Skip to content

GitLab

Switch branch/tag
  1. 17 Apr, 2007 1 commit
  3. 15 Apr, 2007 1 commit
    • David Zeuthen's avatar
      add grant functionality + lots of other changes · a0570c50
      David Zeuthen authored 
       - Split libpolkit into three libraries
   - libpolkit : to be used only by mechanisms and modules
   - libpolkit-dbus : utility library for libpolkit to get caller, session
                      etc. info from the bus and ConsoleKit
   - libpolkit-grant : client side library for obtaining privileges; uses
                       a setgid helper internally

 - grant functionality
   - a helper library, libpolkit-grant, to gain privileges
     - includes a setgid $POLKIT_GROUP helper to write granted privileges
   - a PK module, to read and interpret granted privileges
   - a cmdline app, polkit-grant, using said library

 - Other changes
   - so it turns out that sizeof(bool) != sizeof(gboolean), sizeof(dbus_bool_t)
     This blows so define our own polkit_bool_t type
   - add some validation routines

The grant functionality, especially the setgid helper needs thorough
security review before we can release it.
      a0570c50
  5. 09 Apr, 2007 1 commit
    • David Zeuthen's avatar
      remove all usage of glib from the header files · 192f04ce
      David Zeuthen authored 
      This paves the way for getting rid of a glib dependency; when and if
that happens is to be determined; right now it just doesn't make a lot
of sense to reimplement GKeyFile, GSList, GHashTable, g_spawn_sync and
other useful routines. But it might make sense if we want to get the
message bus daemon to link with libpolkit so you e.g. can say

 <policy polkit="acme-frobnicate">
   <allow send_interface="com.acme.Frobnicator"
 </policy>

to allow a caller on the system message bus to access that interface
if, and only if, he can do the "acme-frobnicate" action according to
PolicyKit.
      192f04ce
  7. 08 Apr, 2007 3 commits
    • David Zeuthen's avatar
      mass renaming of classes · ce556c72
      David Zeuthen authored 
       Privilege -> Action
 PrivilegeFile -> PolicyFile
 PrivilegeFileEntry -> PolicyFileEntry
 PrivilegeCache -> PolicyCache

Hopefully it makes a bit more sense now.
      ce556c72
    • David Zeuthen's avatar
      add built-in options and a new module pam-polkit-run-program.so · e2a465d0
      David Zeuthen authored
      e2a465d0
    • David Zeuthen's avatar
      add module loading to PolicyKit · 3638c6c1
      David Zeuthen authored 
      This paves the way for writing

 1. A module that tracks temporary (look in /var/run) and permanent (look
    in /var/lib) privilege grants
 2. A D-Bus service to authenticate a client to obtain to a privilege
    grant and then writing the grant in temporary or permanent storage

Also, this feature lets people very easily lock down the system; just
edit /etc/PolicyKit/PolicyKit.conf; add pam-module-deny-all / -allow-all
stanzas with various privilege=<regexp> and user=<username> options.
      3638c6c1