projects / platform / upstream / polkit.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 4d0994f) | patch
provide convenience functions for auth checking and port helpers to use them
authorDavid Zeuthen <davidz@redhat.com>
Mon, 19 Nov 2007 00:16:23 +0000 (19:16 -0500)
committerDavid Zeuthen <davidz@redhat.com>
Mon, 19 Nov 2007 00:16:23 +0000 (19:16 -0500)
commita712e78e69220b43695463e00983e9316a646d32
tree928f0cdcf165b5a77fa3569f082133136553923dtree | snapshot
parent4d0994f45ee4cb1b31475932a17ea8ac5288a289commit | diff
provide convenience functions for auth checking and port helpers to use them

Basically, checking auths with polkit is now a one-liner:

    if (polkit_check_auth (getpid (), "com.acme.some-action", NULL) == 0) {
        fprintf (stderr, "Not authorized; go away\n");
        exit (1);
    }

This can be used for making a lot of the legacy UNIX tools PolicyKit
aware. For example, vixie-cron could make crontab(1) (a setuid
program) check whether the calling user is authorized for the action

 org.isc.vixie-cron.edit-own-crontab

This is a nice way to provide least privilege and still put the system
administrator in control via polkit-auth(1), polkit-action(1) and the
GTK+ "Manage Authorizations" utility:

 http://people.redhat.com/davidz/polkitg-auth-1.png
 http://people.redhat.com/davidz/polkitg-auth-2.png
 http://people.redhat.com/davidz/polkitg-auth-3.png
doc/polkit-docs.xml diff | blob | history
src/polkit-dbus/Makefile.am diff | blob | history
src/polkit-dbus/polkit-dbus.h diff | blob | history
src/polkit-dbus/polkit-read-auth-helper.c diff | blob | history
src/polkit-dbus/polkit-set-default-helper.c diff | blob | history
src/polkit-dbus/polkit-simple.c [new file with mode: 0644] blob
src/polkit-dbus/polkit-simple.h [new file with mode: 0644] blob
src/polkit-grant/polkit-explicit-grant-helper.c diff | blob | history
src/polkit-grant/polkit-revoke-helper.c diff | blob | history
Domain: System / Uncategorized;