"
-echo "NOTE: The directory ${localstatedir}/lib/polkit-1 must be owned by root"
-echo " and have mode 700"
+echo "NOTE: The directory ${localstatedir}/lib/polkit-1 must be owned"
+echo " by root and have mode 700"
+echo
+
+echo "NOTE: The file ${libexecdir}/polkit-agent-helper-1 must be owned"
+echo " by root and have mode 4755 (setuid root binary)"
echo
Core TODO items
---------------
- - document the D-Bus interfaces
- - should be done in eggdbus; e.g.
- - D-Bus XML --(eggdbus-binding-tool)--> DocBook --(gtk-doc)--> HTML
-
- - properly document the GObject API
-
- maybe rename .policy to .action for policy XML files
- provide a polkit-validate-action-file-1 tool to check/validate
- write a PolicyKit 0.9.x -> polkit 1.0 porting guide
- - provide a public ObtainAuthorization() method
-
- - separate core API (e.g. CheckAuthorization()) from the administration API
- (e.g. AddAuthorization()) both in the D-Bus interface and in the GObject
- client libraries
-
- - guard off administration API with I_KNOW_THIS_API_IS_SUBJECT_TO_CHANGE_ETC
-
- guard off backend API with I_KNOW_THIS_API_IS_SUBJECT_TO_CHANGE_ETC
- provide a way to tweak the defaults for actions (or maybe not)
- make sure simple operations work when no system bus is present
- e.g. %post RPM scripts adding/removing authorizations to identities
- - rework the classes in the PolkitAgent* library so the API is easier to
- work with
-
- for administrator authentication, make it possible to use 'wheel' group
sudo-style authentication (e.g. select one or more identities that the
user can choose to authenticate as)
- - provide a way to cancel a CheckAuthorization() call
-
- maybe use file monitors on /var/lib/polkit-1 directories and
emit the Changed() signal
- PolkitAuthority probably needs locking around its singleton for
- multithreaded backends
-
- - rewrite the PolkitAgentAuthenticationSession class to use signals
- instead of callbacks, maybe do the same for PolkitAgentAuthenticationAgent
-
- - support authorization for identities other than Unix users in
- PolkitAgentAuthenticationSessiono
+ multithreaded backends.
- - consider adding POLKIT_AUTHORIZATION_RESULT_FAILED_CHALLENGE
+ - symbol visibility in shared libraries
Backend TODO items
------------------
- - use a GIO extension point to decide what authority backend to use
-
- check / validate all incoming arguments
- and other security/paranoia stuff
- allow backends to extend the syntax for subjects and identities, e.g.
have something like ipa-user:...
- - rate-limit file monitoring in PolkitBackendActionPool
-
- avoid watching all name owner changes in PolkitBackendAuthority and
PolkitBackendServer
- - get the right UID for Unix process subjects
-
- cache user information for dbus connections
polkit-gnome TODO items
- show a notification icon when the session/user has temporary authorizations
- along with an option to give these up
- - make the AuthenticationAgent process (which runs for the lifetime of the
- session) spawn a process to display the authentication dialog
+ - maybe make the AuthenticationAgent process (which runs for the lifetime of
+ the session) spawn a process to display the authentication dialog
- to make it lighter on resource usage
- to work around Metacity focus stealing prevention bugs
$(NULL)
libpolkit_nullbackend_la_CFLAGS = \
+ -DPOLKIT_BACKEND_I_KNOW_API_IS_SUBJECT_TO_CHANGE \
-DG_LOG_DOMAIN=\"PolkitNullBackend\" \
$(GLIB_CFLAGS) \
$(NULL)
* Author: David Zeuthen <davidz@redhat.com>
*/
+#if !defined (_POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
+#error "Only <polkit/polkit.h> can be included directly, this file may disappear or change contents."
+#endif
+
#ifndef __POLKIT_ACTION_DESCRIPTION_H
#define __POLKIT_ACTION_DESCRIPTION_H
* Author: David Zeuthen <davidz@redhat.com>
*/
+#if !defined (_POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
+#error "Only <polkit/polkit.h> can be included directly, this file may disappear or change contents."
+#endif
+
#ifndef __POLKIT_AUTHORITY_H
#define __POLKIT_AUTHORITY_H
* @short_description: Authority Manager
* @stability: Unstable
*
- * Checking claims.
+ * Manage authorizations.
+ *
+ * To use this unstable API you need to define the symbol
+ * <literal>POLKIT_I_KNOW_AUTHORITY_MANAGER_API_IS_SUBJECT_TO_CHANGE</literal>.
*/
struct _PolkitAuthorityManager
* Author: David Zeuthen <davidz@redhat.com>
*/
+#if !defined (_POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
+#error "Only <polkit/polkit.h> can be included directly, this file may disappear or change contents."
+#endif
+
#ifndef __POLKIT_AUTHORITY_MANAGER_H
#define __POLKIT_AUTHORITY_MANAGER_H
#include <gio/gio.h>
#include <polkit/polkittypes.h>
+#if defined (POLKIT_I_KNOW_AUTHORITY_MANAGER_API_IS_SUBJECT_TO_CHANGE) || defined (_POLKIT_COMPILATION)
+
G_BEGIN_DECLS
#define POLKIT_TYPE_AUTHORITY_MANAGER (polkit_authority_manager_get_type())
G_END_DECLS
+#endif /* API hiding */
+
#endif /* __POLKIT_AUTHORITY_MANAGER_H */
* SECTION:polkitauthorization
* @title: PolkitAuthorization
* @short_description: Authorization
+ * @stability: Unstable
*
* This class represents an explicit authorization.
+ *
+ * To use this unstable API you need to define the symbol
+ * <literal>POLKIT_I_KNOW_AUTHORITY_MANAGER_API_IS_SUBJECT_TO_CHANGE</literal>.
*/
struct _PolkitAuthorization
* Author: David Zeuthen <davidz@redhat.com>
*/
+#if !defined (_POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
+#error "Only <polkit/polkit.h> can be included directly, this file may disappear or change contents."
+#endif
+
#ifndef __POLKIT_AUTHORIZATION_H
#define __POLKIT_AUTHORIZATION_H
#include <gio/gio.h>
#include <polkit/polkittypes.h>
+#if defined (POLKIT_I_KNOW_AUTHORITY_MANAGER_API_IS_SUBJECT_TO_CHANGE) || defined (_POLKIT_COMPILATION)
+
G_BEGIN_DECLS
#define POLKIT_TYPE_AUTHORIZATION (polkit_authorization_get_type())
G_END_DECLS
+#endif /* API hiding */
+
#endif /* __POLKIT_AUTHORIZATION_H */
* Author: David Zeuthen <davidz@redhat.com>
*/
+#if !defined (_POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
+#error "Only <polkit/polkit.h> can be included directly, this file may disappear or change contents."
+#endif
+
#ifndef __POLKIT_AUTHORIZATION_RESULT_H
#define __POLKIT_AUTHORIZATION_RESULT_H
* Author: David Zeuthen <davidz@redhat.com>
*/
+#if !defined (_POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
+#error "Only <polkit/polkit.h> can be included directly, this file may disappear or change contents."
+#endif
+
#ifndef __POLKIT_CHECK_AUTHORIZATION_FLAGS_H
#define __POLKIT_CHECK_AUTHORIZATION_FLAGS_H
* Author: David Zeuthen <davidz@redhat.com>
*/
+#if !defined (_POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
+#error "Only <polkit/polkit.h> can be included directly, this file may disappear or change contents."
+#endif
+
#ifndef __POLKIT_ERROR_H
#define __POLKIT_ERROR_H
* Author: David Zeuthen <davidz@redhat.com>
*/
+#if !defined (_POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
+#error "Only <polkit/polkit.h> can be included directly, this file may disappear or change contents."
+#endif
+
#ifndef __POLKIT_IDENTITY_H
#define __POLKIT_IDENTITY_H
* Author: David Zeuthen <davidz@redhat.com>
*/
+#if !defined (_POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
+#error "Only <polkit/polkit.h> can be included directly, this file may disappear or change contents."
+#endif
+
#ifndef __POLKIT_IMPLICIT_AUTHORIZATION_H
#define __POLKIT_IMPLICIT_AUTHORIZATION_H
* Author: David Zeuthen <davidz@redhat.com>
*/
+#if !defined (_POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
+#error "Only <polkit/polkit.h> can be included directly, this file may disappear or change contents."
+#endif
+
#ifndef __POLKIT_SUBJECT_H
#define __POLKIT_SUBJECT_H
* Author: David Zeuthen <davidz@redhat.com>
*/
+#if !defined (_POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
+#error "Only <polkit/polkit.h> can be included directly, this file may disappear or change contents."
+#endif
+
#ifndef __POLKIT_SYSTEM_BUS_NAME_H
#define __POLKIT_SYSTEM_BUS_NAME_H
* Author: David Zeuthen <davidz@redhat.com>
*/
+#if !defined (_POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
+#error "Only <polkit/polkit.h> can be included directly, this file may disappear or change contents."
+#endif
+
#ifndef __POLKIT_UNIX_GROUP_H
#define __POLKIT_UNIX_GROUP_H
* Author: David Zeuthen <davidz@redhat.com>
*/
+#if !defined (_POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
+#error "Only <polkit/polkit.h> can be included directly, this file may disappear or change contents."
+#endif
+
#ifndef __POLKIT_UNIX_PROCESS_H
#define __POLKIT_UNIX_PROCESS_H
* Author: David Zeuthen <davidz@redhat.com>
*/
+#if !defined (_POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
+#error "Only <polkit/polkit.h> can be included directly, this file may disappear or change contents."
+#endif
+
#ifndef __POLKIT_UNIX_SESSION_H
#define __POLKIT_UNIX_SESSION_H
* Author: David Zeuthen <davidz@redhat.com>
*/
+#if !defined (_POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H)
+#error "Only <polkit/polkit.h> can be included directly, this file may disappear or change contents."
+#endif
+
#ifndef __POLKIT_UNIX_USER_H
#define __POLKIT_UNIX_USER_H
-DPACKAGE_LIB_DIR=\""$(libdir)"\" \
-D_POSIX_PTHREAD_SEMANTICS \
-D_REENTRANT \
- -DPOLKIT_AGENT_COMPILATION \
-DEGG_DBUS_I_KNOW_API_IS_SUBJECT_TO_CHANGE \
$(NULL)
$(NULL)
libpolkit_agent_1_la_CFLAGS = \
+ -D_POLKIT_COMPILATION \
+ -D_POLKIT_AGENT_COMPILATION \
$(GLIB_CFLAGS) \
$(EGG_DBUS_CFLAGS) \
$(NULL)
libexec_PROGRAMS = polkit-agent-helper-1
-polkit_agent_helper_1_SOURCES = polkitagenthelper.c
-polkit_agent_helper_1_CFLAGS = $(GLIB_CFLAGS)
-polkit_agent_helper_1_LDADD = $(AUTH_LIBS) $(top_builddir)/src/polkit/libpolkit-gobject-1.la
+polkit_agent_helper_1_SOURCES = \
+ polkitagenthelper.c \
+ $(NULL)
+
+polkit_agent_helper_1_CFLAGS = \
+ -D_POLKIT_COMPILATION \
+ $(GLIB_CFLAGS) \
+ $(NULL)
+
+polkit_agent_helper_1_LDADD = \
+ $(AUTH_LIBS) \
+ $(top_builddir)/src/polkit/libpolkit-gobject-1.la \
+ $(NULL)
# polkit-agent-helper-1 need to be setuid root because it's used to
# authenticate not only the invoking user, but possibly also root
#ifndef __POLKIT_AGENT_H
#define __POLKIT_AGENT_H
-#if !defined (POLKIT_AGENT_I_KNOW_API_IS_SUBJECT_TO_CHANGE) && !defined (POLKIT_AGENT_COMPILATION)
+#if !defined (POLKIT_AGENT_I_KNOW_API_IS_SUBJECT_TO_CHANGE) && !defined (_POLKIT_AGENT_COMPILATION)
#error "libpolkitagent is unstable API and subject to change. You must define POLKIT_AGENT_I_KNOW_API_IS_SUBJECT_TO_CHANGE to acknowledge this."
#endif
-#define POLKIT_AGENT_INSIDE_POLKIT_AGENT_H 1
+#define _POLKIT_AGENT_INSIDE_POLKIT_AGENT_H 1
#include <polkitagent/polkitagenttypes.h>
#include <polkitagent/polkitagentlistener.h>
#include <polkitagent/polkitagentsession.h>
-#undef POLKIT_AGENT_INSIDE_POLKIT_AGENT_H
+#undef _POLKIT_AGENT_INSIDE_POLKIT_AGENT_H
#endif /* __POLKIT_AGENT_H */
* Author: David Zeuthen <davidz@redhat.com>
*/
-#if !defined(POLKIT_AGENT_INSIDE_POLKIT_AGENT_H) && !defined (POLKIT_AGENT_COMPILATION)
+#if !defined(_POLKIT_AGENT_INSIDE_POLKIT_AGENT_H) && !defined (_POLKIT_AGENT_COMPILATION)
#error "Only <polkitagent/polkitagent.h> can be included directly, this file may disappear or change contents"
#endif
* Author: David Zeuthen <davidz@redhat.com>
*/
-#if !defined(POLKIT_AGENT_INSIDE_POLKIT_AGENT_H) && !defined (POLKIT_AGENT_COMPILATION)
+#if !defined(_POLKIT_AGENT_INSIDE_POLKIT_AGENT_H) && !defined (_POLKIT_AGENT_COMPILATION)
#error "Only <polkitagent/polkitagent.h> can be included directly, this file may disappear or change contents"
#endif
* Author: David Zeuthen <davidz@redhat.com>
*/
-#if !defined(POLKIT_AGENT_INSIDE_POLKIT_AGENT_H) && !defined (POLKIT_AGENT_COMPILATION)
+#if !defined(_POLKIT_AGENT_INSIDE_POLKIT_AGENT_H) && !defined (_POLKIT_AGENT_COMPILATION)
#error "Only <polkitagent/polkitagent.h> can be included directly, this file may disappear or change contents"
#endif
$(NULL)
libpolkit_backend_1_la_CFLAGS = \
+ -D_POLKIT_COMPILATION \
-D_POLKIT_BACKEND_COMPILATION \
$(GLIB_CFLAGS) \
$(EGG_DBUS_CFLAGS) \
#include <polkit/polkit.h>
+#if !defined (POLKIT_BACKEND_I_KNOW_API_IS_SUBJECT_TO_CHANGE) && !defined (POLKIT_BACKEND_COMPILATION)
+#error "libpolkitbackend is unstable API and subject to change. You must define POLKIT_BACKEND_I_KNOW_API_IS_SUBJECT_TO_CHANGE to acknowledge this."
+#endif
+
#define _POLKIT_BACKEND_INSIDE_POLKIT_BACKEND_H 1
#include <polkitbackend/polkitbackendtypes.h>
#include <polkitbackend/polkitbackendauthority.h>
$(NULL)
polkitd_1_CFLAGS = \
- -I$(top_srcdir)/src \
+ -DPOLKIT_BACKEND_I_KNOW_API_IS_SUBJECT_TO_CHANGE \
-DG_LOG_DOMAIN=\"polkitd-1\" \
$(GLIB_CFLAGS) \
$(NULL)
#endif
#include <string.h>
+#define POLKIT_I_KNOW_AUTHORITY_MANAGER_API_IS_SUBJECT_TO_CHANGE
#include <polkit/polkit.h>
static PolkitAuthority *authority;