| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
|
|
|
| |
* meson.build (enable_logind): Permit empty systemd_systemdsystemunitdir
when session_tracking != 'libsystemd-login'.
* data/meson.build (service_conf): Test for SESSION_TRACKING ==
'libsystemd-login' instead of ENABLE_LOGIND when installing service files.
|
|
|
|
|
|
| |
Make the use of pam_prefix worth its while since, at the moment, its value
is not being used. Instead, a hard-coded path is being deployed when it
shouldn't anymore.
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
Recent versions of Gettext are able to translate several formats
that are used in GNOME applications.
This migrates from Intltool to Gettext both autotools and meson
build systems.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The Autotools build system has been using /usr/lib/polkit-1 for several
releases, even on distributions where the library directory is /usr/lib64
or /usr/lib/x86_64-linux-gnu, so it makes sense for Meson to do the same.
This lets 32- and 64-bit polkit agents share a single helper executable.
This might be superseded by polkit!63, which requests going back to using
the libexecdir for these (like polkit 0.105 did), which would also make
sense; but until that's decided, let's at least be consistent between
our two build systems.
Every time we change this, all programs that have already loaded
libpolkit-agent into their address space need to be restarted, unless
distributions provide compatibility symlinks.
Signed-off-by: Simon McVittie <smcv@debian.org>
|
|
|
|
|
|
|
|
|
|
|
| |
To better support stateless systems with an empty /etc, the old location
in /etc/dbus-1/system.d/ should only be used for local admin changes.
Package provided D-Bus policy files are supposed to be installed in
/usr/share/dbus-1/system.d/.
This is supported since dbus 1.9.18.
https://lists.freedesktop.org/archives/dbus/2015-July/016746.html
|
|
|
|
|
|
| |
meson is a build system focused on speed an ease of use, which
helps speeding up the software development. This patch adds meson
support along autotools.
|
|
|
|
|
|
|
|
|
|
|
| |
commit c78819245ff8a270f97c9f800773e727918be838 added
gettext support for policy files. That commit included
its/loc files in git, but not in the disted tarballs.
This commit fixes that.
https://bugs.freedesktop.org/show_bug.cgi?id=96940
Signed-off-by: Ray Strode <rstrode@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The default appears to be to translate all entries. This rule never takes
effect, the path to /action/message and /action/description is wrong (/action
is not a root node). Since we wanted them to be translated, it doesn't matter.
But it also translates all other tags (vendor, allow_any, etc.) and that
causes polkit to be unhappy, it can't handle the various language versions of
"no"
** (polkitd:27434): WARNING **: Unknown PolkitImplicitAuthorization string
'tidak'
Switch to a default of "no" and explicitly include the message and description
strings to be translated.
The patch was modified for PolicyKit by Ondrej Holy <oholy@redhat.com>.
https://bugs.freedesktop.org/show_bug.cgi?id=98366
|
|
|
|
|
|
|
| |
gettext can extract strings from and merge them back into xml
file formats, with the help of .its files.
https://bugs.freedesktop.org/show_bug.cgi?id=96940
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Refer to PolkitAgentSession in general instead of to _response only
- Revert to the original description of authentication cancellation, the
agent really needs to return an error to the caller (in addition to dealing
with the session if any).
- Explicitly document the UID assumption; in the process fixing bug #69980.
- Keep documenting that we need a sufficiently privileged caller.
- Refer to the ...Response2 API in more places.
- Also update docbook documentation.
- Drop a paragraph suggesting non-PolkitAgentSession implementations are
expected and commonplace.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90837
Reviewed-by: Colin Walters <walters@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
http://lists.freedesktop.org/archives/polkit-devel/2015-June/000425.html
The "cookie" value that Polkit hands out is global to all polkit
users. And when `AuthenticationAgentResponse` is invoked, we
previously only received the cookie and *target* identity, and
attempted to find an agent from that.
The problem is that the current cookie is just an integer
counter, and if it overflowed, it would be possible for
an successful authorization in one session to trigger a response
in another session.
The overflow and ability to guess the cookie were fixed by the
previous patch.
This patch is conceptually further hardening on top of that. Polkit
currently treats uids as equivalent from a security domain
perspective; there is no support for
SELinux/AppArmor/etc. differentiation.
We can retrieve the uid from `getuid()` in the setuid helper, which
allows us to ensure the uid invoking `AuthenticationAgentResponse2`
matches that of the agent.
Then the authority only looks at authentication sessions matching the
cookie that were created by a matching uid, thus removing the ability
for different uids to interfere with each other entirely.
Several fixes to this patch were contributed by:
Miloslav Trmač <mitr@redhat.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90837
CVE: CVE-2015-4625
Reported-by: Tavis Ormandy <taviso@google.com>
Reviewed-by: Miloslav Trmač <mitr@redhat.com>
Signed-off-by: Colin Walters <walters@redhat.com>
|
|
|
|
|
|
|
|
| |
I was looking at:
https://bugs.freedesktop.org/show_bug.cgi?id=85504
But polkit, particularly because of its use of recursive make, is a
good fit for git.mk.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The uid is a new addition; this allows callers such as libvirt to
close a race condition in reading the uid of the process talking to
them. They can read it via getsockopt(SO_PEERCRED) or equivalent,
rather than having pkcheck look at /proc later after the fact.
Programs which invoke pkcheck but need to know beforehand (i.e. at
compile time) whether or not it supports passing the uid can
use:
pkcheck_supports_uid=$($PKG_CONFIG --variable pkcheck_supports_uid polkit-gobject-1)
test x$pkcheck_supports_uid = xyes
|
|
|
|
|
|
| |
This was reported in https://bugs.freedesktop.org/show_bug.cgi?id=51466
Signed-off-by: David Zeuthen <zeuthen@gmail.com>
|
|
|
|
|
|
| |
There's really no reason to run all this code as uid 0.
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
|
|
| |
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
|
|
| |
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
|
|
| |
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
|
|
| |
Now to implement this in the interactive authority...
|
|
|
|
| |
See https://bugzilla.redhat.com/show_bug.cgi?id=526053 for more details.
|
|
|
|
|
| |
Also bump requirement on EggDBus to 0.6 (to be released later) for a
bug-fix with flag properties.
|
|
|
|
|
|
|
| |
PK 1.0 no longer uses a separate user, so remove this ./configure option
which also means we no longer have to mangle the dbus policy file.
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Also make this and other details available via methods on the
PolkitAuthorizationResult object.
See this and surrounding messages
http://lists.freedesktop.org/archives/polkit-devel/2009-July/000189.html
for more information.
|
|
|
|
|
|
|
|
|
| |
But only allow this if
- the caller and the subject being checked is the same user
- no details are passed (otherwise dialogs can be spoofed)
Also add a RevokeTemporaryAuthorizationById() method.
|
|
|
|
|
|
|
| |
Also change how authentication agents are registered (take a Subject
instead of the session-id) and add convenience functions to
asynchronously construct a PolkitUnixSession object given a process id
(by querying ConsoleKit).
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
Also remove the ObtainAuthorization() call and allow apps to pass
details to CheckAuthorization.
|
| |
|
|
|
|
| |
Also add an example for this.
|
|
|
|
| |
Also add a short example to test this.
|
|
|
|
|
|
| |
The session_id has got to be empty for now. The thinking is that in
the future we might want to register an authentication agent that runs
in secure desktop, e.g. a separate session from the user session.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
This will allow us, in the near future, to declare org.fd.PK1.Authority and
PolkitAuthority as stable while allowing changes to how we manage the (local)
authority even after 1.0.
|
| |
|