Attachment #636908 for bug #721700

Lines 79-85 PKG_CHECK_MODULES(GLIB, [gmodule-2.0 gio-unix-2.0 >= 2.30.0]) Link Here

(-)a/configure.ac (-1 / +1 lines)
79	AC_SUBST(GLIB_CFLAGS)	79	AC_SUBST(GLIB_CFLAGS)
80	AC_SUBST(GLIB_LIBS)	80	AC_SUBST(GLIB_LIBS)
81		81
82	PKG_CHECK_MODULES(LIBJS, [mozjs-60])	82	PKG_CHECK_MODULES(LIBJS, [mozjs-68])
83		83
84	AC_SUBST(LIBJS_CFLAGS)	84	AC_SUBST(LIBJS_CFLAGS)
85	AC_SUBST(LIBJS_CXXFLAGS)	85	AC_SUBST(LIBJS_CXXFLAGS)

Lines 43-49 Link Here

(-)a/src/polkitbackend/polkitbackendjsauthority.cpp (-62 / +75 lines)
43	#include <systemd/sd-login.h>	43	#include <systemd/sd-login.h>
44	#endif /* HAVE_LIBSYSTEMD */	44	#endif /* HAVE_LIBSYSTEMD */
45		45
		46	#include <js/CompilationAndEvaluation.h>
		47	#include <js/ContextOptions.h>
46	#include <js/Initialization.h>	48	#include <js/Initialization.h>
		49	#include <js/Realm.h>
		50	#include <js/SourceText.h>
		51	#include <js/Warnings.h>
47	#include <jsapi.h>	52	#include <jsapi.h>
48		53
49	#include "initjs.h" /* init.js */	54	#include "initjs.h" /* init.js */
Lines 76-82 struct _PolkitBackendJsAuthorityPrivate Link Here
76		81
77	JSContext *cx;	82	JSContext *cx;
78	JS::Heap<JSObject> js_global;	83	JS::Heap<JSObject> js_global;
79	JSAutoCompartment *ac;	84	JSAutoRealm *ac;
80	JS::Heap<JSObject> js_polkit;	85	JS::Heap<JSObject> js_polkit;
81		86
82	GThread *runaway_killer_thread;	87	GThread *runaway_killer_thread;
Lines 298-311 load_scripts (PolkitBackendJsAuthority *authority) Link Here
298	for (l = files; l != NULL; l = l->next)	303	for (l = files; l != NULL; l = l->next)
299	{	304	{
300	const gchar filename = (gchar )l->data;	305	const gchar filename = (gchar )l->data;
301	JS::RootedScript script(authority->priv->cx);	306	GFile *file = g_file_new_for_path (filename);
		307	char *contents;
		308	gsize len;
		309	if (!g_file_load_contents (file, NULL, &contents, &len, NULL, NULL))
		310	{
		311	polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority),
		312	"Error compiling script %s",
		313	filename);
		314	continue;
		315	}
		316	JS::SourceText<mozilla::Utf8Unit> source;
		317	if (!source.init (authority->priv->cx, contents, len,
		318	JS::SourceOwnership::Borrowed))
		319	{
		320	polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority),
		321	"Error compiling script %s",
		322	filename);
		323	g_free (contents);
		324	continue;
		325	}
302	JS::CompileOptions options(authority->priv->cx);	326	JS::CompileOptions options(authority->priv->cx);
303	options.setUTF8(true);	327	JS::RootedScript script(authority->priv->cx,
304	if (!JS::Compile (authority->priv->cx, options, filename, &script))	328	JS::Compile (authority->priv->cx, options, source));
		329	if (!script)
305	{	330	{
306	polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority),	331	polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority),
307	"Error compiling script %s",	332	"Error compiling script %s",
308	filename);	333	filename);
		334	g_free (contents);
309	continue;	335	continue;
310	}	336	}
311		337
Lines 318-328 load_scripts (PolkitBackendJsAuthority *authority) Link Here
318	polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority),	344	polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority),
319	"Error executing script %s",	345	"Error executing script %s",
320	filename);	346	filename);
		347	g_free (contents);
321	continue;	348	continue;
322	}	349	}
323		350
324	//g_print ("Successfully loaded and evaluated script `%s'\n", filename);	351	//g_print ("Successfully loaded and evaluated script `%s'\n", filename);
325		352
		353	g_free (contents);
326	num_scripts++;	354	num_scripts++;
327	}	355	}
328		356
Lines 335-342 load_scripts (PolkitBackendJsAuthority *authority) Link Here
335	static void	363	static void
336	reload_scripts (PolkitBackendJsAuthority *authority)	364	reload_scripts (PolkitBackendJsAuthority *authority)
337	{	365	{
338	JS_BeginRequest (authority->priv->cx);
339
340	JS::AutoValueArray<1> args(authority->priv->cx);	366	JS::AutoValueArray<1> args(authority->priv->cx);
341	JS::RootedValue rval(authority->priv->cx);	367	JS::RootedValue rval(authority->priv->cx);
342		368
Lines 351-357 reload_scripts (PolkitBackendJsAuthority *authority) Link Here
351	{	377	{
352	polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority),	378	polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority),
353	"Error deleting old rules, not loading new ones");	379	"Error deleting old rules, not loading new ones");
354	goto out;	380	return;
355	}	381	}
356		382
357	polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority),	383	polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority),
Lines 362-369 reload_scripts (PolkitBackendJsAuthority *authority) Link Here
362		388
363	/* Let applications know we have new rules... */	389	/* Let applications know we have new rules... */
364	g_signal_emit_by_name (authority, "changed");	390	g_signal_emit_by_name (authority, "changed");
365	out:
366	JS_EndRequest (authority->priv->cx);
367	}	391	}
368		392
369	static void	393	static void
Lines 462-472 polkit_backend_js_authority_constructed (GObject *object) Link Here
462	JS::SetWarningReporter(authority->priv->cx, report_error);	486	JS::SetWarningReporter(authority->priv->cx, report_error);
463	JS_SetContextPrivate (authority->priv->cx, authority);	487	JS_SetContextPrivate (authority->priv->cx, authority);
464		488
465	JS_BeginRequest(authority->priv->cx);
466	entered_request = TRUE;	489	entered_request = TRUE;
467		490
468	{	491	{
469	JS::CompartmentOptions compart_opts;	492	JS::RealmOptions compart_opts;
470		493
471	JS::RootedObject global(authority->priv->cx);	494	JS::RootedObject global(authority->priv->cx);
472		495
Lines 476-487 polkit_backend_js_authority_constructed (GObject *object) Link Here
476	if (!global)	499	if (!global)
477	goto fail;	500	goto fail;
478		501
479	authority->priv->ac = new JSAutoCompartment(authority->priv->cx, global);	502	authority->priv->ac = new JSAutoRealm(authority->priv->cx, global);
480		503
481	if (!authority->priv->ac)	504	if (!authority->priv->ac)
482	goto fail;	505	goto fail;
483		506
484	if (!JS_InitStandardClasses (authority->priv->cx, global))	507	if (!JS::InitRealmStandardClasses (authority->priv->cx))
485	goto fail;	508	goto fail;
486		509
487	JS::RootedObject polkit(authority->priv->cx);	510	JS::RootedObject polkit(authority->priv->cx);
Lines 503-515 polkit_backend_js_authority_constructed (GObject *object) Link Here
503		526
504	JS::CompileOptions options(authority->priv->cx);	527	JS::CompileOptions options(authority->priv->cx);
505	JS::RootedValue rval(authority->priv->cx);	528	JS::RootedValue rval(authority->priv->cx);
506	if (!JS::Evaluate (authority->priv->cx,	529	JS::SourceText<mozilla::Utf8Unit> source;
507	options,	530	if (!source.init (authority->priv->cx, init_js, strlen (init_js),
508	init_js, strlen (init_js), /* init.js */	531	JS::SourceOwnership::Borrowed))
509	&rval)) /* rval */	532	goto fail;
510	{	533
511	goto fail;	534	if (!JS::Evaluate (authority->priv->cx, options, source, &rval))
512	}	535	goto fail;
513		536
514	if (authority->priv->rules_dirs == NULL)	537	if (authority->priv->rules_dirs == NULL)
515	{	538	{
Lines 529-535 polkit_backend_js_authority_constructed (GObject *object) Link Here
529	setup_file_monitors (authority);	552	setup_file_monitors (authority);
530	load_scripts (authority);	553	load_scripts (authority);
531	}	554	}
532	JS_EndRequest (authority->priv->cx);
533	entered_request = FALSE;	555	entered_request = FALSE;
534		556
535	G_OBJECT_CLASS (polkit_backend_js_authority_parent_class)->constructed (object);	557	G_OBJECT_CLASS (polkit_backend_js_authority_parent_class)->constructed (object);
Lines 537-544 polkit_backend_js_authority_constructed (GObject *object) Link Here
537	return;	559	return;
538		560
539	fail:	561	fail:
540	if (entered_request)
541	JS_EndRequest (authority->priv->cx);
542	g_critical ("Error initializing JavaScript environment");	562	g_critical ("Error initializing JavaScript environment");
543	g_assert_not_reached ();	563	g_assert_not_reached ();
544	}	564	}
Lines 680-686 set_property_strv (PolkitBackendJsAuthority *authority, Link Here
680	GPtrArray *value)	700	GPtrArray *value)
681	{	701	{
682	JS::RootedValue value_jsval(authority->priv->cx);	702	JS::RootedValue value_jsval(authority->priv->cx);
683	JS::AutoValueVector elems(authority->priv->cx);	703	JS::RootedValueVector elems(authority->priv->cx);
684	guint n;	704	guint n;
685		705
686	if (!elems.resize(value->len))	706	if (!elems.resize(value->len))
Lines 755-764 subject_to_jsval (PolkitBackendJsAuthority *authority, Link Here
755	JS::RootedObject global(authority->priv->cx, authority->priv->js_global->get ());	775	JS::RootedObject global(authority->priv->cx, authority->priv->js_global->get ());
756		776
757	src = "new Subject();";	777	src = "new Subject();";
758	if (!JS::Evaluate (authority->priv->cx,	778	JS::SourceText<mozilla::Utf8Unit> source;
759	options,	779	if (!source.init (authority->priv->cx, src, strlen (src),
760	src, strlen (src),	780	JS::SourceOwnership::Borrowed))
761	out_jsval))	781	{
		782	g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED, "Evaluating '%s' failed", src);
		783	goto out;
		784	}
		785
		786	if (!JS::Evaluate (authority->priv->cx, options, source, out_jsval))
762	{	787	{
763	g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED, "Evaluating '%s' failed", src);	788	g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED, "Evaluating '%s' failed", src);
764	goto out;	789	goto out;
Lines 877-887 action_and_details_to_jsval (PolkitBackendJsAuthority *authority, Link Here
877	JS::RootedObject global(authority->priv->cx, authority->priv->js_global->get ());	902	JS::RootedObject global(authority->priv->cx, authority->priv->js_global->get ());
878		903
879	src = "new Action();";	904	src = "new Action();";
		905	JS::SourceText<mozilla::Utf8Unit> source;
		906	if (!source.init (authority->priv->cx, src, strlen (src),
		907	JS::SourceOwnership::Borrowed))
		908	{
		909	g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED, "Evaluating '%s' failed", src);
		910	goto out;
		911	}
880		912
881	if (!JS::Evaluate (authority->priv->cx,	913	if (!JS::Evaluate (authority->priv->cx, options, source, out_jsval))
882	options,
883	src, strlen (src),
884	out_jsval))
885	{	914	{
886	g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED, "Evaluating '%s' failed", src);	915	g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED, "Evaluating '%s' failed", src);
887	goto out;	916	goto out;
Lines 1089-1099 polkit_backend_js_authority_get_admin_auth_identities (PolkitBackendInteractiveA Link Here
1089	guint n;	1118	guint n;
1090	GError *error = NULL;	1119	GError *error = NULL;
1091	JS::RootedString ret_jsstr (authority->priv->cx);	1120	JS::RootedString ret_jsstr (authority->priv->cx);
1092	gchar *ret_str = NULL;	1121	JS::UniqueChars ret_str;
1093	gchar **ret_strs = NULL;	1122	gchar **ret_strs = NULL;
1094		1123
1095	JS_BeginRequest (authority->priv->cx);
1096
1097	if (!action_and_details_to_jsval (authority, action_id, details, args[0], &error))	1124	if (!action_and_details_to_jsval (authority, action_id, details, args[0], &error))
1098	{	1125	{
1099	polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority),	1126	polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority),
Lines 1142-1148 polkit_backend_js_authority_get_admin_auth_identities (PolkitBackendInteractiveA Link Here
1142	goto out;	1169	goto out;
1143	}	1170	}
1144		1171
1145	ret_strs = g_strsplit (ret_str, ",", -1);	1172	ret_strs = g_strsplit (ret_str.get(), ",", -1);
1146	for (n = 0; ret_strs != NULL && ret_strs[n] != NULL; n++)	1173	for (n = 0; ret_strs != NULL && ret_strs[n] != NULL; n++)
1147	{	1174	{
1148	const gchar *identity_str = ret_strs[n];	1175	const gchar *identity_str = ret_strs[n];
Lines 1166-1180 polkit_backend_js_authority_get_admin_auth_identities (PolkitBackendInteractiveA Link Here
1166		1193
1167	out:	1194	out:
1168	g_strfreev (ret_strs);	1195	g_strfreev (ret_strs);
1169	g_free (ret_str);
1170	/* fallback to root password auth */	1196	/* fallback to root password auth */
1171	if (ret == NULL)	1197	if (ret == NULL)
1172	ret = g_list_prepend (ret, polkit_unix_user_new (0));	1198	ret = g_list_prepend (ret, polkit_unix_user_new (0));
1173		1199
1174	JS_MaybeGC (authority->priv->cx);	1200	JS_MaybeGC (authority->priv->cx);
1175		1201
1176	JS_EndRequest (authority->priv->cx);
1177
1178	return ret;	1202	return ret;
1179	}	1203	}
1180		1204
Lines 1197-1207 polkit_backend_js_authority_check_authorization_sync (PolkitBackendInteractiveAu Link Here
1197	JS::RootedValue rval(authority->priv->cx);	1221	JS::RootedValue rval(authority->priv->cx);
1198	GError *error = NULL;	1222	GError *error = NULL;
1199	JS::RootedString ret_jsstr (authority->priv->cx);	1223	JS::RootedString ret_jsstr (authority->priv->cx);
1200	gchar *ret_str = NULL;	1224	JS::UniqueChars ret_str;
1201	gboolean good = FALSE;	1225	gboolean good = FALSE;
1202		1226
1203	JS_BeginRequest (authority->priv->cx);
1204
1205	if (!action_and_details_to_jsval (authority, action_id, details, args[0], &error))	1227	if (!action_and_details_to_jsval (authority, action_id, details, args[0], &error))
1206	{	1228	{
1207	polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority),	1229	polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority),
Lines 1257-1268 polkit_backend_js_authority_check_authorization_sync (PolkitBackendInteractiveAu Link Here
1257	goto out;	1279	goto out;
1258	}	1280	}
1259		1281
1260	g_strstrip (ret_str);	1282	g_strstrip (ret_str.get());
1261	if (!polkit_implicit_authorization_from_string (ret_str, &ret))	1283	if (!polkit_implicit_authorization_from_string (ret_str.get(), &ret))
1262	{	1284	{
1263	polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority),	1285	polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority),
1264	"Returned result `%s' is not valid",	1286	"Returned result `%s' is not valid",
1265	ret_str);	1287	ret_str.get());
1266	goto out;	1288	goto out;
1267	}	1289	}
1268		1290
Lines 1271-1282 polkit_backend_js_authority_check_authorization_sync (PolkitBackendInteractiveAu Link Here
1271	out:	1293	out:
1272	if (!good)	1294	if (!good)
1273	ret = POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED;	1295	ret = POLKIT_IMPLICIT_AUTHORIZATION_NOT_AUTHORIZED;
1274	g_free (ret_str);
1275		1296
1276	JS_MaybeGC (authority->priv->cx);	1297	JS_MaybeGC (authority->priv->cx);
1277		1298
1278	JS_EndRequest (authority->priv->cx);
1279
1280	return ret;	1299	return ret;
1281	}	1300	}
1282		1301
Lines 1289-1303 js_polkit_log (JSContext *cx, Link Here
1289	{	1308	{
1290	PolkitBackendJsAuthority *authority = POLKIT_BACKEND_JS_AUTHORITY (JS_GetContextPrivate (cx));	1309	PolkitBackendJsAuthority *authority = POLKIT_BACKEND_JS_AUTHORITY (JS_GetContextPrivate (cx));
1291	bool ret = false;	1310	bool ret = false;
1292	char *s;	1311	JS::UniqueChars s;
1293		1312
1294	JS::CallArgs args = JS::CallArgsFromVp (argc, vp);	1313	JS::CallArgs args = JS::CallArgsFromVp (argc, vp);
1295		1314
1296	JS::RootedString jsstr (authority->priv->cx);	1315	JS::RootedString jsstr (authority->priv->cx);
1297	jsstr = args[0].toString ();	1316	jsstr = args[0].toString ();
1298	s = JS_EncodeStringToUTF8 (cx, jsstr);	1317	s = JS_EncodeStringToUTF8 (cx, jsstr);
1299	JS_ReportWarningUTF8 (cx, "%s", s);	1318	JS::WarnUTF8 (cx, "%s", s.get());
1300	JS_free (cx, s);
1301		1319
1302	ret = true;	1320	ret = true;
1303		1321
Lines 1400-1406 js_polkit_spawn (JSContext *cx, Link Here
1400	for (n = 0; n < array_len; n++)	1418	for (n = 0; n < array_len; n++)
1401	{	1419	{
1402	JS::RootedValue elem_val(cx);	1420	JS::RootedValue elem_val(cx);
1403	char *s;	1421	JS::UniqueChars s;
1404		1422
1405	if (!JS_GetElement (cx, array_object, n, &elem_val))	1423	if (!JS_GetElement (cx, array_object, n, &elem_val))
1406	{	1424	{
Lines 1415-1422 js_polkit_spawn (JSContext *cx, Link Here
1415	JS::RootedString jsstr (authority->priv->cx);	1433	JS::RootedString jsstr (authority->priv->cx);
1416	jsstr = elem_val.toString();	1434	jsstr = elem_val.toString();
1417	s = JS_EncodeStringToUTF8 (cx, jsstr);	1435	s = JS_EncodeStringToUTF8 (cx, jsstr);
1418	argv[n] = g_strdup (s);	1436	argv[n] = g_strdup (s.get());
1419	JS_free (cx, s);
1420	}	1437	}
1421		1438
1422	context = g_main_context_new ();	1439	context = g_main_context_new ();
Lines 1499-1506 js_polkit_user_is_in_netgroup (JSContext *cx, Link Here
1499	{	1516	{
1500	PolkitBackendJsAuthority *authority = POLKIT_BACKEND_JS_AUTHORITY (JS_GetContextPrivate (cx));	1517	PolkitBackendJsAuthority *authority = POLKIT_BACKEND_JS_AUTHORITY (JS_GetContextPrivate (cx));
1501	bool ret = false;	1518	bool ret = false;
1502	char *user;	1519	JS::UniqueChars user;
1503	char *netgroup;	1520	JS::UniqueChars netgroup;
1504	bool is_in_netgroup = false;	1521	bool is_in_netgroup = false;
1505		1522
1506	JS::CallArgs args = JS::CallArgsFromVp (argc, vp);	1523	JS::CallArgs args = JS::CallArgsFromVp (argc, vp);
Lines 1512-1528 js_polkit_user_is_in_netgroup (JSContext *cx, Link Here
1512	netgstr = args[1].toString();	1529	netgstr = args[1].toString();
1513	netgroup = JS_EncodeStringToUTF8 (cx, netgstr);	1530	netgroup = JS_EncodeStringToUTF8 (cx, netgstr);
1514		1531
1515	if (innetgr (netgroup,	1532	if (innetgr (netgroup.get(),
1516	NULL, /* host */	1533	NULL, /* host */
1517	user,	1534	user.get(),
1518	NULL)) /* domain */	1535	NULL)) /* domain */
1519	{	1536	{
1520	is_in_netgroup = true;	1537	is_in_netgroup = true;
1521	}	1538	}
1522		1539
1523	JS_free (cx, netgroup);
1524	JS_free (cx, user);
1525
1526	ret = true;	1540	ret = true;
1527		1541
1528	args.rval ().setBoolean (is_in_netgroup);	1542	args.rval ().setBoolean (is_in_netgroup);
1529	-

Return to bug 721700