Fix polkit

Signed-off-by: Peter Lemenkov <lemenkov@gmail.com>

16 files changed, 144 insertions, 40 deletions

diff --git a/.gitignore b/.gitignore
index 107c82d..b2b84eb 100644
--- a/.gitignore
+++ b/.gitignore
@@ -7,3 +7,4 @@ ejabberd-2.1.5.tar.gz
 /ejabberd-2.1.11.tgz
 /processone-ejabberd-v2.1.12-0-gc058687.tar.gz
 /processone-ejabberd-v2.1.13-0-g5feeacf.tar.gz
+/ejabberd-v2.1.13.tar.gz
diff --git a/ejabberd-0001-Fix-PAM-service-example-name-to-match-actual-one.patch b/ejabberd-0001-Fix-PAM-service-example-name-to-match-actual-one.patch
index b3f929f..8883f15 100644
--- a/ejabberd-0001-Fix-PAM-service-example-name-to-match-actual-one.patch
+++ b/ejabberd-0001-Fix-PAM-service-example-name-to-match-actual-one.patch
@@ -1,7 +1,7 @@
 From b3a61330f7328507e1608e437a152e806ef520d1 Mon Sep 17 00:00:00 2001
 From: Peter Lemenkov <lemenkov@gmail.com>
 Date: Tue, 16 Feb 2010 16:03:38 +0300
-Subject: [PATCH 1/8] Fix PAM service example name to match actual one
+Subject: [PATCH 01/10] Fix PAM service example name to match actual one
 
 Signed-off-by: Peter Lemenkov <lemenkov@gmail.com>
 ---
diff --git a/ejabberd-0002-Fixed-delays-in-s2s-connections.patch b/ejabberd-0002-Fixed-delays-in-s2s-connections.patch
index 4533041..8572111 100644
--- a/ejabberd-0002-Fixed-delays-in-s2s-connections.patch
+++ b/ejabberd-0002-Fixed-delays-in-s2s-connections.patch
@@ -1,7 +1,7 @@
 From ec26218c6f2374f4e39e50c194150065cc5da275 Mon Sep 17 00:00:00 2001
 From: Sergei Golovan <sgolovan@nes.ru>
 Date: Tue, 16 Feb 2010 16:07:37 +0300
-Subject: [PATCH 2/8] Fixed delays in s2s connections.
+Subject: [PATCH 02/10] Fixed delays in s2s connections.
 
 Patch by Sergei Golovan increases timeouts in S2S and removes horrible 5-minute
 delay between remote server connection attempts after a falure (in case of
diff --git a/ejabberd-0003-Introducing-mod_admin_extra.patch b/ejabberd-0003-Introducing-mod_admin_extra.patch
index cac9b0a..3f9d8a7 100644
--- a/ejabberd-0003-Introducing-mod_admin_extra.patch
+++ b/ejabberd-0003-Introducing-mod_admin_extra.patch
@@ -1,7 +1,7 @@
 From 363bfab713d9267e3186126d2df4162f24969d8c Mon Sep 17 00:00:00 2001
 From: Badlop <badlop@process-one.net>
 Date: Tue, 16 Feb 2010 16:12:17 +0300
-Subject: [PATCH 3/8] Introducing mod_admin_extra
+Subject: [PATCH 03/10] Introducing mod_admin_extra
 
 Adds the mod_admin_extra module to ejabberd.
 This module extends the functionality provided by ejabberdctl
diff --git a/ejabberd-0004-Fedora-specific-changes-to-ejabberdctl.patch b/ejabberd-0004-Fedora-specific-changes-to-ejabberdctl.patch
index 6a3e5d2..20cf399 100644
--- a/ejabberd-0004-Fedora-specific-changes-to-ejabberdctl.patch
+++ b/ejabberd-0004-Fedora-specific-changes-to-ejabberdctl.patch
@@ -1,7 +1,7 @@
 From 2e72b2ac86fcbc5902555621422db36684d42385 Mon Sep 17 00:00:00 2001
 From: Peter Lemenkov <lemenkov@gmail.com>
 Date: Tue, 16 Feb 2010 16:30:05 +0300
-Subject: [PATCH 4/8] Fedora-specific changes to ejabberdctl
+Subject: [PATCH 04/10] Fedora-specific changes to ejabberdctl
 
 Signed-off-by: Peter Lemenkov <lemenkov@gmail.com>
 ---
diff --git a/ejabberd-0005-Install-.so-objects-with-0755-permissions.patch b/ejabberd-0005-Install-.so-objects-with-0755-permissions.patch
index 354b1d3..af85b3c 100644
--- a/ejabberd-0005-Install-.so-objects-with-0755-permissions.patch
+++ b/ejabberd-0005-Install-.so-objects-with-0755-permissions.patch
@@ -1,7 +1,7 @@
 From 75f9fdbe72c77c1521edc7402c0d27883dadf46c Mon Sep 17 00:00:00 2001
 From: Peter Lemenkov <lemenkov@gmail.com>
 Date: Sat, 12 Jun 2010 14:14:52 +0400
-Subject: [PATCH 5/8] Install *.so objects with 0755 permissions
+Subject: [PATCH 05/10] Install *.so objects with 0755 permissions
 
 Signed-off-by: Peter Lemenkov <lemenkov@gmail.com>
 ---
diff --git a/ejabberd-0006-Support-SASL-GSSAPI-authentication-thanks-to-Mikael-.patch b/ejabberd-0006-Support-SASL-GSSAPI-authentication-thanks-to-Mikael-.patch
index 30c5df1..a9b4dda 100644
--- a/ejabberd-0006-Support-SASL-GSSAPI-authentication-thanks-to-Mikael-.patch
+++ b/ejabberd-0006-Support-SASL-GSSAPI-authentication-thanks-to-Mikael-.patch
@@ -1,7 +1,7 @@
 From e49dbaca001a3d311a2f8a8e878c5b8b6fc385c0 Mon Sep 17 00:00:00 2001
 From: Badlop <badlop@process-one.net>
 Date: Thu, 15 Apr 2010 17:20:16 +0200
-Subject: [PATCH 6/8] Support SASL GSSAPI authentication (thanks to Mikael
+Subject: [PATCH 06/10] Support SASL GSSAPI authentication (thanks to Mikael
  Magnusson)(EJAB-831)
 
 ---
diff --git a/ejabberd-0007-Disable-INET_DIST_INTERFACE-by-default.patch b/ejabberd-0007-Disable-INET_DIST_INTERFACE-by-default.patch
index 09f67fb..d0d1d40 100644
--- a/ejabberd-0007-Disable-INET_DIST_INTERFACE-by-default.patch
+++ b/ejabberd-0007-Disable-INET_DIST_INTERFACE-by-default.patch
@@ -1,7 +1,7 @@
 From a8910615b82e7af8cb32916792970de0b53e5872 Mon Sep 17 00:00:00 2001
 From: Peter Lemenkov <lemenkov@gmail.com>
 Date: Sat, 18 Jun 2011 23:24:28 +0400
-Subject: [PATCH 7/8] Disable INET_DIST_INTERFACE by default
+Subject: [PATCH 07/10] Disable INET_DIST_INTERFACE by default
 
 Signed-off-by: Peter Lemenkov <lemenkov@gmail.com>
 ---
diff --git a/ejabberd-0008-Clean-up-false-security-measure.patch b/ejabberd-0008-Clean-up-false-security-measure.patch
index 83fa98c..a44f130 100644
--- a/ejabberd-0008-Clean-up-false-security-measure.patch
+++ b/ejabberd-0008-Clean-up-false-security-measure.patch
@@ -1,7 +1,7 @@
 From c827055ee650243c2af546753743f692ae0fe758 Mon Sep 17 00:00:00 2001
 From: Peter Lemenkov <lemenkov@gmail.com>
 Date: Wed, 17 Jul 2013 14:56:09 +0400
-Subject: [PATCH 8/8] Clean up false security measure
+Subject: [PATCH 08/10] Clean up false security measure
 
 Signed-off-by: Peter Lemenkov <lemenkov@gmail.com>
 ---
diff --git a/ejabberd-0009-Enable-polkit-support.patch b/ejabberd-0009-Enable-polkit-support.patch
new file mode 100644
index 0000000..fd31fd1
--- /dev/null
+++ b/ejabberd-0009-Enable-polkit-support.patch
@@ -0,0 +1,23 @@
+From f2420ac96bb52eeb5a01111cabb4f5580db42142 Mon Sep 17 00:00:00 2001
+From: Peter Lemenkov <lemenkov@gmail.com>
+Date: Wed, 17 Jul 2013 14:51:04 +0400
+Subject: [PATCH 09/10] Enable polkit support
+
+Signed-off-by: Peter Lemenkov <lemenkov@gmail.com>
+---
+ src/ejabberdctl.template | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/ejabberdctl.template b/src/ejabberdctl.template
+index b298e01..fa6c5c2 100644
+--- a/src/ejabberdctl.template
++++ b/src/ejabberdctl.template
+@@ -1,4 +1,4 @@
+-#!/bin/sh
++#!/usr/bin/pkexec /bin/sh
+ 
+ # define default configuration
+ POLL=true
+-- 
+1.8.3.1
+
diff --git a/ejabberd-0010-Install-into-BINDIR-instead-of-SBINDIR.patch b/ejabberd-0010-Install-into-BINDIR-instead-of-SBINDIR.patch
new file mode 100644
index 0000000..3868b01
--- /dev/null
+++ b/ejabberd-0010-Install-into-BINDIR-instead-of-SBINDIR.patch
@@ -0,0 +1,50 @@
+From 729db839b762a472444bacff22a1cb8870635272 Mon Sep 17 00:00:00 2001
+From: Peter Lemenkov <lemenkov@gmail.com>
+Date: Wed, 17 Jul 2013 14:53:49 +0400
+Subject: [PATCH 10/10] Install into BINDIR instead of SBINDIR
+
+Signed-off-by: Peter Lemenkov <lemenkov@gmail.com>
+---
+ src/Makefile.in | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/src/Makefile.in b/src/Makefile.in
+index 1a1fa41..1578183 100644
+--- a/src/Makefile.in
++++ b/src/Makefile.in
+@@ -92,7 +92,7 @@ DESTDIR =
+ ETCDIR = $(DESTDIR)@sysconfdir@/ejabberd
+ 
+ # /sbin/
+-SBINDIR = $(DESTDIR)@sbindir@
++BINDIR = $(DESTDIR)@bindir@
+ 
+ # /lib/ejabberd/
+ EJABBERDDIR = $(DESTDIR)@libdir@/ejabberd
+@@ -201,11 +201,11 @@ install: all
+ 	install -b -m 644 $(G_USER) inetrc $(ETCDIR)/inetrc
+ 	#
+ 	# Administration script
+-	[ -d $(SBINDIR) ] || install -d -m 755 $(SBINDIR)
+-	install -m 755 $(G_USER) ejabberdctl.example $(SBINDIR)/ejabberdctl
++	[ -d $(BINDIR) ] || install -d -m 755 $(BINDIR)
++	install -m 755 $(G_USER) ejabberdctl.example $(BINDIR)/ejabberdctl
+ 	#
+ 	# Init script
+-	sed -e "s*@ctlscriptpath@*$(SBINDIR)*" \
++	sed -e "s*@ctlscriptpath@*$(BINDIR)*" \
+ 		-e "s*@installuser@*$(INIT_USER)*" ejabberd.init.template \
+ 		> ejabberd.init
+ 	chmod 755 ejabberd.init
+@@ -273,7 +273,7 @@ install: all
+ uninstall: uninstall-binary
+ 
+ uninstall-binary:
+-	rm -f  $(SBINDIR)/ejabberdctl
++	rm -f  $(BINDIR)/ejabberdctl
+ 	rm -fr $(DOCDIR)
+ 	rm -f  $(BEAMDIR)/*.beam
+ 	rm -f  $(BEAMDIR)/*.app
+-- 
+1.8.3.1
+
diff --git a/ejabberd.spec b/ejabberd.spec
index 2994ccb..0da7471 100644
--- a/ejabberd.spec
+++ b/ejabberd.spec
@@ -1,10 +1,11 @@
-%global realname ejabberd
-%global upstream processone
-%global git_tag 5feeacf
-%global patchnumber 0
-
-
 %global _hardened_build 1
+# FIXME non-standard directory for storing *.so objects
+%{?filter_setup:
+%filter_provides_in %{_libdir}/ejabberd/priv/lib/.*\.so$
+%filter_setup
+}
+%{expand: %(NIF_VER=`rpm -q erlang-erts --provides | grep --color=no erl_nif_version` ; if [ "$NIF_VER" != "" ]; then echo %%global __erlang_nif_version $NIF_VER ; fi)}
+%{expand: %(DRV_VER=`rpm -q erlang-erts --provides | grep --color=no erl_drv_version` ; if [ "$DRV_VER" != "" ]; then echo %%global __erlang_drv_version $DRV_VER ; fi)}
 
 
 # Currently, hevea available only in Fedora
@@ -12,24 +13,26 @@
 %ifarch %{power64} s390 s390x sparc64
 # No hevea for these architectures
 # see https://bugzilla.redhat.com/bugzilla/250253
-%global with_hevea 0
+%global _with_hevea 0
 %else
-# Hevea is deadly broken currently
-%global with_hevea 0
+# FIXME Hevea is deadly broken currently
+%global _with_hevea 0
 %endif
 %endif
 
 
 Name:           ejabberd
 Version:        2.1.13
-Release:        4%{?dist}
+Release:        6%{?dist}
 Summary:        A distributed, fault-tolerant Jabber/XMPP server
 
 Group:          Applications/Internet
 License:        GPLv2+
 URL:            http://www.ejabberd.im/
-# wget --content-disposition https://github.com/processone/ejabberd/tarball/v2.1.13
-Source0:	%{upstream}-%{realname}-v%{version}-%{patchnumber}-g%{git_tag}.tar.gz
+%if 0%{?el7}%{?fedora}
+VCS:		scm:git:https://github.com/processone/ejabberd.git
+%endif
+Source0:	https://github.com/processone/%{name}/archive/v%{version}/%{name}-v%{version}.tar.gz
 Source1:        ejabberd.init
 Source2:        ejabberd.logrotate
 Source3:	ejabberd.sysconfig
@@ -45,8 +48,8 @@ Source11:       ejabberd.pam
 # usermode support for old systems
 Source10:	ejabberdctl.apps
 # polkit support
-Source12:	ejabberdctl.polkit.rules
-Source13:	ejabberdctl.sh
+Source12:	ejabberdctl.polkit.actions
+Source13:	ejabberdctl.polkit.rules
 
 # Use ejabberd as an example for PAM service name (fedora/epel-specific)
 Patch1: ejabberd-0001-Fix-PAM-service-example-name-to-match-actual-one.patch
@@ -64,6 +67,10 @@ Patch6: ejabberd-0006-Support-SASL-GSSAPI-authentication-thanks-to-Mikael-.patch
 Patch7: ejabberd-0007-Disable-INET_DIST_INTERFACE-by-default.patch
 # Don't try to make system-wide scripts unreadable for users (fedora/epel-specific)
 Patch8: ejabberd-0008-Clean-up-false-security-measure.patch
+# polkit support
+Patch9: ejabberd-0009-Enable-polkit-support.patch
+# polkit support
+Patch10:ejabberd-0010-Install-into-BINDIR-instead-of-SBINDIR.patch
 
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
@@ -71,7 +78,7 @@ BuildRequires:  expat-devel
 BuildRequires:  openssl-devel >= 0.9.8
 BuildRequires:  pam-devel
 BuildRequires:  erlang
-%if 0%{?with_hevea}
+%if 0%{?_with_hevea}
 BuildRequires:  hevea
 BuildRequires:  texlive
 BuildRequires:  texlive-comment
@@ -137,6 +144,7 @@ Requires:       polkit
 %endif
 # for flock in ejabberdctl
 Requires:	util-linux
+%{?__erlang_drv_version:Requires: %{__erlang_drv_version}}
 
 
 %description
@@ -159,7 +167,7 @@ Group: Documentation
 Documentation for ejabberd.
 
 %prep
-%setup -q -n %{upstream}-%{realname}-2ed62dc
+%setup -q
 
 %patch1 -p1 -b .pam_name
 %patch2 -p1 -b .s2s_delays
@@ -169,6 +177,10 @@ Documentation for ejabberd.
 %patch6 -p1 -b .gssapi
 %patch7 -p1 -b .disable_ip_restriction_for_ejabberdctl
 %patch8 -p1 -b .dont_hide
+%if 0%{?el7}%{?fedora}
+%patch9 -p1 -b .use_polkit
+%patch10 -p1 -b .usr_bin
+%endif
 
 
 %build
@@ -178,7 +190,7 @@ autoreconf -ivf
 # doesn't build on SMP currently
 make
 popd
-%if 0%{?with_hevea}
+%if 0%{?_with_hevea}
 pushd doc
 # remove pre-built docs
 rm -f dev.html features.html features.pdf guide.html guide.pdf
@@ -245,9 +257,9 @@ mkdir -p %{buildroot}%{_bindir}
 ln -s consolehelper %{buildroot}%{_bindir}/ejabberdctl
 install -D -p -m 0644 %{S:10} %{buildroot}%{_sysconfdir}/security/console.apps/ejabberdctl
 %else
-# Install polkit file
-install -D -p -m 0644 %{S:12} %{buildroot}%{_datadir}/polkit-1/rules.d/51-ejabberdctl.rules
-install -D -p -m 0755 %{S:13} %{buildroot}%{_bindir}/ejabberdctl
+# Use polkit
+install -D -p -m 0644 %{S:12} %{buildroot}%{_datadir}/polkit-1/actions/ejabberdctl.policy
+install -D -p -m 0644 %{S:13} %{buildroot}%{_datadir}/polkit-1/rules.d/51-ejabberdctl.rules
 %endif
 
 # Remove installed doc-files
@@ -370,12 +382,13 @@ rm -rf %{buildroot}
 %config(noreplace) %{_sysconfdir}/pam.d/%{name}
 %config(noreplace) %{_sysconfdir}/pam.d/ejabberdctl
 %if 0%{?el5}%{?el6}
+%{_sbindir}/ejabberdctl
 %config(noreplace) %{_sysconfdir}/security/console.apps/ejabberdctl
 %else
+%{_datadir}/polkit-1/actions/ejabberdctl.policy
 %{_datadir}/polkit-1/rules.d/51-ejabberdctl.rules
 %endif
 %{_bindir}/ejabberdctl
-%{_sbindir}/ejabberdctl
 
 %dir %{_libdir}/%{name}
 %dir %{_libdir}/%{name}/ebin
@@ -434,13 +447,20 @@ rm -rf %{buildroot}
 %files doc
 %doc doc/*.html
 %doc doc/*.png
-%if 0%{?with_hevea}
+%if 0%{?_with_hevea}
 %doc doc/*.pdf
 %endif
 %doc doc/*.txt
 
 
 %changelog
+* Sat Oct 26 2013 Peter Lemenkov <lemenkov@gmail.com> - 2.1.13-6
+- Fix polkit again
+- Add dependency on Erlang's driver version
+
+* Fri Sep 27 2013 Peter Lemenkov <lemenkov@gmail.com> - 2.1.13-5
+- Fix wrong polkit policy (rhbz #1009408)
+
 * Sun Sep 15 2013 Peter Lemenkov <lemenkov@gmail.com> - 2.1.13-4
 - Use polkit instead of usermode on modern systems
 - Restore user/group provides
diff --git a/ejabberdctl.polkit.actions b/ejabberdctl.polkit.actions
new file mode 100644
index 0000000..f3ef4f4
--- /dev/null
+++ b/ejabberdctl.polkit.actions
@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE policyconfig PUBLIC
+ "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
+<policyconfig>
+ <action id="ejabberd.ejabberdctl.run">
+    <_description>Run ejabberd control script</_description>
+    <_message>Authentication is required for running ejabberdctl</_message>
+    <defaults>
+     <allow_any>no</allow_any>
+     <allow_inactive>auth_self</allow_inactive>
+     <allow_active>auth_self</allow_active>
+    </defaults>
+    <annotate key="org.freedesktop.policykit.exec.path">/bin/sh</annotate>
+    <annotate key="org.freedesktop.policykit.exec.argv1">/usr/bin/ejabberdctl</annotate>
+ </action>
+</policyconfig>
diff --git a/ejabberdctl.polkit.rules b/ejabberdctl.polkit.rules
index 1037d3a..cf899b5 100644
--- a/ejabberdctl.polkit.rules
+++ b/ejabberdctl.polkit.rules
@@ -1,9 +1,4 @@
 polkit.addRule(function(action, subject) {
-	var CommandLine = action.lookup("command_line").split(" ");
-	if (action.id == "org.freedesktop.policykit.exec" && (CommandLine[0] == "/sbin/ejabberdctl" || CommandLine[0] == "/usr/sbin/ejabberdctl")){
-		if(subject.isInGroup("ejabberd"))
-			return polkit.Result.YES;
-		else
-			return polkit.Result.NO;
-	}
+	if ((action.id == "ejabberd.ejabberdctl.run") && (subject.isInGroup("ejabberd")))
+		return polkit.Result.YES;
 });
diff --git a/ejabberdctl.sh b/ejabberdctl.sh
deleted file mode 100644
index 92a0519..0000000
--- a/ejabberdctl.sh
+++ /dev/null
@@ -1,2 +0,0 @@
-#!/bin/sh
-/usr/bin/pkexec /usr/sbin/ejabberdctl "$@"
diff --git a/sources b/sources
index 763209d..4c10b8d 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-ed78ba6f50d3e2695234ace534e4a932  processone-ejabberd-v2.1.13-0-g5feeacf.tar.gz
+2a7c3b711b4f7091f811c51b52beb735  ejabberd-v2.1.13.tar.gz