1. 20 Nov, 2007 1 commit
  2. 08 Nov, 2007 1 commit
  3. 01 Nov, 2007 1 commit
  4. 31 Oct, 2007 2 commits
  5. 23 Oct, 2007 2 commits
  6. 21 Oct, 2007 1 commit
  7. 24 Aug, 2007 3 commits
  8. 23 Aug, 2007 1 commit
  9. 13 Aug, 2007 1 commit
  10. 12 Jul, 2007 1 commit
    • David Zeuthen's avatar
      replace configuration reload mechanism · b22ebaba
      David Zeuthen authored
      Instead of asking the user of libpolkit to provide a huge file
      monitoring abstraction we simply ask for a simple interface for
      watching file descriptors and use inotify (on Linux) to watch a file,
      /var/lib/PolicyKit/reload. We provide a new tool,
      polkit-reload-config, that simply touches this file.
  11. 19 Jun, 2007 1 commit
    • David Zeuthen's avatar
      rip out the notion of Resources · 169c130d
      David Zeuthen authored
      It makes things a _lot more_ complicated having to deal with resources
      and there's a much nicer way to deal with it: Punt it to the apps:
      It's much more natural for the application to have a notion about
      about what resources are "trusted" (and e.g. requires lesser
      privileges) and what resources aren't.
      Consider dial-up networking; here the privileged application that
      performs the dial-up operation consults a list (maintained by the
      system administrator) of allowed numbers to dial. If the unprivileged
      networking UI applet that requests a number to be dialed is on the
      list it uses the PolicyKit action 'nm-dialup-trusted-location', if it
      isn't then it uses the PolicyKit action 'nm-dialup-untrusted-location'.
  12. 23 Apr, 2007 1 commit
  13. 17 Apr, 2007 1 commit
  14. 15 Apr, 2007 1 commit
    • David Zeuthen's avatar
      add grant functionality + lots of other changes · a0570c50
      David Zeuthen authored
       - Split libpolkit into three libraries
         - libpolkit : to be used only by mechanisms and modules
         - libpolkit-dbus : utility library for libpolkit to get caller, session
                            etc. info from the bus and ConsoleKit
         - libpolkit-grant : client side library for obtaining privileges; uses
                             a setgid helper internally
       - grant functionality
         - a helper library, libpolkit-grant, to gain privileges
           - includes a setgid $POLKIT_GROUP helper to write granted privileges
         - a PK module, to read and interpret granted privileges
         - a cmdline app, polkit-grant, using said library
       - Other changes
         - so it turns out that sizeof(bool) != sizeof(gboolean), sizeof(dbus_bool_t)
           This blows so define our own polkit_bool_t type
         - add some validation routines
      The grant functionality, especially the setgid helper needs thorough
      security review before we can release it.
  15. 09 Apr, 2007 1 commit
    • David Zeuthen's avatar
      remove all usage of glib from the header files · 192f04ce
      David Zeuthen authored
      This paves the way for getting rid of a glib dependency; when and if
      that happens is to be determined; right now it just doesn't make a lot
      of sense to reimplement GKeyFile, GSList, GHashTable, g_spawn_sync and
      other useful routines. But it might make sense if we want to get the
      message bus daemon to link with libpolkit so you e.g. can say
       <policy polkit="acme-frobnicate">
         <allow send_interface="com.acme.Frobnicator"
      to allow a caller on the system message bus to access that interface
      if, and only if, he can do the "acme-frobnicate" action according to
  16. 08 Apr, 2007 2 commits
    • David Zeuthen's avatar
      mass renaming of classes · ce556c72
      David Zeuthen authored
       Privilege -> Action
       PrivilegeFile -> PolicyFile
       PrivilegeFileEntry -> PolicyFileEntry
       PrivilegeCache -> PolicyCache
      Hopefully it makes a bit more sense now.
    • David Zeuthen's avatar
      add module loading to PolicyKit · 3638c6c1
      David Zeuthen authored
      This paves the way for writing
       1. A module that tracks temporary (look in /var/run) and permanent (look
          in /var/lib) privilege grants
       2. A D-Bus service to authenticate a client to obtain to a privilege
          grant and then writing the grant in temporary or permanent storage
      Also, this feature lets people very easily lock down the system; just
      edit /etc/PolicyKit/PolicyKit.conf; add pam-module-deny-all / -allow-all
      stanzas with various privilege=<regexp> and user=<username> options.
  17. 07 Apr, 2007 1 commit
  18. 06 Apr, 2007 1 commit
  19. 28 Mar, 2007 2 commits