1. 24 Aug, 2007 9 commits
  2. 23 Aug, 2007 2 commits
    • Danny Kukawka's avatar
      fixed compiler warning about uid_t handling · c27e93f7
      Danny Kukawka authored
      This fixes the same problem with uid_t as we had with HAL some time ago
      on 64bit architectures in PolicyKit. This time I removed the useless check:
         uid == ((unsigned long) -1)
      because this is always false on 64bit (comparison is always false due to
      limited range of data type) and because the DBusError from the
      dbus_bus_get_unix_user() call is set if the function returns DBUS_UID_UNSET
      so we need only to check if the error is set.
    • Danny Kukawka's avatar
      fixed code documentation issues · 0d69cdc5
      Danny Kukawka authored
      Fixed code documentation issues:
       * s/<programlisting>/@code/
       * removed @void: from polkit_grant_new()
  3. 22 Aug, 2007 2 commits
  4. 21 Aug, 2007 4 commits
  5. 20 Aug, 2007 4 commits
  6. 13 Aug, 2007 1 commit
  7. 09 Aug, 2007 3 commits
  8. 31 Jul, 2007 1 commit
  9. 30 Jul, 2007 5 commits
    • David Zeuthen's avatar
    • David Zeuthen's avatar
      use waitpid() to avoid Zombie processes · 1f90f7e1
      David Zeuthen authored
    • David Zeuthen's avatar
    • David Zeuthen's avatar
      remove the isatty() call so it's easier to audit the helper · 1ac3268b
      David Zeuthen authored
      The isatty() check is just to catch users poking around; it provides little or no real security. With this change, you can do stuff like
      $ /usr/libexec/polkit-grant-helper-pam
      PAM_PROMPT_ECHO_OFF Password:
      <enter real password here>
      $ /usr/libexec/polkit-grant-helper-pam
      PAM_PROMPT_ECHO_OFF Password:
      polkit-grant-helper-pam: pam_authenticated failed: Authentication failure
      which is useful for auditing.
    • David Zeuthen's avatar
      move PAM stack usage to separate helper · 368397f9
      David Zeuthen authored
      So it turns out that I hadn't been using shadow passwords on my other
      development box (don't ask) and that's why auth as root worked fine
      when just running as an unprivileged user. However, to auth as another
      user (such as root), the process embedding pam needs to run as
      root. Therefore, split out the actual authentication bits into a small
      and easy to audit helper, polkit-grant-helper-pam.
      The auth now goes like this:
       polkit-gnome <-links with-> libpolkit-grant
          is setgid polkit; it links with libdbus and libpolkit.
          is setuid root; it links only with libpam
  10. 27 Jul, 2007 1 commit
  11. 26 Jul, 2007 3 commits
  12. 25 Jul, 2007 5 commits
    • David Zeuthen's avatar
    • David Zeuthen's avatar
      fix docs · bc1a540a
      David Zeuthen authored
    • David Zeuthen's avatar
      require that policy files also provide a <message> element · e833c740
      David Zeuthen authored
      Declaring an action now requires two textual elements (that both are
      subject to translation):
       description: This is intended to be used in policy editors, for
                    example "Mount internal volumes".
       message:     This is to be used in auth dialogs, for example "System
                    Policy prevents mounting this internal volume".
      This is actually needed for security reasons. The idea is that the
      desktop environment can provide infrastructure that Callers
      (e.g. applications) can use to ask the user to authenticate to gain a
      privilege. One such example is PolicyKit-gnome; it's a D-Bus session
      based service that applications can use to ask the user to
      Before this change the caller provided the markup, e.g. gnome-mount
      would do
       action = "hal-storage-mount-fixed";
       markup = _("System policy prevents mounting internal drives");
       result = org.gnome.PolicyKit.ShowDialog (action, markup);
      and the problem here is that any application in the session can spoof
      the dialog by providing false information and getting to use to click
      through on that.
      With this change, where the org.gnome.PolicyKit auth service reads the
      message from a system-controlled file, this can't happen. What the
      user sees really reflects the action he's asking to consider allowing
      to happen.
      Especially with things like XACE (previously known as SEX) this is
      important as we can make the process providing the D-Bus service
      org.gnome.PolicyKit run in a dedicated security context, audit it to
      make sure it's secure. Then have the window manager paint trust window
      decorations or other things to make the user feel fuzzy, warm and
      Btw, with this change the PolicyKit-gnome API will be simplified to
       action = "hal-storage-mount-fixed";
       result = org.gnome.PolicyKit.ShowDialog (action);
      which is just about as simple as it can get.
      Credit goes to Ryan Lortie <desrt@desrt.ca> for pointing this out
      on #gnome-hackers earlier this morning.
    • David Zeuthen's avatar
      fix typo · 4a9a4e18
      David Zeuthen authored
    • David Zeuthen's avatar
      change default username · e54dc440
      David Zeuthen authored
      - change user from 'polkit' to 'polkituser'
      - create directories in /var from polkit instead of polkit-grant