diff options
author | David Zeuthen <david@fubar.dk> | 2006-06-06 11:55:50 +0000 |
---|---|---|
committer | David Zeuthen <david@fubar.dk> | 2006-06-06 11:55:50 +0000 |
commit | 8be672ff73c76f99b15f72cc9fb1b3eb4d1a778c (patch) | |
tree | 1dbb87f33035d439758796e5ed08bd4b39f37fff /doc | |
parent | 1c3d5691ad444ae2849d079e3745d6b476614623 (diff) | |
download | polkit-8be672ff73c76f99b15f72cc9fb1b3eb4d1a778c.tar.gz |
Patch from Frederic Peters <fpeters@entrouvert.com>.
http://jhbuild.bxlug.be/builds/2006-06-06-0000/logs/PolicyKit/#build
shows a error when building newest PolicyKit with Debian PAM libraries.
Attached patch adds new configure checks; pam-polkit-console.c may need
alternate behaviour if pam_vsyslog is missing (using straight
vsyslog?).
configure.in,
Diffstat (limited to 'doc')
-rw-r--r-- | doc/TODO | 3 | ||||
-rw-r--r-- | doc/spec/polkit-spec.html | 26 |
2 files changed, 16 insertions, 13 deletions
@@ -35,3 +35,6 @@ PENDING - implement D-BUS interfaces suitable for a GUI privilege editor - write more tests; audit code + + - Maybe use straight vsyslog from pam-polkit-console.c if pam_vsyslog + is missing (as recommened by Frederic Peters <fpeters@entrouvert.com>) diff --git a/doc/spec/polkit-spec.html b/doc/spec/polkit-spec.html index 71d0776..3646f64 100644 --- a/doc/spec/polkit-spec.html +++ b/doc/spec/polkit-spec.html @@ -1,10 +1,10 @@ <html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>PolicyKit 0.2 Specification</title><meta name="generator" content="DocBook XSL Stylesheets V1.69.1"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="book" lang="en"><div class="titlepage"><div><div><h1 class="title"><a name="index"></a>PolicyKit 0.2 Specification</h1></div><div><div class="authorgroup"><div class="author"><h3 class="author"><span class="firstname">David</span> <span class="surname">Zeuthen</span></h3><div class="affiliation"><div class="address"><p><br> <code class="email"><<a href="mailto:david@fubar.dk">david@fubar.dk</a>></code><br> - </p></div></div></div></div></div><div><p class="releaseinfo">Version 0.2</p></div></div><hr></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="chapter"><a href="#introduction">1. Introduction</a></span></dt><dd><dl><dt><span class="sect1"><a href="#id2789999">About</a></span></dt></dl></dd><dt><span class="chapter"><a href="#operation">2. Theory of operation</a></span></dt><dd><dl><dt><span class="sect1"><a href="#id2790022">Privileges</a></span></dt><dt><span class="sect1"><a href="#id2820713">Architecture</a></span></dt><dt><span class="sect1"><a href="#id2785230">Example</a></span></dt></dl></dd><dt><span class="chapter"><a href="#resources">3. Resources</a></span></dt><dd><dl><dt><span class="sect1"><a href="#id2785455">Resource Identifiers</a></span></dt></dl></dd><dt><span class="chapter"><a href="#privileges">4. Privileges</a></span></dt><dd><dl><dt><span class="sect1"><a href="#id2789259">Privilege Descriptors</a></span></dt><dt><span class="sect1"><a href="#id2789336">File Format</a></span></dt><dd><dl><dt><span class="sect2"><a href="#id2789361"><code class="literal">RequiredPrivileges</code>: Required Privileges</a></span></dt><dt><span class="sect2"><a href="#id2789390"><code class="literal">SufficientPrivileges</code>: Sufficient Privileges</a></span></dt><dt><span class="sect2"><a href="#id2789423"><code class="literal">Allow, Deny</code>: Criteria for Possesing a Privilege</a></span></dt><dt><span class="sect2"><a href="#can-obtain"><code class="literal">CanObtain</code>: Obtaining Privileges</a></span></dt><dt><span class="sect2"><a href="#id2785054"><code class="literal">CanGrant</code>: Granting Privileges</a></span></dt><dt><span class="sect2"><a href="#id2829707"><code class="literal">ObtainRequireRoot</code>: Authentication Requirements</a></span></dt></dl></dd><dt><span class="sect1"><a href="#privs-by-polkit">Privileges defined by PolicyKit</a></span></dt><dd><dl><dt><span class="sect2"><a href="#priv-desktop-console"><code class="literal">desktop-console</code> : Users at a local console</a></span></dt></dl></dd></dl></dd></dl></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="introduction"></a>Chapter 1. Introduction</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="#id2789999">About</a></span></dt></dl></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2789999"></a>About</h2></div></div></div><p> + </p></div></div></div></div></div><div><p class="releaseinfo">Version 0.2</p></div></div><hr></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="chapter"><a href="#introduction">1. Introduction</a></span></dt><dd><dl><dt><span class="sect1"><a href="#id2484164">About</a></span></dt></dl></dd><dt><span class="chapter"><a href="#operation">2. Theory of operation</a></span></dt><dd><dl><dt><span class="sect1"><a href="#id2484188">Privileges</a></span></dt><dt><span class="sect1"><a href="#id2514878">Architecture</a></span></dt><dt><span class="sect1"><a href="#id2479395">Example</a></span></dt></dl></dd><dt><span class="chapter"><a href="#resources">3. Resources</a></span></dt><dd><dl><dt><span class="sect1"><a href="#id2479620">Resource Identifiers</a></span></dt></dl></dd><dt><span class="chapter"><a href="#privileges">4. Privileges</a></span></dt><dd><dl><dt><span class="sect1"><a href="#id2483424">Privilege Descriptors</a></span></dt><dt><span class="sect1"><a href="#id2483501">File Format</a></span></dt><dd><dl><dt><span class="sect2"><a href="#id2483526"><code class="literal">RequiredPrivileges</code>: Required Privileges</a></span></dt><dt><span class="sect2"><a href="#id2483555"><code class="literal">SufficientPrivileges</code>: Sufficient Privileges</a></span></dt><dt><span class="sect2"><a href="#id2483588"><code class="literal">Allow, Deny</code>: Criteria for Possesing a Privilege</a></span></dt><dt><span class="sect2"><a href="#can-obtain"><code class="literal">CanObtain</code>: Obtaining Privileges</a></span></dt><dt><span class="sect2"><a href="#id2479219"><code class="literal">CanGrant</code>: Granting Privileges</a></span></dt><dt><span class="sect2"><a href="#id2523872"><code class="literal">ObtainRequireRoot</code>: Authentication Requirements</a></span></dt></dl></dd><dt><span class="sect1"><a href="#privs-by-polkit">Privileges defined by PolicyKit</a></span></dt><dd><dl><dt><span class="sect2"><a href="#priv-desktop-console"><code class="literal">desktop-console</code> : Users at a local console</a></span></dt></dl></dd></dl></dd></dl></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="introduction"></a>Chapter 1. Introduction</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="#id2484164">About</a></span></dt></dl></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2484164"></a>About</h2></div></div></div><p> PolicyKit is a system for enabling unprivileged desktop applications to invoke privileged methods on system-wide components in a controlled manner. - </p></div></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="operation"></a>Chapter 2. Theory of operation</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="#id2790022">Privileges</a></span></dt><dt><span class="sect1"><a href="#id2820713">Architecture</a></span></dt><dt><span class="sect1"><a href="#id2785230">Example</a></span></dt></dl></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2790022"></a>Privileges</h2></div></div></div><p> + </p></div></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="operation"></a>Chapter 2. Theory of operation</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="#id2484188">Privileges</a></span></dt><dt><span class="sect1"><a href="#id2514878">Architecture</a></span></dt><dt><span class="sect1"><a href="#id2479395">Example</a></span></dt></dl></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2484188"></a>Privileges</h2></div></div></div><p> One major concept of the PolicyKit system is the notion of privileges; a <span class="emphasis"><em>PolicyKit privilege</em></span> (referred to simply as @@ -17,7 +17,7 @@ allowed to invoke a method, the system level component defines a set of <span class="emphasis"><em>privileges</em></span>. - </p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2820713"></a>Architecture</h2></div></div></div><p> + </p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2514878"></a>Architecture</h2></div></div></div><p> The PolicyKit system is basically client/server and is implemented as the system-wide <code class="literal">org.freedesktop.PolicyKit</code> D-BUS @@ -34,7 +34,7 @@ In addition, the PolicyKit system includes client side libraries and command-line utilities wrapping the D-BUS API of the <code class="literal">org.freedesktop.PolicyKit</code> service. - </p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2785230"></a>Example</h2></div></div></div><p> + </p></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2479395"></a>Example</h2></div></div></div><p> As an example, HAL exports the method <code class="literal">Mount</code> on the <code class="literal">org.freedesktop.Hal.Device.Volume</code> interface @@ -96,20 +96,20 @@ <img src="polkit-arch.png"> </p><p> The whole example is outlined in the diagram above. - </p></div></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="resources"></a>Chapter 3. Resources</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="#id2785455">Resource Identifiers</a></span></dt></dl></div><p> + </p></div></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="resources"></a>Chapter 3. Resources</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="#id2479620">Resource Identifiers</a></span></dt></dl></div><p> PolicyKit allows granting privileges only on certain <span class="emphasis"><em>resources</em></span>. For example, for HAL, it is possible to grant the privilege <span class="emphasis"><em>hal-storage-fixed-mount</em></span> to the user with uid 500 but only for the HAL device object representing e.g. the <code class="literal">/dev/hda3</code> partition. - </p><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2785455"></a>Resource Identifiers</h2></div></div></div><p> Resource identifers are prefixed with a name identifying + </p><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2479620"></a>Resource Identifiers</h2></div></div></div><p> Resource identifers are prefixed with a name identifying what service they belong to. The following resource identifiers are defined </p><div class="itemizedlist"><ul type="disc"><li><p> <code class="literal">hal://</code> HAL Unique Device Identifiers also known as HAL UID's. Example: <code class="literal">hal:///org/freedesktop/Hal/devices/volume_uuid_1a28b356_9955_44f9_b268_6ed6639978f5</code> - </p></li></ul></div></div></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="privileges"></a>Chapter 4. Privileges</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="#id2789259">Privilege Descriptors</a></span></dt><dt><span class="sect1"><a href="#id2789336">File Format</a></span></dt><dd><dl><dt><span class="sect2"><a href="#id2789361"><code class="literal">RequiredPrivileges</code>: Required Privileges</a></span></dt><dt><span class="sect2"><a href="#id2789390"><code class="literal">SufficientPrivileges</code>: Sufficient Privileges</a></span></dt><dt><span class="sect2"><a href="#id2789423"><code class="literal">Allow, Deny</code>: Criteria for Possesing a Privilege</a></span></dt><dt><span class="sect2"><a href="#can-obtain"><code class="literal">CanObtain</code>: Obtaining Privileges</a></span></dt><dt><span class="sect2"><a href="#id2785054"><code class="literal">CanGrant</code>: Granting Privileges</a></span></dt><dt><span class="sect2"><a href="#id2829707"><code class="literal">ObtainRequireRoot</code>: Authentication Requirements</a></span></dt></dl></dd><dt><span class="sect1"><a href="#privs-by-polkit">Privileges defined by PolicyKit</a></span></dt><dd><dl><dt><span class="sect2"><a href="#priv-desktop-console"><code class="literal">desktop-console</code> : Users at a local console</a></span></dt></dl></dd></dl></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2789259"></a>Privilege Descriptors</h2></div></div></div><p> + </p></li></ul></div></div></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="privileges"></a>Chapter 4. Privileges</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="#id2483424">Privilege Descriptors</a></span></dt><dt><span class="sect1"><a href="#id2483501">File Format</a></span></dt><dd><dl><dt><span class="sect2"><a href="#id2483526"><code class="literal">RequiredPrivileges</code>: Required Privileges</a></span></dt><dt><span class="sect2"><a href="#id2483555"><code class="literal">SufficientPrivileges</code>: Sufficient Privileges</a></span></dt><dt><span class="sect2"><a href="#id2483588"><code class="literal">Allow, Deny</code>: Criteria for Possesing a Privilege</a></span></dt><dt><span class="sect2"><a href="#can-obtain"><code class="literal">CanObtain</code>: Obtaining Privileges</a></span></dt><dt><span class="sect2"><a href="#id2479219"><code class="literal">CanGrant</code>: Granting Privileges</a></span></dt><dt><span class="sect2"><a href="#id2523872"><code class="literal">ObtainRequireRoot</code>: Authentication Requirements</a></span></dt></dl></dd><dt><span class="sect1"><a href="#privs-by-polkit">Privileges defined by PolicyKit</a></span></dt><dd><dl><dt><span class="sect2"><a href="#priv-desktop-console"><code class="literal">desktop-console</code> : Users at a local console</a></span></dt></dl></dd></dl></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2483424"></a>Privilege Descriptors</h2></div></div></div><p> Applications, such as HAL, installs <span class="emphasis"><em>privilege descriptors</em></span> into the <code class="literal">/etc/PolicyKit/privilege.d</code> directory @@ -128,7 +128,7 @@ Information on whether the user can obtain the privilege, and if he can, whether only temporarily or permanently. </p></li><li><p> Whether a user with the privilege may permanently grant it to other users. - </p></li></ul></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2789336"></a>File Format</h2></div></div></div><p> + </p></li></ul></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2483501"></a>File Format</h2></div></div></div><p> A developer of a system-wide application wanting to define a privilege must create a privilege descriptor. This is a a simple <code class="literal">.ini</code>-like config file. Here is what @@ -142,7 +142,7 @@ CanObtain= CanGrant= ObtainRequireRoot= - </pre><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2789361"></a><code class="literal">RequiredPrivileges</code>: Required Privileges</h3></div></div></div><p> + </pre><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2483526"></a><code class="literal">RequiredPrivileges</code>: Required Privileges</h3></div></div></div><p> This is a list of privileges the user must possess in order to possess the given privilege. If the user doesn't possess all of these privileges he is not considered to possess the @@ -151,7 +151,7 @@ for one or more resources. E.g., if <code class="literal">foo</code> is a required privilege then just having this privilege on one resource is sufficient. - </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2789390"></a><code class="literal">SufficientPrivileges</code>: Sufficient Privileges</h3></div></div></div><p> + </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2483555"></a><code class="literal">SufficientPrivileges</code>: Sufficient Privileges</h3></div></div></div><p> This is a list of privileges that, if a user possess any of these, he is consider to possess the given privilege. The list may be empty. A privilege in this list is considered @@ -159,7 +159,7 @@ resources. As with <code class="literal">RequiredPrivileges</code>, if <code class="literal">foo</code> is a sufficient privilege then just having this privilege on one resource is sufficient. - </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2789423"></a><code class="literal">Allow, Deny</code>: Criteria for Possesing a Privilege</h3></div></div></div><p> + </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2483588"></a><code class="literal">Allow, Deny</code>: Criteria for Possesing a Privilege</h3></div></div></div><p> Both <code class="literal">Allow</code> and <code class="literal">Deny</code> contains lists describing what users are allowed respectively denied the privilege. The elements of in each @@ -258,7 +258,7 @@ has <code class="literal">CanObtain</code> set to <code class="literal">False</code>, the user will always have to authenticate as the super user. - </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2785054"></a><code class="literal">CanGrant</code>: Granting Privileges</h3></div></div></div><p> + </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2479219"></a><code class="literal">CanGrant</code>: Granting Privileges</h3></div></div></div><p> This property (it can assume the values <code class="literal">True</code> and <code class="literal">False</code>) describes whether an user with the given privilege can @@ -289,7 +289,7 @@ the value <code class="literal">True</code> if this property assumes the value <code class="literal">True</code>. Otherwise this property effectively assumes the value <code class="literal">False</code>. - </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2829707"></a><code class="literal">ObtainRequireRoot</code>: Authentication Requirements</h3></div></div></div><p> + </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2523872"></a><code class="literal">ObtainRequireRoot</code>: Authentication Requirements</h3></div></div></div><p> If the property <code class="literal">CanObtain</code> assumes the value <code class="literal">True</code> or <code class="literal">Temporary</code> it means the user can |