Commits · 03ec92f6d685d47c43d4ccf6acb84352aa515d96 · Zbigniew Jędrzejewski-Szmek / polkit

28 Nov, 2007 1 commit
- relicense everything to the MIT/X11 license · 03ec92f6
  David Zeuthen authored Nov 28, 2007
  
  03ec92f6
25 Nov, 2007 2 commits
- add (partial) test cases for polkit-authorization-db.c · cef2e207
  David Zeuthen authored Nov 25, 2007
  
  cef2e207
- build with -rdynamic for maint mode and use this to print a stack trace · abede42d
  David Zeuthen authored Nov 25, 2007
  
  abede42d
24 Nov, 2007 3 commits
- fix a bug where the childs environment wasn't inherited · d6411e8a
  David Zeuthen authored Nov 24, 2007
  
  d6411e8a
- add test harness for polkit-utils · b68d89a4
  David Zeuthen authored Nov 24, 2007
  
  b68d89a4
- write newline since kit_string_entry_create doesn't do that any more · cd4b5f92
  David Zeuthen authored Nov 24, 2007
  
  cd4b5f92
23 Nov, 2007 1 commit
- avoid adding newline at the end of generated entry · f479aece
  David Zeuthen authored Nov 22, 2007
  
  f479aece
22 Nov, 2007 4 commits
- update TODO · b555fb75
  David Zeuthen authored Nov 21, 2007
  
  b555fb75
- also encode \n\r\t characters · 5fe40c14
  David Zeuthen authored Nov 21, 2007
  
  5fe40c14
- rework the .auths file format to use key/value pairs and make it future-proof · f8624198
  David Zeuthen authored Nov 21, 2007
  
  f8624198
- set errno to ENOMEM when forcibly failing an allocation · 67befeae
  David Zeuthen authored Nov 21, 2007
  
  67befeae
21 Nov, 2007 4 commits
- add support for percent encoding/decoding and colon separated kv-lists · cec99e3c
  David Zeuthen authored Nov 21, 2007
  
  cec99e3c
- make dummy backend work · 378caac7
  David Zeuthen authored Nov 20, 2007
  
  378caac7
- fix 'make check-coverage' · 19e6c05e
  David Zeuthen authored Nov 20, 2007
  
  19e6c05e
- remove Since gtk-doc tags from the internal libkit library · bf64b4c0
  David Zeuthen authored Nov 20, 2007
  
  bf64b4c0
20 Nov, 2007 4 commits

define abstract Authentication Agent interface and make polkit-auth(1) use it · ff9f8745
David Zeuthen authored Nov 20, 2007
```
Also provide a convenience function to access it: polkit_auth_obtain().
```
ff9f8745
make PolKitAuthorization a bit more future proof by adding get_type() · 7c5fa7dd
David Zeuthen authored Nov 20, 2007

7c5fa7dd
provide a way to force a reload of all caches etc. · b6959892
David Zeuthen authored Nov 20, 2007

b6959892

add support for negative authorizations · 45f52acb

David Zeuthen authored Nov 19, 2007

Negative authorizations is a way to block an entity; previously the
algorithm was something like (ignoring the config file for now)

  Result is_authorized() {
    res = has_implicit_auth();
    if (res == YES) {
      return YES;
    } else if (has_explicit_auth()) {
      return YES;
    }
    return res;
  }

Now it's

  Result is_authorized() {
    res = has_implicit_auth();
    expl = has_explicit_auth();
    is_blocked = has_negative_explicit_auth();

    if (is_blocked)
      return NO;

    if (res == YES) {
      return YES;
    } else if (has_explicit_auth()) {
      return YES;
    }
    return res;
  }

E.g. just a single negative auth will force NO to be returned. I
really, really need to write into the spec how this works; my mental
L1 cache can't contain it anymore. Once it's formally defined we need
to craft a test suite to verify that the code works according to
spec...

45f52acb

19 Nov, 2007 3 commits

export the policydir in the .pc file · 8dd9f25b

David Zeuthen authored Nov 19, 2007

This is useful when building a project using polkit in a different
prefix. Lennart asked for it.

8dd9f25b

require org.fd.pk.revoke to revoke auths for self if granted by someone else · 0b86d043
David Zeuthen authored Nov 19, 2007

0b86d043

provide convenience functions for auth checking and port helpers to use them · a712e78e

David Zeuthen authored Nov 18, 2007

Basically, checking auths with polkit is now a one-liner:

    if (polkit_check_auth (getpid (), "com.acme.some-action", NULL) == 0) {
        fprintf (stderr, "Not authorized; go away\n");
        exit (1);
    }

This can be used for making a lot of the legacy UNIX tools PolicyKit
aware. For example, vixie-cron could make crontab(1) (a setuid
program) check whether the calling user is authorized for the action

 org.isc.vixie-cron.edit-own-crontab

This is a nice way to provide least privilege and still put the system
administrator in control via polkit-auth(1), polkit-action(1) and the
GTK+ "Manage Authorizations" utility:

 http://people.redhat.com/davidz/polkitg-auth-1.png
 http://people.redhat.com/davidz/polkitg-auth-2.png
 http://people.redhat.com/davidz/polkitg-auth-3.png

a712e78e

18 Nov, 2007 1 commit
- add support for vendor, vendor_url and icon_name tags in .policy files · 4d0994f4
  David Zeuthen authored Nov 17, 2007
  
  4d0994f4
17 Nov, 2007 3 commits
- restrict new API to the default backend only · 055b8bb7
  David Zeuthen authored Nov 17, 2007
  
  055b8bb7
- add API for overriding defaults and make polkit-action(1) use this API. · f631d726
  David Zeuthen authored Nov 17, 2007
  
  f631d726
- fix a grave bug where the wrong authorizations were returned · c359201a
  David Zeuthen authored Nov 17, 2007
```
We were modifying the 'uid' parameter in _authdb_get_auths_for_uid();
I bet that if we had unit tests this bug would have been caught
earlier...
```
  c359201a
12 Nov, 2007 5 commits
- fix parallel build · ea4910e6
  David Zeuthen authored Nov 12, 2007
```
https://bugs.freedesktop.org/show_bug.cgi?id=13082
```
  ea4910e6
- create /var/lib/misc on 'make install' · 123fe631
  David Zeuthen authored Nov 12, 2007
```
http://bugs.freedesktop.org/show_bug.cgi?id=13113
```
  123fe631
- build system fixes and refuse to install if built with --enable-tests · a766c242
  David Zeuthen authored Nov 12, 2007
  
  a766c242
- add unit test framework to the rest of the library sources · 4b340f87
  David Zeuthen authored Nov 11, 2007
  
  4b340f87
- fix build for dummy backend · 20fa8e0d
  David Zeuthen authored Nov 11, 2007
  
  20fa8e0d
11 Nov, 2007 9 commits
- also check for file descriptor leaks · 109229bb
  David Zeuthen authored Nov 11, 2007
  
  109229bb
- tweak how we do coverage reporting · 9fe5005e
  David Zeuthen authored Nov 11, 2007
  
  9fe5005e
- remove glib dependency from libpolkit.so · 756043c7
  David Zeuthen authored Nov 11, 2007
  
  756043c7
- don't overflow when splitting a string · 29837b4a
  David Zeuthen authored Nov 11, 2007
  
  29837b4a
- actually include the files with the spawn functions · b3f4fe27
  David Zeuthen authored Nov 11, 2007
  
  b3f4fe27
- add spawn function to libkit · 94ed3ccc
  David Zeuthen authored Nov 11, 2007
  
  94ed3ccc
- add (empty, for now) tests for remaining files · bcff1bde
  David Zeuthen authored Nov 11, 2007
  
  bcff1bde
- use kit_strsplit in polkit-sysdeps · c372969e
  David Zeuthen authored Nov 11, 2007
  
  c372969e
- add strsplit function · 09a434c7
  David Zeuthen authored Nov 11, 2007
  
  09a434c7