platform/upstream/polkit.git
16 years agofix autotools screwup
David Zeuthen [Wed, 30 Apr 2008 17:21:04 +0000 (13:21 -0400)]
fix autotools screwup

I hate autotools.

16 years agofix some build stuff to so the test suites run
David Zeuthen [Wed, 30 Apr 2008 17:11:25 +0000 (13:11 -0400)]
fix some build stuff to so the test suites run

16 years agoneed to link with libkit.la for some helpers
David Zeuthen [Wed, 30 Apr 2008 16:54:08 +0000 (12:54 -0400)]
need to link with libkit.la for some helpers

16 years agoadd support for FreeBSD
Joe Marcus Clarke [Wed, 30 Apr 2008 16:46:02 +0000 (12:46 -0400)]
add support for FreeBSD

On Mon, 2008-04-21 at 15:06 -0400, David Zeuthen wrote:
> On Sat, 2008-04-19 at 01:34 -0400, Joe Marcus Clarke wrote:
> > I'm seeing a few PK problems on FreeBSD, but I'm not sure if this is a
> > problem with our port, or an issue in general.  First, all of the tests
> > David mentioned earlier (with polkit-auth) work.  The built-in tests
> > also appear to work.  PK consumers also seem to work.
> >
> > What I'm noticing is that PolicyKit-gnome doesn't update in real-time.
> > For example, if I launch polkit-gnome-authorization, then change a
> > policy, the changes don't reflect in the GUI until I restart
> > polkit-gnome-authorization.  Also, I'm not seeing any UI changes in
> > polkit-gnome-example when I click on the various buttons (though
> > polkit-gnome-manager does launch).
>
> This suggests that file monitoring of /var/lib/misc/PolicyKit.reload is
> somehow botched. Is polkit_context_io_func() in polkit-context.c ever
> called if you do
>
>  # touch /var/lib/misc/PolicyKit.reload
>
> Is it called if you manually grant/revoke an authorization using
> polkit-auth(1)? (And does /var/lib/misc/PolicyKit.reload change mtime
> in that case?)

Thanks for your advice.  I was not monitoring the reload file for
attribute changes, so I was missing the mtime change.  That is working
now.

I updated the PK diff with the portability fix.  I didn't actually use
the Solaris code as it caused a slew of compiler warnings and other
problems.  Instead, I went with creating a kit-lib.[ch] to store the
missing functions.  As for strndup(), I stuck that in kit-string.c.  I
wrapped all of these functions with configure checks to avoid
hard-coding OS checks.  This should make it easier to port PK to other
platforms.

I would still like your advice on the IO problem with PK-gnome.  I have
changed io_watch_have_data() in polkit-gnome-manager.c to return FALSE
instead of TRUE to auto-remove the IO watch.  As I said, FreeBSD's
poll() continuously indicates EOF as a G_IO_IN condition until it is
handled.  By returning FALSE here, the infinite loop is fixed, and I
didn't notice any other problems.

What problems could this cause?  Is there a better way of handling this?
Thanks.

http://www.marcuscom.com/downloads/pk/

Joe

--
Joe Marcus Clarke
FreeBSD GNOME Team      ::      gnome@FreeBSD.org
FreeNode / #freebsd-gnome
http://www.FreeBSD.org/gnome

16 years agoupdate NEWS for release POLICY_KIT_0_8
David Zeuthen [Thu, 17 Apr 2008 02:06:15 +0000 (22:06 -0400)]
update NEWS for release

16 years agobe careful about what symbols we export
David Zeuthen [Wed, 16 Apr 2008 01:03:26 +0000 (21:03 -0400)]
be careful about what symbols we export

16 years agoensure object is first in the list/hash iterator callback functions
David Zeuthen [Fri, 11 Apr 2008 23:19:58 +0000 (19:19 -0400)]
ensure object is first in the list/hash iterator callback functions

This is useful for passing free / unref functions in.

16 years agoprint warning to stderr if a policy file is malformed and we're ignoring it
David Zeuthen [Thu, 10 Apr 2008 16:47:13 +0000 (12:47 -0400)]
print warning to stderr if a policy file is malformed and we're ignoring it

16 years agofix issue where users allowed to change defaults can delete override files
David Zeuthen [Tue, 8 Apr 2008 20:57:43 +0000 (16:57 -0400)]
fix issue where users allowed to change defaults can delete override files

More details at

 https://bugzilla.novell.com/show_bug.cgi?id=295341#c25

16 years agodon't include libkit api docs
David Zeuthen [Tue, 8 Apr 2008 19:51:39 +0000 (15:51 -0400)]
don't include libkit api docs

16 years agofix build when tests are disabled
David Zeuthen [Tue, 8 Apr 2008 19:48:38 +0000 (15:48 -0400)]
fix build when tests are disabled

16 years agodon't leak the copied authorizations list on OOM
David Zeuthen [Tue, 8 Apr 2008 19:42:46 +0000 (15:42 -0400)]
don't leak the copied authorizations list on OOM

Now the test suite passes again.

16 years agoclear the right block when growing a string
David Zeuthen [Tue, 8 Apr 2008 19:41:54 +0000 (15:41 -0400)]
clear the right block when growing a string

16 years agoprint stack traces for where leaks were allocated
David Zeuthen [Tue, 8 Apr 2008 19:41:11 +0000 (15:41 -0400)]
print stack traces for where leaks were allocated

16 years agoadd support for Solaris platform
Jim Li [Tue, 8 Apr 2008 16:27:37 +0000 (12:27 -0400)]
add support for Solaris platform

Add support for Solaris platform. The patch contains some implement
for GNU library extentsion function which isn't support by Solaris,
for instance, vasprintf(), strndup(), clearenv(), and clearenv(). Also
rewriting some code which Sun compiler doesn't support, such as empty
union name.

16 years agofix for CVE-2008-1658: format string vulnerability in password input
Kees Cook [Fri, 4 Apr 2008 06:26:30 +0000 (02:26 -0400)]
fix for CVE-2008-1658: format string vulnerability in password input

http://bugs.freedesktop.org/show_bug.cgi?id=15295

16 years agoremove more debug spew
David Zeuthen [Mon, 17 Mar 2008 06:27:00 +0000 (02:27 -0400)]
remove more debug spew

16 years agoremove debug spew
David Zeuthen [Mon, 17 Mar 2008 06:26:08 +0000 (02:26 -0400)]
remove debug spew

16 years agoinvalidate memory cache after revoking one shot authorization
David Zeuthen [Mon, 17 Mar 2008 06:21:02 +0000 (02:21 -0400)]
invalidate memory cache after revoking one shot authorization

16 years agohandle kit_strdup failure.
Jim Meyering [Tue, 4 Mar 2008 13:21:29 +0000 (14:21 +0100)]
handle kit_strdup failure.

* tools/polkit-policy-file-validate.c (validate_file):

Signed-off-by: Jim Meyering <meyering@redhat.com>
Signed-off-by: David Zeuthen <davidz@redhat.com>
16 years agoavoid unnecessary/leaky use of strdup.
Jim Meyering [Tue, 4 Mar 2008 13:19:45 +0000 (14:19 +0100)]
avoid unnecessary/leaky use of strdup.

* polkit-grant-helper.c (main): Move the declaration of "buf"
to the outer scope and use a pointer into it, instead.

Signed-off-by: Jim Meyering <meyering@redhat.com>
Signed-off-by: David Zeuthen <davidz@redhat.com>
16 years ago(do_auth): rename local: s/buf/password/
Jim Meyering [Tue, 4 Mar 2008 13:09:52 +0000 (14:09 +0100)]
(do_auth): rename local: s/buf/password/

Signed-off-by: Jim Meyering <meyering@redhat.com>
Signed-off-by: David Zeuthen <davidz@redhat.com>
16 years agoremove unnecessary strdup.
Jim Meyering [Tue, 4 Mar 2008 10:14:10 +0000 (11:14 +0100)]
remove unnecessary strdup.

* src/polkit-grant/polkit-grant-helper-shadow.c (do_auth):

Signed-off-by: Jim Meyering <meyering@redhat.com>
Signed-off-by: David Zeuthen <davidz@redhat.com>
16 years agohandle kit_strdup_printf failure.
Jim Meyering [Tue, 4 Mar 2008 10:12:48 +0000 (11:12 +0100)]
handle kit_strdup_printf failure.

* src/polkit-dbus/polkit-dbus.c (polkit_caller_new_from_pid):

Signed-off-by: Jim Meyering <meyering@redhat.com>
Signed-off-by: David Zeuthen <davidz@redhat.com>
16 years agoclarify docs for POLKIT_AUTHORIZATION_CONSTRAINT_TYPE_REQUIRE_EXE
David Zeuthen [Tue, 4 Mar 2008 21:12:43 +0000 (16:12 -0500)]
clarify docs for POLKIT_AUTHORIZATION_CONSTRAINT_TYPE_REQUIRE_EXE

16 years agodon't check key/values in KitHash; they are not neccesarily pointers
David Zeuthen [Tue, 4 Mar 2008 20:10:24 +0000 (15:10 -0500)]
don't check key/values in KitHash; they are not neccesarily pointers

16 years agofix typo in docs for polkit_dbus_error_parse_from_strings()
David Zeuthen [Fri, 29 Feb 2008 18:56:24 +0000 (13:56 -0500)]
fix typo in docs for polkit_dbus_error_parse_from_strings()

16 years agoalso add polkit_dbus_error_parse_from_strings() function
David Zeuthen [Thu, 28 Feb 2008 17:28:39 +0000 (12:28 -0500)]
also add polkit_dbus_error_parse_from_strings() function

This is useful when using D-Bus bindings, such as dbus-glib, that
don't expose the DBusError object directly.

16 years agoadd convenience API to consistently report authorization failures over D-Bus
David Zeuthen [Thu, 28 Feb 2008 01:05:30 +0000 (20:05 -0500)]
add convenience API to consistently report authorization failures over D-Bus

16 years agomake polkit-policy-file-validate require that actions are properly packaged
David Zeuthen [Tue, 26 Feb 2008 22:19:31 +0000 (17:19 -0500)]
make polkit-policy-file-validate require that actions are properly packaged

Meaning this bit was added to the spec:

   The name of the XML file is significant. Each XML file can only
   declare actions from the namespace of it's own name; for example
   actions org.foobar.action-a, org.foobar.action-b and
   org.foobar.action-c would all go into the file org.foobar.policy
   while actions com.my-company.product-awesome.action-a,
   com.mycompany.product-awesome.action-b would go into the file
   com.mycompany.product-awesome.policy.

This is the output of the validator on a broken .policy file

  $ polkit-policy-file-validate /usr/share/PolicyKit/policy/gnome-clock-applet-mechanism.policy
  WARNING: The action org.gnome.clockapplet.mechanism.configurehwclock does not
           belong in a policy file named gnome-clock-applet-mechanism.policy.
           A future version of PolicyKit will ignore this action.

  WARNING: The action org.gnome.clockapplet.mechanism.settime does not
           belong in a policy file named gnome-clock-applet-mechanism.policy.
           A future version of PolicyKit will ignore this action.

  WARNING: The action org.gnome.clockapplet.mechanism.settimezone does not
           belong in a policy file named gnome-clock-applet-mechanism.policy.
           A future version of PolicyKit will ignore this action.

  ERROR: /usr/share/PolicyKit/policy/gnome-clock-applet-mechanism.policy did not validate

We currently don't enforce this but will in a future version. The
rationale is that we can avoid loading all .policy files at startup
which would be a performance win.

16 years agofix doc in bugs for PolKitContextAddIOWatch
David Zeuthen [Tue, 26 Feb 2008 21:45:49 +0000 (16:45 -0500)]
fix doc in bugs for PolKitContextAddIOWatch

pointed out by Dan Winship.

16 years agoavoid reliance on DT_REG so we work on reiserfs as well
Holger Macht [Tue, 26 Feb 2008 21:05:23 +0000 (16:05 -0500)]
avoid reliance on DT_REG so we work on reiserfs as well

(with minor fixes from davidz for avoiding memory leaks)

Recently I wondered why PolicyKit (especially polkit-auth) does not work
on my system. While debugging, I noticed that the corresponding code works
in my home directory, but not in the root filesystem.

readdir() and its d_type are the culprits. Quoting the readdir manpage:

[...]
Other than Linux, the d_type field is available mainly only on BSD
systems.  This field makes it possible to avoid the expense of calling
stat() if further actions depend on the type of the file.
[...]

Filesystems may fill DT_UNKNOWN into this field, which reiserfs does, so
call stat instead, which always does the right thing.

Signed-off-by: Holger Macht <hmacht@suse.de>
16 years agoavoid use normal timeout when showing auth dialog; use INT_MAX instead
David Zeuthen [Tue, 26 Feb 2008 20:48:39 +0000 (15:48 -0500)]
avoid use normal timeout when showing auth dialog; use INT_MAX instead

Reported by Dan P. Berrange.

16 years agoactually check for bash in polkit-bash-completion.sh
David Zeuthen [Tue, 18 Dec 2007 18:50:38 +0000 (13:50 -0500)]
actually check for bash in polkit-bash-completion.sh

Some zsh users complained about this

https://bugzilla.redhat.com/show_bug.cgi?id=418471

16 years agoalso add the new C file for the shadow helper
Carlos Corbacho [Mon, 17 Dec 2007 17:14:04 +0000 (12:14 -0500)]
also add the new C file for the shadow helper

16 years agoadd Shadow authentication framework
Carlos Corbacho [Mon, 17 Dec 2007 03:59:30 +0000 (22:59 -0500)]
add Shadow authentication framework

Add Piter PUNK's polkit-grant-helper-shadow, and link against the
appropriate libraries.

For now, the Shadow framework must be explictily called - in future,
this could also be added as a fallback if PAM is not available.

16 years agomake polkit-grant-helper-pam world readable
David Zeuthen [Mon, 17 Dec 2007 03:40:10 +0000 (22:40 -0500)]
make polkit-grant-helper-pam world readable

This is to avoid breaking various backup and IDS software - proposed
by Michael Biebl <mbiebl@gmail.com>.

16 years agosplit out authentication framework from authorisation database
Carlos Corbacho [Mon, 17 Dec 2007 02:21:16 +0000 (21:21 -0500)]
split out authentication framework from authorisation database

As per discussions with David Zeuthen, alter the build system so that we
can have different authentication frameworks for the authorisation
databases.

For now, the dummy database will only accept 'none' for the authentication
framework (this will be autoselected if not specified, and configure will
throw an error if any other framework than 'none' is specified is passed
in).

For the default database, the only available framework for now is 'pam'
(as with 'none' and dummy, 'pam' will be autoselected if specified as the
framework. If 'none' is passed as a framework, configure will reject this
and fail).

PAM specific code is now also marked with POLKIT_AUTHFW_PAM, so that it
can be easily compiled out if other frameworks are added in future.

16 years agoremove unncessary PAM header inclusions
Carlos Corbacho [Mon, 17 Dec 2007 02:11:31 +0000 (21:11 -0500)]
remove unncessary PAM header inclusions

Many files are needlessly including PAM headers, when the code in question
has no PAM dependency - remove the PAM includes from these.

16 years agomake the docs show an index of new symbols in 0.8
David Zeuthen [Fri, 7 Dec 2007 18:37:19 +0000 (13:37 -0500)]
make the docs show an index of new symbols in 0.8

16 years agofix typo in docs
David Zeuthen [Fri, 7 Dec 2007 18:35:36 +0000 (13:35 -0500)]
fix typo in docs

16 years agoadd docs and bash completion bits for new exe and selinux_context constraints
David Zeuthen [Fri, 7 Dec 2007 18:25:17 +0000 (13:25 -0500)]
add docs and bash completion bits for new exe and selinux_context constraints

16 years agoadd additional checks when using strtoul
David Zeuthen [Fri, 7 Dec 2007 17:00:36 +0000 (12:00 -0500)]
add additional checks when using strtoul

Pointed out by Martin Pitt <martin.pitt@ubuntu.com>.

16 years agoadd note about new polkit-resolve-exe-helper
David Zeuthen [Fri, 7 Dec 2007 06:37:37 +0000 (01:37 -0500)]
add note about new polkit-resolve-exe-helper

16 years agoadd constraints for exe and SELinux context when granting an authorization
David Zeuthen [Fri, 7 Dec 2007 06:35:30 +0000 (01:35 -0500)]
add constraints for exe and SELinux context when granting an authorization

The way it works is that added constraints now look like this

scope=always:action-id=org.pulseaudio.acquire-high-priority:when=1197004781:auth-as=0:constraint=local:constraint=active:constraint=exe%3A%2Fusr%2Fbin%2Fpulseaudio:constraint=selinux_context%3Asystem_u%3Asystem_r%3Aunconfined_t

or if not using SELinux like this

scope=always:action-id=org.freedesktop.hal.storage.mount-fixed:when=1197008218:auth-as=0:constraint=local:constraint=active:constraint=exe%3A%2Fusr%2Fbin%2Fgnome-mount

This is a bit icky to implement for mechanisms, like HAL, running as
an unprivileged user. The problem is that we can't resolve the symlink
/proc/pid/exe. On the other hands such mechanisms has the
authorization org.freedesktop.policykit.read already. So use that.

Note that this is what some people call snake-oil. The reason is in the
docs for polkit_sysdeps_get_pid_for_exe(); copying it here so I can point
people to this commit in the future

  Get the name of the binary a given process was started from.

  Note that this is not necessary reliable information and as such
  shouldn't be relied on 100% to make a security decision. In fact,
  this information is only trustworthy in situations where the given
  binary is securely locked down meaning that 1) it can't be
  ptrace(2)'d; 2) libc secure mode kicks in (e.g LD_PRELOAD won't
  work); 3) there are no other attack vectors (e.g. GTK_MODULES, X11,
  CORBA, D-Bus) to patch running code into the process.

  In other words: the risk of relying on constraining an authorization
  to the output of this function is high. Suppose that the program
  /usr/bin/gullible obtains an authorization via authentication for
  the action org.example.foo. We add a constraint to say that the
  gained authorization only applies to processes for whom
  /proc/pid/exe points to /usr/bin/gullible. Now enter
  /usr/bin/evil. It knows that the program /usr/bin/gullible is not
  "securely locked down" (per the definition in the above
  paragraph). So /usr/bin/evil simply sets LD_PRELOAD and execs
  /usr/bin/gullible and it can now run code in a process where
  /proc/pid/exe points to /usr/bin/gullible. Thus, the recently gained
  authorization for org.example.foo applies. Also, /usr/bin/evil could
  use a host of other attack vectors to run it's own code under the
  disguise of pretending to be /usr/bin/gullible.

  Specifically for interpreted languages like Python and Mono it is
  the case that /proc/pid/exe always points to /usr/bin/python
  resp. /usr/bin/mono. Thus, it's not very useful to rely on that the
  result for this function if you want to constrain an authorization
  to e.g. /usr/bin/tomboy or /usr/bin/banshee.

However. Once we have a framework for running secure desktop apps this
will start to make sense. Such a framework includes securing X (using
e.g. XACE with SELinux) and making the UI toolkit secure as well. It's
a lot of work.

Until then these constraints at least makes it harder to for malicious
apps to abuse PolicyKit authorizations gained by other users.

16 years agoadd bogus Returns: to make gtk-doc happy
David Zeuthen [Fri, 7 Dec 2007 06:29:45 +0000 (01:29 -0500)]
add bogus Returns: to make gtk-doc happy

16 years agouse strlen to avoid writing garbage at the end of the test auth file
David Zeuthen [Fri, 7 Dec 2007 00:52:07 +0000 (19:52 -0500)]
use strlen to avoid writing garbage at the end of the test auth file

While this seems like a grave bug it is not. First, this only affects
the test cases and the file is guaranteed to be zero terminated before
the garbage anyway.

16 years agopost release version bump to 0.8
David Zeuthen [Fri, 7 Dec 2007 00:01:54 +0000 (19:01 -0500)]
post release version bump to 0.8

16 years agobe more precise about permissions in the blurb at the end of configure
David Zeuthen [Thu, 6 Dec 2007 23:59:12 +0000 (18:59 -0500)]
be more precise about permissions in the blurb at the end of configure

Suggested by Michael Biebl <mbiebl@gmail.com>.

16 years agoupdate NEWS file POLICY_KIT_0_7
David Zeuthen [Thu, 6 Dec 2007 05:07:57 +0000 (00:07 -0500)]
update NEWS file

16 years agoupdate completion + man page since polkit-auth(1) takes >1 --constraint args
David Zeuthen [Thu, 6 Dec 2007 04:58:44 +0000 (23:58 -0500)]
update completion + man page since polkit-auth(1) takes >1 --constraint args

16 years agoupdate TODO to mention Piter PUNK's patch
David Zeuthen [Thu, 6 Dec 2007 04:36:32 +0000 (23:36 -0500)]
update TODO to mention Piter PUNK's patch

16 years agoupdate TODO
David Zeuthen [Thu, 6 Dec 2007 04:34:55 +0000 (23:34 -0500)]
update TODO

16 years agofix dummy backend so it builds
David Zeuthen [Thu, 6 Dec 2007 04:33:24 +0000 (23:33 -0500)]
fix dummy backend so it builds

16 years agorefactor constraints API so there is one entry per constraint in the auth file
David Zeuthen [Thu, 6 Dec 2007 03:44:50 +0000 (22:44 -0500)]
refactor constraints API so there is one entry per constraint in the auth file

This makes things a lot more future proof and, perhaps, also easier to
understand.

16 years agodon't require .policy files for auth lookups
David Zeuthen [Wed, 5 Dec 2007 00:39:40 +0000 (19:39 -0500)]
don't require .policy files for auth lookups

With this change, 'make check' now works even when PolicyKit isn't
installed (as it should). Before this change it failed because the
.policy files for org.freedesktop.policykit.read and .grant was not
available.

16 years agodowngrade to session scope when granting authorizations for blank passwords
David Zeuthen [Sat, 1 Dec 2007 05:17:02 +0000 (00:17 -0500)]
downgrade to session scope when granting authorizations for blank passwords

See https://bugzilla.redhat.com/show_bug.cgi?id=401811 for details

16 years agofix a bug where KitList elements were not properly freed
David Zeuthen [Sat, 1 Dec 2007 05:03:32 +0000 (00:03 -0500)]
fix a bug where KitList elements were not properly freed

16 years agoremove glib dep from libpolkit-dbus
David Zeuthen [Sat, 1 Dec 2007 01:49:05 +0000 (20:49 -0500)]
remove glib dep from libpolkit-dbus

16 years agoimplement kit_hash_foreach_remove()
David Zeuthen [Sat, 1 Dec 2007 01:38:01 +0000 (20:38 -0500)]
implement kit_hash_foreach_remove()

16 years agoadd a new KitString class
David Zeuthen [Sat, 1 Dec 2007 00:24:38 +0000 (19:24 -0500)]
add a new KitString class

16 years agoadd some more test cases for p-a-db.c
David Zeuthen [Fri, 30 Nov 2007 21:43:17 +0000 (16:43 -0500)]
add some more test cases for p-a-db.c

16 years agofix OOM handling in p-a-db.c and only invalidate the cache when necessary
David Zeuthen [Fri, 30 Nov 2007 20:40:03 +0000 (15:40 -0500)]
fix OOM handling in p-a-db.c and only invalidate the cache when necessary

16 years agoadd some more test env variables so we can bypass ConsoleKit in the tests
David Zeuthen [Fri, 30 Nov 2007 19:59:20 +0000 (14:59 -0500)]
add some more test env variables so we can bypass ConsoleKit in the tests

16 years agoupdate .gitignore files
David Zeuthen [Thu, 29 Nov 2007 21:01:47 +0000 (16:01 -0500)]
update .gitignore files

16 years agoadd .gitignore files to get test tree structure in the repo
David Zeuthen [Thu, 29 Nov 2007 20:59:59 +0000 (15:59 -0500)]
add .gitignore files to get test tree structure in the repo

16 years agofix unit tests for polkit-authorization-db.c
David Zeuthen [Thu, 29 Nov 2007 20:47:15 +0000 (15:47 -0500)]
fix unit tests for polkit-authorization-db.c

16 years agoadd test-friendly abstractions for getpwnam and getpwuid
David Zeuthen [Thu, 29 Nov 2007 05:07:40 +0000 (00:07 -0500)]
add test-friendly abstractions for getpwnam and getpwuid

16 years agoonly fail the Nth alloc, not all allocs greater than N
David Zeuthen [Thu, 29 Nov 2007 05:06:54 +0000 (00:06 -0500)]
only fail the Nth alloc, not all allocs greater than N

16 years agoavoid logging to syslog even for invalid files
David Zeuthen [Thu, 29 Nov 2007 03:32:52 +0000 (22:32 -0500)]
avoid logging to syslog even for invalid files

16 years agorelicense everything to the MIT/X11 license
David Zeuthen [Wed, 28 Nov 2007 21:50:50 +0000 (16:50 -0500)]
relicense everything to the MIT/X11 license

16 years agoadd (partial) test cases for polkit-authorization-db.c
David Zeuthen [Sun, 25 Nov 2007 21:06:42 +0000 (16:06 -0500)]
add (partial) test cases for polkit-authorization-db.c

16 years agobuild with -rdynamic for maint mode and use this to print a stack trace
David Zeuthen [Sun, 25 Nov 2007 21:06:12 +0000 (16:06 -0500)]
build with -rdynamic for maint mode and use this to print a stack trace

16 years agofix a bug where the childs environment wasn't inherited
David Zeuthen [Sat, 24 Nov 2007 17:36:41 +0000 (12:36 -0500)]
fix a bug where the childs environment wasn't inherited

16 years agoadd test harness for polkit-utils
David Zeuthen [Sat, 24 Nov 2007 16:13:40 +0000 (11:13 -0500)]
add test harness for polkit-utils

16 years agowrite newline since kit_string_entry_create doesn't do that any more
David Zeuthen [Sat, 24 Nov 2007 16:08:51 +0000 (11:08 -0500)]
write newline since kit_string_entry_create doesn't do that any more

16 years agoavoid adding newline at the end of generated entry
David Zeuthen [Fri, 23 Nov 2007 00:15:36 +0000 (19:15 -0500)]
avoid adding newline at the end of generated entry

16 years agoupdate TODO
David Zeuthen [Thu, 22 Nov 2007 04:23:09 +0000 (23:23 -0500)]
update TODO

16 years agoalso encode \n\r\t characters
David Zeuthen [Thu, 22 Nov 2007 02:38:08 +0000 (21:38 -0500)]
also encode \n\r\t characters

16 years agorework the .auths file format to use key/value pairs and make it future-proof
David Zeuthen [Thu, 22 Nov 2007 01:33:35 +0000 (20:33 -0500)]
rework the .auths file format to use key/value pairs and make it future-proof

16 years agoset errno to ENOMEM when forcibly failing an allocation
David Zeuthen [Thu, 22 Nov 2007 01:11:04 +0000 (20:11 -0500)]
set errno to ENOMEM when forcibly failing an allocation

16 years agoadd support for percent encoding/decoding and colon separated kv-lists
David Zeuthen [Wed, 21 Nov 2007 22:08:22 +0000 (17:08 -0500)]
add support for percent encoding/decoding and colon separated kv-lists

16 years agomake dummy backend work
David Zeuthen [Wed, 21 Nov 2007 03:58:27 +0000 (22:58 -0500)]
make dummy backend work

16 years agofix 'make check-coverage'
David Zeuthen [Wed, 21 Nov 2007 03:46:50 +0000 (22:46 -0500)]
fix 'make check-coverage'

16 years agoremove Since gtk-doc tags from the internal libkit library
David Zeuthen [Wed, 21 Nov 2007 02:40:42 +0000 (21:40 -0500)]
remove Since gtk-doc tags from the internal libkit library

16 years agodefine abstract Authentication Agent interface and make polkit-auth(1) use it
David Zeuthen [Tue, 20 Nov 2007 21:38:44 +0000 (16:38 -0500)]
define abstract Authentication Agent interface and make polkit-auth(1) use it

Also provide a convenience function to access it: polkit_auth_obtain().

16 years agomake PolKitAuthorization a bit more future proof by adding get_type()
David Zeuthen [Tue, 20 Nov 2007 06:00:33 +0000 (01:00 -0500)]
make PolKitAuthorization a bit more future proof by adding get_type()

16 years agoprovide a way to force a reload of all caches etc.
David Zeuthen [Tue, 20 Nov 2007 05:25:34 +0000 (00:25 -0500)]
provide a way to force a reload of all caches etc.

16 years agoadd support for negative authorizations
David Zeuthen [Tue, 20 Nov 2007 04:25:30 +0000 (23:25 -0500)]
add support for negative authorizations

Negative authorizations is a way to block an entity; previously the
algorithm was something like (ignoring the config file for now)

  Result is_authorized() {
    res = has_implicit_auth();
    if (res == YES) {
      return YES;
    } else if (has_explicit_auth()) {
      return YES;
    }
    return res;
  }

Now it's

  Result is_authorized() {
    res = has_implicit_auth();
    expl = has_explicit_auth();
    is_blocked = has_negative_explicit_auth();

    if (is_blocked)
      return NO;

    if (res == YES) {
      return YES;
    } else if (has_explicit_auth()) {
      return YES;
    }
    return res;
  }

E.g. just a single negative auth will force NO to be returned. I
really, really need to write into the spec how this works; my mental
L1 cache can't contain it anymore. Once it's formally defined we need
to craft a test suite to verify that the code works according to
spec...

16 years agoexport the policydir in the .pc file
David Zeuthen [Mon, 19 Nov 2007 17:47:18 +0000 (12:47 -0500)]
export the policydir in the .pc file

This is useful when building a project using polkit in a different
prefix. Lennart asked for it.

16 years agorequire org.fd.pk.revoke to revoke auths for self if granted by someone else
David Zeuthen [Mon, 19 Nov 2007 05:27:56 +0000 (00:27 -0500)]
require org.fd.pk.revoke to revoke auths for self if granted by someone else

16 years agoprovide convenience functions for auth checking and port helpers to use them
David Zeuthen [Mon, 19 Nov 2007 00:16:23 +0000 (19:16 -0500)]
provide convenience functions for auth checking and port helpers to use them

Basically, checking auths with polkit is now a one-liner:

    if (polkit_check_auth (getpid (), "com.acme.some-action", NULL) == 0) {
        fprintf (stderr, "Not authorized; go away\n");
        exit (1);
    }

This can be used for making a lot of the legacy UNIX tools PolicyKit
aware. For example, vixie-cron could make crontab(1) (a setuid
program) check whether the calling user is authorized for the action

 org.isc.vixie-cron.edit-own-crontab

This is a nice way to provide least privilege and still put the system
administrator in control via polkit-auth(1), polkit-action(1) and the
GTK+ "Manage Authorizations" utility:

 http://people.redhat.com/davidz/polkitg-auth-1.png
 http://people.redhat.com/davidz/polkitg-auth-2.png
 http://people.redhat.com/davidz/polkitg-auth-3.png

16 years agoadd support for vendor, vendor_url and icon_name tags in .policy files
David Zeuthen [Sun, 18 Nov 2007 02:17:50 +0000 (21:17 -0500)]
add support for vendor, vendor_url and icon_name tags in .policy files

16 years agorestrict new API to the default backend only
David Zeuthen [Sat, 17 Nov 2007 21:47:51 +0000 (16:47 -0500)]
restrict new API to the default backend only

16 years agoadd API for overriding defaults and make polkit-action(1) use this API.
David Zeuthen [Sat, 17 Nov 2007 21:43:25 +0000 (16:43 -0500)]
add API for overriding defaults and make polkit-action(1) use this API.

16 years agofix a grave bug where the wrong authorizations were returned
David Zeuthen [Sat, 17 Nov 2007 16:50:29 +0000 (11:50 -0500)]
fix a grave bug where the wrong authorizations were returned

We were modifying the 'uid' parameter in _authdb_get_auths_for_uid();
I bet that if we had unit tests this bug would have been caught
earlier...

17 years agofix parallel build
David Zeuthen [Mon, 12 Nov 2007 18:43:10 +0000 (13:43 -0500)]
fix parallel build

https://bugs.freedesktop.org/show_bug.cgi?id=13082

17 years agocreate /var/lib/misc on 'make install'
David Zeuthen [Mon, 12 Nov 2007 18:14:22 +0000 (13:14 -0500)]
create /var/lib/misc on 'make install'

http://bugs.freedesktop.org/show_bug.cgi?id=13113

17 years agobuild system fixes and refuse to install if built with --enable-tests
David Zeuthen [Mon, 12 Nov 2007 18:10:46 +0000 (13:10 -0500)]
build system fixes and refuse to install if built with --enable-tests

17 years agoadd unit test framework to the rest of the library sources
David Zeuthen [Mon, 12 Nov 2007 01:08:02 +0000 (20:08 -0500)]
add unit test framework to the rest of the library sources