1. 18 Dec, 2007 1 commit
  2. 07 Dec, 2007 1 commit
  3. 06 Dec, 2007 1 commit
  4. 20 Nov, 2007 1 commit
    • David Zeuthen's avatar
      add support for negative authorizations · 45f52acb
      David Zeuthen authored
      Negative authorizations is a way to block an entity; previously the
      algorithm was something like (ignoring the config file for now)
      
        Result is_authorized() {
          res = has_implicit_auth();
          if (res == YES) {
            return YES;
          } else if (has_explicit_auth()) {
            return YES;
          }
          return res;
        }
      
      Now it's
      
        Result is_authorized() {
          res = has_implicit_auth();
          expl = has_explicit_auth();
          is_blocked = has_negative_explicit_auth();
      
          if (is_blocked)
            return NO;
      
          if (res == YES) {
            return YES;
          } else if (has_explicit_auth()) {
            return YES;
          }
          return res;
        }
      
      E.g. just a single negative auth will force NO to be returned. I
      really, really need to write into the spec how this works; my mental
      L1 cache can't contain it anymore. Once it's formally defined we need
      to craft a test suite to verify that the code works according to
      spec...
      45f52acb
  5. 17 Nov, 2007 1 commit
  6. 28 Oct, 2007 1 commit
    • David Zeuthen's avatar
      rewrite authorization database and polkit-grant (now known as polkit-auth) · bed2fe1c
      David Zeuthen authored
      Also,
      
       - Rename polkit-list-actions to polkit-action.
       - Add a bash completion script to the polkit commandline tools.
      
      Authorizations are no longer world-readable. So for this to work with
      hal you now need to do this as root
      
       # polkit-auth --user haldaemon --grant org.freedesktop.policykit.read
      
      Distributions needs to do this in the %post scripts or similar.
      
      Sorry for this huge monster patch.
      bed2fe1c