1. 06 Dec, 2007 1 commit
  2. 25 Nov, 2007 1 commit
  3. 17 Nov, 2007 1 commit
  4. 12 Nov, 2007 1 commit
  5. 10 Nov, 2007 1 commit
    • David Zeuthen's avatar
      split utility bits into a private statically linked library · cd68aa0a
      David Zeuthen authored
      getting closer...
      
      $ grep glib *.c
      polkit-authorization.c:#include <glib.h>
      polkit-authorization-db.c:#include <glib.h>
      polkit-authorization-db-dummy.c:#include <glib.h>
      polkit-config.c:#include <glib.h>
      polkit-context.c:#include <glib.h>
      polkit-sysdeps.c:#include <glib.h>
      cd68aa0a
  6. 08 Nov, 2007 1 commit
  7. 03 Nov, 2007 1 commit
    • David Zeuthen's avatar
      add unit test framework with gcov coverage support (make check-coverage) · 1d037a7b
      David Zeuthen authored
      This is what it looks like
      
      ==============================================================================
      Test coverage for module polkit:
      ==============================================================================
      polkit-sysdeps.c                                        :   0% (0 of 38)
      polkit-error.c                                          :   0% (0 of 44)
      polkit-result.c                                         :   0% (0 of 16)
      polkit-context.c                                        :   0% (0 of 213)
      polkit-action.c                                         :  34% (20 of 58)
      polkit-seat.c                                           :   0% (0 of 34)
      polkit-session.c                                        :   0% (0 of 97)
      polkit-caller.c                                         :   0% (0 of 81)
      polkit-policy-file-entry.c                              :   0% (0 of 72)
      polkit-policy-file.c                                    :   0% (0 of 220)
      polkit-policy-cache.c                                   :   0% (0 of 98)
      polkit-policy-default.c                                 :   0% (0 of 67)
      polkit-debug.c                                          :   0% (0 of 15)
      polkit-utils.c                                          :   0% (0 of 42)
      polkit-config.c                                         :   0% (0 of 263)
      polkit-authorization.c                                  :   0% (0 of 162)
      polkit-authorization-constraint.c                       :   0% (0 of 107)
      polkit-authorization-db.c                               :   0% (0 of 222)
      
      Source lines          : 6919
      Actual statements     : 1849
      Executed statements   : 20
      Test coverage         : 1%
      1d037a7b
  8. 31 Oct, 2007 1 commit
    • David Zeuthen's avatar
      provide a polkit D-Bus service that is activated on demand · 871e4c93
      David Zeuthen authored
      Right now we provide two methods
      
       IsProcessAuthorized
       IsSystemBusNameAuthorized
      
      This is useful for a couple of reasons
      
       - some mechanisms (e.g. Avahi) runs in a chroot and their only
         life-line to the world is a system bus connection. If it were to
         use libpolkit (and Lennart says he wants it to, yay!) it would need
         to bindmount crazy stuff into the chroot.
      
       - languages for which libpolkit bindings not yet exist can use
         this interface
      
      Going forward, this service can expose a private interface meaning we
      can get rid of (almost) all of our setgid helpers.
      871e4c93
  9. 29 Oct, 2007 2 commits
  10. 28 Oct, 2007 1 commit
    • David Zeuthen's avatar
      rewrite authorization database and polkit-grant (now known as polkit-auth) · bed2fe1c
      David Zeuthen authored
      Also,
      
       - Rename polkit-list-actions to polkit-action.
       - Add a bash completion script to the polkit commandline tools.
      
      Authorizations are no longer world-readable. So for this to work with
      hal you now need to do this as root
      
       # polkit-auth --user haldaemon --grant org.freedesktop.policykit.read
      
      Distributions needs to do this in the %post scripts or similar.
      
      Sorry for this huge monster patch.
      bed2fe1c
  11. 13 Oct, 2007 1 commit
  12. 25 Sep, 2007 1 commit
  13. 10 Sep, 2007 1 commit
  14. 31 Aug, 2007 2 commits
  15. 24 Aug, 2007 1 commit
    • David Zeuthen's avatar
      clean up our documentation · aa5d6085
      David Zeuthen authored
       - Put all three libraries in the same gtk-doc project
       - Include the spec in the gtk-doc project
       - Include the manual pages in the gtk-doc project
      aa5d6085
  16. 31 Jul, 2007 1 commit
  17. 30 Jul, 2007 1 commit
    • David Zeuthen's avatar
      move PAM stack usage to separate helper · 368397f9
      David Zeuthen authored
      So it turns out that I hadn't been using shadow passwords on my other
      development box (don't ask) and that's why auth as root worked fine
      when just running as an unprivileged user. However, to auth as another
      user (such as root), the process embedding pam needs to run as
      root. Therefore, split out the actual authentication bits into a small
      and easy to audit helper, polkit-grant-helper-pam.
      
      The auth now goes like this:
      
       polkit-gnome <-links with-> libpolkit-grant
                                         ^
                                         |
                                      spawns
                                         |
                                         V
                           /usr/libexec/polkit-grant-helper
                                         ^
                                         |
                                      spawns
                                         |
                                         V
                         /usr/libexec/polkit-grant-helper-pam
      
      where
      
       polkit-grant-helper
          is setgid polkit; it links with libdbus and libpolkit.
      
       polkit-grant-helper-pam
          is setuid root; it links only with libpam
      368397f9
  18. 25 Jul, 2007 1 commit
    • David Zeuthen's avatar
      change default username · e54dc440
      David Zeuthen authored
      - change user from 'polkit' to 'polkituser'
      - create directories in /var from polkit instead of polkit-grant
      e54dc440
  19. 24 Jul, 2007 1 commit
  20. 12 Jul, 2007 1 commit
  21. 20 Jun, 2007 1 commit
  22. 23 Apr, 2007 1 commit
  23. 17 Apr, 2007 1 commit
  24. 15 Apr, 2007 1 commit
    • David Zeuthen's avatar
      add grant functionality + lots of other changes · a0570c50
      David Zeuthen authored
       - Split libpolkit into three libraries
         - libpolkit : to be used only by mechanisms and modules
         - libpolkit-dbus : utility library for libpolkit to get caller, session
                            etc. info from the bus and ConsoleKit
         - libpolkit-grant : client side library for obtaining privileges; uses
                             a setgid helper internally
      
       - grant functionality
         - a helper library, libpolkit-grant, to gain privileges
           - includes a setgid $POLKIT_GROUP helper to write granted privileges
         - a PK module, to read and interpret granted privileges
         - a cmdline app, polkit-grant, using said library
      
       - Other changes
         - so it turns out that sizeof(bool) != sizeof(gboolean), sizeof(dbus_bool_t)
           This blows so define our own polkit_bool_t type
         - add some validation routines
      
      The grant functionality, especially the setgid helper needs thorough
      security review before we can release it.
      a0570c50
  25. 08 Apr, 2007 3 commits
    • David Zeuthen's avatar
      mass renaming of classes · ce556c72
      David Zeuthen authored
       Privilege -> Action
       PrivilegeFile -> PolicyFile
       PrivilegeFileEntry -> PolicyFileEntry
       PrivilegeCache -> PolicyCache
      
      Hopefully it makes a bit more sense now.
      ce556c72
    • David Zeuthen's avatar
    • David Zeuthen's avatar
      add module loading to PolicyKit · 3638c6c1
      David Zeuthen authored
      This paves the way for writing
      
       1. A module that tracks temporary (look in /var/run) and permanent (look
          in /var/lib) privilege grants
       2. A D-Bus service to authenticate a client to obtain to a privilege
          grant and then writing the grant in temporary or permanent storage
      
      Also, this feature lets people very easily lock down the system; just
      edit /etc/PolicyKit/PolicyKit.conf; add pam-module-deny-all / -allow-all
      stanzas with various privilege=<regexp> and user=<username> options.
      3638c6c1
  26. 06 Apr, 2007 1 commit
  27. 04 Apr, 2007 1 commit
  28. 29 Mar, 2007 1 commit
  29. 28 Mar, 2007 1 commit
  30. 21 Aug, 2006 1 commit
  31. 06 Jun, 2006 2 commits
  32. 05 Jun, 2006 1 commit
  33. 29 Mar, 2006 1 commit
  34. 15 Mar, 2006 2 commits