1. 26 Feb, 2008 1 commit
  2. 30 Nov, 2007 1 commit
  3. 28 Nov, 2007 1 commit
  4. 20 Nov, 2007 2 commits
    • David Zeuthen's avatar
      define abstract Authentication Agent interface and make polkit-auth(1) use it · ff9f8745
      David Zeuthen authored
      Also provide a convenience function to access it: polkit_auth_obtain().
      ff9f8745
    • David Zeuthen's avatar
      add support for negative authorizations · 45f52acb
      David Zeuthen authored
      Negative authorizations is a way to block an entity; previously the
      algorithm was something like (ignoring the config file for now)
      
        Result is_authorized() {
          res = has_implicit_auth();
          if (res == YES) {
            return YES;
          } else if (has_explicit_auth()) {
            return YES;
          }
          return res;
        }
      
      Now it's
      
        Result is_authorized() {
          res = has_implicit_auth();
          expl = has_explicit_auth();
          is_blocked = has_negative_explicit_auth();
      
          if (is_blocked)
            return NO;
      
          if (res == YES) {
            return YES;
          } else if (has_explicit_auth()) {
            return YES;
          }
          return res;
        }
      
      E.g. just a single negative auth will force NO to be returned. I
      really, really need to write into the spec how this works; my mental
      L1 cache can't contain it anymore. Once it's formally defined we need
      to craft a test suite to verify that the code works according to
      spec...
      45f52acb
  5. 19 Nov, 2007 1 commit