1. 12 Jul, 2007 1 commit
  2. 20 Jun, 2007 9 commits
  3. 19 Jun, 2007 3 commits
    • David Zeuthen's avatar
    • David Zeuthen's avatar
      remove the distinction for local vs. remote users · 874fa499
      David Zeuthen authored
      Again, we punt this to the applications/mechanisms - they know better.
      874fa499
    • David Zeuthen's avatar
      rip out the notion of Resources · 169c130d
      David Zeuthen authored
      It makes things a _lot more_ complicated having to deal with resources
      and there's a much nicer way to deal with it: Punt it to the apps:
      
      It's much more natural for the application to have a notion about
      about what resources are "trusted" (and e.g. requires lesser
      privileges) and what resources aren't.
      
      Consider dial-up networking; here the privileged application that
      performs the dial-up operation consults a list (maintained by the
      system administrator) of allowed numbers to dial. If the unprivileged
      networking UI applet that requests a number to be dialed is on the
      list it uses the PolicyKit action 'nm-dialup-trusted-location', if it
      isn't then it uses the PolicyKit action 'nm-dialup-untrusted-location'.
      169c130d
  4. 23 Apr, 2007 1 commit
  5. 17 Apr, 2007 2 commits
  6. 16 Apr, 2007 1 commit
  7. 15 Apr, 2007 5 commits
    • David Zeuthen's avatar
      remove misguided action parameters · 81401e16
      David Zeuthen authored
      This feature was introduced with
      
       commit 02a4c510
       http://gitweb.freedesktop.org/?p=PolicyKit.git;a=commit;h=02a4c5101ca4751963f76a0e016d3308389dc2a5
      
      It makes things a lot harder for privilege granting if a feature like
      action parameters are present. Thinking about it, they're not really
      necessary; the parameters should just be encoded in the resource name;
      e.g. with the example given in the commit
      
      > This is useful for letting mechanisms convey information which may be
      > useful in making a decision whether an action is OK. For example,
      > NetworkManager could use this to provide the phone-number parameter
      > with a hypothetical "nm-dialup" action. Then a site or vendor can
      > provide insert
      >
      >  mandatory polkit-run-program.so \
      >     program="/usr/lib/check-dialup-number.sh" privilege="nm-dialup"
      >
      > into /etc/PolicyKit/PolicyKit.conf and have said program check
      >
      >  $POLKIT_ACTION_PARAM_PHONE_NUMBER
      >
      > in that program.
      
      is broken; the right thing here is for a hypothetical NetworkManager
      to pass the dial up connection details as the resource
      
       resource.type = "NetworkManager"
       resource.id = "/org/freedesktop/NM/DialUpConnection/number=555-HOT-CHICKS"
      
      in a well-defined format etc. etc.
      81401e16
    • David Zeuthen's avatar
      add the PAM configuration file · 845b572b
      David Zeuthen authored
      845b572b
    • David Zeuthen's avatar
      fe9cdb0e
    • David Zeuthen's avatar
      add the correct version files for docs · 982123fb
      David Zeuthen authored
      982123fb
    • David Zeuthen's avatar
      add grant functionality + lots of other changes · a0570c50
      David Zeuthen authored
       - Split libpolkit into three libraries
         - libpolkit : to be used only by mechanisms and modules
         - libpolkit-dbus : utility library for libpolkit to get caller, session
                            etc. info from the bus and ConsoleKit
         - libpolkit-grant : client side library for obtaining privileges; uses
                             a setgid helper internally
      
       - grant functionality
         - a helper library, libpolkit-grant, to gain privileges
           - includes a setgid $POLKIT_GROUP helper to write granted privileges
         - a PK module, to read and interpret granted privileges
         - a cmdline app, polkit-grant, using said library
      
       - Other changes
         - so it turns out that sizeof(bool) != sizeof(gboolean), sizeof(dbus_bool_t)
           This blows so define our own polkit_bool_t type
         - add some validation routines
      
      The grant functionality, especially the setgid helper needs thorough
      security review before we can release it.
      a0570c50
  8. 09 Apr, 2007 3 commits
    • David Zeuthen's avatar
      remove all usage of glib from the header files · 192f04ce
      David Zeuthen authored
      This paves the way for getting rid of a glib dependency; when and if
      that happens is to be determined; right now it just doesn't make a lot
      of sense to reimplement GKeyFile, GSList, GHashTable, g_spawn_sync and
      other useful routines. But it might make sense if we want to get the
      message bus daemon to link with libpolkit so you e.g. can say
      
       <policy polkit="acme-frobnicate">
         <allow send_interface="com.acme.Frobnicator"
       </policy>
      
      to allow a caller on the system message bus to access that interface
      if, and only if, he can do the "acme-frobnicate" action according to
      PolicyKit.
      192f04ce
    • David Zeuthen's avatar
      associate parameters (key/value pairs) with the Action class · 02a4c510
      David Zeuthen authored
      This is useful for letting mechanisms convey information which may be
      useful in making a decision whether an action is OK. For example,
      NetworkManager could use this to provide the phone-number parameter
      with a hypothetical "nm-dialup" action. Then a site or vendor can
      provide insert
      
       mandatory polkit-run-program.so program="/usr/lib/check-dialup-number.sh" privilege="nm-dialup"
      
      into /etc/PolicyKit/PolicyKit.conf and have said program check
      
       $POLKIT_ACTION_PARAM_PHONE_NUMBER
      
      in that program.
      02a4c510
    • David Zeuthen's avatar
      7222fca1
  9. 08 Apr, 2007 9 commits
  10. 07 Apr, 2007 4 commits
  11. 06 Apr, 2007 2 commits