David Zeuthen [Wed, 12 Aug 2009 19:14:32 +0000 (15:14 -0400)]
Update NEWS for release
David Zeuthen [Wed, 12 Aug 2009 18:40:46 +0000 (14:40 -0400)]
Generate GI gir and typelibs for libpolkit-gobject-1
This includes changing from POSIX types (uid_t, gid_t, pid_t) to
gint. Won't affect much since the size is the same. And we want this
anyway since it is needed to build the library on non-POSIX platforms.
David Zeuthen [Wed, 12 Aug 2009 15:52:46 +0000 (11:52 -0400)]
Remove temporary authorization when the subject it applies to vanishes
This makes it easier to write the desktop component showing a
notification icon - said component now only needs to watch ::changed
and reenumerate temporary authorizations. If this is done, then the
notification icon is updated in near-realtime.
Also emit ::changed on ConsoleKit changes. This helps remind
Mechanisms that they should redo an authorization check (if this is
how the Mechanism decides to cache authorizations).
David Zeuthen [Wed, 12 Aug 2009 15:51:52 +0000 (11:51 -0400)]
Don't set the GError if the process doesn't exist
David Zeuthen [Wed, 12 Aug 2009 15:51:14 +0000 (11:51 -0400)]
Pass the right struct offset for the ::changed class signal handler
Joe Marcus Clarke [Wed, 12 Aug 2009 14:04:15 +0000 (10:04 -0400)]
Bug 23093 – FreeBSD portability fixes
There are a few issues with building polkit-0.93 on FreeBSD:
* No clearenv() function on FreeBSD
* While FreeBSD has a /proc, it is deprecated, and kinfo_proc should
be used instead.
* FreeBSD's printf() functions do not support the %m notation. This
is only supported for syslog().
* You can't call GINT_TO_POINTER() on a 64-bit value, as this will
break on 64-bit OSes.
The attached patch fixes these problems. First, a check for
clearenv() is added to configure. Second, I moved the check for
process uid to polkit/polkitunixprocess.c. This may not be ideal, but
it seems to fit, and reduces code duplication. Third, I replaces all
%m with %s ... g_strerror (errno). Finally, I replaced
GINT_TO_POINTER() with GSIZE_TO_POINTER.
Signed-off-by: David Zeuthen <davidz@redhat.com>
David Zeuthen [Mon, 10 Aug 2009 14:17:51 +0000 (10:17 -0400)]
Be more careful when determining process start time
David Zeuthen [Thu, 30 Jul 2009 14:33:03 +0000 (10:33 -0400)]
Ensure all fds except stdin/stdout/stderr are closed after exec(2)
David Zeuthen [Tue, 28 Jul 2009 15:25:20 +0000 (11:25 -0400)]
Add polkit.retains_authorization_after_challenge to authz result
Also make this and other details available via methods on the
PolkitAuthorizationResult object.
See this and surrounding messages
http://lists.freedesktop.org/archives/polkit-devel/2009-July/000189.html
for more information.
David Zeuthen [Mon, 27 Jul 2009 14:03:34 +0000 (10:03 -0400)]
Don't spawn man(1) from a setuid program
David Zeuthen [Mon, 27 Jul 2009 02:05:38 +0000 (22:05 -0400)]
Allow unprivileged callers to check authorizations
But only allow this if
- the caller and the subject being checked is the same user
- no details are passed (otherwise dialogs can be spoofed)
Also add a RevokeTemporaryAuthorizationById() method.
David Zeuthen [Thu, 23 Jul 2009 13:27:47 +0000 (09:27 -0400)]
Ignore .pkla files starting with dot and don't segfault on error path
David Zeuthen [Tue, 21 Jul 2009 16:56:16 +0000 (12:56 -0400)]
Require correct versions of glib and eggdbus
Pointed out by Michael Biebl, thanks.
David Zeuthen [Tue, 21 Jul 2009 00:26:05 +0000 (20:26 -0400)]
Post-release version bump to 0.94
David Zeuthen [Tue, 21 Jul 2009 00:03:58 +0000 (20:03 -0400)]
Update NEWS for release
David Zeuthen [Mon, 20 Jul 2009 23:43:29 +0000 (19:43 -0400)]
Update TODO
David Zeuthen [Mon, 20 Jul 2009 23:07:30 +0000 (19:07 -0400)]
Fix make distcheck
David Zeuthen [Mon, 20 Jul 2009 22:49:25 +0000 (18:49 -0400)]
Add support for querying and revoking temporary authorizations
Also change how authentication agents are registered (take a Subject
instead of the session-id) and add convenience functions to
asynchronously construct a PolkitUnixSession object given a process id
(by querying ConsoleKit).
David Zeuthen [Wed, 15 Jul 2009 22:56:18 +0000 (18:56 -0400)]
Add docs detailing how the Local Authority works
David Zeuthen [Wed, 15 Jul 2009 21:08:41 +0000 (17:08 -0400)]
Rename some man pages and the daemon binary
David Zeuthen [Wed, 15 Jul 2009 20:20:08 +0000 (16:20 -0400)]
In .pkla files, use Result{Any,Inactive,Active} instead of just Result
David Zeuthen [Wed, 15 Jul 2009 19:21:35 +0000 (15:21 -0400)]
Actually make the local authority look up authorization files
Still need to add test cases / docs but this seems to work great.
David Zeuthen [Wed, 15 Jul 2009 17:13:05 +0000 (13:13 -0400)]
Also pass the identity of the subject we are checking for
David Zeuthen [Wed, 15 Jul 2009 16:48:32 +0000 (12:48 -0400)]
Move authentication agent bits to separate authority subclass
David Zeuthen [Wed, 15 Jul 2009 15:17:25 +0000 (11:17 -0400)]
Rip out polkit-local and refactor local authority to only use tmp authz
David Zeuthen [Mon, 13 Jul 2009 16:59:46 +0000 (12:59 -0400)]
Move local authority management to a separate library
David Zeuthen [Sat, 4 Jul 2009 23:32:34 +0000 (19:32 -0400)]
Plug a couple of memory leaks
David Zeuthen [Fri, 19 Jun 2009 15:47:46 +0000 (11:47 -0400)]
Cancel an authentication if the unique name for the subject vanishes
This makes it easier to write mechanisms as they don't have to watch
for the client requesting service vanishing.
David Zeuthen [Wed, 17 Jun 2009 19:31:28 +0000 (15:31 -0400)]
GIO modules need to be prefix with lib
For some weird reason.
Yanko Kaneti [Tue, 16 Jun 2009 20:38:52 +0000 (23:38 +0300)]
More unique ids to get the docs build fully predictable
Yanko Kaneti [Tue, 16 Jun 2009 17:26:49 +0000 (13:26 -0400)]
Use unique ids for sections to prevent them being autogenerated
Signed-off-by: David Zeuthen <davidz@redhat.com>
David Zeuthen [Mon, 8 Jun 2009 21:16:18 +0000 (17:16 -0400)]
Post-release version bump to 0.93
David Zeuthen [Mon, 8 Jun 2009 20:30:15 +0000 (16:30 -0400)]
Also dist polkitd-1.xml
David Zeuthen [Mon, 8 Jun 2009 20:01:49 +0000 (16:01 -0400)]
Update NEWS
David Zeuthen [Mon, 8 Jun 2009 19:56:06 +0000 (15:56 -0400)]
Fix make distcheck
David Zeuthen [Mon, 8 Jun 2009 19:00:17 +0000 (15:00 -0400)]
Change GNOME to freedesktop.org in the docs
David Zeuthen [Mon, 8 Jun 2009 18:57:35 +0000 (14:57 -0400)]
Move the doc chapters around a bit
David Zeuthen [Mon, 8 Jun 2009 18:48:41 +0000 (14:48 -0400)]
Minor doc fixes
David Zeuthen [Mon, 8 Jun 2009 18:21:27 +0000 (14:21 -0400)]
Use .../extensions instead of ../backends for loading extensions
David Zeuthen [Mon, 8 Jun 2009 18:20:55 +0000 (14:20 -0400)]
Expand on the D-Bus docs
David Zeuthen [Mon, 8 Jun 2009 17:11:13 +0000 (13:11 -0400)]
Consolidate all gtk-doc stuff in docs/polkit
David Zeuthen [Mon, 8 Jun 2009 16:35:56 +0000 (12:35 -0400)]
Add a "PolicyKit Overview" section to the docs
David Zeuthen [Mon, 8 Jun 2009 14:53:36 +0000 (10:53 -0400)]
Add some more API docs
David Zeuthen [Fri, 5 Jun 2009 20:43:28 +0000 (16:43 -0400)]
Improve pkexec(1) man page by adding screenshots of authentication dialogs
David Zeuthen [Fri, 5 Jun 2009 20:11:27 +0000 (16:11 -0400)]
First cut at some high-level docs
David Zeuthen [Wed, 3 Jun 2009 17:11:30 +0000 (13:11 -0400)]
Add a man page for polkit-1(8)
David Zeuthen [Wed, 3 Jun 2009 16:44:39 +0000 (12:44 -0400)]
Update SEE ALSO sections in man pages
David Zeuthen [Wed, 3 Jun 2009 16:36:03 +0000 (12:36 -0400)]
Add pkaction(1) and nuke polkit-1(1) commands
All the functionality of polkit-1(1), sans managing the local
authority, is now available in pkaction(1) and pkcheck(1). In the
future we might want to add something like pklamanage(1) to manage the
local authority.
David Zeuthen [Tue, 2 Jun 2009 16:25:17 +0000 (12:25 -0400)]
Return the icon name instead of a GIcon in PolkitActionDescription
David Zeuthen [Tue, 2 Jun 2009 16:24:48 +0000 (12:24 -0400)]
nullbackend: Catch up with latest API changes
David Zeuthen [Fri, 29 May 2009 15:12:05 +0000 (11:12 -0400)]
Add pkcheck(1) command to check for authorizations
This is just a simple wrapper for the CheckAuthorization() D-Bus method.
See these messages
https://www.redhat.com/archives/fedora-devel-list/2009-May/msg01364.html
https://www.redhat.com/archives/fedora-devel-list/2009-May/msg01397.html
where this helper was discussed - it may make it a lot easier to use
polkit from code that pretends to care about OOM conditions.
David Zeuthen [Fri, 29 May 2009 15:11:03 +0000 (11:11 -0400)]
Clarify docs for is_challenge member of the AuthorizationResult struct
David Zeuthen [Fri, 29 May 2009 15:09:51 +0000 (11:09 -0400)]
Avoid returning an error if no authentication agent is available
Instead, just return the PolkitAuthorizationResult that already has
authorized==FALSE and challenge==TRUE.
David Zeuthen [Fri, 29 May 2009 15:09:16 +0000 (11:09 -0400)]
Only free hash table if it's not NULL
David Zeuthen [Wed, 27 May 2009 16:14:14 +0000 (12:14 -0400)]
Require eggdbus-1 >= 0.4
David Zeuthen [Wed, 27 May 2009 16:12:03 +0000 (12:12 -0400)]
Change the defaults for .run-frobnicate to auth_self_keep
David Zeuthen [Tue, 26 May 2009 15:11:13 +0000 (11:11 -0400)]
Forgot to add source for PolkitDetails
David Zeuthen [Tue, 19 May 2009 16:08:12 +0000 (12:08 -0400)]
Use an object, not a GHashTable when passing details around
This is because bindable GObject APIs should never return or accept a
GHashTable, see http://bugzilla.gnome.org/show_bug.cgi?id=581686#c6
for details.
David Zeuthen [Fri, 15 May 2009 19:56:53 +0000 (15:56 -0400)]
Fix a bug where details were not shown for normal pkexec usage
David Zeuthen [Fri, 15 May 2009 19:32:22 +0000 (15:32 -0400)]
Mention /usr/bin/pkexec in the configure blurb
David Zeuthen [Fri, 15 May 2009 19:30:25 +0000 (15:30 -0400)]
Add a pkexec(1) command
David Zeuthen [Wed, 13 May 2009 16:41:55 +0000 (12:41 -0400)]
Move docs to proper location
David Zeuthen [Wed, 13 May 2009 16:30:26 +0000 (12:30 -0400)]
Port examples and command-line tools to new API
David Zeuthen [Wed, 13 May 2009 16:20:16 +0000 (12:20 -0400)]
Change the PolkitAuthorizationResult enumeration into an object
David Zeuthen [Wed, 13 May 2009 14:58:04 +0000 (10:58 -0400)]
Only allow privileged apps to check authz and add ActionLookup interface
Also remove the ObtainAuthorization() call and allow apps to pass
details to CheckAuthorization.
David Zeuthen [Mon, 11 May 2009 14:33:44 +0000 (10:33 -0400)]
Fix D-Bus policy to work with non-permissive D-Bus
Richard Hughes [Fri, 13 Feb 2009 16:11:24 +0000 (16:11 +0000)]
add a draft version of the porting guide -- WIP
Richard Hughes [Tue, 10 Feb 2009 19:16:31 +0000 (19:16 +0000)]
fix up gtk-doc API markup for a couple of functions
David Zeuthen [Tue, 10 Feb 2009 15:45:25 +0000 (10:45 -0500)]
install gtkdoc HTML in the proper location
David Zeuthen [Tue, 10 Feb 2009 03:14:07 +0000 (22:14 -0500)]
post-release version bump to 0.92
David Zeuthen [Tue, 10 Feb 2009 02:10:46 +0000 (21:10 -0500)]
make it possible to define what administrator authentication means
We might also want to expose methods on the D-Bus interface
org.freedesktop.PolicyKit1.AuthorityManager to configure this;
implementation-wise we'd just be writing out config files with a fixed
priority.
David Zeuthen [Mon, 9 Feb 2009 23:57:29 +0000 (18:57 -0500)]
add security checks for AddAuthorization() and RemoveAuthorization()
For now this is restricted to uid 0; going to revisit this when
hacking on the GNOME authorization UI.
David Zeuthen [Mon, 9 Feb 2009 23:50:07 +0000 (18:50 -0500)]
rename grant->add and revoke->remove in the polkit-1 tool
David Zeuthen [Mon, 9 Feb 2009 23:37:25 +0000 (18:37 -0500)]
add security checks for EnumerateAuthorizations
David Zeuthen [Mon, 9 Feb 2009 22:27:33 +0000 (17:27 -0500)]
remember to dist 50-nullback.conf
David Zeuthen [Mon, 9 Feb 2009 22:08:53 +0000 (17:08 -0500)]
prune TODO list and fix up single-header-file / API guard checks
David Zeuthen [Mon, 9 Feb 2009 20:53:51 +0000 (15:53 -0500)]
add the ObtainAuthorization() method and use in for the 'polkit-1 run' command
Also add an example for this.
David Zeuthen [Sun, 8 Feb 2009 21:23:45 +0000 (16:23 -0500)]
load and choose what backend to use; also write a simple null backend
The thinking is that if someone wants to turn off PolicyKit, they
simply drop a file /etc/polkit-1/nullbackend.conf.d/99-i-hate-polkit.conf
with the contents
[Configuration]
priority=1000
This also provides a good cut-n-paste template / example etc. of how
to implement a PolicyKit backend.
David Zeuthen [Sun, 8 Feb 2009 19:22:45 +0000 (14:22 -0500)]
implement cancellation of authorization checks
Also add a short example to test this.
David Zeuthen [Sun, 8 Feb 2009 19:10:52 +0000 (14:10 -0500)]
don't hardcode the uid, look it up in /proc
David Zeuthen [Sun, 8 Feb 2009 16:37:35 +0000 (11:37 -0500)]
make authentication agents pass a session_id parameter
The session_id has got to be empty for now. The thinking is that in
the future we might want to register an authentication agent that runs
in secure desktop, e.g. a separate session from the user session.
David Zeuthen [Sun, 8 Feb 2009 16:17:04 +0000 (11:17 -0500)]
generate all polkit dbus code in one place
David Zeuthen [Sat, 7 Feb 2009 21:19:12 +0000 (16:19 -0500)]
update for latest EggDBus changes
David Zeuthen [Thu, 5 Feb 2009 20:06:30 +0000 (15:06 -0500)]
fix up the D-Bus docs somewhat
David Zeuthen [Wed, 4 Feb 2009 23:37:26 +0000 (18:37 -0500)]
use new eggdbus feature to include enums/structs docs in the interface docs
David Zeuthen [Tue, 3 Feb 2009 05:48:56 +0000 (00:48 -0500)]
user proper capitalization for AuthenticationAgent D-Bus interface summary
David Zeuthen [Tue, 3 Feb 2009 05:47:35 +0000 (00:47 -0500)]
add docs for the AuthenticationAgent D-Bus interface
David Zeuthen [Tue, 3 Feb 2009 05:30:59 +0000 (00:30 -0500)]
add docs for the AuthorityManager D-Bus interface
David Zeuthen [Tue, 3 Feb 2009 05:20:41 +0000 (00:20 -0500)]
add docs for the Authority D-Bus interface
David Zeuthen [Tue, 3 Feb 2009 04:49:17 +0000 (23:49 -0500)]
depend on EggDBus HEAD for stamp file and Docbook docs for D-Bus interfaces
make -j4 should work now
David Zeuthen [Mon, 2 Feb 2009 18:54:27 +0000 (13:54 -0500)]
post-release version bump to 0.91
Better late than never...
David Zeuthen [Mon, 2 Feb 2009 01:44:43 +0000 (20:44 -0500)]
add docs for PolkitBackendAuthority
David Zeuthen [Mon, 2 Feb 2009 00:01:11 +0000 (19:01 -0500)]
rework backend API
David Zeuthen [Sun, 1 Feb 2009 21:18:25 +0000 (16:18 -0500)]
add API docs for PolkitAuthority
Also slightly rearrange the doc layout.
David Zeuthen [Sun, 1 Feb 2009 19:01:59 +0000 (14:01 -0500)]
replace PolkitBackendServer with polkit_backend_register_authority()
This is consistent with how the PolkitAgentListener API works.
David Zeuthen [Sun, 1 Feb 2009 18:26:53 +0000 (13:26 -0500)]
move management functions to a separate D-Bus interface and GObject class
This will allow us, in the near future, to declare org.fd.PK1.Authority and
PolkitAuthority as stable while allowing changes to how we manage the (local)
authority even after 1.0.
David Zeuthen [Sun, 1 Feb 2009 17:39:21 +0000 (12:39 -0500)]
require POLKIT_AGENT_I_KNOW_API_IS_SUBJECT_TO_CHANGE to be defined
Also use @stability in the docs to indicate that the interface is
currently subject to change.
David Zeuthen [Sat, 31 Jan 2009 21:17:27 +0000 (16:17 -0500)]
fix up polkitagent docs
David Zeuthen [Sat, 31 Jan 2009 20:41:05 +0000 (15:41 -0500)]
add docs for PolkitAgentListener
David Zeuthen [Sat, 31 Jan 2009 19:21:53 +0000 (14:21 -0500)]
collapse request into a single signal and add docs for PolkitAgentSession