1. 30 Apr, 2008 4 commits
    • David Zeuthen's avatar
      fix autotools screwup · 8cd339bb
      David Zeuthen authored
      I hate autotools.
      8cd339bb
    • David Zeuthen's avatar
      d626acf5
    • David Zeuthen's avatar
      bde13377
    • Joe Clarke's avatar
      add support for FreeBSD · 40c8b8ae
      Joe Clarke authored
      On Mon, 2008-04-21 at 15:06 -0400, David Zeuthen wrote:
      > On Sat, 2008-04-19 at 01:34 -0400, Joe Marcus Clarke wrote:
      > > I'm seeing a few PK problems on FreeBSD, but I'm not sure if this is a
      > > problem with our port, or an issue in general.  First, all of the tests
      > > David mentioned earlier (with polkit-auth) work.  The built-in tests
      > > also appear to work.  PK consumers also seem to work.
      > >
      > > What I'm noticing is that PolicyKit-gnome doesn't update in real-time.
      > > For example, if I launch polkit-gnome-authorization, then change a
      > > policy, the changes don't reflect in the GUI until I restart
      > > polkit-gnome-authorization.  Also, I'm not seeing any UI changes in
      > > polkit-gnome-example when I click on the various buttons (though
      > > polkit-gnome-manager does launch).
      >
      > This suggests that file monitoring of /var/lib/misc/PolicyKit.reload is
      > somehow botched. Is polkit_context_io_func() in polkit-context.c ever
      > called if you do
      >
      >  # touch /var/lib/misc/PolicyKit.reload
      >
      > Is it called if you manually grant/revoke an authorization using
      > polkit-auth(1)? (And does /var/lib/misc/PolicyKit.reload change mtime
      > in that case?)
      
      Thanks for your advice.  I was not monitoring the reload file for
      attribute changes, so I was missing the mtime change.  That is working
      now.
      
      I updated the PK diff with the portability fix.  I didn't actually use
      the Solaris code as it caused a slew of compiler warnings and other
      problems.  Instead, I went with creating a kit-lib.[ch] to store the
      missing functions.  As for strndup(), I stuck that in kit-string.c.  I
      wrapped all of these functions with configure checks to avoid
      hard-coding OS checks.  This should make it easier to port PK to other
      platforms.
      
      I would still like your advice on the IO problem with PK-gnome.  I have
      changed io_watch_have_data() in polkit-gnome-manager.c to return FALSE
      instead of TRUE to auto-remove the IO watch.  As I said, FreeBSD's
      poll() continuously indicates EOF as a G_IO_IN condition until it is
      handled.  By returning FALSE here, the infinite loop is fixed, and I
      didn't notice any other problems.
      
      What problems could this cause?  Is there a better way of handling this?
      Thanks.
      
      http://www.marcuscom.com/downloads/pk/
      
      Joe
      
      --
      Joe Marcus Clarke
      FreeBSD GNOME Team      ::      gnome@FreeBSD.org
      FreeNode / #freebsd-gnome
      http://www.FreeBSD.org/gnome
      40c8b8ae
  2. 17 Apr, 2008 1 commit
  3. 16 Apr, 2008 1 commit
  4. 11 Apr, 2008 1 commit
  5. 10 Apr, 2008 1 commit
  6. 08 Apr, 2008 7 commits
  7. 04 Apr, 2008 1 commit
  8. 17 Mar, 2008 3 commits
  9. 04 Mar, 2008 7 commits
  10. 29 Feb, 2008 1 commit
  11. 28 Feb, 2008 2 commits
  12. 26 Feb, 2008 4 commits
    • David Zeuthen's avatar
      make polkit-policy-file-validate require that actions are properly packaged · 2b1a2a69
      David Zeuthen authored
      Meaning this bit was added to the spec:
      
         The name of the XML file is significant. Each XML file can only
         declare actions from the namespace of it's own name; for example
         actions org.foobar.action-a, org.foobar.action-b and
         org.foobar.action-c would all go into the file org.foobar.policy
         while actions com.my-company.product-awesome.action-a,
         com.mycompany.product-awesome.action-b would go into the file
         com.mycompany.product-awesome.policy.
      
      This is the output of the validator on a broken .policy file
      
        $ polkit-policy-file-validate /usr/share/PolicyKit/policy/gnome-clock-applet-mechanism.policy
        WARNING: The action org.gnome.clockapplet.mechanism.configurehwclock does not
                 belong in a policy file named gnome-clock-applet-mechanism.policy.
                 A future version of PolicyKit will ignore this action.
      
        WARNING: The action org.gnome.clockapplet.mechanism.settime does not
                 belong in a policy file named gnome-clock-applet-mechanism.policy.
                 A future version of PolicyKit will ignore this action.
      
        WARNING: The action org.gnome.clockapplet.mechanism.settimezone does not
                 belong in a policy file named gnome-clock-applet-mechanism.policy.
                 A future version of PolicyKit will ignore this action.
      
        ERROR: /usr/share/PolicyKit/policy/gnome-clock-applet-mechanism.policy did not validate
      
      We currently don't enforce this but will in a future version. The
      rationale is that we can avoid loading all .policy files at startup
      which would be a performance win.
      2b1a2a69
    • David Zeuthen's avatar
      fix doc in bugs for PolKitContextAddIOWatch · b3930e8b
      David Zeuthen authored
      pointed out by Dan Winship.
      b3930e8b
    • Holger Macht's avatar
      avoid reliance on DT_REG so we work on reiserfs as well · 0b59d3e7
      Holger Macht authored
      
      
      (with minor fixes from davidz for avoiding memory leaks)
      
      Recently I wondered why PolicyKit (especially polkit-auth) does not work
      on my system. While debugging, I noticed that the corresponding code works
      in my home directory, but not in the root filesystem.
      
      readdir() and its d_type are the culprits. Quoting the readdir manpage:
      
      [...]
      Other than Linux, the d_type field is available mainly only on BSD
      systems.  This field makes it possible to avoid the expense of calling
      stat() if further actions depend on the type of the file.
      [...]
      
      Filesystems may fill DT_UNKNOWN into this field, which reiserfs does, so
      call stat instead, which always does the right thing.
      Signed-off-by: Holger Macht's avatarHolger Macht <hmacht@suse.de>
      0b59d3e7
    • David Zeuthen's avatar
      avoid use normal timeout when showing auth dialog; use INT_MAX instead · fd51264a
      David Zeuthen authored
      Reported by Dan P. Berrange.
      fd51264a
  13. 18 Dec, 2007 1 commit
  14. 17 Dec, 2007 5 commits
    • Carlos Corbacho's avatar
      0d716714
    • Carlos Corbacho's avatar
      add Shadow authentication framework · ba2003a9
      Carlos Corbacho authored
      Add Piter PUNK's polkit-grant-helper-shadow, and link against the
      appropriate libraries.
      
      For now, the Shadow framework must be explictily called - in future,
      this could also be added as a fallback if PAM is not available.
      ba2003a9
    • David Zeuthen's avatar
      make polkit-grant-helper-pam world readable · 59081d0a
      David Zeuthen authored
      This is to avoid breaking various backup and IDS software - proposed
      by Michael Biebl <mbiebl@gmail.com>.
      59081d0a
    • Carlos Corbacho's avatar
      split out authentication framework from authorisation database · b5e019d7
      Carlos Corbacho authored
      As per discussions with David Zeuthen, alter the build system so that we
      can have different authentication frameworks for the authorisation
      databases.
      
      For now, the dummy database will only accept 'none' for the authentication
      framework (this will be autoselected if not specified, and configure will
      throw an error if any other framework than 'none' is specified is passed
      in).
      
      For the default database, the only available framework for now is 'pam'
      (as with 'none' and dummy, 'pam' will be autoselected if specified as the
      framework. If 'none' is passed as a framework, configure will reject this
      and fail).
      
      PAM specific code is now also marked with POLKIT_AUTHFW_PAM, so that it
      can be easily compiled out if other frameworks are added in future.
      b5e019d7
    • Carlos Corbacho's avatar
      remove unncessary PAM header inclusions · 28dc3169
      Carlos Corbacho authored
      Many files are needlessly including PAM headers, when the code in question
      has no PAM dependency - remove the PAM includes from these.
      28dc3169
  15. 07 Dec, 2007 1 commit