summaryrefslogtreecommitdiff
path: root/data
Commit message (Collapse)AuthorAgeFilesLines
* systemd: set User/Group and don't change uid/gid if already setLuca Boccassi2023-04-052-1/+3
|
* build: libelogind session tracking does not require systemd.Marius Bakke2023-02-071-1/+1
| | | | | | | * meson.build (enable_logind): Permit empty systemd_systemdsystemunitdir when session_tracking != 'libsystemd-login'. * data/meson.build (service_conf): Test for SESSION_TRACKING == 'libsystemd-login' instead of ENABLE_LOGIND when installing service files.
* build: Honour pam_prefix meson optionLuciano Santos2022-08-151-1/+1
| | | | | | Make the use of pam_prefix worth its while since, at the moment, its value is not being used. Instead, a hard-coded path is being deployed when it shouldn't anymore.
* Remove autotools build systemJan Rybar2022-05-091-71/+0
|
* data: Create never shipped policyconfig-1.dtdBastien Nocera2022-03-223-0/+37
|
* build: Migrate from Intltool to GettextIñigo Martínez2021-07-294-29/+0
| | | | | | | | Recent versions of Gettext are able to translate several formats that are used in GNOME applications. This migrates from Intltool to Gettext both autotools and meson build systems.
* build: Make the directory for helper executables consistent with AutotoolsSimon McVittie2021-07-191-1/+1
| | | | | | | | | | | | | | | | | | The Autotools build system has been using /usr/lib/polkit-1 for several releases, even on distributions where the library directory is /usr/lib64 or /usr/lib/x86_64-linux-gnu, so it makes sense for Meson to do the same. This lets 32- and 64-bit polkit agents share a single helper executable. This might be superseded by polkit!63, which requests going back to using the libexecdir for these (like polkit 0.105 did), which would also make sense; but until that's decided, let's at least be consistent between our two build systems. Every time we change this, all programs that have already loaded libpolkit-agent into their address space need to be restarted, unless distributions provide compatibility symlinks. Signed-off-by: Simon McVittie <smcv@debian.org>
* Move D-Bus policy file to /usr/share/dbus-1/system.d/Jan Rybar2021-01-051-1/+1
| | | | | | | | | | | To better support stateless systems with an empty /etc, the old location in /etc/dbus-1/system.d/ should only be used for local admin changes. Package provided D-Bus policy files are supposed to be installed in /usr/share/dbus-1/system.d/. This is supported since dbus 1.9.18. https://lists.freedesktop.org/archives/dbus/2015-July/016746.html
* build: Port to meson build systemJan Rybar2020-10-262-0/+48
| | | | | | meson is a build system focused on speed an ease of use, which helps speeding up the software development. This patch adds meson support along autotools.
* Ensure gettext files are included in dist tarballRay Strode2018-04-031-1/+1
| | | | | | | | | | | commit c78819245ff8a270f97c9f800773e727918be838 added gettext support for policy files. That commit included its/loc files in git, but not in the disted tarballs. This commit fixes that. https://bugs.freedesktop.org/show_bug.cgi?id=96940 Signed-off-by: Ray Strode <rstrode@redhat.com>
* gettext: switch to default-translate "no"Peter Hutterer2016-11-081-2/+3
| | | | | | | | | | | | | | | | | | | | The default appears to be to translate all entries. This rule never takes effect, the path to /action/message and /action/description is wrong (/action is not a root node). Since we wanted them to be translated, it doesn't matter. But it also translates all other tags (vendor, allow_any, etc.) and that causes polkit to be unhappy, it can't handle the various language versions of "no" ** (polkitd:27434): WARNING **: Unknown PolkitImplicitAuthorization string 'tidak' Switch to a default of "no" and explicitly include the message and description strings to be translated. The patch was modified for PolicyKit by Ondrej Holy <oholy@redhat.com>. https://bugs.freedesktop.org/show_bug.cgi?id=98366
* Add gettext support for .policy filesMatthias Clasen2016-07-153-0/+18
| | | | | | | gettext can extract strings from and merge them back into xml file formats, with the help of .its files. https://bugs.freedesktop.org/show_bug.cgi?id=96940
* docs: Update for changes to uid binding/AuthenticationAgentResponse2Miloslav Trmač2015-06-172-7/+10
| | | | | | | | | | | | | | | | - Refer to PolkitAgentSession in general instead of to _response only - Revert to the original description of authentication cancellation, the agent really needs to return an error to the caller (in addition to dealing with the session if any). - Explicitly document the UID assumption; in the process fixing bug #69980. - Keep documenting that we need a sufficiently privileged caller. - Refer to the ...Response2 API in more places. - Also update docbook documentation. - Drop a paragraph suggesting non-PolkitAgentSession implementations are expected and commonplace. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90837 Reviewed-by: Colin Walters <walters@redhat.com>
* CVE-2015-4625: Bind use of cookies to specific uidsColin Walters2015-06-172-2/+36
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | http://lists.freedesktop.org/archives/polkit-devel/2015-June/000425.html The "cookie" value that Polkit hands out is global to all polkit users. And when `AuthenticationAgentResponse` is invoked, we previously only received the cookie and *target* identity, and attempted to find an agent from that. The problem is that the current cookie is just an integer counter, and if it overflowed, it would be possible for an successful authorization in one session to trigger a response in another session. The overflow and ability to guess the cookie were fixed by the previous patch. This patch is conceptually further hardening on top of that. Polkit currently treats uids as equivalent from a security domain perspective; there is no support for SELinux/AppArmor/etc. differentiation. We can retrieve the uid from `getuid()` in the setuid helper, which allows us to ensure the uid invoking `AuthenticationAgentResponse2` matches that of the agent. Then the authority only looks at authentication sessions matching the cookie that were created by a matching uid, thus removing the ability for different uids to interfere with each other entirely. Several fixes to this patch were contributed by: Miloslav Trmač <mitr@redhat.com> Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90837 CVE: CVE-2015-4625 Reported-by: Tavis Ormandy <taviso@google.com> Reviewed-by: Miloslav Trmač <mitr@redhat.com> Signed-off-by: Colin Walters <walters@redhat.com>
* build: Start using git.mkColin Walters2015-06-031-0/+2
| | | | | | | | I was looking at: https://bugs.freedesktop.org/show_bug.cgi?id=85504 But polkit, particularly because of its use of recursive make, is a good fit for git.mk.
* pkcheck: Support --process=pid,start-time,uid syntax tooColin Walters2013-09-181-0/+3
| | | | | | | | | | | | | | The uid is a new addition; this allows callers such as libvirt to close a race condition in reading the uid of the process talking to them. They can read it via getsockopt(SO_PEERCRED) or equivalent, rather than having pkcheck look at /proc later after the fact. Programs which invoke pkcheck but need to know beforehand (i.e. at compile time) whether or not it supports passing the uid can use: pkcheck_supports_uid=$($PKG_CONFIG --variable pkcheck_supports_uid polkit-gobject-1) test x$pkcheck_supports_uid = xyes
* Nuke leftover polkit-backend-1.pc fileDavid Zeuthen2012-07-062-12/+1
| | | | | | This was reported in https://bugs.freedesktop.org/show_bug.cgi?id=51466 Signed-off-by: David Zeuthen <zeuthen@gmail.com>
* Run polkitd as an unprivileged userDavid Zeuthen2012-05-252-5/+20
| | | | | | There's really no reason to run all this code as uid 0. Signed-off-by: David Zeuthen <davidz@redhat.com>
* Store private binaries in /usr/lib/polkit-1 instead of /usr/libexecDavid Zeuthen2012-05-233-4/+6
| | | | Signed-off-by: David Zeuthen <davidz@redhat.com>
* Add a systemd .service fileDavid Zeuthen2012-05-233-1/+21
| | | | Signed-off-by: David Zeuthen <davidz@redhat.com>
* Add --no-debug option and use this for D-Bus activationDavid Zeuthen2011-10-181-1/+1
| | | | Signed-off-by: David Zeuthen <davidz@redhat.com>
* Add methods AddLockdownForAction() and RemoveLockdownForAction()David Zeuthen2009-11-111-2/+18
| | | | Now to implement this in the interactive authority...
* Clarify when AllowUserInteraction should and shouldn't be usedDavid Zeuthen2009-09-291-1/+1
| | | | See https://bugzilla.redhat.com/show_bug.cgi?id=526053 for more details.
* Add properties with information about the currently used authorityDavid Zeuthen2009-09-161-0/+31
| | | | | Also bump requirement on EggDBus to 0.6 (to be released later) for a bug-fix with flag properties.
* Remove POLKIT_USER optionMichael Biebl2009-09-132-11/+3
| | | | | | | PK 1.0 no longer uses a separate user, so remove this ./configure option which also means we no longer have to mangle the dbus policy file. Signed-off-by: David Zeuthen <davidz@redhat.com>
* Implement lockdown for the Local Authority implementationDavid Zeuthen2009-09-121-1/+1
|
* Add polkit.retains_authorization_after_challenge to authz resultDavid Zeuthen2009-07-281-1/+1
| | | | | | | | | | | Also make this and other details available via methods on the PolkitAuthorizationResult object. See this and surrounding messages http://lists.freedesktop.org/archives/polkit-devel/2009-July/000189.html for more information.
* Allow unprivileged callers to check authorizationsDavid Zeuthen2009-07-261-2/+10
| | | | | | | | | But only allow this if - the caller and the subject being checked is the same user - no details are passed (otherwise dialogs can be spoofed) Also add a RevokeTemporaryAuthorizationById() method.
* Add support for querying and revoking temporary authorizationsDavid Zeuthen2009-07-201-6/+64
| | | | | | | Also change how authentication agents are registered (take a Subject instead of the session-id) and add convenience functions to asynchronously construct a PolkitUnixSession object given a process id (by querying ConsoleKit).
* Rename some man pages and the daemon binaryDavid Zeuthen2009-07-151-1/+1
|
* Rip out polkit-local and refactor local authority to only use tmp authzDavid Zeuthen2009-07-153-101/+1
|
* Move local authority management to a separate libraryDavid Zeuthen2009-07-133-11/+23
|
* Expand on the D-Bus docsDavid Zeuthen2009-06-081-7/+14
|
* Clarify docs for is_challenge member of the AuthorizationResult structDavid Zeuthen2009-05-291-1/+1
|
* Add a pkexec(1) commandDavid Zeuthen2009-05-151-1/+1
|
* Change the PolkitAuthorizationResult enumeration into an objectDavid Zeuthen2009-05-131-11/+13
|
* Only allow privileged apps to check authz and add ActionLookup interfaceDavid Zeuthen2009-05-132-27/+20
| | | | | Also remove the ObtainAuthorization() call and allow apps to pass details to CheckAuthorization.
* Fix D-Bus policy to work with non-permissive D-BusDavid Zeuthen2009-05-111-0/+10
|
* add the ObtainAuthorization() method and use in for the 'polkit-1 run' commandDavid Zeuthen2009-02-091-0/+47
| | | | Also add an example for this.
* implement cancellation of authorization checksDavid Zeuthen2009-02-081-1/+22
| | | | Also add a short example to test this.
* make authentication agents pass a session_id parameterDavid Zeuthen2009-02-081-1/+9
| | | | | | The session_id has got to be empty for now. The thinking is that in the future we might want to register an authentication agent that runs in secure desktop, e.g. a separate session from the user session.
* update for latest EggDBus changesDavid Zeuthen2009-02-073-38/+40
|
* fix up the D-Bus docs somewhatDavid Zeuthen2009-02-053-42/+60
|
* use new eggdbus feature to include enums/structs docs in the interface docsDavid Zeuthen2009-02-043-123/+123
|
* user proper capitalization for AuthenticationAgent D-Bus interface summaryDavid Zeuthen2009-02-031-1/+1
|
* add docs for the AuthenticationAgent D-Bus interfaceDavid Zeuthen2009-02-031-7/+18
|
* add docs for the AuthorityManager D-Bus interfaceDavid Zeuthen2009-02-031-4/+18
|
* add docs for the Authority D-Bus interfaceDavid Zeuthen2009-02-031-6/+29
|
* move management functions to a separate D-Bus interface and GObject classDavid Zeuthen2009-02-013-61/+70
| | | | | | This will allow us, in the near future, to declare org.fd.PK1.Authority and PolkitAuthority as stable while allowing changes to how we manage the (local) authority even after 1.0.
* add Changed() signal that is fired when actions/authorizations changeDavid Zeuthen2009-01-271-0/+4
|
View Lorry Controller Status