diff options
author | jmmv <jmmv@pkgsrc.org> | 2006-08-27 16:10:21 +0000 |
---|---|---|
committer | jmmv <jmmv@pkgsrc.org> | 2006-08-27 16:10:21 +0000 |
commit | 9daaf507089060674f187be8462fa12e3e79693c (patch) | |
tree | 0865bdecb579ba4fd7a2f5ec1e81ff24a04ed01f | |
parent | 658f4a8417df8afeeddf4ee188f5097da3db0213 (diff) | |
download | pkgsrc-9daaf507089060674f187be8462fa12e3e79693c.tar.gz |
Implement support for LOCAL_CREDS socket credentials. Bump PKGREVISION to 2.
This fixes gnome-keyring under NetBSD which, AFAICT, didn't work at all.
There are still some problems remaining in gnome-keyring-manager, but I
think these are not related to this issue.
-rw-r--r-- | security/gnome-keyring/Makefile | 4 | ||||
-rw-r--r-- | security/gnome-keyring/distinfo | 4 | ||||
-rw-r--r-- | security/gnome-keyring/patches/patch-aa | 141 | ||||
-rw-r--r-- | security/gnome-keyring/patches/patch-ab | 65 |
4 files changed, 211 insertions, 3 deletions
diff --git a/security/gnome-keyring/Makefile b/security/gnome-keyring/Makefile index 4042634fa47..65cb4e66073 100644 --- a/security/gnome-keyring/Makefile +++ b/security/gnome-keyring/Makefile @@ -1,8 +1,8 @@ -# $NetBSD: Makefile,v 1.22 2006/04/17 13:46:09 wiz Exp $ +# $NetBSD: Makefile,v 1.23 2006/08/27 16:10:21 jmmv Exp $ # DISTNAME= gnome-keyring-0.4.9 -PKGREVISION= 1 +PKGREVISION= 2 CATEGORIES= security gnome MASTER_SITES= ${MASTER_SITE_GNOME:=sources/gnome-keyring/0.4/} EXTRACT_SUFX= .tar.bz2 diff --git a/security/gnome-keyring/distinfo b/security/gnome-keyring/distinfo index c04ea088d4c..9f1f1489202 100644 --- a/security/gnome-keyring/distinfo +++ b/security/gnome-keyring/distinfo @@ -1,5 +1,7 @@ -$NetBSD: distinfo,v 1.13 2006/03/13 18:27:46 wiz Exp $ +$NetBSD: distinfo,v 1.14 2006/08/27 16:10:21 jmmv Exp $ SHA1 (gnome-keyring-0.4.9.tar.bz2) = 56a9f2b634fd0f1b9bd73bab3824d02a77ad34c3 RMD160 (gnome-keyring-0.4.9.tar.bz2) = 9deca60a67cba29b978974007c59e6963fec900e Size (gnome-keyring-0.4.9.tar.bz2) = 396162 bytes +SHA1 (patch-aa) = f4d1146311e1e2d4519e8e570f99b5650757e0d2 +SHA1 (patch-ab) = 872632fc8b6865018a5b9bdcfc9e6d463d7d0ac3 diff --git a/security/gnome-keyring/patches/patch-aa b/security/gnome-keyring/patches/patch-aa new file mode 100644 index 00000000000..3818d50a78e --- /dev/null +++ b/security/gnome-keyring/patches/patch-aa @@ -0,0 +1,141 @@ +$NetBSD: patch-aa,v 1.1 2006/08/27 16:10:21 jmmv Exp $ + +http://bugzilla.gnome.org/show_bug.cgi?id=353105 + +--- gnome-keyring-daemon-io.c.orig 2005-05-04 09:17:18.000000000 +0200 ++++ gnome-keyring-daemon-io.c +@@ -45,6 +45,7 @@ + #endif + + typedef enum { ++ GNOME_CLIENT_STATE_INIT, + GNOME_CLIENT_STATE_CREDENTIALS, + GNOME_CLIENT_STATE_READ_DISPLAYNAME, + GNOME_CLIENT_STATE_READ_PACKET, +@@ -91,6 +92,38 @@ static void gnome_keyring_client_state_m + + + static gboolean ++init_connection (int fd) ++{ ++ char buf = '\0'; ++ ssize_t len; ++ ++#if defined(LOCAL_CREDS) && !defined(HAVE_CMSGCRED) ++ /* Set the socket to receive credentials on the next message, ++ * which must be the nul-byte credentials message expected by ++ * read_unix_socket_credentials(). ++ * CMSGCRED is preferred over LOCAL_CREDS because it provides ++ * the remote PID. */ ++ { ++ int on = 1; ++ if (setsockopt (fd, 0, LOCAL_CREDS, &on, sizeof (on)) < 0) { ++ g_warning ("Unable to set LOCAL_CREDS socket option\n"); ++ return FALSE; ++ } ++ } ++#endif ++ ++ len = write (fd, &buf, sizeof (buf)); ++ if (len != sizeof (buf)) { ++ g_warning ("Failed to write initialization byte: %s", ++ len == 0 ? "No data written" : strerror (errno)); ++ return FALSE; ++ } ++ ++ return TRUE; ++} ++ ++ ++static gboolean + read_unix_socket_credentials (int fd, + pid_t *pid, + uid_t *uid) +@@ -102,22 +135,14 @@ read_unix_socket_credentials (int fd, + #ifdef HAVE_CMSGCRED + char cmsgmem[CMSG_SPACE (sizeof (struct cmsgcred))]; + struct cmsghdr *cmsg = (struct cmsghdr *) cmsgmem; ++#elif defined(LOCAL_CREDS) ++ char cmsgmem[CMSG_SPACE (sizeof (struct sockcred))]; ++ struct cmsghdr *cmsg = (struct cmsghdr *) cmsgmem; + #endif + + *pid = 0; + *uid = 0; + +-#if defined(LOCAL_CREDS) && defined(HAVE_CMSGCRED) +- /* Set the socket to receive credentials on the next message */ +- { +- int on = 1; +- if (setsockopt (fd, 0, LOCAL_CREDS, &on, sizeof (on)) < 0) { +- g_warning ("Unable to set LOCAL_CREDS socket option\n"); +- return FALSE; +- } +- } +-#endif +- + iov.iov_base = &buf; + iov.iov_len = 1; + +@@ -125,7 +150,7 @@ read_unix_socket_credentials (int fd, + msg.msg_iov = &iov; + msg.msg_iovlen = 1; + +-#ifdef HAVE_CMSGCRED ++#if defined(HAVE_CMSGCRED) || defined(LOCAL_CREDS) + memset (cmsgmem, 0, sizeof (cmsgmem)); + msg.msg_control = cmsgmem; + msg.msg_controllen = sizeof (cmsgmem); +@@ -146,7 +171,7 @@ read_unix_socket_credentials (int fd, + return FALSE; + } + +-#ifdef HAVE_CMSGCRED ++#if defined(HAVE_CMSGCRED) || defined(LOCAL_CREDS) + if (cmsg->cmsg_len < sizeof (cmsgmem) || cmsg->cmsg_type != SCM_CREDS) { + g_warning ("Message from recvmsg() was not SCM_CREDS\n"); + return FALSE; +@@ -174,6 +199,13 @@ read_unix_socket_credentials (int fd, + + *pid = cred->cmcred_pid; + *uid = cred->cmcred_euid; ++#elif defined(LOCAL_CREDS) ++ struct sockcred *cred; ++ ++ cred = (struct sockcred *) CMSG_DATA (cmsg); ++ ++ *pid = -1; ++ *uid = cred->sc_euid; + #else /* !SO_PEERCRED && !HAVE_CMSGCRED */ + g_warning ("Socket credentials not supported on this OS\n"); + return FALSE; +@@ -345,6 +377,12 @@ gnome_keyring_client_state_machine (Gnom + + new_state: + switch (client->state) { ++ case GNOME_CLIENT_STATE_INIT: ++ debug_print (("GNOME_CLIENT_STATE_INIT %p\n", client)); ++ if (init_connection (client->sock)) ++ client->state = GNOME_CLIENT_STATE_CREDENTIALS; ++ break; ++ + case GNOME_CLIENT_STATE_CREDENTIALS: + debug_print (("GNOME_CLIENT_STATE_CREDENTIALS %p\n", client)); + if (!read_unix_socket_credentials (client->sock, &pid, &uid)) { +@@ -536,13 +574,15 @@ gnome_keyring_client_new (int fd) + gnome_keyring_client_hup, client); + g_io_channel_unref (channel); + +- client->state = GNOME_CLIENT_STATE_CREDENTIALS; ++ client->state = GNOME_CLIENT_STATE_INIT; + client->sock = fd; + client->input_channel = channel; + client->input_buffer = g_string_new (NULL); + client->input_pos = 0; + + clients = g_list_prepend (clients, client); ++ ++ gnome_keyring_client_state_machine (client); + } + + diff --git a/security/gnome-keyring/patches/patch-ab b/security/gnome-keyring/patches/patch-ab new file mode 100644 index 00000000000..b1589948cc5 --- /dev/null +++ b/security/gnome-keyring/patches/patch-ab @@ -0,0 +1,65 @@ +$NetBSD: patch-ab,v 1.1 2006/08/27 16:10:21 jmmv Exp $ + +http://bugzilla.gnome.org/show_bug.cgi?id=353105 + +--- gnome-keyring.c.orig 2006-03-03 14:58:58.000000000 +0100 ++++ gnome-keyring.c +@@ -52,6 +52,7 @@ typedef enum { + + typedef enum { + STATE_FAILED, ++ STATE_INITIALIZING, + STATE_WRITING_CREDS, + STATE_WRITING_PACKET, + STATE_READING_REPLY +@@ -248,6 +249,24 @@ write_all (int fd, const char *buf, size + return 0; + } + ++static void ++init_connection (GnomeKeyringOperation *op) ++{ ++ char buf; ++ ssize_t len; ++ ++ len = read (op->socket, &buf, sizeof (buf)); ++ if (len == sizeof (buf)) { ++ if (buf != '\0') ++ g_warning ("Invalid initialization byte: %d\n", buf); ++ else ++ op->state = STATE_WRITING_CREDS; ++ } else ++ g_warning ("Failed to read initialization byte: %s", ++ len == 0 ? "No data available" : strerror (errno)); ++} ++ ++ + static GnomeKeyringResult + write_credentials_byte_sync (int socket) + { +@@ -314,6 +333,9 @@ operation_io (GIOChannel *io_channel, + schedule_op_failed (op, GNOME_KEYRING_RESULT_IO_ERROR); + } + ++ if (op->state == STATE_INITIALIZING && (cond & G_IO_IN)) { ++ init_connection (op); ++ } + if (op->state == STATE_WRITING_CREDS && (cond & G_IO_OUT)) { + write_credentials_byte (op); + } +@@ -420,13 +442,13 @@ start_operation (gpointer callback, Keyr + if (op->socket < 0) { + schedule_op_failed (op, GNOME_KEYRING_RESULT_NO_KEYRING_DAEMON); + } else { +- op->state = STATE_WRITING_CREDS; ++ op->state = STATE_INITIALIZING; + op->send_buffer = g_string_new (NULL); + op->send_pos = 0; + + channel = g_io_channel_unix_new (op->socket); + op->io_watch = g_io_add_watch (channel, +- G_IO_OUT | G_IO_HUP, ++ G_IO_IN | G_IO_OUT | G_IO_HUP, + operation_io, op); + g_io_channel_unref (channel); + } |