| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
... e.g. we reserve the right to switch out the JS engine.
Signed-off-by: David Zeuthen <zeuthen@gmail.com>
|
|
|
|
| |
Signed-off-by: David Zeuthen <zeuthen@gmail.com>
|
|
|
|
| |
Signed-off-by: David Zeuthen <zeuthen@gmail.com>
|
|
|
|
| |
Signed-off-by: David Zeuthen <zeuthen@gmail.com>
|
|
|
|
| |
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
|
|
|
|
| |
There's really no reason to run all this code as uid 0.
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
|
|
| |
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
|
|
| |
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
This also removes the ability to change detail parameters which is
actually a good thing. If we later need a way to change the
authentication message, we can always add something like
polkit.addAuthenticationMessageRule() so the user can register a
function returning a string.
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
|
|
| |
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
|
|
| |
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Any backend can now be implemented in JavaScript (if so desired) so we
don't need any of this any more.
Note that the libpolkitbackend library was never declared stable (the
preprocessor symbol POLKIT_BACKEND_I_KNOW_API_IS_SUBJECT_TO_CHANGE had
to be defined) so removing it is not an API/ABI break.
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
|
|
| |
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
|
|
| |
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
|
|
| |
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
|
|
| |
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
|
|
| |
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
|
|
| |
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
|
|
| |
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
|
|
| |
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
|
|
| |
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
|
|
| |
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
|
|
| |
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
|
|
|
|
| |
Nuke the has_prefix() helper, it's just confusing.
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
|
|
| |
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
|
|
| |
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
|
|
|
|
| |
After feedback from Matthias Clasen <mclasen@redhat.com>.
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
|
|
| |
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
|
|
| |
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
... as much as possible.
Also remove the license on the docs and the FSF's address.
Also point to http://www.freedesktop.org/software/polkit/docs/latest/
as that is going to be where docs are stored, going forward.
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
|
|
| |
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
|
|
|
|
|
| |
It's RegisterAuthenticationAgentWithOptions, not just
RegisterAuthenticationAgent.
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Additionally, add a "fallback" option. Also add support in this in the
pkttyagent(1) program.
This slightly breaks libpolkit-backend API by adding a GVariant* param
to one of the class vfuncs... but that API is already declared
unstable so that's fine.
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
This came up while working on
https://bugzilla.redhat.com/show_bug.cgi?id=804088
and is useful for example if it's not suitable or appropriate to link
against the polkit libraries.
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
|
|
|
|
|
|
| |
https://bugs.freedesktop.org/show_bug.cgi?id=43610
Added netgroup support and additional unit tests with MockLibc support.
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
|
|
| |
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
|
|
| |
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
This allows daemons running as a designated uid to check
authorizations. Based on a patch from Christopher James Halse Rogers
<chalserogers@gmail.com>.
https://bugs.freedesktop.org/show_bug.cgi?id=41025
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For example, GNOME control center can now defined e.g.
<action id="org.zee.example.meta">
<description>Meta Action</description>
<message>Example of a meta action, blabla</message>
<defaults>
<allow_any>no</allow_any>
<allow_inactive>no</allow_inactive>
<allow_active>auth_admin_keep</allow_active>
</defaults>
<annotate key="org.freedesktop.policykit.imply">org.freedesktop.udisks2.ata-smart-selftest org.freedesktop.udisks2.encrypted-lock-others org.freedesktop.udisks2.filesystem-unmount-others</annotate>
</action>
and set up a single GtkLockButton for a PolkitPermission for action id
"org.zee.example.meta".
When unlocked the given subject will now be authorized for the actions
mentioned in the annotation.
Example test program:
int
main (int argc, char *argv[])
{
PolkitSubject *subject;
GtkWidget *window;
GtkWidget *table;
GMainLoop *loop;
guint n;
gtk_init (&argc, &argv);
subject = polkit_unix_process_new (getpid ());
window = gtk_window_new (GTK_WINDOW_TOPLEVEL);
table = gtk_table_new (1, 2, FALSE);
for (n = 1; n < argc; n++)
{
const gchar *action_id = argv[n];
GPermission *permission;
GtkWidget *label;
GtkWidget *lock_button;
GError *error = NULL;
label = gtk_label_new (action_id);
permission = polkit_permission_new_sync (action_id, subject, NULL, &error);
if (permission == NULL)
{
g_error ("Error constructing permission for action_id %s: %s (%s, %d)",
action_id, error->message, g_quark_to_string (error->domain), error->code);
goto out;
}
lock_button = gtk_lock_button_new (permission);
g_object_unref (permission);
gtk_table_attach (GTK_TABLE (table), label, 0, 1, n - 1, n, GTK_FILL, GTK_FILL, 0, 0);
gtk_table_attach (GTK_TABLE (table), lock_button, 1, 2, n - 1, n, GTK_FILL, GTK_FILL, 0, 0);
}
gtk_container_add (GTK_CONTAINER (window), table);
gtk_widget_show_all (window);
loop = g_main_loop_new (NULL, FALSE);
g_main_loop_run (loop);
out:
;
}
Compile with:
gcc -o showpolkit showpolkit.c `pkg-config --cflags --libs polkit-gobject-1 gtk+-3.0` -g -O0
Run with:
./showpolkit org.freedesktop.udisks2.ata-smart-selftest org.freedesktop.udisks2.encrypted-lock-others org.freedesktop.udisks2.filesystem-unmount-others org.zee.example.meta
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Introduce a new annotation flag "org.freedesktop.policykit.exec.allow_gui"
which will cause pkexec to preserve $DISPLAY and $XAUTHORITY. With this, the
remaining few legacy X11 programs which still need to run as root can finally
be migrated away from gksu (or similar) to pkexec, with the help of some
.polkit files. This will provide a consistent UI and also help with making the
authentication dialogs less spoofable.
Relax validate_environment_variable() to allow '/' in $XAUTHORITY, as this
variable actually is a full path.
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
|
|
|
|
|
| |
This is needed to avoid possible TOCTTOU issues since a process can
change both its real uid and effective uid.
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Instead, pass the untranslated message as polkit.message and set the
gettext domain on polkit.gettext_domain. For printf()-style messages,
occurences of the form $(name_of_key) in the translated version of
polkit.message are expanded with the value of the property
name_of_key. See the pkexec(1) mechanism for an example of how to use
this.
Additionally, the property polkit.icon_name can be set to the
icon. Note that not all authentication agents use this - in
particular, gnome-shell does not.
It is no longer possible to set the details to be shown in the
authentication dialog. It was never a good idea to hide information
there anyway. Instead, the mechanism should format a meaningful
message.
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
This is much easier than writing a PolkitBackendActionLookup class and
installing an extension. On the downside it requires the caller to be
uid 0.
Example: http://people.freedesktop.org/~david/polkit-pass-messages.png
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
|
|
|
|
| |
https://bugs.freedesktop.org/show_bug.cgi?id=29712
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
|
|
| |
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
|
|
| |
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
|
|
|
|
|
|
| |
Otherwise it's impossible to implement lock buttons.
https://bugs.freedesktop.org/show_bug.cgi?id=32334
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
|
|
|
|
| |
https://bugs.freedesktop.org/show_bug.cgi?id=30653
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
|
|
|
|
|
|
| |
The authentication agent can use information this to inform the user
about the UI application that triggered the authentication request (if
any).
Signed-off-by: David Zeuthen <davidz@redhat.com>
|
|
|
|
| |
Signed-off-by: David Zeuthen <davidz@redhat.com>
|