case $POLKIT_AUTHDB in
dummy)
- need_pam=no
AC_DEFINE(POLKIT_AUTHDB_DUMMY, 1, [If using the dummy authorization database])
;;
default)
- need_pam=yes
AC_DEFINE(POLKIT_AUTHDB_DEFAULT, 1, [If using the default authorization database])
;;
AM_CONDITIONAL(POLKIT_AUTHDB_DUMMY, [test x$POLKIT_AUTHDB = xdummy], [Using dummy authdb])
AM_CONDITIONAL(POLKIT_AUTHDB_DEFAULT, [test x$POLKIT_AUTHDB = xdefault], [Using default authdb])
+dnl ---------------------------------------------------------------------------
+dnl - Select which authentication framework to use
+dnl ---------------------------------------------------------------------------
+
+AC_ARG_WITH([authfw],
+ AS_HELP_STRING([--with-authfw=<name>],
+ [Authentication framework (none/pam)]))
+if ! test -z "$with_authfw" ; then
+ if test x$with_authdb = xdummy ; then
+ if ! test x$with_authfw = xnone ; then
+ AC_MSG_ERROR([Only 'none' is a valid authentication framework for the dummy authorization database])
+ fi
+ else
+ if test x$with_authfw = xnone ; then
+ AC_MSG_ERROR(['none' is only a valid authentication framework for the dummy authorization database])
+ fi
+ fi
+ POLKIT_AUTHFW=$with_authfw
+else
+ if test x$with_authdb = xdummy ; then
+ POLKIT_AUTHFW=none
+ else
+ POLKIT_AUTHFW=pam
+ fi
+fi
+
+AC_SUBST(POLKIT_AUTHFW)
+AC_DEFINE_UNQUOTED(POLKIT_AUTHFW,"$POLKIT_AUTHFW", [Authentication Framework to use])
+
+case $POLKIT_AUTHFW in
+ none)
+ need_pam=no
+ AC_DEFINE(POLKIT_AUTHFW_NONE, 1, [If using no authentication framework])
+ ;;
+
+ pam)
+ need_pam=yes
+ AC_DEFINE(POLKIT_AUTHFW_PAM, 1, [If using the PAM authentication framework])
+ ;;
+
+ *)
+ AC_MSG_ERROR([Unknown Authentication Framework: $POLKIT_AUTHFW])
+ ;;
+esac
+
+AM_CONDITIONAL(POLKIT_AUTHFW_NONE, [test x$POLKIT_AUTHFW = xnone], [Using no authfw])
+AM_CONDITIONAL(POLKIT_AUTHFW_PAM, [test x$POLKIT_AUTHFW = xpam], [Using PAM authfw])
+
dnl ---------------------------------------------------------------------------
dnl - Check for PAM
group for PolicyKit: ${POLKIT_GROUP}
authorization database: ${POLKIT_AUTHDB}
+ authentication framework: ${POLKIT_AUTHFW}
Distribution/OS: ${with_os_type}
SELinux support: ${have_selinux}
# See polkit-grant/Makefile.am for discussion
#
-if POLKIT_AUTHDB_DEFAULT
+if POLKIT_AUTHFW_PAM
pamdir = $(sysconfdir)/pam.d
pam_DATA = polkit
endif
# adjust the PAM stuff in data/Makefile.am
#
if POLKIT_AUTHDB_DEFAULT
-libexec_PROGRAMS = polkit-grant-helper polkit-grant-helper-pam polkit-explicit-grant-helper polkit-revoke-helper
+libexec_PROGRAMS = polkit-grant-helper
+
+if POLKIT_AUTHFW_PAM
+libexec_PROGRAMS += polkit-grant-helper-pam
+endif
+
+libexec_PROGRAMS += polkit-explicit-grant-helper polkit-revoke-helper
polkit_grant_helper_SOURCES = polkit-grant-helper.c
polkit_grant_helper_LDADD = @GLIB_LIBS@ @DBUS_LIBS@ $(top_builddir)/src/polkit/libpolkit.la $(top_builddir)/src/polkit-dbus/libpolkit-dbus.la libpolkit-grant.la
+if POLKIT_AUTHFW_PAM
polkit_grant_helper_pam_SOURCES = polkit-grant-helper-pam.c
polkit_grant_helper_pam_LDADD = @AUTH_LIBS@
+endif
polkit_explicit_grant_helper_SOURCES = polkit-explicit-grant-helper.c
polkit_explicit_grant_helper_CFLAGS = @DBUS_CFLAGS@
# polkit-grant-helper needs to be setgid polkituser to be able to
# write cookies to /var/lib/PolicyKit and /var/run/PolicyKit
#
-# polkit-grant-helper-pam need to be setuid root because it's used to
+# polkit-grant-helper-* need to be setuid root because it's used to
# authenticate not only the invoking user, but possibly also root
# and/or other users. As only polkit-grant-helper will invoke it
# we make it owned by the polkitiuser group and non-readable /
install-exec-hook:
-chgrp $(POLKIT_GROUP) $(DESTDIR)$(libexecdir)/polkit-grant-helper
-chmod 2755 $(DESTDIR)$(libexecdir)/polkit-grant-helper
+if POLKIT_AUTHFW_PAM
-chgrp $(POLKIT_GROUP) $(DESTDIR)$(libexecdir)/polkit-grant-helper-pam
-chmod 4750 $(DESTDIR)$(libexecdir)/polkit-grant-helper-pam
+endif
-chgrp $(POLKIT_GROUP) $(DESTDIR)$(libexecdir)/polkit-explicit-grant-helper
-chmod 2755 $(DESTDIR)$(libexecdir)/polkit-explicit-grant-helper
-chgrp $(POLKIT_GROUP) $(DESTDIR)$(libexecdir)/polkit-revoke-helper
if POLKIT_AUTHDB_DEFAULT
echo src/polkit-grant/polkit-explicit-grant-helper.c >> covered-files.txt
echo src/polkit-grant/polkit-grant-helper.c >> covered-files.txt
+if POLKIT_AUTHFW_PAM
echo src/polkit-grant/polkit-grant-helper-pam.c >> covered-files.txt
+endif
echo src/polkit-grant/polkit-revoke-helper.c >> covered-files.txt
endif
if POLKIT_AUTHDB_DEFAULT
gcov polkit-explicit-grant-helper.c -o .libs/ > /dev/null
gcov polkit-grant-helper.c -o .libs/ > /dev/null
+if POLKIT_AUTHFW_PAM
gcov polkit-grant-helper-pam.c -o .libs/ > /dev/null
+endif
gcov polkit-revoke-helper.c -o .libs/ > /dev/null
endif
$(top_srcdir)/test/create-coverage-report.sh "module polkit-grant" `cat covered-files.txt` > coverage-report.txt
#include <unistd.h>
#include <sys/types.h>
#include <sys/stat.h>
+
+#ifdef POLKIT_AUTHFW_PAM
#include <security/pam_appl.h>
+#endif
+
#include <grp.h>
#include <pwd.h>
#include <syslog.h>
int helper_stdin;
int helper_stdout;
GError *g_error;
+#ifdef POLKIT_AUTHFW_PAM
char *helper_argv[2] = {PACKAGE_LIBEXEC_DIR "/polkit-grant-helper-pam", NULL};
+#endif
char buf[256];
FILE *child_stdin;
FILE *child_stdout;