVE_AUTHORITY +-polkit_backend_interactive_authority_get_type +-POLKIT_BACKEND_INTERACTIVE_AUTHORITY_CLASS +-POLKIT_BACKEND_IS_INTERACTIVE_AUTHORITY_CLASS +-POLKIT_BACKEND_INTERACTIVE_AUTHORITY_GET_CLASS +-
+- +
+ polkitagentsession + PolkitAgentSession +diff --git a/docs/polkit/polkit-1.types b/docs/polkit/polkit-1.types +index b1e13cc..6354d12 100644 +--- a/docs/polkit/polkit-1.types ++++ b/docs/polkit/polkit-1.types +@@ -16,15 +16,6 @@ polkit_authorization_result_get_type + polkit_temporary_authorization_get_type + polkit_permission_get_type + +-polkit_backend_authority_get_type +-polkit_backend_interactive_authority_get_type +-polkit_backend_local_authority_get_type +-polkit_backend_action_lookup_get_type +-polkit_backend_action_pool_get_type +-polkit_backend_session_monitor_get_type +-polkit_backend_config_source_get_type +-polkit_backend_local_authorization_store_get_type +- + polkit_agent_session_get_type + polkit_agent_listener_get_type + polkit_agent_text_listener_get_type +diff --git a/src/polkitbackend/Makefile.am b/src/polkitbackend/Makefile.am +index b91cafa..cb25a6b 100644 +--- a/src/polkitbackend/Makefile.am ++++ b/src/polkitbackend/Makefile.am +@@ -16,18 +16,7 @@ INCLUDES = \ + -D_REENTRANT \ + $(NULL) + +-lib_LTLIBRARIES=libpolkit-backend-1.la +- +-libpolkit_backend_1includedir=$(includedir)/polkit-1/polkitbackend +- +-libpolkit_backend_1include_HEADERS = \ +- polkitbackend.h \ +- polkitbackendtypes.h \ +- polkitbackendauthority.h \ +- polkitbackendinteractiveauthority.h \ +- polkitbackendlocalauthority.h \ +- polkitbackendactionlookup.h \ +- $(NULL) ++noinst_LTLIBRARIES=libpolkit-backend-1.la + + libpolkit_backend_1_la_SOURCES = \ + $(BUILT_SOURCES) \ diff --git a/patches/series b/patches/series new file mode 100644 index 00000000..f38602c0 --- /dev/null +++ b/patches/series @@ -0,0 +1,62 @@ +0.106/agenthelper-pam-Fix-newline-trimming-code.patch +0.107/Try-harder-to-look-up-the-right-localization.patch +0.108/build-Fix-.gir-generation-for-parallel-make.patch +0.108/PolkitAgent-Avoid-crashing-if-initializing-the-server-obj.patch +0.110/07_set-XAUTHORITY-environment-variable-if-unset.patch +0.110/04_get_cwd.patch +0.111/09_pam_environment.patch +0.111/Add-a-FIXME-to-polkitprivate.h.patch +0.111/Fix-a-memory-leak.patch +0.112/00git_type_registration.patch +0.112/08_deprecate_racy_APIs.patch +0.112/cve-2013-4288.patch +0.114/polkitpermission-Fix-a-memory-leak-on-authority-changes.patch +0.113/Port-internals-non-deprecated-PolkitProcess-API-wher.patch +0.113/pkexec-Work-around-systemd-injecting-broken-XDG_RUNT.patch +0.113/03_PolkitAgentSession-fix-race-between-child-and-io-wat.patch +0.113/polkitd-Fix-problem-with-removing-non-existent-sourc.patch +0.113/PolkitSystemBusName-Add-public-API-to-retrieve-Unix-.patch +0.113/Fixed-compilation-problem-in-the-backend.patch +0.113/Don-t-discard-error-data-returned-by-polkit_system_b.patch +0.113/sessionmonitor-systemd-Deduplicate-code-paths.patch +0.113/PolkitSystemBusName-Retrieve-both-pid-and-uid.patch +0.113/sessionmonitor-systemd-prepare-for-D-Bus-user-bus-mo.patch +0.113/Refuse-duplicate-user-arguments-to-pkexec.patch +0.113/00git_fix_memleak.patch +0.113/00git_invalid_object_paths.patch +0.113/sessionmonitor-systemd-Use-sd_uid_get_state-to-check.patch +0.113/Fix-a-possible-NULL-dereference.patch +0.113/Remove-a-redundant-assignment.patch +0.113/Fix-duplicate-GError-use-when-uid-is-missing.patch +0.113/Fix-a-crash-when-two-authentication-requests-are-in-.patch +0.113/CVE-2015-4625-Use-unpredictable-cookie-values-keep-t.patch +0.113/CVE-2015-4625-Bind-use-of-cookies-to-specific-uids.patch +0.113/docs-Update-for-changes-to-uid-binding-Authenticatio.patch +0.113/Fix-a-per-authorization-memory-leak.patch +0.113/Fix-a-memory-leak-when-registering-an-authentication.patch +0.113/CVE-2015-3255-Fix-GHashTable-usage.patch +0.113/Fix-use-after-free-in-polkitagentsession.c.patch +0.113/README-Note-to-send-security-reports-via-DBus-s-mech.patch +0.114/Fix-multi-line-pam-text-info.patch +0.114/Refactor-send_to_helper-usage.patch +0.114/Add-gettext-support-for-.policy-files.patch +0.114/gettext-switch-to-default-translate-no.patch +0.114/Support-polkit-session-agent-running-outside-user-session.patch +0.115/Fix-CVE-2018-1116-Trusting-client-supplied-UID.patch +0.116/Possible-resource-leak-found-by-static-analyzer.patch +0.116/Elaborate-message-printed-by-polkit-when-disconnecting-fr.patch +0.116/Error-message-raised-on-every-systemctl-start-in-emergenc.patch +0.116/Fix-a-critical-warning-on-calling-polkit_permission_new_s.patch +0.116/Allow-negative-uids-gids-in-PolkitUnixUser-and-Group-obje.patch +0.116/tests-add-tests-for-high-uids.patch +0.116/backend-Compare-PolkitUnixProcess-uids-for-temporary-auth.patch +0.116/Allow-uid-of-1-for-a-PolkitUnixProcess.patch +0.116/pkttyagent-PolkitAgentTextListener-leaves-echo-tty-disabl.patch +01_pam_polkit.patch +02_gettext.patch +05_revert-admin-identities-unix-group-wheel.patch +06_systemd-service.patch +10_build-against-libsystemd.patch +Move-D-Bus-policy-file-to-usr-share-dbus-1-system.d.patch +Statically-link-libpolkit-backend1-into-polkitd.patch +Remove-example-null-backend.patch diff --git a/policykit-1-doc.install b/policykit-1-doc.install new file mode 100644 index 00000000..9ae10935 --- /dev/null +++ b/policykit-1-doc.install @@ -0,0 +1 @@ +usr/share/gtk-doc/html/polkit-1/* /usr/share/doc/policykit-1-doc/html/ diff --git a/policykit-1-doc.links b/policykit-1-doc.links new file mode 100644 index 00000000..567016f7 --- /dev/null +++ b/policykit-1-doc.links @@ -0,0 +1 @@ +usr/share/doc/policykit-1-doc/html/ usr/share/gtk-doc/html/polkit-1 diff --git a/policykit-1.bug-control b/policykit-1.bug-control new file mode 100644 index 00000000..0e19fcec --- /dev/null +++ b/policykit-1.bug-control @@ -0,0 +1 @@ +package-status: elogind libpam-elogind libpam-systemd systemd diff --git a/policykit-1.docs b/policykit-1.docs new file mode 100644 index 00000000..50bd824b --- /dev/null +++ b/policykit-1.docs @@ -0,0 +1,2 @@ +NEWS +README diff --git a/policykit-1.install b/policykit-1.install new file mode 100644 index 00000000..178fe1f5 --- /dev/null +++ b/policykit-1.install @@ -0,0 +1,11 @@ +debian/polkit.service lib/systemd/system/ +etc/pam.d/ +etc/polkit-1/ +usr/bin/ +usr/libexec/ +usr/share/dbus-1/ +usr/share/gettext/ +usr/share/locale/ +usr/share/man/ +usr/share/polkit-1/ +var/lib/polkit-1/ diff --git a/policykit-1.links b/policykit-1.links new file mode 100644 index 00000000..88d2cbed --- /dev/null +++ b/policykit-1.links @@ -0,0 +1 @@ +usr/libexec/polkit-agent-helper-1 usr/lib/policykit-1/polkit-agent-helper-1 diff --git a/policykit-1.lintian-overrides b/policykit-1.lintian-overrides new file mode 100644 index 00000000..233ca2b1 --- /dev/null +++ b/policykit-1.lintian-overrides @@ -0,0 +1,5 @@ +# On non-systemd systems, polkitd is started by traditional D-Bus activation +policykit-1: package-supports-alternative-init-but-no-init.d-script lib/systemd/system/polkit.service + +# Intentionally started on-demand rather than during boot +policykit-1: systemd-service-file-missing-install-key lib/systemd/system/polkit.service diff --git a/policykit-1.maintscript b/policykit-1.maintscript new file mode 100644 index 00000000..5fddde89 --- /dev/null +++ b/policykit-1.maintscript @@ -0,0 +1,2 @@ +rm_conffile /etc/dbus-1/system.d/org.freedesktop.PolicyKit1.conf 0.105-22~ +rm_conffile /etc/polkit-1/nullbackend.conf.d/50-nullbackend.conf 0.105-26~ diff --git a/policykit-1.postinst b/policykit-1.postinst new file mode 100644 index 00000000..56f95bd8 --- /dev/null +++ b/policykit-1.postinst @@ -0,0 +1,62 @@ +#!/bin/sh +# postinst script for policykit-1 +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * `configure' +# * `abort-upgrade' +# * `abort-remove' `in-favour' +# +# * `abort-remove' +# * `abort-deconfigure' `in-favour' +# `removing' +# +# for details, see http://www.debian.org/doc/debian-policy/ or +# the debian-policy package + +set_perms() { + USER=$1 + GROUP=$2 + MODE=$3 + FILE=$4 + if ! dpkg-statoverride --list $FILE > /dev/null 2>&1; then + chown $USER:$GROUP $FILE + chmod $MODE $FILE + fi +} + +case "$1" in + configure) + set_perms root root 700 /var/lib/polkit-1 + set_perms root root 700 /etc/polkit-1/localauthority + set_perms root root 4755 /usr/libexec/polkit-agent-helper-1 + set_perms root root 4755 /usr/bin/pkexec + ;; + + abort-upgrade|abort-remove|abort-deconfigure) + ;; + + *) + echo "postinst called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +# This can be removed after bullseye is released as stable +for d in /etc/polkit-1/nullbackend.conf.d; do + if [ -d "$d" ]; then + rmdir --ignore-fail-on-non-empty "$d" + fi +done + +exit 0 + + diff --git a/policykit-1.postrm b/policykit-1.postrm new file mode 100644 index 00000000..795972d8 --- /dev/null +++ b/policykit-1.postrm @@ -0,0 +1,14 @@ +#!/bin/sh + +set -e + +#DEBHELPER# + +# This can be removed after bullseye is released as stable +for d in /etc/polkit-1/nullbackend.conf.d /etc/polkit-1; do + if [ -d "$d" ]; then + rmdir --ignore-fail-on-non-empty "$d" + fi +done + +exit 0 diff --git a/polkit.service b/polkit.service new file mode 100644 index 00000000..f2698012 --- /dev/null +++ b/polkit.service @@ -0,0 +1,8 @@ +[Unit] +Description=Authorization Manager +Documentation=man:polkit(8) + +[Service] +Type=dbus +BusName=org.freedesktop.PolicyKit1 +ExecStart=/usr/libexec/polkitd --no-debug diff --git a/rules b/rules new file mode 100755 index 00000000..8e6f151c --- /dev/null +++ b/rules @@ -0,0 +1,47 @@ +#!/usr/bin/make -f +# -*- makefile -*- + +DEB_HOST_MULTIARCH ?= $(shell dpkg-architecture -qDEB_HOST_MULTIARCH) + +%: + dh $@ --with gir + +DPKG_GENSYMBOLS_CHECK_LEVEL=4 +export DPKG_GENSYMBOLS_CHECK_LEVEL + +ifeq (linux,$(DEB_HOST_ARCH_OS)) + SYSTEMD_CONFIG_FLAG = --enable-systemd +else + SYSTEMD_CONFIG_FLAG = --disable-systemd +endif + +override_dh_auto_configure: + dh_auto_configure -- \ + --enable-gtk-doc \ + --enable-man-pages \ + --enable-introspection \ + $(SYSTEMD_CONFIG_FLAG) \ + --disable-examples + +override_dh_auto_test: +ifeq (,$(filter nocheck,$(DEB_BUILD_OPTIONS))) + # on buildds we can't rely on actually having a system bus + dbus-run-session -- sh -c 'DBUS_SYSTEM_BUS_ADDRESS=$$DBUS_SESSION_BUS_ADDRESS make check' +endif + +override_dh_install: + # on Debian use sudo group; on Ubuntu, also allow the admin group for + # historical reasons + if dpkg-vendor --is ubuntu; then \ + /bin/echo -e "[Configuration]\nAdminIdentities=unix-group:sudo;unix-group:admin" > debian/tmp/etc/polkit-1/localauthority.conf.d/51-ubuntu-admin.conf; \ + elif dpkg-vendor --is debian; then \ + /bin/echo -e "[Configuration]\nAdminIdentities=unix-group:sudo" > debian/tmp/etc/polkit-1/localauthority.conf.d/51-debian-sudo.conf; \ + fi + find debian/tmp -name '*.la' -print -delete + dh_install + +override_dh_missing: + dh_missing --fail-missing + +override_dh_installsystemd: + dh_installsystemd --no-start --restart-after-upgrade diff --git a/shlibs.local b/shlibs.local new file mode 100644 index 00000000..adf77abe --- /dev/null +++ b/shlibs.local @@ -0,0 +1,2 @@ +libpolkit-agent-1 0 libpolkit-agent-1-0 (= ${binary:Version}) +libpolkit-gobject-1 0 libpolkit-gobject-1-0 (= ${binary:Version}) diff --git a/source/format b/source/format new file mode 100644 index 00000000..163aaf8d --- /dev/null +++ b/source/format @@ -0,0 +1 @@ +3.0 (quilt) diff --git a/tests/cli b/tests/cli new file mode 100755 index 00000000..5ace92f7 --- /dev/null +++ b/tests/cli @@ -0,0 +1,39 @@ +#!/bin/sh +set -eu + +assert_fail() { + if $1 2>&1; then + echo "FAIL: command '$1' unexpectedly succeeded" >&2 + exit 1 + fi +} + +assert_eq() { + if [ "$1" != "$2" ]; then + echo "FAIL: expected: '$2' actual: '$1'" >&2 + exit 1 + fi +} + +assert_in() { + if ! echo "$2" | grep -q "$1"; then + echo "FAIL: '$1' not found in:" >&2 + echo "$2" >&2 + exit 1 + fi +} + +echo "TEST: pkaction" +assert_in "org.freedesktop.policykit.exec" "$(pkaction)" +assert_eq "org.freedesktop.policykit.exec" "$(pkaction -a org.freedesktop.policykit.exec)" +assert_in "active.*auth_admin" "$(pkaction --verbose -a org.freedesktop.policykit.exec)" +assert_fail "pkaction -a unknown.action" + +echo "TEST: pkcheck" +if [ $(id -u) = 0 ]; then + assert_eq "" "$(pkcheck -a org.freedesktop.policykit.exec -p 1)" + assert_eq "" "$(pkcheck -a org.freedesktop.policykit.exec -p $$)" +else + assert_fail "pkcheck -a org.freedesktop.policykit.exec -p 1" + assert_fail "pkcheck -a org.freedesktop.policykit.exec -p $$" +fi diff --git a/tests/cli-root b/tests/cli-root new file mode 120000 index 00000000..76ec9f59 --- /dev/null +++ b/tests/cli-root @@ -0,0 +1 @@ +cli \ No newline at end of file diff --git a/tests/control b/tests/control new file mode 100644 index 00000000..8cb25153 --- /dev/null +++ b/tests/control @@ -0,0 +1,7 @@ +Tests: cli +Depends: policykit-1 +Restrictions: isolation-container + +Tests: cli-root +Depends: policykit-1 +Restrictions: isolation-container, needs-root diff --git a/upstream/signing-key.asc b/upstream/signing-key.asc new file mode 100644 index 00000000..db36b40b --- /dev/null +++ b/upstream/signing-key.asc @@ -0,0 +1,250 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQGiBD8pb8ERBAD1ihpUQm0UdZHTD7mzs0u7tGVMyQTD5ozjt1jpJRq7DYG+YkOp +lJ6kgXBgagO7cLXyutzv5osz3xoyPc8zqoXwwp0rnOkIX4N4QTgy77NsDnSUlxUz +kAhrmbwgtdRFt0DdguOcsDglqyd9Hmg6wRvSU3zXbI0zD3cXwAy2JIoIRwCg4Dg7 +8asoWEdGt/C6VfzMdPFu9rUD/AprV4P2CCUB7/WFmVKIzSBwIfI69ZtwKzWv6IeV +AY7FIr/tvojYoMHscU0JsmuRE45DdeSRAQgeV3wimwmEnDqkS4PJoX3UFxVo2T7B +eR1UhI7g+E3IX1XgfLK/29/WwdyiOALCxUghRppAe6+cW7rMzZGFaROCmMjkDXso +UksCBADZWiKUR8eVHFclO1s+FDM9pfym35uQcX81UmgeLVuOJydYoXGzYxxkyHkB +1TIHDKmGxuo8COcIeMhqZgNYGGcaICW9QoD5TPgDqPSElGl1YXrV0MI3gxHloSrw +cYYm0IRjeW2tuZAj0j95uFOuq+yzDnPGeKLuSag8IiMbHxJHRbQeTWlsb3NsYXYg +VHJtYWMgPG1pdHJAdm9sbnkuY3o+iF4EExECAB4CHgECF4AFAksBd8UGCwkIBwMC +BRUKCAIDBBYCAQMACgkQWjP2YLOEed/SYACgtNtE6o7OYC4qcwqrJZ+Z7tXh1+IA +nRZua8ucYD86+5nCrxMIbfxbezF9uQENBD8pb8IQBACfUnNGW28WIyuZHCUqOmJT +x3xzr7F3yN3KOiuiF7GP/GU5UG0b5wg0Du3szzMGZwOPt7AtEgQ0/QTabQSvnGsh +wcvJ1RjvgRZWx5TVz7CRQdRgF7tM72ifEUaTwJ4ijvzLq8dIHEeyBdIJFgjPWIHd ++aIQXHxhyljQcn4Cu6462wADBgQAmXXloVMsbpOUHr9wW+QrVUWDR3+ceVw77hF3 +z17eqNuIrWJuad+42N/3qQSjKQOxQp3w/ihH7EvMQhbwVNHQ5t8BVHIEVG1G28Pj +1IpTOW3GC8h185fPlx6aZIn4lpremyWkEmOfR3G+fxl+j55NTv2Pe/A8wITY7FIz +ppDzRVuIRgQYEQIABgUCPylvwgAKCRBaM/Zgs4R53zhKAJ9cBXfmpHbPwdfBEHHu +B+l0KoLSrwCglkFmrFAKQhjSwn7gMC27Yl+lK32ZAg0EWdY+ggEQALp0wmlsihHd +ZZSLe22z/bHpbvTKOTXA7xD3guse8ot9irqFhcH3aDGnhGCJFdeha75aHe16gVRT +PxwaDtN2IF0nMgJ9pir2k7Htb0kUfmYBXyCvKUO3y7PCjVaSRPz+YXkIambVoIgq +hWPExpSwU2U9Tme/T4IorRz8EmL8Apyox+4IX0ZK6k9ZCojbQ+bA3L/G4CQ2MiNt +6nlmSIXh63iPh6XCPdj76ivWQBInq1YzJ1uxb1RpHI4Kol/iy0M20kCyP7z8ofnD +qaXJ2CjRJmKavM6nqeGslX139EU3qLYKR+1q/BbCbS2yi2QAWyrFeaAk1BDADj/v +V/tWPYEZVHucMsUAzQjy7dsdOgO75zvkltoAPKbjluyfvdO1wnKjtGJ1mGQXHxXd +/oQSlYRoGqfx2LjtUvwTzV4beLD+DvFaoZUDY2b0yTSsY7uOSE0vEZ8q9demb3II +bsgtg9GIWq1W2xHjq3V7ptBkPGwcgjEv9IkBNgDgSlTIlaDKCKfdevI09DJ3i2qa +kbHYMTnPlXumChPmYUgx49iLyqm2n+LdfdRkwjEKB2YBX+oYmZvuLm797hoH8rRl +CAxxDXi7LAr1PN4cK5h82TbdnyphryZX/AZTLVLL+oWdDfKMpBX8ILh0Vds2k3Ra +q+z3NdcQQDZSwXUDzx7e4cfIhzg0BUS5ABEBAAG0H1JheSBTdHJvZGUgPGhhbGZs +aW5lQGdtYWlsLmNvbT6JAjgEEwEIACwFAlnWPoIJEOm1GmZYKdZVAhsDBQkeEzgA +AhkBBAsHCQMFFQgKAgMEFgABAgAAh4oP/iSILcagk1D2k7Ji+RFPSFiKBX/Dhd/D +lD2bzGqRgVpc34A/u6dNmm3qqn6bUWD/XETBZIUwCltf+q+0rFA5XfXY+8bkmXt2 +L185MzMKxiuwP7IB/AkzkzNzYyKd5eyYZ2lOzXZk72kZ9En2cSY6AAqlF8Uo9CiE +Fsz9EsJvJx3ggZNQq3eFGL9TNRwpQFg0cvuzm15M9HtWO1HeXv5asY8CHkTQixCd +D81QNBHPC5jnx3KqoBvhpVB46ItWvf43/xgqBC/QePBvIPYD2TX+MwEd40V3v0+M +gTpjuUsREEej7kvUnU9XyNH5QyWg8NUIz79GJ7nYq9AWUM6QgOM0L3oLyf2GdHqt +t98lTM5xGROC9UZYKkHdvglI4R7NHSuGoEI+1/tr0ZODG0WkayLr/9LPkXhoNFSF +pffVrqzJBa4GW/SWmAbtR+FzmQZSQr95Recf6SP7nq4D/GQQpLZ7jJsYYzrm5TDf +1cIqt9HKlhfU0XIoJqEXFpQ7Scve2VHZ7L5Sp9GA6zdQL4zT7gT6CO5hW6sF0ytr +1f54SCGDfeKGxz4C0yKfK3o3ko2uvQ7FcBuJgekFGPpzDMqoINLIxJnKJitHjLAN +O8OmJAkC2p5XslLmb7eR6uTXAhixEAP4hFWXpA19DVwzCtK1vwWs7z8B06MZ2J8w +dK+JK/LS/a/atCJSYXkgU3Ryb2RlIDxoYWxmbGluZUBoYWxmbGluZS5vcmc+iQI1 +BBMBCAApBQJZ1j6CCRDptRpmWCnWVQIbAwUJHhM4AAQLBwkDBRUICgIDBBYAAQIA +AAfcD/4qyahdn0+HqnrGo0JjI0t92yfk1EBuxj2yk4Kjh9JhoxFzKnM9ffBDLKfX +zMzkHFLisEi2MfcdxczavZjSm4XABrf17U0mH55m2ypeozSAE5UC+qwKSABb9Uim +Ts2LKu86bwf9a1p3JMjUXM22kD82/K/DlrAZESkHuJV5i1DDCBOe+763OhAAidUz +00VubZQyIlg3uGIzHaADM0uRGahS8Dp/gvFRGYtCDFMexpCoU0sifM46GkFZt6p2 +23dID4T2+IKaSH54I4OtuF9jh/1JzYfcuGV8Urv6B8iO9S2UTvzZ7hBOmQSx/+vo +xKORM5Eux5fzVkxFpxmpEx7VSPYlzioU4Wg3Dwq8BVttZbs5Fz1T0j1zhJ4g+1xX +yqAeBL/eD7sUhkKSGqqDR4ICTAWtDwrODSP+4B0wWLfoJIFI6f/mb16bBRmSqrhi +yvS2uriGy1aij5rTVQCRT1mJLgGslJ3T1tm8QcjJVNN4rlDHOReEyALZC0dDxtFZ +cRBaBtJLp8ww8RxhfP9RD9oao44HI1GrV5XxsegGhhr9aqKhh0qfX8S8vSHeuAcP +cMR9HQxuXA//zknKg5WPC4wa1ESQu58I7aCopdN9rynDcT79z7W7zgAO5C7zxyp4 +LruJUF93sP8aX+IJn3IMir4kCddLEFfqBHn1xsu/spZ7kxEeybkCDQRZ1j6CARAA +pN8F6aiecsK7eEkkdx/GxSqvDs/fVzZVJUY5JPIhPSkL2y8PCF8KZiP6cAFLQFWt +Ak3jcXITEO0Eo6j8ZEyeVVNRFvDVA6QC2zof4as5ZvsDN2UlIqrrnygQEKW6RdjU +SOW/NCdJ4zc+ZMtO4ea07fIubG00DN9giwaQYfsAnrkxYz6T4cxOg95gfe5lGJFr +iffeLMFZiD7jcme8Su/m3uCXpM5IFB8fggObLw8OL1/Od30t6Fi0FfQTjjXT5fk3 +yPJDqwMN0bt1pBrabilPJiRBjAysj+frMRgF1Jc2frB9eRh+v/V4Jka9S5HukQo7 +8ymHxArlVzNXze7P+Ep4D165QKUdq/naFSFep6fBGwRzfjEtx2H5SrcKgMlRx60Q +WaGKidBTwpi0z7KnEv6vXFwjVSDLY+tMRzo8lRy+/jA/3uezs/tpwtVtZGEdT78U +exHdxmv5SSHuQAVQ6NInJKDQ3Z30tXmAzXsw3f83R4RJDrFG4nHXlHeJe8C0rCEd +4Zw47KpROpk7RVI068BBxK2F4Vj8lCM9MdSXmPCCweRPne6LQ7lpzLsORxo4WBq0 +smU5VNg0+FDRImPEPeTz9zuKZMvt8VmKUXDaE0ojEcoTy2knf8Oj0HTsXbX+sQDG +fAgnKsjsZsOG6uXpTO19UxWS4BOjuPcB5vzzB4OYGs8AEQEAAYkCNQQYAQgAKQUC +WdY+ggkQ6bUaZlgp1lUCGwwFCR4TOAAECwcJAwUVCAoCAwQWAAECAACdqw//WkMJ +8y9HqaNsbjiTMSm7wzwfe/laZEZ5rUBcLapGRlMgJdlPULKjoC5to9yib4l5O724 +vUDvMdUmwstgg8WISUjSOsiWLzzmka3LyBeYiZH2TiHw2GzujeAySmw4dS8aa76D +6gnI4+wtjC1FFZlokWtxit+fBZLealdg08sy11O9YYO62xORcCAHOkZyMOF1USwv +XFeLdkvsiBYjSMmSMGvGVz9guj8p/Hks3C2ZG8vvBfWU7BKkN0JTDs1VNryDL1yb +di8X4lZnPy9ZyNTw6g5SEM0pZ+5EntefjJ33yXRGL9Y1Ygvuj6qbMv7Gqb14TyeT +Aj/yo0t//acM8AWGvqnY+2SehIXtq2Dl/Zlt+TMb8nTQPBIVulR8W+wjjwRoJ6nG +1uPHoukOJOWQZt2q0tiWQf8dzI7dQlxOzD8BnJk2ud7qhpO5Lc6be1xBTD+HCEGa +d5sIoccqKd5DTqN50HQ/kUx+H2pmasA/tXnMWt1Vpf+e8WX6ceMXQ2KgrPToKAHV +x4qjT20ece+CwbIVUo4qQLdiEOGUblJBA4NiTiS6Ew9RpR9lfcNoS0y2NX7qM2d8 +/eMUQkdgC9CkItAQL8mTeh0qCvD9Q0ljbB7AVdHGzA5wkHCjGyxtCaIFoWnXcWvO +GPCPCp6v6elXoW44uNGycx3uH0SCIZgaoffznDSZAg0ETOk1rQEQALQnmDr+3f8Q +HVVPcgAzhHlIJGViduhVLe85mZCemEnXyqnXlK1XcHQ6sF2AjkuFU+Iz3M3TUCMN +SYBwdpUeNUMzNiIBJzJ5FiwMAGEvsFa2jDLdNxg70mN/HfQZKX6mcl1CVScVu6rL +bt4JppnJZjvgxxfFDXVATtHAHUAtgyV/CtdPZZERYkksIdKekhXOlP9vwY3uYE2p +DEROrDJlYV1uz4EHPIaeknxLWB9GFveaXocVB69udB//PPgzVi5hi50fVhqJKAR2 +xFy2Rb+XHiyDbQ3VYkIaLi8FIaJqs7eEQDNsv4ouX3MpRxKpAwmaXNfuljI/S+Ow +D1SJLkOZrOTjG4nXrstPBPinEILd3ICBIiNmkWJCtCWVXg0IestDxEO/R+Q/vEpD +Ix/dsALOIBaaNUTpgIThf7m7ntDzFLlkBRLl2gXZwY/nqs2vejlog6uhWisGeRu0 +XLuiAmO6A4mYoG4Bu62ATxZhsU+EbtoDmILPExC7LYnrov0nGzZQfJ9vBClwdla4 +4SPoWZTDI3PRRqU92oM1KPIJErJ47GVJzWbLqg6IdpKay1O+hlx65IW+elArvMxd +4cSpwV5aEzbRH1WeYa9UjPOqENOeqMQVrWwYn4bdrqwOmkEjONVT+1I7R5tud3kk +vl+XAT4uAxhDgvjUkjPWlocl9/HB0J/zABEBAAG0IURhdmlkIFpldXRoZW4gPHpl +dXRoZW5AZ21haWwuY29tPokCOwQTAQIAJQIbAwYLCQgHAwIGFQgCCQoLBBYCAwEC +HgECF4AFAkzpUvICGQEACgkQ55CSzDQYqJET7A/+LIBuqATfMzIssMS2BjMm5nhz ++/v/lNMSs1Z2ohMUKlXI6fElEg/xqB1zDsU0mHdNsfRQWl8uHgmQ5Lwp/osWR7o7 +39Vs/zINMschkhXTWoF3UHDXMbOo9KKlqcRvYUDEWwq1Z1aBfcA2JD2t+fY6E3Gr +eKXx5uE5TIriAvoXWUSIq6FxBNaxDefikWauQ6ErX7TzOgYRlf4BCEa8RPFTvDk+ +UWA6Zl5EWFPGEiogI3sE2FYkBp1FrY1BbBOq7ng+Kkx94dyQSCcMrcPHIZii0Lye +qurd2IZrXPbPTmMiaSILvz9qOvVqx2aruRXgFJ3EZw1mQ3E6exI3czeVX9QTc0NR +8ZKNlBWlpjJKdsPDN5vojCMLPqTqCWLLFIi97Fk94vlt7dHKQQsa6SpZcmFNCCv9 +sknR3AQ6FCW0+VJ9zvY52/Rs+ikpVI9I1WmuCmzbUH4KAoyM3aESI54xAwusIIAW +A+IBpl5gYx8fZaT0Wb9fUeKyz72CL+tKluTI7aBzm7jyYNmiiZjMzucbAg7oIRXj +jEx+WRXNWrBO1PVuyDXTCM6mc8KrROLBDVOFvV67upkH41UId10GqZxX3W0+cUeS +wOzVrDBPcsIp3zUW5Udd7W6CAObb7FAKl2omdYYZWMn/szQnnxt3OCwBhMpgUFQa +pFBowSWAxpskr8ToLYfR08jTxgEQAAEBAAAAAAAAAAAAAAAA/9j/4AAQSkZJRgAB +AQAAAQABAAD/2wBDAAgGBgcGBQgHBwcJCQgKDBQNDAsLDBkSEw8UHRofHh0aHBwg +JC4nICIsIxwcKDcpLDAxNDQ0Hyc5PTgyPC4zNDL/2wBDAQkJCQwLDBgNDRgyIRwh +MjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIy +MjL/wAARCACTAHoDASIAAhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQF +BgcICQoL/8QAtRAAAgEDAwIEAwUFBAQAAAF9AQIDAAQRBRIhMUEGE1FhByJxFDKB +kaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3ODk6Q0RFRkdISUpTVFVW +V1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKz +tLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QA +HwEAAwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtREAAgECBAQDBAcFBAQA +AQJ3AAECAxEEBSExBhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl8RcY +GRomJygpKjU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOE +hYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX +2Nna4uPk5ebn6Onq8vP09fb3+Pn6/9oADAMBAAIRAxEAPwCgsHtUog6cVeWD2qQQ +8dK2UDJ1SgsFPEHtV8Qe1OEPtVchn7Uz/I46U7yPar6wu5IRCQOpxwKdIiwK29kX +A5JNRKUYq7ZUXKTskZzW/Tjoad5GByPzpur6zBYqsQUo+7cWdDg/gOfz9az38R6T +PH+8mxjhtgYMffH+Ga5VjIN+7qdf1Wpa7NMW2egpDb4rPtpNHuJnK3uFwCu52U+/ +XtWslpKqh7e481OwfkfnXRCfOrpfic9SPI7N/eiA2/tTTB7Voom5fnXY44Kk/wAv +WlMPtW0UpK6MXUcXZmYYPamGD2rUMPtTTD7UODBVjLMHtTPI9q1Whpnk+1TyFe1L +ohGKkEOe1WhF7Uk/7i2klx91SQPeuvkSV2ef7VydkUbq4tbFQ11MsSkE5b0HU0Wt +9pt7HuguxKAedqnj35A45rB1HSp9X0e8mJaQIvzBs9+Bj09a5w6de2VjG5ZtkcWX +2cEAEAhvoTn6H3r5+vmU6l403Y+hw+WQSUpu7O61PxLpNnE8cBLuuBv3YPXoM/8A +1u/451rqVzMscscCtFM28GQfMoAx27e9cRYwG61ONLtXkjVhjPV/b8eP8mvT20+K +2PnXLhWkQlU/hjj7se/OMAdz19K83E1ZcvLJ3PQhQhTeiOJ1y/urqTDgOuSMeX/j +XL3yyR/LPFIrgcL5YXjP616PdyQSzFLGFVYAEycZB64HbIGM/j6Vj38d3JC322Jp +omHJU5YY747/AIVlQr8tlY6eW6OFeZ2ZAvJAwBV631O+0xxJbXMqMeTg5TntTb+x +QMZLWRcEcYPWq1rK7IYpAAV65P3gfX6f1r04zVuaJhOmnpI77RfGUV3si1OEpL/f +jyPxx/hXXxBZFG11kXG5XU8MPX/Edq8WNvLC65UCM8gsdoH0Pau28PeJbe2SySWV +ggZ4WyBhyBkfQnP0OBn26aWMlCSctUeVisBGUHyaM7UxU0xVciMVzEssTBkYZFKY +vavdSjJXR826kouz3KBi9qTyqv8Ale1M8qj2Y/bMuiL2qlrcYGi3RzjCZz9Oa2RF +zVfUoFk0+ZXXjYTnOMYqK7/dyt2Fh3arF+aM3S9VjttOsbPYjRzShMkdjxj+tcat +3/acV3JvJCSqq5+8VdMEfgVB/wCA1DFBfLZQX11PKZWdVjjfIK4yB1+laOi2kunx +uJYZACd2CucN0x+p/Ee1fCznZt9T7yFJRVyvFBFpSJOm12ij3Dj7pOAD9ef1ovr2 +6vNFKyN+9ml3PleQg6AH06V1Vr4Zn1W7RGXYix+ZIMEqufuqPp/Oty40CK3tI4/J +R3CYxjke35VHvW5mN1YX8zzB7e5BV1KxscFsHOf880+4n8uPd5uCOMEVuanYGGTa +0GAB+H41y2p8RsoLBD0DUopyepummYWobAzOqjaTyV4wfWshyyTrMmNynJ96vTkg +sP4TxiqIJAI5JU/mK9alojOepauIi0Kp8pRwfLIPGQBx+v61lOzeSJBuO3nGeo6Z ++oxiteVs6MHUqPJmDY78g5x7cfoKzJX2LMu0EffXHoeoH6flWtJ6HNVWtzufCHjd +1vhBenKS85H9446fXk/jXqieXNGJEYMp7ivmeMkSIUOMnj2r3HwDrn9raQElcG5t +1Hmj+8nZvqOh/wDr16uDrcv7t7dD53M8MmvaxWvU6cx0nle1XjFTfKNenc8MuCL2 +qtqCH+z7oAlcwsMj6GtYRVXvIQbG4DDI8th+lc9V3gzpoxtNM4HQrZNY8Y6XYj57 +a1Qyew2jPH44FerjQ7UzCRogW3ZPoTXl3wtuY5/Gt6wYMPsTbSev31z/ADr2cV85 +g8NTlC81qfVYupKM7LsQQ2sNuriJApc5YjqT71i6mqm4WIKTIOeK35DgVhXm/wA/ +ePzPSnjklFRRnh23K7MbU7UsTuRWDdjzivLPFtvDbxy+XgODjA4r1W+njjVjJNja +MnFeP+LtVguZGigyxzknmvKgvf0PTo3OOYZ981WciN9x6dDVvOT04qKSPd2xXpJ2 +NGIXAsZBu53AEeoqicSxYcjKjaSOvp/LFSyROoKKeCOBUPnNazxyABj02kZDAjBB +/lW9NLoc9V6FJQY2wTkDnNdd8PdVaw8S2x34V2MbAngg/wD165q/SFLo/ZyTE4DJ +nqARkA+46UumStbXscgOCrAit02veOKcFKLj0Z9URxYiUc4HA+lL5fsadpMi3elW +8y8qyjFXPK9q9qM00mfJyptNplvy6q30WbG4Uf3D2rU2iq92mLeY4H3DXLOXus7o +QtJHgnwovja/FCG2Y/LNDLF+QLf+y19IB8Dmvk7R75NH+I2lXzMFjjvFVyDwFY4Y +5+jGvqiRmVeBzXjKpyJSR9BiYXmJLcASEY6CsLU5pGJ3Nt5zjvT9QmcErgg4zWHd +iWbAaVg5P8IBIrzq9dzdjSjStqZ9w4maZHy5UbsE5rzrxCkhuJIIVBOfmVBhR9T9 +K9MFmZrh1QsE496xfEEejaPAWnkgWTOWZzk/QCsKb5Xc7IzS0PK2spI0LtjaO9Vh +JGzFQ4JHapNd8Qw32620+IGMscsV/wAawFtJgwcTYPtXqU6bcbz0Jc3f3dTXkXgE +djVHUYP3ZkHUVNbSzL8kvzA9+9WnTzYirkcjFUrxYnaSsznI286PaT86/wAqsqCU +3qTxyRVaaFra4z2q9BB5ksij7nl8n2I4rqk+qOaC1sz1X4YfEFLW2h0bUxiIPtju +Aemeikeme/vXtAZCAdwGexNfNngHTLBfEzfbryGCKCNyzOQwLKwHAI5znivel8ae +GVUL/a0QwMcq3+FdNLERiuWbR4mLw7c7016ngk/irxNazRy/21dNLEvyFpThcjnr +/Wn2fxO8U3F2kc2qyneQD0wfbGMV3MnhXR5Qd1uGz1/d01PCehwyKy2qKykEHyu9 +c6w8+WzZ2PFUG7qP4HmGuwFZpZAP4yQfb/JFfT3gjW18QeC9N1B3zK0QjmJ/vr8r +fmRn8a8U8Q6NGLgxhP3coIVsYGeR/I5q/wCEvE15oPg+eytYZJJrWVi6AZ5PQn0X +GOfavO9q4R5WrtaHq1aarRjKPU9p1D7PHhmYYB5z3rmdRvIFuHWJlJI4bdwa8K1n +xtrupTFrzUWRCchAx4H0FRW3iufYEfUBIe27IP5msauHqT95I0pUVHSUtT1XxD4q +g0fTJRC2ZSCMjsewFeF6leTahdPNcSu24k8muo1bT9XuNBTVJlJsWfKOTwT/AJFc +fMjMfat8FTULvqVVtFWRD5zKrCJeB1NMSedmOCx+lSpEVLDLbT1x3q1GgXoMV3uU +UcqjNvewttO7gbs5rThbeAMnNVEjJIAHNW41KDIIwO571zTs9Ubq/Uq6nAGh3YG4 +U/SAgtnZiS7DYR6D1rSl0+S5txIAfLP8W04/lUUmkXq6dNcxhYoUQbQf4yTjHHTj +mnGV48pm7KXMWfCsCzrJuwsi4ctgcrz/AIit8rZ5/wCPg/8AfArMsNPU6bYYHlTS +uUmwTlUHOM+/FaX9kxfwWJZexI6j8q5auH9pNy5rCjVUVax6L5jkfLCx9+1SRgHh +wgOeAxxmsC41NMZkYg/3umKzL/ULq3h86FzdQHqN/JHsfX61VXMKtTSOhy0sthHW +Wpsa9fwQ2skN9BtTqhXsR6n+XuBWLp8BE63luytcBdrDPyXKf3WHrjvUCalb+I/D +t5CHMj22CAww4U9iPYiuO0bV20u+NpdOxsJeCO6HsR6e/tWMIzfM3q+qfU7400oW +joeoS/B/R7pZ9XkvJ0s3QSQpE65APJ3Ejt0/CvKr7w5bTap9n0KC9nTdtzKgJJ/D +ivoP4T6rHrPgxUKjNpO9uy5JGM7h+jCuzeOxtuNkUYHJIAFdUI1Irm5rLzMFieST +U48zPOtO8KTWPwi/szV40E6B2wCG2gsSB9ea+fZFUSso5AJFfX+qLDqGhTeSVkid +PlIOQa+ZPE/hibRQ10xGx5CAvpzSbUKnK3ukXh5OpBt9znI41yeKsJBuxtBz7VRA +uHI8rLMeiqM5rvPDIv7PRZmube3ih+8Z5GwR/U8DtxWlRuMbo1i11OettLnuSwQq +qqMySyNhIx7n19utRXWpw6ZD5doYpHz/AK9hySP7ozwPrz+tUNc16S8laKOQtGD8 +uOAffFYWGb5mrSnSbV5GNSrraJr3eu3ErMDcO2RgMjEAD06Dj2qh/aV0cqZ3YHrk +k5qt5bMwzwDyBUxhCA8cgZNbqMF0Oe8pGvp95cyKUDuU6YB9eOv4itL+1SOPtDfg +0n9OK523v5YYyiEAHIPvmrYWNlDea/Iz90f41jKnqbRnodz4i1O5XTleyIjCnJ2x +jBH5Vy9p4nuYXb5VJb78JPyP7r6GtWbxHoFxGYg92qk5BkQED8j9BWLqulwRwLd2 +lwk9uf4lPIb+Y/GuWhTSXJUibN31gzX8JX0Nx4qlEAKi7tpEZG/hIG7/ANlrG1QA +XEigD5HI/Wsn7TNaXEV5bv5dxGwO9e/vUs1893ullILsck9Mmuj2NpqS2tYKdS3M +mesfAvxJFZa1qOizSbftirLAD0LqDuH1IOf+A1Y+LPi+9ivv7MtZ2jUr+8KnBI9K +8Vt7yezvkurWZop4mDxyKcFWHQ11l/fTeN4hexBf7Vij23FuvWQD/log7+47fTpN +ai3OMn8PUjDzgqrb3PfvAutWl38NdLNs4YRQiKYZ5V1+8D/P8a8w+JV/Hd3kdsGz +EpyQh+Zsdh/j2rA8Ca7aeGlvV1WS7+yXSBWjgIyhHRsHqewHpntWhew+HL7ZcWB1 +h5GHySXqqUwTjoAM9Tgfn1rCpF+255bLYqkuW+mrMuytIorNbq6VLaDYWWINyw7E +nqc/54rA17X7nU5DEsz/AGdcKqk4GB04rR12czzm1t2Z4U6uern1J9/5VkRaTPPI +Nqkrnbketb0+W/PIJxlayMlI8tk1IVyCQPYVZntmt3aJlwenNXtNtfOu0AUgBlVm +9Mn/AD+VbyqJK5EaV3YzYbYqxVuCRya010hlsp2k3eYMNFgcPz/+v8RTrwok8kMY +5L4GexGePp/hXUpZrNocNuP9YZFlI3cj5M8fjn/OKwqV2kmbKjFaHF/2a32dpAoC +Bhj2zTP7PfuHz7Guku0BtPKAUbf3h6DOcf5xU8VpviRuPmUH73/1qy+sytc0eGhs +cJJHHKd1uSB/dY81Gk8kLFTkA9Qe9K8RVspkH0p6us6bXHzetej0PMs76aMczLLG +QP8A9VRK37qmDMT4z/8AXpZCApK9DzinYbnfV7iKeSfWnW1zNZ3sdzbyNFLGdyup +wQaiTpS4y+B1p26GV9Eel+EfEOj6neeRrmn2ryycCZ0GGb1Poa6LXB5yb1ieGziG +yKMDaMAenv8AoPfNef8Ag7TbObWBLqM3lWVovnSkdWORhR9TXZeIfEH2y1W7IKWp +G2GEHGVyc46ew+mfWvKrUYqp7p3QqS3Zbi8OWX/CIvqtx98MWI4U4yFXr65zjn9K +xtT8i00G3EHymUlgf9kBQfzK/rWdda9eXkNtp0Sl1Q5PA2hznBPbA5NXPsTTaMJi +py8ohi/AcY/IDPvUyTik5dTWldu8mcq6N9oEm0EZOCRkccVrQgaar+ejHCrJtx94 +lTtJ9ssK1JNGLTQQ+WQS5j5H+1jn2Gf0NO1+JVLaZbF5bneJJpB91yyg8fQBePc1 +TqqehvFJSOTtkMt0pbJLc5711WiKw1CaG54aIhXVuoXjH8zT/D2lrZXyahcR7kjV +SgK8E8A9fcn8qkiKTeJ9RlGRC7qjMO64ANZVqyk3FdF+pfKMvLcRuVKqyhjGzAdc +5INZptbtGKrcEKDgD2rpLi2CSzWkjkPsyjMMcrk/ryKq/btK/ikYt3PvXPCpK2hZ +5j/D9DUDcTAiiivfjueLMWb+tQuflooq4mVTqCU+LmYfWiimyVsjfgdo9Gk2MVzI +c479Ku6tNItvaoGIXhMewVCB+dFFckviO7oUEmkM4XeQrvtZV4BA6cD6mvYYkV7r +TbYqPJiWMog4CkkZNFFcmN2RcSO5ctDp0p5f7Rt3EdjyR+prF8NQx3PiK7lmQO6l +ZAT2YsATj6UUVxQ+CRtT+Fm5qShobNSBhnlBwMZ+c1jaCivAXYZZ5ZSx9fmNFFc/ +2H6o6V8Jla7PLLcqHcnEhX8M1pQadaG3iJt0JKDt7UUV1Q+BDeyP/9mJAjgEEwEC +ACIFAkzpOWsCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEOeQksw0GKiR +TtoP/2ERYhFJjETwJs3srgUIltaBD2EVYf10Yj1wkx54VHNYLcuYvPkQZqiPbj4O +Tk1NYyZ2lJbNhR/ZEsiDGFv87RboMFhgh0N/gOXI29oZsjlnGncLW7h0I3pYSys1 +F3cxyRS8JheIXLkLVdqhJXfGz8QI0DPp+7NZJzDD+gvDl2ptXkjEPIO8xsxdoj59 +aa2MzKZIgpjf5/GbxGTYbT14yc9K33e6ffnI+uSEWkA5+6iOPeBeHkQpZe0zwE0q +/ZTAo9yvT/DiEDvh4XvC4Y49hLi8gLVmUV7rv1dMIOiGbr89bckOSkUdGsJtiPeF +MEXoZT9iZVLE0rqtFBucgtljRIXqVuC/yn+k8Ol4hNG9dnfr4AMgq1ggb3zGBKxx +Xcfs2kA/EMi2NdSlFdibSu6yxm2QP/p57BT1Io1VwhSWuxecqRNIwY+htGswSU9l +JUqSijAUJqmggaar7NeP20ph5VafODG6ICZwiCadQWUyP7oGoPeT1QAK3WgTuUI5 +hEbdzgCdBGKHx3gG6fIvU6R4o9sW6a0kDXoLqFunGp4aJv8eWOx6spPZJNIDauQe +5Z4CXVT/GL7onTTohACpLovELjJ468MdrE3iY5OtyeUN4jhzDpzcGilb6yE9pXgB +1I5sbZiqEJxd1iBi5yNEXi10IhbmFoTWQJLf4lYpLDfQtPaPuQINBEzpNa0BEACn +yEDw6RCtZFKWWzllekxsrUfpYS82UlPcBE9OsVaEC464RozRGNry4mq953eHSVTF +hIl0dSzamGJuyFGGepiwndslhKOEb60hCjSMFqNJPDePTYbh5hWh9R45qM3gzfln +zXpX5WOJUJHAD6fJcuN82JEKJiQud3neROcWvi/2f3xsOgKRuYHXv/5VMh1Yi1vM +L3v0BzB9CPWyb4O/F7rsomGjPeiily34R64T+OI6AmuHvMUHnu9vuiSoPbJo/P82 +6damUPYo0x17RkqCSvhzRsnWcSdUKENMfAwv1QHM0Tu5n56KCkXT7pfiSPFhmqXj +pEfk/qGly4KYta6K8u/lK6COK3AZ/Qhhy3nxlm/eGD+IBn9rjhH1TUZZRYXQAxpA +eXbYnEsUuChz85Pz5RjDTmM3WL6TBY3RaUZdVa9LAtOA1y/Pw3eIKwdCAUQVADYC +38sVOh5dyOwQOzH9GMn3jOScvhA0Y+OaQjD6CnzvaJ4ZaEU44iAmcQQVy5NhYk1D +2tYTsh3CV/YUpF/n4+dZSxnDkDYYJ/Qnvp5IfnDyQ89anRMjHB8wYvP2jGOBxAQs +PWItY2chyf7mihP6Azx1jEwPWiwi5xJse1MFBBUvkCps95HAEGb3cu255JO644SE +kdcppxcemZ0b2BP89wR+z27WpM8c0jazG2myVB75JQARAQABiQIfBBgBAgAJBQJM +6TWtAhsMAAoJEOeQksw0GKiRclkP/i9Tr4zAXsQXlHJRQ18RvUMs4wZ9gu6uK5qV +FjH+rKr6IXZ20h8UBVKZ+5qkrBfA3B2BlfKoBFz6C0XrmhOF3urUAVEhAnbI+jiW ++eJWjeNMpeFqFIJSfnv2Ca39Gy7Tj7t3pMaEksW+2RL2V1Tg7c4CCz8ubY13tEPC +YKkLp9/zud+qdLIR1XK9lMELMDBdrsElUZ8X8NUvjB0CpjqE3zUxOMWGTAhby+NV +pYVLlP/3yIs4thCWM0hEltDi+KTtj8j4yAkIhi3y9MGg52M+hS5FCNNtfCdaJ9gk +yQgKonXshKxDrq22P6ZC8WB0RvoOmVVLWzEPbHdMLj7/vTskHf87THOJN5aiHJnl ++6Dv56zsldpmvdkzAqFngUAG1ucN+ymsXT88P5suc3uegCf2Mk03RfqrDVB5ZlY6 +5V/dvK9+C4dCyF88SU1JhsMp14marNn71kC3184fZSZfO2BbgzT6s6bNnbeRMw/7 +Hyuvwiu5wWn2il8wswQ6oTeS7ah5wD60SSCDgMVfCFC+17EZ/04PVWOUHuuaAItd +SpAcxHvY9MB4pJbLJG1wjH/5RR/3+D4kQW1DT8QXhc4bJc8l7RkErvaRYK7SkE2P +zYz5ZlC9VrvAi4OdeZmLGuggfAfTvu/7b8f8rwyXmBPX+imdoH7EAo2XBlXqYsUG +xh8t6/dM +=gRcX +-----END PGP PUBLIC KEY BLOCK----- diff --git a/watch b/watch new file mode 100644 index 00000000..94d0f2dd --- /dev/null +++ b/watch @@ -0,0 +1,3 @@ +version=3 +opts=pgpsigurlmangle=s/$/.sign/ \ +https://www.freedesktop.org/software/polkit/releases/polkit-(.*)\.tar\.gz -- cgit v1.2.3 From 859ca9cee55b97a6be1c530d5d157a2e3aec4ed5 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Wed, 6 Jun 2012 09:05:14 -0400 Subject: agenthelper-pam: Fix newline-trimming code First, we were using == instead of =, as the author probably intended. But after changing that, we're now assigning to const memory. Fix that by writing to a temporary string buffer. Signed-off-by: David Zeuthen Origin: upstream, 0.106, commit:14121fda7e4fa9463c66ce419cc32be7e7f3b535 Gbp-Pq: Topic 0.106 Gbp-Pq: Name agenthelper-pam-Fix-newline-trimming-code.patch --- src/polkitagent/polkitagenthelper-pam.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/src/polkitagent/polkitagenthelper-pam.c b/src/polkitagent/polkitagenthelper-pam.c index 85a26718..7af5321e 100644 --- a/src/polkitagent/polkitagenthelper-pam.c +++ b/src/polkitagent/polkitagenthelper-pam.c @@ -227,6 +227,8 @@ conversation_function (int n, const struct pam_message **msg, struct pam_respons char buf[PAM_MAX_RESP_SIZE]; int i; gchar *escaped = NULL; + gchar *tmp = NULL; + size_t len; data = data; if (n <= 0 || n > PAM_MAX_NUM_MSG) @@ -258,9 +260,12 @@ conversation_function (int n, const struct pam_message **msg, struct pam_respons #ifdef PAH_DEBUG fprintf (stderr, "polkit-agent-helper-1: writing `%s' to stdout\n", msg[i]->msg); #endif /* PAH_DEBUG */ - if (strlen (msg[i]->msg) > 0 && msg[i]->msg[strlen (msg[i]->msg) - 1] == '\n') - msg[i]->msg[strlen (msg[i]->msg) - 1] == '\0'; - escaped = g_strescape (msg[i]->msg, NULL); + tmp = g_strdup (msg[i]->msg); + len = strlen (tmp); + if (len > 0 && tmp[len - 1] == '\n') + tmp[len - 1] = '\0'; + escaped = g_strescape (tmp, NULL); + g_free (tmp); fputs (escaped, stdout); g_free (escaped); #ifdef PAH_DEBUG -- cgit v1.2.3 From 4d53fbd3aa1602b1b78fc78a313e3871e5cd6548 Mon Sep 17 00:00:00 2001 From: Matthias Clasen Date: Wed, 27 Jun 2012 20:28:00 -0400 Subject: Try harder to look up the right localization The code for looking up localized strings for action descriptions was manually trying to break locale names into pieces, but didn't get it right for e.g. zh_CN.utf-8. Instead, use the GLib function g_get_locale_variants(), which handles this (and more). This fixes the translation problem reported in https://bugzilla.gnome.org/show_bug.cgi?id=665497 Signed-off-by: David Zeuthen (cherry picked from commit facadfb5c8c52ba45fd20ffe3b6d3ddd4208a427) Gbp-Pq: Topic 0.107 Gbp-Pq: Name Try-harder-to-look-up-the-right-localization.patch --- src/polkitbackend/polkitbackendactionpool.c | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/src/polkitbackend/polkitbackendactionpool.c b/src/polkitbackend/polkitbackendactionpool.c index e3ed38d4..0af00109 100644 --- a/src/polkitbackend/polkitbackendactionpool.c +++ b/src/polkitbackend/polkitbackendactionpool.c @@ -1108,7 +1108,7 @@ _localize (GHashTable *translations, const gchar *lang) { const gchar *result; - gchar lang2[256]; + gchar **langs; guint n; if (lang == NULL) @@ -1123,16 +1123,14 @@ _localize (GHashTable *translations, goto out; /* we could have a translation for 'da' but lang=='da_DK'; cut off the last part and try again */ - strncpy (lang2, lang, sizeof (lang2)); - for (n = 0; lang2[n] != '\0'; n++) + langs = g_get_locale_variants (lang); + for (n = 0; langs[n] != NULL; n++) { - if (lang2[n] == '_') - { - lang2[n] = '\0'; - break; - } + result = (const char *) g_hash_table_lookup (translations, (void *) langs[n]); + if (result != NULL) + break; } - result = (const char *) g_hash_table_lookup (translations, (void *) lang2); + g_strfreev (langs); if (result != NULL) goto out; -- cgit v1.2.3 From 8b3362a969a7db555b6b4714ba56c11799021c10 Mon Sep 17 00:00:00 2001 From: Ryan Lortie Date: Tue, 13 Nov 2012 11:50:14 -0500 Subject: build: Fix .gir generation for parallel make As per the intructions in the introspection Makefile, we should have a line declaring a dependency between the .gir and .la files. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=57077 Signed-off-by: David Zeuthen Bug-Debian: https://bugs.debian.org/894205 Gbp-Pq: Topic 0.108 Gbp-Pq: Name build-Fix-.gir-generation-for-parallel-make.patch --- src/polkit/Makefile.am | 2 ++ src/polkitagent/Makefile.am | 2 ++ 2 files changed, 4 insertions(+) diff --git a/src/polkit/Makefile.am b/src/polkit/Makefile.am index 1068ea12..41ccf5c3 100644 --- a/src/polkit/Makefile.am +++ b/src/polkit/Makefile.am @@ -106,6 +106,8 @@ if HAVE_INTROSPECTION INTROSPECTION_GIRS = Polkit-1.0.gir +Polkit-1.0.gir: libpolkit-gobject-1.la + girdir = $(INTROSPECTION_GIRDIR) gir_DATA = Polkit-1.0.gir diff --git a/src/polkitagent/Makefile.am b/src/polkitagent/Makefile.am index e8c9fb1a..7b51137b 100644 --- a/src/polkitagent/Makefile.am +++ b/src/polkitagent/Makefile.am @@ -106,6 +106,8 @@ if HAVE_INTROSPECTION girdir = $(INTROSPECTION_GIRDIR) gir_DATA = PolkitAgent-1.0.gir +PolkitAgent-1.0.gir: libpolkit-agent-1.la + typelibsdir = $(INTROSPECTION_TYPELIBDIR) typelibs_DATA = PolkitAgent-1.0.typelib -- cgit v1.2.3 From 886964a6f5c591d55d4632ea94e3c2134736d4ec Mon Sep 17 00:00:00 2001 From: Adam Jackson Date: Tue, 9 Oct 2012 14:08:24 -0400 Subject: PolkitAgent: Avoid crashing if initializing the server object fails Note that otherwise we return a freed server object. Since later in polkit_agent_listener_register_with_options we check against NULL to determine failure, this makes for sad times later when we call server_free() on it again. Signed-off-by: David Zeuthen Origin: 0.108, commit:59f2d96ce3ac63173669f299a9453a7bf5e70a70 Bug: https://bugs.freedesktop.org/show_bug.cgi?id=55776 Bug-Debian: https://bugs.debian.org/923046 Gbp-Pq: Topic 0.108 Gbp-Pq: Name PolkitAgent-Avoid-crashing-if-initializing-the-server-obj.patch --- src/polkitagent/polkitagentlistener.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/polkitagent/polkitagentlistener.c b/src/polkitagent/polkitagentlistener.c index 0d97501a..5bddd035 100644 --- a/src/polkitagent/polkitagentlistener.c +++ b/src/polkitagent/polkitagentlistener.c @@ -260,10 +260,9 @@ server_new (PolkitSubject *subject, if (!server_init_sync (server, cancellable, error)) { server_free (server); - goto out; + return NULL; } - out: return server; } -- cgit v1.2.3 From 38bfc86994b4c5a2bfe5c350148aa442b7b64e7c Mon Sep 17 00:00:00 2001 From: David Zeuthen Date: Wed, 19 Dec 2012 14:28:29 -0500 Subject: Set XAUTHORITY environment variable if is unset The way it works is that if XAUTHORITY is unset, then its default value is $HOME/.Xauthority. But since we're changing user identity this will not work since $HOME will now change. Therefore, if XAUTHORITY is unset, just set its default value before changing identity. This bug only affected login managers using X Window Authorization but not explicitly setting the XAUTHORITY variable. You can argue that XAUTHORITY is broken since it forces uid-changing apps like pkexec(1) to do more work - and get involved in intimate details of how X works and so on - but that doesn't change how things work. Based on a patch from Peter Wu . Bug: https://bugs.freedesktop.org/show_bug.cgi?id=51623 Signed-off-by: David Zeuthen Origin: upstream, 0.110, commit:d6acecdd0ebb42e28ff28e04e0207cb01fa20910 Gbp-Pq: Topic 0.110 Gbp-Pq: Name 07_set-XAUTHORITY-environment-variable-if-unset.patch --- src/programs/pkexec.c | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c index 373977b8..7fafa14d 100644 --- a/src/programs/pkexec.c +++ b/src/programs/pkexec.c @@ -597,6 +597,28 @@ main (int argc, char *argv[]) g_ptr_array_add (saved_env, g_strdup (value)); } + /* $XAUTHORITY is "special" - if unset, we need to set it to ~/.Xauthority. Yes, + * this is broken but it's unfortunately how things work (see fdo #51623 for + * details) + */ + if (g_getenv ("XAUTHORITY") == NULL) + { + const gchar *home; + + /* pre-2.36 GLib does not examine $HOME (it always looks in /etc/passwd) and + * this is not what we want + */ + home = g_getenv ("HOME"); + if (home == NULL) + home = g_get_home_dir (); + + if (home != NULL) + { + g_ptr_array_add (saved_env, g_strdup ("XAUTHORITY")); + g_ptr_array_add (saved_env, g_build_filename (home, ".Xauthority", NULL)); + } + } + /* Nuke the environment to get a well-known and sanitized environment to avoid attacks * via e.g. the DBUS_SYSTEM_BUS_ADDRESS environment variable and similar. */ -- cgit v1.2.3 From 47b6d541a256c870332a54dc9a99c1c7f5e84608 Mon Sep 17 00:00:00 2001 From: Emilio Pozuelo Monfort Date: Sat, 26 Mar 2011 07:28:14 +0000 Subject: Fix build on GNU Hurd Bug: https://bugs.freedesktop.org/show_bug.cgi?id=35685 Applied-upstream: 0.110, commit:d6de13e12379826af8ca9355a32da48707b9831f Gbp-Pq: Topic 0.110 Gbp-Pq: Name 04_get_cwd.patch --- src/programs/pkexec.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c index 7fafa14d..682fe954 100644 --- a/src/programs/pkexec.c +++ b/src/programs/pkexec.c @@ -53,7 +53,7 @@ #include static gchar *original_user_name = NULL; -static gchar original_cwd[PATH_MAX]; +static gchar *original_cwd; static gchar *command_line = NULL; static struct passwd *pw; @@ -465,7 +465,7 @@ main (int argc, char *argv[]) goto out; } - if (getcwd (original_cwd, sizeof (original_cwd)) == NULL) + if ((original_cwd = g_get_current_dir ()) == NULL) { g_printerr ("Error getting cwd: %s\n", g_strerror (errno)); @@ -953,6 +953,7 @@ main (int argc, char *argv[]) g_ptr_array_free (saved_env, TRUE); } + g_free (original_cwd); g_free (path); g_free (command_line); g_free (opt_user); -- cgit v1.2.3 From 3c662a4bc7adaa10ef8a7244910115372d4bc8dd Mon Sep 17 00:00:00 2001 From: Steve Langasek Date: Fri, 8 Mar 2013 12:00:00 +0100 Subject: pkexec: Set process environment from pam_getenvlist() Various pam modules provide environment variables that are intended to be set in the environment of the pam session. pkexec needs to process the output of pam_getenvlist() to get these. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=62016 Applied-upstream: 0.111, commit:5aef9722c15a350fbf8b20a3b58419f156cc7c98 Bug-Ubuntu: https://bugs.launchpad.net/bugs/982684 Gbp-Pq: Topic 0.111 Gbp-Pq: Name 09_pam_environment.patch --- src/programs/pkexec.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c index 682fe954..9a0570a3 100644 --- a/src/programs/pkexec.c +++ b/src/programs/pkexec.c @@ -145,6 +145,7 @@ open_session (const gchar *user_to_auth) gboolean ret; gint rc; pam_handle_t *pam_h; + char **envlist; struct pam_conv conversation; ret = FALSE; @@ -176,6 +177,15 @@ open_session (const gchar *user_to_auth) ret = TRUE; + envlist = pam_getenvlist (pam_h); + if (envlist != NULL) + { + guint n; + for (n = 0; envlist[n]; n++) + putenv (envlist[n]); + free (envlist); + } + out: if (pam_h != NULL) pam_end (pam_h, rc); -- cgit v1.2.3 From fd9325bd737ded28481f60737ff64566b98452c3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Thu, 18 Apr 2013 19:54:59 +0200 Subject: Add a FIXME to polkitprivate.h See discussion in https://bugs.freedesktop.org/show_bug.cgi?id=63573 . Origin: upstream, 0.111, commit:18d97c95c022bb381efab8fb6ac80312bd7fbc11 Gbp-Pq: Topic 0.111 Gbp-Pq: Name Add-a-FIXME-to-polkitprivate.h.patch --- src/polkit/polkitprivate.h | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/src/polkit/polkitprivate.h b/src/polkit/polkitprivate.h index 579cc253..7f5c4634 100644 --- a/src/polkit/polkitprivate.h +++ b/src/polkit/polkitprivate.h @@ -28,6 +28,16 @@ #include "polkitauthorizationresult.h" #include "polkittemporaryauthorization.h" +/* FIXME: This header file is currently installed among other public header + files, and the symbols are exported in the shared library. + + For application writers: relying on any function here is strongly + discouraged. + + For polkit maintainers: This should be made private if a large ABI break + were necessary in the future. In the meantime, consider that there is + non-zero risk that changing these functions might break some applications. */ + PolkitActionDescription *polkit_action_description_new_for_gvariant (GVariant *value); GVariant *polkit_action_description_to_gvariant (PolkitActionDescription *action_description); -- cgit v1.2.3 From 97b3b4ac314aeb48e70e74de7276b9a161ae5d7b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Tue, 7 May 2013 22:30:25 +0200 Subject: Fix a memory leak Bug: https://bugs.freedesktop.org/show_bug.cgi?id=64336 Origin: upstream, 0.111, commit:d7b6ab40b586c255c49aba22f558eb6602c88b1e Gbp-Pq: Topic 0.111 Gbp-Pq: Name Fix-a-memory-leak.patch --- src/polkitagent/polkitagenthelper-pam.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/polkitagent/polkitagenthelper-pam.c b/src/polkitagent/polkitagenthelper-pam.c index 7af5321e..292abbe4 100644 --- a/src/polkitagent/polkitagenthelper-pam.c +++ b/src/polkitagent/polkitagenthelper-pam.c @@ -321,6 +321,7 @@ error: } } memset (aresp, 0, n * sizeof *aresp); + free (aresp); *resp = NULL; return PAM_CONV_ERR; } -- cgit v1.2.3 From 8b727fb33ae5b8ea89ce0c40500b98f6ac7a73e5 Mon Sep 17 00:00:00 2001 From: Tomas Bzatek Date: Wed, 29 May 2013 13:45:31 +0000 Subject: Use GOnce for interface type registration Static local variable may not be enough since it doesn't provide locking. Related to these udisksd warnings: GLib-GObject-WARNING **: cannot register existing type `PolkitSubject' Thanks to Hans de Goede for spotting this! Bug: https://bugs.freedesktop.org/show_bug.cgi?id=65130 Origin: upstream, 0.112, commit:20ad116a6582e57d20f9d8197758947918753a4c Gbp-Pq: Topic 0.112 Gbp-Pq: Name 00git_type_registration.patch --- src/polkit/polkitidentity.c | 10 ++++++---- src/polkit/polkitsubject.c | 10 ++++++---- src/polkitbackend/polkitbackendactionlookup.c | 10 ++++++---- 3 files changed, 18 insertions(+), 12 deletions(-) diff --git a/src/polkit/polkitidentity.c b/src/polkit/polkitidentity.c index dd15b2f9..7813c2c0 100644 --- a/src/polkit/polkitidentity.c +++ b/src/polkit/polkitidentity.c @@ -49,9 +49,9 @@ base_init (gpointer g_iface) GType polkit_identity_get_type (void) { - static GType iface_type = 0; + static volatile gsize g_define_type_id__volatile = 0; - if (iface_type == 0) + if (g_once_init_enter (&g_define_type_id__volatile)) { static const GTypeInfo info = { @@ -67,12 +67,14 @@ polkit_identity_get_type (void) NULL /* value_table */ }; - iface_type = g_type_register_static (G_TYPE_INTERFACE, "PolkitIdentity", &info, 0); + GType iface_type = + g_type_register_static (G_TYPE_INTERFACE, "PolkitIdentity", &info, 0); g_type_interface_add_prerequisite (iface_type, G_TYPE_OBJECT); + g_once_init_leave (&g_define_type_id__volatile, iface_type); } - return iface_type; + return g_define_type_id__volatile; } /** diff --git a/src/polkit/polkitsubject.c b/src/polkit/polkitsubject.c index d2c4c205..aed57951 100644 --- a/src/polkit/polkitsubject.c +++ b/src/polkit/polkitsubject.c @@ -50,9 +50,9 @@ base_init (gpointer g_iface) GType polkit_subject_get_type (void) { - static GType iface_type = 0; + static volatile gsize g_define_type_id__volatile = 0; - if (iface_type == 0) + if (g_once_init_enter (&g_define_type_id__volatile)) { static const GTypeInfo info = { @@ -68,12 +68,14 @@ polkit_subject_get_type (void) NULL /* value_table */ }; - iface_type = g_type_register_static (G_TYPE_INTERFACE, "PolkitSubject", &info, 0); + GType iface_type = + g_type_register_static (G_TYPE_INTERFACE, "PolkitSubject", &info, 0); g_type_interface_add_prerequisite (iface_type, G_TYPE_OBJECT); + g_once_init_leave (&g_define_type_id__volatile, iface_type); } - return iface_type; + return g_define_type_id__volatile; } /** diff --git a/src/polkitbackend/polkitbackendactionlookup.c b/src/polkitbackend/polkitbackendactionlookup.c index 5a1a228a..20747e79 100644 --- a/src/polkitbackend/polkitbackendactionlookup.c +++ b/src/polkitbackend/polkitbackendactionlookup.c @@ -74,9 +74,9 @@ base_init (gpointer g_iface) GType polkit_backend_action_lookup_get_type (void) { - static GType iface_type = 0; + static volatile gsize g_define_type_id__volatile = 0; - if (iface_type == 0) + if (g_once_init_enter (&g_define_type_id__volatile)) { static const GTypeInfo info = { @@ -92,12 +92,14 @@ polkit_backend_action_lookup_get_type (void) NULL /* value_table */ }; - iface_type = g_type_register_static (G_TYPE_INTERFACE, "PolkitBackendActionLookup", &info, 0); + GType iface_type = + g_type_register_static (G_TYPE_INTERFACE, "PolkitBackendActionLookup", &info, 0); g_type_interface_add_prerequisite (iface_type, G_TYPE_OBJECT); + g_once_init_leave (&g_define_type_id__volatile, iface_type); } - return iface_type; + return g_define_type_id__volatile; } /** -- cgit v1.2.3 From d7135001d7a5877501e0d77950690591075b4f91 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Tue, 20 Aug 2013 15:15:31 -0400 Subject: polkitunixprocess: Deprecate racy APIs It's only safe for processes to be created with their owning uid, (without kernel support, which we don't have). Anything else is subject to clients exec()ing setuid binaries after the fact. Origin: upstream, 0.112, commit:08291789a1f99d4ab29c74c39344304bcca43023 Gbp-Pq: Topic 0.112 Gbp-Pq: Name 08_deprecate_racy_APIs.patch --- src/polkit/polkitunixprocess.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/polkit/polkitunixprocess.h b/src/polkit/polkitunixprocess.h index 531a57d6..f5ed1a73 100644 --- a/src/polkit/polkitunixprocess.h +++ b/src/polkit/polkitunixprocess.h @@ -47,7 +47,9 @@ typedef struct _PolkitUnixProcess PolkitUnixProcess; typedef struct _PolkitUnixProcessClass PolkitUnixProcessClass; GType polkit_unix_process_get_type (void) G_GNUC_CONST; +G_GNUC_DEPRECATED_FOR(polkit_unix_process_new_for_owner) PolkitSubject *polkit_unix_process_new (gint pid); +G_GNUC_DEPRECATED_FOR(polkit_unix_process_new_for_owner) PolkitSubject *polkit_unix_process_new_full (gint pid, guint64 start_time); PolkitSubject *polkit_unix_process_new_for_owner (gint pid, -- cgit v1.2.3 From e3e7d635ac95d906dda2c45051767b004fba2b09 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Mon, 19 Aug 2013 12:16:11 -0400 Subject: pkcheck: Support --process=pid,start-time,uid syntax too The uid is a new addition; this allows callers such as libvirt to close a race condition in reading the uid of the process talking to them. They can read it via getsockopt(SO_PEERCRED) or equivalent, rather than having pkcheck look at /proc later after the fact. Programs which invoke pkcheck but need to know beforehand (i.e. at compile time) whether or not it supports passing the uid can use: pkcheck_supports_uid=$($PKG_CONFIG --variable pkcheck_supports_uid polkit-gobject-1) test x$pkcheck_supports_uid = xyes Origin: upstream, 0.112, commit:3968411b0c7ba193f9b9276ec911692aec248608 Gbp-Pq: Topic 0.112 Gbp-Pq: Name cve-2013-4288.patch --- data/polkit-gobject-1.pc.in | 3 +++ docs/man/pkcheck.xml | 29 ++++++++++++++++++++--------- src/programs/pkcheck.c | 7 ++++++- 3 files changed, 29 insertions(+), 10 deletions(-) diff --git a/data/polkit-gobject-1.pc.in b/data/polkit-gobject-1.pc.in index c39677dd..5c4c6207 100644 --- a/data/polkit-gobject-1.pc.in +++ b/data/polkit-gobject-1.pc.in @@ -11,3 +11,6 @@ Version: @VERSION@ Libs: -L${libdir} -lpolkit-gobject-1 Cflags: -I${includedir}/polkit-1 Requires: gio-2.0 >= 2.18 glib-2.0 >= 2.18 +# Programs using pkcheck can use this to determine +# whether or not it can be passed a uid. +pkcheck_supports_uid=true diff --git a/docs/man/pkcheck.xml b/docs/man/pkcheck.xml index 6b8a8743..508447e2 100644 --- a/docs/man/pkcheck.xml +++ b/docs/man/pkcheck.xml @@ -55,6 +55,9 @@ pid,pid-start-time + + pid,pid-start-time,uid + @@ -90,7 +93,7 @@ DESCRIPTION pkcheck is used to check whether a process, specified by - either or , + either (see below) or , is authorized for action. The option can be used zero or more times to pass details about action. If is passed, pkcheck blocks @@ -160,17 +163,25 @@ KEY3=VALUE3 NOTES - Since process identifiers can be recycled, the caller should always use - pid,pid-start-time to specify the process - to check for authorization when using the option. - The value of pid-start-time - can be determined by consulting e.g. the + Do not use either the bare pid or + pid,start-time syntax forms for + . There are race conditions in both. + New code should always use + pid,pid-start-time,uid. The value of + start-time can be determined by + consulting e.g. the proc5 - file system depending on the operating system. If only pid - is passed to the option, then pkcheck - will look up the start time itself but note that this may be racy. + file system depending on the operating system. If fewer than 3 + arguments are passed, pkcheck will attempt to + look up them up internally, but note that this may be racy. + + + If your program is a daemon with e.g. a custom Unix domain + socket, you should determine the uid + parameter via operating system mechanisms such as + PEERCRED. diff --git a/src/programs/pkcheck.c b/src/programs/pkcheck.c index 719a36c4..057e926d 100644 --- a/src/programs/pkcheck.c +++ b/src/programs/pkcheck.c @@ -372,6 +372,7 @@ main (int argc, char *argv[]) else if (g_strcmp0 (argv[n], "--process") == 0 || g_strcmp0 (argv[n], "-p") == 0) { gint pid; + guint uid; guint64 pid_start_time; n++; @@ -381,7 +382,11 @@ main (int argc, char *argv[]) goto out; } - if (sscanf (argv[n], "%i,%" G_GUINT64_FORMAT, &pid, &pid_start_time) == 2) + if (sscanf (argv[n], "%i,%" G_GUINT64_FORMAT ",%u", &pid, &pid_start_time, &uid) == 3) + { + subject = polkit_unix_process_new_for_owner (pid, pid_start_time, uid); + } + else if (sscanf (argv[n], "%i,%" G_GUINT64_FORMAT, &pid, &pid_start_time) == 2) { subject = polkit_unix_process_new_full (pid, pid_start_time); } -- cgit v1.2.3 From 7d0c4059268fa32e6cb5e8949a0581dceaf1cd2b Mon Sep 17 00:00:00 2001 From: Rui Matos Date: Thu, 2 Mar 2017 14:50:31 +0100 Subject: polkitpermission: Fix a memory leak on authority changes Signed-off-by: Rui Matos Bug: https://bugs.freedesktop.org/show_bug.cgi?id=99741 Origin: upstream, 0.114, commit:df6488c0a5b2a6c7a2d4f6a55008263635c5571b Gbp-Pq: Topic 0.114 Gbp-Pq: Name polkitpermission-Fix-a-memory-leak-on-authority-changes.patch --- src/polkit/polkitpermission.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/polkit/polkitpermission.c b/src/polkit/polkitpermission.c index 22d195fc..be794cb3 100644 --- a/src/polkit/polkitpermission.c +++ b/src/polkit/polkitpermission.c @@ -454,6 +454,7 @@ changed_check_cb (GObject *source_object, if (result != NULL) { process_result (permission, result); + g_object_unref (result); } else { -- cgit v1.2.3 From 75d95adb930badada8ca58cf8430b26890a6af80 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Sat, 9 Nov 2013 13:48:21 -0500 Subject: Port internals non-deprecated PolkitProcess API where possible We can't port everything, but in PolkitPermission and these test cases, we can use _for_owner() with the right information. [smcv: drop the part that touches test/polkitbackend/test-polkitbackendjsauthority.c which is not in this branch] Origin: upstream, 0.113, commit:6d3d0a8ffb0fd8ae59eb35593b305ec87da8858d Gbp-Pq: Topic 0.113 Gbp-Pq: Name Port-internals-non-deprecated-PolkitProcess-API-wher.patch --- src/polkit/polkitpermission.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/polkit/polkitpermission.c b/src/polkit/polkitpermission.c index be794cb3..f264094d 100644 --- a/src/polkit/polkitpermission.c +++ b/src/polkit/polkitpermission.c @@ -122,7 +122,7 @@ polkit_permission_constructed (GObject *object) PolkitPermission *permission = POLKIT_PERMISSION (object); if (permission->subject == NULL) - permission->subject = polkit_unix_process_new (getpid ()); + permission->subject = polkit_unix_process_new_for_owner (getpid (), 0, getuid ()); if (G_OBJECT_CLASS (polkit_permission_parent_class)->constructed != NULL) G_OBJECT_CLASS (polkit_permission_parent_class)->constructed (object); -- cgit v1.2.3 From bc82d774efefef79a0ac58633b646b6ad398cf04 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Thu, 21 Nov 2013 17:39:37 -0500 Subject: pkexec: Work around systemd injecting broken XDG_RUNTIME_DIR This workaround isn't too much code, and it's often better to fix bugs in two places anyways. For more information: See https://bugzilla.redhat.com/show_bug.cgi?id=753882 See http://lists.freedesktop.org/archives/systemd-devel/2013-November/014370.html Origin: upstream, 0.113, commit:8635ffc16aeff6a07d675f861fe0dea03ea81d7e Gbp-Pq: Topic 0.113 Gbp-Pq: Name pkexec-Work-around-systemd-injecting-broken-XDG_RUNT.patch --- src/programs/pkexec.c | 33 ++++++++++++++++++++++++++++++--- 1 file changed, 30 insertions(+), 3 deletions(-) diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c index 9a0570a3..5e990443 100644 --- a/src/programs/pkexec.c +++ b/src/programs/pkexec.c @@ -139,8 +139,22 @@ pam_conversation_function (int n, return PAM_CONV_ERR; } +/* A work around for: + * https://bugzilla.redhat.com/show_bug.cgi?id=753882 + */ +static gboolean +xdg_runtime_dir_is_owned_by (const char *path, + uid_t target_uid) +{ + struct stat stbuf; + + return stat (path, &stbuf) == 0 && + stbuf.st_uid == target_uid; +} + static gboolean -open_session (const gchar *user_to_auth) +open_session (const gchar *user_to_auth, + uid_t target_uid) { gboolean ret; gint rc; @@ -182,7 +196,19 @@ open_session (const gchar *user_to_auth) { guint n; for (n = 0; envlist[n]; n++) - putenv (envlist[n]); + { + const char *envitem = envlist[n]; + + if (g_str_has_prefix (envitem, "XDG_RUNTIME_DIR=")) + { + const char *eq = strchr (envitem, '='); + g_assert (eq); + if (!xdg_runtime_dir_is_owned_by (eq + 1, target_uid)) + continue; + } + + putenv (envlist[n]); + } free (envlist); } @@ -892,7 +918,8 @@ main (int argc, char *argv[]) * As evident above, neither su(1) (and, for that matter, nor sudo(8)) does this. */ #ifdef POLKIT_AUTHFW_PAM - if (!open_session (pw->pw_name)) + if (!open_session (pw->pw_name, + pw->pw_uid)) { goto out; } -- cgit v1.2.3 From 75c9c53f10a8408c11abbf09c25f988ea6d6ae0b Mon Sep 17 00:00:00 2001 From: Rui Matos Date: Thu, 6 Feb 2014 18:41:18 +0100 Subject: PolkitAgentSession: fix race between child and io watches The helper flushes and fdatasyncs stdout and stderr before terminating but this doesn't guarantee that our io watch is called before our child watch. This means that we can end up with a successful return from the helper which we still report as a failure. If we add G_IO_HUP and G_IO_ERR to the conditions we look for in the io watch and the child terminates we still run the io watch handler which will complete the session. This means that the child watch is in fact needless and we can remove it. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=60847 Origin: upstream, 0.113, commit:7650ad1e08ab13bdb461783c4995d186d9392840 Bug: http://bugs.freedesktop.org/show_bug.cgi?id=30515 Bug-Ubuntu: https://launchpad.net/bugs/649939 Bug-Ubuntu: https://launchpad.net/bugs/445303 Gbp-Pq: Topic 0.113 Gbp-Pq: Name 03_PolkitAgentSession-fix-race-between-child-and-io-wat.patch --- src/polkitagent/polkitagentsession.c | 47 +++++++++--------------------------- 1 file changed, 11 insertions(+), 36 deletions(-) diff --git a/src/polkitagent/polkitagentsession.c b/src/polkitagent/polkitagentsession.c index 8129cd9f..a658a229 100644 --- a/src/polkitagent/polkitagentsession.c +++ b/src/polkitagent/polkitagentsession.c @@ -92,7 +92,6 @@ struct _PolkitAgentSession int child_stdout; GPid child_pid; - GSource *child_watch_source; GSource *child_stdout_watch_source; GIOChannel *child_stdout_channel; @@ -377,13 +376,6 @@ kill_helper (PolkitAgentSession *session) session->child_pid = 0; } - if (session->child_watch_source != NULL) - { - g_source_destroy (session->child_watch_source); - g_source_unref (session->child_watch_source); - session->child_watch_source = NULL; - } - if (session->child_stdout_watch_source != NULL) { g_source_destroy (session->child_stdout_watch_source); @@ -429,26 +421,6 @@ complete_session (PolkitAgentSession *session, } } -static void -child_watch_func (GPid pid, - gint status, - gpointer user_data) -{ - PolkitAgentSession *session = POLKIT_AGENT_SESSION (user_data); - - if (G_UNLIKELY (_show_debug ())) - { - g_print ("PolkitAgentSession: in child_watch_func for pid %d (WIFEXITED=%d WEXITSTATUS=%d)\n", - (gint) pid, - WIFEXITED(status), - WEXITSTATUS(status)); - } - - /* kill all the watches we have set up, except for the child since it has exited already */ - session->child_pid = 0; - complete_session (session, FALSE); -} - static gboolean io_watch_have_data (GIOChannel *channel, GIOCondition condition, @@ -475,10 +447,13 @@ io_watch_have_data (GIOChannel *channel, NULL, NULL, &error); - if (error != NULL) + if (error != NULL || line == NULL) { - g_warning ("Error reading line from helper: %s", error->message); - g_error_free (error); + /* In case we get just G_IO_HUP, line is NULL but error is + unset.*/ + g_warning ("Error reading line from helper: %s", + error ? error->message : "nothing to read"); + g_clear_error (&error); complete_session (session, FALSE); goto out; @@ -540,6 +515,9 @@ io_watch_have_data (GIOChannel *channel, g_free (line); g_free (unescaped); + if (condition & (G_IO_ERR | G_IO_HUP)) + complete_session (session, FALSE); + /* keep the IOChannel around */ return TRUE; } @@ -650,12 +628,9 @@ polkit_agent_session_initiate (PolkitAgentSession *session) if (G_UNLIKELY (_show_debug ())) g_print ("PolkitAgentSession: spawned helper with pid %d\n", (gint) session->child_pid); - session->child_watch_source = g_child_watch_source_new (session->child_pid); - g_source_set_callback (session->child_watch_source, (GSourceFunc) child_watch_func, session, NULL); - g_source_attach (session->child_watch_source, g_main_context_get_thread_default ()); - session->child_stdout_channel = g_io_channel_unix_new (session->child_stdout); - session->child_stdout_watch_source = g_io_create_watch (session->child_stdout_channel, G_IO_IN); + session->child_stdout_watch_source = g_io_create_watch (session->child_stdout_channel, + G_IO_IN | G_IO_ERR | G_IO_HUP); g_source_set_callback (session->child_stdout_watch_source, (GSourceFunc) io_watch_have_data, session, NULL); g_source_attach (session->child_stdout_watch_source, g_main_context_get_thread_default ()); -- cgit v1.2.3 From 5b5988793ca0400cffcbbdc079ef90138312051a Mon Sep 17 00:00:00 2001 From: Lukasz Skalski Date: Tue, 22 Apr 2014 11:11:20 +0200 Subject: polkitd: Fix problem with removing non-existent source Bug: https://bugs.freedesktop.org/show_bug.cgi?id=77167 Applied-upstream: 0.113, commit:3ca4e00c7e003ea80aa96b499bc7cd83246d7108 Gbp-Pq: Topic 0.113 Gbp-Pq: Name polkitd-Fix-problem-with-removing-non-existent-sourc.patch --- src/polkitd/main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/polkitd/main.c b/src/polkitd/main.c index b21723f6..f18fb917 100644 --- a/src/polkitd/main.c +++ b/src/polkitd/main.c @@ -93,7 +93,7 @@ on_sigint (gpointer user_data) { g_print ("Handling SIGINT\n"); g_main_loop_quit (loop); - return FALSE; + return TRUE; } int -- cgit v1.2.3 From 2feef1fa994844753295b0322e9d409faf250ff4 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Wed, 21 Aug 2013 12:23:55 -0400 Subject: PolkitSystemBusName: Add public API to retrieve Unix user And change the duplicated code in the backend session monitors to use it. This just a code cleanup resulting from review after CVE-2013-4288. There's no security impact from this patch, it just removes duplicated code. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=69538 Origin: upstream, 0.113, commit:904d8404d93dec45fce3b719eb1a626acc6b8a73 Gbp-Pq: Topic 0.113 Gbp-Pq: Name PolkitSystemBusName-Add-public-API-to-retrieve-Unix-.patch --- src/polkit/polkitsystembusname.c | 56 ++++++++++++++++++++++ src/polkit/polkitsystembusname.h | 4 ++ .../polkitbackendsessionmonitor-systemd.c | 20 +------- src/polkitbackend/polkitbackendsessionmonitor.c | 20 +------- 4 files changed, 62 insertions(+), 38 deletions(-) diff --git a/src/polkit/polkitsystembusname.c b/src/polkit/polkitsystembusname.c index 2a297c4a..51e4a694 100644 --- a/src/polkit/polkitsystembusname.c +++ b/src/polkit/polkitsystembusname.c @@ -25,6 +25,7 @@ #include #include "polkitsystembusname.h" +#include "polkitunixuser.h" #include "polkitsubject.h" #include "polkitprivate.h" @@ -396,3 +397,58 @@ polkit_system_bus_name_get_process_sync (PolkitSystemBusName *system_bus_name, return ret; } +/** + * polkit_system_bus_name_get_user_sync: + * @system_bus_name: A #PolkitSystemBusName. + * @cancellable: (allow-none): A #GCancellable or %NULL. + * @error: (allow-none): Return location for error or %NULL. + * + * Synchronously gets a #PolkitUnixUser object for @system_bus_name; + * the calling thread is blocked until a reply is received. + * + * Returns: (allow-none) (transfer full): A #PolkitUnixUser object or %NULL if @error is set. + **/ +PolkitUnixUser * +polkit_system_bus_name_get_user_sync (PolkitSystemBusName *system_bus_name, + GCancellable *cancellable, + GError **error) +{ + GDBusConnection *connection; + PolkitUnixUser *ret; + GVariant *result; + guint32 uid; + + g_return_val_if_fail (POLKIT_IS_SYSTEM_BUS_NAME (system_bus_name), NULL); + g_return_val_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable), NULL); + g_return_val_if_fail (error == NULL || *error == NULL, NULL); + + ret = NULL; + + connection = g_bus_get_sync (G_BUS_TYPE_SYSTEM, cancellable, error); + if (connection == NULL) + goto out; + + result = g_dbus_connection_call_sync (connection, + "org.freedesktop.DBus", /* name */ + "/org/freedesktop/DBus", /* object path */ + "org.freedesktop.DBus", /* interface name */ + "GetConnectionUnixUser", /* method */ + g_variant_new ("(s)", system_bus_name->name), + G_VARIANT_TYPE ("(u)"), + G_DBUS_CALL_FLAGS_NONE, + -1, + cancellable, + error); + if (result == NULL) + goto out; + + g_variant_get (result, "(u)", &uid); + g_variant_unref (result); + + ret = (PolkitUnixUser*)polkit_unix_user_new (uid); + + out: + if (connection != NULL) + g_object_unref (connection); + return ret; +} diff --git a/src/polkit/polkitsystembusname.h b/src/polkit/polkitsystembusname.h index 1fc464fc..38d31f71 100644 --- a/src/polkit/polkitsystembusname.h +++ b/src/polkit/polkitsystembusname.h @@ -56,6 +56,10 @@ PolkitSubject *polkit_system_bus_name_get_process_sync (PolkitSystemBusName GCancellable *cancellable, GError **error); +PolkitUnixUser * polkit_system_bus_name_get_user_sync (PolkitSystemBusName *system_bus_name, + GCancellable *cancellable, + GError **error); + G_END_DECLS #endif /* __POLKIT_SYSTEM_BUS_NAME_H */ diff --git a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c index 58593c32..01853105 100644 --- a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c +++ b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c @@ -277,25 +277,7 @@ polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor } else if (POLKIT_IS_SYSTEM_BUS_NAME (subject)) { - GVariant *result; - - result = g_dbus_connection_call_sync (monitor->system_bus, - "org.freedesktop.DBus", - "/org/freedesktop/DBus", - "org.freedesktop.DBus", - "GetConnectionUnixUser", - g_variant_new ("(s)", polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (subject))), - G_VARIANT_TYPE ("(u)"), - G_DBUS_CALL_FLAGS_NONE, - -1, /* timeout_msec */ - NULL, /* GCancellable */ - error); - if (result == NULL) - goto out; - g_variant_get (result, "(u)", &uid); - g_variant_unref (result); - - ret = polkit_unix_user_new (uid); + ret = (PolkitIdentity*)polkit_system_bus_name_get_user_sync (POLKIT_SYSTEM_BUS_NAME (subject), NULL, error); } else if (POLKIT_IS_UNIX_SESSION (subject)) { diff --git a/src/polkitbackend/polkitbackendsessionmonitor.c b/src/polkitbackend/polkitbackendsessionmonitor.c index 9c331b64..4075d3ff 100644 --- a/src/polkitbackend/polkitbackendsessionmonitor.c +++ b/src/polkitbackend/polkitbackendsessionmonitor.c @@ -306,25 +306,7 @@ polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor } else if (POLKIT_IS_SYSTEM_BUS_NAME (subject)) { - GVariant *result; - - result = g_dbus_connection_call_sync (monitor->system_bus, - "org.freedesktop.DBus", - "/org/freedesktop/DBus", - "org.freedesktop.DBus", - "GetConnectionUnixUser", - g_variant_new ("(s)", polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (subject))), - G_VARIANT_TYPE ("(u)"), - G_DBUS_CALL_FLAGS_NONE, - -1, /* timeout_msec */ - NULL, /* GCancellable */ - error); - if (result == NULL) - goto out; - g_variant_get (result, "(u)", &uid); - g_variant_unref (result); - - ret = polkit_unix_user_new (uid); + ret = (PolkitIdentity*)polkit_system_bus_name_get_user_sync (POLKIT_SYSTEM_BUS_NAME (subject)); } else if (POLKIT_IS_UNIX_SESSION (subject)) { -- cgit v1.2.3 From a2b6245bf1db6db2c55cb27d1123f0fc6ac3ebc3 Mon Sep 17 00:00:00 2001 From: Xabier Rodriguez Calvar Date: Sun, 10 Nov 2013 19:16:41 +0100 Subject: Fixed compilation problem in the backend Origin: upstream, 0.113, commit: dbbb7dc60abdd970af0a8fae404484181fa909c9 Bug-Debian: https://bugs.debian.org/798769 Gbp-Pq: Topic 0.113 Gbp-Pq: Name Fixed-compilation-problem-in-the-backend.patch --- src/polkitbackend/polkitbackendsessionmonitor.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/polkitbackend/polkitbackendsessionmonitor.c b/src/polkitbackend/polkitbackendsessionmonitor.c index 4075d3ff..05f51c58 100644 --- a/src/polkitbackend/polkitbackendsessionmonitor.c +++ b/src/polkitbackend/polkitbackendsessionmonitor.c @@ -306,7 +306,7 @@ polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor } else if (POLKIT_IS_SYSTEM_BUS_NAME (subject)) { - ret = (PolkitIdentity*)polkit_system_bus_name_get_user_sync (POLKIT_SYSTEM_BUS_NAME (subject)); + ret = (PolkitIdentity*)polkit_system_bus_name_get_user_sync (POLKIT_SYSTEM_BUS_NAME (subject), NULL, NULL); } else if (POLKIT_IS_UNIX_SESSION (subject)) { -- cgit v1.2.3 From 168b28b21511e49ff6080d8c429aeae020ba7abb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Mon, 11 Nov 2013 23:51:23 +0100 Subject: Don't discard error data returned by polkit_system_bus_name_get_user_sync Bug: https://bugs.freedesktop.org/show_bug.cgi?id=71458 Origin: upstream, 0.113, commit: 145d43b9c891f248ad68ebe597cb151a865bdb3a Bug-Debian: https://bugs.debian.org/798769 Gbp-Pq: Topic 0.113 Gbp-Pq: Name Don-t-discard-error-data-returned-by-polkit_system_b.patch --- src/polkitbackend/polkitbackendsessionmonitor.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/polkitbackend/polkitbackendsessionmonitor.c b/src/polkitbackend/polkitbackendsessionmonitor.c index 05f51c58..e1a9ab3a 100644 --- a/src/polkitbackend/polkitbackendsessionmonitor.c +++ b/src/polkitbackend/polkitbackendsessionmonitor.c @@ -306,7 +306,7 @@ polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor } else if (POLKIT_IS_SYSTEM_BUS_NAME (subject)) { - ret = (PolkitIdentity*)polkit_system_bus_name_get_user_sync (POLKIT_SYSTEM_BUS_NAME (subject), NULL, NULL); + ret = (PolkitIdentity*)polkit_system_bus_name_get_user_sync (POLKIT_SYSTEM_BUS_NAME (subject), NULL, error); } else if (POLKIT_IS_UNIX_SESSION (subject)) { -- cgit v1.2.3 From 5bf3157082cd99ef49b800c0627069a2d0b365a7 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Thu, 7 Nov 2013 15:57:50 -0500 Subject: sessionmonitor-systemd: Deduplicate code paths We had the code to go from pid -> session duplicated. If we have a PolkitSystemBusName, convert it to a PolkitUnixProcess. Then we can do PolkitUnixProcess -> pid -> session in one place. This is just a code cleanup. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=69538 Origin: upstream, 0.113, commit:26d0c0578211fb96fc8fe75572aa11ad6ecbf9b8 Gbp-Pq: Topic 0.113 Gbp-Pq: Name sessionmonitor-systemd-Deduplicate-code-paths.patch --- .../polkitbackendsessionmonitor-systemd.c | 63 ++++++++-------------- 1 file changed, 22 insertions(+), 41 deletions(-) diff --git a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c index 01853105..756b728a 100644 --- a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c +++ b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c @@ -313,61 +313,42 @@ polkit_backend_session_monitor_get_session_for_subject (PolkitBackendSessionMoni PolkitSubject *subject, GError **error) { - PolkitSubject *session; - - session = NULL; + PolkitUnixProcess *tmp_process = NULL; + PolkitUnixProcess *process = NULL; + PolkitSubject *session = NULL; + char *session_id = NULL; + pid_t pid; if (POLKIT_IS_UNIX_PROCESS (subject)) - { - gchar *session_id; - pid_t pid; - - pid = polkit_unix_process_get_pid (POLKIT_UNIX_PROCESS (subject)); - if (sd_pid_get_session (pid, &session_id) < 0) - goto out; - - session = polkit_unix_session_new (session_id); - free (session_id); - } + process = POLKIT_UNIX_PROCESS (subject); /* We already have a process */ else if (POLKIT_IS_SYSTEM_BUS_NAME (subject)) { - guint32 pid; - gchar *session_id; - GVariant *result; - - result = g_dbus_connection_call_sync (monitor->system_bus, - "org.freedesktop.DBus", - "/org/freedesktop/DBus", - "org.freedesktop.DBus", - "GetConnectionUnixProcessID", - g_variant_new ("(s)", polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (subject))), - G_VARIANT_TYPE ("(u)"), - G_DBUS_CALL_FLAGS_NONE, - -1, /* timeout_msec */ - NULL, /* GCancellable */ - error); - if (result == NULL) - goto out; - g_variant_get (result, "(u)", &pid); - g_variant_unref (result); - - if (sd_pid_get_session (pid, &session_id) < 0) - goto out; - - session = polkit_unix_session_new (session_id); - free (session_id); + /* Convert bus name to process */ + tmp_process = (PolkitUnixProcess*)polkit_system_bus_name_get_process_sync (POLKIT_SYSTEM_BUS_NAME (subject), NULL, error); + if (!tmp_process) + goto out; + process = tmp_process; } else { g_set_error (error, POLKIT_ERROR, POLKIT_ERROR_NOT_SUPPORTED, - "Cannot get user for subject of type %s", + "Cannot get session for subject of type %s", g_type_name (G_TYPE_FROM_INSTANCE (subject))); } - out: + /* Now do process -> pid -> session */ + g_assert (process != NULL); + pid = polkit_unix_process_get_pid (process); + if (sd_pid_get_session (pid, &session_id) < 0) + goto out; + + session = polkit_unix_session_new (session_id); + free (session_id); + out: + if (tmp_process) g_object_unref (tmp_process); return session; } -- cgit v1.2.3 From 962dd6deac8b1bf59b7b2e5cd48c19f39a7c26f8 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Sat, 9 Nov 2013 09:32:52 -0500 Subject: PolkitSystemBusName: Retrieve both pid and uid For polkit_system_bus_name_get_process_sync(), as pointed out by Miloslav Trmac, we can securely retrieve the owner uid as well from the system bus, rather than (racily) looking it up internally. This avoids use of a deprecated API. However, this is not a security fix because nothing in the polkit codebase itself actually retrieves the uid from the result of this API call. But, it might be useful in the future. Origin: upstream, 0.113, commit:bfa5036bfb93582c5a87c44b847957479d911e38 Gbp-Pq: Topic 0.113 Gbp-Pq: Name PolkitSystemBusName-Retrieve-both-pid-and-uid.patch --- src/polkit/polkitsystembusname.c | 171 +++++++++++++++++++++++++++------------ 1 file changed, 118 insertions(+), 53 deletions(-) diff --git a/src/polkit/polkitsystembusname.c b/src/polkit/polkitsystembusname.c index 51e4a694..8daa12cb 100644 --- a/src/polkit/polkitsystembusname.c +++ b/src/polkit/polkitsystembusname.c @@ -341,6 +341,116 @@ subject_iface_init (PolkitSubjectIface *subject_iface) /* ---------------------------------------------------------------------------------------------------- */ +typedef struct { + GError **error; + guint retrieved_uid : 1; + guint retrieved_pid : 1; + guint caught_error : 1; + + guint32 uid; + guint32 pid; +} AsyncGetBusNameCredsData; + +static void +on_retrieved_unix_uid_pid (GObject *src, + GAsyncResult *res, + gpointer user_data) +{ + AsyncGetBusNameCredsData *data = user_data; + GVariant *v; + + v = g_dbus_connection_call_finish ((GDBusConnection*)src, res, + data->caught_error ? NULL : data->error); + if (!v) + { + data->caught_error = TRUE; + } + else + { + guint32 value; + g_variant_get (v, "(u)", &value); + g_variant_unref (v); + if (!data->retrieved_uid) + { + data->retrieved_uid = TRUE; + data->uid = value; + } + else + { + g_assert (!data->retrieved_pid); + data->retrieved_pid = TRUE; + data->pid = value; + } + } +} + +static gboolean +polkit_system_bus_name_get_creds_sync (PolkitSystemBusName *system_bus_name, + guint32 *out_uid, + guint32 *out_pid, + GCancellable *cancellable, + GError **error) +{ + gboolean ret = FALSE; + AsyncGetBusNameCredsData data = { 0, }; + GDBusConnection *connection = NULL; + GMainContext *tmp_context = NULL; + + connection = g_bus_get_sync (G_BUS_TYPE_SYSTEM, cancellable, error); + if (connection == NULL) + goto out; + + data.error = error; + + tmp_context = g_main_context_new (); + g_main_context_push_thread_default (tmp_context); + + /* Do two async calls as it's basically as fast as one sync call. + */ + g_dbus_connection_call (connection, + "org.freedesktop.DBus", /* name */ + "/org/freedesktop/DBus", /* object path */ + "org.freedesktop.DBus", /* interface name */ + "GetConnectionUnixUser", /* method */ + g_variant_new ("(s)", system_bus_name->name), + G_VARIANT_TYPE ("(u)"), + G_DBUS_CALL_FLAGS_NONE, + -1, + cancellable, + on_retrieved_unix_uid_pid, + &data); + g_dbus_connection_call (connection, + "org.freedesktop.DBus", /* name */ + "/org/freedesktop/DBus", /* object path */ + "org.freedesktop.DBus", /* interface name */ + "GetConnectionUnixProcessID", /* method */ + g_variant_new ("(s)", system_bus_name->name), + G_VARIANT_TYPE ("(u)"), + G_DBUS_CALL_FLAGS_NONE, + -1, + cancellable, + on_retrieved_unix_uid_pid, + &data); + + while (!((data.retrieved_uid && data.retrieved_pid) || data.caught_error)) + g_main_context_iteration (tmp_context, TRUE); + + if (out_uid) + *out_uid = data.uid; + if (out_pid) + *out_pid = data.pid; + ret = TRUE; + out: + if (tmp_context) + { + g_main_context_pop_thread_default (tmp_context); + g_main_context_unref (tmp_context); + } + if (connection != NULL) + g_object_unref (connection); + return ret; +} + /** * polkit_system_bus_name_get_process_sync: * @system_bus_name: A #PolkitSystemBusName. @@ -357,43 +467,21 @@ polkit_system_bus_name_get_process_sync (PolkitSystemBusName *system_bus_name, GCancellable *cancellable, GError **error) { - GDBusConnection *connection; - PolkitSubject *ret; - GVariant *result; + PolkitSubject *ret = NULL; guint32 pid; + guint32 uid; g_return_val_if_fail (POLKIT_IS_SYSTEM_BUS_NAME (system_bus_name), NULL); g_return_val_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable), NULL); g_return_val_if_fail (error == NULL || *error == NULL, NULL); - ret = NULL; - - connection = g_bus_get_sync (G_BUS_TYPE_SYSTEM, cancellable, error); - if (connection == NULL) + if (!polkit_system_bus_name_get_creds_sync (system_bus_name, &uid, &pid, + cancellable, error)) goto out; - result = g_dbus_connection_call_sync (connection, - "org.freedesktop.DBus", /* name */ - "/org/freedesktop/DBus", /* object path */ - "org.freedesktop.DBus", /* interface name */ - "GetConnectionUnixProcessID", /* method */ - g_variant_new ("(s)", system_bus_name->name), - G_VARIANT_TYPE ("(u)"), - G_DBUS_CALL_FLAGS_NONE, - -1, - cancellable, - error); - if (result == NULL) - goto out; - - g_variant_get (result, "(u)", &pid); - g_variant_unref (result); - - ret = polkit_unix_process_new (pid); + ret = polkit_unix_process_new_for_owner (pid, 0, uid); out: - if (connection != NULL) - g_object_unref (connection); return ret; } @@ -413,42 +501,19 @@ polkit_system_bus_name_get_user_sync (PolkitSystemBusName *system_bus_name, GCancellable *cancellable, GError **error) { - GDBusConnection *connection; - PolkitUnixUser *ret; - GVariant *result; + PolkitUnixUser *ret = NULL; guint32 uid; g_return_val_if_fail (POLKIT_IS_SYSTEM_BUS_NAME (system_bus_name), NULL); g_return_val_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable), NULL); g_return_val_if_fail (error == NULL || *error == NULL, NULL); - ret = NULL; - - connection = g_bus_get_sync (G_BUS_TYPE_SYSTEM, cancellable, error); - if (connection == NULL) - goto out; - - result = g_dbus_connection_call_sync (connection, - "org.freedesktop.DBus", /* name */ - "/org/freedesktop/DBus", /* object path */ - "org.freedesktop.DBus", /* interface name */ - "GetConnectionUnixUser", /* method */ - g_variant_new ("(s)", system_bus_name->name), - G_VARIANT_TYPE ("(u)"), - G_DBUS_CALL_FLAGS_NONE, - -1, - cancellable, - error); - if (result == NULL) + if (!polkit_system_bus_name_get_creds_sync (system_bus_name, &uid, NULL, + cancellable, error)) goto out; - g_variant_get (result, "(u)", &uid); - g_variant_unref (result); - ret = (PolkitUnixUser*)polkit_unix_user_new (uid); out: - if (connection != NULL) - g_object_unref (connection); return ret; } -- cgit v1.2.3 From 064015b6fe6f0b0a3529987cd853962d04d63e59 Mon Sep 17 00:00:00 2001 From: Kay Sievers Date: Mon, 19 May 2014 10:19:49 +0900 Subject: sessionmonitor-systemd: prepare for D-Bus "user bus" model In the D-Bus "user bus" model, all sessions of a user share the same D-Bus instance, a polkit requesting process might live outside the login session which registered the user's polkit agent. In case a polkit requesting process is not part of the user's login session, we ask systemd-logind for the user's "display" session instead. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=78905 Bug-Debian: https://bugs.debian.org/779988 Applied-upstream: 0.113, commit:a68f5dfd7662767b7b9822090b70bc5bd145c50c [smcv: backport configure.ac changes; fail with #error if the required API is not found] Gbp-Pq: Topic 0.113 Gbp-Pq: Name sessionmonitor-systemd-prepare-for-D-Bus-user-bus-mo.patch --- configure.ac | 4 +++ .../polkitbackendsessionmonitor-systemd.c | 29 ++++++++++++++++++---- 2 files changed, 28 insertions(+), 5 deletions(-) diff --git a/configure.ac b/configure.ac index f4a0c417..aa2760f9 100644 --- a/configure.ac +++ b/configure.ac @@ -165,6 +165,10 @@ if test "$enable_systemd" != "no"; then have_systemd=no) if test "$have_systemd" = "yes"; then SESSION_TRACKING=systemd + save_LIBS=$LIBS + LIBS=$SYSTEMD_LIBS + AC_CHECK_FUNCS(sd_uid_get_display) + LIBS=$save_LIBS else if test "$enable_systemd" = "yes"; then AC_MSG_ERROR([systemd support requested but libsystemd-login1 library not found]) diff --git a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c index 756b728a..ebd05cea 100644 --- a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c +++ b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c @@ -318,6 +318,9 @@ polkit_backend_session_monitor_get_session_for_subject (PolkitBackendSessionMoni PolkitSubject *session = NULL; char *session_id = NULL; pid_t pid; +#if HAVE_SD_UID_GET_DISPLAY + uid_t uid; +#endif if (POLKIT_IS_UNIX_PROCESS (subject)) process = POLKIT_UNIX_PROCESS (subject); /* We already have a process */ @@ -338,16 +341,32 @@ polkit_backend_session_monitor_get_session_for_subject (PolkitBackendSessionMoni g_type_name (G_TYPE_FROM_INSTANCE (subject))); } - /* Now do process -> pid -> session */ + /* Now do process -> pid -> same session */ g_assert (process != NULL); pid = polkit_unix_process_get_pid (process); - if (sd_pid_get_session (pid, &session_id) < 0) + if (sd_pid_get_session (pid, &session_id) >= 0) + { + session = polkit_unix_session_new (session_id); + goto out; + } + +#if HAVE_SD_UID_GET_DISPLAY + /* Now do process -> uid -> graphical session (systemd version 213)*/ + if (sd_pid_get_owner_uid (pid, &uid) < 0) goto out; - - session = polkit_unix_session_new (session_id); - free (session_id); + + if (sd_uid_get_display (uid, &session_id) >= 0) + { + session = polkit_unix_session_new (session_id); + goto out; + } +#else +#error Debian should have sd_uid_get_display() +#endif + out: + free (session_id); if (tmp_process) g_object_unref (tmp_process); return session; } -- cgit v1.2.3 From 4c2fa899efb858657ecca078baf7ed7d4afb8b86 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Tue, 26 Aug 2014 17:59:47 +0200 Subject: Refuse duplicate --user arguments to pkexec This usage is clearly erroneous, so we should tell the users they are making a mistake. Besides, this allows an attacker to cause a high number of heap allocations with attacker-controlled sizes ( http://googleprojectzero.blogspot.cz/2014/08/the-poisoned-nul-byte-2014-edition.html ), making some exploits easier. (To be clear, this is not a pkexec vulnerability, and we will not refuse attacker-affected malloc() usage as a matter of policy; but this commit is both user-friendly and adding some hardening.) Bug: https://bugs.freedesktop.org/show_bug.cgi?id=83093 Origin: upstream, 0.113, commit:6c992bc8aefa195a41eaa41c07f46f17de18e25c Gbp-Pq: Topic 0.113 Gbp-Pq: Name Refuse-duplicate-user-arguments-to-pkexec.patch --- src/programs/pkexec.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c index 5e990443..abc660df 100644 --- a/src/programs/pkexec.c +++ b/src/programs/pkexec.c @@ -533,6 +533,11 @@ main (int argc, char *argv[]) goto out; } + if (opt_user != NULL) + { + g_printerr ("--user specified twice\n"); + goto out; + } opt_user = g_strdup (argv[n]); } else if (strcmp (argv[n], "--disable-internal-agent") == 0) -- cgit v1.2.3 From 6664213ef9e465487f7c80a71d65326f796da2f2 Mon Sep 17 00:00:00 2001 From: "Max A. Dednev" Date: Sun, 11 Jan 2015 20:00:44 -0500 Subject: authority: Fix memory leak in EnumerateActions call results handler Policykit-1 doesn't release reference counters of GVariant data for org.freedesktop.PolicyKit1.Authority.EnumerateActions dbus call. This patch fixed reference counting and following memory leak. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=88288 Origin: upstream, 0.113, commit:f4d71e0de885010494b8b0b8d62ca910011d7544 Gbp-Pq: Topic 0.113 Gbp-Pq: Name 00git_fix_memleak.patch --- src/polkit/polkitauthority.c | 1 - 1 file changed, 1 deletion(-) diff --git a/src/polkit/polkitauthority.c b/src/polkit/polkitauthority.c index 9947cf32..84dab72c 100644 --- a/src/polkit/polkitauthority.c +++ b/src/polkit/polkitauthority.c @@ -715,7 +715,6 @@ polkit_authority_enumerate_actions_finish (PolkitAuthority *authority, while ((child = g_variant_iter_next_value (&iter)) != NULL) { ret = g_list_prepend (ret, polkit_action_description_new_for_gvariant (child)); - g_variant_ref_sink (child); g_variant_unref (child); } ret = g_list_reverse (ret); -- cgit v1.2.3 From 163d894d79d8681085ade6a59bd9749f4590053e Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Sat, 30 May 2015 09:06:23 -0400 Subject: CVE-2015-3218: backend: Handle invalid object paths in RegisterAuthenticationAgent MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Properly propagate the error, otherwise we dereference a `NULL` pointer. This is a local, authenticated DoS. `RegisterAuthenticationAgentWithOptions` and `UnregisterAuthentication` have been validated to not need changes for this. http://lists.freedesktop.org/archives/polkit-devel/2015-May/000420.html Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90829 Bug-Debian: https://bugs.debian.org/787932 Reported-by: Tavis Ormandy Reviewed-by: Philip Withnall Reviewed-by: Miloslav Trmač Signed-off-by: Colin Walters Origin: upstream, 0.113, commit:48e646918efb2bf0b3b505747655726d7869f31c Gbp-Pq: Topic 0.113 Gbp-Pq: Name 00git_invalid_object_paths.patch --- .../polkitbackendinteractiveauthority.c | 53 ++++++++++++---------- 1 file changed, 30 insertions(+), 23 deletions(-) diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c index b237e9db..25e13fb0 100644 --- a/src/polkitbackend/polkitbackendinteractiveauthority.c +++ b/src/polkitbackend/polkitbackendinteractiveauthority.c @@ -1558,36 +1558,42 @@ authentication_agent_new (PolkitSubject *scope, const gchar *unique_system_bus_name, const gchar *locale, const gchar *object_path, - GVariant *registration_options) + GVariant *registration_options, + GError **error) { AuthenticationAgent *agent; - GError *error; + GDBusProxy *proxy; - agent = g_new0 (AuthenticationAgent, 1); + if (!g_variant_is_object_path (object_path)) + { + g_set_error (error, POLKIT_ERROR, POLKIT_ERROR_FAILED, + "Invalid object path '%s'", object_path); + return NULL; + } + + proxy = g_dbus_proxy_new_for_bus_sync (G_BUS_TYPE_SYSTEM, + G_DBUS_PROXY_FLAGS_DO_NOT_LOAD_PROPERTIES | + G_DBUS_PROXY_FLAGS_DO_NOT_CONNECT_SIGNALS, + NULL, /* GDBusInterfaceInfo* */ + unique_system_bus_name, + object_path, + "org.freedesktop.PolicyKit1.AuthenticationAgent", + NULL, /* GCancellable* */ + error); + if (proxy == NULL) + { + g_prefix_error (error, "Failed to construct proxy for agent: " ); + return NULL; + } + agent = g_new0 (AuthenticationAgent, 1); agent->ref_count = 1; agent->scope = g_object_ref (scope); agent->object_path = g_strdup (object_path); agent->unique_system_bus_name = g_strdup (unique_system_bus_name); agent->locale = g_strdup (locale); agent->registration_options = registration_options != NULL ? g_variant_ref (registration_options) : NULL; - - error = NULL; - agent->proxy = g_dbus_proxy_new_for_bus_sync (G_BUS_TYPE_SYSTEM, - G_DBUS_PROXY_FLAGS_DO_NOT_LOAD_PROPERTIES | - G_DBUS_PROXY_FLAGS_DO_NOT_CONNECT_SIGNALS, - NULL, /* GDBusInterfaceInfo* */ - agent->unique_system_bus_name, - agent->object_path, - "org.freedesktop.PolicyKit1.AuthenticationAgent", - NULL, /* GCancellable* */ - &error); - if (agent->proxy == NULL) - { - g_warning ("Error constructing proxy for agent: %s", error->message); - g_error_free (error); - /* TODO: Make authentication_agent_new() return NULL and set a GError */ - } + agent->proxy = proxy; return agent; } @@ -2234,8 +2240,6 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken caller_cmdline = NULL; agent = NULL; - /* TODO: validate that object path is well-formed */ - interactive_authority = POLKIT_BACKEND_INTERACTIVE_AUTHORITY (authority); priv = POLKIT_BACKEND_INTERACTIVE_AUTHORITY_GET_PRIVATE (interactive_authority); @@ -2322,7 +2326,10 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (caller)), locale, object_path, - options); + options, + error); + if (!agent) + goto out; g_hash_table_insert (priv->hash_scope_to_authentication_agent, g_object_ref (subject), -- cgit v1.2.3 From b824fb17d297bbedca9f8170519a7422063906b7 Mon Sep 17 00:00:00 2001 From: Philip Withnall Date: Tue, 2 Jun 2015 16:19:51 +0100 Subject: sessionmonitor-systemd: Use sd_uid_get_state() to check session activity MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Instead of using sd_pid_get_session() then sd_session_is_active() to determine whether the user is active, use sd_uid_get_state() directly. This gets the maximum of the states of all the user’s sessions, rather than the state of the session containing the subject process. Since the user is the security boundary, this is fine. This change is necessary for `systemd --user` sessions, where most user code will be forked off user@.service, rather than running inside the logind session (whether that be a foreground/active or background/online session). Policy-wise, the change is from checking whether the subject process is in an active session; to checking whether the subject process is owned by a user with at least one active session. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=76358 Applied-upstream: 0.113, commit:a29653ffa99e0809e15aa34afcd7b2df8593871c Bug-Debian: https://bugs.debian.org/779988 Gbp-Pq: Topic 0.113 Gbp-Pq: Name sessionmonitor-systemd-Use-sd_uid_get_state-to-check.patch --- .../polkitbackendsessionmonitor-systemd.c | 33 +++++++++++++++++++++- 1 file changed, 32 insertions(+), 1 deletion(-) diff --git a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c index ebd05cea..6bd517ab 100644 --- a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c +++ b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c @@ -391,6 +391,37 @@ gboolean polkit_backend_session_monitor_is_session_active (PolkitBackendSessionMonitor *monitor, PolkitSubject *session) { - return sd_session_is_active (polkit_unix_session_get_session_id (POLKIT_UNIX_SESSION (session))); + const char *session_id; + char *state; + uid_t uid; + gboolean is_active = FALSE; + + session_id = polkit_unix_session_get_session_id (POLKIT_UNIX_SESSION (session)); + + g_debug ("Checking whether session %s is active.", session_id); + + /* Check whether *any* of the user's current sessions are active. */ + if (sd_session_get_uid (session_id, &uid) < 0) + goto fallback; + + g_debug ("Session %s has UID %u.", session_id, uid); + + if (sd_uid_get_state (uid, &state) < 0) + goto fallback; + + g_debug ("UID %u has state %s.", uid, state); + + is_active = (g_strcmp0 (state, "active") == 0); + free (state); + + return is_active; + +fallback: + /* Fall back to checking the session. This is not ideal, since the user + * might have multiple sessions, and we cannot guarantee to have chosen + * the active one. + * + * See: https://bugs.freedesktop.org/show_bug.cgi?id=76358. */ + return sd_session_is_active (session_id); } -- cgit v1.2.3 From 422eb0b8332148c119c2f92a412132a8b700d190 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Wed, 11 Jun 2014 22:36:50 +0200 Subject: Fix a possible NULL dereference. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit polkit_backend_session_monitor_get_user_for_subject() may return NULL (and because it is using external processes, we can’t really rule it out). The code was already anticipating NULL in the cleanup section, so handle it also when actually using the value. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=80767 Origin: upstream, 0.113, commit:6109543303def367b84eaac97d2ff9cefe735efb Gbp-Pq: Topic 0.113 Gbp-Pq: Name Fix-a-possible-NULL-dereference.patch --- src/polkitbackend/polkitbackendinteractiveauthority.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c index 25e13fb0..00ee0446 100644 --- a/src/polkitbackend/polkitbackendinteractiveauthority.c +++ b/src/polkitbackend/polkitbackendinteractiveauthority.c @@ -557,7 +557,11 @@ log_result (PolkitBackendInteractiveAuthority *authority, user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, subject, NULL); subject_str = polkit_subject_to_string (subject); - user_of_subject_str = polkit_identity_to_string (user_of_subject); + + if (user_of_subject != NULL) + user_of_subject_str = polkit_identity_to_string (user_of_subject); + else + user_of_subject_str = g_strdup (""); caller_str = polkit_subject_to_string (caller); subject_cmdline = _polkit_subject_get_cmdline (subject); -- cgit v1.2.3 From 7cb86094a09d7f0d7869f430fdf04d590ec042b9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Wed, 11 Jun 2014 22:44:28 +0200 Subject: Remove a redundant assignment. Instead of a nonsensical (data = data), use the more customary ((void)data) to silence the warning about an unused parameter. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=80767 Origin: upstream, 0.113, commit:37143eb06cb0c4dffca67079dd1c10c5b191b6a7 Gbp-Pq: Topic 0.113 Gbp-Pq: Name Remove-a-redundant-assignment.patch --- src/polkitagent/polkitagenthelper-pam.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/polkitagent/polkitagenthelper-pam.c b/src/polkitagent/polkitagenthelper-pam.c index 292abbe4..937386e8 100644 --- a/src/polkitagent/polkitagenthelper-pam.c +++ b/src/polkitagent/polkitagenthelper-pam.c @@ -230,7 +230,7 @@ conversation_function (int n, const struct pam_message **msg, struct pam_respons gchar *tmp = NULL; size_t len; - data = data; + (void)data; if (n <= 0 || n > PAM_MAX_NUM_MSG) return PAM_CONV_ERR; -- cgit v1.2.3 From 7eb7200cdabc2689649d0b08dd5262da7440f8d5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Mon, 15 Sep 2014 19:45:15 +0200 Subject: Fix duplicate GError use when "uid" is missing Some GLib versions complain loudly about this. To reproduce, call e.g. RegisterAuthenticationAgent with the following parameters: ("unix-process", {"pid": __import__('gi.repository.GLib', globals(), locals(), ['Variant']).Variant("u", 1), "start-time": __import__('gi.repository.GLib', globals(), locals(), ['Variant']).Variant("t", 1)}), "cs", "/" Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90877 Origin: upstream, 0.113, commit:2c8738941be18ef05ce724df46547f41dbc02fb5 Gbp-Pq: Topic 0.113 Gbp-Pq: Name Fix-duplicate-GError-use-when-uid-is-missing.patch --- src/polkit/polkitsubject.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/polkit/polkitsubject.c b/src/polkit/polkitsubject.c index aed57951..78ec745a 100644 --- a/src/polkit/polkitsubject.c +++ b/src/polkit/polkitsubject.c @@ -424,7 +424,7 @@ polkit_subject_new_for_gvariant (GVariant *variant, start_time = g_variant_get_uint64 (v); g_variant_unref (v); - v = lookup_asv (details_gvariant, "uid", G_VARIANT_TYPE_INT32, error); + v = lookup_asv (details_gvariant, "uid", G_VARIANT_TYPE_INT32, NULL); if (v != NULL) { uid = g_variant_get_int32 (v); -- cgit v1.2.3 From 16c0ec271b714ca112c91481a63370e58741dc55 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Sat, 6 Jun 2015 01:07:08 +0200 Subject: Fix a crash when two authentication requests are in flight. To reproduce: 1. pkttyagent -p $$ # or another suitable PID 2. pkcheck -p $that_pid -a org.freedesktop.policykit.exec -u 3. pkcheck -p $that_pid -a org.freedesktop.policykit.exec -u 4. Then, in the pkttyagent prompt, press Enter. polkit_agent_text_listener_initiate_authentication was already setting an appropriate error code, so the g_assert was unnecessary. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90879 Origin: upstream, 0.113, commit:e2d2fafd106624ddfea4b17d3f40704b2031c00b Gbp-Pq: Topic 0.113 Gbp-Pq: Name Fix-a-crash-when-two-authentication-requests-are-in-.patch --- src/polkitagent/polkitagenttextlistener.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/src/polkitagent/polkitagenttextlistener.c b/src/polkitagent/polkitagenttextlistener.c index b5c8a3f3..e63c2853 100644 --- a/src/polkitagent/polkitagenttextlistener.c +++ b/src/polkitagent/polkitagenttextlistener.c @@ -546,12 +546,10 @@ polkit_agent_text_listener_initiate_authentication_finish (PolkitAgentListener GAsyncResult *res, GError **error) { - PolkitAgentTextListener *listener = POLKIT_AGENT_TEXT_LISTENER (_listener); gboolean ret; g_warn_if_fail (g_simple_async_result_get_source_tag (G_SIMPLE_ASYNC_RESULT (res)) == polkit_agent_text_listener_initiate_authentication); - g_assert (listener->active_session == NULL); ret = FALSE; -- cgit v1.2.3 From 229c47e7bbe4a9a01bd9fdc852f5c5e10928cf66 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Thu, 4 Jun 2015 12:15:18 -0400 Subject: CVE-2015-4625: Use unpredictable cookie values, keep them secret MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Tavis noted that it'd be possible with a 32 bit counter for someone to cause the cookie to wrap by creating Authentication requests in a loop. Something important to note here is that wrapping of signed integers is undefined behavior in C, so we definitely want to fix that. All counter integers used in this patch are unsigned. See the comment above `authentication_agent_generate_cookie` for details, but basically we're now using a cookie of the form: ``` - - - ``` Which has multiple 64 bit counters, plus unpredictable random 128 bit integer ids (effectively UUIDs, but we're not calling them that because we don't need to be globally unique. We further ensure that the cookies are not visible to other processes by changing the setuid helper to accept them over standard input. This means that an attacker would have to guess both ids. In any case, the security hole here is better fixed with the other change to bind user id (uid) of the agent with cookie lookups, making cookie guessing worthless. Nevertheless, I think it's worth doing this change too, for defense in depth. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90832 CVE: CVE-2015-4625 Reported-by: Tavis Ormandy Reviewed-by: Miloslav Trmač Signed-off-by: Colin Walters Origin: upstream, 0.113, commit:ea544ffc18405237ccd95d28d7f45afef49aca17 Bug-Debian: https://bugs.debian.org/796134 Gbp-Pq: Topic 0.113 Gbp-Pq: Name CVE-2015-4625-Use-unpredictable-cookie-values-keep-t.patch --- configure.ac | 2 +- src/polkitagent/polkitagenthelper-pam.c | 12 ++- src/polkitagent/polkitagenthelper-shadow.c | 12 ++- src/polkitagent/polkitagenthelperprivate.c | 33 ++++++++ src/polkitagent/polkitagenthelperprivate.h | 2 + src/polkitagent/polkitagentsession.c | 30 ++++--- .../polkitbackendinteractiveauthority.c | 99 +++++++++++++++++----- 7 files changed, 150 insertions(+), 40 deletions(-) diff --git a/configure.ac b/configure.ac index aa2760f9..388605d2 100644 --- a/configure.ac +++ b/configure.ac @@ -123,7 +123,7 @@ if test "x$GCC" = "xyes"; then changequote([,])dnl fi -PKG_CHECK_MODULES(GLIB, [gio-2.0 >= 2.28.0]) +PKG_CHECK_MODULES(GLIB, [gmodule-2.0 gio-unix-2.0 >= 2.30.0]) AC_SUBST(GLIB_CFLAGS) AC_SUBST(GLIB_LIBS) diff --git a/src/polkitagent/polkitagenthelper-pam.c b/src/polkitagent/polkitagenthelper-pam.c index 937386e8..19062aa8 100644 --- a/src/polkitagent/polkitagenthelper-pam.c +++ b/src/polkitagent/polkitagenthelper-pam.c @@ -65,7 +65,7 @@ main (int argc, char *argv[]) { int rc; const char *user_to_auth; - const char *cookie; + char *cookie = NULL; struct pam_conv pam_conversation; pam_handle_t *pam_h; const void *authed_user; @@ -97,7 +97,7 @@ main (int argc, char *argv[]) openlog ("polkit-agent-helper-1", LOG_CONS | LOG_PID, LOG_AUTHPRIV); /* check for correct invocation */ - if (argc != 3) + if (!(argc == 2 || argc == 3)) { syslog (LOG_NOTICE, "inappropriate use of helper, wrong number of arguments [uid=%d]", getuid ()); fprintf (stderr, "polkit-agent-helper-1: wrong number of arguments. This incident has been logged.\n"); @@ -105,7 +105,10 @@ main (int argc, char *argv[]) } user_to_auth = argv[1]; - cookie = argv[2]; + + cookie = read_cookie (argc, argv); + if (!cookie) + goto error; if (getuid () != 0) { @@ -203,6 +206,8 @@ main (int argc, char *argv[]) goto error; } + free (cookie); + #ifdef PAH_DEBUG fprintf (stderr, "polkit-agent-helper-1: successfully sent D-Bus message to PolicyKit daemon\n"); #endif /* PAH_DEBUG */ @@ -212,6 +217,7 @@ main (int argc, char *argv[]) return 0; error: + free (cookie); if (pam_h != NULL) pam_end (pam_h, rc); diff --git a/src/polkitagent/polkitagenthelper-shadow.c b/src/polkitagent/polkitagenthelper-shadow.c index a4f73acf..e8779154 100644 --- a/src/polkitagent/polkitagenthelper-shadow.c +++ b/src/polkitagent/polkitagenthelper-shadow.c @@ -46,7 +46,7 @@ main (int argc, char *argv[]) { struct spwd *shadow; const char *user_to_auth; - const char *cookie; + char *cookie = NULL; time_t now; /* clear the entire environment to avoid attacks with @@ -67,7 +67,7 @@ main (int argc, char *argv[]) openlog ("polkit-agent-helper-1", LOG_CONS | LOG_PID, LOG_AUTHPRIV); /* check for correct invocation */ - if (argc != 3) + if (!(argc == 2 || argc == 3)) { syslog (LOG_NOTICE, "inappropriate use of helper, wrong number of arguments [uid=%d]", getuid ()); fprintf (stderr, "polkit-agent-helper-1: wrong number of arguments. This incident has been logged.\n"); @@ -86,7 +86,10 @@ main (int argc, char *argv[]) } user_to_auth = argv[1]; - cookie = argv[2]; + + cookie = read_cookie (argc, argv); + if (!cookie) + goto error; #ifdef PAH_DEBUG fprintf (stderr, "polkit-agent-helper-1: user to auth is '%s'.\n", user_to_auth); @@ -153,6 +156,8 @@ main (int argc, char *argv[]) goto error; } + free (cookie); + #ifdef PAH_DEBUG fprintf (stderr, "polkit-agent-helper-1: successfully sent D-Bus message to PolicyKit daemon\n"); #endif /* PAH_DEBUG */ @@ -162,6 +167,7 @@ main (int argc, char *argv[]) return 0; error: + free (cookie); fprintf (stdout, "FAILURE\n"); flush_and_wait (); return 1; diff --git a/src/polkitagent/polkitagenthelperprivate.c b/src/polkitagent/polkitagenthelperprivate.c index 4417e70f..a99de7dd 100644 --- a/src/polkitagent/polkitagenthelperprivate.c +++ b/src/polkitagent/polkitagenthelperprivate.c @@ -23,6 +23,7 @@ #include "config.h" #include "polkitagenthelperprivate.h" #include +#include #include #include @@ -45,6 +46,38 @@ _polkit_clearenv (void) #endif +char * +read_cookie (int argc, char **argv) +{ + /* As part of CVE-2015-4625, we started passing the cookie + * on standard input, to ensure it's not visible to other + * processes. However, to ensure that things continue + * to work if the setuid binary is upgraded while old + * agents are still running (this will be common with + * package managers), we support both modes. + */ + if (argc == 3) + return strdup (argv[2]); + else + { + char *ret = NULL; + size_t n = 0; + ssize_t r = getline (&ret, &n, stdin); + if (r == -1) + { + if (!feof (stdin)) + perror ("getline"); + free (ret); + return NULL; + } + else + { + g_strchomp (ret); + return ret; + } + } +} + gboolean send_dbus_message (const char *cookie, const char *user) { diff --git a/src/polkitagent/polkitagenthelperprivate.h b/src/polkitagent/polkitagenthelperprivate.h index aeca2c74..547fdccf 100644 --- a/src/polkitagent/polkitagenthelperprivate.h +++ b/src/polkitagent/polkitagenthelperprivate.h @@ -38,6 +38,8 @@ int _polkit_clearenv (void); +char *read_cookie (int argc, char **argv); + gboolean send_dbus_message (const char *cookie, const char *user); void flush_and_wait (); diff --git a/src/polkitagent/polkitagentsession.c b/src/polkitagent/polkitagentsession.c index a658a229..6a3d6bc9 100644 --- a/src/polkitagent/polkitagentsession.c +++ b/src/polkitagent/polkitagentsession.c @@ -55,6 +55,7 @@ #include #include #include +#include #include #include "polkitagentmarshal.h" @@ -88,7 +89,7 @@ struct _PolkitAgentSession gchar *cookie; PolkitIdentity *identity; - int child_stdin; + GOutputStream *child_stdin; int child_stdout; GPid child_pid; @@ -129,7 +130,6 @@ G_DEFINE_TYPE (PolkitAgentSession, polkit_agent_session, G_TYPE_OBJECT); static void polkit_agent_session_init (PolkitAgentSession *session) { - session->child_stdin = -1; session->child_stdout = -1; } @@ -395,11 +395,7 @@ kill_helper (PolkitAgentSession *session) session->child_stdout = -1; } - if (session->child_stdin != -1) - { - g_warn_if_fail (close (session->child_stdin) == 0); - session->child_stdin = -1; - } + g_clear_object (&session->child_stdin); session->helper_is_running = FALSE; @@ -545,9 +541,9 @@ polkit_agent_session_response (PolkitAgentSession *session, add_newline = (response[response_len] != '\n'); - write (session->child_stdin, response, response_len); + (void) g_output_stream_write_all (session->child_stdin, response, response_len, NULL, NULL, NULL); if (add_newline) - write (session->child_stdin, newline, 1); + (void) g_output_stream_write_all (session->child_stdin, newline, 1, NULL, NULL, NULL); } /** @@ -567,8 +563,9 @@ polkit_agent_session_initiate (PolkitAgentSession *session) { uid_t uid; GError *error; - gchar *helper_argv[4]; + gchar *helper_argv[3]; struct passwd *passwd; + int stdin_fd = -1; g_return_if_fail (POLKIT_AGENT_IS_SESSION (session)); @@ -600,10 +597,8 @@ polkit_agent_session_initiate (PolkitAgentSession *session) helper_argv[0] = PACKAGE_LIBEXEC_DIR "/polkit-agent-helper-1"; helper_argv[1] = passwd->pw_name; - helper_argv[2] = session->cookie; - helper_argv[3] = NULL; + helper_argv[2] = NULL; - session->child_stdin = -1; session->child_stdout = -1; error = NULL; @@ -615,7 +610,7 @@ polkit_agent_session_initiate (PolkitAgentSession *session) NULL, NULL, &session->child_pid, - &session->child_stdin, + &stdin_fd, &session->child_stdout, NULL, &error)) @@ -628,6 +623,13 @@ polkit_agent_session_initiate (PolkitAgentSession *session) if (G_UNLIKELY (_show_debug ())) g_print ("PolkitAgentSession: spawned helper with pid %d\n", (gint) session->child_pid); + session->child_stdin = (GOutputStream*)g_unix_output_stream_new (stdin_fd, TRUE); + + /* Write the cookie on stdin so it can't be seen by other processes */ + (void) g_output_stream_write_all (session->child_stdin, session->cookie, strlen (session->cookie), + NULL, NULL, NULL); + (void) g_output_stream_write_all (session->child_stdin, "\n", 1, NULL, NULL, NULL); + session->child_stdout_channel = g_io_channel_unix_new (session->child_stdout); session->child_stdout_watch_source = g_io_create_watch (session->child_stdout_channel, G_IO_IN | G_IO_ERR | G_IO_HUP); diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c index 00ee0446..10eda2c7 100644 --- a/src/polkitbackend/polkitbackendinteractiveauthority.c +++ b/src/polkitbackend/polkitbackendinteractiveauthority.c @@ -212,6 +212,8 @@ typedef struct GDBusConnection *system_bus_connection; guint name_owner_changed_signal_id; + + guint64 agent_serial; } PolkitBackendInteractiveAuthorityPrivate; /* ---------------------------------------------------------------------------------------------------- */ @@ -430,11 +432,15 @@ struct AuthenticationAgent volatile gint ref_count; PolkitSubject *scope; + guint64 serial; gchar *locale; GVariant *registration_options; gchar *object_path; gchar *unique_system_bus_name; + GRand *cookie_pool; + gchar *cookie_prefix; + guint64 cookie_serial; GDBusProxy *proxy; @@ -1430,9 +1436,54 @@ authentication_session_cancelled_cb (GCancellable *cancellable, authentication_session_cancel (session); } +/* We're not calling this a UUID, but it's basically + * the same thing, just not formatted that way because: + * + * - I'm too lazy to do it + * - If we did, people might think it was actually + * generated from /dev/random, which we're not doing + * because this value doesn't actually need to be + * globally unique. + */ +static void +append_rand_u128_str (GString *buf, + GRand *pool) +{ + g_string_append_printf (buf, "%08x%08x%08x%08x", + g_rand_int (pool), + g_rand_int (pool), + g_rand_int (pool), + g_rand_int (pool)); +} + +/* A value that should be unique to the (AuthenticationAgent, AuthenticationSession) + * pair, and not guessable by other agents. + * + * - - - + * + * See http://lists.freedesktop.org/archives/polkit-devel/2015-June/000425.html + * + */ +static gchar * +authentication_agent_generate_cookie (AuthenticationAgent *agent) +{ + GString *buf = g_string_new (""); + + g_string_append (buf, agent->cookie_prefix); + + g_string_append_c (buf, '-'); + agent->cookie_serial++; + g_string_append_printf (buf, "%" G_GUINT64_FORMAT, + agent->cookie_serial); + g_string_append_c (buf, '-'); + append_rand_u128_str (buf, agent->cookie_pool); + + return g_string_free (buf, FALSE); +} + + static AuthenticationSession * authentication_session_new (AuthenticationAgent *agent, - const gchar *cookie, PolkitSubject *subject, PolkitIdentity *user_of_subject, PolkitSubject *caller, @@ -1449,7 +1500,7 @@ authentication_session_new (AuthenticationAgent *agent, session = g_new0 (AuthenticationSession, 1); session->agent = authentication_agent_ref (agent); - session->cookie = g_strdup (cookie); + session->cookie = authentication_agent_generate_cookie (agent); session->subject = g_object_ref (subject); session->user_of_subject = g_object_ref (user_of_subject); session->caller = g_object_ref (caller); @@ -1496,16 +1547,6 @@ authentication_session_free (AuthenticationSession *session) g_free (session); } -static gchar * -authentication_agent_new_cookie (AuthenticationAgent *agent) -{ - static gint counter = 0; - - /* TODO: use a more random-looking cookie */ - - return g_strdup_printf ("cookie%d", counter++); -} - static PolkitSubject * authentication_agent_get_scope (AuthenticationAgent *agent) { @@ -1553,12 +1594,15 @@ authentication_agent_unref (AuthenticationAgent *agent) g_free (agent->unique_system_bus_name); if (agent->registration_options != NULL) g_variant_unref (agent->registration_options); + g_rand_free (agent->cookie_pool); + g_free (agent->cookie_prefix); g_free (agent); } } static AuthenticationAgent * -authentication_agent_new (PolkitSubject *scope, +authentication_agent_new (guint64 serial, + PolkitSubject *scope, const gchar *unique_system_bus_name, const gchar *locale, const gchar *object_path, @@ -1592,6 +1636,7 @@ authentication_agent_new (PolkitSubject *scope, agent = g_new0 (AuthenticationAgent, 1); agent->ref_count = 1; + agent->serial = serial; agent->scope = g_object_ref (scope); agent->object_path = g_strdup (object_path); agent->unique_system_bus_name = g_strdup (unique_system_bus_name); @@ -1599,6 +1644,25 @@ authentication_agent_new (PolkitSubject *scope, agent->registration_options = registration_options != NULL ? g_variant_ref (registration_options) : NULL; agent->proxy = proxy; + { + GString *cookie_prefix = g_string_new (""); + GRand *agent_private_rand = g_rand_new (); + + g_string_append_printf (cookie_prefix, "%" G_GUINT64_FORMAT "-", agent->serial); + + /* Use a uniquely seeded PRNG to get a prefix cookie for this agent, + * whose sequence will not correlate with the per-authentication session + * cookies. + */ + append_rand_u128_str (cookie_prefix, agent_private_rand); + g_rand_free (agent_private_rand); + + agent->cookie_prefix = g_string_free (cookie_prefix, FALSE); + + /* And a newly seeded pool for per-session cookies */ + agent->cookie_pool = g_rand_new (); + } + return agent; } @@ -2083,7 +2147,6 @@ authentication_agent_initiate_challenge (AuthenticationAgent *agent, gpointer user_data) { AuthenticationSession *session; - gchar *cookie; GList *l; GList *identities; gchar *localized_message; @@ -2104,8 +2167,6 @@ authentication_agent_initiate_challenge (AuthenticationAgent *agent, &localized_icon_name, &localized_details); - cookie = authentication_agent_new_cookie (agent); - identities = NULL; /* select admin user if required by the implicit authorization */ @@ -2125,7 +2186,6 @@ authentication_agent_initiate_challenge (AuthenticationAgent *agent, } session = authentication_session_new (agent, - cookie, subject, user_of_subject, caller, @@ -2179,7 +2239,6 @@ authentication_agent_initiate_challenge (AuthenticationAgent *agent, g_list_foreach (identities, (GFunc) g_object_unref, NULL); g_list_free (identities); - g_free (cookie); g_free (localized_message); g_free (localized_icon_name); @@ -2326,7 +2385,9 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken goto out; } - agent = authentication_agent_new (subject, + priv->agent_serial++; + agent = authentication_agent_new (priv->agent_serial, + subject, polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (caller)), locale, object_path, -- cgit v1.2.3 From 8b028393bc824ac2f977c2993fb1f48b2a3a5bb4 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Wed, 17 Jun 2015 13:07:02 -0400 Subject: CVE-2015-4625: Bind use of cookies to specific uids MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit http://lists.freedesktop.org/archives/polkit-devel/2015-June/000425.html The "cookie" value that Polkit hands out is global to all polkit users. And when `AuthenticationAgentResponse` is invoked, we previously only received the cookie and *target* identity, and attempted to find an agent from that. The problem is that the current cookie is just an integer counter, and if it overflowed, it would be possible for an successful authorization in one session to trigger a response in another session. The overflow and ability to guess the cookie were fixed by the previous patch. This patch is conceptually further hardening on top of that. Polkit currently treats uids as equivalent from a security domain perspective; there is no support for SELinux/AppArmor/etc. differentiation. We can retrieve the uid from `getuid()` in the setuid helper, which allows us to ensure the uid invoking `AuthenticationAgentResponse2` matches that of the agent. Then the authority only looks at authentication sessions matching the cookie that were created by a matching uid, thus removing the ability for different uids to interfere with each other entirely. Several fixes to this patch were contributed by: Miloslav Trmač Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90837 CVE: CVE-2015-4625 Reported-by: Tavis Ormandy Reviewed-by: Miloslav Trmač Signed-off-by: Colin Walters Origin: upstream, 0.113, commit:493aa5dc1d278ab9097110c1262f5229bbaf1766 Bug-Debian: https://bugs.debian.org/796134 Gbp-Pq: Topic 0.113 Gbp-Pq: Name CVE-2015-4625-Bind-use-of-cookies-to-specific-uids.patch --- ....freedesktop.PolicyKit1.AuthenticationAgent.xml | 14 ++++- data/org.freedesktop.PolicyKit1.Authority.xml | 24 ++++++++- ...erface-org.freedesktop.PolicyKit1.Authority.xml | 46 +++++++++++++++- docs/polkit/overview.xml | 18 ++++--- src/polkit/polkitauthority.c | 13 ++++- src/polkitbackend/polkitbackendauthority.c | 61 +++++++++++++++++++++- src/polkitbackend/polkitbackendauthority.h | 2 + .../polkitbackendinteractiveauthority.c | 39 ++++++++++++-- 8 files changed, 198 insertions(+), 19 deletions(-) diff --git a/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml b/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml index 3b519c2f..5beef7d4 100644 --- a/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml +++ b/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml @@ -8,7 +8,19 @@ - + diff --git a/data/org.freedesktop.PolicyKit1.Authority.xml b/data/org.freedesktop.PolicyKit1.Authority.xml index fbfb9cdc..f9021ee2 100644 --- a/data/org.freedesktop.PolicyKit1.Authority.xml +++ b/data/org.freedesktop.PolicyKit1.Authority.xml @@ -313,7 +313,29 @@ - + + + + + + + + + + + + + + + + + + diff --git a/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml b/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml index 6525e250..e66bf534 100644 --- a/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml +++ b/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml @@ -42,6 +42,8 @@ Structure TemporaryAuth IN String object_path) AuthenticationAgentResponse (IN String cookie, IN Identity identity) +AuthenticationAgentResponse2 (IN uint32 uid, IN String cookie, + IN Identity identity) EnumerateTemporaryAuthorizations (IN Subject subject, OUT Array<TemporaryAuthorization> temporary_authorizations) RevokeTemporaryAuthorizations (IN Subject subject) @@ -777,9 +779,51 @@ AuthenticationAgentResponse (IN String cookie, IN Identity identity) -Method for authentication agents to invoke on successful authentication. This method will fail unless a sufficiently privileged caller invokes it. +Method for authentication agents to invoke on successful +authentication, intended only for use by a privileged helper process +internal to polkit. Deprecated in favor of AuthenticationAgentResponse2. + + + + IN String cookie: + + +The cookie identifying the authentication request that was passed to the authentication agent. + + + + + IN Identity identity: + + +A Identity struct describing what identity was authenticated. + + + + + + + AuthenticationAgentResponse2 () + +AuthenticationAgentResponse2 (IN uint32 uid, + IN String cookie, + IN Identity identity) + + +Method for authentication agents to invoke on successful +authentication, intended only for use by a privileged helper process +internal to polkit. Note this method was introduced in 0.114 to fix a security issue. + + IN uint32 uid: + + +The user id of the agent; normally this is the owner of the parent pid +of the process that invoked the internal setuid helper. + + + IN String cookie: diff --git a/docs/polkit/overview.xml b/docs/polkit/overview.xml index 24440d2e..c29d8da2 100644 --- a/docs/polkit/overview.xml +++ b/docs/polkit/overview.xml @@ -66,16 +66,18 @@ Authentication agents are provided by desktop environments. When an user session starts, the agent registers with the polkit - Authority using - the RegisterAuthenticationAgent() + Authority using the RegisterAuthenticationAgent() method. When services are needed, the authority will invoke - methods on - the org.freedesktop.PolicyKit1.AuthenticationAgent + methods on the org.freedesktop.PolicyKit1.AuthenticationAgent D-Bus interface. Once the user is authenticated, (a privileged - part of) the agent invokes - the AuthenticationAgentResponse() - method. Note that the polkit Authority itself does not care - how the agent authenticates the user. + part of) the agent invokes the AuthenticationAgentResponse() + method. This method should be treated as an internal + implementation detail, and callers should use the public shared + library API to invoke it, which currently uses a setuid helper + program. The libpolkit-agent-1 diff --git a/src/polkit/polkitauthority.c b/src/polkit/polkitauthority.c index 84dab72c..f45abc4a 100644 --- a/src/polkit/polkitauthority.c +++ b/src/polkit/polkitauthority.c @@ -1492,6 +1492,14 @@ polkit_authority_authentication_agent_response (PolkitAuthority *authority, gpointer user_data) { GVariant *identity_value; + /* Note that in reality, this API is only accessible to root, and + * only called from the setuid helper `polkit-agent-helper-1`. + * + * However, because this is currently public API, we avoid + * triggering warnings from ABI diff type programs by just grabbing + * the real uid of the caller here. + */ + uid_t uid = getuid (); g_return_if_fail (POLKIT_IS_AUTHORITY (authority)); g_return_if_fail (cookie != NULL); @@ -1501,8 +1509,9 @@ polkit_authority_authentication_agent_response (PolkitAuthority *authority, identity_value = polkit_identity_to_gvariant (identity); g_variant_ref_sink (identity_value); g_dbus_proxy_call (authority->proxy, - "AuthenticationAgentResponse", - g_variant_new ("(s@(sa{sv}))", + "AuthenticationAgentResponse2", + g_variant_new ("(us@(sa{sv}))", + (guint32)uid, cookie, identity_value), G_DBUS_CALL_FLAGS_NONE, diff --git a/src/polkitbackend/polkitbackendauthority.c b/src/polkitbackend/polkitbackendauthority.c index fd4f161c..d1b1a257 100644 --- a/src/polkitbackend/polkitbackendauthority.c +++ b/src/polkitbackend/polkitbackendauthority.c @@ -355,6 +355,7 @@ polkit_backend_authority_unregister_authentication_agent (PolkitBackendAuthority gboolean polkit_backend_authority_authentication_agent_response (PolkitBackendAuthority *authority, PolkitSubject *caller, + uid_t uid, const gchar *cookie, PolkitIdentity *identity, GError **error) @@ -373,7 +374,7 @@ polkit_backend_authority_authentication_agent_response (PolkitBackendAuthority } else { - return klass->authentication_agent_response (authority, caller, cookie, identity, error); + return klass->authentication_agent_response (authority, caller, uid, cookie, identity, error); } } @@ -587,6 +588,11 @@ static const gchar *server_introspection_data = " " " " " " + " " + " " + " " + " " + " " " " " " " " @@ -1035,6 +1041,57 @@ server_handle_authentication_agent_response (Server *server, error = NULL; if (!polkit_backend_authority_authentication_agent_response (server->authority, caller, + (uid_t)-1, + cookie, + identity, + &error)) + { + g_dbus_method_invocation_return_gerror (invocation, error); + g_error_free (error); + goto out; + } + + g_dbus_method_invocation_return_value (invocation, g_variant_new ("()")); + + out: + if (identity != NULL) + g_object_unref (identity); +} + +static void +server_handle_authentication_agent_response2 (Server *server, + GVariant *parameters, + PolkitSubject *caller, + GDBusMethodInvocation *invocation) +{ + const gchar *cookie; + GVariant *identity_gvariant; + PolkitIdentity *identity; + GError *error; + guint32 uid; + + identity = NULL; + + g_variant_get (parameters, + "(u&s@(sa{sv}))", + &uid, + &cookie, + &identity_gvariant); + + error = NULL; + identity = polkit_identity_new_for_gvariant (identity_gvariant, &error); + if (identity == NULL) + { + g_prefix_error (&error, "Error getting identity: "); + g_dbus_method_invocation_return_gerror (invocation, error); + g_error_free (error); + goto out; + } + + error = NULL; + if (!polkit_backend_authority_authentication_agent_response (server->authority, + caller, + (uid_t)uid, cookie, identity, &error)) @@ -1222,6 +1279,8 @@ server_handle_method_call (GDBusConnection *connection, server_handle_unregister_authentication_agent (server, parameters, caller, invocation); else if (g_strcmp0 (method_name, "AuthenticationAgentResponse") == 0) server_handle_authentication_agent_response (server, parameters, caller, invocation); + else if (g_strcmp0 (method_name, "AuthenticationAgentResponse2") == 0) + server_handle_authentication_agent_response2 (server, parameters, caller, invocation); else if (g_strcmp0 (method_name, "EnumerateTemporaryAuthorizations") == 0) server_handle_enumerate_temporary_authorizations (server, parameters, caller, invocation); else if (g_strcmp0 (method_name, "RevokeTemporaryAuthorizations") == 0) diff --git a/src/polkitbackend/polkitbackendauthority.h b/src/polkitbackend/polkitbackendauthority.h index a564054f..1c212e0d 100644 --- a/src/polkitbackend/polkitbackendauthority.h +++ b/src/polkitbackend/polkitbackendauthority.h @@ -154,6 +154,7 @@ struct _PolkitBackendAuthorityClass gboolean (*authentication_agent_response) (PolkitBackendAuthority *authority, PolkitSubject *caller, + uid_t uid, const gchar *cookie, PolkitIdentity *identity, GError **error); @@ -256,6 +257,7 @@ gboolean polkit_backend_authority_unregister_authentication_agent (PolkitBackend gboolean polkit_backend_authority_authentication_agent_response (PolkitBackendAuthority *authority, PolkitSubject *caller, + uid_t uid, const gchar *cookie, PolkitIdentity *identity, GError **error); diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c index 10eda2c7..5e29af2c 100644 --- a/src/polkitbackend/polkitbackendinteractiveauthority.c +++ b/src/polkitbackend/polkitbackendinteractiveauthority.c @@ -106,8 +106,9 @@ static AuthenticationAgent *get_authentication_agent_for_subject (PolkitBackendI PolkitSubject *subject); -static AuthenticationSession *get_authentication_session_for_cookie (PolkitBackendInteractiveAuthority *authority, - const gchar *cookie); +static AuthenticationSession *get_authentication_session_for_uid_and_cookie (PolkitBackendInteractiveAuthority *authority, + uid_t uid, + const gchar *cookie); static GList *get_authentication_sessions_initiated_by_system_bus_unique_name (PolkitBackendInteractiveAuthority *authority, const gchar *system_bus_unique_name); @@ -167,6 +168,7 @@ static gboolean polkit_backend_interactive_authority_unregister_authentication_a static gboolean polkit_backend_interactive_authority_authentication_agent_response (PolkitBackendAuthority *authority, PolkitSubject *caller, + uid_t uid, const gchar *cookie, PolkitIdentity *identity, GError **error); @@ -431,6 +433,7 @@ struct AuthenticationAgent { volatile gint ref_count; + uid_t creator_uid; PolkitSubject *scope; guint64 serial; @@ -1603,6 +1606,7 @@ authentication_agent_unref (AuthenticationAgent *agent) static AuthenticationAgent * authentication_agent_new (guint64 serial, PolkitSubject *scope, + PolkitIdentity *creator, const gchar *unique_system_bus_name, const gchar *locale, const gchar *object_path, @@ -1611,6 +1615,10 @@ authentication_agent_new (guint64 serial, { AuthenticationAgent *agent; GDBusProxy *proxy; + PolkitUnixUser *creator_user; + + g_assert (POLKIT_IS_UNIX_USER (creator)); + creator_user = POLKIT_UNIX_USER (creator); if (!g_variant_is_object_path (object_path)) { @@ -1638,6 +1646,7 @@ authentication_agent_new (guint64 serial, agent->ref_count = 1; agent->serial = serial; agent->scope = g_object_ref (scope); + agent->creator_uid = (uid_t)polkit_unix_user_get_uid (creator_user); agent->object_path = g_strdup (object_path); agent->unique_system_bus_name = g_strdup (unique_system_bus_name); agent->locale = g_strdup (locale); @@ -1736,8 +1745,9 @@ get_authentication_agent_for_subject (PolkitBackendInteractiveAuthority *authori } static AuthenticationSession * -get_authentication_session_for_cookie (PolkitBackendInteractiveAuthority *authority, - const gchar *cookie) +get_authentication_session_for_uid_and_cookie (PolkitBackendInteractiveAuthority *authority, + uid_t uid, + const gchar *cookie) { PolkitBackendInteractiveAuthorityPrivate *priv; GHashTableIter hash_iter; @@ -1755,6 +1765,23 @@ get_authentication_session_for_cookie (PolkitBackendInteractiveAuthority *author { GList *l; + /* We need to ensure that if somehow we have duplicate cookies + * due to wrapping, that the cookie used is matched to the user + * who called AuthenticationAgentResponse2. See + * http://lists.freedesktop.org/archives/polkit-devel/2015-June/000425.html + * + * Except if the legacy AuthenticationAgentResponse is invoked, + * we don't know the uid and hence use -1. Continue to support + * the old behavior for backwards compatibility, although everyone + * who is using our own setuid helper will automatically be updated + * to the new API. + */ + if (uid != (uid_t)-1) + { + if (agent->creator_uid != uid) + continue; + } + for (l = agent->active_sessions; l != NULL; l = l->next) { AuthenticationSession *session = l->data; @@ -2388,6 +2415,7 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken priv->agent_serial++; agent = authentication_agent_new (priv->agent_serial, subject, + user_of_caller, polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (caller)), locale, object_path, @@ -2601,6 +2629,7 @@ polkit_backend_interactive_authority_unregister_authentication_agent (PolkitBack static gboolean polkit_backend_interactive_authority_authentication_agent_response (PolkitBackendAuthority *authority, PolkitSubject *caller, + uid_t uid, const gchar *cookie, PolkitIdentity *identity, GError **error) @@ -2643,7 +2672,7 @@ polkit_backend_interactive_authority_authentication_agent_response (PolkitBacken } /* find the authentication session */ - session = get_authentication_session_for_cookie (interactive_authority, cookie); + session = get_authentication_session_for_uid_and_cookie (interactive_authority, uid, cookie); if (session == NULL) { g_set_error (error, -- cgit v1.2.3 From deda40995f82c8e009ed93eb76c19a33a3148e2b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Wed, 17 Jun 2015 01:01:27 +0200 Subject: docs: Update for changes to uid binding/AuthenticationAgentResponse2 - Refer to PolkitAgentSession in general instead of to _response only - Revert to the original description of authentication cancellation, the agent really needs to return an error to the caller (in addition to dealing with the session if any). - Explicitly document the UID assumption; in the process fixing bug #69980. - Keep documenting that we need a sufficiently privileged caller. - Refer to the ...Response2 API in more places. - Also update docbook documentation. - Drop a paragraph suggesting non-PolkitAgentSession implementations are expected and commonplace. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90837 Reviewed-by: Colin Walters Origin: upstream, 0.113, commit:fb5076b7c05d01a532d593a4079a29cf2d63a228 Bug-Debian: https://bugs.debian.org/796134 Gbp-Pq: Topic 0.113 Gbp-Pq: Name docs-Update-for-changes-to-uid-binding-Authenticatio.patch --- ....freedesktop.PolicyKit1.AuthenticationAgent.xml | 6 +++--- data/org.freedesktop.PolicyKit1.Authority.xml | 11 ++++++---- ....freedesktop.PolicyKit1.AuthenticationAgent.xml | 7 +++++-- ...erface-org.freedesktop.PolicyKit1.Authority.xml | 12 +++++++---- docs/polkit/overview.xml | 8 ++++---- src/polkit/polkitauthority.c | 24 ++++++++++++++++++++-- src/polkitagent/polkitagentlistener.c | 5 +---- src/polkitbackend/polkitbackendauthority.c | 1 + 8 files changed, 51 insertions(+), 23 deletions(-) diff --git a/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml b/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml index 5beef7d4..482332f6 100644 --- a/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml +++ b/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml @@ -13,14 +13,14 @@ user to authenticate as one of the identities in @identities for the action with the identifier @action_id.This authentication is normally achieved via the - polkit_agent_session_response() API, which invokes a private + PolkitAgentSession API, which invokes a private setuid helper process to verify the authentication. When successful, it calls the org.freedesktop.PolicyKit1.Authority.AuthenticationAgentResponse2() method on the #org.freedesktop.PolicyKit1.Authority interface of the PolicyKit daemon before returning. If the user dismisses the - authentication dialog, the authentication agent should call - polkit_agent_session_cancel()."/> + authentication dialog, the authentication agent should return an + error."/> diff --git a/data/org.freedesktop.PolicyKit1.Authority.xml b/data/org.freedesktop.PolicyKit1.Authority.xml index f9021ee2..88da3c05 100644 --- a/data/org.freedesktop.PolicyKit1.Authority.xml +++ b/data/org.freedesktop.PolicyKit1.Authority.xml @@ -283,7 +283,7 @@ - + @@ -315,7 +315,8 @@ +internal to polkit. This method will fail unless a sufficiently privileged +caller invokes it. Deprecated in favor of org.freedesktop.PolicyKit1.Authority.AuthenticationAgentResponse2."/> @@ -330,11 +331,13 @@ internal to polkit."/> - + diff --git a/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.AuthenticationAgent.xml b/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.AuthenticationAgent.xml index ec596268..ab27b2f6 100644 --- a/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.AuthenticationAgent.xml +++ b/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.AuthenticationAgent.xml @@ -47,10 +47,13 @@ BeginAuthentication (IN String action_id, identifier action_id.Upon succesful authentication, the authentication agent must invoke the AuthenticationAgentResponse() + linkend="eggdbus-method-org.freedesktop.PolicyKit1.Authority.AuthenticationAgentResponse2">AuthenticationAgentResponse2() method on the org.freedesktop.PolicyKit1.Authority - interface of the PolicyKit daemon before returning. + interface of the PolicyKit daemon before returning. This is normally + achieved via the PolkitAgentSession + API, which invokes a private setuid helper process to verify the + authentication. The authentication agent should not return until after authentication is complete. diff --git a/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml b/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml index e66bf534..f2eed639 100644 --- a/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml +++ b/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml @@ -42,7 +42,7 @@ Structure TemporaryAuth IN String object_path) AuthenticationAgentResponse (IN String cookie, IN Identity identity) -AuthenticationAgentResponse2 (IN uint32 uid, IN String cookie, +AuthenticationAgentResponse2 (IN uint32 uid, IN String cookie, IN Identity identity) EnumerateTemporaryAuthorizations (IN Subject subject, OUT Array<TemporaryAuthorization> temporary_authorizations) @@ -701,7 +701,7 @@ RegisterAuthenticationAgent (IN Subject< IN String object_path) -Register an authentication agent.Note that current versions of PolicyKit will only work if session_id is set to the empty string. In the future it might work for non-empty strings if the caller is sufficiently privileged. +Register an authentication agent.Note that this should be called by same effective UID which will be passed to AuthenticationAgentResponse2(). @@ -781,7 +781,8 @@ AuthenticationAgentResponse (IN String cookie, Method for authentication agents to invoke on successful authentication, intended only for use by a privileged helper process -internal to polkit. Deprecated in favor of AuthenticationAgentResponse2. +internal to polkit. This method will fail unless a sufficiently privileged ++caller invokes it. Deprecated in favor of AuthenticationAgentResponse2(). @@ -812,7 +813,10 @@ AuthenticationAgentResponse2 (IN uint32 uid, Method for authentication agents to invoke on successful authentication, intended only for use by a privileged helper process -internal to polkit. Note this method was introduced in 0.114 to fix a security issue. +internal to polkit. This method will fail unless a sufficiently privileged +caller invokes it. Note this method was introduced in 0.114 and should be +preferred over AuthenticationAgentResponse() +as it fixes a security issue. diff --git a/docs/polkit/overview.xml b/docs/polkit/overview.xml index c29d8da2..8ddb34cc 100644 --- a/docs/polkit/overview.xml +++ b/docs/polkit/overview.xml @@ -73,11 +73,11 @@ linkend="eggdbus-interface-org.freedesktop.PolicyKit1.AuthenticationAgent">org.freedesktop.PolicyKit1.AuthenticationAgent D-Bus interface. Once the user is authenticated, (a privileged part of) the agent invokes the AuthenticationAgentResponse() + linkend="eggdbus-method-org.freedesktop.PolicyKit1.Authority.AuthenticationAgentResponse2">AuthenticationAgentResponse2() method. This method should be treated as an internal - implementation detail, and callers should use the public shared - library API to invoke it, which currently uses a setuid helper - program. + implementation detail, and callers should use the + PolkitAgentSession API to invoke + it, which currently uses a setuid helper program. The libpolkit-agent-1 diff --git a/src/polkit/polkitauthority.c b/src/polkit/polkitauthority.c index f45abc4a..4e882e64 100644 --- a/src/polkit/polkitauthority.c +++ b/src/polkit/polkitauthority.c @@ -1038,6 +1038,10 @@ polkit_authority_check_authorization_sync (PolkitAuthority *author * * Asynchronously registers an authentication agent. * + * Note that this should be called by the same effective UID which will be + * the real UID using the #PolkitAgentSession API or otherwise calling + * polkit_authority_authentication_agent_response(). + * * When the operation is finished, @callback will be invoked in the * thread-default * main loop of the thread you are calling this method @@ -1129,7 +1133,13 @@ polkit_authority_register_authentication_agent_finish (PolkitAuthority *authorit * @cancellable: (allow-none): A #GCancellable or %NULL. * @error: (allow-none): Return location for error or %NULL. * - * Registers an authentication agent. The calling thread is blocked + * Registers an authentication agent. + * + * Note that this should be called by the same effective UID which will be + * the real UID using the #PolkitAgentSession API or otherwise calling + * polkit_authority_authentication_agent_response(). + * + * The calling thread is blocked * until a reply is received. See * polkit_authority_register_authentication_agent() for the * asynchronous version. @@ -1178,6 +1188,10 @@ polkit_authority_register_authentication_agent_sync (PolkitAuthority *author * * Asynchronously registers an authentication agent. * + * Note that this should be called by the same effective UID which will be + * the real UID using the #PolkitAgentSession API or otherwise calling + * polkit_authority_authentication_agent_response(). + * * When the operation is finished, @callback will be invoked in the * thread-default * main loop of the thread you are calling this method @@ -1292,7 +1306,13 @@ polkit_authority_register_authentication_agent_with_options_finish (PolkitAuthor * @cancellable: (allow-none): A #GCancellable or %NULL. * @error: (allow-none): Return location for error or %NULL. * - * Registers an authentication agent. The calling thread is blocked + * Registers an authentication agent. + * + * Note that this should be called by the same effective UID which will be + * the real UID using the #PolkitAgentSession API or otherwise calling + * polkit_authority_authentication_agent_response(). + * + * The calling thread is blocked * until a reply is received. See * polkit_authority_register_authentication_agent_with_options() for the * asynchronous version. diff --git a/src/polkitagent/polkitagentlistener.c b/src/polkitagent/polkitagentlistener.c index 5bddd035..2bfda2d5 100644 --- a/src/polkitagent/polkitagentlistener.c +++ b/src/polkitagent/polkitagentlistener.c @@ -37,10 +37,7 @@ * * Typically authentication agents use #PolkitAgentSession to * authenticate users (via passwords) and communicate back the - * authentication result to the PolicyKit daemon. This is however not - * requirement. Depending on the system an authentication agent may - * use other means (such as a Yes/No dialog) to obtain sufficient - * evidence that the user is one of the requested identities. + * authentication result to the PolicyKit daemon. * * To register a #PolkitAgentListener with the PolicyKit daemon, use * polkit_agent_listener_register() or diff --git a/src/polkitbackend/polkitbackendauthority.c b/src/polkitbackend/polkitbackendauthority.c index d1b1a257..10b8af34 100644 --- a/src/polkitbackend/polkitbackendauthority.c +++ b/src/polkitbackend/polkitbackendauthority.c @@ -343,6 +343,7 @@ polkit_backend_authority_unregister_authentication_agent (PolkitBackendAuthority * polkit_backend_authority_authentication_agent_response: * @authority: A #PolkitBackendAuthority. * @caller: The system bus name that initiated the query. + * @uid: The real UID of the registered agent, or (uid_t)-1 if unknown. * @cookie: The cookie passed to the authentication agent from the authority. * @identity: The identity that was authenticated. * @error: Return location for error or %NULL. -- cgit v1.2.3 From b4d4730b467b3d986a604e2e5b3db83f6c4c857c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Tue, 1 Jul 2014 20:00:48 +0200 Subject: Fix a per-authorization memory leak We were leaking PolkitAuthorizationResult on every request, primarily on the success path, but also on various error paths as well. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=69501 Origin: upstream, 0.113, commit:0f5852a4bdabe377ddcdbed09a0c1f95710e17fe Gbp-Pq: Topic 0.113 Gbp-Pq: Name Fix-a-per-authorization-memory-leak.patch --- src/polkitbackend/polkitbackendauthority.c | 1 + src/polkitbackend/polkitbackendinteractiveauthority.c | 5 ++++- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/src/polkitbackend/polkitbackendauthority.c b/src/polkitbackend/polkitbackendauthority.c index 10b8af34..39eb5b9d 100644 --- a/src/polkitbackend/polkitbackendauthority.c +++ b/src/polkitbackend/polkitbackendauthority.c @@ -714,6 +714,7 @@ check_auth_cb (GObject *source_object, g_variant_ref_sink (value); g_dbus_method_invocation_return_value (data->invocation, g_variant_new ("(@(bba{ss}))", value)); g_variant_unref (value); + g_object_unref (result); } check_auth_data_free (data); diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c index 5e29af2c..73d0a0e2 100644 --- a/src/polkitbackend/polkitbackendinteractiveauthority.c +++ b/src/polkitbackend/polkitbackendinteractiveauthority.c @@ -1015,7 +1015,7 @@ polkit_backend_interactive_authority_check_authorization (PolkitBackendAuthority /* Otherwise just return the result */ g_simple_async_result_set_op_res_gpointer (simple, - result, + g_object_ref (result), g_object_unref); g_simple_async_result_complete (simple); g_object_unref (simple); @@ -1032,6 +1032,9 @@ polkit_backend_interactive_authority_check_authorization (PolkitBackendAuthority g_free (subject_str); g_free (user_of_caller_str); g_free (user_of_subject_str); + + if (result != NULL) + g_object_unref (result); } /* ---------------------------------------------------------------------------------------------------- */ -- cgit v1.2.3 From d24c7774f6c85da5c9bcd692728037abbba49ca6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Tue, 1 Jul 2014 20:00:48 +0200 Subject: Fix a memory leak when registering an authentication agent Bug: https://bugs.freedesktop.org/show_bug.cgi?id=69501 Origin: upstream, 0.113, commit:ec039f9d7ede5b839f5511e26d5cd6ae9107cb2e Gbp-Pq: Topic 0.113 Gbp-Pq: Name Fix-a-memory-leak-when-registering-an-authentication.patch --- src/polkitbackend/polkitbackendauthority.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/polkitbackend/polkitbackendauthority.c b/src/polkitbackend/polkitbackendauthority.c index 39eb5b9d..afe5b90c 100644 --- a/src/polkitbackend/polkitbackendauthority.c +++ b/src/polkitbackend/polkitbackendauthority.c @@ -900,6 +900,7 @@ server_handle_register_authentication_agent (Server *server, g_dbus_method_invocation_return_value (invocation, g_variant_new ("()")); out: + g_variant_unref (subject_gvariant); if (subject != NULL) g_object_unref (subject); } -- cgit v1.2.3 From 6272f25f6e553a54bb1c13c8ebefa6807ea4ebf7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Wed, 1 Apr 2015 05:22:37 +0200 Subject: CVE-2015-3255 Fix GHashTable usage. Don't assume that the hash table with free both the key and the value at the same time, supply proper deallocation functions for the key and value separately. Then drop ParsedAction::action_id which is no longer used for anything. https://bugs.freedesktop.org/show_bug.cgi?id=69501 and https://bugs.freedesktop.org/show_bug.cgi?id=83590 CVE: CVE-2015-3255 Origin: upstream, 0.113, commit:9f5e0c731784003bd4d6fc75ab739ff8b2ea269f Bug-Debian: https://bugs.debian.org/796134 Gbp-Pq: Topic 0.113 Gbp-Pq: Name CVE-2015-3255-Fix-GHashTable-usage.patch --- src/polkitbackend/polkitbackendactionpool.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/src/polkitbackend/polkitbackendactionpool.c b/src/polkitbackend/polkitbackendactionpool.c index 0af00109..b16ed2f9 100644 --- a/src/polkitbackend/polkitbackendactionpool.c +++ b/src/polkitbackend/polkitbackendactionpool.c @@ -40,7 +40,6 @@ typedef struct { - gchar *action_id; gchar *vendor_name; gchar *vendor_url; gchar *icon_name; @@ -62,7 +61,6 @@ typedef struct static void parsed_action_free (ParsedAction *action) { - g_free (action->action_id); g_free (action->vendor_name); g_free (action->vendor_url); g_free (action->icon_name); @@ -134,7 +132,7 @@ polkit_backend_action_pool_init (PolkitBackendActionPool *pool) priv->parsed_actions = g_hash_table_new_full (g_str_hash, g_str_equal, - NULL, + g_free, (GDestroyNotify) parsed_action_free); priv->parsed_files = g_hash_table_new_full (g_str_hash, @@ -988,7 +986,6 @@ _end (void *data, const char *el) icon_name = pd->global_icon_name; action = g_new0 (ParsedAction, 1); - action->action_id = g_strdup (pd->action_id); action->vendor_name = g_strdup (vendor); action->vendor_url = g_strdup (vendor_url); action->icon_name = g_strdup (icon_name); @@ -1003,7 +1000,8 @@ _end (void *data, const char *el) action->implicit_authorization_inactive = pd->implicit_authorization_inactive; action->implicit_authorization_active = pd->implicit_authorization_active; - g_hash_table_insert (priv->parsed_actions, action->action_id, action); + g_hash_table_insert (priv->parsed_actions, g_strdup (pd->action_id), + action); /* we steal these hash tables */ pd->annotations = NULL; -- cgit v1.2.3 From ddeca96cc72875bcc503656418124903e333430d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Tue, 14 Apr 2015 22:27:41 +0200 Subject: Fix use-after-free in polkitagentsession.c PolkitAgentTextListener's "completed" handler drops the last reference to the session; in fact this is explicitly recommended in the signal's documentation. So we must not access any members of session after emitting the signal. Found while dealing with https://bugs.freedesktop.org/show_bug.cgi?id=69501 Origin: upstream, 0.113, commit:efb6cd56a423ba15bb1f44ee3c4987aad5a5fd45 Gbp-Pq: Topic 0.113 Gbp-Pq: Name Fix-use-after-free-in-polkitagentsession.c.patch --- src/polkitagent/polkitagentsession.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/polkitagent/polkitagentsession.c b/src/polkitagent/polkitagentsession.c index 6a3d6bc9..46fbaf06 100644 --- a/src/polkitagent/polkitagentsession.c +++ b/src/polkitagent/polkitagentsession.c @@ -412,8 +412,9 @@ complete_session (PolkitAgentSession *session, { if (G_UNLIKELY (_show_debug ())) g_print ("PolkitAgentSession: emitting ::completed(%s)\n", result ? "TRUE" : "FALSE"); - g_signal_emit_by_name (session, "completed", result); session->have_emitted_completed = TRUE; + /* Note that the signal handler may drop the last reference to session. */ + g_signal_emit_by_name (session, "completed", result); } } -- cgit v1.2.3 From 1d4bd5fa0e06fd17be18e43d0372f4ffea598eed Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Thu, 4 Jun 2015 08:41:36 -0400 Subject: README: Note to send security reports via DBus's mechanism This avoids duplicating effort. Origin: upstream, 0.113, commit:ccec766c509d16dab417582e94f43d906cefd4ae Gbp-Pq: Topic 0.113 Gbp-Pq: Name README-Note-to-send-security-reports-via-DBus-s-mech.patch --- README | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/README b/README index b0751627..07230029 100644 --- a/README +++ b/README @@ -22,6 +22,22 @@ To verify the authenticity of the compressed tarball, use this command BUGS and DEVELOPMENT ==================== -Please report bugs via the freedesktop.org bugzilla at +Please report non-security bugs via the freedesktop.org bugzilla at https://bugs.freedesktop.org/enter_bug.cgi?product=PolicyKit + +SECURITY ISSUES +=============== + +polkit uses the same mechanism for reporting security issues as dbus, +the most recent copy of instructions can be found in the DBus git +repository: + +http://cgit.freedesktop.org/dbus/dbus/tree/HACKING + +A copy of the instructions as of 2015-06-04: + +If you find a security vulnerability that is not known to the public, +please report it privately to dbus-security@lists.freedesktop.org +or by reporting a freedesktop.org bug that is marked as +restricted to the "D-BUS security group". -- cgit v1.2.3 From e1e2ddd6805e5aa8ac1a8b806bae392436a58f8a Mon Sep 17 00:00:00 2001 From: Dariusz Gadomski Date: Tue, 10 Nov 2015 10:52:02 +0100 Subject: Fix multi-line pam text info. There are pam modules (e.g. pam_vas) that may attempt to display multi-line PAM_TEXT_INFO messages. Polkit was interpreting the lines after the first one as a separate message that was not recognized causing the authorization to fail. Escaping these strings and unescaping them fixes the issue. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=92886 Origin: upstream, 0.114, commit:10597322eccc320f9053821750ae9af51e918d74 Gbp-Pq: Topic 0.114 Gbp-Pq: Name Fix-multi-line-pam-text-info.patch --- src/polkitagent/polkitagenthelper-pam.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/src/polkitagent/polkitagenthelper-pam.c b/src/polkitagent/polkitagenthelper-pam.c index 19062aa8..063d656d 100644 --- a/src/polkitagent/polkitagenthelper-pam.c +++ b/src/polkitagent/polkitagenthelper-pam.c @@ -302,10 +302,15 @@ conversation_function (int n, const struct pam_message **msg, struct pam_respons case PAM_TEXT_INFO: fprintf (stdout, "PAM_TEXT_INFO "); conv2: - fputs (msg[i]->msg, stdout); - if (strlen (msg[i]->msg) > 0 && - msg[i]->msg[strlen (msg[i]->msg) - 1] != '\n') - fputc ('\n', stdout); + tmp = g_strdup (msg[i]->msg); + len = strlen (tmp); + if (len > 0 && tmp[len - 1] == '\n') + tmp[len - 1] = '\0'; + escaped = g_strescape (tmp, NULL); + g_free (tmp); + fputs (escaped, stdout); + g_free (escaped); + fputc ('\n', stdout); fflush (stdout); break; -- cgit v1.2.3 From b577e186c8ac069ca51f03f26cdb6640300f2236 Mon Sep 17 00:00:00 2001 From: Dariusz Gadomski Date: Thu, 12 Nov 2015 15:01:19 +0100 Subject: Refactor send_to_helper usage There were duplicated pieces of code detecting EOLs and escaping the code. Those actions has been delegated to already-existing send_to_helper function. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=92886 Origin: upstream, 0.114, commit:2690cd0312b310946c86674c8dd1f55c63f7dd6a Gbp-Pq: Topic 0.114 Gbp-Pq: Name Refactor-send_to_helper-usage.patch --- src/polkitagent/polkitagenthelper-pam.c | 81 +++++++++++---------------------- 1 file changed, 26 insertions(+), 55 deletions(-) diff --git a/src/polkitagent/polkitagenthelper-pam.c b/src/polkitagent/polkitagenthelper-pam.c index 063d656d..3ea3a3f2 100644 --- a/src/polkitagent/polkitagenthelper-pam.c +++ b/src/polkitagent/polkitagenthelper-pam.c @@ -39,25 +39,35 @@ static void send_to_helper (const gchar *str1, const gchar *str2) { + char *escaped; + char *tmp2; + size_t len2; + + tmp2 = g_strdup(str2); + len2 = strlen(tmp2); #ifdef PAH_DEBUG - fprintf (stderr, "polkit-agent-helper-1: writing `%s' to stdout\n", str1); + fprintf (stderr, "polkit-agent-helper-1: writing `%s ' to stdout\n", str1); #endif /* PAH_DEBUG */ - fprintf (stdout, "%s", str1); + fprintf (stdout, "%s ", str1); + + if (len2 > 0 && tmp2[len2 - 1] == '\n') + tmp2[len2 - 1] = '\0'; + escaped = g_strescape (tmp2, NULL); #ifdef PAH_DEBUG - fprintf (stderr, "polkit-agent-helper-1: writing `%s' to stdout\n", str2); + fprintf (stderr, "polkit-agent-helper-1: writing `%s' to stdout\n", escaped); #endif /* PAH_DEBUG */ - fprintf (stdout, "%s", str2); - if (strlen (str2) > 0 && str2[strlen (str2) - 1] != '\n') - { + fprintf (stdout, "%s", escaped); #ifdef PAH_DEBUG - fprintf (stderr, "polkit-agent-helper-1: writing newline to stdout\n"); + fprintf (stderr, "polkit-agent-helper-1: writing newline to stdout\n"); #endif /* PAH_DEBUG */ - fputc ('\n', stdout); - } + fputc ('\n', stdout); #ifdef PAH_DEBUG fprintf (stderr, "polkit-agent-helper-1: flushing stdout\n"); #endif /* PAH_DEBUG */ fflush (stdout); + + g_free (escaped); + g_free (tmp2); } int @@ -89,7 +99,7 @@ main (int argc, char *argv[]) /* Special-case a very common error triggered in jhbuild setups */ s = g_strdup_printf ("Incorrect permissions on %s (needs to be setuid root)", argv[0]); - send_to_helper ("PAM_ERROR_MSG ", s); + send_to_helper ("PAM_ERROR_MSG", s); g_free (s); goto error; } @@ -232,9 +242,6 @@ conversation_function (int n, const struct pam_message **msg, struct pam_respons struct pam_response *aresp; char buf[PAM_MAX_RESP_SIZE]; int i; - gchar *escaped = NULL; - gchar *tmp = NULL; - size_t len; (void)data; if (n <= 0 || n > PAM_MAX_NUM_MSG) @@ -251,38 +258,13 @@ conversation_function (int n, const struct pam_message **msg, struct pam_respons { case PAM_PROMPT_ECHO_OFF: -#ifdef PAH_DEBUG - fprintf (stderr, "polkit-agent-helper-1: writing `PAM_PROMPT_ECHO_OFF ' to stdout\n"); -#endif /* PAH_DEBUG */ - fprintf (stdout, "PAM_PROMPT_ECHO_OFF "); + send_to_helper ("PAM_PROMPT_ECHO_OFF", msg[i]->msg); goto conv1; case PAM_PROMPT_ECHO_ON: -#ifdef PAH_DEBUG - fprintf (stderr, "polkit-agent-helper-1: writing `PAM_PROMPT_ECHO_ON ' to stdout\n"); -#endif /* PAH_DEBUG */ - fprintf (stdout, "PAM_PROMPT_ECHO_ON "); - conv1: -#ifdef PAH_DEBUG - fprintf (stderr, "polkit-agent-helper-1: writing `%s' to stdout\n", msg[i]->msg); -#endif /* PAH_DEBUG */ - tmp = g_strdup (msg[i]->msg); - len = strlen (tmp); - if (len > 0 && tmp[len - 1] == '\n') - tmp[len - 1] = '\0'; - escaped = g_strescape (tmp, NULL); - g_free (tmp); - fputs (escaped, stdout); - g_free (escaped); -#ifdef PAH_DEBUG - fprintf (stderr, "polkit-agent-helper-1: writing newline to stdout\n"); -#endif /* PAH_DEBUG */ - fputc ('\n', stdout); -#ifdef PAH_DEBUG - fprintf (stderr, "polkit-agent-helper-1: flushing stdout\n"); -#endif /* PAH_DEBUG */ - fflush (stdout); + send_to_helper ("PAM_PROMPT_ECHO_ON", msg[i]->msg); + conv1: if (fgets (buf, sizeof buf, stdin) == NULL) goto error; @@ -296,22 +278,11 @@ conversation_function (int n, const struct pam_message **msg, struct pam_respons break; case PAM_ERROR_MSG: - fprintf (stdout, "PAM_ERROR_MSG "); - goto conv2; + send_to_helper ("PAM_ERROR_MSG", msg[i]->msg); + break; case PAM_TEXT_INFO: - fprintf (stdout, "PAM_TEXT_INFO "); - conv2: - tmp = g_strdup (msg[i]->msg); - len = strlen (tmp); - if (len > 0 && tmp[len - 1] == '\n') - tmp[len - 1] = '\0'; - escaped = g_strescape (tmp, NULL); - g_free (tmp); - fputs (escaped, stdout); - g_free (escaped); - fputc ('\n', stdout); - fflush (stdout); + send_to_helper ("PAM_TEXT_INFO", msg[i]->msg); break; default: -- cgit v1.2.3 From 1ce45e9750909ca1fb2b750c64c1baa7f30da6de Mon Sep 17 00:00:00 2001 From: Matthias Clasen Date: Fri, 15 Jul 2016 11:12:35 -0400 Subject: Add gettext support for .policy files gettext can extract strings from and merge them back into xml file formats, with the help of .its files. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=96940 Origin: upstream, 0.114, commit:c78819245ff8a270f97c9f800773e727918be838 Gbp-Pq: Topic 0.114 Gbp-Pq: Name Add-gettext-support-for-.policy-files.patch --- data/Makefile.am | 5 +++++ data/polkit.its | 7 +++++++ data/polkit.loc | 6 ++++++ 3 files changed, 18 insertions(+) create mode 100644 data/polkit.its create mode 100644 data/polkit.loc diff --git a/data/Makefile.am b/data/Makefile.am index f0beeba4..e1a60aad 100644 --- a/data/Makefile.am +++ b/data/Makefile.am @@ -20,6 +20,11 @@ endif pkgconfigdir = $(libdir)/pkgconfig pkgconfig_DATA = polkit-gobject-1.pc polkit-backend-1.pc polkit-agent-1.pc +# ---------------------------------------------------------------------------------------------------- + +itsdir = $(datadir)/gettext/its +its_DATA = polkit.loc polkit.its + CLEANFILES = $(BUILT_SOURCES) EXTRA_DIST = \ diff --git a/data/polkit.its b/data/polkit.its new file mode 100644 index 00000000..1312ecbe --- /dev/null +++ b/data/polkit.its @@ -0,0 +1,7 @@ + + + + diff --git a/data/polkit.loc b/data/polkit.loc new file mode 100644 index 00000000..c7427ec6 --- /dev/null +++ b/data/polkit.loc @@ -0,0 +1,6 @@ + + + + + + -- cgit v1.2.3 From 5f896f5a3e1d82f6e1124eb862d8259d572c3c09 Mon Sep 17 00:00:00 2001 From: Peter Hutterer Date: Thu, 20 Oct 2016 10:50:58 +1000 Subject: gettext: switch to default-translate "no" The default appears to be to translate all entries. This rule never takes effect, the path to /action/message and /action/description is wrong (/action is not a root node). Since we wanted them to be translated, it doesn't matter. But it also translates all other tags (vendor, allow_any, etc.) and that causes polkit to be unhappy, it can't handle the various language versions of "no" ** (polkitd:27434): WARNING **: Unknown PolkitImplicitAuthorization string 'tidak' Switch to a default of "no" and explicitly include the message and description strings to be translated. The patch was modified for PolicyKit by Ondrej Holy . Bug: https://bugs.freedesktop.org/show_bug.cgi?id=98366 Origin: upstream, 0.114, commit:32e9a69c335324a53a2c0ba4e0b513fb044be0fd Gbp-Pq: Topic 0.114 Gbp-Pq: Name gettext-switch-to-default-translate-no.patch --- data/polkit.its | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/data/polkit.its b/data/polkit.its index 1312ecbe..1c37e6be 100644 --- a/data/polkit.its +++ b/data/polkit.its @@ -1,7 +1,8 @@ - + -- cgit v1.2.3 From 12abf861017bb4c9ea8806ce114a20df06bdbe81 Mon Sep 17 00:00:00 2001 From: Sebastien Bacher Date: Mon, 2 Apr 2018 10:52:47 -0400 Subject: Support polkit session agent running outside user session commit a68f5dfd7662767b7b9822090b70bc5bd145c50c made session applications that are running from a user bus work with polkitd, by falling back to using the currently active session. This commit is similar, but for the polkit agent. It allows, a polkit agent to be run from a systemd --user service that's not running directly in the users session. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=96977 Applied-upstream: 0.114, commit:00a663e3fb14d8023e7cb6a66d091872bf4f2851 Gbp-Pq: Topic 0.114 Gbp-Pq: Name Support-polkit-session-agent-running-outside-user-session.patch --- src/polkit/polkitunixsession-systemd.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/src/polkit/polkitunixsession-systemd.c b/src/polkit/polkitunixsession-systemd.c index 8a8bf65b..c34f36a9 100644 --- a/src/polkit/polkitunixsession-systemd.c +++ b/src/polkit/polkitunixsession-systemd.c @@ -451,6 +451,7 @@ polkit_unix_session_initable_init (GInitable *initable, PolkitUnixSession *session = POLKIT_UNIX_SESSION (initable); gboolean ret = FALSE; char *s; + uid_t uid; if (session->session_id != NULL) { @@ -467,6 +468,19 @@ polkit_unix_session_initable_init (GInitable *initable, goto out; } + /* Now do process -> uid -> graphical session (systemd version 213)*/ + if (sd_pid_get_owner_uid (session->pid, &uid) < 0) + goto error; + + if (sd_uid_get_display (uid, &s) >= 0) + { + session->session_id = g_strdup (s); + free (s); + ret = TRUE; + goto out; + } + +error: g_set_error (error, POLKIT_ERROR, POLKIT_ERROR_FAILED, -- cgit v1.2.3 From 0bd38072a35f29d398b88386e9d523a4e8b20c36 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Mon, 25 Jun 2018 19:24:06 +0200 Subject: Fix CVE-2018-1116: Trusting client-supplied UID MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit As part of CVE-2013-4288, the D-Bus clients were allowed (and encouraged) to submit the UID of the subject of authorization checks to avoid races against UID changes (notably using executables set-UID to root). However, that also allowed any client to submit an arbitrary UID, and that could be used to bypass "can only ask about / affect the same UID" checks in CheckAuthorization / RegisterAuthenticationAgent / UnregisterAuthenticationAgent. This allowed an attacker: - With CheckAuthorization, to cause the registered authentication agent in victim's session to pop up a dialog, or to determine whether the victim currently has a temporary authorization to perform an operation. (In principle, the attacker can also determine whether JavaScript rules allow the victim process to perform an operation; however, usually rules base their decisions on information determined from the supplied UID, so the attacker usually won't learn anything new.) - With RegisterAuthenticationAgent, to prevent the victim's authentication agent to work (for a specific victim process), or to learn about which operations requiring authorization the victim is attempting. To fix this, expose internal _polkit_unix_process_get_owner() / obsolete polkit_unix_process_get_owner() as a private polkit_unix_process_get_racy_uid__() (being more explicit about the dangers on relying on it), and use it in polkit_backend_session_monitor_get_user_for_subject() to return a boolean indicating whether the subject UID may be caller-chosen. Then, in the permission checks that require the subject to be equal to the caller, fail on caller-chosen UIDs (and continue through the pre-existing code paths which allow root, or root-designated server processes, to ask about arbitrary subjects.) Signed-off-by: Miloslav Trmač Origin: upstream, 0.115, commit:bc7ffad53643a9c80231fc41f5582d6a8931c32c Gbp-Pq: Topic 0.115 Gbp-Pq: Name Fix-CVE-2018-1116-Trusting-client-supplied-UID.patch --- src/polkit/polkitprivate.h | 2 + src/polkit/polkitunixprocess.c | 60 ++++++++++++++++++---- .../polkitbackendinteractiveauthority.c | 39 +++++++++----- .../polkitbackendsessionmonitor-systemd.c | 38 ++++++++++++-- src/polkitbackend/polkitbackendsessionmonitor.c | 40 +++++++++++++-- src/polkitbackend/polkitbackendsessionmonitor.h | 1 + 6 files changed, 147 insertions(+), 33 deletions(-) diff --git a/src/polkit/polkitprivate.h b/src/polkit/polkitprivate.h index 7f5c4634..6274bc90 100644 --- a/src/polkit/polkitprivate.h +++ b/src/polkit/polkitprivate.h @@ -44,6 +44,8 @@ GVariant *polkit_action_description_to_gvariant (PolkitActionDescription *action GVariant *polkit_subject_to_gvariant (PolkitSubject *subject); GVariant *polkit_identity_to_gvariant (PolkitIdentity *identity); +gint polkit_unix_process_get_racy_uid__ (PolkitUnixProcess *process, GError **error); + PolkitSubject *polkit_subject_new_for_gvariant (GVariant *variant, GError **error); PolkitIdentity *polkit_identity_new_for_gvariant (GVariant *variant, GError **error); diff --git a/src/polkit/polkitunixprocess.c b/src/polkit/polkitunixprocess.c index 913be3ac..464f034c 100644 --- a/src/polkit/polkitunixprocess.c +++ b/src/polkit/polkitunixprocess.c @@ -49,6 +49,14 @@ * To uniquely identify processes, both the process id and the start * time of the process (a monotonic increasing value representing the * time since the kernel was started) is used. + * + * NOTE: This object stores, and provides access to, the real UID of the + * process. That value can change over time (with set*uid*(2) and exec*(2)). + * Checks whether an operation is allowed need to take care to use the UID + * value as of the time when the operation was made (or, following the open() + * privilege check model, when the connection making the operation possible + * was initiated). That is usually done by initializing this with + * polkit_unix_process_new_for_owner() with trusted data. */ /** @@ -83,9 +91,6 @@ static void subject_iface_init (PolkitSubjectIface *subject_iface); static guint64 get_start_time_for_pid (gint pid, GError **error); -static gint _polkit_unix_process_get_owner (PolkitUnixProcess *process, - GError **error); - #ifdef HAVE_FREEBSD static gboolean get_kinfo_proc (gint pid, struct kinfo_proc *p); #endif @@ -170,7 +175,7 @@ polkit_unix_process_constructed (GObject *object) { GError *error; error = NULL; - process->uid = _polkit_unix_process_get_owner (process, &error); + process->uid = polkit_unix_process_get_racy_uid__ (process, &error); if (error != NULL) { process->uid = -1; @@ -259,6 +264,12 @@ polkit_unix_process_class_init (PolkitUnixProcessClass *klass) * Gets the user id for @process. Note that this is the real user-id, * not the effective user-id. * + * NOTE: The UID may change over time, so the returned value may not match the + * current state of the underlying process; or the UID may have been set by + * polkit_unix_process_new_for_owner() or polkit_unix_process_set_uid(), + * in which case it may not correspond to the actual UID of the referenced + * process at all (at any point in time). + * * Returns: The user id for @process or -1 if unknown. */ gint @@ -655,18 +666,26 @@ out: return start_time; } -static gint -_polkit_unix_process_get_owner (PolkitUnixProcess *process, - GError **error) +/* + * Private: Return the "current" UID. Note that this is inherently racy, + * and the value may already be obsolete by the time this function returns; + * this function only guarantees that the UID was valid at some point during + * its execution. + */ +gint +polkit_unix_process_get_racy_uid__ (PolkitUnixProcess *process, + GError **error) { gint result; gchar *contents; gchar **lines; + guint64 start_time; #ifdef HAVE_FREEBSD struct kinfo_proc p; #else gchar filename[64]; guint n; + GError *local_error; #endif g_return_val_if_fail (POLKIT_IS_UNIX_PROCESS (process), 0); @@ -689,6 +708,7 @@ _polkit_unix_process_get_owner (PolkitUnixProcess *process, } result = p.ki_uid; + start_time = (guint64) p.ki_start.tv_sec; #else /* see 'man proc' for layout of the status file @@ -722,17 +742,37 @@ _polkit_unix_process_get_owner (PolkitUnixProcess *process, else { result = real_uid; - goto out; + goto found; } } - g_set_error (error, POLKIT_ERROR, POLKIT_ERROR_FAILED, "Didn't find any line starting with `Uid:' in file %s", filename); + goto out; + +found: + /* The UID and start time are, sadly, not available in a single file. So, + * read the UID first, and then the start time; if the start time is the same + * before and after reading the UID, it couldn't have changed. + */ + local_error = NULL; + start_time = get_start_time_for_pid (process->pid, &local_error); + if (local_error != NULL) + { + g_propagate_error (error, local_error); + goto out; + } #endif + if (process->start_time != start_time) + { + g_set_error (error, POLKIT_ERROR, POLKIT_ERROR_FAILED, + "process with PID %d has been replaced", process->pid); + goto out; + } + out: g_strfreev (lines); g_free (contents); @@ -744,5 +784,5 @@ gint polkit_unix_process_get_owner (PolkitUnixProcess *process, GError **error) { - return _polkit_unix_process_get_owner (process, error); + return polkit_unix_process_get_racy_uid__ (process, error); } diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c index 73d0a0e2..97a8d800 100644 --- a/src/polkitbackend/polkitbackendinteractiveauthority.c +++ b/src/polkitbackend/polkitbackendinteractiveauthority.c @@ -563,7 +563,7 @@ log_result (PolkitBackendInteractiveAuthority *authority, if (polkit_authorization_result_get_is_authorized (result)) log_result_str = "ALLOWING"; - user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, subject, NULL); + user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, subject, NULL, NULL); subject_str = polkit_subject_to_string (subject); @@ -837,6 +837,7 @@ polkit_backend_interactive_authority_check_authorization (PolkitBackendAuthority gchar *subject_str; PolkitIdentity *user_of_caller; PolkitIdentity *user_of_subject; + gboolean user_of_subject_matches; gchar *user_of_caller_str; gchar *user_of_subject_str; PolkitAuthorizationResult *result; @@ -882,7 +883,7 @@ polkit_backend_interactive_authority_check_authorization (PolkitBackendAuthority action_id); user_of_caller = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, - caller, + caller, NULL, &error); if (error != NULL) { @@ -897,7 +898,7 @@ polkit_backend_interactive_authority_check_authorization (PolkitBackendAuthority g_debug (" user of caller is %s", user_of_caller_str); user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, - subject, + subject, &user_of_subject_matches, &error); if (error != NULL) { @@ -927,7 +928,10 @@ polkit_backend_interactive_authority_check_authorization (PolkitBackendAuthority * We only allow this if, and only if, * * - processes may check for another process owned by the *same* user but not - * if details are passed (otherwise you'd be able to spoof the dialog) + * if details are passed (otherwise you'd be able to spoof the dialog); + * the caller supplies the user_of_subject value, so we additionally + * require it to match at least at one point in time (via + * user_of_subject_matches). * * - processes running as uid 0 may check anything and pass any details * @@ -935,7 +939,9 @@ polkit_backend_interactive_authority_check_authorization (PolkitBackendAuthority * then any uid referenced by that annotation is also allowed to check * to check anything and pass any details */ - if (!polkit_identity_equal (user_of_caller, user_of_subject) || has_details) + if (!user_of_subject_matches + || !polkit_identity_equal (user_of_caller, user_of_subject) + || has_details) { if (!may_identity_check_authorization (interactive_authority, action_id, user_of_caller)) { @@ -1102,9 +1108,10 @@ check_authorization_sync (PolkitBackendAuthority *authority, goto out; } - /* every subject has a user */ + /* every subject has a user; this is supplied by the client, so we rely + * on the caller to validate its acceptability. */ user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, - subject, + subject, NULL, error); if (user_of_subject == NULL) goto out; @@ -2319,6 +2326,7 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken PolkitSubject *session_for_caller; PolkitIdentity *user_of_caller; PolkitIdentity *user_of_subject; + gboolean user_of_subject_matches; AuthenticationAgent *agent; gboolean ret; gchar *caller_cmdline; @@ -2371,7 +2379,7 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken goto out; } - user_of_caller = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, caller, NULL); + user_of_caller = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, caller, NULL, NULL); if (user_of_caller == NULL) { g_set_error (error, @@ -2380,7 +2388,7 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken "Cannot determine user of caller"); goto out; } - user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, subject, NULL); + user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, subject, &user_of_subject_matches, NULL); if (user_of_subject == NULL) { g_set_error (error, @@ -2389,7 +2397,8 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken "Cannot determine user of subject"); goto out; } - if (!polkit_identity_equal (user_of_caller, user_of_subject)) + if (!user_of_subject_matches + || !polkit_identity_equal (user_of_caller, user_of_subject)) { if (POLKIT_IS_UNIX_USER (user_of_caller) && polkit_unix_user_get_uid (POLKIT_UNIX_USER (user_of_caller)) == 0) { @@ -2482,6 +2491,7 @@ polkit_backend_interactive_authority_unregister_authentication_agent (PolkitBack PolkitSubject *session_for_caller; PolkitIdentity *user_of_caller; PolkitIdentity *user_of_subject; + gboolean user_of_subject_matches; AuthenticationAgent *agent; gboolean ret; gchar *scope_str; @@ -2530,7 +2540,7 @@ polkit_backend_interactive_authority_unregister_authentication_agent (PolkitBack goto out; } - user_of_caller = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, caller, NULL); + user_of_caller = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, caller, NULL, NULL); if (user_of_caller == NULL) { g_set_error (error, @@ -2539,7 +2549,7 @@ polkit_backend_interactive_authority_unregister_authentication_agent (PolkitBack "Cannot determine user of caller"); goto out; } - user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, subject, NULL); + user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, subject, &user_of_subject_matches, NULL); if (user_of_subject == NULL) { g_set_error (error, @@ -2548,7 +2558,8 @@ polkit_backend_interactive_authority_unregister_authentication_agent (PolkitBack "Cannot determine user of subject"); goto out; } - if (!polkit_identity_equal (user_of_caller, user_of_subject)) + if (!user_of_subject_matches + || !polkit_identity_equal (user_of_caller, user_of_subject)) { if (POLKIT_IS_UNIX_USER (user_of_caller) && polkit_unix_user_get_uid (POLKIT_UNIX_USER (user_of_caller)) == 0) { @@ -2658,7 +2669,7 @@ polkit_backend_interactive_authority_authentication_agent_response (PolkitBacken identity_str); user_of_caller = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, - caller, + caller, NULL, error); if (user_of_caller == NULL) goto out; diff --git a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c index 6bd517ab..773256e3 100644 --- a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c +++ b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c @@ -29,6 +29,7 @@ #include #include +#include #include "polkitbackendsessionmonitor.h" /* @@ -246,26 +247,40 @@ polkit_backend_session_monitor_get_sessions (PolkitBackendSessionMonitor *monito * polkit_backend_session_monitor_get_user: * @monitor: A #PolkitBackendSessionMonitor. * @subject: A #PolkitSubject. + * @result_matches: If not %NULL, set to indicate whether the return value matches current (RACY) state. * @error: Return location for error. * * Gets the user corresponding to @subject or %NULL if no user exists. * + * NOTE: For a #PolkitUnixProcess, the UID is read from @subject (which may + * come from e.g. a D-Bus client), so it may not correspond to the actual UID + * of the referenced process (at any point in time). This is indicated by + * setting @result_matches to %FALSE; the caller may reject such subjects or + * require additional privileges. @result_matches == %TRUE only indicates that + * the UID matched the underlying process at ONE point in time, it may not match + * later. + * * Returns: %NULL if @error is set otherwise a #PolkitUnixUser that should be freed with g_object_unref(). */ PolkitIdentity * polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor *monitor, PolkitSubject *subject, + gboolean *result_matches, GError **error) { PolkitIdentity *ret; - guint32 uid; + gboolean matches; ret = NULL; + matches = FALSE; if (POLKIT_IS_UNIX_PROCESS (subject)) { - uid = polkit_unix_process_get_uid (POLKIT_UNIX_PROCESS (subject)); - if ((gint) uid == -1) + gint subject_uid, current_uid; + GError *local_error; + + subject_uid = polkit_unix_process_get_uid (POLKIT_UNIX_PROCESS (subject)); + if (subject_uid == -1) { g_set_error (error, POLKIT_ERROR, @@ -273,14 +288,24 @@ polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor "Unix process subject does not have uid set"); goto out; } - ret = polkit_unix_user_new (uid); + local_error = NULL; + current_uid = polkit_unix_process_get_racy_uid__ (POLKIT_UNIX_PROCESS (subject), &local_error); + if (local_error != NULL) + { + g_propagate_error (error, local_error); + goto out; + } + ret = polkit_unix_user_new (subject_uid); + matches = (subject_uid == current_uid); } else if (POLKIT_IS_SYSTEM_BUS_NAME (subject)) { ret = (PolkitIdentity*)polkit_system_bus_name_get_user_sync (POLKIT_SYSTEM_BUS_NAME (subject), NULL, error); + matches = TRUE; } else if (POLKIT_IS_UNIX_SESSION (subject)) { + uid_t uid; if (sd_session_get_uid (polkit_unix_session_get_session_id (POLKIT_UNIX_SESSION (subject)), &uid) < 0) { @@ -292,9 +317,14 @@ polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor } ret = polkit_unix_user_new (uid); + matches = TRUE; } out: + if (result_matches != NULL) + { + *result_matches = matches; + } return ret; } diff --git a/src/polkitbackend/polkitbackendsessionmonitor.c b/src/polkitbackend/polkitbackendsessionmonitor.c index e1a9ab3a..ed307559 100644 --- a/src/polkitbackend/polkitbackendsessionmonitor.c +++ b/src/polkitbackend/polkitbackendsessionmonitor.c @@ -27,6 +27,7 @@ #include #include +#include #include "polkitbackendsessionmonitor.h" #define CKDB_PATH "/var/run/ConsoleKit/database" @@ -273,28 +274,40 @@ polkit_backend_session_monitor_get_sessions (PolkitBackendSessionMonitor *monito * polkit_backend_session_monitor_get_user: * @monitor: A #PolkitBackendSessionMonitor. * @subject: A #PolkitSubject. + * @result_matches: If not %NULL, set to indicate whether the return value matches current (RACY) state. * @error: Return location for error. * * Gets the user corresponding to @subject or %NULL if no user exists. * + * NOTE: For a #PolkitUnixProcess, the UID is read from @subject (which may + * come from e.g. a D-Bus client), so it may not correspond to the actual UID + * of the referenced process (at any point in time). This is indicated by + * setting @result_matches to %FALSE; the caller may reject such subjects or + * require additional privileges. @result_matches == %TRUE only indicates that + * the UID matched the underlying process at ONE point in time, it may not match + * later. + * * Returns: %NULL if @error is set otherwise a #PolkitUnixUser that should be freed with g_object_unref(). */ PolkitIdentity * polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor *monitor, PolkitSubject *subject, + gboolean *result_matches, GError **error) { PolkitIdentity *ret; + gboolean matches; GError *local_error; - gchar *group; - guint32 uid; ret = NULL; + matches = FALSE; if (POLKIT_IS_UNIX_PROCESS (subject)) { - uid = polkit_unix_process_get_uid (POLKIT_UNIX_PROCESS (subject)); - if ((gint) uid == -1) + gint subject_uid, current_uid; + + subject_uid = polkit_unix_process_get_uid (POLKIT_UNIX_PROCESS (subject)); + if (subject_uid == -1) { g_set_error (error, POLKIT_ERROR, @@ -302,14 +315,26 @@ polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor "Unix process subject does not have uid set"); goto out; } - ret = polkit_unix_user_new (uid); + local_error = NULL; + current_uid = polkit_unix_process_get_racy_uid__ (POLKIT_UNIX_PROCESS (subject), &local_error); + if (local_error != NULL) + { + g_propagate_error (error, local_error); + goto out; + } + ret = polkit_unix_user_new (subject_uid); + matches = (subject_uid == current_uid); } else if (POLKIT_IS_SYSTEM_BUS_NAME (subject)) { ret = (PolkitIdentity*)polkit_system_bus_name_get_user_sync (POLKIT_SYSTEM_BUS_NAME (subject), NULL, error); + matches = TRUE; } else if (POLKIT_IS_UNIX_SESSION (subject)) { + gint uid; + gchar *group; + if (!ensure_database (monitor, error)) { g_prefix_error (error, "Error getting user for session: Error ensuring CK database at " CKDB_PATH ": "); @@ -328,9 +353,14 @@ polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor g_free (group); ret = polkit_unix_user_new (uid); + matches = TRUE; } out: + if (result_matches != NULL) + { + *result_matches = matches; + } return ret; } diff --git a/src/polkitbackend/polkitbackendsessionmonitor.h b/src/polkitbackend/polkitbackendsessionmonitor.h index 8f8a2cae..3972326b 100644 --- a/src/polkitbackend/polkitbackendsessionmonitor.h +++ b/src/polkitbackend/polkitbackendsessionmonitor.h @@ -47,6 +47,7 @@ GList *polkit_backend_session_monitor_get_sessions (Polkit PolkitIdentity *polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor *monitor, PolkitSubject *subject, + gboolean *result_matches, GError **error); PolkitSubject *polkit_backend_session_monitor_get_session_for_subject (PolkitBackendSessionMonitor *monitor, -- cgit v1.2.3 From d68d495be6eee88fd7b305d59f3474275b2e30af Mon Sep 17 00:00:00 2001 From: Jan Rybar Date: Thu, 9 Aug 2018 16:46:38 +0200 Subject: Possible resource leak found by static analyzer Origin: upstream, 0.116, commit:542c6ec832919df6a74e16aba574adaeebe35e08 Gbp-Pq: Topic 0.116 Gbp-Pq: Name Possible-resource-leak-found-by-static-analyzer.patch --- src/polkitagent/polkitagentlistener.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/polkitagent/polkitagentlistener.c b/src/polkitagent/polkitagentlistener.c index 2bfda2d5..00038517 100644 --- a/src/polkitagent/polkitagentlistener.c +++ b/src/polkitagent/polkitagentlistener.c @@ -440,6 +440,7 @@ polkit_agent_listener_register_with_options (PolkitAgentListener *listener, server->thread_initialization_error = NULL; g_thread_join (server->thread); server_free (server); + server = NULL; goto out; } } -- cgit v1.2.3 From 84548fc064825e9706362c6e72707baef2ee40ff Mon Sep 17 00:00:00 2001 From: Jan Rybar Date: Wed, 15 Aug 2018 18:50:56 +0200 Subject: Elaborate message printed by polkit when disconnecting from ssh Polkit raises unnecessarily elaborate warning message when user restarts machine from ssh. This message was moved to debug mode. Origin: upstream, 0.116, commit:b1cc525ff5a50e20c9f921f898f0556e07675e58 Gbp-Pq: Topic 0.116 Gbp-Pq: Name Elaborate-message-printed-by-polkit-when-disconnecting-fr.patch --- src/polkitagent/polkitagentlistener.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/src/polkitagent/polkitagentlistener.c b/src/polkitagent/polkitagentlistener.c index 00038517..e0b7b576 100644 --- a/src/polkitagent/polkitagentlistener.c +++ b/src/polkitagent/polkitagentlistener.c @@ -177,10 +177,10 @@ on_notify_authority_owner (GObject *object, owner = polkit_authority_get_owner (server->authority); if (owner == NULL) { - g_printerr ("PolicyKit daemon disconnected from the bus.\n"); + g_debug ("PolicyKit daemon disconnected from the bus.\n"); if (server->is_registered) - g_printerr ("We are no longer a registered authentication agent.\n"); + g_debug ("We are no longer a registered authentication agent.\n"); server->is_registered = FALSE; } @@ -191,17 +191,17 @@ on_notify_authority_owner (GObject *object, { GError *error; - g_printerr ("PolicyKit daemon reconnected to bus.\n"); - g_printerr ("Attempting to re-register as an authentication agent.\n"); + g_debug ("PolicyKit daemon reconnected to bus.\n"); + g_debug ("Attempting to re-register as an authentication agent.\n"); error = NULL; if (server_register (server, &error)) { - g_printerr ("We are now a registered authentication agent.\n"); + g_debug ("We are now a registered authentication agent.\n"); } else { - g_printerr ("Failed to register as an authentication agent: %s\n", error->message); + g_debug ("Failed to register as an authentication agent: %s\n", error->message); g_error_free (error); } } -- cgit v1.2.3 From 1444e207ac6f3ac881fe598002529e18267a951f Mon Sep 17 00:00:00 2001 From: Jan Rybar Date: Wed, 15 Aug 2018 18:56:43 +0200 Subject: Error message raised on every 'systemctl start' in emergency.target Superuser should know that polkit is not running in emergency.target. If not, basic info with debug sources is offered instead of error message. Other usecases taken into account. Origin: upstream, 0.116, commit:8c1bc8ab182f33a55503d30aa7a4ee96f822d903 Gbp-Pq: Topic 0.116 Gbp-Pq: Name Error-message-raised-on-every-systemctl-start-in-emergenc.patch --- src/programs/pkttyagent.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/programs/pkttyagent.c b/src/programs/pkttyagent.c index 488ca8b2..fe747657 100644 --- a/src/programs/pkttyagent.c +++ b/src/programs/pkttyagent.c @@ -180,7 +180,8 @@ main (int argc, char *argv[]) authority = polkit_authority_get_sync (NULL /* GCancellable* */, &error); if (authority == NULL) { - g_printerr ("Error getting authority: %s (%s, %d)\n", + g_printerr ("Authorization not available. Check if polkit service is running or see debug message for more information.\n"); + g_debug ("Error getting authority: %s (%s, %d)\n", error->message, g_quark_to_string (error->domain), error->code); g_error_free (error); ret = 127; -- cgit v1.2.3 From b0d4c4d2c15b52e307d0e23e14cbf908ea08e5f5 Mon Sep 17 00:00:00 2001 From: Richard Hughes Date: Thu, 19 Oct 2017 13:43:22 +0100 Subject: Fix a critical warning on calling polkit_permission_new_sync with no system bus Origin: upstream, 0.116, commit:984d16e6d21c6d6b0fc28d4fe7fe82575a43c95b Gbp-Pq: Topic 0.116 Gbp-Pq: Name Fix-a-critical-warning-on-calling-polkit_permission_new_s.patch --- src/polkit/polkitpermission.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/src/polkit/polkitpermission.c b/src/polkit/polkitpermission.c index f264094d..d4b24591 100644 --- a/src/polkit/polkitpermission.c +++ b/src/polkit/polkitpermission.c @@ -137,10 +137,13 @@ polkit_permission_finalize (GObject *object) g_free (permission->tmp_authz_id); g_object_unref (permission->subject); - g_signal_handlers_disconnect_by_func (permission->authority, - on_authority_changed, - permission); - g_object_unref (permission->authority); + if (permission->authority != NULL) + { + g_signal_handlers_disconnect_by_func (permission->authority, + on_authority_changed, + permission); + g_object_unref (permission->authority); + } if (G_OBJECT_CLASS (polkit_permission_parent_class)->finalize != NULL) G_OBJECT_CLASS (polkit_permission_parent_class)->finalize (object); -- cgit v1.2.3 From bdcb05725422b09099abb12114f7f5e20d002593 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Mon, 3 Dec 2018 10:28:58 +0100 Subject: Allow negative uids/gids in PolkitUnixUser and Group objects (uid_t) -1 is still used as placeholder to mean "unset". This is OK, since there should be no users with such number, see https://systemd.io/UIDS-GIDS#special-linux-uids. (uid_t) -1 is used as the default value in class initialization. When a user or group above INT32_MAX is created, the numeric uid or gid wraps around to negative when the value is assigned to gint, and polkit gets confused. Let's accept such gids, except for -1. A nicer fix would be to change the underlying type to e.g. uint32 to not have negative values. But this cannot be done without breaking the API, so likely new functions will have to be added (a polkit_unix_user_new variant that takes a unsigned, and the same for _group_new, _set_uid, _get_uid, _set_gid, _get_gid, etc.). This will require a bigger patch. Fixes https://gitlab.freedesktop.org/polkit/polkit/issues/74. (cherry picked from commit 2cb40c4d5feeaa09325522bd7d97910f1b59e379) Gbp-Pq: Topic 0.116 Gbp-Pq: Name Allow-negative-uids-gids-in-PolkitUnixUser-and-Group-obje.patch --- src/polkit/polkitunixgroup.c | 15 +++++++++++---- src/polkit/polkitunixprocess.c | 12 ++++++++---- src/polkit/polkitunixuser.c | 13 ++++++++++--- 3 files changed, 29 insertions(+), 11 deletions(-) diff --git a/src/polkit/polkitunixgroup.c b/src/polkit/polkitunixgroup.c index c57a1aaa..309f6891 100644 --- a/src/polkit/polkitunixgroup.c +++ b/src/polkit/polkitunixgroup.c @@ -71,6 +71,7 @@ G_DEFINE_TYPE_WITH_CODE (PolkitUnixGroup, polkit_unix_group, G_TYPE_OBJECT, static void polkit_unix_group_init (PolkitUnixGroup *unix_group) { + unix_group->gid = -1; /* (git_t) -1 is not a valid GID under Linux */ } static void @@ -100,11 +101,14 @@ polkit_unix_group_set_property (GObject *object, GParamSpec *pspec) { PolkitUnixGroup *unix_group = POLKIT_UNIX_GROUP (object); + gint val; switch (prop_id) { case PROP_GID: - unix_group->gid = g_value_get_int (value); + val = g_value_get_int (value); + g_return_if_fail (val != -1); + unix_group->gid = val; break; default: @@ -131,9 +135,9 @@ polkit_unix_group_class_init (PolkitUnixGroupClass *klass) g_param_spec_int ("gid", "Group ID", "The UNIX group ID", - 0, + G_MININT, G_MAXINT, - 0, + -1, G_PARAM_CONSTRUCT | G_PARAM_READWRITE | G_PARAM_STATIC_NAME | @@ -166,9 +170,10 @@ polkit_unix_group_get_gid (PolkitUnixGroup *group) */ void polkit_unix_group_set_gid (PolkitUnixGroup *group, - gint gid) + gint gid) { g_return_if_fail (POLKIT_IS_UNIX_GROUP (group)); + g_return_if_fail (gid != -1); group->gid = gid; } @@ -183,6 +188,8 @@ polkit_unix_group_set_gid (PolkitUnixGroup *group, PolkitIdentity * polkit_unix_group_new (gint gid) { + g_return_val_if_fail (gid != -1, NULL); + return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_GROUP, "gid", gid, NULL)); diff --git a/src/polkit/polkitunixprocess.c b/src/polkit/polkitunixprocess.c index 464f034c..02a083f7 100644 --- a/src/polkit/polkitunixprocess.c +++ b/src/polkit/polkitunixprocess.c @@ -147,9 +147,14 @@ polkit_unix_process_set_property (GObject *object, polkit_unix_process_set_pid (unix_process, g_value_get_int (value)); break; - case PROP_UID: - polkit_unix_process_set_uid (unix_process, g_value_get_int (value)); + case PROP_UID: { + gint val; + + val = g_value_get_int (value); + g_return_if_fail (val != -1); + polkit_unix_process_set_uid (unix_process, val); break; + } case PROP_START_TIME: polkit_unix_process_set_start_time (unix_process, g_value_get_uint64 (value)); @@ -227,7 +232,7 @@ polkit_unix_process_class_init (PolkitUnixProcessClass *klass) g_param_spec_int ("uid", "User ID", "The UNIX user ID", - -1, + G_MININT, G_MAXINT, -1, G_PARAM_CONSTRUCT | @@ -291,7 +296,6 @@ polkit_unix_process_set_uid (PolkitUnixProcess *process, gint uid) { g_return_if_fail (POLKIT_IS_UNIX_PROCESS (process)); - g_return_if_fail (uid >= -1); process->uid = uid; } diff --git a/src/polkit/polkitunixuser.c b/src/polkit/polkitunixuser.c index 8bfd3a1f..234a6976 100644 --- a/src/polkit/polkitunixuser.c +++ b/src/polkit/polkitunixuser.c @@ -72,6 +72,7 @@ G_DEFINE_TYPE_WITH_CODE (PolkitUnixUser, polkit_unix_user, G_TYPE_OBJECT, static void polkit_unix_user_init (PolkitUnixUser *unix_user) { + unix_user->uid = -1; /* (uid_t) -1 is not a valid UID under Linux */ unix_user->name = NULL; } @@ -112,11 +113,14 @@ polkit_unix_user_set_property (GObject *object, GParamSpec *pspec) { PolkitUnixUser *unix_user = POLKIT_UNIX_USER (object); + gint val; switch (prop_id) { case PROP_UID: - unix_user->uid = g_value_get_int (value); + val = g_value_get_int (value); + g_return_if_fail (val != -1); + unix_user->uid = val; break; default: @@ -144,9 +148,9 @@ polkit_unix_user_class_init (PolkitUnixUserClass *klass) g_param_spec_int ("uid", "User ID", "The UNIX user ID", - 0, + G_MININT, G_MAXINT, - 0, + -1, G_PARAM_CONSTRUCT | G_PARAM_READWRITE | G_PARAM_STATIC_NAME | @@ -182,6 +186,7 @@ polkit_unix_user_set_uid (PolkitUnixUser *user, gint uid) { g_return_if_fail (POLKIT_IS_UNIX_USER (user)); + g_return_if_fail (uid != -1); user->uid = uid; } @@ -196,6 +201,8 @@ polkit_unix_user_set_uid (PolkitUnixUser *user, PolkitIdentity * polkit_unix_user_new (gint uid) { + g_return_val_if_fail (uid != -1, NULL); + return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_USER, "uid", uid, NULL)); -- cgit v1.2.3 From e9dc89e247ce01a0cb2ef96138b0068056192478 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Mon, 3 Dec 2018 11:20:34 +0100 Subject: tests: add tests for high uids Modified by Marc Deslauriers for polkit 105 (cherry picked from commit b534a10727455409acd54018a9c91000e7626126) Gbp-Pq: Topic 0.116 Gbp-Pq: Name tests-add-tests-for-high-uids.patch --- test/data/etc/group | 1 + test/data/etc/passwd | 2 ++ .../localauthority/10-test/com.example.pkla | 13 +++++++ .../polkitbackendlocalauthoritytest.c | 41 +++++++++++++++++++++- 4 files changed, 56 insertions(+), 1 deletion(-) diff --git a/test/data/etc/group b/test/data/etc/group index 12ef328b..b9acab97 100644 --- a/test/data/etc/group +++ b/test/data/etc/group @@ -5,3 +5,4 @@ john:x:500: jane:x:501: sally:x:502: henry:x:503: +highuid2:x:4000000000: diff --git a/test/data/etc/passwd b/test/data/etc/passwd index 8544febc..5cf14a56 100644 --- a/test/data/etc/passwd +++ b/test/data/etc/passwd @@ -3,3 +3,5 @@ john:x:500:500:John Done:/home/john:/bin/bash jane:x:501:501:Jane Smith:/home/jane:/bin/bash sally:x:502:502:Sally Derp:/home/sally:/bin/bash henry:x:503:503:Henry Herp:/home/henry:/bin/bash +highuid1:x:2147483648:2147483648:The first high uid:/home/highuid1:/sbin/nologin +highuid2:x:4000000000:4000000000:An example high uid:/home/example:/sbin/nologin diff --git a/test/data/etc/polkit-1/localauthority/10-test/com.example.pkla b/test/data/etc/polkit-1/localauthority/10-test/com.example.pkla index bc64c5e9..a35f9a37 100644 --- a/test/data/etc/polkit-1/localauthority/10-test/com.example.pkla +++ b/test/data/etc/polkit-1/localauthority/10-test/com.example.pkla @@ -12,3 +12,16 @@ ResultAny=no ResultInactive=auth_self ResultActive=yes +[User john can do this] +Identity=unix-user:john +Action=net.company.john_action +ResultAny=no +ResultInactive=auth_self +ResultActive=yes + +[User highuid2 can do this] +Identity=unix-user:highuid2 +Action=net.company.highuid2_action +ResultAny=no +ResultInactive=auth_self +ResultActive=yes diff --git a/test/polkitbackend/polkitbackendlocalauthoritytest.c b/test/polkitbackend/polkitbackendlocalauthoritytest.c index 617c2549..b0bfefef 100644 --- a/test/polkitbackend/polkitbackendlocalauthoritytest.c +++ b/test/polkitbackend/polkitbackendlocalauthoritytest.c @@ -226,7 +226,46 @@ struct auth_context check_authorization_test_data [] = { {"unix-user:jane", TRUE, TRUE, "com.example.awesomeproduct.bar", POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED}, - + /* highuid1 is not a member of group 'users', see test/data/etc/group + * group_membership_with_non_member(highuid22) */ + {"unix-user:highuid2", TRUE, TRUE, "com.example.awesomeproduct.foo", + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN}, + /* highuid2 is not a member of group 'users', see test/data/etc/group + * group_membership_with_non_member(highuid21) */ + {"unix-user:highuid2", TRUE, TRUE, "com.example.awesomeproduct.foo", + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN}, + /* highuid1 is not a member of group 'users', see test/data/etc/group + * group_membership_with_non_member(highuid24) */ + {"unix-user:2147483648", TRUE, TRUE, "com.example.awesomeproduct.foo", + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN}, + /* highuid2 is not a member of group 'users', see test/data/etc/group + * group_membership_with_non_member(highuid23) */ + {"unix-user:4000000000", TRUE, TRUE, "com.example.awesomeproduct.foo", + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN}, + /* john is authorized to do this, see com.example.pkla + * john_action */ + {"unix-user:john", TRUE, TRUE, "net.company.john_action", + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, + POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED}, + /* only john is authorized to do this, see com.example.pkla + * jane_action */ + {"unix-user:jane", TRUE, TRUE, "net.company.john_action", + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN}, + /* highuid2 is authorized to do this, see com.example.pkla + * highuid2_action */ + {"unix-user:highuid2", TRUE, TRUE, "net.company.highuid2_action", + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, + POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED}, + /* only highuid2 is authorized to do this, see com.example.pkla + * highuid1_action */ + {"unix-user:highuid1", TRUE, TRUE, "net.company.highuid2_action", + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN}, {NULL}, }; -- cgit v1.2.3 From c424704be953c29840b8250a42e65bbf9381ce22 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Fri, 4 Jan 2019 14:24:48 -0500 Subject: backend: Compare PolkitUnixProcess uids for temporary authorizations It turns out that the combination of `(pid, start time)` is not enough to be unique. For temporary authorizations, we can avoid separate users racing on pid reuse by simply comparing the uid. https://bugs.chromium.org/p/project-zero/issues/detail?id=1692 And the above original email report is included in full in a new comment. Reported-by: Jann Horn Bug: https://gitlab.freedesktop.org/polkit/polkit/issues/75 Origin: upstream, 0.116, commit:6cc6aafee135ba44ea748250d7d29b562ca190e3 Gbp-Pq: Topic 0.116 Gbp-Pq: Name backend-Compare-PolkitUnixProcess-uids-for-temporary-auth.patch --- src/polkit/polkitsubject.c | 2 + src/polkit/polkitunixprocess.c | 71 +++++++++++++++++++++- .../polkitbackendinteractiveauthority.c | 39 +++++++++++- 3 files changed, 110 insertions(+), 2 deletions(-) diff --git a/src/polkit/polkitsubject.c b/src/polkit/polkitsubject.c index 78ec745a..fadcfe9b 100644 --- a/src/polkit/polkitsubject.c +++ b/src/polkit/polkitsubject.c @@ -99,6 +99,8 @@ polkit_subject_hash (PolkitSubject *subject) * @b: A #PolkitSubject. * * Checks if @a and @b are equal, ie. represent the same subject. + * However, avoid calling polkit_subject_equal() to compare two processes; + * for more information see the `PolkitUnixProcess` documentation. * * This function can be used in e.g. g_hash_table_new(). * diff --git a/src/polkit/polkitunixprocess.c b/src/polkit/polkitunixprocess.c index 02a083f7..fc5afa1c 100644 --- a/src/polkit/polkitunixprocess.c +++ b/src/polkit/polkitunixprocess.c @@ -44,7 +44,10 @@ * @title: PolkitUnixProcess * @short_description: Unix processs * - * An object for representing a UNIX process. + * An object for representing a UNIX process. NOTE: This object as + * designed is now known broken; a mechanism to exploit a delay in + * start time in the Linux kernel was identified. Avoid + * calling polkit_subject_equal() to compare two processes. * * To uniquely identify processes, both the process id and the start * time of the process (a monotonic increasing value representing the @@ -59,6 +62,72 @@ * polkit_unix_process_new_for_owner() with trusted data. */ +/* See https://gitlab.freedesktop.org/polkit/polkit/issues/75 + + But quoting the original email in full here to ensure it's preserved: + + From: Jann Horn + Subject: [SECURITY] polkit: temporary auth hijacking via PID reuse and non-atomic fork + Date: Wednesday, October 10, 2018 5:34 PM + +When a (non-root) user attempts to e.g. control systemd units in the system +instance from an active session over DBus, the access is gated by a polkit +policy that requires "auth_admin_keep" auth. This results in an auth prompt +being shown to the user, asking the user to confirm the action by entering the +password of an administrator account. + +After the action has been confirmed, the auth decision for "auth_admin_keep" is +cached for up to five minutes. Subject to some restrictions, similar actions can +then be performed in this timespan without requiring re-auth: + + - The PID of the DBus client requesting the new action must match the PID of + the DBus client requesting the old action (based on SO_PEERCRED information + forwarded by the DBus daemon). + - The "start time" of the client's PID (as seen in /proc/$pid/stat, field 22) + must not have changed. The granularity of this timestamp is in the + millisecond range. + - polkit polls every two seconds whether a process with the expected start time + still exists. If not, the temporary auth entry is purged. + +Without the start time check, this would obviously be buggy because an attacker +could simply wait for the legitimate client to disappear, then create a new +client with the same PID. + +Unfortunately, the start time check is bypassable because fork() is not atomic. +Looking at the source code of copy_process() in the kernel: + + p->start_time = ktime_get_ns(); + p->real_start_time = ktime_get_boot_ns(); + [...] + retval = copy_thread_tls(clone_flags, stack_start, stack_size, p, tls); + if (retval) + goto bad_fork_cleanup_io; + + if (pid != &init_struct_pid) { + pid = alloc_pid(p->nsproxy->pid_ns_for_children); + if (IS_ERR(pid)) { + retval = PTR_ERR(pid); + goto bad_fork_cleanup_thread; + } + } + +The ktime_get_boot_ns() call is where the "start time" of the process is +recorded. The alloc_pid() call is where a free PID is allocated. In between +these, some time passes; and because the copy_thread_tls() call between them can +access userspace memory when sys_clone() is invoked through the 32-bit syscall +entry point, an attacker can even stall the kernel arbitrarily long at this +point (by supplying a pointer into userspace memory that is associated with a +userfaultfd or is backed by a custom FUSE filesystem). + +This means that an attacker can immediately call sys_clone() when the victim +process is created, often resulting in a process that has the exact same start +time reported in procfs; and then the attacker can delay the alloc_pid() call +until after the victim process has died and the PID assignment has cycled +around. This results in an attacker process that polkit can't distinguish from +the victim process. +*/ + + /** * PolkitUnixProcess: * diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c index 97a8d800..1e17dfd5 100644 --- a/src/polkitbackend/polkitbackendinteractiveauthority.c +++ b/src/polkitbackend/polkitbackendinteractiveauthority.c @@ -2870,6 +2870,43 @@ temporary_authorization_store_free (TemporaryAuthorizationStore *store) g_free (store); } +/* See the comment at the top of polkitunixprocess.c */ +static gboolean +subject_equal_for_authz (PolkitSubject *a, + PolkitSubject *b) +{ + if (!polkit_subject_equal (a, b)) + return FALSE; + + /* Now special case unix processes, as we want to protect against + * pid reuse by including the UID. + */ + if (POLKIT_IS_UNIX_PROCESS (a) && POLKIT_IS_UNIX_PROCESS (b)) { + PolkitUnixProcess *ap = (PolkitUnixProcess*)a; + int uid_a = polkit_unix_process_get_uid ((PolkitUnixProcess*)a); + PolkitUnixProcess *bp = (PolkitUnixProcess*)b; + int uid_b = polkit_unix_process_get_uid ((PolkitUnixProcess*)b); + + if (uid_a != -1 && uid_b != -1) + { + if (uid_a == uid_b) + { + return TRUE; + } + else + { + g_printerr ("denying slowfork; pid %d uid %d != %d!\n", + polkit_unix_process_get_pid (ap), + uid_a, uid_b); + return FALSE; + } + } + /* Fall through; one of the uids is unset so we can't reliably compare */ + } + + return TRUE; +} + static gboolean temporary_authorization_store_has_authorization (TemporaryAuthorizationStore *store, PolkitSubject *subject, @@ -2912,7 +2949,7 @@ temporary_authorization_store_has_authorization (TemporaryAuthorizationStore *st TemporaryAuthorization *authorization = l->data; if (strcmp (action_id, authorization->action_id) == 0 && - polkit_subject_equal (subject_to_use, authorization->subject)) + subject_equal_for_authz (subject_to_use, authorization->subject)) { ret = TRUE; if (out_tmp_authz_id != NULL) -- cgit v1.2.3 From 5e6e4aea1c7e695bdfc42931a4d0a0d394b6d07f Mon Sep 17 00:00:00 2001 From: Matthew Leeds Date: Tue, 11 Dec 2018 12:04:26 -0800 Subject: Allow uid of -1 for a PolkitUnixProcess Commit 2cb40c4d5 changed PolkitUnixUser, PolkitUnixGroup, and PolkitUnixProcess to allow negative values for their uid/gid properties, since these are values above INT_MAX which wrap around but are still valid, with the exception of -1 which is not valid. However, PolkitUnixProcess allows a uid of -1 to be passed to polkit_unix_process_new_for_owner() which means polkit is expected to figure out the uid on its own (this happens in the _constructed function). So this commit removes the check in polkit_unix_process_set_property() so that new_for_owner() can be used as documented without producing a critical error message. This does not affect the protection against CVE-2018-19788 which is based on creating a user with a UID up to but not including 4294967295 (-1). Gbp-Pq: Topic 0.116 Gbp-Pq: Name Allow-uid-of-1-for-a-PolkitUnixProcess.patch --- src/polkit/polkitunixprocess.c | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/src/polkit/polkitunixprocess.c b/src/polkit/polkitunixprocess.c index fc5afa1c..53537fa5 100644 --- a/src/polkit/polkitunixprocess.c +++ b/src/polkit/polkitunixprocess.c @@ -216,14 +216,9 @@ polkit_unix_process_set_property (GObject *object, polkit_unix_process_set_pid (unix_process, g_value_get_int (value)); break; - case PROP_UID: { - gint val; - - val = g_value_get_int (value); - g_return_if_fail (val != -1); - polkit_unix_process_set_uid (unix_process, val); + case PROP_UID: + polkit_unix_process_set_uid (unix_process, g_value_get_int (value)); break; - } case PROP_START_TIME: polkit_unix_process_set_start_time (unix_process, g_value_get_uint64 (value)); -- cgit v1.2.3 From 5e030bd851a91ad4009e73e6ddf2438d3ac6a272 Mon Sep 17 00:00:00 2001 From: Jan Rybar Date: Fri, 15 Mar 2019 16:07:53 +0000 Subject: pkttyagent: PolkitAgentTextListener leaves echo tty disabled if SIGINT/SIGTERM If no password is typed into terminal during authentication raised by PolkitAgentTextListener, pkttyagent sends kill (it receives from systemctl/hostnamectl e.g.) without chance to restore echoing back on. This cannot be done in on_request() since it's run in a thread without guarantee the signal is distributed there. Origin: upstream, 0.116, commit:bfb722bbe5a503095cc7e860f282b142f5aa75f1 Gbp-Pq: Topic 0.116 Gbp-Pq: Name pkttyagent-PolkitAgentTextListener-leaves-echo-tty-disabl.patch --- src/programs/pkttyagent.c | 57 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 57 insertions(+) diff --git a/src/programs/pkttyagent.c b/src/programs/pkttyagent.c index fe747657..eaccc058 100644 --- a/src/programs/pkttyagent.c +++ b/src/programs/pkttyagent.c @@ -24,6 +24,10 @@ #endif #include +#include +#include +#include +#include #include #define POLKIT_AGENT_I_KNOW_API_IS_SUBJECT_TO_CHANGE #include @@ -47,6 +51,36 @@ usage (int argc, char *argv[]) } +static volatile sig_atomic_t tty_flags_saved; +struct termios ts; +FILE *tty = NULL; +struct sigaction savesigterm, savesigint, savesigtstp; + + +static void tty_handler(int signal) +{ + switch (signal) + { + case SIGTERM: + sigaction (SIGTERM, &savesigterm, NULL); + break; + case SIGINT: + sigaction (SIGINT, &savesigint, NULL); + break; + case SIGTSTP: + sigaction (SIGTSTP, &savesigtstp, NULL); + break; + } + + if (tty_flags_saved) + { + tcsetattr (fileno (tty), TCSAFLUSH, &ts); + } + + kill(getpid(), signal); +} + + int main (int argc, char *argv[]) { @@ -64,6 +98,8 @@ main (int argc, char *argv[]) guint ret = 126; gint notify_fd = -1; GVariantBuilder builder; + struct sigaction sa; + const char *tty_name = NULL; g_type_init (); @@ -232,6 +268,27 @@ main (int argc, char *argv[]) } } +/* Bash leaves tty echo disabled if SIGINT/SIGTERM comes to polkitagenttextlistener.c::on_request(), + but due to threading the handlers cannot take care of the signal there. + Though if controlling terminal cannot be found, the world won't stop spinning. +*/ + tty_name = ctermid(NULL); + if (tty_name != NULL) + { + tty = fopen(tty_name, "r+"); + } + + if (tty != NULL && !tcgetattr (fileno (tty), &ts)) + { + tty_flags_saved = TRUE; + } + + memset (&sa, 0, sizeof (sa)); + sa.sa_handler = &tty_handler; + sigaction (SIGTERM, &sa, &savesigterm); + sigaction (SIGINT, &sa, &savesigint); + sigaction (SIGTSTP, &sa, &savesigtstp); + loop = g_main_loop_new (NULL, FALSE); g_main_loop_run (loop); -- cgit v1.2.3 From 09bde7cacc02586048884a91551c40e29ce20204 Mon Sep 17 00:00:00 2001 From: Michael Biebl Date: Tue, 2 Oct 2007 22:38:04 +0200 Subject: Use Debian's common-* PAM infrastructure, plus pam_env Forwarded: no, Debian-specific Gbp-Pq: Name 01_pam_polkit.patch --- data/polkit-1.in | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/data/polkit-1.in b/data/polkit-1.in index 142dadd3..6f8af2a0 100644 --- a/data/polkit-1.in +++ b/data/polkit-1.in @@ -1,6 +1,8 @@ #%PAM-1.0 -auth include @PAM_FILE_INCLUDE_AUTH@ -account include @PAM_FILE_INCLUDE_ACCOUNT@ -password include @PAM_FILE_INCLUDE_PASSWORD@ -session include @PAM_FILE_INCLUDE_SESSION@ +@include common-auth +@include common-account +@include common-password +session required pam_env.so readenv=1 user_readenv=0 +session required pam_env.so readenv=1 envfile=/etc/default/locale user_readenv=0 +@include common-session-noninteractive -- cgit v1.2.3 From 7e4a0baa611a7dd5090ac4d34e044eab33067c12 Mon Sep 17 00:00:00 2001 From: Robert Ancell Date: Wed, 18 Aug 2010 16:26:15 +1000 Subject: Use gettext for translations in .policy files Bug: http://bugs.freedesktop.org/show_bug.cgi?id=29639 Bug-Ubuntu: https://launchpad.net/bugs/619632 Gbp-Pq: Name 02_gettext.patch --- src/polkitbackend/polkitbackendactionpool.c | 49 +++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) diff --git a/src/polkitbackend/polkitbackendactionpool.c b/src/polkitbackend/polkitbackendactionpool.c index b16ed2f9..3b0e4008 100644 --- a/src/polkitbackend/polkitbackendactionpool.c +++ b/src/polkitbackend/polkitbackendactionpool.c @@ -24,6 +24,8 @@ #include #include #include +#include +#include #include #include @@ -44,7 +46,9 @@ typedef struct gchar *vendor_url; gchar *icon_name; gchar *description; + gchar *description_domain; gchar *message; + gchar *message_domain; PolkitImplicitAuthorization implicit_authorization_any; PolkitImplicitAuthorization implicit_authorization_inactive; @@ -65,7 +69,9 @@ parsed_action_free (ParsedAction *action) g_free (action->vendor_url); g_free (action->icon_name); g_free (action->description); + g_free (action->description_domain); g_free (action->message); + g_free (action->message_domain); g_hash_table_unref (action->localized_description); g_hash_table_unref (action->localized_message); @@ -85,6 +91,7 @@ static void ensure_all_files (PolkitBackendActionPool *pool); static const gchar *_localize (GHashTable *translations, const gchar *untranslated, + const gchar *domain, const gchar *lang); typedef struct @@ -385,9 +392,11 @@ polkit_backend_action_pool_get_action (PolkitBackendActionPool *pool, description = _localize (parsed_action->localized_description, parsed_action->description, + parsed_action->description_domain, locale); message = _localize (parsed_action->localized_message, parsed_action->message, + parsed_action->message_domain, locale); ret = polkit_action_description_new (action_id, @@ -603,11 +612,16 @@ typedef struct { GHashTable *policy_messages; char *policy_description_nolang; + char *policy_description_domain; char *policy_message_nolang; + char *policy_message_domain; /* the value of xml:lang for the thing we're reading in _cdata() */ char *elem_lang; + /* the value of gettext-domain for the thing we're reading in _cdata() */ + char *elem_domain; + char *annotate_key; GHashTable *annotations; @@ -629,8 +643,12 @@ pd_unref_action_data (ParserData *pd) g_free (pd->policy_description_nolang); pd->policy_description_nolang = NULL; + g_free (pd->policy_description_domain); + pd->policy_description_domain = NULL; g_free (pd->policy_message_nolang); pd->policy_message_nolang = NULL; + g_free (pd->policy_message_domain); + pd->policy_message_domain = NULL; if (pd->policy_descriptions != NULL) { g_hash_table_unref (pd->policy_descriptions); @@ -650,6 +668,8 @@ pd_unref_action_data (ParserData *pd) } g_free (pd->elem_lang); pd->elem_lang = NULL; + g_free (pd->elem_domain); + pd->elem_domain = NULL; } static void @@ -737,6 +757,10 @@ _start (void *data, const char *el, const char **attr) { pd->elem_lang = g_strdup (attr[1]); } + if (num_attr == 2 && strcmp (attr[0], "gettext-domain") == 0) + { + pd->elem_domain = g_strdup (attr[1]); + } state = STATE_IN_ACTION_DESCRIPTION; } else if (strcmp (el, "message") == 0) @@ -745,6 +769,10 @@ _start (void *data, const char *el, const char **attr) { pd->elem_lang = g_strdup (attr[1]); } + if (num_attr == 2 && strcmp (attr[0], "gettext-domain") == 0) + { + pd->elem_domain = g_strdup (attr[1]); + } state = STATE_IN_ACTION_MESSAGE; } else if (strcmp (el, "vendor") == 0 && num_attr == 0) @@ -847,6 +875,7 @@ _cdata (void *data, const char *s, int len) { g_free (pd->policy_description_nolang); pd->policy_description_nolang = str; + pd->policy_description_domain = g_strdup (pd->elem_domain); str = NULL; } else @@ -863,6 +892,7 @@ _cdata (void *data, const char *s, int len) { g_free (pd->policy_message_nolang); pd->policy_message_nolang = str; + pd->policy_message_domain = g_strdup (pd->elem_domain); str = NULL; } else @@ -960,6 +990,8 @@ _end (void *data, const char *el) g_free (pd->elem_lang); pd->elem_lang = NULL; + g_free (pd->elem_domain); + pd->elem_domain = NULL; switch (pd->state) { @@ -990,7 +1022,9 @@ _end (void *data, const char *el) action->vendor_url = g_strdup (vendor_url); action->icon_name = g_strdup (icon_name); action->description = g_strdup (pd->policy_description_nolang); + action->description_domain = g_strdup (pd->policy_description_domain); action->message = g_strdup (pd->policy_message_nolang); + action->message_domain = g_strdup (pd->policy_message_domain); action->localized_description = pd->policy_descriptions; action->localized_message = pd->policy_messages; @@ -1093,6 +1127,7 @@ error: * _localize: * @translations: a mapping from xml:lang to the value, e.g. 'da' -> 'Smadre', 'en_CA' -> 'Punch, Aye!' * @untranslated: the untranslated value, e.g. 'Punch' + * @domain: the gettext domain for this string. Make be NULL. * @lang: the locale we're interested in, e.g. 'da_DK', 'da', 'en_CA', 'en_US'; basically just $LANG * with the encoding cut off. Maybe be NULL. * @@ -1103,11 +1138,25 @@ error: static const gchar * _localize (GHashTable *translations, const gchar *untranslated, + const gchar *domain, const gchar *lang) { const gchar *result; gchar **langs; guint n; + + if (domain != NULL) + { + gchar *old_locale; + + old_locale = g_strdup (setlocale (LC_ALL, NULL)); + setlocale (LC_ALL, lang); + result = dgettext (domain, untranslated); + setlocale (LC_ALL, old_locale); + g_free (old_locale); + + goto out; + } if (lang == NULL) { -- cgit v1.2.3 From 1329234e60222cef1a01a6ca5847ff039b7be3be Mon Sep 17 00:00:00 2001 From: Michael Biebl Date: Fri, 9 Dec 2011 00:31:21 +0100 Subject: Revert "Default to AdminIdentities=unix-group:wheel for local authority" This reverts commit 763faf434b445c20ae9529100d3ef5290976d0c9. On Red Hat derivatives, every member of group 'wheel' is necessarily privileged. On Debian derivatives, there is no wheel group, and gid 0 (root) is not used in this way. Change the default rule to consider uid 0 to be privileged, instead. On Red Hat derivatives, 50-default.rules is not preserved by upgrades; on dpkg-based systems, it is a proper conffile and may be edited (at the sysadmin's own risk), so the comment about not editing it is misleading. [smcv: added longer explanation of why we make this change; remove unrelated cosmetic change to a man page] Forwarded: no, Debian-specific Gbp-Pq: Name 05_revert-admin-identities-unix-group-wheel.patch --- src/polkitbackend/50-localauthority.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/polkitbackend/50-localauthority.conf b/src/polkitbackend/50-localauthority.conf index 5e44bde0..20e0ba34 100644 --- a/src/polkitbackend/50-localauthority.conf +++ b/src/polkitbackend/50-localauthority.conf @@ -7,4 +7,4 @@ # [Configuration] -AdminIdentities=unix-group:wheel +AdminIdentities=unix-user:0 -- cgit v1.2.3 From c7a488dbe30a889f70d77226b5944e102585b2b7 Mon Sep 17 00:00:00 2001 From: Michael Biebl Date: Sat, 11 Feb 2012 23:48:29 +0100 Subject: Install systemd service file for polkitd. Forwarded: no, obsoleted by an upstream commit in 0.106 Gbp-Pq: Name 06_systemd-service.patch --- data/org.freedesktop.PolicyKit1.service.in | 1 + 1 file changed, 1 insertion(+) diff --git a/data/org.freedesktop.PolicyKit1.service.in b/data/org.freedesktop.PolicyKit1.service.in index b6cd02b6..fbceb3ff 100644 --- a/data/org.freedesktop.PolicyKit1.service.in +++ b/data/org.freedesktop.PolicyKit1.service.in @@ -2,3 +2,4 @@ Name=org.freedesktop.PolicyKit1 Exec=@libexecdir@/polkitd --no-debug User=root +SystemdService=polkit.service -- cgit v1.2.3 From 30b49012040a7207ced884c1d7f57707050978b6 Mon Sep 17 00:00:00 2001 From: Michael Biebl Date: Wed, 8 Jul 2015 02:08:33 +0200 Subject: Build against libsystemd Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779756 Forwarded: no, obsoleted by upstream commit 2291767a014f5a04a92ca6f0eb472794f212ca67 in 0.113 Gbp-Pq: Name 10_build-against-libsystemd.patch --- configure.ac | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/configure.ac b/configure.ac index 388605d2..f55ddb7f 100644 --- a/configure.ac +++ b/configure.ac @@ -160,7 +160,7 @@ AC_ARG_ENABLE([systemd], [enable_systemd=auto]) if test "$enable_systemd" != "no"; then PKG_CHECK_MODULES(SYSTEMD, - [libsystemd-login], + [libsystemd], have_systemd=yes, have_systemd=no) if test "$have_systemd" = "yes"; then @@ -171,7 +171,7 @@ if test "$enable_systemd" != "no"; then LIBS=$save_LIBS else if test "$enable_systemd" = "yes"; then - AC_MSG_ERROR([systemd support requested but libsystemd-login1 library not found]) + AC_MSG_ERROR([systemd support requested but libsystemd library not found]) fi fi fi -- cgit v1.2.3 From 0ed790ccf3b1b13d11be02e9932453286faff13e Mon Sep 17 00:00:00 2001 From: Michael Biebl Date: Tue, 27 Nov 2018 18:36:27 +0100 Subject: Move D-Bus policy file to /usr/share/dbus-1/system.d/ To better support stateless systems with an empty /etc, the old location in /etc/dbus-1/system.d/ should only be used for local admin changes. Package provided D-Bus policy files are supposed to be installed in /usr/share/dbus-1/system.d/. This is supported since dbus 1.9.18. https://lists.freedesktop.org/archives/dbus/2015-July/016746.html https://gitlab.freedesktop.org/polkit/polkit/merge_requests/11 Gbp-Pq: Name Move-D-Bus-policy-file-to-usr-share-dbus-1-system.d.patch --- data/Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/Makefile.am b/data/Makefile.am index e1a60aad..3d874390 100644 --- a/data/Makefile.am +++ b/data/Makefile.am @@ -9,7 +9,7 @@ service_DATA = $(service_in_files:.service.in=.service) $(service_DATA): $(service_in_files) Makefile @sed -e "s|\@libexecdir\@|$(libexecdir)|" $< > $@ -dbusconfdir = $(sysconfdir)/dbus-1/system.d +dbusconfdir = $(datadir)/dbus-1/system.d dbusconf_DATA = org.freedesktop.PolicyKit1.conf if POLKIT_AUTHFW_PAM -- cgit v1.2.3 From 523dace50561f64fe4675c4c1d63c5b9baaa20e9 Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Thu, 4 Jul 2019 14:12:44 +0100 Subject: Statically link libpolkit-backend1 into polkitd Nothing else in Debian depends on that library: in principle it was meant to be used for pluggable polkit backends, but those never actually happened, and the library's API was never declared stable. Similar to part of 0f830c76 "Nuke polkitbackend library, localauthority backend and extension system" upstream. Signed-off-by: Simon McVittie Gbp-Pq: Name Statically-link-libpolkit-backend1-into-polkitd.patch --- configure.ac | 1 - data/Makefile.am | 2 +- data/polkit-backend-1.pc.in | 11 ------ docs/man/polkit.xml | 6 --- docs/polkit/Makefile.am | 3 -- docs/polkit/polkit-1-docs.xml | 7 ---- docs/polkit/polkit-1-sections.txt | 80 --------------------------------------- docs/polkit/polkit-1.types | 9 ----- src/polkitbackend/Makefile.am | 13 +------ 9 files changed, 2 insertions(+), 130 deletions(-) delete mode 100644 data/polkit-backend-1.pc.in diff --git a/configure.ac b/configure.ac index f55ddb7f..abfdd1f3 100644 --- a/configure.ac +++ b/configure.ac @@ -439,7 +439,6 @@ actions/Makefile data/Makefile data/polkit-1 data/polkit-gobject-1.pc -data/polkit-backend-1.pc data/polkit-agent-1.pc src/Makefile src/polkit/Makefile diff --git a/data/Makefile.am b/data/Makefile.am index 3d874390..dad7c2f2 100644 --- a/data/Makefile.am +++ b/data/Makefile.am @@ -18,7 +18,7 @@ pam_DATA = polkit-1 endif pkgconfigdir = $(libdir)/pkgconfig -pkgconfig_DATA = polkit-gobject-1.pc polkit-backend-1.pc polkit-agent-1.pc +pkgconfig_DATA = polkit-gobject-1.pc polkit-agent-1.pc # ---------------------------------------------------------------------------------------------------- diff --git a/data/polkit-backend-1.pc.in b/data/polkit-backend-1.pc.in deleted file mode 100644 index 7f6197d9..00000000 --- a/data/polkit-backend-1.pc.in +++ /dev/null @@ -1,11 +0,0 @@ -prefix=@prefix@ -exec_prefix=@exec_prefix@ -libdir=@libdir@ -includedir=@includedir@ - -Name: polkit-backend-1 -Description: PolicyKit Backend API -Version: @VERSION@ -Libs: -L${libdir} -lpolkit-backend-1 -Cflags: -I${includedir}/polkit-1 -Requires: polkit-gobject-1 diff --git a/docs/man/polkit.xml b/docs/man/polkit.xml index 188c5141..7933779f 100644 --- a/docs/man/polkit.xml +++ b/docs/man/polkit.xml @@ -115,12 +115,6 @@ System Context | | PolicyKit D-Bus service. - - PolicyKit extensions and authority backends are implemented - using the - libpolkit-backend-1 library. - - See the developer diff --git a/docs/polkit/Makefile.am b/docs/polkit/Makefile.am index fd7123f6..c13372b4 100644 --- a/docs/polkit/Makefile.am +++ b/docs/polkit/Makefile.am @@ -31,8 +31,6 @@ INCLUDES = \ $(GIO_CFLAGS) \ -I$(top_srcdir)/src/polkit \ -I$(top_builddir)/src/polkit \ - -I$(top_srcdir)/src/polkitbackend \ - -I$(top_builddir)/src/polkitbackend \ -I$(top_srcdir)/src/polkitagent \ -I$(top_builddir)/src/polkitagent \ $(NULL) @@ -42,7 +40,6 @@ GTKDOC_LIBS = \ $(GLIB_LIBS) \ $(GIO_LIBS) \ $(top_builddir)/src/polkit/libpolkit-gobject-1.la \ - $(top_builddir)/src/polkitbackend/libpolkit-backend-1.la \ $(top_builddir)/src/polkitagent/libpolkit-agent-1.la \ $(NULL) diff --git a/docs/polkit/polkit-1-docs.xml b/docs/polkit/polkit-1-docs.xml index 21b3681e..ec04b263 100644 --- a/docs/polkit/polkit-1-docs.xml +++ b/docs/polkit/polkit-1-docs.xml @@ -47,13 +47,6 @@ - - Backend API Reference - - - - - Authentication Agent API Reference diff --git a/docs/polkit/polkit-1-sections.txt b/docs/polkit/polkit-1-sections.txt index 38810042..41b37e32 100644 --- a/docs/polkit/polkit-1-sections.txt +++ b/docs/polkit/polkit-1-sections.txt @@ -290,86 +290,6 @@ POLKIT_IS_DETAILS_CLASS POLKIT_DETAILS_GET_CLASS
-
-polkitbackendauthority -PolkitBackendAuthority -POLKIT_BACKEND_AUTHORITY_EXTENSION_POINT_NAME -PolkitBackendAuthority -PolkitBackendAuthorityClass -polkit_backend_authority_get_name -polkit_backend_authority_get_version -polkit_backend_authority_get_features -polkit_backend_authority_check_authorization -polkit_backend_authority_check_authorization_finish -polkit_backend_authority_register_authentication_agent -polkit_backend_authority_unregister_authentication_agent -polkit_backend_authority_authentication_agent_response -polkit_backend_authority_enumerate_actions -polkit_backend_authority_enumerate_temporary_authorizations -polkit_backend_authority_revoke_temporary_authorizations -polkit_backend_authority_revoke_temporary_authorization_by_id -polkit_backend_authority_get -polkit_backend_authority_register -polkit_backend_authority_unregister - -POLKIT_BACKEND_AUTHORITY -POLKIT_BACKEND_IS_AUTHORITY -POLKIT_BACKEND_TYPE_AUTHORITY -polkit_backend_authority_get_type -POLKIT_BACKEND_AUTHORITY_CLASS -POLKIT_BACKEND_IS_AUTHORITY_CLASS -POLKIT_BACKEND_AUTHORITY_GET_CLASS -
- -
-polkitbackendactionlookup -PolkitBackendActionLookup -POLKIT_BACKEND_ACTION_LOOKUP_EXTENSION_POINT_NAME -PolkitBackendActionLookup -PolkitBackendActionLookupIface -polkit_backend_action_lookup_get_message -polkit_backend_action_lookup_get_icon_name -polkit_backend_action_lookup_get_details - -POLKIT_BACKEND_ACTION_LOOKUP -POLKIT_BACKEND_IS_ACTION_LOOKUP -POLKIT_BACKEND_TYPE_ACTION_LOOKUP -polkit_backend_action_lookup_get_type -POLKIT_BACKEND_ACTION_LOOKUP_GET_IFACE -
- -
-polkitbackendlocalauthority -PolkitBackendLocalAuthority -PolkitBackendLocalAuthority -PolkitBackendLocalAuthorityClass - -POLKIT_BACKEND_LOCAL_AUTHORITY -POLKIT_BACKEND_IS_LOCAL_AUTHORITY -POLKIT_BACKEND_TYPE_LOCAL_AUTHORITY -polkit_backend_local_authority_get_type -POLKIT_BACKEND_LOCAL_AUTHORITY_CLASS -POLKIT_BACKEND_IS_LOCAL_AUTHORITY_CLASS -POLKIT_BACKEND_LOCAL_AUTHORITY_GET_CLASS -
- -
-polkitbackendinteractiveauthority -PolkitBackendInteractiveAuthority -PolkitBackendInteractiveAuthority -PolkitBackendInteractiveAuthorityClass -polkit_backend_interactive_authority_get_admin_identities -polkit_backend_interactive_authority_check_authorization_sync - -POLKIT_BACKEND_INTERACTIVE_AUTHORITY -POLKIT_BACKEND_IS_INTERACTIVE_AUTHORITY -POLKIT_BACKEND_TYPE_INTERACTIVE_AUTHORITY -polkit_backend_interactive_authority_get_type -POLKIT_BACKEND_INTERACTIVE_AUTHORITY_CLASS -POLKIT_BACKEND_IS_INTERACTIVE_AUTHORITY_CLASS -POLKIT_BACKEND_INTERACTIVE_AUTHORITY_GET_CLASS -
-
polkitagentsession PolkitAgentSession diff --git a/docs/polkit/polkit-1.types b/docs/polkit/polkit-1.types index b1e13cc5..6354d125 100644 --- a/docs/polkit/polkit-1.types +++ b/docs/polkit/polkit-1.types @@ -16,15 +16,6 @@ polkit_authorization_result_get_type polkit_temporary_authorization_get_type polkit_permission_get_type -polkit_backend_authority_get_type -polkit_backend_interactive_authority_get_type -polkit_backend_local_authority_get_type -polkit_backend_action_lookup_get_type -polkit_backend_action_pool_get_type -polkit_backend_session_monitor_get_type -polkit_backend_config_source_get_type -polkit_backend_local_authorization_store_get_type - polkit_agent_session_get_type polkit_agent_listener_get_type polkit_agent_text_listener_get_type diff --git a/src/polkitbackend/Makefile.am b/src/polkitbackend/Makefile.am index b91cafa9..cb25a6b5 100644 --- a/src/polkitbackend/Makefile.am +++ b/src/polkitbackend/Makefile.am @@ -16,18 +16,7 @@ INCLUDES = \ -D_REENTRANT \ $(NULL) -lib_LTLIBRARIES=libpolkit-backend-1.la - -libpolkit_backend_1includedir=$(includedir)/polkit-1/polkitbackend - -libpolkit_backend_1include_HEADERS = \ - polkitbackend.h \ - polkitbackendtypes.h \ - polkitbackendauthority.h \ - polkitbackendinteractiveauthority.h \ - polkitbackendlocalauthority.h \ - polkitbackendactionlookup.h \ - $(NULL) +noinst_LTLIBRARIES=libpolkit-backend-1.la libpolkit_backend_1_la_SOURCES = \ $(BUILT_SOURCES) \ -- cgit v1.2.3 From e60b5099c6fbfb177fe415243446a1acb7735a45 Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Thu, 4 Jul 2019 14:30:29 +0100 Subject: Remove example null backend There's no point in this now that we've removed the ability to extend polkit. Signed-off-by: Simon McVittie Gbp-Pq: Name Remove-example-null-backend.patch --- configure.ac | 1 - docs/polkit/overview.xml | 34 ---------------------------------- src/Makefile.am | 2 +- 3 files changed, 1 insertion(+), 36 deletions(-) diff --git a/configure.ac b/configure.ac index abfdd1f3..22b9a192 100644 --- a/configure.ac +++ b/configure.ac @@ -447,7 +447,6 @@ src/polkitagent/Makefile src/polkitd/Makefile src/programs/Makefile src/examples/Makefile -src/nullbackend/Makefile docs/version.xml docs/extensiondir.xml docs/Makefile diff --git a/docs/polkit/overview.xml b/docs/polkit/overview.xml index 8ddb34cc..92515794 100644 --- a/docs/polkit/overview.xml +++ b/docs/polkit/overview.xml @@ -91,38 +91,4 @@ information on standard output. - - - Extending polkit - - polkit exports a number of extension points to - replace/customize behavior of the polkit daemon. Note that - all extensions run with super user privileges in the same - process as the polkit daemon. - - - The polkit daemons loads extensions - from the &extensiondir; directory. See - the GIO Extension Point - documentation for more information about the extension - system used by polkit. - - - The following extension points are currently defined by - polkit: - - - - POLKIT_BACKEND_AUTHORITY_EXTENSION_POINT_NAME - - Allows replacing the Authority – the entity responsible for - making authorization decisions. Implementations of this - extension point must be derived from the - PolkitBackendAuthority class. See - the src/nullbackend/ directory in the - polkit sources for an example. - - - - diff --git a/src/Makefile.am b/src/Makefile.am index 28c7bfa8..3380fb2c 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -1,5 +1,5 @@ -SUBDIRS = polkit polkitbackend polkitagent polkitd nullbackend programs +SUBDIRS = polkit polkitbackend polkitagent polkitd programs if BUILD_EXAMPLES SUBDIRS += examples -- cgit v1.2.3 From 2f2c5f9f63a6b1208a7b4391dbe028327b255729 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Wed, 6 Jun 2012 09:05:14 -0400 Subject: agenthelper-pam: Fix newline-trimming code First, we were using == instead of =, as the author probably intended. But after changing that, we're now assigning to const memory. Fix that by writing to a temporary string buffer. Signed-off-by: David Zeuthen Origin: upstream, 0.106, commit:14121fda7e4fa9463c66ce419cc32be7e7f3b535 Gbp-Pq: Topic 0.106 Gbp-Pq: Name agenthelper-pam-Fix-newline-trimming-code.patch --- src/polkitagent/polkitagenthelper-pam.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/src/polkitagent/polkitagenthelper-pam.c b/src/polkitagent/polkitagenthelper-pam.c index 85a26718..7af5321e 100644 --- a/src/polkitagent/polkitagenthelper-pam.c +++ b/src/polkitagent/polkitagenthelper-pam.c @@ -227,6 +227,8 @@ conversation_function (int n, const struct pam_message **msg, struct pam_respons char buf[PAM_MAX_RESP_SIZE]; int i; gchar *escaped = NULL; + gchar *tmp = NULL; + size_t len; data = data; if (n <= 0 || n > PAM_MAX_NUM_MSG) @@ -258,9 +260,12 @@ conversation_function (int n, const struct pam_message **msg, struct pam_respons #ifdef PAH_DEBUG fprintf (stderr, "polkit-agent-helper-1: writing `%s' to stdout\n", msg[i]->msg); #endif /* PAH_DEBUG */ - if (strlen (msg[i]->msg) > 0 && msg[i]->msg[strlen (msg[i]->msg) - 1] == '\n') - msg[i]->msg[strlen (msg[i]->msg) - 1] == '\0'; - escaped = g_strescape (msg[i]->msg, NULL); + tmp = g_strdup (msg[i]->msg); + len = strlen (tmp); + if (len > 0 && tmp[len - 1] == '\n') + tmp[len - 1] = '\0'; + escaped = g_strescape (tmp, NULL); + g_free (tmp); fputs (escaped, stdout); g_free (escaped); #ifdef PAH_DEBUG -- cgit v1.2.3 From ed2284332a1075142d57ed2225b6365976beea93 Mon Sep 17 00:00:00 2001 From: Matthias Clasen Date: Wed, 27 Jun 2012 20:28:00 -0400 Subject: Try harder to look up the right localization The code for looking up localized strings for action descriptions was manually trying to break locale names into pieces, but didn't get it right for e.g. zh_CN.utf-8. Instead, use the GLib function g_get_locale_variants(), which handles this (and more). This fixes the translation problem reported in https://bugzilla.gnome.org/show_bug.cgi?id=665497 Signed-off-by: David Zeuthen (cherry picked from commit facadfb5c8c52ba45fd20ffe3b6d3ddd4208a427) Gbp-Pq: Topic 0.107 Gbp-Pq: Name Try-harder-to-look-up-the-right-localization.patch --- src/polkitbackend/polkitbackendactionpool.c | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/src/polkitbackend/polkitbackendactionpool.c b/src/polkitbackend/polkitbackendactionpool.c index e3ed38d4..0af00109 100644 --- a/src/polkitbackend/polkitbackendactionpool.c +++ b/src/polkitbackend/polkitbackendactionpool.c @@ -1108,7 +1108,7 @@ _localize (GHashTable *translations, const gchar *lang) { const gchar *result; - gchar lang2[256]; + gchar **langs; guint n; if (lang == NULL) @@ -1123,16 +1123,14 @@ _localize (GHashTable *translations, goto out; /* we could have a translation for 'da' but lang=='da_DK'; cut off the last part and try again */ - strncpy (lang2, lang, sizeof (lang2)); - for (n = 0; lang2[n] != '\0'; n++) + langs = g_get_locale_variants (lang); + for (n = 0; langs[n] != NULL; n++) { - if (lang2[n] == '_') - { - lang2[n] = '\0'; - break; - } + result = (const char *) g_hash_table_lookup (translations, (void *) langs[n]); + if (result != NULL) + break; } - result = (const char *) g_hash_table_lookup (translations, (void *) lang2); + g_strfreev (langs); if (result != NULL) goto out; -- cgit v1.2.3 From af7dc065dd55e8406ffdcd362c19a48472145963 Mon Sep 17 00:00:00 2001 From: Ryan Lortie Date: Tue, 13 Nov 2012 11:50:14 -0500 Subject: build: Fix .gir generation for parallel make As per the intructions in the introspection Makefile, we should have a line declaring a dependency between the .gir and .la files. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=57077 Signed-off-by: David Zeuthen Bug-Debian: https://bugs.debian.org/894205 Gbp-Pq: Topic 0.108 Gbp-Pq: Name build-Fix-.gir-generation-for-parallel-make.patch --- src/polkit/Makefile.am | 2 ++ src/polkitagent/Makefile.am | 2 ++ 2 files changed, 4 insertions(+) diff --git a/src/polkit/Makefile.am b/src/polkit/Makefile.am index 1068ea12..41ccf5c3 100644 --- a/src/polkit/Makefile.am +++ b/src/polkit/Makefile.am @@ -106,6 +106,8 @@ if HAVE_INTROSPECTION INTROSPECTION_GIRS = Polkit-1.0.gir +Polkit-1.0.gir: libpolkit-gobject-1.la + girdir = $(INTROSPECTION_GIRDIR) gir_DATA = Polkit-1.0.gir diff --git a/src/polkitagent/Makefile.am b/src/polkitagent/Makefile.am index e8c9fb1a..7b51137b 100644 --- a/src/polkitagent/Makefile.am +++ b/src/polkitagent/Makefile.am @@ -106,6 +106,8 @@ if HAVE_INTROSPECTION girdir = $(INTROSPECTION_GIRDIR) gir_DATA = PolkitAgent-1.0.gir +PolkitAgent-1.0.gir: libpolkit-agent-1.la + typelibsdir = $(INTROSPECTION_TYPELIBDIR) typelibs_DATA = PolkitAgent-1.0.typelib -- cgit v1.2.3 From 8074c936a72ae89edecdbfa1584b917c564a5353 Mon Sep 17 00:00:00 2001 From: Adam Jackson Date: Tue, 9 Oct 2012 14:08:24 -0400 Subject: PolkitAgent: Avoid crashing if initializing the server object fails Note that otherwise we return a freed server object. Since later in polkit_agent_listener_register_with_options we check against NULL to determine failure, this makes for sad times later when we call server_free() on it again. Signed-off-by: David Zeuthen Origin: 0.108, commit:59f2d96ce3ac63173669f299a9453a7bf5e70a70 Bug: https://bugs.freedesktop.org/show_bug.cgi?id=55776 Bug-Debian: https://bugs.debian.org/923046 Gbp-Pq: Topic 0.108 Gbp-Pq: Name PolkitAgent-Avoid-crashing-if-initializing-the-server-obj.patch --- src/polkitagent/polkitagentlistener.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/polkitagent/polkitagentlistener.c b/src/polkitagent/polkitagentlistener.c index 0d97501a..5bddd035 100644 --- a/src/polkitagent/polkitagentlistener.c +++ b/src/polkitagent/polkitagentlistener.c @@ -260,10 +260,9 @@ server_new (PolkitSubject *subject, if (!server_init_sync (server, cancellable, error)) { server_free (server); - goto out; + return NULL; } - out: return server; } -- cgit v1.2.3 From e5ce9e7e29f65409b2e7164a78e332c05d37eb37 Mon Sep 17 00:00:00 2001 From: David Zeuthen Date: Wed, 19 Dec 2012 14:28:29 -0500 Subject: Set XAUTHORITY environment variable if is unset The way it works is that if XAUTHORITY is unset, then its default value is $HOME/.Xauthority. But since we're changing user identity this will not work since $HOME will now change. Therefore, if XAUTHORITY is unset, just set its default value before changing identity. This bug only affected login managers using X Window Authorization but not explicitly setting the XAUTHORITY variable. You can argue that XAUTHORITY is broken since it forces uid-changing apps like pkexec(1) to do more work - and get involved in intimate details of how X works and so on - but that doesn't change how things work. Based on a patch from Peter Wu . Bug: https://bugs.freedesktop.org/show_bug.cgi?id=51623 Signed-off-by: David Zeuthen Origin: upstream, 0.110, commit:d6acecdd0ebb42e28ff28e04e0207cb01fa20910 Gbp-Pq: Topic 0.110 Gbp-Pq: Name 07_set-XAUTHORITY-environment-variable-if-unset.patch --- src/programs/pkexec.c | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c index 373977b8..7fafa14d 100644 --- a/src/programs/pkexec.c +++ b/src/programs/pkexec.c @@ -597,6 +597,28 @@ main (int argc, char *argv[]) g_ptr_array_add (saved_env, g_strdup (value)); } + /* $XAUTHORITY is "special" - if unset, we need to set it to ~/.Xauthority. Yes, + * this is broken but it's unfortunately how things work (see fdo #51623 for + * details) + */ + if (g_getenv ("XAUTHORITY") == NULL) + { + const gchar *home; + + /* pre-2.36 GLib does not examine $HOME (it always looks in /etc/passwd) and + * this is not what we want + */ + home = g_getenv ("HOME"); + if (home == NULL) + home = g_get_home_dir (); + + if (home != NULL) + { + g_ptr_array_add (saved_env, g_strdup ("XAUTHORITY")); + g_ptr_array_add (saved_env, g_build_filename (home, ".Xauthority", NULL)); + } + } + /* Nuke the environment to get a well-known and sanitized environment to avoid attacks * via e.g. the DBUS_SYSTEM_BUS_ADDRESS environment variable and similar. */ -- cgit v1.2.3 From a0d9e2b4dfb03c298ba4d4b37c335775378c579f Mon Sep 17 00:00:00 2001 From: Emilio Pozuelo Monfort Date: Sat, 26 Mar 2011 07:28:14 +0000 Subject: Fix build on GNU Hurd Bug: https://bugs.freedesktop.org/show_bug.cgi?id=35685 Applied-upstream: 0.110, commit:d6de13e12379826af8ca9355a32da48707b9831f Gbp-Pq: Topic 0.110 Gbp-Pq: Name 04_get_cwd.patch --- src/programs/pkexec.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c index 7fafa14d..682fe954 100644 --- a/src/programs/pkexec.c +++ b/src/programs/pkexec.c @@ -53,7 +53,7 @@ #include static gchar *original_user_name = NULL; -static gchar original_cwd[PATH_MAX]; +static gchar *original_cwd; static gchar *command_line = NULL; static struct passwd *pw; @@ -465,7 +465,7 @@ main (int argc, char *argv[]) goto out; } - if (getcwd (original_cwd, sizeof (original_cwd)) == NULL) + if ((original_cwd = g_get_current_dir ()) == NULL) { g_printerr ("Error getting cwd: %s\n", g_strerror (errno)); @@ -953,6 +953,7 @@ main (int argc, char *argv[]) g_ptr_array_free (saved_env, TRUE); } + g_free (original_cwd); g_free (path); g_free (command_line); g_free (opt_user); -- cgit v1.2.3 From cca5d48e6c3a766bd76706c5e137b15fd4b77000 Mon Sep 17 00:00:00 2001 From: Steve Langasek Date: Fri, 8 Mar 2013 12:00:00 +0100 Subject: pkexec: Set process environment from pam_getenvlist() Various pam modules provide environment variables that are intended to be set in the environment of the pam session. pkexec needs to process the output of pam_getenvlist() to get these. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=62016 Applied-upstream: 0.111, commit:5aef9722c15a350fbf8b20a3b58419f156cc7c98 Bug-Ubuntu: https://bugs.launchpad.net/bugs/982684 Gbp-Pq: Topic 0.111 Gbp-Pq: Name 09_pam_environment.patch --- src/programs/pkexec.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c index 682fe954..9a0570a3 100644 --- a/src/programs/pkexec.c +++ b/src/programs/pkexec.c @@ -145,6 +145,7 @@ open_session (const gchar *user_to_auth) gboolean ret; gint rc; pam_handle_t *pam_h; + char **envlist; struct pam_conv conversation; ret = FALSE; @@ -176,6 +177,15 @@ open_session (const gchar *user_to_auth) ret = TRUE; + envlist = pam_getenvlist (pam_h); + if (envlist != NULL) + { + guint n; + for (n = 0; envlist[n]; n++) + putenv (envlist[n]); + free (envlist); + } + out: if (pam_h != NULL) pam_end (pam_h, rc); -- cgit v1.2.3 From 4c60168d83647f9234e510a58162161ce7574f0f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Thu, 18 Apr 2013 19:54:59 +0200 Subject: Add a FIXME to polkitprivate.h See discussion in https://bugs.freedesktop.org/show_bug.cgi?id=63573 . Origin: upstream, 0.111, commit:18d97c95c022bb381efab8fb6ac80312bd7fbc11 Gbp-Pq: Topic 0.111 Gbp-Pq: Name Add-a-FIXME-to-polkitprivate.h.patch --- src/polkit/polkitprivate.h | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/src/polkit/polkitprivate.h b/src/polkit/polkitprivate.h index 579cc253..7f5c4634 100644 --- a/src/polkit/polkitprivate.h +++ b/src/polkit/polkitprivate.h @@ -28,6 +28,16 @@ #include "polkitauthorizationresult.h" #include "polkittemporaryauthorization.h" +/* FIXME: This header file is currently installed among other public header + files, and the symbols are exported in the shared library. + + For application writers: relying on any function here is strongly + discouraged. + + For polkit maintainers: This should be made private if a large ABI break + were necessary in the future. In the meantime, consider that there is + non-zero risk that changing these functions might break some applications. */ + PolkitActionDescription *polkit_action_description_new_for_gvariant (GVariant *value); GVariant *polkit_action_description_to_gvariant (PolkitActionDescription *action_description); -- cgit v1.2.3 From 33cf12485843c6599b7e976dba5e277fa6c943d8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Tue, 7 May 2013 22:30:25 +0200 Subject: Fix a memory leak Bug: https://bugs.freedesktop.org/show_bug.cgi?id=64336 Origin: upstream, 0.111, commit:d7b6ab40b586c255c49aba22f558eb6602c88b1e Gbp-Pq: Topic 0.111 Gbp-Pq: Name Fix-a-memory-leak.patch --- src/polkitagent/polkitagenthelper-pam.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/polkitagent/polkitagenthelper-pam.c b/src/polkitagent/polkitagenthelper-pam.c index 7af5321e..292abbe4 100644 --- a/src/polkitagent/polkitagenthelper-pam.c +++ b/src/polkitagent/polkitagenthelper-pam.c @@ -321,6 +321,7 @@ error: } } memset (aresp, 0, n * sizeof *aresp); + free (aresp); *resp = NULL; return PAM_CONV_ERR; } -- cgit v1.2.3 From 61e671e7711cdfd3d0a4f44165d2990bf9929835 Mon Sep 17 00:00:00 2001 From: Tomas Bzatek Date: Wed, 29 May 2013 13:45:31 +0000 Subject: Use GOnce for interface type registration Static local variable may not be enough since it doesn't provide locking. Related to these udisksd warnings: GLib-GObject-WARNING **: cannot register existing type `PolkitSubject' Thanks to Hans de Goede for spotting this! Bug: https://bugs.freedesktop.org/show_bug.cgi?id=65130 Origin: upstream, 0.112, commit:20ad116a6582e57d20f9d8197758947918753a4c Gbp-Pq: Topic 0.112 Gbp-Pq: Name 00git_type_registration.patch --- src/polkit/polkitidentity.c | 10 ++++++---- src/polkit/polkitsubject.c | 10 ++++++---- src/polkitbackend/polkitbackendactionlookup.c | 10 ++++++---- 3 files changed, 18 insertions(+), 12 deletions(-) diff --git a/src/polkit/polkitidentity.c b/src/polkit/polkitidentity.c index dd15b2f9..7813c2c0 100644 --- a/src/polkit/polkitidentity.c +++ b/src/polkit/polkitidentity.c @@ -49,9 +49,9 @@ base_init (gpointer g_iface) GType polkit_identity_get_type (void) { - static GType iface_type = 0; + static volatile gsize g_define_type_id__volatile = 0; - if (iface_type == 0) + if (g_once_init_enter (&g_define_type_id__volatile)) { static const GTypeInfo info = { @@ -67,12 +67,14 @@ polkit_identity_get_type (void) NULL /* value_table */ }; - iface_type = g_type_register_static (G_TYPE_INTERFACE, "PolkitIdentity", &info, 0); + GType iface_type = + g_type_register_static (G_TYPE_INTERFACE, "PolkitIdentity", &info, 0); g_type_interface_add_prerequisite (iface_type, G_TYPE_OBJECT); + g_once_init_leave (&g_define_type_id__volatile, iface_type); } - return iface_type; + return g_define_type_id__volatile; } /** diff --git a/src/polkit/polkitsubject.c b/src/polkit/polkitsubject.c index d2c4c205..aed57951 100644 --- a/src/polkit/polkitsubject.c +++ b/src/polkit/polkitsubject.c @@ -50,9 +50,9 @@ base_init (gpointer g_iface) GType polkit_subject_get_type (void) { - static GType iface_type = 0; + static volatile gsize g_define_type_id__volatile = 0; - if (iface_type == 0) + if (g_once_init_enter (&g_define_type_id__volatile)) { static const GTypeInfo info = { @@ -68,12 +68,14 @@ polkit_subject_get_type (void) NULL /* value_table */ }; - iface_type = g_type_register_static (G_TYPE_INTERFACE, "PolkitSubject", &info, 0); + GType iface_type = + g_type_register_static (G_TYPE_INTERFACE, "PolkitSubject", &info, 0); g_type_interface_add_prerequisite (iface_type, G_TYPE_OBJECT); + g_once_init_leave (&g_define_type_id__volatile, iface_type); } - return iface_type; + return g_define_type_id__volatile; } /** diff --git a/src/polkitbackend/polkitbackendactionlookup.c b/src/polkitbackend/polkitbackendactionlookup.c index 5a1a228a..20747e79 100644 --- a/src/polkitbackend/polkitbackendactionlookup.c +++ b/src/polkitbackend/polkitbackendactionlookup.c @@ -74,9 +74,9 @@ base_init (gpointer g_iface) GType polkit_backend_action_lookup_get_type (void) { - static GType iface_type = 0; + static volatile gsize g_define_type_id__volatile = 0; - if (iface_type == 0) + if (g_once_init_enter (&g_define_type_id__volatile)) { static const GTypeInfo info = { @@ -92,12 +92,14 @@ polkit_backend_action_lookup_get_type (void) NULL /* value_table */ }; - iface_type = g_type_register_static (G_TYPE_INTERFACE, "PolkitBackendActionLookup", &info, 0); + GType iface_type = + g_type_register_static (G_TYPE_INTERFACE, "PolkitBackendActionLookup", &info, 0); g_type_interface_add_prerequisite (iface_type, G_TYPE_OBJECT); + g_once_init_leave (&g_define_type_id__volatile, iface_type); } - return iface_type; + return g_define_type_id__volatile; } /** -- cgit v1.2.3 From 83efc3e1b82eb35f2cd8ffebcbfc28458741d05d Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Tue, 20 Aug 2013 15:15:31 -0400 Subject: polkitunixprocess: Deprecate racy APIs It's only safe for processes to be created with their owning uid, (without kernel support, which we don't have). Anything else is subject to clients exec()ing setuid binaries after the fact. Origin: upstream, 0.112, commit:08291789a1f99d4ab29c74c39344304bcca43023 Gbp-Pq: Topic 0.112 Gbp-Pq: Name 08_deprecate_racy_APIs.patch --- src/polkit/polkitunixprocess.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/polkit/polkitunixprocess.h b/src/polkit/polkitunixprocess.h index 531a57d6..f5ed1a73 100644 --- a/src/polkit/polkitunixprocess.h +++ b/src/polkit/polkitunixprocess.h @@ -47,7 +47,9 @@ typedef struct _PolkitUnixProcess PolkitUnixProcess; typedef struct _PolkitUnixProcessClass PolkitUnixProcessClass; GType polkit_unix_process_get_type (void) G_GNUC_CONST; +G_GNUC_DEPRECATED_FOR(polkit_unix_process_new_for_owner) PolkitSubject *polkit_unix_process_new (gint pid); +G_GNUC_DEPRECATED_FOR(polkit_unix_process_new_for_owner) PolkitSubject *polkit_unix_process_new_full (gint pid, guint64 start_time); PolkitSubject *polkit_unix_process_new_for_owner (gint pid, -- cgit v1.2.3 From 879e19d38a17aee78bd3d0cf72ca42a0aa750fd7 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Mon, 19 Aug 2013 12:16:11 -0400 Subject: pkcheck: Support --process=pid,start-time,uid syntax too The uid is a new addition; this allows callers such as libvirt to close a race condition in reading the uid of the process talking to them. They can read it via getsockopt(SO_PEERCRED) or equivalent, rather than having pkcheck look at /proc later after the fact. Programs which invoke pkcheck but need to know beforehand (i.e. at compile time) whether or not it supports passing the uid can use: pkcheck_supports_uid=$($PKG_CONFIG --variable pkcheck_supports_uid polkit-gobject-1) test x$pkcheck_supports_uid = xyes Origin: upstream, 0.112, commit:3968411b0c7ba193f9b9276ec911692aec248608 Gbp-Pq: Topic 0.112 Gbp-Pq: Name cve-2013-4288.patch --- data/polkit-gobject-1.pc.in | 3 +++ docs/man/pkcheck.xml | 29 ++++++++++++++++++++--------- src/programs/pkcheck.c | 7 ++++++- 3 files changed, 29 insertions(+), 10 deletions(-) diff --git a/data/polkit-gobject-1.pc.in b/data/polkit-gobject-1.pc.in index c39677dd..5c4c6207 100644 --- a/data/polkit-gobject-1.pc.in +++ b/data/polkit-gobject-1.pc.in @@ -11,3 +11,6 @@ Version: @VERSION@ Libs: -L${libdir} -lpolkit-gobject-1 Cflags: -I${includedir}/polkit-1 Requires: gio-2.0 >= 2.18 glib-2.0 >= 2.18 +# Programs using pkcheck can use this to determine +# whether or not it can be passed a uid. +pkcheck_supports_uid=true diff --git a/docs/man/pkcheck.xml b/docs/man/pkcheck.xml index 6b8a8743..508447e2 100644 --- a/docs/man/pkcheck.xml +++ b/docs/man/pkcheck.xml @@ -55,6 +55,9 @@ pid,pid-start-time + + pid,pid-start-time,uid + @@ -90,7 +93,7 @@ DESCRIPTION pkcheck is used to check whether a process, specified by - either or , + either (see below) or , is authorized for action. The option can be used zero or more times to pass details about action. If is passed, pkcheck blocks @@ -160,17 +163,25 @@ KEY3=VALUE3 NOTES - Since process identifiers can be recycled, the caller should always use - pid,pid-start-time to specify the process - to check for authorization when using the option. - The value of pid-start-time - can be determined by consulting e.g. the + Do not use either the bare pid or + pid,start-time syntax forms for + . There are race conditions in both. + New code should always use + pid,pid-start-time,uid. The value of + start-time can be determined by + consulting e.g. the proc5 - file system depending on the operating system. If only pid - is passed to the option, then pkcheck - will look up the start time itself but note that this may be racy. + file system depending on the operating system. If fewer than 3 + arguments are passed, pkcheck will attempt to + look up them up internally, but note that this may be racy. + + + If your program is a daemon with e.g. a custom Unix domain + socket, you should determine the uid + parameter via operating system mechanisms such as + PEERCRED. diff --git a/src/programs/pkcheck.c b/src/programs/pkcheck.c index 719a36c4..057e926d 100644 --- a/src/programs/pkcheck.c +++ b/src/programs/pkcheck.c @@ -372,6 +372,7 @@ main (int argc, char *argv[]) else if (g_strcmp0 (argv[n], "--process") == 0 || g_strcmp0 (argv[n], "-p") == 0) { gint pid; + guint uid; guint64 pid_start_time; n++; @@ -381,7 +382,11 @@ main (int argc, char *argv[]) goto out; } - if (sscanf (argv[n], "%i,%" G_GUINT64_FORMAT, &pid, &pid_start_time) == 2) + if (sscanf (argv[n], "%i,%" G_GUINT64_FORMAT ",%u", &pid, &pid_start_time, &uid) == 3) + { + subject = polkit_unix_process_new_for_owner (pid, pid_start_time, uid); + } + else if (sscanf (argv[n], "%i,%" G_GUINT64_FORMAT, &pid, &pid_start_time) == 2) { subject = polkit_unix_process_new_full (pid, pid_start_time); } -- cgit v1.2.3 From edae136a897c26860a16526130855cb6669c2093 Mon Sep 17 00:00:00 2001 From: Rui Matos Date: Thu, 2 Mar 2017 14:50:31 +0100 Subject: polkitpermission: Fix a memory leak on authority changes Signed-off-by: Rui Matos Bug: https://bugs.freedesktop.org/show_bug.cgi?id=99741 Origin: upstream, 0.114, commit:df6488c0a5b2a6c7a2d4f6a55008263635c5571b Gbp-Pq: Topic 0.114 Gbp-Pq: Name polkitpermission-Fix-a-memory-leak-on-authority-changes.patch --- src/polkit/polkitpermission.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/polkit/polkitpermission.c b/src/polkit/polkitpermission.c index 22d195fc..be794cb3 100644 --- a/src/polkit/polkitpermission.c +++ b/src/polkit/polkitpermission.c @@ -454,6 +454,7 @@ changed_check_cb (GObject *source_object, if (result != NULL) { process_result (permission, result); + g_object_unref (result); } else { -- cgit v1.2.3 From 2ed1910f6b1100857f21740f8f804d1619dd4f2b Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Sat, 9 Nov 2013 13:48:21 -0500 Subject: Port internals non-deprecated PolkitProcess API where possible We can't port everything, but in PolkitPermission and these test cases, we can use _for_owner() with the right information. [smcv: drop the part that touches test/polkitbackend/test-polkitbackendjsauthority.c which is not in this branch] Origin: upstream, 0.113, commit:6d3d0a8ffb0fd8ae59eb35593b305ec87da8858d Gbp-Pq: Topic 0.113 Gbp-Pq: Name Port-internals-non-deprecated-PolkitProcess-API-wher.patch --- src/polkit/polkitpermission.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/polkit/polkitpermission.c b/src/polkit/polkitpermission.c index be794cb3..f264094d 100644 --- a/src/polkit/polkitpermission.c +++ b/src/polkit/polkitpermission.c @@ -122,7 +122,7 @@ polkit_permission_constructed (GObject *object) PolkitPermission *permission = POLKIT_PERMISSION (object); if (permission->subject == NULL) - permission->subject = polkit_unix_process_new (getpid ()); + permission->subject = polkit_unix_process_new_for_owner (getpid (), 0, getuid ()); if (G_OBJECT_CLASS (polkit_permission_parent_class)->constructed != NULL) G_OBJECT_CLASS (polkit_permission_parent_class)->constructed (object); -- cgit v1.2.3 From b346d8e0af94223f6bf10cba5e54993a1e716eba Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Thu, 21 Nov 2013 17:39:37 -0500 Subject: pkexec: Work around systemd injecting broken XDG_RUNTIME_DIR This workaround isn't too much code, and it's often better to fix bugs in two places anyways. For more information: See https://bugzilla.redhat.com/show_bug.cgi?id=753882 See http://lists.freedesktop.org/archives/systemd-devel/2013-November/014370.html Origin: upstream, 0.113, commit:8635ffc16aeff6a07d675f861fe0dea03ea81d7e Gbp-Pq: Topic 0.113 Gbp-Pq: Name pkexec-Work-around-systemd-injecting-broken-XDG_RUNT.patch --- src/programs/pkexec.c | 33 ++++++++++++++++++++++++++++++--- 1 file changed, 30 insertions(+), 3 deletions(-) diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c index 9a0570a3..5e990443 100644 --- a/src/programs/pkexec.c +++ b/src/programs/pkexec.c @@ -139,8 +139,22 @@ pam_conversation_function (int n, return PAM_CONV_ERR; } +/* A work around for: + * https://bugzilla.redhat.com/show_bug.cgi?id=753882 + */ +static gboolean +xdg_runtime_dir_is_owned_by (const char *path, + uid_t target_uid) +{ + struct stat stbuf; + + return stat (path, &stbuf) == 0 && + stbuf.st_uid == target_uid; +} + static gboolean -open_session (const gchar *user_to_auth) +open_session (const gchar *user_to_auth, + uid_t target_uid) { gboolean ret; gint rc; @@ -182,7 +196,19 @@ open_session (const gchar *user_to_auth) { guint n; for (n = 0; envlist[n]; n++) - putenv (envlist[n]); + { + const char *envitem = envlist[n]; + + if (g_str_has_prefix (envitem, "XDG_RUNTIME_DIR=")) + { + const char *eq = strchr (envitem, '='); + g_assert (eq); + if (!xdg_runtime_dir_is_owned_by (eq + 1, target_uid)) + continue; + } + + putenv (envlist[n]); + } free (envlist); } @@ -892,7 +918,8 @@ main (int argc, char *argv[]) * As evident above, neither su(1) (and, for that matter, nor sudo(8)) does this. */ #ifdef POLKIT_AUTHFW_PAM - if (!open_session (pw->pw_name)) + if (!open_session (pw->pw_name, + pw->pw_uid)) { goto out; } -- cgit v1.2.3 From 08a36aab8f3ff084c80ccdb76bc6e420f8ce4f3c Mon Sep 17 00:00:00 2001 From: Rui Matos Date: Thu, 6 Feb 2014 18:41:18 +0100 Subject: PolkitAgentSession: fix race between child and io watches The helper flushes and fdatasyncs stdout and stderr before terminating but this doesn't guarantee that our io watch is called before our child watch. This means that we can end up with a successful return from the helper which we still report as a failure. If we add G_IO_HUP and G_IO_ERR to the conditions we look for in the io watch and the child terminates we still run the io watch handler which will complete the session. This means that the child watch is in fact needless and we can remove it. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=60847 Origin: upstream, 0.113, commit:7650ad1e08ab13bdb461783c4995d186d9392840 Bug: http://bugs.freedesktop.org/show_bug.cgi?id=30515 Bug-Ubuntu: https://launchpad.net/bugs/649939 Bug-Ubuntu: https://launchpad.net/bugs/445303 Gbp-Pq: Topic 0.113 Gbp-Pq: Name 03_PolkitAgentSession-fix-race-between-child-and-io-wat.patch --- src/polkitagent/polkitagentsession.c | 47 +++++++++--------------------------- 1 file changed, 11 insertions(+), 36 deletions(-) diff --git a/src/polkitagent/polkitagentsession.c b/src/polkitagent/polkitagentsession.c index 8129cd9f..a658a229 100644 --- a/src/polkitagent/polkitagentsession.c +++ b/src/polkitagent/polkitagentsession.c @@ -92,7 +92,6 @@ struct _PolkitAgentSession int child_stdout; GPid child_pid; - GSource *child_watch_source; GSource *child_stdout_watch_source; GIOChannel *child_stdout_channel; @@ -377,13 +376,6 @@ kill_helper (PolkitAgentSession *session) session->child_pid = 0; } - if (session->child_watch_source != NULL) - { - g_source_destroy (session->child_watch_source); - g_source_unref (session->child_watch_source); - session->child_watch_source = NULL; - } - if (session->child_stdout_watch_source != NULL) { g_source_destroy (session->child_stdout_watch_source); @@ -429,26 +421,6 @@ complete_session (PolkitAgentSession *session, } } -static void -child_watch_func (GPid pid, - gint status, - gpointer user_data) -{ - PolkitAgentSession *session = POLKIT_AGENT_SESSION (user_data); - - if (G_UNLIKELY (_show_debug ())) - { - g_print ("PolkitAgentSession: in child_watch_func for pid %d (WIFEXITED=%d WEXITSTATUS=%d)\n", - (gint) pid, - WIFEXITED(status), - WEXITSTATUS(status)); - } - - /* kill all the watches we have set up, except for the child since it has exited already */ - session->child_pid = 0; - complete_session (session, FALSE); -} - static gboolean io_watch_have_data (GIOChannel *channel, GIOCondition condition, @@ -475,10 +447,13 @@ io_watch_have_data (GIOChannel *channel, NULL, NULL, &error); - if (error != NULL) + if (error != NULL || line == NULL) { - g_warning ("Error reading line from helper: %s", error->message); - g_error_free (error); + /* In case we get just G_IO_HUP, line is NULL but error is + unset.*/ + g_warning ("Error reading line from helper: %s", + error ? error->message : "nothing to read"); + g_clear_error (&error); complete_session (session, FALSE); goto out; @@ -540,6 +515,9 @@ io_watch_have_data (GIOChannel *channel, g_free (line); g_free (unescaped); + if (condition & (G_IO_ERR | G_IO_HUP)) + complete_session (session, FALSE); + /* keep the IOChannel around */ return TRUE; } @@ -650,12 +628,9 @@ polkit_agent_session_initiate (PolkitAgentSession *session) if (G_UNLIKELY (_show_debug ())) g_print ("PolkitAgentSession: spawned helper with pid %d\n", (gint) session->child_pid); - session->child_watch_source = g_child_watch_source_new (session->child_pid); - g_source_set_callback (session->child_watch_source, (GSourceFunc) child_watch_func, session, NULL); - g_source_attach (session->child_watch_source, g_main_context_get_thread_default ()); - session->child_stdout_channel = g_io_channel_unix_new (session->child_stdout); - session->child_stdout_watch_source = g_io_create_watch (session->child_stdout_channel, G_IO_IN); + session->child_stdout_watch_source = g_io_create_watch (session->child_stdout_channel, + G_IO_IN | G_IO_ERR | G_IO_HUP); g_source_set_callback (session->child_stdout_watch_source, (GSourceFunc) io_watch_have_data, session, NULL); g_source_attach (session->child_stdout_watch_source, g_main_context_get_thread_default ()); -- cgit v1.2.3 From f585e4677d739eeeb9701a8dc8a4f76a93277b18 Mon Sep 17 00:00:00 2001 From: Lukasz Skalski Date: Tue, 22 Apr 2014 11:11:20 +0200 Subject: polkitd: Fix problem with removing non-existent source Bug: https://bugs.freedesktop.org/show_bug.cgi?id=77167 Applied-upstream: 0.113, commit:3ca4e00c7e003ea80aa96b499bc7cd83246d7108 Gbp-Pq: Topic 0.113 Gbp-Pq: Name polkitd-Fix-problem-with-removing-non-existent-sourc.patch --- src/polkitd/main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/polkitd/main.c b/src/polkitd/main.c index b21723f6..f18fb917 100644 --- a/src/polkitd/main.c +++ b/src/polkitd/main.c @@ -93,7 +93,7 @@ on_sigint (gpointer user_data) { g_print ("Handling SIGINT\n"); g_main_loop_quit (loop); - return FALSE; + return TRUE; } int -- cgit v1.2.3 From bd42f2fabc3d656c165f044f705e0c8e07f7dcfe Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Wed, 21 Aug 2013 12:23:55 -0400 Subject: PolkitSystemBusName: Add public API to retrieve Unix user And change the duplicated code in the backend session monitors to use it. This just a code cleanup resulting from review after CVE-2013-4288. There's no security impact from this patch, it just removes duplicated code. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=69538 Origin: upstream, 0.113, commit:904d8404d93dec45fce3b719eb1a626acc6b8a73 Gbp-Pq: Topic 0.113 Gbp-Pq: Name PolkitSystemBusName-Add-public-API-to-retrieve-Unix-.patch --- src/polkit/polkitsystembusname.c | 56 ++++++++++++++++++++++ src/polkit/polkitsystembusname.h | 4 ++ .../polkitbackendsessionmonitor-systemd.c | 20 +------- src/polkitbackend/polkitbackendsessionmonitor.c | 20 +------- 4 files changed, 62 insertions(+), 38 deletions(-) diff --git a/src/polkit/polkitsystembusname.c b/src/polkit/polkitsystembusname.c index 2a297c4a..51e4a694 100644 --- a/src/polkit/polkitsystembusname.c +++ b/src/polkit/polkitsystembusname.c @@ -25,6 +25,7 @@ #include #include "polkitsystembusname.h" +#include "polkitunixuser.h" #include "polkitsubject.h" #include "polkitprivate.h" @@ -396,3 +397,58 @@ polkit_system_bus_name_get_process_sync (PolkitSystemBusName *system_bus_name, return ret; } +/** + * polkit_system_bus_name_get_user_sync: + * @system_bus_name: A #PolkitSystemBusName. + * @cancellable: (allow-none): A #GCancellable or %NULL. + * @error: (allow-none): Return location for error or %NULL. + * + * Synchronously gets a #PolkitUnixUser object for @system_bus_name; + * the calling thread is blocked until a reply is received. + * + * Returns: (allow-none) (transfer full): A #PolkitUnixUser object or %NULL if @error is set. + **/ +PolkitUnixUser * +polkit_system_bus_name_get_user_sync (PolkitSystemBusName *system_bus_name, + GCancellable *cancellable, + GError **error) +{ + GDBusConnection *connection; + PolkitUnixUser *ret; + GVariant *result; + guint32 uid; + + g_return_val_if_fail (POLKIT_IS_SYSTEM_BUS_NAME (system_bus_name), NULL); + g_return_val_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable), NULL); + g_return_val_if_fail (error == NULL || *error == NULL, NULL); + + ret = NULL; + + connection = g_bus_get_sync (G_BUS_TYPE_SYSTEM, cancellable, error); + if (connection == NULL) + goto out; + + result = g_dbus_connection_call_sync (connection, + "org.freedesktop.DBus", /* name */ + "/org/freedesktop/DBus", /* object path */ + "org.freedesktop.DBus", /* interface name */ + "GetConnectionUnixUser", /* method */ + g_variant_new ("(s)", system_bus_name->name), + G_VARIANT_TYPE ("(u)"), + G_DBUS_CALL_FLAGS_NONE, + -1, + cancellable, + error); + if (result == NULL) + goto out; + + g_variant_get (result, "(u)", &uid); + g_variant_unref (result); + + ret = (PolkitUnixUser*)polkit_unix_user_new (uid); + + out: + if (connection != NULL) + g_object_unref (connection); + return ret; +} diff --git a/src/polkit/polkitsystembusname.h b/src/polkit/polkitsystembusname.h index 1fc464fc..38d31f71 100644 --- a/src/polkit/polkitsystembusname.h +++ b/src/polkit/polkitsystembusname.h @@ -56,6 +56,10 @@ PolkitSubject *polkit_system_bus_name_get_process_sync (PolkitSystemBusName GCancellable *cancellable, GError **error); +PolkitUnixUser * polkit_system_bus_name_get_user_sync (PolkitSystemBusName *system_bus_name, + GCancellable *cancellable, + GError **error); + G_END_DECLS #endif /* __POLKIT_SYSTEM_BUS_NAME_H */ diff --git a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c index 58593c32..01853105 100644 --- a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c +++ b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c @@ -277,25 +277,7 @@ polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor } else if (POLKIT_IS_SYSTEM_BUS_NAME (subject)) { - GVariant *result; - - result = g_dbus_connection_call_sync (monitor->system_bus, - "org.freedesktop.DBus", - "/org/freedesktop/DBus", - "org.freedesktop.DBus", - "GetConnectionUnixUser", - g_variant_new ("(s)", polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (subject))), - G_VARIANT_TYPE ("(u)"), - G_DBUS_CALL_FLAGS_NONE, - -1, /* timeout_msec */ - NULL, /* GCancellable */ - error); - if (result == NULL) - goto out; - g_variant_get (result, "(u)", &uid); - g_variant_unref (result); - - ret = polkit_unix_user_new (uid); + ret = (PolkitIdentity*)polkit_system_bus_name_get_user_sync (POLKIT_SYSTEM_BUS_NAME (subject), NULL, error); } else if (POLKIT_IS_UNIX_SESSION (subject)) { diff --git a/src/polkitbackend/polkitbackendsessionmonitor.c b/src/polkitbackend/polkitbackendsessionmonitor.c index 9c331b64..4075d3ff 100644 --- a/src/polkitbackend/polkitbackendsessionmonitor.c +++ b/src/polkitbackend/polkitbackendsessionmonitor.c @@ -306,25 +306,7 @@ polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor } else if (POLKIT_IS_SYSTEM_BUS_NAME (subject)) { - GVariant *result; - - result = g_dbus_connection_call_sync (monitor->system_bus, - "org.freedesktop.DBus", - "/org/freedesktop/DBus", - "org.freedesktop.DBus", - "GetConnectionUnixUser", - g_variant_new ("(s)", polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (subject))), - G_VARIANT_TYPE ("(u)"), - G_DBUS_CALL_FLAGS_NONE, - -1, /* timeout_msec */ - NULL, /* GCancellable */ - error); - if (result == NULL) - goto out; - g_variant_get (result, "(u)", &uid); - g_variant_unref (result); - - ret = polkit_unix_user_new (uid); + ret = (PolkitIdentity*)polkit_system_bus_name_get_user_sync (POLKIT_SYSTEM_BUS_NAME (subject)); } else if (POLKIT_IS_UNIX_SESSION (subject)) { -- cgit v1.2.3 From 43d0947b81e2ff609e962c3c9cb2bb194963e86f Mon Sep 17 00:00:00 2001 From: Xabier Rodriguez Calvar Date: Sun, 10 Nov 2013 19:16:41 +0100 Subject: Fixed compilation problem in the backend Origin: upstream, 0.113, commit: dbbb7dc60abdd970af0a8fae404484181fa909c9 Bug-Debian: https://bugs.debian.org/798769 Gbp-Pq: Topic 0.113 Gbp-Pq: Name Fixed-compilation-problem-in-the-backend.patch --- src/polkitbackend/polkitbackendsessionmonitor.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/polkitbackend/polkitbackendsessionmonitor.c b/src/polkitbackend/polkitbackendsessionmonitor.c index 4075d3ff..05f51c58 100644 --- a/src/polkitbackend/polkitbackendsessionmonitor.c +++ b/src/polkitbackend/polkitbackendsessionmonitor.c @@ -306,7 +306,7 @@ polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor } else if (POLKIT_IS_SYSTEM_BUS_NAME (subject)) { - ret = (PolkitIdentity*)polkit_system_bus_name_get_user_sync (POLKIT_SYSTEM_BUS_NAME (subject)); + ret = (PolkitIdentity*)polkit_system_bus_name_get_user_sync (POLKIT_SYSTEM_BUS_NAME (subject), NULL, NULL); } else if (POLKIT_IS_UNIX_SESSION (subject)) { -- cgit v1.2.3 From 798fad28aef7bae3f4099cd9fabb668d15ae734c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Mon, 11 Nov 2013 23:51:23 +0100 Subject: Don't discard error data returned by polkit_system_bus_name_get_user_sync Bug: https://bugs.freedesktop.org/show_bug.cgi?id=71458 Origin: upstream, 0.113, commit: 145d43b9c891f248ad68ebe597cb151a865bdb3a Bug-Debian: https://bugs.debian.org/798769 Gbp-Pq: Topic 0.113 Gbp-Pq: Name Don-t-discard-error-data-returned-by-polkit_system_b.patch --- src/polkitbackend/polkitbackendsessionmonitor.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/polkitbackend/polkitbackendsessionmonitor.c b/src/polkitbackend/polkitbackendsessionmonitor.c index 05f51c58..e1a9ab3a 100644 --- a/src/polkitbackend/polkitbackendsessionmonitor.c +++ b/src/polkitbackend/polkitbackendsessionmonitor.c @@ -306,7 +306,7 @@ polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor } else if (POLKIT_IS_SYSTEM_BUS_NAME (subject)) { - ret = (PolkitIdentity*)polkit_system_bus_name_get_user_sync (POLKIT_SYSTEM_BUS_NAME (subject), NULL, NULL); + ret = (PolkitIdentity*)polkit_system_bus_name_get_user_sync (POLKIT_SYSTEM_BUS_NAME (subject), NULL, error); } else if (POLKIT_IS_UNIX_SESSION (subject)) { -- cgit v1.2.3 From e15dc62c06f6ed0a20bea1e8ecf0e4dca4efad21 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Thu, 7 Nov 2013 15:57:50 -0500 Subject: sessionmonitor-systemd: Deduplicate code paths We had the code to go from pid -> session duplicated. If we have a PolkitSystemBusName, convert it to a PolkitUnixProcess. Then we can do PolkitUnixProcess -> pid -> session in one place. This is just a code cleanup. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=69538 Origin: upstream, 0.113, commit:26d0c0578211fb96fc8fe75572aa11ad6ecbf9b8 Gbp-Pq: Topic 0.113 Gbp-Pq: Name sessionmonitor-systemd-Deduplicate-code-paths.patch --- .../polkitbackendsessionmonitor-systemd.c | 63 ++++++++-------------- 1 file changed, 22 insertions(+), 41 deletions(-) diff --git a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c index 01853105..756b728a 100644 --- a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c +++ b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c @@ -313,61 +313,42 @@ polkit_backend_session_monitor_get_session_for_subject (PolkitBackendSessionMoni PolkitSubject *subject, GError **error) { - PolkitSubject *session; - - session = NULL; + PolkitUnixProcess *tmp_process = NULL; + PolkitUnixProcess *process = NULL; + PolkitSubject *session = NULL; + char *session_id = NULL; + pid_t pid; if (POLKIT_IS_UNIX_PROCESS (subject)) - { - gchar *session_id; - pid_t pid; - - pid = polkit_unix_process_get_pid (POLKIT_UNIX_PROCESS (subject)); - if (sd_pid_get_session (pid, &session_id) < 0) - goto out; - - session = polkit_unix_session_new (session_id); - free (session_id); - } + process = POLKIT_UNIX_PROCESS (subject); /* We already have a process */ else if (POLKIT_IS_SYSTEM_BUS_NAME (subject)) { - guint32 pid; - gchar *session_id; - GVariant *result; - - result = g_dbus_connection_call_sync (monitor->system_bus, - "org.freedesktop.DBus", - "/org/freedesktop/DBus", - "org.freedesktop.DBus", - "GetConnectionUnixProcessID", - g_variant_new ("(s)", polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (subject))), - G_VARIANT_TYPE ("(u)"), - G_DBUS_CALL_FLAGS_NONE, - -1, /* timeout_msec */ - NULL, /* GCancellable */ - error); - if (result == NULL) - goto out; - g_variant_get (result, "(u)", &pid); - g_variant_unref (result); - - if (sd_pid_get_session (pid, &session_id) < 0) - goto out; - - session = polkit_unix_session_new (session_id); - free (session_id); + /* Convert bus name to process */ + tmp_process = (PolkitUnixProcess*)polkit_system_bus_name_get_process_sync (POLKIT_SYSTEM_BUS_NAME (subject), NULL, error); + if (!tmp_process) + goto out; + process = tmp_process; } else { g_set_error (error, POLKIT_ERROR, POLKIT_ERROR_NOT_SUPPORTED, - "Cannot get user for subject of type %s", + "Cannot get session for subject of type %s", g_type_name (G_TYPE_FROM_INSTANCE (subject))); } - out: + /* Now do process -> pid -> session */ + g_assert (process != NULL); + pid = polkit_unix_process_get_pid (process); + if (sd_pid_get_session (pid, &session_id) < 0) + goto out; + + session = polkit_unix_session_new (session_id); + free (session_id); + out: + if (tmp_process) g_object_unref (tmp_process); return session; } -- cgit v1.2.3 From 8849989b56b6ed315f771e90072743f4ac2fa864 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Sat, 9 Nov 2013 09:32:52 -0500 Subject: PolkitSystemBusName: Retrieve both pid and uid For polkit_system_bus_name_get_process_sync(), as pointed out by Miloslav Trmac, we can securely retrieve the owner uid as well from the system bus, rather than (racily) looking it up internally. This avoids use of a deprecated API. However, this is not a security fix because nothing in the polkit codebase itself actually retrieves the uid from the result of this API call. But, it might be useful in the future. Origin: upstream, 0.113, commit:bfa5036bfb93582c5a87c44b847957479d911e38 Gbp-Pq: Topic 0.113 Gbp-Pq: Name PolkitSystemBusName-Retrieve-both-pid-and-uid.patch --- src/polkit/polkitsystembusname.c | 171 +++++++++++++++++++++++++++------------ 1 file changed, 118 insertions(+), 53 deletions(-) diff --git a/src/polkit/polkitsystembusname.c b/src/polkit/polkitsystembusname.c index 51e4a694..8daa12cb 100644 --- a/src/polkit/polkitsystembusname.c +++ b/src/polkit/polkitsystembusname.c @@ -341,6 +341,116 @@ subject_iface_init (PolkitSubjectIface *subject_iface) /* ---------------------------------------------------------------------------------------------------- */ +typedef struct { + GError **error; + guint retrieved_uid : 1; + guint retrieved_pid : 1; + guint caught_error : 1; + + guint32 uid; + guint32 pid; +} AsyncGetBusNameCredsData; + +static void +on_retrieved_unix_uid_pid (GObject *src, + GAsyncResult *res, + gpointer user_data) +{ + AsyncGetBusNameCredsData *data = user_data; + GVariant *v; + + v = g_dbus_connection_call_finish ((GDBusConnection*)src, res, + data->caught_error ? NULL : data->error); + if (!v) + { + data->caught_error = TRUE; + } + else + { + guint32 value; + g_variant_get (v, "(u)", &value); + g_variant_unref (v); + if (!data->retrieved_uid) + { + data->retrieved_uid = TRUE; + data->uid = value; + } + else + { + g_assert (!data->retrieved_pid); + data->retrieved_pid = TRUE; + data->pid = value; + } + } +} + +static gboolean +polkit_system_bus_name_get_creds_sync (PolkitSystemBusName *system_bus_name, + guint32 *out_uid, + guint32 *out_pid, + GCancellable *cancellable, + GError **error) +{ + gboolean ret = FALSE; + AsyncGetBusNameCredsData data = { 0, }; + GDBusConnection *connection = NULL; + GMainContext *tmp_context = NULL; + + connection = g_bus_get_sync (G_BUS_TYPE_SYSTEM, cancellable, error); + if (connection == NULL) + goto out; + + data.error = error; + + tmp_context = g_main_context_new (); + g_main_context_push_thread_default (tmp_context); + + /* Do two async calls as it's basically as fast as one sync call. + */ + g_dbus_connection_call (connection, + "org.freedesktop.DBus", /* name */ + "/org/freedesktop/DBus", /* object path */ + "org.freedesktop.DBus", /* interface name */ + "GetConnectionUnixUser", /* method */ + g_variant_new ("(s)", system_bus_name->name), + G_VARIANT_TYPE ("(u)"), + G_DBUS_CALL_FLAGS_NONE, + -1, + cancellable, + on_retrieved_unix_uid_pid, + &data); + g_dbus_connection_call (connection, + "org.freedesktop.DBus", /* name */ + "/org/freedesktop/DBus", /* object path */ + "org.freedesktop.DBus", /* interface name */ + "GetConnectionUnixProcessID", /* method */ + g_variant_new ("(s)", system_bus_name->name), + G_VARIANT_TYPE ("(u)"), + G_DBUS_CALL_FLAGS_NONE, + -1, + cancellable, + on_retrieved_unix_uid_pid, + &data); + + while (!((data.retrieved_uid && data.retrieved_pid) || data.caught_error)) + g_main_context_iteration (tmp_context, TRUE); + + if (out_uid) + *out_uid = data.uid; + if (out_pid) + *out_pid = data.pid; + ret = TRUE; + out: + if (tmp_context) + { + g_main_context_pop_thread_default (tmp_context); + g_main_context_unref (tmp_context); + } + if (connection != NULL) + g_object_unref (connection); + return ret; +} + /** * polkit_system_bus_name_get_process_sync: * @system_bus_name: A #PolkitSystemBusName. @@ -357,43 +467,21 @@ polkit_system_bus_name_get_process_sync (PolkitSystemBusName *system_bus_name, GCancellable *cancellable, GError **error) { - GDBusConnection *connection; - PolkitSubject *ret; - GVariant *result; + PolkitSubject *ret = NULL; guint32 pid; + guint32 uid; g_return_val_if_fail (POLKIT_IS_SYSTEM_BUS_NAME (system_bus_name), NULL); g_return_val_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable), NULL); g_return_val_if_fail (error == NULL || *error == NULL, NULL); - ret = NULL; - - connection = g_bus_get_sync (G_BUS_TYPE_SYSTEM, cancellable, error); - if (connection == NULL) + if (!polkit_system_bus_name_get_creds_sync (system_bus_name, &uid, &pid, + cancellable, error)) goto out; - result = g_dbus_connection_call_sync (connection, - "org.freedesktop.DBus", /* name */ - "/org/freedesktop/DBus", /* object path */ - "org.freedesktop.DBus", /* interface name */ - "GetConnectionUnixProcessID", /* method */ - g_variant_new ("(s)", system_bus_name->name), - G_VARIANT_TYPE ("(u)"), - G_DBUS_CALL_FLAGS_NONE, - -1, - cancellable, - error); - if (result == NULL) - goto out; - - g_variant_get (result, "(u)", &pid); - g_variant_unref (result); - - ret = polkit_unix_process_new (pid); + ret = polkit_unix_process_new_for_owner (pid, 0, uid); out: - if (connection != NULL) - g_object_unref (connection); return ret; } @@ -413,42 +501,19 @@ polkit_system_bus_name_get_user_sync (PolkitSystemBusName *system_bus_name, GCancellable *cancellable, GError **error) { - GDBusConnection *connection; - PolkitUnixUser *ret; - GVariant *result; + PolkitUnixUser *ret = NULL; guint32 uid; g_return_val_if_fail (POLKIT_IS_SYSTEM_BUS_NAME (system_bus_name), NULL); g_return_val_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable), NULL); g_return_val_if_fail (error == NULL || *error == NULL, NULL); - ret = NULL; - - connection = g_bus_get_sync (G_BUS_TYPE_SYSTEM, cancellable, error); - if (connection == NULL) - goto out; - - result = g_dbus_connection_call_sync (connection, - "org.freedesktop.DBus", /* name */ - "/org/freedesktop/DBus", /* object path */ - "org.freedesktop.DBus", /* interface name */ - "GetConnectionUnixUser", /* method */ - g_variant_new ("(s)", system_bus_name->name), - G_VARIANT_TYPE ("(u)"), - G_DBUS_CALL_FLAGS_NONE, - -1, - cancellable, - error); - if (result == NULL) + if (!polkit_system_bus_name_get_creds_sync (system_bus_name, &uid, NULL, + cancellable, error)) goto out; - g_variant_get (result, "(u)", &uid); - g_variant_unref (result); - ret = (PolkitUnixUser*)polkit_unix_user_new (uid); out: - if (connection != NULL) - g_object_unref (connection); return ret; } -- cgit v1.2.3 From 8c91fd133b9591371ac2f0718b1f18155b143205 Mon Sep 17 00:00:00 2001 From: Kay Sievers Date: Mon, 19 May 2014 10:19:49 +0900 Subject: sessionmonitor-systemd: prepare for D-Bus "user bus" model In the D-Bus "user bus" model, all sessions of a user share the same D-Bus instance, a polkit requesting process might live outside the login session which registered the user's polkit agent. In case a polkit requesting process is not part of the user's login session, we ask systemd-logind for the user's "display" session instead. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=78905 Bug-Debian: https://bugs.debian.org/779988 Applied-upstream: 0.113, commit:a68f5dfd7662767b7b9822090b70bc5bd145c50c [smcv: backport configure.ac changes; fail with #error if the required API is not found] Gbp-Pq: Topic 0.113 Gbp-Pq: Name sessionmonitor-systemd-prepare-for-D-Bus-user-bus-mo.patch --- configure.ac | 4 +++ .../polkitbackendsessionmonitor-systemd.c | 29 ++++++++++++++++++---- 2 files changed, 28 insertions(+), 5 deletions(-) diff --git a/configure.ac b/configure.ac index f4a0c417..aa2760f9 100644 --- a/configure.ac +++ b/configure.ac @@ -165,6 +165,10 @@ if test "$enable_systemd" != "no"; then have_systemd=no) if test "$have_systemd" = "yes"; then SESSION_TRACKING=systemd + save_LIBS=$LIBS + LIBS=$SYSTEMD_LIBS + AC_CHECK_FUNCS(sd_uid_get_display) + LIBS=$save_LIBS else if test "$enable_systemd" = "yes"; then AC_MSG_ERROR([systemd support requested but libsystemd-login1 library not found]) diff --git a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c index 756b728a..ebd05cea 100644 --- a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c +++ b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c @@ -318,6 +318,9 @@ polkit_backend_session_monitor_get_session_for_subject (PolkitBackendSessionMoni PolkitSubject *session = NULL; char *session_id = NULL; pid_t pid; +#if HAVE_SD_UID_GET_DISPLAY + uid_t uid; +#endif if (POLKIT_IS_UNIX_PROCESS (subject)) process = POLKIT_UNIX_PROCESS (subject); /* We already have a process */ @@ -338,16 +341,32 @@ polkit_backend_session_monitor_get_session_for_subject (PolkitBackendSessionMoni g_type_name (G_TYPE_FROM_INSTANCE (subject))); } - /* Now do process -> pid -> session */ + /* Now do process -> pid -> same session */ g_assert (process != NULL); pid = polkit_unix_process_get_pid (process); - if (sd_pid_get_session (pid, &session_id) < 0) + if (sd_pid_get_session (pid, &session_id) >= 0) + { + session = polkit_unix_session_new (session_id); + goto out; + } + +#if HAVE_SD_UID_GET_DISPLAY + /* Now do process -> uid -> graphical session (systemd version 213)*/ + if (sd_pid_get_owner_uid (pid, &uid) < 0) goto out; - - session = polkit_unix_session_new (session_id); - free (session_id); + + if (sd_uid_get_display (uid, &session_id) >= 0) + { + session = polkit_unix_session_new (session_id); + goto out; + } +#else +#error Debian should have sd_uid_get_display() +#endif + out: + free (session_id); if (tmp_process) g_object_unref (tmp_process); return session; } -- cgit v1.2.3 From 5af9f724a3982662fa505e77f0b3076baf72f05b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Tue, 26 Aug 2014 17:59:47 +0200 Subject: Refuse duplicate --user arguments to pkexec This usage is clearly erroneous, so we should tell the users they are making a mistake. Besides, this allows an attacker to cause a high number of heap allocations with attacker-controlled sizes ( http://googleprojectzero.blogspot.cz/2014/08/the-poisoned-nul-byte-2014-edition.html ), making some exploits easier. (To be clear, this is not a pkexec vulnerability, and we will not refuse attacker-affected malloc() usage as a matter of policy; but this commit is both user-friendly and adding some hardening.) Bug: https://bugs.freedesktop.org/show_bug.cgi?id=83093 Origin: upstream, 0.113, commit:6c992bc8aefa195a41eaa41c07f46f17de18e25c Gbp-Pq: Topic 0.113 Gbp-Pq: Name Refuse-duplicate-user-arguments-to-pkexec.patch --- src/programs/pkexec.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c index 5e990443..abc660df 100644 --- a/src/programs/pkexec.c +++ b/src/programs/pkexec.c @@ -533,6 +533,11 @@ main (int argc, char *argv[]) goto out; } + if (opt_user != NULL) + { + g_printerr ("--user specified twice\n"); + goto out; + } opt_user = g_strdup (argv[n]); } else if (strcmp (argv[n], "--disable-internal-agent") == 0) -- cgit v1.2.3 From f97b95f87a7fee7993e53170670daea7c46f16a4 Mon Sep 17 00:00:00 2001 From: "Max A. Dednev" Date: Sun, 11 Jan 2015 20:00:44 -0500 Subject: authority: Fix memory leak in EnumerateActions call results handler Policykit-1 doesn't release reference counters of GVariant data for org.freedesktop.PolicyKit1.Authority.EnumerateActions dbus call. This patch fixed reference counting and following memory leak. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=88288 Origin: upstream, 0.113, commit:f4d71e0de885010494b8b0b8d62ca910011d7544 Gbp-Pq: Topic 0.113 Gbp-Pq: Name 00git_fix_memleak.patch --- src/polkit/polkitauthority.c | 1 - 1 file changed, 1 deletion(-) diff --git a/src/polkit/polkitauthority.c b/src/polkit/polkitauthority.c index 9947cf32..84dab72c 100644 --- a/src/polkit/polkitauthority.c +++ b/src/polkit/polkitauthority.c @@ -715,7 +715,6 @@ polkit_authority_enumerate_actions_finish (PolkitAuthority *authority, while ((child = g_variant_iter_next_value (&iter)) != NULL) { ret = g_list_prepend (ret, polkit_action_description_new_for_gvariant (child)); - g_variant_ref_sink (child); g_variant_unref (child); } ret = g_list_reverse (ret); -- cgit v1.2.3 From b00d6d75d7c8967cb364f3dc62b1bebfa0c3645a Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Sat, 30 May 2015 09:06:23 -0400 Subject: CVE-2015-3218: backend: Handle invalid object paths in RegisterAuthenticationAgent MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Properly propagate the error, otherwise we dereference a `NULL` pointer. This is a local, authenticated DoS. `RegisterAuthenticationAgentWithOptions` and `UnregisterAuthentication` have been validated to not need changes for this. http://lists.freedesktop.org/archives/polkit-devel/2015-May/000420.html Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90829 Bug-Debian: https://bugs.debian.org/787932 Reported-by: Tavis Ormandy Reviewed-by: Philip Withnall Reviewed-by: Miloslav Trmač Signed-off-by: Colin Walters Origin: upstream, 0.113, commit:48e646918efb2bf0b3b505747655726d7869f31c Gbp-Pq: Topic 0.113 Gbp-Pq: Name 00git_invalid_object_paths.patch --- .../polkitbackendinteractiveauthority.c | 53 ++++++++++++---------- 1 file changed, 30 insertions(+), 23 deletions(-) diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c index b237e9db..25e13fb0 100644 --- a/src/polkitbackend/polkitbackendinteractiveauthority.c +++ b/src/polkitbackend/polkitbackendinteractiveauthority.c @@ -1558,36 +1558,42 @@ authentication_agent_new (PolkitSubject *scope, const gchar *unique_system_bus_name, const gchar *locale, const gchar *object_path, - GVariant *registration_options) + GVariant *registration_options, + GError **error) { AuthenticationAgent *agent; - GError *error; + GDBusProxy *proxy; - agent = g_new0 (AuthenticationAgent, 1); + if (!g_variant_is_object_path (object_path)) + { + g_set_error (error, POLKIT_ERROR, POLKIT_ERROR_FAILED, + "Invalid object path '%s'", object_path); + return NULL; + } + + proxy = g_dbus_proxy_new_for_bus_sync (G_BUS_TYPE_SYSTEM, + G_DBUS_PROXY_FLAGS_DO_NOT_LOAD_PROPERTIES | + G_DBUS_PROXY_FLAGS_DO_NOT_CONNECT_SIGNALS, + NULL, /* GDBusInterfaceInfo* */ + unique_system_bus_name, + object_path, + "org.freedesktop.PolicyKit1.AuthenticationAgent", + NULL, /* GCancellable* */ + error); + if (proxy == NULL) + { + g_prefix_error (error, "Failed to construct proxy for agent: " ); + return NULL; + } + agent = g_new0 (AuthenticationAgent, 1); agent->ref_count = 1; agent->scope = g_object_ref (scope); agent->object_path = g_strdup (object_path); agent->unique_system_bus_name = g_strdup (unique_system_bus_name); agent->locale = g_strdup (locale); agent->registration_options = registration_options != NULL ? g_variant_ref (registration_options) : NULL; - - error = NULL; - agent->proxy = g_dbus_proxy_new_for_bus_sync (G_BUS_TYPE_SYSTEM, - G_DBUS_PROXY_FLAGS_DO_NOT_LOAD_PROPERTIES | - G_DBUS_PROXY_FLAGS_DO_NOT_CONNECT_SIGNALS, - NULL, /* GDBusInterfaceInfo* */ - agent->unique_system_bus_name, - agent->object_path, - "org.freedesktop.PolicyKit1.AuthenticationAgent", - NULL, /* GCancellable* */ - &error); - if (agent->proxy == NULL) - { - g_warning ("Error constructing proxy for agent: %s", error->message); - g_error_free (error); - /* TODO: Make authentication_agent_new() return NULL and set a GError */ - } + agent->proxy = proxy; return agent; } @@ -2234,8 +2240,6 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken caller_cmdline = NULL; agent = NULL; - /* TODO: validate that object path is well-formed */ - interactive_authority = POLKIT_BACKEND_INTERACTIVE_AUTHORITY (authority); priv = POLKIT_BACKEND_INTERACTIVE_AUTHORITY_GET_PRIVATE (interactive_authority); @@ -2322,7 +2326,10 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (caller)), locale, object_path, - options); + options, + error); + if (!agent) + goto out; g_hash_table_insert (priv->hash_scope_to_authentication_agent, g_object_ref (subject), -- cgit v1.2.3 From 8e129b15c4308243c1703b1630289fa379560c8f Mon Sep 17 00:00:00 2001 From: Philip Withnall Date: Tue, 2 Jun 2015 16:19:51 +0100 Subject: sessionmonitor-systemd: Use sd_uid_get_state() to check session activity MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Instead of using sd_pid_get_session() then sd_session_is_active() to determine whether the user is active, use sd_uid_get_state() directly. This gets the maximum of the states of all the user’s sessions, rather than the state of the session containing the subject process. Since the user is the security boundary, this is fine. This change is necessary for `systemd --user` sessions, where most user code will be forked off user@.service, rather than running inside the logind session (whether that be a foreground/active or background/online session). Policy-wise, the change is from checking whether the subject process is in an active session; to checking whether the subject process is owned by a user with at least one active session. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=76358 Applied-upstream: 0.113, commit:a29653ffa99e0809e15aa34afcd7b2df8593871c Bug-Debian: https://bugs.debian.org/779988 Gbp-Pq: Topic 0.113 Gbp-Pq: Name sessionmonitor-systemd-Use-sd_uid_get_state-to-check.patch --- .../polkitbackendsessionmonitor-systemd.c | 33 +++++++++++++++++++++- 1 file changed, 32 insertions(+), 1 deletion(-) diff --git a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c index ebd05cea..6bd517ab 100644 --- a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c +++ b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c @@ -391,6 +391,37 @@ gboolean polkit_backend_session_monitor_is_session_active (PolkitBackendSessionMonitor *monitor, PolkitSubject *session) { - return sd_session_is_active (polkit_unix_session_get_session_id (POLKIT_UNIX_SESSION (session))); + const char *session_id; + char *state; + uid_t uid; + gboolean is_active = FALSE; + + session_id = polkit_unix_session_get_session_id (POLKIT_UNIX_SESSION (session)); + + g_debug ("Checking whether session %s is active.", session_id); + + /* Check whether *any* of the user's current sessions are active. */ + if (sd_session_get_uid (session_id, &uid) < 0) + goto fallback; + + g_debug ("Session %s has UID %u.", session_id, uid); + + if (sd_uid_get_state (uid, &state) < 0) + goto fallback; + + g_debug ("UID %u has state %s.", uid, state); + + is_active = (g_strcmp0 (state, "active") == 0); + free (state); + + return is_active; + +fallback: + /* Fall back to checking the session. This is not ideal, since the user + * might have multiple sessions, and we cannot guarantee to have chosen + * the active one. + * + * See: https://bugs.freedesktop.org/show_bug.cgi?id=76358. */ + return sd_session_is_active (session_id); } -- cgit v1.2.3 From 212fdba91ddc00224671f3a24796f54bdd0145ba Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Wed, 11 Jun 2014 22:36:50 +0200 Subject: Fix a possible NULL dereference. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit polkit_backend_session_monitor_get_user_for_subject() may return NULL (and because it is using external processes, we can’t really rule it out). The code was already anticipating NULL in the cleanup section, so handle it also when actually using the value. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=80767 Origin: upstream, 0.113, commit:6109543303def367b84eaac97d2ff9cefe735efb Gbp-Pq: Topic 0.113 Gbp-Pq: Name Fix-a-possible-NULL-dereference.patch --- src/polkitbackend/polkitbackendinteractiveauthority.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c index 25e13fb0..00ee0446 100644 --- a/src/polkitbackend/polkitbackendinteractiveauthority.c +++ b/src/polkitbackend/polkitbackendinteractiveauthority.c @@ -557,7 +557,11 @@ log_result (PolkitBackendInteractiveAuthority *authority, user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, subject, NULL); subject_str = polkit_subject_to_string (subject); - user_of_subject_str = polkit_identity_to_string (user_of_subject); + + if (user_of_subject != NULL) + user_of_subject_str = polkit_identity_to_string (user_of_subject); + else + user_of_subject_str = g_strdup (""); caller_str = polkit_subject_to_string (caller); subject_cmdline = _polkit_subject_get_cmdline (subject); -- cgit v1.2.3 From 01dd3dcd9d8e3ec188457afd805fbdddd001d93c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Wed, 11 Jun 2014 22:44:28 +0200 Subject: Remove a redundant assignment. Instead of a nonsensical (data = data), use the more customary ((void)data) to silence the warning about an unused parameter. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=80767 Origin: upstream, 0.113, commit:37143eb06cb0c4dffca67079dd1c10c5b191b6a7 Gbp-Pq: Topic 0.113 Gbp-Pq: Name Remove-a-redundant-assignment.patch --- src/polkitagent/polkitagenthelper-pam.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/polkitagent/polkitagenthelper-pam.c b/src/polkitagent/polkitagenthelper-pam.c index 292abbe4..937386e8 100644 --- a/src/polkitagent/polkitagenthelper-pam.c +++ b/src/polkitagent/polkitagenthelper-pam.c @@ -230,7 +230,7 @@ conversation_function (int n, const struct pam_message **msg, struct pam_respons gchar *tmp = NULL; size_t len; - data = data; + (void)data; if (n <= 0 || n > PAM_MAX_NUM_MSG) return PAM_CONV_ERR; -- cgit v1.2.3 From ebf7c94673dcb661bdaedd772662b5407efac58b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Mon, 15 Sep 2014 19:45:15 +0200 Subject: Fix duplicate GError use when "uid" is missing Some GLib versions complain loudly about this. To reproduce, call e.g. RegisterAuthenticationAgent with the following parameters: ("unix-process", {"pid": __import__('gi.repository.GLib', globals(), locals(), ['Variant']).Variant("u", 1), "start-time": __import__('gi.repository.GLib', globals(), locals(), ['Variant']).Variant("t", 1)}), "cs", "/" Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90877 Origin: upstream, 0.113, commit:2c8738941be18ef05ce724df46547f41dbc02fb5 Gbp-Pq: Topic 0.113 Gbp-Pq: Name Fix-duplicate-GError-use-when-uid-is-missing.patch --- src/polkit/polkitsubject.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/polkit/polkitsubject.c b/src/polkit/polkitsubject.c index aed57951..78ec745a 100644 --- a/src/polkit/polkitsubject.c +++ b/src/polkit/polkitsubject.c @@ -424,7 +424,7 @@ polkit_subject_new_for_gvariant (GVariant *variant, start_time = g_variant_get_uint64 (v); g_variant_unref (v); - v = lookup_asv (details_gvariant, "uid", G_VARIANT_TYPE_INT32, error); + v = lookup_asv (details_gvariant, "uid", G_VARIANT_TYPE_INT32, NULL); if (v != NULL) { uid = g_variant_get_int32 (v); -- cgit v1.2.3 From e53ebf745a5093acf567b9abd631e542ad7ae295 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Sat, 6 Jun 2015 01:07:08 +0200 Subject: Fix a crash when two authentication requests are in flight. To reproduce: 1. pkttyagent -p $$ # or another suitable PID 2. pkcheck -p $that_pid -a org.freedesktop.policykit.exec -u 3. pkcheck -p $that_pid -a org.freedesktop.policykit.exec -u 4. Then, in the pkttyagent prompt, press Enter. polkit_agent_text_listener_initiate_authentication was already setting an appropriate error code, so the g_assert was unnecessary. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90879 Origin: upstream, 0.113, commit:e2d2fafd106624ddfea4b17d3f40704b2031c00b Gbp-Pq: Topic 0.113 Gbp-Pq: Name Fix-a-crash-when-two-authentication-requests-are-in-.patch --- src/polkitagent/polkitagenttextlistener.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/src/polkitagent/polkitagenttextlistener.c b/src/polkitagent/polkitagenttextlistener.c index b5c8a3f3..e63c2853 100644 --- a/src/polkitagent/polkitagenttextlistener.c +++ b/src/polkitagent/polkitagenttextlistener.c @@ -546,12 +546,10 @@ polkit_agent_text_listener_initiate_authentication_finish (PolkitAgentListener GAsyncResult *res, GError **error) { - PolkitAgentTextListener *listener = POLKIT_AGENT_TEXT_LISTENER (_listener); gboolean ret; g_warn_if_fail (g_simple_async_result_get_source_tag (G_SIMPLE_ASYNC_RESULT (res)) == polkit_agent_text_listener_initiate_authentication); - g_assert (listener->active_session == NULL); ret = FALSE; -- cgit v1.2.3 From 2edd2302f53e60870e15e37e526c67a2cda8af73 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Thu, 4 Jun 2015 12:15:18 -0400 Subject: CVE-2015-4625: Use unpredictable cookie values, keep them secret MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Tavis noted that it'd be possible with a 32 bit counter for someone to cause the cookie to wrap by creating Authentication requests in a loop. Something important to note here is that wrapping of signed integers is undefined behavior in C, so we definitely want to fix that. All counter integers used in this patch are unsigned. See the comment above `authentication_agent_generate_cookie` for details, but basically we're now using a cookie of the form: ``` - - - ``` Which has multiple 64 bit counters, plus unpredictable random 128 bit integer ids (effectively UUIDs, but we're not calling them that because we don't need to be globally unique. We further ensure that the cookies are not visible to other processes by changing the setuid helper to accept them over standard input. This means that an attacker would have to guess both ids. In any case, the security hole here is better fixed with the other change to bind user id (uid) of the agent with cookie lookups, making cookie guessing worthless. Nevertheless, I think it's worth doing this change too, for defense in depth. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90832 CVE: CVE-2015-4625 Reported-by: Tavis Ormandy Reviewed-by: Miloslav Trmač Signed-off-by: Colin Walters Origin: upstream, 0.113, commit:ea544ffc18405237ccd95d28d7f45afef49aca17 Bug-Debian: https://bugs.debian.org/796134 Gbp-Pq: Topic 0.113 Gbp-Pq: Name CVE-2015-4625-Use-unpredictable-cookie-values-keep-t.patch --- configure.ac | 2 +- src/polkitagent/polkitagenthelper-pam.c | 12 ++- src/polkitagent/polkitagenthelper-shadow.c | 12 ++- src/polkitagent/polkitagenthelperprivate.c | 33 ++++++++ src/polkitagent/polkitagenthelperprivate.h | 2 + src/polkitagent/polkitagentsession.c | 30 ++++--- .../polkitbackendinteractiveauthority.c | 99 +++++++++++++++++----- 7 files changed, 150 insertions(+), 40 deletions(-) diff --git a/configure.ac b/configure.ac index aa2760f9..388605d2 100644 --- a/configure.ac +++ b/configure.ac @@ -123,7 +123,7 @@ if test "x$GCC" = "xyes"; then changequote([,])dnl fi -PKG_CHECK_MODULES(GLIB, [gio-2.0 >= 2.28.0]) +PKG_CHECK_MODULES(GLIB, [gmodule-2.0 gio-unix-2.0 >= 2.30.0]) AC_SUBST(GLIB_CFLAGS) AC_SUBST(GLIB_LIBS) diff --git a/src/polkitagent/polkitagenthelper-pam.c b/src/polkitagent/polkitagenthelper-pam.c index 937386e8..19062aa8 100644 --- a/src/polkitagent/polkitagenthelper-pam.c +++ b/src/polkitagent/polkitagenthelper-pam.c @@ -65,7 +65,7 @@ main (int argc, char *argv[]) { int rc; const char *user_to_auth; - const char *cookie; + char *cookie = NULL; struct pam_conv pam_conversation; pam_handle_t *pam_h; const void *authed_user; @@ -97,7 +97,7 @@ main (int argc, char *argv[]) openlog ("polkit-agent-helper-1", LOG_CONS | LOG_PID, LOG_AUTHPRIV); /* check for correct invocation */ - if (argc != 3) + if (!(argc == 2 || argc == 3)) { syslog (LOG_NOTICE, "inappropriate use of helper, wrong number of arguments [uid=%d]", getuid ()); fprintf (stderr, "polkit-agent-helper-1: wrong number of arguments. This incident has been logged.\n"); @@ -105,7 +105,10 @@ main (int argc, char *argv[]) } user_to_auth = argv[1]; - cookie = argv[2]; + + cookie = read_cookie (argc, argv); + if (!cookie) + goto error; if (getuid () != 0) { @@ -203,6 +206,8 @@ main (int argc, char *argv[]) goto error; } + free (cookie); + #ifdef PAH_DEBUG fprintf (stderr, "polkit-agent-helper-1: successfully sent D-Bus message to PolicyKit daemon\n"); #endif /* PAH_DEBUG */ @@ -212,6 +217,7 @@ main (int argc, char *argv[]) return 0; error: + free (cookie); if (pam_h != NULL) pam_end (pam_h, rc); diff --git a/src/polkitagent/polkitagenthelper-shadow.c b/src/polkitagent/polkitagenthelper-shadow.c index a4f73acf..e8779154 100644 --- a/src/polkitagent/polkitagenthelper-shadow.c +++ b/src/polkitagent/polkitagenthelper-shadow.c @@ -46,7 +46,7 @@ main (int argc, char *argv[]) { struct spwd *shadow; const char *user_to_auth; - const char *cookie; + char *cookie = NULL; time_t now; /* clear the entire environment to avoid attacks with @@ -67,7 +67,7 @@ main (int argc, char *argv[]) openlog ("polkit-agent-helper-1", LOG_CONS | LOG_PID, LOG_AUTHPRIV); /* check for correct invocation */ - if (argc != 3) + if (!(argc == 2 || argc == 3)) { syslog (LOG_NOTICE, "inappropriate use of helper, wrong number of arguments [uid=%d]", getuid ()); fprintf (stderr, "polkit-agent-helper-1: wrong number of arguments. This incident has been logged.\n"); @@ -86,7 +86,10 @@ main (int argc, char *argv[]) } user_to_auth = argv[1]; - cookie = argv[2]; + + cookie = read_cookie (argc, argv); + if (!cookie) + goto error; #ifdef PAH_DEBUG fprintf (stderr, "polkit-agent-helper-1: user to auth is '%s'.\n", user_to_auth); @@ -153,6 +156,8 @@ main (int argc, char *argv[]) goto error; } + free (cookie); + #ifdef PAH_DEBUG fprintf (stderr, "polkit-agent-helper-1: successfully sent D-Bus message to PolicyKit daemon\n"); #endif /* PAH_DEBUG */ @@ -162,6 +167,7 @@ main (int argc, char *argv[]) return 0; error: + free (cookie); fprintf (stdout, "FAILURE\n"); flush_and_wait (); return 1; diff --git a/src/polkitagent/polkitagenthelperprivate.c b/src/polkitagent/polkitagenthelperprivate.c index 4417e70f..a99de7dd 100644 --- a/src/polkitagent/polkitagenthelperprivate.c +++ b/src/polkitagent/polkitagenthelperprivate.c @@ -23,6 +23,7 @@ #include "config.h" #include "polkitagenthelperprivate.h" #include +#include #include #include @@ -45,6 +46,38 @@ _polkit_clearenv (void) #endif +char * +read_cookie (int argc, char **argv) +{ + /* As part of CVE-2015-4625, we started passing the cookie + * on standard input, to ensure it's not visible to other + * processes. However, to ensure that things continue + * to work if the setuid binary is upgraded while old + * agents are still running (this will be common with + * package managers), we support both modes. + */ + if (argc == 3) + return strdup (argv[2]); + else + { + char *ret = NULL; + size_t n = 0; + ssize_t r = getline (&ret, &n, stdin); + if (r == -1) + { + if (!feof (stdin)) + perror ("getline"); + free (ret); + return NULL; + } + else + { + g_strchomp (ret); + return ret; + } + } +} + gboolean send_dbus_message (const char *cookie, const char *user) { diff --git a/src/polkitagent/polkitagenthelperprivate.h b/src/polkitagent/polkitagenthelperprivate.h index aeca2c74..547fdccf 100644 --- a/src/polkitagent/polkitagenthelperprivate.h +++ b/src/polkitagent/polkitagenthelperprivate.h @@ -38,6 +38,8 @@ int _polkit_clearenv (void); +char *read_cookie (int argc, char **argv); + gboolean send_dbus_message (const char *cookie, const char *user); void flush_and_wait (); diff --git a/src/polkitagent/polkitagentsession.c b/src/polkitagent/polkitagentsession.c index a658a229..6a3d6bc9 100644 --- a/src/polkitagent/polkitagentsession.c +++ b/src/polkitagent/polkitagentsession.c @@ -55,6 +55,7 @@ #include #include #include +#include #include #include "polkitagentmarshal.h" @@ -88,7 +89,7 @@ struct _PolkitAgentSession gchar *cookie; PolkitIdentity *identity; - int child_stdin; + GOutputStream *child_stdin; int child_stdout; GPid child_pid; @@ -129,7 +130,6 @@ G_DEFINE_TYPE (PolkitAgentSession, polkit_agent_session, G_TYPE_OBJECT); static void polkit_agent_session_init (PolkitAgentSession *session) { - session->child_stdin = -1; session->child_stdout = -1; } @@ -395,11 +395,7 @@ kill_helper (PolkitAgentSession *session) session->child_stdout = -1; } - if (session->child_stdin != -1) - { - g_warn_if_fail (close (session->child_stdin) == 0); - session->child_stdin = -1; - } + g_clear_object (&session->child_stdin); session->helper_is_running = FALSE; @@ -545,9 +541,9 @@ polkit_agent_session_response (PolkitAgentSession *session, add_newline = (response[response_len] != '\n'); - write (session->child_stdin, response, response_len); + (void) g_output_stream_write_all (session->child_stdin, response, response_len, NULL, NULL, NULL); if (add_newline) - write (session->child_stdin, newline, 1); + (void) g_output_stream_write_all (session->child_stdin, newline, 1, NULL, NULL, NULL); } /** @@ -567,8 +563,9 @@ polkit_agent_session_initiate (PolkitAgentSession *session) { uid_t uid; GError *error; - gchar *helper_argv[4]; + gchar *helper_argv[3]; struct passwd *passwd; + int stdin_fd = -1; g_return_if_fail (POLKIT_AGENT_IS_SESSION (session)); @@ -600,10 +597,8 @@ polkit_agent_session_initiate (PolkitAgentSession *session) helper_argv[0] = PACKAGE_LIBEXEC_DIR "/polkit-agent-helper-1"; helper_argv[1] = passwd->pw_name; - helper_argv[2] = session->cookie; - helper_argv[3] = NULL; + helper_argv[2] = NULL; - session->child_stdin = -1; session->child_stdout = -1; error = NULL; @@ -615,7 +610,7 @@ polkit_agent_session_initiate (PolkitAgentSession *session) NULL, NULL, &session->child_pid, - &session->child_stdin, + &stdin_fd, &session->child_stdout, NULL, &error)) @@ -628,6 +623,13 @@ polkit_agent_session_initiate (PolkitAgentSession *session) if (G_UNLIKELY (_show_debug ())) g_print ("PolkitAgentSession: spawned helper with pid %d\n", (gint) session->child_pid); + session->child_stdin = (GOutputStream*)g_unix_output_stream_new (stdin_fd, TRUE); + + /* Write the cookie on stdin so it can't be seen by other processes */ + (void) g_output_stream_write_all (session->child_stdin, session->cookie, strlen (session->cookie), + NULL, NULL, NULL); + (void) g_output_stream_write_all (session->child_stdin, "\n", 1, NULL, NULL, NULL); + session->child_stdout_channel = g_io_channel_unix_new (session->child_stdout); session->child_stdout_watch_source = g_io_create_watch (session->child_stdout_channel, G_IO_IN | G_IO_ERR | G_IO_HUP); diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c index 00ee0446..10eda2c7 100644 --- a/src/polkitbackend/polkitbackendinteractiveauthority.c +++ b/src/polkitbackend/polkitbackendinteractiveauthority.c @@ -212,6 +212,8 @@ typedef struct GDBusConnection *system_bus_connection; guint name_owner_changed_signal_id; + + guint64 agent_serial; } PolkitBackendInteractiveAuthorityPrivate; /* ---------------------------------------------------------------------------------------------------- */ @@ -430,11 +432,15 @@ struct AuthenticationAgent volatile gint ref_count; PolkitSubject *scope; + guint64 serial; gchar *locale; GVariant *registration_options; gchar *object_path; gchar *unique_system_bus_name; + GRand *cookie_pool; + gchar *cookie_prefix; + guint64 cookie_serial; GDBusProxy *proxy; @@ -1430,9 +1436,54 @@ authentication_session_cancelled_cb (GCancellable *cancellable, authentication_session_cancel (session); } +/* We're not calling this a UUID, but it's basically + * the same thing, just not formatted that way because: + * + * - I'm too lazy to do it + * - If we did, people might think it was actually + * generated from /dev/random, which we're not doing + * because this value doesn't actually need to be + * globally unique. + */ +static void +append_rand_u128_str (GString *buf, + GRand *pool) +{ + g_string_append_printf (buf, "%08x%08x%08x%08x", + g_rand_int (pool), + g_rand_int (pool), + g_rand_int (pool), + g_rand_int (pool)); +} + +/* A value that should be unique to the (AuthenticationAgent, AuthenticationSession) + * pair, and not guessable by other agents. + * + * - - - + * + * See http://lists.freedesktop.org/archives/polkit-devel/2015-June/000425.html + * + */ +static gchar * +authentication_agent_generate_cookie (AuthenticationAgent *agent) +{ + GString *buf = g_string_new (""); + + g_string_append (buf, agent->cookie_prefix); + + g_string_append_c (buf, '-'); + agent->cookie_serial++; + g_string_append_printf (buf, "%" G_GUINT64_FORMAT, + agent->cookie_serial); + g_string_append_c (buf, '-'); + append_rand_u128_str (buf, agent->cookie_pool); + + return g_string_free (buf, FALSE); +} + + static AuthenticationSession * authentication_session_new (AuthenticationAgent *agent, - const gchar *cookie, PolkitSubject *subject, PolkitIdentity *user_of_subject, PolkitSubject *caller, @@ -1449,7 +1500,7 @@ authentication_session_new (AuthenticationAgent *agent, session = g_new0 (AuthenticationSession, 1); session->agent = authentication_agent_ref (agent); - session->cookie = g_strdup (cookie); + session->cookie = authentication_agent_generate_cookie (agent); session->subject = g_object_ref (subject); session->user_of_subject = g_object_ref (user_of_subject); session->caller = g_object_ref (caller); @@ -1496,16 +1547,6 @@ authentication_session_free (AuthenticationSession *session) g_free (session); } -static gchar * -authentication_agent_new_cookie (AuthenticationAgent *agent) -{ - static gint counter = 0; - - /* TODO: use a more random-looking cookie */ - - return g_strdup_printf ("cookie%d", counter++); -} - static PolkitSubject * authentication_agent_get_scope (AuthenticationAgent *agent) { @@ -1553,12 +1594,15 @@ authentication_agent_unref (AuthenticationAgent *agent) g_free (agent->unique_system_bus_name); if (agent->registration_options != NULL) g_variant_unref (agent->registration_options); + g_rand_free (agent->cookie_pool); + g_free (agent->cookie_prefix); g_free (agent); } } static AuthenticationAgent * -authentication_agent_new (PolkitSubject *scope, +authentication_agent_new (guint64 serial, + PolkitSubject *scope, const gchar *unique_system_bus_name, const gchar *locale, const gchar *object_path, @@ -1592,6 +1636,7 @@ authentication_agent_new (PolkitSubject *scope, agent = g_new0 (AuthenticationAgent, 1); agent->ref_count = 1; + agent->serial = serial; agent->scope = g_object_ref (scope); agent->object_path = g_strdup (object_path); agent->unique_system_bus_name = g_strdup (unique_system_bus_name); @@ -1599,6 +1644,25 @@ authentication_agent_new (PolkitSubject *scope, agent->registration_options = registration_options != NULL ? g_variant_ref (registration_options) : NULL; agent->proxy = proxy; + { + GString *cookie_prefix = g_string_new (""); + GRand *agent_private_rand = g_rand_new (); + + g_string_append_printf (cookie_prefix, "%" G_GUINT64_FORMAT "-", agent->serial); + + /* Use a uniquely seeded PRNG to get a prefix cookie for this agent, + * whose sequence will not correlate with the per-authentication session + * cookies. + */ + append_rand_u128_str (cookie_prefix, agent_private_rand); + g_rand_free (agent_private_rand); + + agent->cookie_prefix = g_string_free (cookie_prefix, FALSE); + + /* And a newly seeded pool for per-session cookies */ + agent->cookie_pool = g_rand_new (); + } + return agent; } @@ -2083,7 +2147,6 @@ authentication_agent_initiate_challenge (AuthenticationAgent *agent, gpointer user_data) { AuthenticationSession *session; - gchar *cookie; GList *l; GList *identities; gchar *localized_message; @@ -2104,8 +2167,6 @@ authentication_agent_initiate_challenge (AuthenticationAgent *agent, &localized_icon_name, &localized_details); - cookie = authentication_agent_new_cookie (agent); - identities = NULL; /* select admin user if required by the implicit authorization */ @@ -2125,7 +2186,6 @@ authentication_agent_initiate_challenge (AuthenticationAgent *agent, } session = authentication_session_new (agent, - cookie, subject, user_of_subject, caller, @@ -2179,7 +2239,6 @@ authentication_agent_initiate_challenge (AuthenticationAgent *agent, g_list_foreach (identities, (GFunc) g_object_unref, NULL); g_list_free (identities); - g_free (cookie); g_free (localized_message); g_free (localized_icon_name); @@ -2326,7 +2385,9 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken goto out; } - agent = authentication_agent_new (subject, + priv->agent_serial++; + agent = authentication_agent_new (priv->agent_serial, + subject, polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (caller)), locale, object_path, -- cgit v1.2.3 From 65645ebc9aed92ea301ea041b603b17788d9dbe0 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Wed, 17 Jun 2015 13:07:02 -0400 Subject: CVE-2015-4625: Bind use of cookies to specific uids MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit http://lists.freedesktop.org/archives/polkit-devel/2015-June/000425.html The "cookie" value that Polkit hands out is global to all polkit users. And when `AuthenticationAgentResponse` is invoked, we previously only received the cookie and *target* identity, and attempted to find an agent from that. The problem is that the current cookie is just an integer counter, and if it overflowed, it would be possible for an successful authorization in one session to trigger a response in another session. The overflow and ability to guess the cookie were fixed by the previous patch. This patch is conceptually further hardening on top of that. Polkit currently treats uids as equivalent from a security domain perspective; there is no support for SELinux/AppArmor/etc. differentiation. We can retrieve the uid from `getuid()` in the setuid helper, which allows us to ensure the uid invoking `AuthenticationAgentResponse2` matches that of the agent. Then the authority only looks at authentication sessions matching the cookie that were created by a matching uid, thus removing the ability for different uids to interfere with each other entirely. Several fixes to this patch were contributed by: Miloslav Trmač Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90837 CVE: CVE-2015-4625 Reported-by: Tavis Ormandy Reviewed-by: Miloslav Trmač Signed-off-by: Colin Walters Origin: upstream, 0.113, commit:493aa5dc1d278ab9097110c1262f5229bbaf1766 Bug-Debian: https://bugs.debian.org/796134 Gbp-Pq: Topic 0.113 Gbp-Pq: Name CVE-2015-4625-Bind-use-of-cookies-to-specific-uids.patch --- ....freedesktop.PolicyKit1.AuthenticationAgent.xml | 14 ++++- data/org.freedesktop.PolicyKit1.Authority.xml | 24 ++++++++- ...erface-org.freedesktop.PolicyKit1.Authority.xml | 46 +++++++++++++++- docs/polkit/overview.xml | 18 ++++--- src/polkit/polkitauthority.c | 13 ++++- src/polkitbackend/polkitbackendauthority.c | 61 +++++++++++++++++++++- src/polkitbackend/polkitbackendauthority.h | 2 + .../polkitbackendinteractiveauthority.c | 39 ++++++++++++-- 8 files changed, 198 insertions(+), 19 deletions(-) diff --git a/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml b/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml index 3b519c2f..5beef7d4 100644 --- a/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml +++ b/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml @@ -8,7 +8,19 @@ - + diff --git a/data/org.freedesktop.PolicyKit1.Authority.xml b/data/org.freedesktop.PolicyKit1.Authority.xml index fbfb9cdc..f9021ee2 100644 --- a/data/org.freedesktop.PolicyKit1.Authority.xml +++ b/data/org.freedesktop.PolicyKit1.Authority.xml @@ -313,7 +313,29 @@ - + + + + + + + + + + + + + + + + + + diff --git a/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml b/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml index 6525e250..e66bf534 100644 --- a/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml +++ b/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml @@ -42,6 +42,8 @@ Structure TemporaryAuth IN String object_path) AuthenticationAgentResponse (IN String cookie, IN Identity identity) +AuthenticationAgentResponse2 (IN uint32 uid, IN String cookie, + IN Identity identity) EnumerateTemporaryAuthorizations (IN Subject subject, OUT Array<TemporaryAuthorization> temporary_authorizations) RevokeTemporaryAuthorizations (IN Subject subject) @@ -777,9 +779,51 @@ AuthenticationAgentResponse (IN String cookie, IN Identity identity) -Method for authentication agents to invoke on successful authentication. This method will fail unless a sufficiently privileged caller invokes it. +Method for authentication agents to invoke on successful +authentication, intended only for use by a privileged helper process +internal to polkit. Deprecated in favor of AuthenticationAgentResponse2. + + + + IN String cookie: + + +The cookie identifying the authentication request that was passed to the authentication agent. + + + + + IN Identity identity: + + +A Identity struct describing what identity was authenticated. + + + + + + + AuthenticationAgentResponse2 () + +AuthenticationAgentResponse2 (IN uint32 uid, + IN String cookie, + IN Identity identity) + + +Method for authentication agents to invoke on successful +authentication, intended only for use by a privileged helper process +internal to polkit. Note this method was introduced in 0.114 to fix a security issue. + + IN uint32 uid: + + +The user id of the agent; normally this is the owner of the parent pid +of the process that invoked the internal setuid helper. + + + IN String cookie: diff --git a/docs/polkit/overview.xml b/docs/polkit/overview.xml index 24440d2e..c29d8da2 100644 --- a/docs/polkit/overview.xml +++ b/docs/polkit/overview.xml @@ -66,16 +66,18 @@ Authentication agents are provided by desktop environments. When an user session starts, the agent registers with the polkit - Authority using - the RegisterAuthenticationAgent() + Authority using the RegisterAuthenticationAgent() method. When services are needed, the authority will invoke - methods on - the org.freedesktop.PolicyKit1.AuthenticationAgent + methods on the org.freedesktop.PolicyKit1.AuthenticationAgent D-Bus interface. Once the user is authenticated, (a privileged - part of) the agent invokes - the AuthenticationAgentResponse() - method. Note that the polkit Authority itself does not care - how the agent authenticates the user. + part of) the agent invokes the AuthenticationAgentResponse() + method. This method should be treated as an internal + implementation detail, and callers should use the public shared + library API to invoke it, which currently uses a setuid helper + program. The libpolkit-agent-1 diff --git a/src/polkit/polkitauthority.c b/src/polkit/polkitauthority.c index 84dab72c..f45abc4a 100644 --- a/src/polkit/polkitauthority.c +++ b/src/polkit/polkitauthority.c @@ -1492,6 +1492,14 @@ polkit_authority_authentication_agent_response (PolkitAuthority *authority, gpointer user_data) { GVariant *identity_value; + /* Note that in reality, this API is only accessible to root, and + * only called from the setuid helper `polkit-agent-helper-1`. + * + * However, because this is currently public API, we avoid + * triggering warnings from ABI diff type programs by just grabbing + * the real uid of the caller here. + */ + uid_t uid = getuid (); g_return_if_fail (POLKIT_IS_AUTHORITY (authority)); g_return_if_fail (cookie != NULL); @@ -1501,8 +1509,9 @@ polkit_authority_authentication_agent_response (PolkitAuthority *authority, identity_value = polkit_identity_to_gvariant (identity); g_variant_ref_sink (identity_value); g_dbus_proxy_call (authority->proxy, - "AuthenticationAgentResponse", - g_variant_new ("(s@(sa{sv}))", + "AuthenticationAgentResponse2", + g_variant_new ("(us@(sa{sv}))", + (guint32)uid, cookie, identity_value), G_DBUS_CALL_FLAGS_NONE, diff --git a/src/polkitbackend/polkitbackendauthority.c b/src/polkitbackend/polkitbackendauthority.c index fd4f161c..d1b1a257 100644 --- a/src/polkitbackend/polkitbackendauthority.c +++ b/src/polkitbackend/polkitbackendauthority.c @@ -355,6 +355,7 @@ polkit_backend_authority_unregister_authentication_agent (PolkitBackendAuthority gboolean polkit_backend_authority_authentication_agent_response (PolkitBackendAuthority *authority, PolkitSubject *caller, + uid_t uid, const gchar *cookie, PolkitIdentity *identity, GError **error) @@ -373,7 +374,7 @@ polkit_backend_authority_authentication_agent_response (PolkitBackendAuthority } else { - return klass->authentication_agent_response (authority, caller, cookie, identity, error); + return klass->authentication_agent_response (authority, caller, uid, cookie, identity, error); } } @@ -587,6 +588,11 @@ static const gchar *server_introspection_data = " " " " " " + " " + " " + " " + " " + " " " " " " " " @@ -1035,6 +1041,57 @@ server_handle_authentication_agent_response (Server *server, error = NULL; if (!polkit_backend_authority_authentication_agent_response (server->authority, caller, + (uid_t)-1, + cookie, + identity, + &error)) + { + g_dbus_method_invocation_return_gerror (invocation, error); + g_error_free (error); + goto out; + } + + g_dbus_method_invocation_return_value (invocation, g_variant_new ("()")); + + out: + if (identity != NULL) + g_object_unref (identity); +} + +static void +server_handle_authentication_agent_response2 (Server *server, + GVariant *parameters, + PolkitSubject *caller, + GDBusMethodInvocation *invocation) +{ + const gchar *cookie; + GVariant *identity_gvariant; + PolkitIdentity *identity; + GError *error; + guint32 uid; + + identity = NULL; + + g_variant_get (parameters, + "(u&s@(sa{sv}))", + &uid, + &cookie, + &identity_gvariant); + + error = NULL; + identity = polkit_identity_new_for_gvariant (identity_gvariant, &error); + if (identity == NULL) + { + g_prefix_error (&error, "Error getting identity: "); + g_dbus_method_invocation_return_gerror (invocation, error); + g_error_free (error); + goto out; + } + + error = NULL; + if (!polkit_backend_authority_authentication_agent_response (server->authority, + caller, + (uid_t)uid, cookie, identity, &error)) @@ -1222,6 +1279,8 @@ server_handle_method_call (GDBusConnection *connection, server_handle_unregister_authentication_agent (server, parameters, caller, invocation); else if (g_strcmp0 (method_name, "AuthenticationAgentResponse") == 0) server_handle_authentication_agent_response (server, parameters, caller, invocation); + else if (g_strcmp0 (method_name, "AuthenticationAgentResponse2") == 0) + server_handle_authentication_agent_response2 (server, parameters, caller, invocation); else if (g_strcmp0 (method_name, "EnumerateTemporaryAuthorizations") == 0) server_handle_enumerate_temporary_authorizations (server, parameters, caller, invocation); else if (g_strcmp0 (method_name, "RevokeTemporaryAuthorizations") == 0) diff --git a/src/polkitbackend/polkitbackendauthority.h b/src/polkitbackend/polkitbackendauthority.h index a564054f..1c212e0d 100644 --- a/src/polkitbackend/polkitbackendauthority.h +++ b/src/polkitbackend/polkitbackendauthority.h @@ -154,6 +154,7 @@ struct _PolkitBackendAuthorityClass gboolean (*authentication_agent_response) (PolkitBackendAuthority *authority, PolkitSubject *caller, + uid_t uid, const gchar *cookie, PolkitIdentity *identity, GError **error); @@ -256,6 +257,7 @@ gboolean polkit_backend_authority_unregister_authentication_agent (PolkitBackend gboolean polkit_backend_authority_authentication_agent_response (PolkitBackendAuthority *authority, PolkitSubject *caller, + uid_t uid, const gchar *cookie, PolkitIdentity *identity, GError **error); diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c index 10eda2c7..5e29af2c 100644 --- a/src/polkitbackend/polkitbackendinteractiveauthority.c +++ b/src/polkitbackend/polkitbackendinteractiveauthority.c @@ -106,8 +106,9 @@ static AuthenticationAgent *get_authentication_agent_for_subject (PolkitBackendI PolkitSubject *subject); -static AuthenticationSession *get_authentication_session_for_cookie (PolkitBackendInteractiveAuthority *authority, - const gchar *cookie); +static AuthenticationSession *get_authentication_session_for_uid_and_cookie (PolkitBackendInteractiveAuthority *authority, + uid_t uid, + const gchar *cookie); static GList *get_authentication_sessions_initiated_by_system_bus_unique_name (PolkitBackendInteractiveAuthority *authority, const gchar *system_bus_unique_name); @@ -167,6 +168,7 @@ static gboolean polkit_backend_interactive_authority_unregister_authentication_a static gboolean polkit_backend_interactive_authority_authentication_agent_response (PolkitBackendAuthority *authority, PolkitSubject *caller, + uid_t uid, const gchar *cookie, PolkitIdentity *identity, GError **error); @@ -431,6 +433,7 @@ struct AuthenticationAgent { volatile gint ref_count; + uid_t creator_uid; PolkitSubject *scope; guint64 serial; @@ -1603,6 +1606,7 @@ authentication_agent_unref (AuthenticationAgent *agent) static AuthenticationAgent * authentication_agent_new (guint64 serial, PolkitSubject *scope, + PolkitIdentity *creator, const gchar *unique_system_bus_name, const gchar *locale, const gchar *object_path, @@ -1611,6 +1615,10 @@ authentication_agent_new (guint64 serial, { AuthenticationAgent *agent; GDBusProxy *proxy; + PolkitUnixUser *creator_user; + + g_assert (POLKIT_IS_UNIX_USER (creator)); + creator_user = POLKIT_UNIX_USER (creator); if (!g_variant_is_object_path (object_path)) { @@ -1638,6 +1646,7 @@ authentication_agent_new (guint64 serial, agent->ref_count = 1; agent->serial = serial; agent->scope = g_object_ref (scope); + agent->creator_uid = (uid_t)polkit_unix_user_get_uid (creator_user); agent->object_path = g_strdup (object_path); agent->unique_system_bus_name = g_strdup (unique_system_bus_name); agent->locale = g_strdup (locale); @@ -1736,8 +1745,9 @@ get_authentication_agent_for_subject (PolkitBackendInteractiveAuthority *authori } static AuthenticationSession * -get_authentication_session_for_cookie (PolkitBackendInteractiveAuthority *authority, - const gchar *cookie) +get_authentication_session_for_uid_and_cookie (PolkitBackendInteractiveAuthority *authority, + uid_t uid, + const gchar *cookie) { PolkitBackendInteractiveAuthorityPrivate *priv; GHashTableIter hash_iter; @@ -1755,6 +1765,23 @@ get_authentication_session_for_cookie (PolkitBackendInteractiveAuthority *author { GList *l; + /* We need to ensure that if somehow we have duplicate cookies + * due to wrapping, that the cookie used is matched to the user + * who called AuthenticationAgentResponse2. See + * http://lists.freedesktop.org/archives/polkit-devel/2015-June/000425.html + * + * Except if the legacy AuthenticationAgentResponse is invoked, + * we don't know the uid and hence use -1. Continue to support + * the old behavior for backwards compatibility, although everyone + * who is using our own setuid helper will automatically be updated + * to the new API. + */ + if (uid != (uid_t)-1) + { + if (agent->creator_uid != uid) + continue; + } + for (l = agent->active_sessions; l != NULL; l = l->next) { AuthenticationSession *session = l->data; @@ -2388,6 +2415,7 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken priv->agent_serial++; agent = authentication_agent_new (priv->agent_serial, subject, + user_of_caller, polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (caller)), locale, object_path, @@ -2601,6 +2629,7 @@ polkit_backend_interactive_authority_unregister_authentication_agent (PolkitBack static gboolean polkit_backend_interactive_authority_authentication_agent_response (PolkitBackendAuthority *authority, PolkitSubject *caller, + uid_t uid, const gchar *cookie, PolkitIdentity *identity, GError **error) @@ -2643,7 +2672,7 @@ polkit_backend_interactive_authority_authentication_agent_response (PolkitBacken } /* find the authentication session */ - session = get_authentication_session_for_cookie (interactive_authority, cookie); + session = get_authentication_session_for_uid_and_cookie (interactive_authority, uid, cookie); if (session == NULL) { g_set_error (error, -- cgit v1.2.3 From 7f0d09c2f0ee445fd0358c16f8d1ab9b937b9134 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Wed, 17 Jun 2015 01:01:27 +0200 Subject: docs: Update for changes to uid binding/AuthenticationAgentResponse2 - Refer to PolkitAgentSession in general instead of to _response only - Revert to the original description of authentication cancellation, the agent really needs to return an error to the caller (in addition to dealing with the session if any). - Explicitly document the UID assumption; in the process fixing bug #69980. - Keep documenting that we need a sufficiently privileged caller. - Refer to the ...Response2 API in more places. - Also update docbook documentation. - Drop a paragraph suggesting non-PolkitAgentSession implementations are expected and commonplace. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90837 Reviewed-by: Colin Walters Origin: upstream, 0.113, commit:fb5076b7c05d01a532d593a4079a29cf2d63a228 Bug-Debian: https://bugs.debian.org/796134 Gbp-Pq: Topic 0.113 Gbp-Pq: Name docs-Update-for-changes-to-uid-binding-Authenticatio.patch --- ....freedesktop.PolicyKit1.AuthenticationAgent.xml | 6 +++--- data/org.freedesktop.PolicyKit1.Authority.xml | 11 ++++++---- ....freedesktop.PolicyKit1.AuthenticationAgent.xml | 7 +++++-- ...erface-org.freedesktop.PolicyKit1.Authority.xml | 12 +++++++---- docs/polkit/overview.xml | 8 ++++---- src/polkit/polkitauthority.c | 24 ++++++++++++++++++++-- src/polkitagent/polkitagentlistener.c | 5 +---- src/polkitbackend/polkitbackendauthority.c | 1 + 8 files changed, 51 insertions(+), 23 deletions(-) diff --git a/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml b/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml index 5beef7d4..482332f6 100644 --- a/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml +++ b/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml @@ -13,14 +13,14 @@ user to authenticate as one of the identities in @identities for the action with the identifier @action_id.This authentication is normally achieved via the - polkit_agent_session_response() API, which invokes a private + PolkitAgentSession API, which invokes a private setuid helper process to verify the authentication. When successful, it calls the org.freedesktop.PolicyKit1.Authority.AuthenticationAgentResponse2() method on the #org.freedesktop.PolicyKit1.Authority interface of the PolicyKit daemon before returning. If the user dismisses the - authentication dialog, the authentication agent should call - polkit_agent_session_cancel()."/> + authentication dialog, the authentication agent should return an + error."/> diff --git a/data/org.freedesktop.PolicyKit1.Authority.xml b/data/org.freedesktop.PolicyKit1.Authority.xml index f9021ee2..88da3c05 100644 --- a/data/org.freedesktop.PolicyKit1.Authority.xml +++ b/data/org.freedesktop.PolicyKit1.Authority.xml @@ -283,7 +283,7 @@ - + @@ -315,7 +315,8 @@ +internal to polkit. This method will fail unless a sufficiently privileged +caller invokes it. Deprecated in favor of org.freedesktop.PolicyKit1.Authority.AuthenticationAgentResponse2."/> @@ -330,11 +331,13 @@ internal to polkit."/> - + diff --git a/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.AuthenticationAgent.xml b/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.AuthenticationAgent.xml index ec596268..ab27b2f6 100644 --- a/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.AuthenticationAgent.xml +++ b/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.AuthenticationAgent.xml @@ -47,10 +47,13 @@ BeginAuthentication (IN String action_id, identifier action_id.Upon succesful authentication, the authentication agent must invoke the AuthenticationAgentResponse() + linkend="eggdbus-method-org.freedesktop.PolicyKit1.Authority.AuthenticationAgentResponse2">AuthenticationAgentResponse2() method on the org.freedesktop.PolicyKit1.Authority - interface of the PolicyKit daemon before returning. + interface of the PolicyKit daemon before returning. This is normally + achieved via the PolkitAgentSession + API, which invokes a private setuid helper process to verify the + authentication. The authentication agent should not return until after authentication is complete. diff --git a/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml b/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml index e66bf534..f2eed639 100644 --- a/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml +++ b/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml @@ -42,7 +42,7 @@ Structure TemporaryAuth IN String object_path) AuthenticationAgentResponse (IN String cookie, IN Identity identity) -AuthenticationAgentResponse2 (IN uint32 uid, IN String cookie, +AuthenticationAgentResponse2 (IN uint32 uid, IN String cookie, IN Identity identity) EnumerateTemporaryAuthorizations (IN Subject subject, OUT Array<TemporaryAuthorization> temporary_authorizations) @@ -701,7 +701,7 @@ RegisterAuthenticationAgent (IN Subject< IN String object_path) -Register an authentication agent.Note that current versions of PolicyKit will only work if session_id is set to the empty string. In the future it might work for non-empty strings if the caller is sufficiently privileged. +Register an authentication agent.Note that this should be called by same effective UID which will be passed to AuthenticationAgentResponse2(). @@ -781,7 +781,8 @@ AuthenticationAgentResponse (IN String cookie, Method for authentication agents to invoke on successful authentication, intended only for use by a privileged helper process -internal to polkit. Deprecated in favor of AuthenticationAgentResponse2. +internal to polkit. This method will fail unless a sufficiently privileged ++caller invokes it. Deprecated in favor of AuthenticationAgentResponse2(). @@ -812,7 +813,10 @@ AuthenticationAgentResponse2 (IN uint32 uid, Method for authentication agents to invoke on successful authentication, intended only for use by a privileged helper process -internal to polkit. Note this method was introduced in 0.114 to fix a security issue. +internal to polkit. This method will fail unless a sufficiently privileged +caller invokes it. Note this method was introduced in 0.114 and should be +preferred over AuthenticationAgentResponse() +as it fixes a security issue. diff --git a/docs/polkit/overview.xml b/docs/polkit/overview.xml index c29d8da2..8ddb34cc 100644 --- a/docs/polkit/overview.xml +++ b/docs/polkit/overview.xml @@ -73,11 +73,11 @@ linkend="eggdbus-interface-org.freedesktop.PolicyKit1.AuthenticationAgent">org.freedesktop.PolicyKit1.AuthenticationAgent D-Bus interface. Once the user is authenticated, (a privileged part of) the agent invokes the AuthenticationAgentResponse() + linkend="eggdbus-method-org.freedesktop.PolicyKit1.Authority.AuthenticationAgentResponse2">AuthenticationAgentResponse2() method. This method should be treated as an internal - implementation detail, and callers should use the public shared - library API to invoke it, which currently uses a setuid helper - program. + implementation detail, and callers should use the + PolkitAgentSession API to invoke + it, which currently uses a setuid helper program. The libpolkit-agent-1 diff --git a/src/polkit/polkitauthority.c b/src/polkit/polkitauthority.c index f45abc4a..4e882e64 100644 --- a/src/polkit/polkitauthority.c +++ b/src/polkit/polkitauthority.c @@ -1038,6 +1038,10 @@ polkit_authority_check_authorization_sync (PolkitAuthority *author * * Asynchronously registers an authentication agent. * + * Note that this should be called by the same effective UID which will be + * the real UID using the #PolkitAgentSession API or otherwise calling + * polkit_authority_authentication_agent_response(). + * * When the operation is finished, @callback will be invoked in the * thread-default * main loop of the thread you are calling this method @@ -1129,7 +1133,13 @@ polkit_authority_register_authentication_agent_finish (PolkitAuthority *authorit * @cancellable: (allow-none): A #GCancellable or %NULL. * @error: (allow-none): Return location for error or %NULL. * - * Registers an authentication agent. The calling thread is blocked + * Registers an authentication agent. + * + * Note that this should be called by the same effective UID which will be + * the real UID using the #PolkitAgentSession API or otherwise calling + * polkit_authority_authentication_agent_response(). + * + * The calling thread is blocked * until a reply is received. See * polkit_authority_register_authentication_agent() for the * asynchronous version. @@ -1178,6 +1188,10 @@ polkit_authority_register_authentication_agent_sync (PolkitAuthority *author * * Asynchronously registers an authentication agent. * + * Note that this should be called by the same effective UID which will be + * the real UID using the #PolkitAgentSession API or otherwise calling + * polkit_authority_authentication_agent_response(). + * * When the operation is finished, @callback will be invoked in the * thread-default * main loop of the thread you are calling this method @@ -1292,7 +1306,13 @@ polkit_authority_register_authentication_agent_with_options_finish (PolkitAuthor * @cancellable: (allow-none): A #GCancellable or %NULL. * @error: (allow-none): Return location for error or %NULL. * - * Registers an authentication agent. The calling thread is blocked + * Registers an authentication agent. + * + * Note that this should be called by the same effective UID which will be + * the real UID using the #PolkitAgentSession API or otherwise calling + * polkit_authority_authentication_agent_response(). + * + * The calling thread is blocked * until a reply is received. See * polkit_authority_register_authentication_agent_with_options() for the * asynchronous version. diff --git a/src/polkitagent/polkitagentlistener.c b/src/polkitagent/polkitagentlistener.c index 5bddd035..2bfda2d5 100644 --- a/src/polkitagent/polkitagentlistener.c +++ b/src/polkitagent/polkitagentlistener.c @@ -37,10 +37,7 @@ * * Typically authentication agents use #PolkitAgentSession to * authenticate users (via passwords) and communicate back the - * authentication result to the PolicyKit daemon. This is however not - * requirement. Depending on the system an authentication agent may - * use other means (such as a Yes/No dialog) to obtain sufficient - * evidence that the user is one of the requested identities. + * authentication result to the PolicyKit daemon. * * To register a #PolkitAgentListener with the PolicyKit daemon, use * polkit_agent_listener_register() or diff --git a/src/polkitbackend/polkitbackendauthority.c b/src/polkitbackend/polkitbackendauthority.c index d1b1a257..10b8af34 100644 --- a/src/polkitbackend/polkitbackendauthority.c +++ b/src/polkitbackend/polkitbackendauthority.c @@ -343,6 +343,7 @@ polkit_backend_authority_unregister_authentication_agent (PolkitBackendAuthority * polkit_backend_authority_authentication_agent_response: * @authority: A #PolkitBackendAuthority. * @caller: The system bus name that initiated the query. + * @uid: The real UID of the registered agent, or (uid_t)-1 if unknown. * @cookie: The cookie passed to the authentication agent from the authority. * @identity: The identity that was authenticated. * @error: Return location for error or %NULL. -- cgit v1.2.3 From 1a977a1c036efb8da1643ff5126cefd198041b26 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Tue, 1 Jul 2014 20:00:48 +0200 Subject: Fix a per-authorization memory leak We were leaking PolkitAuthorizationResult on every request, primarily on the success path, but also on various error paths as well. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=69501 Origin: upstream, 0.113, commit:0f5852a4bdabe377ddcdbed09a0c1f95710e17fe Gbp-Pq: Topic 0.113 Gbp-Pq: Name Fix-a-per-authorization-memory-leak.patch --- src/polkitbackend/polkitbackendauthority.c | 1 + src/polkitbackend/polkitbackendinteractiveauthority.c | 5 ++++- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/src/polkitbackend/polkitbackendauthority.c b/src/polkitbackend/polkitbackendauthority.c index 10b8af34..39eb5b9d 100644 --- a/src/polkitbackend/polkitbackendauthority.c +++ b/src/polkitbackend/polkitbackendauthority.c @@ -714,6 +714,7 @@ check_auth_cb (GObject *source_object, g_variant_ref_sink (value); g_dbus_method_invocation_return_value (data->invocation, g_variant_new ("(@(bba{ss}))", value)); g_variant_unref (value); + g_object_unref (result); } check_auth_data_free (data); diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c index 5e29af2c..73d0a0e2 100644 --- a/src/polkitbackend/polkitbackendinteractiveauthority.c +++ b/src/polkitbackend/polkitbackendinteractiveauthority.c @@ -1015,7 +1015,7 @@ polkit_backend_interactive_authority_check_authorization (PolkitBackendAuthority /* Otherwise just return the result */ g_simple_async_result_set_op_res_gpointer (simple, - result, + g_object_ref (result), g_object_unref); g_simple_async_result_complete (simple); g_object_unref (simple); @@ -1032,6 +1032,9 @@ polkit_backend_interactive_authority_check_authorization (PolkitBackendAuthority g_free (subject_str); g_free (user_of_caller_str); g_free (user_of_subject_str); + + if (result != NULL) + g_object_unref (result); } /* ---------------------------------------------------------------------------------------------------- */ -- cgit v1.2.3 From 7d5b740c674d5c53046c5944deab294e81c8aa3a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Tue, 1 Jul 2014 20:00:48 +0200 Subject: Fix a memory leak when registering an authentication agent Bug: https://bugs.freedesktop.org/show_bug.cgi?id=69501 Origin: upstream, 0.113, commit:ec039f9d7ede5b839f5511e26d5cd6ae9107cb2e Gbp-Pq: Topic 0.113 Gbp-Pq: Name Fix-a-memory-leak-when-registering-an-authentication.patch --- src/polkitbackend/polkitbackendauthority.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/polkitbackend/polkitbackendauthority.c b/src/polkitbackend/polkitbackendauthority.c index 39eb5b9d..afe5b90c 100644 --- a/src/polkitbackend/polkitbackendauthority.c +++ b/src/polkitbackend/polkitbackendauthority.c @@ -900,6 +900,7 @@ server_handle_register_authentication_agent (Server *server, g_dbus_method_invocation_return_value (invocation, g_variant_new ("()")); out: + g_variant_unref (subject_gvariant); if (subject != NULL) g_object_unref (subject); } -- cgit v1.2.3 From fb0769d6ca142f4da65a93cee324526efe6d0f99 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Wed, 1 Apr 2015 05:22:37 +0200 Subject: CVE-2015-3255 Fix GHashTable usage. Don't assume that the hash table with free both the key and the value at the same time, supply proper deallocation functions for the key and value separately. Then drop ParsedAction::action_id which is no longer used for anything. https://bugs.freedesktop.org/show_bug.cgi?id=69501 and https://bugs.freedesktop.org/show_bug.cgi?id=83590 CVE: CVE-2015-3255 Origin: upstream, 0.113, commit:9f5e0c731784003bd4d6fc75ab739ff8b2ea269f Bug-Debian: https://bugs.debian.org/796134 Gbp-Pq: Topic 0.113 Gbp-Pq: Name CVE-2015-3255-Fix-GHashTable-usage.patch --- src/polkitbackend/polkitbackendactionpool.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/src/polkitbackend/polkitbackendactionpool.c b/src/polkitbackend/polkitbackendactionpool.c index 0af00109..b16ed2f9 100644 --- a/src/polkitbackend/polkitbackendactionpool.c +++ b/src/polkitbackend/polkitbackendactionpool.c @@ -40,7 +40,6 @@ typedef struct { - gchar *action_id; gchar *vendor_name; gchar *vendor_url; gchar *icon_name; @@ -62,7 +61,6 @@ typedef struct static void parsed_action_free (ParsedAction *action) { - g_free (action->action_id); g_free (action->vendor_name); g_free (action->vendor_url); g_free (action->icon_name); @@ -134,7 +132,7 @@ polkit_backend_action_pool_init (PolkitBackendActionPool *pool) priv->parsed_actions = g_hash_table_new_full (g_str_hash, g_str_equal, - NULL, + g_free, (GDestroyNotify) parsed_action_free); priv->parsed_files = g_hash_table_new_full (g_str_hash, @@ -988,7 +986,6 @@ _end (void *data, const char *el) icon_name = pd->global_icon_name; action = g_new0 (ParsedAction, 1); - action->action_id = g_strdup (pd->action_id); action->vendor_name = g_strdup (vendor); action->vendor_url = g_strdup (vendor_url); action->icon_name = g_strdup (icon_name); @@ -1003,7 +1000,8 @@ _end (void *data, const char *el) action->implicit_authorization_inactive = pd->implicit_authorization_inactive; action->implicit_authorization_active = pd->implicit_authorization_active; - g_hash_table_insert (priv->parsed_actions, action->action_id, action); + g_hash_table_insert (priv->parsed_actions, g_strdup (pd->action_id), + action); /* we steal these hash tables */ pd->annotations = NULL; -- cgit v1.2.3 From e930603d316384077652a5ebf974f87d0ac2d0dc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Tue, 14 Apr 2015 22:27:41 +0200 Subject: Fix use-after-free in polkitagentsession.c PolkitAgentTextListener's "completed" handler drops the last reference to the session; in fact this is explicitly recommended in the signal's documentation. So we must not access any members of session after emitting the signal. Found while dealing with https://bugs.freedesktop.org/show_bug.cgi?id=69501 Origin: upstream, 0.113, commit:efb6cd56a423ba15bb1f44ee3c4987aad5a5fd45 Gbp-Pq: Topic 0.113 Gbp-Pq: Name Fix-use-after-free-in-polkitagentsession.c.patch --- src/polkitagent/polkitagentsession.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/polkitagent/polkitagentsession.c b/src/polkitagent/polkitagentsession.c index 6a3d6bc9..46fbaf06 100644 --- a/src/polkitagent/polkitagentsession.c +++ b/src/polkitagent/polkitagentsession.c @@ -412,8 +412,9 @@ complete_session (PolkitAgentSession *session, { if (G_UNLIKELY (_show_debug ())) g_print ("PolkitAgentSession: emitting ::completed(%s)\n", result ? "TRUE" : "FALSE"); - g_signal_emit_by_name (session, "completed", result); session->have_emitted_completed = TRUE; + /* Note that the signal handler may drop the last reference to session. */ + g_signal_emit_by_name (session, "completed", result); } } -- cgit v1.2.3 From 83d51f43c1e89aa8a65917627c777843770b25d0 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Thu, 4 Jun 2015 08:41:36 -0400 Subject: README: Note to send security reports via DBus's mechanism This avoids duplicating effort. Origin: upstream, 0.113, commit:ccec766c509d16dab417582e94f43d906cefd4ae Gbp-Pq: Topic 0.113 Gbp-Pq: Name README-Note-to-send-security-reports-via-DBus-s-mech.patch --- README | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/README b/README index b0751627..07230029 100644 --- a/README +++ b/README @@ -22,6 +22,22 @@ To verify the authenticity of the compressed tarball, use this command BUGS and DEVELOPMENT ==================== -Please report bugs via the freedesktop.org bugzilla at +Please report non-security bugs via the freedesktop.org bugzilla at https://bugs.freedesktop.org/enter_bug.cgi?product=PolicyKit + +SECURITY ISSUES +=============== + +polkit uses the same mechanism for reporting security issues as dbus, +the most recent copy of instructions can be found in the DBus git +repository: + +http://cgit.freedesktop.org/dbus/dbus/tree/HACKING + +A copy of the instructions as of 2015-06-04: + +If you find a security vulnerability that is not known to the public, +please report it privately to dbus-security@lists.freedesktop.org +or by reporting a freedesktop.org bug that is marked as +restricted to the "D-BUS security group". -- cgit v1.2.3 From cf950e7ed7fa0464f2f89a9ca4eeeb2db1b74af0 Mon Sep 17 00:00:00 2001 From: Dariusz Gadomski Date: Tue, 10 Nov 2015 10:52:02 +0100 Subject: Fix multi-line pam text info. There are pam modules (e.g. pam_vas) that may attempt to display multi-line PAM_TEXT_INFO messages. Polkit was interpreting the lines after the first one as a separate message that was not recognized causing the authorization to fail. Escaping these strings and unescaping them fixes the issue. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=92886 Origin: upstream, 0.114, commit:10597322eccc320f9053821750ae9af51e918d74 Gbp-Pq: Topic 0.114 Gbp-Pq: Name Fix-multi-line-pam-text-info.patch --- src/polkitagent/polkitagenthelper-pam.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/src/polkitagent/polkitagenthelper-pam.c b/src/polkitagent/polkitagenthelper-pam.c index 19062aa8..063d656d 100644 --- a/src/polkitagent/polkitagenthelper-pam.c +++ b/src/polkitagent/polkitagenthelper-pam.c @@ -302,10 +302,15 @@ conversation_function (int n, const struct pam_message **msg, struct pam_respons case PAM_TEXT_INFO: fprintf (stdout, "PAM_TEXT_INFO "); conv2: - fputs (msg[i]->msg, stdout); - if (strlen (msg[i]->msg) > 0 && - msg[i]->msg[strlen (msg[i]->msg) - 1] != '\n') - fputc ('\n', stdout); + tmp = g_strdup (msg[i]->msg); + len = strlen (tmp); + if (len > 0 && tmp[len - 1] == '\n') + tmp[len - 1] = '\0'; + escaped = g_strescape (tmp, NULL); + g_free (tmp); + fputs (escaped, stdout); + g_free (escaped); + fputc ('\n', stdout); fflush (stdout); break; -- cgit v1.2.3 From 0d2a0f217ed196d7f94051b35dfda9a09df3109d Mon Sep 17 00:00:00 2001 From: Dariusz Gadomski Date: Thu, 12 Nov 2015 15:01:19 +0100 Subject: Refactor send_to_helper usage There were duplicated pieces of code detecting EOLs and escaping the code. Those actions has been delegated to already-existing send_to_helper function. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=92886 Origin: upstream, 0.114, commit:2690cd0312b310946c86674c8dd1f55c63f7dd6a Gbp-Pq: Topic 0.114 Gbp-Pq: Name Refactor-send_to_helper-usage.patch --- src/polkitagent/polkitagenthelper-pam.c | 81 +++++++++++---------------------- 1 file changed, 26 insertions(+), 55 deletions(-) diff --git a/src/polkitagent/polkitagenthelper-pam.c b/src/polkitagent/polkitagenthelper-pam.c index 063d656d..3ea3a3f2 100644 --- a/src/polkitagent/polkitagenthelper-pam.c +++ b/src/polkitagent/polkitagenthelper-pam.c @@ -39,25 +39,35 @@ static void send_to_helper (const gchar *str1, const gchar *str2) { + char *escaped; + char *tmp2; + size_t len2; + + tmp2 = g_strdup(str2); + len2 = strlen(tmp2); #ifdef PAH_DEBUG - fprintf (stderr, "polkit-agent-helper-1: writing `%s' to stdout\n", str1); + fprintf (stderr, "polkit-agent-helper-1: writing `%s ' to stdout\n", str1); #endif /* PAH_DEBUG */ - fprintf (stdout, "%s", str1); + fprintf (stdout, "%s ", str1); + + if (len2 > 0 && tmp2[len2 - 1] == '\n') + tmp2[len2 - 1] = '\0'; + escaped = g_strescape (tmp2, NULL); #ifdef PAH_DEBUG - fprintf (stderr, "polkit-agent-helper-1: writing `%s' to stdout\n", str2); + fprintf (stderr, "polkit-agent-helper-1: writing `%s' to stdout\n", escaped); #endif /* PAH_DEBUG */ - fprintf (stdout, "%s", str2); - if (strlen (str2) > 0 && str2[strlen (str2) - 1] != '\n') - { + fprintf (stdout, "%s", escaped); #ifdef PAH_DEBUG - fprintf (stderr, "polkit-agent-helper-1: writing newline to stdout\n"); + fprintf (stderr, "polkit-agent-helper-1: writing newline to stdout\n"); #endif /* PAH_DEBUG */ - fputc ('\n', stdout); - } + fputc ('\n', stdout); #ifdef PAH_DEBUG fprintf (stderr, "polkit-agent-helper-1: flushing stdout\n"); #endif /* PAH_DEBUG */ fflush (stdout); + + g_free (escaped); + g_free (tmp2); } int @@ -89,7 +99,7 @@ main (int argc, char *argv[]) /* Special-case a very common error triggered in jhbuild setups */ s = g_strdup_printf ("Incorrect permissions on %s (needs to be setuid root)", argv[0]); - send_to_helper ("PAM_ERROR_MSG ", s); + send_to_helper ("PAM_ERROR_MSG", s); g_free (s); goto error; } @@ -232,9 +242,6 @@ conversation_function (int n, const struct pam_message **msg, struct pam_respons struct pam_response *aresp; char buf[PAM_MAX_RESP_SIZE]; int i; - gchar *escaped = NULL; - gchar *tmp = NULL; - size_t len; (void)data; if (n <= 0 || n > PAM_MAX_NUM_MSG) @@ -251,38 +258,13 @@ conversation_function (int n, const struct pam_message **msg, struct pam_respons { case PAM_PROMPT_ECHO_OFF: -#ifdef PAH_DEBUG - fprintf (stderr, "polkit-agent-helper-1: writing `PAM_PROMPT_ECHO_OFF ' to stdout\n"); -#endif /* PAH_DEBUG */ - fprintf (stdout, "PAM_PROMPT_ECHO_OFF "); + send_to_helper ("PAM_PROMPT_ECHO_OFF", msg[i]->msg); goto conv1; case PAM_PROMPT_ECHO_ON: -#ifdef PAH_DEBUG - fprintf (stderr, "polkit-agent-helper-1: writing `PAM_PROMPT_ECHO_ON ' to stdout\n"); -#endif /* PAH_DEBUG */ - fprintf (stdout, "PAM_PROMPT_ECHO_ON "); - conv1: -#ifdef PAH_DEBUG - fprintf (stderr, "polkit-agent-helper-1: writing `%s' to stdout\n", msg[i]->msg); -#endif /* PAH_DEBUG */ - tmp = g_strdup (msg[i]->msg); - len = strlen (tmp); - if (len > 0 && tmp[len - 1] == '\n') - tmp[len - 1] = '\0'; - escaped = g_strescape (tmp, NULL); - g_free (tmp); - fputs (escaped, stdout); - g_free (escaped); -#ifdef PAH_DEBUG - fprintf (stderr, "polkit-agent-helper-1: writing newline to stdout\n"); -#endif /* PAH_DEBUG */ - fputc ('\n', stdout); -#ifdef PAH_DEBUG - fprintf (stderr, "polkit-agent-helper-1: flushing stdout\n"); -#endif /* PAH_DEBUG */ - fflush (stdout); + send_to_helper ("PAM_PROMPT_ECHO_ON", msg[i]->msg); + conv1: if (fgets (buf, sizeof buf, stdin) == NULL) goto error; @@ -296,22 +278,11 @@ conversation_function (int n, const struct pam_message **msg, struct pam_respons break; case PAM_ERROR_MSG: - fprintf (stdout, "PAM_ERROR_MSG "); - goto conv2; + send_to_helper ("PAM_ERROR_MSG", msg[i]->msg); + break; case PAM_TEXT_INFO: - fprintf (stdout, "PAM_TEXT_INFO "); - conv2: - tmp = g_strdup (msg[i]->msg); - len = strlen (tmp); - if (len > 0 && tmp[len - 1] == '\n') - tmp[len - 1] = '\0'; - escaped = g_strescape (tmp, NULL); - g_free (tmp); - fputs (escaped, stdout); - g_free (escaped); - fputc ('\n', stdout); - fflush (stdout); + send_to_helper ("PAM_TEXT_INFO", msg[i]->msg); break; default: -- cgit v1.2.3 From 51578cc7b50e5eeb2cf93ac0694dd318b6b3e7ca Mon Sep 17 00:00:00 2001 From: Matthias Clasen Date: Fri, 15 Jul 2016 11:12:35 -0400 Subject: Add gettext support for .policy files gettext can extract strings from and merge them back into xml file formats, with the help of .its files. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=96940 Origin: upstream, 0.114, commit:c78819245ff8a270f97c9f800773e727918be838 Gbp-Pq: Topic 0.114 Gbp-Pq: Name Add-gettext-support-for-.policy-files.patch --- data/Makefile.am | 5 +++++ data/polkit.its | 7 +++++++ data/polkit.loc | 6 ++++++ 3 files changed, 18 insertions(+) create mode 100644 data/polkit.its create mode 100644 data/polkit.loc diff --git a/data/Makefile.am b/data/Makefile.am index f0beeba4..e1a60aad 100644 --- a/data/Makefile.am +++ b/data/Makefile.am @@ -20,6 +20,11 @@ endif pkgconfigdir = $(libdir)/pkgconfig pkgconfig_DATA = polkit-gobject-1.pc polkit-backend-1.pc polkit-agent-1.pc +# ---------------------------------------------------------------------------------------------------- + +itsdir = $(datadir)/gettext/its +its_DATA = polkit.loc polkit.its + CLEANFILES = $(BUILT_SOURCES) EXTRA_DIST = \ diff --git a/data/polkit.its b/data/polkit.its new file mode 100644 index 00000000..1312ecbe --- /dev/null +++ b/data/polkit.its @@ -0,0 +1,7 @@ + + + + diff --git a/data/polkit.loc b/data/polkit.loc new file mode 100644 index 00000000..c7427ec6 --- /dev/null +++ b/data/polkit.loc @@ -0,0 +1,6 @@ + + + + + + -- cgit v1.2.3 From 13500bb7406fa70039629f7599383d1ee7caf2c3 Mon Sep 17 00:00:00 2001 From: Peter Hutterer Date: Thu, 20 Oct 2016 10:50:58 +1000 Subject: gettext: switch to default-translate "no" The default appears to be to translate all entries. This rule never takes effect, the path to /action/message and /action/description is wrong (/action is not a root node). Since we wanted them to be translated, it doesn't matter. But it also translates all other tags (vendor, allow_any, etc.) and that causes polkit to be unhappy, it can't handle the various language versions of "no" ** (polkitd:27434): WARNING **: Unknown PolkitImplicitAuthorization string 'tidak' Switch to a default of "no" and explicitly include the message and description strings to be translated. The patch was modified for PolicyKit by Ondrej Holy . Bug: https://bugs.freedesktop.org/show_bug.cgi?id=98366 Origin: upstream, 0.114, commit:32e9a69c335324a53a2c0ba4e0b513fb044be0fd Gbp-Pq: Topic 0.114 Gbp-Pq: Name gettext-switch-to-default-translate-no.patch --- data/polkit.its | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/data/polkit.its b/data/polkit.its index 1312ecbe..1c37e6be 100644 --- a/data/polkit.its +++ b/data/polkit.its @@ -1,7 +1,8 @@ - + -- cgit v1.2.3 From 074ee71c479a16c0f6696129672716aff7f7ea64 Mon Sep 17 00:00:00 2001 From: Sebastien Bacher Date: Mon, 2 Apr 2018 10:52:47 -0400 Subject: Support polkit session agent running outside user session commit a68f5dfd7662767b7b9822090b70bc5bd145c50c made session applications that are running from a user bus work with polkitd, by falling back to using the currently active session. This commit is similar, but for the polkit agent. It allows, a polkit agent to be run from a systemd --user service that's not running directly in the users session. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=96977 Applied-upstream: 0.114, commit:00a663e3fb14d8023e7cb6a66d091872bf4f2851 Gbp-Pq: Topic 0.114 Gbp-Pq: Name Support-polkit-session-agent-running-outside-user-session.patch --- src/polkit/polkitunixsession-systemd.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/src/polkit/polkitunixsession-systemd.c b/src/polkit/polkitunixsession-systemd.c index 8a8bf65b..c34f36a9 100644 --- a/src/polkit/polkitunixsession-systemd.c +++ b/src/polkit/polkitunixsession-systemd.c @@ -451,6 +451,7 @@ polkit_unix_session_initable_init (GInitable *initable, PolkitUnixSession *session = POLKIT_UNIX_SESSION (initable); gboolean ret = FALSE; char *s; + uid_t uid; if (session->session_id != NULL) { @@ -467,6 +468,19 @@ polkit_unix_session_initable_init (GInitable *initable, goto out; } + /* Now do process -> uid -> graphical session (systemd version 213)*/ + if (sd_pid_get_owner_uid (session->pid, &uid) < 0) + goto error; + + if (sd_uid_get_display (uid, &s) >= 0) + { + session->session_id = g_strdup (s); + free (s); + ret = TRUE; + goto out; + } + +error: g_set_error (error, POLKIT_ERROR, POLKIT_ERROR_FAILED, -- cgit v1.2.3 From a164a4a362ae4c50d9736eed2a59081c6076aa4b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Mon, 25 Jun 2018 19:24:06 +0200 Subject: Fix CVE-2018-1116: Trusting client-supplied UID MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit As part of CVE-2013-4288, the D-Bus clients were allowed (and encouraged) to submit the UID of the subject of authorization checks to avoid races against UID changes (notably using executables set-UID to root). However, that also allowed any client to submit an arbitrary UID, and that could be used to bypass "can only ask about / affect the same UID" checks in CheckAuthorization / RegisterAuthenticationAgent / UnregisterAuthenticationAgent. This allowed an attacker: - With CheckAuthorization, to cause the registered authentication agent in victim's session to pop up a dialog, or to determine whether the victim currently has a temporary authorization to perform an operation. (In principle, the attacker can also determine whether JavaScript rules allow the victim process to perform an operation; however, usually rules base their decisions on information determined from the supplied UID, so the attacker usually won't learn anything new.) - With RegisterAuthenticationAgent, to prevent the victim's authentication agent to work (for a specific victim process), or to learn about which operations requiring authorization the victim is attempting. To fix this, expose internal _polkit_unix_process_get_owner() / obsolete polkit_unix_process_get_owner() as a private polkit_unix_process_get_racy_uid__() (being more explicit about the dangers on relying on it), and use it in polkit_backend_session_monitor_get_user_for_subject() to return a boolean indicating whether the subject UID may be caller-chosen. Then, in the permission checks that require the subject to be equal to the caller, fail on caller-chosen UIDs (and continue through the pre-existing code paths which allow root, or root-designated server processes, to ask about arbitrary subjects.) Signed-off-by: Miloslav Trmač Origin: upstream, 0.115, commit:bc7ffad53643a9c80231fc41f5582d6a8931c32c Gbp-Pq: Topic 0.115 Gbp-Pq: Name Fix-CVE-2018-1116-Trusting-client-supplied-UID.patch --- src/polkit/polkitprivate.h | 2 + src/polkit/polkitunixprocess.c | 60 ++++++++++++++++++---- .../polkitbackendinteractiveauthority.c | 39 +++++++++----- .../polkitbackendsessionmonitor-systemd.c | 38 ++++++++++++-- src/polkitbackend/polkitbackendsessionmonitor.c | 40 +++++++++++++-- src/polkitbackend/polkitbackendsessionmonitor.h | 1 + 6 files changed, 147 insertions(+), 33 deletions(-) diff --git a/src/polkit/polkitprivate.h b/src/polkit/polkitprivate.h index 7f5c4634..6274bc90 100644 --- a/src/polkit/polkitprivate.h +++ b/src/polkit/polkitprivate.h @@ -44,6 +44,8 @@ GVariant *polkit_action_description_to_gvariant (PolkitActionDescription *action GVariant *polkit_subject_to_gvariant (PolkitSubject *subject); GVariant *polkit_identity_to_gvariant (PolkitIdentity *identity); +gint polkit_unix_process_get_racy_uid__ (PolkitUnixProcess *process, GError **error); + PolkitSubject *polkit_subject_new_for_gvariant (GVariant *variant, GError **error); PolkitIdentity *polkit_identity_new_for_gvariant (GVariant *variant, GError **error); diff --git a/src/polkit/polkitunixprocess.c b/src/polkit/polkitunixprocess.c index 913be3ac..464f034c 100644 --- a/src/polkit/polkitunixprocess.c +++ b/src/polkit/polkitunixprocess.c @@ -49,6 +49,14 @@ * To uniquely identify processes, both the process id and the start * time of the process (a monotonic increasing value representing the * time since the kernel was started) is used. + * + * NOTE: This object stores, and provides access to, the real UID of the + * process. That value can change over time (with set*uid*(2) and exec*(2)). + * Checks whether an operation is allowed need to take care to use the UID + * value as of the time when the operation was made (or, following the open() + * privilege check model, when the connection making the operation possible + * was initiated). That is usually done by initializing this with + * polkit_unix_process_new_for_owner() with trusted data. */ /** @@ -83,9 +91,6 @@ static void subject_iface_init (PolkitSubjectIface *subject_iface); static guint64 get_start_time_for_pid (gint pid, GError **error); -static gint _polkit_unix_process_get_owner (PolkitUnixProcess *process, - GError **error); - #ifdef HAVE_FREEBSD static gboolean get_kinfo_proc (gint pid, struct kinfo_proc *p); #endif @@ -170,7 +175,7 @@ polkit_unix_process_constructed (GObject *object) { GError *error; error = NULL; - process->uid = _polkit_unix_process_get_owner (process, &error); + process->uid = polkit_unix_process_get_racy_uid__ (process, &error); if (error != NULL) { process->uid = -1; @@ -259,6 +264,12 @@ polkit_unix_process_class_init (PolkitUnixProcessClass *klass) * Gets the user id for @process. Note that this is the real user-id, * not the effective user-id. * + * NOTE: The UID may change over time, so the returned value may not match the + * current state of the underlying process; or the UID may have been set by + * polkit_unix_process_new_for_owner() or polkit_unix_process_set_uid(), + * in which case it may not correspond to the actual UID of the referenced + * process at all (at any point in time). + * * Returns: The user id for @process or -1 if unknown. */ gint @@ -655,18 +666,26 @@ out: return start_time; } -static gint -_polkit_unix_process_get_owner (PolkitUnixProcess *process, - GError **error) +/* + * Private: Return the "current" UID. Note that this is inherently racy, + * and the value may already be obsolete by the time this function returns; + * this function only guarantees that the UID was valid at some point during + * its execution. + */ +gint +polkit_unix_process_get_racy_uid__ (PolkitUnixProcess *process, + GError **error) { gint result; gchar *contents; gchar **lines; + guint64 start_time; #ifdef HAVE_FREEBSD struct kinfo_proc p; #else gchar filename[64]; guint n; + GError *local_error; #endif g_return_val_if_fail (POLKIT_IS_UNIX_PROCESS (process), 0); @@ -689,6 +708,7 @@ _polkit_unix_process_get_owner (PolkitUnixProcess *process, } result = p.ki_uid; + start_time = (guint64) p.ki_start.tv_sec; #else /* see 'man proc' for layout of the status file @@ -722,17 +742,37 @@ _polkit_unix_process_get_owner (PolkitUnixProcess *process, else { result = real_uid; - goto out; + goto found; } } - g_set_error (error, POLKIT_ERROR, POLKIT_ERROR_FAILED, "Didn't find any line starting with `Uid:' in file %s", filename); + goto out; + +found: + /* The UID and start time are, sadly, not available in a single file. So, + * read the UID first, and then the start time; if the start time is the same + * before and after reading the UID, it couldn't have changed. + */ + local_error = NULL; + start_time = get_start_time_for_pid (process->pid, &local_error); + if (local_error != NULL) + { + g_propagate_error (error, local_error); + goto out; + } #endif + if (process->start_time != start_time) + { + g_set_error (error, POLKIT_ERROR, POLKIT_ERROR_FAILED, + "process with PID %d has been replaced", process->pid); + goto out; + } + out: g_strfreev (lines); g_free (contents); @@ -744,5 +784,5 @@ gint polkit_unix_process_get_owner (PolkitUnixProcess *process, GError **error) { - return _polkit_unix_process_get_owner (process, error); + return polkit_unix_process_get_racy_uid__ (process, error); } diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c index 73d0a0e2..97a8d800 100644 --- a/src/polkitbackend/polkitbackendinteractiveauthority.c +++ b/src/polkitbackend/polkitbackendinteractiveauthority.c @@ -563,7 +563,7 @@ log_result (PolkitBackendInteractiveAuthority *authority, if (polkit_authorization_result_get_is_authorized (result)) log_result_str = "ALLOWING"; - user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, subject, NULL); + user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, subject, NULL, NULL); subject_str = polkit_subject_to_string (subject); @@ -837,6 +837,7 @@ polkit_backend_interactive_authority_check_authorization (PolkitBackendAuthority gchar *subject_str; PolkitIdentity *user_of_caller; PolkitIdentity *user_of_subject; + gboolean user_of_subject_matches; gchar *user_of_caller_str; gchar *user_of_subject_str; PolkitAuthorizationResult *result; @@ -882,7 +883,7 @@ polkit_backend_interactive_authority_check_authorization (PolkitBackendAuthority action_id); user_of_caller = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, - caller, + caller, NULL, &error); if (error != NULL) { @@ -897,7 +898,7 @@ polkit_backend_interactive_authority_check_authorization (PolkitBackendAuthority g_debug (" user of caller is %s", user_of_caller_str); user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, - subject, + subject, &user_of_subject_matches, &error); if (error != NULL) { @@ -927,7 +928,10 @@ polkit_backend_interactive_authority_check_authorization (PolkitBackendAuthority * We only allow this if, and only if, * * - processes may check for another process owned by the *same* user but not - * if details are passed (otherwise you'd be able to spoof the dialog) + * if details are passed (otherwise you'd be able to spoof the dialog); + * the caller supplies the user_of_subject value, so we additionally + * require it to match at least at one point in time (via + * user_of_subject_matches). * * - processes running as uid 0 may check anything and pass any details * @@ -935,7 +939,9 @@ polkit_backend_interactive_authority_check_authorization (PolkitBackendAuthority * then any uid referenced by that annotation is also allowed to check * to check anything and pass any details */ - if (!polkit_identity_equal (user_of_caller, user_of_subject) || has_details) + if (!user_of_subject_matches + || !polkit_identity_equal (user_of_caller, user_of_subject) + || has_details) { if (!may_identity_check_authorization (interactive_authority, action_id, user_of_caller)) { @@ -1102,9 +1108,10 @@ check_authorization_sync (PolkitBackendAuthority *authority, goto out; } - /* every subject has a user */ + /* every subject has a user; this is supplied by the client, so we rely + * on the caller to validate its acceptability. */ user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, - subject, + subject, NULL, error); if (user_of_subject == NULL) goto out; @@ -2319,6 +2326,7 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken PolkitSubject *session_for_caller; PolkitIdentity *user_of_caller; PolkitIdentity *user_of_subject; + gboolean user_of_subject_matches; AuthenticationAgent *agent; gboolean ret; gchar *caller_cmdline; @@ -2371,7 +2379,7 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken goto out; } - user_of_caller = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, caller, NULL); + user_of_caller = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, caller, NULL, NULL); if (user_of_caller == NULL) { g_set_error (error, @@ -2380,7 +2388,7 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken "Cannot determine user of caller"); goto out; } - user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, subject, NULL); + user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, subject, &user_of_subject_matches, NULL); if (user_of_subject == NULL) { g_set_error (error, @@ -2389,7 +2397,8 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken "Cannot determine user of subject"); goto out; } - if (!polkit_identity_equal (user_of_caller, user_of_subject)) + if (!user_of_subject_matches + || !polkit_identity_equal (user_of_caller, user_of_subject)) { if (POLKIT_IS_UNIX_USER (user_of_caller) && polkit_unix_user_get_uid (POLKIT_UNIX_USER (user_of_caller)) == 0) { @@ -2482,6 +2491,7 @@ polkit_backend_interactive_authority_unregister_authentication_agent (PolkitBack PolkitSubject *session_for_caller; PolkitIdentity *user_of_caller; PolkitIdentity *user_of_subject; + gboolean user_of_subject_matches; AuthenticationAgent *agent; gboolean ret; gchar *scope_str; @@ -2530,7 +2540,7 @@ polkit_backend_interactive_authority_unregister_authentication_agent (PolkitBack goto out; } - user_of_caller = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, caller, NULL); + user_of_caller = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, caller, NULL, NULL); if (user_of_caller == NULL) { g_set_error (error, @@ -2539,7 +2549,7 @@ polkit_backend_interactive_authority_unregister_authentication_agent (PolkitBack "Cannot determine user of caller"); goto out; } - user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, subject, NULL); + user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, subject, &user_of_subject_matches, NULL); if (user_of_subject == NULL) { g_set_error (error, @@ -2548,7 +2558,8 @@ polkit_backend_interactive_authority_unregister_authentication_agent (PolkitBack "Cannot determine user of subject"); goto out; } - if (!polkit_identity_equal (user_of_caller, user_of_subject)) + if (!user_of_subject_matches + || !polkit_identity_equal (user_of_caller, user_of_subject)) { if (POLKIT_IS_UNIX_USER (user_of_caller) && polkit_unix_user_get_uid (POLKIT_UNIX_USER (user_of_caller)) == 0) { @@ -2658,7 +2669,7 @@ polkit_backend_interactive_authority_authentication_agent_response (PolkitBacken identity_str); user_of_caller = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, - caller, + caller, NULL, error); if (user_of_caller == NULL) goto out; diff --git a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c index 6bd517ab..773256e3 100644 --- a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c +++ b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c @@ -29,6 +29,7 @@ #include #include +#include #include "polkitbackendsessionmonitor.h" /* @@ -246,26 +247,40 @@ polkit_backend_session_monitor_get_sessions (PolkitBackendSessionMonitor *monito * polkit_backend_session_monitor_get_user: * @monitor: A #PolkitBackendSessionMonitor. * @subject: A #PolkitSubject. + * @result_matches: If not %NULL, set to indicate whether the return value matches current (RACY) state. * @error: Return location for error. * * Gets the user corresponding to @subject or %NULL if no user exists. * + * NOTE: For a #PolkitUnixProcess, the UID is read from @subject (which may + * come from e.g. a D-Bus client), so it may not correspond to the actual UID + * of the referenced process (at any point in time). This is indicated by + * setting @result_matches to %FALSE; the caller may reject such subjects or + * require additional privileges. @result_matches == %TRUE only indicates that + * the UID matched the underlying process at ONE point in time, it may not match + * later. + * * Returns: %NULL if @error is set otherwise a #PolkitUnixUser that should be freed with g_object_unref(). */ PolkitIdentity * polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor *monitor, PolkitSubject *subject, + gboolean *result_matches, GError **error) { PolkitIdentity *ret; - guint32 uid; + gboolean matches; ret = NULL; + matches = FALSE; if (POLKIT_IS_UNIX_PROCESS (subject)) { - uid = polkit_unix_process_get_uid (POLKIT_UNIX_PROCESS (subject)); - if ((gint) uid == -1) + gint subject_uid, current_uid; + GError *local_error; + + subject_uid = polkit_unix_process_get_uid (POLKIT_UNIX_PROCESS (subject)); + if (subject_uid == -1) { g_set_error (error, POLKIT_ERROR, @@ -273,14 +288,24 @@ polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor "Unix process subject does not have uid set"); goto out; } - ret = polkit_unix_user_new (uid); + local_error = NULL; + current_uid = polkit_unix_process_get_racy_uid__ (POLKIT_UNIX_PROCESS (subject), &local_error); + if (local_error != NULL) + { + g_propagate_error (error, local_error); + goto out; + } + ret = polkit_unix_user_new (subject_uid); + matches = (subject_uid == current_uid); } else if (POLKIT_IS_SYSTEM_BUS_NAME (subject)) { ret = (PolkitIdentity*)polkit_system_bus_name_get_user_sync (POLKIT_SYSTEM_BUS_NAME (subject), NULL, error); + matches = TRUE; } else if (POLKIT_IS_UNIX_SESSION (subject)) { + uid_t uid; if (sd_session_get_uid (polkit_unix_session_get_session_id (POLKIT_UNIX_SESSION (subject)), &uid) < 0) { @@ -292,9 +317,14 @@ polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor } ret = polkit_unix_user_new (uid); + matches = TRUE; } out: + if (result_matches != NULL) + { + *result_matches = matches; + } return ret; } diff --git a/src/polkitbackend/polkitbackendsessionmonitor.c b/src/polkitbackend/polkitbackendsessionmonitor.c index e1a9ab3a..ed307559 100644 --- a/src/polkitbackend/polkitbackendsessionmonitor.c +++ b/src/polkitbackend/polkitbackendsessionmonitor.c @@ -27,6 +27,7 @@ #include #include +#include #include "polkitbackendsessionmonitor.h" #define CKDB_PATH "/var/run/ConsoleKit/database" @@ -273,28 +274,40 @@ polkit_backend_session_monitor_get_sessions (PolkitBackendSessionMonitor *monito * polkit_backend_session_monitor_get_user: * @monitor: A #PolkitBackendSessionMonitor. * @subject: A #PolkitSubject. + * @result_matches: If not %NULL, set to indicate whether the return value matches current (RACY) state. * @error: Return location for error. * * Gets the user corresponding to @subject or %NULL if no user exists. * + * NOTE: For a #PolkitUnixProcess, the UID is read from @subject (which may + * come from e.g. a D-Bus client), so it may not correspond to the actual UID + * of the referenced process (at any point in time). This is indicated by + * setting @result_matches to %FALSE; the caller may reject such subjects or + * require additional privileges. @result_matches == %TRUE only indicates that + * the UID matched the underlying process at ONE point in time, it may not match + * later. + * * Returns: %NULL if @error is set otherwise a #PolkitUnixUser that should be freed with g_object_unref(). */ PolkitIdentity * polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor *monitor, PolkitSubject *subject, + gboolean *result_matches, GError **error) { PolkitIdentity *ret; + gboolean matches; GError *local_error; - gchar *group; - guint32 uid; ret = NULL; + matches = FALSE; if (POLKIT_IS_UNIX_PROCESS (subject)) { - uid = polkit_unix_process_get_uid (POLKIT_UNIX_PROCESS (subject)); - if ((gint) uid == -1) + gint subject_uid, current_uid; + + subject_uid = polkit_unix_process_get_uid (POLKIT_UNIX_PROCESS (subject)); + if (subject_uid == -1) { g_set_error (error, POLKIT_ERROR, @@ -302,14 +315,26 @@ polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor "Unix process subject does not have uid set"); goto out; } - ret = polkit_unix_user_new (uid); + local_error = NULL; + current_uid = polkit_unix_process_get_racy_uid__ (POLKIT_UNIX_PROCESS (subject), &local_error); + if (local_error != NULL) + { + g_propagate_error (error, local_error); + goto out; + } + ret = polkit_unix_user_new (subject_uid); + matches = (subject_uid == current_uid); } else if (POLKIT_IS_SYSTEM_BUS_NAME (subject)) { ret = (PolkitIdentity*)polkit_system_bus_name_get_user_sync (POLKIT_SYSTEM_BUS_NAME (subject), NULL, error); + matches = TRUE; } else if (POLKIT_IS_UNIX_SESSION (subject)) { + gint uid; + gchar *group; + if (!ensure_database (monitor, error)) { g_prefix_error (error, "Error getting user for session: Error ensuring CK database at " CKDB_PATH ": "); @@ -328,9 +353,14 @@ polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor g_free (group); ret = polkit_unix_user_new (uid); + matches = TRUE; } out: + if (result_matches != NULL) + { + *result_matches = matches; + } return ret; } diff --git a/src/polkitbackend/polkitbackendsessionmonitor.h b/src/polkitbackend/polkitbackendsessionmonitor.h index 8f8a2cae..3972326b 100644 --- a/src/polkitbackend/polkitbackendsessionmonitor.h +++ b/src/polkitbackend/polkitbackendsessionmonitor.h @@ -47,6 +47,7 @@ GList *polkit_backend_session_monitor_get_sessions (Polkit PolkitIdentity *polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor *monitor, PolkitSubject *subject, + gboolean *result_matches, GError **error); PolkitSubject *polkit_backend_session_monitor_get_session_for_subject (PolkitBackendSessionMonitor *monitor, -- cgit v1.2.3 From 7a5df3ae1c15f5ac2615441efe1f60b3cf4f8866 Mon Sep 17 00:00:00 2001 From: Jan Rybar Date: Thu, 9 Aug 2018 16:46:38 +0200 Subject: Possible resource leak found by static analyzer Origin: upstream, 0.116, commit:542c6ec832919df6a74e16aba574adaeebe35e08 Gbp-Pq: Topic 0.116 Gbp-Pq: Name Possible-resource-leak-found-by-static-analyzer.patch --- src/polkitagent/polkitagentlistener.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/polkitagent/polkitagentlistener.c b/src/polkitagent/polkitagentlistener.c index 2bfda2d5..00038517 100644 --- a/src/polkitagent/polkitagentlistener.c +++ b/src/polkitagent/polkitagentlistener.c @@ -440,6 +440,7 @@ polkit_agent_listener_register_with_options (PolkitAgentListener *listener, server->thread_initialization_error = NULL; g_thread_join (server->thread); server_free (server); + server = NULL; goto out; } } -- cgit v1.2.3 From dc5f2ef3c49d1df589a203ec3a0694a57b84f999 Mon Sep 17 00:00:00 2001 From: Jan Rybar Date: Wed, 15 Aug 2018 18:50:56 +0200 Subject: Elaborate message printed by polkit when disconnecting from ssh Polkit raises unnecessarily elaborate warning message when user restarts machine from ssh. This message was moved to debug mode. Origin: upstream, 0.116, commit:b1cc525ff5a50e20c9f921f898f0556e07675e58 Gbp-Pq: Topic 0.116 Gbp-Pq: Name Elaborate-message-printed-by-polkit-when-disconnecting-fr.patch --- src/polkitagent/polkitagentlistener.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/src/polkitagent/polkitagentlistener.c b/src/polkitagent/polkitagentlistener.c index 00038517..e0b7b576 100644 --- a/src/polkitagent/polkitagentlistener.c +++ b/src/polkitagent/polkitagentlistener.c @@ -177,10 +177,10 @@ on_notify_authority_owner (GObject *object, owner = polkit_authority_get_owner (server->authority); if (owner == NULL) { - g_printerr ("PolicyKit daemon disconnected from the bus.\n"); + g_debug ("PolicyKit daemon disconnected from the bus.\n"); if (server->is_registered) - g_printerr ("We are no longer a registered authentication agent.\n"); + g_debug ("We are no longer a registered authentication agent.\n"); server->is_registered = FALSE; } @@ -191,17 +191,17 @@ on_notify_authority_owner (GObject *object, { GError *error; - g_printerr ("PolicyKit daemon reconnected to bus.\n"); - g_printerr ("Attempting to re-register as an authentication agent.\n"); + g_debug ("PolicyKit daemon reconnected to bus.\n"); + g_debug ("Attempting to re-register as an authentication agent.\n"); error = NULL; if (server_register (server, &error)) { - g_printerr ("We are now a registered authentication agent.\n"); + g_debug ("We are now a registered authentication agent.\n"); } else { - g_printerr ("Failed to register as an authentication agent: %s\n", error->message); + g_debug ("Failed to register as an authentication agent: %s\n", error->message); g_error_free (error); } } -- cgit v1.2.3 From 41a1e8ba1b51e65476d719a6158633e0788398af Mon Sep 17 00:00:00 2001 From: Jan Rybar Date: Wed, 15 Aug 2018 18:56:43 +0200 Subject: Error message raised on every 'systemctl start' in emergency.target Superuser should know that polkit is not running in emergency.target. If not, basic info with debug sources is offered instead of error message. Other usecases taken into account. Origin: upstream, 0.116, commit:8c1bc8ab182f33a55503d30aa7a4ee96f822d903 Gbp-Pq: Topic 0.116 Gbp-Pq: Name Error-message-raised-on-every-systemctl-start-in-emergenc.patch --- src/programs/pkttyagent.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/programs/pkttyagent.c b/src/programs/pkttyagent.c index 488ca8b2..fe747657 100644 --- a/src/programs/pkttyagent.c +++ b/src/programs/pkttyagent.c @@ -180,7 +180,8 @@ main (int argc, char *argv[]) authority = polkit_authority_get_sync (NULL /* GCancellable* */, &error); if (authority == NULL) { - g_printerr ("Error getting authority: %s (%s, %d)\n", + g_printerr ("Authorization not available. Check if polkit service is running or see debug message for more information.\n"); + g_debug ("Error getting authority: %s (%s, %d)\n", error->message, g_quark_to_string (error->domain), error->code); g_error_free (error); ret = 127; -- cgit v1.2.3 From 6fa39f9b9212a1903ae46f241ecec1589cc11c58 Mon Sep 17 00:00:00 2001 From: Richard Hughes Date: Thu, 19 Oct 2017 13:43:22 +0100 Subject: Fix a critical warning on calling polkit_permission_new_sync with no system bus Origin: upstream, 0.116, commit:984d16e6d21c6d6b0fc28d4fe7fe82575a43c95b Gbp-Pq: Topic 0.116 Gbp-Pq: Name Fix-a-critical-warning-on-calling-polkit_permission_new_s.patch --- src/polkit/polkitpermission.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/src/polkit/polkitpermission.c b/src/polkit/polkitpermission.c index f264094d..d4b24591 100644 --- a/src/polkit/polkitpermission.c +++ b/src/polkit/polkitpermission.c @@ -137,10 +137,13 @@ polkit_permission_finalize (GObject *object) g_free (permission->tmp_authz_id); g_object_unref (permission->subject); - g_signal_handlers_disconnect_by_func (permission->authority, - on_authority_changed, - permission); - g_object_unref (permission->authority); + if (permission->authority != NULL) + { + g_signal_handlers_disconnect_by_func (permission->authority, + on_authority_changed, + permission); + g_object_unref (permission->authority); + } if (G_OBJECT_CLASS (polkit_permission_parent_class)->finalize != NULL) G_OBJECT_CLASS (polkit_permission_parent_class)->finalize (object); -- cgit v1.2.3 From af553bbcb0946bd024a28f7c5a7126c58f59179e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Mon, 3 Dec 2018 10:28:58 +0100 Subject: Allow negative uids/gids in PolkitUnixUser and Group objects (uid_t) -1 is still used as placeholder to mean "unset". This is OK, since there should be no users with such number, see https://systemd.io/UIDS-GIDS#special-linux-uids. (uid_t) -1 is used as the default value in class initialization. When a user or group above INT32_MAX is created, the numeric uid or gid wraps around to negative when the value is assigned to gint, and polkit gets confused. Let's accept such gids, except for -1. A nicer fix would be to change the underlying type to e.g. uint32 to not have negative values. But this cannot be done without breaking the API, so likely new functions will have to be added (a polkit_unix_user_new variant that takes a unsigned, and the same for _group_new, _set_uid, _get_uid, _set_gid, _get_gid, etc.). This will require a bigger patch. Fixes https://gitlab.freedesktop.org/polkit/polkit/issues/74. (cherry picked from commit 2cb40c4d5feeaa09325522bd7d97910f1b59e379) Gbp-Pq: Topic 0.116 Gbp-Pq: Name Allow-negative-uids-gids-in-PolkitUnixUser-and-Group-obje.patch --- src/polkit/polkitunixgroup.c | 15 +++++++++++---- src/polkit/polkitunixprocess.c | 12 ++++++++---- src/polkit/polkitunixuser.c | 13 ++++++++++--- 3 files changed, 29 insertions(+), 11 deletions(-) diff --git a/src/polkit/polkitunixgroup.c b/src/polkit/polkitunixgroup.c index c57a1aaa..309f6891 100644 --- a/src/polkit/polkitunixgroup.c +++ b/src/polkit/polkitunixgroup.c @@ -71,6 +71,7 @@ G_DEFINE_TYPE_WITH_CODE (PolkitUnixGroup, polkit_unix_group, G_TYPE_OBJECT, static void polkit_unix_group_init (PolkitUnixGroup *unix_group) { + unix_group->gid = -1; /* (git_t) -1 is not a valid GID under Linux */ } static void @@ -100,11 +101,14 @@ polkit_unix_group_set_property (GObject *object, GParamSpec *pspec) { PolkitUnixGroup *unix_group = POLKIT_UNIX_GROUP (object); + gint val; switch (prop_id) { case PROP_GID: - unix_group->gid = g_value_get_int (value); + val = g_value_get_int (value); + g_return_if_fail (val != -1); + unix_group->gid = val; break; default: @@ -131,9 +135,9 @@ polkit_unix_group_class_init (PolkitUnixGroupClass *klass) g_param_spec_int ("gid", "Group ID", "The UNIX group ID", - 0, + G_MININT, G_MAXINT, - 0, + -1, G_PARAM_CONSTRUCT | G_PARAM_READWRITE | G_PARAM_STATIC_NAME | @@ -166,9 +170,10 @@ polkit_unix_group_get_gid (PolkitUnixGroup *group) */ void polkit_unix_group_set_gid (PolkitUnixGroup *group, - gint gid) + gint gid) { g_return_if_fail (POLKIT_IS_UNIX_GROUP (group)); + g_return_if_fail (gid != -1); group->gid = gid; } @@ -183,6 +188,8 @@ polkit_unix_group_set_gid (PolkitUnixGroup *group, PolkitIdentity * polkit_unix_group_new (gint gid) { + g_return_val_if_fail (gid != -1, NULL); + return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_GROUP, "gid", gid, NULL)); diff --git a/src/polkit/polkitunixprocess.c b/src/polkit/polkitunixprocess.c index 464f034c..02a083f7 100644 --- a/src/polkit/polkitunixprocess.c +++ b/src/polkit/polkitunixprocess.c @@ -147,9 +147,14 @@ polkit_unix_process_set_property (GObject *object, polkit_unix_process_set_pid (unix_process, g_value_get_int (value)); break; - case PROP_UID: - polkit_unix_process_set_uid (unix_process, g_value_get_int (value)); + case PROP_UID: { + gint val; + + val = g_value_get_int (value); + g_return_if_fail (val != -1); + polkit_unix_process_set_uid (unix_process, val); break; + } case PROP_START_TIME: polkit_unix_process_set_start_time (unix_process, g_value_get_uint64 (value)); @@ -227,7 +232,7 @@ polkit_unix_process_class_init (PolkitUnixProcessClass *klass) g_param_spec_int ("uid", "User ID", "The UNIX user ID", - -1, + G_MININT, G_MAXINT, -1, G_PARAM_CONSTRUCT | @@ -291,7 +296,6 @@ polkit_unix_process_set_uid (PolkitUnixProcess *process, gint uid) { g_return_if_fail (POLKIT_IS_UNIX_PROCESS (process)); - g_return_if_fail (uid >= -1); process->uid = uid; } diff --git a/src/polkit/polkitunixuser.c b/src/polkit/polkitunixuser.c index 8bfd3a1f..234a6976 100644 --- a/src/polkit/polkitunixuser.c +++ b/src/polkit/polkitunixuser.c @@ -72,6 +72,7 @@ G_DEFINE_TYPE_WITH_CODE (PolkitUnixUser, polkit_unix_user, G_TYPE_OBJECT, static void polkit_unix_user_init (PolkitUnixUser *unix_user) { + unix_user->uid = -1; /* (uid_t) -1 is not a valid UID under Linux */ unix_user->name = NULL; } @@ -112,11 +113,14 @@ polkit_unix_user_set_property (GObject *object, GParamSpec *pspec) { PolkitUnixUser *unix_user = POLKIT_UNIX_USER (object); + gint val; switch (prop_id) { case PROP_UID: - unix_user->uid = g_value_get_int (value); + val = g_value_get_int (value); + g_return_if_fail (val != -1); + unix_user->uid = val; break; default: @@ -144,9 +148,9 @@ polkit_unix_user_class_init (PolkitUnixUserClass *klass) g_param_spec_int ("uid", "User ID", "The UNIX user ID", - 0, + G_MININT, G_MAXINT, - 0, + -1, G_PARAM_CONSTRUCT | G_PARAM_READWRITE | G_PARAM_STATIC_NAME | @@ -182,6 +186,7 @@ polkit_unix_user_set_uid (PolkitUnixUser *user, gint uid) { g_return_if_fail (POLKIT_IS_UNIX_USER (user)); + g_return_if_fail (uid != -1); user->uid = uid; } @@ -196,6 +201,8 @@ polkit_unix_user_set_uid (PolkitUnixUser *user, PolkitIdentity * polkit_unix_user_new (gint uid) { + g_return_val_if_fail (uid != -1, NULL); + return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_USER, "uid", uid, NULL)); -- cgit v1.2.3 From 7a78151cb9025163b5ae4316b152982e36fc8bc3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Mon, 3 Dec 2018 11:20:34 +0100 Subject: tests: add tests for high uids Modified by Marc Deslauriers for polkit 105 (cherry picked from commit b534a10727455409acd54018a9c91000e7626126) Gbp-Pq: Topic 0.116 Gbp-Pq: Name tests-add-tests-for-high-uids.patch --- test/data/etc/group | 1 + test/data/etc/passwd | 2 ++ .../localauthority/10-test/com.example.pkla | 13 +++++++ .../polkitbackendlocalauthoritytest.c | 41 +++++++++++++++++++++- 4 files changed, 56 insertions(+), 1 deletion(-) diff --git a/test/data/etc/group b/test/data/etc/group index 12ef328b..b9acab97 100644 --- a/test/data/etc/group +++ b/test/data/etc/group @@ -5,3 +5,4 @@ john:x:500: jane:x:501: sally:x:502: henry:x:503: +highuid2:x:4000000000: diff --git a/test/data/etc/passwd b/test/data/etc/passwd index 8544febc..5cf14a56 100644 --- a/test/data/etc/passwd +++ b/test/data/etc/passwd @@ -3,3 +3,5 @@ john:x:500:500:John Done:/home/john:/bin/bash jane:x:501:501:Jane Smith:/home/jane:/bin/bash sally:x:502:502:Sally Derp:/home/sally:/bin/bash henry:x:503:503:Henry Herp:/home/henry:/bin/bash +highuid1:x:2147483648:2147483648:The first high uid:/home/highuid1:/sbin/nologin +highuid2:x:4000000000:4000000000:An example high uid:/home/example:/sbin/nologin diff --git a/test/data/etc/polkit-1/localauthority/10-test/com.example.pkla b/test/data/etc/polkit-1/localauthority/10-test/com.example.pkla index bc64c5e9..a35f9a37 100644 --- a/test/data/etc/polkit-1/localauthority/10-test/com.example.pkla +++ b/test/data/etc/polkit-1/localauthority/10-test/com.example.pkla @@ -12,3 +12,16 @@ ResultAny=no ResultInactive=auth_self ResultActive=yes +[User john can do this] +Identity=unix-user:john +Action=net.company.john_action +ResultAny=no +ResultInactive=auth_self +ResultActive=yes + +[User highuid2 can do this] +Identity=unix-user:highuid2 +Action=net.company.highuid2_action +ResultAny=no +ResultInactive=auth_self +ResultActive=yes diff --git a/test/polkitbackend/polkitbackendlocalauthoritytest.c b/test/polkitbackend/polkitbackendlocalauthoritytest.c index 617c2549..b0bfefef 100644 --- a/test/polkitbackend/polkitbackendlocalauthoritytest.c +++ b/test/polkitbackend/polkitbackendlocalauthoritytest.c @@ -226,7 +226,46 @@ struct auth_context check_authorization_test_data [] = { {"unix-user:jane", TRUE, TRUE, "com.example.awesomeproduct.bar", POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED}, - + /* highuid1 is not a member of group 'users', see test/data/etc/group + * group_membership_with_non_member(highuid22) */ + {"unix-user:highuid2", TRUE, TRUE, "com.example.awesomeproduct.foo", + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN}, + /* highuid2 is not a member of group 'users', see test/data/etc/group + * group_membership_with_non_member(highuid21) */ + {"unix-user:highuid2", TRUE, TRUE, "com.example.awesomeproduct.foo", + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN}, + /* highuid1 is not a member of group 'users', see test/data/etc/group + * group_membership_with_non_member(highuid24) */ + {"unix-user:2147483648", TRUE, TRUE, "com.example.awesomeproduct.foo", + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN}, + /* highuid2 is not a member of group 'users', see test/data/etc/group + * group_membership_with_non_member(highuid23) */ + {"unix-user:4000000000", TRUE, TRUE, "com.example.awesomeproduct.foo", + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN}, + /* john is authorized to do this, see com.example.pkla + * john_action */ + {"unix-user:john", TRUE, TRUE, "net.company.john_action", + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, + POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED}, + /* only john is authorized to do this, see com.example.pkla + * jane_action */ + {"unix-user:jane", TRUE, TRUE, "net.company.john_action", + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN}, + /* highuid2 is authorized to do this, see com.example.pkla + * highuid2_action */ + {"unix-user:highuid2", TRUE, TRUE, "net.company.highuid2_action", + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, + POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED}, + /* only highuid2 is authorized to do this, see com.example.pkla + * highuid1_action */ + {"unix-user:highuid1", TRUE, TRUE, "net.company.highuid2_action", + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN}, {NULL}, }; -- cgit v1.2.3 From 58d295e309a71ed4cff24c8a90f027db642be546 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Fri, 4 Jan 2019 14:24:48 -0500 Subject: backend: Compare PolkitUnixProcess uids for temporary authorizations It turns out that the combination of `(pid, start time)` is not enough to be unique. For temporary authorizations, we can avoid separate users racing on pid reuse by simply comparing the uid. https://bugs.chromium.org/p/project-zero/issues/detail?id=1692 And the above original email report is included in full in a new comment. Reported-by: Jann Horn Bug: https://gitlab.freedesktop.org/polkit/polkit/issues/75 Origin: upstream, 0.116, commit:6cc6aafee135ba44ea748250d7d29b562ca190e3 Gbp-Pq: Topic 0.116 Gbp-Pq: Name backend-Compare-PolkitUnixProcess-uids-for-temporary-auth.patch --- src/polkit/polkitsubject.c | 2 + src/polkit/polkitunixprocess.c | 71 +++++++++++++++++++++- .../polkitbackendinteractiveauthority.c | 39 +++++++++++- 3 files changed, 110 insertions(+), 2 deletions(-) diff --git a/src/polkit/polkitsubject.c b/src/polkit/polkitsubject.c index 78ec745a..fadcfe9b 100644 --- a/src/polkit/polkitsubject.c +++ b/src/polkit/polkitsubject.c @@ -99,6 +99,8 @@ polkit_subject_hash (PolkitSubject *subject) * @b: A #PolkitSubject. * * Checks if @a and @b are equal, ie. represent the same subject. + * However, avoid calling polkit_subject_equal() to compare two processes; + * for more information see the `PolkitUnixProcess` documentation. * * This function can be used in e.g. g_hash_table_new(). * diff --git a/src/polkit/polkitunixprocess.c b/src/polkit/polkitunixprocess.c index 02a083f7..fc5afa1c 100644 --- a/src/polkit/polkitunixprocess.c +++ b/src/polkit/polkitunixprocess.c @@ -44,7 +44,10 @@ * @title: PolkitUnixProcess * @short_description: Unix processs * - * An object for representing a UNIX process. + * An object for representing a UNIX process. NOTE: This object as + * designed is now known broken; a mechanism to exploit a delay in + * start time in the Linux kernel was identified. Avoid + * calling polkit_subject_equal() to compare two processes. * * To uniquely identify processes, both the process id and the start * time of the process (a monotonic increasing value representing the @@ -59,6 +62,72 @@ * polkit_unix_process_new_for_owner() with trusted data. */ +/* See https://gitlab.freedesktop.org/polkit/polkit/issues/75 + + But quoting the original email in full here to ensure it's preserved: + + From: Jann Horn + Subject: [SECURITY] polkit: temporary auth hijacking via PID reuse and non-atomic fork + Date: Wednesday, October 10, 2018 5:34 PM + +When a (non-root) user attempts to e.g. control systemd units in the system +instance from an active session over DBus, the access is gated by a polkit +policy that requires "auth_admin_keep" auth. This results in an auth prompt +being shown to the user, asking the user to confirm the action by entering the +password of an administrator account. + +After the action has been confirmed, the auth decision for "auth_admin_keep" is +cached for up to five minutes. Subject to some restrictions, similar actions can +then be performed in this timespan without requiring re-auth: + + - The PID of the DBus client requesting the new action must match the PID of + the DBus client requesting the old action (based on SO_PEERCRED information + forwarded by the DBus daemon). + - The "start time" of the client's PID (as seen in /proc/$pid/stat, field 22) + must not have changed. The granularity of this timestamp is in the + millisecond range. + - polkit polls every two seconds whether a process with the expected start time + still exists. If not, the temporary auth entry is purged. + +Without the start time check, this would obviously be buggy because an attacker +could simply wait for the legitimate client to disappear, then create a new +client with the same PID. + +Unfortunately, the start time check is bypassable because fork() is not atomic. +Looking at the source code of copy_process() in the kernel: + + p->start_time = ktime_get_ns(); + p->real_start_time = ktime_get_boot_ns(); + [...] + retval = copy_thread_tls(clone_flags, stack_start, stack_size, p, tls); + if (retval) + goto bad_fork_cleanup_io; + + if (pid != &init_struct_pid) { + pid = alloc_pid(p->nsproxy->pid_ns_for_children); + if (IS_ERR(pid)) { + retval = PTR_ERR(pid); + goto bad_fork_cleanup_thread; + } + } + +The ktime_get_boot_ns() call is where the "start time" of the process is +recorded. The alloc_pid() call is where a free PID is allocated. In between +these, some time passes; and because the copy_thread_tls() call between them can +access userspace memory when sys_clone() is invoked through the 32-bit syscall +entry point, an attacker can even stall the kernel arbitrarily long at this +point (by supplying a pointer into userspace memory that is associated with a +userfaultfd or is backed by a custom FUSE filesystem). + +This means that an attacker can immediately call sys_clone() when the victim +process is created, often resulting in a process that has the exact same start +time reported in procfs; and then the attacker can delay the alloc_pid() call +until after the victim process has died and the PID assignment has cycled +around. This results in an attacker process that polkit can't distinguish from +the victim process. +*/ + + /** * PolkitUnixProcess: * diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c index 97a8d800..1e17dfd5 100644 --- a/src/polkitbackend/polkitbackendinteractiveauthority.c +++ b/src/polkitbackend/polkitbackendinteractiveauthority.c @@ -2870,6 +2870,43 @@ temporary_authorization_store_free (TemporaryAuthorizationStore *store) g_free (store); } +/* See the comment at the top of polkitunixprocess.c */ +static gboolean +subject_equal_for_authz (PolkitSubject *a, + PolkitSubject *b) +{ + if (!polkit_subject_equal (a, b)) + return FALSE; + + /* Now special case unix processes, as we want to protect against + * pid reuse by including the UID. + */ + if (POLKIT_IS_UNIX_PROCESS (a) && POLKIT_IS_UNIX_PROCESS (b)) { + PolkitUnixProcess *ap = (PolkitUnixProcess*)a; + int uid_a = polkit_unix_process_get_uid ((PolkitUnixProcess*)a); + PolkitUnixProcess *bp = (PolkitUnixProcess*)b; + int uid_b = polkit_unix_process_get_uid ((PolkitUnixProcess*)b); + + if (uid_a != -1 && uid_b != -1) + { + if (uid_a == uid_b) + { + return TRUE; + } + else + { + g_printerr ("denying slowfork; pid %d uid %d != %d!\n", + polkit_unix_process_get_pid (ap), + uid_a, uid_b); + return FALSE; + } + } + /* Fall through; one of the uids is unset so we can't reliably compare */ + } + + return TRUE; +} + static gboolean temporary_authorization_store_has_authorization (TemporaryAuthorizationStore *store, PolkitSubject *subject, @@ -2912,7 +2949,7 @@ temporary_authorization_store_has_authorization (TemporaryAuthorizationStore *st TemporaryAuthorization *authorization = l->data; if (strcmp (action_id, authorization->action_id) == 0 && - polkit_subject_equal (subject_to_use, authorization->subject)) + subject_equal_for_authz (subject_to_use, authorization->subject)) { ret = TRUE; if (out_tmp_authz_id != NULL) -- cgit v1.2.3 From 252e8f3b90dcde67ddd3e9e994808a93331703fe Mon Sep 17 00:00:00 2001 From: Matthew Leeds Date: Tue, 11 Dec 2018 12:04:26 -0800 Subject: Allow uid of -1 for a PolkitUnixProcess Commit 2cb40c4d5 changed PolkitUnixUser, PolkitUnixGroup, and PolkitUnixProcess to allow negative values for their uid/gid properties, since these are values above INT_MAX which wrap around but are still valid, with the exception of -1 which is not valid. However, PolkitUnixProcess allows a uid of -1 to be passed to polkit_unix_process_new_for_owner() which means polkit is expected to figure out the uid on its own (this happens in the _constructed function). So this commit removes the check in polkit_unix_process_set_property() so that new_for_owner() can be used as documented without producing a critical error message. This does not affect the protection against CVE-2018-19788 which is based on creating a user with a UID up to but not including 4294967295 (-1). Gbp-Pq: Topic 0.116 Gbp-Pq: Name Allow-uid-of-1-for-a-PolkitUnixProcess.patch --- src/polkit/polkitunixprocess.c | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/src/polkit/polkitunixprocess.c b/src/polkit/polkitunixprocess.c index fc5afa1c..53537fa5 100644 --- a/src/polkit/polkitunixprocess.c +++ b/src/polkit/polkitunixprocess.c @@ -216,14 +216,9 @@ polkit_unix_process_set_property (GObject *object, polkit_unix_process_set_pid (unix_process, g_value_get_int (value)); break; - case PROP_UID: { - gint val; - - val = g_value_get_int (value); - g_return_if_fail (val != -1); - polkit_unix_process_set_uid (unix_process, val); + case PROP_UID: + polkit_unix_process_set_uid (unix_process, g_value_get_int (value)); break; - } case PROP_START_TIME: polkit_unix_process_set_start_time (unix_process, g_value_get_uint64 (value)); -- cgit v1.2.3 From d5f7b372eb047d5a07d115b566e60ece40462790 Mon Sep 17 00:00:00 2001 From: Jan Rybar Date: Fri, 15 Mar 2019 16:07:53 +0000 Subject: pkttyagent: PolkitAgentTextListener leaves echo tty disabled if SIGINT/SIGTERM If no password is typed into terminal during authentication raised by PolkitAgentTextListener, pkttyagent sends kill (it receives from systemctl/hostnamectl e.g.) without chance to restore echoing back on. This cannot be done in on_request() since it's run in a thread without guarantee the signal is distributed there. Origin: upstream, 0.116, commit:bfb722bbe5a503095cc7e860f282b142f5aa75f1 Gbp-Pq: Topic 0.116 Gbp-Pq: Name pkttyagent-PolkitAgentTextListener-leaves-echo-tty-disabl.patch --- src/programs/pkttyagent.c | 57 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 57 insertions(+) diff --git a/src/programs/pkttyagent.c b/src/programs/pkttyagent.c index fe747657..eaccc058 100644 --- a/src/programs/pkttyagent.c +++ b/src/programs/pkttyagent.c @@ -24,6 +24,10 @@ #endif #include +#include +#include +#include +#include #include #define POLKIT_AGENT_I_KNOW_API_IS_SUBJECT_TO_CHANGE #include @@ -47,6 +51,36 @@ usage (int argc, char *argv[]) } +static volatile sig_atomic_t tty_flags_saved; +struct termios ts; +FILE *tty = NULL; +struct sigaction savesigterm, savesigint, savesigtstp; + + +static void tty_handler(int signal) +{ + switch (signal) + { + case SIGTERM: + sigaction (SIGTERM, &savesigterm, NULL); + break; + case SIGINT: + sigaction (SIGINT, &savesigint, NULL); + break; + case SIGTSTP: + sigaction (SIGTSTP, &savesigtstp, NULL); + break; + } + + if (tty_flags_saved) + { + tcsetattr (fileno (tty), TCSAFLUSH, &ts); + } + + kill(getpid(), signal); +} + + int main (int argc, char *argv[]) { @@ -64,6 +98,8 @@ main (int argc, char *argv[]) guint ret = 126; gint notify_fd = -1; GVariantBuilder builder; + struct sigaction sa; + const char *tty_name = NULL; g_type_init (); @@ -232,6 +268,27 @@ main (int argc, char *argv[]) } } +/* Bash leaves tty echo disabled if SIGINT/SIGTERM comes to polkitagenttextlistener.c::on_request(), + but due to threading the handlers cannot take care of the signal there. + Though if controlling terminal cannot be found, the world won't stop spinning. +*/ + tty_name = ctermid(NULL); + if (tty_name != NULL) + { + tty = fopen(tty_name, "r+"); + } + + if (tty != NULL && !tcgetattr (fileno (tty), &ts)) + { + tty_flags_saved = TRUE; + } + + memset (&sa, 0, sizeof (sa)); + sa.sa_handler = &tty_handler; + sigaction (SIGTERM, &sa, &savesigterm); + sigaction (SIGINT, &sa, &savesigint); + sigaction (SIGTSTP, &sa, &savesigtstp); + loop = g_main_loop_new (NULL, FALSE); g_main_loop_run (loop); -- cgit v1.2.3 From 85f6287806d4770a905b42bbb04294bc52e2c589 Mon Sep 17 00:00:00 2001 From: Michael Biebl Date: Tue, 2 Oct 2007 22:38:04 +0200 Subject: Use Debian's common-* PAM infrastructure, plus pam_env Forwarded: no, Debian-specific Gbp-Pq: Name 01_pam_polkit.patch --- data/polkit-1.in | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/data/polkit-1.in b/data/polkit-1.in index 142dadd3..6f8af2a0 100644 --- a/data/polkit-1.in +++ b/data/polkit-1.in @@ -1,6 +1,8 @@ #%PAM-1.0 -auth include @PAM_FILE_INCLUDE_AUTH@ -account include @PAM_FILE_INCLUDE_ACCOUNT@ -password include @PAM_FILE_INCLUDE_PASSWORD@ -session include @PAM_FILE_INCLUDE_SESSION@ +@include common-auth +@include common-account +@include common-password +session required pam_env.so readenv=1 user_readenv=0 +session required pam_env.so readenv=1 envfile=/etc/default/locale user_readenv=0 +@include common-session-noninteractive -- cgit v1.2.3 From 408702e094b0366577048deacb5899883dd42d64 Mon Sep 17 00:00:00 2001 From: Robert Ancell Date: Wed, 18 Aug 2010 16:26:15 +1000 Subject: Use gettext for translations in .policy files Bug: http://bugs.freedesktop.org/show_bug.cgi?id=29639 Bug-Ubuntu: https://launchpad.net/bugs/619632 Gbp-Pq: Name 02_gettext.patch --- src/polkitbackend/polkitbackendactionpool.c | 49 +++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) diff --git a/src/polkitbackend/polkitbackendactionpool.c b/src/polkitbackend/polkitbackendactionpool.c index b16ed2f9..3b0e4008 100644 --- a/src/polkitbackend/polkitbackendactionpool.c +++ b/src/polkitbackend/polkitbackendactionpool.c @@ -24,6 +24,8 @@ #include #include #include +#include +#include #include #include @@ -44,7 +46,9 @@ typedef struct gchar *vendor_url; gchar *icon_name; gchar *description; + gchar *description_domain; gchar *message; + gchar *message_domain; PolkitImplicitAuthorization implicit_authorization_any; PolkitImplicitAuthorization implicit_authorization_inactive; @@ -65,7 +69,9 @@ parsed_action_free (ParsedAction *action) g_free (action->vendor_url); g_free (action->icon_name); g_free (action->description); + g_free (action->description_domain); g_free (action->message); + g_free (action->message_domain); g_hash_table_unref (action->localized_description); g_hash_table_unref (action->localized_message); @@ -85,6 +91,7 @@ static void ensure_all_files (PolkitBackendActionPool *pool); static const gchar *_localize (GHashTable *translations, const gchar *untranslated, + const gchar *domain, const gchar *lang); typedef struct @@ -385,9 +392,11 @@ polkit_backend_action_pool_get_action (PolkitBackendActionPool *pool, description = _localize (parsed_action->localized_description, parsed_action->description, + parsed_action->description_domain, locale); message = _localize (parsed_action->localized_message, parsed_action->message, + parsed_action->message_domain, locale); ret = polkit_action_description_new (action_id, @@ -603,11 +612,16 @@ typedef struct { GHashTable *policy_messages; char *policy_description_nolang; + char *policy_description_domain; char *policy_message_nolang; + char *policy_message_domain; /* the value of xml:lang for the thing we're reading in _cdata() */ char *elem_lang; + /* the value of gettext-domain for the thing we're reading in _cdata() */ + char *elem_domain; + char *annotate_key; GHashTable *annotations; @@ -629,8 +643,12 @@ pd_unref_action_data (ParserData *pd) g_free (pd->policy_description_nolang); pd->policy_description_nolang = NULL; + g_free (pd->policy_description_domain); + pd->policy_description_domain = NULL; g_free (pd->policy_message_nolang); pd->policy_message_nolang = NULL; + g_free (pd->policy_message_domain); + pd->policy_message_domain = NULL; if (pd->policy_descriptions != NULL) { g_hash_table_unref (pd->policy_descriptions); @@ -650,6 +668,8 @@ pd_unref_action_data (ParserData *pd) } g_free (pd->elem_lang); pd->elem_lang = NULL; + g_free (pd->elem_domain); + pd->elem_domain = NULL; } static void @@ -737,6 +757,10 @@ _start (void *data, const char *el, const char **attr) { pd->elem_lang = g_strdup (attr[1]); } + if (num_attr == 2 && strcmp (attr[0], "gettext-domain") == 0) + { + pd->elem_domain = g_strdup (attr[1]); + } state = STATE_IN_ACTION_DESCRIPTION; } else if (strcmp (el, "message") == 0) @@ -745,6 +769,10 @@ _start (void *data, const char *el, const char **attr) { pd->elem_lang = g_strdup (attr[1]); } + if (num_attr == 2 && strcmp (attr[0], "gettext-domain") == 0) + { + pd->elem_domain = g_strdup (attr[1]); + } state = STATE_IN_ACTION_MESSAGE; } else if (strcmp (el, "vendor") == 0 && num_attr == 0) @@ -847,6 +875,7 @@ _cdata (void *data, const char *s, int len) { g_free (pd->policy_description_nolang); pd->policy_description_nolang = str; + pd->policy_description_domain = g_strdup (pd->elem_domain); str = NULL; } else @@ -863,6 +892,7 @@ _cdata (void *data, const char *s, int len) { g_free (pd->policy_message_nolang); pd->policy_message_nolang = str; + pd->policy_message_domain = g_strdup (pd->elem_domain); str = NULL; } else @@ -960,6 +990,8 @@ _end (void *data, const char *el) g_free (pd->elem_lang); pd->elem_lang = NULL; + g_free (pd->elem_domain); + pd->elem_domain = NULL; switch (pd->state) { @@ -990,7 +1022,9 @@ _end (void *data, const char *el) action->vendor_url = g_strdup (vendor_url); action->icon_name = g_strdup (icon_name); action->description = g_strdup (pd->policy_description_nolang); + action->description_domain = g_strdup (pd->policy_description_domain); action->message = g_strdup (pd->policy_message_nolang); + action->message_domain = g_strdup (pd->policy_message_domain); action->localized_description = pd->policy_descriptions; action->localized_message = pd->policy_messages; @@ -1093,6 +1127,7 @@ error: * _localize: * @translations: a mapping from xml:lang to the value, e.g. 'da' -> 'Smadre', 'en_CA' -> 'Punch, Aye!' * @untranslated: the untranslated value, e.g. 'Punch' + * @domain: the gettext domain for this string. Make be NULL. * @lang: the locale we're interested in, e.g. 'da_DK', 'da', 'en_CA', 'en_US'; basically just $LANG * with the encoding cut off. Maybe be NULL. * @@ -1103,11 +1138,25 @@ error: static const gchar * _localize (GHashTable *translations, const gchar *untranslated, + const gchar *domain, const gchar *lang) { const gchar *result; gchar **langs; guint n; + + if (domain != NULL) + { + gchar *old_locale; + + old_locale = g_strdup (setlocale (LC_ALL, NULL)); + setlocale (LC_ALL, lang); + result = dgettext (domain, untranslated); + setlocale (LC_ALL, old_locale); + g_free (old_locale); + + goto out; + } if (lang == NULL) { -- cgit v1.2.3 From 7c393a38947b78577da97ab3e8a86301d685ed44 Mon Sep 17 00:00:00 2001 From: Michael Biebl Date: Fri, 9 Dec 2011 00:31:21 +0100 Subject: Revert "Default to AdminIdentities=unix-group:wheel for local authority" This reverts commit 763faf434b445c20ae9529100d3ef5290976d0c9. On Red Hat derivatives, every member of group 'wheel' is necessarily privileged. On Debian derivatives, there is no wheel group, and gid 0 (root) is not used in this way. Change the default rule to consider uid 0 to be privileged, instead. On Red Hat derivatives, 50-default.rules is not preserved by upgrades; on dpkg-based systems, it is a proper conffile and may be edited (at the sysadmin's own risk), so the comment about not editing it is misleading. [smcv: added longer explanation of why we make this change; remove unrelated cosmetic change to a man page] Forwarded: no, Debian-specific Gbp-Pq: Name 05_revert-admin-identities-unix-group-wheel.patch --- src/polkitbackend/50-localauthority.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/polkitbackend/50-localauthority.conf b/src/polkitbackend/50-localauthority.conf index 5e44bde0..20e0ba34 100644 --- a/src/polkitbackend/50-localauthority.conf +++ b/src/polkitbackend/50-localauthority.conf @@ -7,4 +7,4 @@ # [Configuration] -AdminIdentities=unix-group:wheel +AdminIdentities=unix-user:0 -- cgit v1.2.3 From 9235d17a6fac7713e7d12eb72f50a53afa61441b Mon Sep 17 00:00:00 2001 From: Michael Biebl Date: Sat, 11 Feb 2012 23:48:29 +0100 Subject: Install systemd service file for polkitd. Forwarded: no, obsoleted by an upstream commit in 0.106 Gbp-Pq: Name 06_systemd-service.patch --- data/org.freedesktop.PolicyKit1.service.in | 1 + 1 file changed, 1 insertion(+) diff --git a/data/org.freedesktop.PolicyKit1.service.in b/data/org.freedesktop.PolicyKit1.service.in index b6cd02b6..fbceb3ff 100644 --- a/data/org.freedesktop.PolicyKit1.service.in +++ b/data/org.freedesktop.PolicyKit1.service.in @@ -2,3 +2,4 @@ Name=org.freedesktop.PolicyKit1 Exec=@libexecdir@/polkitd --no-debug User=root +SystemdService=polkit.service -- cgit v1.2.3 From 901f8afa55d9fe752ed149b1820c484a3ca25328 Mon Sep 17 00:00:00 2001 From: Michael Biebl Date: Wed, 8 Jul 2015 02:08:33 +0200 Subject: Build against libsystemd Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779756 Forwarded: no, obsoleted by upstream commit 2291767a014f5a04a92ca6f0eb472794f212ca67 in 0.113 Gbp-Pq: Name 10_build-against-libsystemd.patch --- configure.ac | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/configure.ac b/configure.ac index 388605d2..f55ddb7f 100644 --- a/configure.ac +++ b/configure.ac @@ -160,7 +160,7 @@ AC_ARG_ENABLE([systemd], [enable_systemd=auto]) if test "$enable_systemd" != "no"; then PKG_CHECK_MODULES(SYSTEMD, - [libsystemd-login], + [libsystemd], have_systemd=yes, have_systemd=no) if test "$have_systemd" = "yes"; then @@ -171,7 +171,7 @@ if test "$enable_systemd" != "no"; then LIBS=$save_LIBS else if test "$enable_systemd" = "yes"; then - AC_MSG_ERROR([systemd support requested but libsystemd-login1 library not found]) + AC_MSG_ERROR([systemd support requested but libsystemd library not found]) fi fi fi -- cgit v1.2.3 From 9826535df89e2e7795d1922c685859727dea8faa Mon Sep 17 00:00:00 2001 From: Michael Biebl Date: Tue, 27 Nov 2018 18:36:27 +0100 Subject: Move D-Bus policy file to /usr/share/dbus-1/system.d/ To better support stateless systems with an empty /etc, the old location in /etc/dbus-1/system.d/ should only be used for local admin changes. Package provided D-Bus policy files are supposed to be installed in /usr/share/dbus-1/system.d/. This is supported since dbus 1.9.18. https://lists.freedesktop.org/archives/dbus/2015-July/016746.html https://gitlab.freedesktop.org/polkit/polkit/merge_requests/11 Gbp-Pq: Name Move-D-Bus-policy-file-to-usr-share-dbus-1-system.d.patch --- data/Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/Makefile.am b/data/Makefile.am index e1a60aad..3d874390 100644 --- a/data/Makefile.am +++ b/data/Makefile.am @@ -9,7 +9,7 @@ service_DATA = $(service_in_files:.service.in=.service) $(service_DATA): $(service_in_files) Makefile @sed -e "s|\@libexecdir\@|$(libexecdir)|" $< > $@ -dbusconfdir = $(sysconfdir)/dbus-1/system.d +dbusconfdir = $(datadir)/dbus-1/system.d dbusconf_DATA = org.freedesktop.PolicyKit1.conf if POLKIT_AUTHFW_PAM -- cgit v1.2.3 From 18d5d6504eb995f931c4e41a05049d2c0d9bd670 Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Thu, 4 Jul 2019 14:12:44 +0100 Subject: Statically link libpolkit-backend1 into polkitd Nothing else in Debian depends on that library: in principle it was meant to be used for pluggable polkit backends, but those never actually happened, and the library's API was never declared stable. Similar to part of 0f830c76 "Nuke polkitbackend library, localauthority backend and extension system" upstream. Signed-off-by: Simon McVittie Gbp-Pq: Name Statically-link-libpolkit-backend1-into-polkitd.patch --- configure.ac | 1 - data/Makefile.am | 2 +- data/polkit-backend-1.pc.in | 11 ------ docs/man/polkit.xml | 6 --- docs/polkit/Makefile.am | 3 -- docs/polkit/polkit-1-docs.xml | 7 ---- docs/polkit/polkit-1-sections.txt | 80 --------------------------------------- docs/polkit/polkit-1.types | 9 ----- src/polkitbackend/Makefile.am | 13 +------ 9 files changed, 2 insertions(+), 130 deletions(-) delete mode 100644 data/polkit-backend-1.pc.in diff --git a/configure.ac b/configure.ac index f55ddb7f..abfdd1f3 100644 --- a/configure.ac +++ b/configure.ac @@ -439,7 +439,6 @@ actions/Makefile data/Makefile data/polkit-1 data/polkit-gobject-1.pc -data/polkit-backend-1.pc data/polkit-agent-1.pc src/Makefile src/polkit/Makefile diff --git a/data/Makefile.am b/data/Makefile.am index 3d874390..dad7c2f2 100644 --- a/data/Makefile.am +++ b/data/Makefile.am @@ -18,7 +18,7 @@ pam_DATA = polkit-1 endif pkgconfigdir = $(libdir)/pkgconfig -pkgconfig_DATA = polkit-gobject-1.pc polkit-backend-1.pc polkit-agent-1.pc +pkgconfig_DATA = polkit-gobject-1.pc polkit-agent-1.pc # ---------------------------------------------------------------------------------------------------- diff --git a/data/polkit-backend-1.pc.in b/data/polkit-backend-1.pc.in deleted file mode 100644 index 7f6197d9..00000000 --- a/data/polkit-backend-1.pc.in +++ /dev/null @@ -1,11 +0,0 @@ -prefix=@prefix@ -exec_prefix=@exec_prefix@ -libdir=@libdir@ -includedir=@includedir@ - -Name: polkit-backend-1 -Description: PolicyKit Backend API -Version: @VERSION@ -Libs: -L${libdir} -lpolkit-backend-1 -Cflags: -I${includedir}/polkit-1 -Requires: polkit-gobject-1 diff --git a/docs/man/polkit.xml b/docs/man/polkit.xml index 188c5141..7933779f 100644 --- a/docs/man/polkit.xml +++ b/docs/man/polkit.xml @@ -115,12 +115,6 @@ System Context | | PolicyKit D-Bus service. - - PolicyKit extensions and authority backends are implemented - using the - libpolkit-backend-1 library. - - See the developer diff --git a/docs/polkit/Makefile.am b/docs/polkit/Makefile.am index fd7123f6..c13372b4 100644 --- a/docs/polkit/Makefile.am +++ b/docs/polkit/Makefile.am @@ -31,8 +31,6 @@ INCLUDES = \ $(GIO_CFLAGS) \ -I$(top_srcdir)/src/polkit \ -I$(top_builddir)/src/polkit \ - -I$(top_srcdir)/src/polkitbackend \ - -I$(top_builddir)/src/polkitbackend \ -I$(top_srcdir)/src/polkitagent \ -I$(top_builddir)/src/polkitagent \ $(NULL) @@ -42,7 +40,6 @@ GTKDOC_LIBS = \ $(GLIB_LIBS) \ $(GIO_LIBS) \ $(top_builddir)/src/polkit/libpolkit-gobject-1.la \ - $(top_builddir)/src/polkitbackend/libpolkit-backend-1.la \ $(top_builddir)/src/polkitagent/libpolkit-agent-1.la \ $(NULL) diff --git a/docs/polkit/polkit-1-docs.xml b/docs/polkit/polkit-1-docs.xml index 21b3681e..ec04b263 100644 --- a/docs/polkit/polkit-1-docs.xml +++ b/docs/polkit/polkit-1-docs.xml @@ -47,13 +47,6 @@ - - Backend API Reference - - - - - Authentication Agent API Reference diff --git a/docs/polkit/polkit-1-sections.txt b/docs/polkit/polkit-1-sections.txt index 38810042..41b37e32 100644 --- a/docs/polkit/polkit-1-sections.txt +++ b/docs/polkit/polkit-1-sections.txt @@ -290,86 +290,6 @@ POLKIT_IS_DETAILS_CLASS POLKIT_DETAILS_GET_CLASS
-
-polkitbackendauthority -PolkitBackendAuthority -POLKIT_BACKEND_AUTHORITY_EXTENSION_POINT_NAME -PolkitBackendAuthority -PolkitBackendAuthorityClass -polkit_backend_authority_get_name -polkit_backend_authority_get_version -polkit_backend_authority_get_features -polkit_backend_authority_check_authorization -polkit_backend_authority_check_authorization_finish -polkit_backend_authority_register_authentication_agent -polkit_backend_authority_unregister_authentication_agent -polkit_backend_authority_authentication_agent_response -polkit_backend_authority_enumerate_actions -polkit_backend_authority_enumerate_temporary_authorizations -polkit_backend_authority_revoke_temporary_authorizations -polkit_backend_authority_revoke_temporary_authorization_by_id -polkit_backend_authority_get -polkit_backend_authority_register -polkit_backend_authority_unregister - -POLKIT_BACKEND_AUTHORITY -POLKIT_BACKEND_IS_AUTHORITY -POLKIT_BACKEND_TYPE_AUTHORITY -polkit_backend_authority_get_type -POLKIT_BACKEND_AUTHORITY_CLASS -POLKIT_BACKEND_IS_AUTHORITY_CLASS -POLKIT_BACKEND_AUTHORITY_GET_CLASS -
- -
-polkitbackendactionlookup -PolkitBackendActionLookup -POLKIT_BACKEND_ACTION_LOOKUP_EXTENSION_POINT_NAME -PolkitBackendActionLookup -PolkitBackendActionLookupIface -polkit_backend_action_lookup_get_message -polkit_backend_action_lookup_get_icon_name -polkit_backend_action_lookup_get_details - -POLKIT_BACKEND_ACTION_LOOKUP -POLKIT_BACKEND_IS_ACTION_LOOKUP -POLKIT_BACKEND_TYPE_ACTION_LOOKUP -polkit_backend_action_lookup_get_type -POLKIT_BACKEND_ACTION_LOOKUP_GET_IFACE -
- -
-polkitbackendlocalauthority -PolkitBackendLocalAuthority -PolkitBackendLocalAuthority -PolkitBackendLocalAuthorityClass - -POLKIT_BACKEND_LOCAL_AUTHORITY -POLKIT_BACKEND_IS_LOCAL_AUTHORITY -POLKIT_BACKEND_TYPE_LOCAL_AUTHORITY -polkit_backend_local_authority_get_type -POLKIT_BACKEND_LOCAL_AUTHORITY_CLASS -POLKIT_BACKEND_IS_LOCAL_AUTHORITY_CLASS -POLKIT_BACKEND_LOCAL_AUTHORITY_GET_CLASS -
- -
-polkitbackendinteractiveauthority -PolkitBackendInteractiveAuthority -PolkitBackendInteractiveAuthority -PolkitBackendInteractiveAuthorityClass -polkit_backend_interactive_authority_get_admin_identities -polkit_backend_interactive_authority_check_authorization_sync - -POLKIT_BACKEND_INTERACTIVE_AUTHORITY -POLKIT_BACKEND_IS_INTERACTIVE_AUTHORITY -POLKIT_BACKEND_TYPE_INTERACTIVE_AUTHORITY -polkit_backend_interactive_authority_get_type -POLKIT_BACKEND_INTERACTIVE_AUTHORITY_CLASS -POLKIT_BACKEND_IS_INTERACTIVE_AUTHORITY_CLASS -POLKIT_BACKEND_INTERACTIVE_AUTHORITY_GET_CLASS -
-
polkitagentsession PolkitAgentSession diff --git a/docs/polkit/polkit-1.types b/docs/polkit/polkit-1.types index b1e13cc5..6354d125 100644 --- a/docs/polkit/polkit-1.types +++ b/docs/polkit/polkit-1.types @@ -16,15 +16,6 @@ polkit_authorization_result_get_type polkit_temporary_authorization_get_type polkit_permission_get_type -polkit_backend_authority_get_type -polkit_backend_interactive_authority_get_type -polkit_backend_local_authority_get_type -polkit_backend_action_lookup_get_type -polkit_backend_action_pool_get_type -polkit_backend_session_monitor_get_type -polkit_backend_config_source_get_type -polkit_backend_local_authorization_store_get_type - polkit_agent_session_get_type polkit_agent_listener_get_type polkit_agent_text_listener_get_type diff --git a/src/polkitbackend/Makefile.am b/src/polkitbackend/Makefile.am index b91cafa9..cb25a6b5 100644 --- a/src/polkitbackend/Makefile.am +++ b/src/polkitbackend/Makefile.am @@ -16,18 +16,7 @@ INCLUDES = \ -D_REENTRANT \ $(NULL) -lib_LTLIBRARIES=libpolkit-backend-1.la - -libpolkit_backend_1includedir=$(includedir)/polkit-1/polkitbackend - -libpolkit_backend_1include_HEADERS = \ - polkitbackend.h \ - polkitbackendtypes.h \ - polkitbackendauthority.h \ - polkitbackendinteractiveauthority.h \ - polkitbackendlocalauthority.h \ - polkitbackendactionlookup.h \ - $(NULL) +noinst_LTLIBRARIES=libpolkit-backend-1.la libpolkit_backend_1_la_SOURCES = \ $(BUILT_SOURCES) \ -- cgit v1.2.3 From 3a8c0f58f3ed55b97b74729532c4ea1c8fe2582d Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Thu, 4 Jul 2019 14:30:29 +0100 Subject: Remove example null backend There's no point in this now that we've removed the ability to extend polkit. Signed-off-by: Simon McVittie Gbp-Pq: Name Remove-example-null-backend.patch --- configure.ac | 1 - docs/polkit/overview.xml | 34 ---------------------------------- src/Makefile.am | 2 +- 3 files changed, 1 insertion(+), 36 deletions(-) diff --git a/configure.ac b/configure.ac index abfdd1f3..22b9a192 100644 --- a/configure.ac +++ b/configure.ac @@ -447,7 +447,6 @@ src/polkitagent/Makefile src/polkitd/Makefile src/programs/Makefile src/examples/Makefile -src/nullbackend/Makefile docs/version.xml docs/extensiondir.xml docs/Makefile diff --git a/docs/polkit/overview.xml b/docs/polkit/overview.xml index 8ddb34cc..92515794 100644 --- a/docs/polkit/overview.xml +++ b/docs/polkit/overview.xml @@ -91,38 +91,4 @@ information on standard output. - - - Extending polkit - - polkit exports a number of extension points to - replace/customize behavior of the polkit daemon. Note that - all extensions run with super user privileges in the same - process as the polkit daemon. - - - The polkit daemons loads extensions - from the &extensiondir; directory. See - the GIO Extension Point - documentation for more information about the extension - system used by polkit. - - - The following extension points are currently defined by - polkit: - - - - POLKIT_BACKEND_AUTHORITY_EXTENSION_POINT_NAME - - Allows replacing the Authority – the entity responsible for - making authorization decisions. Implementations of this - extension point must be derived from the - PolkitBackendAuthority class. See - the src/nullbackend/ directory in the - polkit sources for an example. - - - - diff --git a/src/Makefile.am b/src/Makefile.am index 28c7bfa8..3380fb2c 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -1,5 +1,5 @@ -SUBDIRS = polkit polkitbackend polkitagent polkitd nullbackend programs +SUBDIRS = polkit polkitbackend polkitagent polkitd programs if BUILD_EXAMPLES SUBDIRS += examples -- cgit v1.2.3 From 328faa444191e78e7cb1b51ed1b8dc05d9e342a4 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Wed, 6 Jun 2012 09:05:14 -0400 Subject: agenthelper-pam: Fix newline-trimming code First, we were using == instead of =, as the author probably intended. But after changing that, we're now assigning to const memory. Fix that by writing to a temporary string buffer. Signed-off-by: David Zeuthen Origin: upstream, 0.106, commit:14121fda7e4fa9463c66ce419cc32be7e7f3b535 Gbp-Pq: Topic 0.106 Gbp-Pq: Name agenthelper-pam-Fix-newline-trimming-code.patch --- src/polkitagent/polkitagenthelper-pam.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/src/polkitagent/polkitagenthelper-pam.c b/src/polkitagent/polkitagenthelper-pam.c index 85a26718..7af5321e 100644 --- a/src/polkitagent/polkitagenthelper-pam.c +++ b/src/polkitagent/polkitagenthelper-pam.c @@ -227,6 +227,8 @@ conversation_function (int n, const struct pam_message **msg, struct pam_respons char buf[PAM_MAX_RESP_SIZE]; int i; gchar *escaped = NULL; + gchar *tmp = NULL; + size_t len; data = data; if (n <= 0 || n > PAM_MAX_NUM_MSG) @@ -258,9 +260,12 @@ conversation_function (int n, const struct pam_message **msg, struct pam_respons #ifdef PAH_DEBUG fprintf (stderr, "polkit-agent-helper-1: writing `%s' to stdout\n", msg[i]->msg); #endif /* PAH_DEBUG */ - if (strlen (msg[i]->msg) > 0 && msg[i]->msg[strlen (msg[i]->msg) - 1] == '\n') - msg[i]->msg[strlen (msg[i]->msg) - 1] == '\0'; - escaped = g_strescape (msg[i]->msg, NULL); + tmp = g_strdup (msg[i]->msg); + len = strlen (tmp); + if (len > 0 && tmp[len - 1] == '\n') + tmp[len - 1] = '\0'; + escaped = g_strescape (tmp, NULL); + g_free (tmp); fputs (escaped, stdout); g_free (escaped); #ifdef PAH_DEBUG -- cgit v1.2.3 From 5c4b13cef1510d97c8f44c223005414f7bff65ae Mon Sep 17 00:00:00 2001 From: Matthias Clasen Date: Wed, 27 Jun 2012 20:28:00 -0400 Subject: Try harder to look up the right localization The code for looking up localized strings for action descriptions was manually trying to break locale names into pieces, but didn't get it right for e.g. zh_CN.utf-8. Instead, use the GLib function g_get_locale_variants(), which handles this (and more). This fixes the translation problem reported in https://bugzilla.gnome.org/show_bug.cgi?id=665497 Signed-off-by: David Zeuthen (cherry picked from commit facadfb5c8c52ba45fd20ffe3b6d3ddd4208a427) Gbp-Pq: Topic 0.107 Gbp-Pq: Name Try-harder-to-look-up-the-right-localization.patch --- src/polkitbackend/polkitbackendactionpool.c | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/src/polkitbackend/polkitbackendactionpool.c b/src/polkitbackend/polkitbackendactionpool.c index e3ed38d4..0af00109 100644 --- a/src/polkitbackend/polkitbackendactionpool.c +++ b/src/polkitbackend/polkitbackendactionpool.c @@ -1108,7 +1108,7 @@ _localize (GHashTable *translations, const gchar *lang) { const gchar *result; - gchar lang2[256]; + gchar **langs; guint n; if (lang == NULL) @@ -1123,16 +1123,14 @@ _localize (GHashTable *translations, goto out; /* we could have a translation for 'da' but lang=='da_DK'; cut off the last part and try again */ - strncpy (lang2, lang, sizeof (lang2)); - for (n = 0; lang2[n] != '\0'; n++) + langs = g_get_locale_variants (lang); + for (n = 0; langs[n] != NULL; n++) { - if (lang2[n] == '_') - { - lang2[n] = '\0'; - break; - } + result = (const char *) g_hash_table_lookup (translations, (void *) langs[n]); + if (result != NULL) + break; } - result = (const char *) g_hash_table_lookup (translations, (void *) lang2); + g_strfreev (langs); if (result != NULL) goto out; -- cgit v1.2.3 From 003dece7135aa6dea6842107aa039a1136dc9825 Mon Sep 17 00:00:00 2001 From: Ryan Lortie Date: Tue, 13 Nov 2012 11:50:14 -0500 Subject: build: Fix .gir generation for parallel make As per the intructions in the introspection Makefile, we should have a line declaring a dependency between the .gir and .la files. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=57077 Signed-off-by: David Zeuthen Bug-Debian: https://bugs.debian.org/894205 Gbp-Pq: Topic 0.108 Gbp-Pq: Name build-Fix-.gir-generation-for-parallel-make.patch --- src/polkit/Makefile.am | 2 ++ src/polkitagent/Makefile.am | 2 ++ 2 files changed, 4 insertions(+) diff --git a/src/polkit/Makefile.am b/src/polkit/Makefile.am index 1068ea12..41ccf5c3 100644 --- a/src/polkit/Makefile.am +++ b/src/polkit/Makefile.am @@ -106,6 +106,8 @@ if HAVE_INTROSPECTION INTROSPECTION_GIRS = Polkit-1.0.gir +Polkit-1.0.gir: libpolkit-gobject-1.la + girdir = $(INTROSPECTION_GIRDIR) gir_DATA = Polkit-1.0.gir diff --git a/src/polkitagent/Makefile.am b/src/polkitagent/Makefile.am index e8c9fb1a..7b51137b 100644 --- a/src/polkitagent/Makefile.am +++ b/src/polkitagent/Makefile.am @@ -106,6 +106,8 @@ if HAVE_INTROSPECTION girdir = $(INTROSPECTION_GIRDIR) gir_DATA = PolkitAgent-1.0.gir +PolkitAgent-1.0.gir: libpolkit-agent-1.la + typelibsdir = $(INTROSPECTION_TYPELIBDIR) typelibs_DATA = PolkitAgent-1.0.typelib -- cgit v1.2.3 From 63e0dce028ae2f5cbd8c03150dd9848b88a5782c Mon Sep 17 00:00:00 2001 From: Adam Jackson Date: Tue, 9 Oct 2012 14:08:24 -0400 Subject: PolkitAgent: Avoid crashing if initializing the server object fails Note that otherwise we return a freed server object. Since later in polkit_agent_listener_register_with_options we check against NULL to determine failure, this makes for sad times later when we call server_free() on it again. Signed-off-by: David Zeuthen Origin: 0.108, commit:59f2d96ce3ac63173669f299a9453a7bf5e70a70 Bug: https://bugs.freedesktop.org/show_bug.cgi?id=55776 Bug-Debian: https://bugs.debian.org/923046 Gbp-Pq: Topic 0.108 Gbp-Pq: Name PolkitAgent-Avoid-crashing-if-initializing-the-server-obj.patch --- src/polkitagent/polkitagentlistener.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/polkitagent/polkitagentlistener.c b/src/polkitagent/polkitagentlistener.c index 0d97501a..5bddd035 100644 --- a/src/polkitagent/polkitagentlistener.c +++ b/src/polkitagent/polkitagentlistener.c @@ -260,10 +260,9 @@ server_new (PolkitSubject *subject, if (!server_init_sync (server, cancellable, error)) { server_free (server); - goto out; + return NULL; } - out: return server; } -- cgit v1.2.3 From bbe943f71b6e8268c7011ebdef888ae7b6ef6348 Mon Sep 17 00:00:00 2001 From: David Zeuthen Date: Wed, 19 Dec 2012 14:28:29 -0500 Subject: Set XAUTHORITY environment variable if is unset The way it works is that if XAUTHORITY is unset, then its default value is $HOME/.Xauthority. But since we're changing user identity this will not work since $HOME will now change. Therefore, if XAUTHORITY is unset, just set its default value before changing identity. This bug only affected login managers using X Window Authorization but not explicitly setting the XAUTHORITY variable. You can argue that XAUTHORITY is broken since it forces uid-changing apps like pkexec(1) to do more work - and get involved in intimate details of how X works and so on - but that doesn't change how things work. Based on a patch from Peter Wu . Bug: https://bugs.freedesktop.org/show_bug.cgi?id=51623 Signed-off-by: David Zeuthen Origin: upstream, 0.110, commit:d6acecdd0ebb42e28ff28e04e0207cb01fa20910 Gbp-Pq: Topic 0.110 Gbp-Pq: Name 07_set-XAUTHORITY-environment-variable-if-unset.patch --- src/programs/pkexec.c | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c index 373977b8..7fafa14d 100644 --- a/src/programs/pkexec.c +++ b/src/programs/pkexec.c @@ -597,6 +597,28 @@ main (int argc, char *argv[]) g_ptr_array_add (saved_env, g_strdup (value)); } + /* $XAUTHORITY is "special" - if unset, we need to set it to ~/.Xauthority. Yes, + * this is broken but it's unfortunately how things work (see fdo #51623 for + * details) + */ + if (g_getenv ("XAUTHORITY") == NULL) + { + const gchar *home; + + /* pre-2.36 GLib does not examine $HOME (it always looks in /etc/passwd) and + * this is not what we want + */ + home = g_getenv ("HOME"); + if (home == NULL) + home = g_get_home_dir (); + + if (home != NULL) + { + g_ptr_array_add (saved_env, g_strdup ("XAUTHORITY")); + g_ptr_array_add (saved_env, g_build_filename (home, ".Xauthority", NULL)); + } + } + /* Nuke the environment to get a well-known and sanitized environment to avoid attacks * via e.g. the DBUS_SYSTEM_BUS_ADDRESS environment variable and similar. */ -- cgit v1.2.3 From 8f41c1cab59e3dc340de189f4bb102bb7eacb205 Mon Sep 17 00:00:00 2001 From: Emilio Pozuelo Monfort Date: Sat, 26 Mar 2011 07:28:14 +0000 Subject: Fix build on GNU Hurd Bug: https://bugs.freedesktop.org/show_bug.cgi?id=35685 Applied-upstream: 0.110, commit:d6de13e12379826af8ca9355a32da48707b9831f Gbp-Pq: Topic 0.110 Gbp-Pq: Name 04_get_cwd.patch --- src/programs/pkexec.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c index 7fafa14d..682fe954 100644 --- a/src/programs/pkexec.c +++ b/src/programs/pkexec.c @@ -53,7 +53,7 @@ #include static gchar *original_user_name = NULL; -static gchar original_cwd[PATH_MAX]; +static gchar *original_cwd; static gchar *command_line = NULL; static struct passwd *pw; @@ -465,7 +465,7 @@ main (int argc, char *argv[]) goto out; } - if (getcwd (original_cwd, sizeof (original_cwd)) == NULL) + if ((original_cwd = g_get_current_dir ()) == NULL) { g_printerr ("Error getting cwd: %s\n", g_strerror (errno)); @@ -953,6 +953,7 @@ main (int argc, char *argv[]) g_ptr_array_free (saved_env, TRUE); } + g_free (original_cwd); g_free (path); g_free (command_line); g_free (opt_user); -- cgit v1.2.3 From dab5b063ee60888f448bdee2d48a52fe7b09f88c Mon Sep 17 00:00:00 2001 From: Steve Langasek Date: Fri, 8 Mar 2013 12:00:00 +0100 Subject: pkexec: Set process environment from pam_getenvlist() Various pam modules provide environment variables that are intended to be set in the environment of the pam session. pkexec needs to process the output of pam_getenvlist() to get these. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=62016 Applied-upstream: 0.111, commit:5aef9722c15a350fbf8b20a3b58419f156cc7c98 Bug-Ubuntu: https://bugs.launchpad.net/bugs/982684 Gbp-Pq: Topic 0.111 Gbp-Pq: Name 09_pam_environment.patch --- src/programs/pkexec.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c index 682fe954..9a0570a3 100644 --- a/src/programs/pkexec.c +++ b/src/programs/pkexec.c @@ -145,6 +145,7 @@ open_session (const gchar *user_to_auth) gboolean ret; gint rc; pam_handle_t *pam_h; + char **envlist; struct pam_conv conversation; ret = FALSE; @@ -176,6 +177,15 @@ open_session (const gchar *user_to_auth) ret = TRUE; + envlist = pam_getenvlist (pam_h); + if (envlist != NULL) + { + guint n; + for (n = 0; envlist[n]; n++) + putenv (envlist[n]); + free (envlist); + } + out: if (pam_h != NULL) pam_end (pam_h, rc); -- cgit v1.2.3 From 4e7e02f97a1c0283b11be7c21c05d1934b43e4ad Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Thu, 18 Apr 2013 19:54:59 +0200 Subject: Add a FIXME to polkitprivate.h See discussion in https://bugs.freedesktop.org/show_bug.cgi?id=63573 . Origin: upstream, 0.111, commit:18d97c95c022bb381efab8fb6ac80312bd7fbc11 Gbp-Pq: Topic 0.111 Gbp-Pq: Name Add-a-FIXME-to-polkitprivate.h.patch --- src/polkit/polkitprivate.h | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/src/polkit/polkitprivate.h b/src/polkit/polkitprivate.h index 579cc253..7f5c4634 100644 --- a/src/polkit/polkitprivate.h +++ b/src/polkit/polkitprivate.h @@ -28,6 +28,16 @@ #include "polkitauthorizationresult.h" #include "polkittemporaryauthorization.h" +/* FIXME: This header file is currently installed among other public header + files, and the symbols are exported in the shared library. + + For application writers: relying on any function here is strongly + discouraged. + + For polkit maintainers: This should be made private if a large ABI break + were necessary in the future. In the meantime, consider that there is + non-zero risk that changing these functions might break some applications. */ + PolkitActionDescription *polkit_action_description_new_for_gvariant (GVariant *value); GVariant *polkit_action_description_to_gvariant (PolkitActionDescription *action_description); -- cgit v1.2.3 From b46e8f06e08dadaf6f60354f881d6b32a198f8bf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Tue, 7 May 2013 22:30:25 +0200 Subject: Fix a memory leak Bug: https://bugs.freedesktop.org/show_bug.cgi?id=64336 Origin: upstream, 0.111, commit:d7b6ab40b586c255c49aba22f558eb6602c88b1e Gbp-Pq: Topic 0.111 Gbp-Pq: Name Fix-a-memory-leak.patch --- src/polkitagent/polkitagenthelper-pam.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/polkitagent/polkitagenthelper-pam.c b/src/polkitagent/polkitagenthelper-pam.c index 7af5321e..292abbe4 100644 --- a/src/polkitagent/polkitagenthelper-pam.c +++ b/src/polkitagent/polkitagenthelper-pam.c @@ -321,6 +321,7 @@ error: } } memset (aresp, 0, n * sizeof *aresp); + free (aresp); *resp = NULL; return PAM_CONV_ERR; } -- cgit v1.2.3 From c82a2ba834ddf5524b124879e5170c6ba5a64910 Mon Sep 17 00:00:00 2001 From: Tomas Bzatek Date: Wed, 29 May 2013 13:45:31 +0000 Subject: Use GOnce for interface type registration Static local variable may not be enough since it doesn't provide locking. Related to these udisksd warnings: GLib-GObject-WARNING **: cannot register existing type `PolkitSubject' Thanks to Hans de Goede for spotting this! Bug: https://bugs.freedesktop.org/show_bug.cgi?id=65130 Origin: upstream, 0.112, commit:20ad116a6582e57d20f9d8197758947918753a4c Gbp-Pq: Topic 0.112 Gbp-Pq: Name 00git_type_registration.patch --- src/polkit/polkitidentity.c | 10 ++++++---- src/polkit/polkitsubject.c | 10 ++++++---- src/polkitbackend/polkitbackendactionlookup.c | 10 ++++++---- 3 files changed, 18 insertions(+), 12 deletions(-) diff --git a/src/polkit/polkitidentity.c b/src/polkit/polkitidentity.c index dd15b2f9..7813c2c0 100644 --- a/src/polkit/polkitidentity.c +++ b/src/polkit/polkitidentity.c @@ -49,9 +49,9 @@ base_init (gpointer g_iface) GType polkit_identity_get_type (void) { - static GType iface_type = 0; + static volatile gsize g_define_type_id__volatile = 0; - if (iface_type == 0) + if (g_once_init_enter (&g_define_type_id__volatile)) { static const GTypeInfo info = { @@ -67,12 +67,14 @@ polkit_identity_get_type (void) NULL /* value_table */ }; - iface_type = g_type_register_static (G_TYPE_INTERFACE, "PolkitIdentity", &info, 0); + GType iface_type = + g_type_register_static (G_TYPE_INTERFACE, "PolkitIdentity", &info, 0); g_type_interface_add_prerequisite (iface_type, G_TYPE_OBJECT); + g_once_init_leave (&g_define_type_id__volatile, iface_type); } - return iface_type; + return g_define_type_id__volatile; } /** diff --git a/src/polkit/polkitsubject.c b/src/polkit/polkitsubject.c index d2c4c205..aed57951 100644 --- a/src/polkit/polkitsubject.c +++ b/src/polkit/polkitsubject.c @@ -50,9 +50,9 @@ base_init (gpointer g_iface) GType polkit_subject_get_type (void) { - static GType iface_type = 0; + static volatile gsize g_define_type_id__volatile = 0; - if (iface_type == 0) + if (g_once_init_enter (&g_define_type_id__volatile)) { static const GTypeInfo info = { @@ -68,12 +68,14 @@ polkit_subject_get_type (void) NULL /* value_table */ }; - iface_type = g_type_register_static (G_TYPE_INTERFACE, "PolkitSubject", &info, 0); + GType iface_type = + g_type_register_static (G_TYPE_INTERFACE, "PolkitSubject", &info, 0); g_type_interface_add_prerequisite (iface_type, G_TYPE_OBJECT); + g_once_init_leave (&g_define_type_id__volatile, iface_type); } - return iface_type; + return g_define_type_id__volatile; } /** diff --git a/src/polkitbackend/polkitbackendactionlookup.c b/src/polkitbackend/polkitbackendactionlookup.c index 5a1a228a..20747e79 100644 --- a/src/polkitbackend/polkitbackendactionlookup.c +++ b/src/polkitbackend/polkitbackendactionlookup.c @@ -74,9 +74,9 @@ base_init (gpointer g_iface) GType polkit_backend_action_lookup_get_type (void) { - static GType iface_type = 0; + static volatile gsize g_define_type_id__volatile = 0; - if (iface_type == 0) + if (g_once_init_enter (&g_define_type_id__volatile)) { static const GTypeInfo info = { @@ -92,12 +92,14 @@ polkit_backend_action_lookup_get_type (void) NULL /* value_table */ }; - iface_type = g_type_register_static (G_TYPE_INTERFACE, "PolkitBackendActionLookup", &info, 0); + GType iface_type = + g_type_register_static (G_TYPE_INTERFACE, "PolkitBackendActionLookup", &info, 0); g_type_interface_add_prerequisite (iface_type, G_TYPE_OBJECT); + g_once_init_leave (&g_define_type_id__volatile, iface_type); } - return iface_type; + return g_define_type_id__volatile; } /** -- cgit v1.2.3 From f4815acd716874ad0016c90fe8e8e90e5bc14dc6 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Tue, 20 Aug 2013 15:15:31 -0400 Subject: polkitunixprocess: Deprecate racy APIs It's only safe for processes to be created with their owning uid, (without kernel support, which we don't have). Anything else is subject to clients exec()ing setuid binaries after the fact. Origin: upstream, 0.112, commit:08291789a1f99d4ab29c74c39344304bcca43023 Gbp-Pq: Topic 0.112 Gbp-Pq: Name 08_deprecate_racy_APIs.patch --- src/polkit/polkitunixprocess.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/polkit/polkitunixprocess.h b/src/polkit/polkitunixprocess.h index 531a57d6..f5ed1a73 100644 --- a/src/polkit/polkitunixprocess.h +++ b/src/polkit/polkitunixprocess.h @@ -47,7 +47,9 @@ typedef struct _PolkitUnixProcess PolkitUnixProcess; typedef struct _PolkitUnixProcessClass PolkitUnixProcessClass; GType polkit_unix_process_get_type (void) G_GNUC_CONST; +G_GNUC_DEPRECATED_FOR(polkit_unix_process_new_for_owner) PolkitSubject *polkit_unix_process_new (gint pid); +G_GNUC_DEPRECATED_FOR(polkit_unix_process_new_for_owner) PolkitSubject *polkit_unix_process_new_full (gint pid, guint64 start_time); PolkitSubject *polkit_unix_process_new_for_owner (gint pid, -- cgit v1.2.3 From d1c7a10e9b72c1ef986fee4c73a7f34e0561c2e1 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Mon, 19 Aug 2013 12:16:11 -0400 Subject: pkcheck: Support --process=pid,start-time,uid syntax too The uid is a new addition; this allows callers such as libvirt to close a race condition in reading the uid of the process talking to them. They can read it via getsockopt(SO_PEERCRED) or equivalent, rather than having pkcheck look at /proc later after the fact. Programs which invoke pkcheck but need to know beforehand (i.e. at compile time) whether or not it supports passing the uid can use: pkcheck_supports_uid=$($PKG_CONFIG --variable pkcheck_supports_uid polkit-gobject-1) test x$pkcheck_supports_uid = xyes Origin: upstream, 0.112, commit:3968411b0c7ba193f9b9276ec911692aec248608 Gbp-Pq: Topic 0.112 Gbp-Pq: Name cve-2013-4288.patch --- data/polkit-gobject-1.pc.in | 3 +++ docs/man/pkcheck.xml | 29 ++++++++++++++++++++--------- src/programs/pkcheck.c | 7 ++++++- 3 files changed, 29 insertions(+), 10 deletions(-) diff --git a/data/polkit-gobject-1.pc.in b/data/polkit-gobject-1.pc.in index c39677dd..5c4c6207 100644 --- a/data/polkit-gobject-1.pc.in +++ b/data/polkit-gobject-1.pc.in @@ -11,3 +11,6 @@ Version: @VERSION@ Libs: -L${libdir} -lpolkit-gobject-1 Cflags: -I${includedir}/polkit-1 Requires: gio-2.0 >= 2.18 glib-2.0 >= 2.18 +# Programs using pkcheck can use this to determine +# whether or not it can be passed a uid. +pkcheck_supports_uid=true diff --git a/docs/man/pkcheck.xml b/docs/man/pkcheck.xml index 6b8a8743..508447e2 100644 --- a/docs/man/pkcheck.xml +++ b/docs/man/pkcheck.xml @@ -55,6 +55,9 @@ pid,pid-start-time + + pid,pid-start-time,uid + @@ -90,7 +93,7 @@ DESCRIPTION pkcheck is used to check whether a process, specified by - either or , + either (see below) or , is authorized for action. The option can be used zero or more times to pass details about action. If is passed, pkcheck blocks @@ -160,17 +163,25 @@ KEY3=VALUE3 NOTES - Since process identifiers can be recycled, the caller should always use - pid,pid-start-time to specify the process - to check for authorization when using the option. - The value of pid-start-time - can be determined by consulting e.g. the + Do not use either the bare pid or + pid,start-time syntax forms for + . There are race conditions in both. + New code should always use + pid,pid-start-time,uid. The value of + start-time can be determined by + consulting e.g. the proc5 - file system depending on the operating system. If only pid - is passed to the option, then pkcheck - will look up the start time itself but note that this may be racy. + file system depending on the operating system. If fewer than 3 + arguments are passed, pkcheck will attempt to + look up them up internally, but note that this may be racy. + + + If your program is a daemon with e.g. a custom Unix domain + socket, you should determine the uid + parameter via operating system mechanisms such as + PEERCRED. diff --git a/src/programs/pkcheck.c b/src/programs/pkcheck.c index 719a36c4..057e926d 100644 --- a/src/programs/pkcheck.c +++ b/src/programs/pkcheck.c @@ -372,6 +372,7 @@ main (int argc, char *argv[]) else if (g_strcmp0 (argv[n], "--process") == 0 || g_strcmp0 (argv[n], "-p") == 0) { gint pid; + guint uid; guint64 pid_start_time; n++; @@ -381,7 +382,11 @@ main (int argc, char *argv[]) goto out; } - if (sscanf (argv[n], "%i,%" G_GUINT64_FORMAT, &pid, &pid_start_time) == 2) + if (sscanf (argv[n], "%i,%" G_GUINT64_FORMAT ",%u", &pid, &pid_start_time, &uid) == 3) + { + subject = polkit_unix_process_new_for_owner (pid, pid_start_time, uid); + } + else if (sscanf (argv[n], "%i,%" G_GUINT64_FORMAT, &pid, &pid_start_time) == 2) { subject = polkit_unix_process_new_full (pid, pid_start_time); } -- cgit v1.2.3 From 3a129a2795123c30bae6e07c8bd9c117cc941b66 Mon Sep 17 00:00:00 2001 From: Rui Matos Date: Thu, 2 Mar 2017 14:50:31 +0100 Subject: polkitpermission: Fix a memory leak on authority changes Signed-off-by: Rui Matos Bug: https://bugs.freedesktop.org/show_bug.cgi?id=99741 Origin: upstream, 0.114, commit:df6488c0a5b2a6c7a2d4f6a55008263635c5571b Gbp-Pq: Topic 0.114 Gbp-Pq: Name polkitpermission-Fix-a-memory-leak-on-authority-changes.patch --- src/polkit/polkitpermission.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/polkit/polkitpermission.c b/src/polkit/polkitpermission.c index 22d195fc..be794cb3 100644 --- a/src/polkit/polkitpermission.c +++ b/src/polkit/polkitpermission.c @@ -454,6 +454,7 @@ changed_check_cb (GObject *source_object, if (result != NULL) { process_result (permission, result); + g_object_unref (result); } else { -- cgit v1.2.3 From b6baf954509f9e2a2b1b43d2c11d409cf496e402 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Sat, 9 Nov 2013 13:48:21 -0500 Subject: Port internals non-deprecated PolkitProcess API where possible We can't port everything, but in PolkitPermission and these test cases, we can use _for_owner() with the right information. [smcv: drop the part that touches test/polkitbackend/test-polkitbackendjsauthority.c which is not in this branch] Origin: upstream, 0.113, commit:6d3d0a8ffb0fd8ae59eb35593b305ec87da8858d Gbp-Pq: Topic 0.113 Gbp-Pq: Name Port-internals-non-deprecated-PolkitProcess-API-wher.patch --- src/polkit/polkitpermission.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/polkit/polkitpermission.c b/src/polkit/polkitpermission.c index be794cb3..f264094d 100644 --- a/src/polkit/polkitpermission.c +++ b/src/polkit/polkitpermission.c @@ -122,7 +122,7 @@ polkit_permission_constructed (GObject *object) PolkitPermission *permission = POLKIT_PERMISSION (object); if (permission->subject == NULL) - permission->subject = polkit_unix_process_new (getpid ()); + permission->subject = polkit_unix_process_new_for_owner (getpid (), 0, getuid ()); if (G_OBJECT_CLASS (polkit_permission_parent_class)->constructed != NULL) G_OBJECT_CLASS (polkit_permission_parent_class)->constructed (object); -- cgit v1.2.3 From d4a9efd20be3631f23d7ea1cb27caf87925cbae8 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Thu, 21 Nov 2013 17:39:37 -0500 Subject: pkexec: Work around systemd injecting broken XDG_RUNTIME_DIR This workaround isn't too much code, and it's often better to fix bugs in two places anyways. For more information: See https://bugzilla.redhat.com/show_bug.cgi?id=753882 See http://lists.freedesktop.org/archives/systemd-devel/2013-November/014370.html Origin: upstream, 0.113, commit:8635ffc16aeff6a07d675f861fe0dea03ea81d7e Gbp-Pq: Topic 0.113 Gbp-Pq: Name pkexec-Work-around-systemd-injecting-broken-XDG_RUNT.patch --- src/programs/pkexec.c | 33 ++++++++++++++++++++++++++++++--- 1 file changed, 30 insertions(+), 3 deletions(-) diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c index 9a0570a3..5e990443 100644 --- a/src/programs/pkexec.c +++ b/src/programs/pkexec.c @@ -139,8 +139,22 @@ pam_conversation_function (int n, return PAM_CONV_ERR; } +/* A work around for: + * https://bugzilla.redhat.com/show_bug.cgi?id=753882 + */ +static gboolean +xdg_runtime_dir_is_owned_by (const char *path, + uid_t target_uid) +{ + struct stat stbuf; + + return stat (path, &stbuf) == 0 && + stbuf.st_uid == target_uid; +} + static gboolean -open_session (const gchar *user_to_auth) +open_session (const gchar *user_to_auth, + uid_t target_uid) { gboolean ret; gint rc; @@ -182,7 +196,19 @@ open_session (const gchar *user_to_auth) { guint n; for (n = 0; envlist[n]; n++) - putenv (envlist[n]); + { + const char *envitem = envlist[n]; + + if (g_str_has_prefix (envitem, "XDG_RUNTIME_DIR=")) + { + const char *eq = strchr (envitem, '='); + g_assert (eq); + if (!xdg_runtime_dir_is_owned_by (eq + 1, target_uid)) + continue; + } + + putenv (envlist[n]); + } free (envlist); } @@ -892,7 +918,8 @@ main (int argc, char *argv[]) * As evident above, neither su(1) (and, for that matter, nor sudo(8)) does this. */ #ifdef POLKIT_AUTHFW_PAM - if (!open_session (pw->pw_name)) + if (!open_session (pw->pw_name, + pw->pw_uid)) { goto out; } -- cgit v1.2.3 From 10a6a071f115caa23df6980813fe9b2586de01fb Mon Sep 17 00:00:00 2001 From: Rui Matos Date: Thu, 6 Feb 2014 18:41:18 +0100 Subject: PolkitAgentSession: fix race between child and io watches The helper flushes and fdatasyncs stdout and stderr before terminating but this doesn't guarantee that our io watch is called before our child watch. This means that we can end up with a successful return from the helper which we still report as a failure. If we add G_IO_HUP and G_IO_ERR to the conditions we look for in the io watch and the child terminates we still run the io watch handler which will complete the session. This means that the child watch is in fact needless and we can remove it. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=60847 Origin: upstream, 0.113, commit:7650ad1e08ab13bdb461783c4995d186d9392840 Bug: http://bugs.freedesktop.org/show_bug.cgi?id=30515 Bug-Ubuntu: https://launchpad.net/bugs/649939 Bug-Ubuntu: https://launchpad.net/bugs/445303 Gbp-Pq: Topic 0.113 Gbp-Pq: Name 03_PolkitAgentSession-fix-race-between-child-and-io-wat.patch --- src/polkitagent/polkitagentsession.c | 47 +++++++++--------------------------- 1 file changed, 11 insertions(+), 36 deletions(-) diff --git a/src/polkitagent/polkitagentsession.c b/src/polkitagent/polkitagentsession.c index 8129cd9f..a658a229 100644 --- a/src/polkitagent/polkitagentsession.c +++ b/src/polkitagent/polkitagentsession.c @@ -92,7 +92,6 @@ struct _PolkitAgentSession int child_stdout; GPid child_pid; - GSource *child_watch_source; GSource *child_stdout_watch_source; GIOChannel *child_stdout_channel; @@ -377,13 +376,6 @@ kill_helper (PolkitAgentSession *session) session->child_pid = 0; } - if (session->child_watch_source != NULL) - { - g_source_destroy (session->child_watch_source); - g_source_unref (session->child_watch_source); - session->child_watch_source = NULL; - } - if (session->child_stdout_watch_source != NULL) { g_source_destroy (session->child_stdout_watch_source); @@ -429,26 +421,6 @@ complete_session (PolkitAgentSession *session, } } -static void -child_watch_func (GPid pid, - gint status, - gpointer user_data) -{ - PolkitAgentSession *session = POLKIT_AGENT_SESSION (user_data); - - if (G_UNLIKELY (_show_debug ())) - { - g_print ("PolkitAgentSession: in child_watch_func for pid %d (WIFEXITED=%d WEXITSTATUS=%d)\n", - (gint) pid, - WIFEXITED(status), - WEXITSTATUS(status)); - } - - /* kill all the watches we have set up, except for the child since it has exited already */ - session->child_pid = 0; - complete_session (session, FALSE); -} - static gboolean io_watch_have_data (GIOChannel *channel, GIOCondition condition, @@ -475,10 +447,13 @@ io_watch_have_data (GIOChannel *channel, NULL, NULL, &error); - if (error != NULL) + if (error != NULL || line == NULL) { - g_warning ("Error reading line from helper: %s", error->message); - g_error_free (error); + /* In case we get just G_IO_HUP, line is NULL but error is + unset.*/ + g_warning ("Error reading line from helper: %s", + error ? error->message : "nothing to read"); + g_clear_error (&error); complete_session (session, FALSE); goto out; @@ -540,6 +515,9 @@ io_watch_have_data (GIOChannel *channel, g_free (line); g_free (unescaped); + if (condition & (G_IO_ERR | G_IO_HUP)) + complete_session (session, FALSE); + /* keep the IOChannel around */ return TRUE; } @@ -650,12 +628,9 @@ polkit_agent_session_initiate (PolkitAgentSession *session) if (G_UNLIKELY (_show_debug ())) g_print ("PolkitAgentSession: spawned helper with pid %d\n", (gint) session->child_pid); - session->child_watch_source = g_child_watch_source_new (session->child_pid); - g_source_set_callback (session->child_watch_source, (GSourceFunc) child_watch_func, session, NULL); - g_source_attach (session->child_watch_source, g_main_context_get_thread_default ()); - session->child_stdout_channel = g_io_channel_unix_new (session->child_stdout); - session->child_stdout_watch_source = g_io_create_watch (session->child_stdout_channel, G_IO_IN); + session->child_stdout_watch_source = g_io_create_watch (session->child_stdout_channel, + G_IO_IN | G_IO_ERR | G_IO_HUP); g_source_set_callback (session->child_stdout_watch_source, (GSourceFunc) io_watch_have_data, session, NULL); g_source_attach (session->child_stdout_watch_source, g_main_context_get_thread_default ()); -- cgit v1.2.3 From 2563521710b69fbf762e8216f393afb82da12ee8 Mon Sep 17 00:00:00 2001 From: Lukasz Skalski Date: Tue, 22 Apr 2014 11:11:20 +0200 Subject: polkitd: Fix problem with removing non-existent source Bug: https://bugs.freedesktop.org/show_bug.cgi?id=77167 Applied-upstream: 0.113, commit:3ca4e00c7e003ea80aa96b499bc7cd83246d7108 Gbp-Pq: Topic 0.113 Gbp-Pq: Name polkitd-Fix-problem-with-removing-non-existent-sourc.patch --- src/polkitd/main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/polkitd/main.c b/src/polkitd/main.c index b21723f6..f18fb917 100644 --- a/src/polkitd/main.c +++ b/src/polkitd/main.c @@ -93,7 +93,7 @@ on_sigint (gpointer user_data) { g_print ("Handling SIGINT\n"); g_main_loop_quit (loop); - return FALSE; + return TRUE; } int -- cgit v1.2.3 From 8c37329e3e4d5615647c1ac4f0906ced357f442c Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Wed, 21 Aug 2013 12:23:55 -0400 Subject: PolkitSystemBusName: Add public API to retrieve Unix user And change the duplicated code in the backend session monitors to use it. This just a code cleanup resulting from review after CVE-2013-4288. There's no security impact from this patch, it just removes duplicated code. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=69538 Origin: upstream, 0.113, commit:904d8404d93dec45fce3b719eb1a626acc6b8a73 Gbp-Pq: Topic 0.113 Gbp-Pq: Name PolkitSystemBusName-Add-public-API-to-retrieve-Unix-.patch --- src/polkit/polkitsystembusname.c | 56 ++++++++++++++++++++++ src/polkit/polkitsystembusname.h | 4 ++ .../polkitbackendsessionmonitor-systemd.c | 20 +------- src/polkitbackend/polkitbackendsessionmonitor.c | 20 +------- 4 files changed, 62 insertions(+), 38 deletions(-) diff --git a/src/polkit/polkitsystembusname.c b/src/polkit/polkitsystembusname.c index 2a297c4a..51e4a694 100644 --- a/src/polkit/polkitsystembusname.c +++ b/src/polkit/polkitsystembusname.c @@ -25,6 +25,7 @@ #include #include "polkitsystembusname.h" +#include "polkitunixuser.h" #include "polkitsubject.h" #include "polkitprivate.h" @@ -396,3 +397,58 @@ polkit_system_bus_name_get_process_sync (PolkitSystemBusName *system_bus_name, return ret; } +/** + * polkit_system_bus_name_get_user_sync: + * @system_bus_name: A #PolkitSystemBusName. + * @cancellable: (allow-none): A #GCancellable or %NULL. + * @error: (allow-none): Return location for error or %NULL. + * + * Synchronously gets a #PolkitUnixUser object for @system_bus_name; + * the calling thread is blocked until a reply is received. + * + * Returns: (allow-none) (transfer full): A #PolkitUnixUser object or %NULL if @error is set. + **/ +PolkitUnixUser * +polkit_system_bus_name_get_user_sync (PolkitSystemBusName *system_bus_name, + GCancellable *cancellable, + GError **error) +{ + GDBusConnection *connection; + PolkitUnixUser *ret; + GVariant *result; + guint32 uid; + + g_return_val_if_fail (POLKIT_IS_SYSTEM_BUS_NAME (system_bus_name), NULL); + g_return_val_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable), NULL); + g_return_val_if_fail (error == NULL || *error == NULL, NULL); + + ret = NULL; + + connection = g_bus_get_sync (G_BUS_TYPE_SYSTEM, cancellable, error); + if (connection == NULL) + goto out; + + result = g_dbus_connection_call_sync (connection, + "org.freedesktop.DBus", /* name */ + "/org/freedesktop/DBus", /* object path */ + "org.freedesktop.DBus", /* interface name */ + "GetConnectionUnixUser", /* method */ + g_variant_new ("(s)", system_bus_name->name), + G_VARIANT_TYPE ("(u)"), + G_DBUS_CALL_FLAGS_NONE, + -1, + cancellable, + error); + if (result == NULL) + goto out; + + g_variant_get (result, "(u)", &uid); + g_variant_unref (result); + + ret = (PolkitUnixUser*)polkit_unix_user_new (uid); + + out: + if (connection != NULL) + g_object_unref (connection); + return ret; +} diff --git a/src/polkit/polkitsystembusname.h b/src/polkit/polkitsystembusname.h index 1fc464fc..38d31f71 100644 --- a/src/polkit/polkitsystembusname.h +++ b/src/polkit/polkitsystembusname.h @@ -56,6 +56,10 @@ PolkitSubject *polkit_system_bus_name_get_process_sync (PolkitSystemBusName GCancellable *cancellable, GError **error); +PolkitUnixUser * polkit_system_bus_name_get_user_sync (PolkitSystemBusName *system_bus_name, + GCancellable *cancellable, + GError **error); + G_END_DECLS #endif /* __POLKIT_SYSTEM_BUS_NAME_H */ diff --git a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c index 58593c32..01853105 100644 --- a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c +++ b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c @@ -277,25 +277,7 @@ polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor } else if (POLKIT_IS_SYSTEM_BUS_NAME (subject)) { - GVariant *result; - - result = g_dbus_connection_call_sync (monitor->system_bus, - "org.freedesktop.DBus", - "/org/freedesktop/DBus", - "org.freedesktop.DBus", - "GetConnectionUnixUser", - g_variant_new ("(s)", polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (subject))), - G_VARIANT_TYPE ("(u)"), - G_DBUS_CALL_FLAGS_NONE, - -1, /* timeout_msec */ - NULL, /* GCancellable */ - error); - if (result == NULL) - goto out; - g_variant_get (result, "(u)", &uid); - g_variant_unref (result); - - ret = polkit_unix_user_new (uid); + ret = (PolkitIdentity*)polkit_system_bus_name_get_user_sync (POLKIT_SYSTEM_BUS_NAME (subject), NULL, error); } else if (POLKIT_IS_UNIX_SESSION (subject)) { diff --git a/src/polkitbackend/polkitbackendsessionmonitor.c b/src/polkitbackend/polkitbackendsessionmonitor.c index 9c331b64..4075d3ff 100644 --- a/src/polkitbackend/polkitbackendsessionmonitor.c +++ b/src/polkitbackend/polkitbackendsessionmonitor.c @@ -306,25 +306,7 @@ polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor } else if (POLKIT_IS_SYSTEM_BUS_NAME (subject)) { - GVariant *result; - - result = g_dbus_connection_call_sync (monitor->system_bus, - "org.freedesktop.DBus", - "/org/freedesktop/DBus", - "org.freedesktop.DBus", - "GetConnectionUnixUser", - g_variant_new ("(s)", polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (subject))), - G_VARIANT_TYPE ("(u)"), - G_DBUS_CALL_FLAGS_NONE, - -1, /* timeout_msec */ - NULL, /* GCancellable */ - error); - if (result == NULL) - goto out; - g_variant_get (result, "(u)", &uid); - g_variant_unref (result); - - ret = polkit_unix_user_new (uid); + ret = (PolkitIdentity*)polkit_system_bus_name_get_user_sync (POLKIT_SYSTEM_BUS_NAME (subject)); } else if (POLKIT_IS_UNIX_SESSION (subject)) { -- cgit v1.2.3 From 5d7cc9abf3fc9eff18153de8b228fb68fb51820c Mon Sep 17 00:00:00 2001 From: Xabier Rodriguez Calvar Date: Sun, 10 Nov 2013 19:16:41 +0100 Subject: Fixed compilation problem in the backend Origin: upstream, 0.113, commit: dbbb7dc60abdd970af0a8fae404484181fa909c9 Bug-Debian: https://bugs.debian.org/798769 Gbp-Pq: Topic 0.113 Gbp-Pq: Name Fixed-compilation-problem-in-the-backend.patch --- src/polkitbackend/polkitbackendsessionmonitor.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/polkitbackend/polkitbackendsessionmonitor.c b/src/polkitbackend/polkitbackendsessionmonitor.c index 4075d3ff..05f51c58 100644 --- a/src/polkitbackend/polkitbackendsessionmonitor.c +++ b/src/polkitbackend/polkitbackendsessionmonitor.c @@ -306,7 +306,7 @@ polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor } else if (POLKIT_IS_SYSTEM_BUS_NAME (subject)) { - ret = (PolkitIdentity*)polkit_system_bus_name_get_user_sync (POLKIT_SYSTEM_BUS_NAME (subject)); + ret = (PolkitIdentity*)polkit_system_bus_name_get_user_sync (POLKIT_SYSTEM_BUS_NAME (subject), NULL, NULL); } else if (POLKIT_IS_UNIX_SESSION (subject)) { -- cgit v1.2.3 From b7ddadaec39bee49aaf1b94f922250f52e9e2bce Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Mon, 11 Nov 2013 23:51:23 +0100 Subject: Don't discard error data returned by polkit_system_bus_name_get_user_sync Bug: https://bugs.freedesktop.org/show_bug.cgi?id=71458 Origin: upstream, 0.113, commit: 145d43b9c891f248ad68ebe597cb151a865bdb3a Bug-Debian: https://bugs.debian.org/798769 Gbp-Pq: Topic 0.113 Gbp-Pq: Name Don-t-discard-error-data-returned-by-polkit_system_b.patch --- src/polkitbackend/polkitbackendsessionmonitor.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/polkitbackend/polkitbackendsessionmonitor.c b/src/polkitbackend/polkitbackendsessionmonitor.c index 05f51c58..e1a9ab3a 100644 --- a/src/polkitbackend/polkitbackendsessionmonitor.c +++ b/src/polkitbackend/polkitbackendsessionmonitor.c @@ -306,7 +306,7 @@ polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor } else if (POLKIT_IS_SYSTEM_BUS_NAME (subject)) { - ret = (PolkitIdentity*)polkit_system_bus_name_get_user_sync (POLKIT_SYSTEM_BUS_NAME (subject), NULL, NULL); + ret = (PolkitIdentity*)polkit_system_bus_name_get_user_sync (POLKIT_SYSTEM_BUS_NAME (subject), NULL, error); } else if (POLKIT_IS_UNIX_SESSION (subject)) { -- cgit v1.2.3 From 050ef0969d0832aee137a72416979a153e287120 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Thu, 7 Nov 2013 15:57:50 -0500 Subject: sessionmonitor-systemd: Deduplicate code paths We had the code to go from pid -> session duplicated. If we have a PolkitSystemBusName, convert it to a PolkitUnixProcess. Then we can do PolkitUnixProcess -> pid -> session in one place. This is just a code cleanup. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=69538 Origin: upstream, 0.113, commit:26d0c0578211fb96fc8fe75572aa11ad6ecbf9b8 Gbp-Pq: Topic 0.113 Gbp-Pq: Name sessionmonitor-systemd-Deduplicate-code-paths.patch --- .../polkitbackendsessionmonitor-systemd.c | 63 ++++++++-------------- 1 file changed, 22 insertions(+), 41 deletions(-) diff --git a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c index 01853105..756b728a 100644 --- a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c +++ b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c @@ -313,61 +313,42 @@ polkit_backend_session_monitor_get_session_for_subject (PolkitBackendSessionMoni PolkitSubject *subject, GError **error) { - PolkitSubject *session; - - session = NULL; + PolkitUnixProcess *tmp_process = NULL; + PolkitUnixProcess *process = NULL; + PolkitSubject *session = NULL; + char *session_id = NULL; + pid_t pid; if (POLKIT_IS_UNIX_PROCESS (subject)) - { - gchar *session_id; - pid_t pid; - - pid = polkit_unix_process_get_pid (POLKIT_UNIX_PROCESS (subject)); - if (sd_pid_get_session (pid, &session_id) < 0) - goto out; - - session = polkit_unix_session_new (session_id); - free (session_id); - } + process = POLKIT_UNIX_PROCESS (subject); /* We already have a process */ else if (POLKIT_IS_SYSTEM_BUS_NAME (subject)) { - guint32 pid; - gchar *session_id; - GVariant *result; - - result = g_dbus_connection_call_sync (monitor->system_bus, - "org.freedesktop.DBus", - "/org/freedesktop/DBus", - "org.freedesktop.DBus", - "GetConnectionUnixProcessID", - g_variant_new ("(s)", polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (subject))), - G_VARIANT_TYPE ("(u)"), - G_DBUS_CALL_FLAGS_NONE, - -1, /* timeout_msec */ - NULL, /* GCancellable */ - error); - if (result == NULL) - goto out; - g_variant_get (result, "(u)", &pid); - g_variant_unref (result); - - if (sd_pid_get_session (pid, &session_id) < 0) - goto out; - - session = polkit_unix_session_new (session_id); - free (session_id); + /* Convert bus name to process */ + tmp_process = (PolkitUnixProcess*)polkit_system_bus_name_get_process_sync (POLKIT_SYSTEM_BUS_NAME (subject), NULL, error); + if (!tmp_process) + goto out; + process = tmp_process; } else { g_set_error (error, POLKIT_ERROR, POLKIT_ERROR_NOT_SUPPORTED, - "Cannot get user for subject of type %s", + "Cannot get session for subject of type %s", g_type_name (G_TYPE_FROM_INSTANCE (subject))); } - out: + /* Now do process -> pid -> session */ + g_assert (process != NULL); + pid = polkit_unix_process_get_pid (process); + if (sd_pid_get_session (pid, &session_id) < 0) + goto out; + + session = polkit_unix_session_new (session_id); + free (session_id); + out: + if (tmp_process) g_object_unref (tmp_process); return session; } -- cgit v1.2.3 From 94ab71405eaa51e3a8cb4065b364b1e57bd72c52 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Sat, 9 Nov 2013 09:32:52 -0500 Subject: PolkitSystemBusName: Retrieve both pid and uid For polkit_system_bus_name_get_process_sync(), as pointed out by Miloslav Trmac, we can securely retrieve the owner uid as well from the system bus, rather than (racily) looking it up internally. This avoids use of a deprecated API. However, this is not a security fix because nothing in the polkit codebase itself actually retrieves the uid from the result of this API call. But, it might be useful in the future. Origin: upstream, 0.113, commit:bfa5036bfb93582c5a87c44b847957479d911e38 Gbp-Pq: Topic 0.113 Gbp-Pq: Name PolkitSystemBusName-Retrieve-both-pid-and-uid.patch --- src/polkit/polkitsystembusname.c | 171 +++++++++++++++++++++++++++------------ 1 file changed, 118 insertions(+), 53 deletions(-) diff --git a/src/polkit/polkitsystembusname.c b/src/polkit/polkitsystembusname.c index 51e4a694..8daa12cb 100644 --- a/src/polkit/polkitsystembusname.c +++ b/src/polkit/polkitsystembusname.c @@ -341,6 +341,116 @@ subject_iface_init (PolkitSubjectIface *subject_iface) /* ---------------------------------------------------------------------------------------------------- */ +typedef struct { + GError **error; + guint retrieved_uid : 1; + guint retrieved_pid : 1; + guint caught_error : 1; + + guint32 uid; + guint32 pid; +} AsyncGetBusNameCredsData; + +static void +on_retrieved_unix_uid_pid (GObject *src, + GAsyncResult *res, + gpointer user_data) +{ + AsyncGetBusNameCredsData *data = user_data; + GVariant *v; + + v = g_dbus_connection_call_finish ((GDBusConnection*)src, res, + data->caught_error ? NULL : data->error); + if (!v) + { + data->caught_error = TRUE; + } + else + { + guint32 value; + g_variant_get (v, "(u)", &value); + g_variant_unref (v); + if (!data->retrieved_uid) + { + data->retrieved_uid = TRUE; + data->uid = value; + } + else + { + g_assert (!data->retrieved_pid); + data->retrieved_pid = TRUE; + data->pid = value; + } + } +} + +static gboolean +polkit_system_bus_name_get_creds_sync (PolkitSystemBusName *system_bus_name, + guint32 *out_uid, + guint32 *out_pid, + GCancellable *cancellable, + GError **error) +{ + gboolean ret = FALSE; + AsyncGetBusNameCredsData data = { 0, }; + GDBusConnection *connection = NULL; + GMainContext *tmp_context = NULL; + + connection = g_bus_get_sync (G_BUS_TYPE_SYSTEM, cancellable, error); + if (connection == NULL) + goto out; + + data.error = error; + + tmp_context = g_main_context_new (); + g_main_context_push_thread_default (tmp_context); + + /* Do two async calls as it's basically as fast as one sync call. + */ + g_dbus_connection_call (connection, + "org.freedesktop.DBus", /* name */ + "/org/freedesktop/DBus", /* object path */ + "org.freedesktop.DBus", /* interface name */ + "GetConnectionUnixUser", /* method */ + g_variant_new ("(s)", system_bus_name->name), + G_VARIANT_TYPE ("(u)"), + G_DBUS_CALL_FLAGS_NONE, + -1, + cancellable, + on_retrieved_unix_uid_pid, + &data); + g_dbus_connection_call (connection, + "org.freedesktop.DBus", /* name */ + "/org/freedesktop/DBus", /* object path */ + "org.freedesktop.DBus", /* interface name */ + "GetConnectionUnixProcessID", /* method */ + g_variant_new ("(s)", system_bus_name->name), + G_VARIANT_TYPE ("(u)"), + G_DBUS_CALL_FLAGS_NONE, + -1, + cancellable, + on_retrieved_unix_uid_pid, + &data); + + while (!((data.retrieved_uid && data.retrieved_pid) || data.caught_error)) + g_main_context_iteration (tmp_context, TRUE); + + if (out_uid) + *out_uid = data.uid; + if (out_pid) + *out_pid = data.pid; + ret = TRUE; + out: + if (tmp_context) + { + g_main_context_pop_thread_default (tmp_context); + g_main_context_unref (tmp_context); + } + if (connection != NULL) + g_object_unref (connection); + return ret; +} + /** * polkit_system_bus_name_get_process_sync: * @system_bus_name: A #PolkitSystemBusName. @@ -357,43 +467,21 @@ polkit_system_bus_name_get_process_sync (PolkitSystemBusName *system_bus_name, GCancellable *cancellable, GError **error) { - GDBusConnection *connection; - PolkitSubject *ret; - GVariant *result; + PolkitSubject *ret = NULL; guint32 pid; + guint32 uid; g_return_val_if_fail (POLKIT_IS_SYSTEM_BUS_NAME (system_bus_name), NULL); g_return_val_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable), NULL); g_return_val_if_fail (error == NULL || *error == NULL, NULL); - ret = NULL; - - connection = g_bus_get_sync (G_BUS_TYPE_SYSTEM, cancellable, error); - if (connection == NULL) + if (!polkit_system_bus_name_get_creds_sync (system_bus_name, &uid, &pid, + cancellable, error)) goto out; - result = g_dbus_connection_call_sync (connection, - "org.freedesktop.DBus", /* name */ - "/org/freedesktop/DBus", /* object path */ - "org.freedesktop.DBus", /* interface name */ - "GetConnectionUnixProcessID", /* method */ - g_variant_new ("(s)", system_bus_name->name), - G_VARIANT_TYPE ("(u)"), - G_DBUS_CALL_FLAGS_NONE, - -1, - cancellable, - error); - if (result == NULL) - goto out; - - g_variant_get (result, "(u)", &pid); - g_variant_unref (result); - - ret = polkit_unix_process_new (pid); + ret = polkit_unix_process_new_for_owner (pid, 0, uid); out: - if (connection != NULL) - g_object_unref (connection); return ret; } @@ -413,42 +501,19 @@ polkit_system_bus_name_get_user_sync (PolkitSystemBusName *system_bus_name, GCancellable *cancellable, GError **error) { - GDBusConnection *connection; - PolkitUnixUser *ret; - GVariant *result; + PolkitUnixUser *ret = NULL; guint32 uid; g_return_val_if_fail (POLKIT_IS_SYSTEM_BUS_NAME (system_bus_name), NULL); g_return_val_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable), NULL); g_return_val_if_fail (error == NULL || *error == NULL, NULL); - ret = NULL; - - connection = g_bus_get_sync (G_BUS_TYPE_SYSTEM, cancellable, error); - if (connection == NULL) - goto out; - - result = g_dbus_connection_call_sync (connection, - "org.freedesktop.DBus", /* name */ - "/org/freedesktop/DBus", /* object path */ - "org.freedesktop.DBus", /* interface name */ - "GetConnectionUnixUser", /* method */ - g_variant_new ("(s)", system_bus_name->name), - G_VARIANT_TYPE ("(u)"), - G_DBUS_CALL_FLAGS_NONE, - -1, - cancellable, - error); - if (result == NULL) + if (!polkit_system_bus_name_get_creds_sync (system_bus_name, &uid, NULL, + cancellable, error)) goto out; - g_variant_get (result, "(u)", &uid); - g_variant_unref (result); - ret = (PolkitUnixUser*)polkit_unix_user_new (uid); out: - if (connection != NULL) - g_object_unref (connection); return ret; } -- cgit v1.2.3 From ce22acd6b62236c79eca7ff68474bee328beb1f5 Mon Sep 17 00:00:00 2001 From: Kay Sievers Date: Mon, 19 May 2014 10:19:49 +0900 Subject: sessionmonitor-systemd: prepare for D-Bus "user bus" model In the D-Bus "user bus" model, all sessions of a user share the same D-Bus instance, a polkit requesting process might live outside the login session which registered the user's polkit agent. In case a polkit requesting process is not part of the user's login session, we ask systemd-logind for the user's "display" session instead. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=78905 Bug-Debian: https://bugs.debian.org/779988 Applied-upstream: 0.113, commit:a68f5dfd7662767b7b9822090b70bc5bd145c50c [smcv: backport configure.ac changes; fail with #error if the required API is not found] Gbp-Pq: Topic 0.113 Gbp-Pq: Name sessionmonitor-systemd-prepare-for-D-Bus-user-bus-mo.patch --- configure.ac | 4 +++ .../polkitbackendsessionmonitor-systemd.c | 29 ++++++++++++++++++---- 2 files changed, 28 insertions(+), 5 deletions(-) diff --git a/configure.ac b/configure.ac index f4a0c417..aa2760f9 100644 --- a/configure.ac +++ b/configure.ac @@ -165,6 +165,10 @@ if test "$enable_systemd" != "no"; then have_systemd=no) if test "$have_systemd" = "yes"; then SESSION_TRACKING=systemd + save_LIBS=$LIBS + LIBS=$SYSTEMD_LIBS + AC_CHECK_FUNCS(sd_uid_get_display) + LIBS=$save_LIBS else if test "$enable_systemd" = "yes"; then AC_MSG_ERROR([systemd support requested but libsystemd-login1 library not found]) diff --git a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c index 756b728a..ebd05cea 100644 --- a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c +++ b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c @@ -318,6 +318,9 @@ polkit_backend_session_monitor_get_session_for_subject (PolkitBackendSessionMoni PolkitSubject *session = NULL; char *session_id = NULL; pid_t pid; +#if HAVE_SD_UID_GET_DISPLAY + uid_t uid; +#endif if (POLKIT_IS_UNIX_PROCESS (subject)) process = POLKIT_UNIX_PROCESS (subject); /* We already have a process */ @@ -338,16 +341,32 @@ polkit_backend_session_monitor_get_session_for_subject (PolkitBackendSessionMoni g_type_name (G_TYPE_FROM_INSTANCE (subject))); } - /* Now do process -> pid -> session */ + /* Now do process -> pid -> same session */ g_assert (process != NULL); pid = polkit_unix_process_get_pid (process); - if (sd_pid_get_session (pid, &session_id) < 0) + if (sd_pid_get_session (pid, &session_id) >= 0) + { + session = polkit_unix_session_new (session_id); + goto out; + } + +#if HAVE_SD_UID_GET_DISPLAY + /* Now do process -> uid -> graphical session (systemd version 213)*/ + if (sd_pid_get_owner_uid (pid, &uid) < 0) goto out; - - session = polkit_unix_session_new (session_id); - free (session_id); + + if (sd_uid_get_display (uid, &session_id) >= 0) + { + session = polkit_unix_session_new (session_id); + goto out; + } +#else +#error Debian should have sd_uid_get_display() +#endif + out: + free (session_id); if (tmp_process) g_object_unref (tmp_process); return session; } -- cgit v1.2.3 From fc216a2bf496555d776aff3fbe31e767f2f6369e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Tue, 26 Aug 2014 17:59:47 +0200 Subject: Refuse duplicate --user arguments to pkexec This usage is clearly erroneous, so we should tell the users they are making a mistake. Besides, this allows an attacker to cause a high number of heap allocations with attacker-controlled sizes ( http://googleprojectzero.blogspot.cz/2014/08/the-poisoned-nul-byte-2014-edition.html ), making some exploits easier. (To be clear, this is not a pkexec vulnerability, and we will not refuse attacker-affected malloc() usage as a matter of policy; but this commit is both user-friendly and adding some hardening.) Bug: https://bugs.freedesktop.org/show_bug.cgi?id=83093 Origin: upstream, 0.113, commit:6c992bc8aefa195a41eaa41c07f46f17de18e25c Gbp-Pq: Topic 0.113 Gbp-Pq: Name Refuse-duplicate-user-arguments-to-pkexec.patch --- src/programs/pkexec.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c index 5e990443..abc660df 100644 --- a/src/programs/pkexec.c +++ b/src/programs/pkexec.c @@ -533,6 +533,11 @@ main (int argc, char *argv[]) goto out; } + if (opt_user != NULL) + { + g_printerr ("--user specified twice\n"); + goto out; + } opt_user = g_strdup (argv[n]); } else if (strcmp (argv[n], "--disable-internal-agent") == 0) -- cgit v1.2.3 From 0e4cc517278c3890570e1951b77ca749f547e605 Mon Sep 17 00:00:00 2001 From: "Max A. Dednev" Date: Sun, 11 Jan 2015 20:00:44 -0500 Subject: authority: Fix memory leak in EnumerateActions call results handler Policykit-1 doesn't release reference counters of GVariant data for org.freedesktop.PolicyKit1.Authority.EnumerateActions dbus call. This patch fixed reference counting and following memory leak. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=88288 Origin: upstream, 0.113, commit:f4d71e0de885010494b8b0b8d62ca910011d7544 Gbp-Pq: Topic 0.113 Gbp-Pq: Name 00git_fix_memleak.patch --- src/polkit/polkitauthority.c | 1 - 1 file changed, 1 deletion(-) diff --git a/src/polkit/polkitauthority.c b/src/polkit/polkitauthority.c index 9947cf32..84dab72c 100644 --- a/src/polkit/polkitauthority.c +++ b/src/polkit/polkitauthority.c @@ -715,7 +715,6 @@ polkit_authority_enumerate_actions_finish (PolkitAuthority *authority, while ((child = g_variant_iter_next_value (&iter)) != NULL) { ret = g_list_prepend (ret, polkit_action_description_new_for_gvariant (child)); - g_variant_ref_sink (child); g_variant_unref (child); } ret = g_list_reverse (ret); -- cgit v1.2.3 From db3ac9feaef843750c93c18209d6a8eaafb075b9 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Sat, 30 May 2015 09:06:23 -0400 Subject: CVE-2015-3218: backend: Handle invalid object paths in RegisterAuthenticationAgent MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Properly propagate the error, otherwise we dereference a `NULL` pointer. This is a local, authenticated DoS. `RegisterAuthenticationAgentWithOptions` and `UnregisterAuthentication` have been validated to not need changes for this. http://lists.freedesktop.org/archives/polkit-devel/2015-May/000420.html Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90829 Bug-Debian: https://bugs.debian.org/787932 Reported-by: Tavis Ormandy Reviewed-by: Philip Withnall Reviewed-by: Miloslav Trmač Signed-off-by: Colin Walters Origin: upstream, 0.113, commit:48e646918efb2bf0b3b505747655726d7869f31c Gbp-Pq: Topic 0.113 Gbp-Pq: Name 00git_invalid_object_paths.patch --- .../polkitbackendinteractiveauthority.c | 53 ++++++++++++---------- 1 file changed, 30 insertions(+), 23 deletions(-) diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c index b237e9db..25e13fb0 100644 --- a/src/polkitbackend/polkitbackendinteractiveauthority.c +++ b/src/polkitbackend/polkitbackendinteractiveauthority.c @@ -1558,36 +1558,42 @@ authentication_agent_new (PolkitSubject *scope, const gchar *unique_system_bus_name, const gchar *locale, const gchar *object_path, - GVariant *registration_options) + GVariant *registration_options, + GError **error) { AuthenticationAgent *agent; - GError *error; + GDBusProxy *proxy; - agent = g_new0 (AuthenticationAgent, 1); + if (!g_variant_is_object_path (object_path)) + { + g_set_error (error, POLKIT_ERROR, POLKIT_ERROR_FAILED, + "Invalid object path '%s'", object_path); + return NULL; + } + + proxy = g_dbus_proxy_new_for_bus_sync (G_BUS_TYPE_SYSTEM, + G_DBUS_PROXY_FLAGS_DO_NOT_LOAD_PROPERTIES | + G_DBUS_PROXY_FLAGS_DO_NOT_CONNECT_SIGNALS, + NULL, /* GDBusInterfaceInfo* */ + unique_system_bus_name, + object_path, + "org.freedesktop.PolicyKit1.AuthenticationAgent", + NULL, /* GCancellable* */ + error); + if (proxy == NULL) + { + g_prefix_error (error, "Failed to construct proxy for agent: " ); + return NULL; + } + agent = g_new0 (AuthenticationAgent, 1); agent->ref_count = 1; agent->scope = g_object_ref (scope); agent->object_path = g_strdup (object_path); agent->unique_system_bus_name = g_strdup (unique_system_bus_name); agent->locale = g_strdup (locale); agent->registration_options = registration_options != NULL ? g_variant_ref (registration_options) : NULL; - - error = NULL; - agent->proxy = g_dbus_proxy_new_for_bus_sync (G_BUS_TYPE_SYSTEM, - G_DBUS_PROXY_FLAGS_DO_NOT_LOAD_PROPERTIES | - G_DBUS_PROXY_FLAGS_DO_NOT_CONNECT_SIGNALS, - NULL, /* GDBusInterfaceInfo* */ - agent->unique_system_bus_name, - agent->object_path, - "org.freedesktop.PolicyKit1.AuthenticationAgent", - NULL, /* GCancellable* */ - &error); - if (agent->proxy == NULL) - { - g_warning ("Error constructing proxy for agent: %s", error->message); - g_error_free (error); - /* TODO: Make authentication_agent_new() return NULL and set a GError */ - } + agent->proxy = proxy; return agent; } @@ -2234,8 +2240,6 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken caller_cmdline = NULL; agent = NULL; - /* TODO: validate that object path is well-formed */ - interactive_authority = POLKIT_BACKEND_INTERACTIVE_AUTHORITY (authority); priv = POLKIT_BACKEND_INTERACTIVE_AUTHORITY_GET_PRIVATE (interactive_authority); @@ -2322,7 +2326,10 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (caller)), locale, object_path, - options); + options, + error); + if (!agent) + goto out; g_hash_table_insert (priv->hash_scope_to_authentication_agent, g_object_ref (subject), -- cgit v1.2.3 From 8c41736cf07bab90caf881b44adfd194c07cae57 Mon Sep 17 00:00:00 2001 From: Philip Withnall Date: Tue, 2 Jun 2015 16:19:51 +0100 Subject: sessionmonitor-systemd: Use sd_uid_get_state() to check session activity MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Instead of using sd_pid_get_session() then sd_session_is_active() to determine whether the user is active, use sd_uid_get_state() directly. This gets the maximum of the states of all the user’s sessions, rather than the state of the session containing the subject process. Since the user is the security boundary, this is fine. This change is necessary for `systemd --user` sessions, where most user code will be forked off user@.service, rather than running inside the logind session (whether that be a foreground/active or background/online session). Policy-wise, the change is from checking whether the subject process is in an active session; to checking whether the subject process is owned by a user with at least one active session. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=76358 Applied-upstream: 0.113, commit:a29653ffa99e0809e15aa34afcd7b2df8593871c Bug-Debian: https://bugs.debian.org/779988 Gbp-Pq: Topic 0.113 Gbp-Pq: Name sessionmonitor-systemd-Use-sd_uid_get_state-to-check.patch --- .../polkitbackendsessionmonitor-systemd.c | 33 +++++++++++++++++++++- 1 file changed, 32 insertions(+), 1 deletion(-) diff --git a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c index ebd05cea..6bd517ab 100644 --- a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c +++ b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c @@ -391,6 +391,37 @@ gboolean polkit_backend_session_monitor_is_session_active (PolkitBackendSessionMonitor *monitor, PolkitSubject *session) { - return sd_session_is_active (polkit_unix_session_get_session_id (POLKIT_UNIX_SESSION (session))); + const char *session_id; + char *state; + uid_t uid; + gboolean is_active = FALSE; + + session_id = polkit_unix_session_get_session_id (POLKIT_UNIX_SESSION (session)); + + g_debug ("Checking whether session %s is active.", session_id); + + /* Check whether *any* of the user's current sessions are active. */ + if (sd_session_get_uid (session_id, &uid) < 0) + goto fallback; + + g_debug ("Session %s has UID %u.", session_id, uid); + + if (sd_uid_get_state (uid, &state) < 0) + goto fallback; + + g_debug ("UID %u has state %s.", uid, state); + + is_active = (g_strcmp0 (state, "active") == 0); + free (state); + + return is_active; + +fallback: + /* Fall back to checking the session. This is not ideal, since the user + * might have multiple sessions, and we cannot guarantee to have chosen + * the active one. + * + * See: https://bugs.freedesktop.org/show_bug.cgi?id=76358. */ + return sd_session_is_active (session_id); } -- cgit v1.2.3 From 0de11763e03a84c7ac2c4337dc61343e4a3b33e7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Wed, 11 Jun 2014 22:36:50 +0200 Subject: Fix a possible NULL dereference. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit polkit_backend_session_monitor_get_user_for_subject() may return NULL (and because it is using external processes, we can’t really rule it out). The code was already anticipating NULL in the cleanup section, so handle it also when actually using the value. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=80767 Origin: upstream, 0.113, commit:6109543303def367b84eaac97d2ff9cefe735efb Gbp-Pq: Topic 0.113 Gbp-Pq: Name Fix-a-possible-NULL-dereference.patch --- src/polkitbackend/polkitbackendinteractiveauthority.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c index 25e13fb0..00ee0446 100644 --- a/src/polkitbackend/polkitbackendinteractiveauthority.c +++ b/src/polkitbackend/polkitbackendinteractiveauthority.c @@ -557,7 +557,11 @@ log_result (PolkitBackendInteractiveAuthority *authority, user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, subject, NULL); subject_str = polkit_subject_to_string (subject); - user_of_subject_str = polkit_identity_to_string (user_of_subject); + + if (user_of_subject != NULL) + user_of_subject_str = polkit_identity_to_string (user_of_subject); + else + user_of_subject_str = g_strdup (""); caller_str = polkit_subject_to_string (caller); subject_cmdline = _polkit_subject_get_cmdline (subject); -- cgit v1.2.3 From 037225bfea82db3e100321ed42d802622671b080 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Wed, 11 Jun 2014 22:44:28 +0200 Subject: Remove a redundant assignment. Instead of a nonsensical (data = data), use the more customary ((void)data) to silence the warning about an unused parameter. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=80767 Origin: upstream, 0.113, commit:37143eb06cb0c4dffca67079dd1c10c5b191b6a7 Gbp-Pq: Topic 0.113 Gbp-Pq: Name Remove-a-redundant-assignment.patch --- src/polkitagent/polkitagenthelper-pam.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/polkitagent/polkitagenthelper-pam.c b/src/polkitagent/polkitagenthelper-pam.c index 292abbe4..937386e8 100644 --- a/src/polkitagent/polkitagenthelper-pam.c +++ b/src/polkitagent/polkitagenthelper-pam.c @@ -230,7 +230,7 @@ conversation_function (int n, const struct pam_message **msg, struct pam_respons gchar *tmp = NULL; size_t len; - data = data; + (void)data; if (n <= 0 || n > PAM_MAX_NUM_MSG) return PAM_CONV_ERR; -- cgit v1.2.3 From 94746cc60791dde51dfe6448eb909c5c0eebb81e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Mon, 15 Sep 2014 19:45:15 +0200 Subject: Fix duplicate GError use when "uid" is missing Some GLib versions complain loudly about this. To reproduce, call e.g. RegisterAuthenticationAgent with the following parameters: ("unix-process", {"pid": __import__('gi.repository.GLib', globals(), locals(), ['Variant']).Variant("u", 1), "start-time": __import__('gi.repository.GLib', globals(), locals(), ['Variant']).Variant("t", 1)}), "cs", "/" Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90877 Origin: upstream, 0.113, commit:2c8738941be18ef05ce724df46547f41dbc02fb5 Gbp-Pq: Topic 0.113 Gbp-Pq: Name Fix-duplicate-GError-use-when-uid-is-missing.patch --- src/polkit/polkitsubject.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/polkit/polkitsubject.c b/src/polkit/polkitsubject.c index aed57951..78ec745a 100644 --- a/src/polkit/polkitsubject.c +++ b/src/polkit/polkitsubject.c @@ -424,7 +424,7 @@ polkit_subject_new_for_gvariant (GVariant *variant, start_time = g_variant_get_uint64 (v); g_variant_unref (v); - v = lookup_asv (details_gvariant, "uid", G_VARIANT_TYPE_INT32, error); + v = lookup_asv (details_gvariant, "uid", G_VARIANT_TYPE_INT32, NULL); if (v != NULL) { uid = g_variant_get_int32 (v); -- cgit v1.2.3 From 6348e438c9f373938e80344f0845f350feeb949d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Sat, 6 Jun 2015 01:07:08 +0200 Subject: Fix a crash when two authentication requests are in flight. To reproduce: 1. pkttyagent -p $$ # or another suitable PID 2. pkcheck -p $that_pid -a org.freedesktop.policykit.exec -u 3. pkcheck -p $that_pid -a org.freedesktop.policykit.exec -u 4. Then, in the pkttyagent prompt, press Enter. polkit_agent_text_listener_initiate_authentication was already setting an appropriate error code, so the g_assert was unnecessary. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90879 Origin: upstream, 0.113, commit:e2d2fafd106624ddfea4b17d3f40704b2031c00b Gbp-Pq: Topic 0.113 Gbp-Pq: Name Fix-a-crash-when-two-authentication-requests-are-in-.patch --- src/polkitagent/polkitagenttextlistener.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/src/polkitagent/polkitagenttextlistener.c b/src/polkitagent/polkitagenttextlistener.c index b5c8a3f3..e63c2853 100644 --- a/src/polkitagent/polkitagenttextlistener.c +++ b/src/polkitagent/polkitagenttextlistener.c @@ -546,12 +546,10 @@ polkit_agent_text_listener_initiate_authentication_finish (PolkitAgentListener GAsyncResult *res, GError **error) { - PolkitAgentTextListener *listener = POLKIT_AGENT_TEXT_LISTENER (_listener); gboolean ret; g_warn_if_fail (g_simple_async_result_get_source_tag (G_SIMPLE_ASYNC_RESULT (res)) == polkit_agent_text_listener_initiate_authentication); - g_assert (listener->active_session == NULL); ret = FALSE; -- cgit v1.2.3 From 13a5e2ca34cdd1ec586b8faf9d4d5eb7f5f7e601 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Thu, 4 Jun 2015 12:15:18 -0400 Subject: CVE-2015-4625: Use unpredictable cookie values, keep them secret MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Tavis noted that it'd be possible with a 32 bit counter for someone to cause the cookie to wrap by creating Authentication requests in a loop. Something important to note here is that wrapping of signed integers is undefined behavior in C, so we definitely want to fix that. All counter integers used in this patch are unsigned. See the comment above `authentication_agent_generate_cookie` for details, but basically we're now using a cookie of the form: ``` - - - ``` Which has multiple 64 bit counters, plus unpredictable random 128 bit integer ids (effectively UUIDs, but we're not calling them that because we don't need to be globally unique. We further ensure that the cookies are not visible to other processes by changing the setuid helper to accept them over standard input. This means that an attacker would have to guess both ids. In any case, the security hole here is better fixed with the other change to bind user id (uid) of the agent with cookie lookups, making cookie guessing worthless. Nevertheless, I think it's worth doing this change too, for defense in depth. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90832 CVE: CVE-2015-4625 Reported-by: Tavis Ormandy Reviewed-by: Miloslav Trmač Signed-off-by: Colin Walters Origin: upstream, 0.113, commit:ea544ffc18405237ccd95d28d7f45afef49aca17 Bug-Debian: https://bugs.debian.org/796134 Gbp-Pq: Topic 0.113 Gbp-Pq: Name CVE-2015-4625-Use-unpredictable-cookie-values-keep-t.patch --- configure.ac | 2 +- src/polkitagent/polkitagenthelper-pam.c | 12 ++- src/polkitagent/polkitagenthelper-shadow.c | 12 ++- src/polkitagent/polkitagenthelperprivate.c | 33 ++++++++ src/polkitagent/polkitagenthelperprivate.h | 2 + src/polkitagent/polkitagentsession.c | 30 ++++--- .../polkitbackendinteractiveauthority.c | 99 +++++++++++++++++----- 7 files changed, 150 insertions(+), 40 deletions(-) diff --git a/configure.ac b/configure.ac index aa2760f9..388605d2 100644 --- a/configure.ac +++ b/configure.ac @@ -123,7 +123,7 @@ if test "x$GCC" = "xyes"; then changequote([,])dnl fi -PKG_CHECK_MODULES(GLIB, [gio-2.0 >= 2.28.0]) +PKG_CHECK_MODULES(GLIB, [gmodule-2.0 gio-unix-2.0 >= 2.30.0]) AC_SUBST(GLIB_CFLAGS) AC_SUBST(GLIB_LIBS) diff --git a/src/polkitagent/polkitagenthelper-pam.c b/src/polkitagent/polkitagenthelper-pam.c index 937386e8..19062aa8 100644 --- a/src/polkitagent/polkitagenthelper-pam.c +++ b/src/polkitagent/polkitagenthelper-pam.c @@ -65,7 +65,7 @@ main (int argc, char *argv[]) { int rc; const char *user_to_auth; - const char *cookie; + char *cookie = NULL; struct pam_conv pam_conversation; pam_handle_t *pam_h; const void *authed_user; @@ -97,7 +97,7 @@ main (int argc, char *argv[]) openlog ("polkit-agent-helper-1", LOG_CONS | LOG_PID, LOG_AUTHPRIV); /* check for correct invocation */ - if (argc != 3) + if (!(argc == 2 || argc == 3)) { syslog (LOG_NOTICE, "inappropriate use of helper, wrong number of arguments [uid=%d]", getuid ()); fprintf (stderr, "polkit-agent-helper-1: wrong number of arguments. This incident has been logged.\n"); @@ -105,7 +105,10 @@ main (int argc, char *argv[]) } user_to_auth = argv[1]; - cookie = argv[2]; + + cookie = read_cookie (argc, argv); + if (!cookie) + goto error; if (getuid () != 0) { @@ -203,6 +206,8 @@ main (int argc, char *argv[]) goto error; } + free (cookie); + #ifdef PAH_DEBUG fprintf (stderr, "polkit-agent-helper-1: successfully sent D-Bus message to PolicyKit daemon\n"); #endif /* PAH_DEBUG */ @@ -212,6 +217,7 @@ main (int argc, char *argv[]) return 0; error: + free (cookie); if (pam_h != NULL) pam_end (pam_h, rc); diff --git a/src/polkitagent/polkitagenthelper-shadow.c b/src/polkitagent/polkitagenthelper-shadow.c index a4f73acf..e8779154 100644 --- a/src/polkitagent/polkitagenthelper-shadow.c +++ b/src/polkitagent/polkitagenthelper-shadow.c @@ -46,7 +46,7 @@ main (int argc, char *argv[]) { struct spwd *shadow; const char *user_to_auth; - const char *cookie; + char *cookie = NULL; time_t now; /* clear the entire environment to avoid attacks with @@ -67,7 +67,7 @@ main (int argc, char *argv[]) openlog ("polkit-agent-helper-1", LOG_CONS | LOG_PID, LOG_AUTHPRIV); /* check for correct invocation */ - if (argc != 3) + if (!(argc == 2 || argc == 3)) { syslog (LOG_NOTICE, "inappropriate use of helper, wrong number of arguments [uid=%d]", getuid ()); fprintf (stderr, "polkit-agent-helper-1: wrong number of arguments. This incident has been logged.\n"); @@ -86,7 +86,10 @@ main (int argc, char *argv[]) } user_to_auth = argv[1]; - cookie = argv[2]; + + cookie = read_cookie (argc, argv); + if (!cookie) + goto error; #ifdef PAH_DEBUG fprintf (stderr, "polkit-agent-helper-1: user to auth is '%s'.\n", user_to_auth); @@ -153,6 +156,8 @@ main (int argc, char *argv[]) goto error; } + free (cookie); + #ifdef PAH_DEBUG fprintf (stderr, "polkit-agent-helper-1: successfully sent D-Bus message to PolicyKit daemon\n"); #endif /* PAH_DEBUG */ @@ -162,6 +167,7 @@ main (int argc, char *argv[]) return 0; error: + free (cookie); fprintf (stdout, "FAILURE\n"); flush_and_wait (); return 1; diff --git a/src/polkitagent/polkitagenthelperprivate.c b/src/polkitagent/polkitagenthelperprivate.c index 4417e70f..a99de7dd 100644 --- a/src/polkitagent/polkitagenthelperprivate.c +++ b/src/polkitagent/polkitagenthelperprivate.c @@ -23,6 +23,7 @@ #include "config.h" #include "polkitagenthelperprivate.h" #include +#include #include #include @@ -45,6 +46,38 @@ _polkit_clearenv (void) #endif +char * +read_cookie (int argc, char **argv) +{ + /* As part of CVE-2015-4625, we started passing the cookie + * on standard input, to ensure it's not visible to other + * processes. However, to ensure that things continue + * to work if the setuid binary is upgraded while old + * agents are still running (this will be common with + * package managers), we support both modes. + */ + if (argc == 3) + return strdup (argv[2]); + else + { + char *ret = NULL; + size_t n = 0; + ssize_t r = getline (&ret, &n, stdin); + if (r == -1) + { + if (!feof (stdin)) + perror ("getline"); + free (ret); + return NULL; + } + else + { + g_strchomp (ret); + return ret; + } + } +} + gboolean send_dbus_message (const char *cookie, const char *user) { diff --git a/src/polkitagent/polkitagenthelperprivate.h b/src/polkitagent/polkitagenthelperprivate.h index aeca2c74..547fdccf 100644 --- a/src/polkitagent/polkitagenthelperprivate.h +++ b/src/polkitagent/polkitagenthelperprivate.h @@ -38,6 +38,8 @@ int _polkit_clearenv (void); +char *read_cookie (int argc, char **argv); + gboolean send_dbus_message (const char *cookie, const char *user); void flush_and_wait (); diff --git a/src/polkitagent/polkitagentsession.c b/src/polkitagent/polkitagentsession.c index a658a229..6a3d6bc9 100644 --- a/src/polkitagent/polkitagentsession.c +++ b/src/polkitagent/polkitagentsession.c @@ -55,6 +55,7 @@ #include #include #include +#include #include #include "polkitagentmarshal.h" @@ -88,7 +89,7 @@ struct _PolkitAgentSession gchar *cookie; PolkitIdentity *identity; - int child_stdin; + GOutputStream *child_stdin; int child_stdout; GPid child_pid; @@ -129,7 +130,6 @@ G_DEFINE_TYPE (PolkitAgentSession, polkit_agent_session, G_TYPE_OBJECT); static void polkit_agent_session_init (PolkitAgentSession *session) { - session->child_stdin = -1; session->child_stdout = -1; } @@ -395,11 +395,7 @@ kill_helper (PolkitAgentSession *session) session->child_stdout = -1; } - if (session->child_stdin != -1) - { - g_warn_if_fail (close (session->child_stdin) == 0); - session->child_stdin = -1; - } + g_clear_object (&session->child_stdin); session->helper_is_running = FALSE; @@ -545,9 +541,9 @@ polkit_agent_session_response (PolkitAgentSession *session, add_newline = (response[response_len] != '\n'); - write (session->child_stdin, response, response_len); + (void) g_output_stream_write_all (session->child_stdin, response, response_len, NULL, NULL, NULL); if (add_newline) - write (session->child_stdin, newline, 1); + (void) g_output_stream_write_all (session->child_stdin, newline, 1, NULL, NULL, NULL); } /** @@ -567,8 +563,9 @@ polkit_agent_session_initiate (PolkitAgentSession *session) { uid_t uid; GError *error; - gchar *helper_argv[4]; + gchar *helper_argv[3]; struct passwd *passwd; + int stdin_fd = -1; g_return_if_fail (POLKIT_AGENT_IS_SESSION (session)); @@ -600,10 +597,8 @@ polkit_agent_session_initiate (PolkitAgentSession *session) helper_argv[0] = PACKAGE_LIBEXEC_DIR "/polkit-agent-helper-1"; helper_argv[1] = passwd->pw_name; - helper_argv[2] = session->cookie; - helper_argv[3] = NULL; + helper_argv[2] = NULL; - session->child_stdin = -1; session->child_stdout = -1; error = NULL; @@ -615,7 +610,7 @@ polkit_agent_session_initiate (PolkitAgentSession *session) NULL, NULL, &session->child_pid, - &session->child_stdin, + &stdin_fd, &session->child_stdout, NULL, &error)) @@ -628,6 +623,13 @@ polkit_agent_session_initiate (PolkitAgentSession *session) if (G_UNLIKELY (_show_debug ())) g_print ("PolkitAgentSession: spawned helper with pid %d\n", (gint) session->child_pid); + session->child_stdin = (GOutputStream*)g_unix_output_stream_new (stdin_fd, TRUE); + + /* Write the cookie on stdin so it can't be seen by other processes */ + (void) g_output_stream_write_all (session->child_stdin, session->cookie, strlen (session->cookie), + NULL, NULL, NULL); + (void) g_output_stream_write_all (session->child_stdin, "\n", 1, NULL, NULL, NULL); + session->child_stdout_channel = g_io_channel_unix_new (session->child_stdout); session->child_stdout_watch_source = g_io_create_watch (session->child_stdout_channel, G_IO_IN | G_IO_ERR | G_IO_HUP); diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c index 00ee0446..10eda2c7 100644 --- a/src/polkitbackend/polkitbackendinteractiveauthority.c +++ b/src/polkitbackend/polkitbackendinteractiveauthority.c @@ -212,6 +212,8 @@ typedef struct GDBusConnection *system_bus_connection; guint name_owner_changed_signal_id; + + guint64 agent_serial; } PolkitBackendInteractiveAuthorityPrivate; /* ---------------------------------------------------------------------------------------------------- */ @@ -430,11 +432,15 @@ struct AuthenticationAgent volatile gint ref_count; PolkitSubject *scope; + guint64 serial; gchar *locale; GVariant *registration_options; gchar *object_path; gchar *unique_system_bus_name; + GRand *cookie_pool; + gchar *cookie_prefix; + guint64 cookie_serial; GDBusProxy *proxy; @@ -1430,9 +1436,54 @@ authentication_session_cancelled_cb (GCancellable *cancellable, authentication_session_cancel (session); } +/* We're not calling this a UUID, but it's basically + * the same thing, just not formatted that way because: + * + * - I'm too lazy to do it + * - If we did, people might think it was actually + * generated from /dev/random, which we're not doing + * because this value doesn't actually need to be + * globally unique. + */ +static void +append_rand_u128_str (GString *buf, + GRand *pool) +{ + g_string_append_printf (buf, "%08x%08x%08x%08x", + g_rand_int (pool), + g_rand_int (pool), + g_rand_int (pool), + g_rand_int (pool)); +} + +/* A value that should be unique to the (AuthenticationAgent, AuthenticationSession) + * pair, and not guessable by other agents. + * + * - - - + * + * See http://lists.freedesktop.org/archives/polkit-devel/2015-June/000425.html + * + */ +static gchar * +authentication_agent_generate_cookie (AuthenticationAgent *agent) +{ + GString *buf = g_string_new (""); + + g_string_append (buf, agent->cookie_prefix); + + g_string_append_c (buf, '-'); + agent->cookie_serial++; + g_string_append_printf (buf, "%" G_GUINT64_FORMAT, + agent->cookie_serial); + g_string_append_c (buf, '-'); + append_rand_u128_str (buf, agent->cookie_pool); + + return g_string_free (buf, FALSE); +} + + static AuthenticationSession * authentication_session_new (AuthenticationAgent *agent, - const gchar *cookie, PolkitSubject *subject, PolkitIdentity *user_of_subject, PolkitSubject *caller, @@ -1449,7 +1500,7 @@ authentication_session_new (AuthenticationAgent *agent, session = g_new0 (AuthenticationSession, 1); session->agent = authentication_agent_ref (agent); - session->cookie = g_strdup (cookie); + session->cookie = authentication_agent_generate_cookie (agent); session->subject = g_object_ref (subject); session->user_of_subject = g_object_ref (user_of_subject); session->caller = g_object_ref (caller); @@ -1496,16 +1547,6 @@ authentication_session_free (AuthenticationSession *session) g_free (session); } -static gchar * -authentication_agent_new_cookie (AuthenticationAgent *agent) -{ - static gint counter = 0; - - /* TODO: use a more random-looking cookie */ - - return g_strdup_printf ("cookie%d", counter++); -} - static PolkitSubject * authentication_agent_get_scope (AuthenticationAgent *agent) { @@ -1553,12 +1594,15 @@ authentication_agent_unref (AuthenticationAgent *agent) g_free (agent->unique_system_bus_name); if (agent->registration_options != NULL) g_variant_unref (agent->registration_options); + g_rand_free (agent->cookie_pool); + g_free (agent->cookie_prefix); g_free (agent); } } static AuthenticationAgent * -authentication_agent_new (PolkitSubject *scope, +authentication_agent_new (guint64 serial, + PolkitSubject *scope, const gchar *unique_system_bus_name, const gchar *locale, const gchar *object_path, @@ -1592,6 +1636,7 @@ authentication_agent_new (PolkitSubject *scope, agent = g_new0 (AuthenticationAgent, 1); agent->ref_count = 1; + agent->serial = serial; agent->scope = g_object_ref (scope); agent->object_path = g_strdup (object_path); agent->unique_system_bus_name = g_strdup (unique_system_bus_name); @@ -1599,6 +1644,25 @@ authentication_agent_new (PolkitSubject *scope, agent->registration_options = registration_options != NULL ? g_variant_ref (registration_options) : NULL; agent->proxy = proxy; + { + GString *cookie_prefix = g_string_new (""); + GRand *agent_private_rand = g_rand_new (); + + g_string_append_printf (cookie_prefix, "%" G_GUINT64_FORMAT "-", agent->serial); + + /* Use a uniquely seeded PRNG to get a prefix cookie for this agent, + * whose sequence will not correlate with the per-authentication session + * cookies. + */ + append_rand_u128_str (cookie_prefix, agent_private_rand); + g_rand_free (agent_private_rand); + + agent->cookie_prefix = g_string_free (cookie_prefix, FALSE); + + /* And a newly seeded pool for per-session cookies */ + agent->cookie_pool = g_rand_new (); + } + return agent; } @@ -2083,7 +2147,6 @@ authentication_agent_initiate_challenge (AuthenticationAgent *agent, gpointer user_data) { AuthenticationSession *session; - gchar *cookie; GList *l; GList *identities; gchar *localized_message; @@ -2104,8 +2167,6 @@ authentication_agent_initiate_challenge (AuthenticationAgent *agent, &localized_icon_name, &localized_details); - cookie = authentication_agent_new_cookie (agent); - identities = NULL; /* select admin user if required by the implicit authorization */ @@ -2125,7 +2186,6 @@ authentication_agent_initiate_challenge (AuthenticationAgent *agent, } session = authentication_session_new (agent, - cookie, subject, user_of_subject, caller, @@ -2179,7 +2239,6 @@ authentication_agent_initiate_challenge (AuthenticationAgent *agent, g_list_foreach (identities, (GFunc) g_object_unref, NULL); g_list_free (identities); - g_free (cookie); g_free (localized_message); g_free (localized_icon_name); @@ -2326,7 +2385,9 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken goto out; } - agent = authentication_agent_new (subject, + priv->agent_serial++; + agent = authentication_agent_new (priv->agent_serial, + subject, polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (caller)), locale, object_path, -- cgit v1.2.3 From 8c0b17edbb62cb14628026b758985e967578af9c Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Wed, 17 Jun 2015 13:07:02 -0400 Subject: CVE-2015-4625: Bind use of cookies to specific uids MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit http://lists.freedesktop.org/archives/polkit-devel/2015-June/000425.html The "cookie" value that Polkit hands out is global to all polkit users. And when `AuthenticationAgentResponse` is invoked, we previously only received the cookie and *target* identity, and attempted to find an agent from that. The problem is that the current cookie is just an integer counter, and if it overflowed, it would be possible for an successful authorization in one session to trigger a response in another session. The overflow and ability to guess the cookie were fixed by the previous patch. This patch is conceptually further hardening on top of that. Polkit currently treats uids as equivalent from a security domain perspective; there is no support for SELinux/AppArmor/etc. differentiation. We can retrieve the uid from `getuid()` in the setuid helper, which allows us to ensure the uid invoking `AuthenticationAgentResponse2` matches that of the agent. Then the authority only looks at authentication sessions matching the cookie that were created by a matching uid, thus removing the ability for different uids to interfere with each other entirely. Several fixes to this patch were contributed by: Miloslav Trmač Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90837 CVE: CVE-2015-4625 Reported-by: Tavis Ormandy Reviewed-by: Miloslav Trmač Signed-off-by: Colin Walters Origin: upstream, 0.113, commit:493aa5dc1d278ab9097110c1262f5229bbaf1766 Bug-Debian: https://bugs.debian.org/796134 Gbp-Pq: Topic 0.113 Gbp-Pq: Name CVE-2015-4625-Bind-use-of-cookies-to-specific-uids.patch --- ....freedesktop.PolicyKit1.AuthenticationAgent.xml | 14 ++++- data/org.freedesktop.PolicyKit1.Authority.xml | 24 ++++++++- ...erface-org.freedesktop.PolicyKit1.Authority.xml | 46 +++++++++++++++- docs/polkit/overview.xml | 18 ++++--- src/polkit/polkitauthority.c | 13 ++++- src/polkitbackend/polkitbackendauthority.c | 61 +++++++++++++++++++++- src/polkitbackend/polkitbackendauthority.h | 2 + .../polkitbackendinteractiveauthority.c | 39 ++++++++++++-- 8 files changed, 198 insertions(+), 19 deletions(-) diff --git a/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml b/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml index 3b519c2f..5beef7d4 100644 --- a/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml +++ b/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml @@ -8,7 +8,19 @@ - + diff --git a/data/org.freedesktop.PolicyKit1.Authority.xml b/data/org.freedesktop.PolicyKit1.Authority.xml index fbfb9cdc..f9021ee2 100644 --- a/data/org.freedesktop.PolicyKit1.Authority.xml +++ b/data/org.freedesktop.PolicyKit1.Authority.xml @@ -313,7 +313,29 @@ - + + + + + + + + + + + + + + + + + + diff --git a/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml b/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml index 6525e250..e66bf534 100644 --- a/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml +++ b/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml @@ -42,6 +42,8 @@ Structure TemporaryAuth IN String object_path) AuthenticationAgentResponse (IN String cookie, IN Identity identity) +AuthenticationAgentResponse2 (IN uint32 uid, IN String cookie, + IN Identity identity) EnumerateTemporaryAuthorizations (IN Subject subject, OUT Array<TemporaryAuthorization> temporary_authorizations) RevokeTemporaryAuthorizations (IN Subject subject) @@ -777,9 +779,51 @@ AuthenticationAgentResponse (IN String cookie, IN Identity identity) -Method for authentication agents to invoke on successful authentication. This method will fail unless a sufficiently privileged caller invokes it. +Method for authentication agents to invoke on successful +authentication, intended only for use by a privileged helper process +internal to polkit. Deprecated in favor of AuthenticationAgentResponse2. + + + + IN String cookie: + + +The cookie identifying the authentication request that was passed to the authentication agent. + + + + + IN Identity identity: + + +A Identity struct describing what identity was authenticated. + + + + + + + AuthenticationAgentResponse2 () + +AuthenticationAgentResponse2 (IN uint32 uid, + IN String cookie, + IN Identity identity) + + +Method for authentication agents to invoke on successful +authentication, intended only for use by a privileged helper process +internal to polkit. Note this method was introduced in 0.114 to fix a security issue. + + IN uint32 uid: + + +The user id of the agent; normally this is the owner of the parent pid +of the process that invoked the internal setuid helper. + + + IN String cookie: diff --git a/docs/polkit/overview.xml b/docs/polkit/overview.xml index 24440d2e..c29d8da2 100644 --- a/docs/polkit/overview.xml +++ b/docs/polkit/overview.xml @@ -66,16 +66,18 @@ Authentication agents are provided by desktop environments. When an user session starts, the agent registers with the polkit - Authority using - the RegisterAuthenticationAgent() + Authority using the RegisterAuthenticationAgent() method. When services are needed, the authority will invoke - methods on - the org.freedesktop.PolicyKit1.AuthenticationAgent + methods on the org.freedesktop.PolicyKit1.AuthenticationAgent D-Bus interface. Once the user is authenticated, (a privileged - part of) the agent invokes - the AuthenticationAgentResponse() - method. Note that the polkit Authority itself does not care - how the agent authenticates the user. + part of) the agent invokes the AuthenticationAgentResponse() + method. This method should be treated as an internal + implementation detail, and callers should use the public shared + library API to invoke it, which currently uses a setuid helper + program. The libpolkit-agent-1 diff --git a/src/polkit/polkitauthority.c b/src/polkit/polkitauthority.c index 84dab72c..f45abc4a 100644 --- a/src/polkit/polkitauthority.c +++ b/src/polkit/polkitauthority.c @@ -1492,6 +1492,14 @@ polkit_authority_authentication_agent_response (PolkitAuthority *authority, gpointer user_data) { GVariant *identity_value; + /* Note that in reality, this API is only accessible to root, and + * only called from the setuid helper `polkit-agent-helper-1`. + * + * However, because this is currently public API, we avoid + * triggering warnings from ABI diff type programs by just grabbing + * the real uid of the caller here. + */ + uid_t uid = getuid (); g_return_if_fail (POLKIT_IS_AUTHORITY (authority)); g_return_if_fail (cookie != NULL); @@ -1501,8 +1509,9 @@ polkit_authority_authentication_agent_response (PolkitAuthority *authority, identity_value = polkit_identity_to_gvariant (identity); g_variant_ref_sink (identity_value); g_dbus_proxy_call (authority->proxy, - "AuthenticationAgentResponse", - g_variant_new ("(s@(sa{sv}))", + "AuthenticationAgentResponse2", + g_variant_new ("(us@(sa{sv}))", + (guint32)uid, cookie, identity_value), G_DBUS_CALL_FLAGS_NONE, diff --git a/src/polkitbackend/polkitbackendauthority.c b/src/polkitbackend/polkitbackendauthority.c index fd4f161c..d1b1a257 100644 --- a/src/polkitbackend/polkitbackendauthority.c +++ b/src/polkitbackend/polkitbackendauthority.c @@ -355,6 +355,7 @@ polkit_backend_authority_unregister_authentication_agent (PolkitBackendAuthority gboolean polkit_backend_authority_authentication_agent_response (PolkitBackendAuthority *authority, PolkitSubject *caller, + uid_t uid, const gchar *cookie, PolkitIdentity *identity, GError **error) @@ -373,7 +374,7 @@ polkit_backend_authority_authentication_agent_response (PolkitBackendAuthority } else { - return klass->authentication_agent_response (authority, caller, cookie, identity, error); + return klass->authentication_agent_response (authority, caller, uid, cookie, identity, error); } } @@ -587,6 +588,11 @@ static const gchar *server_introspection_data = " " " " " " + " " + " " + " " + " " + " " " " " " " " @@ -1035,6 +1041,57 @@ server_handle_authentication_agent_response (Server *server, error = NULL; if (!polkit_backend_authority_authentication_agent_response (server->authority, caller, + (uid_t)-1, + cookie, + identity, + &error)) + { + g_dbus_method_invocation_return_gerror (invocation, error); + g_error_free (error); + goto out; + } + + g_dbus_method_invocation_return_value (invocation, g_variant_new ("()")); + + out: + if (identity != NULL) + g_object_unref (identity); +} + +static void +server_handle_authentication_agent_response2 (Server *server, + GVariant *parameters, + PolkitSubject *caller, + GDBusMethodInvocation *invocation) +{ + const gchar *cookie; + GVariant *identity_gvariant; + PolkitIdentity *identity; + GError *error; + guint32 uid; + + identity = NULL; + + g_variant_get (parameters, + "(u&s@(sa{sv}))", + &uid, + &cookie, + &identity_gvariant); + + error = NULL; + identity = polkit_identity_new_for_gvariant (identity_gvariant, &error); + if (identity == NULL) + { + g_prefix_error (&error, "Error getting identity: "); + g_dbus_method_invocation_return_gerror (invocation, error); + g_error_free (error); + goto out; + } + + error = NULL; + if (!polkit_backend_authority_authentication_agent_response (server->authority, + caller, + (uid_t)uid, cookie, identity, &error)) @@ -1222,6 +1279,8 @@ server_handle_method_call (GDBusConnection *connection, server_handle_unregister_authentication_agent (server, parameters, caller, invocation); else if (g_strcmp0 (method_name, "AuthenticationAgentResponse") == 0) server_handle_authentication_agent_response (server, parameters, caller, invocation); + else if (g_strcmp0 (method_name, "AuthenticationAgentResponse2") == 0) + server_handle_authentication_agent_response2 (server, parameters, caller, invocation); else if (g_strcmp0 (method_name, "EnumerateTemporaryAuthorizations") == 0) server_handle_enumerate_temporary_authorizations (server, parameters, caller, invocation); else if (g_strcmp0 (method_name, "RevokeTemporaryAuthorizations") == 0) diff --git a/src/polkitbackend/polkitbackendauthority.h b/src/polkitbackend/polkitbackendauthority.h index a564054f..1c212e0d 100644 --- a/src/polkitbackend/polkitbackendauthority.h +++ b/src/polkitbackend/polkitbackendauthority.h @@ -154,6 +154,7 @@ struct _PolkitBackendAuthorityClass gboolean (*authentication_agent_response) (PolkitBackendAuthority *authority, PolkitSubject *caller, + uid_t uid, const gchar *cookie, PolkitIdentity *identity, GError **error); @@ -256,6 +257,7 @@ gboolean polkit_backend_authority_unregister_authentication_agent (PolkitBackend gboolean polkit_backend_authority_authentication_agent_response (PolkitBackendAuthority *authority, PolkitSubject *caller, + uid_t uid, const gchar *cookie, PolkitIdentity *identity, GError **error); diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c index 10eda2c7..5e29af2c 100644 --- a/src/polkitbackend/polkitbackendinteractiveauthority.c +++ b/src/polkitbackend/polkitbackendinteractiveauthority.c @@ -106,8 +106,9 @@ static AuthenticationAgent *get_authentication_agent_for_subject (PolkitBackendI PolkitSubject *subject); -static AuthenticationSession *get_authentication_session_for_cookie (PolkitBackendInteractiveAuthority *authority, - const gchar *cookie); +static AuthenticationSession *get_authentication_session_for_uid_and_cookie (PolkitBackendInteractiveAuthority *authority, + uid_t uid, + const gchar *cookie); static GList *get_authentication_sessions_initiated_by_system_bus_unique_name (PolkitBackendInteractiveAuthority *authority, const gchar *system_bus_unique_name); @@ -167,6 +168,7 @@ static gboolean polkit_backend_interactive_authority_unregister_authentication_a static gboolean polkit_backend_interactive_authority_authentication_agent_response (PolkitBackendAuthority *authority, PolkitSubject *caller, + uid_t uid, const gchar *cookie, PolkitIdentity *identity, GError **error); @@ -431,6 +433,7 @@ struct AuthenticationAgent { volatile gint ref_count; + uid_t creator_uid; PolkitSubject *scope; guint64 serial; @@ -1603,6 +1606,7 @@ authentication_agent_unref (AuthenticationAgent *agent) static AuthenticationAgent * authentication_agent_new (guint64 serial, PolkitSubject *scope, + PolkitIdentity *creator, const gchar *unique_system_bus_name, const gchar *locale, const gchar *object_path, @@ -1611,6 +1615,10 @@ authentication_agent_new (guint64 serial, { AuthenticationAgent *agent; GDBusProxy *proxy; + PolkitUnixUser *creator_user; + + g_assert (POLKIT_IS_UNIX_USER (creator)); + creator_user = POLKIT_UNIX_USER (creator); if (!g_variant_is_object_path (object_path)) { @@ -1638,6 +1646,7 @@ authentication_agent_new (guint64 serial, agent->ref_count = 1; agent->serial = serial; agent->scope = g_object_ref (scope); + agent->creator_uid = (uid_t)polkit_unix_user_get_uid (creator_user); agent->object_path = g_strdup (object_path); agent->unique_system_bus_name = g_strdup (unique_system_bus_name); agent->locale = g_strdup (locale); @@ -1736,8 +1745,9 @@ get_authentication_agent_for_subject (PolkitBackendInteractiveAuthority *authori } static AuthenticationSession * -get_authentication_session_for_cookie (PolkitBackendInteractiveAuthority *authority, - const gchar *cookie) +get_authentication_session_for_uid_and_cookie (PolkitBackendInteractiveAuthority *authority, + uid_t uid, + const gchar *cookie) { PolkitBackendInteractiveAuthorityPrivate *priv; GHashTableIter hash_iter; @@ -1755,6 +1765,23 @@ get_authentication_session_for_cookie (PolkitBackendInteractiveAuthority *author { GList *l; + /* We need to ensure that if somehow we have duplicate cookies + * due to wrapping, that the cookie used is matched to the user + * who called AuthenticationAgentResponse2. See + * http://lists.freedesktop.org/archives/polkit-devel/2015-June/000425.html + * + * Except if the legacy AuthenticationAgentResponse is invoked, + * we don't know the uid and hence use -1. Continue to support + * the old behavior for backwards compatibility, although everyone + * who is using our own setuid helper will automatically be updated + * to the new API. + */ + if (uid != (uid_t)-1) + { + if (agent->creator_uid != uid) + continue; + } + for (l = agent->active_sessions; l != NULL; l = l->next) { AuthenticationSession *session = l->data; @@ -2388,6 +2415,7 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken priv->agent_serial++; agent = authentication_agent_new (priv->agent_serial, subject, + user_of_caller, polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (caller)), locale, object_path, @@ -2601,6 +2629,7 @@ polkit_backend_interactive_authority_unregister_authentication_agent (PolkitBack static gboolean polkit_backend_interactive_authority_authentication_agent_response (PolkitBackendAuthority *authority, PolkitSubject *caller, + uid_t uid, const gchar *cookie, PolkitIdentity *identity, GError **error) @@ -2643,7 +2672,7 @@ polkit_backend_interactive_authority_authentication_agent_response (PolkitBacken } /* find the authentication session */ - session = get_authentication_session_for_cookie (interactive_authority, cookie); + session = get_authentication_session_for_uid_and_cookie (interactive_authority, uid, cookie); if (session == NULL) { g_set_error (error, -- cgit v1.2.3 From 2a88b213b321c075ccd77bd416a79d68fb695e49 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Wed, 17 Jun 2015 01:01:27 +0200 Subject: docs: Update for changes to uid binding/AuthenticationAgentResponse2 - Refer to PolkitAgentSession in general instead of to _response only - Revert to the original description of authentication cancellation, the agent really needs to return an error to the caller (in addition to dealing with the session if any). - Explicitly document the UID assumption; in the process fixing bug #69980. - Keep documenting that we need a sufficiently privileged caller. - Refer to the ...Response2 API in more places. - Also update docbook documentation. - Drop a paragraph suggesting non-PolkitAgentSession implementations are expected and commonplace. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90837 Reviewed-by: Colin Walters Origin: upstream, 0.113, commit:fb5076b7c05d01a532d593a4079a29cf2d63a228 Bug-Debian: https://bugs.debian.org/796134 Gbp-Pq: Topic 0.113 Gbp-Pq: Name docs-Update-for-changes-to-uid-binding-Authenticatio.patch --- ....freedesktop.PolicyKit1.AuthenticationAgent.xml | 6 +++--- data/org.freedesktop.PolicyKit1.Authority.xml | 11 ++++++---- ....freedesktop.PolicyKit1.AuthenticationAgent.xml | 7 +++++-- ...erface-org.freedesktop.PolicyKit1.Authority.xml | 12 +++++++---- docs/polkit/overview.xml | 8 ++++---- src/polkit/polkitauthority.c | 24 ++++++++++++++++++++-- src/polkitagent/polkitagentlistener.c | 5 +---- src/polkitbackend/polkitbackendauthority.c | 1 + 8 files changed, 51 insertions(+), 23 deletions(-) diff --git a/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml b/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml index 5beef7d4..482332f6 100644 --- a/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml +++ b/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml @@ -13,14 +13,14 @@ user to authenticate as one of the identities in @identities for the action with the identifier @action_id.This authentication is normally achieved via the - polkit_agent_session_response() API, which invokes a private + PolkitAgentSession API, which invokes a private setuid helper process to verify the authentication. When successful, it calls the org.freedesktop.PolicyKit1.Authority.AuthenticationAgentResponse2() method on the #org.freedesktop.PolicyKit1.Authority interface of the PolicyKit daemon before returning. If the user dismisses the - authentication dialog, the authentication agent should call - polkit_agent_session_cancel()."/> + authentication dialog, the authentication agent should return an + error."/> diff --git a/data/org.freedesktop.PolicyKit1.Authority.xml b/data/org.freedesktop.PolicyKit1.Authority.xml index f9021ee2..88da3c05 100644 --- a/data/org.freedesktop.PolicyKit1.Authority.xml +++ b/data/org.freedesktop.PolicyKit1.Authority.xml @@ -283,7 +283,7 @@ - + @@ -315,7 +315,8 @@ +internal to polkit. This method will fail unless a sufficiently privileged +caller invokes it. Deprecated in favor of org.freedesktop.PolicyKit1.Authority.AuthenticationAgentResponse2."/> @@ -330,11 +331,13 @@ internal to polkit."/> - + diff --git a/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.AuthenticationAgent.xml b/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.AuthenticationAgent.xml index ec596268..ab27b2f6 100644 --- a/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.AuthenticationAgent.xml +++ b/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.AuthenticationAgent.xml @@ -47,10 +47,13 @@ BeginAuthentication (IN String action_id, identifier action_id.Upon succesful authentication, the authentication agent must invoke the AuthenticationAgentResponse() + linkend="eggdbus-method-org.freedesktop.PolicyKit1.Authority.AuthenticationAgentResponse2">AuthenticationAgentResponse2() method on the org.freedesktop.PolicyKit1.Authority - interface of the PolicyKit daemon before returning. + interface of the PolicyKit daemon before returning. This is normally + achieved via the PolkitAgentSession + API, which invokes a private setuid helper process to verify the + authentication. The authentication agent should not return until after authentication is complete. diff --git a/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml b/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml index e66bf534..f2eed639 100644 --- a/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml +++ b/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml @@ -42,7 +42,7 @@ Structure TemporaryAuth IN String object_path) AuthenticationAgentResponse (IN String cookie, IN Identity identity) -AuthenticationAgentResponse2 (IN uint32 uid, IN String cookie, +AuthenticationAgentResponse2 (IN uint32 uid, IN String cookie, IN Identity identity) EnumerateTemporaryAuthorizations (IN Subject subject, OUT Array<TemporaryAuthorization> temporary_authorizations) @@ -701,7 +701,7 @@ RegisterAuthenticationAgent (IN Subject< IN String object_path) -Register an authentication agent.Note that current versions of PolicyKit will only work if session_id is set to the empty string. In the future it might work for non-empty strings if the caller is sufficiently privileged. +Register an authentication agent.Note that this should be called by same effective UID which will be passed to AuthenticationAgentResponse2(). @@ -781,7 +781,8 @@ AuthenticationAgentResponse (IN String cookie, Method for authentication agents to invoke on successful authentication, intended only for use by a privileged helper process -internal to polkit. Deprecated in favor of AuthenticationAgentResponse2. +internal to polkit. This method will fail unless a sufficiently privileged ++caller invokes it. Deprecated in favor of AuthenticationAgentResponse2(). @@ -812,7 +813,10 @@ AuthenticationAgentResponse2 (IN uint32 uid, Method for authentication agents to invoke on successful authentication, intended only for use by a privileged helper process -internal to polkit. Note this method was introduced in 0.114 to fix a security issue. +internal to polkit. This method will fail unless a sufficiently privileged +caller invokes it. Note this method was introduced in 0.114 and should be +preferred over AuthenticationAgentResponse() +as it fixes a security issue. diff --git a/docs/polkit/overview.xml b/docs/polkit/overview.xml index c29d8da2..8ddb34cc 100644 --- a/docs/polkit/overview.xml +++ b/docs/polkit/overview.xml @@ -73,11 +73,11 @@ linkend="eggdbus-interface-org.freedesktop.PolicyKit1.AuthenticationAgent">org.freedesktop.PolicyKit1.AuthenticationAgent D-Bus interface. Once the user is authenticated, (a privileged part of) the agent invokes the AuthenticationAgentResponse() + linkend="eggdbus-method-org.freedesktop.PolicyKit1.Authority.AuthenticationAgentResponse2">AuthenticationAgentResponse2() method. This method should be treated as an internal - implementation detail, and callers should use the public shared - library API to invoke it, which currently uses a setuid helper - program. + implementation detail, and callers should use the + PolkitAgentSession API to invoke + it, which currently uses a setuid helper program. The libpolkit-agent-1 diff --git a/src/polkit/polkitauthority.c b/src/polkit/polkitauthority.c index f45abc4a..4e882e64 100644 --- a/src/polkit/polkitauthority.c +++ b/src/polkit/polkitauthority.c @@ -1038,6 +1038,10 @@ polkit_authority_check_authorization_sync (PolkitAuthority *author * * Asynchronously registers an authentication agent. * + * Note that this should be called by the same effective UID which will be + * the real UID using the #PolkitAgentSession API or otherwise calling + * polkit_authority_authentication_agent_response(). + * * When the operation is finished, @callback will be invoked in the * thread-default * main loop of the thread you are calling this method @@ -1129,7 +1133,13 @@ polkit_authority_register_authentication_agent_finish (PolkitAuthority *authorit * @cancellable: (allow-none): A #GCancellable or %NULL. * @error: (allow-none): Return location for error or %NULL. * - * Registers an authentication agent. The calling thread is blocked + * Registers an authentication agent. + * + * Note that this should be called by the same effective UID which will be + * the real UID using the #PolkitAgentSession API or otherwise calling + * polkit_authority_authentication_agent_response(). + * + * The calling thread is blocked * until a reply is received. See * polkit_authority_register_authentication_agent() for the * asynchronous version. @@ -1178,6 +1188,10 @@ polkit_authority_register_authentication_agent_sync (PolkitAuthority *author * * Asynchronously registers an authentication agent. * + * Note that this should be called by the same effective UID which will be + * the real UID using the #PolkitAgentSession API or otherwise calling + * polkit_authority_authentication_agent_response(). + * * When the operation is finished, @callback will be invoked in the * thread-default * main loop of the thread you are calling this method @@ -1292,7 +1306,13 @@ polkit_authority_register_authentication_agent_with_options_finish (PolkitAuthor * @cancellable: (allow-none): A #GCancellable or %NULL. * @error: (allow-none): Return location for error or %NULL. * - * Registers an authentication agent. The calling thread is blocked + * Registers an authentication agent. + * + * Note that this should be called by the same effective UID which will be + * the real UID using the #PolkitAgentSession API or otherwise calling + * polkit_authority_authentication_agent_response(). + * + * The calling thread is blocked * until a reply is received. See * polkit_authority_register_authentication_agent_with_options() for the * asynchronous version. diff --git a/src/polkitagent/polkitagentlistener.c b/src/polkitagent/polkitagentlistener.c index 5bddd035..2bfda2d5 100644 --- a/src/polkitagent/polkitagentlistener.c +++ b/src/polkitagent/polkitagentlistener.c @@ -37,10 +37,7 @@ * * Typically authentication agents use #PolkitAgentSession to * authenticate users (via passwords) and communicate back the - * authentication result to the PolicyKit daemon. This is however not - * requirement. Depending on the system an authentication agent may - * use other means (such as a Yes/No dialog) to obtain sufficient - * evidence that the user is one of the requested identities. + * authentication result to the PolicyKit daemon. * * To register a #PolkitAgentListener with the PolicyKit daemon, use * polkit_agent_listener_register() or diff --git a/src/polkitbackend/polkitbackendauthority.c b/src/polkitbackend/polkitbackendauthority.c index d1b1a257..10b8af34 100644 --- a/src/polkitbackend/polkitbackendauthority.c +++ b/src/polkitbackend/polkitbackendauthority.c @@ -343,6 +343,7 @@ polkit_backend_authority_unregister_authentication_agent (PolkitBackendAuthority * polkit_backend_authority_authentication_agent_response: * @authority: A #PolkitBackendAuthority. * @caller: The system bus name that initiated the query. + * @uid: The real UID of the registered agent, or (uid_t)-1 if unknown. * @cookie: The cookie passed to the authentication agent from the authority. * @identity: The identity that was authenticated. * @error: Return location for error or %NULL. -- cgit v1.2.3 From 760e3ff0f04f841e1218fd50fcf34dc1bdb63514 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Tue, 1 Jul 2014 20:00:48 +0200 Subject: Fix a per-authorization memory leak We were leaking PolkitAuthorizationResult on every request, primarily on the success path, but also on various error paths as well. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=69501 Origin: upstream, 0.113, commit:0f5852a4bdabe377ddcdbed09a0c1f95710e17fe Gbp-Pq: Topic 0.113 Gbp-Pq: Name Fix-a-per-authorization-memory-leak.patch --- src/polkitbackend/polkitbackendauthority.c | 1 + src/polkitbackend/polkitbackendinteractiveauthority.c | 5 ++++- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/src/polkitbackend/polkitbackendauthority.c b/src/polkitbackend/polkitbackendauthority.c index 10b8af34..39eb5b9d 100644 --- a/src/polkitbackend/polkitbackendauthority.c +++ b/src/polkitbackend/polkitbackendauthority.c @@ -714,6 +714,7 @@ check_auth_cb (GObject *source_object, g_variant_ref_sink (value); g_dbus_method_invocation_return_value (data->invocation, g_variant_new ("(@(bba{ss}))", value)); g_variant_unref (value); + g_object_unref (result); } check_auth_data_free (data); diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c index 5e29af2c..73d0a0e2 100644 --- a/src/polkitbackend/polkitbackendinteractiveauthority.c +++ b/src/polkitbackend/polkitbackendinteractiveauthority.c @@ -1015,7 +1015,7 @@ polkit_backend_interactive_authority_check_authorization (PolkitBackendAuthority /* Otherwise just return the result */ g_simple_async_result_set_op_res_gpointer (simple, - result, + g_object_ref (result), g_object_unref); g_simple_async_result_complete (simple); g_object_unref (simple); @@ -1032,6 +1032,9 @@ polkit_backend_interactive_authority_check_authorization (PolkitBackendAuthority g_free (subject_str); g_free (user_of_caller_str); g_free (user_of_subject_str); + + if (result != NULL) + g_object_unref (result); } /* ---------------------------------------------------------------------------------------------------- */ -- cgit v1.2.3 From 1e9da8cf3d4831c744d4251bf750471b8a2ed80a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Tue, 1 Jul 2014 20:00:48 +0200 Subject: Fix a memory leak when registering an authentication agent Bug: https://bugs.freedesktop.org/show_bug.cgi?id=69501 Origin: upstream, 0.113, commit:ec039f9d7ede5b839f5511e26d5cd6ae9107cb2e Gbp-Pq: Topic 0.113 Gbp-Pq: Name Fix-a-memory-leak-when-registering-an-authentication.patch --- src/polkitbackend/polkitbackendauthority.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/polkitbackend/polkitbackendauthority.c b/src/polkitbackend/polkitbackendauthority.c index 39eb5b9d..afe5b90c 100644 --- a/src/polkitbackend/polkitbackendauthority.c +++ b/src/polkitbackend/polkitbackendauthority.c @@ -900,6 +900,7 @@ server_handle_register_authentication_agent (Server *server, g_dbus_method_invocation_return_value (invocation, g_variant_new ("()")); out: + g_variant_unref (subject_gvariant); if (subject != NULL) g_object_unref (subject); } -- cgit v1.2.3 From c0d199c0f3180c804e589412948b82bf0b20fb84 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Wed, 1 Apr 2015 05:22:37 +0200 Subject: CVE-2015-3255 Fix GHashTable usage. Don't assume that the hash table with free both the key and the value at the same time, supply proper deallocation functions for the key and value separately. Then drop ParsedAction::action_id which is no longer used for anything. https://bugs.freedesktop.org/show_bug.cgi?id=69501 and https://bugs.freedesktop.org/show_bug.cgi?id=83590 CVE: CVE-2015-3255 Origin: upstream, 0.113, commit:9f5e0c731784003bd4d6fc75ab739ff8b2ea269f Bug-Debian: https://bugs.debian.org/796134 Gbp-Pq: Topic 0.113 Gbp-Pq: Name CVE-2015-3255-Fix-GHashTable-usage.patch --- src/polkitbackend/polkitbackendactionpool.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/src/polkitbackend/polkitbackendactionpool.c b/src/polkitbackend/polkitbackendactionpool.c index 0af00109..b16ed2f9 100644 --- a/src/polkitbackend/polkitbackendactionpool.c +++ b/src/polkitbackend/polkitbackendactionpool.c @@ -40,7 +40,6 @@ typedef struct { - gchar *action_id; gchar *vendor_name; gchar *vendor_url; gchar *icon_name; @@ -62,7 +61,6 @@ typedef struct static void parsed_action_free (ParsedAction *action) { - g_free (action->action_id); g_free (action->vendor_name); g_free (action->vendor_url); g_free (action->icon_name); @@ -134,7 +132,7 @@ polkit_backend_action_pool_init (PolkitBackendActionPool *pool) priv->parsed_actions = g_hash_table_new_full (g_str_hash, g_str_equal, - NULL, + g_free, (GDestroyNotify) parsed_action_free); priv->parsed_files = g_hash_table_new_full (g_str_hash, @@ -988,7 +986,6 @@ _end (void *data, const char *el) icon_name = pd->global_icon_name; action = g_new0 (ParsedAction, 1); - action->action_id = g_strdup (pd->action_id); action->vendor_name = g_strdup (vendor); action->vendor_url = g_strdup (vendor_url); action->icon_name = g_strdup (icon_name); @@ -1003,7 +1000,8 @@ _end (void *data, const char *el) action->implicit_authorization_inactive = pd->implicit_authorization_inactive; action->implicit_authorization_active = pd->implicit_authorization_active; - g_hash_table_insert (priv->parsed_actions, action->action_id, action); + g_hash_table_insert (priv->parsed_actions, g_strdup (pd->action_id), + action); /* we steal these hash tables */ pd->annotations = NULL; -- cgit v1.2.3 From b62e4526f80284e0e91d646750a678aec075e1b4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Tue, 14 Apr 2015 22:27:41 +0200 Subject: Fix use-after-free in polkitagentsession.c PolkitAgentTextListener's "completed" handler drops the last reference to the session; in fact this is explicitly recommended in the signal's documentation. So we must not access any members of session after emitting the signal. Found while dealing with https://bugs.freedesktop.org/show_bug.cgi?id=69501 Origin: upstream, 0.113, commit:efb6cd56a423ba15bb1f44ee3c4987aad5a5fd45 Gbp-Pq: Topic 0.113 Gbp-Pq: Name Fix-use-after-free-in-polkitagentsession.c.patch --- src/polkitagent/polkitagentsession.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/polkitagent/polkitagentsession.c b/src/polkitagent/polkitagentsession.c index 6a3d6bc9..46fbaf06 100644 --- a/src/polkitagent/polkitagentsession.c +++ b/src/polkitagent/polkitagentsession.c @@ -412,8 +412,9 @@ complete_session (PolkitAgentSession *session, { if (G_UNLIKELY (_show_debug ())) g_print ("PolkitAgentSession: emitting ::completed(%s)\n", result ? "TRUE" : "FALSE"); - g_signal_emit_by_name (session, "completed", result); session->have_emitted_completed = TRUE; + /* Note that the signal handler may drop the last reference to session. */ + g_signal_emit_by_name (session, "completed", result); } } -- cgit v1.2.3 From 3b1394d5848f55a68bf84b049ed02e935c972ea3 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Thu, 4 Jun 2015 08:41:36 -0400 Subject: README: Note to send security reports via DBus's mechanism This avoids duplicating effort. Origin: upstream, 0.113, commit:ccec766c509d16dab417582e94f43d906cefd4ae Gbp-Pq: Topic 0.113 Gbp-Pq: Name README-Note-to-send-security-reports-via-DBus-s-mech.patch --- README | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/README b/README index b0751627..07230029 100644 --- a/README +++ b/README @@ -22,6 +22,22 @@ To verify the authenticity of the compressed tarball, use this command BUGS and DEVELOPMENT ==================== -Please report bugs via the freedesktop.org bugzilla at +Please report non-security bugs via the freedesktop.org bugzilla at https://bugs.freedesktop.org/enter_bug.cgi?product=PolicyKit + +SECURITY ISSUES +=============== + +polkit uses the same mechanism for reporting security issues as dbus, +the most recent copy of instructions can be found in the DBus git +repository: + +http://cgit.freedesktop.org/dbus/dbus/tree/HACKING + +A copy of the instructions as of 2015-06-04: + +If you find a security vulnerability that is not known to the public, +please report it privately to dbus-security@lists.freedesktop.org +or by reporting a freedesktop.org bug that is marked as +restricted to the "D-BUS security group". -- cgit v1.2.3 From 80936806d89bfbeb2b094b1b696e748a9c8b214c Mon Sep 17 00:00:00 2001 From: Dariusz Gadomski Date: Tue, 10 Nov 2015 10:52:02 +0100 Subject: Fix multi-line pam text info. There are pam modules (e.g. pam_vas) that may attempt to display multi-line PAM_TEXT_INFO messages. Polkit was interpreting the lines after the first one as a separate message that was not recognized causing the authorization to fail. Escaping these strings and unescaping them fixes the issue. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=92886 Origin: upstream, 0.114, commit:10597322eccc320f9053821750ae9af51e918d74 Gbp-Pq: Topic 0.114 Gbp-Pq: Name Fix-multi-line-pam-text-info.patch --- src/polkitagent/polkitagenthelper-pam.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/src/polkitagent/polkitagenthelper-pam.c b/src/polkitagent/polkitagenthelper-pam.c index 19062aa8..063d656d 100644 --- a/src/polkitagent/polkitagenthelper-pam.c +++ b/src/polkitagent/polkitagenthelper-pam.c @@ -302,10 +302,15 @@ conversation_function (int n, const struct pam_message **msg, struct pam_respons case PAM_TEXT_INFO: fprintf (stdout, "PAM_TEXT_INFO "); conv2: - fputs (msg[i]->msg, stdout); - if (strlen (msg[i]->msg) > 0 && - msg[i]->msg[strlen (msg[i]->msg) - 1] != '\n') - fputc ('\n', stdout); + tmp = g_strdup (msg[i]->msg); + len = strlen (tmp); + if (len > 0 && tmp[len - 1] == '\n') + tmp[len - 1] = '\0'; + escaped = g_strescape (tmp, NULL); + g_free (tmp); + fputs (escaped, stdout); + g_free (escaped); + fputc ('\n', stdout); fflush (stdout); break; -- cgit v1.2.3 From 35fe8c667194009255af7e5a2080d33bfbf864a3 Mon Sep 17 00:00:00 2001 From: Dariusz Gadomski Date: Thu, 12 Nov 2015 15:01:19 +0100 Subject: Refactor send_to_helper usage There were duplicated pieces of code detecting EOLs and escaping the code. Those actions has been delegated to already-existing send_to_helper function. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=92886 Origin: upstream, 0.114, commit:2690cd0312b310946c86674c8dd1f55c63f7dd6a Gbp-Pq: Topic 0.114 Gbp-Pq: Name Refactor-send_to_helper-usage.patch --- src/polkitagent/polkitagenthelper-pam.c | 81 +++++++++++---------------------- 1 file changed, 26 insertions(+), 55 deletions(-) diff --git a/src/polkitagent/polkitagenthelper-pam.c b/src/polkitagent/polkitagenthelper-pam.c index 063d656d..3ea3a3f2 100644 --- a/src/polkitagent/polkitagenthelper-pam.c +++ b/src/polkitagent/polkitagenthelper-pam.c @@ -39,25 +39,35 @@ static void send_to_helper (const gchar *str1, const gchar *str2) { + char *escaped; + char *tmp2; + size_t len2; + + tmp2 = g_strdup(str2); + len2 = strlen(tmp2); #ifdef PAH_DEBUG - fprintf (stderr, "polkit-agent-helper-1: writing `%s' to stdout\n", str1); + fprintf (stderr, "polkit-agent-helper-1: writing `%s ' to stdout\n", str1); #endif /* PAH_DEBUG */ - fprintf (stdout, "%s", str1); + fprintf (stdout, "%s ", str1); + + if (len2 > 0 && tmp2[len2 - 1] == '\n') + tmp2[len2 - 1] = '\0'; + escaped = g_strescape (tmp2, NULL); #ifdef PAH_DEBUG - fprintf (stderr, "polkit-agent-helper-1: writing `%s' to stdout\n", str2); + fprintf (stderr, "polkit-agent-helper-1: writing `%s' to stdout\n", escaped); #endif /* PAH_DEBUG */ - fprintf (stdout, "%s", str2); - if (strlen (str2) > 0 && str2[strlen (str2) - 1] != '\n') - { + fprintf (stdout, "%s", escaped); #ifdef PAH_DEBUG - fprintf (stderr, "polkit-agent-helper-1: writing newline to stdout\n"); + fprintf (stderr, "polkit-agent-helper-1: writing newline to stdout\n"); #endif /* PAH_DEBUG */ - fputc ('\n', stdout); - } + fputc ('\n', stdout); #ifdef PAH_DEBUG fprintf (stderr, "polkit-agent-helper-1: flushing stdout\n"); #endif /* PAH_DEBUG */ fflush (stdout); + + g_free (escaped); + g_free (tmp2); } int @@ -89,7 +99,7 @@ main (int argc, char *argv[]) /* Special-case a very common error triggered in jhbuild setups */ s = g_strdup_printf ("Incorrect permissions on %s (needs to be setuid root)", argv[0]); - send_to_helper ("PAM_ERROR_MSG ", s); + send_to_helper ("PAM_ERROR_MSG", s); g_free (s); goto error; } @@ -232,9 +242,6 @@ conversation_function (int n, const struct pam_message **msg, struct pam_respons struct pam_response *aresp; char buf[PAM_MAX_RESP_SIZE]; int i; - gchar *escaped = NULL; - gchar *tmp = NULL; - size_t len; (void)data; if (n <= 0 || n > PAM_MAX_NUM_MSG) @@ -251,38 +258,13 @@ conversation_function (int n, const struct pam_message **msg, struct pam_respons { case PAM_PROMPT_ECHO_OFF: -#ifdef PAH_DEBUG - fprintf (stderr, "polkit-agent-helper-1: writing `PAM_PROMPT_ECHO_OFF ' to stdout\n"); -#endif /* PAH_DEBUG */ - fprintf (stdout, "PAM_PROMPT_ECHO_OFF "); + send_to_helper ("PAM_PROMPT_ECHO_OFF", msg[i]->msg); goto conv1; case PAM_PROMPT_ECHO_ON: -#ifdef PAH_DEBUG - fprintf (stderr, "polkit-agent-helper-1: writing `PAM_PROMPT_ECHO_ON ' to stdout\n"); -#endif /* PAH_DEBUG */ - fprintf (stdout, "PAM_PROMPT_ECHO_ON "); - conv1: -#ifdef PAH_DEBUG - fprintf (stderr, "polkit-agent-helper-1: writing `%s' to stdout\n", msg[i]->msg); -#endif /* PAH_DEBUG */ - tmp = g_strdup (msg[i]->msg); - len = strlen (tmp); - if (len > 0 && tmp[len - 1] == '\n') - tmp[len - 1] = '\0'; - escaped = g_strescape (tmp, NULL); - g_free (tmp); - fputs (escaped, stdout); - g_free (escaped); -#ifdef PAH_DEBUG - fprintf (stderr, "polkit-agent-helper-1: writing newline to stdout\n"); -#endif /* PAH_DEBUG */ - fputc ('\n', stdout); -#ifdef PAH_DEBUG - fprintf (stderr, "polkit-agent-helper-1: flushing stdout\n"); -#endif /* PAH_DEBUG */ - fflush (stdout); + send_to_helper ("PAM_PROMPT_ECHO_ON", msg[i]->msg); + conv1: if (fgets (buf, sizeof buf, stdin) == NULL) goto error; @@ -296,22 +278,11 @@ conversation_function (int n, const struct pam_message **msg, struct pam_respons break; case PAM_ERROR_MSG: - fprintf (stdout, "PAM_ERROR_MSG "); - goto conv2; + send_to_helper ("PAM_ERROR_MSG", msg[i]->msg); + break; case PAM_TEXT_INFO: - fprintf (stdout, "PAM_TEXT_INFO "); - conv2: - tmp = g_strdup (msg[i]->msg); - len = strlen (tmp); - if (len > 0 && tmp[len - 1] == '\n') - tmp[len - 1] = '\0'; - escaped = g_strescape (tmp, NULL); - g_free (tmp); - fputs (escaped, stdout); - g_free (escaped); - fputc ('\n', stdout); - fflush (stdout); + send_to_helper ("PAM_TEXT_INFO", msg[i]->msg); break; default: -- cgit v1.2.3 From 3a38c4bd93f910c7c15f8981a8f36ccc7f146c09 Mon Sep 17 00:00:00 2001 From: Matthias Clasen Date: Fri, 15 Jul 2016 11:12:35 -0400 Subject: Add gettext support for .policy files gettext can extract strings from and merge them back into xml file formats, with the help of .its files. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=96940 Origin: upstream, 0.114, commit:c78819245ff8a270f97c9f800773e727918be838 Gbp-Pq: Topic 0.114 Gbp-Pq: Name Add-gettext-support-for-.policy-files.patch --- data/Makefile.am | 5 +++++ data/polkit.its | 7 +++++++ data/polkit.loc | 6 ++++++ 3 files changed, 18 insertions(+) create mode 100644 data/polkit.its create mode 100644 data/polkit.loc diff --git a/data/Makefile.am b/data/Makefile.am index f0beeba4..e1a60aad 100644 --- a/data/Makefile.am +++ b/data/Makefile.am @@ -20,6 +20,11 @@ endif pkgconfigdir = $(libdir)/pkgconfig pkgconfig_DATA = polkit-gobject-1.pc polkit-backend-1.pc polkit-agent-1.pc +# ---------------------------------------------------------------------------------------------------- + +itsdir = $(datadir)/gettext/its +its_DATA = polkit.loc polkit.its + CLEANFILES = $(BUILT_SOURCES) EXTRA_DIST = \ diff --git a/data/polkit.its b/data/polkit.its new file mode 100644 index 00000000..1312ecbe --- /dev/null +++ b/data/polkit.its @@ -0,0 +1,7 @@ + + + + diff --git a/data/polkit.loc b/data/polkit.loc new file mode 100644 index 00000000..c7427ec6 --- /dev/null +++ b/data/polkit.loc @@ -0,0 +1,6 @@ + + + + + + -- cgit v1.2.3 From 0de90ca2dcc7843d30e0229b254b88c8e171f816 Mon Sep 17 00:00:00 2001 From: Peter Hutterer Date: Thu, 20 Oct 2016 10:50:58 +1000 Subject: gettext: switch to default-translate "no" The default appears to be to translate all entries. This rule never takes effect, the path to /action/message and /action/description is wrong (/action is not a root node). Since we wanted them to be translated, it doesn't matter. But it also translates all other tags (vendor, allow_any, etc.) and that causes polkit to be unhappy, it can't handle the various language versions of "no" ** (polkitd:27434): WARNING **: Unknown PolkitImplicitAuthorization string 'tidak' Switch to a default of "no" and explicitly include the message and description strings to be translated. The patch was modified for PolicyKit by Ondrej Holy . Bug: https://bugs.freedesktop.org/show_bug.cgi?id=98366 Origin: upstream, 0.114, commit:32e9a69c335324a53a2c0ba4e0b513fb044be0fd Gbp-Pq: Topic 0.114 Gbp-Pq: Name gettext-switch-to-default-translate-no.patch --- data/polkit.its | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/data/polkit.its b/data/polkit.its index 1312ecbe..1c37e6be 100644 --- a/data/polkit.its +++ b/data/polkit.its @@ -1,7 +1,8 @@ - + -- cgit v1.2.3 From a0ec0264825c9d9af592c6eb153435e97f02cc36 Mon Sep 17 00:00:00 2001 From: Sebastien Bacher Date: Mon, 2 Apr 2018 10:52:47 -0400 Subject: Support polkit session agent running outside user session commit a68f5dfd7662767b7b9822090b70bc5bd145c50c made session applications that are running from a user bus work with polkitd, by falling back to using the currently active session. This commit is similar, but for the polkit agent. It allows, a polkit agent to be run from a systemd --user service that's not running directly in the users session. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=96977 Applied-upstream: 0.114, commit:00a663e3fb14d8023e7cb6a66d091872bf4f2851 Gbp-Pq: Topic 0.114 Gbp-Pq: Name Support-polkit-session-agent-running-outside-user-session.patch --- src/polkit/polkitunixsession-systemd.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/src/polkit/polkitunixsession-systemd.c b/src/polkit/polkitunixsession-systemd.c index 8a8bf65b..c34f36a9 100644 --- a/src/polkit/polkitunixsession-systemd.c +++ b/src/polkit/polkitunixsession-systemd.c @@ -451,6 +451,7 @@ polkit_unix_session_initable_init (GInitable *initable, PolkitUnixSession *session = POLKIT_UNIX_SESSION (initable); gboolean ret = FALSE; char *s; + uid_t uid; if (session->session_id != NULL) { @@ -467,6 +468,19 @@ polkit_unix_session_initable_init (GInitable *initable, goto out; } + /* Now do process -> uid -> graphical session (systemd version 213)*/ + if (sd_pid_get_owner_uid (session->pid, &uid) < 0) + goto error; + + if (sd_uid_get_display (uid, &s) >= 0) + { + session->session_id = g_strdup (s); + free (s); + ret = TRUE; + goto out; + } + +error: g_set_error (error, POLKIT_ERROR, POLKIT_ERROR_FAILED, -- cgit v1.2.3 From c116819681f26004daa0e32945e964e9c125cd41 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Mon, 25 Jun 2018 19:24:06 +0200 Subject: Fix CVE-2018-1116: Trusting client-supplied UID MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit As part of CVE-2013-4288, the D-Bus clients were allowed (and encouraged) to submit the UID of the subject of authorization checks to avoid races against UID changes (notably using executables set-UID to root). However, that also allowed any client to submit an arbitrary UID, and that could be used to bypass "can only ask about / affect the same UID" checks in CheckAuthorization / RegisterAuthenticationAgent / UnregisterAuthenticationAgent. This allowed an attacker: - With CheckAuthorization, to cause the registered authentication agent in victim's session to pop up a dialog, or to determine whether the victim currently has a temporary authorization to perform an operation. (In principle, the attacker can also determine whether JavaScript rules allow the victim process to perform an operation; however, usually rules base their decisions on information determined from the supplied UID, so the attacker usually won't learn anything new.) - With RegisterAuthenticationAgent, to prevent the victim's authentication agent to work (for a specific victim process), or to learn about which operations requiring authorization the victim is attempting. To fix this, expose internal _polkit_unix_process_get_owner() / obsolete polkit_unix_process_get_owner() as a private polkit_unix_process_get_racy_uid__() (being more explicit about the dangers on relying on it), and use it in polkit_backend_session_monitor_get_user_for_subject() to return a boolean indicating whether the subject UID may be caller-chosen. Then, in the permission checks that require the subject to be equal to the caller, fail on caller-chosen UIDs (and continue through the pre-existing code paths which allow root, or root-designated server processes, to ask about arbitrary subjects.) Signed-off-by: Miloslav Trmač Origin: upstream, 0.115, commit:bc7ffad53643a9c80231fc41f5582d6a8931c32c Gbp-Pq: Topic 0.115 Gbp-Pq: Name Fix-CVE-2018-1116-Trusting-client-supplied-UID.patch --- src/polkit/polkitprivate.h | 2 + src/polkit/polkitunixprocess.c | 60 ++++++++++++++++++---- .../polkitbackendinteractiveauthority.c | 39 +++++++++----- .../polkitbackendsessionmonitor-systemd.c | 38 ++++++++++++-- src/polkitbackend/polkitbackendsessionmonitor.c | 40 +++++++++++++-- src/polkitbackend/polkitbackendsessionmonitor.h | 1 + 6 files changed, 147 insertions(+), 33 deletions(-) diff --git a/src/polkit/polkitprivate.h b/src/polkit/polkitprivate.h index 7f5c4634..6274bc90 100644 --- a/src/polkit/polkitprivate.h +++ b/src/polkit/polkitprivate.h @@ -44,6 +44,8 @@ GVariant *polkit_action_description_to_gvariant (PolkitActionDescription *action GVariant *polkit_subject_to_gvariant (PolkitSubject *subject); GVariant *polkit_identity_to_gvariant (PolkitIdentity *identity); +gint polkit_unix_process_get_racy_uid__ (PolkitUnixProcess *process, GError **error); + PolkitSubject *polkit_subject_new_for_gvariant (GVariant *variant, GError **error); PolkitIdentity *polkit_identity_new_for_gvariant (GVariant *variant, GError **error); diff --git a/src/polkit/polkitunixprocess.c b/src/polkit/polkitunixprocess.c index 913be3ac..464f034c 100644 --- a/src/polkit/polkitunixprocess.c +++ b/src/polkit/polkitunixprocess.c @@ -49,6 +49,14 @@ * To uniquely identify processes, both the process id and the start * time of the process (a monotonic increasing value representing the * time since the kernel was started) is used. + * + * NOTE: This object stores, and provides access to, the real UID of the + * process. That value can change over time (with set*uid*(2) and exec*(2)). + * Checks whether an operation is allowed need to take care to use the UID + * value as of the time when the operation was made (or, following the open() + * privilege check model, when the connection making the operation possible + * was initiated). That is usually done by initializing this with + * polkit_unix_process_new_for_owner() with trusted data. */ /** @@ -83,9 +91,6 @@ static void subject_iface_init (PolkitSubjectIface *subject_iface); static guint64 get_start_time_for_pid (gint pid, GError **error); -static gint _polkit_unix_process_get_owner (PolkitUnixProcess *process, - GError **error); - #ifdef HAVE_FREEBSD static gboolean get_kinfo_proc (gint pid, struct kinfo_proc *p); #endif @@ -170,7 +175,7 @@ polkit_unix_process_constructed (GObject *object) { GError *error; error = NULL; - process->uid = _polkit_unix_process_get_owner (process, &error); + process->uid = polkit_unix_process_get_racy_uid__ (process, &error); if (error != NULL) { process->uid = -1; @@ -259,6 +264,12 @@ polkit_unix_process_class_init (PolkitUnixProcessClass *klass) * Gets the user id for @process. Note that this is the real user-id, * not the effective user-id. * + * NOTE: The UID may change over time, so the returned value may not match the + * current state of the underlying process; or the UID may have been set by + * polkit_unix_process_new_for_owner() or polkit_unix_process_set_uid(), + * in which case it may not correspond to the actual UID of the referenced + * process at all (at any point in time). + * * Returns: The user id for @process or -1 if unknown. */ gint @@ -655,18 +666,26 @@ out: return start_time; } -static gint -_polkit_unix_process_get_owner (PolkitUnixProcess *process, - GError **error) +/* + * Private: Return the "current" UID. Note that this is inherently racy, + * and the value may already be obsolete by the time this function returns; + * this function only guarantees that the UID was valid at some point during + * its execution. + */ +gint +polkit_unix_process_get_racy_uid__ (PolkitUnixProcess *process, + GError **error) { gint result; gchar *contents; gchar **lines; + guint64 start_time; #ifdef HAVE_FREEBSD struct kinfo_proc p; #else gchar filename[64]; guint n; + GError *local_error; #endif g_return_val_if_fail (POLKIT_IS_UNIX_PROCESS (process), 0); @@ -689,6 +708,7 @@ _polkit_unix_process_get_owner (PolkitUnixProcess *process, } result = p.ki_uid; + start_time = (guint64) p.ki_start.tv_sec; #else /* see 'man proc' for layout of the status file @@ -722,17 +742,37 @@ _polkit_unix_process_get_owner (PolkitUnixProcess *process, else { result = real_uid; - goto out; + goto found; } } - g_set_error (error, POLKIT_ERROR, POLKIT_ERROR_FAILED, "Didn't find any line starting with `Uid:' in file %s", filename); + goto out; + +found: + /* The UID and start time are, sadly, not available in a single file. So, + * read the UID first, and then the start time; if the start time is the same + * before and after reading the UID, it couldn't have changed. + */ + local_error = NULL; + start_time = get_start_time_for_pid (process->pid, &local_error); + if (local_error != NULL) + { + g_propagate_error (error, local_error); + goto out; + } #endif + if (process->start_time != start_time) + { + g_set_error (error, POLKIT_ERROR, POLKIT_ERROR_FAILED, + "process with PID %d has been replaced", process->pid); + goto out; + } + out: g_strfreev (lines); g_free (contents); @@ -744,5 +784,5 @@ gint polkit_unix_process_get_owner (PolkitUnixProcess *process, GError **error) { - return _polkit_unix_process_get_owner (process, error); + return polkit_unix_process_get_racy_uid__ (process, error); } diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c index 73d0a0e2..97a8d800 100644 --- a/src/polkitbackend/polkitbackendinteractiveauthority.c +++ b/src/polkitbackend/polkitbackendinteractiveauthority.c @@ -563,7 +563,7 @@ log_result (PolkitBackendInteractiveAuthority *authority, if (polkit_authorization_result_get_is_authorized (result)) log_result_str = "ALLOWING"; - user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, subject, NULL); + user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, subject, NULL, NULL); subject_str = polkit_subject_to_string (subject); @@ -837,6 +837,7 @@ polkit_backend_interactive_authority_check_authorization (PolkitBackendAuthority gchar *subject_str; PolkitIdentity *user_of_caller; PolkitIdentity *user_of_subject; + gboolean user_of_subject_matches; gchar *user_of_caller_str; gchar *user_of_subject_str; PolkitAuthorizationResult *result; @@ -882,7 +883,7 @@ polkit_backend_interactive_authority_check_authorization (PolkitBackendAuthority action_id); user_of_caller = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, - caller, + caller, NULL, &error); if (error != NULL) { @@ -897,7 +898,7 @@ polkit_backend_interactive_authority_check_authorization (PolkitBackendAuthority g_debug (" user of caller is %s", user_of_caller_str); user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, - subject, + subject, &user_of_subject_matches, &error); if (error != NULL) { @@ -927,7 +928,10 @@ polkit_backend_interactive_authority_check_authorization (PolkitBackendAuthority * We only allow this if, and only if, * * - processes may check for another process owned by the *same* user but not - * if details are passed (otherwise you'd be able to spoof the dialog) + * if details are passed (otherwise you'd be able to spoof the dialog); + * the caller supplies the user_of_subject value, so we additionally + * require it to match at least at one point in time (via + * user_of_subject_matches). * * - processes running as uid 0 may check anything and pass any details * @@ -935,7 +939,9 @@ polkit_backend_interactive_authority_check_authorization (PolkitBackendAuthority * then any uid referenced by that annotation is also allowed to check * to check anything and pass any details */ - if (!polkit_identity_equal (user_of_caller, user_of_subject) || has_details) + if (!user_of_subject_matches + || !polkit_identity_equal (user_of_caller, user_of_subject) + || has_details) { if (!may_identity_check_authorization (interactive_authority, action_id, user_of_caller)) { @@ -1102,9 +1108,10 @@ check_authorization_sync (PolkitBackendAuthority *authority, goto out; } - /* every subject has a user */ + /* every subject has a user; this is supplied by the client, so we rely + * on the caller to validate its acceptability. */ user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, - subject, + subject, NULL, error); if (user_of_subject == NULL) goto out; @@ -2319,6 +2326,7 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken PolkitSubject *session_for_caller; PolkitIdentity *user_of_caller; PolkitIdentity *user_of_subject; + gboolean user_of_subject_matches; AuthenticationAgent *agent; gboolean ret; gchar *caller_cmdline; @@ -2371,7 +2379,7 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken goto out; } - user_of_caller = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, caller, NULL); + user_of_caller = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, caller, NULL, NULL); if (user_of_caller == NULL) { g_set_error (error, @@ -2380,7 +2388,7 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken "Cannot determine user of caller"); goto out; } - user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, subject, NULL); + user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, subject, &user_of_subject_matches, NULL); if (user_of_subject == NULL) { g_set_error (error, @@ -2389,7 +2397,8 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken "Cannot determine user of subject"); goto out; } - if (!polkit_identity_equal (user_of_caller, user_of_subject)) + if (!user_of_subject_matches + || !polkit_identity_equal (user_of_caller, user_of_subject)) { if (POLKIT_IS_UNIX_USER (user_of_caller) && polkit_unix_user_get_uid (POLKIT_UNIX_USER (user_of_caller)) == 0) { @@ -2482,6 +2491,7 @@ polkit_backend_interactive_authority_unregister_authentication_agent (PolkitBack PolkitSubject *session_for_caller; PolkitIdentity *user_of_caller; PolkitIdentity *user_of_subject; + gboolean user_of_subject_matches; AuthenticationAgent *agent; gboolean ret; gchar *scope_str; @@ -2530,7 +2540,7 @@ polkit_backend_interactive_authority_unregister_authentication_agent (PolkitBack goto out; } - user_of_caller = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, caller, NULL); + user_of_caller = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, caller, NULL, NULL); if (user_of_caller == NULL) { g_set_error (error, @@ -2539,7 +2549,7 @@ polkit_backend_interactive_authority_unregister_authentication_agent (PolkitBack "Cannot determine user of caller"); goto out; } - user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, subject, NULL); + user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, subject, &user_of_subject_matches, NULL); if (user_of_subject == NULL) { g_set_error (error, @@ -2548,7 +2558,8 @@ polkit_backend_interactive_authority_unregister_authentication_agent (PolkitBack "Cannot determine user of subject"); goto out; } - if (!polkit_identity_equal (user_of_caller, user_of_subject)) + if (!user_of_subject_matches + || !polkit_identity_equal (user_of_caller, user_of_subject)) { if (POLKIT_IS_UNIX_USER (user_of_caller) && polkit_unix_user_get_uid (POLKIT_UNIX_USER (user_of_caller)) == 0) { @@ -2658,7 +2669,7 @@ polkit_backend_interactive_authority_authentication_agent_response (PolkitBacken identity_str); user_of_caller = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, - caller, + caller, NULL, error); if (user_of_caller == NULL) goto out; diff --git a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c index 6bd517ab..773256e3 100644 --- a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c +++ b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c @@ -29,6 +29,7 @@ #include #include +#include #include "polkitbackendsessionmonitor.h" /* @@ -246,26 +247,40 @@ polkit_backend_session_monitor_get_sessions (PolkitBackendSessionMonitor *monito * polkit_backend_session_monitor_get_user: * @monitor: A #PolkitBackendSessionMonitor. * @subject: A #PolkitSubject. + * @result_matches: If not %NULL, set to indicate whether the return value matches current (RACY) state. * @error: Return location for error. * * Gets the user corresponding to @subject or %NULL if no user exists. * + * NOTE: For a #PolkitUnixProcess, the UID is read from @subject (which may + * come from e.g. a D-Bus client), so it may not correspond to the actual UID + * of the referenced process (at any point in time). This is indicated by + * setting @result_matches to %FALSE; the caller may reject such subjects or + * require additional privileges. @result_matches == %TRUE only indicates that + * the UID matched the underlying process at ONE point in time, it may not match + * later. + * * Returns: %NULL if @error is set otherwise a #PolkitUnixUser that should be freed with g_object_unref(). */ PolkitIdentity * polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor *monitor, PolkitSubject *subject, + gboolean *result_matches, GError **error) { PolkitIdentity *ret; - guint32 uid; + gboolean matches; ret = NULL; + matches = FALSE; if (POLKIT_IS_UNIX_PROCESS (subject)) { - uid = polkit_unix_process_get_uid (POLKIT_UNIX_PROCESS (subject)); - if ((gint) uid == -1) + gint subject_uid, current_uid; + GError *local_error; + + subject_uid = polkit_unix_process_get_uid (POLKIT_UNIX_PROCESS (subject)); + if (subject_uid == -1) { g_set_error (error, POLKIT_ERROR, @@ -273,14 +288,24 @@ polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor "Unix process subject does not have uid set"); goto out; } - ret = polkit_unix_user_new (uid); + local_error = NULL; + current_uid = polkit_unix_process_get_racy_uid__ (POLKIT_UNIX_PROCESS (subject), &local_error); + if (local_error != NULL) + { + g_propagate_error (error, local_error); + goto out; + } + ret = polkit_unix_user_new (subject_uid); + matches = (subject_uid == current_uid); } else if (POLKIT_IS_SYSTEM_BUS_NAME (subject)) { ret = (PolkitIdentity*)polkit_system_bus_name_get_user_sync (POLKIT_SYSTEM_BUS_NAME (subject), NULL, error); + matches = TRUE; } else if (POLKIT_IS_UNIX_SESSION (subject)) { + uid_t uid; if (sd_session_get_uid (polkit_unix_session_get_session_id (POLKIT_UNIX_SESSION (subject)), &uid) < 0) { @@ -292,9 +317,14 @@ polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor } ret = polkit_unix_user_new (uid); + matches = TRUE; } out: + if (result_matches != NULL) + { + *result_matches = matches; + } return ret; } diff --git a/src/polkitbackend/polkitbackendsessionmonitor.c b/src/polkitbackend/polkitbackendsessionmonitor.c index e1a9ab3a..ed307559 100644 --- a/src/polkitbackend/polkitbackendsessionmonitor.c +++ b/src/polkitbackend/polkitbackendsessionmonitor.c @@ -27,6 +27,7 @@ #include #include +#include #include "polkitbackendsessionmonitor.h" #define CKDB_PATH "/var/run/ConsoleKit/database" @@ -273,28 +274,40 @@ polkit_backend_session_monitor_get_sessions (PolkitBackendSessionMonitor *monito * polkit_backend_session_monitor_get_user: * @monitor: A #PolkitBackendSessionMonitor. * @subject: A #PolkitSubject. + * @result_matches: If not %NULL, set to indicate whether the return value matches current (RACY) state. * @error: Return location for error. * * Gets the user corresponding to @subject or %NULL if no user exists. * + * NOTE: For a #PolkitUnixProcess, the UID is read from @subject (which may + * come from e.g. a D-Bus client), so it may not correspond to the actual UID + * of the referenced process (at any point in time). This is indicated by + * setting @result_matches to %FALSE; the caller may reject such subjects or + * require additional privileges. @result_matches == %TRUE only indicates that + * the UID matched the underlying process at ONE point in time, it may not match + * later. + * * Returns: %NULL if @error is set otherwise a #PolkitUnixUser that should be freed with g_object_unref(). */ PolkitIdentity * polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor *monitor, PolkitSubject *subject, + gboolean *result_matches, GError **error) { PolkitIdentity *ret; + gboolean matches; GError *local_error; - gchar *group; - guint32 uid; ret = NULL; + matches = FALSE; if (POLKIT_IS_UNIX_PROCESS (subject)) { - uid = polkit_unix_process_get_uid (POLKIT_UNIX_PROCESS (subject)); - if ((gint) uid == -1) + gint subject_uid, current_uid; + + subject_uid = polkit_unix_process_get_uid (POLKIT_UNIX_PROCESS (subject)); + if (subject_uid == -1) { g_set_error (error, POLKIT_ERROR, @@ -302,14 +315,26 @@ polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor "Unix process subject does not have uid set"); goto out; } - ret = polkit_unix_user_new (uid); + local_error = NULL; + current_uid = polkit_unix_process_get_racy_uid__ (POLKIT_UNIX_PROCESS (subject), &local_error); + if (local_error != NULL) + { + g_propagate_error (error, local_error); + goto out; + } + ret = polkit_unix_user_new (subject_uid); + matches = (subject_uid == current_uid); } else if (POLKIT_IS_SYSTEM_BUS_NAME (subject)) { ret = (PolkitIdentity*)polkit_system_bus_name_get_user_sync (POLKIT_SYSTEM_BUS_NAME (subject), NULL, error); + matches = TRUE; } else if (POLKIT_IS_UNIX_SESSION (subject)) { + gint uid; + gchar *group; + if (!ensure_database (monitor, error)) { g_prefix_error (error, "Error getting user for session: Error ensuring CK database at " CKDB_PATH ": "); @@ -328,9 +353,14 @@ polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor g_free (group); ret = polkit_unix_user_new (uid); + matches = TRUE; } out: + if (result_matches != NULL) + { + *result_matches = matches; + } return ret; } diff --git a/src/polkitbackend/polkitbackendsessionmonitor.h b/src/polkitbackend/polkitbackendsessionmonitor.h index 8f8a2cae..3972326b 100644 --- a/src/polkitbackend/polkitbackendsessionmonitor.h +++ b/src/polkitbackend/polkitbackendsessionmonitor.h @@ -47,6 +47,7 @@ GList *polkit_backend_session_monitor_get_sessions (Polkit PolkitIdentity *polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor *monitor, PolkitSubject *subject, + gboolean *result_matches, GError **error); PolkitSubject *polkit_backend_session_monitor_get_session_for_subject (PolkitBackendSessionMonitor *monitor, -- cgit v1.2.3 From 8f31237d107c9ec27fc1a8a576efc0bb1e1094a4 Mon Sep 17 00:00:00 2001 From: Jan Rybar Date: Thu, 9 Aug 2018 16:46:38 +0200 Subject: Possible resource leak found by static analyzer Origin: upstream, 0.116, commit:542c6ec832919df6a74e16aba574adaeebe35e08 Gbp-Pq: Topic 0.116 Gbp-Pq: Name Possible-resource-leak-found-by-static-analyzer.patch --- src/polkitagent/polkitagentlistener.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/polkitagent/polkitagentlistener.c b/src/polkitagent/polkitagentlistener.c index 2bfda2d5..00038517 100644 --- a/src/polkitagent/polkitagentlistener.c +++ b/src/polkitagent/polkitagentlistener.c @@ -440,6 +440,7 @@ polkit_agent_listener_register_with_options (PolkitAgentListener *listener, server->thread_initialization_error = NULL; g_thread_join (server->thread); server_free (server); + server = NULL; goto out; } } -- cgit v1.2.3 From f3573e2d6f5f5c7a1bbf29a763bfa6523277015b Mon Sep 17 00:00:00 2001 From: Jan Rybar Date: Wed, 15 Aug 2018 18:50:56 +0200 Subject: Elaborate message printed by polkit when disconnecting from ssh Polkit raises unnecessarily elaborate warning message when user restarts machine from ssh. This message was moved to debug mode. Origin: upstream, 0.116, commit:b1cc525ff5a50e20c9f921f898f0556e07675e58 Gbp-Pq: Topic 0.116 Gbp-Pq: Name Elaborate-message-printed-by-polkit-when-disconnecting-fr.patch --- src/polkitagent/polkitagentlistener.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/src/polkitagent/polkitagentlistener.c b/src/polkitagent/polkitagentlistener.c index 00038517..e0b7b576 100644 --- a/src/polkitagent/polkitagentlistener.c +++ b/src/polkitagent/polkitagentlistener.c @@ -177,10 +177,10 @@ on_notify_authority_owner (GObject *object, owner = polkit_authority_get_owner (server->authority); if (owner == NULL) { - g_printerr ("PolicyKit daemon disconnected from the bus.\n"); + g_debug ("PolicyKit daemon disconnected from the bus.\n"); if (server->is_registered) - g_printerr ("We are no longer a registered authentication agent.\n"); + g_debug ("We are no longer a registered authentication agent.\n"); server->is_registered = FALSE; } @@ -191,17 +191,17 @@ on_notify_authority_owner (GObject *object, { GError *error; - g_printerr ("PolicyKit daemon reconnected to bus.\n"); - g_printerr ("Attempting to re-register as an authentication agent.\n"); + g_debug ("PolicyKit daemon reconnected to bus.\n"); + g_debug ("Attempting to re-register as an authentication agent.\n"); error = NULL; if (server_register (server, &error)) { - g_printerr ("We are now a registered authentication agent.\n"); + g_debug ("We are now a registered authentication agent.\n"); } else { - g_printerr ("Failed to register as an authentication agent: %s\n", error->message); + g_debug ("Failed to register as an authentication agent: %s\n", error->message); g_error_free (error); } } -- cgit v1.2.3 From cd39172b583af9a1a79cfd95d009ab88761b07ba Mon Sep 17 00:00:00 2001 From: Jan Rybar Date: Wed, 15 Aug 2018 18:56:43 +0200 Subject: Error message raised on every 'systemctl start' in emergency.target Superuser should know that polkit is not running in emergency.target. If not, basic info with debug sources is offered instead of error message. Other usecases taken into account. Origin: upstream, 0.116, commit:8c1bc8ab182f33a55503d30aa7a4ee96f822d903 Gbp-Pq: Topic 0.116 Gbp-Pq: Name Error-message-raised-on-every-systemctl-start-in-emergenc.patch --- src/programs/pkttyagent.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/programs/pkttyagent.c b/src/programs/pkttyagent.c index 488ca8b2..fe747657 100644 --- a/src/programs/pkttyagent.c +++ b/src/programs/pkttyagent.c @@ -180,7 +180,8 @@ main (int argc, char *argv[]) authority = polkit_authority_get_sync (NULL /* GCancellable* */, &error); if (authority == NULL) { - g_printerr ("Error getting authority: %s (%s, %d)\n", + g_printerr ("Authorization not available. Check if polkit service is running or see debug message for more information.\n"); + g_debug ("Error getting authority: %s (%s, %d)\n", error->message, g_quark_to_string (error->domain), error->code); g_error_free (error); ret = 127; -- cgit v1.2.3 From 8a686bbc38f288fec999cf044524c226aca8b766 Mon Sep 17 00:00:00 2001 From: Richard Hughes Date: Thu, 19 Oct 2017 13:43:22 +0100 Subject: Fix a critical warning on calling polkit_permission_new_sync with no system bus Origin: upstream, 0.116, commit:984d16e6d21c6d6b0fc28d4fe7fe82575a43c95b Gbp-Pq: Topic 0.116 Gbp-Pq: Name Fix-a-critical-warning-on-calling-polkit_permission_new_s.patch --- src/polkit/polkitpermission.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/src/polkit/polkitpermission.c b/src/polkit/polkitpermission.c index f264094d..d4b24591 100644 --- a/src/polkit/polkitpermission.c +++ b/src/polkit/polkitpermission.c @@ -137,10 +137,13 @@ polkit_permission_finalize (GObject *object) g_free (permission->tmp_authz_id); g_object_unref (permission->subject); - g_signal_handlers_disconnect_by_func (permission->authority, - on_authority_changed, - permission); - g_object_unref (permission->authority); + if (permission->authority != NULL) + { + g_signal_handlers_disconnect_by_func (permission->authority, + on_authority_changed, + permission); + g_object_unref (permission->authority); + } if (G_OBJECT_CLASS (polkit_permission_parent_class)->finalize != NULL) G_OBJECT_CLASS (polkit_permission_parent_class)->finalize (object); -- cgit v1.2.3 From 93db0899f3dda95b6b41f6e5880e4614cee5c06c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Mon, 3 Dec 2018 10:28:58 +0100 Subject: Allow negative uids/gids in PolkitUnixUser and Group objects (uid_t) -1 is still used as placeholder to mean "unset". This is OK, since there should be no users with such number, see https://systemd.io/UIDS-GIDS#special-linux-uids. (uid_t) -1 is used as the default value in class initialization. When a user or group above INT32_MAX is created, the numeric uid or gid wraps around to negative when the value is assigned to gint, and polkit gets confused. Let's accept such gids, except for -1. A nicer fix would be to change the underlying type to e.g. uint32 to not have negative values. But this cannot be done without breaking the API, so likely new functions will have to be added (a polkit_unix_user_new variant that takes a unsigned, and the same for _group_new, _set_uid, _get_uid, _set_gid, _get_gid, etc.). This will require a bigger patch. Fixes https://gitlab.freedesktop.org/polkit/polkit/issues/74. (cherry picked from commit 2cb40c4d5feeaa09325522bd7d97910f1b59e379) Gbp-Pq: Topic 0.116 Gbp-Pq: Name Allow-negative-uids-gids-in-PolkitUnixUser-and-Group-obje.patch --- src/polkit/polkitunixgroup.c | 15 +++++++++++---- src/polkit/polkitunixprocess.c | 12 ++++++++---- src/polkit/polkitunixuser.c | 13 ++++++++++--- 3 files changed, 29 insertions(+), 11 deletions(-) diff --git a/src/polkit/polkitunixgroup.c b/src/polkit/polkitunixgroup.c index c57a1aaa..309f6891 100644 --- a/src/polkit/polkitunixgroup.c +++ b/src/polkit/polkitunixgroup.c @@ -71,6 +71,7 @@ G_DEFINE_TYPE_WITH_CODE (PolkitUnixGroup, polkit_unix_group, G_TYPE_OBJECT, static void polkit_unix_group_init (PolkitUnixGroup *unix_group) { + unix_group->gid = -1; /* (git_t) -1 is not a valid GID under Linux */ } static void @@ -100,11 +101,14 @@ polkit_unix_group_set_property (GObject *object, GParamSpec *pspec) { PolkitUnixGroup *unix_group = POLKIT_UNIX_GROUP (object); + gint val; switch (prop_id) { case PROP_GID: - unix_group->gid = g_value_get_int (value); + val = g_value_get_int (value); + g_return_if_fail (val != -1); + unix_group->gid = val; break; default: @@ -131,9 +135,9 @@ polkit_unix_group_class_init (PolkitUnixGroupClass *klass) g_param_spec_int ("gid", "Group ID", "The UNIX group ID", - 0, + G_MININT, G_MAXINT, - 0, + -1, G_PARAM_CONSTRUCT | G_PARAM_READWRITE | G_PARAM_STATIC_NAME | @@ -166,9 +170,10 @@ polkit_unix_group_get_gid (PolkitUnixGroup *group) */ void polkit_unix_group_set_gid (PolkitUnixGroup *group, - gint gid) + gint gid) { g_return_if_fail (POLKIT_IS_UNIX_GROUP (group)); + g_return_if_fail (gid != -1); group->gid = gid; } @@ -183,6 +188,8 @@ polkit_unix_group_set_gid (PolkitUnixGroup *group, PolkitIdentity * polkit_unix_group_new (gint gid) { + g_return_val_if_fail (gid != -1, NULL); + return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_GROUP, "gid", gid, NULL)); diff --git a/src/polkit/polkitunixprocess.c b/src/polkit/polkitunixprocess.c index 464f034c..02a083f7 100644 --- a/src/polkit/polkitunixprocess.c +++ b/src/polkit/polkitunixprocess.c @@ -147,9 +147,14 @@ polkit_unix_process_set_property (GObject *object, polkit_unix_process_set_pid (unix_process, g_value_get_int (value)); break; - case PROP_UID: - polkit_unix_process_set_uid (unix_process, g_value_get_int (value)); + case PROP_UID: { + gint val; + + val = g_value_get_int (value); + g_return_if_fail (val != -1); + polkit_unix_process_set_uid (unix_process, val); break; + } case PROP_START_TIME: polkit_unix_process_set_start_time (unix_process, g_value_get_uint64 (value)); @@ -227,7 +232,7 @@ polkit_unix_process_class_init (PolkitUnixProcessClass *klass) g_param_spec_int ("uid", "User ID", "The UNIX user ID", - -1, + G_MININT, G_MAXINT, -1, G_PARAM_CONSTRUCT | @@ -291,7 +296,6 @@ polkit_unix_process_set_uid (PolkitUnixProcess *process, gint uid) { g_return_if_fail (POLKIT_IS_UNIX_PROCESS (process)); - g_return_if_fail (uid >= -1); process->uid = uid; } diff --git a/src/polkit/polkitunixuser.c b/src/polkit/polkitunixuser.c index 8bfd3a1f..234a6976 100644 --- a/src/polkit/polkitunixuser.c +++ b/src/polkit/polkitunixuser.c @@ -72,6 +72,7 @@ G_DEFINE_TYPE_WITH_CODE (PolkitUnixUser, polkit_unix_user, G_TYPE_OBJECT, static void polkit_unix_user_init (PolkitUnixUser *unix_user) { + unix_user->uid = -1; /* (uid_t) -1 is not a valid UID under Linux */ unix_user->name = NULL; } @@ -112,11 +113,14 @@ polkit_unix_user_set_property (GObject *object, GParamSpec *pspec) { PolkitUnixUser *unix_user = POLKIT_UNIX_USER (object); + gint val; switch (prop_id) { case PROP_UID: - unix_user->uid = g_value_get_int (value); + val = g_value_get_int (value); + g_return_if_fail (val != -1); + unix_user->uid = val; break; default: @@ -144,9 +148,9 @@ polkit_unix_user_class_init (PolkitUnixUserClass *klass) g_param_spec_int ("uid", "User ID", "The UNIX user ID", - 0, + G_MININT, G_MAXINT, - 0, + -1, G_PARAM_CONSTRUCT | G_PARAM_READWRITE | G_PARAM_STATIC_NAME | @@ -182,6 +186,7 @@ polkit_unix_user_set_uid (PolkitUnixUser *user, gint uid) { g_return_if_fail (POLKIT_IS_UNIX_USER (user)); + g_return_if_fail (uid != -1); user->uid = uid; } @@ -196,6 +201,8 @@ polkit_unix_user_set_uid (PolkitUnixUser *user, PolkitIdentity * polkit_unix_user_new (gint uid) { + g_return_val_if_fail (uid != -1, NULL); + return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_USER, "uid", uid, NULL)); -- cgit v1.2.3 From a19fa457be44b5360e87c645e466559dbdaab7cc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Mon, 3 Dec 2018 11:20:34 +0100 Subject: tests: add tests for high uids Modified by Marc Deslauriers for polkit 105 (cherry picked from commit b534a10727455409acd54018a9c91000e7626126) Gbp-Pq: Topic 0.116 Gbp-Pq: Name tests-add-tests-for-high-uids.patch --- test/data/etc/group | 1 + test/data/etc/passwd | 2 ++ .../localauthority/10-test/com.example.pkla | 13 +++++++ .../polkitbackendlocalauthoritytest.c | 41 +++++++++++++++++++++- 4 files changed, 56 insertions(+), 1 deletion(-) diff --git a/test/data/etc/group b/test/data/etc/group index 12ef328b..b9acab97 100644 --- a/test/data/etc/group +++ b/test/data/etc/group @@ -5,3 +5,4 @@ john:x:500: jane:x:501: sally:x:502: henry:x:503: +highuid2:x:4000000000: diff --git a/test/data/etc/passwd b/test/data/etc/passwd index 8544febc..5cf14a56 100644 --- a/test/data/etc/passwd +++ b/test/data/etc/passwd @@ -3,3 +3,5 @@ john:x:500:500:John Done:/home/john:/bin/bash jane:x:501:501:Jane Smith:/home/jane:/bin/bash sally:x:502:502:Sally Derp:/home/sally:/bin/bash henry:x:503:503:Henry Herp:/home/henry:/bin/bash +highuid1:x:2147483648:2147483648:The first high uid:/home/highuid1:/sbin/nologin +highuid2:x:4000000000:4000000000:An example high uid:/home/example:/sbin/nologin diff --git a/test/data/etc/polkit-1/localauthority/10-test/com.example.pkla b/test/data/etc/polkit-1/localauthority/10-test/com.example.pkla index bc64c5e9..a35f9a37 100644 --- a/test/data/etc/polkit-1/localauthority/10-test/com.example.pkla +++ b/test/data/etc/polkit-1/localauthority/10-test/com.example.pkla @@ -12,3 +12,16 @@ ResultAny=no ResultInactive=auth_self ResultActive=yes +[User john can do this] +Identity=unix-user:john +Action=net.company.john_action +ResultAny=no +ResultInactive=auth_self +ResultActive=yes + +[User highuid2 can do this] +Identity=unix-user:highuid2 +Action=net.company.highuid2_action +ResultAny=no +ResultInactive=auth_self +ResultActive=yes diff --git a/test/polkitbackend/polkitbackendlocalauthoritytest.c b/test/polkitbackend/polkitbackendlocalauthoritytest.c index 617c2549..b0bfefef 100644 --- a/test/polkitbackend/polkitbackendlocalauthoritytest.c +++ b/test/polkitbackend/polkitbackendlocalauthoritytest.c @@ -226,7 +226,46 @@ struct auth_context check_authorization_test_data [] = { {"unix-user:jane", TRUE, TRUE, "com.example.awesomeproduct.bar", POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED}, - + /* highuid1 is not a member of group 'users', see test/data/etc/group + * group_membership_with_non_member(highuid22) */ + {"unix-user:highuid2", TRUE, TRUE, "com.example.awesomeproduct.foo", + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN}, + /* highuid2 is not a member of group 'users', see test/data/etc/group + * group_membership_with_non_member(highuid21) */ + {"unix-user:highuid2", TRUE, TRUE, "com.example.awesomeproduct.foo", + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN}, + /* highuid1 is not a member of group 'users', see test/data/etc/group + * group_membership_with_non_member(highuid24) */ + {"unix-user:2147483648", TRUE, TRUE, "com.example.awesomeproduct.foo", + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN}, + /* highuid2 is not a member of group 'users', see test/data/etc/group + * group_membership_with_non_member(highuid23) */ + {"unix-user:4000000000", TRUE, TRUE, "com.example.awesomeproduct.foo", + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN}, + /* john is authorized to do this, see com.example.pkla + * john_action */ + {"unix-user:john", TRUE, TRUE, "net.company.john_action", + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, + POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED}, + /* only john is authorized to do this, see com.example.pkla + * jane_action */ + {"unix-user:jane", TRUE, TRUE, "net.company.john_action", + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN}, + /* highuid2 is authorized to do this, see com.example.pkla + * highuid2_action */ + {"unix-user:highuid2", TRUE, TRUE, "net.company.highuid2_action", + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, + POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED}, + /* only highuid2 is authorized to do this, see com.example.pkla + * highuid1_action */ + {"unix-user:highuid1", TRUE, TRUE, "net.company.highuid2_action", + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN}, {NULL}, }; -- cgit v1.2.3 From 04ffa7a3313f3cd88e4d6a8a67f31e23a6ff2629 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Fri, 4 Jan 2019 14:24:48 -0500 Subject: backend: Compare PolkitUnixProcess uids for temporary authorizations It turns out that the combination of `(pid, start time)` is not enough to be unique. For temporary authorizations, we can avoid separate users racing on pid reuse by simply comparing the uid. https://bugs.chromium.org/p/project-zero/issues/detail?id=1692 And the above original email report is included in full in a new comment. Reported-by: Jann Horn Bug: https://gitlab.freedesktop.org/polkit/polkit/issues/75 Origin: upstream, 0.116, commit:6cc6aafee135ba44ea748250d7d29b562ca190e3 Gbp-Pq: Topic 0.116 Gbp-Pq: Name backend-Compare-PolkitUnixProcess-uids-for-temporary-auth.patch --- src/polkit/polkitsubject.c | 2 + src/polkit/polkitunixprocess.c | 71 +++++++++++++++++++++- .../polkitbackendinteractiveauthority.c | 39 +++++++++++- 3 files changed, 110 insertions(+), 2 deletions(-) diff --git a/src/polkit/polkitsubject.c b/src/polkit/polkitsubject.c index 78ec745a..fadcfe9b 100644 --- a/src/polkit/polkitsubject.c +++ b/src/polkit/polkitsubject.c @@ -99,6 +99,8 @@ polkit_subject_hash (PolkitSubject *subject) * @b: A #PolkitSubject. * * Checks if @a and @b are equal, ie. represent the same subject. + * However, avoid calling polkit_subject_equal() to compare two processes; + * for more information see the `PolkitUnixProcess` documentation. * * This function can be used in e.g. g_hash_table_new(). * diff --git a/src/polkit/polkitunixprocess.c b/src/polkit/polkitunixprocess.c index 02a083f7..fc5afa1c 100644 --- a/src/polkit/polkitunixprocess.c +++ b/src/polkit/polkitunixprocess.c @@ -44,7 +44,10 @@ * @title: PolkitUnixProcess * @short_description: Unix processs * - * An object for representing a UNIX process. + * An object for representing a UNIX process. NOTE: This object as + * designed is now known broken; a mechanism to exploit a delay in + * start time in the Linux kernel was identified. Avoid + * calling polkit_subject_equal() to compare two processes. * * To uniquely identify processes, both the process id and the start * time of the process (a monotonic increasing value representing the @@ -59,6 +62,72 @@ * polkit_unix_process_new_for_owner() with trusted data. */ +/* See https://gitlab.freedesktop.org/polkit/polkit/issues/75 + + But quoting the original email in full here to ensure it's preserved: + + From: Jann Horn + Subject: [SECURITY] polkit: temporary auth hijacking via PID reuse and non-atomic fork + Date: Wednesday, October 10, 2018 5:34 PM + +When a (non-root) user attempts to e.g. control systemd units in the system +instance from an active session over DBus, the access is gated by a polkit +policy that requires "auth_admin_keep" auth. This results in an auth prompt +being shown to the user, asking the user to confirm the action by entering the +password of an administrator account. + +After the action has been confirmed, the auth decision for "auth_admin_keep" is +cached for up to five minutes. Subject to some restrictions, similar actions can +then be performed in this timespan without requiring re-auth: + + - The PID of the DBus client requesting the new action must match the PID of + the DBus client requesting the old action (based on SO_PEERCRED information + forwarded by the DBus daemon). + - The "start time" of the client's PID (as seen in /proc/$pid/stat, field 22) + must not have changed. The granularity of this timestamp is in the + millisecond range. + - polkit polls every two seconds whether a process with the expected start time + still exists. If not, the temporary auth entry is purged. + +Without the start time check, this would obviously be buggy because an attacker +could simply wait for the legitimate client to disappear, then create a new +client with the same PID. + +Unfortunately, the start time check is bypassable because fork() is not atomic. +Looking at the source code of copy_process() in the kernel: + + p->start_time = ktime_get_ns(); + p->real_start_time = ktime_get_boot_ns(); + [...] + retval = copy_thread_tls(clone_flags, stack_start, stack_size, p, tls); + if (retval) + goto bad_fork_cleanup_io; + + if (pid != &init_struct_pid) { + pid = alloc_pid(p->nsproxy->pid_ns_for_children); + if (IS_ERR(pid)) { + retval = PTR_ERR(pid); + goto bad_fork_cleanup_thread; + } + } + +The ktime_get_boot_ns() call is where the "start time" of the process is +recorded. The alloc_pid() call is where a free PID is allocated. In between +these, some time passes; and because the copy_thread_tls() call between them can +access userspace memory when sys_clone() is invoked through the 32-bit syscall +entry point, an attacker can even stall the kernel arbitrarily long at this +point (by supplying a pointer into userspace memory that is associated with a +userfaultfd or is backed by a custom FUSE filesystem). + +This means that an attacker can immediately call sys_clone() when the victim +process is created, often resulting in a process that has the exact same start +time reported in procfs; and then the attacker can delay the alloc_pid() call +until after the victim process has died and the PID assignment has cycled +around. This results in an attacker process that polkit can't distinguish from +the victim process. +*/ + + /** * PolkitUnixProcess: * diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c index 97a8d800..1e17dfd5 100644 --- a/src/polkitbackend/polkitbackendinteractiveauthority.c +++ b/src/polkitbackend/polkitbackendinteractiveauthority.c @@ -2870,6 +2870,43 @@ temporary_authorization_store_free (TemporaryAuthorizationStore *store) g_free (store); } +/* See the comment at the top of polkitunixprocess.c */ +static gboolean +subject_equal_for_authz (PolkitSubject *a, + PolkitSubject *b) +{ + if (!polkit_subject_equal (a, b)) + return FALSE; + + /* Now special case unix processes, as we want to protect against + * pid reuse by including the UID. + */ + if (POLKIT_IS_UNIX_PROCESS (a) && POLKIT_IS_UNIX_PROCESS (b)) { + PolkitUnixProcess *ap = (PolkitUnixProcess*)a; + int uid_a = polkit_unix_process_get_uid ((PolkitUnixProcess*)a); + PolkitUnixProcess *bp = (PolkitUnixProcess*)b; + int uid_b = polkit_unix_process_get_uid ((PolkitUnixProcess*)b); + + if (uid_a != -1 && uid_b != -1) + { + if (uid_a == uid_b) + { + return TRUE; + } + else + { + g_printerr ("denying slowfork; pid %d uid %d != %d!\n", + polkit_unix_process_get_pid (ap), + uid_a, uid_b); + return FALSE; + } + } + /* Fall through; one of the uids is unset so we can't reliably compare */ + } + + return TRUE; +} + static gboolean temporary_authorization_store_has_authorization (TemporaryAuthorizationStore *store, PolkitSubject *subject, @@ -2912,7 +2949,7 @@ temporary_authorization_store_has_authorization (TemporaryAuthorizationStore *st TemporaryAuthorization *authorization = l->data; if (strcmp (action_id, authorization->action_id) == 0 && - polkit_subject_equal (subject_to_use, authorization->subject)) + subject_equal_for_authz (subject_to_use, authorization->subject)) { ret = TRUE; if (out_tmp_authz_id != NULL) -- cgit v1.2.3 From 28ebd42d2f3ad9bb13006ebc0993aaf7d278e23b Mon Sep 17 00:00:00 2001 From: Matthew Leeds Date: Tue, 11 Dec 2018 12:04:26 -0800 Subject: Allow uid of -1 for a PolkitUnixProcess Commit 2cb40c4d5 changed PolkitUnixUser, PolkitUnixGroup, and PolkitUnixProcess to allow negative values for their uid/gid properties, since these are values above INT_MAX which wrap around but are still valid, with the exception of -1 which is not valid. However, PolkitUnixProcess allows a uid of -1 to be passed to polkit_unix_process_new_for_owner() which means polkit is expected to figure out the uid on its own (this happens in the _constructed function). So this commit removes the check in polkit_unix_process_set_property() so that new_for_owner() can be used as documented without producing a critical error message. This does not affect the protection against CVE-2018-19788 which is based on creating a user with a UID up to but not including 4294967295 (-1). Gbp-Pq: Topic 0.116 Gbp-Pq: Name Allow-uid-of-1-for-a-PolkitUnixProcess.patch --- src/polkit/polkitunixprocess.c | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/src/polkit/polkitunixprocess.c b/src/polkit/polkitunixprocess.c index fc5afa1c..53537fa5 100644 --- a/src/polkit/polkitunixprocess.c +++ b/src/polkit/polkitunixprocess.c @@ -216,14 +216,9 @@ polkit_unix_process_set_property (GObject *object, polkit_unix_process_set_pid (unix_process, g_value_get_int (value)); break; - case PROP_UID: { - gint val; - - val = g_value_get_int (value); - g_return_if_fail (val != -1); - polkit_unix_process_set_uid (unix_process, val); + case PROP_UID: + polkit_unix_process_set_uid (unix_process, g_value_get_int (value)); break; - } case PROP_START_TIME: polkit_unix_process_set_start_time (unix_process, g_value_get_uint64 (value)); -- cgit v1.2.3 From 2b11db2ac51645026716219a814ee7ed814c501d Mon Sep 17 00:00:00 2001 From: Jan Rybar Date: Fri, 15 Mar 2019 16:07:53 +0000 Subject: pkttyagent: PolkitAgentTextListener leaves echo tty disabled if SIGINT/SIGTERM If no password is typed into terminal during authentication raised by PolkitAgentTextListener, pkttyagent sends kill (it receives from systemctl/hostnamectl e.g.) without chance to restore echoing back on. This cannot be done in on_request() since it's run in a thread without guarantee the signal is distributed there. Origin: upstream, 0.116, commit:bfb722bbe5a503095cc7e860f282b142f5aa75f1 Gbp-Pq: Topic 0.116 Gbp-Pq: Name pkttyagent-PolkitAgentTextListener-leaves-echo-tty-disabl.patch --- src/programs/pkttyagent.c | 57 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 57 insertions(+) diff --git a/src/programs/pkttyagent.c b/src/programs/pkttyagent.c index fe747657..eaccc058 100644 --- a/src/programs/pkttyagent.c +++ b/src/programs/pkttyagent.c @@ -24,6 +24,10 @@ #endif #include +#include +#include +#include +#include #include #define POLKIT_AGENT_I_KNOW_API_IS_SUBJECT_TO_CHANGE #include @@ -47,6 +51,36 @@ usage (int argc, char *argv[]) } +static volatile sig_atomic_t tty_flags_saved; +struct termios ts; +FILE *tty = NULL; +struct sigaction savesigterm, savesigint, savesigtstp; + + +static void tty_handler(int signal) +{ + switch (signal) + { + case SIGTERM: + sigaction (SIGTERM, &savesigterm, NULL); + break; + case SIGINT: + sigaction (SIGINT, &savesigint, NULL); + break; + case SIGTSTP: + sigaction (SIGTSTP, &savesigtstp, NULL); + break; + } + + if (tty_flags_saved) + { + tcsetattr (fileno (tty), TCSAFLUSH, &ts); + } + + kill(getpid(), signal); +} + + int main (int argc, char *argv[]) { @@ -64,6 +98,8 @@ main (int argc, char *argv[]) guint ret = 126; gint notify_fd = -1; GVariantBuilder builder; + struct sigaction sa; + const char *tty_name = NULL; g_type_init (); @@ -232,6 +268,27 @@ main (int argc, char *argv[]) } } +/* Bash leaves tty echo disabled if SIGINT/SIGTERM comes to polkitagenttextlistener.c::on_request(), + but due to threading the handlers cannot take care of the signal there. + Though if controlling terminal cannot be found, the world won't stop spinning. +*/ + tty_name = ctermid(NULL); + if (tty_name != NULL) + { + tty = fopen(tty_name, "r+"); + } + + if (tty != NULL && !tcgetattr (fileno (tty), &ts)) + { + tty_flags_saved = TRUE; + } + + memset (&sa, 0, sizeof (sa)); + sa.sa_handler = &tty_handler; + sigaction (SIGTERM, &sa, &savesigterm); + sigaction (SIGINT, &sa, &savesigint); + sigaction (SIGTSTP, &sa, &savesigtstp); + loop = g_main_loop_new (NULL, FALSE); g_main_loop_run (loop); -- cgit v1.2.3 From 31119c5602d3736a0bcd6bab1ed72c908917e115 Mon Sep 17 00:00:00 2001 From: Michael Biebl Date: Tue, 2 Oct 2007 22:38:04 +0200 Subject: Use Debian's common-* PAM infrastructure, plus pam_env Forwarded: no, Debian-specific Gbp-Pq: Name 01_pam_polkit.patch --- data/polkit-1.in | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/data/polkit-1.in b/data/polkit-1.in index 142dadd3..6f8af2a0 100644 --- a/data/polkit-1.in +++ b/data/polkit-1.in @@ -1,6 +1,8 @@ #%PAM-1.0 -auth include @PAM_FILE_INCLUDE_AUTH@ -account include @PAM_FILE_INCLUDE_ACCOUNT@ -password include @PAM_FILE_INCLUDE_PASSWORD@ -session include @PAM_FILE_INCLUDE_SESSION@ +@include common-auth +@include common-account +@include common-password +session required pam_env.so readenv=1 user_readenv=0 +session required pam_env.so readenv=1 envfile=/etc/default/locale user_readenv=0 +@include common-session-noninteractive -- cgit v1.2.3 From 7bc89051cbcc6d0391dfaba5d292d0bc3d2eb7c5 Mon Sep 17 00:00:00 2001 From: Robert Ancell Date: Wed, 18 Aug 2010 16:26:15 +1000 Subject: Use gettext for translations in .policy files Bug: http://bugs.freedesktop.org/show_bug.cgi?id=29639 Bug-Ubuntu: https://launchpad.net/bugs/619632 Gbp-Pq: Name 02_gettext.patch --- src/polkitbackend/polkitbackendactionpool.c | 49 +++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) diff --git a/src/polkitbackend/polkitbackendactionpool.c b/src/polkitbackend/polkitbackendactionpool.c index b16ed2f9..3b0e4008 100644 --- a/src/polkitbackend/polkitbackendactionpool.c +++ b/src/polkitbackend/polkitbackendactionpool.c @@ -24,6 +24,8 @@ #include #include #include +#include +#include #include #include @@ -44,7 +46,9 @@ typedef struct gchar *vendor_url; gchar *icon_name; gchar *description; + gchar *description_domain; gchar *message; + gchar *message_domain; PolkitImplicitAuthorization implicit_authorization_any; PolkitImplicitAuthorization implicit_authorization_inactive; @@ -65,7 +69,9 @@ parsed_action_free (ParsedAction *action) g_free (action->vendor_url); g_free (action->icon_name); g_free (action->description); + g_free (action->description_domain); g_free (action->message); + g_free (action->message_domain); g_hash_table_unref (action->localized_description); g_hash_table_unref (action->localized_message); @@ -85,6 +91,7 @@ static void ensure_all_files (PolkitBackendActionPool *pool); static const gchar *_localize (GHashTable *translations, const gchar *untranslated, + const gchar *domain, const gchar *lang); typedef struct @@ -385,9 +392,11 @@ polkit_backend_action_pool_get_action (PolkitBackendActionPool *pool, description = _localize (parsed_action->localized_description, parsed_action->description, + parsed_action->description_domain, locale); message = _localize (parsed_action->localized_message, parsed_action->message, + parsed_action->message_domain, locale); ret = polkit_action_description_new (action_id, @@ -603,11 +612,16 @@ typedef struct { GHashTable *policy_messages; char *policy_description_nolang; + char *policy_description_domain; char *policy_message_nolang; + char *policy_message_domain; /* the value of xml:lang for the thing we're reading in _cdata() */ char *elem_lang; + /* the value of gettext-domain for the thing we're reading in _cdata() */ + char *elem_domain; + char *annotate_key; GHashTable *annotations; @@ -629,8 +643,12 @@ pd_unref_action_data (ParserData *pd) g_free (pd->policy_description_nolang); pd->policy_description_nolang = NULL; + g_free (pd->policy_description_domain); + pd->policy_description_domain = NULL; g_free (pd->policy_message_nolang); pd->policy_message_nolang = NULL; + g_free (pd->policy_message_domain); + pd->policy_message_domain = NULL; if (pd->policy_descriptions != NULL) { g_hash_table_unref (pd->policy_descriptions); @@ -650,6 +668,8 @@ pd_unref_action_data (ParserData *pd) } g_free (pd->elem_lang); pd->elem_lang = NULL; + g_free (pd->elem_domain); + pd->elem_domain = NULL; } static void @@ -737,6 +757,10 @@ _start (void *data, const char *el, const char **attr) { pd->elem_lang = g_strdup (attr[1]); } + if (num_attr == 2 && strcmp (attr[0], "gettext-domain") == 0) + { + pd->elem_domain = g_strdup (attr[1]); + } state = STATE_IN_ACTION_DESCRIPTION; } else if (strcmp (el, "message") == 0) @@ -745,6 +769,10 @@ _start (void *data, const char *el, const char **attr) { pd->elem_lang = g_strdup (attr[1]); } + if (num_attr == 2 && strcmp (attr[0], "gettext-domain") == 0) + { + pd->elem_domain = g_strdup (attr[1]); + } state = STATE_IN_ACTION_MESSAGE; } else if (strcmp (el, "vendor") == 0 && num_attr == 0) @@ -847,6 +875,7 @@ _cdata (void *data, const char *s, int len) { g_free (pd->policy_description_nolang); pd->policy_description_nolang = str; + pd->policy_description_domain = g_strdup (pd->elem_domain); str = NULL; } else @@ -863,6 +892,7 @@ _cdata (void *data, const char *s, int len) { g_free (pd->policy_message_nolang); pd->policy_message_nolang = str; + pd->policy_message_domain = g_strdup (pd->elem_domain); str = NULL; } else @@ -960,6 +990,8 @@ _end (void *data, const char *el) g_free (pd->elem_lang); pd->elem_lang = NULL; + g_free (pd->elem_domain); + pd->elem_domain = NULL; switch (pd->state) { @@ -990,7 +1022,9 @@ _end (void *data, const char *el) action->vendor_url = g_strdup (vendor_url); action->icon_name = g_strdup (icon_name); action->description = g_strdup (pd->policy_description_nolang); + action->description_domain = g_strdup (pd->policy_description_domain); action->message = g_strdup (pd->policy_message_nolang); + action->message_domain = g_strdup (pd->policy_message_domain); action->localized_description = pd->policy_descriptions; action->localized_message = pd->policy_messages; @@ -1093,6 +1127,7 @@ error: * _localize: * @translations: a mapping from xml:lang to the value, e.g. 'da' -> 'Smadre', 'en_CA' -> 'Punch, Aye!' * @untranslated: the untranslated value, e.g. 'Punch' + * @domain: the gettext domain for this string. Make be NULL. * @lang: the locale we're interested in, e.g. 'da_DK', 'da', 'en_CA', 'en_US'; basically just $LANG * with the encoding cut off. Maybe be NULL. * @@ -1103,11 +1138,25 @@ error: static const gchar * _localize (GHashTable *translations, const gchar *untranslated, + const gchar *domain, const gchar *lang) { const gchar *result; gchar **langs; guint n; + + if (domain != NULL) + { + gchar *old_locale; + + old_locale = g_strdup (setlocale (LC_ALL, NULL)); + setlocale (LC_ALL, lang); + result = dgettext (domain, untranslated); + setlocale (LC_ALL, old_locale); + g_free (old_locale); + + goto out; + } if (lang == NULL) { -- cgit v1.2.3 From fb28599b65858421531d6e720733ac3975c3ae62 Mon Sep 17 00:00:00 2001 From: Michael Biebl Date: Fri, 9 Dec 2011 00:31:21 +0100 Subject: Revert "Default to AdminIdentities=unix-group:wheel for local authority" This reverts commit 763faf434b445c20ae9529100d3ef5290976d0c9. On Red Hat derivatives, every member of group 'wheel' is necessarily privileged. On Debian derivatives, there is no wheel group, and gid 0 (root) is not used in this way. Change the default rule to consider uid 0 to be privileged, instead. On Red Hat derivatives, 50-default.rules is not preserved by upgrades; on dpkg-based systems, it is a proper conffile and may be edited (at the sysadmin's own risk), so the comment about not editing it is misleading. [smcv: added longer explanation of why we make this change; remove unrelated cosmetic change to a man page] Forwarded: no, Debian-specific Gbp-Pq: Name 05_revert-admin-identities-unix-group-wheel.patch --- src/polkitbackend/50-localauthority.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/polkitbackend/50-localauthority.conf b/src/polkitbackend/50-localauthority.conf index 5e44bde0..20e0ba34 100644 --- a/src/polkitbackend/50-localauthority.conf +++ b/src/polkitbackend/50-localauthority.conf @@ -7,4 +7,4 @@ # [Configuration] -AdminIdentities=unix-group:wheel +AdminIdentities=unix-user:0 -- cgit v1.2.3 From fd9b80548beae8941cab779b96ce2a9175f1ab3b Mon Sep 17 00:00:00 2001 From: Michael Biebl Date: Sat, 11 Feb 2012 23:48:29 +0100 Subject: Install systemd service file for polkitd. Forwarded: no, obsoleted by an upstream commit in 0.106 Gbp-Pq: Name 06_systemd-service.patch --- data/org.freedesktop.PolicyKit1.service.in | 1 + 1 file changed, 1 insertion(+) diff --git a/data/org.freedesktop.PolicyKit1.service.in b/data/org.freedesktop.PolicyKit1.service.in index b6cd02b6..fbceb3ff 100644 --- a/data/org.freedesktop.PolicyKit1.service.in +++ b/data/org.freedesktop.PolicyKit1.service.in @@ -2,3 +2,4 @@ Name=org.freedesktop.PolicyKit1 Exec=@libexecdir@/polkitd --no-debug User=root +SystemdService=polkit.service -- cgit v1.2.3 From 1283cacc9314f65509b027d7e39e34d0506b6d45 Mon Sep 17 00:00:00 2001 From: Michael Biebl Date: Wed, 8 Jul 2015 02:08:33 +0200 Subject: Build against libsystemd Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779756 Forwarded: no, obsoleted by upstream commit 2291767a014f5a04a92ca6f0eb472794f212ca67 in 0.113 Gbp-Pq: Name 10_build-against-libsystemd.patch --- configure.ac | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/configure.ac b/configure.ac index 388605d2..f55ddb7f 100644 --- a/configure.ac +++ b/configure.ac @@ -160,7 +160,7 @@ AC_ARG_ENABLE([systemd], [enable_systemd=auto]) if test "$enable_systemd" != "no"; then PKG_CHECK_MODULES(SYSTEMD, - [libsystemd-login], + [libsystemd], have_systemd=yes, have_systemd=no) if test "$have_systemd" = "yes"; then @@ -171,7 +171,7 @@ if test "$enable_systemd" != "no"; then LIBS=$save_LIBS else if test "$enable_systemd" = "yes"; then - AC_MSG_ERROR([systemd support requested but libsystemd-login1 library not found]) + AC_MSG_ERROR([systemd support requested but libsystemd library not found]) fi fi fi -- cgit v1.2.3 From 4569aa61ada519df7cf12d701a55f9ec9c7fb849 Mon Sep 17 00:00:00 2001 From: Michael Biebl Date: Tue, 27 Nov 2018 18:36:27 +0100 Subject: Move D-Bus policy file to /usr/share/dbus-1/system.d/ To better support stateless systems with an empty /etc, the old location in /etc/dbus-1/system.d/ should only be used for local admin changes. Package provided D-Bus policy files are supposed to be installed in /usr/share/dbus-1/system.d/. This is supported since dbus 1.9.18. https://lists.freedesktop.org/archives/dbus/2015-July/016746.html https://gitlab.freedesktop.org/polkit/polkit/merge_requests/11 Gbp-Pq: Name Move-D-Bus-policy-file-to-usr-share-dbus-1-system.d.patch --- data/Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/Makefile.am b/data/Makefile.am index e1a60aad..3d874390 100644 --- a/data/Makefile.am +++ b/data/Makefile.am @@ -9,7 +9,7 @@ service_DATA = $(service_in_files:.service.in=.service) $(service_DATA): $(service_in_files) Makefile @sed -e "s|\@libexecdir\@|$(libexecdir)|" $< > $@ -dbusconfdir = $(sysconfdir)/dbus-1/system.d +dbusconfdir = $(datadir)/dbus-1/system.d dbusconf_DATA = org.freedesktop.PolicyKit1.conf if POLKIT_AUTHFW_PAM -- cgit v1.2.3 From 34c83beb91a7aca65ead61a616116016381f46d9 Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Thu, 4 Jul 2019 14:12:44 +0100 Subject: Statically link libpolkit-backend1 into polkitd Nothing else in Debian depends on that library: in principle it was meant to be used for pluggable polkit backends, but those never actually happened, and the library's API was never declared stable. Similar to part of 0f830c76 "Nuke polkitbackend library, localauthority backend and extension system" upstream. Signed-off-by: Simon McVittie Gbp-Pq: Name Statically-link-libpolkit-backend1-into-polkitd.patch --- configure.ac | 1 - data/Makefile.am | 2 +- data/polkit-backend-1.pc.in | 11 ------ docs/man/polkit.xml | 6 --- docs/polkit/Makefile.am | 3 -- docs/polkit/polkit-1-docs.xml | 7 ---- docs/polkit/polkit-1-sections.txt | 80 --------------------------------------- docs/polkit/polkit-1.types | 9 ----- src/polkitbackend/Makefile.am | 13 +------ 9 files changed, 2 insertions(+), 130 deletions(-) delete mode 100644 data/polkit-backend-1.pc.in diff --git a/configure.ac b/configure.ac index f55ddb7f..abfdd1f3 100644 --- a/configure.ac +++ b/configure.ac @@ -439,7 +439,6 @@ actions/Makefile data/Makefile data/polkit-1 data/polkit-gobject-1.pc -data/polkit-backend-1.pc data/polkit-agent-1.pc src/Makefile src/polkit/Makefile diff --git a/data/Makefile.am b/data/Makefile.am index 3d874390..dad7c2f2 100644 --- a/data/Makefile.am +++ b/data/Makefile.am @@ -18,7 +18,7 @@ pam_DATA = polkit-1 endif pkgconfigdir = $(libdir)/pkgconfig -pkgconfig_DATA = polkit-gobject-1.pc polkit-backend-1.pc polkit-agent-1.pc +pkgconfig_DATA = polkit-gobject-1.pc polkit-agent-1.pc # ---------------------------------------------------------------------------------------------------- diff --git a/data/polkit-backend-1.pc.in b/data/polkit-backend-1.pc.in deleted file mode 100644 index 7f6197d9..00000000 --- a/data/polkit-backend-1.pc.in +++ /dev/null @@ -1,11 +0,0 @@ -prefix=@prefix@ -exec_prefix=@exec_prefix@ -libdir=@libdir@ -includedir=@includedir@ - -Name: polkit-backend-1 -Description: PolicyKit Backend API -Version: @VERSION@ -Libs: -L${libdir} -lpolkit-backend-1 -Cflags: -I${includedir}/polkit-1 -Requires: polkit-gobject-1 diff --git a/docs/man/polkit.xml b/docs/man/polkit.xml index 188c5141..7933779f 100644 --- a/docs/man/polkit.xml +++ b/docs/man/polkit.xml @@ -115,12 +115,6 @@ System Context | | PolicyKit D-Bus service. - - PolicyKit extensions and authority backends are implemented - using the - libpolkit-backend-1 library. - - See the developer diff --git a/docs/polkit/Makefile.am b/docs/polkit/Makefile.am index fd7123f6..c13372b4 100644 --- a/docs/polkit/Makefile.am +++ b/docs/polkit/Makefile.am @@ -31,8 +31,6 @@ INCLUDES = \ $(GIO_CFLAGS) \ -I$(top_srcdir)/src/polkit \ -I$(top_builddir)/src/polkit \ - -I$(top_srcdir)/src/polkitbackend \ - -I$(top_builddir)/src/polkitbackend \ -I$(top_srcdir)/src/polkitagent \ -I$(top_builddir)/src/polkitagent \ $(NULL) @@ -42,7 +40,6 @@ GTKDOC_LIBS = \ $(GLIB_LIBS) \ $(GIO_LIBS) \ $(top_builddir)/src/polkit/libpolkit-gobject-1.la \ - $(top_builddir)/src/polkitbackend/libpolkit-backend-1.la \ $(top_builddir)/src/polkitagent/libpolkit-agent-1.la \ $(NULL) diff --git a/docs/polkit/polkit-1-docs.xml b/docs/polkit/polkit-1-docs.xml index 21b3681e..ec04b263 100644 --- a/docs/polkit/polkit-1-docs.xml +++ b/docs/polkit/polkit-1-docs.xml @@ -47,13 +47,6 @@ - - Backend API Reference - - - - - Authentication Agent API Reference diff --git a/docs/polkit/polkit-1-sections.txt b/docs/polkit/polkit-1-sections.txt index 38810042..41b37e32 100644 --- a/docs/polkit/polkit-1-sections.txt +++ b/docs/polkit/polkit-1-sections.txt @@ -290,86 +290,6 @@ POLKIT_IS_DETAILS_CLASS POLKIT_DETAILS_GET_CLASS
-
-polkitbackendauthority -PolkitBackendAuthority -POLKIT_BACKEND_AUTHORITY_EXTENSION_POINT_NAME -PolkitBackendAuthority -PolkitBackendAuthorityClass -polkit_backend_authority_get_name -polkit_backend_authority_get_version -polkit_backend_authority_get_features -polkit_backend_authority_check_authorization -polkit_backend_authority_check_authorization_finish -polkit_backend_authority_register_authentication_agent -polkit_backend_authority_unregister_authentication_agent -polkit_backend_authority_authentication_agent_response -polkit_backend_authority_enumerate_actions -polkit_backend_authority_enumerate_temporary_authorizations -polkit_backend_authority_revoke_temporary_authorizations -polkit_backend_authority_revoke_temporary_authorization_by_id -polkit_backend_authority_get -polkit_backend_authority_register -polkit_backend_authority_unregister - -POLKIT_BACKEND_AUTHORITY -POLKIT_BACKEND_IS_AUTHORITY -POLKIT_BACKEND_TYPE_AUTHORITY -polkit_backend_authority_get_type -POLKIT_BACKEND_AUTHORITY_CLASS -POLKIT_BACKEND_IS_AUTHORITY_CLASS -POLKIT_BACKEND_AUTHORITY_GET_CLASS -
- -
-polkitbackendactionlookup -PolkitBackendActionLookup -POLKIT_BACKEND_ACTION_LOOKUP_EXTENSION_POINT_NAME -PolkitBackendActionLookup -PolkitBackendActionLookupIface -polkit_backend_action_lookup_get_message -polkit_backend_action_lookup_get_icon_name -polkit_backend_action_lookup_get_details - -POLKIT_BACKEND_ACTION_LOOKUP -POLKIT_BACKEND_IS_ACTION_LOOKUP -POLKIT_BACKEND_TYPE_ACTION_LOOKUP -polkit_backend_action_lookup_get_type -POLKIT_BACKEND_ACTION_LOOKUP_GET_IFACE -
- -
-polkitbackendlocalauthority -PolkitBackendLocalAuthority -PolkitBackendLocalAuthority -PolkitBackendLocalAuthorityClass - -POLKIT_BACKEND_LOCAL_AUTHORITY -POLKIT_BACKEND_IS_LOCAL_AUTHORITY -POLKIT_BACKEND_TYPE_LOCAL_AUTHORITY -polkit_backend_local_authority_get_type -POLKIT_BACKEND_LOCAL_AUTHORITY_CLASS -POLKIT_BACKEND_IS_LOCAL_AUTHORITY_CLASS -POLKIT_BACKEND_LOCAL_AUTHORITY_GET_CLASS -
- -
-polkitbackendinteractiveauthority -PolkitBackendInteractiveAuthority -PolkitBackendInteractiveAuthority -PolkitBackendInteractiveAuthorityClass -polkit_backend_interactive_authority_get_admin_identities -polkit_backend_interactive_authority_check_authorization_sync - -POLKIT_BACKEND_INTERACTIVE_AUTHORITY -POLKIT_BACKEND_IS_INTERACTIVE_AUTHORITY -POLKIT_BACKEND_TYPE_INTERACTIVE_AUTHORITY -polkit_backend_interactive_authority_get_type -POLKIT_BACKEND_INTERACTIVE_AUTHORITY_CLASS -POLKIT_BACKEND_IS_INTERACTIVE_AUTHORITY_CLASS -POLKIT_BACKEND_INTERACTIVE_AUTHORITY_GET_CLASS -
-
polkitagentsession PolkitAgentSession diff --git a/docs/polkit/polkit-1.types b/docs/polkit/polkit-1.types index b1e13cc5..6354d125 100644 --- a/docs/polkit/polkit-1.types +++ b/docs/polkit/polkit-1.types @@ -16,15 +16,6 @@ polkit_authorization_result_get_type polkit_temporary_authorization_get_type polkit_permission_get_type -polkit_backend_authority_get_type -polkit_backend_interactive_authority_get_type -polkit_backend_local_authority_get_type -polkit_backend_action_lookup_get_type -polkit_backend_action_pool_get_type -polkit_backend_session_monitor_get_type -polkit_backend_config_source_get_type -polkit_backend_local_authorization_store_get_type - polkit_agent_session_get_type polkit_agent_listener_get_type polkit_agent_text_listener_get_type diff --git a/src/polkitbackend/Makefile.am b/src/polkitbackend/Makefile.am index b91cafa9..cb25a6b5 100644 --- a/src/polkitbackend/Makefile.am +++ b/src/polkitbackend/Makefile.am @@ -16,18 +16,7 @@ INCLUDES = \ -D_REENTRANT \ $(NULL) -lib_LTLIBRARIES=libpolkit-backend-1.la - -libpolkit_backend_1includedir=$(includedir)/polkit-1/polkitbackend - -libpolkit_backend_1include_HEADERS = \ - polkitbackend.h \ - polkitbackendtypes.h \ - polkitbackendauthority.h \ - polkitbackendinteractiveauthority.h \ - polkitbackendlocalauthority.h \ - polkitbackendactionlookup.h \ - $(NULL) +noinst_LTLIBRARIES=libpolkit-backend-1.la libpolkit_backend_1_la_SOURCES = \ $(BUILT_SOURCES) \ -- cgit v1.2.3 From bd76ab215cf51422ab6c95425f2537d9b292709b Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Thu, 4 Jul 2019 14:30:29 +0100 Subject: Remove example null backend There's no point in this now that we've removed the ability to extend polkit. Signed-off-by: Simon McVittie Gbp-Pq: Name Remove-example-null-backend.patch --- configure.ac | 1 - docs/polkit/overview.xml | 34 ---------------------------------- src/Makefile.am | 2 +- 3 files changed, 1 insertion(+), 36 deletions(-) diff --git a/configure.ac b/configure.ac index abfdd1f3..22b9a192 100644 --- a/configure.ac +++ b/configure.ac @@ -447,7 +447,6 @@ src/polkitagent/Makefile src/polkitd/Makefile src/programs/Makefile src/examples/Makefile -src/nullbackend/Makefile docs/version.xml docs/extensiondir.xml docs/Makefile diff --git a/docs/polkit/overview.xml b/docs/polkit/overview.xml index 8ddb34cc..92515794 100644 --- a/docs/polkit/overview.xml +++ b/docs/polkit/overview.xml @@ -91,38 +91,4 @@ information on standard output. - - - Extending polkit - - polkit exports a number of extension points to - replace/customize behavior of the polkit daemon. Note that - all extensions run with super user privileges in the same - process as the polkit daemon. - - - The polkit daemons loads extensions - from the &extensiondir; directory. See - the GIO Extension Point - documentation for more information about the extension - system used by polkit. - - - The following extension points are currently defined by - polkit: - - - - POLKIT_BACKEND_AUTHORITY_EXTENSION_POINT_NAME - - Allows replacing the Authority – the entity responsible for - making authorization decisions. Implementations of this - extension point must be derived from the - PolkitBackendAuthority class. See - the src/nullbackend/ directory in the - polkit sources for an example. - - - - diff --git a/src/Makefile.am b/src/Makefile.am index 28c7bfa8..3380fb2c 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -1,5 +1,5 @@ -SUBDIRS = polkit polkitbackend polkitagent polkitd nullbackend programs +SUBDIRS = polkit polkitbackend polkitagent polkitd programs if BUILD_EXAMPLES SUBDIRS += examples -- cgit v1.2.3 From 327271518c4ee0c491a5bcfa9355c2a6bad33b3c Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Thu, 3 Jun 2021 17:06:34 +0100 Subject: local privilege escalation using polkit_system_bus_name_get_creds_sync() Origin: upstream Bug: https://gitlab.freedesktop.org/polkit/polkit/-/issues/140 Bug-Debian: https://bugs.debian.org/989429 Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2021-3560 Forwarded: not-needed Last-Update: 2021-06-03 Gbp-Pq: Name CVE-2021-3560.patch --- src/polkit/polkitsystembusname.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/polkit/polkitsystembusname.c b/src/polkit/polkitsystembusname.c index 8daa12cb..8ed13631 100644 --- a/src/polkit/polkitsystembusname.c +++ b/src/polkit/polkitsystembusname.c @@ -435,6 +435,9 @@ polkit_system_bus_name_get_creds_sync (PolkitSystemBusName *system_bus while (!((data.retrieved_uid && data.retrieved_pid) || data.caught_error)) g_main_context_iteration (tmp_context, TRUE); + if (data.caught_error) + goto out; + if (out_uid) *out_uid = data.uid; if (out_pid) -- cgit v1.2.3 From 34b329c1ad02a608be239402aaf41ea3a5cbc775 Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Thu, 13 Jan 2022 05:34:44 +0000 Subject: Import policykit-1_0.105-31.1.debian.tar.xz [dgit import tarball policykit-1 0.105-31.1 policykit-1_0.105-31.1.debian.tar.xz] --- changelog | 951 +++++++++++++++++++++ control | 138 +++ copyright | 48 ++ gbp.conf | 5 + gir1.2-polkit-1.0.install | 1 + libpolkit-agent-1-0.install | 1 + libpolkit-agent-1-0.symbols | 17 + libpolkit-agent-1-dev.install | 5 + libpolkit-gobject-1-0.install | 1 + libpolkit-gobject-1-0.symbols | 149 ++++ libpolkit-gobject-1-dev.install | 5 + ...agenthelper-pam-Fix-newline-trimming-code.patch | 43 + ...-harder-to-look-up-the-right-localization.patch | 53 ++ ...d-crashing-if-initializing-the-server-obj.patch | 33 + ...ild-Fix-.gir-generation-for-parallel-make.patch | 41 + patches/0.110/04_get_cwd.patch | 40 + ...-XAUTHORITY-environment-variable-if-unset.patch | 58 ++ patches/0.111/09_pam_environment.patch | 43 + patches/0.111/Add-a-FIXME-to-polkitprivate.h.patch | 32 + patches/0.111/Fix-a-memory-leak.patch | 22 + patches/0.112/00git_type_registration.patch | 118 +++ patches/0.112/08_deprecate_racy_APIs.patch | 27 + patches/0.112/cve-2013-4288.patch | 116 +++ patches/0.113/00git_fix_memleak.patch | 26 + patches/0.113/00git_invalid_object_paths.patch | 116 +++ ...Session-fix-race-between-child-and-io-wat.patch | 120 +++ .../0.113/CVE-2015-3255-Fix-GHashTable-usage.patch | 68 ++ ...4625-Bind-use-of-cookies-to-specific-uids.patch | 484 +++++++++++ ...25-Use-unpredictable-cookie-values-keep-t.patch | 540 ++++++++++++ ...rd-error-data-returned-by-polkit_system_b.patch | 25 + ...-when-two-authentication-requests-are-in-.patch | 36 + ...y-leak-when-registering-an-authentication.patch | 22 + .../Fix-a-per-authorization-memory-leak.patch | 49 ++ .../0.113/Fix-a-possible-NULL-dereference.patch | 35 + ...-duplicate-GError-use-when-uid-is-missing.patch | 32 + ...ix-use-after-free-in-polkitagentsession.c.patch | 32 + .../Fixed-compilation-problem-in-the-backend.patch | 23 + ...mBusName-Add-public-API-to-retrieve-Unix-.patch | 166 ++++ ...itSystemBusName-Retrieve-both-pid-and-uid.patch | 235 +++++ ...als-non-deprecated-PolkitProcess-API-wher.patch | 29 + ...-to-send-security-reports-via-DBus-s-mech.patch | 39 + ...Refuse-duplicate-user-arguments-to-pkexec.patch | 38 + patches/0.113/Remove-a-redundant-assignment.patch | 26 + ...-for-changes-to-uid-binding-Authenticatio.patch | 259 ++++++ ...-around-systemd-injecting-broken-XDG_RUNT.patch | 76 ++ ...-problem-with-removing-non-existent-sourc.patch | 23 + ...ionmonitor-systemd-Deduplicate-code-paths.patch | 104 +++ ...tor-systemd-Use-sd_uid_get_state-to-check.patch | 73 ++ ...tor-systemd-prepare-for-D-Bus-user-bus-mo.patch | 89 ++ .../Add-gettext-support-for-.policy-files.patch | 58 ++ patches/0.114/Fix-multi-line-pam-text-info.patch | 39 + patches/0.114/Refactor-send_to_helper-usage.patch | 149 ++++ ...ession-agent-running-outside-user-session.patch | 51 ++ .../gettext-switch-to-default-translate-no.patch | 41 + ...on-Fix-a-memory-leak-on-authority-changes.patch | 24 + ...VE-2018-1116-Trusting-client-supplied-UID.patch | 569 ++++++++++++ ...ids-gids-in-PolkitUnixUser-and-Group-obje.patch | 186 ++++ .../Allow-uid-of-1-for-a-PolkitUnixProcess.patch | 43 + ...e-printed-by-polkit-when-disconnecting-fr.patch | 51 ++ ...ised-on-every-systemctl-start-in-emergenc.patch | 27 + ...arning-on-calling-polkit_permission_new_s.patch | 32 + ...le-resource-leak-found-by-static-analyzer.patch | 21 + ...PolkitUnixProcess-uids-for-temporary-auth.patch | 181 ++++ ...tAgentTextListener-leaves-echo-tty-disabl.patch | 101 +++ patches/0.116/tests-add-tests-for-high-uids.patch | 106 +++ patches/01_pam_polkit.patch | 26 + patches/02_gettext.patch | 193 +++++ ..._revert-admin-identities-unix-group-wheel.patch | 35 + patches/06_systemd-service.patch | 18 + patches/10_build-against-libsystemd.patch | 32 + patches/CVE-2021-3560.patch | 22 + ...lege-Escalation-in-polkit-s-pkexec-CVE-20.patch | 68 ++ ...-policy-file-to-usr-share-dbus-1-system.d.patch | 31 + patches/Remove-example-null-backend.patch | 80 ++ ...ally-link-libpolkit-backend1-into-polkitd.patch | 258 ++++++ patches/series | 64 ++ policykit-1-doc.install | 1 + policykit-1-doc.links | 1 + policykit-1.bug-control | 1 + policykit-1.docs | 2 + policykit-1.install | 11 + policykit-1.links | 1 + policykit-1.lintian-overrides | 5 + policykit-1.maintscript | 2 + policykit-1.postinst | 62 ++ policykit-1.postrm | 14 + polkit.service | 8 + rules | 47 + shlibs.local | 2 + source/format | 1 + tests/cli | 39 + tests/cli-root | 1 + tests/control | 7 + upstream/signing-key.asc | 250 ++++++ watch | 3 + 95 files changed, 7676 insertions(+) create mode 100644 changelog create mode 100644 control create mode 100644 copyright create mode 100644 gbp.conf create mode 100644 gir1.2-polkit-1.0.install create mode 100644 libpolkit-agent-1-0.install create mode 100644 libpolkit-agent-1-0.symbols create mode 100644 libpolkit-agent-1-dev.install create mode 100644 libpolkit-gobject-1-0.install create mode 100644 libpolkit-gobject-1-0.symbols create mode 100644 libpolkit-gobject-1-dev.install create mode 100644 patches/0.106/agenthelper-pam-Fix-newline-trimming-code.patch create mode 100644 patches/0.107/Try-harder-to-look-up-the-right-localization.patch create mode 100644 patches/0.108/PolkitAgent-Avoid-crashing-if-initializing-the-server-obj.patch create mode 100644 patches/0.108/build-Fix-.gir-generation-for-parallel-make.patch create mode 100644 patches/0.110/04_get_cwd.patch create mode 100644 patches/0.110/07_set-XAUTHORITY-environment-variable-if-unset.patch create mode 100644 patches/0.111/09_pam_environment.patch create mode 100644 patches/0.111/Add-a-FIXME-to-polkitprivate.h.patch create mode 100644 patches/0.111/Fix-a-memory-leak.patch create mode 100644 patches/0.112/00git_type_registration.patch create mode 100644 patches/0.112/08_deprecate_racy_APIs.patch create mode 100644 patches/0.112/cve-2013-4288.patch create mode 100644 patches/0.113/00git_fix_memleak.patch create mode 100644 patches/0.113/00git_invalid_object_paths.patch create mode 100644 patches/0.113/03_PolkitAgentSession-fix-race-between-child-and-io-wat.patch create mode 100644 patches/0.113/CVE-2015-3255-Fix-GHashTable-usage.patch create mode 100644 patches/0.113/CVE-2015-4625-Bind-use-of-cookies-to-specific-uids.patch create mode 100644 patches/0.113/CVE-2015-4625-Use-unpredictable-cookie-values-keep-t.patch create mode 100644 patches/0.113/Don-t-discard-error-data-returned-by-polkit_system_b.patch create mode 100644 patches/0.113/Fix-a-crash-when-two-authentication-requests-are-in-.patch create mode 100644 patches/0.113/Fix-a-memory-leak-when-registering-an-authentication.patch create mode 100644 patches/0.113/Fix-a-per-authorization-memory-leak.patch create mode 100644 patches/0.113/Fix-a-possible-NULL-dereference.patch create mode 100644 patches/0.113/Fix-duplicate-GError-use-when-uid-is-missing.patch create mode 100644 patches/0.113/Fix-use-after-free-in-polkitagentsession.c.patch create mode 100644 patches/0.113/Fixed-compilation-problem-in-the-backend.patch create mode 100644 patches/0.113/PolkitSystemBusName-Add-public-API-to-retrieve-Unix-.patch create mode 100644 patches/0.113/PolkitSystemBusName-Retrieve-both-pid-and-uid.patch create mode 100644 patches/0.113/Port-internals-non-deprecated-PolkitProcess-API-wher.patch create mode 100644 patches/0.113/README-Note-to-send-security-reports-via-DBus-s-mech.patch create mode 100644 patches/0.113/Refuse-duplicate-user-arguments-to-pkexec.patch create mode 100644 patches/0.113/Remove-a-redundant-assignment.patch create mode 100644 patches/0.113/docs-Update-for-changes-to-uid-binding-Authenticatio.patch create mode 100644 patches/0.113/pkexec-Work-around-systemd-injecting-broken-XDG_RUNT.patch create mode 100644 patches/0.113/polkitd-Fix-problem-with-removing-non-existent-sourc.patch create mode 100644 patches/0.113/sessionmonitor-systemd-Deduplicate-code-paths.patch create mode 100644 patches/0.113/sessionmonitor-systemd-Use-sd_uid_get_state-to-check.patch create mode 100644 patches/0.113/sessionmonitor-systemd-prepare-for-D-Bus-user-bus-mo.patch create mode 100644 patches/0.114/Add-gettext-support-for-.policy-files.patch create mode 100644 patches/0.114/Fix-multi-line-pam-text-info.patch create mode 100644 patches/0.114/Refactor-send_to_helper-usage.patch create mode 100644 patches/0.114/Support-polkit-session-agent-running-outside-user-session.patch create mode 100644 patches/0.114/gettext-switch-to-default-translate-no.patch create mode 100644 patches/0.114/polkitpermission-Fix-a-memory-leak-on-authority-changes.patch create mode 100644 patches/0.115/Fix-CVE-2018-1116-Trusting-client-supplied-UID.patch create mode 100644 patches/0.116/Allow-negative-uids-gids-in-PolkitUnixUser-and-Group-obje.patch create mode 100644 patches/0.116/Allow-uid-of-1-for-a-PolkitUnixProcess.patch create mode 100644 patches/0.116/Elaborate-message-printed-by-polkit-when-disconnecting-fr.patch create mode 100644 patches/0.116/Error-message-raised-on-every-systemctl-start-in-emergenc.patch create mode 100644 patches/0.116/Fix-a-critical-warning-on-calling-polkit_permission_new_s.patch create mode 100644 patches/0.116/Possible-resource-leak-found-by-static-analyzer.patch create mode 100644 patches/0.116/backend-Compare-PolkitUnixProcess-uids-for-temporary-auth.patch create mode 100644 patches/0.116/pkttyagent-PolkitAgentTextListener-leaves-echo-tty-disabl.patch create mode 100644 patches/0.116/tests-add-tests-for-high-uids.patch create mode 100644 patches/01_pam_polkit.patch create mode 100644 patches/02_gettext.patch create mode 100644 patches/05_revert-admin-identities-unix-group-wheel.patch create mode 100644 patches/06_systemd-service.patch create mode 100644 patches/10_build-against-libsystemd.patch create mode 100644 patches/CVE-2021-3560.patch create mode 100644 patches/Local-Privilege-Escalation-in-polkit-s-pkexec-CVE-20.patch create mode 100644 patches/Move-D-Bus-policy-file-to-usr-share-dbus-1-system.d.patch create mode 100644 patches/Remove-example-null-backend.patch create mode 100644 patches/Statically-link-libpolkit-backend1-into-polkitd.patch create mode 100644 patches/series create mode 100644 policykit-1-doc.install create mode 100644 policykit-1-doc.links create mode 100644 policykit-1.bug-control create mode 100644 policykit-1.docs create mode 100644 policykit-1.install create mode 100644 policykit-1.links create mode 100644 policykit-1.lintian-overrides create mode 100644 policykit-1.maintscript create mode 100644 policykit-1.postinst create mode 100644 policykit-1.postrm create mode 100644 polkit.service create mode 100755 rules create mode 100644 shlibs.local create mode 100644 source/format create mode 100755 tests/cli create mode 120000 tests/cli-root create mode 100644 tests/control create mode 100644 upstream/signing-key.asc create mode 100644 watch diff --git a/changelog b/changelog new file mode 100644 index 00000000..0bde8f9a --- /dev/null +++ b/changelog @@ -0,0 +1,951 @@ +policykit-1 (0.105-31.1) unstable; urgency=high + + * Non-maintainer upload. + * Local Privilege Escalation in polkit's pkexec (CVE-2021-4034) + + -- Salvatore Bonaccorso Thu, 13 Jan 2022 06:34:44 +0100 + +policykit-1 (0.105-31) unstable; urgency=medium + + [ Salvatore Bonaccorso ] + * d/p/CVE-2021-3560.patch: + Fix local privilege escalation involving + polkit_system_bus_name_get_creds_sync() (CVE-2021-3560) + (Closes: #989429) + + -- Simon McVittie Thu, 03 Jun 2021 17:06:34 +0100 + +policykit-1 (0.105-30) unstable; urgency=medium + + [ Helmut Grohne ] + * Annotate Build-Depends: dbus (Closes: #980998) + + -- Simon McVittie Thu, 04 Feb 2021 13:56:09 +0000 + +policykit-1 (0.105-29) unstable; urgency=medium + + * Add symlink for polkit-agent-helper-1 after the move to /usr/libexec. + If a process still has an old copy of libpolkit-agent-1.so.0 loaded, it + will fail to find the binary at the new location. So create a symlink to + prevent authentication failures on upgrades. (Closes: #965210) + + -- Michael Biebl Mon, 03 Aug 2020 11:05:29 +0200 + +policykit-1 (0.105-28) unstable; urgency=medium + + [ TANIGUCHI Takaki ] + * postinst: Fix polkit-agent-helper-1 path + + [ Michael Biebl ] + * Fix polkitd path in polkit.service (Closes: #965164) + * Use --restart-after-upgrade. + With debhelper 13.1, --no-start will disable --restart-after-upgrade. + Since we want the service to be restarted on upgrades, request that + explicitly. + * Remove old maintscript migration code from pre-oldstable + + -- Michael Biebl Fri, 17 Jul 2020 10:49:51 +0200 + +policykit-1 (0.105-27) unstable; urgency=medium + + * Switch to /usr/libexec now that it is allowed by debian policy + * Bump debhelper-compat to 13 + * Bump Standards-Version to 4.5.0 + * Try harder to look up the right localization. + Fixes out-of-bounds read in _localize. (Closes: #956223) + + -- Michael Biebl Fri, 17 Jul 2020 00:50:43 +0200 + +policykit-1 (0.105-26) unstable; urgency=medium + + [ Mark Hindley ] + * Depend on new virtual packages default-logind and logind + (Closes: #923240) + + [ Simon McVittie ] + * Apply most changes from upstream release 0.116 + - d/p/0.116/Elaborate-message-printed-by-polkit-when-disconnecting-fr.patch, + d/p/0.116/Error-message-raised-on-every-systemctl-start-in-emergenc.patch: + Reduce messages to stderr from polkit agents, in particular when using + "systemctl reboot" on a ssh connection or when using "systemctl start" + in systemd emergency mode + - d/p/0.116/Fix-a-critical-warning-on-calling-polkit_permission_new_s.patch: + Fix critical warnings when calling polkit_permission_new_sync() with + no D-Bus system bus + - d/p/0.116/Possible-resource-leak-found-by-static-analyzer.patch: + Fix a potential use-after-free in polkit agents + - d/p/0.116/pkttyagent-PolkitAgentTextListener-leaves-echo-tty-disabl.patch: + Re-enable echo if the tty agent is killed by SIGINT or SIGTERM + or suspended with SIGTSTP + * Add more bug fixes backported from earlier upstream releases + - d/p/0.108/PolkitAgent-Avoid-crashing-if-initializing-the-server-obj.patch: + Fix a segfault when a library user like flatpak attempts to register + a polkit agent with no system bus available (Closes: #923046) + - d/p/0.111/Add-a-FIXME-to-polkitprivate.h.patch: + Make it more obvious that polkitprivate.h was never intended to be API + - d/p/0.114/polkitpermission-Fix-a-memory-leak-on-authority-changes.patch: + Fix a memory leak + - d/p/0.113/PolkitSystemBusName-Retrieve-both-pid-and-uid.patch: + Avoid a use of the deprecated polkit_unix_process_new() + * d/*.symbols: Add Build-Depends-Package metadata + * d/policykit-1.lintian-overrides: Override systemd unit false positives. + The systemd unit is only for on-demand D-Bus activation, and is not + intended to be started during boot, so an [Install] section and a + parallel LSB init script are not necessary. + * Stop building libpolkit-backend as a shared library. + Its API was never declared stable before upstream removed it in + 0.106. Nothing in Debian depended on it, except for polkitd itself, + which now links the same code statically. + This is a step towards being able to use the current upstream release of + polkit and patch in the old localauthority backend as an alternative to + the JavaScript backend, instead of using the old 0.105 codebase and + patching in essentially every change except the JavaScript backend, + which is becoming unmanageable. + - Remove the example null backend, which is pointless now that we've + removed the ability to extend polkit. + - Remove obsolete conffile 50-nullbackend.conf on upgrade + - Remove the directory that previously contained 50-nullbackend.conf + after upgrading or removing policykit-1 + - Remove obsolete dh_makeshlibs override for the null backend + * d/policykit-1.bug-control: Add systemd, elogind versions to bug reports. + reportbug doesn't currently seem to interpret + "Depends: default-logind | logind" as implying that it should include + the version number of the package that Provides logind in bug reports. + Workaround for #934472. + * Change the policykit-1 package from Architecture: any to + Architecture: linux-any, and remove the consolekit [!linux-any] + dependency. consolekit is no longer available in any Debian or + debian-ports architecture, even those for non-Linux kernels. + (Closes: #918446) + * Standards-Version: 4.4.0 (no changes required) + * Switch to debhelper-compat 12 + - d/control: Add ${misc:Pre-Depends} + * Switch to dh_missing and abort on uninstalled files + (patch taken from experimental, thanks to Michael Biebl) + + -- Simon McVittie Sun, 11 Aug 2019 19:09:35 +0100 + +policykit-1 (0.105-25) unstable; urgency=medium + + * Team upload + * Add tests-add-tests-for-high-uids.patch + - Patch from upstream modified by Ubuntu to test high UID fix + * Compare PolkitUnixProcess uids for temporary authorizations. + - Fix temporary auth hijacking via PID reuse and non-atomic fork + (CVE-2019-6133) (Closes: #918985) + + -- Jeremy Bicha Tue, 15 Jan 2019 11:11:58 -0500 + +policykit-1 (0.105-24) unstable; urgency=medium + + * Allow uid of -1 for a PolkitUnixProcess. + Revert an overzealous change from the previous security fix that caused + a critical to be logged when trying to set the uid property to -1 (the + default value). + + -- Martin Pitt Tue, 15 Jan 2019 08:05:52 +0000 + +policykit-1 (0.105-23) unstable; urgency=high + + * Allow negative uids/gids in PolkitUnixUser and Group objects. + Fixes a vulnerability in PolicyKit that allows a user with a uid greater + than INT_MAX to successfully execute arbitrary polkit actions. + (CVE-2018-19788, Closes: #915332) + + -- Michael Biebl Fri, 07 Dec 2018 19:55:58 +0100 + +policykit-1 (0.105-22) unstable; urgency=medium + + * Move D-Bus policy file to /usr/share/dbus-1/system.d/ + To better support stateless systems with an empty /etc, the old location + in /etc/dbus-1/system.d/ should only be used for local admin changes. + Package provided D-Bus policy files are supposed to be installed in + /usr/share/dbus-1/system.d/. + This is supported since dbus 1.9.18. + * Remove obsolete conffile + /etc/dbus-1/system.d/org.freedesktop.PolicyKit1.conf on upgrades + * Bump Standards-Version to 4.2.1 + * Remove Breaks for versions older than oldstable + * Stop masking polkit.service during the upgrade process. + This is no longer necessary with the D-Bus policy file being installed + in /usr/share/dbus-1/system.d/. (Closes: #902474) + * Use dh_installsystemd to restart polkit.service after an upgrade. + This replaces a good deal of hand-written maintscript code. + + -- Michael Biebl Tue, 27 Nov 2018 20:17:44 +0100 + +policykit-1 (0.105-21) unstable; urgency=medium + + * Remove --no-parallel now that parallel builds (hopefully) work. + Thanks to Adrian Bunk for spotting this. + * Refresh patches via gbp pq + * Use one patch per upstream commit for easier metadata round-trips + * Sync up src/polkitagent/polkitagenthelper-pam.c with 0.114 + - d/p/0.111/Fix-a-memory-leak.patch: + Fix a memory leak when PAM authentication fails + - d/p/0.113/Remove-a-redundant-assignment.patch: + Fix a potential compiler warning + - d/p/master/Fix-multi-line-pam-text-info.patch: + Split into d/p/0.106/agenthelper-pam-Fix-newline-trimming-code.patch, + d/p/0.114/Fix-multi-line-pam-text-info.patch, + d/p/0.114/Refactor-send_to_helper-usage.patch + * d/p/03_polkitunixsession_sessionid_from_display.patch: + Replace with functionally identical + d/p/0.114/Support-polkit-session-agent-running-outside-user-session.patch + as applied upstream + * d/watch: Use https + * d/watch: Download upstream PGP signatures + * debian/upstream/signing-key.asc: Add public keys for Ray Strode, + Miloslav Trmac, David Zeuthen + * d/gbp.conf: Merge upstream tags into the upstream branch + * Add myself to Uploaders + * d/gbp.conf: Set patch-numbers to false to match current practice + * d/p/0.115/Fix-CVE-2018-1116-Trusting-client-supplied-UID.patch: + Backport the security-significant part of 0.115 (CVE-2018-1116) + (Closes: #903563) + * d/libpolkit-gobject-1-0.symbols: Update for new semi-private ABI + * d/rules: Skip build-time tests if DEB_BUILD_OPTIONS=nocheck + * Standards-Version: 4.1.5 (no changes required) + * Set Rules-Requires-Root to no + + -- Simon McVittie Wed, 11 Jul 2018 09:29:32 +0100 + +policykit-1 (0.105-20) unstable; urgency=medium + + * Team upload + * d/p/0.108/build-Fix-.gir-generation-for-parallel-make.patch: + Add patch from upstream to fix parallel builds (Closes: #894205) + + -- Simon McVittie Tue, 27 Mar 2018 13:50:28 +0100 + +policykit-1 (0.105-19) unstable; urgency=medium + + * debian/copyright: Use https URL for Format: + * Update Vcs-* links for move to salsa.debian.org. + * Fix typos in patch descriptions. + Fixes lintian's spelling-error-in-patch-description complaints. + * Move to debhelper compat level 10. + Remove explicit dh-autoreconf, it's now done by default. + * Bump Standards-Version to 4.1.3 + * Add autopkgtest. + This covers the pkaction and pkcheck CLI tools. + + -- Martin Pitt Mon, 26 Mar 2018 21:42:28 +0200 + +policykit-1 (0.105-18) unstable; urgency=medium + + * Team upload. + * master/Add-gettext-support-for-.policy-files.patch: Backport from master: + Add .loc and .its files so that gettext can be used to translate policy + files. Some upstreams, particularly those that are switching to meson, + expect these files to be present so that their PK policy files can be + translated. (Closes: #863207) + + -- Iain Lane Wed, 24 May 2017 11:21:35 +0100 + +policykit-1 (0.105-17) unstable; urgency=medium + + [ Michael Biebl ] + * Use https:// for the upstream homepage. + * Update Vcs-Browser to use cgit. + * Rename the systemd service unit to polkit.service. It is now based on what + was added upstream in 0.106. + + [ Simon McVittie ] + * Build-depend on intltool instead of relying on gtk-doc-tools' + dependency (Closes: #837846) + + [ Martin Pitt ] + * Use PAM's common-session-noninteractive modules for pkexec instead of + common-session. The latter also runs pam_systemd (the only difference + normally) which is a no-op under the classic session-centric + D-BUS/graphical login model (as it won't start a new one if it is already + running within a logind session), but very expensive when using + dbus-user-session and being called from a service that runs outside the + PAM session. This causes long delays in e. g. gnome-settings-daemon's + backlight helpers. (LP: #1626651) + + -- Michael Biebl Fri, 21 Oct 2016 15:44:57 +0200 + +policykit-1 (0.105-16) unstable; urgency=medium + + [ Michael Biebl ] + * Drop obsolete Breaks from pre-wheezy. + * Use gir addon instead of calling dh_girepository manually. + * Run wrap-and-sort -ast. + * Drop explicit Build-Depends on gir1.2-glib-2.0. This dependency is already + pulled in via libgirepository1.0-dev. + + [ Martin Pitt ] + * Add fallback if agent is not running in a logind session. This fixes + polkit with dbus-user-session. Thanks Sebastien Bacher for the patch! + * Bump Standards-Version to 3.9.8 (no changes necessary). + + -- Martin Pitt Mon, 25 Jul 2016 14:32:23 +0200 + +policykit-1 (0.105-15) unstable; urgency=medium + + * Generate tight inter-package dependencies. + This ensures that everything from the same source package is upgraded in + lockstep. (Closes: #817998) + + -- Michael Biebl Thu, 14 Apr 2016 13:57:13 +0200 + +policykit-1 (0.105-14.1) unstable; urgency=medium + + * Non-maintainer upload. + * Fix FTBFS on non-linux/non-systemd. (Closes: #798769) + + -- Adam Borowski Thu, 14 Jan 2016 06:28:38 +0100 + +policykit-1 (0.105-14) unstable; urgency=medium + + * debian/policykit-1.preinst: Use systemctl unmask instead of direct symlink + removal for consistency. + * Fix handling of multi-line helper output. Thanks Dariusz Gadomski! Patch + backported from upstream master. (LP: #1510824) + + -- Martin Pitt Mon, 23 Nov 2015 11:38:00 +0100 + +policykit-1 (0.105-13) unstable; urgency=medium + + * debian/policykit-1.{pre,pos}inst: Temporarily mask polkitd.service while + policykit-1 is unpackaged but not yet configured. During that time we + don't yet have our D-Bus policy in /etc so that polkitd cannot work yet. + This can be dropped once the D-Bus policy moves to /usr. + (Closes: #794723, LP: #1447654) + + -- Martin Pitt Wed, 21 Oct 2015 08:11:22 +0200 + +policykit-1 (0.105-12) unstable; urgency=medium + + * Team upload + * Replace 03_complete_session.patch with a change from upstream + which seems like a more correct solution for LP#445303, LP#649939 + * 05_revert-admin-identities-unix-group-wheel.patch: remove confusing + staff -> desktop_admin_r change in a man page (desktop_admin_r looks + vaguely like a SELinux role but is actually being used as a group); + keep only the actual functional change. This matches the syntactically + different but functionally similar change in experimental. + * 09_pam_environment.patch: replace with the version that went upstream. + * Annotate remaining patches with a bit more information. + They are: + - 00git_fix_memleak.patch, 00git_invalid_object_paths.patch, + 00git_type_registration.patch, 04_get_cwd.patch, + 07_set-XAUTHORITY-environment-variable-if-unset.patch, + 08_deprecate_racy_APIs.patch, 09_pam_environment.patch, + cve-2013-4288.patch: either backports from upstream, or already + applied upstream, and not discussed further here. + - 01_pam_polkit.patch: use Debian's common-* infrastructure, + plus pam_env to get the global environment and locale. + Debian-specific. + - 02_gettext.patch: Use gettext to translate .policy files at + runtime, allowing for Ubuntu-style language packs. + Debian-specific (mainly for Ubuntu's benefit, really). + - 05_revert-admin-identities-unix-group-wheel.patch: Debian does + not use the "wheel" group like Red Hat derivatives do; + treat uid 0 as the administrative identity instead. + Debian-specific. + - 06_systemd-service.patch: hook up the systemd service in + debian/polkitd.service. + Not forwarded: obsoleted by an upstream change in 0.106, + commit 2995085. + * Re-order patch series to put upstream changes first, sorted by version + in which they went upstream, and put them in subdirectories by version + * Add patches from 0.113 to fix heap corruption CVE-2015-3255 + (Closes: #766860) and local authenticated denial of service + CVE-2015-4625 (Closes: #796134) + * Add numerous other bug-fix patches from 0.113 + - work around bugs in older versions of libpam-systemd when using + su or similar (Closes: #772125) + - treat background processes as part of the same uid's active GUI + session if they have one (Closes: #779988) + - fix some memory leaks (Closes: #775158, LP: #1417637) + * Add backported public API polkit_system_bus_name_get_user_sync() to + symbols file + * Fix FTBFS with dpkg-buildpackage -A by only installing files into + policykit-1 in per-arch builds + * Run tests with a session bus pretending to be the system bus, + so they can pass in a buildd environment + + -- Simon McVittie Fri, 11 Sep 2015 09:48:00 +0100 + +policykit-1 (0.105-11) unstable; urgency=medium + + * Add 00git_invalid_object_paths.patch: backend: Handle invalid object paths + in RegisterAuthenticationAgent (CVE-2015-3218, Closes: #787932) + * policykit-1.postinst: Reload systemd before restarting polkitd.service, to + avoid "Warning: polkitd.service changed on disk". (Closes: #791397) + + -- Martin Pitt Fri, 10 Jul 2015 13:03:33 +0200 + +policykit-1 (0.105-10) unstable; urgency=medium + + * Add 00git_type_registration.patch: Use GOnce for interface type + registration. Fixes frequent udisks segfault (LP: #1236510). + * Add 00git_fix_memleak.patch: Fix memory leak in EnumerateActions call + results handler. (LP: #1417637) + + -- Martin Pitt Wed, 08 Jul 2015 12:15:41 +0200 + +policykit-1 (0.105-9) unstable; urgency=medium + + [ Martin Pitt ] + * policykit-1.postinst: Don't kill polkitd under systemd, but properly + restart it. This avoids killing it shortly after systemd tries to + bus-activate it on installation. (LP: #1447654) + + [ Michael Biebl ] + * Build against libsystemd instead of the old libsystemd-login compat + library. (Closes: #779756) + + -- Michael Biebl Wed, 08 Jul 2015 02:10:58 +0200 + +policykit-1 (0.105-8) unstable; urgency=medium + + * Rebuild against libsystemd0. This drops the last remaining dependency to + libsystemd-login0. (Closes: #771281) + * Bump Standards-Version to 3.9.6 (no changes necessary). + + -- Martin Pitt Fri, 28 Nov 2014 10:07:46 +0100 + +policykit-1 (0.105-7) unstable; urgency=medium + + * Team upload. + * Install typelib files into MA libdir. + + -- Andreas Henriksson Thu, 25 Sep 2014 13:56:15 +0200 + +policykit-1 (0.105-6.1) unstable; urgency=medium + + * Non-maintainer upload. + * Use dh-autoreconf in build to support new architectures + + -- Wookey Thu, 10 Jul 2014 00:15:28 +0100 + +policykit-1 (0.105-6) unstable; urgency=medium + + * Team upload. + * debian/control: Update Homepage URL + * debian/control: Add a Breaks against gdm3 (<< 3.8.4-7~) to ensure it + registers a logind session properly (Closes: #745983) + + -- Laurent Bigonville Thu, 22 May 2014 19:31:58 +0200 + +policykit-1 (0.105-5) unstable; urgency=medium + + * Team upload. + * Enable systemd support on linux architectures + * debian/control: Bump Standards-Version to 3.9.5 (no further changes) + * debian/control: Use canonical VCS-* URL's + + -- Laurent Bigonville Sun, 04 May 2014 12:40:59 +0200 + +policykit-1 (0.105-4) unstable; urgency=low + + * Acknowledge non-maintainer upload for CVE-2013-4288. + * Also cherry-pick the upstream commit which deprecates the racy APIs. + * debian/patches/09_pam_environment.patch: set process environment from + pam_getenvlist(). + * debian/patches/01_pam_polkit.patch: adjust patch to invoke pam_env, so our + global settings from /etc/environment are applied correctly. + * The two changes above fix pkexec to properly export the pam environment. + Thanks Steve Langasek for the patch. (Closes: #692340) + + -- Michael Biebl Tue, 15 Oct 2013 18:34:24 +0200 + +policykit-1 (0.105-3+nmu1) unstable; urgency=high + + * Non-maintainer upload by the Security Team. + * Fix cve-2013-4288: race condition in pkcheck.c (closes: #723717). + + -- Michael Gilbert Mon, 14 Oct 2013 00:08:43 +0000 + +policykit-1 (0.105-3) unstable; urgency=low + + * 07_set-XAUTHORITY-environment-variable-if-unset.patch: Set XAUTHORITY + environment variable to its default value $HOME/.Xauthority if unset. + Some display managers, like KDM, do not set the XAUTHORITY variable, so + starting graphical applications via pkexec was broken in those + environments. (Closes: #671497) + + -- Michael Biebl Thu, 20 Dec 2012 18:55:14 +0100 + +policykit-1 (0.105-2) unstable; urgency=low + + * Change the permissions of /etc/polkit-1/localauthority to 700, this + directory is not supposed to be readable by everyone. + + -- Michael Biebl Mon, 17 Dec 2012 17:02:06 +0100 + +policykit-1 (0.105-1) unstable; urgency=low + + * New upstream release. + * debian/watch: Update URL, the tarballs are hosted on freedesktop.org now. + * Update symbols file for libpolkit-gobject-1-0 and libpolkit-agent-1-0. + * Update debian/copyright using the machine-readable copyright format 1.0. + * Bump Standards-Version to 3.9.3. + * Bump Build-Depends on debhelper to (>= 9). + + -- Michael Biebl Tue, 24 Apr 2012 21:06:04 +0200 + +policykit-1 (0.104-2) unstable; urgency=low + + * debian/control: Add Build-Depends on libglib2.0-doc and libgtk-3-doc for + proper cross-references in the gtk-doc API documentation. + * Install systemd service file for polkitd. + + -- Michael Biebl Sat, 11 Feb 2012 23:48:29 +0100 + +policykit-1 (0.104-1) unstable; urgency=low + + * New upstream release. + - Add support for netgroups. (LP: #724052) + * debian/rules: Disable systemd support, continue to work with ConsokeKit. + * 05_revert-admin-identities-unix-group-wheel.patch: Refresh to apply + cleanly. + * debian/libpolkit-gobject-1-0.symbols: Add new symbols from this new + release. + * debian/rules: Do not let test failures fail the build. The new test suite + also runs a test against the system D-BUS/ConsoleKit, which can't work on + buildds. + + -- Martin Pitt Fri, 06 Jan 2012 12:28:54 +0100 + +policykit-1 (0.103-1) unstable; urgency=low + + * New upstream release. + * debian/control: Change section of gir1.2-polkit-1.0 to introspection. + * 05_revert-admin-identities-unix-group-wheel.patch: Revert upstream change + to make group wheel the default admin identity since we already use group + sudo resp. group admin for that. + + -- Michael Biebl Fri, 09 Dec 2011 00:48:17 +0100 + +policykit-1 (0.102-2) unstable; urgency=low + + * 02_gettext.patch: Explicitly #include to fix non-optimized + build. Thanks Ivan Krasilnikov for pointing this out. + * debian/rules: When building on Ubuntu, also consider the "sudo" group as + administrator, for compatibility with Debian and sudo itself. Keep "admin" + for existing systems. (LP: #893842) + * Convert to Multi-Arch and dh compat 9. Thanks Daniel Schaal for the + patch! (Closes: #636196) + + -- Martin Pitt Fri, 25 Nov 2011 07:44:09 +0100 + +policykit-1 (0.102-1) unstable; urgency=low + + * New upstream release. + * debian/patches/00git_fix_proc_race.patch: Removed, merged upstream. + * debian/patches/04_ignore_quilt_po.patch: Removed, merged upstream. + * debian/patches/03_complete_session.patch: Refreshed. + * debian/patches/04_get_cwd.patch: Use g_get_current_dir() to determine the + current working directory. This fixes another PATH_MAX related FTBFS on + hurd. Thanks Emilio Pozuelo Monfort for the patch. (Closes: #623017) + + -- Michael Biebl Tue, 02 Aug 2011 03:17:20 +0200 + +policykit-1 (0.101-4) unstable; urgency=high + + Urgency high due to security fix. + + * Add 00git_fix_proc_race.patch: Avoid /proc race conditions when checking + privileges for pkexec. Patch taken from + https://bugzilla.redhat.com/show_bug.cgi?id=692922, now also landed in + upstream git. [CVE-2011-1485] + * debian/libpolkit-gobject-1-0.symbols: Update for new symbols. + * Add 04_ignore_quilt_po.patch: Ignore .po/ for intltool. This avoids build + failures if quilt patches change files with translatable strings. Thanks + to Kees Cook for the patch! + + -- Martin Pitt Wed, 20 Apr 2011 12:11:38 +0200 + +policykit-1 (0.101-3) unstable; urgency=low + + * debian/control + - Add Depends on gir1.2-polkit-1.0 (= ${binary:Version}) to + libpolkit-gobject-1-dev and libpolkit-agent-1-dev to comply with the + updated GObject introspection policy. + - Bump Standards-Version to 3.9.2. No further changes. + + -- Michael Biebl Sun, 10 Apr 2011 20:34:03 +0200 + +policykit-1 (0.101-2) unstable; urgency=low + + * Upload to unstable. + + -- Michael Biebl Fri, 25 Mar 2011 02:19:51 +0100 + +policykit-1 (0.101-1) experimental; urgency=low + + * New upstream release. + * Update patches + - Drop debian/patches/04_test_signalfd.patch, merged upstream. + - Refresh other patches to apply cleanly. + * debian/libpolkit-gobject-1-0.symbols + - Add polkit_authorization_result_get_dismissed. + * debian/control + - Bump Build-Depends on libglib2.0-dev to (>= 2.28.0). + * debian/rules + - Don't build example programs. + + -- Michael Biebl Thu, 03 Mar 2011 23:50:17 +0100 + +policykit-1 (0.100-1) experimental; urgency=low + + * New upstream release. + * Refresh debian/patches/03_complete_session.patch. + * Replace debian/patches/04_test_signalfd.patch with a patch that was merged + upstream. This also allows to drop debian/patches/99_autoreconf.patch. + * Switch from cdbs to dh. + * Bump debhelper compatibility level to 8. + * Install documentation using debian/policykit-1.docs. + * Enable gobject introspection support. + - Add Build-Depends on libgirepository1.0-dev (>= 0.9.12), + gobject-introspection (>= 0.9.12-4~) and gir1.2-glib-2.0. + - Add package gir1.2-polkit-1.0 containing the typelib files. + - Install gir files in libpolkit-agent-1-dev.install and + libpolkit-gobject-1-dev.install. + - Call dh_girepository in debian/rules. + + -- Michael Biebl Wed, 23 Feb 2011 19:51:17 +0100 + +policykit-1 (0.99-3) unstable; urgency=low + + * Upload to unstable. + + -- Michael Biebl Thu, 10 Feb 2011 19:21:36 +0100 + +policykit-1 (0.99-2) experimental; urgency=low + + [ Michael Biebl ] + * Merge sudo group changes from unstable branch. + + [ Martin Pitt ] + * debian/rules: Use dpkg-vendor instead of lsb_release. Drop lsb-release + build dependency. + * Add 04_test_signalfd.patch: Allow building on Non-Linux platforms without + signalfd(). (Closes: #602476) + * Add 99_autoreconf.patch: Pick up autoreconf changes from previous patch. + + -- Martin Pitt Mon, 06 Dec 2010 16:28:11 +0100 + +policykit-1 (0.99-1) experimental; urgency=low + + [ Michael Biebl ] + * New upstream release. + * debian/patches/00git-fix-error-freeing.patch + - Remove, fixed upstream. + * debian/patches/00git-pkexec-information-disclosure.patch + - Remove, merged upstream. + * debian/control + - Drop Build-Depends on libeggdbus-1-dev. + - Bump Build-Depends on libglib2.0-dev to (>= 2.25.12) for GDBus. + * Switch to source format 3.0 (quilt). + - Add debian/source/format. + - Drop Build-Depends on quilt. + - Remove /usr/share/cdbs/1/rules/patchsys-quilt.mk from debian/rules. + - Remove debian/README.source. + + [ Robert Ancell ] + * Add debian/patches/02_gettext.patch: Use gettext for translations in + .policy files if they specify a gettext domain. + + [ James Westby ] + * Add debian/patches/03_complete_session.patch: Fix the race that leads to + the password box disappearing, but the dialog remaining. + + [ Martin Pitt ] + * debian/rules: Set DPKG_GENSYMBOLS_CHECK_LEVEL to 4 to point out outdated + .symbols files more strongly. + + -- Michael Biebl Thu, 04 Nov 2010 17:27:09 -0400 + +policykit-1 (0.96-4) unstable; urgency=low + + * debian/rules + - When building for Debian, install a localauthority.conf.d configuration + file which considers "sudo" group users as administrators. + (Closes: #532499) + + -- Michael Biebl Tue, 16 Nov 2010 23:21:50 +0100 + +policykit-1 (0.96-3) unstable; urgency=low + + * debian/control + - Use architecture wildcard linux-any for libselinux1-dev. + - Bump Standards-Version to 3.9.1. + * debian/policykit-1.postinst + - Query D-Bus to find out the correct pid of the process claiming + org.freedesktop.PolicyKit1. This way we do not accidentally kill the + wrong process when being installed in a chroot. (Closes: #595030) + * debian/policykit-1.prerm + - Stop polkitd on remove. (Closes: #595031) + + -- Michael Biebl Thu, 16 Sep 2010 23:27:56 +0200 + +policykit-1 (0.96-2) unstable; urgency=medium + + * Urgency medium, just two small, but important bug fixes. + * Add 00git-pkexec-information-disclosure.patch: Fix information disclosure + vulnerability that allows an attacker to verify whether or not arbitrary + files exist, violating directory permissions. + * 00git-fix-error-freeing.patch: Fix crash when calling CheckAuthorization() + with an invalid PID. (LP: #540464) + + -- Martin Pitt Fri, 09 Apr 2010 12:09:53 +0200 + +policykit-1 (0.96-1) unstable; urgency=low + + * New upstream release. + * debian/libpolkit-backend-1-0.symbols + - Update for new API addition. + + -- Michael Biebl Sat, 16 Jan 2010 00:05:48 +0100 + +policykit-1 (0.95-1) unstable; urgency=low + + * New upstream release. + * Remove patches + - debian/patches/02_dont_export_private_symbols.patch (merged upstream) + - debian/patches/03_path_max.patch (merged upstream) + - debian/patches/04-ref-authority.patch (merged upstream) + - debian/patches/05-pkexec-env.patch (merged upstream) + - debian/patches/99_autoreconf.patch (obsolete) + * debian/control + - Bump Build-Depends on libeggbus-1-dev to (>= 0.6). + * debian/rules + - The example application is no longer built by default so we don't need + to manually remove it anymore. + * debian/libpolkit-{backend,gobject}-1-0.symbols + - Update for new API additions. + + -- Michael Biebl Sat, 14 Nov 2009 05:33:34 +0100 + +policykit-1 (0.94-6) unstable; urgency=low + + * debian/policykit-1.postinst + - Use start-stop-daemon instead of kill+pidof to stop the running polkitd + daemon on upgrades. + * Remove our workaround for kfreebsd again now that eglibc 2.10 has entered + unstable. (Closes: #552605) + + -- Michael Biebl Mon, 09 Nov 2009 01:09:07 +0100 + +policykit-1 (0.94-5) unstable; urgency=low + + * Add debian/patches/04-ref-authority.patch: Ref the instance returned by + polkit_authority_get(), since the documentation says that it needs to be + unref'ed after usage. This fixes crashes in NetworkManager and probably + other programs, too. (LP: #438574, #432452, fd.o #24566) + * Add debian/patches/05-pkexec-env.patch: Add missing comma so that pkexec + saves both LANG and LANGUAGE, not LANGLANGUAGE. (Cherrypicked from trunk) + * Add myself to Uploaders: with Michael's consent. + + -- Martin Pitt Tue, 03 Nov 2009 12:28:09 +0100 + +policykit-1 (0.94-4) unstable; urgency=low + + * debian/patches/03_path_max.patch + - Update patch to fix implicit pointer conversion for + get_current_dir_name. (Closes: #550901) + + -- Michael Biebl Wed, 14 Oct 2009 14:00:40 +0200 + +policykit-1 (0.94-3) unstable; urgency=low + + * debian/patches/03_path_max.patch + - Fix FTBFS on hurd-i386 where PATH_MAX is not defined. (Closes:#550800) + Thanks to Samuel Thibault for the patch. + * debian/policykit-1.postinst: + - Kill the old polkitd daemon on upgrade, to ensure that the new version + will be used at the next occasion. + + -- Michael Biebl Tue, 13 Oct 2009 14:32:25 +0200 + +policykit-1 (0.94-2) unstable; urgency=low + + * Fix build failures on kfreebsd. Add Build-Depends on libfreebsd-dev and + link against -lfreebsd for sysctlnametomib. + When glibc 2.10 enters unstable this workaround can be removed again. + + -- Michael Biebl Tue, 13 Oct 2009 00:29:47 +0200 + +policykit-1 (0.94-1) unstable; urgency=low + + * Rename package to policykit-1. Upstream (at least temporarily) forked + the project to make it installable in parallel with policykit 0.9, until + all programs are ported to the new API. + * Drop all patches except 01_pam_polkit.patch. + * Refresh debian/patches/01_pam_polkit.patch. + * debian/control + - Update Build-Depends + + Drop libdbus-1-dev, libdbus-glib-1-dev. + + Add libeggdbus-1-dev (>= 0.5) and lsb-release. + + Bump libglib2-dev dependency to (>= 2.21.4). + - Update list of binary packages and their package descriptions. + - Drop dependency on adduser. + - Bump Standards-Version to 3.8.3. + + Add README.source which refers to the quilt documentation. + - Update Vcs-* fields. Package is now managed using Git and hosted on + git.debian.org. + * Update shared library structure: libpolkit-{dbus,grant} → + libpolkit-{agent,backend,gobject}-1. + * Rename policykit, policykit-doc → policykit-1, policykit-1-doc. + * Update and revise all *.install files. + * debian/rules, debian/policykit.init: Drop init script, package doesn't use + /var/run any more. + * debian/policykit-1.postinst: Don't create "polkituser" system user, it's + not used any more. + * Update watch file. + * debian/patches/02_dont_export_private_symbols.patch + - Don't export private symbols in the libraries. + * debian/patches/99_autoreconf.patch + - Update the autotools files as the previous patch also touches the build + system. + * Add symbols files for libpolkit-{agent,backend,gobject}-1 for improved + shlibs dependencies. + * debian/rules + - Disable introspection support. + - When building for Ubuntu, install a localauthority.conf.d configuration + file which considers "admin" group users as administrators. + - Don't install example application. + * debian/copyright + - Update copyright holder. + - License was changed to LGPL 2.1+. + + -- Michael Biebl Sun, 27 Sep 2009 21:35:18 +0200 + +policykit (0.9-4) unstable; urgency=low + + * Add support for /var/run being a tmpfs. (Closes: #532101) + - Create /var/run/PolicyKit dynamically on boot by using an init script. + Original patch by Martin Pitt, thanks. Updated patch to only run the + init script in runlevel S at priority 75. + - Do no longer ship /var/run/PolicyKit in the package itself. + * debian/control + - Bump Standards-Version to 3.8.1. + * debian/patches/04_entry_leak.patch + - Plug a memory leak. Patch pulled from Fedora. + * debian/patches/05_manpage_typo_fix.patch + - Fix a small typo in the polkit-auth man page. (Closes: #523565) + * debian/patches/06_no_inotify_or_path_max.patch + - Add support for systems which don't support inotify (like hurd) and + don't use PATH_MAX unconditionally, instead use dynamically growing + buffers. (Closes: #521756) + Patch by Samuel Thibault, thanks. + + -- Michael Biebl Thu, 18 Jun 2009 09:55:34 +0200 + +policykit (0.9-3) unstable; urgency=low + + * Switch patch management system to quilt. + * debian/control + - Wrap Build-Depends. + - Demote Recommends: policykit-gnome to Suggests. (Closes: #513758) + - Bump Build-Depends on debhelper to (>= 7). + * debian/compat + - Bump debhelper compat level to 7. + * debian/rules + - Include debhelper.mk before any other files as recommended by the cdbs + documentation. + * debian/patches/03_consolekit0.3-api.patch + - Try both the ConsoleKit 0.3 and the older 0.2 API, to work with either. + Patch pulled from Ubuntu. + + -- Michael Biebl Wed, 18 Feb 2009 17:25:52 +0100 + +policykit (0.9-2) unstable; urgency=high + + [ Simon McVittie ] + * Add patch committed in Fedora (although not upstream) by the upstream + maintainer, to allow PolicyKit to be used when CVE-2008-4311 has + been fixed in dbus-daemon. (Closes: #510646) + + [ Michael Biebl ] + * debian/control + - Add ${misc:Depends} to all binary packages. + + -- Michael Biebl Wed, 07 Jan 2009 18:18:56 +0100 + +policykit (0.9-1) unstable; urgency=low + + * New upstream release. + * debian/control + - Bump Standards-Version to 3.8.0. No further changes. + + -- Michael Biebl Sun, 03 Aug 2008 10:53:11 +0200 + +policykit (0.8-2) unstable; urgency=low + + * Add symbols files for libpolkit2, libpolkit-grant2 and libpolkit-dbus2. + * debian/policykit.postinst + - Set correct permissions for all files. (Closes: #482064) + - Define a small helper function to apply the permissions. This makes it + more concise and readable. + + -- Michael Biebl Fri, 23 May 2008 04:33:48 +0200 + +policykit (0.8-1) unstable; urgency=medium + + * New upstream release. + - SECURITY - CVE-2008-1658: + Fixes format string vulnerability in the grant helper. (Closes: #476615) + * debian/control + - Add Build-Depends on pkg-config. + + -- Michael Biebl Fri, 18 Apr 2008 01:39:08 +0200 + +policykit (0.7-2) unstable; urgency=low + + * Upload to unstable. + + -- Michael Biebl Fri, 11 Jan 2008 01:02:59 +0100 + +policykit (0.7-1) experimental; urgency=low + + * New upstream release. (Closes: #455874) + * debian/control + - Bump Standards-Version to 3.7.3. No further changes required. + - Add Build-Depends on libdbus-glib-1-dev (>= 0.73). + - Change Homepage URL to http://hal.freedesktop.org/docs/PolicyKit/. + (Closes: #446504) + - Improve package description. (Closes: #446554) + * debian/copyright + - All code is now licensed under the MIT/X11 license. Update the copyright + notice accordingly. + * debian/policykit.dirs + - Add the directory /var/lib/PolicyKit-public. + * debian/policykit.install + - Install the D-Bus config and service files for the PolicyKit system + service. + - Install /var/lib/misc/PolicyKit.reload. + * debian/rules + - Fix the permissions of /var/lib/misc/PolicyKit.reload. + * debian/policykit.postinst + - Use dpkg-statoverride to check for local modifications before setting + the SUID/SGID bits. + + -- Michael Biebl Thu, 20 Dec 2007 18:01:38 +0100 + +policykit (0.6-1) experimental; urgency=low + + * New upstream release. + * debian/control + - Use new "Homepage:" field to specify the upstream URL. + - The Vcs-* fields are now officially supported, so remove the XS- prefix. + - Add a Recommends: policykit-gnome to the policykit package. + - Enable SELinux support by adding a Build-Depends on libselinux1-dev for + all supported platforms. + * debian/policykit.postinst + - Install polkit-grant-helper-pam with the correct permissions. + + -- Michael Biebl Sat, 03 Nov 2007 00:02:33 +0100 + +policykit (0.5-1) experimental; urgency=low + + * Initial release. (Closes: #397087) + + -- Michael Biebl Tue, 02 Oct 2007 22:38:04 +0200 + diff --git a/control b/control new file mode 100644 index 00000000..7ca6d6e1 --- /dev/null +++ b/control @@ -0,0 +1,138 @@ +Source: policykit-1 +Section: admin +Priority: optional +Maintainer: Utopia Maintenance Team +Uploaders: + Michael Biebl , + Martin Pitt , + Simon McVittie , +Build-Depends: + dbus , + debhelper-compat (= 13), + gobject-introspection (>= 0.9.12-4~), + gtk-doc-tools, + intltool (>= 0.40.0), + libexpat1-dev, + libgirepository1.0-dev (>= 0.9.12), + libglib2.0-dev (>= 2.28.0), + libglib2.0-doc, + libgtk-3-doc, + libpam0g-dev, + libselinux1-dev [linux-any], + libsystemd-dev [linux-any], + pkg-config, + xsltproc, +Rules-Requires-Root: no +Standards-Version: 4.5.0 +Vcs-Git: https://salsa.debian.org/utopia-team/polkit.git +Vcs-Browser: https://salsa.debian.org/utopia-team/polkit +Homepage: https://www.freedesktop.org/wiki/Software/polkit/ + +Package: policykit-1 +Architecture: linux-any +Pre-Depends: + ${misc:Pre-Depends}, +Depends: + dbus, + default-logind | logind, + ${misc:Depends}, + ${shlibs:Depends}, +Multi-Arch: foreign +Description: framework for managing administrative policies and privileges + PolicyKit is an application-level toolkit for defining and handling the policy + that allows unprivileged processes to speak to privileged processes. + . + It is a framework for centralizing the decision making process with respect to + granting access to privileged operations for unprivileged (desktop) + applications. + +Package: policykit-1-doc +Architecture: all +Section: doc +Depends: + ${misc:Depends}, +Suggests: + devhelp, +Description: documentation for PolicyKit-1 + PolicyKit is a toolkit for defining and handling the policy that + allows unprivileged processes to speak to privileged processes. + . + This package contains the API documentation of PolicyKit. + +Package: libpolkit-gobject-1-0 +Architecture: any +Section: libs +Pre-Depends: + ${misc:Pre-Depends}, +Depends: + ${misc:Depends}, + ${shlibs:Depends}, +Multi-Arch: same +Description: PolicyKit Authorization API + PolicyKit is a toolkit for defining and handling the policy that + allows unprivileged processes to speak to privileged processes. + . + This package contains a library for accessing PolicyKit. + +Package: libpolkit-gobject-1-dev +Architecture: any +Section: libdevel +Depends: + gir1.2-polkit-1.0 (= ${binary:Version}), + libglib2.0-dev, + libpolkit-gobject-1-0 (= ${binary:Version}), + ${misc:Depends}, +Description: PolicyKit Authorization API - development files + PolicyKit is a toolkit for defining and handling the policy that + allows unprivileged processes to speak to privileged processes. + . + This package contains the development files for the library found in + libpolkit-gobject-1-0. + +Package: libpolkit-agent-1-0 +Architecture: any +Section: libs +Pre-Depends: + ${misc:Pre-Depends}, +Depends: + ${misc:Depends}, + ${shlibs:Depends}, +Multi-Arch: same +Description: PolicyKit Authentication Agent API + PolicyKit is a toolkit for defining and handling the policy that + allows unprivileged processes to speak to privileged processes. + . + This package contains a library for accessing the authentication agent. + +Package: libpolkit-agent-1-dev +Architecture: any +Section: libdevel +Depends: + gir1.2-polkit-1.0 (= ${binary:Version}), + libpolkit-agent-1-0 (= ${binary:Version}), + libpolkit-gobject-1-dev, + ${misc:Depends}, +Description: PolicyKit Authentication Agent API - development files + PolicyKit is a toolkit for defining and handling the policy that + allows unprivileged processes to speak to privileged processes. + . + This package contains the development files for the library found in + libpolkit-agent-1-0. + +Package: gir1.2-polkit-1.0 +Section: introspection +Architecture: any +Depends: + ${gir:Depends}, + ${misc:Depends}, + ${shlibs:Depends}, +Provides: + gir1.2-polkitagent-1.0 (= ${binary:Version}), +Description: GObject introspection data for PolicyKit + PolicyKit is a toolkit for defining and handling the policy that + allows unprivileged processes to speak to privileged processes. + . + This package contains introspection data for PolicyKit. + . + It can be used by packages using the GIRepository format to generate + dynamic bindings. diff --git a/copyright b/copyright new file mode 100644 index 00000000..219c3c1e --- /dev/null +++ b/copyright @@ -0,0 +1,48 @@ +Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Upstream-Name: polkit +Source: https://www.freedesktop.org/software/polkit/releases/ + +Files: * +Copyright: 2008-2011 Red Hat, Inc. +License: LGPL-2.0+ + +Files: test/* +Copyright: 2011 Google Inc. +License: LGPL-2.0+ + +Files: test/mocklibc/src/* +Copyright: 2011 Google Inc. +License: Apache-2.0 + +License: LGPL-2.0+ + This package is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + . + This package is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + . + You should have received a copy of the GNU General Public License + along with this program. If not, see . + . + On Debian systems, the complete text of the GNU Lesser General + Public License can be found in "/usr/share/common-licenses/LGPL-2". + +License: Apache-2.0 + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + . + http://www.apache.org/licenses/LICENSE-2.0 + . + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + . + On Debian systems, the complete text of the Apache version 2.0 license + can be found in "/usr/share/common-licenses/Apache-2.0" diff --git a/gbp.conf b/gbp.conf new file mode 100644 index 00000000..eb7d2c17 --- /dev/null +++ b/gbp.conf @@ -0,0 +1,5 @@ +[DEFAULT] +pristine-tar = True +debian-branch = master +upstream-vcs-tag = %(version)s +patch-numbers = False diff --git a/gir1.2-polkit-1.0.install b/gir1.2-polkit-1.0.install new file mode 100644 index 00000000..9038727d --- /dev/null +++ b/gir1.2-polkit-1.0.install @@ -0,0 +1 @@ +usr/lib/*/girepository-1.0/ diff --git a/libpolkit-agent-1-0.install b/libpolkit-agent-1-0.install new file mode 100644 index 00000000..155da4ae --- /dev/null +++ b/libpolkit-agent-1-0.install @@ -0,0 +1 @@ +usr/lib/*/libpolkit-agent-1.so.* diff --git a/libpolkit-agent-1-0.symbols b/libpolkit-agent-1-0.symbols new file mode 100644 index 00000000..70a5d847 --- /dev/null +++ b/libpolkit-agent-1-0.symbols @@ -0,0 +1,17 @@ +libpolkit-agent-1.so.0 libpolkit-agent-1-0 #MINVER# +* Build-Depends-Package: libpolkit-agent-1-dev + polkit_agent_listener_get_type@Base 0.94 + polkit_agent_listener_initiate_authentication@Base 0.94 + polkit_agent_listener_initiate_authentication_finish@Base 0.94 + polkit_agent_listener_register@Base 0.99 + polkit_agent_listener_register_with_options@Base 0.105 + polkit_agent_listener_unregister@Base 0.99 + polkit_agent_register_flags_get_type@Base 0.99 + polkit_agent_register_listener@Base 0.94 + polkit_agent_session_cancel@Base 0.94 + polkit_agent_session_get_type@Base 0.94 + polkit_agent_session_initiate@Base 0.94 + polkit_agent_session_new@Base 0.94 + polkit_agent_session_response@Base 0.94 + polkit_agent_text_listener_get_type@Base 0.99 + polkit_agent_text_listener_new@Base 0.99 diff --git a/libpolkit-agent-1-dev.install b/libpolkit-agent-1-dev.install new file mode 100644 index 00000000..e3ec3555 --- /dev/null +++ b/libpolkit-agent-1-dev.install @@ -0,0 +1,5 @@ +usr/include/polkit-1/polkitagent/ +usr/lib/*/libpolkit-agent*.a +usr/lib/*/libpolkit-agent*.so +usr/lib/*/pkgconfig/polkit-agent*.pc +usr/share/gir-1.0/PolkitAgent-1.0.gir diff --git a/libpolkit-gobject-1-0.install b/libpolkit-gobject-1-0.install new file mode 100644 index 00000000..4afe8c35 --- /dev/null +++ b/libpolkit-gobject-1-0.install @@ -0,0 +1 @@ +usr/lib/*/libpolkit-gobject-1.so.* diff --git a/libpolkit-gobject-1-0.symbols b/libpolkit-gobject-1-0.symbols new file mode 100644 index 00000000..f7b9e2c0 --- /dev/null +++ b/libpolkit-gobject-1-0.symbols @@ -0,0 +1,149 @@ +libpolkit-gobject-1.so.0 libpolkit-gobject-1-0 #MINVER# +* Build-Depends-Package: libpolkit-gobject-1-dev + polkit_action_description_get_action_id@Base 0.94 + polkit_action_description_get_annotation@Base 0.94 + polkit_action_description_get_annotation_keys@Base 0.94 + polkit_action_description_get_description@Base 0.94 + polkit_action_description_get_icon_name@Base 0.94 + polkit_action_description_get_implicit_active@Base 0.94 + polkit_action_description_get_implicit_any@Base 0.94 + polkit_action_description_get_implicit_inactive@Base 0.94 + polkit_action_description_get_message@Base 0.94 + polkit_action_description_get_type@Base 0.94 + polkit_action_description_get_vendor_name@Base 0.94 + polkit_action_description_get_vendor_url@Base 0.94 + polkit_action_description_new@Base 0.99 + polkit_action_description_new_for_gvariant@Base 0.99 + polkit_action_description_to_gvariant@Base 0.99 + polkit_authority_authentication_agent_response@Base 0.94 + polkit_authority_authentication_agent_response_finish@Base 0.94 + polkit_authority_authentication_agent_response_sync@Base 0.94 + polkit_authority_check_authorization@Base 0.94 + polkit_authority_check_authorization_finish@Base 0.94 + polkit_authority_check_authorization_sync@Base 0.94 + polkit_authority_enumerate_actions@Base 0.94 + polkit_authority_enumerate_actions_finish@Base 0.94 + polkit_authority_enumerate_actions_sync@Base 0.94 + polkit_authority_enumerate_temporary_authorizations@Base 0.94 + polkit_authority_enumerate_temporary_authorizations_finish@Base 0.94 + polkit_authority_enumerate_temporary_authorizations_sync@Base 0.94 + polkit_authority_features_get_type@Base 0.95 + polkit_authority_get@Base 0.94 + polkit_authority_get_async@Base 0.99 + polkit_authority_get_backend_features@Base 0.95 + polkit_authority_get_backend_name@Base 0.95 + polkit_authority_get_backend_version@Base 0.95 + polkit_authority_get_finish@Base 0.99 + polkit_authority_get_owner@Base 0.99 + polkit_authority_get_sync@Base 0.99 + polkit_authority_get_type@Base 0.94 + polkit_authority_register_authentication_agent@Base 0.94 + polkit_authority_register_authentication_agent_finish@Base 0.94 + polkit_authority_register_authentication_agent_sync@Base 0.94 + polkit_authority_register_authentication_agent_with_options@Base 0.105 + polkit_authority_register_authentication_agent_with_options_finish@Base 0.105 + polkit_authority_register_authentication_agent_with_options_sync@Base 0.105 + polkit_authority_revoke_temporary_authorization_by_id@Base 0.94 + polkit_authority_revoke_temporary_authorization_by_id_finish@Base 0.94 + polkit_authority_revoke_temporary_authorization_by_id_sync@Base 0.94 + polkit_authority_revoke_temporary_authorizations@Base 0.94 + polkit_authority_revoke_temporary_authorizations_finish@Base 0.94 + polkit_authority_revoke_temporary_authorizations_sync@Base 0.94 + polkit_authority_unregister_authentication_agent@Base 0.94 + polkit_authority_unregister_authentication_agent_finish@Base 0.94 + polkit_authority_unregister_authentication_agent_sync@Base 0.94 + polkit_authorization_result_get_details@Base 0.94 + polkit_authorization_result_get_dismissed@Base 0.101 + polkit_authorization_result_get_is_authorized@Base 0.94 + polkit_authorization_result_get_is_challenge@Base 0.94 + polkit_authorization_result_get_retains_authorization@Base 0.94 + polkit_authorization_result_get_temporary_authorization_id@Base 0.94 + polkit_authorization_result_get_type@Base 0.94 + polkit_authorization_result_new@Base 0.94 + polkit_authorization_result_new_for_gvariant@Base 0.99 + polkit_authorization_result_to_gvariant@Base 0.99 + polkit_check_authorization_flags_get_type@Base 0.94 + polkit_details_get_keys@Base 0.94 + polkit_details_get_type@Base 0.94 + polkit_details_insert@Base 0.94 + polkit_details_lookup@Base 0.94 + polkit_details_new@Base 0.94 + polkit_details_new_for_gvariant@Base 0.99 + polkit_details_to_gvariant@Base 0.99 + polkit_error_get_type@Base 0.94 + polkit_error_quark@Base 0.94 + polkit_identity_equal@Base 0.94 + polkit_identity_from_string@Base 0.94 + polkit_identity_get_type@Base 0.94 + polkit_identity_hash@Base 0.94 + polkit_identity_new_for_gvariant@Base 0.99 + polkit_identity_to_gvariant@Base 0.99 + polkit_identity_to_string@Base 0.94 + polkit_implicit_authorization_from_string@Base 0.94 + polkit_implicit_authorization_get_type@Base 0.94 + polkit_implicit_authorization_to_string@Base 0.94 + polkit_permission_get_action_id@Base 0.99 + polkit_permission_get_subject@Base 0.99 + polkit_permission_get_type@Base 0.99 + polkit_permission_new@Base 0.99 + polkit_permission_new_finish@Base 0.99 + polkit_permission_new_sync@Base 0.99 + polkit_subject_equal@Base 0.94 + polkit_subject_exists@Base 0.94 + polkit_subject_exists_finish@Base 0.94 + polkit_subject_exists_sync@Base 0.94 + polkit_subject_from_string@Base 0.94 + polkit_subject_get_type@Base 0.94 + polkit_subject_hash@Base 0.94 + polkit_subject_new_for_gvariant@Base 0.99 + polkit_subject_to_gvariant@Base 0.99 + polkit_subject_to_string@Base 0.94 + polkit_system_bus_name_get_name@Base 0.94 + polkit_system_bus_name_get_process_sync@Base 0.95 + polkit_system_bus_name_get_type@Base 0.94 + polkit_system_bus_name_get_user_sync@Base 0.105-12~ + polkit_system_bus_name_new@Base 0.94 + polkit_system_bus_name_set_name@Base 0.94 + polkit_temporary_authorization_get_action_id@Base 0.94 + polkit_temporary_authorization_get_id@Base 0.94 + polkit_temporary_authorization_get_subject@Base 0.94 + polkit_temporary_authorization_get_time_expires@Base 0.94 + polkit_temporary_authorization_get_time_obtained@Base 0.94 + polkit_temporary_authorization_get_type@Base 0.94 + polkit_temporary_authorization_new@Base 0.94 + polkit_temporary_authorization_new_for_gvariant@Base 0.99 + polkit_temporary_authorization_to_gvariant@Base 0.99 + polkit_unix_group_get_gid@Base 0.94 + polkit_unix_group_get_type@Base 0.94 + polkit_unix_group_new@Base 0.94 + polkit_unix_group_new_for_name@Base 0.94 + polkit_unix_group_set_gid@Base 0.94 + polkit_unix_netgroup_get_name@Base 0.104 + polkit_unix_netgroup_get_type@Base 0.104 + polkit_unix_netgroup_new@Base 0.104 + polkit_unix_netgroup_set_name@Base 0.104 + polkit_unix_process_get_owner@Base 0.94 + polkit_unix_process_get_pid@Base 0.94 + polkit_unix_process_get_racy_uid__@Base 0.105-21~ + polkit_unix_process_get_start_time@Base 0.94 + polkit_unix_process_get_type@Base 0.94 + polkit_unix_process_get_uid@Base 0.101 + polkit_unix_process_new@Base 0.94 + polkit_unix_process_new_for_owner@Base 0.101 + polkit_unix_process_new_full@Base 0.94 + polkit_unix_process_set_pid@Base 0.94 + polkit_unix_process_set_start_time@Base 0.101 + polkit_unix_process_set_uid@Base 0.101 + polkit_unix_session_get_session_id@Base 0.94 + polkit_unix_session_get_type@Base 0.94 + polkit_unix_session_new@Base 0.94 + polkit_unix_session_new_for_process@Base 0.94 + polkit_unix_session_new_for_process_finish@Base 0.94 + polkit_unix_session_new_for_process_sync@Base 0.94 + polkit_unix_session_set_session_id@Base 0.94 + polkit_unix_user_get_name@Base 0.104 + polkit_unix_user_get_type@Base 0.94 + polkit_unix_user_get_uid@Base 0.94 + polkit_unix_user_new@Base 0.94 + polkit_unix_user_new_for_name@Base 0.94 + polkit_unix_user_set_uid@Base 0.94 diff --git a/libpolkit-gobject-1-dev.install b/libpolkit-gobject-1-dev.install new file mode 100644 index 00000000..e571609d --- /dev/null +++ b/libpolkit-gobject-1-dev.install @@ -0,0 +1,5 @@ +usr/include/polkit-1/polkit/ +usr/lib/*/libpolkit-gobject*.a +usr/lib/*/libpolkit-gobject*.so +usr/lib/*/pkgconfig/polkit-gobject*.pc +usr/share/gir-1.0/Polkit-1.0.gir diff --git a/patches/0.106/agenthelper-pam-Fix-newline-trimming-code.patch b/patches/0.106/agenthelper-pam-Fix-newline-trimming-code.patch new file mode 100644 index 00000000..0515b535 --- /dev/null +++ b/patches/0.106/agenthelper-pam-Fix-newline-trimming-code.patch @@ -0,0 +1,43 @@ +From: Colin Walters +Date: Wed, 6 Jun 2012 09:05:14 -0400 +Subject: agenthelper-pam: Fix newline-trimming code + +First, we were using == instead of =, as the author probably intended. +But after changing that, we're now assigning to const memory. Fix +that by writing to a temporary string buffer. + +Signed-off-by: David Zeuthen +Origin: upstream, 0.106, commit:14121fda7e4fa9463c66ce419cc32be7e7f3b535 +--- + src/polkitagent/polkitagenthelper-pam.c | 11 ++++++++--- + 1 file changed, 8 insertions(+), 3 deletions(-) + +diff --git a/src/polkitagent/polkitagenthelper-pam.c b/src/polkitagent/polkitagenthelper-pam.c +index 85a2671..7af5321 100644 +--- a/src/polkitagent/polkitagenthelper-pam.c ++++ b/src/polkitagent/polkitagenthelper-pam.c +@@ -227,6 +227,8 @@ conversation_function (int n, const struct pam_message **msg, struct pam_respons + char buf[PAM_MAX_RESP_SIZE]; + int i; + gchar *escaped = NULL; ++ gchar *tmp = NULL; ++ size_t len; + + data = data; + if (n <= 0 || n > PAM_MAX_NUM_MSG) +@@ -258,9 +260,12 @@ conversation_function (int n, const struct pam_message **msg, struct pam_respons + #ifdef PAH_DEBUG + fprintf (stderr, "polkit-agent-helper-1: writing `%s' to stdout\n", msg[i]->msg); + #endif /* PAH_DEBUG */ +- if (strlen (msg[i]->msg) > 0 && msg[i]->msg[strlen (msg[i]->msg) - 1] == '\n') +- msg[i]->msg[strlen (msg[i]->msg) - 1] == '\0'; +- escaped = g_strescape (msg[i]->msg, NULL); ++ tmp = g_strdup (msg[i]->msg); ++ len = strlen (tmp); ++ if (len > 0 && tmp[len - 1] == '\n') ++ tmp[len - 1] = '\0'; ++ escaped = g_strescape (tmp, NULL); ++ g_free (tmp); + fputs (escaped, stdout); + g_free (escaped); + #ifdef PAH_DEBUG diff --git a/patches/0.107/Try-harder-to-look-up-the-right-localization.patch b/patches/0.107/Try-harder-to-look-up-the-right-localization.patch new file mode 100644 index 00000000..e4ebca9b --- /dev/null +++ b/patches/0.107/Try-harder-to-look-up-the-right-localization.patch @@ -0,0 +1,53 @@ +From: Matthias Clasen +Date: Wed, 27 Jun 2012 20:28:00 -0400 +Subject: Try harder to look up the right localization + +The code for looking up localized strings for action descriptions +was manually trying to break locale names into pieces, but didn't +get it right for e.g. zh_CN.utf-8. Instead, use the GLib function +g_get_locale_variants(), which handles this (and more). This fixes +the translation problem reported in +https://bugzilla.gnome.org/show_bug.cgi?id=665497 + +Signed-off-by: David Zeuthen +(cherry picked from commit facadfb5c8c52ba45fd20ffe3b6d3ddd4208a427) +--- + src/polkitbackend/polkitbackendactionpool.c | 16 +++++++--------- + 1 file changed, 7 insertions(+), 9 deletions(-) + +diff --git a/src/polkitbackend/polkitbackendactionpool.c b/src/polkitbackend/polkitbackendactionpool.c +index e3ed38d..0af0010 100644 +--- a/src/polkitbackend/polkitbackendactionpool.c ++++ b/src/polkitbackend/polkitbackendactionpool.c +@@ -1108,7 +1108,7 @@ _localize (GHashTable *translations, + const gchar *lang) + { + const gchar *result; +- gchar lang2[256]; ++ gchar **langs; + guint n; + + if (lang == NULL) +@@ -1123,16 +1123,14 @@ _localize (GHashTable *translations, + goto out; + + /* we could have a translation for 'da' but lang=='da_DK'; cut off the last part and try again */ +- strncpy (lang2, lang, sizeof (lang2)); +- for (n = 0; lang2[n] != '\0'; n++) ++ langs = g_get_locale_variants (lang); ++ for (n = 0; langs[n] != NULL; n++) + { +- if (lang2[n] == '_') +- { +- lang2[n] = '\0'; +- break; +- } ++ result = (const char *) g_hash_table_lookup (translations, (void *) langs[n]); ++ if (result != NULL) ++ break; + } +- result = (const char *) g_hash_table_lookup (translations, (void *) lang2); ++ g_strfreev (langs); + if (result != NULL) + goto out; + diff --git a/patches/0.108/PolkitAgent-Avoid-crashing-if-initializing-the-server-obj.patch b/patches/0.108/PolkitAgent-Avoid-crashing-if-initializing-the-server-obj.patch new file mode 100644 index 00000000..ecd74a53 --- /dev/null +++ b/patches/0.108/PolkitAgent-Avoid-crashing-if-initializing-the-server-obj.patch @@ -0,0 +1,33 @@ +From: Adam Jackson +Date: Tue, 9 Oct 2012 14:08:24 -0400 +Subject: PolkitAgent: Avoid crashing if initializing the server object fails + +Note that otherwise we return a freed server object. Since later in +polkit_agent_listener_register_with_options we check against NULL to +determine failure, this makes for sad times later when we call +server_free() on it again. + +Signed-off-by: David Zeuthen +Origin: 0.108, commit:59f2d96ce3ac63173669f299a9453a7bf5e70a70 +Bug: https://bugs.freedesktop.org/show_bug.cgi?id=55776 +Bug-Debian: https://bugs.debian.org/923046 +--- + src/polkitagent/polkitagentlistener.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/src/polkitagent/polkitagentlistener.c b/src/polkitagent/polkitagentlistener.c +index 0d97501..5bddd03 100644 +--- a/src/polkitagent/polkitagentlistener.c ++++ b/src/polkitagent/polkitagentlistener.c +@@ -260,10 +260,9 @@ server_new (PolkitSubject *subject, + if (!server_init_sync (server, cancellable, error)) + { + server_free (server); +- goto out; ++ return NULL; + } + +- out: + return server; + } + diff --git a/patches/0.108/build-Fix-.gir-generation-for-parallel-make.patch b/patches/0.108/build-Fix-.gir-generation-for-parallel-make.patch new file mode 100644 index 00000000..58f6fbbd --- /dev/null +++ b/patches/0.108/build-Fix-.gir-generation-for-parallel-make.patch @@ -0,0 +1,41 @@ +From: Ryan Lortie +Date: Tue, 13 Nov 2012 11:50:14 -0500 +Subject: build: Fix .gir generation for parallel make + +As per the intructions in the introspection Makefile, we should have a +line declaring a dependency between the .gir and .la files. + +Bug: https://bugs.freedesktop.org/show_bug.cgi?id=57077 +Signed-off-by: David Zeuthen +Bug-Debian: https://bugs.debian.org/894205 +--- + src/polkit/Makefile.am | 2 ++ + src/polkitagent/Makefile.am | 2 ++ + 2 files changed, 4 insertions(+) + +diff --git a/src/polkit/Makefile.am b/src/polkit/Makefile.am +index 1068ea1..41ccf5c 100644 +--- a/src/polkit/Makefile.am ++++ b/src/polkit/Makefile.am +@@ -106,6 +106,8 @@ if HAVE_INTROSPECTION + + INTROSPECTION_GIRS = Polkit-1.0.gir + ++Polkit-1.0.gir: libpolkit-gobject-1.la ++ + girdir = $(INTROSPECTION_GIRDIR) + gir_DATA = Polkit-1.0.gir + +diff --git a/src/polkitagent/Makefile.am b/src/polkitagent/Makefile.am +index e8c9fb1..7b51137 100644 +--- a/src/polkitagent/Makefile.am ++++ b/src/polkitagent/Makefile.am +@@ -106,6 +106,8 @@ if HAVE_INTROSPECTION + girdir = $(INTROSPECTION_GIRDIR) + gir_DATA = PolkitAgent-1.0.gir + ++PolkitAgent-1.0.gir: libpolkit-agent-1.la ++ + typelibsdir = $(INTROSPECTION_TYPELIBDIR) + typelibs_DATA = PolkitAgent-1.0.typelib + diff --git a/patches/0.110/04_get_cwd.patch b/patches/0.110/04_get_cwd.patch new file mode 100644 index 00000000..acaa68d5 --- /dev/null +++ b/patches/0.110/04_get_cwd.patch @@ -0,0 +1,40 @@ +From: Emilio Pozuelo Monfort +Date: Sat, 26 Mar 2011 07:28:14 +0000 +Subject: Fix build on GNU Hurd + +Bug: https://bugs.freedesktop.org/show_bug.cgi?id=35685 +Applied-upstream: 0.110, commit:d6de13e12379826af8ca9355a32da48707b9831f +--- + src/programs/pkexec.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c +index 7fafa14..682fe95 100644 +--- a/src/programs/pkexec.c ++++ b/src/programs/pkexec.c +@@ -53,7 +53,7 @@ + #include + + static gchar *original_user_name = NULL; +-static gchar original_cwd[PATH_MAX]; ++static gchar *original_cwd; + static gchar *command_line = NULL; + static struct passwd *pw; + +@@ -465,7 +465,7 @@ main (int argc, char *argv[]) + goto out; + } + +- if (getcwd (original_cwd, sizeof (original_cwd)) == NULL) ++ if ((original_cwd = g_get_current_dir ()) == NULL) + { + g_printerr ("Error getting cwd: %s\n", + g_strerror (errno)); +@@ -953,6 +953,7 @@ main (int argc, char *argv[]) + g_ptr_array_free (saved_env, TRUE); + } + ++ g_free (original_cwd); + g_free (path); + g_free (command_line); + g_free (opt_user); diff --git a/patches/0.110/07_set-XAUTHORITY-environment-variable-if-unset.patch b/patches/0.110/07_set-XAUTHORITY-environment-variable-if-unset.patch new file mode 100644 index 00000000..1ddf78ca --- /dev/null +++ b/patches/0.110/07_set-XAUTHORITY-environment-variable-if-unset.patch @@ -0,0 +1,58 @@ +From: David Zeuthen +Date: Wed, 19 Dec 2012 14:28:29 -0500 +Subject: Set XAUTHORITY environment variable if is unset + +The way it works is that if XAUTHORITY is unset, then its default +value is $HOME/.Xauthority. But since we're changing user identity +this will not work since $HOME will now change. Therefore, if +XAUTHORITY is unset, just set its default value before changing +identity. This bug only affected login managers using X Window +Authorization but not explicitly setting the XAUTHORITY variable. + +You can argue that XAUTHORITY is broken since it forces uid-changing +apps like pkexec(1) to do more work - and get involved in intimate +details of how X works and so on - but that doesn't change how things +work. + +Based on a patch from Peter Wu . + +Bug: https://bugs.freedesktop.org/show_bug.cgi?id=51623 +Signed-off-by: David Zeuthen +Origin: upstream, 0.110, commit:d6acecdd0ebb42e28ff28e04e0207cb01fa20910 +--- + src/programs/pkexec.c | 22 ++++++++++++++++++++++ + 1 file changed, 22 insertions(+) + +diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c +index 373977b..7fafa14 100644 +--- a/src/programs/pkexec.c ++++ b/src/programs/pkexec.c +@@ -597,6 +597,28 @@ main (int argc, char *argv[]) + g_ptr_array_add (saved_env, g_strdup (value)); + } + ++ /* $XAUTHORITY is "special" - if unset, we need to set it to ~/.Xauthority. Yes, ++ * this is broken but it's unfortunately how things work (see fdo #51623 for ++ * details) ++ */ ++ if (g_getenv ("XAUTHORITY") == NULL) ++ { ++ const gchar *home; ++ ++ /* pre-2.36 GLib does not examine $HOME (it always looks in /etc/passwd) and ++ * this is not what we want ++ */ ++ home = g_getenv ("HOME"); ++ if (home == NULL) ++ home = g_get_home_dir (); ++ ++ if (home != NULL) ++ { ++ g_ptr_array_add (saved_env, g_strdup ("XAUTHORITY")); ++ g_ptr_array_add (saved_env, g_build_filename (home, ".Xauthority", NULL)); ++ } ++ } ++ + /* Nuke the environment to get a well-known and sanitized environment to avoid attacks + * via e.g. the DBUS_SYSTEM_BUS_ADDRESS environment variable and similar. + */ diff --git a/patches/0.111/09_pam_environment.patch b/patches/0.111/09_pam_environment.patch new file mode 100644 index 00000000..793efee6 --- /dev/null +++ b/patches/0.111/09_pam_environment.patch @@ -0,0 +1,43 @@ +From: Steve Langasek +Date: Fri, 8 Mar 2013 12:00:00 +0100 +Subject: pkexec: Set process environment from pam_getenvlist() + +Various pam modules provide environment variables that are intended to be set +in the environment of the pam session. pkexec needs to process the output of +pam_getenvlist() to get these. + +Bug: https://bugs.freedesktop.org/show_bug.cgi?id=62016 +Applied-upstream: 0.111, commit:5aef9722c15a350fbf8b20a3b58419f156cc7c98 +Bug-Ubuntu: https://bugs.launchpad.net/bugs/982684 +--- + src/programs/pkexec.c | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c +index 682fe95..9a0570a 100644 +--- a/src/programs/pkexec.c ++++ b/src/programs/pkexec.c +@@ -145,6 +145,7 @@ open_session (const gchar *user_to_auth) + gboolean ret; + gint rc; + pam_handle_t *pam_h; ++ char **envlist; + struct pam_conv conversation; + + ret = FALSE; +@@ -176,6 +177,15 @@ open_session (const gchar *user_to_auth) + + ret = TRUE; + ++ envlist = pam_getenvlist (pam_h); ++ if (envlist != NULL) ++ { ++ guint n; ++ for (n = 0; envlist[n]; n++) ++ putenv (envlist[n]); ++ free (envlist); ++ } ++ + out: + if (pam_h != NULL) + pam_end (pam_h, rc); diff --git a/patches/0.111/Add-a-FIXME-to-polkitprivate.h.patch b/patches/0.111/Add-a-FIXME-to-polkitprivate.h.patch new file mode 100644 index 00000000..10717549 --- /dev/null +++ b/patches/0.111/Add-a-FIXME-to-polkitprivate.h.patch @@ -0,0 +1,32 @@ +From: =?utf-8?q?Miloslav_Trma=C4=8D?= +Date: Thu, 18 Apr 2013 19:54:59 +0200 +Subject: Add a FIXME to polkitprivate.h + +See discussion in https://bugs.freedesktop.org/show_bug.cgi?id=63573 . + +Origin: upstream, 0.111, commit:18d97c95c022bb381efab8fb6ac80312bd7fbc11 +--- + src/polkit/polkitprivate.h | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git a/src/polkit/polkitprivate.h b/src/polkit/polkitprivate.h +index 579cc25..7f5c463 100644 +--- a/src/polkit/polkitprivate.h ++++ b/src/polkit/polkitprivate.h +@@ -28,6 +28,16 @@ + #include "polkitauthorizationresult.h" + #include "polkittemporaryauthorization.h" + ++/* FIXME: This header file is currently installed among other public header ++ files, and the symbols are exported in the shared library. ++ ++ For application writers: relying on any function here is strongly ++ discouraged. ++ ++ For polkit maintainers: This should be made private if a large ABI break ++ were necessary in the future. In the meantime, consider that there is ++ non-zero risk that changing these functions might break some applications. */ ++ + PolkitActionDescription *polkit_action_description_new_for_gvariant (GVariant *value); + GVariant *polkit_action_description_to_gvariant (PolkitActionDescription *action_description); + diff --git a/patches/0.111/Fix-a-memory-leak.patch b/patches/0.111/Fix-a-memory-leak.patch new file mode 100644 index 00000000..9aa66bf4 --- /dev/null +++ b/patches/0.111/Fix-a-memory-leak.patch @@ -0,0 +1,22 @@ +From: =?utf-8?q?Miloslav_Trma=C4=8D?= +Date: Tue, 7 May 2013 22:30:25 +0200 +Subject: Fix a memory leak + +Bug: https://bugs.freedesktop.org/show_bug.cgi?id=64336 +Origin: upstream, 0.111, commit:d7b6ab40b586c255c49aba22f558eb6602c88b1e +--- + src/polkitagent/polkitagenthelper-pam.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/polkitagent/polkitagenthelper-pam.c b/src/polkitagent/polkitagenthelper-pam.c +index 7af5321..292abbe 100644 +--- a/src/polkitagent/polkitagenthelper-pam.c ++++ b/src/polkitagent/polkitagenthelper-pam.c +@@ -321,6 +321,7 @@ error: + } + } + memset (aresp, 0, n * sizeof *aresp); ++ free (aresp); + *resp = NULL; + return PAM_CONV_ERR; + } diff --git a/patches/0.112/00git_type_registration.patch b/patches/0.112/00git_type_registration.patch new file mode 100644 index 00000000..3936801f --- /dev/null +++ b/patches/0.112/00git_type_registration.patch @@ -0,0 +1,118 @@ +From: Tomas Bzatek +Date: Wed, 29 May 2013 13:45:31 +0000 +Subject: Use GOnce for interface type registration + +Static local variable may not be enough since it doesn't provide locking. + +Related to these udisksd warnings: + GLib-GObject-WARNING **: cannot register existing type `PolkitSubject' + +Thanks to Hans de Goede for spotting this! + +Bug: https://bugs.freedesktop.org/show_bug.cgi?id=65130 +Origin: upstream, 0.112, commit:20ad116a6582e57d20f9d8197758947918753a4c +--- + src/polkit/polkitidentity.c | 10 ++++++---- + src/polkit/polkitsubject.c | 10 ++++++---- + src/polkitbackend/polkitbackendactionlookup.c | 10 ++++++---- + 3 files changed, 18 insertions(+), 12 deletions(-) + +diff --git a/src/polkit/polkitidentity.c b/src/polkit/polkitidentity.c +index dd15b2f..7813c2c 100644 +--- a/src/polkit/polkitidentity.c ++++ b/src/polkit/polkitidentity.c +@@ -49,9 +49,9 @@ base_init (gpointer g_iface) + GType + polkit_identity_get_type (void) + { +- static GType iface_type = 0; ++ static volatile gsize g_define_type_id__volatile = 0; + +- if (iface_type == 0) ++ if (g_once_init_enter (&g_define_type_id__volatile)) + { + static const GTypeInfo info = + { +@@ -67,12 +67,14 @@ polkit_identity_get_type (void) + NULL /* value_table */ + }; + +- iface_type = g_type_register_static (G_TYPE_INTERFACE, "PolkitIdentity", &info, 0); ++ GType iface_type = ++ g_type_register_static (G_TYPE_INTERFACE, "PolkitIdentity", &info, 0); + + g_type_interface_add_prerequisite (iface_type, G_TYPE_OBJECT); ++ g_once_init_leave (&g_define_type_id__volatile, iface_type); + } + +- return iface_type; ++ return g_define_type_id__volatile; + } + + /** +diff --git a/src/polkit/polkitsubject.c b/src/polkit/polkitsubject.c +index d2c4c20..aed5795 100644 +--- a/src/polkit/polkitsubject.c ++++ b/src/polkit/polkitsubject.c +@@ -50,9 +50,9 @@ base_init (gpointer g_iface) + GType + polkit_subject_get_type (void) + { +- static GType iface_type = 0; ++ static volatile gsize g_define_type_id__volatile = 0; + +- if (iface_type == 0) ++ if (g_once_init_enter (&g_define_type_id__volatile)) + { + static const GTypeInfo info = + { +@@ -68,12 +68,14 @@ polkit_subject_get_type (void) + NULL /* value_table */ + }; + +- iface_type = g_type_register_static (G_TYPE_INTERFACE, "PolkitSubject", &info, 0); ++ GType iface_type = ++ g_type_register_static (G_TYPE_INTERFACE, "PolkitSubject", &info, 0); + + g_type_interface_add_prerequisite (iface_type, G_TYPE_OBJECT); ++ g_once_init_leave (&g_define_type_id__volatile, iface_type); + } + +- return iface_type; ++ return g_define_type_id__volatile; + } + + /** +diff --git a/src/polkitbackend/polkitbackendactionlookup.c b/src/polkitbackend/polkitbackendactionlookup.c +index 5a1a228..20747e7 100644 +--- a/src/polkitbackend/polkitbackendactionlookup.c ++++ b/src/polkitbackend/polkitbackendactionlookup.c +@@ -74,9 +74,9 @@ base_init (gpointer g_iface) + GType + polkit_backend_action_lookup_get_type (void) + { +- static GType iface_type = 0; ++ static volatile gsize g_define_type_id__volatile = 0; + +- if (iface_type == 0) ++ if (g_once_init_enter (&g_define_type_id__volatile)) + { + static const GTypeInfo info = + { +@@ -92,12 +92,14 @@ polkit_backend_action_lookup_get_type (void) + NULL /* value_table */ + }; + +- iface_type = g_type_register_static (G_TYPE_INTERFACE, "PolkitBackendActionLookup", &info, 0); ++ GType iface_type = ++ g_type_register_static (G_TYPE_INTERFACE, "PolkitBackendActionLookup", &info, 0); + + g_type_interface_add_prerequisite (iface_type, G_TYPE_OBJECT); ++ g_once_init_leave (&g_define_type_id__volatile, iface_type); + } + +- return iface_type; ++ return g_define_type_id__volatile; + } + + /** diff --git a/patches/0.112/08_deprecate_racy_APIs.patch b/patches/0.112/08_deprecate_racy_APIs.patch new file mode 100644 index 00000000..725a44a2 --- /dev/null +++ b/patches/0.112/08_deprecate_racy_APIs.patch @@ -0,0 +1,27 @@ +From: Colin Walters +Date: Tue, 20 Aug 2013 15:15:31 -0400 +Subject: polkitunixprocess: Deprecate racy APIs + +It's only safe for processes to be created with their owning uid, +(without kernel support, which we don't have). Anything else is +subject to clients exec()ing setuid binaries after the fact. + +Origin: upstream, 0.112, commit:08291789a1f99d4ab29c74c39344304bcca43023 +--- + src/polkit/polkitunixprocess.h | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/polkit/polkitunixprocess.h b/src/polkit/polkitunixprocess.h +index 531a57d..f5ed1a7 100644 +--- a/src/polkit/polkitunixprocess.h ++++ b/src/polkit/polkitunixprocess.h +@@ -47,7 +47,9 @@ typedef struct _PolkitUnixProcess PolkitUnixProcess; + typedef struct _PolkitUnixProcessClass PolkitUnixProcessClass; + + GType polkit_unix_process_get_type (void) G_GNUC_CONST; ++G_GNUC_DEPRECATED_FOR(polkit_unix_process_new_for_owner) + PolkitSubject *polkit_unix_process_new (gint pid); ++G_GNUC_DEPRECATED_FOR(polkit_unix_process_new_for_owner) + PolkitSubject *polkit_unix_process_new_full (gint pid, + guint64 start_time); + PolkitSubject *polkit_unix_process_new_for_owner (gint pid, diff --git a/patches/0.112/cve-2013-4288.patch b/patches/0.112/cve-2013-4288.patch new file mode 100644 index 00000000..207bcf04 --- /dev/null +++ b/patches/0.112/cve-2013-4288.patch @@ -0,0 +1,116 @@ +From: Colin Walters +Date: Mon, 19 Aug 2013 12:16:11 -0400 +Subject: pkcheck: Support --process=pid,start-time,uid syntax too + +The uid is a new addition; this allows callers such as libvirt to +close a race condition in reading the uid of the process talking to +them. They can read it via getsockopt(SO_PEERCRED) or equivalent, +rather than having pkcheck look at /proc later after the fact. + +Programs which invoke pkcheck but need to know beforehand (i.e. at +compile time) whether or not it supports passing the uid can +use: + +pkcheck_supports_uid=$($PKG_CONFIG --variable pkcheck_supports_uid polkit-gobject-1) +test x$pkcheck_supports_uid = xyes + +Origin: upstream, 0.112, commit:3968411b0c7ba193f9b9276ec911692aec248608 +--- + data/polkit-gobject-1.pc.in | 3 +++ + docs/man/pkcheck.xml | 29 ++++++++++++++++++++--------- + src/programs/pkcheck.c | 7 ++++++- + 3 files changed, 29 insertions(+), 10 deletions(-) + +diff --git a/data/polkit-gobject-1.pc.in b/data/polkit-gobject-1.pc.in +index c39677d..5c4c620 100644 +--- a/data/polkit-gobject-1.pc.in ++++ b/data/polkit-gobject-1.pc.in +@@ -11,3 +11,6 @@ Version: @VERSION@ + Libs: -L${libdir} -lpolkit-gobject-1 + Cflags: -I${includedir}/polkit-1 + Requires: gio-2.0 >= 2.18 glib-2.0 >= 2.18 ++# Programs using pkcheck can use this to determine ++# whether or not it can be passed a uid. ++pkcheck_supports_uid=true +diff --git a/docs/man/pkcheck.xml b/docs/man/pkcheck.xml +index 6b8a874..508447e 100644 +--- a/docs/man/pkcheck.xml ++++ b/docs/man/pkcheck.xml +@@ -55,6 +55,9 @@ + + pid,pid-start-time + ++ ++ pid,pid-start-time,uid ++ + + + +@@ -90,7 +93,7 @@ + DESCRIPTION + + pkcheck is used to check whether a process, specified by +- either or , ++ either (see below) or , + is authorized for action. The + option can be used zero or more times to pass details about action. + If is passed, pkcheck blocks +@@ -160,17 +163,25 @@ KEY3=VALUE3 + + NOTES + +- Since process identifiers can be recycled, the caller should always use +- pid,pid-start-time to specify the process +- to check for authorization when using the option. +- The value of pid-start-time +- can be determined by consulting e.g. the ++ Do not use either the bare pid or ++ pid,start-time syntax forms for ++ . There are race conditions in both. ++ New code should always use ++ pid,pid-start-time,uid. The value of ++ start-time can be determined by ++ consulting e.g. the + + proc5 + +- file system depending on the operating system. If only pid +- is passed to the option, then pkcheck +- will look up the start time itself but note that this may be racy. ++ file system depending on the operating system. If fewer than 3 ++ arguments are passed, pkcheck will attempt to ++ look up them up internally, but note that this may be racy. ++ ++ ++ If your program is a daemon with e.g. a custom Unix domain ++ socket, you should determine the uid ++ parameter via operating system mechanisms such as ++ PEERCRED. + + + +diff --git a/src/programs/pkcheck.c b/src/programs/pkcheck.c +index 719a36c..057e926 100644 +--- a/src/programs/pkcheck.c ++++ b/src/programs/pkcheck.c +@@ -372,6 +372,7 @@ main (int argc, char *argv[]) + else if (g_strcmp0 (argv[n], "--process") == 0 || g_strcmp0 (argv[n], "-p") == 0) + { + gint pid; ++ guint uid; + guint64 pid_start_time; + + n++; +@@ -381,7 +382,11 @@ main (int argc, char *argv[]) + goto out; + } + +- if (sscanf (argv[n], "%i,%" G_GUINT64_FORMAT, &pid, &pid_start_time) == 2) ++ if (sscanf (argv[n], "%i,%" G_GUINT64_FORMAT ",%u", &pid, &pid_start_time, &uid) == 3) ++ { ++ subject = polkit_unix_process_new_for_owner (pid, pid_start_time, uid); ++ } ++ else if (sscanf (argv[n], "%i,%" G_GUINT64_FORMAT, &pid, &pid_start_time) == 2) + { + subject = polkit_unix_process_new_full (pid, pid_start_time); + } diff --git a/patches/0.113/00git_fix_memleak.patch b/patches/0.113/00git_fix_memleak.patch new file mode 100644 index 00000000..4283345a --- /dev/null +++ b/patches/0.113/00git_fix_memleak.patch @@ -0,0 +1,26 @@ +From: "Max A. Dednev" +Date: Sun, 11 Jan 2015 20:00:44 -0500 +Subject: authority: Fix memory leak in EnumerateActions call results handler + +Policykit-1 doesn't release reference counters of GVariant data for +org.freedesktop.PolicyKit1.Authority.EnumerateActions dbus call. This +patch fixed reference counting and following memory leak. + +Bug: https://bugs.freedesktop.org/show_bug.cgi?id=88288 +Origin: upstream, 0.113, commit:f4d71e0de885010494b8b0b8d62ca910011d7544 +--- + src/polkit/polkitauthority.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/src/polkit/polkitauthority.c b/src/polkit/polkitauthority.c +index 9947cf3..84dab72 100644 +--- a/src/polkit/polkitauthority.c ++++ b/src/polkit/polkitauthority.c +@@ -715,7 +715,6 @@ polkit_authority_enumerate_actions_finish (PolkitAuthority *authority, + while ((child = g_variant_iter_next_value (&iter)) != NULL) + { + ret = g_list_prepend (ret, polkit_action_description_new_for_gvariant (child)); +- g_variant_ref_sink (child); + g_variant_unref (child); + } + ret = g_list_reverse (ret); diff --git a/patches/0.113/00git_invalid_object_paths.patch b/patches/0.113/00git_invalid_object_paths.patch new file mode 100644 index 00000000..088d170a --- /dev/null +++ b/patches/0.113/00git_invalid_object_paths.patch @@ -0,0 +1,116 @@ +From: Colin Walters +Date: Sat, 30 May 2015 09:06:23 -0400 +Subject: CVE-2015-3218: backend: Handle invalid object paths in + RegisterAuthenticationAgent +MIME-Version: 1.0 +Content-Type: text/plain; charset="utf-8" +Content-Transfer-Encoding: 8bit + +Properly propagate the error, otherwise we dereference a `NULL` +pointer. This is a local, authenticated DoS. + +`RegisterAuthenticationAgentWithOptions` and +`UnregisterAuthentication` have been validated to not need changes for +this. + +http://lists.freedesktop.org/archives/polkit-devel/2015-May/000420.html + +Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90829 +Bug-Debian: https://bugs.debian.org/787932 +Reported-by: Tavis Ormandy +Reviewed-by: Philip Withnall +Reviewed-by: Miloslav Trmač +Signed-off-by: Colin Walters +Origin: upstream, 0.113, commit:48e646918efb2bf0b3b505747655726d7869f31c +--- + .../polkitbackendinteractiveauthority.c | 53 ++++++++++++---------- + 1 file changed, 30 insertions(+), 23 deletions(-) + +diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c +index b237e9d..25e13fb 100644 +--- a/src/polkitbackend/polkitbackendinteractiveauthority.c ++++ b/src/polkitbackend/polkitbackendinteractiveauthority.c +@@ -1558,36 +1558,42 @@ authentication_agent_new (PolkitSubject *scope, + const gchar *unique_system_bus_name, + const gchar *locale, + const gchar *object_path, +- GVariant *registration_options) ++ GVariant *registration_options, ++ GError **error) + { + AuthenticationAgent *agent; +- GError *error; ++ GDBusProxy *proxy; + +- agent = g_new0 (AuthenticationAgent, 1); ++ if (!g_variant_is_object_path (object_path)) ++ { ++ g_set_error (error, POLKIT_ERROR, POLKIT_ERROR_FAILED, ++ "Invalid object path '%s'", object_path); ++ return NULL; ++ } ++ ++ proxy = g_dbus_proxy_new_for_bus_sync (G_BUS_TYPE_SYSTEM, ++ G_DBUS_PROXY_FLAGS_DO_NOT_LOAD_PROPERTIES | ++ G_DBUS_PROXY_FLAGS_DO_NOT_CONNECT_SIGNALS, ++ NULL, /* GDBusInterfaceInfo* */ ++ unique_system_bus_name, ++ object_path, ++ "org.freedesktop.PolicyKit1.AuthenticationAgent", ++ NULL, /* GCancellable* */ ++ error); ++ if (proxy == NULL) ++ { ++ g_prefix_error (error, "Failed to construct proxy for agent: " ); ++ return NULL; ++ } + ++ agent = g_new0 (AuthenticationAgent, 1); + agent->ref_count = 1; + agent->scope = g_object_ref (scope); + agent->object_path = g_strdup (object_path); + agent->unique_system_bus_name = g_strdup (unique_system_bus_name); + agent->locale = g_strdup (locale); + agent->registration_options = registration_options != NULL ? g_variant_ref (registration_options) : NULL; +- +- error = NULL; +- agent->proxy = g_dbus_proxy_new_for_bus_sync (G_BUS_TYPE_SYSTEM, +- G_DBUS_PROXY_FLAGS_DO_NOT_LOAD_PROPERTIES | +- G_DBUS_PROXY_FLAGS_DO_NOT_CONNECT_SIGNALS, +- NULL, /* GDBusInterfaceInfo* */ +- agent->unique_system_bus_name, +- agent->object_path, +- "org.freedesktop.PolicyKit1.AuthenticationAgent", +- NULL, /* GCancellable* */ +- &error); +- if (agent->proxy == NULL) +- { +- g_warning ("Error constructing proxy for agent: %s", error->message); +- g_error_free (error); +- /* TODO: Make authentication_agent_new() return NULL and set a GError */ +- } ++ agent->proxy = proxy; + + return agent; + } +@@ -2234,8 +2240,6 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken + caller_cmdline = NULL; + agent = NULL; + +- /* TODO: validate that object path is well-formed */ +- + interactive_authority = POLKIT_BACKEND_INTERACTIVE_AUTHORITY (authority); + priv = POLKIT_BACKEND_INTERACTIVE_AUTHORITY_GET_PRIVATE (interactive_authority); + +@@ -2322,7 +2326,10 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken + polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (caller)), + locale, + object_path, +- options); ++ options, ++ error); ++ if (!agent) ++ goto out; + + g_hash_table_insert (priv->hash_scope_to_authentication_agent, + g_object_ref (subject), diff --git a/patches/0.113/03_PolkitAgentSession-fix-race-between-child-and-io-wat.patch b/patches/0.113/03_PolkitAgentSession-fix-race-between-child-and-io-wat.patch new file mode 100644 index 00000000..956099b6 --- /dev/null +++ b/patches/0.113/03_PolkitAgentSession-fix-race-between-child-and-io-wat.patch @@ -0,0 +1,120 @@ +From: Rui Matos +Date: Thu, 6 Feb 2014 18:41:18 +0100 +Subject: PolkitAgentSession: fix race between child and io watches + +The helper flushes and fdatasyncs stdout and stderr before terminating +but this doesn't guarantee that our io watch is called before our +child watch. This means that we can end up with a successful return +from the helper which we still report as a failure. + +If we add G_IO_HUP and G_IO_ERR to the conditions we look for in the +io watch and the child terminates we still run the io watch handler +which will complete the session. + +This means that the child watch is in fact needless and we can remove +it. + +Bug: https://bugs.freedesktop.org/show_bug.cgi?id=60847 +Origin: upstream, 0.113, commit:7650ad1e08ab13bdb461783c4995d186d9392840 +Bug: http://bugs.freedesktop.org/show_bug.cgi?id=30515 +Bug-Ubuntu: https://launchpad.net/bugs/649939 +Bug-Ubuntu: https://launchpad.net/bugs/445303 +--- + src/polkitagent/polkitagentsession.c | 47 +++++++++--------------------------- + 1 file changed, 11 insertions(+), 36 deletions(-) + +diff --git a/src/polkitagent/polkitagentsession.c b/src/polkitagent/polkitagentsession.c +index 8129cd9..a658a22 100644 +--- a/src/polkitagent/polkitagentsession.c ++++ b/src/polkitagent/polkitagentsession.c +@@ -92,7 +92,6 @@ struct _PolkitAgentSession + int child_stdout; + GPid child_pid; + +- GSource *child_watch_source; + GSource *child_stdout_watch_source; + GIOChannel *child_stdout_channel; + +@@ -377,13 +376,6 @@ kill_helper (PolkitAgentSession *session) + session->child_pid = 0; + } + +- if (session->child_watch_source != NULL) +- { +- g_source_destroy (session->child_watch_source); +- g_source_unref (session->child_watch_source); +- session->child_watch_source = NULL; +- } +- + if (session->child_stdout_watch_source != NULL) + { + g_source_destroy (session->child_stdout_watch_source); +@@ -429,26 +421,6 @@ complete_session (PolkitAgentSession *session, + } + } + +-static void +-child_watch_func (GPid pid, +- gint status, +- gpointer user_data) +-{ +- PolkitAgentSession *session = POLKIT_AGENT_SESSION (user_data); +- +- if (G_UNLIKELY (_show_debug ())) +- { +- g_print ("PolkitAgentSession: in child_watch_func for pid %d (WIFEXITED=%d WEXITSTATUS=%d)\n", +- (gint) pid, +- WIFEXITED(status), +- WEXITSTATUS(status)); +- } +- +- /* kill all the watches we have set up, except for the child since it has exited already */ +- session->child_pid = 0; +- complete_session (session, FALSE); +-} +- + static gboolean + io_watch_have_data (GIOChannel *channel, + GIOCondition condition, +@@ -475,10 +447,13 @@ io_watch_have_data (GIOChannel *channel, + NULL, + NULL, + &error); +- if (error != NULL) ++ if (error != NULL || line == NULL) + { +- g_warning ("Error reading line from helper: %s", error->message); +- g_error_free (error); ++ /* In case we get just G_IO_HUP, line is NULL but error is ++ unset.*/ ++ g_warning ("Error reading line from helper: %s", ++ error ? error->message : "nothing to read"); ++ g_clear_error (&error); + + complete_session (session, FALSE); + goto out; +@@ -540,6 +515,9 @@ io_watch_have_data (GIOChannel *channel, + g_free (line); + g_free (unescaped); + ++ if (condition & (G_IO_ERR | G_IO_HUP)) ++ complete_session (session, FALSE); ++ + /* keep the IOChannel around */ + return TRUE; + } +@@ -650,12 +628,9 @@ polkit_agent_session_initiate (PolkitAgentSession *session) + if (G_UNLIKELY (_show_debug ())) + g_print ("PolkitAgentSession: spawned helper with pid %d\n", (gint) session->child_pid); + +- session->child_watch_source = g_child_watch_source_new (session->child_pid); +- g_source_set_callback (session->child_watch_source, (GSourceFunc) child_watch_func, session, NULL); +- g_source_attach (session->child_watch_source, g_main_context_get_thread_default ()); +- + session->child_stdout_channel = g_io_channel_unix_new (session->child_stdout); +- session->child_stdout_watch_source = g_io_create_watch (session->child_stdout_channel, G_IO_IN); ++ session->child_stdout_watch_source = g_io_create_watch (session->child_stdout_channel, ++ G_IO_IN | G_IO_ERR | G_IO_HUP); + g_source_set_callback (session->child_stdout_watch_source, (GSourceFunc) io_watch_have_data, session, NULL); + g_source_attach (session->child_stdout_watch_source, g_main_context_get_thread_default ()); + diff --git a/patches/0.113/CVE-2015-3255-Fix-GHashTable-usage.patch b/patches/0.113/CVE-2015-3255-Fix-GHashTable-usage.patch new file mode 100644 index 00000000..30f55a45 --- /dev/null +++ b/patches/0.113/CVE-2015-3255-Fix-GHashTable-usage.patch @@ -0,0 +1,68 @@ +From: =?utf-8?q?Miloslav_Trma=C4=8D?= +Date: Wed, 1 Apr 2015 05:22:37 +0200 +Subject: CVE-2015-3255 Fix GHashTable usage. + +Don't assume that the hash table with free both the key and the value +at the same time, supply proper deallocation functions for the key +and value separately. + +Then drop ParsedAction::action_id which is no longer used for anything. + +https://bugs.freedesktop.org/show_bug.cgi?id=69501 +and +https://bugs.freedesktop.org/show_bug.cgi?id=83590 + +CVE: CVE-2015-3255 +Origin: upstream, 0.113, commit:9f5e0c731784003bd4d6fc75ab739ff8b2ea269f +Bug-Debian: https://bugs.debian.org/796134 +--- + src/polkitbackend/polkitbackendactionpool.c | 8 +++----- + 1 file changed, 3 insertions(+), 5 deletions(-) + +diff --git a/src/polkitbackend/polkitbackendactionpool.c b/src/polkitbackend/polkitbackendactionpool.c +index 0af0010..b16ed2f 100644 +--- a/src/polkitbackend/polkitbackendactionpool.c ++++ b/src/polkitbackend/polkitbackendactionpool.c +@@ -40,7 +40,6 @@ + + typedef struct + { +- gchar *action_id; + gchar *vendor_name; + gchar *vendor_url; + gchar *icon_name; +@@ -62,7 +61,6 @@ typedef struct + static void + parsed_action_free (ParsedAction *action) + { +- g_free (action->action_id); + g_free (action->vendor_name); + g_free (action->vendor_url); + g_free (action->icon_name); +@@ -134,7 +132,7 @@ polkit_backend_action_pool_init (PolkitBackendActionPool *pool) + + priv->parsed_actions = g_hash_table_new_full (g_str_hash, + g_str_equal, +- NULL, ++ g_free, + (GDestroyNotify) parsed_action_free); + + priv->parsed_files = g_hash_table_new_full (g_str_hash, +@@ -988,7 +986,6 @@ _end (void *data, const char *el) + icon_name = pd->global_icon_name; + + action = g_new0 (ParsedAction, 1); +- action->action_id = g_strdup (pd->action_id); + action->vendor_name = g_strdup (vendor); + action->vendor_url = g_strdup (vendor_url); + action->icon_name = g_strdup (icon_name); +@@ -1003,7 +1000,8 @@ _end (void *data, const char *el) + action->implicit_authorization_inactive = pd->implicit_authorization_inactive; + action->implicit_authorization_active = pd->implicit_authorization_active; + +- g_hash_table_insert (priv->parsed_actions, action->action_id, action); ++ g_hash_table_insert (priv->parsed_actions, g_strdup (pd->action_id), ++ action); + + /* we steal these hash tables */ + pd->annotations = NULL; diff --git a/patches/0.113/CVE-2015-4625-Bind-use-of-cookies-to-specific-uids.patch b/patches/0.113/CVE-2015-4625-Bind-use-of-cookies-to-specific-uids.patch new file mode 100644 index 00000000..8b584a76 --- /dev/null +++ b/patches/0.113/CVE-2015-4625-Bind-use-of-cookies-to-specific-uids.patch @@ -0,0 +1,484 @@ +From: Colin Walters +Date: Wed, 17 Jun 2015 13:07:02 -0400 +Subject: CVE-2015-4625: Bind use of cookies to specific uids +MIME-Version: 1.0 +Content-Type: text/plain; charset="utf-8" +Content-Transfer-Encoding: 8bit + +http://lists.freedesktop.org/archives/polkit-devel/2015-June/000425.html + +The "cookie" value that Polkit hands out is global to all polkit +users. And when `AuthenticationAgentResponse` is invoked, we +previously only received the cookie and *target* identity, and +attempted to find an agent from that. + +The problem is that the current cookie is just an integer +counter, and if it overflowed, it would be possible for +an successful authorization in one session to trigger a response +in another session. + +The overflow and ability to guess the cookie were fixed by the +previous patch. + +This patch is conceptually further hardening on top of that. Polkit +currently treats uids as equivalent from a security domain +perspective; there is no support for +SELinux/AppArmor/etc. differentiation. + +We can retrieve the uid from `getuid()` in the setuid helper, which +allows us to ensure the uid invoking `AuthenticationAgentResponse2` +matches that of the agent. + +Then the authority only looks at authentication sessions matching the +cookie that were created by a matching uid, thus removing the ability +for different uids to interfere with each other entirely. + +Several fixes to this patch were contributed by: +Miloslav Trmač + +Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90837 +CVE: CVE-2015-4625 +Reported-by: Tavis Ormandy +Reviewed-by: Miloslav Trmač +Signed-off-by: Colin Walters +Origin: upstream, 0.113, commit:493aa5dc1d278ab9097110c1262f5229bbaf1766 +Bug-Debian: https://bugs.debian.org/796134 +--- + ....freedesktop.PolicyKit1.AuthenticationAgent.xml | 14 ++++- + data/org.freedesktop.PolicyKit1.Authority.xml | 24 ++++++++- + ...erface-org.freedesktop.PolicyKit1.Authority.xml | 46 +++++++++++++++- + docs/polkit/overview.xml | 18 ++++--- + src/polkit/polkitauthority.c | 13 ++++- + src/polkitbackend/polkitbackendauthority.c | 61 +++++++++++++++++++++- + src/polkitbackend/polkitbackendauthority.h | 2 + + .../polkitbackendinteractiveauthority.c | 39 ++++++++++++-- + 8 files changed, 198 insertions(+), 19 deletions(-) + +diff --git a/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml b/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml +index 3b519c2..5beef7d 100644 +--- a/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml ++++ b/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml +@@ -8,7 +8,19 @@ + + + +- ++ + + + +diff --git a/data/org.freedesktop.PolicyKit1.Authority.xml b/data/org.freedesktop.PolicyKit1.Authority.xml +index fbfb9cd..f9021ee 100644 +--- a/data/org.freedesktop.PolicyKit1.Authority.xml ++++ b/data/org.freedesktop.PolicyKit1.Authority.xml +@@ -313,7 +313,29 @@ + + + +- ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ + + + +diff --git a/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml b/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml +index 6525e25..e66bf53 100644 +--- a/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml ++++ b/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml +@@ -42,6 +42,8 @@ Structure TemporaryAuth + IN String object_path) + AuthenticationAgentResponse (IN String cookie, + IN Identity identity) ++AuthenticationAgentResponse2 (IN uint32 uid, IN String cookie, ++ IN Identity identity) + EnumerateTemporaryAuthorizations (IN Subject subject, + OUT Array<TemporaryAuthorization> temporary_authorizations) + RevokeTemporaryAuthorizations (IN Subject subject) +@@ -777,9 +779,51 @@ AuthenticationAgentResponse (IN String cookie, + IN Identity identity) + + +-Method for authentication agents to invoke on successful authentication. This method will fail unless a sufficiently privileged caller invokes it. ++Method for authentication agents to invoke on successful ++authentication, intended only for use by a privileged helper process ++internal to polkit. Deprecated in favor of AuthenticationAgentResponse2. ++ ++ ++ ++ IN String cookie: ++ ++ ++The cookie identifying the authentication request that was passed to the authentication agent. ++ ++ ++ ++ ++ IN Identity identity: ++ ++ ++A Identity struct describing what identity was authenticated. ++ ++ ++ ++ ++ ++ ++ AuthenticationAgentResponse2 () ++ ++AuthenticationAgentResponse2 (IN uint32 uid, ++ IN String cookie, ++ IN Identity identity) ++ ++ ++Method for authentication agents to invoke on successful ++authentication, intended only for use by a privileged helper process ++internal to polkit. Note this method was introduced in 0.114 to fix a security issue. + + ++ ++ IN uint32 uid: ++ ++ ++The user id of the agent; normally this is the owner of the parent pid ++of the process that invoked the internal setuid helper. ++ ++ ++ + + IN String cookie: + +diff --git a/docs/polkit/overview.xml b/docs/polkit/overview.xml +index 24440d2..c29d8da 100644 +--- a/docs/polkit/overview.xml ++++ b/docs/polkit/overview.xml +@@ -66,16 +66,18 @@ + + Authentication agents are provided by desktop environments. When + an user session starts, the agent registers with the polkit +- Authority using +- the RegisterAuthenticationAgent() ++ Authority using the RegisterAuthenticationAgent() + method. When services are needed, the authority will invoke +- methods on +- the org.freedesktop.PolicyKit1.AuthenticationAgent ++ methods on the org.freedesktop.PolicyKit1.AuthenticationAgent + D-Bus interface. Once the user is authenticated, (a privileged +- part of) the agent invokes +- the AuthenticationAgentResponse() +- method. Note that the polkit Authority itself does not care +- how the agent authenticates the user. ++ part of) the agent invokes the AuthenticationAgentResponse() ++ method. This method should be treated as an internal ++ implementation detail, and callers should use the public shared ++ library API to invoke it, which currently uses a setuid helper ++ program. + + + The libpolkit-agent-1 +diff --git a/src/polkit/polkitauthority.c b/src/polkit/polkitauthority.c +index 84dab72..f45abc4 100644 +--- a/src/polkit/polkitauthority.c ++++ b/src/polkit/polkitauthority.c +@@ -1492,6 +1492,14 @@ polkit_authority_authentication_agent_response (PolkitAuthority *authority, + gpointer user_data) + { + GVariant *identity_value; ++ /* Note that in reality, this API is only accessible to root, and ++ * only called from the setuid helper `polkit-agent-helper-1`. ++ * ++ * However, because this is currently public API, we avoid ++ * triggering warnings from ABI diff type programs by just grabbing ++ * the real uid of the caller here. ++ */ ++ uid_t uid = getuid (); + + g_return_if_fail (POLKIT_IS_AUTHORITY (authority)); + g_return_if_fail (cookie != NULL); +@@ -1501,8 +1509,9 @@ polkit_authority_authentication_agent_response (PolkitAuthority *authority, + identity_value = polkit_identity_to_gvariant (identity); + g_variant_ref_sink (identity_value); + g_dbus_proxy_call (authority->proxy, +- "AuthenticationAgentResponse", +- g_variant_new ("(s@(sa{sv}))", ++ "AuthenticationAgentResponse2", ++ g_variant_new ("(us@(sa{sv}))", ++ (guint32)uid, + cookie, + identity_value), + G_DBUS_CALL_FLAGS_NONE, +diff --git a/src/polkitbackend/polkitbackendauthority.c b/src/polkitbackend/polkitbackendauthority.c +index fd4f161..d1b1a25 100644 +--- a/src/polkitbackend/polkitbackendauthority.c ++++ b/src/polkitbackend/polkitbackendauthority.c +@@ -355,6 +355,7 @@ polkit_backend_authority_unregister_authentication_agent (PolkitBackendAuthority + gboolean + polkit_backend_authority_authentication_agent_response (PolkitBackendAuthority *authority, + PolkitSubject *caller, ++ uid_t uid, + const gchar *cookie, + PolkitIdentity *identity, + GError **error) +@@ -373,7 +374,7 @@ polkit_backend_authority_authentication_agent_response (PolkitBackendAuthority + } + else + { +- return klass->authentication_agent_response (authority, caller, cookie, identity, error); ++ return klass->authentication_agent_response (authority, caller, uid, cookie, identity, error); + } + } + +@@ -587,6 +588,11 @@ static const gchar *server_introspection_data = + " " + " " + " " ++ " " ++ " " ++ " " ++ " " ++ " " + " " + " " + " " +@@ -1035,6 +1041,57 @@ server_handle_authentication_agent_response (Server *server, + error = NULL; + if (!polkit_backend_authority_authentication_agent_response (server->authority, + caller, ++ (uid_t)-1, ++ cookie, ++ identity, ++ &error)) ++ { ++ g_dbus_method_invocation_return_gerror (invocation, error); ++ g_error_free (error); ++ goto out; ++ } ++ ++ g_dbus_method_invocation_return_value (invocation, g_variant_new ("()")); ++ ++ out: ++ if (identity != NULL) ++ g_object_unref (identity); ++} ++ ++static void ++server_handle_authentication_agent_response2 (Server *server, ++ GVariant *parameters, ++ PolkitSubject *caller, ++ GDBusMethodInvocation *invocation) ++{ ++ const gchar *cookie; ++ GVariant *identity_gvariant; ++ PolkitIdentity *identity; ++ GError *error; ++ guint32 uid; ++ ++ identity = NULL; ++ ++ g_variant_get (parameters, ++ "(u&s@(sa{sv}))", ++ &uid, ++ &cookie, ++ &identity_gvariant); ++ ++ error = NULL; ++ identity = polkit_identity_new_for_gvariant (identity_gvariant, &error); ++ if (identity == NULL) ++ { ++ g_prefix_error (&error, "Error getting identity: "); ++ g_dbus_method_invocation_return_gerror (invocation, error); ++ g_error_free (error); ++ goto out; ++ } ++ ++ error = NULL; ++ if (!polkit_backend_authority_authentication_agent_response (server->authority, ++ caller, ++ (uid_t)uid, + cookie, + identity, + &error)) +@@ -1222,6 +1279,8 @@ server_handle_method_call (GDBusConnection *connection, + server_handle_unregister_authentication_agent (server, parameters, caller, invocation); + else if (g_strcmp0 (method_name, "AuthenticationAgentResponse") == 0) + server_handle_authentication_agent_response (server, parameters, caller, invocation); ++ else if (g_strcmp0 (method_name, "AuthenticationAgentResponse2") == 0) ++ server_handle_authentication_agent_response2 (server, parameters, caller, invocation); + else if (g_strcmp0 (method_name, "EnumerateTemporaryAuthorizations") == 0) + server_handle_enumerate_temporary_authorizations (server, parameters, caller, invocation); + else if (g_strcmp0 (method_name, "RevokeTemporaryAuthorizations") == 0) +diff --git a/src/polkitbackend/polkitbackendauthority.h b/src/polkitbackend/polkitbackendauthority.h +index a564054..1c212e0 100644 +--- a/src/polkitbackend/polkitbackendauthority.h ++++ b/src/polkitbackend/polkitbackendauthority.h +@@ -154,6 +154,7 @@ struct _PolkitBackendAuthorityClass + + gboolean (*authentication_agent_response) (PolkitBackendAuthority *authority, + PolkitSubject *caller, ++ uid_t uid, + const gchar *cookie, + PolkitIdentity *identity, + GError **error); +@@ -256,6 +257,7 @@ gboolean polkit_backend_authority_unregister_authentication_agent (PolkitBackend + + gboolean polkit_backend_authority_authentication_agent_response (PolkitBackendAuthority *authority, + PolkitSubject *caller, ++ uid_t uid, + const gchar *cookie, + PolkitIdentity *identity, + GError **error); +diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c +index 10eda2c..5e29af2 100644 +--- a/src/polkitbackend/polkitbackendinteractiveauthority.c ++++ b/src/polkitbackend/polkitbackendinteractiveauthority.c +@@ -106,8 +106,9 @@ static AuthenticationAgent *get_authentication_agent_for_subject (PolkitBackendI + PolkitSubject *subject); + + +-static AuthenticationSession *get_authentication_session_for_cookie (PolkitBackendInteractiveAuthority *authority, +- const gchar *cookie); ++static AuthenticationSession *get_authentication_session_for_uid_and_cookie (PolkitBackendInteractiveAuthority *authority, ++ uid_t uid, ++ const gchar *cookie); + + static GList *get_authentication_sessions_initiated_by_system_bus_unique_name (PolkitBackendInteractiveAuthority *authority, + const gchar *system_bus_unique_name); +@@ -167,6 +168,7 @@ static gboolean polkit_backend_interactive_authority_unregister_authentication_a + + static gboolean polkit_backend_interactive_authority_authentication_agent_response (PolkitBackendAuthority *authority, + PolkitSubject *caller, ++ uid_t uid, + const gchar *cookie, + PolkitIdentity *identity, + GError **error); +@@ -431,6 +433,7 @@ struct AuthenticationAgent + { + volatile gint ref_count; + ++ uid_t creator_uid; + PolkitSubject *scope; + guint64 serial; + +@@ -1603,6 +1606,7 @@ authentication_agent_unref (AuthenticationAgent *agent) + static AuthenticationAgent * + authentication_agent_new (guint64 serial, + PolkitSubject *scope, ++ PolkitIdentity *creator, + const gchar *unique_system_bus_name, + const gchar *locale, + const gchar *object_path, +@@ -1611,6 +1615,10 @@ authentication_agent_new (guint64 serial, + { + AuthenticationAgent *agent; + GDBusProxy *proxy; ++ PolkitUnixUser *creator_user; ++ ++ g_assert (POLKIT_IS_UNIX_USER (creator)); ++ creator_user = POLKIT_UNIX_USER (creator); + + if (!g_variant_is_object_path (object_path)) + { +@@ -1638,6 +1646,7 @@ authentication_agent_new (guint64 serial, + agent->ref_count = 1; + agent->serial = serial; + agent->scope = g_object_ref (scope); ++ agent->creator_uid = (uid_t)polkit_unix_user_get_uid (creator_user); + agent->object_path = g_strdup (object_path); + agent->unique_system_bus_name = g_strdup (unique_system_bus_name); + agent->locale = g_strdup (locale); +@@ -1736,8 +1745,9 @@ get_authentication_agent_for_subject (PolkitBackendInteractiveAuthority *authori + } + + static AuthenticationSession * +-get_authentication_session_for_cookie (PolkitBackendInteractiveAuthority *authority, +- const gchar *cookie) ++get_authentication_session_for_uid_and_cookie (PolkitBackendInteractiveAuthority *authority, ++ uid_t uid, ++ const gchar *cookie) + { + PolkitBackendInteractiveAuthorityPrivate *priv; + GHashTableIter hash_iter; +@@ -1755,6 +1765,23 @@ get_authentication_session_for_cookie (PolkitBackendInteractiveAuthority *author + { + GList *l; + ++ /* We need to ensure that if somehow we have duplicate cookies ++ * due to wrapping, that the cookie used is matched to the user ++ * who called AuthenticationAgentResponse2. See ++ * http://lists.freedesktop.org/archives/polkit-devel/2015-June/000425.html ++ * ++ * Except if the legacy AuthenticationAgentResponse is invoked, ++ * we don't know the uid and hence use -1. Continue to support ++ * the old behavior for backwards compatibility, although everyone ++ * who is using our own setuid helper will automatically be updated ++ * to the new API. ++ */ ++ if (uid != (uid_t)-1) ++ { ++ if (agent->creator_uid != uid) ++ continue; ++ } ++ + for (l = agent->active_sessions; l != NULL; l = l->next) + { + AuthenticationSession *session = l->data; +@@ -2388,6 +2415,7 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken + priv->agent_serial++; + agent = authentication_agent_new (priv->agent_serial, + subject, ++ user_of_caller, + polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (caller)), + locale, + object_path, +@@ -2601,6 +2629,7 @@ polkit_backend_interactive_authority_unregister_authentication_agent (PolkitBack + static gboolean + polkit_backend_interactive_authority_authentication_agent_response (PolkitBackendAuthority *authority, + PolkitSubject *caller, ++ uid_t uid, + const gchar *cookie, + PolkitIdentity *identity, + GError **error) +@@ -2643,7 +2672,7 @@ polkit_backend_interactive_authority_authentication_agent_response (PolkitBacken + } + + /* find the authentication session */ +- session = get_authentication_session_for_cookie (interactive_authority, cookie); ++ session = get_authentication_session_for_uid_and_cookie (interactive_authority, uid, cookie); + if (session == NULL) + { + g_set_error (error, diff --git a/patches/0.113/CVE-2015-4625-Use-unpredictable-cookie-values-keep-t.patch b/patches/0.113/CVE-2015-4625-Use-unpredictable-cookie-values-keep-t.patch new file mode 100644 index 00000000..f6a42489 --- /dev/null +++ b/patches/0.113/CVE-2015-4625-Use-unpredictable-cookie-values-keep-t.patch @@ -0,0 +1,540 @@ +From: Colin Walters +Date: Thu, 4 Jun 2015 12:15:18 -0400 +Subject: CVE-2015-4625: Use unpredictable cookie values, keep them secret +MIME-Version: 1.0 +Content-Type: text/plain; charset="utf-8" +Content-Transfer-Encoding: 8bit + +Tavis noted that it'd be possible with a 32 bit counter for someone to +cause the cookie to wrap by creating Authentication requests in a +loop. + +Something important to note here is that wrapping of signed integers +is undefined behavior in C, so we definitely want to fix that. All +counter integers used in this patch are unsigned. + +See the comment above `authentication_agent_generate_cookie` for +details, but basically we're now using a cookie of the form: + +``` + - - - +``` + +Which has multiple 64 bit counters, plus unpredictable random 128 bit +integer ids (effectively UUIDs, but we're not calling them that +because we don't need to be globally unique. + +We further ensure that the cookies are not visible to other processes +by changing the setuid helper to accept them over standard input. This +means that an attacker would have to guess both ids. + +In any case, the security hole here is better fixed with the other +change to bind user id (uid) of the agent with cookie lookups, making +cookie guessing worthless. + +Nevertheless, I think it's worth doing this change too, for defense in +depth. + +Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90832 +CVE: CVE-2015-4625 +Reported-by: Tavis Ormandy +Reviewed-by: Miloslav Trmač +Signed-off-by: Colin Walters +Origin: upstream, 0.113, commit:ea544ffc18405237ccd95d28d7f45afef49aca17 +Bug-Debian: https://bugs.debian.org/796134 +--- + configure.ac | 2 +- + src/polkitagent/polkitagenthelper-pam.c | 12 ++- + src/polkitagent/polkitagenthelper-shadow.c | 12 ++- + src/polkitagent/polkitagenthelperprivate.c | 33 ++++++++ + src/polkitagent/polkitagenthelperprivate.h | 2 + + src/polkitagent/polkitagentsession.c | 30 ++++--- + .../polkitbackendinteractiveauthority.c | 99 +++++++++++++++++----- + 7 files changed, 150 insertions(+), 40 deletions(-) + +diff --git a/configure.ac b/configure.ac +index aa2760f..388605d 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -123,7 +123,7 @@ if test "x$GCC" = "xyes"; then + changequote([,])dnl + fi + +-PKG_CHECK_MODULES(GLIB, [gio-2.0 >= 2.28.0]) ++PKG_CHECK_MODULES(GLIB, [gmodule-2.0 gio-unix-2.0 >= 2.30.0]) + AC_SUBST(GLIB_CFLAGS) + AC_SUBST(GLIB_LIBS) + +diff --git a/src/polkitagent/polkitagenthelper-pam.c b/src/polkitagent/polkitagenthelper-pam.c +index 937386e..19062aa 100644 +--- a/src/polkitagent/polkitagenthelper-pam.c ++++ b/src/polkitagent/polkitagenthelper-pam.c +@@ -65,7 +65,7 @@ main (int argc, char *argv[]) + { + int rc; + const char *user_to_auth; +- const char *cookie; ++ char *cookie = NULL; + struct pam_conv pam_conversation; + pam_handle_t *pam_h; + const void *authed_user; +@@ -97,7 +97,7 @@ main (int argc, char *argv[]) + openlog ("polkit-agent-helper-1", LOG_CONS | LOG_PID, LOG_AUTHPRIV); + + /* check for correct invocation */ +- if (argc != 3) ++ if (!(argc == 2 || argc == 3)) + { + syslog (LOG_NOTICE, "inappropriate use of helper, wrong number of arguments [uid=%d]", getuid ()); + fprintf (stderr, "polkit-agent-helper-1: wrong number of arguments. This incident has been logged.\n"); +@@ -105,7 +105,10 @@ main (int argc, char *argv[]) + } + + user_to_auth = argv[1]; +- cookie = argv[2]; ++ ++ cookie = read_cookie (argc, argv); ++ if (!cookie) ++ goto error; + + if (getuid () != 0) + { +@@ -203,6 +206,8 @@ main (int argc, char *argv[]) + goto error; + } + ++ free (cookie); ++ + #ifdef PAH_DEBUG + fprintf (stderr, "polkit-agent-helper-1: successfully sent D-Bus message to PolicyKit daemon\n"); + #endif /* PAH_DEBUG */ +@@ -212,6 +217,7 @@ main (int argc, char *argv[]) + return 0; + + error: ++ free (cookie); + if (pam_h != NULL) + pam_end (pam_h, rc); + +diff --git a/src/polkitagent/polkitagenthelper-shadow.c b/src/polkitagent/polkitagenthelper-shadow.c +index a4f73ac..e877915 100644 +--- a/src/polkitagent/polkitagenthelper-shadow.c ++++ b/src/polkitagent/polkitagenthelper-shadow.c +@@ -46,7 +46,7 @@ main (int argc, char *argv[]) + { + struct spwd *shadow; + const char *user_to_auth; +- const char *cookie; ++ char *cookie = NULL; + time_t now; + + /* clear the entire environment to avoid attacks with +@@ -67,7 +67,7 @@ main (int argc, char *argv[]) + openlog ("polkit-agent-helper-1", LOG_CONS | LOG_PID, LOG_AUTHPRIV); + + /* check for correct invocation */ +- if (argc != 3) ++ if (!(argc == 2 || argc == 3)) + { + syslog (LOG_NOTICE, "inappropriate use of helper, wrong number of arguments [uid=%d]", getuid ()); + fprintf (stderr, "polkit-agent-helper-1: wrong number of arguments. This incident has been logged.\n"); +@@ -86,7 +86,10 @@ main (int argc, char *argv[]) + } + + user_to_auth = argv[1]; +- cookie = argv[2]; ++ ++ cookie = read_cookie (argc, argv); ++ if (!cookie) ++ goto error; + + #ifdef PAH_DEBUG + fprintf (stderr, "polkit-agent-helper-1: user to auth is '%s'.\n", user_to_auth); +@@ -153,6 +156,8 @@ main (int argc, char *argv[]) + goto error; + } + ++ free (cookie); ++ + #ifdef PAH_DEBUG + fprintf (stderr, "polkit-agent-helper-1: successfully sent D-Bus message to PolicyKit daemon\n"); + #endif /* PAH_DEBUG */ +@@ -162,6 +167,7 @@ main (int argc, char *argv[]) + return 0; + + error: ++ free (cookie); + fprintf (stdout, "FAILURE\n"); + flush_and_wait (); + return 1; +diff --git a/src/polkitagent/polkitagenthelperprivate.c b/src/polkitagent/polkitagenthelperprivate.c +index 4417e70..a99de7d 100644 +--- a/src/polkitagent/polkitagenthelperprivate.c ++++ b/src/polkitagent/polkitagenthelperprivate.c +@@ -23,6 +23,7 @@ + #include "config.h" + #include "polkitagenthelperprivate.h" + #include ++#include + #include + #include + +@@ -45,6 +46,38 @@ _polkit_clearenv (void) + #endif + + ++char * ++read_cookie (int argc, char **argv) ++{ ++ /* As part of CVE-2015-4625, we started passing the cookie ++ * on standard input, to ensure it's not visible to other ++ * processes. However, to ensure that things continue ++ * to work if the setuid binary is upgraded while old ++ * agents are still running (this will be common with ++ * package managers), we support both modes. ++ */ ++ if (argc == 3) ++ return strdup (argv[2]); ++ else ++ { ++ char *ret = NULL; ++ size_t n = 0; ++ ssize_t r = getline (&ret, &n, stdin); ++ if (r == -1) ++ { ++ if (!feof (stdin)) ++ perror ("getline"); ++ free (ret); ++ return NULL; ++ } ++ else ++ { ++ g_strchomp (ret); ++ return ret; ++ } ++ } ++} ++ + gboolean + send_dbus_message (const char *cookie, const char *user) + { +diff --git a/src/polkitagent/polkitagenthelperprivate.h b/src/polkitagent/polkitagenthelperprivate.h +index aeca2c7..547fdcc 100644 +--- a/src/polkitagent/polkitagenthelperprivate.h ++++ b/src/polkitagent/polkitagenthelperprivate.h +@@ -38,6 +38,8 @@ + + int _polkit_clearenv (void); + ++char *read_cookie (int argc, char **argv); ++ + gboolean send_dbus_message (const char *cookie, const char *user); + + void flush_and_wait (); +diff --git a/src/polkitagent/polkitagentsession.c b/src/polkitagent/polkitagentsession.c +index a658a22..6a3d6bc 100644 +--- a/src/polkitagent/polkitagentsession.c ++++ b/src/polkitagent/polkitagentsession.c +@@ -55,6 +55,7 @@ + #include + #include + #include ++#include + #include + + #include "polkitagentmarshal.h" +@@ -88,7 +89,7 @@ struct _PolkitAgentSession + gchar *cookie; + PolkitIdentity *identity; + +- int child_stdin; ++ GOutputStream *child_stdin; + int child_stdout; + GPid child_pid; + +@@ -129,7 +130,6 @@ G_DEFINE_TYPE (PolkitAgentSession, polkit_agent_session, G_TYPE_OBJECT); + static void + polkit_agent_session_init (PolkitAgentSession *session) + { +- session->child_stdin = -1; + session->child_stdout = -1; + } + +@@ -395,11 +395,7 @@ kill_helper (PolkitAgentSession *session) + session->child_stdout = -1; + } + +- if (session->child_stdin != -1) +- { +- g_warn_if_fail (close (session->child_stdin) == 0); +- session->child_stdin = -1; +- } ++ g_clear_object (&session->child_stdin); + + session->helper_is_running = FALSE; + +@@ -545,9 +541,9 @@ polkit_agent_session_response (PolkitAgentSession *session, + + add_newline = (response[response_len] != '\n'); + +- write (session->child_stdin, response, response_len); ++ (void) g_output_stream_write_all (session->child_stdin, response, response_len, NULL, NULL, NULL); + if (add_newline) +- write (session->child_stdin, newline, 1); ++ (void) g_output_stream_write_all (session->child_stdin, newline, 1, NULL, NULL, NULL); + } + + /** +@@ -567,8 +563,9 @@ polkit_agent_session_initiate (PolkitAgentSession *session) + { + uid_t uid; + GError *error; +- gchar *helper_argv[4]; ++ gchar *helper_argv[3]; + struct passwd *passwd; ++ int stdin_fd = -1; + + g_return_if_fail (POLKIT_AGENT_IS_SESSION (session)); + +@@ -600,10 +597,8 @@ polkit_agent_session_initiate (PolkitAgentSession *session) + + helper_argv[0] = PACKAGE_LIBEXEC_DIR "/polkit-agent-helper-1"; + helper_argv[1] = passwd->pw_name; +- helper_argv[2] = session->cookie; +- helper_argv[3] = NULL; ++ helper_argv[2] = NULL; + +- session->child_stdin = -1; + session->child_stdout = -1; + + error = NULL; +@@ -615,7 +610,7 @@ polkit_agent_session_initiate (PolkitAgentSession *session) + NULL, + NULL, + &session->child_pid, +- &session->child_stdin, ++ &stdin_fd, + &session->child_stdout, + NULL, + &error)) +@@ -628,6 +623,13 @@ polkit_agent_session_initiate (PolkitAgentSession *session) + if (G_UNLIKELY (_show_debug ())) + g_print ("PolkitAgentSession: spawned helper with pid %d\n", (gint) session->child_pid); + ++ session->child_stdin = (GOutputStream*)g_unix_output_stream_new (stdin_fd, TRUE); ++ ++ /* Write the cookie on stdin so it can't be seen by other processes */ ++ (void) g_output_stream_write_all (session->child_stdin, session->cookie, strlen (session->cookie), ++ NULL, NULL, NULL); ++ (void) g_output_stream_write_all (session->child_stdin, "\n", 1, NULL, NULL, NULL); ++ + session->child_stdout_channel = g_io_channel_unix_new (session->child_stdout); + session->child_stdout_watch_source = g_io_create_watch (session->child_stdout_channel, + G_IO_IN | G_IO_ERR | G_IO_HUP); +diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c +index 00ee044..10eda2c 100644 +--- a/src/polkitbackend/polkitbackendinteractiveauthority.c ++++ b/src/polkitbackend/polkitbackendinteractiveauthority.c +@@ -212,6 +212,8 @@ typedef struct + + GDBusConnection *system_bus_connection; + guint name_owner_changed_signal_id; ++ ++ guint64 agent_serial; + } PolkitBackendInteractiveAuthorityPrivate; + + /* ---------------------------------------------------------------------------------------------------- */ +@@ -430,11 +432,15 @@ struct AuthenticationAgent + volatile gint ref_count; + + PolkitSubject *scope; ++ guint64 serial; + + gchar *locale; + GVariant *registration_options; + gchar *object_path; + gchar *unique_system_bus_name; ++ GRand *cookie_pool; ++ gchar *cookie_prefix; ++ guint64 cookie_serial; + + GDBusProxy *proxy; + +@@ -1430,9 +1436,54 @@ authentication_session_cancelled_cb (GCancellable *cancellable, + authentication_session_cancel (session); + } + ++/* We're not calling this a UUID, but it's basically ++ * the same thing, just not formatted that way because: ++ * ++ * - I'm too lazy to do it ++ * - If we did, people might think it was actually ++ * generated from /dev/random, which we're not doing ++ * because this value doesn't actually need to be ++ * globally unique. ++ */ ++static void ++append_rand_u128_str (GString *buf, ++ GRand *pool) ++{ ++ g_string_append_printf (buf, "%08x%08x%08x%08x", ++ g_rand_int (pool), ++ g_rand_int (pool), ++ g_rand_int (pool), ++ g_rand_int (pool)); ++} ++ ++/* A value that should be unique to the (AuthenticationAgent, AuthenticationSession) ++ * pair, and not guessable by other agents. ++ * ++ * - - - ++ * ++ * See http://lists.freedesktop.org/archives/polkit-devel/2015-June/000425.html ++ * ++ */ ++static gchar * ++authentication_agent_generate_cookie (AuthenticationAgent *agent) ++{ ++ GString *buf = g_string_new (""); ++ ++ g_string_append (buf, agent->cookie_prefix); ++ ++ g_string_append_c (buf, '-'); ++ agent->cookie_serial++; ++ g_string_append_printf (buf, "%" G_GUINT64_FORMAT, ++ agent->cookie_serial); ++ g_string_append_c (buf, '-'); ++ append_rand_u128_str (buf, agent->cookie_pool); ++ ++ return g_string_free (buf, FALSE); ++} ++ ++ + static AuthenticationSession * + authentication_session_new (AuthenticationAgent *agent, +- const gchar *cookie, + PolkitSubject *subject, + PolkitIdentity *user_of_subject, + PolkitSubject *caller, +@@ -1449,7 +1500,7 @@ authentication_session_new (AuthenticationAgent *agent, + + session = g_new0 (AuthenticationSession, 1); + session->agent = authentication_agent_ref (agent); +- session->cookie = g_strdup (cookie); ++ session->cookie = authentication_agent_generate_cookie (agent); + session->subject = g_object_ref (subject); + session->user_of_subject = g_object_ref (user_of_subject); + session->caller = g_object_ref (caller); +@@ -1496,16 +1547,6 @@ authentication_session_free (AuthenticationSession *session) + g_free (session); + } + +-static gchar * +-authentication_agent_new_cookie (AuthenticationAgent *agent) +-{ +- static gint counter = 0; +- +- /* TODO: use a more random-looking cookie */ +- +- return g_strdup_printf ("cookie%d", counter++); +-} +- + static PolkitSubject * + authentication_agent_get_scope (AuthenticationAgent *agent) + { +@@ -1553,12 +1594,15 @@ authentication_agent_unref (AuthenticationAgent *agent) + g_free (agent->unique_system_bus_name); + if (agent->registration_options != NULL) + g_variant_unref (agent->registration_options); ++ g_rand_free (agent->cookie_pool); ++ g_free (agent->cookie_prefix); + g_free (agent); + } + } + + static AuthenticationAgent * +-authentication_agent_new (PolkitSubject *scope, ++authentication_agent_new (guint64 serial, ++ PolkitSubject *scope, + const gchar *unique_system_bus_name, + const gchar *locale, + const gchar *object_path, +@@ -1592,6 +1636,7 @@ authentication_agent_new (PolkitSubject *scope, + + agent = g_new0 (AuthenticationAgent, 1); + agent->ref_count = 1; ++ agent->serial = serial; + agent->scope = g_object_ref (scope); + agent->object_path = g_strdup (object_path); + agent->unique_system_bus_name = g_strdup (unique_system_bus_name); +@@ -1599,6 +1644,25 @@ authentication_agent_new (PolkitSubject *scope, + agent->registration_options = registration_options != NULL ? g_variant_ref (registration_options) : NULL; + agent->proxy = proxy; + ++ { ++ GString *cookie_prefix = g_string_new (""); ++ GRand *agent_private_rand = g_rand_new (); ++ ++ g_string_append_printf (cookie_prefix, "%" G_GUINT64_FORMAT "-", agent->serial); ++ ++ /* Use a uniquely seeded PRNG to get a prefix cookie for this agent, ++ * whose sequence will not correlate with the per-authentication session ++ * cookies. ++ */ ++ append_rand_u128_str (cookie_prefix, agent_private_rand); ++ g_rand_free (agent_private_rand); ++ ++ agent->cookie_prefix = g_string_free (cookie_prefix, FALSE); ++ ++ /* And a newly seeded pool for per-session cookies */ ++ agent->cookie_pool = g_rand_new (); ++ } ++ + return agent; + } + +@@ -2083,7 +2147,6 @@ authentication_agent_initiate_challenge (AuthenticationAgent *agent, + gpointer user_data) + { + AuthenticationSession *session; +- gchar *cookie; + GList *l; + GList *identities; + gchar *localized_message; +@@ -2104,8 +2167,6 @@ authentication_agent_initiate_challenge (AuthenticationAgent *agent, + &localized_icon_name, + &localized_details); + +- cookie = authentication_agent_new_cookie (agent); +- + identities = NULL; + + /* select admin user if required by the implicit authorization */ +@@ -2125,7 +2186,6 @@ authentication_agent_initiate_challenge (AuthenticationAgent *agent, + } + + session = authentication_session_new (agent, +- cookie, + subject, + user_of_subject, + caller, +@@ -2179,7 +2239,6 @@ authentication_agent_initiate_challenge (AuthenticationAgent *agent, + + g_list_foreach (identities, (GFunc) g_object_unref, NULL); + g_list_free (identities); +- g_free (cookie); + + g_free (localized_message); + g_free (localized_icon_name); +@@ -2326,7 +2385,9 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken + goto out; + } + +- agent = authentication_agent_new (subject, ++ priv->agent_serial++; ++ agent = authentication_agent_new (priv->agent_serial, ++ subject, + polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (caller)), + locale, + object_path, diff --git a/patches/0.113/Don-t-discard-error-data-returned-by-polkit_system_b.patch b/patches/0.113/Don-t-discard-error-data-returned-by-polkit_system_b.patch new file mode 100644 index 00000000..0eb7ec16 --- /dev/null +++ b/patches/0.113/Don-t-discard-error-data-returned-by-polkit_system_b.patch @@ -0,0 +1,25 @@ +From: =?utf-8?q?Miloslav_Trma=C4=8D?= +Date: Mon, 11 Nov 2013 23:51:23 +0100 +Subject: Don't discard error data returned by + polkit_system_bus_name_get_user_sync + +Bug: https://bugs.freedesktop.org/show_bug.cgi?id=71458 +Origin: upstream, 0.113, commit: 145d43b9c891f248ad68ebe597cb151a865bdb3a +Bug-Debian: https://bugs.debian.org/798769 +--- + src/polkitbackend/polkitbackendsessionmonitor.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/polkitbackend/polkitbackendsessionmonitor.c b/src/polkitbackend/polkitbackendsessionmonitor.c +index 05f51c5..e1a9ab3 100644 +--- a/src/polkitbackend/polkitbackendsessionmonitor.c ++++ b/src/polkitbackend/polkitbackendsessionmonitor.c +@@ -306,7 +306,7 @@ polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor + } + else if (POLKIT_IS_SYSTEM_BUS_NAME (subject)) + { +- ret = (PolkitIdentity*)polkit_system_bus_name_get_user_sync (POLKIT_SYSTEM_BUS_NAME (subject), NULL, NULL); ++ ret = (PolkitIdentity*)polkit_system_bus_name_get_user_sync (POLKIT_SYSTEM_BUS_NAME (subject), NULL, error); + } + else if (POLKIT_IS_UNIX_SESSION (subject)) + { diff --git a/patches/0.113/Fix-a-crash-when-two-authentication-requests-are-in-.patch b/patches/0.113/Fix-a-crash-when-two-authentication-requests-are-in-.patch new file mode 100644 index 00000000..ee44531d --- /dev/null +++ b/patches/0.113/Fix-a-crash-when-two-authentication-requests-are-in-.patch @@ -0,0 +1,36 @@ +From: =?utf-8?q?Miloslav_Trma=C4=8D?= +Date: Sat, 6 Jun 2015 01:07:08 +0200 +Subject: Fix a crash when two authentication requests are in flight. + +To reproduce: +1. pkttyagent -p $$ # or another suitable PID +2. pkcheck -p $that_pid -a org.freedesktop.policykit.exec -u +3. pkcheck -p $that_pid -a org.freedesktop.policykit.exec -u +4. Then, in the pkttyagent prompt, press Enter. + +polkit_agent_text_listener_initiate_authentication was already setting +an appropriate error code, so the g_assert was unnecessary. + +Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90879 +Origin: upstream, 0.113, commit:e2d2fafd106624ddfea4b17d3f40704b2031c00b +--- + src/polkitagent/polkitagenttextlistener.c | 2 -- + 1 file changed, 2 deletions(-) + +diff --git a/src/polkitagent/polkitagenttextlistener.c b/src/polkitagent/polkitagenttextlistener.c +index b5c8a3f..e63c285 100644 +--- a/src/polkitagent/polkitagenttextlistener.c ++++ b/src/polkitagent/polkitagenttextlistener.c +@@ -546,12 +546,10 @@ polkit_agent_text_listener_initiate_authentication_finish (PolkitAgentListener + GAsyncResult *res, + GError **error) + { +- PolkitAgentTextListener *listener = POLKIT_AGENT_TEXT_LISTENER (_listener); + gboolean ret; + + g_warn_if_fail (g_simple_async_result_get_source_tag (G_SIMPLE_ASYNC_RESULT (res)) == + polkit_agent_text_listener_initiate_authentication); +- g_assert (listener->active_session == NULL); + + ret = FALSE; + diff --git a/patches/0.113/Fix-a-memory-leak-when-registering-an-authentication.patch b/patches/0.113/Fix-a-memory-leak-when-registering-an-authentication.patch new file mode 100644 index 00000000..b7fdcf46 --- /dev/null +++ b/patches/0.113/Fix-a-memory-leak-when-registering-an-authentication.patch @@ -0,0 +1,22 @@ +From: =?utf-8?q?Miloslav_Trma=C4=8D?= +Date: Tue, 1 Jul 2014 20:00:48 +0200 +Subject: Fix a memory leak when registering an authentication agent + +Bug: https://bugs.freedesktop.org/show_bug.cgi?id=69501 +Origin: upstream, 0.113, commit:ec039f9d7ede5b839f5511e26d5cd6ae9107cb2e +--- + src/polkitbackend/polkitbackendauthority.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/polkitbackend/polkitbackendauthority.c b/src/polkitbackend/polkitbackendauthority.c +index 39eb5b9..afe5b90 100644 +--- a/src/polkitbackend/polkitbackendauthority.c ++++ b/src/polkitbackend/polkitbackendauthority.c +@@ -900,6 +900,7 @@ server_handle_register_authentication_agent (Server *server, + g_dbus_method_invocation_return_value (invocation, g_variant_new ("()")); + + out: ++ g_variant_unref (subject_gvariant); + if (subject != NULL) + g_object_unref (subject); + } diff --git a/patches/0.113/Fix-a-per-authorization-memory-leak.patch b/patches/0.113/Fix-a-per-authorization-memory-leak.patch new file mode 100644 index 00000000..eaafed64 --- /dev/null +++ b/patches/0.113/Fix-a-per-authorization-memory-leak.patch @@ -0,0 +1,49 @@ +From: =?utf-8?q?Miloslav_Trma=C4=8D?= +Date: Tue, 1 Jul 2014 20:00:48 +0200 +Subject: Fix a per-authorization memory leak + +We were leaking PolkitAuthorizationResult on every request, primarily on +the success path, but also on various error paths as well. + +Bug: https://bugs.freedesktop.org/show_bug.cgi?id=69501 +Origin: upstream, 0.113, commit:0f5852a4bdabe377ddcdbed09a0c1f95710e17fe +--- + src/polkitbackend/polkitbackendauthority.c | 1 + + src/polkitbackend/polkitbackendinteractiveauthority.c | 5 ++++- + 2 files changed, 5 insertions(+), 1 deletion(-) + +diff --git a/src/polkitbackend/polkitbackendauthority.c b/src/polkitbackend/polkitbackendauthority.c +index 10b8af3..39eb5b9 100644 +--- a/src/polkitbackend/polkitbackendauthority.c ++++ b/src/polkitbackend/polkitbackendauthority.c +@@ -714,6 +714,7 @@ check_auth_cb (GObject *source_object, + g_variant_ref_sink (value); + g_dbus_method_invocation_return_value (data->invocation, g_variant_new ("(@(bba{ss}))", value)); + g_variant_unref (value); ++ g_object_unref (result); + } + + check_auth_data_free (data); +diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c +index 5e29af2..73d0a0e 100644 +--- a/src/polkitbackend/polkitbackendinteractiveauthority.c ++++ b/src/polkitbackend/polkitbackendinteractiveauthority.c +@@ -1015,7 +1015,7 @@ polkit_backend_interactive_authority_check_authorization (PolkitBackendAuthority + + /* Otherwise just return the result */ + g_simple_async_result_set_op_res_gpointer (simple, +- result, ++ g_object_ref (result), + g_object_unref); + g_simple_async_result_complete (simple); + g_object_unref (simple); +@@ -1032,6 +1032,9 @@ polkit_backend_interactive_authority_check_authorization (PolkitBackendAuthority + g_free (subject_str); + g_free (user_of_caller_str); + g_free (user_of_subject_str); ++ ++ if (result != NULL) ++ g_object_unref (result); + } + + /* ---------------------------------------------------------------------------------------------------- */ diff --git a/patches/0.113/Fix-a-possible-NULL-dereference.patch b/patches/0.113/Fix-a-possible-NULL-dereference.patch new file mode 100644 index 00000000..ba685eb9 --- /dev/null +++ b/patches/0.113/Fix-a-possible-NULL-dereference.patch @@ -0,0 +1,35 @@ +From: =?utf-8?q?Miloslav_Trma=C4=8D?= +Date: Wed, 11 Jun 2014 22:36:50 +0200 +Subject: Fix a possible NULL dereference. +MIME-Version: 1.0 +Content-Type: text/plain; charset="utf-8" +Content-Transfer-Encoding: 8bit + +polkit_backend_session_monitor_get_user_for_subject() may return NULL +(and because it is using external processes, we can’t really rule it +out). The code was already anticipating NULL in the cleanup section, so +handle it also when actually using the value. + +Bug: https://bugs.freedesktop.org/show_bug.cgi?id=80767 +Origin: upstream, 0.113, commit:6109543303def367b84eaac97d2ff9cefe735efb +--- + src/polkitbackend/polkitbackendinteractiveauthority.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c +index 25e13fb..00ee044 100644 +--- a/src/polkitbackend/polkitbackendinteractiveauthority.c ++++ b/src/polkitbackend/polkitbackendinteractiveauthority.c +@@ -557,7 +557,11 @@ log_result (PolkitBackendInteractiveAuthority *authority, + user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, subject, NULL); + + subject_str = polkit_subject_to_string (subject); +- user_of_subject_str = polkit_identity_to_string (user_of_subject); ++ ++ if (user_of_subject != NULL) ++ user_of_subject_str = polkit_identity_to_string (user_of_subject); ++ else ++ user_of_subject_str = g_strdup (""); + caller_str = polkit_subject_to_string (caller); + + subject_cmdline = _polkit_subject_get_cmdline (subject); diff --git a/patches/0.113/Fix-duplicate-GError-use-when-uid-is-missing.patch b/patches/0.113/Fix-duplicate-GError-use-when-uid-is-missing.patch new file mode 100644 index 00000000..f11cb3df --- /dev/null +++ b/patches/0.113/Fix-duplicate-GError-use-when-uid-is-missing.patch @@ -0,0 +1,32 @@ +From: =?utf-8?q?Miloslav_Trma=C4=8D?= +Date: Mon, 15 Sep 2014 19:45:15 +0200 +Subject: Fix duplicate GError use when "uid" is missing + +Some GLib versions complain loudly about this. + +To reproduce, call e.g. RegisterAuthenticationAgent with the following +parameters: +("unix-process", {"pid": __import__('gi.repository.GLib', globals(), +locals(), ['Variant']).Variant("u", 1), "start-time": +__import__('gi.repository.GLib', globals(), locals(), +['Variant']).Variant("t", 1)}), "cs", "/" + +Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90877 +Origin: upstream, 0.113, commit:2c8738941be18ef05ce724df46547f41dbc02fb5 +--- + src/polkit/polkitsubject.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/polkit/polkitsubject.c b/src/polkit/polkitsubject.c +index aed5795..78ec745 100644 +--- a/src/polkit/polkitsubject.c ++++ b/src/polkit/polkitsubject.c +@@ -424,7 +424,7 @@ polkit_subject_new_for_gvariant (GVariant *variant, + start_time = g_variant_get_uint64 (v); + g_variant_unref (v); + +- v = lookup_asv (details_gvariant, "uid", G_VARIANT_TYPE_INT32, error); ++ v = lookup_asv (details_gvariant, "uid", G_VARIANT_TYPE_INT32, NULL); + if (v != NULL) + { + uid = g_variant_get_int32 (v); diff --git a/patches/0.113/Fix-use-after-free-in-polkitagentsession.c.patch b/patches/0.113/Fix-use-after-free-in-polkitagentsession.c.patch new file mode 100644 index 00000000..6f7bd356 --- /dev/null +++ b/patches/0.113/Fix-use-after-free-in-polkitagentsession.c.patch @@ -0,0 +1,32 @@ +From: =?utf-8?q?Miloslav_Trma=C4=8D?= +Date: Tue, 14 Apr 2015 22:27:41 +0200 +Subject: Fix use-after-free in polkitagentsession.c + +PolkitAgentTextListener's "completed" handler drops the last reference +to the session; in fact this is explicitly recommended in the signal's +documentation. So we must not access any members of session after +emitting the signal. + +Found while dealing with +https://bugs.freedesktop.org/show_bug.cgi?id=69501 + +Origin: upstream, 0.113, commit:efb6cd56a423ba15bb1f44ee3c4987aad5a5fd45 +--- + src/polkitagent/polkitagentsession.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/polkitagent/polkitagentsession.c b/src/polkitagent/polkitagentsession.c +index 6a3d6bc..46fbaf0 100644 +--- a/src/polkitagent/polkitagentsession.c ++++ b/src/polkitagent/polkitagentsession.c +@@ -412,8 +412,9 @@ complete_session (PolkitAgentSession *session, + { + if (G_UNLIKELY (_show_debug ())) + g_print ("PolkitAgentSession: emitting ::completed(%s)\n", result ? "TRUE" : "FALSE"); +- g_signal_emit_by_name (session, "completed", result); + session->have_emitted_completed = TRUE; ++ /* Note that the signal handler may drop the last reference to session. */ ++ g_signal_emit_by_name (session, "completed", result); + } + } + diff --git a/patches/0.113/Fixed-compilation-problem-in-the-backend.patch b/patches/0.113/Fixed-compilation-problem-in-the-backend.patch new file mode 100644 index 00000000..ccbbcb74 --- /dev/null +++ b/patches/0.113/Fixed-compilation-problem-in-the-backend.patch @@ -0,0 +1,23 @@ +From: Xabier Rodriguez Calvar +Date: Sun, 10 Nov 2013 19:16:41 +0100 +Subject: Fixed compilation problem in the backend + +Origin: upstream, 0.113, commit: dbbb7dc60abdd970af0a8fae404484181fa909c9 +Bug-Debian: https://bugs.debian.org/798769 +--- + src/polkitbackend/polkitbackendsessionmonitor.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/polkitbackend/polkitbackendsessionmonitor.c b/src/polkitbackend/polkitbackendsessionmonitor.c +index 4075d3f..05f51c5 100644 +--- a/src/polkitbackend/polkitbackendsessionmonitor.c ++++ b/src/polkitbackend/polkitbackendsessionmonitor.c +@@ -306,7 +306,7 @@ polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor + } + else if (POLKIT_IS_SYSTEM_BUS_NAME (subject)) + { +- ret = (PolkitIdentity*)polkit_system_bus_name_get_user_sync (POLKIT_SYSTEM_BUS_NAME (subject)); ++ ret = (PolkitIdentity*)polkit_system_bus_name_get_user_sync (POLKIT_SYSTEM_BUS_NAME (subject), NULL, NULL); + } + else if (POLKIT_IS_UNIX_SESSION (subject)) + { diff --git a/patches/0.113/PolkitSystemBusName-Add-public-API-to-retrieve-Unix-.patch b/patches/0.113/PolkitSystemBusName-Add-public-API-to-retrieve-Unix-.patch new file mode 100644 index 00000000..a162aef3 --- /dev/null +++ b/patches/0.113/PolkitSystemBusName-Add-public-API-to-retrieve-Unix-.patch @@ -0,0 +1,166 @@ +From: Colin Walters +Date: Wed, 21 Aug 2013 12:23:55 -0400 +Subject: PolkitSystemBusName: Add public API to retrieve Unix user + +And change the duplicated code in the backend session monitors to use +it. This just a code cleanup resulting from review after +CVE-2013-4288. There's no security impact from this patch, it just +removes duplicated code. + +Bug: https://bugs.freedesktop.org/show_bug.cgi?id=69538 +Origin: upstream, 0.113, commit:904d8404d93dec45fce3b719eb1a626acc6b8a73 +--- + src/polkit/polkitsystembusname.c | 56 ++++++++++++++++++++++ + src/polkit/polkitsystembusname.h | 4 ++ + .../polkitbackendsessionmonitor-systemd.c | 20 +------- + src/polkitbackend/polkitbackendsessionmonitor.c | 20 +------- + 4 files changed, 62 insertions(+), 38 deletions(-) + +diff --git a/src/polkit/polkitsystembusname.c b/src/polkit/polkitsystembusname.c +index 2a297c4..51e4a69 100644 +--- a/src/polkit/polkitsystembusname.c ++++ b/src/polkit/polkitsystembusname.c +@@ -25,6 +25,7 @@ + + #include + #include "polkitsystembusname.h" ++#include "polkitunixuser.h" + #include "polkitsubject.h" + #include "polkitprivate.h" + +@@ -396,3 +397,58 @@ polkit_system_bus_name_get_process_sync (PolkitSystemBusName *system_bus_name, + return ret; + } + ++/** ++ * polkit_system_bus_name_get_user_sync: ++ * @system_bus_name: A #PolkitSystemBusName. ++ * @cancellable: (allow-none): A #GCancellable or %NULL. ++ * @error: (allow-none): Return location for error or %NULL. ++ * ++ * Synchronously gets a #PolkitUnixUser object for @system_bus_name; ++ * the calling thread is blocked until a reply is received. ++ * ++ * Returns: (allow-none) (transfer full): A #PolkitUnixUser object or %NULL if @error is set. ++ **/ ++PolkitUnixUser * ++polkit_system_bus_name_get_user_sync (PolkitSystemBusName *system_bus_name, ++ GCancellable *cancellable, ++ GError **error) ++{ ++ GDBusConnection *connection; ++ PolkitUnixUser *ret; ++ GVariant *result; ++ guint32 uid; ++ ++ g_return_val_if_fail (POLKIT_IS_SYSTEM_BUS_NAME (system_bus_name), NULL); ++ g_return_val_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable), NULL); ++ g_return_val_if_fail (error == NULL || *error == NULL, NULL); ++ ++ ret = NULL; ++ ++ connection = g_bus_get_sync (G_BUS_TYPE_SYSTEM, cancellable, error); ++ if (connection == NULL) ++ goto out; ++ ++ result = g_dbus_connection_call_sync (connection, ++ "org.freedesktop.DBus", /* name */ ++ "/org/freedesktop/DBus", /* object path */ ++ "org.freedesktop.DBus", /* interface name */ ++ "GetConnectionUnixUser", /* method */ ++ g_variant_new ("(s)", system_bus_name->name), ++ G_VARIANT_TYPE ("(u)"), ++ G_DBUS_CALL_FLAGS_NONE, ++ -1, ++ cancellable, ++ error); ++ if (result == NULL) ++ goto out; ++ ++ g_variant_get (result, "(u)", &uid); ++ g_variant_unref (result); ++ ++ ret = (PolkitUnixUser*)polkit_unix_user_new (uid); ++ ++ out: ++ if (connection != NULL) ++ g_object_unref (connection); ++ return ret; ++} +diff --git a/src/polkit/polkitsystembusname.h b/src/polkit/polkitsystembusname.h +index 1fc464f..38d31f7 100644 +--- a/src/polkit/polkitsystembusname.h ++++ b/src/polkit/polkitsystembusname.h +@@ -56,6 +56,10 @@ PolkitSubject *polkit_system_bus_name_get_process_sync (PolkitSystemBusName + GCancellable *cancellable, + GError **error); + ++PolkitUnixUser * polkit_system_bus_name_get_user_sync (PolkitSystemBusName *system_bus_name, ++ GCancellable *cancellable, ++ GError **error); ++ + G_END_DECLS + + #endif /* __POLKIT_SYSTEM_BUS_NAME_H */ +diff --git a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c +index 58593c3..0185310 100644 +--- a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c ++++ b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c +@@ -277,25 +277,7 @@ polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor + } + else if (POLKIT_IS_SYSTEM_BUS_NAME (subject)) + { +- GVariant *result; +- +- result = g_dbus_connection_call_sync (monitor->system_bus, +- "org.freedesktop.DBus", +- "/org/freedesktop/DBus", +- "org.freedesktop.DBus", +- "GetConnectionUnixUser", +- g_variant_new ("(s)", polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (subject))), +- G_VARIANT_TYPE ("(u)"), +- G_DBUS_CALL_FLAGS_NONE, +- -1, /* timeout_msec */ +- NULL, /* GCancellable */ +- error); +- if (result == NULL) +- goto out; +- g_variant_get (result, "(u)", &uid); +- g_variant_unref (result); +- +- ret = polkit_unix_user_new (uid); ++ ret = (PolkitIdentity*)polkit_system_bus_name_get_user_sync (POLKIT_SYSTEM_BUS_NAME (subject), NULL, error); + } + else if (POLKIT_IS_UNIX_SESSION (subject)) + { +diff --git a/src/polkitbackend/polkitbackendsessionmonitor.c b/src/polkitbackend/polkitbackendsessionmonitor.c +index 9c331b6..4075d3f 100644 +--- a/src/polkitbackend/polkitbackendsessionmonitor.c ++++ b/src/polkitbackend/polkitbackendsessionmonitor.c +@@ -306,25 +306,7 @@ polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor + } + else if (POLKIT_IS_SYSTEM_BUS_NAME (subject)) + { +- GVariant *result; +- +- result = g_dbus_connection_call_sync (monitor->system_bus, +- "org.freedesktop.DBus", +- "/org/freedesktop/DBus", +- "org.freedesktop.DBus", +- "GetConnectionUnixUser", +- g_variant_new ("(s)", polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (subject))), +- G_VARIANT_TYPE ("(u)"), +- G_DBUS_CALL_FLAGS_NONE, +- -1, /* timeout_msec */ +- NULL, /* GCancellable */ +- error); +- if (result == NULL) +- goto out; +- g_variant_get (result, "(u)", &uid); +- g_variant_unref (result); +- +- ret = polkit_unix_user_new (uid); ++ ret = (PolkitIdentity*)polkit_system_bus_name_get_user_sync (POLKIT_SYSTEM_BUS_NAME (subject)); + } + else if (POLKIT_IS_UNIX_SESSION (subject)) + { diff --git a/patches/0.113/PolkitSystemBusName-Retrieve-both-pid-and-uid.patch b/patches/0.113/PolkitSystemBusName-Retrieve-both-pid-and-uid.patch new file mode 100644 index 00000000..cef66cd1 --- /dev/null +++ b/patches/0.113/PolkitSystemBusName-Retrieve-both-pid-and-uid.patch @@ -0,0 +1,235 @@ +From: Colin Walters +Date: Sat, 9 Nov 2013 09:32:52 -0500 +Subject: PolkitSystemBusName: Retrieve both pid and uid + +For polkit_system_bus_name_get_process_sync(), as pointed out by +Miloslav Trmac, we can securely retrieve the owner uid as well from +the system bus, rather than (racily) looking it up internally. + +This avoids use of a deprecated API. + +However, this is not a security fix because nothing in the polkit +codebase itself actually retrieves the uid from the result of this API +call. But, it might be useful in the future. + +Origin: upstream, 0.113, commit:bfa5036bfb93582c5a87c44b847957479d911e38 +--- + src/polkit/polkitsystembusname.c | 171 +++++++++++++++++++++++++++------------ + 1 file changed, 118 insertions(+), 53 deletions(-) + +diff --git a/src/polkit/polkitsystembusname.c b/src/polkit/polkitsystembusname.c +index 51e4a69..8daa12c 100644 +--- a/src/polkit/polkitsystembusname.c ++++ b/src/polkit/polkitsystembusname.c +@@ -341,6 +341,116 @@ subject_iface_init (PolkitSubjectIface *subject_iface) + + /* ---------------------------------------------------------------------------------------------------- */ + ++typedef struct { ++ GError **error; ++ guint retrieved_uid : 1; ++ guint retrieved_pid : 1; ++ guint caught_error : 1; ++ ++ guint32 uid; ++ guint32 pid; ++} AsyncGetBusNameCredsData; ++ ++static void ++on_retrieved_unix_uid_pid (GObject *src, ++ GAsyncResult *res, ++ gpointer user_data) ++{ ++ AsyncGetBusNameCredsData *data = user_data; ++ GVariant *v; ++ ++ v = g_dbus_connection_call_finish ((GDBusConnection*)src, res, ++ data->caught_error ? NULL : data->error); ++ if (!v) ++ { ++ data->caught_error = TRUE; ++ } ++ else ++ { ++ guint32 value; ++ g_variant_get (v, "(u)", &value); ++ g_variant_unref (v); ++ if (!data->retrieved_uid) ++ { ++ data->retrieved_uid = TRUE; ++ data->uid = value; ++ } ++ else ++ { ++ g_assert (!data->retrieved_pid); ++ data->retrieved_pid = TRUE; ++ data->pid = value; ++ } ++ } ++} ++ ++static gboolean ++polkit_system_bus_name_get_creds_sync (PolkitSystemBusName *system_bus_name, ++ guint32 *out_uid, ++ guint32 *out_pid, ++ GCancellable *cancellable, ++ GError **error) ++{ ++ gboolean ret = FALSE; ++ AsyncGetBusNameCredsData data = { 0, }; ++ GDBusConnection *connection = NULL; ++ GMainContext *tmp_context = NULL; ++ ++ connection = g_bus_get_sync (G_BUS_TYPE_SYSTEM, cancellable, error); ++ if (connection == NULL) ++ goto out; ++ ++ data.error = error; ++ ++ tmp_context = g_main_context_new (); ++ g_main_context_push_thread_default (tmp_context); ++ ++ /* Do two async calls as it's basically as fast as one sync call. ++ */ ++ g_dbus_connection_call (connection, ++ "org.freedesktop.DBus", /* name */ ++ "/org/freedesktop/DBus", /* object path */ ++ "org.freedesktop.DBus", /* interface name */ ++ "GetConnectionUnixUser", /* method */ ++ g_variant_new ("(s)", system_bus_name->name), ++ G_VARIANT_TYPE ("(u)"), ++ G_DBUS_CALL_FLAGS_NONE, ++ -1, ++ cancellable, ++ on_retrieved_unix_uid_pid, ++ &data); ++ g_dbus_connection_call (connection, ++ "org.freedesktop.DBus", /* name */ ++ "/org/freedesktop/DBus", /* object path */ ++ "org.freedesktop.DBus", /* interface name */ ++ "GetConnectionUnixProcessID", /* method */ ++ g_variant_new ("(s)", system_bus_name->name), ++ G_VARIANT_TYPE ("(u)"), ++ G_DBUS_CALL_FLAGS_NONE, ++ -1, ++ cancellable, ++ on_retrieved_unix_uid_pid, ++ &data); ++ ++ while (!((data.retrieved_uid && data.retrieved_pid) || data.caught_error)) ++ g_main_context_iteration (tmp_context, TRUE); ++ ++ if (out_uid) ++ *out_uid = data.uid; ++ if (out_pid) ++ *out_pid = data.pid; ++ ret = TRUE; ++ out: ++ if (tmp_context) ++ { ++ g_main_context_pop_thread_default (tmp_context); ++ g_main_context_unref (tmp_context); ++ } ++ if (connection != NULL) ++ g_object_unref (connection); ++ return ret; ++} ++ + /** + * polkit_system_bus_name_get_process_sync: + * @system_bus_name: A #PolkitSystemBusName. +@@ -357,43 +467,21 @@ polkit_system_bus_name_get_process_sync (PolkitSystemBusName *system_bus_name, + GCancellable *cancellable, + GError **error) + { +- GDBusConnection *connection; +- PolkitSubject *ret; +- GVariant *result; ++ PolkitSubject *ret = NULL; + guint32 pid; ++ guint32 uid; + + g_return_val_if_fail (POLKIT_IS_SYSTEM_BUS_NAME (system_bus_name), NULL); + g_return_val_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable), NULL); + g_return_val_if_fail (error == NULL || *error == NULL, NULL); + +- ret = NULL; +- +- connection = g_bus_get_sync (G_BUS_TYPE_SYSTEM, cancellable, error); +- if (connection == NULL) ++ if (!polkit_system_bus_name_get_creds_sync (system_bus_name, &uid, &pid, ++ cancellable, error)) + goto out; + +- result = g_dbus_connection_call_sync (connection, +- "org.freedesktop.DBus", /* name */ +- "/org/freedesktop/DBus", /* object path */ +- "org.freedesktop.DBus", /* interface name */ +- "GetConnectionUnixProcessID", /* method */ +- g_variant_new ("(s)", system_bus_name->name), +- G_VARIANT_TYPE ("(u)"), +- G_DBUS_CALL_FLAGS_NONE, +- -1, +- cancellable, +- error); +- if (result == NULL) +- goto out; +- +- g_variant_get (result, "(u)", &pid); +- g_variant_unref (result); +- +- ret = polkit_unix_process_new (pid); ++ ret = polkit_unix_process_new_for_owner (pid, 0, uid); + + out: +- if (connection != NULL) +- g_object_unref (connection); + return ret; + } + +@@ -413,42 +501,19 @@ polkit_system_bus_name_get_user_sync (PolkitSystemBusName *system_bus_name, + GCancellable *cancellable, + GError **error) + { +- GDBusConnection *connection; +- PolkitUnixUser *ret; +- GVariant *result; ++ PolkitUnixUser *ret = NULL; + guint32 uid; + + g_return_val_if_fail (POLKIT_IS_SYSTEM_BUS_NAME (system_bus_name), NULL); + g_return_val_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable), NULL); + g_return_val_if_fail (error == NULL || *error == NULL, NULL); + +- ret = NULL; +- +- connection = g_bus_get_sync (G_BUS_TYPE_SYSTEM, cancellable, error); +- if (connection == NULL) +- goto out; +- +- result = g_dbus_connection_call_sync (connection, +- "org.freedesktop.DBus", /* name */ +- "/org/freedesktop/DBus", /* object path */ +- "org.freedesktop.DBus", /* interface name */ +- "GetConnectionUnixUser", /* method */ +- g_variant_new ("(s)", system_bus_name->name), +- G_VARIANT_TYPE ("(u)"), +- G_DBUS_CALL_FLAGS_NONE, +- -1, +- cancellable, +- error); +- if (result == NULL) ++ if (!polkit_system_bus_name_get_creds_sync (system_bus_name, &uid, NULL, ++ cancellable, error)) + goto out; + +- g_variant_get (result, "(u)", &uid); +- g_variant_unref (result); +- + ret = (PolkitUnixUser*)polkit_unix_user_new (uid); + + out: +- if (connection != NULL) +- g_object_unref (connection); + return ret; + } diff --git a/patches/0.113/Port-internals-non-deprecated-PolkitProcess-API-wher.patch b/patches/0.113/Port-internals-non-deprecated-PolkitProcess-API-wher.patch new file mode 100644 index 00000000..24d6a37d --- /dev/null +++ b/patches/0.113/Port-internals-non-deprecated-PolkitProcess-API-wher.patch @@ -0,0 +1,29 @@ +From: Colin Walters +Date: Sat, 9 Nov 2013 13:48:21 -0500 +Subject: Port internals non-deprecated PolkitProcess API where possible + +We can't port everything, but in PolkitPermission and these test +cases, we can use _for_owner() with the right information. + +[smcv: drop the part that touches +test/polkitbackend/test-polkitbackendjsauthority.c which is not +in this branch] + +Origin: upstream, 0.113, commit:6d3d0a8ffb0fd8ae59eb35593b305ec87da8858d +--- + src/polkit/polkitpermission.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/polkit/polkitpermission.c b/src/polkit/polkitpermission.c +index be794cb..f264094 100644 +--- a/src/polkit/polkitpermission.c ++++ b/src/polkit/polkitpermission.c +@@ -122,7 +122,7 @@ polkit_permission_constructed (GObject *object) + PolkitPermission *permission = POLKIT_PERMISSION (object); + + if (permission->subject == NULL) +- permission->subject = polkit_unix_process_new (getpid ()); ++ permission->subject = polkit_unix_process_new_for_owner (getpid (), 0, getuid ()); + + if (G_OBJECT_CLASS (polkit_permission_parent_class)->constructed != NULL) + G_OBJECT_CLASS (polkit_permission_parent_class)->constructed (object); diff --git a/patches/0.113/README-Note-to-send-security-reports-via-DBus-s-mech.patch b/patches/0.113/README-Note-to-send-security-reports-via-DBus-s-mech.patch new file mode 100644 index 00000000..94846996 --- /dev/null +++ b/patches/0.113/README-Note-to-send-security-reports-via-DBus-s-mech.patch @@ -0,0 +1,39 @@ +From: Colin Walters +Date: Thu, 4 Jun 2015 08:41:36 -0400 +Subject: README: Note to send security reports via DBus's mechanism + +This avoids duplicating effort. + +Origin: upstream, 0.113, commit:ccec766c509d16dab417582e94f43d906cefd4ae +--- + README | 18 +++++++++++++++++- + 1 file changed, 17 insertions(+), 1 deletion(-) + +diff --git a/README b/README +index b075162..0723002 100644 +--- a/README ++++ b/README +@@ -22,6 +22,22 @@ To verify the authenticity of the compressed tarball, use this command + BUGS and DEVELOPMENT + ==================== + +-Please report bugs via the freedesktop.org bugzilla at ++Please report non-security bugs via the freedesktop.org bugzilla at + + https://bugs.freedesktop.org/enter_bug.cgi?product=PolicyKit ++ ++SECURITY ISSUES ++=============== ++ ++polkit uses the same mechanism for reporting security issues as dbus, ++the most recent copy of instructions can be found in the DBus git ++repository: ++ ++http://cgit.freedesktop.org/dbus/dbus/tree/HACKING ++ ++A copy of the instructions as of 2015-06-04: ++ ++If you find a security vulnerability that is not known to the public, ++please report it privately to dbus-security@lists.freedesktop.org ++or by reporting a freedesktop.org bug that is marked as ++restricted to the "D-BUS security group". diff --git a/patches/0.113/Refuse-duplicate-user-arguments-to-pkexec.patch b/patches/0.113/Refuse-duplicate-user-arguments-to-pkexec.patch new file mode 100644 index 00000000..18635e58 --- /dev/null +++ b/patches/0.113/Refuse-duplicate-user-arguments-to-pkexec.patch @@ -0,0 +1,38 @@ +From: =?utf-8?q?Miloslav_Trma=C4=8D?= +Date: Tue, 26 Aug 2014 17:59:47 +0200 +Subject: Refuse duplicate --user arguments to pkexec + +This usage is clearly erroneous, so we should tell the users they are +making a mistake. + +Besides, this allows an attacker to cause a high number of heap +allocations with attacker-controlled sizes ( +http://googleprojectzero.blogspot.cz/2014/08/the-poisoned-nul-byte-2014-edition.html +), making some exploits easier. + +(To be clear, this is not a pkexec vulnerability, and we will not +refuse attacker-affected malloc() usage as a matter of policy; but this +commit is both user-friendly and adding some hardening.) + +Bug: https://bugs.freedesktop.org/show_bug.cgi?id=83093 +Origin: upstream, 0.113, commit:6c992bc8aefa195a41eaa41c07f46f17de18e25c +--- + src/programs/pkexec.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c +index 5e99044..abc660d 100644 +--- a/src/programs/pkexec.c ++++ b/src/programs/pkexec.c +@@ -533,6 +533,11 @@ main (int argc, char *argv[]) + goto out; + } + ++ if (opt_user != NULL) ++ { ++ g_printerr ("--user specified twice\n"); ++ goto out; ++ } + opt_user = g_strdup (argv[n]); + } + else if (strcmp (argv[n], "--disable-internal-agent") == 0) diff --git a/patches/0.113/Remove-a-redundant-assignment.patch b/patches/0.113/Remove-a-redundant-assignment.patch new file mode 100644 index 00000000..792ca7f2 --- /dev/null +++ b/patches/0.113/Remove-a-redundant-assignment.patch @@ -0,0 +1,26 @@ +From: =?utf-8?q?Miloslav_Trma=C4=8D?= +Date: Wed, 11 Jun 2014 22:44:28 +0200 +Subject: Remove a redundant assignment. + +Instead of a nonsensical (data = data), use the more customary +((void)data) to silence the warning about an unused parameter. + +Bug: https://bugs.freedesktop.org/show_bug.cgi?id=80767 +Origin: upstream, 0.113, commit:37143eb06cb0c4dffca67079dd1c10c5b191b6a7 +--- + src/polkitagent/polkitagenthelper-pam.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/polkitagent/polkitagenthelper-pam.c b/src/polkitagent/polkitagenthelper-pam.c +index 292abbe..937386e 100644 +--- a/src/polkitagent/polkitagenthelper-pam.c ++++ b/src/polkitagent/polkitagenthelper-pam.c +@@ -230,7 +230,7 @@ conversation_function (int n, const struct pam_message **msg, struct pam_respons + gchar *tmp = NULL; + size_t len; + +- data = data; ++ (void)data; + if (n <= 0 || n > PAM_MAX_NUM_MSG) + return PAM_CONV_ERR; + diff --git a/patches/0.113/docs-Update-for-changes-to-uid-binding-Authenticatio.patch b/patches/0.113/docs-Update-for-changes-to-uid-binding-Authenticatio.patch new file mode 100644 index 00000000..54e19bcf --- /dev/null +++ b/patches/0.113/docs-Update-for-changes-to-uid-binding-Authenticatio.patch @@ -0,0 +1,259 @@ +From: =?utf-8?q?Miloslav_Trma=C4=8D?= +Date: Wed, 17 Jun 2015 01:01:27 +0200 +Subject: docs: Update for changes to uid binding/AuthenticationAgentResponse2 + + - Refer to PolkitAgentSession in general instead of to _response only + - Revert to the original description of authentication cancellation, the + agent really needs to return an error to the caller (in addition to dealing + with the session if any). + - Explicitly document the UID assumption; in the process fixing bug #69980. + - Keep documenting that we need a sufficiently privileged caller. + - Refer to the ...Response2 API in more places. + - Also update docbook documentation. + - Drop a paragraph suggesting non-PolkitAgentSession implementations are + expected and commonplace. + +Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90837 +Reviewed-by: Colin Walters +Origin: upstream, 0.113, commit:fb5076b7c05d01a532d593a4079a29cf2d63a228 +Bug-Debian: https://bugs.debian.org/796134 +--- + ....freedesktop.PolicyKit1.AuthenticationAgent.xml | 6 +++--- + data/org.freedesktop.PolicyKit1.Authority.xml | 11 ++++++---- + ....freedesktop.PolicyKit1.AuthenticationAgent.xml | 7 +++++-- + ...erface-org.freedesktop.PolicyKit1.Authority.xml | 12 +++++++---- + docs/polkit/overview.xml | 8 ++++---- + src/polkit/polkitauthority.c | 24 ++++++++++++++++++++-- + src/polkitagent/polkitagentlistener.c | 5 +---- + src/polkitbackend/polkitbackendauthority.c | 1 + + 8 files changed, 51 insertions(+), 23 deletions(-) + +diff --git a/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml b/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml +index 5beef7d..482332f 100644 +--- a/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml ++++ b/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml +@@ -13,14 +13,14 @@ + user to authenticate as one of the identities in @identities for + the action with the identifier @action_id.This + authentication is normally achieved via the +- polkit_agent_session_response() API, which invokes a private ++ PolkitAgentSession API, which invokes a private + setuid helper process to verify the authentication. When + successful, it calls the + org.freedesktop.PolicyKit1.Authority.AuthenticationAgentResponse2() + method on the #org.freedesktop.PolicyKit1.Authority interface of + the PolicyKit daemon before returning. If the user dismisses the +- authentication dialog, the authentication agent should call +- polkit_agent_session_cancel()."/> ++ authentication dialog, the authentication agent should return an ++ error."/> + + + +diff --git a/data/org.freedesktop.PolicyKit1.Authority.xml b/data/org.freedesktop.PolicyKit1.Authority.xml +index f9021ee..88da3c0 100644 +--- a/data/org.freedesktop.PolicyKit1.Authority.xml ++++ b/data/org.freedesktop.PolicyKit1.Authority.xml +@@ -283,7 +283,7 @@ + + + +- ++ + + + +@@ -315,7 +315,8 @@ + + ++internal to polkit. This method will fail unless a sufficiently privileged ++caller invokes it. Deprecated in favor of org.freedesktop.PolicyKit1.Authority.AuthenticationAgentResponse2."/> + + + +@@ -330,11 +331,13 @@ internal to polkit."/> + + + + +- ++ + + + +diff --git a/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.AuthenticationAgent.xml b/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.AuthenticationAgent.xml +index ec59626..ab27b2f 100644 +--- a/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.AuthenticationAgent.xml ++++ b/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.AuthenticationAgent.xml +@@ -47,10 +47,13 @@ BeginAuthentication (IN String action_id, + identifier action_id.Upon + succesful authentication, the authentication agent must invoke + the AuthenticationAgentResponse() ++ linkend="eggdbus-method-org.freedesktop.PolicyKit1.Authority.AuthenticationAgentResponse2">AuthenticationAgentResponse2() + method on the org.freedesktop.PolicyKit1.Authority +- interface of the PolicyKit daemon before returning. ++ interface of the PolicyKit daemon before returning. This is normally ++ achieved via the PolkitAgentSession ++ API, which invokes a private setuid helper process to verify the ++ authentication. + + + The authentication agent should not return until after authentication is complete. +diff --git a/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml b/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml +index e66bf53..f2eed63 100644 +--- a/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml ++++ b/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml +@@ -42,7 +42,7 @@ Structure TemporaryAuth + IN String object_path) + AuthenticationAgentResponse (IN String cookie, + IN Identity identity) +-AuthenticationAgentResponse2 (IN uint32 uid, IN String cookie, ++AuthenticationAgentResponse2 (IN uint32 uid, IN String cookie, + IN Identity identity) + EnumerateTemporaryAuthorizations (IN Subject subject, + OUT Array<TemporaryAuthorization> temporary_authorizations) +@@ -701,7 +701,7 @@ RegisterAuthenticationAgent (IN Subject< + IN String object_path) + + +-Register an authentication agent.Note that current versions of PolicyKit will only work if session_id is set to the empty string. In the future it might work for non-empty strings if the caller is sufficiently privileged. ++Register an authentication agent.Note that this should be called by same effective UID which will be passed to AuthenticationAgentResponse2(). + + + +@@ -781,7 +781,8 @@ AuthenticationAgentResponse (IN String cookie, + + Method for authentication agents to invoke on successful + authentication, intended only for use by a privileged helper process +-internal to polkit. Deprecated in favor of AuthenticationAgentResponse2. ++internal to polkit. This method will fail unless a sufficiently privileged +++caller invokes it. Deprecated in favor of AuthenticationAgentResponse2(). + + + +@@ -812,7 +813,10 @@ AuthenticationAgentResponse2 (IN uint32 uid, + + Method for authentication agents to invoke on successful + authentication, intended only for use by a privileged helper process +-internal to polkit. Note this method was introduced in 0.114 to fix a security issue. ++internal to polkit. This method will fail unless a sufficiently privileged ++caller invokes it. Note this method was introduced in 0.114 and should be ++preferred over AuthenticationAgentResponse() ++as it fixes a security issue. + + + +diff --git a/docs/polkit/overview.xml b/docs/polkit/overview.xml +index c29d8da..8ddb34c 100644 +--- a/docs/polkit/overview.xml ++++ b/docs/polkit/overview.xml +@@ -73,11 +73,11 @@ + linkend="eggdbus-interface-org.freedesktop.PolicyKit1.AuthenticationAgent">org.freedesktop.PolicyKit1.AuthenticationAgent + D-Bus interface. Once the user is authenticated, (a privileged + part of) the agent invokes the AuthenticationAgentResponse() ++ linkend="eggdbus-method-org.freedesktop.PolicyKit1.Authority.AuthenticationAgentResponse2">AuthenticationAgentResponse2() + method. This method should be treated as an internal +- implementation detail, and callers should use the public shared +- library API to invoke it, which currently uses a setuid helper +- program. ++ implementation detail, and callers should use the ++ PolkitAgentSession API to invoke ++ it, which currently uses a setuid helper program. + + + The libpolkit-agent-1 +diff --git a/src/polkit/polkitauthority.c b/src/polkit/polkitauthority.c +index f45abc4..4e882e6 100644 +--- a/src/polkit/polkitauthority.c ++++ b/src/polkit/polkitauthority.c +@@ -1038,6 +1038,10 @@ polkit_authority_check_authorization_sync (PolkitAuthority *author + * + * Asynchronously registers an authentication agent. + * ++ * Note that this should be called by the same effective UID which will be ++ * the real UID using the #PolkitAgentSession API or otherwise calling ++ * polkit_authority_authentication_agent_response(). ++ * + * When the operation is finished, @callback will be invoked in the + * thread-default + * main loop of the thread you are calling this method +@@ -1129,7 +1133,13 @@ polkit_authority_register_authentication_agent_finish (PolkitAuthority *authorit + * @cancellable: (allow-none): A #GCancellable or %NULL. + * @error: (allow-none): Return location for error or %NULL. + * +- * Registers an authentication agent. The calling thread is blocked ++ * Registers an authentication agent. ++ * ++ * Note that this should be called by the same effective UID which will be ++ * the real UID using the #PolkitAgentSession API or otherwise calling ++ * polkit_authority_authentication_agent_response(). ++ * ++ * The calling thread is blocked + * until a reply is received. See + * polkit_authority_register_authentication_agent() for the + * asynchronous version. +@@ -1178,6 +1188,10 @@ polkit_authority_register_authentication_agent_sync (PolkitAuthority *author + * + * Asynchronously registers an authentication agent. + * ++ * Note that this should be called by the same effective UID which will be ++ * the real UID using the #PolkitAgentSession API or otherwise calling ++ * polkit_authority_authentication_agent_response(). ++ * + * When the operation is finished, @callback will be invoked in the + * thread-default + * main loop of the thread you are calling this method +@@ -1292,7 +1306,13 @@ polkit_authority_register_authentication_agent_with_options_finish (PolkitAuthor + * @cancellable: (allow-none): A #GCancellable or %NULL. + * @error: (allow-none): Return location for error or %NULL. + * +- * Registers an authentication agent. The calling thread is blocked ++ * Registers an authentication agent. ++ * ++ * Note that this should be called by the same effective UID which will be ++ * the real UID using the #PolkitAgentSession API or otherwise calling ++ * polkit_authority_authentication_agent_response(). ++ * ++ * The calling thread is blocked + * until a reply is received. See + * polkit_authority_register_authentication_agent_with_options() for the + * asynchronous version. +diff --git a/src/polkitagent/polkitagentlistener.c b/src/polkitagent/polkitagentlistener.c +index 5bddd03..2bfda2d 100644 +--- a/src/polkitagent/polkitagentlistener.c ++++ b/src/polkitagent/polkitagentlistener.c +@@ -37,10 +37,7 @@ + * + * Typically authentication agents use #PolkitAgentSession to + * authenticate users (via passwords) and communicate back the +- * authentication result to the PolicyKit daemon. This is however not +- * requirement. Depending on the system an authentication agent may +- * use other means (such as a Yes/No dialog) to obtain sufficient +- * evidence that the user is one of the requested identities. ++ * authentication result to the PolicyKit daemon. + * + * To register a #PolkitAgentListener with the PolicyKit daemon, use + * polkit_agent_listener_register() or +diff --git a/src/polkitbackend/polkitbackendauthority.c b/src/polkitbackend/polkitbackendauthority.c +index d1b1a25..10b8af3 100644 +--- a/src/polkitbackend/polkitbackendauthority.c ++++ b/src/polkitbackend/polkitbackendauthority.c +@@ -343,6 +343,7 @@ polkit_backend_authority_unregister_authentication_agent (PolkitBackendAuthority + * polkit_backend_authority_authentication_agent_response: + * @authority: A #PolkitBackendAuthority. + * @caller: The system bus name that initiated the query. ++ * @uid: The real UID of the registered agent, or (uid_t)-1 if unknown. + * @cookie: The cookie passed to the authentication agent from the authority. + * @identity: The identity that was authenticated. + * @error: Return location for error or %NULL. diff --git a/patches/0.113/pkexec-Work-around-systemd-injecting-broken-XDG_RUNT.patch b/patches/0.113/pkexec-Work-around-systemd-injecting-broken-XDG_RUNT.patch new file mode 100644 index 00000000..e8e9b6b1 --- /dev/null +++ b/patches/0.113/pkexec-Work-around-systemd-injecting-broken-XDG_RUNT.patch @@ -0,0 +1,76 @@ +From: Colin Walters +Date: Thu, 21 Nov 2013 17:39:37 -0500 +Subject: pkexec: Work around systemd injecting broken XDG_RUNTIME_DIR + +This workaround isn't too much code, and it's often better to fix bugs +in two places anyways. + +For more information: + +See https://bugzilla.redhat.com/show_bug.cgi?id=753882 +See http://lists.freedesktop.org/archives/systemd-devel/2013-November/014370.html + +Origin: upstream, 0.113, commit:8635ffc16aeff6a07d675f861fe0dea03ea81d7e +--- + src/programs/pkexec.c | 33 ++++++++++++++++++++++++++++++--- + 1 file changed, 30 insertions(+), 3 deletions(-) + +diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c +index 9a0570a..5e99044 100644 +--- a/src/programs/pkexec.c ++++ b/src/programs/pkexec.c +@@ -139,8 +139,22 @@ pam_conversation_function (int n, + return PAM_CONV_ERR; + } + ++/* A work around for: ++ * https://bugzilla.redhat.com/show_bug.cgi?id=753882 ++ */ ++static gboolean ++xdg_runtime_dir_is_owned_by (const char *path, ++ uid_t target_uid) ++{ ++ struct stat stbuf; ++ ++ return stat (path, &stbuf) == 0 && ++ stbuf.st_uid == target_uid; ++} ++ + static gboolean +-open_session (const gchar *user_to_auth) ++open_session (const gchar *user_to_auth, ++ uid_t target_uid) + { + gboolean ret; + gint rc; +@@ -182,7 +196,19 @@ open_session (const gchar *user_to_auth) + { + guint n; + for (n = 0; envlist[n]; n++) +- putenv (envlist[n]); ++ { ++ const char *envitem = envlist[n]; ++ ++ if (g_str_has_prefix (envitem, "XDG_RUNTIME_DIR=")) ++ { ++ const char *eq = strchr (envitem, '='); ++ g_assert (eq); ++ if (!xdg_runtime_dir_is_owned_by (eq + 1, target_uid)) ++ continue; ++ } ++ ++ putenv (envlist[n]); ++ } + free (envlist); + } + +@@ -892,7 +918,8 @@ main (int argc, char *argv[]) + * As evident above, neither su(1) (and, for that matter, nor sudo(8)) does this. + */ + #ifdef POLKIT_AUTHFW_PAM +- if (!open_session (pw->pw_name)) ++ if (!open_session (pw->pw_name, ++ pw->pw_uid)) + { + goto out; + } diff --git a/patches/0.113/polkitd-Fix-problem-with-removing-non-existent-sourc.patch b/patches/0.113/polkitd-Fix-problem-with-removing-non-existent-sourc.patch new file mode 100644 index 00000000..1737020f --- /dev/null +++ b/patches/0.113/polkitd-Fix-problem-with-removing-non-existent-sourc.patch @@ -0,0 +1,23 @@ +From: Lukasz Skalski +Date: Tue, 22 Apr 2014 11:11:20 +0200 +Subject: polkitd: Fix problem with removing non-existent source + +Bug: https://bugs.freedesktop.org/show_bug.cgi?id=77167 +Applied-upstream: 0.113, commit:3ca4e00c7e003ea80aa96b499bc7cd83246d7108 +--- + src/polkitd/main.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/polkitd/main.c b/src/polkitd/main.c +index b21723f..f18fb91 100644 +--- a/src/polkitd/main.c ++++ b/src/polkitd/main.c +@@ -93,7 +93,7 @@ on_sigint (gpointer user_data) + { + g_print ("Handling SIGINT\n"); + g_main_loop_quit (loop); +- return FALSE; ++ return TRUE; + } + + int diff --git a/patches/0.113/sessionmonitor-systemd-Deduplicate-code-paths.patch b/patches/0.113/sessionmonitor-systemd-Deduplicate-code-paths.patch new file mode 100644 index 00000000..e7d0a4b7 --- /dev/null +++ b/patches/0.113/sessionmonitor-systemd-Deduplicate-code-paths.patch @@ -0,0 +1,104 @@ +From: Colin Walters +Date: Thu, 7 Nov 2013 15:57:50 -0500 +Subject: sessionmonitor-systemd: Deduplicate code paths + +We had the code to go from pid -> session duplicated. If we have a +PolkitSystemBusName, convert it to a PolkitUnixProcess. +Then we can do PolkitUnixProcess -> pid -> session in one place. + +This is just a code cleanup. + +Bug: https://bugs.freedesktop.org/show_bug.cgi?id=69538 +Origin: upstream, 0.113, commit:26d0c0578211fb96fc8fe75572aa11ad6ecbf9b8 +--- + .../polkitbackendsessionmonitor-systemd.c | 63 ++++++++-------------- + 1 file changed, 22 insertions(+), 41 deletions(-) + +diff --git a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c +index 0185310..756b728 100644 +--- a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c ++++ b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c +@@ -313,61 +313,42 @@ polkit_backend_session_monitor_get_session_for_subject (PolkitBackendSessionMoni + PolkitSubject *subject, + GError **error) + { +- PolkitSubject *session; +- +- session = NULL; ++ PolkitUnixProcess *tmp_process = NULL; ++ PolkitUnixProcess *process = NULL; ++ PolkitSubject *session = NULL; ++ char *session_id = NULL; ++ pid_t pid; + + if (POLKIT_IS_UNIX_PROCESS (subject)) +- { +- gchar *session_id; +- pid_t pid; +- +- pid = polkit_unix_process_get_pid (POLKIT_UNIX_PROCESS (subject)); +- if (sd_pid_get_session (pid, &session_id) < 0) +- goto out; +- +- session = polkit_unix_session_new (session_id); +- free (session_id); +- } ++ process = POLKIT_UNIX_PROCESS (subject); /* We already have a process */ + else if (POLKIT_IS_SYSTEM_BUS_NAME (subject)) + { +- guint32 pid; +- gchar *session_id; +- GVariant *result; +- +- result = g_dbus_connection_call_sync (monitor->system_bus, +- "org.freedesktop.DBus", +- "/org/freedesktop/DBus", +- "org.freedesktop.DBus", +- "GetConnectionUnixProcessID", +- g_variant_new ("(s)", polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (subject))), +- G_VARIANT_TYPE ("(u)"), +- G_DBUS_CALL_FLAGS_NONE, +- -1, /* timeout_msec */ +- NULL, /* GCancellable */ +- error); +- if (result == NULL) +- goto out; +- g_variant_get (result, "(u)", &pid); +- g_variant_unref (result); +- +- if (sd_pid_get_session (pid, &session_id) < 0) +- goto out; +- +- session = polkit_unix_session_new (session_id); +- free (session_id); ++ /* Convert bus name to process */ ++ tmp_process = (PolkitUnixProcess*)polkit_system_bus_name_get_process_sync (POLKIT_SYSTEM_BUS_NAME (subject), NULL, error); ++ if (!tmp_process) ++ goto out; ++ process = tmp_process; + } + else + { + g_set_error (error, + POLKIT_ERROR, + POLKIT_ERROR_NOT_SUPPORTED, +- "Cannot get user for subject of type %s", ++ "Cannot get session for subject of type %s", + g_type_name (G_TYPE_FROM_INSTANCE (subject))); + } + +- out: ++ /* Now do process -> pid -> session */ ++ g_assert (process != NULL); ++ pid = polkit_unix_process_get_pid (process); + ++ if (sd_pid_get_session (pid, &session_id) < 0) ++ goto out; ++ ++ session = polkit_unix_session_new (session_id); ++ free (session_id); ++ out: ++ if (tmp_process) g_object_unref (tmp_process); + return session; + } + diff --git a/patches/0.113/sessionmonitor-systemd-Use-sd_uid_get_state-to-check.patch b/patches/0.113/sessionmonitor-systemd-Use-sd_uid_get_state-to-check.patch new file mode 100644 index 00000000..7c0ca4bb --- /dev/null +++ b/patches/0.113/sessionmonitor-systemd-Use-sd_uid_get_state-to-check.patch @@ -0,0 +1,73 @@ +From: Philip Withnall +Date: Tue, 2 Jun 2015 16:19:51 +0100 +Subject: sessionmonitor-systemd: Use sd_uid_get_state() to check session + activity +MIME-Version: 1.0 +Content-Type: text/plain; charset="utf-8" +Content-Transfer-Encoding: 8bit + +Instead of using sd_pid_get_session() then sd_session_is_active() to +determine whether the user is active, use sd_uid_get_state() directly. +This gets the maximum of the states of all the user’s sessions, rather +than the state of the session containing the subject process. Since the +user is the security boundary, this is fine. + +This change is necessary for `systemd --user` sessions, where most user +code will be forked off user@.service, rather than running inside the +logind session (whether that be a foreground/active or background/online +session). + +Policy-wise, the change is from checking whether the subject process is +in an active session; to checking whether the subject process is owned +by a user with at least one active session. + +Bug: https://bugs.freedesktop.org/show_bug.cgi?id=76358 +Applied-upstream: 0.113, commit:a29653ffa99e0809e15aa34afcd7b2df8593871c +Bug-Debian: https://bugs.debian.org/779988 +--- + .../polkitbackendsessionmonitor-systemd.c | 33 +++++++++++++++++++++- + 1 file changed, 32 insertions(+), 1 deletion(-) + +diff --git a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c +index ebd05ce..6bd517a 100644 +--- a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c ++++ b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c +@@ -391,6 +391,37 @@ gboolean + polkit_backend_session_monitor_is_session_active (PolkitBackendSessionMonitor *monitor, + PolkitSubject *session) + { +- return sd_session_is_active (polkit_unix_session_get_session_id (POLKIT_UNIX_SESSION (session))); ++ const char *session_id; ++ char *state; ++ uid_t uid; ++ gboolean is_active = FALSE; ++ ++ session_id = polkit_unix_session_get_session_id (POLKIT_UNIX_SESSION (session)); ++ ++ g_debug ("Checking whether session %s is active.", session_id); ++ ++ /* Check whether *any* of the user's current sessions are active. */ ++ if (sd_session_get_uid (session_id, &uid) < 0) ++ goto fallback; ++ ++ g_debug ("Session %s has UID %u.", session_id, uid); ++ ++ if (sd_uid_get_state (uid, &state) < 0) ++ goto fallback; ++ ++ g_debug ("UID %u has state %s.", uid, state); ++ ++ is_active = (g_strcmp0 (state, "active") == 0); ++ free (state); ++ ++ return is_active; ++ ++fallback: ++ /* Fall back to checking the session. This is not ideal, since the user ++ * might have multiple sessions, and we cannot guarantee to have chosen ++ * the active one. ++ * ++ * See: https://bugs.freedesktop.org/show_bug.cgi?id=76358. */ ++ return sd_session_is_active (session_id); + } + diff --git a/patches/0.113/sessionmonitor-systemd-prepare-for-D-Bus-user-bus-mo.patch b/patches/0.113/sessionmonitor-systemd-prepare-for-D-Bus-user-bus-mo.patch new file mode 100644 index 00000000..6b09ce79 --- /dev/null +++ b/patches/0.113/sessionmonitor-systemd-prepare-for-D-Bus-user-bus-mo.patch @@ -0,0 +1,89 @@ +From: Kay Sievers +Date: Mon, 19 May 2014 10:19:49 +0900 +Subject: sessionmonitor-systemd: prepare for D-Bus "user bus" model + +In the D-Bus "user bus" model, all sessions of a user share the same +D-Bus instance, a polkit requesting process might live outside the +login session which registered the user's polkit agent. + +In case a polkit requesting process is not part of the user's login +session, we ask systemd-logind for the user's "display" session +instead. + +Bug: https://bugs.freedesktop.org/show_bug.cgi?id=78905 +Bug-Debian: https://bugs.debian.org/779988 +Applied-upstream: 0.113, commit:a68f5dfd7662767b7b9822090b70bc5bd145c50c +[smcv: backport configure.ac changes; fail with #error if the required +API is not found] +--- + configure.ac | 4 +++ + .../polkitbackendsessionmonitor-systemd.c | 29 ++++++++++++++++++---- + 2 files changed, 28 insertions(+), 5 deletions(-) + +diff --git a/configure.ac b/configure.ac +index f4a0c41..aa2760f 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -165,6 +165,10 @@ if test "$enable_systemd" != "no"; then + have_systemd=no) + if test "$have_systemd" = "yes"; then + SESSION_TRACKING=systemd ++ save_LIBS=$LIBS ++ LIBS=$SYSTEMD_LIBS ++ AC_CHECK_FUNCS(sd_uid_get_display) ++ LIBS=$save_LIBS + else + if test "$enable_systemd" = "yes"; then + AC_MSG_ERROR([systemd support requested but libsystemd-login1 library not found]) +diff --git a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c +index 756b728..ebd05ce 100644 +--- a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c ++++ b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c +@@ -318,6 +318,9 @@ polkit_backend_session_monitor_get_session_for_subject (PolkitBackendSessionMoni + PolkitSubject *session = NULL; + char *session_id = NULL; + pid_t pid; ++#if HAVE_SD_UID_GET_DISPLAY ++ uid_t uid; ++#endif + + if (POLKIT_IS_UNIX_PROCESS (subject)) + process = POLKIT_UNIX_PROCESS (subject); /* We already have a process */ +@@ -338,16 +341,32 @@ polkit_backend_session_monitor_get_session_for_subject (PolkitBackendSessionMoni + g_type_name (G_TYPE_FROM_INSTANCE (subject))); + } + +- /* Now do process -> pid -> session */ ++ /* Now do process -> pid -> same session */ + g_assert (process != NULL); + pid = polkit_unix_process_get_pid (process); + +- if (sd_pid_get_session (pid, &session_id) < 0) ++ if (sd_pid_get_session (pid, &session_id) >= 0) ++ { ++ session = polkit_unix_session_new (session_id); ++ goto out; ++ } ++ ++#if HAVE_SD_UID_GET_DISPLAY ++ /* Now do process -> uid -> graphical session (systemd version 213)*/ ++ if (sd_pid_get_owner_uid (pid, &uid) < 0) + goto out; +- +- session = polkit_unix_session_new (session_id); +- free (session_id); ++ ++ if (sd_uid_get_display (uid, &session_id) >= 0) ++ { ++ session = polkit_unix_session_new (session_id); ++ goto out; ++ } ++#else ++#error Debian should have sd_uid_get_display() ++#endif ++ + out: ++ free (session_id); + if (tmp_process) g_object_unref (tmp_process); + return session; + } diff --git a/patches/0.114/Add-gettext-support-for-.policy-files.patch b/patches/0.114/Add-gettext-support-for-.policy-files.patch new file mode 100644 index 00000000..025403f8 --- /dev/null +++ b/patches/0.114/Add-gettext-support-for-.policy-files.patch @@ -0,0 +1,58 @@ +From: Matthias Clasen +Date: Fri, 15 Jul 2016 11:12:35 -0400 +Subject: Add gettext support for .policy files + +gettext can extract strings from and merge them back into xml +file formats, with the help of .its files. + +Bug: https://bugs.freedesktop.org/show_bug.cgi?id=96940 +Origin: upstream, 0.114, commit:c78819245ff8a270f97c9f800773e727918be838 +--- + data/Makefile.am | 5 +++++ + data/polkit.its | 7 +++++++ + data/polkit.loc | 6 ++++++ + 3 files changed, 18 insertions(+) + create mode 100644 data/polkit.its + create mode 100644 data/polkit.loc + +diff --git a/data/Makefile.am b/data/Makefile.am +index f0beeba..e1a60aa 100644 +--- a/data/Makefile.am ++++ b/data/Makefile.am +@@ -20,6 +20,11 @@ endif + pkgconfigdir = $(libdir)/pkgconfig + pkgconfig_DATA = polkit-gobject-1.pc polkit-backend-1.pc polkit-agent-1.pc + ++# ---------------------------------------------------------------------------------------------------- ++ ++itsdir = $(datadir)/gettext/its ++its_DATA = polkit.loc polkit.its ++ + CLEANFILES = $(BUILT_SOURCES) + + EXTRA_DIST = \ +diff --git a/data/polkit.its b/data/polkit.its +new file mode 100644 +index 0000000..1312ecb +--- /dev/null ++++ b/data/polkit.its +@@ -0,0 +1,7 @@ ++ ++ ++ ++ +diff --git a/data/polkit.loc b/data/polkit.loc +new file mode 100644 +index 0000000..c7427ec +--- /dev/null ++++ b/data/polkit.loc +@@ -0,0 +1,6 @@ ++ ++ ++ ++ ++ ++ diff --git a/patches/0.114/Fix-multi-line-pam-text-info.patch b/patches/0.114/Fix-multi-line-pam-text-info.patch new file mode 100644 index 00000000..8a183613 --- /dev/null +++ b/patches/0.114/Fix-multi-line-pam-text-info.patch @@ -0,0 +1,39 @@ +From: Dariusz Gadomski +Date: Tue, 10 Nov 2015 10:52:02 +0100 +Subject: Fix multi-line pam text info. + +There are pam modules (e.g. pam_vas) that may attempt to display multi-line +PAM_TEXT_INFO messages. Polkit was interpreting the lines after the first one +as a separate message that was not recognized causing the authorization +to fail. Escaping these strings and unescaping them fixes the issue. + +Bug: https://bugs.freedesktop.org/show_bug.cgi?id=92886 +Origin: upstream, 0.114, commit:10597322eccc320f9053821750ae9af51e918d74 +--- + src/polkitagent/polkitagenthelper-pam.c | 13 +++++++++---- + 1 file changed, 9 insertions(+), 4 deletions(-) + +diff --git a/src/polkitagent/polkitagenthelper-pam.c b/src/polkitagent/polkitagenthelper-pam.c +index 19062aa..063d656 100644 +--- a/src/polkitagent/polkitagenthelper-pam.c ++++ b/src/polkitagent/polkitagenthelper-pam.c +@@ -302,10 +302,15 @@ conversation_function (int n, const struct pam_message **msg, struct pam_respons + case PAM_TEXT_INFO: + fprintf (stdout, "PAM_TEXT_INFO "); + conv2: +- fputs (msg[i]->msg, stdout); +- if (strlen (msg[i]->msg) > 0 && +- msg[i]->msg[strlen (msg[i]->msg) - 1] != '\n') +- fputc ('\n', stdout); ++ tmp = g_strdup (msg[i]->msg); ++ len = strlen (tmp); ++ if (len > 0 && tmp[len - 1] == '\n') ++ tmp[len - 1] = '\0'; ++ escaped = g_strescape (tmp, NULL); ++ g_free (tmp); ++ fputs (escaped, stdout); ++ g_free (escaped); ++ fputc ('\n', stdout); + fflush (stdout); + break; + diff --git a/patches/0.114/Refactor-send_to_helper-usage.patch b/patches/0.114/Refactor-send_to_helper-usage.patch new file mode 100644 index 00000000..75e5c7da --- /dev/null +++ b/patches/0.114/Refactor-send_to_helper-usage.patch @@ -0,0 +1,149 @@ +From: Dariusz Gadomski +Date: Thu, 12 Nov 2015 15:01:19 +0100 +Subject: Refactor send_to_helper usage + +There were duplicated pieces of code detecting EOLs and escaping the code. +Those actions has been delegated to already-existing send_to_helper function. + +Bug: https://bugs.freedesktop.org/show_bug.cgi?id=92886 +Origin: upstream, 0.114, commit:2690cd0312b310946c86674c8dd1f55c63f7dd6a +--- + src/polkitagent/polkitagenthelper-pam.c | 81 +++++++++++---------------------- + 1 file changed, 26 insertions(+), 55 deletions(-) + +diff --git a/src/polkitagent/polkitagenthelper-pam.c b/src/polkitagent/polkitagenthelper-pam.c +index 063d656..3ea3a3f 100644 +--- a/src/polkitagent/polkitagenthelper-pam.c ++++ b/src/polkitagent/polkitagenthelper-pam.c +@@ -39,25 +39,35 @@ static void + send_to_helper (const gchar *str1, + const gchar *str2) + { ++ char *escaped; ++ char *tmp2; ++ size_t len2; ++ ++ tmp2 = g_strdup(str2); ++ len2 = strlen(tmp2); + #ifdef PAH_DEBUG +- fprintf (stderr, "polkit-agent-helper-1: writing `%s' to stdout\n", str1); ++ fprintf (stderr, "polkit-agent-helper-1: writing `%s ' to stdout\n", str1); + #endif /* PAH_DEBUG */ +- fprintf (stdout, "%s", str1); ++ fprintf (stdout, "%s ", str1); ++ ++ if (len2 > 0 && tmp2[len2 - 1] == '\n') ++ tmp2[len2 - 1] = '\0'; ++ escaped = g_strescape (tmp2, NULL); + #ifdef PAH_DEBUG +- fprintf (stderr, "polkit-agent-helper-1: writing `%s' to stdout\n", str2); ++ fprintf (stderr, "polkit-agent-helper-1: writing `%s' to stdout\n", escaped); + #endif /* PAH_DEBUG */ +- fprintf (stdout, "%s", str2); +- if (strlen (str2) > 0 && str2[strlen (str2) - 1] != '\n') +- { ++ fprintf (stdout, "%s", escaped); + #ifdef PAH_DEBUG +- fprintf (stderr, "polkit-agent-helper-1: writing newline to stdout\n"); ++ fprintf (stderr, "polkit-agent-helper-1: writing newline to stdout\n"); + #endif /* PAH_DEBUG */ +- fputc ('\n', stdout); +- } ++ fputc ('\n', stdout); + #ifdef PAH_DEBUG + fprintf (stderr, "polkit-agent-helper-1: flushing stdout\n"); + #endif /* PAH_DEBUG */ + fflush (stdout); ++ ++ g_free (escaped); ++ g_free (tmp2); + } + + int +@@ -89,7 +99,7 @@ main (int argc, char *argv[]) + + /* Special-case a very common error triggered in jhbuild setups */ + s = g_strdup_printf ("Incorrect permissions on %s (needs to be setuid root)", argv[0]); +- send_to_helper ("PAM_ERROR_MSG ", s); ++ send_to_helper ("PAM_ERROR_MSG", s); + g_free (s); + goto error; + } +@@ -232,9 +242,6 @@ conversation_function (int n, const struct pam_message **msg, struct pam_respons + struct pam_response *aresp; + char buf[PAM_MAX_RESP_SIZE]; + int i; +- gchar *escaped = NULL; +- gchar *tmp = NULL; +- size_t len; + + (void)data; + if (n <= 0 || n > PAM_MAX_NUM_MSG) +@@ -251,38 +258,13 @@ conversation_function (int n, const struct pam_message **msg, struct pam_respons + { + + case PAM_PROMPT_ECHO_OFF: +-#ifdef PAH_DEBUG +- fprintf (stderr, "polkit-agent-helper-1: writing `PAM_PROMPT_ECHO_OFF ' to stdout\n"); +-#endif /* PAH_DEBUG */ +- fprintf (stdout, "PAM_PROMPT_ECHO_OFF "); ++ send_to_helper ("PAM_PROMPT_ECHO_OFF", msg[i]->msg); + goto conv1; + + case PAM_PROMPT_ECHO_ON: +-#ifdef PAH_DEBUG +- fprintf (stderr, "polkit-agent-helper-1: writing `PAM_PROMPT_ECHO_ON ' to stdout\n"); +-#endif /* PAH_DEBUG */ +- fprintf (stdout, "PAM_PROMPT_ECHO_ON "); +- conv1: +-#ifdef PAH_DEBUG +- fprintf (stderr, "polkit-agent-helper-1: writing `%s' to stdout\n", msg[i]->msg); +-#endif /* PAH_DEBUG */ +- tmp = g_strdup (msg[i]->msg); +- len = strlen (tmp); +- if (len > 0 && tmp[len - 1] == '\n') +- tmp[len - 1] = '\0'; +- escaped = g_strescape (tmp, NULL); +- g_free (tmp); +- fputs (escaped, stdout); +- g_free (escaped); +-#ifdef PAH_DEBUG +- fprintf (stderr, "polkit-agent-helper-1: writing newline to stdout\n"); +-#endif /* PAH_DEBUG */ +- fputc ('\n', stdout); +-#ifdef PAH_DEBUG +- fprintf (stderr, "polkit-agent-helper-1: flushing stdout\n"); +-#endif /* PAH_DEBUG */ +- fflush (stdout); ++ send_to_helper ("PAM_PROMPT_ECHO_ON", msg[i]->msg); + ++ conv1: + if (fgets (buf, sizeof buf, stdin) == NULL) + goto error; + +@@ -296,22 +278,11 @@ conversation_function (int n, const struct pam_message **msg, struct pam_respons + break; + + case PAM_ERROR_MSG: +- fprintf (stdout, "PAM_ERROR_MSG "); +- goto conv2; ++ send_to_helper ("PAM_ERROR_MSG", msg[i]->msg); ++ break; + + case PAM_TEXT_INFO: +- fprintf (stdout, "PAM_TEXT_INFO "); +- conv2: +- tmp = g_strdup (msg[i]->msg); +- len = strlen (tmp); +- if (len > 0 && tmp[len - 1] == '\n') +- tmp[len - 1] = '\0'; +- escaped = g_strescape (tmp, NULL); +- g_free (tmp); +- fputs (escaped, stdout); +- g_free (escaped); +- fputc ('\n', stdout); +- fflush (stdout); ++ send_to_helper ("PAM_TEXT_INFO", msg[i]->msg); + break; + + default: diff --git a/patches/0.114/Support-polkit-session-agent-running-outside-user-session.patch b/patches/0.114/Support-polkit-session-agent-running-outside-user-session.patch new file mode 100644 index 00000000..7179a92b --- /dev/null +++ b/patches/0.114/Support-polkit-session-agent-running-outside-user-session.patch @@ -0,0 +1,51 @@ +From: Sebastien Bacher +Date: Mon, 2 Apr 2018 10:52:47 -0400 +Subject: Support polkit session agent running outside user session + +commit a68f5dfd7662767b7b9822090b70bc5bd145c50c made +session applications that are running from a user bus +work with polkitd, by falling back to using the currently +active session. + +This commit is similar, but for the polkit agent. It allows, +a polkit agent to be run from a systemd --user service +that's not running directly in the users session. + +Bug: https://bugs.freedesktop.org/show_bug.cgi?id=96977 +Applied-upstream: 0.114, commit:00a663e3fb14d8023e7cb6a66d091872bf4f2851 +--- + src/polkit/polkitunixsession-systemd.c | 14 ++++++++++++++ + 1 file changed, 14 insertions(+) + +diff --git a/src/polkit/polkitunixsession-systemd.c b/src/polkit/polkitunixsession-systemd.c +index 8a8bf65..c34f36a 100644 +--- a/src/polkit/polkitunixsession-systemd.c ++++ b/src/polkit/polkitunixsession-systemd.c +@@ -451,6 +451,7 @@ polkit_unix_session_initable_init (GInitable *initable, + PolkitUnixSession *session = POLKIT_UNIX_SESSION (initable); + gboolean ret = FALSE; + char *s; ++ uid_t uid; + + if (session->session_id != NULL) + { +@@ -467,6 +468,19 @@ polkit_unix_session_initable_init (GInitable *initable, + goto out; + } + ++ /* Now do process -> uid -> graphical session (systemd version 213)*/ ++ if (sd_pid_get_owner_uid (session->pid, &uid) < 0) ++ goto error; ++ ++ if (sd_uid_get_display (uid, &s) >= 0) ++ { ++ session->session_id = g_strdup (s); ++ free (s); ++ ret = TRUE; ++ goto out; ++ } ++ ++error: + g_set_error (error, + POLKIT_ERROR, + POLKIT_ERROR_FAILED, diff --git a/patches/0.114/gettext-switch-to-default-translate-no.patch b/patches/0.114/gettext-switch-to-default-translate-no.patch new file mode 100644 index 00000000..577d5ab1 --- /dev/null +++ b/patches/0.114/gettext-switch-to-default-translate-no.patch @@ -0,0 +1,41 @@ +From: Peter Hutterer +Date: Thu, 20 Oct 2016 10:50:58 +1000 +Subject: gettext: switch to default-translate "no" + +The default appears to be to translate all entries. This rule never takes +effect, the path to /action/message and /action/description is wrong (/action +is not a root node). Since we wanted them to be translated, it doesn't matter. + +But it also translates all other tags (vendor, allow_any, etc.) and that +causes polkit to be unhappy, it can't handle the various language versions of +"no" + +** (polkitd:27434): WARNING **: Unknown PolkitImplicitAuthorization string +'tidak' + +Switch to a default of "no" and explicitly include the message and description +strings to be translated. + +The patch was modified for PolicyKit by Ondrej Holy . + +Bug: https://bugs.freedesktop.org/show_bug.cgi?id=98366 +Origin: upstream, 0.114, commit:32e9a69c335324a53a2c0ba4e0b513fb044be0fd +--- + data/polkit.its | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/data/polkit.its b/data/polkit.its +index 1312ecb..1c37e6b 100644 +--- a/data/polkit.its ++++ b/data/polkit.its +@@ -1,7 +1,8 @@ + + +- ++ + diff --git a/patches/0.114/polkitpermission-Fix-a-memory-leak-on-authority-changes.patch b/patches/0.114/polkitpermission-Fix-a-memory-leak-on-authority-changes.patch new file mode 100644 index 00000000..369973c3 --- /dev/null +++ b/patches/0.114/polkitpermission-Fix-a-memory-leak-on-authority-changes.patch @@ -0,0 +1,24 @@ +From: Rui Matos +Date: Thu, 2 Mar 2017 14:50:31 +0100 +Subject: polkitpermission: Fix a memory leak on authority changes + +Signed-off-by: Rui Matos + +Bug: https://bugs.freedesktop.org/show_bug.cgi?id=99741 +Origin: upstream, 0.114, commit:df6488c0a5b2a6c7a2d4f6a55008263635c5571b +--- + src/polkit/polkitpermission.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/polkit/polkitpermission.c b/src/polkit/polkitpermission.c +index 22d195f..be794cb 100644 +--- a/src/polkit/polkitpermission.c ++++ b/src/polkit/polkitpermission.c +@@ -454,6 +454,7 @@ changed_check_cb (GObject *source_object, + if (result != NULL) + { + process_result (permission, result); ++ g_object_unref (result); + } + else + { diff --git a/patches/0.115/Fix-CVE-2018-1116-Trusting-client-supplied-UID.patch b/patches/0.115/Fix-CVE-2018-1116-Trusting-client-supplied-UID.patch new file mode 100644 index 00000000..8f23d0de --- /dev/null +++ b/patches/0.115/Fix-CVE-2018-1116-Trusting-client-supplied-UID.patch @@ -0,0 +1,569 @@ +From: =?utf-8?q?Miloslav_Trma=C4=8D?= +Date: Mon, 25 Jun 2018 19:24:06 +0200 +Subject: Fix CVE-2018-1116: Trusting client-supplied UID +MIME-Version: 1.0 +Content-Type: text/plain; charset="utf-8" +Content-Transfer-Encoding: 8bit + +As part of CVE-2013-4288, the D-Bus clients were allowed (and +encouraged) to submit the UID of the subject of authorization checks +to avoid races against UID changes (notably using executables +set-UID to root). + +However, that also allowed any client to submit an arbitrary UID, and +that could be used to bypass "can only ask about / affect the same UID" +checks in CheckAuthorization / RegisterAuthenticationAgent / +UnregisterAuthenticationAgent. This allowed an attacker: + +- With CheckAuthorization, to cause the registered authentication + agent in victim's session to pop up a dialog, or to determine whether + the victim currently has a temporary authorization to perform an + operation. + + (In principle, the attacker can also determine whether JavaScript + rules allow the victim process to perform an operation; however, + usually rules base their decisions on information determined from + the supplied UID, so the attacker usually won't learn anything new.) + +- With RegisterAuthenticationAgent, to prevent the victim's + authentication agent to work (for a specific victim process), + or to learn about which operations requiring authorization + the victim is attempting. + +To fix this, expose internal _polkit_unix_process_get_owner() / +obsolete polkit_unix_process_get_owner() as a private +polkit_unix_process_get_racy_uid__() (being more explicit about the +dangers on relying on it), and use it in +polkit_backend_session_monitor_get_user_for_subject() to return +a boolean indicating whether the subject UID may be caller-chosen. + +Then, in the permission checks that require the subject to be +equal to the caller, fail on caller-chosen UIDs (and continue +through the pre-existing code paths which allow root, or root-designated +server processes, to ask about arbitrary subjects.) + +Signed-off-by: Miloslav Trmač +Origin: upstream, 0.115, commit:bc7ffad53643a9c80231fc41f5582d6a8931c32c +--- + src/polkit/polkitprivate.h | 2 + + src/polkit/polkitunixprocess.c | 60 ++++++++++++++++++---- + .../polkitbackendinteractiveauthority.c | 39 +++++++++----- + .../polkitbackendsessionmonitor-systemd.c | 38 ++++++++++++-- + src/polkitbackend/polkitbackendsessionmonitor.c | 40 +++++++++++++-- + src/polkitbackend/polkitbackendsessionmonitor.h | 1 + + 6 files changed, 147 insertions(+), 33 deletions(-) + +diff --git a/src/polkit/polkitprivate.h b/src/polkit/polkitprivate.h +index 7f5c463..6274bc9 100644 +--- a/src/polkit/polkitprivate.h ++++ b/src/polkit/polkitprivate.h +@@ -44,6 +44,8 @@ GVariant *polkit_action_description_to_gvariant (PolkitActionDescription *action + GVariant *polkit_subject_to_gvariant (PolkitSubject *subject); + GVariant *polkit_identity_to_gvariant (PolkitIdentity *identity); + ++gint polkit_unix_process_get_racy_uid__ (PolkitUnixProcess *process, GError **error); ++ + PolkitSubject *polkit_subject_new_for_gvariant (GVariant *variant, GError **error); + PolkitIdentity *polkit_identity_new_for_gvariant (GVariant *variant, GError **error); + +diff --git a/src/polkit/polkitunixprocess.c b/src/polkit/polkitunixprocess.c +index 913be3a..464f034 100644 +--- a/src/polkit/polkitunixprocess.c ++++ b/src/polkit/polkitunixprocess.c +@@ -49,6 +49,14 @@ + * To uniquely identify processes, both the process id and the start + * time of the process (a monotonic increasing value representing the + * time since the kernel was started) is used. ++ * ++ * NOTE: This object stores, and provides access to, the real UID of the ++ * process. That value can change over time (with set*uid*(2) and exec*(2)). ++ * Checks whether an operation is allowed need to take care to use the UID ++ * value as of the time when the operation was made (or, following the open() ++ * privilege check model, when the connection making the operation possible ++ * was initiated). That is usually done by initializing this with ++ * polkit_unix_process_new_for_owner() with trusted data. + */ + + /** +@@ -83,9 +91,6 @@ static void subject_iface_init (PolkitSubjectIface *subject_iface); + static guint64 get_start_time_for_pid (gint pid, + GError **error); + +-static gint _polkit_unix_process_get_owner (PolkitUnixProcess *process, +- GError **error); +- + #ifdef HAVE_FREEBSD + static gboolean get_kinfo_proc (gint pid, struct kinfo_proc *p); + #endif +@@ -170,7 +175,7 @@ polkit_unix_process_constructed (GObject *object) + { + GError *error; + error = NULL; +- process->uid = _polkit_unix_process_get_owner (process, &error); ++ process->uid = polkit_unix_process_get_racy_uid__ (process, &error); + if (error != NULL) + { + process->uid = -1; +@@ -259,6 +264,12 @@ polkit_unix_process_class_init (PolkitUnixProcessClass *klass) + * Gets the user id for @process. Note that this is the real user-id, + * not the effective user-id. + * ++ * NOTE: The UID may change over time, so the returned value may not match the ++ * current state of the underlying process; or the UID may have been set by ++ * polkit_unix_process_new_for_owner() or polkit_unix_process_set_uid(), ++ * in which case it may not correspond to the actual UID of the referenced ++ * process at all (at any point in time). ++ * + * Returns: The user id for @process or -1 if unknown. + */ + gint +@@ -655,18 +666,26 @@ out: + return start_time; + } + +-static gint +-_polkit_unix_process_get_owner (PolkitUnixProcess *process, +- GError **error) ++/* ++ * Private: Return the "current" UID. Note that this is inherently racy, ++ * and the value may already be obsolete by the time this function returns; ++ * this function only guarantees that the UID was valid at some point during ++ * its execution. ++ */ ++gint ++polkit_unix_process_get_racy_uid__ (PolkitUnixProcess *process, ++ GError **error) + { + gint result; + gchar *contents; + gchar **lines; ++ guint64 start_time; + #ifdef HAVE_FREEBSD + struct kinfo_proc p; + #else + gchar filename[64]; + guint n; ++ GError *local_error; + #endif + + g_return_val_if_fail (POLKIT_IS_UNIX_PROCESS (process), 0); +@@ -689,6 +708,7 @@ _polkit_unix_process_get_owner (PolkitUnixProcess *process, + } + + result = p.ki_uid; ++ start_time = (guint64) p.ki_start.tv_sec; + #else + + /* see 'man proc' for layout of the status file +@@ -722,17 +742,37 @@ _polkit_unix_process_get_owner (PolkitUnixProcess *process, + else + { + result = real_uid; +- goto out; ++ goto found; + } + } +- + g_set_error (error, + POLKIT_ERROR, + POLKIT_ERROR_FAILED, + "Didn't find any line starting with `Uid:' in file %s", + filename); ++ goto out; ++ ++found: ++ /* The UID and start time are, sadly, not available in a single file. So, ++ * read the UID first, and then the start time; if the start time is the same ++ * before and after reading the UID, it couldn't have changed. ++ */ ++ local_error = NULL; ++ start_time = get_start_time_for_pid (process->pid, &local_error); ++ if (local_error != NULL) ++ { ++ g_propagate_error (error, local_error); ++ goto out; ++ } + #endif + ++ if (process->start_time != start_time) ++ { ++ g_set_error (error, POLKIT_ERROR, POLKIT_ERROR_FAILED, ++ "process with PID %d has been replaced", process->pid); ++ goto out; ++ } ++ + out: + g_strfreev (lines); + g_free (contents); +@@ -744,5 +784,5 @@ gint + polkit_unix_process_get_owner (PolkitUnixProcess *process, + GError **error) + { +- return _polkit_unix_process_get_owner (process, error); ++ return polkit_unix_process_get_racy_uid__ (process, error); + } +diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c +index 73d0a0e..97a8d80 100644 +--- a/src/polkitbackend/polkitbackendinteractiveauthority.c ++++ b/src/polkitbackend/polkitbackendinteractiveauthority.c +@@ -563,7 +563,7 @@ log_result (PolkitBackendInteractiveAuthority *authority, + if (polkit_authorization_result_get_is_authorized (result)) + log_result_str = "ALLOWING"; + +- user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, subject, NULL); ++ user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, subject, NULL, NULL); + + subject_str = polkit_subject_to_string (subject); + +@@ -837,6 +837,7 @@ polkit_backend_interactive_authority_check_authorization (PolkitBackendAuthority + gchar *subject_str; + PolkitIdentity *user_of_caller; + PolkitIdentity *user_of_subject; ++ gboolean user_of_subject_matches; + gchar *user_of_caller_str; + gchar *user_of_subject_str; + PolkitAuthorizationResult *result; +@@ -882,7 +883,7 @@ polkit_backend_interactive_authority_check_authorization (PolkitBackendAuthority + action_id); + + user_of_caller = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, +- caller, ++ caller, NULL, + &error); + if (error != NULL) + { +@@ -897,7 +898,7 @@ polkit_backend_interactive_authority_check_authorization (PolkitBackendAuthority + g_debug (" user of caller is %s", user_of_caller_str); + + user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, +- subject, ++ subject, &user_of_subject_matches, + &error); + if (error != NULL) + { +@@ -927,7 +928,10 @@ polkit_backend_interactive_authority_check_authorization (PolkitBackendAuthority + * We only allow this if, and only if, + * + * - processes may check for another process owned by the *same* user but not +- * if details are passed (otherwise you'd be able to spoof the dialog) ++ * if details are passed (otherwise you'd be able to spoof the dialog); ++ * the caller supplies the user_of_subject value, so we additionally ++ * require it to match at least at one point in time (via ++ * user_of_subject_matches). + * + * - processes running as uid 0 may check anything and pass any details + * +@@ -935,7 +939,9 @@ polkit_backend_interactive_authority_check_authorization (PolkitBackendAuthority + * then any uid referenced by that annotation is also allowed to check + * to check anything and pass any details + */ +- if (!polkit_identity_equal (user_of_caller, user_of_subject) || has_details) ++ if (!user_of_subject_matches ++ || !polkit_identity_equal (user_of_caller, user_of_subject) ++ || has_details) + { + if (!may_identity_check_authorization (interactive_authority, action_id, user_of_caller)) + { +@@ -1102,9 +1108,10 @@ check_authorization_sync (PolkitBackendAuthority *authority, + goto out; + } + +- /* every subject has a user */ ++ /* every subject has a user; this is supplied by the client, so we rely ++ * on the caller to validate its acceptability. */ + user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, +- subject, ++ subject, NULL, + error); + if (user_of_subject == NULL) + goto out; +@@ -2319,6 +2326,7 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken + PolkitSubject *session_for_caller; + PolkitIdentity *user_of_caller; + PolkitIdentity *user_of_subject; ++ gboolean user_of_subject_matches; + AuthenticationAgent *agent; + gboolean ret; + gchar *caller_cmdline; +@@ -2371,7 +2379,7 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken + goto out; + } + +- user_of_caller = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, caller, NULL); ++ user_of_caller = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, caller, NULL, NULL); + if (user_of_caller == NULL) + { + g_set_error (error, +@@ -2380,7 +2388,7 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken + "Cannot determine user of caller"); + goto out; + } +- user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, subject, NULL); ++ user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, subject, &user_of_subject_matches, NULL); + if (user_of_subject == NULL) + { + g_set_error (error, +@@ -2389,7 +2397,8 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken + "Cannot determine user of subject"); + goto out; + } +- if (!polkit_identity_equal (user_of_caller, user_of_subject)) ++ if (!user_of_subject_matches ++ || !polkit_identity_equal (user_of_caller, user_of_subject)) + { + if (POLKIT_IS_UNIX_USER (user_of_caller) && polkit_unix_user_get_uid (POLKIT_UNIX_USER (user_of_caller)) == 0) + { +@@ -2482,6 +2491,7 @@ polkit_backend_interactive_authority_unregister_authentication_agent (PolkitBack + PolkitSubject *session_for_caller; + PolkitIdentity *user_of_caller; + PolkitIdentity *user_of_subject; ++ gboolean user_of_subject_matches; + AuthenticationAgent *agent; + gboolean ret; + gchar *scope_str; +@@ -2530,7 +2540,7 @@ polkit_backend_interactive_authority_unregister_authentication_agent (PolkitBack + goto out; + } + +- user_of_caller = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, caller, NULL); ++ user_of_caller = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, caller, NULL, NULL); + if (user_of_caller == NULL) + { + g_set_error (error, +@@ -2539,7 +2549,7 @@ polkit_backend_interactive_authority_unregister_authentication_agent (PolkitBack + "Cannot determine user of caller"); + goto out; + } +- user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, subject, NULL); ++ user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, subject, &user_of_subject_matches, NULL); + if (user_of_subject == NULL) + { + g_set_error (error, +@@ -2548,7 +2558,8 @@ polkit_backend_interactive_authority_unregister_authentication_agent (PolkitBack + "Cannot determine user of subject"); + goto out; + } +- if (!polkit_identity_equal (user_of_caller, user_of_subject)) ++ if (!user_of_subject_matches ++ || !polkit_identity_equal (user_of_caller, user_of_subject)) + { + if (POLKIT_IS_UNIX_USER (user_of_caller) && polkit_unix_user_get_uid (POLKIT_UNIX_USER (user_of_caller)) == 0) + { +@@ -2658,7 +2669,7 @@ polkit_backend_interactive_authority_authentication_agent_response (PolkitBacken + identity_str); + + user_of_caller = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, +- caller, ++ caller, NULL, + error); + if (user_of_caller == NULL) + goto out; +diff --git a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c +index 6bd517a..773256e 100644 +--- a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c ++++ b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c +@@ -29,6 +29,7 @@ + #include + + #include ++#include + #include "polkitbackendsessionmonitor.h" + + /* +@@ -246,26 +247,40 @@ polkit_backend_session_monitor_get_sessions (PolkitBackendSessionMonitor *monito + * polkit_backend_session_monitor_get_user: + * @monitor: A #PolkitBackendSessionMonitor. + * @subject: A #PolkitSubject. ++ * @result_matches: If not %NULL, set to indicate whether the return value matches current (RACY) state. + * @error: Return location for error. + * + * Gets the user corresponding to @subject or %NULL if no user exists. + * ++ * NOTE: For a #PolkitUnixProcess, the UID is read from @subject (which may ++ * come from e.g. a D-Bus client), so it may not correspond to the actual UID ++ * of the referenced process (at any point in time). This is indicated by ++ * setting @result_matches to %FALSE; the caller may reject such subjects or ++ * require additional privileges. @result_matches == %TRUE only indicates that ++ * the UID matched the underlying process at ONE point in time, it may not match ++ * later. ++ * + * Returns: %NULL if @error is set otherwise a #PolkitUnixUser that should be freed with g_object_unref(). + */ + PolkitIdentity * + polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor *monitor, + PolkitSubject *subject, ++ gboolean *result_matches, + GError **error) + { + PolkitIdentity *ret; +- guint32 uid; ++ gboolean matches; + + ret = NULL; ++ matches = FALSE; + + if (POLKIT_IS_UNIX_PROCESS (subject)) + { +- uid = polkit_unix_process_get_uid (POLKIT_UNIX_PROCESS (subject)); +- if ((gint) uid == -1) ++ gint subject_uid, current_uid; ++ GError *local_error; ++ ++ subject_uid = polkit_unix_process_get_uid (POLKIT_UNIX_PROCESS (subject)); ++ if (subject_uid == -1) + { + g_set_error (error, + POLKIT_ERROR, +@@ -273,14 +288,24 @@ polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor + "Unix process subject does not have uid set"); + goto out; + } +- ret = polkit_unix_user_new (uid); ++ local_error = NULL; ++ current_uid = polkit_unix_process_get_racy_uid__ (POLKIT_UNIX_PROCESS (subject), &local_error); ++ if (local_error != NULL) ++ { ++ g_propagate_error (error, local_error); ++ goto out; ++ } ++ ret = polkit_unix_user_new (subject_uid); ++ matches = (subject_uid == current_uid); + } + else if (POLKIT_IS_SYSTEM_BUS_NAME (subject)) + { + ret = (PolkitIdentity*)polkit_system_bus_name_get_user_sync (POLKIT_SYSTEM_BUS_NAME (subject), NULL, error); ++ matches = TRUE; + } + else if (POLKIT_IS_UNIX_SESSION (subject)) + { ++ uid_t uid; + + if (sd_session_get_uid (polkit_unix_session_get_session_id (POLKIT_UNIX_SESSION (subject)), &uid) < 0) + { +@@ -292,9 +317,14 @@ polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor + } + + ret = polkit_unix_user_new (uid); ++ matches = TRUE; + } + + out: ++ if (result_matches != NULL) ++ { ++ *result_matches = matches; ++ } + return ret; + } + +diff --git a/src/polkitbackend/polkitbackendsessionmonitor.c b/src/polkitbackend/polkitbackendsessionmonitor.c +index e1a9ab3..ed30755 100644 +--- a/src/polkitbackend/polkitbackendsessionmonitor.c ++++ b/src/polkitbackend/polkitbackendsessionmonitor.c +@@ -27,6 +27,7 @@ + #include + + #include ++#include + #include "polkitbackendsessionmonitor.h" + + #define CKDB_PATH "/var/run/ConsoleKit/database" +@@ -273,28 +274,40 @@ polkit_backend_session_monitor_get_sessions (PolkitBackendSessionMonitor *monito + * polkit_backend_session_monitor_get_user: + * @monitor: A #PolkitBackendSessionMonitor. + * @subject: A #PolkitSubject. ++ * @result_matches: If not %NULL, set to indicate whether the return value matches current (RACY) state. + * @error: Return location for error. + * + * Gets the user corresponding to @subject or %NULL if no user exists. + * ++ * NOTE: For a #PolkitUnixProcess, the UID is read from @subject (which may ++ * come from e.g. a D-Bus client), so it may not correspond to the actual UID ++ * of the referenced process (at any point in time). This is indicated by ++ * setting @result_matches to %FALSE; the caller may reject such subjects or ++ * require additional privileges. @result_matches == %TRUE only indicates that ++ * the UID matched the underlying process at ONE point in time, it may not match ++ * later. ++ * + * Returns: %NULL if @error is set otherwise a #PolkitUnixUser that should be freed with g_object_unref(). + */ + PolkitIdentity * + polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor *monitor, + PolkitSubject *subject, ++ gboolean *result_matches, + GError **error) + { + PolkitIdentity *ret; ++ gboolean matches; + GError *local_error; +- gchar *group; +- guint32 uid; + + ret = NULL; ++ matches = FALSE; + + if (POLKIT_IS_UNIX_PROCESS (subject)) + { +- uid = polkit_unix_process_get_uid (POLKIT_UNIX_PROCESS (subject)); +- if ((gint) uid == -1) ++ gint subject_uid, current_uid; ++ ++ subject_uid = polkit_unix_process_get_uid (POLKIT_UNIX_PROCESS (subject)); ++ if (subject_uid == -1) + { + g_set_error (error, + POLKIT_ERROR, +@@ -302,14 +315,26 @@ polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor + "Unix process subject does not have uid set"); + goto out; + } +- ret = polkit_unix_user_new (uid); ++ local_error = NULL; ++ current_uid = polkit_unix_process_get_racy_uid__ (POLKIT_UNIX_PROCESS (subject), &local_error); ++ if (local_error != NULL) ++ { ++ g_propagate_error (error, local_error); ++ goto out; ++ } ++ ret = polkit_unix_user_new (subject_uid); ++ matches = (subject_uid == current_uid); + } + else if (POLKIT_IS_SYSTEM_BUS_NAME (subject)) + { + ret = (PolkitIdentity*)polkit_system_bus_name_get_user_sync (POLKIT_SYSTEM_BUS_NAME (subject), NULL, error); ++ matches = TRUE; + } + else if (POLKIT_IS_UNIX_SESSION (subject)) + { ++ gint uid; ++ gchar *group; ++ + if (!ensure_database (monitor, error)) + { + g_prefix_error (error, "Error getting user for session: Error ensuring CK database at " CKDB_PATH ": "); +@@ -328,9 +353,14 @@ polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor + g_free (group); + + ret = polkit_unix_user_new (uid); ++ matches = TRUE; + } + + out: ++ if (result_matches != NULL) ++ { ++ *result_matches = matches; ++ } + return ret; + } + +diff --git a/src/polkitbackend/polkitbackendsessionmonitor.h b/src/polkitbackend/polkitbackendsessionmonitor.h +index 8f8a2ca..3972326 100644 +--- a/src/polkitbackend/polkitbackendsessionmonitor.h ++++ b/src/polkitbackend/polkitbackendsessionmonitor.h +@@ -47,6 +47,7 @@ GList *polkit_backend_session_monitor_get_sessions (Polkit + + PolkitIdentity *polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor *monitor, + PolkitSubject *subject, ++ gboolean *result_matches, + GError **error); + + PolkitSubject *polkit_backend_session_monitor_get_session_for_subject (PolkitBackendSessionMonitor *monitor, diff --git a/patches/0.116/Allow-negative-uids-gids-in-PolkitUnixUser-and-Group-obje.patch b/patches/0.116/Allow-negative-uids-gids-in-PolkitUnixUser-and-Group-obje.patch new file mode 100644 index 00000000..e95e0c33 --- /dev/null +++ b/patches/0.116/Allow-negative-uids-gids-in-PolkitUnixUser-and-Group-obje.patch @@ -0,0 +1,186 @@ +From: =?utf-8?q?Zbigniew_J=C4=99drzejewski-Szmek?= +Date: Mon, 3 Dec 2018 10:28:58 +0100 +Subject: Allow negative uids/gids in PolkitUnixUser and Group objects + +(uid_t) -1 is still used as placeholder to mean "unset". This is OK, since +there should be no users with such number, see +https://systemd.io/UIDS-GIDS#special-linux-uids. + +(uid_t) -1 is used as the default value in class initialization. + +When a user or group above INT32_MAX is created, the numeric uid or +gid wraps around to negative when the value is assigned to gint, and +polkit gets confused. Let's accept such gids, except for -1. + +A nicer fix would be to change the underlying type to e.g. uint32 to +not have negative values. But this cannot be done without breaking the +API, so likely new functions will have to be added (a +polkit_unix_user_new variant that takes a unsigned, and the same for +_group_new, _set_uid, _get_uid, _set_gid, _get_gid, etc.). This will +require a bigger patch. + +Fixes https://gitlab.freedesktop.org/polkit/polkit/issues/74. + +(cherry picked from commit 2cb40c4d5feeaa09325522bd7d97910f1b59e379) +--- + src/polkit/polkitunixgroup.c | 15 +++++++++++---- + src/polkit/polkitunixprocess.c | 12 ++++++++---- + src/polkit/polkitunixuser.c | 13 ++++++++++--- + 3 files changed, 29 insertions(+), 11 deletions(-) + +diff --git a/src/polkit/polkitunixgroup.c b/src/polkit/polkitunixgroup.c +index c57a1aa..309f689 100644 +--- a/src/polkit/polkitunixgroup.c ++++ b/src/polkit/polkitunixgroup.c +@@ -71,6 +71,7 @@ G_DEFINE_TYPE_WITH_CODE (PolkitUnixGroup, polkit_unix_group, G_TYPE_OBJECT, + static void + polkit_unix_group_init (PolkitUnixGroup *unix_group) + { ++ unix_group->gid = -1; /* (git_t) -1 is not a valid GID under Linux */ + } + + static void +@@ -100,11 +101,14 @@ polkit_unix_group_set_property (GObject *object, + GParamSpec *pspec) + { + PolkitUnixGroup *unix_group = POLKIT_UNIX_GROUP (object); ++ gint val; + + switch (prop_id) + { + case PROP_GID: +- unix_group->gid = g_value_get_int (value); ++ val = g_value_get_int (value); ++ g_return_if_fail (val != -1); ++ unix_group->gid = val; + break; + + default: +@@ -131,9 +135,9 @@ polkit_unix_group_class_init (PolkitUnixGroupClass *klass) + g_param_spec_int ("gid", + "Group ID", + "The UNIX group ID", +- 0, ++ G_MININT, + G_MAXINT, +- 0, ++ -1, + G_PARAM_CONSTRUCT | + G_PARAM_READWRITE | + G_PARAM_STATIC_NAME | +@@ -166,9 +170,10 @@ polkit_unix_group_get_gid (PolkitUnixGroup *group) + */ + void + polkit_unix_group_set_gid (PolkitUnixGroup *group, +- gint gid) ++ gint gid) + { + g_return_if_fail (POLKIT_IS_UNIX_GROUP (group)); ++ g_return_if_fail (gid != -1); + group->gid = gid; + } + +@@ -183,6 +188,8 @@ polkit_unix_group_set_gid (PolkitUnixGroup *group, + PolkitIdentity * + polkit_unix_group_new (gint gid) + { ++ g_return_val_if_fail (gid != -1, NULL); ++ + return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_GROUP, + "gid", gid, + NULL)); +diff --git a/src/polkit/polkitunixprocess.c b/src/polkit/polkitunixprocess.c +index 464f034..02a083f 100644 +--- a/src/polkit/polkitunixprocess.c ++++ b/src/polkit/polkitunixprocess.c +@@ -147,9 +147,14 @@ polkit_unix_process_set_property (GObject *object, + polkit_unix_process_set_pid (unix_process, g_value_get_int (value)); + break; + +- case PROP_UID: +- polkit_unix_process_set_uid (unix_process, g_value_get_int (value)); ++ case PROP_UID: { ++ gint val; ++ ++ val = g_value_get_int (value); ++ g_return_if_fail (val != -1); ++ polkit_unix_process_set_uid (unix_process, val); + break; ++ } + + case PROP_START_TIME: + polkit_unix_process_set_start_time (unix_process, g_value_get_uint64 (value)); +@@ -227,7 +232,7 @@ polkit_unix_process_class_init (PolkitUnixProcessClass *klass) + g_param_spec_int ("uid", + "User ID", + "The UNIX user ID", +- -1, ++ G_MININT, + G_MAXINT, + -1, + G_PARAM_CONSTRUCT | +@@ -291,7 +296,6 @@ polkit_unix_process_set_uid (PolkitUnixProcess *process, + gint uid) + { + g_return_if_fail (POLKIT_IS_UNIX_PROCESS (process)); +- g_return_if_fail (uid >= -1); + process->uid = uid; + } + +diff --git a/src/polkit/polkitunixuser.c b/src/polkit/polkitunixuser.c +index 8bfd3a1..234a697 100644 +--- a/src/polkit/polkitunixuser.c ++++ b/src/polkit/polkitunixuser.c +@@ -72,6 +72,7 @@ G_DEFINE_TYPE_WITH_CODE (PolkitUnixUser, polkit_unix_user, G_TYPE_OBJECT, + static void + polkit_unix_user_init (PolkitUnixUser *unix_user) + { ++ unix_user->uid = -1; /* (uid_t) -1 is not a valid UID under Linux */ + unix_user->name = NULL; + } + +@@ -112,11 +113,14 @@ polkit_unix_user_set_property (GObject *object, + GParamSpec *pspec) + { + PolkitUnixUser *unix_user = POLKIT_UNIX_USER (object); ++ gint val; + + switch (prop_id) + { + case PROP_UID: +- unix_user->uid = g_value_get_int (value); ++ val = g_value_get_int (value); ++ g_return_if_fail (val != -1); ++ unix_user->uid = val; + break; + + default: +@@ -144,9 +148,9 @@ polkit_unix_user_class_init (PolkitUnixUserClass *klass) + g_param_spec_int ("uid", + "User ID", + "The UNIX user ID", +- 0, ++ G_MININT, + G_MAXINT, +- 0, ++ -1, + G_PARAM_CONSTRUCT | + G_PARAM_READWRITE | + G_PARAM_STATIC_NAME | +@@ -182,6 +186,7 @@ polkit_unix_user_set_uid (PolkitUnixUser *user, + gint uid) + { + g_return_if_fail (POLKIT_IS_UNIX_USER (user)); ++ g_return_if_fail (uid != -1); + user->uid = uid; + } + +@@ -196,6 +201,8 @@ polkit_unix_user_set_uid (PolkitUnixUser *user, + PolkitIdentity * + polkit_unix_user_new (gint uid) + { ++ g_return_val_if_fail (uid != -1, NULL); ++ + return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_USER, + "uid", uid, + NULL)); diff --git a/patches/0.116/Allow-uid-of-1-for-a-PolkitUnixProcess.patch b/patches/0.116/Allow-uid-of-1-for-a-PolkitUnixProcess.patch new file mode 100644 index 00000000..a0a28ec6 --- /dev/null +++ b/patches/0.116/Allow-uid-of-1-for-a-PolkitUnixProcess.patch @@ -0,0 +1,43 @@ +From: Matthew Leeds +Date: Tue, 11 Dec 2018 12:04:26 -0800 +Subject: Allow uid of -1 for a PolkitUnixProcess + +Commit 2cb40c4d5 changed PolkitUnixUser, PolkitUnixGroup, and +PolkitUnixProcess to allow negative values for their uid/gid properties, +since these are values above INT_MAX which wrap around but are still +valid, with the exception of -1 which is not valid. However, +PolkitUnixProcess allows a uid of -1 to be passed to +polkit_unix_process_new_for_owner() which means polkit is expected to +figure out the uid on its own (this happens in the _constructed +function). So this commit removes the check in +polkit_unix_process_set_property() so that new_for_owner() can be used +as documented without producing a critical error message. + +This does not affect the protection against CVE-2018-19788 which is +based on creating a user with a UID up to but not including 4294967295 +(-1). +--- + src/polkit/polkitunixprocess.c | 9 ++------- + 1 file changed, 2 insertions(+), 7 deletions(-) + +diff --git a/src/polkit/polkitunixprocess.c b/src/polkit/polkitunixprocess.c +index fc5afa1..53537fa 100644 +--- a/src/polkit/polkitunixprocess.c ++++ b/src/polkit/polkitunixprocess.c +@@ -216,14 +216,9 @@ polkit_unix_process_set_property (GObject *object, + polkit_unix_process_set_pid (unix_process, g_value_get_int (value)); + break; + +- case PROP_UID: { +- gint val; +- +- val = g_value_get_int (value); +- g_return_if_fail (val != -1); +- polkit_unix_process_set_uid (unix_process, val); ++ case PROP_UID: ++ polkit_unix_process_set_uid (unix_process, g_value_get_int (value)); + break; +- } + + case PROP_START_TIME: + polkit_unix_process_set_start_time (unix_process, g_value_get_uint64 (value)); diff --git a/patches/0.116/Elaborate-message-printed-by-polkit-when-disconnecting-fr.patch b/patches/0.116/Elaborate-message-printed-by-polkit-when-disconnecting-fr.patch new file mode 100644 index 00000000..751133f6 --- /dev/null +++ b/patches/0.116/Elaborate-message-printed-by-polkit-when-disconnecting-fr.patch @@ -0,0 +1,51 @@ +From: Jan Rybar +Date: Wed, 15 Aug 2018 18:50:56 +0200 +Subject: Elaborate message printed by polkit when disconnecting from ssh + +Polkit raises unnecessarily elaborate warning message when user restarts machine from ssh. +This message was moved to debug mode. + +Origin: upstream, 0.116, commit:b1cc525ff5a50e20c9f921f898f0556e07675e58 +--- + src/polkitagent/polkitagentlistener.c | 12 ++++++------ + 1 file changed, 6 insertions(+), 6 deletions(-) + +diff --git a/src/polkitagent/polkitagentlistener.c b/src/polkitagent/polkitagentlistener.c +index 0003851..e0b7b57 100644 +--- a/src/polkitagent/polkitagentlistener.c ++++ b/src/polkitagent/polkitagentlistener.c +@@ -177,10 +177,10 @@ on_notify_authority_owner (GObject *object, + owner = polkit_authority_get_owner (server->authority); + if (owner == NULL) + { +- g_printerr ("PolicyKit daemon disconnected from the bus.\n"); ++ g_debug ("PolicyKit daemon disconnected from the bus.\n"); + + if (server->is_registered) +- g_printerr ("We are no longer a registered authentication agent.\n"); ++ g_debug ("We are no longer a registered authentication agent.\n"); + + server->is_registered = FALSE; + } +@@ -191,17 +191,17 @@ on_notify_authority_owner (GObject *object, + { + GError *error; + +- g_printerr ("PolicyKit daemon reconnected to bus.\n"); +- g_printerr ("Attempting to re-register as an authentication agent.\n"); ++ g_debug ("PolicyKit daemon reconnected to bus.\n"); ++ g_debug ("Attempting to re-register as an authentication agent.\n"); + + error = NULL; + if (server_register (server, &error)) + { +- g_printerr ("We are now a registered authentication agent.\n"); ++ g_debug ("We are now a registered authentication agent.\n"); + } + else + { +- g_printerr ("Failed to register as an authentication agent: %s\n", error->message); ++ g_debug ("Failed to register as an authentication agent: %s\n", error->message); + g_error_free (error); + } + } diff --git a/patches/0.116/Error-message-raised-on-every-systemctl-start-in-emergenc.patch b/patches/0.116/Error-message-raised-on-every-systemctl-start-in-emergenc.patch new file mode 100644 index 00000000..6956290f --- /dev/null +++ b/patches/0.116/Error-message-raised-on-every-systemctl-start-in-emergenc.patch @@ -0,0 +1,27 @@ +From: Jan Rybar +Date: Wed, 15 Aug 2018 18:56:43 +0200 +Subject: Error message raised on every 'systemctl start' in emergency.target + +Superuser should know that polkit is not running in emergency.target. +If not, basic info with debug sources is offered instead of error message. +Other usecases taken into account. + +Origin: upstream, 0.116, commit:8c1bc8ab182f33a55503d30aa7a4ee96f822d903 +--- + src/programs/pkttyagent.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/programs/pkttyagent.c b/src/programs/pkttyagent.c +index 488ca8b..fe74765 100644 +--- a/src/programs/pkttyagent.c ++++ b/src/programs/pkttyagent.c +@@ -180,7 +180,8 @@ main (int argc, char *argv[]) + authority = polkit_authority_get_sync (NULL /* GCancellable* */, &error); + if (authority == NULL) + { +- g_printerr ("Error getting authority: %s (%s, %d)\n", ++ g_printerr ("Authorization not available. Check if polkit service is running or see debug message for more information.\n"); ++ g_debug ("Error getting authority: %s (%s, %d)\n", + error->message, g_quark_to_string (error->domain), error->code); + g_error_free (error); + ret = 127; diff --git a/patches/0.116/Fix-a-critical-warning-on-calling-polkit_permission_new_s.patch b/patches/0.116/Fix-a-critical-warning-on-calling-polkit_permission_new_s.patch new file mode 100644 index 00000000..bea03291 --- /dev/null +++ b/patches/0.116/Fix-a-critical-warning-on-calling-polkit_permission_new_s.patch @@ -0,0 +1,32 @@ +From: Richard Hughes +Date: Thu, 19 Oct 2017 13:43:22 +0100 +Subject: Fix a critical warning on calling polkit_permission_new_sync with no + system bus + +Origin: upstream, 0.116, commit:984d16e6d21c6d6b0fc28d4fe7fe82575a43c95b +--- + src/polkit/polkitpermission.c | 11 +++++++---- + 1 file changed, 7 insertions(+), 4 deletions(-) + +diff --git a/src/polkit/polkitpermission.c b/src/polkit/polkitpermission.c +index f264094..d4b2459 100644 +--- a/src/polkit/polkitpermission.c ++++ b/src/polkit/polkitpermission.c +@@ -137,10 +137,13 @@ polkit_permission_finalize (GObject *object) + g_free (permission->tmp_authz_id); + g_object_unref (permission->subject); + +- g_signal_handlers_disconnect_by_func (permission->authority, +- on_authority_changed, +- permission); +- g_object_unref (permission->authority); ++ if (permission->authority != NULL) ++ { ++ g_signal_handlers_disconnect_by_func (permission->authority, ++ on_authority_changed, ++ permission); ++ g_object_unref (permission->authority); ++ } + + if (G_OBJECT_CLASS (polkit_permission_parent_class)->finalize != NULL) + G_OBJECT_CLASS (polkit_permission_parent_class)->finalize (object); diff --git a/patches/0.116/Possible-resource-leak-found-by-static-analyzer.patch b/patches/0.116/Possible-resource-leak-found-by-static-analyzer.patch new file mode 100644 index 00000000..955e0f31 --- /dev/null +++ b/patches/0.116/Possible-resource-leak-found-by-static-analyzer.patch @@ -0,0 +1,21 @@ +From: Jan Rybar +Date: Thu, 9 Aug 2018 16:46:38 +0200 +Subject: Possible resource leak found by static analyzer + +Origin: upstream, 0.116, commit:542c6ec832919df6a74e16aba574adaeebe35e08 +--- + src/polkitagent/polkitagentlistener.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/polkitagent/polkitagentlistener.c b/src/polkitagent/polkitagentlistener.c +index 2bfda2d..0003851 100644 +--- a/src/polkitagent/polkitagentlistener.c ++++ b/src/polkitagent/polkitagentlistener.c +@@ -440,6 +440,7 @@ polkit_agent_listener_register_with_options (PolkitAgentListener *listener, + server->thread_initialization_error = NULL; + g_thread_join (server->thread); + server_free (server); ++ server = NULL; + goto out; + } + } diff --git a/patches/0.116/backend-Compare-PolkitUnixProcess-uids-for-temporary-auth.patch b/patches/0.116/backend-Compare-PolkitUnixProcess-uids-for-temporary-auth.patch new file mode 100644 index 00000000..81ae14ca --- /dev/null +++ b/patches/0.116/backend-Compare-PolkitUnixProcess-uids-for-temporary-auth.patch @@ -0,0 +1,181 @@ +From: Colin Walters +Date: Fri, 4 Jan 2019 14:24:48 -0500 +Subject: backend: Compare PolkitUnixProcess uids for temporary authorizations + +It turns out that the combination of `(pid, start time)` is not +enough to be unique. For temporary authorizations, we can avoid +separate users racing on pid reuse by simply comparing the uid. + +https://bugs.chromium.org/p/project-zero/issues/detail?id=1692 + +And the above original email report is included in full in a new comment. + +Reported-by: Jann Horn + +Bug: https://gitlab.freedesktop.org/polkit/polkit/issues/75 +Origin: upstream, 0.116, commit:6cc6aafee135ba44ea748250d7d29b562ca190e3 +--- + src/polkit/polkitsubject.c | 2 + + src/polkit/polkitunixprocess.c | 71 +++++++++++++++++++++- + .../polkitbackendinteractiveauthority.c | 39 +++++++++++- + 3 files changed, 110 insertions(+), 2 deletions(-) + +diff --git a/src/polkit/polkitsubject.c b/src/polkit/polkitsubject.c +index 78ec745..fadcfe9 100644 +--- a/src/polkit/polkitsubject.c ++++ b/src/polkit/polkitsubject.c +@@ -99,6 +99,8 @@ polkit_subject_hash (PolkitSubject *subject) + * @b: A #PolkitSubject. + * + * Checks if @a and @b are equal, ie. represent the same subject. ++ * However, avoid calling polkit_subject_equal() to compare two processes; ++ * for more information see the `PolkitUnixProcess` documentation. + * + * This function can be used in e.g. g_hash_table_new(). + * +diff --git a/src/polkit/polkitunixprocess.c b/src/polkit/polkitunixprocess.c +index 02a083f..fc5afa1 100644 +--- a/src/polkit/polkitunixprocess.c ++++ b/src/polkit/polkitunixprocess.c +@@ -44,7 +44,10 @@ + * @title: PolkitUnixProcess + * @short_description: Unix processs + * +- * An object for representing a UNIX process. ++ * An object for representing a UNIX process. NOTE: This object as ++ * designed is now known broken; a mechanism to exploit a delay in ++ * start time in the Linux kernel was identified. Avoid ++ * calling polkit_subject_equal() to compare two processes. + * + * To uniquely identify processes, both the process id and the start + * time of the process (a monotonic increasing value representing the +@@ -59,6 +62,72 @@ + * polkit_unix_process_new_for_owner() with trusted data. + */ + ++/* See https://gitlab.freedesktop.org/polkit/polkit/issues/75 ++ ++ But quoting the original email in full here to ensure it's preserved: ++ ++ From: Jann Horn ++ Subject: [SECURITY] polkit: temporary auth hijacking via PID reuse and non-atomic fork ++ Date: Wednesday, October 10, 2018 5:34 PM ++ ++When a (non-root) user attempts to e.g. control systemd units in the system ++instance from an active session over DBus, the access is gated by a polkit ++policy that requires "auth_admin_keep" auth. This results in an auth prompt ++being shown to the user, asking the user to confirm the action by entering the ++password of an administrator account. ++ ++After the action has been confirmed, the auth decision for "auth_admin_keep" is ++cached for up to five minutes. Subject to some restrictions, similar actions can ++then be performed in this timespan without requiring re-auth: ++ ++ - The PID of the DBus client requesting the new action must match the PID of ++ the DBus client requesting the old action (based on SO_PEERCRED information ++ forwarded by the DBus daemon). ++ - The "start time" of the client's PID (as seen in /proc/$pid/stat, field 22) ++ must not have changed. The granularity of this timestamp is in the ++ millisecond range. ++ - polkit polls every two seconds whether a process with the expected start time ++ still exists. If not, the temporary auth entry is purged. ++ ++Without the start time check, this would obviously be buggy because an attacker ++could simply wait for the legitimate client to disappear, then create a new ++client with the same PID. ++ ++Unfortunately, the start time check is bypassable because fork() is not atomic. ++Looking at the source code of copy_process() in the kernel: ++ ++ p->start_time = ktime_get_ns(); ++ p->real_start_time = ktime_get_boot_ns(); ++ [...] ++ retval = copy_thread_tls(clone_flags, stack_start, stack_size, p, tls); ++ if (retval) ++ goto bad_fork_cleanup_io; ++ ++ if (pid != &init_struct_pid) { ++ pid = alloc_pid(p->nsproxy->pid_ns_for_children); ++ if (IS_ERR(pid)) { ++ retval = PTR_ERR(pid); ++ goto bad_fork_cleanup_thread; ++ } ++ } ++ ++The ktime_get_boot_ns() call is where the "start time" of the process is ++recorded. The alloc_pid() call is where a free PID is allocated. In between ++these, some time passes; and because the copy_thread_tls() call between them can ++access userspace memory when sys_clone() is invoked through the 32-bit syscall ++entry point, an attacker can even stall the kernel arbitrarily long at this ++point (by supplying a pointer into userspace memory that is associated with a ++userfaultfd or is backed by a custom FUSE filesystem). ++ ++This means that an attacker can immediately call sys_clone() when the victim ++process is created, often resulting in a process that has the exact same start ++time reported in procfs; and then the attacker can delay the alloc_pid() call ++until after the victim process has died and the PID assignment has cycled ++around. This results in an attacker process that polkit can't distinguish from ++the victim process. ++*/ ++ ++ + /** + * PolkitUnixProcess: + * +diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c +index 97a8d80..1e17dfd 100644 +--- a/src/polkitbackend/polkitbackendinteractiveauthority.c ++++ b/src/polkitbackend/polkitbackendinteractiveauthority.c +@@ -2870,6 +2870,43 @@ temporary_authorization_store_free (TemporaryAuthorizationStore *store) + g_free (store); + } + ++/* See the comment at the top of polkitunixprocess.c */ ++static gboolean ++subject_equal_for_authz (PolkitSubject *a, ++ PolkitSubject *b) ++{ ++ if (!polkit_subject_equal (a, b)) ++ return FALSE; ++ ++ /* Now special case unix processes, as we want to protect against ++ * pid reuse by including the UID. ++ */ ++ if (POLKIT_IS_UNIX_PROCESS (a) && POLKIT_IS_UNIX_PROCESS (b)) { ++ PolkitUnixProcess *ap = (PolkitUnixProcess*)a; ++ int uid_a = polkit_unix_process_get_uid ((PolkitUnixProcess*)a); ++ PolkitUnixProcess *bp = (PolkitUnixProcess*)b; ++ int uid_b = polkit_unix_process_get_uid ((PolkitUnixProcess*)b); ++ ++ if (uid_a != -1 && uid_b != -1) ++ { ++ if (uid_a == uid_b) ++ { ++ return TRUE; ++ } ++ else ++ { ++ g_printerr ("denying slowfork; pid %d uid %d != %d!\n", ++ polkit_unix_process_get_pid (ap), ++ uid_a, uid_b); ++ return FALSE; ++ } ++ } ++ /* Fall through; one of the uids is unset so we can't reliably compare */ ++ } ++ ++ return TRUE; ++} ++ + static gboolean + temporary_authorization_store_has_authorization (TemporaryAuthorizationStore *store, + PolkitSubject *subject, +@@ -2912,7 +2949,7 @@ temporary_authorization_store_has_authorization (TemporaryAuthorizationStore *st + TemporaryAuthorization *authorization = l->data; + + if (strcmp (action_id, authorization->action_id) == 0 && +- polkit_subject_equal (subject_to_use, authorization->subject)) ++ subject_equal_for_authz (subject_to_use, authorization->subject)) + { + ret = TRUE; + if (out_tmp_authz_id != NULL) diff --git a/patches/0.116/pkttyagent-PolkitAgentTextListener-leaves-echo-tty-disabl.patch b/patches/0.116/pkttyagent-PolkitAgentTextListener-leaves-echo-tty-disabl.patch new file mode 100644 index 00000000..17cf070f --- /dev/null +++ b/patches/0.116/pkttyagent-PolkitAgentTextListener-leaves-echo-tty-disabl.patch @@ -0,0 +1,101 @@ +From: Jan Rybar +Date: Fri, 15 Mar 2019 16:07:53 +0000 +Subject: pkttyagent: PolkitAgentTextListener leaves echo tty disabled if + SIGINT/SIGTERM + +If no password is typed into terminal during authentication raised by PolkitAgentTextListener, pkttyagent sends kill (it receives from systemctl/hostnamectl e.g.) without chance to restore echoing back on. This cannot be done in on_request() since it's run in a thread without guarantee the signal is distributed there. + +Origin: upstream, 0.116, commit:bfb722bbe5a503095cc7e860f282b142f5aa75f1 +--- + src/programs/pkttyagent.c | 57 +++++++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 57 insertions(+) + +diff --git a/src/programs/pkttyagent.c b/src/programs/pkttyagent.c +index fe74765..eaccc05 100644 +--- a/src/programs/pkttyagent.c ++++ b/src/programs/pkttyagent.c +@@ -24,6 +24,10 @@ + #endif + + #include ++#include ++#include ++#include ++#include + #include + #define POLKIT_AGENT_I_KNOW_API_IS_SUBJECT_TO_CHANGE + #include +@@ -47,6 +51,36 @@ usage (int argc, char *argv[]) + } + + ++static volatile sig_atomic_t tty_flags_saved; ++struct termios ts; ++FILE *tty = NULL; ++struct sigaction savesigterm, savesigint, savesigtstp; ++ ++ ++static void tty_handler(int signal) ++{ ++ switch (signal) ++ { ++ case SIGTERM: ++ sigaction (SIGTERM, &savesigterm, NULL); ++ break; ++ case SIGINT: ++ sigaction (SIGINT, &savesigint, NULL); ++ break; ++ case SIGTSTP: ++ sigaction (SIGTSTP, &savesigtstp, NULL); ++ break; ++ } ++ ++ if (tty_flags_saved) ++ { ++ tcsetattr (fileno (tty), TCSAFLUSH, &ts); ++ } ++ ++ kill(getpid(), signal); ++} ++ ++ + int + main (int argc, char *argv[]) + { +@@ -64,6 +98,8 @@ main (int argc, char *argv[]) + guint ret = 126; + gint notify_fd = -1; + GVariantBuilder builder; ++ struct sigaction sa; ++ const char *tty_name = NULL; + + g_type_init (); + +@@ -232,6 +268,27 @@ main (int argc, char *argv[]) + } + } + ++/* Bash leaves tty echo disabled if SIGINT/SIGTERM comes to polkitagenttextlistener.c::on_request(), ++ but due to threading the handlers cannot take care of the signal there. ++ Though if controlling terminal cannot be found, the world won't stop spinning. ++*/ ++ tty_name = ctermid(NULL); ++ if (tty_name != NULL) ++ { ++ tty = fopen(tty_name, "r+"); ++ } ++ ++ if (tty != NULL && !tcgetattr (fileno (tty), &ts)) ++ { ++ tty_flags_saved = TRUE; ++ } ++ ++ memset (&sa, 0, sizeof (sa)); ++ sa.sa_handler = &tty_handler; ++ sigaction (SIGTERM, &sa, &savesigterm); ++ sigaction (SIGINT, &sa, &savesigint); ++ sigaction (SIGTSTP, &sa, &savesigtstp); ++ + loop = g_main_loop_new (NULL, FALSE); + g_main_loop_run (loop); + diff --git a/patches/0.116/tests-add-tests-for-high-uids.patch b/patches/0.116/tests-add-tests-for-high-uids.patch new file mode 100644 index 00000000..1549612a --- /dev/null +++ b/patches/0.116/tests-add-tests-for-high-uids.patch @@ -0,0 +1,106 @@ +From: =?utf-8?q?Zbigniew_J=C4=99drzejewski-Szmek?= +Date: Mon, 3 Dec 2018 11:20:34 +0100 +Subject: tests: add tests for high uids + +Modified by Marc Deslauriers for polkit 105 + +(cherry picked from commit b534a10727455409acd54018a9c91000e7626126) +--- + test/data/etc/group | 1 + + test/data/etc/passwd | 2 ++ + .../localauthority/10-test/com.example.pkla | 13 +++++++ + .../polkitbackendlocalauthoritytest.c | 41 +++++++++++++++++++++- + 4 files changed, 56 insertions(+), 1 deletion(-) + +diff --git a/test/data/etc/group b/test/data/etc/group +index 12ef328..b9acab9 100644 +--- a/test/data/etc/group ++++ b/test/data/etc/group +@@ -5,3 +5,4 @@ john:x:500: + jane:x:501: + sally:x:502: + henry:x:503: ++highuid2:x:4000000000: +diff --git a/test/data/etc/passwd b/test/data/etc/passwd +index 8544feb..5cf14a5 100644 +--- a/test/data/etc/passwd ++++ b/test/data/etc/passwd +@@ -3,3 +3,5 @@ john:x:500:500:John Done:/home/john:/bin/bash + jane:x:501:501:Jane Smith:/home/jane:/bin/bash + sally:x:502:502:Sally Derp:/home/sally:/bin/bash + henry:x:503:503:Henry Herp:/home/henry:/bin/bash ++highuid1:x:2147483648:2147483648:The first high uid:/home/highuid1:/sbin/nologin ++highuid2:x:4000000000:4000000000:An example high uid:/home/example:/sbin/nologin +diff --git a/test/data/etc/polkit-1/localauthority/10-test/com.example.pkla b/test/data/etc/polkit-1/localauthority/10-test/com.example.pkla +index bc64c5e..a35f9a3 100644 +--- a/test/data/etc/polkit-1/localauthority/10-test/com.example.pkla ++++ b/test/data/etc/polkit-1/localauthority/10-test/com.example.pkla +@@ -12,3 +12,16 @@ ResultAny=no + ResultInactive=auth_self + ResultActive=yes + ++[User john can do this] ++Identity=unix-user:john ++Action=net.company.john_action ++ResultAny=no ++ResultInactive=auth_self ++ResultActive=yes ++ ++[User highuid2 can do this] ++Identity=unix-user:highuid2 ++Action=net.company.highuid2_action ++ResultAny=no ++ResultInactive=auth_self ++ResultActive=yes +diff --git a/test/polkitbackend/polkitbackendlocalauthoritytest.c b/test/polkitbackend/polkitbackendlocalauthoritytest.c +index 617c254..b0bfefe 100644 +--- a/test/polkitbackend/polkitbackendlocalauthoritytest.c ++++ b/test/polkitbackend/polkitbackendlocalauthoritytest.c +@@ -226,7 +226,46 @@ struct auth_context check_authorization_test_data [] = { + {"unix-user:jane", TRUE, TRUE, "com.example.awesomeproduct.bar", + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, + POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED}, +- ++ /* highuid1 is not a member of group 'users', see test/data/etc/group ++ * group_membership_with_non_member(highuid22) */ ++ {"unix-user:highuid2", TRUE, TRUE, "com.example.awesomeproduct.foo", ++ POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, ++ POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN}, ++ /* highuid2 is not a member of group 'users', see test/data/etc/group ++ * group_membership_with_non_member(highuid21) */ ++ {"unix-user:highuid2", TRUE, TRUE, "com.example.awesomeproduct.foo", ++ POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, ++ POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN}, ++ /* highuid1 is not a member of group 'users', see test/data/etc/group ++ * group_membership_with_non_member(highuid24) */ ++ {"unix-user:2147483648", TRUE, TRUE, "com.example.awesomeproduct.foo", ++ POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, ++ POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN}, ++ /* highuid2 is not a member of group 'users', see test/data/etc/group ++ * group_membership_with_non_member(highuid23) */ ++ {"unix-user:4000000000", TRUE, TRUE, "com.example.awesomeproduct.foo", ++ POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, ++ POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN}, ++ /* john is authorized to do this, see com.example.pkla ++ * john_action */ ++ {"unix-user:john", TRUE, TRUE, "net.company.john_action", ++ POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, ++ POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED}, ++ /* only john is authorized to do this, see com.example.pkla ++ * jane_action */ ++ {"unix-user:jane", TRUE, TRUE, "net.company.john_action", ++ POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, ++ POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN}, ++ /* highuid2 is authorized to do this, see com.example.pkla ++ * highuid2_action */ ++ {"unix-user:highuid2", TRUE, TRUE, "net.company.highuid2_action", ++ POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, ++ POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED}, ++ /* only highuid2 is authorized to do this, see com.example.pkla ++ * highuid1_action */ ++ {"unix-user:highuid1", TRUE, TRUE, "net.company.highuid2_action", ++ POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, ++ POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN}, + {NULL}, + }; + diff --git a/patches/01_pam_polkit.patch b/patches/01_pam_polkit.patch new file mode 100644 index 00000000..5fc5533e --- /dev/null +++ b/patches/01_pam_polkit.patch @@ -0,0 +1,26 @@ +From: Michael Biebl +Date: Tue, 2 Oct 2007 22:38:04 +0200 +Subject: Use Debian's common-* PAM infrastructure, plus pam_env + +Forwarded: no, Debian-specific +--- + data/polkit-1.in | 10 ++++++---- + 1 file changed, 6 insertions(+), 4 deletions(-) + +diff --git a/data/polkit-1.in b/data/polkit-1.in +index 142dadd..6f8af2a 100644 +--- a/data/polkit-1.in ++++ b/data/polkit-1.in +@@ -1,6 +1,8 @@ + #%PAM-1.0 + +-auth include @PAM_FILE_INCLUDE_AUTH@ +-account include @PAM_FILE_INCLUDE_ACCOUNT@ +-password include @PAM_FILE_INCLUDE_PASSWORD@ +-session include @PAM_FILE_INCLUDE_SESSION@ ++@include common-auth ++@include common-account ++@include common-password ++session required pam_env.so readenv=1 user_readenv=0 ++session required pam_env.so readenv=1 envfile=/etc/default/locale user_readenv=0 ++@include common-session-noninteractive diff --git a/patches/02_gettext.patch b/patches/02_gettext.patch new file mode 100644 index 00000000..72f1c022 --- /dev/null +++ b/patches/02_gettext.patch @@ -0,0 +1,193 @@ +From: Robert Ancell +Date: Wed, 18 Aug 2010 16:26:15 +1000 +Subject: Use gettext for translations in .policy files + +Bug: http://bugs.freedesktop.org/show_bug.cgi?id=29639 +Bug-Ubuntu: https://launchpad.net/bugs/619632 +--- + src/polkitbackend/polkitbackendactionpool.c | 49 +++++++++++++++++++++++++++++ + 1 file changed, 49 insertions(+) + +diff --git a/src/polkitbackend/polkitbackendactionpool.c b/src/polkitbackend/polkitbackendactionpool.c +index b16ed2f..3b0e400 100644 +--- a/src/polkitbackend/polkitbackendactionpool.c ++++ b/src/polkitbackend/polkitbackendactionpool.c +@@ -24,6 +24,8 @@ + #include + #include + #include ++#include ++#include + + #include + #include +@@ -44,7 +46,9 @@ typedef struct + gchar *vendor_url; + gchar *icon_name; + gchar *description; ++ gchar *description_domain; + gchar *message; ++ gchar *message_domain; + + PolkitImplicitAuthorization implicit_authorization_any; + PolkitImplicitAuthorization implicit_authorization_inactive; +@@ -65,7 +69,9 @@ parsed_action_free (ParsedAction *action) + g_free (action->vendor_url); + g_free (action->icon_name); + g_free (action->description); ++ g_free (action->description_domain); + g_free (action->message); ++ g_free (action->message_domain); + + g_hash_table_unref (action->localized_description); + g_hash_table_unref (action->localized_message); +@@ -85,6 +91,7 @@ static void ensure_all_files (PolkitBackendActionPool *pool); + + static const gchar *_localize (GHashTable *translations, + const gchar *untranslated, ++ const gchar *domain, + const gchar *lang); + + typedef struct +@@ -385,9 +392,11 @@ polkit_backend_action_pool_get_action (PolkitBackendActionPool *pool, + + description = _localize (parsed_action->localized_description, + parsed_action->description, ++ parsed_action->description_domain, + locale); + message = _localize (parsed_action->localized_message, + parsed_action->message, ++ parsed_action->message_domain, + locale); + + ret = polkit_action_description_new (action_id, +@@ -603,11 +612,16 @@ typedef struct { + GHashTable *policy_messages; + + char *policy_description_nolang; ++ char *policy_description_domain; + char *policy_message_nolang; ++ char *policy_message_domain; + + /* the value of xml:lang for the thing we're reading in _cdata() */ + char *elem_lang; + ++ /* the value of gettext-domain for the thing we're reading in _cdata() */ ++ char *elem_domain; ++ + char *annotate_key; + GHashTable *annotations; + +@@ -629,8 +643,12 @@ pd_unref_action_data (ParserData *pd) + + g_free (pd->policy_description_nolang); + pd->policy_description_nolang = NULL; ++ g_free (pd->policy_description_domain); ++ pd->policy_description_domain = NULL; + g_free (pd->policy_message_nolang); + pd->policy_message_nolang = NULL; ++ g_free (pd->policy_message_domain); ++ pd->policy_message_domain = NULL; + if (pd->policy_descriptions != NULL) + { + g_hash_table_unref (pd->policy_descriptions); +@@ -650,6 +668,8 @@ pd_unref_action_data (ParserData *pd) + } + g_free (pd->elem_lang); + pd->elem_lang = NULL; ++ g_free (pd->elem_domain); ++ pd->elem_domain = NULL; + } + + static void +@@ -737,6 +757,10 @@ _start (void *data, const char *el, const char **attr) + { + pd->elem_lang = g_strdup (attr[1]); + } ++ if (num_attr == 2 && strcmp (attr[0], "gettext-domain") == 0) ++ { ++ pd->elem_domain = g_strdup (attr[1]); ++ } + state = STATE_IN_ACTION_DESCRIPTION; + } + else if (strcmp (el, "message") == 0) +@@ -745,6 +769,10 @@ _start (void *data, const char *el, const char **attr) + { + pd->elem_lang = g_strdup (attr[1]); + } ++ if (num_attr == 2 && strcmp (attr[0], "gettext-domain") == 0) ++ { ++ pd->elem_domain = g_strdup (attr[1]); ++ } + state = STATE_IN_ACTION_MESSAGE; + } + else if (strcmp (el, "vendor") == 0 && num_attr == 0) +@@ -847,6 +875,7 @@ _cdata (void *data, const char *s, int len) + { + g_free (pd->policy_description_nolang); + pd->policy_description_nolang = str; ++ pd->policy_description_domain = g_strdup (pd->elem_domain); + str = NULL; + } + else +@@ -863,6 +892,7 @@ _cdata (void *data, const char *s, int len) + { + g_free (pd->policy_message_nolang); + pd->policy_message_nolang = str; ++ pd->policy_message_domain = g_strdup (pd->elem_domain); + str = NULL; + } + else +@@ -960,6 +990,8 @@ _end (void *data, const char *el) + + g_free (pd->elem_lang); + pd->elem_lang = NULL; ++ g_free (pd->elem_domain); ++ pd->elem_domain = NULL; + + switch (pd->state) + { +@@ -990,7 +1022,9 @@ _end (void *data, const char *el) + action->vendor_url = g_strdup (vendor_url); + action->icon_name = g_strdup (icon_name); + action->description = g_strdup (pd->policy_description_nolang); ++ action->description_domain = g_strdup (pd->policy_description_domain); + action->message = g_strdup (pd->policy_message_nolang); ++ action->message_domain = g_strdup (pd->policy_message_domain); + + action->localized_description = pd->policy_descriptions; + action->localized_message = pd->policy_messages; +@@ -1093,6 +1127,7 @@ error: + * _localize: + * @translations: a mapping from xml:lang to the value, e.g. 'da' -> 'Smadre', 'en_CA' -> 'Punch, Aye!' + * @untranslated: the untranslated value, e.g. 'Punch' ++ * @domain: the gettext domain for this string. Make be NULL. + * @lang: the locale we're interested in, e.g. 'da_DK', 'da', 'en_CA', 'en_US'; basically just $LANG + * with the encoding cut off. Maybe be NULL. + * +@@ -1103,11 +1138,25 @@ error: + static const gchar * + _localize (GHashTable *translations, + const gchar *untranslated, ++ const gchar *domain, + const gchar *lang) + { + const gchar *result; + gchar **langs; + guint n; ++ ++ if (domain != NULL) ++ { ++ gchar *old_locale; ++ ++ old_locale = g_strdup (setlocale (LC_ALL, NULL)); ++ setlocale (LC_ALL, lang); ++ result = dgettext (domain, untranslated); ++ setlocale (LC_ALL, old_locale); ++ g_free (old_locale); ++ ++ goto out; ++ } + + if (lang == NULL) + { diff --git a/patches/05_revert-admin-identities-unix-group-wheel.patch b/patches/05_revert-admin-identities-unix-group-wheel.patch new file mode 100644 index 00000000..bd6e9b94 --- /dev/null +++ b/patches/05_revert-admin-identities-unix-group-wheel.patch @@ -0,0 +1,35 @@ +From: Michael Biebl +Date: Fri, 9 Dec 2011 00:31:21 +0100 +Subject: Revert "Default to AdminIdentities=unix-group:wheel for local + authority" + +This reverts commit 763faf434b445c20ae9529100d3ef5290976d0c9. + +On Red Hat derivatives, every member of group 'wheel' is necessarily +privileged. On Debian derivatives, there is no wheel group, and gid 0 +(root) is not used in this way. Change the default rule to consider +uid 0 to be privileged, instead. + +On Red Hat derivatives, 50-default.rules is not preserved by upgrades; +on dpkg-based systems, it is a proper conffile and may be edited +(at the sysadmin's own risk), so the comment about not editing it is +misleading. + +[smcv: added longer explanation of why we make this change; +remove unrelated cosmetic change to a man page] + +Forwarded: no, Debian-specific +--- + src/polkitbackend/50-localauthority.conf | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/polkitbackend/50-localauthority.conf b/src/polkitbackend/50-localauthority.conf +index 5e44bde..20e0ba3 100644 +--- a/src/polkitbackend/50-localauthority.conf ++++ b/src/polkitbackend/50-localauthority.conf +@@ -7,4 +7,4 @@ + # + + [Configuration] +-AdminIdentities=unix-group:wheel ++AdminIdentities=unix-user:0 diff --git a/patches/06_systemd-service.patch b/patches/06_systemd-service.patch new file mode 100644 index 00000000..36363c4a --- /dev/null +++ b/patches/06_systemd-service.patch @@ -0,0 +1,18 @@ +From: Michael Biebl +Date: Sat, 11 Feb 2012 23:48:29 +0100 +Subject: Install systemd service file for polkitd. + +Forwarded: no, obsoleted by an upstream commit in 0.106 +--- + data/org.freedesktop.PolicyKit1.service.in | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/data/org.freedesktop.PolicyKit1.service.in b/data/org.freedesktop.PolicyKit1.service.in +index b6cd02b..fbceb3f 100644 +--- a/data/org.freedesktop.PolicyKit1.service.in ++++ b/data/org.freedesktop.PolicyKit1.service.in +@@ -2,3 +2,4 @@ + Name=org.freedesktop.PolicyKit1 + Exec=@libexecdir@/polkitd --no-debug + User=root ++SystemdService=polkit.service diff --git a/patches/10_build-against-libsystemd.patch b/patches/10_build-against-libsystemd.patch new file mode 100644 index 00000000..6230a631 --- /dev/null +++ b/patches/10_build-against-libsystemd.patch @@ -0,0 +1,32 @@ +From: Michael Biebl +Date: Wed, 8 Jul 2015 02:08:33 +0200 +Subject: Build against libsystemd + +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779756 +Forwarded: no, obsoleted by upstream commit 2291767a014f5a04a92ca6f0eb472794f212ca67 in 0.113 +--- + configure.ac | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/configure.ac b/configure.ac +index 388605d..f55ddb7 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -160,7 +160,7 @@ AC_ARG_ENABLE([systemd], + [enable_systemd=auto]) + if test "$enable_systemd" != "no"; then + PKG_CHECK_MODULES(SYSTEMD, +- [libsystemd-login], ++ [libsystemd], + have_systemd=yes, + have_systemd=no) + if test "$have_systemd" = "yes"; then +@@ -171,7 +171,7 @@ if test "$enable_systemd" != "no"; then + LIBS=$save_LIBS + else + if test "$enable_systemd" = "yes"; then +- AC_MSG_ERROR([systemd support requested but libsystemd-login1 library not found]) ++ AC_MSG_ERROR([systemd support requested but libsystemd library not found]) + fi + fi + fi diff --git a/patches/CVE-2021-3560.patch b/patches/CVE-2021-3560.patch new file mode 100644 index 00000000..597323a6 --- /dev/null +++ b/patches/CVE-2021-3560.patch @@ -0,0 +1,22 @@ +Description: local privilege escalation using polkit_system_bus_name_get_creds_sync() +Origin: upstream +Bug: https://gitlab.freedesktop.org/polkit/polkit/-/issues/140 +Bug-Debian: https://bugs.debian.org/989429 +Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2021-3560 +Forwarded: not-needed +Author: Salvatore Bonaccorso +Last-Update: 2021-06-03 + +--- a/src/polkit/polkitsystembusname.c ++++ b/src/polkit/polkitsystembusname.c +@@ -435,6 +435,9 @@ polkit_system_bus_name_get_creds_sync (PolkitSystemBusName *system_bus + while (!((data.retrieved_uid && data.retrieved_pid) || data.caught_error)) + g_main_context_iteration (tmp_context, TRUE); + ++ if (data.caught_error) ++ goto out; ++ + if (out_uid) + *out_uid = data.uid; + if (out_pid) + diff --git a/patches/Local-Privilege-Escalation-in-polkit-s-pkexec-CVE-20.patch b/patches/Local-Privilege-Escalation-in-polkit-s-pkexec-CVE-20.patch new file mode 100644 index 00000000..f5886d43 --- /dev/null +++ b/patches/Local-Privilege-Escalation-in-polkit-s-pkexec-CVE-20.patch @@ -0,0 +1,68 @@ +From ffb7b93a68c13f80be980411286b7d3de4a18988 Mon Sep 17 00:00:00 2001 +From: Salvatore Bonaccorso +Date: Tue, 11 Jan 2022 23:18:04 +0100 +Subject: [PATCH] Local Privilege Escalation in polkit's pkexec (CVE-2021-4034) + +[Salvatore Bonaccorso: Backport to 0.105: + - Refresh for context changes + - Drop help() printout in pkcheck, for versions before e8e18d180888 + ("Don't spawn man for --help") in 0.111. Instead call usage(). It + spawns a manpage, but pkcheck is not setuid root. +] +--- + src/programs/pkcheck.c | 6 ++++++ + src/programs/pkexec.c | 25 ++++++++++++++++++++++--- + 2 files changed, 28 insertions(+), 3 deletions(-) + +--- a/src/programs/pkcheck.c ++++ b/src/programs/pkcheck.c +@@ -353,6 +353,12 @@ main (int argc, char *argv[]) + local_agent_handle = NULL; + ret = 126; + ++ if (argc < 1) ++ { ++ usage (argc, argv); ++ exit(1); ++ } ++ + g_type_init (); + + details = polkit_details_new (); +--- a/src/programs/pkexec.c ++++ b/src/programs/pkexec.c +@@ -475,6 +475,17 @@ main (int argc, char *argv[]) + pid_t pid_of_caller; + gpointer local_agent_handle; + ++ ++ /* ++ * If 'pkexec' is called wrong, just show help and bail out. ++ */ ++ if (argc<1) ++ { ++ clearenv(); ++ usage (argc, argv); ++ exit(1); ++ } ++ + ret = 127; + authority = NULL; + subject = NULL; +@@ -591,7 +602,15 @@ main (int argc, char *argv[]) + goto out; + } + g_free (path); +- argv[n] = path = s; ++ path = s; ++ ++ /* argc<2 and pkexec runs just shell, argv is guaranteed to be null-terminated. ++ * /-less shell shouldn't happen, but let's be defensive and don't write to null-termination ++ */ ++ if (argv[n] != NULL) ++ { ++ argv[n] = path; ++ } + } + if (access (path, F_OK) != 0) + { diff --git a/patches/Move-D-Bus-policy-file-to-usr-share-dbus-1-system.d.patch b/patches/Move-D-Bus-policy-file-to-usr-share-dbus-1-system.d.patch new file mode 100644 index 00000000..574a25d8 --- /dev/null +++ b/patches/Move-D-Bus-policy-file-to-usr-share-dbus-1-system.d.patch @@ -0,0 +1,31 @@ +From: Michael Biebl +Date: Tue, 27 Nov 2018 18:36:27 +0100 +Subject: Move D-Bus policy file to /usr/share/dbus-1/system.d/ + +To better support stateless systems with an empty /etc, the old location +in /etc/dbus-1/system.d/ should only be used for local admin changes. +Package provided D-Bus policy files are supposed to be installed in +/usr/share/dbus-1/system.d/. + +This is supported since dbus 1.9.18. + +https://lists.freedesktop.org/archives/dbus/2015-July/016746.html + +https://gitlab.freedesktop.org/polkit/polkit/merge_requests/11 +--- + data/Makefile.am | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/data/Makefile.am b/data/Makefile.am +index e1a60aa..3d87439 100644 +--- a/data/Makefile.am ++++ b/data/Makefile.am +@@ -9,7 +9,7 @@ service_DATA = $(service_in_files:.service.in=.service) + $(service_DATA): $(service_in_files) Makefile + @sed -e "s|\@libexecdir\@|$(libexecdir)|" $< > $@ + +-dbusconfdir = $(sysconfdir)/dbus-1/system.d ++dbusconfdir = $(datadir)/dbus-1/system.d + dbusconf_DATA = org.freedesktop.PolicyKit1.conf + + if POLKIT_AUTHFW_PAM diff --git a/patches/Remove-example-null-backend.patch b/patches/Remove-example-null-backend.patch new file mode 100644 index 00000000..a6301a03 --- /dev/null +++ b/patches/Remove-example-null-backend.patch @@ -0,0 +1,80 @@ +From: Simon McVittie +Date: Thu, 4 Jul 2019 14:30:29 +0100 +Subject: Remove example null backend + +There's no point in this now that we've removed the ability to extend +polkit. + +Signed-off-by: Simon McVittie +--- + configure.ac | 1 - + docs/polkit/overview.xml | 34 ---------------------------------- + src/Makefile.am | 2 +- + 3 files changed, 1 insertion(+), 36 deletions(-) + +diff --git a/configure.ac b/configure.ac +index abfdd1f..22b9a19 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -447,7 +447,6 @@ src/polkitagent/Makefile + src/polkitd/Makefile + src/programs/Makefile + src/examples/Makefile +-src/nullbackend/Makefile + docs/version.xml + docs/extensiondir.xml + docs/Makefile +diff --git a/docs/polkit/overview.xml b/docs/polkit/overview.xml +index 8ddb34c..9251579 100644 +--- a/docs/polkit/overview.xml ++++ b/docs/polkit/overview.xml +@@ -91,38 +91,4 @@ + information on standard output. + + +- +- +- Extending polkit +- +- polkit exports a number of extension points to +- replace/customize behavior of the polkit daemon. Note that +- all extensions run with super user privileges in the same +- process as the polkit daemon. +- +- +- The polkit daemons loads extensions +- from the &extensiondir; directory. See +- the GIO Extension Point +- documentation for more information about the extension +- system used by polkit. +- +- +- The following extension points are currently defined by +- polkit: +- +- +- +- POLKIT_BACKEND_AUTHORITY_EXTENSION_POINT_NAME +- +- Allows replacing the Authority – the entity responsible for +- making authorization decisions. Implementations of this +- extension point must be derived from the +- PolkitBackendAuthority class. See +- the src/nullbackend/ directory in the +- polkit sources for an example. +- +- +- +- + +diff --git a/src/Makefile.am b/src/Makefile.am +index 28c7bfa..3380fb2 100644 +--- a/src/Makefile.am ++++ b/src/Makefile.am +@@ -1,5 +1,5 @@ + +-SUBDIRS = polkit polkitbackend polkitagent polkitd nullbackend programs ++SUBDIRS = polkit polkitbackend polkitagent polkitd programs + + if BUILD_EXAMPLES + SUBDIRS += examples diff --git a/patches/Statically-link-libpolkit-backend1-into-polkitd.patch b/patches/Statically-link-libpolkit-backend1-into-polkitd.patch new file mode 100644 index 00000000..4a9760a8 --- /dev/null +++ b/patches/Statically-link-libpolkit-backend1-into-polkitd.patch @@ -0,0 +1,258 @@ +From: Simon McVittie +Date: Thu, 4 Jul 2019 14:12:44 +0100 +Subject: Statically link libpolkit-backend1 into polkitd + +Nothing else in Debian depends on that library: in principle it was +meant to be used for pluggable polkit backends, but those never actually +happened, and the library's API was never declared stable. + +Similar to part of 0f830c76 "Nuke polkitbackend library, localauthority +backend and extension system" upstream. + +Signed-off-by: Simon McVittie +--- + configure.ac | 1 - + data/Makefile.am | 2 +- + data/polkit-backend-1.pc.in | 11 ------ + docs/man/polkit.xml | 6 --- + docs/polkit/Makefile.am | 3 -- + docs/polkit/polkit-1-docs.xml | 7 ---- + docs/polkit/polkit-1-sections.txt | 80 --------------------------------------- + docs/polkit/polkit-1.types | 9 ----- + src/polkitbackend/Makefile.am | 13 +------ + 9 files changed, 2 insertions(+), 130 deletions(-) + delete mode 100644 data/polkit-backend-1.pc.in + +diff --git a/configure.ac b/configure.ac +index f55ddb7..abfdd1f 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -439,7 +439,6 @@ actions/Makefile + data/Makefile + data/polkit-1 + data/polkit-gobject-1.pc +-data/polkit-backend-1.pc + data/polkit-agent-1.pc + src/Makefile + src/polkit/Makefile +diff --git a/data/Makefile.am b/data/Makefile.am +index 3d87439..dad7c2f 100644 +--- a/data/Makefile.am ++++ b/data/Makefile.am +@@ -18,7 +18,7 @@ pam_DATA = polkit-1 + endif + + pkgconfigdir = $(libdir)/pkgconfig +-pkgconfig_DATA = polkit-gobject-1.pc polkit-backend-1.pc polkit-agent-1.pc ++pkgconfig_DATA = polkit-gobject-1.pc polkit-agent-1.pc + + # ---------------------------------------------------------------------------------------------------- + +diff --git a/data/polkit-backend-1.pc.in b/data/polkit-backend-1.pc.in +deleted file mode 100644 +index 7f6197d..0000000 +--- a/data/polkit-backend-1.pc.in ++++ /dev/null +@@ -1,11 +0,0 @@ +-prefix=@prefix@ +-exec_prefix=@exec_prefix@ +-libdir=@libdir@ +-includedir=@includedir@ +- +-Name: polkit-backend-1 +-Description: PolicyKit Backend API +-Version: @VERSION@ +-Libs: -L${libdir} -lpolkit-backend-1 +-Cflags: -I${includedir}/polkit-1 +-Requires: polkit-gobject-1 +diff --git a/docs/man/polkit.xml b/docs/man/polkit.xml +index 188c514..7933779 100644 +--- a/docs/man/polkit.xml ++++ b/docs/man/polkit.xml +@@ -115,12 +115,6 @@ System Context | | + PolicyKit D-Bus service. + + +- +- PolicyKit extensions and authority backends are implemented +- using the +- libpolkit-backend-1 library. +- +- + + See the + developer +diff --git a/docs/polkit/Makefile.am b/docs/polkit/Makefile.am +index fd7123f..c13372b 100644 +--- a/docs/polkit/Makefile.am ++++ b/docs/polkit/Makefile.am +@@ -31,8 +31,6 @@ INCLUDES = \ + $(GIO_CFLAGS) \ + -I$(top_srcdir)/src/polkit \ + -I$(top_builddir)/src/polkit \ +- -I$(top_srcdir)/src/polkitbackend \ +- -I$(top_builddir)/src/polkitbackend \ + -I$(top_srcdir)/src/polkitagent \ + -I$(top_builddir)/src/polkitagent \ + $(NULL) +@@ -42,7 +40,6 @@ GTKDOC_LIBS = \ + $(GLIB_LIBS) \ + $(GIO_LIBS) \ + $(top_builddir)/src/polkit/libpolkit-gobject-1.la \ +- $(top_builddir)/src/polkitbackend/libpolkit-backend-1.la \ + $(top_builddir)/src/polkitagent/libpolkit-agent-1.la \ + $(NULL) + +diff --git a/docs/polkit/polkit-1-docs.xml b/docs/polkit/polkit-1-docs.xml +index 21b3681..ec04b26 100644 +--- a/docs/polkit/polkit-1-docs.xml ++++ b/docs/polkit/polkit-1-docs.xml +@@ -47,13 +47,6 @@ + + + +- +- Backend API Reference +- +- +- +- +- + + Authentication Agent API Reference + +diff --git a/docs/polkit/polkit-1-sections.txt b/docs/polkit/polkit-1-sections.txt +index 3881004..41b37e3 100644 +--- a/docs/polkit/polkit-1-sections.txt ++++ b/docs/polkit/polkit-1-sections.txt +@@ -290,86 +290,6 @@ POLKIT_IS_DETAILS_CLASS + POLKIT_DETAILS_GET_CLASS +
+ +-
+-polkitbackendauthority +-PolkitBackendAuthority +-POLKIT_BACKEND_AUTHORITY_EXTENSION_POINT_NAME +-PolkitBackendAuthority +-PolkitBackendAuthorityClass +-polkit_backend_authority_get_name +-polkit_backend_authority_get_version +-polkit_backend_authority_get_features +-polkit_backend_authority_check_authorization +-polkit_backend_authority_check_authorization_finish +-polkit_backend_authority_register_authentication_agent +-polkit_backend_authority_unregister_authentication_agent +-polkit_backend_authority_authentication_agent_response +-polkit_backend_authority_enumerate_actions +-polkit_backend_authority_enumerate_temporary_authorizations +-polkit_backend_authority_revoke_temporary_authorizations +-polkit_backend_authority_revoke_temporary_authorization_by_id +-polkit_backend_authority_get +-polkit_backend_authority_register +-polkit_backend_authority_unregister +- +-POLKIT_BACKEND_AUTHORITY +-POLKIT_BACKEND_IS_AUTHORITY +-POLKIT_BACKEND_TYPE_AUTHORITY +-polkit_backend_authority_get_type +-POLKIT_BACKEND_AUTHORITY_CLASS +-POLKIT_BACKEND_IS_AUTHORITY_CLASS +-POLKIT_BACKEND_AUTHORITY_GET_CLASS +-
+- +-
+-polkitbackendactionlookup +-PolkitBackendActionLookup +-POLKIT_BACKEND_ACTION_LOOKUP_EXTENSION_POINT_NAME +-PolkitBackendActionLookup +-PolkitBackendActionLookupIface +-polkit_backend_action_lookup_get_message +-polkit_backend_action_lookup_get_icon_name +-polkit_backend_action_lookup_get_details +- +-POLKIT_BACKEND_ACTION_LOOKUP +-POLKIT_BACKEND_IS_ACTION_LOOKUP +-POLKIT_BACKEND_TYPE_ACTION_LOOKUP +-polkit_backend_action_lookup_get_type +-POLKIT_BACKEND_ACTION_LOOKUP_GET_IFACE +-
+- +-
+-polkitbackendlocalauthority +-PolkitBackendLocalAuthority +-PolkitBackendLocalAuthority +-PolkitBackendLocalAuthorityClass +- +-POLKIT_BACKEND_LOCAL_AUTHORITY +-POLKIT_BACKEND_IS_LOCAL_AUTHORITY +-POLKIT_BACKEND_TYPE_LOCAL_AUTHORITY +-polkit_backend_local_authority_get_type +-POLKIT_BACKEND_LOCAL_AUTHORITY_CLASS +-POLKIT_BACKEND_IS_LOCAL_AUTHORITY_CLASS +-POLKIT_BACKEND_LOCAL_AUTHORITY_GET_CLASS +-
+- +-
+-polkitbackendinteractiveauthority +-PolkitBackendInteractiveAuthority +-PolkitBackendInteractiveAuthority +-PolkitBackendInteractiveAuthorityClass +-polkit_backend_interactive_authority_get_admin_identities +-polkit_backend_interactive_authority_check_authorization_sync +- +-POLKIT_BACKEND_INTERACTIVE_AUTHORITY +-POLKIT_BACKEND_IS_INTERACTIVE_AUTHORITY +-POLKIT_BACKEND_TYPE_INTERACTIVE_AUTHORITY +-polkit_backend_interactive_authority_get_type +-POLKIT_BACKEND_INTERACTIVE_AUTHORITY_CLASS +-POLKIT_BACKEND_IS_INTERACTIVE_AUTHORITY_CLASS +-POLKIT_BACKEND_INTERACTIVE_AUTHORITY_GET_CLASS +-
+- +
+ polkitagentsession + PolkitAgentSession +diff --git a/docs/polkit/polkit-1.types b/docs/polkit/polkit-1.types +index b1e13cc..6354d12 100644 +--- a/docs/polkit/polkit-1.types ++++ b/docs/polkit/polkit-1.types +@@ -16,15 +16,6 @@ polkit_authorization_result_get_type + polkit_temporary_authorization_get_type + polkit_permission_get_type + +-polkit_backend_authority_get_type +-polkit_backend_interactive_authority_get_type +-polkit_backend_local_authority_get_type +-polkit_backend_action_lookup_get_type +-polkit_backend_action_pool_get_type +-polkit_backend_session_monitor_get_type +-polkit_backend_config_source_get_type +-polkit_backend_local_authorization_store_get_type +- + polkit_agent_session_get_type + polkit_agent_listener_get_type + polkit_agent_text_listener_get_type +diff --git a/src/polkitbackend/Makefile.am b/src/polkitbackend/Makefile.am +index b91cafa..cb25a6b 100644 +--- a/src/polkitbackend/Makefile.am ++++ b/src/polkitbackend/Makefile.am +@@ -16,18 +16,7 @@ INCLUDES = \ + -D_REENTRANT \ + $(NULL) + +-lib_LTLIBRARIES=libpolkit-backend-1.la +- +-libpolkit_backend_1includedir=$(includedir)/polkit-1/polkitbackend +- +-libpolkit_backend_1include_HEADERS = \ +- polkitbackend.h \ +- polkitbackendtypes.h \ +- polkitbackendauthority.h \ +- polkitbackendinteractiveauthority.h \ +- polkitbackendlocalauthority.h \ +- polkitbackendactionlookup.h \ +- $(NULL) ++noinst_LTLIBRARIES=libpolkit-backend-1.la + + libpolkit_backend_1_la_SOURCES = \ + $(BUILT_SOURCES) \ diff --git a/patches/series b/patches/series new file mode 100644 index 00000000..2ad5194f --- /dev/null +++ b/patches/series @@ -0,0 +1,64 @@ +0.106/agenthelper-pam-Fix-newline-trimming-code.patch +0.107/Try-harder-to-look-up-the-right-localization.patch +0.108/build-Fix-.gir-generation-for-parallel-make.patch +0.108/PolkitAgent-Avoid-crashing-if-initializing-the-server-obj.patch +0.110/07_set-XAUTHORITY-environment-variable-if-unset.patch +0.110/04_get_cwd.patch +0.111/09_pam_environment.patch +0.111/Add-a-FIXME-to-polkitprivate.h.patch +0.111/Fix-a-memory-leak.patch +0.112/00git_type_registration.patch +0.112/08_deprecate_racy_APIs.patch +0.112/cve-2013-4288.patch +0.114/polkitpermission-Fix-a-memory-leak-on-authority-changes.patch +0.113/Port-internals-non-deprecated-PolkitProcess-API-wher.patch +0.113/pkexec-Work-around-systemd-injecting-broken-XDG_RUNT.patch +0.113/03_PolkitAgentSession-fix-race-between-child-and-io-wat.patch +0.113/polkitd-Fix-problem-with-removing-non-existent-sourc.patch +0.113/PolkitSystemBusName-Add-public-API-to-retrieve-Unix-.patch +0.113/Fixed-compilation-problem-in-the-backend.patch +0.113/Don-t-discard-error-data-returned-by-polkit_system_b.patch +0.113/sessionmonitor-systemd-Deduplicate-code-paths.patch +0.113/PolkitSystemBusName-Retrieve-both-pid-and-uid.patch +0.113/sessionmonitor-systemd-prepare-for-D-Bus-user-bus-mo.patch +0.113/Refuse-duplicate-user-arguments-to-pkexec.patch +0.113/00git_fix_memleak.patch +0.113/00git_invalid_object_paths.patch +0.113/sessionmonitor-systemd-Use-sd_uid_get_state-to-check.patch +0.113/Fix-a-possible-NULL-dereference.patch +0.113/Remove-a-redundant-assignment.patch +0.113/Fix-duplicate-GError-use-when-uid-is-missing.patch +0.113/Fix-a-crash-when-two-authentication-requests-are-in-.patch +0.113/CVE-2015-4625-Use-unpredictable-cookie-values-keep-t.patch +0.113/CVE-2015-4625-Bind-use-of-cookies-to-specific-uids.patch +0.113/docs-Update-for-changes-to-uid-binding-Authenticatio.patch +0.113/Fix-a-per-authorization-memory-leak.patch +0.113/Fix-a-memory-leak-when-registering-an-authentication.patch +0.113/CVE-2015-3255-Fix-GHashTable-usage.patch +0.113/Fix-use-after-free-in-polkitagentsession.c.patch +0.113/README-Note-to-send-security-reports-via-DBus-s-mech.patch +0.114/Fix-multi-line-pam-text-info.patch +0.114/Refactor-send_to_helper-usage.patch +0.114/Add-gettext-support-for-.policy-files.patch +0.114/gettext-switch-to-default-translate-no.patch +0.114/Support-polkit-session-agent-running-outside-user-session.patch +0.115/Fix-CVE-2018-1116-Trusting-client-supplied-UID.patch +0.116/Possible-resource-leak-found-by-static-analyzer.patch +0.116/Elaborate-message-printed-by-polkit-when-disconnecting-fr.patch +0.116/Error-message-raised-on-every-systemctl-start-in-emergenc.patch +0.116/Fix-a-critical-warning-on-calling-polkit_permission_new_s.patch +0.116/Allow-negative-uids-gids-in-PolkitUnixUser-and-Group-obje.patch +0.116/tests-add-tests-for-high-uids.patch +0.116/backend-Compare-PolkitUnixProcess-uids-for-temporary-auth.patch +0.116/Allow-uid-of-1-for-a-PolkitUnixProcess.patch +0.116/pkttyagent-PolkitAgentTextListener-leaves-echo-tty-disabl.patch +01_pam_polkit.patch +02_gettext.patch +05_revert-admin-identities-unix-group-wheel.patch +06_systemd-service.patch +10_build-against-libsystemd.patch +Move-D-Bus-policy-file-to-usr-share-dbus-1-system.d.patch +Statically-link-libpolkit-backend1-into-polkitd.patch +Remove-example-null-backend.patch +CVE-2021-3560.patch +Local-Privilege-Escalation-in-polkit-s-pkexec-CVE-20.patch diff --git a/policykit-1-doc.install b/policykit-1-doc.install new file mode 100644 index 00000000..9ae10935 --- /dev/null +++ b/policykit-1-doc.install @@ -0,0 +1 @@ +usr/share/gtk-doc/html/polkit-1/* /usr/share/doc/policykit-1-doc/html/ diff --git a/policykit-1-doc.links b/policykit-1-doc.links new file mode 100644 index 00000000..567016f7 --- /dev/null +++ b/policykit-1-doc.links @@ -0,0 +1 @@ +usr/share/doc/policykit-1-doc/html/ usr/share/gtk-doc/html/polkit-1 diff --git a/policykit-1.bug-control b/policykit-1.bug-control new file mode 100644 index 00000000..0e19fcec --- /dev/null +++ b/policykit-1.bug-control @@ -0,0 +1 @@ +package-status: elogind libpam-elogind libpam-systemd systemd diff --git a/policykit-1.docs b/policykit-1.docs new file mode 100644 index 00000000..50bd824b --- /dev/null +++ b/policykit-1.docs @@ -0,0 +1,2 @@ +NEWS +README diff --git a/policykit-1.install b/policykit-1.install new file mode 100644 index 00000000..178fe1f5 --- /dev/null +++ b/policykit-1.install @@ -0,0 +1,11 @@ +debian/polkit.service lib/systemd/system/ +etc/pam.d/ +etc/polkit-1/ +usr/bin/ +usr/libexec/ +usr/share/dbus-1/ +usr/share/gettext/ +usr/share/locale/ +usr/share/man/ +usr/share/polkit-1/ +var/lib/polkit-1/ diff --git a/policykit-1.links b/policykit-1.links new file mode 100644 index 00000000..88d2cbed --- /dev/null +++ b/policykit-1.links @@ -0,0 +1 @@ +usr/libexec/polkit-agent-helper-1 usr/lib/policykit-1/polkit-agent-helper-1 diff --git a/policykit-1.lintian-overrides b/policykit-1.lintian-overrides new file mode 100644 index 00000000..233ca2b1 --- /dev/null +++ b/policykit-1.lintian-overrides @@ -0,0 +1,5 @@ +# On non-systemd systems, polkitd is started by traditional D-Bus activation +policykit-1: package-supports-alternative-init-but-no-init.d-script lib/systemd/system/polkit.service + +# Intentionally started on-demand rather than during boot +policykit-1: systemd-service-file-missing-install-key lib/systemd/system/polkit.service diff --git a/policykit-1.maintscript b/policykit-1.maintscript new file mode 100644 index 00000000..5fddde89 --- /dev/null +++ b/policykit-1.maintscript @@ -0,0 +1,2 @@ +rm_conffile /etc/dbus-1/system.d/org.freedesktop.PolicyKit1.conf 0.105-22~ +rm_conffile /etc/polkit-1/nullbackend.conf.d/50-nullbackend.conf 0.105-26~ diff --git a/policykit-1.postinst b/policykit-1.postinst new file mode 100644 index 00000000..56f95bd8 --- /dev/null +++ b/policykit-1.postinst @@ -0,0 +1,62 @@ +#!/bin/sh +# postinst script for policykit-1 +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * `configure' +# * `abort-upgrade' +# * `abort-remove' `in-favour' +# +# * `abort-remove' +# * `abort-deconfigure' `in-favour' +# `removing' +# +# for details, see http://www.debian.org/doc/debian-policy/ or +# the debian-policy package + +set_perms() { + USER=$1 + GROUP=$2 + MODE=$3 + FILE=$4 + if ! dpkg-statoverride --list $FILE > /dev/null 2>&1; then + chown $USER:$GROUP $FILE + chmod $MODE $FILE + fi +} + +case "$1" in + configure) + set_perms root root 700 /var/lib/polkit-1 + set_perms root root 700 /etc/polkit-1/localauthority + set_perms root root 4755 /usr/libexec/polkit-agent-helper-1 + set_perms root root 4755 /usr/bin/pkexec + ;; + + abort-upgrade|abort-remove|abort-deconfigure) + ;; + + *) + echo "postinst called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +# This can be removed after bullseye is released as stable +for d in /etc/polkit-1/nullbackend.conf.d; do + if [ -d "$d" ]; then + rmdir --ignore-fail-on-non-empty "$d" + fi +done + +exit 0 + + diff --git a/policykit-1.postrm b/policykit-1.postrm new file mode 100644 index 00000000..795972d8 --- /dev/null +++ b/policykit-1.postrm @@ -0,0 +1,14 @@ +#!/bin/sh + +set -e + +#DEBHELPER# + +# This can be removed after bullseye is released as stable +for d in /etc/polkit-1/nullbackend.conf.d /etc/polkit-1; do + if [ -d "$d" ]; then + rmdir --ignore-fail-on-non-empty "$d" + fi +done + +exit 0 diff --git a/polkit.service b/polkit.service new file mode 100644 index 00000000..f2698012 --- /dev/null +++ b/polkit.service @@ -0,0 +1,8 @@ +[Unit] +Description=Authorization Manager +Documentation=man:polkit(8) + +[Service] +Type=dbus +BusName=org.freedesktop.PolicyKit1 +ExecStart=/usr/libexec/polkitd --no-debug diff --git a/rules b/rules new file mode 100755 index 00000000..8e6f151c --- /dev/null +++ b/rules @@ -0,0 +1,47 @@ +#!/usr/bin/make -f +# -*- makefile -*- + +DEB_HOST_MULTIARCH ?= $(shell dpkg-architecture -qDEB_HOST_MULTIARCH) + +%: + dh $@ --with gir + +DPKG_GENSYMBOLS_CHECK_LEVEL=4 +export DPKG_GENSYMBOLS_CHECK_LEVEL + +ifeq (linux,$(DEB_HOST_ARCH_OS)) + SYSTEMD_CONFIG_FLAG = --enable-systemd +else + SYSTEMD_CONFIG_FLAG = --disable-systemd +endif + +override_dh_auto_configure: + dh_auto_configure -- \ + --enable-gtk-doc \ + --enable-man-pages \ + --enable-introspection \ + $(SYSTEMD_CONFIG_FLAG) \ + --disable-examples + +override_dh_auto_test: +ifeq (,$(filter nocheck,$(DEB_BUILD_OPTIONS))) + # on buildds we can't rely on actually having a system bus + dbus-run-session -- sh -c 'DBUS_SYSTEM_BUS_ADDRESS=$$DBUS_SESSION_BUS_ADDRESS make check' +endif + +override_dh_install: + # on Debian use sudo group; on Ubuntu, also allow the admin group for + # historical reasons + if dpkg-vendor --is ubuntu; then \ + /bin/echo -e "[Configuration]\nAdminIdentities=unix-group:sudo;unix-group:admin" > debian/tmp/etc/polkit-1/localauthority.conf.d/51-ubuntu-admin.conf; \ + elif dpkg-vendor --is debian; then \ + /bin/echo -e "[Configuration]\nAdminIdentities=unix-group:sudo" > debian/tmp/etc/polkit-1/localauthority.conf.d/51-debian-sudo.conf; \ + fi + find debian/tmp -name '*.la' -print -delete + dh_install + +override_dh_missing: + dh_missing --fail-missing + +override_dh_installsystemd: + dh_installsystemd --no-start --restart-after-upgrade diff --git a/shlibs.local b/shlibs.local new file mode 100644 index 00000000..adf77abe --- /dev/null +++ b/shlibs.local @@ -0,0 +1,2 @@ +libpolkit-agent-1 0 libpolkit-agent-1-0 (= ${binary:Version}) +libpolkit-gobject-1 0 libpolkit-gobject-1-0 (= ${binary:Version}) diff --git a/source/format b/source/format new file mode 100644 index 00000000..163aaf8d --- /dev/null +++ b/source/format @@ -0,0 +1 @@ +3.0 (quilt) diff --git a/tests/cli b/tests/cli new file mode 100755 index 00000000..5ace92f7 --- /dev/null +++ b/tests/cli @@ -0,0 +1,39 @@ +#!/bin/sh +set -eu + +assert_fail() { + if $1 2>&1; then + echo "FAIL: command '$1' unexpectedly succeeded" >&2 + exit 1 + fi +} + +assert_eq() { + if [ "$1" != "$2" ]; then + echo "FAIL: expected: '$2' actual: '$1'" >&2 + exit 1 + fi +} + +assert_in() { + if ! echo "$2" | grep -q "$1"; then + echo "FAIL: '$1' not found in:" >&2 + echo "$2" >&2 + exit 1 + fi +} + +echo "TEST: pkaction" +assert_in "org.freedesktop.policykit.exec" "$(pkaction)" +assert_eq "org.freedesktop.policykit.exec" "$(pkaction -a org.freedesktop.policykit.exec)" +assert_in "active.*auth_admin" "$(pkaction --verbose -a org.freedesktop.policykit.exec)" +assert_fail "pkaction -a unknown.action" + +echo "TEST: pkcheck" +if [ $(id -u) = 0 ]; then + assert_eq "" "$(pkcheck -a org.freedesktop.policykit.exec -p 1)" + assert_eq "" "$(pkcheck -a org.freedesktop.policykit.exec -p $$)" +else + assert_fail "pkcheck -a org.freedesktop.policykit.exec -p 1" + assert_fail "pkcheck -a org.freedesktop.policykit.exec -p $$" +fi diff --git a/tests/cli-root b/tests/cli-root new file mode 120000 index 00000000..76ec9f59 --- /dev/null +++ b/tests/cli-root @@ -0,0 +1 @@ +cli \ No newline at end of file diff --git a/tests/control b/tests/control new file mode 100644 index 00000000..8cb25153 --- /dev/null +++ b/tests/control @@ -0,0 +1,7 @@ +Tests: cli +Depends: policykit-1 +Restrictions: isolation-container + +Tests: cli-root +Depends: policykit-1 +Restrictions: isolation-container, needs-root diff --git a/upstream/signing-key.asc b/upstream/signing-key.asc new file mode 100644 index 00000000..db36b40b --- /dev/null +++ b/upstream/signing-key.asc @@ -0,0 +1,250 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQGiBD8pb8ERBAD1ihpUQm0UdZHTD7mzs0u7tGVMyQTD5ozjt1jpJRq7DYG+YkOp +lJ6kgXBgagO7cLXyutzv5osz3xoyPc8zqoXwwp0rnOkIX4N4QTgy77NsDnSUlxUz +kAhrmbwgtdRFt0DdguOcsDglqyd9Hmg6wRvSU3zXbI0zD3cXwAy2JIoIRwCg4Dg7 +8asoWEdGt/C6VfzMdPFu9rUD/AprV4P2CCUB7/WFmVKIzSBwIfI69ZtwKzWv6IeV +AY7FIr/tvojYoMHscU0JsmuRE45DdeSRAQgeV3wimwmEnDqkS4PJoX3UFxVo2T7B +eR1UhI7g+E3IX1XgfLK/29/WwdyiOALCxUghRppAe6+cW7rMzZGFaROCmMjkDXso +UksCBADZWiKUR8eVHFclO1s+FDM9pfym35uQcX81UmgeLVuOJydYoXGzYxxkyHkB +1TIHDKmGxuo8COcIeMhqZgNYGGcaICW9QoD5TPgDqPSElGl1YXrV0MI3gxHloSrw +cYYm0IRjeW2tuZAj0j95uFOuq+yzDnPGeKLuSag8IiMbHxJHRbQeTWlsb3NsYXYg +VHJtYWMgPG1pdHJAdm9sbnkuY3o+iF4EExECAB4CHgECF4AFAksBd8UGCwkIBwMC +BRUKCAIDBBYCAQMACgkQWjP2YLOEed/SYACgtNtE6o7OYC4qcwqrJZ+Z7tXh1+IA +nRZua8ucYD86+5nCrxMIbfxbezF9uQENBD8pb8IQBACfUnNGW28WIyuZHCUqOmJT +x3xzr7F3yN3KOiuiF7GP/GU5UG0b5wg0Du3szzMGZwOPt7AtEgQ0/QTabQSvnGsh +wcvJ1RjvgRZWx5TVz7CRQdRgF7tM72ifEUaTwJ4ijvzLq8dIHEeyBdIJFgjPWIHd ++aIQXHxhyljQcn4Cu6462wADBgQAmXXloVMsbpOUHr9wW+QrVUWDR3+ceVw77hF3 +z17eqNuIrWJuad+42N/3qQSjKQOxQp3w/ihH7EvMQhbwVNHQ5t8BVHIEVG1G28Pj +1IpTOW3GC8h185fPlx6aZIn4lpremyWkEmOfR3G+fxl+j55NTv2Pe/A8wITY7FIz +ppDzRVuIRgQYEQIABgUCPylvwgAKCRBaM/Zgs4R53zhKAJ9cBXfmpHbPwdfBEHHu +B+l0KoLSrwCglkFmrFAKQhjSwn7gMC27Yl+lK32ZAg0EWdY+ggEQALp0wmlsihHd +ZZSLe22z/bHpbvTKOTXA7xD3guse8ot9irqFhcH3aDGnhGCJFdeha75aHe16gVRT +PxwaDtN2IF0nMgJ9pir2k7Htb0kUfmYBXyCvKUO3y7PCjVaSRPz+YXkIambVoIgq +hWPExpSwU2U9Tme/T4IorRz8EmL8Apyox+4IX0ZK6k9ZCojbQ+bA3L/G4CQ2MiNt +6nlmSIXh63iPh6XCPdj76ivWQBInq1YzJ1uxb1RpHI4Kol/iy0M20kCyP7z8ofnD +qaXJ2CjRJmKavM6nqeGslX139EU3qLYKR+1q/BbCbS2yi2QAWyrFeaAk1BDADj/v +V/tWPYEZVHucMsUAzQjy7dsdOgO75zvkltoAPKbjluyfvdO1wnKjtGJ1mGQXHxXd +/oQSlYRoGqfx2LjtUvwTzV4beLD+DvFaoZUDY2b0yTSsY7uOSE0vEZ8q9demb3II +bsgtg9GIWq1W2xHjq3V7ptBkPGwcgjEv9IkBNgDgSlTIlaDKCKfdevI09DJ3i2qa +kbHYMTnPlXumChPmYUgx49iLyqm2n+LdfdRkwjEKB2YBX+oYmZvuLm797hoH8rRl +CAxxDXi7LAr1PN4cK5h82TbdnyphryZX/AZTLVLL+oWdDfKMpBX8ILh0Vds2k3Ra +q+z3NdcQQDZSwXUDzx7e4cfIhzg0BUS5ABEBAAG0H1JheSBTdHJvZGUgPGhhbGZs +aW5lQGdtYWlsLmNvbT6JAjgEEwEIACwFAlnWPoIJEOm1GmZYKdZVAhsDBQkeEzgA +AhkBBAsHCQMFFQgKAgMEFgABAgAAh4oP/iSILcagk1D2k7Ji+RFPSFiKBX/Dhd/D +lD2bzGqRgVpc34A/u6dNmm3qqn6bUWD/XETBZIUwCltf+q+0rFA5XfXY+8bkmXt2 +L185MzMKxiuwP7IB/AkzkzNzYyKd5eyYZ2lOzXZk72kZ9En2cSY6AAqlF8Uo9CiE +Fsz9EsJvJx3ggZNQq3eFGL9TNRwpQFg0cvuzm15M9HtWO1HeXv5asY8CHkTQixCd +D81QNBHPC5jnx3KqoBvhpVB46ItWvf43/xgqBC/QePBvIPYD2TX+MwEd40V3v0+M +gTpjuUsREEej7kvUnU9XyNH5QyWg8NUIz79GJ7nYq9AWUM6QgOM0L3oLyf2GdHqt +t98lTM5xGROC9UZYKkHdvglI4R7NHSuGoEI+1/tr0ZODG0WkayLr/9LPkXhoNFSF +pffVrqzJBa4GW/SWmAbtR+FzmQZSQr95Recf6SP7nq4D/GQQpLZ7jJsYYzrm5TDf +1cIqt9HKlhfU0XIoJqEXFpQ7Scve2VHZ7L5Sp9GA6zdQL4zT7gT6CO5hW6sF0ytr +1f54SCGDfeKGxz4C0yKfK3o3ko2uvQ7FcBuJgekFGPpzDMqoINLIxJnKJitHjLAN +O8OmJAkC2p5XslLmb7eR6uTXAhixEAP4hFWXpA19DVwzCtK1vwWs7z8B06MZ2J8w +dK+JK/LS/a/atCJSYXkgU3Ryb2RlIDxoYWxmbGluZUBoYWxmbGluZS5vcmc+iQI1 +BBMBCAApBQJZ1j6CCRDptRpmWCnWVQIbAwUJHhM4AAQLBwkDBRUICgIDBBYAAQIA +AAfcD/4qyahdn0+HqnrGo0JjI0t92yfk1EBuxj2yk4Kjh9JhoxFzKnM9ffBDLKfX +zMzkHFLisEi2MfcdxczavZjSm4XABrf17U0mH55m2ypeozSAE5UC+qwKSABb9Uim +Ts2LKu86bwf9a1p3JMjUXM22kD82/K/DlrAZESkHuJV5i1DDCBOe+763OhAAidUz +00VubZQyIlg3uGIzHaADM0uRGahS8Dp/gvFRGYtCDFMexpCoU0sifM46GkFZt6p2 +23dID4T2+IKaSH54I4OtuF9jh/1JzYfcuGV8Urv6B8iO9S2UTvzZ7hBOmQSx/+vo +xKORM5Eux5fzVkxFpxmpEx7VSPYlzioU4Wg3Dwq8BVttZbs5Fz1T0j1zhJ4g+1xX +yqAeBL/eD7sUhkKSGqqDR4ICTAWtDwrODSP+4B0wWLfoJIFI6f/mb16bBRmSqrhi +yvS2uriGy1aij5rTVQCRT1mJLgGslJ3T1tm8QcjJVNN4rlDHOReEyALZC0dDxtFZ +cRBaBtJLp8ww8RxhfP9RD9oao44HI1GrV5XxsegGhhr9aqKhh0qfX8S8vSHeuAcP +cMR9HQxuXA//zknKg5WPC4wa1ESQu58I7aCopdN9rynDcT79z7W7zgAO5C7zxyp4 +LruJUF93sP8aX+IJn3IMir4kCddLEFfqBHn1xsu/spZ7kxEeybkCDQRZ1j6CARAA +pN8F6aiecsK7eEkkdx/GxSqvDs/fVzZVJUY5JPIhPSkL2y8PCF8KZiP6cAFLQFWt +Ak3jcXITEO0Eo6j8ZEyeVVNRFvDVA6QC2zof4as5ZvsDN2UlIqrrnygQEKW6RdjU +SOW/NCdJ4zc+ZMtO4ea07fIubG00DN9giwaQYfsAnrkxYz6T4cxOg95gfe5lGJFr +iffeLMFZiD7jcme8Su/m3uCXpM5IFB8fggObLw8OL1/Od30t6Fi0FfQTjjXT5fk3 +yPJDqwMN0bt1pBrabilPJiRBjAysj+frMRgF1Jc2frB9eRh+v/V4Jka9S5HukQo7 +8ymHxArlVzNXze7P+Ep4D165QKUdq/naFSFep6fBGwRzfjEtx2H5SrcKgMlRx60Q +WaGKidBTwpi0z7KnEv6vXFwjVSDLY+tMRzo8lRy+/jA/3uezs/tpwtVtZGEdT78U +exHdxmv5SSHuQAVQ6NInJKDQ3Z30tXmAzXsw3f83R4RJDrFG4nHXlHeJe8C0rCEd +4Zw47KpROpk7RVI068BBxK2F4Vj8lCM9MdSXmPCCweRPne6LQ7lpzLsORxo4WBq0 +smU5VNg0+FDRImPEPeTz9zuKZMvt8VmKUXDaE0ojEcoTy2knf8Oj0HTsXbX+sQDG +fAgnKsjsZsOG6uXpTO19UxWS4BOjuPcB5vzzB4OYGs8AEQEAAYkCNQQYAQgAKQUC +WdY+ggkQ6bUaZlgp1lUCGwwFCR4TOAAECwcJAwUVCAoCAwQWAAECAACdqw//WkMJ +8y9HqaNsbjiTMSm7wzwfe/laZEZ5rUBcLapGRlMgJdlPULKjoC5to9yib4l5O724 +vUDvMdUmwstgg8WISUjSOsiWLzzmka3LyBeYiZH2TiHw2GzujeAySmw4dS8aa76D +6gnI4+wtjC1FFZlokWtxit+fBZLealdg08sy11O9YYO62xORcCAHOkZyMOF1USwv +XFeLdkvsiBYjSMmSMGvGVz9guj8p/Hks3C2ZG8vvBfWU7BKkN0JTDs1VNryDL1yb +di8X4lZnPy9ZyNTw6g5SEM0pZ+5EntefjJ33yXRGL9Y1Ygvuj6qbMv7Gqb14TyeT +Aj/yo0t//acM8AWGvqnY+2SehIXtq2Dl/Zlt+TMb8nTQPBIVulR8W+wjjwRoJ6nG +1uPHoukOJOWQZt2q0tiWQf8dzI7dQlxOzD8BnJk2ud7qhpO5Lc6be1xBTD+HCEGa +d5sIoccqKd5DTqN50HQ/kUx+H2pmasA/tXnMWt1Vpf+e8WX6ceMXQ2KgrPToKAHV +x4qjT20ece+CwbIVUo4qQLdiEOGUblJBA4NiTiS6Ew9RpR9lfcNoS0y2NX7qM2d8 +/eMUQkdgC9CkItAQL8mTeh0qCvD9Q0ljbB7AVdHGzA5wkHCjGyxtCaIFoWnXcWvO +GPCPCp6v6elXoW44uNGycx3uH0SCIZgaoffznDSZAg0ETOk1rQEQALQnmDr+3f8Q +HVVPcgAzhHlIJGViduhVLe85mZCemEnXyqnXlK1XcHQ6sF2AjkuFU+Iz3M3TUCMN +SYBwdpUeNUMzNiIBJzJ5FiwMAGEvsFa2jDLdNxg70mN/HfQZKX6mcl1CVScVu6rL +bt4JppnJZjvgxxfFDXVATtHAHUAtgyV/CtdPZZERYkksIdKekhXOlP9vwY3uYE2p +DEROrDJlYV1uz4EHPIaeknxLWB9GFveaXocVB69udB//PPgzVi5hi50fVhqJKAR2 +xFy2Rb+XHiyDbQ3VYkIaLi8FIaJqs7eEQDNsv4ouX3MpRxKpAwmaXNfuljI/S+Ow +D1SJLkOZrOTjG4nXrstPBPinEILd3ICBIiNmkWJCtCWVXg0IestDxEO/R+Q/vEpD +Ix/dsALOIBaaNUTpgIThf7m7ntDzFLlkBRLl2gXZwY/nqs2vejlog6uhWisGeRu0 +XLuiAmO6A4mYoG4Bu62ATxZhsU+EbtoDmILPExC7LYnrov0nGzZQfJ9vBClwdla4 +4SPoWZTDI3PRRqU92oM1KPIJErJ47GVJzWbLqg6IdpKay1O+hlx65IW+elArvMxd +4cSpwV5aEzbRH1WeYa9UjPOqENOeqMQVrWwYn4bdrqwOmkEjONVT+1I7R5tud3kk +vl+XAT4uAxhDgvjUkjPWlocl9/HB0J/zABEBAAG0IURhdmlkIFpldXRoZW4gPHpl +dXRoZW5AZ21haWwuY29tPokCOwQTAQIAJQIbAwYLCQgHAwIGFQgCCQoLBBYCAwEC +HgECF4AFAkzpUvICGQEACgkQ55CSzDQYqJET7A/+LIBuqATfMzIssMS2BjMm5nhz ++/v/lNMSs1Z2ohMUKlXI6fElEg/xqB1zDsU0mHdNsfRQWl8uHgmQ5Lwp/osWR7o7 +39Vs/zINMschkhXTWoF3UHDXMbOo9KKlqcRvYUDEWwq1Z1aBfcA2JD2t+fY6E3Gr +eKXx5uE5TIriAvoXWUSIq6FxBNaxDefikWauQ6ErX7TzOgYRlf4BCEa8RPFTvDk+ +UWA6Zl5EWFPGEiogI3sE2FYkBp1FrY1BbBOq7ng+Kkx94dyQSCcMrcPHIZii0Lye +qurd2IZrXPbPTmMiaSILvz9qOvVqx2aruRXgFJ3EZw1mQ3E6exI3czeVX9QTc0NR +8ZKNlBWlpjJKdsPDN5vojCMLPqTqCWLLFIi97Fk94vlt7dHKQQsa6SpZcmFNCCv9 +sknR3AQ6FCW0+VJ9zvY52/Rs+ikpVI9I1WmuCmzbUH4KAoyM3aESI54xAwusIIAW +A+IBpl5gYx8fZaT0Wb9fUeKyz72CL+tKluTI7aBzm7jyYNmiiZjMzucbAg7oIRXj +jEx+WRXNWrBO1PVuyDXTCM6mc8KrROLBDVOFvV67upkH41UId10GqZxX3W0+cUeS +wOzVrDBPcsIp3zUW5Udd7W6CAObb7FAKl2omdYYZWMn/szQnnxt3OCwBhMpgUFQa +pFBowSWAxpskr8ToLYfR08jTxgEQAAEBAAAAAAAAAAAAAAAA/9j/4AAQSkZJRgAB +AQAAAQABAAD/2wBDAAgGBgcGBQgHBwcJCQgKDBQNDAsLDBkSEw8UHRofHh0aHBwg +JC4nICIsIxwcKDcpLDAxNDQ0Hyc5PTgyPC4zNDL/2wBDAQkJCQwLDBgNDRgyIRwh +MjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIy +MjL/wAARCACTAHoDASIAAhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQF +BgcICQoL/8QAtRAAAgEDAwIEAwUFBAQAAAF9AQIDAAQRBRIhMUEGE1FhByJxFDKB +kaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3ODk6Q0RFRkdISUpTVFVW +V1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKz +tLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QA +HwEAAwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtREAAgECBAQDBAcFBAQA +AQJ3AAECAxEEBSExBhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl8RcY +GRomJygpKjU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOE +hYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX +2Nna4uPk5ebn6Onq8vP09fb3+Pn6/9oADAMBAAIRAxEAPwCgsHtUog6cVeWD2qQQ +8dK2UDJ1SgsFPEHtV8Qe1OEPtVchn7Uz/I46U7yPar6wu5IRCQOpxwKdIiwK29kX +A5JNRKUYq7ZUXKTskZzW/Tjoad5GByPzpur6zBYqsQUo+7cWdDg/gOfz9az38R6T +PH+8mxjhtgYMffH+Ga5VjIN+7qdf1Wpa7NMW2egpDb4rPtpNHuJnK3uFwCu52U+/ +XtWslpKqh7e481OwfkfnXRCfOrpfic9SPI7N/eiA2/tTTB7Voom5fnXY44Kk/wAv +WlMPtW0UpK6MXUcXZmYYPamGD2rUMPtTTD7UODBVjLMHtTPI9q1Whpnk+1TyFe1L +ohGKkEOe1WhF7Uk/7i2klx91SQPeuvkSV2ef7VydkUbq4tbFQ11MsSkE5b0HU0Wt +9pt7HuguxKAedqnj35A45rB1HSp9X0e8mJaQIvzBs9+Bj09a5w6de2VjG5ZtkcWX +2cEAEAhvoTn6H3r5+vmU6l403Y+hw+WQSUpu7O61PxLpNnE8cBLuuBv3YPXoM/8A +1u/451rqVzMscscCtFM28GQfMoAx27e9cRYwG61ONLtXkjVhjPV/b8eP8mvT20+K +2PnXLhWkQlU/hjj7se/OMAdz19K83E1ZcvLJ3PQhQhTeiOJ1y/urqTDgOuSMeX/j +XL3yyR/LPFIrgcL5YXjP616PdyQSzFLGFVYAEycZB64HbIGM/j6Vj38d3JC322Jp +omHJU5YY747/AIVlQr8tlY6eW6OFeZ2ZAvJAwBV631O+0xxJbXMqMeTg5TntTb+x +QMZLWRcEcYPWq1rK7IYpAAV65P3gfX6f1r04zVuaJhOmnpI77RfGUV3si1OEpL/f +jyPxx/hXXxBZFG11kXG5XU8MPX/Edq8WNvLC65UCM8gsdoH0Pau28PeJbe2SySWV +ggZ4WyBhyBkfQnP0OBn26aWMlCSctUeVisBGUHyaM7UxU0xVciMVzEssTBkYZFKY +vavdSjJXR826kouz3KBi9qTyqv8Ale1M8qj2Y/bMuiL2qlrcYGi3RzjCZz9Oa2RF +zVfUoFk0+ZXXjYTnOMYqK7/dyt2Fh3arF+aM3S9VjttOsbPYjRzShMkdjxj+tcat +3/acV3JvJCSqq5+8VdMEfgVB/wCA1DFBfLZQX11PKZWdVjjfIK4yB1+laOi2kunx +uJYZACd2CucN0x+p/Ee1fCznZt9T7yFJRVyvFBFpSJOm12ij3Dj7pOAD9ef1ovr2 +6vNFKyN+9ml3PleQg6AH06V1Vr4Zn1W7RGXYix+ZIMEqufuqPp/Oty40CK3tI4/J +R3CYxjke35VHvW5mN1YX8zzB7e5BV1KxscFsHOf880+4n8uPd5uCOMEVuanYGGTa +0GAB+H41y2p8RsoLBD0DUopyepummYWobAzOqjaTyV4wfWshyyTrMmNynJ96vTkg +sP4TxiqIJAI5JU/mK9alojOepauIi0Kp8pRwfLIPGQBx+v61lOzeSJBuO3nGeo6Z ++oxiteVs6MHUqPJmDY78g5x7cfoKzJX2LMu0EffXHoeoH6flWtJ6HNVWtzufCHjd +1vhBenKS85H9446fXk/jXqieXNGJEYMp7ivmeMkSIUOMnj2r3HwDrn9raQElcG5t +1Hmj+8nZvqOh/wDr16uDrcv7t7dD53M8MmvaxWvU6cx0nle1XjFTfKNenc8MuCL2 +qtqCH+z7oAlcwsMj6GtYRVXvIQbG4DDI8th+lc9V3gzpoxtNM4HQrZNY8Y6XYj57 +a1Qyew2jPH44FerjQ7UzCRogW3ZPoTXl3wtuY5/Gt6wYMPsTbSev31z/ADr2cV85 +g8NTlC81qfVYupKM7LsQQ2sNuriJApc5YjqT71i6mqm4WIKTIOeK35DgVhXm/wA/ +ePzPSnjklFRRnh23K7MbU7UsTuRWDdjzivLPFtvDbxy+XgODjA4r1W+njjVjJNja +MnFeP+LtVguZGigyxzknmvKgvf0PTo3OOYZ981WciN9x6dDVvOT04qKSPd2xXpJ2 +NGIXAsZBu53AEeoqicSxYcjKjaSOvp/LFSyROoKKeCOBUPnNazxyABj02kZDAjBB +/lW9NLoc9V6FJQY2wTkDnNdd8PdVaw8S2x34V2MbAngg/wD165q/SFLo/ZyTE4DJ +nqARkA+46UumStbXscgOCrAit02veOKcFKLj0Z9URxYiUc4HA+lL5fsadpMi3elW +8y8qyjFXPK9q9qM00mfJyptNplvy6q30WbG4Uf3D2rU2iq92mLeY4H3DXLOXus7o +QtJHgnwovja/FCG2Y/LNDLF+QLf+y19IB8Dmvk7R75NH+I2lXzMFjjvFVyDwFY4Y +5+jGvqiRmVeBzXjKpyJSR9BiYXmJLcASEY6CsLU5pGJ3Nt5zjvT9QmcErgg4zWHd +iWbAaVg5P8IBIrzq9dzdjSjStqZ9w4maZHy5UbsE5rzrxCkhuJIIVBOfmVBhR9T9 +K9MFmZrh1QsE496xfEEejaPAWnkgWTOWZzk/QCsKb5Xc7IzS0PK2spI0LtjaO9Vh +JGzFQ4JHapNd8Qw32620+IGMscsV/wAawFtJgwcTYPtXqU6bcbz0Jc3f3dTXkXgE +djVHUYP3ZkHUVNbSzL8kvzA9+9WnTzYirkcjFUrxYnaSsznI286PaT86/wAqsqCU +3qTxyRVaaFra4z2q9BB5ksij7nl8n2I4rqk+qOaC1sz1X4YfEFLW2h0bUxiIPtju +Aemeikeme/vXtAZCAdwGexNfNngHTLBfEzfbryGCKCNyzOQwLKwHAI5znivel8ae +GVUL/a0QwMcq3+FdNLERiuWbR4mLw7c7016ngk/irxNazRy/21dNLEvyFpThcjnr +/Wn2fxO8U3F2kc2qyneQD0wfbGMV3MnhXR5Qd1uGz1/d01PCehwyKy2qKykEHyu9 +c6w8+WzZ2PFUG7qP4HmGuwFZpZAP4yQfb/JFfT3gjW18QeC9N1B3zK0QjmJ/vr8r +fmRn8a8U8Q6NGLgxhP3coIVsYGeR/I5q/wCEvE15oPg+eytYZJJrWVi6AZ5PQn0X +GOfavO9q4R5WrtaHq1aarRjKPU9p1D7PHhmYYB5z3rmdRvIFuHWJlJI4bdwa8K1n +xtrupTFrzUWRCchAx4H0FRW3iufYEfUBIe27IP5msauHqT95I0pUVHSUtT1XxD4q +g0fTJRC2ZSCMjsewFeF6leTahdPNcSu24k8muo1bT9XuNBTVJlJsWfKOTwT/AJFc +fMjMfat8FTULvqVVtFWRD5zKrCJeB1NMSedmOCx+lSpEVLDLbT1x3q1GgXoMV3uU +UcqjNvewttO7gbs5rThbeAMnNVEjJIAHNW41KDIIwO571zTs9Ubq/Uq6nAGh3YG4 +U/SAgtnZiS7DYR6D1rSl0+S5txIAfLP8W04/lUUmkXq6dNcxhYoUQbQf4yTjHHTj +mnGV48pm7KXMWfCsCzrJuwsi4ctgcrz/AIit8rZ5/wCPg/8AfArMsNPU6bYYHlTS +uUmwTlUHOM+/FaX9kxfwWJZexI6j8q5auH9pNy5rCjVUVax6L5jkfLCx9+1SRgHh +wgOeAxxmsC41NMZkYg/3umKzL/ULq3h86FzdQHqN/JHsfX61VXMKtTSOhy0sthHW +Wpsa9fwQ2skN9BtTqhXsR6n+XuBWLp8BE63luytcBdrDPyXKf3WHrjvUCalb+I/D +t5CHMj22CAww4U9iPYiuO0bV20u+NpdOxsJeCO6HsR6e/tWMIzfM3q+qfU7400oW +joeoS/B/R7pZ9XkvJ0s3QSQpE65APJ3Ejt0/CvKr7w5bTap9n0KC9nTdtzKgJJ/D +ivoP4T6rHrPgxUKjNpO9uy5JGM7h+jCuzeOxtuNkUYHJIAFdUI1Irm5rLzMFieST +U48zPOtO8KTWPwi/szV40E6B2wCG2gsSB9ea+fZFUSso5AJFfX+qLDqGhTeSVkid +PlIOQa+ZPE/hibRQ10xGx5CAvpzSbUKnK3ukXh5OpBt9znI41yeKsJBuxtBz7VRA +uHI8rLMeiqM5rvPDIv7PRZmube3ih+8Z5GwR/U8DtxWlRuMbo1i11OettLnuSwQq +qqMySyNhIx7n19utRXWpw6ZD5doYpHz/AK9hySP7ozwPrz+tUNc16S8laKOQtGD8 +uOAffFYWGb5mrSnSbV5GNSrraJr3eu3ErMDcO2RgMjEAD06Dj2qh/aV0cqZ3YHrk +k5qt5bMwzwDyBUxhCA8cgZNbqMF0Oe8pGvp95cyKUDuU6YB9eOv4itL+1SOPtDfg +0n9OK523v5YYyiEAHIPvmrYWNlDea/Iz90f41jKnqbRnodz4i1O5XTleyIjCnJ2x +jBH5Vy9p4nuYXb5VJb78JPyP7r6GtWbxHoFxGYg92qk5BkQED8j9BWLqulwRwLd2 +lwk9uf4lPIb+Y/GuWhTSXJUibN31gzX8JX0Nx4qlEAKi7tpEZG/hIG7/ANlrG1QA +XEigD5HI/Wsn7TNaXEV5bv5dxGwO9e/vUs1893ullILsck9Mmuj2NpqS2tYKdS3M +mesfAvxJFZa1qOizSbftirLAD0LqDuH1IOf+A1Y+LPi+9ivv7MtZ2jUr+8KnBI9K +8Vt7yezvkurWZop4mDxyKcFWHQ11l/fTeN4hexBf7Vij23FuvWQD/log7+47fTpN +ai3OMn8PUjDzgqrb3PfvAutWl38NdLNs4YRQiKYZ5V1+8D/P8a8w+JV/Hd3kdsGz +EpyQh+Zsdh/j2rA8Ca7aeGlvV1WS7+yXSBWjgIyhHRsHqewHpntWhew+HL7ZcWB1 +h5GHySXqqUwTjoAM9Tgfn1rCpF+255bLYqkuW+mrMuytIorNbq6VLaDYWWINyw7E +nqc/54rA17X7nU5DEsz/AGdcKqk4GB04rR12czzm1t2Z4U6uern1J9/5VkRaTPPI +Nqkrnbketb0+W/PIJxlayMlI8tk1IVyCQPYVZntmt3aJlwenNXtNtfOu0AUgBlVm +9Mn/AD+VbyqJK5EaV3YzYbYqxVuCRya010hlsp2k3eYMNFgcPz/+v8RTrwok8kMY +5L4GexGePp/hXUpZrNocNuP9YZFlI3cj5M8fjn/OKwqV2kmbKjFaHF/2a32dpAoC +Bhj2zTP7PfuHz7Guku0BtPKAUbf3h6DOcf5xU8VpviRuPmUH73/1qy+sytc0eGhs +cJJHHKd1uSB/dY81Gk8kLFTkA9Qe9K8RVspkH0p6us6bXHzetej0PMs76aMczLLG +QP8A9VRK37qmDMT4z/8AXpZCApK9DzinYbnfV7iKeSfWnW1zNZ3sdzbyNFLGdyup +wQaiTpS4y+B1p26GV9Eel+EfEOj6neeRrmn2ryycCZ0GGb1Poa6LXB5yb1ieGziG +yKMDaMAenv8AoPfNef8Ag7TbObWBLqM3lWVovnSkdWORhR9TXZeIfEH2y1W7IKWp +G2GEHGVyc46ew+mfWvKrUYqp7p3QqS3Zbi8OWX/CIvqtx98MWI4U4yFXr65zjn9K +xtT8i00G3EHymUlgf9kBQfzK/rWdda9eXkNtp0Sl1Q5PA2hznBPbA5NXPsTTaMJi +py8ohi/AcY/IDPvUyTik5dTWldu8mcq6N9oEm0EZOCRkccVrQgaar+ejHCrJtx94 +lTtJ9ssK1JNGLTQQ+WQS5j5H+1jn2Gf0NO1+JVLaZbF5bneJJpB91yyg8fQBePc1 +TqqehvFJSOTtkMt0pbJLc5711WiKw1CaG54aIhXVuoXjH8zT/D2lrZXyahcR7kjV +SgK8E8A9fcn8qkiKTeJ9RlGRC7qjMO64ANZVqyk3FdF+pfKMvLcRuVKqyhjGzAdc +5INZptbtGKrcEKDgD2rpLi2CSzWkjkPsyjMMcrk/ryKq/btK/ikYt3PvXPCpK2hZ +5j/D9DUDcTAiiivfjueLMWb+tQuflooq4mVTqCU+LmYfWiimyVsjfgdo9Gk2MVzI +c479Ku6tNItvaoGIXhMewVCB+dFFckviO7oUEmkM4XeQrvtZV4BA6cD6mvYYkV7r +TbYqPJiWMog4CkkZNFFcmN2RcSO5ctDp0p5f7Rt3EdjyR+prF8NQx3PiK7lmQO6l +ZAT2YsATj6UUVxQ+CRtT+Fm5qShobNSBhnlBwMZ+c1jaCivAXYZZ5ZSx9fmNFFc/ +2H6o6V8Jla7PLLcqHcnEhX8M1pQadaG3iJt0JKDt7UUV1Q+BDeyP/9mJAjgEEwEC +ACIFAkzpOWsCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEOeQksw0GKiR +TtoP/2ERYhFJjETwJs3srgUIltaBD2EVYf10Yj1wkx54VHNYLcuYvPkQZqiPbj4O +Tk1NYyZ2lJbNhR/ZEsiDGFv87RboMFhgh0N/gOXI29oZsjlnGncLW7h0I3pYSys1 +F3cxyRS8JheIXLkLVdqhJXfGz8QI0DPp+7NZJzDD+gvDl2ptXkjEPIO8xsxdoj59 +aa2MzKZIgpjf5/GbxGTYbT14yc9K33e6ffnI+uSEWkA5+6iOPeBeHkQpZe0zwE0q +/ZTAo9yvT/DiEDvh4XvC4Y49hLi8gLVmUV7rv1dMIOiGbr89bckOSkUdGsJtiPeF +MEXoZT9iZVLE0rqtFBucgtljRIXqVuC/yn+k8Ol4hNG9dnfr4AMgq1ggb3zGBKxx +Xcfs2kA/EMi2NdSlFdibSu6yxm2QP/p57BT1Io1VwhSWuxecqRNIwY+htGswSU9l +JUqSijAUJqmggaar7NeP20ph5VafODG6ICZwiCadQWUyP7oGoPeT1QAK3WgTuUI5 +hEbdzgCdBGKHx3gG6fIvU6R4o9sW6a0kDXoLqFunGp4aJv8eWOx6spPZJNIDauQe +5Z4CXVT/GL7onTTohACpLovELjJ468MdrE3iY5OtyeUN4jhzDpzcGilb6yE9pXgB +1I5sbZiqEJxd1iBi5yNEXi10IhbmFoTWQJLf4lYpLDfQtPaPuQINBEzpNa0BEACn +yEDw6RCtZFKWWzllekxsrUfpYS82UlPcBE9OsVaEC464RozRGNry4mq953eHSVTF +hIl0dSzamGJuyFGGepiwndslhKOEb60hCjSMFqNJPDePTYbh5hWh9R45qM3gzfln +zXpX5WOJUJHAD6fJcuN82JEKJiQud3neROcWvi/2f3xsOgKRuYHXv/5VMh1Yi1vM +L3v0BzB9CPWyb4O/F7rsomGjPeiily34R64T+OI6AmuHvMUHnu9vuiSoPbJo/P82 +6damUPYo0x17RkqCSvhzRsnWcSdUKENMfAwv1QHM0Tu5n56KCkXT7pfiSPFhmqXj +pEfk/qGly4KYta6K8u/lK6COK3AZ/Qhhy3nxlm/eGD+IBn9rjhH1TUZZRYXQAxpA +eXbYnEsUuChz85Pz5RjDTmM3WL6TBY3RaUZdVa9LAtOA1y/Pw3eIKwdCAUQVADYC +38sVOh5dyOwQOzH9GMn3jOScvhA0Y+OaQjD6CnzvaJ4ZaEU44iAmcQQVy5NhYk1D +2tYTsh3CV/YUpF/n4+dZSxnDkDYYJ/Qnvp5IfnDyQ89anRMjHB8wYvP2jGOBxAQs +PWItY2chyf7mihP6Azx1jEwPWiwi5xJse1MFBBUvkCps95HAEGb3cu255JO644SE +kdcppxcemZ0b2BP89wR+z27WpM8c0jazG2myVB75JQARAQABiQIfBBgBAgAJBQJM +6TWtAhsMAAoJEOeQksw0GKiRclkP/i9Tr4zAXsQXlHJRQ18RvUMs4wZ9gu6uK5qV +FjH+rKr6IXZ20h8UBVKZ+5qkrBfA3B2BlfKoBFz6C0XrmhOF3urUAVEhAnbI+jiW ++eJWjeNMpeFqFIJSfnv2Ca39Gy7Tj7t3pMaEksW+2RL2V1Tg7c4CCz8ubY13tEPC +YKkLp9/zud+qdLIR1XK9lMELMDBdrsElUZ8X8NUvjB0CpjqE3zUxOMWGTAhby+NV +pYVLlP/3yIs4thCWM0hEltDi+KTtj8j4yAkIhi3y9MGg52M+hS5FCNNtfCdaJ9gk +yQgKonXshKxDrq22P6ZC8WB0RvoOmVVLWzEPbHdMLj7/vTskHf87THOJN5aiHJnl ++6Dv56zsldpmvdkzAqFngUAG1ucN+ymsXT88P5suc3uegCf2Mk03RfqrDVB5ZlY6 +5V/dvK9+C4dCyF88SU1JhsMp14marNn71kC3184fZSZfO2BbgzT6s6bNnbeRMw/7 +Hyuvwiu5wWn2il8wswQ6oTeS7ah5wD60SSCDgMVfCFC+17EZ/04PVWOUHuuaAItd +SpAcxHvY9MB4pJbLJG1wjH/5RR/3+D4kQW1DT8QXhc4bJc8l7RkErvaRYK7SkE2P +zYz5ZlC9VrvAi4OdeZmLGuggfAfTvu/7b8f8rwyXmBPX+imdoH7EAo2XBlXqYsUG +xh8t6/dM +=gRcX +-----END PGP PUBLIC KEY BLOCK----- diff --git a/watch b/watch new file mode 100644 index 00000000..94d0f2dd --- /dev/null +++ b/watch @@ -0,0 +1,3 @@ +version=3 +opts=pgpsigurlmangle=s/$/.sign/ \ +https://www.freedesktop.org/software/polkit/releases/polkit-(.*)\.tar\.gz -- cgit v1.2.3 From 0e961a3ad068f377741165d2e8455b684285070e Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Wed, 6 Jun 2012 09:05:14 -0400 Subject: agenthelper-pam: Fix newline-trimming code First, we were using == instead of =, as the author probably intended. But after changing that, we're now assigning to const memory. Fix that by writing to a temporary string buffer. Signed-off-by: David Zeuthen Origin: upstream, 0.106, commit:14121fda7e4fa9463c66ce419cc32be7e7f3b535 Gbp-Pq: Topic 0.106 Gbp-Pq: Name agenthelper-pam-Fix-newline-trimming-code.patch --- src/polkitagent/polkitagenthelper-pam.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/src/polkitagent/polkitagenthelper-pam.c b/src/polkitagent/polkitagenthelper-pam.c index 85a26718..7af5321e 100644 --- a/src/polkitagent/polkitagenthelper-pam.c +++ b/src/polkitagent/polkitagenthelper-pam.c @@ -227,6 +227,8 @@ conversation_function (int n, const struct pam_message **msg, struct pam_respons char buf[PAM_MAX_RESP_SIZE]; int i; gchar *escaped = NULL; + gchar *tmp = NULL; + size_t len; data = data; if (n <= 0 || n > PAM_MAX_NUM_MSG) @@ -258,9 +260,12 @@ conversation_function (int n, const struct pam_message **msg, struct pam_respons #ifdef PAH_DEBUG fprintf (stderr, "polkit-agent-helper-1: writing `%s' to stdout\n", msg[i]->msg); #endif /* PAH_DEBUG */ - if (strlen (msg[i]->msg) > 0 && msg[i]->msg[strlen (msg[i]->msg) - 1] == '\n') - msg[i]->msg[strlen (msg[i]->msg) - 1] == '\0'; - escaped = g_strescape (msg[i]->msg, NULL); + tmp = g_strdup (msg[i]->msg); + len = strlen (tmp); + if (len > 0 && tmp[len - 1] == '\n') + tmp[len - 1] = '\0'; + escaped = g_strescape (tmp, NULL); + g_free (tmp); fputs (escaped, stdout); g_free (escaped); #ifdef PAH_DEBUG -- cgit v1.2.3 From ec433fcfd0827d6c8c1018a282d0b66d8935d4f1 Mon Sep 17 00:00:00 2001 From: Matthias Clasen Date: Wed, 27 Jun 2012 20:28:00 -0400 Subject: Try harder to look up the right localization The code for looking up localized strings for action descriptions was manually trying to break locale names into pieces, but didn't get it right for e.g. zh_CN.utf-8. Instead, use the GLib function g_get_locale_variants(), which handles this (and more). This fixes the translation problem reported in https://bugzilla.gnome.org/show_bug.cgi?id=665497 Signed-off-by: David Zeuthen (cherry picked from commit facadfb5c8c52ba45fd20ffe3b6d3ddd4208a427) Gbp-Pq: Topic 0.107 Gbp-Pq: Name Try-harder-to-look-up-the-right-localization.patch --- src/polkitbackend/polkitbackendactionpool.c | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/src/polkitbackend/polkitbackendactionpool.c b/src/polkitbackend/polkitbackendactionpool.c index e3ed38d4..0af00109 100644 --- a/src/polkitbackend/polkitbackendactionpool.c +++ b/src/polkitbackend/polkitbackendactionpool.c @@ -1108,7 +1108,7 @@ _localize (GHashTable *translations, const gchar *lang) { const gchar *result; - gchar lang2[256]; + gchar **langs; guint n; if (lang == NULL) @@ -1123,16 +1123,14 @@ _localize (GHashTable *translations, goto out; /* we could have a translation for 'da' but lang=='da_DK'; cut off the last part and try again */ - strncpy (lang2, lang, sizeof (lang2)); - for (n = 0; lang2[n] != '\0'; n++) + langs = g_get_locale_variants (lang); + for (n = 0; langs[n] != NULL; n++) { - if (lang2[n] == '_') - { - lang2[n] = '\0'; - break; - } + result = (const char *) g_hash_table_lookup (translations, (void *) langs[n]); + if (result != NULL) + break; } - result = (const char *) g_hash_table_lookup (translations, (void *) lang2); + g_strfreev (langs); if (result != NULL) goto out; -- cgit v1.2.3 From b027a0ae94cc53eccb48fc9d83ccc141db7c9576 Mon Sep 17 00:00:00 2001 From: Ryan Lortie Date: Tue, 13 Nov 2012 11:50:14 -0500 Subject: build: Fix .gir generation for parallel make As per the intructions in the introspection Makefile, we should have a line declaring a dependency between the .gir and .la files. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=57077 Signed-off-by: David Zeuthen Bug-Debian: https://bugs.debian.org/894205 Gbp-Pq: Topic 0.108 Gbp-Pq: Name build-Fix-.gir-generation-for-parallel-make.patch --- src/polkit/Makefile.am | 2 ++ src/polkitagent/Makefile.am | 2 ++ 2 files changed, 4 insertions(+) diff --git a/src/polkit/Makefile.am b/src/polkit/Makefile.am index 1068ea12..41ccf5c3 100644 --- a/src/polkit/Makefile.am +++ b/src/polkit/Makefile.am @@ -106,6 +106,8 @@ if HAVE_INTROSPECTION INTROSPECTION_GIRS = Polkit-1.0.gir +Polkit-1.0.gir: libpolkit-gobject-1.la + girdir = $(INTROSPECTION_GIRDIR) gir_DATA = Polkit-1.0.gir diff --git a/src/polkitagent/Makefile.am b/src/polkitagent/Makefile.am index e8c9fb1a..7b51137b 100644 --- a/src/polkitagent/Makefile.am +++ b/src/polkitagent/Makefile.am @@ -106,6 +106,8 @@ if HAVE_INTROSPECTION girdir = $(INTROSPECTION_GIRDIR) gir_DATA = PolkitAgent-1.0.gir +PolkitAgent-1.0.gir: libpolkit-agent-1.la + typelibsdir = $(INTROSPECTION_TYPELIBDIR) typelibs_DATA = PolkitAgent-1.0.typelib -- cgit v1.2.3 From 9524c51f0b04b8be2c9a1eacd962c500e847b454 Mon Sep 17 00:00:00 2001 From: Adam Jackson Date: Tue, 9 Oct 2012 14:08:24 -0400 Subject: PolkitAgent: Avoid crashing if initializing the server object fails Note that otherwise we return a freed server object. Since later in polkit_agent_listener_register_with_options we check against NULL to determine failure, this makes for sad times later when we call server_free() on it again. Signed-off-by: David Zeuthen Origin: 0.108, commit:59f2d96ce3ac63173669f299a9453a7bf5e70a70 Bug: https://bugs.freedesktop.org/show_bug.cgi?id=55776 Bug-Debian: https://bugs.debian.org/923046 Gbp-Pq: Topic 0.108 Gbp-Pq: Name PolkitAgent-Avoid-crashing-if-initializing-the-server-obj.patch --- src/polkitagent/polkitagentlistener.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/polkitagent/polkitagentlistener.c b/src/polkitagent/polkitagentlistener.c index 0d97501a..5bddd035 100644 --- a/src/polkitagent/polkitagentlistener.c +++ b/src/polkitagent/polkitagentlistener.c @@ -260,10 +260,9 @@ server_new (PolkitSubject *subject, if (!server_init_sync (server, cancellable, error)) { server_free (server); - goto out; + return NULL; } - out: return server; } -- cgit v1.2.3 From d936f605655039dc51d1eff35264e504fd1a64f1 Mon Sep 17 00:00:00 2001 From: David Zeuthen Date: Wed, 19 Dec 2012 14:28:29 -0500 Subject: Set XAUTHORITY environment variable if is unset The way it works is that if XAUTHORITY is unset, then its default value is $HOME/.Xauthority. But since we're changing user identity this will not work since $HOME will now change. Therefore, if XAUTHORITY is unset, just set its default value before changing identity. This bug only affected login managers using X Window Authorization but not explicitly setting the XAUTHORITY variable. You can argue that XAUTHORITY is broken since it forces uid-changing apps like pkexec(1) to do more work - and get involved in intimate details of how X works and so on - but that doesn't change how things work. Based on a patch from Peter Wu . Bug: https://bugs.freedesktop.org/show_bug.cgi?id=51623 Signed-off-by: David Zeuthen Origin: upstream, 0.110, commit:d6acecdd0ebb42e28ff28e04e0207cb01fa20910 Gbp-Pq: Topic 0.110 Gbp-Pq: Name 07_set-XAUTHORITY-environment-variable-if-unset.patch --- src/programs/pkexec.c | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c index 373977b8..7fafa14d 100644 --- a/src/programs/pkexec.c +++ b/src/programs/pkexec.c @@ -597,6 +597,28 @@ main (int argc, char *argv[]) g_ptr_array_add (saved_env, g_strdup (value)); } + /* $XAUTHORITY is "special" - if unset, we need to set it to ~/.Xauthority. Yes, + * this is broken but it's unfortunately how things work (see fdo #51623 for + * details) + */ + if (g_getenv ("XAUTHORITY") == NULL) + { + const gchar *home; + + /* pre-2.36 GLib does not examine $HOME (it always looks in /etc/passwd) and + * this is not what we want + */ + home = g_getenv ("HOME"); + if (home == NULL) + home = g_get_home_dir (); + + if (home != NULL) + { + g_ptr_array_add (saved_env, g_strdup ("XAUTHORITY")); + g_ptr_array_add (saved_env, g_build_filename (home, ".Xauthority", NULL)); + } + } + /* Nuke the environment to get a well-known and sanitized environment to avoid attacks * via e.g. the DBUS_SYSTEM_BUS_ADDRESS environment variable and similar. */ -- cgit v1.2.3 From caaaabd3494c7e41daa1e90457bf9b40e9985bce Mon Sep 17 00:00:00 2001 From: Emilio Pozuelo Monfort Date: Sat, 26 Mar 2011 07:28:14 +0000 Subject: Fix build on GNU Hurd Bug: https://bugs.freedesktop.org/show_bug.cgi?id=35685 Applied-upstream: 0.110, commit:d6de13e12379826af8ca9355a32da48707b9831f Gbp-Pq: Topic 0.110 Gbp-Pq: Name 04_get_cwd.patch --- src/programs/pkexec.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c index 7fafa14d..682fe954 100644 --- a/src/programs/pkexec.c +++ b/src/programs/pkexec.c @@ -53,7 +53,7 @@ #include static gchar *original_user_name = NULL; -static gchar original_cwd[PATH_MAX]; +static gchar *original_cwd; static gchar *command_line = NULL; static struct passwd *pw; @@ -465,7 +465,7 @@ main (int argc, char *argv[]) goto out; } - if (getcwd (original_cwd, sizeof (original_cwd)) == NULL) + if ((original_cwd = g_get_current_dir ()) == NULL) { g_printerr ("Error getting cwd: %s\n", g_strerror (errno)); @@ -953,6 +953,7 @@ main (int argc, char *argv[]) g_ptr_array_free (saved_env, TRUE); } + g_free (original_cwd); g_free (path); g_free (command_line); g_free (opt_user); -- cgit v1.2.3 From ab5a3609a86bd6c4d57e85f3a9508d6119d072f5 Mon Sep 17 00:00:00 2001 From: Steve Langasek Date: Fri, 8 Mar 2013 12:00:00 +0100 Subject: pkexec: Set process environment from pam_getenvlist() Various pam modules provide environment variables that are intended to be set in the environment of the pam session. pkexec needs to process the output of pam_getenvlist() to get these. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=62016 Applied-upstream: 0.111, commit:5aef9722c15a350fbf8b20a3b58419f156cc7c98 Bug-Ubuntu: https://bugs.launchpad.net/bugs/982684 Gbp-Pq: Topic 0.111 Gbp-Pq: Name 09_pam_environment.patch --- src/programs/pkexec.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c index 682fe954..9a0570a3 100644 --- a/src/programs/pkexec.c +++ b/src/programs/pkexec.c @@ -145,6 +145,7 @@ open_session (const gchar *user_to_auth) gboolean ret; gint rc; pam_handle_t *pam_h; + char **envlist; struct pam_conv conversation; ret = FALSE; @@ -176,6 +177,15 @@ open_session (const gchar *user_to_auth) ret = TRUE; + envlist = pam_getenvlist (pam_h); + if (envlist != NULL) + { + guint n; + for (n = 0; envlist[n]; n++) + putenv (envlist[n]); + free (envlist); + } + out: if (pam_h != NULL) pam_end (pam_h, rc); -- cgit v1.2.3 From 160c4e29e026e11ca572c120512d76434c525f1a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Thu, 18 Apr 2013 19:54:59 +0200 Subject: Add a FIXME to polkitprivate.h See discussion in https://bugs.freedesktop.org/show_bug.cgi?id=63573 . Origin: upstream, 0.111, commit:18d97c95c022bb381efab8fb6ac80312bd7fbc11 Gbp-Pq: Topic 0.111 Gbp-Pq: Name Add-a-FIXME-to-polkitprivate.h.patch --- src/polkit/polkitprivate.h | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/src/polkit/polkitprivate.h b/src/polkit/polkitprivate.h index 579cc253..7f5c4634 100644 --- a/src/polkit/polkitprivate.h +++ b/src/polkit/polkitprivate.h @@ -28,6 +28,16 @@ #include "polkitauthorizationresult.h" #include "polkittemporaryauthorization.h" +/* FIXME: This header file is currently installed among other public header + files, and the symbols are exported in the shared library. + + For application writers: relying on any function here is strongly + discouraged. + + For polkit maintainers: This should be made private if a large ABI break + were necessary in the future. In the meantime, consider that there is + non-zero risk that changing these functions might break some applications. */ + PolkitActionDescription *polkit_action_description_new_for_gvariant (GVariant *value); GVariant *polkit_action_description_to_gvariant (PolkitActionDescription *action_description); -- cgit v1.2.3 From fdbc5c46174fac1e16ddbfdbd46fb025b21ea691 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Tue, 7 May 2013 22:30:25 +0200 Subject: Fix a memory leak Bug: https://bugs.freedesktop.org/show_bug.cgi?id=64336 Origin: upstream, 0.111, commit:d7b6ab40b586c255c49aba22f558eb6602c88b1e Gbp-Pq: Topic 0.111 Gbp-Pq: Name Fix-a-memory-leak.patch --- src/polkitagent/polkitagenthelper-pam.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/polkitagent/polkitagenthelper-pam.c b/src/polkitagent/polkitagenthelper-pam.c index 7af5321e..292abbe4 100644 --- a/src/polkitagent/polkitagenthelper-pam.c +++ b/src/polkitagent/polkitagenthelper-pam.c @@ -321,6 +321,7 @@ error: } } memset (aresp, 0, n * sizeof *aresp); + free (aresp); *resp = NULL; return PAM_CONV_ERR; } -- cgit v1.2.3 From b349ee482fcc1eb21757c21d4f5836a393ce3f4f Mon Sep 17 00:00:00 2001 From: Tomas Bzatek Date: Wed, 29 May 2013 13:45:31 +0000 Subject: Use GOnce for interface type registration Static local variable may not be enough since it doesn't provide locking. Related to these udisksd warnings: GLib-GObject-WARNING **: cannot register existing type `PolkitSubject' Thanks to Hans de Goede for spotting this! Bug: https://bugs.freedesktop.org/show_bug.cgi?id=65130 Origin: upstream, 0.112, commit:20ad116a6582e57d20f9d8197758947918753a4c Gbp-Pq: Topic 0.112 Gbp-Pq: Name 00git_type_registration.patch --- src/polkit/polkitidentity.c | 10 ++++++---- src/polkit/polkitsubject.c | 10 ++++++---- src/polkitbackend/polkitbackendactionlookup.c | 10 ++++++---- 3 files changed, 18 insertions(+), 12 deletions(-) diff --git a/src/polkit/polkitidentity.c b/src/polkit/polkitidentity.c index dd15b2f9..7813c2c0 100644 --- a/src/polkit/polkitidentity.c +++ b/src/polkit/polkitidentity.c @@ -49,9 +49,9 @@ base_init (gpointer g_iface) GType polkit_identity_get_type (void) { - static GType iface_type = 0; + static volatile gsize g_define_type_id__volatile = 0; - if (iface_type == 0) + if (g_once_init_enter (&g_define_type_id__volatile)) { static const GTypeInfo info = { @@ -67,12 +67,14 @@ polkit_identity_get_type (void) NULL /* value_table */ }; - iface_type = g_type_register_static (G_TYPE_INTERFACE, "PolkitIdentity", &info, 0); + GType iface_type = + g_type_register_static (G_TYPE_INTERFACE, "PolkitIdentity", &info, 0); g_type_interface_add_prerequisite (iface_type, G_TYPE_OBJECT); + g_once_init_leave (&g_define_type_id__volatile, iface_type); } - return iface_type; + return g_define_type_id__volatile; } /** diff --git a/src/polkit/polkitsubject.c b/src/polkit/polkitsubject.c index d2c4c205..aed57951 100644 --- a/src/polkit/polkitsubject.c +++ b/src/polkit/polkitsubject.c @@ -50,9 +50,9 @@ base_init (gpointer g_iface) GType polkit_subject_get_type (void) { - static GType iface_type = 0; + static volatile gsize g_define_type_id__volatile = 0; - if (iface_type == 0) + if (g_once_init_enter (&g_define_type_id__volatile)) { static const GTypeInfo info = { @@ -68,12 +68,14 @@ polkit_subject_get_type (void) NULL /* value_table */ }; - iface_type = g_type_register_static (G_TYPE_INTERFACE, "PolkitSubject", &info, 0); + GType iface_type = + g_type_register_static (G_TYPE_INTERFACE, "PolkitSubject", &info, 0); g_type_interface_add_prerequisite (iface_type, G_TYPE_OBJECT); + g_once_init_leave (&g_define_type_id__volatile, iface_type); } - return iface_type; + return g_define_type_id__volatile; } /** diff --git a/src/polkitbackend/polkitbackendactionlookup.c b/src/polkitbackend/polkitbackendactionlookup.c index 5a1a228a..20747e79 100644 --- a/src/polkitbackend/polkitbackendactionlookup.c +++ b/src/polkitbackend/polkitbackendactionlookup.c @@ -74,9 +74,9 @@ base_init (gpointer g_iface) GType polkit_backend_action_lookup_get_type (void) { - static GType iface_type = 0; + static volatile gsize g_define_type_id__volatile = 0; - if (iface_type == 0) + if (g_once_init_enter (&g_define_type_id__volatile)) { static const GTypeInfo info = { @@ -92,12 +92,14 @@ polkit_backend_action_lookup_get_type (void) NULL /* value_table */ }; - iface_type = g_type_register_static (G_TYPE_INTERFACE, "PolkitBackendActionLookup", &info, 0); + GType iface_type = + g_type_register_static (G_TYPE_INTERFACE, "PolkitBackendActionLookup", &info, 0); g_type_interface_add_prerequisite (iface_type, G_TYPE_OBJECT); + g_once_init_leave (&g_define_type_id__volatile, iface_type); } - return iface_type; + return g_define_type_id__volatile; } /** -- cgit v1.2.3 From 6305e20e5dcc02dc652b91c3eb68a690a07deb47 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Tue, 20 Aug 2013 15:15:31 -0400 Subject: polkitunixprocess: Deprecate racy APIs It's only safe for processes to be created with their owning uid, (without kernel support, which we don't have). Anything else is subject to clients exec()ing setuid binaries after the fact. Origin: upstream, 0.112, commit:08291789a1f99d4ab29c74c39344304bcca43023 Gbp-Pq: Topic 0.112 Gbp-Pq: Name 08_deprecate_racy_APIs.patch --- src/polkit/polkitunixprocess.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/polkit/polkitunixprocess.h b/src/polkit/polkitunixprocess.h index 531a57d6..f5ed1a73 100644 --- a/src/polkit/polkitunixprocess.h +++ b/src/polkit/polkitunixprocess.h @@ -47,7 +47,9 @@ typedef struct _PolkitUnixProcess PolkitUnixProcess; typedef struct _PolkitUnixProcessClass PolkitUnixProcessClass; GType polkit_unix_process_get_type (void) G_GNUC_CONST; +G_GNUC_DEPRECATED_FOR(polkit_unix_process_new_for_owner) PolkitSubject *polkit_unix_process_new (gint pid); +G_GNUC_DEPRECATED_FOR(polkit_unix_process_new_for_owner) PolkitSubject *polkit_unix_process_new_full (gint pid, guint64 start_time); PolkitSubject *polkit_unix_process_new_for_owner (gint pid, -- cgit v1.2.3 From 186d67bd6f51d57e236bd720294fe9263a62c7a3 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Mon, 19 Aug 2013 12:16:11 -0400 Subject: pkcheck: Support --process=pid,start-time,uid syntax too The uid is a new addition; this allows callers such as libvirt to close a race condition in reading the uid of the process talking to them. They can read it via getsockopt(SO_PEERCRED) or equivalent, rather than having pkcheck look at /proc later after the fact. Programs which invoke pkcheck but need to know beforehand (i.e. at compile time) whether or not it supports passing the uid can use: pkcheck_supports_uid=$($PKG_CONFIG --variable pkcheck_supports_uid polkit-gobject-1) test x$pkcheck_supports_uid = xyes Origin: upstream, 0.112, commit:3968411b0c7ba193f9b9276ec911692aec248608 Gbp-Pq: Topic 0.112 Gbp-Pq: Name cve-2013-4288.patch --- data/polkit-gobject-1.pc.in | 3 +++ docs/man/pkcheck.xml | 29 ++++++++++++++++++++--------- src/programs/pkcheck.c | 7 ++++++- 3 files changed, 29 insertions(+), 10 deletions(-) diff --git a/data/polkit-gobject-1.pc.in b/data/polkit-gobject-1.pc.in index c39677dd..5c4c6207 100644 --- a/data/polkit-gobject-1.pc.in +++ b/data/polkit-gobject-1.pc.in @@ -11,3 +11,6 @@ Version: @VERSION@ Libs: -L${libdir} -lpolkit-gobject-1 Cflags: -I${includedir}/polkit-1 Requires: gio-2.0 >= 2.18 glib-2.0 >= 2.18 +# Programs using pkcheck can use this to determine +# whether or not it can be passed a uid. +pkcheck_supports_uid=true diff --git a/docs/man/pkcheck.xml b/docs/man/pkcheck.xml index 6b8a8743..508447e2 100644 --- a/docs/man/pkcheck.xml +++ b/docs/man/pkcheck.xml @@ -55,6 +55,9 @@ pid,pid-start-time + + pid,pid-start-time,uid + @@ -90,7 +93,7 @@ DESCRIPTION pkcheck is used to check whether a process, specified by - either or , + either (see below) or , is authorized for action. The option can be used zero or more times to pass details about action. If is passed, pkcheck blocks @@ -160,17 +163,25 @@ KEY3=VALUE3 NOTES - Since process identifiers can be recycled, the caller should always use - pid,pid-start-time to specify the process - to check for authorization when using the option. - The value of pid-start-time - can be determined by consulting e.g. the + Do not use either the bare pid or + pid,start-time syntax forms for + . There are race conditions in both. + New code should always use + pid,pid-start-time,uid. The value of + start-time can be determined by + consulting e.g. the proc5 - file system depending on the operating system. If only pid - is passed to the option, then pkcheck - will look up the start time itself but note that this may be racy. + file system depending on the operating system. If fewer than 3 + arguments are passed, pkcheck will attempt to + look up them up internally, but note that this may be racy. + + + If your program is a daemon with e.g. a custom Unix domain + socket, you should determine the uid + parameter via operating system mechanisms such as + PEERCRED. diff --git a/src/programs/pkcheck.c b/src/programs/pkcheck.c index 719a36c4..057e926d 100644 --- a/src/programs/pkcheck.c +++ b/src/programs/pkcheck.c @@ -372,6 +372,7 @@ main (int argc, char *argv[]) else if (g_strcmp0 (argv[n], "--process") == 0 || g_strcmp0 (argv[n], "-p") == 0) { gint pid; + guint uid; guint64 pid_start_time; n++; @@ -381,7 +382,11 @@ main (int argc, char *argv[]) goto out; } - if (sscanf (argv[n], "%i,%" G_GUINT64_FORMAT, &pid, &pid_start_time) == 2) + if (sscanf (argv[n], "%i,%" G_GUINT64_FORMAT ",%u", &pid, &pid_start_time, &uid) == 3) + { + subject = polkit_unix_process_new_for_owner (pid, pid_start_time, uid); + } + else if (sscanf (argv[n], "%i,%" G_GUINT64_FORMAT, &pid, &pid_start_time) == 2) { subject = polkit_unix_process_new_full (pid, pid_start_time); } -- cgit v1.2.3 From a90f246885251ca679334e60be62756d55a27e72 Mon Sep 17 00:00:00 2001 From: Rui Matos Date: Thu, 2 Mar 2017 14:50:31 +0100 Subject: polkitpermission: Fix a memory leak on authority changes Signed-off-by: Rui Matos Bug: https://bugs.freedesktop.org/show_bug.cgi?id=99741 Origin: upstream, 0.114, commit:df6488c0a5b2a6c7a2d4f6a55008263635c5571b Gbp-Pq: Topic 0.114 Gbp-Pq: Name polkitpermission-Fix-a-memory-leak-on-authority-changes.patch --- src/polkit/polkitpermission.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/polkit/polkitpermission.c b/src/polkit/polkitpermission.c index 22d195fc..be794cb3 100644 --- a/src/polkit/polkitpermission.c +++ b/src/polkit/polkitpermission.c @@ -454,6 +454,7 @@ changed_check_cb (GObject *source_object, if (result != NULL) { process_result (permission, result); + g_object_unref (result); } else { -- cgit v1.2.3 From a5e3028f1fdbfa86659b701a02f810bf973304da Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Sat, 9 Nov 2013 13:48:21 -0500 Subject: Port internals non-deprecated PolkitProcess API where possible We can't port everything, but in PolkitPermission and these test cases, we can use _for_owner() with the right information. [smcv: drop the part that touches test/polkitbackend/test-polkitbackendjsauthority.c which is not in this branch] Origin: upstream, 0.113, commit:6d3d0a8ffb0fd8ae59eb35593b305ec87da8858d Gbp-Pq: Topic 0.113 Gbp-Pq: Name Port-internals-non-deprecated-PolkitProcess-API-wher.patch --- src/polkit/polkitpermission.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/polkit/polkitpermission.c b/src/polkit/polkitpermission.c index be794cb3..f264094d 100644 --- a/src/polkit/polkitpermission.c +++ b/src/polkit/polkitpermission.c @@ -122,7 +122,7 @@ polkit_permission_constructed (GObject *object) PolkitPermission *permission = POLKIT_PERMISSION (object); if (permission->subject == NULL) - permission->subject = polkit_unix_process_new (getpid ()); + permission->subject = polkit_unix_process_new_for_owner (getpid (), 0, getuid ()); if (G_OBJECT_CLASS (polkit_permission_parent_class)->constructed != NULL) G_OBJECT_CLASS (polkit_permission_parent_class)->constructed (object); -- cgit v1.2.3 From 8b79ae517f83bb41da742afc9ac1fa0a555e6e60 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Thu, 21 Nov 2013 17:39:37 -0500 Subject: pkexec: Work around systemd injecting broken XDG_RUNTIME_DIR This workaround isn't too much code, and it's often better to fix bugs in two places anyways. For more information: See https://bugzilla.redhat.com/show_bug.cgi?id=753882 See http://lists.freedesktop.org/archives/systemd-devel/2013-November/014370.html Origin: upstream, 0.113, commit:8635ffc16aeff6a07d675f861fe0dea03ea81d7e Gbp-Pq: Topic 0.113 Gbp-Pq: Name pkexec-Work-around-systemd-injecting-broken-XDG_RUNT.patch --- src/programs/pkexec.c | 33 ++++++++++++++++++++++++++++++--- 1 file changed, 30 insertions(+), 3 deletions(-) diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c index 9a0570a3..5e990443 100644 --- a/src/programs/pkexec.c +++ b/src/programs/pkexec.c @@ -139,8 +139,22 @@ pam_conversation_function (int n, return PAM_CONV_ERR; } +/* A work around for: + * https://bugzilla.redhat.com/show_bug.cgi?id=753882 + */ +static gboolean +xdg_runtime_dir_is_owned_by (const char *path, + uid_t target_uid) +{ + struct stat stbuf; + + return stat (path, &stbuf) == 0 && + stbuf.st_uid == target_uid; +} + static gboolean -open_session (const gchar *user_to_auth) +open_session (const gchar *user_to_auth, + uid_t target_uid) { gboolean ret; gint rc; @@ -182,7 +196,19 @@ open_session (const gchar *user_to_auth) { guint n; for (n = 0; envlist[n]; n++) - putenv (envlist[n]); + { + const char *envitem = envlist[n]; + + if (g_str_has_prefix (envitem, "XDG_RUNTIME_DIR=")) + { + const char *eq = strchr (envitem, '='); + g_assert (eq); + if (!xdg_runtime_dir_is_owned_by (eq + 1, target_uid)) + continue; + } + + putenv (envlist[n]); + } free (envlist); } @@ -892,7 +918,8 @@ main (int argc, char *argv[]) * As evident above, neither su(1) (and, for that matter, nor sudo(8)) does this. */ #ifdef POLKIT_AUTHFW_PAM - if (!open_session (pw->pw_name)) + if (!open_session (pw->pw_name, + pw->pw_uid)) { goto out; } -- cgit v1.2.3 From 62cb54c3fb7554b3187a1944892864a677cc1fa2 Mon Sep 17 00:00:00 2001 From: Rui Matos Date: Thu, 6 Feb 2014 18:41:18 +0100 Subject: PolkitAgentSession: fix race between child and io watches The helper flushes and fdatasyncs stdout and stderr before terminating but this doesn't guarantee that our io watch is called before our child watch. This means that we can end up with a successful return from the helper which we still report as a failure. If we add G_IO_HUP and G_IO_ERR to the conditions we look for in the io watch and the child terminates we still run the io watch handler which will complete the session. This means that the child watch is in fact needless and we can remove it. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=60847 Origin: upstream, 0.113, commit:7650ad1e08ab13bdb461783c4995d186d9392840 Bug: http://bugs.freedesktop.org/show_bug.cgi?id=30515 Bug-Ubuntu: https://launchpad.net/bugs/649939 Bug-Ubuntu: https://launchpad.net/bugs/445303 Gbp-Pq: Topic 0.113 Gbp-Pq: Name 03_PolkitAgentSession-fix-race-between-child-and-io-wat.patch --- src/polkitagent/polkitagentsession.c | 47 +++++++++--------------------------- 1 file changed, 11 insertions(+), 36 deletions(-) diff --git a/src/polkitagent/polkitagentsession.c b/src/polkitagent/polkitagentsession.c index 8129cd9f..a658a229 100644 --- a/src/polkitagent/polkitagentsession.c +++ b/src/polkitagent/polkitagentsession.c @@ -92,7 +92,6 @@ struct _PolkitAgentSession int child_stdout; GPid child_pid; - GSource *child_watch_source; GSource *child_stdout_watch_source; GIOChannel *child_stdout_channel; @@ -377,13 +376,6 @@ kill_helper (PolkitAgentSession *session) session->child_pid = 0; } - if (session->child_watch_source != NULL) - { - g_source_destroy (session->child_watch_source); - g_source_unref (session->child_watch_source); - session->child_watch_source = NULL; - } - if (session->child_stdout_watch_source != NULL) { g_source_destroy (session->child_stdout_watch_source); @@ -429,26 +421,6 @@ complete_session (PolkitAgentSession *session, } } -static void -child_watch_func (GPid pid, - gint status, - gpointer user_data) -{ - PolkitAgentSession *session = POLKIT_AGENT_SESSION (user_data); - - if (G_UNLIKELY (_show_debug ())) - { - g_print ("PolkitAgentSession: in child_watch_func for pid %d (WIFEXITED=%d WEXITSTATUS=%d)\n", - (gint) pid, - WIFEXITED(status), - WEXITSTATUS(status)); - } - - /* kill all the watches we have set up, except for the child since it has exited already */ - session->child_pid = 0; - complete_session (session, FALSE); -} - static gboolean io_watch_have_data (GIOChannel *channel, GIOCondition condition, @@ -475,10 +447,13 @@ io_watch_have_data (GIOChannel *channel, NULL, NULL, &error); - if (error != NULL) + if (error != NULL || line == NULL) { - g_warning ("Error reading line from helper: %s", error->message); - g_error_free (error); + /* In case we get just G_IO_HUP, line is NULL but error is + unset.*/ + g_warning ("Error reading line from helper: %s", + error ? error->message : "nothing to read"); + g_clear_error (&error); complete_session (session, FALSE); goto out; @@ -540,6 +515,9 @@ io_watch_have_data (GIOChannel *channel, g_free (line); g_free (unescaped); + if (condition & (G_IO_ERR | G_IO_HUP)) + complete_session (session, FALSE); + /* keep the IOChannel around */ return TRUE; } @@ -650,12 +628,9 @@ polkit_agent_session_initiate (PolkitAgentSession *session) if (G_UNLIKELY (_show_debug ())) g_print ("PolkitAgentSession: spawned helper with pid %d\n", (gint) session->child_pid); - session->child_watch_source = g_child_watch_source_new (session->child_pid); - g_source_set_callback (session->child_watch_source, (GSourceFunc) child_watch_func, session, NULL); - g_source_attach (session->child_watch_source, g_main_context_get_thread_default ()); - session->child_stdout_channel = g_io_channel_unix_new (session->child_stdout); - session->child_stdout_watch_source = g_io_create_watch (session->child_stdout_channel, G_IO_IN); + session->child_stdout_watch_source = g_io_create_watch (session->child_stdout_channel, + G_IO_IN | G_IO_ERR | G_IO_HUP); g_source_set_callback (session->child_stdout_watch_source, (GSourceFunc) io_watch_have_data, session, NULL); g_source_attach (session->child_stdout_watch_source, g_main_context_get_thread_default ()); -- cgit v1.2.3 From bef321ecc7c86c8733beb06750a5566035981bdf Mon Sep 17 00:00:00 2001 From: Lukasz Skalski Date: Tue, 22 Apr 2014 11:11:20 +0200 Subject: polkitd: Fix problem with removing non-existent source Bug: https://bugs.freedesktop.org/show_bug.cgi?id=77167 Applied-upstream: 0.113, commit:3ca4e00c7e003ea80aa96b499bc7cd83246d7108 Gbp-Pq: Topic 0.113 Gbp-Pq: Name polkitd-Fix-problem-with-removing-non-existent-sourc.patch --- src/polkitd/main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/polkitd/main.c b/src/polkitd/main.c index b21723f6..f18fb917 100644 --- a/src/polkitd/main.c +++ b/src/polkitd/main.c @@ -93,7 +93,7 @@ on_sigint (gpointer user_data) { g_print ("Handling SIGINT\n"); g_main_loop_quit (loop); - return FALSE; + return TRUE; } int -- cgit v1.2.3 From c71ceedf78938d5b873450a9ec2d22a3758abcf1 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Wed, 21 Aug 2013 12:23:55 -0400 Subject: PolkitSystemBusName: Add public API to retrieve Unix user And change the duplicated code in the backend session monitors to use it. This just a code cleanup resulting from review after CVE-2013-4288. There's no security impact from this patch, it just removes duplicated code. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=69538 Origin: upstream, 0.113, commit:904d8404d93dec45fce3b719eb1a626acc6b8a73 Gbp-Pq: Topic 0.113 Gbp-Pq: Name PolkitSystemBusName-Add-public-API-to-retrieve-Unix-.patch --- src/polkit/polkitsystembusname.c | 56 ++++++++++++++++++++++ src/polkit/polkitsystembusname.h | 4 ++ .../polkitbackendsessionmonitor-systemd.c | 20 +------- src/polkitbackend/polkitbackendsessionmonitor.c | 20 +------- 4 files changed, 62 insertions(+), 38 deletions(-) diff --git a/src/polkit/polkitsystembusname.c b/src/polkit/polkitsystembusname.c index 2a297c4a..51e4a694 100644 --- a/src/polkit/polkitsystembusname.c +++ b/src/polkit/polkitsystembusname.c @@ -25,6 +25,7 @@ #include #include "polkitsystembusname.h" +#include "polkitunixuser.h" #include "polkitsubject.h" #include "polkitprivate.h" @@ -396,3 +397,58 @@ polkit_system_bus_name_get_process_sync (PolkitSystemBusName *system_bus_name, return ret; } +/** + * polkit_system_bus_name_get_user_sync: + * @system_bus_name: A #PolkitSystemBusName. + * @cancellable: (allow-none): A #GCancellable or %NULL. + * @error: (allow-none): Return location for error or %NULL. + * + * Synchronously gets a #PolkitUnixUser object for @system_bus_name; + * the calling thread is blocked until a reply is received. + * + * Returns: (allow-none) (transfer full): A #PolkitUnixUser object or %NULL if @error is set. + **/ +PolkitUnixUser * +polkit_system_bus_name_get_user_sync (PolkitSystemBusName *system_bus_name, + GCancellable *cancellable, + GError **error) +{ + GDBusConnection *connection; + PolkitUnixUser *ret; + GVariant *result; + guint32 uid; + + g_return_val_if_fail (POLKIT_IS_SYSTEM_BUS_NAME (system_bus_name), NULL); + g_return_val_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable), NULL); + g_return_val_if_fail (error == NULL || *error == NULL, NULL); + + ret = NULL; + + connection = g_bus_get_sync (G_BUS_TYPE_SYSTEM, cancellable, error); + if (connection == NULL) + goto out; + + result = g_dbus_connection_call_sync (connection, + "org.freedesktop.DBus", /* name */ + "/org/freedesktop/DBus", /* object path */ + "org.freedesktop.DBus", /* interface name */ + "GetConnectionUnixUser", /* method */ + g_variant_new ("(s)", system_bus_name->name), + G_VARIANT_TYPE ("(u)"), + G_DBUS_CALL_FLAGS_NONE, + -1, + cancellable, + error); + if (result == NULL) + goto out; + + g_variant_get (result, "(u)", &uid); + g_variant_unref (result); + + ret = (PolkitUnixUser*)polkit_unix_user_new (uid); + + out: + if (connection != NULL) + g_object_unref (connection); + return ret; +} diff --git a/src/polkit/polkitsystembusname.h b/src/polkit/polkitsystembusname.h index 1fc464fc..38d31f71 100644 --- a/src/polkit/polkitsystembusname.h +++ b/src/polkit/polkitsystembusname.h @@ -56,6 +56,10 @@ PolkitSubject *polkit_system_bus_name_get_process_sync (PolkitSystemBusName GCancellable *cancellable, GError **error); +PolkitUnixUser * polkit_system_bus_name_get_user_sync (PolkitSystemBusName *system_bus_name, + GCancellable *cancellable, + GError **error); + G_END_DECLS #endif /* __POLKIT_SYSTEM_BUS_NAME_H */ diff --git a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c index 58593c32..01853105 100644 --- a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c +++ b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c @@ -277,25 +277,7 @@ polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor } else if (POLKIT_IS_SYSTEM_BUS_NAME (subject)) { - GVariant *result; - - result = g_dbus_connection_call_sync (monitor->system_bus, - "org.freedesktop.DBus", - "/org/freedesktop/DBus", - "org.freedesktop.DBus", - "GetConnectionUnixUser", - g_variant_new ("(s)", polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (subject))), - G_VARIANT_TYPE ("(u)"), - G_DBUS_CALL_FLAGS_NONE, - -1, /* timeout_msec */ - NULL, /* GCancellable */ - error); - if (result == NULL) - goto out; - g_variant_get (result, "(u)", &uid); - g_variant_unref (result); - - ret = polkit_unix_user_new (uid); + ret = (PolkitIdentity*)polkit_system_bus_name_get_user_sync (POLKIT_SYSTEM_BUS_NAME (subject), NULL, error); } else if (POLKIT_IS_UNIX_SESSION (subject)) { diff --git a/src/polkitbackend/polkitbackendsessionmonitor.c b/src/polkitbackend/polkitbackendsessionmonitor.c index 9c331b64..4075d3ff 100644 --- a/src/polkitbackend/polkitbackendsessionmonitor.c +++ b/src/polkitbackend/polkitbackendsessionmonitor.c @@ -306,25 +306,7 @@ polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor } else if (POLKIT_IS_SYSTEM_BUS_NAME (subject)) { - GVariant *result; - - result = g_dbus_connection_call_sync (monitor->system_bus, - "org.freedesktop.DBus", - "/org/freedesktop/DBus", - "org.freedesktop.DBus", - "GetConnectionUnixUser", - g_variant_new ("(s)", polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (subject))), - G_VARIANT_TYPE ("(u)"), - G_DBUS_CALL_FLAGS_NONE, - -1, /* timeout_msec */ - NULL, /* GCancellable */ - error); - if (result == NULL) - goto out; - g_variant_get (result, "(u)", &uid); - g_variant_unref (result); - - ret = polkit_unix_user_new (uid); + ret = (PolkitIdentity*)polkit_system_bus_name_get_user_sync (POLKIT_SYSTEM_BUS_NAME (subject)); } else if (POLKIT_IS_UNIX_SESSION (subject)) { -- cgit v1.2.3 From 213cd725b0a7050c3a5e425b5f53f8c1d14411a0 Mon Sep 17 00:00:00 2001 From: Xabier Rodriguez Calvar Date: Sun, 10 Nov 2013 19:16:41 +0100 Subject: Fixed compilation problem in the backend Origin: upstream, 0.113, commit: dbbb7dc60abdd970af0a8fae404484181fa909c9 Bug-Debian: https://bugs.debian.org/798769 Gbp-Pq: Topic 0.113 Gbp-Pq: Name Fixed-compilation-problem-in-the-backend.patch --- src/polkitbackend/polkitbackendsessionmonitor.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/polkitbackend/polkitbackendsessionmonitor.c b/src/polkitbackend/polkitbackendsessionmonitor.c index 4075d3ff..05f51c58 100644 --- a/src/polkitbackend/polkitbackendsessionmonitor.c +++ b/src/polkitbackend/polkitbackendsessionmonitor.c @@ -306,7 +306,7 @@ polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor } else if (POLKIT_IS_SYSTEM_BUS_NAME (subject)) { - ret = (PolkitIdentity*)polkit_system_bus_name_get_user_sync (POLKIT_SYSTEM_BUS_NAME (subject)); + ret = (PolkitIdentity*)polkit_system_bus_name_get_user_sync (POLKIT_SYSTEM_BUS_NAME (subject), NULL, NULL); } else if (POLKIT_IS_UNIX_SESSION (subject)) { -- cgit v1.2.3 From 785458b59c244ec665e5f8c5b08342ecefff9a57 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Mon, 11 Nov 2013 23:51:23 +0100 Subject: Don't discard error data returned by polkit_system_bus_name_get_user_sync Bug: https://bugs.freedesktop.org/show_bug.cgi?id=71458 Origin: upstream, 0.113, commit: 145d43b9c891f248ad68ebe597cb151a865bdb3a Bug-Debian: https://bugs.debian.org/798769 Gbp-Pq: Topic 0.113 Gbp-Pq: Name Don-t-discard-error-data-returned-by-polkit_system_b.patch --- src/polkitbackend/polkitbackendsessionmonitor.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/polkitbackend/polkitbackendsessionmonitor.c b/src/polkitbackend/polkitbackendsessionmonitor.c index 05f51c58..e1a9ab3a 100644 --- a/src/polkitbackend/polkitbackendsessionmonitor.c +++ b/src/polkitbackend/polkitbackendsessionmonitor.c @@ -306,7 +306,7 @@ polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor } else if (POLKIT_IS_SYSTEM_BUS_NAME (subject)) { - ret = (PolkitIdentity*)polkit_system_bus_name_get_user_sync (POLKIT_SYSTEM_BUS_NAME (subject), NULL, NULL); + ret = (PolkitIdentity*)polkit_system_bus_name_get_user_sync (POLKIT_SYSTEM_BUS_NAME (subject), NULL, error); } else if (POLKIT_IS_UNIX_SESSION (subject)) { -- cgit v1.2.3 From 2fb2840f8230546e7b1c9cd7f09e966c27281212 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Thu, 7 Nov 2013 15:57:50 -0500 Subject: sessionmonitor-systemd: Deduplicate code paths We had the code to go from pid -> session duplicated. If we have a PolkitSystemBusName, convert it to a PolkitUnixProcess. Then we can do PolkitUnixProcess -> pid -> session in one place. This is just a code cleanup. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=69538 Origin: upstream, 0.113, commit:26d0c0578211fb96fc8fe75572aa11ad6ecbf9b8 Gbp-Pq: Topic 0.113 Gbp-Pq: Name sessionmonitor-systemd-Deduplicate-code-paths.patch --- .../polkitbackendsessionmonitor-systemd.c | 63 ++++++++-------------- 1 file changed, 22 insertions(+), 41 deletions(-) diff --git a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c index 01853105..756b728a 100644 --- a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c +++ b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c @@ -313,61 +313,42 @@ polkit_backend_session_monitor_get_session_for_subject (PolkitBackendSessionMoni PolkitSubject *subject, GError **error) { - PolkitSubject *session; - - session = NULL; + PolkitUnixProcess *tmp_process = NULL; + PolkitUnixProcess *process = NULL; + PolkitSubject *session = NULL; + char *session_id = NULL; + pid_t pid; if (POLKIT_IS_UNIX_PROCESS (subject)) - { - gchar *session_id; - pid_t pid; - - pid = polkit_unix_process_get_pid (POLKIT_UNIX_PROCESS (subject)); - if (sd_pid_get_session (pid, &session_id) < 0) - goto out; - - session = polkit_unix_session_new (session_id); - free (session_id); - } + process = POLKIT_UNIX_PROCESS (subject); /* We already have a process */ else if (POLKIT_IS_SYSTEM_BUS_NAME (subject)) { - guint32 pid; - gchar *session_id; - GVariant *result; - - result = g_dbus_connection_call_sync (monitor->system_bus, - "org.freedesktop.DBus", - "/org/freedesktop/DBus", - "org.freedesktop.DBus", - "GetConnectionUnixProcessID", - g_variant_new ("(s)", polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (subject))), - G_VARIANT_TYPE ("(u)"), - G_DBUS_CALL_FLAGS_NONE, - -1, /* timeout_msec */ - NULL, /* GCancellable */ - error); - if (result == NULL) - goto out; - g_variant_get (result, "(u)", &pid); - g_variant_unref (result); - - if (sd_pid_get_session (pid, &session_id) < 0) - goto out; - - session = polkit_unix_session_new (session_id); - free (session_id); + /* Convert bus name to process */ + tmp_process = (PolkitUnixProcess*)polkit_system_bus_name_get_process_sync (POLKIT_SYSTEM_BUS_NAME (subject), NULL, error); + if (!tmp_process) + goto out; + process = tmp_process; } else { g_set_error (error, POLKIT_ERROR, POLKIT_ERROR_NOT_SUPPORTED, - "Cannot get user for subject of type %s", + "Cannot get session for subject of type %s", g_type_name (G_TYPE_FROM_INSTANCE (subject))); } - out: + /* Now do process -> pid -> session */ + g_assert (process != NULL); + pid = polkit_unix_process_get_pid (process); + if (sd_pid_get_session (pid, &session_id) < 0) + goto out; + + session = polkit_unix_session_new (session_id); + free (session_id); + out: + if (tmp_process) g_object_unref (tmp_process); return session; } -- cgit v1.2.3 From 61e64c38feaa5f7431b705617fa39f4224f83688 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Sat, 9 Nov 2013 09:32:52 -0500 Subject: PolkitSystemBusName: Retrieve both pid and uid For polkit_system_bus_name_get_process_sync(), as pointed out by Miloslav Trmac, we can securely retrieve the owner uid as well from the system bus, rather than (racily) looking it up internally. This avoids use of a deprecated API. However, this is not a security fix because nothing in the polkit codebase itself actually retrieves the uid from the result of this API call. But, it might be useful in the future. Origin: upstream, 0.113, commit:bfa5036bfb93582c5a87c44b847957479d911e38 Gbp-Pq: Topic 0.113 Gbp-Pq: Name PolkitSystemBusName-Retrieve-both-pid-and-uid.patch --- src/polkit/polkitsystembusname.c | 171 +++++++++++++++++++++++++++------------ 1 file changed, 118 insertions(+), 53 deletions(-) diff --git a/src/polkit/polkitsystembusname.c b/src/polkit/polkitsystembusname.c index 51e4a694..8daa12cb 100644 --- a/src/polkit/polkitsystembusname.c +++ b/src/polkit/polkitsystembusname.c @@ -341,6 +341,116 @@ subject_iface_init (PolkitSubjectIface *subject_iface) /* ---------------------------------------------------------------------------------------------------- */ +typedef struct { + GError **error; + guint retrieved_uid : 1; + guint retrieved_pid : 1; + guint caught_error : 1; + + guint32 uid; + guint32 pid; +} AsyncGetBusNameCredsData; + +static void +on_retrieved_unix_uid_pid (GObject *src, + GAsyncResult *res, + gpointer user_data) +{ + AsyncGetBusNameCredsData *data = user_data; + GVariant *v; + + v = g_dbus_connection_call_finish ((GDBusConnection*)src, res, + data->caught_error ? NULL : data->error); + if (!v) + { + data->caught_error = TRUE; + } + else + { + guint32 value; + g_variant_get (v, "(u)", &value); + g_variant_unref (v); + if (!data->retrieved_uid) + { + data->retrieved_uid = TRUE; + data->uid = value; + } + else + { + g_assert (!data->retrieved_pid); + data->retrieved_pid = TRUE; + data->pid = value; + } + } +} + +static gboolean +polkit_system_bus_name_get_creds_sync (PolkitSystemBusName *system_bus_name, + guint32 *out_uid, + guint32 *out_pid, + GCancellable *cancellable, + GError **error) +{ + gboolean ret = FALSE; + AsyncGetBusNameCredsData data = { 0, }; + GDBusConnection *connection = NULL; + GMainContext *tmp_context = NULL; + + connection = g_bus_get_sync (G_BUS_TYPE_SYSTEM, cancellable, error); + if (connection == NULL) + goto out; + + data.error = error; + + tmp_context = g_main_context_new (); + g_main_context_push_thread_default (tmp_context); + + /* Do two async calls as it's basically as fast as one sync call. + */ + g_dbus_connection_call (connection, + "org.freedesktop.DBus", /* name */ + "/org/freedesktop/DBus", /* object path */ + "org.freedesktop.DBus", /* interface name */ + "GetConnectionUnixUser", /* method */ + g_variant_new ("(s)", system_bus_name->name), + G_VARIANT_TYPE ("(u)"), + G_DBUS_CALL_FLAGS_NONE, + -1, + cancellable, + on_retrieved_unix_uid_pid, + &data); + g_dbus_connection_call (connection, + "org.freedesktop.DBus", /* name */ + "/org/freedesktop/DBus", /* object path */ + "org.freedesktop.DBus", /* interface name */ + "GetConnectionUnixProcessID", /* method */ + g_variant_new ("(s)", system_bus_name->name), + G_VARIANT_TYPE ("(u)"), + G_DBUS_CALL_FLAGS_NONE, + -1, + cancellable, + on_retrieved_unix_uid_pid, + &data); + + while (!((data.retrieved_uid && data.retrieved_pid) || data.caught_error)) + g_main_context_iteration (tmp_context, TRUE); + + if (out_uid) + *out_uid = data.uid; + if (out_pid) + *out_pid = data.pid; + ret = TRUE; + out: + if (tmp_context) + { + g_main_context_pop_thread_default (tmp_context); + g_main_context_unref (tmp_context); + } + if (connection != NULL) + g_object_unref (connection); + return ret; +} + /** * polkit_system_bus_name_get_process_sync: * @system_bus_name: A #PolkitSystemBusName. @@ -357,43 +467,21 @@ polkit_system_bus_name_get_process_sync (PolkitSystemBusName *system_bus_name, GCancellable *cancellable, GError **error) { - GDBusConnection *connection; - PolkitSubject *ret; - GVariant *result; + PolkitSubject *ret = NULL; guint32 pid; + guint32 uid; g_return_val_if_fail (POLKIT_IS_SYSTEM_BUS_NAME (system_bus_name), NULL); g_return_val_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable), NULL); g_return_val_if_fail (error == NULL || *error == NULL, NULL); - ret = NULL; - - connection = g_bus_get_sync (G_BUS_TYPE_SYSTEM, cancellable, error); - if (connection == NULL) + if (!polkit_system_bus_name_get_creds_sync (system_bus_name, &uid, &pid, + cancellable, error)) goto out; - result = g_dbus_connection_call_sync (connection, - "org.freedesktop.DBus", /* name */ - "/org/freedesktop/DBus", /* object path */ - "org.freedesktop.DBus", /* interface name */ - "GetConnectionUnixProcessID", /* method */ - g_variant_new ("(s)", system_bus_name->name), - G_VARIANT_TYPE ("(u)"), - G_DBUS_CALL_FLAGS_NONE, - -1, - cancellable, - error); - if (result == NULL) - goto out; - - g_variant_get (result, "(u)", &pid); - g_variant_unref (result); - - ret = polkit_unix_process_new (pid); + ret = polkit_unix_process_new_for_owner (pid, 0, uid); out: - if (connection != NULL) - g_object_unref (connection); return ret; } @@ -413,42 +501,19 @@ polkit_system_bus_name_get_user_sync (PolkitSystemBusName *system_bus_name, GCancellable *cancellable, GError **error) { - GDBusConnection *connection; - PolkitUnixUser *ret; - GVariant *result; + PolkitUnixUser *ret = NULL; guint32 uid; g_return_val_if_fail (POLKIT_IS_SYSTEM_BUS_NAME (system_bus_name), NULL); g_return_val_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable), NULL); g_return_val_if_fail (error == NULL || *error == NULL, NULL); - ret = NULL; - - connection = g_bus_get_sync (G_BUS_TYPE_SYSTEM, cancellable, error); - if (connection == NULL) - goto out; - - result = g_dbus_connection_call_sync (connection, - "org.freedesktop.DBus", /* name */ - "/org/freedesktop/DBus", /* object path */ - "org.freedesktop.DBus", /* interface name */ - "GetConnectionUnixUser", /* method */ - g_variant_new ("(s)", system_bus_name->name), - G_VARIANT_TYPE ("(u)"), - G_DBUS_CALL_FLAGS_NONE, - -1, - cancellable, - error); - if (result == NULL) + if (!polkit_system_bus_name_get_creds_sync (system_bus_name, &uid, NULL, + cancellable, error)) goto out; - g_variant_get (result, "(u)", &uid); - g_variant_unref (result); - ret = (PolkitUnixUser*)polkit_unix_user_new (uid); out: - if (connection != NULL) - g_object_unref (connection); return ret; } -- cgit v1.2.3 From 0d5a8c5a292da1a06b512f8782cbe12580f3e9c9 Mon Sep 17 00:00:00 2001 From: Kay Sievers Date: Mon, 19 May 2014 10:19:49 +0900 Subject: sessionmonitor-systemd: prepare for D-Bus "user bus" model In the D-Bus "user bus" model, all sessions of a user share the same D-Bus instance, a polkit requesting process might live outside the login session which registered the user's polkit agent. In case a polkit requesting process is not part of the user's login session, we ask systemd-logind for the user's "display" session instead. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=78905 Bug-Debian: https://bugs.debian.org/779988 Applied-upstream: 0.113, commit:a68f5dfd7662767b7b9822090b70bc5bd145c50c [smcv: backport configure.ac changes; fail with #error if the required API is not found] Gbp-Pq: Topic 0.113 Gbp-Pq: Name sessionmonitor-systemd-prepare-for-D-Bus-user-bus-mo.patch --- configure.ac | 4 +++ .../polkitbackendsessionmonitor-systemd.c | 29 ++++++++++++++++++---- 2 files changed, 28 insertions(+), 5 deletions(-) diff --git a/configure.ac b/configure.ac index f4a0c417..aa2760f9 100644 --- a/configure.ac +++ b/configure.ac @@ -165,6 +165,10 @@ if test "$enable_systemd" != "no"; then have_systemd=no) if test "$have_systemd" = "yes"; then SESSION_TRACKING=systemd + save_LIBS=$LIBS + LIBS=$SYSTEMD_LIBS + AC_CHECK_FUNCS(sd_uid_get_display) + LIBS=$save_LIBS else if test "$enable_systemd" = "yes"; then AC_MSG_ERROR([systemd support requested but libsystemd-login1 library not found]) diff --git a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c index 756b728a..ebd05cea 100644 --- a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c +++ b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c @@ -318,6 +318,9 @@ polkit_backend_session_monitor_get_session_for_subject (PolkitBackendSessionMoni PolkitSubject *session = NULL; char *session_id = NULL; pid_t pid; +#if HAVE_SD_UID_GET_DISPLAY + uid_t uid; +#endif if (POLKIT_IS_UNIX_PROCESS (subject)) process = POLKIT_UNIX_PROCESS (subject); /* We already have a process */ @@ -338,16 +341,32 @@ polkit_backend_session_monitor_get_session_for_subject (PolkitBackendSessionMoni g_type_name (G_TYPE_FROM_INSTANCE (subject))); } - /* Now do process -> pid -> session */ + /* Now do process -> pid -> same session */ g_assert (process != NULL); pid = polkit_unix_process_get_pid (process); - if (sd_pid_get_session (pid, &session_id) < 0) + if (sd_pid_get_session (pid, &session_id) >= 0) + { + session = polkit_unix_session_new (session_id); + goto out; + } + +#if HAVE_SD_UID_GET_DISPLAY + /* Now do process -> uid -> graphical session (systemd version 213)*/ + if (sd_pid_get_owner_uid (pid, &uid) < 0) goto out; - - session = polkit_unix_session_new (session_id); - free (session_id); + + if (sd_uid_get_display (uid, &session_id) >= 0) + { + session = polkit_unix_session_new (session_id); + goto out; + } +#else +#error Debian should have sd_uid_get_display() +#endif + out: + free (session_id); if (tmp_process) g_object_unref (tmp_process); return session; } -- cgit v1.2.3 From d3d5883f1cd6ae259b5f7f7f98db950d5bc64907 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Tue, 26 Aug 2014 17:59:47 +0200 Subject: Refuse duplicate --user arguments to pkexec This usage is clearly erroneous, so we should tell the users they are making a mistake. Besides, this allows an attacker to cause a high number of heap allocations with attacker-controlled sizes ( http://googleprojectzero.blogspot.cz/2014/08/the-poisoned-nul-byte-2014-edition.html ), making some exploits easier. (To be clear, this is not a pkexec vulnerability, and we will not refuse attacker-affected malloc() usage as a matter of policy; but this commit is both user-friendly and adding some hardening.) Bug: https://bugs.freedesktop.org/show_bug.cgi?id=83093 Origin: upstream, 0.113, commit:6c992bc8aefa195a41eaa41c07f46f17de18e25c Gbp-Pq: Topic 0.113 Gbp-Pq: Name Refuse-duplicate-user-arguments-to-pkexec.patch --- src/programs/pkexec.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c index 5e990443..abc660df 100644 --- a/src/programs/pkexec.c +++ b/src/programs/pkexec.c @@ -533,6 +533,11 @@ main (int argc, char *argv[]) goto out; } + if (opt_user != NULL) + { + g_printerr ("--user specified twice\n"); + goto out; + } opt_user = g_strdup (argv[n]); } else if (strcmp (argv[n], "--disable-internal-agent") == 0) -- cgit v1.2.3 From dd2aaef6febfb821c673ad99633946a14309559a Mon Sep 17 00:00:00 2001 From: "Max A. Dednev" Date: Sun, 11 Jan 2015 20:00:44 -0500 Subject: authority: Fix memory leak in EnumerateActions call results handler Policykit-1 doesn't release reference counters of GVariant data for org.freedesktop.PolicyKit1.Authority.EnumerateActions dbus call. This patch fixed reference counting and following memory leak. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=88288 Origin: upstream, 0.113, commit:f4d71e0de885010494b8b0b8d62ca910011d7544 Gbp-Pq: Topic 0.113 Gbp-Pq: Name 00git_fix_memleak.patch --- src/polkit/polkitauthority.c | 1 - 1 file changed, 1 deletion(-) diff --git a/src/polkit/polkitauthority.c b/src/polkit/polkitauthority.c index 9947cf32..84dab72c 100644 --- a/src/polkit/polkitauthority.c +++ b/src/polkit/polkitauthority.c @@ -715,7 +715,6 @@ polkit_authority_enumerate_actions_finish (PolkitAuthority *authority, while ((child = g_variant_iter_next_value (&iter)) != NULL) { ret = g_list_prepend (ret, polkit_action_description_new_for_gvariant (child)); - g_variant_ref_sink (child); g_variant_unref (child); } ret = g_list_reverse (ret); -- cgit v1.2.3 From 2a8c8c74ce0396cef023210a2e37c9e322c008e0 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Sat, 30 May 2015 09:06:23 -0400 Subject: CVE-2015-3218: backend: Handle invalid object paths in RegisterAuthenticationAgent MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Properly propagate the error, otherwise we dereference a `NULL` pointer. This is a local, authenticated DoS. `RegisterAuthenticationAgentWithOptions` and `UnregisterAuthentication` have been validated to not need changes for this. http://lists.freedesktop.org/archives/polkit-devel/2015-May/000420.html Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90829 Bug-Debian: https://bugs.debian.org/787932 Reported-by: Tavis Ormandy Reviewed-by: Philip Withnall Reviewed-by: Miloslav Trmač Signed-off-by: Colin Walters Origin: upstream, 0.113, commit:48e646918efb2bf0b3b505747655726d7869f31c Gbp-Pq: Topic 0.113 Gbp-Pq: Name 00git_invalid_object_paths.patch --- .../polkitbackendinteractiveauthority.c | 53 ++++++++++++---------- 1 file changed, 30 insertions(+), 23 deletions(-) diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c index b237e9db..25e13fb0 100644 --- a/src/polkitbackend/polkitbackendinteractiveauthority.c +++ b/src/polkitbackend/polkitbackendinteractiveauthority.c @@ -1558,36 +1558,42 @@ authentication_agent_new (PolkitSubject *scope, const gchar *unique_system_bus_name, const gchar *locale, const gchar *object_path, - GVariant *registration_options) + GVariant *registration_options, + GError **error) { AuthenticationAgent *agent; - GError *error; + GDBusProxy *proxy; - agent = g_new0 (AuthenticationAgent, 1); + if (!g_variant_is_object_path (object_path)) + { + g_set_error (error, POLKIT_ERROR, POLKIT_ERROR_FAILED, + "Invalid object path '%s'", object_path); + return NULL; + } + + proxy = g_dbus_proxy_new_for_bus_sync (G_BUS_TYPE_SYSTEM, + G_DBUS_PROXY_FLAGS_DO_NOT_LOAD_PROPERTIES | + G_DBUS_PROXY_FLAGS_DO_NOT_CONNECT_SIGNALS, + NULL, /* GDBusInterfaceInfo* */ + unique_system_bus_name, + object_path, + "org.freedesktop.PolicyKit1.AuthenticationAgent", + NULL, /* GCancellable* */ + error); + if (proxy == NULL) + { + g_prefix_error (error, "Failed to construct proxy for agent: " ); + return NULL; + } + agent = g_new0 (AuthenticationAgent, 1); agent->ref_count = 1; agent->scope = g_object_ref (scope); agent->object_path = g_strdup (object_path); agent->unique_system_bus_name = g_strdup (unique_system_bus_name); agent->locale = g_strdup (locale); agent->registration_options = registration_options != NULL ? g_variant_ref (registration_options) : NULL; - - error = NULL; - agent->proxy = g_dbus_proxy_new_for_bus_sync (G_BUS_TYPE_SYSTEM, - G_DBUS_PROXY_FLAGS_DO_NOT_LOAD_PROPERTIES | - G_DBUS_PROXY_FLAGS_DO_NOT_CONNECT_SIGNALS, - NULL, /* GDBusInterfaceInfo* */ - agent->unique_system_bus_name, - agent->object_path, - "org.freedesktop.PolicyKit1.AuthenticationAgent", - NULL, /* GCancellable* */ - &error); - if (agent->proxy == NULL) - { - g_warning ("Error constructing proxy for agent: %s", error->message); - g_error_free (error); - /* TODO: Make authentication_agent_new() return NULL and set a GError */ - } + agent->proxy = proxy; return agent; } @@ -2234,8 +2240,6 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken caller_cmdline = NULL; agent = NULL; - /* TODO: validate that object path is well-formed */ - interactive_authority = POLKIT_BACKEND_INTERACTIVE_AUTHORITY (authority); priv = POLKIT_BACKEND_INTERACTIVE_AUTHORITY_GET_PRIVATE (interactive_authority); @@ -2322,7 +2326,10 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (caller)), locale, object_path, - options); + options, + error); + if (!agent) + goto out; g_hash_table_insert (priv->hash_scope_to_authentication_agent, g_object_ref (subject), -- cgit v1.2.3 From 4de03a6a5232916ee15545f260393860ec057485 Mon Sep 17 00:00:00 2001 From: Philip Withnall Date: Tue, 2 Jun 2015 16:19:51 +0100 Subject: sessionmonitor-systemd: Use sd_uid_get_state() to check session activity MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Instead of using sd_pid_get_session() then sd_session_is_active() to determine whether the user is active, use sd_uid_get_state() directly. This gets the maximum of the states of all the user’s sessions, rather than the state of the session containing the subject process. Since the user is the security boundary, this is fine. This change is necessary for `systemd --user` sessions, where most user code will be forked off user@.service, rather than running inside the logind session (whether that be a foreground/active or background/online session). Policy-wise, the change is from checking whether the subject process is in an active session; to checking whether the subject process is owned by a user with at least one active session. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=76358 Applied-upstream: 0.113, commit:a29653ffa99e0809e15aa34afcd7b2df8593871c Bug-Debian: https://bugs.debian.org/779988 Gbp-Pq: Topic 0.113 Gbp-Pq: Name sessionmonitor-systemd-Use-sd_uid_get_state-to-check.patch --- .../polkitbackendsessionmonitor-systemd.c | 33 +++++++++++++++++++++- 1 file changed, 32 insertions(+), 1 deletion(-) diff --git a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c index ebd05cea..6bd517ab 100644 --- a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c +++ b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c @@ -391,6 +391,37 @@ gboolean polkit_backend_session_monitor_is_session_active (PolkitBackendSessionMonitor *monitor, PolkitSubject *session) { - return sd_session_is_active (polkit_unix_session_get_session_id (POLKIT_UNIX_SESSION (session))); + const char *session_id; + char *state; + uid_t uid; + gboolean is_active = FALSE; + + session_id = polkit_unix_session_get_session_id (POLKIT_UNIX_SESSION (session)); + + g_debug ("Checking whether session %s is active.", session_id); + + /* Check whether *any* of the user's current sessions are active. */ + if (sd_session_get_uid (session_id, &uid) < 0) + goto fallback; + + g_debug ("Session %s has UID %u.", session_id, uid); + + if (sd_uid_get_state (uid, &state) < 0) + goto fallback; + + g_debug ("UID %u has state %s.", uid, state); + + is_active = (g_strcmp0 (state, "active") == 0); + free (state); + + return is_active; + +fallback: + /* Fall back to checking the session. This is not ideal, since the user + * might have multiple sessions, and we cannot guarantee to have chosen + * the active one. + * + * See: https://bugs.freedesktop.org/show_bug.cgi?id=76358. */ + return sd_session_is_active (session_id); } -- cgit v1.2.3 From 69781c5aa028d7b685a6f58e8712aee183028a11 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Wed, 11 Jun 2014 22:36:50 +0200 Subject: Fix a possible NULL dereference. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit polkit_backend_session_monitor_get_user_for_subject() may return NULL (and because it is using external processes, we can’t really rule it out). The code was already anticipating NULL in the cleanup section, so handle it also when actually using the value. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=80767 Origin: upstream, 0.113, commit:6109543303def367b84eaac97d2ff9cefe735efb Gbp-Pq: Topic 0.113 Gbp-Pq: Name Fix-a-possible-NULL-dereference.patch --- src/polkitbackend/polkitbackendinteractiveauthority.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c index 25e13fb0..00ee0446 100644 --- a/src/polkitbackend/polkitbackendinteractiveauthority.c +++ b/src/polkitbackend/polkitbackendinteractiveauthority.c @@ -557,7 +557,11 @@ log_result (PolkitBackendInteractiveAuthority *authority, user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, subject, NULL); subject_str = polkit_subject_to_string (subject); - user_of_subject_str = polkit_identity_to_string (user_of_subject); + + if (user_of_subject != NULL) + user_of_subject_str = polkit_identity_to_string (user_of_subject); + else + user_of_subject_str = g_strdup (""); caller_str = polkit_subject_to_string (caller); subject_cmdline = _polkit_subject_get_cmdline (subject); -- cgit v1.2.3 From 95f96e5e600f5ded2feef10a26b357211daf9029 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Wed, 11 Jun 2014 22:44:28 +0200 Subject: Remove a redundant assignment. Instead of a nonsensical (data = data), use the more customary ((void)data) to silence the warning about an unused parameter. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=80767 Origin: upstream, 0.113, commit:37143eb06cb0c4dffca67079dd1c10c5b191b6a7 Gbp-Pq: Topic 0.113 Gbp-Pq: Name Remove-a-redundant-assignment.patch --- src/polkitagent/polkitagenthelper-pam.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/polkitagent/polkitagenthelper-pam.c b/src/polkitagent/polkitagenthelper-pam.c index 292abbe4..937386e8 100644 --- a/src/polkitagent/polkitagenthelper-pam.c +++ b/src/polkitagent/polkitagenthelper-pam.c @@ -230,7 +230,7 @@ conversation_function (int n, const struct pam_message **msg, struct pam_respons gchar *tmp = NULL; size_t len; - data = data; + (void)data; if (n <= 0 || n > PAM_MAX_NUM_MSG) return PAM_CONV_ERR; -- cgit v1.2.3 From c956e2ea851eb6977d3b051d46eb61fa8fc2aaf3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Mon, 15 Sep 2014 19:45:15 +0200 Subject: Fix duplicate GError use when "uid" is missing Some GLib versions complain loudly about this. To reproduce, call e.g. RegisterAuthenticationAgent with the following parameters: ("unix-process", {"pid": __import__('gi.repository.GLib', globals(), locals(), ['Variant']).Variant("u", 1), "start-time": __import__('gi.repository.GLib', globals(), locals(), ['Variant']).Variant("t", 1)}), "cs", "/" Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90877 Origin: upstream, 0.113, commit:2c8738941be18ef05ce724df46547f41dbc02fb5 Gbp-Pq: Topic 0.113 Gbp-Pq: Name Fix-duplicate-GError-use-when-uid-is-missing.patch --- src/polkit/polkitsubject.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/polkit/polkitsubject.c b/src/polkit/polkitsubject.c index aed57951..78ec745a 100644 --- a/src/polkit/polkitsubject.c +++ b/src/polkit/polkitsubject.c @@ -424,7 +424,7 @@ polkit_subject_new_for_gvariant (GVariant *variant, start_time = g_variant_get_uint64 (v); g_variant_unref (v); - v = lookup_asv (details_gvariant, "uid", G_VARIANT_TYPE_INT32, error); + v = lookup_asv (details_gvariant, "uid", G_VARIANT_TYPE_INT32, NULL); if (v != NULL) { uid = g_variant_get_int32 (v); -- cgit v1.2.3 From 65fe81931cfb9a31c87bab31e9862d4e693e7582 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Sat, 6 Jun 2015 01:07:08 +0200 Subject: Fix a crash when two authentication requests are in flight. To reproduce: 1. pkttyagent -p $$ # or another suitable PID 2. pkcheck -p $that_pid -a org.freedesktop.policykit.exec -u 3. pkcheck -p $that_pid -a org.freedesktop.policykit.exec -u 4. Then, in the pkttyagent prompt, press Enter. polkit_agent_text_listener_initiate_authentication was already setting an appropriate error code, so the g_assert was unnecessary. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90879 Origin: upstream, 0.113, commit:e2d2fafd106624ddfea4b17d3f40704b2031c00b Gbp-Pq: Topic 0.113 Gbp-Pq: Name Fix-a-crash-when-two-authentication-requests-are-in-.patch --- src/polkitagent/polkitagenttextlistener.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/src/polkitagent/polkitagenttextlistener.c b/src/polkitagent/polkitagenttextlistener.c index b5c8a3f3..e63c2853 100644 --- a/src/polkitagent/polkitagenttextlistener.c +++ b/src/polkitagent/polkitagenttextlistener.c @@ -546,12 +546,10 @@ polkit_agent_text_listener_initiate_authentication_finish (PolkitAgentListener GAsyncResult *res, GError **error) { - PolkitAgentTextListener *listener = POLKIT_AGENT_TEXT_LISTENER (_listener); gboolean ret; g_warn_if_fail (g_simple_async_result_get_source_tag (G_SIMPLE_ASYNC_RESULT (res)) == polkit_agent_text_listener_initiate_authentication); - g_assert (listener->active_session == NULL); ret = FALSE; -- cgit v1.2.3 From c9a73f6dd034c93a002a33889abddfaaef6e9c31 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Thu, 4 Jun 2015 12:15:18 -0400 Subject: CVE-2015-4625: Use unpredictable cookie values, keep them secret MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Tavis noted that it'd be possible with a 32 bit counter for someone to cause the cookie to wrap by creating Authentication requests in a loop. Something important to note here is that wrapping of signed integers is undefined behavior in C, so we definitely want to fix that. All counter integers used in this patch are unsigned. See the comment above `authentication_agent_generate_cookie` for details, but basically we're now using a cookie of the form: ``` - - - ``` Which has multiple 64 bit counters, plus unpredictable random 128 bit integer ids (effectively UUIDs, but we're not calling them that because we don't need to be globally unique. We further ensure that the cookies are not visible to other processes by changing the setuid helper to accept them over standard input. This means that an attacker would have to guess both ids. In any case, the security hole here is better fixed with the other change to bind user id (uid) of the agent with cookie lookups, making cookie guessing worthless. Nevertheless, I think it's worth doing this change too, for defense in depth. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90832 CVE: CVE-2015-4625 Reported-by: Tavis Ormandy Reviewed-by: Miloslav Trmač Signed-off-by: Colin Walters Origin: upstream, 0.113, commit:ea544ffc18405237ccd95d28d7f45afef49aca17 Bug-Debian: https://bugs.debian.org/796134 Gbp-Pq: Topic 0.113 Gbp-Pq: Name CVE-2015-4625-Use-unpredictable-cookie-values-keep-t.patch --- configure.ac | 2 +- src/polkitagent/polkitagenthelper-pam.c | 12 ++- src/polkitagent/polkitagenthelper-shadow.c | 12 ++- src/polkitagent/polkitagenthelperprivate.c | 33 ++++++++ src/polkitagent/polkitagenthelperprivate.h | 2 + src/polkitagent/polkitagentsession.c | 30 ++++--- .../polkitbackendinteractiveauthority.c | 99 +++++++++++++++++----- 7 files changed, 150 insertions(+), 40 deletions(-) diff --git a/configure.ac b/configure.ac index aa2760f9..388605d2 100644 --- a/configure.ac +++ b/configure.ac @@ -123,7 +123,7 @@ if test "x$GCC" = "xyes"; then changequote([,])dnl fi -PKG_CHECK_MODULES(GLIB, [gio-2.0 >= 2.28.0]) +PKG_CHECK_MODULES(GLIB, [gmodule-2.0 gio-unix-2.0 >= 2.30.0]) AC_SUBST(GLIB_CFLAGS) AC_SUBST(GLIB_LIBS) diff --git a/src/polkitagent/polkitagenthelper-pam.c b/src/polkitagent/polkitagenthelper-pam.c index 937386e8..19062aa8 100644 --- a/src/polkitagent/polkitagenthelper-pam.c +++ b/src/polkitagent/polkitagenthelper-pam.c @@ -65,7 +65,7 @@ main (int argc, char *argv[]) { int rc; const char *user_to_auth; - const char *cookie; + char *cookie = NULL; struct pam_conv pam_conversation; pam_handle_t *pam_h; const void *authed_user; @@ -97,7 +97,7 @@ main (int argc, char *argv[]) openlog ("polkit-agent-helper-1", LOG_CONS | LOG_PID, LOG_AUTHPRIV); /* check for correct invocation */ - if (argc != 3) + if (!(argc == 2 || argc == 3)) { syslog (LOG_NOTICE, "inappropriate use of helper, wrong number of arguments [uid=%d]", getuid ()); fprintf (stderr, "polkit-agent-helper-1: wrong number of arguments. This incident has been logged.\n"); @@ -105,7 +105,10 @@ main (int argc, char *argv[]) } user_to_auth = argv[1]; - cookie = argv[2]; + + cookie = read_cookie (argc, argv); + if (!cookie) + goto error; if (getuid () != 0) { @@ -203,6 +206,8 @@ main (int argc, char *argv[]) goto error; } + free (cookie); + #ifdef PAH_DEBUG fprintf (stderr, "polkit-agent-helper-1: successfully sent D-Bus message to PolicyKit daemon\n"); #endif /* PAH_DEBUG */ @@ -212,6 +217,7 @@ main (int argc, char *argv[]) return 0; error: + free (cookie); if (pam_h != NULL) pam_end (pam_h, rc); diff --git a/src/polkitagent/polkitagenthelper-shadow.c b/src/polkitagent/polkitagenthelper-shadow.c index a4f73acf..e8779154 100644 --- a/src/polkitagent/polkitagenthelper-shadow.c +++ b/src/polkitagent/polkitagenthelper-shadow.c @@ -46,7 +46,7 @@ main (int argc, char *argv[]) { struct spwd *shadow; const char *user_to_auth; - const char *cookie; + char *cookie = NULL; time_t now; /* clear the entire environment to avoid attacks with @@ -67,7 +67,7 @@ main (int argc, char *argv[]) openlog ("polkit-agent-helper-1", LOG_CONS | LOG_PID, LOG_AUTHPRIV); /* check for correct invocation */ - if (argc != 3) + if (!(argc == 2 || argc == 3)) { syslog (LOG_NOTICE, "inappropriate use of helper, wrong number of arguments [uid=%d]", getuid ()); fprintf (stderr, "polkit-agent-helper-1: wrong number of arguments. This incident has been logged.\n"); @@ -86,7 +86,10 @@ main (int argc, char *argv[]) } user_to_auth = argv[1]; - cookie = argv[2]; + + cookie = read_cookie (argc, argv); + if (!cookie) + goto error; #ifdef PAH_DEBUG fprintf (stderr, "polkit-agent-helper-1: user to auth is '%s'.\n", user_to_auth); @@ -153,6 +156,8 @@ main (int argc, char *argv[]) goto error; } + free (cookie); + #ifdef PAH_DEBUG fprintf (stderr, "polkit-agent-helper-1: successfully sent D-Bus message to PolicyKit daemon\n"); #endif /* PAH_DEBUG */ @@ -162,6 +167,7 @@ main (int argc, char *argv[]) return 0; error: + free (cookie); fprintf (stdout, "FAILURE\n"); flush_and_wait (); return 1; diff --git a/src/polkitagent/polkitagenthelperprivate.c b/src/polkitagent/polkitagenthelperprivate.c index 4417e70f..a99de7dd 100644 --- a/src/polkitagent/polkitagenthelperprivate.c +++ b/src/polkitagent/polkitagenthelperprivate.c @@ -23,6 +23,7 @@ #include "config.h" #include "polkitagenthelperprivate.h" #include +#include #include #include @@ -45,6 +46,38 @@ _polkit_clearenv (void) #endif +char * +read_cookie (int argc, char **argv) +{ + /* As part of CVE-2015-4625, we started passing the cookie + * on standard input, to ensure it's not visible to other + * processes. However, to ensure that things continue + * to work if the setuid binary is upgraded while old + * agents are still running (this will be common with + * package managers), we support both modes. + */ + if (argc == 3) + return strdup (argv[2]); + else + { + char *ret = NULL; + size_t n = 0; + ssize_t r = getline (&ret, &n, stdin); + if (r == -1) + { + if (!feof (stdin)) + perror ("getline"); + free (ret); + return NULL; + } + else + { + g_strchomp (ret); + return ret; + } + } +} + gboolean send_dbus_message (const char *cookie, const char *user) { diff --git a/src/polkitagent/polkitagenthelperprivate.h b/src/polkitagent/polkitagenthelperprivate.h index aeca2c74..547fdccf 100644 --- a/src/polkitagent/polkitagenthelperprivate.h +++ b/src/polkitagent/polkitagenthelperprivate.h @@ -38,6 +38,8 @@ int _polkit_clearenv (void); +char *read_cookie (int argc, char **argv); + gboolean send_dbus_message (const char *cookie, const char *user); void flush_and_wait (); diff --git a/src/polkitagent/polkitagentsession.c b/src/polkitagent/polkitagentsession.c index a658a229..6a3d6bc9 100644 --- a/src/polkitagent/polkitagentsession.c +++ b/src/polkitagent/polkitagentsession.c @@ -55,6 +55,7 @@ #include #include #include +#include #include #include "polkitagentmarshal.h" @@ -88,7 +89,7 @@ struct _PolkitAgentSession gchar *cookie; PolkitIdentity *identity; - int child_stdin; + GOutputStream *child_stdin; int child_stdout; GPid child_pid; @@ -129,7 +130,6 @@ G_DEFINE_TYPE (PolkitAgentSession, polkit_agent_session, G_TYPE_OBJECT); static void polkit_agent_session_init (PolkitAgentSession *session) { - session->child_stdin = -1; session->child_stdout = -1; } @@ -395,11 +395,7 @@ kill_helper (PolkitAgentSession *session) session->child_stdout = -1; } - if (session->child_stdin != -1) - { - g_warn_if_fail (close (session->child_stdin) == 0); - session->child_stdin = -1; - } + g_clear_object (&session->child_stdin); session->helper_is_running = FALSE; @@ -545,9 +541,9 @@ polkit_agent_session_response (PolkitAgentSession *session, add_newline = (response[response_len] != '\n'); - write (session->child_stdin, response, response_len); + (void) g_output_stream_write_all (session->child_stdin, response, response_len, NULL, NULL, NULL); if (add_newline) - write (session->child_stdin, newline, 1); + (void) g_output_stream_write_all (session->child_stdin, newline, 1, NULL, NULL, NULL); } /** @@ -567,8 +563,9 @@ polkit_agent_session_initiate (PolkitAgentSession *session) { uid_t uid; GError *error; - gchar *helper_argv[4]; + gchar *helper_argv[3]; struct passwd *passwd; + int stdin_fd = -1; g_return_if_fail (POLKIT_AGENT_IS_SESSION (session)); @@ -600,10 +597,8 @@ polkit_agent_session_initiate (PolkitAgentSession *session) helper_argv[0] = PACKAGE_LIBEXEC_DIR "/polkit-agent-helper-1"; helper_argv[1] = passwd->pw_name; - helper_argv[2] = session->cookie; - helper_argv[3] = NULL; + helper_argv[2] = NULL; - session->child_stdin = -1; session->child_stdout = -1; error = NULL; @@ -615,7 +610,7 @@ polkit_agent_session_initiate (PolkitAgentSession *session) NULL, NULL, &session->child_pid, - &session->child_stdin, + &stdin_fd, &session->child_stdout, NULL, &error)) @@ -628,6 +623,13 @@ polkit_agent_session_initiate (PolkitAgentSession *session) if (G_UNLIKELY (_show_debug ())) g_print ("PolkitAgentSession: spawned helper with pid %d\n", (gint) session->child_pid); + session->child_stdin = (GOutputStream*)g_unix_output_stream_new (stdin_fd, TRUE); + + /* Write the cookie on stdin so it can't be seen by other processes */ + (void) g_output_stream_write_all (session->child_stdin, session->cookie, strlen (session->cookie), + NULL, NULL, NULL); + (void) g_output_stream_write_all (session->child_stdin, "\n", 1, NULL, NULL, NULL); + session->child_stdout_channel = g_io_channel_unix_new (session->child_stdout); session->child_stdout_watch_source = g_io_create_watch (session->child_stdout_channel, G_IO_IN | G_IO_ERR | G_IO_HUP); diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c index 00ee0446..10eda2c7 100644 --- a/src/polkitbackend/polkitbackendinteractiveauthority.c +++ b/src/polkitbackend/polkitbackendinteractiveauthority.c @@ -212,6 +212,8 @@ typedef struct GDBusConnection *system_bus_connection; guint name_owner_changed_signal_id; + + guint64 agent_serial; } PolkitBackendInteractiveAuthorityPrivate; /* ---------------------------------------------------------------------------------------------------- */ @@ -430,11 +432,15 @@ struct AuthenticationAgent volatile gint ref_count; PolkitSubject *scope; + guint64 serial; gchar *locale; GVariant *registration_options; gchar *object_path; gchar *unique_system_bus_name; + GRand *cookie_pool; + gchar *cookie_prefix; + guint64 cookie_serial; GDBusProxy *proxy; @@ -1430,9 +1436,54 @@ authentication_session_cancelled_cb (GCancellable *cancellable, authentication_session_cancel (session); } +/* We're not calling this a UUID, but it's basically + * the same thing, just not formatted that way because: + * + * - I'm too lazy to do it + * - If we did, people might think it was actually + * generated from /dev/random, which we're not doing + * because this value doesn't actually need to be + * globally unique. + */ +static void +append_rand_u128_str (GString *buf, + GRand *pool) +{ + g_string_append_printf (buf, "%08x%08x%08x%08x", + g_rand_int (pool), + g_rand_int (pool), + g_rand_int (pool), + g_rand_int (pool)); +} + +/* A value that should be unique to the (AuthenticationAgent, AuthenticationSession) + * pair, and not guessable by other agents. + * + * - - - + * + * See http://lists.freedesktop.org/archives/polkit-devel/2015-June/000425.html + * + */ +static gchar * +authentication_agent_generate_cookie (AuthenticationAgent *agent) +{ + GString *buf = g_string_new (""); + + g_string_append (buf, agent->cookie_prefix); + + g_string_append_c (buf, '-'); + agent->cookie_serial++; + g_string_append_printf (buf, "%" G_GUINT64_FORMAT, + agent->cookie_serial); + g_string_append_c (buf, '-'); + append_rand_u128_str (buf, agent->cookie_pool); + + return g_string_free (buf, FALSE); +} + + static AuthenticationSession * authentication_session_new (AuthenticationAgent *agent, - const gchar *cookie, PolkitSubject *subject, PolkitIdentity *user_of_subject, PolkitSubject *caller, @@ -1449,7 +1500,7 @@ authentication_session_new (AuthenticationAgent *agent, session = g_new0 (AuthenticationSession, 1); session->agent = authentication_agent_ref (agent); - session->cookie = g_strdup (cookie); + session->cookie = authentication_agent_generate_cookie (agent); session->subject = g_object_ref (subject); session->user_of_subject = g_object_ref (user_of_subject); session->caller = g_object_ref (caller); @@ -1496,16 +1547,6 @@ authentication_session_free (AuthenticationSession *session) g_free (session); } -static gchar * -authentication_agent_new_cookie (AuthenticationAgent *agent) -{ - static gint counter = 0; - - /* TODO: use a more random-looking cookie */ - - return g_strdup_printf ("cookie%d", counter++); -} - static PolkitSubject * authentication_agent_get_scope (AuthenticationAgent *agent) { @@ -1553,12 +1594,15 @@ authentication_agent_unref (AuthenticationAgent *agent) g_free (agent->unique_system_bus_name); if (agent->registration_options != NULL) g_variant_unref (agent->registration_options); + g_rand_free (agent->cookie_pool); + g_free (agent->cookie_prefix); g_free (agent); } } static AuthenticationAgent * -authentication_agent_new (PolkitSubject *scope, +authentication_agent_new (guint64 serial, + PolkitSubject *scope, const gchar *unique_system_bus_name, const gchar *locale, const gchar *object_path, @@ -1592,6 +1636,7 @@ authentication_agent_new (PolkitSubject *scope, agent = g_new0 (AuthenticationAgent, 1); agent->ref_count = 1; + agent->serial = serial; agent->scope = g_object_ref (scope); agent->object_path = g_strdup (object_path); agent->unique_system_bus_name = g_strdup (unique_system_bus_name); @@ -1599,6 +1644,25 @@ authentication_agent_new (PolkitSubject *scope, agent->registration_options = registration_options != NULL ? g_variant_ref (registration_options) : NULL; agent->proxy = proxy; + { + GString *cookie_prefix = g_string_new (""); + GRand *agent_private_rand = g_rand_new (); + + g_string_append_printf (cookie_prefix, "%" G_GUINT64_FORMAT "-", agent->serial); + + /* Use a uniquely seeded PRNG to get a prefix cookie for this agent, + * whose sequence will not correlate with the per-authentication session + * cookies. + */ + append_rand_u128_str (cookie_prefix, agent_private_rand); + g_rand_free (agent_private_rand); + + agent->cookie_prefix = g_string_free (cookie_prefix, FALSE); + + /* And a newly seeded pool for per-session cookies */ + agent->cookie_pool = g_rand_new (); + } + return agent; } @@ -2083,7 +2147,6 @@ authentication_agent_initiate_challenge (AuthenticationAgent *agent, gpointer user_data) { AuthenticationSession *session; - gchar *cookie; GList *l; GList *identities; gchar *localized_message; @@ -2104,8 +2167,6 @@ authentication_agent_initiate_challenge (AuthenticationAgent *agent, &localized_icon_name, &localized_details); - cookie = authentication_agent_new_cookie (agent); - identities = NULL; /* select admin user if required by the implicit authorization */ @@ -2125,7 +2186,6 @@ authentication_agent_initiate_challenge (AuthenticationAgent *agent, } session = authentication_session_new (agent, - cookie, subject, user_of_subject, caller, @@ -2179,7 +2239,6 @@ authentication_agent_initiate_challenge (AuthenticationAgent *agent, g_list_foreach (identities, (GFunc) g_object_unref, NULL); g_list_free (identities); - g_free (cookie); g_free (localized_message); g_free (localized_icon_name); @@ -2326,7 +2385,9 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken goto out; } - agent = authentication_agent_new (subject, + priv->agent_serial++; + agent = authentication_agent_new (priv->agent_serial, + subject, polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (caller)), locale, object_path, -- cgit v1.2.3 From bbff58e9b44fd7cdcff3420c44ca47bfbbf2a819 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Wed, 17 Jun 2015 13:07:02 -0400 Subject: CVE-2015-4625: Bind use of cookies to specific uids MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit http://lists.freedesktop.org/archives/polkit-devel/2015-June/000425.html The "cookie" value that Polkit hands out is global to all polkit users. And when `AuthenticationAgentResponse` is invoked, we previously only received the cookie and *target* identity, and attempted to find an agent from that. The problem is that the current cookie is just an integer counter, and if it overflowed, it would be possible for an successful authorization in one session to trigger a response in another session. The overflow and ability to guess the cookie were fixed by the previous patch. This patch is conceptually further hardening on top of that. Polkit currently treats uids as equivalent from a security domain perspective; there is no support for SELinux/AppArmor/etc. differentiation. We can retrieve the uid from `getuid()` in the setuid helper, which allows us to ensure the uid invoking `AuthenticationAgentResponse2` matches that of the agent. Then the authority only looks at authentication sessions matching the cookie that were created by a matching uid, thus removing the ability for different uids to interfere with each other entirely. Several fixes to this patch were contributed by: Miloslav Trmač Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90837 CVE: CVE-2015-4625 Reported-by: Tavis Ormandy Reviewed-by: Miloslav Trmač Signed-off-by: Colin Walters Origin: upstream, 0.113, commit:493aa5dc1d278ab9097110c1262f5229bbaf1766 Bug-Debian: https://bugs.debian.org/796134 Gbp-Pq: Topic 0.113 Gbp-Pq: Name CVE-2015-4625-Bind-use-of-cookies-to-specific-uids.patch --- ....freedesktop.PolicyKit1.AuthenticationAgent.xml | 14 ++++- data/org.freedesktop.PolicyKit1.Authority.xml | 24 ++++++++- ...erface-org.freedesktop.PolicyKit1.Authority.xml | 46 +++++++++++++++- docs/polkit/overview.xml | 18 ++++--- src/polkit/polkitauthority.c | 13 ++++- src/polkitbackend/polkitbackendauthority.c | 61 +++++++++++++++++++++- src/polkitbackend/polkitbackendauthority.h | 2 + .../polkitbackendinteractiveauthority.c | 39 ++++++++++++-- 8 files changed, 198 insertions(+), 19 deletions(-) diff --git a/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml b/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml index 3b519c2f..5beef7d4 100644 --- a/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml +++ b/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml @@ -8,7 +8,19 @@ - + diff --git a/data/org.freedesktop.PolicyKit1.Authority.xml b/data/org.freedesktop.PolicyKit1.Authority.xml index fbfb9cdc..f9021ee2 100644 --- a/data/org.freedesktop.PolicyKit1.Authority.xml +++ b/data/org.freedesktop.PolicyKit1.Authority.xml @@ -313,7 +313,29 @@ - + + + + + + + + + + + + + + + + + + diff --git a/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml b/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml index 6525e250..e66bf534 100644 --- a/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml +++ b/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml @@ -42,6 +42,8 @@ Structure TemporaryAuth IN String object_path) AuthenticationAgentResponse (IN String cookie, IN Identity identity) +AuthenticationAgentResponse2 (IN uint32 uid, IN String cookie, + IN Identity identity) EnumerateTemporaryAuthorizations (IN Subject subject, OUT Array<TemporaryAuthorization> temporary_authorizations) RevokeTemporaryAuthorizations (IN Subject subject) @@ -777,9 +779,51 @@ AuthenticationAgentResponse (IN String cookie, IN Identity identity) -Method for authentication agents to invoke on successful authentication. This method will fail unless a sufficiently privileged caller invokes it. +Method for authentication agents to invoke on successful +authentication, intended only for use by a privileged helper process +internal to polkit. Deprecated in favor of AuthenticationAgentResponse2. + + + + IN String cookie: + + +The cookie identifying the authentication request that was passed to the authentication agent. + + + + + IN Identity identity: + + +A Identity struct describing what identity was authenticated. + + + + + + + AuthenticationAgentResponse2 () + +AuthenticationAgentResponse2 (IN uint32 uid, + IN String cookie, + IN Identity identity) + + +Method for authentication agents to invoke on successful +authentication, intended only for use by a privileged helper process +internal to polkit. Note this method was introduced in 0.114 to fix a security issue. + + IN uint32 uid: + + +The user id of the agent; normally this is the owner of the parent pid +of the process that invoked the internal setuid helper. + + + IN String cookie: diff --git a/docs/polkit/overview.xml b/docs/polkit/overview.xml index 24440d2e..c29d8da2 100644 --- a/docs/polkit/overview.xml +++ b/docs/polkit/overview.xml @@ -66,16 +66,18 @@ Authentication agents are provided by desktop environments. When an user session starts, the agent registers with the polkit - Authority using - the RegisterAuthenticationAgent() + Authority using the RegisterAuthenticationAgent() method. When services are needed, the authority will invoke - methods on - the org.freedesktop.PolicyKit1.AuthenticationAgent + methods on the org.freedesktop.PolicyKit1.AuthenticationAgent D-Bus interface. Once the user is authenticated, (a privileged - part of) the agent invokes - the AuthenticationAgentResponse() - method. Note that the polkit Authority itself does not care - how the agent authenticates the user. + part of) the agent invokes the AuthenticationAgentResponse() + method. This method should be treated as an internal + implementation detail, and callers should use the public shared + library API to invoke it, which currently uses a setuid helper + program. The libpolkit-agent-1 diff --git a/src/polkit/polkitauthority.c b/src/polkit/polkitauthority.c index 84dab72c..f45abc4a 100644 --- a/src/polkit/polkitauthority.c +++ b/src/polkit/polkitauthority.c @@ -1492,6 +1492,14 @@ polkit_authority_authentication_agent_response (PolkitAuthority *authority, gpointer user_data) { GVariant *identity_value; + /* Note that in reality, this API is only accessible to root, and + * only called from the setuid helper `polkit-agent-helper-1`. + * + * However, because this is currently public API, we avoid + * triggering warnings from ABI diff type programs by just grabbing + * the real uid of the caller here. + */ + uid_t uid = getuid (); g_return_if_fail (POLKIT_IS_AUTHORITY (authority)); g_return_if_fail (cookie != NULL); @@ -1501,8 +1509,9 @@ polkit_authority_authentication_agent_response (PolkitAuthority *authority, identity_value = polkit_identity_to_gvariant (identity); g_variant_ref_sink (identity_value); g_dbus_proxy_call (authority->proxy, - "AuthenticationAgentResponse", - g_variant_new ("(s@(sa{sv}))", + "AuthenticationAgentResponse2", + g_variant_new ("(us@(sa{sv}))", + (guint32)uid, cookie, identity_value), G_DBUS_CALL_FLAGS_NONE, diff --git a/src/polkitbackend/polkitbackendauthority.c b/src/polkitbackend/polkitbackendauthority.c index fd4f161c..d1b1a257 100644 --- a/src/polkitbackend/polkitbackendauthority.c +++ b/src/polkitbackend/polkitbackendauthority.c @@ -355,6 +355,7 @@ polkit_backend_authority_unregister_authentication_agent (PolkitBackendAuthority gboolean polkit_backend_authority_authentication_agent_response (PolkitBackendAuthority *authority, PolkitSubject *caller, + uid_t uid, const gchar *cookie, PolkitIdentity *identity, GError **error) @@ -373,7 +374,7 @@ polkit_backend_authority_authentication_agent_response (PolkitBackendAuthority } else { - return klass->authentication_agent_response (authority, caller, cookie, identity, error); + return klass->authentication_agent_response (authority, caller, uid, cookie, identity, error); } } @@ -587,6 +588,11 @@ static const gchar *server_introspection_data = " " " " " " + " " + " " + " " + " " + " " " " " " " " @@ -1035,6 +1041,57 @@ server_handle_authentication_agent_response (Server *server, error = NULL; if (!polkit_backend_authority_authentication_agent_response (server->authority, caller, + (uid_t)-1, + cookie, + identity, + &error)) + { + g_dbus_method_invocation_return_gerror (invocation, error); + g_error_free (error); + goto out; + } + + g_dbus_method_invocation_return_value (invocation, g_variant_new ("()")); + + out: + if (identity != NULL) + g_object_unref (identity); +} + +static void +server_handle_authentication_agent_response2 (Server *server, + GVariant *parameters, + PolkitSubject *caller, + GDBusMethodInvocation *invocation) +{ + const gchar *cookie; + GVariant *identity_gvariant; + PolkitIdentity *identity; + GError *error; + guint32 uid; + + identity = NULL; + + g_variant_get (parameters, + "(u&s@(sa{sv}))", + &uid, + &cookie, + &identity_gvariant); + + error = NULL; + identity = polkit_identity_new_for_gvariant (identity_gvariant, &error); + if (identity == NULL) + { + g_prefix_error (&error, "Error getting identity: "); + g_dbus_method_invocation_return_gerror (invocation, error); + g_error_free (error); + goto out; + } + + error = NULL; + if (!polkit_backend_authority_authentication_agent_response (server->authority, + caller, + (uid_t)uid, cookie, identity, &error)) @@ -1222,6 +1279,8 @@ server_handle_method_call (GDBusConnection *connection, server_handle_unregister_authentication_agent (server, parameters, caller, invocation); else if (g_strcmp0 (method_name, "AuthenticationAgentResponse") == 0) server_handle_authentication_agent_response (server, parameters, caller, invocation); + else if (g_strcmp0 (method_name, "AuthenticationAgentResponse2") == 0) + server_handle_authentication_agent_response2 (server, parameters, caller, invocation); else if (g_strcmp0 (method_name, "EnumerateTemporaryAuthorizations") == 0) server_handle_enumerate_temporary_authorizations (server, parameters, caller, invocation); else if (g_strcmp0 (method_name, "RevokeTemporaryAuthorizations") == 0) diff --git a/src/polkitbackend/polkitbackendauthority.h b/src/polkitbackend/polkitbackendauthority.h index a564054f..1c212e0d 100644 --- a/src/polkitbackend/polkitbackendauthority.h +++ b/src/polkitbackend/polkitbackendauthority.h @@ -154,6 +154,7 @@ struct _PolkitBackendAuthorityClass gboolean (*authentication_agent_response) (PolkitBackendAuthority *authority, PolkitSubject *caller, + uid_t uid, const gchar *cookie, PolkitIdentity *identity, GError **error); @@ -256,6 +257,7 @@ gboolean polkit_backend_authority_unregister_authentication_agent (PolkitBackend gboolean polkit_backend_authority_authentication_agent_response (PolkitBackendAuthority *authority, PolkitSubject *caller, + uid_t uid, const gchar *cookie, PolkitIdentity *identity, GError **error); diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c index 10eda2c7..5e29af2c 100644 --- a/src/polkitbackend/polkitbackendinteractiveauthority.c +++ b/src/polkitbackend/polkitbackendinteractiveauthority.c @@ -106,8 +106,9 @@ static AuthenticationAgent *get_authentication_agent_for_subject (PolkitBackendI PolkitSubject *subject); -static AuthenticationSession *get_authentication_session_for_cookie (PolkitBackendInteractiveAuthority *authority, - const gchar *cookie); +static AuthenticationSession *get_authentication_session_for_uid_and_cookie (PolkitBackendInteractiveAuthority *authority, + uid_t uid, + const gchar *cookie); static GList *get_authentication_sessions_initiated_by_system_bus_unique_name (PolkitBackendInteractiveAuthority *authority, const gchar *system_bus_unique_name); @@ -167,6 +168,7 @@ static gboolean polkit_backend_interactive_authority_unregister_authentication_a static gboolean polkit_backend_interactive_authority_authentication_agent_response (PolkitBackendAuthority *authority, PolkitSubject *caller, + uid_t uid, const gchar *cookie, PolkitIdentity *identity, GError **error); @@ -431,6 +433,7 @@ struct AuthenticationAgent { volatile gint ref_count; + uid_t creator_uid; PolkitSubject *scope; guint64 serial; @@ -1603,6 +1606,7 @@ authentication_agent_unref (AuthenticationAgent *agent) static AuthenticationAgent * authentication_agent_new (guint64 serial, PolkitSubject *scope, + PolkitIdentity *creator, const gchar *unique_system_bus_name, const gchar *locale, const gchar *object_path, @@ -1611,6 +1615,10 @@ authentication_agent_new (guint64 serial, { AuthenticationAgent *agent; GDBusProxy *proxy; + PolkitUnixUser *creator_user; + + g_assert (POLKIT_IS_UNIX_USER (creator)); + creator_user = POLKIT_UNIX_USER (creator); if (!g_variant_is_object_path (object_path)) { @@ -1638,6 +1646,7 @@ authentication_agent_new (guint64 serial, agent->ref_count = 1; agent->serial = serial; agent->scope = g_object_ref (scope); + agent->creator_uid = (uid_t)polkit_unix_user_get_uid (creator_user); agent->object_path = g_strdup (object_path); agent->unique_system_bus_name = g_strdup (unique_system_bus_name); agent->locale = g_strdup (locale); @@ -1736,8 +1745,9 @@ get_authentication_agent_for_subject (PolkitBackendInteractiveAuthority *authori } static AuthenticationSession * -get_authentication_session_for_cookie (PolkitBackendInteractiveAuthority *authority, - const gchar *cookie) +get_authentication_session_for_uid_and_cookie (PolkitBackendInteractiveAuthority *authority, + uid_t uid, + const gchar *cookie) { PolkitBackendInteractiveAuthorityPrivate *priv; GHashTableIter hash_iter; @@ -1755,6 +1765,23 @@ get_authentication_session_for_cookie (PolkitBackendInteractiveAuthority *author { GList *l; + /* We need to ensure that if somehow we have duplicate cookies + * due to wrapping, that the cookie used is matched to the user + * who called AuthenticationAgentResponse2. See + * http://lists.freedesktop.org/archives/polkit-devel/2015-June/000425.html + * + * Except if the legacy AuthenticationAgentResponse is invoked, + * we don't know the uid and hence use -1. Continue to support + * the old behavior for backwards compatibility, although everyone + * who is using our own setuid helper will automatically be updated + * to the new API. + */ + if (uid != (uid_t)-1) + { + if (agent->creator_uid != uid) + continue; + } + for (l = agent->active_sessions; l != NULL; l = l->next) { AuthenticationSession *session = l->data; @@ -2388,6 +2415,7 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken priv->agent_serial++; agent = authentication_agent_new (priv->agent_serial, subject, + user_of_caller, polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (caller)), locale, object_path, @@ -2601,6 +2629,7 @@ polkit_backend_interactive_authority_unregister_authentication_agent (PolkitBack static gboolean polkit_backend_interactive_authority_authentication_agent_response (PolkitBackendAuthority *authority, PolkitSubject *caller, + uid_t uid, const gchar *cookie, PolkitIdentity *identity, GError **error) @@ -2643,7 +2672,7 @@ polkit_backend_interactive_authority_authentication_agent_response (PolkitBacken } /* find the authentication session */ - session = get_authentication_session_for_cookie (interactive_authority, cookie); + session = get_authentication_session_for_uid_and_cookie (interactive_authority, uid, cookie); if (session == NULL) { g_set_error (error, -- cgit v1.2.3 From 06c51cbaf6bbe72b80c75f0ab58378205b93d73b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Wed, 17 Jun 2015 01:01:27 +0200 Subject: docs: Update for changes to uid binding/AuthenticationAgentResponse2 - Refer to PolkitAgentSession in general instead of to _response only - Revert to the original description of authentication cancellation, the agent really needs to return an error to the caller (in addition to dealing with the session if any). - Explicitly document the UID assumption; in the process fixing bug #69980. - Keep documenting that we need a sufficiently privileged caller. - Refer to the ...Response2 API in more places. - Also update docbook documentation. - Drop a paragraph suggesting non-PolkitAgentSession implementations are expected and commonplace. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90837 Reviewed-by: Colin Walters Origin: upstream, 0.113, commit:fb5076b7c05d01a532d593a4079a29cf2d63a228 Bug-Debian: https://bugs.debian.org/796134 Gbp-Pq: Topic 0.113 Gbp-Pq: Name docs-Update-for-changes-to-uid-binding-Authenticatio.patch --- ....freedesktop.PolicyKit1.AuthenticationAgent.xml | 6 +++--- data/org.freedesktop.PolicyKit1.Authority.xml | 11 ++++++---- ....freedesktop.PolicyKit1.AuthenticationAgent.xml | 7 +++++-- ...erface-org.freedesktop.PolicyKit1.Authority.xml | 12 +++++++---- docs/polkit/overview.xml | 8 ++++---- src/polkit/polkitauthority.c | 24 ++++++++++++++++++++-- src/polkitagent/polkitagentlistener.c | 5 +---- src/polkitbackend/polkitbackendauthority.c | 1 + 8 files changed, 51 insertions(+), 23 deletions(-) diff --git a/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml b/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml index 5beef7d4..482332f6 100644 --- a/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml +++ b/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml @@ -13,14 +13,14 @@ user to authenticate as one of the identities in @identities for the action with the identifier @action_id.This authentication is normally achieved via the - polkit_agent_session_response() API, which invokes a private + PolkitAgentSession API, which invokes a private setuid helper process to verify the authentication. When successful, it calls the org.freedesktop.PolicyKit1.Authority.AuthenticationAgentResponse2() method on the #org.freedesktop.PolicyKit1.Authority interface of the PolicyKit daemon before returning. If the user dismisses the - authentication dialog, the authentication agent should call - polkit_agent_session_cancel()."/> + authentication dialog, the authentication agent should return an + error."/> diff --git a/data/org.freedesktop.PolicyKit1.Authority.xml b/data/org.freedesktop.PolicyKit1.Authority.xml index f9021ee2..88da3c05 100644 --- a/data/org.freedesktop.PolicyKit1.Authority.xml +++ b/data/org.freedesktop.PolicyKit1.Authority.xml @@ -283,7 +283,7 @@ - + @@ -315,7 +315,8 @@ +internal to polkit. This method will fail unless a sufficiently privileged +caller invokes it. Deprecated in favor of org.freedesktop.PolicyKit1.Authority.AuthenticationAgentResponse2."/> @@ -330,11 +331,13 @@ internal to polkit."/> - + diff --git a/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.AuthenticationAgent.xml b/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.AuthenticationAgent.xml index ec596268..ab27b2f6 100644 --- a/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.AuthenticationAgent.xml +++ b/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.AuthenticationAgent.xml @@ -47,10 +47,13 @@ BeginAuthentication (IN String action_id, identifier action_id.Upon succesful authentication, the authentication agent must invoke the AuthenticationAgentResponse() + linkend="eggdbus-method-org.freedesktop.PolicyKit1.Authority.AuthenticationAgentResponse2">AuthenticationAgentResponse2() method on the org.freedesktop.PolicyKit1.Authority - interface of the PolicyKit daemon before returning. + interface of the PolicyKit daemon before returning. This is normally + achieved via the PolkitAgentSession + API, which invokes a private setuid helper process to verify the + authentication. The authentication agent should not return until after authentication is complete. diff --git a/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml b/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml index e66bf534..f2eed639 100644 --- a/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml +++ b/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml @@ -42,7 +42,7 @@ Structure TemporaryAuth IN String object_path) AuthenticationAgentResponse (IN String cookie, IN Identity identity) -AuthenticationAgentResponse2 (IN uint32 uid, IN String cookie, +AuthenticationAgentResponse2 (IN uint32 uid, IN String cookie, IN Identity identity) EnumerateTemporaryAuthorizations (IN Subject subject, OUT Array<TemporaryAuthorization> temporary_authorizations) @@ -701,7 +701,7 @@ RegisterAuthenticationAgent (IN Subject< IN String object_path) -Register an authentication agent.Note that current versions of PolicyKit will only work if session_id is set to the empty string. In the future it might work for non-empty strings if the caller is sufficiently privileged. +Register an authentication agent.Note that this should be called by same effective UID which will be passed to AuthenticationAgentResponse2(). @@ -781,7 +781,8 @@ AuthenticationAgentResponse (IN String cookie, Method for authentication agents to invoke on successful authentication, intended only for use by a privileged helper process -internal to polkit. Deprecated in favor of AuthenticationAgentResponse2. +internal to polkit. This method will fail unless a sufficiently privileged ++caller invokes it. Deprecated in favor of AuthenticationAgentResponse2(). @@ -812,7 +813,10 @@ AuthenticationAgentResponse2 (IN uint32 uid, Method for authentication agents to invoke on successful authentication, intended only for use by a privileged helper process -internal to polkit. Note this method was introduced in 0.114 to fix a security issue. +internal to polkit. This method will fail unless a sufficiently privileged +caller invokes it. Note this method was introduced in 0.114 and should be +preferred over AuthenticationAgentResponse() +as it fixes a security issue. diff --git a/docs/polkit/overview.xml b/docs/polkit/overview.xml index c29d8da2..8ddb34cc 100644 --- a/docs/polkit/overview.xml +++ b/docs/polkit/overview.xml @@ -73,11 +73,11 @@ linkend="eggdbus-interface-org.freedesktop.PolicyKit1.AuthenticationAgent">org.freedesktop.PolicyKit1.AuthenticationAgent D-Bus interface. Once the user is authenticated, (a privileged part of) the agent invokes the AuthenticationAgentResponse() + linkend="eggdbus-method-org.freedesktop.PolicyKit1.Authority.AuthenticationAgentResponse2">AuthenticationAgentResponse2() method. This method should be treated as an internal - implementation detail, and callers should use the public shared - library API to invoke it, which currently uses a setuid helper - program. + implementation detail, and callers should use the + PolkitAgentSession API to invoke + it, which currently uses a setuid helper program. The libpolkit-agent-1 diff --git a/src/polkit/polkitauthority.c b/src/polkit/polkitauthority.c index f45abc4a..4e882e64 100644 --- a/src/polkit/polkitauthority.c +++ b/src/polkit/polkitauthority.c @@ -1038,6 +1038,10 @@ polkit_authority_check_authorization_sync (PolkitAuthority *author * * Asynchronously registers an authentication agent. * + * Note that this should be called by the same effective UID which will be + * the real UID using the #PolkitAgentSession API or otherwise calling + * polkit_authority_authentication_agent_response(). + * * When the operation is finished, @callback will be invoked in the * thread-default * main loop of the thread you are calling this method @@ -1129,7 +1133,13 @@ polkit_authority_register_authentication_agent_finish (PolkitAuthority *authorit * @cancellable: (allow-none): A #GCancellable or %NULL. * @error: (allow-none): Return location for error or %NULL. * - * Registers an authentication agent. The calling thread is blocked + * Registers an authentication agent. + * + * Note that this should be called by the same effective UID which will be + * the real UID using the #PolkitAgentSession API or otherwise calling + * polkit_authority_authentication_agent_response(). + * + * The calling thread is blocked * until a reply is received. See * polkit_authority_register_authentication_agent() for the * asynchronous version. @@ -1178,6 +1188,10 @@ polkit_authority_register_authentication_agent_sync (PolkitAuthority *author * * Asynchronously registers an authentication agent. * + * Note that this should be called by the same effective UID which will be + * the real UID using the #PolkitAgentSession API or otherwise calling + * polkit_authority_authentication_agent_response(). + * * When the operation is finished, @callback will be invoked in the * thread-default * main loop of the thread you are calling this method @@ -1292,7 +1306,13 @@ polkit_authority_register_authentication_agent_with_options_finish (PolkitAuthor * @cancellable: (allow-none): A #GCancellable or %NULL. * @error: (allow-none): Return location for error or %NULL. * - * Registers an authentication agent. The calling thread is blocked + * Registers an authentication agent. + * + * Note that this should be called by the same effective UID which will be + * the real UID using the #PolkitAgentSession API or otherwise calling + * polkit_authority_authentication_agent_response(). + * + * The calling thread is blocked * until a reply is received. See * polkit_authority_register_authentication_agent_with_options() for the * asynchronous version. diff --git a/src/polkitagent/polkitagentlistener.c b/src/polkitagent/polkitagentlistener.c index 5bddd035..2bfda2d5 100644 --- a/src/polkitagent/polkitagentlistener.c +++ b/src/polkitagent/polkitagentlistener.c @@ -37,10 +37,7 @@ * * Typically authentication agents use #PolkitAgentSession to * authenticate users (via passwords) and communicate back the - * authentication result to the PolicyKit daemon. This is however not - * requirement. Depending on the system an authentication agent may - * use other means (such as a Yes/No dialog) to obtain sufficient - * evidence that the user is one of the requested identities. + * authentication result to the PolicyKit daemon. * * To register a #PolkitAgentListener with the PolicyKit daemon, use * polkit_agent_listener_register() or diff --git a/src/polkitbackend/polkitbackendauthority.c b/src/polkitbackend/polkitbackendauthority.c index d1b1a257..10b8af34 100644 --- a/src/polkitbackend/polkitbackendauthority.c +++ b/src/polkitbackend/polkitbackendauthority.c @@ -343,6 +343,7 @@ polkit_backend_authority_unregister_authentication_agent (PolkitBackendAuthority * polkit_backend_authority_authentication_agent_response: * @authority: A #PolkitBackendAuthority. * @caller: The system bus name that initiated the query. + * @uid: The real UID of the registered agent, or (uid_t)-1 if unknown. * @cookie: The cookie passed to the authentication agent from the authority. * @identity: The identity that was authenticated. * @error: Return location for error or %NULL. -- cgit v1.2.3 From 0ebb0c16950b6831222b61830c5aacdd14be380e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Tue, 1 Jul 2014 20:00:48 +0200 Subject: Fix a per-authorization memory leak We were leaking PolkitAuthorizationResult on every request, primarily on the success path, but also on various error paths as well. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=69501 Origin: upstream, 0.113, commit:0f5852a4bdabe377ddcdbed09a0c1f95710e17fe Gbp-Pq: Topic 0.113 Gbp-Pq: Name Fix-a-per-authorization-memory-leak.patch --- src/polkitbackend/polkitbackendauthority.c | 1 + src/polkitbackend/polkitbackendinteractiveauthority.c | 5 ++++- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/src/polkitbackend/polkitbackendauthority.c b/src/polkitbackend/polkitbackendauthority.c index 10b8af34..39eb5b9d 100644 --- a/src/polkitbackend/polkitbackendauthority.c +++ b/src/polkitbackend/polkitbackendauthority.c @@ -714,6 +714,7 @@ check_auth_cb (GObject *source_object, g_variant_ref_sink (value); g_dbus_method_invocation_return_value (data->invocation, g_variant_new ("(@(bba{ss}))", value)); g_variant_unref (value); + g_object_unref (result); } check_auth_data_free (data); diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c index 5e29af2c..73d0a0e2 100644 --- a/src/polkitbackend/polkitbackendinteractiveauthority.c +++ b/src/polkitbackend/polkitbackendinteractiveauthority.c @@ -1015,7 +1015,7 @@ polkit_backend_interactive_authority_check_authorization (PolkitBackendAuthority /* Otherwise just return the result */ g_simple_async_result_set_op_res_gpointer (simple, - result, + g_object_ref (result), g_object_unref); g_simple_async_result_complete (simple); g_object_unref (simple); @@ -1032,6 +1032,9 @@ polkit_backend_interactive_authority_check_authorization (PolkitBackendAuthority g_free (subject_str); g_free (user_of_caller_str); g_free (user_of_subject_str); + + if (result != NULL) + g_object_unref (result); } /* ---------------------------------------------------------------------------------------------------- */ -- cgit v1.2.3 From 579ddf05a03a2ee8f5e2360d2c5ece49596de688 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Tue, 1 Jul 2014 20:00:48 +0200 Subject: Fix a memory leak when registering an authentication agent Bug: https://bugs.freedesktop.org/show_bug.cgi?id=69501 Origin: upstream, 0.113, commit:ec039f9d7ede5b839f5511e26d5cd6ae9107cb2e Gbp-Pq: Topic 0.113 Gbp-Pq: Name Fix-a-memory-leak-when-registering-an-authentication.patch --- src/polkitbackend/polkitbackendauthority.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/polkitbackend/polkitbackendauthority.c b/src/polkitbackend/polkitbackendauthority.c index 39eb5b9d..afe5b90c 100644 --- a/src/polkitbackend/polkitbackendauthority.c +++ b/src/polkitbackend/polkitbackendauthority.c @@ -900,6 +900,7 @@ server_handle_register_authentication_agent (Server *server, g_dbus_method_invocation_return_value (invocation, g_variant_new ("()")); out: + g_variant_unref (subject_gvariant); if (subject != NULL) g_object_unref (subject); } -- cgit v1.2.3 From 4507f7c1239c31b686aaa3e50236280996e249fc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Wed, 1 Apr 2015 05:22:37 +0200 Subject: CVE-2015-3255 Fix GHashTable usage. Don't assume that the hash table with free both the key and the value at the same time, supply proper deallocation functions for the key and value separately. Then drop ParsedAction::action_id which is no longer used for anything. https://bugs.freedesktop.org/show_bug.cgi?id=69501 and https://bugs.freedesktop.org/show_bug.cgi?id=83590 CVE: CVE-2015-3255 Origin: upstream, 0.113, commit:9f5e0c731784003bd4d6fc75ab739ff8b2ea269f Bug-Debian: https://bugs.debian.org/796134 Gbp-Pq: Topic 0.113 Gbp-Pq: Name CVE-2015-3255-Fix-GHashTable-usage.patch --- src/polkitbackend/polkitbackendactionpool.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/src/polkitbackend/polkitbackendactionpool.c b/src/polkitbackend/polkitbackendactionpool.c index 0af00109..b16ed2f9 100644 --- a/src/polkitbackend/polkitbackendactionpool.c +++ b/src/polkitbackend/polkitbackendactionpool.c @@ -40,7 +40,6 @@ typedef struct { - gchar *action_id; gchar *vendor_name; gchar *vendor_url; gchar *icon_name; @@ -62,7 +61,6 @@ typedef struct static void parsed_action_free (ParsedAction *action) { - g_free (action->action_id); g_free (action->vendor_name); g_free (action->vendor_url); g_free (action->icon_name); @@ -134,7 +132,7 @@ polkit_backend_action_pool_init (PolkitBackendActionPool *pool) priv->parsed_actions = g_hash_table_new_full (g_str_hash, g_str_equal, - NULL, + g_free, (GDestroyNotify) parsed_action_free); priv->parsed_files = g_hash_table_new_full (g_str_hash, @@ -988,7 +986,6 @@ _end (void *data, const char *el) icon_name = pd->global_icon_name; action = g_new0 (ParsedAction, 1); - action->action_id = g_strdup (pd->action_id); action->vendor_name = g_strdup (vendor); action->vendor_url = g_strdup (vendor_url); action->icon_name = g_strdup (icon_name); @@ -1003,7 +1000,8 @@ _end (void *data, const char *el) action->implicit_authorization_inactive = pd->implicit_authorization_inactive; action->implicit_authorization_active = pd->implicit_authorization_active; - g_hash_table_insert (priv->parsed_actions, action->action_id, action); + g_hash_table_insert (priv->parsed_actions, g_strdup (pd->action_id), + action); /* we steal these hash tables */ pd->annotations = NULL; -- cgit v1.2.3 From 0c0df1c36fadd7bf2e10fbfe3ce853c33e69a15f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Tue, 14 Apr 2015 22:27:41 +0200 Subject: Fix use-after-free in polkitagentsession.c PolkitAgentTextListener's "completed" handler drops the last reference to the session; in fact this is explicitly recommended in the signal's documentation. So we must not access any members of session after emitting the signal. Found while dealing with https://bugs.freedesktop.org/show_bug.cgi?id=69501 Origin: upstream, 0.113, commit:efb6cd56a423ba15bb1f44ee3c4987aad5a5fd45 Gbp-Pq: Topic 0.113 Gbp-Pq: Name Fix-use-after-free-in-polkitagentsession.c.patch --- src/polkitagent/polkitagentsession.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/polkitagent/polkitagentsession.c b/src/polkitagent/polkitagentsession.c index 6a3d6bc9..46fbaf06 100644 --- a/src/polkitagent/polkitagentsession.c +++ b/src/polkitagent/polkitagentsession.c @@ -412,8 +412,9 @@ complete_session (PolkitAgentSession *session, { if (G_UNLIKELY (_show_debug ())) g_print ("PolkitAgentSession: emitting ::completed(%s)\n", result ? "TRUE" : "FALSE"); - g_signal_emit_by_name (session, "completed", result); session->have_emitted_completed = TRUE; + /* Note that the signal handler may drop the last reference to session. */ + g_signal_emit_by_name (session, "completed", result); } } -- cgit v1.2.3 From ad4335bec6f1ea229d2da8feec9d307365857261 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Thu, 4 Jun 2015 08:41:36 -0400 Subject: README: Note to send security reports via DBus's mechanism This avoids duplicating effort. Origin: upstream, 0.113, commit:ccec766c509d16dab417582e94f43d906cefd4ae Gbp-Pq: Topic 0.113 Gbp-Pq: Name README-Note-to-send-security-reports-via-DBus-s-mech.patch --- README | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/README b/README index b0751627..07230029 100644 --- a/README +++ b/README @@ -22,6 +22,22 @@ To verify the authenticity of the compressed tarball, use this command BUGS and DEVELOPMENT ==================== -Please report bugs via the freedesktop.org bugzilla at +Please report non-security bugs via the freedesktop.org bugzilla at https://bugs.freedesktop.org/enter_bug.cgi?product=PolicyKit + +SECURITY ISSUES +=============== + +polkit uses the same mechanism for reporting security issues as dbus, +the most recent copy of instructions can be found in the DBus git +repository: + +http://cgit.freedesktop.org/dbus/dbus/tree/HACKING + +A copy of the instructions as of 2015-06-04: + +If you find a security vulnerability that is not known to the public, +please report it privately to dbus-security@lists.freedesktop.org +or by reporting a freedesktop.org bug that is marked as +restricted to the "D-BUS security group". -- cgit v1.2.3 From e943e0c8c81625a78d30c089edf90f9eb5c56fee Mon Sep 17 00:00:00 2001 From: Dariusz Gadomski Date: Tue, 10 Nov 2015 10:52:02 +0100 Subject: Fix multi-line pam text info. There are pam modules (e.g. pam_vas) that may attempt to display multi-line PAM_TEXT_INFO messages. Polkit was interpreting the lines after the first one as a separate message that was not recognized causing the authorization to fail. Escaping these strings and unescaping them fixes the issue. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=92886 Origin: upstream, 0.114, commit:10597322eccc320f9053821750ae9af51e918d74 Gbp-Pq: Topic 0.114 Gbp-Pq: Name Fix-multi-line-pam-text-info.patch --- src/polkitagent/polkitagenthelper-pam.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/src/polkitagent/polkitagenthelper-pam.c b/src/polkitagent/polkitagenthelper-pam.c index 19062aa8..063d656d 100644 --- a/src/polkitagent/polkitagenthelper-pam.c +++ b/src/polkitagent/polkitagenthelper-pam.c @@ -302,10 +302,15 @@ conversation_function (int n, const struct pam_message **msg, struct pam_respons case PAM_TEXT_INFO: fprintf (stdout, "PAM_TEXT_INFO "); conv2: - fputs (msg[i]->msg, stdout); - if (strlen (msg[i]->msg) > 0 && - msg[i]->msg[strlen (msg[i]->msg) - 1] != '\n') - fputc ('\n', stdout); + tmp = g_strdup (msg[i]->msg); + len = strlen (tmp); + if (len > 0 && tmp[len - 1] == '\n') + tmp[len - 1] = '\0'; + escaped = g_strescape (tmp, NULL); + g_free (tmp); + fputs (escaped, stdout); + g_free (escaped); + fputc ('\n', stdout); fflush (stdout); break; -- cgit v1.2.3 From 11e144e510c5eddd7d42cf30cf58495ddfe18a05 Mon Sep 17 00:00:00 2001 From: Dariusz Gadomski Date: Thu, 12 Nov 2015 15:01:19 +0100 Subject: Refactor send_to_helper usage There were duplicated pieces of code detecting EOLs and escaping the code. Those actions has been delegated to already-existing send_to_helper function. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=92886 Origin: upstream, 0.114, commit:2690cd0312b310946c86674c8dd1f55c63f7dd6a Gbp-Pq: Topic 0.114 Gbp-Pq: Name Refactor-send_to_helper-usage.patch --- src/polkitagent/polkitagenthelper-pam.c | 81 +++++++++++---------------------- 1 file changed, 26 insertions(+), 55 deletions(-) diff --git a/src/polkitagent/polkitagenthelper-pam.c b/src/polkitagent/polkitagenthelper-pam.c index 063d656d..3ea3a3f2 100644 --- a/src/polkitagent/polkitagenthelper-pam.c +++ b/src/polkitagent/polkitagenthelper-pam.c @@ -39,25 +39,35 @@ static void send_to_helper (const gchar *str1, const gchar *str2) { + char *escaped; + char *tmp2; + size_t len2; + + tmp2 = g_strdup(str2); + len2 = strlen(tmp2); #ifdef PAH_DEBUG - fprintf (stderr, "polkit-agent-helper-1: writing `%s' to stdout\n", str1); + fprintf (stderr, "polkit-agent-helper-1: writing `%s ' to stdout\n", str1); #endif /* PAH_DEBUG */ - fprintf (stdout, "%s", str1); + fprintf (stdout, "%s ", str1); + + if (len2 > 0 && tmp2[len2 - 1] == '\n') + tmp2[len2 - 1] = '\0'; + escaped = g_strescape (tmp2, NULL); #ifdef PAH_DEBUG - fprintf (stderr, "polkit-agent-helper-1: writing `%s' to stdout\n", str2); + fprintf (stderr, "polkit-agent-helper-1: writing `%s' to stdout\n", escaped); #endif /* PAH_DEBUG */ - fprintf (stdout, "%s", str2); - if (strlen (str2) > 0 && str2[strlen (str2) - 1] != '\n') - { + fprintf (stdout, "%s", escaped); #ifdef PAH_DEBUG - fprintf (stderr, "polkit-agent-helper-1: writing newline to stdout\n"); + fprintf (stderr, "polkit-agent-helper-1: writing newline to stdout\n"); #endif /* PAH_DEBUG */ - fputc ('\n', stdout); - } + fputc ('\n', stdout); #ifdef PAH_DEBUG fprintf (stderr, "polkit-agent-helper-1: flushing stdout\n"); #endif /* PAH_DEBUG */ fflush (stdout); + + g_free (escaped); + g_free (tmp2); } int @@ -89,7 +99,7 @@ main (int argc, char *argv[]) /* Special-case a very common error triggered in jhbuild setups */ s = g_strdup_printf ("Incorrect permissions on %s (needs to be setuid root)", argv[0]); - send_to_helper ("PAM_ERROR_MSG ", s); + send_to_helper ("PAM_ERROR_MSG", s); g_free (s); goto error; } @@ -232,9 +242,6 @@ conversation_function (int n, const struct pam_message **msg, struct pam_respons struct pam_response *aresp; char buf[PAM_MAX_RESP_SIZE]; int i; - gchar *escaped = NULL; - gchar *tmp = NULL; - size_t len; (void)data; if (n <= 0 || n > PAM_MAX_NUM_MSG) @@ -251,38 +258,13 @@ conversation_function (int n, const struct pam_message **msg, struct pam_respons { case PAM_PROMPT_ECHO_OFF: -#ifdef PAH_DEBUG - fprintf (stderr, "polkit-agent-helper-1: writing `PAM_PROMPT_ECHO_OFF ' to stdout\n"); -#endif /* PAH_DEBUG */ - fprintf (stdout, "PAM_PROMPT_ECHO_OFF "); + send_to_helper ("PAM_PROMPT_ECHO_OFF", msg[i]->msg); goto conv1; case PAM_PROMPT_ECHO_ON: -#ifdef PAH_DEBUG - fprintf (stderr, "polkit-agent-helper-1: writing `PAM_PROMPT_ECHO_ON ' to stdout\n"); -#endif /* PAH_DEBUG */ - fprintf (stdout, "PAM_PROMPT_ECHO_ON "); - conv1: -#ifdef PAH_DEBUG - fprintf (stderr, "polkit-agent-helper-1: writing `%s' to stdout\n", msg[i]->msg); -#endif /* PAH_DEBUG */ - tmp = g_strdup (msg[i]->msg); - len = strlen (tmp); - if (len > 0 && tmp[len - 1] == '\n') - tmp[len - 1] = '\0'; - escaped = g_strescape (tmp, NULL); - g_free (tmp); - fputs (escaped, stdout); - g_free (escaped); -#ifdef PAH_DEBUG - fprintf (stderr, "polkit-agent-helper-1: writing newline to stdout\n"); -#endif /* PAH_DEBUG */ - fputc ('\n', stdout); -#ifdef PAH_DEBUG - fprintf (stderr, "polkit-agent-helper-1: flushing stdout\n"); -#endif /* PAH_DEBUG */ - fflush (stdout); + send_to_helper ("PAM_PROMPT_ECHO_ON", msg[i]->msg); + conv1: if (fgets (buf, sizeof buf, stdin) == NULL) goto error; @@ -296,22 +278,11 @@ conversation_function (int n, const struct pam_message **msg, struct pam_respons break; case PAM_ERROR_MSG: - fprintf (stdout, "PAM_ERROR_MSG "); - goto conv2; + send_to_helper ("PAM_ERROR_MSG", msg[i]->msg); + break; case PAM_TEXT_INFO: - fprintf (stdout, "PAM_TEXT_INFO "); - conv2: - tmp = g_strdup (msg[i]->msg); - len = strlen (tmp); - if (len > 0 && tmp[len - 1] == '\n') - tmp[len - 1] = '\0'; - escaped = g_strescape (tmp, NULL); - g_free (tmp); - fputs (escaped, stdout); - g_free (escaped); - fputc ('\n', stdout); - fflush (stdout); + send_to_helper ("PAM_TEXT_INFO", msg[i]->msg); break; default: -- cgit v1.2.3 From 1e81946802afb510ff52644b3849a433b411df6f Mon Sep 17 00:00:00 2001 From: Matthias Clasen Date: Fri, 15 Jul 2016 11:12:35 -0400 Subject: Add gettext support for .policy files gettext can extract strings from and merge them back into xml file formats, with the help of .its files. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=96940 Origin: upstream, 0.114, commit:c78819245ff8a270f97c9f800773e727918be838 Gbp-Pq: Topic 0.114 Gbp-Pq: Name Add-gettext-support-for-.policy-files.patch --- data/Makefile.am | 5 +++++ data/polkit.its | 7 +++++++ data/polkit.loc | 6 ++++++ 3 files changed, 18 insertions(+) create mode 100644 data/polkit.its create mode 100644 data/polkit.loc diff --git a/data/Makefile.am b/data/Makefile.am index f0beeba4..e1a60aad 100644 --- a/data/Makefile.am +++ b/data/Makefile.am @@ -20,6 +20,11 @@ endif pkgconfigdir = $(libdir)/pkgconfig pkgconfig_DATA = polkit-gobject-1.pc polkit-backend-1.pc polkit-agent-1.pc +# ---------------------------------------------------------------------------------------------------- + +itsdir = $(datadir)/gettext/its +its_DATA = polkit.loc polkit.its + CLEANFILES = $(BUILT_SOURCES) EXTRA_DIST = \ diff --git a/data/polkit.its b/data/polkit.its new file mode 100644 index 00000000..1312ecbe --- /dev/null +++ b/data/polkit.its @@ -0,0 +1,7 @@ + + + + diff --git a/data/polkit.loc b/data/polkit.loc new file mode 100644 index 00000000..c7427ec6 --- /dev/null +++ b/data/polkit.loc @@ -0,0 +1,6 @@ + + + + + + -- cgit v1.2.3 From ad8bfc16f7732517193d74d6e7a5a14693b0a3ed Mon Sep 17 00:00:00 2001 From: Peter Hutterer Date: Thu, 20 Oct 2016 10:50:58 +1000 Subject: gettext: switch to default-translate "no" The default appears to be to translate all entries. This rule never takes effect, the path to /action/message and /action/description is wrong (/action is not a root node). Since we wanted them to be translated, it doesn't matter. But it also translates all other tags (vendor, allow_any, etc.) and that causes polkit to be unhappy, it can't handle the various language versions of "no" ** (polkitd:27434): WARNING **: Unknown PolkitImplicitAuthorization string 'tidak' Switch to a default of "no" and explicitly include the message and description strings to be translated. The patch was modified for PolicyKit by Ondrej Holy . Bug: https://bugs.freedesktop.org/show_bug.cgi?id=98366 Origin: upstream, 0.114, commit:32e9a69c335324a53a2c0ba4e0b513fb044be0fd Gbp-Pq: Topic 0.114 Gbp-Pq: Name gettext-switch-to-default-translate-no.patch --- data/polkit.its | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/data/polkit.its b/data/polkit.its index 1312ecbe..1c37e6be 100644 --- a/data/polkit.its +++ b/data/polkit.its @@ -1,7 +1,8 @@ - + -- cgit v1.2.3 From 980e8a41319d5fa3d6ade5e9c0cfa1ec1ec0224b Mon Sep 17 00:00:00 2001 From: Sebastien Bacher Date: Mon, 2 Apr 2018 10:52:47 -0400 Subject: Support polkit session agent running outside user session commit a68f5dfd7662767b7b9822090b70bc5bd145c50c made session applications that are running from a user bus work with polkitd, by falling back to using the currently active session. This commit is similar, but for the polkit agent. It allows, a polkit agent to be run from a systemd --user service that's not running directly in the users session. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=96977 Applied-upstream: 0.114, commit:00a663e3fb14d8023e7cb6a66d091872bf4f2851 Gbp-Pq: Topic 0.114 Gbp-Pq: Name Support-polkit-session-agent-running-outside-user-session.patch --- src/polkit/polkitunixsession-systemd.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/src/polkit/polkitunixsession-systemd.c b/src/polkit/polkitunixsession-systemd.c index 8a8bf65b..c34f36a9 100644 --- a/src/polkit/polkitunixsession-systemd.c +++ b/src/polkit/polkitunixsession-systemd.c @@ -451,6 +451,7 @@ polkit_unix_session_initable_init (GInitable *initable, PolkitUnixSession *session = POLKIT_UNIX_SESSION (initable); gboolean ret = FALSE; char *s; + uid_t uid; if (session->session_id != NULL) { @@ -467,6 +468,19 @@ polkit_unix_session_initable_init (GInitable *initable, goto out; } + /* Now do process -> uid -> graphical session (systemd version 213)*/ + if (sd_pid_get_owner_uid (session->pid, &uid) < 0) + goto error; + + if (sd_uid_get_display (uid, &s) >= 0) + { + session->session_id = g_strdup (s); + free (s); + ret = TRUE; + goto out; + } + +error: g_set_error (error, POLKIT_ERROR, POLKIT_ERROR_FAILED, -- cgit v1.2.3 From dd355caca8c30b0a31130a3aff52f7223b0b3ac2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Mon, 25 Jun 2018 19:24:06 +0200 Subject: Fix CVE-2018-1116: Trusting client-supplied UID MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit As part of CVE-2013-4288, the D-Bus clients were allowed (and encouraged) to submit the UID of the subject of authorization checks to avoid races against UID changes (notably using executables set-UID to root). However, that also allowed any client to submit an arbitrary UID, and that could be used to bypass "can only ask about / affect the same UID" checks in CheckAuthorization / RegisterAuthenticationAgent / UnregisterAuthenticationAgent. This allowed an attacker: - With CheckAuthorization, to cause the registered authentication agent in victim's session to pop up a dialog, or to determine whether the victim currently has a temporary authorization to perform an operation. (In principle, the attacker can also determine whether JavaScript rules allow the victim process to perform an operation; however, usually rules base their decisions on information determined from the supplied UID, so the attacker usually won't learn anything new.) - With RegisterAuthenticationAgent, to prevent the victim's authentication agent to work (for a specific victim process), or to learn about which operations requiring authorization the victim is attempting. To fix this, expose internal _polkit_unix_process_get_owner() / obsolete polkit_unix_process_get_owner() as a private polkit_unix_process_get_racy_uid__() (being more explicit about the dangers on relying on it), and use it in polkit_backend_session_monitor_get_user_for_subject() to return a boolean indicating whether the subject UID may be caller-chosen. Then, in the permission checks that require the subject to be equal to the caller, fail on caller-chosen UIDs (and continue through the pre-existing code paths which allow root, or root-designated server processes, to ask about arbitrary subjects.) Signed-off-by: Miloslav Trmač Origin: upstream, 0.115, commit:bc7ffad53643a9c80231fc41f5582d6a8931c32c Gbp-Pq: Topic 0.115 Gbp-Pq: Name Fix-CVE-2018-1116-Trusting-client-supplied-UID.patch --- src/polkit/polkitprivate.h | 2 + src/polkit/polkitunixprocess.c | 60 ++++++++++++++++++---- .../polkitbackendinteractiveauthority.c | 39 +++++++++----- .../polkitbackendsessionmonitor-systemd.c | 38 ++++++++++++-- src/polkitbackend/polkitbackendsessionmonitor.c | 40 +++++++++++++-- src/polkitbackend/polkitbackendsessionmonitor.h | 1 + 6 files changed, 147 insertions(+), 33 deletions(-) diff --git a/src/polkit/polkitprivate.h b/src/polkit/polkitprivate.h index 7f5c4634..6274bc90 100644 --- a/src/polkit/polkitprivate.h +++ b/src/polkit/polkitprivate.h @@ -44,6 +44,8 @@ GVariant *polkit_action_description_to_gvariant (PolkitActionDescription *action GVariant *polkit_subject_to_gvariant (PolkitSubject *subject); GVariant *polkit_identity_to_gvariant (PolkitIdentity *identity); +gint polkit_unix_process_get_racy_uid__ (PolkitUnixProcess *process, GError **error); + PolkitSubject *polkit_subject_new_for_gvariant (GVariant *variant, GError **error); PolkitIdentity *polkit_identity_new_for_gvariant (GVariant *variant, GError **error); diff --git a/src/polkit/polkitunixprocess.c b/src/polkit/polkitunixprocess.c index 913be3ac..464f034c 100644 --- a/src/polkit/polkitunixprocess.c +++ b/src/polkit/polkitunixprocess.c @@ -49,6 +49,14 @@ * To uniquely identify processes, both the process id and the start * time of the process (a monotonic increasing value representing the * time since the kernel was started) is used. + * + * NOTE: This object stores, and provides access to, the real UID of the + * process. That value can change over time (with set*uid*(2) and exec*(2)). + * Checks whether an operation is allowed need to take care to use the UID + * value as of the time when the operation was made (or, following the open() + * privilege check model, when the connection making the operation possible + * was initiated). That is usually done by initializing this with + * polkit_unix_process_new_for_owner() with trusted data. */ /** @@ -83,9 +91,6 @@ static void subject_iface_init (PolkitSubjectIface *subject_iface); static guint64 get_start_time_for_pid (gint pid, GError **error); -static gint _polkit_unix_process_get_owner (PolkitUnixProcess *process, - GError **error); - #ifdef HAVE_FREEBSD static gboolean get_kinfo_proc (gint pid, struct kinfo_proc *p); #endif @@ -170,7 +175,7 @@ polkit_unix_process_constructed (GObject *object) { GError *error; error = NULL; - process->uid = _polkit_unix_process_get_owner (process, &error); + process->uid = polkit_unix_process_get_racy_uid__ (process, &error); if (error != NULL) { process->uid = -1; @@ -259,6 +264,12 @@ polkit_unix_process_class_init (PolkitUnixProcessClass *klass) * Gets the user id for @process. Note that this is the real user-id, * not the effective user-id. * + * NOTE: The UID may change over time, so the returned value may not match the + * current state of the underlying process; or the UID may have been set by + * polkit_unix_process_new_for_owner() or polkit_unix_process_set_uid(), + * in which case it may not correspond to the actual UID of the referenced + * process at all (at any point in time). + * * Returns: The user id for @process or -1 if unknown. */ gint @@ -655,18 +666,26 @@ out: return start_time; } -static gint -_polkit_unix_process_get_owner (PolkitUnixProcess *process, - GError **error) +/* + * Private: Return the "current" UID. Note that this is inherently racy, + * and the value may already be obsolete by the time this function returns; + * this function only guarantees that the UID was valid at some point during + * its execution. + */ +gint +polkit_unix_process_get_racy_uid__ (PolkitUnixProcess *process, + GError **error) { gint result; gchar *contents; gchar **lines; + guint64 start_time; #ifdef HAVE_FREEBSD struct kinfo_proc p; #else gchar filename[64]; guint n; + GError *local_error; #endif g_return_val_if_fail (POLKIT_IS_UNIX_PROCESS (process), 0); @@ -689,6 +708,7 @@ _polkit_unix_process_get_owner (PolkitUnixProcess *process, } result = p.ki_uid; + start_time = (guint64) p.ki_start.tv_sec; #else /* see 'man proc' for layout of the status file @@ -722,17 +742,37 @@ _polkit_unix_process_get_owner (PolkitUnixProcess *process, else { result = real_uid; - goto out; + goto found; } } - g_set_error (error, POLKIT_ERROR, POLKIT_ERROR_FAILED, "Didn't find any line starting with `Uid:' in file %s", filename); + goto out; + +found: + /* The UID and start time are, sadly, not available in a single file. So, + * read the UID first, and then the start time; if the start time is the same + * before and after reading the UID, it couldn't have changed. + */ + local_error = NULL; + start_time = get_start_time_for_pid (process->pid, &local_error); + if (local_error != NULL) + { + g_propagate_error (error, local_error); + goto out; + } #endif + if (process->start_time != start_time) + { + g_set_error (error, POLKIT_ERROR, POLKIT_ERROR_FAILED, + "process with PID %d has been replaced", process->pid); + goto out; + } + out: g_strfreev (lines); g_free (contents); @@ -744,5 +784,5 @@ gint polkit_unix_process_get_owner (PolkitUnixProcess *process, GError **error) { - return _polkit_unix_process_get_owner (process, error); + return polkit_unix_process_get_racy_uid__ (process, error); } diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c index 73d0a0e2..97a8d800 100644 --- a/src/polkitbackend/polkitbackendinteractiveauthority.c +++ b/src/polkitbackend/polkitbackendinteractiveauthority.c @@ -563,7 +563,7 @@ log_result (PolkitBackendInteractiveAuthority *authority, if (polkit_authorization_result_get_is_authorized (result)) log_result_str = "ALLOWING"; - user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, subject, NULL); + user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, subject, NULL, NULL); subject_str = polkit_subject_to_string (subject); @@ -837,6 +837,7 @@ polkit_backend_interactive_authority_check_authorization (PolkitBackendAuthority gchar *subject_str; PolkitIdentity *user_of_caller; PolkitIdentity *user_of_subject; + gboolean user_of_subject_matches; gchar *user_of_caller_str; gchar *user_of_subject_str; PolkitAuthorizationResult *result; @@ -882,7 +883,7 @@ polkit_backend_interactive_authority_check_authorization (PolkitBackendAuthority action_id); user_of_caller = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, - caller, + caller, NULL, &error); if (error != NULL) { @@ -897,7 +898,7 @@ polkit_backend_interactive_authority_check_authorization (PolkitBackendAuthority g_debug (" user of caller is %s", user_of_caller_str); user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, - subject, + subject, &user_of_subject_matches, &error); if (error != NULL) { @@ -927,7 +928,10 @@ polkit_backend_interactive_authority_check_authorization (PolkitBackendAuthority * We only allow this if, and only if, * * - processes may check for another process owned by the *same* user but not - * if details are passed (otherwise you'd be able to spoof the dialog) + * if details are passed (otherwise you'd be able to spoof the dialog); + * the caller supplies the user_of_subject value, so we additionally + * require it to match at least at one point in time (via + * user_of_subject_matches). * * - processes running as uid 0 may check anything and pass any details * @@ -935,7 +939,9 @@ polkit_backend_interactive_authority_check_authorization (PolkitBackendAuthority * then any uid referenced by that annotation is also allowed to check * to check anything and pass any details */ - if (!polkit_identity_equal (user_of_caller, user_of_subject) || has_details) + if (!user_of_subject_matches + || !polkit_identity_equal (user_of_caller, user_of_subject) + || has_details) { if (!may_identity_check_authorization (interactive_authority, action_id, user_of_caller)) { @@ -1102,9 +1108,10 @@ check_authorization_sync (PolkitBackendAuthority *authority, goto out; } - /* every subject has a user */ + /* every subject has a user; this is supplied by the client, so we rely + * on the caller to validate its acceptability. */ user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, - subject, + subject, NULL, error); if (user_of_subject == NULL) goto out; @@ -2319,6 +2326,7 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken PolkitSubject *session_for_caller; PolkitIdentity *user_of_caller; PolkitIdentity *user_of_subject; + gboolean user_of_subject_matches; AuthenticationAgent *agent; gboolean ret; gchar *caller_cmdline; @@ -2371,7 +2379,7 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken goto out; } - user_of_caller = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, caller, NULL); + user_of_caller = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, caller, NULL, NULL); if (user_of_caller == NULL) { g_set_error (error, @@ -2380,7 +2388,7 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken "Cannot determine user of caller"); goto out; } - user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, subject, NULL); + user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, subject, &user_of_subject_matches, NULL); if (user_of_subject == NULL) { g_set_error (error, @@ -2389,7 +2397,8 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken "Cannot determine user of subject"); goto out; } - if (!polkit_identity_equal (user_of_caller, user_of_subject)) + if (!user_of_subject_matches + || !polkit_identity_equal (user_of_caller, user_of_subject)) { if (POLKIT_IS_UNIX_USER (user_of_caller) && polkit_unix_user_get_uid (POLKIT_UNIX_USER (user_of_caller)) == 0) { @@ -2482,6 +2491,7 @@ polkit_backend_interactive_authority_unregister_authentication_agent (PolkitBack PolkitSubject *session_for_caller; PolkitIdentity *user_of_caller; PolkitIdentity *user_of_subject; + gboolean user_of_subject_matches; AuthenticationAgent *agent; gboolean ret; gchar *scope_str; @@ -2530,7 +2540,7 @@ polkit_backend_interactive_authority_unregister_authentication_agent (PolkitBack goto out; } - user_of_caller = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, caller, NULL); + user_of_caller = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, caller, NULL, NULL); if (user_of_caller == NULL) { g_set_error (error, @@ -2539,7 +2549,7 @@ polkit_backend_interactive_authority_unregister_authentication_agent (PolkitBack "Cannot determine user of caller"); goto out; } - user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, subject, NULL); + user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, subject, &user_of_subject_matches, NULL); if (user_of_subject == NULL) { g_set_error (error, @@ -2548,7 +2558,8 @@ polkit_backend_interactive_authority_unregister_authentication_agent (PolkitBack "Cannot determine user of subject"); goto out; } - if (!polkit_identity_equal (user_of_caller, user_of_subject)) + if (!user_of_subject_matches + || !polkit_identity_equal (user_of_caller, user_of_subject)) { if (POLKIT_IS_UNIX_USER (user_of_caller) && polkit_unix_user_get_uid (POLKIT_UNIX_USER (user_of_caller)) == 0) { @@ -2658,7 +2669,7 @@ polkit_backend_interactive_authority_authentication_agent_response (PolkitBacken identity_str); user_of_caller = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, - caller, + caller, NULL, error); if (user_of_caller == NULL) goto out; diff --git a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c index 6bd517ab..773256e3 100644 --- a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c +++ b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c @@ -29,6 +29,7 @@ #include #include +#include #include "polkitbackendsessionmonitor.h" /* @@ -246,26 +247,40 @@ polkit_backend_session_monitor_get_sessions (PolkitBackendSessionMonitor *monito * polkit_backend_session_monitor_get_user: * @monitor: A #PolkitBackendSessionMonitor. * @subject: A #PolkitSubject. + * @result_matches: If not %NULL, set to indicate whether the return value matches current (RACY) state. * @error: Return location for error. * * Gets the user corresponding to @subject or %NULL if no user exists. * + * NOTE: For a #PolkitUnixProcess, the UID is read from @subject (which may + * come from e.g. a D-Bus client), so it may not correspond to the actual UID + * of the referenced process (at any point in time). This is indicated by + * setting @result_matches to %FALSE; the caller may reject such subjects or + * require additional privileges. @result_matches == %TRUE only indicates that + * the UID matched the underlying process at ONE point in time, it may not match + * later. + * * Returns: %NULL if @error is set otherwise a #PolkitUnixUser that should be freed with g_object_unref(). */ PolkitIdentity * polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor *monitor, PolkitSubject *subject, + gboolean *result_matches, GError **error) { PolkitIdentity *ret; - guint32 uid; + gboolean matches; ret = NULL; + matches = FALSE; if (POLKIT_IS_UNIX_PROCESS (subject)) { - uid = polkit_unix_process_get_uid (POLKIT_UNIX_PROCESS (subject)); - if ((gint) uid == -1) + gint subject_uid, current_uid; + GError *local_error; + + subject_uid = polkit_unix_process_get_uid (POLKIT_UNIX_PROCESS (subject)); + if (subject_uid == -1) { g_set_error (error, POLKIT_ERROR, @@ -273,14 +288,24 @@ polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor "Unix process subject does not have uid set"); goto out; } - ret = polkit_unix_user_new (uid); + local_error = NULL; + current_uid = polkit_unix_process_get_racy_uid__ (POLKIT_UNIX_PROCESS (subject), &local_error); + if (local_error != NULL) + { + g_propagate_error (error, local_error); + goto out; + } + ret = polkit_unix_user_new (subject_uid); + matches = (subject_uid == current_uid); } else if (POLKIT_IS_SYSTEM_BUS_NAME (subject)) { ret = (PolkitIdentity*)polkit_system_bus_name_get_user_sync (POLKIT_SYSTEM_BUS_NAME (subject), NULL, error); + matches = TRUE; } else if (POLKIT_IS_UNIX_SESSION (subject)) { + uid_t uid; if (sd_session_get_uid (polkit_unix_session_get_session_id (POLKIT_UNIX_SESSION (subject)), &uid) < 0) { @@ -292,9 +317,14 @@ polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor } ret = polkit_unix_user_new (uid); + matches = TRUE; } out: + if (result_matches != NULL) + { + *result_matches = matches; + } return ret; } diff --git a/src/polkitbackend/polkitbackendsessionmonitor.c b/src/polkitbackend/polkitbackendsessionmonitor.c index e1a9ab3a..ed307559 100644 --- a/src/polkitbackend/polkitbackendsessionmonitor.c +++ b/src/polkitbackend/polkitbackendsessionmonitor.c @@ -27,6 +27,7 @@ #include #include +#include #include "polkitbackendsessionmonitor.h" #define CKDB_PATH "/var/run/ConsoleKit/database" @@ -273,28 +274,40 @@ polkit_backend_session_monitor_get_sessions (PolkitBackendSessionMonitor *monito * polkit_backend_session_monitor_get_user: * @monitor: A #PolkitBackendSessionMonitor. * @subject: A #PolkitSubject. + * @result_matches: If not %NULL, set to indicate whether the return value matches current (RACY) state. * @error: Return location for error. * * Gets the user corresponding to @subject or %NULL if no user exists. * + * NOTE: For a #PolkitUnixProcess, the UID is read from @subject (which may + * come from e.g. a D-Bus client), so it may not correspond to the actual UID + * of the referenced process (at any point in time). This is indicated by + * setting @result_matches to %FALSE; the caller may reject such subjects or + * require additional privileges. @result_matches == %TRUE only indicates that + * the UID matched the underlying process at ONE point in time, it may not match + * later. + * * Returns: %NULL if @error is set otherwise a #PolkitUnixUser that should be freed with g_object_unref(). */ PolkitIdentity * polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor *monitor, PolkitSubject *subject, + gboolean *result_matches, GError **error) { PolkitIdentity *ret; + gboolean matches; GError *local_error; - gchar *group; - guint32 uid; ret = NULL; + matches = FALSE; if (POLKIT_IS_UNIX_PROCESS (subject)) { - uid = polkit_unix_process_get_uid (POLKIT_UNIX_PROCESS (subject)); - if ((gint) uid == -1) + gint subject_uid, current_uid; + + subject_uid = polkit_unix_process_get_uid (POLKIT_UNIX_PROCESS (subject)); + if (subject_uid == -1) { g_set_error (error, POLKIT_ERROR, @@ -302,14 +315,26 @@ polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor "Unix process subject does not have uid set"); goto out; } - ret = polkit_unix_user_new (uid); + local_error = NULL; + current_uid = polkit_unix_process_get_racy_uid__ (POLKIT_UNIX_PROCESS (subject), &local_error); + if (local_error != NULL) + { + g_propagate_error (error, local_error); + goto out; + } + ret = polkit_unix_user_new (subject_uid); + matches = (subject_uid == current_uid); } else if (POLKIT_IS_SYSTEM_BUS_NAME (subject)) { ret = (PolkitIdentity*)polkit_system_bus_name_get_user_sync (POLKIT_SYSTEM_BUS_NAME (subject), NULL, error); + matches = TRUE; } else if (POLKIT_IS_UNIX_SESSION (subject)) { + gint uid; + gchar *group; + if (!ensure_database (monitor, error)) { g_prefix_error (error, "Error getting user for session: Error ensuring CK database at " CKDB_PATH ": "); @@ -328,9 +353,14 @@ polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor g_free (group); ret = polkit_unix_user_new (uid); + matches = TRUE; } out: + if (result_matches != NULL) + { + *result_matches = matches; + } return ret; } diff --git a/src/polkitbackend/polkitbackendsessionmonitor.h b/src/polkitbackend/polkitbackendsessionmonitor.h index 8f8a2cae..3972326b 100644 --- a/src/polkitbackend/polkitbackendsessionmonitor.h +++ b/src/polkitbackend/polkitbackendsessionmonitor.h @@ -47,6 +47,7 @@ GList *polkit_backend_session_monitor_get_sessions (Polkit PolkitIdentity *polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor *monitor, PolkitSubject *subject, + gboolean *result_matches, GError **error); PolkitSubject *polkit_backend_session_monitor_get_session_for_subject (PolkitBackendSessionMonitor *monitor, -- cgit v1.2.3 From 4d121d6302cf646170361fe4e77f85cf41e4a500 Mon Sep 17 00:00:00 2001 From: Jan Rybar Date: Thu, 9 Aug 2018 16:46:38 +0200 Subject: Possible resource leak found by static analyzer Origin: upstream, 0.116, commit:542c6ec832919df6a74e16aba574adaeebe35e08 Gbp-Pq: Topic 0.116 Gbp-Pq: Name Possible-resource-leak-found-by-static-analyzer.patch --- src/polkitagent/polkitagentlistener.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/polkitagent/polkitagentlistener.c b/src/polkitagent/polkitagentlistener.c index 2bfda2d5..00038517 100644 --- a/src/polkitagent/polkitagentlistener.c +++ b/src/polkitagent/polkitagentlistener.c @@ -440,6 +440,7 @@ polkit_agent_listener_register_with_options (PolkitAgentListener *listener, server->thread_initialization_error = NULL; g_thread_join (server->thread); server_free (server); + server = NULL; goto out; } } -- cgit v1.2.3 From cb52b43ab9f2ef0a7cc7fbaa63e01b59c5dd5cc6 Mon Sep 17 00:00:00 2001 From: Jan Rybar Date: Wed, 15 Aug 2018 18:50:56 +0200 Subject: Elaborate message printed by polkit when disconnecting from ssh Polkit raises unnecessarily elaborate warning message when user restarts machine from ssh. This message was moved to debug mode. Origin: upstream, 0.116, commit:b1cc525ff5a50e20c9f921f898f0556e07675e58 Gbp-Pq: Topic 0.116 Gbp-Pq: Name Elaborate-message-printed-by-polkit-when-disconnecting-fr.patch --- src/polkitagent/polkitagentlistener.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/src/polkitagent/polkitagentlistener.c b/src/polkitagent/polkitagentlistener.c index 00038517..e0b7b576 100644 --- a/src/polkitagent/polkitagentlistener.c +++ b/src/polkitagent/polkitagentlistener.c @@ -177,10 +177,10 @@ on_notify_authority_owner (GObject *object, owner = polkit_authority_get_owner (server->authority); if (owner == NULL) { - g_printerr ("PolicyKit daemon disconnected from the bus.\n"); + g_debug ("PolicyKit daemon disconnected from the bus.\n"); if (server->is_registered) - g_printerr ("We are no longer a registered authentication agent.\n"); + g_debug ("We are no longer a registered authentication agent.\n"); server->is_registered = FALSE; } @@ -191,17 +191,17 @@ on_notify_authority_owner (GObject *object, { GError *error; - g_printerr ("PolicyKit daemon reconnected to bus.\n"); - g_printerr ("Attempting to re-register as an authentication agent.\n"); + g_debug ("PolicyKit daemon reconnected to bus.\n"); + g_debug ("Attempting to re-register as an authentication agent.\n"); error = NULL; if (server_register (server, &error)) { - g_printerr ("We are now a registered authentication agent.\n"); + g_debug ("We are now a registered authentication agent.\n"); } else { - g_printerr ("Failed to register as an authentication agent: %s\n", error->message); + g_debug ("Failed to register as an authentication agent: %s\n", error->message); g_error_free (error); } } -- cgit v1.2.3 From 0b3f4713dc0c766d7da25799258fd88403b23646 Mon Sep 17 00:00:00 2001 From: Jan Rybar Date: Wed, 15 Aug 2018 18:56:43 +0200 Subject: Error message raised on every 'systemctl start' in emergency.target Superuser should know that polkit is not running in emergency.target. If not, basic info with debug sources is offered instead of error message. Other usecases taken into account. Origin: upstream, 0.116, commit:8c1bc8ab182f33a55503d30aa7a4ee96f822d903 Gbp-Pq: Topic 0.116 Gbp-Pq: Name Error-message-raised-on-every-systemctl-start-in-emergenc.patch --- src/programs/pkttyagent.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/programs/pkttyagent.c b/src/programs/pkttyagent.c index 488ca8b2..fe747657 100644 --- a/src/programs/pkttyagent.c +++ b/src/programs/pkttyagent.c @@ -180,7 +180,8 @@ main (int argc, char *argv[]) authority = polkit_authority_get_sync (NULL /* GCancellable* */, &error); if (authority == NULL) { - g_printerr ("Error getting authority: %s (%s, %d)\n", + g_printerr ("Authorization not available. Check if polkit service is running or see debug message for more information.\n"); + g_debug ("Error getting authority: %s (%s, %d)\n", error->message, g_quark_to_string (error->domain), error->code); g_error_free (error); ret = 127; -- cgit v1.2.3 From c404a324ea5b18168e368c0591920de1757c4bb6 Mon Sep 17 00:00:00 2001 From: Richard Hughes Date: Thu, 19 Oct 2017 13:43:22 +0100 Subject: Fix a critical warning on calling polkit_permission_new_sync with no system bus Origin: upstream, 0.116, commit:984d16e6d21c6d6b0fc28d4fe7fe82575a43c95b Gbp-Pq: Topic 0.116 Gbp-Pq: Name Fix-a-critical-warning-on-calling-polkit_permission_new_s.patch --- src/polkit/polkitpermission.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/src/polkit/polkitpermission.c b/src/polkit/polkitpermission.c index f264094d..d4b24591 100644 --- a/src/polkit/polkitpermission.c +++ b/src/polkit/polkitpermission.c @@ -137,10 +137,13 @@ polkit_permission_finalize (GObject *object) g_free (permission->tmp_authz_id); g_object_unref (permission->subject); - g_signal_handlers_disconnect_by_func (permission->authority, - on_authority_changed, - permission); - g_object_unref (permission->authority); + if (permission->authority != NULL) + { + g_signal_handlers_disconnect_by_func (permission->authority, + on_authority_changed, + permission); + g_object_unref (permission->authority); + } if (G_OBJECT_CLASS (polkit_permission_parent_class)->finalize != NULL) G_OBJECT_CLASS (polkit_permission_parent_class)->finalize (object); -- cgit v1.2.3 From 0d067867a7110e2396d9e7db7560f25ed058c9b7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Mon, 3 Dec 2018 10:28:58 +0100 Subject: Allow negative uids/gids in PolkitUnixUser and Group objects (uid_t) -1 is still used as placeholder to mean "unset". This is OK, since there should be no users with such number, see https://systemd.io/UIDS-GIDS#special-linux-uids. (uid_t) -1 is used as the default value in class initialization. When a user or group above INT32_MAX is created, the numeric uid or gid wraps around to negative when the value is assigned to gint, and polkit gets confused. Let's accept such gids, except for -1. A nicer fix would be to change the underlying type to e.g. uint32 to not have negative values. But this cannot be done without breaking the API, so likely new functions will have to be added (a polkit_unix_user_new variant that takes a unsigned, and the same for _group_new, _set_uid, _get_uid, _set_gid, _get_gid, etc.). This will require a bigger patch. Fixes https://gitlab.freedesktop.org/polkit/polkit/issues/74. (cherry picked from commit 2cb40c4d5feeaa09325522bd7d97910f1b59e379) Gbp-Pq: Topic 0.116 Gbp-Pq: Name Allow-negative-uids-gids-in-PolkitUnixUser-and-Group-obje.patch --- src/polkit/polkitunixgroup.c | 15 +++++++++++---- src/polkit/polkitunixprocess.c | 12 ++++++++---- src/polkit/polkitunixuser.c | 13 ++++++++++--- 3 files changed, 29 insertions(+), 11 deletions(-) diff --git a/src/polkit/polkitunixgroup.c b/src/polkit/polkitunixgroup.c index c57a1aaa..309f6891 100644 --- a/src/polkit/polkitunixgroup.c +++ b/src/polkit/polkitunixgroup.c @@ -71,6 +71,7 @@ G_DEFINE_TYPE_WITH_CODE (PolkitUnixGroup, polkit_unix_group, G_TYPE_OBJECT, static void polkit_unix_group_init (PolkitUnixGroup *unix_group) { + unix_group->gid = -1; /* (git_t) -1 is not a valid GID under Linux */ } static void @@ -100,11 +101,14 @@ polkit_unix_group_set_property (GObject *object, GParamSpec *pspec) { PolkitUnixGroup *unix_group = POLKIT_UNIX_GROUP (object); + gint val; switch (prop_id) { case PROP_GID: - unix_group->gid = g_value_get_int (value); + val = g_value_get_int (value); + g_return_if_fail (val != -1); + unix_group->gid = val; break; default: @@ -131,9 +135,9 @@ polkit_unix_group_class_init (PolkitUnixGroupClass *klass) g_param_spec_int ("gid", "Group ID", "The UNIX group ID", - 0, + G_MININT, G_MAXINT, - 0, + -1, G_PARAM_CONSTRUCT | G_PARAM_READWRITE | G_PARAM_STATIC_NAME | @@ -166,9 +170,10 @@ polkit_unix_group_get_gid (PolkitUnixGroup *group) */ void polkit_unix_group_set_gid (PolkitUnixGroup *group, - gint gid) + gint gid) { g_return_if_fail (POLKIT_IS_UNIX_GROUP (group)); + g_return_if_fail (gid != -1); group->gid = gid; } @@ -183,6 +188,8 @@ polkit_unix_group_set_gid (PolkitUnixGroup *group, PolkitIdentity * polkit_unix_group_new (gint gid) { + g_return_val_if_fail (gid != -1, NULL); + return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_GROUP, "gid", gid, NULL)); diff --git a/src/polkit/polkitunixprocess.c b/src/polkit/polkitunixprocess.c index 464f034c..02a083f7 100644 --- a/src/polkit/polkitunixprocess.c +++ b/src/polkit/polkitunixprocess.c @@ -147,9 +147,14 @@ polkit_unix_process_set_property (GObject *object, polkit_unix_process_set_pid (unix_process, g_value_get_int (value)); break; - case PROP_UID: - polkit_unix_process_set_uid (unix_process, g_value_get_int (value)); + case PROP_UID: { + gint val; + + val = g_value_get_int (value); + g_return_if_fail (val != -1); + polkit_unix_process_set_uid (unix_process, val); break; + } case PROP_START_TIME: polkit_unix_process_set_start_time (unix_process, g_value_get_uint64 (value)); @@ -227,7 +232,7 @@ polkit_unix_process_class_init (PolkitUnixProcessClass *klass) g_param_spec_int ("uid", "User ID", "The UNIX user ID", - -1, + G_MININT, G_MAXINT, -1, G_PARAM_CONSTRUCT | @@ -291,7 +296,6 @@ polkit_unix_process_set_uid (PolkitUnixProcess *process, gint uid) { g_return_if_fail (POLKIT_IS_UNIX_PROCESS (process)); - g_return_if_fail (uid >= -1); process->uid = uid; } diff --git a/src/polkit/polkitunixuser.c b/src/polkit/polkitunixuser.c index 8bfd3a1f..234a6976 100644 --- a/src/polkit/polkitunixuser.c +++ b/src/polkit/polkitunixuser.c @@ -72,6 +72,7 @@ G_DEFINE_TYPE_WITH_CODE (PolkitUnixUser, polkit_unix_user, G_TYPE_OBJECT, static void polkit_unix_user_init (PolkitUnixUser *unix_user) { + unix_user->uid = -1; /* (uid_t) -1 is not a valid UID under Linux */ unix_user->name = NULL; } @@ -112,11 +113,14 @@ polkit_unix_user_set_property (GObject *object, GParamSpec *pspec) { PolkitUnixUser *unix_user = POLKIT_UNIX_USER (object); + gint val; switch (prop_id) { case PROP_UID: - unix_user->uid = g_value_get_int (value); + val = g_value_get_int (value); + g_return_if_fail (val != -1); + unix_user->uid = val; break; default: @@ -144,9 +148,9 @@ polkit_unix_user_class_init (PolkitUnixUserClass *klass) g_param_spec_int ("uid", "User ID", "The UNIX user ID", - 0, + G_MININT, G_MAXINT, - 0, + -1, G_PARAM_CONSTRUCT | G_PARAM_READWRITE | G_PARAM_STATIC_NAME | @@ -182,6 +186,7 @@ polkit_unix_user_set_uid (PolkitUnixUser *user, gint uid) { g_return_if_fail (POLKIT_IS_UNIX_USER (user)); + g_return_if_fail (uid != -1); user->uid = uid; } @@ -196,6 +201,8 @@ polkit_unix_user_set_uid (PolkitUnixUser *user, PolkitIdentity * polkit_unix_user_new (gint uid) { + g_return_val_if_fail (uid != -1, NULL); + return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_USER, "uid", uid, NULL)); -- cgit v1.2.3 From 650081fc0718ce52046ea350ef0950847e71c860 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Mon, 3 Dec 2018 11:20:34 +0100 Subject: tests: add tests for high uids Modified by Marc Deslauriers for polkit 105 (cherry picked from commit b534a10727455409acd54018a9c91000e7626126) Gbp-Pq: Topic 0.116 Gbp-Pq: Name tests-add-tests-for-high-uids.patch --- test/data/etc/group | 1 + test/data/etc/passwd | 2 ++ .../localauthority/10-test/com.example.pkla | 13 +++++++ .../polkitbackendlocalauthoritytest.c | 41 +++++++++++++++++++++- 4 files changed, 56 insertions(+), 1 deletion(-) diff --git a/test/data/etc/group b/test/data/etc/group index 12ef328b..b9acab97 100644 --- a/test/data/etc/group +++ b/test/data/etc/group @@ -5,3 +5,4 @@ john:x:500: jane:x:501: sally:x:502: henry:x:503: +highuid2:x:4000000000: diff --git a/test/data/etc/passwd b/test/data/etc/passwd index 8544febc..5cf14a56 100644 --- a/test/data/etc/passwd +++ b/test/data/etc/passwd @@ -3,3 +3,5 @@ john:x:500:500:John Done:/home/john:/bin/bash jane:x:501:501:Jane Smith:/home/jane:/bin/bash sally:x:502:502:Sally Derp:/home/sally:/bin/bash henry:x:503:503:Henry Herp:/home/henry:/bin/bash +highuid1:x:2147483648:2147483648:The first high uid:/home/highuid1:/sbin/nologin +highuid2:x:4000000000:4000000000:An example high uid:/home/example:/sbin/nologin diff --git a/test/data/etc/polkit-1/localauthority/10-test/com.example.pkla b/test/data/etc/polkit-1/localauthority/10-test/com.example.pkla index bc64c5e9..a35f9a37 100644 --- a/test/data/etc/polkit-1/localauthority/10-test/com.example.pkla +++ b/test/data/etc/polkit-1/localauthority/10-test/com.example.pkla @@ -12,3 +12,16 @@ ResultAny=no ResultInactive=auth_self ResultActive=yes +[User john can do this] +Identity=unix-user:john +Action=net.company.john_action +ResultAny=no +ResultInactive=auth_self +ResultActive=yes + +[User highuid2 can do this] +Identity=unix-user:highuid2 +Action=net.company.highuid2_action +ResultAny=no +ResultInactive=auth_self +ResultActive=yes diff --git a/test/polkitbackend/polkitbackendlocalauthoritytest.c b/test/polkitbackend/polkitbackendlocalauthoritytest.c index 617c2549..b0bfefef 100644 --- a/test/polkitbackend/polkitbackendlocalauthoritytest.c +++ b/test/polkitbackend/polkitbackendlocalauthoritytest.c @@ -226,7 +226,46 @@ struct auth_context check_authorization_test_data [] = { {"unix-user:jane", TRUE, TRUE, "com.example.awesomeproduct.bar", POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED}, - + /* highuid1 is not a member of group 'users', see test/data/etc/group + * group_membership_with_non_member(highuid22) */ + {"unix-user:highuid2", TRUE, TRUE, "com.example.awesomeproduct.foo", + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN}, + /* highuid2 is not a member of group 'users', see test/data/etc/group + * group_membership_with_non_member(highuid21) */ + {"unix-user:highuid2", TRUE, TRUE, "com.example.awesomeproduct.foo", + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN}, + /* highuid1 is not a member of group 'users', see test/data/etc/group + * group_membership_with_non_member(highuid24) */ + {"unix-user:2147483648", TRUE, TRUE, "com.example.awesomeproduct.foo", + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN}, + /* highuid2 is not a member of group 'users', see test/data/etc/group + * group_membership_with_non_member(highuid23) */ + {"unix-user:4000000000", TRUE, TRUE, "com.example.awesomeproduct.foo", + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN}, + /* john is authorized to do this, see com.example.pkla + * john_action */ + {"unix-user:john", TRUE, TRUE, "net.company.john_action", + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, + POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED}, + /* only john is authorized to do this, see com.example.pkla + * jane_action */ + {"unix-user:jane", TRUE, TRUE, "net.company.john_action", + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN}, + /* highuid2 is authorized to do this, see com.example.pkla + * highuid2_action */ + {"unix-user:highuid2", TRUE, TRUE, "net.company.highuid2_action", + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, + POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED}, + /* only highuid2 is authorized to do this, see com.example.pkla + * highuid1_action */ + {"unix-user:highuid1", TRUE, TRUE, "net.company.highuid2_action", + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN}, {NULL}, }; -- cgit v1.2.3 From be337e3f522c7afa54d864af20c3cd99d42767f5 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Fri, 4 Jan 2019 14:24:48 -0500 Subject: backend: Compare PolkitUnixProcess uids for temporary authorizations It turns out that the combination of `(pid, start time)` is not enough to be unique. For temporary authorizations, we can avoid separate users racing on pid reuse by simply comparing the uid. https://bugs.chromium.org/p/project-zero/issues/detail?id=1692 And the above original email report is included in full in a new comment. Reported-by: Jann Horn Bug: https://gitlab.freedesktop.org/polkit/polkit/issues/75 Origin: upstream, 0.116, commit:6cc6aafee135ba44ea748250d7d29b562ca190e3 Gbp-Pq: Topic 0.116 Gbp-Pq: Name backend-Compare-PolkitUnixProcess-uids-for-temporary-auth.patch --- src/polkit/polkitsubject.c | 2 + src/polkit/polkitunixprocess.c | 71 +++++++++++++++++++++- .../polkitbackendinteractiveauthority.c | 39 +++++++++++- 3 files changed, 110 insertions(+), 2 deletions(-) diff --git a/src/polkit/polkitsubject.c b/src/polkit/polkitsubject.c index 78ec745a..fadcfe9b 100644 --- a/src/polkit/polkitsubject.c +++ b/src/polkit/polkitsubject.c @@ -99,6 +99,8 @@ polkit_subject_hash (PolkitSubject *subject) * @b: A #PolkitSubject. * * Checks if @a and @b are equal, ie. represent the same subject. + * However, avoid calling polkit_subject_equal() to compare two processes; + * for more information see the `PolkitUnixProcess` documentation. * * This function can be used in e.g. g_hash_table_new(). * diff --git a/src/polkit/polkitunixprocess.c b/src/polkit/polkitunixprocess.c index 02a083f7..fc5afa1c 100644 --- a/src/polkit/polkitunixprocess.c +++ b/src/polkit/polkitunixprocess.c @@ -44,7 +44,10 @@ * @title: PolkitUnixProcess * @short_description: Unix processs * - * An object for representing a UNIX process. + * An object for representing a UNIX process. NOTE: This object as + * designed is now known broken; a mechanism to exploit a delay in + * start time in the Linux kernel was identified. Avoid + * calling polkit_subject_equal() to compare two processes. * * To uniquely identify processes, both the process id and the start * time of the process (a monotonic increasing value representing the @@ -59,6 +62,72 @@ * polkit_unix_process_new_for_owner() with trusted data. */ +/* See https://gitlab.freedesktop.org/polkit/polkit/issues/75 + + But quoting the original email in full here to ensure it's preserved: + + From: Jann Horn + Subject: [SECURITY] polkit: temporary auth hijacking via PID reuse and non-atomic fork + Date: Wednesday, October 10, 2018 5:34 PM + +When a (non-root) user attempts to e.g. control systemd units in the system +instance from an active session over DBus, the access is gated by a polkit +policy that requires "auth_admin_keep" auth. This results in an auth prompt +being shown to the user, asking the user to confirm the action by entering the +password of an administrator account. + +After the action has been confirmed, the auth decision for "auth_admin_keep" is +cached for up to five minutes. Subject to some restrictions, similar actions can +then be performed in this timespan without requiring re-auth: + + - The PID of the DBus client requesting the new action must match the PID of + the DBus client requesting the old action (based on SO_PEERCRED information + forwarded by the DBus daemon). + - The "start time" of the client's PID (as seen in /proc/$pid/stat, field 22) + must not have changed. The granularity of this timestamp is in the + millisecond range. + - polkit polls every two seconds whether a process with the expected start time + still exists. If not, the temporary auth entry is purged. + +Without the start time check, this would obviously be buggy because an attacker +could simply wait for the legitimate client to disappear, then create a new +client with the same PID. + +Unfortunately, the start time check is bypassable because fork() is not atomic. +Looking at the source code of copy_process() in the kernel: + + p->start_time = ktime_get_ns(); + p->real_start_time = ktime_get_boot_ns(); + [...] + retval = copy_thread_tls(clone_flags, stack_start, stack_size, p, tls); + if (retval) + goto bad_fork_cleanup_io; + + if (pid != &init_struct_pid) { + pid = alloc_pid(p->nsproxy->pid_ns_for_children); + if (IS_ERR(pid)) { + retval = PTR_ERR(pid); + goto bad_fork_cleanup_thread; + } + } + +The ktime_get_boot_ns() call is where the "start time" of the process is +recorded. The alloc_pid() call is where a free PID is allocated. In between +these, some time passes; and because the copy_thread_tls() call between them can +access userspace memory when sys_clone() is invoked through the 32-bit syscall +entry point, an attacker can even stall the kernel arbitrarily long at this +point (by supplying a pointer into userspace memory that is associated with a +userfaultfd or is backed by a custom FUSE filesystem). + +This means that an attacker can immediately call sys_clone() when the victim +process is created, often resulting in a process that has the exact same start +time reported in procfs; and then the attacker can delay the alloc_pid() call +until after the victim process has died and the PID assignment has cycled +around. This results in an attacker process that polkit can't distinguish from +the victim process. +*/ + + /** * PolkitUnixProcess: * diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c index 97a8d800..1e17dfd5 100644 --- a/src/polkitbackend/polkitbackendinteractiveauthority.c +++ b/src/polkitbackend/polkitbackendinteractiveauthority.c @@ -2870,6 +2870,43 @@ temporary_authorization_store_free (TemporaryAuthorizationStore *store) g_free (store); } +/* See the comment at the top of polkitunixprocess.c */ +static gboolean +subject_equal_for_authz (PolkitSubject *a, + PolkitSubject *b) +{ + if (!polkit_subject_equal (a, b)) + return FALSE; + + /* Now special case unix processes, as we want to protect against + * pid reuse by including the UID. + */ + if (POLKIT_IS_UNIX_PROCESS (a) && POLKIT_IS_UNIX_PROCESS (b)) { + PolkitUnixProcess *ap = (PolkitUnixProcess*)a; + int uid_a = polkit_unix_process_get_uid ((PolkitUnixProcess*)a); + PolkitUnixProcess *bp = (PolkitUnixProcess*)b; + int uid_b = polkit_unix_process_get_uid ((PolkitUnixProcess*)b); + + if (uid_a != -1 && uid_b != -1) + { + if (uid_a == uid_b) + { + return TRUE; + } + else + { + g_printerr ("denying slowfork; pid %d uid %d != %d!\n", + polkit_unix_process_get_pid (ap), + uid_a, uid_b); + return FALSE; + } + } + /* Fall through; one of the uids is unset so we can't reliably compare */ + } + + return TRUE; +} + static gboolean temporary_authorization_store_has_authorization (TemporaryAuthorizationStore *store, PolkitSubject *subject, @@ -2912,7 +2949,7 @@ temporary_authorization_store_has_authorization (TemporaryAuthorizationStore *st TemporaryAuthorization *authorization = l->data; if (strcmp (action_id, authorization->action_id) == 0 && - polkit_subject_equal (subject_to_use, authorization->subject)) + subject_equal_for_authz (subject_to_use, authorization->subject)) { ret = TRUE; if (out_tmp_authz_id != NULL) -- cgit v1.2.3 From 08b9f3712149b06a504eb9289c7f5c8a7d43e97d Mon Sep 17 00:00:00 2001 From: Matthew Leeds Date: Tue, 11 Dec 2018 12:04:26 -0800 Subject: Allow uid of -1 for a PolkitUnixProcess Commit 2cb40c4d5 changed PolkitUnixUser, PolkitUnixGroup, and PolkitUnixProcess to allow negative values for their uid/gid properties, since these are values above INT_MAX which wrap around but are still valid, with the exception of -1 which is not valid. However, PolkitUnixProcess allows a uid of -1 to be passed to polkit_unix_process_new_for_owner() which means polkit is expected to figure out the uid on its own (this happens in the _constructed function). So this commit removes the check in polkit_unix_process_set_property() so that new_for_owner() can be used as documented without producing a critical error message. This does not affect the protection against CVE-2018-19788 which is based on creating a user with a UID up to but not including 4294967295 (-1). Gbp-Pq: Topic 0.116 Gbp-Pq: Name Allow-uid-of-1-for-a-PolkitUnixProcess.patch --- src/polkit/polkitunixprocess.c | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/src/polkit/polkitunixprocess.c b/src/polkit/polkitunixprocess.c index fc5afa1c..53537fa5 100644 --- a/src/polkit/polkitunixprocess.c +++ b/src/polkit/polkitunixprocess.c @@ -216,14 +216,9 @@ polkit_unix_process_set_property (GObject *object, polkit_unix_process_set_pid (unix_process, g_value_get_int (value)); break; - case PROP_UID: { - gint val; - - val = g_value_get_int (value); - g_return_if_fail (val != -1); - polkit_unix_process_set_uid (unix_process, val); + case PROP_UID: + polkit_unix_process_set_uid (unix_process, g_value_get_int (value)); break; - } case PROP_START_TIME: polkit_unix_process_set_start_time (unix_process, g_value_get_uint64 (value)); -- cgit v1.2.3 From 88e5f46b221e3a4f940e6ec5eceef3dde4f08b15 Mon Sep 17 00:00:00 2001 From: Jan Rybar Date: Fri, 15 Mar 2019 16:07:53 +0000 Subject: pkttyagent: PolkitAgentTextListener leaves echo tty disabled if SIGINT/SIGTERM If no password is typed into terminal during authentication raised by PolkitAgentTextListener, pkttyagent sends kill (it receives from systemctl/hostnamectl e.g.) without chance to restore echoing back on. This cannot be done in on_request() since it's run in a thread without guarantee the signal is distributed there. Origin: upstream, 0.116, commit:bfb722bbe5a503095cc7e860f282b142f5aa75f1 Gbp-Pq: Topic 0.116 Gbp-Pq: Name pkttyagent-PolkitAgentTextListener-leaves-echo-tty-disabl.patch --- src/programs/pkttyagent.c | 57 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 57 insertions(+) diff --git a/src/programs/pkttyagent.c b/src/programs/pkttyagent.c index fe747657..eaccc058 100644 --- a/src/programs/pkttyagent.c +++ b/src/programs/pkttyagent.c @@ -24,6 +24,10 @@ #endif #include +#include +#include +#include +#include #include #define POLKIT_AGENT_I_KNOW_API_IS_SUBJECT_TO_CHANGE #include @@ -47,6 +51,36 @@ usage (int argc, char *argv[]) } +static volatile sig_atomic_t tty_flags_saved; +struct termios ts; +FILE *tty = NULL; +struct sigaction savesigterm, savesigint, savesigtstp; + + +static void tty_handler(int signal) +{ + switch (signal) + { + case SIGTERM: + sigaction (SIGTERM, &savesigterm, NULL); + break; + case SIGINT: + sigaction (SIGINT, &savesigint, NULL); + break; + case SIGTSTP: + sigaction (SIGTSTP, &savesigtstp, NULL); + break; + } + + if (tty_flags_saved) + { + tcsetattr (fileno (tty), TCSAFLUSH, &ts); + } + + kill(getpid(), signal); +} + + int main (int argc, char *argv[]) { @@ -64,6 +98,8 @@ main (int argc, char *argv[]) guint ret = 126; gint notify_fd = -1; GVariantBuilder builder; + struct sigaction sa; + const char *tty_name = NULL; g_type_init (); @@ -232,6 +268,27 @@ main (int argc, char *argv[]) } } +/* Bash leaves tty echo disabled if SIGINT/SIGTERM comes to polkitagenttextlistener.c::on_request(), + but due to threading the handlers cannot take care of the signal there. + Though if controlling terminal cannot be found, the world won't stop spinning. +*/ + tty_name = ctermid(NULL); + if (tty_name != NULL) + { + tty = fopen(tty_name, "r+"); + } + + if (tty != NULL && !tcgetattr (fileno (tty), &ts)) + { + tty_flags_saved = TRUE; + } + + memset (&sa, 0, sizeof (sa)); + sa.sa_handler = &tty_handler; + sigaction (SIGTERM, &sa, &savesigterm); + sigaction (SIGINT, &sa, &savesigint); + sigaction (SIGTSTP, &sa, &savesigtstp); + loop = g_main_loop_new (NULL, FALSE); g_main_loop_run (loop); -- cgit v1.2.3 From ff40bb0a19e86fb3d67aca6baad2dc78f10b767c Mon Sep 17 00:00:00 2001 From: Michael Biebl Date: Tue, 2 Oct 2007 22:38:04 +0200 Subject: Use Debian's common-* PAM infrastructure, plus pam_env Forwarded: no, Debian-specific Gbp-Pq: Name 01_pam_polkit.patch --- data/polkit-1.in | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/data/polkit-1.in b/data/polkit-1.in index 142dadd3..6f8af2a0 100644 --- a/data/polkit-1.in +++ b/data/polkit-1.in @@ -1,6 +1,8 @@ #%PAM-1.0 -auth include @PAM_FILE_INCLUDE_AUTH@ -account include @PAM_FILE_INCLUDE_ACCOUNT@ -password include @PAM_FILE_INCLUDE_PASSWORD@ -session include @PAM_FILE_INCLUDE_SESSION@ +@include common-auth +@include common-account +@include common-password +session required pam_env.so readenv=1 user_readenv=0 +session required pam_env.so readenv=1 envfile=/etc/default/locale user_readenv=0 +@include common-session-noninteractive -- cgit v1.2.3 From 7a390ccc12b02d8f493ba9b6c59fa497ddd49c41 Mon Sep 17 00:00:00 2001 From: Robert Ancell Date: Wed, 18 Aug 2010 16:26:15 +1000 Subject: Use gettext for translations in .policy files Bug: http://bugs.freedesktop.org/show_bug.cgi?id=29639 Bug-Ubuntu: https://launchpad.net/bugs/619632 Gbp-Pq: Name 02_gettext.patch --- src/polkitbackend/polkitbackendactionpool.c | 49 +++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) diff --git a/src/polkitbackend/polkitbackendactionpool.c b/src/polkitbackend/polkitbackendactionpool.c index b16ed2f9..3b0e4008 100644 --- a/src/polkitbackend/polkitbackendactionpool.c +++ b/src/polkitbackend/polkitbackendactionpool.c @@ -24,6 +24,8 @@ #include #include #include +#include +#include #include #include @@ -44,7 +46,9 @@ typedef struct gchar *vendor_url; gchar *icon_name; gchar *description; + gchar *description_domain; gchar *message; + gchar *message_domain; PolkitImplicitAuthorization implicit_authorization_any; PolkitImplicitAuthorization implicit_authorization_inactive; @@ -65,7 +69,9 @@ parsed_action_free (ParsedAction *action) g_free (action->vendor_url); g_free (action->icon_name); g_free (action->description); + g_free (action->description_domain); g_free (action->message); + g_free (action->message_domain); g_hash_table_unref (action->localized_description); g_hash_table_unref (action->localized_message); @@ -85,6 +91,7 @@ static void ensure_all_files (PolkitBackendActionPool *pool); static const gchar *_localize (GHashTable *translations, const gchar *untranslated, + const gchar *domain, const gchar *lang); typedef struct @@ -385,9 +392,11 @@ polkit_backend_action_pool_get_action (PolkitBackendActionPool *pool, description = _localize (parsed_action->localized_description, parsed_action->description, + parsed_action->description_domain, locale); message = _localize (parsed_action->localized_message, parsed_action->message, + parsed_action->message_domain, locale); ret = polkit_action_description_new (action_id, @@ -603,11 +612,16 @@ typedef struct { GHashTable *policy_messages; char *policy_description_nolang; + char *policy_description_domain; char *policy_message_nolang; + char *policy_message_domain; /* the value of xml:lang for the thing we're reading in _cdata() */ char *elem_lang; + /* the value of gettext-domain for the thing we're reading in _cdata() */ + char *elem_domain; + char *annotate_key; GHashTable *annotations; @@ -629,8 +643,12 @@ pd_unref_action_data (ParserData *pd) g_free (pd->policy_description_nolang); pd->policy_description_nolang = NULL; + g_free (pd->policy_description_domain); + pd->policy_description_domain = NULL; g_free (pd->policy_message_nolang); pd->policy_message_nolang = NULL; + g_free (pd->policy_message_domain); + pd->policy_message_domain = NULL; if (pd->policy_descriptions != NULL) { g_hash_table_unref (pd->policy_descriptions); @@ -650,6 +668,8 @@ pd_unref_action_data (ParserData *pd) } g_free (pd->elem_lang); pd->elem_lang = NULL; + g_free (pd->elem_domain); + pd->elem_domain = NULL; } static void @@ -737,6 +757,10 @@ _start (void *data, const char *el, const char **attr) { pd->elem_lang = g_strdup (attr[1]); } + if (num_attr == 2 && strcmp (attr[0], "gettext-domain") == 0) + { + pd->elem_domain = g_strdup (attr[1]); + } state = STATE_IN_ACTION_DESCRIPTION; } else if (strcmp (el, "message") == 0) @@ -745,6 +769,10 @@ _start (void *data, const char *el, const char **attr) { pd->elem_lang = g_strdup (attr[1]); } + if (num_attr == 2 && strcmp (attr[0], "gettext-domain") == 0) + { + pd->elem_domain = g_strdup (attr[1]); + } state = STATE_IN_ACTION_MESSAGE; } else if (strcmp (el, "vendor") == 0 && num_attr == 0) @@ -847,6 +875,7 @@ _cdata (void *data, const char *s, int len) { g_free (pd->policy_description_nolang); pd->policy_description_nolang = str; + pd->policy_description_domain = g_strdup (pd->elem_domain); str = NULL; } else @@ -863,6 +892,7 @@ _cdata (void *data, const char *s, int len) { g_free (pd->policy_message_nolang); pd->policy_message_nolang = str; + pd->policy_message_domain = g_strdup (pd->elem_domain); str = NULL; } else @@ -960,6 +990,8 @@ _end (void *data, const char *el) g_free (pd->elem_lang); pd->elem_lang = NULL; + g_free (pd->elem_domain); + pd->elem_domain = NULL; switch (pd->state) { @@ -990,7 +1022,9 @@ _end (void *data, const char *el) action->vendor_url = g_strdup (vendor_url); action->icon_name = g_strdup (icon_name); action->description = g_strdup (pd->policy_description_nolang); + action->description_domain = g_strdup (pd->policy_description_domain); action->message = g_strdup (pd->policy_message_nolang); + action->message_domain = g_strdup (pd->policy_message_domain); action->localized_description = pd->policy_descriptions; action->localized_message = pd->policy_messages; @@ -1093,6 +1127,7 @@ error: * _localize: * @translations: a mapping from xml:lang to the value, e.g. 'da' -> 'Smadre', 'en_CA' -> 'Punch, Aye!' * @untranslated: the untranslated value, e.g. 'Punch' + * @domain: the gettext domain for this string. Make be NULL. * @lang: the locale we're interested in, e.g. 'da_DK', 'da', 'en_CA', 'en_US'; basically just $LANG * with the encoding cut off. Maybe be NULL. * @@ -1103,11 +1138,25 @@ error: static const gchar * _localize (GHashTable *translations, const gchar *untranslated, + const gchar *domain, const gchar *lang) { const gchar *result; gchar **langs; guint n; + + if (domain != NULL) + { + gchar *old_locale; + + old_locale = g_strdup (setlocale (LC_ALL, NULL)); + setlocale (LC_ALL, lang); + result = dgettext (domain, untranslated); + setlocale (LC_ALL, old_locale); + g_free (old_locale); + + goto out; + } if (lang == NULL) { -- cgit v1.2.3 From 89c416ce05ea0f83f3017b4590ac865a16a0a578 Mon Sep 17 00:00:00 2001 From: Michael Biebl Date: Fri, 9 Dec 2011 00:31:21 +0100 Subject: Revert "Default to AdminIdentities=unix-group:wheel for local authority" This reverts commit 763faf434b445c20ae9529100d3ef5290976d0c9. On Red Hat derivatives, every member of group 'wheel' is necessarily privileged. On Debian derivatives, there is no wheel group, and gid 0 (root) is not used in this way. Change the default rule to consider uid 0 to be privileged, instead. On Red Hat derivatives, 50-default.rules is not preserved by upgrades; on dpkg-based systems, it is a proper conffile and may be edited (at the sysadmin's own risk), so the comment about not editing it is misleading. [smcv: added longer explanation of why we make this change; remove unrelated cosmetic change to a man page] Forwarded: no, Debian-specific Gbp-Pq: Name 05_revert-admin-identities-unix-group-wheel.patch --- src/polkitbackend/50-localauthority.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/polkitbackend/50-localauthority.conf b/src/polkitbackend/50-localauthority.conf index 5e44bde0..20e0ba34 100644 --- a/src/polkitbackend/50-localauthority.conf +++ b/src/polkitbackend/50-localauthority.conf @@ -7,4 +7,4 @@ # [Configuration] -AdminIdentities=unix-group:wheel +AdminIdentities=unix-user:0 -- cgit v1.2.3 From 0bdd41219b8be86df21d168886f6073edb4ef640 Mon Sep 17 00:00:00 2001 From: Michael Biebl Date: Sat, 11 Feb 2012 23:48:29 +0100 Subject: Install systemd service file for polkitd. Forwarded: no, obsoleted by an upstream commit in 0.106 Gbp-Pq: Name 06_systemd-service.patch --- data/org.freedesktop.PolicyKit1.service.in | 1 + 1 file changed, 1 insertion(+) diff --git a/data/org.freedesktop.PolicyKit1.service.in b/data/org.freedesktop.PolicyKit1.service.in index b6cd02b6..fbceb3ff 100644 --- a/data/org.freedesktop.PolicyKit1.service.in +++ b/data/org.freedesktop.PolicyKit1.service.in @@ -2,3 +2,4 @@ Name=org.freedesktop.PolicyKit1 Exec=@libexecdir@/polkitd --no-debug User=root +SystemdService=polkit.service -- cgit v1.2.3 From 0a6ce45d25d3a87521014adebd25c88aaead465a Mon Sep 17 00:00:00 2001 From: Michael Biebl Date: Wed, 8 Jul 2015 02:08:33 +0200 Subject: Build against libsystemd Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779756 Forwarded: no, obsoleted by upstream commit 2291767a014f5a04a92ca6f0eb472794f212ca67 in 0.113 Gbp-Pq: Name 10_build-against-libsystemd.patch --- configure.ac | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/configure.ac b/configure.ac index 388605d2..f55ddb7f 100644 --- a/configure.ac +++ b/configure.ac @@ -160,7 +160,7 @@ AC_ARG_ENABLE([systemd], [enable_systemd=auto]) if test "$enable_systemd" != "no"; then PKG_CHECK_MODULES(SYSTEMD, - [libsystemd-login], + [libsystemd], have_systemd=yes, have_systemd=no) if test "$have_systemd" = "yes"; then @@ -171,7 +171,7 @@ if test "$enable_systemd" != "no"; then LIBS=$save_LIBS else if test "$enable_systemd" = "yes"; then - AC_MSG_ERROR([systemd support requested but libsystemd-login1 library not found]) + AC_MSG_ERROR([systemd support requested but libsystemd library not found]) fi fi fi -- cgit v1.2.3 From f860776288d94d212ba58aed9ac82ce293218fce Mon Sep 17 00:00:00 2001 From: Michael Biebl Date: Tue, 27 Nov 2018 18:36:27 +0100 Subject: Move D-Bus policy file to /usr/share/dbus-1/system.d/ To better support stateless systems with an empty /etc, the old location in /etc/dbus-1/system.d/ should only be used for local admin changes. Package provided D-Bus policy files are supposed to be installed in /usr/share/dbus-1/system.d/. This is supported since dbus 1.9.18. https://lists.freedesktop.org/archives/dbus/2015-July/016746.html https://gitlab.freedesktop.org/polkit/polkit/merge_requests/11 Gbp-Pq: Name Move-D-Bus-policy-file-to-usr-share-dbus-1-system.d.patch --- data/Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/Makefile.am b/data/Makefile.am index e1a60aad..3d874390 100644 --- a/data/Makefile.am +++ b/data/Makefile.am @@ -9,7 +9,7 @@ service_DATA = $(service_in_files:.service.in=.service) $(service_DATA): $(service_in_files) Makefile @sed -e "s|\@libexecdir\@|$(libexecdir)|" $< > $@ -dbusconfdir = $(sysconfdir)/dbus-1/system.d +dbusconfdir = $(datadir)/dbus-1/system.d dbusconf_DATA = org.freedesktop.PolicyKit1.conf if POLKIT_AUTHFW_PAM -- cgit v1.2.3 From f4b762a2ab98aeee03e290fff28ee04801e958a2 Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Thu, 4 Jul 2019 14:12:44 +0100 Subject: Statically link libpolkit-backend1 into polkitd Nothing else in Debian depends on that library: in principle it was meant to be used for pluggable polkit backends, but those never actually happened, and the library's API was never declared stable. Similar to part of 0f830c76 "Nuke polkitbackend library, localauthority backend and extension system" upstream. Signed-off-by: Simon McVittie Gbp-Pq: Name Statically-link-libpolkit-backend1-into-polkitd.patch --- configure.ac | 1 - data/Makefile.am | 2 +- data/polkit-backend-1.pc.in | 11 ------ docs/man/polkit.xml | 6 --- docs/polkit/Makefile.am | 3 -- docs/polkit/polkit-1-docs.xml | 7 ---- docs/polkit/polkit-1-sections.txt | 80 --------------------------------------- docs/polkit/polkit-1.types | 9 ----- src/polkitbackend/Makefile.am | 13 +------ 9 files changed, 2 insertions(+), 130 deletions(-) delete mode 100644 data/polkit-backend-1.pc.in diff --git a/configure.ac b/configure.ac index f55ddb7f..abfdd1f3 100644 --- a/configure.ac +++ b/configure.ac @@ -439,7 +439,6 @@ actions/Makefile data/Makefile data/polkit-1 data/polkit-gobject-1.pc -data/polkit-backend-1.pc data/polkit-agent-1.pc src/Makefile src/polkit/Makefile diff --git a/data/Makefile.am b/data/Makefile.am index 3d874390..dad7c2f2 100644 --- a/data/Makefile.am +++ b/data/Makefile.am @@ -18,7 +18,7 @@ pam_DATA = polkit-1 endif pkgconfigdir = $(libdir)/pkgconfig -pkgconfig_DATA = polkit-gobject-1.pc polkit-backend-1.pc polkit-agent-1.pc +pkgconfig_DATA = polkit-gobject-1.pc polkit-agent-1.pc # ---------------------------------------------------------------------------------------------------- diff --git a/data/polkit-backend-1.pc.in b/data/polkit-backend-1.pc.in deleted file mode 100644 index 7f6197d9..00000000 --- a/data/polkit-backend-1.pc.in +++ /dev/null @@ -1,11 +0,0 @@ -prefix=@prefix@ -exec_prefix=@exec_prefix@ -libdir=@libdir@ -includedir=@includedir@ - -Name: polkit-backend-1 -Description: PolicyKit Backend API -Version: @VERSION@ -Libs: -L${libdir} -lpolkit-backend-1 -Cflags: -I${includedir}/polkit-1 -Requires: polkit-gobject-1 diff --git a/docs/man/polkit.xml b/docs/man/polkit.xml index 188c5141..7933779f 100644 --- a/docs/man/polkit.xml +++ b/docs/man/polkit.xml @@ -115,12 +115,6 @@ System Context | | PolicyKit D-Bus service. - - PolicyKit extensions and authority backends are implemented - using the - libpolkit-backend-1 library. - - See the developer diff --git a/docs/polkit/Makefile.am b/docs/polkit/Makefile.am index fd7123f6..c13372b4 100644 --- a/docs/polkit/Makefile.am +++ b/docs/polkit/Makefile.am @@ -31,8 +31,6 @@ INCLUDES = \ $(GIO_CFLAGS) \ -I$(top_srcdir)/src/polkit \ -I$(top_builddir)/src/polkit \ - -I$(top_srcdir)/src/polkitbackend \ - -I$(top_builddir)/src/polkitbackend \ -I$(top_srcdir)/src/polkitagent \ -I$(top_builddir)/src/polkitagent \ $(NULL) @@ -42,7 +40,6 @@ GTKDOC_LIBS = \ $(GLIB_LIBS) \ $(GIO_LIBS) \ $(top_builddir)/src/polkit/libpolkit-gobject-1.la \ - $(top_builddir)/src/polkitbackend/libpolkit-backend-1.la \ $(top_builddir)/src/polkitagent/libpolkit-agent-1.la \ $(NULL) diff --git a/docs/polkit/polkit-1-docs.xml b/docs/polkit/polkit-1-docs.xml index 21b3681e..ec04b263 100644 --- a/docs/polkit/polkit-1-docs.xml +++ b/docs/polkit/polkit-1-docs.xml @@ -47,13 +47,6 @@ - - Backend API Reference - - - - - Authentication Agent API Reference diff --git a/docs/polkit/polkit-1-sections.txt b/docs/polkit/polkit-1-sections.txt index 38810042..41b37e32 100644 --- a/docs/polkit/polkit-1-sections.txt +++ b/docs/polkit/polkit-1-sections.txt @@ -290,86 +290,6 @@ POLKIT_IS_DETAILS_CLASS POLKIT_DETAILS_GET_CLASS
-
-polkitbackendauthority -PolkitBackendAuthority -POLKIT_BACKEND_AUTHORITY_EXTENSION_POINT_NAME -PolkitBackendAuthority -PolkitBackendAuthorityClass -polkit_backend_authority_get_name -polkit_backend_authority_get_version -polkit_backend_authority_get_features -polkit_backend_authority_check_authorization -polkit_backend_authority_check_authorization_finish -polkit_backend_authority_register_authentication_agent -polkit_backend_authority_unregister_authentication_agent -polkit_backend_authority_authentication_agent_response -polkit_backend_authority_enumerate_actions -polkit_backend_authority_enumerate_temporary_authorizations -polkit_backend_authority_revoke_temporary_authorizations -polkit_backend_authority_revoke_temporary_authorization_by_id -polkit_backend_authority_get -polkit_backend_authority_register -polkit_backend_authority_unregister - -POLKIT_BACKEND_AUTHORITY -POLKIT_BACKEND_IS_AUTHORITY -POLKIT_BACKEND_TYPE_AUTHORITY -polkit_backend_authority_get_type -POLKIT_BACKEND_AUTHORITY_CLASS -POLKIT_BACKEND_IS_AUTHORITY_CLASS -POLKIT_BACKEND_AUTHORITY_GET_CLASS -
- -
-polkitbackendactionlookup -PolkitBackendActionLookup -POLKIT_BACKEND_ACTION_LOOKUP_EXTENSION_POINT_NAME -PolkitBackendActionLookup -PolkitBackendActionLookupIface -polkit_backend_action_lookup_get_message -polkit_backend_action_lookup_get_icon_name -polkit_backend_action_lookup_get_details - -POLKIT_BACKEND_ACTION_LOOKUP -POLKIT_BACKEND_IS_ACTION_LOOKUP -POLKIT_BACKEND_TYPE_ACTION_LOOKUP -polkit_backend_action_lookup_get_type -POLKIT_BACKEND_ACTION_LOOKUP_GET_IFACE -
- -
-polkitbackendlocalauthority -PolkitBackendLocalAuthority -PolkitBackendLocalAuthority -PolkitBackendLocalAuthorityClass - -POLKIT_BACKEND_LOCAL_AUTHORITY -POLKIT_BACKEND_IS_LOCAL_AUTHORITY -POLKIT_BACKEND_TYPE_LOCAL_AUTHORITY -polkit_backend_local_authority_get_type -POLKIT_BACKEND_LOCAL_AUTHORITY_CLASS -POLKIT_BACKEND_IS_LOCAL_AUTHORITY_CLASS -POLKIT_BACKEND_LOCAL_AUTHORITY_GET_CLASS -
- -
-polkitbackendinteractiveauthority -PolkitBackendInteractiveAuthority -PolkitBackendInteractiveAuthority -PolkitBackendInteractiveAuthorityClass -polkit_backend_interactive_authority_get_admin_identities -polkit_backend_interactive_authority_check_authorization_sync - -POLKIT_BACKEND_INTERACTIVE_AUTHORITY -POLKIT_BACKEND_IS_INTERACTIVE_AUTHORITY -POLKIT_BACKEND_TYPE_INTERACTIVE_AUTHORITY -polkit_backend_interactive_authority_get_type -POLKIT_BACKEND_INTERACTIVE_AUTHORITY_CLASS -POLKIT_BACKEND_IS_INTERACTIVE_AUTHORITY_CLASS -POLKIT_BACKEND_INTERACTIVE_AUTHORITY_GET_CLASS -
-
polkitagentsession PolkitAgentSession diff --git a/docs/polkit/polkit-1.types b/docs/polkit/polkit-1.types index b1e13cc5..6354d125 100644 --- a/docs/polkit/polkit-1.types +++ b/docs/polkit/polkit-1.types @@ -16,15 +16,6 @@ polkit_authorization_result_get_type polkit_temporary_authorization_get_type polkit_permission_get_type -polkit_backend_authority_get_type -polkit_backend_interactive_authority_get_type -polkit_backend_local_authority_get_type -polkit_backend_action_lookup_get_type -polkit_backend_action_pool_get_type -polkit_backend_session_monitor_get_type -polkit_backend_config_source_get_type -polkit_backend_local_authorization_store_get_type - polkit_agent_session_get_type polkit_agent_listener_get_type polkit_agent_text_listener_get_type diff --git a/src/polkitbackend/Makefile.am b/src/polkitbackend/Makefile.am index b91cafa9..cb25a6b5 100644 --- a/src/polkitbackend/Makefile.am +++ b/src/polkitbackend/Makefile.am @@ -16,18 +16,7 @@ INCLUDES = \ -D_REENTRANT \ $(NULL) -lib_LTLIBRARIES=libpolkit-backend-1.la - -libpolkit_backend_1includedir=$(includedir)/polkit-1/polkitbackend - -libpolkit_backend_1include_HEADERS = \ - polkitbackend.h \ - polkitbackendtypes.h \ - polkitbackendauthority.h \ - polkitbackendinteractiveauthority.h \ - polkitbackendlocalauthority.h \ - polkitbackendactionlookup.h \ - $(NULL) +noinst_LTLIBRARIES=libpolkit-backend-1.la libpolkit_backend_1_la_SOURCES = \ $(BUILT_SOURCES) \ -- cgit v1.2.3 From d2ca391ab414bae20e4992a745346d8945627d20 Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Thu, 4 Jul 2019 14:30:29 +0100 Subject: Remove example null backend There's no point in this now that we've removed the ability to extend polkit. Signed-off-by: Simon McVittie Gbp-Pq: Name Remove-example-null-backend.patch --- configure.ac | 1 - docs/polkit/overview.xml | 34 ---------------------------------- src/Makefile.am | 2 +- 3 files changed, 1 insertion(+), 36 deletions(-) diff --git a/configure.ac b/configure.ac index abfdd1f3..22b9a192 100644 --- a/configure.ac +++ b/configure.ac @@ -447,7 +447,6 @@ src/polkitagent/Makefile src/polkitd/Makefile src/programs/Makefile src/examples/Makefile -src/nullbackend/Makefile docs/version.xml docs/extensiondir.xml docs/Makefile diff --git a/docs/polkit/overview.xml b/docs/polkit/overview.xml index 8ddb34cc..92515794 100644 --- a/docs/polkit/overview.xml +++ b/docs/polkit/overview.xml @@ -91,38 +91,4 @@ information on standard output. - - - Extending polkit - - polkit exports a number of extension points to - replace/customize behavior of the polkit daemon. Note that - all extensions run with super user privileges in the same - process as the polkit daemon. - - - The polkit daemons loads extensions - from the &extensiondir; directory. See - the GIO Extension Point - documentation for more information about the extension - system used by polkit. - - - The following extension points are currently defined by - polkit: - - - - POLKIT_BACKEND_AUTHORITY_EXTENSION_POINT_NAME - - Allows replacing the Authority – the entity responsible for - making authorization decisions. Implementations of this - extension point must be derived from the - PolkitBackendAuthority class. See - the src/nullbackend/ directory in the - polkit sources for an example. - - - - diff --git a/src/Makefile.am b/src/Makefile.am index 28c7bfa8..3380fb2c 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -1,5 +1,5 @@ -SUBDIRS = polkit polkitbackend polkitagent polkitd nullbackend programs +SUBDIRS = polkit polkitbackend polkitagent polkitd programs if BUILD_EXAMPLES SUBDIRS += examples -- cgit v1.2.3 From e0a4e1f333f5b748f9be3f37eeeb66e96fcca08c Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Thu, 13 Jan 2022 05:34:44 +0000 Subject: local privilege escalation using polkit_system_bus_name_get_creds_sync() Origin: upstream Bug: https://gitlab.freedesktop.org/polkit/polkit/-/issues/140 Bug-Debian: https://bugs.debian.org/989429 Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2021-3560 Forwarded: not-needed Last-Update: 2021-06-03 Gbp-Pq: Name CVE-2021-3560.patch --- src/polkit/polkitsystembusname.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/polkit/polkitsystembusname.c b/src/polkit/polkitsystembusname.c index 8daa12cb..8ed13631 100644 --- a/src/polkit/polkitsystembusname.c +++ b/src/polkit/polkitsystembusname.c @@ -435,6 +435,9 @@ polkit_system_bus_name_get_creds_sync (PolkitSystemBusName *system_bus while (!((data.retrieved_uid && data.retrieved_pid) || data.caught_error)) g_main_context_iteration (tmp_context, TRUE); + if (data.caught_error) + goto out; + if (out_uid) *out_uid = data.uid; if (out_pid) -- cgit v1.2.3 From f114b13732437e94892b28533ffade2acd4db7cb Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Tue, 11 Jan 2022 23:18:04 +0100 Subject: [PATCH] Local Privilege Escalation in polkit's pkexec (CVE-2021-4034) [Salvatore Bonaccorso: Backport to 0.105: - Refresh for context changes - Drop help() printout in pkcheck, for versions before e8e18d180888 ("Don't spawn man for --help") in 0.111. Instead call usage(). It spawns a manpage, but pkcheck is not setuid root. ] Gbp-Pq: Name Local-Privilege-Escalation-in-polkit-s-pkexec-CVE-20.patch --- src/programs/pkcheck.c | 6 ++++++ src/programs/pkexec.c | 21 ++++++++++++++++++++- 2 files changed, 26 insertions(+), 1 deletion(-) diff --git a/src/programs/pkcheck.c b/src/programs/pkcheck.c index 057e926d..1747bd55 100644 --- a/src/programs/pkcheck.c +++ b/src/programs/pkcheck.c @@ -353,6 +353,12 @@ main (int argc, char *argv[]) local_agent_handle = NULL; ret = 126; + if (argc < 1) + { + usage (argc, argv); + exit(1); + } + g_type_init (); details = polkit_details_new (); diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c index abc660df..c73c58ba 100644 --- a/src/programs/pkexec.c +++ b/src/programs/pkexec.c @@ -475,6 +475,17 @@ main (int argc, char *argv[]) pid_t pid_of_caller; gpointer local_agent_handle; + + /* + * If 'pkexec' is called wrong, just show help and bail out. + */ + if (argc<1) + { + clearenv(); + usage (argc, argv); + exit(1); + } + ret = 127; authority = NULL; subject = NULL; @@ -591,7 +602,15 @@ main (int argc, char *argv[]) goto out; } g_free (path); - argv[n] = path = s; + path = s; + + /* argc<2 and pkexec runs just shell, argv is guaranteed to be null-terminated. + * /-less shell shouldn't happen, but let's be defensive and don't write to null-termination + */ + if (argv[n] != NULL) + { + argv[n] = path; + } } if (access (path, F_OK) != 0) { -- cgit v1.2.3 From 720c46f12e49537c0e20d2c27af7df4b96b4b032 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Wed, 6 Jun 2012 09:05:14 -0400 Subject: agenthelper-pam: Fix newline-trimming code First, we were using == instead of =, as the author probably intended. But after changing that, we're now assigning to const memory. Fix that by writing to a temporary string buffer. Signed-off-by: David Zeuthen Origin: upstream, 0.106, commit:14121fda7e4fa9463c66ce419cc32be7e7f3b535 Gbp-Pq: Topic 0.106 Gbp-Pq: Name agenthelper-pam-Fix-newline-trimming-code.patch --- src/polkitagent/polkitagenthelper-pam.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/src/polkitagent/polkitagenthelper-pam.c b/src/polkitagent/polkitagenthelper-pam.c index 85a26718..7af5321e 100644 --- a/src/polkitagent/polkitagenthelper-pam.c +++ b/src/polkitagent/polkitagenthelper-pam.c @@ -227,6 +227,8 @@ conversation_function (int n, const struct pam_message **msg, struct pam_respons char buf[PAM_MAX_RESP_SIZE]; int i; gchar *escaped = NULL; + gchar *tmp = NULL; + size_t len; data = data; if (n <= 0 || n > PAM_MAX_NUM_MSG) @@ -258,9 +260,12 @@ conversation_function (int n, const struct pam_message **msg, struct pam_respons #ifdef PAH_DEBUG fprintf (stderr, "polkit-agent-helper-1: writing `%s' to stdout\n", msg[i]->msg); #endif /* PAH_DEBUG */ - if (strlen (msg[i]->msg) > 0 && msg[i]->msg[strlen (msg[i]->msg) - 1] == '\n') - msg[i]->msg[strlen (msg[i]->msg) - 1] == '\0'; - escaped = g_strescape (msg[i]->msg, NULL); + tmp = g_strdup (msg[i]->msg); + len = strlen (tmp); + if (len > 0 && tmp[len - 1] == '\n') + tmp[len - 1] = '\0'; + escaped = g_strescape (tmp, NULL); + g_free (tmp); fputs (escaped, stdout); g_free (escaped); #ifdef PAH_DEBUG -- cgit v1.2.3 From 52f002ca990db89e02ee81d6981f056c6b2a28be Mon Sep 17 00:00:00 2001 From: Matthias Clasen Date: Wed, 27 Jun 2012 20:28:00 -0400 Subject: Try harder to look up the right localization The code for looking up localized strings for action descriptions was manually trying to break locale names into pieces, but didn't get it right for e.g. zh_CN.utf-8. Instead, use the GLib function g_get_locale_variants(), which handles this (and more). This fixes the translation problem reported in https://bugzilla.gnome.org/show_bug.cgi?id=665497 Signed-off-by: David Zeuthen (cherry picked from commit facadfb5c8c52ba45fd20ffe3b6d3ddd4208a427) Gbp-Pq: Topic 0.107 Gbp-Pq: Name Try-harder-to-look-up-the-right-localization.patch --- src/polkitbackend/polkitbackendactionpool.c | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/src/polkitbackend/polkitbackendactionpool.c b/src/polkitbackend/polkitbackendactionpool.c index e3ed38d4..0af00109 100644 --- a/src/polkitbackend/polkitbackendactionpool.c +++ b/src/polkitbackend/polkitbackendactionpool.c @@ -1108,7 +1108,7 @@ _localize (GHashTable *translations, const gchar *lang) { const gchar *result; - gchar lang2[256]; + gchar **langs; guint n; if (lang == NULL) @@ -1123,16 +1123,14 @@ _localize (GHashTable *translations, goto out; /* we could have a translation for 'da' but lang=='da_DK'; cut off the last part and try again */ - strncpy (lang2, lang, sizeof (lang2)); - for (n = 0; lang2[n] != '\0'; n++) + langs = g_get_locale_variants (lang); + for (n = 0; langs[n] != NULL; n++) { - if (lang2[n] == '_') - { - lang2[n] = '\0'; - break; - } + result = (const char *) g_hash_table_lookup (translations, (void *) langs[n]); + if (result != NULL) + break; } - result = (const char *) g_hash_table_lookup (translations, (void *) lang2); + g_strfreev (langs); if (result != NULL) goto out; -- cgit v1.2.3 From 20893f202468b6de47508811eb23c408122d7c46 Mon Sep 17 00:00:00 2001 From: Ryan Lortie Date: Tue, 13 Nov 2012 11:50:14 -0500 Subject: build: Fix .gir generation for parallel make As per the intructions in the introspection Makefile, we should have a line declaring a dependency between the .gir and .la files. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=57077 Signed-off-by: David Zeuthen Bug-Debian: https://bugs.debian.org/894205 Gbp-Pq: Topic 0.108 Gbp-Pq: Name build-Fix-.gir-generation-for-parallel-make.patch --- src/polkit/Makefile.am | 2 ++ src/polkitagent/Makefile.am | 2 ++ 2 files changed, 4 insertions(+) diff --git a/src/polkit/Makefile.am b/src/polkit/Makefile.am index 1068ea12..41ccf5c3 100644 --- a/src/polkit/Makefile.am +++ b/src/polkit/Makefile.am @@ -106,6 +106,8 @@ if HAVE_INTROSPECTION INTROSPECTION_GIRS = Polkit-1.0.gir +Polkit-1.0.gir: libpolkit-gobject-1.la + girdir = $(INTROSPECTION_GIRDIR) gir_DATA = Polkit-1.0.gir diff --git a/src/polkitagent/Makefile.am b/src/polkitagent/Makefile.am index e8c9fb1a..7b51137b 100644 --- a/src/polkitagent/Makefile.am +++ b/src/polkitagent/Makefile.am @@ -106,6 +106,8 @@ if HAVE_INTROSPECTION girdir = $(INTROSPECTION_GIRDIR) gir_DATA = PolkitAgent-1.0.gir +PolkitAgent-1.0.gir: libpolkit-agent-1.la + typelibsdir = $(INTROSPECTION_TYPELIBDIR) typelibs_DATA = PolkitAgent-1.0.typelib -- cgit v1.2.3 From c24eb1257f543e8c6eaeab27011f4f10a73dbeb6 Mon Sep 17 00:00:00 2001 From: Adam Jackson Date: Tue, 9 Oct 2012 14:08:24 -0400 Subject: PolkitAgent: Avoid crashing if initializing the server object fails Note that otherwise we return a freed server object. Since later in polkit_agent_listener_register_with_options we check against NULL to determine failure, this makes for sad times later when we call server_free() on it again. Signed-off-by: David Zeuthen Origin: 0.108, commit:59f2d96ce3ac63173669f299a9453a7bf5e70a70 Bug: https://bugs.freedesktop.org/show_bug.cgi?id=55776 Bug-Debian: https://bugs.debian.org/923046 Gbp-Pq: Topic 0.108 Gbp-Pq: Name PolkitAgent-Avoid-crashing-if-initializing-the-server-obj.patch --- src/polkitagent/polkitagentlistener.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/polkitagent/polkitagentlistener.c b/src/polkitagent/polkitagentlistener.c index 0d97501a..5bddd035 100644 --- a/src/polkitagent/polkitagentlistener.c +++ b/src/polkitagent/polkitagentlistener.c @@ -260,10 +260,9 @@ server_new (PolkitSubject *subject, if (!server_init_sync (server, cancellable, error)) { server_free (server); - goto out; + return NULL; } - out: return server; } -- cgit v1.2.3 From 12871b82f3fb06998d7f5875f801662abdc6343c Mon Sep 17 00:00:00 2001 From: David Zeuthen Date: Wed, 19 Dec 2012 14:28:29 -0500 Subject: Set XAUTHORITY environment variable if is unset The way it works is that if XAUTHORITY is unset, then its default value is $HOME/.Xauthority. But since we're changing user identity this will not work since $HOME will now change. Therefore, if XAUTHORITY is unset, just set its default value before changing identity. This bug only affected login managers using X Window Authorization but not explicitly setting the XAUTHORITY variable. You can argue that XAUTHORITY is broken since it forces uid-changing apps like pkexec(1) to do more work - and get involved in intimate details of how X works and so on - but that doesn't change how things work. Based on a patch from Peter Wu . Bug: https://bugs.freedesktop.org/show_bug.cgi?id=51623 Signed-off-by: David Zeuthen Origin: upstream, 0.110, commit:d6acecdd0ebb42e28ff28e04e0207cb01fa20910 Gbp-Pq: Topic 0.110 Gbp-Pq: Name 07_set-XAUTHORITY-environment-variable-if-unset.patch --- src/programs/pkexec.c | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c index 373977b8..7fafa14d 100644 --- a/src/programs/pkexec.c +++ b/src/programs/pkexec.c @@ -597,6 +597,28 @@ main (int argc, char *argv[]) g_ptr_array_add (saved_env, g_strdup (value)); } + /* $XAUTHORITY is "special" - if unset, we need to set it to ~/.Xauthority. Yes, + * this is broken but it's unfortunately how things work (see fdo #51623 for + * details) + */ + if (g_getenv ("XAUTHORITY") == NULL) + { + const gchar *home; + + /* pre-2.36 GLib does not examine $HOME (it always looks in /etc/passwd) and + * this is not what we want + */ + home = g_getenv ("HOME"); + if (home == NULL) + home = g_get_home_dir (); + + if (home != NULL) + { + g_ptr_array_add (saved_env, g_strdup ("XAUTHORITY")); + g_ptr_array_add (saved_env, g_build_filename (home, ".Xauthority", NULL)); + } + } + /* Nuke the environment to get a well-known and sanitized environment to avoid attacks * via e.g. the DBUS_SYSTEM_BUS_ADDRESS environment variable and similar. */ -- cgit v1.2.3 From 4a19bd4914a7ab995bea49da98ac756997fc6932 Mon Sep 17 00:00:00 2001 From: Emilio Pozuelo Monfort Date: Sat, 26 Mar 2011 07:28:14 +0000 Subject: Fix build on GNU Hurd Bug: https://bugs.freedesktop.org/show_bug.cgi?id=35685 Applied-upstream: 0.110, commit:d6de13e12379826af8ca9355a32da48707b9831f Gbp-Pq: Topic 0.110 Gbp-Pq: Name 04_get_cwd.patch --- src/programs/pkexec.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c index 7fafa14d..682fe954 100644 --- a/src/programs/pkexec.c +++ b/src/programs/pkexec.c @@ -53,7 +53,7 @@ #include static gchar *original_user_name = NULL; -static gchar original_cwd[PATH_MAX]; +static gchar *original_cwd; static gchar *command_line = NULL; static struct passwd *pw; @@ -465,7 +465,7 @@ main (int argc, char *argv[]) goto out; } - if (getcwd (original_cwd, sizeof (original_cwd)) == NULL) + if ((original_cwd = g_get_current_dir ()) == NULL) { g_printerr ("Error getting cwd: %s\n", g_strerror (errno)); @@ -953,6 +953,7 @@ main (int argc, char *argv[]) g_ptr_array_free (saved_env, TRUE); } + g_free (original_cwd); g_free (path); g_free (command_line); g_free (opt_user); -- cgit v1.2.3 From 0884bb4583bceb897eee98b8837155e8eb140e33 Mon Sep 17 00:00:00 2001 From: Steve Langasek Date: Fri, 8 Mar 2013 12:00:00 +0100 Subject: pkexec: Set process environment from pam_getenvlist() Various pam modules provide environment variables that are intended to be set in the environment of the pam session. pkexec needs to process the output of pam_getenvlist() to get these. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=62016 Applied-upstream: 0.111, commit:5aef9722c15a350fbf8b20a3b58419f156cc7c98 Bug-Ubuntu: https://bugs.launchpad.net/bugs/982684 Gbp-Pq: Topic 0.111 Gbp-Pq: Name 09_pam_environment.patch --- src/programs/pkexec.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c index 682fe954..9a0570a3 100644 --- a/src/programs/pkexec.c +++ b/src/programs/pkexec.c @@ -145,6 +145,7 @@ open_session (const gchar *user_to_auth) gboolean ret; gint rc; pam_handle_t *pam_h; + char **envlist; struct pam_conv conversation; ret = FALSE; @@ -176,6 +177,15 @@ open_session (const gchar *user_to_auth) ret = TRUE; + envlist = pam_getenvlist (pam_h); + if (envlist != NULL) + { + guint n; + for (n = 0; envlist[n]; n++) + putenv (envlist[n]); + free (envlist); + } + out: if (pam_h != NULL) pam_end (pam_h, rc); -- cgit v1.2.3 From d1b5d40c228c02d1497b88c05c8bfca38a772f78 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Thu, 18 Apr 2013 19:54:59 +0200 Subject: Add a FIXME to polkitprivate.h See discussion in https://bugs.freedesktop.org/show_bug.cgi?id=63573 . Origin: upstream, 0.111, commit:18d97c95c022bb381efab8fb6ac80312bd7fbc11 Gbp-Pq: Topic 0.111 Gbp-Pq: Name Add-a-FIXME-to-polkitprivate.h.patch --- src/polkit/polkitprivate.h | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/src/polkit/polkitprivate.h b/src/polkit/polkitprivate.h index 579cc253..7f5c4634 100644 --- a/src/polkit/polkitprivate.h +++ b/src/polkit/polkitprivate.h @@ -28,6 +28,16 @@ #include "polkitauthorizationresult.h" #include "polkittemporaryauthorization.h" +/* FIXME: This header file is currently installed among other public header + files, and the symbols are exported in the shared library. + + For application writers: relying on any function here is strongly + discouraged. + + For polkit maintainers: This should be made private if a large ABI break + were necessary in the future. In the meantime, consider that there is + non-zero risk that changing these functions might break some applications. */ + PolkitActionDescription *polkit_action_description_new_for_gvariant (GVariant *value); GVariant *polkit_action_description_to_gvariant (PolkitActionDescription *action_description); -- cgit v1.2.3 From 0d759f3ae254beb18f95564293891a9fa9fb6317 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Tue, 7 May 2013 22:30:25 +0200 Subject: Fix a memory leak Bug: https://bugs.freedesktop.org/show_bug.cgi?id=64336 Origin: upstream, 0.111, commit:d7b6ab40b586c255c49aba22f558eb6602c88b1e Gbp-Pq: Topic 0.111 Gbp-Pq: Name Fix-a-memory-leak.patch --- src/polkitagent/polkitagenthelper-pam.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/polkitagent/polkitagenthelper-pam.c b/src/polkitagent/polkitagenthelper-pam.c index 7af5321e..292abbe4 100644 --- a/src/polkitagent/polkitagenthelper-pam.c +++ b/src/polkitagent/polkitagenthelper-pam.c @@ -321,6 +321,7 @@ error: } } memset (aresp, 0, n * sizeof *aresp); + free (aresp); *resp = NULL; return PAM_CONV_ERR; } -- cgit v1.2.3 From 6f52d5dbf74fe22782968cd552de12f2c8aa139a Mon Sep 17 00:00:00 2001 From: Tomas Bzatek Date: Wed, 29 May 2013 13:45:31 +0000 Subject: Use GOnce for interface type registration Static local variable may not be enough since it doesn't provide locking. Related to these udisksd warnings: GLib-GObject-WARNING **: cannot register existing type `PolkitSubject' Thanks to Hans de Goede for spotting this! Bug: https://bugs.freedesktop.org/show_bug.cgi?id=65130 Origin: upstream, 0.112, commit:20ad116a6582e57d20f9d8197758947918753a4c Gbp-Pq: Topic 0.112 Gbp-Pq: Name 00git_type_registration.patch --- src/polkit/polkitidentity.c | 10 ++++++---- src/polkit/polkitsubject.c | 10 ++++++---- src/polkitbackend/polkitbackendactionlookup.c | 10 ++++++---- 3 files changed, 18 insertions(+), 12 deletions(-) diff --git a/src/polkit/polkitidentity.c b/src/polkit/polkitidentity.c index dd15b2f9..7813c2c0 100644 --- a/src/polkit/polkitidentity.c +++ b/src/polkit/polkitidentity.c @@ -49,9 +49,9 @@ base_init (gpointer g_iface) GType polkit_identity_get_type (void) { - static GType iface_type = 0; + static volatile gsize g_define_type_id__volatile = 0; - if (iface_type == 0) + if (g_once_init_enter (&g_define_type_id__volatile)) { static const GTypeInfo info = { @@ -67,12 +67,14 @@ polkit_identity_get_type (void) NULL /* value_table */ }; - iface_type = g_type_register_static (G_TYPE_INTERFACE, "PolkitIdentity", &info, 0); + GType iface_type = + g_type_register_static (G_TYPE_INTERFACE, "PolkitIdentity", &info, 0); g_type_interface_add_prerequisite (iface_type, G_TYPE_OBJECT); + g_once_init_leave (&g_define_type_id__volatile, iface_type); } - return iface_type; + return g_define_type_id__volatile; } /** diff --git a/src/polkit/polkitsubject.c b/src/polkit/polkitsubject.c index d2c4c205..aed57951 100644 --- a/src/polkit/polkitsubject.c +++ b/src/polkit/polkitsubject.c @@ -50,9 +50,9 @@ base_init (gpointer g_iface) GType polkit_subject_get_type (void) { - static GType iface_type = 0; + static volatile gsize g_define_type_id__volatile = 0; - if (iface_type == 0) + if (g_once_init_enter (&g_define_type_id__volatile)) { static const GTypeInfo info = { @@ -68,12 +68,14 @@ polkit_subject_get_type (void) NULL /* value_table */ }; - iface_type = g_type_register_static (G_TYPE_INTERFACE, "PolkitSubject", &info, 0); + GType iface_type = + g_type_register_static (G_TYPE_INTERFACE, "PolkitSubject", &info, 0); g_type_interface_add_prerequisite (iface_type, G_TYPE_OBJECT); + g_once_init_leave (&g_define_type_id__volatile, iface_type); } - return iface_type; + return g_define_type_id__volatile; } /** diff --git a/src/polkitbackend/polkitbackendactionlookup.c b/src/polkitbackend/polkitbackendactionlookup.c index 5a1a228a..20747e79 100644 --- a/src/polkitbackend/polkitbackendactionlookup.c +++ b/src/polkitbackend/polkitbackendactionlookup.c @@ -74,9 +74,9 @@ base_init (gpointer g_iface) GType polkit_backend_action_lookup_get_type (void) { - static GType iface_type = 0; + static volatile gsize g_define_type_id__volatile = 0; - if (iface_type == 0) + if (g_once_init_enter (&g_define_type_id__volatile)) { static const GTypeInfo info = { @@ -92,12 +92,14 @@ polkit_backend_action_lookup_get_type (void) NULL /* value_table */ }; - iface_type = g_type_register_static (G_TYPE_INTERFACE, "PolkitBackendActionLookup", &info, 0); + GType iface_type = + g_type_register_static (G_TYPE_INTERFACE, "PolkitBackendActionLookup", &info, 0); g_type_interface_add_prerequisite (iface_type, G_TYPE_OBJECT); + g_once_init_leave (&g_define_type_id__volatile, iface_type); } - return iface_type; + return g_define_type_id__volatile; } /** -- cgit v1.2.3 From 8050e475ac3797b7381544a53dd1a89dbd394c63 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Tue, 20 Aug 2013 15:15:31 -0400 Subject: polkitunixprocess: Deprecate racy APIs It's only safe for processes to be created with their owning uid, (without kernel support, which we don't have). Anything else is subject to clients exec()ing setuid binaries after the fact. Origin: upstream, 0.112, commit:08291789a1f99d4ab29c74c39344304bcca43023 Gbp-Pq: Topic 0.112 Gbp-Pq: Name 08_deprecate_racy_APIs.patch --- src/polkit/polkitunixprocess.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/polkit/polkitunixprocess.h b/src/polkit/polkitunixprocess.h index 531a57d6..f5ed1a73 100644 --- a/src/polkit/polkitunixprocess.h +++ b/src/polkit/polkitunixprocess.h @@ -47,7 +47,9 @@ typedef struct _PolkitUnixProcess PolkitUnixProcess; typedef struct _PolkitUnixProcessClass PolkitUnixProcessClass; GType polkit_unix_process_get_type (void) G_GNUC_CONST; +G_GNUC_DEPRECATED_FOR(polkit_unix_process_new_for_owner) PolkitSubject *polkit_unix_process_new (gint pid); +G_GNUC_DEPRECATED_FOR(polkit_unix_process_new_for_owner) PolkitSubject *polkit_unix_process_new_full (gint pid, guint64 start_time); PolkitSubject *polkit_unix_process_new_for_owner (gint pid, -- cgit v1.2.3 From 6dfa9281b9a8a232b011bb05ddb34e1762fcd7d2 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Mon, 19 Aug 2013 12:16:11 -0400 Subject: pkcheck: Support --process=pid,start-time,uid syntax too The uid is a new addition; this allows callers such as libvirt to close a race condition in reading the uid of the process talking to them. They can read it via getsockopt(SO_PEERCRED) or equivalent, rather than having pkcheck look at /proc later after the fact. Programs which invoke pkcheck but need to know beforehand (i.e. at compile time) whether or not it supports passing the uid can use: pkcheck_supports_uid=$($PKG_CONFIG --variable pkcheck_supports_uid polkit-gobject-1) test x$pkcheck_supports_uid = xyes Origin: upstream, 0.112, commit:3968411b0c7ba193f9b9276ec911692aec248608 Gbp-Pq: Topic 0.112 Gbp-Pq: Name cve-2013-4288.patch --- data/polkit-gobject-1.pc.in | 3 +++ docs/man/pkcheck.xml | 29 ++++++++++++++++++++--------- src/programs/pkcheck.c | 7 ++++++- 3 files changed, 29 insertions(+), 10 deletions(-) diff --git a/data/polkit-gobject-1.pc.in b/data/polkit-gobject-1.pc.in index c39677dd..5c4c6207 100644 --- a/data/polkit-gobject-1.pc.in +++ b/data/polkit-gobject-1.pc.in @@ -11,3 +11,6 @@ Version: @VERSION@ Libs: -L${libdir} -lpolkit-gobject-1 Cflags: -I${includedir}/polkit-1 Requires: gio-2.0 >= 2.18 glib-2.0 >= 2.18 +# Programs using pkcheck can use this to determine +# whether or not it can be passed a uid. +pkcheck_supports_uid=true diff --git a/docs/man/pkcheck.xml b/docs/man/pkcheck.xml index 6b8a8743..508447e2 100644 --- a/docs/man/pkcheck.xml +++ b/docs/man/pkcheck.xml @@ -55,6 +55,9 @@ pid,pid-start-time + + pid,pid-start-time,uid + @@ -90,7 +93,7 @@ DESCRIPTION pkcheck is used to check whether a process, specified by - either or , + either (see below) or , is authorized for action. The option can be used zero or more times to pass details about action. If is passed, pkcheck blocks @@ -160,17 +163,25 @@ KEY3=VALUE3 NOTES - Since process identifiers can be recycled, the caller should always use - pid,pid-start-time to specify the process - to check for authorization when using the option. - The value of pid-start-time - can be determined by consulting e.g. the + Do not use either the bare pid or + pid,start-time syntax forms for + . There are race conditions in both. + New code should always use + pid,pid-start-time,uid. The value of + start-time can be determined by + consulting e.g. the proc5 - file system depending on the operating system. If only pid - is passed to the option, then pkcheck - will look up the start time itself but note that this may be racy. + file system depending on the operating system. If fewer than 3 + arguments are passed, pkcheck will attempt to + look up them up internally, but note that this may be racy. + + + If your program is a daemon with e.g. a custom Unix domain + socket, you should determine the uid + parameter via operating system mechanisms such as + PEERCRED. diff --git a/src/programs/pkcheck.c b/src/programs/pkcheck.c index 719a36c4..057e926d 100644 --- a/src/programs/pkcheck.c +++ b/src/programs/pkcheck.c @@ -372,6 +372,7 @@ main (int argc, char *argv[]) else if (g_strcmp0 (argv[n], "--process") == 0 || g_strcmp0 (argv[n], "-p") == 0) { gint pid; + guint uid; guint64 pid_start_time; n++; @@ -381,7 +382,11 @@ main (int argc, char *argv[]) goto out; } - if (sscanf (argv[n], "%i,%" G_GUINT64_FORMAT, &pid, &pid_start_time) == 2) + if (sscanf (argv[n], "%i,%" G_GUINT64_FORMAT ",%u", &pid, &pid_start_time, &uid) == 3) + { + subject = polkit_unix_process_new_for_owner (pid, pid_start_time, uid); + } + else if (sscanf (argv[n], "%i,%" G_GUINT64_FORMAT, &pid, &pid_start_time) == 2) { subject = polkit_unix_process_new_full (pid, pid_start_time); } -- cgit v1.2.3 From 8a7fc8af90d850c33d54a0ebc45549eebc3d19d2 Mon Sep 17 00:00:00 2001 From: Rui Matos Date: Thu, 2 Mar 2017 14:50:31 +0100 Subject: polkitpermission: Fix a memory leak on authority changes Signed-off-by: Rui Matos Bug: https://bugs.freedesktop.org/show_bug.cgi?id=99741 Origin: upstream, 0.114, commit:df6488c0a5b2a6c7a2d4f6a55008263635c5571b Gbp-Pq: Topic 0.114 Gbp-Pq: Name polkitpermission-Fix-a-memory-leak-on-authority-changes.patch --- src/polkit/polkitpermission.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/polkit/polkitpermission.c b/src/polkit/polkitpermission.c index 22d195fc..be794cb3 100644 --- a/src/polkit/polkitpermission.c +++ b/src/polkit/polkitpermission.c @@ -454,6 +454,7 @@ changed_check_cb (GObject *source_object, if (result != NULL) { process_result (permission, result); + g_object_unref (result); } else { -- cgit v1.2.3 From 056ee363f44ab929c35c84ad372278f8c1488bc4 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Sat, 9 Nov 2013 13:48:21 -0500 Subject: Port internals non-deprecated PolkitProcess API where possible We can't port everything, but in PolkitPermission and these test cases, we can use _for_owner() with the right information. [smcv: drop the part that touches test/polkitbackend/test-polkitbackendjsauthority.c which is not in this branch] Origin: upstream, 0.113, commit:6d3d0a8ffb0fd8ae59eb35593b305ec87da8858d Gbp-Pq: Topic 0.113 Gbp-Pq: Name Port-internals-non-deprecated-PolkitProcess-API-wher.patch --- src/polkit/polkitpermission.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/polkit/polkitpermission.c b/src/polkit/polkitpermission.c index be794cb3..f264094d 100644 --- a/src/polkit/polkitpermission.c +++ b/src/polkit/polkitpermission.c @@ -122,7 +122,7 @@ polkit_permission_constructed (GObject *object) PolkitPermission *permission = POLKIT_PERMISSION (object); if (permission->subject == NULL) - permission->subject = polkit_unix_process_new (getpid ()); + permission->subject = polkit_unix_process_new_for_owner (getpid (), 0, getuid ()); if (G_OBJECT_CLASS (polkit_permission_parent_class)->constructed != NULL) G_OBJECT_CLASS (polkit_permission_parent_class)->constructed (object); -- cgit v1.2.3 From 14ae6deb4f3f7fed9fe7818a3a9b6a3bc89b6da3 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Thu, 21 Nov 2013 17:39:37 -0500 Subject: pkexec: Work around systemd injecting broken XDG_RUNTIME_DIR This workaround isn't too much code, and it's often better to fix bugs in two places anyways. For more information: See https://bugzilla.redhat.com/show_bug.cgi?id=753882 See http://lists.freedesktop.org/archives/systemd-devel/2013-November/014370.html Origin: upstream, 0.113, commit:8635ffc16aeff6a07d675f861fe0dea03ea81d7e Gbp-Pq: Topic 0.113 Gbp-Pq: Name pkexec-Work-around-systemd-injecting-broken-XDG_RUNT.patch --- src/programs/pkexec.c | 33 ++++++++++++++++++++++++++++++--- 1 file changed, 30 insertions(+), 3 deletions(-) diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c index 9a0570a3..5e990443 100644 --- a/src/programs/pkexec.c +++ b/src/programs/pkexec.c @@ -139,8 +139,22 @@ pam_conversation_function (int n, return PAM_CONV_ERR; } +/* A work around for: + * https://bugzilla.redhat.com/show_bug.cgi?id=753882 + */ +static gboolean +xdg_runtime_dir_is_owned_by (const char *path, + uid_t target_uid) +{ + struct stat stbuf; + + return stat (path, &stbuf) == 0 && + stbuf.st_uid == target_uid; +} + static gboolean -open_session (const gchar *user_to_auth) +open_session (const gchar *user_to_auth, + uid_t target_uid) { gboolean ret; gint rc; @@ -182,7 +196,19 @@ open_session (const gchar *user_to_auth) { guint n; for (n = 0; envlist[n]; n++) - putenv (envlist[n]); + { + const char *envitem = envlist[n]; + + if (g_str_has_prefix (envitem, "XDG_RUNTIME_DIR=")) + { + const char *eq = strchr (envitem, '='); + g_assert (eq); + if (!xdg_runtime_dir_is_owned_by (eq + 1, target_uid)) + continue; + } + + putenv (envlist[n]); + } free (envlist); } @@ -892,7 +918,8 @@ main (int argc, char *argv[]) * As evident above, neither su(1) (and, for that matter, nor sudo(8)) does this. */ #ifdef POLKIT_AUTHFW_PAM - if (!open_session (pw->pw_name)) + if (!open_session (pw->pw_name, + pw->pw_uid)) { goto out; } -- cgit v1.2.3 From d76e66f354ca85cc23da42c32fd9d1c7ef984bef Mon Sep 17 00:00:00 2001 From: Rui Matos Date: Thu, 6 Feb 2014 18:41:18 +0100 Subject: PolkitAgentSession: fix race between child and io watches The helper flushes and fdatasyncs stdout and stderr before terminating but this doesn't guarantee that our io watch is called before our child watch. This means that we can end up with a successful return from the helper which we still report as a failure. If we add G_IO_HUP and G_IO_ERR to the conditions we look for in the io watch and the child terminates we still run the io watch handler which will complete the session. This means that the child watch is in fact needless and we can remove it. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=60847 Origin: upstream, 0.113, commit:7650ad1e08ab13bdb461783c4995d186d9392840 Bug: http://bugs.freedesktop.org/show_bug.cgi?id=30515 Bug-Ubuntu: https://launchpad.net/bugs/649939 Bug-Ubuntu: https://launchpad.net/bugs/445303 Gbp-Pq: Topic 0.113 Gbp-Pq: Name 03_PolkitAgentSession-fix-race-between-child-and-io-wat.patch --- src/polkitagent/polkitagentsession.c | 47 +++++++++--------------------------- 1 file changed, 11 insertions(+), 36 deletions(-) diff --git a/src/polkitagent/polkitagentsession.c b/src/polkitagent/polkitagentsession.c index 8129cd9f..a658a229 100644 --- a/src/polkitagent/polkitagentsession.c +++ b/src/polkitagent/polkitagentsession.c @@ -92,7 +92,6 @@ struct _PolkitAgentSession int child_stdout; GPid child_pid; - GSource *child_watch_source; GSource *child_stdout_watch_source; GIOChannel *child_stdout_channel; @@ -377,13 +376,6 @@ kill_helper (PolkitAgentSession *session) session->child_pid = 0; } - if (session->child_watch_source != NULL) - { - g_source_destroy (session->child_watch_source); - g_source_unref (session->child_watch_source); - session->child_watch_source = NULL; - } - if (session->child_stdout_watch_source != NULL) { g_source_destroy (session->child_stdout_watch_source); @@ -429,26 +421,6 @@ complete_session (PolkitAgentSession *session, } } -static void -child_watch_func (GPid pid, - gint status, - gpointer user_data) -{ - PolkitAgentSession *session = POLKIT_AGENT_SESSION (user_data); - - if (G_UNLIKELY (_show_debug ())) - { - g_print ("PolkitAgentSession: in child_watch_func for pid %d (WIFEXITED=%d WEXITSTATUS=%d)\n", - (gint) pid, - WIFEXITED(status), - WEXITSTATUS(status)); - } - - /* kill all the watches we have set up, except for the child since it has exited already */ - session->child_pid = 0; - complete_session (session, FALSE); -} - static gboolean io_watch_have_data (GIOChannel *channel, GIOCondition condition, @@ -475,10 +447,13 @@ io_watch_have_data (GIOChannel *channel, NULL, NULL, &error); - if (error != NULL) + if (error != NULL || line == NULL) { - g_warning ("Error reading line from helper: %s", error->message); - g_error_free (error); + /* In case we get just G_IO_HUP, line is NULL but error is + unset.*/ + g_warning ("Error reading line from helper: %s", + error ? error->message : "nothing to read"); + g_clear_error (&error); complete_session (session, FALSE); goto out; @@ -540,6 +515,9 @@ io_watch_have_data (GIOChannel *channel, g_free (line); g_free (unescaped); + if (condition & (G_IO_ERR | G_IO_HUP)) + complete_session (session, FALSE); + /* keep the IOChannel around */ return TRUE; } @@ -650,12 +628,9 @@ polkit_agent_session_initiate (PolkitAgentSession *session) if (G_UNLIKELY (_show_debug ())) g_print ("PolkitAgentSession: spawned helper with pid %d\n", (gint) session->child_pid); - session->child_watch_source = g_child_watch_source_new (session->child_pid); - g_source_set_callback (session->child_watch_source, (GSourceFunc) child_watch_func, session, NULL); - g_source_attach (session->child_watch_source, g_main_context_get_thread_default ()); - session->child_stdout_channel = g_io_channel_unix_new (session->child_stdout); - session->child_stdout_watch_source = g_io_create_watch (session->child_stdout_channel, G_IO_IN); + session->child_stdout_watch_source = g_io_create_watch (session->child_stdout_channel, + G_IO_IN | G_IO_ERR | G_IO_HUP); g_source_set_callback (session->child_stdout_watch_source, (GSourceFunc) io_watch_have_data, session, NULL); g_source_attach (session->child_stdout_watch_source, g_main_context_get_thread_default ()); -- cgit v1.2.3 From 684b16e6e4ada58632b64abb2b6bbca343fc0595 Mon Sep 17 00:00:00 2001 From: Lukasz Skalski Date: Tue, 22 Apr 2014 11:11:20 +0200 Subject: polkitd: Fix problem with removing non-existent source Bug: https://bugs.freedesktop.org/show_bug.cgi?id=77167 Applied-upstream: 0.113, commit:3ca4e00c7e003ea80aa96b499bc7cd83246d7108 Gbp-Pq: Topic 0.113 Gbp-Pq: Name polkitd-Fix-problem-with-removing-non-existent-sourc.patch --- src/polkitd/main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/polkitd/main.c b/src/polkitd/main.c index b21723f6..f18fb917 100644 --- a/src/polkitd/main.c +++ b/src/polkitd/main.c @@ -93,7 +93,7 @@ on_sigint (gpointer user_data) { g_print ("Handling SIGINT\n"); g_main_loop_quit (loop); - return FALSE; + return TRUE; } int -- cgit v1.2.3 From da9311217f1dd0db7e6262c5afffe2e1a1cea812 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Wed, 21 Aug 2013 12:23:55 -0400 Subject: PolkitSystemBusName: Add public API to retrieve Unix user And change the duplicated code in the backend session monitors to use it. This just a code cleanup resulting from review after CVE-2013-4288. There's no security impact from this patch, it just removes duplicated code. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=69538 Origin: upstream, 0.113, commit:904d8404d93dec45fce3b719eb1a626acc6b8a73 Gbp-Pq: Topic 0.113 Gbp-Pq: Name PolkitSystemBusName-Add-public-API-to-retrieve-Unix-.patch --- src/polkit/polkitsystembusname.c | 56 ++++++++++++++++++++++ src/polkit/polkitsystembusname.h | 4 ++ .../polkitbackendsessionmonitor-systemd.c | 20 +------- src/polkitbackend/polkitbackendsessionmonitor.c | 20 +------- 4 files changed, 62 insertions(+), 38 deletions(-) diff --git a/src/polkit/polkitsystembusname.c b/src/polkit/polkitsystembusname.c index 2a297c4a..51e4a694 100644 --- a/src/polkit/polkitsystembusname.c +++ b/src/polkit/polkitsystembusname.c @@ -25,6 +25,7 @@ #include #include "polkitsystembusname.h" +#include "polkitunixuser.h" #include "polkitsubject.h" #include "polkitprivate.h" @@ -396,3 +397,58 @@ polkit_system_bus_name_get_process_sync (PolkitSystemBusName *system_bus_name, return ret; } +/** + * polkit_system_bus_name_get_user_sync: + * @system_bus_name: A #PolkitSystemBusName. + * @cancellable: (allow-none): A #GCancellable or %NULL. + * @error: (allow-none): Return location for error or %NULL. + * + * Synchronously gets a #PolkitUnixUser object for @system_bus_name; + * the calling thread is blocked until a reply is received. + * + * Returns: (allow-none) (transfer full): A #PolkitUnixUser object or %NULL if @error is set. + **/ +PolkitUnixUser * +polkit_system_bus_name_get_user_sync (PolkitSystemBusName *system_bus_name, + GCancellable *cancellable, + GError **error) +{ + GDBusConnection *connection; + PolkitUnixUser *ret; + GVariant *result; + guint32 uid; + + g_return_val_if_fail (POLKIT_IS_SYSTEM_BUS_NAME (system_bus_name), NULL); + g_return_val_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable), NULL); + g_return_val_if_fail (error == NULL || *error == NULL, NULL); + + ret = NULL; + + connection = g_bus_get_sync (G_BUS_TYPE_SYSTEM, cancellable, error); + if (connection == NULL) + goto out; + + result = g_dbus_connection_call_sync (connection, + "org.freedesktop.DBus", /* name */ + "/org/freedesktop/DBus", /* object path */ + "org.freedesktop.DBus", /* interface name */ + "GetConnectionUnixUser", /* method */ + g_variant_new ("(s)", system_bus_name->name), + G_VARIANT_TYPE ("(u)"), + G_DBUS_CALL_FLAGS_NONE, + -1, + cancellable, + error); + if (result == NULL) + goto out; + + g_variant_get (result, "(u)", &uid); + g_variant_unref (result); + + ret = (PolkitUnixUser*)polkit_unix_user_new (uid); + + out: + if (connection != NULL) + g_object_unref (connection); + return ret; +} diff --git a/src/polkit/polkitsystembusname.h b/src/polkit/polkitsystembusname.h index 1fc464fc..38d31f71 100644 --- a/src/polkit/polkitsystembusname.h +++ b/src/polkit/polkitsystembusname.h @@ -56,6 +56,10 @@ PolkitSubject *polkit_system_bus_name_get_process_sync (PolkitSystemBusName GCancellable *cancellable, GError **error); +PolkitUnixUser * polkit_system_bus_name_get_user_sync (PolkitSystemBusName *system_bus_name, + GCancellable *cancellable, + GError **error); + G_END_DECLS #endif /* __POLKIT_SYSTEM_BUS_NAME_H */ diff --git a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c index 58593c32..01853105 100644 --- a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c +++ b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c @@ -277,25 +277,7 @@ polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor } else if (POLKIT_IS_SYSTEM_BUS_NAME (subject)) { - GVariant *result; - - result = g_dbus_connection_call_sync (monitor->system_bus, - "org.freedesktop.DBus", - "/org/freedesktop/DBus", - "org.freedesktop.DBus", - "GetConnectionUnixUser", - g_variant_new ("(s)", polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (subject))), - G_VARIANT_TYPE ("(u)"), - G_DBUS_CALL_FLAGS_NONE, - -1, /* timeout_msec */ - NULL, /* GCancellable */ - error); - if (result == NULL) - goto out; - g_variant_get (result, "(u)", &uid); - g_variant_unref (result); - - ret = polkit_unix_user_new (uid); + ret = (PolkitIdentity*)polkit_system_bus_name_get_user_sync (POLKIT_SYSTEM_BUS_NAME (subject), NULL, error); } else if (POLKIT_IS_UNIX_SESSION (subject)) { diff --git a/src/polkitbackend/polkitbackendsessionmonitor.c b/src/polkitbackend/polkitbackendsessionmonitor.c index 9c331b64..4075d3ff 100644 --- a/src/polkitbackend/polkitbackendsessionmonitor.c +++ b/src/polkitbackend/polkitbackendsessionmonitor.c @@ -306,25 +306,7 @@ polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor } else if (POLKIT_IS_SYSTEM_BUS_NAME (subject)) { - GVariant *result; - - result = g_dbus_connection_call_sync (monitor->system_bus, - "org.freedesktop.DBus", - "/org/freedesktop/DBus", - "org.freedesktop.DBus", - "GetConnectionUnixUser", - g_variant_new ("(s)", polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (subject))), - G_VARIANT_TYPE ("(u)"), - G_DBUS_CALL_FLAGS_NONE, - -1, /* timeout_msec */ - NULL, /* GCancellable */ - error); - if (result == NULL) - goto out; - g_variant_get (result, "(u)", &uid); - g_variant_unref (result); - - ret = polkit_unix_user_new (uid); + ret = (PolkitIdentity*)polkit_system_bus_name_get_user_sync (POLKIT_SYSTEM_BUS_NAME (subject)); } else if (POLKIT_IS_UNIX_SESSION (subject)) { -- cgit v1.2.3 From 218b9416ff727084406549cc4bb5cae61e193f3e Mon Sep 17 00:00:00 2001 From: Xabier Rodriguez Calvar Date: Sun, 10 Nov 2013 19:16:41 +0100 Subject: Fixed compilation problem in the backend Origin: upstream, 0.113, commit: dbbb7dc60abdd970af0a8fae404484181fa909c9 Bug-Debian: https://bugs.debian.org/798769 Gbp-Pq: Topic 0.113 Gbp-Pq: Name Fixed-compilation-problem-in-the-backend.patch --- src/polkitbackend/polkitbackendsessionmonitor.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/polkitbackend/polkitbackendsessionmonitor.c b/src/polkitbackend/polkitbackendsessionmonitor.c index 4075d3ff..05f51c58 100644 --- a/src/polkitbackend/polkitbackendsessionmonitor.c +++ b/src/polkitbackend/polkitbackendsessionmonitor.c @@ -306,7 +306,7 @@ polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor } else if (POLKIT_IS_SYSTEM_BUS_NAME (subject)) { - ret = (PolkitIdentity*)polkit_system_bus_name_get_user_sync (POLKIT_SYSTEM_BUS_NAME (subject)); + ret = (PolkitIdentity*)polkit_system_bus_name_get_user_sync (POLKIT_SYSTEM_BUS_NAME (subject), NULL, NULL); } else if (POLKIT_IS_UNIX_SESSION (subject)) { -- cgit v1.2.3 From 91fa60986ac060facb0a5ff722b850f3d485ada8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Mon, 11 Nov 2013 23:51:23 +0100 Subject: Don't discard error data returned by polkit_system_bus_name_get_user_sync Bug: https://bugs.freedesktop.org/show_bug.cgi?id=71458 Origin: upstream, 0.113, commit: 145d43b9c891f248ad68ebe597cb151a865bdb3a Bug-Debian: https://bugs.debian.org/798769 Gbp-Pq: Topic 0.113 Gbp-Pq: Name Don-t-discard-error-data-returned-by-polkit_system_b.patch --- src/polkitbackend/polkitbackendsessionmonitor.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/polkitbackend/polkitbackendsessionmonitor.c b/src/polkitbackend/polkitbackendsessionmonitor.c index 05f51c58..e1a9ab3a 100644 --- a/src/polkitbackend/polkitbackendsessionmonitor.c +++ b/src/polkitbackend/polkitbackendsessionmonitor.c @@ -306,7 +306,7 @@ polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor } else if (POLKIT_IS_SYSTEM_BUS_NAME (subject)) { - ret = (PolkitIdentity*)polkit_system_bus_name_get_user_sync (POLKIT_SYSTEM_BUS_NAME (subject), NULL, NULL); + ret = (PolkitIdentity*)polkit_system_bus_name_get_user_sync (POLKIT_SYSTEM_BUS_NAME (subject), NULL, error); } else if (POLKIT_IS_UNIX_SESSION (subject)) { -- cgit v1.2.3 From b85ba26a71169c4888d1117feb60f40ea652ad22 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Thu, 7 Nov 2013 15:57:50 -0500 Subject: sessionmonitor-systemd: Deduplicate code paths We had the code to go from pid -> session duplicated. If we have a PolkitSystemBusName, convert it to a PolkitUnixProcess. Then we can do PolkitUnixProcess -> pid -> session in one place. This is just a code cleanup. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=69538 Origin: upstream, 0.113, commit:26d0c0578211fb96fc8fe75572aa11ad6ecbf9b8 Gbp-Pq: Topic 0.113 Gbp-Pq: Name sessionmonitor-systemd-Deduplicate-code-paths.patch --- .../polkitbackendsessionmonitor-systemd.c | 63 ++++++++-------------- 1 file changed, 22 insertions(+), 41 deletions(-) diff --git a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c index 01853105..756b728a 100644 --- a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c +++ b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c @@ -313,61 +313,42 @@ polkit_backend_session_monitor_get_session_for_subject (PolkitBackendSessionMoni PolkitSubject *subject, GError **error) { - PolkitSubject *session; - - session = NULL; + PolkitUnixProcess *tmp_process = NULL; + PolkitUnixProcess *process = NULL; + PolkitSubject *session = NULL; + char *session_id = NULL; + pid_t pid; if (POLKIT_IS_UNIX_PROCESS (subject)) - { - gchar *session_id; - pid_t pid; - - pid = polkit_unix_process_get_pid (POLKIT_UNIX_PROCESS (subject)); - if (sd_pid_get_session (pid, &session_id) < 0) - goto out; - - session = polkit_unix_session_new (session_id); - free (session_id); - } + process = POLKIT_UNIX_PROCESS (subject); /* We already have a process */ else if (POLKIT_IS_SYSTEM_BUS_NAME (subject)) { - guint32 pid; - gchar *session_id; - GVariant *result; - - result = g_dbus_connection_call_sync (monitor->system_bus, - "org.freedesktop.DBus", - "/org/freedesktop/DBus", - "org.freedesktop.DBus", - "GetConnectionUnixProcessID", - g_variant_new ("(s)", polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (subject))), - G_VARIANT_TYPE ("(u)"), - G_DBUS_CALL_FLAGS_NONE, - -1, /* timeout_msec */ - NULL, /* GCancellable */ - error); - if (result == NULL) - goto out; - g_variant_get (result, "(u)", &pid); - g_variant_unref (result); - - if (sd_pid_get_session (pid, &session_id) < 0) - goto out; - - session = polkit_unix_session_new (session_id); - free (session_id); + /* Convert bus name to process */ + tmp_process = (PolkitUnixProcess*)polkit_system_bus_name_get_process_sync (POLKIT_SYSTEM_BUS_NAME (subject), NULL, error); + if (!tmp_process) + goto out; + process = tmp_process; } else { g_set_error (error, POLKIT_ERROR, POLKIT_ERROR_NOT_SUPPORTED, - "Cannot get user for subject of type %s", + "Cannot get session for subject of type %s", g_type_name (G_TYPE_FROM_INSTANCE (subject))); } - out: + /* Now do process -> pid -> session */ + g_assert (process != NULL); + pid = polkit_unix_process_get_pid (process); + if (sd_pid_get_session (pid, &session_id) < 0) + goto out; + + session = polkit_unix_session_new (session_id); + free (session_id); + out: + if (tmp_process) g_object_unref (tmp_process); return session; } -- cgit v1.2.3 From b1b5b8b29035a22d13565cf7d7584a8c134cf38b Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Sat, 9 Nov 2013 09:32:52 -0500 Subject: PolkitSystemBusName: Retrieve both pid and uid For polkit_system_bus_name_get_process_sync(), as pointed out by Miloslav Trmac, we can securely retrieve the owner uid as well from the system bus, rather than (racily) looking it up internally. This avoids use of a deprecated API. However, this is not a security fix because nothing in the polkit codebase itself actually retrieves the uid from the result of this API call. But, it might be useful in the future. Origin: upstream, 0.113, commit:bfa5036bfb93582c5a87c44b847957479d911e38 Gbp-Pq: Topic 0.113 Gbp-Pq: Name PolkitSystemBusName-Retrieve-both-pid-and-uid.patch --- src/polkit/polkitsystembusname.c | 171 +++++++++++++++++++++++++++------------ 1 file changed, 118 insertions(+), 53 deletions(-) diff --git a/src/polkit/polkitsystembusname.c b/src/polkit/polkitsystembusname.c index 51e4a694..8daa12cb 100644 --- a/src/polkit/polkitsystembusname.c +++ b/src/polkit/polkitsystembusname.c @@ -341,6 +341,116 @@ subject_iface_init (PolkitSubjectIface *subject_iface) /* ---------------------------------------------------------------------------------------------------- */ +typedef struct { + GError **error; + guint retrieved_uid : 1; + guint retrieved_pid : 1; + guint caught_error : 1; + + guint32 uid; + guint32 pid; +} AsyncGetBusNameCredsData; + +static void +on_retrieved_unix_uid_pid (GObject *src, + GAsyncResult *res, + gpointer user_data) +{ + AsyncGetBusNameCredsData *data = user_data; + GVariant *v; + + v = g_dbus_connection_call_finish ((GDBusConnection*)src, res, + data->caught_error ? NULL : data->error); + if (!v) + { + data->caught_error = TRUE; + } + else + { + guint32 value; + g_variant_get (v, "(u)", &value); + g_variant_unref (v); + if (!data->retrieved_uid) + { + data->retrieved_uid = TRUE; + data->uid = value; + } + else + { + g_assert (!data->retrieved_pid); + data->retrieved_pid = TRUE; + data->pid = value; + } + } +} + +static gboolean +polkit_system_bus_name_get_creds_sync (PolkitSystemBusName *system_bus_name, + guint32 *out_uid, + guint32 *out_pid, + GCancellable *cancellable, + GError **error) +{ + gboolean ret = FALSE; + AsyncGetBusNameCredsData data = { 0, }; + GDBusConnection *connection = NULL; + GMainContext *tmp_context = NULL; + + connection = g_bus_get_sync (G_BUS_TYPE_SYSTEM, cancellable, error); + if (connection == NULL) + goto out; + + data.error = error; + + tmp_context = g_main_context_new (); + g_main_context_push_thread_default (tmp_context); + + /* Do two async calls as it's basically as fast as one sync call. + */ + g_dbus_connection_call (connection, + "org.freedesktop.DBus", /* name */ + "/org/freedesktop/DBus", /* object path */ + "org.freedesktop.DBus", /* interface name */ + "GetConnectionUnixUser", /* method */ + g_variant_new ("(s)", system_bus_name->name), + G_VARIANT_TYPE ("(u)"), + G_DBUS_CALL_FLAGS_NONE, + -1, + cancellable, + on_retrieved_unix_uid_pid, + &data); + g_dbus_connection_call (connection, + "org.freedesktop.DBus", /* name */ + "/org/freedesktop/DBus", /* object path */ + "org.freedesktop.DBus", /* interface name */ + "GetConnectionUnixProcessID", /* method */ + g_variant_new ("(s)", system_bus_name->name), + G_VARIANT_TYPE ("(u)"), + G_DBUS_CALL_FLAGS_NONE, + -1, + cancellable, + on_retrieved_unix_uid_pid, + &data); + + while (!((data.retrieved_uid && data.retrieved_pid) || data.caught_error)) + g_main_context_iteration (tmp_context, TRUE); + + if (out_uid) + *out_uid = data.uid; + if (out_pid) + *out_pid = data.pid; + ret = TRUE; + out: + if (tmp_context) + { + g_main_context_pop_thread_default (tmp_context); + g_main_context_unref (tmp_context); + } + if (connection != NULL) + g_object_unref (connection); + return ret; +} + /** * polkit_system_bus_name_get_process_sync: * @system_bus_name: A #PolkitSystemBusName. @@ -357,43 +467,21 @@ polkit_system_bus_name_get_process_sync (PolkitSystemBusName *system_bus_name, GCancellable *cancellable, GError **error) { - GDBusConnection *connection; - PolkitSubject *ret; - GVariant *result; + PolkitSubject *ret = NULL; guint32 pid; + guint32 uid; g_return_val_if_fail (POLKIT_IS_SYSTEM_BUS_NAME (system_bus_name), NULL); g_return_val_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable), NULL); g_return_val_if_fail (error == NULL || *error == NULL, NULL); - ret = NULL; - - connection = g_bus_get_sync (G_BUS_TYPE_SYSTEM, cancellable, error); - if (connection == NULL) + if (!polkit_system_bus_name_get_creds_sync (system_bus_name, &uid, &pid, + cancellable, error)) goto out; - result = g_dbus_connection_call_sync (connection, - "org.freedesktop.DBus", /* name */ - "/org/freedesktop/DBus", /* object path */ - "org.freedesktop.DBus", /* interface name */ - "GetConnectionUnixProcessID", /* method */ - g_variant_new ("(s)", system_bus_name->name), - G_VARIANT_TYPE ("(u)"), - G_DBUS_CALL_FLAGS_NONE, - -1, - cancellable, - error); - if (result == NULL) - goto out; - - g_variant_get (result, "(u)", &pid); - g_variant_unref (result); - - ret = polkit_unix_process_new (pid); + ret = polkit_unix_process_new_for_owner (pid, 0, uid); out: - if (connection != NULL) - g_object_unref (connection); return ret; } @@ -413,42 +501,19 @@ polkit_system_bus_name_get_user_sync (PolkitSystemBusName *system_bus_name, GCancellable *cancellable, GError **error) { - GDBusConnection *connection; - PolkitUnixUser *ret; - GVariant *result; + PolkitUnixUser *ret = NULL; guint32 uid; g_return_val_if_fail (POLKIT_IS_SYSTEM_BUS_NAME (system_bus_name), NULL); g_return_val_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable), NULL); g_return_val_if_fail (error == NULL || *error == NULL, NULL); - ret = NULL; - - connection = g_bus_get_sync (G_BUS_TYPE_SYSTEM, cancellable, error); - if (connection == NULL) - goto out; - - result = g_dbus_connection_call_sync (connection, - "org.freedesktop.DBus", /* name */ - "/org/freedesktop/DBus", /* object path */ - "org.freedesktop.DBus", /* interface name */ - "GetConnectionUnixUser", /* method */ - g_variant_new ("(s)", system_bus_name->name), - G_VARIANT_TYPE ("(u)"), - G_DBUS_CALL_FLAGS_NONE, - -1, - cancellable, - error); - if (result == NULL) + if (!polkit_system_bus_name_get_creds_sync (system_bus_name, &uid, NULL, + cancellable, error)) goto out; - g_variant_get (result, "(u)", &uid); - g_variant_unref (result); - ret = (PolkitUnixUser*)polkit_unix_user_new (uid); out: - if (connection != NULL) - g_object_unref (connection); return ret; } -- cgit v1.2.3 From 60c443d9637d4a1e21c39e5cba4e3412835d5beb Mon Sep 17 00:00:00 2001 From: Kay Sievers Date: Mon, 19 May 2014 10:19:49 +0900 Subject: sessionmonitor-systemd: prepare for D-Bus "user bus" model In the D-Bus "user bus" model, all sessions of a user share the same D-Bus instance, a polkit requesting process might live outside the login session which registered the user's polkit agent. In case a polkit requesting process is not part of the user's login session, we ask systemd-logind for the user's "display" session instead. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=78905 Bug-Debian: https://bugs.debian.org/779988 Applied-upstream: 0.113, commit:a68f5dfd7662767b7b9822090b70bc5bd145c50c [smcv: backport configure.ac changes; fail with #error if the required API is not found] Gbp-Pq: Topic 0.113 Gbp-Pq: Name sessionmonitor-systemd-prepare-for-D-Bus-user-bus-mo.patch --- configure.ac | 4 +++ .../polkitbackendsessionmonitor-systemd.c | 29 ++++++++++++++++++---- 2 files changed, 28 insertions(+), 5 deletions(-) diff --git a/configure.ac b/configure.ac index f4a0c417..aa2760f9 100644 --- a/configure.ac +++ b/configure.ac @@ -165,6 +165,10 @@ if test "$enable_systemd" != "no"; then have_systemd=no) if test "$have_systemd" = "yes"; then SESSION_TRACKING=systemd + save_LIBS=$LIBS + LIBS=$SYSTEMD_LIBS + AC_CHECK_FUNCS(sd_uid_get_display) + LIBS=$save_LIBS else if test "$enable_systemd" = "yes"; then AC_MSG_ERROR([systemd support requested but libsystemd-login1 library not found]) diff --git a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c index 756b728a..ebd05cea 100644 --- a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c +++ b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c @@ -318,6 +318,9 @@ polkit_backend_session_monitor_get_session_for_subject (PolkitBackendSessionMoni PolkitSubject *session = NULL; char *session_id = NULL; pid_t pid; +#if HAVE_SD_UID_GET_DISPLAY + uid_t uid; +#endif if (POLKIT_IS_UNIX_PROCESS (subject)) process = POLKIT_UNIX_PROCESS (subject); /* We already have a process */ @@ -338,16 +341,32 @@ polkit_backend_session_monitor_get_session_for_subject (PolkitBackendSessionMoni g_type_name (G_TYPE_FROM_INSTANCE (subject))); } - /* Now do process -> pid -> session */ + /* Now do process -> pid -> same session */ g_assert (process != NULL); pid = polkit_unix_process_get_pid (process); - if (sd_pid_get_session (pid, &session_id) < 0) + if (sd_pid_get_session (pid, &session_id) >= 0) + { + session = polkit_unix_session_new (session_id); + goto out; + } + +#if HAVE_SD_UID_GET_DISPLAY + /* Now do process -> uid -> graphical session (systemd version 213)*/ + if (sd_pid_get_owner_uid (pid, &uid) < 0) goto out; - - session = polkit_unix_session_new (session_id); - free (session_id); + + if (sd_uid_get_display (uid, &session_id) >= 0) + { + session = polkit_unix_session_new (session_id); + goto out; + } +#else +#error Debian should have sd_uid_get_display() +#endif + out: + free (session_id); if (tmp_process) g_object_unref (tmp_process); return session; } -- cgit v1.2.3 From a818e02570f7662c534f76ad5b53ba28563ee270 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Tue, 26 Aug 2014 17:59:47 +0200 Subject: Refuse duplicate --user arguments to pkexec This usage is clearly erroneous, so we should tell the users they are making a mistake. Besides, this allows an attacker to cause a high number of heap allocations with attacker-controlled sizes ( http://googleprojectzero.blogspot.cz/2014/08/the-poisoned-nul-byte-2014-edition.html ), making some exploits easier. (To be clear, this is not a pkexec vulnerability, and we will not refuse attacker-affected malloc() usage as a matter of policy; but this commit is both user-friendly and adding some hardening.) Bug: https://bugs.freedesktop.org/show_bug.cgi?id=83093 Origin: upstream, 0.113, commit:6c992bc8aefa195a41eaa41c07f46f17de18e25c Gbp-Pq: Topic 0.113 Gbp-Pq: Name Refuse-duplicate-user-arguments-to-pkexec.patch --- src/programs/pkexec.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c index 5e990443..abc660df 100644 --- a/src/programs/pkexec.c +++ b/src/programs/pkexec.c @@ -533,6 +533,11 @@ main (int argc, char *argv[]) goto out; } + if (opt_user != NULL) + { + g_printerr ("--user specified twice\n"); + goto out; + } opt_user = g_strdup (argv[n]); } else if (strcmp (argv[n], "--disable-internal-agent") == 0) -- cgit v1.2.3 From 69bde2140050acd98e22104a7b8fd9518c2f007e Mon Sep 17 00:00:00 2001 From: "Max A. Dednev" Date: Sun, 11 Jan 2015 20:00:44 -0500 Subject: authority: Fix memory leak in EnumerateActions call results handler Policykit-1 doesn't release reference counters of GVariant data for org.freedesktop.PolicyKit1.Authority.EnumerateActions dbus call. This patch fixed reference counting and following memory leak. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=88288 Origin: upstream, 0.113, commit:f4d71e0de885010494b8b0b8d62ca910011d7544 Gbp-Pq: Topic 0.113 Gbp-Pq: Name 00git_fix_memleak.patch --- src/polkit/polkitauthority.c | 1 - 1 file changed, 1 deletion(-) diff --git a/src/polkit/polkitauthority.c b/src/polkit/polkitauthority.c index 9947cf32..84dab72c 100644 --- a/src/polkit/polkitauthority.c +++ b/src/polkit/polkitauthority.c @@ -715,7 +715,6 @@ polkit_authority_enumerate_actions_finish (PolkitAuthority *authority, while ((child = g_variant_iter_next_value (&iter)) != NULL) { ret = g_list_prepend (ret, polkit_action_description_new_for_gvariant (child)); - g_variant_ref_sink (child); g_variant_unref (child); } ret = g_list_reverse (ret); -- cgit v1.2.3 From 4b8136dfcf5e30a4d141b27c2cd996b12051641e Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Sat, 30 May 2015 09:06:23 -0400 Subject: CVE-2015-3218: backend: Handle invalid object paths in RegisterAuthenticationAgent MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Properly propagate the error, otherwise we dereference a `NULL` pointer. This is a local, authenticated DoS. `RegisterAuthenticationAgentWithOptions` and `UnregisterAuthentication` have been validated to not need changes for this. http://lists.freedesktop.org/archives/polkit-devel/2015-May/000420.html Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90829 Bug-Debian: https://bugs.debian.org/787932 Reported-by: Tavis Ormandy Reviewed-by: Philip Withnall Reviewed-by: Miloslav Trmač Signed-off-by: Colin Walters Origin: upstream, 0.113, commit:48e646918efb2bf0b3b505747655726d7869f31c Gbp-Pq: Topic 0.113 Gbp-Pq: Name 00git_invalid_object_paths.patch --- .../polkitbackendinteractiveauthority.c | 53 ++++++++++++---------- 1 file changed, 30 insertions(+), 23 deletions(-) diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c index b237e9db..25e13fb0 100644 --- a/src/polkitbackend/polkitbackendinteractiveauthority.c +++ b/src/polkitbackend/polkitbackendinteractiveauthority.c @@ -1558,36 +1558,42 @@ authentication_agent_new (PolkitSubject *scope, const gchar *unique_system_bus_name, const gchar *locale, const gchar *object_path, - GVariant *registration_options) + GVariant *registration_options, + GError **error) { AuthenticationAgent *agent; - GError *error; + GDBusProxy *proxy; - agent = g_new0 (AuthenticationAgent, 1); + if (!g_variant_is_object_path (object_path)) + { + g_set_error (error, POLKIT_ERROR, POLKIT_ERROR_FAILED, + "Invalid object path '%s'", object_path); + return NULL; + } + + proxy = g_dbus_proxy_new_for_bus_sync (G_BUS_TYPE_SYSTEM, + G_DBUS_PROXY_FLAGS_DO_NOT_LOAD_PROPERTIES | + G_DBUS_PROXY_FLAGS_DO_NOT_CONNECT_SIGNALS, + NULL, /* GDBusInterfaceInfo* */ + unique_system_bus_name, + object_path, + "org.freedesktop.PolicyKit1.AuthenticationAgent", + NULL, /* GCancellable* */ + error); + if (proxy == NULL) + { + g_prefix_error (error, "Failed to construct proxy for agent: " ); + return NULL; + } + agent = g_new0 (AuthenticationAgent, 1); agent->ref_count = 1; agent->scope = g_object_ref (scope); agent->object_path = g_strdup (object_path); agent->unique_system_bus_name = g_strdup (unique_system_bus_name); agent->locale = g_strdup (locale); agent->registration_options = registration_options != NULL ? g_variant_ref (registration_options) : NULL; - - error = NULL; - agent->proxy = g_dbus_proxy_new_for_bus_sync (G_BUS_TYPE_SYSTEM, - G_DBUS_PROXY_FLAGS_DO_NOT_LOAD_PROPERTIES | - G_DBUS_PROXY_FLAGS_DO_NOT_CONNECT_SIGNALS, - NULL, /* GDBusInterfaceInfo* */ - agent->unique_system_bus_name, - agent->object_path, - "org.freedesktop.PolicyKit1.AuthenticationAgent", - NULL, /* GCancellable* */ - &error); - if (agent->proxy == NULL) - { - g_warning ("Error constructing proxy for agent: %s", error->message); - g_error_free (error); - /* TODO: Make authentication_agent_new() return NULL and set a GError */ - } + agent->proxy = proxy; return agent; } @@ -2234,8 +2240,6 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken caller_cmdline = NULL; agent = NULL; - /* TODO: validate that object path is well-formed */ - interactive_authority = POLKIT_BACKEND_INTERACTIVE_AUTHORITY (authority); priv = POLKIT_BACKEND_INTERACTIVE_AUTHORITY_GET_PRIVATE (interactive_authority); @@ -2322,7 +2326,10 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (caller)), locale, object_path, - options); + options, + error); + if (!agent) + goto out; g_hash_table_insert (priv->hash_scope_to_authentication_agent, g_object_ref (subject), -- cgit v1.2.3 From b5818b96c45265cd8a8678f450d81bb73c53b5f6 Mon Sep 17 00:00:00 2001 From: Philip Withnall Date: Tue, 2 Jun 2015 16:19:51 +0100 Subject: sessionmonitor-systemd: Use sd_uid_get_state() to check session activity MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Instead of using sd_pid_get_session() then sd_session_is_active() to determine whether the user is active, use sd_uid_get_state() directly. This gets the maximum of the states of all the user’s sessions, rather than the state of the session containing the subject process. Since the user is the security boundary, this is fine. This change is necessary for `systemd --user` sessions, where most user code will be forked off user@.service, rather than running inside the logind session (whether that be a foreground/active or background/online session). Policy-wise, the change is from checking whether the subject process is in an active session; to checking whether the subject process is owned by a user with at least one active session. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=76358 Applied-upstream: 0.113, commit:a29653ffa99e0809e15aa34afcd7b2df8593871c Bug-Debian: https://bugs.debian.org/779988 Gbp-Pq: Topic 0.113 Gbp-Pq: Name sessionmonitor-systemd-Use-sd_uid_get_state-to-check.patch --- .../polkitbackendsessionmonitor-systemd.c | 33 +++++++++++++++++++++- 1 file changed, 32 insertions(+), 1 deletion(-) diff --git a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c index ebd05cea..6bd517ab 100644 --- a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c +++ b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c @@ -391,6 +391,37 @@ gboolean polkit_backend_session_monitor_is_session_active (PolkitBackendSessionMonitor *monitor, PolkitSubject *session) { - return sd_session_is_active (polkit_unix_session_get_session_id (POLKIT_UNIX_SESSION (session))); + const char *session_id; + char *state; + uid_t uid; + gboolean is_active = FALSE; + + session_id = polkit_unix_session_get_session_id (POLKIT_UNIX_SESSION (session)); + + g_debug ("Checking whether session %s is active.", session_id); + + /* Check whether *any* of the user's current sessions are active. */ + if (sd_session_get_uid (session_id, &uid) < 0) + goto fallback; + + g_debug ("Session %s has UID %u.", session_id, uid); + + if (sd_uid_get_state (uid, &state) < 0) + goto fallback; + + g_debug ("UID %u has state %s.", uid, state); + + is_active = (g_strcmp0 (state, "active") == 0); + free (state); + + return is_active; + +fallback: + /* Fall back to checking the session. This is not ideal, since the user + * might have multiple sessions, and we cannot guarantee to have chosen + * the active one. + * + * See: https://bugs.freedesktop.org/show_bug.cgi?id=76358. */ + return sd_session_is_active (session_id); } -- cgit v1.2.3 From d3b05ed88424f11a291fd32dab5f856749416df2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Wed, 11 Jun 2014 22:36:50 +0200 Subject: Fix a possible NULL dereference. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit polkit_backend_session_monitor_get_user_for_subject() may return NULL (and because it is using external processes, we can’t really rule it out). The code was already anticipating NULL in the cleanup section, so handle it also when actually using the value. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=80767 Origin: upstream, 0.113, commit:6109543303def367b84eaac97d2ff9cefe735efb Gbp-Pq: Topic 0.113 Gbp-Pq: Name Fix-a-possible-NULL-dereference.patch --- src/polkitbackend/polkitbackendinteractiveauthority.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c index 25e13fb0..00ee0446 100644 --- a/src/polkitbackend/polkitbackendinteractiveauthority.c +++ b/src/polkitbackend/polkitbackendinteractiveauthority.c @@ -557,7 +557,11 @@ log_result (PolkitBackendInteractiveAuthority *authority, user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, subject, NULL); subject_str = polkit_subject_to_string (subject); - user_of_subject_str = polkit_identity_to_string (user_of_subject); + + if (user_of_subject != NULL) + user_of_subject_str = polkit_identity_to_string (user_of_subject); + else + user_of_subject_str = g_strdup (""); caller_str = polkit_subject_to_string (caller); subject_cmdline = _polkit_subject_get_cmdline (subject); -- cgit v1.2.3 From 66cbcddde806cd4d89477f7cf8ad91cb2c957f67 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Wed, 11 Jun 2014 22:44:28 +0200 Subject: Remove a redundant assignment. Instead of a nonsensical (data = data), use the more customary ((void)data) to silence the warning about an unused parameter. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=80767 Origin: upstream, 0.113, commit:37143eb06cb0c4dffca67079dd1c10c5b191b6a7 Gbp-Pq: Topic 0.113 Gbp-Pq: Name Remove-a-redundant-assignment.patch --- src/polkitagent/polkitagenthelper-pam.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/polkitagent/polkitagenthelper-pam.c b/src/polkitagent/polkitagenthelper-pam.c index 292abbe4..937386e8 100644 --- a/src/polkitagent/polkitagenthelper-pam.c +++ b/src/polkitagent/polkitagenthelper-pam.c @@ -230,7 +230,7 @@ conversation_function (int n, const struct pam_message **msg, struct pam_respons gchar *tmp = NULL; size_t len; - data = data; + (void)data; if (n <= 0 || n > PAM_MAX_NUM_MSG) return PAM_CONV_ERR; -- cgit v1.2.3 From e912f1d429af7be4b9253d03b71c0be6fbabd361 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Mon, 15 Sep 2014 19:45:15 +0200 Subject: Fix duplicate GError use when "uid" is missing Some GLib versions complain loudly about this. To reproduce, call e.g. RegisterAuthenticationAgent with the following parameters: ("unix-process", {"pid": __import__('gi.repository.GLib', globals(), locals(), ['Variant']).Variant("u", 1), "start-time": __import__('gi.repository.GLib', globals(), locals(), ['Variant']).Variant("t", 1)}), "cs", "/" Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90877 Origin: upstream, 0.113, commit:2c8738941be18ef05ce724df46547f41dbc02fb5 Gbp-Pq: Topic 0.113 Gbp-Pq: Name Fix-duplicate-GError-use-when-uid-is-missing.patch --- src/polkit/polkitsubject.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/polkit/polkitsubject.c b/src/polkit/polkitsubject.c index aed57951..78ec745a 100644 --- a/src/polkit/polkitsubject.c +++ b/src/polkit/polkitsubject.c @@ -424,7 +424,7 @@ polkit_subject_new_for_gvariant (GVariant *variant, start_time = g_variant_get_uint64 (v); g_variant_unref (v); - v = lookup_asv (details_gvariant, "uid", G_VARIANT_TYPE_INT32, error); + v = lookup_asv (details_gvariant, "uid", G_VARIANT_TYPE_INT32, NULL); if (v != NULL) { uid = g_variant_get_int32 (v); -- cgit v1.2.3 From 3bbee2371103be73e4a9661b95d47326c84d39b0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Sat, 6 Jun 2015 01:07:08 +0200 Subject: Fix a crash when two authentication requests are in flight. To reproduce: 1. pkttyagent -p $$ # or another suitable PID 2. pkcheck -p $that_pid -a org.freedesktop.policykit.exec -u 3. pkcheck -p $that_pid -a org.freedesktop.policykit.exec -u 4. Then, in the pkttyagent prompt, press Enter. polkit_agent_text_listener_initiate_authentication was already setting an appropriate error code, so the g_assert was unnecessary. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90879 Origin: upstream, 0.113, commit:e2d2fafd106624ddfea4b17d3f40704b2031c00b Gbp-Pq: Topic 0.113 Gbp-Pq: Name Fix-a-crash-when-two-authentication-requests-are-in-.patch --- src/polkitagent/polkitagenttextlistener.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/src/polkitagent/polkitagenttextlistener.c b/src/polkitagent/polkitagenttextlistener.c index b5c8a3f3..e63c2853 100644 --- a/src/polkitagent/polkitagenttextlistener.c +++ b/src/polkitagent/polkitagenttextlistener.c @@ -546,12 +546,10 @@ polkit_agent_text_listener_initiate_authentication_finish (PolkitAgentListener GAsyncResult *res, GError **error) { - PolkitAgentTextListener *listener = POLKIT_AGENT_TEXT_LISTENER (_listener); gboolean ret; g_warn_if_fail (g_simple_async_result_get_source_tag (G_SIMPLE_ASYNC_RESULT (res)) == polkit_agent_text_listener_initiate_authentication); - g_assert (listener->active_session == NULL); ret = FALSE; -- cgit v1.2.3 From 225d4ba5ea10d260df63e858343634499ee1aa58 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Thu, 4 Jun 2015 12:15:18 -0400 Subject: CVE-2015-4625: Use unpredictable cookie values, keep them secret MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Tavis noted that it'd be possible with a 32 bit counter for someone to cause the cookie to wrap by creating Authentication requests in a loop. Something important to note here is that wrapping of signed integers is undefined behavior in C, so we definitely want to fix that. All counter integers used in this patch are unsigned. See the comment above `authentication_agent_generate_cookie` for details, but basically we're now using a cookie of the form: ``` - - - ``` Which has multiple 64 bit counters, plus unpredictable random 128 bit integer ids (effectively UUIDs, but we're not calling them that because we don't need to be globally unique. We further ensure that the cookies are not visible to other processes by changing the setuid helper to accept them over standard input. This means that an attacker would have to guess both ids. In any case, the security hole here is better fixed with the other change to bind user id (uid) of the agent with cookie lookups, making cookie guessing worthless. Nevertheless, I think it's worth doing this change too, for defense in depth. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90832 CVE: CVE-2015-4625 Reported-by: Tavis Ormandy Reviewed-by: Miloslav Trmač Signed-off-by: Colin Walters Origin: upstream, 0.113, commit:ea544ffc18405237ccd95d28d7f45afef49aca17 Bug-Debian: https://bugs.debian.org/796134 Gbp-Pq: Topic 0.113 Gbp-Pq: Name CVE-2015-4625-Use-unpredictable-cookie-values-keep-t.patch --- configure.ac | 2 +- src/polkitagent/polkitagenthelper-pam.c | 12 ++- src/polkitagent/polkitagenthelper-shadow.c | 12 ++- src/polkitagent/polkitagenthelperprivate.c | 33 ++++++++ src/polkitagent/polkitagenthelperprivate.h | 2 + src/polkitagent/polkitagentsession.c | 30 ++++--- .../polkitbackendinteractiveauthority.c | 99 +++++++++++++++++----- 7 files changed, 150 insertions(+), 40 deletions(-) diff --git a/configure.ac b/configure.ac index aa2760f9..388605d2 100644 --- a/configure.ac +++ b/configure.ac @@ -123,7 +123,7 @@ if test "x$GCC" = "xyes"; then changequote([,])dnl fi -PKG_CHECK_MODULES(GLIB, [gio-2.0 >= 2.28.0]) +PKG_CHECK_MODULES(GLIB, [gmodule-2.0 gio-unix-2.0 >= 2.30.0]) AC_SUBST(GLIB_CFLAGS) AC_SUBST(GLIB_LIBS) diff --git a/src/polkitagent/polkitagenthelper-pam.c b/src/polkitagent/polkitagenthelper-pam.c index 937386e8..19062aa8 100644 --- a/src/polkitagent/polkitagenthelper-pam.c +++ b/src/polkitagent/polkitagenthelper-pam.c @@ -65,7 +65,7 @@ main (int argc, char *argv[]) { int rc; const char *user_to_auth; - const char *cookie; + char *cookie = NULL; struct pam_conv pam_conversation; pam_handle_t *pam_h; const void *authed_user; @@ -97,7 +97,7 @@ main (int argc, char *argv[]) openlog ("polkit-agent-helper-1", LOG_CONS | LOG_PID, LOG_AUTHPRIV); /* check for correct invocation */ - if (argc != 3) + if (!(argc == 2 || argc == 3)) { syslog (LOG_NOTICE, "inappropriate use of helper, wrong number of arguments [uid=%d]", getuid ()); fprintf (stderr, "polkit-agent-helper-1: wrong number of arguments. This incident has been logged.\n"); @@ -105,7 +105,10 @@ main (int argc, char *argv[]) } user_to_auth = argv[1]; - cookie = argv[2]; + + cookie = read_cookie (argc, argv); + if (!cookie) + goto error; if (getuid () != 0) { @@ -203,6 +206,8 @@ main (int argc, char *argv[]) goto error; } + free (cookie); + #ifdef PAH_DEBUG fprintf (stderr, "polkit-agent-helper-1: successfully sent D-Bus message to PolicyKit daemon\n"); #endif /* PAH_DEBUG */ @@ -212,6 +217,7 @@ main (int argc, char *argv[]) return 0; error: + free (cookie); if (pam_h != NULL) pam_end (pam_h, rc); diff --git a/src/polkitagent/polkitagenthelper-shadow.c b/src/polkitagent/polkitagenthelper-shadow.c index a4f73acf..e8779154 100644 --- a/src/polkitagent/polkitagenthelper-shadow.c +++ b/src/polkitagent/polkitagenthelper-shadow.c @@ -46,7 +46,7 @@ main (int argc, char *argv[]) { struct spwd *shadow; const char *user_to_auth; - const char *cookie; + char *cookie = NULL; time_t now; /* clear the entire environment to avoid attacks with @@ -67,7 +67,7 @@ main (int argc, char *argv[]) openlog ("polkit-agent-helper-1", LOG_CONS | LOG_PID, LOG_AUTHPRIV); /* check for correct invocation */ - if (argc != 3) + if (!(argc == 2 || argc == 3)) { syslog (LOG_NOTICE, "inappropriate use of helper, wrong number of arguments [uid=%d]", getuid ()); fprintf (stderr, "polkit-agent-helper-1: wrong number of arguments. This incident has been logged.\n"); @@ -86,7 +86,10 @@ main (int argc, char *argv[]) } user_to_auth = argv[1]; - cookie = argv[2]; + + cookie = read_cookie (argc, argv); + if (!cookie) + goto error; #ifdef PAH_DEBUG fprintf (stderr, "polkit-agent-helper-1: user to auth is '%s'.\n", user_to_auth); @@ -153,6 +156,8 @@ main (int argc, char *argv[]) goto error; } + free (cookie); + #ifdef PAH_DEBUG fprintf (stderr, "polkit-agent-helper-1: successfully sent D-Bus message to PolicyKit daemon\n"); #endif /* PAH_DEBUG */ @@ -162,6 +167,7 @@ main (int argc, char *argv[]) return 0; error: + free (cookie); fprintf (stdout, "FAILURE\n"); flush_and_wait (); return 1; diff --git a/src/polkitagent/polkitagenthelperprivate.c b/src/polkitagent/polkitagenthelperprivate.c index 4417e70f..a99de7dd 100644 --- a/src/polkitagent/polkitagenthelperprivate.c +++ b/src/polkitagent/polkitagenthelperprivate.c @@ -23,6 +23,7 @@ #include "config.h" #include "polkitagenthelperprivate.h" #include +#include #include #include @@ -45,6 +46,38 @@ _polkit_clearenv (void) #endif +char * +read_cookie (int argc, char **argv) +{ + /* As part of CVE-2015-4625, we started passing the cookie + * on standard input, to ensure it's not visible to other + * processes. However, to ensure that things continue + * to work if the setuid binary is upgraded while old + * agents are still running (this will be common with + * package managers), we support both modes. + */ + if (argc == 3) + return strdup (argv[2]); + else + { + char *ret = NULL; + size_t n = 0; + ssize_t r = getline (&ret, &n, stdin); + if (r == -1) + { + if (!feof (stdin)) + perror ("getline"); + free (ret); + return NULL; + } + else + { + g_strchomp (ret); + return ret; + } + } +} + gboolean send_dbus_message (const char *cookie, const char *user) { diff --git a/src/polkitagent/polkitagenthelperprivate.h b/src/polkitagent/polkitagenthelperprivate.h index aeca2c74..547fdccf 100644 --- a/src/polkitagent/polkitagenthelperprivate.h +++ b/src/polkitagent/polkitagenthelperprivate.h @@ -38,6 +38,8 @@ int _polkit_clearenv (void); +char *read_cookie (int argc, char **argv); + gboolean send_dbus_message (const char *cookie, const char *user); void flush_and_wait (); diff --git a/src/polkitagent/polkitagentsession.c b/src/polkitagent/polkitagentsession.c index a658a229..6a3d6bc9 100644 --- a/src/polkitagent/polkitagentsession.c +++ b/src/polkitagent/polkitagentsession.c @@ -55,6 +55,7 @@ #include #include #include +#include #include #include "polkitagentmarshal.h" @@ -88,7 +89,7 @@ struct _PolkitAgentSession gchar *cookie; PolkitIdentity *identity; - int child_stdin; + GOutputStream *child_stdin; int child_stdout; GPid child_pid; @@ -129,7 +130,6 @@ G_DEFINE_TYPE (PolkitAgentSession, polkit_agent_session, G_TYPE_OBJECT); static void polkit_agent_session_init (PolkitAgentSession *session) { - session->child_stdin = -1; session->child_stdout = -1; } @@ -395,11 +395,7 @@ kill_helper (PolkitAgentSession *session) session->child_stdout = -1; } - if (session->child_stdin != -1) - { - g_warn_if_fail (close (session->child_stdin) == 0); - session->child_stdin = -1; - } + g_clear_object (&session->child_stdin); session->helper_is_running = FALSE; @@ -545,9 +541,9 @@ polkit_agent_session_response (PolkitAgentSession *session, add_newline = (response[response_len] != '\n'); - write (session->child_stdin, response, response_len); + (void) g_output_stream_write_all (session->child_stdin, response, response_len, NULL, NULL, NULL); if (add_newline) - write (session->child_stdin, newline, 1); + (void) g_output_stream_write_all (session->child_stdin, newline, 1, NULL, NULL, NULL); } /** @@ -567,8 +563,9 @@ polkit_agent_session_initiate (PolkitAgentSession *session) { uid_t uid; GError *error; - gchar *helper_argv[4]; + gchar *helper_argv[3]; struct passwd *passwd; + int stdin_fd = -1; g_return_if_fail (POLKIT_AGENT_IS_SESSION (session)); @@ -600,10 +597,8 @@ polkit_agent_session_initiate (PolkitAgentSession *session) helper_argv[0] = PACKAGE_LIBEXEC_DIR "/polkit-agent-helper-1"; helper_argv[1] = passwd->pw_name; - helper_argv[2] = session->cookie; - helper_argv[3] = NULL; + helper_argv[2] = NULL; - session->child_stdin = -1; session->child_stdout = -1; error = NULL; @@ -615,7 +610,7 @@ polkit_agent_session_initiate (PolkitAgentSession *session) NULL, NULL, &session->child_pid, - &session->child_stdin, + &stdin_fd, &session->child_stdout, NULL, &error)) @@ -628,6 +623,13 @@ polkit_agent_session_initiate (PolkitAgentSession *session) if (G_UNLIKELY (_show_debug ())) g_print ("PolkitAgentSession: spawned helper with pid %d\n", (gint) session->child_pid); + session->child_stdin = (GOutputStream*)g_unix_output_stream_new (stdin_fd, TRUE); + + /* Write the cookie on stdin so it can't be seen by other processes */ + (void) g_output_stream_write_all (session->child_stdin, session->cookie, strlen (session->cookie), + NULL, NULL, NULL); + (void) g_output_stream_write_all (session->child_stdin, "\n", 1, NULL, NULL, NULL); + session->child_stdout_channel = g_io_channel_unix_new (session->child_stdout); session->child_stdout_watch_source = g_io_create_watch (session->child_stdout_channel, G_IO_IN | G_IO_ERR | G_IO_HUP); diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c index 00ee0446..10eda2c7 100644 --- a/src/polkitbackend/polkitbackendinteractiveauthority.c +++ b/src/polkitbackend/polkitbackendinteractiveauthority.c @@ -212,6 +212,8 @@ typedef struct GDBusConnection *system_bus_connection; guint name_owner_changed_signal_id; + + guint64 agent_serial; } PolkitBackendInteractiveAuthorityPrivate; /* ---------------------------------------------------------------------------------------------------- */ @@ -430,11 +432,15 @@ struct AuthenticationAgent volatile gint ref_count; PolkitSubject *scope; + guint64 serial; gchar *locale; GVariant *registration_options; gchar *object_path; gchar *unique_system_bus_name; + GRand *cookie_pool; + gchar *cookie_prefix; + guint64 cookie_serial; GDBusProxy *proxy; @@ -1430,9 +1436,54 @@ authentication_session_cancelled_cb (GCancellable *cancellable, authentication_session_cancel (session); } +/* We're not calling this a UUID, but it's basically + * the same thing, just not formatted that way because: + * + * - I'm too lazy to do it + * - If we did, people might think it was actually + * generated from /dev/random, which we're not doing + * because this value doesn't actually need to be + * globally unique. + */ +static void +append_rand_u128_str (GString *buf, + GRand *pool) +{ + g_string_append_printf (buf, "%08x%08x%08x%08x", + g_rand_int (pool), + g_rand_int (pool), + g_rand_int (pool), + g_rand_int (pool)); +} + +/* A value that should be unique to the (AuthenticationAgent, AuthenticationSession) + * pair, and not guessable by other agents. + * + * - - - + * + * See http://lists.freedesktop.org/archives/polkit-devel/2015-June/000425.html + * + */ +static gchar * +authentication_agent_generate_cookie (AuthenticationAgent *agent) +{ + GString *buf = g_string_new (""); + + g_string_append (buf, agent->cookie_prefix); + + g_string_append_c (buf, '-'); + agent->cookie_serial++; + g_string_append_printf (buf, "%" G_GUINT64_FORMAT, + agent->cookie_serial); + g_string_append_c (buf, '-'); + append_rand_u128_str (buf, agent->cookie_pool); + + return g_string_free (buf, FALSE); +} + + static AuthenticationSession * authentication_session_new (AuthenticationAgent *agent, - const gchar *cookie, PolkitSubject *subject, PolkitIdentity *user_of_subject, PolkitSubject *caller, @@ -1449,7 +1500,7 @@ authentication_session_new (AuthenticationAgent *agent, session = g_new0 (AuthenticationSession, 1); session->agent = authentication_agent_ref (agent); - session->cookie = g_strdup (cookie); + session->cookie = authentication_agent_generate_cookie (agent); session->subject = g_object_ref (subject); session->user_of_subject = g_object_ref (user_of_subject); session->caller = g_object_ref (caller); @@ -1496,16 +1547,6 @@ authentication_session_free (AuthenticationSession *session) g_free (session); } -static gchar * -authentication_agent_new_cookie (AuthenticationAgent *agent) -{ - static gint counter = 0; - - /* TODO: use a more random-looking cookie */ - - return g_strdup_printf ("cookie%d", counter++); -} - static PolkitSubject * authentication_agent_get_scope (AuthenticationAgent *agent) { @@ -1553,12 +1594,15 @@ authentication_agent_unref (AuthenticationAgent *agent) g_free (agent->unique_system_bus_name); if (agent->registration_options != NULL) g_variant_unref (agent->registration_options); + g_rand_free (agent->cookie_pool); + g_free (agent->cookie_prefix); g_free (agent); } } static AuthenticationAgent * -authentication_agent_new (PolkitSubject *scope, +authentication_agent_new (guint64 serial, + PolkitSubject *scope, const gchar *unique_system_bus_name, const gchar *locale, const gchar *object_path, @@ -1592,6 +1636,7 @@ authentication_agent_new (PolkitSubject *scope, agent = g_new0 (AuthenticationAgent, 1); agent->ref_count = 1; + agent->serial = serial; agent->scope = g_object_ref (scope); agent->object_path = g_strdup (object_path); agent->unique_system_bus_name = g_strdup (unique_system_bus_name); @@ -1599,6 +1644,25 @@ authentication_agent_new (PolkitSubject *scope, agent->registration_options = registration_options != NULL ? g_variant_ref (registration_options) : NULL; agent->proxy = proxy; + { + GString *cookie_prefix = g_string_new (""); + GRand *agent_private_rand = g_rand_new (); + + g_string_append_printf (cookie_prefix, "%" G_GUINT64_FORMAT "-", agent->serial); + + /* Use a uniquely seeded PRNG to get a prefix cookie for this agent, + * whose sequence will not correlate with the per-authentication session + * cookies. + */ + append_rand_u128_str (cookie_prefix, agent_private_rand); + g_rand_free (agent_private_rand); + + agent->cookie_prefix = g_string_free (cookie_prefix, FALSE); + + /* And a newly seeded pool for per-session cookies */ + agent->cookie_pool = g_rand_new (); + } + return agent; } @@ -2083,7 +2147,6 @@ authentication_agent_initiate_challenge (AuthenticationAgent *agent, gpointer user_data) { AuthenticationSession *session; - gchar *cookie; GList *l; GList *identities; gchar *localized_message; @@ -2104,8 +2167,6 @@ authentication_agent_initiate_challenge (AuthenticationAgent *agent, &localized_icon_name, &localized_details); - cookie = authentication_agent_new_cookie (agent); - identities = NULL; /* select admin user if required by the implicit authorization */ @@ -2125,7 +2186,6 @@ authentication_agent_initiate_challenge (AuthenticationAgent *agent, } session = authentication_session_new (agent, - cookie, subject, user_of_subject, caller, @@ -2179,7 +2239,6 @@ authentication_agent_initiate_challenge (AuthenticationAgent *agent, g_list_foreach (identities, (GFunc) g_object_unref, NULL); g_list_free (identities); - g_free (cookie); g_free (localized_message); g_free (localized_icon_name); @@ -2326,7 +2385,9 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken goto out; } - agent = authentication_agent_new (subject, + priv->agent_serial++; + agent = authentication_agent_new (priv->agent_serial, + subject, polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (caller)), locale, object_path, -- cgit v1.2.3 From 8767096f402a7e3d3b6f39271577543fa04a7bc8 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Wed, 17 Jun 2015 13:07:02 -0400 Subject: CVE-2015-4625: Bind use of cookies to specific uids MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit http://lists.freedesktop.org/archives/polkit-devel/2015-June/000425.html The "cookie" value that Polkit hands out is global to all polkit users. And when `AuthenticationAgentResponse` is invoked, we previously only received the cookie and *target* identity, and attempted to find an agent from that. The problem is that the current cookie is just an integer counter, and if it overflowed, it would be possible for an successful authorization in one session to trigger a response in another session. The overflow and ability to guess the cookie were fixed by the previous patch. This patch is conceptually further hardening on top of that. Polkit currently treats uids as equivalent from a security domain perspective; there is no support for SELinux/AppArmor/etc. differentiation. We can retrieve the uid from `getuid()` in the setuid helper, which allows us to ensure the uid invoking `AuthenticationAgentResponse2` matches that of the agent. Then the authority only looks at authentication sessions matching the cookie that were created by a matching uid, thus removing the ability for different uids to interfere with each other entirely. Several fixes to this patch were contributed by: Miloslav Trmač Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90837 CVE: CVE-2015-4625 Reported-by: Tavis Ormandy Reviewed-by: Miloslav Trmač Signed-off-by: Colin Walters Origin: upstream, 0.113, commit:493aa5dc1d278ab9097110c1262f5229bbaf1766 Bug-Debian: https://bugs.debian.org/796134 Gbp-Pq: Topic 0.113 Gbp-Pq: Name CVE-2015-4625-Bind-use-of-cookies-to-specific-uids.patch --- ....freedesktop.PolicyKit1.AuthenticationAgent.xml | 14 ++++- data/org.freedesktop.PolicyKit1.Authority.xml | 24 ++++++++- ...erface-org.freedesktop.PolicyKit1.Authority.xml | 46 +++++++++++++++- docs/polkit/overview.xml | 18 ++++--- src/polkit/polkitauthority.c | 13 ++++- src/polkitbackend/polkitbackendauthority.c | 61 +++++++++++++++++++++- src/polkitbackend/polkitbackendauthority.h | 2 + .../polkitbackendinteractiveauthority.c | 39 ++++++++++++-- 8 files changed, 198 insertions(+), 19 deletions(-) diff --git a/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml b/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml index 3b519c2f..5beef7d4 100644 --- a/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml +++ b/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml @@ -8,7 +8,19 @@ - + diff --git a/data/org.freedesktop.PolicyKit1.Authority.xml b/data/org.freedesktop.PolicyKit1.Authority.xml index fbfb9cdc..f9021ee2 100644 --- a/data/org.freedesktop.PolicyKit1.Authority.xml +++ b/data/org.freedesktop.PolicyKit1.Authority.xml @@ -313,7 +313,29 @@ - + + + + + + + + + + + + + + + + + + diff --git a/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml b/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml index 6525e250..e66bf534 100644 --- a/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml +++ b/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml @@ -42,6 +42,8 @@ Structure TemporaryAuth IN String object_path) AuthenticationAgentResponse (IN String cookie, IN Identity identity) +AuthenticationAgentResponse2 (IN uint32 uid, IN String cookie, + IN Identity identity) EnumerateTemporaryAuthorizations (IN Subject subject, OUT Array<TemporaryAuthorization> temporary_authorizations) RevokeTemporaryAuthorizations (IN Subject subject) @@ -777,9 +779,51 @@ AuthenticationAgentResponse (IN String cookie, IN Identity identity) -Method for authentication agents to invoke on successful authentication. This method will fail unless a sufficiently privileged caller invokes it. +Method for authentication agents to invoke on successful +authentication, intended only for use by a privileged helper process +internal to polkit. Deprecated in favor of AuthenticationAgentResponse2. + + + + IN String cookie: + + +The cookie identifying the authentication request that was passed to the authentication agent. + + + + + IN Identity identity: + + +A Identity struct describing what identity was authenticated. + + + + + + + AuthenticationAgentResponse2 () + +AuthenticationAgentResponse2 (IN uint32 uid, + IN String cookie, + IN Identity identity) + + +Method for authentication agents to invoke on successful +authentication, intended only for use by a privileged helper process +internal to polkit. Note this method was introduced in 0.114 to fix a security issue. + + IN uint32 uid: + + +The user id of the agent; normally this is the owner of the parent pid +of the process that invoked the internal setuid helper. + + + IN String cookie: diff --git a/docs/polkit/overview.xml b/docs/polkit/overview.xml index 24440d2e..c29d8da2 100644 --- a/docs/polkit/overview.xml +++ b/docs/polkit/overview.xml @@ -66,16 +66,18 @@ Authentication agents are provided by desktop environments. When an user session starts, the agent registers with the polkit - Authority using - the RegisterAuthenticationAgent() + Authority using the RegisterAuthenticationAgent() method. When services are needed, the authority will invoke - methods on - the org.freedesktop.PolicyKit1.AuthenticationAgent + methods on the org.freedesktop.PolicyKit1.AuthenticationAgent D-Bus interface. Once the user is authenticated, (a privileged - part of) the agent invokes - the AuthenticationAgentResponse() - method. Note that the polkit Authority itself does not care - how the agent authenticates the user. + part of) the agent invokes the AuthenticationAgentResponse() + method. This method should be treated as an internal + implementation detail, and callers should use the public shared + library API to invoke it, which currently uses a setuid helper + program. The libpolkit-agent-1 diff --git a/src/polkit/polkitauthority.c b/src/polkit/polkitauthority.c index 84dab72c..f45abc4a 100644 --- a/src/polkit/polkitauthority.c +++ b/src/polkit/polkitauthority.c @@ -1492,6 +1492,14 @@ polkit_authority_authentication_agent_response (PolkitAuthority *authority, gpointer user_data) { GVariant *identity_value; + /* Note that in reality, this API is only accessible to root, and + * only called from the setuid helper `polkit-agent-helper-1`. + * + * However, because this is currently public API, we avoid + * triggering warnings from ABI diff type programs by just grabbing + * the real uid of the caller here. + */ + uid_t uid = getuid (); g_return_if_fail (POLKIT_IS_AUTHORITY (authority)); g_return_if_fail (cookie != NULL); @@ -1501,8 +1509,9 @@ polkit_authority_authentication_agent_response (PolkitAuthority *authority, identity_value = polkit_identity_to_gvariant (identity); g_variant_ref_sink (identity_value); g_dbus_proxy_call (authority->proxy, - "AuthenticationAgentResponse", - g_variant_new ("(s@(sa{sv}))", + "AuthenticationAgentResponse2", + g_variant_new ("(us@(sa{sv}))", + (guint32)uid, cookie, identity_value), G_DBUS_CALL_FLAGS_NONE, diff --git a/src/polkitbackend/polkitbackendauthority.c b/src/polkitbackend/polkitbackendauthority.c index fd4f161c..d1b1a257 100644 --- a/src/polkitbackend/polkitbackendauthority.c +++ b/src/polkitbackend/polkitbackendauthority.c @@ -355,6 +355,7 @@ polkit_backend_authority_unregister_authentication_agent (PolkitBackendAuthority gboolean polkit_backend_authority_authentication_agent_response (PolkitBackendAuthority *authority, PolkitSubject *caller, + uid_t uid, const gchar *cookie, PolkitIdentity *identity, GError **error) @@ -373,7 +374,7 @@ polkit_backend_authority_authentication_agent_response (PolkitBackendAuthority } else { - return klass->authentication_agent_response (authority, caller, cookie, identity, error); + return klass->authentication_agent_response (authority, caller, uid, cookie, identity, error); } } @@ -587,6 +588,11 @@ static const gchar *server_introspection_data = " " " " " " + " " + " " + " " + " " + " " " " " " " " @@ -1035,6 +1041,57 @@ server_handle_authentication_agent_response (Server *server, error = NULL; if (!polkit_backend_authority_authentication_agent_response (server->authority, caller, + (uid_t)-1, + cookie, + identity, + &error)) + { + g_dbus_method_invocation_return_gerror (invocation, error); + g_error_free (error); + goto out; + } + + g_dbus_method_invocation_return_value (invocation, g_variant_new ("()")); + + out: + if (identity != NULL) + g_object_unref (identity); +} + +static void +server_handle_authentication_agent_response2 (Server *server, + GVariant *parameters, + PolkitSubject *caller, + GDBusMethodInvocation *invocation) +{ + const gchar *cookie; + GVariant *identity_gvariant; + PolkitIdentity *identity; + GError *error; + guint32 uid; + + identity = NULL; + + g_variant_get (parameters, + "(u&s@(sa{sv}))", + &uid, + &cookie, + &identity_gvariant); + + error = NULL; + identity = polkit_identity_new_for_gvariant (identity_gvariant, &error); + if (identity == NULL) + { + g_prefix_error (&error, "Error getting identity: "); + g_dbus_method_invocation_return_gerror (invocation, error); + g_error_free (error); + goto out; + } + + error = NULL; + if (!polkit_backend_authority_authentication_agent_response (server->authority, + caller, + (uid_t)uid, cookie, identity, &error)) @@ -1222,6 +1279,8 @@ server_handle_method_call (GDBusConnection *connection, server_handle_unregister_authentication_agent (server, parameters, caller, invocation); else if (g_strcmp0 (method_name, "AuthenticationAgentResponse") == 0) server_handle_authentication_agent_response (server, parameters, caller, invocation); + else if (g_strcmp0 (method_name, "AuthenticationAgentResponse2") == 0) + server_handle_authentication_agent_response2 (server, parameters, caller, invocation); else if (g_strcmp0 (method_name, "EnumerateTemporaryAuthorizations") == 0) server_handle_enumerate_temporary_authorizations (server, parameters, caller, invocation); else if (g_strcmp0 (method_name, "RevokeTemporaryAuthorizations") == 0) diff --git a/src/polkitbackend/polkitbackendauthority.h b/src/polkitbackend/polkitbackendauthority.h index a564054f..1c212e0d 100644 --- a/src/polkitbackend/polkitbackendauthority.h +++ b/src/polkitbackend/polkitbackendauthority.h @@ -154,6 +154,7 @@ struct _PolkitBackendAuthorityClass gboolean (*authentication_agent_response) (PolkitBackendAuthority *authority, PolkitSubject *caller, + uid_t uid, const gchar *cookie, PolkitIdentity *identity, GError **error); @@ -256,6 +257,7 @@ gboolean polkit_backend_authority_unregister_authentication_agent (PolkitBackend gboolean polkit_backend_authority_authentication_agent_response (PolkitBackendAuthority *authority, PolkitSubject *caller, + uid_t uid, const gchar *cookie, PolkitIdentity *identity, GError **error); diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c index 10eda2c7..5e29af2c 100644 --- a/src/polkitbackend/polkitbackendinteractiveauthority.c +++ b/src/polkitbackend/polkitbackendinteractiveauthority.c @@ -106,8 +106,9 @@ static AuthenticationAgent *get_authentication_agent_for_subject (PolkitBackendI PolkitSubject *subject); -static AuthenticationSession *get_authentication_session_for_cookie (PolkitBackendInteractiveAuthority *authority, - const gchar *cookie); +static AuthenticationSession *get_authentication_session_for_uid_and_cookie (PolkitBackendInteractiveAuthority *authority, + uid_t uid, + const gchar *cookie); static GList *get_authentication_sessions_initiated_by_system_bus_unique_name (PolkitBackendInteractiveAuthority *authority, const gchar *system_bus_unique_name); @@ -167,6 +168,7 @@ static gboolean polkit_backend_interactive_authority_unregister_authentication_a static gboolean polkit_backend_interactive_authority_authentication_agent_response (PolkitBackendAuthority *authority, PolkitSubject *caller, + uid_t uid, const gchar *cookie, PolkitIdentity *identity, GError **error); @@ -431,6 +433,7 @@ struct AuthenticationAgent { volatile gint ref_count; + uid_t creator_uid; PolkitSubject *scope; guint64 serial; @@ -1603,6 +1606,7 @@ authentication_agent_unref (AuthenticationAgent *agent) static AuthenticationAgent * authentication_agent_new (guint64 serial, PolkitSubject *scope, + PolkitIdentity *creator, const gchar *unique_system_bus_name, const gchar *locale, const gchar *object_path, @@ -1611,6 +1615,10 @@ authentication_agent_new (guint64 serial, { AuthenticationAgent *agent; GDBusProxy *proxy; + PolkitUnixUser *creator_user; + + g_assert (POLKIT_IS_UNIX_USER (creator)); + creator_user = POLKIT_UNIX_USER (creator); if (!g_variant_is_object_path (object_path)) { @@ -1638,6 +1646,7 @@ authentication_agent_new (guint64 serial, agent->ref_count = 1; agent->serial = serial; agent->scope = g_object_ref (scope); + agent->creator_uid = (uid_t)polkit_unix_user_get_uid (creator_user); agent->object_path = g_strdup (object_path); agent->unique_system_bus_name = g_strdup (unique_system_bus_name); agent->locale = g_strdup (locale); @@ -1736,8 +1745,9 @@ get_authentication_agent_for_subject (PolkitBackendInteractiveAuthority *authori } static AuthenticationSession * -get_authentication_session_for_cookie (PolkitBackendInteractiveAuthority *authority, - const gchar *cookie) +get_authentication_session_for_uid_and_cookie (PolkitBackendInteractiveAuthority *authority, + uid_t uid, + const gchar *cookie) { PolkitBackendInteractiveAuthorityPrivate *priv; GHashTableIter hash_iter; @@ -1755,6 +1765,23 @@ get_authentication_session_for_cookie (PolkitBackendInteractiveAuthority *author { GList *l; + /* We need to ensure that if somehow we have duplicate cookies + * due to wrapping, that the cookie used is matched to the user + * who called AuthenticationAgentResponse2. See + * http://lists.freedesktop.org/archives/polkit-devel/2015-June/000425.html + * + * Except if the legacy AuthenticationAgentResponse is invoked, + * we don't know the uid and hence use -1. Continue to support + * the old behavior for backwards compatibility, although everyone + * who is using our own setuid helper will automatically be updated + * to the new API. + */ + if (uid != (uid_t)-1) + { + if (agent->creator_uid != uid) + continue; + } + for (l = agent->active_sessions; l != NULL; l = l->next) { AuthenticationSession *session = l->data; @@ -2388,6 +2415,7 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken priv->agent_serial++; agent = authentication_agent_new (priv->agent_serial, subject, + user_of_caller, polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (caller)), locale, object_path, @@ -2601,6 +2629,7 @@ polkit_backend_interactive_authority_unregister_authentication_agent (PolkitBack static gboolean polkit_backend_interactive_authority_authentication_agent_response (PolkitBackendAuthority *authority, PolkitSubject *caller, + uid_t uid, const gchar *cookie, PolkitIdentity *identity, GError **error) @@ -2643,7 +2672,7 @@ polkit_backend_interactive_authority_authentication_agent_response (PolkitBacken } /* find the authentication session */ - session = get_authentication_session_for_cookie (interactive_authority, cookie); + session = get_authentication_session_for_uid_and_cookie (interactive_authority, uid, cookie); if (session == NULL) { g_set_error (error, -- cgit v1.2.3 From f37b1a7814225d2d616f7a78797b1e50caf67be8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Wed, 17 Jun 2015 01:01:27 +0200 Subject: docs: Update for changes to uid binding/AuthenticationAgentResponse2 - Refer to PolkitAgentSession in general instead of to _response only - Revert to the original description of authentication cancellation, the agent really needs to return an error to the caller (in addition to dealing with the session if any). - Explicitly document the UID assumption; in the process fixing bug #69980. - Keep documenting that we need a sufficiently privileged caller. - Refer to the ...Response2 API in more places. - Also update docbook documentation. - Drop a paragraph suggesting non-PolkitAgentSession implementations are expected and commonplace. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90837 Reviewed-by: Colin Walters Origin: upstream, 0.113, commit:fb5076b7c05d01a532d593a4079a29cf2d63a228 Bug-Debian: https://bugs.debian.org/796134 Gbp-Pq: Topic 0.113 Gbp-Pq: Name docs-Update-for-changes-to-uid-binding-Authenticatio.patch --- ....freedesktop.PolicyKit1.AuthenticationAgent.xml | 6 +++--- data/org.freedesktop.PolicyKit1.Authority.xml | 11 ++++++---- ....freedesktop.PolicyKit1.AuthenticationAgent.xml | 7 +++++-- ...erface-org.freedesktop.PolicyKit1.Authority.xml | 12 +++++++---- docs/polkit/overview.xml | 8 ++++---- src/polkit/polkitauthority.c | 24 ++++++++++++++++++++-- src/polkitagent/polkitagentlistener.c | 5 +---- src/polkitbackend/polkitbackendauthority.c | 1 + 8 files changed, 51 insertions(+), 23 deletions(-) diff --git a/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml b/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml index 5beef7d4..482332f6 100644 --- a/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml +++ b/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml @@ -13,14 +13,14 @@ user to authenticate as one of the identities in @identities for the action with the identifier @action_id.This authentication is normally achieved via the - polkit_agent_session_response() API, which invokes a private + PolkitAgentSession API, which invokes a private setuid helper process to verify the authentication. When successful, it calls the org.freedesktop.PolicyKit1.Authority.AuthenticationAgentResponse2() method on the #org.freedesktop.PolicyKit1.Authority interface of the PolicyKit daemon before returning. If the user dismisses the - authentication dialog, the authentication agent should call - polkit_agent_session_cancel()."/> + authentication dialog, the authentication agent should return an + error."/> diff --git a/data/org.freedesktop.PolicyKit1.Authority.xml b/data/org.freedesktop.PolicyKit1.Authority.xml index f9021ee2..88da3c05 100644 --- a/data/org.freedesktop.PolicyKit1.Authority.xml +++ b/data/org.freedesktop.PolicyKit1.Authority.xml @@ -283,7 +283,7 @@ - + @@ -315,7 +315,8 @@ +internal to polkit. This method will fail unless a sufficiently privileged +caller invokes it. Deprecated in favor of org.freedesktop.PolicyKit1.Authority.AuthenticationAgentResponse2."/> @@ -330,11 +331,13 @@ internal to polkit."/> - + diff --git a/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.AuthenticationAgent.xml b/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.AuthenticationAgent.xml index ec596268..ab27b2f6 100644 --- a/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.AuthenticationAgent.xml +++ b/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.AuthenticationAgent.xml @@ -47,10 +47,13 @@ BeginAuthentication (IN String action_id, identifier action_id.Upon succesful authentication, the authentication agent must invoke the AuthenticationAgentResponse() + linkend="eggdbus-method-org.freedesktop.PolicyKit1.Authority.AuthenticationAgentResponse2">AuthenticationAgentResponse2() method on the org.freedesktop.PolicyKit1.Authority - interface of the PolicyKit daemon before returning. + interface of the PolicyKit daemon before returning. This is normally + achieved via the PolkitAgentSession + API, which invokes a private setuid helper process to verify the + authentication. The authentication agent should not return until after authentication is complete. diff --git a/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml b/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml index e66bf534..f2eed639 100644 --- a/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml +++ b/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml @@ -42,7 +42,7 @@ Structure TemporaryAuth IN String object_path) AuthenticationAgentResponse (IN String cookie, IN Identity identity) -AuthenticationAgentResponse2 (IN uint32 uid, IN String cookie, +AuthenticationAgentResponse2 (IN uint32 uid, IN String cookie, IN Identity identity) EnumerateTemporaryAuthorizations (IN Subject subject, OUT Array<TemporaryAuthorization> temporary_authorizations) @@ -701,7 +701,7 @@ RegisterAuthenticationAgent (IN Subject< IN String object_path) -Register an authentication agent.Note that current versions of PolicyKit will only work if session_id is set to the empty string. In the future it might work for non-empty strings if the caller is sufficiently privileged. +Register an authentication agent.Note that this should be called by same effective UID which will be passed to AuthenticationAgentResponse2(). @@ -781,7 +781,8 @@ AuthenticationAgentResponse (IN String cookie, Method for authentication agents to invoke on successful authentication, intended only for use by a privileged helper process -internal to polkit. Deprecated in favor of AuthenticationAgentResponse2. +internal to polkit. This method will fail unless a sufficiently privileged ++caller invokes it. Deprecated in favor of AuthenticationAgentResponse2(). @@ -812,7 +813,10 @@ AuthenticationAgentResponse2 (IN uint32 uid, Method for authentication agents to invoke on successful authentication, intended only for use by a privileged helper process -internal to polkit. Note this method was introduced in 0.114 to fix a security issue. +internal to polkit. This method will fail unless a sufficiently privileged +caller invokes it. Note this method was introduced in 0.114 and should be +preferred over AuthenticationAgentResponse() +as it fixes a security issue. diff --git a/docs/polkit/overview.xml b/docs/polkit/overview.xml index c29d8da2..8ddb34cc 100644 --- a/docs/polkit/overview.xml +++ b/docs/polkit/overview.xml @@ -73,11 +73,11 @@ linkend="eggdbus-interface-org.freedesktop.PolicyKit1.AuthenticationAgent">org.freedesktop.PolicyKit1.AuthenticationAgent D-Bus interface. Once the user is authenticated, (a privileged part of) the agent invokes the AuthenticationAgentResponse() + linkend="eggdbus-method-org.freedesktop.PolicyKit1.Authority.AuthenticationAgentResponse2">AuthenticationAgentResponse2() method. This method should be treated as an internal - implementation detail, and callers should use the public shared - library API to invoke it, which currently uses a setuid helper - program. + implementation detail, and callers should use the + PolkitAgentSession API to invoke + it, which currently uses a setuid helper program. The libpolkit-agent-1 diff --git a/src/polkit/polkitauthority.c b/src/polkit/polkitauthority.c index f45abc4a..4e882e64 100644 --- a/src/polkit/polkitauthority.c +++ b/src/polkit/polkitauthority.c @@ -1038,6 +1038,10 @@ polkit_authority_check_authorization_sync (PolkitAuthority *author * * Asynchronously registers an authentication agent. * + * Note that this should be called by the same effective UID which will be + * the real UID using the #PolkitAgentSession API or otherwise calling + * polkit_authority_authentication_agent_response(). + * * When the operation is finished, @callback will be invoked in the * thread-default * main loop of the thread you are calling this method @@ -1129,7 +1133,13 @@ polkit_authority_register_authentication_agent_finish (PolkitAuthority *authorit * @cancellable: (allow-none): A #GCancellable or %NULL. * @error: (allow-none): Return location for error or %NULL. * - * Registers an authentication agent. The calling thread is blocked + * Registers an authentication agent. + * + * Note that this should be called by the same effective UID which will be + * the real UID using the #PolkitAgentSession API or otherwise calling + * polkit_authority_authentication_agent_response(). + * + * The calling thread is blocked * until a reply is received. See * polkit_authority_register_authentication_agent() for the * asynchronous version. @@ -1178,6 +1188,10 @@ polkit_authority_register_authentication_agent_sync (PolkitAuthority *author * * Asynchronously registers an authentication agent. * + * Note that this should be called by the same effective UID which will be + * the real UID using the #PolkitAgentSession API or otherwise calling + * polkit_authority_authentication_agent_response(). + * * When the operation is finished, @callback will be invoked in the * thread-default * main loop of the thread you are calling this method @@ -1292,7 +1306,13 @@ polkit_authority_register_authentication_agent_with_options_finish (PolkitAuthor * @cancellable: (allow-none): A #GCancellable or %NULL. * @error: (allow-none): Return location for error or %NULL. * - * Registers an authentication agent. The calling thread is blocked + * Registers an authentication agent. + * + * Note that this should be called by the same effective UID which will be + * the real UID using the #PolkitAgentSession API or otherwise calling + * polkit_authority_authentication_agent_response(). + * + * The calling thread is blocked * until a reply is received. See * polkit_authority_register_authentication_agent_with_options() for the * asynchronous version. diff --git a/src/polkitagent/polkitagentlistener.c b/src/polkitagent/polkitagentlistener.c index 5bddd035..2bfda2d5 100644 --- a/src/polkitagent/polkitagentlistener.c +++ b/src/polkitagent/polkitagentlistener.c @@ -37,10 +37,7 @@ * * Typically authentication agents use #PolkitAgentSession to * authenticate users (via passwords) and communicate back the - * authentication result to the PolicyKit daemon. This is however not - * requirement. Depending on the system an authentication agent may - * use other means (such as a Yes/No dialog) to obtain sufficient - * evidence that the user is one of the requested identities. + * authentication result to the PolicyKit daemon. * * To register a #PolkitAgentListener with the PolicyKit daemon, use * polkit_agent_listener_register() or diff --git a/src/polkitbackend/polkitbackendauthority.c b/src/polkitbackend/polkitbackendauthority.c index d1b1a257..10b8af34 100644 --- a/src/polkitbackend/polkitbackendauthority.c +++ b/src/polkitbackend/polkitbackendauthority.c @@ -343,6 +343,7 @@ polkit_backend_authority_unregister_authentication_agent (PolkitBackendAuthority * polkit_backend_authority_authentication_agent_response: * @authority: A #PolkitBackendAuthority. * @caller: The system bus name that initiated the query. + * @uid: The real UID of the registered agent, or (uid_t)-1 if unknown. * @cookie: The cookie passed to the authentication agent from the authority. * @identity: The identity that was authenticated. * @error: Return location for error or %NULL. -- cgit v1.2.3 From 54e098bf85f1c31509c681e1288a540b557a8e49 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Tue, 1 Jul 2014 20:00:48 +0200 Subject: Fix a per-authorization memory leak We were leaking PolkitAuthorizationResult on every request, primarily on the success path, but also on various error paths as well. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=69501 Origin: upstream, 0.113, commit:0f5852a4bdabe377ddcdbed09a0c1f95710e17fe Gbp-Pq: Topic 0.113 Gbp-Pq: Name Fix-a-per-authorization-memory-leak.patch --- src/polkitbackend/polkitbackendauthority.c | 1 + src/polkitbackend/polkitbackendinteractiveauthority.c | 5 ++++- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/src/polkitbackend/polkitbackendauthority.c b/src/polkitbackend/polkitbackendauthority.c index 10b8af34..39eb5b9d 100644 --- a/src/polkitbackend/polkitbackendauthority.c +++ b/src/polkitbackend/polkitbackendauthority.c @@ -714,6 +714,7 @@ check_auth_cb (GObject *source_object, g_variant_ref_sink (value); g_dbus_method_invocation_return_value (data->invocation, g_variant_new ("(@(bba{ss}))", value)); g_variant_unref (value); + g_object_unref (result); } check_auth_data_free (data); diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c index 5e29af2c..73d0a0e2 100644 --- a/src/polkitbackend/polkitbackendinteractiveauthority.c +++ b/src/polkitbackend/polkitbackendinteractiveauthority.c @@ -1015,7 +1015,7 @@ polkit_backend_interactive_authority_check_authorization (PolkitBackendAuthority /* Otherwise just return the result */ g_simple_async_result_set_op_res_gpointer (simple, - result, + g_object_ref (result), g_object_unref); g_simple_async_result_complete (simple); g_object_unref (simple); @@ -1032,6 +1032,9 @@ polkit_backend_interactive_authority_check_authorization (PolkitBackendAuthority g_free (subject_str); g_free (user_of_caller_str); g_free (user_of_subject_str); + + if (result != NULL) + g_object_unref (result); } /* ---------------------------------------------------------------------------------------------------- */ -- cgit v1.2.3 From c7eee74677231525bcf5f99b059b07da516180ad Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Tue, 1 Jul 2014 20:00:48 +0200 Subject: Fix a memory leak when registering an authentication agent Bug: https://bugs.freedesktop.org/show_bug.cgi?id=69501 Origin: upstream, 0.113, commit:ec039f9d7ede5b839f5511e26d5cd6ae9107cb2e Gbp-Pq: Topic 0.113 Gbp-Pq: Name Fix-a-memory-leak-when-registering-an-authentication.patch --- src/polkitbackend/polkitbackendauthority.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/polkitbackend/polkitbackendauthority.c b/src/polkitbackend/polkitbackendauthority.c index 39eb5b9d..afe5b90c 100644 --- a/src/polkitbackend/polkitbackendauthority.c +++ b/src/polkitbackend/polkitbackendauthority.c @@ -900,6 +900,7 @@ server_handle_register_authentication_agent (Server *server, g_dbus_method_invocation_return_value (invocation, g_variant_new ("()")); out: + g_variant_unref (subject_gvariant); if (subject != NULL) g_object_unref (subject); } -- cgit v1.2.3 From 25e82b9b15607210890fbce141bea36041849dc2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Wed, 1 Apr 2015 05:22:37 +0200 Subject: CVE-2015-3255 Fix GHashTable usage. Don't assume that the hash table with free both the key and the value at the same time, supply proper deallocation functions for the key and value separately. Then drop ParsedAction::action_id which is no longer used for anything. https://bugs.freedesktop.org/show_bug.cgi?id=69501 and https://bugs.freedesktop.org/show_bug.cgi?id=83590 CVE: CVE-2015-3255 Origin: upstream, 0.113, commit:9f5e0c731784003bd4d6fc75ab739ff8b2ea269f Bug-Debian: https://bugs.debian.org/796134 Gbp-Pq: Topic 0.113 Gbp-Pq: Name CVE-2015-3255-Fix-GHashTable-usage.patch --- src/polkitbackend/polkitbackendactionpool.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/src/polkitbackend/polkitbackendactionpool.c b/src/polkitbackend/polkitbackendactionpool.c index 0af00109..b16ed2f9 100644 --- a/src/polkitbackend/polkitbackendactionpool.c +++ b/src/polkitbackend/polkitbackendactionpool.c @@ -40,7 +40,6 @@ typedef struct { - gchar *action_id; gchar *vendor_name; gchar *vendor_url; gchar *icon_name; @@ -62,7 +61,6 @@ typedef struct static void parsed_action_free (ParsedAction *action) { - g_free (action->action_id); g_free (action->vendor_name); g_free (action->vendor_url); g_free (action->icon_name); @@ -134,7 +132,7 @@ polkit_backend_action_pool_init (PolkitBackendActionPool *pool) priv->parsed_actions = g_hash_table_new_full (g_str_hash, g_str_equal, - NULL, + g_free, (GDestroyNotify) parsed_action_free); priv->parsed_files = g_hash_table_new_full (g_str_hash, @@ -988,7 +986,6 @@ _end (void *data, const char *el) icon_name = pd->global_icon_name; action = g_new0 (ParsedAction, 1); - action->action_id = g_strdup (pd->action_id); action->vendor_name = g_strdup (vendor); action->vendor_url = g_strdup (vendor_url); action->icon_name = g_strdup (icon_name); @@ -1003,7 +1000,8 @@ _end (void *data, const char *el) action->implicit_authorization_inactive = pd->implicit_authorization_inactive; action->implicit_authorization_active = pd->implicit_authorization_active; - g_hash_table_insert (priv->parsed_actions, action->action_id, action); + g_hash_table_insert (priv->parsed_actions, g_strdup (pd->action_id), + action); /* we steal these hash tables */ pd->annotations = NULL; -- cgit v1.2.3 From b52dbb2aa079be16b8e2db847d812aecf5329299 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Tue, 14 Apr 2015 22:27:41 +0200 Subject: Fix use-after-free in polkitagentsession.c PolkitAgentTextListener's "completed" handler drops the last reference to the session; in fact this is explicitly recommended in the signal's documentation. So we must not access any members of session after emitting the signal. Found while dealing with https://bugs.freedesktop.org/show_bug.cgi?id=69501 Origin: upstream, 0.113, commit:efb6cd56a423ba15bb1f44ee3c4987aad5a5fd45 Gbp-Pq: Topic 0.113 Gbp-Pq: Name Fix-use-after-free-in-polkitagentsession.c.patch --- src/polkitagent/polkitagentsession.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/polkitagent/polkitagentsession.c b/src/polkitagent/polkitagentsession.c index 6a3d6bc9..46fbaf06 100644 --- a/src/polkitagent/polkitagentsession.c +++ b/src/polkitagent/polkitagentsession.c @@ -412,8 +412,9 @@ complete_session (PolkitAgentSession *session, { if (G_UNLIKELY (_show_debug ())) g_print ("PolkitAgentSession: emitting ::completed(%s)\n", result ? "TRUE" : "FALSE"); - g_signal_emit_by_name (session, "completed", result); session->have_emitted_completed = TRUE; + /* Note that the signal handler may drop the last reference to session. */ + g_signal_emit_by_name (session, "completed", result); } } -- cgit v1.2.3 From a9c3aab4d419b9aa44aec47d72122a04b204336f Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Thu, 4 Jun 2015 08:41:36 -0400 Subject: README: Note to send security reports via DBus's mechanism This avoids duplicating effort. Origin: upstream, 0.113, commit:ccec766c509d16dab417582e94f43d906cefd4ae Gbp-Pq: Topic 0.113 Gbp-Pq: Name README-Note-to-send-security-reports-via-DBus-s-mech.patch --- README | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/README b/README index b0751627..07230029 100644 --- a/README +++ b/README @@ -22,6 +22,22 @@ To verify the authenticity of the compressed tarball, use this command BUGS and DEVELOPMENT ==================== -Please report bugs via the freedesktop.org bugzilla at +Please report non-security bugs via the freedesktop.org bugzilla at https://bugs.freedesktop.org/enter_bug.cgi?product=PolicyKit + +SECURITY ISSUES +=============== + +polkit uses the same mechanism for reporting security issues as dbus, +the most recent copy of instructions can be found in the DBus git +repository: + +http://cgit.freedesktop.org/dbus/dbus/tree/HACKING + +A copy of the instructions as of 2015-06-04: + +If you find a security vulnerability that is not known to the public, +please report it privately to dbus-security@lists.freedesktop.org +or by reporting a freedesktop.org bug that is marked as +restricted to the "D-BUS security group". -- cgit v1.2.3 From edac18e3f5eda7722c68f05b4b4c3b4f2505a93c Mon Sep 17 00:00:00 2001 From: Dariusz Gadomski Date: Tue, 10 Nov 2015 10:52:02 +0100 Subject: Fix multi-line pam text info. There are pam modules (e.g. pam_vas) that may attempt to display multi-line PAM_TEXT_INFO messages. Polkit was interpreting the lines after the first one as a separate message that was not recognized causing the authorization to fail. Escaping these strings and unescaping them fixes the issue. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=92886 Origin: upstream, 0.114, commit:10597322eccc320f9053821750ae9af51e918d74 Gbp-Pq: Topic 0.114 Gbp-Pq: Name Fix-multi-line-pam-text-info.patch --- src/polkitagent/polkitagenthelper-pam.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/src/polkitagent/polkitagenthelper-pam.c b/src/polkitagent/polkitagenthelper-pam.c index 19062aa8..063d656d 100644 --- a/src/polkitagent/polkitagenthelper-pam.c +++ b/src/polkitagent/polkitagenthelper-pam.c @@ -302,10 +302,15 @@ conversation_function (int n, const struct pam_message **msg, struct pam_respons case PAM_TEXT_INFO: fprintf (stdout, "PAM_TEXT_INFO "); conv2: - fputs (msg[i]->msg, stdout); - if (strlen (msg[i]->msg) > 0 && - msg[i]->msg[strlen (msg[i]->msg) - 1] != '\n') - fputc ('\n', stdout); + tmp = g_strdup (msg[i]->msg); + len = strlen (tmp); + if (len > 0 && tmp[len - 1] == '\n') + tmp[len - 1] = '\0'; + escaped = g_strescape (tmp, NULL); + g_free (tmp); + fputs (escaped, stdout); + g_free (escaped); + fputc ('\n', stdout); fflush (stdout); break; -- cgit v1.2.3 From 78e882d754d7d50a80b0fa033982cc30d4eb7add Mon Sep 17 00:00:00 2001 From: Dariusz Gadomski Date: Thu, 12 Nov 2015 15:01:19 +0100 Subject: Refactor send_to_helper usage There were duplicated pieces of code detecting EOLs and escaping the code. Those actions has been delegated to already-existing send_to_helper function. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=92886 Origin: upstream, 0.114, commit:2690cd0312b310946c86674c8dd1f55c63f7dd6a Gbp-Pq: Topic 0.114 Gbp-Pq: Name Refactor-send_to_helper-usage.patch --- src/polkitagent/polkitagenthelper-pam.c | 81 +++++++++++---------------------- 1 file changed, 26 insertions(+), 55 deletions(-) diff --git a/src/polkitagent/polkitagenthelper-pam.c b/src/polkitagent/polkitagenthelper-pam.c index 063d656d..3ea3a3f2 100644 --- a/src/polkitagent/polkitagenthelper-pam.c +++ b/src/polkitagent/polkitagenthelper-pam.c @@ -39,25 +39,35 @@ static void send_to_helper (const gchar *str1, const gchar *str2) { + char *escaped; + char *tmp2; + size_t len2; + + tmp2 = g_strdup(str2); + len2 = strlen(tmp2); #ifdef PAH_DEBUG - fprintf (stderr, "polkit-agent-helper-1: writing `%s' to stdout\n", str1); + fprintf (stderr, "polkit-agent-helper-1: writing `%s ' to stdout\n", str1); #endif /* PAH_DEBUG */ - fprintf (stdout, "%s", str1); + fprintf (stdout, "%s ", str1); + + if (len2 > 0 && tmp2[len2 - 1] == '\n') + tmp2[len2 - 1] = '\0'; + escaped = g_strescape (tmp2, NULL); #ifdef PAH_DEBUG - fprintf (stderr, "polkit-agent-helper-1: writing `%s' to stdout\n", str2); + fprintf (stderr, "polkit-agent-helper-1: writing `%s' to stdout\n", escaped); #endif /* PAH_DEBUG */ - fprintf (stdout, "%s", str2); - if (strlen (str2) > 0 && str2[strlen (str2) - 1] != '\n') - { + fprintf (stdout, "%s", escaped); #ifdef PAH_DEBUG - fprintf (stderr, "polkit-agent-helper-1: writing newline to stdout\n"); + fprintf (stderr, "polkit-agent-helper-1: writing newline to stdout\n"); #endif /* PAH_DEBUG */ - fputc ('\n', stdout); - } + fputc ('\n', stdout); #ifdef PAH_DEBUG fprintf (stderr, "polkit-agent-helper-1: flushing stdout\n"); #endif /* PAH_DEBUG */ fflush (stdout); + + g_free (escaped); + g_free (tmp2); } int @@ -89,7 +99,7 @@ main (int argc, char *argv[]) /* Special-case a very common error triggered in jhbuild setups */ s = g_strdup_printf ("Incorrect permissions on %s (needs to be setuid root)", argv[0]); - send_to_helper ("PAM_ERROR_MSG ", s); + send_to_helper ("PAM_ERROR_MSG", s); g_free (s); goto error; } @@ -232,9 +242,6 @@ conversation_function (int n, const struct pam_message **msg, struct pam_respons struct pam_response *aresp; char buf[PAM_MAX_RESP_SIZE]; int i; - gchar *escaped = NULL; - gchar *tmp = NULL; - size_t len; (void)data; if (n <= 0 || n > PAM_MAX_NUM_MSG) @@ -251,38 +258,13 @@ conversation_function (int n, const struct pam_message **msg, struct pam_respons { case PAM_PROMPT_ECHO_OFF: -#ifdef PAH_DEBUG - fprintf (stderr, "polkit-agent-helper-1: writing `PAM_PROMPT_ECHO_OFF ' to stdout\n"); -#endif /* PAH_DEBUG */ - fprintf (stdout, "PAM_PROMPT_ECHO_OFF "); + send_to_helper ("PAM_PROMPT_ECHO_OFF", msg[i]->msg); goto conv1; case PAM_PROMPT_ECHO_ON: -#ifdef PAH_DEBUG - fprintf (stderr, "polkit-agent-helper-1: writing `PAM_PROMPT_ECHO_ON ' to stdout\n"); -#endif /* PAH_DEBUG */ - fprintf (stdout, "PAM_PROMPT_ECHO_ON "); - conv1: -#ifdef PAH_DEBUG - fprintf (stderr, "polkit-agent-helper-1: writing `%s' to stdout\n", msg[i]->msg); -#endif /* PAH_DEBUG */ - tmp = g_strdup (msg[i]->msg); - len = strlen (tmp); - if (len > 0 && tmp[len - 1] == '\n') - tmp[len - 1] = '\0'; - escaped = g_strescape (tmp, NULL); - g_free (tmp); - fputs (escaped, stdout); - g_free (escaped); -#ifdef PAH_DEBUG - fprintf (stderr, "polkit-agent-helper-1: writing newline to stdout\n"); -#endif /* PAH_DEBUG */ - fputc ('\n', stdout); -#ifdef PAH_DEBUG - fprintf (stderr, "polkit-agent-helper-1: flushing stdout\n"); -#endif /* PAH_DEBUG */ - fflush (stdout); + send_to_helper ("PAM_PROMPT_ECHO_ON", msg[i]->msg); + conv1: if (fgets (buf, sizeof buf, stdin) == NULL) goto error; @@ -296,22 +278,11 @@ conversation_function (int n, const struct pam_message **msg, struct pam_respons break; case PAM_ERROR_MSG: - fprintf (stdout, "PAM_ERROR_MSG "); - goto conv2; + send_to_helper ("PAM_ERROR_MSG", msg[i]->msg); + break; case PAM_TEXT_INFO: - fprintf (stdout, "PAM_TEXT_INFO "); - conv2: - tmp = g_strdup (msg[i]->msg); - len = strlen (tmp); - if (len > 0 && tmp[len - 1] == '\n') - tmp[len - 1] = '\0'; - escaped = g_strescape (tmp, NULL); - g_free (tmp); - fputs (escaped, stdout); - g_free (escaped); - fputc ('\n', stdout); - fflush (stdout); + send_to_helper ("PAM_TEXT_INFO", msg[i]->msg); break; default: -- cgit v1.2.3 From dc7f6a67ce5be5977aa5473d8de5723543ddfe2e Mon Sep 17 00:00:00 2001 From: Matthias Clasen Date: Fri, 15 Jul 2016 11:12:35 -0400 Subject: Add gettext support for .policy files gettext can extract strings from and merge them back into xml file formats, with the help of .its files. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=96940 Origin: upstream, 0.114, commit:c78819245ff8a270f97c9f800773e727918be838 Gbp-Pq: Topic 0.114 Gbp-Pq: Name Add-gettext-support-for-.policy-files.patch --- data/Makefile.am | 5 +++++ data/polkit.its | 7 +++++++ data/polkit.loc | 6 ++++++ 3 files changed, 18 insertions(+) create mode 100644 data/polkit.its create mode 100644 data/polkit.loc diff --git a/data/Makefile.am b/data/Makefile.am index f0beeba4..e1a60aad 100644 --- a/data/Makefile.am +++ b/data/Makefile.am @@ -20,6 +20,11 @@ endif pkgconfigdir = $(libdir)/pkgconfig pkgconfig_DATA = polkit-gobject-1.pc polkit-backend-1.pc polkit-agent-1.pc +# ---------------------------------------------------------------------------------------------------- + +itsdir = $(datadir)/gettext/its +its_DATA = polkit.loc polkit.its + CLEANFILES = $(BUILT_SOURCES) EXTRA_DIST = \ diff --git a/data/polkit.its b/data/polkit.its new file mode 100644 index 00000000..1312ecbe --- /dev/null +++ b/data/polkit.its @@ -0,0 +1,7 @@ + + + + diff --git a/data/polkit.loc b/data/polkit.loc new file mode 100644 index 00000000..c7427ec6 --- /dev/null +++ b/data/polkit.loc @@ -0,0 +1,6 @@ + + + + + + -- cgit v1.2.3 From 104e67d9152a1bb4b46b6e9e8784584cf8aa9a6e Mon Sep 17 00:00:00 2001 From: Peter Hutterer Date: Thu, 20 Oct 2016 10:50:58 +1000 Subject: gettext: switch to default-translate "no" The default appears to be to translate all entries. This rule never takes effect, the path to /action/message and /action/description is wrong (/action is not a root node). Since we wanted them to be translated, it doesn't matter. But it also translates all other tags (vendor, allow_any, etc.) and that causes polkit to be unhappy, it can't handle the various language versions of "no" ** (polkitd:27434): WARNING **: Unknown PolkitImplicitAuthorization string 'tidak' Switch to a default of "no" and explicitly include the message and description strings to be translated. The patch was modified for PolicyKit by Ondrej Holy . Bug: https://bugs.freedesktop.org/show_bug.cgi?id=98366 Origin: upstream, 0.114, commit:32e9a69c335324a53a2c0ba4e0b513fb044be0fd Gbp-Pq: Topic 0.114 Gbp-Pq: Name gettext-switch-to-default-translate-no.patch --- data/polkit.its | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/data/polkit.its b/data/polkit.its index 1312ecbe..1c37e6be 100644 --- a/data/polkit.its +++ b/data/polkit.its @@ -1,7 +1,8 @@ - + -- cgit v1.2.3 From 3f9ddf6ac89afe7c1578df02c5b074a5019308f9 Mon Sep 17 00:00:00 2001 From: Sebastien Bacher Date: Mon, 2 Apr 2018 10:52:47 -0400 Subject: Support polkit session agent running outside user session commit a68f5dfd7662767b7b9822090b70bc5bd145c50c made session applications that are running from a user bus work with polkitd, by falling back to using the currently active session. This commit is similar, but for the polkit agent. It allows, a polkit agent to be run from a systemd --user service that's not running directly in the users session. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=96977 Applied-upstream: 0.114, commit:00a663e3fb14d8023e7cb6a66d091872bf4f2851 Gbp-Pq: Topic 0.114 Gbp-Pq: Name Support-polkit-session-agent-running-outside-user-session.patch --- src/polkit/polkitunixsession-systemd.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/src/polkit/polkitunixsession-systemd.c b/src/polkit/polkitunixsession-systemd.c index 8a8bf65b..c34f36a9 100644 --- a/src/polkit/polkitunixsession-systemd.c +++ b/src/polkit/polkitunixsession-systemd.c @@ -451,6 +451,7 @@ polkit_unix_session_initable_init (GInitable *initable, PolkitUnixSession *session = POLKIT_UNIX_SESSION (initable); gboolean ret = FALSE; char *s; + uid_t uid; if (session->session_id != NULL) { @@ -467,6 +468,19 @@ polkit_unix_session_initable_init (GInitable *initable, goto out; } + /* Now do process -> uid -> graphical session (systemd version 213)*/ + if (sd_pid_get_owner_uid (session->pid, &uid) < 0) + goto error; + + if (sd_uid_get_display (uid, &s) >= 0) + { + session->session_id = g_strdup (s); + free (s); + ret = TRUE; + goto out; + } + +error: g_set_error (error, POLKIT_ERROR, POLKIT_ERROR_FAILED, -- cgit v1.2.3 From 1df059b077a81ef6337d34a04549aaf66b6d8fde Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Mon, 25 Jun 2018 19:24:06 +0200 Subject: Fix CVE-2018-1116: Trusting client-supplied UID MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit As part of CVE-2013-4288, the D-Bus clients were allowed (and encouraged) to submit the UID of the subject of authorization checks to avoid races against UID changes (notably using executables set-UID to root). However, that also allowed any client to submit an arbitrary UID, and that could be used to bypass "can only ask about / affect the same UID" checks in CheckAuthorization / RegisterAuthenticationAgent / UnregisterAuthenticationAgent. This allowed an attacker: - With CheckAuthorization, to cause the registered authentication agent in victim's session to pop up a dialog, or to determine whether the victim currently has a temporary authorization to perform an operation. (In principle, the attacker can also determine whether JavaScript rules allow the victim process to perform an operation; however, usually rules base their decisions on information determined from the supplied UID, so the attacker usually won't learn anything new.) - With RegisterAuthenticationAgent, to prevent the victim's authentication agent to work (for a specific victim process), or to learn about which operations requiring authorization the victim is attempting. To fix this, expose internal _polkit_unix_process_get_owner() / obsolete polkit_unix_process_get_owner() as a private polkit_unix_process_get_racy_uid__() (being more explicit about the dangers on relying on it), and use it in polkit_backend_session_monitor_get_user_for_subject() to return a boolean indicating whether the subject UID may be caller-chosen. Then, in the permission checks that require the subject to be equal to the caller, fail on caller-chosen UIDs (and continue through the pre-existing code paths which allow root, or root-designated server processes, to ask about arbitrary subjects.) Signed-off-by: Miloslav Trmač Origin: upstream, 0.115, commit:bc7ffad53643a9c80231fc41f5582d6a8931c32c Gbp-Pq: Topic 0.115 Gbp-Pq: Name Fix-CVE-2018-1116-Trusting-client-supplied-UID.patch --- src/polkit/polkitprivate.h | 2 + src/polkit/polkitunixprocess.c | 60 ++++++++++++++++++---- .../polkitbackendinteractiveauthority.c | 39 +++++++++----- .../polkitbackendsessionmonitor-systemd.c | 38 ++++++++++++-- src/polkitbackend/polkitbackendsessionmonitor.c | 40 +++++++++++++-- src/polkitbackend/polkitbackendsessionmonitor.h | 1 + 6 files changed, 147 insertions(+), 33 deletions(-) diff --git a/src/polkit/polkitprivate.h b/src/polkit/polkitprivate.h index 7f5c4634..6274bc90 100644 --- a/src/polkit/polkitprivate.h +++ b/src/polkit/polkitprivate.h @@ -44,6 +44,8 @@ GVariant *polkit_action_description_to_gvariant (PolkitActionDescription *action GVariant *polkit_subject_to_gvariant (PolkitSubject *subject); GVariant *polkit_identity_to_gvariant (PolkitIdentity *identity); +gint polkit_unix_process_get_racy_uid__ (PolkitUnixProcess *process, GError **error); + PolkitSubject *polkit_subject_new_for_gvariant (GVariant *variant, GError **error); PolkitIdentity *polkit_identity_new_for_gvariant (GVariant *variant, GError **error); diff --git a/src/polkit/polkitunixprocess.c b/src/polkit/polkitunixprocess.c index 913be3ac..464f034c 100644 --- a/src/polkit/polkitunixprocess.c +++ b/src/polkit/polkitunixprocess.c @@ -49,6 +49,14 @@ * To uniquely identify processes, both the process id and the start * time of the process (a monotonic increasing value representing the * time since the kernel was started) is used. + * + * NOTE: This object stores, and provides access to, the real UID of the + * process. That value can change over time (with set*uid*(2) and exec*(2)). + * Checks whether an operation is allowed need to take care to use the UID + * value as of the time when the operation was made (or, following the open() + * privilege check model, when the connection making the operation possible + * was initiated). That is usually done by initializing this with + * polkit_unix_process_new_for_owner() with trusted data. */ /** @@ -83,9 +91,6 @@ static void subject_iface_init (PolkitSubjectIface *subject_iface); static guint64 get_start_time_for_pid (gint pid, GError **error); -static gint _polkit_unix_process_get_owner (PolkitUnixProcess *process, - GError **error); - #ifdef HAVE_FREEBSD static gboolean get_kinfo_proc (gint pid, struct kinfo_proc *p); #endif @@ -170,7 +175,7 @@ polkit_unix_process_constructed (GObject *object) { GError *error; error = NULL; - process->uid = _polkit_unix_process_get_owner (process, &error); + process->uid = polkit_unix_process_get_racy_uid__ (process, &error); if (error != NULL) { process->uid = -1; @@ -259,6 +264,12 @@ polkit_unix_process_class_init (PolkitUnixProcessClass *klass) * Gets the user id for @process. Note that this is the real user-id, * not the effective user-id. * + * NOTE: The UID may change over time, so the returned value may not match the + * current state of the underlying process; or the UID may have been set by + * polkit_unix_process_new_for_owner() or polkit_unix_process_set_uid(), + * in which case it may not correspond to the actual UID of the referenced + * process at all (at any point in time). + * * Returns: The user id for @process or -1 if unknown. */ gint @@ -655,18 +666,26 @@ out: return start_time; } -static gint -_polkit_unix_process_get_owner (PolkitUnixProcess *process, - GError **error) +/* + * Private: Return the "current" UID. Note that this is inherently racy, + * and the value may already be obsolete by the time this function returns; + * this function only guarantees that the UID was valid at some point during + * its execution. + */ +gint +polkit_unix_process_get_racy_uid__ (PolkitUnixProcess *process, + GError **error) { gint result; gchar *contents; gchar **lines; + guint64 start_time; #ifdef HAVE_FREEBSD struct kinfo_proc p; #else gchar filename[64]; guint n; + GError *local_error; #endif g_return_val_if_fail (POLKIT_IS_UNIX_PROCESS (process), 0); @@ -689,6 +708,7 @@ _polkit_unix_process_get_owner (PolkitUnixProcess *process, } result = p.ki_uid; + start_time = (guint64) p.ki_start.tv_sec; #else /* see 'man proc' for layout of the status file @@ -722,17 +742,37 @@ _polkit_unix_process_get_owner (PolkitUnixProcess *process, else { result = real_uid; - goto out; + goto found; } } - g_set_error (error, POLKIT_ERROR, POLKIT_ERROR_FAILED, "Didn't find any line starting with `Uid:' in file %s", filename); + goto out; + +found: + /* The UID and start time are, sadly, not available in a single file. So, + * read the UID first, and then the start time; if the start time is the same + * before and after reading the UID, it couldn't have changed. + */ + local_error = NULL; + start_time = get_start_time_for_pid (process->pid, &local_error); + if (local_error != NULL) + { + g_propagate_error (error, local_error); + goto out; + } #endif + if (process->start_time != start_time) + { + g_set_error (error, POLKIT_ERROR, POLKIT_ERROR_FAILED, + "process with PID %d has been replaced", process->pid); + goto out; + } + out: g_strfreev (lines); g_free (contents); @@ -744,5 +784,5 @@ gint polkit_unix_process_get_owner (PolkitUnixProcess *process, GError **error) { - return _polkit_unix_process_get_owner (process, error); + return polkit_unix_process_get_racy_uid__ (process, error); } diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c index 73d0a0e2..97a8d800 100644 --- a/src/polkitbackend/polkitbackendinteractiveauthority.c +++ b/src/polkitbackend/polkitbackendinteractiveauthority.c @@ -563,7 +563,7 @@ log_result (PolkitBackendInteractiveAuthority *authority, if (polkit_authorization_result_get_is_authorized (result)) log_result_str = "ALLOWING"; - user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, subject, NULL); + user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, subject, NULL, NULL); subject_str = polkit_subject_to_string (subject); @@ -837,6 +837,7 @@ polkit_backend_interactive_authority_check_authorization (PolkitBackendAuthority gchar *subject_str; PolkitIdentity *user_of_caller; PolkitIdentity *user_of_subject; + gboolean user_of_subject_matches; gchar *user_of_caller_str; gchar *user_of_subject_str; PolkitAuthorizationResult *result; @@ -882,7 +883,7 @@ polkit_backend_interactive_authority_check_authorization (PolkitBackendAuthority action_id); user_of_caller = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, - caller, + caller, NULL, &error); if (error != NULL) { @@ -897,7 +898,7 @@ polkit_backend_interactive_authority_check_authorization (PolkitBackendAuthority g_debug (" user of caller is %s", user_of_caller_str); user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, - subject, + subject, &user_of_subject_matches, &error); if (error != NULL) { @@ -927,7 +928,10 @@ polkit_backend_interactive_authority_check_authorization (PolkitBackendAuthority * We only allow this if, and only if, * * - processes may check for another process owned by the *same* user but not - * if details are passed (otherwise you'd be able to spoof the dialog) + * if details are passed (otherwise you'd be able to spoof the dialog); + * the caller supplies the user_of_subject value, so we additionally + * require it to match at least at one point in time (via + * user_of_subject_matches). * * - processes running as uid 0 may check anything and pass any details * @@ -935,7 +939,9 @@ polkit_backend_interactive_authority_check_authorization (PolkitBackendAuthority * then any uid referenced by that annotation is also allowed to check * to check anything and pass any details */ - if (!polkit_identity_equal (user_of_caller, user_of_subject) || has_details) + if (!user_of_subject_matches + || !polkit_identity_equal (user_of_caller, user_of_subject) + || has_details) { if (!may_identity_check_authorization (interactive_authority, action_id, user_of_caller)) { @@ -1102,9 +1108,10 @@ check_authorization_sync (PolkitBackendAuthority *authority, goto out; } - /* every subject has a user */ + /* every subject has a user; this is supplied by the client, so we rely + * on the caller to validate its acceptability. */ user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, - subject, + subject, NULL, error); if (user_of_subject == NULL) goto out; @@ -2319,6 +2326,7 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken PolkitSubject *session_for_caller; PolkitIdentity *user_of_caller; PolkitIdentity *user_of_subject; + gboolean user_of_subject_matches; AuthenticationAgent *agent; gboolean ret; gchar *caller_cmdline; @@ -2371,7 +2379,7 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken goto out; } - user_of_caller = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, caller, NULL); + user_of_caller = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, caller, NULL, NULL); if (user_of_caller == NULL) { g_set_error (error, @@ -2380,7 +2388,7 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken "Cannot determine user of caller"); goto out; } - user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, subject, NULL); + user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, subject, &user_of_subject_matches, NULL); if (user_of_subject == NULL) { g_set_error (error, @@ -2389,7 +2397,8 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken "Cannot determine user of subject"); goto out; } - if (!polkit_identity_equal (user_of_caller, user_of_subject)) + if (!user_of_subject_matches + || !polkit_identity_equal (user_of_caller, user_of_subject)) { if (POLKIT_IS_UNIX_USER (user_of_caller) && polkit_unix_user_get_uid (POLKIT_UNIX_USER (user_of_caller)) == 0) { @@ -2482,6 +2491,7 @@ polkit_backend_interactive_authority_unregister_authentication_agent (PolkitBack PolkitSubject *session_for_caller; PolkitIdentity *user_of_caller; PolkitIdentity *user_of_subject; + gboolean user_of_subject_matches; AuthenticationAgent *agent; gboolean ret; gchar *scope_str; @@ -2530,7 +2540,7 @@ polkit_backend_interactive_authority_unregister_authentication_agent (PolkitBack goto out; } - user_of_caller = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, caller, NULL); + user_of_caller = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, caller, NULL, NULL); if (user_of_caller == NULL) { g_set_error (error, @@ -2539,7 +2549,7 @@ polkit_backend_interactive_authority_unregister_authentication_agent (PolkitBack "Cannot determine user of caller"); goto out; } - user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, subject, NULL); + user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, subject, &user_of_subject_matches, NULL); if (user_of_subject == NULL) { g_set_error (error, @@ -2548,7 +2558,8 @@ polkit_backend_interactive_authority_unregister_authentication_agent (PolkitBack "Cannot determine user of subject"); goto out; } - if (!polkit_identity_equal (user_of_caller, user_of_subject)) + if (!user_of_subject_matches + || !polkit_identity_equal (user_of_caller, user_of_subject)) { if (POLKIT_IS_UNIX_USER (user_of_caller) && polkit_unix_user_get_uid (POLKIT_UNIX_USER (user_of_caller)) == 0) { @@ -2658,7 +2669,7 @@ polkit_backend_interactive_authority_authentication_agent_response (PolkitBacken identity_str); user_of_caller = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, - caller, + caller, NULL, error); if (user_of_caller == NULL) goto out; diff --git a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c index 6bd517ab..773256e3 100644 --- a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c +++ b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c @@ -29,6 +29,7 @@ #include #include +#include #include "polkitbackendsessionmonitor.h" /* @@ -246,26 +247,40 @@ polkit_backend_session_monitor_get_sessions (PolkitBackendSessionMonitor *monito * polkit_backend_session_monitor_get_user: * @monitor: A #PolkitBackendSessionMonitor. * @subject: A #PolkitSubject. + * @result_matches: If not %NULL, set to indicate whether the return value matches current (RACY) state. * @error: Return location for error. * * Gets the user corresponding to @subject or %NULL if no user exists. * + * NOTE: For a #PolkitUnixProcess, the UID is read from @subject (which may + * come from e.g. a D-Bus client), so it may not correspond to the actual UID + * of the referenced process (at any point in time). This is indicated by + * setting @result_matches to %FALSE; the caller may reject such subjects or + * require additional privileges. @result_matches == %TRUE only indicates that + * the UID matched the underlying process at ONE point in time, it may not match + * later. + * * Returns: %NULL if @error is set otherwise a #PolkitUnixUser that should be freed with g_object_unref(). */ PolkitIdentity * polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor *monitor, PolkitSubject *subject, + gboolean *result_matches, GError **error) { PolkitIdentity *ret; - guint32 uid; + gboolean matches; ret = NULL; + matches = FALSE; if (POLKIT_IS_UNIX_PROCESS (subject)) { - uid = polkit_unix_process_get_uid (POLKIT_UNIX_PROCESS (subject)); - if ((gint) uid == -1) + gint subject_uid, current_uid; + GError *local_error; + + subject_uid = polkit_unix_process_get_uid (POLKIT_UNIX_PROCESS (subject)); + if (subject_uid == -1) { g_set_error (error, POLKIT_ERROR, @@ -273,14 +288,24 @@ polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor "Unix process subject does not have uid set"); goto out; } - ret = polkit_unix_user_new (uid); + local_error = NULL; + current_uid = polkit_unix_process_get_racy_uid__ (POLKIT_UNIX_PROCESS (subject), &local_error); + if (local_error != NULL) + { + g_propagate_error (error, local_error); + goto out; + } + ret = polkit_unix_user_new (subject_uid); + matches = (subject_uid == current_uid); } else if (POLKIT_IS_SYSTEM_BUS_NAME (subject)) { ret = (PolkitIdentity*)polkit_system_bus_name_get_user_sync (POLKIT_SYSTEM_BUS_NAME (subject), NULL, error); + matches = TRUE; } else if (POLKIT_IS_UNIX_SESSION (subject)) { + uid_t uid; if (sd_session_get_uid (polkit_unix_session_get_session_id (POLKIT_UNIX_SESSION (subject)), &uid) < 0) { @@ -292,9 +317,14 @@ polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor } ret = polkit_unix_user_new (uid); + matches = TRUE; } out: + if (result_matches != NULL) + { + *result_matches = matches; + } return ret; } diff --git a/src/polkitbackend/polkitbackendsessionmonitor.c b/src/polkitbackend/polkitbackendsessionmonitor.c index e1a9ab3a..ed307559 100644 --- a/src/polkitbackend/polkitbackendsessionmonitor.c +++ b/src/polkitbackend/polkitbackendsessionmonitor.c @@ -27,6 +27,7 @@ #include #include +#include #include "polkitbackendsessionmonitor.h" #define CKDB_PATH "/var/run/ConsoleKit/database" @@ -273,28 +274,40 @@ polkit_backend_session_monitor_get_sessions (PolkitBackendSessionMonitor *monito * polkit_backend_session_monitor_get_user: * @monitor: A #PolkitBackendSessionMonitor. * @subject: A #PolkitSubject. + * @result_matches: If not %NULL, set to indicate whether the return value matches current (RACY) state. * @error: Return location for error. * * Gets the user corresponding to @subject or %NULL if no user exists. * + * NOTE: For a #PolkitUnixProcess, the UID is read from @subject (which may + * come from e.g. a D-Bus client), so it may not correspond to the actual UID + * of the referenced process (at any point in time). This is indicated by + * setting @result_matches to %FALSE; the caller may reject such subjects or + * require additional privileges. @result_matches == %TRUE only indicates that + * the UID matched the underlying process at ONE point in time, it may not match + * later. + * * Returns: %NULL if @error is set otherwise a #PolkitUnixUser that should be freed with g_object_unref(). */ PolkitIdentity * polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor *monitor, PolkitSubject *subject, + gboolean *result_matches, GError **error) { PolkitIdentity *ret; + gboolean matches; GError *local_error; - gchar *group; - guint32 uid; ret = NULL; + matches = FALSE; if (POLKIT_IS_UNIX_PROCESS (subject)) { - uid = polkit_unix_process_get_uid (POLKIT_UNIX_PROCESS (subject)); - if ((gint) uid == -1) + gint subject_uid, current_uid; + + subject_uid = polkit_unix_process_get_uid (POLKIT_UNIX_PROCESS (subject)); + if (subject_uid == -1) { g_set_error (error, POLKIT_ERROR, @@ -302,14 +315,26 @@ polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor "Unix process subject does not have uid set"); goto out; } - ret = polkit_unix_user_new (uid); + local_error = NULL; + current_uid = polkit_unix_process_get_racy_uid__ (POLKIT_UNIX_PROCESS (subject), &local_error); + if (local_error != NULL) + { + g_propagate_error (error, local_error); + goto out; + } + ret = polkit_unix_user_new (subject_uid); + matches = (subject_uid == current_uid); } else if (POLKIT_IS_SYSTEM_BUS_NAME (subject)) { ret = (PolkitIdentity*)polkit_system_bus_name_get_user_sync (POLKIT_SYSTEM_BUS_NAME (subject), NULL, error); + matches = TRUE; } else if (POLKIT_IS_UNIX_SESSION (subject)) { + gint uid; + gchar *group; + if (!ensure_database (monitor, error)) { g_prefix_error (error, "Error getting user for session: Error ensuring CK database at " CKDB_PATH ": "); @@ -328,9 +353,14 @@ polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor g_free (group); ret = polkit_unix_user_new (uid); + matches = TRUE; } out: + if (result_matches != NULL) + { + *result_matches = matches; + } return ret; } diff --git a/src/polkitbackend/polkitbackendsessionmonitor.h b/src/polkitbackend/polkitbackendsessionmonitor.h index 8f8a2cae..3972326b 100644 --- a/src/polkitbackend/polkitbackendsessionmonitor.h +++ b/src/polkitbackend/polkitbackendsessionmonitor.h @@ -47,6 +47,7 @@ GList *polkit_backend_session_monitor_get_sessions (Polkit PolkitIdentity *polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor *monitor, PolkitSubject *subject, + gboolean *result_matches, GError **error); PolkitSubject *polkit_backend_session_monitor_get_session_for_subject (PolkitBackendSessionMonitor *monitor, -- cgit v1.2.3 From fb2b09d5fa355dd0563275a08460017d035b06da Mon Sep 17 00:00:00 2001 From: Jan Rybar Date: Thu, 9 Aug 2018 16:46:38 +0200 Subject: Possible resource leak found by static analyzer Origin: upstream, 0.116, commit:542c6ec832919df6a74e16aba574adaeebe35e08 Gbp-Pq: Topic 0.116 Gbp-Pq: Name Possible-resource-leak-found-by-static-analyzer.patch --- src/polkitagent/polkitagentlistener.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/polkitagent/polkitagentlistener.c b/src/polkitagent/polkitagentlistener.c index 2bfda2d5..00038517 100644 --- a/src/polkitagent/polkitagentlistener.c +++ b/src/polkitagent/polkitagentlistener.c @@ -440,6 +440,7 @@ polkit_agent_listener_register_with_options (PolkitAgentListener *listener, server->thread_initialization_error = NULL; g_thread_join (server->thread); server_free (server); + server = NULL; goto out; } } -- cgit v1.2.3 From 7a99ee1268c6e0e5465672de999a5b524e04b4e3 Mon Sep 17 00:00:00 2001 From: Jan Rybar Date: Wed, 15 Aug 2018 18:50:56 +0200 Subject: Elaborate message printed by polkit when disconnecting from ssh Polkit raises unnecessarily elaborate warning message when user restarts machine from ssh. This message was moved to debug mode. Origin: upstream, 0.116, commit:b1cc525ff5a50e20c9f921f898f0556e07675e58 Gbp-Pq: Topic 0.116 Gbp-Pq: Name Elaborate-message-printed-by-polkit-when-disconnecting-fr.patch --- src/polkitagent/polkitagentlistener.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/src/polkitagent/polkitagentlistener.c b/src/polkitagent/polkitagentlistener.c index 00038517..e0b7b576 100644 --- a/src/polkitagent/polkitagentlistener.c +++ b/src/polkitagent/polkitagentlistener.c @@ -177,10 +177,10 @@ on_notify_authority_owner (GObject *object, owner = polkit_authority_get_owner (server->authority); if (owner == NULL) { - g_printerr ("PolicyKit daemon disconnected from the bus.\n"); + g_debug ("PolicyKit daemon disconnected from the bus.\n"); if (server->is_registered) - g_printerr ("We are no longer a registered authentication agent.\n"); + g_debug ("We are no longer a registered authentication agent.\n"); server->is_registered = FALSE; } @@ -191,17 +191,17 @@ on_notify_authority_owner (GObject *object, { GError *error; - g_printerr ("PolicyKit daemon reconnected to bus.\n"); - g_printerr ("Attempting to re-register as an authentication agent.\n"); + g_debug ("PolicyKit daemon reconnected to bus.\n"); + g_debug ("Attempting to re-register as an authentication agent.\n"); error = NULL; if (server_register (server, &error)) { - g_printerr ("We are now a registered authentication agent.\n"); + g_debug ("We are now a registered authentication agent.\n"); } else { - g_printerr ("Failed to register as an authentication agent: %s\n", error->message); + g_debug ("Failed to register as an authentication agent: %s\n", error->message); g_error_free (error); } } -- cgit v1.2.3 From aaa6a46eda9824835bd35730b1d014b3b76d389b Mon Sep 17 00:00:00 2001 From: Jan Rybar Date: Wed, 15 Aug 2018 18:56:43 +0200 Subject: Error message raised on every 'systemctl start' in emergency.target Superuser should know that polkit is not running in emergency.target. If not, basic info with debug sources is offered instead of error message. Other usecases taken into account. Origin: upstream, 0.116, commit:8c1bc8ab182f33a55503d30aa7a4ee96f822d903 Gbp-Pq: Topic 0.116 Gbp-Pq: Name Error-message-raised-on-every-systemctl-start-in-emergenc.patch --- src/programs/pkttyagent.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/programs/pkttyagent.c b/src/programs/pkttyagent.c index 488ca8b2..fe747657 100644 --- a/src/programs/pkttyagent.c +++ b/src/programs/pkttyagent.c @@ -180,7 +180,8 @@ main (int argc, char *argv[]) authority = polkit_authority_get_sync (NULL /* GCancellable* */, &error); if (authority == NULL) { - g_printerr ("Error getting authority: %s (%s, %d)\n", + g_printerr ("Authorization not available. Check if polkit service is running or see debug message for more information.\n"); + g_debug ("Error getting authority: %s (%s, %d)\n", error->message, g_quark_to_string (error->domain), error->code); g_error_free (error); ret = 127; -- cgit v1.2.3 From d96a3ca25359126120133868d73ae07fa3db1920 Mon Sep 17 00:00:00 2001 From: Richard Hughes Date: Thu, 19 Oct 2017 13:43:22 +0100 Subject: Fix a critical warning on calling polkit_permission_new_sync with no system bus Origin: upstream, 0.116, commit:984d16e6d21c6d6b0fc28d4fe7fe82575a43c95b Gbp-Pq: Topic 0.116 Gbp-Pq: Name Fix-a-critical-warning-on-calling-polkit_permission_new_s.patch --- src/polkit/polkitpermission.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/src/polkit/polkitpermission.c b/src/polkit/polkitpermission.c index f264094d..d4b24591 100644 --- a/src/polkit/polkitpermission.c +++ b/src/polkit/polkitpermission.c @@ -137,10 +137,13 @@ polkit_permission_finalize (GObject *object) g_free (permission->tmp_authz_id); g_object_unref (permission->subject); - g_signal_handlers_disconnect_by_func (permission->authority, - on_authority_changed, - permission); - g_object_unref (permission->authority); + if (permission->authority != NULL) + { + g_signal_handlers_disconnect_by_func (permission->authority, + on_authority_changed, + permission); + g_object_unref (permission->authority); + } if (G_OBJECT_CLASS (polkit_permission_parent_class)->finalize != NULL) G_OBJECT_CLASS (polkit_permission_parent_class)->finalize (object); -- cgit v1.2.3 From c87e85cb2aebc3caa3d8bd893f937bd6db362b84 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Mon, 3 Dec 2018 10:28:58 +0100 Subject: Allow negative uids/gids in PolkitUnixUser and Group objects (uid_t) -1 is still used as placeholder to mean "unset". This is OK, since there should be no users with such number, see https://systemd.io/UIDS-GIDS#special-linux-uids. (uid_t) -1 is used as the default value in class initialization. When a user or group above INT32_MAX is created, the numeric uid or gid wraps around to negative when the value is assigned to gint, and polkit gets confused. Let's accept such gids, except for -1. A nicer fix would be to change the underlying type to e.g. uint32 to not have negative values. But this cannot be done without breaking the API, so likely new functions will have to be added (a polkit_unix_user_new variant that takes a unsigned, and the same for _group_new, _set_uid, _get_uid, _set_gid, _get_gid, etc.). This will require a bigger patch. Fixes https://gitlab.freedesktop.org/polkit/polkit/issues/74. (cherry picked from commit 2cb40c4d5feeaa09325522bd7d97910f1b59e379) Gbp-Pq: Topic 0.116 Gbp-Pq: Name Allow-negative-uids-gids-in-PolkitUnixUser-and-Group-obje.patch --- src/polkit/polkitunixgroup.c | 15 +++++++++++---- src/polkit/polkitunixprocess.c | 12 ++++++++---- src/polkit/polkitunixuser.c | 13 ++++++++++--- 3 files changed, 29 insertions(+), 11 deletions(-) diff --git a/src/polkit/polkitunixgroup.c b/src/polkit/polkitunixgroup.c index c57a1aaa..309f6891 100644 --- a/src/polkit/polkitunixgroup.c +++ b/src/polkit/polkitunixgroup.c @@ -71,6 +71,7 @@ G_DEFINE_TYPE_WITH_CODE (PolkitUnixGroup, polkit_unix_group, G_TYPE_OBJECT, static void polkit_unix_group_init (PolkitUnixGroup *unix_group) { + unix_group->gid = -1; /* (git_t) -1 is not a valid GID under Linux */ } static void @@ -100,11 +101,14 @@ polkit_unix_group_set_property (GObject *object, GParamSpec *pspec) { PolkitUnixGroup *unix_group = POLKIT_UNIX_GROUP (object); + gint val; switch (prop_id) { case PROP_GID: - unix_group->gid = g_value_get_int (value); + val = g_value_get_int (value); + g_return_if_fail (val != -1); + unix_group->gid = val; break; default: @@ -131,9 +135,9 @@ polkit_unix_group_class_init (PolkitUnixGroupClass *klass) g_param_spec_int ("gid", "Group ID", "The UNIX group ID", - 0, + G_MININT, G_MAXINT, - 0, + -1, G_PARAM_CONSTRUCT | G_PARAM_READWRITE | G_PARAM_STATIC_NAME | @@ -166,9 +170,10 @@ polkit_unix_group_get_gid (PolkitUnixGroup *group) */ void polkit_unix_group_set_gid (PolkitUnixGroup *group, - gint gid) + gint gid) { g_return_if_fail (POLKIT_IS_UNIX_GROUP (group)); + g_return_if_fail (gid != -1); group->gid = gid; } @@ -183,6 +188,8 @@ polkit_unix_group_set_gid (PolkitUnixGroup *group, PolkitIdentity * polkit_unix_group_new (gint gid) { + g_return_val_if_fail (gid != -1, NULL); + return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_GROUP, "gid", gid, NULL)); diff --git a/src/polkit/polkitunixprocess.c b/src/polkit/polkitunixprocess.c index 464f034c..02a083f7 100644 --- a/src/polkit/polkitunixprocess.c +++ b/src/polkit/polkitunixprocess.c @@ -147,9 +147,14 @@ polkit_unix_process_set_property (GObject *object, polkit_unix_process_set_pid (unix_process, g_value_get_int (value)); break; - case PROP_UID: - polkit_unix_process_set_uid (unix_process, g_value_get_int (value)); + case PROP_UID: { + gint val; + + val = g_value_get_int (value); + g_return_if_fail (val != -1); + polkit_unix_process_set_uid (unix_process, val); break; + } case PROP_START_TIME: polkit_unix_process_set_start_time (unix_process, g_value_get_uint64 (value)); @@ -227,7 +232,7 @@ polkit_unix_process_class_init (PolkitUnixProcessClass *klass) g_param_spec_int ("uid", "User ID", "The UNIX user ID", - -1, + G_MININT, G_MAXINT, -1, G_PARAM_CONSTRUCT | @@ -291,7 +296,6 @@ polkit_unix_process_set_uid (PolkitUnixProcess *process, gint uid) { g_return_if_fail (POLKIT_IS_UNIX_PROCESS (process)); - g_return_if_fail (uid >= -1); process->uid = uid; } diff --git a/src/polkit/polkitunixuser.c b/src/polkit/polkitunixuser.c index 8bfd3a1f..234a6976 100644 --- a/src/polkit/polkitunixuser.c +++ b/src/polkit/polkitunixuser.c @@ -72,6 +72,7 @@ G_DEFINE_TYPE_WITH_CODE (PolkitUnixUser, polkit_unix_user, G_TYPE_OBJECT, static void polkit_unix_user_init (PolkitUnixUser *unix_user) { + unix_user->uid = -1; /* (uid_t) -1 is not a valid UID under Linux */ unix_user->name = NULL; } @@ -112,11 +113,14 @@ polkit_unix_user_set_property (GObject *object, GParamSpec *pspec) { PolkitUnixUser *unix_user = POLKIT_UNIX_USER (object); + gint val; switch (prop_id) { case PROP_UID: - unix_user->uid = g_value_get_int (value); + val = g_value_get_int (value); + g_return_if_fail (val != -1); + unix_user->uid = val; break; default: @@ -144,9 +148,9 @@ polkit_unix_user_class_init (PolkitUnixUserClass *klass) g_param_spec_int ("uid", "User ID", "The UNIX user ID", - 0, + G_MININT, G_MAXINT, - 0, + -1, G_PARAM_CONSTRUCT | G_PARAM_READWRITE | G_PARAM_STATIC_NAME | @@ -182,6 +186,7 @@ polkit_unix_user_set_uid (PolkitUnixUser *user, gint uid) { g_return_if_fail (POLKIT_IS_UNIX_USER (user)); + g_return_if_fail (uid != -1); user->uid = uid; } @@ -196,6 +201,8 @@ polkit_unix_user_set_uid (PolkitUnixUser *user, PolkitIdentity * polkit_unix_user_new (gint uid) { + g_return_val_if_fail (uid != -1, NULL); + return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_USER, "uid", uid, NULL)); -- cgit v1.2.3 From ca4863aa5d6da8142224f72618388ba18017e9d3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Mon, 3 Dec 2018 11:20:34 +0100 Subject: tests: add tests for high uids Modified by Marc Deslauriers for polkit 105 (cherry picked from commit b534a10727455409acd54018a9c91000e7626126) Gbp-Pq: Topic 0.116 Gbp-Pq: Name tests-add-tests-for-high-uids.patch --- test/data/etc/group | 1 + test/data/etc/passwd | 2 ++ .../localauthority/10-test/com.example.pkla | 13 +++++++ .../polkitbackendlocalauthoritytest.c | 41 +++++++++++++++++++++- 4 files changed, 56 insertions(+), 1 deletion(-) diff --git a/test/data/etc/group b/test/data/etc/group index 12ef328b..b9acab97 100644 --- a/test/data/etc/group +++ b/test/data/etc/group @@ -5,3 +5,4 @@ john:x:500: jane:x:501: sally:x:502: henry:x:503: +highuid2:x:4000000000: diff --git a/test/data/etc/passwd b/test/data/etc/passwd index 8544febc..5cf14a56 100644 --- a/test/data/etc/passwd +++ b/test/data/etc/passwd @@ -3,3 +3,5 @@ john:x:500:500:John Done:/home/john:/bin/bash jane:x:501:501:Jane Smith:/home/jane:/bin/bash sally:x:502:502:Sally Derp:/home/sally:/bin/bash henry:x:503:503:Henry Herp:/home/henry:/bin/bash +highuid1:x:2147483648:2147483648:The first high uid:/home/highuid1:/sbin/nologin +highuid2:x:4000000000:4000000000:An example high uid:/home/example:/sbin/nologin diff --git a/test/data/etc/polkit-1/localauthority/10-test/com.example.pkla b/test/data/etc/polkit-1/localauthority/10-test/com.example.pkla index bc64c5e9..a35f9a37 100644 --- a/test/data/etc/polkit-1/localauthority/10-test/com.example.pkla +++ b/test/data/etc/polkit-1/localauthority/10-test/com.example.pkla @@ -12,3 +12,16 @@ ResultAny=no ResultInactive=auth_self ResultActive=yes +[User john can do this] +Identity=unix-user:john +Action=net.company.john_action +ResultAny=no +ResultInactive=auth_self +ResultActive=yes + +[User highuid2 can do this] +Identity=unix-user:highuid2 +Action=net.company.highuid2_action +ResultAny=no +ResultInactive=auth_self +ResultActive=yes diff --git a/test/polkitbackend/polkitbackendlocalauthoritytest.c b/test/polkitbackend/polkitbackendlocalauthoritytest.c index 617c2549..b0bfefef 100644 --- a/test/polkitbackend/polkitbackendlocalauthoritytest.c +++ b/test/polkitbackend/polkitbackendlocalauthoritytest.c @@ -226,7 +226,46 @@ struct auth_context check_authorization_test_data [] = { {"unix-user:jane", TRUE, TRUE, "com.example.awesomeproduct.bar", POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED}, - + /* highuid1 is not a member of group 'users', see test/data/etc/group + * group_membership_with_non_member(highuid22) */ + {"unix-user:highuid2", TRUE, TRUE, "com.example.awesomeproduct.foo", + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN}, + /* highuid2 is not a member of group 'users', see test/data/etc/group + * group_membership_with_non_member(highuid21) */ + {"unix-user:highuid2", TRUE, TRUE, "com.example.awesomeproduct.foo", + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN}, + /* highuid1 is not a member of group 'users', see test/data/etc/group + * group_membership_with_non_member(highuid24) */ + {"unix-user:2147483648", TRUE, TRUE, "com.example.awesomeproduct.foo", + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN}, + /* highuid2 is not a member of group 'users', see test/data/etc/group + * group_membership_with_non_member(highuid23) */ + {"unix-user:4000000000", TRUE, TRUE, "com.example.awesomeproduct.foo", + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN}, + /* john is authorized to do this, see com.example.pkla + * john_action */ + {"unix-user:john", TRUE, TRUE, "net.company.john_action", + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, + POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED}, + /* only john is authorized to do this, see com.example.pkla + * jane_action */ + {"unix-user:jane", TRUE, TRUE, "net.company.john_action", + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN}, + /* highuid2 is authorized to do this, see com.example.pkla + * highuid2_action */ + {"unix-user:highuid2", TRUE, TRUE, "net.company.highuid2_action", + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, + POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED}, + /* only highuid2 is authorized to do this, see com.example.pkla + * highuid1_action */ + {"unix-user:highuid1", TRUE, TRUE, "net.company.highuid2_action", + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN}, {NULL}, }; -- cgit v1.2.3 From afc9356d9fa16e491d888f3d4933464bc493c9c3 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Fri, 4 Jan 2019 14:24:48 -0500 Subject: backend: Compare PolkitUnixProcess uids for temporary authorizations It turns out that the combination of `(pid, start time)` is not enough to be unique. For temporary authorizations, we can avoid separate users racing on pid reuse by simply comparing the uid. https://bugs.chromium.org/p/project-zero/issues/detail?id=1692 And the above original email report is included in full in a new comment. Reported-by: Jann Horn Bug: https://gitlab.freedesktop.org/polkit/polkit/issues/75 Origin: upstream, 0.116, commit:6cc6aafee135ba44ea748250d7d29b562ca190e3 Gbp-Pq: Topic 0.116 Gbp-Pq: Name backend-Compare-PolkitUnixProcess-uids-for-temporary-auth.patch --- src/polkit/polkitsubject.c | 2 + src/polkit/polkitunixprocess.c | 71 +++++++++++++++++++++- .../polkitbackendinteractiveauthority.c | 39 +++++++++++- 3 files changed, 110 insertions(+), 2 deletions(-) diff --git a/src/polkit/polkitsubject.c b/src/polkit/polkitsubject.c index 78ec745a..fadcfe9b 100644 --- a/src/polkit/polkitsubject.c +++ b/src/polkit/polkitsubject.c @@ -99,6 +99,8 @@ polkit_subject_hash (PolkitSubject *subject) * @b: A #PolkitSubject. * * Checks if @a and @b are equal, ie. represent the same subject. + * However, avoid calling polkit_subject_equal() to compare two processes; + * for more information see the `PolkitUnixProcess` documentation. * * This function can be used in e.g. g_hash_table_new(). * diff --git a/src/polkit/polkitunixprocess.c b/src/polkit/polkitunixprocess.c index 02a083f7..fc5afa1c 100644 --- a/src/polkit/polkitunixprocess.c +++ b/src/polkit/polkitunixprocess.c @@ -44,7 +44,10 @@ * @title: PolkitUnixProcess * @short_description: Unix processs * - * An object for representing a UNIX process. + * An object for representing a UNIX process. NOTE: This object as + * designed is now known broken; a mechanism to exploit a delay in + * start time in the Linux kernel was identified. Avoid + * calling polkit_subject_equal() to compare two processes. * * To uniquely identify processes, both the process id and the start * time of the process (a monotonic increasing value representing the @@ -59,6 +62,72 @@ * polkit_unix_process_new_for_owner() with trusted data. */ +/* See https://gitlab.freedesktop.org/polkit/polkit/issues/75 + + But quoting the original email in full here to ensure it's preserved: + + From: Jann Horn + Subject: [SECURITY] polkit: temporary auth hijacking via PID reuse and non-atomic fork + Date: Wednesday, October 10, 2018 5:34 PM + +When a (non-root) user attempts to e.g. control systemd units in the system +instance from an active session over DBus, the access is gated by a polkit +policy that requires "auth_admin_keep" auth. This results in an auth prompt +being shown to the user, asking the user to confirm the action by entering the +password of an administrator account. + +After the action has been confirmed, the auth decision for "auth_admin_keep" is +cached for up to five minutes. Subject to some restrictions, similar actions can +then be performed in this timespan without requiring re-auth: + + - The PID of the DBus client requesting the new action must match the PID of + the DBus client requesting the old action (based on SO_PEERCRED information + forwarded by the DBus daemon). + - The "start time" of the client's PID (as seen in /proc/$pid/stat, field 22) + must not have changed. The granularity of this timestamp is in the + millisecond range. + - polkit polls every two seconds whether a process with the expected start time + still exists. If not, the temporary auth entry is purged. + +Without the start time check, this would obviously be buggy because an attacker +could simply wait for the legitimate client to disappear, then create a new +client with the same PID. + +Unfortunately, the start time check is bypassable because fork() is not atomic. +Looking at the source code of copy_process() in the kernel: + + p->start_time = ktime_get_ns(); + p->real_start_time = ktime_get_boot_ns(); + [...] + retval = copy_thread_tls(clone_flags, stack_start, stack_size, p, tls); + if (retval) + goto bad_fork_cleanup_io; + + if (pid != &init_struct_pid) { + pid = alloc_pid(p->nsproxy->pid_ns_for_children); + if (IS_ERR(pid)) { + retval = PTR_ERR(pid); + goto bad_fork_cleanup_thread; + } + } + +The ktime_get_boot_ns() call is where the "start time" of the process is +recorded. The alloc_pid() call is where a free PID is allocated. In between +these, some time passes; and because the copy_thread_tls() call between them can +access userspace memory when sys_clone() is invoked through the 32-bit syscall +entry point, an attacker can even stall the kernel arbitrarily long at this +point (by supplying a pointer into userspace memory that is associated with a +userfaultfd or is backed by a custom FUSE filesystem). + +This means that an attacker can immediately call sys_clone() when the victim +process is created, often resulting in a process that has the exact same start +time reported in procfs; and then the attacker can delay the alloc_pid() call +until after the victim process has died and the PID assignment has cycled +around. This results in an attacker process that polkit can't distinguish from +the victim process. +*/ + + /** * PolkitUnixProcess: * diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c index 97a8d800..1e17dfd5 100644 --- a/src/polkitbackend/polkitbackendinteractiveauthority.c +++ b/src/polkitbackend/polkitbackendinteractiveauthority.c @@ -2870,6 +2870,43 @@ temporary_authorization_store_free (TemporaryAuthorizationStore *store) g_free (store); } +/* See the comment at the top of polkitunixprocess.c */ +static gboolean +subject_equal_for_authz (PolkitSubject *a, + PolkitSubject *b) +{ + if (!polkit_subject_equal (a, b)) + return FALSE; + + /* Now special case unix processes, as we want to protect against + * pid reuse by including the UID. + */ + if (POLKIT_IS_UNIX_PROCESS (a) && POLKIT_IS_UNIX_PROCESS (b)) { + PolkitUnixProcess *ap = (PolkitUnixProcess*)a; + int uid_a = polkit_unix_process_get_uid ((PolkitUnixProcess*)a); + PolkitUnixProcess *bp = (PolkitUnixProcess*)b; + int uid_b = polkit_unix_process_get_uid ((PolkitUnixProcess*)b); + + if (uid_a != -1 && uid_b != -1) + { + if (uid_a == uid_b) + { + return TRUE; + } + else + { + g_printerr ("denying slowfork; pid %d uid %d != %d!\n", + polkit_unix_process_get_pid (ap), + uid_a, uid_b); + return FALSE; + } + } + /* Fall through; one of the uids is unset so we can't reliably compare */ + } + + return TRUE; +} + static gboolean temporary_authorization_store_has_authorization (TemporaryAuthorizationStore *store, PolkitSubject *subject, @@ -2912,7 +2949,7 @@ temporary_authorization_store_has_authorization (TemporaryAuthorizationStore *st TemporaryAuthorization *authorization = l->data; if (strcmp (action_id, authorization->action_id) == 0 && - polkit_subject_equal (subject_to_use, authorization->subject)) + subject_equal_for_authz (subject_to_use, authorization->subject)) { ret = TRUE; if (out_tmp_authz_id != NULL) -- cgit v1.2.3 From 786ff9c6885ba91bf34c82a515c9cc7650365bdc Mon Sep 17 00:00:00 2001 From: Matthew Leeds Date: Tue, 11 Dec 2018 12:04:26 -0800 Subject: Allow uid of -1 for a PolkitUnixProcess Commit 2cb40c4d5 changed PolkitUnixUser, PolkitUnixGroup, and PolkitUnixProcess to allow negative values for their uid/gid properties, since these are values above INT_MAX which wrap around but are still valid, with the exception of -1 which is not valid. However, PolkitUnixProcess allows a uid of -1 to be passed to polkit_unix_process_new_for_owner() which means polkit is expected to figure out the uid on its own (this happens in the _constructed function). So this commit removes the check in polkit_unix_process_set_property() so that new_for_owner() can be used as documented without producing a critical error message. This does not affect the protection against CVE-2018-19788 which is based on creating a user with a UID up to but not including 4294967295 (-1). Gbp-Pq: Topic 0.116 Gbp-Pq: Name Allow-uid-of-1-for-a-PolkitUnixProcess.patch --- src/polkit/polkitunixprocess.c | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/src/polkit/polkitunixprocess.c b/src/polkit/polkitunixprocess.c index fc5afa1c..53537fa5 100644 --- a/src/polkit/polkitunixprocess.c +++ b/src/polkit/polkitunixprocess.c @@ -216,14 +216,9 @@ polkit_unix_process_set_property (GObject *object, polkit_unix_process_set_pid (unix_process, g_value_get_int (value)); break; - case PROP_UID: { - gint val; - - val = g_value_get_int (value); - g_return_if_fail (val != -1); - polkit_unix_process_set_uid (unix_process, val); + case PROP_UID: + polkit_unix_process_set_uid (unix_process, g_value_get_int (value)); break; - } case PROP_START_TIME: polkit_unix_process_set_start_time (unix_process, g_value_get_uint64 (value)); -- cgit v1.2.3 From 9fc3ebec6458a0dacf71f2f45b44ca77efaad62d Mon Sep 17 00:00:00 2001 From: Jan Rybar Date: Fri, 15 Mar 2019 16:07:53 +0000 Subject: pkttyagent: PolkitAgentTextListener leaves echo tty disabled if SIGINT/SIGTERM If no password is typed into terminal during authentication raised by PolkitAgentTextListener, pkttyagent sends kill (it receives from systemctl/hostnamectl e.g.) without chance to restore echoing back on. This cannot be done in on_request() since it's run in a thread without guarantee the signal is distributed there. Origin: upstream, 0.116, commit:bfb722bbe5a503095cc7e860f282b142f5aa75f1 Gbp-Pq: Topic 0.116 Gbp-Pq: Name pkttyagent-PolkitAgentTextListener-leaves-echo-tty-disabl.patch --- src/programs/pkttyagent.c | 57 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 57 insertions(+) diff --git a/src/programs/pkttyagent.c b/src/programs/pkttyagent.c index fe747657..eaccc058 100644 --- a/src/programs/pkttyagent.c +++ b/src/programs/pkttyagent.c @@ -24,6 +24,10 @@ #endif #include +#include +#include +#include +#include #include #define POLKIT_AGENT_I_KNOW_API_IS_SUBJECT_TO_CHANGE #include @@ -47,6 +51,36 @@ usage (int argc, char *argv[]) } +static volatile sig_atomic_t tty_flags_saved; +struct termios ts; +FILE *tty = NULL; +struct sigaction savesigterm, savesigint, savesigtstp; + + +static void tty_handler(int signal) +{ + switch (signal) + { + case SIGTERM: + sigaction (SIGTERM, &savesigterm, NULL); + break; + case SIGINT: + sigaction (SIGINT, &savesigint, NULL); + break; + case SIGTSTP: + sigaction (SIGTSTP, &savesigtstp, NULL); + break; + } + + if (tty_flags_saved) + { + tcsetattr (fileno (tty), TCSAFLUSH, &ts); + } + + kill(getpid(), signal); +} + + int main (int argc, char *argv[]) { @@ -64,6 +98,8 @@ main (int argc, char *argv[]) guint ret = 126; gint notify_fd = -1; GVariantBuilder builder; + struct sigaction sa; + const char *tty_name = NULL; g_type_init (); @@ -232,6 +268,27 @@ main (int argc, char *argv[]) } } +/* Bash leaves tty echo disabled if SIGINT/SIGTERM comes to polkitagenttextlistener.c::on_request(), + but due to threading the handlers cannot take care of the signal there. + Though if controlling terminal cannot be found, the world won't stop spinning. +*/ + tty_name = ctermid(NULL); + if (tty_name != NULL) + { + tty = fopen(tty_name, "r+"); + } + + if (tty != NULL && !tcgetattr (fileno (tty), &ts)) + { + tty_flags_saved = TRUE; + } + + memset (&sa, 0, sizeof (sa)); + sa.sa_handler = &tty_handler; + sigaction (SIGTERM, &sa, &savesigterm); + sigaction (SIGINT, &sa, &savesigint); + sigaction (SIGTSTP, &sa, &savesigtstp); + loop = g_main_loop_new (NULL, FALSE); g_main_loop_run (loop); -- cgit v1.2.3 From ab598e5ba727b54b974c46e4a19e89876c18539a Mon Sep 17 00:00:00 2001 From: Jan Rybar Date: Wed, 2 Jun 2021 15:43:38 +0200 Subject: GHSL-2021-074: authentication bypass vulnerability in polkit initial values returned if error caught Origin: upstream, 0.119, commit:a04d13affe0fa53ff618e07aa8f57f4c0e3b9b81 Bug: https://gitlab.freedesktop.org/polkit/polkit/-/issues/140 Bug-Debian: https://bugs.debian.org/989429 Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2021-3560 Gbp-Pq: Topic 0.119 Gbp-Pq: Name CVE-2021-3560.patch --- src/polkit/polkitsystembusname.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/polkit/polkitsystembusname.c b/src/polkit/polkitsystembusname.c index 8daa12cb..8ed13631 100644 --- a/src/polkit/polkitsystembusname.c +++ b/src/polkit/polkitsystembusname.c @@ -435,6 +435,9 @@ polkit_system_bus_name_get_creds_sync (PolkitSystemBusName *system_bus while (!((data.retrieved_uid && data.retrieved_pid) || data.caught_error)) g_main_context_iteration (tmp_context, TRUE); + if (data.caught_error) + goto out; + if (out_uid) *out_uid = data.uid; if (out_pid) -- cgit v1.2.3 From eec55466bb50fe5bc12f49c686e5784d9555a987 Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Wed, 9 Feb 2022 11:31:02 +0000 Subject: pkexec: local privilege escalation (CVE-2021-4034) Origin: upstream, 0.121, commit:a2bf5c9c83b6ae46cbd5c779d3055bff81ded683 Bug: CVE-2021-4034 Gbp-Pq: Topic 0.121 Gbp-Pq: Name pkexec-local-privilege-escalation-CVE-2021-4034.patch --- src/programs/pkcheck.c | 5 +++++ src/programs/pkexec.c | 19 ++++++++++++++++++- 2 files changed, 23 insertions(+), 1 deletion(-) diff --git a/src/programs/pkcheck.c b/src/programs/pkcheck.c index 057e926d..fafffcd5 100644 --- a/src/programs/pkcheck.c +++ b/src/programs/pkcheck.c @@ -353,6 +353,11 @@ main (int argc, char *argv[]) local_agent_handle = NULL; ret = 126; + if (argc < 1) + { + exit(126); + } + g_type_init (); details = polkit_details_new (); diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c index abc660df..6f32b2f3 100644 --- a/src/programs/pkexec.c +++ b/src/programs/pkexec.c @@ -475,6 +475,15 @@ main (int argc, char *argv[]) pid_t pid_of_caller; gpointer local_agent_handle; + + /* + * If 'pkexec' is called THIS wrong, someone's probably evil-doing. Don't be nice, just bail out. + */ + if (argc<1) + { + exit(127); + } + ret = 127; authority = NULL; subject = NULL; @@ -591,7 +600,15 @@ main (int argc, char *argv[]) goto out; } g_free (path); - argv[n] = path = s; + path = s; + + /* argc<2 and pkexec runs just shell, argv is guaranteed to be null-terminated. + * /-less shell shouldn't happen, but let's be defensive and don't write to null-termination + */ + if (argv[n] != NULL) + { + argv[n] = path; + } } if (access (path, F_OK) != 0) { -- cgit v1.2.3 From f905b162bcf3273848f9dbfd5e9dcdcb6f088398 Mon Sep 17 00:00:00 2001 From: an unknown author Date: Wed, 16 Feb 2022 09:49:41 +0000 Subject: Fix denial of service via fd limit exhaustion (CVE-2021-4115) Previously, an unprivileged user could cause polkitd to crash due to process file descriptor exhaustion, causing denial of service for any users who were actively using polkit at the time. polkitd is D-Bus-activatable, so it would automatically be restarted the next time it is contacted by a client, making this a relatively weak denial of service. Origin: Fedora, commit:https://src.fedoraproject.org/rpms/polkit/c/0a203bd46a1e2ec8cc4b3626840e2ea9d0d13a9a?branch=rawhide Bug: https://gitlab.freedesktop.org/polkit/polkit/-/issues/170 Bug-CVE: https://security-tracker.debian.org/tracker/CVE-2021-4115 Bug-Debian: https://bugs.debian.org/1005784 Forwarded: https://gitlab.freedesktop.org/polkit/polkit/-/issues/170 Gbp-Pq: Name Fix-denial-of-service-via-fd-limit-exhaustion-CVE-2021-41.patch --- src/polkit/polkitsystembusname.c | 38 ++++++++++++++++++++++++++++++++++---- 1 file changed, 34 insertions(+), 4 deletions(-) diff --git a/src/polkit/polkitsystembusname.c b/src/polkit/polkitsystembusname.c index 8ed13631..2fbf5f1f 100644 --- a/src/polkit/polkitsystembusname.c +++ b/src/polkit/polkitsystembusname.c @@ -62,6 +62,10 @@ enum PROP_NAME, }; + +guint8 dbus_call_respond_fails; // has to be global because of callback + + static void subject_iface_init (PolkitSubjectIface *subject_iface); G_DEFINE_TYPE_WITH_CODE (PolkitSystemBusName, polkit_system_bus_name, G_TYPE_OBJECT, @@ -364,6 +368,7 @@ on_retrieved_unix_uid_pid (GObject *src, if (!v) { data->caught_error = TRUE; + dbus_call_respond_fails += 1; } else { @@ -405,6 +410,8 @@ polkit_system_bus_name_get_creds_sync (PolkitSystemBusName *system_bus tmp_context = g_main_context_new (); g_main_context_push_thread_default (tmp_context); + dbus_call_respond_fails = 0; + /* Do two async calls as it's basically as fast as one sync call. */ g_dbus_connection_call (connection, @@ -432,11 +439,34 @@ polkit_system_bus_name_get_creds_sync (PolkitSystemBusName *system_bus on_retrieved_unix_uid_pid, &data); - while (!((data.retrieved_uid && data.retrieved_pid) || data.caught_error)) - g_main_context_iteration (tmp_context, TRUE); + while (TRUE) + { + /* If one dbus call returns error, we must wait until the other call + * calls _call_finish(), otherwise fd leak is possible. + * Resolves: GHSL-2021-077 + */ - if (data.caught_error) - goto out; + if ( (dbus_call_respond_fails > 1) ) + { + // we got two faults, we can leave + goto out; + } + + if ((data.caught_error && (data.retrieved_pid || data.retrieved_uid))) + { + // we got one fault and the other call finally finished, we can leave + goto out; + } + + if ( !(data.retrieved_uid && data.retrieved_pid) ) + { + g_main_context_iteration (tmp_context, TRUE); + } + else + { + break; + } + } if (out_uid) *out_uid = data.uid; -- cgit v1.2.3 From 7165f267b8a88dc5dbeb97d17e5fb325d796d038 Mon Sep 17 00:00:00 2001 From: Robert Ancell Date: Wed, 18 Aug 2010 16:26:15 +1000 Subject: Use gettext for translations in .policy files Bug: http://bugs.freedesktop.org/show_bug.cgi?id=29639 Bug-Ubuntu: https://launchpad.net/bugs/619632 Gbp-Pq: Name 02_gettext.patch --- src/polkitbackend/polkitbackendactionpool.c | 49 +++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) diff --git a/src/polkitbackend/polkitbackendactionpool.c b/src/polkitbackend/polkitbackendactionpool.c index b16ed2f9..3b0e4008 100644 --- a/src/polkitbackend/polkitbackendactionpool.c +++ b/src/polkitbackend/polkitbackendactionpool.c @@ -24,6 +24,8 @@ #include #include #include +#include +#include #include #include @@ -44,7 +46,9 @@ typedef struct gchar *vendor_url; gchar *icon_name; gchar *description; + gchar *description_domain; gchar *message; + gchar *message_domain; PolkitImplicitAuthorization implicit_authorization_any; PolkitImplicitAuthorization implicit_authorization_inactive; @@ -65,7 +69,9 @@ parsed_action_free (ParsedAction *action) g_free (action->vendor_url); g_free (action->icon_name); g_free (action->description); + g_free (action->description_domain); g_free (action->message); + g_free (action->message_domain); g_hash_table_unref (action->localized_description); g_hash_table_unref (action->localized_message); @@ -85,6 +91,7 @@ static void ensure_all_files (PolkitBackendActionPool *pool); static const gchar *_localize (GHashTable *translations, const gchar *untranslated, + const gchar *domain, const gchar *lang); typedef struct @@ -385,9 +392,11 @@ polkit_backend_action_pool_get_action (PolkitBackendActionPool *pool, description = _localize (parsed_action->localized_description, parsed_action->description, + parsed_action->description_domain, locale); message = _localize (parsed_action->localized_message, parsed_action->message, + parsed_action->message_domain, locale); ret = polkit_action_description_new (action_id, @@ -603,11 +612,16 @@ typedef struct { GHashTable *policy_messages; char *policy_description_nolang; + char *policy_description_domain; char *policy_message_nolang; + char *policy_message_domain; /* the value of xml:lang for the thing we're reading in _cdata() */ char *elem_lang; + /* the value of gettext-domain for the thing we're reading in _cdata() */ + char *elem_domain; + char *annotate_key; GHashTable *annotations; @@ -629,8 +643,12 @@ pd_unref_action_data (ParserData *pd) g_free (pd->policy_description_nolang); pd->policy_description_nolang = NULL; + g_free (pd->policy_description_domain); + pd->policy_description_domain = NULL; g_free (pd->policy_message_nolang); pd->policy_message_nolang = NULL; + g_free (pd->policy_message_domain); + pd->policy_message_domain = NULL; if (pd->policy_descriptions != NULL) { g_hash_table_unref (pd->policy_descriptions); @@ -650,6 +668,8 @@ pd_unref_action_data (ParserData *pd) } g_free (pd->elem_lang); pd->elem_lang = NULL; + g_free (pd->elem_domain); + pd->elem_domain = NULL; } static void @@ -737,6 +757,10 @@ _start (void *data, const char *el, const char **attr) { pd->elem_lang = g_strdup (attr[1]); } + if (num_attr == 2 && strcmp (attr[0], "gettext-domain") == 0) + { + pd->elem_domain = g_strdup (attr[1]); + } state = STATE_IN_ACTION_DESCRIPTION; } else if (strcmp (el, "message") == 0) @@ -745,6 +769,10 @@ _start (void *data, const char *el, const char **attr) { pd->elem_lang = g_strdup (attr[1]); } + if (num_attr == 2 && strcmp (attr[0], "gettext-domain") == 0) + { + pd->elem_domain = g_strdup (attr[1]); + } state = STATE_IN_ACTION_MESSAGE; } else if (strcmp (el, "vendor") == 0 && num_attr == 0) @@ -847,6 +875,7 @@ _cdata (void *data, const char *s, int len) { g_free (pd->policy_description_nolang); pd->policy_description_nolang = str; + pd->policy_description_domain = g_strdup (pd->elem_domain); str = NULL; } else @@ -863,6 +892,7 @@ _cdata (void *data, const char *s, int len) { g_free (pd->policy_message_nolang); pd->policy_message_nolang = str; + pd->policy_message_domain = g_strdup (pd->elem_domain); str = NULL; } else @@ -960,6 +990,8 @@ _end (void *data, const char *el) g_free (pd->elem_lang); pd->elem_lang = NULL; + g_free (pd->elem_domain); + pd->elem_domain = NULL; switch (pd->state) { @@ -990,7 +1022,9 @@ _end (void *data, const char *el) action->vendor_url = g_strdup (vendor_url); action->icon_name = g_strdup (icon_name); action->description = g_strdup (pd->policy_description_nolang); + action->description_domain = g_strdup (pd->policy_description_domain); action->message = g_strdup (pd->policy_message_nolang); + action->message_domain = g_strdup (pd->policy_message_domain); action->localized_description = pd->policy_descriptions; action->localized_message = pd->policy_messages; @@ -1093,6 +1127,7 @@ error: * _localize: * @translations: a mapping from xml:lang to the value, e.g. 'da' -> 'Smadre', 'en_CA' -> 'Punch, Aye!' * @untranslated: the untranslated value, e.g. 'Punch' + * @domain: the gettext domain for this string. Make be NULL. * @lang: the locale we're interested in, e.g. 'da_DK', 'da', 'en_CA', 'en_US'; basically just $LANG * with the encoding cut off. Maybe be NULL. * @@ -1103,11 +1138,25 @@ error: static const gchar * _localize (GHashTable *translations, const gchar *untranslated, + const gchar *domain, const gchar *lang) { const gchar *result; gchar **langs; guint n; + + if (domain != NULL) + { + gchar *old_locale; + + old_locale = g_strdup (setlocale (LC_ALL, NULL)); + setlocale (LC_ALL, lang); + result = dgettext (domain, untranslated); + setlocale (LC_ALL, old_locale); + g_free (old_locale); + + goto out; + } if (lang == NULL) { -- cgit v1.2.3 From 54a375b8a3d23731f46cd4bd87259c5fdeb5728b Mon Sep 17 00:00:00 2001 From: Michael Biebl Date: Sat, 11 Feb 2012 23:48:29 +0100 Subject: Install systemd service file for polkitd. Forwarded: no, obsoleted by an upstream commit in 0.106 Gbp-Pq: Name 06_systemd-service.patch --- data/org.freedesktop.PolicyKit1.service.in | 1 + 1 file changed, 1 insertion(+) diff --git a/data/org.freedesktop.PolicyKit1.service.in b/data/org.freedesktop.PolicyKit1.service.in index b6cd02b6..fbceb3ff 100644 --- a/data/org.freedesktop.PolicyKit1.service.in +++ b/data/org.freedesktop.PolicyKit1.service.in @@ -2,3 +2,4 @@ Name=org.freedesktop.PolicyKit1 Exec=@libexecdir@/polkitd --no-debug User=root +SystemdService=polkit.service -- cgit v1.2.3 From 600632f8e12594e75107ba4594fa1a02f7be0571 Mon Sep 17 00:00:00 2001 From: Michael Biebl Date: Wed, 8 Jul 2015 02:08:33 +0200 Subject: Build against libsystemd Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779756 Forwarded: no, obsoleted by upstream commit 2291767a014f5a04a92ca6f0eb472794f212ca67 in 0.113 Gbp-Pq: Name 10_build-against-libsystemd.patch --- configure.ac | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/configure.ac b/configure.ac index 388605d2..f55ddb7f 100644 --- a/configure.ac +++ b/configure.ac @@ -160,7 +160,7 @@ AC_ARG_ENABLE([systemd], [enable_systemd=auto]) if test "$enable_systemd" != "no"; then PKG_CHECK_MODULES(SYSTEMD, - [libsystemd-login], + [libsystemd], have_systemd=yes, have_systemd=no) if test "$have_systemd" = "yes"; then @@ -171,7 +171,7 @@ if test "$enable_systemd" != "no"; then LIBS=$save_LIBS else if test "$enable_systemd" = "yes"; then - AC_MSG_ERROR([systemd support requested but libsystemd-login1 library not found]) + AC_MSG_ERROR([systemd support requested but libsystemd library not found]) fi fi fi -- cgit v1.2.3 From 7e9f921898ecb2aaed4c7c3a45f0202d76d8076b Mon Sep 17 00:00:00 2001 From: Michael Biebl Date: Tue, 27 Nov 2018 18:36:27 +0100 Subject: Move D-Bus policy file to /usr/share/dbus-1/system.d/ To better support stateless systems with an empty /etc, the old location in /etc/dbus-1/system.d/ should only be used for local admin changes. Package provided D-Bus policy files are supposed to be installed in /usr/share/dbus-1/system.d/. This is supported since dbus 1.9.18. https://lists.freedesktop.org/archives/dbus/2015-July/016746.html https://gitlab.freedesktop.org/polkit/polkit/merge_requests/11 Gbp-Pq: Name Move-D-Bus-policy-file-to-usr-share-dbus-1-system.d.patch --- data/Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/Makefile.am b/data/Makefile.am index e1a60aad..3d874390 100644 --- a/data/Makefile.am +++ b/data/Makefile.am @@ -9,7 +9,7 @@ service_DATA = $(service_in_files:.service.in=.service) $(service_DATA): $(service_in_files) Makefile @sed -e "s|\@libexecdir\@|$(libexecdir)|" $< > $@ -dbusconfdir = $(sysconfdir)/dbus-1/system.d +dbusconfdir = $(datadir)/dbus-1/system.d dbusconf_DATA = org.freedesktop.PolicyKit1.conf if POLKIT_AUTHFW_PAM -- cgit v1.2.3 From f5054b8284eaf3af17ceee1f2c341cd47b7d8e74 Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Thu, 4 Jul 2019 14:12:44 +0100 Subject: Statically link libpolkit-backend1 into polkitd Nothing else in Debian depends on that library: in principle it was meant to be used for pluggable polkit backends, but those never actually happened, and the library's API was never declared stable. Similar to part of 0f830c76 "Nuke polkitbackend library, localauthority backend and extension system" upstream. Signed-off-by: Simon McVittie Gbp-Pq: Name Statically-link-libpolkit-backend1-into-polkitd.patch --- configure.ac | 1 - data/Makefile.am | 2 +- data/polkit-backend-1.pc.in | 11 ------ docs/man/polkit.xml | 6 --- docs/polkit/Makefile.am | 3 -- docs/polkit/polkit-1-docs.xml | 7 ---- docs/polkit/polkit-1-sections.txt | 80 --------------------------------------- docs/polkit/polkit-1.types | 9 ----- src/polkitbackend/Makefile.am | 13 +------ 9 files changed, 2 insertions(+), 130 deletions(-) delete mode 100644 data/polkit-backend-1.pc.in diff --git a/configure.ac b/configure.ac index f55ddb7f..abfdd1f3 100644 --- a/configure.ac +++ b/configure.ac @@ -439,7 +439,6 @@ actions/Makefile data/Makefile data/polkit-1 data/polkit-gobject-1.pc -data/polkit-backend-1.pc data/polkit-agent-1.pc src/Makefile src/polkit/Makefile diff --git a/data/Makefile.am b/data/Makefile.am index 3d874390..dad7c2f2 100644 --- a/data/Makefile.am +++ b/data/Makefile.am @@ -18,7 +18,7 @@ pam_DATA = polkit-1 endif pkgconfigdir = $(libdir)/pkgconfig -pkgconfig_DATA = polkit-gobject-1.pc polkit-backend-1.pc polkit-agent-1.pc +pkgconfig_DATA = polkit-gobject-1.pc polkit-agent-1.pc # ---------------------------------------------------------------------------------------------------- diff --git a/data/polkit-backend-1.pc.in b/data/polkit-backend-1.pc.in deleted file mode 100644 index 7f6197d9..00000000 --- a/data/polkit-backend-1.pc.in +++ /dev/null @@ -1,11 +0,0 @@ -prefix=@prefix@ -exec_prefix=@exec_prefix@ -libdir=@libdir@ -includedir=@includedir@ - -Name: polkit-backend-1 -Description: PolicyKit Backend API -Version: @VERSION@ -Libs: -L${libdir} -lpolkit-backend-1 -Cflags: -I${includedir}/polkit-1 -Requires: polkit-gobject-1 diff --git a/docs/man/polkit.xml b/docs/man/polkit.xml index 188c5141..7933779f 100644 --- a/docs/man/polkit.xml +++ b/docs/man/polkit.xml @@ -115,12 +115,6 @@ System Context | | PolicyKit D-Bus service. - - PolicyKit extensions and authority backends are implemented - using the - libpolkit-backend-1 library. - - See the developer diff --git a/docs/polkit/Makefile.am b/docs/polkit/Makefile.am index fd7123f6..c13372b4 100644 --- a/docs/polkit/Makefile.am +++ b/docs/polkit/Makefile.am @@ -31,8 +31,6 @@ INCLUDES = \ $(GIO_CFLAGS) \ -I$(top_srcdir)/src/polkit \ -I$(top_builddir)/src/polkit \ - -I$(top_srcdir)/src/polkitbackend \ - -I$(top_builddir)/src/polkitbackend \ -I$(top_srcdir)/src/polkitagent \ -I$(top_builddir)/src/polkitagent \ $(NULL) @@ -42,7 +40,6 @@ GTKDOC_LIBS = \ $(GLIB_LIBS) \ $(GIO_LIBS) \ $(top_builddir)/src/polkit/libpolkit-gobject-1.la \ - $(top_builddir)/src/polkitbackend/libpolkit-backend-1.la \ $(top_builddir)/src/polkitagent/libpolkit-agent-1.la \ $(NULL) diff --git a/docs/polkit/polkit-1-docs.xml b/docs/polkit/polkit-1-docs.xml index 21b3681e..ec04b263 100644 --- a/docs/polkit/polkit-1-docs.xml +++ b/docs/polkit/polkit-1-docs.xml @@ -47,13 +47,6 @@ - - Backend API Reference - - - - - Authentication Agent API Reference diff --git a/docs/polkit/polkit-1-sections.txt b/docs/polkit/polkit-1-sections.txt index 38810042..41b37e32 100644 --- a/docs/polkit/polkit-1-sections.txt +++ b/docs/polkit/polkit-1-sections.txt @@ -290,86 +290,6 @@ POLKIT_IS_DETAILS_CLASS POLKIT_DETAILS_GET_CLASS
-
-polkitbackendauthority -PolkitBackendAuthority -POLKIT_BACKEND_AUTHORITY_EXTENSION_POINT_NAME -PolkitBackendAuthority -PolkitBackendAuthorityClass -polkit_backend_authority_get_name -polkit_backend_authority_get_version -polkit_backend_authority_get_features -polkit_backend_authority_check_authorization -polkit_backend_authority_check_authorization_finish -polkit_backend_authority_register_authentication_agent -polkit_backend_authority_unregister_authentication_agent -polkit_backend_authority_authentication_agent_response -polkit_backend_authority_enumerate_actions -polkit_backend_authority_enumerate_temporary_authorizations -polkit_backend_authority_revoke_temporary_authorizations -polkit_backend_authority_revoke_temporary_authorization_by_id -polkit_backend_authority_get -polkit_backend_authority_register -polkit_backend_authority_unregister - -POLKIT_BACKEND_AUTHORITY -POLKIT_BACKEND_IS_AUTHORITY -POLKIT_BACKEND_TYPE_AUTHORITY -polkit_backend_authority_get_type -POLKIT_BACKEND_AUTHORITY_CLASS -POLKIT_BACKEND_IS_AUTHORITY_CLASS -POLKIT_BACKEND_AUTHORITY_GET_CLASS -
- -
-polkitbackendactionlookup -PolkitBackendActionLookup -POLKIT_BACKEND_ACTION_LOOKUP_EXTENSION_POINT_NAME -PolkitBackendActionLookup -PolkitBackendActionLookupIface -polkit_backend_action_lookup_get_message -polkit_backend_action_lookup_get_icon_name -polkit_backend_action_lookup_get_details - -POLKIT_BACKEND_ACTION_LOOKUP -POLKIT_BACKEND_IS_ACTION_LOOKUP -POLKIT_BACKEND_TYPE_ACTION_LOOKUP -polkit_backend_action_lookup_get_type -POLKIT_BACKEND_ACTION_LOOKUP_GET_IFACE -
- -
-polkitbackendlocalauthority -PolkitBackendLocalAuthority -PolkitBackendLocalAuthority -PolkitBackendLocalAuthorityClass - -POLKIT_BACKEND_LOCAL_AUTHORITY -POLKIT_BACKEND_IS_LOCAL_AUTHORITY -POLKIT_BACKEND_TYPE_LOCAL_AUTHORITY -polkit_backend_local_authority_get_type -POLKIT_BACKEND_LOCAL_AUTHORITY_CLASS -POLKIT_BACKEND_IS_LOCAL_AUTHORITY_CLASS -POLKIT_BACKEND_LOCAL_AUTHORITY_GET_CLASS -
- -
-polkitbackendinteractiveauthority -PolkitBackendInteractiveAuthority -PolkitBackendInteractiveAuthority -PolkitBackendInteractiveAuthorityClass -polkit_backend_interactive_authority_get_admin_identities -polkit_backend_interactive_authority_check_authorization_sync - -POLKIT_BACKEND_INTERACTIVE_AUTHORITY -POLKIT_BACKEND_IS_INTERACTIVE_AUTHORITY -POLKIT_BACKEND_TYPE_INTERACTIVE_AUTHORITY -polkit_backend_interactive_authority_get_type -POLKIT_BACKEND_INTERACTIVE_AUTHORITY_CLASS -POLKIT_BACKEND_IS_INTERACTIVE_AUTHORITY_CLASS -POLKIT_BACKEND_INTERACTIVE_AUTHORITY_GET_CLASS -
-
polkitagentsession PolkitAgentSession diff --git a/docs/polkit/polkit-1.types b/docs/polkit/polkit-1.types index b1e13cc5..6354d125 100644 --- a/docs/polkit/polkit-1.types +++ b/docs/polkit/polkit-1.types @@ -16,15 +16,6 @@ polkit_authorization_result_get_type polkit_temporary_authorization_get_type polkit_permission_get_type -polkit_backend_authority_get_type -polkit_backend_interactive_authority_get_type -polkit_backend_local_authority_get_type -polkit_backend_action_lookup_get_type -polkit_backend_action_pool_get_type -polkit_backend_session_monitor_get_type -polkit_backend_config_source_get_type -polkit_backend_local_authorization_store_get_type - polkit_agent_session_get_type polkit_agent_listener_get_type polkit_agent_text_listener_get_type diff --git a/src/polkitbackend/Makefile.am b/src/polkitbackend/Makefile.am index b91cafa9..cb25a6b5 100644 --- a/src/polkitbackend/Makefile.am +++ b/src/polkitbackend/Makefile.am @@ -16,18 +16,7 @@ INCLUDES = \ -D_REENTRANT \ $(NULL) -lib_LTLIBRARIES=libpolkit-backend-1.la - -libpolkit_backend_1includedir=$(includedir)/polkit-1/polkitbackend - -libpolkit_backend_1include_HEADERS = \ - polkitbackend.h \ - polkitbackendtypes.h \ - polkitbackendauthority.h \ - polkitbackendinteractiveauthority.h \ - polkitbackendlocalauthority.h \ - polkitbackendactionlookup.h \ - $(NULL) +noinst_LTLIBRARIES=libpolkit-backend-1.la libpolkit_backend_1_la_SOURCES = \ $(BUILT_SOURCES) \ -- cgit v1.2.3 From cf584dd82152ee3352a0dba016a929a525d7e131 Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Thu, 4 Jul 2019 14:30:29 +0100 Subject: Remove example null backend There's no point in this now that we've removed the ability to extend polkit. Signed-off-by: Simon McVittie Gbp-Pq: Name Remove-example-null-backend.patch --- configure.ac | 1 - docs/polkit/overview.xml | 34 ---------------------------------- src/Makefile.am | 2 +- 3 files changed, 1 insertion(+), 36 deletions(-) diff --git a/configure.ac b/configure.ac index abfdd1f3..22b9a192 100644 --- a/configure.ac +++ b/configure.ac @@ -447,7 +447,6 @@ src/polkitagent/Makefile src/polkitd/Makefile src/programs/Makefile src/examples/Makefile -src/nullbackend/Makefile docs/version.xml docs/extensiondir.xml docs/Makefile diff --git a/docs/polkit/overview.xml b/docs/polkit/overview.xml index 8ddb34cc..92515794 100644 --- a/docs/polkit/overview.xml +++ b/docs/polkit/overview.xml @@ -91,38 +91,4 @@ information on standard output. - - - Extending polkit - - polkit exports a number of extension points to - replace/customize behavior of the polkit daemon. Note that - all extensions run with super user privileges in the same - process as the polkit daemon. - - - The polkit daemons loads extensions - from the &extensiondir; directory. See - the GIO Extension Point - documentation for more information about the extension - system used by polkit. - - - The following extension points are currently defined by - polkit: - - - - POLKIT_BACKEND_AUTHORITY_EXTENSION_POINT_NAME - - Allows replacing the Authority – the entity responsible for - making authorization decisions. Implementations of this - extension point must be derived from the - PolkitBackendAuthority class. See - the src/nullbackend/ directory in the - polkit sources for an example. - - - - diff --git a/src/Makefile.am b/src/Makefile.am index 28c7bfa8..3380fb2c 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -1,5 +1,5 @@ -SUBDIRS = polkit polkitbackend polkitagent polkitd nullbackend programs +SUBDIRS = polkit polkitbackend polkitagent polkitd programs if BUILD_EXAMPLES SUBDIRS += examples -- cgit v1.2.3 From b1677e44e3ee84b4b8a318f2ec20277094539adf Mon Sep 17 00:00:00 2001 From: Michael Biebl Date: Tue, 2 Oct 2007 22:38:04 +0200 Subject: Use Debian's common-* PAM infrastructure, plus pam_env Forwarded: not-needed, Debian-specific Gbp-Pq: Topic debian Gbp-Pq: Name 01_pam_polkit.patch --- data/polkit-1.in | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/data/polkit-1.in b/data/polkit-1.in index 142dadd3..6f8af2a0 100644 --- a/data/polkit-1.in +++ b/data/polkit-1.in @@ -1,6 +1,8 @@ #%PAM-1.0 -auth include @PAM_FILE_INCLUDE_AUTH@ -account include @PAM_FILE_INCLUDE_ACCOUNT@ -password include @PAM_FILE_INCLUDE_PASSWORD@ -session include @PAM_FILE_INCLUDE_SESSION@ +@include common-auth +@include common-account +@include common-password +session required pam_env.so readenv=1 user_readenv=0 +session required pam_env.so readenv=1 envfile=/etc/default/locale user_readenv=0 +@include common-session-noninteractive -- cgit v1.2.3 From 7675ee4954b817383712f4eac9c567fafdab374c Mon Sep 17 00:00:00 2001 From: Michael Biebl Date: Fri, 9 Dec 2011 00:31:21 +0100 Subject: Revert "Default to AdminIdentities=unix-group:wheel for local authority" This reverts commit 763faf434b445c20ae9529100d3ef5290976d0c9. On Red Hat derivatives, every member of group 'wheel' is necessarily privileged. On Debian derivatives, there is no wheel group, and gid 0 (root) is not used in this way. Change the default rule to consider uid 0 to be privileged, instead. On Red Hat derivatives, 50-default.rules is not preserved by upgrades; on dpkg-based systems, it is a proper conffile and may be edited (at the sysadmin's own risk), so the comment about not editing it is misleading. [smcv: added longer explanation of why we make this change; remove unrelated cosmetic change to a man page] Forwarded: not-needed, Debian-specific Gbp-Pq: Topic debian Gbp-Pq: Name 05_revert-admin-identities-unix-group-wheel.patch --- src/polkitbackend/50-localauthority.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/polkitbackend/50-localauthority.conf b/src/polkitbackend/50-localauthority.conf index 5e44bde0..20e0ba34 100644 --- a/src/polkitbackend/50-localauthority.conf +++ b/src/polkitbackend/50-localauthority.conf @@ -7,4 +7,4 @@ # [Configuration] -AdminIdentities=unix-group:wheel +AdminIdentities=unix-user:0 -- cgit v1.2.3 From 6f10536370247fc2462dc994707d47d88ee1d392 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Wed, 6 Jun 2012 09:05:14 -0400 Subject: agenthelper-pam: Fix newline-trimming code First, we were using == instead of =, as the author probably intended. But after changing that, we're now assigning to const memory. Fix that by writing to a temporary string buffer. Signed-off-by: David Zeuthen Origin: upstream, 0.106, commit:14121fda7e4fa9463c66ce419cc32be7e7f3b535 Gbp-Pq: Topic 0.106 Gbp-Pq: Name agenthelper-pam-Fix-newline-trimming-code.patch --- src/polkitagent/polkitagenthelper-pam.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/src/polkitagent/polkitagenthelper-pam.c b/src/polkitagent/polkitagenthelper-pam.c index 85a26718..7af5321e 100644 --- a/src/polkitagent/polkitagenthelper-pam.c +++ b/src/polkitagent/polkitagenthelper-pam.c @@ -227,6 +227,8 @@ conversation_function (int n, const struct pam_message **msg, struct pam_respons char buf[PAM_MAX_RESP_SIZE]; int i; gchar *escaped = NULL; + gchar *tmp = NULL; + size_t len; data = data; if (n <= 0 || n > PAM_MAX_NUM_MSG) @@ -258,9 +260,12 @@ conversation_function (int n, const struct pam_message **msg, struct pam_respons #ifdef PAH_DEBUG fprintf (stderr, "polkit-agent-helper-1: writing `%s' to stdout\n", msg[i]->msg); #endif /* PAH_DEBUG */ - if (strlen (msg[i]->msg) > 0 && msg[i]->msg[strlen (msg[i]->msg) - 1] == '\n') - msg[i]->msg[strlen (msg[i]->msg) - 1] == '\0'; - escaped = g_strescape (msg[i]->msg, NULL); + tmp = g_strdup (msg[i]->msg); + len = strlen (tmp); + if (len > 0 && tmp[len - 1] == '\n') + tmp[len - 1] = '\0'; + escaped = g_strescape (tmp, NULL); + g_free (tmp); fputs (escaped, stdout); g_free (escaped); #ifdef PAH_DEBUG -- cgit v1.2.3 From d2843866386f003bab89521ea82a65d334b0c3e2 Mon Sep 17 00:00:00 2001 From: Matthias Clasen Date: Wed, 27 Jun 2012 20:28:00 -0400 Subject: Try harder to look up the right localization The code for looking up localized strings for action descriptions was manually trying to break locale names into pieces, but didn't get it right for e.g. zh_CN.utf-8. Instead, use the GLib function g_get_locale_variants(), which handles this (and more). This fixes the translation problem reported in https://bugzilla.gnome.org/show_bug.cgi?id=665497 Signed-off-by: David Zeuthen (cherry picked from commit facadfb5c8c52ba45fd20ffe3b6d3ddd4208a427) Gbp-Pq: Topic 0.107 Gbp-Pq: Name Try-harder-to-look-up-the-right-localization.patch --- src/polkitbackend/polkitbackendactionpool.c | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/src/polkitbackend/polkitbackendactionpool.c b/src/polkitbackend/polkitbackendactionpool.c index e3ed38d4..0af00109 100644 --- a/src/polkitbackend/polkitbackendactionpool.c +++ b/src/polkitbackend/polkitbackendactionpool.c @@ -1108,7 +1108,7 @@ _localize (GHashTable *translations, const gchar *lang) { const gchar *result; - gchar lang2[256]; + gchar **langs; guint n; if (lang == NULL) @@ -1123,16 +1123,14 @@ _localize (GHashTable *translations, goto out; /* we could have a translation for 'da' but lang=='da_DK'; cut off the last part and try again */ - strncpy (lang2, lang, sizeof (lang2)); - for (n = 0; lang2[n] != '\0'; n++) + langs = g_get_locale_variants (lang); + for (n = 0; langs[n] != NULL; n++) { - if (lang2[n] == '_') - { - lang2[n] = '\0'; - break; - } + result = (const char *) g_hash_table_lookup (translations, (void *) langs[n]); + if (result != NULL) + break; } - result = (const char *) g_hash_table_lookup (translations, (void *) lang2); + g_strfreev (langs); if (result != NULL) goto out; -- cgit v1.2.3 From 3d1ff319edf049f6abbf43d3310cfa0d6482c81c Mon Sep 17 00:00:00 2001 From: Ryan Lortie Date: Tue, 13 Nov 2012 11:50:14 -0500 Subject: build: Fix .gir generation for parallel make As per the intructions in the introspection Makefile, we should have a line declaring a dependency between the .gir and .la files. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=57077 Signed-off-by: David Zeuthen Bug-Debian: https://bugs.debian.org/894205 Gbp-Pq: Topic 0.108 Gbp-Pq: Name build-Fix-.gir-generation-for-parallel-make.patch --- src/polkit/Makefile.am | 2 ++ src/polkitagent/Makefile.am | 2 ++ 2 files changed, 4 insertions(+) diff --git a/src/polkit/Makefile.am b/src/polkit/Makefile.am index 1068ea12..41ccf5c3 100644 --- a/src/polkit/Makefile.am +++ b/src/polkit/Makefile.am @@ -106,6 +106,8 @@ if HAVE_INTROSPECTION INTROSPECTION_GIRS = Polkit-1.0.gir +Polkit-1.0.gir: libpolkit-gobject-1.la + girdir = $(INTROSPECTION_GIRDIR) gir_DATA = Polkit-1.0.gir diff --git a/src/polkitagent/Makefile.am b/src/polkitagent/Makefile.am index e8c9fb1a..7b51137b 100644 --- a/src/polkitagent/Makefile.am +++ b/src/polkitagent/Makefile.am @@ -106,6 +106,8 @@ if HAVE_INTROSPECTION girdir = $(INTROSPECTION_GIRDIR) gir_DATA = PolkitAgent-1.0.gir +PolkitAgent-1.0.gir: libpolkit-agent-1.la + typelibsdir = $(INTROSPECTION_TYPELIBDIR) typelibs_DATA = PolkitAgent-1.0.typelib -- cgit v1.2.3 From 3e94cc698343813f41e18242c8d2b7ac96d157eb Mon Sep 17 00:00:00 2001 From: Adam Jackson Date: Tue, 9 Oct 2012 14:08:24 -0400 Subject: PolkitAgent: Avoid crashing if initializing the server object fails Note that otherwise we return a freed server object. Since later in polkit_agent_listener_register_with_options we check against NULL to determine failure, this makes for sad times later when we call server_free() on it again. Signed-off-by: David Zeuthen Origin: 0.108, commit:59f2d96ce3ac63173669f299a9453a7bf5e70a70 Bug: https://bugs.freedesktop.org/show_bug.cgi?id=55776 Bug-Debian: https://bugs.debian.org/923046 Gbp-Pq: Topic 0.108 Gbp-Pq: Name PolkitAgent-Avoid-crashing-if-initializing-the-server-obj.patch --- src/polkitagent/polkitagentlistener.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/polkitagent/polkitagentlistener.c b/src/polkitagent/polkitagentlistener.c index 0d97501a..5bddd035 100644 --- a/src/polkitagent/polkitagentlistener.c +++ b/src/polkitagent/polkitagentlistener.c @@ -260,10 +260,9 @@ server_new (PolkitSubject *subject, if (!server_init_sync (server, cancellable, error)) { server_free (server); - goto out; + return NULL; } - out: return server; } -- cgit v1.2.3 From 642d8032c5919c778a91dbea680be50e381fe10f Mon Sep 17 00:00:00 2001 From: David Zeuthen Date: Wed, 19 Dec 2012 14:28:29 -0500 Subject: Set XAUTHORITY environment variable if is unset The way it works is that if XAUTHORITY is unset, then its default value is $HOME/.Xauthority. But since we're changing user identity this will not work since $HOME will now change. Therefore, if XAUTHORITY is unset, just set its default value before changing identity. This bug only affected login managers using X Window Authorization but not explicitly setting the XAUTHORITY variable. You can argue that XAUTHORITY is broken since it forces uid-changing apps like pkexec(1) to do more work - and get involved in intimate details of how X works and so on - but that doesn't change how things work. Based on a patch from Peter Wu . Bug: https://bugs.freedesktop.org/show_bug.cgi?id=51623 Signed-off-by: David Zeuthen Origin: upstream, 0.110, commit:d6acecdd0ebb42e28ff28e04e0207cb01fa20910 Gbp-Pq: Topic 0.110 Gbp-Pq: Name 07_set-XAUTHORITY-environment-variable-if-unset.patch --- src/programs/pkexec.c | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c index 373977b8..7fafa14d 100644 --- a/src/programs/pkexec.c +++ b/src/programs/pkexec.c @@ -597,6 +597,28 @@ main (int argc, char *argv[]) g_ptr_array_add (saved_env, g_strdup (value)); } + /* $XAUTHORITY is "special" - if unset, we need to set it to ~/.Xauthority. Yes, + * this is broken but it's unfortunately how things work (see fdo #51623 for + * details) + */ + if (g_getenv ("XAUTHORITY") == NULL) + { + const gchar *home; + + /* pre-2.36 GLib does not examine $HOME (it always looks in /etc/passwd) and + * this is not what we want + */ + home = g_getenv ("HOME"); + if (home == NULL) + home = g_get_home_dir (); + + if (home != NULL) + { + g_ptr_array_add (saved_env, g_strdup ("XAUTHORITY")); + g_ptr_array_add (saved_env, g_build_filename (home, ".Xauthority", NULL)); + } + } + /* Nuke the environment to get a well-known and sanitized environment to avoid attacks * via e.g. the DBUS_SYSTEM_BUS_ADDRESS environment variable and similar. */ -- cgit v1.2.3 From ae6513fe1c9d4f76c945915e825306fc4b7f4d13 Mon Sep 17 00:00:00 2001 From: Emilio Pozuelo Monfort Date: Sat, 26 Mar 2011 07:28:14 +0000 Subject: Fix build on GNU Hurd Bug: https://bugs.freedesktop.org/show_bug.cgi?id=35685 Applied-upstream: 0.110, commit:d6de13e12379826af8ca9355a32da48707b9831f Gbp-Pq: Topic 0.110 Gbp-Pq: Name 04_get_cwd.patch --- src/programs/pkexec.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c index 7fafa14d..682fe954 100644 --- a/src/programs/pkexec.c +++ b/src/programs/pkexec.c @@ -53,7 +53,7 @@ #include static gchar *original_user_name = NULL; -static gchar original_cwd[PATH_MAX]; +static gchar *original_cwd; static gchar *command_line = NULL; static struct passwd *pw; @@ -465,7 +465,7 @@ main (int argc, char *argv[]) goto out; } - if (getcwd (original_cwd, sizeof (original_cwd)) == NULL) + if ((original_cwd = g_get_current_dir ()) == NULL) { g_printerr ("Error getting cwd: %s\n", g_strerror (errno)); @@ -953,6 +953,7 @@ main (int argc, char *argv[]) g_ptr_array_free (saved_env, TRUE); } + g_free (original_cwd); g_free (path); g_free (command_line); g_free (opt_user); -- cgit v1.2.3 From c1d51dfb732e551474d857698df91a15def3c912 Mon Sep 17 00:00:00 2001 From: Steve Langasek Date: Fri, 8 Mar 2013 12:00:00 +0100 Subject: pkexec: Set process environment from pam_getenvlist() Various pam modules provide environment variables that are intended to be set in the environment of the pam session. pkexec needs to process the output of pam_getenvlist() to get these. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=62016 Applied-upstream: 0.111, commit:5aef9722c15a350fbf8b20a3b58419f156cc7c98 Bug-Ubuntu: https://bugs.launchpad.net/bugs/982684 Gbp-Pq: Topic 0.111 Gbp-Pq: Name 09_pam_environment.patch --- src/programs/pkexec.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c index 682fe954..9a0570a3 100644 --- a/src/programs/pkexec.c +++ b/src/programs/pkexec.c @@ -145,6 +145,7 @@ open_session (const gchar *user_to_auth) gboolean ret; gint rc; pam_handle_t *pam_h; + char **envlist; struct pam_conv conversation; ret = FALSE; @@ -176,6 +177,15 @@ open_session (const gchar *user_to_auth) ret = TRUE; + envlist = pam_getenvlist (pam_h); + if (envlist != NULL) + { + guint n; + for (n = 0; envlist[n]; n++) + putenv (envlist[n]); + free (envlist); + } + out: if (pam_h != NULL) pam_end (pam_h, rc); -- cgit v1.2.3 From fa8de8e7aee5327535d65f2ad9f6f6f44f911e9d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Thu, 18 Apr 2013 19:54:59 +0200 Subject: Add a FIXME to polkitprivate.h See discussion in https://bugs.freedesktop.org/show_bug.cgi?id=63573 . Origin: upstream, 0.111, commit:18d97c95c022bb381efab8fb6ac80312bd7fbc11 Gbp-Pq: Topic 0.111 Gbp-Pq: Name Add-a-FIXME-to-polkitprivate.h.patch --- src/polkit/polkitprivate.h | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/src/polkit/polkitprivate.h b/src/polkit/polkitprivate.h index 579cc253..7f5c4634 100644 --- a/src/polkit/polkitprivate.h +++ b/src/polkit/polkitprivate.h @@ -28,6 +28,16 @@ #include "polkitauthorizationresult.h" #include "polkittemporaryauthorization.h" +/* FIXME: This header file is currently installed among other public header + files, and the symbols are exported in the shared library. + + For application writers: relying on any function here is strongly + discouraged. + + For polkit maintainers: This should be made private if a large ABI break + were necessary in the future. In the meantime, consider that there is + non-zero risk that changing these functions might break some applications. */ + PolkitActionDescription *polkit_action_description_new_for_gvariant (GVariant *value); GVariant *polkit_action_description_to_gvariant (PolkitActionDescription *action_description); -- cgit v1.2.3 From 747fd715e41ea7f827bddfb753a6bc9e106aa641 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Tue, 7 May 2013 22:30:25 +0200 Subject: Fix a memory leak Bug: https://bugs.freedesktop.org/show_bug.cgi?id=64336 Origin: upstream, 0.111, commit:d7b6ab40b586c255c49aba22f558eb6602c88b1e Gbp-Pq: Topic 0.111 Gbp-Pq: Name Fix-a-memory-leak.patch --- src/polkitagent/polkitagenthelper-pam.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/polkitagent/polkitagenthelper-pam.c b/src/polkitagent/polkitagenthelper-pam.c index 7af5321e..292abbe4 100644 --- a/src/polkitagent/polkitagenthelper-pam.c +++ b/src/polkitagent/polkitagenthelper-pam.c @@ -321,6 +321,7 @@ error: } } memset (aresp, 0, n * sizeof *aresp); + free (aresp); *resp = NULL; return PAM_CONV_ERR; } -- cgit v1.2.3 From 3772dbe8a4351ea0d6a9e6208e4c565bc9e6955a Mon Sep 17 00:00:00 2001 From: Tomas Bzatek Date: Wed, 29 May 2013 13:45:31 +0000 Subject: Use GOnce for interface type registration Static local variable may not be enough since it doesn't provide locking. Related to these udisksd warnings: GLib-GObject-WARNING **: cannot register existing type `PolkitSubject' Thanks to Hans de Goede for spotting this! Bug: https://bugs.freedesktop.org/show_bug.cgi?id=65130 Origin: upstream, 0.112, commit:20ad116a6582e57d20f9d8197758947918753a4c Gbp-Pq: Topic 0.112 Gbp-Pq: Name 00git_type_registration.patch --- src/polkit/polkitidentity.c | 10 ++++++---- src/polkit/polkitsubject.c | 10 ++++++---- src/polkitbackend/polkitbackendactionlookup.c | 10 ++++++---- 3 files changed, 18 insertions(+), 12 deletions(-) diff --git a/src/polkit/polkitidentity.c b/src/polkit/polkitidentity.c index dd15b2f9..7813c2c0 100644 --- a/src/polkit/polkitidentity.c +++ b/src/polkit/polkitidentity.c @@ -49,9 +49,9 @@ base_init (gpointer g_iface) GType polkit_identity_get_type (void) { - static GType iface_type = 0; + static volatile gsize g_define_type_id__volatile = 0; - if (iface_type == 0) + if (g_once_init_enter (&g_define_type_id__volatile)) { static const GTypeInfo info = { @@ -67,12 +67,14 @@ polkit_identity_get_type (void) NULL /* value_table */ }; - iface_type = g_type_register_static (G_TYPE_INTERFACE, "PolkitIdentity", &info, 0); + GType iface_type = + g_type_register_static (G_TYPE_INTERFACE, "PolkitIdentity", &info, 0); g_type_interface_add_prerequisite (iface_type, G_TYPE_OBJECT); + g_once_init_leave (&g_define_type_id__volatile, iface_type); } - return iface_type; + return g_define_type_id__volatile; } /** diff --git a/src/polkit/polkitsubject.c b/src/polkit/polkitsubject.c index d2c4c205..aed57951 100644 --- a/src/polkit/polkitsubject.c +++ b/src/polkit/polkitsubject.c @@ -50,9 +50,9 @@ base_init (gpointer g_iface) GType polkit_subject_get_type (void) { - static GType iface_type = 0; + static volatile gsize g_define_type_id__volatile = 0; - if (iface_type == 0) + if (g_once_init_enter (&g_define_type_id__volatile)) { static const GTypeInfo info = { @@ -68,12 +68,14 @@ polkit_subject_get_type (void) NULL /* value_table */ }; - iface_type = g_type_register_static (G_TYPE_INTERFACE, "PolkitSubject", &info, 0); + GType iface_type = + g_type_register_static (G_TYPE_INTERFACE, "PolkitSubject", &info, 0); g_type_interface_add_prerequisite (iface_type, G_TYPE_OBJECT); + g_once_init_leave (&g_define_type_id__volatile, iface_type); } - return iface_type; + return g_define_type_id__volatile; } /** diff --git a/src/polkitbackend/polkitbackendactionlookup.c b/src/polkitbackend/polkitbackendactionlookup.c index 5a1a228a..20747e79 100644 --- a/src/polkitbackend/polkitbackendactionlookup.c +++ b/src/polkitbackend/polkitbackendactionlookup.c @@ -74,9 +74,9 @@ base_init (gpointer g_iface) GType polkit_backend_action_lookup_get_type (void) { - static GType iface_type = 0; + static volatile gsize g_define_type_id__volatile = 0; - if (iface_type == 0) + if (g_once_init_enter (&g_define_type_id__volatile)) { static const GTypeInfo info = { @@ -92,12 +92,14 @@ polkit_backend_action_lookup_get_type (void) NULL /* value_table */ }; - iface_type = g_type_register_static (G_TYPE_INTERFACE, "PolkitBackendActionLookup", &info, 0); + GType iface_type = + g_type_register_static (G_TYPE_INTERFACE, "PolkitBackendActionLookup", &info, 0); g_type_interface_add_prerequisite (iface_type, G_TYPE_OBJECT); + g_once_init_leave (&g_define_type_id__volatile, iface_type); } - return iface_type; + return g_define_type_id__volatile; } /** -- cgit v1.2.3 From 7887c8f1a329f66042bed57335471814e7b3f9dd Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Tue, 20 Aug 2013 15:15:31 -0400 Subject: polkitunixprocess: Deprecate racy APIs It's only safe for processes to be created with their owning uid, (without kernel support, which we don't have). Anything else is subject to clients exec()ing setuid binaries after the fact. Origin: upstream, 0.112, commit:08291789a1f99d4ab29c74c39344304bcca43023 Gbp-Pq: Topic 0.112 Gbp-Pq: Name 08_deprecate_racy_APIs.patch --- src/polkit/polkitunixprocess.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/polkit/polkitunixprocess.h b/src/polkit/polkitunixprocess.h index 531a57d6..f5ed1a73 100644 --- a/src/polkit/polkitunixprocess.h +++ b/src/polkit/polkitunixprocess.h @@ -47,7 +47,9 @@ typedef struct _PolkitUnixProcess PolkitUnixProcess; typedef struct _PolkitUnixProcessClass PolkitUnixProcessClass; GType polkit_unix_process_get_type (void) G_GNUC_CONST; +G_GNUC_DEPRECATED_FOR(polkit_unix_process_new_for_owner) PolkitSubject *polkit_unix_process_new (gint pid); +G_GNUC_DEPRECATED_FOR(polkit_unix_process_new_for_owner) PolkitSubject *polkit_unix_process_new_full (gint pid, guint64 start_time); PolkitSubject *polkit_unix_process_new_for_owner (gint pid, -- cgit v1.2.3 From 14076293c3f2497a2ad2f16acede783486dcacfd Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Mon, 19 Aug 2013 12:16:11 -0400 Subject: pkcheck: Support --process=pid,start-time,uid syntax too The uid is a new addition; this allows callers such as libvirt to close a race condition in reading the uid of the process talking to them. They can read it via getsockopt(SO_PEERCRED) or equivalent, rather than having pkcheck look at /proc later after the fact. Programs which invoke pkcheck but need to know beforehand (i.e. at compile time) whether or not it supports passing the uid can use: pkcheck_supports_uid=$($PKG_CONFIG --variable pkcheck_supports_uid polkit-gobject-1) test x$pkcheck_supports_uid = xyes Origin: upstream, 0.112, commit:3968411b0c7ba193f9b9276ec911692aec248608 Gbp-Pq: Topic 0.112 Gbp-Pq: Name cve-2013-4288.patch --- data/polkit-gobject-1.pc.in | 3 +++ docs/man/pkcheck.xml | 29 ++++++++++++++++++++--------- src/programs/pkcheck.c | 7 ++++++- 3 files changed, 29 insertions(+), 10 deletions(-) diff --git a/data/polkit-gobject-1.pc.in b/data/polkit-gobject-1.pc.in index c39677dd..5c4c6207 100644 --- a/data/polkit-gobject-1.pc.in +++ b/data/polkit-gobject-1.pc.in @@ -11,3 +11,6 @@ Version: @VERSION@ Libs: -L${libdir} -lpolkit-gobject-1 Cflags: -I${includedir}/polkit-1 Requires: gio-2.0 >= 2.18 glib-2.0 >= 2.18 +# Programs using pkcheck can use this to determine +# whether or not it can be passed a uid. +pkcheck_supports_uid=true diff --git a/docs/man/pkcheck.xml b/docs/man/pkcheck.xml index 6b8a8743..508447e2 100644 --- a/docs/man/pkcheck.xml +++ b/docs/man/pkcheck.xml @@ -55,6 +55,9 @@ pid,pid-start-time + + pid,pid-start-time,uid + @@ -90,7 +93,7 @@ DESCRIPTION pkcheck is used to check whether a process, specified by - either or , + either (see below) or , is authorized for action. The option can be used zero or more times to pass details about action. If is passed, pkcheck blocks @@ -160,17 +163,25 @@ KEY3=VALUE3 NOTES - Since process identifiers can be recycled, the caller should always use - pid,pid-start-time to specify the process - to check for authorization when using the option. - The value of pid-start-time - can be determined by consulting e.g. the + Do not use either the bare pid or + pid,start-time syntax forms for + . There are race conditions in both. + New code should always use + pid,pid-start-time,uid. The value of + start-time can be determined by + consulting e.g. the proc5 - file system depending on the operating system. If only pid - is passed to the option, then pkcheck - will look up the start time itself but note that this may be racy. + file system depending on the operating system. If fewer than 3 + arguments are passed, pkcheck will attempt to + look up them up internally, but note that this may be racy. + + + If your program is a daemon with e.g. a custom Unix domain + socket, you should determine the uid + parameter via operating system mechanisms such as + PEERCRED. diff --git a/src/programs/pkcheck.c b/src/programs/pkcheck.c index 719a36c4..057e926d 100644 --- a/src/programs/pkcheck.c +++ b/src/programs/pkcheck.c @@ -372,6 +372,7 @@ main (int argc, char *argv[]) else if (g_strcmp0 (argv[n], "--process") == 0 || g_strcmp0 (argv[n], "-p") == 0) { gint pid; + guint uid; guint64 pid_start_time; n++; @@ -381,7 +382,11 @@ main (int argc, char *argv[]) goto out; } - if (sscanf (argv[n], "%i,%" G_GUINT64_FORMAT, &pid, &pid_start_time) == 2) + if (sscanf (argv[n], "%i,%" G_GUINT64_FORMAT ",%u", &pid, &pid_start_time, &uid) == 3) + { + subject = polkit_unix_process_new_for_owner (pid, pid_start_time, uid); + } + else if (sscanf (argv[n], "%i,%" G_GUINT64_FORMAT, &pid, &pid_start_time) == 2) { subject = polkit_unix_process_new_full (pid, pid_start_time); } -- cgit v1.2.3 From 287a347d135e252500aaef6907de05e85aa8e30f Mon Sep 17 00:00:00 2001 From: Rui Matos Date: Thu, 2 Mar 2017 14:50:31 +0100 Subject: polkitpermission: Fix a memory leak on authority changes Signed-off-by: Rui Matos Bug: https://bugs.freedesktop.org/show_bug.cgi?id=99741 Origin: upstream, 0.114, commit:df6488c0a5b2a6c7a2d4f6a55008263635c5571b Gbp-Pq: Topic 0.114 Gbp-Pq: Name polkitpermission-Fix-a-memory-leak-on-authority-changes.patch --- src/polkit/polkitpermission.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/polkit/polkitpermission.c b/src/polkit/polkitpermission.c index 22d195fc..be794cb3 100644 --- a/src/polkit/polkitpermission.c +++ b/src/polkit/polkitpermission.c @@ -454,6 +454,7 @@ changed_check_cb (GObject *source_object, if (result != NULL) { process_result (permission, result); + g_object_unref (result); } else { -- cgit v1.2.3 From 5ab11d9cecea56b68cc68c015c45d3cbb76914e8 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Sat, 9 Nov 2013 13:48:21 -0500 Subject: Port internals non-deprecated PolkitProcess API where possible We can't port everything, but in PolkitPermission and these test cases, we can use _for_owner() with the right information. [smcv: drop the part that touches test/polkitbackend/test-polkitbackendjsauthority.c which is not in this branch] Origin: upstream, 0.113, commit:6d3d0a8ffb0fd8ae59eb35593b305ec87da8858d Gbp-Pq: Topic 0.113 Gbp-Pq: Name Port-internals-non-deprecated-PolkitProcess-API-wher.patch --- src/polkit/polkitpermission.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/polkit/polkitpermission.c b/src/polkit/polkitpermission.c index be794cb3..f264094d 100644 --- a/src/polkit/polkitpermission.c +++ b/src/polkit/polkitpermission.c @@ -122,7 +122,7 @@ polkit_permission_constructed (GObject *object) PolkitPermission *permission = POLKIT_PERMISSION (object); if (permission->subject == NULL) - permission->subject = polkit_unix_process_new (getpid ()); + permission->subject = polkit_unix_process_new_for_owner (getpid (), 0, getuid ()); if (G_OBJECT_CLASS (polkit_permission_parent_class)->constructed != NULL) G_OBJECT_CLASS (polkit_permission_parent_class)->constructed (object); -- cgit v1.2.3 From 45263438110415535c5f51f1617351c3f775e920 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Thu, 21 Nov 2013 17:39:37 -0500 Subject: pkexec: Work around systemd injecting broken XDG_RUNTIME_DIR This workaround isn't too much code, and it's often better to fix bugs in two places anyways. For more information: See https://bugzilla.redhat.com/show_bug.cgi?id=753882 See http://lists.freedesktop.org/archives/systemd-devel/2013-November/014370.html Origin: upstream, 0.113, commit:8635ffc16aeff6a07d675f861fe0dea03ea81d7e Gbp-Pq: Topic 0.113 Gbp-Pq: Name pkexec-Work-around-systemd-injecting-broken-XDG_RUNT.patch --- src/programs/pkexec.c | 33 ++++++++++++++++++++++++++++++--- 1 file changed, 30 insertions(+), 3 deletions(-) diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c index 9a0570a3..5e990443 100644 --- a/src/programs/pkexec.c +++ b/src/programs/pkexec.c @@ -139,8 +139,22 @@ pam_conversation_function (int n, return PAM_CONV_ERR; } +/* A work around for: + * https://bugzilla.redhat.com/show_bug.cgi?id=753882 + */ +static gboolean +xdg_runtime_dir_is_owned_by (const char *path, + uid_t target_uid) +{ + struct stat stbuf; + + return stat (path, &stbuf) == 0 && + stbuf.st_uid == target_uid; +} + static gboolean -open_session (const gchar *user_to_auth) +open_session (const gchar *user_to_auth, + uid_t target_uid) { gboolean ret; gint rc; @@ -182,7 +196,19 @@ open_session (const gchar *user_to_auth) { guint n; for (n = 0; envlist[n]; n++) - putenv (envlist[n]); + { + const char *envitem = envlist[n]; + + if (g_str_has_prefix (envitem, "XDG_RUNTIME_DIR=")) + { + const char *eq = strchr (envitem, '='); + g_assert (eq); + if (!xdg_runtime_dir_is_owned_by (eq + 1, target_uid)) + continue; + } + + putenv (envlist[n]); + } free (envlist); } @@ -892,7 +918,8 @@ main (int argc, char *argv[]) * As evident above, neither su(1) (and, for that matter, nor sudo(8)) does this. */ #ifdef POLKIT_AUTHFW_PAM - if (!open_session (pw->pw_name)) + if (!open_session (pw->pw_name, + pw->pw_uid)) { goto out; } -- cgit v1.2.3 From 3b0559e418d7483ffd854c242726cf88540a1739 Mon Sep 17 00:00:00 2001 From: Rui Matos Date: Thu, 6 Feb 2014 18:41:18 +0100 Subject: PolkitAgentSession: fix race between child and io watches The helper flushes and fdatasyncs stdout and stderr before terminating but this doesn't guarantee that our io watch is called before our child watch. This means that we can end up with a successful return from the helper which we still report as a failure. If we add G_IO_HUP and G_IO_ERR to the conditions we look for in the io watch and the child terminates we still run the io watch handler which will complete the session. This means that the child watch is in fact needless and we can remove it. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=60847 Origin: upstream, 0.113, commit:7650ad1e08ab13bdb461783c4995d186d9392840 Bug: http://bugs.freedesktop.org/show_bug.cgi?id=30515 Bug-Ubuntu: https://launchpad.net/bugs/649939 Bug-Ubuntu: https://launchpad.net/bugs/445303 Gbp-Pq: Topic 0.113 Gbp-Pq: Name 03_PolkitAgentSession-fix-race-between-child-and-io-wat.patch --- src/polkitagent/polkitagentsession.c | 47 +++++++++--------------------------- 1 file changed, 11 insertions(+), 36 deletions(-) diff --git a/src/polkitagent/polkitagentsession.c b/src/polkitagent/polkitagentsession.c index 8129cd9f..a658a229 100644 --- a/src/polkitagent/polkitagentsession.c +++ b/src/polkitagent/polkitagentsession.c @@ -92,7 +92,6 @@ struct _PolkitAgentSession int child_stdout; GPid child_pid; - GSource *child_watch_source; GSource *child_stdout_watch_source; GIOChannel *child_stdout_channel; @@ -377,13 +376,6 @@ kill_helper (PolkitAgentSession *session) session->child_pid = 0; } - if (session->child_watch_source != NULL) - { - g_source_destroy (session->child_watch_source); - g_source_unref (session->child_watch_source); - session->child_watch_source = NULL; - } - if (session->child_stdout_watch_source != NULL) { g_source_destroy (session->child_stdout_watch_source); @@ -429,26 +421,6 @@ complete_session (PolkitAgentSession *session, } } -static void -child_watch_func (GPid pid, - gint status, - gpointer user_data) -{ - PolkitAgentSession *session = POLKIT_AGENT_SESSION (user_data); - - if (G_UNLIKELY (_show_debug ())) - { - g_print ("PolkitAgentSession: in child_watch_func for pid %d (WIFEXITED=%d WEXITSTATUS=%d)\n", - (gint) pid, - WIFEXITED(status), - WEXITSTATUS(status)); - } - - /* kill all the watches we have set up, except for the child since it has exited already */ - session->child_pid = 0; - complete_session (session, FALSE); -} - static gboolean io_watch_have_data (GIOChannel *channel, GIOCondition condition, @@ -475,10 +447,13 @@ io_watch_have_data (GIOChannel *channel, NULL, NULL, &error); - if (error != NULL) + if (error != NULL || line == NULL) { - g_warning ("Error reading line from helper: %s", error->message); - g_error_free (error); + /* In case we get just G_IO_HUP, line is NULL but error is + unset.*/ + g_warning ("Error reading line from helper: %s", + error ? error->message : "nothing to read"); + g_clear_error (&error); complete_session (session, FALSE); goto out; @@ -540,6 +515,9 @@ io_watch_have_data (GIOChannel *channel, g_free (line); g_free (unescaped); + if (condition & (G_IO_ERR | G_IO_HUP)) + complete_session (session, FALSE); + /* keep the IOChannel around */ return TRUE; } @@ -650,12 +628,9 @@ polkit_agent_session_initiate (PolkitAgentSession *session) if (G_UNLIKELY (_show_debug ())) g_print ("PolkitAgentSession: spawned helper with pid %d\n", (gint) session->child_pid); - session->child_watch_source = g_child_watch_source_new (session->child_pid); - g_source_set_callback (session->child_watch_source, (GSourceFunc) child_watch_func, session, NULL); - g_source_attach (session->child_watch_source, g_main_context_get_thread_default ()); - session->child_stdout_channel = g_io_channel_unix_new (session->child_stdout); - session->child_stdout_watch_source = g_io_create_watch (session->child_stdout_channel, G_IO_IN); + session->child_stdout_watch_source = g_io_create_watch (session->child_stdout_channel, + G_IO_IN | G_IO_ERR | G_IO_HUP); g_source_set_callback (session->child_stdout_watch_source, (GSourceFunc) io_watch_have_data, session, NULL); g_source_attach (session->child_stdout_watch_source, g_main_context_get_thread_default ()); -- cgit v1.2.3 From 865e22b81ab7e4c5e257676c073796a4355bde2d Mon Sep 17 00:00:00 2001 From: Lukasz Skalski Date: Tue, 22 Apr 2014 11:11:20 +0200 Subject: polkitd: Fix problem with removing non-existent source Bug: https://bugs.freedesktop.org/show_bug.cgi?id=77167 Applied-upstream: 0.113, commit:3ca4e00c7e003ea80aa96b499bc7cd83246d7108 Gbp-Pq: Topic 0.113 Gbp-Pq: Name polkitd-Fix-problem-with-removing-non-existent-sourc.patch --- src/polkitd/main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/polkitd/main.c b/src/polkitd/main.c index b21723f6..f18fb917 100644 --- a/src/polkitd/main.c +++ b/src/polkitd/main.c @@ -93,7 +93,7 @@ on_sigint (gpointer user_data) { g_print ("Handling SIGINT\n"); g_main_loop_quit (loop); - return FALSE; + return TRUE; } int -- cgit v1.2.3 From 5fef80d5d38eac37fcdff8062d33a46b33b17a0d Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Wed, 21 Aug 2013 12:23:55 -0400 Subject: PolkitSystemBusName: Add public API to retrieve Unix user And change the duplicated code in the backend session monitors to use it. This just a code cleanup resulting from review after CVE-2013-4288. There's no security impact from this patch, it just removes duplicated code. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=69538 Origin: upstream, 0.113, commit:904d8404d93dec45fce3b719eb1a626acc6b8a73 Gbp-Pq: Topic 0.113 Gbp-Pq: Name PolkitSystemBusName-Add-public-API-to-retrieve-Unix-.patch --- src/polkit/polkitsystembusname.c | 56 ++++++++++++++++++++++ src/polkit/polkitsystembusname.h | 4 ++ .../polkitbackendsessionmonitor-systemd.c | 20 +------- src/polkitbackend/polkitbackendsessionmonitor.c | 20 +------- 4 files changed, 62 insertions(+), 38 deletions(-) diff --git a/src/polkit/polkitsystembusname.c b/src/polkit/polkitsystembusname.c index 2a297c4a..51e4a694 100644 --- a/src/polkit/polkitsystembusname.c +++ b/src/polkit/polkitsystembusname.c @@ -25,6 +25,7 @@ #include #include "polkitsystembusname.h" +#include "polkitunixuser.h" #include "polkitsubject.h" #include "polkitprivate.h" @@ -396,3 +397,58 @@ polkit_system_bus_name_get_process_sync (PolkitSystemBusName *system_bus_name, return ret; } +/** + * polkit_system_bus_name_get_user_sync: + * @system_bus_name: A #PolkitSystemBusName. + * @cancellable: (allow-none): A #GCancellable or %NULL. + * @error: (allow-none): Return location for error or %NULL. + * + * Synchronously gets a #PolkitUnixUser object for @system_bus_name; + * the calling thread is blocked until a reply is received. + * + * Returns: (allow-none) (transfer full): A #PolkitUnixUser object or %NULL if @error is set. + **/ +PolkitUnixUser * +polkit_system_bus_name_get_user_sync (PolkitSystemBusName *system_bus_name, + GCancellable *cancellable, + GError **error) +{ + GDBusConnection *connection; + PolkitUnixUser *ret; + GVariant *result; + guint32 uid; + + g_return_val_if_fail (POLKIT_IS_SYSTEM_BUS_NAME (system_bus_name), NULL); + g_return_val_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable), NULL); + g_return_val_if_fail (error == NULL || *error == NULL, NULL); + + ret = NULL; + + connection = g_bus_get_sync (G_BUS_TYPE_SYSTEM, cancellable, error); + if (connection == NULL) + goto out; + + result = g_dbus_connection_call_sync (connection, + "org.freedesktop.DBus", /* name */ + "/org/freedesktop/DBus", /* object path */ + "org.freedesktop.DBus", /* interface name */ + "GetConnectionUnixUser", /* method */ + g_variant_new ("(s)", system_bus_name->name), + G_VARIANT_TYPE ("(u)"), + G_DBUS_CALL_FLAGS_NONE, + -1, + cancellable, + error); + if (result == NULL) + goto out; + + g_variant_get (result, "(u)", &uid); + g_variant_unref (result); + + ret = (PolkitUnixUser*)polkit_unix_user_new (uid); + + out: + if (connection != NULL) + g_object_unref (connection); + return ret; +} diff --git a/src/polkit/polkitsystembusname.h b/src/polkit/polkitsystembusname.h index 1fc464fc..38d31f71 100644 --- a/src/polkit/polkitsystembusname.h +++ b/src/polkit/polkitsystembusname.h @@ -56,6 +56,10 @@ PolkitSubject *polkit_system_bus_name_get_process_sync (PolkitSystemBusName GCancellable *cancellable, GError **error); +PolkitUnixUser * polkit_system_bus_name_get_user_sync (PolkitSystemBusName *system_bus_name, + GCancellable *cancellable, + GError **error); + G_END_DECLS #endif /* __POLKIT_SYSTEM_BUS_NAME_H */ diff --git a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c index 58593c32..01853105 100644 --- a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c +++ b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c @@ -277,25 +277,7 @@ polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor } else if (POLKIT_IS_SYSTEM_BUS_NAME (subject)) { - GVariant *result; - - result = g_dbus_connection_call_sync (monitor->system_bus, - "org.freedesktop.DBus", - "/org/freedesktop/DBus", - "org.freedesktop.DBus", - "GetConnectionUnixUser", - g_variant_new ("(s)", polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (subject))), - G_VARIANT_TYPE ("(u)"), - G_DBUS_CALL_FLAGS_NONE, - -1, /* timeout_msec */ - NULL, /* GCancellable */ - error); - if (result == NULL) - goto out; - g_variant_get (result, "(u)", &uid); - g_variant_unref (result); - - ret = polkit_unix_user_new (uid); + ret = (PolkitIdentity*)polkit_system_bus_name_get_user_sync (POLKIT_SYSTEM_BUS_NAME (subject), NULL, error); } else if (POLKIT_IS_UNIX_SESSION (subject)) { diff --git a/src/polkitbackend/polkitbackendsessionmonitor.c b/src/polkitbackend/polkitbackendsessionmonitor.c index 9c331b64..4075d3ff 100644 --- a/src/polkitbackend/polkitbackendsessionmonitor.c +++ b/src/polkitbackend/polkitbackendsessionmonitor.c @@ -306,25 +306,7 @@ polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor } else if (POLKIT_IS_SYSTEM_BUS_NAME (subject)) { - GVariant *result; - - result = g_dbus_connection_call_sync (monitor->system_bus, - "org.freedesktop.DBus", - "/org/freedesktop/DBus", - "org.freedesktop.DBus", - "GetConnectionUnixUser", - g_variant_new ("(s)", polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (subject))), - G_VARIANT_TYPE ("(u)"), - G_DBUS_CALL_FLAGS_NONE, - -1, /* timeout_msec */ - NULL, /* GCancellable */ - error); - if (result == NULL) - goto out; - g_variant_get (result, "(u)", &uid); - g_variant_unref (result); - - ret = polkit_unix_user_new (uid); + ret = (PolkitIdentity*)polkit_system_bus_name_get_user_sync (POLKIT_SYSTEM_BUS_NAME (subject)); } else if (POLKIT_IS_UNIX_SESSION (subject)) { -- cgit v1.2.3 From 9bddf5035ae19c473d6029213d0d001357dc5b36 Mon Sep 17 00:00:00 2001 From: Xabier Rodriguez Calvar Date: Sun, 10 Nov 2013 19:16:41 +0100 Subject: Fixed compilation problem in the backend Origin: upstream, 0.113, commit: dbbb7dc60abdd970af0a8fae404484181fa909c9 Bug-Debian: https://bugs.debian.org/798769 Gbp-Pq: Topic 0.113 Gbp-Pq: Name Fixed-compilation-problem-in-the-backend.patch --- src/polkitbackend/polkitbackendsessionmonitor.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/polkitbackend/polkitbackendsessionmonitor.c b/src/polkitbackend/polkitbackendsessionmonitor.c index 4075d3ff..05f51c58 100644 --- a/src/polkitbackend/polkitbackendsessionmonitor.c +++ b/src/polkitbackend/polkitbackendsessionmonitor.c @@ -306,7 +306,7 @@ polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor } else if (POLKIT_IS_SYSTEM_BUS_NAME (subject)) { - ret = (PolkitIdentity*)polkit_system_bus_name_get_user_sync (POLKIT_SYSTEM_BUS_NAME (subject)); + ret = (PolkitIdentity*)polkit_system_bus_name_get_user_sync (POLKIT_SYSTEM_BUS_NAME (subject), NULL, NULL); } else if (POLKIT_IS_UNIX_SESSION (subject)) { -- cgit v1.2.3 From 1aaa4b4ad89395ca6195826feab3fedc686b7f5c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Mon, 11 Nov 2013 23:51:23 +0100 Subject: Don't discard error data returned by polkit_system_bus_name_get_user_sync Bug: https://bugs.freedesktop.org/show_bug.cgi?id=71458 Origin: upstream, 0.113, commit: 145d43b9c891f248ad68ebe597cb151a865bdb3a Bug-Debian: https://bugs.debian.org/798769 Gbp-Pq: Topic 0.113 Gbp-Pq: Name Don-t-discard-error-data-returned-by-polkit_system_b.patch --- src/polkitbackend/polkitbackendsessionmonitor.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/polkitbackend/polkitbackendsessionmonitor.c b/src/polkitbackend/polkitbackendsessionmonitor.c index 05f51c58..e1a9ab3a 100644 --- a/src/polkitbackend/polkitbackendsessionmonitor.c +++ b/src/polkitbackend/polkitbackendsessionmonitor.c @@ -306,7 +306,7 @@ polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor } else if (POLKIT_IS_SYSTEM_BUS_NAME (subject)) { - ret = (PolkitIdentity*)polkit_system_bus_name_get_user_sync (POLKIT_SYSTEM_BUS_NAME (subject), NULL, NULL); + ret = (PolkitIdentity*)polkit_system_bus_name_get_user_sync (POLKIT_SYSTEM_BUS_NAME (subject), NULL, error); } else if (POLKIT_IS_UNIX_SESSION (subject)) { -- cgit v1.2.3 From 5bba51d7b3478787ca2c06dd661d3b1fc31e8be1 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Thu, 7 Nov 2013 15:57:50 -0500 Subject: sessionmonitor-systemd: Deduplicate code paths We had the code to go from pid -> session duplicated. If we have a PolkitSystemBusName, convert it to a PolkitUnixProcess. Then we can do PolkitUnixProcess -> pid -> session in one place. This is just a code cleanup. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=69538 Origin: upstream, 0.113, commit:26d0c0578211fb96fc8fe75572aa11ad6ecbf9b8 Gbp-Pq: Topic 0.113 Gbp-Pq: Name sessionmonitor-systemd-Deduplicate-code-paths.patch --- .../polkitbackendsessionmonitor-systemd.c | 63 ++++++++-------------- 1 file changed, 22 insertions(+), 41 deletions(-) diff --git a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c index 01853105..756b728a 100644 --- a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c +++ b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c @@ -313,61 +313,42 @@ polkit_backend_session_monitor_get_session_for_subject (PolkitBackendSessionMoni PolkitSubject *subject, GError **error) { - PolkitSubject *session; - - session = NULL; + PolkitUnixProcess *tmp_process = NULL; + PolkitUnixProcess *process = NULL; + PolkitSubject *session = NULL; + char *session_id = NULL; + pid_t pid; if (POLKIT_IS_UNIX_PROCESS (subject)) - { - gchar *session_id; - pid_t pid; - - pid = polkit_unix_process_get_pid (POLKIT_UNIX_PROCESS (subject)); - if (sd_pid_get_session (pid, &session_id) < 0) - goto out; - - session = polkit_unix_session_new (session_id); - free (session_id); - } + process = POLKIT_UNIX_PROCESS (subject); /* We already have a process */ else if (POLKIT_IS_SYSTEM_BUS_NAME (subject)) { - guint32 pid; - gchar *session_id; - GVariant *result; - - result = g_dbus_connection_call_sync (monitor->system_bus, - "org.freedesktop.DBus", - "/org/freedesktop/DBus", - "org.freedesktop.DBus", - "GetConnectionUnixProcessID", - g_variant_new ("(s)", polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (subject))), - G_VARIANT_TYPE ("(u)"), - G_DBUS_CALL_FLAGS_NONE, - -1, /* timeout_msec */ - NULL, /* GCancellable */ - error); - if (result == NULL) - goto out; - g_variant_get (result, "(u)", &pid); - g_variant_unref (result); - - if (sd_pid_get_session (pid, &session_id) < 0) - goto out; - - session = polkit_unix_session_new (session_id); - free (session_id); + /* Convert bus name to process */ + tmp_process = (PolkitUnixProcess*)polkit_system_bus_name_get_process_sync (POLKIT_SYSTEM_BUS_NAME (subject), NULL, error); + if (!tmp_process) + goto out; + process = tmp_process; } else { g_set_error (error, POLKIT_ERROR, POLKIT_ERROR_NOT_SUPPORTED, - "Cannot get user for subject of type %s", + "Cannot get session for subject of type %s", g_type_name (G_TYPE_FROM_INSTANCE (subject))); } - out: + /* Now do process -> pid -> session */ + g_assert (process != NULL); + pid = polkit_unix_process_get_pid (process); + if (sd_pid_get_session (pid, &session_id) < 0) + goto out; + + session = polkit_unix_session_new (session_id); + free (session_id); + out: + if (tmp_process) g_object_unref (tmp_process); return session; } -- cgit v1.2.3 From 41274080b5bb7c0def17789dc81cd127c3a20848 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Sat, 9 Nov 2013 09:32:52 -0500 Subject: PolkitSystemBusName: Retrieve both pid and uid For polkit_system_bus_name_get_process_sync(), as pointed out by Miloslav Trmac, we can securely retrieve the owner uid as well from the system bus, rather than (racily) looking it up internally. This avoids use of a deprecated API. However, this is not a security fix because nothing in the polkit codebase itself actually retrieves the uid from the result of this API call. But, it might be useful in the future. Origin: upstream, 0.113, commit:bfa5036bfb93582c5a87c44b847957479d911e38 Gbp-Pq: Topic 0.113 Gbp-Pq: Name PolkitSystemBusName-Retrieve-both-pid-and-uid.patch --- src/polkit/polkitsystembusname.c | 171 +++++++++++++++++++++++++++------------ 1 file changed, 118 insertions(+), 53 deletions(-) diff --git a/src/polkit/polkitsystembusname.c b/src/polkit/polkitsystembusname.c index 51e4a694..8daa12cb 100644 --- a/src/polkit/polkitsystembusname.c +++ b/src/polkit/polkitsystembusname.c @@ -341,6 +341,116 @@ subject_iface_init (PolkitSubjectIface *subject_iface) /* ---------------------------------------------------------------------------------------------------- */ +typedef struct { + GError **error; + guint retrieved_uid : 1; + guint retrieved_pid : 1; + guint caught_error : 1; + + guint32 uid; + guint32 pid; +} AsyncGetBusNameCredsData; + +static void +on_retrieved_unix_uid_pid (GObject *src, + GAsyncResult *res, + gpointer user_data) +{ + AsyncGetBusNameCredsData *data = user_data; + GVariant *v; + + v = g_dbus_connection_call_finish ((GDBusConnection*)src, res, + data->caught_error ? NULL : data->error); + if (!v) + { + data->caught_error = TRUE; + } + else + { + guint32 value; + g_variant_get (v, "(u)", &value); + g_variant_unref (v); + if (!data->retrieved_uid) + { + data->retrieved_uid = TRUE; + data->uid = value; + } + else + { + g_assert (!data->retrieved_pid); + data->retrieved_pid = TRUE; + data->pid = value; + } + } +} + +static gboolean +polkit_system_bus_name_get_creds_sync (PolkitSystemBusName *system_bus_name, + guint32 *out_uid, + guint32 *out_pid, + GCancellable *cancellable, + GError **error) +{ + gboolean ret = FALSE; + AsyncGetBusNameCredsData data = { 0, }; + GDBusConnection *connection = NULL; + GMainContext *tmp_context = NULL; + + connection = g_bus_get_sync (G_BUS_TYPE_SYSTEM, cancellable, error); + if (connection == NULL) + goto out; + + data.error = error; + + tmp_context = g_main_context_new (); + g_main_context_push_thread_default (tmp_context); + + /* Do two async calls as it's basically as fast as one sync call. + */ + g_dbus_connection_call (connection, + "org.freedesktop.DBus", /* name */ + "/org/freedesktop/DBus", /* object path */ + "org.freedesktop.DBus", /* interface name */ + "GetConnectionUnixUser", /* method */ + g_variant_new ("(s)", system_bus_name->name), + G_VARIANT_TYPE ("(u)"), + G_DBUS_CALL_FLAGS_NONE, + -1, + cancellable, + on_retrieved_unix_uid_pid, + &data); + g_dbus_connection_call (connection, + "org.freedesktop.DBus", /* name */ + "/org/freedesktop/DBus", /* object path */ + "org.freedesktop.DBus", /* interface name */ + "GetConnectionUnixProcessID", /* method */ + g_variant_new ("(s)", system_bus_name->name), + G_VARIANT_TYPE ("(u)"), + G_DBUS_CALL_FLAGS_NONE, + -1, + cancellable, + on_retrieved_unix_uid_pid, + &data); + + while (!((data.retrieved_uid && data.retrieved_pid) || data.caught_error)) + g_main_context_iteration (tmp_context, TRUE); + + if (out_uid) + *out_uid = data.uid; + if (out_pid) + *out_pid = data.pid; + ret = TRUE; + out: + if (tmp_context) + { + g_main_context_pop_thread_default (tmp_context); + g_main_context_unref (tmp_context); + } + if (connection != NULL) + g_object_unref (connection); + return ret; +} + /** * polkit_system_bus_name_get_process_sync: * @system_bus_name: A #PolkitSystemBusName. @@ -357,43 +467,21 @@ polkit_system_bus_name_get_process_sync (PolkitSystemBusName *system_bus_name, GCancellable *cancellable, GError **error) { - GDBusConnection *connection; - PolkitSubject *ret; - GVariant *result; + PolkitSubject *ret = NULL; guint32 pid; + guint32 uid; g_return_val_if_fail (POLKIT_IS_SYSTEM_BUS_NAME (system_bus_name), NULL); g_return_val_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable), NULL); g_return_val_if_fail (error == NULL || *error == NULL, NULL); - ret = NULL; - - connection = g_bus_get_sync (G_BUS_TYPE_SYSTEM, cancellable, error); - if (connection == NULL) + if (!polkit_system_bus_name_get_creds_sync (system_bus_name, &uid, &pid, + cancellable, error)) goto out; - result = g_dbus_connection_call_sync (connection, - "org.freedesktop.DBus", /* name */ - "/org/freedesktop/DBus", /* object path */ - "org.freedesktop.DBus", /* interface name */ - "GetConnectionUnixProcessID", /* method */ - g_variant_new ("(s)", system_bus_name->name), - G_VARIANT_TYPE ("(u)"), - G_DBUS_CALL_FLAGS_NONE, - -1, - cancellable, - error); - if (result == NULL) - goto out; - - g_variant_get (result, "(u)", &pid); - g_variant_unref (result); - - ret = polkit_unix_process_new (pid); + ret = polkit_unix_process_new_for_owner (pid, 0, uid); out: - if (connection != NULL) - g_object_unref (connection); return ret; } @@ -413,42 +501,19 @@ polkit_system_bus_name_get_user_sync (PolkitSystemBusName *system_bus_name, GCancellable *cancellable, GError **error) { - GDBusConnection *connection; - PolkitUnixUser *ret; - GVariant *result; + PolkitUnixUser *ret = NULL; guint32 uid; g_return_val_if_fail (POLKIT_IS_SYSTEM_BUS_NAME (system_bus_name), NULL); g_return_val_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable), NULL); g_return_val_if_fail (error == NULL || *error == NULL, NULL); - ret = NULL; - - connection = g_bus_get_sync (G_BUS_TYPE_SYSTEM, cancellable, error); - if (connection == NULL) - goto out; - - result = g_dbus_connection_call_sync (connection, - "org.freedesktop.DBus", /* name */ - "/org/freedesktop/DBus", /* object path */ - "org.freedesktop.DBus", /* interface name */ - "GetConnectionUnixUser", /* method */ - g_variant_new ("(s)", system_bus_name->name), - G_VARIANT_TYPE ("(u)"), - G_DBUS_CALL_FLAGS_NONE, - -1, - cancellable, - error); - if (result == NULL) + if (!polkit_system_bus_name_get_creds_sync (system_bus_name, &uid, NULL, + cancellable, error)) goto out; - g_variant_get (result, "(u)", &uid); - g_variant_unref (result); - ret = (PolkitUnixUser*)polkit_unix_user_new (uid); out: - if (connection != NULL) - g_object_unref (connection); return ret; } -- cgit v1.2.3 From 26f507fab68341caaf11b2b622522f2eee8b2e8e Mon Sep 17 00:00:00 2001 From: Kay Sievers Date: Mon, 19 May 2014 10:19:49 +0900 Subject: sessionmonitor-systemd: prepare for D-Bus "user bus" model In the D-Bus "user bus" model, all sessions of a user share the same D-Bus instance, a polkit requesting process might live outside the login session which registered the user's polkit agent. In case a polkit requesting process is not part of the user's login session, we ask systemd-logind for the user's "display" session instead. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=78905 Bug-Debian: https://bugs.debian.org/779988 Applied-upstream: 0.113, commit:a68f5dfd7662767b7b9822090b70bc5bd145c50c [smcv: backport configure.ac changes; fail with #error if the required API is not found] Gbp-Pq: Topic 0.113 Gbp-Pq: Name sessionmonitor-systemd-prepare-for-D-Bus-user-bus-mo.patch --- configure.ac | 4 +++ .../polkitbackendsessionmonitor-systemd.c | 29 ++++++++++++++++++---- 2 files changed, 28 insertions(+), 5 deletions(-) diff --git a/configure.ac b/configure.ac index f4a0c417..aa2760f9 100644 --- a/configure.ac +++ b/configure.ac @@ -165,6 +165,10 @@ if test "$enable_systemd" != "no"; then have_systemd=no) if test "$have_systemd" = "yes"; then SESSION_TRACKING=systemd + save_LIBS=$LIBS + LIBS=$SYSTEMD_LIBS + AC_CHECK_FUNCS(sd_uid_get_display) + LIBS=$save_LIBS else if test "$enable_systemd" = "yes"; then AC_MSG_ERROR([systemd support requested but libsystemd-login1 library not found]) diff --git a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c index 756b728a..ebd05cea 100644 --- a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c +++ b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c @@ -318,6 +318,9 @@ polkit_backend_session_monitor_get_session_for_subject (PolkitBackendSessionMoni PolkitSubject *session = NULL; char *session_id = NULL; pid_t pid; +#if HAVE_SD_UID_GET_DISPLAY + uid_t uid; +#endif if (POLKIT_IS_UNIX_PROCESS (subject)) process = POLKIT_UNIX_PROCESS (subject); /* We already have a process */ @@ -338,16 +341,32 @@ polkit_backend_session_monitor_get_session_for_subject (PolkitBackendSessionMoni g_type_name (G_TYPE_FROM_INSTANCE (subject))); } - /* Now do process -> pid -> session */ + /* Now do process -> pid -> same session */ g_assert (process != NULL); pid = polkit_unix_process_get_pid (process); - if (sd_pid_get_session (pid, &session_id) < 0) + if (sd_pid_get_session (pid, &session_id) >= 0) + { + session = polkit_unix_session_new (session_id); + goto out; + } + +#if HAVE_SD_UID_GET_DISPLAY + /* Now do process -> uid -> graphical session (systemd version 213)*/ + if (sd_pid_get_owner_uid (pid, &uid) < 0) goto out; - - session = polkit_unix_session_new (session_id); - free (session_id); + + if (sd_uid_get_display (uid, &session_id) >= 0) + { + session = polkit_unix_session_new (session_id); + goto out; + } +#else +#error Debian should have sd_uid_get_display() +#endif + out: + free (session_id); if (tmp_process) g_object_unref (tmp_process); return session; } -- cgit v1.2.3 From bb96cee5187c05de1107c16f83ba166c7a36e96d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Tue, 26 Aug 2014 17:59:47 +0200 Subject: Refuse duplicate --user arguments to pkexec This usage is clearly erroneous, so we should tell the users they are making a mistake. Besides, this allows an attacker to cause a high number of heap allocations with attacker-controlled sizes ( http://googleprojectzero.blogspot.cz/2014/08/the-poisoned-nul-byte-2014-edition.html ), making some exploits easier. (To be clear, this is not a pkexec vulnerability, and we will not refuse attacker-affected malloc() usage as a matter of policy; but this commit is both user-friendly and adding some hardening.) Bug: https://bugs.freedesktop.org/show_bug.cgi?id=83093 Origin: upstream, 0.113, commit:6c992bc8aefa195a41eaa41c07f46f17de18e25c Gbp-Pq: Topic 0.113 Gbp-Pq: Name Refuse-duplicate-user-arguments-to-pkexec.patch --- src/programs/pkexec.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c index 5e990443..abc660df 100644 --- a/src/programs/pkexec.c +++ b/src/programs/pkexec.c @@ -533,6 +533,11 @@ main (int argc, char *argv[]) goto out; } + if (opt_user != NULL) + { + g_printerr ("--user specified twice\n"); + goto out; + } opt_user = g_strdup (argv[n]); } else if (strcmp (argv[n], "--disable-internal-agent") == 0) -- cgit v1.2.3 From 746d9c405d3add5b53992a5afcec4eaf2df41e54 Mon Sep 17 00:00:00 2001 From: "Max A. Dednev" Date: Sun, 11 Jan 2015 20:00:44 -0500 Subject: authority: Fix memory leak in EnumerateActions call results handler Policykit-1 doesn't release reference counters of GVariant data for org.freedesktop.PolicyKit1.Authority.EnumerateActions dbus call. This patch fixed reference counting and following memory leak. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=88288 Origin: upstream, 0.113, commit:f4d71e0de885010494b8b0b8d62ca910011d7544 Gbp-Pq: Topic 0.113 Gbp-Pq: Name 00git_fix_memleak.patch --- src/polkit/polkitauthority.c | 1 - 1 file changed, 1 deletion(-) diff --git a/src/polkit/polkitauthority.c b/src/polkit/polkitauthority.c index 9947cf32..84dab72c 100644 --- a/src/polkit/polkitauthority.c +++ b/src/polkit/polkitauthority.c @@ -715,7 +715,6 @@ polkit_authority_enumerate_actions_finish (PolkitAuthority *authority, while ((child = g_variant_iter_next_value (&iter)) != NULL) { ret = g_list_prepend (ret, polkit_action_description_new_for_gvariant (child)); - g_variant_ref_sink (child); g_variant_unref (child); } ret = g_list_reverse (ret); -- cgit v1.2.3 From 7f33e84911acd43ab9344339b090ab3dd11fc7ae Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Sat, 30 May 2015 09:06:23 -0400 Subject: CVE-2015-3218: backend: Handle invalid object paths in RegisterAuthenticationAgent MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Properly propagate the error, otherwise we dereference a `NULL` pointer. This is a local, authenticated DoS. `RegisterAuthenticationAgentWithOptions` and `UnregisterAuthentication` have been validated to not need changes for this. http://lists.freedesktop.org/archives/polkit-devel/2015-May/000420.html Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90829 Bug-Debian: https://bugs.debian.org/787932 Reported-by: Tavis Ormandy Reviewed-by: Philip Withnall Reviewed-by: Miloslav Trmač Signed-off-by: Colin Walters Origin: upstream, 0.113, commit:48e646918efb2bf0b3b505747655726d7869f31c Gbp-Pq: Topic 0.113 Gbp-Pq: Name 00git_invalid_object_paths.patch --- .../polkitbackendinteractiveauthority.c | 53 ++++++++++++---------- 1 file changed, 30 insertions(+), 23 deletions(-) diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c index b237e9db..25e13fb0 100644 --- a/src/polkitbackend/polkitbackendinteractiveauthority.c +++ b/src/polkitbackend/polkitbackendinteractiveauthority.c @@ -1558,36 +1558,42 @@ authentication_agent_new (PolkitSubject *scope, const gchar *unique_system_bus_name, const gchar *locale, const gchar *object_path, - GVariant *registration_options) + GVariant *registration_options, + GError **error) { AuthenticationAgent *agent; - GError *error; + GDBusProxy *proxy; - agent = g_new0 (AuthenticationAgent, 1); + if (!g_variant_is_object_path (object_path)) + { + g_set_error (error, POLKIT_ERROR, POLKIT_ERROR_FAILED, + "Invalid object path '%s'", object_path); + return NULL; + } + + proxy = g_dbus_proxy_new_for_bus_sync (G_BUS_TYPE_SYSTEM, + G_DBUS_PROXY_FLAGS_DO_NOT_LOAD_PROPERTIES | + G_DBUS_PROXY_FLAGS_DO_NOT_CONNECT_SIGNALS, + NULL, /* GDBusInterfaceInfo* */ + unique_system_bus_name, + object_path, + "org.freedesktop.PolicyKit1.AuthenticationAgent", + NULL, /* GCancellable* */ + error); + if (proxy == NULL) + { + g_prefix_error (error, "Failed to construct proxy for agent: " ); + return NULL; + } + agent = g_new0 (AuthenticationAgent, 1); agent->ref_count = 1; agent->scope = g_object_ref (scope); agent->object_path = g_strdup (object_path); agent->unique_system_bus_name = g_strdup (unique_system_bus_name); agent->locale = g_strdup (locale); agent->registration_options = registration_options != NULL ? g_variant_ref (registration_options) : NULL; - - error = NULL; - agent->proxy = g_dbus_proxy_new_for_bus_sync (G_BUS_TYPE_SYSTEM, - G_DBUS_PROXY_FLAGS_DO_NOT_LOAD_PROPERTIES | - G_DBUS_PROXY_FLAGS_DO_NOT_CONNECT_SIGNALS, - NULL, /* GDBusInterfaceInfo* */ - agent->unique_system_bus_name, - agent->object_path, - "org.freedesktop.PolicyKit1.AuthenticationAgent", - NULL, /* GCancellable* */ - &error); - if (agent->proxy == NULL) - { - g_warning ("Error constructing proxy for agent: %s", error->message); - g_error_free (error); - /* TODO: Make authentication_agent_new() return NULL and set a GError */ - } + agent->proxy = proxy; return agent; } @@ -2234,8 +2240,6 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken caller_cmdline = NULL; agent = NULL; - /* TODO: validate that object path is well-formed */ - interactive_authority = POLKIT_BACKEND_INTERACTIVE_AUTHORITY (authority); priv = POLKIT_BACKEND_INTERACTIVE_AUTHORITY_GET_PRIVATE (interactive_authority); @@ -2322,7 +2326,10 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (caller)), locale, object_path, - options); + options, + error); + if (!agent) + goto out; g_hash_table_insert (priv->hash_scope_to_authentication_agent, g_object_ref (subject), -- cgit v1.2.3 From 2f63e73092f95961a232f5e5f48f182619d17dc3 Mon Sep 17 00:00:00 2001 From: Philip Withnall Date: Tue, 2 Jun 2015 16:19:51 +0100 Subject: sessionmonitor-systemd: Use sd_uid_get_state() to check session activity MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Instead of using sd_pid_get_session() then sd_session_is_active() to determine whether the user is active, use sd_uid_get_state() directly. This gets the maximum of the states of all the user’s sessions, rather than the state of the session containing the subject process. Since the user is the security boundary, this is fine. This change is necessary for `systemd --user` sessions, where most user code will be forked off user@.service, rather than running inside the logind session (whether that be a foreground/active or background/online session). Policy-wise, the change is from checking whether the subject process is in an active session; to checking whether the subject process is owned by a user with at least one active session. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=76358 Applied-upstream: 0.113, commit:a29653ffa99e0809e15aa34afcd7b2df8593871c Bug-Debian: https://bugs.debian.org/779988 Gbp-Pq: Topic 0.113 Gbp-Pq: Name sessionmonitor-systemd-Use-sd_uid_get_state-to-check.patch --- .../polkitbackendsessionmonitor-systemd.c | 33 +++++++++++++++++++++- 1 file changed, 32 insertions(+), 1 deletion(-) diff --git a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c index ebd05cea..6bd517ab 100644 --- a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c +++ b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c @@ -391,6 +391,37 @@ gboolean polkit_backend_session_monitor_is_session_active (PolkitBackendSessionMonitor *monitor, PolkitSubject *session) { - return sd_session_is_active (polkit_unix_session_get_session_id (POLKIT_UNIX_SESSION (session))); + const char *session_id; + char *state; + uid_t uid; + gboolean is_active = FALSE; + + session_id = polkit_unix_session_get_session_id (POLKIT_UNIX_SESSION (session)); + + g_debug ("Checking whether session %s is active.", session_id); + + /* Check whether *any* of the user's current sessions are active. */ + if (sd_session_get_uid (session_id, &uid) < 0) + goto fallback; + + g_debug ("Session %s has UID %u.", session_id, uid); + + if (sd_uid_get_state (uid, &state) < 0) + goto fallback; + + g_debug ("UID %u has state %s.", uid, state); + + is_active = (g_strcmp0 (state, "active") == 0); + free (state); + + return is_active; + +fallback: + /* Fall back to checking the session. This is not ideal, since the user + * might have multiple sessions, and we cannot guarantee to have chosen + * the active one. + * + * See: https://bugs.freedesktop.org/show_bug.cgi?id=76358. */ + return sd_session_is_active (session_id); } -- cgit v1.2.3 From 517d3e8164e5ea45858509c364bacaf1e9face11 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Wed, 11 Jun 2014 22:36:50 +0200 Subject: Fix a possible NULL dereference. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit polkit_backend_session_monitor_get_user_for_subject() may return NULL (and because it is using external processes, we can’t really rule it out). The code was already anticipating NULL in the cleanup section, so handle it also when actually using the value. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=80767 Origin: upstream, 0.113, commit:6109543303def367b84eaac97d2ff9cefe735efb Gbp-Pq: Topic 0.113 Gbp-Pq: Name Fix-a-possible-NULL-dereference.patch --- src/polkitbackend/polkitbackendinteractiveauthority.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c index 25e13fb0..00ee0446 100644 --- a/src/polkitbackend/polkitbackendinteractiveauthority.c +++ b/src/polkitbackend/polkitbackendinteractiveauthority.c @@ -557,7 +557,11 @@ log_result (PolkitBackendInteractiveAuthority *authority, user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, subject, NULL); subject_str = polkit_subject_to_string (subject); - user_of_subject_str = polkit_identity_to_string (user_of_subject); + + if (user_of_subject != NULL) + user_of_subject_str = polkit_identity_to_string (user_of_subject); + else + user_of_subject_str = g_strdup (""); caller_str = polkit_subject_to_string (caller); subject_cmdline = _polkit_subject_get_cmdline (subject); -- cgit v1.2.3 From 550980ca03699dd061daad5e1f152f835b5ef9b3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Wed, 11 Jun 2014 22:44:28 +0200 Subject: Remove a redundant assignment. Instead of a nonsensical (data = data), use the more customary ((void)data) to silence the warning about an unused parameter. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=80767 Origin: upstream, 0.113, commit:37143eb06cb0c4dffca67079dd1c10c5b191b6a7 Gbp-Pq: Topic 0.113 Gbp-Pq: Name Remove-a-redundant-assignment.patch --- src/polkitagent/polkitagenthelper-pam.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/polkitagent/polkitagenthelper-pam.c b/src/polkitagent/polkitagenthelper-pam.c index 292abbe4..937386e8 100644 --- a/src/polkitagent/polkitagenthelper-pam.c +++ b/src/polkitagent/polkitagenthelper-pam.c @@ -230,7 +230,7 @@ conversation_function (int n, const struct pam_message **msg, struct pam_respons gchar *tmp = NULL; size_t len; - data = data; + (void)data; if (n <= 0 || n > PAM_MAX_NUM_MSG) return PAM_CONV_ERR; -- cgit v1.2.3 From c87db5142637bba1ff528930cfd4e5a557c2c2dd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Mon, 15 Sep 2014 19:45:15 +0200 Subject: Fix duplicate GError use when "uid" is missing Some GLib versions complain loudly about this. To reproduce, call e.g. RegisterAuthenticationAgent with the following parameters: ("unix-process", {"pid": __import__('gi.repository.GLib', globals(), locals(), ['Variant']).Variant("u", 1), "start-time": __import__('gi.repository.GLib', globals(), locals(), ['Variant']).Variant("t", 1)}), "cs", "/" Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90877 Origin: upstream, 0.113, commit:2c8738941be18ef05ce724df46547f41dbc02fb5 Gbp-Pq: Topic 0.113 Gbp-Pq: Name Fix-duplicate-GError-use-when-uid-is-missing.patch --- src/polkit/polkitsubject.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/polkit/polkitsubject.c b/src/polkit/polkitsubject.c index aed57951..78ec745a 100644 --- a/src/polkit/polkitsubject.c +++ b/src/polkit/polkitsubject.c @@ -424,7 +424,7 @@ polkit_subject_new_for_gvariant (GVariant *variant, start_time = g_variant_get_uint64 (v); g_variant_unref (v); - v = lookup_asv (details_gvariant, "uid", G_VARIANT_TYPE_INT32, error); + v = lookup_asv (details_gvariant, "uid", G_VARIANT_TYPE_INT32, NULL); if (v != NULL) { uid = g_variant_get_int32 (v); -- cgit v1.2.3 From 6fdd8f65b5e15e8dd982fb5676dc1038ef710ce1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Sat, 6 Jun 2015 01:07:08 +0200 Subject: Fix a crash when two authentication requests are in flight. To reproduce: 1. pkttyagent -p $$ # or another suitable PID 2. pkcheck -p $that_pid -a org.freedesktop.policykit.exec -u 3. pkcheck -p $that_pid -a org.freedesktop.policykit.exec -u 4. Then, in the pkttyagent prompt, press Enter. polkit_agent_text_listener_initiate_authentication was already setting an appropriate error code, so the g_assert was unnecessary. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90879 Origin: upstream, 0.113, commit:e2d2fafd106624ddfea4b17d3f40704b2031c00b Gbp-Pq: Topic 0.113 Gbp-Pq: Name Fix-a-crash-when-two-authentication-requests-are-in-.patch --- src/polkitagent/polkitagenttextlistener.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/src/polkitagent/polkitagenttextlistener.c b/src/polkitagent/polkitagenttextlistener.c index b5c8a3f3..e63c2853 100644 --- a/src/polkitagent/polkitagenttextlistener.c +++ b/src/polkitagent/polkitagenttextlistener.c @@ -546,12 +546,10 @@ polkit_agent_text_listener_initiate_authentication_finish (PolkitAgentListener GAsyncResult *res, GError **error) { - PolkitAgentTextListener *listener = POLKIT_AGENT_TEXT_LISTENER (_listener); gboolean ret; g_warn_if_fail (g_simple_async_result_get_source_tag (G_SIMPLE_ASYNC_RESULT (res)) == polkit_agent_text_listener_initiate_authentication); - g_assert (listener->active_session == NULL); ret = FALSE; -- cgit v1.2.3 From 2f5efe2f7566ca0477d317a483dd0abc134084f6 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Thu, 4 Jun 2015 12:15:18 -0400 Subject: CVE-2015-4625: Use unpredictable cookie values, keep them secret MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Tavis noted that it'd be possible with a 32 bit counter for someone to cause the cookie to wrap by creating Authentication requests in a loop. Something important to note here is that wrapping of signed integers is undefined behavior in C, so we definitely want to fix that. All counter integers used in this patch are unsigned. See the comment above `authentication_agent_generate_cookie` for details, but basically we're now using a cookie of the form: ``` - - - ``` Which has multiple 64 bit counters, plus unpredictable random 128 bit integer ids (effectively UUIDs, but we're not calling them that because we don't need to be globally unique. We further ensure that the cookies are not visible to other processes by changing the setuid helper to accept them over standard input. This means that an attacker would have to guess both ids. In any case, the security hole here is better fixed with the other change to bind user id (uid) of the agent with cookie lookups, making cookie guessing worthless. Nevertheless, I think it's worth doing this change too, for defense in depth. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90832 CVE: CVE-2015-4625 Reported-by: Tavis Ormandy Reviewed-by: Miloslav Trmač Signed-off-by: Colin Walters Origin: upstream, 0.113, commit:ea544ffc18405237ccd95d28d7f45afef49aca17 Bug-Debian: https://bugs.debian.org/796134 Gbp-Pq: Topic 0.113 Gbp-Pq: Name CVE-2015-4625-Use-unpredictable-cookie-values-keep-t.patch --- configure.ac | 2 +- src/polkitagent/polkitagenthelper-pam.c | 12 ++- src/polkitagent/polkitagenthelper-shadow.c | 12 ++- src/polkitagent/polkitagenthelperprivate.c | 33 ++++++++ src/polkitagent/polkitagenthelperprivate.h | 2 + src/polkitagent/polkitagentsession.c | 30 ++++--- .../polkitbackendinteractiveauthority.c | 99 +++++++++++++++++----- 7 files changed, 150 insertions(+), 40 deletions(-) diff --git a/configure.ac b/configure.ac index aa2760f9..388605d2 100644 --- a/configure.ac +++ b/configure.ac @@ -123,7 +123,7 @@ if test "x$GCC" = "xyes"; then changequote([,])dnl fi -PKG_CHECK_MODULES(GLIB, [gio-2.0 >= 2.28.0]) +PKG_CHECK_MODULES(GLIB, [gmodule-2.0 gio-unix-2.0 >= 2.30.0]) AC_SUBST(GLIB_CFLAGS) AC_SUBST(GLIB_LIBS) diff --git a/src/polkitagent/polkitagenthelper-pam.c b/src/polkitagent/polkitagenthelper-pam.c index 937386e8..19062aa8 100644 --- a/src/polkitagent/polkitagenthelper-pam.c +++ b/src/polkitagent/polkitagenthelper-pam.c @@ -65,7 +65,7 @@ main (int argc, char *argv[]) { int rc; const char *user_to_auth; - const char *cookie; + char *cookie = NULL; struct pam_conv pam_conversation; pam_handle_t *pam_h; const void *authed_user; @@ -97,7 +97,7 @@ main (int argc, char *argv[]) openlog ("polkit-agent-helper-1", LOG_CONS | LOG_PID, LOG_AUTHPRIV); /* check for correct invocation */ - if (argc != 3) + if (!(argc == 2 || argc == 3)) { syslog (LOG_NOTICE, "inappropriate use of helper, wrong number of arguments [uid=%d]", getuid ()); fprintf (stderr, "polkit-agent-helper-1: wrong number of arguments. This incident has been logged.\n"); @@ -105,7 +105,10 @@ main (int argc, char *argv[]) } user_to_auth = argv[1]; - cookie = argv[2]; + + cookie = read_cookie (argc, argv); + if (!cookie) + goto error; if (getuid () != 0) { @@ -203,6 +206,8 @@ main (int argc, char *argv[]) goto error; } + free (cookie); + #ifdef PAH_DEBUG fprintf (stderr, "polkit-agent-helper-1: successfully sent D-Bus message to PolicyKit daemon\n"); #endif /* PAH_DEBUG */ @@ -212,6 +217,7 @@ main (int argc, char *argv[]) return 0; error: + free (cookie); if (pam_h != NULL) pam_end (pam_h, rc); diff --git a/src/polkitagent/polkitagenthelper-shadow.c b/src/polkitagent/polkitagenthelper-shadow.c index a4f73acf..e8779154 100644 --- a/src/polkitagent/polkitagenthelper-shadow.c +++ b/src/polkitagent/polkitagenthelper-shadow.c @@ -46,7 +46,7 @@ main (int argc, char *argv[]) { struct spwd *shadow; const char *user_to_auth; - const char *cookie; + char *cookie = NULL; time_t now; /* clear the entire environment to avoid attacks with @@ -67,7 +67,7 @@ main (int argc, char *argv[]) openlog ("polkit-agent-helper-1", LOG_CONS | LOG_PID, LOG_AUTHPRIV); /* check for correct invocation */ - if (argc != 3) + if (!(argc == 2 || argc == 3)) { syslog (LOG_NOTICE, "inappropriate use of helper, wrong number of arguments [uid=%d]", getuid ()); fprintf (stderr, "polkit-agent-helper-1: wrong number of arguments. This incident has been logged.\n"); @@ -86,7 +86,10 @@ main (int argc, char *argv[]) } user_to_auth = argv[1]; - cookie = argv[2]; + + cookie = read_cookie (argc, argv); + if (!cookie) + goto error; #ifdef PAH_DEBUG fprintf (stderr, "polkit-agent-helper-1: user to auth is '%s'.\n", user_to_auth); @@ -153,6 +156,8 @@ main (int argc, char *argv[]) goto error; } + free (cookie); + #ifdef PAH_DEBUG fprintf (stderr, "polkit-agent-helper-1: successfully sent D-Bus message to PolicyKit daemon\n"); #endif /* PAH_DEBUG */ @@ -162,6 +167,7 @@ main (int argc, char *argv[]) return 0; error: + free (cookie); fprintf (stdout, "FAILURE\n"); flush_and_wait (); return 1; diff --git a/src/polkitagent/polkitagenthelperprivate.c b/src/polkitagent/polkitagenthelperprivate.c index 4417e70f..a99de7dd 100644 --- a/src/polkitagent/polkitagenthelperprivate.c +++ b/src/polkitagent/polkitagenthelperprivate.c @@ -23,6 +23,7 @@ #include "config.h" #include "polkitagenthelperprivate.h" #include +#include #include #include @@ -45,6 +46,38 @@ _polkit_clearenv (void) #endif +char * +read_cookie (int argc, char **argv) +{ + /* As part of CVE-2015-4625, we started passing the cookie + * on standard input, to ensure it's not visible to other + * processes. However, to ensure that things continue + * to work if the setuid binary is upgraded while old + * agents are still running (this will be common with + * package managers), we support both modes. + */ + if (argc == 3) + return strdup (argv[2]); + else + { + char *ret = NULL; + size_t n = 0; + ssize_t r = getline (&ret, &n, stdin); + if (r == -1) + { + if (!feof (stdin)) + perror ("getline"); + free (ret); + return NULL; + } + else + { + g_strchomp (ret); + return ret; + } + } +} + gboolean send_dbus_message (const char *cookie, const char *user) { diff --git a/src/polkitagent/polkitagenthelperprivate.h b/src/polkitagent/polkitagenthelperprivate.h index aeca2c74..547fdccf 100644 --- a/src/polkitagent/polkitagenthelperprivate.h +++ b/src/polkitagent/polkitagenthelperprivate.h @@ -38,6 +38,8 @@ int _polkit_clearenv (void); +char *read_cookie (int argc, char **argv); + gboolean send_dbus_message (const char *cookie, const char *user); void flush_and_wait (); diff --git a/src/polkitagent/polkitagentsession.c b/src/polkitagent/polkitagentsession.c index a658a229..6a3d6bc9 100644 --- a/src/polkitagent/polkitagentsession.c +++ b/src/polkitagent/polkitagentsession.c @@ -55,6 +55,7 @@ #include #include #include +#include #include #include "polkitagentmarshal.h" @@ -88,7 +89,7 @@ struct _PolkitAgentSession gchar *cookie; PolkitIdentity *identity; - int child_stdin; + GOutputStream *child_stdin; int child_stdout; GPid child_pid; @@ -129,7 +130,6 @@ G_DEFINE_TYPE (PolkitAgentSession, polkit_agent_session, G_TYPE_OBJECT); static void polkit_agent_session_init (PolkitAgentSession *session) { - session->child_stdin = -1; session->child_stdout = -1; } @@ -395,11 +395,7 @@ kill_helper (PolkitAgentSession *session) session->child_stdout = -1; } - if (session->child_stdin != -1) - { - g_warn_if_fail (close (session->child_stdin) == 0); - session->child_stdin = -1; - } + g_clear_object (&session->child_stdin); session->helper_is_running = FALSE; @@ -545,9 +541,9 @@ polkit_agent_session_response (PolkitAgentSession *session, add_newline = (response[response_len] != '\n'); - write (session->child_stdin, response, response_len); + (void) g_output_stream_write_all (session->child_stdin, response, response_len, NULL, NULL, NULL); if (add_newline) - write (session->child_stdin, newline, 1); + (void) g_output_stream_write_all (session->child_stdin, newline, 1, NULL, NULL, NULL); } /** @@ -567,8 +563,9 @@ polkit_agent_session_initiate (PolkitAgentSession *session) { uid_t uid; GError *error; - gchar *helper_argv[4]; + gchar *helper_argv[3]; struct passwd *passwd; + int stdin_fd = -1; g_return_if_fail (POLKIT_AGENT_IS_SESSION (session)); @@ -600,10 +597,8 @@ polkit_agent_session_initiate (PolkitAgentSession *session) helper_argv[0] = PACKAGE_LIBEXEC_DIR "/polkit-agent-helper-1"; helper_argv[1] = passwd->pw_name; - helper_argv[2] = session->cookie; - helper_argv[3] = NULL; + helper_argv[2] = NULL; - session->child_stdin = -1; session->child_stdout = -1; error = NULL; @@ -615,7 +610,7 @@ polkit_agent_session_initiate (PolkitAgentSession *session) NULL, NULL, &session->child_pid, - &session->child_stdin, + &stdin_fd, &session->child_stdout, NULL, &error)) @@ -628,6 +623,13 @@ polkit_agent_session_initiate (PolkitAgentSession *session) if (G_UNLIKELY (_show_debug ())) g_print ("PolkitAgentSession: spawned helper with pid %d\n", (gint) session->child_pid); + session->child_stdin = (GOutputStream*)g_unix_output_stream_new (stdin_fd, TRUE); + + /* Write the cookie on stdin so it can't be seen by other processes */ + (void) g_output_stream_write_all (session->child_stdin, session->cookie, strlen (session->cookie), + NULL, NULL, NULL); + (void) g_output_stream_write_all (session->child_stdin, "\n", 1, NULL, NULL, NULL); + session->child_stdout_channel = g_io_channel_unix_new (session->child_stdout); session->child_stdout_watch_source = g_io_create_watch (session->child_stdout_channel, G_IO_IN | G_IO_ERR | G_IO_HUP); diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c index 00ee0446..10eda2c7 100644 --- a/src/polkitbackend/polkitbackendinteractiveauthority.c +++ b/src/polkitbackend/polkitbackendinteractiveauthority.c @@ -212,6 +212,8 @@ typedef struct GDBusConnection *system_bus_connection; guint name_owner_changed_signal_id; + + guint64 agent_serial; } PolkitBackendInteractiveAuthorityPrivate; /* ---------------------------------------------------------------------------------------------------- */ @@ -430,11 +432,15 @@ struct AuthenticationAgent volatile gint ref_count; PolkitSubject *scope; + guint64 serial; gchar *locale; GVariant *registration_options; gchar *object_path; gchar *unique_system_bus_name; + GRand *cookie_pool; + gchar *cookie_prefix; + guint64 cookie_serial; GDBusProxy *proxy; @@ -1430,9 +1436,54 @@ authentication_session_cancelled_cb (GCancellable *cancellable, authentication_session_cancel (session); } +/* We're not calling this a UUID, but it's basically + * the same thing, just not formatted that way because: + * + * - I'm too lazy to do it + * - If we did, people might think it was actually + * generated from /dev/random, which we're not doing + * because this value doesn't actually need to be + * globally unique. + */ +static void +append_rand_u128_str (GString *buf, + GRand *pool) +{ + g_string_append_printf (buf, "%08x%08x%08x%08x", + g_rand_int (pool), + g_rand_int (pool), + g_rand_int (pool), + g_rand_int (pool)); +} + +/* A value that should be unique to the (AuthenticationAgent, AuthenticationSession) + * pair, and not guessable by other agents. + * + * - - - + * + * See http://lists.freedesktop.org/archives/polkit-devel/2015-June/000425.html + * + */ +static gchar * +authentication_agent_generate_cookie (AuthenticationAgent *agent) +{ + GString *buf = g_string_new (""); + + g_string_append (buf, agent->cookie_prefix); + + g_string_append_c (buf, '-'); + agent->cookie_serial++; + g_string_append_printf (buf, "%" G_GUINT64_FORMAT, + agent->cookie_serial); + g_string_append_c (buf, '-'); + append_rand_u128_str (buf, agent->cookie_pool); + + return g_string_free (buf, FALSE); +} + + static AuthenticationSession * authentication_session_new (AuthenticationAgent *agent, - const gchar *cookie, PolkitSubject *subject, PolkitIdentity *user_of_subject, PolkitSubject *caller, @@ -1449,7 +1500,7 @@ authentication_session_new (AuthenticationAgent *agent, session = g_new0 (AuthenticationSession, 1); session->agent = authentication_agent_ref (agent); - session->cookie = g_strdup (cookie); + session->cookie = authentication_agent_generate_cookie (agent); session->subject = g_object_ref (subject); session->user_of_subject = g_object_ref (user_of_subject); session->caller = g_object_ref (caller); @@ -1496,16 +1547,6 @@ authentication_session_free (AuthenticationSession *session) g_free (session); } -static gchar * -authentication_agent_new_cookie (AuthenticationAgent *agent) -{ - static gint counter = 0; - - /* TODO: use a more random-looking cookie */ - - return g_strdup_printf ("cookie%d", counter++); -} - static PolkitSubject * authentication_agent_get_scope (AuthenticationAgent *agent) { @@ -1553,12 +1594,15 @@ authentication_agent_unref (AuthenticationAgent *agent) g_free (agent->unique_system_bus_name); if (agent->registration_options != NULL) g_variant_unref (agent->registration_options); + g_rand_free (agent->cookie_pool); + g_free (agent->cookie_prefix); g_free (agent); } } static AuthenticationAgent * -authentication_agent_new (PolkitSubject *scope, +authentication_agent_new (guint64 serial, + PolkitSubject *scope, const gchar *unique_system_bus_name, const gchar *locale, const gchar *object_path, @@ -1592,6 +1636,7 @@ authentication_agent_new (PolkitSubject *scope, agent = g_new0 (AuthenticationAgent, 1); agent->ref_count = 1; + agent->serial = serial; agent->scope = g_object_ref (scope); agent->object_path = g_strdup (object_path); agent->unique_system_bus_name = g_strdup (unique_system_bus_name); @@ -1599,6 +1644,25 @@ authentication_agent_new (PolkitSubject *scope, agent->registration_options = registration_options != NULL ? g_variant_ref (registration_options) : NULL; agent->proxy = proxy; + { + GString *cookie_prefix = g_string_new (""); + GRand *agent_private_rand = g_rand_new (); + + g_string_append_printf (cookie_prefix, "%" G_GUINT64_FORMAT "-", agent->serial); + + /* Use a uniquely seeded PRNG to get a prefix cookie for this agent, + * whose sequence will not correlate with the per-authentication session + * cookies. + */ + append_rand_u128_str (cookie_prefix, agent_private_rand); + g_rand_free (agent_private_rand); + + agent->cookie_prefix = g_string_free (cookie_prefix, FALSE); + + /* And a newly seeded pool for per-session cookies */ + agent->cookie_pool = g_rand_new (); + } + return agent; } @@ -2083,7 +2147,6 @@ authentication_agent_initiate_challenge (AuthenticationAgent *agent, gpointer user_data) { AuthenticationSession *session; - gchar *cookie; GList *l; GList *identities; gchar *localized_message; @@ -2104,8 +2167,6 @@ authentication_agent_initiate_challenge (AuthenticationAgent *agent, &localized_icon_name, &localized_details); - cookie = authentication_agent_new_cookie (agent); - identities = NULL; /* select admin user if required by the implicit authorization */ @@ -2125,7 +2186,6 @@ authentication_agent_initiate_challenge (AuthenticationAgent *agent, } session = authentication_session_new (agent, - cookie, subject, user_of_subject, caller, @@ -2179,7 +2239,6 @@ authentication_agent_initiate_challenge (AuthenticationAgent *agent, g_list_foreach (identities, (GFunc) g_object_unref, NULL); g_list_free (identities); - g_free (cookie); g_free (localized_message); g_free (localized_icon_name); @@ -2326,7 +2385,9 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken goto out; } - agent = authentication_agent_new (subject, + priv->agent_serial++; + agent = authentication_agent_new (priv->agent_serial, + subject, polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (caller)), locale, object_path, -- cgit v1.2.3 From 273654c89864a1f8197f9ef7cede0a2788962236 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Wed, 17 Jun 2015 13:07:02 -0400 Subject: CVE-2015-4625: Bind use of cookies to specific uids MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit http://lists.freedesktop.org/archives/polkit-devel/2015-June/000425.html The "cookie" value that Polkit hands out is global to all polkit users. And when `AuthenticationAgentResponse` is invoked, we previously only received the cookie and *target* identity, and attempted to find an agent from that. The problem is that the current cookie is just an integer counter, and if it overflowed, it would be possible for an successful authorization in one session to trigger a response in another session. The overflow and ability to guess the cookie were fixed by the previous patch. This patch is conceptually further hardening on top of that. Polkit currently treats uids as equivalent from a security domain perspective; there is no support for SELinux/AppArmor/etc. differentiation. We can retrieve the uid from `getuid()` in the setuid helper, which allows us to ensure the uid invoking `AuthenticationAgentResponse2` matches that of the agent. Then the authority only looks at authentication sessions matching the cookie that were created by a matching uid, thus removing the ability for different uids to interfere with each other entirely. Several fixes to this patch were contributed by: Miloslav Trmač Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90837 CVE: CVE-2015-4625 Reported-by: Tavis Ormandy Reviewed-by: Miloslav Trmač Signed-off-by: Colin Walters Origin: upstream, 0.113, commit:493aa5dc1d278ab9097110c1262f5229bbaf1766 Bug-Debian: https://bugs.debian.org/796134 Gbp-Pq: Topic 0.113 Gbp-Pq: Name CVE-2015-4625-Bind-use-of-cookies-to-specific-uids.patch --- ....freedesktop.PolicyKit1.AuthenticationAgent.xml | 14 ++++- data/org.freedesktop.PolicyKit1.Authority.xml | 24 ++++++++- ...erface-org.freedesktop.PolicyKit1.Authority.xml | 46 +++++++++++++++- docs/polkit/overview.xml | 18 ++++--- src/polkit/polkitauthority.c | 13 ++++- src/polkitbackend/polkitbackendauthority.c | 61 +++++++++++++++++++++- src/polkitbackend/polkitbackendauthority.h | 2 + .../polkitbackendinteractiveauthority.c | 39 ++++++++++++-- 8 files changed, 198 insertions(+), 19 deletions(-) diff --git a/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml b/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml index 3b519c2f..5beef7d4 100644 --- a/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml +++ b/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml @@ -8,7 +8,19 @@ - + diff --git a/data/org.freedesktop.PolicyKit1.Authority.xml b/data/org.freedesktop.PolicyKit1.Authority.xml index fbfb9cdc..f9021ee2 100644 --- a/data/org.freedesktop.PolicyKit1.Authority.xml +++ b/data/org.freedesktop.PolicyKit1.Authority.xml @@ -313,7 +313,29 @@ - + + + + + + + + + + + + + + + + + + diff --git a/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml b/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml index 6525e250..e66bf534 100644 --- a/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml +++ b/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml @@ -42,6 +42,8 @@ Structure TemporaryAuth IN String object_path) AuthenticationAgentResponse (IN String cookie, IN Identity identity) +AuthenticationAgentResponse2 (IN uint32 uid, IN String cookie, + IN Identity identity) EnumerateTemporaryAuthorizations (IN Subject subject, OUT Array<TemporaryAuthorization> temporary_authorizations) RevokeTemporaryAuthorizations (IN Subject subject) @@ -777,9 +779,51 @@ AuthenticationAgentResponse (IN String cookie, IN Identity identity) -Method for authentication agents to invoke on successful authentication. This method will fail unless a sufficiently privileged caller invokes it. +Method for authentication agents to invoke on successful +authentication, intended only for use by a privileged helper process +internal to polkit. Deprecated in favor of AuthenticationAgentResponse2. + + + + IN String cookie: + + +The cookie identifying the authentication request that was passed to the authentication agent. + + + + + IN Identity identity: + + +A Identity struct describing what identity was authenticated. + + + + + + + AuthenticationAgentResponse2 () + +AuthenticationAgentResponse2 (IN uint32 uid, + IN String cookie, + IN Identity identity) + + +Method for authentication agents to invoke on successful +authentication, intended only for use by a privileged helper process +internal to polkit. Note this method was introduced in 0.114 to fix a security issue. + + IN uint32 uid: + + +The user id of the agent; normally this is the owner of the parent pid +of the process that invoked the internal setuid helper. + + + IN String cookie: diff --git a/docs/polkit/overview.xml b/docs/polkit/overview.xml index 24440d2e..c29d8da2 100644 --- a/docs/polkit/overview.xml +++ b/docs/polkit/overview.xml @@ -66,16 +66,18 @@ Authentication agents are provided by desktop environments. When an user session starts, the agent registers with the polkit - Authority using - the RegisterAuthenticationAgent() + Authority using the RegisterAuthenticationAgent() method. When services are needed, the authority will invoke - methods on - the org.freedesktop.PolicyKit1.AuthenticationAgent + methods on the org.freedesktop.PolicyKit1.AuthenticationAgent D-Bus interface. Once the user is authenticated, (a privileged - part of) the agent invokes - the AuthenticationAgentResponse() - method. Note that the polkit Authority itself does not care - how the agent authenticates the user. + part of) the agent invokes the AuthenticationAgentResponse() + method. This method should be treated as an internal + implementation detail, and callers should use the public shared + library API to invoke it, which currently uses a setuid helper + program. The libpolkit-agent-1 diff --git a/src/polkit/polkitauthority.c b/src/polkit/polkitauthority.c index 84dab72c..f45abc4a 100644 --- a/src/polkit/polkitauthority.c +++ b/src/polkit/polkitauthority.c @@ -1492,6 +1492,14 @@ polkit_authority_authentication_agent_response (PolkitAuthority *authority, gpointer user_data) { GVariant *identity_value; + /* Note that in reality, this API is only accessible to root, and + * only called from the setuid helper `polkit-agent-helper-1`. + * + * However, because this is currently public API, we avoid + * triggering warnings from ABI diff type programs by just grabbing + * the real uid of the caller here. + */ + uid_t uid = getuid (); g_return_if_fail (POLKIT_IS_AUTHORITY (authority)); g_return_if_fail (cookie != NULL); @@ -1501,8 +1509,9 @@ polkit_authority_authentication_agent_response (PolkitAuthority *authority, identity_value = polkit_identity_to_gvariant (identity); g_variant_ref_sink (identity_value); g_dbus_proxy_call (authority->proxy, - "AuthenticationAgentResponse", - g_variant_new ("(s@(sa{sv}))", + "AuthenticationAgentResponse2", + g_variant_new ("(us@(sa{sv}))", + (guint32)uid, cookie, identity_value), G_DBUS_CALL_FLAGS_NONE, diff --git a/src/polkitbackend/polkitbackendauthority.c b/src/polkitbackend/polkitbackendauthority.c index fd4f161c..d1b1a257 100644 --- a/src/polkitbackend/polkitbackendauthority.c +++ b/src/polkitbackend/polkitbackendauthority.c @@ -355,6 +355,7 @@ polkit_backend_authority_unregister_authentication_agent (PolkitBackendAuthority gboolean polkit_backend_authority_authentication_agent_response (PolkitBackendAuthority *authority, PolkitSubject *caller, + uid_t uid, const gchar *cookie, PolkitIdentity *identity, GError **error) @@ -373,7 +374,7 @@ polkit_backend_authority_authentication_agent_response (PolkitBackendAuthority } else { - return klass->authentication_agent_response (authority, caller, cookie, identity, error); + return klass->authentication_agent_response (authority, caller, uid, cookie, identity, error); } } @@ -587,6 +588,11 @@ static const gchar *server_introspection_data = " " " " " " + " " + " " + " " + " " + " " " " " " " " @@ -1035,6 +1041,57 @@ server_handle_authentication_agent_response (Server *server, error = NULL; if (!polkit_backend_authority_authentication_agent_response (server->authority, caller, + (uid_t)-1, + cookie, + identity, + &error)) + { + g_dbus_method_invocation_return_gerror (invocation, error); + g_error_free (error); + goto out; + } + + g_dbus_method_invocation_return_value (invocation, g_variant_new ("()")); + + out: + if (identity != NULL) + g_object_unref (identity); +} + +static void +server_handle_authentication_agent_response2 (Server *server, + GVariant *parameters, + PolkitSubject *caller, + GDBusMethodInvocation *invocation) +{ + const gchar *cookie; + GVariant *identity_gvariant; + PolkitIdentity *identity; + GError *error; + guint32 uid; + + identity = NULL; + + g_variant_get (parameters, + "(u&s@(sa{sv}))", + &uid, + &cookie, + &identity_gvariant); + + error = NULL; + identity = polkit_identity_new_for_gvariant (identity_gvariant, &error); + if (identity == NULL) + { + g_prefix_error (&error, "Error getting identity: "); + g_dbus_method_invocation_return_gerror (invocation, error); + g_error_free (error); + goto out; + } + + error = NULL; + if (!polkit_backend_authority_authentication_agent_response (server->authority, + caller, + (uid_t)uid, cookie, identity, &error)) @@ -1222,6 +1279,8 @@ server_handle_method_call (GDBusConnection *connection, server_handle_unregister_authentication_agent (server, parameters, caller, invocation); else if (g_strcmp0 (method_name, "AuthenticationAgentResponse") == 0) server_handle_authentication_agent_response (server, parameters, caller, invocation); + else if (g_strcmp0 (method_name, "AuthenticationAgentResponse2") == 0) + server_handle_authentication_agent_response2 (server, parameters, caller, invocation); else if (g_strcmp0 (method_name, "EnumerateTemporaryAuthorizations") == 0) server_handle_enumerate_temporary_authorizations (server, parameters, caller, invocation); else if (g_strcmp0 (method_name, "RevokeTemporaryAuthorizations") == 0) diff --git a/src/polkitbackend/polkitbackendauthority.h b/src/polkitbackend/polkitbackendauthority.h index a564054f..1c212e0d 100644 --- a/src/polkitbackend/polkitbackendauthority.h +++ b/src/polkitbackend/polkitbackendauthority.h @@ -154,6 +154,7 @@ struct _PolkitBackendAuthorityClass gboolean (*authentication_agent_response) (PolkitBackendAuthority *authority, PolkitSubject *caller, + uid_t uid, const gchar *cookie, PolkitIdentity *identity, GError **error); @@ -256,6 +257,7 @@ gboolean polkit_backend_authority_unregister_authentication_agent (PolkitBackend gboolean polkit_backend_authority_authentication_agent_response (PolkitBackendAuthority *authority, PolkitSubject *caller, + uid_t uid, const gchar *cookie, PolkitIdentity *identity, GError **error); diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c index 10eda2c7..5e29af2c 100644 --- a/src/polkitbackend/polkitbackendinteractiveauthority.c +++ b/src/polkitbackend/polkitbackendinteractiveauthority.c @@ -106,8 +106,9 @@ static AuthenticationAgent *get_authentication_agent_for_subject (PolkitBackendI PolkitSubject *subject); -static AuthenticationSession *get_authentication_session_for_cookie (PolkitBackendInteractiveAuthority *authority, - const gchar *cookie); +static AuthenticationSession *get_authentication_session_for_uid_and_cookie (PolkitBackendInteractiveAuthority *authority, + uid_t uid, + const gchar *cookie); static GList *get_authentication_sessions_initiated_by_system_bus_unique_name (PolkitBackendInteractiveAuthority *authority, const gchar *system_bus_unique_name); @@ -167,6 +168,7 @@ static gboolean polkit_backend_interactive_authority_unregister_authentication_a static gboolean polkit_backend_interactive_authority_authentication_agent_response (PolkitBackendAuthority *authority, PolkitSubject *caller, + uid_t uid, const gchar *cookie, PolkitIdentity *identity, GError **error); @@ -431,6 +433,7 @@ struct AuthenticationAgent { volatile gint ref_count; + uid_t creator_uid; PolkitSubject *scope; guint64 serial; @@ -1603,6 +1606,7 @@ authentication_agent_unref (AuthenticationAgent *agent) static AuthenticationAgent * authentication_agent_new (guint64 serial, PolkitSubject *scope, + PolkitIdentity *creator, const gchar *unique_system_bus_name, const gchar *locale, const gchar *object_path, @@ -1611,6 +1615,10 @@ authentication_agent_new (guint64 serial, { AuthenticationAgent *agent; GDBusProxy *proxy; + PolkitUnixUser *creator_user; + + g_assert (POLKIT_IS_UNIX_USER (creator)); + creator_user = POLKIT_UNIX_USER (creator); if (!g_variant_is_object_path (object_path)) { @@ -1638,6 +1646,7 @@ authentication_agent_new (guint64 serial, agent->ref_count = 1; agent->serial = serial; agent->scope = g_object_ref (scope); + agent->creator_uid = (uid_t)polkit_unix_user_get_uid (creator_user); agent->object_path = g_strdup (object_path); agent->unique_system_bus_name = g_strdup (unique_system_bus_name); agent->locale = g_strdup (locale); @@ -1736,8 +1745,9 @@ get_authentication_agent_for_subject (PolkitBackendInteractiveAuthority *authori } static AuthenticationSession * -get_authentication_session_for_cookie (PolkitBackendInteractiveAuthority *authority, - const gchar *cookie) +get_authentication_session_for_uid_and_cookie (PolkitBackendInteractiveAuthority *authority, + uid_t uid, + const gchar *cookie) { PolkitBackendInteractiveAuthorityPrivate *priv; GHashTableIter hash_iter; @@ -1755,6 +1765,23 @@ get_authentication_session_for_cookie (PolkitBackendInteractiveAuthority *author { GList *l; + /* We need to ensure that if somehow we have duplicate cookies + * due to wrapping, that the cookie used is matched to the user + * who called AuthenticationAgentResponse2. See + * http://lists.freedesktop.org/archives/polkit-devel/2015-June/000425.html + * + * Except if the legacy AuthenticationAgentResponse is invoked, + * we don't know the uid and hence use -1. Continue to support + * the old behavior for backwards compatibility, although everyone + * who is using our own setuid helper will automatically be updated + * to the new API. + */ + if (uid != (uid_t)-1) + { + if (agent->creator_uid != uid) + continue; + } + for (l = agent->active_sessions; l != NULL; l = l->next) { AuthenticationSession *session = l->data; @@ -2388,6 +2415,7 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken priv->agent_serial++; agent = authentication_agent_new (priv->agent_serial, subject, + user_of_caller, polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (caller)), locale, object_path, @@ -2601,6 +2629,7 @@ polkit_backend_interactive_authority_unregister_authentication_agent (PolkitBack static gboolean polkit_backend_interactive_authority_authentication_agent_response (PolkitBackendAuthority *authority, PolkitSubject *caller, + uid_t uid, const gchar *cookie, PolkitIdentity *identity, GError **error) @@ -2643,7 +2672,7 @@ polkit_backend_interactive_authority_authentication_agent_response (PolkitBacken } /* find the authentication session */ - session = get_authentication_session_for_cookie (interactive_authority, cookie); + session = get_authentication_session_for_uid_and_cookie (interactive_authority, uid, cookie); if (session == NULL) { g_set_error (error, -- cgit v1.2.3 From 10ec12a72a56dd902bfb4c8fdefbcff6f73a323b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Wed, 17 Jun 2015 01:01:27 +0200 Subject: docs: Update for changes to uid binding/AuthenticationAgentResponse2 - Refer to PolkitAgentSession in general instead of to _response only - Revert to the original description of authentication cancellation, the agent really needs to return an error to the caller (in addition to dealing with the session if any). - Explicitly document the UID assumption; in the process fixing bug #69980. - Keep documenting that we need a sufficiently privileged caller. - Refer to the ...Response2 API in more places. - Also update docbook documentation. - Drop a paragraph suggesting non-PolkitAgentSession implementations are expected and commonplace. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90837 Reviewed-by: Colin Walters Origin: upstream, 0.113, commit:fb5076b7c05d01a532d593a4079a29cf2d63a228 Bug-Debian: https://bugs.debian.org/796134 Gbp-Pq: Topic 0.113 Gbp-Pq: Name docs-Update-for-changes-to-uid-binding-Authenticatio.patch --- ....freedesktop.PolicyKit1.AuthenticationAgent.xml | 6 +++--- data/org.freedesktop.PolicyKit1.Authority.xml | 11 ++++++---- ....freedesktop.PolicyKit1.AuthenticationAgent.xml | 7 +++++-- ...erface-org.freedesktop.PolicyKit1.Authority.xml | 12 +++++++---- docs/polkit/overview.xml | 8 ++++---- src/polkit/polkitauthority.c | 24 ++++++++++++++++++++-- src/polkitagent/polkitagentlistener.c | 5 +---- src/polkitbackend/polkitbackendauthority.c | 1 + 8 files changed, 51 insertions(+), 23 deletions(-) diff --git a/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml b/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml index 5beef7d4..482332f6 100644 --- a/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml +++ b/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml @@ -13,14 +13,14 @@ user to authenticate as one of the identities in @identities for the action with the identifier @action_id.This authentication is normally achieved via the - polkit_agent_session_response() API, which invokes a private + PolkitAgentSession API, which invokes a private setuid helper process to verify the authentication. When successful, it calls the org.freedesktop.PolicyKit1.Authority.AuthenticationAgentResponse2() method on the #org.freedesktop.PolicyKit1.Authority interface of the PolicyKit daemon before returning. If the user dismisses the - authentication dialog, the authentication agent should call - polkit_agent_session_cancel()."/> + authentication dialog, the authentication agent should return an + error."/> diff --git a/data/org.freedesktop.PolicyKit1.Authority.xml b/data/org.freedesktop.PolicyKit1.Authority.xml index f9021ee2..88da3c05 100644 --- a/data/org.freedesktop.PolicyKit1.Authority.xml +++ b/data/org.freedesktop.PolicyKit1.Authority.xml @@ -283,7 +283,7 @@ - + @@ -315,7 +315,8 @@ +internal to polkit. This method will fail unless a sufficiently privileged +caller invokes it. Deprecated in favor of org.freedesktop.PolicyKit1.Authority.AuthenticationAgentResponse2."/> @@ -330,11 +331,13 @@ internal to polkit."/> - + diff --git a/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.AuthenticationAgent.xml b/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.AuthenticationAgent.xml index ec596268..ab27b2f6 100644 --- a/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.AuthenticationAgent.xml +++ b/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.AuthenticationAgent.xml @@ -47,10 +47,13 @@ BeginAuthentication (IN String action_id, identifier action_id.Upon succesful authentication, the authentication agent must invoke the AuthenticationAgentResponse() + linkend="eggdbus-method-org.freedesktop.PolicyKit1.Authority.AuthenticationAgentResponse2">AuthenticationAgentResponse2() method on the org.freedesktop.PolicyKit1.Authority - interface of the PolicyKit daemon before returning. + interface of the PolicyKit daemon before returning. This is normally + achieved via the PolkitAgentSession + API, which invokes a private setuid helper process to verify the + authentication. The authentication agent should not return until after authentication is complete. diff --git a/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml b/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml index e66bf534..f2eed639 100644 --- a/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml +++ b/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml @@ -42,7 +42,7 @@ Structure TemporaryAuth IN String object_path) AuthenticationAgentResponse (IN String cookie, IN Identity identity) -AuthenticationAgentResponse2 (IN uint32 uid, IN String cookie, +AuthenticationAgentResponse2 (IN uint32 uid, IN String cookie, IN Identity identity) EnumerateTemporaryAuthorizations (IN Subject subject, OUT Array<TemporaryAuthorization> temporary_authorizations) @@ -701,7 +701,7 @@ RegisterAuthenticationAgent (IN Subject< IN String object_path) -Register an authentication agent.Note that current versions of PolicyKit will only work if session_id is set to the empty string. In the future it might work for non-empty strings if the caller is sufficiently privileged. +Register an authentication agent.Note that this should be called by same effective UID which will be passed to AuthenticationAgentResponse2(). @@ -781,7 +781,8 @@ AuthenticationAgentResponse (IN String cookie, Method for authentication agents to invoke on successful authentication, intended only for use by a privileged helper process -internal to polkit. Deprecated in favor of AuthenticationAgentResponse2. +internal to polkit. This method will fail unless a sufficiently privileged ++caller invokes it. Deprecated in favor of AuthenticationAgentResponse2(). @@ -812,7 +813,10 @@ AuthenticationAgentResponse2 (IN uint32 uid, Method for authentication agents to invoke on successful authentication, intended only for use by a privileged helper process -internal to polkit. Note this method was introduced in 0.114 to fix a security issue. +internal to polkit. This method will fail unless a sufficiently privileged +caller invokes it. Note this method was introduced in 0.114 and should be +preferred over AuthenticationAgentResponse() +as it fixes a security issue. diff --git a/docs/polkit/overview.xml b/docs/polkit/overview.xml index c29d8da2..8ddb34cc 100644 --- a/docs/polkit/overview.xml +++ b/docs/polkit/overview.xml @@ -73,11 +73,11 @@ linkend="eggdbus-interface-org.freedesktop.PolicyKit1.AuthenticationAgent">org.freedesktop.PolicyKit1.AuthenticationAgent D-Bus interface. Once the user is authenticated, (a privileged part of) the agent invokes the AuthenticationAgentResponse() + linkend="eggdbus-method-org.freedesktop.PolicyKit1.Authority.AuthenticationAgentResponse2">AuthenticationAgentResponse2() method. This method should be treated as an internal - implementation detail, and callers should use the public shared - library API to invoke it, which currently uses a setuid helper - program. + implementation detail, and callers should use the + PolkitAgentSession API to invoke + it, which currently uses a setuid helper program. The libpolkit-agent-1 diff --git a/src/polkit/polkitauthority.c b/src/polkit/polkitauthority.c index f45abc4a..4e882e64 100644 --- a/src/polkit/polkitauthority.c +++ b/src/polkit/polkitauthority.c @@ -1038,6 +1038,10 @@ polkit_authority_check_authorization_sync (PolkitAuthority *author * * Asynchronously registers an authentication agent. * + * Note that this should be called by the same effective UID which will be + * the real UID using the #PolkitAgentSession API or otherwise calling + * polkit_authority_authentication_agent_response(). + * * When the operation is finished, @callback will be invoked in the * thread-default * main loop of the thread you are calling this method @@ -1129,7 +1133,13 @@ polkit_authority_register_authentication_agent_finish (PolkitAuthority *authorit * @cancellable: (allow-none): A #GCancellable or %NULL. * @error: (allow-none): Return location for error or %NULL. * - * Registers an authentication agent. The calling thread is blocked + * Registers an authentication agent. + * + * Note that this should be called by the same effective UID which will be + * the real UID using the #PolkitAgentSession API or otherwise calling + * polkit_authority_authentication_agent_response(). + * + * The calling thread is blocked * until a reply is received. See * polkit_authority_register_authentication_agent() for the * asynchronous version. @@ -1178,6 +1188,10 @@ polkit_authority_register_authentication_agent_sync (PolkitAuthority *author * * Asynchronously registers an authentication agent. * + * Note that this should be called by the same effective UID which will be + * the real UID using the #PolkitAgentSession API or otherwise calling + * polkit_authority_authentication_agent_response(). + * * When the operation is finished, @callback will be invoked in the * thread-default * main loop of the thread you are calling this method @@ -1292,7 +1306,13 @@ polkit_authority_register_authentication_agent_with_options_finish (PolkitAuthor * @cancellable: (allow-none): A #GCancellable or %NULL. * @error: (allow-none): Return location for error or %NULL. * - * Registers an authentication agent. The calling thread is blocked + * Registers an authentication agent. + * + * Note that this should be called by the same effective UID which will be + * the real UID using the #PolkitAgentSession API or otherwise calling + * polkit_authority_authentication_agent_response(). + * + * The calling thread is blocked * until a reply is received. See * polkit_authority_register_authentication_agent_with_options() for the * asynchronous version. diff --git a/src/polkitagent/polkitagentlistener.c b/src/polkitagent/polkitagentlistener.c index 5bddd035..2bfda2d5 100644 --- a/src/polkitagent/polkitagentlistener.c +++ b/src/polkitagent/polkitagentlistener.c @@ -37,10 +37,7 @@ * * Typically authentication agents use #PolkitAgentSession to * authenticate users (via passwords) and communicate back the - * authentication result to the PolicyKit daemon. This is however not - * requirement. Depending on the system an authentication agent may - * use other means (such as a Yes/No dialog) to obtain sufficient - * evidence that the user is one of the requested identities. + * authentication result to the PolicyKit daemon. * * To register a #PolkitAgentListener with the PolicyKit daemon, use * polkit_agent_listener_register() or diff --git a/src/polkitbackend/polkitbackendauthority.c b/src/polkitbackend/polkitbackendauthority.c index d1b1a257..10b8af34 100644 --- a/src/polkitbackend/polkitbackendauthority.c +++ b/src/polkitbackend/polkitbackendauthority.c @@ -343,6 +343,7 @@ polkit_backend_authority_unregister_authentication_agent (PolkitBackendAuthority * polkit_backend_authority_authentication_agent_response: * @authority: A #PolkitBackendAuthority. * @caller: The system bus name that initiated the query. + * @uid: The real UID of the registered agent, or (uid_t)-1 if unknown. * @cookie: The cookie passed to the authentication agent from the authority. * @identity: The identity that was authenticated. * @error: Return location for error or %NULL. -- cgit v1.2.3 From 6f919bc26095968e1378418a382cb53e79efa946 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Tue, 1 Jul 2014 20:00:48 +0200 Subject: Fix a per-authorization memory leak We were leaking PolkitAuthorizationResult on every request, primarily on the success path, but also on various error paths as well. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=69501 Origin: upstream, 0.113, commit:0f5852a4bdabe377ddcdbed09a0c1f95710e17fe Gbp-Pq: Topic 0.113 Gbp-Pq: Name Fix-a-per-authorization-memory-leak.patch --- src/polkitbackend/polkitbackendauthority.c | 1 + src/polkitbackend/polkitbackendinteractiveauthority.c | 5 ++++- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/src/polkitbackend/polkitbackendauthority.c b/src/polkitbackend/polkitbackendauthority.c index 10b8af34..39eb5b9d 100644 --- a/src/polkitbackend/polkitbackendauthority.c +++ b/src/polkitbackend/polkitbackendauthority.c @@ -714,6 +714,7 @@ check_auth_cb (GObject *source_object, g_variant_ref_sink (value); g_dbus_method_invocation_return_value (data->invocation, g_variant_new ("(@(bba{ss}))", value)); g_variant_unref (value); + g_object_unref (result); } check_auth_data_free (data); diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c index 5e29af2c..73d0a0e2 100644 --- a/src/polkitbackend/polkitbackendinteractiveauthority.c +++ b/src/polkitbackend/polkitbackendinteractiveauthority.c @@ -1015,7 +1015,7 @@ polkit_backend_interactive_authority_check_authorization (PolkitBackendAuthority /* Otherwise just return the result */ g_simple_async_result_set_op_res_gpointer (simple, - result, + g_object_ref (result), g_object_unref); g_simple_async_result_complete (simple); g_object_unref (simple); @@ -1032,6 +1032,9 @@ polkit_backend_interactive_authority_check_authorization (PolkitBackendAuthority g_free (subject_str); g_free (user_of_caller_str); g_free (user_of_subject_str); + + if (result != NULL) + g_object_unref (result); } /* ---------------------------------------------------------------------------------------------------- */ -- cgit v1.2.3 From 24466b136cd744fb9a6905f1086eb3879c7b361e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Tue, 1 Jul 2014 20:00:48 +0200 Subject: Fix a memory leak when registering an authentication agent Bug: https://bugs.freedesktop.org/show_bug.cgi?id=69501 Origin: upstream, 0.113, commit:ec039f9d7ede5b839f5511e26d5cd6ae9107cb2e Gbp-Pq: Topic 0.113 Gbp-Pq: Name Fix-a-memory-leak-when-registering-an-authentication.patch --- src/polkitbackend/polkitbackendauthority.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/polkitbackend/polkitbackendauthority.c b/src/polkitbackend/polkitbackendauthority.c index 39eb5b9d..afe5b90c 100644 --- a/src/polkitbackend/polkitbackendauthority.c +++ b/src/polkitbackend/polkitbackendauthority.c @@ -900,6 +900,7 @@ server_handle_register_authentication_agent (Server *server, g_dbus_method_invocation_return_value (invocation, g_variant_new ("()")); out: + g_variant_unref (subject_gvariant); if (subject != NULL) g_object_unref (subject); } -- cgit v1.2.3 From 112b5f726168082d053abeaa6c3b23482e22b276 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Wed, 1 Apr 2015 05:22:37 +0200 Subject: CVE-2015-3255 Fix GHashTable usage. Don't assume that the hash table with free both the key and the value at the same time, supply proper deallocation functions for the key and value separately. Then drop ParsedAction::action_id which is no longer used for anything. https://bugs.freedesktop.org/show_bug.cgi?id=69501 and https://bugs.freedesktop.org/show_bug.cgi?id=83590 CVE: CVE-2015-3255 Origin: upstream, 0.113, commit:9f5e0c731784003bd4d6fc75ab739ff8b2ea269f Bug-Debian: https://bugs.debian.org/796134 Gbp-Pq: Topic 0.113 Gbp-Pq: Name CVE-2015-3255-Fix-GHashTable-usage.patch --- src/polkitbackend/polkitbackendactionpool.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/src/polkitbackend/polkitbackendactionpool.c b/src/polkitbackend/polkitbackendactionpool.c index 0af00109..b16ed2f9 100644 --- a/src/polkitbackend/polkitbackendactionpool.c +++ b/src/polkitbackend/polkitbackendactionpool.c @@ -40,7 +40,6 @@ typedef struct { - gchar *action_id; gchar *vendor_name; gchar *vendor_url; gchar *icon_name; @@ -62,7 +61,6 @@ typedef struct static void parsed_action_free (ParsedAction *action) { - g_free (action->action_id); g_free (action->vendor_name); g_free (action->vendor_url); g_free (action->icon_name); @@ -134,7 +132,7 @@ polkit_backend_action_pool_init (PolkitBackendActionPool *pool) priv->parsed_actions = g_hash_table_new_full (g_str_hash, g_str_equal, - NULL, + g_free, (GDestroyNotify) parsed_action_free); priv->parsed_files = g_hash_table_new_full (g_str_hash, @@ -988,7 +986,6 @@ _end (void *data, const char *el) icon_name = pd->global_icon_name; action = g_new0 (ParsedAction, 1); - action->action_id = g_strdup (pd->action_id); action->vendor_name = g_strdup (vendor); action->vendor_url = g_strdup (vendor_url); action->icon_name = g_strdup (icon_name); @@ -1003,7 +1000,8 @@ _end (void *data, const char *el) action->implicit_authorization_inactive = pd->implicit_authorization_inactive; action->implicit_authorization_active = pd->implicit_authorization_active; - g_hash_table_insert (priv->parsed_actions, action->action_id, action); + g_hash_table_insert (priv->parsed_actions, g_strdup (pd->action_id), + action); /* we steal these hash tables */ pd->annotations = NULL; -- cgit v1.2.3 From 0acc7cdc2f8df703c97788c140c82f81f3f505c5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Tue, 14 Apr 2015 22:27:41 +0200 Subject: Fix use-after-free in polkitagentsession.c PolkitAgentTextListener's "completed" handler drops the last reference to the session; in fact this is explicitly recommended in the signal's documentation. So we must not access any members of session after emitting the signal. Found while dealing with https://bugs.freedesktop.org/show_bug.cgi?id=69501 Origin: upstream, 0.113, commit:efb6cd56a423ba15bb1f44ee3c4987aad5a5fd45 Gbp-Pq: Topic 0.113 Gbp-Pq: Name Fix-use-after-free-in-polkitagentsession.c.patch --- src/polkitagent/polkitagentsession.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/polkitagent/polkitagentsession.c b/src/polkitagent/polkitagentsession.c index 6a3d6bc9..46fbaf06 100644 --- a/src/polkitagent/polkitagentsession.c +++ b/src/polkitagent/polkitagentsession.c @@ -412,8 +412,9 @@ complete_session (PolkitAgentSession *session, { if (G_UNLIKELY (_show_debug ())) g_print ("PolkitAgentSession: emitting ::completed(%s)\n", result ? "TRUE" : "FALSE"); - g_signal_emit_by_name (session, "completed", result); session->have_emitted_completed = TRUE; + /* Note that the signal handler may drop the last reference to session. */ + g_signal_emit_by_name (session, "completed", result); } } -- cgit v1.2.3 From 884a4ae742b9466db94a951030b0ca70a61a7406 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Thu, 4 Jun 2015 08:41:36 -0400 Subject: README: Note to send security reports via DBus's mechanism This avoids duplicating effort. Origin: upstream, 0.113, commit:ccec766c509d16dab417582e94f43d906cefd4ae Gbp-Pq: Topic 0.113 Gbp-Pq: Name README-Note-to-send-security-reports-via-DBus-s-mech.patch --- README | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/README b/README index b0751627..07230029 100644 --- a/README +++ b/README @@ -22,6 +22,22 @@ To verify the authenticity of the compressed tarball, use this command BUGS and DEVELOPMENT ==================== -Please report bugs via the freedesktop.org bugzilla at +Please report non-security bugs via the freedesktop.org bugzilla at https://bugs.freedesktop.org/enter_bug.cgi?product=PolicyKit + +SECURITY ISSUES +=============== + +polkit uses the same mechanism for reporting security issues as dbus, +the most recent copy of instructions can be found in the DBus git +repository: + +http://cgit.freedesktop.org/dbus/dbus/tree/HACKING + +A copy of the instructions as of 2015-06-04: + +If you find a security vulnerability that is not known to the public, +please report it privately to dbus-security@lists.freedesktop.org +or by reporting a freedesktop.org bug that is marked as +restricted to the "D-BUS security group". -- cgit v1.2.3 From 1c7b73db2b3150829dbc257da9421878ffdb11f3 Mon Sep 17 00:00:00 2001 From: Dariusz Gadomski Date: Tue, 10 Nov 2015 10:52:02 +0100 Subject: Fix multi-line pam text info. There are pam modules (e.g. pam_vas) that may attempt to display multi-line PAM_TEXT_INFO messages. Polkit was interpreting the lines after the first one as a separate message that was not recognized causing the authorization to fail. Escaping these strings and unescaping them fixes the issue. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=92886 Origin: upstream, 0.114, commit:10597322eccc320f9053821750ae9af51e918d74 Gbp-Pq: Topic 0.114 Gbp-Pq: Name Fix-multi-line-pam-text-info.patch --- src/polkitagent/polkitagenthelper-pam.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/src/polkitagent/polkitagenthelper-pam.c b/src/polkitagent/polkitagenthelper-pam.c index 19062aa8..063d656d 100644 --- a/src/polkitagent/polkitagenthelper-pam.c +++ b/src/polkitagent/polkitagenthelper-pam.c @@ -302,10 +302,15 @@ conversation_function (int n, const struct pam_message **msg, struct pam_respons case PAM_TEXT_INFO: fprintf (stdout, "PAM_TEXT_INFO "); conv2: - fputs (msg[i]->msg, stdout); - if (strlen (msg[i]->msg) > 0 && - msg[i]->msg[strlen (msg[i]->msg) - 1] != '\n') - fputc ('\n', stdout); + tmp = g_strdup (msg[i]->msg); + len = strlen (tmp); + if (len > 0 && tmp[len - 1] == '\n') + tmp[len - 1] = '\0'; + escaped = g_strescape (tmp, NULL); + g_free (tmp); + fputs (escaped, stdout); + g_free (escaped); + fputc ('\n', stdout); fflush (stdout); break; -- cgit v1.2.3 From 2bde30540281da687bf670c03d0636c213cd309c Mon Sep 17 00:00:00 2001 From: Dariusz Gadomski Date: Thu, 12 Nov 2015 15:01:19 +0100 Subject: Refactor send_to_helper usage There were duplicated pieces of code detecting EOLs and escaping the code. Those actions has been delegated to already-existing send_to_helper function. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=92886 Origin: upstream, 0.114, commit:2690cd0312b310946c86674c8dd1f55c63f7dd6a Gbp-Pq: Topic 0.114 Gbp-Pq: Name Refactor-send_to_helper-usage.patch --- src/polkitagent/polkitagenthelper-pam.c | 81 +++++++++++---------------------- 1 file changed, 26 insertions(+), 55 deletions(-) diff --git a/src/polkitagent/polkitagenthelper-pam.c b/src/polkitagent/polkitagenthelper-pam.c index 063d656d..3ea3a3f2 100644 --- a/src/polkitagent/polkitagenthelper-pam.c +++ b/src/polkitagent/polkitagenthelper-pam.c @@ -39,25 +39,35 @@ static void send_to_helper (const gchar *str1, const gchar *str2) { + char *escaped; + char *tmp2; + size_t len2; + + tmp2 = g_strdup(str2); + len2 = strlen(tmp2); #ifdef PAH_DEBUG - fprintf (stderr, "polkit-agent-helper-1: writing `%s' to stdout\n", str1); + fprintf (stderr, "polkit-agent-helper-1: writing `%s ' to stdout\n", str1); #endif /* PAH_DEBUG */ - fprintf (stdout, "%s", str1); + fprintf (stdout, "%s ", str1); + + if (len2 > 0 && tmp2[len2 - 1] == '\n') + tmp2[len2 - 1] = '\0'; + escaped = g_strescape (tmp2, NULL); #ifdef PAH_DEBUG - fprintf (stderr, "polkit-agent-helper-1: writing `%s' to stdout\n", str2); + fprintf (stderr, "polkit-agent-helper-1: writing `%s' to stdout\n", escaped); #endif /* PAH_DEBUG */ - fprintf (stdout, "%s", str2); - if (strlen (str2) > 0 && str2[strlen (str2) - 1] != '\n') - { + fprintf (stdout, "%s", escaped); #ifdef PAH_DEBUG - fprintf (stderr, "polkit-agent-helper-1: writing newline to stdout\n"); + fprintf (stderr, "polkit-agent-helper-1: writing newline to stdout\n"); #endif /* PAH_DEBUG */ - fputc ('\n', stdout); - } + fputc ('\n', stdout); #ifdef PAH_DEBUG fprintf (stderr, "polkit-agent-helper-1: flushing stdout\n"); #endif /* PAH_DEBUG */ fflush (stdout); + + g_free (escaped); + g_free (tmp2); } int @@ -89,7 +99,7 @@ main (int argc, char *argv[]) /* Special-case a very common error triggered in jhbuild setups */ s = g_strdup_printf ("Incorrect permissions on %s (needs to be setuid root)", argv[0]); - send_to_helper ("PAM_ERROR_MSG ", s); + send_to_helper ("PAM_ERROR_MSG", s); g_free (s); goto error; } @@ -232,9 +242,6 @@ conversation_function (int n, const struct pam_message **msg, struct pam_respons struct pam_response *aresp; char buf[PAM_MAX_RESP_SIZE]; int i; - gchar *escaped = NULL; - gchar *tmp = NULL; - size_t len; (void)data; if (n <= 0 || n > PAM_MAX_NUM_MSG) @@ -251,38 +258,13 @@ conversation_function (int n, const struct pam_message **msg, struct pam_respons { case PAM_PROMPT_ECHO_OFF: -#ifdef PAH_DEBUG - fprintf (stderr, "polkit-agent-helper-1: writing `PAM_PROMPT_ECHO_OFF ' to stdout\n"); -#endif /* PAH_DEBUG */ - fprintf (stdout, "PAM_PROMPT_ECHO_OFF "); + send_to_helper ("PAM_PROMPT_ECHO_OFF", msg[i]->msg); goto conv1; case PAM_PROMPT_ECHO_ON: -#ifdef PAH_DEBUG - fprintf (stderr, "polkit-agent-helper-1: writing `PAM_PROMPT_ECHO_ON ' to stdout\n"); -#endif /* PAH_DEBUG */ - fprintf (stdout, "PAM_PROMPT_ECHO_ON "); - conv1: -#ifdef PAH_DEBUG - fprintf (stderr, "polkit-agent-helper-1: writing `%s' to stdout\n", msg[i]->msg); -#endif /* PAH_DEBUG */ - tmp = g_strdup (msg[i]->msg); - len = strlen (tmp); - if (len > 0 && tmp[len - 1] == '\n') - tmp[len - 1] = '\0'; - escaped = g_strescape (tmp, NULL); - g_free (tmp); - fputs (escaped, stdout); - g_free (escaped); -#ifdef PAH_DEBUG - fprintf (stderr, "polkit-agent-helper-1: writing newline to stdout\n"); -#endif /* PAH_DEBUG */ - fputc ('\n', stdout); -#ifdef PAH_DEBUG - fprintf (stderr, "polkit-agent-helper-1: flushing stdout\n"); -#endif /* PAH_DEBUG */ - fflush (stdout); + send_to_helper ("PAM_PROMPT_ECHO_ON", msg[i]->msg); + conv1: if (fgets (buf, sizeof buf, stdin) == NULL) goto error; @@ -296,22 +278,11 @@ conversation_function (int n, const struct pam_message **msg, struct pam_respons break; case PAM_ERROR_MSG: - fprintf (stdout, "PAM_ERROR_MSG "); - goto conv2; + send_to_helper ("PAM_ERROR_MSG", msg[i]->msg); + break; case PAM_TEXT_INFO: - fprintf (stdout, "PAM_TEXT_INFO "); - conv2: - tmp = g_strdup (msg[i]->msg); - len = strlen (tmp); - if (len > 0 && tmp[len - 1] == '\n') - tmp[len - 1] = '\0'; - escaped = g_strescape (tmp, NULL); - g_free (tmp); - fputs (escaped, stdout); - g_free (escaped); - fputc ('\n', stdout); - fflush (stdout); + send_to_helper ("PAM_TEXT_INFO", msg[i]->msg); break; default: -- cgit v1.2.3 From 1c3e8350c8be4a95fa07930b1841877f72d36f6b Mon Sep 17 00:00:00 2001 From: Matthias Clasen Date: Fri, 15 Jul 2016 11:12:35 -0400 Subject: Add gettext support for .policy files gettext can extract strings from and merge them back into xml file formats, with the help of .its files. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=96940 Origin: upstream, 0.114, commit:c78819245ff8a270f97c9f800773e727918be838 Gbp-Pq: Topic 0.114 Gbp-Pq: Name Add-gettext-support-for-.policy-files.patch --- data/Makefile.am | 5 +++++ data/polkit.its | 7 +++++++ data/polkit.loc | 6 ++++++ 3 files changed, 18 insertions(+) create mode 100644 data/polkit.its create mode 100644 data/polkit.loc diff --git a/data/Makefile.am b/data/Makefile.am index f0beeba4..e1a60aad 100644 --- a/data/Makefile.am +++ b/data/Makefile.am @@ -20,6 +20,11 @@ endif pkgconfigdir = $(libdir)/pkgconfig pkgconfig_DATA = polkit-gobject-1.pc polkit-backend-1.pc polkit-agent-1.pc +# ---------------------------------------------------------------------------------------------------- + +itsdir = $(datadir)/gettext/its +its_DATA = polkit.loc polkit.its + CLEANFILES = $(BUILT_SOURCES) EXTRA_DIST = \ diff --git a/data/polkit.its b/data/polkit.its new file mode 100644 index 00000000..1312ecbe --- /dev/null +++ b/data/polkit.its @@ -0,0 +1,7 @@ + + + + diff --git a/data/polkit.loc b/data/polkit.loc new file mode 100644 index 00000000..c7427ec6 --- /dev/null +++ b/data/polkit.loc @@ -0,0 +1,6 @@ + + + + + + -- cgit v1.2.3 From fb51615b0637e39d56250500949c7dc0248ccdae Mon Sep 17 00:00:00 2001 From: Peter Hutterer Date: Thu, 20 Oct 2016 10:50:58 +1000 Subject: gettext: switch to default-translate "no" The default appears to be to translate all entries. This rule never takes effect, the path to /action/message and /action/description is wrong (/action is not a root node). Since we wanted them to be translated, it doesn't matter. But it also translates all other tags (vendor, allow_any, etc.) and that causes polkit to be unhappy, it can't handle the various language versions of "no" ** (polkitd:27434): WARNING **: Unknown PolkitImplicitAuthorization string 'tidak' Switch to a default of "no" and explicitly include the message and description strings to be translated. The patch was modified for PolicyKit by Ondrej Holy . Bug: https://bugs.freedesktop.org/show_bug.cgi?id=98366 Origin: upstream, 0.114, commit:32e9a69c335324a53a2c0ba4e0b513fb044be0fd Gbp-Pq: Topic 0.114 Gbp-Pq: Name gettext-switch-to-default-translate-no.patch --- data/polkit.its | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/data/polkit.its b/data/polkit.its index 1312ecbe..1c37e6be 100644 --- a/data/polkit.its +++ b/data/polkit.its @@ -1,7 +1,8 @@ - + -- cgit v1.2.3 From 8ff5b205327671267387639a35359a2c817f4440 Mon Sep 17 00:00:00 2001 From: Sebastien Bacher Date: Mon, 2 Apr 2018 10:52:47 -0400 Subject: Support polkit session agent running outside user session commit a68f5dfd7662767b7b9822090b70bc5bd145c50c made session applications that are running from a user bus work with polkitd, by falling back to using the currently active session. This commit is similar, but for the polkit agent. It allows, a polkit agent to be run from a systemd --user service that's not running directly in the users session. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=96977 Applied-upstream: 0.114, commit:00a663e3fb14d8023e7cb6a66d091872bf4f2851 Gbp-Pq: Topic 0.114 Gbp-Pq: Name Support-polkit-session-agent-running-outside-user-session.patch --- src/polkit/polkitunixsession-systemd.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/src/polkit/polkitunixsession-systemd.c b/src/polkit/polkitunixsession-systemd.c index 8a8bf65b..c34f36a9 100644 --- a/src/polkit/polkitunixsession-systemd.c +++ b/src/polkit/polkitunixsession-systemd.c @@ -451,6 +451,7 @@ polkit_unix_session_initable_init (GInitable *initable, PolkitUnixSession *session = POLKIT_UNIX_SESSION (initable); gboolean ret = FALSE; char *s; + uid_t uid; if (session->session_id != NULL) { @@ -467,6 +468,19 @@ polkit_unix_session_initable_init (GInitable *initable, goto out; } + /* Now do process -> uid -> graphical session (systemd version 213)*/ + if (sd_pid_get_owner_uid (session->pid, &uid) < 0) + goto error; + + if (sd_uid_get_display (uid, &s) >= 0) + { + session->session_id = g_strdup (s); + free (s); + ret = TRUE; + goto out; + } + +error: g_set_error (error, POLKIT_ERROR, POLKIT_ERROR_FAILED, -- cgit v1.2.3 From 4568486c426e3099b7795f73dbf5b09528158baa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Mon, 25 Jun 2018 19:24:06 +0200 Subject: Fix CVE-2018-1116: Trusting client-supplied UID MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit As part of CVE-2013-4288, the D-Bus clients were allowed (and encouraged) to submit the UID of the subject of authorization checks to avoid races against UID changes (notably using executables set-UID to root). However, that also allowed any client to submit an arbitrary UID, and that could be used to bypass "can only ask about / affect the same UID" checks in CheckAuthorization / RegisterAuthenticationAgent / UnregisterAuthenticationAgent. This allowed an attacker: - With CheckAuthorization, to cause the registered authentication agent in victim's session to pop up a dialog, or to determine whether the victim currently has a temporary authorization to perform an operation. (In principle, the attacker can also determine whether JavaScript rules allow the victim process to perform an operation; however, usually rules base their decisions on information determined from the supplied UID, so the attacker usually won't learn anything new.) - With RegisterAuthenticationAgent, to prevent the victim's authentication agent to work (for a specific victim process), or to learn about which operations requiring authorization the victim is attempting. To fix this, expose internal _polkit_unix_process_get_owner() / obsolete polkit_unix_process_get_owner() as a private polkit_unix_process_get_racy_uid__() (being more explicit about the dangers on relying on it), and use it in polkit_backend_session_monitor_get_user_for_subject() to return a boolean indicating whether the subject UID may be caller-chosen. Then, in the permission checks that require the subject to be equal to the caller, fail on caller-chosen UIDs (and continue through the pre-existing code paths which allow root, or root-designated server processes, to ask about arbitrary subjects.) Signed-off-by: Miloslav Trmač Origin: upstream, 0.115, commit:bc7ffad53643a9c80231fc41f5582d6a8931c32c Gbp-Pq: Topic 0.115 Gbp-Pq: Name Fix-CVE-2018-1116-Trusting-client-supplied-UID.patch --- src/polkit/polkitprivate.h | 2 + src/polkit/polkitunixprocess.c | 60 ++++++++++++++++++---- .../polkitbackendinteractiveauthority.c | 39 +++++++++----- .../polkitbackendsessionmonitor-systemd.c | 38 ++++++++++++-- src/polkitbackend/polkitbackendsessionmonitor.c | 40 +++++++++++++-- src/polkitbackend/polkitbackendsessionmonitor.h | 1 + 6 files changed, 147 insertions(+), 33 deletions(-) diff --git a/src/polkit/polkitprivate.h b/src/polkit/polkitprivate.h index 7f5c4634..6274bc90 100644 --- a/src/polkit/polkitprivate.h +++ b/src/polkit/polkitprivate.h @@ -44,6 +44,8 @@ GVariant *polkit_action_description_to_gvariant (PolkitActionDescription *action GVariant *polkit_subject_to_gvariant (PolkitSubject *subject); GVariant *polkit_identity_to_gvariant (PolkitIdentity *identity); +gint polkit_unix_process_get_racy_uid__ (PolkitUnixProcess *process, GError **error); + PolkitSubject *polkit_subject_new_for_gvariant (GVariant *variant, GError **error); PolkitIdentity *polkit_identity_new_for_gvariant (GVariant *variant, GError **error); diff --git a/src/polkit/polkitunixprocess.c b/src/polkit/polkitunixprocess.c index 913be3ac..464f034c 100644 --- a/src/polkit/polkitunixprocess.c +++ b/src/polkit/polkitunixprocess.c @@ -49,6 +49,14 @@ * To uniquely identify processes, both the process id and the start * time of the process (a monotonic increasing value representing the * time since the kernel was started) is used. + * + * NOTE: This object stores, and provides access to, the real UID of the + * process. That value can change over time (with set*uid*(2) and exec*(2)). + * Checks whether an operation is allowed need to take care to use the UID + * value as of the time when the operation was made (or, following the open() + * privilege check model, when the connection making the operation possible + * was initiated). That is usually done by initializing this with + * polkit_unix_process_new_for_owner() with trusted data. */ /** @@ -83,9 +91,6 @@ static void subject_iface_init (PolkitSubjectIface *subject_iface); static guint64 get_start_time_for_pid (gint pid, GError **error); -static gint _polkit_unix_process_get_owner (PolkitUnixProcess *process, - GError **error); - #ifdef HAVE_FREEBSD static gboolean get_kinfo_proc (gint pid, struct kinfo_proc *p); #endif @@ -170,7 +175,7 @@ polkit_unix_process_constructed (GObject *object) { GError *error; error = NULL; - process->uid = _polkit_unix_process_get_owner (process, &error); + process->uid = polkit_unix_process_get_racy_uid__ (process, &error); if (error != NULL) { process->uid = -1; @@ -259,6 +264,12 @@ polkit_unix_process_class_init (PolkitUnixProcessClass *klass) * Gets the user id for @process. Note that this is the real user-id, * not the effective user-id. * + * NOTE: The UID may change over time, so the returned value may not match the + * current state of the underlying process; or the UID may have been set by + * polkit_unix_process_new_for_owner() or polkit_unix_process_set_uid(), + * in which case it may not correspond to the actual UID of the referenced + * process at all (at any point in time). + * * Returns: The user id for @process or -1 if unknown. */ gint @@ -655,18 +666,26 @@ out: return start_time; } -static gint -_polkit_unix_process_get_owner (PolkitUnixProcess *process, - GError **error) +/* + * Private: Return the "current" UID. Note that this is inherently racy, + * and the value may already be obsolete by the time this function returns; + * this function only guarantees that the UID was valid at some point during + * its execution. + */ +gint +polkit_unix_process_get_racy_uid__ (PolkitUnixProcess *process, + GError **error) { gint result; gchar *contents; gchar **lines; + guint64 start_time; #ifdef HAVE_FREEBSD struct kinfo_proc p; #else gchar filename[64]; guint n; + GError *local_error; #endif g_return_val_if_fail (POLKIT_IS_UNIX_PROCESS (process), 0); @@ -689,6 +708,7 @@ _polkit_unix_process_get_owner (PolkitUnixProcess *process, } result = p.ki_uid; + start_time = (guint64) p.ki_start.tv_sec; #else /* see 'man proc' for layout of the status file @@ -722,17 +742,37 @@ _polkit_unix_process_get_owner (PolkitUnixProcess *process, else { result = real_uid; - goto out; + goto found; } } - g_set_error (error, POLKIT_ERROR, POLKIT_ERROR_FAILED, "Didn't find any line starting with `Uid:' in file %s", filename); + goto out; + +found: + /* The UID and start time are, sadly, not available in a single file. So, + * read the UID first, and then the start time; if the start time is the same + * before and after reading the UID, it couldn't have changed. + */ + local_error = NULL; + start_time = get_start_time_for_pid (process->pid, &local_error); + if (local_error != NULL) + { + g_propagate_error (error, local_error); + goto out; + } #endif + if (process->start_time != start_time) + { + g_set_error (error, POLKIT_ERROR, POLKIT_ERROR_FAILED, + "process with PID %d has been replaced", process->pid); + goto out; + } + out: g_strfreev (lines); g_free (contents); @@ -744,5 +784,5 @@ gint polkit_unix_process_get_owner (PolkitUnixProcess *process, GError **error) { - return _polkit_unix_process_get_owner (process, error); + return polkit_unix_process_get_racy_uid__ (process, error); } diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c index 73d0a0e2..97a8d800 100644 --- a/src/polkitbackend/polkitbackendinteractiveauthority.c +++ b/src/polkitbackend/polkitbackendinteractiveauthority.c @@ -563,7 +563,7 @@ log_result (PolkitBackendInteractiveAuthority *authority, if (polkit_authorization_result_get_is_authorized (result)) log_result_str = "ALLOWING"; - user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, subject, NULL); + user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, subject, NULL, NULL); subject_str = polkit_subject_to_string (subject); @@ -837,6 +837,7 @@ polkit_backend_interactive_authority_check_authorization (PolkitBackendAuthority gchar *subject_str; PolkitIdentity *user_of_caller; PolkitIdentity *user_of_subject; + gboolean user_of_subject_matches; gchar *user_of_caller_str; gchar *user_of_subject_str; PolkitAuthorizationResult *result; @@ -882,7 +883,7 @@ polkit_backend_interactive_authority_check_authorization (PolkitBackendAuthority action_id); user_of_caller = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, - caller, + caller, NULL, &error); if (error != NULL) { @@ -897,7 +898,7 @@ polkit_backend_interactive_authority_check_authorization (PolkitBackendAuthority g_debug (" user of caller is %s", user_of_caller_str); user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, - subject, + subject, &user_of_subject_matches, &error); if (error != NULL) { @@ -927,7 +928,10 @@ polkit_backend_interactive_authority_check_authorization (PolkitBackendAuthority * We only allow this if, and only if, * * - processes may check for another process owned by the *same* user but not - * if details are passed (otherwise you'd be able to spoof the dialog) + * if details are passed (otherwise you'd be able to spoof the dialog); + * the caller supplies the user_of_subject value, so we additionally + * require it to match at least at one point in time (via + * user_of_subject_matches). * * - processes running as uid 0 may check anything and pass any details * @@ -935,7 +939,9 @@ polkit_backend_interactive_authority_check_authorization (PolkitBackendAuthority * then any uid referenced by that annotation is also allowed to check * to check anything and pass any details */ - if (!polkit_identity_equal (user_of_caller, user_of_subject) || has_details) + if (!user_of_subject_matches + || !polkit_identity_equal (user_of_caller, user_of_subject) + || has_details) { if (!may_identity_check_authorization (interactive_authority, action_id, user_of_caller)) { @@ -1102,9 +1108,10 @@ check_authorization_sync (PolkitBackendAuthority *authority, goto out; } - /* every subject has a user */ + /* every subject has a user; this is supplied by the client, so we rely + * on the caller to validate its acceptability. */ user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, - subject, + subject, NULL, error); if (user_of_subject == NULL) goto out; @@ -2319,6 +2326,7 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken PolkitSubject *session_for_caller; PolkitIdentity *user_of_caller; PolkitIdentity *user_of_subject; + gboolean user_of_subject_matches; AuthenticationAgent *agent; gboolean ret; gchar *caller_cmdline; @@ -2371,7 +2379,7 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken goto out; } - user_of_caller = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, caller, NULL); + user_of_caller = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, caller, NULL, NULL); if (user_of_caller == NULL) { g_set_error (error, @@ -2380,7 +2388,7 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken "Cannot determine user of caller"); goto out; } - user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, subject, NULL); + user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, subject, &user_of_subject_matches, NULL); if (user_of_subject == NULL) { g_set_error (error, @@ -2389,7 +2397,8 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken "Cannot determine user of subject"); goto out; } - if (!polkit_identity_equal (user_of_caller, user_of_subject)) + if (!user_of_subject_matches + || !polkit_identity_equal (user_of_caller, user_of_subject)) { if (POLKIT_IS_UNIX_USER (user_of_caller) && polkit_unix_user_get_uid (POLKIT_UNIX_USER (user_of_caller)) == 0) { @@ -2482,6 +2491,7 @@ polkit_backend_interactive_authority_unregister_authentication_agent (PolkitBack PolkitSubject *session_for_caller; PolkitIdentity *user_of_caller; PolkitIdentity *user_of_subject; + gboolean user_of_subject_matches; AuthenticationAgent *agent; gboolean ret; gchar *scope_str; @@ -2530,7 +2540,7 @@ polkit_backend_interactive_authority_unregister_authentication_agent (PolkitBack goto out; } - user_of_caller = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, caller, NULL); + user_of_caller = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, caller, NULL, NULL); if (user_of_caller == NULL) { g_set_error (error, @@ -2539,7 +2549,7 @@ polkit_backend_interactive_authority_unregister_authentication_agent (PolkitBack "Cannot determine user of caller"); goto out; } - user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, subject, NULL); + user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, subject, &user_of_subject_matches, NULL); if (user_of_subject == NULL) { g_set_error (error, @@ -2548,7 +2558,8 @@ polkit_backend_interactive_authority_unregister_authentication_agent (PolkitBack "Cannot determine user of subject"); goto out; } - if (!polkit_identity_equal (user_of_caller, user_of_subject)) + if (!user_of_subject_matches + || !polkit_identity_equal (user_of_caller, user_of_subject)) { if (POLKIT_IS_UNIX_USER (user_of_caller) && polkit_unix_user_get_uid (POLKIT_UNIX_USER (user_of_caller)) == 0) { @@ -2658,7 +2669,7 @@ polkit_backend_interactive_authority_authentication_agent_response (PolkitBacken identity_str); user_of_caller = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, - caller, + caller, NULL, error); if (user_of_caller == NULL) goto out; diff --git a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c index 6bd517ab..773256e3 100644 --- a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c +++ b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c @@ -29,6 +29,7 @@ #include #include +#include #include "polkitbackendsessionmonitor.h" /* @@ -246,26 +247,40 @@ polkit_backend_session_monitor_get_sessions (PolkitBackendSessionMonitor *monito * polkit_backend_session_monitor_get_user: * @monitor: A #PolkitBackendSessionMonitor. * @subject: A #PolkitSubject. + * @result_matches: If not %NULL, set to indicate whether the return value matches current (RACY) state. * @error: Return location for error. * * Gets the user corresponding to @subject or %NULL if no user exists. * + * NOTE: For a #PolkitUnixProcess, the UID is read from @subject (which may + * come from e.g. a D-Bus client), so it may not correspond to the actual UID + * of the referenced process (at any point in time). This is indicated by + * setting @result_matches to %FALSE; the caller may reject such subjects or + * require additional privileges. @result_matches == %TRUE only indicates that + * the UID matched the underlying process at ONE point in time, it may not match + * later. + * * Returns: %NULL if @error is set otherwise a #PolkitUnixUser that should be freed with g_object_unref(). */ PolkitIdentity * polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor *monitor, PolkitSubject *subject, + gboolean *result_matches, GError **error) { PolkitIdentity *ret; - guint32 uid; + gboolean matches; ret = NULL; + matches = FALSE; if (POLKIT_IS_UNIX_PROCESS (subject)) { - uid = polkit_unix_process_get_uid (POLKIT_UNIX_PROCESS (subject)); - if ((gint) uid == -1) + gint subject_uid, current_uid; + GError *local_error; + + subject_uid = polkit_unix_process_get_uid (POLKIT_UNIX_PROCESS (subject)); + if (subject_uid == -1) { g_set_error (error, POLKIT_ERROR, @@ -273,14 +288,24 @@ polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor "Unix process subject does not have uid set"); goto out; } - ret = polkit_unix_user_new (uid); + local_error = NULL; + current_uid = polkit_unix_process_get_racy_uid__ (POLKIT_UNIX_PROCESS (subject), &local_error); + if (local_error != NULL) + { + g_propagate_error (error, local_error); + goto out; + } + ret = polkit_unix_user_new (subject_uid); + matches = (subject_uid == current_uid); } else if (POLKIT_IS_SYSTEM_BUS_NAME (subject)) { ret = (PolkitIdentity*)polkit_system_bus_name_get_user_sync (POLKIT_SYSTEM_BUS_NAME (subject), NULL, error); + matches = TRUE; } else if (POLKIT_IS_UNIX_SESSION (subject)) { + uid_t uid; if (sd_session_get_uid (polkit_unix_session_get_session_id (POLKIT_UNIX_SESSION (subject)), &uid) < 0) { @@ -292,9 +317,14 @@ polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor } ret = polkit_unix_user_new (uid); + matches = TRUE; } out: + if (result_matches != NULL) + { + *result_matches = matches; + } return ret; } diff --git a/src/polkitbackend/polkitbackendsessionmonitor.c b/src/polkitbackend/polkitbackendsessionmonitor.c index e1a9ab3a..ed307559 100644 --- a/src/polkitbackend/polkitbackendsessionmonitor.c +++ b/src/polkitbackend/polkitbackendsessionmonitor.c @@ -27,6 +27,7 @@ #include #include +#include #include "polkitbackendsessionmonitor.h" #define CKDB_PATH "/var/run/ConsoleKit/database" @@ -273,28 +274,40 @@ polkit_backend_session_monitor_get_sessions (PolkitBackendSessionMonitor *monito * polkit_backend_session_monitor_get_user: * @monitor: A #PolkitBackendSessionMonitor. * @subject: A #PolkitSubject. + * @result_matches: If not %NULL, set to indicate whether the return value matches current (RACY) state. * @error: Return location for error. * * Gets the user corresponding to @subject or %NULL if no user exists. * + * NOTE: For a #PolkitUnixProcess, the UID is read from @subject (which may + * come from e.g. a D-Bus client), so it may not correspond to the actual UID + * of the referenced process (at any point in time). This is indicated by + * setting @result_matches to %FALSE; the caller may reject such subjects or + * require additional privileges. @result_matches == %TRUE only indicates that + * the UID matched the underlying process at ONE point in time, it may not match + * later. + * * Returns: %NULL if @error is set otherwise a #PolkitUnixUser that should be freed with g_object_unref(). */ PolkitIdentity * polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor *monitor, PolkitSubject *subject, + gboolean *result_matches, GError **error) { PolkitIdentity *ret; + gboolean matches; GError *local_error; - gchar *group; - guint32 uid; ret = NULL; + matches = FALSE; if (POLKIT_IS_UNIX_PROCESS (subject)) { - uid = polkit_unix_process_get_uid (POLKIT_UNIX_PROCESS (subject)); - if ((gint) uid == -1) + gint subject_uid, current_uid; + + subject_uid = polkit_unix_process_get_uid (POLKIT_UNIX_PROCESS (subject)); + if (subject_uid == -1) { g_set_error (error, POLKIT_ERROR, @@ -302,14 +315,26 @@ polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor "Unix process subject does not have uid set"); goto out; } - ret = polkit_unix_user_new (uid); + local_error = NULL; + current_uid = polkit_unix_process_get_racy_uid__ (POLKIT_UNIX_PROCESS (subject), &local_error); + if (local_error != NULL) + { + g_propagate_error (error, local_error); + goto out; + } + ret = polkit_unix_user_new (subject_uid); + matches = (subject_uid == current_uid); } else if (POLKIT_IS_SYSTEM_BUS_NAME (subject)) { ret = (PolkitIdentity*)polkit_system_bus_name_get_user_sync (POLKIT_SYSTEM_BUS_NAME (subject), NULL, error); + matches = TRUE; } else if (POLKIT_IS_UNIX_SESSION (subject)) { + gint uid; + gchar *group; + if (!ensure_database (monitor, error)) { g_prefix_error (error, "Error getting user for session: Error ensuring CK database at " CKDB_PATH ": "); @@ -328,9 +353,14 @@ polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor g_free (group); ret = polkit_unix_user_new (uid); + matches = TRUE; } out: + if (result_matches != NULL) + { + *result_matches = matches; + } return ret; } diff --git a/src/polkitbackend/polkitbackendsessionmonitor.h b/src/polkitbackend/polkitbackendsessionmonitor.h index 8f8a2cae..3972326b 100644 --- a/src/polkitbackend/polkitbackendsessionmonitor.h +++ b/src/polkitbackend/polkitbackendsessionmonitor.h @@ -47,6 +47,7 @@ GList *polkit_backend_session_monitor_get_sessions (Polkit PolkitIdentity *polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor *monitor, PolkitSubject *subject, + gboolean *result_matches, GError **error); PolkitSubject *polkit_backend_session_monitor_get_session_for_subject (PolkitBackendSessionMonitor *monitor, -- cgit v1.2.3 From a26c1a3eb34d51a98b173d53702301abc10c1472 Mon Sep 17 00:00:00 2001 From: Jan Rybar Date: Thu, 9 Aug 2018 16:46:38 +0200 Subject: Possible resource leak found by static analyzer Origin: upstream, 0.116, commit:542c6ec832919df6a74e16aba574adaeebe35e08 Gbp-Pq: Topic 0.116 Gbp-Pq: Name Possible-resource-leak-found-by-static-analyzer.patch --- src/polkitagent/polkitagentlistener.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/polkitagent/polkitagentlistener.c b/src/polkitagent/polkitagentlistener.c index 2bfda2d5..00038517 100644 --- a/src/polkitagent/polkitagentlistener.c +++ b/src/polkitagent/polkitagentlistener.c @@ -440,6 +440,7 @@ polkit_agent_listener_register_with_options (PolkitAgentListener *listener, server->thread_initialization_error = NULL; g_thread_join (server->thread); server_free (server); + server = NULL; goto out; } } -- cgit v1.2.3 From 8903e1f0a089a92582b801b057db2097eb496123 Mon Sep 17 00:00:00 2001 From: Jan Rybar Date: Wed, 15 Aug 2018 18:50:56 +0200 Subject: Elaborate message printed by polkit when disconnecting from ssh Polkit raises unnecessarily elaborate warning message when user restarts machine from ssh. This message was moved to debug mode. Origin: upstream, 0.116, commit:b1cc525ff5a50e20c9f921f898f0556e07675e58 Gbp-Pq: Topic 0.116 Gbp-Pq: Name Elaborate-message-printed-by-polkit-when-disconnecting-fr.patch --- src/polkitagent/polkitagentlistener.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/src/polkitagent/polkitagentlistener.c b/src/polkitagent/polkitagentlistener.c index 00038517..e0b7b576 100644 --- a/src/polkitagent/polkitagentlistener.c +++ b/src/polkitagent/polkitagentlistener.c @@ -177,10 +177,10 @@ on_notify_authority_owner (GObject *object, owner = polkit_authority_get_owner (server->authority); if (owner == NULL) { - g_printerr ("PolicyKit daemon disconnected from the bus.\n"); + g_debug ("PolicyKit daemon disconnected from the bus.\n"); if (server->is_registered) - g_printerr ("We are no longer a registered authentication agent.\n"); + g_debug ("We are no longer a registered authentication agent.\n"); server->is_registered = FALSE; } @@ -191,17 +191,17 @@ on_notify_authority_owner (GObject *object, { GError *error; - g_printerr ("PolicyKit daemon reconnected to bus.\n"); - g_printerr ("Attempting to re-register as an authentication agent.\n"); + g_debug ("PolicyKit daemon reconnected to bus.\n"); + g_debug ("Attempting to re-register as an authentication agent.\n"); error = NULL; if (server_register (server, &error)) { - g_printerr ("We are now a registered authentication agent.\n"); + g_debug ("We are now a registered authentication agent.\n"); } else { - g_printerr ("Failed to register as an authentication agent: %s\n", error->message); + g_debug ("Failed to register as an authentication agent: %s\n", error->message); g_error_free (error); } } -- cgit v1.2.3 From 5a6f64536da54e2adab1b0fb2c333e87a0eb2d08 Mon Sep 17 00:00:00 2001 From: Jan Rybar Date: Wed, 15 Aug 2018 18:56:43 +0200 Subject: Error message raised on every 'systemctl start' in emergency.target Superuser should know that polkit is not running in emergency.target. If not, basic info with debug sources is offered instead of error message. Other usecases taken into account. Origin: upstream, 0.116, commit:8c1bc8ab182f33a55503d30aa7a4ee96f822d903 Gbp-Pq: Topic 0.116 Gbp-Pq: Name Error-message-raised-on-every-systemctl-start-in-emergenc.patch --- src/programs/pkttyagent.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/programs/pkttyagent.c b/src/programs/pkttyagent.c index 488ca8b2..fe747657 100644 --- a/src/programs/pkttyagent.c +++ b/src/programs/pkttyagent.c @@ -180,7 +180,8 @@ main (int argc, char *argv[]) authority = polkit_authority_get_sync (NULL /* GCancellable* */, &error); if (authority == NULL) { - g_printerr ("Error getting authority: %s (%s, %d)\n", + g_printerr ("Authorization not available. Check if polkit service is running or see debug message for more information.\n"); + g_debug ("Error getting authority: %s (%s, %d)\n", error->message, g_quark_to_string (error->domain), error->code); g_error_free (error); ret = 127; -- cgit v1.2.3 From 9005fca165ab0fa4ba7612df223b93ffa4234a94 Mon Sep 17 00:00:00 2001 From: Richard Hughes Date: Thu, 19 Oct 2017 13:43:22 +0100 Subject: Fix a critical warning on calling polkit_permission_new_sync with no system bus Origin: upstream, 0.116, commit:984d16e6d21c6d6b0fc28d4fe7fe82575a43c95b Gbp-Pq: Topic 0.116 Gbp-Pq: Name Fix-a-critical-warning-on-calling-polkit_permission_new_s.patch --- src/polkit/polkitpermission.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/src/polkit/polkitpermission.c b/src/polkit/polkitpermission.c index f264094d..d4b24591 100644 --- a/src/polkit/polkitpermission.c +++ b/src/polkit/polkitpermission.c @@ -137,10 +137,13 @@ polkit_permission_finalize (GObject *object) g_free (permission->tmp_authz_id); g_object_unref (permission->subject); - g_signal_handlers_disconnect_by_func (permission->authority, - on_authority_changed, - permission); - g_object_unref (permission->authority); + if (permission->authority != NULL) + { + g_signal_handlers_disconnect_by_func (permission->authority, + on_authority_changed, + permission); + g_object_unref (permission->authority); + } if (G_OBJECT_CLASS (polkit_permission_parent_class)->finalize != NULL) G_OBJECT_CLASS (polkit_permission_parent_class)->finalize (object); -- cgit v1.2.3 From e0af6c9680933c1a7d01851d956ebcc0ee007c2a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Mon, 3 Dec 2018 10:28:58 +0100 Subject: Allow negative uids/gids in PolkitUnixUser and Group objects (uid_t) -1 is still used as placeholder to mean "unset". This is OK, since there should be no users with such number, see https://systemd.io/UIDS-GIDS#special-linux-uids. (uid_t) -1 is used as the default value in class initialization. When a user or group above INT32_MAX is created, the numeric uid or gid wraps around to negative when the value is assigned to gint, and polkit gets confused. Let's accept such gids, except for -1. A nicer fix would be to change the underlying type to e.g. uint32 to not have negative values. But this cannot be done without breaking the API, so likely new functions will have to be added (a polkit_unix_user_new variant that takes a unsigned, and the same for _group_new, _set_uid, _get_uid, _set_gid, _get_gid, etc.). This will require a bigger patch. Fixes https://gitlab.freedesktop.org/polkit/polkit/issues/74. (cherry picked from commit 2cb40c4d5feeaa09325522bd7d97910f1b59e379) Gbp-Pq: Topic 0.116 Gbp-Pq: Name Allow-negative-uids-gids-in-PolkitUnixUser-and-Group-obje.patch --- src/polkit/polkitunixgroup.c | 15 +++++++++++---- src/polkit/polkitunixprocess.c | 12 ++++++++---- src/polkit/polkitunixuser.c | 13 ++++++++++--- 3 files changed, 29 insertions(+), 11 deletions(-) diff --git a/src/polkit/polkitunixgroup.c b/src/polkit/polkitunixgroup.c index c57a1aaa..309f6891 100644 --- a/src/polkit/polkitunixgroup.c +++ b/src/polkit/polkitunixgroup.c @@ -71,6 +71,7 @@ G_DEFINE_TYPE_WITH_CODE (PolkitUnixGroup, polkit_unix_group, G_TYPE_OBJECT, static void polkit_unix_group_init (PolkitUnixGroup *unix_group) { + unix_group->gid = -1; /* (git_t) -1 is not a valid GID under Linux */ } static void @@ -100,11 +101,14 @@ polkit_unix_group_set_property (GObject *object, GParamSpec *pspec) { PolkitUnixGroup *unix_group = POLKIT_UNIX_GROUP (object); + gint val; switch (prop_id) { case PROP_GID: - unix_group->gid = g_value_get_int (value); + val = g_value_get_int (value); + g_return_if_fail (val != -1); + unix_group->gid = val; break; default: @@ -131,9 +135,9 @@ polkit_unix_group_class_init (PolkitUnixGroupClass *klass) g_param_spec_int ("gid", "Group ID", "The UNIX group ID", - 0, + G_MININT, G_MAXINT, - 0, + -1, G_PARAM_CONSTRUCT | G_PARAM_READWRITE | G_PARAM_STATIC_NAME | @@ -166,9 +170,10 @@ polkit_unix_group_get_gid (PolkitUnixGroup *group) */ void polkit_unix_group_set_gid (PolkitUnixGroup *group, - gint gid) + gint gid) { g_return_if_fail (POLKIT_IS_UNIX_GROUP (group)); + g_return_if_fail (gid != -1); group->gid = gid; } @@ -183,6 +188,8 @@ polkit_unix_group_set_gid (PolkitUnixGroup *group, PolkitIdentity * polkit_unix_group_new (gint gid) { + g_return_val_if_fail (gid != -1, NULL); + return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_GROUP, "gid", gid, NULL)); diff --git a/src/polkit/polkitunixprocess.c b/src/polkit/polkitunixprocess.c index 464f034c..02a083f7 100644 --- a/src/polkit/polkitunixprocess.c +++ b/src/polkit/polkitunixprocess.c @@ -147,9 +147,14 @@ polkit_unix_process_set_property (GObject *object, polkit_unix_process_set_pid (unix_process, g_value_get_int (value)); break; - case PROP_UID: - polkit_unix_process_set_uid (unix_process, g_value_get_int (value)); + case PROP_UID: { + gint val; + + val = g_value_get_int (value); + g_return_if_fail (val != -1); + polkit_unix_process_set_uid (unix_process, val); break; + } case PROP_START_TIME: polkit_unix_process_set_start_time (unix_process, g_value_get_uint64 (value)); @@ -227,7 +232,7 @@ polkit_unix_process_class_init (PolkitUnixProcessClass *klass) g_param_spec_int ("uid", "User ID", "The UNIX user ID", - -1, + G_MININT, G_MAXINT, -1, G_PARAM_CONSTRUCT | @@ -291,7 +296,6 @@ polkit_unix_process_set_uid (PolkitUnixProcess *process, gint uid) { g_return_if_fail (POLKIT_IS_UNIX_PROCESS (process)); - g_return_if_fail (uid >= -1); process->uid = uid; } diff --git a/src/polkit/polkitunixuser.c b/src/polkit/polkitunixuser.c index 8bfd3a1f..234a6976 100644 --- a/src/polkit/polkitunixuser.c +++ b/src/polkit/polkitunixuser.c @@ -72,6 +72,7 @@ G_DEFINE_TYPE_WITH_CODE (PolkitUnixUser, polkit_unix_user, G_TYPE_OBJECT, static void polkit_unix_user_init (PolkitUnixUser *unix_user) { + unix_user->uid = -1; /* (uid_t) -1 is not a valid UID under Linux */ unix_user->name = NULL; } @@ -112,11 +113,14 @@ polkit_unix_user_set_property (GObject *object, GParamSpec *pspec) { PolkitUnixUser *unix_user = POLKIT_UNIX_USER (object); + gint val; switch (prop_id) { case PROP_UID: - unix_user->uid = g_value_get_int (value); + val = g_value_get_int (value); + g_return_if_fail (val != -1); + unix_user->uid = val; break; default: @@ -144,9 +148,9 @@ polkit_unix_user_class_init (PolkitUnixUserClass *klass) g_param_spec_int ("uid", "User ID", "The UNIX user ID", - 0, + G_MININT, G_MAXINT, - 0, + -1, G_PARAM_CONSTRUCT | G_PARAM_READWRITE | G_PARAM_STATIC_NAME | @@ -182,6 +186,7 @@ polkit_unix_user_set_uid (PolkitUnixUser *user, gint uid) { g_return_if_fail (POLKIT_IS_UNIX_USER (user)); + g_return_if_fail (uid != -1); user->uid = uid; } @@ -196,6 +201,8 @@ polkit_unix_user_set_uid (PolkitUnixUser *user, PolkitIdentity * polkit_unix_user_new (gint uid) { + g_return_val_if_fail (uid != -1, NULL); + return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_USER, "uid", uid, NULL)); -- cgit v1.2.3 From 4ffb16102e501dc5702a73a8c1092a376cfc45a1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Mon, 3 Dec 2018 11:20:34 +0100 Subject: tests: add tests for high uids Modified by Marc Deslauriers for polkit 105 (cherry picked from commit b534a10727455409acd54018a9c91000e7626126) Gbp-Pq: Topic 0.116 Gbp-Pq: Name tests-add-tests-for-high-uids.patch --- test/data/etc/group | 1 + test/data/etc/passwd | 2 ++ .../localauthority/10-test/com.example.pkla | 13 +++++++ .../polkitbackendlocalauthoritytest.c | 41 +++++++++++++++++++++- 4 files changed, 56 insertions(+), 1 deletion(-) diff --git a/test/data/etc/group b/test/data/etc/group index 12ef328b..b9acab97 100644 --- a/test/data/etc/group +++ b/test/data/etc/group @@ -5,3 +5,4 @@ john:x:500: jane:x:501: sally:x:502: henry:x:503: +highuid2:x:4000000000: diff --git a/test/data/etc/passwd b/test/data/etc/passwd index 8544febc..5cf14a56 100644 --- a/test/data/etc/passwd +++ b/test/data/etc/passwd @@ -3,3 +3,5 @@ john:x:500:500:John Done:/home/john:/bin/bash jane:x:501:501:Jane Smith:/home/jane:/bin/bash sally:x:502:502:Sally Derp:/home/sally:/bin/bash henry:x:503:503:Henry Herp:/home/henry:/bin/bash +highuid1:x:2147483648:2147483648:The first high uid:/home/highuid1:/sbin/nologin +highuid2:x:4000000000:4000000000:An example high uid:/home/example:/sbin/nologin diff --git a/test/data/etc/polkit-1/localauthority/10-test/com.example.pkla b/test/data/etc/polkit-1/localauthority/10-test/com.example.pkla index bc64c5e9..a35f9a37 100644 --- a/test/data/etc/polkit-1/localauthority/10-test/com.example.pkla +++ b/test/data/etc/polkit-1/localauthority/10-test/com.example.pkla @@ -12,3 +12,16 @@ ResultAny=no ResultInactive=auth_self ResultActive=yes +[User john can do this] +Identity=unix-user:john +Action=net.company.john_action +ResultAny=no +ResultInactive=auth_self +ResultActive=yes + +[User highuid2 can do this] +Identity=unix-user:highuid2 +Action=net.company.highuid2_action +ResultAny=no +ResultInactive=auth_self +ResultActive=yes diff --git a/test/polkitbackend/polkitbackendlocalauthoritytest.c b/test/polkitbackend/polkitbackendlocalauthoritytest.c index 617c2549..b0bfefef 100644 --- a/test/polkitbackend/polkitbackendlocalauthoritytest.c +++ b/test/polkitbackend/polkitbackendlocalauthoritytest.c @@ -226,7 +226,46 @@ struct auth_context check_authorization_test_data [] = { {"unix-user:jane", TRUE, TRUE, "com.example.awesomeproduct.bar", POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED}, - + /* highuid1 is not a member of group 'users', see test/data/etc/group + * group_membership_with_non_member(highuid22) */ + {"unix-user:highuid2", TRUE, TRUE, "com.example.awesomeproduct.foo", + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN}, + /* highuid2 is not a member of group 'users', see test/data/etc/group + * group_membership_with_non_member(highuid21) */ + {"unix-user:highuid2", TRUE, TRUE, "com.example.awesomeproduct.foo", + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN}, + /* highuid1 is not a member of group 'users', see test/data/etc/group + * group_membership_with_non_member(highuid24) */ + {"unix-user:2147483648", TRUE, TRUE, "com.example.awesomeproduct.foo", + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN}, + /* highuid2 is not a member of group 'users', see test/data/etc/group + * group_membership_with_non_member(highuid23) */ + {"unix-user:4000000000", TRUE, TRUE, "com.example.awesomeproduct.foo", + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN}, + /* john is authorized to do this, see com.example.pkla + * john_action */ + {"unix-user:john", TRUE, TRUE, "net.company.john_action", + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, + POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED}, + /* only john is authorized to do this, see com.example.pkla + * jane_action */ + {"unix-user:jane", TRUE, TRUE, "net.company.john_action", + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN}, + /* highuid2 is authorized to do this, see com.example.pkla + * highuid2_action */ + {"unix-user:highuid2", TRUE, TRUE, "net.company.highuid2_action", + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, + POLKIT_IMPLICIT_AUTHORIZATION_AUTHORIZED}, + /* only highuid2 is authorized to do this, see com.example.pkla + * highuid1_action */ + {"unix-user:highuid1", TRUE, TRUE, "net.company.highuid2_action", + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN, + POLKIT_IMPLICIT_AUTHORIZATION_UNKNOWN}, {NULL}, }; -- cgit v1.2.3 From 992851a49e0c5c4200454eed9f5c6bc980ef1c1f Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Fri, 4 Jan 2019 14:24:48 -0500 Subject: backend: Compare PolkitUnixProcess uids for temporary authorizations It turns out that the combination of `(pid, start time)` is not enough to be unique. For temporary authorizations, we can avoid separate users racing on pid reuse by simply comparing the uid. https://bugs.chromium.org/p/project-zero/issues/detail?id=1692 And the above original email report is included in full in a new comment. Reported-by: Jann Horn Bug: https://gitlab.freedesktop.org/polkit/polkit/issues/75 Origin: upstream, 0.116, commit:6cc6aafee135ba44ea748250d7d29b562ca190e3 Gbp-Pq: Topic 0.116 Gbp-Pq: Name backend-Compare-PolkitUnixProcess-uids-for-temporary-auth.patch --- src/polkit/polkitsubject.c | 2 + src/polkit/polkitunixprocess.c | 71 +++++++++++++++++++++- .../polkitbackendinteractiveauthority.c | 39 +++++++++++- 3 files changed, 110 insertions(+), 2 deletions(-) diff --git a/src/polkit/polkitsubject.c b/src/polkit/polkitsubject.c index 78ec745a..fadcfe9b 100644 --- a/src/polkit/polkitsubject.c +++ b/src/polkit/polkitsubject.c @@ -99,6 +99,8 @@ polkit_subject_hash (PolkitSubject *subject) * @b: A #PolkitSubject. * * Checks if @a and @b are equal, ie. represent the same subject. + * However, avoid calling polkit_subject_equal() to compare two processes; + * for more information see the `PolkitUnixProcess` documentation. * * This function can be used in e.g. g_hash_table_new(). * diff --git a/src/polkit/polkitunixprocess.c b/src/polkit/polkitunixprocess.c index 02a083f7..fc5afa1c 100644 --- a/src/polkit/polkitunixprocess.c +++ b/src/polkit/polkitunixprocess.c @@ -44,7 +44,10 @@ * @title: PolkitUnixProcess * @short_description: Unix processs * - * An object for representing a UNIX process. + * An object for representing a UNIX process. NOTE: This object as + * designed is now known broken; a mechanism to exploit a delay in + * start time in the Linux kernel was identified. Avoid + * calling polkit_subject_equal() to compare two processes. * * To uniquely identify processes, both the process id and the start * time of the process (a monotonic increasing value representing the @@ -59,6 +62,72 @@ * polkit_unix_process_new_for_owner() with trusted data. */ +/* See https://gitlab.freedesktop.org/polkit/polkit/issues/75 + + But quoting the original email in full here to ensure it's preserved: + + From: Jann Horn + Subject: [SECURITY] polkit: temporary auth hijacking via PID reuse and non-atomic fork + Date: Wednesday, October 10, 2018 5:34 PM + +When a (non-root) user attempts to e.g. control systemd units in the system +instance from an active session over DBus, the access is gated by a polkit +policy that requires "auth_admin_keep" auth. This results in an auth prompt +being shown to the user, asking the user to confirm the action by entering the +password of an administrator account. + +After the action has been confirmed, the auth decision for "auth_admin_keep" is +cached for up to five minutes. Subject to some restrictions, similar actions can +then be performed in this timespan without requiring re-auth: + + - The PID of the DBus client requesting the new action must match the PID of + the DBus client requesting the old action (based on SO_PEERCRED information + forwarded by the DBus daemon). + - The "start time" of the client's PID (as seen in /proc/$pid/stat, field 22) + must not have changed. The granularity of this timestamp is in the + millisecond range. + - polkit polls every two seconds whether a process with the expected start time + still exists. If not, the temporary auth entry is purged. + +Without the start time check, this would obviously be buggy because an attacker +could simply wait for the legitimate client to disappear, then create a new +client with the same PID. + +Unfortunately, the start time check is bypassable because fork() is not atomic. +Looking at the source code of copy_process() in the kernel: + + p->start_time = ktime_get_ns(); + p->real_start_time = ktime_get_boot_ns(); + [...] + retval = copy_thread_tls(clone_flags, stack_start, stack_size, p, tls); + if (retval) + goto bad_fork_cleanup_io; + + if (pid != &init_struct_pid) { + pid = alloc_pid(p->nsproxy->pid_ns_for_children); + if (IS_ERR(pid)) { + retval = PTR_ERR(pid); + goto bad_fork_cleanup_thread; + } + } + +The ktime_get_boot_ns() call is where the "start time" of the process is +recorded. The alloc_pid() call is where a free PID is allocated. In between +these, some time passes; and because the copy_thread_tls() call between them can +access userspace memory when sys_clone() is invoked through the 32-bit syscall +entry point, an attacker can even stall the kernel arbitrarily long at this +point (by supplying a pointer into userspace memory that is associated with a +userfaultfd or is backed by a custom FUSE filesystem). + +This means that an attacker can immediately call sys_clone() when the victim +process is created, often resulting in a process that has the exact same start +time reported in procfs; and then the attacker can delay the alloc_pid() call +until after the victim process has died and the PID assignment has cycled +around. This results in an attacker process that polkit can't distinguish from +the victim process. +*/ + + /** * PolkitUnixProcess: * diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c index 97a8d800..1e17dfd5 100644 --- a/src/polkitbackend/polkitbackendinteractiveauthority.c +++ b/src/polkitbackend/polkitbackendinteractiveauthority.c @@ -2870,6 +2870,43 @@ temporary_authorization_store_free (TemporaryAuthorizationStore *store) g_free (store); } +/* See the comment at the top of polkitunixprocess.c */ +static gboolean +subject_equal_for_authz (PolkitSubject *a, + PolkitSubject *b) +{ + if (!polkit_subject_equal (a, b)) + return FALSE; + + /* Now special case unix processes, as we want to protect against + * pid reuse by including the UID. + */ + if (POLKIT_IS_UNIX_PROCESS (a) && POLKIT_IS_UNIX_PROCESS (b)) { + PolkitUnixProcess *ap = (PolkitUnixProcess*)a; + int uid_a = polkit_unix_process_get_uid ((PolkitUnixProcess*)a); + PolkitUnixProcess *bp = (PolkitUnixProcess*)b; + int uid_b = polkit_unix_process_get_uid ((PolkitUnixProcess*)b); + + if (uid_a != -1 && uid_b != -1) + { + if (uid_a == uid_b) + { + return TRUE; + } + else + { + g_printerr ("denying slowfork; pid %d uid %d != %d!\n", + polkit_unix_process_get_pid (ap), + uid_a, uid_b); + return FALSE; + } + } + /* Fall through; one of the uids is unset so we can't reliably compare */ + } + + return TRUE; +} + static gboolean temporary_authorization_store_has_authorization (TemporaryAuthorizationStore *store, PolkitSubject *subject, @@ -2912,7 +2949,7 @@ temporary_authorization_store_has_authorization (TemporaryAuthorizationStore *st TemporaryAuthorization *authorization = l->data; if (strcmp (action_id, authorization->action_id) == 0 && - polkit_subject_equal (subject_to_use, authorization->subject)) + subject_equal_for_authz (subject_to_use, authorization->subject)) { ret = TRUE; if (out_tmp_authz_id != NULL) -- cgit v1.2.3 From 76a109c9c3edbf4c03e5a2ab9e70682c91b5e30e Mon Sep 17 00:00:00 2001 From: Matthew Leeds Date: Tue, 11 Dec 2018 12:04:26 -0800 Subject: Allow uid of -1 for a PolkitUnixProcess Commit 2cb40c4d5 changed PolkitUnixUser, PolkitUnixGroup, and PolkitUnixProcess to allow negative values for their uid/gid properties, since these are values above INT_MAX which wrap around but are still valid, with the exception of -1 which is not valid. However, PolkitUnixProcess allows a uid of -1 to be passed to polkit_unix_process_new_for_owner() which means polkit is expected to figure out the uid on its own (this happens in the _constructed function). So this commit removes the check in polkit_unix_process_set_property() so that new_for_owner() can be used as documented without producing a critical error message. This does not affect the protection against CVE-2018-19788 which is based on creating a user with a UID up to but not including 4294967295 (-1). Gbp-Pq: Topic 0.116 Gbp-Pq: Name Allow-uid-of-1-for-a-PolkitUnixProcess.patch --- src/polkit/polkitunixprocess.c | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/src/polkit/polkitunixprocess.c b/src/polkit/polkitunixprocess.c index fc5afa1c..53537fa5 100644 --- a/src/polkit/polkitunixprocess.c +++ b/src/polkit/polkitunixprocess.c @@ -216,14 +216,9 @@ polkit_unix_process_set_property (GObject *object, polkit_unix_process_set_pid (unix_process, g_value_get_int (value)); break; - case PROP_UID: { - gint val; - - val = g_value_get_int (value); - g_return_if_fail (val != -1); - polkit_unix_process_set_uid (unix_process, val); + case PROP_UID: + polkit_unix_process_set_uid (unix_process, g_value_get_int (value)); break; - } case PROP_START_TIME: polkit_unix_process_set_start_time (unix_process, g_value_get_uint64 (value)); -- cgit v1.2.3 From c3d3eb11e410448761fc57feb6cf95e271c517b9 Mon Sep 17 00:00:00 2001 From: Jan Rybar Date: Fri, 15 Mar 2019 16:07:53 +0000 Subject: pkttyagent: PolkitAgentTextListener leaves echo tty disabled if SIGINT/SIGTERM If no password is typed into terminal during authentication raised by PolkitAgentTextListener, pkttyagent sends kill (it receives from systemctl/hostnamectl e.g.) without chance to restore echoing back on. This cannot be done in on_request() since it's run in a thread without guarantee the signal is distributed there. Origin: upstream, 0.116, commit:bfb722bbe5a503095cc7e860f282b142f5aa75f1 Gbp-Pq: Topic 0.116 Gbp-Pq: Name pkttyagent-PolkitAgentTextListener-leaves-echo-tty-disabl.patch --- src/programs/pkttyagent.c | 57 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 57 insertions(+) diff --git a/src/programs/pkttyagent.c b/src/programs/pkttyagent.c index fe747657..eaccc058 100644 --- a/src/programs/pkttyagent.c +++ b/src/programs/pkttyagent.c @@ -24,6 +24,10 @@ #endif #include +#include +#include +#include +#include #include #define POLKIT_AGENT_I_KNOW_API_IS_SUBJECT_TO_CHANGE #include @@ -47,6 +51,36 @@ usage (int argc, char *argv[]) } +static volatile sig_atomic_t tty_flags_saved; +struct termios ts; +FILE *tty = NULL; +struct sigaction savesigterm, savesigint, savesigtstp; + + +static void tty_handler(int signal) +{ + switch (signal) + { + case SIGTERM: + sigaction (SIGTERM, &savesigterm, NULL); + break; + case SIGINT: + sigaction (SIGINT, &savesigint, NULL); + break; + case SIGTSTP: + sigaction (SIGTSTP, &savesigtstp, NULL); + break; + } + + if (tty_flags_saved) + { + tcsetattr (fileno (tty), TCSAFLUSH, &ts); + } + + kill(getpid(), signal); +} + + int main (int argc, char *argv[]) { @@ -64,6 +98,8 @@ main (int argc, char *argv[]) guint ret = 126; gint notify_fd = -1; GVariantBuilder builder; + struct sigaction sa; + const char *tty_name = NULL; g_type_init (); @@ -232,6 +268,27 @@ main (int argc, char *argv[]) } } +/* Bash leaves tty echo disabled if SIGINT/SIGTERM comes to polkitagenttextlistener.c::on_request(), + but due to threading the handlers cannot take care of the signal there. + Though if controlling terminal cannot be found, the world won't stop spinning. +*/ + tty_name = ctermid(NULL); + if (tty_name != NULL) + { + tty = fopen(tty_name, "r+"); + } + + if (tty != NULL && !tcgetattr (fileno (tty), &ts)) + { + tty_flags_saved = TRUE; + } + + memset (&sa, 0, sizeof (sa)); + sa.sa_handler = &tty_handler; + sigaction (SIGTERM, &sa, &savesigterm); + sigaction (SIGINT, &sa, &savesigint); + sigaction (SIGTSTP, &sa, &savesigtstp); + loop = g_main_loop_new (NULL, FALSE); g_main_loop_run (loop); -- cgit v1.2.3 From 357aacb22508feef529137f42289f1ddec6b81f8 Mon Sep 17 00:00:00 2001 From: Jan Rybar Date: Wed, 2 Jun 2021 15:43:38 +0200 Subject: GHSL-2021-074: authentication bypass vulnerability in polkit initial values returned if error caught Origin: upstream, 0.119, commit:a04d13affe0fa53ff618e07aa8f57f4c0e3b9b81 Bug: https://gitlab.freedesktop.org/polkit/polkit/-/issues/140 Bug-Debian: https://bugs.debian.org/989429 Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2021-3560 Gbp-Pq: Topic 0.119 Gbp-Pq: Name CVE-2021-3560.patch --- src/polkit/polkitsystembusname.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/polkit/polkitsystembusname.c b/src/polkit/polkitsystembusname.c index 8daa12cb..8ed13631 100644 --- a/src/polkit/polkitsystembusname.c +++ b/src/polkit/polkitsystembusname.c @@ -435,6 +435,9 @@ polkit_system_bus_name_get_creds_sync (PolkitSystemBusName *system_bus while (!((data.retrieved_uid && data.retrieved_pid) || data.caught_error)) g_main_context_iteration (tmp_context, TRUE); + if (data.caught_error) + goto out; + if (out_uid) *out_uid = data.uid; if (out_pid) -- cgit v1.2.3 From 4493e9ce3546093aaec4757f7cac82b34dd641b3 Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Wed, 9 Feb 2022 11:31:02 +0000 Subject: pkexec: local privilege escalation (CVE-2021-4034) Origin: upstream, 0.121, commit:a2bf5c9c83b6ae46cbd5c779d3055bff81ded683 Bug: CVE-2021-4034 Gbp-Pq: Topic 0.121 Gbp-Pq: Name pkexec-local-privilege-escalation-CVE-2021-4034.patch --- src/programs/pkcheck.c | 5 +++++ src/programs/pkexec.c | 19 ++++++++++++++++++- 2 files changed, 23 insertions(+), 1 deletion(-) diff --git a/src/programs/pkcheck.c b/src/programs/pkcheck.c index 057e926d..fafffcd5 100644 --- a/src/programs/pkcheck.c +++ b/src/programs/pkcheck.c @@ -353,6 +353,11 @@ main (int argc, char *argv[]) local_agent_handle = NULL; ret = 126; + if (argc < 1) + { + exit(126); + } + g_type_init (); details = polkit_details_new (); diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c index abc660df..6f32b2f3 100644 --- a/src/programs/pkexec.c +++ b/src/programs/pkexec.c @@ -475,6 +475,15 @@ main (int argc, char *argv[]) pid_t pid_of_caller; gpointer local_agent_handle; + + /* + * If 'pkexec' is called THIS wrong, someone's probably evil-doing. Don't be nice, just bail out. + */ + if (argc<1) + { + exit(127); + } + ret = 127; authority = NULL; subject = NULL; @@ -591,7 +600,15 @@ main (int argc, char *argv[]) goto out; } g_free (path); - argv[n] = path = s; + path = s; + + /* argc<2 and pkexec runs just shell, argv is guaranteed to be null-terminated. + * /-less shell shouldn't happen, but let's be defensive and don't write to null-termination + */ + if (argv[n] != NULL) + { + argv[n] = path; + } } if (access (path, F_OK) != 0) { -- cgit v1.2.3 From 5d52b984beee6497666acaf0ce43d2ca393442c3 Mon Sep 17 00:00:00 2001 From: Jan Rybar Date: Mon, 21 Feb 2022 08:29:05 +0000 Subject: CVE-2021-4115 (GHSL-2021-077) fix Origin: upstream, 0.121, commit:41cb093f554da8772362654a128a84dd8a5542a7 Bug: https://gitlab.freedesktop.org/polkit/polkit/-/issues/170 Bug-CVE: https://security-tracker.debian.org/tracker/CVE-2021-4115 Bug-Debian: https://bugs.debian.org/1005784 Gbp-Pq: Topic 0.121 Gbp-Pq: Name CVE-2021-4115-GHSL-2021-077-fix.patch --- src/polkit/polkitsystembusname.c | 38 ++++++++++++++++++++++++++++++++++---- 1 file changed, 34 insertions(+), 4 deletions(-) diff --git a/src/polkit/polkitsystembusname.c b/src/polkit/polkitsystembusname.c index 8ed13631..2fbf5f1f 100644 --- a/src/polkit/polkitsystembusname.c +++ b/src/polkit/polkitsystembusname.c @@ -62,6 +62,10 @@ enum PROP_NAME, }; + +guint8 dbus_call_respond_fails; // has to be global because of callback + + static void subject_iface_init (PolkitSubjectIface *subject_iface); G_DEFINE_TYPE_WITH_CODE (PolkitSystemBusName, polkit_system_bus_name, G_TYPE_OBJECT, @@ -364,6 +368,7 @@ on_retrieved_unix_uid_pid (GObject *src, if (!v) { data->caught_error = TRUE; + dbus_call_respond_fails += 1; } else { @@ -405,6 +410,8 @@ polkit_system_bus_name_get_creds_sync (PolkitSystemBusName *system_bus tmp_context = g_main_context_new (); g_main_context_push_thread_default (tmp_context); + dbus_call_respond_fails = 0; + /* Do two async calls as it's basically as fast as one sync call. */ g_dbus_connection_call (connection, @@ -432,11 +439,34 @@ polkit_system_bus_name_get_creds_sync (PolkitSystemBusName *system_bus on_retrieved_unix_uid_pid, &data); - while (!((data.retrieved_uid && data.retrieved_pid) || data.caught_error)) - g_main_context_iteration (tmp_context, TRUE); + while (TRUE) + { + /* If one dbus call returns error, we must wait until the other call + * calls _call_finish(), otherwise fd leak is possible. + * Resolves: GHSL-2021-077 + */ - if (data.caught_error) - goto out; + if ( (dbus_call_respond_fails > 1) ) + { + // we got two faults, we can leave + goto out; + } + + if ((data.caught_error && (data.retrieved_pid || data.retrieved_uid))) + { + // we got one fault and the other call finally finished, we can leave + goto out; + } + + if ( !(data.retrieved_uid && data.retrieved_pid) ) + { + g_main_context_iteration (tmp_context, TRUE); + } + else + { + break; + } + } if (out_uid) *out_uid = data.uid; -- cgit v1.2.3 From c289d77b8cc236535db8a7e434fa2e6d68d449b7 Mon Sep 17 00:00:00 2001 From: Robert Ancell Date: Wed, 18 Aug 2010 16:26:15 +1000 Subject: Use gettext for translations in .policy files Bug: http://bugs.freedesktop.org/show_bug.cgi?id=29639 Bug-Ubuntu: https://launchpad.net/bugs/619632 Gbp-Pq: Name 02_gettext.patch --- src/polkitbackend/polkitbackendactionpool.c | 49 +++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) diff --git a/src/polkitbackend/polkitbackendactionpool.c b/src/polkitbackend/polkitbackendactionpool.c index b16ed2f9..3b0e4008 100644 --- a/src/polkitbackend/polkitbackendactionpool.c +++ b/src/polkitbackend/polkitbackendactionpool.c @@ -24,6 +24,8 @@ #include #include #include +#include +#include #include #include @@ -44,7 +46,9 @@ typedef struct gchar *vendor_url; gchar *icon_name; gchar *description; + gchar *description_domain; gchar *message; + gchar *message_domain; PolkitImplicitAuthorization implicit_authorization_any; PolkitImplicitAuthorization implicit_authorization_inactive; @@ -65,7 +69,9 @@ parsed_action_free (ParsedAction *action) g_free (action->vendor_url); g_free (action->icon_name); g_free (action->description); + g_free (action->description_domain); g_free (action->message); + g_free (action->message_domain); g_hash_table_unref (action->localized_description); g_hash_table_unref (action->localized_message); @@ -85,6 +91,7 @@ static void ensure_all_files (PolkitBackendActionPool *pool); static const gchar *_localize (GHashTable *translations, const gchar *untranslated, + const gchar *domain, const gchar *lang); typedef struct @@ -385,9 +392,11 @@ polkit_backend_action_pool_get_action (PolkitBackendActionPool *pool, description = _localize (parsed_action->localized_description, parsed_action->description, + parsed_action->description_domain, locale); message = _localize (parsed_action->localized_message, parsed_action->message, + parsed_action->message_domain, locale); ret = polkit_action_description_new (action_id, @@ -603,11 +612,16 @@ typedef struct { GHashTable *policy_messages; char *policy_description_nolang; + char *policy_description_domain; char *policy_message_nolang; + char *policy_message_domain; /* the value of xml:lang for the thing we're reading in _cdata() */ char *elem_lang; + /* the value of gettext-domain for the thing we're reading in _cdata() */ + char *elem_domain; + char *annotate_key; GHashTable *annotations; @@ -629,8 +643,12 @@ pd_unref_action_data (ParserData *pd) g_free (pd->policy_description_nolang); pd->policy_description_nolang = NULL; + g_free (pd->policy_description_domain); + pd->policy_description_domain = NULL; g_free (pd->policy_message_nolang); pd->policy_message_nolang = NULL; + g_free (pd->policy_message_domain); + pd->policy_message_domain = NULL; if (pd->policy_descriptions != NULL) { g_hash_table_unref (pd->policy_descriptions); @@ -650,6 +668,8 @@ pd_unref_action_data (ParserData *pd) } g_free (pd->elem_lang); pd->elem_lang = NULL; + g_free (pd->elem_domain); + pd->elem_domain = NULL; } static void @@ -737,6 +757,10 @@ _start (void *data, const char *el, const char **attr) { pd->elem_lang = g_strdup (attr[1]); } + if (num_attr == 2 && strcmp (attr[0], "gettext-domain") == 0) + { + pd->elem_domain = g_strdup (attr[1]); + } state = STATE_IN_ACTION_DESCRIPTION; } else if (strcmp (el, "message") == 0) @@ -745,6 +769,10 @@ _start (void *data, const char *el, const char **attr) { pd->elem_lang = g_strdup (attr[1]); } + if (num_attr == 2 && strcmp (attr[0], "gettext-domain") == 0) + { + pd->elem_domain = g_strdup (attr[1]); + } state = STATE_IN_ACTION_MESSAGE; } else if (strcmp (el, "vendor") == 0 && num_attr == 0) @@ -847,6 +875,7 @@ _cdata (void *data, const char *s, int len) { g_free (pd->policy_description_nolang); pd->policy_description_nolang = str; + pd->policy_description_domain = g_strdup (pd->elem_domain); str = NULL; } else @@ -863,6 +892,7 @@ _cdata (void *data, const char *s, int len) { g_free (pd->policy_message_nolang); pd->policy_message_nolang = str; + pd->policy_message_domain = g_strdup (pd->elem_domain); str = NULL; } else @@ -960,6 +990,8 @@ _end (void *data, const char *el) g_free (pd->elem_lang); pd->elem_lang = NULL; + g_free (pd->elem_domain); + pd->elem_domain = NULL; switch (pd->state) { @@ -990,7 +1022,9 @@ _end (void *data, const char *el) action->vendor_url = g_strdup (vendor_url); action->icon_name = g_strdup (icon_name); action->description = g_strdup (pd->policy_description_nolang); + action->description_domain = g_strdup (pd->policy_description_domain); action->message = g_strdup (pd->policy_message_nolang); + action->message_domain = g_strdup (pd->policy_message_domain); action->localized_description = pd->policy_descriptions; action->localized_message = pd->policy_messages; @@ -1093,6 +1127,7 @@ error: * _localize: * @translations: a mapping from xml:lang to the value, e.g. 'da' -> 'Smadre', 'en_CA' -> 'Punch, Aye!' * @untranslated: the untranslated value, e.g. 'Punch' + * @domain: the gettext domain for this string. Make be NULL. * @lang: the locale we're interested in, e.g. 'da_DK', 'da', 'en_CA', 'en_US'; basically just $LANG * with the encoding cut off. Maybe be NULL. * @@ -1103,11 +1138,25 @@ error: static const gchar * _localize (GHashTable *translations, const gchar *untranslated, + const gchar *domain, const gchar *lang) { const gchar *result; gchar **langs; guint n; + + if (domain != NULL) + { + gchar *old_locale; + + old_locale = g_strdup (setlocale (LC_ALL, NULL)); + setlocale (LC_ALL, lang); + result = dgettext (domain, untranslated); + setlocale (LC_ALL, old_locale); + g_free (old_locale); + + goto out; + } if (lang == NULL) { -- cgit v1.2.3 From f2dc340217e397bd46d3b8192acd7dfef40973dc Mon Sep 17 00:00:00 2001 From: Michael Biebl Date: Sat, 11 Feb 2012 23:48:29 +0100 Subject: Install systemd service file for polkitd. Forwarded: no, obsoleted by an upstream commit in 0.106 Gbp-Pq: Name 06_systemd-service.patch --- data/org.freedesktop.PolicyKit1.service.in | 1 + 1 file changed, 1 insertion(+) diff --git a/data/org.freedesktop.PolicyKit1.service.in b/data/org.freedesktop.PolicyKit1.service.in index b6cd02b6..fbceb3ff 100644 --- a/data/org.freedesktop.PolicyKit1.service.in +++ b/data/org.freedesktop.PolicyKit1.service.in @@ -2,3 +2,4 @@ Name=org.freedesktop.PolicyKit1 Exec=@libexecdir@/polkitd --no-debug User=root +SystemdService=polkit.service -- cgit v1.2.3 From dfe6a2f69cc431f96a495293cd8c0685cfdf1399 Mon Sep 17 00:00:00 2001 From: Michael Biebl Date: Wed, 8 Jul 2015 02:08:33 +0200 Subject: Build against libsystemd Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779756 Forwarded: no, obsoleted by upstream commit 2291767a014f5a04a92ca6f0eb472794f212ca67 in 0.113 Gbp-Pq: Name 10_build-against-libsystemd.patch --- configure.ac | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/configure.ac b/configure.ac index 388605d2..f55ddb7f 100644 --- a/configure.ac +++ b/configure.ac @@ -160,7 +160,7 @@ AC_ARG_ENABLE([systemd], [enable_systemd=auto]) if test "$enable_systemd" != "no"; then PKG_CHECK_MODULES(SYSTEMD, - [libsystemd-login], + [libsystemd], have_systemd=yes, have_systemd=no) if test "$have_systemd" = "yes"; then @@ -171,7 +171,7 @@ if test "$enable_systemd" != "no"; then LIBS=$save_LIBS else if test "$enable_systemd" = "yes"; then - AC_MSG_ERROR([systemd support requested but libsystemd-login1 library not found]) + AC_MSG_ERROR([systemd support requested but libsystemd library not found]) fi fi fi -- cgit v1.2.3 From cb573aa3ff8607dc654923e86f41ad794c078183 Mon Sep 17 00:00:00 2001 From: Michael Biebl Date: Tue, 27 Nov 2018 18:36:27 +0100 Subject: Move D-Bus policy file to /usr/share/dbus-1/system.d/ To better support stateless systems with an empty /etc, the old location in /etc/dbus-1/system.d/ should only be used for local admin changes. Package provided D-Bus policy files are supposed to be installed in /usr/share/dbus-1/system.d/. This is supported since dbus 1.9.18. https://lists.freedesktop.org/archives/dbus/2015-July/016746.html https://gitlab.freedesktop.org/polkit/polkit/merge_requests/11 Gbp-Pq: Name Move-D-Bus-policy-file-to-usr-share-dbus-1-system.d.patch --- data/Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/Makefile.am b/data/Makefile.am index e1a60aad..3d874390 100644 --- a/data/Makefile.am +++ b/data/Makefile.am @@ -9,7 +9,7 @@ service_DATA = $(service_in_files:.service.in=.service) $(service_DATA): $(service_in_files) Makefile @sed -e "s|\@libexecdir\@|$(libexecdir)|" $< > $@ -dbusconfdir = $(sysconfdir)/dbus-1/system.d +dbusconfdir = $(datadir)/dbus-1/system.d dbusconf_DATA = org.freedesktop.PolicyKit1.conf if POLKIT_AUTHFW_PAM -- cgit v1.2.3 From 783accf44a17ca09c3f84c71ab8b9263b0f37759 Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Thu, 4 Jul 2019 14:12:44 +0100 Subject: Statically link libpolkit-backend1 into polkitd Nothing else in Debian depends on that library: in principle it was meant to be used for pluggable polkit backends, but those never actually happened, and the library's API was never declared stable. Similar to part of 0f830c76 "Nuke polkitbackend library, localauthority backend and extension system" upstream. Signed-off-by: Simon McVittie Gbp-Pq: Name Statically-link-libpolkit-backend1-into-polkitd.patch --- configure.ac | 1 - data/Makefile.am | 2 +- data/polkit-backend-1.pc.in | 11 ------ docs/man/polkit.xml | 6 --- docs/polkit/Makefile.am | 3 -- docs/polkit/polkit-1-docs.xml | 7 ---- docs/polkit/polkit-1-sections.txt | 80 --------------------------------------- docs/polkit/polkit-1.types | 9 ----- src/polkitbackend/Makefile.am | 13 +------ 9 files changed, 2 insertions(+), 130 deletions(-) delete mode 100644 data/polkit-backend-1.pc.in diff --git a/configure.ac b/configure.ac index f55ddb7f..abfdd1f3 100644 --- a/configure.ac +++ b/configure.ac @@ -439,7 +439,6 @@ actions/Makefile data/Makefile data/polkit-1 data/polkit-gobject-1.pc -data/polkit-backend-1.pc data/polkit-agent-1.pc src/Makefile src/polkit/Makefile diff --git a/data/Makefile.am b/data/Makefile.am index 3d874390..dad7c2f2 100644 --- a/data/Makefile.am +++ b/data/Makefile.am @@ -18,7 +18,7 @@ pam_DATA = polkit-1 endif pkgconfigdir = $(libdir)/pkgconfig -pkgconfig_DATA = polkit-gobject-1.pc polkit-backend-1.pc polkit-agent-1.pc +pkgconfig_DATA = polkit-gobject-1.pc polkit-agent-1.pc # ---------------------------------------------------------------------------------------------------- diff --git a/data/polkit-backend-1.pc.in b/data/polkit-backend-1.pc.in deleted file mode 100644 index 7f6197d9..00000000 --- a/data/polkit-backend-1.pc.in +++ /dev/null @@ -1,11 +0,0 @@ -prefix=@prefix@ -exec_prefix=@exec_prefix@ -libdir=@libdir@ -includedir=@includedir@ - -Name: polkit-backend-1 -Description: PolicyKit Backend API -Version: @VERSION@ -Libs: -L${libdir} -lpolkit-backend-1 -Cflags: -I${includedir}/polkit-1 -Requires: polkit-gobject-1 diff --git a/docs/man/polkit.xml b/docs/man/polkit.xml index 188c5141..7933779f 100644 --- a/docs/man/polkit.xml +++ b/docs/man/polkit.xml @@ -115,12 +115,6 @@ System Context | | PolicyKit D-Bus service. - - PolicyKit extensions and authority backends are implemented - using the - libpolkit-backend-1 library. - - See the developer diff --git a/docs/polkit/Makefile.am b/docs/polkit/Makefile.am index fd7123f6..c13372b4 100644 --- a/docs/polkit/Makefile.am +++ b/docs/polkit/Makefile.am @@ -31,8 +31,6 @@ INCLUDES = \ $(GIO_CFLAGS) \ -I$(top_srcdir)/src/polkit \ -I$(top_builddir)/src/polkit \ - -I$(top_srcdir)/src/polkitbackend \ - -I$(top_builddir)/src/polkitbackend \ -I$(top_srcdir)/src/polkitagent \ -I$(top_builddir)/src/polkitagent \ $(NULL) @@ -42,7 +40,6 @@ GTKDOC_LIBS = \ $(GLIB_LIBS) \ $(GIO_LIBS) \ $(top_builddir)/src/polkit/libpolkit-gobject-1.la \ - $(top_builddir)/src/polkitbackend/libpolkit-backend-1.la \ $(top_builddir)/src/polkitagent/libpolkit-agent-1.la \ $(NULL) diff --git a/docs/polkit/polkit-1-docs.xml b/docs/polkit/polkit-1-docs.xml index 21b3681e..ec04b263 100644 --- a/docs/polkit/polkit-1-docs.xml +++ b/docs/polkit/polkit-1-docs.xml @@ -47,13 +47,6 @@ - - Backend API Reference - - - - - Authentication Agent API Reference diff --git a/docs/polkit/polkit-1-sections.txt b/docs/polkit/polkit-1-sections.txt index 38810042..41b37e32 100644 --- a/docs/polkit/polkit-1-sections.txt +++ b/docs/polkit/polkit-1-sections.txt @@ -290,86 +290,6 @@ POLKIT_IS_DETAILS_CLASS POLKIT_DETAILS_GET_CLASS
-
-polkitbackendauthority -PolkitBackendAuthority -POLKIT_BACKEND_AUTHORITY_EXTENSION_POINT_NAME -PolkitBackendAuthority -PolkitBackendAuthorityClass -polkit_backend_authority_get_name -polkit_backend_authority_get_version -polkit_backend_authority_get_features -polkit_backend_authority_check_authorization -polkit_backend_authority_check_authorization_finish -polkit_backend_authority_register_authentication_agent -polkit_backend_authority_unregister_authentication_agent -polkit_backend_authority_authentication_agent_response -polkit_backend_authority_enumerate_actions -polkit_backend_authority_enumerate_temporary_authorizations -polkit_backend_authority_revoke_temporary_authorizations -polkit_backend_authority_revoke_temporary_authorization_by_id -polkit_backend_authority_get -polkit_backend_authority_register -polkit_backend_authority_unregister - -POLKIT_BACKEND_AUTHORITY -POLKIT_BACKEND_IS_AUTHORITY -POLKIT_BACKEND_TYPE_AUTHORITY -polkit_backend_authority_get_type -POLKIT_BACKEND_AUTHORITY_CLASS -POLKIT_BACKEND_IS_AUTHORITY_CLASS -POLKIT_BACKEND_AUTHORITY_GET_CLASS -
- -
-polkitbackendactionlookup -PolkitBackendActionLookup -POLKIT_BACKEND_ACTION_LOOKUP_EXTENSION_POINT_NAME -PolkitBackendActionLookup -PolkitBackendActionLookupIface -polkit_backend_action_lookup_get_message -polkit_backend_action_lookup_get_icon_name -polkit_backend_action_lookup_get_details - -POLKIT_BACKEND_ACTION_LOOKUP -POLKIT_BACKEND_IS_ACTION_LOOKUP -POLKIT_BACKEND_TYPE_ACTION_LOOKUP -polkit_backend_action_lookup_get_type -POLKIT_BACKEND_ACTION_LOOKUP_GET_IFACE -
- -
-polkitbackendlocalauthority -PolkitBackendLocalAuthority -PolkitBackendLocalAuthority -PolkitBackendLocalAuthorityClass - -POLKIT_BACKEND_LOCAL_AUTHORITY -POLKIT_BACKEND_IS_LOCAL_AUTHORITY -POLKIT_BACKEND_TYPE_LOCAL_AUTHORITY -polkit_backend_local_authority_get_type -POLKIT_BACKEND_LOCAL_AUTHORITY_CLASS -POLKIT_BACKEND_IS_LOCAL_AUTHORITY_CLASS -POLKIT_BACKEND_LOCAL_AUTHORITY_GET_CLASS -
- -
-polkitbackendinteractiveauthority -PolkitBackendInteractiveAuthority -PolkitBackendInteractiveAuthority -PolkitBackendInteractiveAuthorityClass -polkit_backend_interactive_authority_get_admin_identities -polkit_backend_interactive_authority_check_authorization_sync - -POLKIT_BACKEND_INTERACTIVE_AUTHORITY -POLKIT_BACKEND_IS_INTERACTIVE_AUTHORITY -POLKIT_BACKEND_TYPE_INTERACTIVE_AUTHORITY -polkit_backend_interactive_authority_get_type -POLKIT_BACKEND_INTERACTIVE_AUTHORITY_CLASS -POLKIT_BACKEND_IS_INTERACTIVE_AUTHORITY_CLASS -POLKIT_BACKEND_INTERACTIVE_AUTHORITY_GET_CLASS -
-
polkitagentsession PolkitAgentSession diff --git a/docs/polkit/polkit-1.types b/docs/polkit/polkit-1.types index b1e13cc5..6354d125 100644 --- a/docs/polkit/polkit-1.types +++ b/docs/polkit/polkit-1.types @@ -16,15 +16,6 @@ polkit_authorization_result_get_type polkit_temporary_authorization_get_type polkit_permission_get_type -polkit_backend_authority_get_type -polkit_backend_interactive_authority_get_type -polkit_backend_local_authority_get_type -polkit_backend_action_lookup_get_type -polkit_backend_action_pool_get_type -polkit_backend_session_monitor_get_type -polkit_backend_config_source_get_type -polkit_backend_local_authorization_store_get_type - polkit_agent_session_get_type polkit_agent_listener_get_type polkit_agent_text_listener_get_type diff --git a/src/polkitbackend/Makefile.am b/src/polkitbackend/Makefile.am index b91cafa9..cb25a6b5 100644 --- a/src/polkitbackend/Makefile.am +++ b/src/polkitbackend/Makefile.am @@ -16,18 +16,7 @@ INCLUDES = \ -D_REENTRANT \ $(NULL) -lib_LTLIBRARIES=libpolkit-backend-1.la - -libpolkit_backend_1includedir=$(includedir)/polkit-1/polkitbackend - -libpolkit_backend_1include_HEADERS = \ - polkitbackend.h \ - polkitbackendtypes.h \ - polkitbackendauthority.h \ - polkitbackendinteractiveauthority.h \ - polkitbackendlocalauthority.h \ - polkitbackendactionlookup.h \ - $(NULL) +noinst_LTLIBRARIES=libpolkit-backend-1.la libpolkit_backend_1_la_SOURCES = \ $(BUILT_SOURCES) \ -- cgit v1.2.3 From 9a1e27173cd77d3459098a47b834cbd3092dbf2d Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Thu, 4 Jul 2019 14:30:29 +0100 Subject: Remove example null backend There's no point in this now that we've removed the ability to extend polkit. Signed-off-by: Simon McVittie Gbp-Pq: Name Remove-example-null-backend.patch --- configure.ac | 1 - docs/polkit/overview.xml | 34 ---------------------------------- src/Makefile.am | 2 +- 3 files changed, 1 insertion(+), 36 deletions(-) diff --git a/configure.ac b/configure.ac index abfdd1f3..22b9a192 100644 --- a/configure.ac +++ b/configure.ac @@ -447,7 +447,6 @@ src/polkitagent/Makefile src/polkitd/Makefile src/programs/Makefile src/examples/Makefile -src/nullbackend/Makefile docs/version.xml docs/extensiondir.xml docs/Makefile diff --git a/docs/polkit/overview.xml b/docs/polkit/overview.xml index 8ddb34cc..92515794 100644 --- a/docs/polkit/overview.xml +++ b/docs/polkit/overview.xml @@ -91,38 +91,4 @@ information on standard output. - - - Extending polkit - - polkit exports a number of extension points to - replace/customize behavior of the polkit daemon. Note that - all extensions run with super user privileges in the same - process as the polkit daemon. - - - The polkit daemons loads extensions - from the &extensiondir; directory. See - the GIO Extension Point - documentation for more information about the extension - system used by polkit. - - - The following extension points are currently defined by - polkit: - - - - POLKIT_BACKEND_AUTHORITY_EXTENSION_POINT_NAME - - Allows replacing the Authority – the entity responsible for - making authorization decisions. Implementations of this - extension point must be derived from the - PolkitBackendAuthority class. See - the src/nullbackend/ directory in the - polkit sources for an example. - - - - diff --git a/src/Makefile.am b/src/Makefile.am index 28c7bfa8..3380fb2c 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -1,5 +1,5 @@ -SUBDIRS = polkit polkitbackend polkitagent polkitd nullbackend programs +SUBDIRS = polkit polkitbackend polkitagent polkitd programs if BUILD_EXAMPLES SUBDIRS += examples -- cgit v1.2.3 From 7afff43847bc1c8e54230926128ac23a6661024b Mon Sep 17 00:00:00 2001 From: Michael Biebl Date: Tue, 2 Oct 2007 22:38:04 +0200 Subject: Use Debian's common-* PAM infrastructure, plus pam_env Forwarded: not-needed, Debian-specific Gbp-Pq: Topic debian Gbp-Pq: Name 01_pam_polkit.patch --- data/polkit-1.in | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/data/polkit-1.in b/data/polkit-1.in index 142dadd3..6f8af2a0 100644 --- a/data/polkit-1.in +++ b/data/polkit-1.in @@ -1,6 +1,8 @@ #%PAM-1.0 -auth include @PAM_FILE_INCLUDE_AUTH@ -account include @PAM_FILE_INCLUDE_ACCOUNT@ -password include @PAM_FILE_INCLUDE_PASSWORD@ -session include @PAM_FILE_INCLUDE_SESSION@ +@include common-auth +@include common-account +@include common-password +session required pam_env.so readenv=1 user_readenv=0 +session required pam_env.so readenv=1 envfile=/etc/default/locale user_readenv=0 +@include common-session-noninteractive -- cgit v1.2.3 From e6cb72264a14714f41af69b5e38782cb1eded252 Mon Sep 17 00:00:00 2001 From: Michael Biebl Date: Fri, 9 Dec 2011 00:31:21 +0100 Subject: Revert "Default to AdminIdentities=unix-group:wheel for local authority" This reverts commit 763faf434b445c20ae9529100d3ef5290976d0c9. On Red Hat derivatives, every member of group 'wheel' is necessarily privileged. On Debian derivatives, there is no wheel group, and gid 0 (root) is not used in this way. Change the default rule to consider uid 0 to be privileged, instead. On Red Hat derivatives, 50-default.rules is not preserved by upgrades; on dpkg-based systems, it is a proper conffile and may be edited (at the sysadmin's own risk), so the comment about not editing it is misleading. [smcv: added longer explanation of why we make this change; remove unrelated cosmetic change to a man page] Forwarded: not-needed, Debian-specific Gbp-Pq: Topic debian Gbp-Pq: Name 05_revert-admin-identities-unix-group-wheel.patch --- src/polkitbackend/50-localauthority.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/polkitbackend/50-localauthority.conf b/src/polkitbackend/50-localauthority.conf index 5e44bde0..20e0ba34 100644 --- a/src/polkitbackend/50-localauthority.conf +++ b/src/polkitbackend/50-localauthority.conf @@ -7,4 +7,4 @@ # [Configuration] -AdminIdentities=unix-group:wheel +AdminIdentities=unix-user:0 -- cgit v1.2.3 From 744690c86e16a559657050d5edf9559555d84c6c Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Wed, 23 Feb 2022 19:17:45 +0000 Subject: Fix a crash when authorization is implied If authorization for one action is implied by authorization for another action, the previous code unreffed result_details but did not set it to null, and then jumped to "out" which tries to unref it again. This will often be a use-after-free that leads to a crash. This would often not be noticeable in practice, because polkitd gets restarted automatically by D-Bus activation. Commit 3b7868b3 "Make it possible for JS code to change details" deleted this code as part of a larger refactor in newer upstream versions, but we are 9 years behind upstream as a result of it not being clear how best to handle the JavaScript dependency in newer versions. Forwarded: not-needed, part of a larger commit upstream Gbp-Pq: Name Fix-a-crash-when-authorization-is-implied.patch --- src/polkitbackend/polkitbackendinteractiveauthority.c | 1 - 1 file changed, 1 deletion(-) diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c index 1e17dfd5..31852141 100644 --- a/src/polkitbackend/polkitbackendinteractiveauthority.c +++ b/src/polkitbackend/polkitbackendinteractiveauthority.c @@ -1232,7 +1232,6 @@ check_authorization_sync (PolkitBackendAuthority *authority, g_debug (" is authorized (implied by %s)", imply_action_id); result = implied_result; /* cleanup */ - g_object_unref (result_details); g_strfreev (tokens); goto out; } -- cgit v1.2.3 From a5db21b14dd74233bdec201e9b03da1f17fdd648 Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Fri, 10 Jun 2022 14:20:51 +0100 Subject: Install 50-default.rules in /usr/share Same rationale as https://gitlab.freedesktop.org/polkit/polkit/-/merge_requests/11 and https://gitlab.freedesktop.org/polkit/polkit/-/merge_requests/72 /etc is for local admin changes, upstream/vendor config files should go in /usr/share Origin: upstream, 122, commit:b6538f6e9cc956959494aff0eeade3a0b5733103 Gbp-Pq: Name Install-50-default.rules-in-usr-share.patch --- src/polkitbackend/meson.build | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/polkitbackend/meson.build b/src/polkitbackend/meson.build index 7c5d4438..c35e6c2f 100644 --- a/src/polkitbackend/meson.build +++ b/src/polkitbackend/meson.build @@ -61,7 +61,7 @@ libpolkit_backend = static_library( install_data( '50-default.rules', - install_dir: pk_pkgsysconfdir / 'rules.d', + install_dir: pk_pkgdatadir / 'rules.d', ) program = 'polkitd' -- cgit v1.2.3 From 8747371a5e8725b6f59bc32ee0633152586598a8 Mon Sep 17 00:00:00 2001 From: Jordan Petridis Date: Tue, 19 Jul 2022 16:58:09 +0300 Subject: polkitbackendduktapeauthority.c: Print the error string we get back from duktape Looks like it was a typo. Origin: upstream, 122, commit:138e4f4f0c3337981cb734f36a35ae578536c336 Gbp-Pq: Name polkitbackendduktapeauthority.c-Print-the-error-string-we.patch --- src/polkitbackend/polkitbackendduktapeauthority.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/polkitbackend/polkitbackendduktapeauthority.c b/src/polkitbackend/polkitbackendduktapeauthority.c index c89dbcf5..20cee0b6 100644 --- a/src/polkitbackend/polkitbackendduktapeauthority.c +++ b/src/polkitbackend/polkitbackendduktapeauthority.c @@ -590,7 +590,7 @@ runaway_killer_thread_call_js (gpointer user_data) if (duk_pcall_prop (cx, 0, 2) != DUK_EXEC_SUCCESS) { polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (ctx->authority), - "Error evaluating admin rules: ", + "Error evaluating admin rules: %s", duk_safe_to_string (cx, -1)); goto err; } -- cgit v1.2.3 From 61fa7f4405934e9cd02944776f83b23c0ef4d69d Mon Sep 17 00:00:00 2001 From: Robert Ancell Date: Wed, 18 Aug 2010 16:26:15 +1000 Subject: Use gettext for translations in .policy files Bug: http://bugs.freedesktop.org/show_bug.cgi?id=29639 Bug-Ubuntu: https://launchpad.net/bugs/619632 Gbp-Pq: Name 02_gettext.patch --- src/polkitbackend/polkitbackendactionpool.c | 49 +++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) diff --git a/src/polkitbackend/polkitbackendactionpool.c b/src/polkitbackend/polkitbackendactionpool.c index 3894fe91..955e3ba7 100644 --- a/src/polkitbackend/polkitbackendactionpool.c +++ b/src/polkitbackend/polkitbackendactionpool.c @@ -24,6 +24,8 @@ #include #include #include +#include +#include #include #include @@ -44,7 +46,9 @@ typedef struct gchar *vendor_url; gchar *icon_name; gchar *description; + gchar *description_domain; gchar *message; + gchar *message_domain; PolkitImplicitAuthorization implicit_authorization_any; PolkitImplicitAuthorization implicit_authorization_inactive; @@ -65,7 +69,9 @@ parsed_action_free (ParsedAction *action) g_free (action->vendor_url); g_free (action->icon_name); g_free (action->description); + g_free (action->description_domain); g_free (action->message); + g_free (action->message_domain); g_hash_table_unref (action->localized_description); g_hash_table_unref (action->localized_message); @@ -85,6 +91,7 @@ static void ensure_all_files (PolkitBackendActionPool *pool); static const gchar *_localize (GHashTable *translations, const gchar *untranslated, + const gchar *domain, const gchar *lang); typedef struct @@ -385,9 +392,11 @@ polkit_backend_action_pool_get_action (PolkitBackendActionPool *pool, description = _localize (parsed_action->localized_description, parsed_action->description, + parsed_action->description_domain, locale); message = _localize (parsed_action->localized_message, parsed_action->message, + parsed_action->message_domain, locale); ret = polkit_action_description_new (action_id, @@ -603,11 +612,16 @@ typedef struct { GHashTable *policy_messages; char *policy_description_nolang; + char *policy_description_domain; char *policy_message_nolang; + char *policy_message_domain; /* the value of xml:lang for the thing we're reading in _cdata() */ char *elem_lang; + /* the value of gettext-domain for the thing we're reading in _cdata() */ + char *elem_domain; + char *annotate_key; GHashTable *annotations; @@ -629,8 +643,12 @@ pd_unref_action_data (ParserData *pd) g_free (pd->policy_description_nolang); pd->policy_description_nolang = NULL; + g_free (pd->policy_description_domain); + pd->policy_description_domain = NULL; g_free (pd->policy_message_nolang); pd->policy_message_nolang = NULL; + g_free (pd->policy_message_domain); + pd->policy_message_domain = NULL; if (pd->policy_descriptions != NULL) { g_hash_table_unref (pd->policy_descriptions); @@ -650,6 +668,8 @@ pd_unref_action_data (ParserData *pd) } g_free (pd->elem_lang); pd->elem_lang = NULL; + g_free (pd->elem_domain); + pd->elem_domain = NULL; } static void @@ -737,6 +757,10 @@ _start (void *data, const char *el, const char **attr) { pd->elem_lang = g_strdup (attr[1]); } + if (num_attr == 2 && strcmp (attr[0], "gettext-domain") == 0) + { + pd->elem_domain = g_strdup (attr[1]); + } state = STATE_IN_ACTION_DESCRIPTION; } else if (strcmp (el, "message") == 0) @@ -745,6 +769,10 @@ _start (void *data, const char *el, const char **attr) { pd->elem_lang = g_strdup (attr[1]); } + if (num_attr == 2 && strcmp (attr[0], "gettext-domain") == 0) + { + pd->elem_domain = g_strdup (attr[1]); + } state = STATE_IN_ACTION_MESSAGE; } else if (strcmp (el, "vendor") == 0 && num_attr == 0) @@ -847,6 +875,7 @@ _cdata (void *data, const char *s, int len) { g_free (pd->policy_description_nolang); pd->policy_description_nolang = str; + pd->policy_description_domain = g_strdup (pd->elem_domain); str = NULL; } else @@ -863,6 +892,7 @@ _cdata (void *data, const char *s, int len) { g_free (pd->policy_message_nolang); pd->policy_message_nolang = str; + pd->policy_message_domain = g_strdup (pd->elem_domain); str = NULL; } else @@ -960,6 +990,8 @@ _end (void *data, const char *el) g_free (pd->elem_lang); pd->elem_lang = NULL; + g_free (pd->elem_domain); + pd->elem_domain = NULL; switch (pd->state) { @@ -990,7 +1022,9 @@ _end (void *data, const char *el) action->vendor_url = g_strdup (vendor_url); action->icon_name = g_strdup (icon_name); action->description = g_strdup (pd->policy_description_nolang); + action->description_domain = g_strdup (pd->policy_description_domain); action->message = g_strdup (pd->policy_message_nolang); + action->message_domain = g_strdup (pd->policy_message_domain); action->localized_description = pd->policy_descriptions; action->localized_message = pd->policy_messages; @@ -1093,6 +1127,7 @@ error: * _localize: * @translations: a mapping from xml:lang to the value, e.g. 'da' -> 'Smadre', 'en_CA' -> 'Punch, Aye!' * @untranslated: the untranslated value, e.g. 'Punch' + * @domain: the gettext domain for this string. Make be NULL. * @lang: the locale we're interested in, e.g. 'da_DK', 'da', 'en_CA', 'en_US'; basically just $LANG * with the encoding cut off. Maybe be NULL. * @@ -1103,11 +1138,25 @@ error: static const gchar * _localize (GHashTable *translations, const gchar *untranslated, + const gchar *domain, const gchar *lang) { const gchar *result; gchar **langs; guint n; + + if (domain != NULL) + { + gchar *old_locale; + + old_locale = g_strdup (setlocale (LC_ALL, NULL)); + setlocale (LC_ALL, lang); + result = dgettext (domain, untranslated); + setlocale (LC_ALL, old_locale); + g_free (old_locale); + + goto out; + } if (lang == NULL) { -- cgit v1.2.3 From 583fad1f79d02ee9cc9356400315faf9f7087d25 Mon Sep 17 00:00:00 2001 From: Michael Biebl Date: Mon, 7 Jan 2013 23:59:52 +0100 Subject: Explicitly use chdir("/") instead of relying on ~user being set properly Gbp-Pq: Name 08_chdir_root.patch --- src/polkitbackend/polkitd.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/polkitbackend/polkitd.c b/src/polkitbackend/polkitd.c index c3ec32f3..9de1b718 100644 --- a/src/polkitbackend/polkitd.c +++ b/src/polkitbackend/polkitd.c @@ -141,10 +141,10 @@ become_user (const gchar *user, goto out; } - if (chdir (pw->pw_dir) != 0) + if (chdir ("/") != 0) { g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED, - "Error changing to home directory %s: %m", + "Error changing to root directory %s: %m", pw->pw_dir); goto out; } -- cgit v1.2.3 From f2ed6b6677fd9e677d5f6faac62e766ca31483d4 Mon Sep 17 00:00:00 2001 From: Michael Biebl Date: Tue, 2 Oct 2007 22:38:04 +0200 Subject: Use Debian's common-* PAM infrastructure, plus pam_env Forwarded: not-needed, Debian-specific Gbp-Pq: Topic debian Gbp-Pq: Name 01_pam_polkit.patch --- data/polkit-1.in | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/data/polkit-1.in b/data/polkit-1.in index 142dadd3..6f8af2a0 100644 --- a/data/polkit-1.in +++ b/data/polkit-1.in @@ -1,6 +1,8 @@ #%PAM-1.0 -auth include @PAM_FILE_INCLUDE_AUTH@ -account include @PAM_FILE_INCLUDE_ACCOUNT@ -password include @PAM_FILE_INCLUDE_PASSWORD@ -session include @PAM_FILE_INCLUDE_SESSION@ +@include common-auth +@include common-account +@include common-password +session required pam_env.so readenv=1 user_readenv=0 +session required pam_env.so readenv=1 envfile=/etc/default/locale user_readenv=0 +@include common-session-noninteractive -- cgit v1.2.3 From 4b701d3438d25da1c4d18dd9b61bc577f30cfcbb Mon Sep 17 00:00:00 2001 From: Michael Biebl Date: Fri, 9 Dec 2011 00:31:21 +0100 Subject: Revert "Default to AdminIdentities=unix-group:wheel for local authority" This reverts commit 763faf434b445c20ae9529100d3ef5290976d0c9. On Red Hat derivatives, every member of group 'wheel' is necessarily privileged. On Debian derivatives, there is no wheel group, and gid 0 (root) is not used in this way. Change the default rule to consider uid 0 to be privileged, instead. On Red Hat derivatives, 50-default.rules is not preserved by upgrades; on dpkg-based systems, it is a proper conffile and may be edited (at the sysadmin's own risk), so the comment about not editing it is misleading. [smcv: added longer explanation of why we make these changes] Forwarded: not-needed, Debian-specific Gbp-Pq: Topic debian Gbp-Pq: Name 05_revert-admin-identities-unix-group-wheel.patch --- src/polkitbackend/50-default.rules | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/src/polkitbackend/50-default.rules b/src/polkitbackend/50-default.rules index f427ae18..ef1215a3 100644 --- a/src/polkitbackend/50-default.rules +++ b/src/polkitbackend/50-default.rules @@ -1,12 +1,10 @@ /* -*- mode: js; js-indent-level: 4; indent-tabs-mode: nil -*- */ -// DO NOT EDIT THIS FILE, it will be overwritten on update -// // Default rules for polkit // // See the polkit(8) man page for more information // about configuring polkit. polkit.addAdminRule(function(action, subject) { - return ["unix-group:wheel"]; + return ["unix-user:0"]; }); -- cgit v1.2.3 From 9bca357c26f5170326108a136b3d589bb38ab690 Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Fri, 10 Jun 2022 14:20:51 +0100 Subject: Install 50-default.rules in /usr/share Same rationale as https://gitlab.freedesktop.org/polkit/polkit/-/merge_requests/11 and https://gitlab.freedesktop.org/polkit/polkit/-/merge_requests/72 /etc is for local admin changes, upstream/vendor config files should go in /usr/share Origin: upstream, 122, commit:b6538f6e9cc956959494aff0eeade3a0b5733103 Gbp-Pq: Name Install-50-default.rules-in-usr-share.patch --- src/polkitbackend/meson.build | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/polkitbackend/meson.build b/src/polkitbackend/meson.build index 7c5d4438..c35e6c2f 100644 --- a/src/polkitbackend/meson.build +++ b/src/polkitbackend/meson.build @@ -61,7 +61,7 @@ libpolkit_backend = static_library( install_data( '50-default.rules', - install_dir: pk_pkgsysconfdir / 'rules.d', + install_dir: pk_pkgdatadir / 'rules.d', ) program = 'polkitd' -- cgit v1.2.3 From 6c2577fcdcd81c4c97bfbe2777e573b568f62f08 Mon Sep 17 00:00:00 2001 From: Jordan Petridis Date: Tue, 19 Jul 2022 16:58:09 +0300 Subject: polkitbackendduktapeauthority.c: Print the error string we get back from duktape Looks like it was a typo. Origin: upstream, 122, commit:138e4f4f0c3337981cb734f36a35ae578536c336 Gbp-Pq: Name polkitbackendduktapeauthority.c-Print-the-error-string-we.patch --- src/polkitbackend/polkitbackendduktapeauthority.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/polkitbackend/polkitbackendduktapeauthority.c b/src/polkitbackend/polkitbackendduktapeauthority.c index c89dbcf5..20cee0b6 100644 --- a/src/polkitbackend/polkitbackendduktapeauthority.c +++ b/src/polkitbackend/polkitbackendduktapeauthority.c @@ -590,7 +590,7 @@ runaway_killer_thread_call_js (gpointer user_data) if (duk_pcall_prop (cx, 0, 2) != DUK_EXEC_SUCCESS) { polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (ctx->authority), - "Error evaluating admin rules: ", + "Error evaluating admin rules: %s", duk_safe_to_string (cx, -1)); goto err; } -- cgit v1.2.3 From ea5df9ef48d0a97e123ab8a23b2b63ffe9e7b47d Mon Sep 17 00:00:00 2001 From: Robert Ancell Date: Wed, 18 Aug 2010 16:26:15 +1000 Subject: Use gettext for translations in .policy files Bug: http://bugs.freedesktop.org/show_bug.cgi?id=29639 Bug-Ubuntu: https://launchpad.net/bugs/619632 Gbp-Pq: Name 02_gettext.patch --- src/polkitbackend/polkitbackendactionpool.c | 49 +++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) diff --git a/src/polkitbackend/polkitbackendactionpool.c b/src/polkitbackend/polkitbackendactionpool.c index 3894fe91..955e3ba7 100644 --- a/src/polkitbackend/polkitbackendactionpool.c +++ b/src/polkitbackend/polkitbackendactionpool.c @@ -24,6 +24,8 @@ #include #include #include +#include +#include #include #include @@ -44,7 +46,9 @@ typedef struct gchar *vendor_url; gchar *icon_name; gchar *description; + gchar *description_domain; gchar *message; + gchar *message_domain; PolkitImplicitAuthorization implicit_authorization_any; PolkitImplicitAuthorization implicit_authorization_inactive; @@ -65,7 +69,9 @@ parsed_action_free (ParsedAction *action) g_free (action->vendor_url); g_free (action->icon_name); g_free (action->description); + g_free (action->description_domain); g_free (action->message); + g_free (action->message_domain); g_hash_table_unref (action->localized_description); g_hash_table_unref (action->localized_message); @@ -85,6 +91,7 @@ static void ensure_all_files (PolkitBackendActionPool *pool); static const gchar *_localize (GHashTable *translations, const gchar *untranslated, + const gchar *domain, const gchar *lang); typedef struct @@ -385,9 +392,11 @@ polkit_backend_action_pool_get_action (PolkitBackendActionPool *pool, description = _localize (parsed_action->localized_description, parsed_action->description, + parsed_action->description_domain, locale); message = _localize (parsed_action->localized_message, parsed_action->message, + parsed_action->message_domain, locale); ret = polkit_action_description_new (action_id, @@ -603,11 +612,16 @@ typedef struct { GHashTable *policy_messages; char *policy_description_nolang; + char *policy_description_domain; char *policy_message_nolang; + char *policy_message_domain; /* the value of xml:lang for the thing we're reading in _cdata() */ char *elem_lang; + /* the value of gettext-domain for the thing we're reading in _cdata() */ + char *elem_domain; + char *annotate_key; GHashTable *annotations; @@ -629,8 +643,12 @@ pd_unref_action_data (ParserData *pd) g_free (pd->policy_description_nolang); pd->policy_description_nolang = NULL; + g_free (pd->policy_description_domain); + pd->policy_description_domain = NULL; g_free (pd->policy_message_nolang); pd->policy_message_nolang = NULL; + g_free (pd->policy_message_domain); + pd->policy_message_domain = NULL; if (pd->policy_descriptions != NULL) { g_hash_table_unref (pd->policy_descriptions); @@ -650,6 +668,8 @@ pd_unref_action_data (ParserData *pd) } g_free (pd->elem_lang); pd->elem_lang = NULL; + g_free (pd->elem_domain); + pd->elem_domain = NULL; } static void @@ -737,6 +757,10 @@ _start (void *data, const char *el, const char **attr) { pd->elem_lang = g_strdup (attr[1]); } + if (num_attr == 2 && strcmp (attr[0], "gettext-domain") == 0) + { + pd->elem_domain = g_strdup (attr[1]); + } state = STATE_IN_ACTION_DESCRIPTION; } else if (strcmp (el, "message") == 0) @@ -745,6 +769,10 @@ _start (void *data, const char *el, const char **attr) { pd->elem_lang = g_strdup (attr[1]); } + if (num_attr == 2 && strcmp (attr[0], "gettext-domain") == 0) + { + pd->elem_domain = g_strdup (attr[1]); + } state = STATE_IN_ACTION_MESSAGE; } else if (strcmp (el, "vendor") == 0 && num_attr == 0) @@ -847,6 +875,7 @@ _cdata (void *data, const char *s, int len) { g_free (pd->policy_description_nolang); pd->policy_description_nolang = str; + pd->policy_description_domain = g_strdup (pd->elem_domain); str = NULL; } else @@ -863,6 +892,7 @@ _cdata (void *data, const char *s, int len) { g_free (pd->policy_message_nolang); pd->policy_message_nolang = str; + pd->policy_message_domain = g_strdup (pd->elem_domain); str = NULL; } else @@ -960,6 +990,8 @@ _end (void *data, const char *el) g_free (pd->elem_lang); pd->elem_lang = NULL; + g_free (pd->elem_domain); + pd->elem_domain = NULL; switch (pd->state) { @@ -990,7 +1022,9 @@ _end (void *data, const char *el) action->vendor_url = g_strdup (vendor_url); action->icon_name = g_strdup (icon_name); action->description = g_strdup (pd->policy_description_nolang); + action->description_domain = g_strdup (pd->policy_description_domain); action->message = g_strdup (pd->policy_message_nolang); + action->message_domain = g_strdup (pd->policy_message_domain); action->localized_description = pd->policy_descriptions; action->localized_message = pd->policy_messages; @@ -1093,6 +1127,7 @@ error: * _localize: * @translations: a mapping from xml:lang to the value, e.g. 'da' -> 'Smadre', 'en_CA' -> 'Punch, Aye!' * @untranslated: the untranslated value, e.g. 'Punch' + * @domain: the gettext domain for this string. Make be NULL. * @lang: the locale we're interested in, e.g. 'da_DK', 'da', 'en_CA', 'en_US'; basically just $LANG * with the encoding cut off. Maybe be NULL. * @@ -1103,11 +1138,25 @@ error: static const gchar * _localize (GHashTable *translations, const gchar *untranslated, + const gchar *domain, const gchar *lang) { const gchar *result; gchar **langs; guint n; + + if (domain != NULL) + { + gchar *old_locale; + + old_locale = g_strdup (setlocale (LC_ALL, NULL)); + setlocale (LC_ALL, lang); + result = dgettext (domain, untranslated); + setlocale (LC_ALL, old_locale); + g_free (old_locale); + + goto out; + } if (lang == NULL) { -- cgit v1.2.3 From 01981d453f7e2fd9e368e75f30fe0166394f7130 Mon Sep 17 00:00:00 2001 From: Michael Biebl Date: Mon, 7 Jan 2013 23:59:52 +0100 Subject: Explicitly use chdir("/") instead of relying on ~user being set properly Gbp-Pq: Name 08_chdir_root.patch --- src/polkitbackend/polkitd.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/polkitbackend/polkitd.c b/src/polkitbackend/polkitd.c index c3ec32f3..9de1b718 100644 --- a/src/polkitbackend/polkitd.c +++ b/src/polkitbackend/polkitd.c @@ -141,10 +141,10 @@ become_user (const gchar *user, goto out; } - if (chdir (pw->pw_dir) != 0) + if (chdir ("/") != 0) { g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED, - "Error changing to home directory %s: %m", + "Error changing to root directory %s: %m", pw->pw_dir); goto out; } -- cgit v1.2.3 From 6faeba15bcdb8218b13719641d37f86568643737 Mon Sep 17 00:00:00 2001 From: Michael Biebl Date: Tue, 2 Oct 2007 22:38:04 +0200 Subject: Use Debian's common-* PAM infrastructure, plus pam_env Forwarded: not-needed, Debian-specific Gbp-Pq: Topic debian Gbp-Pq: Name 01_pam_polkit.patch --- data/polkit-1.in | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/data/polkit-1.in b/data/polkit-1.in index 142dadd3..6f8af2a0 100644 --- a/data/polkit-1.in +++ b/data/polkit-1.in @@ -1,6 +1,8 @@ #%PAM-1.0 -auth include @PAM_FILE_INCLUDE_AUTH@ -account include @PAM_FILE_INCLUDE_ACCOUNT@ -password include @PAM_FILE_INCLUDE_PASSWORD@ -session include @PAM_FILE_INCLUDE_SESSION@ +@include common-auth +@include common-account +@include common-password +session required pam_env.so readenv=1 user_readenv=0 +session required pam_env.so readenv=1 envfile=/etc/default/locale user_readenv=0 +@include common-session-noninteractive -- cgit v1.2.3 From 7764db5cfa336be176f0a6fc44db2c5171256e59 Mon Sep 17 00:00:00 2001 From: Michael Biebl Date: Fri, 9 Dec 2011 00:31:21 +0100 Subject: Revert "Default to AdminIdentities=unix-group:wheel for local authority" This reverts commit 763faf434b445c20ae9529100d3ef5290976d0c9. On Red Hat derivatives, every member of group 'wheel' is necessarily privileged. On Debian derivatives, there is no wheel group, and gid 0 (root) is not used in this way. Change the default rule to consider uid 0 to be privileged, instead. On Red Hat derivatives, 50-default.rules is not preserved by upgrades; on dpkg-based systems, it is a proper conffile and may be edited (at the sysadmin's own risk), so the comment about not editing it is misleading. [smcv: added longer explanation of why we make these changes] Forwarded: not-needed, Debian-specific Gbp-Pq: Topic debian Gbp-Pq: Name 05_revert-admin-identities-unix-group-wheel.patch --- src/polkitbackend/50-default.rules | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/src/polkitbackend/50-default.rules b/src/polkitbackend/50-default.rules index f427ae18..ef1215a3 100644 --- a/src/polkitbackend/50-default.rules +++ b/src/polkitbackend/50-default.rules @@ -1,12 +1,10 @@ /* -*- mode: js; js-indent-level: 4; indent-tabs-mode: nil -*- */ -// DO NOT EDIT THIS FILE, it will be overwritten on update -// // Default rules for polkit // // See the polkit(8) man page for more information // about configuring polkit. polkit.addAdminRule(function(action, subject) { - return ["unix-group:wheel"]; + return ["unix-user:0"]; }); -- cgit v1.2.3 From 4987bc9379a13f8a7c0716a988d824332bed6550 Mon Sep 17 00:00:00 2001 From: Robert Ancell Date: Wed, 18 Aug 2010 16:26:15 +1000 Subject: Use gettext for translations in .policy files Bug: http://bugs.freedesktop.org/show_bug.cgi?id=29639 Bug-Ubuntu: https://launchpad.net/bugs/619632 Gbp-Pq: Name 02_gettext.patch --- src/polkitbackend/polkitbackendactionpool.c | 49 +++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) diff --git a/src/polkitbackend/polkitbackendactionpool.c b/src/polkitbackend/polkitbackendactionpool.c index 3894fe91..955e3ba7 100644 --- a/src/polkitbackend/polkitbackendactionpool.c +++ b/src/polkitbackend/polkitbackendactionpool.c @@ -24,6 +24,8 @@ #include #include #include +#include +#include #include #include @@ -44,7 +46,9 @@ typedef struct gchar *vendor_url; gchar *icon_name; gchar *description; + gchar *description_domain; gchar *message; + gchar *message_domain; PolkitImplicitAuthorization implicit_authorization_any; PolkitImplicitAuthorization implicit_authorization_inactive; @@ -65,7 +69,9 @@ parsed_action_free (ParsedAction *action) g_free (action->vendor_url); g_free (action->icon_name); g_free (action->description); + g_free (action->description_domain); g_free (action->message); + g_free (action->message_domain); g_hash_table_unref (action->localized_description); g_hash_table_unref (action->localized_message); @@ -85,6 +91,7 @@ static void ensure_all_files (PolkitBackendActionPool *pool); static const gchar *_localize (GHashTable *translations, const gchar *untranslated, + const gchar *domain, const gchar *lang); typedef struct @@ -385,9 +392,11 @@ polkit_backend_action_pool_get_action (PolkitBackendActionPool *pool, description = _localize (parsed_action->localized_description, parsed_action->description, + parsed_action->description_domain, locale); message = _localize (parsed_action->localized_message, parsed_action->message, + parsed_action->message_domain, locale); ret = polkit_action_description_new (action_id, @@ -603,11 +612,16 @@ typedef struct { GHashTable *policy_messages; char *policy_description_nolang; + char *policy_description_domain; char *policy_message_nolang; + char *policy_message_domain; /* the value of xml:lang for the thing we're reading in _cdata() */ char *elem_lang; + /* the value of gettext-domain for the thing we're reading in _cdata() */ + char *elem_domain; + char *annotate_key; GHashTable *annotations; @@ -629,8 +643,12 @@ pd_unref_action_data (ParserData *pd) g_free (pd->policy_description_nolang); pd->policy_description_nolang = NULL; + g_free (pd->policy_description_domain); + pd->policy_description_domain = NULL; g_free (pd->policy_message_nolang); pd->policy_message_nolang = NULL; + g_free (pd->policy_message_domain); + pd->policy_message_domain = NULL; if (pd->policy_descriptions != NULL) { g_hash_table_unref (pd->policy_descriptions); @@ -650,6 +668,8 @@ pd_unref_action_data (ParserData *pd) } g_free (pd->elem_lang); pd->elem_lang = NULL; + g_free (pd->elem_domain); + pd->elem_domain = NULL; } static void @@ -737,6 +757,10 @@ _start (void *data, const char *el, const char **attr) { pd->elem_lang = g_strdup (attr[1]); } + if (num_attr == 2 && strcmp (attr[0], "gettext-domain") == 0) + { + pd->elem_domain = g_strdup (attr[1]); + } state = STATE_IN_ACTION_DESCRIPTION; } else if (strcmp (el, "message") == 0) @@ -745,6 +769,10 @@ _start (void *data, const char *el, const char **attr) { pd->elem_lang = g_strdup (attr[1]); } + if (num_attr == 2 && strcmp (attr[0], "gettext-domain") == 0) + { + pd->elem_domain = g_strdup (attr[1]); + } state = STATE_IN_ACTION_MESSAGE; } else if (strcmp (el, "vendor") == 0 && num_attr == 0) @@ -847,6 +875,7 @@ _cdata (void *data, const char *s, int len) { g_free (pd->policy_description_nolang); pd->policy_description_nolang = str; + pd->policy_description_domain = g_strdup (pd->elem_domain); str = NULL; } else @@ -863,6 +892,7 @@ _cdata (void *data, const char *s, int len) { g_free (pd->policy_message_nolang); pd->policy_message_nolang = str; + pd->policy_message_domain = g_strdup (pd->elem_domain); str = NULL; } else @@ -960,6 +990,8 @@ _end (void *data, const char *el) g_free (pd->elem_lang); pd->elem_lang = NULL; + g_free (pd->elem_domain); + pd->elem_domain = NULL; switch (pd->state) { @@ -990,7 +1022,9 @@ _end (void *data, const char *el) action->vendor_url = g_strdup (vendor_url); action->icon_name = g_strdup (icon_name); action->description = g_strdup (pd->policy_description_nolang); + action->description_domain = g_strdup (pd->policy_description_domain); action->message = g_strdup (pd->policy_message_nolang); + action->message_domain = g_strdup (pd->policy_message_domain); action->localized_description = pd->policy_descriptions; action->localized_message = pd->policy_messages; @@ -1093,6 +1127,7 @@ error: * _localize: * @translations: a mapping from xml:lang to the value, e.g. 'da' -> 'Smadre', 'en_CA' -> 'Punch, Aye!' * @untranslated: the untranslated value, e.g. 'Punch' + * @domain: the gettext domain for this string. Make be NULL. * @lang: the locale we're interested in, e.g. 'da_DK', 'da', 'en_CA', 'en_US'; basically just $LANG * with the encoding cut off. Maybe be NULL. * @@ -1103,11 +1138,25 @@ error: static const gchar * _localize (GHashTable *translations, const gchar *untranslated, + const gchar *domain, const gchar *lang) { const gchar *result; gchar **langs; guint n; + + if (domain != NULL) + { + gchar *old_locale; + + old_locale = g_strdup (setlocale (LC_ALL, NULL)); + setlocale (LC_ALL, lang); + result = dgettext (domain, untranslated); + setlocale (LC_ALL, old_locale); + g_free (old_locale); + + goto out; + } if (lang == NULL) { -- cgit v1.2.3 From 71482b0f4b0fd3d6fd00c2aa516b5b5bc4f69afb Mon Sep 17 00:00:00 2001 From: Michael Biebl Date: Mon, 7 Jan 2013 23:59:52 +0100 Subject: Explicitly use chdir("/") instead of relying on ~user being set properly Gbp-Pq: Name 08_chdir_root.patch --- src/polkitbackend/polkitd.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/polkitbackend/polkitd.c b/src/polkitbackend/polkitd.c index c3ec32f3..9de1b718 100644 --- a/src/polkitbackend/polkitd.c +++ b/src/polkitbackend/polkitd.c @@ -141,10 +141,10 @@ become_user (const gchar *user, goto out; } - if (chdir (pw->pw_dir) != 0) + if (chdir ("/") != 0) { g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED, - "Error changing to home directory %s: %m", + "Error changing to root directory %s: %m", pw->pw_dir); goto out; } -- cgit v1.2.3 From e2886991a909e661a6854c859ceefb5992980939 Mon Sep 17 00:00:00 2001 From: Michael Biebl Date: Tue, 2 Oct 2007 22:38:04 +0200 Subject: Use Debian's common-* PAM infrastructure, plus pam_env Forwarded: not-needed, Debian-specific Gbp-Pq: Topic debian Gbp-Pq: Name 01_pam_polkit.patch --- data/polkit-1.in | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/data/polkit-1.in b/data/polkit-1.in index 142dadd3..6f8af2a0 100644 --- a/data/polkit-1.in +++ b/data/polkit-1.in @@ -1,6 +1,8 @@ #%PAM-1.0 -auth include @PAM_FILE_INCLUDE_AUTH@ -account include @PAM_FILE_INCLUDE_ACCOUNT@ -password include @PAM_FILE_INCLUDE_PASSWORD@ -session include @PAM_FILE_INCLUDE_SESSION@ +@include common-auth +@include common-account +@include common-password +session required pam_env.so readenv=1 user_readenv=0 +session required pam_env.so readenv=1 envfile=/etc/default/locale user_readenv=0 +@include common-session-noninteractive -- cgit v1.2.3 From 55ede7e59047ab3a36765a9eaa3f718d2f5762bc Mon Sep 17 00:00:00 2001 From: Michael Biebl Date: Fri, 9 Dec 2011 00:31:21 +0100 Subject: Revert "Default to AdminIdentities=unix-group:wheel for local authority" This reverts commit 763faf434b445c20ae9529100d3ef5290976d0c9. On Red Hat derivatives, every member of group 'wheel' is necessarily privileged. On Debian derivatives, there is no wheel group, and gid 0 (root) is not used in this way. Change the default rule to consider uid 0 to be privileged, instead. On Red Hat derivatives, 50-default.rules is not preserved by upgrades; on dpkg-based systems, it is a proper conffile and may be edited (at the sysadmin's own risk), so the comment about not editing it is misleading. [smcv: added longer explanation of why we make these changes] Forwarded: not-needed, Debian-specific Gbp-Pq: Topic debian Gbp-Pq: Name 05_revert-admin-identities-unix-group-wheel.patch --- src/polkitbackend/50-default.rules | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/src/polkitbackend/50-default.rules b/src/polkitbackend/50-default.rules index f427ae18..ef1215a3 100644 --- a/src/polkitbackend/50-default.rules +++ b/src/polkitbackend/50-default.rules @@ -1,12 +1,10 @@ /* -*- mode: js; js-indent-level: 4; indent-tabs-mode: nil -*- */ -// DO NOT EDIT THIS FILE, it will be overwritten on update -// // Default rules for polkit // // See the polkit(8) man page for more information // about configuring polkit. polkit.addAdminRule(function(action, subject) { - return ["unix-group:wheel"]; + return ["unix-user:0"]; }); -- cgit v1.2.3 From 4afcfed5d204846a581c24799523bb7b90656167 Mon Sep 17 00:00:00 2001 From: Robert Ancell Date: Wed, 18 Aug 2010 16:26:15 +1000 Subject: Use gettext for translations in .policy files Bug: http://bugs.freedesktop.org/show_bug.cgi?id=29639 Bug-Ubuntu: https://launchpad.net/bugs/619632 Gbp-Pq: Name 02_gettext.patch --- src/polkitbackend/polkitbackendactionpool.c | 49 +++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) diff --git a/src/polkitbackend/polkitbackendactionpool.c b/src/polkitbackend/polkitbackendactionpool.c index 3894fe91..955e3ba7 100644 --- a/src/polkitbackend/polkitbackendactionpool.c +++ b/src/polkitbackend/polkitbackendactionpool.c @@ -24,6 +24,8 @@ #include #include #include +#include +#include #include #include @@ -44,7 +46,9 @@ typedef struct gchar *vendor_url; gchar *icon_name; gchar *description; + gchar *description_domain; gchar *message; + gchar *message_domain; PolkitImplicitAuthorization implicit_authorization_any; PolkitImplicitAuthorization implicit_authorization_inactive; @@ -65,7 +69,9 @@ parsed_action_free (ParsedAction *action) g_free (action->vendor_url); g_free (action->icon_name); g_free (action->description); + g_free (action->description_domain); g_free (action->message); + g_free (action->message_domain); g_hash_table_unref (action->localized_description); g_hash_table_unref (action->localized_message); @@ -85,6 +91,7 @@ static void ensure_all_files (PolkitBackendActionPool *pool); static const gchar *_localize (GHashTable *translations, const gchar *untranslated, + const gchar *domain, const gchar *lang); typedef struct @@ -385,9 +392,11 @@ polkit_backend_action_pool_get_action (PolkitBackendActionPool *pool, description = _localize (parsed_action->localized_description, parsed_action->description, + parsed_action->description_domain, locale); message = _localize (parsed_action->localized_message, parsed_action->message, + parsed_action->message_domain, locale); ret = polkit_action_description_new (action_id, @@ -603,11 +612,16 @@ typedef struct { GHashTable *policy_messages; char *policy_description_nolang; + char *policy_description_domain; char *policy_message_nolang; + char *policy_message_domain; /* the value of xml:lang for the thing we're reading in _cdata() */ char *elem_lang; + /* the value of gettext-domain for the thing we're reading in _cdata() */ + char *elem_domain; + char *annotate_key; GHashTable *annotations; @@ -629,8 +643,12 @@ pd_unref_action_data (ParserData *pd) g_free (pd->policy_description_nolang); pd->policy_description_nolang = NULL; + g_free (pd->policy_description_domain); + pd->policy_description_domain = NULL; g_free (pd->policy_message_nolang); pd->policy_message_nolang = NULL; + g_free (pd->policy_message_domain); + pd->policy_message_domain = NULL; if (pd->policy_descriptions != NULL) { g_hash_table_unref (pd->policy_descriptions); @@ -650,6 +668,8 @@ pd_unref_action_data (ParserData *pd) } g_free (pd->elem_lang); pd->elem_lang = NULL; + g_free (pd->elem_domain); + pd->elem_domain = NULL; } static void @@ -737,6 +757,10 @@ _start (void *data, const char *el, const char **attr) { pd->elem_lang = g_strdup (attr[1]); } + if (num_attr == 2 && strcmp (attr[0], "gettext-domain") == 0) + { + pd->elem_domain = g_strdup (attr[1]); + } state = STATE_IN_ACTION_DESCRIPTION; } else if (strcmp (el, "message") == 0) @@ -745,6 +769,10 @@ _start (void *data, const char *el, const char **attr) { pd->elem_lang = g_strdup (attr[1]); } + if (num_attr == 2 && strcmp (attr[0], "gettext-domain") == 0) + { + pd->elem_domain = g_strdup (attr[1]); + } state = STATE_IN_ACTION_MESSAGE; } else if (strcmp (el, "vendor") == 0 && num_attr == 0) @@ -847,6 +875,7 @@ _cdata (void *data, const char *s, int len) { g_free (pd->policy_description_nolang); pd->policy_description_nolang = str; + pd->policy_description_domain = g_strdup (pd->elem_domain); str = NULL; } else @@ -863,6 +892,7 @@ _cdata (void *data, const char *s, int len) { g_free (pd->policy_message_nolang); pd->policy_message_nolang = str; + pd->policy_message_domain = g_strdup (pd->elem_domain); str = NULL; } else @@ -960,6 +990,8 @@ _end (void *data, const char *el) g_free (pd->elem_lang); pd->elem_lang = NULL; + g_free (pd->elem_domain); + pd->elem_domain = NULL; switch (pd->state) { @@ -990,7 +1022,9 @@ _end (void *data, const char *el) action->vendor_url = g_strdup (vendor_url); action->icon_name = g_strdup (icon_name); action->description = g_strdup (pd->policy_description_nolang); + action->description_domain = g_strdup (pd->policy_description_domain); action->message = g_strdup (pd->policy_message_nolang); + action->message_domain = g_strdup (pd->policy_message_domain); action->localized_description = pd->policy_descriptions; action->localized_message = pd->policy_messages; @@ -1093,6 +1127,7 @@ error: * _localize: * @translations: a mapping from xml:lang to the value, e.g. 'da' -> 'Smadre', 'en_CA' -> 'Punch, Aye!' * @untranslated: the untranslated value, e.g. 'Punch' + * @domain: the gettext domain for this string. Make be NULL. * @lang: the locale we're interested in, e.g. 'da_DK', 'da', 'en_CA', 'en_US'; basically just $LANG * with the encoding cut off. Maybe be NULL. * @@ -1103,11 +1138,25 @@ error: static const gchar * _localize (GHashTable *translations, const gchar *untranslated, + const gchar *domain, const gchar *lang) { const gchar *result; gchar **langs; guint n; + + if (domain != NULL) + { + gchar *old_locale; + + old_locale = g_strdup (setlocale (LC_ALL, NULL)); + setlocale (LC_ALL, lang); + result = dgettext (domain, untranslated); + setlocale (LC_ALL, old_locale); + g_free (old_locale); + + goto out; + } if (lang == NULL) { -- cgit v1.2.3 From de8647f3f43d1fa288393d166d5f1f3e57e5d197 Mon Sep 17 00:00:00 2001 From: Michael Biebl Date: Mon, 7 Jan 2013 23:59:52 +0100 Subject: Explicitly use chdir("/") instead of relying on ~user being set properly Gbp-Pq: Name 08_chdir_root.patch --- src/polkitbackend/polkitd.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/polkitbackend/polkitd.c b/src/polkitbackend/polkitd.c index c3ec32f3..9de1b718 100644 --- a/src/polkitbackend/polkitd.c +++ b/src/polkitbackend/polkitd.c @@ -141,10 +141,10 @@ become_user (const gchar *user, goto out; } - if (chdir (pw->pw_dir) != 0) + if (chdir ("/") != 0) { g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED, - "Error changing to home directory %s: %m", + "Error changing to root directory %s: %m", pw->pw_dir); goto out; } -- cgit v1.2.3 From 61e970adddbdddc2896c34b6d20a52eb0730510e Mon Sep 17 00:00:00 2001 From: Michael Biebl Date: Tue, 2 Oct 2007 22:38:04 +0200 Subject: Use Debian's common-* PAM infrastructure, plus pam_env Forwarded: not-needed, Debian-specific Gbp-Pq: Topic debian Gbp-Pq: Name 01_pam_polkit.patch --- data/polkit-1.in | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/data/polkit-1.in b/data/polkit-1.in index 142dadd3..6f8af2a0 100644 --- a/data/polkit-1.in +++ b/data/polkit-1.in @@ -1,6 +1,8 @@ #%PAM-1.0 -auth include @PAM_FILE_INCLUDE_AUTH@ -account include @PAM_FILE_INCLUDE_ACCOUNT@ -password include @PAM_FILE_INCLUDE_PASSWORD@ -session include @PAM_FILE_INCLUDE_SESSION@ +@include common-auth +@include common-account +@include common-password +session required pam_env.so readenv=1 user_readenv=0 +session required pam_env.so readenv=1 envfile=/etc/default/locale user_readenv=0 +@include common-session-noninteractive -- cgit v1.2.3 From d6c7e6717e9f8be9db9b45634caa68343edd76ea Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Fri, 20 Jan 2023 09:54:35 +0000 Subject: 50-default.rules: Replace wheel group with sudo group On Red Hat derivatives, every member of group 'wheel' is necessarily privileged. On Debian derivatives, there is no 'wheel' group, and the equivalent is group 'sudo' as documented in the base-passwd package. Based on a 2011 change by Michael Biebl. Co-authored-by: Michael Biebl Forwarded: not-needed, Debian-specific Gbp-Pq: Topic debian Gbp-Pq: Name 50-default.rules-Replace-wheel-group-with-sudo-group.patch --- src/polkitbackend/50-default.rules | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/polkitbackend/50-default.rules b/src/polkitbackend/50-default.rules index f427ae18..1f038fc2 100644 --- a/src/polkitbackend/50-default.rules +++ b/src/polkitbackend/50-default.rules @@ -8,5 +8,5 @@ // about configuring polkit. polkit.addAdminRule(function(action, subject) { - return ["unix-group:wheel"]; + return ["unix-group:sudo"]; }); -- cgit v1.2.3 From 50ec553c59f8b32620d647ef8ba6a3d1792f2971 Mon Sep 17 00:00:00 2001 From: Robert Ancell Date: Wed, 18 Aug 2010 16:26:15 +1000 Subject: Use gettext for translations in .policy files Bug: http://bugs.freedesktop.org/show_bug.cgi?id=29639 Bug-Ubuntu: https://launchpad.net/bugs/619632 Gbp-Pq: Name 02_gettext.patch --- src/polkitbackend/polkitbackendactionpool.c | 49 +++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) diff --git a/src/polkitbackend/polkitbackendactionpool.c b/src/polkitbackend/polkitbackendactionpool.c index 3894fe91..955e3ba7 100644 --- a/src/polkitbackend/polkitbackendactionpool.c +++ b/src/polkitbackend/polkitbackendactionpool.c @@ -24,6 +24,8 @@ #include #include #include +#include +#include #include #include @@ -44,7 +46,9 @@ typedef struct gchar *vendor_url; gchar *icon_name; gchar *description; + gchar *description_domain; gchar *message; + gchar *message_domain; PolkitImplicitAuthorization implicit_authorization_any; PolkitImplicitAuthorization implicit_authorization_inactive; @@ -65,7 +69,9 @@ parsed_action_free (ParsedAction *action) g_free (action->vendor_url); g_free (action->icon_name); g_free (action->description); + g_free (action->description_domain); g_free (action->message); + g_free (action->message_domain); g_hash_table_unref (action->localized_description); g_hash_table_unref (action->localized_message); @@ -85,6 +91,7 @@ static void ensure_all_files (PolkitBackendActionPool *pool); static const gchar *_localize (GHashTable *translations, const gchar *untranslated, + const gchar *domain, const gchar *lang); typedef struct @@ -385,9 +392,11 @@ polkit_backend_action_pool_get_action (PolkitBackendActionPool *pool, description = _localize (parsed_action->localized_description, parsed_action->description, + parsed_action->description_domain, locale); message = _localize (parsed_action->localized_message, parsed_action->message, + parsed_action->message_domain, locale); ret = polkit_action_description_new (action_id, @@ -603,11 +612,16 @@ typedef struct { GHashTable *policy_messages; char *policy_description_nolang; + char *policy_description_domain; char *policy_message_nolang; + char *policy_message_domain; /* the value of xml:lang for the thing we're reading in _cdata() */ char *elem_lang; + /* the value of gettext-domain for the thing we're reading in _cdata() */ + char *elem_domain; + char *annotate_key; GHashTable *annotations; @@ -629,8 +643,12 @@ pd_unref_action_data (ParserData *pd) g_free (pd->policy_description_nolang); pd->policy_description_nolang = NULL; + g_free (pd->policy_description_domain); + pd->policy_description_domain = NULL; g_free (pd->policy_message_nolang); pd->policy_message_nolang = NULL; + g_free (pd->policy_message_domain); + pd->policy_message_domain = NULL; if (pd->policy_descriptions != NULL) { g_hash_table_unref (pd->policy_descriptions); @@ -650,6 +668,8 @@ pd_unref_action_data (ParserData *pd) } g_free (pd->elem_lang); pd->elem_lang = NULL; + g_free (pd->elem_domain); + pd->elem_domain = NULL; } static void @@ -737,6 +757,10 @@ _start (void *data, const char *el, const char **attr) { pd->elem_lang = g_strdup (attr[1]); } + if (num_attr == 2 && strcmp (attr[0], "gettext-domain") == 0) + { + pd->elem_domain = g_strdup (attr[1]); + } state = STATE_IN_ACTION_DESCRIPTION; } else if (strcmp (el, "message") == 0) @@ -745,6 +769,10 @@ _start (void *data, const char *el, const char **attr) { pd->elem_lang = g_strdup (attr[1]); } + if (num_attr == 2 && strcmp (attr[0], "gettext-domain") == 0) + { + pd->elem_domain = g_strdup (attr[1]); + } state = STATE_IN_ACTION_MESSAGE; } else if (strcmp (el, "vendor") == 0 && num_attr == 0) @@ -847,6 +875,7 @@ _cdata (void *data, const char *s, int len) { g_free (pd->policy_description_nolang); pd->policy_description_nolang = str; + pd->policy_description_domain = g_strdup (pd->elem_domain); str = NULL; } else @@ -863,6 +892,7 @@ _cdata (void *data, const char *s, int len) { g_free (pd->policy_message_nolang); pd->policy_message_nolang = str; + pd->policy_message_domain = g_strdup (pd->elem_domain); str = NULL; } else @@ -960,6 +990,8 @@ _end (void *data, const char *el) g_free (pd->elem_lang); pd->elem_lang = NULL; + g_free (pd->elem_domain); + pd->elem_domain = NULL; switch (pd->state) { @@ -990,7 +1022,9 @@ _end (void *data, const char *el) action->vendor_url = g_strdup (vendor_url); action->icon_name = g_strdup (icon_name); action->description = g_strdup (pd->policy_description_nolang); + action->description_domain = g_strdup (pd->policy_description_domain); action->message = g_strdup (pd->policy_message_nolang); + action->message_domain = g_strdup (pd->policy_message_domain); action->localized_description = pd->policy_descriptions; action->localized_message = pd->policy_messages; @@ -1093,6 +1127,7 @@ error: * _localize: * @translations: a mapping from xml:lang to the value, e.g. 'da' -> 'Smadre', 'en_CA' -> 'Punch, Aye!' * @untranslated: the untranslated value, e.g. 'Punch' + * @domain: the gettext domain for this string. Make be NULL. * @lang: the locale we're interested in, e.g. 'da_DK', 'da', 'en_CA', 'en_US'; basically just $LANG * with the encoding cut off. Maybe be NULL. * @@ -1103,11 +1138,25 @@ error: static const gchar * _localize (GHashTable *translations, const gchar *untranslated, + const gchar *domain, const gchar *lang) { const gchar *result; gchar **langs; guint n; + + if (domain != NULL) + { + gchar *old_locale; + + old_locale = g_strdup (setlocale (LC_ALL, NULL)); + setlocale (LC_ALL, lang); + result = dgettext (domain, untranslated); + setlocale (LC_ALL, old_locale); + g_free (old_locale); + + goto out; + } if (lang == NULL) { -- cgit v1.2.3 From dc78dbce244aa2cfbf7872d28a6b09d94cd8efa2 Mon Sep 17 00:00:00 2001 From: Michael Biebl Date: Mon, 7 Jan 2013 23:59:52 +0100 Subject: Explicitly use chdir("/") instead of relying on ~user being set properly Gbp-Pq: Name 08_chdir_root.patch --- src/polkitbackend/polkitd.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/polkitbackend/polkitd.c b/src/polkitbackend/polkitd.c index c3ec32f3..9de1b718 100644 --- a/src/polkitbackend/polkitd.c +++ b/src/polkitbackend/polkitd.c @@ -141,10 +141,10 @@ become_user (const gchar *user, goto out; } - if (chdir (pw->pw_dir) != 0) + if (chdir ("/") != 0) { g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED, - "Error changing to home directory %s: %m", + "Error changing to root directory %s: %m", pw->pw_dir); goto out; } -- cgit v1.2.3 From 917e56094a1a46527b44214b45558603d448d41c Mon Sep 17 00:00:00 2001 From: Michael Biebl Date: Tue, 2 Oct 2007 22:38:04 +0200 Subject: Use Debian's common-* PAM infrastructure, plus pam_env Forwarded: not-needed, Debian-specific Gbp-Pq: Topic debian Gbp-Pq: Name 01_pam_polkit.patch --- data/polkit-1.in | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/data/polkit-1.in b/data/polkit-1.in index 142dadd3..6f8af2a0 100644 --- a/data/polkit-1.in +++ b/data/polkit-1.in @@ -1,6 +1,8 @@ #%PAM-1.0 -auth include @PAM_FILE_INCLUDE_AUTH@ -account include @PAM_FILE_INCLUDE_ACCOUNT@ -password include @PAM_FILE_INCLUDE_PASSWORD@ -session include @PAM_FILE_INCLUDE_SESSION@ +@include common-auth +@include common-account +@include common-password +session required pam_env.so readenv=1 user_readenv=0 +session required pam_env.so readenv=1 envfile=/etc/default/locale user_readenv=0 +@include common-session-noninteractive -- cgit v1.2.3 From 23bc6994b9107cf8d0f79c0877d2a66005a70d04 Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Fri, 20 Jan 2023 09:54:35 +0000 Subject: 50-default.rules: Replace wheel group with sudo group On Red Hat derivatives, every member of group 'wheel' is necessarily privileged. On Debian derivatives, there is no 'wheel' group, and the equivalent is group 'sudo' as documented in the base-passwd package. Based on a 2011 change by Michael Biebl. Co-authored-by: Michael Biebl Forwarded: not-needed, Debian-specific Gbp-Pq: Topic debian Gbp-Pq: Name 50-default.rules-Replace-wheel-group-with-sudo-group.patch --- src/polkitbackend/50-default.rules | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/polkitbackend/50-default.rules b/src/polkitbackend/50-default.rules index f427ae18..1f038fc2 100644 --- a/src/polkitbackend/50-default.rules +++ b/src/polkitbackend/50-default.rules @@ -8,5 +8,5 @@ // about configuring polkit. polkit.addAdminRule(function(action, subject) { - return ["unix-group:wheel"]; + return ["unix-group:sudo"]; }); -- cgit v1.2.3 From 345f349718f23d0e4efa114cd7b680708a2812ec Mon Sep 17 00:00:00 2001 From: Robert Ancell Date: Wed, 18 Aug 2010 16:26:15 +1000 Subject: Use gettext for translations in .policy files Bug: http://bugs.freedesktop.org/show_bug.cgi?id=29639 Bug-Ubuntu: https://launchpad.net/bugs/619632 Gbp-Pq: Name 02_gettext.patch --- src/polkitbackend/polkitbackendactionpool.c | 49 +++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) diff --git a/src/polkitbackend/polkitbackendactionpool.c b/src/polkitbackend/polkitbackendactionpool.c index 3894fe91..955e3ba7 100644 --- a/src/polkitbackend/polkitbackendactionpool.c +++ b/src/polkitbackend/polkitbackendactionpool.c @@ -24,6 +24,8 @@ #include #include #include +#include +#include #include #include @@ -44,7 +46,9 @@ typedef struct gchar *vendor_url; gchar *icon_name; gchar *description; + gchar *description_domain; gchar *message; + gchar *message_domain; PolkitImplicitAuthorization implicit_authorization_any; PolkitImplicitAuthorization implicit_authorization_inactive; @@ -65,7 +69,9 @@ parsed_action_free (ParsedAction *action) g_free (action->vendor_url); g_free (action->icon_name); g_free (action->description); + g_free (action->description_domain); g_free (action->message); + g_free (action->message_domain); g_hash_table_unref (action->localized_description); g_hash_table_unref (action->localized_message); @@ -85,6 +91,7 @@ static void ensure_all_files (PolkitBackendActionPool *pool); static const gchar *_localize (GHashTable *translations, const gchar *untranslated, + const gchar *domain, const gchar *lang); typedef struct @@ -385,9 +392,11 @@ polkit_backend_action_pool_get_action (PolkitBackendActionPool *pool, description = _localize (parsed_action->localized_description, parsed_action->description, + parsed_action->description_domain, locale); message = _localize (parsed_action->localized_message, parsed_action->message, + parsed_action->message_domain, locale); ret = polkit_action_description_new (action_id, @@ -603,11 +612,16 @@ typedef struct { GHashTable *policy_messages; char *policy_description_nolang; + char *policy_description_domain; char *policy_message_nolang; + char *policy_message_domain; /* the value of xml:lang for the thing we're reading in _cdata() */ char *elem_lang; + /* the value of gettext-domain for the thing we're reading in _cdata() */ + char *elem_domain; + char *annotate_key; GHashTable *annotations; @@ -629,8 +643,12 @@ pd_unref_action_data (ParserData *pd) g_free (pd->policy_description_nolang); pd->policy_description_nolang = NULL; + g_free (pd->policy_description_domain); + pd->policy_description_domain = NULL; g_free (pd->policy_message_nolang); pd->policy_message_nolang = NULL; + g_free (pd->policy_message_domain); + pd->policy_message_domain = NULL; if (pd->policy_descriptions != NULL) { g_hash_table_unref (pd->policy_descriptions); @@ -650,6 +668,8 @@ pd_unref_action_data (ParserData *pd) } g_free (pd->elem_lang); pd->elem_lang = NULL; + g_free (pd->elem_domain); + pd->elem_domain = NULL; } static void @@ -737,6 +757,10 @@ _start (void *data, const char *el, const char **attr) { pd->elem_lang = g_strdup (attr[1]); } + if (num_attr == 2 && strcmp (attr[0], "gettext-domain") == 0) + { + pd->elem_domain = g_strdup (attr[1]); + } state = STATE_IN_ACTION_DESCRIPTION; } else if (strcmp (el, "message") == 0) @@ -745,6 +769,10 @@ _start (void *data, const char *el, const char **attr) { pd->elem_lang = g_strdup (attr[1]); } + if (num_attr == 2 && strcmp (attr[0], "gettext-domain") == 0) + { + pd->elem_domain = g_strdup (attr[1]); + } state = STATE_IN_ACTION_MESSAGE; } else if (strcmp (el, "vendor") == 0 && num_attr == 0) @@ -847,6 +875,7 @@ _cdata (void *data, const char *s, int len) { g_free (pd->policy_description_nolang); pd->policy_description_nolang = str; + pd->policy_description_domain = g_strdup (pd->elem_domain); str = NULL; } else @@ -863,6 +892,7 @@ _cdata (void *data, const char *s, int len) { g_free (pd->policy_message_nolang); pd->policy_message_nolang = str; + pd->policy_message_domain = g_strdup (pd->elem_domain); str = NULL; } else @@ -960,6 +990,8 @@ _end (void *data, const char *el) g_free (pd->elem_lang); pd->elem_lang = NULL; + g_free (pd->elem_domain); + pd->elem_domain = NULL; switch (pd->state) { @@ -990,7 +1022,9 @@ _end (void *data, const char *el) action->vendor_url = g_strdup (vendor_url); action->icon_name = g_strdup (icon_name); action->description = g_strdup (pd->policy_description_nolang); + action->description_domain = g_strdup (pd->policy_description_domain); action->message = g_strdup (pd->policy_message_nolang); + action->message_domain = g_strdup (pd->policy_message_domain); action->localized_description = pd->policy_descriptions; action->localized_message = pd->policy_messages; @@ -1093,6 +1127,7 @@ error: * _localize: * @translations: a mapping from xml:lang to the value, e.g. 'da' -> 'Smadre', 'en_CA' -> 'Punch, Aye!' * @untranslated: the untranslated value, e.g. 'Punch' + * @domain: the gettext domain for this string. Make be NULL. * @lang: the locale we're interested in, e.g. 'da_DK', 'da', 'en_CA', 'en_US'; basically just $LANG * with the encoding cut off. Maybe be NULL. * @@ -1103,11 +1138,25 @@ error: static const gchar * _localize (GHashTable *translations, const gchar *untranslated, + const gchar *domain, const gchar *lang) { const gchar *result; gchar **langs; guint n; + + if (domain != NULL) + { + gchar *old_locale; + + old_locale = g_strdup (setlocale (LC_ALL, NULL)); + setlocale (LC_ALL, lang); + result = dgettext (domain, untranslated); + setlocale (LC_ALL, old_locale); + g_free (old_locale); + + goto out; + } if (lang == NULL) { -- cgit v1.2.3 From 3d3433516f9642b759e444c4e0b67fb0511d95e2 Mon Sep 17 00:00:00 2001 From: Michael Biebl Date: Mon, 7 Jan 2013 23:59:52 +0100 Subject: Explicitly use chdir("/") instead of relying on ~user being set properly Gbp-Pq: Name 08_chdir_root.patch --- src/polkitbackend/polkitd.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/polkitbackend/polkitd.c b/src/polkitbackend/polkitd.c index c3ec32f3..9de1b718 100644 --- a/src/polkitbackend/polkitd.c +++ b/src/polkitbackend/polkitd.c @@ -141,10 +141,10 @@ become_user (const gchar *user, goto out; } - if (chdir (pw->pw_dir) != 0) + if (chdir ("/") != 0) { g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED, - "Error changing to home directory %s: %m", + "Error changing to root directory %s: %m", pw->pw_dir); goto out; } -- cgit v1.2.3 From 26ebcc3cbfa54ea30062f675b6407646facf1f24 Mon Sep 17 00:00:00 2001 From: Michael Biebl Date: Tue, 2 Oct 2007 22:38:04 +0200 Subject: Use Debian's common-* PAM infrastructure, plus pam_env Forwarded: not-needed, Debian-specific Gbp-Pq: Topic debian Gbp-Pq: Name 01_pam_polkit.patch --- data/polkit-1.in | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/data/polkit-1.in b/data/polkit-1.in index 142dadd3..6f8af2a0 100644 --- a/data/polkit-1.in +++ b/data/polkit-1.in @@ -1,6 +1,8 @@ #%PAM-1.0 -auth include @PAM_FILE_INCLUDE_AUTH@ -account include @PAM_FILE_INCLUDE_ACCOUNT@ -password include @PAM_FILE_INCLUDE_PASSWORD@ -session include @PAM_FILE_INCLUDE_SESSION@ +@include common-auth +@include common-account +@include common-password +session required pam_env.so readenv=1 user_readenv=0 +session required pam_env.so readenv=1 envfile=/etc/default/locale user_readenv=0 +@include common-session-noninteractive -- cgit v1.2.3 From 6bb8a96e60d46ebdf88460d7955478cc6cb8a247 Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Fri, 20 Jan 2023 09:54:35 +0000 Subject: 50-default.rules: Replace wheel group with sudo group On Red Hat derivatives, every member of group 'wheel' is necessarily privileged. On Debian derivatives, there is no 'wheel' group, and the equivalent is group 'sudo' as documented in the base-passwd package. Based on a 2011 change by Michael Biebl. Co-authored-by: Michael Biebl Forwarded: not-needed, Debian-specific Gbp-Pq: Topic debian Gbp-Pq: Name 50-default.rules-Replace-wheel-group-with-sudo-group.patch --- src/polkitbackend/50-default.rules | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/polkitbackend/50-default.rules b/src/polkitbackend/50-default.rules index f427ae18..1f038fc2 100644 --- a/src/polkitbackend/50-default.rules +++ b/src/polkitbackend/50-default.rules @@ -8,5 +8,5 @@ // about configuring polkit. polkit.addAdminRule(function(action, subject) { - return ["unix-group:wheel"]; + return ["unix-group:sudo"]; }); -- cgit v1.2.3 From b368c7d2460795aec980c0601ca7ea9c5b63b478 Mon Sep 17 00:00:00 2001 From: Robert Ancell Date: Wed, 18 Aug 2010 16:26:15 +1000 Subject: Use gettext for translations in .policy files Bug: http://bugs.freedesktop.org/show_bug.cgi?id=29639 Bug-Ubuntu: https://launchpad.net/bugs/619632 Gbp-Pq: Name 02_gettext.patch --- src/polkitbackend/polkitbackendactionpool.c | 49 +++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) diff --git a/src/polkitbackend/polkitbackendactionpool.c b/src/polkitbackend/polkitbackendactionpool.c index 3894fe91..955e3ba7 100644 --- a/src/polkitbackend/polkitbackendactionpool.c +++ b/src/polkitbackend/polkitbackendactionpool.c @@ -24,6 +24,8 @@ #include #include #include +#include +#include #include #include @@ -44,7 +46,9 @@ typedef struct gchar *vendor_url; gchar *icon_name; gchar *description; + gchar *description_domain; gchar *message; + gchar *message_domain; PolkitImplicitAuthorization implicit_authorization_any; PolkitImplicitAuthorization implicit_authorization_inactive; @@ -65,7 +69,9 @@ parsed_action_free (ParsedAction *action) g_free (action->vendor_url); g_free (action->icon_name); g_free (action->description); + g_free (action->description_domain); g_free (action->message); + g_free (action->message_domain); g_hash_table_unref (action->localized_description); g_hash_table_unref (action->localized_message); @@ -85,6 +91,7 @@ static void ensure_all_files (PolkitBackendActionPool *pool); static const gchar *_localize (GHashTable *translations, const gchar *untranslated, + const gchar *domain, const gchar *lang); typedef struct @@ -385,9 +392,11 @@ polkit_backend_action_pool_get_action (PolkitBackendActionPool *pool, description = _localize (parsed_action->localized_description, parsed_action->description, + parsed_action->description_domain, locale); message = _localize (parsed_action->localized_message, parsed_action->message, + parsed_action->message_domain, locale); ret = polkit_action_description_new (action_id, @@ -603,11 +612,16 @@ typedef struct { GHashTable *policy_messages; char *policy_description_nolang; + char *policy_description_domain; char *policy_message_nolang; + char *policy_message_domain; /* the value of xml:lang for the thing we're reading in _cdata() */ char *elem_lang; + /* the value of gettext-domain for the thing we're reading in _cdata() */ + char *elem_domain; + char *annotate_key; GHashTable *annotations; @@ -629,8 +643,12 @@ pd_unref_action_data (ParserData *pd) g_free (pd->policy_description_nolang); pd->policy_description_nolang = NULL; + g_free (pd->policy_description_domain); + pd->policy_description_domain = NULL; g_free (pd->policy_message_nolang); pd->policy_message_nolang = NULL; + g_free (pd->policy_message_domain); + pd->policy_message_domain = NULL; if (pd->policy_descriptions != NULL) { g_hash_table_unref (pd->policy_descriptions); @@ -650,6 +668,8 @@ pd_unref_action_data (ParserData *pd) } g_free (pd->elem_lang); pd->elem_lang = NULL; + g_free (pd->elem_domain); + pd->elem_domain = NULL; } static void @@ -737,6 +757,10 @@ _start (void *data, const char *el, const char **attr) { pd->elem_lang = g_strdup (attr[1]); } + if (num_attr == 2 && strcmp (attr[0], "gettext-domain") == 0) + { + pd->elem_domain = g_strdup (attr[1]); + } state = STATE_IN_ACTION_DESCRIPTION; } else if (strcmp (el, "message") == 0) @@ -745,6 +769,10 @@ _start (void *data, const char *el, const char **attr) { pd->elem_lang = g_strdup (attr[1]); } + if (num_attr == 2 && strcmp (attr[0], "gettext-domain") == 0) + { + pd->elem_domain = g_strdup (attr[1]); + } state = STATE_IN_ACTION_MESSAGE; } else if (strcmp (el, "vendor") == 0 && num_attr == 0) @@ -847,6 +875,7 @@ _cdata (void *data, const char *s, int len) { g_free (pd->policy_description_nolang); pd->policy_description_nolang = str; + pd->policy_description_domain = g_strdup (pd->elem_domain); str = NULL; } else @@ -863,6 +892,7 @@ _cdata (void *data, const char *s, int len) { g_free (pd->policy_message_nolang); pd->policy_message_nolang = str; + pd->policy_message_domain = g_strdup (pd->elem_domain); str = NULL; } else @@ -960,6 +990,8 @@ _end (void *data, const char *el) g_free (pd->elem_lang); pd->elem_lang = NULL; + g_free (pd->elem_domain); + pd->elem_domain = NULL; switch (pd->state) { @@ -990,7 +1022,9 @@ _end (void *data, const char *el) action->vendor_url = g_strdup (vendor_url); action->icon_name = g_strdup (icon_name); action->description = g_strdup (pd->policy_description_nolang); + action->description_domain = g_strdup (pd->policy_description_domain); action->message = g_strdup (pd->policy_message_nolang); + action->message_domain = g_strdup (pd->policy_message_domain); action->localized_description = pd->policy_descriptions; action->localized_message = pd->policy_messages; @@ -1093,6 +1127,7 @@ error: * _localize: * @translations: a mapping from xml:lang to the value, e.g. 'da' -> 'Smadre', 'en_CA' -> 'Punch, Aye!' * @untranslated: the untranslated value, e.g. 'Punch' + * @domain: the gettext domain for this string. Make be NULL. * @lang: the locale we're interested in, e.g. 'da_DK', 'da', 'en_CA', 'en_US'; basically just $LANG * with the encoding cut off. Maybe be NULL. * @@ -1103,11 +1138,25 @@ error: static const gchar * _localize (GHashTable *translations, const gchar *untranslated, + const gchar *domain, const gchar *lang) { const gchar *result; gchar **langs; guint n; + + if (domain != NULL) + { + gchar *old_locale; + + old_locale = g_strdup (setlocale (LC_ALL, NULL)); + setlocale (LC_ALL, lang); + result = dgettext (domain, untranslated); + setlocale (LC_ALL, old_locale); + g_free (old_locale); + + goto out; + } if (lang == NULL) { -- cgit v1.2.3 From e8663aa9a17cfdc848b54719a4d79ef7117d5b89 Mon Sep 17 00:00:00 2001 From: Michael Biebl Date: Mon, 7 Jan 2013 23:59:52 +0100 Subject: Explicitly use chdir("/") instead of relying on ~user being set properly Gbp-Pq: Name 08_chdir_root.patch --- src/polkitbackend/polkitd.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/polkitbackend/polkitd.c b/src/polkitbackend/polkitd.c index d63aae27..53b1ed10 100644 --- a/src/polkitbackend/polkitd.c +++ b/src/polkitbackend/polkitd.c @@ -149,10 +149,10 @@ become_user (const gchar *user, goto out; } - if (chdir (pw->pw_dir) != 0) + if (chdir ("/") != 0) { g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED, - "Error changing to home directory %s: %m", + "Error changing to root directory %s: %m", pw->pw_dir); goto out; } -- cgit v1.2.3 From ea0ec19b04fde871e9b4da5c0f49ce27b6529994 Mon Sep 17 00:00:00 2001 From: Michael Biebl Date: Tue, 2 Oct 2007 22:38:04 +0200 Subject: Use Debian's common-* PAM infrastructure, plus pam_env Forwarded: not-needed, Debian-specific Gbp-Pq: Topic debian Gbp-Pq: Name 01_pam_polkit.patch --- data/polkit-1.in | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/data/polkit-1.in b/data/polkit-1.in index 142dadd3..6f8af2a0 100644 --- a/data/polkit-1.in +++ b/data/polkit-1.in @@ -1,6 +1,8 @@ #%PAM-1.0 -auth include @PAM_FILE_INCLUDE_AUTH@ -account include @PAM_FILE_INCLUDE_ACCOUNT@ -password include @PAM_FILE_INCLUDE_PASSWORD@ -session include @PAM_FILE_INCLUDE_SESSION@ +@include common-auth +@include common-account +@include common-password +session required pam_env.so readenv=1 user_readenv=0 +session required pam_env.so readenv=1 envfile=/etc/default/locale user_readenv=0 +@include common-session-noninteractive -- cgit v1.2.3 From 2a307e753e96e98962000c059bd68e152a05812c Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Fri, 20 Jan 2023 09:54:35 +0000 Subject: 50-default.rules: Replace wheel group with sudo group On Red Hat derivatives, every member of group 'wheel' is necessarily privileged. On Debian derivatives, there is no 'wheel' group, and the equivalent is group 'sudo' as documented in the base-passwd package. Based on a 2011 change by Michael Biebl. Co-authored-by: Michael Biebl Forwarded: not-needed, Debian-specific Gbp-Pq: Topic debian Gbp-Pq: Name 50-default.rules-Replace-wheel-group-with-sudo-group.patch --- src/polkitbackend/50-default.rules | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/polkitbackend/50-default.rules b/src/polkitbackend/50-default.rules index f427ae18..1f038fc2 100644 --- a/src/polkitbackend/50-default.rules +++ b/src/polkitbackend/50-default.rules @@ -8,5 +8,5 @@ // about configuring polkit. polkit.addAdminRule(function(action, subject) { - return ["unix-group:wheel"]; + return ["unix-group:sudo"]; }); -- cgit v1.2.3 From 2c17c37b6424d7ed4f5c7794db84ccfd0642a1aa Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Wed, 2 Aug 2023 11:41:24 +0100 Subject: Don't use PrivateNetwork=yes for the systemd unit This causes systemd to fail to start the service inside an lxc container, which is an important use-case for Debian because our automated test infrastructure currently relies on lxc. Bug-Debian: https://bugs.debian.org/1042880 Gbp-Pq: Topic debian Gbp-Pq: Name Don-t-use-PrivateNetwork-yes-for-the-systemd-unit.patch --- data/polkit.service.in | 1 - 1 file changed, 1 deletion(-) diff --git a/data/polkit.service.in b/data/polkit.service.in index 2113ff7b..dbd1ef75 100644 --- a/data/polkit.service.in +++ b/data/polkit.service.in @@ -17,7 +17,6 @@ LockPersonality=yes MemoryDenyWriteExecute=yes NoNewPrivileges=yes PrivateDevices=yes -PrivateNetwork=yes PrivateTmp=yes ProtectControlGroups=yes ProtectHome=yes -- cgit v1.2.3 From 070139eaeedece04e5850393c4b2c740bf208382 Mon Sep 17 00:00:00 2001 From: Robert Ancell Date: Wed, 18 Aug 2010 16:26:15 +1000 Subject: Use gettext for translations in .policy files Bug: http://bugs.freedesktop.org/show_bug.cgi?id=29639 Bug-Ubuntu: https://launchpad.net/bugs/619632 Gbp-Pq: Name 02_gettext.patch --- src/polkitbackend/polkitbackendactionpool.c | 49 +++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) diff --git a/src/polkitbackend/polkitbackendactionpool.c b/src/polkitbackend/polkitbackendactionpool.c index 3894fe91..955e3ba7 100644 --- a/src/polkitbackend/polkitbackendactionpool.c +++ b/src/polkitbackend/polkitbackendactionpool.c @@ -24,6 +24,8 @@ #include #include #include +#include +#include #include #include @@ -44,7 +46,9 @@ typedef struct gchar *vendor_url; gchar *icon_name; gchar *description; + gchar *description_domain; gchar *message; + gchar *message_domain; PolkitImplicitAuthorization implicit_authorization_any; PolkitImplicitAuthorization implicit_authorization_inactive; @@ -65,7 +69,9 @@ parsed_action_free (ParsedAction *action) g_free (action->vendor_url); g_free (action->icon_name); g_free (action->description); + g_free (action->description_domain); g_free (action->message); + g_free (action->message_domain); g_hash_table_unref (action->localized_description); g_hash_table_unref (action->localized_message); @@ -85,6 +91,7 @@ static void ensure_all_files (PolkitBackendActionPool *pool); static const gchar *_localize (GHashTable *translations, const gchar *untranslated, + const gchar *domain, const gchar *lang); typedef struct @@ -385,9 +392,11 @@ polkit_backend_action_pool_get_action (PolkitBackendActionPool *pool, description = _localize (parsed_action->localized_description, parsed_action->description, + parsed_action->description_domain, locale); message = _localize (parsed_action->localized_message, parsed_action->message, + parsed_action->message_domain, locale); ret = polkit_action_description_new (action_id, @@ -603,11 +612,16 @@ typedef struct { GHashTable *policy_messages; char *policy_description_nolang; + char *policy_description_domain; char *policy_message_nolang; + char *policy_message_domain; /* the value of xml:lang for the thing we're reading in _cdata() */ char *elem_lang; + /* the value of gettext-domain for the thing we're reading in _cdata() */ + char *elem_domain; + char *annotate_key; GHashTable *annotations; @@ -629,8 +643,12 @@ pd_unref_action_data (ParserData *pd) g_free (pd->policy_description_nolang); pd->policy_description_nolang = NULL; + g_free (pd->policy_description_domain); + pd->policy_description_domain = NULL; g_free (pd->policy_message_nolang); pd->policy_message_nolang = NULL; + g_free (pd->policy_message_domain); + pd->policy_message_domain = NULL; if (pd->policy_descriptions != NULL) { g_hash_table_unref (pd->policy_descriptions); @@ -650,6 +668,8 @@ pd_unref_action_data (ParserData *pd) } g_free (pd->elem_lang); pd->elem_lang = NULL; + g_free (pd->elem_domain); + pd->elem_domain = NULL; } static void @@ -737,6 +757,10 @@ _start (void *data, const char *el, const char **attr) { pd->elem_lang = g_strdup (attr[1]); } + if (num_attr == 2 && strcmp (attr[0], "gettext-domain") == 0) + { + pd->elem_domain = g_strdup (attr[1]); + } state = STATE_IN_ACTION_DESCRIPTION; } else if (strcmp (el, "message") == 0) @@ -745,6 +769,10 @@ _start (void *data, const char *el, const char **attr) { pd->elem_lang = g_strdup (attr[1]); } + if (num_attr == 2 && strcmp (attr[0], "gettext-domain") == 0) + { + pd->elem_domain = g_strdup (attr[1]); + } state = STATE_IN_ACTION_MESSAGE; } else if (strcmp (el, "vendor") == 0 && num_attr == 0) @@ -847,6 +875,7 @@ _cdata (void *data, const char *s, int len) { g_free (pd->policy_description_nolang); pd->policy_description_nolang = str; + pd->policy_description_domain = g_strdup (pd->elem_domain); str = NULL; } else @@ -863,6 +892,7 @@ _cdata (void *data, const char *s, int len) { g_free (pd->policy_message_nolang); pd->policy_message_nolang = str; + pd->policy_message_domain = g_strdup (pd->elem_domain); str = NULL; } else @@ -960,6 +990,8 @@ _end (void *data, const char *el) g_free (pd->elem_lang); pd->elem_lang = NULL; + g_free (pd->elem_domain); + pd->elem_domain = NULL; switch (pd->state) { @@ -990,7 +1022,9 @@ _end (void *data, const char *el) action->vendor_url = g_strdup (vendor_url); action->icon_name = g_strdup (icon_name); action->description = g_strdup (pd->policy_description_nolang); + action->description_domain = g_strdup (pd->policy_description_domain); action->message = g_strdup (pd->policy_message_nolang); + action->message_domain = g_strdup (pd->policy_message_domain); action->localized_description = pd->policy_descriptions; action->localized_message = pd->policy_messages; @@ -1093,6 +1127,7 @@ error: * _localize: * @translations: a mapping from xml:lang to the value, e.g. 'da' -> 'Smadre', 'en_CA' -> 'Punch, Aye!' * @untranslated: the untranslated value, e.g. 'Punch' + * @domain: the gettext domain for this string. Make be NULL. * @lang: the locale we're interested in, e.g. 'da_DK', 'da', 'en_CA', 'en_US'; basically just $LANG * with the encoding cut off. Maybe be NULL. * @@ -1103,11 +1138,25 @@ error: static const gchar * _localize (GHashTable *translations, const gchar *untranslated, + const gchar *domain, const gchar *lang) { const gchar *result; gchar **langs; guint n; + + if (domain != NULL) + { + gchar *old_locale; + + old_locale = g_strdup (setlocale (LC_ALL, NULL)); + setlocale (LC_ALL, lang); + result = dgettext (domain, untranslated); + setlocale (LC_ALL, old_locale); + g_free (old_locale); + + goto out; + } if (lang == NULL) { -- cgit v1.2.3 From 86fa13c7343419789a8d21e343a0ce377d0bbadd Mon Sep 17 00:00:00 2001 From: Michael Biebl Date: Mon, 7 Jan 2013 23:59:52 +0100 Subject: Explicitly use chdir("/") instead of relying on ~user being set properly Gbp-Pq: Name 08_chdir_root.patch --- src/polkitbackend/polkitd.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/polkitbackend/polkitd.c b/src/polkitbackend/polkitd.c index d63aae27..53b1ed10 100644 --- a/src/polkitbackend/polkitd.c +++ b/src/polkitbackend/polkitd.c @@ -149,10 +149,10 @@ become_user (const gchar *user, goto out; } - if (chdir (pw->pw_dir) != 0) + if (chdir ("/") != 0) { g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED, - "Error changing to home directory %s: %m", + "Error changing to root directory %s: %m", pw->pw_dir); goto out; } -- cgit v1.2.3 From 3d53f30809ca2fa927c21544f5a26358a8557e86 Mon Sep 17 00:00:00 2001 From: Michael Biebl Date: Tue, 2 Oct 2007 22:38:04 +0200 Subject: Use Debian's common-* PAM infrastructure, plus pam_env Forwarded: not-needed, Debian-specific Gbp-Pq: Topic debian Gbp-Pq: Name 01_pam_polkit.patch --- data/polkit-1.in | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/data/polkit-1.in b/data/polkit-1.in index 142dadd3..6f8af2a0 100644 --- a/data/polkit-1.in +++ b/data/polkit-1.in @@ -1,6 +1,8 @@ #%PAM-1.0 -auth include @PAM_FILE_INCLUDE_AUTH@ -account include @PAM_FILE_INCLUDE_ACCOUNT@ -password include @PAM_FILE_INCLUDE_PASSWORD@ -session include @PAM_FILE_INCLUDE_SESSION@ +@include common-auth +@include common-account +@include common-password +session required pam_env.so readenv=1 user_readenv=0 +session required pam_env.so readenv=1 envfile=/etc/default/locale user_readenv=0 +@include common-session-noninteractive -- cgit v1.2.3 From 8e360bd34a8de1e1e9322c6d7503135df13c717c Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Fri, 20 Jan 2023 09:54:35 +0000 Subject: 50-default.rules: Replace wheel group with sudo group On Red Hat derivatives, every member of group 'wheel' is necessarily privileged. On Debian derivatives, there is no 'wheel' group, and the equivalent is group 'sudo' as documented in the base-passwd package. Based on a 2011 change by Michael Biebl. Co-authored-by: Michael Biebl Forwarded: not-needed, Debian-specific Gbp-Pq: Topic debian Gbp-Pq: Name 50-default.rules-Replace-wheel-group-with-sudo-group.patch --- src/polkitbackend/50-default.rules | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/polkitbackend/50-default.rules b/src/polkitbackend/50-default.rules index f427ae18..1f038fc2 100644 --- a/src/polkitbackend/50-default.rules +++ b/src/polkitbackend/50-default.rules @@ -8,5 +8,5 @@ // about configuring polkit. polkit.addAdminRule(function(action, subject) { - return ["unix-group:wheel"]; + return ["unix-group:sudo"]; }); -- cgit v1.2.3 From f1fdcf4198c6daf6c7d95bcc4674c92c49ad9fcd Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Wed, 2 Aug 2023 11:41:24 +0100 Subject: Don't use PrivateNetwork=yes for the systemd unit This causes systemd to fail to start the service inside an lxc container, which is an important use-case for Debian because our automated test infrastructure currently relies on lxc. Bug-Debian: https://bugs.debian.org/1042880 Gbp-Pq: Topic debian Gbp-Pq: Name Don-t-use-PrivateNetwork-yes-for-the-systemd-unit.patch --- data/polkit.service.in | 1 - 1 file changed, 1 deletion(-) diff --git a/data/polkit.service.in b/data/polkit.service.in index 2113ff7b..dbd1ef75 100644 --- a/data/polkit.service.in +++ b/data/polkit.service.in @@ -17,7 +17,6 @@ LockPersonality=yes MemoryDenyWriteExecute=yes NoNewPrivileges=yes PrivateDevices=yes -PrivateNetwork=yes PrivateTmp=yes ProtectControlGroups=yes ProtectHome=yes -- cgit v1.2.3