[lfs-patches] r3230 - trunk/polkit

krejzi at higgs.linuxfromscratch.org krejzi at higgs.linuxfromscratch.org
Thu Jun 25 06:28:05 PDT 2015


Author: krejzi
Date: Thu Jun 25 06:28:05 2015
New Revision: 3230

Log:
Polkit fixes.

Added:
   trunk/polkit/polkit-0.112-upstream_fixes-1.patch

Added: trunk/polkit/polkit-0.112-upstream_fixes-1.patch
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ trunk/polkit/polkit-0.112-upstream_fixes-1.patch	Thu Jun 25 06:28:05 2015	(r3230)
@@ -0,0 +1,2652 @@
+Submitted By:            Armin K. <krejzi at email dot com>
+Date:                    2015-06-25
+Initial Package Version: 0.112
+Upstream Status:         Fixed
+Origin:                  Upstream
+Description:             Various commits from the upstream repositories, including
+                         the fixes for memory leaks and multiple CVEs.
+
+--- a/actions/Makefile.in	2015-06-25 15:14:04.776558759 +0200
++++ b/actions/Makefile.in	2015-06-25 15:11:45.747664567 +0200
+@@ -212,6 +212,8 @@
+ LIBJS_LIBS = @LIBJS_LIBS@
+ LIBOBJS = @LIBOBJS@
+ LIBS = @LIBS@
++LIBSYSTEMD_CFLAGS = @LIBSYSTEMD_CFLAGS@
++LIBSYSTEMD_LIBS = @LIBSYSTEMD_LIBS@
+ LIBSYSTEMD_LOGIN_CFLAGS = @LIBSYSTEMD_LOGIN_CFLAGS@
+ LIBSYSTEMD_LOGIN_LIBS = @LIBSYSTEMD_LOGIN_LIBS@
+ LIBTOOL = @LIBTOOL@
+--- a/config.h.in	2015-06-25 15:14:04.777558780 +0200
++++ b/config.h.in	2015-06-25 15:11:45.747664567 +0200
+@@ -27,6 +27,9 @@
+ /* Define to 1 if you have the <expat.h> header file. */
+ #undef HAVE_EXPAT_H
+ 
++/* Define to 1 if you have the `fdatasync' function. */
++#undef HAVE_FDATASYNC
++
+ /* Is this a FreeBSD system? */
+ #undef HAVE_FREEBSD
+ 
+@@ -39,8 +42,8 @@
+ /* Define if your <locale.h> file defines LC_MESSAGES. */
+ #undef HAVE_LC_MESSAGES
+ 
+-/* Define to 1 if libsystemd-login is available */
+-#undef HAVE_LIBSYSTEMD_LOGIN
++/* Define to 1 if libsystemd is available */
++#undef HAVE_LIBSYSTEMD
+ 
+ /* Define to 1 if you have the <locale.h> header file. */
+ #undef HAVE_LOCALE_H
+@@ -60,6 +63,12 @@
+ /* "Have pam_vsyslog" */
+ #undef HAVE_PAM_VSYSLOG
+ 
++/* Define to 1 if you have the `sd_uid_get_display' function. */
++#undef HAVE_SD_UID_GET_DISPLAY
++
++/* Define to 1 if setnetgrent has return value */
++#undef HAVE_SETNETGRENT_RETURN
++
+ /* Is this a Solaris system? */
+ #undef HAVE_SOLARIS
+ 
+--- a/configure	2015-06-25 15:14:04.785558944 +0200
++++ b/configure	2015-06-25 15:11:45.750664630 +0200
+@@ -734,10 +734,14 @@
+ HAVE_SYSTEMD_FALSE
+ HAVE_SYSTEMD_TRUE
+ systemdsystemunitdir
+-HAVE_LIBSYSTEMD_LOGIN_FALSE
+-HAVE_LIBSYSTEMD_LOGIN_TRUE
++HAVE_LIBSYSTEMD_FALSE
++HAVE_LIBSYSTEMD_TRUE
+ LIBSYSTEMD_LOGIN_LIBS
+ LIBSYSTEMD_LOGIN_CFLAGS
++LIBSYSTEMD_LIBS
++LIBSYSTEMD_CFLAGS
++BUILD_TEST_FALSE
++BUILD_TEST_TRUE
+ EXPAT_LIBS
+ LIBJS_LIBS
+ LIBJS_CFLAGS
+@@ -906,6 +910,7 @@
+ enable_gtk_doc_pdf
+ with_mozjs
+ with_expat
++enable_test
+ enable_libsystemd_login
+ with_systemdsystemunitdir
+ with_polkitd_user
+@@ -936,6 +941,8 @@
+ GLIB_LIBS
+ LIBJS_CFLAGS
+ LIBJS_LIBS
++LIBSYSTEMD_CFLAGS
++LIBSYSTEMD_LIBS
+ LIBSYSTEMD_LOGIN_CFLAGS
+ LIBSYSTEMD_LOGIN_LIBS
+ SUID_CFLAGS
+@@ -1578,8 +1585,9 @@
+   --enable-gtk-doc        use gtk-doc to build documentation [[default=no]]
+   --enable-gtk-doc-html   build documentation in html format [[default=yes]]
+   --enable-gtk-doc-pdf    build documentation in pdf format [[default=no]]
++  --disable-test          Do not build tests
+   --enable-libsystemd-login=[auto/yes/no]
+-                          Use libsystemd-login (auto/yes/no)
++                          Use libsystemd (auto/yes/no)
+   --enable-introspection=[no/auto/yes]
+                           Enable introspection for this build
+   --enable-examples       Build the example programs
+@@ -1630,6 +1638,10 @@
+   LIBJS_CFLAGS
+               C compiler flags for LIBJS, overriding pkg-config
+   LIBJS_LIBS  linker flags for LIBJS, overriding pkg-config
++  LIBSYSTEMD_CFLAGS
++              C compiler flags for LIBSYSTEMD, overriding pkg-config
++  LIBSYSTEMD_LIBS
++              linker flags for LIBSYSTEMD, overriding pkg-config
+   LIBSYSTEMD_LOGIN_CFLAGS
+               C compiler flags for LIBSYSTEMD_LOGIN, overriding pkg-config
+   LIBSYSTEMD_LOGIN_LIBS
+@@ -13301,12 +13313,12 @@
+     pkg_cv_GLIB_CFLAGS="$GLIB_CFLAGS"
+  elif test -n "$PKG_CONFIG"; then
+     if test -n "$PKG_CONFIG" && \
+-    { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"gmodule-2.0 gio-2.0 >= 2.30.0\""; } >&5
+-  ($PKG_CONFIG --exists --print-errors "gmodule-2.0 gio-2.0 >= 2.30.0") 2>&5
++    { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"gmodule-2.0 gio-unix-2.0 >= 2.30.0\""; } >&5
++  ($PKG_CONFIG --exists --print-errors "gmodule-2.0 gio-unix-2.0 >= 2.30.0") 2>&5
+   ac_status=$?
+   $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+   test $ac_status = 0; }; then
+-  pkg_cv_GLIB_CFLAGS=`$PKG_CONFIG --cflags "gmodule-2.0 gio-2.0 >= 2.30.0" 2>/dev/null`
++  pkg_cv_GLIB_CFLAGS=`$PKG_CONFIG --cflags "gmodule-2.0 gio-unix-2.0 >= 2.30.0" 2>/dev/null`
+ 		      test "x$?" != "x0" && pkg_failed=yes
+ else
+   pkg_failed=yes
+@@ -13318,12 +13330,12 @@
+     pkg_cv_GLIB_LIBS="$GLIB_LIBS"
+  elif test -n "$PKG_CONFIG"; then
+     if test -n "$PKG_CONFIG" && \
+-    { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"gmodule-2.0 gio-2.0 >= 2.30.0\""; } >&5
+-  ($PKG_CONFIG --exists --print-errors "gmodule-2.0 gio-2.0 >= 2.30.0") 2>&5
++    { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"gmodule-2.0 gio-unix-2.0 >= 2.30.0\""; } >&5
++  ($PKG_CONFIG --exists --print-errors "gmodule-2.0 gio-unix-2.0 >= 2.30.0") 2>&5
+   ac_status=$?
+   $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+   test $ac_status = 0; }; then
+-  pkg_cv_GLIB_LIBS=`$PKG_CONFIG --libs "gmodule-2.0 gio-2.0 >= 2.30.0" 2>/dev/null`
++  pkg_cv_GLIB_LIBS=`$PKG_CONFIG --libs "gmodule-2.0 gio-unix-2.0 >= 2.30.0" 2>/dev/null`
+ 		      test "x$?" != "x0" && pkg_failed=yes
+ else
+   pkg_failed=yes
+@@ -13344,14 +13356,14 @@
+         _pkg_short_errors_supported=no
+ fi
+         if test $_pkg_short_errors_supported = yes; then
+-	        GLIB_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "gmodule-2.0 gio-2.0 >= 2.30.0" 2>&1`
++	        GLIB_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "gmodule-2.0 gio-unix-2.0 >= 2.30.0" 2>&1`
+         else
+-	        GLIB_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "gmodule-2.0 gio-2.0 >= 2.30.0" 2>&1`
++	        GLIB_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "gmodule-2.0 gio-unix-2.0 >= 2.30.0" 2>&1`
+         fi
+ 	# Put the nasty error message in config.log where it belongs
+ 	echo "$GLIB_PKG_ERRORS" >&5
+ 
+-	as_fn_error $? "Package requirements (gmodule-2.0 gio-2.0 >= 2.30.0) were not met:
++	as_fn_error $? "Package requirements (gmodule-2.0 gio-unix-2.0 >= 2.30.0) were not met:
+ 
+ $GLIB_PKG_ERRORS
+ 
+@@ -13718,12 +13730,13 @@
+ 
+ 
+ 
+-for ac_func in clearenv
++for ac_func in clearenv fdatasync
+ do :
+-  ac_fn_c_check_func "$LINENO" "clearenv" "ac_cv_func_clearenv"
+-if test "x$ac_cv_func_clearenv" = xyes; then :
++  as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
++ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
++if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
+   cat >>confdefs.h <<_ACEOF
+-#define HAVE_CLEARENV 1
++#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
+ _ACEOF
+ 
+ fi
+@@ -13734,8 +13747,47 @@
+   LDFLAGS="-Wl,--as-needed $LDFLAGS"
+ fi
+ 
++cat confdefs.h - <<_ACEOF >conftest.$ac_ext
++/* end confdefs.h.  */
++
++	#include <stddef.h>
++	#include <netdb.h>
++
++int
++main ()
++{
++
++	int r = setnetgrent (NULL);
++  ;
++  return 0;
++}
++_ACEOF
++if ac_fn_c_try_compile "$LINENO"; then :
++
++$as_echo "#define HAVE_SETNETGRENT_RETURN 1" >>confdefs.h
++
++fi
++rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
++
++# Check whether --enable-test was given.
++if test "${enable_test+set}" = set; then :
++  enableval=$enable_test; enable_test=$enableval
++else
++  enable_test=yes
++fi
+ 
+-have_libsystemd_login=no
++
++ if test "x$enable_test" = "xyes"; then
++  BUILD_TEST_TRUE=
++  BUILD_TEST_FALSE='#'
++else
++  BUILD_TEST_TRUE='#'
++  BUILD_TEST_FALSE=
++fi
++
++
++
++have_libsystemd=no
+ SESSION_TRACKING=ConsoleKit
+ 
+ # Check whether --enable-libsystemd-login was given.
+@@ -13748,6 +13800,143 @@
+ if test "$enable_libsystemd_login" != "no"; then
+ 
+ pkg_failed=no
++{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for LIBSYSTEMD" >&5
++$as_echo_n "checking for LIBSYSTEMD... " >&6; }
++
++if test -n "$LIBSYSTEMD_CFLAGS"; then
++    pkg_cv_LIBSYSTEMD_CFLAGS="$LIBSYSTEMD_CFLAGS"
++ elif test -n "$PKG_CONFIG"; then
++    if test -n "$PKG_CONFIG" && \
++    { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libsystemd\""; } >&5
++  ($PKG_CONFIG --exists --print-errors "libsystemd") 2>&5
++  ac_status=$?
++  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
++  test $ac_status = 0; }; then
++  pkg_cv_LIBSYSTEMD_CFLAGS=`$PKG_CONFIG --cflags "libsystemd" 2>/dev/null`
++		      test "x$?" != "x0" && pkg_failed=yes
++else
++  pkg_failed=yes
++fi
++ else
++    pkg_failed=untried
++fi
++if test -n "$LIBSYSTEMD_LIBS"; then
++    pkg_cv_LIBSYSTEMD_LIBS="$LIBSYSTEMD_LIBS"
++ elif test -n "$PKG_CONFIG"; then
++    if test -n "$PKG_CONFIG" && \
++    { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libsystemd\""; } >&5
++  ($PKG_CONFIG --exists --print-errors "libsystemd") 2>&5
++  ac_status=$?
++  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
++  test $ac_status = 0; }; then
++  pkg_cv_LIBSYSTEMD_LIBS=`$PKG_CONFIG --libs "libsystemd" 2>/dev/null`
++		      test "x$?" != "x0" && pkg_failed=yes
++else
++  pkg_failed=yes
++fi
++ else
++    pkg_failed=untried
++fi
++
++
++
++if test $pkg_failed = yes; then
++   	{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
++$as_echo "no" >&6; }
++
++if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then
++        _pkg_short_errors_supported=yes
++else
++        _pkg_short_errors_supported=no
++fi
++        if test $_pkg_short_errors_supported = yes; then
++	        LIBSYSTEMD_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "libsystemd" 2>&1`
++        else
++	        LIBSYSTEMD_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "libsystemd" 2>&1`
++        fi
++	# Put the nasty error message in config.log where it belongs
++	echo "$LIBSYSTEMD_PKG_ERRORS" >&5
++
++
++pkg_failed=no
++{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for LIBSYSTEMD_LOGIN" >&5
++$as_echo_n "checking for LIBSYSTEMD_LOGIN... " >&6; }
++
++if test -n "$LIBSYSTEMD_LOGIN_CFLAGS"; then
++    pkg_cv_LIBSYSTEMD_LOGIN_CFLAGS="$LIBSYSTEMD_LOGIN_CFLAGS"
++ elif test -n "$PKG_CONFIG"; then
++    if test -n "$PKG_CONFIG" && \
++    { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libsystemd-login\""; } >&5
++  ($PKG_CONFIG --exists --print-errors "libsystemd-login") 2>&5
++  ac_status=$?
++  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
++  test $ac_status = 0; }; then
++  pkg_cv_LIBSYSTEMD_LOGIN_CFLAGS=`$PKG_CONFIG --cflags "libsystemd-login" 2>/dev/null`
++		      test "x$?" != "x0" && pkg_failed=yes
++else
++  pkg_failed=yes
++fi
++ else
++    pkg_failed=untried
++fi
++if test -n "$LIBSYSTEMD_LOGIN_LIBS"; then
++    pkg_cv_LIBSYSTEMD_LOGIN_LIBS="$LIBSYSTEMD_LOGIN_LIBS"
++ elif test -n "$PKG_CONFIG"; then
++    if test -n "$PKG_CONFIG" && \
++    { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libsystemd-login\""; } >&5
++  ($PKG_CONFIG --exists --print-errors "libsystemd-login") 2>&5
++  ac_status=$?
++  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
++  test $ac_status = 0; }; then
++  pkg_cv_LIBSYSTEMD_LOGIN_LIBS=`$PKG_CONFIG --libs "libsystemd-login" 2>/dev/null`
++		      test "x$?" != "x0" && pkg_failed=yes
++else
++  pkg_failed=yes
++fi
++ else
++    pkg_failed=untried
++fi
++
++
++
++if test $pkg_failed = yes; then
++   	{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
++$as_echo "no" >&6; }
++
++if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then
++        _pkg_short_errors_supported=yes
++else
++        _pkg_short_errors_supported=no
++fi
++        if test $_pkg_short_errors_supported = yes; then
++	        LIBSYSTEMD_LOGIN_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "libsystemd-login" 2>&1`
++        else
++	        LIBSYSTEMD_LOGIN_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "libsystemd-login" 2>&1`
++        fi
++	# Put the nasty error message in config.log where it belongs
++	echo "$LIBSYSTEMD_LOGIN_PKG_ERRORS" >&5
++
++	have_libsystemd=no
++elif test $pkg_failed = untried; then
++     	{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
++$as_echo "no" >&6; }
++	have_libsystemd=no
++else
++	LIBSYSTEMD_LOGIN_CFLAGS=$pkg_cv_LIBSYSTEMD_LOGIN_CFLAGS
++	LIBSYSTEMD_LOGIN_LIBS=$pkg_cv_LIBSYSTEMD_LOGIN_LIBS
++        { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
++$as_echo "yes" >&6; }
++
++        have_libsystemd=yes
++        LIBSYSTEMD_CFLAGS="$LIBSYSTEMD_LOGIN_CFLAGS"
++        LIBSYSTEMD_LIBS="$LIBSYSTEMD_LOGIN_LIBS"
++
++fi
++elif test $pkg_failed = untried; then
++     	{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
++$as_echo "no" >&6; }
++
++pkg_failed=no
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for LIBSYSTEMD_LOGIN" >&5
+ $as_echo_n "checking for LIBSYSTEMD_LOGIN... " >&6; }
+ 
+@@ -13805,44 +13994,69 @@
+ 	# Put the nasty error message in config.log where it belongs
+ 	echo "$LIBSYSTEMD_LOGIN_PKG_ERRORS" >&5
+ 
+-	have_libsystemd_login=no
++	have_libsystemd=no
+ elif test $pkg_failed = untried; then
+      	{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+ $as_echo "no" >&6; }
+-	have_libsystemd_login=no
++	have_libsystemd=no
+ else
+ 	LIBSYSTEMD_LOGIN_CFLAGS=$pkg_cv_LIBSYSTEMD_LOGIN_CFLAGS
+ 	LIBSYSTEMD_LOGIN_LIBS=$pkg_cv_LIBSYSTEMD_LOGIN_LIBS
+         { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+ $as_echo "yes" >&6; }
+-	have_libsystemd_login=yes
++
++        have_libsystemd=yes
++        LIBSYSTEMD_CFLAGS="$LIBSYSTEMD_LOGIN_CFLAGS"
++        LIBSYSTEMD_LIBS="$LIBSYSTEMD_LOGIN_LIBS"
++
++fi
++else
++	LIBSYSTEMD_CFLAGS=$pkg_cv_LIBSYSTEMD_CFLAGS
++	LIBSYSTEMD_LIBS=$pkg_cv_LIBSYSTEMD_LIBS
++        { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
++$as_echo "yes" >&6; }
++	have_libsystemd=yes
+ fi
+-  if test "$have_libsystemd_login" = "yes"; then
++  if test "$have_libsystemd" = "yes"; then
+     SESSION_TRACKING=libsystemd-login
+ 
+-$as_echo "#define HAVE_LIBSYSTEMD_LOGIN 1" >>confdefs.h
++$as_echo "#define HAVE_LIBSYSTEMD 1" >>confdefs.h
+ 
++    save_LIBS=$LIBS
++    LIBS=$LIBSYSTEMD_LIBS
++    for ac_func in sd_uid_get_display
++do :
++  ac_fn_c_check_func "$LINENO" "sd_uid_get_display" "ac_cv_func_sd_uid_get_display"
++if test "x$ac_cv_func_sd_uid_get_display" = xyes; then :
++  cat >>confdefs.h <<_ACEOF
++#define HAVE_SD_UID_GET_DISPLAY 1
++_ACEOF
++
++fi
++done
++
++    LIBS=$save_LIBS
+   else
+     if test "$enable_libsystemd_login" = "yes"; then
+-      as_fn_error $? "libsystemd-login support requested but libsystemd-login library not found" "$LINENO" 5
++      as_fn_error $? "libsystemd support requested but libsystemd or libsystemd-login library not found" "$LINENO" 5
+     fi
+   fi
+ fi
+ 
+ if test "x$cross_compiling" != "xyes" ; then :
+ 
+-  if test "$have_libsystemd_login" = "yes"; then :
++  if test "$have_libsystemd" = "yes"; then :
+ 
+     if test ! -d /sys/fs/cgroup/systemd/ ; then :
+ 
+       if test "$enable_libsystemd_login" = "yes"; then :
+ 
+-        { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: libsystemd-login requested but system does not appear to be using systemd" >&5
+-$as_echo "$as_me: WARNING: libsystemd-login requested but system does not appear to be using systemd" >&2;}
++        { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: libsystemd requested but system does not appear to be using systemd" >&5
++$as_echo "$as_me: WARNING: libsystemd requested but system does not appear to be using systemd" >&2;}
+ 
+ else
+ 
+-        as_fn_error $? "libsystemd-login autoconfigured, but system does not appear to use systemd" "$LINENO" 5
++        as_fn_error $? "libsystemd autoconfigured, but system does not appear to use systemd" "$LINENO" 5
+ 
+ fi
+ 
+@@ -13859,7 +14073,7 @@
+ 
+ else
+ 
+-        as_fn_error $? "ConsoleKit autoconfigured, but systemd is in use (missing libsystemd-login pkg-config?)" "$LINENO" 5
++        as_fn_error $? "ConsoleKit autoconfigured, but systemd is in use (missing libsystemd or libsystemd-login pkg-config?)" "$LINENO" 5
+ 
+ fi
+ 
+@@ -13871,12 +14085,12 @@
+ 
+ 
+ 
+- if test "$have_libsystemd_login" = "yes"; then
+-  HAVE_LIBSYSTEMD_LOGIN_TRUE=
+-  HAVE_LIBSYSTEMD_LOGIN_FALSE='#'
++ if test "$have_libsystemd" = "yes"; then
++  HAVE_LIBSYSTEMD_TRUE=
++  HAVE_LIBSYSTEMD_FALSE='#'
+ else
+-  HAVE_LIBSYSTEMD_LOGIN_TRUE='#'
+-  HAVE_LIBSYSTEMD_LOGIN_FALSE=
++  HAVE_LIBSYSTEMD_TRUE='#'
++  HAVE_LIBSYSTEMD_FALSE=
+ fi
+ 
+ 
+@@ -16141,8 +16355,12 @@
+   as_fn_error $? "conditional \"GTK_DOC_USE_REBASE\" was never defined.
+ Usually this means the macro was only invoked conditionally." "$LINENO" 5
+ fi
+-if test -z "${HAVE_LIBSYSTEMD_LOGIN_TRUE}" && test -z "${HAVE_LIBSYSTEMD_LOGIN_FALSE}"; then
+-  as_fn_error $? "conditional \"HAVE_LIBSYSTEMD_LOGIN\" was never defined.
++if test -z "${BUILD_TEST_TRUE}" && test -z "${BUILD_TEST_FALSE}"; then
++  as_fn_error $? "conditional \"BUILD_TEST\" was never defined.
++Usually this means the macro was only invoked conditionally." "$LINENO" 5
++fi
++if test -z "${HAVE_LIBSYSTEMD_TRUE}" && test -z "${HAVE_LIBSYSTEMD_FALSE}"; then
++  as_fn_error $? "conditional \"HAVE_LIBSYSTEMD\" was never defined.
+ Usually this means the macro was only invoked conditionally." "$LINENO" 5
+ fi
+ if test -z "${HAVE_SYSTEMD_TRUE}" && test -z "${HAVE_SYSTEMD_FALSE}"; then
+--- a/configure.ac	2015-06-25 15:14:04.786558965 +0200
++++ b/configure.ac	2015-06-25 15:11:45.750664630 +0200
+@@ -121,7 +121,7 @@
+   changequote([,])dnl
+ fi
+ 
+-PKG_CHECK_MODULES(GLIB, [gmodule-2.0 gio-2.0 >= 2.30.0])
++PKG_CHECK_MODULES(GLIB, [gmodule-2.0 gio-unix-2.0 >= 2.30.0])
+ AC_SUBST(GLIB_CFLAGS)
+ AC_SUBST(GLIB_LIBS)
+ AC_DEFINE([GLIB_VERSION_MIN_REQUIRED], [GLIB_VERSION_2_30],
+@@ -158,45 +158,76 @@
+ 	     [AC_MSG_ERROR([Can't find expat library. Please install expat.])])
+ AC_SUBST(EXPAT_LIBS)
+ 
+-AC_CHECK_FUNCS(clearenv)
++AC_CHECK_FUNCS(clearenv fdatasync)
+ 
+ if test "x$GCC" = "xyes"; then
+   LDFLAGS="-Wl,--as-needed $LDFLAGS"
+ fi
+ 
+ dnl ---------------------------------------------------------------------------
++dnl - Check whether setnetgrent has a return value
++dnl ---------------------------------------------------------------------------
++AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
++	#include <stddef.h>
++	#include <netdb.h>
++]], [[
++	int r = setnetgrent (NULL);]])],
++[AC_DEFINE([HAVE_SETNETGRENT_RETURN], 1, [Define to 1 if setnetgrent has return value])])
++
++dnl ---------------------------------------------------------------------------
++dnl - Check whether we want to build test
++dnl ---------------------------------------------------------------------------
++AC_ARG_ENABLE([test],
++              [AS_HELP_STRING([--disable-test], [Do not build tests])],
++              [enable_test=$enableval], [enable_test=yes])
++
++AM_CONDITIONAL(BUILD_TEST, [test "x$enable_test" = "xyes"])
++
++dnl ---------------------------------------------------------------------------
+ dnl - Select wether to use libsystemd-login or ConsoleKit for session tracking
+ dnl ---------------------------------------------------------------------------
+ 
+-have_libsystemd_login=no
++have_libsystemd=no
+ SESSION_TRACKING=ConsoleKit
+ 
+ AC_ARG_ENABLE([libsystemd-login],
+-              AS_HELP_STRING([--enable-libsystemd-login[=@<:@auto/yes/no@:>@]], [Use libsystemd-login (auto/yes/no)]),
++              [AS_HELP_STRING([--enable-libsystemd-login[=@<:@auto/yes/no@:>@]], [Use libsystemd (auto/yes/no)])],
+               [enable_libsystemd_login=$enableval],
+               [enable_libsystemd_login=auto])
+ if test "$enable_libsystemd_login" != "no"; then
+-  PKG_CHECK_MODULES(LIBSYSTEMD_LOGIN,
+-                    [libsystemd-login],
+-                    have_libsystemd_login=yes,
+-                    have_libsystemd_login=no)
+-  if test "$have_libsystemd_login" = "yes"; then
++  PKG_CHECK_MODULES([LIBSYSTEMD],
++    [libsystemd],
++    [have_libsystemd=yes],
++    dnl if libsystemd is not available, fall back to the older libsystemd-login
++    [PKG_CHECK_MODULES([LIBSYSTEMD_LOGIN],
++      [libsystemd-login],
++      [
++        have_libsystemd=yes
++        LIBSYSTEMD_CFLAGS="$LIBSYSTEMD_LOGIN_CFLAGS"
++        LIBSYSTEMD_LIBS="$LIBSYSTEMD_LOGIN_LIBS"
++      ],
++      [have_libsystemd=no])])
++  if test "$have_libsystemd" = "yes"; then
+     SESSION_TRACKING=libsystemd-login
+-    AC_DEFINE([HAVE_LIBSYSTEMD_LOGIN], 1, [Define to 1 if libsystemd-login is available])
++    AC_DEFINE([HAVE_LIBSYSTEMD], 1, [Define to 1 if libsystemd is available])
++    save_LIBS=$LIBS
++    LIBS=$LIBSYSTEMD_LIBS
++    AC_CHECK_FUNCS(sd_uid_get_display)
++    LIBS=$save_LIBS
+   else
+     if test "$enable_libsystemd_login" = "yes"; then
+-      AC_MSG_ERROR([libsystemd-login support requested but libsystemd-login library not found])
++      AC_MSG_ERROR([libsystemd support requested but libsystemd or libsystemd-login library not found])
+     fi
+   fi
+ fi
+ 
+ AS_IF([test "x$cross_compiling" != "xyes" ], [
+-  AS_IF([test "$have_libsystemd_login" = "yes"], [
++  AS_IF([test "$have_libsystemd" = "yes"], [
+     AS_IF([test ! -d /sys/fs/cgroup/systemd/ ], [
+       AS_IF([test "$enable_libsystemd_login" = "yes"], [
+-        AC_MSG_WARN([libsystemd-login requested but system does not appear to be using systemd])
++        AC_MSG_WARN([libsystemd requested but system does not appear to be using systemd])
+       ], [
+-        AC_MSG_ERROR([libsystemd-login autoconfigured, but system does not appear to use systemd])
++        AC_MSG_ERROR([libsystemd autoconfigured, but system does not appear to use systemd])
+       ])
+     ])
+   ], [
+@@ -204,15 +235,15 @@
+       AS_IF([test "$enable_libsystemd_login" = "no" ], [
+         AC_MSG_WARN([ConsoleKit requested but system appears to use systemd])
+       ], [
+-        AC_MSG_ERROR([ConsoleKit autoconfigured, but systemd is in use (missing libsystemd-login pkg-config?)])
++        AC_MSG_ERROR([ConsoleKit autoconfigured, but systemd is in use (missing libsystemd or libsystemd-login pkg-config?)])
+       ])
+     ])
+   ])
+ ])
+ 
+-AC_SUBST(LIBSYSTEMD_LOGIN_CFLAGS)
+-AC_SUBST(LIBSYSTEMD_LOGIN_LIBS)
+-AM_CONDITIONAL(HAVE_LIBSYSTEMD_LOGIN, [test "$have_libsystemd_login" = "yes"], [Using libsystemd-login])
++AC_SUBST(LIBSYSTEMD_CFLAGS)
++AC_SUBST(LIBSYSTEMD_LIBS)
++AM_CONDITIONAL(HAVE_LIBSYSTEMD, [test "$have_libsystemd" = "yes"], [Using libsystemd])
+ 
+ dnl ---------------------------------------------------------------------------
+ dnl - systemd unit / service files
+--- a/data/Makefile.in	2015-06-25 15:14:04.787558986 +0200
++++ b/data/Makefile.in	2015-06-25 15:11:45.750664630 +0200
+@@ -216,6 +216,8 @@
+ LIBJS_LIBS = @LIBJS_LIBS@
+ LIBOBJS = @LIBOBJS@
+ LIBS = @LIBS@
++LIBSYSTEMD_CFLAGS = @LIBSYSTEMD_CFLAGS@
++LIBSYSTEMD_LIBS = @LIBSYSTEMD_LIBS@
+ LIBSYSTEMD_LOGIN_CFLAGS = @LIBSYSTEMD_LOGIN_CFLAGS@
+ LIBSYSTEMD_LOGIN_LIBS = @LIBSYSTEMD_LOGIN_LIBS@
+ LIBTOOL = @LIBTOOL@
+--- a/docs/Makefile.in	2015-06-25 15:14:04.789559027 +0200
++++ b/docs/Makefile.in	2015-06-25 15:11:45.750664630 +0200
+@@ -242,6 +242,8 @@
+ LIBJS_LIBS = @LIBJS_LIBS@
+ LIBOBJS = @LIBOBJS@
+ LIBS = @LIBS@
++LIBSYSTEMD_CFLAGS = @LIBSYSTEMD_CFLAGS@
++LIBSYSTEMD_LIBS = @LIBSYSTEMD_LIBS@
+ LIBSYSTEMD_LOGIN_CFLAGS = @LIBSYSTEMD_LOGIN_CFLAGS@
+ LIBSYSTEMD_LOGIN_LIBS = @LIBSYSTEMD_LOGIN_LIBS@
+ LIBTOOL = @LIBTOOL@
+--- a/docs/man/Makefile.in	2015-06-25 15:14:04.789559027 +0200
++++ b/docs/man/Makefile.in	2015-06-25 15:11:45.751664651 +0200
+@@ -213,6 +213,8 @@
+ LIBJS_LIBS = @LIBJS_LIBS@
+ LIBOBJS = @LIBOBJS@
+ LIBS = @LIBS@
++LIBSYSTEMD_CFLAGS = @LIBSYSTEMD_CFLAGS@
++LIBSYSTEMD_LIBS = @LIBSYSTEMD_LIBS@
+ LIBSYSTEMD_LOGIN_CFLAGS = @LIBSYSTEMD_LOGIN_CFLAGS@
+ LIBSYSTEMD_LOGIN_LIBS = @LIBSYSTEMD_LOGIN_LIBS@
+ LIBTOOL = @LIBTOOL@
+--- a/docs/man/pkexec.xml	2015-06-25 15:14:04.790559047 +0200
++++ b/docs/man/pkexec.xml	2015-06-25 15:11:45.751664651 +0200
+@@ -47,11 +47,12 @@
+ 
+   <refsect1 id="pkexec-description"><title>DESCRIPTION</title>
+     <para>
+-      <command>pkexec</command> allows an authorized user to
+-      execute <replaceable>PROGRAM</replaceable> as another
+-      user. If <replaceable>username</replaceable> is not specified,
+-      then the program will be executed as the administrative super
+-      user, <emphasis>root</emphasis>.
++      <command>pkexec</command> allows an authorized user to execute
++      <replaceable>PROGRAM</replaceable> as another user. If
++      <replaceable>PROGRAM</replaceable> is not specified, the default
++      shell will be run.  If <replaceable>username</replaceable> is
++      not specified, then the program will be executed as the
++      administrative super user, <emphasis>root</emphasis>.
+     </para>
+   </refsect1>
+ 
+--- a/docs/polkit/Makefile.am	2015-06-25 15:14:04.809559438 +0200
++++ b/docs/polkit/Makefile.am	2015-06-25 15:11:45.751664651 +0200
+@@ -30,7 +30,7 @@
+ 
+ # CFLAGS and LDFLAGS for compiling scan program. Only needed
+ # if $(DOC_MODULE).types is non-empty.
+-INCLUDES = \
++AM_CPPFLAGS = \
+ 	$(GLIB_CFLAGS)						\
+ 	-I$(top_srcdir)/src/polkit 				\
+ 	-I$(top_builddir)/src/polkit				\
+--- a/docs/polkit/Makefile.in	2015-06-25 15:14:04.810559459 +0200
++++ b/docs/polkit/Makefile.in	2015-06-25 15:13:20.027635003 +0200
+@@ -188,6 +188,8 @@
+ LIBJS_LIBS = @LIBJS_LIBS@
+ LIBOBJS = @LIBOBJS@
+ LIBS = @LIBS@
++LIBSYSTEMD_CFLAGS = @LIBSYSTEMD_CFLAGS@
++LIBSYSTEMD_LIBS = @LIBSYSTEMD_LIBS@
+ LIBSYSTEMD_LOGIN_CFLAGS = @LIBSYSTEMD_LOGIN_CFLAGS@
+ LIBSYSTEMD_LOGIN_LIBS = @LIBSYSTEMD_LOGIN_LIBS@
+ LIBTOOL = @LIBTOOL@
+@@ -332,7 +334,7 @@
+ 
+ # CFLAGS and LDFLAGS for compiling scan program. Only needed
+ # if $(DOC_MODULE).types is non-empty.
+-INCLUDES = \
++AM_CPPFLAGS = \
+ 	$(GLIB_CFLAGS)						\
+ 	-I$(top_srcdir)/src/polkit 				\
+ 	-I$(top_builddir)/src/polkit				\
+@@ -595,10 +597,11 @@
+ 	@echo "This command is intended for maintainers to use"
+ 	@echo "it deletes files that may require special tools to rebuild."
+ @ENABLE_GTK_DOC_FALSE at uninstall-local:
++ at ENABLE_GTK_DOC_FALSE@maintainer-clean-local:
+ @ENABLE_GTK_DOC_FALSE at distclean-local:
+ @ENABLE_GTK_DOC_FALSE at install-data-local:
+- at ENABLE_GTK_DOC_FALSE@maintainer-clean-local:
+ @ENABLE_GTK_DOC_FALSE at clean-local:
++
+ clean: clean-am
+ 
+ clean-am: clean-generic clean-libtool clean-local mostlyclean-am
+--- a/Makefile.am	2015-06-25 15:14:04.818559623 +0200
++++ b/Makefile.am	2015-06-25 15:11:45.751664651 +0200
+@@ -1,6 +1,10 @@
+ ## Process this file with automake to produce Makefile.in
+ 
+-SUBDIRS = actions data src docs po test
++SUBDIRS = actions data src docs po
++
++if BUILD_TEST
++SUBDIRS += test
++endif
+ 
+ NULL =
+ 
+--- a/Makefile.in	2015-06-25 15:14:04.818559623 +0200
++++ b/Makefile.in	2015-06-25 15:12:20.955404507 +0200
+@@ -77,6 +77,7 @@
+ POST_UNINSTALL = :
+ build_triplet = @build@
+ host_triplet = @host@
++ at BUILD_TEST_TRUE@am__append_1 = test
+ subdir = .
+ DIST_COMMON = INSTALL NEWS README AUTHORS ChangeLog \
+ 	$(srcdir)/Makefile.in $(srcdir)/Makefile.am \
+@@ -149,7 +150,7 @@
+ ETAGS = etags
+ CTAGS = ctags
+ CSCOPE = cscope
+-DIST_SUBDIRS = $(SUBDIRS)
++DIST_SUBDIRS = actions data src docs po test
+ DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ distdir = $(PACKAGE)-$(VERSION)
+ top_distdir = $(distdir)
+@@ -265,6 +266,8 @@
+ LIBJS_LIBS = @LIBJS_LIBS@
+ LIBOBJS = @LIBOBJS@
+ LIBS = @LIBS@
++LIBSYSTEMD_CFLAGS = @LIBSYSTEMD_CFLAGS@
++LIBSYSTEMD_LIBS = @LIBSYSTEMD_LIBS@
+ LIBSYSTEMD_LOGIN_CFLAGS = @LIBSYSTEMD_LOGIN_CFLAGS@
+ LIBSYSTEMD_LOGIN_LIBS = @LIBSYSTEMD_LOGIN_LIBS@
+ LIBTOOL = @LIBTOOL@
+@@ -378,7 +381,7 @@
+ top_build_prefix = @top_build_prefix@
+ top_builddir = @top_builddir@
+ top_srcdir = @top_srcdir@
+-SUBDIRS = actions data src docs po test
++SUBDIRS = actions data src docs po $(am__append_1)
+ NULL = 
+ EXTRA_DIST = \
+ 	HACKING 		\
+--- a/src/examples/Makefile.am	2015-06-25 15:14:04.820559664 +0200
++++ b/src/examples/Makefile.am	2015-06-25 15:11:45.752664672 +0200
+@@ -1,7 +1,7 @@
+ 
+ NULL =
+ 
+-INCLUDES =                                              	\
++AM_CPPFLAGS =                                              	\
+ 	-I$(top_builddir)/src                           	\
+ 	-I$(top_srcdir)/src                             	\
+ 	-DPACKAGE_LIBEXEC_DIR=\""$(libexecdir)"\"       	\
+--- a/src/examples/Makefile.in	2015-06-25 15:14:04.821559685 +0200
++++ b/src/examples/Makefile.in	2015-06-25 15:11:45.752664672 +0200
+@@ -279,6 +279,8 @@
+ LIBJS_LIBS = @LIBJS_LIBS@
+ LIBOBJS = @LIBOBJS@
+ LIBS = @LIBS@
++LIBSYSTEMD_CFLAGS = @LIBSYSTEMD_CFLAGS@
++LIBSYSTEMD_LIBS = @LIBSYSTEMD_LIBS@
+ LIBSYSTEMD_LOGIN_CFLAGS = @LIBSYSTEMD_LOGIN_CFLAGS@
+ LIBSYSTEMD_LOGIN_LIBS = @LIBSYSTEMD_LOGIN_LIBS@
+ LIBTOOL = @LIBTOOL@
+@@ -393,7 +395,7 @@
+ top_builddir = @top_builddir@
+ top_srcdir = @top_srcdir@
+ NULL = 
+-INCLUDES = \
++AM_CPPFLAGS = \
+ 	-I$(top_builddir)/src                           	\
+ 	-I$(top_srcdir)/src                             	\
+ 	-DPACKAGE_LIBEXEC_DIR=\""$(libexecdir)"\"       	\
+--- a/src/Makefile.in	2015-06-25 15:14:04.821559685 +0200
++++ b/src/Makefile.in	2015-06-25 15:11:45.752664672 +0200
+@@ -242,6 +242,8 @@
+ LIBJS_LIBS = @LIBJS_LIBS@
+ LIBOBJS = @LIBOBJS@
+ LIBS = @LIBS@
++LIBSYSTEMD_CFLAGS = @LIBSYSTEMD_CFLAGS@
++LIBSYSTEMD_LIBS = @LIBSYSTEMD_LIBS@
+ LIBSYSTEMD_LOGIN_CFLAGS = @LIBSYSTEMD_LOGIN_CFLAGS@
+ LIBSYSTEMD_LOGIN_LIBS = @LIBSYSTEMD_LOGIN_LIBS@
+ LIBTOOL = @LIBTOOL@
+--- a/src/polkit/Makefile.am	2015-06-25 15:14:04.822559705 +0200
++++ b/src/polkit/Makefile.am	2015-06-25 15:11:45.752664672 +0200
+@@ -1,6 +1,6 @@
+ NULL =
+ 
+-INCLUDES =                                                      \
++AM_CPPFLAGS =                                                   \
+         -I$(top_builddir)/src                                   \
+         -I$(top_srcdir)/src                                     \
+         -DPACKAGE_LIBEXEC_DIR=\""$(libexecdir)"\"               \
+@@ -81,7 +81,7 @@
+ 	polkitpermission.c			polkitpermission.h			\
+         $(NULL)
+ 
+-if HAVE_LIBSYSTEMD_LOGIN
++if HAVE_LIBSYSTEMD
+ libpolkit_gobject_1_la_SOURCES += \
+ 	polkitunixsession-systemd.c		polkitunixsession.h
+ else
+@@ -92,12 +92,12 @@
+ libpolkit_gobject_1_la_CFLAGS =                                        	\
+         -D_POLKIT_COMPILATION                                  		\
+         $(GLIB_CFLAGS)							\
+-	$(LIBSYSTEMD_LOGIN_CFLAGS)					\
++	$(LIBSYSTEMD_CFLAGS)						\
+         $(NULL)
+ 
+ libpolkit_gobject_1_la_LIBADD =                               		\
+         $(GLIB_LIBS)							\
+-	$(LIBSYSTEMD_LOGIN_LIBS)					\
++	$(LIBSYSTEMD_LIBS)						\
+         $(NULL)
+ 
+ libpolkit_gobject_1_la_LDFLAGS = -export-symbols-regex '(^polkit_.*)'
+--- a/src/polkit/Makefile.in	2015-06-25 15:14:04.822559705 +0200
++++ b/src/polkit/Makefile.in	2015-06-25 15:11:45.753664693 +0200
+@@ -80,11 +80,11 @@
+ POST_UNINSTALL = :
+ build_triplet = @build@
+ host_triplet = @host@
+- at HAVE_LIBSYSTEMD_LOGIN_TRUE@am__append_1 = \
+- at HAVE_LIBSYSTEMD_LOGIN_TRUE@	polkitunixsession-systemd.c		polkitunixsession.h
++ at HAVE_LIBSYSTEMD_TRUE@am__append_1 = \
++ at HAVE_LIBSYSTEMD_TRUE@	polkitunixsession-systemd.c		polkitunixsession.h
+ 
+- at HAVE_LIBSYSTEMD_LOGIN_FALSE@am__append_2 = \
+- at HAVE_LIBSYSTEMD_LOGIN_FALSE@	polkitunixsession.c			polkitunixsession.h
++ at HAVE_LIBSYSTEMD_FALSE@am__append_2 = \
++ at HAVE_LIBSYSTEMD_FALSE@	polkitunixsession.c			polkitunixsession.h
+ 
+ subdir = src/polkit
+ DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
+@@ -151,8 +151,8 @@
+ am__objects_1 =
+ am__objects_2 = libpolkit_gobject_1_la-polkitenumtypes.lo \
+ 	$(am__objects_1)
+- at HAVE_LIBSYSTEMD_LOGIN_TRUE@am__objects_3 = libpolkit_gobject_1_la-polkitunixsession-systemd.lo
+- at HAVE_LIBSYSTEMD_LOGIN_FALSE@am__objects_4 = libpolkit_gobject_1_la-polkitunixsession.lo
++ at HAVE_LIBSYSTEMD_TRUE@am__objects_3 = libpolkit_gobject_1_la-polkitunixsession-systemd.lo
++ at HAVE_LIBSYSTEMD_FALSE@am__objects_4 = libpolkit_gobject_1_la-polkitunixsession.lo
+ am_libpolkit_gobject_1_la_OBJECTS = $(am__objects_2) \
+ 	libpolkit_gobject_1_la-polkitactiondescription.lo \
+ 	libpolkit_gobject_1_la-polkitauthorityfeatures.lo \
+@@ -317,6 +317,8 @@
+ LIBJS_LIBS = @LIBJS_LIBS@
+ LIBOBJS = @LIBOBJS@
+ LIBS = @LIBS@
++LIBSYSTEMD_CFLAGS = @LIBSYSTEMD_CFLAGS@
++LIBSYSTEMD_LIBS = @LIBSYSTEMD_LIBS@
+ LIBSYSTEMD_LOGIN_CFLAGS = @LIBSYSTEMD_LOGIN_CFLAGS@
+ LIBSYSTEMD_LOGIN_LIBS = @LIBSYSTEMD_LOGIN_LIBS@
+ LIBTOOL = @LIBTOOL@
+@@ -431,7 +433,7 @@
+ top_builddir = @top_builddir@
+ top_srcdir = @top_srcdir@
+ NULL = 
+-INCLUDES = \
++AM_CPPFLAGS = \
+         -I$(top_builddir)/src                                   \
+         -I$(top_srcdir)/src                                     \
+         -DPACKAGE_LIBEXEC_DIR=\""$(libexecdir)"\"               \
+@@ -495,12 +497,12 @@
+ libpolkit_gobject_1_la_CFLAGS = \
+         -D_POLKIT_COMPILATION                                  		\
+         $(GLIB_CFLAGS)							\
+-	$(LIBSYSTEMD_LOGIN_CFLAGS)					\
++	$(LIBSYSTEMD_CFLAGS)						\
+         $(NULL)
+ 
+ libpolkit_gobject_1_la_LIBADD = \
+         $(GLIB_LIBS)							\
+-	$(LIBSYSTEMD_LOGIN_LIBS)					\
++	$(LIBSYSTEMD_LIBS)						\
+         $(NULL)
+ 
+ libpolkit_gobject_1_la_LDFLAGS = -export-symbols-regex '(^polkit_.*)'
+--- a/src/polkit/polkitauthority.c	2015-06-25 15:14:04.824559747 +0200
++++ b/src/polkit/polkitauthority.c	2015-06-25 15:11:45.753664693 +0200
+@@ -715,7 +715,6 @@
+   while ((child = g_variant_iter_next_value (&iter)) != NULL)
+     {
+       ret = g_list_prepend (ret, polkit_action_description_new_for_gvariant (child));
+-      g_variant_ref_sink (child);
+       g_variant_unref (child);
+     }
+   ret = g_list_reverse (ret);
+--- a/src/polkit/polkitpermission.c	2015-06-25 15:14:04.827559808 +0200
++++ b/src/polkit/polkitpermission.c	2015-06-25 15:11:45.753664693 +0200
+@@ -122,7 +122,7 @@
+   PolkitPermission *permission = POLKIT_PERMISSION (object);
+ 
+   if (permission->subject == NULL)
+-    permission->subject = polkit_unix_process_new (getpid ());
++    permission->subject = polkit_unix_process_new_for_owner (getpid (), 0, getuid ());
+ 
+   if (G_OBJECT_CLASS (polkit_permission_parent_class)->constructed != NULL)
+     G_OBJECT_CLASS (polkit_permission_parent_class)->constructed (object);
+--- a/src/polkit/polkitsubject.c	2015-06-25 15:14:04.827559808 +0200
++++ b/src/polkit/polkitsubject.c	2015-06-25 15:11:45.754664714 +0200
+@@ -247,11 +247,15 @@
+         }
+       else if (sscanf (str, "unix-process:%d:%" G_GUINT64_FORMAT, &scanned_pid, &scanned_starttime) == 2)
+         {
++	  G_GNUC_BEGIN_IGNORE_DEPRECATIONS
+           subject = polkit_unix_process_new_full (scanned_pid, scanned_starttime);
++	  G_GNUC_END_IGNORE_DEPRECATIONS
+         }
+       else if (sscanf (str, "unix-process:%d", &scanned_pid) == 1)
+         {
++	  G_GNUC_BEGIN_IGNORE_DEPRECATIONS
+           subject = polkit_unix_process_new (scanned_pid);
++	  G_GNUC_END_IGNORE_DEPRECATIONS
+           if (polkit_unix_process_get_start_time (POLKIT_UNIX_PROCESS (subject)) == 0)
+             {
+               g_object_unref (subject);
+@@ -424,7 +428,7 @@
+       start_time = g_variant_get_uint64 (v);
+       g_variant_unref (v);
+ 
+-      v = lookup_asv (details_gvariant, "uid", G_VARIANT_TYPE_INT32, error);
++      v = lookup_asv (details_gvariant, "uid", G_VARIANT_TYPE_INT32, NULL);
+       if (v != NULL)
+         {
+           uid = g_variant_get_int32 (v);
+--- a/src/polkit/polkitsystembusname.c	2015-06-25 15:14:04.828559829 +0200
++++ b/src/polkit/polkitsystembusname.c	2015-06-25 15:11:45.754664714 +0200
+@@ -25,6 +25,7 @@
+ 
+ #include <string.h>
+ #include "polkitsystembusname.h"
++#include "polkitunixuser.h"
+ #include "polkitsubject.h"
+ #include "polkitprivate.h"
+ 
+@@ -340,6 +341,116 @@
+ 
+ /* ---------------------------------------------------------------------------------------------------- */
+ 
++typedef struct {
++  GError **error;
++  guint retrieved_uid : 1;
++  guint retrieved_pid : 1;
++  guint caught_error : 1;
++
++  guint32 uid;
++  guint32 pid;
++} AsyncGetBusNameCredsData;
++
++static void
++on_retrieved_unix_uid_pid (GObject              *src,
++			   GAsyncResult         *res,
++			   gpointer              user_data)
++{
++  AsyncGetBusNameCredsData *data = user_data;
++  GVariant *v;
++
++  v = g_dbus_connection_call_finish ((GDBusConnection*)src, res,
++				     data->caught_error ? NULL : data->error);
++  if (!v)
++    {
++      data->caught_error = TRUE;
++    }
++  else
++    {
++      guint32 value;
++      g_variant_get (v, "(u)", &value);
++      g_variant_unref (v);
++      if (!data->retrieved_uid)
++	{
++	  data->retrieved_uid = TRUE;
++	  data->uid = value;
++	}
++      else
++	{
++	  g_assert (!data->retrieved_pid);
++	  data->retrieved_pid = TRUE;
++	  data->pid = value;
++	}
++    }
++}
++
++static gboolean
++polkit_system_bus_name_get_creds_sync (PolkitSystemBusName           *system_bus_name,
++				       guint32                       *out_uid,
++				       guint32                       *out_pid,
++				       GCancellable                  *cancellable,
++				       GError                       **error)
++{
++  gboolean ret = FALSE;
++  AsyncGetBusNameCredsData data = { 0, };
++  GDBusConnection *connection = NULL;
++  GMainContext *tmp_context = NULL;
++
++  connection = g_bus_get_sync (G_BUS_TYPE_SYSTEM, cancellable, error);
++  if (connection == NULL)
++    goto out;
++
++  data.error = error;
++
++  tmp_context = g_main_context_new ();
++  g_main_context_push_thread_default (tmp_context);
++
++  /* Do two async calls as it's basically as fast as one sync call.
++   */
++  g_dbus_connection_call (connection,
++			  "org.freedesktop.DBus",       /* name */
++			  "/org/freedesktop/DBus",      /* object path */
++			  "org.freedesktop.DBus",       /* interface name */
++			  "GetConnectionUnixUser",      /* method */
++			  g_variant_new ("(s)", system_bus_name->name),
++			  G_VARIANT_TYPE ("(u)"),
++			  G_DBUS_CALL_FLAGS_NONE,
++			  -1,
++			  cancellable,
++			  on_retrieved_unix_uid_pid,
++			  &data);
++  g_dbus_connection_call (connection,
++			  "org.freedesktop.DBus",       /* name */
++			  "/org/freedesktop/DBus",      /* object path */
++			  "org.freedesktop.DBus",       /* interface name */
++			  "GetConnectionUnixProcessID", /* method */
++			  g_variant_new ("(s)", system_bus_name->name),
++			  G_VARIANT_TYPE ("(u)"),
++			  G_DBUS_CALL_FLAGS_NONE,
++			  -1,
++			  cancellable,
++			  on_retrieved_unix_uid_pid,
++			  &data);
++
++  while (!((data.retrieved_uid && data.retrieved_pid) || data.caught_error))
++    g_main_context_iteration (tmp_context, TRUE);
++
++  if (out_uid)
++    *out_uid = data.uid;
++  if (out_pid)
++    *out_pid = data.pid;
++  ret = TRUE;
++ out:
++  if (tmp_context)
++    {
++      g_main_context_pop_thread_default (tmp_context);
++      g_main_context_unref (tmp_context);
++    }
++  if (connection != NULL)
++    g_object_unref (connection);
++  return ret;
++}
++
+ /**
+  * polkit_system_bus_name_get_process_sync:
+  * @system_bus_name: A #PolkitSystemBusName.
+@@ -356,43 +467,53 @@
+                                          GCancellable         *cancellable,
+                                          GError              **error)
+ {
+-  GDBusConnection *connection;
+-  PolkitSubject *ret;
+-  GVariant *result;
++  PolkitSubject *ret = NULL;
+   guint32 pid;
++  guint32 uid;
+ 
+   g_return_val_if_fail (POLKIT_IS_SYSTEM_BUS_NAME (system_bus_name), NULL);
+   g_return_val_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable), NULL);
+   g_return_val_if_fail (error == NULL || *error == NULL, NULL);
+ 
+-  ret = NULL;
+-
+-  connection = g_bus_get_sync (G_BUS_TYPE_SYSTEM, cancellable, error);
+-  if (connection == NULL)
++  if (!polkit_system_bus_name_get_creds_sync (system_bus_name, &uid, &pid,
++					      cancellable, error))
+     goto out;
+ 
+-  result = g_dbus_connection_call_sync (connection,
+-                                        "org.freedesktop.DBus",       /* name */
+-                                        "/org/freedesktop/DBus",      /* object path */
+-                                        "org.freedesktop.DBus",       /* interface name */
+-                                        "GetConnectionUnixProcessID", /* method */
+-                                        g_variant_new ("(s)", system_bus_name->name),
+-                                        G_VARIANT_TYPE ("(u)"),
+-                                        G_DBUS_CALL_FLAGS_NONE,
+-                                        -1,
+-                                        cancellable,
+-                                        error);
+-  if (result == NULL)
+-    goto out;
++  ret = polkit_unix_process_new_for_owner (pid, 0, uid);
+ 
+-  g_variant_get (result, "(u)", &pid);
+-  g_variant_unref (result);
++ out:
++  return ret;
++}
++
++/**
++ * polkit_system_bus_name_get_user_sync:
++ * @system_bus_name: A #PolkitSystemBusName.
++ * @cancellable: (allow-none): A #GCancellable or %NULL.
++ * @error: (allow-none): Return location for error or %NULL.
++ *
++ * Synchronously gets a #PolkitUnixUser object for @system_bus_name;
++ * the calling thread is blocked until a reply is received.
++ *
++ * Returns: (allow-none) (transfer full): A #PolkitUnixUser object or %NULL if @error is set.
++ **/
++PolkitUnixUser *
++polkit_system_bus_name_get_user_sync (PolkitSystemBusName  *system_bus_name,
++				      GCancellable         *cancellable,
++				      GError              **error)
++{
++  PolkitUnixUser *ret = NULL;
++  guint32 uid;
+ 
+-  ret = polkit_unix_process_new (pid);
++  g_return_val_if_fail (POLKIT_IS_SYSTEM_BUS_NAME (system_bus_name), NULL);
++  g_return_val_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable), NULL);
++  g_return_val_if_fail (error == NULL || *error == NULL, NULL);
++
++  if (!polkit_system_bus_name_get_creds_sync (system_bus_name, &uid, NULL,
++					      cancellable, error))
++    goto out;
++
++  ret = (PolkitUnixUser*)polkit_unix_user_new (uid);
+ 
+  out:
+-  if (connection != NULL)
+-    g_object_unref (connection);
+   return ret;
+ }
+-
+--- a/src/polkit/polkitsystembusname.h	2015-06-25 15:14:04.828559829 +0200
++++ b/src/polkit/polkitsystembusname.h	2015-06-25 15:11:45.754664714 +0200
+@@ -56,6 +56,10 @@
+                                                            GCancellable         *cancellable,
+                                                            GError              **error);
+ 
++PolkitUnixUser * polkit_system_bus_name_get_user_sync     (PolkitSystemBusName  *system_bus_name,
++							   GCancellable         *cancellable,
++							   GError              **error);
++
+ G_END_DECLS
+ 
+ #endif /* __POLKIT_SYSTEM_BUS_NAME_H */
+--- a/src/polkitagent/Makefile.am	2015-06-25 15:14:04.831559891 +0200
++++ b/src/polkitagent/Makefile.am	2015-06-25 15:11:45.754664714 +0200
+@@ -1,6 +1,6 @@
+ NULL =
+ 
+-INCLUDES =                                                      \
++AM_CPPFLAGS =                                                   \
+         -I$(top_builddir)/src                                   \
+         -I$(top_srcdir)/src                                     \
+         -I$(top_builddir)/src/polkit                            \
+--- a/src/polkitagent/Makefile.in	2015-06-25 15:14:04.831559891 +0200
++++ b/src/polkitagent/Makefile.in	2015-06-25 15:11:45.754664714 +0200
+@@ -304,6 +304,8 @@
+ LIBJS_LIBS = @LIBJS_LIBS@
+ LIBOBJS = @LIBOBJS@
+ LIBS = @LIBS@
++LIBSYSTEMD_CFLAGS = @LIBSYSTEMD_CFLAGS@
++LIBSYSTEMD_LIBS = @LIBSYSTEMD_LIBS@
+ LIBSYSTEMD_LOGIN_CFLAGS = @LIBSYSTEMD_LOGIN_CFLAGS@
+ LIBSYSTEMD_LOGIN_LIBS = @LIBSYSTEMD_LOGIN_LIBS@
+ LIBTOOL = @LIBTOOL@
+@@ -418,7 +420,7 @@
+ top_builddir = @top_builddir@
+ top_srcdir = @top_srcdir@
+ NULL = 
+-INCLUDES = \
++AM_CPPFLAGS = \
+         -I$(top_builddir)/src                                   \
+         -I$(top_srcdir)/src                                     \
+         -I$(top_builddir)/src/polkit                            \
+--- a/src/polkitagent/polkitagenthelper-pam.c	2015-06-25 15:14:04.832559911 +0200
++++ b/src/polkitagent/polkitagenthelper-pam.c	2015-06-25 15:11:45.755664735 +0200
+@@ -65,7 +65,7 @@
+ {
+   int rc;
+   const char *user_to_auth;
+-  const char *cookie;
++  char *cookie = NULL;
+   struct pam_conv pam_conversation;
+   pam_handle_t *pam_h;
+   const void *authed_user;
+@@ -97,7 +97,7 @@
+   openlog ("polkit-agent-helper-1", LOG_CONS | LOG_PID, LOG_AUTHPRIV);
+ 
+   /* check for correct invocation */
+-  if (argc != 3)
++  if (!(argc == 2 || argc == 3))
+     {
+       syslog (LOG_NOTICE, "inappropriate use of helper, wrong number of arguments [uid=%d]", getuid ());
+       fprintf (stderr, "polkit-agent-helper-1: wrong number of arguments. This incident has been logged.\n");
+@@ -105,7 +105,10 @@
+     }
+ 
+   user_to_auth = argv[1];
+-  cookie = argv[2];
++
++  cookie = read_cookie (argc, argv);
++  if (!cookie)
++    goto error;
+ 
+   if (getuid () != 0)
+     {
+@@ -203,6 +206,8 @@
+       goto error;
+     }
+ 
++  free (cookie);
++
+ #ifdef PAH_DEBUG
+   fprintf (stderr, "polkit-agent-helper-1: successfully sent D-Bus message to PolicyKit daemon\n");
+ #endif /* PAH_DEBUG */
+@@ -212,6 +217,7 @@
+   return 0;
+ 
+ error:
++  free (cookie);
+   if (pam_h != NULL)
+     pam_end (pam_h, rc);
+ 
+@@ -230,7 +236,7 @@
+   gchar *tmp = NULL;
+   size_t len;
+ 
+-  data = data;
++  (void)data;
+   if (n <= 0 || n > PAM_MAX_NUM_MSG)
+     return PAM_CONV_ERR;
+ 
+--- a/src/polkitagent/polkitagenthelperprivate.c	2015-06-25 15:14:04.832559911 +0200
++++ b/src/polkitagent/polkitagenthelperprivate.c	2015-06-25 15:11:45.755664735 +0200
+@@ -23,6 +23,7 @@
+ #include "config.h"
+ #include "polkitagenthelperprivate.h"
+ #include <stdio.h>
++#include <string.h>
+ #include <stdlib.h>
+ #include <unistd.h>
+ 
+@@ -45,6 +46,38 @@
+ #endif
+ 
+ 
++char *
++read_cookie (int argc, char **argv)
++{
++  /* As part of CVE-2015-4625, we started passing the cookie
++   * on standard input, to ensure it's not visible to other
++   * processes.  However, to ensure that things continue
++   * to work if the setuid binary is upgraded while old
++   * agents are still running (this will be common with
++   * package managers), we support both modes.
++   */
++  if (argc == 3)
++    return strdup (argv[2]);
++  else
++    {
++      char *ret = NULL;
++      size_t n = 0;
++      ssize_t r = getline (&ret, &n, stdin);
++      if (r == -1)
++        {
++          if (!feof (stdin))
++            perror ("getline");
++          free (ret);
++          return NULL;
++        }
++      else
++        {
++          g_strchomp (ret);
++          return ret;
++        }
++    }
++}
++
+ gboolean
+ send_dbus_message (const char *cookie, const char *user)
+ {
+@@ -103,7 +136,12 @@
+ {
+   fflush (stdout);
+   fflush (stderr);
++#ifdef HAVE_FDATASYNC
+   fdatasync (fileno(stdout));
+   fdatasync (fileno(stderr));
++#else
++  fsync (fileno(stdout));
++  fsync (fileno(stderr));
++#endif
+   usleep (100 * 1000);
+ }
+--- a/src/polkitagent/polkitagenthelperprivate.h	2015-06-25 15:14:04.832559911 +0200
++++ b/src/polkitagent/polkitagenthelperprivate.h	2015-06-25 15:11:45.755664735 +0200
+@@ -38,6 +38,8 @@
+ 
+ int _polkit_clearenv (void);
+ 
++char *read_cookie (int argc, char **argv);
++
+ gboolean send_dbus_message (const char *cookie, const char *user);
+ 
+ void flush_and_wait ();
+--- a/src/polkitagent/polkitagenthelper-shadow.c	2015-06-25 15:14:04.832559911 +0200
++++ b/src/polkitagent/polkitagenthelper-shadow.c	2015-06-25 15:11:45.755664735 +0200
+@@ -46,7 +46,7 @@
+ {
+   struct spwd *shadow;
+   const char *user_to_auth;
+-  const char *cookie;
++  char *cookie = NULL;
+   time_t now;
+ 
+   /* clear the entire environment to avoid attacks with
+@@ -67,7 +67,7 @@
+   openlog ("polkit-agent-helper-1", LOG_CONS | LOG_PID, LOG_AUTHPRIV);
+ 
+   /* check for correct invocation */
+-  if (argc != 3)
++  if (!(argc == 2 || argc == 3))
+     {
+       syslog (LOG_NOTICE, "inappropriate use of helper, wrong number of arguments [uid=%d]", getuid ());
+       fprintf (stderr, "polkit-agent-helper-1: wrong number of arguments. This incident has been logged.\n");
+@@ -86,7 +86,10 @@
+     }
+ 
+   user_to_auth = argv[1];
+-  cookie = argv[2];
++
++  cookie = read_cookie (argc, argv);
++  if (!cookie)
++    goto error;
+ 
+ #ifdef PAH_DEBUG
+   fprintf (stderr, "polkit-agent-helper-1: user to auth is '%s'.\n", user_to_auth);
+@@ -153,6 +156,8 @@
+       goto error;
+     }
+ 
++  free (cookie);
++
+ #ifdef PAH_DEBUG
+   fprintf (stderr, "polkit-agent-helper-1: successfully sent D-Bus message to PolicyKit daemon\n");
+ #endif /* PAH_DEBUG */
+@@ -162,6 +167,7 @@
+   return 0;
+ 
+ error:
++  free (cookie);
+   fprintf (stdout, "FAILURE\n");
+   flush_and_wait ();
+   return 1;
+--- a/src/polkitagent/polkitagentsession.c	2015-06-25 15:14:04.833559932 +0200
++++ b/src/polkitagent/polkitagentsession.c	2015-06-25 15:11:45.755664735 +0200
+@@ -55,6 +55,7 @@
+ #include <stdio.h>
+ #include <sys/types.h>
+ #include <sys/wait.h>
++#include <gio/gunixoutputstream.h>
+ #include <pwd.h>
+ 
+ #include "polkitagentmarshal.h"
+@@ -88,11 +89,10 @@
+   gchar *cookie;
+   PolkitIdentity *identity;
+ 
+-  int child_stdin;
++  GOutputStream *child_stdin;
+   int child_stdout;
+   GPid child_pid;
+ 
+-  GSource *child_watch_source;
+   GSource *child_stdout_watch_source;
+   GIOChannel *child_stdout_channel;
+ 
+@@ -130,7 +130,6 @@
+ static void
+ polkit_agent_session_init (PolkitAgentSession *session)
+ {
+-  session->child_stdin = -1;
+   session->child_stdout = -1;
+ }
+ 
+@@ -377,13 +376,6 @@
+       session->child_pid = 0;
+     }
+ 
+-  if (session->child_watch_source != NULL)
+-    {
+-      g_source_destroy (session->child_watch_source);
+-      g_source_unref (session->child_watch_source);
+-      session->child_watch_source = NULL;
+-    }
+-
+   if (session->child_stdout_watch_source != NULL)
+     {
+       g_source_destroy (session->child_stdout_watch_source);
+@@ -403,11 +395,7 @@
+       session->child_stdout = -1;
+     }
+ 
+-  if (session->child_stdin != -1)
+-    {
+-      g_warn_if_fail (close (session->child_stdin) == 0);
+-      session->child_stdin = -1;
+-    }
++  g_clear_object (&session->child_stdin);
+ 
+   session->helper_is_running = FALSE;
+ 
+@@ -429,26 +417,6 @@
+     }
+ }
+ 
+-static void
+-child_watch_func (GPid     pid,
+-                  gint     status,
+-                  gpointer user_data)
+-{
+-  PolkitAgentSession *session = POLKIT_AGENT_SESSION (user_data);
+-
+-  if (G_UNLIKELY (_show_debug ()))
+-    {
+-      g_print ("PolkitAgentSession: in child_watch_func for pid %d (WIFEXITED=%d WEXITSTATUS=%d)\n",
+-               (gint) pid,
+-               WIFEXITED(status),
+-               WEXITSTATUS(status));
+-    }
+-
+-  /* kill all the watches we have set up, except for the child since it has exited already */
+-  session->child_pid = 0;
+-  complete_session (session, FALSE);
+-}
+-
+ static gboolean
+ io_watch_have_data (GIOChannel    *channel,
+                     GIOCondition   condition,
+@@ -475,10 +443,13 @@
+                           NULL,
+                           NULL,
+                           &error);
+-  if (error != NULL)
++  if (error != NULL || line == NULL)
+     {
+-      g_warning ("Error reading line from helper: %s", error->message);
+-      g_error_free (error);
++      /* In case we get just G_IO_HUP, line is NULL but error is
++         unset.*/
++      g_warning ("Error reading line from helper: %s",
++                 error ? error->message : "nothing to read");
++      g_clear_error (&error);
+ 
+       complete_session (session, FALSE);
+       goto out;
+@@ -540,6 +511,9 @@
+   g_free (line);
+   g_free (unescaped);
+ 
++  if (condition & (G_IO_ERR | G_IO_HUP))
++    complete_session (session, FALSE);
++
+   /* keep the IOChannel around */
+   return TRUE;
+ }
+@@ -567,9 +541,9 @@
+ 
+   add_newline = (response[response_len] != '\n');
+ 
+-  write (session->child_stdin, response, response_len);
++  (void) g_output_stream_write_all (session->child_stdin, response, response_len, NULL, NULL, NULL);
+   if (add_newline)
+-    write (session->child_stdin, newline, 1);
++    (void) g_output_stream_write_all (session->child_stdin, newline, 1, NULL, NULL, NULL);
+ }
+ 
+ /**
+@@ -589,8 +563,9 @@
+ {
+   uid_t uid;
+   GError *error;
+-  gchar *helper_argv[4];
++  gchar *helper_argv[3];
+   struct passwd *passwd;
++  int stdin_fd = -1;
+ 
+   g_return_if_fail (POLKIT_AGENT_IS_SESSION (session));
+ 
+@@ -622,10 +597,8 @@
+ 
+   helper_argv[0] = PACKAGE_PREFIX "/lib/polkit-1/polkit-agent-helper-1";
+   helper_argv[1] = passwd->pw_name;
+-  helper_argv[2] = session->cookie;
+-  helper_argv[3] = NULL;
++  helper_argv[2] = NULL;
+ 
+-  session->child_stdin = -1;
+   session->child_stdout = -1;
+ 
+   error = NULL;
+@@ -637,7 +610,7 @@
+                                  NULL,
+                                  NULL,
+                                  &session->child_pid,
+-                                 &session->child_stdin,
++                                 &stdin_fd,
+                                  &session->child_stdout,
+                                  NULL,
+                                  &error))
+@@ -650,12 +623,16 @@
+   if (G_UNLIKELY (_show_debug ()))
+     g_print ("PolkitAgentSession: spawned helper with pid %d\n", (gint) session->child_pid);
+ 
+-  session->child_watch_source = g_child_watch_source_new (session->child_pid);
+-  g_source_set_callback (session->child_watch_source, (GSourceFunc) child_watch_func, session, NULL);
+-  g_source_attach (session->child_watch_source, g_main_context_get_thread_default ());
++  session->child_stdin = (GOutputStream*)g_unix_output_stream_new (stdin_fd, TRUE);
++
++  /* Write the cookie on stdin so it can't be seen by other processes */
++  (void) g_output_stream_write_all (session->child_stdin, session->cookie, strlen (session->cookie),
++                                    NULL, NULL, NULL);
++  (void) g_output_stream_write_all (session->child_stdin, "\n", 1, NULL, NULL, NULL);
+ 
+   session->child_stdout_channel = g_io_channel_unix_new (session->child_stdout);
+-  session->child_stdout_watch_source = g_io_create_watch (session->child_stdout_channel, G_IO_IN);
++  session->child_stdout_watch_source = g_io_create_watch (session->child_stdout_channel,
++                                                          G_IO_IN | G_IO_ERR | G_IO_HUP);
+   g_source_set_callback (session->child_stdout_watch_source, (GSourceFunc) io_watch_have_data, session, NULL);
+   g_source_attach (session->child_stdout_watch_source, g_main_context_get_thread_default ());
+ 
+--- a/src/polkitagent/polkitagenttextlistener.c	2015-06-25 15:14:04.834559952 +0200
++++ b/src/polkitagent/polkitagenttextlistener.c	2015-06-25 15:11:45.755664735 +0200
+@@ -546,12 +546,10 @@
+                                                            GAsyncResult         *res,
+                                                            GError              **error)
+ {
+-  PolkitAgentTextListener *listener = POLKIT_AGENT_TEXT_LISTENER (_listener);
+   gboolean ret;
+ 
+   g_warn_if_fail (g_simple_async_result_get_source_tag (G_SIMPLE_ASYNC_RESULT (res)) ==
+                   polkit_agent_text_listener_initiate_authentication);
+-  g_assert (listener->active_session == NULL);
+ 
+   ret = FALSE;
+ 
+--- a/src/polkitbackend/Makefile.am	2015-06-25 15:14:04.835559973 +0200
++++ b/src/polkitbackend/Makefile.am	2015-06-25 15:11:45.756664756 +0200
+@@ -2,7 +2,7 @@
+ 
+ BUILT_SOURCES =
+ 
+-INCLUDES =                                                      \
++AM_CPPFLAGS =                                                   \
+         -I$(top_builddir)/src                                   \
+         -I$(top_srcdir)/src                                     \
+         -I$(top_builddir)/src/polkit                            \
+@@ -38,7 +38,7 @@
+ 	polkitbackendactionlookup.h		polkitbackendactionlookup.c		\
+         $(NULL)
+ 
+-if HAVE_LIBSYSTEMD_LOGIN
++if HAVE_LIBSYSTEMD
+ libpolkit_backend_1_la_SOURCES += \
+ 	polkitbackendsessionmonitor.h		polkitbackendsessionmonitor-systemd.c
+ else
+@@ -50,13 +50,13 @@
+         -D_POLKIT_COMPILATION                                  		\
+         -D_POLKIT_BACKEND_COMPILATION                                  	\
+         $(GLIB_CFLAGS)							\
+-	$(LIBSYSTEMD_LOGIN_CFLAGS)					\
++	$(LIBSYSTEMD_CFLAGS)						\
+ 	$(LIBJS_CFLAGS)							\
+         $(NULL)
+ 
+ libpolkit_backend_1_la_LIBADD =                               		\
+         $(GLIB_LIBS)							\
+-	$(LIBSYSTEMD_LOGIN_LIBS)					\
++	$(LIBSYSTEMD_LIBS)						\
+ 	$(top_builddir)/src/polkit/libpolkit-gobject-1.la		\
+ 	$(EXPAT_LIBS)							\
+ 	$(LIBJS_LIBS)							\
+--- a/src/polkitbackend/Makefile.in	2015-06-25 15:14:04.835559973 +0200
++++ b/src/polkitbackend/Makefile.in	2015-06-25 15:11:45.756664756 +0200
+@@ -80,11 +80,11 @@
+ POST_UNINSTALL = :
+ build_triplet = @build@
+ host_triplet = @host@
+- at HAVE_LIBSYSTEMD_LOGIN_TRUE@am__append_1 = \
+- at HAVE_LIBSYSTEMD_LOGIN_TRUE@	polkitbackendsessionmonitor.h		polkitbackendsessionmonitor-systemd.c
++ at HAVE_LIBSYSTEMD_TRUE@am__append_1 = \
++ at HAVE_LIBSYSTEMD_TRUE@	polkitbackendsessionmonitor.h		polkitbackendsessionmonitor-systemd.c
+ 
+- at HAVE_LIBSYSTEMD_LOGIN_FALSE@am__append_2 = \
+- at HAVE_LIBSYSTEMD_LOGIN_FALSE@	polkitbackendsessionmonitor.h		polkitbackendsessionmonitor.c
++ at HAVE_LIBSYSTEMD_FALSE@am__append_2 = \
++ at HAVE_LIBSYSTEMD_FALSE@	polkitbackendsessionmonitor.h		polkitbackendsessionmonitor.c
+ 
+ libpriv_PROGRAMS = polkitd$(EXEEXT)
+ subdir = src/polkitbackend
+@@ -117,8 +117,8 @@
+ 	polkitbackendsessionmonitor-systemd.c \
+ 	polkitbackendsessionmonitor.c
+ am__objects_1 =
+- at HAVE_LIBSYSTEMD_LOGIN_TRUE@am__objects_2 = libpolkit_backend_1_la-polkitbackendsessionmonitor-systemd.lo
+- at HAVE_LIBSYSTEMD_LOGIN_FALSE@am__objects_3 = libpolkit_backend_1_la-polkitbackendsessionmonitor.lo
++ at HAVE_LIBSYSTEMD_TRUE@am__objects_2 = libpolkit_backend_1_la-polkitbackendsessionmonitor-systemd.lo
++ at HAVE_LIBSYSTEMD_FALSE@am__objects_3 = libpolkit_backend_1_la-polkitbackendsessionmonitor.lo
+ am_libpolkit_backend_1_la_OBJECTS = $(am__objects_1) \
+ 	libpolkit_backend_1_la-polkitbackendauthority.lo \
+ 	libpolkit_backend_1_la-polkitbackendinteractiveauthority.lo \
+@@ -309,6 +309,8 @@
+ LIBJS_LIBS = @LIBJS_LIBS@
+ LIBOBJS = @LIBOBJS@
+ LIBS = @LIBS@
++LIBSYSTEMD_CFLAGS = @LIBSYSTEMD_CFLAGS@
++LIBSYSTEMD_LIBS = @LIBSYSTEMD_LIBS@
+ LIBSYSTEMD_LOGIN_CFLAGS = @LIBSYSTEMD_LOGIN_CFLAGS@
+ LIBSYSTEMD_LOGIN_LIBS = @LIBSYSTEMD_LOGIN_LIBS@
+ LIBTOOL = @LIBTOOL@
+@@ -424,7 +426,7 @@
+ top_srcdir = @top_srcdir@
+ NULL = 
+ BUILT_SOURCES = initjs.h
+-INCLUDES = \
++AM_CPPFLAGS = \
+         -I$(top_builddir)/src                                   \
+         -I$(top_srcdir)/src                                     \
+         -I$(top_builddir)/src/polkit                            \
+@@ -455,13 +457,13 @@
+         -D_POLKIT_COMPILATION                                  		\
+         -D_POLKIT_BACKEND_COMPILATION                                  	\
+         $(GLIB_CFLAGS)							\
+-	$(LIBSYSTEMD_LOGIN_CFLAGS)					\
++	$(LIBSYSTEMD_CFLAGS)						\
+ 	$(LIBJS_CFLAGS)							\
+         $(NULL)
+ 
+ libpolkit_backend_1_la_LIBADD = \
+         $(GLIB_LIBS)							\
+-	$(LIBSYSTEMD_LOGIN_LIBS)					\
++	$(LIBSYSTEMD_LIBS)						\
+ 	$(top_builddir)/src/polkit/libpolkit-gobject-1.la		\
+ 	$(EXPAT_LIBS)							\
+ 	$(LIBJS_LIBS)							\
+--- a/src/polkitbackend/polkitbackendinteractiveauthority.c	2015-06-25 15:14:04.840560076 +0200
++++ b/src/polkitbackend/polkitbackendinteractiveauthority.c	2015-06-25 15:11:45.757664777 +0200
+@@ -214,6 +214,8 @@
+ 
+   GDBusConnection *system_bus_connection;
+   guint name_owner_changed_signal_id;
++
++  guint64 agent_serial;
+ } PolkitBackendInteractiveAuthorityPrivate;
+ 
+ /* ---------------------------------------------------------------------------------------------------- */
+@@ -224,6 +226,14 @@
+ 
+ #define POLKIT_BACKEND_INTERACTIVE_AUTHORITY_GET_PRIVATE(o) (G_TYPE_INSTANCE_GET_PRIVATE ((o), POLKIT_BACKEND_TYPE_INTERACTIVE_AUTHORITY, PolkitBackendInteractiveAuthorityPrivate))
+ 
++static gboolean
++identity_is_root_user (PolkitIdentity *user)
++{
++  if (!POLKIT_IS_UNIX_USER (user))
++    return FALSE;
++  return polkit_unix_user_get_uid (POLKIT_UNIX_USER (user)) == 0;
++}
++
+ /* ---------------------------------------------------------------------------------------------------- */
+ 
+ static void
+@@ -278,10 +288,9 @@
+   PolkitBackendInteractiveAuthorityPrivate *priv;
+   GFile *directory;
+   GError *error;
+-  static volatile GQuark domain = 0;
+ 
+   /* Force registering error domain */
+-  domain = POLKIT_ERROR; domain;
++  (void)POLKIT_ERROR;
+ 
+   priv = POLKIT_BACKEND_INTERACTIVE_AUTHORITY_GET_PRIVATE (authority);
+ 
+@@ -432,11 +441,15 @@
+   volatile gint ref_count;
+ 
+   PolkitSubject *scope;
++  guint64 serial;
+ 
+   gchar *locale;
+   GVariant *registration_options;
+   gchar *object_path;
+   gchar *unique_system_bus_name;
++  GRand *cookie_pool;
++  gchar *cookie_prefix;
++  guint64  cookie_serial;
+ 
+   GDBusProxy *proxy;
+ 
+@@ -559,7 +572,11 @@
+   user_of_subject = polkit_backend_session_monitor_get_user_for_subject (priv->session_monitor, subject, NULL);
+ 
+   subject_str = polkit_subject_to_string (subject);
+-  user_of_subject_str = polkit_identity_to_string (user_of_subject);
++
++  if (user_of_subject != NULL)
++    user_of_subject_str = polkit_identity_to_string (user_of_subject);
++  else
++    user_of_subject_str = g_strdup ("<unknown>");
+   caller_str = polkit_subject_to_string (caller);
+ 
+   subject_cmdline = _polkit_subject_get_cmdline (subject);
+@@ -764,7 +781,7 @@
+   guint n;
+ 
+   /* uid 0 may check anything */
+-  if (POLKIT_IS_UNIX_USER (identity) && polkit_unix_user_get_uid (POLKIT_UNIX_USER (identity)) == 0)
++  if (identity_is_root_user (identity))
+     {
+       ret = TRUE;
+       goto out;
+@@ -1092,7 +1109,7 @@
+       goto out;
+ 
+   /* special case: uid 0, root, is _always_ authorized for anything */
+-  if (POLKIT_IS_UNIX_USER (user_of_subject) && polkit_unix_user_get_uid (POLKIT_UNIX_USER (user_of_subject)) == 0)
++  if (identity_is_root_user (user_of_subject))
+     {
+       result = polkit_authorization_result_new (TRUE, FALSE, NULL);
+       goto out;
+@@ -1416,9 +1433,54 @@
+   authentication_session_cancel (session);
+ }
+ 
++/* We're not calling this a UUID, but it's basically
++ * the same thing, just not formatted that way because:
++ *
++ *  - I'm too lazy to do it
++ *  - If we did, people might think it was actually
++ *    generated from /dev/random, which we're not doing
++ *    because this value doesn't actually need to be
++ *    globally unique.
++ */
++static void
++append_rand_u128_str (GString *buf,
++                      GRand   *pool)
++{
++  g_string_append_printf (buf, "%08x%08x%08x%08x",
++                          g_rand_int (pool),
++                          g_rand_int (pool),
++                          g_rand_int (pool),
++                          g_rand_int (pool));
++}
++
++/* A value that should be unique to the (AuthenticationAgent, AuthenticationSession)
++ * pair, and not guessable by other agents.
++ *
++ * <agent serial> - <agent uuid> - <session serial> - <session uuid>
++ *
++ * See http://lists.freedesktop.org/archives/polkit-devel/2015-June/000425.html
++ *
++ */
++static gchar *
++authentication_agent_generate_cookie (AuthenticationAgent *agent)
++{
++  GString *buf = g_string_new ("");
++
++  g_string_append (buf, agent->cookie_prefix);
++  
++  g_string_append_c (buf, '-');
++  agent->cookie_serial++;
++  g_string_append_printf (buf, "%" G_GUINT64_FORMAT, 
++                          agent->cookie_serial);
++  g_string_append_c (buf, '-');
++  append_rand_u128_str (buf, agent->cookie_pool);
++
++  return g_string_free (buf, FALSE);
++}
++
++
+ static AuthenticationSession *
+ authentication_session_new (AuthenticationAgent         *agent,
+-                            const gchar                 *cookie,
+                             PolkitSubject               *subject,
+                             PolkitIdentity              *user_of_subject,
+                             PolkitSubject               *caller,
+@@ -1436,7 +1498,7 @@
+ 
+   session = g_new0 (AuthenticationSession, 1);
+   session->agent = authentication_agent_ref (agent);
+-  session->cookie = g_strdup (cookie);
++  session->cookie = authentication_agent_generate_cookie (agent);
+   session->subject = g_object_ref (subject);
+   session->user_of_subject = g_object_ref (user_of_subject);
+   session->caller = g_object_ref (caller);
+@@ -1485,16 +1547,6 @@
+   g_free (session);
+ }
+ 
+-static gchar *
+-authentication_agent_new_cookie (AuthenticationAgent *agent)
+-{
+-  static gint counter = 0;
+-
+-  /* TODO: use a more random-looking cookie */
+-
+-  return g_strdup_printf ("cookie%d", counter++);
+-}
+-
+ static PolkitSubject *
+ authentication_agent_get_scope (AuthenticationAgent *agent)
+ {
+@@ -1542,45 +1594,74 @@
+       g_free (agent->unique_system_bus_name);
+       if (agent->registration_options != NULL)
+         g_variant_unref (agent->registration_options);
++      g_rand_free (agent->cookie_pool);
++      g_free (agent->cookie_prefix);
+       g_free (agent);
+     }
+ }
+ 
+ static AuthenticationAgent *
+-authentication_agent_new (PolkitSubject *scope,
++authentication_agent_new (guint64      serial,
++                          PolkitSubject *scope,
+                           const gchar *unique_system_bus_name,
+                           const gchar *locale,
+                           const gchar *object_path,
+-                          GVariant    *registration_options)
++                          GVariant    *registration_options,
++                          GError     **error)
+ {
+   AuthenticationAgent *agent;
+-  GError *error;
++  GDBusProxy *proxy;
+ 
+-  agent = g_new0 (AuthenticationAgent, 1);
++  if (!g_variant_is_object_path (object_path))
++    {
++      g_set_error (error, POLKIT_ERROR, POLKIT_ERROR_FAILED,
++                   "Invalid object path '%s'", object_path);
++      return NULL;
++    }
++
++  proxy = g_dbus_proxy_new_for_bus_sync (G_BUS_TYPE_SYSTEM,
++                                         G_DBUS_PROXY_FLAGS_DO_NOT_LOAD_PROPERTIES |
++                                         G_DBUS_PROXY_FLAGS_DO_NOT_CONNECT_SIGNALS,
++                                         NULL, /* GDBusInterfaceInfo* */
++                                         unique_system_bus_name,
++                                         object_path,
++                                         "org.freedesktop.PolicyKit1.AuthenticationAgent",
++                                         NULL, /* GCancellable* */
++                                         error);
++  if (proxy == NULL)
++    {
++      g_prefix_error (error, "Failed to construct proxy for agent: " );
++      return NULL;
++    }
+ 
++  agent = g_new0 (AuthenticationAgent, 1);
+   agent->ref_count = 1;
++  agent->serial = serial;
+   agent->scope = g_object_ref (scope);
+   agent->object_path = g_strdup (object_path);
+   agent->unique_system_bus_name = g_strdup (unique_system_bus_name);
+   agent->locale = g_strdup (locale);
+   agent->registration_options = registration_options != NULL ? g_variant_ref (registration_options) : NULL;
++  agent->proxy = proxy;
+ 
+-  error = NULL;
+-  agent->proxy = g_dbus_proxy_new_for_bus_sync (G_BUS_TYPE_SYSTEM,
+-                                                G_DBUS_PROXY_FLAGS_DO_NOT_LOAD_PROPERTIES |
+-                                                G_DBUS_PROXY_FLAGS_DO_NOT_CONNECT_SIGNALS,
+-                                                NULL, /* GDBusInterfaceInfo* */
+-                                                agent->unique_system_bus_name,
+-                                                agent->object_path,
+-                                                "org.freedesktop.PolicyKit1.AuthenticationAgent",
+-                                                NULL, /* GCancellable* */
+-                                                &error);
+-  if (agent->proxy == NULL)
+-    {
+-      g_warning ("Error constructing proxy for agent: %s", error->message);
+-      g_error_free (error);
+-      /* TODO: Make authentication_agent_new() return NULL and set a GError */
+-    }
++  {
++    GString *cookie_prefix = g_string_new ("");
++    GRand *agent_private_rand = g_rand_new ();
++
++    g_string_append_printf (cookie_prefix, "%" G_GUINT64_FORMAT "-", agent->serial);
++
++    /* Use a uniquely seeded PRNG to get a prefix cookie for this agent,
++     * whose sequence will not correlate with the per-authentication session
++     * cookies.
++     */
++    append_rand_u128_str (cookie_prefix, agent_private_rand);
++    g_rand_free (agent_private_rand);
++
++    agent->cookie_prefix = g_string_free (cookie_prefix, FALSE);
++    
++    /* And a newly seeded pool for per-session cookies */
++    agent->cookie_pool = g_rand_new ();
++  }
+ 
+   return agent;
+ }
+@@ -2113,11 +2194,15 @@
+   ret = NULL;
+   name = polkit_unix_netgroup_get_name (POLKIT_UNIX_NETGROUP (group));
+ 
++#ifdef HAVE_SETNETGRENT_RETURN
+   if (setnetgrent (name) == 0)
+     {
+       g_warning ("Error looking up net group with name %s: %s", name, g_strerror (errno));
+       goto out;
+     }
++#else
++  setnetgrent (name);
++#endif
+ 
+   for (;;)
+     {
+@@ -2172,7 +2257,6 @@
+ {
+   PolkitBackendInteractiveAuthorityPrivate *priv = POLKIT_BACKEND_INTERACTIVE_AUTHORITY_GET_PRIVATE (authority);
+   AuthenticationSession *session;
+-  gchar *cookie;
+   GList *l;
+   GList *identities;
+   gchar *localized_message;
+@@ -2194,8 +2278,6 @@
+                                     &localized_icon_name,
+                                     &localized_details);
+ 
+-  cookie = authentication_agent_new_cookie (agent);
+-
+   identities = NULL;
+ 
+   /* select admin user if required by the implicit authorization */
+@@ -2258,7 +2340,6 @@
+     user_identities = g_list_prepend (NULL, polkit_unix_user_new (0));
+ 
+   session = authentication_session_new (agent,
+-                                        cookie,
+                                         subject,
+                                         user_of_subject,
+                                         caller,
+@@ -2314,7 +2395,6 @@
+   g_list_free_full (user_identities, g_object_unref);
+   g_list_foreach (identities, (GFunc) g_object_unref, NULL);
+   g_list_free (identities);
+-  g_free (cookie);
+ 
+   g_free (localized_message);
+   g_free (localized_icon_name);
+@@ -2379,8 +2459,6 @@
+   caller_cmdline = NULL;
+   agent = NULL;
+ 
+-  /* TODO: validate that object path is well-formed */
+-
+   interactive_authority = POLKIT_BACKEND_INTERACTIVE_AUTHORITY (authority);
+   priv = POLKIT_BACKEND_INTERACTIVE_AUTHORITY_GET_PRIVATE (interactive_authority);
+ 
+@@ -2439,7 +2517,7 @@
+     }
+   if (!polkit_identity_equal (user_of_caller, user_of_subject))
+     {
+-      if (POLKIT_IS_UNIX_USER (user_of_caller) && polkit_unix_user_get_uid (POLKIT_UNIX_USER (user_of_caller)) == 0)
++      if (identity_is_root_user (user_of_caller))
+         {
+           /* explicitly allow uid 0 to register for other users */
+         }
+@@ -2463,11 +2541,16 @@
+       goto out;
+     }
+ 
+-  agent = authentication_agent_new (subject,
++  priv->agent_serial++;
++  agent = authentication_agent_new (priv->agent_serial,
++                                    subject,
+                                     polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (caller)),
+                                     locale,
+                                     object_path,
+-                                    options);
++                                    options,
++                                    error);
++  if (!agent)
++    goto out;
+ 
+   g_hash_table_insert (priv->hash_scope_to_authentication_agent,
+                        g_object_ref (subject),
+@@ -2592,7 +2675,7 @@
+     }
+   if (!polkit_identity_equal (user_of_caller, user_of_subject))
+     {
+-      if (POLKIT_IS_UNIX_USER (user_of_caller) && polkit_unix_user_get_uid (POLKIT_UNIX_USER (user_of_caller)) == 0)
++      if (identity_is_root_user (user_of_caller))
+         {
+           /* explicitly allow uid 0 to register for other users */
+         }
+@@ -2705,7 +2788,7 @@
+     goto out;
+ 
+   /* only uid 0 is allowed to invoke this method */
+-  if (!POLKIT_IS_UNIX_USER (user_of_caller) || polkit_unix_user_get_uid (POLKIT_UNIX_USER (user_of_caller)) != 0)
++  if (!identity_is_root_user (user_of_caller))
+     {
+       g_set_error (error,
+                    POLKIT_ERROR,
+--- a/src/polkitbackend/polkitbackendjsauthority.c	2015-06-25 15:14:04.841560096 +0200
++++ b/src/polkitbackend/polkitbackendjsauthority.c	2015-06-25 15:11:45.757664777 +0200
+@@ -35,9 +35,9 @@
+ 
+ #include <polkit/polkitprivate.h>
+ 
+-#ifdef HAVE_LIBSYSTEMD_LOGIN
++#ifdef HAVE_LIBSYSTEMD
+ #include <systemd/sd-login.h>
+-#endif /* HAVE_LIBSYSTEMD_LOGIN */
++#endif /* HAVE_LIBSYSTEMD */
+ 
+ #include <jsapi.h>
+ 
+@@ -740,7 +740,7 @@
+                           __FILE__, __LINE__,
+                           &ret_jsval))
+     {
+-      g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED, "Evaluting '%s' failed", src);
++      g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED, "Evaluating '%s' failed", src);
+       goto out;
+     }
+ 
+@@ -764,7 +764,7 @@
+       g_assert_not_reached ();
+     }
+ 
+-#ifdef HAVE_LIBSYSTEMD_LOGIN
++#ifdef HAVE_LIBSYSTEMD
+   if (sd_pid_get_session (pid, &session_str) == 0)
+     {
+       if (sd_session_get_seat (session_str, &seat_str) == 0)
+@@ -772,7 +772,7 @@
+           /* do nothing */
+         }
+     }
+-#endif /* HAVE_LIBSYSTEMD_LOGIN */
++#endif /* HAVE_LIBSYSTEMD */
+ 
+   g_assert (POLKIT_IS_UNIX_USER (user_for_subject));
+   uid = polkit_unix_user_get_uid (POLKIT_UNIX_USER (user_for_subject));
+@@ -866,7 +866,7 @@
+                           __FILE__, __LINE__,
+                           &ret_jsval))
+     {
+-      g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED, "Evaluting '%s' failed", src);
++      g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED, "Evaluating '%s' failed", src);
+       goto out;
+     }
+ 
+@@ -1286,7 +1286,9 @@
+     _HANDLE_SIG (SIGTTIN);
+     _HANDLE_SIG (SIGTTOU);
+     _HANDLE_SIG (SIGBUS);
++#ifdef SIGPOLL
+     _HANDLE_SIG (SIGPOLL);
++#endif
+     _HANDLE_SIG (SIGPROF);
+     _HANDLE_SIG (SIGSYS);
+     _HANDLE_SIG (SIGTRAP);
+@@ -1363,7 +1365,6 @@
+           goto out;
+ 	}
+       s = JS_EncodeString (cx, JSVAL_TO_STRING (elem_val));
+-      s = JS_EncodeString (cx, JSVAL_TO_STRING (elem_val));
+       argv[n] = g_strdup (s);
+       JS_free (cx, s);
+     }
+--- a/src/polkitbackend/polkitbackendsessionmonitor.c	2015-06-25 15:14:04.841560096 +0200
++++ b/src/polkitbackend/polkitbackendsessionmonitor.c	2015-06-25 15:11:45.758664799 +0200
+@@ -306,25 +306,7 @@
+     }
+   else if (POLKIT_IS_SYSTEM_BUS_NAME (subject))
+     {
+-      GVariant *result;
+-
+-      result = g_dbus_connection_call_sync (monitor->system_bus,
+-                                            "org.freedesktop.DBus",
+-                                            "/org/freedesktop/DBus",
+-                                            "org.freedesktop.DBus",
+-                                            "GetConnectionUnixUser",
+-                                            g_variant_new ("(s)", polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (subject))),
+-                                            G_VARIANT_TYPE ("(u)"),
+-                                            G_DBUS_CALL_FLAGS_NONE,
+-                                            -1, /* timeout_msec */
+-                                            NULL, /* GCancellable */
+-                                            error);
+-      if (result == NULL)
+-        goto out;
+-      g_variant_get (result, "(u)", &uid);
+-      g_variant_unref (result);
+-
+-      ret = polkit_unix_user_new (uid);
++      ret = (PolkitIdentity*)polkit_system_bus_name_get_user_sync (POLKIT_SYSTEM_BUS_NAME (subject), NULL, error);
+     }
+   else if (POLKIT_IS_UNIX_SESSION (subject))
+     {
+--- a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c	2015-06-25 15:14:04.842560117 +0200
++++ b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c	2015-06-25 15:11:45.758664799 +0200
+@@ -277,25 +277,7 @@
+     }
+   else if (POLKIT_IS_SYSTEM_BUS_NAME (subject))
+     {
+-      GVariant *result;
+-
+-      result = g_dbus_connection_call_sync (monitor->system_bus,
+-                                            "org.freedesktop.DBus",
+-                                            "/org/freedesktop/DBus",
+-                                            "org.freedesktop.DBus",
+-                                            "GetConnectionUnixUser",
+-                                            g_variant_new ("(s)", polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (subject))),
+-                                            G_VARIANT_TYPE ("(u)"),
+-                                            G_DBUS_CALL_FLAGS_NONE,
+-                                            -1, /* timeout_msec */
+-                                            NULL, /* GCancellable */
+-                                            error);
+-      if (result == NULL)
+-        goto out;
+-      g_variant_get (result, "(u)", &uid);
+-      g_variant_unref (result);
+-
+-      ret = polkit_unix_user_new (uid);
++      ret = (PolkitIdentity*)polkit_system_bus_name_get_user_sync (POLKIT_SYSTEM_BUS_NAME (subject), NULL, error);
+     }
+   else if (POLKIT_IS_UNIX_SESSION (subject))
+     {
+@@ -331,61 +313,59 @@
+                                                         PolkitSubject               *subject,
+                                                         GError                     **error)
+ {
+-  PolkitSubject *session;
+-
+-  session = NULL;
++  PolkitUnixProcess *tmp_process = NULL;
++  PolkitUnixProcess *process = NULL;
++  PolkitSubject *session = NULL;
++  char *session_id = NULL;
++  pid_t pid;
++#if HAVE_SD_UID_GET_DISPLAY
++  uid_t uid;
++#endif
+ 
+   if (POLKIT_IS_UNIX_PROCESS (subject))
+-    {
+-      gchar *session_id;
+-      pid_t pid;
+-
+-      pid = polkit_unix_process_get_pid (POLKIT_UNIX_PROCESS (subject));
+-      if (sd_pid_get_session (pid, &session_id) < 0)
+-        goto out;
+-
+-      session = polkit_unix_session_new (session_id);
+-      free (session_id);
+-    }
++    process = POLKIT_UNIX_PROCESS (subject); /* We already have a process */
+   else if (POLKIT_IS_SYSTEM_BUS_NAME (subject))
+     {
+-      guint32 pid;
+-      gchar *session_id;
+-      GVariant *result;
+-
+-      result = g_dbus_connection_call_sync (monitor->system_bus,
+-                                            "org.freedesktop.DBus",
+-                                            "/org/freedesktop/DBus",
+-                                            "org.freedesktop.DBus",
+-                                            "GetConnectionUnixProcessID",
+-                                            g_variant_new ("(s)", polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (subject))),
+-                                            G_VARIANT_TYPE ("(u)"),
+-                                            G_DBUS_CALL_FLAGS_NONE,
+-                                            -1, /* timeout_msec */
+-                                            NULL, /* GCancellable */
+-                                            error);
+-      if (result == NULL)
+-        goto out;
+-      g_variant_get (result, "(u)", &pid);
+-      g_variant_unref (result);
+-
+-      if (sd_pid_get_session (pid, &session_id) < 0)
+-        goto out;
+-
+-      session = polkit_unix_session_new (session_id);
+-      free (session_id);
++      /* Convert bus name to process */
++      tmp_process = (PolkitUnixProcess*)polkit_system_bus_name_get_process_sync (POLKIT_SYSTEM_BUS_NAME (subject), NULL, error);
++      if (!tmp_process)
++	goto out;
++      process = tmp_process;
+     }
+   else
+     {
+       g_set_error (error,
+                    POLKIT_ERROR,
+                    POLKIT_ERROR_NOT_SUPPORTED,
+-                   "Cannot get user for subject of type %s",
++                   "Cannot get session for subject of type %s",
+                    g_type_name (G_TYPE_FROM_INSTANCE (subject)));
+     }
+ 
+- out:
++  /* Now do process -> pid -> same session */
++  g_assert (process != NULL);
++  pid = polkit_unix_process_get_pid (process);
++
++  if (sd_pid_get_session (pid, &session_id) >= 0)
++    {
++      session = polkit_unix_session_new (session_id);
++      goto out;
++    }
++
++#if HAVE_SD_UID_GET_DISPLAY
++  /* Now do process -> uid -> graphical session (systemd version 213)*/
++  if (sd_pid_get_owner_uid (pid, &uid) < 0)
++    goto out;
++
++  if (sd_uid_get_display (uid, &session_id) >= 0)
++    {
++      session = polkit_unix_session_new (session_id);
++      goto out;
++    }
++#endif
+ 
++ out:
++  free (session_id);
++  if (tmp_process) g_object_unref (tmp_process);
+   return session;
+ }
+ 
+@@ -409,6 +389,37 @@
+ polkit_backend_session_monitor_is_session_active (PolkitBackendSessionMonitor *monitor,
+                                                   PolkitSubject               *session)
+ {
+-  return sd_session_is_active (polkit_unix_session_get_session_id (POLKIT_UNIX_SESSION (session)));
++  const char *session_id;
++  char *state;
++  uid_t uid;
++  gboolean is_active = FALSE;
++
++  session_id = polkit_unix_session_get_session_id (POLKIT_UNIX_SESSION (session));
++
++  g_debug ("Checking whether session %s is active.", session_id);
++
++  /* Check whether *any* of the user's current sessions are active. */
++  if (sd_session_get_uid (session_id, &uid) < 0)
++    goto fallback;
++
++  g_debug ("Session %s has UID %u.", session_id, uid);
++
++  if (sd_uid_get_state (uid, &state) < 0)
++    goto fallback;
++
++  g_debug ("UID %u has state %s.", uid, state);
++
++  is_active = (g_strcmp0 (state, "active") == 0);
++  free (state);
++
++  return is_active;
++
++fallback:
++  /* Fall back to checking the session. This is not ideal, since the user
++   * might have multiple sessions, and we cannot guarantee to have chosen
++   * the active one.
++   *
++   * See: https://bugs.freedesktop.org/show_bug.cgi?id=76358. */
++  return sd_session_is_active (session_id);
+ }
+ 
+--- a/src/polkitbackend/polkitd.c	2015-06-25 15:14:04.842560117 +0200
++++ b/src/polkitbackend/polkitd.c	2015-06-25 15:11:45.758664799 +0200
+@@ -92,7 +92,7 @@
+ {
+   g_print ("Handling SIGINT\n");
+   g_main_loop_quit (loop);
+-  return FALSE;
++  return TRUE;
+ }
+ 
+ static gboolean
+--- a/src/programs/Makefile.am	2015-06-25 15:14:04.842560117 +0200
++++ b/src/programs/Makefile.am	2015-06-25 15:11:45.758664799 +0200
+@@ -1,7 +1,7 @@
+ 
+ NULL =
+ 
+-INCLUDES =                                              	\
++AM_CPPFLAGS =                                              	\
+ 	-I$(top_builddir)/src                           	\
+ 	-I$(top_srcdir)/src                             	\
+ 	-DPACKAGE_LIBEXEC_DIR=\""$(libexecdir)"\"       	\
+--- a/src/programs/Makefile.in	2015-06-25 15:14:04.843560137 +0200
++++ b/src/programs/Makefile.in	2015-06-25 15:11:45.759664820 +0200
+@@ -269,6 +269,8 @@
+ LIBJS_LIBS = @LIBJS_LIBS@
+ LIBOBJS = @LIBOBJS@
+ LIBS = @LIBS@
++LIBSYSTEMD_CFLAGS = @LIBSYSTEMD_CFLAGS@
++LIBSYSTEMD_LIBS = @LIBSYSTEMD_LIBS@
+ LIBSYSTEMD_LOGIN_CFLAGS = @LIBSYSTEMD_LOGIN_CFLAGS@
+ LIBSYSTEMD_LOGIN_LIBS = @LIBSYSTEMD_LOGIN_LIBS@
+ LIBTOOL = @LIBTOOL@
+@@ -383,7 +385,7 @@
+ top_builddir = @top_builddir@
+ top_srcdir = @top_srcdir@
+ NULL = 
+-INCLUDES = \
++AM_CPPFLAGS = \
+ 	-I$(top_builddir)/src                           	\
+ 	-I$(top_srcdir)/src                             	\
+ 	-DPACKAGE_LIBEXEC_DIR=\""$(libexecdir)"\"       	\
+--- a/src/programs/pkcheck.c	2015-06-25 15:14:04.843560137 +0200
++++ b/src/programs/pkcheck.c	2015-06-25 15:11:45.759664820 +0200
+@@ -399,11 +399,15 @@
+             }
+           else if (sscanf (argv[n], "%i,%" G_GUINT64_FORMAT, &pid, &pid_start_time) == 2)
+             {
++	      G_GNUC_BEGIN_IGNORE_DEPRECATIONS
+               subject = polkit_unix_process_new_full (pid, pid_start_time);
++	      G_GNUC_END_IGNORE_DEPRECATIONS
+             }
+           else if (sscanf (argv[n], "%i", &pid) == 1)
+             {
++	      G_GNUC_BEGIN_IGNORE_DEPRECATIONS
+               subject = polkit_unix_process_new (pid);
++	      G_GNUC_END_IGNORE_DEPRECATIONS
+             }
+           else
+             {
+--- a/src/programs/pkexec.c	2015-06-25 15:14:04.844560158 +0200
++++ b/src/programs/pkexec.c	2015-06-25 15:11:45.759664820 +0200
+@@ -75,7 +75,7 @@
+   g_printerr ("pkexec --version |\n"
+               "       --help |\n"
+               "       --disable-internal-agent |\n"
+-              "       [--user username] PROGRAM [ARGUMENTS...]\n"
++              "       [--user username] [PROGRAM] [ARGUMENTS...]\n"
+               "\n"
+               "See the pkexec manual page for more details.\n"
+ 	      "\n"
+@@ -143,8 +143,22 @@
+   return PAM_CONV_ERR;
+ }
+ 
++/* A work around for:
++ * https://bugzilla.redhat.com/show_bug.cgi?id=753882
++ */
+ static gboolean
+-open_session (const gchar *user_to_auth)
++xdg_runtime_dir_is_owned_by (const char *path,
++			     uid_t       target_uid)
++{
++  struct stat stbuf;
++
++  return stat (path, &stbuf) == 0 &&
++    stbuf.st_uid == target_uid;
++}
++
++static gboolean
++open_session (const gchar *user_to_auth,
++	      uid_t        target_uid)
+ {
+   gboolean ret;
+   gint rc;
+@@ -186,7 +200,19 @@
+     {
+       guint n;
+       for (n = 0; envlist[n]; n++)
+-        putenv (envlist[n]);
++	{
++	  const char *envitem = envlist[n];
++	  
++	  if (g_str_has_prefix (envitem, "XDG_RUNTIME_DIR="))
++	    {
++	      const char *eq = strchr (envitem, '=');
++	      g_assert (eq);
++	      if (!xdg_runtime_dir_is_owned_by (eq + 1, target_uid))
++		continue;
++	    }
++
++	  putenv (envlist[n]);
++	}
+       free (envlist);
+     }
+ 
+@@ -472,6 +498,7 @@
+   action_id = NULL;
+   saved_env = NULL;
+   path = NULL;
++  exec_argv = NULL;
+   command_line = NULL;
+   opt_user = NULL;
+   local_agent_handle = NULL;
+@@ -522,6 +549,11 @@
+               goto out;
+             }
+ 
++          if (opt_user != NULL)
++            {
++              g_printerr ("--user specified twice\n");
++              goto out;
++            }
+           opt_user = g_strdup (argv[n]);
+         }
+       else if (strcmp (argv[n], "--disable-internal-agent") == 0)
+@@ -550,6 +582,21 @@
+   if (opt_user == NULL)
+     opt_user = g_strdup ("root");
+ 
++  /* Look up information about the user we care about - yes, the return
++   * value of this function is a bit funky
++   */
++  rc = getpwnam_r (opt_user, &pwstruct, pwbuf, sizeof pwbuf, &pw);
++  if (rc == 0 && pw == NULL)
++    {
++      g_printerr ("User `%s' does not exist.\n", opt_user);
++      goto out;
++    }
++  else if (pw == NULL)
++    {
++      g_printerr ("Error getting information for user `%s': %s\n", opt_user, g_strerror (rc));
++      goto out;
++    }
++
+   /* Now figure out the command-line to run - argv is guaranteed to be NULL-terminated, see
+    *
+    *  http://lkml.indiana.edu/hypermail/linux/kernel/0409.2/0287.html
+@@ -562,8 +609,21 @@
+   path = g_strdup (argv[n]);
+   if (path == NULL)
+     {
+-      usage (argc, argv);
+-      goto out;
++      GPtrArray *shell_argv;
++
++      path = g_strdup (pwstruct.pw_shell);
++      if (!path)
++	{
++          g_printerr ("No shell configured or error retrieving pw_shell\n");
++          goto out;
++	}
++      /* If you change this, be sure to change the if (!command_line)
++	 case below too */
++      command_line = g_strdup (path);
++      shell_argv = g_ptr_array_new ();
++      g_ptr_array_add (shell_argv, path);
++      g_ptr_array_add (shell_argv, NULL);
++      exec_argv = (char**)g_ptr_array_free (shell_argv, FALSE);
+     }
+   if (path[0] != '/')
+     {
+@@ -582,22 +642,13 @@
+       g_printerr ("Error accessing %s: %s\n", path, g_strerror (errno));
+       goto out;
+     }
+-  command_line = g_strjoinv (" ", argv + n);
+-  exec_argv = argv + n;
+ 
+-  /* Look up information about the user we care about - yes, the return
+-   * value of this function is a bit funky
+-   */
+-  rc = getpwnam_r (opt_user, &pwstruct, pwbuf, sizeof pwbuf, &pw);
+-  if (rc == 0 && pw == NULL)
+-    {
+-      g_printerr ("User `%s' does not exist.\n", opt_user);
+-      goto out;
+-    }
+-  else if (pw == NULL)
++  if (!command_line)
+     {
+-      g_printerr ("Error getting information for user `%s': %s\n", opt_user, g_strerror (rc));
+-      goto out;
++      /* If you change this, be sure to change the path == NULL case
++	 above too */
++      command_line = g_strjoinv (" ", argv + n);
++      exec_argv = argv + n;
+     }
+ 
+   /* now save the environment variables we care about */
+@@ -711,6 +762,8 @@
+       goto out;
+     }
+ 
++  g_assert (path != NULL);
++  g_assert (exec_argv != NULL);
+   action_id = find_action_for_path (authority,
+                                     path,
+                                     exec_argv[1],
+@@ -913,7 +966,8 @@
+    * As evident above, neither su(1) (and, for that matter, nor sudo(8)) does this.
+    */
+ #ifdef POLKIT_AUTHFW_PAM
+-  if (!open_session (pw->pw_name))
++  if (!open_session (pw->pw_name,
++		     pw->pw_uid))
+     {
+       goto out;
+     }
+--- a/src/programs/pkttyagent.c	2015-06-25 15:14:04.844560158 +0200
++++ b/src/programs/pkttyagent.c	2015-06-25 15:11:45.759664820 +0200
+@@ -111,9 +111,17 @@
+ 
+       if (sscanf (opt_process, "%i,%" G_GUINT64_FORMAT, &pid, &pid_start_time)
+ 	  == 2)
+-	subject = polkit_unix_process_new_full (pid, pid_start_time);
++	{
++	  G_GNUC_BEGIN_IGNORE_DEPRECATIONS
++          subject = polkit_unix_process_new_full (pid, pid_start_time);
++	  G_GNUC_END_IGNORE_DEPRECATIONS
++	}
+       else if (sscanf (opt_process, "%i", &pid) == 1)
+-	subject = polkit_unix_process_new (pid);
++	{
++	  G_GNUC_BEGIN_IGNORE_DEPRECATIONS
++	  subject = polkit_unix_process_new (pid);
++	  G_GNUC_END_IGNORE_DEPRECATIONS
++	}
+       else
+ 	{
+ 	  g_printerr (_("%s: Invalid process specifier `%s'\n"),
+--- a/test/Makefile.in	2015-06-25 15:14:04.846560199 +0200
++++ b/test/Makefile.in	2015-06-25 15:11:45.760664841 +0200
+@@ -275,6 +275,8 @@
+ LIBJS_LIBS = @LIBJS_LIBS@
+ LIBOBJS = @LIBOBJS@
+ LIBS = @LIBS@
++LIBSYSTEMD_CFLAGS = @LIBSYSTEMD_CFLAGS@
++LIBSYSTEMD_LIBS = @LIBSYSTEMD_LIBS@
+ LIBSYSTEMD_LOGIN_CFLAGS = @LIBSYSTEMD_LOGIN_CFLAGS@
+ LIBSYSTEMD_LOGIN_LIBS = @LIBSYSTEMD_LOGIN_LIBS@
+ LIBTOOL = @LIBTOOL@
+--- a/test/polkit/Makefile.am	2015-06-25 15:14:04.867560631 +0200
++++ b/test/polkit/Makefile.am	2015-06-25 15:11:56.378888542 +0200
+@@ -1,7 +1,7 @@
+ 
+ NULL =
+ 
+-INCLUDES =                                              	\
++AM_CPPFLAGS =                                              	\
+ 	-I$(top_builddir)/src                           	\
+ 	-I$(top_srcdir)/src                             	\
+ 	-I$(top_srcdir)/test                             	\
+--- a/test/polkit/Makefile.in	2015-06-25 15:14:04.868560652 +0200
++++ b/test/polkit/Makefile.in	2015-06-25 15:11:56.378888542 +0200
+@@ -465,6 +465,8 @@
+ LIBJS_LIBS = @LIBJS_LIBS@
+ LIBOBJS = @LIBOBJS@
+ LIBS = @LIBS@
++LIBSYSTEMD_CFLAGS = @LIBSYSTEMD_CFLAGS@
++LIBSYSTEMD_LIBS = @LIBSYSTEMD_LIBS@
+ LIBSYSTEMD_LOGIN_CFLAGS = @LIBSYSTEMD_LOGIN_CFLAGS@
+ LIBSYSTEMD_LOGIN_LIBS = @LIBSYSTEMD_LOGIN_LIBS@
+ LIBTOOL = @LIBTOOL@
+@@ -579,7 +581,7 @@
+ top_builddir = @top_builddir@
+ top_srcdir = @top_srcdir@
+ NULL = 
+-INCLUDES = \
++AM_CPPFLAGS = \
+ 	-I$(top_builddir)/src                           	\
+ 	-I$(top_srcdir)/src                             	\
+ 	-I$(top_srcdir)/test                             	\
+--- a/test/polkitbackend/Makefile.am	2015-06-25 15:14:04.868560652 +0200
++++ b/test/polkitbackend/Makefile.am	2015-06-25 15:11:56.379888563 +0200
+@@ -1,7 +1,7 @@
+ 
+ NULL =
+ 
+-INCLUDES =                                              	\
++AM_CPPFLAGS =                                              	\
+ 	-I$(top_builddir)/src                           	\
+ 	-I$(top_srcdir)/src                             	\
+ 	-I$(top_srcdir)/test                             	\
+--- a/test/polkitbackend/Makefile.in	2015-06-25 15:14:04.869560672 +0200
++++ b/test/polkitbackend/Makefile.in	2015-06-25 15:11:56.379888563 +0200
+@@ -447,6 +447,8 @@
+ LIBJS_LIBS = @LIBJS_LIBS@
+ LIBOBJS = @LIBOBJS@
+ LIBS = @LIBS@
++LIBSYSTEMD_CFLAGS = @LIBSYSTEMD_CFLAGS@
++LIBSYSTEMD_LIBS = @LIBSYSTEMD_LIBS@
+ LIBSYSTEMD_LOGIN_CFLAGS = @LIBSYSTEMD_LOGIN_CFLAGS@
+ LIBSYSTEMD_LOGIN_LIBS = @LIBSYSTEMD_LOGIN_LIBS@
+ LIBTOOL = @LIBTOOL@
+@@ -561,7 +563,7 @@
+ top_builddir = @top_builddir@
+ top_srcdir = @top_srcdir@
+ NULL = 
+-INCLUDES = \
++AM_CPPFLAGS = \
+ 	-I$(top_builddir)/src                           	\
+ 	-I$(top_srcdir)/src                             	\
+ 	-I$(top_srcdir)/test                             	\
+--- a/test/polkitbackend/test-polkitbackendjsauthority.c	2015-06-25 15:14:04.869560672 +0200
++++ b/test/polkitbackend/test-polkitbackendjsauthority.c	2015-06-25 15:11:56.379888563 +0200
+@@ -74,8 +74,8 @@
+ 
+   authority = get_authority ();
+ 
+-  caller = polkit_unix_process_new (getpid ());
+-  subject = polkit_unix_process_new (getpid ());
++  caller = polkit_unix_process_new_for_owner (getpid (), 0, getuid ());
++  subject = polkit_unix_process_new_for_owner (getpid (), 0, getuid ());
+   user_for_subject = polkit_identity_from_string ("unix-user:root", &error);
+   g_assert_no_error (error);
+ 
+@@ -340,8 +340,8 @@
+ 
+   authority = get_authority ();
+ 
+-  caller = polkit_unix_process_new (getpid ());
+-  subject = polkit_unix_process_new (getpid ());
++  caller = polkit_unix_process_new_for_owner (getpid (), 0, getuid ());
++  subject = polkit_unix_process_new_for_owner (getpid (), 0, getuid ());
+   user_for_subject = polkit_identity_from_string (tc->identity, &error);
+   g_assert_no_error (error);
+ 


More information about the patches mailing list