From 26a1e63b29488285b75fb3afb20355931ec286dc Mon Sep 17 00:00:00 2001 From: David Zeuthen Date: Wed, 29 Mar 2006 16:15:28 +0000 Subject: [PATCH] Add docbook detection New files Free the questions to prevent memory leak --- ChangeLog | 9 ++ configure.in | 34 ++++++ doc/spec/polkit-spec.html | 275 +++++++++++++++++++++++++++++++++++++++++++- doc/spec/polkit-spec.xml.in | 86 +++++++++++++- polkitd/polkit-session.c | 4 +- 5 files changed, 399 insertions(+), 9 deletions(-) diff --git a/ChangeLog b/ChangeLog index 4441fc2..443e51b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,12 @@ +2006-03-29 David Zeuthen + + * configure.in: Add docbook detection + + * doc/spec/*: New files + + * polkitd/polkit-session.c (polkit_session_finalize): Free the + questions to prevent memory leak + 2006-03-27 Richard Hughes * .cvsignore, doc/.cvsignore, libpolkit/.cvsignore, diff --git a/configure.in b/configure.in index f253620..17e4080 100644 --- a/configure.in +++ b/configure.in @@ -48,6 +48,7 @@ AC_DEFINE_UNQUOTED(POLKIT_GROUP,"$POLKIT_GROUP", [Group for PolicyKit]) # Taken from dbus AC_ARG_ENABLE(ansi, [ --enable-ansi enable -ansi -pedantic gcc flags],enable_ansi=$enableval,enable_ansi=no) AC_ARG_ENABLE(verbose-mode, [ --enable-verbose-mode support verbose debug mode],enable_verbose_mode=$enableval,enable_verbose_mode=$USE_MAINTAINER_MODE) +AC_ARG_ENABLE(docbook-docs, [ --enable-docbook-docs build documentation (requires docbook2html)],enable_docbook_docs=$enableval,enable_docbook_docs=auto) GTK_DOC_CHECK([1.3]) @@ -147,6 +148,35 @@ AC_SUBST(DBUS_GLIB_LIBS) AC_CHECK_FUNCS(getgrouplist) +# DocBook Documentation + +AC_PATH_PROG(DOCBOOK, docbook2html, no) + +AC_MSG_CHECKING([whether to build DocBook documentation]) + +if test x$DOCBOOK = xno ; then + have_docbook=no +else + have_docbook=yes +fi + +if test x$enable_docbook_docs = xauto ; then + if test x$have_docbook = xno ; then + enable_docbook_docs=no + else + enable_docbook_docs=yes + fi +fi + +if test x$enable_docbook_docs = xyes; then + if test x$have_docbook = xno; then + AC_MSG_ERROR([Building DocBook docs explicitly required, but DocBook not found]) + fi +fi + +AM_CONDITIONAL(DOCBOOK_DOCS_ENABLED, test x$enable_docbook_docs = xyes) +AC_MSG_RESULT(yes) + AS_AC_EXPAND(LOCALSTATEDIR, $localstatedir) AS_AC_EXPAND(SYSCONFDIR, $sysconfdir) AS_AC_EXPAND(DATADIR, $datadir) @@ -324,6 +354,8 @@ libpolkit/Makefile tools/Makefile doc/Makefile doc/api/Makefile +doc/spec/Makefile +doc/spec/polkit-spec.xml privileges/Makefile ]) @@ -346,6 +378,7 @@ echo " compiler: ${CC} cflags: ${CFLAGS} cppflags: ${CPPFLAGS} + DocBook: ${DOCBOOK} user for PolicyKit: ${POLKIT_USER} group for PolicyKit: ${POLKIT_GROUP} pidfile for polkitd: ${POLKITD_PID_FILE} @@ -361,6 +394,7 @@ echo " Maintainer mode: ${USE_MAINTAINER_MODE} Building verbose mode: ${enable_verbose_mode} Building api docs: ${enable_gtk_doc} + Building docs: ${enable_docbook_docs} " # (distro-tweaks required) diff --git a/doc/spec/polkit-spec.html b/doc/spec/polkit-spec.html index ba96e0a..2e8394d 100644 --- a/doc/spec/polkit-spec.html +++ b/doc/spec/polkit-spec.html @@ -76,8 +76,8 @@ HREF="#AEN15" >
Theory of operationTheory of Operation
Resources
Privileges
Privilege Descriptors
File Format
Criteria for Possesing a Privilege
Required Privileges
Obtaining Privileges
Granting Privileges
Privileges defined by PolicyKit

Theory of operation

Theory of Operation

PolicyKit service to release the - privilege for the user as it is no longer needed. + privilege for the user as it is no longer needed. Should the + process crash while holding a privilege, + the PolicyKit service will be notifed and + the privilege will automatically be revoked.

Hence,

In addition, privileges may be restricted to + certain resources; this is discussed in + more detail in XXX. +

Resources

PolicyKit allows granting privileges only on + certain resources. For example, for HAL, + it is possible to grant the + privilege hal-storage-fixed-mount to the + user with uid 500 but only for the HAL device object + representing e.g. the /dev/hda3 partition. +

+ Resource identifers are prefixed with a name identifying what + service they belong to. The following resource identifiers are + defined +

  • hal:// +

    HAL Unique Device Identifiers also known as HAL UDI's. Example: hal:///org/freedesktop/Hal/devices/volume_uuid_1a28b356_9955_44f9_b268_6ed6639978f5 +

Privileges

Privilege Descriptors

+ Applications, such as HAL, installs privilege descriptors using the polkit-policy-descriptor-install commandline utility. The descriptor contains the following information +

  • Criteria for determining if a given user possess the privilege on a given resource. +

  • What other privileges a given user must also possess. +

  • Information on whether the user can obtain the privilege, and if he can, whether only temporarily or permanently. +

  • Whether a user with the privilege may permanently grant it to other users. +

File Format

A developer of a system-wide application wanting to define a + privilege must create a privilege descriptor. This is a a + simple .ini-like config file. Here is what + the skeleton looks like: + 


	[Policy]
+	Allow=
+	Deny=
+	RequirePrivileges=
+	CanGrantToOthers=
+	CanObtain=
+	ObtainRequireRoot=
+	ObtainPAMService=
+

Privileges defined by PolicyKit

baz +

- + Theory of operation @@ -143,7 +143,10 @@ privilege (after successful authentication) he can now invoke Mount and after this succeeds he may tell the PolicyKit service to release the - privilege for the user as it is no longer needed. + privilege for the user as it is no longer needed. Should the + process crash while holding a privilege, + the PolicyKit service will be notifed and + the privilege will automatically be revoked. @@ -156,6 +159,12 @@ + In addition, privileges may be restricted to + certain resources; this is discussed in + more detail in XXX. + + + @@ -165,5 +174,78 @@ + + + + Resources + + PolicyKit allows granting privileges only on + certain resources. For example, for HAL, it + is possible to grant the + privilege hal-storage-fixed-mount to the user + with uid 500 but only for the HAL device object representing + e.g. the /dev/hda3 partition. + + + Resource Identifiers + Resource identifers are prefixed with a name identifying + what service they belong to. The following resource + identifiers are defined + + + + + + hal:// + HAL Unique Device Identifiers also known as HAL UID's. Example: hal:///org/freedesktop/Hal/devices/volume_uuid_1a28b356_9955_44f9_b268_6ed6639978f5 + + + + + + + + + + + Privileges + + + Privilege Descriptors + + Applications, such as HAL, installs privilege descriptors using the polkit-policy-descriptor-install commandline utility. The descriptor contains the following information + + + + + + What users and groups possess the privilege + + + + + + foo + + + + + + + + Temporary Privileges + + bar + + + + + Privileges defined by PolicyKit + + baz + + + + diff --git a/polkitd/polkit-session.c b/polkitd/polkit-session.c index 3521830..458e854 100644 --- a/polkitd/polkit-session.c +++ b/polkitd/polkit-session.c @@ -117,8 +117,8 @@ polkit_session_finalize (PolicyKitSession *session) g_free (session->priv->auth_denied_reason); if (session->priv->auth_questions != NULL) { - //g_slist_foreach (session->priv->auth_questions, (GFunc) g_free, NULL); - //g_free (session->priv->auth_questions); + g_slist_foreach (session->priv->auth_questions, (GFunc) g_free, NULL); + g_slist_free (session->priv->auth_questions); } g_free (session->priv); -- 2.7.4