From: David Zeuthen Date: Mon, 9 Feb 2009 22:08:53 +0000 (-0500) Subject: prune TODO list and fix up single-header-file / API guard checks X-Git-Tag: 0.91~5 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=8c71e37ae4e97b9d456c465a04b6d75ec44b896e;p=platform%2Fupstream%2Fpolkit.git prune TODO list and fix up single-header-file / API guard checks --- diff --git a/configure.ac b/configure.ac index a235ab8..c21a6e0 100644 --- a/configure.ac +++ b/configure.ac @@ -467,7 +467,11 @@ echo " " -echo "NOTE: The directory ${localstatedir}/lib/polkit-1 must be owned by root" -echo " and have mode 700" +echo "NOTE: The directory ${localstatedir}/lib/polkit-1 must be owned" +echo " by root and have mode 700" +echo + +echo "NOTE: The file ${libexecdir}/polkit-agent-helper-1 must be owned" +echo " by root and have mode 4755 (setuid root binary)" echo diff --git a/docs/TODO b/docs/TODO index 48c1200..aa27f12 100644 --- a/docs/TODO +++ b/docs/TODO @@ -1,12 +1,6 @@ Core TODO items --------------- - - document the D-Bus interfaces - - should be done in eggdbus; e.g. - - D-Bus XML --(eggdbus-binding-tool)--> DocBook --(gtk-doc)--> HTML - - - properly document the GObject API - - maybe rename .policy to .action for policy XML files - provide a polkit-validate-action-file-1 tool to check/validate @@ -18,14 +12,6 @@ Core TODO items - write a PolicyKit 0.9.x -> polkit 1.0 porting guide - - provide a public ObtainAuthorization() method - - - separate core API (e.g. CheckAuthorization()) from the administration API - (e.g. AddAuthorization()) both in the D-Bus interface and in the GObject - client libraries - - - guard off administration API with I_KNOW_THIS_API_IS_SUBJECT_TO_CHANGE_ETC - - guard off backend API with I_KNOW_THIS_API_IS_SUBJECT_TO_CHANGE_ETC - provide a way to tweak the defaults for actions (or maybe not) @@ -36,34 +22,21 @@ Core TODO items - make sure simple operations work when no system bus is present - e.g. %post RPM scripts adding/removing authorizations to identities - - rework the classes in the PolkitAgent* library so the API is easier to - work with - - for administrator authentication, make it possible to use 'wheel' group sudo-style authentication (e.g. select one or more identities that the user can choose to authenticate as) - - provide a way to cancel a CheckAuthorization() call - - maybe use file monitors on /var/lib/polkit-1 directories and emit the Changed() signal - PolkitAuthority probably needs locking around its singleton for - multithreaded backends - - - rewrite the PolkitAgentAuthenticationSession class to use signals - instead of callbacks, maybe do the same for PolkitAgentAuthenticationAgent - - - support authorization for identities other than Unix users in - PolkitAgentAuthenticationSessiono + multithreaded backends. - - consider adding POLKIT_AUTHORIZATION_RESULT_FAILED_CHALLENGE + - symbol visibility in shared libraries Backend TODO items ------------------ - - use a GIO extension point to decide what authority backend to use - - check / validate all incoming arguments - and other security/paranoia stuff @@ -81,13 +54,9 @@ Backend TODO items - allow backends to extend the syntax for subjects and identities, e.g. have something like ipa-user:... - - rate-limit file monitoring in PolkitBackendActionPool - - avoid watching all name owner changes in PolkitBackendAuthority and PolkitBackendServer - - get the right UID for Unix process subjects - - cache user information for dbus connections polkit-gnome TODO items @@ -96,8 +65,8 @@ polkit-gnome TODO items - show a notification icon when the session/user has temporary authorizations - along with an option to give these up - - make the AuthenticationAgent process (which runs for the lifetime of the - session) spawn a process to display the authentication dialog + - maybe make the AuthenticationAgent process (which runs for the lifetime of + the session) spawn a process to display the authentication dialog - to make it lighter on resource usage - to work around Metacity focus stealing prevention bugs diff --git a/src/nullbackend/Makefile.am b/src/nullbackend/Makefile.am index 7ffee19..7461b5f 100644 --- a/src/nullbackend/Makefile.am +++ b/src/nullbackend/Makefile.am @@ -26,6 +26,7 @@ libpolkit_nullbackend_la_SOURCES = \ $(NULL) libpolkit_nullbackend_la_CFLAGS = \ + -DPOLKIT_BACKEND_I_KNOW_API_IS_SUBJECT_TO_CHANGE \ -DG_LOG_DOMAIN=\"PolkitNullBackend\" \ $(GLIB_CFLAGS) \ $(NULL) diff --git a/src/polkit/polkitactiondescription.h b/src/polkit/polkitactiondescription.h index 948d0c1..57734af 100644 --- a/src/polkit/polkitactiondescription.h +++ b/src/polkit/polkitactiondescription.h @@ -19,6 +19,10 @@ * Author: David Zeuthen */ +#if !defined (_POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H) +#error "Only can be included directly, this file may disappear or change contents." +#endif + #ifndef __POLKIT_ACTION_DESCRIPTION_H #define __POLKIT_ACTION_DESCRIPTION_H diff --git a/src/polkit/polkitauthority.h b/src/polkit/polkitauthority.h index 1337d48..15cf3cb 100644 --- a/src/polkit/polkitauthority.h +++ b/src/polkit/polkitauthority.h @@ -19,6 +19,10 @@ * Author: David Zeuthen */ +#if !defined (_POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H) +#error "Only can be included directly, this file may disappear or change contents." +#endif + #ifndef __POLKIT_AUTHORITY_H #define __POLKIT_AUTHORITY_H diff --git a/src/polkit/polkitauthoritymanager.c b/src/polkit/polkitauthoritymanager.c index 0984bda..a07156f 100644 --- a/src/polkit/polkitauthoritymanager.c +++ b/src/polkit/polkitauthoritymanager.c @@ -33,7 +33,10 @@ * @short_description: Authority Manager * @stability: Unstable * - * Checking claims. + * Manage authorizations. + * + * To use this unstable API you need to define the symbol + * POLKIT_I_KNOW_AUTHORITY_MANAGER_API_IS_SUBJECT_TO_CHANGE. */ struct _PolkitAuthorityManager diff --git a/src/polkit/polkitauthoritymanager.h b/src/polkit/polkitauthoritymanager.h index 36ff1cf..d68e2a2 100644 --- a/src/polkit/polkitauthoritymanager.h +++ b/src/polkit/polkitauthoritymanager.h @@ -19,6 +19,10 @@ * Author: David Zeuthen */ +#if !defined (_POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H) +#error "Only can be included directly, this file may disappear or change contents." +#endif + #ifndef __POLKIT_AUTHORITY_MANAGER_H #define __POLKIT_AUTHORITY_MANAGER_H @@ -26,6 +30,8 @@ #include #include +#if defined (POLKIT_I_KNOW_AUTHORITY_MANAGER_API_IS_SUBJECT_TO_CHANGE) || defined (_POLKIT_COMPILATION) + G_BEGIN_DECLS #define POLKIT_TYPE_AUTHORITY_MANAGER (polkit_authority_manager_get_type()) @@ -128,4 +134,6 @@ gboolean polkit_authority_manager_remove_authorization_finish G_END_DECLS +#endif /* API hiding */ + #endif /* __POLKIT_AUTHORITY_MANAGER_H */ diff --git a/src/polkit/polkitauthorization.c b/src/polkit/polkitauthorization.c index 8f67d3f..a87c3e8 100644 --- a/src/polkit/polkitauthorization.c +++ b/src/polkit/polkitauthorization.c @@ -30,8 +30,12 @@ * SECTION:polkitauthorization * @title: PolkitAuthorization * @short_description: Authorization + * @stability: Unstable * * This class represents an explicit authorization. + * + * To use this unstable API you need to define the symbol + * POLKIT_I_KNOW_AUTHORITY_MANAGER_API_IS_SUBJECT_TO_CHANGE. */ struct _PolkitAuthorization diff --git a/src/polkit/polkitauthorization.h b/src/polkit/polkitauthorization.h index 02228c1..53ba1a3 100644 --- a/src/polkit/polkitauthorization.h +++ b/src/polkit/polkitauthorization.h @@ -19,6 +19,10 @@ * Author: David Zeuthen */ +#if !defined (_POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H) +#error "Only can be included directly, this file may disappear or change contents." +#endif + #ifndef __POLKIT_AUTHORIZATION_H #define __POLKIT_AUTHORIZATION_H @@ -26,6 +30,8 @@ #include #include +#if defined (POLKIT_I_KNOW_AUTHORITY_MANAGER_API_IS_SUBJECT_TO_CHANGE) || defined (_POLKIT_COMPILATION) + G_BEGIN_DECLS #define POLKIT_TYPE_AUTHORIZATION (polkit_authorization_get_type()) @@ -54,4 +60,6 @@ gboolean polkit_authorization_get_is_negative (PolkitAuthorization G_END_DECLS +#endif /* API hiding */ + #endif /* __POLKIT_AUTHORIZATION_H */ diff --git a/src/polkit/polkitauthorizationresult.h b/src/polkit/polkitauthorizationresult.h index 6e6f445..8458e40 100644 --- a/src/polkit/polkitauthorizationresult.h +++ b/src/polkit/polkitauthorizationresult.h @@ -19,6 +19,10 @@ * Author: David Zeuthen */ +#if !defined (_POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H) +#error "Only can be included directly, this file may disappear or change contents." +#endif + #ifndef __POLKIT_AUTHORIZATION_RESULT_H #define __POLKIT_AUTHORIZATION_RESULT_H diff --git a/src/polkit/polkitcheckauthorizationflags.h b/src/polkit/polkitcheckauthorizationflags.h index 8d284f5..e8689c6 100644 --- a/src/polkit/polkitcheckauthorizationflags.h +++ b/src/polkit/polkitcheckauthorizationflags.h @@ -19,6 +19,10 @@ * Author: David Zeuthen */ +#if !defined (_POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H) +#error "Only can be included directly, this file may disappear or change contents." +#endif + #ifndef __POLKIT_CHECK_AUTHORIZATION_FLAGS_H #define __POLKIT_CHECK_AUTHORIZATION_FLAGS_H diff --git a/src/polkit/polkiterror.h b/src/polkit/polkiterror.h index 780af7f..733c9a6 100644 --- a/src/polkit/polkiterror.h +++ b/src/polkit/polkiterror.h @@ -19,6 +19,10 @@ * Author: David Zeuthen */ +#if !defined (_POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H) +#error "Only can be included directly, this file may disappear or change contents." +#endif + #ifndef __POLKIT_ERROR_H #define __POLKIT_ERROR_H diff --git a/src/polkit/polkitidentity.h b/src/polkit/polkitidentity.h index 2b81008..7d955e6 100644 --- a/src/polkit/polkitidentity.h +++ b/src/polkit/polkitidentity.h @@ -19,6 +19,10 @@ * Author: David Zeuthen */ +#if !defined (_POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H) +#error "Only can be included directly, this file may disappear or change contents." +#endif + #ifndef __POLKIT_IDENTITY_H #define __POLKIT_IDENTITY_H diff --git a/src/polkit/polkitimplicitauthorization.h b/src/polkit/polkitimplicitauthorization.h index 12d2880..7abd557 100644 --- a/src/polkit/polkitimplicitauthorization.h +++ b/src/polkit/polkitimplicitauthorization.h @@ -19,6 +19,10 @@ * Author: David Zeuthen */ +#if !defined (_POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H) +#error "Only can be included directly, this file may disappear or change contents." +#endif + #ifndef __POLKIT_IMPLICIT_AUTHORIZATION_H #define __POLKIT_IMPLICIT_AUTHORIZATION_H diff --git a/src/polkit/polkitsubject.h b/src/polkit/polkitsubject.h index 6f95c29..0ef8812 100644 --- a/src/polkit/polkitsubject.h +++ b/src/polkit/polkitsubject.h @@ -19,6 +19,10 @@ * Author: David Zeuthen */ +#if !defined (_POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H) +#error "Only can be included directly, this file may disappear or change contents." +#endif + #ifndef __POLKIT_SUBJECT_H #define __POLKIT_SUBJECT_H diff --git a/src/polkit/polkitsystembusname.h b/src/polkit/polkitsystembusname.h index 7894a1e..4c91ee6 100644 --- a/src/polkit/polkitsystembusname.h +++ b/src/polkit/polkitsystembusname.h @@ -19,6 +19,10 @@ * Author: David Zeuthen */ +#if !defined (_POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H) +#error "Only can be included directly, this file may disappear or change contents." +#endif + #ifndef __POLKIT_SYSTEM_BUS_NAME_H #define __POLKIT_SYSTEM_BUS_NAME_H diff --git a/src/polkit/polkitunixgroup.h b/src/polkit/polkitunixgroup.h index 714b1b1..49e171a 100644 --- a/src/polkit/polkitunixgroup.h +++ b/src/polkit/polkitunixgroup.h @@ -19,6 +19,10 @@ * Author: David Zeuthen */ +#if !defined (_POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H) +#error "Only can be included directly, this file may disappear or change contents." +#endif + #ifndef __POLKIT_UNIX_GROUP_H #define __POLKIT_UNIX_GROUP_H diff --git a/src/polkit/polkitunixprocess.h b/src/polkit/polkitunixprocess.h index b584bef..9af2710 100644 --- a/src/polkit/polkitunixprocess.h +++ b/src/polkit/polkitunixprocess.h @@ -19,6 +19,10 @@ * Author: David Zeuthen */ +#if !defined (_POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H) +#error "Only can be included directly, this file may disappear or change contents." +#endif + #ifndef __POLKIT_UNIX_PROCESS_H #define __POLKIT_UNIX_PROCESS_H diff --git a/src/polkit/polkitunixsession.h b/src/polkit/polkitunixsession.h index bbf431e..949811d 100644 --- a/src/polkit/polkitunixsession.h +++ b/src/polkit/polkitunixsession.h @@ -19,6 +19,10 @@ * Author: David Zeuthen */ +#if !defined (_POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H) +#error "Only can be included directly, this file may disappear or change contents." +#endif + #ifndef __POLKIT_UNIX_SESSION_H #define __POLKIT_UNIX_SESSION_H diff --git a/src/polkit/polkitunixuser.h b/src/polkit/polkitunixuser.h index 012856c..2346c8a 100644 --- a/src/polkit/polkitunixuser.h +++ b/src/polkit/polkitunixuser.h @@ -19,6 +19,10 @@ * Author: David Zeuthen */ +#if !defined (_POLKIT_COMPILATION) && !defined(_POLKIT_INSIDE_POLKIT_H) +#error "Only can be included directly, this file may disappear or change contents." +#endif + #ifndef __POLKIT_UNIX_USER_H #define __POLKIT_UNIX_USER_H diff --git a/src/polkitagent/Makefile.am b/src/polkitagent/Makefile.am index cec4c24..1ee185b 100644 --- a/src/polkitagent/Makefile.am +++ b/src/polkitagent/Makefile.am @@ -12,7 +12,6 @@ INCLUDES = \ -DPACKAGE_LIB_DIR=\""$(libdir)"\" \ -D_POSIX_PTHREAD_SEMANTICS \ -D_REENTRANT \ - -DPOLKIT_AGENT_COMPILATION \ -DEGG_DBUS_I_KNOW_API_IS_SUBJECT_TO_CHANGE \ $(NULL) @@ -48,6 +47,8 @@ libpolkit_agent_1_la_SOURCES = \ $(NULL) libpolkit_agent_1_la_CFLAGS = \ + -D_POLKIT_COMPILATION \ + -D_POLKIT_AGENT_COMPILATION \ $(GLIB_CFLAGS) \ $(EGG_DBUS_CFLAGS) \ $(NULL) @@ -61,9 +62,19 @@ libpolkit_agent_1_la_LIBADD = \ libexec_PROGRAMS = polkit-agent-helper-1 -polkit_agent_helper_1_SOURCES = polkitagenthelper.c -polkit_agent_helper_1_CFLAGS = $(GLIB_CFLAGS) -polkit_agent_helper_1_LDADD = $(AUTH_LIBS) $(top_builddir)/src/polkit/libpolkit-gobject-1.la +polkit_agent_helper_1_SOURCES = \ + polkitagenthelper.c \ + $(NULL) + +polkit_agent_helper_1_CFLAGS = \ + -D_POLKIT_COMPILATION \ + $(GLIB_CFLAGS) \ + $(NULL) + +polkit_agent_helper_1_LDADD = \ + $(AUTH_LIBS) \ + $(top_builddir)/src/polkit/libpolkit-gobject-1.la \ + $(NULL) # polkit-agent-helper-1 need to be setuid root because it's used to # authenticate not only the invoking user, but possibly also root diff --git a/src/polkitagent/polkitagent.h b/src/polkitagent/polkitagent.h index d417e5d..5045d67 100644 --- a/src/polkitagent/polkitagent.h +++ b/src/polkitagent/polkitagent.h @@ -22,14 +22,14 @@ #ifndef __POLKIT_AGENT_H #define __POLKIT_AGENT_H -#if !defined (POLKIT_AGENT_I_KNOW_API_IS_SUBJECT_TO_CHANGE) && !defined (POLKIT_AGENT_COMPILATION) +#if !defined (POLKIT_AGENT_I_KNOW_API_IS_SUBJECT_TO_CHANGE) && !defined (_POLKIT_AGENT_COMPILATION) #error "libpolkitagent is unstable API and subject to change. You must define POLKIT_AGENT_I_KNOW_API_IS_SUBJECT_TO_CHANGE to acknowledge this." #endif -#define POLKIT_AGENT_INSIDE_POLKIT_AGENT_H 1 +#define _POLKIT_AGENT_INSIDE_POLKIT_AGENT_H 1 #include #include #include -#undef POLKIT_AGENT_INSIDE_POLKIT_AGENT_H +#undef _POLKIT_AGENT_INSIDE_POLKIT_AGENT_H #endif /* __POLKIT_AGENT_H */ diff --git a/src/polkitagent/polkitagentlistener.h b/src/polkitagent/polkitagentlistener.h index dc17bc3..59a8cc8 100644 --- a/src/polkitagent/polkitagentlistener.h +++ b/src/polkitagent/polkitagentlistener.h @@ -19,7 +19,7 @@ * Author: David Zeuthen */ -#if !defined(POLKIT_AGENT_INSIDE_POLKIT_AGENT_H) && !defined (POLKIT_AGENT_COMPILATION) +#if !defined(_POLKIT_AGENT_INSIDE_POLKIT_AGENT_H) && !defined (_POLKIT_AGENT_COMPILATION) #error "Only can be included directly, this file may disappear or change contents" #endif diff --git a/src/polkitagent/polkitagentsession.h b/src/polkitagent/polkitagentsession.h index be01852..4123c2d 100644 --- a/src/polkitagent/polkitagentsession.h +++ b/src/polkitagent/polkitagentsession.h @@ -19,7 +19,7 @@ * Author: David Zeuthen */ -#if !defined(POLKIT_AGENT_INSIDE_POLKIT_AGENT_H) && !defined (POLKIT_AGENT_COMPILATION) +#if !defined(_POLKIT_AGENT_INSIDE_POLKIT_AGENT_H) && !defined (_POLKIT_AGENT_COMPILATION) #error "Only can be included directly, this file may disappear or change contents" #endif diff --git a/src/polkitagent/polkitagenttypes.h b/src/polkitagent/polkitagenttypes.h index c1143be..8847c91 100644 --- a/src/polkitagent/polkitagenttypes.h +++ b/src/polkitagent/polkitagenttypes.h @@ -19,7 +19,7 @@ * Author: David Zeuthen */ -#if !defined(POLKIT_AGENT_INSIDE_POLKIT_AGENT_H) && !defined (POLKIT_AGENT_COMPILATION) +#if !defined(_POLKIT_AGENT_INSIDE_POLKIT_AGENT_H) && !defined (_POLKIT_AGENT_COMPILATION) #error "Only can be included directly, this file may disappear or change contents" #endif diff --git a/src/polkitbackend/Makefile.am b/src/polkitbackend/Makefile.am index a505fa7..4714856 100644 --- a/src/polkitbackend/Makefile.am +++ b/src/polkitbackend/Makefile.am @@ -57,6 +57,7 @@ libpolkit_backend_1_la_SOURCES = \ $(NULL) libpolkit_backend_1_la_CFLAGS = \ + -D_POLKIT_COMPILATION \ -D_POLKIT_BACKEND_COMPILATION \ $(GLIB_CFLAGS) \ $(EGG_DBUS_CFLAGS) \ diff --git a/src/polkitbackend/polkitbackend.h b/src/polkitbackend/polkitbackend.h index 6ff0439..b6dcc1d 100644 --- a/src/polkitbackend/polkitbackend.h +++ b/src/polkitbackend/polkitbackend.h @@ -24,6 +24,10 @@ #include +#if !defined (POLKIT_BACKEND_I_KNOW_API_IS_SUBJECT_TO_CHANGE) && !defined (POLKIT_BACKEND_COMPILATION) +#error "libpolkitbackend is unstable API and subject to change. You must define POLKIT_BACKEND_I_KNOW_API_IS_SUBJECT_TO_CHANGE to acknowledge this." +#endif + #define _POLKIT_BACKEND_INSIDE_POLKIT_BACKEND_H 1 #include #include diff --git a/src/polkitd/Makefile.am b/src/polkitd/Makefile.am index c93096d..c425d68 100644 --- a/src/polkitd/Makefile.am +++ b/src/polkitd/Makefile.am @@ -21,7 +21,7 @@ polkitd_1_SOURCES = \ $(NULL) polkitd_1_CFLAGS = \ - -I$(top_srcdir)/src \ + -DPOLKIT_BACKEND_I_KNOW_API_IS_SUBJECT_TO_CHANGE \ -DG_LOG_DOMAIN=\"polkitd-1\" \ $(GLIB_CFLAGS) \ $(NULL) diff --git a/src/programs/polkit.c b/src/programs/polkit.c index 1bc2579..120801d 100644 --- a/src/programs/polkit.c +++ b/src/programs/polkit.c @@ -24,6 +24,7 @@ #endif #include +#define POLKIT_I_KNOW_AUTHORITY_MANAGER_API_IS_SUBJECT_TO_CHANGE #include static PolkitAuthority *authority;