David Zeuthen [Tue, 24 Apr 2012 16:48:27 +0000 (12:48 -0400)]
Post-release version bump to 0.106
Signed-off-by: David Zeuthen <davidz@redhat.com>
David Zeuthen [Tue, 24 Apr 2012 16:46:24 +0000 (12:46 -0400)]
Update NEWS for release
Signed-off-by: David Zeuthen <davidz@redhat.com>
David Zeuthen [Tue, 24 Apr 2012 16:39:27 +0000 (12:39 -0400)]
Add Makefile rules for signing and publishing releases and docs
Also mention in README how the authenticity of releases can be
verified.
Signed-off-by: David Zeuthen <davidz@redhat.com>
David Zeuthen [Tue, 24 Apr 2012 16:25:11 +0000 (12:25 -0400)]
Update the docs to use 'polkit' (instead of 'PolicyKit') as the name
... as much as possible.
Also remove the license on the docs and the FSF's address.
Also point to http://www.freedesktop.org/software/polkit/docs/latest/
as that is going to be where docs are stored, going forward.
Signed-off-by: David Zeuthen <davidz@redhat.com>
David Zeuthen [Tue, 24 Apr 2012 16:11:13 +0000 (12:11 -0400)]
Mention pkttyagent(1) in "Writing PolicyKit applications" chapter
Signed-off-by: David Zeuthen <davidz@redhat.com>
David Zeuthen [Thu, 12 Apr 2012 18:45:07 +0000 (14:45 -0400)]
Fix type in docs
It's RegisterAuthenticationAgentWithOptions, not just
RegisterAuthenticationAgent.
Signed-off-by: David Zeuthen <davidz@redhat.com>
David Zeuthen [Thu, 12 Apr 2012 17:54:27 +0000 (13:54 -0400)]
Make it possible to influence agent registration with an a{sv} parameter
Additionally, add a "fallback" option. Also add support in this in the
pkttyagent(1) program.
This slightly breaks libpolkit-backend API by adding a GVariant* param
to one of the class vfuncs... but that API is already declared
unstable so that's fine.
Signed-off-by: David Zeuthen <davidz@redhat.com>
David Zeuthen [Wed, 11 Apr 2012 17:15:48 +0000 (13:15 -0400)]
Add pkttyagent(1) helper
This came up while working on
https://bugzilla.redhat.com/show_bug.cgi?id=804088
and is useful for example if it's not suitable or appropriate to link
against the polkit libraries.
Signed-off-by: David Zeuthen <davidz@redhat.com>
David Zeuthen [Thu, 8 Mar 2012 20:36:30 +0000 (15:36 -0500)]
PolkitAgentSession: Don't leak file descriptors
This was reported here
https://bugzilla.gnome.org/show_bug.cgi?id=671486
Signed-off-by: David Zeuthen <davidz@redhat.com>
David Zeuthen [Mon, 6 Feb 2012 16:26:06 +0000 (11:26 -0500)]
PolkitUnixSession: Actually return TRUE if a session exists
Also, don't treat the integer returned by sd_session_get_uid() as a
boolean because that's just confusing.
Signed-off-by: David Zeuthen <davidz@redhat.com>
David Zeuthen [Mon, 6 Feb 2012 16:24:53 +0000 (11:24 -0500)]
PolkitUnixSession: Set error if we cannot find a session for the given pid
Also, don't treat the integer returned by sd_pid_get_session() as a
boolean because that's just confusing. Also, don't confuse memory
supposed to be freed by g_free() and free(3) with each other. See
https://bugzilla.redhat.com/show_bug.cgi?id=787222
for more details.
Signed-off-by: David Zeuthen <davidz@redhat.com>
Ryan Lortie [Sat, 7 Jan 2012 06:40:01 +0000 (01:40 -0500)]
Various builddir != srcdir fixes
Fix autogen.sh to work when run from the builddir.
Also: switch over to using the gobject-introspection Makefile (which is
out-of-tree safe) instead of hardcoding our own version.
https://bugs.freedesktop.org/show_bug.cgi?id=44599
Signed-off-by: David Zeuthen <davidz@redhat.com>
David Zeuthen [Tue, 3 Jan 2012 17:04:27 +0000 (12:04 -0500)]
Post-release version bump
Signed-off-by: David Zeuthen <davidz@redhat.com>
David Zeuthen [Tue, 3 Jan 2012 16:58:51 +0000 (11:58 -0500)]
Update NEWS for release
Signed-off-by: David Zeuthen <davidz@redhat.com>
David Zeuthen [Tue, 3 Jan 2012 16:29:37 +0000 (11:29 -0500)]
Detect whether systemd is available and default to use if so
Signed-off-by: David Zeuthen <davidz@redhat.com>
Matthias Clasen [Tue, 20 Dec 2011 03:37:05 +0000 (22:37 -0500)]
Add optional systemd support
When configured with --enable-systemd, this patch makes
polkit use systemd for session tracking instead of ConsoleKit.
Signed-off-by: David Zeuthen <davidz@redhat.com>
Nikki VonHollen [Tue, 20 Dec 2011 23:11:23 +0000 (15:11 -0800)]
Bug 43610 - Add netgroup support
https://bugs.freedesktop.org/show_bug.cgi?id=43610
Added netgroup support and additional unit tests with MockLibc support.
Signed-off-by: David Zeuthen <davidz@redhat.com>
Nikki VonHollen [Tue, 20 Dec 2011 16:10:17 +0000 (11:10 -0500)]
Bug 43608 – Add unit tests
https://bugs.freedesktop.org/show_bug.cgi?id=43608
Basic unittest support and a few tests. Adds basic unit tests for:
PolkitIdentity, PolkitUnixUser, PolkitUnixGroup,
PolkitBackendLocalAuthorizationStore, and PolkitBackendLocalAuthority.
Signed-off-by: David Zeuthen <davidz@redhat.com>
David Zeuthen [Tue, 6 Dec 2011 15:50:06 +0000 (10:50 -0500)]
Post-release version bump to 0.104
Signed-off-by: David Zeuthen <davidz@redhat.com>
David Zeuthen [Tue, 6 Dec 2011 15:47:29 +0000 (10:47 -0500)]
Fix typo
Signed-off-by: David Zeuthen <davidz@redhat.com>
David Zeuthen [Tue, 6 Dec 2011 15:36:54 +0000 (10:36 -0500)]
Update NEWS for release
Signed-off-by: David Zeuthen <davidz@redhat.com>
David Zeuthen [Tue, 6 Dec 2011 15:25:43 +0000 (10:25 -0500)]
Default to AdminIdentities=unix-group:wheel for local authority
Signed-off-by: David Zeuthen <davidz@redhat.com>
Alan Near [Mon, 7 Nov 2011 07:38:22 +0000 (11:38 +0400)]
Mistype in DBus object: PoliycKit1 -> PolicyKit1
Signed-off-by: David Zeuthen <davidz@redhat.com>
David Zeuthen [Tue, 18 Oct 2011 19:45:40 +0000 (15:45 -0400)]
Bug 41025 – Add org.freedesktop.policykit.owner annotation
This allows daemons running as a designated uid to check
authorizations. Based on a patch from Christopher James Halse Rogers
<chalserogers@gmail.com>.
https://bugs.freedesktop.org/show_bug.cgi?id=41025
Signed-off-by: David Zeuthen <davidz@redhat.com>
David Zeuthen [Tue, 18 Oct 2011 17:13:16 +0000 (13:13 -0400)]
Add --no-debug option and use this for D-Bus activation
Signed-off-by: David Zeuthen <davidz@redhat.com>
David Zeuthen [Tue, 20 Sep 2011 18:13:12 +0000 (14:13 -0400)]
Add support for the org.freedesktop.policykit.imply annotation
For example, GNOME control center can now defined e.g.
<action id="org.zee.example.meta">
<description>Meta Action</description>
<message>Example of a meta action, blabla</message>
<defaults>
<allow_any>no</allow_any>
<allow_inactive>no</allow_inactive>
<allow_active>auth_admin_keep</allow_active>
</defaults>
<annotate key="org.freedesktop.policykit.imply">org.freedesktop.udisks2.ata-smart-selftest org.freedesktop.udisks2.encrypted-lock-others org.freedesktop.udisks2.filesystem-unmount-others</annotate>
</action>
and set up a single GtkLockButton for a PolkitPermission for action id
"org.zee.example.meta".
When unlocked the given subject will now be authorized for the actions
mentioned in the annotation.
Example test program:
int
main (int argc, char *argv[])
{
PolkitSubject *subject;
GtkWidget *window;
GtkWidget *table;
GMainLoop *loop;
guint n;
gtk_init (&argc, &argv);
subject = polkit_unix_process_new (getpid ());
window = gtk_window_new (GTK_WINDOW_TOPLEVEL);
table = gtk_table_new (1, 2, FALSE);
for (n = 1; n < argc; n++)
{
const gchar *action_id = argv[n];
GPermission *permission;
GtkWidget *label;
GtkWidget *lock_button;
GError *error = NULL;
label = gtk_label_new (action_id);
permission = polkit_permission_new_sync (action_id, subject, NULL, &error);
if (permission == NULL)
{
g_error ("Error constructing permission for action_id %s: %s (%s, %d)",
action_id, error->message, g_quark_to_string (error->domain), error->code);
goto out;
}
lock_button = gtk_lock_button_new (permission);
g_object_unref (permission);
gtk_table_attach (GTK_TABLE (table), label, 0, 1, n - 1, n, GTK_FILL, GTK_FILL, 0, 0);
gtk_table_attach (GTK_TABLE (table), lock_button, 1, 2, n - 1, n, GTK_FILL, GTK_FILL, 0, 0);
}
gtk_container_add (GTK_CONTAINER (window), table);
gtk_widget_show_all (window);
loop = g_main_loop_new (NULL, FALSE);
g_main_loop_run (loop);
out:
;
}
Compile with:
gcc -o showpolkit showpolkit.c `pkg-config --cflags --libs polkit-gobject-1 gtk+-3.0` -g -O0
Run with:
./showpolkit org.freedesktop.udisks2.ata-smart-selftest org.freedesktop.udisks2.encrypted-lock-others org.freedesktop.udisks2.filesystem-unmount-others org.zee.example.meta
Signed-off-by: David Zeuthen <davidz@redhat.com>
David Zeuthen [Mon, 1 Aug 2011 14:17:23 +0000 (10:17 -0400)]
Post-release version bump to 0.103
Signed-off-by: David Zeuthen <davidz@redhat.com>
David Zeuthen [Mon, 1 Aug 2011 14:11:03 +0000 (10:11 -0400)]
Update NEWS for release
Signed-off-by: David Zeuthen <davidz@redhat.com>
Marc Deslauriers [Tue, 28 Jun 2011 11:32:24 +0000 (12:32 +0100)]
Fix multi-line pam prompt handling
Some pam modules may attempt to display multi-line prompts to the
user. In these cases, PolicyKit was failing. This patch fixes the
issue by escaping the prompt before passing it and unescaping it
again.
Signed-off-by: David Zeuthen <davidz@redhat.com>
Evan Nemerson [Sun, 17 Jul 2011 23:01:18 +0000 (16:01 -0700)]
Specify exported pkg-config files in GIRs
https://bugs.freedesktop.org/show_bug.cgi?id=39315
Signed-off-by: David Zeuthen <davidz@redhat.com>
Martin Pitt [Wed, 29 Jun 2011 21:43:48 +0000 (22:43 +0100)]
Bug 38769 — pkexec: Support running X11 apps
Introduce a new annotation flag "org.freedesktop.policykit.exec.allow_gui"
which will cause pkexec to preserve $DISPLAY and $XAUTHORITY. With this, the
remaining few legacy X11 programs which still need to run as root can finally
be migrated away from gksu (or similar) to pkexec, with the help of some
.polkit files. This will provide a consistent UI and also help with making the
authentication dialogs less spoofable.
Relax validate_environment_variable() to allow '/' in $XAUTHORITY, as this
variable actually is a full path.
Signed-off-by: David Zeuthen <davidz@redhat.com>
Martin Pitt [Wed, 29 Jun 2011 20:53:33 +0000 (21:53 +0100)]
Fix backend crash if a .policy file does not specify <message>
get_localized_data_for_challenge() would call expand_properties() with a NULL
"message" argument, causing a segfault.
Martin Pitt [Wed, 20 Apr 2011 10:00:00 +0000 (12:00 +0200)]
Ignore .po/ for intltool
This avoids build failures if quilt patches change files with translatable
strings.
https://bugs.freedesktop.org/show_bug.cgi?id=36415
David Zeuthen [Fri, 1 Apr 2011 16:13:15 +0000 (12:13 -0400)]
pkexec: Avoid TOCTTOU problems with parent process
In a nutshell, the parent process may change its uid (either real- or
effective uid) after launching pkexec. It can do this by exec()'ing
e.g. a setuid root program.
To avoid this problem, just use the uid the parent process had when it
executed pkexec. This happens to be the same uid of the pkexec process
itself.
Additionally, remove some dubious code that allowed pkexec to continue
when the parent process died as there is no reason to support
something like that. Also ensure that the pkexec process is killed if
the parent process dies.
This problem was pointed out by Neel Mehta <nmehta@google.com>.
Signed-off-by: David Zeuthen <davidz@redhat.com>
David Zeuthen [Fri, 1 Apr 2011 16:12:27 +0000 (12:12 -0400)]
Use polkit_unix_process_get_uid() to get the owner of a process
This avoids a TOCTTOU problem.
Signed-off-by: David Zeuthen <davidz@redhat.com>
David Zeuthen [Fri, 1 Apr 2011 16:09:45 +0000 (12:09 -0400)]
Make PolkitUnixProcess also record the uid of the process
This is needed to avoid possible TOCTTOU issues since a process can
change both its real uid and effective uid.
Signed-off-by: David Zeuthen <davidz@redhat.com>
David Zeuthen [Thu, 31 Mar 2011 16:59:09 +0000 (12:59 -0400)]
PolkitUnixProcess: Clarify that the real uid is returned, not the effective one
On Linux, also switch to parsing /proc/<pid>/status instead of relying
on the st_uid returned by stat(2) to be the uid we want.
This was pointed out by Neel Mehta <nmehta@google.com>. Thanks!
Signed-off-by: David Zeuthen <davidz@redhat.com>
David Zeuthen [Mon, 14 Mar 2011 17:34:45 +0000 (14:34 -0300)]
Don't show diagnostic messages intended for the administrator to the end user
See https://bugzilla.gnome.org/show_bug.cgi?id=644737#c6 for discussion.
Signed-off-by: David Zeuthen <davidz@redhat.com>
Benjamin Otte [Fri, 11 Mar 2011 13:01:27 +0000 (08:01 -0500)]
introspection: Add --c-include to the gir files
Signed-off-by: David Zeuthen <davidz@redhat.com>
David Zeuthen [Thu, 3 Mar 2011 20:14:36 +0000 (15:14 -0500)]
Post-release version bump to 0.102
Signed-off-by: David Zeuthen <davidz@redhat.com>
David Zeuthen [Thu, 3 Mar 2011 18:37:00 +0000 (13:37 -0500)]
Update NEWS for release
Signed-off-by: David Zeuthen <davidz@redhat.com>
David Zeuthen [Thu, 3 Mar 2011 18:31:52 +0000 (13:31 -0500)]
Build examples by default and fix compiler warnings
Signed-off-by: David Zeuthen <davidz@redhat.com>
David Zeuthen [Thu, 3 Mar 2011 18:22:53 +0000 (13:22 -0500)]
Fix a couple of warnings triggered by gcc 4.6
Signed-off-by: David Zeuthen <davidz@redhat.com>
David Zeuthen [Thu, 3 Mar 2011 18:13:11 +0000 (13:13 -0500)]
Deprecated PolkitBackendActionLookup
Instead, pass the untranslated message as polkit.message and set the
gettext domain on polkit.gettext_domain. For printf()-style messages,
occurences of the form $(name_of_key) in the translated version of
polkit.message are expanded with the value of the property
name_of_key. See the pkexec(1) mechanism for an example of how to use
this.
Additionally, the property polkit.icon_name can be set to the
icon. Note that not all authentication agents use this - in
particular, gnome-shell does not.
It is no longer possible to set the details to be shown in the
authentication dialog. It was never a good idea to hide information
there anyway. Instead, the mechanism should format a meaningful
message.
Signed-off-by: David Zeuthen <davidz@redhat.com>
David Zeuthen [Wed, 23 Feb 2011 21:45:59 +0000 (16:45 -0500)]
Allow overriding message shown in authentication dialog
This is much easier than writing a PolkitBackendActionLookup class and
installing an extension. On the downside it requires the caller to be
uid 0.
Example: http://people.freedesktop.org/~david/polkit-pass-messages.png
Signed-off-by: David Zeuthen <davidz@redhat.com>
David Zeuthen [Wed, 23 Feb 2011 20:47:20 +0000 (15:47 -0500)]
Bug 29712 – Use monotonic for temporary authorizations
https://bugs.freedesktop.org/show_bug.cgi?id=29712
Signed-off-by: David Zeuthen <davidz@redhat.com>
David Zeuthen [Wed, 23 Feb 2011 20:11:07 +0000 (15:11 -0500)]
Be a bit more careful parsing the command-line
In particular, avoid crashing for Zombies
Signed-off-by: David Zeuthen <davidz@redhat.com>
David Zeuthen [Wed, 23 Feb 2011 19:47:11 +0000 (14:47 -0500)]
pkcheck: Make it possible to list and revoke temporary authorizations
Signed-off-by: David Zeuthen <davidz@redhat.com>
David Zeuthen [Wed, 23 Feb 2011 17:36:22 +0000 (12:36 -0500)]
Make pkcheck(1) report if the authentication dialog was dismissed
Signed-off-by: David Zeuthen <davidz@redhat.com>
Adrian Bunk [Wed, 23 Feb 2011 17:00:34 +0000 (12:00 -0500)]
Bug 27253 – Use GOBJECT_INTROSPECTION_CHECK from gobject-introspection
https://bugs.freedesktop.org/show_bug.cgi?id=27253
Signed-off-by: David Zeuthen <davidz@redhat.com>
David Zeuthen [Wed, 23 Feb 2011 16:01:31 +0000 (11:01 -0500)]
Be more specific about what info we want when enumerating files
Signed-off-by: David Zeuthen <davidz@redhat.com>
David Zeuthen [Wed, 23 Feb 2011 15:49:14 +0000 (10:49 -0500)]
Fix a memory leak
Signed-off-by: David Zeuthen <davidz@redhat.com>
David Zeuthen [Wed, 23 Feb 2011 14:56:17 +0000 (09:56 -0500)]
Bug 32334 – Always set polkit.retains_authorization_after_challenge
Otherwise it's impossible to implement lock buttons.
https://bugs.freedesktop.org/show_bug.cgi?id=32334
Signed-off-by: David Zeuthen <davidz@redhat.com>
David Zeuthen [Wed, 23 Feb 2011 14:16:00 +0000 (09:16 -0500)]
Bug 30438 – PolicyKit fails to build on AIX
https://bugs.freedesktop.org/show_bug.cgi?id=30438
Signed-off-by: David Zeuthen <davidz@redhat.com>
Michael Biebl [Sun, 29 Aug 2010 14:35:34 +0000 (16:35 +0200)]
Bug 29871 – Fix build failures with binutils-gold
Link polkit_agent_helper_1 against GLIB_LIBS.
Signed-off-by: David Zeuthen <davidz@redhat.com>
David Zeuthen [Wed, 23 Feb 2011 13:38:17 +0000 (08:38 -0500)]
Bug 27081 – pkexec fails to build on non glibc systems
https://bugs.freedesktop.org/show_bug.cgi?id=27081
Signed-off-by: David Zeuthen <davidz@redhat.com>
David Zeuthen [Tue, 22 Feb 2011 21:49:44 +0000 (16:49 -0500)]
Bug 30653 – No way to detect cancellation in pkexec
https://bugs.freedesktop.org/show_bug.cgi?id=30653
Signed-off-by: David Zeuthen <davidz@redhat.com>
David Zeuthen [Mon, 21 Feb 2011 22:48:39 +0000 (17:48 -0500)]
Post-release version bump to 0.101
Signed-off-by: David Zeuthen <davidz@redhat.com>
David Zeuthen [Mon, 21 Feb 2011 22:43:19 +0000 (17:43 -0500)]
Fix 'make distcheck'
Signed-off-by: David Zeuthen <davidz@redhat.com>
David Zeuthen [Mon, 21 Feb 2011 22:35:05 +0000 (17:35 -0500)]
Update NEWS for release
Signed-off-by: David Zeuthen <davidz@redhat.com>
David Zeuthen [Mon, 21 Feb 2011 22:12:17 +0000 (17:12 -0500)]
Pass caller and subject pid to authentication agent
The authentication agent can use information this to inform the user
about the UI application that triggered the authentication request (if
any).
Signed-off-by: David Zeuthen <davidz@redhat.com>
David Zeuthen [Mon, 21 Feb 2011 21:32:16 +0000 (16:32 -0500)]
Add a note about POLKIT_DEBUG
Signed-off-by: David Zeuthen <davidz@redhat.com>
David Zeuthen [Mon, 21 Feb 2011 21:24:00 +0000 (16:24 -0500)]
Always pass non-zero value to g_once_init_leave()
Signed-off-by: David Zeuthen <davidz@redhat.com>
David Zeuthen [Mon, 21 Feb 2011 19:13:06 +0000 (14:13 -0500)]
Fix up debug and timeouts in agent helper
Signed-off-by: David Zeuthen <davidz@redhat.com>
David Zeuthen [Mon, 21 Feb 2011 18:52:34 +0000 (13:52 -0500)]
Add some debug info that can be shown with the env var POLKIT_DEBUG
Signed-off-by: David Zeuthen <davidz@redhat.com>
David Zeuthen [Mon, 21 Feb 2011 17:11:11 +0000 (12:11 -0500)]
Improve error reporting for authentication sessions
In particular ensure that we show
Incorrect permissions on /opt/gnome-shell/install/libexec/polkit-agent-helper-1
as a PAM error message if the permissions on the helper are incorrect
(e.g. if the helper is not setuid root).
Signed-off-by: David Zeuthen <davidz@redhat.com>
David Zeuthen [Fri, 18 Feb 2011 20:21:40 +0000 (15:21 -0500)]
Fix-up PolkitAgentSession to use GObject properties
Signed-off-by: David Zeuthen <davidz@redhat.com>
David Zeuthen [Thu, 17 Feb 2011 20:25:39 +0000 (15:25 -0500)]
Build gir/typelib for PolkitAgent-1.0
Signed-off-by: David Zeuthen <davidz@redhat.com>
David Zeuthen [Thu, 17 Feb 2011 20:10:49 +0000 (15:10 -0500)]
Add missing GObject Introspection annotations
Signed-off-by: David Zeuthen <davidz@redhat.com>
David Zeuthen [Wed, 15 Sep 2010 16:57:25 +0000 (12:57 -0400)]
Post-release version bump to 0.100
Signed-off-by: David Zeuthen <davidz@redhat.com>
David Zeuthen [Wed, 15 Sep 2010 16:54:15 +0000 (12:54 -0400)]
Update NEWS for release
Signed-off-by: David Zeuthen <davidz@redhat.com>
Colin Walters [Fri, 10 Sep 2010 18:52:22 +0000 (14:52 -0400)]
Fix another GCC uninitialized variable warning
Colin Walters [Fri, 10 Sep 2010 18:45:09 +0000 (14:45 -0400)]
Fix (correct) GCC warning about possibly-uninitialized variable
Signed-off-by: David Zeuthen <davidz@redhat.com>
Colin Walters [Fri, 10 Sep 2010 18:42:51 +0000 (14:42 -0400)]
Remove duplicate definitions of enumeration types
These are defined in polkitenumtypes.h, don't re-define them.
Signed-off-by: David Zeuthen <davidz@redhat.com>
Vincent Untz [Thu, 26 Aug 2010 14:08:26 +0000 (10:08 -0400)]
Bug 29816 – Install polkitagentenumtypes.h
https://bugs.freedesktop.org/show_bug.cgi?id=29816
Signed-off-by: David Zeuthen <davidz@redhat.com>
David Zeuthen [Fri, 20 Aug 2010 17:03:41 +0000 (13:03 -0400)]
Post-release version bump to 0.99
Signed-off-by: David Zeuthen <davidz@redhat.com>
David Zeuthen [Fri, 20 Aug 2010 17:00:04 +0000 (13:00 -0400)]
Update NEWS for release
Signed-off-by: David Zeuthen <davidz@redhat.com>
David Zeuthen [Fri, 20 Aug 2010 16:58:59 +0000 (12:58 -0400)]
Fix dist-check
Signed-off-by: David Zeuthen <davidz@redhat.com>
David Zeuthen [Fri, 20 Aug 2010 16:29:18 +0000 (12:29 -0400)]
Various doc cleanups
Signed-off-by: David Zeuthen <davidz@redhat.com>
David Zeuthen [Fri, 20 Aug 2010 15:04:00 +0000 (11:04 -0400)]
Fix wording in pkexec(1) man page
Signed-off-by: David Zeuthen <davidz@redhat.com>
David Zeuthen [Fri, 20 Aug 2010 15:00:05 +0000 (11:00 -0400)]
pkcheck: add --enable-internal-agent option
We don't want this on by default because things like system daemons
(such as libvirtd) are using pkcheck(1) and in some unfortunate cases
these may have a tty attached.
Signed-off-by: David Zeuthen <davidz@redhat.com>
David Zeuthen [Fri, 20 Aug 2010 14:50:34 +0000 (10:50 -0400)]
pkexec: add --disable-internal-agent option
Signed-off-by: David Zeuthen <davidz@redhat.com>
David Zeuthen [Wed, 18 Aug 2010 16:24:04 +0000 (12:24 -0400)]
Fix ConsoleKit interaction bug
First of all, there was a glaring bug where we forgot to load the
GKeyFile for /var/run/ConsoleKit/database resulting in criticals like
this:
(lt-polkitd:17984): GLib-CRITICAL **: g_key_file_get_boolean: assertion `key_file != NULL' failed
(lt-polkitd:17984): GLib-CRITICAL **: g_key_file_get_boolean: assertion `key_file != NULL' failed
Furthermore, this resulted in the Authority returning "not authorized"
for subjects that should have been authorized. For an example, see
https://bugzilla.redhat.com/show_bug.cgi?id=624125
Fix this bug by calling ensure_database() to make sure the GKeyFile
contains information from /var/run/ConsoleKit/database. Also, since
there is a race (theoretical at least, but see
https://bugzilla.gnome.org/show_bug.cgi?id=627285 ) with file
monitoring, also ensure that we are using the latest and greatest
version of /var/run/ConsoleKit/database.
Signed-off-by: David Zeuthen <davidz@redhat.com>
David Zeuthen [Thu, 12 Aug 2010 20:51:51 +0000 (16:51 -0400)]
Add textual authentication agent and use it in pkexec(1)
This makes pkexec(1) work when e.g. logging in via ssh(1) or the linux
console but also when using `su -'. Example:
[davidz@x61 ~]$ su - bateman
Password:
[bateman@x61 ~]$ pkexec bash
==== AUTHENTICATING FOR org.freedesktop.policykit.exec ===
Authentication is needed to run `/bin/bash' as the super user
Authenticating as: root
Password:
==== AUTHENTICATION COMPLETE ===
[root@x61 ~]#
Summary of changes
- Added a PolkitAgentTextListener class
- Add new polkit_agent_listener_register() (and _unregister()) API
- Deprecate polkit_agent_register_listener API
- Allow registering authentication agents for PolkitUnixProcess subjects
and prefer such agents to ones governing the session
- Make PolkitAgentSession use the thread-default GMainContext - otherwise
it won't work in spawned threads
- (finally) use PolkitAgentTextListener in pkexec(1) if authorization
via authentication is possible but no authentication agent was
found
Signed-off-by: David Zeuthen <davidz@redhat.com>
David Zeuthen [Thu, 12 Aug 2010 20:49:25 +0000 (16:49 -0400)]
Fix scanning of unix-process subjects
In particular accept both "unix-process:<pid>,<starttime>" and
"unix-process:<pid>". For the latter, return an error if we cannot
lookup the starttime (for example if the given pid references a
non-existing process).
Signed-off-by: David Zeuthen <davidz@redhat.com>
David Zeuthen [Tue, 10 Aug 2010 15:53:40 +0000 (11:53 -0400)]
Require GLib 2.25.12
This was pointed out by Radek Novacek here
http://lists.freedesktop.org/archives/polkit-devel/2010-August/000329.html
Signed-off-by: David Zeuthen <davidz@redhat.com>
David Zeuthen [Mon, 9 Aug 2010 20:49:53 +0000 (16:49 -0400)]
Post-release version bump to 0.98
Signed-off-by: David Zeuthen <davidz@redhat.com>
David Zeuthen [Mon, 9 Aug 2010 20:19:55 +0000 (16:19 -0400)]
Update NEWS for release
Signed-off-by: David Zeuthen <davidz@redhat.com>
David Zeuthen [Mon, 9 Aug 2010 18:58:17 +0000 (14:58 -0400)]
Properly reference headers
Based on a patch from Jonathan Conder <j@skurvy.no-ip.org>, see
https://bugs.freedesktop.org/show_bug.cgi?id=25798
Signed-off-by: David Zeuthen <davidz@redhat.com>
David Zeuthen [Mon, 9 Aug 2010 18:50:52 +0000 (14:50 -0400)]
Don't dist org.freedesktop.ConsoleKit.xml; It's dead, Jim
Signed-off-by: David Zeuthen <davidz@redhat.com>
David Zeuthen [Mon, 9 Aug 2010 18:48:10 +0000 (14:48 -0400)]
Update GI annotations
Signed-off-by: David Zeuthen <davidz@redhat.com>
David Zeuthen [Mon, 9 Aug 2010 17:50:33 +0000 (13:50 -0400)]
PolkitBackend: Don't export unneeded convenience API
No need to export these classes
PolkitBackendActionPool
PolkitBackendSessionMonitor
PolkitBackendConfigSource
PolkitBackendLocalAuthorizationStore
since exporting them means we need to support their API and ABI
Signed-off-by: David Zeuthen <davidz@redhat.com>
David Zeuthen [Mon, 9 Aug 2010 17:33:41 +0000 (13:33 -0400)]
Use polkit_authority_get_sync() instead of deprecated polkit_authority_get()
Signed-off-by: David Zeuthen <davidz@redhat.com>
David Zeuthen [Mon, 9 Aug 2010 17:15:58 +0000 (13:15 -0400)]
Add g_return_if_fail() to all public API entry points
Signed-off-by: David Zeuthen <davidz@redhat.com>
David Zeuthen [Mon, 9 Aug 2010 16:15:47 +0000 (12:15 -0400)]
PolkitAuthority: Add g_return_if_fail() checks
Also fix a locking bug.
Signed-off-by: David Zeuthen <davidz@redhat.com>
David Zeuthen [Mon, 9 Aug 2010 15:27:08 +0000 (11:27 -0400)]
PolkitAuthority: Implement failable initialization
... and deprecate polkit_authority_get(). Also fix up locking in
PolkitAuthority.
Signed-off-by: David Zeuthen <davidz@redhat.com>
David Zeuthen [Sat, 7 Aug 2010 16:48:07 +0000 (12:48 -0400)]
Add a GPermission implementation
Based on code from Matthias Clasen <mclasen@redhat.com>.
Signed-off-by: David Zeuthen <davidz@redhat.com>
David Zeuthen [Fri, 6 Aug 2010 17:25:37 +0000 (13:25 -0400)]
Merge remote branch 'origin/gdbus'
David Zeuthen [Fri, 6 Aug 2010 17:24:43 +0000 (13:24 -0400)]
Update README
Signed-off-by: David Zeuthen <davidz@redhat.com>
David Zeuthen [Tue, 3 Aug 2010 20:37:49 +0000 (16:37 -0400)]
Make NameOwnerChanged a private impl detail of the interactive authority
There's no need to expose this as public API.
Signed-off-by: David Zeuthen <davidz@redhat.com>